diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2103.xml | 5 | ||||
-rw-r--r-- | nixos/modules/hardware/network/ath-user-regd.nix | 31 | ||||
-rw-r--r-- | nixos/modules/hardware/video/nvidia.nix | 51 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/security/acme.nix | 6 | ||||
-rw-r--r-- | nixos/modules/services/backup/restic.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/vhost-options.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/x11/clight.nix | 30 | ||||
-rw-r--r-- | nixos/modules/system/boot/kernel.nix | 10 |
9 files changed, 88 insertions, 52 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml index 235b9ba1ed90..f33b4ef919f0 100644 --- a/nixos/doc/manual/release-notes/rl-2103.xml +++ b/nixos/doc/manual/release-notes/rl-2103.xml @@ -661,6 +661,11 @@ self: super: The <varname>platform</varname> grouping of these things never meant anything, and was just a historial/implementation artifact that was overdue removal. </para> </listitem> + <listitem> + <para> + <varname>services.restic</varname> now uses a dedicated cache directory for every backup defined in <varname>services.restic.backups</varname>. The old global cache directory, <literal>/root/.cache/restic</literal>, is now unused and can be removed to free up disk space. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/modules/hardware/network/ath-user-regd.nix b/nixos/modules/hardware/network/ath-user-regd.nix new file mode 100644 index 000000000000..b5ade5ed5010 --- /dev/null +++ b/nixos/modules/hardware/network/ath-user-regd.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + kernelVersion = config.boot.kernelPackages.kernel.version; + linuxKernelMinVersion = "5.8"; + kernelPatch = pkgs.kernelPatches.ath_regd_optional // { + extraConfig = '' + ATH_USER_REGD y + ''; + }; +in +{ + options.networking.wireless.athUserRegulatoryDomain = mkOption { + default = false; + type = types.bool; + description = '' + If enabled, sets the ATH_USER_REGD kernel config switch to true to + disable the enforcement of EEPROM regulatory restrictions for ath + drivers. Requires at least Linux ${linuxKernelMinVersion}. + ''; + }; + + config = mkIf config.networking.wireless.athUserRegulatoryDomain { + assertions = singleton { + assertion = lessThan 0 (builtins.compareVersions kernelVersion linuxKernelMinVersion); + message = "ATH_USER_REGD patch for kernels older than ${linuxKernelMinVersion} not ported yet!"; + }; + boot.kernelPatches = [ kernelPatch ]; + }; +} diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index 72eb9fcfaa60..97accc7b99a0 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -5,36 +5,17 @@ with lib; let - - drivers = config.services.xserver.videoDrivers; - - # FIXME: should introduce an option like - # ‘hardware.video.nvidia.package’ for overriding the default NVIDIA - # driver. - nvidiaForKernel = kernelPackages: - if elem "nvidia" drivers then - kernelPackages.nvidia_x11 - else if elem "nvidiaBeta" drivers then - kernelPackages.nvidia_x11_beta - else if elem "nvidiaVulkanBeta" drivers then - kernelPackages.nvidia_x11_vulkan_beta - else if elem "nvidiaLegacy304" drivers then - kernelPackages.nvidia_x11_legacy304 - else if elem "nvidiaLegacy340" drivers then - kernelPackages.nvidia_x11_legacy340 - else if elem "nvidiaLegacy390" drivers then - kernelPackages.nvidia_x11_legacy390 - else null; - - nvidia_x11 = nvidiaForKernel config.boot.kernelPackages; - nvidia_libs32 = - if versionOlder nvidia_x11.version "391" then - ((nvidiaForKernel pkgs.pkgsi686Linux.linuxPackages).override { libsOnly = true; kernel = null; }).out - else - (nvidiaForKernel config.boot.kernelPackages).lib32; + nvidia_x11 = let + drivers = config.services.xserver.videoDrivers; + isDeprecated = str: (hasPrefix "nvidia" str) && (str != "nvidia"); + hasDeprecated = drivers: any isDeprecated drivers; + in if (hasDeprecated drivers) then + throw '' + Selecting an nvidia driver has been modified for NixOS 19.03. The version is now set using `hardware.nvidia.package`. + '' + else if (elem "nvidia" drivers) then cfg.package else null; enabled = nvidia_x11 != null; - cfg = config.hardware.nvidia; pCfg = cfg.prime; @@ -170,6 +151,16 @@ in GPUs stay awake even during headless mode. ''; }; + + hardware.nvidia.package = lib.mkOption { + type = lib.types.package; + default = config.boot.kernelPackages.nvidiaPackages.stable; + defaultText = "config.boot.kernelPackages.nvidiaPackages.stable"; + description = '' + The NVIDIA X11 derivation to use. + ''; + example = "config.boot.kernelPackages.nvidiaPackages.legacy340"; + }; }; config = let @@ -271,9 +262,9 @@ in }; hardware.opengl.package = mkIf (!offloadCfg.enable) nvidia_x11.out; - hardware.opengl.package32 = mkIf (!offloadCfg.enable) nvidia_libs32; + hardware.opengl.package32 = mkIf (!offloadCfg.enable) nvidia_x11.lib32; hardware.opengl.extraPackages = optional offloadCfg.enable nvidia_x11.out; - hardware.opengl.extraPackages32 = optional offloadCfg.enable nvidia_libs32; + hardware.opengl.extraPackages32 = optional offloadCfg.enable nvidia_x11.lib32; environment.systemPackages = [ nvidia_x11.bin nvidia_x11.settings ] ++ optionals nvidiaPersistencedEnabled [ nvidia_x11.persistenced ]; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 7586ae41bbb0..f64f2dbb2cb2 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -52,6 +52,7 @@ ./hardware/ledger.nix ./hardware/logitech.nix ./hardware/mcelog.nix + ./hardware/network/ath-user-regd.nix ./hardware/network/b43.nix ./hardware/network/intel-2200bg.nix ./hardware/nitrokey.nix diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 6b62e5043caf..c33a92580d4c 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -346,7 +346,7 @@ let webroot = mkOption { type = types.nullOr types.str; default = null; - example = "/var/lib/acme/acme-challenges"; + example = "/var/lib/acme/acme-challenge"; description = '' Where the webroot of the HTTP vhost is located. <filename>.well-known/acme-challenge/</filename> directory @@ -579,12 +579,12 @@ in { example = literalExample '' { "example.com" = { - webroot = "/var/www/challenges/"; + webroot = "/var/lib/acme/acme-challenge/"; email = "foo@example.com"; extraDomainNames = [ "www.example.com" "foo.example.com" ]; }; "bar.example.com" = { - webroot = "/var/www/challenges/"; + webroot = "/var/lib/acme/acme-challenge/"; email = "bar@example.com"; }; } diff --git a/nixos/modules/services/backup/restic.nix b/nixos/modules/services/backup/restic.nix index d869835bf07e..573f0efa9da4 100644 --- a/nixos/modules/services/backup/restic.nix +++ b/nixos/modules/services/backup/restic.nix @@ -243,9 +243,11 @@ in restartIfChanged = false; serviceConfig = { Type = "oneshot"; - ExecStart = [ "${resticCmd} backup ${concatStringsSep " " backup.extraBackupArgs} ${backupPaths}" ] ++ pruneCmd; + ExecStart = [ "${resticCmd} backup --cache-dir=%C/restic-backups-${name} ${concatStringsSep " " backup.extraBackupArgs} ${backupPaths}" ] ++ pruneCmd; User = backup.user; RuntimeDirectory = "restic-backups-${name}"; + CacheDirectory = "restic-backups-${name}"; + CacheDirectoryMode = "0700"; } // optionalAttrs (backup.s3CredentialsFile != null) { EnvironmentFile = backup.s3CredentialsFile; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix b/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix index 173c0f8561c0..394f9a305546 100644 --- a/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix +++ b/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix @@ -112,7 +112,7 @@ in acmeRoot = mkOption { type = types.str; - default = "/var/lib/acme/acme-challenges"; + default = "/var/lib/acme/acme-challenge"; description = "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here"; }; diff --git a/nixos/modules/services/x11/clight.nix b/nixos/modules/services/x11/clight.nix index 4daf6d8d9db7..873f425fb8be 100644 --- a/nixos/modules/services/x11/clight.nix +++ b/nixos/modules/services/x11/clight.nix @@ -11,14 +11,21 @@ let else if isBool v then boolToString v else if isString v then ''"${escape [''"''] v}"'' else if isList v then "[ " + concatMapStringsSep ", " toConf v + " ]" + else if isAttrs v then "\n{\n" + convertAttrs v + "\n}" else abort "clight.toConf: unexpected type (v = ${v})"; - clightConf = pkgs.writeText "clight.conf" - (concatStringsSep "\n" (mapAttrsToList - (name: value: "${toString name} = ${toConf value};") - (filterAttrs - (_: value: value != null) - cfg.settings))); + getSep = v: + if isAttrs v then ":" + else "="; + + convertAttrs = attrs: concatStringsSep "\n" (mapAttrsToList + (name: value: "${toString name} ${getSep value} ${toConf value};") + attrs); + + clightConf = pkgs.writeText "clight.conf" (convertAttrs + (filterAttrs + (_: value: value != null) + cfg.settings)); in { options.services.clight = { enable = mkOption { @@ -49,9 +56,10 @@ in { }; settings = let - validConfigTypes = with types; either int (either str (either bool float)); + validConfigTypes = with types; oneOf [ int str bool float ]; + collectionTypes = with types; oneOf [ validConfigTypes (listOf validConfigTypes) ]; in mkOption { - type = with types; attrsOf (nullOr (either validConfigTypes (listOf validConfigTypes))); + type = with types; attrsOf (nullOr (either collectionTypes (attrsOf collectionTypes))); default = {}; example = { captures = 20; gamma_long_transition = true; ac_capture_timeouts = [ 120 300 60 ]; }; description = '' @@ -69,10 +77,10 @@ in { services.upower.enable = true; services.clight.settings = { - gamma_temp = with cfg.temperature; mkDefault [ day night ]; + gamma.temp = with cfg.temperature; mkDefault [ day night ]; } // (optionalAttrs (config.location.provider == "manual") { - latitude = mkDefault config.location.latitude; - longitude = mkDefault config.location.longitude; + daytime.latitude = mkDefault config.location.latitude; + daytime.longitude = mkDefault config.location.longitude; }); services.geoclue2.appConfig.clightc = { diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index ed7226331d70..9287852bacfd 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -37,12 +37,10 @@ in boot.kernelPackages = mkOption { default = pkgs.linuxPackages; type = types.unspecified // { merge = mergeEqualOption; }; - apply = kernelPackages: kernelPackages.extend (self: super: { - kernel = super.kernel.override { - inherit randstructSeed; - kernelPatches = super.kernel.kernelPatches ++ kernelPatches; - features = lib.recursiveUpdate super.kernel.features features; - }; + apply = kernelPackages: pkgs.linuxPackagesFor (kernelPackages.kernel.override { + inherit randstructSeed; + kernelPatches = kernelPackages.kernel.kernelPatches ++ kernelPatches; + features = lib.recursiveUpdate kernelPackages.kernel.features features; }); # We don't want to evaluate all of linuxPackages for the manual # - some of it might not even evaluate correctly. |