Loading nixos/modules/config/i18n.nix +21 −24 Original line number Diff line number Diff line { config, lib, pkgs, ... }: with lib; { ###### interface options = { i18n = { glibcLocales = mkOption { type = types.path; glibcLocales = lib.mkOption { type = lib.types.path; default = pkgs.glibcLocales.override { allLocales = any (x: x == "all") config.i18n.supportedLocales; allLocales = lib.any (x: x == "all") config.i18n.supportedLocales; locales = config.i18n.supportedLocales; }; defaultText = literalExpression '' defaultText = lib.literalExpression '' pkgs.glibcLocales.override { allLocales = any (x: x == "all") config.i18n.supportedLocales; locales = config.i18n.supportedLocales; } ''; example = literalExpression "pkgs.glibcLocales"; example = lib.literalExpression "pkgs.glibcLocales"; description = '' Customized pkg.glibcLocales package. Loading @@ -29,8 +26,8 @@ with lib; ''; }; defaultLocale = mkOption { type = types.str; defaultLocale = lib.mkOption { type = lib.types.str; default = "en_US.UTF-8"; example = "nl_NL.UTF-8"; description = '' Loading @@ -40,8 +37,8 @@ with lib; ''; }; extraLocaleSettings = mkOption { type = types.attrsOf types.str; extraLocaleSettings = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = {}; example = { LC_MESSAGES = "en_US.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; description = '' Loading @@ -51,24 +48,24 @@ with lib; ''; }; supportedLocales = mkOption { type = types.listOf types.str; default = unique (builtins.map (l: (replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") ( supportedLocales = lib.mkOption { type = lib.types.listOf lib.types.str; default = lib.unique (builtins.map (l: (lib.replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") ( [ "C.UTF-8" "en_US.UTF-8" config.i18n.defaultLocale ] ++ (attrValues (filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings)) ] ++ (lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings)) )); defaultText = literalExpression '' unique (builtins.map (l: (replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") ( defaultText = lib.literalExpression '' lib.unique (builtins.map (l: (lib.replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") ( [ "C.UTF-8" "en_US.UTF-8" config.i18n.defaultLocale ] ++ (attrValues (filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings)) ] ++ (lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings)) )) ''; example = ["en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1"]; Loading @@ -91,14 +88,14 @@ with lib; environment.systemPackages = # We increase the priority a little, so that plain glibc in systemPackages can't win. optional (config.i18n.supportedLocales != []) (lib.setPrio (-1) config.i18n.glibcLocales); lib.optional (config.i18n.supportedLocales != []) (lib.setPrio (-1) config.i18n.glibcLocales); environment.sessionVariables = { LANG = config.i18n.defaultLocale; LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; } // config.i18n.extraLocaleSettings; systemd.globalEnvironment = mkIf (config.i18n.supportedLocales != []) { systemd.globalEnvironment = lib.mkIf (config.i18n.supportedLocales != []) { LOCALE_ARCHIVE = "${config.i18n.glibcLocales}/lib/locale/locale-archive"; }; Loading @@ -106,7 +103,7 @@ with lib; environment.etc."locale.conf".source = pkgs.writeText "locale.conf" '' LANG=${config.i18n.defaultLocale} ${concatStringsSep "\n" (mapAttrsToList (n: v: "${n}=${v}") config.i18n.extraLocaleSettings)} ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${n}=${v}") config.i18n.extraLocaleSettings)} ''; }; Loading nixos/modules/config/shells-environment.nix +40 −44 Original line number Diff line number Diff line # This module defines a global environment configuration and # a common configuration for all shells. { config, lib, utils, pkgs, ... }: with lib; let cfg = config.environment; Loading @@ -12,27 +8,27 @@ let exportedEnvVars = let absoluteVariables = mapAttrs (n: toList) cfg.variables; lib.mapAttrs (n: lib.toList) cfg.variables; suffixedVariables = flip mapAttrs cfg.profileRelativeEnvVars (envVar: listSuffixes: concatMap (profile: map (suffix: "${profile}${suffix}") listSuffixes) cfg.profiles lib.flip lib.mapAttrs cfg.profileRelativeEnvVars (envVar: listSuffixes: lib.concatMap (profile: map (suffix: "${profile}${suffix}") listSuffixes) cfg.profiles ); allVariables = zipAttrsWith (n: concatLists) [ absoluteVariables suffixedVariables ]; lib.zipAttrsWith (n: lib.concatLists) [ absoluteVariables suffixedVariables ]; exportVariables = mapAttrsToList (n: v: ''export ${n}="${concatStringsSep ":" v}"'') allVariables; lib.mapAttrsToList (n: v: ''export ${n}="${lib.concatStringsSep ":" v}"'') allVariables; in concatStringsSep "\n" exportVariables; lib.concatStringsSep "\n" exportVariables; in { options = { environment.variables = mkOption { environment.variables = lib.mkOption { default = {}; example = { EDITOR = "nvim"; VISUAL = "nvim"; }; description = '' Loading @@ -42,22 +38,22 @@ in strings. The latter is concatenated, interspersed with colon characters. ''; type = with types; attrsOf (oneOf [ (listOf (oneOf [ int str path ])) int str path ]); type = with lib.types; attrsOf (oneOf [ (listOf (oneOf [ int str path ])) int str path ]); apply = let toStr = v: if isPath v then "${v}" else toString v; in mapAttrs (n: v: if isList v then concatMapStringsSep ":" toStr v else toStr v); toStr = v: if lib.isPath v then "${v}" else toString v; in lib.mapAttrs (n: v: if lib.isList v then lib.concatMapStringsSep ":" toStr v else toStr v); }; environment.profiles = mkOption { environment.profiles = lib.mkOption { default = []; description = '' A list of profiles used to setup the global environment. ''; type = types.listOf types.str; type = lib.types.listOf lib.types.str; }; environment.profileRelativeEnvVars = mkOption { type = types.attrsOf (types.listOf types.str); environment.profileRelativeEnvVars = lib.mkOption { type = lib.types.attrsOf (lib.types.listOf lib.types.str); example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; }; description = '' Attribute set of environment variable. Each attribute maps to a list Loading @@ -68,7 +64,7 @@ in }; # !!! isn't there a better way? environment.extraInit = mkOption { environment.extraInit = lib.mkOption { default = ""; description = '' Shell script code called during global environment initialisation Loading @@ -76,40 +72,40 @@ in This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. ''; type = types.lines; type = lib.types.lines; }; environment.shellInit = mkOption { environment.shellInit = lib.mkOption { default = ""; description = '' Shell script code called during shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. ''; type = types.lines; type = lib.types.lines; }; environment.loginShellInit = mkOption { environment.loginShellInit = lib.mkOption { default = ""; description = '' Shell script code called during login shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. ''; type = types.lines; type = lib.types.lines; }; environment.interactiveShellInit = mkOption { environment.interactiveShellInit = lib.mkOption { default = ""; description = '' Shell script code called during interactive shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. ''; type = types.lines; type = lib.types.lines; }; environment.shellAliases = mkOption { environment.shellAliases = lib.mkOption { example = { l = null; ll = "ls -l"; }; description = '' An attribute set that maps aliases (the top level attribute names in Loading @@ -117,30 +113,30 @@ in aliases are added to all users' shells. Aliases mapped to `null` are ignored. ''; type = with types; attrsOf (nullOr (either str path)); type = with lib.types; attrsOf (nullOr (either str path)); }; environment.homeBinInPath = mkOption { environment.homeBinInPath = lib.mkOption { description = '' Include ~/bin/ in $PATH. ''; default = false; type = types.bool; type = lib.types.bool; }; environment.localBinInPath = mkOption { environment.localBinInPath = lib.mkOption { description = '' Add ~/.local/bin/ to $PATH ''; default = false; type = types.bool; type = lib.types.bool; }; environment.binsh = mkOption { environment.binsh = lib.mkOption { default = "${config.system.build.binsh}/bin/sh"; defaultText = literalExpression ''"''${config.system.build.binsh}/bin/sh"''; example = literalExpression ''"''${pkgs.dash}/bin/dash"''; type = types.path; defaultText = lib.literalExpression ''"''${config.system.build.binsh}/bin/sh"''; example = lib.literalExpression ''"''${pkgs.dash}/bin/dash"''; type = lib.types.path; visible = false; description = '' The shell executable that is linked system-wide to Loading @@ -150,15 +146,15 @@ in ''; }; environment.shells = mkOption { environment.shells = lib.mkOption { default = []; example = literalExpression "[ pkgs.bashInteractive pkgs.zsh ]"; example = lib.literalExpression "[ pkgs.bashInteractive pkgs.zsh ]"; description = '' A list of permissible login shells for user accounts. No need to mention `/bin/sh` here, it is placed into this list implicitly. ''; type = types.listOf (types.either types.shellPackage types.path); type = lib.types.listOf (lib.types.either lib.types.shellPackage lib.types.path); }; }; Loading @@ -175,7 +171,7 @@ in environment.profileRelativeEnvVars = config.environment.profileRelativeSessionVariables; environment.shellAliases = mapAttrs (name: mkDefault) { environment.shellAliases = lib.mapAttrs (name: lib.mkDefault) { ls = "ls --color=tty"; ll = "ls -l"; l = "ls -alh"; Loading @@ -183,7 +179,7 @@ in environment.etc.shells.text = '' ${concatStringsSep "\n" (map utils.toShellPath cfg.shells)} ${lib.concatStringsSep "\n" (map utils.toShellPath cfg.shells)} /bin/sh ''; Loading @@ -202,17 +198,17 @@ in ${cfg.extraInit} ${optionalString cfg.homeBinInPath '' ${lib.optionalString cfg.homeBinInPath '' # ~/bin if it exists overrides other bin directories. export PATH="$HOME/bin:$PATH" ''} ${optionalString cfg.localBinInPath '' ${lib.optionalString cfg.localBinInPath '' export PATH="$HOME/.local/bin:$PATH" ''} ''; system.activationScripts.binsh = stringAfter [ "stdio" ] system.activationScripts.binsh = lib.stringAfter [ "stdio" ] '' # Create the required /bin/sh symlink; otherwise lots of things # (notably the system() function) won't work. Loading nixos/modules/config/sysctl.nix +18 −21 Original line number Diff line number Diff line { config, lib, ... }: with lib; let sysctlOption = mkOptionType { sysctlOption = lib.mkOptionType { name = "sysctl option value"; check = val: let checkType = x: isBool x || isString x || isInt x || x == null; checkType = x: lib.isBool x || lib.isString x || lib.isInt x || x == null; in checkType val || (val._type or "" == "override" && checkType val.content); merge = loc: defs: mergeOneOption loc (filterOverrides defs); merge = loc: defs: lib.mergeOneOption loc (lib.filterOverrides defs); }; in Loading @@ -20,33 +17,33 @@ in options = { boot.kernel.sysctl = mkOption { boot.kernel.sysctl = lib.mkOption { type = let highestValueType = types.ints.unsigned // { highestValueType = lib.types.ints.unsigned // { merge = loc: defs: foldl lib.foldl (a: b: if b.value == null then null else lib.max a b.value) 0 (filterOverrides defs); (lib.filterOverrides defs); }; in types.submodule { freeformType = types.attrsOf sysctlOption; in lib.types.submodule { freeformType = lib.types.attrsOf sysctlOption; options = { "net.core.rmem_max" = mkOption { type = types.nullOr highestValueType; "net.core.rmem_max" = lib.mkOption { type = lib.types.nullOr highestValueType; default = null; description = "The maximum receive socket buffer size in bytes. In case of conflicting values, the highest will be used."; }; "net.core.wmem_max" = mkOption { type = types.nullOr highestValueType; "net.core.wmem_max" = lib.mkOption { type = lib.types.nullOr highestValueType; default = null; description = "The maximum send socket buffer size in bytes. In case of conflicting values, the highest will be used."; }; }; }; default = {}; example = literalExpression '' example = lib.literalExpression '' { "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; } ''; description = '' Loading @@ -66,8 +63,8 @@ in config = { environment.etc."sysctl.d/60-nixos.conf".text = concatStrings (mapAttrsToList (n: v: optionalString (v != null) "${n}=${if v == false then "0" else toString v}\n" lib.concatStrings (lib.mapAttrsToList (n: v: lib.optionalString (v != null) "${n}=${if v == false then "0" else toString v}\n" ) config.boot.kernel.sysctl); systemd.services.systemd-sysctl = Loading @@ -77,10 +74,10 @@ in # Hide kernel pointers (e.g. in /proc/modules) for unprivileged # users as these make it easier to exploit kernel vulnerabilities. boot.kernel.sysctl."kernel.kptr_restrict" = mkDefault 1; boot.kernel.sysctl."kernel.kptr_restrict" = lib.mkDefault 1; # Improve compatibility with applications that allocate # a lot of memory, like modern games boot.kernel.sysctl."vm.max_map_count" = mkDefault 1048576; boot.kernel.sysctl."vm.max_map_count" = lib.mkDefault 1048576; }; } nixos/modules/hardware/cpu/amd-microcode.nix +4 −11 Original line number Diff line number Diff line { config, lib, pkgs, ... }: with lib; { ###### interface options = { hardware.cpu.amd.updateMicrocode = mkOption { hardware.cpu.amd.updateMicrocode = lib.mkOption { default = false; type = types.bool; type = lib.types.bool; description = '' Update the CPU microcode for AMD processors. ''; Loading @@ -18,12 +13,10 @@ with lib; }; ###### implementation config = mkIf config.hardware.cpu.amd.updateMicrocode { config = lib.mkIf config.hardware.cpu.amd.updateMicrocode { # Microcode updates must be the first item prepended in the initrd boot.initrd.prepend = mkOrder 1 [ "${pkgs.microcodeAmd}/amd-ucode.img" ]; boot.initrd.prepend = lib.mkOrder 1 [ "${pkgs.microcodeAmd}/amd-ucode.img" ]; }; } nixos/modules/hardware/cpu/amd-sev.nix +16 −17 Original line number Diff line number Diff line { config, options, lib, ... }: with lib; let cfgSev = config.hardware.cpu.amd.sev; cfgSevGuest = config.hardware.cpu.amd.sevGuest; optionsFor = device: group: { enable = mkEnableOption "access to the AMD ${device} device"; user = mkOption { enable = lib.mkEnableOption "access to the AMD ${device} device"; user = lib.mkOption { description = "Owner to assign to the ${device} device."; type = types.str; type = lib.types.str; default = "root"; }; group = mkOption { group = lib.mkOption { description = "Group to assign to the ${device} device."; type = types.str; type = lib.types.str; default = group; }; mode = mkOption { mode = lib.mkOption { description = "Mode to set for the ${device} device."; type = types.str; type = lib.types.str; default = "0660"; }; }; Loading @@ -28,16 +27,16 @@ with lib; { options.hardware.cpu.amd.sevGuest = optionsFor "SEV guest" "sev-guest"; config = mkMerge [ config = lib.mkMerge [ # /dev/sev (mkIf cfgSev.enable { (lib.mkIf cfgSev.enable { assertions = [ { assertion = hasAttr cfgSev.user config.users.users; assertion = lib.hasAttr cfgSev.user config.users.users; message = "Given user does not exist"; } { assertion = (cfgSev.group == options.hardware.cpu.amd.sev.group.default) || (hasAttr cfgSev.group config.users.groups); assertion = (cfgSev.group == options.hardware.cpu.amd.sev.group.default) || (lib.hasAttr cfgSev.group config.users.groups); message = "Given group does not exist"; } ]; Loading @@ -46,7 +45,7 @@ with lib; { options kvm_amd sev=1 ''; users.groups = optionalAttrs (cfgSev.group == options.hardware.cpu.amd.sev.group.default) { users.groups = lib.optionalAttrs (cfgSev.group == options.hardware.cpu.amd.sev.group.default) { "${cfgSev.group}" = { }; }; Loading @@ -56,19 +55,19 @@ with lib; { }) # /dev/sev-guest (mkIf cfgSevGuest.enable { (lib.mkIf cfgSevGuest.enable { assertions = [ { assertion = hasAttr cfgSevGuest.user config.users.users; assertion = lib.hasAttr cfgSevGuest.user config.users.users; message = "Given user does not exist"; } { assertion = (cfgSevGuest.group == options.hardware.cpu.amd.sevGuest.group.default) || (hasAttr cfgSevGuest.group config.users.groups); assertion = (cfgSevGuest.group == options.hardware.cpu.amd.sevGuest.group.default) || (lib.hasAttr cfgSevGuest.group config.users.groups); message = "Given group does not exist"; } ]; users.groups = optionalAttrs (cfgSevGuest.group == options.hardware.cpu.amd.sevGuest.group.default) { users.groups = lib.optionalAttrs (cfgSevGuest.group == options.hardware.cpu.amd.sevGuest.group.default) { "${cfgSevGuest.group}" = { }; }; Loading Loading
nixos/modules/config/i18n.nix +21 −24 Original line number Diff line number Diff line { config, lib, pkgs, ... }: with lib; { ###### interface options = { i18n = { glibcLocales = mkOption { type = types.path; glibcLocales = lib.mkOption { type = lib.types.path; default = pkgs.glibcLocales.override { allLocales = any (x: x == "all") config.i18n.supportedLocales; allLocales = lib.any (x: x == "all") config.i18n.supportedLocales; locales = config.i18n.supportedLocales; }; defaultText = literalExpression '' defaultText = lib.literalExpression '' pkgs.glibcLocales.override { allLocales = any (x: x == "all") config.i18n.supportedLocales; locales = config.i18n.supportedLocales; } ''; example = literalExpression "pkgs.glibcLocales"; example = lib.literalExpression "pkgs.glibcLocales"; description = '' Customized pkg.glibcLocales package. Loading @@ -29,8 +26,8 @@ with lib; ''; }; defaultLocale = mkOption { type = types.str; defaultLocale = lib.mkOption { type = lib.types.str; default = "en_US.UTF-8"; example = "nl_NL.UTF-8"; description = '' Loading @@ -40,8 +37,8 @@ with lib; ''; }; extraLocaleSettings = mkOption { type = types.attrsOf types.str; extraLocaleSettings = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = {}; example = { LC_MESSAGES = "en_US.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; description = '' Loading @@ -51,24 +48,24 @@ with lib; ''; }; supportedLocales = mkOption { type = types.listOf types.str; default = unique (builtins.map (l: (replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") ( supportedLocales = lib.mkOption { type = lib.types.listOf lib.types.str; default = lib.unique (builtins.map (l: (lib.replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") ( [ "C.UTF-8" "en_US.UTF-8" config.i18n.defaultLocale ] ++ (attrValues (filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings)) ] ++ (lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings)) )); defaultText = literalExpression '' unique (builtins.map (l: (replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") ( defaultText = lib.literalExpression '' lib.unique (builtins.map (l: (lib.replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") ( [ "C.UTF-8" "en_US.UTF-8" config.i18n.defaultLocale ] ++ (attrValues (filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings)) ] ++ (lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings)) )) ''; example = ["en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1"]; Loading @@ -91,14 +88,14 @@ with lib; environment.systemPackages = # We increase the priority a little, so that plain glibc in systemPackages can't win. optional (config.i18n.supportedLocales != []) (lib.setPrio (-1) config.i18n.glibcLocales); lib.optional (config.i18n.supportedLocales != []) (lib.setPrio (-1) config.i18n.glibcLocales); environment.sessionVariables = { LANG = config.i18n.defaultLocale; LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; } // config.i18n.extraLocaleSettings; systemd.globalEnvironment = mkIf (config.i18n.supportedLocales != []) { systemd.globalEnvironment = lib.mkIf (config.i18n.supportedLocales != []) { LOCALE_ARCHIVE = "${config.i18n.glibcLocales}/lib/locale/locale-archive"; }; Loading @@ -106,7 +103,7 @@ with lib; environment.etc."locale.conf".source = pkgs.writeText "locale.conf" '' LANG=${config.i18n.defaultLocale} ${concatStringsSep "\n" (mapAttrsToList (n: v: "${n}=${v}") config.i18n.extraLocaleSettings)} ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${n}=${v}") config.i18n.extraLocaleSettings)} ''; }; Loading
nixos/modules/config/shells-environment.nix +40 −44 Original line number Diff line number Diff line # This module defines a global environment configuration and # a common configuration for all shells. { config, lib, utils, pkgs, ... }: with lib; let cfg = config.environment; Loading @@ -12,27 +8,27 @@ let exportedEnvVars = let absoluteVariables = mapAttrs (n: toList) cfg.variables; lib.mapAttrs (n: lib.toList) cfg.variables; suffixedVariables = flip mapAttrs cfg.profileRelativeEnvVars (envVar: listSuffixes: concatMap (profile: map (suffix: "${profile}${suffix}") listSuffixes) cfg.profiles lib.flip lib.mapAttrs cfg.profileRelativeEnvVars (envVar: listSuffixes: lib.concatMap (profile: map (suffix: "${profile}${suffix}") listSuffixes) cfg.profiles ); allVariables = zipAttrsWith (n: concatLists) [ absoluteVariables suffixedVariables ]; lib.zipAttrsWith (n: lib.concatLists) [ absoluteVariables suffixedVariables ]; exportVariables = mapAttrsToList (n: v: ''export ${n}="${concatStringsSep ":" v}"'') allVariables; lib.mapAttrsToList (n: v: ''export ${n}="${lib.concatStringsSep ":" v}"'') allVariables; in concatStringsSep "\n" exportVariables; lib.concatStringsSep "\n" exportVariables; in { options = { environment.variables = mkOption { environment.variables = lib.mkOption { default = {}; example = { EDITOR = "nvim"; VISUAL = "nvim"; }; description = '' Loading @@ -42,22 +38,22 @@ in strings. The latter is concatenated, interspersed with colon characters. ''; type = with types; attrsOf (oneOf [ (listOf (oneOf [ int str path ])) int str path ]); type = with lib.types; attrsOf (oneOf [ (listOf (oneOf [ int str path ])) int str path ]); apply = let toStr = v: if isPath v then "${v}" else toString v; in mapAttrs (n: v: if isList v then concatMapStringsSep ":" toStr v else toStr v); toStr = v: if lib.isPath v then "${v}" else toString v; in lib.mapAttrs (n: v: if lib.isList v then lib.concatMapStringsSep ":" toStr v else toStr v); }; environment.profiles = mkOption { environment.profiles = lib.mkOption { default = []; description = '' A list of profiles used to setup the global environment. ''; type = types.listOf types.str; type = lib.types.listOf lib.types.str; }; environment.profileRelativeEnvVars = mkOption { type = types.attrsOf (types.listOf types.str); environment.profileRelativeEnvVars = lib.mkOption { type = lib.types.attrsOf (lib.types.listOf lib.types.str); example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; }; description = '' Attribute set of environment variable. Each attribute maps to a list Loading @@ -68,7 +64,7 @@ in }; # !!! isn't there a better way? environment.extraInit = mkOption { environment.extraInit = lib.mkOption { default = ""; description = '' Shell script code called during global environment initialisation Loading @@ -76,40 +72,40 @@ in This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. ''; type = types.lines; type = lib.types.lines; }; environment.shellInit = mkOption { environment.shellInit = lib.mkOption { default = ""; description = '' Shell script code called during shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. ''; type = types.lines; type = lib.types.lines; }; environment.loginShellInit = mkOption { environment.loginShellInit = lib.mkOption { default = ""; description = '' Shell script code called during login shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. ''; type = types.lines; type = lib.types.lines; }; environment.interactiveShellInit = mkOption { environment.interactiveShellInit = lib.mkOption { default = ""; description = '' Shell script code called during interactive shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. ''; type = types.lines; type = lib.types.lines; }; environment.shellAliases = mkOption { environment.shellAliases = lib.mkOption { example = { l = null; ll = "ls -l"; }; description = '' An attribute set that maps aliases (the top level attribute names in Loading @@ -117,30 +113,30 @@ in aliases are added to all users' shells. Aliases mapped to `null` are ignored. ''; type = with types; attrsOf (nullOr (either str path)); type = with lib.types; attrsOf (nullOr (either str path)); }; environment.homeBinInPath = mkOption { environment.homeBinInPath = lib.mkOption { description = '' Include ~/bin/ in $PATH. ''; default = false; type = types.bool; type = lib.types.bool; }; environment.localBinInPath = mkOption { environment.localBinInPath = lib.mkOption { description = '' Add ~/.local/bin/ to $PATH ''; default = false; type = types.bool; type = lib.types.bool; }; environment.binsh = mkOption { environment.binsh = lib.mkOption { default = "${config.system.build.binsh}/bin/sh"; defaultText = literalExpression ''"''${config.system.build.binsh}/bin/sh"''; example = literalExpression ''"''${pkgs.dash}/bin/dash"''; type = types.path; defaultText = lib.literalExpression ''"''${config.system.build.binsh}/bin/sh"''; example = lib.literalExpression ''"''${pkgs.dash}/bin/dash"''; type = lib.types.path; visible = false; description = '' The shell executable that is linked system-wide to Loading @@ -150,15 +146,15 @@ in ''; }; environment.shells = mkOption { environment.shells = lib.mkOption { default = []; example = literalExpression "[ pkgs.bashInteractive pkgs.zsh ]"; example = lib.literalExpression "[ pkgs.bashInteractive pkgs.zsh ]"; description = '' A list of permissible login shells for user accounts. No need to mention `/bin/sh` here, it is placed into this list implicitly. ''; type = types.listOf (types.either types.shellPackage types.path); type = lib.types.listOf (lib.types.either lib.types.shellPackage lib.types.path); }; }; Loading @@ -175,7 +171,7 @@ in environment.profileRelativeEnvVars = config.environment.profileRelativeSessionVariables; environment.shellAliases = mapAttrs (name: mkDefault) { environment.shellAliases = lib.mapAttrs (name: lib.mkDefault) { ls = "ls --color=tty"; ll = "ls -l"; l = "ls -alh"; Loading @@ -183,7 +179,7 @@ in environment.etc.shells.text = '' ${concatStringsSep "\n" (map utils.toShellPath cfg.shells)} ${lib.concatStringsSep "\n" (map utils.toShellPath cfg.shells)} /bin/sh ''; Loading @@ -202,17 +198,17 @@ in ${cfg.extraInit} ${optionalString cfg.homeBinInPath '' ${lib.optionalString cfg.homeBinInPath '' # ~/bin if it exists overrides other bin directories. export PATH="$HOME/bin:$PATH" ''} ${optionalString cfg.localBinInPath '' ${lib.optionalString cfg.localBinInPath '' export PATH="$HOME/.local/bin:$PATH" ''} ''; system.activationScripts.binsh = stringAfter [ "stdio" ] system.activationScripts.binsh = lib.stringAfter [ "stdio" ] '' # Create the required /bin/sh symlink; otherwise lots of things # (notably the system() function) won't work. Loading
nixos/modules/config/sysctl.nix +18 −21 Original line number Diff line number Diff line { config, lib, ... }: with lib; let sysctlOption = mkOptionType { sysctlOption = lib.mkOptionType { name = "sysctl option value"; check = val: let checkType = x: isBool x || isString x || isInt x || x == null; checkType = x: lib.isBool x || lib.isString x || lib.isInt x || x == null; in checkType val || (val._type or "" == "override" && checkType val.content); merge = loc: defs: mergeOneOption loc (filterOverrides defs); merge = loc: defs: lib.mergeOneOption loc (lib.filterOverrides defs); }; in Loading @@ -20,33 +17,33 @@ in options = { boot.kernel.sysctl = mkOption { boot.kernel.sysctl = lib.mkOption { type = let highestValueType = types.ints.unsigned // { highestValueType = lib.types.ints.unsigned // { merge = loc: defs: foldl lib.foldl (a: b: if b.value == null then null else lib.max a b.value) 0 (filterOverrides defs); (lib.filterOverrides defs); }; in types.submodule { freeformType = types.attrsOf sysctlOption; in lib.types.submodule { freeformType = lib.types.attrsOf sysctlOption; options = { "net.core.rmem_max" = mkOption { type = types.nullOr highestValueType; "net.core.rmem_max" = lib.mkOption { type = lib.types.nullOr highestValueType; default = null; description = "The maximum receive socket buffer size in bytes. In case of conflicting values, the highest will be used."; }; "net.core.wmem_max" = mkOption { type = types.nullOr highestValueType; "net.core.wmem_max" = lib.mkOption { type = lib.types.nullOr highestValueType; default = null; description = "The maximum send socket buffer size in bytes. In case of conflicting values, the highest will be used."; }; }; }; default = {}; example = literalExpression '' example = lib.literalExpression '' { "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; } ''; description = '' Loading @@ -66,8 +63,8 @@ in config = { environment.etc."sysctl.d/60-nixos.conf".text = concatStrings (mapAttrsToList (n: v: optionalString (v != null) "${n}=${if v == false then "0" else toString v}\n" lib.concatStrings (lib.mapAttrsToList (n: v: lib.optionalString (v != null) "${n}=${if v == false then "0" else toString v}\n" ) config.boot.kernel.sysctl); systemd.services.systemd-sysctl = Loading @@ -77,10 +74,10 @@ in # Hide kernel pointers (e.g. in /proc/modules) for unprivileged # users as these make it easier to exploit kernel vulnerabilities. boot.kernel.sysctl."kernel.kptr_restrict" = mkDefault 1; boot.kernel.sysctl."kernel.kptr_restrict" = lib.mkDefault 1; # Improve compatibility with applications that allocate # a lot of memory, like modern games boot.kernel.sysctl."vm.max_map_count" = mkDefault 1048576; boot.kernel.sysctl."vm.max_map_count" = lib.mkDefault 1048576; }; }
nixos/modules/hardware/cpu/amd-microcode.nix +4 −11 Original line number Diff line number Diff line { config, lib, pkgs, ... }: with lib; { ###### interface options = { hardware.cpu.amd.updateMicrocode = mkOption { hardware.cpu.amd.updateMicrocode = lib.mkOption { default = false; type = types.bool; type = lib.types.bool; description = '' Update the CPU microcode for AMD processors. ''; Loading @@ -18,12 +13,10 @@ with lib; }; ###### implementation config = mkIf config.hardware.cpu.amd.updateMicrocode { config = lib.mkIf config.hardware.cpu.amd.updateMicrocode { # Microcode updates must be the first item prepended in the initrd boot.initrd.prepend = mkOrder 1 [ "${pkgs.microcodeAmd}/amd-ucode.img" ]; boot.initrd.prepend = lib.mkOrder 1 [ "${pkgs.microcodeAmd}/amd-ucode.img" ]; }; }
nixos/modules/hardware/cpu/amd-sev.nix +16 −17 Original line number Diff line number Diff line { config, options, lib, ... }: with lib; let cfgSev = config.hardware.cpu.amd.sev; cfgSevGuest = config.hardware.cpu.amd.sevGuest; optionsFor = device: group: { enable = mkEnableOption "access to the AMD ${device} device"; user = mkOption { enable = lib.mkEnableOption "access to the AMD ${device} device"; user = lib.mkOption { description = "Owner to assign to the ${device} device."; type = types.str; type = lib.types.str; default = "root"; }; group = mkOption { group = lib.mkOption { description = "Group to assign to the ${device} device."; type = types.str; type = lib.types.str; default = group; }; mode = mkOption { mode = lib.mkOption { description = "Mode to set for the ${device} device."; type = types.str; type = lib.types.str; default = "0660"; }; }; Loading @@ -28,16 +27,16 @@ with lib; { options.hardware.cpu.amd.sevGuest = optionsFor "SEV guest" "sev-guest"; config = mkMerge [ config = lib.mkMerge [ # /dev/sev (mkIf cfgSev.enable { (lib.mkIf cfgSev.enable { assertions = [ { assertion = hasAttr cfgSev.user config.users.users; assertion = lib.hasAttr cfgSev.user config.users.users; message = "Given user does not exist"; } { assertion = (cfgSev.group == options.hardware.cpu.amd.sev.group.default) || (hasAttr cfgSev.group config.users.groups); assertion = (cfgSev.group == options.hardware.cpu.amd.sev.group.default) || (lib.hasAttr cfgSev.group config.users.groups); message = "Given group does not exist"; } ]; Loading @@ -46,7 +45,7 @@ with lib; { options kvm_amd sev=1 ''; users.groups = optionalAttrs (cfgSev.group == options.hardware.cpu.amd.sev.group.default) { users.groups = lib.optionalAttrs (cfgSev.group == options.hardware.cpu.amd.sev.group.default) { "${cfgSev.group}" = { }; }; Loading @@ -56,19 +55,19 @@ with lib; { }) # /dev/sev-guest (mkIf cfgSevGuest.enable { (lib.mkIf cfgSevGuest.enable { assertions = [ { assertion = hasAttr cfgSevGuest.user config.users.users; assertion = lib.hasAttr cfgSevGuest.user config.users.users; message = "Given user does not exist"; } { assertion = (cfgSevGuest.group == options.hardware.cpu.amd.sevGuest.group.default) || (hasAttr cfgSevGuest.group config.users.groups); assertion = (cfgSevGuest.group == options.hardware.cpu.amd.sevGuest.group.default) || (lib.hasAttr cfgSevGuest.group config.users.groups); message = "Given group does not exist"; } ]; users.groups = optionalAttrs (cfgSevGuest.group == options.hardware.cpu.amd.sevGuest.group.default) { users.groups = lib.optionalAttrs (cfgSevGuest.group == options.hardware.cpu.amd.sevGuest.group.default) { "${cfgSevGuest.group}" = { }; }; Loading
