Merge pull request #38111 from oxij/tree/cleanups

assorted cleanups

6 files changed, 72 insertions, 73 deletions

diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix
index 7b36d4f1cbdf..c595c6932946 100644
--- a/nixos/modules/config/nsswitch.nix
+++ b/nixos/modules/config/nsswitch.nix
@@ -17,23 +17,23 @@ let
   resolved = canLoadExternalModules && config.services.resolved.enable;
 
   hostArray = [ "files" ]
-    ++ optionals mymachines [ "mymachines" ]
-    ++ optionals nssmdns [ "mdns_minimal [NOTFOUND=return]" ]
-    ++ optionals nsswins [ "wins" ]
-    ++ optionals resolved ["resolve [!UNAVAIL=return]"]
+    ++ optional mymachines "mymachines"
+    ++ optional nssmdns "mdns_minimal [NOTFOUND=return]"
+    ++ optional nsswins "wins"
+    ++ optional resolved "resolve [!UNAVAIL=return]"
     ++ [ "dns" ]
-    ++ optionals nssmdns [ "mdns" ]
-    ++ optionals myhostname ["myhostname" ];
+    ++ optional nssmdns "mdns"
+    ++ optional myhostname "myhostname";
 
   passwdArray = [ "files" ]
     ++ optional sssd "sss"
-    ++ optionals ldap [ "ldap" ]
-    ++ optionals mymachines [ "mymachines" ]
+    ++ optional ldap "ldap"
+    ++ optional mymachines "mymachines"
     ++ [ "systemd" ];
 
   shadowArray = [ "files" ]
     ++ optional sssd "sss"
-    ++ optionals ldap [ "ldap" ];
+    ++ optional ldap "ldap";
 
   servicesArray = [ "files" ]
     ++ optional sssd "sss";
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index 31435039e56d..42d5d233f1c1 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -504,9 +504,6 @@ in {
       };
     };
 
-    # Install all the user shells
-    environment.systemPackages = systemShells;
-
     users.groups = {
       root.gid = ids.gids.root;
       wheel.gid = ids.gids.wheel;
@@ -543,14 +540,29 @@ in {
     # for backwards compatibility
     system.activationScripts.groups = stringAfter [ "users" ] "";
 
-    environment.etc."subuid" = {
-      text = subuidFile;
-      mode = "0644";
-    };
-    environment.etc."subgid" = {
-      text = subgidFile;
-      mode = "0644";
-    };
+    # Install all the user shells
+    environment.systemPackages = systemShells;
+
+    environment.etc = {
+      "subuid" = {
+        text = subuidFile;
+        mode = "0644";
+      };
+      "subgid" = {
+        text = subgidFile;
+        mode = "0644";
+      };
+    } // (mapAttrs' (name: { packages, ... }: {
+      name = "profiles/per-user/${name}";
+      value.source = pkgs.buildEnv {
+        name = "user-environment";
+        paths = packages;
+        inherit (config.environment) pathsToLink extraOutputsToInstall;
+        inherit (config.system.path) ignoreCollisions postBuild;
+      };
+    }) (filterAttrs (_: u: u.packages != []) cfg.users));
+
+    environment.profiles = [ "/etc/profiles/per-user/$USER" ];
 
     assertions = [
       { assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
@@ -581,22 +593,4 @@ in {
 
   };
 
-  imports =
-    [ (mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ])
-      (mkAliasOptionModule [ "users" "extraGroups" ] [ "users" "groups" ])
-      {
-        environment = {
-          etc = mapAttrs' (name: { packages, ... }: {
-            name = "profiles/per-user/${name}";
-            value.source = pkgs.buildEnv {
-              name = "user-environment";
-              paths = packages;
-              inherit (config.environment) pathsToLink extraOutputsToInstall;
-              inherit (config.system.path) ignoreCollisions postBuild;
-            };
-          }) (filterAttrs (_: { packages, ... }: packages != []) cfg.users);
-          profiles = ["/etc/profiles/per-user/$USER"];
-        };
-      }
-    ];
 }
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index 288634343750..63d69d6a364b 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -4,6 +4,7 @@ with lib;
 
 {
   imports = [
+    (mkRenamedOptionModule [ "dysnomia" ] [ "services" "dysnomia" ])
     (mkRenamedOptionModule [ "environment" "x11Packages" ] [ "environment" "systemPackages" ])
     (mkRenamedOptionModule [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ])
     (mkRenamedOptionModule [ "environment" "nix" ] [ "nix" "package" ])
@@ -203,6 +204,10 @@ with lib;
     (mkRenamedOptionModule [ "config" "system" "nixosCodeName" ] [ "config" "system" "nixos" "codeName" ])
     (mkRenamedOptionModule [ "config" "system" "nixosLabel" ] [ "config" "system" "nixos" "label" ])
 
+    # Users
+    (mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ])
+    (mkAliasOptionModule [ "users" "extraGroups" ] [ "users" "groups" ])
+
     # Options that are obsolete and have no replacement.
     (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "")
     (mkRemovedOptionModule [ "programs" "bash" "enable" ] "")
diff --git a/nixos/modules/services/misc/disnix.nix b/nixos/modules/services/misc/disnix.nix
index 39d23610b064..e4517c636e88 100644
--- a/nixos/modules/services/misc/disnix.nix
+++ b/nixos/modules/services/misc/disnix.nix
@@ -57,7 +57,7 @@ in
   ###### implementation
 
   config = mkIf cfg.enable {
-    dysnomia.enable = true;
+    services.dysnomia.enable = true;
 
     environment.systemPackages = [ pkgs.disnix ] ++ optional cfg.useWebServiceInterface pkgs.DisnixWebService;
 
diff --git a/nixos/modules/services/misc/dysnomia.nix b/nixos/modules/services/misc/dysnomia.nix
index c5c41ad296da..25cd0038e36d 100644
--- a/nixos/modules/services/misc/dysnomia.nix
+++ b/nixos/modules/services/misc/dysnomia.nix
@@ -3,8 +3,8 @@
 with lib;
 
 let
-  cfg = config.dysnomia;
-  
+  cfg = config.services.dysnomia;
+
   printProperties = properties:
     concatMapStrings (propertyName:
       let
@@ -13,7 +13,7 @@ let
       if isList property then "${propertyName}=(${lib.concatMapStrings (elem: "\"${toString elem}\" ") (properties."${propertyName}")})\n"
       else "${propertyName}=\"${toString property}\"\n"
     ) (builtins.attrNames properties);
-  
+
   properties = pkgs.stdenv.mkDerivation {
     name = "dysnomia-properties";
     buildCommand = ''
@@ -22,13 +22,13 @@ let
       EOF
     '';
   };
-  
+
   containersDir = pkgs.stdenv.mkDerivation {
     name = "dysnomia-containers";
     buildCommand = ''
       mkdir -p $out
       cd $out
-      
+
       ${concatMapStrings (containerName:
         let
           containerProperties = cfg.containers."${containerName}";
@@ -42,11 +42,11 @@ let
       ) (builtins.attrNames cfg.containers)}
     '';
   };
-  
+
   linkMutableComponents = {containerName}:
     ''
       mkdir ${containerName}
-      
+
       ${concatMapStrings (componentName:
         let
           component = cfg.components."${containerName}"."${componentName}";
@@ -54,13 +54,13 @@ let
         "ln -s ${component} ${containerName}/${componentName}\n"
       ) (builtins.attrNames (cfg.components."${containerName}" or {}))}
     '';
-  
+
   componentsDir = pkgs.stdenv.mkDerivation {
     name = "dysnomia-components";
     buildCommand = ''
       mkdir -p $out
       cd $out
-      
+
       ${concatMapStrings (containerName:
         let
           components = cfg.components."${containerName}";
@@ -72,59 +72,59 @@ let
 in
 {
   options = {
-    dysnomia = {
-      
+    services.dysnomia = {
+
       enable = mkOption {
         type = types.bool;
         default = false;
         description = "Whether to enable Dysnomia";
       };
-      
+
       enableAuthentication = mkOption {
         type = types.bool;
         default = false;
         description = "Whether to publish privacy-sensitive authentication credentials";
       };
-      
+
       package = mkOption {
         type = types.path;
         description = "The Dysnomia package";
       };
-      
+
       properties = mkOption {
         description = "An attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions.";
         default = {};
       };
-      
+
       containers = mkOption {
         description = "An attribute set in which each key represents a container and each value an attribute set providing its configuration properties";
         default = {};
       };
-      
+
       components = mkOption {
         description = "An atttribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state";
         default = {};
       };
-      
+
       extraContainerProperties = mkOption {
         description = "An attribute set providing additional container settings in addition to the default properties";
         default = {};
       };
-      
+
       extraContainerPaths = mkOption {
         description = "A list of paths containing additional container configurations that are added to the search folders";
         default = [];
       };
-      
+
       extraModulePaths = mkOption {
         description = "A list of paths containing additional modules that are added to the search folders";
         default = [];
       };
     };
   };
-  
+
   config = mkIf cfg.enable {
-  
+
     environment.etc = {
       "dysnomia/containers" = {
         source = containersDir;
@@ -136,16 +136,16 @@ in
         source = properties;
       };
     };
-    
+
     environment.variables = {
       DYSNOMIA_STATEDIR = "/var/state/dysnomia-nixos";
       DYSNOMIA_CONTAINERS_PATH = "${lib.concatMapStrings (containerPath: "${containerPath}:") cfg.extraContainerPaths}/etc/dysnomia/containers";
       DYSNOMIA_MODULES_PATH = "${lib.concatMapStrings (modulePath: "${modulePath}:") cfg.extraModulePaths}/etc/dysnomia/modules";
     };
-    
+
     environment.systemPackages = [ cfg.package ];
-    
-    dysnomia.package = pkgs.dysnomia.override (origArgs: {
+
+    services.dysnomia.package = pkgs.dysnomia.override (origArgs: {
       enableApacheWebApplication = config.services.httpd.enable;
       enableAxis2WebService = config.services.tomcat.axis2.enable;
       enableEjabberdDump = config.services.ejabberd.enable;
@@ -155,8 +155,8 @@ in
       enableTomcatWebApplication = config.services.tomcat.enable;
       enableMongoDatabase = config.services.mongodb.enable;
     });
-    
-    dysnomia.properties = {
+
+    services.dysnomia.properties = {
       hostname = config.networking.hostName;
       system = if config.nixpkgs.system == "" then builtins.currentSystem else config.nixpkgs.system;
 
@@ -173,8 +173,8 @@ in
         '';
       }}");
     };
-    
-    dysnomia.containers = lib.recursiveUpdate ({
+
+    services.dysnomia.containers = lib.recursiveUpdate ({
       process = {};
       wrapper = {};
     }
diff --git a/nixos/modules/services/networking/tcpcrypt.nix b/nixos/modules/services/networking/tcpcrypt.nix
index 2f304165eb4b..ee005e11aa32 100644
--- a/nixos/modules/services/networking/tcpcrypt.nix
+++ b/nixos/modules/services/networking/tcpcrypt.nix
@@ -44,9 +44,9 @@ in
       path = [ pkgs.iptables pkgs.tcpcrypt pkgs.procps ];
 
       preStart = ''
-        mkdir -p /var/run/tcpcryptd
-        chown tcpcryptd /var/run/tcpcryptd
-        sysctl -n net.ipv4.tcp_ecn >/run/pre-tcpcrypt-ecn-state
+        mkdir -p /run/tcpcryptd
+        chown tcpcryptd /run/tcpcryptd
+        sysctl -n net.ipv4.tcp_ecn > /run/tcpcryptd/pre-tcpcrypt-ecn-state
         sysctl -w net.ipv4.tcp_ecn=0
 
         iptables -t raw -N nixos-tcpcrypt
@@ -61,8 +61,8 @@ in
       script = "tcpcryptd -x 0x10";
 
       postStop = ''
-        if [ -f /run/pre-tcpcrypt-ecn-state ]; then
-          sysctl -w net.ipv4.tcp_ecn=$(cat /run/pre-tcpcrypt-ecn-state)
+        if [ -f /run/tcpcryptd/pre-tcpcrypt-ecn-state ]; then
+          sysctl -w net.ipv4.tcp_ecn=$(cat /run/tcpcryptd/pre-tcpcrypt-ecn-state)
         fi
 
         iptables -t mangle -D POSTROUTING -j nixos-tcpcrypt || true