tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-10 01:33:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into staging-next

Browse source
This commit is contained in:
K900 2025-10-05 12:17:08 +03:00
parent 10ceb7bbdf aee3f2ec9e
commit e93c560b79
1577 changed files with 2261 additions and 2253 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.git-blame-ignore-revs
View file

@ -295,3 +295,8 @@ b1c5cd3e794cdf89daa5e4f0086274a416a1cded
#nixos/nextcloud: remove with lib usage #nixos/nextcloud: remove with lib usage
b6088b0d8e13e8d18464d78935f0130052784658 b6088b0d8e13e8d18464d78935f0130052784658
f7611cad5154a9096faa26d156a4079577bfae17 f7611cad5154a9096faa26d156a4079577bfae17
# nixf-diagnose
90e7159c559021ac4f4cc1222000f08a91feff69 # !autorebase nix-shell --run treefmt
c283f32d296564fd649ef3ed268c1f1f7b199c49 # !autorebase nix-shell --run treefmt
91a8fee3aaf79348aa2dc1552a29fc1b786c5133 # !autorebase nix-shell --run treefmt

26
ci/default.nix
View file

@ -87,6 +87,32 @@ let
"pkgs/development/haskell-modules/configuration-hackage2nix/transitive-broken.yaml" "pkgs/development/haskell-modules/configuration-hackage2nix/transitive-broken.yaml"
]; ];
programs.nixf-diagnose.enable = true;
settings.formatter.nixf-diagnose = {
# Ensure nixfmt cleans up after nixf-diagnose.
priority = -1;
options = [
"--auto-fix"
# Rule names can currently be looked up here:
# https://github.com/nix-community/nixd/blob/main/libnixf/src/Basic/diagnostic.py
# TODO: Remove the following and fix things.
"--ignore=sema-unused-def-lambda-noarg-formal"
"--ignore=sema-unused-def-lambda-witharg-arg"
"--ignore=sema-unused-def-lambda-witharg-formal"
"--ignore=sema-unused-def-let"
# Keep this rule, because we have `lib.or`.
"--ignore=or-identifier"
];
excludes = [
# Auto-generated; violates sema-extra-with
# Can only sensibly be removed when --auto-fix supports multiple fixes at once:
# https://github.com/inclyc/nixf-diagnose/issues/13
"pkgs/servers/home-assistant/component-packages.nix"
# https://github.com/nix-community/nixd/issues/708
"nixos/maintainers/scripts/azure-new/examples/basic/system.nix"
];
};
settings.formatter.editorconfig-checker = { settings.formatter.editorconfig-checker = {
command = "${pkgs.lib.getExe pkgs.editorconfig-checker}"; command = "${pkgs.lib.getExe pkgs.editorconfig-checker}";
options = [ "-disable-indent-size" ]; options = [ "-disable-indent-size" ];

2
doc/doc-support/package.nix
View file

@ -35,7 +35,7 @@ stdenvNoCC.mkDerivation (
decl: decl:
let let
declStr = toString decl; declStr = toString decl;
root = toString (../..); root = toString ../..;
subpath = lib.removePrefix "/" (lib.removePrefix root declStr); subpath = lib.removePrefix "/" (lib.removePrefix root declStr);
in in
if lib.hasPrefix root declStr then if lib.hasPrefix root declStr then

2
lib/customisation.nix
View file

@ -396,7 +396,7 @@ rec {
outputs = drv.outputs or [ "out" ]; outputs = drv.outputs or [ "out" ];
commonAttrs = commonAttrs =
drv // (listToAttrs outputsList) // ({ all = map (x: x.value) outputsList; }) // passthru; drv // (listToAttrs outputsList) // { all = map (x: x.value) outputsList; } // passthru;
outputToAttrListElement = outputName: { outputToAttrListElement = outputName: {
name = outputName; name = outputName;

12
lib/tests/modules/composed-types-valueMeta.nix
View file

@ -26,29 +26,29 @@ in
{ {
imports = [ imports = [
# Module A # Module A
({ {
options.attrsOfModule = attrsOfModule; options.attrsOfModule = attrsOfModule;
options.mergedAttrsOfModule = attrsOfModule; options.mergedAttrsOfModule = attrsOfModule;
options.listOfModule = listOfModule; options.listOfModule = listOfModule;
options.mergedListOfModule = listOfModule; options.mergedListOfModule = listOfModule;
}) }
# Module B # Module B
({ {
options.mergedAttrsOfModule = attrsOfModule; options.mergedAttrsOfModule = attrsOfModule;
options.mergedListOfModule = listOfModule; options.mergedListOfModule = listOfModule;
}) }
# Values # Values
# It is important that the value is defined in a separate module # It is important that the value is defined in a separate module
# Without valueMeta the actual value and sub-options wouldn't be accessible via: # Without valueMeta the actual value and sub-options wouldn't be accessible via:
# options.attrsOfModule.type.getSubOptions # options.attrsOfModule.type.getSubOptions
({ {
attrsOfModule = { attrsOfModule = {
foo.bar = 42; foo.bar = 42;
}; };
mergedAttrsOfModule = { mergedAttrsOfModule = {
foo.bar = 42; foo.bar = 42;
}; };
}) }
( (
{ options, ... }: { options, ... }:
{ {

4
lib/tests/modules/freeform-attrsof-either.nix
View file

@ -4,9 +4,9 @@ let
in in
{ {
options.number = mkOption { options.number = mkOption {
type = types.submodule ({ type = types.submodule {
freeformType = types.attrsOf (types.either types.int types.int); freeformType = types.attrsOf (types.either types.int types.int);
}); };
default = { default = {
int = 42; int = 42;
}; # should not emit a warning }; # should not emit a warning

16
lib/tests/modules/freeform-deprecated-malicous.nix
View file

@ -4,31 +4,31 @@ let
in in
{ {
options.either = mkOption { options.either = mkOption {
type = types.submodule ({ type = types.submodule {
freeformType = (types.either types.int types.int); freeformType = (types.either types.int types.int);
}); };
}; };
options.eitherBehindNullor = mkOption { options.eitherBehindNullor = mkOption {
type = types.submodule ({ type = types.submodule {
freeformType = types.nullOr (types.either types.int types.int); freeformType = types.nullOr (types.either types.int types.int);
}); };
}; };
options.oneOf = mkOption { options.oneOf = mkOption {
type = types.submodule ({ type = types.submodule {
freeformType = ( freeformType = (
types.oneOf [ types.oneOf [
types.int types.int
types.int types.int
] ]
); );
}); };
}; };
options.number = mkOption { options.number = mkOption {
type = types.submodule ({ type = types.submodule {
freeformType = (types.number); # either int float freeformType = (types.number); # either int float
}); };
}; };
} }

2
lib/tests/modules/functionTo/submodule-options.nix
View file

@ -56,7 +56,7 @@ in
default = lib.concatStringsSep " " ( default = lib.concatStringsSep " " (
lib.concatLists ( lib.concatLists (
lib.mapAttrsToList (k: v: if k == "_module" then [ ] else [ (lib.showOption v.loc) ]) ( lib.mapAttrsToList (k: v: if k == "_module" then [ ] else [ (lib.showOption v.loc) ]) (
(options.fun.type.getSubOptions [ "fun" ]) options.fun.type.getSubOptions [ "fun" ]
) )
) )
); );

4
lib/tests/systems.nix
View file

@ -157,9 +157,7 @@ lib.runTests (
"x86_64-genode" "x86_64-genode"
]; ];
testredox = mseteq redox [ "x86_64-redox" ]; testredox = mseteq redox [ "x86_64-redox" ];
testgnu = mseteq gnu ( testgnu = mseteq gnu linux; # ++ kfreebsd ++ ...
linux # ++ kfreebsd ++ ...
);
testillumos = mseteq illumos [ "x86_64-solaris" ]; testillumos = mseteq illumos [ "x86_64-solaris" ];
testlinux = mseteq linux [ testlinux = mseteq linux [
"aarch64-linux" "aarch64-linux"

4
nixos/lib/eval-config.nix
View file

@ -104,7 +104,7 @@ let
in in
locatedModules ++ legacyModules; locatedModules ++ legacyModules;
noUserModules = evalModulesMinimal ({ noUserModules = evalModulesMinimal {
inherit prefix specialArgs; inherit prefix specialArgs;
modules = modules =
baseModules baseModules
@ -113,7 +113,7 @@ let
pkgsModule pkgsModule
modulesModule modulesModule
]; ];
}); };
# Extra arguments that are useful for constructing a similar configuration. # Extra arguments that are useful for constructing a similar configuration.
modulesModule = { modulesModule = {

5
nixos/lib/systemd-lib.nix
View file

@ -370,12 +370,13 @@ rec {
}: }:
let let
typeDir = typeDir =
({ {
system = "system"; system = "system";
initrd = "system"; initrd = "system";
user = "user"; user = "user";
nspawn = "nspawn"; nspawn = "nspawn";
}).${type}; }
.${type};
in in
pkgs.runCommand "${type}-units" pkgs.runCommand "${type}-units"
{ {

6
nixos/lib/testing/network.nix
View file

@ -104,9 +104,9 @@ let
optionalString ( optionalString (
config.networking.primaryIPAddress != "" config.networking.primaryIPAddress != ""
) "${config.networking.primaryIPAddress} ${hostnames}" ) "${config.networking.primaryIPAddress} ${hostnames}"
+ optionalString (config.networking.primaryIPv6Address != "") ( + optionalString (
"${config.networking.primaryIPv6Address} ${hostnames}" config.networking.primaryIPv6Address != ""
) ) "${config.networking.primaryIPv6Address} ${hostnames}"
); );
virtualisation.qemu.options = qemuOptions; virtualisation.qemu.options = qemuOptions;

2
nixos/modules/config/nix-remote-build.nix
View file

@ -241,7 +241,7 @@ in
Invalid machine specifications: Invalid machine specifications:
'' ''
+ " " + " "
+ (concatStringsSep "\n " (map (m: m.hostName) (filter (badMachine) cfg.buildMachines))); + (concatStringsSep "\n " (map (m: m.hostName) (filter badMachine cfg.buildMachines)));
} }
]; ];

2
nixos/modules/config/terminfo.nix
View file

@ -8,7 +8,7 @@
}: }:
{ {
options = with lib; { options = {
environment.enableAllTerminfo = lib.mkOption { environment.enableAllTerminfo = lib.mkOption {
default = false; default = false;
type = lib.types.bool; type = lib.types.bool;

6
nixos/modules/config/xdg/terminal-exec.nix
View file

@ -54,9 +54,9 @@ in
etc = lib.mapAttrs' ( etc = lib.mapAttrs' (
desktop: terminals: desktop: terminals:
# map desktop name such as GNOME to `xdg/gnome-xdg-terminals.list`, default to `xdg/xdg-terminals.list` # map desktop name such as GNOME to `xdg/gnome-xdg-terminals.list`, default to `xdg/xdg-terminals.list`
lib.nameValuePair ( lib.nameValuePair "xdg/${
"xdg/${if desktop == "default" then "" else "${lib.toLower desktop}-"}xdg-terminals.list" if desktop == "default" then "" else "${lib.toLower desktop}-"
) { text = lib.concatLines terminals; } }xdg-terminals.list" { text = lib.concatLines terminals; }
) cfg.settings; ) cfg.settings;
}; };
}; };

8
nixos/modules/hardware/video/nvidia.nix
View file

@ -333,7 +333,7 @@ in
lib.mkIf cfg.enabled ( lib.mkIf cfg.enabled (
lib.mkMerge [ lib.mkMerge [
# Common # Common
({ {
assertions = [ assertions = [
{ {
assertion = !(nvidiaEnabled && cfg.datacenter.enable); assertion = !(nvidiaEnabled && cfg.datacenter.enable);
@ -388,7 +388,7 @@ in
extraPackages32 = [ nvidia_x11.lib32 ]; extraPackages32 = [ nvidia_x11.lib32 ];
}; };
environment.systemPackages = [ nvidia_x11.bin ]; environment.systemPackages = [ nvidia_x11.bin ];
}) }
# X11 # X11
(lib.mkIf nvidiaEnabled { (lib.mkIf nvidiaEnabled {
@ -709,7 +709,7 @@ in
"L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced"; "L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced";
services = lib.mkMerge [ services = lib.mkMerge [
({ {
nvidia-fabricmanager = { nvidia-fabricmanager = {
enable = true; enable = true;
description = "Start NVIDIA NVLink Management"; description = "Start NVIDIA NVLink Management";
@ -736,7 +736,7 @@ in
LimitCORE = "infinity"; LimitCORE = "infinity";
}; };
}; };
}) }
(lib.mkIf cfg.nvidiaPersistenced { (lib.mkIf cfg.nvidiaPersistenced {
"nvidia-persistenced" = { "nvidia-persistenced" = {
description = "NVIDIA Persistence Daemon"; description = "NVIDIA Persistence Daemon";

2
nixos/modules/i18n/input-method/default.nix
View file

@ -114,7 +114,7 @@ in
}; };
meta = { meta = {
maintainers = with lib.maintainers; [ ]; maintainers = [ ];
doc = ./default.md; doc = ./default.md;
}; };

2
nixos/modules/i18n/input-method/fcitx5.nix
View file

@ -117,7 +117,7 @@ in
++ lib.optionals (cfg.quickPhraseFiles != { }) [ ++ lib.optionals (cfg.quickPhraseFiles != { }) [
(pkgs.linkFarm "quickPhraseFiles" ( (pkgs.linkFarm "quickPhraseFiles" (
lib.mapAttrs' ( lib.mapAttrs' (
name: value: lib.nameValuePair ("share/fcitx5/data/quickphrase.d/${name}.mb") value name: value: lib.nameValuePair "share/fcitx5/data/quickphrase.d/${name}.mb" value
) cfg.quickPhraseFiles ) cfg.quickPhraseFiles
)) ))
]; ];

4
nixos/modules/installer/cd-dvd/iso-image.nix
View file

@ -950,7 +950,7 @@ in
let let
cfgFiles = cfgFiles =
cfg: cfg:
lib.optionals cfg.isoImage.showConfiguration ([ lib.optionals cfg.isoImage.showConfiguration [
{ {
source = cfg.boot.kernelPackages.kernel + "/" + cfg.system.boot.loader.kernelFile; source = cfg.boot.kernelPackages.kernel + "/" + cfg.system.boot.loader.kernelFile;
target = "/boot/" + cfg.boot.kernelPackages.kernel + "/" + cfg.system.boot.loader.kernelFile; target = "/boot/" + cfg.boot.kernelPackages.kernel + "/" + cfg.system.boot.loader.kernelFile;
@ -959,7 +959,7 @@ in
source = cfg.system.build.initialRamdisk + "/" + cfg.system.boot.loader.initrdFile; source = cfg.system.build.initialRamdisk + "/" + cfg.system.boot.loader.initrdFile;
target = "/boot/" + cfg.system.build.initialRamdisk + "/" + cfg.system.boot.loader.initrdFile; target = "/boot/" + cfg.system.build.initialRamdisk + "/" + cfg.system.boot.loader.initrdFile;
} }
]) ]
++ lib.concatLists ( ++ lib.concatLists (
lib.mapAttrsToList (_: { configuration, ... }: cfgFiles configuration) cfg.specialisation lib.mapAttrsToList (_: { configuration, ... }: cfgFiles configuration) cfg.specialisation
); );

2
nixos/modules/installer/netboot/netboot-base.nix
View file

@ -3,8 +3,6 @@
{ lib, ... }: { lib, ... }:
with lib;
{ {
imports = [ imports = [
./netboot.nix ./netboot.nix

2
nixos/modules/profiles/headless.nix
View file

@ -3,8 +3,6 @@
{ lib, ... }: { lib, ... }:
with lib;
{ {
# Don't start a tty on the serial consoles. # Don't start a tty on the serial consoles.
systemd.services."serial-getty@ttyS0".enable = lib.mkDefault false; systemd.services."serial-getty@ttyS0".enable = lib.mkDefault false;

8
nixos/modules/profiles/nix-builder-vm.nix
View file

@ -212,18 +212,18 @@ in
'' ''
); );
run-builder = hostPkgs.writeShellScriptBin "run-builder" ('' run-builder = hostPkgs.writeShellScriptBin "run-builder" ''
set -euo pipefail set -euo pipefail
KEYS="''${KEYS:-./keys}" KEYS="''${KEYS:-./keys}"
KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm} KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm}
''); '';
script = hostPkgs.writeShellScriptBin "create-builder" ('' script = hostPkgs.writeShellScriptBin "create-builder" ''
set -euo pipefail set -euo pipefail
export KEYS="''${KEYS:-./keys}" export KEYS="''${KEYS:-./keys}"
${lib.getExe add-keys} ${lib.getExe add-keys}
${lib.getExe run-builder} ${lib.getExe run-builder}
''); '';
in in
script.overrideAttrs (old: { script.overrideAttrs (old: {

2
nixos/modules/programs/atop.nix
View file

@ -16,7 +16,7 @@ in
options = { options = {
programs.atop = rec { programs.atop = {
enable = lib.mkEnableOption "Atop, a tool for monitoring system resources"; enable = lib.mkEnableOption "Atop, a tool for monitoring system resources";

4
nixos/modules/programs/coolercontrol.nix
View file

@ -29,7 +29,7 @@ in
config = lib.mkIf cfg.enable ( config = lib.mkIf cfg.enable (
lib.mkMerge [ lib.mkMerge [
# Common # Common
({ {
environment.systemPackages = with pkgs.coolercontrol; [ environment.systemPackages = with pkgs.coolercontrol; [
coolercontrol-gui coolercontrol-gui
]; ];
@ -46,7 +46,7 @@ in
coolercontrold.wantedBy = [ "multi-user.target" ]; coolercontrold.wantedBy = [ "multi-user.target" ];
}; };
}; };
}) }
# Nvidia support # Nvidia support
(lib.mkIf cfg.nvidiaSupport { (lib.mkIf cfg.nvidiaSupport {

8
nixos/modules/programs/firefox.nix
View file

@ -149,7 +149,7 @@ in
languagePacks = lib.mkOption { languagePacks = lib.mkOption {
# Available languages can be found in https://releases.mozilla.org/pub/firefox/releases/${cfg.package.version}/linux-x86_64/xpi/ # Available languages can be found in https://releases.mozilla.org/pub/firefox/releases/${cfg.package.version}/linux-x86_64/xpi/
type = lib.types.listOf ( type = lib.types.listOf (
lib.types.enum ([ lib.types.enum [
"ach" "ach"
"af" "af"
"an" "an"
@ -253,7 +253,7 @@ in
"xh" "xh"
"zh-CN" "zh-CN"
"zh-TW" "zh-TW"
]) ]
); );
default = [ ]; default = [ ];
description = '' description = ''
@ -285,7 +285,7 @@ in
''; '';
}; };
nativeMessagingHosts = ({ nativeMessagingHosts = {
packages = lib.mkOption { packages = lib.mkOption {
type = lib.types.listOf lib.types.package; type = lib.types.listOf lib.types.package;
default = [ ]; default = [ ];
@ -293,7 +293,7 @@ in
Additional packages containing native messaging hosts that should be made available to Firefox extensions. Additional packages containing native messaging hosts that should be made available to Firefox extensions.
''; '';
}; };
}) }
// (builtins.mapAttrs (k: v: lib.mkEnableOption "${v.name} support") nmhOptions); // (builtins.mapAttrs (k: v: lib.mkEnableOption "${v.name} support") nmhOptions);
}; };

2
nixos/modules/programs/fuse.nix
View file

@ -9,7 +9,7 @@ let
cfg = config.programs.fuse; cfg = config.programs.fuse;
in in
{ {
meta.maintainers = with lib.maintainers; [ ]; meta.maintainers = [ ];
options.programs.fuse = { options.programs.fuse = {
enable = lib.mkEnableOption "fuse" // { enable = lib.mkEnableOption "fuse" // {

2
nixos/modules/programs/gamescope.nix
View file

@ -78,5 +78,5 @@ in
environment.systemPackages = lib.mkIf (!cfg.capSysNice) [ gamescope ]; environment.systemPackages = lib.mkIf (!cfg.capSysNice) [ gamescope ];
}; };
meta.maintainers = with lib.maintainers; [ ]; meta.maintainers = [ ];
} }

2
nixos/modules/programs/nix-required-mounts.nix
View file

@ -80,7 +80,7 @@ in
''; '';
allowedPatterns = allowedPatterns =
with lib.types; with lib.types;
lib.mkOption rec { lib.mkOption {
type = attrsOf Pattern; type = attrsOf Pattern;
description = "The hook config, describing which paths to mount for which system features"; description = "The hook config, describing which paths to mount for which system features";
default = { }; default = { };

4
nixos/modules/programs/ssh.nix
View file

@ -382,8 +382,8 @@ in
ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent"; ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
ExecStart = ExecStart =
"${cfg.package}/bin/ssh-agent " "${cfg.package}/bin/ssh-agent "
+ lib.optionalString (cfg.agentTimeout != null) ("-t ${cfg.agentTimeout} ") + lib.optionalString (cfg.agentTimeout != null) "-t ${cfg.agentTimeout} "
+ lib.optionalString (cfg.agentPKCS11Whitelist != null) ("-P ${cfg.agentPKCS11Whitelist} ") + lib.optionalString (cfg.agentPKCS11Whitelist != null) "-P ${cfg.agentPKCS11Whitelist} "
+ "-a %t/ssh-agent"; + "-a %t/ssh-agent";
StandardOutput = "null"; StandardOutput = "null";
Type = "forking"; Type = "forking";

32
nixos/modules/programs/tsm-client.nix
View file

@ -280,22 +280,22 @@ let
# skip `null` value # skip `null` value
else else
[ [
(
" ${key}${ " ${key}${
if value == true then if value == true then
"" ""
# just output key if value is `true` # just output key if value is `true`
else if isInt value then else if isInt value then
" ${builtins.toString value}" " ${builtins.toString value}"
else if path.check value then else if path.check value then
" \"${value}\"" " \"${value}\""
# enclose path in ".." # enclose path in ".."
else if singleLineStr.check value then else if singleLineStr.check value then
" ${value}" " ${value}"
else else
throw "assertion failed: cannot convert type" # should never happen throw "assertion failed: cannot convert type" # should never happen
}" }"
)
]; ];
makeDsmSysStanza = makeDsmSysStanza =

2
nixos/modules/programs/wayland/labwc.nix
View file

@ -9,7 +9,7 @@ let
cfg = config.programs.labwc; cfg = config.programs.labwc;
in in
{ {
meta.maintainers = with lib.maintainers; [ ]; meta.maintainers = [ ];
options.programs.labwc = { options.programs.labwc = {
enable = lib.mkEnableOption "labwc"; enable = lib.mkEnableOption "labwc";

2
nixos/modules/programs/wayland/lib.nix
View file

@ -4,7 +4,7 @@
genFinalPackage = genFinalPackage =
pkg: args: pkg: args:
let let
expectedArgs = with lib; lib.naturalSort (lib.attrNames args); expectedArgs = lib.naturalSort (lib.attrNames args);
existingArgs = existingArgs =
with lib; with lib;
naturalSort (intersectLists expectedArgs (attrNames (functionArgs pkg.override))); naturalSort (intersectLists expectedArgs (attrNames (functionArgs pkg.override)));

2
nixos/modules/programs/wayland/sway.nix
View file

@ -204,5 +204,5 @@ in
] ]
); );
meta.maintainers = with lib.maintainers; [ ]; meta.maintainers = [ ];
} }

2
nixos/modules/programs/winbox.nix
View file

@ -10,7 +10,7 @@ let
in in
{ {
options.programs.winbox = { options.programs.winbox = {
enable = lib.mkEnableOption ("MikroTik Winbox"); enable = lib.mkEnableOption "MikroTik Winbox";
package = lib.mkPackageOption pkgs "winbox" { }; package = lib.mkPackageOption pkgs "winbox" { };
openFirewall = lib.mkOption { openFirewall = lib.mkOption {

2
nixos/modules/programs/wshowkeys.nix
View file

@ -27,5 +27,5 @@ in
}; };
}; };
meta.maintainers = with lib.maintainers; [ ]; meta.maintainers = [ ];
} }

4
nixos/modules/programs/zsh/zsh-syntax-highlighting.nix
View file

@ -37,7 +37,7 @@ in
# https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md # https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md
type = lib.types.listOf ( type = lib.types.listOf (
lib.types.enum ([ lib.types.enum [
"main" "main"
"brackets" "brackets"
"pattern" "pattern"
@ -45,7 +45,7 @@ in
"regexp" "regexp"
"root" "root"
"line" "line"
]) ]
); );
description = '' description = ''

2
nixos/modules/security/acme/default.nix
View file

@ -203,7 +203,7 @@ let
# Create hashes for cert data directories based on configuration # Create hashes for cert data directories based on configuration
# Flags are separated to avoid collisions # Flags are separated to avoid collisions
hashData = hashData =
with builtins;
'' ''
${lib.concatStringsSep " " data.extraLegoFlags} - ${lib.concatStringsSep " " data.extraLegoFlags} -
${lib.concatStringsSep " " data.extraLegoRunFlags} - ${lib.concatStringsSep " " data.extraLegoRunFlags} -

4
nixos/modules/security/please.nix
View file

@ -97,7 +97,7 @@ in
etc."please.ini".source = ini.generate "please.ini" ( etc."please.ini".source = ini.generate "please.ini" (
cfg.settings cfg.settings
// (rec { // rec {
# The "root" user is allowed to do anything by default and this cannot # The "root" user is allowed to do anything by default and this cannot
# be overridden. # be overridden.
root_run_as_any = { root_run_as_any = {
@ -113,7 +113,7 @@ in
root_list_as_any = root_run_as_any // { root_list_as_any = root_run_as_any // {
type = "list"; type = "list";
}; };
}) }
); );
}; };

4
nixos/modules/security/wrappers/default.nix
View file

@ -294,11 +294,11 @@ in
where = parentWrapperDir; where = parentWrapperDir;
what = "tmpfs"; what = "tmpfs";
type = "tmpfs"; type = "tmpfs";
options = lib.concatStringsSep "," ([ options = lib.concatStringsSep "," [
"nodev" "nodev"
"mode=755" "mode=755"
"size=${config.security.wrapperDirSize}" "size=${config.security.wrapperDirSize}"
]); ];
} }
]; ];

8
nixos/modules/services/audio/alsa.nix
View file

@ -157,7 +157,7 @@ in
controls = lib.mkOption { controls = lib.mkOption {
type = lib.types.attrsOf ( type = lib.types.attrsOf (
lib.types.submodule ({ lib.types.submodule {
options.name = lib.mkOption { options.name = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
default = null; default = null;
@ -187,7 +187,7 @@ in
The maximum volume in dB. The maximum volume in dB.
''; '';
}; };
}) }
); );
default = { }; default = { };
example = lib.literalExpression '' example = lib.literalExpression ''
@ -206,7 +206,7 @@ in
cardAliases = lib.mkOption { cardAliases = lib.mkOption {
type = lib.types.attrsOf ( type = lib.types.attrsOf (
lib.types.submodule ({ lib.types.submodule {
options.driver = lib.mkOption { options.driver = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = '' description = ''
@ -220,7 +220,7 @@ in
The ID of the sound card The ID of the sound card
''; '';
}; };
}) }
); );
default = { }; default = { };
example = lib.literalExpression '' example = lib.literalExpression ''

27
nixos/modules/services/audio/gmediarender.nix
View file

@ -81,18 +81,21 @@ in
SupplementaryGroups = [ "audio" ]; SupplementaryGroups = [ "audio" ];
ExecStart = ExecStart =
"${cfg.package}/bin/gmediarender " "${cfg.package}/bin/gmediarender "
+ lib.optionalString (cfg.audioDevice != null) ( + lib.optionalString (
"--gstout-audiodevice=${utils.escapeSystemdExecArg cfg.audioDevice} " cfg.audioDevice != null
) ) "--gstout-audiodevice=${utils.escapeSystemdExecArg cfg.audioDevice} "
+ lib.optionalString (cfg.audioSink != null) (
"--gstout-audiosink=${utils.escapeSystemdExecArg cfg.audioSink} " + lib.optionalString (
) cfg.audioSink != null
+ lib.optionalString (cfg.friendlyName != null) ( ) "--gstout-audiosink=${utils.escapeSystemdExecArg cfg.audioSink} "
"--friendly-name=${utils.escapeSystemdExecArg cfg.friendlyName} "
) + lib.optionalString (
+ lib.optionalString (cfg.initialVolume != 0) ("--initial-volume=${toString cfg.initialVolume} ") cfg.friendlyName != null
+ lib.optionalString (cfg.port != null) ("--port=${toString cfg.port} ") ) "--friendly-name=${utils.escapeSystemdExecArg cfg.friendlyName} "
+ lib.optionalString (cfg.uuid != null) ("--uuid=${utils.escapeSystemdExecArg cfg.uuid} ");
+ lib.optionalString (cfg.initialVolume != 0) "--initial-volume=${toString cfg.initialVolume} "
+ lib.optionalString (cfg.port != null) "--port=${toString cfg.port} "
+ lib.optionalString (cfg.uuid != null) "--uuid=${utils.escapeSystemdExecArg cfg.uuid} ";
Restart = "always"; Restart = "always";
RuntimeDirectory = "gmediarender"; RuntimeDirectory = "gmediarender";

16
nixos/modules/services/backup/borgbackup.nix
View file

@ -206,15 +206,13 @@ let
{ {
nativeBuildInputs = [ pkgs.makeWrapper ]; nativeBuildInputs = [ pkgs.makeWrapper ];
} }
(
with lib; ''
'' makeWrapper "${original}" "$out/bin/${name}" \
makeWrapper "${original}" "$out/bin/${name}" \ ${lib.concatStringsSep " \\\n " (
${lib.concatStringsSep " \\\n " ( lib.mapAttrsToList (name: value: ''--set ${name} "${value}"'') set
lib.mapAttrsToList (name: value: ''--set ${name} "${value}"'') set )}
)} '';
''
);
# Returns a singleton list, due to usage of lib.optional # Returns a singleton list, due to usage of lib.optional
mkBorgWrapper = mkBorgWrapper =

86
nixos/modules/services/backup/syncoid.nix
View file

@ -31,39 +31,38 @@ let
# datasets. # datasets.
buildAllowCommand = buildAllowCommand =
permissions: dataset: permissions: dataset:
(
"-+${pkgs.writeShellScript "zfs-allow-${dataset}" ''
# Here we explicitly use the booted system to guarantee the stable API needed by ZFS
# Run a ZFS list on the dataset to check if it exists "-+${pkgs.writeShellScript "zfs-allow-${dataset}" ''
if ${ # Here we explicitly use the booted system to guarantee the stable API needed by ZFS
lib.escapeShellArgs [
"/run/booted-system/sw/bin/zfs" # Run a ZFS list on the dataset to check if it exists
"list" if ${
dataset lib.escapeShellArgs [
] "/run/booted-system/sw/bin/zfs"
} 2> /dev/null; then "list"
dataset
]
} 2> /dev/null; then
${lib.escapeShellArgs [
"/run/booted-system/sw/bin/zfs"
"allow"
cfg.user
(lib.concatStringsSep "," permissions)
dataset
]}
${lib.optionalString ((builtins.dirOf dataset) != ".") ''
else
${lib.escapeShellArgs [ ${lib.escapeShellArgs [
"/run/booted-system/sw/bin/zfs" "/run/booted-system/sw/bin/zfs"
"allow" "allow"
cfg.user cfg.user
(lib.concatStringsSep "," permissions) (lib.concatStringsSep "," permissions)
dataset # Remove the last part of the path
(builtins.dirOf dataset)
]} ]}
${lib.optionalString ((builtins.dirOf dataset) != ".") '' ''}
else fi
${lib.escapeShellArgs [ ''}";
"/run/booted-system/sw/bin/zfs"
"allow"
cfg.user
(lib.concatStringsSep "," permissions)
# Remove the last part of the path
(builtins.dirOf dataset)
]}
''}
fi
''}"
);
# Function to build "zfs unallow" commands for the filesystems we've # Function to build "zfs unallow" commands for the filesystems we've
# delegated permissions to. Here we unallow both the target but also # delegated permissions to. Here we unallow both the target but also
@ -73,28 +72,27 @@ let
# since the dataset should have been created at this point. # since the dataset should have been created at this point.
buildUnallowCommand = buildUnallowCommand =
permissions: dataset: permissions: dataset:
(
"-+${pkgs.writeShellScript "zfs-unallow-${dataset}" '' "-+${pkgs.writeShellScript "zfs-unallow-${dataset}" ''
# Here we explicitly use the booted system to guarantee the stable API needed by ZFS # Here we explicitly use the booted system to guarantee the stable API needed by ZFS
${lib.escapeShellArgs [ ${lib.escapeShellArgs [
"/run/booted-system/sw/bin/zfs"
"unallow"
cfg.user
(lib.concatStringsSep "," permissions)
dataset
]}
${lib.optionalString ((builtins.dirOf dataset) != ".") (
lib.escapeShellArgs [
"/run/booted-system/sw/bin/zfs" "/run/booted-system/sw/bin/zfs"
"unallow" "unallow"
cfg.user cfg.user
(lib.concatStringsSep "," permissions) (lib.concatStringsSep "," permissions)
dataset # Remove the last part of the path
]} (builtins.dirOf dataset)
${lib.optionalString ((builtins.dirOf dataset) != ".") ( ]
lib.escapeShellArgs [ )}
"/run/booted-system/sw/bin/zfs" ''}";
"unallow"
cfg.user
(lib.concatStringsSep "," permissions)
# Remove the last part of the path
(builtins.dirOf dataset)
]
)}
''}"
);
in in
{ {

4
nixos/modules/services/cluster/hadoop/yarn.nix
View file

@ -189,13 +189,13 @@ in
services.hadoop.yarnSiteInternal = services.hadoop.yarnSiteInternal =
with cfg.yarn.nodemanager; with cfg.yarn.nodemanager;
lib.mkMerge [ lib.mkMerge [
({ {
"yarn.nodemanager.local-dirs" = lib.mkIf (localDir != null) (concatStringsSep "," localDir); "yarn.nodemanager.local-dirs" = lib.mkIf (localDir != null) (concatStringsSep "," localDir);
"yarn.scheduler.maximum-allocation-vcores" = resource.maximumAllocationVCores; "yarn.scheduler.maximum-allocation-vcores" = resource.maximumAllocationVCores;
"yarn.scheduler.maximum-allocation-mb" = resource.maximumAllocationMB; "yarn.scheduler.maximum-allocation-mb" = resource.maximumAllocationMB;
"yarn.nodemanager.resource.cpu-vcores" = resource.cpuVCores; "yarn.nodemanager.resource.cpu-vcores" = resource.cpuVCores;
"yarn.nodemanager.resource.memory-mb" = resource.memoryMB; "yarn.nodemanager.resource.memory-mb" = resource.memoryMB;
}) }
(lib.mkIf useCGroups ( (lib.mkIf useCGroups (
lib.warnIf (lib.versionOlder cfg.package.version "3.5.0") lib.warnIf (lib.versionOlder cfg.package.version "3.5.0")
'' ''

14
nixos/modules/services/cluster/kubernetes/default.nix
View file

@ -342,14 +342,12 @@ in
# dns addon is enabled by default # dns addon is enabled by default
services.kubernetes.addons.dns.enable = lib.mkDefault true; services.kubernetes.addons.dns.enable = lib.mkDefault true;
services.kubernetes.apiserverAddress = lib.mkDefault ( services.kubernetes.apiserverAddress = lib.mkDefault "https://${
"https://${ if cfg.apiserver.advertiseAddress != null then
if cfg.apiserver.advertiseAddress != null then cfg.apiserver.advertiseAddress
cfg.apiserver.advertiseAddress else
else "${cfg.masterAddress}:${toString cfg.apiserver.securePort}"
"${cfg.masterAddress}:${toString cfg.apiserver.securePort}" }";
}"
);
} }
) )
]; ];

2
nixos/modules/services/cluster/temporal/default.nix
View file

@ -137,7 +137,7 @@ in
"@chown" "@chown"
]; ];
} }
// (lib.optionalAttrs (usingDefaultDataDir) { // (lib.optionalAttrs usingDefaultDataDir {
StateDirectory = "temporal"; StateDirectory = "temporal";
StateDirectoryMode = "0700"; StateDirectoryMode = "0700";
}); });

2
nixos/modules/services/computing/boinc/client.nix
View file

@ -110,6 +110,6 @@ in
}; };
meta = { meta = {
maintainers = with lib.maintainers; [ ]; maintainers = [ ];
}; };
} }

2
nixos/modules/services/continuous-integration/buildbot/master.nix
View file

@ -245,7 +245,7 @@ in
pythonPackages = lib.mkOption { pythonPackages = lib.mkOption {
type = lib.types.functionTo (lib.types.listOf lib.types.package); type = lib.types.functionTo (lib.types.listOf lib.types.package);
default = pythonPackages: with pythonPackages; [ ]; default = pythonPackages: [ ];
defaultText = lib.literalExpression "pythonPackages: with pythonPackages; [ ]"; defaultText = lib.literalExpression "pythonPackages: with pythonPackages; [ ]";
description = "Packages to add the to the PYTHONPATH of the buildbot process."; description = "Packages to add the to the PYTHONPATH of the buildbot process.";
example = lib.literalExpression "pythonPackages: with pythonPackages; [ requests ]"; example = lib.literalExpression "pythonPackages: with pythonPackages; [ requests ]";

10
nixos/modules/services/continuous-integration/gitea-actions-runner.nix
View file

@ -200,10 +200,10 @@ in
after = [ after = [
"network-online.target" "network-online.target"
] ]
++ optionals (wantsDocker) [ ++ optionals wantsDocker [
"docker.service" "docker.service"
] ]
++ optionals (wantsPodman) [ ++ optionals wantsPodman [
"podman.service" "podman.service"
]; ];
wantedBy = [ wantedBy = [
@ -213,7 +213,7 @@ in
optionalAttrs (instance.token != null) { optionalAttrs (instance.token != null) {
TOKEN = "${instance.token}"; TOKEN = "${instance.token}";
} }
// optionalAttrs (wantsPodman) { // optionalAttrs wantsPodman {
DOCKER_HOST = "unix:///run/podman/podman.sock"; DOCKER_HOST = "unix:///run/podman/podman.sock";
} }
// { // {
@ -266,10 +266,10 @@ in
]; ];
ExecStart = "${cfg.package}/bin/act_runner daemon --config ${configFile}"; ExecStart = "${cfg.package}/bin/act_runner daemon --config ${configFile}";
SupplementaryGroups = SupplementaryGroups =
optionals (wantsDocker) [ optionals wantsDocker [
"docker" "docker"
] ]
++ optionals (wantsPodman) [ ++ optionals wantsPodman [
"podman" "podman"
]; ];
} }

2
nixos/modules/services/databases/chromadb.nix
View file

@ -17,7 +17,7 @@ let
in in
{ {
meta.maintainers = with lib.maintainers; [ ]; meta.maintainers = [ ];
imports = [ imports = [
(lib.mkRemovedOptionModule [ "services" "chromadb" "logFile" ] '' (lib.mkRemovedOptionModule [ "services" "chromadb" "logFile" ] ''

8
nixos/modules/services/databases/foundationdb.nix
View file

@ -230,7 +230,7 @@ in
''; '';
type = lib.types.nullOr ( type = lib.types.nullOr (
lib.types.submodule ({ lib.types.submodule {
options = { options = {
certificate = lib.mkOption { certificate = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -258,7 +258,7 @@ in
''; '';
}; };
}; };
}) }
); );
}; };
@ -274,7 +274,7 @@ in
FoundationDB locality settings. FoundationDB locality settings.
''; '';
type = lib.types.submodule ({ type = lib.types.submodule {
options = { options = {
machineId = lib.mkOption { machineId = lib.mkOption {
default = null; default = null;
@ -316,7 +316,7 @@ in
''; '';
}; };
}; };
}); };
}; };
extraReadWritePaths = lib.mkOption { extraReadWritePaths = lib.mkOption {

6
nixos/modules/services/databases/openldap.nix
View file

@ -12,7 +12,7 @@ let
ldapValueType = ldapValueType =
let let
# Can't do types.either with multiple non-overlapping submodules, so define our own # Can't do types.either with multiple non-overlapping submodules, so define our own
singleLdapValueType = lib.mkOptionType rec { singleLdapValueType = lib.mkOptionType {
name = "LDAP"; name = "LDAP";
# TODO: It would be nice to define a { secret = ...; } option, using # TODO: It would be nice to define a { secret = ...; } option, using
# systemd's LoadCredentials for secrets. That would remove the last # systemd's LoadCredentials for secrets. That would remove the last
@ -357,7 +357,7 @@ in
] ]
) contentsFiles) ) contentsFiles)
++ [ "${openldap}/bin/slaptest -u -F ${configDir}" ]; ++ [ "${openldap}/bin/slaptest -u -F ${configDir}" ];
ExecStart = lib.escapeShellArgs ([ ExecStart = lib.escapeShellArgs [
"${openldap}/libexec/slapd" "${openldap}/libexec/slapd"
"-d" "-d"
"0" "0"
@ -365,7 +365,7 @@ in
configDir configDir
"-h" "-h"
(lib.concatStringsSep " " cfg.urlList) (lib.concatStringsSep " " cfg.urlList)
]); ];
Type = "notify"; Type = "notify";
# Fixes an error where openldap attempts to notify from a thread # Fixes an error where openldap attempts to notify from a thread
# outside the main process: # outside the main process:

2
nixos/modules/services/desktop-managers/gnome.nix
View file

@ -42,7 +42,7 @@ let
inherit flashbackEnabled nixos-background-dark nixos-background-light; inherit flashbackEnabled nixos-background-dark nixos-background-light;
}; };
nixos-background-info = pkgs.writeTextFile rec { nixos-background-info = pkgs.writeTextFile {
name = "nixos-background-info"; name = "nixos-background-info";
text = '' text = ''
<?xml version="1.0"?> <?xml version="1.0"?>

2
nixos/modules/services/desktop-managers/lomiri.nix
View file

@ -181,7 +181,7 @@ in
services.gnome.evolution-data-server = { services.gnome.evolution-data-server = {
enable = true; enable = true;
plugins = with pkgs; [ plugins = [
# TODO: lomiri.address-book-service # TODO: lomiri.address-book-service
]; ];
}; };

4
nixos/modules/services/desktops/bamf.nix
View file

@ -6,8 +6,8 @@
... ...
}: }:
{ {
meta = with lib; { meta = {
maintainers = with lib.maintainers; [ ]; maintainers = [ ];
}; };
###### interface ###### interface

4
nixos/modules/services/desktops/system76-scheduler.nix
View file

@ -136,9 +136,9 @@ let
++ (optional (a.nice != null) "nice=${toString a.nice}") ++ (optional (a.nice != null) "nice=${toString a.nice}")
++ (optional (a.class != null) "sched=${prioToString a.class a.prio}") ++ (optional (a.class != null) "sched=${prioToString a.class a.prio}")
++ (optional (a.ioClass != null) "io=${prioToString a.ioClass a.ioPrio}") ++ (optional (a.ioClass != null) "io=${prioToString a.ioClass a.ioPrio}")
++ (optional ((builtins.length a.matchers) != 0) ( ++ (optional ((builtins.length a.matchers) != 0)
"{\n${concatStringsSep "\n" (map (m: " ${indent}${m}") a.matchers)}\n${indent}}" "{\n${concatStringsSep "\n" (map (m: " ${indent}${m}") a.matchers)}\n${indent}}"
)) )
); );
in in

4
nixos/modules/services/desktops/tumbler.nix
View file

@ -17,8 +17,8 @@ in
(lib.mkRemovedOptionModule [ "services" "tumbler" "package" ] "") (lib.mkRemovedOptionModule [ "services" "tumbler" "package" ] "")
]; ];
meta = with lib; { meta = {
maintainers = with lib.maintainers; [ ] ++ lib.teams.pantheon.members; maintainers = [ ] ++ lib.teams.pantheon.members;
}; };
###### interface ###### interface

4
nixos/modules/services/development/athens.nix
View file

@ -7,7 +7,7 @@
let let
cfg = config.services.athens; cfg = config.services.athens;
athensConfig = lib.flip lib.recursiveUpdate cfg.extraConfig ({ athensConfig = lib.flip lib.recursiveUpdate cfg.extraConfig {
GoBinary = "${cfg.goBinary}/bin/go"; GoBinary = "${cfg.goBinary}/bin/go";
GoEnv = cfg.goEnv; GoEnv = cfg.goEnv;
GoBinaryEnvVars = lib.mapAttrsToList (k: v: "${k}=${v}") cfg.goBinaryEnvVars; GoBinaryEnvVars = lib.mapAttrsToList (k: v: "${k}=${v}") cfg.goBinaryEnvVars;
@ -141,7 +141,7 @@ let
}; };
}; };
}; };
}); };
configFile = lib.pipe athensConfig [ configFile = lib.pipe athensConfig [
(lib.filterAttrsRecursive (_k: v: v != null)) (lib.filterAttrsRecursive (_k: v: v != null))

4
nixos/modules/services/hardware/display.nix
View file

@ -132,7 +132,7 @@ in
hardware.display.outputs = lib.mkOption { hardware.display.outputs = lib.mkOption {
type = lib.types.attrsOf ( type = lib.types.attrsOf (
lib.types.submodule ({ lib.types.submodule {
options = { options = {
edid = lib.mkOption { edid = lib.mkOption {
type = with lib.types; nullOr str; type = with lib.types; nullOr str;
@ -161,7 +161,7 @@ in
''; '';
}; };
}; };
}) }
); );
description = '' description = ''
Hardware/kernel-level configuration of specific outputs. Hardware/kernel-level configuration of specific outputs.

4
nixos/modules/services/hardware/libinput.nix
View file

@ -370,12 +370,12 @@ in
( (
option: option:
lib.mkRenamedOptionModule lib.mkRenamedOptionModule
([ [
"services" "services"
"xserver" "xserver"
"libinput" "libinput"
option option
]) ]
[ [
"services" "services"
"libinput" "libinput"

2
nixos/modules/services/logging/fluentd.nix
View file

@ -39,7 +39,7 @@ in
###### implementation ###### implementation
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.services.fluentd = with pkgs; { systemd.services.fluentd = {
description = "Fluentd Daemon"; description = "Fluentd Daemon";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {

2
nixos/modules/services/logging/heartbeat.nix
View file

@ -64,7 +64,7 @@ in
"d '${cfg.stateDir}' - nobody nogroup - -" "d '${cfg.stateDir}' - nobody nogroup - -"
]; ];
systemd.services.heartbeat = with pkgs; { systemd.services.heartbeat = {
description = "heartbeat log shipper"; description = "heartbeat log shipper";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = '' preStart = ''

2
nixos/modules/services/logging/promtail.nix
View file

@ -104,7 +104,7 @@ in
MemoryDenyWriteExecute = true; MemoryDenyWriteExecute = true;
PrivateUsers = true; PrivateUsers = true;
SupplementaryGroups = lib.optional (allowSystemdJournal) "systemd-journal"; SupplementaryGroups = lib.optional allowSystemdJournal "systemd-journal";
} }
// (optionalAttrs (!pkgs.stdenv.hostPlatform.isAarch64) { // (optionalAttrs (!pkgs.stdenv.hostPlatform.isAarch64) {
# FIXME: figure out why this breaks on aarch64 # FIXME: figure out why this breaks on aarch64

4
nixos/modules/services/mail/listmonk.nix
View file

@ -165,11 +165,11 @@ in
# Default parameters from https://github.com/knadh/listmonk/blob/master/config.toml.sample # Default parameters from https://github.com/knadh/listmonk/blob/master/config.toml.sample
services.listmonk.settings."app".address = lib.mkDefault "localhost:9000"; services.listmonk.settings."app".address = lib.mkDefault "localhost:9000";
services.listmonk.settings."db" = lib.mkMerge [ services.listmonk.settings."db" = lib.mkMerge [
({ {
max_open = lib.mkDefault 25; max_open = lib.mkDefault 25;
max_idle = lib.mkDefault 25; max_idle = lib.mkDefault 25;
max_lifetime = lib.mkDefault "300s"; max_lifetime = lib.mkDefault "300s";
}) }
(lib.mkIf cfg.database.createLocally { (lib.mkIf cfg.database.createLocally {
host = lib.mkDefault "/run/postgresql"; host = lib.mkDefault "/run/postgresql";
port = lib.mkDefault 5432; port = lib.mkDefault 5432;

6
nixos/modules/services/mail/public-inbox.nix
View file

@ -605,7 +605,7 @@ in
]; ];
} }
) )
({ {
public-inbox-init = public-inbox-init =
let let
PI_CONFIG = gitIni.generate "public-inbox.ini" ( PI_CONFIG = gitIni.generate "public-inbox.ini" (
@ -674,9 +674,9 @@ in
}; };
} }
]; ];
}) }
]; ];
environment.systemPackages = with pkgs; [ cfg.package ]; environment.systemPackages = [ cfg.package ];
}; };
meta.maintainers = with lib.maintainers; [ meta.maintainers = with lib.maintainers; [
julm julm

2
nixos/modules/services/mail/roundcube.nix
View file

@ -129,7 +129,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# backward compatibility: if password is set but not passwordFile, make one. # backward compatibility: if password is set but not passwordFile, make one.
services.roundcube.database.passwordFile = lib.mkIf (!localDB && cfg.database.password != "") ( services.roundcube.database.passwordFile = lib.mkIf (!localDB && cfg.database.password != "") (
lib.mkDefault ("${pkgs.writeText "roundcube-password" cfg.database.password}") lib.mkDefault "${pkgs.writeText "roundcube-password" cfg.database.password}"
); );
warnings = warnings =
lib.optional (!localDB && cfg.database.password != "") lib.optional (!localDB && cfg.database.password != "")

2
nixos/modules/services/mail/stalwart-mail.nix
View file

@ -133,7 +133,7 @@ in
in in
{ {
path = "/var/cache/stalwart-mail"; path = "/var/cache/stalwart-mail";
resource = lib.mkIf (hasHttpListener) (lib.mkDefault "file://${cfg.package.webadmin}/webadmin.zip"); resource = lib.mkIf hasHttpListener (lib.mkDefault "file://${cfg.package.webadmin}/webadmin.zip");
}; };
}; };

4
nixos/modules/services/matrix/conduit.nix
View file

@ -143,10 +143,10 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
environment = lib.mkMerge ([ environment = lib.mkMerge [
{ CONDUIT_CONFIG = configFile; } { CONDUIT_CONFIG = configFile; }
cfg.extraEnvironment cfg.extraEnvironment
]); ];
serviceConfig = { serviceConfig = {
DynamicUser = true; DynamicUser = true;
User = "conduit"; User = "conduit";

2
nixos/modules/services/matrix/mautrix-meta.nix
View file

@ -619,5 +619,5 @@ in
} }
]; ];
meta.maintainers = with lib.maintainers; [ ]; meta.maintainers = [ ];
} }

8
nixos/modules/services/misc/autorandr.nix
View file

@ -232,7 +232,7 @@ let
profileToFiles = profileToFiles =
name: profile: name: profile:
with profile; with profile;
lib.mkMerge ([ lib.mkMerge [
{ {
"xdg/autorandr/${name}/setup".text = lib.concatStringsSep "\n" ( "xdg/autorandr/${name}/setup".text = lib.concatStringsSep "\n" (
lib.mapAttrsToList fingerprintToString fingerprint lib.mapAttrsToList fingerprintToString fingerprint
@ -244,7 +244,7 @@ let
(lib.mapAttrs' (hookToFile "${name}/postswitch.d") hooks.postswitch) (lib.mapAttrs' (hookToFile "${name}/postswitch.d") hooks.postswitch)
(lib.mapAttrs' (hookToFile "${name}/preswitch.d") hooks.preswitch) (lib.mapAttrs' (hookToFile "${name}/preswitch.d") hooks.preswitch)
(lib.mapAttrs' (hookToFile "${name}/predetect.d") hooks.predetect) (lib.mapAttrs' (hookToFile "${name}/predetect.d") hooks.predetect)
]); ];
fingerprintToString = name: edid: "${name} ${edid}"; fingerprintToString = name: edid: "${name} ${edid}";
configToString = configToString =
name: config: name: config:
@ -373,12 +373,12 @@ in
environment = { environment = {
systemPackages = [ pkgs.autorandr ]; systemPackages = [ pkgs.autorandr ];
etc = lib.mkMerge ([ etc = lib.mkMerge [
(lib.mapAttrs' (hookToFile "postswitch.d") cfg.hooks.postswitch) (lib.mapAttrs' (hookToFile "postswitch.d") cfg.hooks.postswitch)
(lib.mapAttrs' (hookToFile "preswitch.d") cfg.hooks.preswitch) (lib.mapAttrs' (hookToFile "preswitch.d") cfg.hooks.preswitch)
(lib.mapAttrs' (hookToFile "predetect.d") cfg.hooks.predetect) (lib.mapAttrs' (hookToFile "predetect.d") cfg.hooks.predetect)
(lib.mkMerge (lib.mapAttrsToList profileToFiles cfg.profiles)) (lib.mkMerge (lib.mapAttrsToList profileToFiles cfg.profiles))
]); ];
}; };
systemd.services.autorandr = { systemd.services.autorandr = {

4
nixos/modules/services/misc/bepasty.nix
View file

@ -138,7 +138,7 @@ in
# creates gunicorn systemd service for each configured server # creates gunicorn systemd service for each configured server
systemd.services = lib.mapAttrs' ( systemd.services = lib.mapAttrs' (
name: server: name: server:
lib.nameValuePair ("bepasty-server-${name}-gunicorn") ({ lib.nameValuePair "bepasty-server-${name}-gunicorn" {
description = "Bepasty Server ${name}"; description = "Bepasty Server ${name}";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
@ -186,7 +186,7 @@ in
-k gevent -k gevent
''; '';
}; };
}) }
) cfg.servers; ) cfg.servers;
users.users.${user} = { users.users.${user} = {

4
nixos/modules/services/misc/cgminer.nix
View file

@ -7,12 +7,12 @@
let let
cfg = config.services.cgminer; cfg = config.services.cgminer;
convType = with builtins; v: if lib.isBool v then lib.boolToString v else toString v; convType = v: if lib.isBool v then lib.boolToString v else toString v;
mergedHwConfig = lib.mapAttrsToList ( mergedHwConfig = lib.mapAttrsToList (
n: v: ''"${n}": "${(lib.concatStringsSep "," (map convType v))}"'' n: v: ''"${n}": "${(lib.concatStringsSep "," (map convType v))}"''
) (lib.foldAttrs (n: a: [ n ] ++ a) [ ] cfg.hardware); ) (lib.foldAttrs (n: a: [ n ] ++ a) [ ] cfg.hardware);
mergedConfig = mergedConfig =
with builtins;
lib.mapAttrsToList ( lib.mapAttrsToList (
n: v: ''"${n}": ${if lib.isBool v then convType v else ''"${convType v}"''}'' n: v: ''"${n}": ${if lib.isBool v then convType v else ''"${convType v}"''}''
) cfg.config; ) cfg.config;

2
nixos/modules/services/misc/docling-serve.nix
View file

@ -127,5 +127,5 @@ in
networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; }; networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; };
}; };
meta.maintainers = with lib.maintainers; [ ]; meta.maintainers = [ ];
} }

2
nixos/modules/services/misc/gitlab.nix
View file

@ -1699,7 +1699,7 @@ in
filteredConfig = filterAttrs (_: v: v != null) cfg.pages.settings; filteredConfig = filterAttrs (_: v: v != null) cfg.pages.settings;
isSecret = v: isAttrs v && v ? _secret && isString v._secret; isSecret = v: isAttrs v && v ? _secret && isString v._secret;
mkPagesKeyValue = lib.generators.toKeyValue { mkPagesKeyValue = lib.generators.toKeyValue {
mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" rec { mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" {
mkValueString = mkValueString =
v: v:
if isInt v then if isInt v then

2
nixos/modules/services/misc/litellm.nix
View file

@ -178,5 +178,5 @@ in
networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; }; networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; };
}; };
meta.maintainers = with lib.maintainers; [ ]; meta.maintainers = [ ];
} }

2
nixos/modules/services/misc/orthanc.nix
View file

@ -130,5 +130,5 @@ in
time.timeZone = lib.mkDefault "UTC"; time.timeZone = lib.mkDefault "UTC";
}; };
meta.maintainers = with lib.maintainers; [ ]; meta.maintainers = [ ];
} }

4
nixos/modules/services/misc/portunus.nix
View file

@ -270,9 +270,9 @@ in
PORTUNUS_SLAPD_USER = cfg.ldap.user; PORTUNUS_SLAPD_USER = cfg.ldap.user;
PORTUNUS_SLAPD_SCHEMA_DIR = "${cfg.ldap.package}/etc/schema"; PORTUNUS_SLAPD_SCHEMA_DIR = "${cfg.ldap.package}/etc/schema";
} }
// (lib.optionalAttrs (cfg.seedPath != null) ({ // (lib.optionalAttrs (cfg.seedPath != null) {
PORTUNUS_SEED_PATH = cfg.seedPath; PORTUNUS_SEED_PATH = cfg.seedPath;
})) })
// (lib.optionalAttrs cfg.ldap.tls ( // (lib.optionalAttrs cfg.ldap.tls (
let let
acmeDirectory = config.security.acme.certs."${cfg.domain}".directory; acmeDirectory = config.security.acme.certs."${cfg.domain}".directory;

4
nixos/modules/services/misc/redlib.nix
View file

@ -20,10 +20,10 @@ let
cfg = config.services.redlib; cfg = config.services.redlib;
args = concatStringsSep " " ([ args = concatStringsSep " " [
"--port ${toString cfg.port}" "--port ${toString cfg.port}"
"--address ${cfg.address}" "--address ${cfg.address}"
]); ];
boolToString' = b: if b then "on" else "off"; boolToString' = b: if b then "on" else "off";
in in

4
nixos/modules/services/misc/snapper.nix
View file

@ -265,11 +265,11 @@ in
} }
// (lib.mapAttrs' ( // (lib.mapAttrs' (
name: subvolume: name: subvolume:
lib.nameValuePair "snapper/configs/${name}" ({ lib.nameValuePair "snapper/configs/${name}" {
text = lib.generators.toKeyValue { inherit mkKeyValue; } ( text = lib.generators.toKeyValue { inherit mkKeyValue; } (
lib.filterAttrs (k: v: v != defaultOf k) subvolume lib.filterAttrs (k: v: v != defaultOf k) subvolume
); );
}) }
) cfg.configs) ) cfg.configs)
// (lib.optionalAttrs (cfg.filters != null) { "snapper/filters/default.txt".text = cfg.filters; }); // (lib.optionalAttrs (cfg.filters != null) { "snapper/filters/default.txt".text = cfg.filters; });
}; };

2
nixos/modules/services/misc/synergy.nix
View file

@ -129,7 +129,7 @@ in
}${ }${
lib.optionalString (cfgS.screenName != "") " -n ${cfgS.screenName}" lib.optionalString (cfgS.screenName != "") " -n ${cfgS.screenName}"
}${lib.optionalString cfgS.tls.enable " --enable-crypto"}${ }${lib.optionalString cfgS.tls.enable " --enable-crypto"}${
lib.optionalString (cfgS.tls.cert != null) (" --tls-cert ${cfgS.tls.cert}") lib.optionalString (cfgS.tls.cert != null) " --tls-cert ${cfgS.tls.cert}"
}''; }'';
serviceConfig.Restart = "on-failure"; serviceConfig.Restart = "on-failure";
}; };

11
nixos/modules/services/monitoring/graphite.nix
View file

@ -51,10 +51,9 @@ let
]; ];
}; };
carbonOpts = carbonOpts = name: ''
name: with config.ids; '' --nodaemon --syslog --prefix=${name} --pidfile /run/${name}/${name}.pid ${name}
--nodaemon --syslog --prefix=${name} --pidfile /run/${name}/${name}.pid ${name} '';
'';
carbonEnv = { carbonEnv = {
PYTHONPATH = PYTHONPATH =
@ -355,7 +354,7 @@ in
]; ];
}) })
(lib.mkIf cfg.web.enable ({ (lib.mkIf cfg.web.enable {
systemd.services.graphiteWeb = { systemd.services.graphiteWeb = {
description = "Graphite Web Interface"; description = "Graphite Web Interface";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -416,7 +415,7 @@ in
}; };
environment.systemPackages = [ pkgs.python3Packages.graphite-web ]; environment.systemPackages = [ pkgs.python3Packages.graphite-web ];
})) })
(lib.mkIf cfg.seyren.enable { (lib.mkIf cfg.seyren.enable {
systemd.services.seyren = { systemd.services.seyren = {

2
nixos/modules/services/monitoring/parsedmarc.nix
View file

@ -11,7 +11,7 @@ let
opt = options.services.parsedmarc; opt = options.services.parsedmarc;
isSecret = v: isAttrs v && v ? _secret && isString v._secret; isSecret = v: isAttrs v && v ? _secret && isString v._secret;
ini = pkgs.formats.ini { ini = pkgs.formats.ini {
mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" rec { mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" {
mkValueString = mkValueString =
v: v:
if isInt v then if isInt v then

6
nixos/modules/services/monitoring/prometheus/exporters.nix
View file

@ -344,7 +344,7 @@ let
"-m comment --comment ${name}-exporter -j nixos-fw-accept" "-m comment --comment ${name}-exporter -j nixos-fw-accept"
]); ]);
networking.firewall.extraInputRules = mkIf (conf.openFirewall && nftables) conf.firewallRules; networking.firewall.extraInputRules = mkIf (conf.openFirewall && nftables) conf.firewallRules;
systemd.services."prometheus-${name}-exporter" = mkMerge ([ systemd.services."prometheus-${name}-exporter" = mkMerge [
{ {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
@ -381,14 +381,14 @@ let
serviceConfig.UMask = "0077"; serviceConfig.UMask = "0077";
} }
serviceOpts serviceOpts
]); ];
}; };
in in
{ {
options.services.prometheus.exporters = mkOption { options.services.prometheus.exporters = mkOption {
type = types.submodule { type = types.submodule {
options = (mkSubModules); options = mkSubModules;
imports = [ imports = [
../../../misc/assertions.nix ../../../misc/assertions.nix
(lib.mkRenamedOptionModule [ "unifi-poller" ] [ "unpoller" ]) (lib.mkRenamedOptionModule [ "unifi-poller" ] [ "unpoller" ])

4
nixos/modules/services/monitoring/prometheus/exporters/json.nix
View file

@ -49,9 +49,9 @@ in
For more information, take a look at the official documentation For more information, take a look at the official documentation
(https://github.com/prometheus-community/json_exporter) of the json_exporter. (https://github.com/prometheus-community/json_exporter) of the json_exporter.
'') '')
({ {
options.warnings = options.warnings; options.warnings = options.warnings;
options.assertions = options.assertions; options.assertions = options.assertions;
}) }
]; ];
} }

4
nixos/modules/services/monitoring/prometheus/exporters/nginx.nix
View file

@ -83,9 +83,9 @@ in
(mkRemovedOptionModule [ "insecure" ] '' (mkRemovedOptionModule [ "insecure" ] ''
This option was replaced by 'prometheus.exporters.nginx.sslVerify'. This option was replaced by 'prometheus.exporters.nginx.sslVerify'.
'') '')
({ {
options.warnings = options.warnings; options.warnings = options.warnings;
options.assertions = options.assertions; options.assertions = options.assertions;
}) }
]; ];
} }

4
nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix
View file

@ -188,9 +188,9 @@ in
into the cmdline of the exporter making the connection string effectively into the cmdline of the exporter making the connection string effectively
world-readable. world-readable.
'') '')
({ {
options.warnings = options.warnings; options.warnings = options.warnings;
options.assertions = options.assertions; options.assertions = options.assertions;
}) }
]; ];
} }

4
nixos/modules/services/monitoring/prometheus/exporters/pihole.nix
View file

@ -18,10 +18,10 @@ in
{ {
imports = [ imports = [
(mkRemovedOptionModule [ "interval" ] "This option has been removed.") (mkRemovedOptionModule [ "interval" ] "This option has been removed.")
({ {
options.warnings = options.warnings; options.warnings = options.warnings;
options.assertions = options.assertions; options.assertions = options.assertions;
}) }
]; ];
port = 9617; port = 9617;

4
nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix
View file

@ -111,9 +111,9 @@ in
For more information, take a look at the official documentation For more information, take a look at the official documentation
(https://github.com/prometheus-community/json_exporter) of the json_exporter. (https://github.com/prometheus-community/json_exporter) of the json_exporter.
'') '')
({ {
options.warnings = options.warnings; options.warnings = options.warnings;
options.assertions = options.assertions; options.assertions = options.assertions;
}) }
]; ];
} }

4
nixos/modules/services/monitoring/prometheus/exporters/unbound.nix
View file

@ -26,10 +26,10 @@ in
(mkRemovedOptionModule [ (mkRemovedOptionModule [
"fetchType" "fetchType"
] "This option was removed, use the `unbound.host` option instead.") ] "This option was removed, use the `unbound.host` option instead.")
({ {
options.warnings = options.warnings; options.warnings = options.warnings;
options.assertions = options.assertions; options.assertions = options.assertions;
}) }
]; ];
port = 9167; port = 9167;

10
nixos/modules/services/monitoring/thanos.nix
View file

@ -774,10 +774,8 @@ in
}; };
query-frontend = paramsToOptions params.query-frontend // { query-frontend = paramsToOptions params.query-frontend // {
enable = mkEnableOption ( enable = mkEnableOption "the Thanos query frontend implements a service deployed in front of queriers to
"the Thanos query frontend implements a service deployed in front of queriers to improve query parallelization and caching.";
improve query parallelization and caching."
);
arguments = mkArgumentsOption "query-frontend"; arguments = mkArgumentsOption "query-frontend";
}; };
@ -800,9 +798,7 @@ in
}; };
receive = paramsToOptions params.receive // { receive = paramsToOptions params.receive // {
enable = mkEnableOption ( enable = mkEnableOption "the Thanos receiver which accept Prometheus remote write API requests and write to local tsdb";
"the Thanos receiver which accept Prometheus remote write API requests and write to local tsdb"
);
arguments = mkArgumentsOption "receive"; arguments = mkArgumentsOption "receive";
}; };
}; };

2
nixos/modules/services/networking/bind.nix
View file

@ -336,7 +336,7 @@ in
ConfigurationDirectory = "bind"; ConfigurationDirectory = "bind";
ReadWritePaths = [ ReadWritePaths = [
(lib.mapAttrsToList ( (lib.mapAttrsToList (
name: config: if (lib.hasPrefix "/" config.file) then ("-${dirOf config.file}") else "" name: config: if (lib.hasPrefix "/" config.file) then "-${dirOf config.file}" else ""
) cfg.zones) ) cfg.zones)
cfg.directory cfg.directory
]; ];

4
nixos/modules/services/networking/cjdns.nix
View file

@ -170,7 +170,7 @@ in
''; '';
}; };
connectTo = lib.mkOption { connectTo = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule (connectToSubmodule)); type = lib.types.attrsOf (lib.types.submodule connectToSubmodule);
default = { }; default = { };
example = lib.literalExpression '' example = lib.literalExpression ''
{ {
@ -216,7 +216,7 @@ in
}; };
connectTo = lib.mkOption { connectTo = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule (connectToSubmodule)); type = lib.types.attrsOf (lib.types.submodule connectToSubmodule);
default = { }; default = { };
example = lib.literalExpression '' example = lib.literalExpression ''
{ {

4
nixos/modules/services/networking/hans.nix
View file

@ -37,7 +37,7 @@ in
} }
''; '';
type = lib.types.attrsOf ( type = lib.types.attrsOf (
lib.types.submodule ({ lib.types.submodule {
options = { options = {
server = lib.mkOption { server = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -60,7 +60,7 @@ in
}; };
}; };
}) }
); );
}; };

2
nixos/modules/services/networking/https-dns-proxy.nix
View file

@ -136,7 +136,7 @@ in
wants = [ "nss-lookup.target" ]; wants = [ "nss-lookup.target" ];
before = [ "nss-lookup.target" ]; before = [ "nss-lookup.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = rec { serviceConfig = {
Type = "exec"; Type = "exec";
DynamicUser = true; DynamicUser = true;
ProtectHome = "tmpfs"; ProtectHome = "tmpfs";

2
nixos/modules/services/networking/hylafax/options.nix
View file

@ -54,7 +54,7 @@ let
int int
listOf listOf
; ;
innerType = coercedTo bool (x: if x then "Yes" else "No") (coercedTo int (toString) str); innerType = coercedTo bool (x: if x then "Yes" else "No") (coercedTo int toString str);
in in
attrsOf (coercedTo innerType lib.singleton (listOf innerType)); attrsOf (coercedTo innerType lib.singleton (listOf innerType));

4
nixos/modules/services/networking/inadyn.nix
View file

@ -89,9 +89,9 @@ in
}; };
in in
{ {
enable = lib.mkEnableOption ('' enable = lib.mkEnableOption ''
synchronise your machine's IP address with a dynamic DNS provider using inadyn synchronise your machine's IP address with a dynamic DNS provider using inadyn
''); '';
user = lib.mkOption { user = lib.mkOption {
default = "inadyn"; default = "inadyn";
type = lib.types.str; type = lib.types.str;

4
nixos/modules/services/networking/iodine.nix
View file

@ -56,7 +56,7 @@ in
} }
''; '';
type = lib.types.attrsOf ( type = lib.types.attrsOf (
lib.types.submodule ({ lib.types.submodule {
options = { options = {
server = lib.mkOption { server = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -85,7 +85,7 @@ in
description = "Path to a file containing the password."; description = "Path to a file containing the password.";
}; };
}; };
}) }
); );
}; };

2
nixos/modules/services/networking/ivpn.nix
View file

@ -57,5 +57,5 @@ in
}; };
}; };
meta.maintainers = with lib.maintainers; [ ]; meta.maintainers = [ ];
} }

2
nixos/modules/services/networking/jool.nix
View file

@ -289,7 +289,7 @@ in
system.checks = lib.optional (cfg.nat64 != { } || cfg.siit != { }) ( system.checks = lib.optional (cfg.nat64 != { } || cfg.siit != { }) (
pkgs.runCommand "jool-validated" pkgs.runCommand "jool-validated"
{ {
nativeBuildInputs = with pkgs.buildPackages; [ jool-cli ]; nativeBuildInputs = [ jool-cli ];
preferLocalBuild = true; preferLocalBuild = true;
} }
( (

2
nixos/modules/services/networking/nat-iptables.nix
View file

@ -219,7 +219,7 @@ in
}; };
config = mkIf (!config.networking.nftables.enable) (mkMerge [ config = mkIf (!config.networking.nftables.enable) (mkMerge [
({ networking.firewall.extraCommands = mkBefore flushNat; }) { networking.firewall.extraCommands = mkBefore flushNat; }
(mkIf config.networking.nat.enable { (mkIf config.networking.nat.enable {
networking.firewall = mkIf config.networking.firewall.enable { networking.firewall = mkIf config.networking.firewall.enable {

Some files were not shown because too many files have changed in this diff Show more