talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixos: fix various modules after with lib removal (#370042)

Browse Source
This commit is contained in:
Masum Reza 2025-01-02 03:45:35 +05:30 committed by GitHub
commit f28864e00d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 45 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/security/certmgr.nix
View File

@ -130,7 +130,7 @@ in
type = addCheck str ( type = addCheck str (
x: x:
cfg.svcManager == "command" cfg.svcManager == "command"
|| elem x [ || lib.elem x [
"restart" "restart"
"reload" "reload"
"nop" "nop"

2
nixos/modules/services/security/cfssl.nix
View File

@ -193,7 +193,7 @@ in
ExecStart = ExecStart =
with cfg; with cfg;
let let
opt = n: v: optionalString (v != null) ''-${n}="${v}"''; opt = n: v: lib.optionalString (v != null) ''-${n}="${v}"'';
in in
lib.concatStringsSep " \\\n" [ lib.concatStringsSep " \\\n" [
"${pkgs.cfssl}/bin/cfssl serve" "${pkgs.cfssl}/bin/cfssl serve"

6
nixos/modules/services/security/endlessh-go.nix
View File

@ -94,14 +94,14 @@ in
Restart = "always"; Restart = "always";
ExecStart = ExecStart =
with cfg; with cfg;
concatStringsSep " " ( lib.concatStringsSep " " (
[ [
(lib.getExe cfg.package) (lib.getExe cfg.package)
"-logtostderr" "-logtostderr"
"-host=${listenAddress}" "-host=${listenAddress}"
"-port=${toString port}" "-port=${toString port}"
] ]
++ optionals prometheus.enable [ ++ lib.optionals prometheus.enable [
"-enable_prometheus" "-enable_prometheus"
"-prometheus_host=${prometheus.listenAddress}" "-prometheus_host=${prometheus.listenAddress}"
"-prometheus_port=${toString prometheus.port}" "-prometheus_port=${toString prometheus.port}"
@ -149,7 +149,7 @@ in
}; };
}; };
networking.firewall.allowedTCPPorts = with cfg; optionals openFirewall [ port ]; networking.firewall.allowedTCPPorts = with cfg; lib.optionals openFirewall [ port ];
}; };
meta.maintainers = with lib.maintainers; [ azahi ]; meta.maintainers = with lib.maintainers; [ azahi ];

4
nixos/modules/services/security/endlessh.nix
View File

@ -60,7 +60,7 @@ in
Restart = "always"; Restart = "always";
ExecStart = ExecStart =
with cfg; with cfg;
concatStringsSep " " ( lib.concatStringsSep " " (
[ [
"${pkgs.endlessh}/bin/endlessh" "${pkgs.endlessh}/bin/endlessh"
"-p ${toString port}" "-p ${toString port}"
@ -109,7 +109,7 @@ in
}; };
}; };
networking.firewall.allowedTCPPorts = with cfg; optionals openFirewall [ port ]; networking.firewall.allowedTCPPorts = with cfg; lib.optionals openFirewall [ port ];
}; };
meta.maintainers = with lib.maintainers; [ azahi ]; meta.maintainers = with lib.maintainers; [ azahi ];

65
nixos/modules/services/security/tor.nix
View File

@ -5,7 +5,6 @@
pkgs, pkgs,
... ...
}: }:
with builtins;
let let
cfg = config.services.tor; cfg = config.services.tor;
opt = options.services.tor; opt = options.services.tor;
@ -15,7 +14,7 @@ let
See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#${option}). See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#${option}).
''; '';
bindsPrivilegedPort = bindsPrivilegedPort =
any lib.any
( (
p0: p0:
let let
@ -25,7 +24,7 @@ let
false false
else else
let let
p2 = if isInt p1 then p1 else toInt p1; p2 = if lib.isInt p1 then p1 else lib.toInt p1;
in in
p1 != null && 0 < p2 && p2 < 1024 p1 != null && 0 < p2 && p2 < 1024
) )
@ -197,7 +196,7 @@ let
config = lib.mkIf doConfig { config = lib.mkIf doConfig {
# Only add flags in SOCKSPort to avoid duplicates # Only add flags in SOCKSPort to avoid duplicates
flags = flags =
filter (name: config.${name} == true) flags lib.filter (name: config.${name} == true) flags
++ lib.optional (config.SessionGroup != null) "SessionGroup=${toString config.SessionGroup}"; ++ lib.optional (config.SessionGroup != null) "SessionGroup=${toString config.SessionGroup}";
}; };
} }
@ -272,16 +271,16 @@ let
k: v: k: v:
if v == null then if v == null then
"" ""
else if isBool v then else if lib.isBool v then
(if v then "1" else "0") (if v then "1" else "0")
else if v ? "unix" && v.unix != null then else if v ? "unix" && v.unix != null then
"unix:" + v.unix + lib.optionalString (v ? "flags") (" " + concatStringsSep " " v.flags) "unix:" + v.unix + lib.optionalString (v ? "flags") (" " + lib.concatStringsSep " " v.flags)
else if v ? "port" && v.port != null then else if v ? "port" && v.port != null then
lib.optionalString (v ? "addr" && v.addr != null) "${v.addr}:" lib.optionalString (v ? "addr" && v.addr != null) "${v.addr}:"
+ toString v.port + toString v.port
+ lib.optionalString (v ? "flags") (" " + concatStringsSep " " v.flags) + lib.optionalString (v ? "flags") (" " + lib.concatStringsSep " " v.flags)
else if k == "ServerTransportPlugin" then else if k == "ServerTransportPlugin" then
lib.optionalString (v.transports != [ ]) "${concatStringsSep "," v.transports} exec ${v.exec}" lib.optionalString (v.transports != [ ]) "${lib.concatStringsSep "," v.transports} exec ${v.exec}"
else if k == "HidServAuth" then else if k == "HidServAuth" then
v.onion + " " + v.auth v.onion + " " + v.auth
else else
@ -298,7 +297,7 @@ let
k: v: k: v:
# Not necesssary, but prettier rendering # Not necesssary, but prettier rendering
if if
elem k [ lib.elem k [
"AutomapHostsSuffixes" "AutomapHostsSuffixes"
"DirPolicy" "DirPolicy"
"ExitPolicy" "ExitPolicy"
@ -306,7 +305,7 @@ let
] ]
&& v != [ ] && v != [ ]
then then
concatStringsSep "," v lib.concatStringsSep "," v
else else
v v
) (lib.filterAttrs (k: v: !(v == null || v == "")) settings) ) (lib.filterAttrs (k: v: !(v == null || v == "")) settings)
@ -750,7 +749,7 @@ in
]); ]);
apply = map ( apply = map (
v: v:
if isInt v then if lib.isInt v then
{ {
port = v; port = v;
target = null; target = null;
@ -816,7 +815,7 @@ in
settings.HiddenServiceVersion = config.version; settings.HiddenServiceVersion = config.version;
settings.HiddenServiceAuthorizeClient = settings.HiddenServiceAuthorizeClient =
if config.authorizeClient != null then if config.authorizeClient != null then
config.authorizeClient.authType + " " + concatStringsSep "," config.authorizeClient.clientNames config.authorizeClient.authType + " " + lib.concatStringsSep "," config.authorizeClient.clientNames
else else
null; null;
settings.HiddenServicePort = map ( settings.HiddenServicePort = map (
@ -998,7 +997,7 @@ in
} }
)) ))
]); ]);
apply = p: if isInt p || isString p then { port = p; } else p; apply = p: if lib.isInt p || lib.isString p then { port = p; } else p;
}; };
options.ExtORPortCookieAuthFile = optionPath "ExtORPortCookieAuthFile"; options.ExtORPortCookieAuthFile = optionPath "ExtORPortCookieAuthFile";
options.ExtORPortCookieAuthFileGroupReadable = optionBool "ExtORPortCookieAuthFileGroupReadable"; options.ExtORPortCookieAuthFileGroupReadable = optionBool "ExtORPortCookieAuthFileGroupReadable";
@ -1198,17 +1197,17 @@ in
lib.mapAttrsToList ( lib.mapAttrsToList (
n: o: n: o:
lib.optionals (o.settings.HiddenServiceVersion == 2) [ lib.optionals (o.settings.HiddenServiceVersion == 2) [
(optional (o.settings.HiddenServiceExportCircuitID != null) '' (lib.optional (o.settings.HiddenServiceExportCircuitID != null) ''
HiddenServiceExportCircuitID is used in the HiddenService: ${n} HiddenServiceExportCircuitID is used in the HiddenService: ${n}
but this option is only for v3 hidden services. but this option is only for v3 hidden services.
'') '')
] ]
++ lib.optionals (o.settings.HiddenServiceVersion != 2) [ ++ lib.optionals (o.settings.HiddenServiceVersion != 2) [
(optional (o.settings.HiddenServiceAuthorizeClient != null) '' (lib.optional (o.settings.HiddenServiceAuthorizeClient != null) ''
HiddenServiceAuthorizeClient is used in the HiddenService: ${n} HiddenServiceAuthorizeClient is used in the HiddenService: ${n}
but this option is only for v2 hidden services. but this option is only for v2 hidden services.
'') '')
(optional (o.settings.RendPostPeriod != null) '' (lib.optional (o.settings.RendPostPeriod != null) ''
RendPostPeriod is used in the HiddenService: ${n} RendPostPeriod is used in the HiddenService: ${n}
but this option is only for v2 hidden services. but this option is only for v2 hidden services.
'') '')
@ -1245,7 +1244,7 @@ in
} }
// //
lib.optionalAttrs lib.optionalAttrs
(elem cfg.relay.role [ (lib.elem cfg.relay.role [
"bridge" "bridge"
"private-bridge" "private-bridge"
]) ])
@ -1307,13 +1306,13 @@ in
networking.firewall = lib.mkIf cfg.openFirewall { networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = allowedTCPPorts =
concatMap lib.concatMap
( (
o: o:
if isInt o && o > 0 then if lib.isInt o && o > 0 then
[ o ] [ o ]
else else
lib.optionals (o ? "port" && isInt o.port && o.port > 0) [ o.port ] lib.optionals (o ? "port" && lib.isInt o.port && o.port > 0) [ o.port ]
) )
( (
lib.flatten [ lib.flatten [
@ -1341,40 +1340,40 @@ in
( (
"+" "+"
+ pkgs.writeShellScript "ExecStartPre" ( + pkgs.writeShellScript "ExecStartPre" (
concatStringsSep "\n" ( lib.concatStringsSep "\n" (
lib.flatten ( lib.flatten (
[ "set -eu" ] [ "set -eu" ]
++ lib.mapAttrsToList ( ++ lib.mapAttrsToList (
name: onion: name: onion:
lib.optional (onion.authorizedClients != [ ]) '' lib.optional (onion.authorizedClients != [ ]) ''
rm -rf ${escapeShellArg onion.path}/authorized_clients rm -rf ${lib.escapeShellArg onion.path}/authorized_clients
install -d -o tor -g tor -m 0700 ${escapeShellArg onion.path} ${escapeShellArg onion.path}/authorized_clients install -d -o tor -g tor -m 0700 ${lib.escapeShellArg onion.path} ${lib.escapeShellArg onion.path}/authorized_clients
'' ''
++ imap0 (i: pubKey: '' ++ lib.imap0 (i: pubKey: ''
echo ${pubKey} | echo ${pubKey} |
install -o tor -g tor -m 0400 /dev/stdin ${escapeShellArg onion.path}/authorized_clients/${toString i}.auth install -o tor -g tor -m 0400 /dev/stdin ${lib.escapeShellArg onion.path}/authorized_clients/${toString i}.auth
'') onion.authorizedClients '') onion.authorizedClients
++ lib.optional (onion.secretKey != null) '' ++ lib.optional (onion.secretKey != null) ''
install -d -o tor -g tor -m 0700 ${escapeShellArg onion.path} install -d -o tor -g tor -m 0700 ${lib.escapeShellArg onion.path}
key="$(cut -f1 -d: ${escapeShellArg onion.secretKey} | head -1)" key="$(cut -f1 -d: ${lib.escapeShellArg onion.secretKey} | head -1)"
case "$key" in case "$key" in
("== ed25519v"*"-secret") ("== ed25519v"*"-secret")
install -o tor -g tor -m 0400 ${escapeShellArg onion.secretKey} ${escapeShellArg onion.path}/hs_ed25519_secret_key;; install -o tor -g tor -m 0400 ${lib.escapeShellArg onion.secretKey} ${lib.escapeShellArg onion.path}/hs_ed25519_secret_key;;
(*) echo >&2 "NixOS does not (yet) support secret key type for onion: ${name}"; exit 1;; (*) echo >&2 "NixOS does not (yet) support secret key type for onion: ${name}"; exit 1;;
esac esac
'' ''
) cfg.relay.onionServices ) cfg.relay.onionServices
++ lib.mapAttrsToList ( ++ lib.mapAttrsToList (
name: onion: name: onion:
imap0 ( lib.imap0 (
i: prvKeyPath: i: prvKeyPath:
let let
hostname = removeSuffix ".onion" name; hostname = lib.removeSuffix ".onion" name;
in in
'' ''
printf "%s:" ${escapeShellArg hostname} | cat - ${escapeShellArg prvKeyPath} | printf "%s:" ${lib.escapeShellArg hostname} | cat - ${lib.escapeShellArg prvKeyPath} |
install -o tor -g tor -m 0700 /dev/stdin \ install -o tor -g tor -m 0700 /dev/stdin \
${runDir}/ClientOnionAuthDir/${escapeShellArg hostname}.${toString i}.auth_private ${runDir}/ClientOnionAuthDir/${lib.escapeShellArg hostname}.${toString i}.auth_private
'' ''
) onion.clientAuthorizations ) onion.clientAuthorizations
) cfg.client.onionServices ) cfg.client.onionServices
@ -1417,7 +1416,7 @@ in
BindPaths = [ stateDir ]; BindPaths = [ stateDir ];
BindReadOnlyPaths = BindReadOnlyPaths =
[ [
storeDir builtins.storeDir
"/etc" "/etc"
] ]
++ lib.optionals config.services.resolved.enable [ ++ lib.optionals config.services.resolved.enable [

6
nixos/modules/services/system/cloud-init.nix
View File

@ -17,9 +17,9 @@ let
util-linux util-linux
busybox busybox
] ]
++ optional cfg.btrfs.enable btrfs-progs ++ lib.optional cfg.btrfs.enable btrfs-progs
++ optional cfg.ext4.enable e2fsprogs ++ lib.optional cfg.ext4.enable e2fsprogs
++ optional cfg.xfs.enable xfsprogs ++ lib.optional cfg.xfs.enable xfsprogs
++ cfg.extraPackages; ++ cfg.extraPackages;
hasFs = fsName: lib.any (fs: fs.fsType == fsName) (lib.attrValues config.fileSystems); hasFs = fsName: lib.any (fs: fs.fsType == fsName) (lib.attrValues config.fileSystems);
settingsFormat = pkgs.formats.yaml { }; settingsFormat = pkgs.formats.yaml { };

6
nixos/modules/services/torrent/magnetico.nix
View File

@ -15,7 +15,7 @@ let
credentialsFile credentialsFile
else else
pkgs.writeText "magnetico-credentials" ( pkgs.writeText "magnetico-credentials" (
concatStrings (mapAttrsToList (user: hash: "${user}:${hash}\n") cfg.web.credentials) lib.concatStrings (lib.mapAttrsToList (user: hash: "${user}:${hash}\n") cfg.web.credentials)
); );
# default options in magneticod/main.go # default options in magneticod/main.go
@ -28,7 +28,7 @@ let
crawlerArgs = crawlerArgs =
with cfg.crawler; with cfg.crawler;
escapeShellArgs ( lib.escapeShellArgs (
[ [
"--database=${dbURI}" "--database=${dbURI}"
"--indexer-addr=${address}:${toString port}" "--indexer-addr=${address}:${toString port}"
@ -40,7 +40,7 @@ let
webArgs = webArgs =
with cfg.web; with cfg.web;
escapeShellArgs ( lib.escapeShellArgs (
[ [
"--database=${dbURI}" "--database=${dbURI}"
( (