Loading nixos/modules/config/system-path.nix +65 −36 Original line number Diff line number Diff line Loading @@ -8,41 +8,47 @@ }: let requiredPackages = map (pkg: lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg) [ pkgs.acl pkgs.attr pkgs.bashInteractive # bash with ncurses support pkgs.bzip2 pkgs.coreutils-full pkgs.cpio pkgs.curl pkgs.diffutils pkgs.findutils pkgs.gawk pkgs.stdenv.cc.libc pkgs.getent pkgs.getconf pkgs.gnugrep pkgs.gnupatch pkgs.gnused pkgs.gnutar pkgs.gzip pkgs.xz pkgs.less pkgs.libcap pkgs.ncurses pkgs.netcat config.programs.ssh.package pkgs.mkpasswd pkgs.procps pkgs.su pkgs.time pkgs.util-linux pkgs.which pkgs.zstd corePackageNames = [ "acl" "attr" "bashInteractive" # bash with ncurses support "bzip2" "coreutils-full" "cpio" "curl" "diffutils" "findutils" "gawk" "getent" "getconf" "gnugrep" "gnupatch" "gnused" "gnutar" "gzip" "xz" "less" "libcap" "ncurses" "netcat" "mkpasswd" "procps" "su" "time" "util-linux" "which" "zstd" ]; corePackages = (map ( n: let pkg = pkgs.${n}; in lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg ) corePackageNames) ++ [ pkgs.stdenv.cc.libc ]; corePackagesText = "[ ${lib.concatMapStringsSep " " (n: "pkgs.${n}") corePackageNames} ]"; defaultPackageNames = [ "perl" Loading Loading @@ -80,6 +86,29 @@ in ''; }; corePackages = lib.mkOption { type = lib.types.listOf lib.types.package; default = corePackages; defaultText = lib.literalMD '' these packages, with their `meta.priority` numerically increased (thus lowering their installation priority): ${corePackagesText} ''; example = [ ]; description = '' Set of core packages for a normal interactive system. Only change this if you know what you're doing! Like with systemPackages, packages are installed to {file}`/run/current-system/sw`. They are automatically available to all users, and are automatically updated every time you rebuild the system configuration. ''; }; defaultPackages = lib.mkOption { type = lib.types.listOf lib.types.package; default = defaultPackages; Loading Loading @@ -151,7 +180,7 @@ in config = { environment.systemPackages = requiredPackages ++ config.environment.defaultPackages; environment.systemPackages = config.environment.corePackages ++ config.environment.defaultPackages; environment.pathsToLink = [ "/bin" Loading nixos/modules/programs/bash/bash.nix +97 −103 Original line number Diff line number Diff line Loading @@ -23,15 +23,11 @@ let in { imports = [ (lib.mkRemovedOptionModule [ "programs" "bash" "enable" ] "") ]; options = { programs.bash = { /* enable = lib.mkOption { default = true; description = '' Loading @@ -44,7 +40,6 @@ in ''; type = lib.types.bool; }; */ shellAliases = lib.mkOption { default = { }; Loading Loading @@ -129,8 +124,7 @@ in }; config = # lib.mkIf cfg.enable { config = lib.mkIf cfg.enable { programs.bash = { Loading nixos/modules/programs/fuse.nix +31 −2 Original line number Diff line number Diff line { config, lib, ... }: { config, lib, pkgs, ... }: let cfg = config.programs.fuse; Loading @@ -7,6 +12,10 @@ in meta.maintainers = with lib.maintainers; [ ]; options.programs.fuse = { enable = lib.mkEnableOption "fuse" // { default = true; }; mountMax = lib.mkOption { # In the C code it's an "int" (i.e. signed and at least 16 bit), but # negative numbers obviously make no sense: Loading @@ -27,10 +36,30 @@ in }; }; config = { config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.fuse pkgs.fuse3 ]; security.wrappers = let mkSetuidRoot = source: { setuid = true; owner = "root"; group = "root"; inherit source; }; in { fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount"; fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3"; }; environment.etc."fuse.conf".text = '' ${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other mount_max = ${builtins.toString cfg.mountMax} ''; }; } nixos/modules/programs/ssh.nix +2 −0 Original line number Diff line number Diff line Loading @@ -335,6 +335,8 @@ in } ); environment.corePackages = [ cfg.package ]; # SSH configuration. Slight duplication of the sshd_config # generation in the sshd service. environment.etc."ssh/ssh_config".text = '' Loading nixos/modules/security/wrappers/default.nix +0 −2 Original line number Diff line number Diff line Loading @@ -266,8 +266,6 @@ in in { # These are mount related wrappers that require the +s permission. fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount"; fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3"; mount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/mount"; umount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/umount"; }; Loading Loading
nixos/modules/config/system-path.nix +65 −36 Original line number Diff line number Diff line Loading @@ -8,41 +8,47 @@ }: let requiredPackages = map (pkg: lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg) [ pkgs.acl pkgs.attr pkgs.bashInteractive # bash with ncurses support pkgs.bzip2 pkgs.coreutils-full pkgs.cpio pkgs.curl pkgs.diffutils pkgs.findutils pkgs.gawk pkgs.stdenv.cc.libc pkgs.getent pkgs.getconf pkgs.gnugrep pkgs.gnupatch pkgs.gnused pkgs.gnutar pkgs.gzip pkgs.xz pkgs.less pkgs.libcap pkgs.ncurses pkgs.netcat config.programs.ssh.package pkgs.mkpasswd pkgs.procps pkgs.su pkgs.time pkgs.util-linux pkgs.which pkgs.zstd corePackageNames = [ "acl" "attr" "bashInteractive" # bash with ncurses support "bzip2" "coreutils-full" "cpio" "curl" "diffutils" "findutils" "gawk" "getent" "getconf" "gnugrep" "gnupatch" "gnused" "gnutar" "gzip" "xz" "less" "libcap" "ncurses" "netcat" "mkpasswd" "procps" "su" "time" "util-linux" "which" "zstd" ]; corePackages = (map ( n: let pkg = pkgs.${n}; in lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg ) corePackageNames) ++ [ pkgs.stdenv.cc.libc ]; corePackagesText = "[ ${lib.concatMapStringsSep " " (n: "pkgs.${n}") corePackageNames} ]"; defaultPackageNames = [ "perl" Loading Loading @@ -80,6 +86,29 @@ in ''; }; corePackages = lib.mkOption { type = lib.types.listOf lib.types.package; default = corePackages; defaultText = lib.literalMD '' these packages, with their `meta.priority` numerically increased (thus lowering their installation priority): ${corePackagesText} ''; example = [ ]; description = '' Set of core packages for a normal interactive system. Only change this if you know what you're doing! Like with systemPackages, packages are installed to {file}`/run/current-system/sw`. They are automatically available to all users, and are automatically updated every time you rebuild the system configuration. ''; }; defaultPackages = lib.mkOption { type = lib.types.listOf lib.types.package; default = defaultPackages; Loading Loading @@ -151,7 +180,7 @@ in config = { environment.systemPackages = requiredPackages ++ config.environment.defaultPackages; environment.systemPackages = config.environment.corePackages ++ config.environment.defaultPackages; environment.pathsToLink = [ "/bin" Loading
nixos/modules/programs/bash/bash.nix +97 −103 Original line number Diff line number Diff line Loading @@ -23,15 +23,11 @@ let in { imports = [ (lib.mkRemovedOptionModule [ "programs" "bash" "enable" ] "") ]; options = { programs.bash = { /* enable = lib.mkOption { default = true; description = '' Loading @@ -44,7 +40,6 @@ in ''; type = lib.types.bool; }; */ shellAliases = lib.mkOption { default = { }; Loading Loading @@ -129,8 +124,7 @@ in }; config = # lib.mkIf cfg.enable { config = lib.mkIf cfg.enable { programs.bash = { Loading
nixos/modules/programs/fuse.nix +31 −2 Original line number Diff line number Diff line { config, lib, ... }: { config, lib, pkgs, ... }: let cfg = config.programs.fuse; Loading @@ -7,6 +12,10 @@ in meta.maintainers = with lib.maintainers; [ ]; options.programs.fuse = { enable = lib.mkEnableOption "fuse" // { default = true; }; mountMax = lib.mkOption { # In the C code it's an "int" (i.e. signed and at least 16 bit), but # negative numbers obviously make no sense: Loading @@ -27,10 +36,30 @@ in }; }; config = { config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.fuse pkgs.fuse3 ]; security.wrappers = let mkSetuidRoot = source: { setuid = true; owner = "root"; group = "root"; inherit source; }; in { fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount"; fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3"; }; environment.etc."fuse.conf".text = '' ${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other mount_max = ${builtins.toString cfg.mountMax} ''; }; }
nixos/modules/programs/ssh.nix +2 −0 Original line number Diff line number Diff line Loading @@ -335,6 +335,8 @@ in } ); environment.corePackages = [ cfg.package ]; # SSH configuration. Slight duplication of the sshd_config # generation in the sshd service. environment.etc."ssh/ssh_config".text = '' Loading
nixos/modules/security/wrappers/default.nix +0 −2 Original line number Diff line number Diff line Loading @@ -266,8 +266,6 @@ in in { # These are mount related wrappers that require the +s permission. fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount"; fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3"; mount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/mount"; umount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/umount"; }; Loading
