pyrox.dev
Merge pull request #18511 from ericsagnes/feat/remove-optionSet
modules: optionSet -> submodule
+1
-1
lib/types.nix
+1
-1
lib/types.nix
···
261
# declarations from the ‘options’ attribute of containing option
262
# declaration.
263
optionSet = mkOptionType {
264
-
name = /* builtins.trace "types.optionSet is deprecated; use types.submodule instead" */ "option set";
265
};
266
267
# Augment the given type with an additional type check function.
···
261
# declarations from the ‘options’ attribute of containing option
262
# declaration.
263
optionSet = mkOptionType {
264
+
name = builtins.trace "types.optionSet is deprecated; use types.submodule instead" "option set";
265
};
266
267
# Augment the given type with an additional type check function.
+30
-30
nixos/modules/config/users-groups.nix
+30
-30
nixos/modules/config/users-groups.nix
···
131
};
132
133
subUidRanges = mkOption {
134
-
type = types.listOf types.optionSet;
135
default = [];
136
example = [
137
{ startUid = 1000; count = 1; }
138
{ startUid = 100001; count = 65534; }
139
];
140
-
options = [ subordinateUidRange ];
141
description = ''
142
Subordinate user ids that user is allowed to use.
143
They are set into <filename>/etc/subuid</filename> and are used
···
146
};
147
148
subGidRanges = mkOption {
149
-
type = types.listOf types.optionSet;
150
default = [];
151
example = [
152
{ startGid = 100; count = 1; }
153
{ startGid = 1001; count = 999; }
154
];
155
-
options = [ subordinateGidRange ];
156
description = ''
157
Subordinate group ids that user is allowed to use.
158
They are set into <filename>/etc/subgid</filename> and are used
···
310
};
311
312
subordinateUidRange = {
313
-
startUid = mkOption {
314
-
type = types.int;
315
-
description = ''
316
-
Start of the range of subordinate user ids that user is
317
-
allowed to use.
318
-
'';
319
-
};
320
-
count = mkOption {
321
-
type = types.int;
322
-
default = 1;
323
-
description = ''Count of subordinate user ids'';
324
};
325
};
326
327
subordinateGidRange = {
328
-
startGid = mkOption {
329
-
type = types.int;
330
-
description = ''
331
-
Start of the range of subordinate group ids that user is
332
-
allowed to use.
333
-
'';
334
-
};
335
-
count = mkOption {
336
-
type = types.int;
337
-
default = 1;
338
-
description = ''Count of subordinate group ids'';
339
};
340
};
341
···
428
429
users.users = mkOption {
430
default = {};
431
-
type = types.loaOf types.optionSet;
432
example = {
433
alice = {
434
uid = 1234;
···
444
Additional user accounts to be created automatically by the system.
445
This can also be used to set options for root.
446
'';
447
-
options = [ userOpts ];
448
};
449
450
users.groups = mkOption {
···
453
{ students.gid = 1001;
454
hackers = { };
455
};
456
-
type = types.loaOf types.optionSet;
457
description = ''
458
Additional groups to be created automatically by the system.
459
'';
460
-
options = [ groupOpts ];
461
};
462
463
# FIXME: obsolete - will remove.
···
131
};
132
133
subUidRanges = mkOption {
134
+
type = with types; listOf (submodule subordinateUidRange);
135
default = [];
136
example = [
137
{ startUid = 1000; count = 1; }
138
{ startUid = 100001; count = 65534; }
139
];
140
description = ''
141
Subordinate user ids that user is allowed to use.
142
They are set into <filename>/etc/subuid</filename> and are used
···
145
};
146
147
subGidRanges = mkOption {
148
+
type = with types; listOf (submodule subordinateGidRange);
149
default = [];
150
example = [
151
{ startGid = 100; count = 1; }
152
{ startGid = 1001; count = 999; }
153
];
154
description = ''
155
Subordinate group ids that user is allowed to use.
156
They are set into <filename>/etc/subgid</filename> and are used
···
308
};
309
310
subordinateUidRange = {
311
+
options = {
312
+
startUid = mkOption {
313
+
type = types.int;
314
+
description = ''
315
+
Start of the range of subordinate user ids that user is
316
+
allowed to use.
317
+
'';
318
+
};
319
+
count = mkOption {
320
+
type = types.int;
321
+
default = 1;
322
+
description = ''Count of subordinate user ids'';
323
+
};
324
};
325
};
326
327
subordinateGidRange = {
328
+
options = {
329
+
startGid = mkOption {
330
+
type = types.int;
331
+
description = ''
332
+
Start of the range of subordinate group ids that user is
333
+
allowed to use.
334
+
'';
335
+
};
336
+
count = mkOption {
337
+
type = types.int;
338
+
default = 1;
339
+
description = ''Count of subordinate group ids'';
340
+
};
341
};
342
};
343
···
430
431
users.users = mkOption {
432
default = {};
433
+
type = with types; loaOf (submodule userOpts);
434
example = {
435
alice = {
436
uid = 1234;
···
446
Additional user accounts to be created automatically by the system.
447
This can also be used to set options for root.
448
'';
449
};
450
451
users.groups = mkOption {
···
454
{ students.gid = 1001;
455
hackers = { };
456
};
457
+
type = with types; loaOf (submodule groupOpts);
458
description = ''
459
Additional groups to be created automatically by the system.
460
'';
461
};
462
463
# FIXME: obsolete - will remove.
+1
-2
nixos/modules/security/acme.nix
+1
-2
nixos/modules/security/acme.nix
+1
-2
nixos/modules/security/pam.nix
+1
-2
nixos/modules/security/pam.nix
+3
-6
nixos/modules/services/backup/bacula.nix
+3
-6
nixos/modules/services/backup/bacula.nix
···
198
description = ''
199
This option defines director resources in Bacula File Daemon.
200
'';
201
-
type = types.attrsOf types.optionSet;
202
-
options = [ directorOptions ];
203
};
204
205
extraClientConfig = mkOption {
···
253
description = ''
254
This option defines Director resources in Bacula Storage Daemon.
255
'';
256
-
type = types.attrsOf types.optionSet;
257
-
options = [ directorOptions ];
258
};
259
260
device = mkOption {
···
262
description = ''
263
This option defines Device resources in Bacula Storage Daemon.
264
'';
265
-
type = types.attrsOf types.optionSet;
266
-
options = [ deviceOptions ];
267
};
268
269
extraStorageConfig = mkOption {
···
198
description = ''
199
This option defines director resources in Bacula File Daemon.
200
'';
201
+
type = with types; attrsOf (submodule directorOptions);
202
};
203
204
extraClientConfig = mkOption {
···
252
description = ''
253
This option defines Director resources in Bacula Storage Daemon.
254
'';
255
+
type = with types; attrsOf (submodule directorOptions);
256
};
257
258
device = mkOption {
···
260
description = ''
261
This option defines Device resources in Bacula Storage Daemon.
262
'';
263
+
type = with types; attrsOf (submodule deviceOptions);
264
};
265
266
extraStorageConfig = mkOption {
+2
-3
nixos/modules/services/hardware/sane_extra_backends/brscan4.nix
+2
-3
nixos/modules/services/hardware/sane_extra_backends/brscan4.nix
···
81
{ office1 = { model = "MFC-7860DW"; ip = "192.168.1.2"; };
82
office2 = { model = "MFC-7860DW"; nodename = "BRW0080927AFBCE"; };
83
};
84
-
type = types.loaOf types.optionSet;
85
description = ''
86
The list of network devices that will be registered against the brscan4
87
sane backend.
88
'';
89
-
options = [ netDeviceOpts ];
90
};
91
};
92
···
113
];
114
115
};
116
-
}
···
81
{ office1 = { model = "MFC-7860DW"; ip = "192.168.1.2"; };
82
office2 = { model = "MFC-7860DW"; nodename = "BRW0080927AFBCE"; };
83
};
84
+
type = with types; loaOf (submodule netDeviceOpts);
85
description = ''
86
The list of network devices that will be registered against the brscan4
87
sane backend.
88
'';
89
};
90
};
91
···
112
];
113
114
};
115
+
}
+35
-33
nixos/modules/services/logging/logcheck.nix
+35
-33
nixos/modules/services/logging/logcheck.nix
···
62
};
63
64
ignoreOptions = {
65
-
level = levelOption;
66
67
-
regex = mkOption {
68
-
default = "";
69
-
type = types.str;
70
-
description = ''
71
-
Regex specifying which log lines to ignore.
72
-
'';
73
};
74
};
75
76
ignoreCronOptions = {
77
-
user = mkOption {
78
-
default = "root";
79
-
type = types.str;
80
-
description = ''
81
-
User that runs the cronjob.
82
-
'';
83
-
};
84
85
-
cmdline = mkOption {
86
-
default = "";
87
-
type = types.str;
88
-
description = ''
89
-
Command line for the cron job. Will be turned into a regex for the logcheck ignore rule.
90
-
'';
91
-
};
92
93
-
timeArgs = mkOption {
94
-
default = null;
95
-
type = types.nullOr (types.str);
96
-
example = "02 06 * * *";
97
-
description = ''
98
-
"min hr dom mon dow" crontab time args, to auto-create a cronjob too.
99
-
Leave at null to not do this and just add a logcheck ignore rule.
100
-
'';
101
};
102
};
103
···
180
description = ''
181
This option defines extra ignore rules.
182
'';
183
-
type = types.loaOf types.optionSet;
184
-
options = [ ignoreOptions ];
185
};
186
187
ignoreCron = mkOption {
···
189
description = ''
190
This option defines extra ignore rules for cronjobs.
191
'';
192
-
type = types.loaOf types.optionSet;
193
-
options = [ ignoreOptions ignoreCronOptions ];
194
};
195
196
extraGroups = mkOption {
···
62
};
63
64
ignoreOptions = {
65
+
options = {
66
+
level = levelOption;
67
68
+
regex = mkOption {
69
+
default = "";
70
+
type = types.str;
71
+
description = ''
72
+
Regex specifying which log lines to ignore.
73
+
'';
74
+
};
75
};
76
};
77
78
ignoreCronOptions = {
79
+
options = {
80
+
user = mkOption {
81
+
default = "root";
82
+
type = types.str;
83
+
description = ''
84
+
User that runs the cronjob.
85
+
'';
86
+
};
87
88
+
cmdline = mkOption {
89
+
default = "";
90
+
type = types.str;
91
+
description = ''
92
+
Command line for the cron job. Will be turned into a regex for the logcheck ignore rule.
93
+
'';
94
+
};
95
96
+
timeArgs = mkOption {
97
+
default = null;
98
+
type = types.nullOr (types.str);
99
+
example = "02 06 * * *";
100
+
description = ''
101
+
"min hr dom mon dow" crontab time args, to auto-create a cronjob too.
102
+
Leave at null to not do this and just add a logcheck ignore rule.
103
+
'';
104
+
};
105
};
106
};
107
···
184
description = ''
185
This option defines extra ignore rules.
186
'';
187
+
type = with types; loaOf (submodule ignoreOptions);
188
};
189
190
ignoreCron = mkOption {
···
192
description = ''
193
This option defines extra ignore rules for cronjobs.
194
'';
195
+
type = with types; loaOf (submodule ignoreCronOptions);
196
};
197
198
extraGroups = mkOption {
+38
-40
nixos/modules/services/misc/rippled.nix
+38
-40
nixos/modules/services/misc/rippled.nix
···
154
};
155
156
dbOptions = {
157
-
type = mkOption {
158
-
description = "Rippled database type.";
159
-
type = types.enum ["rocksdb" "nudb"];
160
-
default = "rocksdb";
161
-
};
162
163
-
path = mkOption {
164
-
description = "Location to store the database.";
165
-
type = types.path;
166
-
default = cfg.databasePath;
167
-
};
168
169
-
compression = mkOption {
170
-
description = "Whether to enable snappy compression.";
171
-
type = types.nullOr types.bool;
172
-
default = null;
173
-
};
174
175
-
onlineDelete = mkOption {
176
-
description = "Enable automatic purging of older ledger information.";
177
-
type = types.addCheck (types.nullOr types.int) (v: v > 256);
178
-
default = cfg.ledgerHistory;
179
-
};
180
181
-
advisoryDelete = mkOption {
182
-
description = ''
183
-
If set, then require administrative RPC call "can_delete"
184
-
to enable online deletion of ledger records.
185
-
'';
186
-
type = types.nullOr types.bool;
187
-
default = null;
188
-
};
189
190
-
extraOpts = mkOption {
191
-
description = "Extra database options.";
192
-
type = types.lines;
193
-
default = "";
194
};
195
};
196
···
213
214
ports = mkOption {
215
description = "Ports exposed by rippled";
216
-
type = types.attrsOf types.optionSet;
217
-
options = [portOptions];
218
default = {
219
rpc = {
220
port = 5005;
···
238
239
nodeDb = mkOption {
240
description = "Rippled main database options.";
241
-
type = types.nullOr types.optionSet;
242
-
options = dbOptions;
243
default = {
244
type = "rocksdb";
245
extraOpts = ''
···
254
255
tempDb = mkOption {
256
description = "Rippled temporary database options.";
257
-
type = types.nullOr types.optionSet;
258
-
options = dbOptions;
259
default = null;
260
};
261
262
importDb = mkOption {
263
description = "Settings for performing a one-time import.";
264
-
type = types.nullOr types.optionSet;
265
-
options = dbOptions;
266
default = null;
267
};
268
···
154
};
155
156
dbOptions = {
157
+
options = {
158
+
type = mkOption {
159
+
description = "Rippled database type.";
160
+
type = types.enum ["rocksdb" "nudb"];
161
+
default = "rocksdb";
162
+
};
163
164
+
path = mkOption {
165
+
description = "Location to store the database.";
166
+
type = types.path;
167
+
default = cfg.databasePath;
168
+
};
169
170
+
compression = mkOption {
171
+
description = "Whether to enable snappy compression.";
172
+
type = types.nullOr types.bool;
173
+
default = null;
174
+
};
175
176
+
onlineDelete = mkOption {
177
+
description = "Enable automatic purging of older ledger information.";
178
+
type = types.addCheck (types.nullOr types.int) (v: v > 256);
179
+
default = cfg.ledgerHistory;
180
+
};
181
182
+
advisoryDelete = mkOption {
183
+
description = ''
184
+
If set, then require administrative RPC call "can_delete"
185
+
to enable online deletion of ledger records.
186
+
'';
187
+
type = types.nullOr types.bool;
188
+
default = null;
189
+
};
190
191
+
extraOpts = mkOption {
192
+
description = "Extra database options.";
193
+
type = types.lines;
194
+
default = "";
195
+
};
196
};
197
};
198
···
215
216
ports = mkOption {
217
description = "Ports exposed by rippled";
218
+
type = with types; attrsOf (submodule portOptions);
219
default = {
220
rpc = {
221
port = 5005;
···
239
240
nodeDb = mkOption {
241
description = "Rippled main database options.";
242
+
type = with types; nullOr (submodule dbOptions);
243
default = {
244
type = "rocksdb";
245
extraOpts = ''
···
254
255
tempDb = mkOption {
256
description = "Rippled temporary database options.";
257
+
type = with types; nullOr (submodule dbOptions);
258
default = null;
259
};
260
261
importDb = mkOption {
262
description = "Settings for performing a one-time import.";
263
+
type = with types; nullOr (submodule dbOptions);
264
default = null;
265
};
266
+1
-2
nixos/modules/services/monitoring/smartd.nix
+1
-2
nixos/modules/services/monitoring/smartd.nix
+1
-2
nixos/modules/services/monitoring/ups.nix
+1
-2
nixos/modules/services/monitoring/ups.nix
+131
-129
nixos/modules/services/network-filesystems/tahoe.nix
+131
-129
nixos/modules/services/network-filesystems/tahoe.nix
···
8
options.services.tahoe = {
9
introducers = mkOption {
10
default = {};
11
-
type = types.loaOf types.optionSet;
12
description = ''
13
The Tahoe introducers.
14
'';
15
-
options = {
16
-
nickname = mkOption {
17
-
type = types.str;
18
-
description = ''
19
-
The nickname of this Tahoe introducer.
20
-
'';
21
-
};
22
-
tub.port = mkOption {
23
-
default = 3458;
24
-
type = types.int;
25
-
description = ''
26
-
The port on which the introducer will listen.
27
-
'';
28
-
};
29
-
tub.location = mkOption {
30
-
default = null;
31
-
type = types.nullOr types.str;
32
-
description = ''
33
-
The external location that the introducer should listen on.
34
-
35
-
If specified, the port should be included.
36
-
'';
37
-
};
38
-
package = mkOption {
39
-
default = pkgs.tahoelafs;
40
-
defaultText = "pkgs.tahoelafs";
41
-
type = types.package;
42
-
example = literalExample "pkgs.tahoelafs";
43
-
description = ''
44
-
The package to use for the Tahoe LAFS daemon.
45
-
'';
46
-
};
47
-
};
48
};
49
nodes = mkOption {
50
default = {};
51
-
type = types.loaOf types.optionSet;
52
-
description = ''
53
-
The Tahoe nodes.
54
-
'';
55
-
options = {
56
-
nickname = mkOption {
57
-
type = types.str;
58
-
description = ''
59
-
The nickname of this Tahoe node.
60
-
'';
61
-
};
62
-
tub.port = mkOption {
63
-
default = 3457;
64
-
type = types.int;
65
-
description = ''
66
-
The port on which the tub will listen.
67
68
-
This is the correct setting to tweak if you want Tahoe's storage
69
-
system to listen on a different port.
70
-
'';
71
-
};
72
-
tub.location = mkOption {
73
-
default = null;
74
-
type = types.nullOr types.str;
75
-
description = ''
76
-
The external location that the node should listen on.
77
78
-
This is the setting to tweak if there are multiple interfaces
79
-
and you want to alter which interface Tahoe is advertising.
80
81
-
If specified, the port should be included.
82
-
'';
83
-
};
84
-
web.port = mkOption {
85
-
default = 3456;
86
-
type = types.int;
87
-
description = ''
88
-
The port on which the Web server will listen.
89
90
-
This is the correct setting to tweak if you want Tahoe's WUI to
91
-
listen on a different port.
92
-
'';
93
-
};
94
-
client.introducer = mkOption {
95
-
default = null;
96
-
type = types.nullOr types.str;
97
-
description = ''
98
-
The furl for a Tahoe introducer node.
99
100
-
Like all furls, keep this safe and don't share it.
101
-
'';
102
-
};
103
-
client.helper = mkOption {
104
-
default = null;
105
-
type = types.nullOr types.str;
106
-
description = ''
107
-
The furl for a Tahoe helper node.
108
109
-
Like all furls, keep this safe and don't share it.
110
-
'';
111
-
};
112
-
client.shares.needed = mkOption {
113
-
default = 3;
114
-
type = types.int;
115
-
description = ''
116
-
The number of shares required to reconstitute a file.
117
-
'';
118
-
};
119
-
client.shares.happy = mkOption {
120
-
default = 7;
121
-
type = types.int;
122
-
description = ''
123
-
The number of distinct storage nodes required to store
124
-
a file.
125
-
'';
126
-
};
127
-
client.shares.total = mkOption {
128
-
default = 10;
129
-
type = types.int;
130
-
description = ''
131
-
The number of shares required to store a file.
132
-
'';
133
-
};
134
-
storage.enable = mkEnableOption "storage service";
135
-
storage.reservedSpace = mkOption {
136
-
default = "1G";
137
-
type = types.str;
138
-
description = ''
139
-
The amount of filesystem space to not use for storage.
140
-
'';
141
-
};
142
-
helper.enable = mkEnableOption "helper service";
143
-
package = mkOption {
144
-
default = pkgs.tahoelafs;
145
-
defaultText = "pkgs.tahoelafs";
146
-
type = types.package;
147
-
example = literalExample "pkgs.tahoelafs";
148
-
description = ''
149
-
The package to use for the Tahoe LAFS daemon.
150
-
'';
151
};
152
-
};
153
};
154
};
155
config = mkMerge [
···
8
options.services.tahoe = {
9
introducers = mkOption {
10
default = {};
11
+
type = with types; loaOf (submodule {
12
+
options = {
13
+
nickname = mkOption {
14
+
type = types.str;
15
+
description = ''
16
+
The nickname of this Tahoe introducer.
17
+
'';
18
+
};
19
+
tub.port = mkOption {
20
+
default = 3458;
21
+
type = types.int;
22
+
description = ''
23
+
The port on which the introducer will listen.
24
+
'';
25
+
};
26
+
tub.location = mkOption {
27
+
default = null;
28
+
type = types.nullOr types.str;
29
+
description = ''
30
+
The external location that the introducer should listen on.
31
+
32
+
If specified, the port should be included.
33
+
'';
34
+
};
35
+
package = mkOption {
36
+
default = pkgs.tahoelafs;
37
+
defaultText = "pkgs.tahoelafs";
38
+
type = types.package;
39
+
example = literalExample "pkgs.tahoelafs";
40
+
description = ''
41
+
The package to use for the Tahoe LAFS daemon.
42
+
'';
43
+
};
44
+
};
45
+
});
46
description = ''
47
The Tahoe introducers.
48
'';
49
};
50
nodes = mkOption {
51
default = {};
52
+
type = with types; loaOf (submodule {
53
+
options = {
54
+
nickname = mkOption {
55
+
type = types.str;
56
+
description = ''
57
+
The nickname of this Tahoe node.
58
+
'';
59
+
};
60
+
tub.port = mkOption {
61
+
default = 3457;
62
+
type = types.int;
63
+
description = ''
64
+
The port on which the tub will listen.
65
66
+
This is the correct setting to tweak if you want Tahoe's storage
67
+
system to listen on a different port.
68
+
'';
69
+
};
70
+
tub.location = mkOption {
71
+
default = null;
72
+
type = types.nullOr types.str;
73
+
description = ''
74
+
The external location that the node should listen on.
75
76
+
This is the setting to tweak if there are multiple interfaces
77
+
and you want to alter which interface Tahoe is advertising.
78
79
+
If specified, the port should be included.
80
+
'';
81
+
};
82
+
web.port = mkOption {
83
+
default = 3456;
84
+
type = types.int;
85
+
description = ''
86
+
The port on which the Web server will listen.
87
88
+
This is the correct setting to tweak if you want Tahoe's WUI to
89
+
listen on a different port.
90
+
'';
91
+
};
92
+
client.introducer = mkOption {
93
+
default = null;
94
+
type = types.nullOr types.str;
95
+
description = ''
96
+
The furl for a Tahoe introducer node.
97
98
+
Like all furls, keep this safe and don't share it.
99
+
'';
100
+
};
101
+
client.helper = mkOption {
102
+
default = null;
103
+
type = types.nullOr types.str;
104
+
description = ''
105
+
The furl for a Tahoe helper node.
106
107
+
Like all furls, keep this safe and don't share it.
108
+
'';
109
+
};
110
+
client.shares.needed = mkOption {
111
+
default = 3;
112
+
type = types.int;
113
+
description = ''
114
+
The number of shares required to reconstitute a file.
115
+
'';
116
+
};
117
+
client.shares.happy = mkOption {
118
+
default = 7;
119
+
type = types.int;
120
+
description = ''
121
+
The number of distinct storage nodes required to store
122
+
a file.
123
+
'';
124
+
};
125
+
client.shares.total = mkOption {
126
+
default = 10;
127
+
type = types.int;
128
+
description = ''
129
+
The number of shares required to store a file.
130
+
'';
131
+
};
132
+
storage.enable = mkEnableOption "storage service";
133
+
storage.reservedSpace = mkOption {
134
+
default = "1G";
135
+
type = types.str;
136
+
description = ''
137
+
The amount of filesystem space to not use for storage.
138
+
'';
139
+
};
140
+
helper.enable = mkEnableOption "helper service";
141
+
package = mkOption {
142
+
default = pkgs.tahoelafs;
143
+
defaultText = "pkgs.tahoelafs";
144
+
type = types.package;
145
+
example = literalExample "pkgs.tahoelafs";
146
+
description = ''
147
+
The package to use for the Tahoe LAFS daemon.
148
+
'';
149
+
};
150
};
151
+
});
152
+
description = ''
153
+
The Tahoe nodes.
154
+
'';
155
};
156
};
157
config = mkMerge [
+27
-28
nixos/modules/services/networking/i2pd.nix
+27
-28
nixos/modules/services/networking/i2pd.nix
···
187
188
outTunnels = mkOption {
189
default = {};
190
-
type = with types; loaOf optionSet;
191
description = ''
192
Connect to someone as a client and establish a local accept endpoint
193
'';
194
-
options = [ ({ name, config, ... }: {
195
-
options = commonTunOpts name;
196
-
config = {
197
-
name = mkDefault name;
198
-
};
199
-
}) ];
200
};
201
202
inTunnels = mkOption {
203
default = {};
204
-
type = with types; loaOf optionSet;
205
description = ''
206
Serve something on I2P network at port and delegate requests to address inPort.
207
'';
208
-
options = [ ({ name, config, ... }: {
209
-
210
-
options = {
211
-
inPort = mkOption {
212
-
type = types.int;
213
-
default = 0;
214
-
description = "Service port. Default to the tunnel's listen port.";
215
-
};
216
-
accessList = mkOption {
217
-
type = with types; listOf str;
218
-
default = [];
219
-
description = "I2P nodes that are allowed to connect to this service.";
220
-
};
221
-
} // commonTunOpts name;
222
-
223
-
config = {
224
-
name = mkDefault name;
225
-
};
226
-
227
-
}) ];
228
};
229
};
230
};
···
187
188
outTunnels = mkOption {
189
default = {};
190
+
type = with types; loaOf (submodule (
191
+
{ name, config, ... }: {
192
+
options = commonTunOpts name;
193
+
config = {
194
+
name = mkDefault name;
195
+
};
196
+
}
197
+
));
198
description = ''
199
Connect to someone as a client and establish a local accept endpoint
200
'';
201
};
202
203
inTunnels = mkOption {
204
default = {};
205
+
type = with types; loaOf (submodule (
206
+
{ name, config, ... }: {
207
+
options = {
208
+
inPort = mkOption {
209
+
type = types.int;
210
+
default = 0;
211
+
description = "Service port. Default to the tunnel's listen port.";
212
+
};
213
+
accessList = mkOption {
214
+
type = with types; listOf str;
215
+
default = [];
216
+
description = "I2P nodes that are allowed to connect to this service.";
217
+
};
218
+
} // commonTunOpts name;
219
+
config = {
220
+
name = mkDefault name;
221
+
};
222
+
}
223
+
));
224
description = ''
225
Serve something on I2P network at port and delegate requests to address inPort.
226
'';
227
};
228
};
229
};
+15
-15
nixos/modules/services/networking/nat.nix
+15
-15
nixos/modules/services/networking/nat.nix
···
122
};
123
124
networking.nat.forwardPorts = mkOption {
125
-
type = types.listOf types.optionSet;
126
-
default = [];
127
-
example = [ { sourcePort = 8080; destination = "10.0.0.1:80"; } ];
128
-
options = {
129
-
sourcePort = mkOption {
130
-
type = types.int;
131
-
example = 8080;
132
-
description = "Source port of the external interface";
133
-
};
134
135
-
destination = mkOption {
136
-
type = types.str;
137
-
example = "10.0.0.1:80";
138
-
description = "Forward tcp connection to destination ip:port";
139
};
140
-
};
141
-
142
description =
143
''
144
List of forwarded ports from the external interface to
···
122
};
123
124
networking.nat.forwardPorts = mkOption {
125
+
type = with types; listOf (submodule {
126
+
options = {
127
+
sourcePort = mkOption {
128
+
type = types.int;
129
+
example = 8080;
130
+
description = "Source port of the external interface";
131
+
};
132
133
+
destination = mkOption {
134
+
type = types.str;
135
+
example = "10.0.0.1:80";
136
+
description = "Forward tcp connection to destination ip:port";
137
+
};
138
};
139
+
});
140
+
default = [];
141
+
example = [ { sourcePort = 8080; destination = "10.0.0.1:80"; } ];
142
description =
143
''
144
List of forwarded ports from the external interface to
+40
-38
nixos/modules/services/networking/openvpn.nix
+40
-38
nixos/modules/services/networking/openvpn.nix
···
116
attribute name.
117
'';
118
119
-
type = types.attrsOf types.optionSet;
120
121
-
options = {
122
123
-
config = mkOption {
124
-
type = types.lines;
125
-
description = ''
126
-
Configuration of this OpenVPN instance. See
127
-
<citerefentry><refentrytitle>openvpn</refentrytitle><manvolnum>8</manvolnum></citerefentry>
128
-
for details.
129
-
'';
130
-
};
131
132
-
up = mkOption {
133
-
default = "";
134
-
type = types.lines;
135
-
description = ''
136
-
Shell commands executed when the instance is starting.
137
-
'';
138
-
};
139
140
-
down = mkOption {
141
-
default = "";
142
-
type = types.lines;
143
-
description = ''
144
-
Shell commands executed when the instance is shutting down.
145
-
'';
146
-
};
147
148
-
autoStart = mkOption {
149
-
default = true;
150
-
type = types.bool;
151
-
description = "Whether this OpenVPN instance should be started automatically.";
152
-
};
153
154
-
updateResolvConf = mkOption {
155
-
default = false;
156
-
type = types.bool;
157
-
description = ''
158
-
Use the script from the update-resolv-conf package to automatically
159
-
update resolv.conf with the DNS information provided by openvpn. The
160
-
script will be run after the "up" commands and before the "down" commands.
161
-
'';
162
};
163
164
-
};
165
166
};
167
···
116
attribute name.
117
'';
118
119
+
type = with types; attrsOf (submodule {
120
121
+
options = {
122
123
+
config = mkOption {
124
+
type = types.lines;
125
+
description = ''
126
+
Configuration of this OpenVPN instance. See
127
+
<citerefentry><refentrytitle>openvpn</refentrytitle><manvolnum>8</manvolnum></citerefentry>
128
+
for details.
129
+
'';
130
+
};
131
132
+
up = mkOption {
133
+
default = "";
134
+
type = types.lines;
135
+
description = ''
136
+
Shell commands executed when the instance is starting.
137
+
'';
138
+
};
139
140
+
down = mkOption {
141
+
default = "";
142
+
type = types.lines;
143
+
description = ''
144
+
Shell commands executed when the instance is shutting down.
145
+
'';
146
+
};
147
148
+
autoStart = mkOption {
149
+
default = true;
150
+
type = types.bool;
151
+
description = "Whether this OpenVPN instance should be started automatically.";
152
+
};
153
+
154
+
updateResolvConf = mkOption {
155
+
default = false;
156
+
type = types.bool;
157
+
description = ''
158
+
Use the script from the update-resolv-conf package to automatically
159
+
update resolv.conf with the DNS information provided by openvpn. The
160
+
script will be run after the "up" commands and before the "down" commands.
161
+
'';
162
+
};
163
164
};
165
166
+
});
167
168
};
169
+1
-2
nixos/modules/services/networking/prosody.nix
+1
-2
nixos/modules/services/networking/prosody.nix
+18
-17
nixos/modules/services/networking/ssh/sshd.nix
+18
-17
nixos/modules/services/networking/ssh/sshd.nix
···
129
};
130
131
listenAddresses = mkOption {
132
-
type = types.listOf types.optionSet;
133
default = [];
134
example = [ { addr = "192.168.3.1"; port = 22; } { addr = "0.0.0.0"; port = 64022; } ];
135
description = ''
···
140
NOTE: setting this option won't automatically enable given ports
141
in firewall configuration.
142
'';
143
-
options = {
144
-
addr = mkOption {
145
-
type = types.nullOr types.str;
146
-
default = null;
147
-
description = ''
148
-
Host, IPv4 or IPv6 address to listen to.
149
-
'';
150
-
};
151
-
port = mkOption {
152
-
type = types.nullOr types.int;
153
-
default = null;
154
-
description = ''
155
-
Port to listen to.
156
-
'';
157
-
};
158
-
};
159
};
160
161
passwordAuthentication = mkOption {
···
129
};
130
131
listenAddresses = mkOption {
132
+
type = with types; listOf (submodule {
133
+
options = {
134
+
addr = mkOption {
135
+
type = types.nullOr types.str;
136
+
default = null;
137
+
description = ''
138
+
Host, IPv4 or IPv6 address to listen to.
139
+
'';
140
+
};
141
+
port = mkOption {
142
+
type = types.nullOr types.int;
143
+
default = null;
144
+
description = ''
145
+
Port to listen to.
146
+
'';
147
+
};
148
+
};
149
+
});
150
default = [];
151
example = [ { addr = "192.168.3.1"; port = 22; } { addr = "0.0.0.0"; port = 64022; } ];
152
description = ''
···
157
NOTE: setting this option won't automatically enable given ports
158
in firewall configuration.
159
'';
160
};
161
162
passwordAuthentication = mkOption {
+101
-102
nixos/modules/services/networking/supplicant.nix
+101
-102
nixos/modules/services/networking/supplicant.nix
···
75
options = {
76
77
networking.supplicant = mkOption {
78
-
type = types.attrsOf types.optionSet;
79
80
default = { };
81
···
108
<literal>DBUS</literal> defines a device-unrelated <command>wpa_supplicant</command>
109
service that can be accessed through <literal>D-Bus</literal>.
110
'';
111
-
112
-
options = {
113
-
114
-
configFile = {
115
-
116
-
path = mkOption {
117
-
type = types.path;
118
-
example = literalExample "/etc/wpa_supplicant.conf";
119
-
description = ''
120
-
External <literal>wpa_supplicant.conf</literal> configuration file.
121
-
The configuration options defined declaratively within <literal>networking.supplicant</literal> have
122
-
precedence over options defined in <literal>configFile</literal>.
123
-
'';
124
-
};
125
-
126
-
writable = mkOption {
127
-
type = types.bool;
128
-
default = false;
129
-
description = ''
130
-
Whether the configuration file at <literal>configFile.path</literal> should be written to by
131
-
<literal>wpa_supplicant</literal>.
132
-
'';
133
-
};
134
-
135
-
};
136
-
137
-
extraConf = mkOption {
138
-
type = types.lines;
139
-
default = "";
140
-
example = ''
141
-
ap_scan=1
142
-
device_name=My-NixOS-Device
143
-
device_type=1-0050F204-1
144
-
driver_param=use_p2p_group_interface=1
145
-
disable_scan_offload=1
146
-
p2p_listen_reg_class=81
147
-
p2p_listen_channel=1
148
-
p2p_oper_reg_class=81
149
-
p2p_oper_channel=1
150
-
manufacturer=NixOS
151
-
model_name=NixOS_Unstable
152
-
model_number=2015
153
-
'';
154
-
description = ''
155
-
Configuration options for <literal>wpa_supplicant.conf</literal>.
156
-
Options defined here have precedence over options in <literal>configFile</literal>.
157
-
NOTE: Do not write sensitive data into <literal>extraConf</literal> as it will
158
-
be world-readable in the <literal>nix-store</literal>. For sensitive information
159
-
use the <literal>configFile</literal> instead.
160
-
'';
161
-
};
162
-
163
-
extraCmdArgs = mkOption {
164
-
type = types.str;
165
-
default = "";
166
-
example = "-e/var/run/wpa_supplicant/entropy.bin";
167
-
description =
168
-
"Command line arguments to add when executing <literal>wpa_supplicant</literal>.";
169
-
};
170
-
171
-
driver = mkOption {
172
-
type = types.nullOr types.str;
173
-
default = "nl80211,wext";
174
-
description = "Force a specific wpa_supplicant driver.";
175
-
};
176
-
177
-
bridge = mkOption {
178
-
type = types.str;
179
-
default = "";
180
-
description = "Name of the bridge interface that wpa_supplicant should listen at.";
181
-
};
182
-
183
-
userControlled = {
184
-
185
-
enable = mkOption {
186
-
type = types.bool;
187
-
default = false;
188
-
description = ''
189
-
Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli.
190
-
This is useful for laptop users that switch networks a lot and don't want
191
-
to depend on a large package such as NetworkManager just to pick nearby
192
-
access points.
193
-
'';
194
-
};
195
-
196
-
socketDir = mkOption {
197
-
type = types.str;
198
-
default = "/var/run/wpa_supplicant";
199
-
description = "Directory of sockets for controlling wpa_supplicant.";
200
-
};
201
-
202
-
group = mkOption {
203
-
type = types.str;
204
-
default = "wheel";
205
-
example = "network";
206
-
description = "Members of this group can control wpa_supplicant.";
207
-
};
208
-
209
-
};
210
-
211
-
};
212
213
};
214
···
75
options = {
76
77
networking.supplicant = mkOption {
78
+
type = with types; attrsOf (submodule {
79
+
options = {
80
+
81
+
configFile = {
82
+
83
+
path = mkOption {
84
+
type = types.path;
85
+
example = literalExample "/etc/wpa_supplicant.conf";
86
+
description = ''
87
+
External <literal>wpa_supplicant.conf</literal> configuration file.
88
+
The configuration options defined declaratively within <literal>networking.supplicant</literal> have
89
+
precedence over options defined in <literal>configFile</literal>.
90
+
'';
91
+
};
92
+
93
+
writable = mkOption {
94
+
type = types.bool;
95
+
default = false;
96
+
description = ''
97
+
Whether the configuration file at <literal>configFile.path</literal> should be written to by
98
+
<literal>wpa_supplicant</literal>.
99
+
'';
100
+
};
101
+
102
+
};
103
+
104
+
extraConf = mkOption {
105
+
type = types.lines;
106
+
default = "";
107
+
example = ''
108
+
ap_scan=1
109
+
device_name=My-NixOS-Device
110
+
device_type=1-0050F204-1
111
+
driver_param=use_p2p_group_interface=1
112
+
disable_scan_offload=1
113
+
p2p_listen_reg_class=81
114
+
p2p_listen_channel=1
115
+
p2p_oper_reg_class=81
116
+
p2p_oper_channel=1
117
+
manufacturer=NixOS
118
+
model_name=NixOS_Unstable
119
+
model_number=2015
120
+
'';
121
+
description = ''
122
+
Configuration options for <literal>wpa_supplicant.conf</literal>.
123
+
Options defined here have precedence over options in <literal>configFile</literal>.
124
+
NOTE: Do not write sensitive data into <literal>extraConf</literal> as it will
125
+
be world-readable in the <literal>nix-store</literal>. For sensitive information
126
+
use the <literal>configFile</literal> instead.
127
+
'';
128
+
};
129
+
130
+
extraCmdArgs = mkOption {
131
+
type = types.str;
132
+
default = "";
133
+
example = "-e/var/run/wpa_supplicant/entropy.bin";
134
+
description =
135
+
"Command line arguments to add when executing <literal>wpa_supplicant</literal>.";
136
+
};
137
+
138
+
driver = mkOption {
139
+
type = types.nullOr types.str;
140
+
default = "nl80211,wext";
141
+
description = "Force a specific wpa_supplicant driver.";
142
+
};
143
+
144
+
bridge = mkOption {
145
+
type = types.str;
146
+
default = "";
147
+
description = "Name of the bridge interface that wpa_supplicant should listen at.";
148
+
};
149
+
150
+
userControlled = {
151
+
152
+
enable = mkOption {
153
+
type = types.bool;
154
+
default = false;
155
+
description = ''
156
+
Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli.
157
+
This is useful for laptop users that switch networks a lot and don't want
158
+
to depend on a large package such as NetworkManager just to pick nearby
159
+
access points.
160
+
'';
161
+
};
162
+
163
+
socketDir = mkOption {
164
+
type = types.str;
165
+
default = "/var/run/wpa_supplicant";
166
+
description = "Directory of sockets for controlling wpa_supplicant.";
167
+
};
168
+
169
+
group = mkOption {
170
+
type = types.str;
171
+
default = "wheel";
172
+
example = "network";
173
+
description = "Members of this group can control wpa_supplicant.";
174
+
};
175
+
176
+
};
177
+
};
178
+
});
179
180
default = { };
181
···
208
<literal>DBUS</literal> defines a device-unrelated <command>wpa_supplicant</command>
209
service that can be accessed through <literal>D-Bus</literal>.
210
'';
211
212
};
213
+79
-77
nixos/modules/services/networking/tinc.nix
+79
-77
nixos/modules/services/networking/tinc.nix
···
18
19
networks = mkOption {
20
default = { };
21
-
type = types.loaOf types.optionSet;
22
-
description = ''
23
-
Defines the tinc networks which will be started.
24
-
Each network invokes a different daemon.
25
-
'';
26
-
options = {
27
28
-
extraConfig = mkOption {
29
-
default = "";
30
-
type = types.lines;
31
-
description = ''
32
-
Extra lines to add to the tinc service configuration file.
33
-
'';
34
-
};
35
36
-
name = mkOption {
37
-
default = null;
38
-
type = types.nullOr types.str;
39
-
description = ''
40
-
The name of the node which is used as an identifier when communicating
41
-
with the remote nodes in the mesh. If null then the hostname of the system
42
-
is used.
43
-
'';
44
-
};
45
46
-
ed25519PrivateKeyFile = mkOption {
47
-
default = null;
48
-
type = types.nullOr types.path;
49
-
description = ''
50
-
Path of the private ed25519 keyfile.
51
-
'';
52
-
};
53
54
-
debugLevel = mkOption {
55
-
default = 0;
56
-
type = types.addCheck types.int (l: l >= 0 && l <= 5);
57
-
description = ''
58
-
The amount of debugging information to add to the log. 0 means little
59
-
logging while 5 is the most logging. <command>man tincd</command> for
60
-
more details.
61
-
'';
62
-
};
63
64
-
hosts = mkOption {
65
-
default = { };
66
-
type = types.loaOf types.lines;
67
-
description = ''
68
-
The name of the host in the network as well as the configuration for that host.
69
-
This name should only contain alphanumerics and underscores.
70
-
'';
71
-
};
72
73
-
interfaceType = mkOption {
74
-
default = "tun";
75
-
type = types.addCheck types.str (n: n == "tun" || n == "tap");
76
-
description = ''
77
-
The type of virtual interface used for the network connection
78
-
'';
79
-
};
80
81
-
listenAddress = mkOption {
82
-
default = null;
83
-
type = types.nullOr types.str;
84
-
description = ''
85
-
The ip adress to bind to.
86
-
'';
87
-
};
88
89
-
package = mkOption {
90
-
type = types.package;
91
-
default = pkgs.tinc_pre;
92
-
defaultText = "pkgs.tinc_pre";
93
-
description = ''
94
-
The package to use for the tinc daemon's binary.
95
-
'';
96
-
};
97
98
-
chroot = mkOption {
99
-
default = true;
100
-
type = types.bool;
101
-
description = ''
102
-
Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security.
103
-
The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.
104
105
-
Note that tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.
106
-
'';
107
};
108
-
};
109
};
110
};
111
···
18
19
networks = mkOption {
20
default = { };
21
+
type = with types; loaOf (submodule {
22
+
options = {
23
24
+
extraConfig = mkOption {
25
+
default = "";
26
+
type = types.lines;
27
+
description = ''
28
+
Extra lines to add to the tinc service configuration file.
29
+
'';
30
+
};
31
32
+
name = mkOption {
33
+
default = null;
34
+
type = types.nullOr types.str;
35
+
description = ''
36
+
The name of the node which is used as an identifier when communicating
37
+
with the remote nodes in the mesh. If null then the hostname of the system
38
+
is used.
39
+
'';
40
+
};
41
42
+
ed25519PrivateKeyFile = mkOption {
43
+
default = null;
44
+
type = types.nullOr types.path;
45
+
description = ''
46
+
Path of the private ed25519 keyfile.
47
+
'';
48
+
};
49
50
+
debugLevel = mkOption {
51
+
default = 0;
52
+
type = types.addCheck types.int (l: l >= 0 && l <= 5);
53
+
description = ''
54
+
The amount of debugging information to add to the log. 0 means little
55
+
logging while 5 is the most logging. <command>man tincd</command> for
56
+
more details.
57
+
'';
58
+
};
59
60
+
hosts = mkOption {
61
+
default = { };
62
+
type = types.loaOf types.lines;
63
+
description = ''
64
+
The name of the host in the network as well as the configuration for that host.
65
+
This name should only contain alphanumerics and underscores.
66
+
'';
67
+
};
68
69
+
interfaceType = mkOption {
70
+
default = "tun";
71
+
type = types.addCheck types.str (n: n == "tun" || n == "tap");
72
+
description = ''
73
+
The type of virtual interface used for the network connection
74
+
'';
75
+
};
76
77
+
listenAddress = mkOption {
78
+
default = null;
79
+
type = types.nullOr types.str;
80
+
description = ''
81
+
The ip adress to bind to.
82
+
'';
83
+
};
84
85
+
package = mkOption {
86
+
type = types.package;
87
+
default = pkgs.tinc_pre;
88
+
defaultText = "pkgs.tinc_pre";
89
+
description = ''
90
+
The package to use for the tinc daemon's binary.
91
+
'';
92
+
};
93
94
+
chroot = mkOption {
95
+
default = true;
96
+
type = types.bool;
97
+
description = ''
98
+
Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security.
99
+
The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.
100
101
+
Note that tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.
102
+
'';
103
+
};
104
};
105
+
});
106
+
107
+
description = ''
108
+
Defines the tinc networks which will be started.
109
+
Each network invokes a different daemon.
110
+
'';
111
};
112
};
113
+55
-53
nixos/modules/services/networking/xinetd.nix
+55
-53
nixos/modules/services/networking/xinetd.nix
···
65
A list of services provided by xinetd.
66
'';
67
68
-
type = types.listOf types.optionSet;
69
70
-
options = {
71
72
-
name = mkOption {
73
-
type = types.string;
74
-
example = "login";
75
-
description = "Name of the service.";
76
-
};
77
78
-
protocol = mkOption {
79
-
type = types.string;
80
-
default = "tcp";
81
-
description =
82
-
"Protocol of the service. Usually <literal>tcp</literal> or <literal>udp</literal>.";
83
-
};
84
85
-
port = mkOption {
86
-
type = types.int;
87
-
default = 0;
88
-
example = 123;
89
-
description = "Port number of the service.";
90
-
};
91
92
-
user = mkOption {
93
-
type = types.string;
94
-
default = "nobody";
95
-
description = "User account for the service";
96
-
};
97
98
-
server = mkOption {
99
-
type = types.string;
100
-
example = "/foo/bin/ftpd";
101
-
description = "Path of the program that implements the service.";
102
-
};
103
104
-
serverArgs = mkOption {
105
-
type = types.string;
106
-
default = "";
107
-
description = "Command-line arguments for the server program.";
108
-
};
109
110
-
flags = mkOption {
111
-
type = types.string;
112
-
default = "";
113
-
description = "";
114
-
};
115
116
-
unlisted = mkOption {
117
-
type = types.bool;
118
-
default = false;
119
-
description = ''
120
-
Whether this server is listed in
121
-
<filename>/etc/services</filename>. If so, the port
122
-
number can be omitted.
123
-
'';
124
-
};
125
126
-
extraConfig = mkOption {
127
-
type = types.string;
128
-
default = "";
129
-
description = "Extra configuration-lines added to the section of the service.";
130
};
131
132
-
};
133
134
};
135
···
65
A list of services provided by xinetd.
66
'';
67
68
+
type = with types; listOf (submodule ({
69
70
+
options = {
71
72
+
name = mkOption {
73
+
type = types.string;
74
+
example = "login";
75
+
description = "Name of the service.";
76
+
};
77
78
+
protocol = mkOption {
79
+
type = types.string;
80
+
default = "tcp";
81
+
description =
82
+
"Protocol of the service. Usually <literal>tcp</literal> or <literal>udp</literal>.";
83
+
};
84
85
+
port = mkOption {
86
+
type = types.int;
87
+
default = 0;
88
+
example = 123;
89
+
description = "Port number of the service.";
90
+
};
91
92
+
user = mkOption {
93
+
type = types.string;
94
+
default = "nobody";
95
+
description = "User account for the service";
96
+
};
97
98
+
server = mkOption {
99
+
type = types.string;
100
+
example = "/foo/bin/ftpd";
101
+
description = "Path of the program that implements the service.";
102
+
};
103
104
+
serverArgs = mkOption {
105
+
type = types.string;
106
+
default = "";
107
+
description = "Command-line arguments for the server program.";
108
+
};
109
110
+
flags = mkOption {
111
+
type = types.string;
112
+
default = "";
113
+
description = "";
114
+
};
115
116
+
unlisted = mkOption {
117
+
type = types.bool;
118
+
default = false;
119
+
description = ''
120
+
Whether this server is listed in
121
+
<filename>/etc/services</filename>. If so, the port
122
+
number can be omitted.
123
+
'';
124
+
};
125
+
126
+
extraConfig = mkOption {
127
+
type = types.string;
128
+
default = "";
129
+
description = "Extra configuration-lines added to the section of the service.";
130
+
};
131
132
};
133
134
+
}));
135
136
};
137
+1
-2
nixos/modules/services/web-servers/winstone.nix
+1
-2
nixos/modules/services/web-servers/winstone.nix
+1
-2
nixos/modules/services/web-servers/zope2.nix
+1
-2
nixos/modules/services/web-servers/zope2.nix
+39
-39
nixos/modules/system/boot/loader/grub/grub.nix
+39
-39
nixos/modules/system/boot/loader/grub/grub.nix
···
131
to the respective devices corresponding to those partitions.
132
'';
133
134
-
type = types.listOf types.optionSet;
135
136
-
options = {
137
138
-
path = mkOption {
139
-
example = "/boot1";
140
-
type = types.str;
141
-
description = ''
142
-
The path to the boot directory where GRUB will be written. Generally
143
-
this boot path should double as an EFI path.
144
-
'';
145
-
};
146
147
-
efiSysMountPoint = mkOption {
148
-
default = null;
149
-
example = "/boot1/efi";
150
-
type = types.nullOr types.str;
151
-
description = ''
152
-
The path to the efi system mount point. Usually this is the same
153
-
partition as the above path and can be left as null.
154
-
'';
155
-
};
156
157
-
efiBootloaderId = mkOption {
158
-
default = null;
159
-
example = "NixOS-fsid";
160
-
type = types.nullOr types.str;
161
-
description = ''
162
-
The id of the bootloader to store in efi nvram.
163
-
The default is to name it NixOS and append the path or efiSysMountPoint.
164
-
This is only used if <literal>boot.loader.efi.canTouchEfiVariables</literal> is true.
165
-
'';
166
-
};
167
168
-
devices = mkOption {
169
-
default = [ ];
170
-
example = [ "/dev/sda" "/dev/sdb" ];
171
-
type = types.listOf types.str;
172
-
description = ''
173
-
The path to the devices which will have the GRUB MBR written.
174
-
Note these are typically device paths and not paths to partitions.
175
-
'';
176
};
177
-
178
-
};
179
};
180
181
configurationName = mkOption {
···
131
to the respective devices corresponding to those partitions.
132
'';
133
134
+
type = with types; listOf (submodule {
135
+
options = {
136
137
+
path = mkOption {
138
+
example = "/boot1";
139
+
type = types.str;
140
+
description = ''
141
+
The path to the boot directory where GRUB will be written. Generally
142
+
this boot path should double as an EFI path.
143
+
'';
144
+
};
145
146
+
efiSysMountPoint = mkOption {
147
+
default = null;
148
+
example = "/boot1/efi";
149
+
type = types.nullOr types.str;
150
+
description = ''
151
+
The path to the efi system mount point. Usually this is the same
152
+
partition as the above path and can be left as null.
153
+
'';
154
+
};
155
156
+
efiBootloaderId = mkOption {
157
+
default = null;
158
+
example = "NixOS-fsid";
159
+
type = types.nullOr types.str;
160
+
description = ''
161
+
The id of the bootloader to store in efi nvram.
162
+
The default is to name it NixOS and append the path or efiSysMountPoint.
163
+
This is only used if <literal>boot.loader.efi.canTouchEfiVariables</literal> is true.
164
+
'';
165
+
};
166
167
+
devices = mkOption {
168
+
default = [ ];
169
+
example = [ "/dev/sda" "/dev/sdb" ];
170
+
type = types.listOf types.str;
171
+
description = ''
172
+
The path to the devices which will have the GRUB MBR written.
173
+
Note these are typically device paths and not paths to partitions.
174
+
'';
175
+
};
176
177
};
178
+
});
179
};
180
181
configurationName = mkOption {
+136
-136
nixos/modules/system/boot/luksroot.nix
+136
-136
nixos/modules/system/boot/luksroot.nix
···
236
<filename>/dev/mapper/<replaceable>name</replaceable></filename>.
237
'';
238
239
-
type = types.loaOf types.optionSet;
240
241
-
options = { name, ... }: { options = {
242
-
243
-
name = mkOption {
244
-
visible = false;
245
-
default = name;
246
-
example = "luksroot";
247
-
type = types.str;
248
-
description = "Name of the unencrypted device in <filename>/dev/mapper</filename>.";
249
-
};
250
251
-
device = mkOption {
252
-
example = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08";
253
-
type = types.str;
254
-
description = "Path of the underlying encrypted block device.";
255
-
};
256
257
-
header = mkOption {
258
-
default = null;
259
-
example = "/root/header.img";
260
-
type = types.nullOr types.str;
261
-
description = ''
262
-
The name of the file or block device that
263
-
should be used as header for the encrypted device.
264
-
'';
265
-
};
266
267
-
keyFile = mkOption {
268
-
default = null;
269
-
example = "/dev/sdb1";
270
-
type = types.nullOr types.str;
271
-
description = ''
272
-
The name of the file (can be a raw device or a partition) that
273
-
should be used as the decryption key for the encrypted device. If
274
-
not specified, you will be prompted for a passphrase instead.
275
-
'';
276
-
};
277
278
-
keyFileSize = mkOption {
279
-
default = null;
280
-
example = 4096;
281
-
type = types.nullOr types.int;
282
-
description = ''
283
-
The size of the key file. Use this if only the beginning of the
284
-
key file should be used as a key (often the case if a raw device
285
-
or partition is used as key file). If not specified, the whole
286
-
<literal>keyFile</literal> will be used decryption, instead of just
287
-
the first <literal>keyFileSize</literal> bytes.
288
-
'';
289
-
};
290
291
-
# FIXME: get rid of this option.
292
-
preLVM = mkOption {
293
-
default = true;
294
-
type = types.bool;
295
-
description = "Whether the luksOpen will be attempted before LVM scan or after it.";
296
-
};
297
298
-
allowDiscards = mkOption {
299
-
default = false;
300
-
type = types.bool;
301
-
description = ''
302
-
Whether to allow TRIM requests to the underlying device. This option
303
-
has security implications; please read the LUKS documentation before
304
-
activating it.
305
-
'';
306
-
};
307
308
-
yubikey = mkOption {
309
-
default = null;
310
-
type = types.nullOr types.optionSet;
311
-
description = ''
312
-
The options to use for this LUKS device in Yubikey-PBA.
313
-
If null (the default), Yubikey-PBA will be disabled for this device.
314
-
'';
315
316
-
options = {
317
-
twoFactor = mkOption {
318
-
default = true;
319
-
type = types.bool;
320
-
description = "Whether to use a passphrase and a Yubikey (true), or only a Yubikey (false).";
321
-
};
322
323
-
slot = mkOption {
324
-
default = 2;
325
-
type = types.int;
326
-
description = "Which slot on the Yubikey to challenge.";
327
-
};
328
329
-
saltLength = mkOption {
330
-
default = 16;
331
-
type = types.int;
332
-
description = "Length of the new salt in byte (64 is the effective maximum).";
333
-
};
334
335
-
keyLength = mkOption {
336
-
default = 64;
337
-
type = types.int;
338
-
description = "Length of the LUKS slot key derived with PBKDF2 in byte.";
339
-
};
340
341
-
iterationStep = mkOption {
342
-
default = 0;
343
-
type = types.int;
344
-
description = "How much the iteration count for PBKDF2 is increased at each successful authentication.";
345
-
};
346
347
-
gracePeriod = mkOption {
348
-
default = 2;
349
-
type = types.int;
350
-
description = "Time in seconds to wait before attempting to find the Yubikey.";
351
-
};
352
353
-
ramfsMountPoint = mkOption {
354
-
default = "/crypt-ramfs";
355
-
type = types.str;
356
-
description = "Path where the ramfs used to update the LUKS key will be mounted during early boot.";
357
-
};
358
359
-
/* TODO: Add to the documentation of the current module:
360
361
-
Options related to the storing the salt.
362
-
*/
363
-
storage = {
364
-
device = mkOption {
365
-
default = "/dev/sda1";
366
-
type = types.path;
367
-
description = ''
368
-
An unencrypted device that will temporarily be mounted in stage-1.
369
-
Must contain the current salt to create the challenge for this LUKS device.
370
-
'';
371
-
};
372
373
-
fsType = mkOption {
374
-
default = "vfat";
375
-
type = types.str;
376
-
description = "The filesystem of the unencrypted device.";
377
-
};
378
379
-
mountPoint = mkOption {
380
-
default = "/crypt-storage";
381
-
type = types.str;
382
-
description = "Path where the unencrypted device will be mounted during early boot.";
383
-
};
384
385
-
path = mkOption {
386
-
default = "/crypt-storage/default";
387
-
type = types.str;
388
-
description = ''
389
-
Absolute path of the salt on the unencrypted device with
390
-
that device's root directory as "/".
391
-
'';
392
};
393
-
};
394
};
395
-
};
396
397
-
}; };
398
};
399
400
boot.initrd.luks.yubikeySupport = mkOption {
···
236
<filename>/dev/mapper/<replaceable>name</replaceable></filename>.
237
'';
238
239
+
type = with types; loaOf (submodule (
240
+
{ name, ... }: { options = {
241
242
+
name = mkOption {
243
+
visible = false;
244
+
default = name;
245
+
example = "luksroot";
246
+
type = types.str;
247
+
description = "Name of the unencrypted device in <filename>/dev/mapper</filename>.";
248
+
};
249
250
+
device = mkOption {
251
+
example = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08";
252
+
type = types.str;
253
+
description = "Path of the underlying encrypted block device.";
254
+
};
255
256
+
header = mkOption {
257
+
default = null;
258
+
example = "/root/header.img";
259
+
type = types.nullOr types.str;
260
+
description = ''
261
+
The name of the file or block device that
262
+
should be used as header for the encrypted device.
263
+
'';
264
+
};
265
266
+
keyFile = mkOption {
267
+
default = null;
268
+
example = "/dev/sdb1";
269
+
type = types.nullOr types.str;
270
+
description = ''
271
+
The name of the file (can be a raw device or a partition) that
272
+
should be used as the decryption key for the encrypted device. If
273
+
not specified, you will be prompted for a passphrase instead.
274
+
'';
275
+
};
276
277
+
keyFileSize = mkOption {
278
+
default = null;
279
+
example = 4096;
280
+
type = types.nullOr types.int;
281
+
description = ''
282
+
The size of the key file. Use this if only the beginning of the
283
+
key file should be used as a key (often the case if a raw device
284
+
or partition is used as key file). If not specified, the whole
285
+
<literal>keyFile</literal> will be used decryption, instead of just
286
+
the first <literal>keyFileSize</literal> bytes.
287
+
'';
288
+
};
289
290
+
# FIXME: get rid of this option.
291
+
preLVM = mkOption {
292
+
default = true;
293
+
type = types.bool;
294
+
description = "Whether the luksOpen will be attempted before LVM scan or after it.";
295
+
};
296
297
+
allowDiscards = mkOption {
298
+
default = false;
299
+
type = types.bool;
300
+
description = ''
301
+
Whether to allow TRIM requests to the underlying device. This option
302
+
has security implications; please read the LUKS documentation before
303
+
activating it.
304
+
'';
305
+
};
306
307
+
yubikey = mkOption {
308
+
default = null;
309
+
description = ''
310
+
The options to use for this LUKS device in Yubikey-PBA.
311
+
If null (the default), Yubikey-PBA will be disabled for this device.
312
+
'';
313
314
+
type = with types; nullOr (submodule {
315
+
options = {
316
+
twoFactor = mkOption {
317
+
default = true;
318
+
type = types.bool;
319
+
description = "Whether to use a passphrase and a Yubikey (true), or only a Yubikey (false).";
320
+
};
321
322
+
slot = mkOption {
323
+
default = 2;
324
+
type = types.int;
325
+
description = "Which slot on the Yubikey to challenge.";
326
+
};
327
328
+
saltLength = mkOption {
329
+
default = 16;
330
+
type = types.int;
331
+
description = "Length of the new salt in byte (64 is the effective maximum).";
332
+
};
333
334
+
keyLength = mkOption {
335
+
default = 64;
336
+
type = types.int;
337
+
description = "Length of the LUKS slot key derived with PBKDF2 in byte.";
338
+
};
339
340
+
iterationStep = mkOption {
341
+
default = 0;
342
+
type = types.int;
343
+
description = "How much the iteration count for PBKDF2 is increased at each successful authentication.";
344
+
};
345
346
+
gracePeriod = mkOption {
347
+
default = 2;
348
+
type = types.int;
349
+
description = "Time in seconds to wait before attempting to find the Yubikey.";
350
+
};
351
352
+
ramfsMountPoint = mkOption {
353
+
default = "/crypt-ramfs";
354
+
type = types.str;
355
+
description = "Path where the ramfs used to update the LUKS key will be mounted during early boot.";
356
+
};
357
358
+
/* TODO: Add to the documentation of the current module:
359
360
+
Options related to the storing the salt.
361
+
*/
362
+
storage = {
363
+
device = mkOption {
364
+
default = "/dev/sda1";
365
+
type = types.path;
366
+
description = ''
367
+
An unencrypted device that will temporarily be mounted in stage-1.
368
+
Must contain the current salt to create the challenge for this LUKS device.
369
+
'';
370
+
};
371
372
+
fsType = mkOption {
373
+
default = "vfat";
374
+
type = types.str;
375
+
description = "The filesystem of the unencrypted device.";
376
+
};
377
378
+
mountPoint = mkOption {
379
+
default = "/crypt-storage";
380
+
type = types.str;
381
+
description = "Path where the unencrypted device will be mounted during early boot.";
382
+
};
383
384
+
path = mkOption {
385
+
default = "/crypt-storage/default";
386
+
type = types.str;
387
+
description = ''
388
+
Absolute path of the salt on the unencrypted device with
389
+
that device's root directory as "/".
390
+
'';
391
+
};
392
+
};
393
};
394
+
});
395
};
396
397
+
}; }));
398
};
399
400
boot.initrd.luks.yubikeySupport = mkOption {
+8
-13
nixos/modules/system/boot/networkd.nix
+8
-13
nixos/modules/system/boot/networkd.nix
···
471
472
addresses = mkOption {
473
default = [ ];
474
-
type = types.listOf types.optionSet;
475
-
options = [ addressOptions ];
476
description = ''
477
A list of address sections to be added to the unit. See
478
<citerefentry><refentrytitle>systemd.network</refentrytitle>
···
482
483
routes = mkOption {
484
default = [ ];
485
-
type = types.listOf types.optionSet;
486
-
options = [ routeOptions ];
487
description = ''
488
A list of route sections to be added to the unit. See
489
<citerefentry><refentrytitle>systemd.network</refentrytitle>
···
624
625
systemd.network.links = mkOption {
626
default = {};
627
-
type = types.attrsOf types.optionSet;
628
-
options = [ linkOptions ];
629
description = "Definition of systemd network links.";
630
};
631
632
systemd.network.netdevs = mkOption {
633
default = {};
634
-
type = types.attrsOf types.optionSet;
635
-
options = [ netdevOptions ];
636
description = "Definition of systemd network devices.";
637
};
638
639
systemd.network.networks = mkOption {
640
default = {};
641
-
type = types.attrsOf types.optionSet;
642
-
options = [ networkOptions networkConfig ];
643
description = "Definition of systemd networks.";
644
};
645
646
systemd.network.units = mkOption {
647
description = "Definition of networkd units.";
648
default = {};
649
-
type = types.attrsOf types.optionSet;
650
-
options = { name, config, ... }:
651
{ options = concreteUnitOptions;
652
config = {
653
unit = mkDefault (makeUnit name config);
654
};
655
-
};
656
};
657
658
};
···
471
472
addresses = mkOption {
473
default = [ ];
474
+
type = with types; listOf (submodule [ addressOptions ]);
475
description = ''
476
A list of address sections to be added to the unit. See
477
<citerefentry><refentrytitle>systemd.network</refentrytitle>
···
481
482
routes = mkOption {
483
default = [ ];
484
+
type = with types; listOf (submodule [ routeOptions ]);
485
description = ''
486
A list of route sections to be added to the unit. See
487
<citerefentry><refentrytitle>systemd.network</refentrytitle>
···
622
623
systemd.network.links = mkOption {
624
default = {};
625
+
type = with types; attrsOf (submodule [ linkOptions ]);
626
description = "Definition of systemd network links.";
627
};
628
629
systemd.network.netdevs = mkOption {
630
default = {};
631
+
type = with types; attrsOf (submodule [ netdevOptions ]);
632
description = "Definition of systemd network devices.";
633
};
634
635
systemd.network.networks = mkOption {
636
default = {};
637
+
type = with types; attrsOf (submodule [ networkOptions networkConfig ]);
638
description = "Definition of systemd networks.";
639
};
640
641
systemd.network.units = mkOption {
642
description = "Definition of networkd units.";
643
default = {};
644
+
type = with types; attrsOf (submodule (
645
+
{ name, config, ... }:
646
{ options = concreteUnitOptions;
647
config = {
648
unit = mkDefault (makeUnit name config);
649
};
650
+
}));
651
};
652
653
};
+16
-26
nixos/modules/system/boot/systemd.nix
+16
-26
nixos/modules/system/boot/systemd.nix
···
389
systemd.units = mkOption {
390
description = "Definition of systemd units.";
391
default = {};
392
-
type = types.attrsOf types.optionSet;
393
-
options = { name, config, ... }:
394
{ options = concreteUnitOptions;
395
config = {
396
unit = mkDefault (makeUnit name config);
397
};
398
-
};
399
};
400
401
systemd.packages = mkOption {
···
406
407
systemd.targets = mkOption {
408
default = {};
409
-
type = types.attrsOf types.optionSet;
410
-
options = [ targetOptions unitConfig ];
411
description = "Definition of systemd target units.";
412
};
413
414
systemd.services = mkOption {
415
default = {};
416
-
type = types.attrsOf types.optionSet;
417
-
options = [ serviceOptions unitConfig serviceConfig ];
418
description = "Definition of systemd service units.";
419
};
420
421
systemd.sockets = mkOption {
422
default = {};
423
-
type = types.attrsOf types.optionSet;
424
-
options = [ socketOptions unitConfig ];
425
description = "Definition of systemd socket units.";
426
};
427
428
systemd.timers = mkOption {
429
default = {};
430
-
type = types.attrsOf types.optionSet;
431
-
options = [ timerOptions unitConfig ];
432
description = "Definition of systemd timer units.";
433
};
434
435
systemd.paths = mkOption {
436
default = {};
437
-
type = types.attrsOf types.optionSet;
438
-
options = [ pathOptions unitConfig ];
439
description = "Definition of systemd path units.";
440
};
441
442
systemd.mounts = mkOption {
443
default = [];
444
-
type = types.listOf types.optionSet;
445
-
options = [ mountOptions unitConfig mountConfig ];
446
description = ''
447
Definition of systemd mount units.
448
This is a list instead of an attrSet, because systemd mandates the names to be derived from
···
452
453
systemd.automounts = mkOption {
454
default = [];
455
-
type = types.listOf types.optionSet;
456
-
options = [ automountOptions unitConfig automountConfig ];
457
description = ''
458
Definition of systemd automount units.
459
This is a list instead of an attrSet, because systemd mandates the names to be derived from
···
600
systemd.user.units = mkOption {
601
description = "Definition of systemd per-user units.";
602
default = {};
603
-
type = types.attrsOf types.optionSet;
604
-
options = { name, config, ... }:
605
{ options = concreteUnitOptions;
606
config = {
607
unit = mkDefault (makeUnit name config);
608
};
609
-
};
610
};
611
612
systemd.user.services = mkOption {
613
default = {};
614
-
type = types.attrsOf types.optionSet;
615
-
options = [ serviceOptions unitConfig serviceConfig ];
616
description = "Definition of systemd per-user service units.";
617
};
618
619
systemd.user.timers = mkOption {
620
default = {};
621
-
type = types.attrsOf types.optionSet;
622
-
options = [ timerOptions unitConfig ];
623
description = "Definition of systemd per-user timer units.";
624
};
625
626
systemd.user.sockets = mkOption {
627
default = {};
628
-
type = types.attrsOf types.optionSet;
629
-
options = [ socketOptions unitConfig ];
630
description = "Definition of systemd per-user socket units.";
631
};
632
···
389
systemd.units = mkOption {
390
description = "Definition of systemd units.";
391
default = {};
392
+
type = with types; attrsOf (submodule (
393
+
{ name, config, ... }:
394
{ options = concreteUnitOptions;
395
config = {
396
unit = mkDefault (makeUnit name config);
397
};
398
+
}));
399
};
400
401
systemd.packages = mkOption {
···
406
407
systemd.targets = mkOption {
408
default = {};
409
+
type = with types; attrsOf (submodule [ { options = targetOptions; } unitConfig] );
410
description = "Definition of systemd target units.";
411
};
412
413
systemd.services = mkOption {
414
default = {};
415
+
type = with types; attrsOf (submodule [ { options = serviceOptions; } unitConfig serviceConfig ]);
416
description = "Definition of systemd service units.";
417
};
418
419
systemd.sockets = mkOption {
420
default = {};
421
+
type = with types; attrsOf (submodule [ { options = socketOptions; } unitConfig ]);
422
description = "Definition of systemd socket units.";
423
};
424
425
systemd.timers = mkOption {
426
default = {};
427
+
type = with types; attrsOf (submodule [ { options = timerOptions; } unitConfig ]);
428
description = "Definition of systemd timer units.";
429
};
430
431
systemd.paths = mkOption {
432
default = {};
433
+
type = with types; attrsOf (submodule [ { options = pathOptions; } unitConfig ]);
434
description = "Definition of systemd path units.";
435
};
436
437
systemd.mounts = mkOption {
438
default = [];
439
+
type = with types; listOf (submodule [ { options = mountOptions; } unitConfig mountConfig ]);
440
description = ''
441
Definition of systemd mount units.
442
This is a list instead of an attrSet, because systemd mandates the names to be derived from
···
446
447
systemd.automounts = mkOption {
448
default = [];
449
+
type = with types; listOf (submodule [ { options = automountOptions; } unitConfig automountConfig ]);
450
description = ''
451
Definition of systemd automount units.
452
This is a list instead of an attrSet, because systemd mandates the names to be derived from
···
593
systemd.user.units = mkOption {
594
description = "Definition of systemd per-user units.";
595
default = {};
596
+
type = with types; attrsOf (submodule (
597
+
{ name, config, ... }:
598
{ options = concreteUnitOptions;
599
config = {
600
unit = mkDefault (makeUnit name config);
601
};
602
+
}));
603
};
604
605
systemd.user.services = mkOption {
606
default = {};
607
+
type = with types; attrsOf (submodule [ { options = serviceOptions; } unitConfig serviceConfig ] );
608
description = "Definition of systemd per-user service units.";
609
};
610
611
systemd.user.timers = mkOption {
612
default = {};
613
+
type = with types; attrsOf (submodule [ { options = timerOptions; } unitConfig ] );
614
description = "Definition of systemd per-user timer units.";
615
};
616
617
systemd.user.sockets = mkOption {
618
default = {};
619
+
type = with types; attrsOf (submodule [ { options = socketOptions; } unitConfig ] );
620
description = "Definition of systemd per-user socket units.";
621
};
622
+3
-3
nixos/modules/system/etc/etc.nix
+3
-3
nixos/modules/system/etc/etc.nix
···
33
options = {
34
35
environment.etc = mkOption {
36
-
type = types.loaOf types.optionSet;
37
default = {};
38
example = literalExample ''
39
{ example-configuration-file =
···
47
Set of files that have to be linked in <filename>/etc</filename>.
48
'';
49
50
-
options = singleton ({ name, config, ... }:
51
{ options = {
52
53
enable = mkOption {
···
117
in mkDefault (pkgs.writeText name' config.text));
118
};
119
120
-
});
121
122
};
123
···
33
options = {
34
35
environment.etc = mkOption {
36
default = {};
37
example = literalExample ''
38
{ example-configuration-file =
···
46
Set of files that have to be linked in <filename>/etc</filename>.
47
'';
48
49
+
type = with types; loaOf (submodule (
50
+
{ name, config, ... }:
51
{ options = {
52
53
enable = mkOption {
···
117
in mkDefault (pkgs.writeText name' config.text));
118
};
119
120
+
}));
121
122
};
123
+252
-238
nixos/modules/tasks/network-interfaces.nix
+252
-238
nixos/modules/tasks/network-interfaces.nix
···
97
98
addrOpts = v:
99
assert v == 4 || v == 6;
100
-
{
101
-
address = mkOption {
102
-
type = types.str;
103
-
description = ''
104
-
IPv${toString v} address of the interface. Leave empty to configure the
105
-
interface using DHCP.
106
-
'';
107
-
};
108
109
-
prefixLength = mkOption {
110
-
type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128));
111
-
description = ''
112
-
Subnet mask of the interface, specified as the number of
113
-
bits in the prefix (<literal>${if v == 4 then "24" else "64"}</literal>).
114
-
'';
115
};
116
};
117
···
141
{ address = "10.0.0.1"; prefixLength = 16; }
142
{ address = "192.168.1.1"; prefixLength = 24; }
143
];
144
-
type = types.listOf types.optionSet;
145
-
options = addrOpts 4;
146
description = ''
147
List of IPv4 addresses that will be statically assigned to the interface.
148
'';
···
154
{ address = "fdfd:b3f0:482::1"; prefixLength = 48; }
155
{ address = "2001:1470:fffd:2098::e006"; prefixLength = 64; }
156
];
157
-
type = types.listOf types.optionSet;
158
-
options = addrOpts 6;
159
description = ''
160
List of IPv6 addresses that will be statically assigned to the interface.
161
'';
···
415
<option>networking.useDHCP</option> is true, then every
416
interface not listed here will be configured using DHCP.
417
'';
418
-
type = types.loaOf types.optionSet;
419
-
options = [ interfaceOpts ];
420
};
421
422
networking.vswitches = mkOption {
···
434
interface.
435
'';
436
437
-
type = types.attrsOf types.optionSet;
438
439
-
options = {
440
441
-
interfaces = mkOption {
442
-
example = [ "eth0" "eth1" ];
443
-
type = types.listOf types.str;
444
-
description =
445
-
"The physical network interfaces connected by the vSwitch.";
446
-
};
447
448
-
controllers = mkOption {
449
-
type = types.listOf types.str;
450
-
default = [];
451
-
example = [ "ptcp:6653:[::1]" ];
452
-
description = ''
453
-
Specify the controller targets. For the allowed options see <literal>man 8 ovs-vsctl</literal>.
454
-
'';
455
-
};
456
457
-
openFlowRules = mkOption {
458
-
type = types.lines;
459
-
default = "";
460
-
example = ''
461
-
actions=normal
462
-
'';
463
-
description = ''
464
-
OpenFlow rules to insert into the Open vSwitch. All <literal>openFlowRules</literal> are
465
-
loaded with <literal>ovs-ofctl</literal> within one atomic operation.
466
-
'';
467
-
};
468
469
-
extraOvsctlCmds = mkOption {
470
-
type = types.lines;
471
-
default = "";
472
-
example = ''
473
-
set-fail-mode <switch_name> secure
474
-
set Bridge <switch_name> stp_enable=true
475
-
'';
476
-
description = ''
477
-
Commands to manipulate the Open vSwitch database. Every line executed with <literal>ovs-vsctl</literal>.
478
-
All commands are bundled together with the operations for adding the interfaces
479
-
into one atomic operation.
480
-
'';
481
};
482
483
-
};
484
485
};
486
···
499
bridge's network interface.
500
'';
501
502
-
type = types.attrsOf types.optionSet;
503
504
-
options = {
505
506
-
interfaces = mkOption {
507
-
example = [ "eth0" "eth1" ];
508
-
type = types.listOf types.str;
509
-
description =
510
-
"The physical network interfaces connected by the bridge.";
511
-
};
512
513
-
rstp = mkOption {
514
-
example = true;
515
-
default = false;
516
-
type = types.bool;
517
-
description = "Whether the bridge interface should enable rstp.";
518
};
519
520
-
};
521
522
};
523
···
538
name specifying the name of the bond's network interface
539
'';
540
541
-
type = types.attrsOf types.optionSet;
542
543
-
options = {
544
545
-
interfaces = mkOption {
546
-
example = [ "enp4s0f0" "enp4s0f1" "wlan0" ];
547
-
type = types.listOf types.str;
548
-
description = "The interfaces to bond together";
549
-
};
550
551
-
lacp_rate = mkOption {
552
-
default = null;
553
-
example = "fast";
554
-
type = types.nullOr types.str;
555
-
description = ''
556
-
Option specifying the rate in which we'll ask our link partner
557
-
to transmit LACPDU packets in 802.3ad mode.
558
-
'';
559
-
};
560
561
-
miimon = mkOption {
562
-
default = null;
563
-
example = 100;
564
-
type = types.nullOr types.int;
565
-
description = ''
566
-
Miimon is the number of millisecond in between each round of polling
567
-
by the device driver for failed links. By default polling is not
568
-
enabled and the driver is trusted to properly detect and handle
569
-
failure scenarios.
570
-
'';
571
-
};
572
573
-
mode = mkOption {
574
-
default = null;
575
-
example = "active-backup";
576
-
type = types.nullOr types.str;
577
-
description = ''
578
-
The mode which the bond will be running. The default mode for
579
-
the bonding driver is balance-rr, optimizing for throughput.
580
-
More information about valid modes can be found at
581
-
https://www.kernel.org/doc/Documentation/networking/bonding.txt
582
-
'';
583
-
};
584
585
-
xmit_hash_policy = mkOption {
586
-
default = null;
587
-
example = "layer2+3";
588
-
type = types.nullOr types.str;
589
-
description = ''
590
-
Selects the transmit hash policy to use for slave selection in
591
-
balance-xor, 802.3ad, and tlb modes.
592
-
'';
593
};
594
595
-
};
596
};
597
598
networking.macvlans = mkOption {
599
-
type = types.attrsOf types.optionSet;
600
default = { };
601
example = literalExample {
602
wan = {
···
608
This option allows you to define macvlan interfaces which should
609
be automatically created.
610
'';
611
-
options = {
612
613
-
interface = mkOption {
614
-
example = "enp4s0";
615
-
type = types.str;
616
-
description = "The interface the macvlan will transmit packets through.";
617
-
};
618
619
-
mode = mkOption {
620
-
default = null;
621
-
type = types.nullOr types.str;
622
-
example = "vepa";
623
-
description = "The mode of the macvlan device.";
624
};
625
626
-
};
627
};
628
629
networking.sits = mkOption {
630
-
type = types.attrsOf types.optionSet;
631
default = { };
632
example = literalExample {
633
hurricane = {
···
644
description = ''
645
This option allows you to define 6-to-4 interfaces which should be automatically created.
646
'';
647
-
options = {
648
649
-
remote = mkOption {
650
-
type = types.nullOr types.str;
651
-
default = null;
652
-
example = "10.0.0.1";
653
-
description = ''
654
-
The address of the remote endpoint to forward traffic over.
655
-
'';
656
-
};
657
658
-
local = mkOption {
659
-
type = types.nullOr types.str;
660
-
default = null;
661
-
example = "10.0.0.22";
662
-
description = ''
663
-
The address of the local endpoint which the remote
664
-
side should send packets to.
665
-
'';
666
-
};
667
668
-
ttl = mkOption {
669
-
type = types.nullOr types.int;
670
-
default = null;
671
-
example = 255;
672
-
description = ''
673
-
The time-to-live of the connection to the remote tunnel endpoint.
674
-
'';
675
-
};
676
677
-
dev = mkOption {
678
-
type = types.nullOr types.str;
679
-
default = null;
680
-
example = "enp4s0f0";
681
-
description = ''
682
-
The underlying network device on which the tunnel resides.
683
-
'';
684
};
685
686
-
};
687
};
688
689
networking.vlans = mkOption {
···
706
specifying the name of the vlan interface.
707
'';
708
709
-
type = types.attrsOf types.optionSet;
710
711
-
options = {
712
713
-
id = mkOption {
714
-
example = 1;
715
-
type = types.int;
716
-
description = "The vlan identifier";
717
};
718
719
-
interface = mkOption {
720
-
example = "enp4s0";
721
-
type = types.str;
722
-
description = "The interface the vlan will transmit packets through.";
723
-
};
724
725
-
};
726
};
727
728
networking.wlanInterfaces = mkOption {
···
760
would have to be created explicitly.
761
'';
762
763
-
type = types.attrsOf types.optionSet;
764
765
-
options = {
766
767
-
device = mkOption {
768
-
type = types.string;
769
-
example = "wlp6s0";
770
-
description = "The name of the underlying hardware WLAN device as assigned by <literal>udev</literal>.";
771
-
};
772
773
-
type = mkOption {
774
-
type = types.string;
775
-
default = "managed";
776
-
example = "ibss";
777
-
description = ''
778
-
The type of the WLAN interface. The type has to be either <literal>managed</literal>,
779
-
<literal>ibss</literal>, <literal>monitor</literal>, <literal>mesh</literal> or <literal>wds</literal>.
780
-
Also, the type has to be supported by the underlying hardware of the device.
781
-
'';
782
-
};
783
784
-
meshID = mkOption {
785
-
type = types.nullOr types.string;
786
-
default = null;
787
-
description = "MeshID of interface with type <literal>mesh</literal>.";
788
-
};
789
790
-
flags = mkOption {
791
-
type = types.nullOr types.string;
792
-
default = null;
793
-
example = "control";
794
-
description = ''
795
-
Flags for interface of type <literal>monitor</literal>. The valid flags are:
796
-
none: no special flags
797
-
fcsfail: show frames with FCS errors
798
-
control: show control frames
799
-
otherbss: show frames from other BSSes
800
-
cook: use cooked mode
801
-
active: use active mode (ACK incoming unicast packets)
802
-
'';
803
-
};
804
805
-
fourAddr = mkOption {
806
-
type = types.nullOr types.bool;
807
-
default = null;
808
-
description = "Whether to enable <literal>4-address mode</literal> with type <literal>managed</literal>.";
809
-
};
810
811
-
mac = mkOption {
812
-
type = types.nullOr types.str;
813
-
default = null;
814
-
example = "02:00:00:00:00:01";
815
-
description = ''
816
-
MAC address to use for the device. If <literal>null</literal>, then the MAC of the
817
-
underlying hardware WLAN device is used.
818
819
-
INFO: Locally administered MAC addresses are of the form:
820
-
<itemizedlist>
821
-
<listitem><para>x2:xx:xx:xx:xx:xx</para></listitem>
822
-
<listitem><para>x6:xx:xx:xx:xx:xx</para></listitem>
823
-
<listitem><para>xA:xx:xx:xx:xx:xx</para></listitem>
824
-
<listitem><para>xE:xx:xx:xx:xx:xx</para></listitem>
825
-
</itemizedlist>
826
-
'';
827
};
828
829
-
};
830
};
831
832
networking.useDHCP = mkOption {
···
97
98
addrOpts = v:
99
assert v == 4 || v == 6;
100
+
{ options = {
101
+
address = mkOption {
102
+
type = types.str;
103
+
description = ''
104
+
IPv${toString v} address of the interface. Leave empty to configure the
105
+
interface using DHCP.
106
+
'';
107
+
};
108
109
+
prefixLength = mkOption {
110
+
type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128));
111
+
description = ''
112
+
Subnet mask of the interface, specified as the number of
113
+
bits in the prefix (<literal>${if v == 4 then "24" else "64"}</literal>).
114
+
'';
115
+
};
116
};
117
};
118
···
142
{ address = "10.0.0.1"; prefixLength = 16; }
143
{ address = "192.168.1.1"; prefixLength = 24; }
144
];
145
+
type = with types; listOf (submodule (addrOpts 4));
146
description = ''
147
List of IPv4 addresses that will be statically assigned to the interface.
148
'';
···
154
{ address = "fdfd:b3f0:482::1"; prefixLength = 48; }
155
{ address = "2001:1470:fffd:2098::e006"; prefixLength = 64; }
156
];
157
+
type = with types; listOf (submodule (addrOpts 6));
158
description = ''
159
List of IPv6 addresses that will be statically assigned to the interface.
160
'';
···
414
<option>networking.useDHCP</option> is true, then every
415
interface not listed here will be configured using DHCP.
416
'';
417
+
type = with types; loaOf (submodule interfaceOpts);
418
};
419
420
networking.vswitches = mkOption {
···
432
interface.
433
'';
434
435
+
type = with types; attrsOf (submodule {
436
437
+
options = {
438
+
439
+
interfaces = mkOption {
440
+
example = [ "eth0" "eth1" ];
441
+
type = types.listOf types.str;
442
+
description =
443
+
"The physical network interfaces connected by the vSwitch.";
444
+
};
445
446
+
controllers = mkOption {
447
+
type = types.listOf types.str;
448
+
default = [];
449
+
example = [ "ptcp:6653:[::1]" ];
450
+
description = ''
451
+
Specify the controller targets. For the allowed options see <literal>man 8 ovs-vsctl</literal>.
452
+
'';
453
+
};
454
455
+
openFlowRules = mkOption {
456
+
type = types.lines;
457
+
default = "";
458
+
example = ''
459
+
actions=normal
460
+
'';
461
+
description = ''
462
+
OpenFlow rules to insert into the Open vSwitch. All <literal>openFlowRules</literal> are
463
+
loaded with <literal>ovs-ofctl</literal> within one atomic operation.
464
+
'';
465
+
};
466
467
+
extraOvsctlCmds = mkOption {
468
+
type = types.lines;
469
+
default = "";
470
+
example = ''
471
+
set-fail-mode <switch_name> secure
472
+
set Bridge <switch_name> stp_enable=true
473
+
'';
474
+
description = ''
475
+
Commands to manipulate the Open vSwitch database. Every line executed with <literal>ovs-vsctl</literal>.
476
+
All commands are bundled together with the operations for adding the interfaces
477
+
into one atomic operation.
478
+
'';
479
+
};
480
481
};
482
483
+
});
484
485
};
486
···
499
bridge's network interface.
500
'';
501
502
+
type = with types; attrsOf (submodule {
503
504
+
options = {
505
506
+
interfaces = mkOption {
507
+
example = [ "eth0" "eth1" ];
508
+
type = types.listOf types.str;
509
+
description =
510
+
"The physical network interfaces connected by the bridge.";
511
+
};
512
513
+
rstp = mkOption {
514
+
example = true;
515
+
default = false;
516
+
type = types.bool;
517
+
description = "Whether the bridge interface should enable rstp.";
518
+
};
519
+
520
};
521
522
+
});
523
524
};
525
···
540
name specifying the name of the bond's network interface
541
'';
542
543
+
type = with types; attrsOf (submodule {
544
+
545
+
options = {
546
547
+
interfaces = mkOption {
548
+
example = [ "enp4s0f0" "enp4s0f1" "wlan0" ];
549
+
type = types.listOf types.str;
550
+
description = "The interfaces to bond together";
551
+
};
552
553
+
lacp_rate = mkOption {
554
+
default = null;
555
+
example = "fast";
556
+
type = types.nullOr types.str;
557
+
description = ''
558
+
Option specifying the rate in which we'll ask our link partner
559
+
to transmit LACPDU packets in 802.3ad mode.
560
+
'';
561
+
};
562
563
+
miimon = mkOption {
564
+
default = null;
565
+
example = 100;
566
+
type = types.nullOr types.int;
567
+
description = ''
568
+
Miimon is the number of millisecond in between each round of polling
569
+
by the device driver for failed links. By default polling is not
570
+
enabled and the driver is trusted to properly detect and handle
571
+
failure scenarios.
572
+
'';
573
+
};
574
575
+
mode = mkOption {
576
+
default = null;
577
+
example = "active-backup";
578
+
type = types.nullOr types.str;
579
+
description = ''
580
+
The mode which the bond will be running. The default mode for
581
+
the bonding driver is balance-rr, optimizing for throughput.
582
+
More information about valid modes can be found at
583
+
https://www.kernel.org/doc/Documentation/networking/bonding.txt
584
+
'';
585
+
};
586
587
+
xmit_hash_policy = mkOption {
588
+
default = null;
589
+
example = "layer2+3";
590
+
type = types.nullOr types.str;
591
+
description = ''
592
+
Selects the transmit hash policy to use for slave selection in
593
+
balance-xor, 802.3ad, and tlb modes.
594
+
'';
595
+
};
596
597
};
598
599
+
});
600
};
601
602
networking.macvlans = mkOption {
603
default = { };
604
example = literalExample {
605
wan = {
···
611
This option allows you to define macvlan interfaces which should
612
be automatically created.
613
'';
614
+
type = with types; attrsOf (submodule {
615
+
options = {
616
617
+
interface = mkOption {
618
+
example = "enp4s0";
619
+
type = types.str;
620
+
description = "The interface the macvlan will transmit packets through.";
621
+
};
622
+
623
+
mode = mkOption {
624
+
default = null;
625
+
type = types.nullOr types.str;
626
+
example = "vepa";
627
+
description = "The mode of the macvlan device.";
628
+
};
629
630
};
631
632
+
});
633
};
634
635
networking.sits = mkOption {
636
default = { };
637
example = literalExample {
638
hurricane = {
···
649
description = ''
650
This option allows you to define 6-to-4 interfaces which should be automatically created.
651
'';
652
+
type = with types; attrsOf (submodule {
653
+
options = {
654
655
+
remote = mkOption {
656
+
type = types.nullOr types.str;
657
+
default = null;
658
+
example = "10.0.0.1";
659
+
description = ''
660
+
The address of the remote endpoint to forward traffic over.
661
+
'';
662
+
};
663
+
664
+
local = mkOption {
665
+
type = types.nullOr types.str;
666
+
default = null;
667
+
example = "10.0.0.22";
668
+
description = ''
669
+
The address of the local endpoint which the remote
670
+
side should send packets to.
671
+
'';
672
+
};
673
674
+
ttl = mkOption {
675
+
type = types.nullOr types.int;
676
+
default = null;
677
+
example = 255;
678
+
description = ''
679
+
The time-to-live of the connection to the remote tunnel endpoint.
680
+
'';
681
+
};
682
683
+
dev = mkOption {
684
+
type = types.nullOr types.str;
685
+
default = null;
686
+
example = "enp4s0f0";
687
+
description = ''
688
+
The underlying network device on which the tunnel resides.
689
+
'';
690
+
};
691
692
};
693
694
+
});
695
};
696
697
networking.vlans = mkOption {
···
714
specifying the name of the vlan interface.
715
'';
716
717
+
type = with types; attrsOf (submodule {
718
719
+
options = {
720
721
+
id = mkOption {
722
+
example = 1;
723
+
type = types.int;
724
+
description = "The vlan identifier";
725
+
};
726
+
727
+
interface = mkOption {
728
+
example = "enp4s0";
729
+
type = types.str;
730
+
description = "The interface the vlan will transmit packets through.";
731
+
};
732
+
733
};
734
735
+
});
736
737
};
738
739
networking.wlanInterfaces = mkOption {
···
771
would have to be created explicitly.
772
'';
773
774
+
type = with types; attrsOf (submodule {
775
776
+
options = {
777
778
+
device = mkOption {
779
+
type = types.string;
780
+
example = "wlp6s0";
781
+
description = "The name of the underlying hardware WLAN device as assigned by <literal>udev</literal>.";
782
+
};
783
784
+
type = mkOption {
785
+
type = types.string;
786
+
default = "managed";
787
+
example = "ibss";
788
+
description = ''
789
+
The type of the WLAN interface. The type has to be either <literal>managed</literal>,
790
+
<literal>ibss</literal>, <literal>monitor</literal>, <literal>mesh</literal> or <literal>wds</literal>.
791
+
Also, the type has to be supported by the underlying hardware of the device.
792
+
'';
793
+
};
794
795
+
meshID = mkOption {
796
+
type = types.nullOr types.string;
797
+
default = null;
798
+
description = "MeshID of interface with type <literal>mesh</literal>.";
799
+
};
800
801
+
flags = mkOption {
802
+
type = types.nullOr types.string;
803
+
default = null;
804
+
example = "control";
805
+
description = ''
806
+
Flags for interface of type <literal>monitor</literal>. The valid flags are:
807
+
none: no special flags
808
+
fcsfail: show frames with FCS errors
809
+
control: show control frames
810
+
otherbss: show frames from other BSSes
811
+
cook: use cooked mode
812
+
active: use active mode (ACK incoming unicast packets)
813
+
'';
814
+
};
815
+
816
+
fourAddr = mkOption {
817
+
type = types.nullOr types.bool;
818
+
default = null;
819
+
description = "Whether to enable <literal>4-address mode</literal> with type <literal>managed</literal>.";
820
+
};
821
822
+
mac = mkOption {
823
+
type = types.nullOr types.str;
824
+
default = null;
825
+
example = "02:00:00:00:00:01";
826
+
description = ''
827
+
MAC address to use for the device. If <literal>null</literal>, then the MAC of the
828
+
underlying hardware WLAN device is used.
829
830
+
INFO: Locally administered MAC addresses are of the form:
831
+
<itemizedlist>
832
+
<listitem><para>x2:xx:xx:xx:xx:xx</para></listitem>
833
+
<listitem><para>x6:xx:xx:xx:xx:xx</para></listitem>
834
+
<listitem><para>xA:xx:xx:xx:xx:xx</para></listitem>
835
+
<listitem><para>xE:xx:xx:xx:xx:xx</para></listitem>
836
+
</itemizedlist>
837
+
'';
838
+
};
839
840
};
841
842
+
});
843
+
844
};
845
846
networking.useDHCP = mkOption {
+2
-4
nixos/modules/virtualisation/containers.nix
+2
-4
nixos/modules/virtualisation/containers.nix
···
473
};
474
475
extraVeths = mkOption {
476
-
type = types.attrsOf types.optionSet;
477
default = {};
478
-
options = networkOptions;
479
description = ''
480
Extra veth-pairs to be created for the container
481
'';
···
490
};
491
492
bindMounts = mkOption {
493
-
type = types.loaOf types.optionSet;
494
-
options = [ bindMountOpts ];
495
default = {};
496
example = { "/home" = { hostPath = "/home/alice";
497
isReadOnly = false; };
···
473
};
474
475
extraVeths = mkOption {
476
+
type = with types; attrsOf (submodule networkOptions);
477
default = {};
478
description = ''
479
Extra veth-pairs to be created for the container
480
'';
···
489
};
490
491
bindMounts = mkOption {
492
+
type = with types; loaOf (submodule bindMountOpts);
493
default = {};
494
example = { "/home" = { hostPath = "/home/alice";
495
isReadOnly = false; };