From b2dff2033d72b7e9ed9a3a135327fead70c61b08 Mon Sep 17 00:00:00 2001 From: Francesc Esplugas <2720+fesplugas@users.noreply.github.com> Date: Mon, 16 Oct 2023 23:31:15 +0200 Subject: fix: initdb missing data area directory Use `PGDATA` environment variable instead of `-D` to maintain consistency with NixOS module. Co-Authored-By: Michael Hoang --- modules/services/postgresql/default.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/services/postgresql/default.nix b/modules/services/postgresql/default.nix index 018b46e..64a2ece 100644 --- a/modules/services/postgresql/default.nix +++ b/modules/services/postgresql/default.nix @@ -237,10 +237,10 @@ in for an overview of `postgresql.conf`. ::: {.note} - + String values will automatically be enclosed in single quotes. Single quotes will be escaped with two single quotes as described by the upstream documentation linked above. - + ::: ''; example = literalExpression '' @@ -355,11 +355,14 @@ in "${cfg.dataDir}/recovery.conf" ''} - exec ${postgresql}/bin/postgres -D ${cfg.dataDir} + exec ${postgresql}/bin/postgres ''; serviceConfig.KeepAlive = true; serviceConfig.RunAtLoad = true; + serviceConfig.EnvironmentVariables = { + PGDATA = cfg.dataDir; + }; }; }; -- cgit v1.2.3 From dbbcad8b9bd90ff5f2785006fe86533edb4edd5c Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 31 Dec 2023 13:28:24 +1100 Subject: linux-builder: remove trusted user requirement If you set up a signing key for the `linux-builder` and add that as trusted public key on your machine, you won't need to be a trusted user at all. --- modules/nix/linux-builder.nix | 8 -------- 1 file changed, 8 deletions(-) (limited to 'modules') diff --git a/modules/nix/linux-builder.nix b/modules/nix/linux-builder.nix index da8d791..41fec9d 100644 --- a/modules/nix/linux-builder.nix +++ b/modules/nix/linux-builder.nix @@ -80,14 +80,6 @@ in }; config = mkIf cfg.enable { - assertions = [ { - assertion = config.nix.settings.trusted-users != [ "root" ] || (config.nix.settings.extra-trusted-users or [ ]) != [ ]; - message = '' - Your user or group (@admin) needs to be added to `nix.settings.trusted-users` or `nix.settings.extra-trusted-users` - to use the Linux builder. - ''; - } ]; - system.activationScripts.preActivation.text = '' mkdir -p /var/lib/darwin-builder ''; -- cgit v1.2.3 From 81f7aab5edf705d851415762d1bfe4fa836bbce7 Mon Sep 17 00:00:00 2001 From: Jefferson Bledsoe Date: Thu, 18 Apr 2024 13:53:30 +0000 Subject: Update ShowDate in menuExtraClock --- modules/system/defaults/clock.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/system/defaults/clock.nix b/modules/system/defaults/clock.nix index cd5c0e8..14eacfa 100644 --- a/modules/system/defaults/clock.nix +++ b/modules/system/defaults/clock.nix @@ -51,11 +51,9 @@ with lib; description = lib.mdDoc '' Show the full date. Default is null. - 0 = Show the date - 1 = Don't show - 2 = Don't show - - TODO: I don't know what the difference is between 1 and 2. + 0 = When space allows + 1 = Always + 2 = Never ''; }; -- cgit v1.2.3 From def1e23be848848400d1d097d4f044e3c401f9dd Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Sun, 14 Apr 2024 23:02:32 +0200 Subject: treewide: remove lib.mdDoc --- modules/documentation/default.nix | 8 +- modules/environment/default.nix | 28 ++-- modules/fonts/default.nix | 4 +- modules/homebrew.nix | 100 +++++++------- modules/launchd/default.nix | 22 +-- modules/launchd/launchd.nix | 174 ++++++++++++------------ modules/lib/write-text.nix | 10 +- modules/meta.nix | 2 +- modules/misc/ids.nix | 4 +- modules/misc/lib.nix | 2 +- modules/networking/default.nix | 12 +- modules/nix/default.nix | 80 +++++------ modules/nix/linux-builder.nix | 24 ++-- modules/nix/nixpkgs.nix | 14 +- modules/programs/bash/default.nix | 6 +- modules/programs/direnv.nix | 16 +-- modules/programs/fish.nix | 22 +-- modules/programs/gnupg.nix | 4 +- modules/programs/info/default.nix | 2 +- modules/programs/man.nix | 2 +- modules/programs/nix-index/default.nix | 4 +- modules/programs/ssh/default.nix | 14 +- modules/programs/tmux.nix | 16 +-- modules/programs/vim.nix | 10 +- modules/programs/zsh/default.nix | 26 ++-- modules/security/pam.nix | 2 +- modules/security/pki/default.nix | 8 +- modules/security/sandbox/default.nix | 14 +- modules/security/sudo.nix | 2 +- modules/services/activate-system/default.nix | 2 +- modules/services/autossh.nix | 10 +- modules/services/buildkite-agents.nix | 29 ++-- modules/services/cachix-agent.nix | 10 +- modules/services/chunkwm.nix | 16 +-- modules/services/dnsmasq.nix | 10 +- modules/services/emacs.nix | 8 +- modules/services/eternal-terminal.nix | 12 +- modules/services/github-runner/options.nix | 34 ++--- modules/services/gitlab-runner.nix | 76 +++++------ modules/services/hercules-ci-agent/common.nix | 9 +- modules/services/hercules-ci-agent/default.nix | 2 +- modules/services/hercules-ci-agent/settings.nix | 19 ++- modules/services/ipfs.nix | 10 +- modules/services/karabiner-elements/default.nix | 2 +- modules/services/khd/default.nix | 8 +- modules/services/kwm/default.nix | 6 +- modules/services/lorri.nix | 4 +- modules/services/mail/offlineimap.nix | 12 +- modules/services/monitoring/telegraf.nix | 10 +- modules/services/mopidy.nix | 8 +- modules/services/netbird.nix | 4 +- modules/services/nextdns/default.nix | 4 +- modules/services/nix-daemon.nix | 8 +- modules/services/nix-gc/default.nix | 8 +- modules/services/nix-optimise/default.nix | 7 +- modules/services/ofborg/default.nix | 8 +- modules/services/postgresql/default.nix | 38 +++--- modules/services/privoxy/default.nix | 12 +- modules/services/redis/default.nix | 16 +-- modules/services/sketchybar/default.nix | 8 +- modules/services/skhd/default.nix | 6 +- modules/services/spacebar/default.nix | 8 +- modules/services/spotifyd.nix | 6 +- modules/services/synapse-bt.nix | 10 +- modules/services/synergy/default.nix | 32 ++--- modules/services/tailscale.nix | 6 +- modules/services/trezord.nix | 6 +- modules/services/wg-quick.nix | 38 +++--- modules/services/yabai/default.nix | 10 +- modules/system/activation-scripts.nix | 2 +- modules/system/checks.nix | 6 +- modules/system/default.nix | 12 +- modules/system/defaults/ActivityMonitor.nix | 10 +- modules/system/defaults/CustomPreferences.nix | 4 +- modules/system/defaults/GlobalPreferences.nix | 4 +- modules/system/defaults/LaunchServices.nix | 2 +- modules/system/defaults/NSGlobalDomain.nix | 94 ++++++------- modules/system/defaults/SoftwareUpdate.nix | 2 +- modules/system/defaults/alf.nix | 10 +- modules/system/defaults/clock.nix | 14 +- modules/system/defaults/dock.nix | 52 +++---- modules/system/defaults/finder.nix | 20 +-- modules/system/defaults/loginwindow.nix | 22 +-- modules/system/defaults/magicmouse.nix | 2 +- modules/system/defaults/screencapture.nix | 6 +- modules/system/defaults/screensaver.nix | 4 +- modules/system/defaults/smb.nix | 4 +- modules/system/defaults/spaces.nix | 2 +- modules/system/defaults/trackpad.nix | 14 +- modules/system/defaults/universalaccess.nix | 10 +- modules/system/etc.nix | 2 +- modules/system/keyboard.nix | 12 +- modules/system/launchd.nix | 6 +- modules/system/nvram.nix | 2 +- modules/system/patches.nix | 2 +- modules/system/shells.nix | 2 +- modules/system/startup.nix | 2 +- modules/system/version.nix | 20 +-- modules/time/default.nix | 2 +- modules/users/default.nix | 10 +- modules/users/group.nix | 8 +- modules/users/user.nix | 18 +-- 102 files changed, 771 insertions(+), 775 deletions(-) (limited to 'modules') diff --git a/modules/documentation/default.nix b/modules/documentation/default.nix index 2f3bb9a..10bcbd3 100644 --- a/modules/documentation/default.nix +++ b/modules/documentation/default.nix @@ -88,7 +88,7 @@ in documentation.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install documentation of packages from {option}`environment.systemPackages` into the generated system path. @@ -100,7 +100,7 @@ in documentation.man.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install manual pages and the {command}`man` command. This also includes "man" outputs. ''; @@ -109,7 +109,7 @@ in documentation.info.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install info pages and the {command}`info` command. This also includes "info" outputs. ''; @@ -118,7 +118,7 @@ in documentation.doc.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install documentation distributed in packages' `/share/doc`. Usually plain text and/or HTML. This also includes "doc" outputs. diff --git a/modules/environment/default.nix b/modules/environment/default.nix index c4883c3..753ee31 100644 --- a/modules/environment/default.nix +++ b/modules/environment/default.nix @@ -21,7 +21,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.curl pkgs.vim ]"; - description = lib.mdDoc '' + description = '' The set of packages that appear in /run/current-system/sw. These packages are automatically available to all users, and are @@ -34,39 +34,39 @@ in environment.systemPath = mkOption { type = types.listOf (types.either types.path types.str); - description = lib.mdDoc "The set of paths that are added to PATH."; + description = "The set of paths that are added to PATH."; apply = x: if isList x then makeDrvBinPath x else x; }; environment.profiles = mkOption { type = types.listOf types.str; - description = lib.mdDoc "A list of profiles used to setup the global environment."; + description = "A list of profiles used to setup the global environment."; }; environment.postBuild = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Commands to execute when building the global environment."; + description = "Commands to execute when building the global environment."; }; environment.extraOutputsToInstall = mkOption { type = types.listOf types.str; default = []; example = [ "doc" "info" "devdoc" ]; - description = lib.mdDoc "List of additional package outputs to be symlinked into {file}`/run/current-system/sw`."; + description = "List of additional package outputs to be symlinked into {file}`/run/current-system/sw`."; }; environment.pathsToLink = mkOption { type = types.listOf types.str; default = []; example = [ "/share/doc" ]; - description = lib.mdDoc "List of directories to be symlinked in {file}`/run/current-system/sw`."; + description = "List of directories to be symlinked in {file}`/run/current-system/sw`."; }; environment.darwinConfig = mkOption { type = types.either types.path types.str; default = "$HOME/.nixpkgs/darwin-configuration.nix"; - description = lib.mdDoc '' + description = '' The path of the darwin configuration.nix used to configure the system, this updates the default darwin-config entry in NIX_PATH. Since this changes an environment variable it will only apply to new shells. @@ -79,14 +79,14 @@ in environment.loginShell = mkOption { type = types.str; default = "$SHELL -l"; - description = lib.mdDoc "Configure default login shell."; + description = "Configure default login shell."; }; environment.variables = mkOption { type = types.attrsOf (types.either types.str (types.listOf types.str)); default = {}; example = { EDITOR = "vim"; LANG = "nl_NL.UTF-8"; }; - description = lib.mdDoc '' + description = '' A set of environment variables used in the global environment. These variables will be set on shell initialisation. The value of each variable can be either a string or a list of @@ -100,7 +100,7 @@ in type = types.attrsOf types.str; default = {}; example = { ll = "ls -l"; }; - description = lib.mdDoc '' + description = '' An attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs. The alises are added to all users' shells. @@ -110,7 +110,7 @@ in environment.extraInit = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during global environment initialisation after all variables and profileVariables have been set. This code is asumed to be shell-independent, which means you should @@ -120,7 +120,7 @@ in environment.shellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during shell initialisation. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split. @@ -130,7 +130,7 @@ in environment.loginShellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during login shell initialisation. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split. @@ -140,7 +140,7 @@ in environment.interactiveShellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during interactive shell initialisation. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split. diff --git a/modules/fonts/default.nix b/modules/fonts/default.nix index 16f0258..7140639 100644 --- a/modules/fonts/default.nix +++ b/modules/fonts/default.nix @@ -15,7 +15,7 @@ in fonts.fontDir.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable font management and install configured fonts to {file}`/Library/Fonts`. @@ -27,7 +27,7 @@ in type = types.listOf types.path; default = [ ]; example = literalExpression "[ pkgs.dejavu_fonts ]"; - description = lib.mdDoc '' + description = '' List of fonts to install. Fonts present in later entries override those with the same filenames diff --git a/modules/homebrew.nix b/modules/homebrew.nix index fa6f1cd..7aee9e1 100644 --- a/modules/homebrew.nix +++ b/modules/homebrew.nix @@ -65,7 +65,7 @@ let type = types.enum [ "none" "uninstall" "zap" ]; default = "none"; example = "uninstall"; - description = lib.mdDoc '' + description = '' This option manages what happens to formulae installed by Homebrew, that aren't present in the Brewfile generated by this module, during {command}`nix-darwin` system activation. @@ -92,7 +92,7 @@ let autoUpdate = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Homebrew to auto-update itself and all formulae during {command}`nix-darwin` system activation. The default is `false` so that repeated invocations of {command}`darwin-rebuild switch` are idempotent. @@ -111,7 +111,7 @@ let upgrade = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Homebrew to upgrade outdated formulae and Mac App Store apps during {command}`nix-darwin` system activation. The default is `false` so that repeated invocations of {command}`darwin-rebuild switch` are idempotent. @@ -125,7 +125,7 @@ let type = types.listOf types.str; default = [ ]; example = [ "--verbose" ]; - description = lib.mdDoc '' + description = '' Extra flags to pass to {command}`brew bundle [install]` during {command}`nix-darwin` system activation. ''; @@ -151,7 +151,7 @@ let brewfile = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Homebrew to automatically use the Brewfile that this module generates in the Nix store, when you manually invoke {command}`brew bundle`. @@ -172,7 +172,7 @@ let autoUpdate = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable Homebrew to auto-update itself and all formulae when you manually invoke commands like {command}`brew install`, {command}`brew upgrade`, {command}`brew tap`, and {command}`brew bundle [install]`. @@ -195,7 +195,7 @@ let type = types.bool; default = !config.brewfile; defaultText = literalExpression "!config.homebrew.global.brewfile"; - description = lib.mdDoc '' + description = '' Whether to enable Homebrew to generate lockfiles when you manually invoke {command}`brew bundle [install]`. @@ -235,14 +235,14 @@ let name = mkOption { type = types.str; example = "homebrew/cask-fonts"; - description = lib.mdDoc '' + description = '' When {option}`clone_target` is unspecified, this is the name of a formula repository to tap from GitHub using HTTPS. For example, `"user/repo"` will tap https://github.com/user/homebrew-repo. ''; }; clone_target = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Use this option to tap a formula repository from anywhere, using any transport protocol that {command}`git` handles. When {option}`clone_target` is specified, taps can be cloned from places other than GitHub and using protocols other than HTTPS, e.g., @@ -250,7 +250,7 @@ let ''; }; force_auto_update = mkNullOrBoolOption { - description = lib.mdDoc '' + description = '' Whether to auto-update the tap even if it is not hosted on GitHub. By default, only taps hosted on GitHub are auto-updated (for performance reasons). ''; @@ -277,77 +277,77 @@ let caskArgsOptions = { config, ... }: { options = { appdir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for Applications. Homebrew's default is {file}`/Applications`. ''; }; colorpickerdir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for Color Pickers. Homebrew's default is {file}`~/Library/ColorPickers`. ''; }; prefpanedir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for Preference Panes. Homebrew's default is {file}`~/Library/PreferencePanes`. ''; }; qlplugindir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for QuickLook Plugins. Homebrew's default is {file}`~/Library/QuickLook`. ''; }; mdimporterdir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for Spotlight Plugins. Homebrew's default is {file}`~/Library/Spotlight`. ''; }; dictionarydir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for Dictionaries. Homebrew's default is {file}`~/Library/Dictionaries`. ''; }; fontdir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for Fonts. Homebrew's default is {file}`~/Library/Fonts`. ''; }; servicedir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for Services. Homebrew's default is {file}`~/Library/Services`. ''; }; input_methoddir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for Input Methods. Homebrew's default is {file}`~/Library/Input Methods`. ''; }; internet_plugindir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for Internet Plugins. Homebrew's default is {file}`~/Library/Internet Plug-Ins`. ''; }; audio_unit_plugindir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for Audio Unit Plugins. Homebrew's default is @@ -355,28 +355,28 @@ let ''; }; vst_plugindir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for VST Plugins. Homebrew's default is {file}`~/Library/Audio/Plug-Ins/VST`. ''; }; vst3_plugindir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for VST3 Plugins. Homebrew's default is {file}`~/Library/Audio/Plug-Ins/VST3`. ''; }; screen_saverdir = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Target location for Screen Savers. Homebrew's default is {file}`~/Library/Screen Savers`. ''; }; language = mkNullOrStrOption { - description = lib.mdDoc '' + description = '' Comma-separated list of language codes to prefer for cask installation. The first matching language is used, otherwise it reverts to the cask’s default language. The default value is the language of your system. @@ -384,17 +384,17 @@ let example = "zh-TW"; }; require_sha = mkNullOrBoolOption { - description = lib.mdDoc '' + description = '' Whether to require cask(s) to have a checksum. Homebrew's default is `false`. ''; }; no_quarantine = mkNullOrBoolOption { - description = lib.mdDoc "Whether to disable quarantining of downloads."; + description = "Whether to disable quarantining of downloads."; }; no_binaries = mkNullOrBoolOption { - description = lib.mdDoc "Whether to disable linking of helper executables."; + description = "Whether to disable linking of helper executables."; }; brewfileLine = mkInternalOption { type = types.nullOr types.str; }; @@ -415,12 +415,12 @@ let options = { name = mkOption { type = types.str; - description = lib.mdDoc "The name of the formula to install."; + description = "The name of the formula to install."; }; args = mkOption { type = with types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' Arguments flags to pass to {command}`brew install`. Values should not include the leading `"--"`. ''; @@ -428,7 +428,7 @@ let conflicts_with = mkOption { type = with types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' List of formulae that should be unlinked and their services stopped (if they are installed). ''; @@ -436,7 +436,7 @@ let restart_service = mkOption { type = with types; nullOr (either bool (enum [ "changed" ])); default = null; - description = lib.mdDoc '' + description = '' Whether to run {command}`brew services restart` for the formula and register it to launch at login (or boot). If set to `"changed"`, the service will only be restarted on version changes. @@ -445,7 +445,7 @@ let ''; }; start_service = mkNullOrBoolOption { - description = lib.mdDoc '' + description = '' Whether to run {command}`brew services start` for the formula and register it to launch at login (or boot). @@ -453,7 +453,7 @@ let ''; }; link = mkNullOrBoolOption { - description = lib.mdDoc '' + description = '' Whether to link the formula to the Homebrew prefix. When this option is `null`, Homebrew will use it's default behavior which is to link the formula if it's currently unlinked and not keg-only, and to unlink the formula if it's @@ -488,19 +488,19 @@ let options = { name = mkOption { type = types.str; - description = lib.mdDoc "The name of the cask to install."; + description = "The name of the cask to install."; }; args = mkOption { type = types.nullOr (types.submodule caskArgsOptions); default = null; visible = "shallow"; # so that options from `homebrew.caskArgs` aren't repeated. - description = lib.mdDoc '' + description = '' Arguments passed to {command}`brew install --cask` when installing this cask. See [](#opt-homebrew.caskArgs) for the available options. ''; }; greedy = mkNullOrBoolOption { - description = lib.mdDoc '' + description = '' Whether to always upgrade this cask regardless of whether it's unversioned or it updates itself. ''; @@ -531,7 +531,7 @@ in ]; options.homebrew = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' {command}`nix-darwin` to manage installing/updating/upgrading Homebrew taps, formulae, and casks, as well as Mac App Store apps and Docker containers, using Homebrew Bundle. @@ -554,7 +554,7 @@ in [](#opt-homebrew.onActivation). This module also provides a few options for modifying how Homebrew commands behave when - you manually invoke them, under [](#opt-homebrew.global)''); + you manually invoke them, under [](#opt-homebrew.global)''; brewPrefix = mkOption { type = types.str; @@ -563,7 +563,7 @@ in if pkgs.stdenv.hostPlatform.isAarch64 then "/opt/homebrew/bin" else "/usr/local/bin" ''; - description = lib.mdDoc '' + description = '' The path prefix where the {command}`brew` executable is located. This will be set to the correct value based on your system's platform, and should only need to be changed if you manually installed Homebrew in a non-standard location. @@ -573,7 +573,7 @@ in onActivation = mkOption { type = types.submodule onActivationOptions; default = { }; - description = lib.mdDoc '' + description = '' Options for configuring the behavior of the {command}`brew bundle` command that {command}`nix-darwin` runs during system activation. ''; @@ -582,7 +582,7 @@ in global = mkOption { type = types.submodule globalOptions; default = { }; - description = lib.mdDoc '' + description = '' Options for configuring the behavior of Homebrew commands when you manually invoke them. ''; }; @@ -604,7 +604,7 @@ in } ] ''; - description = lib.mdDoc '' + description = '' List of Homebrew formula repositories to tap. Taps defined as strings, e.g., `"user/repo"`, are a shorthand for: @@ -622,7 +622,7 @@ in require_sha = true; } ''; - description = lib.mdDoc '' + description = '' Arguments passed to {command}`brew install --cask` for all casks listed in [](#opt-homebrew.casks). ''; @@ -653,7 +653,7 @@ in } ] ''; - description = lib.mdDoc '' + description = '' List of Homebrew formulae to install. Formulae defined as strings, e.g., `"imagemagick"`, are a shorthand for: @@ -684,7 +684,7 @@ in } ] ''; - description = lib.mdDoc '' + description = '' List of Homebrew casks to install. Casks defined as strings, e.g., `"google-chrome"`, are a shorthand for: @@ -702,7 +702,7 @@ in Xcode = 497799835; } ''; - description = lib.mdDoc '' + description = '' Applications to install from Mac App Store using {command}`mas`. When this option is used, `"mas"` is automatically added to @@ -723,7 +723,7 @@ in type = with types; listOf str; default = [ ]; example = [ "whalebrew/wget" ]; - description = lib.mdDoc '' + description = '' List of Docker images to install using {command}`whalebrew`. When this option is used, `"whalebrew"` is automatically added to @@ -741,12 +741,12 @@ in # 'brew cask install' only if '/usr/libexec/java_home --failfast' fails cask "java" unless system "/usr/libexec/java_home --failfast" ''; - description = lib.mdDoc "Extra lines to be added verbatim to the bottom of the generated Brewfile."; + description = "Extra lines to be added verbatim to the bottom of the generated Brewfile."; }; brewfile = mkInternalOption { type = types.str; - description = lib.mdDoc "String reprensentation of the generated Brewfile useful for debugging."; + description = "String reprensentation of the generated Brewfile useful for debugging."; }; }; diff --git a/modules/launchd/default.nix b/modules/launchd/default.nix index 5b24a9f..ccb6cc6 100644 --- a/modules/launchd/default.nix +++ b/modules/launchd/default.nix @@ -30,14 +30,14 @@ let type = types.attrsOf (types.either types.str (types.listOf types.str)); default = {}; example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; }; - description = lib.mdDoc "Environment variables passed to the service's processes."; + description = "Environment variables passed to the service's processes."; apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v); }; path = mkOption { type = types.listOf (types.either types.path types.str); default = []; - description = lib.mdDoc '' + description = '' Packages added to the service's {env}`PATH` environment variable. Only the {file}`bin` and subdirectories of each package is added. @@ -48,13 +48,13 @@ let command = mkOption { type = types.either types.str types.path; default = ""; - description = lib.mdDoc "Command executed as the service's main process."; + description = "Command executed as the service's main process."; }; script = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Shell commands executed as the service's main process."; + description = "Shell commands executed as the service's main process."; }; # preStart = mkOption { @@ -73,7 +73,7 @@ let KeepAlive = true; }; default = {}; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option for a key in the plist. ''; @@ -99,7 +99,7 @@ in launchd.labelPrefix = mkOption { type = types.str; default = "org.nixos"; - description = lib.mdDoc '' + description = '' The default prefix of the service label. Individual services can override this by setting the Label attribute. ''; @@ -109,7 +109,7 @@ in type = types.attrsOf (types.either types.str (types.listOf types.str)); default = {}; example = { LANG = "nl_NL.UTF-8"; }; - description = lib.mdDoc '' + description = '' A set of environment variables to be set on all future processes launched by launchd in the caller's context. The value of each variable can be either a string or a list of @@ -123,7 +123,7 @@ in type = types.attrsOf (types.either types.str (types.listOf types.str)); default = {}; example = { LANG = "nl_NL.UTF-8"; }; - description = lib.mdDoc '' + description = '' A set of environment variables to be set on all future processes launched by launchd in the caller's context. The value of each variable can be either a string or a list of @@ -136,7 +136,7 @@ in launchd.agents = mkOption { default = {}; type = types.attrsOf (types.submodule serviceOptions); - description = lib.mdDoc '' + description = '' Definition of per-user launchd agents. When a user logs in, a per-user launchd is started. @@ -152,7 +152,7 @@ in launchd.daemons = mkOption { default = {}; type = types.attrsOf (types.submodule serviceOptions); - description = lib.mdDoc '' + description = '' Definition of launchd daemons. After the system is booted and the kernel is running, launchd is run to finish the system initialization. @@ -168,7 +168,7 @@ in launchd.user.agents = mkOption { default = {}; type = types.attrsOf (types.submodule serviceOptions); - description = lib.mdDoc '' + description = '' Definition of per-user launchd agents. When a user logs in, a per-user launchd is started. diff --git a/modules/launchd/launchd.nix b/modules/launchd/launchd.nix index 119d4f0..9fecde6 100644 --- a/modules/launchd/launchd.nix +++ b/modules/launchd/launchd.nix @@ -6,13 +6,13 @@ with lib; options = { Label = mkOption { type = types.str; - description = lib.mdDoc "This required key uniquely identifies the job to launchd."; + description = "This required key uniquely identifies the job to launchd."; }; Disabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This optional key is used as a hint to `launchctl(1)` that it should not submit this job to launchd when loading a job or jobs. The value of this key does NOT reflect the current state of the job on the running system. If you wish to know whether a job is loaded in launchd, reading this key from a configuration @@ -35,7 +35,7 @@ with lib; UserName = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies the user to run the job as. This key is only applicable when launchd is running as root. ''; @@ -44,7 +44,7 @@ with lib; GroupName = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies the group to run the job as. This key is only applicable when launchd is running as root. If UserName is set and GroupName is not, the the group will be set to the default group of the user. @@ -54,7 +54,7 @@ with lib; inetdCompatibility = mkOption { default = null; example = { Wait = true; }; - description = lib.mdDoc '' + description = '' The presence of this key specifies that the daemon expects to be run as if it were launched from inetd. ''; type = types.nullOr (types.submodule { @@ -62,7 +62,7 @@ with lib; Wait = mkOption { type = types.nullOr (types.either types.bool types.str); default = null; - description = lib.mdDoc '' + description = '' This flag corresponds to the "wait" or "nowait" option of inetd. If true, then the listening socket is passed via the standard in/out/error file descriptors. If false, then `accept(2)` is called on behalf of the job, and the result is passed via the standard in/out/error descriptors. @@ -75,7 +75,7 @@ with lib; LimitLoadToHosts = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' This configuration file only applies to the hosts listed with this key. Note: One should set kern.hostname in `sysctl.conf(5)` for this feature to work reliably. ''; @@ -84,7 +84,7 @@ with lib; LimitLoadFromHosts = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' This configuration file only applies to hosts NOT listed with this key. Note: One should set kern.hostname in `sysctl.conf(5)` for this feature to work reliably. ''; @@ -93,7 +93,7 @@ with lib; LimitLoadToSessionType = mkOption { type = types.nullOr (types.oneOf [types.str (types.listOf types.str)]); default = null; - description = lib.mdDoc '' + description = '' This configuration file only applies to sessions of the type specified. This key is used in concert with the -S flag to {command}`launchctl`. ''; @@ -102,7 +102,7 @@ with lib; Program = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' This key maps to the first argument of `execvp(3)`. If this key is missing, then the first element of the array of strings provided to the ProgramArguments will be used instead. This key is required in the absence of the ProgramArguments key. @@ -112,7 +112,7 @@ with lib; ProgramArguments = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' This key maps to the second argument of `execvp(3)`. This key is required in the absence of the Program key. Please note: many people are confused by this key. Please read `execvp(3)` very carefully! ''; @@ -121,7 +121,7 @@ with lib; EnableGlobbing = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This flag causes launchd to use the `glob(3)` mechanism to update the program arguments before invocation. ''; }; @@ -129,7 +129,7 @@ with lib; EnableTransactions = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This flag instructs launchd that the job promises to use `vproc_transaction_begin(3)` and `vproc_transaction_end(3)` to track outstanding transactions that need to be reconciled before the process can safely terminate. If no outstanding transactions are in progress, then launchd is free to @@ -140,7 +140,7 @@ with lib; OnDemand = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This key was used in Mac OS X 10.4 to control whether a job was kept alive or not. The default was true. This key has been deprecated and replaced in Mac OS X 10.5 and later with the more powerful KeepAlive option. @@ -154,7 +154,7 @@ with lib; SuccessfulExit = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' If true, the job will be restarted as long as the program exits and with an exit status of zero. If false, the job will be restarted in the inverse condition. This key implies that "RunAtLoad" is set to true, since the job needs to run at least once before we can get an exit status. @@ -164,7 +164,7 @@ with lib; NetworkState = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' If true, the job will be kept alive as long as the network is up, where up is defined as at least one non-loopback interface being up and having IPv4 or IPv6 addresses assigned to them. If false, the job will be kept alive in the inverse condition. @@ -174,7 +174,7 @@ with lib; PathState = mkOption { type = types.nullOr (types.attrsOf types.bool); default = null; - description = lib.mdDoc '' + description = '' Each key in this dictionary is a file-system path. If the value of the key is true, then the job will be kept alive as long as the path exists. If false, the job will be kept alive in the inverse condition. The intent of this feature is that two or more jobs may create semaphores in @@ -185,7 +185,7 @@ with lib; OtherJobEnabled = mkOption { type = types.nullOr (types.attrsOf types.bool); default = null; - description = lib.mdDoc '' + description = '' Each key in this dictionary is the label of another job. If the value of the key is true, then this job is kept alive as long as that other job is enabled. Otherwise, if the value is false, then this job is kept alive as long as the other job is disabled. This feature should not be @@ -196,7 +196,7 @@ with lib; Crashed = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' If true, the the job will be restarted as long as it exited due to a signal which is typically associated with a crash (SIGILL, SIGSEGV, etc.). If false, the job will be restarted in the inverse condition. @@ -211,7 +211,7 @@ with lib; }; })); default = null; - description = lib.mdDoc '' + description = '' This optional key is used to control whether your job is to be kept continuously running or to let demand and conditions control the invocation. The default is false and therefore only demand will start the job. The value may be set to true to unconditionally keep the job alive. Alternatively, a dictionary @@ -226,7 +226,7 @@ with lib; RunAtLoad = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This optional key is used to control whether your job is launched once at the time the job is loaded. The default is false. ''; @@ -235,7 +235,7 @@ with lib; RootDirectory = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' This optional key is used to specify a directory to `chroot(2)` to before running the job. ''; }; @@ -243,7 +243,7 @@ with lib; WorkingDirectory = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' This optional key is used to specify a directory to `chdir(2)` to before running the job. ''; }; @@ -251,7 +251,7 @@ with lib; EnvironmentVariables = mkOption { type = types.nullOr (types.attrsOf types.str); default = null; - description = lib.mdDoc '' + description = '' This optional key is used to specify additional environment variables to be set before running the job. ''; @@ -260,7 +260,7 @@ with lib; Umask = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies what value should be passed to `umask(2)` before running the job. Known bug: Property lists don't support octal, so please convert the value to decimal. ''; @@ -269,7 +269,7 @@ with lib; TimeOut = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The recommended idle time out (in seconds) to pass to the job. If no value is specified, a default time out will be supplied by launchd for use by the job at check in time. ''; @@ -278,7 +278,7 @@ with lib; ExitTimeOut = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The amount of time launchd waits before sending a SIGKILL signal. The default value is 20 seconds. The value zero is interpreted as infinity. ''; @@ -287,7 +287,7 @@ with lib; ThrottleInterval = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' This key lets one override the default throttling policy imposed on jobs by launchd. The value is in seconds, and by default, jobs will not be spawned more than once every 10 seconds. The principle behind this is that jobs should linger around just in case they are needed again in the near future. @@ -299,7 +299,7 @@ with lib; InitGroups = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies whether `initgroups(3)` should be called before running the job. The default is true in 10.5 and false in 10.4. This key will be ignored if the UserName key is not set. ''; @@ -308,7 +308,7 @@ with lib; WatchPaths = mkOption { type = types.nullOr (types.listOf types.path); default = null; - description = lib.mdDoc '' + description = '' This optional key causes the job to be started if any one of the listed paths are modified. ''; }; @@ -316,7 +316,7 @@ with lib; QueueDirectories = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' Much like the WatchPaths option, this key will watch the paths for modifications. The difference being that the job will only be started if the path is a directory and the directory is not empty. ''; @@ -325,7 +325,7 @@ with lib; StartOnMount = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This optional key causes the job to be started every time a filesystem is mounted. ''; }; @@ -333,7 +333,7 @@ with lib; StartInterval = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' This optional key causes the job to be started every N seconds. If the system is asleep, the job will be started the next time the computer wakes up. If multiple intervals transpire before the computer is woken, those events will be coalesced into one event upon wake from sleep. @@ -343,7 +343,7 @@ with lib; StartCalendarInterval = mkOption { default = null; example = [{ Hour = 2; Minute = 30; }]; - description = lib.mdDoc '' + description = '' This optional key causes the job to be started every calendar interval as specified. Missing arguments are considered to be wildcard. The semantics are much like `crontab(5)`. Unlike cron which skips job invocations when the computer is asleep, launchd will start the job the next time the computer wakes @@ -355,7 +355,7 @@ with lib; Minute = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The minute on which this job will be run. ''; }; @@ -363,7 +363,7 @@ with lib; Hour = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The hour on which this job will be run. ''; }; @@ -371,7 +371,7 @@ with lib; Day = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The day on which this job will be run. ''; }; @@ -379,7 +379,7 @@ with lib; Weekday = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The weekday on which this job will be run (0 and 7 are Sunday). ''; }; @@ -387,7 +387,7 @@ with lib; Month = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The month on which this job will be run. ''; }; @@ -398,7 +398,7 @@ with lib; StandardInPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies what file should be used for data being supplied to stdin when using `stdio(3)`. ''; @@ -407,7 +407,7 @@ with lib; StandardOutPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies what file should be used for data being sent to stdout when using `stdio(3)`. ''; }; @@ -415,7 +415,7 @@ with lib; StandardErrorPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies what file should be used for data being sent to stderr when using `stdio(3)`. ''; }; @@ -423,7 +423,7 @@ with lib; Debug = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies that launchd should adjust its log mask temporarily to LOG_DEBUG while dealing with this job. ''; @@ -432,7 +432,7 @@ with lib; WaitForDebugger = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies that launchd should instruct the kernel to have the job wait for a debugger to attach before any code in the job is executed. ''; @@ -440,7 +440,7 @@ with lib; SoftResourceLimits = mkOption { default = null; - description = lib.mdDoc '' + description = '' Resource limits to be imposed on the job. These adjust variables set with `setrlimit(2)`. The following keys apply: ''; @@ -449,7 +449,7 @@ with lib; Core = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The largest size (in bytes) core file that may be created. ''; }; @@ -457,7 +457,7 @@ with lib; CPU = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum amount of cpu time (in seconds) to be used by each process. ''; }; @@ -465,7 +465,7 @@ with lib; Data = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum size (in bytes) of the data segment for a process; this defines how far a program may extend its break with the `sbrk(2)` system call. ''; @@ -474,7 +474,7 @@ with lib; FileSize = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The largest size (in bytes) file that may be created. ''; }; @@ -482,7 +482,7 @@ with lib; MemoryLock = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum size (in bytes) which a process may lock into memory using the mlock(2) function. ''; }; @@ -490,7 +490,7 @@ with lib; NumberOfFiles = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum number of open files for this process. Setting this value in a system wide daemon will set the `sysctl(3)` kern.maxfiles (SoftResourceLimits) or kern.maxfilesperproc (HardResourceLimits) value in addition to the `setrlimit(2)` values. @@ -500,7 +500,7 @@ with lib; NumberOfProcesses = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum number of simultaneous processes for this user id. Setting this value in a system wide daemon will set the `sysctl(3)` kern.maxproc (SoftResourceLimits) or kern.maxprocperuid (HardResourceLimits) value in addition to the `setrlimit(2)` values. @@ -510,7 +510,7 @@ with lib; ResidentSetSize = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum size (in bytes) to which a process's resident set size may grow. This imposes a limit on the amount of physical memory to be given to a process; if memory is tight, the system will prefer to take memory from processes that are exceeding their declared resident set size. @@ -520,7 +520,7 @@ with lib; Stack = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum size (in bytes) of the stack segment for a process; this defines how far a program's stack segment may be extended. Stack extension is performed automatically by the system. ''; @@ -532,7 +532,7 @@ with lib; HardResourceLimits = mkOption { default = null; example = { NumberOfFiles = 4096; }; - description = lib.mdDoc '' + description = '' Resource limits to be imposed on the job. These adjust variables set with `setrlimit(2)`. The following keys apply: ''; @@ -541,7 +541,7 @@ with lib; Core = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The largest size (in bytes) core file that may be created. ''; }; @@ -549,7 +549,7 @@ with lib; CPU = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum amount of cpu time (in seconds) to be used by each process. ''; }; @@ -557,7 +557,7 @@ with lib; Data = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum size (in bytes) of the data segment for a process; this defines how far a program may extend its break with the `sbrk(2)` system call. ''; @@ -566,7 +566,7 @@ with lib; FileSize = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The largest size (in bytes) file that may be created. ''; }; @@ -574,7 +574,7 @@ with lib; MemoryLock = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum size (in bytes) which a process may lock into memory using the `mlock(2)` function. ''; }; @@ -582,7 +582,7 @@ with lib; NumberOfFiles = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum number of open files for this process. Setting this value in a system wide daemon will set the `sysctl(3)` kern.maxfiles (SoftResourceLimits) or kern.maxfilesperproc (HardResourceLimits) value in addition to the `setrlimit(2)` values. @@ -592,7 +592,7 @@ with lib; NumberOfProcesses = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum number of simultaneous processes for this user id. Setting this value in a system wide daemon will set the `sysctl(3)` kern.maxproc (SoftResourceLimits) or kern.maxprocperuid (HardResourceLimits) value in addition to the `setrlimit(2)` values. @@ -602,7 +602,7 @@ with lib; ResidentSetSize = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum size (in bytes) to which a process's resident set size may grow. This imposes a limit on the amount of physical memory to be given to a process; if memory is tight, the system will prefer to take memory from processes that are exceeding their declared resident set size. @@ -612,7 +612,7 @@ with lib; Stack = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The maximum size (in bytes) of the stack segment for a process; this defines how far a program's stack segment may be extended. Stack extension is performed automatically by the system. ''; @@ -624,7 +624,7 @@ with lib; Nice = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies what nice(3) value should be applied to the daemon. ''; }; @@ -633,7 +633,7 @@ with lib; type = types.nullOr (types.enum [ "Background" "Standard" "Adaptive" "Interactive" ]); default = null; example = "Background"; - description = lib.mdDoc '' + description = '' This optional key describes, at a high level, the intended purpose of the job. The system will apply resource limits based on what kind of job it is. If left unspecified, the system will apply light resource limits to the job, throttling its CPU usage and I/O bandwidth. The following are valid values: @@ -660,7 +660,7 @@ with lib; AbandonProcessGroup = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' When a job dies, launchd kills any remaining processes with the same process group ID as the job. Setting this key to true disables that behavior. ''; @@ -669,7 +669,7 @@ with lib; LowPriorityIO = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies whether the kernel should consider this daemon to be low priority when doing file system I/O. ''; @@ -678,7 +678,7 @@ with lib; LaunchOnlyOnce = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies whether the job can only be run once and only once. In other words, if the job cannot be safely respawned without a full machine reboot, then set this key to be true. ''; @@ -687,7 +687,7 @@ with lib; MachServices = mkOption { default = null; example = { "org.nixos.service" = { ResetAtClose = true; }; }; - description = lib.mdDoc '' + description = '' This optional key is used to specify Mach services to be registered with the Mach bootstrap sub-system. Each key in this dictionary should be the name of service to be advertised. The value of the key must be a boolean and set to true. Alternatively, a dictionary can be used instead of a simple true value. @@ -700,7 +700,7 @@ with lib; ResetAtClose = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' If this boolean is false, the port is recycled, thus leaving clients to remain oblivious to the demand nature of job. If the value is set to true, clients receive port death notifications when the job lets go of the receive right. The port will be recreated atomically with respect to bootstrap_look_up() @@ -713,7 +713,7 @@ with lib; HideUntilCheckIn = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Reserve the name in the namespace, but cause bootstrap_look_up() to fail until the job has checked in with launchd. ''; @@ -725,7 +725,7 @@ with lib; LaunchEvents = mkOption { type = types.nullOr (types.attrs); default = null; - description = lib.mdDoc '' + description = '' Specifies higher-level event types to be used as launch-on-demand event sources. Each sub-dictionary defines events for a particular event subsystem, such as "com.apple.iokit.matching", which can be used to @@ -750,7 +750,7 @@ with lib; ServiceIPC = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies whether the job participates in advanced communication with launchd. The default is false. This flag is incompatible with the inetdCompatibility key. @@ -760,7 +760,7 @@ with lib; SessionCreate = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This key specifies that the job should be spawned into a new security audit session rather than the default session for the context is belongs to. See auditon(2) for details. @@ -769,7 +769,7 @@ with lib; Sockets = mkOption { default = null; - description = lib.mdDoc '' + description = '' This optional key is used to specify launch on demand sockets that can be used to let launchd know when to run the job. The job must check-in to get a copy of the file descriptors using APIs outlined in launch(3). The keys of the top level Sockets dictionary can be anything. They are meant for the application @@ -786,7 +786,7 @@ with lib; SockType = mkOption { type = types.nullOr (types.enum [ "stream" "dgram" "seqpacket" ]); default = null; - description = lib.mdDoc '' + description = '' This optional key tells launchctl what type of socket to create. The default is "stream" and other valid values for this key are "dgram" and "seqpacket" respectively. ''; @@ -795,7 +795,7 @@ with lib; SockPassive = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies whether `listen(2)` or `connect(2)` should be called on the created file descriptor. The default is true ("to listen"). ''; @@ -804,7 +804,7 @@ with lib; SockNodeName = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies the node to `connect(2)` or `bind(2)` to. ''; }; @@ -812,7 +812,7 @@ with lib; SockServiceName = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies the service on the node to `connect(2)` or `bind(2)` to. ''; }; @@ -820,7 +820,7 @@ with lib; SockFamily = mkOption { type = types.nullOr (types.enum [ "IPv4" "IPv6" ]); default = null; - description = lib.mdDoc '' + description = '' This optional key can be used to specifically request that "IPv4" or "IPv6" socket(s) be created. ''; }; @@ -828,7 +828,7 @@ with lib; SockProtocol = mkOption { type = types.nullOr (types.enum [ "TCP" ]); default = null; - description = lib.mdDoc '' + description = '' This optional key specifies the protocol to be passed to `socket(2)`. The only value understood by this key at the moment is "TCP". ''; @@ -837,7 +837,7 @@ with lib; SockPathName = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' This optional key implies SockFamily is set to "Unix". It specifies the path to `connect(2)` or `bind(2)` to. ''; @@ -846,7 +846,7 @@ with lib; SecureSocketWithKey = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' This optional key is a variant of SockPathName. Instead of binding to a known path, a securely generated socket is created and the path is assigned to the environment variable that is inherited by all jobs spawned by launchd. @@ -856,7 +856,7 @@ with lib; SockPathMode = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' This optional key specifies the mode of the socket. Known bug: Property lists don't support octal, so please convert the value to decimal. ''; @@ -865,7 +865,7 @@ with lib; Bonjour = mkOption { type = types.nullOr (types.either types.bool (types.listOf types.str)); default = null; - description = lib.mdDoc '' + description = '' This optional key can be used to request that the service be registered with the `mDNSResponder(8)`. If the value is boolean, the service name is inferred from the SockServiceName. ''; @@ -874,7 +874,7 @@ with lib; MulticastGroup = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' This optional key can be used to request that the datagram socket join a multicast group. If the value is a hostname, then `getaddrinfo(3)` will be used to join the correct multicast address for a given socket family. If an explicit IPv4 or IPv6 address is given, it is required that the SockFamily diff --git a/modules/lib/write-text.nix b/modules/lib/write-text.nix index b8f2ad5..2fe02af 100644 --- a/modules/lib/write-text.nix +++ b/modules/lib/write-text.nix @@ -16,7 +16,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether this file should be generated. This option allows specific files to be disabled. ''; @@ -25,7 +25,7 @@ in text = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Text of the file. ''; }; @@ -33,14 +33,14 @@ in target = mkOption { type = types.str; default = name; - description = lib.mdDoc '' + description = '' Name of symlink. Defaults to the attribute name. ''; }; source = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path of the source file. ''; }; @@ -48,7 +48,7 @@ in copy = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this file should be copied instead of symlinking. ''; }; diff --git a/modules/meta.nix b/modules/meta.nix index f076161..f259469 100644 --- a/modules/meta.nix +++ b/modules/meta.nix @@ -35,7 +35,7 @@ in internal = true; default = []; example = [ lib.maintainers.lnl7 ]; - description = lib.mdDoc '' + description = '' List of maintainers of each module. This option should be defined at most once per module. diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix index 0bccdbc..07f1240 100644 --- a/modules/misc/ids.nix +++ b/modules/misc/ids.nix @@ -18,7 +18,7 @@ in ids.uids = lib.mkOption { internal = true; - description = lib.mdDoc '' + description = '' The user IDs used in NixOS. ''; type = types.attrsOf types.int; @@ -26,7 +26,7 @@ in ids.gids = lib.mkOption { internal = true; - description = lib.mdDoc '' + description = '' The group IDs used in NixOS. ''; type = types.attrsOf types.int; diff --git a/modules/misc/lib.nix b/modules/misc/lib.nix index 3599661..e50794c 100644 --- a/modules/misc/lib.nix +++ b/modules/misc/lib.nix @@ -7,7 +7,7 @@ type = lib.types.attrsOf lib.types.attrs; - description = lib.mdDoc '' + description = '' This option allows modules to define helper functions, constants, etc. ''; }; diff --git a/modules/networking/default.nix b/modules/networking/default.nix index c70b07d..1065c26 100644 --- a/modules/networking/default.nix +++ b/modules/networking/default.nix @@ -29,7 +29,7 @@ in type = types.nullOr types.str; default = null; example = "John’s MacBook Pro"; - description = lib.mdDoc '' + description = '' The user-friendly name for the system, set in System Preferences > Sharing > Computer Name. Setting this option is equivalent to running `scutil --set ComputerName`. @@ -42,7 +42,7 @@ in type = types.nullOr (types.strMatching hostnameRegEx); default = null; example = "Johns-MacBook-Pro"; - description = lib.mdDoc '' + description = '' The hostname of your system, as visible from the command line and used by local and remote networks when connecting through SSH and Remote Login. @@ -56,7 +56,7 @@ in type = types.nullOr (types.strMatching hostnameRegEx); default = cfg.hostName; example = "Johns-MacBook-Pro"; - description = lib.mdDoc '' + description = '' The local hostname, or local network name, is displayed beneath the computer's name at the top of the Sharing preferences pane. It identifies your Mac to Bonjour-compatible services. @@ -74,7 +74,7 @@ in type = types.listOf types.str; default = []; example = [ "Wi-Fi" "Ethernet Adaptor" "Thunderbolt Ethernet" ]; - description = lib.mdDoc '' + description = '' List of networkservices that should be configured. To display a list of all the network services on the server's @@ -86,13 +86,13 @@ in type = types.listOf types.str; default = []; example = [ "8.8.8.8" "8.8.4.4" "2001:4860:4860::8888" "2001:4860:4860::8844" ]; - description = lib.mdDoc "The list of dns servers used when resolving domain names."; + description = "The list of dns servers used when resolving domain names."; }; networking.search = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "The list of search paths used when resolving domain names."; + description = "The list of search paths used when resolving domain names."; }; }; diff --git a/modules/nix/default.nix b/modules/nix/default.nix index ef5ce6c..2213a38 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -169,7 +169,7 @@ in type = types.package; default = pkgs.nix; defaultText = literalExpression "pkgs.nix"; - description = lib.mdDoc '' + description = '' This option specifies the Nix package instance to use throughout the system. ''; }; @@ -178,7 +178,7 @@ in useDaemon = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set, Nix will use the daemon to perform operations. Use this instead of services.nix-daemon.enable if you don't want the daemon service to be managed for you. @@ -188,7 +188,7 @@ in distributedBuilds = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to distribute builds to the machines listed in {option}`nix.buildMachines`. @@ -201,7 +201,7 @@ in daemonProcessType = mkOption { type = types.enum [ "Background" "Standard" "Adaptive" "Interactive" ]; default = "Standard"; - description = lib.mdDoc '' + description = '' Nix daemon process resource limits class. These limits propagate to build processes. `Standard` is the default process type and will apply light resource limits, throttling its CPU usage and I/O @@ -216,7 +216,7 @@ in daemonIOLowPriority = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether the Nix daemon process should considered to be low priority when doing file system I/O. ''; @@ -228,7 +228,7 @@ in hostName = mkOption { type = types.str; example = "nixbuilder.example.org"; - description = lib.mdDoc '' + description = '' The hostname of the build machine. ''; }; @@ -236,7 +236,7 @@ in type = types.enum [ null "ssh" "ssh-ng" ]; default = "ssh"; example = "ssh-ng"; - description = lib.mdDoc '' + description = '' The protocol used for communicating with the build machine. Use `ssh-ng` if your remote builder and your local Nix version support that improved protocol. @@ -249,7 +249,7 @@ in type = types.nullOr types.str; default = null; example = "x86_64-linux"; - description = lib.mdDoc '' + description = '' The system type the build machine can execute derivations on. Either this attribute or {var}`systems` must be present, where {var}`system` takes precedence if @@ -260,7 +260,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "x86_64-linux" "aarch64-linux" ]; - description = lib.mdDoc '' + description = '' The system types the build machine can execute derivations on. Either this attribute or {var}`system` must be present, where {var}`system` takes precedence if @@ -271,7 +271,7 @@ in type = types.nullOr types.str; default = null; example = "builder"; - description = lib.mdDoc '' + description = '' The username to log in as on the remote host. This user must be able to log in and run nix commands non-interactively. It must also be privileged to build derivations, so must be included in @@ -282,7 +282,7 @@ in type = types.nullOr types.str; default = null; example = "/root/.ssh/id_buildhost_builduser"; - description = lib.mdDoc '' + description = '' The path to the SSH private key with which to authenticate on the build machine. The private key must not have a passphrase. If null, the building user (root on NixOS machines) must have an @@ -295,7 +295,7 @@ in maxJobs = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' The number of concurrent jobs the build machine supports. The build machine will enforce its own limits, but this allows hydra to schedule better since there is no work-stealing between build @@ -305,7 +305,7 @@ in speedFactor = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' The relative speed of this builder. This is an arbitrary integer that indicates the speed of this builder, relative to other builders. Higher is faster. @@ -315,7 +315,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "big-parallel" ]; - description = lib.mdDoc '' + description = '' A list of features mandatory for this builder. The builder will be ignored for derivations that don't require all features in this list. All mandatory features are automatically included in @@ -326,7 +326,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "kvm" "big-parallel" ]; - description = lib.mdDoc '' + description = '' A list of features supported by this builder. The builder will be ignored for derivations that require features not in this list. @@ -335,7 +335,7 @@ in publicHostKey = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The (base64-encoded) public host key of this builder. The field is calculated via {command}`base64 -w0 /etc/ssh/ssh_host_type_key.pub`. If null, SSH will use its regular known-hosts file when connecting. @@ -344,7 +344,7 @@ in }; }); default = [ ]; - description = lib.mdDoc '' + description = '' This option lists the machines to be used if distributed builds are enabled (see {option}`nix.distributedBuilds`). Nix will perform derivations on those machines via SSH by copying the @@ -358,21 +358,21 @@ in type = types.attrs; internal = true; default = { }; - description = lib.mdDoc "Environment variables used by Nix."; + description = "Environment variables used by Nix."; }; # Not in NixOS module configureBuildUsers = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable configuration for nixbld group and users. ''; }; nrBuildUsers = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' Number of `nixbld` user accounts created to perform secure concurrent builds. If you receive an error message saying that “all build users are currently in use”, @@ -388,7 +388,7 @@ in { darwin-config = "${config.environment.darwinConfig}"; } "/nix/var/nix/profiles/per-user/root/channels" ]; - description = lib.mdDoc '' + description = '' The default Nix expression search path, used by the Nix evaluator to look up paths enclosed in angle brackets (e.g. ``). @@ -402,7 +402,7 @@ in checkConfig = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If enabled (the default), checks for data type mismatches and that Nix can parse the generated nix.conf. ''; @@ -424,25 +424,25 @@ in from = mkOption { type = referenceAttrs; example = { type = "indirect"; id = "nixpkgs"; }; - description = lib.mdDoc "The flake reference to be rewritten."; + description = "The flake reference to be rewritten."; }; to = mkOption { type = referenceAttrs; example = { type = "github"; owner = "my-org"; repo = "my-nixpkgs"; }; - description = lib.mdDoc "The flake reference {option}`from` is rewritten to."; + description = "The flake reference {option}`from` is rewritten to."; }; flake = mkOption { type = types.nullOr types.attrs; default = null; example = literalExpression "nixpkgs"; - description = lib.mdDoc '' + description = '' The flake input {option}`from` is rewritten to. ''; }; exact = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the {option}`from` reference needs to match exactly. If set, a {option}`from` reference like `nixpkgs` does not match with a reference like `nixpkgs/nixos-20.03`. @@ -463,7 +463,7 @@ in } )); default = { }; - description = lib.mdDoc '' + description = '' A system-wide flake registry. ''; }; @@ -475,7 +475,7 @@ in keep-outputs = true keep-derivations = true ''; - description = lib.mdDoc "Additional text appended to {file}`nix.conf`."; + description = "Additional text appended to {file}`nix.conf`."; }; settings = mkOption { @@ -487,7 +487,7 @@ in type = types.either types.int (types.enum [ "auto" ]); default = "auto"; example = 64; - description = lib.mdDoc '' + description = '' This option defines the maximum number of jobs that Nix will try to build in parallel. The default is auto, which means it will use all available logical cores. It is recommend to set it to the total @@ -500,7 +500,7 @@ in type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' If set to true, Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy. This saves disk space. If set to false (the default), you can still run @@ -512,7 +512,7 @@ in type = types.int; default = 0; example = 64; - description = lib.mdDoc '' + description = '' This option defines the maximum number of concurrent tasks during one build. It affects, e.g., -j option for make. The special value 0 means that the builder should use all @@ -525,7 +525,7 @@ in sandbox = mkOption { type = types.either types.bool (types.enum [ "relaxed" ]); default = false; - description = lib.mdDoc '' + description = '' If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix @@ -539,7 +539,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "/dev" "/proc" ]; - description = lib.mdDoc '' + description = '' Directories from the host filesystem to be included in the sandbox. ''; @@ -547,7 +547,7 @@ in substituters = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of binary cache URLs used to obtain pre-built binaries of Nix packages. @@ -559,7 +559,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "https://hydra.nixos.org/" ]; - description = lib.mdDoc '' + description = '' List of binary cache URLs that non-root users can use (in addition to those specified using {option}`nix.settings.substituters`) by passing @@ -570,7 +570,7 @@ in require-sigs = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If enabled (the default), Nix will only download binaries from binary caches if they are cryptographically signed with any of the keys listed in {option}`nix.settings.trusted-public-keys`. If disabled, signatures are neither @@ -582,7 +582,7 @@ in trusted-public-keys = mkOption { type = types.listOf types.str; example = [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; - description = lib.mdDoc '' + description = '' List of public keys used to sign binary caches. If {option}`nix.settings.trusted-public-keys` is enabled, then Nix will use a binary from a binary cache if and only @@ -596,7 +596,7 @@ in type = types.listOf types.str; default = [ "root" ]; example = [ "root" "alice" "@admin" ]; - description = lib.mdDoc '' + description = '' A list of names of users that have additional rights when connecting to the Nix daemon, such as the ability to specify additional binary caches, or to import unsigned NARs. You @@ -626,7 +626,7 @@ in type = types.listOf types.str; default = [ "*" ]; example = [ "@admin" "@builders" "alice" "bob" ]; - description = lib.mdDoc '' + description = '' A list of names of users (separated by whitespace) that are allowed to connect to the Nix daemon. As with {option}`nix.settings.trusted-users`, you can specify groups by @@ -639,7 +639,7 @@ in }; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration for Nix, see for avalaible options. diff --git a/modules/nix/linux-builder.nix b/modules/nix/linux-builder.nix index ecaf686..176d69e 100644 --- a/modules/nix/linux-builder.nix +++ b/modules/nix/linux-builder.nix @@ -33,13 +33,13 @@ in ]; options.nix.linux-builder = { - enable = mkEnableOption (lib.mdDoc "Linux builder"); + enable = mkEnableOption "Linux builder"; package = mkOption { type = types.package; default = pkgs.darwin.linux-builder; defaultText = "pkgs.darwin.linux-builder"; - description = lib.mdDoc '' + description = '' This option specifies the Linux builder to use. ''; }; @@ -54,7 +54,7 @@ in environment.systemPackages = [ pkgs.neovim ]; }) ''; - description = lib.mdDoc '' + description = '' This option specifies extra NixOS configuration for the builder. You should first use the Linux builder without changing the builder configuration otherwise you may not be able to build the Linux builder. ''; @@ -65,7 +65,7 @@ in default = []; defaultText = literalExpression ''[]''; example = literalExpression ''[ "big-parallel" ]''; - description = lib.mdDoc '' + description = '' A list of features mandatory for the Linux builder. The builder will be ignored for derivations that don't require all features in this list. All mandatory features are automatically included in @@ -79,7 +79,7 @@ in type = types.ints.positive; default = 1; example = 4; - description = lib.mdDoc '' + description = '' The number of concurrent jobs the Linux builder machine supports. The build machine will enforce its own limits, but this allows hydra to schedule better since there is no work-stealing between build @@ -94,7 +94,7 @@ in default = "ssh-ng"; defaultText = literalExpression ''"ssh-ng"''; example = literalExpression ''"ssh"''; - description = lib.mdDoc '' + description = '' The protocol used for communicating with the build machine. Use `ssh-ng` if your remote builder and your local Nix version support that improved protocol. @@ -108,7 +108,7 @@ in type = types.ints.positive; default = 1; defaultText = literalExpression ''1''; - description = lib.mdDoc '' + description = '' The relative speed of the Linux builder. This is an arbitrary integer that indicates the speed of this builder, relative to other builders. Higher is faster. @@ -122,7 +122,7 @@ in default = [ "kvm" "benchmark" "big-parallel" ]; defaultText = literalExpression ''[ "kvm" "benchmark" "big-parallel" ]''; example = literalExpression ''[ "kvm" "big-parallel" ]''; - description = lib.mdDoc '' + description = '' A list of features supported by the Linux builder. The builder will be ignored for derivations that require features not in this list. @@ -141,7 +141,7 @@ in "aarch64-linux" ] ''; - description = lib.mdDoc '' + description = '' This option specifies system types the build machine can execute derivations on. This sets the corresponding `nix.buildMachines.*.systems` option. @@ -152,18 +152,18 @@ in workingDirectory = mkOption { type = types.str; default = "/var/lib/darwin-builder"; - description = lib.mdDoc '' + description = '' The working directory of the Linux builder daemon process. ''; }; - ephemeral = mkEnableOption (lib.mdDoc '' + ephemeral = mkEnableOption '' wipe the builder's filesystem on every restart. This is disabled by default as maintaining the builder's Nix Store reduces rebuilds. You can enable this if you don't want your builder to accumulate state. - ''); + ''; }; config = mkIf cfg.enable { diff --git a/modules/nix/nixpkgs.nix b/modules/nix/nixpkgs.nix index 52aec9a..8b3e428 100644 --- a/modules/nix/nixpkgs.nix +++ b/modules/nix/nixpkgs.nix @@ -143,7 +143,7 @@ in pkgs = mkOption { type = pkgsType; example = literalExpression "import {}"; - description = lib.mdDoc '' + description = '' If set, the pkgs argument to all nix-darwin modules is the value of this option, extended with `nixpkgs.overlays`, if that is also set. The nix-darwin and Nixpkgs architectures must @@ -171,7 +171,7 @@ in { allowBroken = true; allowUnfree = true; } ''; type = configType; - description = lib.mdDoc '' + description = '' The configuration of the Nix Packages collection. (For details, see the Nixpkgs documentation.) It allows you to set package configuration options. @@ -194,7 +194,7 @@ in ] ''; type = types.listOf overlayType; - description = lib.mdDoc '' + description = '' List of overlays to use with the Nix Packages collection. (For details, see the Nixpkgs documentation.) It allows you to override packages globally. Each function in the list @@ -214,7 +214,7 @@ in # Make sure that the final value has all fields for sake of other modules # referring to this. TODO make `lib.systems` itself use the module system. apply = lib.systems.elaborate; - description = lib.mdDoc '' + description = '' Specifies the platform where the nix-darwin configuration will run. To cross-compile, set also `nixpkgs.buildPlatform`. @@ -232,7 +232,7 @@ in apply = lib.systems.elaborate; defaultText = literalExpression ''config.nixpkgs.hostPlatform''; - description = lib.mdDoc '' + description = '' Specifies the platform on which nix-darwin should be built. By default, nix-darwin is built on the system where it runs, but you can change where it's built. Setting this option will cause nix-darwin to be @@ -266,7 +266,7 @@ in defaultText = lib.literalMD '' Traditionally `builtins.currentSystem`, but unset when invoking nix-darwin through `lib.darwinSystem`. ''; - description = lib.mdDoc '' + description = '' Specifies the Nix platform type on which nix-darwin should be built. It is better to specify `nixpkgs.hostPlatform` instead. @@ -281,7 +281,7 @@ in defaultText = literalMD '' `` or nix-darwin's `nixpkgs` flake input ''; - description = lib.mdDoc '' + description = '' The path to import Nixpkgs from. If you're setting a custom [](#opt-nixpkgs.pkgs) or `_module.args.pkgs`, setting this to something with `rev` and `shortRev` attributes (such as a diff --git a/modules/programs/bash/default.nix b/modules/programs/bash/default.nix index 61f82e0..2e27ff9 100644 --- a/modules/programs/bash/default.nix +++ b/modules/programs/bash/default.nix @@ -12,19 +12,19 @@ in programs.bash.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to configure bash as an interactive shell."; + description = "Whether to configure bash as an interactive shell."; }; programs.bash.interactiveShellInit = mkOption { default = ""; - description = lib.mdDoc "Shell script code called during interactive bash shell initialisation."; + description = "Shell script code called during interactive bash shell initialisation."; type = types.lines; }; programs.bash.enableCompletion = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable bash completion for all interactive bash shells. NOTE. This doesn't work with bash 3.2, which is the default on macOS. diff --git a/modules/programs/direnv.nix b/modules/programs/direnv.nix index 648b3f9..243068d 100644 --- a/modules/programs/direnv.nix +++ b/modules/programs/direnv.nix @@ -11,11 +11,11 @@ in { ]; options.programs.direnv = { - enable = lib.mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' direnv integration. Takes care of both installation and setting up the sourcing of the shell. Additionally enables nix-direnv integration. - ''); + ''; package = lib.mkPackageOptionMD pkgs "direnv" {}; @@ -26,17 +26,17 @@ in { export FOO="foo" echo "loaded direnv!" ''; - description = lib.mdDoc '' + description = '' Extra lines to append to the sourced direnvrc ''; }; - silent = lib.mkEnableOption (lib.mdDoc '' + silent = lib.mkEnableOption '' the hiding of direnv logging - ''); + ''; loadInNixShell = - lib.mkEnableOption (lib.mdDoc '' + (lib.mkEnableOption '' loading direnv in `nix-shell` `nix shell` or `nix develop` '') // { @@ -45,9 +45,9 @@ in { nix-direnv = { enable = - (lib.mkEnableOption (lib.mdDoc '' + (lib.mkEnableOption '' a faster, persistent implementation of use_nix and use_flake, to replace the built-in one - '')) + '') // { default = true; }; diff --git a/modules/programs/fish.nix b/modules/programs/fish.nix index 287cc71..77276e6 100644 --- a/modules/programs/fish.nix +++ b/modules/programs/fish.nix @@ -51,7 +51,7 @@ in enable = mkOption { default = false; - description = lib.mdDoc '' + description = '' Whether to configure fish as an interactive shell. ''; type = types.bool; @@ -60,7 +60,7 @@ in useBabelfish = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, the configured environment will be translated to native fish using [babelfish](https://github.com/bouk/babelfish). Otherwise, [foreign-env](https://github.com/oh-my-fish/plugin-foreign-env) will be used. ''; @@ -69,7 +69,7 @@ in babelfishPackage = mkOption { type = types.package; default = pkgs.babelfish; - description = lib.mdDoc '' + description = '' The babelfish package to use when useBabelfish is set to true. ''; @@ -78,7 +78,7 @@ in vendor.config.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether fish should source configuration snippets provided by other packages. ''; }; @@ -86,7 +86,7 @@ in vendor.completions.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether fish should use completion files provided by other packages. ''; }; @@ -94,14 +94,14 @@ in vendor.functions.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether fish should autoload fish functions provided by other packages. ''; }; shellAliases = mkOption { default = config.environment.shellAliases; - description = lib.mdDoc '' + description = '' Set of aliases for fish shell. See {option}`environment.shellAliases` for an option format description. ''; @@ -110,7 +110,7 @@ in shellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during fish shell initialisation. ''; type = types.lines; @@ -118,7 +118,7 @@ in loginShellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during fish login shell initialisation. ''; type = types.lines; @@ -126,7 +126,7 @@ in interactiveShellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during interactive fish shell initialisation. ''; type = types.lines; @@ -134,7 +134,7 @@ in promptInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code used to initialise fish prompt. ''; type = types.lines; diff --git a/modules/programs/gnupg.nix b/modules/programs/gnupg.nix index bd2f96c..4c451ec 100644 --- a/modules/programs/gnupg.nix +++ b/modules/programs/gnupg.nix @@ -13,7 +13,7 @@ in agent.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables GnuPG agent for every user session. ''; }; @@ -21,7 +21,7 @@ in agent.enableSSHSupport = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SSH agent support in GnuPG agent. Also sets SSH_AUTH_SOCK environment variable correctly. ''; diff --git a/modules/programs/info/default.nix b/modules/programs/info/default.nix index 93aaf7c..cf857d9 100644 --- a/modules/programs/info/default.nix +++ b/modules/programs/info/default.nix @@ -11,7 +11,7 @@ in programs.info.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable info pages and the {command}`info` command."; + description = "Whether to enable info pages and the {command}`info` command."; }; }; diff --git a/modules/programs/man.nix b/modules/programs/man.nix index fd0e018..f15485b 100644 --- a/modules/programs/man.nix +++ b/modules/programs/man.nix @@ -8,7 +8,7 @@ with lib; programs.man.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable manual pages and the {command}`man` command. This also includes "man" outputs of all `systemPackages`. ''; diff --git a/modules/programs/nix-index/default.nix b/modules/programs/nix-index/default.nix index 0685346..b6f86f5 100644 --- a/modules/programs/nix-index/default.nix +++ b/modules/programs/nix-index/default.nix @@ -11,14 +11,14 @@ in programs.nix-index.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable nix-index and its command-not-found helper."; + description = "Whether to enable nix-index and its command-not-found helper."; }; programs.nix-index.package = mkOption { type = types.package; default = pkgs.nix-index; defaultText = "pkgs.nix-index"; - description = lib.mdDoc "This option specifies the nix-index package to use."; + description = "This option specifies the nix-index package to use."; }; }; diff --git a/modules/programs/ssh/default.nix b/modules/programs/ssh/default.nix index 5fc7415..d1a6770 100644 --- a/modules/programs/ssh/default.nix +++ b/modules/programs/ssh/default.nix @@ -14,7 +14,7 @@ let hostNames = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' A list of host names and/or IP numbers used for accessing the host's ssh service. ''; @@ -23,7 +23,7 @@ let default = null; type = types.nullOr types.str; example = "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg=="; - description = lib.mdDoc '' + description = '' The public key data for the host. You can fetch a public key from a running SSH server with the {command}`ssh-keyscan` command. The public key should not include any host names, only @@ -33,7 +33,7 @@ let publicKeyFile = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' The path to the public key file for the host. The public key file is read at build time and saved in the Nix store. You can fetch a public key file from a running SSH server @@ -54,7 +54,7 @@ let keys = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' A list of verbatim OpenSSH public keys that should be added to the user's authorized keys. The keys are added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. @@ -68,7 +68,7 @@ let keyFiles = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' A list of files each containing one OpenSSH public key that should be added to the user's authorized keys. The contents of the files are read at build time and added to a file that the SSH daemon reads in @@ -106,7 +106,7 @@ in services.openssh.authorizedKeysFiles = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Specify the rules for which files to read on the host. This is an advanced option. If you're looking to configure user @@ -122,7 +122,7 @@ in programs.ssh.knownHosts = mkOption { default = {}; type = types.attrsOf (types.submodule host); - description = lib.mdDoc '' + description = '' The set of system-wide known SSH hosts. ''; example = literalExpression '' diff --git a/modules/programs/tmux.nix b/modules/programs/tmux.nix index 7278479..ae6fcbf 100644 --- a/modules/programs/tmux.nix +++ b/modules/programs/tmux.nix @@ -46,47 +46,47 @@ in programs.tmux.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to configure tmux."; + description = "Whether to configure tmux."; }; programs.tmux.enableSensible = mkOption { type = types.bool; default = false; example = true; - description = lib.mdDoc "Enable sensible configuration options for tmux."; + description = "Enable sensible configuration options for tmux."; }; programs.tmux.enableMouse = mkOption { type = types.bool; default = false; example = true; - description = lib.mdDoc "Enable mouse support for tmux."; + description = "Enable mouse support for tmux."; }; programs.tmux.enableFzf = mkOption { type = types.bool; default = false; example = true; - description = lib.mdDoc "Enable fzf keybindings for selecting tmux sessions and panes."; + description = "Enable fzf keybindings for selecting tmux sessions and panes."; }; programs.tmux.enableVim = mkOption { type = types.bool; default = false; example = true; - description = lib.mdDoc "Enable vim style keybindings for copy mode, and navigation of tmux panes."; + description = "Enable vim style keybindings for copy mode, and navigation of tmux panes."; }; programs.tmux.iTerm2 = mkOption { type = types.bool; default = false; example = true; - description = lib.mdDoc "Cater to iTerm2 and its tmux integration, as appropriate."; + description = "Cater to iTerm2 and its tmux integration, as appropriate."; }; programs.tmux.defaultCommand = mkOption { type = types.either types.str types.package; - description = lib.mdDoc "The default command to use for tmux panes."; + description = "The default command to use for tmux panes."; }; programs.tmux.tmuxOptions = mkOption { @@ -98,7 +98,7 @@ in programs.tmux.extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra configuration to add to {file}`tmux.conf`."; + description = "Extra configuration to add to {file}`tmux.conf`."; }; }; diff --git a/modules/programs/vim.nix b/modules/programs/vim.nix index d51d0ac..345532e 100644 --- a/modules/programs/vim.nix +++ b/modules/programs/vim.nix @@ -18,14 +18,14 @@ in programs.vim.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to configure vim."; + description = "Whether to configure vim."; }; programs.vim.enableSensible = mkOption { type = types.bool; default = false; example = true; - description = lib.mdDoc "Enable sensible configuration options for vim."; + description = "Enable sensible configuration options for vim."; }; programs.vim.extraKnownPlugins = mkOption { @@ -46,14 +46,14 @@ in }; } ''; - description = lib.mdDoc "Custom plugin declarations to add to VAM's knownPlugins."; + description = "Custom plugin declarations to add to VAM's knownPlugins."; }; programs.vim.plugins = mkOption { type = types.listOf types.attrs; default = []; example = [ { names = [ "surround" "vim-nix" ]; } ]; - description = lib.mdDoc "VAM plugin dictionaries to use for vim_configurable."; + description = "VAM plugin dictionaries to use for vim_configurable."; }; programs.vim.package = mkOption { @@ -70,7 +70,7 @@ in programs.vim.vimConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra vimrcConfig to use for vim_configurable."; + description = "Extra vimrcConfig to use for vim_configurable."; }; }; diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index cce645c..fb928d6 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -19,13 +19,13 @@ in programs.zsh.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to configure zsh as an interactive shell."; + description = "Whether to configure zsh as an interactive shell."; }; programs.zsh.variables = mkOption { type = types.attrsOf (types.either types.str (types.listOf types.str)); default = {}; - description = lib.mdDoc '' + description = '' A set of environment variables used in the global environment. These variables will be set on shell initialisation. The value of each variable can be either a string or a list of @@ -38,44 +38,44 @@ in programs.zsh.shellInit = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Shell script code called during zsh shell initialisation."; + description = "Shell script code called during zsh shell initialisation."; }; programs.zsh.loginShellInit = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Shell script code called during zsh login shell initialisation."; + description = "Shell script code called during zsh login shell initialisation."; }; programs.zsh.interactiveShellInit = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Shell script code called during interactive zsh shell initialisation."; + description = "Shell script code called during interactive zsh shell initialisation."; }; programs.zsh.promptInit = mkOption { type = types.lines; default = "autoload -U promptinit && promptinit && prompt walters && setopt prompt_sp"; - description = lib.mdDoc "Shell script code used to initialise the zsh prompt."; + description = "Shell script code used to initialise the zsh prompt."; }; programs.zsh.enableCompletion = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable zsh completion for all interactive zsh shells."; + description = "Enable zsh completion for all interactive zsh shells."; }; programs.zsh.enableBashCompletion = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable bash completion for all interactive zsh shells."; + description = "Enable bash completion for all interactive zsh shells."; }; programs.zsh.enableGlobalCompInit = mkOption { type = types.bool; default = cfg.enableCompletion; defaultText = literalExpression "config.${opt.enableCompletion}"; - description = lib.mdDoc '' + description = '' Enable execution of compinit call for all interactive zsh shells. This option can be disabled if the user wants to extend its @@ -87,25 +87,25 @@ in programs.zsh.enableFzfCompletion = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable fzf completion."; + description = "Enable fzf completion."; }; programs.zsh.enableFzfGit = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable fzf keybindings for C-g git browsing."; + description = "Enable fzf keybindings for C-g git browsing."; }; programs.zsh.enableFzfHistory = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable fzf keybinding for Ctrl-r history search."; + description = "Enable fzf keybinding for Ctrl-r history search."; }; programs.zsh.enableSyntaxHighlighting = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable zsh-syntax-highlighting."; + description = "Enable zsh-syntax-highlighting."; }; }; diff --git a/modules/security/pam.nix b/modules/security/pam.nix index f0c77dc..69b4c37 100644 --- a/modules/security/pam.nix +++ b/modules/security/pam.nix @@ -40,7 +40,7 @@ in { options = { security.pam.enableSudoTouchIdAuth = mkEnableOption "" // { - description = lib.mdDoc '' + description = '' Enable sudo authentication with Touch ID. When enabled, this option adds the following line to diff --git a/modules/security/pki/default.nix b/modules/security/pki/default.nix index d0f11d4..00d1f98 100644 --- a/modules/security/pki/default.nix +++ b/modules/security/pki/default.nix @@ -24,7 +24,7 @@ in security.pki.installCACerts = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable certificate management with nix-darwin. ''; }; @@ -33,7 +33,7 @@ in type = types.listOf types.path; default = []; example = literalExpression "[ \"\${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\" ]"; - description = lib.mdDoc '' + description = '' A list of files containing trusted root certificates in PEM format. These are concatenated to form {file}`/etc/ssl/certs/ca-certificates.crt`, which is @@ -57,7 +57,7 @@ in ''' ] ''; - description = lib.mdDoc '' + description = '' A list of trusted root certificates in PEM format. ''; }; @@ -70,7 +70,7 @@ in "CA WoSign ECC Root" "Certification Authority of WoSign G2" ]; - description = lib.mdDoc '' + description = '' A list of blacklisted CA certificate names that won't be imported from the Mozilla Trust Store into {file}`/etc/ssl/certs/ca-certificates.crt`. Use the diff --git a/modules/security/sandbox/default.nix b/modules/security/sandbox/default.nix index a80c9f6..d6987e6 100644 --- a/modules/security/sandbox/default.nix +++ b/modules/security/sandbox/default.nix @@ -27,37 +27,37 @@ let type = types.listOf types.package; default = [ ]; apply = paths: pkgs.closureInfo { rootPaths = paths; }; - description = lib.mdDoc "List of store paths to make accessible."; + description = "List of store paths to make accessible."; }; readablePaths = mkOption { type = types.listOf types.path; default = [ ]; - description = lib.mdDoc "List of paths that should be read-only inside the sandbox."; + description = "List of paths that should be read-only inside the sandbox."; }; writablePaths = mkOption { type = types.listOf types.path; default = [ ]; - description = lib.mdDoc "List of paths that should be read/write inside the sandbox."; + description = "List of paths that should be read/write inside the sandbox."; }; allowSystemPaths = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to allow read access to FHS paths like /etc and /var."; + description = "Whether to allow read access to FHS paths like /etc and /var."; }; allowLocalNetworking = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to allow localhost network access inside the sandbox."; + description = "Whether to allow localhost network access inside the sandbox."; }; allowNetworking = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to allow network access inside the sandbox."; + description = "Whether to allow network access inside the sandbox."; }; }; @@ -133,7 +133,7 @@ in security.sandbox.profiles = mkOption { type = types.attrsOf (types.submodule profile); default = { }; - description = lib.mdDoc "Definition of sandbox profiles."; + description = "Definition of sandbox profiles."; }; }; diff --git a/modules/security/sudo.nix b/modules/security/sudo.nix index c0d9597..5ceaea9 100644 --- a/modules/security/sudo.nix +++ b/modules/security/sudo.nix @@ -14,7 +14,7 @@ in security.sudo.extraConfig = mkOption { type = types.nullOr types.lines; default = null; - description = mdDoc '' + description = '' Extra configuration text appended to {file}`sudoers`. ''; }; diff --git a/modules/services/activate-system/default.nix b/modules/services/activate-system/default.nix index 19034a1..c41d963 100644 --- a/modules/services/activate-system/default.nix +++ b/modules/services/activate-system/default.nix @@ -11,7 +11,7 @@ in services.activate-system.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to activate system at boot time."; + description = "Whether to activate system at boot time."; }; }; diff --git a/modules/services/autossh.nix b/modules/services/autossh.nix index 9905d69..2df74ec 100644 --- a/modules/services/autossh.nix +++ b/modules/services/autossh.nix @@ -22,18 +22,18 @@ in name = mkOption { type = types.str; example = "socks-peer"; - description = lib.mdDoc "Name of the local AutoSSH session"; + description = "Name of the local AutoSSH session"; }; user = mkOption { type = types.str; example = "bill"; - description = lib.mdDoc "Name of the user the AutoSSH session should run as"; + description = "Name of the user the AutoSSH session should run as"; }; monitoringPort = mkOption { type = types.int; default = 0; example = 20000; - description = lib.mdDoc '' + description = '' Port to be used by AutoSSH for peer monitoring. Note, that AutoSSH also uses mport+1. Value of 0 disables the keep-alive style monitoring @@ -42,7 +42,7 @@ in extraArguments = mkOption { type = types.str; example = "-N -D4343 bill@socks.example.net"; - description = lib.mdDoc '' + description = '' Arguments to be passed to AutoSSH and retransmitted to SSH process. Some meaningful options include -N (don't run remote command), -D (open SOCKS proxy on local port), -R (forward @@ -54,7 +54,7 @@ in }); default = []; - description = lib.mdDoc '' + description = '' List of AutoSSH sessions to start as systemd services. Each service is named 'autossh-{session.name}'. ''; diff --git a/modules/services/buildkite-agents.nix b/modules/services/buildkite-agents.nix index 094f2c9..4888247 100644 --- a/modules/services/buildkite-agents.nix +++ b/modules/services/buildkite-agents.nix @@ -4,14 +4,13 @@ with lib; let cfg = config.services.buildkite-agents; - mdDoc = lib.mdDoc or (x: "Documentation not rendered. Please upgrade to a newer NixOS with markdown support."); literalMD = lib.literalMD or (x: lib.literalDocBook "Documentation not rendered. Please upgrade to a newer NixOS with markdown support."); mkHookOption = { name, description, example ? null }: { inherit name; value = mkOption { default = null; - description = mdDoc description; + description = description; type = types.nullOr types.lines; } // (if example == null then {} else { inherit example; }); }; @@ -36,32 +35,32 @@ let enable = mkOption { default = true; type = types.bool; - description = mdDoc "Whether to enable this buildkite agent"; + description = "Whether to enable this buildkite agent"; }; package = mkOption { default = pkgs.buildkite-agent; defaultText = literalExpression "pkgs.buildkite-agent"; - description = mdDoc "Which buildkite-agent derivation to use"; + description = "Which buildkite-agent derivation to use"; type = types.package; }; dataDir = mkOption { default = "/var/lib/buildkite-agent-${name}"; - description = mdDoc "The workdir for the agent"; + description = "The workdir for the agent"; type = types.str; }; runtimePackages = mkOption { default = [ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]; defaultText = literalExpression "[ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]"; - description = mdDoc "Add programs to the buildkite-agent environment"; + description = "Add programs to the buildkite-agent environment"; type = types.listOf (types.either types.package types.path); }; tokenPath = mkOption { type = types.path; - description = mdDoc '' + description = '' The token from your Buildkite "Agents" page. A run-time path to the token file, which is supposed to be provisioned @@ -72,7 +71,7 @@ let name = mkOption { type = types.str; default = "%hostname-${name}-%n"; - description = mdDoc '' + description = '' The name of the agent as seen in the buildkite dashboard. ''; }; @@ -81,7 +80,7 @@ let type = types.attrsOf (types.either types.str (types.listOf types.str)); default = {}; example = { queue = "default"; docker = "true"; ruby2 ="true"; }; - description = mdDoc '' + description = '' Tags for the agent. ''; }; @@ -90,7 +89,7 @@ let type = types.lines; default = ""; example = "debug=true"; - description = mdDoc '' + description = '' Extra lines to be added verbatim to the configuration file. ''; }; @@ -98,7 +97,7 @@ let preCommands = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra commands to run before starting buildkite. ''; }; @@ -110,7 +109,7 @@ let ## don't end up in the Nix store. apply = final: if final == null then null else toString final; - description = mdDoc '' + description = '' OpenSSH private key A run-time path to the key file, which is supposed to be provisioned @@ -179,7 +178,7 @@ let type = types.path; default = hooksDir config; defaultText = literalMD "generated from {option}`services.buildkite-agents..hooks`"; - description = mdDoc '' + description = '' Path to the directory storing the hooks. Consider using {option}`services.buildkite-agents..hooks.` instead. @@ -190,7 +189,7 @@ let type = types.str; default = "${pkgs.bash}/bin/bash -e -c"; defaultText = literalExpression ''"''${pkgs.bash}/bin/bash -e -c"''; - description = mdDoc '' + description = '' Command that buildkite-agent 3 will execute when it spawns a shell. ''; }; @@ -203,7 +202,7 @@ in options.services.buildkite-agents = mkOption { type = types.attrsOf (types.submodule buildkiteOptions); default = {}; - description = mdDoc '' + description = '' Attribute set of buildkite agents. The attribute key is combined with the hostname and a unique integer to create the final agent name. This can be overridden by setting the `name` diff --git a/modules/services/cachix-agent.nix b/modules/services/cachix-agent.nix index 68bc61c..0095d65 100644 --- a/modules/services/cachix-agent.nix +++ b/modules/services/cachix-agent.nix @@ -9,7 +9,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable to run Cachix Agent as a system service. Read [Cachix Deploy](https://docs.cachix.org/deploy/) documentation for more information. @@ -19,13 +19,13 @@ in { name = mkOption { type = types.str; default = config.networking.hostName; - description = lib.mdDoc '' + description = '' Agent name, usually the same as the hostname. ''; }; package = mkOption { - description = lib.mdDoc '' + description = '' Package containing cachix executable. ''; type = types.package; @@ -36,7 +36,7 @@ in { credentialsFile = mkOption { type = types.path; default = "/etc/cachix-agent.token"; - description = lib.mdDoc '' + description = '' Required file that needs to contain: export CACHIX_AGENT_TOKEN=... @@ -46,7 +46,7 @@ in { logFile = mkOption { type = types.nullOr types.path; default = "/var/log/cachix-agent.log"; - description = lib.mdDoc "Absolute path to log all stderr and stdout"; + description = "Absolute path to log all stderr and stdout"; }; }; diff --git a/modules/services/chunkwm.nix b/modules/services/chunkwm.nix index a5955cc..354288a 100644 --- a/modules/services/chunkwm.nix +++ b/modules/services/chunkwm.nix @@ -12,51 +12,51 @@ in services.chunkwm.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the chunkwm window manager."; + description = "Whether to enable the chunkwm window manager."; }; services.chunkwm.package = mkOption { type = types.package; example = literalExpression "pkgs.chunkwm"; - description = lib.mdDoc "This option specifies the chunkwm package to use."; + description = "This option specifies the chunkwm package to use."; }; services.chunkwm.hotload = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable hotload."; + description = "Whether to enable hotload."; }; services.chunkwm.extraConfig = mkOption { type = types.lines; default = ""; example = ''chunkc tiling::rule --owner Emacs --state tile''; - description = lib.mdDoc "Additional commands for {file}`chunkwmrc`."; + description = "Additional commands for {file}`chunkwmrc`."; }; services.chunkwm.plugins.dir = mkOption { type = types.path; default = "/run/current-system/sw/lib/chunkwm/plugins"; - description = lib.mdDoc "Chunkwm Plugins directory."; + description = "Chunkwm Plugins directory."; }; services.chunkwm.plugins.list = mkOption { type = types.listOf (types.enum plugins); default = plugins; example = ["tiling"]; - description = lib.mdDoc "Chunkwm Plugins to enable."; + description = "Chunkwm Plugins to enable."; }; services.chunkwm.plugins."border".config = mkOption { type = types.lines; default = ''chunkc set focused_border_color 0xffc0b18b''; - description = lib.mdDoc "Optional border plugin configuration."; + description = "Optional border plugin configuration."; }; services.chunkwm.plugins."tiling".config = mkOption { type = types.lines; example = ''chunkc set global_desktop_mode bsp''; - description = lib.mdDoc "Optional tiling plugin configuration."; + description = "Optional tiling plugin configuration."; }; }; diff --git a/modules/services/dnsmasq.nix b/modules/services/dnsmasq.nix index 03071db..7ea674f 100644 --- a/modules/services/dnsmasq.nix +++ b/modules/services/dnsmasq.nix @@ -12,32 +12,32 @@ in services.dnsmasq.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable DNSmasq."; + description = "Whether to enable DNSmasq."; }; services.dnsmasq.package = mkOption { type = types.path; default = pkgs.dnsmasq; defaultText = "pkgs.dnsmasq"; - description = lib.mdDoc "This option specifies the dnsmasq package to use."; + description = "This option specifies the dnsmasq package to use."; }; services.dnsmasq.bind = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "This option specifies the interface on which DNSmasq will listen."; + description = "This option specifies the interface on which DNSmasq will listen."; }; services.dnsmasq.port = mkOption { type = types.int; default = 53; - description = lib.mdDoc "This option specifies port on which DNSmasq will listen."; + description = "This option specifies port on which DNSmasq will listen."; }; services.dnsmasq.addresses = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc "List of domains that will be redirected by the DNSmasq."; + description = "List of domains that will be redirected by the DNSmasq."; example = literalExpression '' { localhost = "127.0.0.1"; } ''; diff --git a/modules/services/emacs.nix b/modules/services/emacs.nix index 88b5c8a..4b9a3cb 100644 --- a/modules/services/emacs.nix +++ b/modules/services/emacs.nix @@ -12,20 +12,20 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Emacs Daemon."; + description = "Whether to enable the Emacs Daemon."; }; package = mkOption { type = types.path; default = pkgs.emacs; - description = lib.mdDoc "This option specifies the emacs package to use."; + description = "This option specifies the emacs package to use."; }; additionalPath = mkOption { type = types.listOf types.str; default = [ ]; example = [ "/Users/my_user_name" ]; - description = lib.mdDoc '' + description = '' This option specifies additional PATH that the emacs daemon would have. Typically if you have binaries in your home directory that is what you would add your home path here. One caveat is that there won't be shell variable expansion, so you can't use $HOME for example @@ -35,7 +35,7 @@ in { exec = mkOption { type = types.str; default = "emacs"; - description = lib.mdDoc "Emacs command/binary to execute."; + description = "Emacs command/binary to execute."; }; }; }; diff --git a/modules/services/eternal-terminal.nix b/modules/services/eternal-terminal.nix index 3533080..d243a61 100644 --- a/modules/services/eternal-terminal.nix +++ b/modules/services/eternal-terminal.nix @@ -7,20 +7,20 @@ in { options = { services.eternal-terminal = { - enable = mkEnableOption (lib.mdDoc "Eternal Terminal server"); + enable = mkEnableOption "Eternal Terminal server"; package = mkOption { type = types.path; default = pkgs.eternal-terminal; defaultText = "pkgs.eternal-terminal"; - description = lib.mdDoc + description = "This option specifies the eternal-terminal package to use."; }; port = mkOption { default = 2022; type = types.port; - description = lib.mdDoc '' + description = '' The port the server should listen on. Will use the server's default (2022) if not specified. Make sure to open this port in the firewall if necessary. @@ -30,7 +30,7 @@ in { verbosity = mkOption { default = 0; type = types.enum (lib.range 0 9); - description = lib.mdDoc '' + description = '' The verbosity level (0-9). ''; }; @@ -38,7 +38,7 @@ in { silent = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If enabled, disables all logging. ''; }; @@ -46,7 +46,7 @@ in { logSize = mkOption { default = 20971520; type = types.int; - description = lib.mdDoc '' + description = '' The maximum log size. ''; }; diff --git a/modules/services/github-runner/options.nix b/modules/services/github-runner/options.nix index 300ca32..f6c4830 100644 --- a/modules/services/github-runner/options.nix +++ b/modules/services/github-runner/options.nix @@ -6,7 +6,7 @@ with lib; { options.services.github-runners = mkOption { - description = mdDoc '' + description = '' Multiple GitHub Runners. If `user` and `group` are set to `null`, the module will configure nix-darwin to @@ -50,7 +50,7 @@ with lib; enable = mkOption { default = false; example = true; - description = mdDoc '' + description = '' Whether to enable GitHub Actions runner. Note: GitHub recommends using self-hosted runners with private repositories only. Learn more here: @@ -61,7 +61,7 @@ with lib; url = mkOption { type = types.str; - description = mdDoc '' + description = '' Repository to add the runner to. Changing this option triggers a new runner registration. @@ -79,7 +79,7 @@ with lib; tokenFile = mkOption { type = types.path; - description = mdDoc '' + description = '' The full path to a file which contains either * a fine-grained personal access token (PAT), @@ -122,7 +122,7 @@ with lib; name = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' Name of the runner to configure. If null, defaults to the hostname. Changing this option triggers a new runner registration. @@ -133,7 +133,7 @@ with lib; runnerGroup = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' Name of the runner group to add this runner to (defaults to the default runner group). Changing this option triggers a new runner registration. @@ -143,7 +143,7 @@ with lib; extraLabels = mkOption { type = types.listOf types.str; - description = mdDoc '' + description = '' Extra labels in addition to the default (unless disabled through the `noDefaultLabels` option). Changing this option triggers a new runner registration. @@ -154,7 +154,7 @@ with lib; noDefaultLabels = mkOption { type = types.bool; - description = mdDoc '' + description = '' Disables adding the default labels. Also see the `extraLabels` option. Changing this option triggers a new runner registration. @@ -164,7 +164,7 @@ with lib; replace = mkOption { type = types.bool; - description = mdDoc '' + description = '' Replace any existing runner with the same name. Without this flag, registering a new runner with the same name fails. @@ -174,7 +174,7 @@ with lib; extraPackages = mkOption { type = types.listOf types.package; - description = mdDoc '' + description = '' Extra packages to add to `PATH` of the service to make them available to workflows. ''; default = [ ]; @@ -182,7 +182,7 @@ with lib; extraEnvironment = mkOption { type = types.attrs; - description = mdDoc '' + description = '' Extra environment variables to set for the runner, as an attrset. ''; example = { @@ -193,7 +193,7 @@ with lib; serviceOverrides = mkOption { type = types.attrs; - description = mdDoc '' + description = '' Modify the service. Can be used to, e.g., adjust the sandboxing options. ''; default = { }; @@ -203,7 +203,7 @@ with lib; ephemeral = mkOption { type = types.bool; - description = mdDoc '' + description = '' If enabled, causes the following behavior: - Passes the `--ephemeral` flag to the runner configuration script @@ -222,7 +222,7 @@ with lib; user = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' User under which to run the service. If this option and the `group` option is set to `null`, nix-darwin creates @@ -234,7 +234,7 @@ with lib; group = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' Group under which to run the service. If this option and the `user` option is set to `null`, nix-darwin creates @@ -246,7 +246,7 @@ with lib; workDir = mkOption { type = with types; nullOr str; - description = mdDoc '' + description = '' Working directory, available as `$GITHUB_WORKSPACE` during workflow runs and used as a default for [repository checkouts](https://github.com/actions/checkout). The service cleans this directory on every service start. @@ -259,7 +259,7 @@ with lib; nodeRuntimes = mkOption { type = with types; nonEmptyListOf (enum [ "node20" ]); default = [ "node20" ]; - description = mdDoc '' + description = '' List of Node.js runtimes the runner should support. ''; }; diff --git a/modules/services/gitlab-runner.nix b/modules/services/gitlab-runner.nix index 7651ba5..94c291e 100644 --- a/modules/services/gitlab-runner.nix +++ b/modules/services/gitlab-runner.nix @@ -117,11 +117,11 @@ let in { options.services.gitlab-runner = { - enable = mkEnableOption (lib.mdDoc "Gitlab Runner"); + enable = mkEnableOption "Gitlab Runner"; configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Configuration file for gitlab-runner. {option}`configFile` takes precedence over {option}`services`. @@ -137,7 +137,7 @@ in type = types.int; default = 0; example = literalExpression "with lib; (length (attrNames config.services.gitlab-runner.services)) * 3"; - description = lib.mdDoc '' + description = '' Defines the interval length, in seconds, between new jobs check. The default value is 3; if set to 0 or lower, the default value will be used. @@ -148,7 +148,7 @@ in type = types.int; default = 1; example = literalExpression "config.nix.maxJobs"; - description = lib.mdDoc '' + description = '' Limits how many jobs globally can be run concurrently. The most upper limit of jobs using all defined runners. 0 does not mean unlimited. @@ -158,7 +158,7 @@ in type = types.nullOr types.str; default = null; example = "https://public:private@host:port/1"; - description = lib.mdDoc '' + description = '' Data Source Name for tracking of all system level errors to Sentry. ''; }; @@ -166,7 +166,7 @@ in type = types.nullOr types.str; default = null; example = "localhost:8080"; - description = lib.mdDoc '' + description = '' Address (<host>:<port>) on which the Prometheus metrics HTTP server should be listening. ''; @@ -178,7 +178,7 @@ in type = types.nullOr types.str; default = null; example = "0.0.0.0:8093"; - description = lib.mdDoc '' + description = '' An internal URL to be used for the session server. ''; }; @@ -186,7 +186,7 @@ in type = types.nullOr types.str; default = null; example = "runner-host-name.tld:8093"; - description = lib.mdDoc '' + description = '' The URL that the Runner will expose to GitLab to be used to access the session server. Fallbacks to {option}`listenAddress` if not defined. @@ -195,7 +195,7 @@ in sessionTimeout = mkOption { type = types.int; default = 1800; - description = lib.mdDoc '' + description = '' How long in seconds the session can stay active after the job completes (which will block the job from finishing). ''; @@ -208,7 +208,7 @@ in listenAddress = "0.0.0.0:8093"; } ''; - description = lib.mdDoc '' + description = '' The session server allows the user to interact with jobs that the Runner is responsible for. A good example of this is the [interactive web terminal](https://docs.gitlab.com/ee/ci/interactive_web_terminal/index.html). @@ -217,7 +217,7 @@ in gracefulTermination = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Finish all remaining jobs before stopping. If not set gitlab-runner will stop immediatly without waiting for jobs to finish, which will lead to failed builds. @@ -227,7 +227,7 @@ in type = types.str; default = "infinity"; example = "5min 20s"; - description = lib.mdDoc '' + description = '' Time to wait until a graceful shutdown is turned into a forceful one. ''; }; @@ -236,17 +236,17 @@ in default = pkgs.gitlab-runner; defaultText = "pkgs.gitlab-runner"; example = literalExpression "pkgs.gitlab-runner_1_11"; - description = lib.mdDoc "Gitlab Runner package to use."; + description = "Gitlab Runner package to use."; }; extraPackages = mkOption { type = types.listOf types.package; default = [ ]; - description = lib.mdDoc '' + description = '' Extra packages to add to PATH for the gitlab-runner process. ''; }; services = mkOption { - description = lib.mdDoc "GitLab Runner services."; + description = "GitLab Runner services."; default = { }; example = literalExpression '' { @@ -328,7 +328,7 @@ in options = { registrationConfigFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Absolute path to a file with environment variables used for gitlab-runner registration. A list of all supported environment variables can be found in @@ -345,7 +345,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "--docker-helper-image my/gitlab-runner-helper" ]; - description = lib.mdDoc '' + description = '' Extra command-line flags passed to `gitlab-runner register`. Execute `gitlab-runner register --help` @@ -356,7 +356,7 @@ in type = types.attrsOf types.str; default = { }; example = { NAME = "value"; }; - description = lib.mdDoc '' + description = '' Custom environment variables injected to build environment. For secrets you can use {option}`registrationConfigFile` with `RUNNER_ENV` variable set. @@ -365,7 +365,7 @@ in executor = mkOption { type = types.str; default = "docker"; - description = lib.mdDoc '' + description = '' Select executor, eg. shell, docker, etc. See [runner documentation](https://docs.gitlab.com/runner/executors/README.html) for more information. ''; @@ -374,7 +374,7 @@ in type = types.nullOr types.path; default = null; example = "/var/lib/gitlab-runner/builds"; - description = lib.mdDoc '' + description = '' Absolute path to a directory where builds will be stored in context of selected executor (Locally, Docker, SSH). ''; @@ -383,14 +383,14 @@ in type = types.nullOr types.str; default = null; example = "http://gitlab.example.local"; - description = lib.mdDoc '' + description = '' Overwrite the URL for the GitLab instance. Used if the Runner can’t connect to GitLab on the URL GitLab exposes itself. ''; }; dockerImage = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Docker image to be used. ''; }; @@ -398,7 +398,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "/var/run/docker.sock:/var/run/docker.sock" ]; - description = lib.mdDoc '' + description = '' Bind-mount a volume and create it if it doesn't exist prior to mounting. ''; @@ -406,14 +406,14 @@ in dockerDisableCache = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Disable all container caching. ''; }; dockerPrivileged = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Give extended privileges to container. ''; }; @@ -421,7 +421,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "other-host:127.0.0.1" ]; - description = lib.mdDoc '' + description = '' Add a custom host-to-IP mapping. ''; }; @@ -429,7 +429,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "ruby:*" "python:*" "php:*" "my.registry.tld:5000/*:*" ]; - description = lib.mdDoc '' + description = '' Whitelist allowed images. ''; }; @@ -437,21 +437,21 @@ in type = types.listOf types.str; default = [ ]; example = [ "postgres:9" "redis:*" "mysql:*" ]; - description = lib.mdDoc '' + description = '' Whitelist allowed services. ''; }; preCloneScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Runner-specific command script executed before code is pulled. ''; }; preBuildScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Runner-specific command script executed after code is pulled, just before build executes. ''; @@ -459,7 +459,7 @@ in postBuildScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Runner-specific command script executed after code is pulled and just after build executes. ''; @@ -467,14 +467,14 @@ in tagList = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Tag list. ''; }; runUntagged = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Register to run untagged builds; defaults to `true` when {option}`tagList` is empty. ''; @@ -482,7 +482,7 @@ in limit = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Limit how many jobs can be handled concurrently by this service. 0 (default) simply means don't limit. ''; @@ -490,14 +490,14 @@ in requestConcurrency = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Limit number of concurrent requests for new jobs from GitLab. ''; }; maximumTimeout = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' What is the maximum timeout (in seconds) that will be set for job when using this Runner. 0 (default) simply means don't limit. ''; @@ -505,7 +505,7 @@ in protected = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When set to true Runner will only run on pipelines triggered on protected branches. ''; @@ -513,7 +513,7 @@ in debugTraceDisabled = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When set to true Runner will disable the possibility of using the `CI_DEBUG_TRACE` feature. ''; diff --git a/modules/services/hercules-ci-agent/common.nix b/modules/services/hercules-ci-agent/common.nix index 6401f6f..5a4b739 100644 --- a/modules/services/hercules-ci-agent/common.nix +++ b/modules/services/hercules-ci-agent/common.nix @@ -18,7 +18,6 @@ let types ; literalMD = lib.literalMD or (x: lib.literalDocBook "Documentation not rendered. Please upgrade to a newer NixOS with markdown support."); - mdDoc = lib.mdDoc or (x: "Documentation not rendered. Please upgrade to a newer NixOS with markdown support."); cfg = config.services.hercules-ci-agent; @@ -37,7 +36,7 @@ in enable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Enable to run Hercules CI Agent as a system service. [Hercules CI](https://hercules-ci.com) is a @@ -47,7 +46,7 @@ in ''; }; package = mkOption { - description = mdDoc '' + description = '' Package containing the bin/hercules-ci-agent executable. ''; type = types.package; @@ -55,7 +54,7 @@ in defaultText = literalExpression "pkgs.hercules-ci-agent"; }; settings = mkOption { - description = mdDoc '' + description = '' These settings are written to the `agent.toml` file. Not all settings are listed as options, can be set nonetheless. @@ -75,7 +74,7 @@ in type = types.path; internal = true; defaultText = literalMD "generated `hercules-ci-agent.toml`"; - description = mdDoc '' + description = '' The fully assembled config file. ''; }; diff --git a/modules/services/hercules-ci-agent/default.nix b/modules/services/hercules-ci-agent/default.nix index 538e104..d9fbf37 100644 --- a/modules/services/hercules-ci-agent/default.nix +++ b/modules/services/hercules-ci-agent/default.nix @@ -17,7 +17,7 @@ in logFile = mkOption { type = types.path; default = "/var/log/hercules-ci-agent.log"; - description = lib.mdDoc "Stdout and sterr of hercules-ci-agent process."; + description = "Stdout and sterr of hercules-ci-agent process."; }; }; diff --git a/modules/services/hercules-ci-agent/settings.nix b/modules/services/hercules-ci-agent/settings.nix index 157861a..6389461 100644 --- a/modules/services/hercules-ci-agent/settings.nix +++ b/modules/services/hercules-ci-agent/settings.nix @@ -7,7 +7,6 @@ let mkOption ; literalMD = lib.literalMD or (x: lib.literalDocBook "Documentation not rendered. Please upgrade to a newer NixOS with markdown support."); - mdDoc = lib.mdDoc or (x: "Documentation not rendered. Please upgrade to a newer NixOS with markdown support."); format = pkgs.formats.toml { }; @@ -15,7 +14,7 @@ let freeformType = format.type; options = { apiBaseUrl = mkOption { - description = mdDoc '' + description = '' API base URL that the agent will connect to. When using Hercules CI Enterprise, set this to the URL where your @@ -27,12 +26,12 @@ let baseDirectory = mkOption { type = types.path; default = "/var/lib/hercules-ci-agent"; - description = mdDoc '' + description = '' State directory (secrets, work directory, etc) for agent ''; }; concurrentTasks = mkOption { - description = mdDoc '' + description = '' Number of tasks to perform simultaneously. A task is a single derivation build, an evaluation or an effect run. @@ -56,7 +55,7 @@ let ''; }; labels = mkOption { - description = mdDoc '' + description = '' A key-value map of user data. This data will be available to organization members in the dashboard and API. @@ -75,7 +74,7 @@ let ''; }; workDirectory = mkOption { - description = mdDoc '' + description = '' The directory in which temporary subdirectories are created for task state. This includes sources for Nix evaluation. ''; type = types.path; @@ -83,7 +82,7 @@ let defaultText = literalExpression ''baseDirectory + "/work"''; }; staticSecretsDirectory = mkOption { - description = mdDoc '' + description = '' This is the default directory to look for statically configured secrets like `cluster-join-token.key`. See also `clusterJoinTokenPath` and `binaryCachesPath` for fine-grained configuration. @@ -93,7 +92,7 @@ let defaultText = literalExpression ''baseDirectory + "/secrets"''; }; clusterJoinTokenPath = mkOption { - description = mdDoc '' + description = '' Location of the cluster-join-token.key file. You can retrieve the contents of the file when creating a new agent via @@ -110,7 +109,7 @@ let defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"''; }; binaryCachesPath = mkOption { - description = mdDoc '' + description = '' Path to a JSON file containing binary cache secret keys. As these values are confidential, they should not be in the store, but @@ -124,7 +123,7 @@ let defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"''; }; secretsJsonPath = mkOption { - description = mdDoc '' + description = '' Path to a JSON file containing secrets for effects. As these values are confidential, they should not be in the store, but diff --git a/modules/services/ipfs.nix b/modules/services/ipfs.nix index 6cfcc49..e7cdb74 100644 --- a/modules/services/ipfs.nix +++ b/modules/services/ipfs.nix @@ -14,14 +14,14 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the ipfs daemon."; + description = "Whether to enable the ipfs daemon."; }; package = mkOption { type = types.package; default = pkgs.kubo; # defaultText = "pkgs.kubo"; - description = lib.mdDoc '' + description = '' The ipfs package to use. ''; }; @@ -30,7 +30,7 @@ in type = types.nullOr types.path; default = null; example = "/var/tmp/ipfs.log"; - description = lib.mdDoc '' + description = '' The logfile to use for the ipfs service. Alternatively {command}`sudo launchctl debug system/org.nixos.ipfs --stderr` can be used to stream the logs to a shell after restarting the service with @@ -41,13 +41,13 @@ in ipfsPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Set the IPFS_PATH environment variable."; + description = "Set the IPFS_PATH environment variable."; }; enableGarbageCollection = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Passes --enable-gc flag to ipfs daemon."; + description = "Passes --enable-gc flag to ipfs daemon."; }; }; diff --git a/modules/services/karabiner-elements/default.nix b/modules/services/karabiner-elements/default.nix index 7c0636c..2f415b2 100644 --- a/modules/services/karabiner-elements/default.nix +++ b/modules/services/karabiner-elements/default.nix @@ -10,7 +10,7 @@ in { options = { - services.karabiner-elements.enable = mkEnableOption (lib.mdDoc "Karabiner-Elements"); + services.karabiner-elements.enable = mkEnableOption "Karabiner-Elements"; }; config = mkIf cfg.enable { diff --git a/modules/services/khd/default.nix b/modules/services/khd/default.nix index ef16a2b..7594baf 100644 --- a/modules/services/khd/default.nix +++ b/modules/services/khd/default.nix @@ -13,27 +13,27 @@ in services.khd.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the khd hotkey daemon."; + description = "Whether to enable the khd hotkey daemon."; }; services.khd.package = mkOption { type = types.package; default = pkgs.khd; defaultText = "pkgs.khd"; - description = lib.mdDoc "This option specifies the khd package to use."; + description = "This option specifies the khd package to use."; }; services.khd.khdConfig = mkOption { type = types.lines; default = ""; example = "alt + shift - r : kwmc quit"; - description = lib.mdDoc "Config to use for {file}`khdrc`."; + description = "Config to use for {file}`khdrc`."; }; services.khd.i3Keybindings = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Wether to configure i3 style keybindings for kwm."; + description = "Wether to configure i3 style keybindings for kwm."; }; }; diff --git a/modules/services/kwm/default.nix b/modules/services/kwm/default.nix index c6603b9..5fb6c56 100644 --- a/modules/services/kwm/default.nix +++ b/modules/services/kwm/default.nix @@ -11,21 +11,21 @@ in services.kwm.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the khd window manager."; + description = "Whether to enable the khd window manager."; }; services.kwm.package = mkOption { type = types.path; default = pkgs.kwm; defaultText = "pkgs.kwm"; - description = lib.mdDoc "This option specifies the kwm package to use."; + description = "This option specifies the kwm package to use."; }; services.kwm.kwmConfig = mkOption { type = types.lines; default = ""; example = ''kwmc rule owner="iTerm2" properties={role="AXDialog"}''; - description = lib.mdDoc "Config to use for {file}`kwmrc`."; + description = "Config to use for {file}`kwmrc`."; }; }; diff --git a/modules/services/lorri.nix b/modules/services/lorri.nix index 246bcfa..0c12300 100644 --- a/modules/services/lorri.nix +++ b/modules/services/lorri.nix @@ -11,14 +11,14 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the lorri service."; + description = "Whether to enable the lorri service."; }; logFile = mkOption { type = types.nullOr types.path; default = null; example = "/var/tmp/lorri.log"; - description = lib.mdDoc '' + description = '' The logfile to use for the lorri service. Alternatively {command}`sudo launchctl debug system/org.nixos.lorri --stderr` can be used to stream the logs to a shell after restarting the service with diff --git a/modules/services/mail/offlineimap.nix b/modules/services/mail/offlineimap.nix index b7913cb..81c8bdb 100644 --- a/modules/services/mail/offlineimap.nix +++ b/modules/services/mail/offlineimap.nix @@ -7,32 +7,32 @@ let in { options.services.offlineimap = { - enable = mkEnableOption (lib.mdDoc "Offlineimap, a software to dispose your mailbox(es) as a local Maildir(s)"); + enable = mkEnableOption "Offlineimap, a software to dispose your mailbox(es) as a local Maildir(s)"; package = mkOption { type = types.package; default = pkgs.offlineimap; defaultText = "pkgs.offlineimap"; - description = lib.mdDoc "Offlineimap derivation to use."; + description = "Offlineimap derivation to use."; }; path = mkOption { type = types.listOf types.path; default = []; example = literalExpression "[ pkgs.pass pkgs.bash pkgs.notmuch ]"; - description = lib.mdDoc "List of derivations to put in Offlineimap's path."; + description = "List of derivations to put in Offlineimap's path."; }; startInterval = mkOption { type = types.nullOr types.int; default = 300; - description = lib.mdDoc "Optional key to start offlineimap services each N seconds"; + description = "Optional key to start offlineimap services each N seconds"; }; runQuick = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Run only quick synchronizations. Ignore any flag updates on IMAP servers. If a flag on the remote IMAP changes, and we have the message locally, it will be left untouched in a quick run. ''; @@ -41,7 +41,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional text to be appended to {file}`offlineimaprc`."; + description = "Additional text to be appended to {file}`offlineimaprc`."; }; }; diff --git a/modules/services/monitoring/telegraf.nix b/modules/services/monitoring/telegraf.nix index e3d3250..f40e013 100644 --- a/modules/services/monitoring/telegraf.nix +++ b/modules/services/monitoring/telegraf.nix @@ -10,12 +10,12 @@ let in { options = { services.telegraf = { - enable = mkEnableOption (lib.mdDoc "telegraf agent"); + enable = mkEnableOption "telegraf agent"; package = mkOption { default = pkgs.telegraf; defaultText = lib.literalExpression "pkgs.telegraf"; - description = lib.mdDoc "Which telegraf derivation to use"; + description = "Which telegraf derivation to use"; type = types.package; }; @@ -23,7 +23,7 @@ in { type = types.listOf types.path; default = [ ]; example = [ "/run/keys/telegraf.env" ]; - description = lib.mdDoc '' + description = '' File to load as environment file. This is useful to avoid putting secrets into the nix store. ''; @@ -31,7 +31,7 @@ in { extraConfig = mkOption { default = { }; - description = lib.mdDoc "Extra configuration options for telegraf"; + description = "Extra configuration options for telegraf"; type = settingsFormat.type; example = { outputs.influxdb = { @@ -47,7 +47,7 @@ in { configUrl = mkOption { default = null; - description = lib.mdDoc "Url to fetch config from"; + description = "Url to fetch config from"; type = types.nullOr types.str; }; }; diff --git a/modules/services/mopidy.nix b/modules/services/mopidy.nix index 2fb9a15..be3c05e 100644 --- a/modules/services/mopidy.nix +++ b/modules/services/mopidy.nix @@ -11,27 +11,27 @@ in services.mopidy.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Mopidy Daemon."; + description = "Whether to enable the Mopidy Daemon."; }; services.mopidy.package = mkOption { type = types.path; default = pkgs.mopidy; defaultText = "pkgs.mopidy"; - description = lib.mdDoc "This option specifies the mopidy package to use."; + description = "This option specifies the mopidy package to use."; }; services.mopidy.mediakeys.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Mopidy OSX Media Keys support daemon."; + description = "Whether to enable the Mopidy OSX Media Keys support daemon."; }; services.mopidy.mediakeys.package = mkOption { type = types.path; default = pkgs.pythonPackages.osxmpdkeys; defaultText = "pkgs.pythonPackages.osxmpdkeys"; - description = lib.mdDoc "This option specifies the mediakeys package to use."; + description = "This option specifies the mediakeys package to use."; }; }; diff --git a/modules/services/netbird.nix b/modules/services/netbird.nix index ad0bf3e..5bc8ebd 100644 --- a/modules/services/netbird.nix +++ b/modules/services/netbird.nix @@ -5,12 +5,12 @@ let in { options.services.netbird = { - enable = mkEnableOption (lib.mdDoc "Netbird daemon"); + enable = mkEnableOption "Netbird daemon"; package = mkOption { type = types.package; default = pkgs.netbird; defaultText = literalExpression "pkgs.netbird"; - description = lib.mdDoc "The package to use for netbird"; + description = "The package to use for netbird"; }; }; config = mkIf cfg.enable { diff --git a/modules/services/nextdns/default.nix b/modules/services/nextdns/default.nix index 5ea5e75..2312096 100644 --- a/modules/services/nextdns/default.nix +++ b/modules/services/nextdns/default.nix @@ -13,13 +13,13 @@ in { type = types.bool; default = false; description = - lib.mdDoc "Whether to enable the NextDNS DNS/53 to DoH Proxy service."; + "Whether to enable the NextDNS DNS/53 to DoH Proxy service."; }; arguments = mkOption { type = types.listOf types.str; default = [ ]; example = [ "-config" "10.0.3.0/24=abcdef" ]; - description = lib.mdDoc "Additional arguments to be passed to nextdns run."; + description = "Additional arguments to be passed to nextdns run."; }; }; }; diff --git a/modules/services/nix-daemon.nix b/modules/services/nix-daemon.nix index 584c226..d652dae 100644 --- a/modules/services/nix-daemon.nix +++ b/modules/services/nix-daemon.nix @@ -11,20 +11,20 @@ in services.nix-daemon.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the nix-daemon service."; + description = "Whether to enable the nix-daemon service."; }; services.nix-daemon.enableSocketListener = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to make the nix-daemon service socket activated."; + description = "Whether to make the nix-daemon service socket activated."; }; services.nix-daemon.logFile = mkOption { type = types.nullOr types.path; default = null; example = "/var/log/nix-daemon.log"; - description = lib.mdDoc '' + description = '' The logfile to use for the nix-daemon service. Alternatively {command}`sudo launchctl debug system/org.nixos.nix-daemon --stderr` can be used to stream the logs to a shell after restarting the service with @@ -35,7 +35,7 @@ in services.nix-daemon.tempDir = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "The TMPDIR to use for nix-daemon."; + description = "The TMPDIR to use for nix-daemon."; }; }; diff --git a/modules/services/nix-gc/default.nix b/modules/services/nix-gc/default.nix index f13e250..49fb328 100644 --- a/modules/services/nix-gc/default.nix +++ b/modules/services/nix-gc/default.nix @@ -24,27 +24,27 @@ in automatic = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Automatically run the garbage collector at a specific time."; + description = "Automatically run the garbage collector at a specific time."; }; # Not in NixOS module user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "User that runs the garbage collector."; + description = "User that runs the garbage collector."; }; interval = mkOption { type = types.attrs; default = { Hour = 3; Minute = 15; }; - description = lib.mdDoc "The time interval at which the garbage collector will run."; + description = "The time interval at which the garbage collector will run."; }; options = mkOption { default = ""; example = "--max-freed $((64 * 1024**3))"; type = types.str; - description = lib.mdDoc '' + description = '' Options given to {file}`nix-collect-garbage` when the garbage collector is run automatically. ''; diff --git a/modules/services/nix-optimise/default.nix b/modules/services/nix-optimise/default.nix index 5462bae..94f6e1c 100644 --- a/modules/services/nix-optimise/default.nix +++ b/modules/services/nix-optimise/default.nix @@ -6,7 +6,6 @@ let inherit (lib) - mdDoc mkIf mkOption mkRemovedOptionModule @@ -31,20 +30,20 @@ in automatic = mkOption { type = types.bool; default = false; - description = mdDoc "Automatically run the nix store optimiser at a specific time."; + description = "Automatically run the nix store optimiser at a specific time."; }; # Not in NixOS module user = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc "User that runs the store optimisation."; + description = "User that runs the store optimisation."; }; interval = mkOption { type = types.attrs; default = { Hour = 3; Minute = 15; }; - description = mdDoc "The time interval at which the optimiser will run."; + description = "The time interval at which the optimiser will run."; }; }; diff --git a/modules/services/ofborg/default.nix b/modules/services/ofborg/default.nix index 9151039..4c35615 100644 --- a/modules/services/ofborg/default.nix +++ b/modules/services/ofborg/default.nix @@ -12,13 +12,13 @@ in services.ofborg.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the ofborg builder service."; + description = "Whether to enable the ofborg builder service."; }; services.ofborg.package = mkOption { type = types.package; example = literalExpression "pkgs.ofborg"; - description = lib.mdDoc '' + description = '' This option specifies the ofborg package to use. eg. (import <ofborg> {}).ofborg.rs @@ -30,7 +30,7 @@ in services.ofborg.configFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Configuration file to use for ofborg. WARNING Don't use a path literal or derivation for this, @@ -41,7 +41,7 @@ in services.ofborg.logFile = mkOption { type = types.path; default = "/var/log/ofborg.log"; - description = lib.mdDoc "The logfile to use for the ofborg service."; + description = "The logfile to use for the ofborg service."; }; }; diff --git a/modules/services/postgresql/default.nix b/modules/services/postgresql/default.nix index 018b46e..e063944 100644 --- a/modules/services/postgresql/default.nix +++ b/modules/services/postgresql/default.nix @@ -40,12 +40,12 @@ in services.postgresql = { - enable = mkEnableOption (lib.mdDoc "PostgreSQL Server"); + enable = mkEnableOption "PostgreSQL Server"; package = mkOption { type = types.package; example = literalExpression "pkgs.postgresql_11"; - description = lib.mdDoc '' + description = '' PostgreSQL package to use. ''; }; @@ -53,7 +53,7 @@ in port = mkOption { type = types.int; default = 5432; - description = lib.mdDoc '' + description = '' The port on which PostgreSQL listens. ''; }; @@ -61,14 +61,14 @@ in checkConfig = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Check the syntax of the configuration file at compile time"; + description = "Check the syntax of the configuration file at compile time"; }; dataDir = mkOption { type = types.path; defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.postgresql.package.psqlSchema}"''; example = "/var/lib/postgresql/11"; - description = lib.mdDoc '' + description = '' The data directory for PostgreSQL. If left as the default value this directory will automatically be created before the PostgreSQL server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership @@ -79,7 +79,7 @@ in authentication = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Defines how users authenticate themselves to the server. See the [ PostgreSQL documentation for pg_hba.conf](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html) @@ -96,7 +96,7 @@ in identMap = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Defines the mapping from system users to database users. The general form is: @@ -109,7 +109,7 @@ in type = with types; listOf str; default = []; example = [ "--data-checksums" "--allow-group-access" ]; - description = lib.mdDoc '' + description = '' Additional arguments passed to `initdb` during data dir initialisation. ''; @@ -118,7 +118,7 @@ in initialScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' A file containing SQL statements to execute on first startup. ''; }; @@ -126,7 +126,7 @@ in ensureDatabases = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Ensures that the specified databases exist. This option will never delete existing databases, especially not when the value of this option is changed. This means that databases created once through this option or @@ -143,14 +143,14 @@ in options = { name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Name of the user to ensure. ''; }; ensurePermissions = mkOption { type = types.attrsOf types.str; default = {}; - description = lib.mdDoc '' + description = '' Permissions to ensure for the user, specified as an attribute set. The attribute names specify the database and tables to grant the permissions for. The attribute values specify the permissions to grant. You may specify one or @@ -171,7 +171,7 @@ in }; }); default = []; - description = lib.mdDoc '' + description = '' Ensures that the specified users exist and have at least the ensured permissions. The PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the same name only, and that without the need for a password. @@ -200,7 +200,7 @@ in enableTCPIP = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether PostgreSQL should listen on all network interfaces. If disabled, the database can only be accessed via its Unix domain socket or via TCP connections to localhost. @@ -211,7 +211,7 @@ in type = types.str; default = "[%p] "; example = "%m [%p] "; - description = lib.mdDoc '' + description = '' A printf-style string that is output at the beginning of each log line. Upstream default is `'%m [%p] '`, i.e. it includes the timestamp. We do not include the timestamp, because journal has it anyway. @@ -222,7 +222,7 @@ in type = types.listOf types.path; default = []; example = literalExpression "with pkgs.postgresql_11.pkgs; [ postgis pg_repack ]"; - description = lib.mdDoc '' + description = '' List of PostgreSQL plugins. PostgreSQL version for each plugin should match version for `services.postgresql.package` value. ''; @@ -231,7 +231,7 @@ in settings = mkOption { type = with types; attrsOf (oneOf [ bool float int str ]); default = {}; - description = lib.mdDoc '' + description = '' PostgreSQL configuration. Refer to for an overview of `postgresql.conf`. @@ -257,7 +257,7 @@ in recoveryConfig = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Contents of the {file}`recovery.conf` file. ''; }; @@ -267,7 +267,7 @@ in default = "postgres"; internal = true; readOnly = true; - description = lib.mdDoc '' + description = '' PostgreSQL superuser account to use for various operations. Internal since changing this value would lead to breakage while setting up databases. ''; diff --git a/modules/services/privoxy/default.nix b/modules/services/privoxy/default.nix index 5f7780c..b314723 100644 --- a/modules/services/privoxy/default.nix +++ b/modules/services/privoxy/default.nix @@ -10,40 +10,40 @@ in services.privoxy.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the privoxy proxy service."; + description = "Whether to enable the privoxy proxy service."; }; services.privoxy.listenAddress = mkOption { type = types.str; default = "127.0.0.1:8118"; - description = lib.mdDoc "The address and TCP port on which privoxy will listen."; + description = "The address and TCP port on which privoxy will listen."; }; services.privoxy.package = mkOption { type = types.package; default = pkgs.privoxy; example = literalExpression "pkgs.privoxy"; - description = lib.mdDoc "This option specifies the privoxy package to use."; + description = "This option specifies the privoxy package to use."; }; services.privoxy.config = mkOption { type = types.lines; default = ""; example = "forward / upstream.proxy:8080"; - description = lib.mdDoc "Config to use for privoxy"; + description = "Config to use for privoxy"; }; services.privoxy.templdir = mkOption { type = types.path; default = "${pkgs.privoxy}/etc/templates"; defaultText = "\${pkgs.privoxy}/etc/templates"; - description = lib.mdDoc "Directory for privoxy template files."; + description = "Directory for privoxy template files."; }; services.privoxy.confdir = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Directory for privoxy files such as .action and .filter."; + description = "Directory for privoxy files such as .action and .filter."; }; }; diff --git a/modules/services/redis/default.nix b/modules/services/redis/default.nix index 0fa0af7..ccacd3b 100644 --- a/modules/services/redis/default.nix +++ b/modules/services/redis/default.nix @@ -11,52 +11,52 @@ in services.redis.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the redis database service."; + description = "Whether to enable the redis database service."; }; services.redis.package = mkOption { type = types.path; default = pkgs.redis; defaultText = "pkgs.redis"; - description = lib.mdDoc "This option specifies the redis package to use"; + description = "This option specifies the redis package to use"; }; services.redis.dataDir = mkOption { type = types.nullOr types.path; default = "/var/lib/redis"; - description = lib.mdDoc "Data directory for the redis database."; + description = "Data directory for the redis database."; }; services.redis.port = mkOption { type = types.int; default = 6379; - description = lib.mdDoc "The port for Redis to listen to."; + description = "The port for Redis to listen to."; }; services.redis.bind = mkOption { type = types.nullOr types.str; default = null; # All interfaces - description = lib.mdDoc "The IP interface to bind to."; + description = "The IP interface to bind to."; example = "127.0.0.1"; }; services.redis.unixSocket = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "The path to the socket to bind to."; + description = "The path to the socket to bind to."; example = "/var/run/redis.sock"; }; services.redis.appendOnly = mkOption { type = types.bool; default = false; - description = lib.mdDoc "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence."; + description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence."; }; services.redis.extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional text to be appended to {file}`redis.conf`."; + description = "Additional text to be appended to {file}`redis.conf`."; }; }; diff --git a/modules/services/sketchybar/default.nix b/modules/services/sketchybar/default.nix index 0cc4f6f..228636e 100644 --- a/modules/services/sketchybar/default.nix +++ b/modules/services/sketchybar/default.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) literalExpression maintainers mdDoc mkEnableOption mkIf mkPackageOptionMD mkOption optionals types; + inherit (lib) literalExpression maintainers mkEnableOption mkIf mkPackageOptionMD mkOption optionals types; cfg = config.services.sketchybar; @@ -15,7 +15,7 @@ in ]; options.services.sketchybar = { - enable = mkEnableOption (mdDoc "sketchybar"); + enable = mkEnableOption "sketchybar"; package = mkPackageOptionMD pkgs "sketchybar" { }; @@ -23,7 +23,7 @@ in type = types.listOf types.package; default = [ ]; example = literalExpression "[ pkgs.jq ]"; - description = mdDoc '' + description = '' Extra packages to add to PATH. ''; }; @@ -36,7 +36,7 @@ in sketchybar --update echo "sketchybar configuration loaded.." ''; - description = mdDoc '' + description = '' Contents of sketchybar's configuration file. If empty (the default), the configuration file won't be managed. See [documentation](https://felixkratz.github.io/SketchyBar/) diff --git a/modules/services/skhd/default.nix b/modules/services/skhd/default.nix index 4ec1e2b..72b52d4 100644 --- a/modules/services/skhd/default.nix +++ b/modules/services/skhd/default.nix @@ -11,20 +11,20 @@ in services.skhd.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the skhd hotkey daemon."; + description = "Whether to enable the skhd hotkey daemon."; }; services.skhd.package = mkOption { type = types.package; default = pkgs.skhd; - description = lib.mdDoc "This option specifies the skhd package to use."; + description = "This option specifies the skhd package to use."; }; services.skhd.skhdConfig = mkOption { type = types.lines; default = ""; example = "alt + shift - r : chunkc quit"; - description = lib.mdDoc "Config to use for {file}`skhdrc`."; + description = "Config to use for {file}`skhdrc`."; }; }; diff --git a/modules/services/spacebar/default.nix b/modules/services/spacebar/default.nix index eb06cad..a56dac5 100644 --- a/modules/services/spacebar/default.nix +++ b/modules/services/spacebar/default.nix @@ -22,12 +22,12 @@ in services.spacebar.enable = mkOption { type = bool; default = false; - description = lib.mdDoc "Whether to enable the spacebar spacebar."; + description = "Whether to enable the spacebar spacebar."; }; services.spacebar.package = mkOption { type = path; - description = lib.mdDoc "The spacebar package to use."; + description = "The spacebar package to use."; }; services.spacebar.config = mkOption { @@ -40,7 +40,7 @@ in foreground_color = "0xffa8a8a8"; } ''; - description = lib.mdDoc '' + description = '' Key/Value pairs to pass to spacebar's 'config' domain, via the configuration file. ''; }; @@ -51,7 +51,7 @@ in example = literalExpression '' echo "spacebar config loaded..." ''; - description = lib.mdDoc '' + description = '' Extra arbitrary configuration to append to the configuration file. ''; }; diff --git a/modules/services/spotifyd.nix b/modules/services/spotifyd.nix index 2469a24..612bae1 100644 --- a/modules/services/spotifyd.nix +++ b/modules/services/spotifyd.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the spotifyd service. ''; }; @@ -28,7 +28,7 @@ in type = types.path; default = pkgs.spotifyd; defaultText = "pkgs.spotifyd"; - description = lib.mdDoc '' + description = '' The spotifyd package to use. ''; }; @@ -40,7 +40,7 @@ in bitrate = 160; volume_normalisation = true; }; - description = lib.mdDoc '' + description = '' Configuration for spotifyd, see for supported values. ''; diff --git a/modules/services/synapse-bt.nix b/modules/services/synapse-bt.nix index 3970cac..d85a2cd 100644 --- a/modules/services/synapse-bt.nix +++ b/modules/services/synapse-bt.nix @@ -26,32 +26,32 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to run Synapse BitTorrent Daemon."; + description = "Whether to run Synapse BitTorrent Daemon."; }; package = mkOption { type = types.package; default = pkgs.synapse-bt; defaultText = "pkgs.synapse-bt"; - description = lib.mdDoc "Synapse BitTorrent package to use."; + description = "Synapse BitTorrent package to use."; }; port = mkOption { type = types.int; default = 16384; - description = lib.mdDoc "The port on which Synapse BitTorrent listens."; + description = "The port on which Synapse BitTorrent listens."; }; downloadDir = mkOption { type = types.path; default = "/var/lib/synapse-bt"; example = "/var/lib/synapse-bt/downloads"; - description = lib.mdDoc "Download directory for Synapse BitTorrent."; + description = "Download directory for Synapse BitTorrent."; }; extraConfig = mkOption { default = {}; - description = lib.mdDoc "Extra configuration options for Synapse BitTorrent."; + description = "Extra configuration options for Synapse BitTorrent."; type = types.attrs; }; }; diff --git a/modules/services/synergy/default.nix b/modules/services/synergy/default.nix index 9933fe6..2a9e088 100644 --- a/modules/services/synergy/default.nix +++ b/modules/services/synergy/default.nix @@ -16,28 +16,28 @@ in default = pkgs.synergy; defaultText = "pkgs.synergy"; type = types.package; - description = lib.mdDoc "The package used for the synergy client and server."; + description = "The package used for the synergy client and server."; }; client = { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the Synergy client (receive keyboard and mouse events from a Synergy server). ''; }; screenName = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Use the given name instead of the hostname to identify ourselves to the server. ''; }; serverAddress = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The server address is of the form: [hostname][:port]. The hostname must be the address or hostname of the server. The port overrides the default port, 24800. @@ -46,20 +46,20 @@ in autoStart = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether the Synergy client should be started automatically."; + description = "Whether the Synergy client should be started automatically."; }; tls = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' Whether TLS encryption should be used. Using this requires a TLS certificate that can be generated by starting the Synergy GUI once and entering - a valid product key''); + a valid product key''; cert = mkOption { type = types.nullOr types.str; default = null; example = "~/.synergy/SSL/Synergy.pem"; - description = lib.mdDoc "The TLS certificate to use for encryption."; + description = "The TLS certificate to use for encryption."; }; }; }; @@ -68,19 +68,19 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the Synergy server (send keyboard and mouse events). ''; }; configFile = mkOption { default = "/etc/synergy-server.conf"; type = types.str; - description = lib.mdDoc "The Synergy server configuration file."; + description = "The Synergy server configuration file."; }; screenName = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Use the given name instead of the hostname to identify this screen in the configuration. ''; @@ -88,25 +88,25 @@ in address = mkOption { default = ""; type = types.str; - description = lib.mdDoc "Address on which to listen for clients."; + description = "Address on which to listen for clients."; }; autoStart = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether the Synergy server should be started automatically."; + description = "Whether the Synergy server should be started automatically."; }; tls = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' Whether TLS encryption should be used. Using this requires a TLS certificate that can be generated by starting the Synergy GUI once and entering - a valid product key''); + a valid product key''; cert = mkOption { type = types.nullOr types.str; default = null; example = "~/.synergy/SSL/Synergy.pem"; - description = lib.mdDoc "The TLS certificate to use for encryption."; + description = "The TLS certificate to use for encryption."; }; }; }; diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix index 4135ade..3c826cf 100644 --- a/modules/services/tailscale.nix +++ b/modules/services/tailscale.nix @@ -13,20 +13,20 @@ in ]; options.services.tailscale = { - enable = mkEnableOption (lib.mdDoc "Tailscale client daemon"); + enable = mkEnableOption "Tailscale client daemon"; package = mkOption { type = types.package; default = pkgs.tailscale; defaultText = literalExpression "pkgs.tailscale"; - description = lib.mdDoc "The package to use for tailscale"; + description = "The package to use for tailscale"; }; overrideLocalDns = mkOption { type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' This option implements `Override local DNS` as it is not yet implemented in Tailscaled-on-macOS. To use this option, in the Tailscale control panel: diff --git a/modules/services/trezord.nix b/modules/services/trezord.nix index 97db519..8da05f3 100644 --- a/modules/services/trezord.nix +++ b/modules/services/trezord.nix @@ -11,7 +11,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Trezor bridge daemon, for use with Trezor hardware wallets. ''; }; @@ -19,7 +19,7 @@ in { emulator.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Trezor emulator support. ''; }; @@ -27,7 +27,7 @@ in { emulator.port = mkOption { type = types.port; default = 21324; - description = lib.mdDoc '' + description = '' Listening port for the Trezor emulator. ''; }; diff --git a/modules/services/wg-quick.nix b/modules/services/wg-quick.nix index 1e0b865..fab7a84 100644 --- a/modules/services/wg-quick.nix +++ b/modules/services/wg-quick.nix @@ -10,32 +10,32 @@ let allowedIPs = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc "List of IP addresses associated with this peer."; + description = "List of IP addresses associated with this peer."; }; endpoint = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "IP and port to connect to this peer at."; + description = "IP and port to connect to this peer at."; }; persistentKeepalive = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc "Interval in seconds to send keepalive packets"; + description = "Interval in seconds to send keepalive packets"; }; presharedKeyFile = mkOption { type = types.nullOr types.str; default = null; description = - lib.mdDoc "Optional, path to file containing the pre-shared key for this peer."; + "Optional, path to file containing the pre-shared key for this peer."; }; publicKey = mkOption { default = null; type = types.str; - description = lib.mdDoc "The public key for this peer."; + description = "The public key for this peer."; }; }; }; @@ -45,75 +45,75 @@ let address = mkOption { type = types.nullOr (types.listOf types.str); default = [ ]; - description = lib.mdDoc "List of IP addresses for this interface."; + description = "List of IP addresses for this interface."; }; autostart = mkOption { type = types.bool; default = true; description = - lib.mdDoc "Whether to bring up this interface automatically during boot."; + "Whether to bring up this interface automatically during boot."; }; dns = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc "List of DNS servers for this interface."; + description = "List of DNS servers for this interface."; }; listenPort = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc "Port to listen on, randomly selected if not specified."; + description = "Port to listen on, randomly selected if not specified."; }; mtu = mkOption { type = types.nullOr types.int; default = null; description = - lib.mdDoc "MTU to set for this interface, automatically set if not specified"; + "MTU to set for this interface, automatically set if not specified"; }; peers = mkOption { type = types.listOf (types.submodule peerOpts); default = [ ]; - description = lib.mdDoc "List of peers associated with this interface."; + description = "List of peers associated with this interface."; }; preDown = mkOption { type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; default = ""; - description = lib.mdDoc "List of commadns to run before interface shutdown."; + description = "List of commadns to run before interface shutdown."; }; preUp = mkOption { type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; default = ""; - description = lib.mdDoc "List of commands to run before interface setup."; + description = "List of commands to run before interface setup."; }; postDown = mkOption { type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; default = ""; - description = lib.mdDoc "List of commands to run after interface shutdown"; + description = "List of commands to run after interface shutdown"; }; postUp = mkOption { type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; default = ""; - description = lib.mdDoc "List of commands to run after interface setup."; + description = "List of commands to run after interface setup."; }; privateKeyFile = mkOption { type = types.str; default = null; - description = lib.mdDoc "Path to file containing this interface's private key."; + description = "Path to file containing this interface's private key."; }; table = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Controls the routing table to which routes are added. There are two special values: `off` disables the creation of routes altogether, and `auto` (the default) adds routes to the default table and @@ -208,13 +208,13 @@ in { interfaces = mkOption { type = types.attrsOf (types.submodule interfaceOpts); default = { }; - description = lib.mdDoc "Set of wg-quick interfaces."; + description = "Set of wg-quick interfaces."; }; logDir = mkOption { type = types.str; default = "/var/log"; - description = lib.mdDoc "Directory to save wg-quick logs to."; + description = "Directory to save wg-quick logs to."; }; }; }; diff --git a/modules/services/yabai/default.nix b/modules/services/yabai/default.nix index a26c7ca..fe9d3f9 100644 --- a/modules/services/yabai/default.nix +++ b/modules/services/yabai/default.nix @@ -23,19 +23,19 @@ in services.yabai.enable = mkOption { type = bool; default = false; - description = lib.mdDoc "Whether to enable the yabai window manager."; + description = "Whether to enable the yabai window manager."; }; services.yabai.package = mkOption { type = path; default = pkgs.yabai; - description = lib.mdDoc "The yabai package to use."; + description = "The yabai package to use."; }; services.yabai.enableScriptingAddition = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable yabai's scripting-addition. SIP must be disabled for this to work. ''; @@ -57,7 +57,7 @@ in window_gap = 10; } ''; - description = lib.mdDoc '' + description = '' Key/Value pairs to pass to yabai's 'config' domain, via the configuration file. ''; }; @@ -68,7 +68,7 @@ in example = literalExpression '' yabai -m rule --add app='System Preferences' manage=off ''; - description = lib.mdDoc "Extra arbitrary configuration to append to the configuration file"; + description = "Extra arbitrary configuration to append to the configuration file"; }; }; diff --git a/modules/system/activation-scripts.nix b/modules/system/activation-scripts.nix index 68e01b5..1495a7b 100644 --- a/modules/system/activation-scripts.nix +++ b/modules/system/activation-scripts.nix @@ -22,7 +22,7 @@ in internal = true; type = types.attrsOf (types.submodule script); default = {}; - description = lib.mdDoc '' + description = '' A set of shell script fragments that are executed when a NixOS system configuration is activated. Examples are updating /etc, creating accounts, and so on. Since these are executed diff --git a/modules/system/checks.nix b/modules/system/checks.nix index 5989dc4..f0f03e8 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -209,19 +209,19 @@ in system.checks.verifyNixPath = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to run the NIX_PATH validation checks."; + description = "Whether to run the NIX_PATH validation checks."; }; system.checks.verifyNixChannels = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to run the nix-channels validation checks."; + description = "Whether to run the nix-channels validation checks."; }; system.checks.verifyBuildUsers = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to run the Nix build users validation checks."; + description = "Whether to run the Nix build users validation checks."; }; system.checks.text = mkOption { diff --git a/modules/system/default.nix b/modules/system/default.nix index fbe169e..285936c 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -22,7 +22,7 @@ in internal = true; type = types.attrsOf types.unspecified; default = {}; - description = lib.mdDoc '' + description = '' Attribute set of derivation used to setup the system. ''; }; @@ -30,7 +30,7 @@ in system.path = mkOption { internal = true; type = types.package; - description = lib.mdDoc '' + description = '' The packages you want in the system environment. ''; }; @@ -38,7 +38,7 @@ in system.profile = mkOption { type = types.path; default = "/nix/var/nix/profiles/system"; - description = lib.mdDoc '' + description = '' Profile to use for the system. ''; }; @@ -56,7 +56,7 @@ in internal = true; type = types.attrsOf types.unspecified; default = {}; - description = lib.mdDoc '' + description = '' `lib.mkDerivation` attributes that will be passed to the top level system builder. ''; }; @@ -66,7 +66,7 @@ in internal = true; default = []; example = [ { assertion = false; message = "you can't enable this for that reason"; } ]; - description = lib.mdDoc '' + description = '' This option allows modules to express conditions that must hold for the evaluation of the system configuration to succeed, along with associated error messages for the user. @@ -78,7 +78,7 @@ in default = []; type = types.listOf types.str; example = [ "The `foo' service is deprecated and will go away soon!" ]; - description = lib.mdDoc '' + description = '' This option allows modules to show warnings to users during the evaluation of the system configuration. ''; diff --git a/modules/system/defaults/ActivityMonitor.nix b/modules/system/defaults/ActivityMonitor.nix index 9f4617c..8786375 100644 --- a/modules/system/defaults/ActivityMonitor.nix +++ b/modules/system/defaults/ActivityMonitor.nix @@ -8,7 +8,7 @@ with lib; system.defaults.ActivityMonitor.ShowCategory = mkOption { type = types.nullOr (types.enum [100 101 102 103 104 105 106 107]); default = null; - description = lib.mdDoc '' + description = '' Change which processes to show. * 100: All Processes * 101: All Processes, Hierarchally @@ -25,7 +25,7 @@ with lib; system.defaults.ActivityMonitor.IconType = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Change the icon in the dock when running. * 0: Application Icon * 2: Network Usage @@ -39,7 +39,7 @@ with lib; system.defaults.ActivityMonitor.SortColumn = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Which column to sort the main activity page (such as "CPUUsage"). Default is null. ''; }; @@ -47,7 +47,7 @@ with lib; system.defaults.ActivityMonitor.SortDirection = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The sort direction of the sort column (0 is decending). Default is null. ''; }; @@ -55,7 +55,7 @@ with lib; system.defaults.ActivityMonitor.OpenMainWindow = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Open the main window when opening Activity Monitor. Default is true. ''; }; diff --git a/modules/system/defaults/CustomPreferences.nix b/modules/system/defaults/CustomPreferences.nix index 134c8d0..1b4b99b 100644 --- a/modules/system/defaults/CustomPreferences.nix +++ b/modules/system/defaults/CustomPreferences.nix @@ -14,7 +14,7 @@ with lib; true; }; }; - description = lib.mdDoc '' + description = '' Sets custom user preferences ''; }; @@ -29,7 +29,7 @@ with lib; true; }; }; - description = lib.mdDoc '' + description = '' Sets custom system preferences ''; }; diff --git a/modules/system/defaults/GlobalPreferences.nix b/modules/system/defaults/GlobalPreferences.nix index a975802..9709711 100644 --- a/modules/system/defaults/GlobalPreferences.nix +++ b/modules/system/defaults/GlobalPreferences.nix @@ -11,7 +11,7 @@ in { mkOption { type = types.nullOr (types.path); default = null; - description = lib.mdDoc '' + description = '' Sets the system-wide alert sound. Found under "Sound Effects" in the "Sound" section of "System Preferences". Look in "/System/Library/Sounds" for possible candidates. @@ -23,7 +23,7 @@ in { type = types.nullOr floatWithDeprecationError; default = null; example = -1.0; - description = lib.mdDoc '' + description = '' Sets the mouse tracking speed. Found in the "Mouse" section of "System Preferences". Set to -1.0 to disable mouse acceleration. ''; diff --git a/modules/system/defaults/LaunchServices.nix b/modules/system/defaults/LaunchServices.nix index b76231f..d9ffcda 100644 --- a/modules/system/defaults/LaunchServices.nix +++ b/modules/system/defaults/LaunchServices.nix @@ -8,7 +8,7 @@ with lib; system.defaults.LaunchServices.LSQuarantine = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable quarantine for downloaded applications. The default is true. ''; }; diff --git a/modules/system/defaults/NSGlobalDomain.nix b/modules/system/defaults/NSGlobalDomain.nix index 03a7da2..cd008e0 100644 --- a/modules/system/defaults/NSGlobalDomain.nix +++ b/modules/system/defaults/NSGlobalDomain.nix @@ -11,7 +11,7 @@ in { system.defaults.NSGlobalDomain.AppleShowAllFiles = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to always show hidden files. The default is false. ''; }; @@ -19,7 +19,7 @@ in { system.defaults.NSGlobalDomain.AppleEnableMouseSwipeNavigateWithScrolls = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Enables swiping left or right with two fingers to navigate backward or forward. The default is true. ''; }; @@ -27,7 +27,7 @@ in { system.defaults.NSGlobalDomain.AppleEnableSwipeNavigateWithScrolls = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Enables swiping left or right with two fingers to navigate backward or forward. The default is true. ''; }; @@ -35,7 +35,7 @@ in { system.defaults.NSGlobalDomain.AppleFontSmoothing = mkOption { type = types.nullOr (types.enum [ 0 1 2 ]); default = null; - description = lib.mdDoc '' + description = '' Sets the level of font smoothing (sub-pixel font rendering). ''; }; @@ -43,7 +43,7 @@ in { system.defaults.NSGlobalDomain.AppleInterfaceStyle = mkOption { type = types.nullOr (types.enum [ "Dark" ]); default = null; - description = lib.mdDoc '' + description = '' Set to 'Dark' to enable dark mode, or leave unset for normal mode. ''; }; @@ -51,7 +51,7 @@ in { system.defaults.NSGlobalDomain.AppleInterfaceStyleSwitchesAutomatically = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to automatically switch between light and dark mode. The default is false. ''; }; @@ -59,7 +59,7 @@ in { system.defaults.NSGlobalDomain.AppleKeyboardUIMode = mkOption { type = types.nullOr (types.enum [ 3 ]); default = null; - description = lib.mdDoc '' + description = '' Configures the keyboard control behavior. Mode 3 enables full keyboard control. ''; }; @@ -67,7 +67,7 @@ in { system.defaults.NSGlobalDomain.ApplePressAndHoldEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable the press-and-hold feature. The default is true. ''; }; @@ -75,7 +75,7 @@ in { system.defaults.NSGlobalDomain.AppleShowAllExtensions = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to show all file extensions in Finder. The default is false. ''; }; @@ -83,7 +83,7 @@ in { system.defaults.NSGlobalDomain.AppleShowScrollBars = mkOption { type = types.nullOr (types.enum [ "WhenScrolling" "Automatic" "Always" ]); default = null; - description = lib.mdDoc '' + description = '' When to show the scrollbars. Options are 'WhenScrolling', 'Automatic' and 'Always'. ''; }; @@ -91,7 +91,7 @@ in { system.defaults.NSGlobalDomain.AppleScrollerPagingBehavior = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Jump to the spot that's clicked on the scroll bar. The default is false. ''; }; @@ -99,7 +99,7 @@ in { system.defaults.NSGlobalDomain.NSAutomaticCapitalizationEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable automatic capitalization. The default is true. ''; }; @@ -107,7 +107,7 @@ in { system.defaults.NSGlobalDomain.NSAutomaticDashSubstitutionEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable smart dash substitution. The default is true. ''; }; @@ -115,7 +115,7 @@ in { system.defaults.NSGlobalDomain.NSAutomaticPeriodSubstitutionEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable smart period substitution. The default is true. ''; }; @@ -123,7 +123,7 @@ in { system.defaults.NSGlobalDomain.NSAutomaticQuoteSubstitutionEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable smart quote substitution. The default is true. ''; }; @@ -131,7 +131,7 @@ in { system.defaults.NSGlobalDomain.NSAutomaticSpellingCorrectionEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable automatic spelling correction. The default is true. ''; }; @@ -139,7 +139,7 @@ in { system.defaults.NSGlobalDomain.NSAutomaticWindowAnimationsEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to animate opening and closing of windows and popovers. The default is true. ''; }; @@ -147,7 +147,7 @@ in { system.defaults.NSGlobalDomain.NSDisableAutomaticTermination = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to disable the automatic termination of inactive apps. ''; }; @@ -155,7 +155,7 @@ in { system.defaults.NSGlobalDomain.NSDocumentSaveNewDocumentsToCloud = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to save new documents to iCloud by default. The default is true. ''; }; @@ -163,7 +163,7 @@ in { system.defaults.NSGlobalDomain.AppleWindowTabbingMode = mkOption { type = types.nullOr (types.enum [ "manual" "always" "fullscreen" ]); default = null; - description = lib.mdDoc '' + description = '' Sets the window tabbing when opening a new document: 'manual', 'always', or 'fullscreen'. The default is 'fullscreen'. ''; }; @@ -171,7 +171,7 @@ in { system.defaults.NSGlobalDomain.NSNavPanelExpandedStateForSaveMode = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to use expanded save panel by default. The default is false. ''; }; @@ -179,7 +179,7 @@ in { system.defaults.NSGlobalDomain.NSNavPanelExpandedStateForSaveMode2 = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to use expanded save panel by default. The default is false. ''; }; @@ -187,7 +187,7 @@ in { system.defaults.NSGlobalDomain.NSTableViewDefaultSizeMode = mkOption { type = types.nullOr (types.enum [ 1 2 3 ]); default = null; - description = lib.mdDoc '' + description = '' Sets the size of the finder sidebar icons: 1 (small), 2 (medium) or 3 (large). The default is 3. ''; }; @@ -195,7 +195,7 @@ in { system.defaults.NSGlobalDomain.NSTextShowsControlCharacters = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to display ASCII control characters using caret notation in standard text views. The default is false. ''; }; @@ -203,7 +203,7 @@ in { system.defaults.NSGlobalDomain.NSUseAnimatedFocusRing = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable the focus ring animation. The default is true. ''; }; @@ -211,7 +211,7 @@ in { system.defaults.NSGlobalDomain.NSScrollAnimationEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable smooth scrolling. The default is true. ''; }; @@ -220,7 +220,7 @@ in { type = types.nullOr floatWithDeprecationError; default = null; example = 0.20; - description = lib.mdDoc '' + description = '' Sets the speed speed of window resizing. The default is given in the example. ''; }; @@ -228,7 +228,7 @@ in { system.defaults.NSGlobalDomain.NSWindowShouldDragOnGesture = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable moving window by holding anywhere on it like on Linux. The default is false. ''; }; @@ -236,7 +236,7 @@ in { system.defaults.NSGlobalDomain.InitialKeyRepeat = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Keyboard If you press and hold certain keyboard keys when in a text area, the key’s character begins to repeat. @@ -249,7 +249,7 @@ in { system.defaults.NSGlobalDomain.KeyRepeat = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Keyboard If you press and hold certain keyboard keys when in a text area, the key’s character begins to repeat. @@ -262,7 +262,7 @@ in { system.defaults.NSGlobalDomain.PMPrintingExpandedStateForPrint = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to use the expanded print panel by default. The default is false. ''; }; @@ -270,7 +270,7 @@ in { system.defaults.NSGlobalDomain.PMPrintingExpandedStateForPrint2 = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to use the expanded print panel by default. The default is false. ''; }; @@ -278,7 +278,7 @@ in { system.defaults.NSGlobalDomain."com.apple.keyboard.fnState" = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Use F1, F2, etc. keys as standard function keys. ''; }; @@ -286,7 +286,7 @@ in { system.defaults.NSGlobalDomain."com.apple.mouse.tapBehavior" = mkOption { type = types.nullOr (types.enum [ 1 ]); default = null; - description = lib.mdDoc '' + description = '' Configures the trackpad tap behavior. Mode 1 enables tap to click. ''; }; @@ -294,7 +294,7 @@ in { system.defaults.NSGlobalDomain."com.apple.sound.beep.volume" = mkOption { type = types.nullOr floatWithDeprecationError; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Sound Sets the beep/alert volume level from 0.000 (muted) to 1.000 (100% volume). @@ -310,7 +310,7 @@ in { system.defaults.NSGlobalDomain."com.apple.sound.beep.feedback" = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Sound Make a feedback sound when the system volume changed. This setting accepts @@ -321,7 +321,7 @@ in { system.defaults.NSGlobalDomain."com.apple.trackpad.enableSecondaryClick" = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable trackpad secondary click. The default is true. ''; }; @@ -329,7 +329,7 @@ in { system.defaults.NSGlobalDomain."com.apple.trackpad.trackpadCornerClickBehavior" = mkOption { type = types.nullOr (types.enum [ 1 ]); default = null; - description = lib.mdDoc '' + description = '' Configures the trackpad corner click behavior. Mode 1 enables right click. ''; }; @@ -337,7 +337,7 @@ in { system.defaults.NSGlobalDomain."com.apple.trackpad.scaling" = mkOption { type = types.nullOr floatWithDeprecationError; default = null; - description = lib.mdDoc '' + description = '' Configures the trackpad tracking speed (0 to 3). The default is "1". ''; }; @@ -345,7 +345,7 @@ in { system.defaults.NSGlobalDomain."com.apple.springing.enabled" = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable spring loading (expose) for directories. ''; }; @@ -354,7 +354,7 @@ in { type = types.nullOr floatWithDeprecationError; default = null; example = 1.0; - description = lib.mdDoc '' + description = '' Set the spring loading delay for directories. The default is given in the example. ''; }; @@ -362,7 +362,7 @@ in { system.defaults.NSGlobalDomain."com.apple.swipescrolldirection" = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable "Natural" scrolling direction. The default is true. ''; }; @@ -370,7 +370,7 @@ in { system.defaults.NSGlobalDomain.AppleMeasurementUnits = mkOption { type = types.nullOr (types.enum [ "Centimeters" "Inches" ]); default = null; - description = lib.mdDoc '' + description = '' Whether to use centimeters (metric) or inches (US, UK) as the measurement unit. The default is based on region settings. ''; }; @@ -378,7 +378,7 @@ in { system.defaults.NSGlobalDomain.AppleMetricUnits = mkOption { type = types.nullOr (types.enum [ 0 1 ]); default = null; - description = lib.mdDoc '' + description = '' Whether to use the metric system. The default is based on region settings. ''; }; @@ -386,7 +386,7 @@ in { system.defaults.NSGlobalDomain.AppleTemperatureUnit = mkOption { type = types.nullOr (types.enum [ "Celsius" "Fahrenheit" ]); default = null; - description = lib.mdDoc '' + description = '' Whether to use Celsius or Fahrenheit. The default is based on region settings. ''; }; @@ -394,7 +394,7 @@ in { system.defaults.NSGlobalDomain.AppleICUForce24HourTime = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to use 24-hour or 12-hour time. The default is based on region settings. ''; }; @@ -402,7 +402,7 @@ in { system.defaults.NSGlobalDomain._HIHideMenuBar = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to autohide the menu bar. The default is false. ''; }; diff --git a/modules/system/defaults/SoftwareUpdate.nix b/modules/system/defaults/SoftwareUpdate.nix index 2882e8c..ec89bce 100644 --- a/modules/system/defaults/SoftwareUpdate.nix +++ b/modules/system/defaults/SoftwareUpdate.nix @@ -7,7 +7,7 @@ with lib; system.defaults.SoftwareUpdate.AutomaticallyInstallMacOSUpdates = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Automatically install Mac OS software updates. Defaults to false. ''; }; diff --git a/modules/system/defaults/alf.nix b/modules/system/defaults/alf.nix index 6b82eca..96a9806 100644 --- a/modules/system/defaults/alf.nix +++ b/modules/system/defaults/alf.nix @@ -7,7 +7,7 @@ with lib; system.defaults.alf.globalstate = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Security and Privacy > Firewall Enable the internal firewall to prevent unauthorised applications, programs @@ -22,7 +22,7 @@ with lib; system.defaults.alf.allowsignedenabled = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Security and Privacy > Firewall Allows any signed Application to accept incoming requests. Default is true. @@ -35,7 +35,7 @@ with lib; system.defaults.alf.allowdownloadsignedenabled = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Security and Privacy > Firewall Allows any downloaded Application that has been signed to accept incoming requests. Default is 0. @@ -48,7 +48,7 @@ with lib; system.defaults.alf.loggingenabled = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Security and Privacy > Firewall Enable logging of requests made to the firewall. Default is 0. @@ -61,7 +61,7 @@ with lib; system.defaults.alf.stealthenabled = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Security and firewall Drops incoming requests via ICMP such as ping requests. Default is 0. diff --git a/modules/system/defaults/clock.nix b/modules/system/defaults/clock.nix index cd5c0e8..ef2cac4 100644 --- a/modules/system/defaults/clock.nix +++ b/modules/system/defaults/clock.nix @@ -8,7 +8,7 @@ with lib; system.defaults.menuExtraClock.IsAnalog = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Show an analog clock instead of a digital one. Default is null. ''; }; @@ -16,7 +16,7 @@ with lib; system.defaults.menuExtraClock.Show24Hour = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Show a 24-hour clock, instead of a 12-hour clock. Default is null. ''; }; @@ -24,7 +24,7 @@ with lib; system.defaults.menuExtraClock.ShowAMPM = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Show the AM/PM label. Useful if Show24Hour is false. Default is null. ''; }; @@ -32,7 +32,7 @@ with lib; system.defaults.menuExtraClock.ShowDayOfMonth = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Show the day of the month. Default is null. ''; }; @@ -40,7 +40,7 @@ with lib; system.defaults.menuExtraClock.ShowDayOfWeek = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Show the day of the week. Default is null. ''; }; @@ -48,7 +48,7 @@ with lib; system.defaults.menuExtraClock.ShowDate = mkOption { type = types.nullOr (types.enum [ 0 1 2 ]); default = null; - description = lib.mdDoc '' + description = '' Show the full date. Default is null. 0 = Show the date @@ -62,7 +62,7 @@ with lib; system.defaults.menuExtraClock.ShowSeconds = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Show the clock with second precision, instead of minutes. Default is null. ''; }; diff --git a/modules/system/defaults/dock.nix b/modules/system/defaults/dock.nix index 9d54f75..27772ca 100644 --- a/modules/system/defaults/dock.nix +++ b/modules/system/defaults/dock.nix @@ -11,7 +11,7 @@ in { system.defaults.dock.appswitcher-all-displays = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to display the appswitcher on all displays or only the main one. The default is false. ''; }; @@ -19,7 +19,7 @@ in { system.defaults.dock.autohide = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to automatically hide and show the dock. The default is false. ''; }; @@ -28,7 +28,7 @@ in { type = types.nullOr floatWithDeprecationError; default = null; example = 0.24; - description = lib.mdDoc '' + description = '' Sets the speed of the autohide delay. The default is given in the example. ''; }; @@ -37,7 +37,7 @@ in { type = types.nullOr floatWithDeprecationError; default = null; example = 1.0; - description = lib.mdDoc '' + description = '' Sets the speed of the animation when hiding/showing the Dock. The default is given in the example. ''; }; @@ -45,7 +45,7 @@ in { system.defaults.dock.dashboard-in-overlay = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to hide Dashboard as a Space. The default is false. ''; }; @@ -53,7 +53,7 @@ in { system.defaults.dock.enable-spring-load-actions-on-all-items = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Enable spring loading for all Dock items. The default is false. ''; }; @@ -62,7 +62,7 @@ in { type = types.nullOr floatWithDeprecationError; default = null; example = 1.0; - description = lib.mdDoc '' + description = '' Sets the speed of the Mission Control animations. The default is given in the example. ''; }; @@ -70,7 +70,7 @@ in { system.defaults.dock.expose-group-by-app = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to group windows by application in Mission Control's Exposé. The default is true. ''; }; @@ -78,7 +78,7 @@ in { system.defaults.dock.launchanim = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Animate opening applications from the Dock. The default is true. ''; }; @@ -86,7 +86,7 @@ in { system.defaults.dock.mineffect = mkOption { type = types.nullOr (types.enum [ "genie" "suck" "scale" ]); default = null; - description = lib.mdDoc '' + description = '' Set the minimize/maximize window effect. The default is genie. ''; }; @@ -94,7 +94,7 @@ in { system.defaults.dock.minimize-to-application = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to minimize windows into their application icon. The default is false. ''; }; @@ -102,7 +102,7 @@ in { system.defaults.dock.mouse-over-hilite-stack = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Enable highlight hover effect for the grid view of a stack in the Dock. ''; }; @@ -110,7 +110,7 @@ in { system.defaults.dock.mru-spaces = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to automatically rearrange spaces based on most recent use. The default is true. ''; }; @@ -118,7 +118,7 @@ in { system.defaults.dock.orientation = mkOption { type = types.nullOr (types.enum [ "bottom" "left" "right" ]); default = null; - description = lib.mdDoc '' + description = '' Position of the dock on screen. The default is "bottom". ''; }; @@ -127,7 +127,7 @@ in { type = types.nullOr (types.listOf (types.either types.path types.str)); default = null; example = [ "/Applications/Safari.app" "/System/Applications/Utilities/Terminal.app" ]; - description = lib.mdDoc '' + description = '' Persistent applications in the dock. ''; apply = value: @@ -139,7 +139,7 @@ in { system.defaults.dock.show-process-indicators = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Show indicator lights for open applications in the Dock. The default is true. ''; }; @@ -147,7 +147,7 @@ in { system.defaults.dock.showhidden = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to make icons of hidden applications tranclucent. The default is false. ''; }; @@ -155,7 +155,7 @@ in { system.defaults.dock.show-recents = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Show recent applications in the dock. The default is true. ''; }; @@ -163,7 +163,7 @@ in { system.defaults.dock.static-only = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Show only open applications in the Dock. The default is false. ''; }; @@ -171,7 +171,7 @@ in { system.defaults.dock.tilesize = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Size of the icons in the dock. The default is 64. ''; }; @@ -179,7 +179,7 @@ in { system.defaults.dock.magnification = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Magnify icon on hover. The default is false. ''; }; @@ -187,7 +187,7 @@ in { system.defaults.dock.largesize = mkOption { type = types.nullOr (types.ints.between 16 128); default = null; - description = lib.mdDoc '' + description = '' Magnified icon size on hover. The default is 16. ''; }; @@ -196,7 +196,7 @@ in { system.defaults.dock.wvous-tl-corner = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Hot corner action for top left corner. Valid values include: * `1`: Disabled @@ -217,7 +217,7 @@ in { system.defaults.dock.wvous-bl-corner = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Hot corner action for bottom left corner. Valid values include: * `1`: Disabled @@ -238,7 +238,7 @@ in { system.defaults.dock.wvous-tr-corner = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Hot corner action for top right corner. Valid values include: * `1`: Disabled @@ -259,7 +259,7 @@ in { system.defaults.dock.wvous-br-corner = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Hot corner action for bottom right corner. Valid values include: * `1`: Disabled diff --git a/modules/system/defaults/finder.nix b/modules/system/defaults/finder.nix index 1137e6c..478639f 100644 --- a/modules/system/defaults/finder.nix +++ b/modules/system/defaults/finder.nix @@ -8,7 +8,7 @@ with lib; system.defaults.finder.AppleShowAllFiles = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to always show hidden files. The default is false. ''; }; @@ -16,7 +16,7 @@ with lib; system.defaults.finder.ShowStatusBar = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Show status bar at bottom of finder windows with item/disk space stats. The default is false. ''; }; @@ -24,7 +24,7 @@ with lib; system.defaults.finder.ShowPathbar = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Show path breadcrumbs in finder windows. The default is false. ''; }; @@ -32,7 +32,7 @@ with lib; system.defaults.finder.FXDefaultSearchScope = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Change the default search scope. Use "SCcf" to default to current folder. The default is unset ("This Mac"). ''; @@ -41,7 +41,7 @@ with lib; system.defaults.finder.FXPreferredViewStyle = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Change the default finder view. "icnv" = Icon view, "Nlsv" = List view, "clmv" = Column View, "Flwv" = Gallery View The default is icnv. @@ -51,7 +51,7 @@ with lib; system.defaults.finder.AppleShowAllExtensions = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to always show file extensions. The default is false. ''; }; @@ -59,7 +59,7 @@ with lib; system.defaults.finder.CreateDesktop = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to show icons on the desktop or not. The default is true. ''; }; @@ -67,7 +67,7 @@ with lib; system.defaults.finder.QuitMenuItem = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to allow quitting of the Finder. The default is false. ''; }; @@ -75,7 +75,7 @@ with lib; system.defaults.finder._FXShowPosixPathInTitle = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to show the full POSIX filepath in the window title. The default is false. ''; }; @@ -83,7 +83,7 @@ with lib; system.defaults.finder.FXEnableExtensionChangeWarning = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to show warnings when change the file extension of files. The default is true. ''; }; diff --git a/modules/system/defaults/loginwindow.nix b/modules/system/defaults/loginwindow.nix index 81f7dfa..a8a06eb 100644 --- a/modules/system/defaults/loginwindow.nix +++ b/modules/system/defaults/loginwindow.nix @@ -7,7 +7,7 @@ with lib; system.defaults.loginwindow.SHOWFULLNAME = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Users and Groups > Login Options Displays login window as a name and password field instead of a list of users. @@ -18,7 +18,7 @@ with lib; system.defaults.loginwindow.autoLoginUser = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Users and Groups > Login Options Auto login the supplied user on boot. Default is Off. @@ -28,7 +28,7 @@ with lib; system.defaults.loginwindow.GuestEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Users and Groups > Login Options Allow users to login to the machine as guests using the Guest account. Default is true. @@ -38,7 +38,7 @@ with lib; system.defaults.loginwindow.LoginwindowText = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Text to be shown on the login window. Default is "\\\\U03bb". ''; }; @@ -46,7 +46,7 @@ with lib; system.defaults.loginwindow.ShutDownDisabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Users and Groups > Login Options Hides the Shut Down button on the login screen. Default is false. @@ -56,7 +56,7 @@ with lib; system.defaults.loginwindow.SleepDisabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Users and Groups > Login Options Hides the Sleep button on the login screen. Default is false. @@ -66,7 +66,7 @@ with lib; system.defaults.loginwindow.RestartDisabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Users and Groups > Login Options Hides the Restart button on the login screen. Default is false. @@ -76,7 +76,7 @@ with lib; system.defaults.loginwindow.ShutDownDisabledWhileLoggedIn = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Users and Groups > Login Options Disables the "Shutdown" option when users are logged in. Default is false. @@ -86,7 +86,7 @@ with lib; system.defaults.loginwindow.PowerOffDisabledWhileLoggedIn = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Users and Groups > Login Options If set to true, the Power Off menu item will be disabled when the user is logged in. Default is false. @@ -96,7 +96,7 @@ with lib; system.defaults.loginwindow.RestartDisabledWhileLoggedIn = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Users and Groups > Login Options Disables the “Restart” option when users are logged in. Default is false. @@ -106,7 +106,7 @@ with lib; system.defaults.loginwindow.DisableConsoleAccess = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Disables the ability for a user to access the console by typing “>console” for a username at the login window. Default is false. ''; diff --git a/modules/system/defaults/magicmouse.nix b/modules/system/defaults/magicmouse.nix index 56d7f71..9344ffe 100644 --- a/modules/system/defaults/magicmouse.nix +++ b/modules/system/defaults/magicmouse.nix @@ -11,7 +11,7 @@ with lib; "TwoButton" ]); default = null; - description = lib.mdDoc '' + description = '' "OneButton": any tap is a left click. "TwoButton": allow left- and right-clicking. ''; diff --git a/modules/system/defaults/screencapture.nix b/modules/system/defaults/screencapture.nix index 4483fd6..f7b926a 100644 --- a/modules/system/defaults/screencapture.nix +++ b/modules/system/defaults/screencapture.nix @@ -8,7 +8,7 @@ with lib; system.defaults.screencapture.location = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The filesystem path to which screencaptures should be written. ''; }; @@ -16,7 +16,7 @@ with lib; system.defaults.screencapture.type = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The image format to use, such as "jpg". ''; }; @@ -24,7 +24,7 @@ with lib; system.defaults.screencapture.disable-shadow = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Disable drop shadow border around screencaptures. The default is false. ''; }; diff --git a/modules/system/defaults/screensaver.nix b/modules/system/defaults/screensaver.nix index 68bd1e0..3e5032b 100644 --- a/modules/system/defaults/screensaver.nix +++ b/modules/system/defaults/screensaver.nix @@ -8,7 +8,7 @@ with lib; system.defaults.screensaver.askForPassword = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' If true, the user is prompted for a password when the screen saver is unlocked or stopped. The default is false. ''; }; @@ -16,7 +16,7 @@ with lib; system.defaults.screensaver.askForPasswordDelay = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The number of seconds to delay before the password will be required to unlock or stop the screen saver (the grace period). ''; }; diff --git a/modules/system/defaults/smb.nix b/modules/system/defaults/smb.nix index b694059..0bc8be5 100644 --- a/modules/system/defaults/smb.nix +++ b/modules/system/defaults/smb.nix @@ -7,13 +7,13 @@ with lib; system.defaults.smb.NetBIOSName = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Hostname to use for NetBIOS."; + description = "Hostname to use for NetBIOS."; }; system.defaults.smb.ServerDescription = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Hostname to use for sharing services."; + description = "Hostname to use for sharing services."; }; }; } diff --git a/modules/system/defaults/spaces.nix b/modules/system/defaults/spaces.nix index 4b535d1..ac2355b 100644 --- a/modules/system/defaults/spaces.nix +++ b/modules/system/defaults/spaces.nix @@ -7,7 +7,7 @@ with lib; system.defaults.spaces.spans-displays = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Apple menu > System Preferences > Mission Control Displays have separate Spaces (note a logout is required before diff --git a/modules/system/defaults/trackpad.nix b/modules/system/defaults/trackpad.nix index ff5e2bb..edb6375 100644 --- a/modules/system/defaults/trackpad.nix +++ b/modules/system/defaults/trackpad.nix @@ -8,7 +8,7 @@ with lib; system.defaults.trackpad.Clicking = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable trackpad tap to click. The default is false. ''; }; @@ -16,7 +16,7 @@ with lib; system.defaults.trackpad.Dragging = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable tap-to-drag. The default is false. ''; }; @@ -24,7 +24,7 @@ with lib; system.defaults.trackpad.TrackpadRightClick = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable trackpad right click. The default is false. ''; }; @@ -32,7 +32,7 @@ with lib; system.defaults.trackpad.TrackpadThreeFingerDrag = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable three finger drag. The default is false. ''; }; @@ -40,7 +40,7 @@ with lib; system.defaults.trackpad.ActuationStrength = mkOption { type = types.nullOr (types.enum [ 0 1 ]); default = null; - description = lib.mdDoc '' + description = '' 0 to enable Silent Clicking, 1 to disable. The default is 1. ''; }; @@ -48,7 +48,7 @@ with lib; system.defaults.trackpad.FirstClickThreshold = mkOption { type = types.nullOr (types.enum [ 0 1 2 ]); default = null; - description = lib.mdDoc '' + description = '' For normal click: 0 for light clicking, 1 for medium, 2 for firm. The default is 1. ''; @@ -57,7 +57,7 @@ with lib; system.defaults.trackpad.SecondClickThreshold = mkOption { type = types.nullOr (types.enum [ 0 1 2 ]); default = null; - description = lib.mdDoc '' + description = '' For force touch: 0 for light clicking, 1 for medium, 2 for firm. The default is 1. ''; diff --git a/modules/system/defaults/universalaccess.nix b/modules/system/defaults/universalaccess.nix index 8d012e6..8a2de90 100644 --- a/modules/system/defaults/universalaccess.nix +++ b/modules/system/defaults/universalaccess.nix @@ -9,7 +9,7 @@ with lib; type = types.nullOr types.float; default = null; example = 1.5; - description = lib.mdDoc '' + description = '' Set the size of cursor. 1 for normal, 4 for maximum. The default is 1. ''; @@ -18,7 +18,7 @@ with lib; system.defaults.universalaccess.reduceMotion = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Disable animation when switching screens or opening apps ''; }; @@ -26,7 +26,7 @@ with lib; system.defaults.universalaccess.reduceTransparency = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Disable transparency in the menu bar and elsewhere. Requires macOS Yosemite or later. The default is false. @@ -36,7 +36,7 @@ with lib; system.defaults.universalaccess.closeViewScrollWheelToggle = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Use scroll gesture with the Ctrl (^) modifier key to zoom. The default is false. ''; @@ -45,7 +45,7 @@ with lib; system.defaults.universalaccess.closeViewZoomFollowsFocus = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Follow the keyboard focus while zoomed in. Without setting `closeViewScrollWheelToggle` this has no effect. The default is false. diff --git a/modules/system/etc.nix b/modules/system/etc.nix index 1c41526..008fb1c 100644 --- a/modules/system/etc.nix +++ b/modules/system/etc.nix @@ -20,7 +20,7 @@ in environment.etc = mkOption { type = types.attrsOf (types.submodule text); default = { }; - description = lib.mdDoc '' + description = '' Set of files that have to be linked in {file}`/etc`. ''; }; diff --git a/modules/system/keyboard.nix b/modules/system/keyboard.nix index 6e4275e..01e2525 100644 --- a/modules/system/keyboard.nix +++ b/modules/system/keyboard.nix @@ -11,38 +11,38 @@ in system.keyboard.enableKeyMapping = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable keyboard mappings."; + description = "Whether to enable keyboard mappings."; }; system.keyboard.remapCapsLockToControl = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to remap the Caps Lock key to Control."; + description = "Whether to remap the Caps Lock key to Control."; }; system.keyboard.remapCapsLockToEscape = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to remap the Caps Lock key to Escape."; + description = "Whether to remap the Caps Lock key to Escape."; }; system.keyboard.nonUS.remapTilde = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to remap the Tilde key on non-us keyboards."; + description = "Whether to remap the Tilde key on non-us keyboards."; }; system.keyboard.swapLeftCommandAndLeftAlt = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to swap the left Command key and left Alt key."; + description = "Whether to swap the left Command key and left Alt key."; }; system.keyboard.userKeyMapping = mkOption { internal = true; type = types.listOf (types.attrsOf types.int); default = []; - description = lib.mdDoc '' + description = '' List of keyboard mappings to apply, for more information see . ''; diff --git a/modules/system/launchd.nix b/modules/system/launchd.nix index 7f6b485..cdb6549 100644 --- a/modules/system/launchd.nix +++ b/modules/system/launchd.nix @@ -59,7 +59,7 @@ in environment.launchAgents = mkOption { type = types.attrsOf (types.submodule text); default = { }; - description = lib.mdDoc '' + description = '' Set of files that have to be linked in {file}`/Library/LaunchAgents`. ''; }; @@ -67,7 +67,7 @@ in environment.launchDaemons = mkOption { type = types.attrsOf (types.submodule text); default = { }; - description = lib.mdDoc '' + description = '' Set of files that have to be linked in {file}`/Library/LaunchDaemons`. ''; }; @@ -75,7 +75,7 @@ in environment.userLaunchAgents = mkOption { type = types.attrsOf (types.submodule text); default = { }; - description = lib.mdDoc '' + description = '' Set of files that have to be linked in {file}`~/Library/LaunchAgents`. ''; }; diff --git a/modules/system/nvram.nix b/modules/system/nvram.nix index efc9c99..48e75fb 100644 --- a/modules/system/nvram.nix +++ b/modules/system/nvram.nix @@ -22,7 +22,7 @@ in example = { "StartupMute" = "%01"; }; - description = lib.mdDoc '' + description = '' Non-volatile RAM variables to set. Removing a key-value pair from this list will **not** return the variable to its previous value, but will no longer set its value on system configuration activations. diff --git a/modules/system/patches.nix b/modules/system/patches.nix index 9ac15ec..4f96501 100644 --- a/modules/system/patches.nix +++ b/modules/system/patches.nix @@ -26,7 +26,7 @@ in '''') ] ''; - description = lib.mdDoc '' + description = '' Set of patches to apply to {file}`/`. ::: {.warning} diff --git a/modules/system/shells.nix b/modules/system/shells.nix index 9399327..0b599d9 100644 --- a/modules/system/shells.nix +++ b/modules/system/shells.nix @@ -12,7 +12,7 @@ in type = types.listOf (types.either types.shellPackage types.path); default = []; example = literalExpression "[ pkgs.bashInteractive pkgs.zsh ]"; - description = lib.mdDoc '' + description = '' A list of permissible login shells for user accounts. No need to mention `/bin/sh` and other shells that are available by default on diff --git a/modules/system/startup.nix b/modules/system/startup.nix index ecbef46..ae7f2ef 100644 --- a/modules/system/startup.nix +++ b/modules/system/startup.nix @@ -14,7 +14,7 @@ in type = with lib.types; nullOr bool; default = null; example = false; - description = lib.mdDoc '' + description = '' Whether to enable the startup chime. By default, this option does not affect your system configuration in any way. diff --git a/modules/system/version.nix b/modules/system/version.nix index 3effb50..fa6ce6e 100644 --- a/modules/system/version.nix +++ b/modules/system/version.nix @@ -36,7 +36,7 @@ in system.stateVersion = mkOption { type = types.int; default = 4; - description = lib.mdDoc '' + description = '' Every once in a while, a new NixOS release may change configuration defaults in a way incompatible with stateful data. For instance, if the default version of PostgreSQL @@ -51,14 +51,14 @@ in system.darwinLabel = mkOption { type = types.str; - description = lib.mdDoc "Label to be used in the names of generated outputs."; + description = "Label to be used in the names of generated outputs."; }; system.darwinVersion = mkOption { internal = true; type = types.str; default = "darwin${toString cfg.stateVersion}${cfg.darwinVersionSuffix}"; - description = lib.mdDoc "The full darwin version (e.g. `darwin4.2abdb5a`)."; + description = "The full darwin version (e.g. `darwin4.2abdb5a`)."; }; system.darwinVersionSuffix = mkOption { @@ -67,28 +67,28 @@ in default = if cfg.darwinRevision != null then ".${substring 0 7 cfg.darwinRevision}" else ""; - description = lib.mdDoc "The short darwin version suffix (e.g. `.2abdb5a`)."; + description = "The short darwin version suffix (e.g. `.2abdb5a`)."; }; system.darwinRevision = mkOption { internal = true; type = types.nullOr types.str; default = gitRevision (toString ../..); - description = lib.mdDoc "The darwin git revision from which this configuration was built."; + description = "The darwin git revision from which this configuration was built."; }; system.nixpkgsRelease = mkOption { readOnly = true; type = types.str; default = lib.trivial.release; - description = lib.mdDoc "The nixpkgs release (e.g. `16.03`)."; + description = "The nixpkgs release (e.g. `16.03`)."; }; system.nixpkgsVersion = mkOption { internal = true; type = types.str; default = cfg.nixpkgsRelease + cfg.nixpkgsVersionSuffix; - description = lib.mdDoc "The full nixpkgs version (e.g. `16.03.1160.f2d4ee1`)."; + description = "The full nixpkgs version (e.g. `16.03.1160.f2d4ee1`)."; }; system.nixpkgsVersionSuffix = mkOption { @@ -97,7 +97,7 @@ in default = if useSourceRevision then ".${lib.substring 0 8 (nixpkgsSrc.lastModifiedDate or nixpkgsSrc.lastModified or "19700101")}.${nixpkgsSrc.shortRev or "dirty"}" else lib.trivial.versionSuffix; - description = lib.mdDoc "The short nixpkgs version suffix (e.g. `.1160.f2d4ee1`)."; + description = "The short nixpkgs version suffix (e.g. `.1160.f2d4ee1`)."; }; system.nixpkgsRevision = mkOption { @@ -106,13 +106,13 @@ in default = if useSourceRevision && nixpkgsSrc ? rev then nixpkgsSrc.rev else lib.trivial.revisionWithDefault null; - description = lib.mdDoc "The nixpkgs git revision from which this configuration was built."; + description = "The nixpkgs git revision from which this configuration was built."; }; system.configurationRevision = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "The Git revision of the top-level flake from which this configuration was built."; + description = "The Git revision of the top-level flake from which this configuration was built."; }; }; diff --git a/modules/time/default.nix b/modules/time/default.nix index d3fa34d..28724a5 100644 --- a/modules/time/default.nix +++ b/modules/time/default.nix @@ -23,7 +23,7 @@ in type = types.nullOr types.str; default = null; example = "America/New_York"; - description = lib.mdDoc '' + description = '' The time zone used when displaying times and dates. See or run {command}`sudo systemsetup -listtimezones` for a comprehensive list of possible values for this setting. diff --git a/modules/users/default.nix b/modules/users/default.nix index 25cc97e..cd0986d 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -39,7 +39,7 @@ in users.knownGroups = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List of groups owned and managed by nix-darwin. Used to indicate what users are safe to create/delete based on the configuration. Don't add system groups to this. @@ -49,7 +49,7 @@ in users.knownUsers = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List of users owned and managed by nix-darwin. Used to indicate what users are safe to create/delete based on the configuration. Don't add the admin user or other system users to this. @@ -59,13 +59,13 @@ in users.groups = mkOption { type = types.attrsOf (types.submodule group); default = {}; - description = lib.mdDoc "Configuration for groups."; + description = "Configuration for groups."; }; users.users = mkOption { type = types.attrsOf (types.submodule user); default = {}; - description = lib.mdDoc "Configuration for users."; + description = "Configuration for users."; }; users.gids = mkOption { @@ -84,7 +84,7 @@ in internal = true; type = types.bool; default = false; - description = lib.mdDoc "Remove and recreate existing groups/users."; + description = "Remove and recreate existing groups/users."; }; }; diff --git a/modules/users/group.nix b/modules/users/group.nix index cfda76f..1dc26f1 100644 --- a/modules/users/group.nix +++ b/modules/users/group.nix @@ -6,7 +6,7 @@ with lib; options = { name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The group's name. If undefined, the name of the attribute set will be used. ''; @@ -17,19 +17,19 @@ with lib; name = "gid"; check = t: isInt t && t > 501; }; - description = lib.mdDoc "The group's GID."; + description = "The group's GID."; }; members = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "The group's members."; + description = "The group's members."; }; description = mkOption { type = types.str; default = ""; - description = lib.mdDoc "The group's description."; + description = "The group's description."; }; }; diff --git a/modules/users/user.nix b/modules/users/user.nix index 60592fc..4e3f1c9 100644 --- a/modules/users/user.nix +++ b/modules/users/user.nix @@ -6,7 +6,7 @@ with lib; options = { name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The name of the user account. If undefined, the name of the attribute set will be used. ''; @@ -16,7 +16,7 @@ with lib; type = types.str; default = ""; example = "Alice Q. User"; - description = lib.mdDoc '' + description = '' A short description of the user account, typically the user's full name. ''; @@ -24,19 +24,19 @@ with lib; uid = mkOption { type = types.int; - description = lib.mdDoc "The user's UID."; + description = "The user's UID."; }; gid = mkOption { type = types.int; default = 20; - description = lib.mdDoc "The user's primary group."; + description = "The user's primary group."; }; isHidden = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to make the user account hidden."; + description = "Whether to make the user account hidden."; }; # extraGroups = mkOption { @@ -48,27 +48,27 @@ with lib; home = mkOption { type = types.path; default = "/var/empty"; - description = lib.mdDoc "The user's home directory."; + description = "The user's home directory."; }; createHome = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Create the home directory when creating the user."; + description = "Create the home directory when creating the user."; }; shell = mkOption { type = types.either types.shellPackage types.path; default = "/sbin/nologin"; example = literalExpression "pkgs.bashInteractive"; - description = lib.mdDoc "The user's shell."; + description = "The user's shell."; }; packages = mkOption { type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.firefox pkgs.thunderbird ]"; - description = lib.mdDoc '' + description = '' The set of packages that should be made availabe to the user. This is in contrast to {option}`environment.systemPackages`, which adds packages to all users. -- cgit v1.2.3 From ec06ea883757c6075c61d1426f40719742d51f59 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 24 Apr 2024 15:55:01 +1000 Subject: nix-daemon: increase SoftResourceLimits.NumberOfFiles 1048576 matches the nixos/nix plist https://github.com/NixOS/nix/blob/e3a4e40a354e1c2d177541d24d6a86a001fa87c7/misc/launchd/org.nixos.nix-daemon.plist.in#L29 --- modules/services/nix-daemon.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/services/nix-daemon.nix b/modules/services/nix-daemon.nix index d652dae..42d31c9 100644 --- a/modules/services/nix-daemon.nix +++ b/modules/services/nix-daemon.nix @@ -51,7 +51,7 @@ in serviceConfig.ProcessType = config.nix.daemonProcessType; serviceConfig.LowPriorityIO = config.nix.daemonIOLowPriority; serviceConfig.Label = "org.nixos.nix-daemon"; # must match daemon installed by Nix regardless of the launchd label Prefix - serviceConfig.SoftResourceLimits.NumberOfFiles = mkDefault 4096; + serviceConfig.SoftResourceLimits.NumberOfFiles = mkDefault 1048576; serviceConfig.StandardErrorPath = cfg.logFile; serviceConfig.KeepAlive = mkIf (!cfg.enableSocketListener) true; -- cgit v1.2.3 From 457a5d99529818fdbcf3af17b3604a8ab778bc0b Mon Sep 17 00:00:00 2001 From: Ricardo Pinto Date: Mon, 8 Apr 2024 14:09:25 +0100 Subject: Add persistent others to dock --- modules/system/defaults/dock.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'modules') diff --git a/modules/system/defaults/dock.nix b/modules/system/defaults/dock.nix index 27772ca..b48486e 100644 --- a/modules/system/defaults/dock.nix +++ b/modules/system/defaults/dock.nix @@ -136,6 +136,19 @@ in { else map (app: { tile-data = { file-data = { _CFURLString = app; _CFURLStringType = 0; }; }; }) value; }; + system.defaults.dock.persistent-others = mkOption { + type = types.nullOr (types.listOf (types.either types.path types.str)); + default = null; + example = [ "~/Documents" "~/Downloads" ]; + description = lib.mdDoc '' + Persistent folders in the dock. + ''; + apply = value: + if !(isList value) + then value + else map (folder: { tile-data = { file-data = { _CFURLString = folder; _CFURLStringType = 15; }; }; }) value; + }; + system.defaults.dock.show-process-indicators = mkOption { type = types.nullOr types.bool; default = null; -- cgit v1.2.3 From c8a8faedbc2ae80951fe4b5a92fb10de003d6aed Mon Sep 17 00:00:00 2001 From: Dominik Gleich Date: Mon, 20 May 2024 09:48:03 +0200 Subject: Change zsh default prompt --- modules/programs/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index fb928d6..bbf8ad9 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -55,7 +55,7 @@ in programs.zsh.promptInit = mkOption { type = types.lines; - default = "autoload -U promptinit && promptinit && prompt walters && setopt prompt_sp"; + default = "autoload -U promptinit && promptinit && prompt suse && setopt prompt_sp"; description = "Shell script code used to initialise the zsh prompt."; }; -- cgit v1.2.3 From 93913d14a310efc40fc84d58d278b96c73c37c65 Mon Sep 17 00:00:00 2001 From: Ricardo Pinto Date: Wed, 15 May 2024 07:49:00 +0100 Subject: Add file or directory tile to Dock persistent others --- modules/system/defaults/dock.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/defaults/dock.nix b/modules/system/defaults/dock.nix index 8c9741c..1e8797f 100644 --- a/modules/system/defaults/dock.nix +++ b/modules/system/defaults/dock.nix @@ -146,7 +146,7 @@ in { apply = value: if !(isList value) then value - else map (folder: { tile-data = { file-data = { _CFURLString = folder; _CFURLStringType = 15; }; }; }) value; + else map (folder: { tile-data = { file-data = { _CFURLString = "file://" + folder; _CFURLStringType = 15; }; }; tile-type = if strings.hasInfix "." (last (splitString "/" folder)) then "file-tile" else "directory-tile"; }) value; }; system.defaults.dock.show-process-indicators = mkOption { -- cgit v1.2.3 From e043606b50526f4b9eb14d983f406acec9548962 Mon Sep 17 00:00:00 2001 From: Sander Date: Thu, 16 May 2024 17:55:14 +0400 Subject: cachix-agent: fix crash calling `security` One of cachix-agent's dependencies, `hs-certificate`, makes calls to `security`. This lives in `/usr/bin`, which isn't available from launchd. This commit makes the system paths available to cachix-agent. Fixes #924. --- modules/services/cachix-agent.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/services/cachix-agent.nix b/modules/services/cachix-agent.nix index 0095d65..d9e4a90 100644 --- a/modules/services/cachix-agent.nix +++ b/modules/services/cachix-agent.nix @@ -58,7 +58,7 @@ in { exec ${cfg.package}/bin/cachix deploy agent ${cfg.name} ''; - path = [ config.nix.package pkgs.coreutils ]; + path = [ config.nix.package pkgs.coreutils config.environment.systemPath ]; environment = { NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; -- cgit v1.2.3 From de20ea4882e22e50d13ec92e44f9bd52b99b38b6 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 16 May 2024 12:48:56 -0400 Subject: remove final lib.mddoc --- modules/system/defaults/dock.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/defaults/dock.nix b/modules/system/defaults/dock.nix index b48486e..8c9741c 100644 --- a/modules/system/defaults/dock.nix +++ b/modules/system/defaults/dock.nix @@ -140,7 +140,7 @@ in { type = types.nullOr (types.listOf (types.either types.path types.str)); default = null; example = [ "~/Documents" "~/Downloads" ]; - description = lib.mdDoc '' + description = '' Persistent folders in the dock. ''; apply = value: -- cgit v1.2.3 From 251eaabfa0f421a864e75e6b1a23c2c73e7bc332 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 21 May 2024 23:16:46 +1000 Subject: hercules-ci-agent: fix crash calling `security` this applies the same fix that was used for the cachix agent in e043606b50526f4b9eb14d983f406acec9548962 --- modules/services/hercules-ci-agent/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/services/hercules-ci-agent/default.nix b/modules/services/hercules-ci-agent/default.nix index d9fbf37..fc3d952 100644 --- a/modules/services/hercules-ci-agent/default.nix +++ b/modules/services/hercules-ci-agent/default.nix @@ -25,7 +25,7 @@ in launchd.daemons.hercules-ci-agent = { script = "exec ${cfg.package}/bin/hercules-ci-agent --config ${cfg.tomlFile}"; - path = [ config.nix.package ]; + path = [ config.nix.package config.environment.systemPath ]; environment = { NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; }; -- cgit v1.2.3 From 7f897008d4f3c7dda86e19106169eb947a0ac308 Mon Sep 17 00:00:00 2001 From: Andrew Marshall Date: Wed, 22 May 2024 09:41:12 -0400 Subject: environment: Adjust systemPath order to allow injecting in the middle MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously, it was not possible to inject PATH entries between profiles and the “default system” PATH entries. This confounds adding, e.g. Homebrew on aarch64’s non-standard prefix as higher priority than the builtin system paths, but lower than Nix profiles. This is a backwards-incompatible change for some users, but should only be so in the case a user used `mkOrder` with a value between 1000 (the default priority) and 1200. Value of 1200 chosen as the same delta from the default as just below in `environment.profiles` (which uses 800), and mkAfter is 1500 so will still go after this. --- modules/environment/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/environment/default.nix b/modules/environment/default.nix index 753ee31..bb99622 100644 --- a/modules/environment/default.nix +++ b/modules/environment/default.nix @@ -151,7 +151,10 @@ in config = { - environment.systemPath = [ (makeBinPath cfg.profiles) "/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" ]; + environment.systemPath = mkMerge [ + [ (makeBinPath cfg.profiles) ] + (mkOrder 1200 [ "/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" ]) + ]; # Use user, default and system profiles. environment.profiles = mkMerge [ -- cgit v1.2.3 From 6cbe6bc2da267273c55ee08eaaeebfbc7dfcdf30 Mon Sep 17 00:00:00 2001 From: Henrique Goncalves Date: Thu, 23 May 2024 16:40:17 -0300 Subject: Update trackpad.nix --- modules/system/defaults/trackpad.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'modules') diff --git a/modules/system/defaults/trackpad.nix b/modules/system/defaults/trackpad.nix index edb6375..354cfc6 100644 --- a/modules/system/defaults/trackpad.nix +++ b/modules/system/defaults/trackpad.nix @@ -63,5 +63,14 @@ with lib; ''; }; + system.defaults.trackpad.TrackpadThreeFingerTapGesture = mkOption { + type = types.nullOr (types.enum [ 0 2 ]); + default = null; + description = '' + 0 to disable three finger tap, 2 to trigger Look up & data detectors. + The default is 2. + ''; + }; + }; } -- cgit v1.2.3 From 120e085d1ac1b15a5cffc1f980f49665f211e080 Mon Sep 17 00:00:00 2001 From: Henrique Goncalves Date: Thu, 23 May 2024 16:42:31 -0300 Subject: Update NSGlobalDomain.nix --- modules/system/defaults/NSGlobalDomain.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'modules') diff --git a/modules/system/defaults/NSGlobalDomain.nix b/modules/system/defaults/NSGlobalDomain.nix index cd008e0..9b61eb6 100644 --- a/modules/system/defaults/NSGlobalDomain.nix +++ b/modules/system/defaults/NSGlobalDomain.nix @@ -342,6 +342,14 @@ in { ''; }; + system.defaults.NSGlobalDomain."com.apple.trackpad.forceClick" = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Wheter to enable trackpad force click. + ''; + }; + system.defaults.NSGlobalDomain."com.apple.springing.enabled" = mkOption { type = types.nullOr types.bool; default = null; -- cgit v1.2.3 From 0e5fc0028b278f23db0de9ea75d8a1a9b1f9dcf8 Mon Sep 17 00:00:00 2001 From: Henrique Goncalves Date: Thu, 23 May 2024 16:50:15 -0300 Subject: Update NSGlobalDomain.nix --- modules/system/defaults/NSGlobalDomain.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/defaults/NSGlobalDomain.nix b/modules/system/defaults/NSGlobalDomain.nix index 9b61eb6..0a8fb63 100644 --- a/modules/system/defaults/NSGlobalDomain.nix +++ b/modules/system/defaults/NSGlobalDomain.nix @@ -343,7 +343,7 @@ in { }; system.defaults.NSGlobalDomain."com.apple.trackpad.forceClick" = mkOption { - type = types.nullOr types.bool; + type = types.nullOr (types.enum [ 0 1 ]); default = null; description = '' Wheter to enable trackpad force click. -- cgit v1.2.3 From 2e0f9a9e500addf92844f09a4970617629c53cf1 Mon Sep 17 00:00:00 2001 From: Henrique Goncalves Date: Thu, 23 May 2024 16:56:43 -0300 Subject: Update NSGlobalDomain.nix --- modules/system/defaults/NSGlobalDomain.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/defaults/NSGlobalDomain.nix b/modules/system/defaults/NSGlobalDomain.nix index 0a8fb63..f2f3aa4 100644 --- a/modules/system/defaults/NSGlobalDomain.nix +++ b/modules/system/defaults/NSGlobalDomain.nix @@ -346,7 +346,7 @@ in { type = types.nullOr (types.enum [ 0 1 ]); default = null; description = '' - Wheter to enable trackpad force click. + Whether to enable trackpad force click. ''; }; -- cgit v1.2.3 From 9639c5509b148381c5d832204a1d3704b7d7ec60 Mon Sep 17 00:00:00 2001 From: Henrique Goncalves Date: Sat, 25 May 2024 03:14:18 -0300 Subject: Update modules/system/defaults/NSGlobalDomain.nix Co-authored-by: Michael Hoang --- modules/system/defaults/NSGlobalDomain.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/defaults/NSGlobalDomain.nix b/modules/system/defaults/NSGlobalDomain.nix index f2f3aa4..9eb31d5 100644 --- a/modules/system/defaults/NSGlobalDomain.nix +++ b/modules/system/defaults/NSGlobalDomain.nix @@ -343,7 +343,7 @@ in { }; system.defaults.NSGlobalDomain."com.apple.trackpad.forceClick" = mkOption { - type = types.nullOr (types.enum [ 0 1 ]); + type = types.nullOr types.bool; default = null; description = '' Whether to enable trackpad force click. -- cgit v1.2.3 From 2839ef54aaaa0ca797659a1db45876260b93b1eb Mon Sep 17 00:00:00 2001 From: Trevor Opiyo Date: Wed, 20 Mar 2024 20:12:46 -0500 Subject: Add support for zsh-fast-syntax-highlighting --- modules/programs/zsh/default.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index bbf8ad9..c7ff47c 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -107,6 +107,12 @@ in default = false; description = "Enable zsh-syntax-highlighting."; }; + + programs.zsh.enableFastSyntaxHighlighting = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Enable zsh-fast-syntax-highlighting."; + }; }; config = mkIf cfg.enable { @@ -115,7 +121,8 @@ in [ # Include zsh package pkgs.zsh ] ++ optional cfg.enableCompletion pkgs.nix-zsh-completions - ++ optional cfg.enableSyntaxHighlighting pkgs.zsh-syntax-highlighting; + ++ optional cfg.enableSyntaxHighlighting pkgs.zsh-syntax-highlighting + ++ optional cfg.enableFastSyntaxHighlighting pkgs.zsh-fast-syntax-highlighting; environment.pathsToLink = [ "/share/zsh" ]; @@ -196,6 +203,10 @@ in "source ${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh" } + ${optionalString cfg.enableFastSyntaxHighlighting + "source ${pkgs.zsh-fast-syntax-highlighting}/share/zsh-fast-syntax-highlighting/zsh-fast-syntax-highlighting.zsh" + } + ${optionalString cfg.enableFzfCompletion "source ${fzfCompletion}"} ${optionalString cfg.enableFzfGit "source ${fzfGit}"} ${optionalString cfg.enableFzfHistory "source ${fzfHistory}"} -- cgit v1.2.3 From 44c88484c4c386f3eae8a5398e9b22a78d606e43 Mon Sep 17 00:00:00 2001 From: Trevor Opiyo Date: Wed, 29 May 2024 12:23:59 -0500 Subject: add warning for enabling syntax highlighting and fast syntax highlighting --- modules/programs/zsh/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules') diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index c7ff47c..d3b2f5c 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -117,6 +117,9 @@ in config = mkIf cfg.enable { + warnings = mkIf (cfg.enableFastSyntaxHighlighting && cfg.enableSyntaxHighlighting) [ + "zsh-fast-syntax-highlighting and zsh-syntax-highlighting are mutually exclusive. Disable one of them." + ]; environment.systemPackages = [ # Include zsh package pkgs.zsh -- cgit v1.2.3 From 9ed6009b2152128bbcd4e40841160b0bdc0274ba Mon Sep 17 00:00:00 2001 From: Enno Richter Date: Wed, 5 Jun 2024 06:40:05 +0200 Subject: launchd: add LowPriorityBackgroundIO config --- modules/launchd/launchd.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'modules') diff --git a/modules/launchd/launchd.nix b/modules/launchd/launchd.nix index 9fecde6..9e13a3b 100644 --- a/modules/launchd/launchd.nix +++ b/modules/launchd/launchd.nix @@ -675,6 +675,15 @@ with lib; ''; }; + LowPriorityBackgroundIO = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + This optional key specifies whether the kernel should consider this daemon to be low priority when + doing file system I/O when the process is throttled with the Darwin-background classification. + ''; + }; + LaunchOnlyOnce = mkOption { type = types.nullOr types.bool; default = null; -- cgit v1.2.3 From cb198382c219560e3eb3d057f780a1028fd9f7d8 Mon Sep 17 00:00:00 2001 From: jonny Date: Thu, 6 Jun 2024 17:40:24 +0100 Subject: feat: add defaults screencapture show-thumbnail option --- modules/system/defaults/screencapture.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/defaults/screencapture.nix b/modules/system/defaults/screencapture.nix index f7b926a..b5efc22 100644 --- a/modules/system/defaults/screencapture.nix +++ b/modules/system/defaults/screencapture.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ lib, ... }: with lib; @@ -28,5 +28,13 @@ with lib; Disable drop shadow border around screencaptures. The default is false. ''; }; + + system.defaults.screencapture.show-thumbnail = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Show thumbnail after screencapture before writing to file. The default is true. + ''; + }; }; } -- cgit v1.2.3 From 861af0fc94df9454f4e92d6892f75588763164bb Mon Sep 17 00:00:00 2001 From: Tyler Miller Date: Thu, 29 Jun 2023 00:50:28 -0700 Subject: fix(launchd): improve `StartCalendarInterval` Stricter launchd -> StartCalendarInterval type: - Verify that the integers passed to `Minute`, `Hour`, etc. are within range. - When provided, the value for StartCalendarInterval must be a non-empty list of calendar intervals and must not contain duplicates entries (throw an error otherwise). - For increased flexibility and backwards-compatibility, allow an attrset to be passed as well (which will be type-checked and is functionally equivalent to passing a singleton list). Allowing an attrset or list is precisely in-line with what `launchd.plist(5)` accepts for StartCalendarInterval. Migrate `nix.gc.interval` and `nix.optimise.interval` over to use this new type, and update their defaults to run weekly instead of daily. Create `modules/launchd/types.nix` file for easier/modular use of launchd types needed in multiple files. Documentation: - Update and improve wording/documentation of launchd's `StartCalendarInterval`. - Improve wording/documentation of `nix.gc.interval` and `nix.optimise.interval` ("time interval" can be misleading as it's actually a "calendar interval"; e.g. `{ Hour = 3; Minute = 15;}` runs daily, not every 3.25 hours). --- modules/launchd/launchd.nix | 65 +++++------------- modules/launchd/types.nix | 110 ++++++++++++++++++++++++++++++ modules/services/nix-gc/default.nix | 13 ++-- modules/services/nix-optimise/default.nix | 13 ++-- 4 files changed, 145 insertions(+), 56 deletions(-) create mode 100644 modules/launchd/types.nix (limited to 'modules') diff --git a/modules/launchd/launchd.nix b/modules/launchd/launchd.nix index 9fecde6..add0514 100644 --- a/modules/launchd/launchd.nix +++ b/modules/launchd/launchd.nix @@ -2,6 +2,10 @@ with lib; +let + launchdTypes = import ./types.nix { inherit config lib; }; +in + { options = { Label = mkOption { @@ -344,55 +348,21 @@ with lib; default = null; example = [{ Hour = 2; Minute = 30; }]; description = '' - This optional key causes the job to be started every calendar interval as specified. Missing arguments - are considered to be wildcard. The semantics are much like `crontab(5)`. Unlike cron which skips job - invocations when the computer is asleep, launchd will start the job the next time the computer wakes + This optional key causes the job to be started every calendar interval as specified. The semantics are + much like {manpage}`crontab(5)`: Missing attributes are considered to be wildcard. Unlike cron which skips + job invocations when the computer is asleep, launchd will start the job the next time the computer wakes up. If multiple intervals transpire before the computer is woken, those events will be coalesced into - one event upon wake from sleep. - ''; - type = types.nullOr (types.listOf (types.submodule { - options = { - Minute = mkOption { - type = types.nullOr types.int; - default = null; - description = '' - The minute on which this job will be run. - ''; - }; - - Hour = mkOption { - type = types.nullOr types.int; - default = null; - description = '' - The hour on which this job will be run. - ''; - }; - - Day = mkOption { - type = types.nullOr types.int; - default = null; - description = '' - The day on which this job will be run. - ''; - }; + one event upon waking from sleep. - Weekday = mkOption { - type = types.nullOr types.int; - default = null; - description = '' - The weekday on which this job will be run (0 and 7 are Sunday). - ''; - }; + ::: {.important} + The list must not be empty and must not contain duplicate entries (attrsets which compare equally). + ::: - Month = mkOption { - type = types.nullOr types.int; - default = null; - description = '' - The month on which this job will be run. - ''; - }; - }; - })); + ::: {.caution} + Since missing attrs become wildcards, an empty attrset effectively means "every minute". + ::: + ''; + type = types.nullOr launchdTypes.StartCalendarInterval; }; StandardInPath = mkOption { @@ -886,6 +856,5 @@ with lib; }; }; - config = { - }; + config = {}; } diff --git a/modules/launchd/types.nix b/modules/launchd/types.nix new file mode 100644 index 0000000..38d7f20 --- /dev/null +++ b/modules/launchd/types.nix @@ -0,0 +1,110 @@ +{ lib, ... }: + +let + inherit (lib) imap1 types mkOption showOption optionDescriptionPhrase mergeDefinitions; + inherit (builtins) map filter length deepSeq throw toString concatLists; + inherit (lib.options) showDefs; + wildcardText = lib.literalMD "`*`"; + + /** + A type of list which does not allow duplicate elements. The base/inner + list type to use (e.g. `types.listOf` or `types.nonEmptyListOf`) is passed + via argument `listType`, which must be the final type and not a function. + + NOTE: The extra check for duplicates is quadratic and strict, so use this + type sparingly and only: + + * when needed, and + * when the list is expected to be recursively short (e.g. < 10 elements) + and shallow (i.e. strict evaluation of the list won't take too long) + + The implementation of this function is similar to that of + `types.nonEmptyListOf`. + */ + types'.uniqueList = listType: listType // { + description = "unique ${types.optionDescriptionPhrase (class: class == "noun") listType}"; + substSubModules = m: types'.uniqueList (listType.substSubModules m); + # This has been taken from the implementation of `types.listOf`, but has + # been modified to throw on duplicates. This check cannot be done in the + # `check` fn as this check is deep/strict, and because `check` runs + # prior to merging. + merge = loc: defs: + let + # Each element of `dupes` is a list. When there are duplicates, + # later lists will be duplicates of earlier lists, so just throw on + # the first set of duplicates found so that we don't have duplicate + # error msgs. + checked = filter (li: + if length li > 1 + then throw "The option `${showOption loc}' contains duplicate entries after merging:\n${showDefs li}" + else false) dupes; + dupes = map (def: filter (def': def'.value == def.value) merged) merged; + merged = filter (x: x ? value) (concatLists (imap1 (n: def: + imap1 (m: el: + let + inherit (def) file; + loc' = loc ++ ["[definition ${toString n}-entry ${toString m}]"]; + in + (mergeDefinitions + loc' + listType.nestedTypes.elemType + [{ inherit file; value = el; }] + ).optionalValue // {inherit loc' file;} + ) def.value + ) defs)); + in + deepSeq checked (map (x: x.value) merged); + }; +in { + StartCalendarInterval = let + CalendarIntervalEntry = types.submodule { + options = { + Minute = mkOption { + type = types.nullOr (types.ints.between 0 59); + default = null; + defaultText = wildcardText; + description = '' + The minute on which this job will be run. + ''; + }; + + Hour = mkOption { + type = types.nullOr (types.ints.between 0 23); + default = null; + defaultText = wildcardText; + description = '' + The hour on which this job will be run. + ''; + }; + + Day = mkOption { + type = types.nullOr (types.ints.between 1 31); + default = null; + defaultText = wildcardText; + description = '' + The day on which this job will be run. + ''; + }; + + Weekday = mkOption { + type = types.nullOr (types.ints.between 0 7); + default = null; + defaultText = wildcardText; + description = '' + The weekday on which this job will be run (0 and 7 are Sunday). + ''; + }; + + Month = mkOption { + type = types.nullOr (types.ints.between 1 12); + default = null; + defaultText = wildcardText; + description = '' + The month on which this job will be run. + ''; + }; + }; + }; + in + types.either CalendarIntervalEntry (types'.uniqueList (types.nonEmptyListOf CalendarIntervalEntry)); +} diff --git a/modules/services/nix-gc/default.nix b/modules/services/nix-gc/default.nix index 49fb328..9fe8e86 100644 --- a/modules/services/nix-gc/default.nix +++ b/modules/services/nix-gc/default.nix @@ -6,6 +6,7 @@ with lib; let cfg = config.nix.gc; + launchdTypes = import ../../launchd/types.nix { inherit config lib; }; in { @@ -35,9 +36,13 @@ in }; interval = mkOption { - type = types.attrs; - default = { Hour = 3; Minute = 15; }; - description = "The time interval at which the garbage collector will run."; + type = launchdTypes.StartCalendarInterval; + default = [{ Weekday = 7; Hour = 3; Minute = 15; }]; + description = '' + The calendar interval at which the garbage collector will run. + See the {option}`serviceConfig.StartCalendarInterval` option of + the {option}`launchd` module for more info. + ''; }; options = mkOption { @@ -63,7 +68,7 @@ in command = "${config.nix.package}/bin/nix-collect-garbage ${cfg.options}"; environment.NIX_REMOTE = optionalString config.nix.useDaemon "daemon"; serviceConfig.RunAtLoad = false; - serviceConfig.StartCalendarInterval = [ cfg.interval ]; + serviceConfig.StartCalendarInterval = cfg.interval; serviceConfig.UserName = cfg.user; }; diff --git a/modules/services/nix-optimise/default.nix b/modules/services/nix-optimise/default.nix index 94f6e1c..d8dc401 100644 --- a/modules/services/nix-optimise/default.nix +++ b/modules/services/nix-optimise/default.nix @@ -14,6 +14,7 @@ let ; cfg = config.nix.optimise; + launchdTypes = import ../../launchd/types.nix { inherit config lib; }; in { @@ -41,9 +42,13 @@ in }; interval = mkOption { - type = types.attrs; - default = { Hour = 3; Minute = 15; }; - description = "The time interval at which the optimiser will run."; + type = launchdTypes.StartCalendarInterval; + default = [{ Weekday = 7; Hour = 4; Minute = 15; }]; + description = '' + The calendar interval at which the optimiser will run. + See the {option}`serviceConfig.StartCalendarInterval` option of + the {option}`launchd` module for more info. + ''; }; }; @@ -63,7 +68,7 @@ in "/bin/wait4path ${config.nix.package} && exec ${config.nix.package}/bin/nix-store --optimise" ]; RunAtLoad = false; - StartCalendarInterval = [ cfg.interval ]; + StartCalendarInterval = cfg.interval; UserName = cfg.user; }; }; -- cgit v1.2.3 From 09e72ff9b9a2d888aac70bc8019e5a0696f4c24c Mon Sep 17 00:00:00 2001 From: Emily Date: Thu, 3 Aug 2023 02:28:06 +0100 Subject: fonts: remove `with lib` --- modules/fonts/default.nix | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'modules') diff --git a/modules/fonts/default.nix b/modules/fonts/default.nix index 7140639..cde6148 100644 --- a/modules/fonts/default.nix +++ b/modules/fonts/default.nix @@ -1,19 +1,17 @@ { config, lib, pkgs, ... }: -with lib; - let cfg = config.fonts; in { imports = [ - (mkRenamedOptionModule [ "fonts" "enableFontDir" ] [ "fonts" "fontDir" "enable" ]) + (lib.mkRenamedOptionModule [ "fonts" "enableFontDir" ] [ "fonts" "fontDir" "enable" ]) ]; options = { - fonts.fontDir.enable = mkOption { - type = types.bool; + fonts.fontDir.enable = lib.mkOption { + type = lib.types.bool; default = false; description = '' Whether to enable font management and install configured fonts to @@ -23,10 +21,10 @@ in ''; }; - fonts.fonts = mkOption { - type = types.listOf types.path; + fonts.fonts = lib.mkOption { + type = lib.types.listOf lib.types.path; default = [ ]; - example = literalExpression "[ pkgs.dejavu_fonts ]"; + example = lib.literalExpression "[ pkgs.dejavu_fonts ]"; description = '' List of fonts to install. @@ -48,7 +46,7 @@ in done ''; - system.activationScripts.fonts.text = optionalString cfg.fontDir.enable '' + system.activationScripts.fonts.text = lib.optionalString cfg.fontDir.enable '' # Set up fonts. echo "configuring fonts..." >&2 find -L "$systemConfig/Library/Fonts" -type f -print0 | while IFS= read -rd "" l; do -- cgit v1.2.3 From 27517d2d182629cf32020b9c77cffdc462a34c01 Mon Sep 17 00:00:00 2001 From: Emily Date: Thu, 3 Aug 2023 02:11:40 +0100 Subject: fonts: refactor `system.build.fonts` Process substitution behaves better with variables and it's good practice to use `lib.escapeShellArgs`. --- modules/fonts/default.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/fonts/default.nix b/modules/fonts/default.nix index cde6148..8bf5f72 100644 --- a/modules/fonts/default.nix +++ b/modules/fonts/default.nix @@ -41,9 +41,14 @@ in '' mkdir -p $out/Library/Fonts font_regexp='.*\.\(ttf\|ttc\|otf\|dfont\)' - find -L ${toString cfg.fonts} -regex "$font_regexp" -type f -print0 | while IFS= read -rd "" f; do - ln -sf "$f" $out/Library/Fonts - done + while IFS= read -rd "" f; do + ln -sf "$f" "$out/Library/Fonts" + done < <( + find -L ${lib.escapeShellArgs cfg.fonts} \ + -type f \ + -regex "$font_regexp" \ + -print0 + ) ''; system.activationScripts.fonts.text = lib.optionalString cfg.fontDir.enable '' -- cgit v1.2.3 From adf578e398445f981a36ad919928f23a1dd5ee12 Mon Sep 17 00:00:00 2001 From: Emily Date: Thu, 3 Aug 2023 02:11:40 +0100 Subject: fonts: reimplement and rename to `fonts.packages` Fixes: #120 Fixes: #722 Fixes: #752 Closes: #692 --- modules/fonts/default.nix | 67 +++++++++++++++++++---------------------------- 1 file changed, 27 insertions(+), 40 deletions(-) (limited to 'modules') diff --git a/modules/fonts/default.nix b/modules/fonts/default.nix index 8bf5f72..9ecb6eb 100644 --- a/modules/fonts/default.nix +++ b/modules/fonts/default.nix @@ -7,6 +7,10 @@ in { imports = [ (lib.mkRenamedOptionModule [ "fonts" "enableFontDir" ] [ "fonts" "fontDir" "enable" ]) + (lib.mkRemovedOptionModule [ "fonts" "fonts" ] '' + This option has been renamed to `fonts.packages' for consistency with NixOS. + + Note that the implementation now keeps fonts in `/Library/Fonts/Nix Fonts' to allow them to coexist with fonts not managed by nix-darwin; existing fonts will be left directly in `/Library/Fonts' without getting updates and should be manually removed.'') ]; options = { @@ -15,21 +19,16 @@ in default = false; description = '' Whether to enable font management and install configured fonts to - {file}`/Library/Fonts`. - - NOTE: removes any manually-added fonts. + {file}`/Library/Fonts/Nix Fonts`. ''; }; - fonts.fonts = lib.mkOption { + fonts.packages = lib.mkOption { type = lib.types.listOf lib.types.path; default = [ ]; example = lib.literalExpression "[ pkgs.dejavu_fonts ]"; description = '' List of fonts to install. - - Fonts present in later entries override those with the same filenames - in previous ones. ''; }; }; @@ -40,48 +39,36 @@ in { preferLocalBuild = true; } '' mkdir -p $out/Library/Fonts - font_regexp='.*\.\(ttf\|ttc\|otf\|dfont\)' + store_dir=${lib.escapeShellArg builtins.storeDir} while IFS= read -rd "" f; do - ln -sf "$f" "$out/Library/Fonts" + dest="$out/Library/Fonts/Nix Fonts/''${f#"$store_dir/"}" + mkdir -p "''${dest%/*}" + ln -sf "$f" "$dest" done < <( - find -L ${lib.escapeShellArgs cfg.fonts} \ + find -L ${lib.escapeShellArgs cfg.packages} \ -type f \ - -regex "$font_regexp" \ + -regex '.*\.\(ttf\|ttc\|otf\|dfont\)' \ -print0 ) ''; system.activationScripts.fonts.text = lib.optionalString cfg.fontDir.enable '' - # Set up fonts. - echo "configuring fonts..." >&2 - find -L "$systemConfig/Library/Fonts" -type f -print0 | while IFS= read -rd "" l; do - font=''${l##*/} - f=$(readlink -f "$l") - if [ ! -e "/Library/Fonts/$font" ]; then - echo "updating font $font..." >&2 - ln -fn -- "$f" /Library/Fonts 2>/dev/null || { - echo "Could not create hard link. Nix is probably on another filesystem. Copying the font instead..." >&2 - rsync -az --inplace "$f" /Library/Fonts - } - fi - done + printf >&2 'setting up /Library/Fonts/Nix Fonts...\n' - if [[ "`sw_vers -productVersion`" < "13.0" ]]; then - fontrestore default -n 2>&1 | while read -r f; do - case $f in - /Library/Fonts/*) - font=''${f##*/} - if [ ! -e "$systemConfig/Library/Fonts/$font" ]; then - echo "removing font $font..." >&2 - rm "/Library/Fonts/$font" - fi - ;; - /*) - # ignoring unexpected fonts - ;; - esac - done - fi + # rsync uses the mtime + size of files to determine whether they + # need to be copied by default. This is inadequate for Nix store + # paths, but we don't want to use `--checksum` as it makes + # activation consistently slow when you have large fonts + # installed. Instead, we ensure that fonts are linked according to + # their full store paths in `system.build.fonts`, so that any + # given font path should only ever have one possible content. + ${pkgs.rsync}/bin/rsync \ + --archive \ + --copy-links \ + --delete-during \ + --delete-missing-args \ + "$systemConfig/Library/Fonts/Nix Fonts" \ + '/Library/Fonts/' ''; }; -- cgit v1.2.3 From 7d4f8672101536674ca5d75d91161474739a83e2 Mon Sep 17 00:00:00 2001 From: Emily Date: Thu, 3 Aug 2023 02:11:40 +0100 Subject: fonts: remove `fonts.fontDir.enable` As far as I can tell, this isn't required to get fonts to work on NixOS, so we shouldn't require it on nix-darwin either, even if the implementations are superficially similar. --- modules/fonts/default.nix | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) (limited to 'modules') diff --git a/modules/fonts/default.nix b/modules/fonts/default.nix index 9ecb6eb..b0bd63f 100644 --- a/modules/fonts/default.nix +++ b/modules/fonts/default.nix @@ -6,7 +6,8 @@ in { imports = [ - (lib.mkRenamedOptionModule [ "fonts" "enableFontDir" ] [ "fonts" "fontDir" "enable" ]) + (lib.mkRemovedOptionModule [ "fonts" "enableFontDir" ] "No nix-darwin equivalent to this NixOS option. This is not required to install fonts.") + (lib.mkRemovedOptionModule [ "fonts" "fontDir" "enable" ] "No nix-darwin equivalent to this NixOS option. This is not required to install fonts.") (lib.mkRemovedOptionModule [ "fonts" "fonts" ] '' This option has been renamed to `fonts.packages' for consistency with NixOS. @@ -14,21 +15,12 @@ in ]; options = { - fonts.fontDir.enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Whether to enable font management and install configured fonts to - {file}`/Library/Fonts/Nix Fonts`. - ''; - }; - fonts.packages = lib.mkOption { type = lib.types.listOf lib.types.path; default = [ ]; example = lib.literalExpression "[ pkgs.dejavu_fonts ]"; description = '' - List of fonts to install. + List of fonts to install into {file}`/Library/Fonts/Nix Fonts`. ''; }; }; @@ -52,7 +44,7 @@ in ) ''; - system.activationScripts.fonts.text = lib.optionalString cfg.fontDir.enable '' + system.activationScripts.fonts.text = '' printf >&2 'setting up /Library/Fonts/Nix Fonts...\n' # rsync uses the mtime + size of files to determine whether they -- cgit v1.2.3 From 5399270903f6e95e5a5b083391e910dfed226f3a Mon Sep 17 00:00:00 2001 From: Emily Date: Thu, 13 Jun 2024 13:48:07 +0100 Subject: =?UTF-8?q?treewide:=20remove=20shims=20for=20Nixpkgs=20=E2=89=A4?= =?UTF-8?q?=2023.05?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These deprecated versions were already made unsupported by #932. --- modules/documentation/default.nix | 34 +------------------------ modules/nix/nixpkgs.nix | 52 +++------------------------------------ 2 files changed, 5 insertions(+), 81 deletions(-) (limited to 'modules') diff --git a/modules/documentation/default.nix b/modules/documentation/default.nix index 10bcbd3..3259cfd 100644 --- a/modules/documentation/default.nix +++ b/modules/documentation/default.nix @@ -21,7 +21,7 @@ let It isn't perfect, but it seems to cover a vast majority of use cases. Caveat: even if the package is reached by a different means, the path above will be shown and not e.g. `${config.services.foo.package}`. */ - realManual = import ../../doc/manual { + manual = import ../../doc/manual { inherit pkgs config; version = config.system.darwinVersion; revision = config.system.darwinRevision; @@ -44,38 +44,6 @@ let in scrubbedEval.options; }; - # TODO: Remove this when dropping 22.11 support. - manual = realManual // - lib.optionalAttrs (!pkgs.buildPackages ? nixos-render-docs) rec { - optionsJSON = pkgs.writeTextFile { - name = "options.json-stub"; - destination = "/share/doc/darwin/options.json"; - text = "{}"; - }; - manpages = pkgs.writeTextFile { - name = "darwin-manpages-stub"; - destination = "/share/man/man5/configuration.nix.5"; - text = '' - .TH "CONFIGURATION\&.NIX" "5" "01/01/1980" "Darwin" "Darwin Reference Pages" - .SH "NAME" - \fIconfiguration\&.nix\fP \- Darwin system configuration specification - .SH "DESCRIPTION" - .PP - The nix\-darwin documentation now requires nixpkgs 23.05 to build. - ''; - }; - manualHTML = pkgs.writeTextFile { - name = "darwin-manual-html-stub"; - destination = "/share/doc/darwin/index.html"; - text = '' - - Darwin Configuration Options - The nix-darwin documentation now requires nixpkgs 23.05 to build. - ''; - }; - manualHTMLIndex = "${manualHTML}/share/doc/darwin/index.html"; - }; - helpScript = pkgs.writeScriptBin "darwin-help" '' #! ${pkgs.stdenv.shell} -e diff --git a/modules/nix/nixpkgs.nix b/modules/nix/nixpkgs.nix index 8b3e428..ee99997 100644 --- a/modules/nix/nixpkgs.nix +++ b/modules/nix/nixpkgs.nix @@ -3,48 +3,6 @@ with lib; let - - # Backport from Nixpkgs 23.05 - defaultOverridePriority = - lib.modules.defaultOverridePriority or lib.modules.defaultPriority; - - # Backport from Nixpkgs 23.11 - mergeAttrDefinitionsWithPrio = lib.mergeAttrDefinitionsWithPrio or (opt: - let - # Inlined to avoid warning about using internal APIs 🥴 - pushDownProperties = cfg: - if cfg._type or "" == "merge" then - concatMap pushDownProperties cfg.contents - else if cfg._type or "" == "if" then - map (mapAttrs (n: v: mkIf cfg.condition v)) (pushDownProperties cfg.content) - else if cfg._type or "" == "override" then - map (mapAttrs (n: v: mkOverride cfg.priority v)) (pushDownProperties cfg.content) - else # FIXME: handle mkOrder? - [ cfg ]; - - defsByAttr = - lib.zipAttrs ( - lib.concatLists ( - lib.concatMap - ({ value, ... }@def: - map - (lib.mapAttrsToList (k: value: { ${k} = def // { inherit value; }; })) - (pushDownProperties value) - ) - opt.definitionsWithLocations - ) - ); - in - assert opt.type.name == "attrsOf" || opt.type.name == "lazyAttrsOf"; - lib.mapAttrs - (k: v: - let merging = lib.mergeDefinitions (opt.loc ++ [k]) opt.type.nestedTypes.elemType v; - in { - value = merging.mergedValue; - inherit (merging.defsFinal') highestPrio; - }) - defsByAttr); - cfg = config.nixpkgs; opt = options.nixpkgs; @@ -91,9 +49,7 @@ let merge = lib.mergeOneOption; }; - # TODO: Remove backwards compatibility hack when dropping - # 22.11 support. - pkgsType = types.pkgs or (types.uniq types.attrs) // { + pkgsType = types.pkgs // { # This type is only used by itself, so let's elaborate the description a bit # for the purpose of documentation. description = "An evaluation of Nixpkgs; the top level attribute set of packages"; @@ -310,15 +266,15 @@ in # which is somewhat costly for Nixpkgs. With an explicit priority, we only # evaluate the wrapper to find out that the priority is lower, and then we # don't need to evaluate `finalPkgs`. - lib.mkOverride defaultOverridePriority + lib.mkOverride lib.modules.defaultOverridePriority finalPkgs.__splicedPackages; }; nixpkgs.constructedByUs = # We set it with default priority and it can not be merged, so if the # pkgs module argument has that priority, it's from us. - (mergeAttrDefinitionsWithPrio options._module.args).pkgs.highestPrio - == defaultOverridePriority + (lib.modules.mergeAttrDefinitionsWithPrio options._module.args).pkgs.highestPrio + == lib.modules.defaultOverridePriority # Although, if nixpkgs.pkgs is set, we did forward it, but we did not construct it. && !opt.pkgs.isDefined; -- cgit v1.2.3 From 2406909d7a2aa50f907a82e553d6e923814e978a Mon Sep 17 00:00:00 2001 From: Emily Date: Thu, 13 Jun 2024 13:52:29 +0100 Subject: Reapply "eval-config: set `class`" All supported Nixpkgs versions now support this. This reverts commit a5b09580e2d0bbc52b338afe4f1f1d46178e6bbf. --- modules/documentation/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/documentation/default.nix b/modules/documentation/default.nix index 3259cfd..395e6e6 100644 --- a/modules/documentation/default.nix +++ b/modules/documentation/default.nix @@ -11,9 +11,9 @@ let regularConfig = config; argsModule = { - config._module.args = regularConfig._module.args // { + config._module.args = lib.mkForce (regularConfig._module.args // { modules = [ ]; - }; + }); }; /* For the purpose of generating docs, evaluate options with each derivation @@ -28,8 +28,9 @@ let inherit (config.system) nixpkgsRevision; options = let - scrubbedEval = evalModules { - modules = baseModules ++ [ argsModule ]; + scrubbedEval = import ../../eval-config.nix { + inherit lib; + modules = [ argsModule ]; specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; }; }; scrubDerivations = namePrefix: pkgSet: mapAttrs -- cgit v1.2.3 From b833d4a32d965e6393a63b2c91b46eca2a5030d8 Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 16 Jul 2023 16:59:43 +0100 Subject: ssh: use symlinks for `authorizedKeys` options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As explained in the changelog and activation check, the previous implementation had a nasty security bug that made removing a user’s authorized keys effectively a no‐op. --- modules/programs/ssh/default.nix | 37 ++++++++++++++----------------------- modules/system/checks.nix | 23 +++++++++++++++++++++++ 2 files changed, 37 insertions(+), 23 deletions(-) (limited to 'modules') diff --git a/modules/programs/ssh/default.nix b/modules/programs/ssh/default.nix index d1a6770..6f72369 100644 --- a/modules/programs/ssh/default.nix +++ b/modules/programs/ssh/default.nix @@ -3,7 +3,7 @@ with lib; let - cfg = config.programs.ssh; + cfg = config.programs.ssh; knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts); @@ -81,8 +81,7 @@ let }; authKeysFiles = let - mkAuthKeyFile = u: nameValuePair "ssh/authorized_keys.d/${u.name}" { - copy = true; + mkAuthKeyFile = u: nameValuePair "ssh/nix_authorized_keys.d/${u.name}" { text = '' ${concatStringsSep "\n" u.openssh.authorizedKeys.keys} ${concatMapStrings (f: readFile f + "\n") u.openssh.authorizedKeys.keyFiles} @@ -97,28 +96,16 @@ let in { + imports = [ + (mkRemovedOptionModule [ "services" "openssh" "authorizedKeysFiles" ] "No `nix-darwin` equivalent to this NixOS option.") + ]; + options = { users.users = mkOption { type = with types; attrsOf (submodule userOptions); }; - services.openssh.authorizedKeysFiles = mkOption { - type = types.listOf types.str; - default = []; - description = '' - Specify the rules for which files to read on the host. - - This is an advanced option. If you're looking to configure user - keys, you can generally use [](#opt-users.users._name_.openssh.authorizedKeys.keys) - or [](#opt-users.users._name_.openssh.authorizedKeys.keyFiles). - - These are paths relative to the host root file system or home - directories and they are subject to certain token expansion rules. - See AuthorizedKeysFile in man sshd_config for details. - ''; - }; - programs.ssh.knownHosts = mkOption { default = {}; type = types.attrsOf (types.submodule host); @@ -148,8 +135,6 @@ in message = "knownHost ${name} must contain either a publicKey or publicKeyFile"; }); - services.openssh.authorizedKeysFiles = [ "%h/.ssh/authorized_keys" "/etc/ssh/authorized_keys.d/%u" ]; - environment.etc = authKeysFiles // { "ssh/ssh_known_hosts" = mkIf (builtins.length knownHosts > 0) { text = (flip (concatMapStringsSep "\n") knownHosts @@ -159,14 +144,20 @@ in )) + "\n"; }; "ssh/sshd_config.d/101-authorized-keys.conf" = { - text = "AuthorizedKeysFile ${toString config.services.openssh.authorizedKeysFiles}\n"; + text = '' + # sshd doesn't like reading from symbolic links, so we cat + # the file ourselves. + AuthorizedKeysCommand /bin/cat /etc/ssh/nix_authorized_keys.d/%u + # Just a simple cat, fine to use _sshd. + AuthorizedKeysCommandUser _sshd + ''; # Allows us to automatically migrate from using a file to a symlink knownSha256Hashes = [ oldAuthorizedKeysHash ]; }; }; - # Clean up .before-nix-darwin file left over from using knownSha256Hashes system.activationScripts.etc.text = '' + # Clean up .before-nix-darwin file left over from using knownSha256Hashes auth_keys_orig=/etc/ssh/sshd_config.d/101-authorized-keys.conf.before-nix-darwin if [ -e "$auth_keys_orig" ] && [ "$(shasum -a 256 $auth_keys_orig | cut -d ' ' -f 1)" = "${oldAuthorizedKeysHash}" ]; then diff --git a/modules/system/checks.nix b/modules/system/checks.nix index f0f03e8..d527aa8 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -202,6 +202,28 @@ let exit 2 fi ''; + + # TODO: Remove this a couple years down the line when we can assume + # that anyone who cares about security has upgraded. + oldSshAuthorizedKeysDirectory = '' + if [[ -d /etc/ssh/authorized_keys.d ]]; then + printf >&2 '\e[1;31merror: /etc/ssh/authorized_keys.d exists, aborting activation\e[0m\n' + printf >&2 'SECURITY NOTICE: The previous implementation of the\n' + printf >&2 '`users.users..openssh.authorizedKeys.*` options would not delete\n' + printf >&2 'authorized keys files when the setting for a given user was removed.\n' + printf >&2 '\n' + printf >&2 "This means that if you previously stopped managing a user's authorized\n" + printf >&2 'SSH keys with nix-darwin, or intended to revoke their access by\n' + printf >&2 'removing the option, the previous set of keys could still be used to\n' + printf >&2 'log in as that user.\n' + printf >&2 '\n' + printf >&2 'You can check the /etc/ssh/authorized_keys.d directory to see which\n' + printf >&2 'keys were permitted; afterwards, please remove the directory and\n' + printf >&2 're-run activation. The options continue to be supported and will now\n' + printf >&2 'correctly permit only the keys in your current system configuration.\n' + exit 2 + fi + ''; in { @@ -245,6 +267,7 @@ in (mkIf cfg.verifyNixChannels nixChannels) nixInstaller (mkIf cfg.verifyNixPath nixPath) + oldSshAuthorizedKeysDirectory ]; system.activationScripts.checks.text = '' -- cgit v1.2.3 From 36a15e8c6c4686be29ccbf0ae0ac1d6133074615 Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 16 Jul 2023 17:02:10 +0100 Subject: write-text: remove support for `copy` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is a huge anti‐declarative footgun; `copy` files cannot distinguish if a previous version is managed by nix-darwin, so they can’t check the hash, so they’re prone to destroying data, and copied files are not deleted when they’re removed from the system configuration, which led to a security bug. Nothing else in‐tree was using this functionality, so let’s make sure it doesn’t cause any more bugs. --- modules/lib/write-text.nix | 8 -------- modules/system/etc.nix | 19 +++++-------------- 2 files changed, 5 insertions(+), 22 deletions(-) (limited to 'modules') diff --git a/modules/lib/write-text.nix b/modules/lib/write-text.nix index 2fe02af..ddf4076 100644 --- a/modules/lib/write-text.nix +++ b/modules/lib/write-text.nix @@ -45,14 +45,6 @@ in ''; }; - copy = mkOption { - type = types.bool; - default = false; - description = '' - Whether this file should be copied instead of symlinking. - ''; - }; - knownSha256Hashes = mkOption { internal = true; type = types.listOf types.str; diff --git a/modules/system/etc.nix b/modules/system/etc.nix index 008fb1c..bc60bef 100644 --- a/modules/system/etc.nix +++ b/modules/system/etc.nix @@ -10,7 +10,6 @@ let }; etc = filter (f: f.enable) (attrValues config.environment.etc); - etcCopy = filter (f: f.copy) (attrValues config.environment.etc); in @@ -34,9 +33,10 @@ in '' mkdir -p $out/etc cd $out/etc - ${concatMapStringsSep "\n" (attr: "mkdir -p $(dirname '${attr.target}')") etc} - ${concatMapStringsSep "\n" (attr: "ln -s '${attr.source}' '${attr.target}'") etc} - ${concatMapStringsSep "\n" (attr: "touch '${attr.target}'.copy") etcCopy} + ${concatMapStringsSep "\n" (attr: '' + mkdir -p "$(dirname ${escapeShellArg attr.target})" + ln -s ${escapeShellArgs [ attr.source attr.target ]} + '') etc} ''; system.activationScripts.etcChecks.text = '' @@ -55,10 +55,6 @@ in etcStaticFile=/etc/static/$subPath etcFile=/etc/$subPath - if [[ -e $configFile.copy ]]; then - continue - fi - # We need to check files that exist and aren't already links to # $etcStaticFile for known hashes. if [[ @@ -109,11 +105,6 @@ in mkdir -p "$etcDir" fi - if [[ -e $etcStaticFile.copy ]]; then - cp "$etcStaticFile" "$etcFile" - continue - fi - if [[ -e $etcFile ]]; then if [[ $(readlink -- "$etcFile") == "$etcStaticFile" ]]; then continue @@ -130,7 +121,7 @@ in # Delete stale links into /etc/static. if [[ - $(readlink "$etcFile") == "$etcStaticFile" + $(readlink -- "$etcFile") == "$etcStaticFile" && ! -e $etcStaticFile ]]; then rm "$etcFile" -- cgit v1.2.3 From d21ba5a4871f02c50efc2de0ae61b749a6318a10 Mon Sep 17 00:00:00 2001 From: Nick Novitski Date: Wed, 12 Jun 2024 18:41:49 -0700 Subject: linux-builder: make compatible with cross-arch builder package Before this commit, aarch64 users building the following configuration would end up with an aarch64-linux builder, while after it, they get the x86_64-linux builder they expect: ```nix nix.linux-builder = { enable = true; package = pkgs.darwin.linux-builder-x86_64; }; ``` Before, in order to get an x86_64-linux builder, they would have needed to use this configuration instead: ```nix nix.linux-builder = { enable = true; config.nixpkgs.hostPlatform = "x86_64-linux"; systems = ["x86_64-linux"]; }; ``` The reason for this is that the linux-builder module calls `override` on the package option, and the `linux-builder-x86_64` package is also defined using override: ```nix linux-builder-x86_64 = linux-builder.override { modules = [ { nixpkgs.hostPlatform = "x86_64-linux"; } ]; }; ``` The module was effectively discarding the `nixpkgs.hostPlatform` option. Example issue: https://github.com/NixOS/nixpkgs/issues/313784 --- modules/nix/linux-builder.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/nix/linux-builder.nix b/modules/nix/linux-builder.nix index 176d69e..b0c3cd6 100644 --- a/modules/nix/linux-builder.nix +++ b/modules/nix/linux-builder.nix @@ -7,9 +7,11 @@ let cfg = config.nix.linux-builder; - builderWithOverrides = cfg.package.override { - modules = [ cfg.config ]; - }; + builderWithOverrides = cfg.package.override (previousArguments: { + # the linux-builder packages require a list `modules` argument, so it's + # always non-null. + modules = previousArguments.modules ++ [ cfg.config ]; + }); # create-builder uses TMPDIR to share files with the builder, notably certs. # macOS will clean up files in /tmp automatically that haven't been accessed in 3+ days. @@ -133,8 +135,10 @@ in systems = mkOption { type = types.listOf types.str; - default = [ "${stdenv.hostPlatform.uname.processor}-linux" ]; - defaultText = literalExpression ''[ "''${stdenv.hostPlatform.uname.processor}-linux" ]''; + default = [ builderWithOverrides.nixosConfig.nixpkgs.hostPlatform.system ]; + defaultText = '' + The `nixpkgs.hostPlatform.system` of the build machine's final NixOS configuration. + ''; example = literalExpression '' [ "x86_64-linux" -- cgit v1.2.3 From 4141697ed2ec5ccd1f2807275f7a1dc456f89891 Mon Sep 17 00:00:00 2001 From: Samuel Tam Date: Tue, 18 Jun 2024 16:25:27 +0800 Subject: checks.nix: disable verifyBuildUsers for auto-allocate-uids --- modules/system/checks.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/checks.nix b/modules/system/checks.nix index f0f03e8..b3d9914 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -220,7 +220,7 @@ in system.checks.verifyBuildUsers = mkOption { type = types.bool; - default = true; + default = !(config.nix.settings.auto-allocate-uids or false); description = "Whether to run the Nix build users validation checks."; }; -- cgit v1.2.3 From e00896468a4723c799b3904e2d10f0cf9a0ff847 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikola=20Milojevi=C4=87?= Date: Mon, 1 Jul 2024 16:24:41 +0200 Subject: chore: remove mkpackageoptionmd deprecation --- modules/programs/direnv.nix | 4 ++-- modules/services/github-runner/options.nix | 2 +- modules/services/sketchybar/default.nix | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/programs/direnv.nix b/modules/programs/direnv.nix index 243068d..533fc8e 100644 --- a/modules/programs/direnv.nix +++ b/modules/programs/direnv.nix @@ -17,7 +17,7 @@ in { integration. ''; - package = lib.mkPackageOptionMD pkgs "direnv" {}; + package = lib.mkPackageOption pkgs "direnv" {}; direnvrcExtra = lib.mkOption { type = lib.types.lines; @@ -52,7 +52,7 @@ in { default = true; }; - package = lib.mkPackageOptionMD pkgs "nix-direnv" {}; + package = lib.mkPackageOption pkgs "nix-direnv" {}; }; }; diff --git a/modules/services/github-runner/options.nix b/modules/services/github-runner/options.nix index f6c4830..772eb78 100644 --- a/modules/services/github-runner/options.nix +++ b/modules/services/github-runner/options.nix @@ -199,7 +199,7 @@ with lib; default = { }; }; - package = mkPackageOptionMD pkgs "github-runner" { }; + package = mkPackageOption pkgs "github-runner" { }; ephemeral = mkOption { type = types.bool; diff --git a/modules/services/sketchybar/default.nix b/modules/services/sketchybar/default.nix index 228636e..c29eec2 100644 --- a/modules/services/sketchybar/default.nix +++ b/modules/services/sketchybar/default.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) literalExpression maintainers mkEnableOption mkIf mkPackageOptionMD mkOption optionals types; + inherit (lib) literalExpression maintainers mkEnableOption mkIf mkPackageOption mkOption optionals types; cfg = config.services.sketchybar; @@ -17,7 +17,7 @@ in options.services.sketchybar = { enable = mkEnableOption "sketchybar"; - package = mkPackageOptionMD pkgs "sketchybar" { }; + package = mkPackageOption pkgs "sketchybar" { }; extraPackages = mkOption { type = types.listOf types.package; -- cgit v1.2.3 From 4054d5caea22367763a8cc7781d5723e86e3d1fb Mon Sep 17 00:00:00 2001 From: Mike Moore Date: Tue, 2 Jul 2024 09:40:18 -0700 Subject: Use the correct file location for `SoftwareUpdate` plist. --- modules/system/defaults-write.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/defaults-write.nix b/modules/system/defaults-write.nix index 7e1fc44..c3e2683 100644 --- a/modules/system/defaults-write.nix +++ b/modules/system/defaults-write.nix @@ -14,7 +14,7 @@ let alf = defaultsToList "/Library/Preferences/com.apple.alf" cfg.alf; loginwindow = defaultsToList "/Library/Preferences/com.apple.loginwindow" cfg.loginwindow; smb = defaultsToList "/Library/Preferences/SystemConfiguration/com.apple.smb.server" cfg.smb; - SoftwareUpdate = defaultsToList "/Library/Preferences/SystemConfiguration/com.apple.SoftwareUpdate" cfg.SoftwareUpdate; + SoftwareUpdate = defaultsToList "/Library/Preferences/com.apple.SoftwareUpdate" cfg.SoftwareUpdate; # userDefaults GlobalPreferences = defaultsToList ".GlobalPreferences" cfg.".GlobalPreferences"; -- cgit v1.2.3 From b7e112cdf9972ca52be35c323d1cf20fcb7bb10e Mon Sep 17 00:00:00 2001 From: Ian Chamberlain Date: Sat, 6 Jul 2024 18:04:06 -0400 Subject: Add lix-installer to known files --- modules/nix/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 2213a38..b5ad114 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -677,7 +677,9 @@ in "f3e03d851c240c1aa7daccd144ee929f0f5971982424c868c434eb6030e961d4" # DeterminateSystems Nix installer 0.10.0 "c6080216f2a170611e339c3f46e4e1d61aaf0d8b417ad93ade8d647da1382c11" # DeterminateSystems Nix installer 0.14.0 "97f4135d262ca22d65c9554aad795c10a4491fa61b67d9c2430f4d82bbfec9a2" # DeterminateSystems Nix installer 0.15.1 - "5d23e6d7015756c6f300f8cd558ec4d9234ca61deefd4f2478e91a49760b0747" # DeterminateSystems Nix installer 0.16.0+ + "5d23e6d7015756c6f300f8cd558ec4d9234ca61deefd4f2478e91a49760b0747" # DeterminateSystems Nix installer 0.16.0+ + "24797ac05542ff8b52910efc77870faa5f9e3275097227ea4e50c430a5f72916" # lix-installer 0.17.1 with flakes + "b027b5cad320b5b8123d9d0db9f815c3f3921596c26dc3c471457098e4d3cc40" # lix-installer 0.17.1 without flakes ]; environment.etc."nix/registry.json".text = builtins.toJSON { -- cgit v1.2.3 From e2a85731a071811457c151d2da385f9bb4ea5cdb Mon Sep 17 00:00:00 2001 From: Henrique Goncalves Date: Mon, 8 Jul 2024 16:36:31 -0300 Subject: nextdns: fix argument handling --- modules/services/nextdns/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/services/nextdns/default.nix b/modules/services/nextdns/default.nix index 2312096..adc9823 100644 --- a/modules/services/nextdns/default.nix +++ b/modules/services/nextdns/default.nix @@ -31,7 +31,7 @@ in { launchd.daemons.nextdns = { path = [ nextdns ]; serviceConfig.ProgramArguments = - [ "${pkgs.nextdns}/bin/nextdns" "run" (escapeShellArgs cfg.arguments) ]; + [ "${pkgs.nextdns}/bin/nextdns" "run" ] ++ cfg.arguments; serviceConfig.KeepAlive = true; serviceConfig.RunAtLoad = true; }; -- cgit v1.2.3 From b34d1bee4875ad7dbb2f030c451e07fb27ef67ca Mon Sep 17 00:00:00 2001 From: Thane Gill Date: Tue, 9 Jul 2024 13:13:37 -0700 Subject: Add `User` and already generated `IdentityFile` to ssh_config for `nix.linux-builder` --- modules/nix/linux-builder.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'modules') diff --git a/modules/nix/linux-builder.nix b/modules/nix/linux-builder.nix index 67284b2..571ce28 100644 --- a/modules/nix/linux-builder.nix +++ b/modules/nix/linux-builder.nix @@ -192,9 +192,11 @@ in environment.etc."ssh/ssh_config.d/100-linux-builder.conf".text = '' Host linux-builder + User builder Hostname localhost HostKeyAlias linux-builder Port 31022 + IdentityFile ${cfg.workingDirectory}/keys/builder_ed25519 ''; nix.distributedBuilds = true; -- cgit v1.2.3 From 395e4d3794465f7d68b588c1bd7f5f357e88d8d2 Mon Sep 17 00:00:00 2001 From: Thane Gill Date: Fri, 12 Jul 2024 09:50:57 -0700 Subject: Update modules/nix/linux-builder.nix Co-authored-by: Michael Hoang --- modules/nix/linux-builder.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/nix/linux-builder.nix b/modules/nix/linux-builder.nix index 571ce28..9edfed6 100644 --- a/modules/nix/linux-builder.nix +++ b/modules/nix/linux-builder.nix @@ -196,7 +196,7 @@ in Hostname localhost HostKeyAlias linux-builder Port 31022 - IdentityFile ${cfg.workingDirectory}/keys/builder_ed25519 + IdentityFile /etc/nix/builder_ed25519 ''; nix.distributedBuilds = true; -- cgit v1.2.3 From ce130f4b2009f1b4fd8bd21eef80e5dfd2faa6a5 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Wed, 10 Jul 2024 12:42:42 +1000 Subject: defaults: restart Dock when changing settings --- modules/system/defaults-write.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'modules') diff --git a/modules/system/defaults-write.nix b/modules/system/defaults-write.nix index 7e1fc44..33e918e 100644 --- a/modules/system/defaults-write.nix +++ b/modules/system/defaults-write.nix @@ -107,6 +107,11 @@ in ${concatStringsSep "\n" universalaccess} ${concatStringsSep "\n" ActivityMonitor} ${concatStringsSep "\n" CustomUserPreferences} + + ${optionalString (length dock > 0) '' + echo >&2 "restarting Dock..." + killall Dock + ''} ''; }; -- cgit v1.2.3 From fa0d64721ff8dec9fe61544fea812f9a85e7c0b1 Mon Sep 17 00:00:00 2001 From: Prav!n <50878560+amsynist@users.noreply.github.com> Date: Wed, 12 Jun 2024 00:02:21 +0530 Subject: module: add jankyborders service - Added the jankyborders service. - Introduced changes for whitelist and blacklist options and assertions. - emoved path reference from launchd argument. - Corrected missing trailing newline in default.nix. --- modules/module-list.nix | 1 + modules/services/jankyborders/default.nix | 157 ++++++++++++++++++++++++++++++ 2 files changed, 158 insertions(+) create mode 100644 modules/services/jankyborders/default.nix (limited to 'modules') diff --git a/modules/module-list.nix b/modules/module-list.nix index e87f696..d6116d9 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -87,6 +87,7 @@ ./services/wg-quick.nix ./services/yabai ./services/nextdns + ./services/jankyborders ./programs/bash ./programs/direnv.nix ./programs/fish.nix diff --git a/modules/services/jankyborders/default.nix b/modules/services/jankyborders/default.nix new file mode 100644 index 0000000..11b954e --- /dev/null +++ b/modules/services/jankyborders/default.nix @@ -0,0 +1,157 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) maintainers mkEnableOption mkIf mkPackageOptionMD mkOption types; + + cfg = config.services.jankyborders; + joinStrings = strings: builtins.concatStringsSep "," strings; + + optionalArg = arg: value: + if value != null && value != "" + then + if lib.isList value + then lib.map (val: "${arg}=${val}") value + else ["${arg}=${value}"] + else []; +in { + meta.maintainers = [ + maintainers.amsynist or "amsynist" + ]; + + options.services.jankyborders = { + enable = mkEnableOption "Enable the jankyborders service."; + + package = mkPackageOptionMD pkgs "jankyborders" {}; + + width = mkOption { + type = types.float; + default = 5.0; + description = '' + Determines the width of the border. For example, width=5.0 creates a border 5.0 points wide. + ''; + }; + + hidpi = mkOption { + type = types.bool; + default = false; + description = '' + If set to on, the border will be drawn with retina resolution. + ''; + }; + + active_color = mkOption { + type = types.str; + default = "0xFFFFFFFF"; + example = "0xFFFFFFFF"; + description = '' + Sets the border color for the focused window (format: 0xAARRGGBB). For instance, active_color="0xff00ff00" creates a green border. + For Gradient Border : active_color="gradient(top_right=0x9992B3F5,bottom_left=0x9992B3F5)" + ''; + }; + + inactive_color = mkOption { + type = types.str; + default = "0xFFFFFFFF"; + example = "0xFFFFFFFF"; + description = '' + Sets the border color for all windows not in focus (format: 0xAARRGGBB). + For Gradient Border : inactive_color="gradient(top_right=0x9992B3F5,bottom_left=0x9992B3F5)" + ''; + }; + + background_color = mkOption { + type = types.str; + default = ""; + example = "0xFFFFFFFF"; + description = '' + Sets the background fill color for all windows (only 0xAARRGGBB arguments supported). + ''; + }; + + style = mkOption { + type = types.str; + default = "round"; + example = "square/round"; + description = '' + Specifies the style of the border (either round or square). + ''; + }; + + blur_radius = mkOption { + type = types.float; + default = 0.0; + example = 5.0; + description = '' + Sets the blur radius applied to the borders or backgrounds with transparency. + ''; + }; + + ax_focus = mkOption { + type = types.bool; + default = false; + description = '' + If set to true, the (slower) accessibility API is used to resolve the focused window. + ''; + }; + + blacklist = mkOption { + type = types.listOf types.str; + default = []; + example = ["Safari" "kitty"]; + description = '' + The applications specified here are excluded from being bordered. + For example, blacklist = [ "Safari" "kitty" ] excludes Safari and kitty from being bordered. + ''; + }; + + whitelist = mkOption { + type = types.listOf types.str; + default = []; + example = ["Arc" "USB Overdrive"]; + description = '' + Once this list is populated, only applications listed here are considered for receiving a border. + If the whitelist is empty (default) it is inactive. + ''; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = !(cfg.blacklist != [] && cfg.whitelist != []); + message = "Cannot define both a blacklist and a whitelist for jankyborders."; + } + ]; + environment.systemPackages = [cfg.package]; + + launchd.user.agents.jankyborders = { + serviceConfig.ProgramArguments = + [ + "${cfg.package}/bin/borders" + ] + ++ (optionalArg "width" (toString cfg.width)) + ++ (optionalArg "hidpi" ( + if cfg.hidpi + then "on" + else "off" + )) + ++ (optionalArg "active_color" cfg.active_color) + ++ (optionalArg "inactive_color" cfg.inactive_color) + ++ (optionalArg "background_color" cfg.background_color) + ++ (optionalArg "style" cfg.style) + ++ (optionalArg "blur_radius" (toString cfg.blur_radius)) + ++ (optionalArg "ax_focus" ( + if cfg.ax_focus + then "on" + else "off" + )) + ++ (optionalArg "blacklist" (joinStrings cfg.blacklist)) + ++ (optionalArg "whitelist" (joinStrings cfg.whitelist)); + serviceConfig.KeepAlive = true; + serviceConfig.RunAtLoad = true; + }; + }; +} -- cgit v1.2.3 From 199cf340127657faf97e6b86705fea5c356adaf3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikola=20Milojevi=C4=87?= Date: Mon, 22 Jul 2024 13:37:17 +0200 Subject: chore: removing deprecations for 25.05 nix --- modules/services/jankyborders/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/services/jankyborders/default.nix b/modules/services/jankyborders/default.nix index 11b954e..92ec1a1 100644 --- a/modules/services/jankyborders/default.nix +++ b/modules/services/jankyborders/default.nix @@ -4,7 +4,7 @@ pkgs, ... }: let - inherit (lib) maintainers mkEnableOption mkIf mkPackageOptionMD mkOption types; + inherit (lib) maintainers mkEnableOption mkIf mkPackageOption mkOption types; cfg = config.services.jankyborders; joinStrings = strings: builtins.concatStringsSep "," strings; @@ -24,7 +24,7 @@ in { options.services.jankyborders = { enable = mkEnableOption "Enable the jankyborders service."; - package = mkPackageOptionMD pkgs "jankyborders" {}; + package = mkPackageOption pkgs "jankyborders" {}; width = mkOption { type = types.float; -- cgit v1.2.3 From fe99aa9699e7dd4ce6a81a8a623d010cedbe7eef Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 23 Jul 2024 10:48:48 +1000 Subject: github-runnners: fix workDir missing on reboot --- modules/services/github-runner/service.nix | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'modules') diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 53f2cdd..2fc133f 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -41,7 +41,7 @@ in in { launchd = mkIf cfg.enable { - text = mkBefore ('' + text = mkBefore '' echo >&2 "setting up GitHub Runner '${cfg.name}'..." ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkStateDir cfg)} @@ -49,10 +49,7 @@ in ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkLogDir cfg)} ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)} - '' + optionalString (cfg.workDir == null) '' - ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkWorkDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} - ''); + ''; }; })); @@ -62,6 +59,9 @@ in stateDir = mkStateDir cfg; logDir = mkLogDir cfg; workDir = mkWorkDir cfg; + user = if (cfg.user != null) then cfg.user else "_github-runner"; + # If both user and group are null then we manage the group, otherwise if only group is null then there's no group + group = if (cfg.group != null) then group else if (cfg.user == null) then "_github-runner" else ""; in nameValuePair (mkSvcName name) @@ -116,6 +116,12 @@ in '' echo "Configuring GitHub Actions Runner" + ${optionalString (cfg.workDir == null) '' + # /var/run gets cleared every reboot so we need to create it before starting the service + ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg workDir} + ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg workDir} + ''} + # Always clean the working directory ${pkgs.findutils}/bin/find ${escapeShellArg workDir} -mindepth 1 -delete @@ -147,7 +153,7 @@ in StandardErrorPath = "${logDir}/launchd-stderr.log"; StandardOutPath = "${logDir}/launchd-stdout.log"; ThrottleInterval = 30; - UserName = if (cfg.user != null) then cfg.user else "_github-runner"; + UserName = user; WatchPaths = [ "/etc/resolv.conf" "/Library/Preferences/SystemConfiguration/NetworkInterfaces.plist" -- cgit v1.2.3 From be14a2add172621f1d02b0457e50a6a96fd9b73b Mon Sep 17 00:00:00 2001 From: 347Online | Katie Janzen Date: Sat, 8 Jun 2024 10:10:29 -0500 Subject: Add inline prediction option mirroring the capitalization option --- modules/examples/lnl.nix | 1 + modules/system/defaults/NSGlobalDomain.nix | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix index 2edf6cb..96954d2 100644 --- a/modules/examples/lnl.nix +++ b/modules/examples/lnl.nix @@ -10,6 +10,7 @@ system.defaults.NSGlobalDomain.InitialKeyRepeat = 10; system.defaults.NSGlobalDomain.KeyRepeat = 1; system.defaults.NSGlobalDomain.NSAutomaticCapitalizationEnabled = false; + system.defaults.NSGlobalDomain.NSAutomaticInlinePredictionEnabled = false; system.defaults.NSGlobalDomain.NSAutomaticDashSubstitutionEnabled = false; system.defaults.NSGlobalDomain.NSAutomaticPeriodSubstitutionEnabled = false; system.defaults.NSGlobalDomain.NSAutomaticQuoteSubstitutionEnabled = false; diff --git a/modules/system/defaults/NSGlobalDomain.nix b/modules/system/defaults/NSGlobalDomain.nix index 9eb31d5..6dcedca 100644 --- a/modules/system/defaults/NSGlobalDomain.nix +++ b/modules/system/defaults/NSGlobalDomain.nix @@ -7,7 +7,6 @@ let inherit (config.lib.defaults.types) floatWithDeprecationError; in { options = { - system.defaults.NSGlobalDomain.AppleShowAllFiles = mkOption { type = types.nullOr types.bool; default = null; @@ -104,6 +103,14 @@ in { ''; }; + system.defaults.NSGlobalDomain.NSAutomaticInlinePredictionEnabled = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Whether to enable inline predictive text. The default is true. + ''; + }; + system.defaults.NSGlobalDomain.NSAutomaticDashSubstitutionEnabled = mkOption { type = types.nullOr types.bool; default = null; -- cgit v1.2.3 From a566238826fc77b2322b62cd52c321db8c30a1f4 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 23 Jul 2024 11:14:49 +1000 Subject: defaults: only restart Dock when user is logged in --- modules/system/defaults-write.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/system/defaults-write.nix b/modules/system/defaults-write.nix index 33e918e..18be408 100644 --- a/modules/system/defaults-write.nix +++ b/modules/system/defaults-write.nix @@ -109,8 +109,11 @@ in ${concatStringsSep "\n" CustomUserPreferences} ${optionalString (length dock > 0) '' - echo >&2 "restarting Dock..." - killall Dock + # Only restart Dock if current user is logged in + if pgrep -xu $UID Dock; then + echo >&2 "restarting Dock..." + killall Dock || true + fi ''} ''; -- cgit v1.2.3 From 5c8fb551822a137848a666472a17aeb651ee033d Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 27 Jul 2024 10:26:37 +1000 Subject: Revert "github-runnners: fix workDir missing on reboot" This reverts commit fe99aa9699e7dd4ce6a81a8a623d010cedbe7eef. --- modules/services/github-runner/service.nix | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) (limited to 'modules') diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 2fc133f..53f2cdd 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -41,7 +41,7 @@ in in { launchd = mkIf cfg.enable { - text = mkBefore '' + text = mkBefore ('' echo >&2 "setting up GitHub Runner '${cfg.name}'..." ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkStateDir cfg)} @@ -49,7 +49,10 @@ in ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkLogDir cfg)} ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)} - ''; + '' + optionalString (cfg.workDir == null) '' + ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkWorkDir cfg)} + ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} + ''); }; })); @@ -59,9 +62,6 @@ in stateDir = mkStateDir cfg; logDir = mkLogDir cfg; workDir = mkWorkDir cfg; - user = if (cfg.user != null) then cfg.user else "_github-runner"; - # If both user and group are null then we manage the group, otherwise if only group is null then there's no group - group = if (cfg.group != null) then group else if (cfg.user == null) then "_github-runner" else ""; in nameValuePair (mkSvcName name) @@ -116,12 +116,6 @@ in '' echo "Configuring GitHub Actions Runner" - ${optionalString (cfg.workDir == null) '' - # /var/run gets cleared every reboot so we need to create it before starting the service - ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg workDir} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg workDir} - ''} - # Always clean the working directory ${pkgs.findutils}/bin/find ${escapeShellArg workDir} -mindepth 1 -delete @@ -153,7 +147,7 @@ in StandardErrorPath = "${logDir}/launchd-stderr.log"; StandardOutPath = "${logDir}/launchd-stdout.log"; ThrottleInterval = 30; - UserName = user; + UserName = if (cfg.user != null) then cfg.user else "_github-runner"; WatchPaths = [ "/etc/resolv.conf" "/Library/Preferences/SystemConfiguration/NetworkInterfaces.plist" -- cgit v1.2.3 From a6903cf7e3a451347160c92edb44ba288ebce747 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 27 Jul 2024 10:39:57 +1000 Subject: activation-scripts: add extra comment --- modules/system/activation-scripts.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'modules') diff --git a/modules/system/activation-scripts.nix b/modules/system/activation-scripts.nix index 1495a7b..8325199 100644 --- a/modules/system/activation-scripts.nix +++ b/modules/system/activation-scripts.nix @@ -101,6 +101,8 @@ in ${cfg.activationScripts.preUserActivation.text} + # This should be running at the system level, but as user activation runs first + # we run it here with sudo ${cfg.activationScripts.createRun.text} ${cfg.activationScripts.checks.text} ${cfg.activationScripts.etcChecks.text} -- cgit v1.2.3 From dc8e1f4839b735ffed17cb5368d9bd7f19577eb6 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 27 Jul 2024 10:41:18 +1000 Subject: github-runners: move `workDir` outside of `/run` As `/run` gets recreated every reboot and we can't specify dependencies for launchd, creating the `workDir` every reboot will require extra complexity with a separate daemon that runs as `root` otherwise it won't have sufficient privileges. As we clean the `workDir` when the service first starts anyway, it ends up being the same. --- modules/services/github-runner/options.nix | 6 +++--- modules/services/github-runner/service.nix | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/services/github-runner/options.nix b/modules/services/github-runner/options.nix index 772eb78..8f98aa0 100644 --- a/modules/services/github-runner/options.nix +++ b/modules/services/github-runner/options.nix @@ -22,12 +22,12 @@ with lib; * `/var/lib/github-runners/`: State directory to store the runner registration credentials + * `/var/lib/github-runners/_work/`: + Working directory for workflow files. The runner only uses this + directory if `workDir` is `null` (see the `workDir` option for details). * `/var/log/github-runners/`: The launchd service writes the stdout and stderr streams to this directory. - * `/var/run/github-runners/`: - Working directory for workflow files. The runner only uses this - directory if `workDir` is `null` (see the `workDir` option for details). ''; example = { runner1 = { diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 53f2cdd..75d6442 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -4,7 +4,7 @@ let mkSvcName = name: "github-runner-${name}"; mkStateDir = cfg: "/var/lib/github-runners/${cfg.name}"; mkLogDir = cfg: "/var/log/github-runners/${cfg.name}"; - mkWorkDir = cfg: if (cfg.workDir != null) then cfg.workDir else "/var/run/github-runners/${cfg.name}"; + mkWorkDir = cfg: if (cfg.workDir != null) then cfg.workDir else "/var/lib/github-runners/_work/${cfg.name}"; in { config.assertions = flatten ( @@ -17,6 +17,10 @@ in assertion = !cfg.noDefaultLabels || (cfg.extraLabels != [ ]); message = "`services.github-runners.${name}`: The `extraLabels` option is mandatory if `noDefaultLabels` is set"; } + { + assertion = cfg.workDir == null || !(hasPrefix "/run/" cfg.workDir || hasPrefix "/var/run/" cfg.workDir || hasPrefix "/private/var/run/"); + message = "`services.github-runners.${name}`: `workDir` being inside /run is not supported"; + } ]) ); -- cgit v1.2.3 From e88eb66c2b5e7066786f5d6343f3737567a71734 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Sat, 27 Jul 2024 13:35:35 +1000 Subject: `mapAttrsFlatten` -> `mapAttrsToList` deprecated in https://github.com/NixOS/nixpkgs/commit/473e469d5a921a57b484a09d446cee6c231cd592 --- modules/environment/default.nix | 2 +- modules/programs/fish.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/environment/default.nix b/modules/environment/default.nix index bb99622..3b97a3e 100644 --- a/modules/environment/default.nix +++ b/modules/environment/default.nix @@ -9,7 +9,7 @@ let mapAttrsToList (n: v: ''export ${n}="${v}"'') cfg.variables; aliasCommands = - mapAttrsFlatten (n: v: ''alias ${n}=${escapeShellArg v}'') + mapAttrsToList (n: v: ''alias ${n}=${escapeShellArg v}'') (filterAttrs (k: v: v != null) cfg.shellAliases); makeDrvBinPath = concatMapStringsSep ":" (p: if isDerivation p then "${p}/bin" else p); diff --git a/modules/programs/fish.nix b/modules/programs/fish.nix index 77276e6..4b76e02 100644 --- a/modules/programs/fish.nix +++ b/modules/programs/fish.nix @@ -9,7 +9,7 @@ let cfg = config.programs.fish; fishAliases = concatStringsSep "\n" ( - mapAttrsFlatten (k: v: "alias ${k} ${escapeShellArg v}") + mapAttrsToList (k: v: "alias ${k} ${escapeShellArg v}") (filterAttrs (k: v: v != null) cfg.shellAliases) ); -- cgit v1.2.3 From cf45edbf271a638637d4f1a824c429d7649ecbd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 31 Jul 2024 19:34:17 +0200 Subject: programs.ssh: add certificate authorities --- modules/programs/ssh/default.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/programs/ssh/default.nix b/modules/programs/ssh/default.nix index 6f72369..51c7796 100644 --- a/modules/programs/ssh/default.nix +++ b/modules/programs/ssh/default.nix @@ -11,6 +11,14 @@ let { name, ... }: { options = { + certAuthority = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + This public key is an SSH certificate authority, rather than an + individual host's key. + ''; + }; hostNames = mkOption { type = types.listOf types.str; default = []; @@ -139,7 +147,7 @@ in { "ssh/ssh_known_hosts" = mkIf (builtins.length knownHosts > 0) { text = (flip (concatMapStringsSep "\n") knownHosts (h: assert h.hostNames != []; - concatStringsSep "," h.hostNames + " " + lib.optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " " + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile) )) + "\n"; }; -- cgit v1.2.3 From 3dd14e466c78e1a5e90ffeff5cf37b40c3a82a53 Mon Sep 17 00:00:00 2001 From: Maxime Daffis Date: Thu, 11 Jul 2024 14:56:29 +0200 Subject: (feature) Add Stage Manager (com.apple.WindowManager) settings as system.defaults.windowmanager All credits go to @AlexOwl. Their [PR](https://github.com/LnL7/nix-darwin/pull/505) looked abandonned so I reported their changes and addressed the change requests. --- modules/module-list.nix | 1 + modules/system/defaults-write.nix | 3 ++ modules/system/defaults/WindowManager.nix | 76 +++++++++++++++++++++++++++++++ 3 files changed, 80 insertions(+) create mode 100644 modules/system/defaults/WindowManager.nix (limited to 'modules') diff --git a/modules/module-list.nix b/modules/module-list.nix index d6116d9..0b62158 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -32,6 +32,7 @@ ./system/defaults/trackpad.nix ./system/defaults/universalaccess.nix ./system/defaults/ActivityMonitor.nix + ./system/defaults/WindowManager.nix ./system/etc.nix ./system/keyboard.nix ./system/launchd.nix diff --git a/modules/system/defaults-write.nix b/modules/system/defaults-write.nix index 18be408..827a7d3 100644 --- a/modules/system/defaults-write.nix +++ b/modules/system/defaults-write.nix @@ -32,6 +32,7 @@ let trackpadBluetooth = defaultsToList "com.apple.driver.AppleBluetoothMultitouch.trackpad" cfg.trackpad; universalaccess = defaultsToList "com.apple.universalaccess" cfg.universalaccess; ActivityMonitor = defaultsToList "com.apple.ActivityMonitor" cfg.ActivityMonitor; + WindowManager = defaultsToList "com.apple.WindowManager" cfg.WindowManager; CustomUserPreferences = flatten (mapAttrsToList (name: value: defaultsToList name value) cfg.CustomUserPreferences); CustomSystemPreferences = flatten (mapAttrsToList (name: value: defaultsToList name value) cfg.CustomSystemPreferences); @@ -85,6 +86,7 @@ in universalaccess ActivityMonitor CustomUserPreferences + WindowManager ] '' # Set defaults @@ -107,6 +109,7 @@ in ${concatStringsSep "\n" universalaccess} ${concatStringsSep "\n" ActivityMonitor} ${concatStringsSep "\n" CustomUserPreferences} + ${concatStringsSep "\n" WindowManager} ${optionalString (length dock > 0) '' # Only restart Dock if current user is logged in diff --git a/modules/system/defaults/WindowManager.nix b/modules/system/defaults/WindowManager.nix new file mode 100644 index 0000000..38fbaa3 --- /dev/null +++ b/modules/system/defaults/WindowManager.nix @@ -0,0 +1,76 @@ +{ config, lib, ... }: + +with lib; +{ + options = { + system.defaults.WindowManager.GloballyEnabled = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Enable Stage Manager + Stage Manager arranges your recent windows into a single strip for reduced clutter and quick access. Default is false. + ''; + }; + + system.defaults.WindowManager.EnableStandardClickToShowDesktop = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Click wallpaper to reveal desktop + Clicking your wallpaper will move all windows out of the way to allow access to your desktop items and widgets. Default is true. + false means "Only in Stage Manager" + true means "Always" + ''; + }; + + system.defaults.WindowManager.AutoHide = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Auto hide stage strip showing recent apps. Default is false. + ''; + }; + + system.defaults.WindowManager.AppWindowGroupingBehavior = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Grouping strategy when showing windows from an application. + false means "One at a time" + true means "All at once" + ''; + }; + + system.defaults.WindowManager.StandardHideDesktopIcons = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Hide items on desktop. + ''; + }; + + system.defaults.WindowManager.HideDesktop = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Hide items in Stage Manager. + ''; + }; + + system.defaults.WindowManager.StandardHideWidgets = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Hide widgets on desktop. + ''; + }; + + system.defaults.WindowManager.StageManagerHideWidgets = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Hide widgets in Stage Manager. + ''; + }; + }; +} -- cgit v1.2.3 From 636d1a09d8a4fc2306aee0c8a33dac21bd9e201a Mon Sep 17 00:00:00 2001 From: Maxime Daffis Date: Tue, 2 Jul 2024 14:22:37 +0200 Subject: (feature) Add swapLeftCtrlAndFn Use this and never find yourself again hitting fn because of muscle memory! (you can even physically swap the keycaps, at least on M series) Keycodes have been pulled from https://hidutil-generator.netlify.app/ and the hex value has been converted to a base 10 int. --- modules/system/keyboard.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'modules') diff --git a/modules/system/keyboard.nix b/modules/system/keyboard.nix index 01e2525..f4f6406 100644 --- a/modules/system/keyboard.nix +++ b/modules/system/keyboard.nix @@ -38,6 +38,12 @@ in description = "Whether to swap the left Command key and left Alt key."; }; + system.keyboard.swapLeftCtrlAndFn = mkOption { + type = types.bool; + default = false; + description = "Whether to swap the left Control key and Fn (Globe) key."; + }; + system.keyboard.userKeyMapping = mkOption { internal = true; type = types.listOf (types.attrsOf types.int); @@ -66,6 +72,14 @@ in HIDKeyboardModifierMappingSrc = 30064771298; HIDKeyboardModifierMappingDst = 30064771299; }) + (mkIf cfg.swapLeftCtrlAndFn { + HIDKeyboardModifierMappingSrc = 30064771296; + HIDKeyboardModifierMappingDst = 1095216660483; + }) + (mkIf cfg.swapLeftCtrlAndFn { + HIDKeyboardModifierMappingSrc = 1095216660483; + HIDKeyboardModifierMappingDst = 30064771296; + }) ]; system.activationScripts.keyboard.text = optionalString cfg.enableKeyMapping '' -- cgit v1.2.3 From d5dba1c6f5b4069988f9601df861fff2490fb3d2 Mon Sep 17 00:00:00 2001 From: Alice Carroll Date: Sat, 3 Aug 2024 14:57:36 +0300 Subject: refactor: rename environment.postBuild to environment.extraSetup --- modules/environment/default.nix | 25 +++++++++++++++++-------- modules/programs/info/default.nix | 2 +- 2 files changed, 18 insertions(+), 9 deletions(-) (limited to 'modules') diff --git a/modules/environment/default.nix b/modules/environment/default.nix index 3b97a3e..00d58c0 100644 --- a/modules/environment/default.nix +++ b/modules/environment/default.nix @@ -16,6 +16,10 @@ let in { + imports = [ + (mkRenamedOptionModule ["environment" "postBuild"] ["environment" "extraSetup"]) + ]; + options = { environment.systemPackages = mkOption { type = types.listOf types.package; @@ -43,12 +47,6 @@ in description = "A list of profiles used to setup the global environment."; }; - environment.postBuild = mkOption { - type = types.lines; - default = ""; - description = "Commands to execute when building the global environment."; - }; - environment.extraOutputsToInstall = mkOption { type = types.listOf types.str; default = []; @@ -147,6 +145,17 @@ in ''; type = types.lines; }; + + environment.extraSetup = mkOption { + type = types.lines; + default = ""; + description = '' + Shell fragments to be run after the system environment has been created. + This should only be used for things that need to modify the internals + of the environment, e.g. generating MIME caches. + The environment being built can be accessed at $out. + ''; + }; }; config = { @@ -188,7 +197,8 @@ in system.path = pkgs.buildEnv { name = "system-path"; paths = cfg.systemPackages; - inherit (cfg) postBuild pathsToLink extraOutputsToInstall; + postBuild = cfg.extraSetup; + inherit (cfg) pathsToLink extraOutputsToInstall; }; system.build.setEnvironment = pkgs.writeText "set-environment" '' @@ -205,6 +215,5 @@ in system.build.setAliases = pkgs.writeText "set-aliases" '' ${concatStringsSep "\n" aliasCommands} ''; - }; } diff --git a/modules/programs/info/default.nix b/modules/programs/info/default.nix index cf857d9..d70e377 100644 --- a/modules/programs/info/default.nix +++ b/modules/programs/info/default.nix @@ -22,7 +22,7 @@ in environment.pathsToLink = [ "/info" "/share/info" ]; environment.extraOutputsToInstall = [ "info" ]; - environment.postBuild = '' + environment.extraSetup = '' if test -w $out/share/info; then shopt -s nullglob for i in $out/share/info/*.info $out/share/info/*.info.gz; do -- cgit v1.2.3 From 691a590bff479964d4fe48c4244d3d4486d854fb Mon Sep 17 00:00:00 2001 From: Alice Carroll Date: Sat, 3 Aug 2024 15:00:09 +0300 Subject: feat: allow disabling channels --- modules/nix/default.nix | 43 ++++++++++++++++++++++++++++++++++++------- modules/system/checks.nix | 2 +- 2 files changed, 37 insertions(+), 8 deletions(-) (limited to 'modules') diff --git a/modules/nix/default.nix b/modules/nix/default.nix index b5ad114..09c8970 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -380,14 +380,38 @@ in ''; }; + channel = { + enable = mkOption { + description = '' + Whether the `nix-channel` command and state files are made available on the machine. + + The following files are initialized when enabled: + - `/nix/var/nix/profiles/per-user/root/channels` + - `$HOME/.nix-defexpr/channels` (on login) + + Disabling this option will not remove the state files from the system. + ''; + type = types.bool; + default = true; + }; + }; + # Definition differs substantially from NixOS module nixPath = mkOption { type = nixPathType; - default = [ + default = lib.optionals cfg.channel.enable [ + # Include default path . + { darwin-config = "${config.environment.darwinConfig}"; } + "/nix/var/nix/profiles/per-user/root/channels" + ]; + + defaultText = lib.literalExpression '' + lib.optionals cfg.channel.enable [ # Include default path . - { darwin-config = "${config.environment.darwinConfig}"; } + { darwin-config = "''${config.environment.darwinConfig}"; } "/nix/var/nix/profiles/per-user/root/channels" - ]; + ] + ''; description = '' The default Nix expression search path, used by the Nix evaluator to look up paths enclosed in angle brackets @@ -759,12 +783,12 @@ in # Set up the environment variables for running Nix. environment.variables = cfg.envVars // { NIX_PATH = cfg.nixPath; }; - environment.extraInit = - '' + environment.extraInit = mkMerge [ + (mkIf cfg.channel.enable '' if [ -e "$HOME/.nix-defexpr/channels" ]; then export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}" fi - '' + + '') # Not in NixOS module '' # Set up secure multi-user builds: non-root users build through the @@ -772,7 +796,12 @@ in if [ ! -w /nix/var/nix/db ]; then export NIX_REMOTE=daemon fi - ''; + '' + ]; + + environment.extraSetup = mkIf (!cfg.channel.enable) '' + rm --force $out/bin/nix-channel + ''; nix.nrBuildUsers = mkDefault (max 32 (if cfg.settings.max-jobs == "auto" then 0 else cfg.settings.max-jobs)); diff --git a/modules/system/checks.nix b/modules/system/checks.nix index 6d9b2cf..ce06e2f 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -236,7 +236,7 @@ in system.checks.verifyNixChannels = mkOption { type = types.bool; - default = true; + default = config.nix.channel.enable; description = "Whether to run the nix-channels validation checks."; }; -- cgit v1.2.3 From 5afa71b4131a97d72804a97a34bd4a916ea5e990 Mon Sep 17 00:00:00 2001 From: Alice Carroll Date: Sat, 3 Aug 2024 19:32:20 +0300 Subject: fix: respect user nixPath configuration --- modules/nix/default.nix | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) (limited to 'modules') diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 09c8970..14668a2 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -768,17 +768,11 @@ in ]; # Not in NixOS module - nix.nixPath = mkMerge [ - (mkIf (config.system.stateVersion < 2) (mkDefault - [ "darwin=$HOME/.nix-defexpr/darwin" - "darwin-config=$HOME/.nixpkgs/darwin-configuration.nix" - "/nix/var/nix/profiles/per-user/root/channels" - ])) - (mkIf (config.system.stateVersion > 3) (mkOrder 1200 - [ { darwin-config = "${config.environment.darwinConfig}"; } - "/nix/var/nix/profiles/per-user/root/channels" - ])) - ]; + nix.nixPath = mkIf (config.system.stateVersion < 2) (mkDefault [ + "darwin=$HOME/.nix-defexpr/darwin" + "darwin-config=$HOME/.nixpkgs/darwin-configuration.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]); # Set up the environment variables for running Nix. environment.variables = cfg.envVars // { NIX_PATH = cfg.nixPath; }; -- cgit v1.2.3 From c06794de03f9aba338ff2d24e3d7f34743e63135 Mon Sep 17 00:00:00 2001 From: isabel Date: Tue, 20 Aug 2024 15:18:57 +0100 Subject: feat: system.disableInstallerTools --- modules/nix/nix-darwin.nix | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/nix/nix-darwin.nix b/modules/nix/nix-darwin.nix index ad1ab8f..4a989d7 100644 --- a/modules/nix/nix-darwin.nix +++ b/modules/nix/nix-darwin.nix @@ -13,8 +13,19 @@ let in { - options = { - system.includeUninstaller = lib.mkOption { + options.system = { + disableInstallerTools = lib.mkOption { + type = lib.types.bool; + internal = true; + default = false; + description = '' + Disable darwin-rebuild and darwin-option. This is useful to shrink + systems which are not expected to rebuild or reconfigure themselves. + Use at your own risk! + ''; + }; + + includeUninstaller = lib.mkOption { type = lib.types.bool; internal = true; default = true; @@ -23,10 +34,10 @@ in config = { environment.systemPackages = - [ # Include nix-tools by default + [ darwin-version ] + ++ lib.optionals (!config.system.disableInstallerTools) [ darwin-option darwin-rebuild - darwin-version ] ++ lib.optional config.system.includeUninstaller darwin-uninstaller; system.build = { -- cgit v1.2.3 From 2bd4949af3984b1b568f65e68a12a1410d7ba03d Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 25 Aug 2024 14:36:37 +1000 Subject: etc: add known hash for DetSys installer 0.20.0+ --- modules/nix/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/nix/default.nix b/modules/nix/default.nix index b5ad114..3a41986 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -677,7 +677,8 @@ in "f3e03d851c240c1aa7daccd144ee929f0f5971982424c868c434eb6030e961d4" # DeterminateSystems Nix installer 0.10.0 "c6080216f2a170611e339c3f46e4e1d61aaf0d8b417ad93ade8d647da1382c11" # DeterminateSystems Nix installer 0.14.0 "97f4135d262ca22d65c9554aad795c10a4491fa61b67d9c2430f4d82bbfec9a2" # DeterminateSystems Nix installer 0.15.1 - "5d23e6d7015756c6f300f8cd558ec4d9234ca61deefd4f2478e91a49760b0747" # DeterminateSystems Nix installer 0.16.0+ + "5d23e6d7015756c6f300f8cd558ec4d9234ca61deefd4f2478e91a49760b0747" # DeterminateSystems Nix installer 0.16.0 + "e4974acb79c56148cb8e92137fa4f2de9b7356e897b332fc4e6769e8c0b83e18" # DeterminateSystems Nix installer 0.20.0 "24797ac05542ff8b52910efc77870faa5f9e3275097227ea4e50c430a5f72916" # lix-installer 0.17.1 with flakes "b027b5cad320b5b8123d9d0db9f815c3f3921596c26dc3c471457098e4d3cc40" # lix-installer 0.17.1 without flakes ]; -- cgit v1.2.3 From 544db3691c98a9bcc56b360cf3cf20bd41257ca3 Mon Sep 17 00:00:00 2001 From: Corey Jewett Date: Tue, 27 Aug 2024 14:07:12 -0700 Subject: Add sha256 for DeterminateSystems Nix installer 0.22.0 --- modules/nix/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 4419cdd..b91521a 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -703,6 +703,7 @@ in "97f4135d262ca22d65c9554aad795c10a4491fa61b67d9c2430f4d82bbfec9a2" # DeterminateSystems Nix installer 0.15.1 "5d23e6d7015756c6f300f8cd558ec4d9234ca61deefd4f2478e91a49760b0747" # DeterminateSystems Nix installer 0.16.0 "e4974acb79c56148cb8e92137fa4f2de9b7356e897b332fc4e6769e8c0b83e18" # DeterminateSystems Nix installer 0.20.0 + "966d22ef5bb9b56d481e8e0d5f7ca2deaf4d24c0f0fc969b2eeaa7ae0aa42907" # DeterminateSystems Nix installer 0.22.0 "24797ac05542ff8b52910efc77870faa5f9e3275097227ea4e50c430a5f72916" # lix-installer 0.17.1 with flakes "b027b5cad320b5b8123d9d0db9f815c3f3921596c26dc3c471457098e4d3cc40" # lix-installer 0.17.1 without flakes ]; -- cgit v1.2.3 From 75d14c62cbc4360cbd1a1b5c52dbd17b8bd08892 Mon Sep 17 00:00:00 2001 From: Ihar Hrachyshka Date: Thu, 29 Aug 2024 16:25:33 -0400 Subject: gpg: Suppress stderr from gpg-connect-agent on shell init In some scenarios, the command may fail, e.g. when the shell is executed with a different $HOME from where gpg agent is configured to run from. (E.g. this happens in kitty terminal test suite.) This patch will suppress stderr errors on tty in this situation. Note that zsh does not allow to suppress execution of /etc/zshenv on startup, so it's impossible to skip it in the test suite environment. An alternative would be to set IN_NIX_SHELL in the test suite, but this was rejected in upstream: https://github.com/kovidgoyal/kitty/pull/7800 There's also a kitty package specific fix posted here but this may be unnecessary once nix-darwin is patched here: https://github.com/NixOS/nixpkgs/pull/338070 Signed-off-by: Ihar Hrachyshka --- modules/programs/gnupg.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/programs/gnupg.nix b/modules/programs/gnupg.nix index 4c451ec..6a34e30 100644 --- a/modules/programs/gnupg.nix +++ b/modules/programs/gnupg.nix @@ -43,7 +43,7 @@ in '' + (optionalString cfg.agent.enableSSHSupport '' # SSH agent protocol doesn't support changing TTYs, so bind the agent # to every new TTY. - ${pkgs.gnupg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null + ${pkgs.gnupg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null 2>&1 export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket) ''); -- cgit v1.2.3 From e1b6f307ecfa88e9759646b22c8b9ece580e1b78 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 5 Sep 2024 13:44:17 +1000 Subject: linux-builder: make `package.nixosConfig` accurate --- modules/nix/linux-builder.nix | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) (limited to 'modules') diff --git a/modules/nix/linux-builder.nix b/modules/nix/linux-builder.nix index 9edfed6..9756fe4 100644 --- a/modules/nix/linux-builder.nix +++ b/modules/nix/linux-builder.nix @@ -3,16 +3,8 @@ with lib; let - inherit (pkgs) stdenv; - cfg = config.nix.linux-builder; - builderWithOverrides = cfg.package.override (previousArguments: { - # the linux-builder packages require a list `modules` argument, so it's - # always non-null. - modules = previousArguments.modules ++ [ cfg.config ]; - }); - # create-builder uses TMPDIR to share files with the builder, notably certs. # macOS will clean up files in /tmp automatically that haven't been accessed in 3+ days. # If we let it use /tmp, leaving the computer asleep for 3 days makes the certs vanish. @@ -23,9 +15,9 @@ let mkdir -p $TMPDIR trap "rm -rf $TMPDIR" EXIT ${lib.optionalString cfg.ephemeral '' - rm -f ${cfg.workingDirectory}/${builderWithOverrides.nixosConfig.networking.hostName}.qcow2 + rm -f ${cfg.workingDirectory}/${cfg.package.nixosConfig.networking.hostName}.qcow2 ''} - ${builderWithOverrides}/bin/create-builder + ${cfg.package}/bin/create-builder ''; in @@ -41,6 +33,11 @@ in type = types.package; default = pkgs.darwin.linux-builder; defaultText = "pkgs.darwin.linux-builder"; + apply = pkg: pkg.override (old: { + # the linux-builder package requires `modules` as an argument, so it's + # always non-null. + modules = old.modules ++ [ cfg.config ]; + }); description = '' This option specifies the Linux builder to use. ''; @@ -135,7 +132,7 @@ in systems = mkOption { type = types.listOf types.str; - default = [ builderWithOverrides.nixosConfig.nixpkgs.hostPlatform.system ]; + default = [ cfg.package.nixosConfig.nixpkgs.hostPlatform.system ]; defaultText = '' The `nixpkgs.hostPlatform.system` of the build machine's final NixOS configuration. ''; -- cgit v1.2.3 From 97e0f7275966cfab018aaee1a0d1e5ce74cd8901 Mon Sep 17 00:00:00 2001 From: Emily Date: Thu, 5 Sep 2024 10:35:57 +0100 Subject: users: allow arbitrary group IDs The upstream Nix UID/GID changes for Sequoia will require us to manage a group with GID 350. That will require more work on our end to ensure compatibility and a working migration path, but this is enough to allow hacking around it locally in system configurations for now. --- modules/users/group.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/users/group.nix b/modules/users/group.nix index 1dc26f1..0e74085 100644 --- a/modules/users/group.nix +++ b/modules/users/group.nix @@ -13,10 +13,7 @@ with lib; }; gid = mkOption { - type = mkOptionType { - name = "gid"; - check = t: isInt t && t > 501; - }; + type = types.int; description = "The group's GID."; }; -- cgit v1.2.3 From c334175319949f6887dcab89afb32f1bb38e9f88 Mon Sep 17 00:00:00 2001 From: Sirio Balmelli Date: Tue, 3 Sep 2024 11:25:58 +0200 Subject: nixos/github-runner: quote comma separators so as to pass shellcheck Shellcheck complains: > args=( > ^-- SC2054 (warning): Use spaces, not commas, to separate array elements. Quote the --labels argument to resolve. Signed-off-by: Sirio Balmelli --- modules/services/github-runner/service.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 75d6442..175b22d 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -90,7 +90,7 @@ in let configure = pkgs.writeShellApplication { name = "configure-github-runner-${name}"; - text = '' + text = /*bash*/'' export RUNNER_ROOT args=( @@ -98,7 +98,7 @@ in --disableupdate --work ${escapeShellArg workDir} --url ${escapeShellArg cfg.url} - --labels ${escapeShellArg (concatStringsSep "," cfg.extraLabels)} + --labels "${escapeShellArg (concatStringsSep "," cfg.extraLabels)}" ${optionalString (cfg.name != null ) "--name ${escapeShellArg cfg.name}"} ${optionalString cfg.replace "--replace"} ${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"} -- cgit v1.2.3 From ec76c31dbd084016d6cb2dc4796aef7b2536ff19 Mon Sep 17 00:00:00 2001 From: natsukium Date: Tue, 10 Sep 2024 22:20:22 +0900 Subject: checks.nix: fix typo --- modules/system/checks.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/checks.nix b/modules/system/checks.nix index ce06e2f..6afce81 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -197,7 +197,7 @@ let echo "error: A single-user install can't run optimiser as root, aborting activation" >&2 echo "Configure the optimiser to run as the current user:" >&2 echo >&2 - echo " nix.optimiser.user = \"$USER\";" >&2 + echo " nix.optimise.user = \"$USER\";" >&2 echo >&2 exit 2 fi -- cgit v1.2.3 From 4d59f660bc41ba35b1f6df829e8e0b7706b35ee7 Mon Sep 17 00:00:00 2001 From: Jan Malakhovski Date: Tue, 10 Sep 2024 21:35:35 +0200 Subject: zsh: move fpath init from /etc/zshrc to /etc/zshenv We want these to be set even when /etc/zshrc loading is disabled. NixOS/nixpkgs@f70e3f3738300ef1e94737c09364cd176893858f --- modules/programs/zsh/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index bbf8ad9..15d5ba7 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -135,6 +135,11 @@ in . ${config.system.build.setEnvironment} fi + # Tell zsh how to find installed completions + for p in ''${(z)NIX_PROFILES}; do + fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions) + done + ${cfg.shellInit} # Read system-wide modifications. @@ -182,11 +187,6 @@ in ${config.environment.interactiveShellInit} ${cfg.interactiveShellInit} - # Tell zsh how to find installed completions - for p in ''${(z)NIX_PROFILES}; do - fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions) - done - ${cfg.promptInit} ${optionalString cfg.enableGlobalCompInit "autoload -U compinit && compinit"} -- cgit v1.2.3 From 15f64efcaf936f3b77955018d29b4802be6b144f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Reu=C3=9Fe?= Date: Tue, 10 Sep 2024 21:40:11 +0200 Subject: zsh: prefer Nix completions these from Zsh package Zsh ships some rudimentary completions for programs where upstream also ships their own completions (e.g., curl). So as not to shadow those completions, we need to prepend to the fpath instead of appending. NixOS/nixpkgs@8dad5a22399782a4ef681174219546cb050e580f --- modules/programs/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index 15d5ba7..58a3155 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -137,7 +137,7 @@ in # Tell zsh how to find installed completions for p in ''${(z)NIX_PROFILES}; do - fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions) + fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath) done ${cfg.shellInit} -- cgit v1.2.3 From 2af5f0fb9e554ea3c85e57d35a5f2ed5a10b8867 Mon Sep 17 00:00:00 2001 From: Emily Date: Tue, 10 Sep 2024 21:32:06 +0100 Subject: checks: factor out `nix.useDaemon` check --- modules/system/checks.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/system/checks.nix b/modules/system/checks.nix index 6afce81..1cfe1c8 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -242,7 +242,9 @@ in system.checks.verifyBuildUsers = mkOption { type = types.bool; - default = !(config.nix.settings.auto-allocate-uids or false); + default = + (config.nix.useDaemon && !(config.nix.settings.auto-allocate-uids or false)) + || config.nix.configureBuildUsers; description = "Whether to run the Nix build users validation checks."; }; @@ -259,7 +261,7 @@ in darwinChanges runLink oldBuildUsers - (mkIf (config.nix.useDaemon && cfg.verifyBuildUsers) buildUsers) + (mkIf cfg.verifyBuildUsers buildUsers) (mkIf (!config.nix.useDaemon) singleUser) nixStore (mkIf (config.nix.gc.automatic && config.nix.gc.user == null) nixGarbageCollector) -- cgit v1.2.3 From 9c60c95008e2862c45d01d3d453508f644adeff6 Mon Sep 17 00:00:00 2001 From: Emily Date: Tue, 10 Sep 2024 21:32:06 +0100 Subject: checks: make `oldBuildUsers` check fail hard MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Checking for the Sequoia stuff won’t work properly if a system is still in this old state. Best to be loud about it to deal with any straggler systems that haven’t yet dealt with this issue. --- modules/system/checks.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/system/checks.nix b/modules/system/checks.nix index 1cfe1c8..f2971c4 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -46,12 +46,17 @@ let oldBuildUsers = '' if dscl . -list /Users | grep -q '^nixbld'; then - echo "warning: Detected old style nixbld users" >&2 + echo "error: Detected old style nixbld users, aborting activation" >&2 echo "These can cause migration problems when upgrading to certain macOS versions" >&2 echo "You can enable the following option to migrate to new style nixbld users" >&2 echo >&2 echo " nix.configureBuildUsers = true;" >&2 echo >&2 + echo "or disable this check with" >&2 + echo >&2 + echo " system.checks.verifyBuildUsers = false;" >&2 + echo >&2 + exit 2 fi ''; @@ -260,7 +265,7 @@ in system.checks.text = mkMerge [ darwinChanges runLink - oldBuildUsers + (mkIf (cfg.verifyBuildUsers && !config.nix.configureBuildUsers) oldBuildUsers) (mkIf cfg.verifyBuildUsers buildUsers) (mkIf (!config.nix.useDaemon) singleUser) nixStore -- cgit v1.2.3 From 88b97aa49c451070d2978b291a6280f2e1c5c2b6 Mon Sep 17 00:00:00 2001 From: Emily Date: Tue, 10 Sep 2024 16:17:57 +0100 Subject: {ids,checks}: update for new builder UID/GID values --- modules/examples/flake/flake.nix | 2 +- modules/examples/ofborg.nix | 2 +- modules/examples/simple.nix | 2 +- modules/misc/ids.nix | 7 ++--- modules/system/checks.nix | 62 ++++++++++++++++++++++++++++++++++++++++ modules/system/version.nix | 2 +- 6 files changed, 69 insertions(+), 8 deletions(-) (limited to 'modules') diff --git a/modules/examples/flake/flake.nix b/modules/examples/flake/flake.nix index 8650562..94c600e 100644 --- a/modules/examples/flake/flake.nix +++ b/modules/examples/flake/flake.nix @@ -32,7 +32,7 @@ # Used for backwards compatibility, please read the changelog before changing. # $ darwin-rebuild changelog - system.stateVersion = 4; + system.stateVersion = 5; # The platform the configuration will be used on. nixpkgs.hostPlatform = "x86_64-darwin"; diff --git a/modules/examples/ofborg.nix b/modules/examples/ofborg.nix index 1054c57..6cef6e7 100644 --- a/modules/examples/ofborg.nix +++ b/modules/examples/ofborg.nix @@ -25,5 +25,5 @@ with lib; # Used for backwards compatibility, please read the changelog before changing. # $ darwin-rebuild changelog - system.stateVersion = 4; + system.stateVersion = 5; } diff --git a/modules/examples/simple.nix b/modules/examples/simple.nix index d146fde..1133da8 100644 --- a/modules/examples/simple.nix +++ b/modules/examples/simple.nix @@ -21,5 +21,5 @@ # Used for backwards compatibility, please read the changelog before changing. # $ darwin-rebuild changelog - system.stateVersion = 4; + system.stateVersion = 5; } diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix index 07f1240..c0f3a19 100644 --- a/modules/misc/ids.nix +++ b/modules/misc/ids.nix @@ -8,7 +8,7 @@ # to change uids/gids on service start, in example a service with a lot of # files. -{ lib, ... }: +{ lib, config, ... }: let inherit (lib) types; @@ -34,15 +34,14 @@ in }; - config = { ids.uids = { - nixbld = 300; + nixbld = lib.mkDefault 350; }; ids.gids = { - nixbld = 30000; + nixbld = lib.mkDefault (if config.system.stateVersion < 5 then 30000 else 350); }; }; diff --git a/modules/system/checks.nix b/modules/system/checks.nix index f2971c4..5ef9e52 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -57,7 +57,41 @@ let echo " system.checks.verifyBuildUsers = false;" >&2 echo >&2 exit 2 + fi + ''; + + preSequoiaBuildUsers = '' + ${lib.optionalString config.nix.configureBuildUsers '' + # Don’t complain when we’re about to migrate old‐style build users… + if ! dscl . -list /Users | grep -q '^nixbld'; then + ''} + firstBuildUserID=$(dscl . -read /Users/_nixbld1 UniqueID | awk '{print $2}') + if [[ $firstBuildUserID != ${toString (config.ids.uids.nixbld + 1)} ]]; then + printf >&2 '\e[1;31merror: Build users have unexpected UIDs, aborting activation\e[0m\n' + printf >&2 'The default Nix build user ID range has been adjusted for\n' + printf >&2 'compatibility with macOS Sequoia 15. Your _nixbld1 user currently has\n' + printf >&2 'UID %d rather than the new default of 351.\n' "$firstBuildUserID" + printf >&2 '\n' + printf >&2 'You can automatically migrate your users using the following script\n' + printf >&2 'from the Nix repository:\n' + printf >&2 '\n' + printf >&2 ' https://github.com/NixOS/nix/raw/master/scripts/sequoia-nixbld-user-migration.sh\n' + printf >&2 '\n' + printf >&2 'This should work even if you installed Nix with the Determinate\n' + printf >&2 'Systems installer or are using Lix. If you are comfortable using the\n' + printf >&2 'script without review, you can run:\n' + printf >&2 '\n' + printf >&2 " curl --proto '=https' --tlsv1.2 -sSf -L https://github.com/NixOS/nix/raw/master/scripts/sequoia-nixbld-user-migration.sh | bash -\n" + printf >&2 '\n' + printf >&2 'If you have no intention of upgrading to macOS Sequoia 15, or already\n' + printf >&2 'have a custom UID range that you know is compatible with Sequoia, you\n' + printf >&2 'can disable this check by setting:\n' + printf >&2 '\n' + printf >&2 ' ids.uids.nixbld = %d;\n' "$((firstBuildUserID - 1))" + printf >&2 '\n' + exit 2 fi + ${lib.optionalString config.nix.configureBuildUsers "fi"} ''; buildUsers = '' @@ -75,6 +109,32 @@ let fi ''; + buildGroupID = '' + buildGroupID=$(dscl . -read /Groups/nixbld PrimaryGroupID | awk '{print $2}') + expectedBuildGroupID=${toString config.ids.gids.nixbld} + if [[ $buildGroupID != $expectedBuildGroupID ]]; then + printf >&2 '\e[1;31merror: Build user group has mismatching GID, aborting activation\e[0m\n' + printf >&2 'The default Nix build user group ID was changed from 30000 to 350.\n' + printf >&2 'You are currently managing Nix build users with nix-darwin, but your\n' + printf >&2 'nixbld group has GID %d, whereas we expected %d.\n' \ + "$buildGroupID" "$expectedBuildGroupID" + printf >&2 '\n' + printf >&2 'Possible causes include setting up a new Nix installation with an\n' + printf >&2 'existing nix-darwin configuration, setting up a new nix-darwin\n' + printf >&2 'installation with an existing Nix installation, or manually increasing\n' + printf >&2 'your `system.stateVersion` setting.\n' + printf >&2 '\n' + printf >&2 'You can set the configured group ID to match the actual value:\n' + printf >&2 '\n' + printf >&2 ' ids.gids.nixbld = %d;\n' "$buildGroupID" + printf >&2 '\n' + printf >&2 'We do not recommend trying to change the group ID with macOS user\n' + printf >&2 'management tools without a complete uninstallation and reinstallation\n' + printf >&2 'of Nix.\n' + exit 2 + fi + ''; + singleUser = '' if grep -q 'build-users-group =' /etc/nix/nix.conf; then echo "error: The daemon is not enabled but this is a multi-user install, aborting activation" >&2 @@ -267,6 +327,8 @@ in runLink (mkIf (cfg.verifyBuildUsers && !config.nix.configureBuildUsers) oldBuildUsers) (mkIf cfg.verifyBuildUsers buildUsers) + (mkIf cfg.verifyBuildUsers preSequoiaBuildUsers) + (mkIf config.nix.configureBuildUsers buildGroupID) (mkIf (!config.nix.useDaemon) singleUser) nixStore (mkIf (config.nix.gc.automatic && config.nix.gc.user == null) nixGarbageCollector) diff --git a/modules/system/version.nix b/modules/system/version.nix index fa6ce6e..df8b7a0 100644 --- a/modules/system/version.nix +++ b/modules/system/version.nix @@ -35,7 +35,7 @@ in options = { system.stateVersion = mkOption { type = types.int; - default = 4; + default = 5; description = '' Every once in a while, a new NixOS release may change configuration defaults in a way incompatible with stateful -- cgit v1.2.3 From 8714f9e28529183d65d9f42ac92cdc5d70dbb6f7 Mon Sep 17 00:00:00 2001 From: Jade Lovelace Date: Tue, 10 Sep 2024 22:37:18 +0200 Subject: flake: put nixpkgs in NIX_PATH and system registry for flake configs Currently there are a bunch of really wacky hacks required to get nixpkgs path correctly set up under flake configs such that `nix run nixpkgs#hello` and `nix run -f '' hello` hit the nixpkgs that the system was built with. In particular you have to use specialArgs or an anonymous module, and everyone has to include this hack in their own configs. We can do this for users automatically. NixOS/nixpkgs@e456032addae76701eb17e6c03fc515fd78ad74f Co-authored-by: Antoine Cotten --- modules/module-list.nix | 1 + modules/nix/nixpkgs-flake.nix | 105 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+) create mode 100644 modules/nix/nixpkgs-flake.nix (limited to 'modules') diff --git a/modules/module-list.nix b/modules/module-list.nix index 0b62158..48880f0 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -47,6 +47,7 @@ ./nix/linux-builder.nix ./nix/nix-darwin.nix ./nix/nixpkgs.nix + ./nix/nixpkgs-flake.nix ./environment ./fonts ./launchd diff --git a/modules/nix/nixpkgs-flake.nix b/modules/nix/nixpkgs-flake.nix new file mode 100644 index 0000000..bb7c1b0 --- /dev/null +++ b/modules/nix/nixpkgs-flake.nix @@ -0,0 +1,105 @@ +{ config, options, lib, ... }: + +with lib; + +let + cfg = config.nixpkgs.flake; +in +{ + options.nixpkgs.flake = { + source = mkOption { + # In newer Nix versions, particularly with lazy trees, outPath of + # flakes becomes a Nix-language path object. We deliberately allow this + # to gracefully come through the interface in discussion with @roberth. + # + # See: https://github.com/NixOS/nixpkgs/pull/278522#discussion_r1460292639 + type = types.nullOr (types.either types.str types.path); + + default = null; + defaultText = "if (using nix-darwin.lib.darwinSystem) then nixpkgs.source else null"; + + example = ''builtins.fetchTarball { name = "source"; sha256 = "${lib.fakeHash}"; url = "https://github.com/nixos/nixpkgs/archive/somecommit.tar.gz"; }''; + + description = '' + The path to the nixpkgs sources used to build the system. This is automatically set up to be + the store path of the nixpkgs flake used to build the system if using + `nixpkgs.lib.darwinSystem`, and is otherwise null by default. + + This can also be optionally set if the nix-darwin system is not built with a flake but still uses + pinned sources: set this to the store path for the nixpkgs sources used to build the system, + as may be obtained by `builtins.fetchTarball`, for example. + + Note: the name of the store path must be "source" due to + . + ''; + }; + + setNixPath = mkOption { + type = types.bool; + + default = cfg.source != null; + defaultText = "config.nixpkgs.flake.source != null"; + + description = '' + Whether to set {env}`NIX_PATH` to include `nixpkgs=flake:nixpkgs` such that `` + lookups receive the version of nixpkgs that the system was built with, in concert with + {option}`nixpkgs.flake.setFlakeRegistry`. + + This is on by default for nix-darwin configurations built with flakes. + + This makes {command}`nix-build '' -A hello` work out of the box on flake systems. + + Note that this option makes the nix-darwin closure depend on the nixpkgs sources, which may add + undesired closure size if the system will not have any nix commands run on it. + ''; + }; + + setFlakeRegistry = mkOption { + type = types.bool; + + default = cfg.source != null; + defaultText = "config.nixpkgs.flake.source != null"; + + description = '' + Whether to pin nixpkgs in the system-wide flake registry (`/etc/nix/registry.json`) to the + store path of the sources of nixpkgs used to build the nix-darwin system. + + This is on by default for nix-darwin configurations built with flakes. + + This option makes {command}`nix run nixpkgs#hello` reuse dependencies from the system, avoid + refetching nixpkgs, and have a consistent result every time. + + Note that this option makes the nix-darwin closure depend on the nixpkgs sources, which may add + undesired closure size if the system will not have any nix commands run on it. + ''; + }; + }; + + config = mkIf (cfg.source != null) (mkMerge [ + { + assertions = [ + { + assertion = cfg.setNixPath -> cfg.setFlakeRegistry; + message = '' + Setting `nixpkgs.flake.setNixPath` requires that `nixpkgs.flake.setFlakeRegistry` also + be set, since it is implemented in terms of indirection through the flake registry. + ''; + } + ]; + } + (mkIf cfg.setFlakeRegistry { + nix.registry.nixpkgs.to = mkDefault { + type = "path"; + path = cfg.source; + }; + }) + (mkIf cfg.setNixPath { + # N.B. This does not include darwin-config in NIX_PATH unlike modules/nix/default.nix + # because we would need some kind of evil shim taking the *calling* flake's self path, + # perhaps, to ever make that work (in order to know where the Nix expr for the system came + # from and how to call it). + nix.nixPath = mkDefault ([ "nixpkgs=flake:nixpkgs" ] + ++ optional config.nix.channel.enable "/nix/var/nix/profiles/per-user/root/channels"); + }) + ]); +} -- cgit v1.2.3 From 7e6c548eef2372cef1287ef45350e29ca5740159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 11 Sep 2024 13:01:26 +0200 Subject: zsh: let children shells set their fpath Currently zshenv by default only sets fpath without exporting it. A parent shell would also not set those variables usually as they are shell local. It also sources a file called set-environment but this is protected by an environment variable called __NIX_DARWIN_SET_ENVIRONMENT_DONE. Hence any modification done by the parent shell should persist as long as __NIX_DARWIN_SET_ENVIRONMENT_DONE is not unset. This behavior deviates from what we do in bashrc and breaks common setups such as tmux/mosh or screen. NixOS/nixpkgs@55819e6c861f53450030eea832a76583a6786370 --- modules/programs/zsh/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index 58a3155..1f36740 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -124,9 +124,8 @@ in # This file is read for all shells. # Only execute this file once per shell. - # But don't clobber the environment of interactive non-login children! if [ -n "$__ETC_ZSHENV_SOURCED" ]; then return; fi - export __ETC_ZSHENV_SOURCED=1 + __ETC_ZSHENV_SOURCED=1 # Don't execute this file when running in a pure nix-shell. if test -n "$IN_NIX_SHELL"; then return; fi -- cgit v1.2.3 From 6ad463a76421022de6762e6f50128febb970dcfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Reu=C3=9Fe?= Date: Wed, 11 Sep 2024 14:03:57 +0200 Subject: zsh: don't be noisy when scripts are run with -u When a script specifies the shell option "nounset" as part of the shebang (e.g., via "#!/usr/bin/env -S zsh -u"), our initialization scripts would produce error messages of the form: __ETC_FOO_SOURCED: parameter not set These messages could probably be confusing to users when running such scripts. By providing a fall-back in the parameter expansion, we can avoid them. This patch does not address interactive shell start-up, where such messages may (or may not) be less problematic. NixOS/nixpkgs@7d84dbdf5b91439f798363559310d86b21bfa86c --- modules/programs/zsh/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index 1f36740..7574f8e 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -124,13 +124,13 @@ in # This file is read for all shells. # Only execute this file once per shell. - if [ -n "$__ETC_ZSHENV_SOURCED" ]; then return; fi + if [ -n "''${__ETC_ZSHENV_SOURCED-}" ]; then return; fi __ETC_ZSHENV_SOURCED=1 # Don't execute this file when running in a pure nix-shell. if test -n "$IN_NIX_SHELL"; then return; fi - if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then + if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then . ${config.system.build.setEnvironment} fi @@ -152,7 +152,7 @@ in # This file is read for login shells. # Only execute this file once per shell. - if [ -n "$__ETC_ZPROFILE_SOURCED" ]; then return; fi + if [ -n "''${__ETC_ZPROFILE_SOURCED-}" ]; then return; fi __ETC_ZPROFILE_SOURCED=1 ${concatStringsSep "\n" zshVariables} -- cgit v1.2.3 From 04e3cfc822568d354b540a3207121af27b699057 Mon Sep 17 00:00:00 2001 From: Emily Date: Thu, 12 Sep 2024 17:21:48 +0100 Subject: version: make `system.stateVersion` mandatory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When testing the Sequoia UID change, I discovered that @mjm didn’t have `system.stateVersion` set; I suspect this is not too uncommon. Let’s make it required now, like NixOS is trying to, to improve our backwards‐compatibility story in anticipation of starting to cut release branches. --- modules/system/version.nix | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) (limited to 'modules') diff --git a/modules/system/version.nix b/modules/system/version.nix index df8b7a0..826ad35 100644 --- a/modules/system/version.nix +++ b/modules/system/version.nix @@ -5,8 +5,6 @@ with lib; let cfg = config.system; - defaultStateVersion = options.system.stateVersion.default; - # Based on `lib.trivial.revisionWithDefault` from nixpkgs. gitRevision = path: if pathIsGitRepo "${path}/.git" @@ -34,8 +32,9 @@ in { options = { system.stateVersion = mkOption { - type = types.int; - default = 5; + type = types.ints.between 1 config.system.maxStateVersion; + # TODO: Remove this default and the assertion below. + default = config.system.maxStateVersion; description = '' Every once in a while, a new NixOS release may change configuration defaults in a way incompatible with stateful @@ -49,6 +48,12 @@ in ''; }; + system.maxStateVersion = mkOption { + internal = true; + type = types.int; + default = 5; + }; + system.darwinLabel = mkOption { type = types.str; description = "Label to be used in the names of generated outputs."; @@ -121,9 +126,22 @@ in # documentation is not reprocessed on every commit system.darwinLabel = mkDefault "${cfg.nixpkgsVersion}+${cfg.darwinVersion}"; - assertions = [ { - assertion = cfg.stateVersion <= defaultStateVersion; - message = "system.stateVersion = ${toString cfg.stateVersion}; is not a valid value"; - } ]; + assertions = [ + { + assertion = options.system.stateVersion.highestPrio != (lib.mkOptionDefault { }).priority; + message = '' + The `system.stateVersion` option is not defined in your + nix-darwin configuration. The value is used to conditionalize + backwards‐incompatible changes in default settings. You should + usually set this once when installing nix-darwin on a new system + and then never change it (at least without reading all the relevant + entries in the changelog using `darwin-rebuild changelog`). + + You can use the current value for new installations as follows: + + system.stateVersion = ${toString config.system.maxStateVersion}; + ''; + } + ]; }; } -- cgit v1.2.3 From 953d02ba5958df017d9682f727d10a75cb8a0391 Mon Sep 17 00:00:00 2001 From: Antoine Cotten Date: Thu, 12 Sep 2024 17:37:56 +0000 Subject: {bash,zsh}: remove nix-shell early return in /etc/{bashrc,zshenv} The condition does not match the comment, and therefore not the original intention. It currently returns early in *any* type of Nix shell, not just pure ones, including 'nix develop'. Besides being unnecessary, this check prevents Nix shells from functioning properly. For instance, it causes the initialization of the Zsh fpath to be skipped, which is critical. The fact that the user is unable to opt out of this behaviour makes this an ever bigger problem since /etc/zshenv is being loaded unconditionally by Zsh. For reference, NixOS does not perform such check, and apparently never did. --- modules/programs/bash/default.nix | 3 --- modules/programs/zsh/default.nix | 3 --- 2 files changed, 6 deletions(-) (limited to 'modules') diff --git a/modules/programs/bash/default.nix b/modules/programs/bash/default.nix index 2e27ff9..3abb3e8 100644 --- a/modules/programs/bash/default.nix +++ b/modules/programs/bash/default.nix @@ -55,9 +55,6 @@ in if [ -n "$__ETC_BASHRC_SOURCED" -o -n "$NOSYSBASHRC" ]; then return; fi __ETC_BASHRC_SOURCED=1 - # Don't execute this file when running in a pure nix-shell. - if [ "$IN_NIX_SHELL" = "pure" ]; then return; fi - if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then . ${config.system.build.setEnvironment} fi diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index 7574f8e..bfbfc59 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -127,9 +127,6 @@ in if [ -n "''${__ETC_ZSHENV_SOURCED-}" ]; then return; fi __ETC_ZSHENV_SOURCED=1 - # Don't execute this file when running in a pure nix-shell. - if test -n "$IN_NIX_SHELL"; then return; fi - if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then . ${config.system.build.setEnvironment} fi -- cgit v1.2.3 From 3b087efcbdb72f89e0c80a3ebdf4e091b7a48e41 Mon Sep 17 00:00:00 2001 From: Niklas Ravnsborg Date: Wed, 4 Sep 2024 23:03:14 +0200 Subject: add `NSGlobalDomain.AppleSpacesSwitchOnActivate` option --- modules/system/defaults/NSGlobalDomain.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'modules') diff --git a/modules/system/defaults/NSGlobalDomain.nix b/modules/system/defaults/NSGlobalDomain.nix index 6dcedca..01e7a45 100644 --- a/modules/system/defaults/NSGlobalDomain.nix +++ b/modules/system/defaults/NSGlobalDomain.nix @@ -95,6 +95,14 @@ in { ''; }; + system.defaults.NSGlobalDomain.AppleSpacesSwitchOnActivate = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Whether or not to switch to a workspace that has a window of the application open, that is switched to. The default is true. + ''; + }; + system.defaults.NSGlobalDomain.NSAutomaticCapitalizationEnabled = mkOption { type = types.nullOr types.bool; default = null; -- cgit v1.2.3 From 3d48a9893a12929d48f3ca4279fcfb8a8d4aac96 Mon Sep 17 00:00:00 2001 From: Niklas Ravnsborg Date: Wed, 4 Sep 2024 23:04:29 +0200 Subject: add `finder._FXSortFoldersFirst` option --- modules/system/defaults/finder.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'modules') diff --git a/modules/system/defaults/finder.nix b/modules/system/defaults/finder.nix index 478639f..1da93c0 100644 --- a/modules/system/defaults/finder.nix +++ b/modules/system/defaults/finder.nix @@ -80,6 +80,14 @@ with lib; ''; }; + system.defaults.finder._FXSortFoldersFirst = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Keep folders on top when sorting by name. The default is false. + ''; + }; + system.defaults.finder.FXEnableExtensionChangeWarning = mkOption { type = types.nullOr types.bool; default = null; -- cgit v1.2.3 From 2841f496312a3e9b4d48e18af435ee46a11a1bb6 Mon Sep 17 00:00:00 2001 From: Niklas Ravnsborg Date: Wed, 4 Sep 2024 23:07:41 +0200 Subject: fix description typo in `dock.nix` --- modules/system/defaults/dock.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/defaults/dock.nix b/modules/system/defaults/dock.nix index 1e8797f..d92b2f1 100644 --- a/modules/system/defaults/dock.nix +++ b/modules/system/defaults/dock.nix @@ -20,7 +20,7 @@ in { type = types.nullOr types.bool; default = null; description = '' - Whether to automatically hide and show the dock. The default is false. + Whether to automatically hide and show the dock. The default is false. ''; }; -- cgit v1.2.3 From ef16775e43db158324528b8a59361d67fd4160eb Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 15 Sep 2024 21:07:10 +0100 Subject: checks: show Sequoia migration commands for other installers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is hopefully largely cosmetic, but should increase user confidence in the safety and effectiveness of the migration, and the Determinate Systems and Lix installer commands will also update the `/nix/receipt.json` files to match the changes made. They cannot properly handle the format of each other’s receipts, so we need to detect which was used. --- modules/system/checks.nix | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) (limited to 'modules') diff --git a/modules/system/checks.nix b/modules/system/checks.nix index 5ef9e52..497cd9a 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -72,16 +72,24 @@ let printf >&2 'compatibility with macOS Sequoia 15. Your _nixbld1 user currently has\n' printf >&2 'UID %d rather than the new default of 351.\n' "$firstBuildUserID" printf >&2 '\n' - printf >&2 'You can automatically migrate your users using the following script\n' - printf >&2 'from the Nix repository:\n' + printf >&2 'You can automatically migrate the users with the following command:\n' printf >&2 '\n' - printf >&2 ' https://github.com/NixOS/nix/raw/master/scripts/sequoia-nixbld-user-migration.sh\n' - printf >&2 '\n' - printf >&2 'This should work even if you installed Nix with the Determinate\n' - printf >&2 'Systems installer or are using Lix. If you are comfortable using the\n' - printf >&2 'script without review, you can run:\n' - printf >&2 '\n' - printf >&2 " curl --proto '=https' --tlsv1.2 -sSf -L https://github.com/NixOS/nix/raw/master/scripts/sequoia-nixbld-user-migration.sh | bash -\n" + if [[ -e /nix/receipt.json ]]; then + if + ${pkgs.jq}/bin/jq --exit-status \ + 'try(.planner.settings | has("enable_flakes"))' \ + /nix/receipt.json \ + >/dev/null + then + installerUrl="https://install.lix.systems/lix" + else + installerUrl="https://install.determinate.systems/nix" + fi + printf >&2 " curl --proto '=https' --tlsv1.2 -sSf -L %s | sh -s -- repair sequoia --move-existing-users\n" \ + "$installerUrl" + else + printf >&2 " curl --proto '=https' --tlsv1.2 -sSf -L https://github.com/NixOS/nix/raw/master/scripts/sequoia-nixbld-user-migration.sh | bash -\n" + fi printf >&2 '\n' printf >&2 'If you have no intention of upgrading to macOS Sequoia 15, or already\n' printf >&2 'have a custom UID range that you know is compatible with Sequoia, you\n' -- cgit v1.2.3 From 034c45dd0cac806b527e64c143020676e1070769 Mon Sep 17 00:00:00 2001 From: will Date: Sat, 31 Aug 2024 18:27:10 +1000 Subject: feat: use wait4path with script launchd option addresses https://github.com/LnL7/nix-darwin/issues/1043 fix: use exec in launchd daemon config fix: dont use a script thats in the nix store fix: remove manual wait4path in linux-builder fix: remove manual wait4path in karabiner elements fix: remove manual wait4path in nix-daemon fix: remove manual wait4path in nix-optimise fix: remove manual wait4path in tailscaled fix: autossh test Revert "fix: remove manual wait4path in nix-daemon" This reverts commit 6aec084fa5d095666e81676e78f7054c83703faa. fix: remove bad exec Reapply "fix: remove manual wait4path in nix-daemon" This reverts commit c8f136ecc555f803124af471324bc6ed1163d6dd. fix: update autossh test to reflect changes in f86e6133d957becb1958da638516b0860fbd7491 fix: services-activate-system-changed-label-prefix test fix: services-buildkite-agent test fix: services-activate-system test fix: escape ampersand fix: services-lorri test fix: services-nix-optimise test fix: services-nix-gc test refactor: use script rather than command in daemon fix: use config.command for clarity style: fix indentation fix: use lib.getExe rather than directly pointing to file revert: a87fc7bbbbdb7c25c5ad6721c93990ea035affdd - mistaken refactor meant that service waited for nix store and not the relevant path --- modules/launchd/default.nix | 7 +++-- modules/nix/linux-builder.nix | 35 +++++++++++-------------- modules/services/karabiner-elements/default.nix | 20 ++++---------- modules/services/nix-daemon.nix | 5 +--- modules/services/nix-optimise/default.nix | 5 +--- modules/services/tailscale.nix | 5 +--- 6 files changed, 29 insertions(+), 48 deletions(-) (limited to 'modules') diff --git a/modules/launchd/default.nix b/modules/launchd/default.nix index ccb6cc6..64b6af7 100644 --- a/modules/launchd/default.nix +++ b/modules/launchd/default.nix @@ -20,7 +20,6 @@ let { config, name, ... }: let - cmd = config.command; env = config.environment // optionalAttrs (config.path != "") { PATH = config.path; }; in @@ -88,7 +87,11 @@ let ''); serviceConfig.Label = mkDefault "${cfg.labelPrefix}.${name}"; - serviceConfig.ProgramArguments = mkIf (cmd != "") [ "/bin/sh" "-c" "exec ${cmd}" ]; + serviceConfig.ProgramArguments = mkIf (config.command != "") [ + "/bin/sh" + "-c" + "/bin/wait4path /nix/store && exec ${config.command}" + ]; serviceConfig.EnvironmentVariables = mkIf (env != {}) env; }; }; diff --git a/modules/nix/linux-builder.nix b/modules/nix/linux-builder.nix index 9756fe4..2bcb62e 100644 --- a/modules/nix/linux-builder.nix +++ b/modules/nix/linux-builder.nix @@ -4,21 +4,6 @@ with lib; let cfg = config.nix.linux-builder; - - # create-builder uses TMPDIR to share files with the builder, notably certs. - # macOS will clean up files in /tmp automatically that haven't been accessed in 3+ days. - # If we let it use /tmp, leaving the computer asleep for 3 days makes the certs vanish. - # So we'll use /run/org.nixos.linux-builder instead and clean it up ourselves. - script = pkgs.writeShellScript "linux-builder-start" '' - export TMPDIR=/run/org.nixos.linux-builder USE_TMPDIR=1 - rm -rf $TMPDIR - mkdir -p $TMPDIR - trap "rm -rf $TMPDIR" EXIT - ${lib.optionalString cfg.ephemeral '' - rm -f ${cfg.workingDirectory}/${cfg.package.nixosConfig.networking.hostName}.qcow2 - ''} - ${cfg.package}/bin/create-builder - ''; in { @@ -176,11 +161,23 @@ in environment = { inherit (config.environment.variables) NIX_SSL_CERT_FILE; }; + + # create-builder uses TMPDIR to share files with the builder, notably certs. + # macOS will clean up files in /tmp automatically that haven't been accessed in 3+ days. + # If we let it use /tmp, leaving the computer asleep for 3 days makes the certs vanish. + # So we'll use /run/org.nixos.linux-builder instead and clean it up ourselves. + script = '' + export TMPDIR=/run/org.nixos.linux-builder USE_TMPDIR=1 + rm -rf $TMPDIR + mkdir -p $TMPDIR + trap "rm -rf $TMPDIR" EXIT + ${lib.optionalString cfg.ephemeral '' + rm -f ${cfg.workingDirectory}/${cfg.package.nixosConfig.networking.hostName}.qcow2 + ''} + ${cfg.package}/bin/create-builder + ''; + serviceConfig = { - ProgramArguments = [ - "/bin/sh" "-c" - "/bin/wait4path /nix/store && exec ${script}" - ]; KeepAlive = true; RunAtLoad = true; WorkingDirectory = cfg.workingDirectory; diff --git a/modules/services/karabiner-elements/default.nix b/modules/services/karabiner-elements/default.nix index 2f415b2..0e2bb43 100644 --- a/modules/services/karabiner-elements/default.nix +++ b/modules/services/karabiner-elements/default.nix @@ -38,14 +38,11 @@ in # the system extension is activated, so we can call activate from the manager # which will block until the system extension is activated. launchd.daemons.start_karabiner_daemons = { - serviceConfig.ProgramArguments = [ - "/bin/sh" "-c" - "/bin/wait4path /nix/store && ${pkgs.writeScript "start_karabiner_daemons" '' + script = '' ${parentAppDir}/.Karabiner-VirtualHIDDevice-Manager.app/Contents/MacOS/Karabiner-VirtualHIDDevice-Manager activate launchctl kickstart system/org.pqrs.karabiner.karabiner_grabber launchctl kickstart system/org.pqrs.karabiner.karabiner_observer - ''}" - ]; + ''; serviceConfig.Label = "org.nixos.start_karabiner_daemons"; serviceConfig.RunAtLoad = true; }; @@ -73,11 +70,7 @@ in }; launchd.daemons.Karabiner-DriverKit-VirtualHIDDeviceClient = { - serviceConfig.ProgramArguments = [ - "/bin/sh" "-c" - # For unknown reasons this daemon will fail if VirtualHIDDeviceClient is not exec'd. - "/bin/wait4path /nix/store && exec \"${pkgs.karabiner-elements.driver}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient\"" - ]; + command = "${pkgs.karabiner-elements.driver}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient"; serviceConfig.ProcessType = "Interactive"; serviceConfig.Label = "org.pqrs.Karabiner-DriverKit-VirtualHIDDeviceClient"; serviceConfig.KeepAlive = true; @@ -95,14 +88,11 @@ in # We need this to run every reboot as /run gets nuked so we can't put this # inside the preActivation script as it only gets run on darwin-rebuild switch. launchd.daemons.setsuid_karabiner_session_monitor = { - serviceConfig.ProgramArguments = [ - "/bin/sh" "-c" - "/bin/wait4path /nix/store && ${pkgs.writeScript "setsuid_karabiner_session_monitor" '' + script = '' rm -rf /run/wrappers mkdir -p /run/wrappers/bin install -m4555 "${pkgs.karabiner-elements}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_session_monitor" /run/wrappers/bin - ''}" - ]; + ''; serviceConfig.RunAtLoad = true; serviceConfig.KeepAlive.SuccessfulExit = false; }; diff --git a/modules/services/nix-daemon.nix b/modules/services/nix-daemon.nix index 42d31c9..6718ac0 100644 --- a/modules/services/nix-daemon.nix +++ b/modules/services/nix-daemon.nix @@ -44,10 +44,7 @@ in nix.useDaemon = true; launchd.daemons.nix-daemon = { - serviceConfig.ProgramArguments = [ - "/bin/sh" "-c" - "/bin/wait4path ${config.nix.package}/bin/nix-daemon && exec ${config.nix.package}/bin/nix-daemon" - ]; + command = lib.getExe' config.nix.package "nix-daemon"; serviceConfig.ProcessType = config.nix.daemonProcessType; serviceConfig.LowPriorityIO = config.nix.daemonIOLowPriority; serviceConfig.Label = "org.nixos.nix-daemon"; # must match daemon installed by Nix regardless of the launchd label Prefix diff --git a/modules/services/nix-optimise/default.nix b/modules/services/nix-optimise/default.nix index d8dc401..c0ee0a3 100644 --- a/modules/services/nix-optimise/default.nix +++ b/modules/services/nix-optimise/default.nix @@ -62,11 +62,8 @@ in launchd.daemons.nix-optimise = { environment.NIX_REMOTE = optionalString config.nix.useDaemon "daemon"; + command = "${lib.getExe' config.nix.package "nix-store"} --optimise"; serviceConfig = { - ProgramArguments = [ - "/bin/sh" "-c" - "/bin/wait4path ${config.nix.package} && exec ${config.nix.package}/bin/nix-store --optimise" - ]; RunAtLoad = false; StartCalendarInterval = cfg.interval; UserName = cfg.user; diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix index 3c826cf..e7d6b0d 100644 --- a/modules/services/tailscale.nix +++ b/modules/services/tailscale.nix @@ -54,12 +54,9 @@ in launchd.daemons.tailscaled = { # derived from # https://github.com/tailscale/tailscale/blob/main/cmd/tailscaled/install_darwin.go#L30 + command = lib.getExe' cfg.package "tailscaled"; serviceConfig = { Label = "com.tailscale.tailscaled"; - ProgramArguments = [ - "/bin/sh" "-c" - "/bin/wait4path ${cfg.package} && ${cfg.package}/bin/tailscaled" - ]; RunAtLoad = true; }; }; -- cgit v1.2.3 From 3d19b90fc74fa316cfb37b514e006d37c51e22a8 Mon Sep 17 00:00:00 2001 From: will Date: Sat, 28 Sep 2024 15:13:31 +1000 Subject: fix: karabiner elements virtualhiddeviceclient - command needed to be quoted --- modules/services/karabiner-elements/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/services/karabiner-elements/default.nix b/modules/services/karabiner-elements/default.nix index 0e2bb43..2764505 100644 --- a/modules/services/karabiner-elements/default.nix +++ b/modules/services/karabiner-elements/default.nix @@ -70,7 +70,7 @@ in }; launchd.daemons.Karabiner-DriverKit-VirtualHIDDeviceClient = { - command = "${pkgs.karabiner-elements.driver}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient"; + command = "\"${pkgs.karabiner-elements.driver}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient\""; serviceConfig.ProcessType = "Interactive"; serviceConfig.Label = "org.pqrs.Karabiner-DriverKit-VirtualHIDDeviceClient"; serviceConfig.KeepAlive = true; -- cgit v1.2.3 From f9ee41a05d4d4a0a39afcefddf8b5d631b9cf6d3 Mon Sep 17 00:00:00 2001 From: Roger Steve Ruiz Date: Sat, 28 Sep 2024 23:28:34 -0500 Subject: Adding option for slow-motion-allowed; This was inspired by a recent Daring Fireball post where I was reminded about this feature and how it's missing from being able to configure it in Nix-Darwin. [https://daringfireball.net/linked/2024/09/28/hidden-pref-to-restore-slow-motion-dock-minimizing-on-macos]() --- modules/system/defaults/dock.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'modules') diff --git a/modules/system/defaults/dock.nix b/modules/system/defaults/dock.nix index 7fda0da..55199c4 100644 --- a/modules/system/defaults/dock.nix +++ b/modules/system/defaults/dock.nix @@ -147,6 +147,14 @@ in { ''; }; + system.defaults.dock.slow-motion-allowed = mkOption { + type = types.nullOr types.bool; + default = null; + description = lib.mdDoc '' + Allow for slow-motion minimize effect while holding Shift key. The default is false. + ''; + }; + system.defaults.dock.static-only = mkOption { type = types.nullOr types.bool; default = null; -- cgit v1.2.3 From a42623df7afe1a78debd0e2e4468c46c84ae0149 Mon Sep 17 00:00:00 2001 From: isabel Date: Mon, 30 Sep 2024 15:12:13 +0100 Subject: fix: remove deprecated lib.mdDoc --- modules/system/defaults/dock.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/defaults/dock.nix b/modules/system/defaults/dock.nix index 370d60b..5c4a470 100644 --- a/modules/system/defaults/dock.nix +++ b/modules/system/defaults/dock.nix @@ -176,7 +176,7 @@ in { system.defaults.dock.slow-motion-allowed = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Allow for slow-motion minimize effect while holding Shift key. The default is false. ''; }; -- cgit v1.2.3 From af95f7b7ec80811cd5662d6b08b45f0160c85d1d Mon Sep 17 00:00:00 2001 From: aspauldingcode Date: Sun, 29 Sep 2024 17:29:14 -0600 Subject: add JankyBorders option order and set below by default (values: above/below) --- modules/services/jankyborders/default.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/services/jankyborders/default.nix b/modules/services/jankyborders/default.nix index 92ec1a1..0af6d15 100644 --- a/modules/services/jankyborders/default.nix +++ b/modules/services/jankyborders/default.nix @@ -80,6 +80,15 @@ in { ''; }; + order = mkOption { + type = types.str; + default = "below"; + example = "above"; + description = '' + Specifies whether borders should be drawn above or below windows. + ''; + }; + blur_radius = mkOption { type = types.float; default = 0.0; @@ -149,7 +158,8 @@ in { else "off" )) ++ (optionalArg "blacklist" (joinStrings cfg.blacklist)) - ++ (optionalArg "whitelist" (joinStrings cfg.whitelist)); + ++ (optionalArg "whitelist" (joinStrings cfg.whitelist)) + ++ (optionalArg "order" cfg.order); serviceConfig.KeepAlive = true; serviceConfig.RunAtLoad = true; }; -- cgit v1.2.3 From 5cd9995215f0bc183811f0e4be017afa9a9a5e56 Mon Sep 17 00:00:00 2001 From: "Alex S." Date: Wed, 2 Oct 2024 10:38:08 -0600 Subject: Update modules/services/jankyborders/default.nix Co-authored-by: Michael Hoang --- modules/services/jankyborders/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/services/jankyborders/default.nix b/modules/services/jankyborders/default.nix index 0af6d15..cb7ab1e 100644 --- a/modules/services/jankyborders/default.nix +++ b/modules/services/jankyborders/default.nix @@ -81,7 +81,7 @@ in { }; order = mkOption { - type = types.str; + type = types.enum [ "above" "below" ]; default = "below"; example = "above"; description = '' -- cgit v1.2.3 From 239d802869a30bb45d4403e8f63a57a61f6910d9 Mon Sep 17 00:00:00 2001 From: Rohit Singh Date: Thu, 3 Oct 2024 23:42:10 +0530 Subject: netdata: add netdata service in nix-darwin. --- modules/module-list.nix | 1 + modules/services/monitoring/netdata.nix | 55 +++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 modules/services/monitoring/netdata.nix (limited to 'modules') diff --git a/modules/module-list.nix b/modules/module-list.nix index 0b62158..c709964 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -69,6 +69,7 @@ ./services/mail/offlineimap.nix ./services/mopidy.nix ./services/monitoring/telegraf.nix + ./services/monitoring/netdata.nix ./services/netbird.nix ./services/nix-daemon.nix ./services/nix-gc diff --git a/modules/services/monitoring/netdata.nix b/modules/services/monitoring/netdata.nix new file mode 100644 index 0000000..da0809c --- /dev/null +++ b/modules/services/monitoring/netdata.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: +with lib; +let + cfg = config.services.netdata; + +in { + meta.maintainers = [ lib.maintainers.rsrohitsingh682 or "rsrohitsingh682" ]; + + options = { + services.netdata = { + enable = mkEnableOption "Netdata daemon"; + + package = lib.mkPackageOption pkgs "netdata" {}; + + config = mkOption { + type = types.lines; + default = ""; + description = "Custom configuration for Netdata"; + }; + + workDir = mkOption { + type = types.path; + default = "/var/lib/netdata"; + description = "Working directory for Netdata"; + }; + + logDir = mkOption { + type = types.path; + default = "/var/log/netdata"; + description = "Log directory for Netdata"; + }; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + + launchd.daemons.netdata = { + serviceConfig = { + Label = "netdata"; + KeepAlive = true; + WorkingDirectory = cfg.workDir; + StandardErrorPath = "${cfg.logDir}/netdata.log"; + StandardOutPath = "${cfg.logDir}/netdata.log"; + }; + command = lib.getExe cfg.package; + }; + + environment.etc."netdata/netdata.conf".text = cfg.config; + + system.activationScripts.preActivation.text = '' + mkdir -p ${cfg.workDir} + ''; + }; +} -- cgit v1.2.3 From c9fd4820d5e33422d2a9311898e098ba492dbd34 Mon Sep 17 00:00:00 2001 From: isabel Date: Mon, 30 Sep 2024 16:30:50 +0100 Subject: programs/bash: move to completion.* a port of https://github.com/NixOS/nixpkgs/pull/291552 for darwin --- modules/examples/hydra.nix | 2 +- modules/examples/lnl.nix | 2 +- modules/nix/default.nix | 2 +- modules/programs/bash/default.nix | 30 +++++++++++++++++++----------- 4 files changed, 22 insertions(+), 14 deletions(-) (limited to 'modules') diff --git a/modules/examples/hydra.nix b/modules/examples/hydra.nix index 15808d9..3160498 100644 --- a/modules/examples/hydra.nix +++ b/modules/examples/hydra.nix @@ -12,7 +12,7 @@ in { # Create /etc/bashrc that loads the nix-darwin environment. programs.bash.enable = true; - programs.bash.enableCompletion = false; + programs.bash.completion.enable = false; # Recreate /run/current-system symlink after boot. services.activate-system.enable = true; diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix index 96954d2..010dff5 100644 --- a/modules/examples/lnl.nix +++ b/modules/examples/lnl.nix @@ -199,7 +199,7 @@ # Dotfiles. # programs.vim.package = mkForce pkgs.lnl.vim; - programs.bash.enableCompletion = true; + programs.bash.completion.enable = true; programs.zsh.enable = true; programs.zsh.enableBashCompletion = true; diff --git a/modules/nix/default.nix b/modules/nix/default.nix index b91521a..6bce1e3 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -686,7 +686,7 @@ in nixPackage pkgs.nix-info ] - ++ optional (config.programs.bash.enableCompletion) pkgs.nix-bash-completions; + ++ optional (config.programs.bash.completion.enable) pkgs.nix-bash-completions; environment.etc."nix/nix.conf".source = nixConf; diff --git a/modules/programs/bash/default.nix b/modules/programs/bash/default.nix index 3abb3e8..2518c9c 100644 --- a/modules/programs/bash/default.nix +++ b/modules/programs/bash/default.nix @@ -7,6 +7,10 @@ let in { + imports = [ + (mkRenamedOptionModule [ "programs" "bash" "enableCompletion" ] [ "programs" "bash" "completion" "enable" ]) + ]; + options = { programs.bash.enable = mkOption { @@ -21,14 +25,18 @@ in type = types.lines; }; - programs.bash.enableCompletion = mkOption { - type = types.bool; - default = false; - description = '' - Enable bash completion for all interactive bash shells. + programs.bash.completion = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable bash completion for all interactive bash shells. + + NOTE: This doesn't work with bash 3.2, which is installed by default on macOS by Apple. + ''; + }; - NOTE. This doesn't work with bash 3.2, which is the default on macOS. - ''; + package = mkPackageOption pkgs "bash-completion" { }; }; }; @@ -38,9 +46,9 @@ in environment.systemPackages = [ # Include bash package pkgs.bashInteractive - ] ++ optional cfg.enableCompletion pkgs.bash-completion; + ] ++ optional cfg.completion.enable cfg.completion.package; - environment.pathsToLink = + environment.pathsToLink = optionals cfg.completion.enable [ "/etc/bash_completion.d" "/share/bash-completion/completions" ]; @@ -70,9 +78,9 @@ in ${config.environment.interactiveShellInit} ${cfg.interactiveShellInit} - ${optionalString cfg.enableCompletion '' + ${optionalString cfg.completion.enable '' if [ "$TERM" != "dumb" ]; then - source "${pkgs.bash-completion}/etc/profile.d/bash_completion.sh" + source "${cfg.completion.package}/etc/profile.d/bash_completion.sh" nullglobStatus=$(shopt -p nullglob) shopt -s nullglob -- cgit v1.2.3 From d32e6de094e87ba8eeef0be8c5696f7b14365af2 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Wed, 9 Oct 2024 21:57:33 +1100 Subject: defaults: don't output Dock PID --- modules/system/defaults-write.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/defaults-write.nix b/modules/system/defaults-write.nix index 827a7d3..c109767 100644 --- a/modules/system/defaults-write.nix +++ b/modules/system/defaults-write.nix @@ -113,7 +113,7 @@ in ${optionalString (length dock > 0) '' # Only restart Dock if current user is logged in - if pgrep -xu $UID Dock; then + if pgrep -xu $UID Dock >/dev/null; then echo >&2 "restarting Dock..." killall Dock || true fi -- cgit v1.2.3 From 6347a9dcd1e43b9a5d43b837cfa4ca0073c2eb0e Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 14 Oct 2024 17:18:08 +1100 Subject: skhd: add `skhd` to `PATH` --- modules/services/skhd/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/services/skhd/default.nix b/modules/services/skhd/default.nix index 72b52d4..1f5d0cf 100644 --- a/modules/services/skhd/default.nix +++ b/modules/services/skhd/default.nix @@ -29,6 +29,7 @@ in }; config = mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; environment.etc."skhdrc".text = cfg.skhdConfig; -- cgit v1.2.3 From 72e93853c2d16d1ce04a5e8eee6695e2493ca80d Mon Sep 17 00:00:00 2001 From: Nick Hu Date: Sun, 13 Oct 2024 12:52:55 +0100 Subject: module: add aerospace service --- modules/module-list.nix | 1 + modules/services/aerospace/default.nix | 156 +++++++++++++++++++++++++++++++++ 2 files changed, 157 insertions(+) create mode 100644 modules/services/aerospace/default.nix (limited to 'modules') diff --git a/modules/module-list.nix b/modules/module-list.nix index 3280682..6604eb9 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -52,6 +52,7 @@ ./fonts ./launchd ./services/activate-system + ./services/aerospace ./services/autossh.nix ./services/buildkite-agents.nix ./services/chunkwm.nix diff --git a/modules/services/aerospace/default.nix b/modules/services/aerospace/default.nix new file mode 100644 index 0000000..efbe9a1 --- /dev/null +++ b/modules/services/aerospace/default.nix @@ -0,0 +1,156 @@ +{ + config, + lib, + pkgs, + ... +}: + +with lib; + +let + cfg = config.services.aerospace; + + format = pkgs.formats.toml { }; + configFile = format.generate "aerospace.toml" cfg.settings; +in + +{ + options = with types; { + services.aerospace = { + enable = mkEnableOption "AeroSpace window manager"; + + package = mkOption { + type = types.path; + default = pkgs.aerospace; + description = "The AeroSpace package to use."; + }; + + settings = mkOption { + type = submodule { + freeformType = format.type; + options = { + start-at-login = mkOption { + type = addCheck bool (b: !false || !cfg.enable); + default = false; + description = "Do not start AeroSpace at login. (Managed by launchd instead)"; + }; + after-login-command = mkOption { + type = addCheck (listOf str) (l: l == [ ] || !cfg.enable); + default = [ ]; + description = "Do not use AeroSpace to run commands after login. (Managed by launchd instead)"; + }; + after-startup-command = mkOption { + type = addCheck (listOf str) (l: l == [ ] || !cfg.enable); + default = [ ]; + description = "Do not use AeroSpace to run commands after startup. (Managed by launchd instead)"; + }; + enable-normalization-flatten-containers = mkOption { + type = bool; + default = true; + description = "Containers that have only one child are \"flattened\"."; + }; + enable-normalization-opposite-orientation-for-nested-containers = mkOption { + type = bool; + default = true; + description = "Containers that nest into each other must have opposite orientations."; + }; + accordion-padding = mkOption { + type = int; + default = 30; + description = "Padding between windows in an accordion container."; + }; + default-root-container-layout = mkOption { + type = enum [ + "tiles" + "accordion" + ]; + default = "tiles"; + description = "Default layout for the root container."; + }; + default-root-container-orientation = mkOption { + type = enum [ + "horizontal" + "vertical" + "auto" + ]; + default = "auto"; + description = "Default orientation for the root container."; + }; + on-window-detected = mkOption { + type = listOf str; + default = [ ]; + description = "Commands to run every time a new window is detected."; + }; + on-focus-changed = mkOption { + type = listOf str; + default = [ ]; + description = "Commands to run every time focused window or workspace changes."; + }; + on-focused-monitor-changed = mkOption { + type = listOf str; + default = [ "move-mouse monitor-lazy-center" ]; + description = "Commands to run every time focused monitor changes."; + }; + exec-on-workspace-change = mkOption { + type = listOf str; + default = [ ]; + example = [ + "/bin/bash" + "-c" + "sketchybar --trigger aerospace_workspace_change FOCUSED=$AEROSPACE_FOCUSED_WORKSPACE" + ]; + description = "Commands to run every time workspace changes."; + }; + key-mapping.preset = mkOption { + type = enum [ + "qwerty" + "dvorak" + ]; + default = "qwerty"; + description = "Keymapping preset."; + }; + }; + }; + default = { }; + example = literalExpression '' + { + gaps = { + outer.left = 8; + outer.bottom = 8; + outer.top = 8; + outer.right = 8; + }; + mode.main.binding = { + alt-h = "focus left"; + alt-j = "focus down"; + alt-k = "focus up"; + alt-l = "focus right"; + }; + } + ''; + description = '' + AeroSpace configuration, see + + for supported values. + ''; + }; + }; + }; + + config = mkMerge [ + (mkIf (cfg.enable) { + environment.systemPackages = [ cfg.package ]; + + launchd.user.agents.aerospace.serviceConfig = { + ProgramArguments = + [ "${cfg.package}/Applications/AeroSpace.app/Contents/MacOS/AeroSpace" ] + ++ optionals (cfg.settings != { }) [ + "--config-path" + "${configFile}" + ]; + KeepAlive = true; + RunAtLoad = true; + }; + }) + ]; +} -- cgit v1.2.3 From 7ebf95a73e3b54e0f9c48f50fde29e96257417ac Mon Sep 17 00:00:00 2001 From: Nick Hu Date: Thu, 17 Oct 2024 23:30:31 +0100 Subject: style fixes --- modules/services/aerospace/default.nix | 89 ++++++++++++++++++---------------- 1 file changed, 48 insertions(+), 41 deletions(-) (limited to 'modules') diff --git a/modules/services/aerospace/default.nix b/modules/services/aerospace/default.nix index efbe9a1..50d47b3 100644 --- a/modules/services/aerospace/default.nix +++ b/modules/services/aerospace/default.nix @@ -5,8 +5,6 @@ ... }: -with lib; - let cfg = config.services.aerospace; @@ -15,51 +13,47 @@ let in { - options = with types; { - services.aerospace = { - enable = mkEnableOption "AeroSpace window manager"; + options = { + services.aerospace = with lib.types; { + enable = lib.mkEnableOption "AeroSpace window manager"; - package = mkOption { - type = types.path; - default = pkgs.aerospace; - description = "The AeroSpace package to use."; - }; + package = lib.mkPackageOption pkgs "aerospace" { }; - settings = mkOption { + settings = lib.mkOption { type = submodule { freeformType = format.type; options = { - start-at-login = mkOption { - type = addCheck bool (b: !false || !cfg.enable); + start-at-login = lib.mkOption { + type = bool; default = false; description = "Do not start AeroSpace at login. (Managed by launchd instead)"; }; - after-login-command = mkOption { - type = addCheck (listOf str) (l: l == [ ] || !cfg.enable); + after-login-command = lib.mkOption { + type = listOf str; default = [ ]; description = "Do not use AeroSpace to run commands after login. (Managed by launchd instead)"; }; - after-startup-command = mkOption { - type = addCheck (listOf str) (l: l == [ ] || !cfg.enable); + after-startup-command = lib.mkOption { + type = listOf str; default = [ ]; description = "Do not use AeroSpace to run commands after startup. (Managed by launchd instead)"; }; - enable-normalization-flatten-containers = mkOption { + enable-normalization-flatten-containers = lib.mkOption { type = bool; default = true; description = "Containers that have only one child are \"flattened\"."; }; - enable-normalization-opposite-orientation-for-nested-containers = mkOption { + enable-normalization-opposite-orientation-for-nested-containers = lib.mkOption { type = bool; default = true; description = "Containers that nest into each other must have opposite orientations."; }; - accordion-padding = mkOption { + accordion-padding = lib.mkOption { type = int; default = 30; description = "Padding between windows in an accordion container."; }; - default-root-container-layout = mkOption { + default-root-container-layout = lib.mkOption { type = enum [ "tiles" "accordion" @@ -67,7 +61,7 @@ in default = "tiles"; description = "Default layout for the root container."; }; - default-root-container-orientation = mkOption { + default-root-container-orientation = lib.mkOption { type = enum [ "horizontal" "vertical" @@ -76,22 +70,22 @@ in default = "auto"; description = "Default orientation for the root container."; }; - on-window-detected = mkOption { + on-window-detected = lib.mkOption { type = listOf str; default = [ ]; description = "Commands to run every time a new window is detected."; }; - on-focus-changed = mkOption { + on-focus-changed = lib.mkOption { type = listOf str; default = [ ]; description = "Commands to run every time focused window or workspace changes."; }; - on-focused-monitor-changed = mkOption { + on-focused-monitor-changed = lib.mkOption { type = listOf str; default = [ "move-mouse monitor-lazy-center" ]; description = "Commands to run every time focused monitor changes."; }; - exec-on-workspace-change = mkOption { + exec-on-workspace-change = lib.mkOption { type = listOf str; default = [ ]; example = [ @@ -101,7 +95,7 @@ in ]; description = "Commands to run every time workspace changes."; }; - key-mapping.preset = mkOption { + key-mapping.preset = lib.mkOption { type = enum [ "qwerty" "dvorak" @@ -112,7 +106,7 @@ in }; }; default = { }; - example = literalExpression '' + example = lib.literalExpression '' { gaps = { outer.left = 8; @@ -137,20 +131,33 @@ in }; }; - config = mkMerge [ - (mkIf (cfg.enable) { + config = ( + lib.mkIf (cfg.enable) { + assertions = [ + { + assertion = !cfg.settings.start-at-login; + message = "AeroSpace started at login is managed by home-manager and launchd instead of itself via this option."; + } + { + assertion = cfg.settings.after-login-command == [ ]; + message = "AeroSpace will not run these commands as it does not start itself."; + } + { + assertion = cfg.settings.after-startup-command == [ ]; + message = "AeroSpace will not run these commands as it does not start itself."; + } + ]; environment.systemPackages = [ cfg.package ]; - launchd.user.agents.aerospace.serviceConfig = { - ProgramArguments = - [ "${cfg.package}/Applications/AeroSpace.app/Contents/MacOS/AeroSpace" ] - ++ optionals (cfg.settings != { }) [ - "--config-path" - "${configFile}" - ]; - KeepAlive = true; - RunAtLoad = true; + launchd.user.agents.aerospace = { + command = + "${cfg.package}/Applications/AeroSpace.app/Contents/MacOS/AeroSpace" + + (lib.optionalString (cfg.settings != { }) " --config-path ${configFile}"); + serviceConfig = { + KeepAlive = true; + RunAtLoad = true; + }; }; - }) - ]; + } + ); } -- cgit v1.2.3 From 2788e4fa981566e34fa40938705cd7f595f05e74 Mon Sep 17 00:00:00 2001 From: Andrew Lubawy Date: Mon, 17 Jun 2024 11:56:58 -0700 Subject: Use `sysadminctl` instead of `dscl` Co-authored-by: Michael Hoang --- modules/users/default.nix | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index cd0986d..ead996c 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -147,28 +147,28 @@ in ${concatMapStringsSep "\n" (v: '' ${optionalString cfg.forceRecreate '' - u=$(dscl . -read '/Users/${v.name}' UniqueID 2> /dev/null) || true - u=''${u#UniqueID: } + u=$(id -u '${v.name}' 2> /dev/null) || true if [[ "$u" -eq ${toString v.uid} ]]; then echo "deleting user ${v.name}..." >&2 - dscl . -delete '/Users/${v.name}' 2> /dev/null + sysadminctl -deleteUser '${v.name}' 2> /dev/null else echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2 fi ''} - u=$(dscl . -read '/Users/${v.name}' UniqueID 2> /dev/null) || true - u=''${u#UniqueID: } + u=$(id -u '${v.name}' 2> /dev/null) || true if [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2 else if [ -z "$u" ]; then echo "creating user ${v.name}..." >&2 - dscl . -create '/Users/${v.name}' UniqueID ${toString v.uid} - dscl . -create '/Users/${v.name}' PrimaryGroupID ${toString v.gid} + sysadminctl -addUser '${v.name}' \ + -UID ${toString v.uid} \ + -GID ${toString v.gid} \ + -fullName '${v.description}' \ + -home '${v.home}' \ + -shell ${lib.escapeShellArg (shellPath v.shell)} dscl . -create '/Users/${v.name}' IsHidden ${if v.isHidden then "1" else "0"} - dscl . -create '/Users/${v.name}' RealName '${v.description}' - dscl . -create '/Users/${v.name}' NFSHomeDirectory '${v.home}' ${optionalString v.createHome "createhomedir -cu '${v.name}'"} fi # Always set the shell path, in case it was updated @@ -177,12 +177,11 @@ in '') createdUsers} ${concatMapStringsSep "\n" (name: '' - u=$(dscl . -read '/Users/${name}' UniqueID 2> /dev/null) || true - u=''${u#UniqueID: } + u=$(id -u '${name}' 2> /dev/null) || true if [ -n "$u" ]; then if [ "$u" -gt 501 ]; then echo "deleting user ${name}..." >&2 - dscl . -delete '/Users/${name}' 2> /dev/null + sysadminctl -deleteUser '${name}' 2> /dev/null else echo "warning: existing user '${name}' has unexpected uid $u, skipping..." >&2 fi -- cgit v1.2.3 From 5b873c48ace1ee08186d88288cf4f565202c0f28 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 19 Oct 2024 16:13:33 +1100 Subject: users: set `default` for `users.users..name` --- modules/users/group.nix | 13 ++++--------- modules/users/user.nix | 13 ++++--------- 2 files changed, 8 insertions(+), 18 deletions(-) (limited to 'modules') diff --git a/modules/users/group.nix b/modules/users/group.nix index 0e74085..da3feb1 100644 --- a/modules/users/group.nix +++ b/modules/users/group.nix @@ -1,11 +1,12 @@ { name, lib, ... }: -with lib; - { - options = { + options = let + inherit (lib) mkOption types; + in { name = mkOption { type = types.str; + default = name; description = '' The group's name. If undefined, the name of the attribute set will be used. @@ -29,10 +30,4 @@ with lib; description = "The group's description."; }; }; - - config = { - - name = mkDefault name; - - }; } diff --git a/modules/users/user.nix b/modules/users/user.nix index 4e3f1c9..363c300 100644 --- a/modules/users/user.nix +++ b/modules/users/user.nix @@ -1,11 +1,12 @@ { name, lib, ... }: -with lib; - { - options = { + options = let + inherit (lib) literalExpression mkOption types; + in { name = mkOption { type = types.str; + default = name; description = '' The name of the user account. If undefined, the name of the attribute set will be used. @@ -75,10 +76,4 @@ with lib; ''; }; }; - - config = { - - name = mkDefault name; - - }; } -- cgit v1.2.3 From 9a6b12b9ef35cf4ac4970f94791b3dd734c0da96 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 22 Oct 2024 06:58:23 +1100 Subject: users: use `lib.escapeShellArg` for `id -u` --- modules/users/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index ead996c..ffceb9b 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -147,7 +147,7 @@ in ${concatMapStringsSep "\n" (v: '' ${optionalString cfg.forceRecreate '' - u=$(id -u '${v.name}' 2> /dev/null) || true + u=$(id -u ${lib.escapeShellArg v.name} 2> /dev/null) || true if [[ "$u" -eq ${toString v.uid} ]]; then echo "deleting user ${v.name}..." >&2 sysadminctl -deleteUser '${v.name}' 2> /dev/null @@ -156,7 +156,7 @@ in fi ''} - u=$(id -u '${v.name}' 2> /dev/null) || true + u=$(id -u ${lib.escapeShellArg v.name} 2> /dev/null) || true if [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2 else @@ -177,7 +177,7 @@ in '') createdUsers} ${concatMapStringsSep "\n" (name: '' - u=$(id -u '${name}' 2> /dev/null) || true + u=$(id -u ${lib.escapeShellArg name} 2> /dev/null) || true if [ -n "$u" ]; then if [ "$u" -gt 501 ]; then echo "deleting user ${name}..." >&2 -- cgit v1.2.3 From cb2e5fa6c5d99c581f9669e66e61ac1585ab56ad Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 22 Oct 2024 07:05:10 +1100 Subject: users: use `lib.escapeShellArg` for `sysadminctl -deleteUser` --- modules/users/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index ffceb9b..83a6084 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -150,7 +150,7 @@ in u=$(id -u ${lib.escapeShellArg v.name} 2> /dev/null) || true if [[ "$u" -eq ${toString v.uid} ]]; then echo "deleting user ${v.name}..." >&2 - sysadminctl -deleteUser '${v.name}' 2> /dev/null + sysadminctl -deleteUser ${lib.escapeShellArg v.name} 2> /dev/null else echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2 fi @@ -181,7 +181,7 @@ in if [ -n "$u" ]; then if [ "$u" -gt 501 ]; then echo "deleting user ${name}..." >&2 - sysadminctl -deleteUser '${name}' 2> /dev/null + sysadminctl -deleteUser ${lib.escapeShellArg name} 2> /dev/null else echo "warning: existing user '${name}' has unexpected uid $u, skipping..." >&2 fi -- cgit v1.2.3 From 26f7e45fb117171c9e8b27a34cfccb91ef50f068 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 22 Oct 2024 09:29:56 +1100 Subject: users: use `lib.escapeShellArgs` for `sysadminctl -addUser` --- modules/users/default.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 83a6084..f43b139 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -162,12 +162,7 @@ in else if [ -z "$u" ]; then echo "creating user ${v.name}..." >&2 - sysadminctl -addUser '${v.name}' \ - -UID ${toString v.uid} \ - -GID ${toString v.gid} \ - -fullName '${v.description}' \ - -home '${v.home}' \ - -shell ${lib.escapeShellArg (shellPath v.shell)} + sysadminctl -addUser ${lib.escapeShellArgs [ v.name "-UID" v.uid "-GID" v.gid "-fullName" v.description "-home" v.home "-shell" (shellPath v.shell) ]} dscl . -create '/Users/${v.name}' IsHidden ${if v.isHidden then "1" else "0"} ${optionalString v.createHome "createhomedir -cu '${v.name}'"} fi -- cgit v1.2.3 From 7bb6366f40dd4ef6efe3223e6dffb3dd7f8dea66 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 22 Oct 2024 09:43:19 +1100 Subject: users: use `lib.escapeShellArgs` instead of custom version --- modules/users/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index f43b139..90e5534 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -8,7 +8,6 @@ let group = import ./group.nix; user = import ./user.nix; - toArguments = concatMapStringsSep " " (v: "'${v}'"); toGID = v: { "${toString v.gid}" = v.name; }; toUID = v: { "${toString v.uid}" = v.name; }; @@ -121,7 +120,7 @@ in g=$(dscl . -read '/Groups/${v.name}' GroupMembership 2> /dev/null) || true if [ "$g" != 'GroupMembership: ${concatStringsSep " " v.members}' ]; then echo "updating group members ${v.name}..." >&2 - dscl . -create '/Groups/${v.name}' GroupMembership ${toArguments v.members} + dscl . -create '/Groups/${v.name}' GroupMembership ${lib.escapeShellArgs v.members} fi else echo "warning: existing group '${v.name}' has unexpected gid $g, skipping..." >&2 -- cgit v1.2.3 From 7a3ec6459c4394767ebcc136c0da0bb0c73d76ed Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 22 Oct 2024 09:34:25 +1100 Subject: networking: use `lib.escapeShellArgs` instead of custom version --- modules/networking/default.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/networking/default.nix b/modules/networking/default.nix index 1065c26..099c705 100644 --- a/modules/networking/default.nix +++ b/modules/networking/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: with lib; @@ -8,15 +8,14 @@ let hostnameRegEx = ''^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$''; emptyList = lst: if lst != [] then lst else ["empty"]; - quoteStrings = concatMapStringsSep " " (str: "'${str}'"); setNetworkServices = optionalString (cfg.knownNetworkServices != []) '' networkservices=$(networksetup -listallnetworkservices) ${concatMapStringsSep "\n" (srv: '' case "$networkservices" in - *'${srv}'*) - networksetup -setdnsservers '${srv}' ${quoteStrings (emptyList cfg.dns)} - networksetup -setsearchdomains '${srv}' ${quoteStrings (emptyList cfg.search)} + *${lib.escapeShellArg srv}*) + networksetup -setdnsservers ${lib.escapeShellArgs ([ srv ] ++ (emptyList cfg.dns))} + networksetup -setsearchdomains ${lib.escapeShellArgs ([ srv ] ++ (emptyList cfg.search))} ;; esac '') cfg.knownNetworkServices} -- cgit v1.2.3 From 8451125cf8eab07056da090a4616ce46a1952ff9 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 22 Oct 2024 10:08:41 +1100 Subject: users: use `lib.escapeShellArg` for `dscl` paths --- modules/users/default.nix | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 90e5534..f57dfa5 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -95,45 +95,49 @@ in system.activationScripts.groups.text = mkIf (cfg.knownGroups != []) '' echo "setting up groups..." >&2 - ${concatMapStringsSep "\n" (v: '' + ${concatMapStringsSep "\n" (v: let + dsclGroup = lib.escapeShellArg "/Groups/${v.name}"; + in '' ${optionalString cfg.forceRecreate '' - g=$(dscl . -read '/Groups/${v.name}' PrimaryGroupID 2> /dev/null) || true + g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true g=''${g#PrimaryGroupID: } if [[ "$g" -eq ${toString v.gid} ]]; then echo "deleting group ${v.name}..." >&2 - dscl . -delete '/Groups/${v.name}' 2> /dev/null + dscl . -delete ${dsclGroup} 2> /dev/null else echo "warning: existing group '${v.name}' has unexpected gid $g, skipping..." >&2 fi ''} - g=$(dscl . -read '/Groups/${v.name}' PrimaryGroupID 2> /dev/null) || true + g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true g=''${g#PrimaryGroupID: } if [ -z "$g" ]; then echo "creating group ${v.name}..." >&2 - dscl . -create '/Groups/${v.name}' PrimaryGroupID ${toString v.gid} - dscl . -create '/Groups/${v.name}' RealName '${v.description}' + dscl . -create ${dsclGroup} PrimaryGroupID ${toString v.gid} + dscl . -create ${dsclGroup} RealName '${v.description}' g=${toString v.gid} fi if [ "$g" -eq ${toString v.gid} ]; then - g=$(dscl . -read '/Groups/${v.name}' GroupMembership 2> /dev/null) || true + g=$(dscl . -read ${dsclGroup} GroupMembership 2> /dev/null) || true if [ "$g" != 'GroupMembership: ${concatStringsSep " " v.members}' ]; then echo "updating group members ${v.name}..." >&2 - dscl . -create '/Groups/${v.name}' GroupMembership ${lib.escapeShellArgs v.members} + dscl . -create ${dsclGroup} GroupMembership ${lib.escapeShellArgs v.members} fi else echo "warning: existing group '${v.name}' has unexpected gid $g, skipping..." >&2 fi '') createdGroups} - ${concatMapStringsSep "\n" (name: '' - g=$(dscl . -read '/Groups/${name}' PrimaryGroupID 2> /dev/null) || true + ${concatMapStringsSep "\n" (name: let + dsclGroup = lib.escapeShellArg "/Groups/${name}"; + in '' + g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true g=''${g#PrimaryGroupID: } if [ -n "$g" ]; then if [ "$g" -gt 501 ]; then echo "deleting group ${name}..." >&2 - dscl . -delete '/Groups/${name}' 2> /dev/null + dscl . -delete ${dsclGroup} 2> /dev/null else echo "warning: existing group '${name}' has unexpected gid $g, skipping..." >&2 fi @@ -144,7 +148,9 @@ in system.activationScripts.users.text = mkIf (cfg.knownUsers != []) '' echo "setting up users..." >&2 - ${concatMapStringsSep "\n" (v: '' + ${concatMapStringsSep "\n" (v: let + dsclUser = lib.escapeShellArg "/Users/${v.name}"; + in '' ${optionalString cfg.forceRecreate '' u=$(id -u ${lib.escapeShellArg v.name} 2> /dev/null) || true if [[ "$u" -eq ${toString v.uid} ]]; then @@ -162,11 +168,11 @@ in if [ -z "$u" ]; then echo "creating user ${v.name}..." >&2 sysadminctl -addUser ${lib.escapeShellArgs [ v.name "-UID" v.uid "-GID" v.gid "-fullName" v.description "-home" v.home "-shell" (shellPath v.shell) ]} - dscl . -create '/Users/${v.name}' IsHidden ${if v.isHidden then "1" else "0"} + dscl . -create ${dsclUser} IsHidden ${if v.isHidden then "1" else "0"} ${optionalString v.createHome "createhomedir -cu '${v.name}'"} fi # Always set the shell path, in case it was updated - dscl . -create '/Users/${v.name}' UserShell ${lib.escapeShellArg (shellPath v.shell)} + dscl . -create ${dsclUser} UserShell ${lib.escapeShellArg (shellPath v.shell)} fi '') createdUsers} -- cgit v1.2.3 From ea7e178ad4113c2134c5b734e3198ebbc591af0b Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 22 Oct 2024 10:20:43 +1100 Subject: users: use `lib.escapeShellArg` for `createhomedir` --- modules/users/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index f57dfa5..08785be 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -149,19 +149,20 @@ in echo "setting up users..." >&2 ${concatMapStringsSep "\n" (v: let + name = lib.escapeShellArg v.name; dsclUser = lib.escapeShellArg "/Users/${v.name}"; in '' ${optionalString cfg.forceRecreate '' - u=$(id -u ${lib.escapeShellArg v.name} 2> /dev/null) || true + u=$(id -u ${name} 2> /dev/null) || true if [[ "$u" -eq ${toString v.uid} ]]; then echo "deleting user ${v.name}..." >&2 - sysadminctl -deleteUser ${lib.escapeShellArg v.name} 2> /dev/null + sysadminctl -deleteUser ${name} 2> /dev/null else echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2 fi ''} - u=$(id -u ${lib.escapeShellArg v.name} 2> /dev/null) || true + u=$(id -u ${name} 2> /dev/null) || true if [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2 else @@ -169,7 +170,7 @@ in echo "creating user ${v.name}..." >&2 sysadminctl -addUser ${lib.escapeShellArgs [ v.name "-UID" v.uid "-GID" v.gid "-fullName" v.description "-home" v.home "-shell" (shellPath v.shell) ]} dscl . -create ${dsclUser} IsHidden ${if v.isHidden then "1" else "0"} - ${optionalString v.createHome "createhomedir -cu '${v.name}'"} + ${optionalString v.createHome "createhomedir -cu ${name}"} fi # Always set the shell path, in case it was updated dscl . -create ${dsclUser} UserShell ${lib.escapeShellArg (shellPath v.shell)} -- cgit v1.2.3 From ac7932f9de36b8126abcb9d4966d5d95fcadd807 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 22 Oct 2024 10:24:06 +1100 Subject: users: use `lib.escapeShellArg` for group description --- modules/users/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 08785be..9f906b3 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -114,7 +114,7 @@ in if [ -z "$g" ]; then echo "creating group ${v.name}..." >&2 dscl . -create ${dsclGroup} PrimaryGroupID ${toString v.gid} - dscl . -create ${dsclGroup} RealName '${v.description}' + dscl . -create ${dsclGroup} RealName ${lib.escapeShellArg v.description} g=${toString v.gid} fi -- cgit v1.2.3 From 11c777c7198f4cfcd55fe81646e503c58ceb9f4a Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 22 Oct 2024 10:24:06 +1100 Subject: users: change default `description` to `null` --- modules/users/default.nix | 2 +- modules/users/user.nix | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 9f906b3..e9e3ac4 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -168,7 +168,7 @@ in else if [ -z "$u" ]; then echo "creating user ${v.name}..." >&2 - sysadminctl -addUser ${lib.escapeShellArgs [ v.name "-UID" v.uid "-GID" v.gid "-fullName" v.description "-home" v.home "-shell" (shellPath v.shell) ]} + sysadminctl -addUser ${lib.escapeShellArgs ([ v.name "-UID" v.uid "-GID" v.gid ] ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) ++ [ "-home" v.home "-shell" (shellPath v.shell) ])} dscl . -create ${dsclUser} IsHidden ${if v.isHidden then "1" else "0"} ${optionalString v.createHome "createhomedir -cu ${name}"} fi diff --git a/modules/users/user.nix b/modules/users/user.nix index 363c300..1a8e877 100644 --- a/modules/users/user.nix +++ b/modules/users/user.nix @@ -14,12 +14,18 @@ }; description = mkOption { - type = types.str; - default = ""; + type = types.nullOr types.nonEmptyStr; + default = null; example = "Alice Q. User"; description = '' A short description of the user account, typically the user's full name. + + This defaults to `null` which means, on creation, `sysadminctl` + will pick the description which is usually always {option}`name`. + + Using an empty name is not supported and breaks macOS like + making the user not appear in Directory Utility. ''; }; -- cgit v1.2.3 From 0a686597faa81831e027505b149dd77b2524ab18 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 22 Oct 2024 19:49:13 +1100 Subject: users: don't allow `name` to be empty --- modules/users/user.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/users/user.nix b/modules/users/user.nix index 1a8e877..a0c8aab 100644 --- a/modules/users/user.nix +++ b/modules/users/user.nix @@ -5,7 +5,7 @@ inherit (lib) literalExpression mkOption types; in { name = mkOption { - type = types.str; + type = types.nonEmptyStr; default = name; description = '' The name of the user account. If undefined, the name of the -- cgit v1.2.3 From 8c02940d702170feea7947f768aa807c11b65a41 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 22 Oct 2024 22:38:17 +1100 Subject: users: ensure Full Disk Access is granted before trying to delete users --- modules/users/default.nix | 40 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index e9e3ac4..ce77d4d 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -148,6 +148,42 @@ in system.activationScripts.users.text = mkIf (cfg.knownUsers != []) '' echo "setting up users..." >&2 + deleteUser() { + fullDiskAccess=false + + if cat /Library/Preferences/com.apple.TimeMachine.plist > /dev/null 2>&1; then + fullDiskAccess=true + fi + + if [[ "$fullDiskAccess" != true ]]; then + printf >&2 '\e[1;31merror: users cannot be deleted without Full Disk Access, aborting activation\e[0m\n' + printf >&2 'The user %s could not be deleted as `darwin-rebuild` was not executed with Full Disk Access.' "$1" + + printf >&2 'Opening "Privacy & Security" > "Full Disk Access" in System Settings\n' + printf >&2 '\n' + # This command will fail if run as root and System Settings is already running + # even if System Settings was launched by root. + sudo -u $SUDO_USER open "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles" + + if [[ -n "$SSH_CONNECTION" ]]; then + printf >&2 'Please enable Full Disk Access for programs over SSH by flipping\n' + printf >&2 'the switch for `sshd-keygen-wrapper`.\n' + else + printf >&2 'Please enable Full Disk Access for your terminal emulator by flipping\n' + printf >&2 'the switch in System Settings.\n' + fi + + exit 1 + fi + + sysadminctl -deleteUser "$1" 2> /dev/null + + if id -u "$1" > /dev/null 2>&1; then + printf >&2 '\e[1;31merror: failed to delete user %s, aborting activation\e[0m\n', "$1" + exit 1 + fi + } + ${concatMapStringsSep "\n" (v: let name = lib.escapeShellArg v.name; dsclUser = lib.escapeShellArg "/Users/${v.name}"; @@ -156,7 +192,7 @@ in u=$(id -u ${name} 2> /dev/null) || true if [[ "$u" -eq ${toString v.uid} ]]; then echo "deleting user ${v.name}..." >&2 - sysadminctl -deleteUser ${name} 2> /dev/null + deleteUser ${name} else echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2 fi @@ -182,7 +218,7 @@ in if [ -n "$u" ]; then if [ "$u" -gt 501 ]; then echo "deleting user ${name}..." >&2 - sysadminctl -deleteUser ${lib.escapeShellArg name} 2> /dev/null + deleteUser ${lib.escapeShellArg name} else echo "warning: existing user '${name}' has unexpected uid $u, skipping..." >&2 fi -- cgit v1.2.3 From bbe1917238b3ea22890e5aa3fe51ed6910ee9429 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 24 Oct 2024 14:14:15 +1100 Subject: users: ensure users' shells are installed --- modules/users/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index ce77d4d..e4be46a 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -31,6 +31,12 @@ let then "/run/current-system/sw${v.shellPath}" else v; + systemShells = + let + shells = mapAttrsToList (_: u: u.shell) cfg.users; + in + filter types.shellPackage.check shells; + in { @@ -226,6 +232,9 @@ in '') deletedUsers} ''; + # Install all the user shells + environment.systemPackages = systemShells; + environment.etc = mapAttrs' (name: { packages, ... }: { name = "profiles/per-user/${name}"; value.source = pkgs.buildEnv { -- cgit v1.2.3 From 467a0d3d0c27ed7e688c040281aced98d37120d2 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 24 Oct 2024 02:00:15 +1100 Subject: users: prevent deleting the user calling `darwin-rebuild` `sysadminctl -deleteUser` will only prevent you from deleting the current user if it's not the last admin and not the last secure token user, otherwise it will happily oblige. --- modules/users/default.nix | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index ce77d4d..e8a030b 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -149,6 +149,15 @@ in echo "setting up users..." >&2 deleteUser() { + # TODO: add `darwin.primaryUser` as well + if [[ "$1" == "$SUDO_USER" ]]; then + printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', "$1" + exit 1 + elif [[ "$1" == "root" ]]; then + printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n', "$1" + exit 1 + fi + fullDiskAccess=false if cat /Library/Preferences/com.apple.TimeMachine.plist > /dev/null 2>&1; then @@ -191,8 +200,15 @@ in ${optionalString cfg.forceRecreate '' u=$(id -u ${name} 2> /dev/null) || true if [[ "$u" -eq ${toString v.uid} ]]; then - echo "deleting user ${v.name}..." >&2 - deleteUser ${name} + # TODO: add `darwin.primaryUser` as well + if [[ ${name} == "$SUDO_USER" ]]; then + printf >&2 'warning: not going to recreate the user calling `darwin-rebuild` (%s), skipping...\n' "$SUDO_USER" + elif [[ ${name} == "root" ]]; then + printf >&2 'warning: not going to recreate root, skipping...\n' + else + printf >&2 'deleting user ${v.name}...\n' + deleteUser ${name} + fi else echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2 fi -- cgit v1.2.3 From 2be05de06ed8e634c839ad58ffb895d5bed98c0a Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 24 Oct 2024 12:44:45 +1100 Subject: users: add missing newlines for FDA prompt --- modules/users/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index e8a030b..1d7127a 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -166,8 +166,8 @@ in if [[ "$fullDiskAccess" != true ]]; then printf >&2 '\e[1;31merror: users cannot be deleted without Full Disk Access, aborting activation\e[0m\n' - printf >&2 'The user %s could not be deleted as `darwin-rebuild` was not executed with Full Disk Access.' "$1" - + printf >&2 'The user %s could not be deleted as `darwin-rebuild` was not executed with Full Disk Access.\n' "$1" + printf >&2 '\n' printf >&2 'Opening "Privacy & Security" > "Full Disk Access" in System Settings\n' printf >&2 '\n' # This command will fail if run as root and System Settings is already running -- cgit v1.2.3 From b702750226a86abb029440641bfa994ff650cf99 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 24 Oct 2024 13:13:52 +1100 Subject: users: ensure Full Disk Access is granted before trying to create users --- modules/users/default.nix | 43 +++++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 14 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 1d7127a..9227080 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -148,16 +148,7 @@ in system.activationScripts.users.text = mkIf (cfg.knownUsers != []) '' echo "setting up users..." >&2 - deleteUser() { - # TODO: add `darwin.primaryUser` as well - if [[ "$1" == "$SUDO_USER" ]]; then - printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', "$1" - exit 1 - elif [[ "$1" == "root" ]]; then - printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n', "$1" - exit 1 - fi - + requireFDA() { fullDiskAccess=false if cat /Library/Preferences/com.apple.TimeMachine.plist > /dev/null 2>&1; then @@ -165,8 +156,8 @@ in fi if [[ "$fullDiskAccess" != true ]]; then - printf >&2 '\e[1;31merror: users cannot be deleted without Full Disk Access, aborting activation\e[0m\n' - printf >&2 'The user %s could not be deleted as `darwin-rebuild` was not executed with Full Disk Access.\n' "$1" + printf >&2 '\e[1;31merror: users cannot be %s without Full Disk Access, aborting activation\e[0m\n' "$2" + printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access.\n' "$1" "$2" printf >&2 '\n' printf >&2 'Opening "Privacy & Security" > "Full Disk Access" in System Settings\n' printf >&2 '\n' @@ -184,10 +175,24 @@ in exit 1 fi + } + + deleteUser() { + # FIXME: add `darwin.primaryUser` as well + if [[ "$1" == "$SUDO_USER" ]]; then + printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', "$1" + exit 1 + elif [[ "$1" == "root" ]]; then + printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n', "$1" + exit 1 + fi + + requireFDA "$1" deleted sysadminctl -deleteUser "$1" 2> /dev/null - if id -u "$1" > /dev/null 2>&1; then + # We need to check as `sysadminctl -deleteUser` still exits with exit code 0 when there's an error + if id "$1" &> /dev/null; then printf >&2 '\e[1;31merror: failed to delete user %s, aborting activation\e[0m\n', "$1" exit 1 fi @@ -220,7 +225,17 @@ in else if [ -z "$u" ]; then echo "creating user ${v.name}..." >&2 - sysadminctl -addUser ${lib.escapeShellArgs ([ v.name "-UID" v.uid "-GID" v.gid ] ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) ++ [ "-home" v.home "-shell" (shellPath v.shell) ])} + + requireFDA ${name} "created" + + sysadminctl -addUser ${lib.escapeShellArgs ([ v.name "-UID" v.uid "-GID" v.gid ] ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) ++ [ "-home" v.home "-shell" (shellPath v.shell) ])} 2> /dev/null + + # We need to check as `sysadminctl -addUser` still exits with exit code 0 when there's an error + if ! id ${name} &> /dev/null; then + printf >&2 '\e[1;31merror: failed to create user %s, aborting activation\e[0m\n' ${name} + exit 1 + fi + dscl . -create ${dsclUser} IsHidden ${if v.isHidden then "1" else "0"} ${optionalString v.createHome "createhomedir -cu ${name}"} fi -- cgit v1.2.3 From 5907cbbb31d9de387349efb825864a9ee598e6ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philip=20B=C3=B8rgesen?= Date: Sat, 18 Nov 2023 14:18:06 +0100 Subject: networking: Add wakeOnLan option --- modules/networking/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'modules') diff --git a/modules/networking/default.nix b/modules/networking/default.nix index 099c705..b53a9e4 100644 --- a/modules/networking/default.nix +++ b/modules/networking/default.nix @@ -9,6 +9,8 @@ let emptyList = lst: if lst != [] then lst else ["empty"]; + onOff = cond: if cond then "on" else "off"; + setNetworkServices = optionalString (cfg.knownNetworkServices != []) '' networkservices=$(networksetup -listallnetworkservices) ${concatMapStringsSep "\n" (srv: '' @@ -93,6 +95,16 @@ in default = []; description = "The list of search paths used when resolving domain names."; }; + + networking.wakeOnLan.enable = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Enable Wake-on-LAN for the device. + + Battery powered devices may require being connected to power. + ''; + }; }; config = { @@ -116,6 +128,10 @@ in ''} ${setNetworkServices} + + ${optionalString (cfg.wakeOnLan.enable != null) '' + systemsetup -setWakeOnNetworkAccess '${onOff cfg.wakeOnLan.enable}' &> /dev/null + ''} ''; }; -- cgit v1.2.3 From f737259769ef4722ed956bcaaab67509b96c23cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philip=20B=C3=B8rgesen?= Date: Sun, 19 Nov 2023 00:52:02 +0100 Subject: power,sleep: Add options to control restart and sleep behavior --- modules/module-list.nix | 2 + modules/power/default.nix | 47 ++++++++++++++++++++ modules/power/sleep.nix | 80 +++++++++++++++++++++++++++++++++++ modules/system/activation-scripts.nix | 1 + 4 files changed, 130 insertions(+) create mode 100644 modules/power/default.nix create mode 100644 modules/power/sleep.nix (limited to 'modules') diff --git a/modules/module-list.nix b/modules/module-list.nix index 6604eb9..effdff7 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -51,6 +51,8 @@ ./environment ./fonts ./launchd + ./power + ./power/sleep.nix ./services/activate-system ./services/aerospace ./services/autossh.nix diff --git a/modules/power/default.nix b/modules/power/default.nix new file mode 100644 index 0000000..a99905f --- /dev/null +++ b/modules/power/default.nix @@ -0,0 +1,47 @@ +{ config, lib, ... }: + +let + cfg = config.power; + + types = lib.types; + + onOff = cond: if cond then "on" else "off"; +in + +{ + options = { + power.restartAfterPowerFailure = lib.mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Whether to restart the computer after a power failure. + ''; + }; + + power.restartAfterFreeze = lib.mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Whether to restart the computer after a system freeze. + ''; + }; + }; + + config = { + + system.activationScripts.power.text = '' + echo "configuring power..." >&2 + + ${lib.optionalString (cfg.restartAfterPowerFailure != null) '' + systemsetup -setRestartPowerFailure \ + '${onOff cfg.restartAfterPowerFailure}' &> /dev/null + ''} + + ${lib.optionalString (cfg.restartAfterFreeze != null) '' + systemsetup -setRestartFreeze \ + '${onOff cfg.restartAfterFreeze}' &> /dev/null + ''} + ''; + + }; +} diff --git a/modules/power/sleep.nix b/modules/power/sleep.nix new file mode 100644 index 0000000..ab5862c --- /dev/null +++ b/modules/power/sleep.nix @@ -0,0 +1,80 @@ +{ config, lib, ... }: + +let + cfg = config.power.sleep; + + types = lib.types; + + onOff = cond: if cond then "on" else "off"; +in + +{ + options = { + power.sleep.computer = lib.mkOption { + type = types.nullOr (types.either types.ints.positive (types.enum ["never"])); + default = null; + example = "never"; + description = '' + Amount of idle time (in minutes) until the computer sleeps. + + `"never"` disables computer sleeping. + + The system might not be considered idle before connected displays sleep, as + per the `power.sleep.display` option. + ''; + }; + + power.sleep.display = lib.mkOption { + type = types.nullOr (types.either types.ints.positive (types.enum ["never"])); + default = null; + example = "never"; + description = '' + Amount of idle time (in minutes) until displays sleep. + + `"never"` disables display sleeping. + ''; + }; + + power.sleep.harddisk = lib.mkOption { + type = types.nullOr (types.either types.ints.positive (types.enum ["never"])); + default = null; + example = "never"; + description = '' + Amount of idle time (in minutes) until hard disks sleep. + + `"never"` disables hard disk sleeping. + ''; + }; + + power.sleep.allowSleepByPowerButton = lib.mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Whether the power button can sleep the computer. + ''; + }; + }; + + config = { + + system.activationScripts.power.text = lib.mkAfter '' + ${lib.optionalString (cfg.computer != null) '' + systemsetup -setComputerSleep '${toString cfg.computer}' &> /dev/null + ''} + + ${lib.optionalString (cfg.display != null) '' + systemsetup -setDisplaySleep '${toString cfg.display}' &> /dev/null + ''} + + ${lib.optionalString (cfg.harddisk != null) '' + systemsetup -setHardDiskSleep '${toString cfg.harddisk}' &> /dev/null + ''} + + ${lib.optionalString (cfg.allowSleepByPowerButton != null) '' + systemsetup -setAllowPowerButtonToSleepComputer \ + '${onOff cfg.allowSleepByPowerButton}' &> /dev/null + ''} + ''; + + }; +} diff --git a/modules/system/activation-scripts.nix b/modules/system/activation-scripts.nix index 8325199..da8eb5c 100644 --- a/modules/system/activation-scripts.nix +++ b/modules/system/activation-scripts.nix @@ -67,6 +67,7 @@ in ${cfg.activationScripts.nix-daemon.text} ${cfg.activationScripts.time.text} ${cfg.activationScripts.networking.text} + ${cfg.activationScripts.power.text} ${cfg.activationScripts.keyboard.text} ${cfg.activationScripts.fonts.text} ${cfg.activationScripts.nvram.text} -- cgit v1.2.3 From b089e7e7266403ddda9f96bfd8c5adf9a0f0f6b5 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 24 Oct 2024 18:30:55 +1100 Subject: users: switch back to using `dscl` for deleting users The previous default behaviour when nix-darwin deletes users is that their home directories are left intact, however as the `-keepHome` flag for `sysadminctl -deleteUser` is broken, we'll need to switch back for now. --- modules/users/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 9227080..0cb4350 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -189,8 +189,10 @@ in requireFDA "$1" deleted - sysadminctl -deleteUser "$1" 2> /dev/null + dscl . -delete "/Users/$1" 2> /dev/null + # `dscl . -delete` should exit with a non-zero exit code when there's an error, but we'll leave + # this code here just in case and for when we switch to `sysadminctl -deleteUser` # We need to check as `sysadminctl -deleteUser` still exits with exit code 0 when there's an error if id "$1" &> /dev/null; then printf >&2 '\e[1;31merror: failed to delete user %s, aborting activation\e[0m\n', "$1" -- cgit v1.2.3 From 445c6bfc65b4f9df882d6bb089d46014204f8523 Mon Sep 17 00:00:00 2001 From: Ihar Hrachyshka Date: Sat, 26 Oct 2024 12:08:45 -0400 Subject: Add keepalive flag for emacs service --- modules/services/emacs.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/services/emacs.nix b/modules/services/emacs.nix index 4b9a3cb..ec98950 100644 --- a/modules/services/emacs.nix +++ b/modules/services/emacs.nix @@ -44,9 +44,11 @@ in { launchd.user.agents.emacs = { path = cfg.additionalPath ++ [ config.environment.systemPath ]; - serviceConfig.ProgramArguments = - [ "${cfg.package}/bin/${cfg.exec}" "--fg-daemon" ]; - serviceConfig.RunAtLoad = true; + serviceConfig = { + ProgramArguments = [ "${cfg.package}/bin/${cfg.exec}" "--fg-daemon" ]; + RunAtLoad = true; + KeepAlive = true; + }; }; }; -- cgit v1.2.3 From c9af5c2d1394d1bc34f4722998bcd51714ccd68c Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 24 Oct 2024 22:58:35 +1100 Subject: users: update properties on known users --- modules/users/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index b636d6f..f293f77 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -247,7 +247,10 @@ in dscl . -create ${dsclUser} IsHidden ${if v.isHidden then "1" else "0"} ${optionalString v.createHome "createhomedir -cu ${name}"} fi - # Always set the shell path, in case it was updated + + # Update properties on known users to keep them inline with configuration + dscl . -create ${dsclUser} PrimaryGroupID ${toString v.gid} + ${optionalString (v.description != null) "dscl . -create ${dsclUser} RealName ${lib.escapeShellArg v.description}"} dscl . -create ${dsclUser} UserShell ${lib.escapeShellArg (shellPath v.shell)} fi '') createdUsers} -- cgit v1.2.3 From bd161d61d6f322e1c16543b67b1dbd13934e763c Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 24 Oct 2024 23:19:27 +1100 Subject: users: allow `home` to be managed by macOS --- modules/users/default.nix | 13 +++++++++++-- modules/users/user.nix | 14 +++++++++++--- 2 files changed, 22 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index f293f77..0b2ffd9 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -236,7 +236,13 @@ in requireFDA ${name} "created" - sysadminctl -addUser ${lib.escapeShellArgs ([ v.name "-UID" v.uid "-GID" v.gid ] ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) ++ [ "-home" v.home "-shell" (shellPath v.shell) ])} 2> /dev/null + sysadminctl -addUser ${lib.escapeShellArgs ([ + v.name + "-UID" v.uid + "-GID" v.gid ] + ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) + ++ (lib.optionals (v.home != null) [ "-home" v.home ]) + ++ [ "-shell" (shellPath v.shell) ])} 2> /dev/null # We need to check as `sysadminctl -addUser` still exits with exit code 0 when there's an error if ! id ${name} &> /dev/null; then @@ -245,7 +251,10 @@ in fi dscl . -create ${dsclUser} IsHidden ${if v.isHidden then "1" else "0"} - ${optionalString v.createHome "createhomedir -cu ${name}"} + + # `sysadminctl -addUser` won't create the home directory if we use the `-home` + # flag so we need to do it ourselves + ${optionalString (v.home != null && v.createHome) "createhomedir -cu ${name} > /dev/null"} fi # Update properties on known users to keep them inline with configuration diff --git a/modules/users/user.nix b/modules/users/user.nix index a0c8aab..b9c9799 100644 --- a/modules/users/user.nix +++ b/modules/users/user.nix @@ -53,9 +53,17 @@ # }; home = mkOption { - type = types.path; - default = "/var/empty"; - description = "The user's home directory."; + type = types.nullOr types.path; + default = null; + description = '' + The user's home directory. This defaults to `null`. + + When this is set to `null`, the value is managed by macOS instead of + `nix-darwin`. This means if the user has not been created yet, + `sysadminctl` will be called without the `-home` flag which means the + user will have a default home directory of `/Users/` which will + be created by `sysadminctl`. + ''; }; createHome = mkOption { -- cgit v1.2.3 From 3712ff78ccacd65c819435a310fe8b1a8a2de2ee Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 26 Oct 2024 11:35:34 +1100 Subject: users: change default shell to `/usr/bin/false` to match macOS --- modules/users/user.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/users/user.nix b/modules/users/user.nix index b9c9799..281b7e6 100644 --- a/modules/users/user.nix +++ b/modules/users/user.nix @@ -74,7 +74,7 @@ shell = mkOption { type = types.either types.shellPackage types.path; - default = "/sbin/nologin"; + default = "/usr/bin/false"; example = literalExpression "pkgs.bashInteractive"; description = "The user's shell."; }; -- cgit v1.2.3 From dc6f754fe5d3b0d1ee6b033495c87ec3199a7f68 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Fri, 25 Oct 2024 01:16:19 +1100 Subject: users: allow `shell` to be managed by macOS --- modules/system/shells.nix | 12 +++++++++--- modules/users/default.nix | 4 ++-- modules/users/user.nix | 13 ++++++++++--- 3 files changed, 21 insertions(+), 8 deletions(-) (limited to 'modules') diff --git a/modules/system/shells.nix b/modules/system/shells.nix index 0b599d9..025936d 100644 --- a/modules/system/shells.nix +++ b/modules/system/shells.nix @@ -14,9 +14,15 @@ in example = literalExpression "[ pkgs.bashInteractive pkgs.zsh ]"; description = '' A list of permissible login shells for user accounts. - No need to mention `/bin/sh` - and other shells that are available by default on - macOS. + + The default macOS shells will be automatically included: + - /bin/bash + - /bin/csh + - /bin/dash + - /bin/ksh + - /bin/sh + - /bin/tcsh + - /bin/zsh ''; apply = map (v: if types.shellPackage.check v then "/run/current-system/sw${v.shellPath}" else v); }; diff --git a/modules/users/default.nix b/modules/users/default.nix index 0b2ffd9..aee8fec 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -242,7 +242,7 @@ in "-GID" v.gid ] ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) ++ (lib.optionals (v.home != null) [ "-home" v.home ]) - ++ [ "-shell" (shellPath v.shell) ])} 2> /dev/null + ++ [ "-shell" (if v.shell != null then shellPath v.shell else "/usr/bin/false") ])} 2> /dev/null # We need to check as `sysadminctl -addUser` still exits with exit code 0 when there's an error if ! id ${name} &> /dev/null; then @@ -260,7 +260,7 @@ in # Update properties on known users to keep them inline with configuration dscl . -create ${dsclUser} PrimaryGroupID ${toString v.gid} ${optionalString (v.description != null) "dscl . -create ${dsclUser} RealName ${lib.escapeShellArg v.description}"} - dscl . -create ${dsclUser} UserShell ${lib.escapeShellArg (shellPath v.shell)} + ${optionalString (v.shell != null) "dscl . -create ${dsclUser} UserShell ${lib.escapeShellArg (shellPath v.shell)}"} fi '') createdUsers} diff --git a/modules/users/user.nix b/modules/users/user.nix index 281b7e6..72ae07b 100644 --- a/modules/users/user.nix +++ b/modules/users/user.nix @@ -73,10 +73,17 @@ }; shell = mkOption { - type = types.either types.shellPackage types.path; - default = "/usr/bin/false"; + type = types.nullOr (types.either types.shellPackage types.path); + default = null; example = literalExpression "pkgs.bashInteractive"; - description = "The user's shell."; + description = '' + The user's shell. This defaults to `null`. + + When this is set to `null`, if the user has not been created yet, + they will be created with the shell `/usr/bin/false` to prevent + interactive login. If the user already exists, the value is + considered managed by macOS and `nix-darwin` will not change it. + ''; }; packages = mkOption { -- cgit v1.2.3 From 55be3e1a5f9c816f30baf0d9de8ba77c954847dd Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 26 Oct 2024 12:31:53 +1100 Subject: users: move checks to `system.checks` --- modules/system/activation-scripts.nix | 1 + modules/users/default.nix | 120 ++++++++++++++++++++++------------ 2 files changed, 79 insertions(+), 42 deletions(-) (limited to 'modules') diff --git a/modules/system/activation-scripts.nix b/modules/system/activation-scripts.nix index da8eb5c..5f8916c 100644 --- a/modules/system/activation-scripts.nix +++ b/modules/system/activation-scripts.nix @@ -86,6 +86,7 @@ in exit $_status ''; + # FIXME: activationScripts.checks should be system level system.activationScripts.userScript.text = '' #! ${stdenv.shell} set -e diff --git a/modules/users/default.nix b/modules/users/default.nix index aee8fec..a618792 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -98,6 +98,84 @@ in users.gids = mkMerge gids; users.uids = mkMerge uids; + # NOTE: We put this in `system.checks` as we want this to run first to avoid partial activations + # however currently that runs at user level activation as that runs before system level activation + # TODO: replace `$USER` with `$SUDO_USER` when system.checks runs from system level + system.checks.text = lib.mkAfter '' + requireFDA() { + fullDiskAccess=false + + if cat /Library/Preferences/com.apple.TimeMachine.plist > /dev/null 2>&1; then + fullDiskAccess=true + fi + + if [[ "$fullDiskAccess" != true ]]; then + printf >&2 '\e[1;31merror: users cannot be %s without Full Disk Access, aborting activation\e[0m\n' "$2" + printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access.\n' "$1" "$2" + printf >&2 '\n' + printf >&2 'Opening "Privacy & Security" > "Full Disk Access" in System Settings\n' + printf >&2 '\n' + # This command will fail if run as root and System Settings is already running + # even if System Settings was launched by root. + open "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles" + + if [[ -n "$SSH_CONNECTION" ]]; then + printf >&2 'Please enable Full Disk Access for programs over SSH by flipping\n' + printf >&2 'the switch for `sshd-keygen-wrapper`.\n' + else + printf >&2 'Please enable Full Disk Access for your terminal emulator by flipping\n' + printf >&2 'the switch in System Settings.\n' + fi + + exit 1 + fi + } + + ensureDeletable() { + # TODO: add `darwin.primaryUser` as well + if [[ "$1" == "$USER" ]]; then + printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', "$1" + exit 1 + elif [[ "$1" == "root" ]]; then + printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n' + exit 1 + fi + + requireFDA "$1" deleted + } + + ${concatMapStringsSep "\n" (v: let + name = lib.escapeShellArg v.name; + dsclUser = lib.escapeShellArg "/Users/${v.name}"; + in '' + ${optionalString cfg.forceRecreate '' + u=$(id -u ${name} 2> /dev/null) || true + if [[ "$u" -eq ${toString v.uid} ]]; then + # TODO: add `darwin.primaryUser` as well + if [[ ${name} != "$USER" && ${name} != "root" ]]; then + ensureDeletable ${name} + fi + fi + ''} + + u=$(id -u ${name} 2> /dev/null) || true + if ! [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then + if [ -z "$u" ]; then + requireFDA ${name} created + fi + fi + '') createdUsers} + + ${concatMapStringsSep "\n" (name: '' + u=$(id -u ${lib.escapeShellArg name} 2> /dev/null) || true + if [ -n "$u" ]; then + if [ "$u" -gt 501 ]; then + ensureDeletable ${lib.escapeShellArg name} + fi + fi + '') deletedUsers} + ''; + system.activationScripts.groups.text = mkIf (cfg.knownGroups != []) '' echo "setting up groups..." >&2 @@ -154,47 +232,7 @@ in system.activationScripts.users.text = mkIf (cfg.knownUsers != []) '' echo "setting up users..." >&2 - requireFDA() { - fullDiskAccess=false - - if cat /Library/Preferences/com.apple.TimeMachine.plist > /dev/null 2>&1; then - fullDiskAccess=true - fi - - if [[ "$fullDiskAccess" != true ]]; then - printf >&2 '\e[1;31merror: users cannot be %s without Full Disk Access, aborting activation\e[0m\n' "$2" - printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access.\n' "$1" "$2" - printf >&2 '\n' - printf >&2 'Opening "Privacy & Security" > "Full Disk Access" in System Settings\n' - printf >&2 '\n' - # This command will fail if run as root and System Settings is already running - # even if System Settings was launched by root. - sudo -u $SUDO_USER open "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles" - - if [[ -n "$SSH_CONNECTION" ]]; then - printf >&2 'Please enable Full Disk Access for programs over SSH by flipping\n' - printf >&2 'the switch for `sshd-keygen-wrapper`.\n' - else - printf >&2 'Please enable Full Disk Access for your terminal emulator by flipping\n' - printf >&2 'the switch in System Settings.\n' - fi - - exit 1 - fi - } - deleteUser() { - # FIXME: add `darwin.primaryUser` as well - if [[ "$1" == "$SUDO_USER" ]]; then - printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', "$1" - exit 1 - elif [[ "$1" == "root" ]]; then - printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n', "$1" - exit 1 - fi - - requireFDA "$1" deleted - dscl . -delete "/Users/$1" 2> /dev/null # `dscl . -delete` should exit with a non-zero exit code when there's an error, but we'll leave @@ -234,8 +272,6 @@ in if [ -z "$u" ]; then echo "creating user ${v.name}..." >&2 - requireFDA ${name} "created" - sysadminctl -addUser ${lib.escapeShellArgs ([ v.name "-UID" v.uid -- cgit v1.2.3 From 9cd3976486fd0d189cbb3ad3e71c345502a3b1f5 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 26 Oct 2024 12:31:53 +1100 Subject: users: ensure all users' home directories in the config are correct --- modules/users/default.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index a618792..3f614c6 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -94,6 +94,14 @@ in }; config = { + assertions = [ + { + # We don't check `root` like the rest of the users as on some systems `root`'s + # home directory is set to `/var/root /private/var/root` + assertion = cfg.users ? root -> (cfg.users.root.home == null || cfg.users.root.home == "/var/root"); + message = "`users.users.root.home` must be set to either `null` or `/var/root`."; + } + ]; users.gids = mkMerge gids; users.uids = mkMerge uids; @@ -163,6 +171,22 @@ in if [ -z "$u" ]; then requireFDA ${name} created fi + + ${optionalString (v.home != null && v.name != "root") '' + homeDirectory=$(dscl . -read ${dsclUser} NFSHomeDirectory) + homeDirectory=''${homeDirectory#NFSHomeDirectory: } + if [[ ${lib.escapeShellArg v.home} != "$homeDirectory" ]]; then + printf >&2 '\e[1;31merror: config contains the wrong home directory for %s, aborting activation\e[0m\n' ${name} + printf >&2 'nix-darwin does not support changing the home directory of existing users. + printf >&2 '\n' + printf >&2 'Please set:\n' + printf >&2 '\n' + printf >&2 ' users.users.%s.home = "%s";\n' ${name} "$homeDirectory" + printf >&2 '\n' + printf >&2 'or remove it from your configuration.\n' + exit 1 + fi + ''} fi '') createdUsers} -- cgit v1.2.3 From 32f0cf2140af6a852f8c8b6c8f15e4855d461b87 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 28 Oct 2024 00:37:55 +1100 Subject: users: replace FDA check with more fine grained permissions check --- modules/users/default.nix | 78 +++++++++++++++++++++++------------------------ 1 file changed, 39 insertions(+), 39 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 3f614c6..c6c66f3 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -110,32 +110,44 @@ in # however currently that runs at user level activation as that runs before system level activation # TODO: replace `$USER` with `$SUDO_USER` when system.checks runs from system level system.checks.text = lib.mkAfter '' - requireFDA() { - fullDiskAccess=false - - if cat /Library/Preferences/com.apple.TimeMachine.plist > /dev/null 2>&1; then - fullDiskAccess=true - fi - - if [[ "$fullDiskAccess" != true ]]; then - printf >&2 '\e[1;31merror: users cannot be %s without Full Disk Access, aborting activation\e[0m\n' "$2" - printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access.\n' "$1" "$2" - printf >&2 '\n' - printf >&2 'Opening "Privacy & Security" > "Full Disk Access" in System Settings\n' - printf >&2 '\n' - # This command will fail if run as root and System Settings is already running - # even if System Settings was launched by root. - open "x-apple.systempreferences:com.apple.preference.security?Privacy_AllFiles" + ensurePerms() { + homeDirectory=$(dscl . -read /Users/nobody NFSHomeDirectory) + homeDirectory=''${homeDirectory#NFSHomeDirectory: } + if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then if [[ -n "$SSH_CONNECTION" ]]; then - printf >&2 'Please enable Full Disk Access for programs over SSH by flipping\n' - printf >&2 'the switch for `sshd-keygen-wrapper`.\n' + printf >&2 '\e[1;31merror: users cannot be %s over SSH without Full Disk Access, aborting activation\e[0m\n' "$2" + printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access over SSH.\n' "$1" "$2" + printf >&2 'You can either:\n' + printf >&2 '\n' + printf >&2 ' grant Full Disk Access to all programs run over SSH\n' + printf >&2 '\n' + printf >&2 'or\n' + printf >&2 '\n' + printf >&2 ' run `darwin-rebuild` in a graphical session.\n' + printf >&2 '\n' + printf >&2 'The option "Allow full disk access for remote users" can be found by\n' + printf >&2 'navigating to System Settings > General > Sharing > Remote Login\n' + printf >&2 'and then pressing on the i icon next to the switch.\n' + exit 1 else - printf >&2 'Please enable Full Disk Access for your terminal emulator by flipping\n' - printf >&2 'the switch in System Settings.\n' + # The TCC service required to change home directories is `kTCCServiceSystemPolicySysAdminFiles` + # and we can reset it to ensure the user gets another prompt + tccutil reset SystemPolicySysAdminFiles > /dev/null + + if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then + printf >&2 '\e[1;31merror: permission denied when trying to %s user %s, aborting activation\e[0m\n' "$2" "$1" + printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n' "$1" "$2" + printf >&2 'please accept the dialog that pops up.\n' + printf >&2 '\n' + printf >&2 'If you do not wish to be prompted every time `darwin-rebuild updates your users,\n' + printf >&2 'you can grant Full Disk Access to your terminal emulator in System Settings.\n' + printf >&2 '\n' + printf >&2 'This can be found in System Settings > Privacy & Security > Full Disk Access.\n' + exit 1 + fi fi - exit 1 fi } @@ -149,7 +161,7 @@ in exit 1 fi - requireFDA "$1" deleted + ensurePerms "$1" delete } ${concatMapStringsSep "\n" (v: let @@ -169,7 +181,7 @@ in u=$(id -u ${name} 2> /dev/null) || true if ! [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then if [ -z "$u" ]; then - requireFDA ${name} created + ensurePerms ${name} create fi ${optionalString (v.home != null && v.name != "root") '' @@ -211,7 +223,7 @@ in g=''${g#PrimaryGroupID: } if [[ "$g" -eq ${toString v.gid} ]]; then echo "deleting group ${v.name}..." >&2 - dscl . -delete ${dsclGroup} 2> /dev/null + dscl . -delete ${dsclGroup} else echo "warning: existing group '${v.name}' has unexpected gid $g, skipping..." >&2 fi @@ -245,7 +257,7 @@ in if [ -n "$g" ]; then if [ "$g" -gt 501 ]; then echo "deleting group ${name}..." >&2 - dscl . -delete ${dsclGroup} 2> /dev/null + dscl . -delete ${dsclGroup} else echo "warning: existing group '${name}' has unexpected gid $g, skipping..." >&2 fi @@ -256,18 +268,6 @@ in system.activationScripts.users.text = mkIf (cfg.knownUsers != []) '' echo "setting up users..." >&2 - deleteUser() { - dscl . -delete "/Users/$1" 2> /dev/null - - # `dscl . -delete` should exit with a non-zero exit code when there's an error, but we'll leave - # this code here just in case and for when we switch to `sysadminctl -deleteUser` - # We need to check as `sysadminctl -deleteUser` still exits with exit code 0 when there's an error - if id "$1" &> /dev/null; then - printf >&2 '\e[1;31merror: failed to delete user %s, aborting activation\e[0m\n', "$1" - exit 1 - fi - } - ${concatMapStringsSep "\n" (v: let name = lib.escapeShellArg v.name; dsclUser = lib.escapeShellArg "/Users/${v.name}"; @@ -282,7 +282,7 @@ in printf >&2 'warning: not going to recreate root, skipping...\n' else printf >&2 'deleting user ${v.name}...\n' - deleteUser ${name} + dscl . -delete ${dsclUser} fi else echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2 @@ -329,7 +329,7 @@ in if [ -n "$u" ]; then if [ "$u" -gt 501 ]; then echo "deleting user ${name}..." >&2 - deleteUser ${lib.escapeShellArg name} + dscl . -delete ${lib.escapeShellArg "/Users/${name}"} else echo "warning: existing user '${name}' has unexpected uid $u, skipping..." >&2 fi -- cgit v1.2.3 From febc3b3f514d1e3d46182975430737d0232e6af0 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 26 Oct 2024 16:13:23 +1100 Subject: users: remove `with lib;` --- modules/users/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index c6c66f3..a23251d 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -1,8 +1,9 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) concatStringsSep concatMapStringsSep elem filter filterAttrs + mapAttrs' mapAttrsToList mkIf mkMerge mkOption mkOrder optionalString types; + cfg = config.users; group = import ./group.nix; -- cgit v1.2.3 From a15a3d9f1f9fadd455b38b3833e1ee6db6b59186 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 28 Oct 2024 10:47:15 +1100 Subject: users: fix unclosed string --- modules/users/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index a23251d..92c0cd8 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -190,7 +190,7 @@ in homeDirectory=''${homeDirectory#NFSHomeDirectory: } if [[ ${lib.escapeShellArg v.home} != "$homeDirectory" ]]; then printf >&2 '\e[1;31merror: config contains the wrong home directory for %s, aborting activation\e[0m\n' ${name} - printf >&2 'nix-darwin does not support changing the home directory of existing users. + printf >&2 'nix-darwin does not support changing the home directory of existing users.\n' printf >&2 '\n' printf >&2 'Please set:\n' printf >&2 '\n' -- cgit v1.2.3 From c908607e8a8ac1aaa0db60955800be4b02e500cc Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 28 Oct 2024 01:05:16 +1100 Subject: users: remove `users.forceRecreate` option --- modules/users/default.nix | 78 +++++++++++------------------------------------ 1 file changed, 18 insertions(+), 60 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 92c0cd8..58156d2 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -41,6 +41,10 @@ let in { + imports = [ + (lib.mkRemovedOptionModule [ "users" "forceRecreate" ] "") + ]; + options = { users.knownGroups = mkOption { type = types.listOf types.str; @@ -85,13 +89,6 @@ in type = types.attrsOf types.str; default = {}; }; - - users.forceRecreate = mkOption { - internal = true; - type = types.bool; - default = false; - description = "Remove and recreate existing groups/users."; - }; }; config = { @@ -152,33 +149,11 @@ in fi } - ensureDeletable() { - # TODO: add `darwin.primaryUser` as well - if [[ "$1" == "$USER" ]]; then - printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', "$1" - exit 1 - elif [[ "$1" == "root" ]]; then - printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n' - exit 1 - fi - - ensurePerms "$1" delete - } ${concatMapStringsSep "\n" (v: let name = lib.escapeShellArg v.name; dsclUser = lib.escapeShellArg "/Users/${v.name}"; in '' - ${optionalString cfg.forceRecreate '' - u=$(id -u ${name} 2> /dev/null) || true - if [[ "$u" -eq ${toString v.uid} ]]; then - # TODO: add `darwin.primaryUser` as well - if [[ ${name} != "$USER" && ${name} != "root" ]]; then - ensureDeletable ${name} - fi - fi - ''} - u=$(id -u ${name} 2> /dev/null) || true if ! [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then if [ -z "$u" ]; then @@ -203,11 +178,22 @@ in fi '') createdUsers} - ${concatMapStringsSep "\n" (name: '' - u=$(id -u ${lib.escapeShellArg name} 2> /dev/null) || true + ${concatMapStringsSep "\n" (v: let + name = lib.escapeShellArg v; + in '' + u=$(id -u ${name} 2> /dev/null) || true if [ -n "$u" ]; then if [ "$u" -gt 501 ]; then - ensureDeletable ${lib.escapeShellArg name} + # TODO: add `darwin.primaryUser` as well + if [[ ${name} == "$USER" ]]; then + printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name} + exit 1 + elif [[ ${name} == "root" ]]; then + printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n' + exit 1 + fi + + ensurePerms ${name} delete fi fi '') deletedUsers} @@ -219,17 +205,6 @@ in ${concatMapStringsSep "\n" (v: let dsclGroup = lib.escapeShellArg "/Groups/${v.name}"; in '' - ${optionalString cfg.forceRecreate '' - g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true - g=''${g#PrimaryGroupID: } - if [[ "$g" -eq ${toString v.gid} ]]; then - echo "deleting group ${v.name}..." >&2 - dscl . -delete ${dsclGroup} - else - echo "warning: existing group '${v.name}' has unexpected gid $g, skipping..." >&2 - fi - ''} - g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true g=''${g#PrimaryGroupID: } if [ -z "$g" ]; then @@ -273,23 +248,6 @@ in name = lib.escapeShellArg v.name; dsclUser = lib.escapeShellArg "/Users/${v.name}"; in '' - ${optionalString cfg.forceRecreate '' - u=$(id -u ${name} 2> /dev/null) || true - if [[ "$u" -eq ${toString v.uid} ]]; then - # TODO: add `darwin.primaryUser` as well - if [[ ${name} == "$SUDO_USER" ]]; then - printf >&2 'warning: not going to recreate the user calling `darwin-rebuild` (%s), skipping...\n' "$SUDO_USER" - elif [[ ${name} == "root" ]]; then - printf >&2 'warning: not going to recreate root, skipping...\n' - else - printf >&2 'deleting user ${v.name}...\n' - dscl . -delete ${dsclUser} - fi - else - echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2 - fi - ''} - u=$(id -u ${name} 2> /dev/null) || true if [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2 -- cgit v1.2.3 From f380194f3dac82e63dc72db160490dcb58208534 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 28 Oct 2024 10:30:02 +1100 Subject: users: create users with home directory `/var/empty` by default --- modules/users/default.nix | 2 +- modules/users/user.nix | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 58156d2..a945fb4 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -260,7 +260,7 @@ in "-UID" v.uid "-GID" v.gid ] ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) - ++ (lib.optionals (v.home != null) [ "-home" v.home ]) + ++ [ "-home" (if v.home != null then v.home else "/var/empty") ] ++ [ "-shell" (if v.shell != null then shellPath v.shell else "/usr/bin/false") ])} 2> /dev/null # We need to check as `sysadminctl -addUser` still exits with exit code 0 when there's an error diff --git a/modules/users/user.nix b/modules/users/user.nix index 72ae07b..9689e05 100644 --- a/modules/users/user.nix +++ b/modules/users/user.nix @@ -58,11 +58,9 @@ description = '' The user's home directory. This defaults to `null`. - When this is set to `null`, the value is managed by macOS instead of - `nix-darwin`. This means if the user has not been created yet, - `sysadminctl` will be called without the `-home` flag which means the - user will have a default home directory of `/Users/` which will - be created by `sysadminctl`. + When this is set to `null`, if the user has not been created yet, + they will be created with the home directory `/var/empty` to match + the old default. ''; }; -- cgit v1.2.3 From 6c8d45fb20c40a8ccc73130d026d487b887a3de4 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 28 Oct 2024 04:10:45 +0100 Subject: module: add prometheus-node-exporter service --- modules/misc/ids.nix | 2 + modules/module-list.nix | 1 + .../monitoring/prometheus-node-exporter.nix | 117 +++++++++++++++++++++ 3 files changed, 120 insertions(+) create mode 100644 modules/services/monitoring/prometheus-node-exporter.nix (limited to 'modules') diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix index c0f3a19..34b3685 100644 --- a/modules/misc/ids.nix +++ b/modules/misc/ids.nix @@ -38,10 +38,12 @@ in ids.uids = { nixbld = lib.mkDefault 350; + _prometheus-node-exporter = 534; }; ids.gids = { nixbld = lib.mkDefault (if config.system.stateVersion < 5 then 30000 else 350); + _prometheus-node-exporter = 534; }; }; diff --git a/modules/module-list.nix b/modules/module-list.nix index effdff7..2e6d943 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -74,6 +74,7 @@ ./services/mopidy.nix ./services/monitoring/telegraf.nix ./services/monitoring/netdata.nix + ./services/monitoring/prometheus-node-exporter.nix ./services/netbird.nix ./services/nix-daemon.nix ./services/nix-gc diff --git a/modules/services/monitoring/prometheus-node-exporter.nix b/modules/services/monitoring/prometheus-node-exporter.nix new file mode 100644 index 0000000..752dc0f --- /dev/null +++ b/modules/services/monitoring/prometheus-node-exporter.nix @@ -0,0 +1,117 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) + concatStringsSep + escapeShellArgs + getExe + mkEnableOption + mkIf + mkOption + mkPackageOption + mkRemovedOptionModule + types + ; + + cfg = config.services.prometheus.exporters.node; +in { + imports = [ + (mkRemovedOptionModule [ "services" "prometheus" "exporters" "node" "openFirewall" ] "No nix-darwin equivalent to this NixOS option.") + (mkRemovedOptionModule [ "services" "prometheus" "exporters" "node" "firewallFilter" ] "No nix-darwin equivalent to this NixOS option.") + (mkRemovedOptionModule [ "services" "prometheus" "exporters" "node" "firewallRules" ] "No nix-darwin equivalent to this NixOS option.") + ]; + + options = { + services.prometheus.exporters.node = { + enable = mkEnableOption "Prometheus Node exporter"; + + package = mkPackageOption pkgs "prometheus-node-exporter" { }; + + listenAddress = mkOption { + type = types.str; + default = ""; + example = "0.0.0.0"; + description = '' + Address where Node exporter exposes its HTTP interface. Leave empty to bind to all addresses. + ''; + }; + + port = mkOption { + type = types.port; + default = 9100; + description = '' + Port where the Node exporter exposes its HTTP interface. + ''; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "--log.level=debug" ]; + description = '' + Extra commandline options to pass to the Node exporter executable. + ''; + }; + + enabledCollectors = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Collectors to enable in addition to the ones that are [enabled by default](https://github.com/prometheus/node_exporter#enabled-by-default). + ''; + }; + + disabledCollectors = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "boottime" ]; + description = '' + Collectors to disable from the list of collectors that are [enabled by default](https://github.com/prometheus/node_exporter#enabled-by-default). + ''; + }; + }; + }; + + config = mkIf cfg.enable { + users.users._prometheus-node-exporter = { + uid = config.ids.uids._prometheus-node-exporter; + gid = config.ids.gids._prometheus-node-exporter; + home = "/var/empty"; + shell = "/usr/bin/false"; + description = "System user for the Prometheus Node exporter"; + }; + + users.groups._prometheus-node-exporter = { + gid = config.ids.gids._prometheus-node-exporter; + description = "System group for the Prometheus Node exporter"; + }; + + users.knownGroups = [ "_prometheus-node-exporter" ]; + users.knownUsers = [ "_prometheus-node-exporter" ]; + + launchd.daemons.prometheus-node-exporter = { + script = concatStringsSep " " + ([ + (getExe cfg.package) + "--web.listen-address" + "${cfg.listenAddress}:${toString cfg.port}" + ] + ++ (map (collector: "--collector.${collector}") cfg.enabledCollectors) + ++ (map (collector: "--no-collector.${collector}") cfg.disabledCollectors) + ) + escapeShellArgs cfg.extraFlags; + serviceConfig = { + KeepAlive = true; + RunAtLoad = true; + StandardErrorPath = "/var/log/prometheus-node-exporter.log"; + StandardOutPath = "/var/log/prometheus-node-exporter.log"; + GroupName = "_prometheus-node-exporter"; + UserName = "_prometheus-node-exporter"; + }; + }; + }; +} -- cgit v1.2.3 From 470f87c1827b51169ed4f91cdbdfd48417bfff3d Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 31 Oct 2024 15:02:36 +1100 Subject: zsh: enable by default as zsh is the default shell on macOS Historically this was a footgun because users would not always have this enabled leading to `darwin-rebuild` and other programs not being found. --- modules/examples/flake/flake.nix | 3 +-- modules/examples/simple.nix | 3 +-- modules/programs/zsh/default.nix | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/examples/flake/flake.nix b/modules/examples/flake/flake.nix index 94c600e..e6eaefc 100644 --- a/modules/examples/flake/flake.nix +++ b/modules/examples/flake/flake.nix @@ -23,8 +23,7 @@ # Necessary for using flakes on this system. nix.settings.experimental-features = "nix-command flakes"; - # Create /etc/zshrc that loads the nix-darwin environment. - programs.zsh.enable = true; # default shell on catalina + # Enable alternative shell support in nix-darwin. # programs.fish.enable = true; # Set Git commit hash for darwin-version. diff --git a/modules/examples/simple.nix b/modules/examples/simple.nix index 1133da8..5baf009 100644 --- a/modules/examples/simple.nix +++ b/modules/examples/simple.nix @@ -15,8 +15,7 @@ # services.nix-daemon.enable = true; # nix.package = pkgs.nix; - # Create /etc/zshrc that loads the nix-darwin environment. - programs.zsh.enable = true; # default shell on catalina + # Enable alternative shell support in nix-darwin. # programs.fish.enable = true; # Used for backwards compatibility, please read the changelog before changing. diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index bfbfc59..1665fcd 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -18,7 +18,7 @@ in options = { programs.zsh.enable = mkOption { type = types.bool; - default = false; + default = true; description = "Whether to configure zsh as an interactive shell."; }; -- cgit v1.2.3 From 1588cb2e997fb37a4eab78da13808faf49df903f Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 31 Oct 2024 15:02:36 +1100 Subject: environment: remove misleading `environment.loginShell` option --- modules/environment/default.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'modules') diff --git a/modules/environment/default.nix b/modules/environment/default.nix index 00d58c0..994c77a 100644 --- a/modules/environment/default.nix +++ b/modules/environment/default.nix @@ -18,6 +18,11 @@ in { imports = [ (mkRenamedOptionModule ["environment" "postBuild"] ["environment" "extraSetup"]) + (mkRemovedOptionModule [ "environment" "loginShell" ] '' + This option was only used to change the default command in tmux. + + This has been removed in favour of changing the default command or default shell in tmux directly. + '') ]; options = { @@ -74,12 +79,6 @@ in ''; }; - environment.loginShell = mkOption { - type = types.str; - default = "$SHELL -l"; - description = "Configure default login shell."; - }; - environment.variables = mkOption { type = types.attrsOf (types.either types.str (types.listOf types.str)); default = {}; -- cgit v1.2.3 From 63f4d40e551e7b29fbe586967c03eea1e6a70ce4 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 31 Oct 2024 15:59:09 +1100 Subject: tmux: remove `programs.tmux.defaultCommand` --- modules/examples/lnl.nix | 1 - modules/programs/tmux.nix | 12 +----------- 2 files changed, 1 insertion(+), 12 deletions(-) (limited to 'modules') diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix index 010dff5..d944158 100644 --- a/modules/examples/lnl.nix +++ b/modules/examples/lnl.nix @@ -277,7 +277,6 @@ zle -N up-line-or-beginning-search ''; - environment.loginShell = "${pkgs.zsh}/bin/zsh -l"; environment.variables.SHELL = "${pkgs.zsh}/bin/zsh"; environment.variables.LANG = "en_US.UTF-8"; diff --git a/modules/programs/tmux.nix b/modules/programs/tmux.nix index ae6fcbf..d70dab1 100644 --- a/modules/programs/tmux.nix +++ b/modules/programs/tmux.nix @@ -41,6 +41,7 @@ in { imports = [ (mkRenamedOptionModule [ "programs" "tmux" "tmuxConfig" ] [ "programs" "tmux" "extraConfig" ]) + (mkRemovedOptionModule [ "programs" "tmux" "defaultCommand" ] "Use `programs.tmux.extraConfig` to configure the default command instead. If unset, tmux will default to using your system configured login shell.") ]; options = { programs.tmux.enable = mkOption { @@ -84,11 +85,6 @@ in description = "Cater to iTerm2 and its tmux integration, as appropriate."; }; - programs.tmux.defaultCommand = mkOption { - type = types.either types.str types.package; - description = "The default command to use for tmux panes."; - }; - programs.tmux.tmuxOptions = mkOption { internal = true; type = types.attrsOf (types.submodule text); @@ -120,12 +116,6 @@ in source-file -q /etc/tmux.conf.local ''; - programs.tmux.defaultCommand = mkDefault config.environment.loginShell; - - programs.tmux.tmuxOptions.login-shell.text = '' - set -g default-command "${cfg.defaultCommand}" - ''; - programs.tmux.tmuxOptions.sensible.text = mkIf cfg.enableSensible '' set -g default-terminal "screen-256color" setw -g aggressive-resize on -- cgit v1.2.3 From 331fd8d3b596999e731ede69a8cbf6524968d936 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20de=20Chezelles?= Date: Thu, 31 Oct 2024 16:51:05 +0100 Subject: karabiner-elements: allow use of custom package --- modules/services/karabiner-elements/default.nix | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'modules') diff --git a/modules/services/karabiner-elements/default.nix b/modules/services/karabiner-elements/default.nix index 2764505..8be2ddf 100644 --- a/modules/services/karabiner-elements/default.nix +++ b/modules/services/karabiner-elements/default.nix @@ -9,18 +9,19 @@ let in { - options = { - services.karabiner-elements.enable = mkEnableOption "Karabiner-Elements"; + options.services.karabiner-elements = { + enable = mkEnableOption "Karabiner-Elements"; + package = mkPackageOption pkgs "karabiner-elements" { }; }; config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.karabiner-elements ]; + environment.systemPackages = [ cfg.package ]; system.activationScripts.preActivation.text = '' rm -rf ${parentAppDir} mkdir -p ${parentAppDir} # Kernel extensions must reside inside of /Applications, they cannot be symlinks - cp -r ${pkgs.karabiner-elements.driver}/Applications/.Karabiner-VirtualHIDDevice-Manager.app ${parentAppDir} + cp -r ${cfg.package.driver}/Applications/.Karabiner-VirtualHIDDevice-Manager.app ${parentAppDir} ''; system.activationScripts.postActivation.text = '' @@ -49,7 +50,7 @@ in launchd.daemons.karabiner_grabber = { serviceConfig.ProgramArguments = [ - "${pkgs.karabiner-elements}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_grabber" + "${cfg.package}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_grabber" ]; serviceConfig.ProcessType = "Interactive"; serviceConfig.Label = "org.pqrs.karabiner.karabiner_grabber"; @@ -60,7 +61,7 @@ in launchd.daemons.karabiner_observer = { serviceConfig.ProgramArguments = [ - "${pkgs.karabiner-elements}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_observer" + "${cfg.package}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_observer" ]; serviceConfig.Label = "org.pqrs.karabiner.karabiner_observer"; @@ -70,7 +71,7 @@ in }; launchd.daemons.Karabiner-DriverKit-VirtualHIDDeviceClient = { - command = "\"${pkgs.karabiner-elements.driver}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient\""; + command = "\"${cfg.package.driver}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient\""; serviceConfig.ProcessType = "Interactive"; serviceConfig.Label = "org.pqrs.Karabiner-DriverKit-VirtualHIDDeviceClient"; serviceConfig.KeepAlive = true; @@ -91,7 +92,7 @@ in script = '' rm -rf /run/wrappers mkdir -p /run/wrappers/bin - install -m4555 "${pkgs.karabiner-elements}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_session_monitor" /run/wrappers/bin + install -m4555 "${cfg.package}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_session_monitor" /run/wrappers/bin ''; serviceConfig.RunAtLoad = true; serviceConfig.KeepAlive.SuccessfulExit = false; @@ -106,8 +107,8 @@ in serviceConfig.KeepAlive = true; }; - environment.userLaunchAgents."org.pqrs.karabiner.agent.karabiner_grabber.plist".source = "${pkgs.karabiner-elements}/Library/LaunchAgents/org.pqrs.karabiner.agent.karabiner_grabber.plist"; - environment.userLaunchAgents."org.pqrs.karabiner.agent.karabiner_observer.plist".source = "${pkgs.karabiner-elements}/Library/LaunchAgents/org.pqrs.karabiner.agent.karabiner_observer.plist"; - environment.userLaunchAgents."org.pqrs.karabiner.karabiner_console_user_server.plist".source = "${pkgs.karabiner-elements}/Library/LaunchAgents/org.pqrs.karabiner.karabiner_console_user_server.plist"; + environment.userLaunchAgents."org.pqrs.karabiner.agent.karabiner_grabber.plist".source = "${cfg.package}/Library/LaunchAgents/org.pqrs.karabiner.agent.karabiner_grabber.plist"; + environment.userLaunchAgents."org.pqrs.karabiner.agent.karabiner_observer.plist".source = "${cfg.package}/Library/LaunchAgents/org.pqrs.karabiner.agent.karabiner_observer.plist"; + environment.userLaunchAgents."org.pqrs.karabiner.karabiner_console_user_server.plist".source = "${cfg.package}/Library/LaunchAgents/org.pqrs.karabiner.karabiner_console_user_server.plist"; }; } -- cgit v1.2.3 From 318df382e61e6116034017454ae596f3980c4613 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 2 Nov 2024 10:31:40 +1100 Subject: users: don't check home directory is correct before creating user --- modules/users/default.nix | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index a945fb4..6a1cd2e 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -158,23 +158,24 @@ in if ! [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then if [ -z "$u" ]; then ensurePerms ${name} create - fi - ${optionalString (v.home != null && v.name != "root") '' - homeDirectory=$(dscl . -read ${dsclUser} NFSHomeDirectory) - homeDirectory=''${homeDirectory#NFSHomeDirectory: } - if [[ ${lib.escapeShellArg v.home} != "$homeDirectory" ]]; then - printf >&2 '\e[1;31merror: config contains the wrong home directory for %s, aborting activation\e[0m\n' ${name} - printf >&2 'nix-darwin does not support changing the home directory of existing users.\n' - printf >&2 '\n' - printf >&2 'Please set:\n' - printf >&2 '\n' - printf >&2 ' users.users.%s.home = "%s";\n' ${name} "$homeDirectory" - printf >&2 '\n' - printf >&2 'or remove it from your configuration.\n' - exit 1 - fi - ''} + ${optionalString (v.home != null && v.name != "root") '' + else + homeDirectory=$(dscl . -read ${dsclUser} NFSHomeDirectory) + homeDirectory=''${homeDirectory#NFSHomeDirectory: } + if [[ ${lib.escapeShellArg v.home} != "$homeDirectory" ]]; then + printf >&2 '\e[1;31merror: config contains the wrong home directory for %s, aborting activation\e[0m\n' ${name} + printf >&2 'nix-darwin does not support changing the home directory of existing users.\n' + printf >&2 '\n' + printf >&2 'Please set:\n' + printf >&2 '\n' + printf >&2 ' users.users.%s.home = "%s";\n' ${name} "$homeDirectory" + printf >&2 '\n' + printf >&2 'or remove it from your configuration.\n' + exit 1 + fi + ''} + fi fi '') createdUsers} -- cgit v1.2.3 From 0dacfdea635b664812b8065e6b5449c43bf1a586 Mon Sep 17 00:00:00 2001 From: April Schleck Date: Fri, 25 Oct 2024 13:21:56 -0700 Subject: Configure the folder that new Finder windows open --- modules/system/defaults/finder.nix | 54 +++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/defaults/finder.nix b/modules/system/defaults/finder.nix index 1da93c0..51fff74 100644 --- a/modules/system/defaults/finder.nix +++ b/modules/system/defaults/finder.nix @@ -1,7 +1,10 @@ { config, lib, ... }: -with lib; +let + inherit (lib) mkOption types; + cfg = config.system.defaults.finder; +in { options = { @@ -96,5 +99,54 @@ with lib; ''; }; + system.defaults.finder.NewWindowTarget = mkOption { + type = types.nullOr (types.enum [ + "Computer" + "OS volume" + "Home" + "Desktop" + "Documents" + "Recents" + "iCloud Drive" + "Other" + ]); + apply = key: if key == null then null else { + "Computer" = "PfCm"; + "OS volume" = "PfVo"; + "Home" = "PfHm"; + "Desktop" = "PfDe"; + "Documents" = "PfDo"; + "Recents" = "PfAF"; + "iCloud Drive" = "PfID"; + "Other" = "PfLo"; + }.${key}; + default = null; + description = '' + Change the default folder shown in Finder windows. "Other" corresponds to the value of + NewWindowTargetPath. The default is unset ("Recents"). + ''; + }; + + system.defaults.finder.NewWindowTargetPath = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Sets the URI to open when NewWindowTarget is "Other". Spaces and similar characters must be + escaped. If the value is invalid, Finder will open your home directory. + Example: "file:///Users/foo/long%20cat%20pics". + The default is unset. + ''; + }; + }; + + config = { + assertions = [{ + assertion = cfg.NewWindowTargetPath != null -> cfg.NewWindowTarget == "PfLo"; + message = "`system.defaults.finder.NewWindowTarget` should be set to `Other` when `NewWindowTargetPath` is non-null."; + } + { + assertion = cfg.NewWindowTarget == "PfLo" -> cfg.NewWindowTargetPath != null; + message = "`system.defaults.finder.NewWindowTargetPath` should be non-null when `NewWindowTarget` is set to `Other`."; + }]; }; } -- cgit v1.2.3 From 21809c4261a421eb06b2d7b3ccd18ebadd921f96 Mon Sep 17 00:00:00 2001 From: April Schleck Date: Sun, 27 Oct 2024 23:37:08 -0700 Subject: Allow configuring the fn key action --- modules/module-list.nix | 1 + modules/system/defaults-write.nix | 3 +++ modules/system/defaults/hitoolbox.nix | 29 +++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 modules/system/defaults/hitoolbox.nix (limited to 'modules') diff --git a/modules/module-list.nix b/modules/module-list.nix index effdff7..5477fad 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -21,6 +21,7 @@ ./system/defaults/clock.nix ./system/defaults/dock.nix ./system/defaults/finder.nix + ./system/defaults/hitoolbox.nix ./system/defaults/screencapture.nix ./system/defaults/screensaver.nix ./system/defaults/alf.nix diff --git a/modules/system/defaults-write.nix b/modules/system/defaults-write.nix index e7f2c03..7af972d 100644 --- a/modules/system/defaults-write.nix +++ b/modules/system/defaults-write.nix @@ -23,6 +23,7 @@ let menuExtraClock = defaultsToList "com.apple.menuextra.clock" cfg.menuExtraClock; dock = defaultsToList "com.apple.dock" cfg.dock; finder = defaultsToList "com.apple.finder" cfg.finder; + hitoolbox = defaultsToList "com.apple.HIToolbox" cfg.hitoolbox; magicmouse = defaultsToList "com.apple.AppleMultitouchMouse" cfg.magicmouse; magicmouseBluetooth = defaultsToList "com.apple.driver.AppleMultitouchMouse.mouse" cfg.magicmouse; screencapture = defaultsToList "com.apple.screencapture" cfg.screencapture; @@ -76,6 +77,7 @@ in menuExtraClock dock finder + hitoolbox magicmouse magicmouseBluetooth screencapture @@ -99,6 +101,7 @@ in ${concatStringsSep "\n" menuExtraClock} ${concatStringsSep "\n" dock} ${concatStringsSep "\n" finder} + ${concatStringsSep "\n" hitoolbox} ${concatStringsSep "\n" magicmouse} ${concatStringsSep "\n" magicmouseBluetooth} ${concatStringsSep "\n" screencapture} diff --git a/modules/system/defaults/hitoolbox.nix b/modules/system/defaults/hitoolbox.nix new file mode 100644 index 0000000..c2e336b --- /dev/null +++ b/modules/system/defaults/hitoolbox.nix @@ -0,0 +1,29 @@ +{ lib, ... }: + +{ + options = { + + system.defaults.hitoolbox.AppleFnUsageType = lib.mkOption { + type = lib.types.nullOr (lib.types.enum [ + "Do Nothing" + "Change Input Source" + "Show Emoji & Symbols" + "Start Dictation" + ]); + apply = key: if key == null then null else { + "Do Nothing" = 0; + "Change Input Source" = 1; + "Show Emoji & Symbols" = 2; + "Start Dictation" = 3; + }.${key}; + default = null; + description = '' + Chooses what happens when you press the Fn key on the keyboard. A restart is required for + this setting to take effect. + + The default is unset ("Show Emoji & Symbols"). + ''; + }; + + }; +} -- cgit v1.2.3 From 6ff3a49ceb1c98e96452542a6feadacc477eedff Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Tue, 5 Nov 2024 11:11:14 +1000 Subject: time: shellcheck fix https://www.shellcheck.net/wiki/SC2143 --- modules/time/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/time/default.nix b/modules/time/default.nix index 28724a5..01c4703 100644 --- a/modules/time/default.nix +++ b/modules/time/default.nix @@ -7,7 +7,7 @@ let cfg = config.time; timeZone = optionalString (cfg.timeZone != null) '' - if [ -z $(systemsetup -listtimezones | grep "^ ${cfg.timeZone}$") ]; then + if ! systemsetup -listtimezones | grep -q "^ ${cfg.timeZone}$"; then echo "${cfg.timeZone} is not a valid timezone. The command 'listtimezones' will show a list of valid time zones." >&2 false fi -- cgit v1.2.3 From 84d14d404325380ec180f580332e8e85df232d06 Mon Sep 17 00:00:00 2001 From: Emily Date: Tue, 5 Nov 2024 02:59:00 +0000 Subject: prometheus-node-exporter: fix log permissions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The daemon won’t start as the assigned user doesn’t have permissions to create the log file. --- modules/services/monitoring/prometheus-node-exporter.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/services/monitoring/prometheus-node-exporter.nix b/modules/services/monitoring/prometheus-node-exporter.nix index 752dc0f..7f58055 100644 --- a/modules/services/monitoring/prometheus-node-exporter.nix +++ b/modules/services/monitoring/prometheus-node-exporter.nix @@ -81,7 +81,8 @@ in { users.users._prometheus-node-exporter = { uid = config.ids.uids._prometheus-node-exporter; gid = config.ids.gids._prometheus-node-exporter; - home = "/var/empty"; + home = "/var/lib/prometheus-node-exporter"; + createHome = true; shell = "/usr/bin/false"; description = "System user for the Prometheus Node exporter"; }; @@ -104,11 +105,14 @@ in { ++ (map (collector: "--collector.${collector}") cfg.enabledCollectors) ++ (map (collector: "--no-collector.${collector}") cfg.disabledCollectors) ) + escapeShellArgs cfg.extraFlags; - serviceConfig = { + serviceConfig = let + logPath = config.users.users._prometheus-node-exporter.home + + "/prometheus-node-exporter.log"; + in { KeepAlive = true; RunAtLoad = true; - StandardErrorPath = "/var/log/prometheus-node-exporter.log"; - StandardOutPath = "/var/log/prometheus-node-exporter.log"; + StandardErrorPath = logPath; + StandardOutPath = logPath; GroupName = "_prometheus-node-exporter"; UserName = "_prometheus-node-exporter"; }; -- cgit v1.2.3 From 897fc37c47d2592c475f8732f3f1a4fbc9f18f9e Mon Sep 17 00:00:00 2001 From: Trevor Opiyo Date: Tue, 5 Nov 2024 08:16:35 -0600 Subject: Update default.nix Co-authored-by: Michael Hoang --- modules/programs/zsh/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index d3b2f5c..6555bac 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -117,8 +117,11 @@ in config = mkIf cfg.enable { - warnings = mkIf (cfg.enableFastSyntaxHighlighting && cfg.enableSyntaxHighlighting) [ - "zsh-fast-syntax-highlighting and zsh-syntax-highlighting are mutually exclusive. Disable one of them." + assertions = [ + { + assertion = !(cfg.enableSyntaxHighlighting && cfg.enableFastSyntaxHighlighting); + message = "zsh-syntax-highlighting and zsh-fast-syntax-highlighting are mutually exclusive, please disable one of them."; + } ]; environment.systemPackages = [ # Include zsh package -- cgit v1.2.3 From 48e5c8de1a4575441b46cb174afebfa02732c0ff Mon Sep 17 00:00:00 2001 From: Trevor Opiyo Date: Wed, 6 Nov 2024 01:10:24 -0600 Subject: Update modules/programs/zsh/default.nix Changes added by Enzime Co-authored-by: Michael Hoang --- modules/programs/zsh/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index 6555bac..652ba58 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -108,11 +108,7 @@ in description = "Enable zsh-syntax-highlighting."; }; - programs.zsh.enableFastSyntaxHighlighting = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Enable zsh-fast-syntax-highlighting."; - }; + programs.zsh.enableFastSyntaxHighlighting = mkEnableOption "zsh-fast-syntax-highlighting"; }; config = mkIf cfg.enable { -- cgit v1.2.3 From dd48cbd7766baba246f0b2e2bd42baf67e0005d6 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 13:40:00 +1100 Subject: examples: fix evaluation --- modules/examples/hydra.nix | 2 ++ modules/examples/lnl.nix | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/examples/hydra.nix b/modules/examples/hydra.nix index 3160498..edbb029 100644 --- a/modules/examples/hydra.nix +++ b/modules/examples/hydra.nix @@ -53,4 +53,6 @@ in chown hydra:hydra ~hydra ~hydra/.ssh ~hydra/.ssh/authorized_keys echo "ok" ''; + + system.stateVersion = 5; } diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix index d944158..f264e1a 100644 --- a/modules/examples/lnl.nix +++ b/modules/examples/lnl.nix @@ -50,13 +50,11 @@ pkgs.gnupg pkgs.htop pkgs.jq - pkgs.mosh pkgs.ripgrep pkgs.shellcheck pkgs.vault pkgs.qes - pkgs.darwin-zsh-completions ]; services.yabai.enable = true; @@ -331,4 +329,6 @@ nix.configureBuildUsers = true; nix.nrBuildUsers = 32; + + system.stateVersion = 5; } -- cgit v1.2.3 From 569153467be5f438e4f932a09bfba79adcecf856 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 14:00:05 +1100 Subject: ofborg: automatically add `ofborg` to `known{Users,Groups}` --- modules/examples/ofborg.nix | 5 ----- modules/services/ofborg/default.nix | 10 ++++------ 2 files changed, 4 insertions(+), 11 deletions(-) (limited to 'modules') diff --git a/modules/examples/ofborg.nix b/modules/examples/ofborg.nix index 6cef6e7..ed928b7 100644 --- a/modules/examples/ofborg.nix +++ b/modules/examples/ofborg.nix @@ -18,11 +18,6 @@ with lib; nix.gc.automatic = true; nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))"; - # Manage user for ofborg, this enables creating/deleting users - # depending on what modules are enabled. - users.knownGroups = [ "ofborg" ]; - users.knownUsers = [ "ofborg" ]; - # Used for backwards compatibility, please read the changelog before changing. # $ darwin-rebuild changelog system.stateVersion = 5; diff --git a/modules/services/ofborg/default.nix b/modules/services/ofborg/default.nix index 4c35615..8959cc8 100644 --- a/modules/services/ofborg/default.nix +++ b/modules/services/ofborg/default.nix @@ -46,12 +46,6 @@ in }; config = mkIf cfg.enable { - - assertions = [ - { assertion = elem "ofborg" config.users.knownGroups; message = "set users.knownGroups to enable ofborg group"; } - { assertion = elem "ofborg" config.users.knownUsers; message = "set users.knownUsers to enable ofborg user"; } - ]; - warnings = mkIf (isDerivation cfg.configFile) [ "services.ofborg.configFile is a derivation, credentials will be world readable" ]; @@ -87,9 +81,13 @@ in users.users.ofborg.shell = "/bin/bash"; users.users.ofborg.description = "OfBorg service user"; + users.knownUsers = [ "ofborg" ]; + users.groups.ofborg.gid = mkDefault 531; users.groups.ofborg.description = "Nix group for OfBorg service"; + users.knownGroups = [ "ofborg" ]; + # FIXME: create logfiles automatically if defined. system.activationScripts.preActivation.text = '' mkdir -p '${user.home}' -- cgit v1.2.3 From c13549d7a632fc107bc8802463806fc2002c9c54 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 13:40:00 +1100 Subject: examples: drop `ofborg` example We decided to drop this example as the package is not available in Nixpkgs and we won't be able to import it easily and keep this example evaluating as a useful smoke test. The code in this example is already documented under `services.ofborg.*` so any interested users can still find out how to set up `ofborg`. --- modules/examples/ofborg.nix | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 modules/examples/ofborg.nix (limited to 'modules') diff --git a/modules/examples/ofborg.nix b/modules/examples/ofborg.nix deleted file mode 100644 index ed928b7..0000000 --- a/modules/examples/ofborg.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - # Logs are enabled by default. - # $ tail -f /var/log/ofborg.log - services.ofborg.enable = true; - # services.ofborg.configFile = "/var/lib/ofborg/config.json"; - - # $ nix-channel --add https://github.com/NixOS/ofborg/archive/released.tar.gz ofborg - # $ nix-channel --update - services.ofborg.package = (import {}).ofborg.rs; - - # Keep nix-daemon updated. - services.nix-daemon.enable = true; - - nix.gc.automatic = true; - nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))"; - - # Used for backwards compatibility, please read the changelog before changing. - # $ darwin-rebuild changelog - system.stateVersion = 5; -} -- cgit v1.2.3 From 2af06b086283be3ab3824a86f35f6301c95b372b Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 22:02:31 +1100 Subject: examples: clean up --- modules/examples/hydra.nix | 15 +++------------ modules/examples/lnl.nix | 9 +-------- 2 files changed, 4 insertions(+), 20 deletions(-) (limited to 'modules') diff --git a/modules/examples/hydra.nix b/modules/examples/hydra.nix index edbb029..eb1c5d9 100644 --- a/modules/examples/hydra.nix +++ b/modules/examples/hydra.nix @@ -1,25 +1,16 @@ { config, lib, pkgs, ... }: -with lib; - let - environment = concatStringsSep " " + environment = lib.concatStringsSep " " [ "NIX_REMOTE=daemon" "NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; in { - # Create /etc/bashrc that loads the nix-darwin environment. - programs.bash.enable = true; - programs.bash.completion.enable = false; - - # Recreate /run/current-system symlink after boot. - services.activate-system.enable = true; - services.nix-daemon.enable = true; - nix.settings.substituters = [ http://cache1 ]; + nix.settings.substituters = [ "http://cache1" ]; nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ]; nix.settings.trusted-users = [ "@admin" "@hydra" ]; @@ -31,7 +22,7 @@ in nix.gc.automatic = true; nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))"; - environment.etc."per-user/hydra/ssh/authorized_keys".text = concatStringsSep "\n" + environment.etc."per-user/hydra/ssh/authorized_keys".text = lib.concatStringsSep "\n" [ "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVsc0pHGsskoayziMhA2e59bHPWe0bbKgusmqhuJFBGQ1BAk9UmPzKCWE3nCiV6CLD1+SygVkBjb06DYtc+94BnzviCa9qZtL0G4+2vhp6x8OvXh8xlf/eWw3k5MWlvu+kjJFpbW8wHWTiUqzH+uEeHklAosT0lFNjiIYd/Vs3JAezhUR62a6c7ZjWOd5F7ALGEKzOiwC4i37kSgGsIWNCbe0Ku7gyr718zhMGeyxax6saHhnkSpIB+7d6oHhKeiJSFMWctNmz1/qxXUPbxNaJvqgdKlVHhN+B7x/TIbkVr5pTC59Okx9LTcpflFIv79VT+Gf1K7VypZpSvJjG0xFRt8iDs1+ssWFBfvpo94vUbZ+ZwMDcBGR5iJeO41Gj5fYn5aaDl32RXfJ9Fkwael1L6pcXtkIc66jk+KQQpgoeNj8Y3Emntpqva/2AM41wDDvr5tKp5KhEKFLM95CoiWq+g88pZLcpqLK7wooDVqNkVUEbMaj9lBN0AzU9mcsIRGvTa6CmWAdBvwqS2fRZD97Oarqct9AWgb0X6mOUq9BJNi4i4xvjgnVkylLwtLUnibR/PeXMtkb9bv6BEZXNf5ACqxSjKXJyaIHI65I5TILCr5eEgaujgvmkREn6U3T1NZAUIeVe9aVYLqehYh79OHUBzggoHqidRrXBB/6zdg9UgQ==" "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnubA1pRqlpoAXkZ1q5nwhqi1RY2z840wFLFDj7vAMSups9E2U8PNIVtuVYApZpkBWIpzD4GGbQTF5Itnu5uBpJswc2Yat9yGWO/guuVyXIaRoBIM0Pg1WBWcWsz+k4rNludu9UQ74FHqEiqZIuIuOcgV+RIZn8xQlGt2kUqN9TWboHhZz8Zhx7EtGSJH6MJRLn3mA/pPjOF6k1jiiFG1pVDuqBTZPANkelWYCWAJ46jCyhxXltWE/jkBYGc/XbB8yT7DFE1XC6TVsSEp68R9PhVG3yqxqY06sniEyduSoGt/TDr6ycERd93bvLElXFATes85YiFszeaUgayYSKwQPe0q7YeHMhIXL0UYJYaKVVgT9saFDiHDzde7kKe+NA+J4+TbIk7Y/Ywn0jepsYV13M7TyEqgqbu9fvVGF3JI9+4g0m1gAzHTa7n6iiAedtz+Pi79uCEpRD2hWSSoLWroyPlep8j1p2tygtFsrieePEukesoToCTwqg1Ejnjh+yKdtUbc6xpyRvl3hKeO8QbCpfaaVd27e4vE4lP2JMW6nOo8b0wlVXQIFe5K2zh52q1MSwhLAq6Kg8oPmgj0lru4IivmPc+/NVwd3Qj3E9ZB8LRfTesfbcxHrC8lF5dL/QpLMeLwebrwCxL19gI0kxmDIaUQuHSyP3B2z+EmBKcN/Xw==" ]; diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix index f264e1a..dccae07 100644 --- a/modules/examples/lnl.nix +++ b/modules/examples/lnl.nix @@ -1,10 +1,6 @@ { config, lib, inputs, pkgs, ... }: { - # imports = [ ~/.config/nixpkgs/darwin/local-configuration.nix ]; - - # system.patches = [ ./pam.patch ]; - system.defaults.NSGlobalDomain.AppleKeyboardUIMode = 3; system.defaults.NSGlobalDomain.ApplePressAndHoldEnabled = false; system.defaults.NSGlobalDomain.InitialKeyRepeat = 10; @@ -52,7 +48,6 @@ pkgs.jq pkgs.ripgrep pkgs.shellcheck - pkgs.vault pkgs.qes ]; @@ -94,7 +89,7 @@ ''; nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ]; - nix.settings.trusted-substituters = [ https://d3i7ezr9vxxsfy.cloudfront.net ]; + nix.settings.trusted-substituters = [ "https://d3i7ezr9vxxsfy.cloudfront.net" ]; nix.settings.sandbox = true; nix.settings.extra-sandbox-paths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ]; @@ -300,8 +295,6 @@ fi ''; - # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; - nixpkgs.config.allowUnfree = true; nixpkgs.overlays = [ -- cgit v1.2.3 From 3ea11449387edeac72fbd7791d106af7553be6e2 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 28 Oct 2024 11:11:56 +1100 Subject: system: run `shellcheck` on `activate` and `activate-user` scripts --- modules/system/default.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'modules') diff --git a/modules/system/default.nix b/modules/system/default.nix index 285936c..a1862fa 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -92,6 +92,8 @@ in name = "darwin-system-${cfg.darwinLabel}"; preferLocalBuild = true; + nativeBuildInputs = [ pkgs.shellcheck ]; + activationScript = cfg.activationScripts.script.text; activationUserScript = cfg.activationScripts.userScript.text; inherit (cfg) darwinLabel; @@ -133,6 +135,8 @@ in chmod u+x $out/activate-user unset activationUserScript + shellcheck $out/activate $out/activate-user + echo -n "$systemConfig" > $out/systemConfig echo -n "$darwinLabel" > $out/darwin-version -- cgit v1.2.3 From 9afef9950f28780ff24908496c36f27826a601cf Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 29 Oct 2024 00:09:37 +1100 Subject: checks: move manual `/run` instructions to activation --- modules/system/base.nix | 54 ++++++++++++++++++++++++++++++++++------------- modules/system/checks.nix | 24 ++++----------------- 2 files changed, 43 insertions(+), 35 deletions(-) (limited to 'modules') diff --git a/modules/system/base.nix b/modules/system/base.nix index 44a8d91..43c9d7f 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -2,22 +2,46 @@ { system.activationScripts.createRun.text = '' - if ! test -L /run; then - if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then + if [[ ! -L /run ]]; then + # This file doesn't exist by default on macOS and is only supported after 10.15 + # however every system with Nix installed should have this file otherwise `/nix` + # wouldn't exist. + if [[ -e /etc/synthetic.conf ]]; then + if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then echo "setting up /run via /etc/synthetic.conf..." - echo -e "run\tprivate/var/run" | sudo tee -a /etc/synthetic.conf >/dev/null - sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true - sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true - if ! test -L /run; then - echo "warning: apfs.util failed to symlink /run" - fi - fi - if ! test -L /run; then - echo "setting up /run..." - sudo ln -sfn private/var/run /run - fi - if ! test -L /run; then - echo "warning: failed to symlink /run" + printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf >/dev/null + fi + + # for Catalina (10.15) + sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true + # for Big Sur (11.0) + sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true + + if [[ ! -L /run ]]; then + printf >&2 'error: apfs.util failed to symlink /run, aborting activation\n' + printf >&2 'To create a symlink from /run to /var/run, please run:\n' + printf >&2 '\n' + printf >&2 "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf" + printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina\n' + printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later\n' >&2 + printf >&2 '\n' + printf >&2 'The current contents of /etc/synthetic.conf is:\n' + printf >&2 '\n' + sudo sed 's/^/ /' /etc/synthetic.conf >&2 + printf >&2 '\n' + exit 1 + fi + else + echo "setting up /run..." + sudo ln -sfn private/var/run /run + + if [[ ! -L /run ]]; then + printf >&2 'error: failed to symlink /run, aborting activation\n' + printf >&2 'To create a symlink from /run to /var/run, please run:\n' + printf >&2 '\n' + printf >&2 '$ sudo ln -sfn private/var/link /run\n' + exit 1 + fi fi fi ''; diff --git a/modules/system/checks.nix b/modules/system/checks.nix index 497cd9a..6d7ccc0 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -22,25 +22,9 @@ let ''; runLink = '' - if ! test -e /run; then - echo "error: Directory /run does not exist, aborting activation" >&2 - echo "Create a symlink to /var/run with:" >&2 - if test -e /etc/synthetic.conf; then - echo >&2 - echo "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf" >&2 - echo "$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina" >&2 - echo "$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later" >&2 - echo >&2 - echo "The current contents of /etc/synthetic.conf is:" >&2 - echo >&2 - sed 's/^/ /' /etc/synthetic.conf >&2 - echo >&2 - else - echo >&2 - echo "$ sudo ln -s private/var/run /run" >&2 - echo >&2 - fi - exit 2 + if [[ ! -e /run ]]; then + printf >&2 'error: directory /run does not exist, aborting activation\n' + exit 1 fi ''; @@ -59,7 +43,7 @@ let exit 2 fi ''; - + preSequoiaBuildUsers = '' ${lib.optionalString config.nix.configureBuildUsers '' # Don’t complain when we’re about to migrate old‐style build users… -- cgit v1.2.3 From 041996803af5497fb000e3f79621fa5bb6995057 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 29 Oct 2024 00:09:37 +1100 Subject: treewide: fix shellcheck warnings and errors --- modules/networking/default.nix | 1 + modules/system/checks.nix | 8 +++++--- modules/users/default.nix | 7 ++++++- 3 files changed, 12 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/networking/default.nix b/modules/networking/default.nix index b53a9e4..7a81ca1 100644 --- a/modules/networking/default.nix +++ b/modules/networking/default.nix @@ -118,6 +118,7 @@ in echo "configuring networking..." >&2 ${optionalString (cfg.computerName != null) '' + # shellcheck disable=SC1112 scutil --set ComputerName ${escapeShellArg cfg.computerName} ''} ${optionalString (cfg.hostName != null) '' diff --git a/modules/system/checks.nix b/modules/system/checks.nix index 6d7ccc0..ec6e3b5 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -88,7 +88,7 @@ let buildUsers = '' buildUser=$(dscl . -read /Groups/nixbld GroupMembership 2>&1 | awk '/^GroupMembership: / {print $2}') || true - if [ -z $buildUser ]; then + if [[ -z "$buildUser" ]]; then echo "error: Using the nix-daemon requires build users, aborting activation" >&2 echo "Create the build users or disable the daemon:" >&2 echo "$ darwin-install" >&2 @@ -104,7 +104,7 @@ let buildGroupID = '' buildGroupID=$(dscl . -read /Groups/nixbld PrimaryGroupID | awk '{print $2}') expectedBuildGroupID=${toString config.ids.gids.nixbld} - if [[ $buildGroupID != $expectedBuildGroupID ]]; then + if [[ $buildGroupID != "$expectedBuildGroupID" ]]; then printf >&2 '\e[1;31merror: Build user group has mismatching GID, aborting activation\e[0m\n' printf >&2 'The default Nix build user group ID was changed from 30000 to 350.\n' printf >&2 'You are currently managing Nix build users with nix-darwin, but your\n' @@ -114,6 +114,7 @@ let printf >&2 'Possible causes include setting up a new Nix installation with an\n' printf >&2 'existing nix-darwin configuration, setting up a new nix-darwin\n' printf >&2 'installation with an existing Nix installation, or manually increasing\n' + # shellcheck disable=SC2016 printf >&2 'your `system.stateVersion` setting.\n' printf >&2 '\n' printf >&2 'You can set the configured group ID to match the actual value:\n' @@ -266,6 +267,7 @@ let if [[ -d /etc/ssh/authorized_keys.d ]]; then printf >&2 '\e[1;31merror: /etc/ssh/authorized_keys.d exists, aborting activation\e[0m\n' printf >&2 'SECURITY NOTICE: The previous implementation of the\n' + # shellcheck disable=SC2016 printf >&2 '`users.users..openssh.authorizedKeys.*` options would not delete\n' printf >&2 'authorized keys files when the setting for a given user was removed.\n' printf >&2 '\n' @@ -334,7 +336,7 @@ in system.activationScripts.checks.text = '' ${cfg.text} - if test ''${checkActivation:-0} -eq 1; then + if [[ "''${checkActivation:-0}" -eq 1 ]]; then echo "ok" >&2 exit 0 fi diff --git a/modules/users/default.nix b/modules/users/default.nix index 6a1cd2e..d15deac 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -115,6 +115,7 @@ in if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then if [[ -n "$SSH_CONNECTION" ]]; then printf >&2 '\e[1;31merror: users cannot be %s over SSH without Full Disk Access, aborting activation\e[0m\n' "$2" + # shellcheck disable=SC2016 printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access over SSH.\n' "$1" "$2" printf >&2 'You can either:\n' printf >&2 '\n' @@ -122,6 +123,7 @@ in printf >&2 '\n' printf >&2 'or\n' printf >&2 '\n' + # shellcheck disable=SC2016 printf >&2 ' run `darwin-rebuild` in a graphical session.\n' printf >&2 '\n' printf >&2 'The option "Allow full disk access for remote users" can be found by\n' @@ -135,9 +137,11 @@ in if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then printf >&2 '\e[1;31merror: permission denied when trying to %s user %s, aborting activation\e[0m\n' "$2" "$1" - printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n' "$1" "$2" + # shellcheck disable=SC2016 + printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n' printf >&2 'please accept the dialog that pops up.\n' printf >&2 '\n' + # shellcheck disable=SC2016 printf >&2 'If you do not wish to be prompted every time `darwin-rebuild updates your users,\n' printf >&2 'you can grant Full Disk Access to your terminal emulator in System Settings.\n' printf >&2 '\n' @@ -187,6 +191,7 @@ in if [ "$u" -gt 501 ]; then # TODO: add `darwin.primaryUser` as well if [[ ${name} == "$USER" ]]; then + # shellcheck disable=SC2016 printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name} exit 1 elif [[ ${name} == "root" ]]; then -- cgit v1.2.3 From fd510a7122d49cc1cbd72b9e70b1ae6b3c76c990 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 19:26:56 +1100 Subject: system: replace `for f in $(ls ...)` with `for f in .../*` Fixes SC2045 but has one quirk which is if the bash glob doesn't match anything it'll treat it as a string and run the loop once with `f=.../*` so we need to check that `$f` actually exists. --- modules/system/launchd.nix | 41 ++++++++++++++++++++++++++++------------- modules/system/patches.nix | 15 +++++++++------ 2 files changed, 37 insertions(+), 19 deletions(-) (limited to 'modules') diff --git a/modules/system/launchd.nix b/modules/system/launchd.nix index cdb6549..c578dec 100644 --- a/modules/system/launchd.nix +++ b/modules/system/launchd.nix @@ -105,19 +105,29 @@ in ${concatMapStringsSep "\n" (attr: launchdActivation "LaunchAgents" attr.target) launchAgents} ${concatMapStringsSep "\n" (attr: launchdActivation "LaunchDaemons" attr.target) launchDaemons} - for f in $(ls /run/current-system/Library/LaunchAgents 2> /dev/null); do - if test ! -e "${cfg.build.launchd}/Library/LaunchAgents/$f"; then - echo "removing service $(basename $f .plist)" >&2 + for f in /run/current-system/Library/LaunchAgents/*; do + [[ -e "$f" ]] || break # handle when directory is empty + f=''${f#/run/current-system/Library/LaunchAgents/} + + if [[ ! -e "${cfg.build.launchd}/Library/LaunchAgents/$f" ]]; then + echo "removing service $(basename "$f" .plist)" >&2 launchctl unload "/Library/LaunchAgents/$f" || true - if test -e "/Library/LaunchAgents/$f"; then rm -f "/Library/LaunchAgents/$f"; fi + if [[ -e "/Library/LaunchAgents/$f" ]]; then + rm -f "/Library/LaunchAgents/$f" + fi fi done - for f in $(ls /run/current-system/Library/LaunchDaemons 2> /dev/null); do - if test ! -e "${cfg.build.launchd}/Library/LaunchDaemons/$f"; then - echo "removing service $(basename $f .plist)" >&2 + for f in /run/current-system/Library/LaunchDaemons/*; do + [[ -e "$f" ]] || break # handle when directory is empty + f=''${f#/run/current-system/Library/LaunchDaemons/} + + if [[ ! -e "${cfg.build.launchd}/Library/LaunchDaemons/$f" ]]; then + echo "removing service $(basename "$f" .plist)" >&2 launchctl unload "/Library/LaunchDaemons/$f" || true - if test -e "/Library/LaunchDaemons/$f"; then rm -f "/Library/LaunchDaemons/$f"; fi + if [[ -e "/Library/LaunchDaemons/$f" ]]; then + rm -f "/Library/LaunchDaemons/$f" + fi fi done ''; @@ -133,11 +143,16 @@ in ''} ${concatMapStringsSep "\n" (attr: userLaunchdActivation attr.target) userLaunchAgents} - for f in $(ls /run/current-system/user/Library/LaunchAgents 2> /dev/null); do - if test ! -e "${cfg.build.launchd}/user/Library/LaunchAgents/$f"; then - echo "removing user service $(basename $f .plist)" >&2 - launchctl unload ~/Library/LaunchAgents/$f || true - if test -e ~/Library/LaunchAgents/$f; then rm -f ~/Library/LaunchAgents/$f; fi + for f in /run/current-system/user/Library/LaunchAgents/*; do + [[ -e "$f" ]] || break # handle when directory is empty + f=''${f#/run/current-system/user/Library/LaunchAgents/} + + if [[ ! -e "${cfg.build.launchd}/user/Library/LaunchAgents/$f" ]]; then + echo "removing user service $(basename "$f" .plist)" >&2 + launchctl unload ~/Library/LaunchAgents/"$f" || true + if [[ -e ~/Library/LaunchAgents/"$f" ]]; then + rm -f ~/Library/LaunchAgents/"$f" + fi fi done ''; diff --git a/modules/system/patches.nix b/modules/system/patches.nix index 4f96501..7b19255 100644 --- a/modules/system/patches.nix +++ b/modules/system/patches.nix @@ -30,9 +30,9 @@ in Set of patches to apply to {file}`/`. ::: {.warning} - + This can modify everything so use with caution. - + ::: Useful for safely changing system files. Unlike the etc module this @@ -56,10 +56,13 @@ in # Applying patches to /. echo "applying patches..." >&2 - for f in $(ls /run/current-system/patches 2> /dev/null); do - if test ! -e "${config.system.build.patches}/patches/$f"; then - patch --force --reverse --backup -d / -p1 < "/run/current-system/patches/$f" || true - fi + for f in /run/current-system/patches/*; do + [[ -e "$f" ]] || break # handle when directory is empty + f=''${f#/run/current-system/patches/} + + if [[ ! -e "${config.system.build.patches}/patches/$f" ]]; then + patch --force --reverse --backup -d / -p1 < "/run/current-system/patches/$f" || true + fi done ${concatMapStringsSep "\n" (f: '' -- cgit v1.2.3 From 32814a6eb1de3b564ff43e5b6453637b1eb25721 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Fri, 1 Nov 2024 00:38:47 +1100 Subject: users: replace runtime check to prevent deleting `root` with assertion This fixes SC2050 as `${name} == "root"` will be generated as a constant expression. --- modules/users/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index d15deac..4044732 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -99,6 +99,10 @@ in assertion = cfg.users ? root -> (cfg.users.root.home == null || cfg.users.root.home == "/var/root"); message = "`users.users.root.home` must be set to either `null` or `/var/root`."; } + { + assertion = !builtins.elem "root" deletedUsers; + message = "Remove `root` from `users.knownUsers` if you no longer want nix-darwin to manage it."; + } ]; users.gids = mkMerge gids; @@ -194,9 +198,6 @@ in # shellcheck disable=SC2016 printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name} exit 1 - elif [[ ${name} == "root" ]]; then - printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n' - exit 1 fi ensurePerms ${name} delete -- cgit v1.2.3 From cf130aa9579fc1708ff4a265d2108eefa535e9b2 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 19:53:20 +1100 Subject: users: don't generate `ensurePerms` when no users to manage --- modules/users/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 4044732..434b1da 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -111,7 +111,7 @@ in # NOTE: We put this in `system.checks` as we want this to run first to avoid partial activations # however currently that runs at user level activation as that runs before system level activation # TODO: replace `$USER` with `$SUDO_USER` when system.checks runs from system level - system.checks.text = lib.mkAfter '' + system.checks.text = lib.mkIf (builtins.length (createdUsers ++ deletedUsers) > 0) (lib.mkAfter '' ensurePerms() { homeDirectory=$(dscl . -read /Users/nobody NFSHomeDirectory) homeDirectory=''${homeDirectory#NFSHomeDirectory: } @@ -157,7 +157,6 @@ in fi } - ${concatMapStringsSep "\n" (v: let name = lib.escapeShellArg v.name; dsclUser = lib.escapeShellArg "/Users/${v.name}"; @@ -204,7 +203,7 @@ in fi fi '') deletedUsers} - ''; + ''); system.activationScripts.groups.text = mkIf (cfg.knownGroups != []) '' echo "setting up groups..." >&2 -- cgit v1.2.3 From 3b738c765de1bb4ecc4993fa092b27dd46d495ed Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 20:30:48 +1100 Subject: github-runner: replace `mkdir -p -m` with `umask` `mkdir -p -m` only applies the mode on the deepest directory which could be a security issue so we use umask to be more careful. --- modules/services/github-runner/service.nix | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'modules') diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 175b22d..c273f43 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -48,14 +48,20 @@ in text = mkBefore ('' echo >&2 "setting up GitHub Runner '${cfg.name}'..." - ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkStateDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)} - - ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkLogDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)} - '' + optionalString (cfg.workDir == null) '' - ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkWorkDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} + ( + umask -S u=rwx,g=rx,o= + + ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkStateDir cfg)} + ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)} + + ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkLogDir cfg)} + ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)} + + ${optionalString (cfg.workDir == null) '' + ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkWorkDir cfg)} + ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} + ''} + ) ''); }; })); -- cgit v1.2.3 From 79608947e27163a2e74b1bec0812ce7a942cbdb8 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 20:30:48 +1100 Subject: buildkit-agents: don't use `mkdir -p -m` As `cfg.dataDir` will be the `home` of the Buildkite Agent user, it is guaranted to exist so we don't need to use the `-p` flag. --- modules/services/buildkite-agents.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/services/buildkite-agents.nix b/modules/services/buildkite-agents.nix index 4888247..69bc1f6 100644 --- a/modules/services/buildkite-agents.nix +++ b/modules/services/buildkite-agents.nix @@ -237,7 +237,7 @@ in tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags); in optionalString (cfg.privateSshKeyPath != null) '' - mkdir -m 0700 -p "${sshDir}" + mkdir -m 0700 "${sshDir}" install -m600 "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa" '' + '' cat > "${cfg.dataDir}/buildkite-agent.cfg" < Date: Mon, 4 Nov 2024 18:31:38 +0100 Subject: github-runner: Fix labels for different nixpkgs versions Changes to escapeShellArg introduced in https://github.com/NixOS/nixpkgs/pull/333744 made different versions of nixpkgs behave differently. If current nix-darwin is used with nixpkgs before that change, labels end up having labels quoted twice (see https://github.com/LnL7/nix-darwin/issues/1085), but without changes from https://github.com/LnL7/nix-darwin/pull/1055, with new nixpkgs, labels end up not quoted at all, and ShellCheck ends up complaining that commas might have been used as array item separator (see https://www.shellcheck.net/wiki/SC2054). Use the old version of escapeShellArg to always escape the list of labels and make nix-darwin work with both old and new versions of nixpkgs. Fixes https://github.com/LnL7/nix-darwin/issues/1085 --- modules/services/github-runner/service.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index c273f43..5d73633 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -94,6 +94,10 @@ in script = let + # https://github.com/NixOS/nixpkgs/pull/333744 introduced an inconsistency with different + # versions of nixpkgs. Use the old version of escapeShellArg to make sure that labels + # are always escaped to avoid https://www.shellcheck.net/wiki/SC2054 + escapeShellArgAlways = string: "'${replaceStrings ["'"] ["'\\''"] (toString string)}'"; configure = pkgs.writeShellApplication { name = "configure-github-runner-${name}"; text = /*bash*/'' @@ -104,7 +108,7 @@ in --disableupdate --work ${escapeShellArg workDir} --url ${escapeShellArg cfg.url} - --labels "${escapeShellArg (concatStringsSep "," cfg.extraLabels)}" + --labels ${escapeShellArgAlways (concatStringsSep "," cfg.extraLabels)} ${optionalString (cfg.name != null ) "--name ${escapeShellArg cfg.name}"} ${optionalString cfg.replace "--replace"} ${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"} -- cgit v1.2.3 From f0a1269297c8ca7f5aa287166c2a9cfb6e13917c Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Fri, 8 Nov 2024 12:02:34 +1100 Subject: nix: don't allow using `auto-optimise-store` as it can corrupt the store --- modules/nix/default.nix | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 6bce1e3..d99aae8 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -404,7 +404,7 @@ in { darwin-config = "${config.environment.darwinConfig}"; } "/nix/var/nix/profiles/per-user/root/channels" ]; - + defaultText = lib.literalExpression '' lib.optionals cfg.channel.enable [ # Include default path . @@ -527,8 +527,10 @@ in description = '' If set to true, Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy. - This saves disk space. If set to false (the default), you can still run - nix-store --optimise to get rid of duplicate files. + This saves disk space. If set to false (the default), you can enable + {option}`nix.optimise.automatic` to run {command}`nix-store --optimise` + periodically to get rid of duplicate files. You can also run + {command}`nix-store --optimise` manually. ''; }; @@ -761,6 +763,13 @@ in { assertion = elem "nixbld" config.users.knownGroups -> elem "nixbld" createdGroups; message = "refusing to delete group nixbld in users.knownGroups, this would break nix"; } { assertion = elem "_nixbld1" config.users.knownGroups -> elem "_nixbld1" createdUsers; message = "refusing to delete user _nixbld1 in users.knownUsers, this would break nix"; } { assertion = config.users.groups ? "nixbld" -> config.users.groups.nixbld.members != []; message = "refusing to remove all members from nixbld group, this would break nix"; } + + { + # Should be fixed in Lix by https://gerrit.lix.systems/c/lix/+/2100 + # As `isNixAtLeast "2.92.0" "2.92.0-devpre20241107" == false`, we need to explicitly check if the user is running Lix 2.92.0 + assertion = cfg.settings.auto-optimise-store -> (cfg.package.pname == "lix" && (isNixAtLeast "2.92.0-devpre20241107" || cfg.package.version == "2.92.0")); + message = "`nix.settings.auto-optimise-store` is known to corrupt the Nix Store, please use `nix.optimise.automatic` instead."; + } ]; # Not in NixOS module -- cgit v1.2.3 From 5fbb7b7637307c89e52d7e73ed6c848353bda6a0 Mon Sep 17 00:00:00 2001 From: Sam <30577766+Samasaur1@users.noreply.github.com> Date: Thu, 7 Nov 2024 20:29:35 -0800 Subject: zsh: only run shell initialization in /etc/zshenv when RCs are enabled --- modules/programs/zsh/default.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'modules') diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index a9ffbd8..c6ec917 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -136,16 +136,18 @@ in if [ -n "''${__ETC_ZSHENV_SOURCED-}" ]; then return; fi __ETC_ZSHENV_SOURCED=1 - if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then - . ${config.system.build.setEnvironment} - fi + if [[ -o rcs ]]; then + if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then + . ${config.system.build.setEnvironment} + fi - # Tell zsh how to find installed completions - for p in ''${(z)NIX_PROFILES}; do - fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath) - done + # Tell zsh how to find installed completions + for p in ''${(z)NIX_PROFILES}; do + fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath) + done - ${cfg.shellInit} + ${cfg.shellInit} + fi # Read system-wide modifications. if test -f /etc/zshenv.local; then -- cgit v1.2.3 From 534ca06930039a616934b6d9dd8316e8df799622 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 9 Nov 2024 20:51:18 +1100 Subject: docs: use `nix-darwin` instead of `Darwin` --- modules/examples/flake/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/examples/flake/flake.nix b/modules/examples/flake/flake.nix index e6eaefc..bd733bd 100644 --- a/modules/examples/flake/flake.nix +++ b/modules/examples/flake/flake.nix @@ -1,5 +1,5 @@ { - description = "Example Darwin system flake"; + description = "Example nix-darwin system flake"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; -- cgit v1.2.3 From c2c88ae983c236839c24f547a0047310f8c69647 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 00:21:42 +1100 Subject: users: remove `lib.` --- modules/users/default.nix | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 434b1da..2adf813 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -1,8 +1,10 @@ { config, lib, pkgs, ... }: let - inherit (lib) concatStringsSep concatMapStringsSep elem filter filterAttrs - mapAttrs' mapAttrsToList mkIf mkMerge mkOption mkOrder optionalString types; + inherit (lib) concatStringsSep concatMapStringsSep elem escapeShellArg + escapeShellArgs filter filterAttrs mapAttrs' mapAttrsToList mkAfter + mkIf mkMerge mkOption mkOrder mkRemovedOptionModule optionals + optionalString types; cfg = config.users; @@ -42,7 +44,7 @@ in { imports = [ - (lib.mkRemovedOptionModule [ "users" "forceRecreate" ] "") + (mkRemovedOptionModule [ "users" "forceRecreate" ] "") ]; options = { @@ -111,7 +113,7 @@ in # NOTE: We put this in `system.checks` as we want this to run first to avoid partial activations # however currently that runs at user level activation as that runs before system level activation # TODO: replace `$USER` with `$SUDO_USER` when system.checks runs from system level - system.checks.text = lib.mkIf (builtins.length (createdUsers ++ deletedUsers) > 0) (lib.mkAfter '' + system.checks.text = mkIf (builtins.length (createdUsers ++ deletedUsers) > 0) (mkAfter '' ensurePerms() { homeDirectory=$(dscl . -read /Users/nobody NFSHomeDirectory) homeDirectory=''${homeDirectory#NFSHomeDirectory: } @@ -158,8 +160,8 @@ in } ${concatMapStringsSep "\n" (v: let - name = lib.escapeShellArg v.name; - dsclUser = lib.escapeShellArg "/Users/${v.name}"; + name = escapeShellArg v.name; + dsclUser = escapeShellArg "/Users/${v.name}"; in '' u=$(id -u ${name} 2> /dev/null) || true if ! [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then @@ -170,7 +172,7 @@ in else homeDirectory=$(dscl . -read ${dsclUser} NFSHomeDirectory) homeDirectory=''${homeDirectory#NFSHomeDirectory: } - if [[ ${lib.escapeShellArg v.home} != "$homeDirectory" ]]; then + if [[ ${escapeShellArg v.home} != "$homeDirectory" ]]; then printf >&2 '\e[1;31merror: config contains the wrong home directory for %s, aborting activation\e[0m\n' ${name} printf >&2 'nix-darwin does not support changing the home directory of existing users.\n' printf >&2 '\n' @@ -187,7 +189,7 @@ in '') createdUsers} ${concatMapStringsSep "\n" (v: let - name = lib.escapeShellArg v; + name = escapeShellArg v; in '' u=$(id -u ${name} 2> /dev/null) || true if [ -n "$u" ]; then @@ -209,14 +211,14 @@ in echo "setting up groups..." >&2 ${concatMapStringsSep "\n" (v: let - dsclGroup = lib.escapeShellArg "/Groups/${v.name}"; + dsclGroup = escapeShellArg "/Groups/${v.name}"; in '' g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true g=''${g#PrimaryGroupID: } if [ -z "$g" ]; then echo "creating group ${v.name}..." >&2 dscl . -create ${dsclGroup} PrimaryGroupID ${toString v.gid} - dscl . -create ${dsclGroup} RealName ${lib.escapeShellArg v.description} + dscl . -create ${dsclGroup} RealName ${escapeShellArg v.description} g=${toString v.gid} fi @@ -224,7 +226,7 @@ in g=$(dscl . -read ${dsclGroup} GroupMembership 2> /dev/null) || true if [ "$g" != 'GroupMembership: ${concatStringsSep " " v.members}' ]; then echo "updating group members ${v.name}..." >&2 - dscl . -create ${dsclGroup} GroupMembership ${lib.escapeShellArgs v.members} + dscl . -create ${dsclGroup} GroupMembership ${escapeShellArgs v.members} fi else echo "warning: existing group '${v.name}' has unexpected gid $g, skipping..." >&2 @@ -232,7 +234,7 @@ in '') createdGroups} ${concatMapStringsSep "\n" (name: let - dsclGroup = lib.escapeShellArg "/Groups/${name}"; + dsclGroup = escapeShellArg "/Groups/${name}"; in '' g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true g=''${g#PrimaryGroupID: } @@ -251,8 +253,8 @@ in echo "setting up users..." >&2 ${concatMapStringsSep "\n" (v: let - name = lib.escapeShellArg v.name; - dsclUser = lib.escapeShellArg "/Users/${v.name}"; + name = escapeShellArg v.name; + dsclUser = escapeShellArg "/Users/${v.name}"; in '' u=$(id -u ${name} 2> /dev/null) || true if [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then @@ -261,11 +263,11 @@ in if [ -z "$u" ]; then echo "creating user ${v.name}..." >&2 - sysadminctl -addUser ${lib.escapeShellArgs ([ + sysadminctl -addUser ${escapeShellArgs ([ v.name "-UID" v.uid "-GID" v.gid ] - ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) + ++ (optionals (v.description != null) [ "-fullName" v.description ]) ++ [ "-home" (if v.home != null then v.home else "/var/empty") ] ++ [ "-shell" (if v.shell != null then shellPath v.shell else "/usr/bin/false") ])} 2> /dev/null @@ -284,17 +286,17 @@ in # Update properties on known users to keep them inline with configuration dscl . -create ${dsclUser} PrimaryGroupID ${toString v.gid} - ${optionalString (v.description != null) "dscl . -create ${dsclUser} RealName ${lib.escapeShellArg v.description}"} - ${optionalString (v.shell != null) "dscl . -create ${dsclUser} UserShell ${lib.escapeShellArg (shellPath v.shell)}"} + ${optionalString (v.description != null) "dscl . -create ${dsclUser} RealName ${escapeShellArg v.description}"} + ${optionalString (v.shell != null) "dscl . -create ${dsclUser} UserShell ${escapeShellArg (shellPath v.shell)}"} fi '') createdUsers} ${concatMapStringsSep "\n" (name: '' - u=$(id -u ${lib.escapeShellArg name} 2> /dev/null) || true + u=$(id -u ${escapeShellArg name} 2> /dev/null) || true if [ -n "$u" ]; then if [ "$u" -gt 501 ]; then echo "deleting user ${name}..." >&2 - dscl . -delete ${lib.escapeShellArg "/Users/${name}"} + dscl . -delete ${escapeShellArg "/Users/${name}"} else echo "warning: existing user '${name}' has unexpected uid $u, skipping..." >&2 fi -- cgit v1.2.3 From 5eb88645f74396d4b80fdf736ddd63afbe8320d5 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 00:08:42 +1100 Subject: users: assert that `programs..enable = true;` for users' shells Backport of https://github.com/NixOS/nixpkgs/pull/211603 and https://github.com/NixOS/nixpkgs/commit/093f354a1777e462bd80398c4fc624c4d383dc68 --- modules/users/default.nix | 28 +++++++++++++++++++++++++--- modules/users/user.nix | 11 +++++++++++ 2 files changed, 36 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 2adf813..ade4ffb 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -2,8 +2,8 @@ let inherit (lib) concatStringsSep concatMapStringsSep elem escapeShellArg - escapeShellArgs filter filterAttrs mapAttrs' mapAttrsToList mkAfter - mkIf mkMerge mkOption mkOrder mkRemovedOptionModule optionals + escapeShellArgs filter filterAttrs flatten flip mapAttrs' mapAttrsToList + mkAfter mkIf mkMerge mkOption mkOrder mkRemovedOptionModule optionals optionalString types; cfg = config.users; @@ -105,7 +105,29 @@ in assertion = !builtins.elem "root" deletedUsers; message = "Remove `root` from `users.knownUsers` if you no longer want nix-darwin to manage it."; } - ]; + ] ++ flatten (flip mapAttrsToList cfg.users (name: user: + map (shell: { + assertion = let + s = user.shell.pname or null; + in + !user.ignoreShellProgramCheck -> (s == shell || (shell == "bash" && s == "bash-interactive")) -> (config.programs.${shell}.enable == true); + message = '' + users.users.${user.name}.shell is set to ${shell}, but + programs.${shell}.enable is not true. This will cause the ${shell} + shell to lack the basic Nix directories in its PATH and might make + logging in as that user impossible. You can fix it with: + programs.${shell}.enable = true; + + If you know what you're doing and you are fine with the behavior, + set users.users.${user.name}.ignoreShellProgramCheck = true; + instead. + ''; + }) [ + "bash" + "fish" + "zsh" + ] + )); users.gids = mkMerge gids; users.uids = mkMerge uids; diff --git a/modules/users/user.nix b/modules/users/user.nix index 9689e05..5256ac3 100644 --- a/modules/users/user.nix +++ b/modules/users/user.nix @@ -84,6 +84,17 @@ ''; }; + ignoreShellProgramCheck = mkOption { + type = types.bool; + default = false; + description = '' + By default, nix-darwin will check that programs.SHELL.enable is set to + true if the user has a custom shell specified. If that behavior isn't + required and there are custom overrides in place to make sure that the + shell is functional, set this to true. + ''; + }; + packages = mkOption { type = types.listOf types.package; default = []; -- cgit v1.2.3 From 8b27551e094666e6beb273c484392fa205bb0c97 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 00:08:42 +1100 Subject: users: warn users to use `pkgs.bashInteractive` instead of `pkgs.bash` --- modules/users/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index ade4ffb..574f5a4 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -129,6 +129,12 @@ in ] )); + warnings = flatten (flip mapAttrsToList cfg.users (name: user: + mkIf + (user.shell.pname or null == "bash") + "Set `users.users.${name}.shell = pkgs.bashInteractive;` instead of `pkgs.bash` as it does not include `readline`." + )); + users.gids = mkMerge gids; users.uids = mkMerge uids; -- cgit v1.2.3 From 2bacd8db310f479fab713829663d4b36913553cf Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 00:54:26 +1100 Subject: environment: fix `lowPrio` support in `environment.systemPackages` --- modules/environment/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/environment/default.nix b/modules/environment/default.nix index 994c77a..fc4db2a 100644 --- a/modules/environment/default.nix +++ b/modules/environment/default.nix @@ -197,6 +197,7 @@ in name = "system-path"; paths = cfg.systemPackages; postBuild = cfg.extraSetup; + ignoreCollisions = true; inherit (cfg) pathsToLink extraOutputsToInstall; }; -- cgit v1.2.3 From d71aa30b41bac3b2e38bd4b8f49e12811cd27ec1 Mon Sep 17 00:00:00 2001 From: Lucas Mendes Loureiro Date: Sun, 10 Nov 2024 23:12:44 +0000 Subject: feat(defaults): adding support to control center --- modules/module-list.nix | 1 + modules/system/defaults-write.nix | 3 + modules/system/defaults/controlcenter.nix | 100 ++++++++++++++++++++++++++++++ 3 files changed, 104 insertions(+) create mode 100644 modules/system/defaults/controlcenter.nix (limited to 'modules') diff --git a/modules/module-list.nix b/modules/module-list.nix index 3725c7e..aa190c7 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -14,6 +14,7 @@ ./system/activation-scripts.nix ./system/applications.nix ./system/defaults-write.nix + ./system/defaults/controlcenter.nix ./system/defaults/LaunchServices.nix ./system/defaults/NSGlobalDomain.nix ./system/defaults/GlobalPreferences.nix diff --git a/modules/system/defaults-write.nix b/modules/system/defaults-write.nix index 7af972d..4249af9 100644 --- a/modules/system/defaults-write.nix +++ b/modules/system/defaults-write.nix @@ -17,6 +17,7 @@ let SoftwareUpdate = defaultsToList "/Library/Preferences/com.apple.SoftwareUpdate" cfg.SoftwareUpdate; # userDefaults + controlcenter = defaultsToList "~/Library/Preferences/ByHost/com.apple.controlcenter" cfg.controlcenter; GlobalPreferences = defaultsToList ".GlobalPreferences" cfg.".GlobalPreferences"; LaunchServices = defaultsToList "com.apple.LaunchServices" cfg.LaunchServices; NSGlobalDomain = defaultsToList "-g" cfg.NSGlobalDomain; @@ -71,6 +72,7 @@ in system.activationScripts.userDefaults.text = mkIfAttrs [ + controlcenter GlobalPreferences LaunchServices NSGlobalDomain @@ -113,6 +115,7 @@ in ${concatStringsSep "\n" ActivityMonitor} ${concatStringsSep "\n" CustomUserPreferences} ${concatStringsSep "\n" WindowManager} + ${concatStringsSep "\n" controlcenter} ${optionalString (length dock > 0) '' # Only restart Dock if current user is logged in diff --git a/modules/system/defaults/controlcenter.nix b/modules/system/defaults/controlcenter.nix new file mode 100644 index 0000000..91532fa --- /dev/null +++ b/modules/system/defaults/controlcenter.nix @@ -0,0 +1,100 @@ +{ config, lib, ... }: + +{ + options = { + + system.defaults.controlcenter.BatteryShowPercentage = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + default = null; + description = '' + Apple menu > System Preferences > Control Center > Battery + + Show a battery percentage in menu bar. Default is null. + ''; + }; + + system.defaults.controlcenter.Sound = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + apply = v: if v == null then null else if v == true then 18 else 24; + default = null; + description = '' + Apple menu > System Preferences > Control Center > Sound + + Show a sound control in menu bar . Default is null. + + 18 = Display icon in menu bar + 24 = Hide icon in menu bar + ''; + }; + + system.defaults.controlcenter.Bluetooth = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + apply = v: if v == null then null else if v == true then 18 else 24; + default = null; + description = '' + Apple menu > System Preferences > Control Center > Bluetooth + + Show a bluetooth control in menu bar. Default is null. + + 18 = Display icon in menu bar + 24 = Hide icon in menu bar + ''; + }; + + system.defaults.controlcenter.AirDrop = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + apply = v: if v == null then null else if v == true then 18 else 24; + default = null; + description = '' + Apple menu > System Preferences > Control Center > AirDrop + + Show a AirDrop control in menu bar. Default is null. + + 18 = Display icon in menu bar + 24 = Hide icon in menu bar + ''; + }; + + system.defaults.controlcenter.Display = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + apply = v: if v == null then null else if v == true then 18 else 24; + default = null; + description = '' + Apple menu > System Preferences > Control Center > Display + + Show a Screen Brightness control in menu bar. Default is null. + + 18 = Display icon in menu bar + 24 = Hide icon in menu bar + ''; + }; + + system.defaults.controlcenter.FocusModes = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + apply = v: if v == null then null else if v == true then 18 else 24; + default = null; + description = '' + Apple menu > System Preferences > Control Center > Focus + + Show a Focus control in menu bar. Default is null. + + 18 = Display icon in menu bar + 24 = Hide icon in menu bar + ''; + }; + + system.defaults.controlcenter.NowPlaying = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + apply = v: if v == null then null else if v == true then 18 else 24; + default = null; + description = '' + Apple menu > System Preferences > Control Center > Now Playing + + Show a Now Playing control in menu bar. Default is null. + + 18 = Display icon in menu bar + 24 = Hide icon in menu bar + ''; + }; + }; +} -- cgit v1.2.3 From 32df51bf2b82dab724b845f4ad2d45bc1a0d0b9e Mon Sep 17 00:00:00 2001 From: Lucas Mendes Loureiro Date: Tue, 12 Nov 2024 01:24:22 +0000 Subject: fix(defaults): fixing #1107 --- modules/system/defaults-write.nix | 5 +-- modules/system/defaults/clock.nix | 8 +++++ modules/system/defaults/dock.nix | 8 +++++ modules/system/defaults/finder.nix | 57 ++++++++++++++++++++++++++++--- modules/system/defaults/screencapture.nix | 12 +++++++ 5 files changed, 84 insertions(+), 6 deletions(-) (limited to 'modules') diff --git a/modules/system/defaults-write.nix b/modules/system/defaults-write.nix index 4249af9..87b179b 100644 --- a/modules/system/defaults-write.nix +++ b/modules/system/defaults-write.nix @@ -17,7 +17,6 @@ let SoftwareUpdate = defaultsToList "/Library/Preferences/com.apple.SoftwareUpdate" cfg.SoftwareUpdate; # userDefaults - controlcenter = defaultsToList "~/Library/Preferences/ByHost/com.apple.controlcenter" cfg.controlcenter; GlobalPreferences = defaultsToList ".GlobalPreferences" cfg.".GlobalPreferences"; LaunchServices = defaultsToList "com.apple.LaunchServices" cfg.LaunchServices; NSGlobalDomain = defaultsToList "-g" cfg.NSGlobalDomain; @@ -35,9 +34,11 @@ let universalaccess = defaultsToList "com.apple.universalaccess" cfg.universalaccess; ActivityMonitor = defaultsToList "com.apple.ActivityMonitor" cfg.ActivityMonitor; WindowManager = defaultsToList "com.apple.WindowManager" cfg.WindowManager; + controlcenter = defaultsToList "~/Library/Preferences/ByHost/com.apple.controlcenter" cfg.controlcenter; CustomUserPreferences = flatten (mapAttrsToList (name: value: defaultsToList name value) cfg.CustomUserPreferences); CustomSystemPreferences = flatten (mapAttrsToList (name: value: defaultsToList name value) cfg.CustomSystemPreferences); + mkIfAttrs = list: mkIf (any (attrs: attrs != { }) list); in @@ -72,7 +73,6 @@ in system.activationScripts.userDefaults.text = mkIfAttrs [ - controlcenter GlobalPreferences LaunchServices NSGlobalDomain @@ -91,6 +91,7 @@ in ActivityMonitor CustomUserPreferences WindowManager + controlcenter ] '' # Set defaults diff --git a/modules/system/defaults/clock.nix b/modules/system/defaults/clock.nix index 3fae464..50eb517 100644 --- a/modules/system/defaults/clock.nix +++ b/modules/system/defaults/clock.nix @@ -5,6 +5,14 @@ with lib; { options = { + system.defaults.menuExtraClock.FlashDateSeparators = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + When enabled, the clock indicator (which by default is the colon) will flash on and off each second. Default is null. + ''; + }; + system.defaults.menuExtraClock.IsAnalog = mkOption { type = types.nullOr types.bool; default = null; diff --git a/modules/system/defaults/dock.nix b/modules/system/defaults/dock.nix index 5c4a470..2d5c161 100644 --- a/modules/system/defaults/dock.nix +++ b/modules/system/defaults/dock.nix @@ -149,6 +149,14 @@ in { else map (folder: { tile-data = { file-data = { _CFURLString = "file://" + folder; _CFURLStringType = 15; }; }; tile-type = if strings.hasInfix "." (last (splitString "/" folder)) then "file-tile" else "directory-tile"; }) value; }; + system.defaults.dock.scroll-to-open = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Scroll up on a Dock icon to show all Space's opened windows for an app, or open stack. The default is false. + ''; + }; + system.defaults.dock.show-process-indicators = mkOption { type = types.nullOr types.bool; default = null; diff --git a/modules/system/defaults/finder.nix b/modules/system/defaults/finder.nix index 51fff74..5004b2c 100644 --- a/modules/system/defaults/finder.nix +++ b/modules/system/defaults/finder.nix @@ -41,6 +41,15 @@ in ''; }; + system.defaults.finder.FXRemoveOldTrashItems = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Remove items in the trash after 30 days. + The default is false. + ''; + }; + system.defaults.finder.FXPreferredViewStyle = mkOption { type = types.nullOr types.str; default = null; @@ -55,7 +64,7 @@ in type = types.nullOr types.bool; default = null; description = '' - Whether to always show file extensions. The default is false. + Whether to always show file extensions. The default is false. ''; }; @@ -71,7 +80,39 @@ in type = types.nullOr types.bool; default = null; description = '' - Whether to allow quitting of the Finder. The default is false. + Whether to allow quitting of the Finder. The default is false. + ''; + }; + + system.defaults.finder.ShowExternalHardDrivesOnDesktop = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Whether to show external disks on desktop. The default is true. + ''; + }; + + system.defaults.finder.ShowHardDrivesOnDesktop = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Whether to show hard disks on desktop. The default is false. + ''; + }; + + system.defaults.finder.ShowMountedServersOnDesktop = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Whether to show connected servers on desktop. The default is false. + ''; + }; + + system.defaults.finder.ShowRemovableMediaOnDesktop = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Whether to show removable media (CDs, DVDs and iPods) on desktop. The default is true. ''; }; @@ -79,7 +120,7 @@ in type = types.nullOr types.bool; default = null; description = '' - Whether to show the full POSIX filepath in the window title. The default is false. + Whether to show the full POSIX filepath in the window title. The default is false. ''; }; @@ -91,11 +132,19 @@ in ''; }; + system.defaults.finder._FXSortFoldersFirstOnDesktop = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Keep folders on top when sorting by name on the desktop. The default is false. + ''; + }; + system.defaults.finder.FXEnableExtensionChangeWarning = mkOption { type = types.nullOr types.bool; default = null; description = '' - Whether to show warnings when change the file extension of files. The default is true. + Whether to show warnings when change the file extension of files. The default is true. ''; }; diff --git a/modules/system/defaults/screencapture.nix b/modules/system/defaults/screencapture.nix index b5efc22..80dcaab 100644 --- a/modules/system/defaults/screencapture.nix +++ b/modules/system/defaults/screencapture.nix @@ -29,6 +29,18 @@ with lib; ''; }; + system.defaults.screencapture.include-date = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Include date and time in screenshot filenames. The default is true. + Screenshot 2024-01-09 at 13.27.20.png would be an example for true. + + Screenshot.png + Screenshot 1.png would be an example for false. + ''; + }; + system.defaults.screencapture.show-thumbnail = mkOption { type = types.nullOr types.bool; default = null; -- cgit v1.2.3 From 67fbc7aa24cf0f4b5322b6f99fb3856bb9a1ab08 Mon Sep 17 00:00:00 2001 From: Ameya Shenoy Date: Fri, 31 May 2024 15:52:23 +0530 Subject: checks: add check to ensure Homebrew is installed Co-Authored-By: Michael Hoang --- modules/system/checks.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'modules') diff --git a/modules/system/checks.nix b/modules/system/checks.nix index ec6e3b5..ab6ea19 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -28,6 +28,7 @@ let fi ''; + oldBuildUsers = '' if dscl . -list /Users | grep -q '^nixbld'; then echo "error: Detected old style nixbld users, aborting activation" >&2 @@ -283,6 +284,19 @@ let exit 2 fi ''; + + homebrewInstalled = '' + if [[ ! -f ${escapeShellArg config.homebrew.brewPrefix}/brew ]]; then + echo "error: Using the homebrew module requires homebrew installed, aborting activation" >&2 + echo "Homebrew doesn't seem to be installed. Please install homebrew separately." >&2 + echo "You can install homebrew using the following command:" >&2 + echo >&2 + # shellcheck disable=SC2016 + echo ' /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' >&2 + echo >&2 + exit 2 + fi + ''; in { @@ -331,6 +345,7 @@ in nixInstaller (mkIf cfg.verifyNixPath nixPath) oldSshAuthorizedKeysDirectory + (mkIf config.homebrew.enable homebrewInstalled) ]; system.activationScripts.checks.text = '' -- cgit v1.2.3 From 9077d812d8d6ed57b7c805467bb1bab78575e75a Mon Sep 17 00:00:00 2001 From: Joey Territo Date: Wed, 21 Feb 2024 16:13:30 -0600 Subject: activate-user script: fix broken NIX_PATH if paths contain spaces --- modules/system/checks.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/checks.nix b/modules/system/checks.nix index ab6ea19..ef5f6d6 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -3,6 +3,9 @@ with lib; let + # Similar to lib.escapeShellArg but escapes "s instead of 's, to allow for parameter expansion in shells + escapeDoubleQuote = arg: ''"${replaceStrings ["\""] ["\"\\\"\""] (toString arg)}"''; + cfg = config.system.checks; darwinChanges = '' @@ -180,7 +183,7 @@ let ''; nixPath = '' - nixPath=${concatStringsSep ":" config.nix.nixPath}:$HOME/.nix-defexpr/channels + nixPath=${concatMapStringsSep ":" escapeDoubleQuote config.nix.nixPath}:$HOME/.nix-defexpr/channels darwinConfig=$(NIX_PATH=$nixPath nix-instantiate --find-file darwin-config) || true if ! test -e "$darwinConfig"; then -- cgit v1.2.3 From dae702993d18c608f07e9d320ccba816e9bce064 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Fri, 15 Nov 2024 14:03:43 +1100 Subject: activate-system: remove `enable` option Disabling this is not supported as `/run` gets cleared out on every reboot so it is necessary for ensuring that the `/run/current-system` symlink exists. --- modules/nix/default.nix | 1 - modules/services/activate-system/default.nix | 20 ++++---------------- 2 files changed, 4 insertions(+), 17 deletions(-) (limited to 'modules') diff --git a/modules/nix/default.nix b/modules/nix/default.nix index d99aae8..3751e8c 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -774,7 +774,6 @@ in # Not in NixOS module warnings = [ - (mkIf (!config.services.activate-system.enable && cfg.distributedBuilds) "services.activate-system is not enabled, a reboot could cause distributed builds to stop working.") (mkIf (!cfg.distributedBuilds && cfg.buildMachines != []) "nix.distributedBuilds is not enabled, build machines won't be configured.") ]; diff --git a/modules/services/activate-system/default.nix b/modules/services/activate-system/default.nix index c41d963..6a982fe 100644 --- a/modules/services/activate-system/default.nix +++ b/modules/services/activate-system/default.nix @@ -1,22 +1,11 @@ { config, lib, pkgs, ... }: -with lib; - -let - cfg = config.services.activate-system; -in - { - options = { - services.activate-system.enable = mkOption { - type = types.bool; - default = true; - description = "Whether to activate system at boot time."; - }; - }; - - config = mkIf cfg.enable { + imports = [ + (lib.mkRemovedOptionModule [ "services" "activate-system" "enable" ] "The `activate-system` service is now always enabled as it is necessary for a working `nix-darwin` setup.") + ]; + config = { launchd.daemons.activate-system = { script = '' set -e @@ -41,6 +30,5 @@ in serviceConfig.RunAtLoad = true; serviceConfig.KeepAlive.SuccessfulExit = false; }; - }; } -- cgit v1.2.3 From d2498644fd84360e46ad90de3029066ad441e15a Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 19:56:15 +1100 Subject: nix-daemon: remove `with lib;` --- modules/services/nix-daemon.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/services/nix-daemon.nix b/modules/services/nix-daemon.nix index 6718ac0..6f93131 100644 --- a/modules/services/nix-daemon.nix +++ b/modules/services/nix-daemon.nix @@ -1,9 +1,9 @@ -{ config, lib, pkgs, ... }: - -with lib; +{ config, lib, ... }: let cfg = config.services.nix-daemon; + + inherit (lib) mkDefault mkIf mkMerge mkOption types; in { -- cgit v1.2.3 From 698414e4091d919cc1b3af622f29bd594d3c21c3 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 19:56:15 +1100 Subject: nix-daemon: enable by default Single user installs have been unsupported by the official Nix installer since 2.4. --- modules/services/nix-daemon.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/services/nix-daemon.nix b/modules/services/nix-daemon.nix index 6f93131..ffc7e65 100644 --- a/modules/services/nix-daemon.nix +++ b/modules/services/nix-daemon.nix @@ -10,7 +10,7 @@ in options = { services.nix-daemon.enable = mkOption { type = types.bool; - default = false; + default = true; description = "Whether to enable the nix-daemon service."; }; -- cgit v1.2.3 From 5d1b7ac696c2c9cf4206d7fbd3ebe3daa3b9bbd2 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 22:48:25 +1100 Subject: treewide: remove mentions of `services.nix-daemon.enable = true;` --- modules/examples/flake/flake.nix | 1 - modules/examples/hydra.nix | 2 -- modules/examples/lnl.nix | 1 - modules/examples/simple.nix | 1 - 4 files changed, 5 deletions(-) (limited to 'modules') diff --git a/modules/examples/flake/flake.nix b/modules/examples/flake/flake.nix index bd733bd..d3967ef 100644 --- a/modules/examples/flake/flake.nix +++ b/modules/examples/flake/flake.nix @@ -17,7 +17,6 @@ ]; # Auto upgrade nix package and the daemon service. - services.nix-daemon.enable = true; # nix.package = pkgs.nix; # Necessary for using flakes on this system. diff --git a/modules/examples/hydra.nix b/modules/examples/hydra.nix index eb1c5d9..f87ed5d 100644 --- a/modules/examples/hydra.nix +++ b/modules/examples/hydra.nix @@ -8,8 +8,6 @@ let in { - services.nix-daemon.enable = true; - nix.settings.substituters = [ "http://cache1" ]; nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ]; diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix index dccae07..2204c2f 100644 --- a/modules/examples/lnl.nix +++ b/modules/examples/lnl.nix @@ -77,7 +77,6 @@ # serviceConfig.ProcessType = "Background"; # }; - services.nix-daemon.enable = true; # services.nix-daemon.enableSocketListener = true; nix.extraOptions = '' diff --git a/modules/examples/simple.nix b/modules/examples/simple.nix index 5baf009..c76ecda 100644 --- a/modules/examples/simple.nix +++ b/modules/examples/simple.nix @@ -12,7 +12,6 @@ # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; # Auto upgrade nix package and the daemon service. - # services.nix-daemon.enable = true; # nix.package = pkgs.nix; # Enable alternative shell support in nix-darwin. -- cgit v1.2.3 From 6d794390fa48afbe5d8b0020392f55bc1d800cb6 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 20:23:06 +1100 Subject: checks: check single user installs don't have the `nix-daemon` enabled Remove suggestion to set `nix.useDaemon` as it came without an explanation of how the `nix-daemon` would be unmanaged and would most likely lead to most users running an old version of Nix as the daemon. --- modules/system/checks.nix | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) (limited to 'modules') diff --git a/modules/system/checks.nix b/modules/system/checks.nix index ab6ea19..949a28e 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -129,18 +129,26 @@ let fi ''; - singleUser = '' - if grep -q 'build-users-group =' /etc/nix/nix.conf; then - echo "error: The daemon is not enabled but this is a multi-user install, aborting activation" >&2 - echo "Enable the nix-daemon service:" >&2 - echo >&2 - echo " services.nix-daemon.enable = true;" >&2 - echo >&2 - echo "or set" >&2 - echo >&2 - echo " nix.useDaemon = true;" >&2 - echo >&2 - exit 2 + nixDaemon = if config.nix.useDaemon then '' + if ! dscl . -read /Groups/nixbld PrimaryGroupID &> /dev/null; then + printf >&2 'error: The daemon should not be enabled for single-user installs, aborting activation\n' + printf >&2 'Disable the nix-daemon service:\n' + printf >&2 '\n' + printf >&2 ' services.nix-daemon.enable = false;\n' + printf >&2 '\n' + # shellcheck disable=SC2016 + printf >&2 'and remove `nix.useDaemon` from your configuration if it is present.\n' + printf >&2 '\n' + exit 2 + fi + '' else '' + if dscl . -read /Groups/nixbld PrimaryGroupID &> /dev/null; then + printf >&2 'error: The daemon should be enabled for multi-user installs, aborting activation\n' + printf >&2 'Enable the nix-daemon service:\n' + printf >&2 '\n' + printf >&2 ' services.nix-daemon.enable = true;\n' + printf >&2 '\n' + exit 2 fi ''; @@ -337,7 +345,7 @@ in (mkIf cfg.verifyBuildUsers buildUsers) (mkIf cfg.verifyBuildUsers preSequoiaBuildUsers) (mkIf config.nix.configureBuildUsers buildGroupID) - (mkIf (!config.nix.useDaemon) singleUser) + nixDaemon nixStore (mkIf (config.nix.gc.automatic && config.nix.gc.user == null) nixGarbageCollector) (mkIf (config.nix.optimise.automatic && config.nix.optimise.user == null) nixStoreOptimiser) -- cgit v1.2.3 From 7918e24e5b999e36c923573e9d6ac183b0c00f38 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 22:30:42 +1100 Subject: treewide: remove `nix.package` example --- modules/examples/flake/flake.nix | 3 --- modules/examples/simple.nix | 3 --- 2 files changed, 6 deletions(-) (limited to 'modules') diff --git a/modules/examples/flake/flake.nix b/modules/examples/flake/flake.nix index d3967ef..dbcc420 100644 --- a/modules/examples/flake/flake.nix +++ b/modules/examples/flake/flake.nix @@ -16,9 +16,6 @@ [ pkgs.vim ]; - # Auto upgrade nix package and the daemon service. - # nix.package = pkgs.nix; - # Necessary for using flakes on this system. nix.settings.experimental-features = "nix-command flakes"; diff --git a/modules/examples/simple.nix b/modules/examples/simple.nix index c76ecda..8d769a2 100644 --- a/modules/examples/simple.nix +++ b/modules/examples/simple.nix @@ -11,9 +11,6 @@ # $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; - # Auto upgrade nix package and the daemon service. - # nix.package = pkgs.nix; - # Enable alternative shell support in nix-darwin. # programs.fish.enable = true; -- cgit v1.2.3 From 6d20de4ed606846230f766cc059bf01b47b8e2d4 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 22:32:55 +1100 Subject: nix: remove outdated note requiring managed daemon for distributedBuilds For Nix 1, some environment variables were set when using distributed builds requiring the Nix daemon to be managed by nix-darwin. However, support for Nix 1 has been removed and no other environment variables for Nix are set by default. --- modules/nix/default.nix | 3 --- 1 file changed, 3 deletions(-) (limited to 'modules') diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 3751e8c..09e6e50 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -191,9 +191,6 @@ in description = '' Whether to distribute builds to the machines listed in {option}`nix.buildMachines`. - - NOTE: This requires services.nix-daemon.enable for a - multi-user install. ''; }; -- cgit v1.2.3 From fece297d640dcbf9aa9f1829caa5f50d47996f2c Mon Sep 17 00:00:00 2001 From: isabel Date: Sun, 17 Nov 2024 14:20:32 +0000 Subject: fix: allow users to disable the homebrew check --- modules/system/checks.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/checks.nix b/modules/system/checks.nix index f3f1e6d..796e7e4 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -297,7 +297,7 @@ let ''; homebrewInstalled = '' - if [[ ! -f ${escapeShellArg config.homebrew.brewPrefix}/brew ]]; then + if [[ ! -f ${escapeShellArg config.homebrew.brewPrefix}/brew && -z "''${INSTALLING_HOMEBREW:-}" ]]; then echo "error: Using the homebrew module requires homebrew installed, aborting activation" >&2 echo "Homebrew doesn't seem to be installed. Please install homebrew separately." >&2 echo "You can install homebrew using the following command:" >&2 -- cgit v1.2.3 From 57c144515a59efde1dd59078e280a82b32626311 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 17 Nov 2024 03:12:30 +1100 Subject: system: always add /run to /etc/synthetic.conf on macOS 10.15 onwards Currently if nix-darwin is uninstalled then reinstalled without rebooting, then the `/run` symlink will still remain and nix-darwin won't readd `run` to `/etc/synthetic.conf` meaning the system will be broken on next reboot. --- modules/system/base.nix | 73 +++++++++++++++++++++++++------------------------ 1 file changed, 38 insertions(+), 35 deletions(-) (limited to 'modules') diff --git a/modules/system/base.nix b/modules/system/base.nix index 43c9d7f..f20e2b6 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -2,46 +2,49 @@ { system.activationScripts.createRun.text = '' - if [[ ! -L /run ]]; then - # This file doesn't exist by default on macOS and is only supported after 10.15 - # however every system with Nix installed should have this file otherwise `/nix` - # wouldn't exist. - if [[ -e /etc/synthetic.conf ]]; then - if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then - echo "setting up /run via /etc/synthetic.conf..." - printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf >/dev/null - fi + IFS="." read -r -a macOSVersion <<< "$(sw_vers -productVersion)" - # for Catalina (10.15) - sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true - # for Big Sur (11.0) - sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true + if [[ ''${macOSVersion[0]} -gt 10 || ( ''${macOSVersion[0]} -eq 10 && ''${macOSVersion[1]} -ge 15 ) ]]; then + if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then + echo "setting up /run via /etc/synthetic.conf..." + printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf >/dev/null + fi - if [[ ! -L /run ]]; then - printf >&2 'error: apfs.util failed to symlink /run, aborting activation\n' - printf >&2 'To create a symlink from /run to /var/run, please run:\n' - printf >&2 '\n' - printf >&2 "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf" - printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina\n' - printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later\n' >&2 - printf >&2 '\n' - printf >&2 'The current contents of /etc/synthetic.conf is:\n' - printf >&2 '\n' - sudo sed 's/^/ /' /etc/synthetic.conf >&2 - printf >&2 '\n' - exit 1 - fi + if [[ ''${macOSVersion[0]} -gt 10 ]]; then + sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t || true else - echo "setting up /run..." - sudo ln -sfn private/var/run /run + sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B || true + fi - if [[ ! -L /run ]]; then - printf >&2 'error: failed to symlink /run, aborting activation\n' - printf >&2 'To create a symlink from /run to /var/run, please run:\n' - printf >&2 '\n' - printf >&2 '$ sudo ln -sfn private/var/link /run\n' - exit 1 + if [[ ! -L /run ]]; then + printf >&2 'error: apfs.util failed to symlink /run, aborting activation\n' + printf >&2 'To create a symlink from /run to /var/run, please run:\n' + printf >&2 '\n' + printf >&2 "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf" + + if [[ ''${macOSVersion[0]} -gt 10 ]]; then + printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t\n' + else + printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B\n' fi + + printf >&2 '\n' + printf >&2 'The current contents of /etc/synthetic.conf is:\n' + printf >&2 '\n' + sudo sed 's/^/ /' /etc/synthetic.conf >&2 + printf >&2 '\n' + exit 1 + fi + else + echo "setting up /run..." + sudo ln -sfn private/var/run /run + + if [[ ! -L /run ]]; then + printf >&2 'error: failed to symlink /run, aborting activation\n' + printf >&2 'To create a symlink from /run to /var/run, please run:\n' + printf >&2 '\n' + printf >&2 '$ sudo ln -sfn private/var/link /run\n' + exit 1 fi fi ''; -- cgit v1.2.3 From 9a1bea70d5728a19ee0a090dc0bcdeb73f09b7a4 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 17 Nov 2024 02:33:37 +1100 Subject: installer: move creating default configuration to README --- modules/examples/simple.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/examples/simple.nix b/modules/examples/simple.nix index 8d769a2..5771ec6 100644 --- a/modules/examples/simple.nix +++ b/modules/examples/simple.nix @@ -7,9 +7,8 @@ [ pkgs.vim ]; - # Use a custom configuration.nix location. - # $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix - # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; + # Use custom location for configuration.nix. + environment.darwinConfig = "$HOME/.config/nix-darwin/configuration.nix"; # Enable alternative shell support in nix-darwin. # programs.fish.enable = true; -- cgit v1.2.3 From a4d4d12e3885f9fea3100c73d024664ea9572f94 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 17 Nov 2024 13:11:30 +1100 Subject: examples: change default architecture to `aarch64-darwin` --- modules/examples/flake/flake.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/examples/flake/flake.nix b/modules/examples/flake/flake.nix index dbcc420..4520b8f 100644 --- a/modules/examples/flake/flake.nix +++ b/modules/examples/flake/flake.nix @@ -30,7 +30,7 @@ system.stateVersion = 5; # The platform the configuration will be used on. - nixpkgs.hostPlatform = "x86_64-darwin"; + nixpkgs.hostPlatform = "aarch64-darwin"; }; in { @@ -39,8 +39,5 @@ darwinConfigurations."simple" = nix-darwin.lib.darwinSystem { modules = [ configuration ]; }; - - # Expose the package set, including overlays, for convenience. - darwinPackages = self.darwinConfigurations."simple".pkgs; }; } -- cgit v1.2.3 From caa23e878f7f6fecb978bb91c1d208bf94a62c43 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Fri, 22 Nov 2024 11:18:17 +1100 Subject: github-runner: make `umask` quiet --- modules/services/github-runner/service.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 5d73633..21d908e 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -49,7 +49,7 @@ in echo >&2 "setting up GitHub Runner '${cfg.name}'..." ( - umask -S u=rwx,g=rx,o= + umask -S u=rwx,g=rx,o= > /dev/null ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkStateDir cfg)} ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)} -- cgit v1.2.3 From 25e0b6064eed7a4ffeca7bacbba9dcca6fa8cc86 Mon Sep 17 00:00:00 2001 From: Aiden Scandella Date: Mon, 25 Nov 2024 16:10:39 -0800 Subject: system: fix detection and ownership of /etc/synthetic.conf This file is owned by root and mode 600 on my system, so the grep is failing and it's adding a new entry every run. ```sh -rw------- 1 root wheel 664 Nov 25 15:52 /etc/synthetic.conf ``` --- modules/system/base.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'modules') diff --git a/modules/system/base.nix b/modules/system/base.nix index f20e2b6..2374855 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -5,6 +5,16 @@ IFS="." read -r -a macOSVersion <<< "$(sw_vers -productVersion)" if [[ ''${macOSVersion[0]} -gt 10 || ( ''${macOSVersion[0]} -eq 10 && ''${macOSVersion[1]} -ge 15 ) ]]; then + if [[ $(stat -c '%a' /etc/synthetic.conf) != "644" ]]; then + echo "fixing permissions on /etc/synthetic.conf..." + sudo chmod 644 /etc/synthetic.conf + fi + + if [[ $(grep -c '^run\b' /etc/synthetic.conf) -gt 1 ]]; then + echo "found duplicate run entries in /etc/synthetic.conf, removing..." + sudo sed -i "" -e '/^run\tprivate\/var\/run$/d' /etc/synthetic.conf + fi + if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then echo "setting up /run via /etc/synthetic.conf..." printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf >/dev/null -- cgit v1.2.3 From 70957ab0c6a37fe72d21e1a2c273189a05c3670c Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 28 Nov 2024 14:14:25 +1100 Subject: linux-builder: default `maxJobs` to amount of cores for Linux builder --- modules/nix/linux-builder.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/nix/linux-builder.nix b/modules/nix/linux-builder.nix index 2bcb62e..ae39547 100644 --- a/modules/nix/linux-builder.nix +++ b/modules/nix/linux-builder.nix @@ -61,9 +61,16 @@ in maxJobs = mkOption { type = types.ints.positive; - default = 1; - example = 4; + default = cfg.package.nixosConfig.virtualisation.cores; + defaultText = '' + The `virtualisation.cores` of the build machine's final NixOS configuration. + ''; + example = 2; description = '' + Instead of setting this directly, you should set + {option}`nix.linux-builder.config.virtualisation.cores` to configure + the amount of cores the Linux builder should have. + The number of concurrent jobs the Linux builder machine supports. The build machine will enforce its own limits, but this allows hydra to schedule better since there is no work-stealing between build -- cgit v1.2.3 From 09e5dfb67ee27355d78d35a4f4ab747c230cb9b8 Mon Sep 17 00:00:00 2001 From: Beta-Computer <67995456+Beta-Computer@users.noreply.github.com> Date: Thu, 14 Nov 2024 10:44:14 +1300 Subject: defaults: add `EnableTiledWindowMargins` option Co-authored-by: Michael Hoang --- modules/system/defaults/WindowManager.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'modules') diff --git a/modules/system/defaults/WindowManager.nix b/modules/system/defaults/WindowManager.nix index 38fbaa3..6a62ebc 100644 --- a/modules/system/defaults/WindowManager.nix +++ b/modules/system/defaults/WindowManager.nix @@ -56,6 +56,13 @@ with lib; Hide items in Stage Manager. ''; }; + system.defaults.WindowManager.EnableTiledWindowMargins = mkOption { + type = types.nullOr types.bool; + default = null; + description = '' + Enable Window Margins. The default is true. + ''; + }; system.defaults.WindowManager.StandardHideWidgets = mkOption { type = types.nullOr types.bool; -- cgit v1.2.3 From 567bae1e17fdd10eccc9d5c6ec20e3d98d498de7 Mon Sep 17 00:00:00 2001 From: Austin Horstman Date: Thu, 21 Nov 2024 21:40:11 -0600 Subject: defaults: expose-group-by-app -> expose-group-apps Default was renamed in previous macOS release. --- modules/system/defaults-write.nix | 5 ++++- modules/system/defaults/dock.nix | 9 ++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/system/defaults-write.nix b/modules/system/defaults-write.nix index 87b179b..2265721 100644 --- a/modules/system/defaults-write.nix +++ b/modules/system/defaults-write.nix @@ -9,6 +9,9 @@ let "defaults write ${domain} '${key}' $'${strings.escape [ "'" ] (generators.toPlist { } value)}'"; defaultsToList = domain: attrs: mapAttrsToList (writeDefault domain) (filterAttrs (n: v: v != null) attrs); + # Filter out options to not pass through + # dock has alias options that we need to ignore + dockFiltered = (builtins.removeAttrs cfg.dock ["expose-group-by-app"]); # defaults alf = defaultsToList "/Library/Preferences/com.apple.alf" cfg.alf; @@ -21,7 +24,7 @@ let LaunchServices = defaultsToList "com.apple.LaunchServices" cfg.LaunchServices; NSGlobalDomain = defaultsToList "-g" cfg.NSGlobalDomain; menuExtraClock = defaultsToList "com.apple.menuextra.clock" cfg.menuExtraClock; - dock = defaultsToList "com.apple.dock" cfg.dock; + dock = defaultsToList "com.apple.dock" dockFiltered; finder = defaultsToList "com.apple.finder" cfg.finder; hitoolbox = defaultsToList "com.apple.HIToolbox" cfg.hitoolbox; magicmouse = defaultsToList "com.apple.AppleMultitouchMouse" cfg.magicmouse; diff --git a/modules/system/defaults/dock.nix b/modules/system/defaults/dock.nix index 2d5c161..bba0afb 100644 --- a/modules/system/defaults/dock.nix +++ b/modules/system/defaults/dock.nix @@ -6,6 +6,10 @@ let # Should only be used with options that previously used floats defined as strings. inherit (config.lib.defaults.types) floatWithDeprecationError; in { + imports = [ + (mkRenamedOptionModule [ "system" "defaults" "dock" "expose-group-by-app" ] [ "system" "defaults" "dock" "expose-group-apps" ]) + ]; + options = { system.defaults.dock.appswitcher-all-displays = mkOption { @@ -67,11 +71,11 @@ in { ''; }; - system.defaults.dock.expose-group-by-app = mkOption { + system.defaults.dock.expose-group-apps = mkOption { type = types.nullOr types.bool; default = null; description = '' - Whether to group windows by application in Mission Control's Exposé. The default is true. + Whether to group windows by application in Mission Control's Exposé. The default is false. ''; }; @@ -220,7 +224,6 @@ in { Magnified icon size on hover. The default is 16. ''; }; - system.defaults.dock.wvous-tl-corner = mkOption { type = types.nullOr types.ints.positive; -- cgit v1.2.3 From 0f9576cedc9b23ec8b01302daae919bc6018c3ca Mon Sep 17 00:00:00 2001 From: Alex James Date: Tue, 3 Dec 2024 22:53:36 -0600 Subject: nix: fix Lix version detection in auto-optimise-store assertion --- modules/nix/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 09e6e50..41398fa 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -763,8 +763,8 @@ in { # Should be fixed in Lix by https://gerrit.lix.systems/c/lix/+/2100 - # As `isNixAtLeast "2.92.0" "2.92.0-devpre20241107" == false`, we need to explicitly check if the user is running Lix 2.92.0 - assertion = cfg.settings.auto-optimise-store -> (cfg.package.pname == "lix" && (isNixAtLeast "2.92.0-devpre20241107" || cfg.package.version == "2.92.0")); + # Lix 2.92.0 will set `VERSION_SUFFIX` to `""`; `lib.versionAtLeast "" "pre20241107"` will return `true`. + assertion = cfg.settings.auto-optimise-store -> (cfg.package.pname == "lix" && (isNixAtLeast "2.92.0" && versionAtLeast (strings.removePrefix "-" cfg.package.VERSION_SUFFIX) "pre20241107")); message = "`nix.settings.auto-optimise-store` is known to corrupt the Nix Store, please use `nix.optimise.automatic` instead."; } ]; -- cgit v1.2.3 From 9a5955601847c728ffb98e70b89a359390b24d28 Mon Sep 17 00:00:00 2001 From: z0al <12673605+z0al@users.noreply.github.com> Date: Wed, 4 Dec 2024 19:03:03 +0000 Subject: fix(aerospace): allow startup commands --- modules/services/aerospace/default.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/services/aerospace/default.nix b/modules/services/aerospace/default.nix index 50d47b3..531e7b2 100644 --- a/modules/services/aerospace/default.nix +++ b/modules/services/aerospace/default.nix @@ -36,7 +36,8 @@ in after-startup-command = lib.mkOption { type = listOf str; default = [ ]; - description = "Do not use AeroSpace to run commands after startup. (Managed by launchd instead)"; + description = "Add commands that run after AeroSpace startup"; + example = [ "layout tiles" ]; }; enable-normalization-flatten-containers = lib.mkOption { type = bool; @@ -142,10 +143,6 @@ in assertion = cfg.settings.after-login-command == [ ]; message = "AeroSpace will not run these commands as it does not start itself."; } - { - assertion = cfg.settings.after-startup-command == [ ]; - message = "AeroSpace will not run these commands as it does not start itself."; - } ]; environment.systemPackages = [ cfg.package ]; -- cgit v1.2.3 From d8255f09da39e603e710149dc87a5f3eaa4ff049 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 7 Dec 2024 12:53:16 +1100 Subject: github-runner: remove `with lib;` --- modules/services/github-runner/options.nix | 4 +++- modules/services/github-runner/service.nix | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/services/github-runner/options.nix b/modules/services/github-runner/options.nix index 8f98aa0..7508434 100644 --- a/modules/services/github-runner/options.nix +++ b/modules/services/github-runner/options.nix @@ -3,7 +3,9 @@ , ... }: -with lib; +let + inherit (lib) literalExpression mkOption mkPackageOption types; +in { options.services.github-runners = mkOption { description = '' diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 21d908e..7360a34 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -1,6 +1,10 @@ { config, lib, pkgs, ... }: -with lib; + let + inherit (lib) any attrValues boolToString concatStringsSep escapeShellArg + flatten flip getExe hasAttr hasPrefix mapAttrsToList mapAttrs' mkBefore + mkDefault mkIf mkMerge nameValuePair optionalAttrs optionalString replaceStrings; + mkSvcName = name: "github-runner-${name}"; mkStateDir = cfg: "/var/lib/github-runners/${cfg.name}"; mkLogDir = cfg: "/var/log/github-runners/${cfg.name}"; -- cgit v1.2.3 From 06e1d770687a832a13aa23f37cdebeadc3af89b8 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 7 Dec 2024 13:00:54 +1100 Subject: github-runner: use `lib.getExe{,'}` --- modules/services/github-runner/service.nix | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'modules') diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 7360a34..2c2411d 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -2,7 +2,7 @@ let inherit (lib) any attrValues boolToString concatStringsSep escapeShellArg - flatten flip getExe hasAttr hasPrefix mapAttrsToList mapAttrs' mkBefore + flatten flip getExe getExe' hasAttr hasPrefix mapAttrsToList mapAttrs' mkBefore mkDefault mkIf mkMerge nameValuePair optionalAttrs optionalString replaceStrings; mkSvcName = name: "github-runner-${name}"; @@ -55,15 +55,15 @@ in ( umask -S u=rwx,g=rx,o= > /dev/null - ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkStateDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)} + ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkStateDir cfg)} + ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkStateDir cfg)} - ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkLogDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)} + ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkLogDir cfg)} + ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkLogDir cfg)} ${optionalString (cfg.workDir == null) '' - ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkWorkDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} + ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkWorkDir cfg)} + ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} ''} ) ''); @@ -127,7 +127,7 @@ in else args+=(--token "$token") fi - ${package}/bin/config.sh "''${args[@]}" + ${getExe' package "config.sh"} "''${args[@]}" ''; }; in @@ -135,12 +135,12 @@ in echo "Configuring GitHub Actions Runner" # Always clean the working directory - ${pkgs.findutils}/bin/find ${escapeShellArg workDir} -mindepth 1 -delete + ${getExe pkgs.findutils} ${escapeShellArg workDir} -mindepth 1 -delete # Clean the $RUNNER_ROOT if we are in ephemeral mode if ${boolToString cfg.ephemeral}; then echo "Cleaning $RUNNER_ROOT" - ${pkgs.findutils}/bin/find "$RUNNER_ROOT" -mindepth 1 -delete + ${getExe pkgs.findutils} "$RUNNER_ROOT" -mindepth 1 -delete fi # If the `.runner` file does not exist, we assume the runner is not configured @@ -149,7 +149,7 @@ in fi # Start the service - ${package}/bin/Runner.Listener run --startuptype service + ${getExe' package "Runner.Listener"} run --startuptype service ''; serviceConfig = mkMerge [ -- cgit v1.2.3 From 22cde06f497b97cbab4186292f9fd82487bbfecc Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 7 Dec 2024 13:06:10 +1100 Subject: github-runner: fix service not starting --- modules/services/github-runner/service.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'modules') diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 2c2411d..029f863 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -59,6 +59,8 @@ in ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkStateDir cfg)} ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkLogDir cfg)} + # launchd will fail to start the service if the outer direction doesn't have sufficient permissions + ${getExe' pkgs.coreutils "chmod"} o+rx ${escapeShellArg (mkLogDir { name = ""; })} ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkLogDir cfg)} ${optionalString (cfg.workDir == null) '' -- cgit v1.2.3 From 8752b6ae3c0d6b44ca4ef28e50503f8efcec0096 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 7 Dec 2024 13:08:04 +1100 Subject: github-runner: add instructions for triggering a runner registration --- modules/services/github-runner/options.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules') diff --git a/modules/services/github-runner/options.nix b/modules/services/github-runner/options.nix index 7508434..5152cc4 100644 --- a/modules/services/github-runner/options.nix +++ b/modules/services/github-runner/options.nix @@ -90,6 +90,9 @@ in Changing this option or the `tokenFile`’s content triggers a new runner registration. + You can also manually trigger a new runner registration by deleting + {file}`/var/lib/github-runners//.runner` and restarting the service. + We suggest using the fine-grained PATs. A runner registration token is valid only for 1 hour after creation, so the next time the runner configuration changes this will give you hard-to-debug HTTP 404 errors in the configure step. -- cgit v1.2.3 From 2c86af2e996ac6abbf9e1711f36c28d33b328df6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 12 Aug 2024 10:26:41 +0200 Subject: programs.ssh: add extraConfig option Same interface as in NixOS. This is useful to apply configuration for remote builders. --- modules/programs/ssh/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'modules') diff --git a/modules/programs/ssh/default.nix b/modules/programs/ssh/default.nix index 51c7796..1e87732 100644 --- a/modules/programs/ssh/default.nix +++ b/modules/programs/ssh/default.nix @@ -114,6 +114,15 @@ in type = with types; attrsOf (submodule userOptions); }; + programs.ssh.extraConfig = lib.mkOption { + type = lib.types.lines; + default = ""; + description = '' + Extra configuration text loaded in {file}`ssh_config`. + See {manpage}`ssh_config(5)` for help. + ''; + }; + programs.ssh.knownHosts = mkOption { default = {}; type = types.attrsOf (types.submodule host); @@ -151,6 +160,7 @@ in + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile) )) + "\n"; }; + "ssh/ssh_config.d/100-nix-darwin.conf".text = config.programs.ssh.extraConfig; "ssh/sshd_config.d/101-authorized-keys.conf" = { text = '' # sshd doesn't like reading from symbolic links, so we cat -- cgit v1.2.3 From 016b1608eec6c54cfaece96b63ec9d1a6cd4672b Mon Sep 17 00:00:00 2001 From: gnammix <71704832+gnammix@users.noreply.github.com> Date: Fri, 27 Dec 2024 21:36:31 +0100 Subject: power: restartAfterPowerFailure option is carried out in activation script only if supported Minor documentation change --- modules/power/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/power/default.nix b/modules/power/default.nix index a99905f..e36a027 100644 --- a/modules/power/default.nix +++ b/modules/power/default.nix @@ -15,6 +15,8 @@ in default = null; description = '' Whether to restart the computer after a power failure. + + Option is not supported on all devices. ''; }; @@ -33,8 +35,10 @@ in echo "configuring power..." >&2 ${lib.optionalString (cfg.restartAfterPowerFailure != null) '' - systemsetup -setRestartPowerFailure \ - '${onOff cfg.restartAfterPowerFailure}' &> /dev/null + if ! systemsetup -getRestartPowerFailure | grep -q "Not supported"; then + systemsetup -setRestartPowerFailure \ + '${onOff cfg.restartAfterPowerFailure}' &> /dev/null + fi ''} ${lib.optionalString (cfg.restartAfterFreeze != null) '' -- cgit v1.2.3 From 2165857a24668cc3cb09c052eb0d518a1dfa6d3f Mon Sep 17 00:00:00 2001 From: "Adam C. Stephens" Date: Wed, 18 Dec 2024 09:44:07 -0500 Subject: fish: add package option --- modules/programs/fish.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/programs/fish.nix b/modules/programs/fish.nix index 4b76e02..65797cc 100644 --- a/modules/programs/fish.nix +++ b/modules/programs/fish.nix @@ -57,6 +57,8 @@ in type = types.bool; }; + package = lib.mkPackageOption pkgs "fish" { }; + useBabelfish = mkOption { type = types.bool; default = false; @@ -238,7 +240,7 @@ in ++ optional cfg.vendor.functions.enable "/share/fish/vendor_functions.d"; } - { systemPackages = [ pkgs.fish ]; } + { systemPackages = [ cfg.package ]; } ]; }; -- cgit v1.2.3 From daf9d9fe5d5a7a5ef25aa446582f8c656aab2b9b Mon Sep 17 00:00:00 2001 From: Xingquan Liu Date: Tue, 17 Dec 2024 23:03:57 +0800 Subject: fix(zsh): correct the path of zsh-fast-syntax-highlighting --- modules/programs/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index c6ec917..65689ba 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -204,7 +204,7 @@ in } ${optionalString cfg.enableFastSyntaxHighlighting - "source ${pkgs.zsh-fast-syntax-highlighting}/share/zsh-fast-syntax-highlighting/zsh-fast-syntax-highlighting.zsh" + "source ${pkgs.zsh-fast-syntax-highlighting}/share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh" } ${optionalString cfg.enableFzfCompletion "source ${fzfCompletion}"} -- cgit v1.2.3 From 25fb52710582c19ad811d1ac9a2fe9d8920c0a66 Mon Sep 17 00:00:00 2001 From: Filip Kania Date: Sat, 28 Dec 2024 23:30:47 +0100 Subject: feat: add screencapture.target option --- modules/system/defaults/screencapture.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'modules') diff --git a/modules/system/defaults/screencapture.nix b/modules/system/defaults/screencapture.nix index 80dcaab..795cd03 100644 --- a/modules/system/defaults/screencapture.nix +++ b/modules/system/defaults/screencapture.nix @@ -48,5 +48,20 @@ with lib; Show thumbnail after screencapture before writing to file. The default is true. ''; }; + + system.defaults.screencapture.target = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Target to which screencapture should save screenshot to. The default is "file". + Valid values include: + + * `file`: Saves as a file in location specified by `system.defaults.screencapture.location` + * `clipboard`: Saves screenshot to clipboard + * `preview`: Opens screenshot in Preview app + * `mail` + * `messages` + ''; + }; }; } -- cgit v1.2.3 From b8e184ebf271367cf1c93d942e71ae51d2a248cb Mon Sep 17 00:00:00 2001 From: Filip Kania Date: Sun, 29 Dec 2024 10:58:47 +0100 Subject: refactor: use enum as option type --- modules/system/defaults/screencapture.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/system/defaults/screencapture.nix b/modules/system/defaults/screencapture.nix index 795cd03..351ca5f 100644 --- a/modules/system/defaults/screencapture.nix +++ b/modules/system/defaults/screencapture.nix @@ -50,7 +50,7 @@ with lib; }; system.defaults.screencapture.target = mkOption { - type = types.nullOr types.str; + type = types.nullOr (types.enum [ "file" "clipboard" "preview" "mail" "messages" ]); default = null; description = '' Target to which screencapture should save screenshot to. The default is "file". -- cgit v1.2.3 From 62d8f5f289341497ea0fa21814e734cbea69a0a1 Mon Sep 17 00:00:00 2001 From: gnammix <71704832+gnammix@users.noreply.github.com> Date: Sun, 29 Dec 2024 12:13:54 +0100 Subject: power: move the check for restartPowerfailure support to checks.nix --- modules/power/default.nix | 6 ++---- modules/system/checks.nix | 10 ++++++++++ 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/power/default.nix b/modules/power/default.nix index e36a027..c3e4974 100644 --- a/modules/power/default.nix +++ b/modules/power/default.nix @@ -35,10 +35,8 @@ in echo "configuring power..." >&2 ${lib.optionalString (cfg.restartAfterPowerFailure != null) '' - if ! systemsetup -getRestartPowerFailure | grep -q "Not supported"; then - systemsetup -setRestartPowerFailure \ - '${onOff cfg.restartAfterPowerFailure}' &> /dev/null - fi + systemsetup -setRestartPowerFailure \ + '${onOff cfg.restartAfterPowerFailure}' &> /dev/null ''} ${lib.optionalString (cfg.restartAfterFreeze != null) '' diff --git a/modules/system/checks.nix b/modules/system/checks.nix index 796e7e4..e6ee1b3 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -308,6 +308,15 @@ let exit 2 fi ''; + + # some mac devices, notably notebook do not support restartAfterPowerFailure option + restartAfterPowerFailureIsSupported = '' + if sudo /usr/sbin/systemsetup -getRestartPowerFailure | grep -q "Not supported"; then + echo "error: Your system do not support the restartAfterPowerFailure feature" >&2 + echo "Please ensure that power.restartAfterPowerFailure is not set." >&2 + exit 2 + fi + ''; in { @@ -357,6 +366,7 @@ in (mkIf cfg.verifyNixPath nixPath) oldSshAuthorizedKeysDirectory (mkIf config.homebrew.enable homebrewInstalled) + (mkIf (config.power.restartAfterPowerFailure != null) restartAfterPowerFailureIsSupported) ]; system.activationScripts.checks.text = '' -- cgit v1.2.3 From aefd56bb562b26ae799e261b1ead27682bf0d8ff Mon Sep 17 00:00:00 2001 From: thuvasooriya Date: Mon, 2 Dec 2024 07:06:09 +0530 Subject: aerospace: add workspace-to-monitor-force-assignment option and fix on-window-detected type #1208 trying to fix #1142 testing requested changes adding workspace to monitor force assignment remove formatting tests pass proper tests undo formatting tests for on-window-detected and workspace-to-monitor-force-assignment testing submodules cleanup n if fiz checking final toml null field aerospace callback issue custom null filter for submodule list check for no presense of window-regex and if.workspace config check aerospace: add workspace-to-monitor-force-assignment option and fix on-window-detected type #1208 trying to fix #1142 testing requested changes adding workspace to monitor force assignment remove formatting tests pass proper tests undo formatting tests for on-window-detected and workspace-to-monitor-force-assignment testing submodules cleanup n if fiz checking final toml null field aerospace callback issue custom null filter for submodule list check for no presense of window-regex and if.workspace config check error formatting mishap space left small fix formatting mishaps --- modules/services/aerospace/default.nix | 105 ++++++++++++++++++++++++++++++++- 1 file changed, 102 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/services/aerospace/default.nix b/modules/services/aerospace/default.nix index 531e7b2..3080579 100644 --- a/modules/services/aerospace/default.nix +++ b/modules/services/aerospace/default.nix @@ -9,7 +9,31 @@ let cfg = config.services.aerospace; format = pkgs.formats.toml { }; - configFile = format.generate "aerospace.toml" cfg.settings; + filterAttrsRecursive = pred: set: + lib.listToAttrs ( + lib.concatMap ( + name: let + v = set.${name}; + in + if pred v + then [ + (lib.nameValuePair name ( + if lib.isAttrs v + then filterAttrsRecursive pred v + else if lib.isList v + then + (map (i: + if lib.isAttrs i + then filterAttrsRecursive pred i + else i) (lib.filter pred v)) + else v + )) + ] + else [] + ) (lib.attrNames set) + ); + filterNulls = filterAttrsRecursive (v: v != null); + configFile = format.generate "aerospace.toml" (filterNulls cfg.settings); in { @@ -72,9 +96,84 @@ in description = "Default orientation for the root container."; }; on-window-detected = lib.mkOption { - type = listOf str; + type = listOf (submodule { + options = { + "if" = lib.mkOption { + type = submodule { + options = { + app-id = lib.mkOption { + type = nullOr str; + default = null; + description = "The application ID to match (optional)."; + }; + workspace = lib.mkOption { + type = nullOr str; + default = null; + description = "The workspace name to match (optional)."; + }; + window-title-regex-substring = lib.mkOption { + type = nullOr str; + default = null; + description = "Substring to match in the window title (optional)."; + }; + app-name-regex-substring = lib.mkOption { + type = nullOr str; + default = null; + description = "Regex substring to match the app name (optional)."; + }; + during-aerospace-startup = lib.mkOption { + type = nullOr bool; + default = null; + description = "Whether to match during aerospace startup (optional)."; + }; + }; + }; + default = { }; + description = "Conditions for detecting a window."; + }; + check-further-callbacks = lib.mkOption { + type = nullOr bool; + default = null; + description = "Whether to check further callbacks after this rule (optional)."; + }; + run = lib.mkOption { + type = oneOf [str (listOf str)]; + example = ["move-node-to-workspace m" "resize-node"]; + description = "Commands to execute when the conditions match (required)."; + }; + }; + }); default = [ ]; - description = "Commands to run every time a new window is detected."; + example = [ + { + "if" = { + app-id = "Another.Cool.App"; + workspace = "cool-workspace"; + window-title-regex-substring = "Title"; + app-name-regex-substring = "CoolApp"; + during-aerospace-startup = false; + }; + check-further-callbacks = false; + run = ["move-node-to-workspace m" "resize-node"]; + } + ]; + description = "Commands to run every time a new window is detected with optional conditions."; + }; + workspace-to-monitor-force-assignment = lib.mkOption { + type = attrsOf (oneOf [int str (listOf str)]); + default = { }; + description = '' + Map workspaces to specific monitors. + Left-hand side is the workspace name, and right-hand side is the monitor pattern. + ''; + example = { + "1" = 1; # First monitor from left to right. + "2" = "main"; # Main monitor. + "3" = "secondary"; # Secondary monitor (non-main). + "4" = "built-in"; # Built-in display. + "5" = "^built-in retina display$"; # Regex for the built-in retina display. + "6" = ["secondary" "dell"]; # Match first pattern in the list. + }; }; on-focus-changed = lib.mkOption { type = listOf str; -- cgit v1.2.3 From 492a72007ae2e7bd5895458fcd72ac2c8c9a0dc4 Mon Sep 17 00:00:00 2001 From: gnammix <71704832+gnammix@users.noreply.github.com> Date: Tue, 31 Dec 2024 14:38:42 +0100 Subject: power: echo to print in error messages Co-authored-by: Michael Hoang --- modules/system/checks.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/system/checks.nix b/modules/system/checks.nix index e6ee1b3..91622e5 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -312,8 +312,8 @@ let # some mac devices, notably notebook do not support restartAfterPowerFailure option restartAfterPowerFailureIsSupported = '' if sudo /usr/sbin/systemsetup -getRestartPowerFailure | grep -q "Not supported"; then - echo "error: Your system do not support the restartAfterPowerFailure feature" >&2 - echo "Please ensure that power.restartAfterPowerFailure is not set." >&2 + printf >&2 "�[1;31merror: restarting after power failure is not supported on your machine�[0m\n" >&2 + printf >&2 "Please ensure that `power.restartAfterPowerFailure` is not set.\n" >&2 exit 2 fi ''; -- cgit v1.2.3 From 89be82cb2b19b6371a786af6eb9effc79babb70f Mon Sep 17 00:00:00 2001 From: gnammix <71704832+gnammix@users.noreply.github.com> Date: Sat, 4 Jan 2025 14:35:53 +0100 Subject: power: quote in string triggered shellcheck SC2016 --- modules/system/checks.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/system/checks.nix b/modules/system/checks.nix index 91622e5..57ddfd2 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -312,8 +312,8 @@ let # some mac devices, notably notebook do not support restartAfterPowerFailure option restartAfterPowerFailureIsSupported = '' if sudo /usr/sbin/systemsetup -getRestartPowerFailure | grep -q "Not supported"; then - printf >&2 "�[1;31merror: restarting after power failure is not supported on your machine�[0m\n" >&2 - printf >&2 "Please ensure that `power.restartAfterPowerFailure` is not set.\n" >&2 + printf >&2 "\e[1;31merror: restarting after power failure is not supported on your machine\e[0m\n" >&2 + printf >&2 "Please ensure that \`power.restartAfterPowerFailure\` is not set.\n" >&2 exit 2 fi ''; -- cgit v1.2.3 From 6ee6262d2468cf053f39cb53ea6272af337f2cf7 Mon Sep 17 00:00:00 2001 From: Jalal El Mansouri Date: Sun, 5 Jan 2025 10:29:12 -0300 Subject: Add --ignore-dependencies option for casks Some casks have extrenal dependencies managed by brew, neovide for examples declares neovim as a dependency, a problem arises when you want to use a nix managed neovim instead --- modules/homebrew.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules') diff --git a/modules/homebrew.nix b/modules/homebrew.nix index 7aee9e1..d975170 100644 --- a/modules/homebrew.nix +++ b/modules/homebrew.nix @@ -396,6 +396,9 @@ let no_binaries = mkNullOrBoolOption { description = "Whether to disable linking of helper executables."; }; + ignore_dependencies = mkNullOrBoolOption { + description = "Ignore casks dependencies in case you manage them extrenally"; + }; brewfileLine = mkInternalOption { type = types.nullOr types.str; }; }; -- cgit v1.2.3 From 9e856ad0c1a677d1585e53a634c4abe487601c51 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Wed, 8 Jan 2025 14:26:32 +1100 Subject: nix: merge `nix.settings.trusted-users` by default Backport of https://github.com/NixOS/nixpkgs/pull/318635 --- modules/nix/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 41398fa..6e4292a 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -617,7 +617,6 @@ in trusted-users = mkOption { type = types.listOf types.str; - default = [ "root" ]; example = [ "root" "alice" "@admin" ]; description = '' A list of names of users that have additional rights when @@ -835,10 +834,10 @@ in done ''; - # Legacy configuration conversion. nix.settings = mkMerge [ { trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; + trusted-users = [ "root" ]; substituters = mkAfter [ "https://cache.nixos.org/" ]; # Not implemented yet -- cgit v1.2.3 From be4c1b897accbdfc3429e99b5bd5234c5663776e Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Fri, 15 Nov 2024 13:50:58 +1100 Subject: openssh: init module --- modules/module-list.nix | 1 + modules/services/openssh.nix | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 modules/services/openssh.nix (limited to 'modules') diff --git a/modules/module-list.nix b/modules/module-list.nix index aa190c7..8b2215b 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -82,6 +82,7 @@ ./services/nix-gc ./services/nix-optimise ./services/ofborg + ./services/openssh.nix ./services/postgresql ./services/privoxy ./services/redis diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix new file mode 100644 index 0000000..859f79d --- /dev/null +++ b/modules/services/openssh.nix @@ -0,0 +1,33 @@ +{ config, lib, ... }: + +let + cfg = config.services.openssh; +in +{ + options = { + services.openssh.enable = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + default = null; + description = '' + Whether to enable Apple's built-in OpenSSH server. + + The default is null which means let macOS manage the OpenSSH server. + ''; + }; + }; + + config = { + # We don't use `systemsetup -setremotelogin` as it requires Full Disk Access + system.activationScripts.launchd.text = lib.mkIf (cfg.enable != null) (if cfg.enable then '' + if [[ "$(systemsetup -getremotelogin | sed 's/Remote Login: //')" == "Off" ]]; then + launchctl enable system/com.openssh.sshd + launchctl bootstrap system /System/Library/LaunchDaemons/ssh.plist + fi + '' else '' + if [[ "$(systemsetup -getremotelogin | sed 's/Remote Login: //')" == "On" ]]; then + launchctl bootout system/com.openssh.sshd + launchctl disable system/com.openssh.sshd + fi + ''); + }; +} -- cgit v1.2.3 From 8a3ea966bcb14655b231308e9d52195715c71692 Mon Sep 17 00:00:00 2001 From: Emily Date: Wed, 8 Jan 2025 19:10:22 +0000 Subject: version: implement nix-darwin release versions --- modules/system/version.nix | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'modules') diff --git a/modules/system/version.nix b/modules/system/version.nix index 826ad35..54829d1 100644 --- a/modules/system/version.nix +++ b/modules/system/version.nix @@ -59,11 +59,18 @@ in description = "Label to be used in the names of generated outputs."; }; + system.darwinRelease = mkOption { + readOnly = true; + type = types.str; + default = (lib.importJSON ../../version.json).release; + description = "The nix-darwin release (e.g. `24.11`)."; + }; + system.darwinVersion = mkOption { internal = true; type = types.str; - default = "darwin${toString cfg.stateVersion}${cfg.darwinVersionSuffix}"; - description = "The full darwin version (e.g. `darwin4.2abdb5a`)."; + default = cfg.darwinRelease + cfg.darwinVersionSuffix; + description = "The full nix-darwin version (e.g. `24.11.2abdb5a`)."; }; system.darwinVersionSuffix = mkOption { @@ -72,7 +79,7 @@ in default = if cfg.darwinRevision != null then ".${substring 0 7 cfg.darwinRevision}" else ""; - description = "The short darwin version suffix (e.g. `.2abdb5a`)."; + description = "The short nix-darwin version suffix (e.g. `.2abdb5a`)."; }; system.darwinRevision = mkOption { @@ -86,14 +93,15 @@ in readOnly = true; type = types.str; default = lib.trivial.release; - description = "The nixpkgs release (e.g. `16.03`)."; + description = "The nixpkgs release (e.g. `24.11`)."; }; + # TODO: Shouldn’t mismatch the Darwin release, rethink all this… system.nixpkgsVersion = mkOption { internal = true; type = types.str; default = cfg.nixpkgsRelease + cfg.nixpkgsVersionSuffix; - description = "The full nixpkgs version (e.g. `16.03.1160.f2d4ee1`)."; + description = "The full nixpkgs version (e.g. `24.11.1160.f2d4ee1`)."; }; system.nixpkgsVersionSuffix = mkOption { @@ -124,7 +132,7 @@ in config = { # This default is set here rather than up there so that the options # documentation is not reprocessed on every commit - system.darwinLabel = mkDefault "${cfg.nixpkgsVersion}+${cfg.darwinVersion}"; + system.darwinLabel = mkDefault cfg.darwinVersion; assertions = [ { -- cgit v1.2.3 From d5aeb4e5b17c4e17b4eb515e088d6ea6babd14d8 Mon Sep 17 00:00:00 2001 From: Emily Date: Tue, 14 Jan 2025 01:18:53 +0000 Subject: checks: recommend `sudo nix-channel` --- modules/system/checks.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/system/checks.nix b/modules/system/checks.nix index 57ddfd2..a5fd44a 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -211,8 +211,8 @@ let if ! test -e "$darwinPath"; then echo "error: Changed but target does not exist, aborting activation" >&2 echo "Add the darwin repo as a channel or set nix.nixPath:" >&2 - echo "$ nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin" >&2 - echo "$ nix-channel --update" >&2 + echo "$ sudo nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin" >&2 + echo "$ sudo nix-channel --update" >&2 echo >&2 echo "or set" >&2 echo >&2 @@ -225,8 +225,8 @@ let if ! test -e "$nixpkgsPath"; then echo "error: Changed but target does not exist, aborting activation" >&2 echo "Add a nixpkgs channel or set nix.nixPath:" >&2 - echo "$ nix-channel --add http://nixos.org/channels/nixpkgs-unstable nixpkgs" >&2 - echo "$ nix-channel --update" >&2 + echo "$ sudo nix-channel --add http://nixos.org/channels/nixpkgs-unstable nixpkgs" >&2 + echo "$ sudo nix-channel --update" >&2 echo >&2 echo "or set" >&2 echo >&2 -- cgit v1.2.3 From e33d37c41f8040631f0cc16b032a1cf214aeeb4e Mon Sep 17 00:00:00 2001 From: Emily Date: Wed, 8 Jan 2025 19:10:22 +0000 Subject: {readme,examples/flake}: update for release branches --- modules/examples/flake/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/examples/flake/flake.nix b/modules/examples/flake/flake.nix index 4520b8f..138c047 100644 --- a/modules/examples/flake/flake.nix +++ b/modules/examples/flake/flake.nix @@ -3,7 +3,7 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - nix-darwin.url = "github:LnL7/nix-darwin"; + nix-darwin.url = "github:LnL7/nix-darwin/master"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; }; -- cgit v1.2.3