Loading nixos/modules/config/system-path.nix +36 −65 Original line number Diff line number Diff line Loading @@ -8,47 +8,41 @@ }: let corePackageNames = [ "acl" "attr" "bashInteractive" # bash with ncurses support "bzip2" "coreutils-full" "cpio" "curl" "diffutils" "findutils" "gawk" "getent" "getconf" "gnugrep" "gnupatch" "gnused" "gnutar" "gzip" "xz" "less" "libcap" "ncurses" "netcat" "mkpasswd" "procps" "su" "time" "util-linux" "which" "zstd" requiredPackages = map (pkg: lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg) [ pkgs.acl pkgs.attr pkgs.bashInteractive # bash with ncurses support pkgs.bzip2 pkgs.coreutils-full pkgs.cpio pkgs.curl pkgs.diffutils pkgs.findutils pkgs.gawk pkgs.stdenv.cc.libc pkgs.getent pkgs.getconf pkgs.gnugrep pkgs.gnupatch pkgs.gnused pkgs.gnutar pkgs.gzip pkgs.xz pkgs.less pkgs.libcap pkgs.ncurses pkgs.netcat config.programs.ssh.package pkgs.mkpasswd pkgs.procps pkgs.su pkgs.time pkgs.util-linux pkgs.which pkgs.zstd ]; corePackages = (map ( n: let pkg = pkgs.${n}; in lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg ) corePackageNames) ++ [ pkgs.stdenv.cc.libc ]; corePackagesText = "[ ${lib.concatMapStringsSep " " (n: "pkgs.${n}") corePackageNames} ]"; defaultPackageNames = [ "perl" Loading Loading @@ -86,29 +80,6 @@ in ''; }; corePackages = lib.mkOption { type = lib.types.listOf lib.types.package; default = corePackages; defaultText = lib.literalMD '' these packages, with their `meta.priority` numerically increased (thus lowering their installation priority): ${corePackagesText} ''; example = [ ]; description = '' Set of core packages for a normal interactive system. Only change this if you know what you're doing! Like with systemPackages, packages are installed to {file}`/run/current-system/sw`. They are automatically available to all users, and are automatically updated every time you rebuild the system configuration. ''; }; defaultPackages = lib.mkOption { type = lib.types.listOf lib.types.package; default = defaultPackages; Loading Loading @@ -180,7 +151,7 @@ in config = { environment.systemPackages = config.environment.corePackages ++ config.environment.defaultPackages; environment.systemPackages = requiredPackages ++ config.environment.defaultPackages; environment.pathsToLink = [ "/bin" Loading nixos/modules/programs/bash/bash.nix +103 −97 Original line number Diff line number Diff line Loading @@ -23,11 +23,15 @@ let in { imports = [ (lib.mkRemovedOptionModule [ "programs" "bash" "enable" ] "") ]; options = { programs.bash = { /* enable = lib.mkOption { default = true; description = '' Loading @@ -40,6 +44,7 @@ in ''; type = lib.types.bool; }; */ shellAliases = lib.mkOption { default = { }; Loading Loading @@ -124,7 +129,8 @@ in }; config = lib.mkIf cfg.enable { config = # lib.mkIf cfg.enable { programs.bash = { Loading nixos/modules/programs/fuse.nix +2 −31 Original line number Diff line number Diff line { config, lib, pkgs, ... }: { config, lib, ... }: let cfg = config.programs.fuse; Loading @@ -12,10 +7,6 @@ in meta.maintainers = with lib.maintainers; [ ]; options.programs.fuse = { enable = lib.mkEnableOption "fuse" // { default = true; }; mountMax = lib.mkOption { # In the C code it's an "int" (i.e. signed and at least 16 bit), but # negative numbers obviously make no sense: Loading @@ -36,30 +27,10 @@ in }; }; config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.fuse pkgs.fuse3 ]; security.wrappers = let mkSetuidRoot = source: { setuid = true; owner = "root"; group = "root"; inherit source; }; in { fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount"; fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3"; }; config = { environment.etc."fuse.conf".text = '' ${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other mount_max = ${builtins.toString cfg.mountMax} ''; }; } nixos/modules/programs/ssh.nix +0 −2 Original line number Diff line number Diff line Loading @@ -335,8 +335,6 @@ in } ); environment.corePackages = [ cfg.package ]; # SSH configuration. Slight duplication of the sshd_config # generation in the sshd service. environment.etc."ssh/ssh_config".text = '' Loading nixos/modules/security/wrappers/default.nix +2 −0 Original line number Diff line number Diff line Loading @@ -266,6 +266,8 @@ in in { # These are mount related wrappers that require the +s permission. fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount"; fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3"; mount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/mount"; umount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/umount"; }; Loading Loading
nixos/modules/config/system-path.nix +36 −65 Original line number Diff line number Diff line Loading @@ -8,47 +8,41 @@ }: let corePackageNames = [ "acl" "attr" "bashInteractive" # bash with ncurses support "bzip2" "coreutils-full" "cpio" "curl" "diffutils" "findutils" "gawk" "getent" "getconf" "gnugrep" "gnupatch" "gnused" "gnutar" "gzip" "xz" "less" "libcap" "ncurses" "netcat" "mkpasswd" "procps" "su" "time" "util-linux" "which" "zstd" requiredPackages = map (pkg: lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg) [ pkgs.acl pkgs.attr pkgs.bashInteractive # bash with ncurses support pkgs.bzip2 pkgs.coreutils-full pkgs.cpio pkgs.curl pkgs.diffutils pkgs.findutils pkgs.gawk pkgs.stdenv.cc.libc pkgs.getent pkgs.getconf pkgs.gnugrep pkgs.gnupatch pkgs.gnused pkgs.gnutar pkgs.gzip pkgs.xz pkgs.less pkgs.libcap pkgs.ncurses pkgs.netcat config.programs.ssh.package pkgs.mkpasswd pkgs.procps pkgs.su pkgs.time pkgs.util-linux pkgs.which pkgs.zstd ]; corePackages = (map ( n: let pkg = pkgs.${n}; in lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg ) corePackageNames) ++ [ pkgs.stdenv.cc.libc ]; corePackagesText = "[ ${lib.concatMapStringsSep " " (n: "pkgs.${n}") corePackageNames} ]"; defaultPackageNames = [ "perl" Loading Loading @@ -86,29 +80,6 @@ in ''; }; corePackages = lib.mkOption { type = lib.types.listOf lib.types.package; default = corePackages; defaultText = lib.literalMD '' these packages, with their `meta.priority` numerically increased (thus lowering their installation priority): ${corePackagesText} ''; example = [ ]; description = '' Set of core packages for a normal interactive system. Only change this if you know what you're doing! Like with systemPackages, packages are installed to {file}`/run/current-system/sw`. They are automatically available to all users, and are automatically updated every time you rebuild the system configuration. ''; }; defaultPackages = lib.mkOption { type = lib.types.listOf lib.types.package; default = defaultPackages; Loading Loading @@ -180,7 +151,7 @@ in config = { environment.systemPackages = config.environment.corePackages ++ config.environment.defaultPackages; environment.systemPackages = requiredPackages ++ config.environment.defaultPackages; environment.pathsToLink = [ "/bin" Loading
nixos/modules/programs/bash/bash.nix +103 −97 Original line number Diff line number Diff line Loading @@ -23,11 +23,15 @@ let in { imports = [ (lib.mkRemovedOptionModule [ "programs" "bash" "enable" ] "") ]; options = { programs.bash = { /* enable = lib.mkOption { default = true; description = '' Loading @@ -40,6 +44,7 @@ in ''; type = lib.types.bool; }; */ shellAliases = lib.mkOption { default = { }; Loading Loading @@ -124,7 +129,8 @@ in }; config = lib.mkIf cfg.enable { config = # lib.mkIf cfg.enable { programs.bash = { Loading
nixos/modules/programs/fuse.nix +2 −31 Original line number Diff line number Diff line { config, lib, pkgs, ... }: { config, lib, ... }: let cfg = config.programs.fuse; Loading @@ -12,10 +7,6 @@ in meta.maintainers = with lib.maintainers; [ ]; options.programs.fuse = { enable = lib.mkEnableOption "fuse" // { default = true; }; mountMax = lib.mkOption { # In the C code it's an "int" (i.e. signed and at least 16 bit), but # negative numbers obviously make no sense: Loading @@ -36,30 +27,10 @@ in }; }; config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.fuse pkgs.fuse3 ]; security.wrappers = let mkSetuidRoot = source: { setuid = true; owner = "root"; group = "root"; inherit source; }; in { fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount"; fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3"; }; config = { environment.etc."fuse.conf".text = '' ${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other mount_max = ${builtins.toString cfg.mountMax} ''; }; }
nixos/modules/programs/ssh.nix +0 −2 Original line number Diff line number Diff line Loading @@ -335,8 +335,6 @@ in } ); environment.corePackages = [ cfg.package ]; # SSH configuration. Slight duplication of the sshd_config # generation in the sshd service. environment.etc."ssh/ssh_config".text = '' Loading
nixos/modules/security/wrappers/default.nix +2 −0 Original line number Diff line number Diff line Loading @@ -266,6 +266,8 @@ in in { # These are mount related wrappers that require the +s permission. fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount"; fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3"; mount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/mount"; umount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/umount"; }; Loading
