Loading nixos/modules/config/locale.nix +9 −0 Original line number Diff line number Diff line Loading @@ -96,6 +96,15 @@ in // lib.optionalAttrs (config.time.timeZone != null) { localtime.source = "/etc/zoneinfo/${config.time.timeZone}"; localtime.mode = "direct-symlink"; } // lib.optionalAttrs config.time.hardwareClockInLocalTime { # Mirrors timedated # https://github.com/systemd/systemd/blob/afaca649ad678031a46182b0cce667cbbbf47a6d/src/timedate/timedated.c#L325-L396 adjtime.text = '' 0.0 0 0 0 LOCAL ''; }; }; Loading nixos/modules/config/nsswitch.nix +29 −0 Original line number Diff line number Diff line Loading @@ -97,6 +97,30 @@ ''; default = [ ]; }; subuid = lib.mkOption { type = lib.types.listOf lib.types.str; description = '' List of subuid entries to configure in {file}`/etc/nsswitch.conf`. Note that "files" is always prepended. This option only takes effect if nscd is enabled. ''; default = [ ]; }; subgid = lib.mkOption { type = lib.types.listOf lib.types.str; description = '' List of subgid entries to configure in {file}`/etc/nsswitch.conf`. Note that "files" is always prepended. This option only takes effect if nscd is enabled. ''; default = [ ]; }; }; }; Loading Loading @@ -133,6 +157,9 @@ services: ${lib.concatStringsSep " " config.system.nssDatabases.services} protocols: files rpc: files subuid: ${lib.concatStringsSep " " config.system.nssDatabases.subuid} subgid: ${lib.concatStringsSep " " config.system.nssDatabases.subgid} ''; system.nssDatabases = { Loading @@ -145,6 +172,8 @@ (lib.mkOrder 1499 [ "dns" ]) ]; services = lib.mkBefore [ "files" ]; subuid = lib.mkBefore [ "files" ]; subgid = lib.mkBefore [ "files" ]; }; }; } nixos/modules/config/power-management.nix +66 −34 Original line number Diff line number Diff line Loading @@ -25,6 +25,9 @@ in resumeCommands = lib.mkOption { type = lib.types.lines; default = ""; example = lib.literalExpression '' "''${pkgs.util-linux}/bin/rfkill unblock all" ''; description = "Commands executed after the system resumes from suspend-to-RAM."; }; Loading @@ -32,7 +35,7 @@ in type = lib.types.lines; default = ""; example = lib.literalExpression '' "''${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda" "''${pkgs.powertop}/bin/powertop --auto-tune" ''; description = '' Commands executed when the machine powers up. That is, Loading @@ -54,6 +57,18 @@ in ''; }; bootCommands = lib.mkOption { type = lib.types.lines; default = ""; example = lib.literalExpression '' "''${pkgs.networkmanager}/bin/nmcli radio wifi on" ''; description = '' Commands executed only once after initial boot. These commands are executed before `powerUpCommands`. ''; }; }; }; Loading Loading @@ -83,42 +98,59 @@ in unitConfig.StopWhenUnneeded = true; }; systemd.services = { # Service executed before suspending/hibernating. systemd.services.pre-sleep = { pre-sleep = { description = "Pre-Sleep Actions"; wantedBy = [ "sleep.target" ]; before = [ "sleep.target" ]; script = cfg.powerDownCommands; serviceConfig.Type = "oneshot"; }; # Service executed after resuming from suspend/hibernate post-resume = { description = "Post-Resume Actions"; # Pulled in by post-resume.service above after = [ "sleep.target" ]; script = '' ${cfg.powerDownCommands} /run/current-system/systemd/bin/systemctl try-restart --no-block post-resume.target ${cfg.resumeCommands} ${cfg.powerUpCommands} ''; serviceConfig.Type = "oneshot"; }; systemd.services.post-boot = { description = "Post-boot Actions"; # Service executed before shutdown pre-shutdown = { description = "Pre-Shutdown Actions"; wantedBy = [ "shutdown.target" ]; before = [ "shutdown.target" ]; script = cfg.powerDownCommands; serviceConfig.Type = "oneshot"; unitConfig.DefaultDependencies = false; }; # Service executed after boot post-boot = { description = "Post-Boot Actions"; # It's not well defined at what point in the bootup sequence this should run # we should eventually just remove this. wantedBy = [ "multi-user.target" ]; restartIfChanged = false; script = '' ${cfg.bootCommands} ${cfg.powerUpCommands} ''; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' ${cfg.powerUpCommands} ''; }; systemd.services.post-resume = { description = "Post-Resume Actions"; # Pulled in by post-resume.service above after = [ "sleep.target" ]; script = '' /run/current-system/systemd/bin/systemctl try-restart --no-block post-resume.target ${cfg.resumeCommands} ${cfg.powerUpCommands} ''; serviceConfig.Type = "oneshot"; }; }; Loading nixos/modules/security/ipa.nix +1 −0 Original line number Diff line number Diff line Loading @@ -307,6 +307,7 @@ in allowed_uids = lib.concatStringsSep ", " cfg.ifpAllowedUids; }; }; subIDsIntegration = true; }; networking.timeServers = lib.optional cfg.useAsTimeserver cfg.server; Loading nixos/modules/services/misc/sssd.nix +14 −0 Original line number Diff line number Diff line Loading @@ -93,6 +93,15 @@ in Kerberos will be configured to cache credentials in SSS. ''; }; subIDsIntegration = lib.mkOption { type = lib.types.bool; default = false; description = '' Whether to use SSS as a source for subuid and subgid. ''; }; environmentFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; Loading Loading @@ -236,6 +245,11 @@ in services.openssh.authorizedKeysCommand = "/etc/ssh/authorized_keys_command"; services.openssh.authorizedKeysCommandUser = "nobody"; }) (lib.mkIf cfg.subIDsIntegration { system.nssDatabases.subuid = [ "sss" ]; system.nssDatabases.subgid = [ "sss" ]; }) ]; meta.maintainers = with lib.maintainers; [ bbigras ]; Loading Loading
nixos/modules/config/locale.nix +9 −0 Original line number Diff line number Diff line Loading @@ -96,6 +96,15 @@ in // lib.optionalAttrs (config.time.timeZone != null) { localtime.source = "/etc/zoneinfo/${config.time.timeZone}"; localtime.mode = "direct-symlink"; } // lib.optionalAttrs config.time.hardwareClockInLocalTime { # Mirrors timedated # https://github.com/systemd/systemd/blob/afaca649ad678031a46182b0cce667cbbbf47a6d/src/timedate/timedated.c#L325-L396 adjtime.text = '' 0.0 0 0 0 LOCAL ''; }; }; Loading
nixos/modules/config/nsswitch.nix +29 −0 Original line number Diff line number Diff line Loading @@ -97,6 +97,30 @@ ''; default = [ ]; }; subuid = lib.mkOption { type = lib.types.listOf lib.types.str; description = '' List of subuid entries to configure in {file}`/etc/nsswitch.conf`. Note that "files" is always prepended. This option only takes effect if nscd is enabled. ''; default = [ ]; }; subgid = lib.mkOption { type = lib.types.listOf lib.types.str; description = '' List of subgid entries to configure in {file}`/etc/nsswitch.conf`. Note that "files" is always prepended. This option only takes effect if nscd is enabled. ''; default = [ ]; }; }; }; Loading Loading @@ -133,6 +157,9 @@ services: ${lib.concatStringsSep " " config.system.nssDatabases.services} protocols: files rpc: files subuid: ${lib.concatStringsSep " " config.system.nssDatabases.subuid} subgid: ${lib.concatStringsSep " " config.system.nssDatabases.subgid} ''; system.nssDatabases = { Loading @@ -145,6 +172,8 @@ (lib.mkOrder 1499 [ "dns" ]) ]; services = lib.mkBefore [ "files" ]; subuid = lib.mkBefore [ "files" ]; subgid = lib.mkBefore [ "files" ]; }; }; }
nixos/modules/config/power-management.nix +66 −34 Original line number Diff line number Diff line Loading @@ -25,6 +25,9 @@ in resumeCommands = lib.mkOption { type = lib.types.lines; default = ""; example = lib.literalExpression '' "''${pkgs.util-linux}/bin/rfkill unblock all" ''; description = "Commands executed after the system resumes from suspend-to-RAM."; }; Loading @@ -32,7 +35,7 @@ in type = lib.types.lines; default = ""; example = lib.literalExpression '' "''${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda" "''${pkgs.powertop}/bin/powertop --auto-tune" ''; description = '' Commands executed when the machine powers up. That is, Loading @@ -54,6 +57,18 @@ in ''; }; bootCommands = lib.mkOption { type = lib.types.lines; default = ""; example = lib.literalExpression '' "''${pkgs.networkmanager}/bin/nmcli radio wifi on" ''; description = '' Commands executed only once after initial boot. These commands are executed before `powerUpCommands`. ''; }; }; }; Loading Loading @@ -83,42 +98,59 @@ in unitConfig.StopWhenUnneeded = true; }; systemd.services = { # Service executed before suspending/hibernating. systemd.services.pre-sleep = { pre-sleep = { description = "Pre-Sleep Actions"; wantedBy = [ "sleep.target" ]; before = [ "sleep.target" ]; script = cfg.powerDownCommands; serviceConfig.Type = "oneshot"; }; # Service executed after resuming from suspend/hibernate post-resume = { description = "Post-Resume Actions"; # Pulled in by post-resume.service above after = [ "sleep.target" ]; script = '' ${cfg.powerDownCommands} /run/current-system/systemd/bin/systemctl try-restart --no-block post-resume.target ${cfg.resumeCommands} ${cfg.powerUpCommands} ''; serviceConfig.Type = "oneshot"; }; systemd.services.post-boot = { description = "Post-boot Actions"; # Service executed before shutdown pre-shutdown = { description = "Pre-Shutdown Actions"; wantedBy = [ "shutdown.target" ]; before = [ "shutdown.target" ]; script = cfg.powerDownCommands; serviceConfig.Type = "oneshot"; unitConfig.DefaultDependencies = false; }; # Service executed after boot post-boot = { description = "Post-Boot Actions"; # It's not well defined at what point in the bootup sequence this should run # we should eventually just remove this. wantedBy = [ "multi-user.target" ]; restartIfChanged = false; script = '' ${cfg.bootCommands} ${cfg.powerUpCommands} ''; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; script = '' ${cfg.powerUpCommands} ''; }; systemd.services.post-resume = { description = "Post-Resume Actions"; # Pulled in by post-resume.service above after = [ "sleep.target" ]; script = '' /run/current-system/systemd/bin/systemctl try-restart --no-block post-resume.target ${cfg.resumeCommands} ${cfg.powerUpCommands} ''; serviceConfig.Type = "oneshot"; }; }; Loading
nixos/modules/security/ipa.nix +1 −0 Original line number Diff line number Diff line Loading @@ -307,6 +307,7 @@ in allowed_uids = lib.concatStringsSep ", " cfg.ifpAllowedUids; }; }; subIDsIntegration = true; }; networking.timeServers = lib.optional cfg.useAsTimeserver cfg.server; Loading
nixos/modules/services/misc/sssd.nix +14 −0 Original line number Diff line number Diff line Loading @@ -93,6 +93,15 @@ in Kerberos will be configured to cache credentials in SSS. ''; }; subIDsIntegration = lib.mkOption { type = lib.types.bool; default = false; description = '' Whether to use SSS as a source for subuid and subgid. ''; }; environmentFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; Loading Loading @@ -236,6 +245,11 @@ in services.openssh.authorizedKeysCommand = "/etc/ssh/authorized_keys_command"; services.openssh.authorizedKeysCommandUser = "nobody"; }) (lib.mkIf cfg.subIDsIntegration { system.nssDatabases.subuid = [ "sss" ]; system.nssDatabases.subgid = [ "sss" ]; }) ]; meta.maintainers = with lib.maintainers; [ bbigras ]; Loading
