mirrors/nix-darwin
mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2025-04-09 10:42:53 +00:00
Code Activity

Merge remote-tracking branch 'origin/master' into fonts

Browse source
This commit is contained in:
Quentin Smith 2023-07-19 17:04:42 -04:00
commit f1a206c960
No known key found for this signature in database
GPG key ID: 04EE05A8FCEFB697
138 changed files with 2798 additions and 2604 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/build.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
build:
runs-on: macos-12
steps:
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v17
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- run: |
nix build ${{ github.event.client_payload.args }} -vL

4
.github/workflows/debug.yml vendored
View file

@ -12,8 +12,8 @@ jobs:
debug:
runs-on: macos-12
steps:
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v17
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- run: |
nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
nix-channel --update

246
.github/workflows/test.yml vendored
View file

@ -2,33 +2,70 @@ name: "Test"
on:
pull_request:
push:
env:
CURRENT_STABLE_CHANNEL: nixpkgs-23.05-darwin
jobs:
tests:
test-stable:
runs-on: macos-12
timeout-minutes: 30
steps:
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v17
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-22.05-darwin -I darwin=. -A tests
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-22.05-darwin -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-22.05-darwin -I darwin=. -A examples.simple
install:
- uses: actions/checkout@v3
- name: Install nix corresponding to latest stable channel
uses: cachix/install-nix-action@v22
with:
install_url: https://github.com/nix-community/nix-unstable-installer/releases/download/nix-2.10.0pre20220822_7c3ab57/install
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A tests
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples.simple
test-unstable:
runs-on: macos-12
timeout-minutes: 30
steps:
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v17
- run: |
nix-channel --add https://nixos.org/channels/nixpkgs-22.05-darwin nixpkgs
- uses: actions/checkout@v3
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v22
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A tests
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples.simple
install-against-stable:
runs-on: macos-12
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- name: Install nix corresponding to latest stable channel
uses: cachix/install-nix-action@v22
with:
install_url: https://github.com/nix-community/nix-unstable-installer/releases/download/nix-2.10.0pre20220822_7c3ab57/install
nix_path: nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }}
- name: Install ${{ env.CURRENT_STABLE_CHANNEL }} channel
run: |
nix-channel --add https://nixos.org/channels/${{ env.CURRENT_STABLE_CHANNEL }} nixpkgs
nix-channel --update
- run: |
- name: Install nix-darwin and test
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
# We run nix-darwin twice to test that it can create darwin-configuration correctly for us
# but we expect it to fail setting up /etc/nix/nix.conf
nix-shell -A installer || true
nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
"s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
~/.nixpkgs/darwin-configuration.nix
nix-shell -A installer
nix-shell -A installer.check
- run: |
- name: Build and activate default derivation
run: |
. /etc/static/bashrc
darwin-rebuild switch -I darwin=.
- run: |
- name: Test uninstallation of nix-darwin
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
nix-shell -A uninstaller
nix-shell -A uninstaller.check
@ -38,32 +75,79 @@ jobs:
timeout-minutes: 15
with:
limit-access-to-actor: true
install-flake:
install-against-unstable:
runs-on: macos-12
timeout-minutes: 60
timeout-minutes: 30
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v22
with:
fetch-depth: 0
- uses: cachix/install-nix-action@v17
with:
install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.10.0pre20220808_73fde9e/install
extra_nix_config: |
experimental-features = nix-command flakes
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- run: |
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: Install nixpkgs-unstable channel
run: |
nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
nix-channel --update
- run: |
- name: Install nix-darwin and test
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
# We run nix-darwin twice to test that it can create darwin-configuration correctly for us
# but we expect it to fail setting up /etc/nix/nix.conf
nix-shell -A installer || true
nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
"s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
~/.nixpkgs/darwin-configuration.nix
nix-shell -A installer
- run: |
nix build ./modules/examples#darwinConfigurations.simple.system --override-input darwin .
- run: |
./result/sw/bin/darwin-rebuild switch --flake ./modules/examples#simple --override-input darwin .
- run: |
nix-shell -A installer.check
- name: Build and activate default derivation
run: |
. /etc/static/bashrc
darwin-rebuild build --flake ./modules/examples#simple --override-input darwin .
darwin-rebuild switch -I darwin=.
- name: Test uninstallation of nix-darwin
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
nix-shell -A uninstaller
nix-shell -A uninstaller.check
- name: Debugging tmate session
if: ${{ failure() }}
uses: mxschmitt/action-tmate@v3
timeout-minutes: 15
with:
limit-access-to-actor: true
install-flake-against-stable:
runs-on: macos-12
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- name: Install nix version corresponding to latest stable channel
uses: cachix/install-nix-action@v22
with:
install_url: https://github.com/nix-community/nix-unstable-installer/releases/download/nix-2.10.0pre20220822_7c3ab57/install
- name: Install nix-darwin
run: |
mkdir -p ~/.config/nix-darwin
darwin=$(pwd)
pushd ~/.config/nix-darwin
nix flake init -t $darwin
nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
"s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
flake.nix
popd
nix run .#darwin-rebuild -- \
switch --flake ~/.config/nix-darwin#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
- name: Rebuild and activate simple flake, but this time using nix-darwin's flake interface
run: |
. /etc/static/bashrc
darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
- name: Test git submodules
run: |
. /etc/static/bashrc
@ -78,10 +162,11 @@ jobs:
popd
cp -a ./modules/examples/. /tmp/test-nix-darwin-submodules
cp -a ./modules/examples/flake/flake.nix /tmp/test-nix-darwin-submodules
pushd /tmp/test-nix-darwin-submodules
/usr/bin/sed -i.bak \
'\#modules = \[#s#darwin.darwinModules.simple#./simple.nix#' \
'\#modules = \[#s#configuration#configuration ./simple.nix#' \
./flake.nix
/usr/bin/sed -i.bak \
's#pkgs.vim#pkgs."${import ./submodule-test/hello.nix}"#' \
@ -96,7 +181,8 @@ jobs:
# Should fail
darwin-rebuild build \
--flake /tmp/test-nix-darwin-submodules#simple \
--override-input darwin . \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
&& {
printf 'succeeded while expecting failure due to submodule\n' >/dev/stderr
exit 1
@ -104,7 +190,8 @@ jobs:
# Should also fail
darwin-rebuild build \
--flake /tmp/test-nix-darwin-submodules?submodules=0#simple \
--override-input darwin . \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
&& {
printf 'succeeded while expecting failure due to submodule\n' >/dev/stderr
exit 1
@ -113,8 +200,93 @@ jobs:
# Should succeed
darwin-rebuild build \
--flake /tmp/test-nix-darwin-submodules?submodules=1#simple \
--override-input darwin .
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
install-flake-against-unstable:
runs-on: macos-12
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v22
- name: Install nix-darwin
run: |
mkdir -p ~/.config/nix-darwin
darwin=$(pwd)
pushd ~/.config/nix-darwin
nix flake init -t $darwin
nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
"s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
flake.nix
popd
nix run .#darwin-rebuild -- \
switch --flake ~/.config/nix-darwin#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
- name: Rebuild and activate simple flake, but this time using nix-darwin's flake interface
run: |
. /etc/static/bashrc
darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/nixpkgs-unstable
- name: Test git submodules
run: |
. /etc/static/bashrc
mkdir -p /tmp/{test-nix-darwin-submodules,example-submodule}
pushd /tmp/example-submodule
echo '"hello"' > hello.nix
git init
git add .
git commit -m "add a submodule we will import"
popd
cp -a ./modules/examples/. /tmp/test-nix-darwin-submodules
cp -a ./modules/examples/flake/flake.nix /tmp/test-nix-darwin-submodules
pushd /tmp/test-nix-darwin-submodules
/usr/bin/sed -i.bak \
'\#modules = \[#s#configuration#configuration ./simple.nix#' \
./flake.nix
/usr/bin/sed -i.bak \
's#pkgs.vim#pkgs."${import ./submodule-test/hello.nix}"#' \
./simple.nix
git init
git add flake.nix simple.nix
git \
-c protocol.file.allow=always \
submodule add /tmp/example-submodule submodule-test
popd
# Should fail
darwin-rebuild build \
--flake /tmp/test-nix-darwin-submodules#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/nixpkgs-unstable \
&& {
printf 'succeeded while expecting failure due to submodule\n' >/dev/stderr
exit 1
}
# Should also fail
darwin-rebuild build \
--flake /tmp/test-nix-darwin-submodules?submodules=0#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/nixpkgs-unstable \
&& {
printf 'succeeded while expecting failure due to submodule\n' >/dev/stderr
exit 1
}
# Should succeed
darwin-rebuild build \
--flake /tmp/test-nix-darwin-submodules?submodules=1#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
# Should also succeed
darwin-rebuild build \
--flake git+file:///tmp/test-nix-darwin-submodules?submodules=1#simple \
--override-input darwin .
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/nixpkgs-unstable

8
.github/workflows/update-manual.yml vendored
View file

@ -17,14 +17,11 @@ jobs:
fetch-depth: 0
- name: Install Nix
uses: cachix/install-nix-action@v17
with:
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
uses: cachix/install-nix-action@v22
- name: Build manual
run: |
nix-build ./release.nix -I nixpkgs=channel:nixpkgs-22.05-darwin -I darwin=. -A manualHTML
nix-build ./release.nix -I nixpkgs=channel:nixpkgs-23.05-darwin -I darwin=. -A manualHTML
- name: Push update to manual
run: |
@ -32,6 +29,7 @@ jobs:
rm -rf manual
cp -R result/share/doc/darwin manual
rm result
git checkout master -- README.md
git config user.name github-actions
git config user.email github-actions@github.com
git add --all

113
README.md
View file

@ -1,4 +1,4 @@
[<img src="https://lnl7.github.io/nix-darwin/images/nix-darwin.png" width="200px" alt="logo" />](https://github.com/LnL7/nix-darwin)
[<img src="https://daiderd.com/nix-darwin/images/nix-darwin.png" width="200px" alt="logo" />](https://github.com/LnL7/nix-darwin)
# nix-darwin
@ -7,12 +7,14 @@
Nix modules for darwin, `/etc/nixos/configuration.nix` for macOS.
This project aims to bring the convenience of a declarative system approach to macOS.
Nix-darwin is built up around [Nixpkgs](https://github.com/NixOS/nixpkgs), quite similar to [NixOS](https://nixos.org/).
nix-darwin is built up around [Nixpkgs](https://github.com/NixOS/nixpkgs), quite similar to [NixOS](https://nixos.org/).
## Install
## Installing
To install nix-darwin, a working installation of [Nix](https://github.com/NixOS/nix#installation) is required.
> NOTE: Using `darwin-installer` is no longer necessary on flake based systems.
```bash
nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
./result/bin/darwin-installer
@ -22,9 +24,8 @@ nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
> updated by default. If you didn't use the installer or skipped some of the options you'll have to take care of this yourself.
> Either modify the existing file to source/import the one from `/etc/static` or remove it. Some examples:
- `mv /etc/bashrc /etc/bashrc.orig`
- `mv /etc/bashrc /etc/bashrc.before-nix-darwin`
- `echo 'if test -e /etc/static/bashrc; then . /etc/static/bashrc; fi' | sudo tee -a /etc/bashrc`
- `echo 'if test -e /etc/static/bashrc; then . /etc/static/bashrc; fi' | tee -a ~/.bashrc`
## Updating
@ -73,58 +74,94 @@ Configuration lives in `~/.nixpkgs/darwin-configuration.nix`. Check out
There is also preliminary support for building your configuration using a [flake](https://nixos.wiki/wiki/Flakes). This
is mostly based on the flake support that was added to NixOS.
A minimal example of using an existing configuration.nix:
### Step 1. Creating `flake.nix`
<details>
<summary>Getting started from scratch</summary>
<p></p>
If you don't have an existing `configuration.nix`, you can run the following commands to generate a basic `flake.nix` inside `~/.config/nix-darwin`:
```bash
mkdir -p ~/.config/nix-darwin
cd ~/.config/nix-darwin
nix flake init -t nix-darwin
```
Make sure to replace all occurrences of `simple` with your short hostname which you can find by running `hostname -s`.
> NOTE: Make sure to change `nixpkgs.hostPlatform` to `aarch64-darwin` if you are using Apple Silicon.
</details>
<details>
<summary>Migrating from an existing configuration.nix</summary>
<p></p>
Add the following to `flake.nix` in the same folder as `configuration.nix`:
```nix
{
description = "John's darwin system";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-22.05-darwin";
darwin.url = "github:lnl7/nix-darwin/master";
darwin.inputs.nixpkgs.follows = "nixpkgs";
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-23.05-darwin";
nix-darwin.url = "github:LnL7/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, darwin, nixpkgs }: {
outputs = inputs@{ self, darwin, nixpkgs }: {
darwinConfigurations."Johns-MacBook" = darwin.lib.darwinSystem {
system = "x86_64-darwin";
modules = [ ./configuration.nix ];
};
};
}
```
Inputs from the flake can also be passed to `darwinSystem`, these inputs are then
accessible as an argument, similar to pkgs and lib inside the configuration.
Make sure to replace `Johns-MacBook` with your short hostname which you can find by running `hostname -s`.
> NOTE: Make sure to set `nixpkgs.hostPlatform` in your `configuration.nix` to either `x86_64-darwin` (Intel) or `aarch64-darwin` (Apple Silicon).
</details>
### Step 2. Installing `nix-darwin`
Instead of using `darwin-installer`, you can just run `darwin-rebuild switch` to install nix-darwin. As `darwin-rebuild` won't be installed in your `PATH` yet, you can use the following command:
```bash
nix run nix-darwin -- switch --flake ~/.config/nix-darwin
```
### Step 3. Using `nix-darwin`
After installing, you can run `darwin-rebuild` to apply changes to your system:
```bash
darwin-rebuild switch --flake ~/.config/nix-darwin
```
#### Using flake inputs
Inputs from the flake can also be passed into `darwinSystem`. These inputs are then
accessible as an argument `inputs`, similar to `pkgs` and `lib`, inside the configuration.
```nix
darwin.lib.darwinSystem {
system = "x86_64-darwin";
modules = [ ... ];
inputs = { inherit darwin dotfiles nixpkgs; };
# in flake.nix
nix-darwin.lib.darwinSystem {
modules = [ ./configuration.nix ];
specialArgs = { inherit inputs; };
}
```
Since the installer doesn't work with flakes out of the box yet, nix-darwin will need to
be bootstrapped using the installer or manually. Afterwards the flake based
configuration can be built. The `hostname(1)` of your system will be used to decide
which darwin configuration is applied if it's not specified explicitly in the flake ref.
```sh
nix build ~/.config/darwin\#darwinConfigurations.Johns-MacBook.system
./result/sw/bin/darwin-rebuild switch --flake ~/.config/darwin
```nix
# in configuration.nix
{ pkgs, lib, inputs }:
# inputs.self, inputs.nix-darwin, and inputs.nixpkgs can be accessed here
```
## Manual Install
```bash
# Before 10.15 Catalina
sudo ln -s private/var/run /run
# After 10.15 Catalina
echo -e "run\tprivate/var/run" | sudo tee -a /etc/synthetic.conf
/System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B
/System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t
# Configure the channel
nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
nix-channel --update
@ -151,9 +188,10 @@ $(nix-build '<darwin>' -A system --no-out-link)/sw/bin/darwin-rebuild switch
(nix-build '<darwin>' -A system --no-out-link)/sw/bin/darwin-rebuild switch
```
This will create and manage a system profile in `/run/current-system`, just like nixos.
This will create and manage a system profile in `/run/current-system`, just like NixOS.
The default `NIX_PATH` in nix-darwin will look for this repository in `~/.nix-defexpr/darwin` and for your configuration in `~/.nixpkgs/darwin-configuration.nix`.
By default, nix-darwin will look in your `NIX_PATH` for this repository at `~/.nix-defexpr/darwin` and your configuration at `~/.nixpkgs/darwin-configuration.nix`.
If you want to change these you can set your own with `nix.nixPath = [ ];`.
```
@ -174,7 +212,7 @@ $
## Documentation
Reference documentation of all the options is available [here](https://lnl7.github.io/nix-darwin/manual/index.html#sec-options).
Reference documentation of all the options is available [here](https://daiderd.com/nix-darwin/manual/index.html).
This can also be accessed locally using `man 5 configuration.nix`.
`darwin-help` will open a HTML version of the manpage in the default browser.
@ -214,7 +252,8 @@ nix-build release.nix -A tests.environment-path
## Contributing
Let's make nix on darwin awesome!
Let's make Nix on macOS awesome!
Don't hesitate to contribute modules or open an issue.
To build your configuration with local changes you can run this. This
@ -240,4 +279,4 @@ goes out of sync.
Also feel free to contact me if you have questions,
- Matrix - @daiderd:matrix.org, you can find me in [#macos:nixos.org](https://matrix.to/#/#macos:nixos.org)
- @lnl7 on twitter
- @LnL7 on twitter

14
default.nix
View file

@ -6,12 +6,14 @@
}:
let
evalConfig = import ./eval-config.nix { inherit lib; };
eval = evalConfig {
inherit system;
modules = [ configuration ];
inputs = { inherit nixpkgs; };
eval = import ./eval-config.nix {
inherit lib;
modules = [
configuration
{ nixpkgs.source = lib.mkDefault nixpkgs; }
] ++ lib.optional (system != null) {
nixpkgs.system = lib.mkDefault system;
};
};
# The source code of this repo needed by the [un]installers.

8
doc/known-files/0235d3c1b6cf21e7043fbc98e239ee4bc648048aafaf6be1a94a576300584ef2 Normal file
View file

@ -0,0 +1,8 @@
# System-wide profile for interactive zsh(1) login shells.
# Setup user specific overrides for this in ~/.zprofile. See zshbuiltins(1)
# and zshoptions(1) for more details.
if [ -x /usr/libexec/path_helper ]; then
eval `/usr/libexec/path_helper -s`
fi

18
doc/known-files/08ffbf991a9e25839d38b80a0d3bce3b5a6c84b9be53a4b68949df4e7e487bb7 Normal file
View file

@ -0,0 +1,18 @@
# Nix
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
. '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix
# System-wide .bashrc file for interactive bash(1) shells.
if [ -z "$PS1" ]; then
return
fi
PS1='\h:\W \u\$ '
# Make bash check its window size after a process completes
shopt -s checkwinsize
[ -r "/etc/bashrc_$TERM_PROGRAM" ] && . "/etc/bashrc_$TERM_PROGRAM"

81
doc/known-files/2af1b563e389d11b76a651b446e858116d7a20370d9120a7e9f78991f3e5f336 Normal file
View file

@ -0,0 +1,81 @@
# Nix
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
. '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix
# System-wide profile for interactive zsh(1) shells.
# Setup user specific overrides for this in ~/.zshrc. See zshbuiltins(1)
# and zshoptions(1) for more details.
# Correctly display UTF-8 with combining characters.
if [[ "$(locale LC_CTYPE)" == "UTF-8" ]]; then
setopt COMBINING_CHARS
fi
# Disable the log builtin, so we don't conflict with /usr/bin/log
disable log
# Save command history
HISTFILE=${ZDOTDIR:-$HOME}/.zsh_history
HISTSIZE=2000
SAVEHIST=1000
# Beep on error
setopt BEEP
# Use keycodes (generated via zkbd) if present, otherwise fallback on
# values from terminfo
if [[ -r ${ZDOTDIR:-$HOME}/.zkbd/${TERM}-${VENDOR} ]] ; then
source ${ZDOTDIR:-$HOME}/.zkbd/${TERM}-${VENDOR}
else
typeset -g -A key
[[ -n "$terminfo[kf1]" ]] && key[F1]=$terminfo[kf1]
[[ -n "$terminfo[kf2]" ]] && key[F2]=$terminfo[kf2]
[[ -n "$terminfo[kf3]" ]] && key[F3]=$terminfo[kf3]
[[ -n "$terminfo[kf4]" ]] && key[F4]=$terminfo[kf4]
[[ -n "$terminfo[kf5]" ]] && key[F5]=$terminfo[kf5]
[[ -n "$terminfo[kf6]" ]] && key[F6]=$terminfo[kf6]
[[ -n "$terminfo[kf7]" ]] && key[F7]=$terminfo[kf7]
[[ -n "$terminfo[kf8]" ]] && key[F8]=$terminfo[kf8]
[[ -n "$terminfo[kf9]" ]] && key[F9]=$terminfo[kf9]
[[ -n "$terminfo[kf10]" ]] && key[F10]=$terminfo[kf10]
[[ -n "$terminfo[kf11]" ]] && key[F11]=$terminfo[kf11]
[[ -n "$terminfo[kf12]" ]] && key[F12]=$terminfo[kf12]
[[ -n "$terminfo[kf13]" ]] && key[F13]=$terminfo[kf13]
[[ -n "$terminfo[kf14]" ]] && key[F14]=$terminfo[kf14]
[[ -n "$terminfo[kf15]" ]] && key[F15]=$terminfo[kf15]
[[ -n "$terminfo[kf16]" ]] && key[F16]=$terminfo[kf16]
[[ -n "$terminfo[kf17]" ]] && key[F17]=$terminfo[kf17]
[[ -n "$terminfo[kf18]" ]] && key[F18]=$terminfo[kf18]
[[ -n "$terminfo[kf19]" ]] && key[F19]=$terminfo[kf19]
[[ -n "$terminfo[kf20]" ]] && key[F20]=$terminfo[kf20]
[[ -n "$terminfo[kbs]" ]] && key[Backspace]=$terminfo[kbs]
[[ -n "$terminfo[kich1]" ]] && key[Insert]=$terminfo[kich1]
[[ -n "$terminfo[kdch1]" ]] && key[Delete]=$terminfo[kdch1]
[[ -n "$terminfo[khome]" ]] && key[Home]=$terminfo[khome]
[[ -n "$terminfo[kend]" ]] && key[End]=$terminfo[kend]
[[ -n "$terminfo[kpp]" ]] && key[PageUp]=$terminfo[kpp]
[[ -n "$terminfo[knp]" ]] && key[PageDown]=$terminfo[knp]
[[ -n "$terminfo[kcuu1]" ]] && key[Up]=$terminfo[kcuu1]
[[ -n "$terminfo[kcub1]" ]] && key[Left]=$terminfo[kcub1]
[[ -n "$terminfo[kcud1]" ]] && key[Down]=$terminfo[kcud1]
[[ -n "$terminfo[kcuf1]" ]] && key[Right]=$terminfo[kcuf1]
fi
# Default key bindings
[[ -n ${key[Delete]} ]] && bindkey "${key[Delete]}" delete-char
[[ -n ${key[Home]} ]] && bindkey "${key[Home]}" beginning-of-line
[[ -n ${key[End]} ]] && bindkey "${key[End]}" end-of-line
[[ -n ${key[Up]} ]] && bindkey "${key[Up]}" up-line-or-search
[[ -n ${key[Down]} ]] && bindkey "${key[Down]}" down-line-or-search
# Default prompt
PS1="%n@%m %1~ %# "
# Useful support for interacting with Terminal.app or other terminal programs
[ -r "/etc/zshrc_$TERM_PROGRAM" ] && . "/etc/zshrc_$TERM_PROGRAM"

2
doc/known-files/2c28f4fe3b4a958cd86b120e7eb799eee6976daa35b228c885f0630c55ef626c Normal file
View file

@ -0,0 +1,2 @@
# Added by tailscaled
nameserver 100.100.100.100

80
doc/known-files/40b0d8751adae5b0100a4f863be5b75613a49f62706427e92604f7e04d2e2261 Normal file
View file

@ -0,0 +1,80 @@
# System-wide profile for interactive zsh(1) shells.
# Setup user specific overrides for this in ~/.zshrc. See zshbuiltins(1)
# and zshoptions(1) for more details.
# Correctly display UTF-8 with combining characters.
if [[ "$(locale LC_CTYPE)" == "UTF-8" ]]; then
setopt COMBINING_CHARS
fi
# Disable the log builtin, so we don't conflict with /usr/bin/log
disable log
# Save command history
HISTFILE=${ZDOTDIR:-$HOME}/.zsh_history
HISTSIZE=2000
SAVEHIST=1000
# Beep on error
setopt BEEP
# Use keycodes (generated via zkbd) if present, otherwise fallback on
# values from terminfo
if [[ -r ${ZDOTDIR:-$HOME}/.zkbd/${TERM}-${VENDOR} ]] ; then
source ${ZDOTDIR:-$HOME}/.zkbd/${TERM}-${VENDOR}
else
typeset -g -A key
[[ -n "$terminfo[kf1]" ]] && key[F1]=$terminfo[kf1]
[[ -n "$terminfo[kf2]" ]] && key[F2]=$terminfo[kf2]
[[ -n "$terminfo[kf3]" ]] && key[F3]=$terminfo[kf3]
[[ -n "$terminfo[kf4]" ]] && key[F4]=$terminfo[kf4]
[[ -n "$terminfo[kf5]" ]] && key[F5]=$terminfo[kf5]
[[ -n "$terminfo[kf6]" ]] && key[F6]=$terminfo[kf6]
[[ -n "$terminfo[kf7]" ]] && key[F7]=$terminfo[kf7]
[[ -n "$terminfo[kf8]" ]] && key[F8]=$terminfo[kf8]
[[ -n "$terminfo[kf9]" ]] && key[F9]=$terminfo[kf9]
[[ -n "$terminfo[kf10]" ]] && key[F10]=$terminfo[kf10]
[[ -n "$terminfo[kf11]" ]] && key[F11]=$terminfo[kf11]
[[ -n "$terminfo[kf12]" ]] && key[F12]=$terminfo[kf12]
[[ -n "$terminfo[kf13]" ]] && key[F13]=$terminfo[kf13]
[[ -n "$terminfo[kf14]" ]] && key[F14]=$terminfo[kf14]
[[ -n "$terminfo[kf15]" ]] && key[F15]=$terminfo[kf15]
[[ -n "$terminfo[kf16]" ]] && key[F16]=$terminfo[kf16]
[[ -n "$terminfo[kf17]" ]] && key[F17]=$terminfo[kf17]
[[ -n "$terminfo[kf18]" ]] && key[F18]=$terminfo[kf18]
[[ -n "$terminfo[kf19]" ]] && key[F19]=$terminfo[kf19]
[[ -n "$terminfo[kf20]" ]] && key[F20]=$terminfo[kf20]
[[ -n "$terminfo[kbs]" ]] && key[Backspace]=$terminfo[kbs]
[[ -n "$terminfo[kich1]" ]] && key[Insert]=$terminfo[kich1]
[[ -n "$terminfo[kdch1]" ]] && key[Delete]=$terminfo[kdch1]
[[ -n "$terminfo[khome]" ]] && key[Home]=$terminfo[khome]
[[ -n "$terminfo[kend]" ]] && key[End]=$terminfo[kend]
[[ -n "$terminfo[kpp]" ]] && key[PageUp]=$terminfo[kpp]
[[ -n "$terminfo[knp]" ]] && key[PageDown]=$terminfo[knp]
[[ -n "$terminfo[kcuu1]" ]] && key[Up]=$terminfo[kcuu1]
[[ -n "$terminfo[kcub1]" ]] && key[Left]=$terminfo[kcub1]
[[ -n "$terminfo[kcud1]" ]] && key[Down]=$terminfo[kcud1]
[[ -n "$terminfo[kcuf1]" ]] && key[Right]=$terminfo[kcuf1]
fi
# Default key bindings
[[ -n ${key[Delete]} ]] && bindkey "${key[Delete]}" delete-char
[[ -n ${key[Home]} ]] && bindkey "${key[Home]}" beginning-of-line
[[ -n ${key[End]} ]] && bindkey "${key[End]}" end-of-line
[[ -n ${key[Up]} ]] && bindkey "${key[Up]}" up-line-or-search
[[ -n ${key[Down]} ]] && bindkey "${key[Down]}" down-line-or-search
# Default prompt
PS1="%n@%m %1~ %# "
# Useful support for interacting with Terminal.app or other terminal programs
[ -r "/etc/zshrc_$TERM_PROGRAM" ] && . "/etc/zshrc_$TERM_PROGRAM"
# Nix
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
. '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix

10
doc/known-files/444c716ac2ccd9e1e3347858cb08a00d2ea38e8c12fdc5798380dc261e32e9ef Normal file
View file

@ -0,0 +1,10 @@
# System-wide .bashrc file for interactive bash(1) shells.
if [ -z "$PS1" ]; then
return
fi
PS1='\h:\W \u\$ '
# Make bash check its window size after a process completes
shopt -s checkwinsize
[ -r "/etc/bashrc_$TERM_PROGRAM" ] && . "/etc/bashrc_$TERM_PROGRAM"

17
doc/known-files/617b39e36fa69270ddbee19ddc072497dbe7ead840cbd442d9f7c22924f116f4 Normal file
View file

@ -0,0 +1,17 @@
# System-wide .bashrc file for interactive bash(1) shells.
if [ -z "$PS1" ]; then
return
fi
PS1='\h:\W \u\$ '
# Make bash check its window size after a process completes
shopt -s checkwinsize
[ -r "/etc/bashrc_$TERM_PROGRAM" ] && . "/etc/bashrc_$TERM_PROGRAM"
# Nix
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
. '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix

1
doc/known-files/c06b0c6080dd1d62e61a30cfad100c0cfed2d3bcd378e296632dc3b28b31dc69 Normal file
View file

@ -0,0 +1 @@
build-users-group = nixbld

5
doc/known-files/ef78f401a9b5a42fd15e967c50da384f99ec62f9dbc66ea38f1390b46b63e1ff Normal file
View file

@ -0,0 +1,5 @@
build-users-group = nixbld
max-jobs = 32
cores = 1
sandbox = false

6
doc/known-files/f3e03d851c240c1aa7daccd144ee929f0f5971982424c868c434eb6030e961d4 Normal file
View file

@ -0,0 +1,6 @@
# Generated by https://github.com/DeterminateSystems/nix-installer, version 0.10.0.
experimental-features = nix-command flakes auto-allocate-uids
build-users-group = nixbld
auto-optimise-store = true
extra-nix-path = nixpkgs=flake:nixpkgs
bash-prompt-prefix = (nix:$name)\040

73
doc/known-files/fb5827cb4712b7e7932d438067ec4852c8955a9ff0f55e282473684623ebdfa1 Normal file
View file

@ -0,0 +1,73 @@
# System-wide profile for interactive zsh(1) shells.
# Setup user specific overrides for this in ~/.zshrc. See zshbuiltins(1)
# and zshoptions(1) for more details.
# Correctly display UTF-8 with combining characters.
if [[ "$(locale LC_CTYPE)" == "UTF-8" ]]; then
setopt COMBINING_CHARS
fi
# Disable the log builtin, so we don't conflict with /usr/bin/log
disable log
# Save command history
HISTFILE=${ZDOTDIR:-$HOME}/.zsh_history
HISTSIZE=2000
SAVEHIST=1000
# Beep on error
setopt BEEP
# Use keycodes (generated via zkbd) if present, otherwise fallback on
# values from terminfo
if [[ -r ${ZDOTDIR:-$HOME}/.zkbd/${TERM}-${VENDOR} ]] ; then
source ${ZDOTDIR:-$HOME}/.zkbd/${TERM}-${VENDOR}
else
typeset -g -A key
[[ -n "$terminfo[kf1]" ]] && key[F1]=$terminfo[kf1]
[[ -n "$terminfo[kf2]" ]] && key[F2]=$terminfo[kf2]
[[ -n "$terminfo[kf3]" ]] && key[F3]=$terminfo[kf3]
[[ -n "$terminfo[kf4]" ]] && key[F4]=$terminfo[kf4]
[[ -n "$terminfo[kf5]" ]] && key[F5]=$terminfo[kf5]
[[ -n "$terminfo[kf6]" ]] && key[F6]=$terminfo[kf6]
[[ -n "$terminfo[kf7]" ]] && key[F7]=$terminfo[kf7]
[[ -n "$terminfo[kf8]" ]] && key[F8]=$terminfo[kf8]
[[ -n "$terminfo[kf9]" ]] && key[F9]=$terminfo[kf9]
[[ -n "$terminfo[kf10]" ]] && key[F10]=$terminfo[kf10]
[[ -n "$terminfo[kf11]" ]] && key[F11]=$terminfo[kf11]
[[ -n "$terminfo[kf12]" ]] && key[F12]=$terminfo[kf12]
[[ -n "$terminfo[kf13]" ]] && key[F13]=$terminfo[kf13]
[[ -n "$terminfo[kf14]" ]] && key[F14]=$terminfo[kf14]
[[ -n "$terminfo[kf15]" ]] && key[F15]=$terminfo[kf15]
[[ -n "$terminfo[kf16]" ]] && key[F16]=$terminfo[kf16]
[[ -n "$terminfo[kf17]" ]] && key[F17]=$terminfo[kf17]
[[ -n "$terminfo[kf18]" ]] && key[F18]=$terminfo[kf18]
[[ -n "$terminfo[kf19]" ]] && key[F19]=$terminfo[kf19]
[[ -n "$terminfo[kf20]" ]] && key[F20]=$terminfo[kf20]
[[ -n "$terminfo[kbs]" ]] && key[Backspace]=$terminfo[kbs]
[[ -n "$terminfo[kich1]" ]] && key[Insert]=$terminfo[kich1]
[[ -n "$terminfo[kdch1]" ]] && key[Delete]=$terminfo[kdch1]
[[ -n "$terminfo[khome]" ]] && key[Home]=$terminfo[khome]
[[ -n "$terminfo[kend]" ]] && key[End]=$terminfo[kend]
[[ -n "$terminfo[kpp]" ]] && key[PageUp]=$terminfo[kpp]
[[ -n "$terminfo[knp]" ]] && key[PageDown]=$terminfo[knp]
[[ -n "$terminfo[kcuu1]" ]] && key[Up]=$terminfo[kcuu1]
[[ -n "$terminfo[kcub1]" ]] && key[Left]=$terminfo[kcub1]
[[ -n "$terminfo[kcud1]" ]] && key[Down]=$terminfo[kcud1]
[[ -n "$terminfo[kcuf1]" ]] && key[Right]=$terminfo[kcuf1]
fi
# Default key bindings
[[ -n ${key[Delete]} ]] && bindkey "${key[Delete]}" delete-char
[[ -n ${key[Home]} ]] && bindkey "${key[Home]}" beginning-of-line
[[ -n ${key[End]} ]] && bindkey "${key[End]}" end-of-line
[[ -n ${key[Up]} ]] && bindkey "${key[Up]}" up-line-or-search
[[ -n ${key[Down]} ]] && bindkey "${key[Down]}" down-line-or-search
# Default prompt
PS1="%n@%m %1~ %# "
# Useful support for interacting with Terminal.app or other terminal programs
[ -r "/etc/zshrc_$TERM_PROGRAM" ] && . "/etc/zshrc_$TERM_PROGRAM"

2
doc/known-files/ff08c12813680da98c4240328f828647b67a65ba7aa89c022bd8072cba862cf1 Normal file
View file

@ -0,0 +1,2 @@
build-users-group = nixbld

417
doc/manual/default.nix
View file

@ -1,260 +1,67 @@
{ pkgs, options, config, version, revision, extraSources ? [] }:
{ pkgs
, options
, config
, version
, revision
, nixpkgsRevision
, extraSources ? []
, prefix ? ../..
}:
with pkgs;
let
lib = pkgs.lib;
# Remove invisible and internal options.
optionsListVisible = lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList options);
gitHubDeclaration = user: repo: ref: subpath:
# Default to `master` if we don't know what revision the system
# configuration is using (custom nixpkgs, etc.).
let urlRef = if ref != null then ref else "master";
in {
url = "https://github.com/${user}/${repo}/blob/${urlRef}/${subpath}";
name = "<${repo}/${subpath}>";
};
# Replace functions by the string <function>
substFunction = x:
if builtins.isAttrs x then lib.mapAttrs (name: substFunction) x
else if builtins.isList x then map substFunction x
else if lib.isFunction x then "<function>"
else x;
# Generate DocBook documentation for a list of packages. This is
# what `relatedPackages` option of `mkOption` from
# ../../../lib/options.nix influences.
#
# Each element of `relatedPackages` can be either
# - a string: that will be interpreted as an attribute name from `pkgs`,
# - a list: that will be interpreted as an attribute path from `pkgs`,
# - an attrset: that can specify `name`, `path`, `package`, `comment`
# (either of `name`, `path` is required, the rest are optional).
genRelatedPackages = packages:
let
unpack = p: if lib.isString p then { name = p; }
else if lib.isList p then { path = p; }
else p;
describe = args:
let
title = args.title or null;
name = args.name or (lib.concatStringsSep "." args.path);
path = args.path or [ args.name ];
package = args.package or (lib.attrByPath path (throw "Invalid package attribute path `${toString path}'") pkgs);
in "<listitem>"
+ "<para><literal>${lib.optionalString (title != null) "${title} aka "}pkgs.${name} (${package.meta.name})</literal>"
+ lib.optionalString (!package.meta.available) " <emphasis>[UNAVAILABLE]</emphasis>"
+ ": ${package.meta.description or "???"}.</para>"
+ lib.optionalString (args ? comment) "\n<para>${args.comment}</para>"
# Lots of `longDescription's break DocBook, so we just wrap them into <programlisting>
+ lib.optionalString (package.meta ? longDescription) "\n<programlisting>${package.meta.longDescription}</programlisting>"
+ "</listitem>";
in "<itemizedlist>${lib.concatStringsSep "\n" (map (p: describe (unpack p)) packages)}</itemizedlist>";
optionsListDesc = lib.flip map optionsListVisible (opt: opt // {
# Clean up declaration sites to not refer to the NixOS source tree.
declarations = map stripAnyPrefixes opt.declarations;
}
// lib.optionalAttrs (opt ? example) { example = substFunction opt.example; }
// lib.optionalAttrs (opt ? default) { default = substFunction opt.default; }
// lib.optionalAttrs (opt ? type) { type = substFunction opt.type; }
// lib.optionalAttrs (opt ? relatedPackages && opt.relatedPackages != []) { relatedPackages = genRelatedPackages opt.relatedPackages; });
# We need to strip references to /nix/store/* from options,
# including any `extraSources` if some modules came from elsewhere,
# or else the build will fail.
#
# E.g. if some `options` came from modules in ${pkgs.customModules}/nix,
# you'd need to include `extraSources = [ pkgs.customModules ]`
prefixesToStrip = map (p: "${toString p}/") ([ ../../.. ] ++ extraSources);
stripAnyPrefixes = lib.flip (lib.fold lib.removePrefix) prefixesToStrip;
# Custom "less" that pushes up all the things ending in ".enable*"
# and ".package*"
optionLess = a: b:
let
ise = lib.hasPrefix "enable";
isp = lib.hasPrefix "package";
cmp = lib.splitByAndCompare ise lib.compare
(lib.splitByAndCompare isp lib.compare lib.compare);
in lib.compareLists cmp a.loc b.loc < 0;
# Customly sort option list for the man page.
optionsList = lib.sort optionLess optionsListDesc;
# Convert the list of options into an XML file.
optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList);
optionsDocBook = runCommand "options-db.xml" {} ''
optionsXML=${optionsXML}
if grep /darwin/modules $optionsXML; then
echo "The manual appears to depend on the location of Darwin, which is bad"
echo "since this prevents sharing via a channel. This is typically"
echo "caused by an option default that refers to a relative path (see above"
echo "for hints about the offending path)."
exit 1
fi
${buildPackages.libxslt.bin}/bin/xsltproc \
--stringparam revision '${revision}' \
-o intermediate.xml ${./options-to-docbook.xsl} $optionsXML
${buildPackages.libxslt.bin}/bin/xsltproc \
-o "$out" ${./postprocess-option-descriptions.xsl} intermediate.xml
'';
sources = lib.sourceFilesBySuffices ./. [".xml"];
modulesDoc = builtins.toFile "modules.xml" ''
<section xmlns:xi="http://www.w3.org/2001/XInclude" id="modules">
${(lib.concatMapStrings (path: ''
<xi:include href="${path}" />
'') (lib.catAttrs "value" (config.meta.doc or [])))}
</section>
'';
generatedSources = runCommand "generated-docbook" {} ''
mkdir $out
ln -s ${modulesDoc} $out/modules.xml
ln -s ${optionsDocBook} $out/options-db.xml
printf "%s" "${version}" > $out/version
'';
copySources =
''
cp -prd $sources/* . || true
ln -s ${generatedSources} ./generated
chmod -R u+w .
'';
toc = builtins.toFile "toc.xml"
''
<toc role="chunk-toc">
<d:tocentry xmlns:d="http://docbook.org/ns/docbook" linkend="book-darwin-manual"><?dbhtml filename="index.html"?>
<d:tocentry linkend="ch-options"><?dbhtml filename="options.html"?></d:tocentry>
<d:tocentry linkend="ch-release-notes"><?dbhtml filename="release-notes.html"?></d:tocentry>
</d:tocentry>
</toc>
'';
manualXsltprocOptions = toString [
"--param section.autolabel 1"
"--param section.label.includes.component.label 1"
"--stringparam html.stylesheet 'style.css overrides.css highlightjs/mono-blue.css'"
"--stringparam html.script './highlightjs/highlight.pack.js ./highlightjs/loader.js'"
"--param xref.with.number.and.title 1"
"--param toc.section.depth 3"
"--stringparam admon.style ''"
"--stringparam callout.graphics.extension .svg"
"--stringparam current.docid manual"
"--param chunk.section.depth 0"
"--param chunk.first.sections 1"
"--param use.id.as.filename 1"
"--stringparam generate.toc 'book toc appendix toc'"
"--stringparam chunk.toc ${toc}"
];
manual-combined = runCommand "darwin-manual-combined"
{ inherit sources;
nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
meta.description = "The NixOS manual as plain docbook XML";
}
''
${copySources}
xmllint --xinclude --output ./manual-combined.xml ./manual.xml
xmllint --xinclude --noxincludenode \
--output ./man-pages-combined.xml ./man-pages.xml
# outputs the context of an xmllint error output
# LEN lines around the failing line are printed
function context {
# length of context
local LEN=6
# lines to print before error line
local BEFORE=4
# xmllint output lines are:
# file.xml:1234: there was an error on line 1234
while IFS=':' read -r file line rest; do
echo
if [[ -n "$rest" ]]; then
echo "$file:$line:$rest"
local FROM=$(($line>$BEFORE ? $line - $BEFORE : 1))
# number lines & filter context
nl --body-numbering=a "$file" | sed -n "$FROM,+$LEN p"
else
if [[ -n "$line" ]]; then
echo "$file:$line"
else
echo "$file"
fi
fi
done
}
function lintrng {
xmllint --debug --noout --nonet \
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
"$1" \
2>&1 | context 1>&2
# ^ redirect assumes xmllint doesnt print to stdout
}
lintrng manual-combined.xml
lintrng man-pages-combined.xml
mkdir $out
cp manual-combined.xml $out/
cp man-pages-combined.xml $out/
'';
olinkDB = runCommand "manual-olinkdb"
{ inherit sources;
nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
}
''
xsltproc \
${manualXsltprocOptions} \
--stringparam collect.xref.targets only \
--stringparam targets.filename "$out/manual.db" \
--nonet \
${docbook_xsl_ns}/xml/xsl/docbook/xhtml/chunktoc.xsl \
${manual-combined}/manual-combined.xml
cat > "$out/olinkdb.xml" <<EOF
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE targetset SYSTEM
"file://${docbook_xsl_ns}/xml/xsl/docbook/common/targetdatabase.dtd" [
<!ENTITY manualtargets SYSTEM "file://$out/manual.db">
]>
<targetset>
<targetsetinfo>
Allows for cross-referencing olinks between the manpages
and manual.
</targetsetinfo>
<document targetdoc="manual">&manualtargets;</document>
</targetset>
EOF
'';
optionsDoc = buildPackages.nixosOptionsDoc {
inherit options;
transformOptions = opt: opt // {
# Clean up declaration sites to not refer to the nix-darwin source tree.
# TODO: handle `extraSources`? (it's not set anywhere)
declarations = map
(decl:
if lib.hasPrefix (toString prefix) (toString decl) then
gitHubDeclaration "LnL7" "nix-darwin" revision
(lib.removePrefix "/"
(lib.removePrefix (toString prefix) (toString decl)))
# TODO: handle this in a better way (may require upstream
# changes to nixpkgs)
else if decl == "lib/modules.nix" then
gitHubDeclaration "NixOS" "nixpkgs" nixpkgsRevision decl
else decl)
opt.declarations;
};
};
in rec {
inherit generatedSources;
# The NixOS options in JSON format.
optionsJSON = runCommand "options-json"
{ meta.description = "List of NixOS options in JSON format";
}
# TODO: Use `optionsDoc.optionsJSON` directly once upstream
# `nixosOptionsDoc` is more customizable.
optionsJSON = runCommand "options.json"
{ meta.description = "List of nix-darwin options in JSON format"; }
''
# Export list of options in different format.
dst=$out/share/doc/darwin
mkdir -p $dst
mkdir -p $out/{share/doc,nix-support}
cp -a ${optionsDoc.optionsJSON}/share/doc/nixos $out/share/doc/darwin
substitute \
${optionsDoc.optionsJSON}/nix-support/hydra-build-products \
$out/nix-support/hydra-build-products \
--replace \
'${optionsDoc.optionsJSON}/share/doc/nixos' \
"$out/share/doc/darwin"
'';
cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON
(builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList))))
} $dst/options.json
mkdir -p $out/nix-support
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
''; # */
# Generate the NixOS manual.
# Generate the nix-darwin manual.
manualHTML = runCommand "darwin-manual-html"
{ inherit sources;
nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
{ nativeBuildInputs = [ buildPackages.nixos-render-docs ];
styles = lib.sourceFilesBySuffices (pkgs.path + "/doc") [ ".css" ];
meta.description = "The Darwin manual in HTML format";
allowedReferences = ["out"];
}
@ -262,83 +69,75 @@ in rec {
# Generate the HTML manual.
dst=$out/share/doc/darwin
mkdir -p $dst
xsltproc \
${manualXsltprocOptions} \
--stringparam target.database.document "${olinkDB}/olinkdb.xml" \
--stringparam id.warnings "1" \
--nonet --output $dst/ \
${docbook_xsl_ns}/xml/xsl/docbook/xhtml/chunktoc.xsl \
${manual-combined}/manual-combined.xml \
|& tee xsltproc.out
grep "^ID recommended on" xsltproc.out &>/dev/null && echo "error: some IDs are missing" && false
rm xsltproc.out
mkdir -p $dst/images/callouts
cp ${docbook_xsl_ns}/xml/xsl/docbook/images/callouts/*.svg $dst/images/callouts/
cp ${./style.css} $dst/style.css
cp ${./overrides.css} $dst/overrides.css
cp $styles/style.css $dst
cp $styles/overrides.css $dst
cp -r ${pkgs.documentation-highlighter} $dst/highlightjs
substitute ${./manual.md} manual.md \
--replace '@DARWIN_VERSION@' "${version}" \
--replace \
'@DARWIN_OPTIONS_JSON@' \
${optionsJSON}/share/doc/darwin/options.json
# TODO: --manpage-urls?
nixos-render-docs -j $NIX_BUILD_CORES manual html \
--manpage-urls ${pkgs.writeText "manpage-urls.json" "{}"} \
--revision ${lib.escapeShellArg revision} \
--generator "nixos-render-docs ${lib.version}" \
--stylesheet style.css \
--stylesheet overrides.css \
--stylesheet highlightjs/mono-blue.css \
--script ./highlightjs/highlight.pack.js \
--script ./highlightjs/loader.js \
--toc-depth 1 \
--chunk-toc-depth 1 \
./manual.md \
$dst/index.html
mkdir -p $out/nix-support
echo "nix-build out $out" >> $out/nix-support/hydra-build-products
echo "doc manual $dst" >> $out/nix-support/hydra-build-products
''; # */
# Alias for backward compatibility. TODO(@oxij): remove eventually.
manual = manualHTML;
# Index page of the NixOS manual.
manualHTMLIndex = "${manualHTML}/share/doc/darwin/index.html";
manualEpub = runCommand "darwin-manual-epub"
{ inherit sources;
buildInputs = [ libxml2.bin libxslt.bin zip ];
}
''
# Generate the epub manual.
dst=$out/share/doc/darwin
xsltproc \
${manualXsltprocOptions} \
--stringparam target.database.document "${olinkDB}/olinkdb.xml" \
--nonet --xinclude --output $dst/epub/ \
${docbook_xsl_ns}/xml/xsl/docbook/epub/docbook.xsl \
${manual-combined}/manual-combined.xml
mkdir -p $dst/epub/OEBPS/images/callouts
cp -r ${docbook_xsl_ns}/xml/xsl/docbook/images/callouts/*.svg $dst/epub/OEBPS/images/callouts # */
echo "application/epub+zip" > mimetype
manual="$dst/darwin-manual.epub"
zip -0Xq "$manual" mimetype
cd $dst/epub && zip -Xr9D "$manual" *
rm -rf $dst/epub
mkdir -p $out/nix-support
echo "doc-epub manual $manual" >> $out/nix-support/hydra-build-products
'';
# Index page of the nix-darwin manual.
manualHTMLIndex = "${manualHTML}/share/doc/darwin/index.html";
# Generate the NixOS manpages.
manualEpub = builtins.throw "The nix-darwin EPUB manual has been removed.";
# Generate the nix-darwin manpages.
manpages = runCommand "darwin-manpages"
{ inherit sources;
nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
{ nativeBuildInputs = [ buildPackages.nixos-render-docs ];
allowedReferences = ["out"];
}
''
# Generate manpages.
mkdir -p $out/share/man
xsltproc --nonet \
--maxdepth 6000 \
--param man.output.in.separate.dir 1 \
--param man.output.base.dir "'$out/share/man/'" \
--param man.endnotes.are.numbered 0 \
--param man.break.after.slash 1 \
--stringparam target.database.document "${olinkDB}/olinkdb.xml" \
${docbook_xsl_ns}/xml/xsl/docbook/manpages/docbook.xsl \
${manual-combined}/man-pages-combined.xml
mkdir -p $out/share/man/man5
nixos-render-docs -j $NIX_BUILD_CORES options manpage \
--revision ${lib.escapeShellArg revision} \
${optionsJSON}/share/doc/darwin/options.json \
$out/share/man/man5/configuration.nix.5
# TODO: get these parameterized in upstream nixos-render-docs
sed -i -e '
/^\.TH / s|NixOS|Darwin|g
/^\.SH "NAME"$/ {
N
s|NixOS|Darwin|g
}
/^\.SH "DESCRIPTION"$/ {
N; N
s|/etc/nixos/configuration|configuration|g
s|NixOS|Darwin|g
s|nixos|darwin|g
}
/\.SH "AUTHORS"$/ {
N; N
s|Eelco Dolstra and the Nixpkgs/NixOS contributors|Daiderd Jordan and the nix-darwin contributors|g
}
' $out/share/man/man5/configuration.nix.5
'';
}

42
doc/manual/man-pages.xml
View file

@ -1,42 +0,0 @@
<reference xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<title>Darwin Reference Pages</title>
<info>
<author><personname><firstname>Daiderd</firstname><surname>Jordan</surname></personname>
<contrib>Author</contrib>
</author>
<copyright><year>2016-2019</year><holder>Daiderd Jordan</holder>
</copyright>
</info>
<refentry>
<refmeta>
<refentrytitle><filename>configuration.nix</filename>
</refentrytitle><manvolnum>5</manvolnum>
<refmiscinfo class="source">Darwin</refmiscinfo>
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><filename>configuration.nix</filename>
</refname><refpurpose>Darwin system configuration specification</refpurpose>
</refnamediv>
<refsection>
<title>Description</title>
<para>
The file <filename>configuration.nix</filename> contains the
declarative specification of your Darwin system configuration. The command
<command>darwin-rebuild</command> takes this file and realises the system
configuration specified therein.
</para>
</refsection>
<refsection>
<title>Options</title>
<para>
You can use the following options in <filename>configuration.nix</filename>.
</para>
<xi:include href="./generated/options-db.xml"
xpointer="configuration-variable-list" />
</refsection>
</refentry>
</reference>

8
doc/manual/manual.md Normal file
View file

@ -0,0 +1,8 @@
# Darwin Configuration Options {#book-darwin-manual}
## Version @DARWIN_VERSION@
```{=include=} options
id-prefix: opt-
list-id: configuration-variable-list
source: @DARWIN_OPTIONS_JSON@
```

21
doc/manual/manual.xml
View file

@ -1,21 +0,0 @@
<book xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="book-darwin-manual">
<info>
<title>Darwin Manual</title>
<subtitle>Version <xi:include href="./generated/version" parse="text" />
</subtitle>
</info>
<preface xml:id="preface">
<title>Preface</title>
<para>Nix modules for darwin.</para>
</preface>
<chapter xml:id="sec-options">
<title>Configuration Options</title>
<xi:include href="./generated/options-db.xml"
xpointer="configuration-variable-list" />
</chapter>
</book>

237
doc/manual/options-to-docbook.xsl
View file

@ -1,237 +0,0 @@
<?xml version="1.0"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:str="http://exslt.org/strings"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:nixos="tag:nixos.org"
xmlns="http://docbook.org/ns/docbook"
extension-element-prefixes="str"
>
<xsl:output method='xml' encoding="UTF-8" />
<xsl:param name="revision" />
<xsl:param name="program" />
<xsl:template match="/expr/list">
<appendix xml:id="appendix-configuration-options">
<title>Configuration Options</title>
<variablelist xml:id="configuration-variable-list">
<xsl:for-each select="attrs">
<xsl:variable name="id" select="
concat(
'opt-',
translate(
attr[@name = 'name']/string/@value,
'*&lt; >[]:&quot;',
'________'
)
)" />
<varlistentry>
<term xlink:href="#{$id}">
<xsl:attribute name="xml:id"><xsl:value-of select="$id"/></xsl:attribute>
<option>
<xsl:value-of select="attr[@name = 'name']/string/@value" />
</option>
</term>
<listitem>
<nixos:option-description>
<para>
<xsl:value-of disable-output-escaping="yes"
select="attr[@name = 'description']/string/@value" />
</para>
</nixos:option-description>
<xsl:if test="attr[@name = 'type']">
<para>
<emphasis>Type:</emphasis>
<xsl:text> </xsl:text>
<xsl:value-of select="attr[@name = 'type']/string/@value"/>
<xsl:if test="attr[@name = 'readOnly']/bool/@value = 'true'">
<xsl:text> </xsl:text>
<emphasis>(read only)</emphasis>
</xsl:if>
</para>
</xsl:if>
<xsl:if test="attr[@name = 'default']">
<para>
<emphasis>Default:</emphasis>
<xsl:text> </xsl:text>
<xsl:apply-templates select="attr[@name = 'default']" mode="top" />
</para>
</xsl:if>
<xsl:if test="attr[@name = 'example']">
<para>
<emphasis>Example:</emphasis>
<xsl:text> </xsl:text>
<xsl:choose>
<xsl:when test="attr[@name = 'example']/attrs[attr[@name = '_type' and string[@value = 'literalExpression']]]">
<programlisting><xsl:value-of select="attr[@name = 'example']/attrs/attr[@name = 'text']/string/@value" /></programlisting>
</xsl:when>
<xsl:otherwise>
<xsl:apply-templates select="attr[@name = 'example']" mode="top" />
</xsl:otherwise>
</xsl:choose>
</para>
</xsl:if>
<xsl:if test="attr[@name = 'relatedPackages']">
<para>
<emphasis>Related packages:</emphasis>
<xsl:text> </xsl:text>
<xsl:value-of disable-output-escaping="yes"
select="attr[@name = 'relatedPackages']/string/@value" />
</para>
</xsl:if>
<xsl:if test="count(attr[@name = 'declarations']/list/*) != 0">
<para>
<emphasis>Declared by:</emphasis>
</para>
<xsl:apply-templates select="attr[@name = 'declarations']" />
</xsl:if>
<xsl:if test="count(attr[@name = 'definitions']/list/*) != 0">
<para>
<emphasis>Defined by:</emphasis>
</para>
<xsl:apply-templates select="attr[@name = 'definitions']" />
</xsl:if>
</listitem>
</varlistentry>
</xsl:for-each>
</variablelist>
</appendix>
</xsl:template>
<xsl:template match="*" mode="top">
<xsl:choose>
<xsl:when test="string[contains(@value, '&#010;')]">
<programlisting>
<xsl:text>''
</xsl:text><xsl:value-of select='str:replace(string/@value, "${", "&apos;&apos;${")' /><xsl:text>''</xsl:text></programlisting>
</xsl:when>
<xsl:otherwise>
<literal><xsl:apply-templates /></literal>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="null">
<xsl:text>null</xsl:text>
</xsl:template>
<xsl:template match="string">
<xsl:choose>
<xsl:when test="(contains(@value, '&quot;') or contains(@value, '\')) and not(contains(@value, '&#010;'))">
<xsl:text>''</xsl:text><xsl:value-of select='str:replace(@value, "${", "&apos;&apos;${")' /><xsl:text>''</xsl:text>
</xsl:when>
<xsl:otherwise>
<xsl:text>"</xsl:text><xsl:value-of select="str:replace(str:replace(str:replace(str:replace(@value, '\', '\\'), '&quot;', '\&quot;'), '&#010;', '\n'), '$', '\$')" /><xsl:text>"</xsl:text>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="int">
<xsl:value-of select="@value" />
</xsl:template>
<xsl:template match="bool[@value = 'true']">
<xsl:text>true</xsl:text>
</xsl:template>
<xsl:template match="bool[@value = 'false']">
<xsl:text>false</xsl:text>
</xsl:template>
<xsl:template match="list">
[
<xsl:for-each select="*">
<xsl:apply-templates select="." />
<xsl:text> </xsl:text>
</xsl:for-each>
]
</xsl:template>
<xsl:template match="attrs[attr[@name = '_type' and string[@value = 'literalExpression']]]">
<xsl:value-of select="attr[@name = 'text']/string/@value" />
</xsl:template>
<xsl:template match="attrs">
{
<xsl:for-each select="attr">
<xsl:value-of select="@name" />
<xsl:text> = </xsl:text>
<xsl:apply-templates select="*" /><xsl:text>; </xsl:text>
</xsl:for-each>
}
</xsl:template>
<xsl:template match="derivation">
<replaceable>(build of <xsl:value-of select="attr[@name = 'name']/string/@value" />)</replaceable>
</xsl:template>
<xsl:template match="attr[@name = 'declarations' or @name = 'definitions']">
<simplelist>
<xsl:for-each select="list/string">
<member><filename>
<!-- Hyperlink the filename either to the NixOS Subversion
repository (if its a module and we have a revision number),
or to the local filesystem. -->
<xsl:choose>
<xsl:when test="not(starts-with(@value, '/'))">
<xsl:choose>
<xsl:when test="$revision = 'local'">
<xsl:attribute name="xlink:href">https://github.com/LnL7/nix-darwin/blob/master/<xsl:value-of select="substring-after(@value, 'darwin/')"/></xsl:attribute>
</xsl:when>
<xsl:otherwise>
<xsl:attribute name="xlink:href">https://github.com/LnL7/nix-darwin/blob/<xsl:value-of select="$revision"/>/<xsl:value-of select="substring-after(@value, 'darwin/')"/></xsl:attribute>
</xsl:otherwise>
</xsl:choose>
</xsl:when>
<xsl:otherwise>
<xsl:attribute name="xlink:href">file://<xsl:value-of select="@value"/></xsl:attribute>
</xsl:otherwise>
</xsl:choose>
<!-- Print the filename and make it user-friendly by replacing the
/nix/store/<hash> prefix by the default location of darwin
sources. -->
<xsl:choose>
<xsl:when test="not(starts-with(@value, '/'))">
&lt;<xsl:value-of select="@value"/>&gt;
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="@value" />
</xsl:otherwise>
</xsl:choose>
</filename></member>
</xsl:for-each>
</simplelist>
</xsl:template>
<xsl:template match="function">
<xsl:text>λ</xsl:text>
</xsl:template>
</xsl:stylesheet>

9
doc/manual/overrides.css
View file

@ -1,9 +0,0 @@
.docbook .xref img[src^=images\/callouts\/],
.screen img,
.programlisting img {
width: 1em;
}
.calloutlist img {
width: 1.5em;
}

115
doc/manual/postprocess-option-descriptions.xsl
View file

@ -1,115 +0,0 @@
<?xml version="1.0"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:str="http://exslt.org/strings"
xmlns:exsl="http://exslt.org/common"
xmlns:db="http://docbook.org/ns/docbook"
xmlns:nixos="tag:nixos.org"
extension-element-prefixes="str exsl">
<xsl:output method='xml' encoding="UTF-8" />
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
<xsl:template name="break-up-description">
<xsl:param name="input" />
<xsl:param name="buffer" />
<!-- Every time we have two newlines following each other, we want to
break it into </para><para>. -->
<xsl:variable name="parbreak" select="'&#xa;&#xa;'" />
<!-- Similar to "(head:tail) = input" in Haskell. -->
<xsl:variable name="head" select="$input[1]" />
<xsl:variable name="tail" select="$input[position() &gt; 1]" />
<xsl:choose>
<xsl:when test="$head/self::text() and contains($head, $parbreak)">
<!-- If the haystack provided to str:split() directly starts or
ends with $parbreak, it doesn't generate a <token/> for that,
so we are doing this here. -->
<xsl:variable name="splitted-raw">
<xsl:if test="starts-with($head, $parbreak)"><token /></xsl:if>
<xsl:for-each select="str:split($head, $parbreak)">
<token><xsl:value-of select="node()" /></token>
</xsl:for-each>
<!-- Something like ends-with($head, $parbreak), but there is
no ends-with() in XSLT, so we need to use substring(). -->
<xsl:if test="
substring($head, string-length($head) -
string-length($parbreak) + 1) = $parbreak
"><token /></xsl:if>
</xsl:variable>
<xsl:variable name="splitted"
select="exsl:node-set($splitted-raw)/token" />
<!-- The buffer we had so far didn't contain any text nodes that
contain a $parbreak, so we can put the buffer along with the
first token of $splitted into a para element. -->
<para xmlns="http://docbook.org/ns/docbook">
<xsl:apply-templates select="exsl:node-set($buffer)" />
<xsl:apply-templates select="$splitted[1]/node()" />
</para>
<!-- We have already emitted the first splitted result, so the
last result is going to be set as the new $buffer later
because its contents may not be directly followed up by a
$parbreak. -->
<xsl:for-each select="$splitted[position() &gt; 1
and position() &lt; last()]">
<para xmlns="http://docbook.org/ns/docbook">
<xsl:apply-templates select="node()" />
</para>
</xsl:for-each>
<xsl:call-template name="break-up-description">
<xsl:with-param name="input" select="$tail" />
<xsl:with-param name="buffer" select="$splitted[last()]/node()" />
</xsl:call-template>
</xsl:when>
<!-- Either non-text node or one without $parbreak, which we just
want to buffer and continue recursing. -->
<xsl:when test="$input">
<xsl:call-template name="break-up-description">
<xsl:with-param name="input" select="$tail" />
<!-- This essentially appends $head to $buffer. -->
<xsl:with-param name="buffer">
<xsl:if test="$buffer">
<xsl:for-each select="exsl:node-set($buffer)">
<xsl:apply-templates select="." />
</xsl:for-each>
</xsl:if>
<xsl:apply-templates select="$head" />
</xsl:with-param>
</xsl:call-template>
</xsl:when>
<!-- No more $input, just put the remaining $buffer in a para. -->
<xsl:otherwise>
<para xmlns="http://docbook.org/ns/docbook">
<xsl:apply-templates select="exsl:node-set($buffer)" />
</para>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="nixos:option-description">
<xsl:choose>
<!--
Only process nodes that are comprised of a single <para/> element,
because if that's not the case the description already contains
</para><para> in between and we need no further processing.
-->
<xsl:when test="count(db:para) > 1">
<xsl:apply-templates select="node()" />
</xsl:when>
<xsl:otherwise>
<xsl:call-template name="break-up-description">
<xsl:with-param name="input"
select="exsl:node-set(db:para/node())" />
</xsl:call-template>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
</xsl:stylesheet>

291
doc/manual/style.css
View file

@ -1,291 +0,0 @@
/* Copied from http://bakefile.sourceforge.net/, which appears
licensed under the GNU GPL. */
/***************************************************************************
Basic headers and text:
***************************************************************************/
body
{
font-family: "Nimbus Sans L", sans-serif;
font-size: 1em;
background: white;
margin: 2em 1em 2em 1em;
}
h1, h2, h3, h4
{
color: #005aa0;
}
h1 /* title */
{
font-size: 200%;
}
h2 /* chapters, appendices, subtitle */
{
font-size: 180%;
}
div.book
{
text-align: center;
}
div.book > div
{
/*
* based on https://medium.com/@zkareemz/golden-ratio-62b3b6d4282a
* we do 70 characters per line to fit code listings better
* 70 * (font-size / 1.618)
* expression for emacs:
* (* 70 (/ 1 1.618))
*/
max-width: 43.2em;
text-align: left;
margin: auto;
}
/* Extra space between chapters, appendices. */
div.chapter > div.titlepage h2, div.appendix > div.titlepage h2
{
margin-top: 1.5em;
}
div.section > div.titlepage h2 /* sections */
{
font-size: 150%;
margin-top: 1.5em;
}
h3 /* subsections */
{
font-size: 125%;
}
div.simplesect h2
{
font-size: 110%;
}
div.appendix h3
{
font-size: 150%;
margin-top: 1.5em;
}
div.refnamediv h2, div.refsynopsisdiv h2, div.refsection h2 /* refentry parts */
{
margin-top: 1.4em;
font-size: 125%;
}
div.refsection h3
{
font-size: 110%;
}
/***************************************************************************
Examples:
***************************************************************************/
div.example
{
border: 1px solid #b0b0b0;
padding: 6px 6px;
margin-left: 1.5em;
margin-right: 1.5em;
background: #f4f4f8;
border-radius: 0.4em;
box-shadow: 0.4em 0.4em 0.5em #e0e0e0;
}
div.example p.title
{
margin-top: 0em;
}
div.example pre
{
box-shadow: none;
}
/***************************************************************************
Screen dumps:
***************************************************************************/
pre.screen, pre.programlisting
{
border: 1px solid #b0b0b0;
padding: 3px 3px;
margin-left: 0.5em;
margin-right: 0.5em;
background: #f4f4f8;
font-family: monospace;
border-radius: 0.4em;
box-shadow: 0.4em 0.4em 0.5em #e0e0e0;
}
div.example pre.programlisting
{
border: 0px;
padding: 0 0;
margin: 0 0 0 0;
}
/***************************************************************************
Notes, warnings etc:
***************************************************************************/
.note, .warning
{
border: 1px solid #b0b0b0;
padding: 3px 3px;
margin-left: 1.5em;
margin-right: 1.5em;
margin-bottom: 1em;
padding: 0.3em 0.3em 0.3em 0.3em;
background: #fffff5;
border-radius: 0.4em;
box-shadow: 0.4em 0.4em 0.5em #e0e0e0;
}
div.note, div.warning
{
font-style: italic;
}
div.note h3, div.warning h3
{
color: red;
font-size: 100%;
padding-right: 0.5em;
display: inline;
}
div.note p, div.warning p
{
margin-bottom: 0em;
}
div.note h3 + p, div.warning h3 + p
{
display: inline;
}
div.note h3
{
color: blue;
font-size: 100%;
}
div.navfooter *
{
font-size: 90%;
}
/***************************************************************************
Links colors and highlighting:
***************************************************************************/
a { text-decoration: none; }
a:hover { text-decoration: underline; }
a:link { color: #0048b3; }
a:visited { color: #002a6a; }
/***************************************************************************
Table of contents:
***************************************************************************/
div.toc
{
font-size: 90%;
}
div.toc dl
{
margin-top: 0em;
margin-bottom: 0em;
}
/***************************************************************************
Special elements:
***************************************************************************/
tt, code
{
color: #400000;
}
.term
{
font-weight: bold;
}
div.variablelist dd p, div.glosslist dd p
{
margin-top: 0em;
}
div.variablelist dd, div.glosslist dd
{
margin-left: 1.5em;
}
div.glosslist dt
{
font-style: italic;
}
.varname
{
color: #400000;
}
span.command strong
{
font-weight: normal;
color: #400000;
}
div.calloutlist table
{
box-shadow: none;
}
table
{
border-collapse: collapse;
box-shadow: 0.4em 0.4em 0.5em #e0e0e0;
}
table.simplelist
{
text-align: left;
color: #005aa0;
border: 0;
padding: 5px;
background: #fffff5;
font-weight: normal;
font-style: italic;
box-shadow: none;
margin-bottom: 1em;
}
div.navheader table, div.navfooter table {
box-shadow: none;
}
div.affiliation
{
font-style: italic;
}

47
eval-config.nix
View file

@ -1,13 +1,5 @@
{ lib }:
let
nixpkgs-lib = lib;
in
{ system ? builtins.currentSystem or "x86_64-darwin"
, pkgs ? null
, lib ? nixpkgs-lib
{ lib
, modules
, inputs
, baseModules ? import ./modules/module-list.nix
, specialArgs ? { }
, check ? true
@ -18,48 +10,19 @@ let
_file = ./eval-config.nix;
config = {
_module.args = {
inherit baseModules inputs modules;
inherit baseModules modules;
};
};
};
pkgsModule = { config, inputs, ... }: {
_file = ./eval-config.nix;
config = {
assertions = [ {
# Ensure that nixpkgs.* options are not set when pkgs is set
assertion = pkgs == null || (config.nixpkgs.config == { } && config.nixpkgs.overlays == [ ]);
message = ''
`nixpkgs` options are disabled when `pkgs` is supplied through `darwinSystem`.
'';
} ];
_module.args.pkgs = if pkgs != null then pkgs else import inputs.nixpkgs config.nixpkgs;
# This permits the configuration to override the passed-in
# system.
nixpkgs.system = lib.mkDefault system;
};
};
libExtended = lib.extend (self: super: {
# Added in nixpkgs #136909, adds forward compatibility until 22.03 is deprecated.
literalExpression = super.literalExpression or super.literalExample;
literalDocBook = super.literalDocBook or super.literalExample;
});
eval = libExtended.evalModules (builtins.removeAttrs args [ "lib" "inputs" "pkgs" "system" ] // {
modules = modules ++ [ argsModule pkgsModule ] ++ baseModules;
eval = lib.evalModules (builtins.removeAttrs args [ "lib" ] // {
modules = modules ++ [ argsModule ] ++ baseModules;
specialArgs = { modulesPath = builtins.toString ./modules; } // specialArgs;
});
# Was moved in nixpkgs #82751, so both need to be handled here until 20.03 is deprecated.
# https://github.com/NixOS/nixpkgs/commits/dcdd232939232d04c1132b4cc242dd3dac44be8c
_module = eval._module or eval.config._module;
in
{
inherit (_module.args) pkgs;
inherit (eval._module.args) pkgs;
inherit (eval) options config;
system = eval.config.system.build.toplevel;

11
flake.lock generated
View file

@ -2,12 +2,11 @@
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1668650906,
"narHash": "sha256-JuiYfDO23O8oxUUOmhQflmOoJovyC5G4RjcYQMQjrRE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3a86856a13c88c8c64ea32082a851fefc79aa700",
"type": "github"
"lastModified": 1687274257,
"narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=",
"path": "/nix/store/22qgs3skscd9bmrxv9xv4q5d4wwm5ppx-source",
"rev": "2c9ecd1f0400076a4d6b2193ad468ff0a7e7fdc5",
"type": "path"
},
"original": {
"id": "nixpkgs",

85
flake.nix
View file

@ -2,32 +2,81 @@
# WARNING this is very much still experimental.
description = "A collection of darwin modules";
outputs = { self, nixpkgs }: {
outputs = { self, nixpkgs }: let
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ];
in {
lib = {
# TODO handle multiple architectures.
evalConfig = import ./eval-config.nix { inherit (nixpkgs) lib; };
evalConfig = import ./eval-config.nix;
darwinSystem =
{ modules, inputs ? { }
, system ? throw "darwin.lib.darwinSystem now requires 'system' to be passed explicitly"
, ...
}@args:
self.lib.evalConfig (args // {
inherit system;
inputs = { inherit nixpkgs; darwin = self; } // inputs;
modules = modules ++ [ self.darwinModules.flakeOverrides ];
});
darwinSystem = args@{ modules, ... }: self.lib.evalConfig (
{ inherit (nixpkgs) lib; }
// nixpkgs.lib.optionalAttrs (args ? pkgs) { inherit (args.pkgs) lib; }
// builtins.removeAttrs args [ "system" "pkgs" "inputs" ]
// {
modules = modules
++ nixpkgs.lib.optional (args ? pkgs) ({ lib, ... }: {
_module.args.pkgs = lib.mkForce args.pkgs;
})
# Backwards compatibility shim; TODO: warn?
++ nixpkgs.lib.optional (args ? system) ({ lib, ... }: {
nixpkgs.system = lib.mkDefault args.system;
})
# Backwards compatibility shim; TODO: warn?
++ nixpkgs.lib.optional (args ? inputs) {
_module.args.inputs = args.inputs;
}
++ [ ({ lib, ... }: {
nixpkgs.source = lib.mkDefault nixpkgs;
system.checks.verifyNixPath = lib.mkDefault false;
system.darwinVersionSuffix = ".${self.shortRev or "dirty"}";
system.darwinRevision = lib.mkIf (self ? rev) self.rev;
}) ];
});
};
overlays.default = final: prev: {
inherit (prev.callPackage ./pkgs/nix-tools { }) darwin-rebuild darwin-option;
darwin-uninstaller = prev.callPackage ./pkgs/darwin-uninstaller { nix-darwin = self; };
};
darwinModules.flakeOverrides = ./modules/system/flake-overrides.nix;
darwinModules.hydra = ./modules/examples/hydra.nix;
darwinModules.lnl = ./modules/examples/lnl.nix;
darwinModules.ofborg = ./modules/examples/ofborg.nix;
darwinModules.simple = ./modules/examples/simple.nix;
checks.x86_64-darwin.simple = (self.lib.darwinSystem {
system = "x86_64-darwin";
modules = [ self.darwinModules.simple ];
}).system;
templates.default = {
path = ./modules/examples/flake;
description = "nix flake init -t nix-darwin";
};
checks = forAllSystems (system: let
simple = self.lib.darwinSystem {
modules = [
self.darwinModules.simple
{ nixpkgs.hostPlatform = system; }
];
};
in {
simple = simple.system;
inherit (simple.config.system.build.manual)
optionsJSON
manualHTML
manpages;
});
packages = forAllSystems (system: let
pkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
};
in {
default = self.packages.${system}.darwin-rebuild;
inherit (pkgs) darwin-option darwin-rebuild darwin-uninstaller;
});
};
}

51
modules/documentation/default.nix
View file

@ -21,10 +21,11 @@ let
It isn't perfect, but it seems to cover a vast majority of use cases.
Caveat: even if the package is reached by a different means,
the path above will be shown and not e.g. `${config.services.foo.package}`. */
manual = import ../../doc/manual rec {
realManual = import ../../doc/manual {
inherit pkgs config;
version = config.system.darwinVersion;
revision = config.system.darwinRevision;
inherit (config.system) nixpkgsRevision;
options =
let
scrubbedEval = evalModules {
@ -43,6 +44,38 @@ let
in scrubbedEval.options;
};
# TODO: Remove this when dropping 22.11 support.
manual = realManual //
lib.optionalAttrs (!pkgs.buildPackages ? nixos-render-docs) rec {
optionsJSON = pkgs.writeTextFile {
name = "options.json-stub";
destination = "/share/doc/darwin/options.json";
text = "{}";
};
manpages = pkgs.writeTextFile {
name = "darwin-manpages-stub";
destination = "/share/man/man5/configuration.nix.5";
text = ''
.TH "CONFIGURATION\&.NIX" "5" "01/01/1980" "Darwin" "Darwin Reference Pages"
.SH "NAME"
\fIconfiguration\&.nix\fP \- Darwin system configuration specification
.SH "DESCRIPTION"
.PP
The nix\-darwin documentation now requires nixpkgs 23.05 to build.
'';
};
manualHTML = pkgs.writeTextFile {
name = "darwin-manual-html-stub";
destination = "/share/doc/darwin/index.html";
text = ''
<!DOCTYPE html>
<title>Darwin Configuration Options</title>
The nix-darwin documentation now requires nixpkgs 23.05 to build.
'';
};
manualHTMLIndex = "${manualHTML}/share/doc/darwin/index.html";
};
helpScript = pkgs.writeScriptBin "darwin-help"
''
#! ${pkgs.stdenv.shell} -e
@ -55,9 +88,9 @@ in
documentation.enable = mkOption {
type = types.bool;
default = true;
description = ''
description = lib.mdDoc ''
Whether to install documentation of packages from
<option>environment.systemPackages</option> into the generated system path.
{option}`environment.systemPackages` into the generated system path.
See "Multiple-output packages" chapter in the nixpkgs manual for more info.
'';
@ -67,8 +100,8 @@ in
documentation.man.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to install manual pages and the <command>man</command> command.
description = lib.mdDoc ''
Whether to install manual pages and the {command}`man` command.
This also includes "man" outputs.
'';
};
@ -76,8 +109,8 @@ in
documentation.info.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to install info pages and the <command>info</command> command.
description = lib.mdDoc ''
Whether to install info pages and the {command}`info` command.
This also includes "info" outputs.
'';
};
@ -85,8 +118,8 @@ in
documentation.doc.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to install documentation distributed in packages' <literal>/share/doc</literal>.
description = lib.mdDoc ''
Whether to install documentation distributed in packages' `/share/doc`.
Usually plain text and/or HTML.
This also includes "doc" outputs.
'';

32
modules/environment/default.nix
View file

@ -21,57 +21,57 @@ in
type = types.listOf types.package;
default = [];
example = literalExpression "[ pkgs.curl pkgs.vim ]";
description = ''
description = lib.mdDoc ''
The set of packages that appear in
/run/current-system/sw. These packages are
automatically available to all users, and are
automatically updated every time you rebuild the system
configuration. (The latter is the main difference with
installing them in the default profile,
<filename>/nix/var/nix/profiles/default</filename>.
{file}`/nix/var/nix/profiles/default`.
'';
};
environment.systemPath = mkOption {
type = types.listOf (types.either types.path types.str);
description = "The set of paths that are added to PATH.";
description = lib.mdDoc "The set of paths that are added to PATH.";
apply = x: if isList x then makeDrvBinPath x else x;
};
environment.profiles = mkOption {
type = types.listOf types.str;
description = "A list of profiles used to setup the global environment.";
description = lib.mdDoc "A list of profiles used to setup the global environment.";
};
environment.postBuild = mkOption {
type = types.lines;
default = "";
description = "Commands to execute when building the global environment.";
description = lib.mdDoc "Commands to execute when building the global environment.";
};
environment.extraOutputsToInstall = mkOption {
type = types.listOf types.str;
default = [];
example = [ "doc" "info" "devdoc" ];
description = "List of additional package outputs to be symlinked into <filename>/run/current-system/sw</filename>.";
description = lib.mdDoc "List of additional package outputs to be symlinked into {file}`/run/current-system/sw`.";
};
environment.pathsToLink = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/share/doc" ];
description = "List of directories to be symlinked in <filename>/run/current-system/sw</filename>.";
description = lib.mdDoc "List of directories to be symlinked in {file}`/run/current-system/sw`.";
};
environment.darwinConfig = mkOption {
type = types.either types.path types.str;
default = "$HOME/.nixpkgs/darwin-configuration.nix";
description = ''
description = lib.mdDoc ''
The path of the darwin configuration.nix used to configure the system,
this updates the default darwin-config entry in NIX_PATH. Since this
changes an environment variable it will only apply to new shells.
NOTE: Changing this requires running <command>darwin-rebuild switch -I darwin-config=/path/to/configuration.nix</command>
NOTE: Changing this requires running {command}`darwin-rebuild switch -I darwin-config=/path/to/configuration.nix`
the first time to make darwin-rebuild aware of the custom location.
'';
};
@ -79,14 +79,14 @@ in
environment.loginShell = mkOption {
type = types.str;
default = "$SHELL -l";
description = "Configure default login shell.";
description = lib.mdDoc "Configure default login shell.";
};
environment.variables = mkOption {
type = types.attrsOf (types.either types.str (types.listOf types.str));
default = {};
example = { EDITOR = "vim"; LANG = "nl_NL.UTF-8"; };
description = ''
description = lib.mdDoc ''
A set of environment variables used in the global environment.
These variables will be set on shell initialisation.
The value of each variable can be either a string or a list of
@ -100,7 +100,7 @@ in
type = types.attrsOf types.str;
default = {};
example = { ll = "ls -l"; };
description = ''
description = lib.mdDoc ''
An attribute set that maps aliases (the top level attribute names in
this option) to command strings or directly to build outputs. The
alises are added to all users' shells.
@ -110,7 +110,7 @@ in
environment.extraInit = mkOption {
type = types.lines;
default = "";
description = ''
description = lib.mdDoc ''
Shell script code called during global environment initialisation
after all variables and profileVariables have been set.
This code is asumed to be shell-independent, which means you should
@ -120,7 +120,7 @@ in
environment.shellInit = mkOption {
default = "";
description = ''
description = lib.mdDoc ''
Shell script code called during shell initialisation.
This code is asumed to be shell-independent, which means you should
stick to pure sh without sh word split.
@ -130,7 +130,7 @@ in
environment.loginShellInit = mkOption {
default = "";
description = ''
description = lib.mdDoc ''
Shell script code called during login shell initialisation.
This code is asumed to be shell-independent, which means you should
stick to pure sh without sh word split.
@ -140,7 +140,7 @@ in
environment.interactiveShellInit = mkOption {
default = "";
description = ''
description = lib.mdDoc ''
Shell script code called during interactive shell initialisation.
This code is asumed to be shell-independent, which means you should
stick to pure sh without sh word split.

31
modules/examples/flake.nix
View file

@ -1,31 +0,0 @@
{
description = "Example darwin system flake";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs";
darwin.url = "github:lnl7/nix-darwin";
darwin.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, darwin, nixpkgs }:
let
configuration = { pkgs, ... }: {
nix.package = pkgs.nixVersions.stable;
# FIXME: for github actions, this shouldn't be in the example.
services.nix-daemon.enable = true;
};
in
{
# Build darwin flake using:
# $ darwin-rebuild build --flake ./modules/examples#simple \
# --override-input darwin .
darwinConfigurations."simple" = darwin.lib.darwinSystem {
modules = [ configuration darwin.darwinModules.simple ];
system = "x86_64-darwin";
};
# Expose the package set, including overlays, for convenience.
darwinPackages = self.darwinConfigurations."simple".pkgs;
};
}

48
modules/examples/flake/flake.nix Normal file
View file

@ -0,0 +1,48 @@
{
description = "Example Darwin system flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nix-darwin.url = "github:LnL7/nix-darwin";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs@{ self, nix-darwin, nixpkgs }:
let
configuration = { pkgs, ... }: {
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages =
[ pkgs.vim
];
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
# nix.package = pkgs.nix;
# Necessary for using flakes on this system.
nix.settings.experimental-features = "nix-command flakes";
# Create /etc/zshrc that loads the nix-darwin environment.
programs.zsh.enable = true; # default shell on catalina
# programs.fish.enable = true;
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
# The platform the configuration will be used on.
nixpkgs.hostPlatform = "x86_64-darwin";
};
in
{
# Build darwin flake using:
# $ darwin-rebuild build --flake .#simple
darwinConfigurations."simple" = nix-darwin.lib.darwinSystem {
modules = [ configuration ];
};
# Expose the package set, including overlays, for convenience.
darwinPackages = self.darwinConfigurations."simple".pkgs;
};
}

11
modules/fonts/default.nix
View file

@ -14,9 +14,9 @@ in
options = {
fonts.fontDir.enable = mkOption {
default = false;
description = ''
description = lib.mdDoc ''
Whether to enable font management and install configured fonts to
<filename>/Library/Fonts</filename>.
{file}`/Library/Fonts`.
NOTE: removes any manually-added fonts.
'';
@ -26,7 +26,12 @@ in
type = types.listOf types.path;
default = [ ];
example = literalExpression "[ pkgs.dejavu_fonts ]";
description = "List of fonts to install.";
description = lib.mdDoc ''
List of fonts to install.
Fonts present in later entries override those with the same filenames
in previous ones.
'';
};
};

297
modules/homebrew.nix
View file

@ -31,9 +31,6 @@ let
# Option and submodule helper functions ----------------------------------------------------------
mkDocOptionLink = optionName:
''<link xlink:href="#opt-${optionName}"><option>${optionName}</option></link>'';
mkNullOrBoolOption = args: mkOption (args // {
type = types.nullOr types.bool;
default = null;
@ -68,52 +65,52 @@ let
type = types.enum [ "none" "uninstall" "zap" ];
default = "none";
example = "uninstall";
description = ''
description = lib.mdDoc ''
This option manages what happens to formulae installed by Homebrew, that aren't present in
the Brewfile generated by this module, during <command>nix-darwin</command> system
the Brewfile generated by this module, during {command}`nix-darwin` system
activation.
When set to <literal>"none"</literal> (the default), formulae not present in the generated
When set to `"none"` (the default), formulae not present in the generated
Brewfile are left installed.
When set to <literal>"uninstall"</literal>, <command>nix-darwin</command> invokes
<command>brew bundle [install]</command> with the <command>--cleanup</command> flag. This
When set to `"uninstall"`, {command}`nix-darwin` invokes
{command}`brew bundle [install]` with the {command}`--cleanup` flag. This
uninstalls all formulae not listed in generated Brewfile, i.e.,
<command>brew uninstall</command> is run for those formulae.
{command}`brew uninstall` is run for those formulae.
When set to <literal>"zap"</literal>, <command>nix-darwin</command> invokes
<command>brew bundle [install]</command> with the <command>--cleanup --zap</command>
When set to `"zap"`, {command}`nix-darwin` invokes
{command}`brew bundle [install]` with the {command}`--cleanup --zap`
flags. This uninstalls all formulae not listed in the generated Brewfile, and if the
formula is a cask, removes all files associated with that cask. In other words,
<command>brew uninstall --zap</command> is run for all those formulae.
{command}`brew uninstall --zap` is run for all those formulae.
If you plan on exclusively using <command>nix-darwin</command> to manage formulae
If you plan on exclusively using {command}`nix-darwin` to manage formulae
installed by Homebrew, you probably want to set this option to
<literal>"uninstall"</literal> or <literal>"zap"</literal>.
`"uninstall"` or `"zap"`.
'';
};
autoUpdate = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Whether to enable Homebrew to auto-update itself and all formulae during
<command>nix-darwin</command> system activation. The default is <literal>false</literal>
so that repeated invocations of <command>darwin-rebuild switch</command> are idempotent.
{command}`nix-darwin` system activation. The default is `false`
so that repeated invocations of {command}`darwin-rebuild switch` are idempotent.
Note that Homebrew auto-updates when it's been more then 5 minutes since it last updated.
Although auto-updating is disabled by default during system activation, note that Homebrew
will auto-update when you manually invoke certain Homebrew commands. To modify this
behavior see ${mkDocOptionLink "homebrew.global.autoUpdate"}.
behavior see [](#opt-homebrew.global.autoUpdate).
'';
};
upgrade = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Whether to enable Homebrew to upgrade outdated formulae and Mac App Store apps during
<command>nix-darwin</command> system activation. The default is <literal>false</literal>
so that repeated invocations of <command>darwin-rebuild switch</command> are idempotent.
{command}`nix-darwin` system activation. The default is `false`
so that repeated invocations of {command}`darwin-rebuild switch` are idempotent.
'';
};
@ -136,65 +133,65 @@ let
brewfile = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Whether to enable Homebrew to automatically use the Brewfile that this module generates in
the Nix store, when you manually invoke <command>brew bundle</command>.
the Nix store, when you manually invoke {command}`brew bundle`.
Enabling this option will change the default value of
${mkDocOptionLink "homebrew.global.lockfiles"} to <literal>false</literal> since, with
this option enabled, <command>brew bundle [install]</command> will default to using the
[](#opt-homebrew.global.lockfiles) to `false` since, with
this option enabled, {command}`brew bundle [install]` will default to using the
Brewfile that this module generates in the Nix store, unless you explicitly point it at
another Brewfile using the <literal>--file</literal> flag. As a result, it will try to
another Brewfile using the `--file` flag. As a result, it will try to
write the lockfile in the Nix store, and complain that it can't (though the command will
run successfully regardless).
Implementation note: when enabled, this option sets the
<literal>HOMEBREW_BUNDLE_FILE</literal> environment variable to the path of the Brewfile
`HOMEBREW_BUNDLE_FILE` environment variable to the path of the Brewfile
that this module generates in the Nix store, by adding it to
${mkDocOptionLink "environment.variables"}.
[](#opt-environment.variables).
'';
};
autoUpdate = mkOption {
type = types.bool;
default = true;
description = ''
description = lib.mdDoc ''
Whether to enable Homebrew to auto-update itself and all formulae when you manually invoke
commands like <command>brew install</command>, <command>brew upgrade</command>,
<command>brew tap</command>, and <command>brew bundle [install]</command>.
commands like {command}`brew install`, {command}`brew upgrade`,
{command}`brew tap`, and {command}`brew bundle [install]`.
Note that Homebrew auto-updates when you manually invoke commands like the ones mentioned
above if it's been more then 5 minutes since it last updated.
You may want to consider disabling this option if you have
${mkDocOptionLink "homebrew.onActivation.upgrade"} enabled, and
${mkDocOptionLink "homebrew.onActivation.autoUpdate"} disabled, if you want to ensure that
your installed formulae will only be upgraded during <command>nix-darwin</command> system
activation, after you've explicitly run <command>brew update</command>.
[](#opt-homebrew.onActivation.upgrade) enabled, and
[](#opt-homebrew.onActivation.autoUpdate) disabled, if you want to ensure that
your installed formulae will only be upgraded during {command}`nix-darwin` system
activation, after you've explicitly run {command}`brew update`.
Implementation note: when disabled, this option sets the
<literal>HOMEBREW_NO_AUTO_UPDATE</literal> environment variable, by adding it to
${mkDocOptionLink "environment.variables"}.
`HOMEBREW_NO_AUTO_UPDATE` environment variable, by adding it to
[](#opt-environment.variables).
'';
};
lockfiles = mkOption {
type = types.bool;
default = !config.brewfile;
defaultText = literalExpression "!config.homebrew.global.brewfile";
description = ''
description = lib.mdDoc ''
Whether to enable Homebrew to generate lockfiles when you manually invoke
<command>brew bundle [install]</command>.
{command}`brew bundle [install]`.
This option will default to <literal>false</literal> if
${mkDocOptionLink "homebrew.global.brewfile"} is enabled since, with that option enabled,
<command>brew bundle [install]</command> will default to using the Brewfile that this
This option will default to `false` if
[](#opt-homebrew.global.brewfile) is enabled since, with that option enabled,
{command}`brew bundle [install]` will default to using the Brewfile that this
module generates in the Nix store, unless you explicitly point it at another Brewfile
using the <literal>--file</literal> flag. As a result, it will try to write the
using the `--file` flag. As a result, it will try to write the
lockfile in the Nix store, and complain that it can't (though the command will run
successfully regardless).
Implementation note: when disabled, this option sets the
<literal>HOMEBREW_BUNDLE_NO_LOCK</literal> environment variable, by adding it to
${mkDocOptionLink "environment.variables"}.
`HOMEBREW_BUNDLE_NO_LOCK` environment variable, by adding it to
[](#opt-environment.variables).
'';
};
@ -220,22 +217,22 @@ let
name = mkOption {
type = types.str;
example = "homebrew/cask-fonts";
description = ''
When <option>clone_target</option> is unspecified, this is the name of a formula
repository to tap from GitHub using HTTPS. For example, <literal>"user/repo"</literal>
description = lib.mdDoc ''
When {option}`clone_target` is unspecified, this is the name of a formula
repository to tap from GitHub using HTTPS. For example, `"user/repo"`
will tap https://github.com/user/homebrew-repo.
'';
};
clone_target = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Use this option to tap a formula repository from anywhere, using any transport protocol
that <command>git</command> handles. When <option>clone_target</option> is specified, taps
that {command}`git` handles. When {option}`clone_target` is specified, taps
can be cloned from places other than GitHub and using protocols other than HTTPS, e.g.,
SSH, git, HTTP, FTP(S), rsync.
'';
};
force_auto_update = mkNullOrBoolOption {
description = ''
description = lib.mdDoc ''
Whether to auto-update the tap even if it is not hosted on GitHub. By default, only taps
hosted on GitHub are auto-updated (for performance reasons).
'';
@ -262,106 +259,106 @@ let
caskArgsOptions = { config, ... }: {
options = {
appdir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for Applications.
Homebrew's default is <filename class='directory'>/Applications</filename>.
Homebrew's default is {file}`/Applications`.
'';
};
colorpickerdir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for Color Pickers.
Homebrew's default is <filename class='directory'>~/Library/ColorPickers</filename>.
Homebrew's default is {file}`~/Library/ColorPickers`.
'';
};
prefpanedir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for Preference Panes.
Homebrew's default is <filename class='directory'>~/Library/PreferencePanes</filename>.
Homebrew's default is {file}`~/Library/PreferencePanes`.
'';
};
qlplugindir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for QuickLook Plugins.
Homebrew's default is <filename class='directory'>~/Library/QuickLook</filename>.
Homebrew's default is {file}`~/Library/QuickLook`.
'';
};
mdimporterdir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for Spotlight Plugins.
Homebrew's default is <filename class='directory'>~/Library/Spotlight</filename>.
Homebrew's default is {file}`~/Library/Spotlight`.
'';
};
dictionarydir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for Dictionaries.
Homebrew's default is <filename class='directory'>~/Library/Dictionaries</filename>.
Homebrew's default is {file}`~/Library/Dictionaries`.
'';
};
fontdir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for Fonts.
Homebrew's default is <filename class='directory'>~/Library/Fonts</filename>.
Homebrew's default is {file}`~/Library/Fonts`.
'';
};
servicedir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for Services.
Homebrew's default is <filename class='directory'>~/Library/Services</filename>.
Homebrew's default is {file}`~/Library/Services`.
'';
};
input_methoddir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for Input Methods.
Homebrew's default is <filename class='directory'>~/Library/Input Methods</filename>.
Homebrew's default is {file}`~/Library/Input Methods`.
'';
};
internet_plugindir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for Internet Plugins.
Homebrew's default is <filename class='directory'>~/Library/Internet Plug-Ins</filename>.
Homebrew's default is {file}`~/Library/Internet Plug-Ins`.
'';
};
audio_unit_plugindir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for Audio Unit Plugins.
Homebrew's default is
<filename class='directory'>~/Library/Audio/Plug-Ins/Components</filename>.
{file}`~/Library/Audio/Plug-Ins/Components`.
'';
};
vst_plugindir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for VST Plugins.
Homebrew's default is <filename class='directory'>~/Library/Audio/Plug-Ins/VST</filename>.
Homebrew's default is {file}`~/Library/Audio/Plug-Ins/VST`.
'';
};
vst3_plugindir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for VST3 Plugins.
Homebrew's default is <filename class='directory'>~/Library/Audio/Plug-Ins/VST3</filename>.
Homebrew's default is {file}`~/Library/Audio/Plug-Ins/VST3`.
'';
};
screen_saverdir = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Target location for Screen Savers.
Homebrew's default is <filename class='directory'>~/Library/Screen Savers</filename>.
Homebrew's default is {file}`~/Library/Screen Savers`.
'';
};
language = mkNullOrStrOption {
description = ''
description = lib.mdDoc ''
Comma-separated list of language codes to prefer for cask installation. The first matching
language is used, otherwise it reverts to the casks default language. The default value
is the language of your system.
@ -369,17 +366,17 @@ let
example = "zh-TW";
};
require_sha = mkNullOrBoolOption {
description = ''
description = lib.mdDoc ''
Whether to require cask(s) to have a checksum.
Homebrew's default is <literal>false</literal>.
Homebrew's default is `false`.
'';
};
no_quarantine = mkNullOrBoolOption {
description = "Whether to disable quarantining of downloads.";
description = lib.mdDoc "Whether to disable quarantining of downloads.";
};
no_binaries = mkNullOrBoolOption {
description = "Whether to disable linking of helper executables.";
description = lib.mdDoc "Whether to disable linking of helper executables.";
};
brewfileLine = mkInternalOption { type = types.nullOr types.str; };
@ -400,20 +397,20 @@ let
options = {
name = mkOption {
type = types.str;
description = "The name of the formula to install.";
description = lib.mdDoc "The name of the formula to install.";
};
args = mkOption {
type = with types; nullOr (listOf str);
default = null;
description = ''
Arguments flags to pass to <command>brew install</command>. Values should not include the
leading <literal>"--"</literal>.
description = lib.mdDoc ''
Arguments flags to pass to {command}`brew install`. Values should not include the
leading `"--"`.
'';
};
conflicts_with = mkOption {
type = with types; nullOr (listOf str);
default = null;
description = ''
description = lib.mdDoc ''
List of formulae that should be unlinked and their services stopped (if they are
installed).
'';
@ -421,26 +418,26 @@ let
restart_service = mkOption {
type = with types; nullOr (either bool (enum [ "changed" ]));
default = null;
description = ''
Whether to run <command>brew services restart</command> for the formula and register it to
launch at login (or boot). If set to <literal>"changed"</literal>, the service will only
description = lib.mdDoc ''
Whether to run {command}`brew services restart` for the formula and register it to
launch at login (or boot). If set to `"changed"`, the service will only
be restarted on version changes.
Homebrew's default is <literal>false</literal>.
Homebrew's default is `false`.
'';
};
start_service = mkNullOrBoolOption {
description = ''
Whether to run <command>brew services start</command> for the formula and register it to
description = lib.mdDoc ''
Whether to run {command}`brew services start` for the formula and register it to
launch at login (or boot).
Homebrew's default is <literal>false</literal>.
Homebrew's default is `false`.
'';
};
link = mkNullOrBoolOption {
description = ''
description = lib.mdDoc ''
Whether to link the formula to the Homebrew prefix. When this option is
<literal>null</literal>, Homebrew will use it's default behavior which is to link the
`null`, Homebrew will use it's default behavior which is to link the
formula if it's currently unlinked and not keg-only, and to unlink the formula if it's
currently linked and keg-only.
'';
@ -473,19 +470,19 @@ let
options = {
name = mkOption {
type = types.str;
description = "The name of the cask to install.";
description = lib.mdDoc "The name of the cask to install.";
};
args = mkOption {
type = types.nullOr (types.submodule caskArgsOptions);
default = null;
visible = "shallow"; # so that options from `homebrew.caskArgs` aren't repeated.
description = ''
Arguments passed to <command>brew install --cask</command> when installing this cask. See
${mkDocOptionLink "homebrew.caskArgs"} for the available options.
description = lib.mdDoc ''
Arguments passed to {command}`brew install --cask` when installing this cask. See
[](#opt-homebrew.caskArgs) for the available options.
'';
};
greedy = mkNullOrBoolOption {
description = ''
description = lib.mdDoc ''
Whether to always upgrade this cask regardless of whether it's unversioned or it updates
itself.
'';
@ -516,31 +513,31 @@ in
];
options.homebrew = {
enable = mkEnableOption ''
<command>nix-darwin</command> to manage installing/updating/upgrading Homebrew taps, formulae,
enable = mkEnableOption (lib.mdDoc ''
{command}`nix-darwin` to manage installing/updating/upgrading Homebrew taps, formulae,
and casks, as well as Mac App Store apps and Docker containers, using Homebrew Bundle.
Note that enabling this option does not install Homebrew, see the Homebrew
<link xlink:href="https://brew.sh">website</link> for installation instructions.
[website](https://brew.sh) for installation instructions.
Use the ${mkDocOptionLink "homebrew.brews"}, ${mkDocOptionLink "homebrew.casks"},
${mkDocOptionLink "homebrew.masApps"}, and ${mkDocOptionLink "homebrew.whalebrews"} options
Use the [](#opt-homebrew.brews), [](#opt-homebrew.casks),
[](#opt-homebrew.masApps), and [](#opt-homebrew.whalebrews) options
to list the Homebrew formulae, casks, Mac App Store apps, and Docker containers you'd like to
install. Use the ${mkDocOptionLink "homebrew.taps"} option, to make additional formula
install. Use the [](#opt-homebrew.taps) option, to make additional formula
repositories available to Homebrew. This module uses those options (along with the
${mkDocOptionLink "homebrew.caskArgs"} options) to generate a Brewfile that
<command>nix-darwin</command> passes to the <command>brew bundle</command> command during
[](#opt-homebrew.caskArgs) options) to generate a Brewfile that
{command}`nix-darwin` passes to the {command}`brew bundle` command during
system activation.
The default configuration of this module prevents Homebrew Bundle from auto-updating Homebrew
and all formulae, as well as upgrading anything that's already installed, so that repeated
invocations of <command>darwin-rebuild switch</command> (without any change to the
invocations of {command}`darwin-rebuild switch` (without any change to the
configuration) are idempotent. You can modify this behavior using the options under
${mkDocOptionLink "homebrew.onActivation"}.
[](#opt-homebrew.onActivation).
This module also provides a few options for modifying how Homebrew commands behave when
you manually invoke them, under ${mkDocOptionLink "homebrew.global"}
'';
you manually invoke them, under [](#opt-homebrew.global)
'');
brewPrefix = mkOption {
type = types.str;
@ -549,8 +546,8 @@ in
if pkgs.stdenv.hostPlatform.isAarch64 then "/opt/homebrew/bin"
else "/usr/local/bin"
'';
description = ''
The path prefix where the <command>brew</command> executable is located. This will be set to
description = lib.mdDoc ''
The path prefix where the {command}`brew` executable is located. This will be set to
the correct value based on your system's platform, and should only need to be changed if you
manually installed Homebrew in a non-standard location.
'';
@ -559,16 +556,16 @@ in
onActivation = mkOption {
type = types.submodule onActivationOptions;
default = { };
description = ''
Options for configuring the behavior of the <command>brew bundle</command> command that
<command>nix-darwin</command> runs during system activation.
description = lib.mdDoc ''
Options for configuring the behavior of the {command}`brew bundle` command that
{command}`nix-darwin` runs during system activation.
'';
};
global = mkOption {
type = types.submodule globalOptions;
default = { };
description = ''
description = lib.mdDoc ''
Options for configuring the behavior of Homebrew commands when you manually invoke them.
'';
};
@ -590,12 +587,12 @@ in
}
]
'';
description = ''
description = lib.mdDoc ''
List of Homebrew formula repositories to tap.
Taps defined as strings, e.g., <literal>"user/repo"</literal>, are a shorthand for:
Taps defined as strings, e.g., `"user/repo"`, are a shorthand for:
<code>{ name = "user/repo"; }</code>
`{ name = "user/repo"; }`
'';
};
@ -608,9 +605,9 @@ in
require_sha = true;
}
'';
description = ''
Arguments passed to <command>brew install --cask</command> for all casks listed in
${mkDocOptionLink "homebrew.casks"}.
description = lib.mdDoc ''
Arguments passed to {command}`brew install --cask` for all casks listed in
[](#opt-homebrew.casks).
'';
};
@ -639,12 +636,12 @@ in
}
]
'';
description = ''
description = lib.mdDoc ''
List of Homebrew formulae to install.
Formulae defined as strings, e.g., <literal>"imagemagick"</literal>, are a shorthand for:
Formulae defined as strings, e.g., `"imagemagick"`, are a shorthand for:
<code>{ name = "imagemagick"; }</code>
`{ name = "imagemagick"; }`
'';
};
@ -670,12 +667,12 @@ in
}
]
'';
description = ''
description = lib.mdDoc ''
List of Homebrew casks to install.
Casks defined as strings, e.g., <literal>"google-chrome"</literal>, are a shorthand for:
Casks defined as strings, e.g., `"google-chrome"`, are a shorthand for:
<code>{ name = "google-chrome"; }</code>
`{ name = "google-chrome"; }`
'';
};
@ -688,20 +685,20 @@ in
Xcode = 497799835;
}
'';
description = ''
Applications to install from Mac App Store using <command>mas</command>.
description = lib.mdDoc ''
Applications to install from Mac App Store using {command}`mas`.
When this option is used, <literal>"mas"</literal> is automatically added to
${mkDocOptionLink "homebrew.brews"}.
When this option is used, `"mas"` is automatically added to
[](#opt-homebrew.brews).
Note that you need to be signed into the Mac App Store for <command>mas</command> to
Note that you need to be signed into the Mac App Store for {command}`mas` to
successfully install and upgrade applications, and that unfortunately apps removed from this
option will not be uninstalled automatically even if
${mkDocOptionLink "homebrew.onActivation.cleanup"} is set to <literal>"uninstall"</literal>
or <literal>"zap"</literal> (this is currently a limitation of Homebrew Bundle).
[](#opt-homebrew.onActivation.cleanup) is set to `"uninstall"`
or `"zap"` (this is currently a limitation of Homebrew Bundle).
For more information on <command>mas</command> see:
<link xlink:href="https://github.com/mas-cli/mas">github.com/mas-cli/mas</link>.
For more information on {command}`mas` see:
[github.com/mas-cli/mas](https://github.com/mas-cli/mas).
'';
};
@ -709,14 +706,14 @@ in
type = with types; listOf str;
default = [ ];
example = [ "whalebrew/wget" ];
description = ''
List of Docker images to install using <command>whalebrew</command>.
description = lib.mdDoc ''
List of Docker images to install using {command}`whalebrew`.
When this option is used, <literal>"whalebrew"</literal> is automatically added to
${mkDocOptionLink "homebrew.brews"}.
When this option is used, `"whalebrew"` is automatically added to
[](#opt-homebrew.brews).
For more information on <command>whalebrew</command> see:
<link xlink:href="https://github.com/whalebrew/whalebrew">github.com/whalebrew/whalebrew</link>.
For more information on {command}`whalebrew` see:
[github.com/whalebrew/whalebrew](https://github.com/whalebrew/whalebrew).
'';
};
@ -727,12 +724,12 @@ in
# 'brew cask install' only if '/usr/libexec/java_home --failfast' fails
cask "java" unless system "/usr/libexec/java_home --failfast"
'';
description = "Extra lines to be added verbatim to the bottom of the generated Brewfile.";
description = lib.mdDoc "Extra lines to be added verbatim to the bottom of the generated Brewfile.";
};
brewfile = mkInternalOption {
type = types.str;
description = "String reprensentation of the generated Brewfile useful for debugging.";
description = lib.mdDoc "String reprensentation of the generated Brewfile useful for debugging.";
};
};

28
modules/launchd/default.nix
View file

@ -31,16 +31,16 @@ let
type = types.attrsOf (types.either types.str (types.listOf types.str));
default = {};
example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; };
description = "Environment variables passed to the service's processes.";
description = lib.mdDoc "Environment variables passed to the service's processes.";
apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);
};
path = mkOption {
type = types.listOf (types.either types.path types.str);
default = [];
description = ''
Packages added to the service's <envar>PATH</envar>
environment variable. Only the <filename>bin</filename>
description = lib.mdDoc ''
Packages added to the service's {env}`PATH`
environment variable. Only the {file}`bin`
and subdirectories of each package is added.
'';
apply = ps: if isList ps then (makeDrvBinPath ps) else ps;
@ -49,13 +49,13 @@ let
command = mkOption {
type = types.either types.str types.path;
default = "";
description = "Command executed as the service's main process.";
description = lib.mdDoc "Command executed as the service's main process.";
};
script = mkOption {
type = types.lines;
default = "";
description = "Shell commands executed as the service's main process.";
description = lib.mdDoc "Shell commands executed as the service's main process.";
};
# preStart = mkOption {
@ -74,9 +74,9 @@ let
KeepAlive = true;
};
default = {};
description = ''
description = lib.mdDoc ''
Each attribute in this set specifies an option for a key in the plist.
<link xlink:href="https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man5/launchd.plist.5.html"/>
<https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man5/launchd.plist.5.html>
'';
};
};
@ -100,7 +100,7 @@ in
launchd.labelPrefix = mkOption {
type = types.str;
default = "org.nixos";
description = ''
description = lib.mdDoc ''
The default prefix of the service label. Individual services can
override this by setting the Label attribute.
'';
@ -110,7 +110,7 @@ in
type = types.attrsOf (types.either types.str (types.listOf types.str));
default = {};
example = { LANG = "nl_NL.UTF-8"; };
description = ''
description = lib.mdDoc ''
A set of environment variables to be set on all future
processes launched by launchd in the caller's context.
The value of each variable can be either a string or a list of
@ -124,7 +124,7 @@ in
type = types.attrsOf (types.either types.str (types.listOf types.str));
default = {};
example = { LANG = "nl_NL.UTF-8"; };
description = ''
description = lib.mdDoc ''
A set of environment variables to be set on all future
processes launched by launchd in the caller's context.
The value of each variable can be either a string or a list of
@ -137,7 +137,7 @@ in
launchd.agents = mkOption {
default = {};
type = types.attrsOf (types.submodule serviceOptions);
description = ''
description = lib.mdDoc ''
Definition of per-user launchd agents.
When a user logs in, a per-user launchd is started.
@ -153,7 +153,7 @@ in
launchd.daemons = mkOption {
default = {};
type = types.attrsOf (types.submodule serviceOptions);
description = ''
description = lib.mdDoc ''
Definition of launchd daemons.
After the system is booted and the kernel is running, launchd is run to finish the system initialization.
@ -169,7 +169,7 @@ in
launchd.user.agents = mkOption {
default = {};
type = types.attrsOf (types.submodule serviceOptions);
description = ''
description = lib.mdDoc ''
Definition of per-user launchd agents.
When a user logs in, a per-user launchd is started.

290
modules/launchd/launchd.nix
View file

@ -6,24 +6,24 @@ with lib;
options = {
Label = mkOption {
type = types.str;
description = "This required key uniquely identifies the job to launchd.";
description = lib.mdDoc "This required key uniquely identifies the job to launchd.";
};
Disabled = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
This optional key is used as a hint to <literal>launchctl(1)</literal> that it should not submit this job to launchd when
description = lib.mdDoc ''
This optional key is used as a hint to `launchctl(1)` that it should not submit this job to launchd when
loading a job or jobs. The value of this key does NOT reflect the current state of the job on the running
system. If you wish to know whether a job is loaded in launchd, reading this key from a configuration
file yourself is not a sufficient test. You should query launchd for the presence of the job using
the <literal>launchctl(1)</literal> list subcommand or use the ServiceManagement framework's
<literal>SMJobCopyDictionary()</literal> method.
the `launchctl(1)` list subcommand or use the ServiceManagement framework's
`SMJobCopyDictionary()` method.
Note that as of Mac OS X v10.6, this key's value in a configuration file conveys a default value, which
is changed with the [-w] option of the <literal>launchctl(1)</literal> load and unload subcommands. These subcommands no
is changed with the [-w] option of the `launchctl(1)` load and unload subcommands. These subcommands no
longer modify the configuration file, so the value displayed in the configuration file is not necessarily
the value that <literal>launchctl(1)</literal> will apply. See <literal>launchctl(1)</literal> for more information.
the value that `launchctl(1)` will apply. See `launchctl(1)` for more information.
Please also be mindful that you should only use this key if the provided on-demand and KeepAlive criteria
are insufficient to describe the conditions under which your job needs to run. The cost to have a
@ -35,7 +35,7 @@ with lib;
UserName = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
description = lib.mdDoc ''
This optional key specifies the user to run the job as. This key is only applicable when launchd is
running as root.
'';
@ -44,7 +44,7 @@ with lib;
GroupName = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
description = lib.mdDoc ''
This optional key specifies the group to run the job as. This key is only applicable when launchd is
running as root. If UserName is set and GroupName is not, the the group will be set to the default
group of the user.
@ -54,7 +54,7 @@ with lib;
inetdCompatibility = mkOption {
default = null;
example = { Wait = true; };
description = ''
description = lib.mdDoc ''
The presence of this key specifies that the daemon expects to be run as if it were launched from inetd.
'';
type = types.nullOr (types.submodule {
@ -62,9 +62,9 @@ with lib;
Wait = mkOption {
type = types.nullOr (types.either types.bool types.str);
default = null;
description = ''
description = lib.mdDoc ''
This flag corresponds to the "wait" or "nowait" option of inetd. If true, then the listening
socket is passed via the standard in/out/error file descriptors. If false, then <literal>accept(2)</literal> is
socket is passed via the standard in/out/error file descriptors. If false, then `accept(2)` is
called on behalf of the job, and the result is passed via the standard in/out/error descriptors.
'';
};
@ -75,35 +75,35 @@ with lib;
LimitLoadToHosts = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
description = ''
description = lib.mdDoc ''
This configuration file only applies to the hosts listed with this key. Note: One should set kern.hostname
in <literal>sysctl.conf(5)</literal> for this feature to work reliably.
in `sysctl.conf(5)` for this feature to work reliably.
'';
};
LimitLoadFromHosts = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
description = ''
description = lib.mdDoc ''
This configuration file only applies to hosts NOT listed with this key. Note: One should set kern.hostname
in <literal>sysctl.conf(5)</literal> for this feature to work reliably.
in `sysctl.conf(5)` for this feature to work reliably.
'';
};
LimitLoadToSessionType = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
description = lib.mdDoc ''
This configuration file only applies to sessions of the type specified. This key is used in concert
with the -S flag to <command>launchctl</command>.
with the -S flag to {command}`launchctl`.
'';
};
Program = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
This key maps to the first argument of <literal>execvp(3)</literal>. If this key is missing, then the first element of
description = lib.mdDoc ''
This key maps to the first argument of `execvp(3)`. If this key is missing, then the first element of
the array of strings provided to the ProgramArguments will be used instead. This key is required in
the absence of the ProgramArguments key.
'';
@ -112,26 +112,26 @@ with lib;
ProgramArguments = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
description = ''
This key maps to the second argument of <literal>execvp(3)</literal>. This key is required in the absence of the Program
key. Please note: many people are confused by this key. Please read <literal>execvp(3)</literal> very carefully!
description = lib.mdDoc ''
This key maps to the second argument of `execvp(3)`. This key is required in the absence of the Program
key. Please note: many people are confused by this key. Please read `execvp(3)` very carefully!
'';
};
EnableGlobbing = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
This flag causes launchd to use the <literal>glob(3)</literal> mechanism to update the program arguments before invocation.
description = lib.mdDoc ''
This flag causes launchd to use the `glob(3)` mechanism to update the program arguments before invocation.
'';
};
EnableTransactions = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
This flag instructs launchd that the job promises to use <literal>vproc_transaction_begin(3)</literal> and
<literal>vproc_transaction_end(3)</literal> to track outstanding transactions that need to be reconciled before the
description = lib.mdDoc ''
This flag instructs launchd that the job promises to use `vproc_transaction_begin(3)` and
`vproc_transaction_end(3)` to track outstanding transactions that need to be reconciled before the
process can safely terminate. If no outstanding transactions are in progress, then launchd is free to
send the SIGKILL signal.
'';
@ -140,7 +140,7 @@ with lib;
OnDemand = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
This key was used in Mac OS X 10.4 to control whether a job was kept alive or not. The default was
true. This key has been deprecated and replaced in Mac OS X 10.5 and later with the more powerful
KeepAlive option.
@ -154,7 +154,7 @@ with lib;
SuccessfulExit = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
If true, the job will be restarted as long as the program exits and with an exit status of zero.
If false, the job will be restarted in the inverse condition. This key implies that "RunAtLoad"
is set to true, since the job needs to run at least once before we can get an exit status.
@ -164,7 +164,7 @@ with lib;
NetworkState = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
If true, the job will be kept alive as long as the network is up, where up is defined as at least
one non-loopback interface being up and having IPv4 or IPv6 addresses assigned to them. If
false, the job will be kept alive in the inverse condition.
@ -174,7 +174,7 @@ with lib;
PathState = mkOption {
type = types.nullOr (types.attrsOf types.bool);
default = null;
description = ''
description = lib.mdDoc ''
Each key in this dictionary is a file-system path. If the value of the key is true, then the job
will be kept alive as long as the path exists. If false, the job will be kept alive in the
inverse condition. The intent of this feature is that two or more jobs may create semaphores in
@ -185,7 +185,7 @@ with lib;
OtherJobEnabled = mkOption {
type = types.nullOr (types.attrsOf types.bool);
default = null;
description = ''
description = lib.mdDoc ''
Each key in this dictionary is the label of another job. If the value of the key is true, then
this job is kept alive as long as that other job is enabled. Otherwise, if the value is false,
then this job is kept alive as long as the other job is disabled. This feature should not be
@ -196,7 +196,7 @@ with lib;
Crashed = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
If true, the the job will be restarted as long as it exited due to a signal which is typically
associated with a crash (SIGILL, SIGSEGV, etc.). If false, the job will be restarted in the
inverse condition.
@ -211,7 +211,7 @@ with lib;
};
}));
default = null;
description = ''
description = lib.mdDoc ''
This optional key is used to control whether your job is to be kept continuously running or to let
demand and conditions control the invocation. The default is false and therefore only demand will start
the job. The value may be set to true to unconditionally keep the job alive. Alternatively, a dictionary
@ -226,7 +226,7 @@ with lib;
RunAtLoad = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
This optional key is used to control whether your job is launched once at the time the job is loaded.
The default is false.
'';
@ -235,23 +235,23 @@ with lib;
RootDirectory = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
This optional key is used to specify a directory to <literal>chroot(2)</literal> to before running the job.
description = lib.mdDoc ''
This optional key is used to specify a directory to `chroot(2)` to before running the job.
'';
};
WorkingDirectory = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
This optional key is used to specify a directory to <literal>chdir(2)</literal> to before running the job.
description = lib.mdDoc ''
This optional key is used to specify a directory to `chdir(2)` to before running the job.
'';
};
EnvironmentVariables = mkOption {
type = types.nullOr (types.attrsOf types.str);
default = null;
description = ''
description = lib.mdDoc ''
This optional key is used to specify additional environment variables to be set before running the
job.
'';
@ -260,8 +260,8 @@ with lib;
Umask = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
This optional key specifies what value should be passed to <literal>umask(2)</literal> before running the job. Known bug:
description = lib.mdDoc ''
This optional key specifies what value should be passed to `umask(2)` before running the job. Known bug:
Property lists don't support octal, so please convert the value to decimal.
'';
};
@ -269,7 +269,7 @@ with lib;
TimeOut = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The recommended idle time out (in seconds) to pass to the job. If no value is specified, a default time
out will be supplied by launchd for use by the job at check in time.
'';
@ -278,7 +278,7 @@ with lib;
ExitTimeOut = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The amount of time launchd waits before sending a SIGKILL signal. The default value is 20 seconds. The
value zero is interpreted as infinity.
'';
@ -287,7 +287,7 @@ with lib;
ThrottleInterval = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
This key lets one override the default throttling policy imposed on jobs by launchd. The value is in
seconds, and by default, jobs will not be spawned more than once every 10 seconds. The principle
behind this is that jobs should linger around just in case they are needed again in the near future.
@ -299,8 +299,8 @@ with lib;
InitGroups = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
This optional key specifies whether <literal>initgroups(3)</literal> should be called before running the job. The default
description = lib.mdDoc ''
This optional key specifies whether `initgroups(3)` should be called before running the job. The default
is true in 10.5 and false in 10.4. This key will be ignored if the UserName key is not set.
'';
};
@ -308,7 +308,7 @@ with lib;
WatchPaths = mkOption {
type = types.nullOr (types.listOf types.path);
default = null;
description = ''
description = lib.mdDoc ''
This optional key causes the job to be started if any one of the listed paths are modified.
'';
};
@ -316,7 +316,7 @@ with lib;
QueueDirectories = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
description = ''
description = lib.mdDoc ''
Much like the WatchPaths option, this key will watch the paths for modifications. The difference being
that the job will only be started if the path is a directory and the directory is not empty.
'';
@ -325,7 +325,7 @@ with lib;
StartOnMount = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
This optional key causes the job to be started every time a filesystem is mounted.
'';
};
@ -333,7 +333,7 @@ with lib;
StartInterval = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
This optional key causes the job to be started every N seconds. If the system is asleep, the job will
be started the next time the computer wakes up. If multiple intervals transpire before the computer is
woken, those events will be coalesced into one event upon wake from sleep.
@ -343,9 +343,9 @@ with lib;
StartCalendarInterval = mkOption {
default = null;
example = { Hour = 2; Minute = 30; };
description = ''
description = lib.mdDoc ''
This optional key causes the job to be started every calendar interval as specified. Missing arguments
are considered to be wildcard. The semantics are much like <literal>crontab(5)</literal>. Unlike cron which skips job
are considered to be wildcard. The semantics are much like `crontab(5)`. Unlike cron which skips job
invocations when the computer is asleep, launchd will start the job the next time the computer wakes
up. If multiple intervals transpire before the computer is woken, those events will be coalesced into
one event upon wake from sleep.
@ -355,7 +355,7 @@ with lib;
Minute = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The minute on which this job will be run.
'';
};
@ -363,7 +363,7 @@ with lib;
Hour = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The hour on which this job will be run.
'';
};
@ -371,7 +371,7 @@ with lib;
Day = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The day on which this job will be run.
'';
};
@ -379,7 +379,7 @@ with lib;
Weekday = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The weekday on which this job will be run (0 and 7 are Sunday).
'';
};
@ -387,7 +387,7 @@ with lib;
Month = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The month on which this job will be run.
'';
};
@ -398,32 +398,32 @@ with lib;
StandardInPath = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
description = lib.mdDoc ''
This optional key specifies what file should be used for data being supplied to stdin when using
<literal>stdio(3)</literal>.
`stdio(3)`.
'';
};
StandardOutPath = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
This optional key specifies what file should be used for data being sent to stdout when using <literal>stdio(3)</literal>.
description = lib.mdDoc ''
This optional key specifies what file should be used for data being sent to stdout when using `stdio(3)`.
'';
};
StandardErrorPath = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
This optional key specifies what file should be used for data being sent to stderr when using <literal>stdio(3)</literal>.
description = lib.mdDoc ''
This optional key specifies what file should be used for data being sent to stderr when using `stdio(3)`.
'';
};
Debug = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
This optional key specifies that launchd should adjust its log mask temporarily to LOG_DEBUG while
dealing with this job.
'';
@ -432,7 +432,7 @@ with lib;
WaitForDebugger = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
This optional key specifies that launchd should instruct the kernel to have the job wait for a debugger
to attach before any code in the job is executed.
'';
@ -440,8 +440,8 @@ with lib;
SoftResourceLimits = mkOption {
default = null;
description = ''
Resource limits to be imposed on the job. These adjust variables set with <literal>setrlimit(2)</literal>. The following
description = lib.mdDoc ''
Resource limits to be imposed on the job. These adjust variables set with `setrlimit(2)`. The following
keys apply:
'';
type = types.nullOr (types.submodule {
@ -449,7 +449,7 @@ with lib;
Core = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The largest size (in bytes) core file that may be created.
'';
};
@ -457,7 +457,7 @@ with lib;
CPU = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum amount of cpu time (in seconds) to be used by each process.
'';
};
@ -465,16 +465,16 @@ with lib;
Data = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum size (in bytes) of the data segment for a process; this defines how far a program may
extend its break with the <literal>sbrk(2)</literal> system call.
extend its break with the `sbrk(2)` system call.
'';
};
FileSize = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The largest size (in bytes) file that may be created.
'';
};
@ -482,7 +482,7 @@ with lib;
MemoryLock = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum size (in bytes) which a process may lock into memory using the mlock(2) function.
'';
};
@ -490,27 +490,27 @@ with lib;
NumberOfFiles = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum number of open files for this process. Setting this value in a system wide daemon
will set the <literal>sysctl(3)</literal> kern.maxfiles (SoftResourceLimits) or kern.maxfilesperproc (HardResourceLimits)
value in addition to the <literal>setrlimit(2)</literal> values.
will set the `sysctl(3)` kern.maxfiles (SoftResourceLimits) or kern.maxfilesperproc (HardResourceLimits)
value in addition to the `setrlimit(2)` values.
'';
};
NumberOfProcesses = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum number of simultaneous processes for this user id. Setting this value in a system
wide daemon will set the <literal>sysctl(3)</literal> kern.maxproc (SoftResourceLimits) or kern.maxprocperuid
(HardResourceLimits) value in addition to the <literal>setrlimit(2)</literal> values.
wide daemon will set the `sysctl(3)` kern.maxproc (SoftResourceLimits) or kern.maxprocperuid
(HardResourceLimits) value in addition to the `setrlimit(2)` values.
'';
};
ResidentSetSize = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum size (in bytes) to which a process's resident set size may grow. This imposes a
limit on the amount of physical memory to be given to a process; if memory is tight, the system
will prefer to take memory from processes that are exceeding their declared resident set size.
@ -520,7 +520,7 @@ with lib;
Stack = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum size (in bytes) of the stack segment for a process; this defines how far a program's
stack segment may be extended. Stack extension is performed automatically by the system.
'';
@ -532,8 +532,8 @@ with lib;
HardResourceLimits = mkOption {
default = null;
example = { NumberOfFiles = 4096; };
description = ''
Resource limits to be imposed on the job. These adjust variables set with <literal>setrlimit(2)</literal>. The following
description = lib.mdDoc ''
Resource limits to be imposed on the job. These adjust variables set with `setrlimit(2)`. The following
keys apply:
'';
type = types.nullOr (types.submodule {
@ -541,7 +541,7 @@ with lib;
Core = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The largest size (in bytes) core file that may be created.
'';
};
@ -549,7 +549,7 @@ with lib;
CPU = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum amount of cpu time (in seconds) to be used by each process.
'';
};
@ -557,16 +557,16 @@ with lib;
Data = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum size (in bytes) of the data segment for a process; this defines how far a program may
extend its break with the <literal>sbrk(2)</literal> system call.
extend its break with the `sbrk(2)` system call.
'';
};
FileSize = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The largest size (in bytes) file that may be created.
'';
};
@ -574,35 +574,35 @@ with lib;
MemoryLock = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
The maximum size (in bytes) which a process may lock into memory using the <literal>mlock(2)</literal> function.
description = lib.mdDoc ''
The maximum size (in bytes) which a process may lock into memory using the `mlock(2)` function.
'';
};
NumberOfFiles = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum number of open files for this process. Setting this value in a system wide daemon
will set the <literal>sysctl(3)</literal> kern.maxfiles (SoftResourceLimits) or kern.maxfilesperproc (HardResourceLimits)
value in addition to the <literal>setrlimit(2)</literal> values.
will set the `sysctl(3)` kern.maxfiles (SoftResourceLimits) or kern.maxfilesperproc (HardResourceLimits)
value in addition to the `setrlimit(2)` values.
'';
};
NumberOfProcesses = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum number of simultaneous processes for this user id. Setting this value in a system
wide daemon will set the <literal>sysctl(3)</literal> kern.maxproc (SoftResourceLimits) or kern.maxprocperuid
(HardResourceLimits) value in addition to the <literal>setrlimit(2)</literal> values.
wide daemon will set the `sysctl(3)` kern.maxproc (SoftResourceLimits) or kern.maxprocperuid
(HardResourceLimits) value in addition to the `setrlimit(2)` values.
'';
};
ResidentSetSize = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum size (in bytes) to which a process's resident set size may grow. This imposes a
limit on the amount of physical memory to be given to a process; if memory is tight, the system
will prefer to take memory from processes that are exceeding their declared resident set size.
@ -612,7 +612,7 @@ with lib;
Stack = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The maximum size (in bytes) of the stack segment for a process; this defines how far a program's
stack segment may be extended. Stack extension is performed automatically by the system.
'';
@ -624,7 +624,7 @@ with lib;
Nice = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
This optional key specifies what nice(3) value should be applied to the daemon.
'';
};
@ -633,34 +633,34 @@ with lib;
type = types.nullOr (types.enum [ "Background" "Standard" "Adaptive" "Interactive" ]);
default = null;
example = "Background";
description = ''
description = lib.mdDoc ''
This optional key describes, at a high level, the intended purpose of the job. The system will apply
resource limits based on what kind of job it is. If left unspecified, the system will apply light
resource limits to the job, throttling its CPU usage and I/O bandwidth. The following are valid values:
Background
Background jobs are generally processes that do work that was not directly requested by the user.
The resource limits applied to Background jobs are intended to prevent them from disrupting the
user experience.
Background
: Background jobs are generally processes that do work that was not directly requested by the user.
The resource limits applied to Background jobs are intended to prevent them from disrupting the
user experience.
Standard
Standard jobs are equivalent to no ProcessType being set.
Standard
: Standard jobs are equivalent to no ProcessType being set.
Adaptive
Adaptive jobs move between the Background and Interactive classifications based on activity over
XPC connections. See <literal>xpc_transaction_begin(3)</literal> for details.
Adaptive
: Adaptive jobs move between the Background and Interactive classifications based on activity over
XPC connections. See `xpc_transaction_begin(3)` for details.
Interactive
Interactive jobs run with the same resource limitations as apps, that is to say, none. Interactive
jobs are critical to maintaining a responsive user experience, and this key should only be
used if an app's ability to be responsive depends on it, and cannot be made Adaptive.
Interactive
: Interactive jobs run with the same resource limitations as apps, that is to say, none. Interactive
jobs are critical to maintaining a responsive user experience, and this key should only be
used if an app's ability to be responsive depends on it, and cannot be made Adaptive.
'';
};
AbandonProcessGroup = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
When a job dies, launchd kills any remaining processes with the same process group ID as the job. Setting
this key to true disables that behavior.
'';
@ -669,7 +669,7 @@ with lib;
LowPriorityIO = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
This optional key specifies whether the kernel should consider this daemon to be low priority when
doing file system I/O.
'';
@ -678,7 +678,7 @@ with lib;
LaunchOnlyOnce = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
This optional key specifies whether the job can only be run once and only once. In other words, if the
job cannot be safely respawned without a full machine reboot, then set this key to be true.
'';
@ -687,7 +687,7 @@ with lib;
MachServices = mkOption {
default = null;
example = { "org.nixos.service" = { ResetAtClose = true; }; };
description = ''
description = lib.mdDoc ''
This optional key is used to specify Mach services to be registered with the Mach bootstrap sub-system.
Each key in this dictionary should be the name of service to be advertised. The value of the key must
be a boolean and set to true. Alternatively, a dictionary can be used instead of a simple true value.
@ -700,7 +700,7 @@ with lib;
ResetAtClose = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
If this boolean is false, the port is recycled, thus leaving clients to remain oblivious to the
demand nature of job. If the value is set to true, clients receive port death notifications when
the job lets go of the receive right. The port will be recreated atomically with respect to bootstrap_look_up()
@ -713,7 +713,7 @@ with lib;
HideUntilCheckIn = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
Reserve the name in the namespace, but cause bootstrap_look_up() to fail until the job has
checked in with launchd.
'';
@ -725,7 +725,7 @@ with lib;
LaunchEvents = mkOption {
type = types.nullOr (types.attrs);
default = null;
description = ''
description = lib.mdDoc ''
Specifies higher-level event types to be used as launch-on-demand event
sources. Each sub-dictionary defines events for a particular event
subsystem, such as "com.apple.iokit.matching", which can be used to
@ -750,7 +750,7 @@ with lib;
ServiceIPC = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
This optional key specifies whether the job participates in advanced
communication with launchd. The default is false. This flag is
incompatible with the inetdCompatibility key.
@ -760,7 +760,7 @@ with lib;
SessionCreate = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
description = lib.mdDoc ''
This key specifies that the job should be spawned into a new security
audit session rather than the default session for the context is belongs
to. See auditon(2) for details.
@ -769,7 +769,7 @@ with lib;
Sockets = mkOption {
default = null;
description = ''
description = lib.mdDoc ''
This optional key is used to specify launch on demand sockets that can be used to let launchd know when
to run the job. The job must check-in to get a copy of the file descriptors using APIs outlined in
launch(3). The keys of the top level Sockets dictionary can be anything. They are meant for the application
@ -779,14 +779,14 @@ with lib;
to be effectively equivalent, even though each file descriptor likely represents a different networking
protocol which conforms to the criteria specified in the job configuration file.
The parameters below are used as inputs to call <literal>getaddrinfo(3)</literal>.
The parameters below are used as inputs to call `getaddrinfo(3)`.
'';
type = types.nullOr (types.attrsOf (types.submodule {
options = {
SockType = mkOption {
type = types.nullOr (types.enum [ "stream" "dgram" "seqpacket" ]);
default = null;
description = ''
description = lib.mdDoc ''
This optional key tells launchctl what type of socket to create. The default is "stream" and
other valid values for this key are "dgram" and "seqpacket" respectively.
'';
@ -795,8 +795,8 @@ with lib;
SockPassive = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
This optional key specifies whether <literal>listen(2)</literal> or <literal>connect(2)</literal> should be called on the created file
description = lib.mdDoc ''
This optional key specifies whether `listen(2)` or `connect(2)` should be called on the created file
descriptor. The default is true ("to listen").
'';
};
@ -804,23 +804,23 @@ with lib;
SockNodeName = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
This optional key specifies the node to <literal>connect(2)</literal> or <literal>bind(2)</literal> to.
description = lib.mdDoc ''
This optional key specifies the node to `connect(2)` or `bind(2)` to.
'';
};
SockServiceName = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
This optional key specifies the service on the node to <literal>connect(2)</literal> or <literal>bind(2)</literal> to.
description = lib.mdDoc ''
This optional key specifies the service on the node to `connect(2)` or `bind(2)` to.
'';
};
SockFamily = mkOption {
type = types.nullOr (types.enum [ "IPv4" "IPv6" ]);
default = null;
description = ''
description = lib.mdDoc ''
This optional key can be used to specifically request that "IPv4" or "IPv6" socket(s) be created.
'';
};
@ -828,8 +828,8 @@ with lib;
SockProtocol = mkOption {
type = types.nullOr (types.enum [ "TCP" ]);
default = null;
description = ''
This optional key specifies the protocol to be passed to <literal>socket(2)</literal>. The only value understood by
description = lib.mdDoc ''
This optional key specifies the protocol to be passed to `socket(2)`. The only value understood by
this key at the moment is "TCP".
'';
};
@ -837,16 +837,16 @@ with lib;
SockPathName = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
This optional key implies SockFamily is set to "Unix". It specifies the path to <literal>connect(2)</literal> or
<literal>bind(2)</literal> to.
description = lib.mdDoc ''
This optional key implies SockFamily is set to "Unix". It specifies the path to `connect(2)` or
`bind(2)` to.
'';
};
SecureSocketWithKey = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
description = lib.mdDoc ''
This optional key is a variant of SockPathName. Instead of binding to a known path, a securely
generated socket is created and the path is assigned to the environment variable that is inherited
by all jobs spawned by launchd.
@ -856,7 +856,7 @@ with lib;
SockPathMode = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
This optional key specifies the mode of the socket. Known bug: Property lists don't support
octal, so please convert the value to decimal.
'';
@ -865,18 +865,18 @@ with lib;
Bonjour = mkOption {
type = types.nullOr (types.either types.bool (types.listOf types.str));
default = null;
description = ''
description = lib.mdDoc ''
This optional key can be used to request that the service be registered with the
<literal>mDNSResponder(8)</literal>. If the value is boolean, the service name is inferred from the SockServiceName.
`mDNSResponder(8)`. If the value is boolean, the service name is inferred from the SockServiceName.
'';
};
MulticastGroup = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
description = lib.mdDoc ''
This optional key can be used to request that the datagram socket join a multicast group. If the
value is a hostname, then <literal>getaddrinfo(3)</literal> will be used to join the correct multicast address for a
value is a hostname, then `getaddrinfo(3)` will be used to join the correct multicast address for a
given socket family. If an explicit IPv4 or IPv6 address is given, it is required that the SockFamily
family also be set, otherwise the results are undefined.
'';

10
modules/lib/write-text.nix
View file

@ -16,7 +16,7 @@ in
enable = mkOption {
type = types.bool;
default = true;
description = ''
description = lib.mdDoc ''
Whether this file should be generated.
This option allows specific files to be disabled.
'';
@ -25,7 +25,7 @@ in
text = mkOption {
type = types.lines;
default = "";
description = ''
description = lib.mdDoc ''
Text of the file.
'';
};
@ -33,14 +33,14 @@ in
target = mkOption {
type = types.str;
default = name;
description = ''
description = lib.mdDoc ''
Name of symlink. Defaults to the attribute name.
'';
};
source = mkOption {
type = types.path;
description = ''
description = lib.mdDoc ''
Path of the source file.
'';
};
@ -48,7 +48,7 @@ in
copy = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Whether this file should be copied instead of symlinking.
'';
};

6
modules/meta.nix
View file

@ -35,13 +35,13 @@ in
internal = true;
default = [];
example = [ lib.maintainers.all ];
description = ''
description = lib.mdDoc ''
List of maintainers of each module. This option should be defined at
most once per module.
NOTE: <literal>lib</literal> comes from Nixpkgs, which can go out of
NOTE: `lib` comes from Nixpkgs, which can go out of
sync with nix-darwin. For this reason, use definitions like
<literal>maintainers.alice or "alice"</literal>.
`maintainers.alice or "alice"`.
'';
};

4
modules/misc/ids.nix
View file

@ -18,7 +18,7 @@ in
ids.uids = lib.mkOption {
internal = true;
description = ''
description = lib.mdDoc ''
The user IDs used in NixOS.
'';
type = types.attrsOf types.int;
@ -26,7 +26,7 @@ in
ids.gids = lib.mkOption {
internal = true;
description = ''
description = lib.mdDoc ''
The group IDs used in NixOS.
'';
type = types.attrsOf types.int;

2
modules/misc/lib.nix
View file

@ -7,7 +7,7 @@
type = lib.types.attrsOf lib.types.attrs;
description = ''
description = lib.mdDoc ''
This option allows modules to define helper functions, constants, etc.
'';
};

3
modules/module-list.nix
View file

@ -8,6 +8,7 @@
./security/pki
./security/sandbox
./system
./system/base.nix
./system/checks.nix
./system/activation-scripts.nix
./system/applications.nix
@ -39,6 +40,7 @@
./time
./networking
./nix
./nix/linux-builder.nix
./nix/nix-darwin.nix
./nix/nixpkgs.nix
./environment
@ -53,6 +55,7 @@
./services/emacs.nix
./services/gitlab-runner.nix
./services/hercules-ci-agent
./services/ipfs.nix
./services/karabiner-elements
./services/khd
./services/kwm

14
modules/networking/default.nix
View file

@ -29,7 +29,7 @@ in
type = types.nullOr types.str;
default = null;
example = "Johns MacBook Pro";
description = ''
description = lib.mdDoc ''
The user-friendly name for the system, set in System Preferences > Sharing > Computer Name.
Setting this option is equivalent to running `scutil --set ComputerName`.
@ -42,7 +42,7 @@ in
type = types.nullOr (types.strMatching hostnameRegEx);
default = null;
example = "Johns-MacBook-Pro";
description = ''
description = lib.mdDoc ''
The hostname of your system, as visible from the command line and used by local and remote
networks when connecting through SSH and Remote Login.
@ -56,7 +56,7 @@ in
type = types.nullOr (types.strMatching hostnameRegEx);
default = cfg.hostName;
example = "Johns-MacBook-Pro";
description = ''
description = lib.mdDoc ''
The local hostname, or local network name, is displayed beneath the computer's name at the
top of the Sharing preferences pane. It identifies your Mac to Bonjour-compatible services.
@ -74,11 +74,11 @@ in
type = types.listOf types.str;
default = [];
example = [ "Wi-Fi" "Ethernet Adaptor" "Thunderbolt Ethernet" ];
description = ''
description = lib.mdDoc ''
List of networkservices that should be configured.
To display a list of all the network services on the server's
hardware ports, use <command>networksetup -listallnetworkservices</command>.
hardware ports, use {command}`networksetup -listallnetworkservices`.
'';
};
@ -86,13 +86,13 @@ in
type = types.listOf types.str;
default = [];
example = [ "8.8.8.8" "8.8.4.4" "2001:4860:4860::8888" "2001:4860:4860::8844" ];
description = "The list of dns servers used when resolving domain names.";
description = lib.mdDoc "The list of dns servers used when resolving domain names.";
};
networking.search = mkOption {
type = types.listOf types.str;
default = [];
description = "The list of search paths used when resolving domain names.";
description = lib.mdDoc "The list of search paths used when resolving domain names.";
};
};

190
modules/nix/default.nix
View file

@ -135,15 +135,16 @@ in
{
imports =
let
altOption = alt: "No `nix-darwin` equivilant to this NixOS option, consider using `${alt}` instead.";
altOption = alt: "No `nix-darwin` equivalent to this NixOS option, consider using `${alt}` instead.";
consider = alt: "Consider using `${alt}` instead.";
in
[
# Only ever in NixOS
(mkRemovedOptionModule [ "nix" "enable" ] "No `nix-darwin` equivilant to this NixOS option.")
(mkRemovedOptionModule [ "nix" "enable" ] "No `nix-darwin` equivalent to this NixOS option.")
(mkRemovedOptionModule [ "nix" "daemonCPUSchedPolicy" ] (altOption "nix.daemonProcessType"))
(mkRemovedOptionModule [ "nix" "daemonIOSchedClass" ] (altOption "nix.daemonProcessType"))
(mkRemovedOptionModule [ "nix" "daemonIOSchedPriority" ] (altOption "nix.daemonIOLowPriority"))
(mkRemovedOptionModule [ "nix" "readOnlyStore" ] "No `nix-darwin` equivalent to this NixOS option.")
# Option changes in `nix-darwin`
(mkRemovedOptionModule [ "nix" "profile" ] "Use `nix.package` instead.")
@ -164,7 +165,7 @@ in
type = types.package;
default = pkgs.nix;
defaultText = literalExpression "pkgs.nix";
description = ''
description = lib.mdDoc ''
This option specifies the Nix package instance to use throughout the system.
'';
};
@ -173,19 +174,19 @@ in
useDaemon = mkOption {
type = types.bool;
default = false;
description = "
description = lib.mdDoc ''
If set, Nix will use the daemon to perform operations.
Use this instead of services.nix-daemon.enable if you don't wan't the
Use this instead of services.nix-daemon.enable if you don't want the
daemon service to be managed for you.
";
'';
};
distributedBuilds = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Whether to distribute builds to the machines listed in
<option>nix.buildMachines</option>.
{option}`nix.buildMachines`.
NOTE: This requires services.nix-daemon.enable for a
multi-user install.
@ -196,13 +197,13 @@ in
daemonProcessType = mkOption {
type = types.enum [ "Background" "Standard" "Adaptive" "Interactive" ];
default = "Standard";
description = ''
description = lib.mdDoc ''
Nix daemon process resource limits class. These limits propagate to
build processes. <literal>Standard</literal> is the default process type
build processes. `Standard` is the default process type
and will apply light resource limits, throttling its CPU usage and I/O
bandwidth.
See <command>man launchd.plist</command> for explanation of other
See {command}`man launchd.plist` for explanation of other
process types.
'';
};
@ -211,7 +212,7 @@ in
daemonIOLowPriority = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Whether the Nix daemon process should considered to be low priority when
doing file system I/O.
'';
@ -223,18 +224,31 @@ in
hostName = mkOption {
type = types.str;
example = "nixbuilder.example.org";
description = ''
description = lib.mdDoc ''
The hostname of the build machine.
'';
};
protocol = mkOption {
type = types.enum [ null "ssh" "ssh-ng" ];
default = "ssh";
example = "ssh-ng";
description = lib.mdDoc ''
The protocol used for communicating with the build machine.
Use `ssh-ng` if your remote builder and your
local Nix version support that improved protocol.
Use `null` when trying to change the special localhost builder
without a protocol which is for example used by hydra.
'';
};
system = mkOption {
type = types.nullOr types.str;
default = null;
example = "x86_64-linux";
description = ''
description = lib.mdDoc ''
The system type the build machine can execute derivations on.
Either this attribute or <varname>systems</varname> must be
present, where <varname>system</varname> takes precedence if
Either this attribute or {var}`systems` must be
present, where {var}`system` takes precedence if
both are set.
'';
};
@ -242,10 +256,10 @@ in
type = types.listOf types.str;
default = [ ];
example = [ "x86_64-linux" "aarch64-linux" ];
description = ''
description = lib.mdDoc ''
The system types the build machine can execute derivations on.
Either this attribute or <varname>system</varname> must be
present, where <varname>system</varname> takes precedence if
Either this attribute or {var}`system` must be
present, where {var}`system` takes precedence if
both are set.
'';
};
@ -253,18 +267,18 @@ in
type = types.nullOr types.str;
default = null;
example = "builder";
description = ''
description = lib.mdDoc ''
The username to log in as on the remote host. This user must be
able to log in and run nix commands non-interactively. It must
also be privileged to build derivations, so must be included in
<option>nix.settings.trusted-users</option>.
{option}`nix.settings.trusted-users`.
'';
};
sshKey = mkOption {
type = types.nullOr types.str;
default = null;
example = "/root/.ssh/id_buildhost_builduser";
description = ''
description = lib.mdDoc ''
The path to the SSH private key with which to authenticate on
the build machine. The private key must not have a passphrase.
If null, the building user (root on NixOS machines) must have an
@ -277,7 +291,7 @@ in
maxJobs = mkOption {
type = types.int;
default = 1;
description = ''
description = lib.mdDoc ''
The number of concurrent jobs the build machine supports. The
build machine will enforce its own limits, but this allows hydra
to schedule better since there is no work-stealing between build
@ -287,7 +301,7 @@ in
speedFactor = mkOption {
type = types.int;
default = 1;
description = ''
description = lib.mdDoc ''
The relative speed of this builder. This is an arbitrary integer
that indicates the speed of this builder, relative to other
builders. Higher is faster.
@ -297,18 +311,18 @@ in
type = types.listOf types.str;
default = [ ];
example = [ "big-parallel" ];
description = ''
description = lib.mdDoc ''
A list of features mandatory for this builder. The builder will
be ignored for derivations that don't require all features in
this list. All mandatory features are automatically included in
<varname>supportedFeatures</varname>.
{var}`supportedFeatures`.
'';
};
supportedFeatures = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "kvm" "big-parallel" ];
description = ''
description = lib.mdDoc ''
A list of features supported by this builder. The builder will
be ignored for derivations that require features not in this
list.
@ -317,18 +331,18 @@ in
publicHostKey = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
description = lib.mdDoc ''
The (base64-encoded) public host key of this builder. The field
is calculated via <command>base64 -w0 /etc/ssh/ssh_host_type_key.pub</command>.
is calculated via {command}`base64 -w0 /etc/ssh/ssh_host_type_key.pub`.
If null, SSH will use its regular known-hosts file when connecting.
'';
};
};
});
default = [ ];
description = ''
description = lib.mdDoc ''
This option lists the machines to be used if distributed builds are
enabled (see <option>nix.distributedBuilds</option>).
enabled (see {option}`nix.distributedBuilds`).
Nix will perform derivations on those machines via SSH by copying the
inputs to the Nix store on the remote machine, starting the build,
then copying the output back to the local Nix store.
@ -340,39 +354,28 @@ in
type = types.attrs;
internal = true;
default = { };
description = "Environment variables used by Nix.";
description = lib.mdDoc "Environment variables used by Nix.";
};
# Not in NixOS module
configureBuildUsers = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Enable configuration for nixbld group and users.
'';
};
nrBuildUsers = mkOption {
type = types.int;
description = ''
Number of <literal>nixbld</literal> user accounts created to
description = lib.mdDoc ''
Number of `nixbld` user accounts created to
perform secure concurrent builds. If you receive an error
message saying that all build users are currently in use,
you should increase this value.
'';
};
readOnlyStore = mkOption {
type = types.bool;
default = true;
description = ''
If set, Nix will enforce the immutability of the Nix store
by making <filename>/nix/store</filename> a read-only bind
mount. Nix will automatically make the store writable when
needed.
'';
};
# Definition differs substantially from NixOS module
nixPath = mkOption {
type = nixPathType;
@ -381,10 +384,10 @@ in
{ darwin-config = "${config.environment.darwinConfig}"; }
"/nix/var/nix/profiles/per-user/root/channels"
];
description = ''
description = lib.mdDoc ''
The default Nix expression search path, used by the Nix
evaluator to look up paths enclosed in angle brackets
(e.g. <literal>&lt;nixpkgs&gt;</literal>).
(e.g. `<nixpkgs>`).
Named entries can be specified using an attribute set, if an
entry is configured multiple times the value with the lowest
@ -395,7 +398,7 @@ in
checkConfig = mkOption {
type = types.bool;
default = true;
description = ''
description = lib.mdDoc ''
If enabled (the default), checks for data type mismatches and that Nix
can parse the generated nix.conf.
'';
@ -417,28 +420,28 @@ in
from = mkOption {
type = referenceAttrs;
example = { type = "indirect"; id = "nixpkgs"; };
description = "The flake reference to be rewritten.";
description = lib.mdDoc "The flake reference to be rewritten.";
};
to = mkOption {
type = referenceAttrs;
example = { type = "github"; owner = "my-org"; repo = "my-nixpkgs"; };
description = "The flake reference <option>from</option> is rewritten to.";
description = lib.mdDoc "The flake reference {option}`from` is rewritten to.";
};
flake = mkOption {
type = types.nullOr types.attrs;
default = null;
example = literalExpression "nixpkgs";
description = ''
The flake input <option>from</option> is rewritten to.
description = lib.mdDoc ''
The flake input {option}`from` is rewritten to.
'';
};
exact = mkOption {
type = types.bool;
default = true;
description = ''
Whether the <option>from</option> reference needs to match exactly. If set,
a <option>from</option> reference like <literal>nixpkgs</literal> does not
match with a reference like <literal>nixpkgs/nixos-20.03</literal>.
description = lib.mdDoc ''
Whether the {option}`from` reference needs to match exactly. If set,
a {option}`from` reference like `nixpkgs` does not
match with a reference like `nixpkgs/nixos-20.03`.
'';
};
};
@ -456,7 +459,7 @@ in
}
));
default = { };
description = ''
description = lib.mdDoc ''
A system-wide flake registry.
'';
};
@ -468,7 +471,7 @@ in
keep-outputs = true
keep-derivations = true
'';
description = "Additional text appended to <filename>nix.conf</filename>.";
description = lib.mdDoc "Additional text appended to {file}`nix.conf`.";
};
settings = mkOption {
@ -480,7 +483,7 @@ in
type = types.either types.int (types.enum [ "auto" ]);
default = "auto";
example = 64;
description = ''
description = lib.mdDoc ''
This option defines the maximum number of jobs that Nix will try to
build in parallel. The default is auto, which means it will use all
available logical cores. It is recommend to set it to the total
@ -493,7 +496,7 @@ in
type = types.bool;
default = false;
example = true;
description = ''
description = lib.mdDoc ''
If set to true, Nix automatically detects files in the store that have
identical contents, and replaces them with hard links to a single copy.
This saves disk space. If set to false (the default), you can still run
@ -505,7 +508,7 @@ in
type = types.int;
default = 0;
example = 64;
description = ''
description = lib.mdDoc ''
This option defines the maximum number of concurrent tasks during
one build. It affects, e.g., -j option for make.
The special value 0 means that the builder should use all
@ -518,7 +521,7 @@ in
sandbox = mkOption {
type = types.either types.bool (types.enum [ "relaxed" ]);
default = false;
description = ''
description = lib.mdDoc ''
If set, Nix will perform builds in a sandboxed environment that it
will set up automatically for each build. This prevents impurities
in builds by disallowing access to dependencies outside of the Nix
@ -532,7 +535,7 @@ in
type = types.listOf types.str;
default = [ ];
example = [ "/dev" "/proc" ];
description = ''
description = lib.mdDoc ''
Directories from the host filesystem to be included
in the sandbox.
'';
@ -540,7 +543,7 @@ in
substituters = mkOption {
type = types.listOf types.str;
description = ''
description = lib.mdDoc ''
List of binary cache URLs used to obtain pre-built binaries
of Nix packages.
@ -552,21 +555,21 @@ in
type = types.listOf types.str;
default = [ ];
example = [ "https://hydra.nixos.org/" ];
description = ''
description = lib.mdDoc ''
List of binary cache URLs that non-root users can use (in
addition to those specified using
<option>nix.settings.substituters</option>) by passing
<literal>--option binary-caches</literal> to Nix commands.
{option}`nix.settings.substituters`) by passing
`--option binary-caches` to Nix commands.
'';
};
require-sigs = mkOption {
type = types.bool;
default = true;
description = ''
description = lib.mdDoc ''
If enabled (the default), Nix will only download binaries from binary caches if
they are cryptographically signed with any of the keys listed in
<option>nix.settings.trusted-public-keys</option>. If disabled, signatures are neither
{option}`nix.settings.trusted-public-keys`. If disabled, signatures are neither
required nor checked, so it's strongly recommended that you use only
trustworthy caches and https to prevent man-in-the-middle attacks.
'';
@ -575,13 +578,13 @@ in
trusted-public-keys = mkOption {
type = types.listOf types.str;
example = [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ];
description = ''
description = lib.mdDoc ''
List of public keys used to sign binary caches. If
<option>nix.settings.trusted-public-keys</option> is enabled,
{option}`nix.settings.trusted-public-keys` is enabled,
then Nix will use a binary from a binary cache if and only
if it is signed by <emphasis>any</emphasis> of the keys
if it is signed by *any* of the keys
listed here. By default, only the key for
<uri>cache.nixos.org</uri> is included.
`cache.nixos.org` is included.
'';
};
@ -589,13 +592,13 @@ in
type = types.listOf types.str;
default = [ "root" ];
example = [ "root" "alice" "@admin" ];
description = ''
description = lib.mdDoc ''
A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs. You
can also specify groups by prefixing them with
<literal>@</literal>; for instance,
<literal>@admin</literal> means all users in the wheel
`@`; for instance,
`@admin` means all users in the wheel
group.
'';
};
@ -619,28 +622,27 @@ in
type = types.listOf types.str;
default = [ "*" ];
example = [ "@admin" "@builders" "alice" "bob" ];
description = ''
description = lib.mdDoc ''
A list of names of users (separated by whitespace) that are
allowed to connect to the Nix daemon. As with
<option>nix.settings.trusted-users</option>, you can specify groups by
prefixing them with <literal>@</literal>. Also, you can
allow all users by specifying <literal>*</literal>. The
default is <literal>*</literal>. Note that trusted users are
{option}`nix.settings.trusted-users`, you can specify groups by
prefixing them with `@`. Also, you can
allow all users by specifying `*`. The
default is `*`. Note that trusted users are
always allowed to connect.
'';
};
};
};
default = { };
description = ''
description = lib.mdDoc ''
Configuration for Nix, see
<link xlink:href="https://nixos.org/manual/nix/stable/#sec-conf-file"/>
<https://nixos.org/manual/nix/stable/#sec-conf-file>
for avalaible options.
The value declared here will be translated directly to the key-value pairs Nix expects.
</para>
<para>
Nix configurations defined under <option>nix.*</option> will be translated and applied to this
option. In addition, configuration specified in <option>nix.extraOptions</option> which will be appended
Nix configurations defined under {option}`nix.*` will be translated and applied to this
option. In addition, configuration specified in {option}`nix.extraOptions` which will be appended
verbatim to the resulting config file.
'';
};
@ -662,9 +664,13 @@ in
# Not in NixOS module
environment.etc."nix/nix.conf".knownSha256Hashes = [
"7c2d80499b39256b03ee9abd3d6258343718306aca8d472c26ac32c9b0949093" # nix installer
"7c2d80499b39256b03ee9abd3d6258343718306aca8d472c26ac32c9b0949093" # official Nix installer
"19299897fa312d9d32b3c968c2872dd143085aa727140cec51f57c59083e93b9"
"c4ecc3d541c163c8fcc954ccae6b8cab28c973dc283fea5995c69aaabcdf785f"
"ef78f401a9b5a42fd15e967c50da384f99ec62f9dbc66ea38f1390b46b63e1ff" # official Nix installer 2.0
"c06b0c6080dd1d62e61a30cfad100c0cfed2d3bcd378e296632dc3b28b31dc69" # official Nix installer as of 2.0.1
"ff08c12813680da98c4240328f828647b67a65ba7aa89c022bd8072cba862cf1" # official Nix installer as of 2.4
"f3e03d851c240c1aa7daccd144ee929f0f5971982424c868c434eb6030e961d4" # DeterminateSystems Nix installer 0.10.0
];
environment.etc."nix/registry.json".text = builtins.toJSON {
@ -679,7 +685,7 @@ in
concatMapStrings
(machine:
(concatStringsSep " " ([
"${optionalString (machine.sshUser != null) "${machine.sshUser}@"}${machine.hostName}"
"${optionalString (machine.protocol != null) "${machine.protocol}://"}${optionalString (machine.sshUser != null) "${machine.sshUser}@"}${machine.hostName}"
(if machine.system != null then machine.system else if machine.systems != [ ] then concatStringsSep "," machine.systems else "-")
(if machine.sshKey != null then machine.sshKey else "-")
(toString machine.maxJobs)
@ -778,9 +784,9 @@ in
]);
users.knownGroups = mkIf cfg.configureBuildUsers [ "nixbld" ];
# Unreladed to use in NixOS module
# Unrelated to use in NixOS module
system.activationScripts.nix-daemon.text = mkIf cfg.useDaemon ''
if ! diff /etc/nix/nix.conf /run/current-system/etc/nix/nix.conf &> /dev/null; then
if ! diff /etc/nix/nix.conf /run/current-system/etc/nix/nix.conf &> /dev/null || ! diff /etc/nix/machines /run/current-system/etc/nix/machines &> /dev/null; then
echo "reloading nix-daemon..." >&2
launchctl kill HUP system/org.nixos.nix-daemon
fi

95
modules/nix/linux-builder.nix Normal file
View file

@ -0,0 +1,95 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (pkgs) stdenv;
cfg = config.nix.linux-builder;
builderWithOverrides = cfg.package.override {
inherit (cfg) modules;
};
in
{
options.nix.linux-builder = {
enable = mkEnableOption (lib.mdDoc "Linux builder");
package = mkOption {
type = types.package;
default = pkgs.darwin.linux-builder;
defaultText = "pkgs.darwin.linux-builder";
description = lib.mdDoc ''
This option specifies the Linux builder to use.
'';
};
modules = mkOption {
type = types.listOf types.anything;
default = [ ];
example = literalExpression ''
[
({ config, ... }:
{
virtualisation.darwin-builder.hostPort = 22;
})
]
'';
description = lib.mdDoc ''
This option specifies extra NixOS modules and configuration for the builder. You should first run the Linux builder
without changing this option otherwise you may not be able to build the Linux builder.
'';
};
};
config = mkIf cfg.enable {
assertions = [ {
assertion = config.nix.settings.trusted-users != [ "root" ] || (config.nix.settings.extra-trusted-users or [ ]) != [ ];
message = ''
Your user or group (@admin) needs to be added to `nix.settings.trusted-users` or `nix.settings.extra-trusted-users`
to use the Linux builder.
'';
} ];
system.activationScripts.preActivation.text = ''
mkdir -p /var/lib/darwin-builder
'';
launchd.daemons.linux-builder = {
environment = {
inherit (config.environment.variables) NIX_SSL_CERT_FILE;
};
serviceConfig = {
ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path /nix/store &amp;&amp; exec ${builderWithOverrides}/bin/create-builder"
];
KeepAlive = true;
RunAtLoad = true;
WorkingDirectory = "/var/lib/darwin-builder";
};
};
environment.etc."ssh/ssh_config.d/100-linux-builder.conf".text = ''
Host linux-builder
Hostname localhost
HostKeyAlias linux-builder
Port 31022
'';
nix.distributedBuilds = true;
nix.buildMachines = [{
hostName = "linux-builder";
sshUser = "builder";
sshKey = "/etc/nix/builder_ed25519";
system = "${stdenv.hostPlatform.uname.processor}-linux";
supportedFeatures = [ "kvm" "benchmark" "big-parallel" ];
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpCV2N4Yi9CbGFxdDFhdU90RStGOFFVV3JVb3RpQzVxQkorVXVFV2RWQ2Igcm9vdEBuaXhvcwo=";
}];
nix.settings.builders-use-substitutes = true;
};
}

38
modules/nix/nix-darwin.nix
View file

@ -1,33 +1,13 @@
{ config, pkgs, lib, ... }:
with lib;
{ config, pkgs, ... }:
let
inherit (pkgs) stdenv;
nix-tools = pkgs.callPackage ../../pkgs/nix-tools {
inherit (config.system) profile;
inherit (config.environment) systemPath;
nixPackage = config.nix.package;
};
extraPath = lib.makeBinPath [ config.nix.package pkgs.coreutils pkgs.jq pkgs.git ];
writeProgram = name: env: src:
pkgs.substituteAll ({
inherit name src;
dir = "bin";
isExecutable = true;
} // env);
darwin-option = writeProgram "darwin-option"
{
inherit (config.system) profile;
inherit (stdenv) shell;
}
../../pkgs/nix-tools/darwin-option.sh;
darwin-rebuild = writeProgram "darwin-rebuild"
{
inherit (config.system) profile;
inherit (stdenv) shell;
path = "${extraPath}:${config.environment.systemPath}";
}
../../pkgs/nix-tools/darwin-rebuild.sh;
inherit (nix-tools) darwin-option darwin-rebuild;
in
{
@ -39,5 +19,9 @@ in
darwin-rebuild
];
system.build = {
inherit darwin-option darwin-rebuild;
};
};
}

318
modules/nix/nixpkgs.nix
View file

@ -1,8 +1,53 @@
{ config, lib, pkgs, ... }:
{ config, options, lib, pkgs, ... }:
with lib;
let
# Backport from Nixpkgs 23.05
defaultOverridePriority =
lib.modules.defaultOverridePriority or lib.modules.defaultPriority;
# Backport from Nixpkgs 23.11
mergeAttrDefinitionsWithPrio = lib.mergeAttrDefinitionsWithPrio or (opt:
let
# Inlined to avoid warning about using internal APIs 🥴
pushDownProperties = cfg:
if cfg._type or "" == "merge" then
concatMap pushDownProperties cfg.contents
else if cfg._type or "" == "if" then
map (mapAttrs (n: v: mkIf cfg.condition v)) (pushDownProperties cfg.content)
else if cfg._type or "" == "override" then
map (mapAttrs (n: v: mkOverride cfg.priority v)) (pushDownProperties cfg.content)
else # FIXME: handle mkOrder?
[ cfg ];
defsByAttr =
lib.zipAttrs (
lib.concatLists (
lib.concatMap
({ value, ... }@def:
map
(lib.mapAttrsToList (k: value: { ${k} = def // { inherit value; }; }))
(pushDownProperties value)
)
opt.definitionsWithLocations
)
);
in
assert opt.type.name == "attrsOf" || opt.type.name == "lazyAttrsOf";
lib.mapAttrs
(k: v:
let merging = lib.mergeDefinitions (opt.loc ++ [k]) opt.type.nestedTypes.elemType v;
in {
value = merging.mergedValue;
inherit (merging.defsFinal') highestPrio;
})
defsByAttr);
cfg = config.nixpkgs;
opt = options.nixpkgs;
isConfig = x:
builtins.isAttrs x || lib.isFunction x;
@ -16,26 +61,27 @@ let
lhs = optCall lhs_ { inherit pkgs; };
rhs = optCall rhs_ { inherit pkgs; };
in
lhs // rhs //
recursiveUpdate lhs rhs //
optionalAttrs (lhs ? packageOverrides) {
packageOverrides = pkgs:
optCall lhs.packageOverrides pkgs //
optCall (attrByPath ["packageOverrides"] ({}) rhs) pkgs;
optCall (attrByPath [ "packageOverrides" ] { } rhs) pkgs;
} //
optionalAttrs (lhs ? perlPackageOverrides) {
perlPackageOverrides = pkgs:
optCall lhs.perlPackageOverrides pkgs //
optCall (attrByPath ["perlPackageOverrides"] ({}) rhs) pkgs;
optCall (attrByPath [ "perlPackageOverrides" ] { } rhs) pkgs;
};
configType = mkOptionType {
name = "nixpkgs config";
name = "nixpkgs-config";
description = "nixpkgs config";
check = x:
let traceXIfNot = c:
if c x then true
else lib.traceSeqN 1 x false;
in traceXIfNot isConfig;
merge = args: fold (def: mergeConfig def.value) {};
merge = args: foldr (def: mergeConfig def.value) {};
};
overlayType = mkOptionType {
@ -44,72 +90,260 @@ let
check = lib.isFunction;
merge = lib.mergeOneOption;
};
# TODO: Remove backwards compatibility hack when dropping
# 22.11 support.
pkgsType = types.pkgs or (types.uniq types.attrs) // {
# This type is only used by itself, so let's elaborate the description a bit
# for the purpose of documentation.
description = "An evaluation of Nixpkgs; the top level attribute set of packages";
};
hasBuildPlatform = opt.buildPlatform.highestPrio < (mkOptionDefault {}).priority;
hasHostPlatform = opt.hostPlatform.isDefined;
hasPlatform = hasHostPlatform || hasBuildPlatform;
# Context for messages
hostPlatformLine = optionalString hasHostPlatform "${showOptionWithDefLocs opt.hostPlatform}";
buildPlatformLine = optionalString hasBuildPlatform "${showOptionWithDefLocs opt.buildPlatform}";
legacyOptionsDefined =
optional (opt.system.highestPrio < (mkDefault {}).priority) opt.system
;
defaultPkgs =
if opt.hostPlatform.isDefined
then
let isCross = cfg.buildPlatform != cfg.hostPlatform;
systemArgs =
if isCross
then {
localSystem = cfg.buildPlatform;
crossSystem = cfg.hostPlatform;
}
else {
localSystem = cfg.hostPlatform;
};
in
import cfg.source ({
inherit (cfg) config overlays;
} // systemArgs)
else
import cfg.source {
inherit (cfg) config overlays;
localSystem = { inherit (cfg) system; };
};
finalPkgs = if opt.pkgs.isDefined then cfg.pkgs.appendOverlays cfg.overlays else defaultPkgs;
in
{
options = {
nixpkgs.config = mkOption {
options.nixpkgs = {
pkgs = mkOption {
type = pkgsType;
example = literalExpression "import <nixpkgs> {}";
description = lib.mdDoc ''
If set, the pkgs argument to all nix-darwin modules is the value of
this option, extended with `nixpkgs.overlays`, if
that is also set. The nix-darwin and Nixpkgs architectures must
match. Any other options in `nixpkgs.*`, notably `config`,
will be ignored.
The default value imports the Nixpkgs from
[](#opt-nixpkgs.source). The `config`, `overlays`, `localSystem`,
and `crossSystem` are based on this option's siblings.
This option can be used to increase
the performance of evaluation, or to create packages that depend
on a container that should be built with the exact same evaluation
of Nixpkgs, for example. Applications like this should set
their default value using `lib.mkDefault`, so
user-provided configuration can override it without using
`lib`.
'';
};
config = mkOption {
default = {};
example = literalExpression
''
{ firefox.enableGeckoMediaPlayer = true;
packageOverrides = pkgs: {
firefox60Pkgs = pkgs.firefox60Pkgs.override {
enableOfficialBranding = true;
};
};
}
{ allowBroken = true; allowUnfree = true; }
'';
type = configType;
description = ''
description = lib.mdDoc ''
The configuration of the Nix Packages collection. (For
details, see the Nixpkgs documentation.) It allows you to set
package configuration options, and to override packages
globally through the <varname>packageOverrides</varname>
option. The latter is a function that takes as an argument
the <emphasis>original</emphasis> Nixpkgs, and must evaluate
to a set of new or overridden packages.
package configuration options.
Ignored when `nixpkgs.pkgs` is set.
'';
};
nixpkgs.overlays = mkOption {
type = types.listOf overlayType;
overlays = mkOption {
default = [];
example = literalExpression ''
[ (self: super: {
openssh = super.openssh.override {
hpnSupport = true;
withKerberos = true;
kerberos = self.libkrb5;
};
};
) ]
'';
description = ''
example = literalExpression
''
[
(self: super: {
openssh = super.openssh.override {
hpnSupport = true;
kerberos = self.libkrb5;
};
})
]
'';
type = types.listOf overlayType;
description = lib.mdDoc ''
List of overlays to use with the Nix Packages collection.
(For details, see the Nixpkgs documentation.) It allows
you to override packages globally. This is a function that
takes as an argument the <emphasis>original</emphasis> Nixpkgs.
you to override packages globally. Each function in the list
takes as an argument the *original* Nixpkgs.
The first argument should be used for finding dependencies, and
the second should be used for overriding recipes.
If `nixpkgs.pkgs` is set, overlays specified here
will be applied after the overlays that were already present
in `nixpkgs.pkgs`.
'';
};
nixpkgs.system = mkOption {
hostPlatform = mkOption {
type = types.either types.str types.attrs; # TODO utilize lib.systems.parsedPlatform
example = { system = "aarch64-darwin"; config = "aarch64-apple-darwin"; };
# Make sure that the final value has all fields for sake of other modules
# referring to this. TODO make `lib.systems` itself use the module system.
apply = lib.systems.elaborate;
description = lib.mdDoc ''
Specifies the platform where the nix-darwin configuration will run.
To cross-compile, set also `nixpkgs.buildPlatform`.
Ignored when `nixpkgs.pkgs` is set.
'';
};
buildPlatform = mkOption {
type = types.either types.str types.attrs; # TODO utilize lib.systems.parsedPlatform
default = cfg.hostPlatform;
example = { system = "x86_64-darwin"; config = "x86_64-apple-darwin"; };
# Make sure that the final value has all fields for sake of other modules
# referring to this.
apply = lib.systems.elaborate;
defaultText = literalExpression
''config.nixpkgs.hostPlatform'';
description = lib.mdDoc ''
Specifies the platform on which nix-darwin should be built.
By default, nix-darwin is built on the system where it runs, but you can
change where it's built. Setting this option will cause nix-darwin to be
cross-compiled.
For instance, if you're doing distributed multi-platform deployment,
or if you're building machines, you can set this to match your
development system and/or build farm.
Ignored when `nixpkgs.pkgs` is set.
'';
};
system = mkOption {
type = types.str;
example = "x86_64-darwin";
default =
if opt.hostPlatform.isDefined
then
throw ''
Neither ${opt.system} nor any other option in nixpkgs.* is meant
to be read by modules and configurations.
Use pkgs.stdenv.hostPlatform instead.
''
else
throw ''
Neither ${opt.hostPlatform} nor the legacy option ${opt.system} has been set.
The option ${opt.system} is still fully supported for interoperability,
but will be deprecated in the future, so we recommend to set ${opt.hostPlatform}.
'';
defaultText = lib.literalMD ''
Traditionally `builtins.currentSystem`, but unset when invoking nix-darwin through `lib.darwinSystem`.
'';
description = lib.mdDoc ''
Specifies the Nix platform type on which nix-darwin should be built.
It is better to specify `nixpkgs.hostPlatform` instead.
Ignored when `nixpkgs.pkgs` or `nixpkgs.hostPlatform` is set.
'';
};
# nix-darwin only
source = mkOption {
type = types.path;
defaultText = literalMD ''
`<nixpkgs>` or nix-darwin's `nixpkgs` flake input
'';
description = lib.mdDoc ''
The path to import Nixpkgs from. If you're setting a custom
[](#opt-nixpkgs.pkgs) or `_module.args.pkgs`, setting this
to something with `rev` and `shortRev` attributes (such as a
flake input or `builtins.fetchGit` result) will also set
`system.nixpkgsRevision` and related options.
(nix-darwin only)
'';
};
constructedByUs = mkOption {
type = types.bool;
internal = true;
description = ''
Specifies the Nix platform type for which NixOS should be built.
If unset, it defaults to the platform type of your host system.
Specifying this option is useful when doing distributed
multi-platform deployment, or when building virtual machines.
Whether `pkgs` was constructed by this module. This is false when any of
`nixpkgs.pkgs` or `_module.args.pkgs` is set. (nix-darwin only)
'';
};
};
config = {
_module.args = {
pkgs =
# We explicitly set the default override priority, so that we do not need
# to evaluate finalPkgs in case an override is placed on `_module.args.pkgs`.
# After all, to determine a definition priority, we need to evaluate `._type`,
# which is somewhat costly for Nixpkgs. With an explicit priority, we only
# evaluate the wrapper to find out that the priority is lower, and then we
# don't need to evaluate `finalPkgs`.
lib.mkOverride defaultOverridePriority
finalPkgs.__splicedPackages;
};
# _module.args.pkgs is defined in ../../eval-config.nix
nixpkgs.constructedByUs =
# We set it with default priority and it can not be merged, so if the
# pkgs module argument has that priority, it's from us.
(mergeAttrDefinitionsWithPrio options._module.args).pkgs.highestPrio
== defaultOverridePriority
# Although, if nixpkgs.pkgs is set, we did forward it, but we did not construct it.
&& !opt.pkgs.isDefined;
assertions = [
(
let
pkgsSystem = finalPkgs.stdenv.targetPlatform.system;
in {
assertion = cfg.constructedByUs -> !hasPlatform -> cfg.system == pkgsSystem;
message = "The nix-darwin nixpkgs.pkgs option was set to a Nixpkgs invocation that compiles to target system ${pkgsSystem} but nix-darwin was configured for system ${darwinExpectedSystem} via nix-darwin option nixpkgs.system. The nix-darwin system settings must match the Nixpkgs target system.";
}
)
{
assertion = cfg.constructedByUs -> hasPlatform -> legacyOptionsDefined == [];
message = ''
Your system configures nixpkgs with the platform parameter${optionalString hasBuildPlatform "s"}:
${hostPlatformLine
}${buildPlatformLine
}
However, it also defines the legacy options:
${concatMapStrings showOptionWithDefLocs legacyOptionsDefined}
For a future proof system configuration, we recommend to remove
the legacy definitions.
'';
}
];
};
}

13
modules/programs/bash/default.nix
View file

@ -12,19 +12,19 @@ in
programs.bash.enable = mkOption {
type = types.bool;
default = true;
description = "Whether to configure bash as an interactive shell.";
description = lib.mdDoc "Whether to configure bash as an interactive shell.";
};
programs.bash.interactiveShellInit = mkOption {
default = "";
description = "Shell script code called during interactive bash shell initialisation.";
description = lib.mdDoc "Shell script code called during interactive bash shell initialisation.";
type = types.lines;
};
programs.bash.enableCompletion = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Enable bash completion for all interactive bash shells.
NOTE. This doesn't work with bash 3.2, which is the default on macOS.
@ -96,9 +96,10 @@ in
'';
environment.etc."bashrc".knownSha256Hashes = [
"444c716ac2ccd9e1e3347858cb08a00d2ea38e8c12fdc5798380dc261e32e9ef"
"617b39e36fa69270ddbee19ddc072497dbe7ead840cbd442d9f7c22924f116f4" # nix installer
"6be16cf7c24a3c6f7ae535c913347a3be39508b3426f5ecd413e636e21031e66" # nix installer
"444c716ac2ccd9e1e3347858cb08a00d2ea38e8c12fdc5798380dc261e32e9ef" # macOS
"617b39e36fa69270ddbee19ddc072497dbe7ead840cbd442d9f7c22924f116f4" # official Nix installer
"6be16cf7c24a3c6f7ae535c913347a3be39508b3426f5ecd413e636e21031e66" # official Nix installer
"08ffbf991a9e25839d38b80a0d3bce3b5a6c84b9be53a4b68949df4e7e487bb7" # DeterminateSystems installer
];
};

28
modules/programs/fish.nix
View file

@ -51,7 +51,7 @@ in
enable = mkOption {
default = false;
description = ''
description = lib.mdDoc ''
Whether to configure fish as an interactive shell.
'';
type = types.bool;
@ -60,15 +60,15 @@ in
useBabelfish = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, the configured environment will be translated to native fish using <link xlink:href="https://github.com/bouk/babelfish">babelfish</link>.
Otherwise, <link xlink:href="https://github.com/oh-my-fish/plugin-foreign-env">foreign-env</link> will be used.
description = lib.mdDoc ''
If enabled, the configured environment will be translated to native fish using [babelfish](https://github.com/bouk/babelfish).
Otherwise, [foreign-env](https://github.com/oh-my-fish/plugin-foreign-env) will be used.
'';
};
babelfishPackage = mkOption {
type = types.package;
description = ''
description = lib.mdDoc ''
The babelfish package to use when useBabelfish is
set to true.
'';
@ -77,7 +77,7 @@ in
vendor.config.enable = mkOption {
type = types.bool;
default = true;
description = ''
description = lib.mdDoc ''
Whether fish should source configuration snippets provided by other packages.
'';
};
@ -85,7 +85,7 @@ in
vendor.completions.enable = mkOption {
type = types.bool;
default = true;
description = ''
description = lib.mdDoc ''
Whether fish should use completion files provided by other packages.
'';
};
@ -93,15 +93,15 @@ in
vendor.functions.enable = mkOption {
type = types.bool;
default = true;
description = ''
description = lib.mdDoc ''
Whether fish should autoload fish functions provided by other packages.
'';
};
shellAliases = mkOption {
default = config.environment.shellAliases;
description = ''
Set of aliases for fish shell. See <option>environment.shellAliases</option>
description = lib.mdDoc ''
Set of aliases for fish shell. See {option}`environment.shellAliases`
for an option format description.
'';
type = types.attrs;
@ -109,7 +109,7 @@ in
shellInit = mkOption {
default = "";
description = ''
description = lib.mdDoc ''
Shell script code called during fish shell initialisation.
'';
type = types.lines;
@ -117,7 +117,7 @@ in
loginShellInit = mkOption {
default = "";
description = ''
description = lib.mdDoc ''
Shell script code called during fish login shell initialisation.
'';
type = types.lines;
@ -125,7 +125,7 @@ in
interactiveShellInit = mkOption {
default = "";
description = ''
description = lib.mdDoc ''
Shell script code called during interactive fish shell initialisation.
'';
type = types.lines;
@ -133,7 +133,7 @@ in
promptInit = mkOption {
default = "";
description = ''
description = lib.mdDoc ''
Shell script code used to initialise fish prompt.
'';
type = types.lines;

4
modules/programs/gnupg.nix
View file

@ -13,7 +13,7 @@ in
agent.enable = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Enables GnuPG agent for every user session.
'';
};
@ -21,7 +21,7 @@ in
agent.enableSSHSupport = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Enable SSH agent support in GnuPG agent. Also sets SSH_AUTH_SOCK
environment variable correctly.
'';

2
modules/programs/info/default.nix
View file

@ -11,7 +11,7 @@ in
programs.info.enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable info pages and the <command>info</command> command.";
description = lib.mdDoc "Whether to enable info pages and the {command}`info` command.";
};
};

6
modules/programs/man.nix
View file

@ -8,9 +8,9 @@ with lib;
programs.man.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable manual pages and the <command>man</command> command.
This also includes "man" outputs of all <literal>systemPackages</literal>.
description = lib.mdDoc ''
Whether to enable manual pages and the {command}`man` command.
This also includes "man" outputs of all `systemPackages`.
'';
};

4
modules/programs/nix-index/default.nix
View file

@ -11,14 +11,14 @@ in
programs.nix-index.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable nix-index and its command-not-found helper.";
description = lib.mdDoc "Whether to enable nix-index and its command-not-found helper.";
};
programs.nix-index.package = mkOption {
type = types.package;
default = pkgs.nix-index;
defaultText = "pkgs.nix-index";
description = "This option specifies the nix-index package to use.";
description = lib.mdDoc "This option specifies the nix-index package to use.";
};
};

77
modules/programs/ssh/default.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, ... }:
with lib;
@ -14,7 +14,7 @@ let
hostNames = mkOption {
type = types.listOf types.str;
default = [];
description = ''
description = lib.mdDoc ''
A list of host names and/or IP numbers used for accessing
the host's ssh service.
'';
@ -23,9 +23,9 @@ let
default = null;
type = types.nullOr types.str;
example = "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg==";
description = ''
description = lib.mdDoc ''
The public key data for the host. You can fetch a public key
from a running SSH server with the <command>ssh-keyscan</command>
from a running SSH server with the {command}`ssh-keyscan`
command. The public key should not include any host names, only
the key type and the key itself.
'';
@ -33,13 +33,13 @@ let
publicKeyFile = mkOption {
default = null;
type = types.nullOr types.path;
description = ''
description = lib.mdDoc ''
The path to the public key file for the host. The public
key file is read at build time and saved in the Nix store.
You can fetch a public key file from a running SSH server
with the <command>ssh-keyscan</command> command. The content
with the {command}`ssh-keyscan` command. The content
of the file should follow the same format as described for
the <literal>publicKey</literal> option.
the `publicKey` option.
'';
};
};
@ -54,13 +54,13 @@ let
keys = mkOption {
type = types.listOf types.str;
default = [];
description = ''
description = lib.mdDoc ''
A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys. The keys are added to a file that the SSH
daemon reads in addition to the the user's authorized_keys file.
You can combine the <literal>keys</literal> and
<literal>keyFiles</literal> options.
Warning: If you are using <literal>NixOps</literal> then don't use this
You can combine the `keys` and
`keyFiles` options.
Warning: If you are using `NixOps` then don't use this
option since it will replace the key required for deployment via ssh.
'';
};
@ -68,17 +68,18 @@ let
keyFiles = mkOption {
type = types.listOf types.path;
default = [];
description = ''
description = lib.mdDoc ''
A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys. The contents of the files are
read at build time and added to a file that the SSH daemon reads in
addition to the the user's authorized_keys file. You can combine the
<literal>keyFiles</literal> and <literal>keys</literal> options.
`keyFiles` and `keys` options.
'';
};
};
};
authKeysFiles = let
mkAuthKeyFile = u: nameValuePair "ssh/authorized_keys.d/${u.name}" {
copy = true;
@ -91,26 +92,37 @@ let
length u.openssh.authorizedKeys.keys != 0 || length u.openssh.authorizedKeys.keyFiles != 0
));
in listToAttrs (map mkAuthKeyFile usersWithKeys);
authKeysConfiguration =
{
"ssh/sshd_config.d/101-authorized-keys.conf" = {
copy = true;
text = "AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u\n";
};
};
oldAuthorizedKeysHash = "5a5dc1e20e8abc162ad1cc0259bfd1dbb77981013d87625f97d9bd215175fc0a";
in
{
options = {
users.users = mkOption {
type = with types; attrsOf (submodule userOptions);
};
services.openssh.authorizedKeysFiles = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
Specify the rules for which files to read on the host.
This is an advanced option. If you're looking to configure user
keys, you can generally use [](#opt-users.users._name_.openssh.authorizedKeys.keys)
or [](#opt-users.users._name_.openssh.authorizedKeys.keyFiles).
These are paths relative to the host root file system or home
directories and they are subject to certain token expansion rules.
See AuthorizedKeysFile in man sshd_config for details.
'';
};
programs.ssh.knownHosts = mkOption {
default = {};
type = types.attrsOf (types.submodule host);
description = ''
description = lib.mdDoc ''
The set of system-wide known SSH hosts.
'';
example = literalExpression ''
@ -135,13 +147,30 @@ in
(data.publicKey != null && data.publicKeyFile == null);
message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
});
environment.etc = authKeysFiles // authKeysConfiguration //
services.openssh.authorizedKeysFiles = [ "%h/.ssh/authorized_keys" "/etc/ssh/authorized_keys.d/%u" ];
environment.etc = authKeysFiles //
{ "ssh/ssh_known_hosts".text = (flip (concatMapStringsSep "\n") knownHosts
(h: assert h.hostNames != [];
concatStringsSep "," h.hostNames + " "
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n";
"ssh/sshd_config.d/101-authorized-keys.conf" = {
text = "AuthorizedKeysFile ${toString config.services.openssh.authorizedKeysFiles}\n";
# Allows us to automatically migrate from using a file to a symlink
knownSha256Hashes = [ oldAuthorizedKeysHash ];
};
};
# Clean up .before-nix-darwin file left over from using knownSha256Hashes
system.activationScripts.etc.text = ''
auth_keys_orig=/etc/ssh/sshd_config.d/101-authorized-keys.conf.before-nix-darwin
if [ -e "$auth_keys_orig" ] && [ "$(shasum -a 256 $auth_keys_orig | cut -d ' ' -f 1)" = "${oldAuthorizedKeysHash}" ]; then
rm "$auth_keys_orig"
fi
'';
};
}

16
modules/programs/tmux.nix
View file

@ -46,47 +46,47 @@ in
programs.tmux.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to configure tmux.";
description = lib.mdDoc "Whether to configure tmux.";
};
programs.tmux.enableSensible = mkOption {
type = types.bool;
default = false;
example = true;
description = "Enable sensible configuration options for tmux.";
description = lib.mdDoc "Enable sensible configuration options for tmux.";
};
programs.tmux.enableMouse = mkOption {
type = types.bool;
default = false;
example = true;
description = "Enable mouse support for tmux.";
description = lib.mdDoc "Enable mouse support for tmux.";
};
programs.tmux.enableFzf = mkOption {
type = types.bool;
default = false;
example = true;
description = "Enable fzf keybindings for selecting tmux sessions and panes.";
description = lib.mdDoc "Enable fzf keybindings for selecting tmux sessions and panes.";
};
programs.tmux.enableVim = mkOption {
type = types.bool;
default = false;
example = true;
description = "Enable vim style keybindings for copy mode, and navigation of tmux panes.";
description = lib.mdDoc "Enable vim style keybindings for copy mode, and navigation of tmux panes.";
};
programs.tmux.iTerm2 = mkOption {
type = types.bool;
default = false;
example = true;
description = "Cater to iTerm2 and its tmux integration, as appropriate.";
description = lib.mdDoc "Cater to iTerm2 and its tmux integration, as appropriate.";
};
programs.tmux.defaultCommand = mkOption {
type = types.either types.str types.package;
description = "The default command to use for tmux panes.";
description = lib.mdDoc "The default command to use for tmux panes.";
};
programs.tmux.tmuxOptions = mkOption {
@ -98,7 +98,7 @@ in
programs.tmux.extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra configuration to add to <filename>tmux.conf</filename>.";
description = lib.mdDoc "Extra configuration to add to {file}`tmux.conf`.";
};
};

10
modules/programs/vim.nix
View file

@ -18,14 +18,14 @@ in
programs.vim.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to configure vim.";
description = lib.mdDoc "Whether to configure vim.";
};
programs.vim.enableSensible = mkOption {
type = types.bool;
default = false;
example = true;
description = "Enable sensible configuration options for vim.";
description = lib.mdDoc "Enable sensible configuration options for vim.";
};
programs.vim.extraKnownPlugins = mkOption {
@ -46,14 +46,14 @@ in
};
}
'';
description = "Custom plugin declarations to add to VAM's knownPlugins.";
description = lib.mdDoc "Custom plugin declarations to add to VAM's knownPlugins.";
};
programs.vim.plugins = mkOption {
type = types.listOf types.attrs;
default = [];
example = [ { names = [ "surround" "vim-nix" ]; } ];
description = "VAM plugin dictionaries to use for vim_configurable.";
description = lib.mdDoc "VAM plugin dictionaries to use for vim_configurable.";
};
programs.vim.package = mkOption {
@ -70,7 +70,7 @@ in
programs.vim.vimConfig = mkOption {
type = types.lines;
default = "";
description = "Extra vimrcConfig to use for vim_configurable.";
description = lib.mdDoc "Extra vimrcConfig to use for vim_configurable.";
};
};

35
modules/programs/zsh/default.nix
View file

@ -18,13 +18,13 @@ in
programs.zsh.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to configure zsh as an interactive shell.";
description = lib.mdDoc "Whether to configure zsh as an interactive shell.";
};
programs.zsh.variables = mkOption {
type = types.attrsOf (types.either types.str (types.listOf types.str));
default = {};
description = ''
description = lib.mdDoc ''
A set of environment variables used in the global environment.
These variables will be set on shell initialisation.
The value of each variable can be either a string or a list of
@ -37,61 +37,61 @@ in
programs.zsh.shellInit = mkOption {
type = types.lines;
default = "";
description = "Shell script code called during zsh shell initialisation.";
description = lib.mdDoc "Shell script code called during zsh shell initialisation.";
};
programs.zsh.loginShellInit = mkOption {
type = types.lines;
default = "";
description = "Shell script code called during zsh login shell initialisation.";
description = lib.mdDoc "Shell script code called during zsh login shell initialisation.";
};
programs.zsh.interactiveShellInit = mkOption {
type = types.lines;
default = "";
description = "Shell script code called during interactive zsh shell initialisation.";
description = lib.mdDoc "Shell script code called during interactive zsh shell initialisation.";
};
programs.zsh.promptInit = mkOption {
type = types.lines;
default = "autoload -U promptinit && promptinit && prompt walters";
description = "Shell script code used to initialise the zsh prompt.";
default = "autoload -U promptinit && promptinit && prompt walters && setopt prompt_sp";
description = lib.mdDoc "Shell script code used to initialise the zsh prompt.";
};
programs.zsh.enableCompletion = mkOption {
type = types.bool;
default = true;
description = "Enable zsh completion for all interactive zsh shells.";
description = lib.mdDoc "Enable zsh completion for all interactive zsh shells.";
};
programs.zsh.enableBashCompletion = mkOption {
type = types.bool;
default = true;
description = "Enable bash completion for all interactive zsh shells.";
description = lib.mdDoc "Enable bash completion for all interactive zsh shells.";
};
programs.zsh.enableFzfCompletion = mkOption {
type = types.bool;
default = false;
description = "Enable fzf completion.";
description = lib.mdDoc "Enable fzf completion.";
};
programs.zsh.enableFzfGit = mkOption {
type = types.bool;
default = false;
description = "Enable fzf keybindings for C-g git browsing.";
description = lib.mdDoc "Enable fzf keybindings for C-g git browsing.";
};
programs.zsh.enableFzfHistory = mkOption {
type = types.bool;
default = false;
description = "Enable fzf keybinding for Ctrl-r history search.";
description = lib.mdDoc "Enable fzf keybinding for Ctrl-r history search.";
};
programs.zsh.enableSyntaxHighlighting = mkOption {
type = types.bool;
default = false;
description = "Enable zsh-syntax-highlighting.";
description = lib.mdDoc "Enable zsh-syntax-highlighting.";
};
};
@ -194,14 +194,15 @@ in
environment.etc."zprofile".knownSha256Hashes = [
"db8422f92d8cff684e418f2dcffbb98c10fe544b5e8cd588b2009c7fa89559c5"
"0235d3c1b6cf21e7043fbc98e239ee4bc648048aafaf6be1a94a576300584ef2"
"0235d3c1b6cf21e7043fbc98e239ee4bc648048aafaf6be1a94a576300584ef2" # macOS
];
environment.etc."zshrc".knownSha256Hashes = [
"19a2d673ffd47b8bed71c5218ff6617dfc5e8533b240b9ba79142a45f8823c23"
"fb5827cb4712b7e7932d438067ec4852c8955a9ff0f55e282473684623ebdfa1"
"c5a00c072c920f46216454978c44df044b2ec6d03409dc492c7bdcd92c94a110" # nix install
"40b0d8751adae5b0100a4f863be5b75613a49f62706427e92604f7e04d2e2261" # nix install
"fb5827cb4712b7e7932d438067ec4852c8955a9ff0f55e282473684623ebdfa1" # macOS
"c5a00c072c920f46216454978c44df044b2ec6d03409dc492c7bdcd92c94a110" # official Nix installer
"40b0d8751adae5b0100a4f863be5b75613a49f62706427e92604f7e04d2e2261" # official Nix installer
"2af1b563e389d11b76a651b446e858116d7a20370d9120a7e9f78991f3e5f336" # DeterminateSystems installer
];
};

4
modules/security/pam.nix
View file

@ -39,7 +39,7 @@ in
{
options = {
security.pam.enableSudoTouchIdAuth = mkEnableOption ''
security.pam.enableSudoTouchIdAuth = mkEnableOption (lib.mdDoc ''
Enable sudo authentication with Touch ID
When enabled, this option adds the following line to /etc/pam.d/sudo:
@ -49,7 +49,7 @@ in
(Note that macOS resets this file when doing a system update. As such, sudo
authentication with Touch ID won't work after a system update until the nix-darwin
configuration is reapplied.)
'';
'');
};
config = {

12
modules/security/pki/default.nix
View file

@ -25,12 +25,12 @@ in
type = types.listOf types.path;
default = [];
example = literalExpression "[ \"\${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\" ]";
description = ''
description = lib.mdDoc ''
A list of files containing trusted root certificates in PEM
format. These are concatenated to form
<filename>/etc/ssl/certs/ca-certificates.crt</filename>, which is
{file}`/etc/ssl/certs/ca-certificates.crt`, which is
used by many programs that use OpenSSL, such as
<command>curl</command> and <command>git</command>.
{command}`curl` and {command}`git`.
'';
};
@ -49,7 +49,7 @@ in
'''
]
'';
description = ''
description = lib.mdDoc ''
A list of trusted root certificates in PEM format.
'';
};
@ -62,10 +62,10 @@ in
"CA WoSign ECC Root"
"Certification Authority of WoSign G2"
];
description = ''
description = lib.mdDoc ''
A list of blacklisted CA certificate names that won't be imported from
the Mozilla Trust Store into
<filename>/etc/ssl/certs/ca-certificates.crt</filename>. Use the
{file}`/etc/ssl/certs/ca-certificates.crt`. Use the
names from that file.
'';
};

14
modules/security/sandbox/default.nix
View file

@ -27,37 +27,37 @@ let
type = types.listOf types.package;
default = [ ];
apply = paths: pkgs.closureInfo { rootPaths = paths; };
description = "List of store paths to make accessible.";
description = lib.mdDoc "List of store paths to make accessible.";
};
readablePaths = mkOption {
type = types.listOf types.path;
default = [ ];
description = "List of paths that should be read-only inside the sandbox.";
description = lib.mdDoc "List of paths that should be read-only inside the sandbox.";
};
writablePaths = mkOption {
type = types.listOf types.path;
default = [ ];
description = "List of paths that should be read/write inside the sandbox.";
description = lib.mdDoc "List of paths that should be read/write inside the sandbox.";
};
allowSystemPaths = mkOption {
type = types.bool;
default = false;
description = "Whether to allow read access to FHS paths like /etc and /var.";
description = lib.mdDoc "Whether to allow read access to FHS paths like /etc and /var.";
};
allowLocalNetworking = mkOption {
type = types.bool;
default = false;
description = "Whether to allow localhost network access inside the sandbox.";
description = lib.mdDoc "Whether to allow localhost network access inside the sandbox.";
};
allowNetworking = mkOption {
type = types.bool;
default = false;
description = "Whether to allow network access inside the sandbox.";
description = lib.mdDoc "Whether to allow network access inside the sandbox.";
};
};
@ -133,7 +133,7 @@ in
security.sandbox.profiles = mkOption {
type = types.attrsOf (types.submodule profile);
default = { };
description = "Definition of sandbox profiles.";
description = lib.mdDoc "Definition of sandbox profiles.";
};
};

5
modules/services/activate-system/default.nix
View file

@ -3,8 +3,6 @@
with lib;
let
inherit (pkgs) stdenv;
cfg = config.services.activate-system;
in
@ -13,7 +11,7 @@ in
services.activate-system.enable = mkOption {
type = types.bool;
default = true;
description = "Whether to activate system at boot time.";
description = lib.mdDoc "Whether to activate system at boot time.";
};
};
@ -36,6 +34,7 @@ in
# Prevent the current configuration from being garbage-collected.
ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
${config.system.activationScripts.etcChecks.text}
${config.system.activationScripts.etc.text}
${config.system.activationScripts.keyboard.text}
'';

10
modules/services/autossh.nix
View file

@ -22,18 +22,18 @@ in
name = mkOption {
type = types.str;
example = "socks-peer";
description = "Name of the local AutoSSH session";
description = lib.mdDoc "Name of the local AutoSSH session";
};
user = mkOption {
type = types.str;
example = "bill";
description = "Name of the user the AutoSSH session should run as";
description = lib.mdDoc "Name of the user the AutoSSH session should run as";
};
monitoringPort = mkOption {
type = types.int;
default = 0;
example = 20000;
description = ''
description = lib.mdDoc ''
Port to be used by AutoSSH for peer monitoring. Note, that
AutoSSH also uses mport+1. Value of 0 disables the keep-alive
style monitoring
@ -42,7 +42,7 @@ in
extraArguments = mkOption {
type = types.str;
example = "-N -D4343 bill@socks.example.net";
description = ''
description = lib.mdDoc ''
Arguments to be passed to AutoSSH and retransmitted to SSH
process. Some meaningful options include -N (don't run remote
command), -D (open SOCKS proxy on local port), -R (forward
@ -54,7 +54,7 @@ in
});
default = [];
description = ''
description = lib.mdDoc ''
List of AutoSSH sessions to start as systemd services. Each service is
named 'autossh-{session.name}'.
'';

5
modules/services/buildkite-agents.nix
View file

@ -98,7 +98,7 @@ let
preCommands = mkOption {
type = types.lines;
default = "";
description = ''
description = lib.mdDoc ''
Extra commands to run before starting buildkite.
'';
};
@ -228,7 +228,8 @@ in
{ path = cfg.runtimePackages ++ [ cfg.package pkgs.coreutils pkgs.darwin.DarwinTools ];
environment = {
HOME = cfg.dataDir;
}// (if config.nix.useDaemon then { NIX_REMOTE = "daemon"; } else {});
inherit (config.environment.variables) NIX_SSL_CERT_FILE;
} // (if config.nix.useDaemon then { NIX_REMOTE = "daemon"; } else {});
## NB: maximum care is taken so that secrets (ssh keys and the CI token)
## don't end up in the Nix store.

16
modules/services/cachix-agent.nix
View file

@ -9,23 +9,23 @@ in {
enable = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Enable to run Cachix Agent as a system service.
Read <link xlink:href="https://docs.cachix.org/deploy/">Cachix Deploy</link> documentation for more information.
Read [Cachix Deploy](https://docs.cachix.org/deploy/) documentation for more information.
'';
};
name = mkOption {
type = types.str;
default = config.networking.hostName;
description = ''
description = lib.mdDoc ''
Agent name, usually the same as the hostname.
'';
};
package = mkOption {
description = ''
description = lib.mdDoc ''
Package containing cachix executable.
'';
type = types.package;
@ -36,15 +36,17 @@ in {
credentialsFile = mkOption {
type = types.path;
default = "/etc/cachix-agent.token";
description = ''
Required file that needs to contain CACHIX_AGENT_TOKEN=...
description = lib.mdDoc ''
Required file that needs to contain:
export CACHIX_AGENT_TOKEN=...
'';
};
logFile = mkOption {
type = types.nullOr types.path;
default = "/var/log/cachix-agent.log";
description = "Absolute path to log all stderr and stdout";
description = lib.mdDoc "Absolute path to log all stderr and stdout";
};
};

16
modules/services/chunkwm.nix
View file

@ -12,51 +12,51 @@ in
services.chunkwm.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the chunkwm window manager.";
description = lib.mdDoc "Whether to enable the chunkwm window manager.";
};
services.chunkwm.package = mkOption {
type = types.package;
example = literalExpression "pkgs.chunkwm";
description = "This option specifies the chunkwm package to use.";
description = lib.mdDoc "This option specifies the chunkwm package to use.";
};
services.chunkwm.hotload = mkOption {
type = types.bool;
default = true;
description = "Whether to enable hotload.";
description = lib.mdDoc "Whether to enable hotload.";
};
services.chunkwm.extraConfig = mkOption {
type = types.lines;
default = "";
example = ''chunkc tiling::rule --owner Emacs --state tile'';
description = "Additional commands for <filename>chunkwmrc</filename>.";
description = lib.mdDoc "Additional commands for {file}`chunkwmrc`.";
};
services.chunkwm.plugins.dir = mkOption {
type = types.path;
default = "/run/current-system/sw/lib/chunkwm/plugins";
description = "Chunkwm Plugins directory.";
description = lib.mdDoc "Chunkwm Plugins directory.";
};
services.chunkwm.plugins.list = mkOption {
type = types.listOf (types.enum plugins);
default = plugins;
example = ["tiling"];
description = "Chunkwm Plugins to enable.";
description = lib.mdDoc "Chunkwm Plugins to enable.";
};
services.chunkwm.plugins."border".config = mkOption {
type = types.lines;
default = ''chunkc set focused_border_color 0xffc0b18b'';
description = "Optional border plugin configuration.";
description = lib.mdDoc "Optional border plugin configuration.";
};
services.chunkwm.plugins."tiling".config = mkOption {
type = types.lines;
example = ''chunkc set global_desktop_mode bsp'';
description = "Optional tiling plugin configuration.";
description = lib.mdDoc "Optional tiling plugin configuration.";
};
};

10
modules/services/dnsmasq.nix
View file

@ -12,32 +12,32 @@ in
services.dnsmasq.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable DNSmasq.";
description = lib.mdDoc "Whether to enable DNSmasq.";
};
services.dnsmasq.package = mkOption {
type = types.path;
default = pkgs.dnsmasq;
defaultText = "pkgs.dnsmasq";
description = "This option specifies the dnsmasq package to use.";
description = lib.mdDoc "This option specifies the dnsmasq package to use.";
};
services.dnsmasq.bind = mkOption {
type = types.str;
default = "127.0.0.1";
description = "This option specifies the interface on which DNSmasq will listen.";
description = lib.mdDoc "This option specifies the interface on which DNSmasq will listen.";
};
services.dnsmasq.port = mkOption {
type = types.int;
default = 53;
description = "This option specifies port on which DNSmasq will listen.";
description = lib.mdDoc "This option specifies port on which DNSmasq will listen.";
};
services.dnsmasq.addresses = mkOption {
type = types.attrs;
default = {};
description = "List of domains that will be redirected by the DNSmasq.";
description = lib.mdDoc "List of domains that will be redirected by the DNSmasq.";
example = literalExpression ''
{ localhost = "127.0.0.1"; }
'';

8
modules/services/emacs.nix
View file

@ -12,20 +12,20 @@ in {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the Emacs Daemon.";
description = lib.mdDoc "Whether to enable the Emacs Daemon.";
};
package = mkOption {
type = types.path;
default = pkgs.emacs;
description = "This option specifies the emacs package to use.";
description = lib.mdDoc "This option specifies the emacs package to use.";
};
additionalPath = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "/Users/my_user_name" ];
description = ''
description = lib.mdDoc ''
This option specifies additional PATH that the emacs daemon would have.
Typically if you have binaries in your home directory that is what you would add your home path here.
One caveat is that there won't be shell variable expansion, so you can't use $HOME for example
@ -35,7 +35,7 @@ in {
exec = mkOption {
type = types.str;
default = "emacs";
description = "Emacs command/binary to execute.";
description = lib.mdDoc "Emacs command/binary to execute.";
};
};
};

112
modules/services/gitlab-runner.nix
View file

@ -117,19 +117,19 @@ let
in
{
options.services.gitlab-runner = {
enable = mkEnableOption "Gitlab Runner";
enable = mkEnableOption (lib.mdDoc "Gitlab Runner");
configFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
description = lib.mdDoc ''
Configuration file for gitlab-runner.
<option>configFile</option> takes precedence over <option>services</option>.
<option>checkInterval</option> and <option>concurrent</option> will be ignored too.
{option}`configFile` takes precedence over {option}`services`.
{option}`checkInterval` and {option}`concurrent` will be ignored too.
This option is deprecated, please use <option>services</option> instead.
You can use <option>registrationConfigFile</option> and
<option>registrationFlags</option>
This option is deprecated, please use {option}`services` instead.
You can use {option}`registrationConfigFile` and
{option}`registrationFlags`
for settings not covered by this module.
'';
};
@ -137,18 +137,18 @@ in
type = types.int;
default = 0;
example = literalExpression "with lib; (length (attrNames config.services.gitlab-runner.services)) * 3";
description = ''
description = lib.mdDoc ''
Defines the interval length, in seconds, between new jobs check.
The default value is 3;
if set to 0 or lower, the default value will be used.
See <link xlink:href="https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-check_interval-works">runner documentation</link> for more information.
See [runner documentation](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#how-check_interval-works) for more information.
'';
};
concurrent = mkOption {
type = types.int;
default = 1;
example = literalExpression "config.nix.maxJobs";
description = ''
description = lib.mdDoc ''
Limits how many jobs globally can be run concurrently.
The most upper limit of jobs using all defined runners.
0 does not mean unlimited.
@ -158,7 +158,7 @@ in
type = types.nullOr types.str;
default = null;
example = "https://public:private@host:port/1";
description = ''
description = lib.mdDoc ''
Data Source Name for tracking of all system level errors to Sentry.
'';
};
@ -166,7 +166,7 @@ in
type = types.nullOr types.str;
default = null;
example = "localhost:8080";
description = ''
description = lib.mdDoc ''
Address (&lt;host&gt;:&lt;port&gt;) on which the Prometheus metrics HTTP server
should be listening.
'';
@ -178,7 +178,7 @@ in
type = types.nullOr types.str;
default = null;
example = "0.0.0.0:8093";
description = ''
description = lib.mdDoc ''
An internal URL to be used for the session server.
'';
};
@ -186,16 +186,16 @@ in
type = types.nullOr types.str;
default = null;
example = "runner-host-name.tld:8093";
description = ''
description = lib.mdDoc ''
The URL that the Runner will expose to GitLab to be used
to access the session server.
Fallbacks to <option>listenAddress</option> if not defined.
Fallbacks to {option}`listenAddress` if not defined.
'';
};
sessionTimeout = mkOption {
type = types.int;
default = 1800;
description = ''
description = lib.mdDoc ''
How long in seconds the session can stay active after
the job completes (which will block the job from finishing).
'';
@ -208,16 +208,16 @@ in
listenAddress = "0.0.0.0:8093";
}
'';
description = ''
description = lib.mdDoc ''
The session server allows the user to interact with jobs
that the Runner is responsible for. A good example of this is the
<link xlink:href="https://docs.gitlab.com/ee/ci/interactive_web_terminal/index.html">interactive web terminal</link>.
[interactive web terminal](https://docs.gitlab.com/ee/ci/interactive_web_terminal/index.html).
'';
};
gracefulTermination = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Finish all remaining jobs before stopping.
If not set gitlab-runner will stop immediatly without waiting
for jobs to finish, which will lead to failed builds.
@ -227,7 +227,7 @@ in
type = types.str;
default = "infinity";
example = "5min 20s";
description = ''
description = lib.mdDoc ''
Time to wait until a graceful shutdown is turned into a forceful one.
'';
};
@ -236,17 +236,17 @@ in
default = pkgs.gitlab-runner;
defaultText = "pkgs.gitlab-runner";
example = literalExpression "pkgs.gitlab-runner_1_11";
description = "Gitlab Runner package to use.";
description = lib.mdDoc "Gitlab Runner package to use.";
};
extraPackages = mkOption {
type = types.listOf types.package;
default = [ ];
description = ''
description = lib.mdDoc ''
Extra packages to add to PATH for the gitlab-runner process.
'';
};
services = mkOption {
description = "GitLab Runner services.";
description = lib.mdDoc "GitLab Runner services.";
default = { };
example = literalExpression ''
{
@ -328,27 +328,27 @@ in
options = {
registrationConfigFile = mkOption {
type = types.path;
description = ''
description = lib.mdDoc ''
Absolute path to a file with environment variables
used for gitlab-runner registration.
A list of all supported environment variables can be found in
<literal>gitlab-runner register --help</literal>.
`gitlab-runner register --help`.
Ones that you probably want to set is
<literal>CI_SERVER_URL=&lt;CI server URL&gt;</literal>
`CI_SERVER_URL=<CI server URL>`
<literal>REGISTRATION_TOKEN=&lt;registration secret&gt;</literal>
`REGISTRATION_TOKEN=<registration secret>`
'';
};
registrationFlags = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "--docker-helper-image my/gitlab-runner-helper" ];
description = ''
description = lib.mdDoc ''
Extra command-line flags passed to
<literal>gitlab-runner register</literal>.
Execute <literal>gitlab-runner register --help</literal>
`gitlab-runner register`.
Execute `gitlab-runner register --help`
for a list of supported flags.
'';
};
@ -356,25 +356,25 @@ in
type = types.attrsOf types.str;
default = { };
example = { NAME = "value"; };
description = ''
description = lib.mdDoc ''
Custom environment variables injected to build environment.
For secrets you can use <option>registrationConfigFile</option>
with <literal>RUNNER_ENV</literal> variable set.
For secrets you can use {option}`registrationConfigFile`
with `RUNNER_ENV` variable set.
'';
};
executor = mkOption {
type = types.str;
default = "docker";
description = ''
description = lib.mdDoc ''
Select executor, eg. shell, docker, etc.
See <link xlink:href="https://docs.gitlab.com/runner/executors/README.html">runner documentation</link> for more information.
See [runner documentation](https://docs.gitlab.com/runner/executors/README.html) for more information.
'';
};
buildsDir = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/lib/gitlab-runner/builds";
description = ''
description = lib.mdDoc ''
Absolute path to a directory where builds will be stored
in context of selected executor (Locally, Docker, SSH).
'';
@ -383,14 +383,14 @@ in
type = types.nullOr types.str;
default = null;
example = "http://gitlab.example.local";
description = ''
description = lib.mdDoc ''
Overwrite the URL for the GitLab instance. Used if the Runner cant connect to GitLab on the URL GitLab exposes itself.
'';
};
dockerImage = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
description = lib.mdDoc ''
Docker image to be used.
'';
};
@ -398,7 +398,7 @@ in
type = types.listOf types.str;
default = [ ];
example = [ "/var/run/docker.sock:/var/run/docker.sock" ];
description = ''
description = lib.mdDoc ''
Bind-mount a volume and create it
if it doesn't exist prior to mounting.
'';
@ -406,14 +406,14 @@ in
dockerDisableCache = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Disable all container caching.
'';
};
dockerPrivileged = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Give extended privileges to container.
'';
};
@ -421,7 +421,7 @@ in
type = types.listOf types.str;
default = [ ];
example = [ "other-host:127.0.0.1" ];
description = ''
description = lib.mdDoc ''
Add a custom host-to-IP mapping.
'';
};
@ -429,7 +429,7 @@ in
type = types.listOf types.str;
default = [ ];
example = [ "ruby:*" "python:*" "php:*" "my.registry.tld:5000/*:*" ];
description = ''
description = lib.mdDoc ''
Whitelist allowed images.
'';
};
@ -437,21 +437,21 @@ in
type = types.listOf types.str;
default = [ ];
example = [ "postgres:9" "redis:*" "mysql:*" ];
description = ''
description = lib.mdDoc ''
Whitelist allowed services.
'';
};
preCloneScript = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
description = lib.mdDoc ''
Runner-specific command script executed before code is pulled.
'';
};
preBuildScript = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
description = lib.mdDoc ''
Runner-specific command script executed after code is pulled,
just before build executes.
'';
@ -459,7 +459,7 @@ in
postBuildScript = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
description = lib.mdDoc ''
Runner-specific command script executed after code is pulled
and just after build executes.
'';
@ -467,22 +467,22 @@ in
tagList = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
description = lib.mdDoc ''
Tag list.
'';
};
runUntagged = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Register to run untagged builds; defaults to
<literal>true</literal> when <option>tagList</option> is empty.
`true` when {option}`tagList` is empty.
'';
};
limit = mkOption {
type = types.int;
default = 0;
description = ''
description = lib.mdDoc ''
Limit how many jobs can be handled concurrently by this service.
0 (default) simply means don't limit.
'';
@ -490,14 +490,14 @@ in
requestConcurrency = mkOption {
type = types.int;
default = 0;
description = ''
description = lib.mdDoc ''
Limit number of concurrent requests for new jobs from GitLab.
'';
};
maximumTimeout = mkOption {
type = types.int;
default = 0;
description = ''
description = lib.mdDoc ''
What is the maximum timeout (in seconds) that will be set for
job when using this Runner. 0 (default) simply means don't limit.
'';
@ -505,7 +505,7 @@ in
protected = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
When set to true Runner will only run on pipelines
triggered on protected branches.
'';
@ -513,9 +513,9 @@ in
debugTraceDisabled = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
When set to true Runner will disable the possibility of
using the <literal>CI_DEBUG_TRACE</literal> feature.
using the `CI_DEBUG_TRACE` feature.
'';
};
};

2
modules/services/hercules-ci-agent/default.nix
View file

@ -17,7 +17,7 @@ in
logFile = mkOption {
type = types.path;
default = "/var/log/hercules-ci-agent.log";
description = "Stdout and sterr of hercules-ci-agent process.";
description = lib.mdDoc "Stdout and sterr of hercules-ci-agent process.";
};
};

70
modules/services/ipfs.nix Normal file
View file

@ -0,0 +1,70 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.ipfs;
in
{
meta.maintainers = [ "jmmaloney4" ];
options.services.ipfs = {
enable = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether to enable the ipfs daemon.";
};
package = mkOption {
type = types.path;
default = pkgs.kubo;
# defaultText = "pkgs.kubo";
description = lib.mdDoc ''
The ipfs package to use.
'';
};
logFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/tmp/lorri.log";
description = lib.mdDoc ''
The logfile to use for the ipfs service. Alternatively
{command}`sudo launchctl debug system/org.nixos.ipfs --stderr`
can be used to stream the logs to a shell after restarting the service with
{command}`sudo launchctl kickstart -k system/org.nixos.ipfs`.
'';
};
ipfsPath = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc "Set the IPFS_PATH environment variable.";
};
enableGarbageCollection = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Passes --enable-gc flag to ipfs daemon.";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.kubo ];
launchd.user.agents.ipfs = {
# command = with pkgs; "${ipfs}/bin/ipfs daemon";
serviceConfig = {
ProgramArguments = [ "${cfg.package}/bin/ipfs" "daemon" ]
++ optionals (cfg.enableGarbageCollection) [ "--enable-gc" ];
KeepAlive = true;
RunAtLoad = true;
ProcessType = "Background";
StandardOutPath = cfg.logFile;
StandardErrorPath = cfg.logFile;
EnvironmentVariables = {} // (optionalAttrs (cfg.ipfsPath != null) { IPFS_PATH = cfg.ipfsPath; });
};
};
};
}

2
modules/services/karabiner-elements/default.nix
View file

@ -10,7 +10,7 @@ in
{
options = {
services.karabiner-elements.enable = mkEnableOption "Karabiner-Elements";
services.karabiner-elements.enable = mkEnableOption (lib.mdDoc "Karabiner-Elements");
};
config = mkIf cfg.enable {

8
modules/services/khd/default.nix
View file

@ -13,27 +13,27 @@ in
services.khd.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the khd hotkey daemon.";
description = lib.mdDoc "Whether to enable the khd hotkey daemon.";
};
services.khd.package = mkOption {
type = types.package;
default = pkgs.khd;
defaultText = "pkgs.khd";
description = "This option specifies the khd package to use.";
description = lib.mdDoc "This option specifies the khd package to use.";
};
services.khd.khdConfig = mkOption {
type = types.lines;
default = "";
example = "alt + shift - r : kwmc quit";
description = "Config to use for <filename>khdrc</filename>.";
description = lib.mdDoc "Config to use for {file}`khdrc`.";
};
services.khd.i3Keybindings = mkOption {
type = types.bool;
default = false;
description = "Wether to configure i3 style keybindings for kwm.";
description = lib.mdDoc "Wether to configure i3 style keybindings for kwm.";
};
};

6
modules/services/kwm/default.nix
View file

@ -11,21 +11,21 @@ in
services.kwm.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the khd window manager.";
description = lib.mdDoc "Whether to enable the khd window manager.";
};
services.kwm.package = mkOption {
type = types.path;
default = pkgs.kwm;
defaultText = "pkgs.kwm";
description = "This option specifies the kwm package to use.";
description = lib.mdDoc "This option specifies the kwm package to use.";
};
services.kwm.kwmConfig = mkOption {
type = types.lines;
default = "";
example = ''kwmc rule owner="iTerm2" properties={role="AXDialog"}'';
description = "Config to use for <filename>kwmrc</filename>.";
description = lib.mdDoc "Config to use for {file}`kwmrc`.";
};
};

8
modules/services/lorri.nix
View file

@ -11,18 +11,18 @@ in
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the lorri service.";
description = lib.mdDoc "Whether to enable the lorri service.";
};
logFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/tmp/lorri.log";
description = ''
description = lib.mdDoc ''
The logfile to use for the lorri service. Alternatively
<command>sudo launchctl debug system/org.nixos.lorri --stderr</command>
{command}`sudo launchctl debug system/org.nixos.lorri --stderr`
can be used to stream the logs to a shell after restarting the service with
<command>sudo launchctl kickstart -k system/org.nixos.lorri</command>.
{command}`sudo launchctl kickstart -k system/org.nixos.lorri`.
'';
};
};

12
modules/services/mail/offlineimap.nix
View file

@ -7,32 +7,32 @@ let
in {
options.services.offlineimap = {
enable = mkEnableOption "Offlineimap, a software to dispose your mailbox(es) as a local Maildir(s).";
enable = mkEnableOption (lib.mdDoc "Offlineimap, a software to dispose your mailbox(es) as a local Maildir(s)");
package = mkOption {
type = types.package;
default = pkgs.offlineimap;
defaultText = "pkgs.offlineimap";
description = "Offlineimap derivation to use.";
description = lib.mdDoc "Offlineimap derivation to use.";
};
path = mkOption {
type = types.listOf types.path;
default = [];
example = literalExpression "[ pkgs.pass pkgs.bash pkgs.notmuch ]";
description = "List of derivations to put in Offlineimap's path.";
description = lib.mdDoc "List of derivations to put in Offlineimap's path.";
};
startInterval = mkOption {
type = types.nullOr types.int;
default = 300;
description = "Optional key to start offlineimap services each N seconds";
description = lib.mdDoc "Optional key to start offlineimap services each N seconds";
};
runQuick = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Run only quick synchronizations.
Ignore any flag updates on IMAP servers. If a flag on the remote IMAP changes, and we have the message locally, it will be left untouched in a quick run.
'';
@ -41,7 +41,7 @@ in {
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Additional text to be appended to <filename>offlineimaprc</filename>.";
description = lib.mdDoc "Additional text to be appended to {file}`offlineimaprc`.";
};
};

10
modules/services/monitoring/telegraf.nix
View file

@ -10,12 +10,12 @@ let
in {
options = {
services.telegraf = {
enable = mkEnableOption "telegraf agent";
enable = mkEnableOption (lib.mdDoc "telegraf agent");
package = mkOption {
default = pkgs.telegraf;
defaultText = lib.literalExpression "pkgs.telegraf";
description = "Which telegraf derivation to use";
description = lib.mdDoc "Which telegraf derivation to use";
type = types.package;
};
@ -23,7 +23,7 @@ in {
type = types.listOf types.path;
default = [ ];
example = [ "/run/keys/telegraf.env" ];
description = ''
description = lib.mdDoc ''
File to load as environment file.
This is useful to avoid putting secrets into the nix store.
'';
@ -31,7 +31,7 @@ in {
extraConfig = mkOption {
default = { };
description = "Extra configuration options for telegraf";
description = lib.mdDoc "Extra configuration options for telegraf";
type = settingsFormat.type;
example = {
outputs.influxdb = {
@ -47,7 +47,7 @@ in {
configUrl = mkOption {
default = null;
description = "Url to fetch config from";
description = lib.mdDoc "Url to fetch config from";
type = types.nullOr types.str;
};
};

8
modules/services/mopidy.nix
View file

@ -11,27 +11,27 @@ in
services.mopidy.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the Mopidy Daemon.";
description = lib.mdDoc "Whether to enable the Mopidy Daemon.";
};
services.mopidy.package = mkOption {
type = types.path;
default = pkgs.mopidy;
defaultText = "pkgs.mopidy";
description = "This option specifies the mopidy package to use.";
description = lib.mdDoc "This option specifies the mopidy package to use.";
};
services.mopidy.mediakeys.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the Mopidy OSX Media Keys support daemon.";
description = lib.mdDoc "Whether to enable the Mopidy OSX Media Keys support daemon.";
};
services.mopidy.mediakeys.package = mkOption {
type = types.path;
default = pkgs.pythonPackages.osxmpdkeys;
defaultText = "pkgs.pythonPackages.osxmpdkeys";
description = "This option specifies the mediakeys package to use.";
description = lib.mdDoc "This option specifies the mediakeys package to use.";
};
};

4
modules/services/netbird.nix
View file

@ -5,12 +5,12 @@ let
in
{
options.services.netbird = {
enable = mkEnableOption "Netbird daemon";
enable = mkEnableOption (lib.mdDoc "Netbird daemon");
package = mkOption {
type = types.package;
default = pkgs.netbird;
defaultText = literalExpression "pkgs.netbird";
description = "The package to use for netbird";
description = lib.mdDoc "The package to use for netbird";
};
};
config = mkIf cfg.enable {

4
modules/services/nextdns/default.nix
View file

@ -13,13 +13,13 @@ in {
type = types.bool;
default = false;
description =
"Whether to enable the NextDNS DNS/53 to DoH Proxy service.";
lib.mdDoc "Whether to enable the NextDNS DNS/53 to DoH Proxy service.";
};
arguments = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "-config" "10.0.3.0/24=abcdef" ];
description = "Additional arguments to be passed to nextdns run.";
description = lib.mdDoc "Additional arguments to be passed to nextdns run.";
};
};
};

12
modules/services/nix-daemon.nix
View file

@ -11,31 +11,31 @@ in
services.nix-daemon.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the nix-daemon service.";
description = lib.mdDoc "Whether to enable the nix-daemon service.";
};
services.nix-daemon.enableSocketListener = mkOption {
type = types.bool;
default = false;
description = "Whether to make the nix-daemon service socket activated.";
description = lib.mdDoc "Whether to make the nix-daemon service socket activated.";
};
services.nix-daemon.logFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/log/nix-daemon.log";
description = ''
description = lib.mdDoc ''
The logfile to use for the nix-daemon service. Alternatively
<command>sudo launchctl debug system/org.nixos.nix-daemon --stderr</command>
{command}`sudo launchctl debug system/org.nixos.nix-daemon --stderr`
can be used to stream the logs to a shell after restarting the service with
<command>sudo launchctl kickstart -k system/org.nixos.nix-daemon</command>.
{command}`sudo launchctl kickstart -k system/org.nixos.nix-daemon`.
'';
};
services.nix-daemon.tempDir = mkOption {
type = types.nullOr types.path;
default = null;
description = "The TMPDIR to use for nix-daemon.";
description = lib.mdDoc "The TMPDIR to use for nix-daemon.";
};
};

14
modules/services/nix-gc/default.nix
View file

@ -11,8 +11,8 @@ in
{
imports = [
(mkRemovedOptionModule [ "nix" "gc" "dates" ] "Use `nix.gc.interval` instead.")
(mkRemovedOptionModule [ "nix" "gc" "randomizedDelaySec" ] "No `nix-darwin` equivilant to this NixOS option.")
(mkRemovedOptionModule [ "nix" "gc" "persistent" ] "No `nix-darwin` equivilant to this NixOS option.")
(mkRemovedOptionModule [ "nix" "gc" "randomizedDelaySec" ] "No `nix-darwin` equivalent to this NixOS option.")
(mkRemovedOptionModule [ "nix" "gc" "persistent" ] "No `nix-darwin` equivalent to this NixOS option.")
];
###### interface
@ -24,28 +24,28 @@ in
automatic = mkOption {
default = false;
type = types.bool;
description = "Automatically run the garbage collector at a specific time.";
description = lib.mdDoc "Automatically run the garbage collector at a specific time.";
};
# Not in NixOS module
user = mkOption {
type = types.nullOr types.str;
default = null;
description = "User that runs the garbage collector.";
description = lib.mdDoc "User that runs the garbage collector.";
};
interval = mkOption {
type = types.attrs;
default = { Hour = 3; Minute = 15; };
description = "The time interval at which the garbage collector will run.";
description = lib.mdDoc "The time interval at which the garbage collector will run.";
};
options = mkOption {
default = "";
example = "--max-freed $((64 * 1024**3))";
type = types.str;
description = ''
Options given to <filename>nix-collect-garbage</filename> when the
description = lib.mdDoc ''
Options given to {file}`nix-collect-garbage` when the
garbage collector is run automatically.
'';
};

8
modules/services/ofborg/default.nix
View file

@ -12,13 +12,13 @@ in
services.ofborg.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the ofborg builder service.";
description = lib.mdDoc "Whether to enable the ofborg builder service.";
};
services.ofborg.package = mkOption {
type = types.package;
example = literalExpression "pkgs.ofborg";
description = ''
description = lib.mdDoc ''
This option specifies the ofborg package to use. eg.
(import &lt;ofborg&gt; {}).ofborg.rs
@ -30,7 +30,7 @@ in
services.ofborg.configFile = mkOption {
type = types.path;
description = ''
description = lib.mdDoc ''
Configuration file to use for ofborg.
WARNING Don't use a path literal or derivation for this,
@ -41,7 +41,7 @@ in
services.ofborg.logFile = mkOption {
type = types.path;
default = "/var/log/ofborg.log";
description = "Whether to enable the khd window manager.";
description = lib.mdDoc "Whether to enable the khd window manager.";
};
};

70
modules/services/postgresql/default.nix
View file

@ -40,12 +40,12 @@ in
services.postgresql = {
enable = mkEnableOption "PostgreSQL Server";
enable = mkEnableOption (lib.mdDoc "PostgreSQL Server");
package = mkOption {
type = types.package;
example = literalExpression "pkgs.postgresql_11";
description = ''
description = lib.mdDoc ''
PostgreSQL package to use.
'';
};
@ -53,7 +53,7 @@ in
port = mkOption {
type = types.int;
default = 5432;
description = ''
description = lib.mdDoc ''
The port on which PostgreSQL listens.
'';
};
@ -61,14 +61,14 @@ in
checkConfig = mkOption {
type = types.bool;
default = true;
description = "Check the syntax of the configuration file at compile time";
description = lib.mdDoc "Check the syntax of the configuration file at compile time";
};
dataDir = mkOption {
type = types.path;
defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.postgresql.package.psqlSchema}"'';
example = "/var/lib/postgresql/11";
description = ''
description = lib.mdDoc ''
The data directory for PostgreSQL. If left as the default value
this directory will automatically be created before the PostgreSQL server starts, otherwise
the sysadmin is responsible for ensuring the directory exists with appropriate ownership
@ -79,16 +79,16 @@ in
authentication = mkOption {
type = types.lines;
default = "";
description = ''
description = lib.mdDoc ''
Defines how users authenticate themselves to the server. See the
<link xlink:href="https://www.postgresql.org/docs/current/auth-pg-hba-conf.html">
PostgreSQL documentation for pg_hba.conf</link>
[
PostgreSQL documentation for pg_hba.conf](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html)
for details on the expected format of this option. By default,
peer based authentication will be used for users connecting
via the Unix socket, and md5 password authentication will be
used for users connecting via TCP. Any added rules will be
inserted above the default rules. If you'd like to replace the
default rules entirely, you can use <function>lib.mkForce</function> in your
default rules entirely, you can use `lib.mkForce` in your
module.
'';
};
@ -96,7 +96,7 @@ in
identMap = mkOption {
type = types.lines;
default = "";
description = ''
description = lib.mdDoc ''
Defines the mapping from system users to database users.
The general form is:
@ -109,8 +109,8 @@ in
type = with types; listOf str;
default = [];
example = [ "--data-checksums" "--allow-group-access" ];
description = ''
Additional arguments passed to <literal>initdb</literal> during data dir
description = lib.mdDoc ''
Additional arguments passed to `initdb` during data dir
initialisation.
'';
};
@ -118,7 +118,7 @@ in
initialScript = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
description = lib.mdDoc ''
A file containing SQL statements to execute on first startup.
'';
};
@ -126,7 +126,7 @@ in
ensureDatabases = mkOption {
type = types.listOf types.str;
default = [];
description = ''
description = lib.mdDoc ''
Ensures that the specified databases exist.
This option will never delete existing databases, especially not when the value of this
option is changed. This means that databases created once through this option or
@ -143,14 +143,14 @@ in
options = {
name = mkOption {
type = types.str;
description = ''
description = lib.mdDoc ''
Name of the user to ensure.
'';
};
ensurePermissions = mkOption {
type = types.attrsOf types.str;
default = {};
description = ''
description = lib.mdDoc ''
Permissions to ensure for the user, specified as an attribute set.
The attribute names specify the database and tables to grant the permissions for.
The attribute values specify the permissions to grant. You may specify one or
@ -158,8 +158,8 @@ in
For more information on how to specify the target
and on which privileges exist, see the
<link xlink:href="https://www.postgresql.org/docs/current/sql-grant.html">GRANT syntax</link>.
The attributes are used as <code>GRANT ''${attrValue} ON ''${attrName}</code>.
[GRANT syntax](https://www.postgresql.org/docs/current/sql-grant.html).
The attributes are used as `GRANT ''${attrValue} ON ''${attrName}`.
'';
example = literalExpression ''
{
@ -171,7 +171,7 @@ in
};
});
default = [];
description = ''
description = lib.mdDoc ''
Ensures that the specified users exist and have at least the ensured permissions.
The PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the
same name only, and that without the need for a password.
@ -200,7 +200,7 @@ in
enableTCPIP = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Whether PostgreSQL should listen on all network interfaces.
If disabled, the database can only be accessed via its Unix
domain socket or via TCP connections to localhost.
@ -211,9 +211,9 @@ in
type = types.str;
default = "[%p] ";
example = "%m [%p] ";
description = ''
description = lib.mdDoc ''
A printf-style string that is output at the beginning of each log line.
Upstream default is <literal>'%m [%p] '</literal>, i.e. it includes the timestamp. We do
Upstream default is `'%m [%p] '`, i.e. it includes the timestamp. We do
not include the timestamp, because journal has it anyway.
'';
};
@ -222,24 +222,26 @@ in
type = types.listOf types.path;
default = [];
example = literalExpression "with pkgs.postgresql_11.pkgs; [ postgis pg_repack ]";
description = ''
description = lib.mdDoc ''
List of PostgreSQL plugins. PostgreSQL version for each plugin should
match version for <literal>services.postgresql.package</literal> value.
match version for `services.postgresql.package` value.
'';
};
settings = mkOption {
type = with types; attrsOf (oneOf [ bool float int str ]);
default = {};
description = ''
description = lib.mdDoc ''
PostgreSQL configuration. Refer to
<link xlink:href="https://www.postgresql.org/docs/11/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE"/>
for an overview of <literal>postgresql.conf</literal>.
<https://www.postgresql.org/docs/11/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE>
for an overview of `postgresql.conf`.
<note><para>
String values will automatically be enclosed in single quotes. Single quotes will be
escaped with two single quotes as described by the upstream documentation linked above.
</para></note>
::: {.note}
String values will automatically be enclosed in single quotes. Single quotes will be
escaped with two single quotes as described by the upstream documentation linked above.
:::
'';
example = literalExpression ''
{
@ -255,8 +257,8 @@ in
recoveryConfig = mkOption {
type = types.nullOr types.lines;
default = null;
description = ''
Contents of the <filename>recovery.conf</filename> file.
description = lib.mdDoc ''
Contents of the {file}`recovery.conf` file.
'';
};
@ -265,7 +267,7 @@ in
default = "postgres";
internal = true;
readOnly = true;
description = ''
description = lib.mdDoc ''
PostgreSQL superuser account to use for various operations. Internal since changing
this value would lead to breakage while setting up databases.
'';

12
modules/services/privoxy/default.nix
View file

@ -10,40 +10,40 @@ in
services.privoxy.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the privoxy proxy service.";
description = lib.mdDoc "Whether to enable the privoxy proxy service.";
};
services.privoxy.listenAddress = mkOption {
type = types.str;
default = "127.0.0.1:8118";
description = "The address and TCP port on which privoxy will listen.";
description = lib.mdDoc "The address and TCP port on which privoxy will listen.";
};
services.privoxy.package = mkOption {
type = types.package;
default = pkgs.privoxy;
example = literalExpression "pkgs.privoxy";
description = "This option specifies the privoxy package to use.";
description = lib.mdDoc "This option specifies the privoxy package to use.";
};
services.privoxy.config = mkOption {
type = types.lines;
default = "";
example = "forward / upstream.proxy:8080";
description = "Config to use for privoxy";
description = lib.mdDoc "Config to use for privoxy";
};
services.privoxy.templdir = mkOption {
type = types.path;
default = "${pkgs.privoxy}/etc/templates";
defaultText = "\${pkgs.privoxy}/etc/templates";
description = "Directory for privoxy template files.";
description = lib.mdDoc "Directory for privoxy template files.";
};
services.privoxy.confdir = mkOption {
type = types.nullOr types.path;
default = null;
description = "Directory for privoxy files such as .action and .filter.";
description = lib.mdDoc "Directory for privoxy files such as .action and .filter.";
};
};

16
modules/services/redis/default.nix
View file

@ -11,52 +11,52 @@ in
services.redis.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the redis database service.";
description = lib.mdDoc "Whether to enable the redis database service.";
};
services.redis.package = mkOption {
type = types.path;
default = pkgs.redis;
defaultText = "pkgs.redis";
description = "This option specifies the redis package to use";
description = lib.mdDoc "This option specifies the redis package to use";
};
services.redis.dataDir = mkOption {
type = types.nullOr types.path;
default = "/var/lib/redis";
description = "Data directory for the redis database.";
description = lib.mdDoc "Data directory for the redis database.";
};
services.redis.port = mkOption {
type = types.int;
default = 6379;
description = "The port for Redis to listen to.";
description = lib.mdDoc "The port for Redis to listen to.";
};
services.redis.bind = mkOption {
type = types.nullOr types.str;
default = null; # All interfaces
description = "The IP interface to bind to.";
description = lib.mdDoc "The IP interface to bind to.";
example = "127.0.0.1";
};
services.redis.unixSocket = mkOption {
type = types.nullOr types.path;
default = null;
description = "The path to the socket to bind to.";
description = lib.mdDoc "The path to the socket to bind to.";
example = "/var/run/redis.sock";
};
services.redis.appendOnly = mkOption {
type = types.bool;
default = false;
description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
description = lib.mdDoc "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
};
services.redis.extraConfig = mkOption {
type = types.lines;
default = "";
description = "Additional text to be appended to <filename>redis.conf</filename>.";
description = lib.mdDoc "Additional text to be appended to {file}`redis.conf`.";
};
};

6
modules/services/skhd/default.nix
View file

@ -11,20 +11,20 @@ in
services.skhd.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the skhd hotkey daemon.";
description = lib.mdDoc "Whether to enable the skhd hotkey daemon.";
};
services.skhd.package = mkOption {
type = types.package;
default = pkgs.skhd;
description = "This option specifies the skhd package to use.";
description = lib.mdDoc "This option specifies the skhd package to use.";
};
services.skhd.skhdConfig = mkOption {
type = types.lines;
default = "";
example = "alt + shift - r : chunkc quit";
description = "Config to use for <filename>skhdrc</filename>.";
description = lib.mdDoc "Config to use for {file}`skhdrc`.";
};
};

8
modules/services/spacebar/default.nix
View file

@ -22,12 +22,12 @@ in
services.spacebar.enable = mkOption {
type = bool;
default = false;
description = "Whether to enable the spacebar spacebar.";
description = lib.mdDoc "Whether to enable the spacebar spacebar.";
};
services.spacebar.package = mkOption {
type = path;
description = "The spacebar package to use.";
description = lib.mdDoc "The spacebar package to use.";
};
services.spacebar.config = mkOption {
@ -40,7 +40,7 @@ in
foreground_color = "0xffa8a8a8";
}
'';
description = ''
description = lib.mdDoc ''
Key/Value pairs to pass to spacebar's 'config' domain, via the configuration file.
'';
};
@ -51,7 +51,7 @@ in
example = literalExpression ''
echo "spacebar config loaded..."
'';
description = ''
description = lib.mdDoc ''
Extra arbitrary configuration to append to the configuration file.
'';
};

8
modules/services/spotifyd.nix
View file

@ -19,7 +19,7 @@ in
enable = mkOption {
type = types.bool;
default = false;
description = ''
description = lib.mdDoc ''
Whether to enable the spotifyd service.
'';
};
@ -28,7 +28,7 @@ in
type = types.path;
default = pkgs.spotifyd;
defaultText = "pkgs.spotifyd";
description = ''
description = lib.mdDoc ''
The spotifyd package to use.
'';
};
@ -40,8 +40,8 @@ in
bitrate = 160;
volume_normalisation = true;
};
description = ''
Configuration for spotifyd, see <link xlink:href="https://spotifyd.github.io/spotifyd/config/File.html" />
description = lib.mdDoc ''
Configuration for spotifyd, see <https://spotifyd.github.io/spotifyd/config/File.html>
for supported values.
'';
};

10
modules/services/synapse-bt.nix
View file

@ -26,32 +26,32 @@ in
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to run Synapse BitTorrent Daemon.";
description = lib.mdDoc "Whether to run Synapse BitTorrent Daemon.";
};
package = mkOption {
type = types.package;
default = pkgs.synapse-bt;
defaultText = "pkgs.synapse-bt";
description = "Synapse BitTorrent package to use.";
description = lib.mdDoc "Synapse BitTorrent package to use.";
};
port = mkOption {
type = types.int;
default = 16384;
description = "The port on which Synapse BitTorrent listens.";
description = lib.mdDoc "The port on which Synapse BitTorrent listens.";
};
downloadDir = mkOption {
type = types.path;
default = "/var/lib/synapse-bt";
example = "/var/lib/synapse-bt/downloads";
description = "Download directory for Synapse BitTorrent.";
description = lib.mdDoc "Download directory for Synapse BitTorrent.";
};
extraConfig = mkOption {
default = {};
description = "Extra configuration options for Synapse BitTorrent.";
description = lib.mdDoc "Extra configuration options for Synapse BitTorrent.";
type = types.attrs;
};
};

34
modules/services/synergy/default.nix
View file

@ -16,28 +16,28 @@ in
default = pkgs.synergy;
defaultText = "pkgs.synergy";
type = types.package;
description = "The package used for the synergy client and server.";
description = lib.mdDoc "The package used for the synergy client and server.";
};
client = {
enable = mkOption {
default = false;
type = types.bool;
description = "
description = lib.mdDoc ''
Whether to enable the Synergy client (receive keyboard and mouse events from a Synergy server).
";
'';
};
screenName = mkOption {
default = "";
type = types.str;
description = ''
description = lib.mdDoc ''
Use the given name instead of the hostname to identify
ourselves to the server.
'';
};
serverAddress = mkOption {
type = types.str;
description = ''
description = lib.mdDoc ''
The server address is of the form: [hostname][:port]. The
hostname must be the address or hostname of the server. The
port overrides the default port, 24800.
@ -46,21 +46,21 @@ in
autoStart = mkOption {
default = true;
type = types.bool;
description = "Whether the Synergy client should be started automatically.";
description = lib.mdDoc "Whether the Synergy client should be started automatically.";
};
tls = {
enable = mkEnableOption ''
enable = mkEnableOption (lib.mdDoc ''
Whether TLS encryption should be used.
Using this requires a TLS certificate that can be
generated by starting the Synergy GUI once and entering
a valid product key.
'';
'');
cert = mkOption {
type = types.nullOr types.str;
default = null;
example = "~/.synergy/SSL/Synergy.pem";
description = "The TLS certificate to use for encryption.";
description = lib.mdDoc "The TLS certificate to use for encryption.";
};
};
};
@ -69,19 +69,19 @@ in
enable = mkOption {
default = false;
type = types.bool;
description = ''
description = lib.mdDoc ''
Whether to enable the Synergy server (send keyboard and mouse events).
'';
};
configFile = mkOption {
default = "/etc/synergy-server.conf";
type = types.str;
description = "The Synergy server configuration file.";
description = lib.mdDoc "The Synergy server configuration file.";
};
screenName = mkOption {
default = "";
type = types.str;
description = ''
description = lib.mdDoc ''
Use the given name instead of the hostname to identify
this screen in the configuration.
'';
@ -89,26 +89,26 @@ in
address = mkOption {
default = "";
type = types.str;
description = "Address on which to listen for clients.";
description = lib.mdDoc "Address on which to listen for clients.";
};
autoStart = mkOption {
default = true;
type = types.bool;
description = "Whether the Synergy server should be started automatically.";
description = lib.mdDoc "Whether the Synergy server should be started automatically.";
};
tls = {
enable = mkEnableOption ''
enable = mkEnableOption (lib.mdDoc ''
Whether TLS encryption should be used.
Using this requires a TLS certificate that can be
generated by starting the Synergy GUI once and entering
a valid product key.
'';
'');
cert = mkOption {
type = types.nullOr types.str;
default = null;
example = "~/.synergy/SSL/Synergy.pem";
description = "The TLS certificate to use for encryption.";
description = lib.mdDoc "The TLS certificate to use for encryption.";
};
};
};

66
modules/services/tailscale.nix
View file

@ -7,37 +7,47 @@ let
in
{
options.services.tailscale = {
domain = mkOption {
type = types.str;
default = "";
description = "The Tailscale domain. This is displayed at the top left of https://login.tailscale.com/admin, next to the Tailscale logo.";
};
imports = [
(mkRemovedOptionModule [ "services" "tailscale" "domain" ] "Tailscale no longer requires setting the search domain manually.")
(mkRemovedOptionModule [ "services" "tailscale" "magicDNS" ] "MagicDNS no longer requires overriding the DNS servers, if this is necessary you can use `services.tailscale.overrideLocalDns`.")
];
enable = mkEnableOption "Tailscale client daemon";
options.services.tailscale = {
enable = mkEnableOption (lib.mdDoc "Tailscale client daemon");
package = mkOption {
type = types.package;
default = pkgs.tailscale;
defaultText = literalExpression "pkgs.tailscale";
description = "The package to use for tailscale";
description = lib.mdDoc "The package to use for tailscale";
};
magicDNS = {
enable = mkEnableOption "Whether to configure networking to work with Tailscale's MagicDNS.";
overrideLocalDns = mkOption {
type = types.bool;
default = false;
example = true;
description = lib.mdDoc ''
This option implements `Override local DNS` as it is not yet implemented in Tailscaled-on-macOS.
To use this option, in the Tailscale control panel:
1. at least one DNS server is added
2. `Override local DNS` is enabled
As this option sets 100.100.100.100 as your sole DNS server, if the requirements above are not met,
all non-MagicDNS queries WILL fail.
'';
};
};
config = mkIf cfg.enable {
assertions = [ {
assertion = !cfg.magicDNS.enable || config.networking.dns != [ "100.100.100.100" ];
assertions = [{
assertion = !cfg.overrideLocalDns || config.networking.dns == [ "100.100.100.100" ];
message = ''
When MagicDNS is enabled, fallback DNS servers need to be set with `networking.dns`.
DNS servers should be configured on the Tailscale control panel when `services.tailscale.overrideLocalDns` is enabled.
Otherwise, Tailscale will take a long time to connect and all DNS queries
will fail until Tailscale has connected.
A race condition can occur when DNS servers are set locally, leading to MagicDNS to not work.
'';
} ];
}];
environment.systemPackages = [ cfg.package ];
@ -54,13 +64,21 @@ in
};
};
networking = mkIf cfg.magicDNS.enable {
dns = [ "100.100.100.100" ];
search =
if cfg.domain == "" then
[ ]
else
[ "${cfg.domain}.beta.tailscale.net" ];
};
networking.dns = mkIf cfg.overrideLocalDns [ "100.100.100.100" ];
# Ensures Tailscale MagicDNS always works even without adding 100.100.100.100 to DNS servers
environment.etc."resolver/ts.net".text = "nameserver 100.100.100.100";
# This file gets created by tailscaled when `Override local DNS` is turned off
environment.etc."resolver/ts.net".knownSha256Hashes = [
"2c28f4fe3b4a958cd86b120e7eb799eee6976daa35b228c885f0630c55ef626c"
];
# Cleaning up the .before-nix-darwin file is necessary as any files in /etc/resolver will be used.
system.activationScripts.etc.text = mkAfter ''
if [ -e /etc/resolver/ts.net.before-nix-darwin ]; then
rm /etc/resolver/ts.net.before-nix-darwin
fi
'';
};
}

43
modules/services/wg-quick.nix
View file

@ -10,31 +10,32 @@ let
allowedIPs = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of IP addresses associated with this peer.";
description = lib.mdDoc "List of IP addresses associated with this peer.";
};
endpoint = mkOption {
type = types.nullOr types.str;
default = null;
description = "IP and port to connect to this peer at.";
description = lib.mdDoc "IP and port to connect to this peer at.";
};
persistentKeepalive = mkOption {
type = types.nullOr types.int;
default = null;
description = "Interval in seconds to send keepalive packets";
description = lib.mdDoc "Interval in seconds to send keepalive packets";
};
presharedKeyFile = mkOption {
type = types.nullOr types.str;
default = null;
description =
"Optional, path to file containing the pre-shared key for this peer.";
lib.mdDoc "Optional, path to file containing the pre-shared key for this peer.";
};
publicKey = mkOption {
default = null;
type = types.str;
description = lib.mdDoc "The public key for this peer.";
};
};
};
@ -44,76 +45,80 @@ let
address = mkOption {
type = types.nullOr (types.listOf types.str);
default = [ ];
description = "List of IP addresses for this interface.";
description = lib.mdDoc "List of IP addresses for this interface.";
};
autostart = mkOption {
type = types.bool;
default = true;
description =
"Whether to bring up this interface automatically during boot.";
lib.mdDoc "Whether to bring up this interface automatically during boot.";
};
dns = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of DNS servers for this interface.";
description = lib.mdDoc "List of DNS servers for this interface.";
};
listenPort = mkOption {
type = types.nullOr types.int;
default = null;
description = "Port to listen on, randomly selected if not specified.";
description = lib.mdDoc "Port to listen on, randomly selected if not specified.";
};
mtu = mkOption {
type = types.nullOr types.int;
default = null;
description =
"MTU to set for this interface, automatically set if not specified";
lib.mdDoc "MTU to set for this interface, automatically set if not specified";
};
peers = mkOption {
type = types.listOf (types.submodule peerOpts);
default = [ ];
description = "List of peers associated with this interface.";
description = lib.mdDoc "List of peers associated with this interface.";
};
preDown = mkOption {
type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
default = "";
description = "List of commadns to run before interface shutdown.";
description = lib.mdDoc "List of commadns to run before interface shutdown.";
};
preUp = mkOption {
type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
default = "";
description = "List of commands to run before interface setup.";
description = lib.mdDoc "List of commands to run before interface setup.";
};
postDown = mkOption {
type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
default = "";
description = "List of commands to run after interface shutdown";
description = lib.mdDoc "List of commands to run after interface shutdown";
};
postUp = mkOption {
type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
default = "";
description = "List of commands to run after interface setup.";
description = lib.mdDoc "List of commands to run after interface setup.";
};
privateKeyFile = mkOption {
type = types.str;
default = null;
description = "Path to file containing this interface's private key.";
description = lib.mdDoc "Path to file containing this interface's private key.";
};
table = mkOption {
type = types.nullOr types.str;
default = null;
description =
"Controls the routing table to which routes are added. There are two special values: `off' disables the creation of routes altogether, and `auto' (the default) adds routes to the default table and enables special handling of default routes.";
description = lib.mdDoc ''
Controls the routing table to which routes are added. There are two
special values: `off` disables the creation of routes altogether,
and `auto` (the default) adds routes to the default table and
enables special handling of default routes.
'';
};
};
};
@ -203,13 +208,13 @@ in {
interfaces = mkOption {
type = types.attrsOf (types.submodule interfaceOpts);
default = { };
description = "Set of wg-quick interfaces.";
description = lib.mdDoc "Set of wg-quick interfaces.";
};
logDir = mkOption {
type = types.str;
default = "/var/log";
description = "Directory to save wg-quick logs to.";
description = lib.mdDoc "Directory to save wg-quick logs to.";
};
};
};

12
modules/services/yabai/default.nix
View file

@ -22,19 +22,19 @@ in
services.yabai.enable = mkOption {
type = bool;
default = false;
description = "Whether to enable the yabai window manager.";
description = lib.mdDoc "Whether to enable the yabai window manager.";
};
services.yabai.package = mkOption {
type = path;
default = pkgs.yabai;
description = "The yabai package to use.";
description = lib.mdDoc "The yabai package to use.";
};
services.yabai.enableScriptingAddition = mkOption {
type = bool;
default = false;
description = ''
description = lib.mdDoc ''
Whether to enable yabai's scripting-addition.
SIP must be disabled for this to work.
'';
@ -56,18 +56,18 @@ in
window_gap = 10;
}
'';
description = ''
description = lib.mdDoc ''
Key/Value pairs to pass to yabai's 'config' domain, via the configuration file.
'';
};
services.yabai.extraConfig = mkOption {
type = str;
type = lines;
default = "";
example = literalExpression ''
yabai -m rule --add app='System Preferences' manage=off
'';
description = "Extra arbitrary configuration to append to the configuration file";
description = lib.mdDoc "Extra arbitrary configuration to append to the configuration file";
};
};

14
modules/system/activation-scripts.nix
View file

@ -22,12 +22,12 @@ in
internal = true;
type = types.attrsOf (types.submodule script);
default = {};
description = ''
description = lib.mdDoc ''
A set of shell script fragments that are executed when a NixOS
system configuration is activated. Examples are updating
/etc, creating accounts, and so on. Since these are executed
every time you boot the system or run
<command>nixos-rebuild</command>, it's important that they are
{command}`nixos-rebuild`, it's important that they are
idempotent and fast.
'';
};
@ -52,6 +52,9 @@ in
${cfg.activationScripts.preActivation.text}
# We run `etcChecks` again just in case someone runs `activate`
# directly without `activate-user`.
${cfg.activationScripts.etcChecks.text}
${cfg.activationScripts.extraActivation.text}
${cfg.activationScripts.groups.text}
${cfg.activationScripts.users.text}
@ -69,11 +72,6 @@ in
${cfg.activationScripts.postActivation.text}
# Ensure /run exists.
if [ ! -e /run ]; then
ln -sfn private/var/run /run
fi
# Make this configuration the current configuration.
# The readlink is there to ensure that when $systemConfig = /system
# (which is a symlink to the store), /run/current-system is still
@ -102,7 +100,9 @@ in
${cfg.activationScripts.preUserActivation.text}
${cfg.activationScripts.createRun.text}
${cfg.activationScripts.checks.text}
${cfg.activationScripts.etcChecks.text}
${cfg.activationScripts.extraUserActivation.text}
${cfg.activationScripts.userDefaults.text}
${cfg.activationScripts.userLaunchd.text}

24
modules/system/base.nix Normal file
View file

@ -0,0 +1,24 @@
{ ... }:
{
system.activationScripts.createRun.text = ''
if ! test -L /run; then
if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then
echo "setting up /run via /etc/synthetic.conf..."
echo -e "run\tprivate/var/run" | sudo tee -a /etc/synthetic.conf >/dev/null
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
if ! test -L /run; then
echo "warning: apfs.util failed to symlink /run"
fi
fi
if ! test -L /run; then
echo "setting up /run..."
sudo ln -sfn private/var/run /run
fi
if ! test -L /run; then
echo "warning: failed to symlink /run"
fi
fi
'';
}

28
modules/system/checks.nix
View file

@ -28,8 +28,8 @@ let
if test -e /etc/synthetic.conf; then
echo >&2
echo "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf" >&2
echo "$ /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina" >&2
echo "$ /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later" >&2
echo "$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina" >&2
echo "$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later" >&2
echo >&2
echo "The current contents of /etc/synthetic.conf is:" >&2
echo >&2
@ -48,11 +48,7 @@ let
if dscl . -list /Users | grep -q '^nixbld'; then
echo "warning: Detected old style nixbld users" >&2
echo "These can cause migration problems when upgrading to certain macOS versions" >&2
echo "Running the installer again will remove and recreate the users in a way that avoids these problems" >&2
echo >&2
echo "$ darwin-install" >&2
echo >&2
echo "or enable to automatically manage the users" >&2
echo "You can enable the following option to migrate to new style nixbld users" >&2
echo >&2
echo " nix.configureBuildUsers = true;" >&2
echo >&2
@ -202,7 +198,19 @@ in
system.checks.verifyNixPath = mkOption {
type = types.bool;
default = true;
description = "Whether to run the NIX_PATH validation checks.";
description = lib.mdDoc "Whether to run the NIX_PATH validation checks.";
};
system.checks.verifyNixChannels = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc "Whether to run the nix-channels validation checks.";
};
system.checks.verifyBuildUsers = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc "Whether to run the Nix build users validation checks.";
};
system.checks.text = mkOption {
@ -218,11 +226,11 @@ in
darwinChanges
runLink
oldBuildUsers
(mkIf config.nix.useDaemon buildUsers)
(mkIf (config.nix.useDaemon && cfg.verifyBuildUsers) buildUsers)
(mkIf (!config.nix.useDaemon) singleUser)
nixStore
(mkIf (config.nix.gc.automatic && config.nix.gc.user == null) nixGarbageCollector)
nixChannels
(mkIf cfg.verifyNixChannels nixChannels)
nixInstaller
(mkIf cfg.verifyNixPath nixPath)
];

34
modules/system/default.nix
View file

@ -22,7 +22,7 @@ in
internal = true;
type = types.attrsOf types.unspecified;
default = {};
description = ''
description = lib.mdDoc ''
Attribute set of derivation used to setup the system.
'';
};
@ -30,7 +30,7 @@ in
system.path = mkOption {
internal = true;
type = types.package;
description = ''
description = lib.mdDoc ''
The packages you want in the system environment.
'';
};
@ -38,17 +38,35 @@ in
system.profile = mkOption {
type = types.path;
default = "/nix/var/nix/profiles/system";
description = ''
description = lib.mdDoc ''
Profile to use for the system.
'';
};
system.systemBuilderCommands = mkOption {
internal = true;
type = types.lines;
default = "";
description = ''
This code will be added to the builder creating the system store path.
'';
};
system.systemBuilderArgs = mkOption {
internal = true;
type = types.attrsOf types.unspecified;
default = {};
description = lib.mdDoc ''
`lib.mkDerivation` attributes that will be passed to the top level system builder.
'';
};
assertions = mkOption {
type = types.listOf types.unspecified;
internal = true;
default = [];
example = [ { assertion = false; message = "you can't enable this for that reason"; } ];
description = ''
description = lib.mdDoc ''
This option allows modules to express conditions that must
hold for the evaluation of the system configuration to
succeed, along with associated error messages for the user.
@ -60,7 +78,7 @@ in
default = [];
type = types.listOf types.str;
example = [ "The `foo' service is deprecated and will go away soon!" ];
description = ''
description = lib.mdDoc ''
This option allows modules to show warnings to users during
the evaluation of the system configuration.
'';
@ -70,7 +88,7 @@ in
config = {
system.build.toplevel = throwAssertions (showWarnings (stdenvNoCC.mkDerivation {
system.build.toplevel = throwAssertions (showWarnings (stdenvNoCC.mkDerivation ({
name = "darwin-system-${cfg.darwinLabel}";
preferLocalBuild = true;
@ -113,8 +131,10 @@ in
echo -n "$darwinLabel" > $out/darwin-version
echo -n "$system" > $out/system
${cfg.systemBuilderCommands}
'';
}));
} // cfg.systemBuilderArgs)));
};
}

1
modules/system/defaults-write.nix
View file

@ -12,6 +12,7 @@ let
if isInt value then "-int ${toString value}" else
if isFloat value then "-float ${strings.floatToString value}" else
if isString value then "-string '${value}'" else
if isList value then "-array ${concatStringsSep " " (map (v: writeValue v)value)}" else
throw "invalid value type";
writeDefault = domain: key: value:

40
modules/system/defaults/ActivityMonitor.nix
View file

@ -7,17 +7,17 @@ with lib;
system.defaults.ActivityMonitor.ShowCategory = mkOption {
type = types.nullOr (types.enum [100 101 102 103 104 105 106 107]);
default = 100;
description = ''
default = null;
description = lib.mdDoc ''
Change which processes to show.
100: All Processes
101: All Processes, Hierarchally
102: My Processes
103: System Processes
104: Other User Processes
105: Active Processes
106: Inactive Processes
107: Windowed Processes
* 100: All Processes
* 101: All Processes, Hierarchally
* 102: My Processes
* 103: System Processes
* 104: Other User Processes
* 105: Active Processes
* 106: Inactive Processes
* 107: Windowed Processes
Default is 100.
'';
};
@ -25,13 +25,13 @@ with lib;
system.defaults.ActivityMonitor.IconType = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
Change the icon in the dock when running.
0: Application Icon
2: Network Usage
3: Disk Activity
5: CPU Usage
6: CPU History
* 0: Application Icon
* 2: Network Usage
* 3: Disk Activity
* 5: CPU Usage
* 6: CPU History
Default is null.
'';
};
@ -39,7 +39,7 @@ with lib;
system.defaults.ActivityMonitor.SortColumn = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
description = lib.mdDoc ''
Which column to sort the main activity page (such as "CPUUsage"). Default is null.
'';
};
@ -47,15 +47,15 @@ with lib;
system.defaults.ActivityMonitor.SortDirection = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
description = lib.mdDoc ''
The sort direction of the sort column (0 is decending). Default is null.
'';
};
system.defaults.ActivityMonitor.OpenMainWindow = mkOption {
type = types.nullOr types.bool;
default = true;
description = ''
default = null;
description = lib.mdDoc ''
Open the main window when opening Activity Monitor. Default is true.
'';
};

4
modules/system/defaults/CustomPreferences.nix
View file

@ -14,7 +14,7 @@ with lib;
true;
};
};
description = ''
description = lib.mdDoc ''
Sets custom user preferences
'';
};
@ -29,7 +29,7 @@ with lib;
true;
};
};
description = ''
description = lib.mdDoc ''
Sets custom system preferences
'';
};

Some files were not shown because too many files have changed in this diff Show more