pyrox.dev / nixpkgs
lol
fork atom

Revert "nixos: allow more things to be disabled" (#432616)

authored by nikstur and committed by GitHub e9b0a519 ee2d8ebb

+165 -230
unified split
+36 -65
nixos/modules/config/system-path.nix
··· 8 8 }: 9 9 let 10 10 11 - corePackageNames = [ 12 - "acl" 13 - "attr" 14 - "bashInteractive" # bash with ncurses support 15 - "bzip2" 16 - "coreutils-full" 17 - "cpio" 18 - "curl" 19 - "diffutils" 20 - "findutils" 21 - "gawk" 22 - "getent" 23 - "getconf" 24 - "gnugrep" 25 - "gnupatch" 26 - "gnused" 27 - "gnutar" 28 - "gzip" 29 - "xz" 30 - "less" 31 - "libcap" 32 - "ncurses" 33 - "netcat" 34 - "mkpasswd" 35 - "procps" 36 - "su" 37 - "time" 38 - "util-linux" 39 - "which" 40 - "zstd" 41 - ]; 42 - corePackages = 43 - (map ( 44 - n: 45 - let 46 - pkg = pkgs.${n}; 47 - in 48 - lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg 49 - ) corePackageNames) 50 - ++ [ pkgs.stdenv.cc.libc ]; 51 - corePackagesText = "[ ${lib.concatMapStringsSep " " (n: "pkgs.${n}") corePackageNames} ]"; 11 + requiredPackages = 12 + map (pkg: lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg) 13 + [ 14 + pkgs.acl 15 + pkgs.attr 16 + pkgs.bashInteractive # bash with ncurses support 17 + pkgs.bzip2 18 + pkgs.coreutils-full 19 + pkgs.cpio 20 + pkgs.curl 21 + pkgs.diffutils 22 + pkgs.findutils 23 + pkgs.gawk 24 + pkgs.stdenv.cc.libc 25 + pkgs.getent 26 + pkgs.getconf 27 + pkgs.gnugrep 28 + pkgs.gnupatch 29 + pkgs.gnused 30 + pkgs.gnutar 31 + pkgs.gzip 32 + pkgs.xz 33 + pkgs.less 34 + pkgs.libcap 35 + pkgs.ncurses 36 + pkgs.netcat 37 + config.programs.ssh.package 38 + pkgs.mkpasswd 39 + pkgs.procps 40 + pkgs.su 41 + pkgs.time 42 + pkgs.util-linux 43 + pkgs.which 44 + pkgs.zstd 45 + ]; 52 46 53 47 defaultPackageNames = [ 54 48 "perl" ··· 86 80 ''; 87 81 }; 88 82 89 - corePackages = lib.mkOption { 90 - type = lib.types.listOf lib.types.package; 91 - default = corePackages; 92 - defaultText = lib.literalMD '' 93 - these packages, with their `meta.priority` numerically increased 94 - (thus lowering their installation priority): 95 - 96 - ${corePackagesText} 97 - ''; 98 - example = [ ]; 99 - description = '' 100 - Set of core packages for a normal interactive system. 101 - 102 - Only change this if you know what you're doing! 103 - 104 - Like with systemPackages, packages are installed to 105 - {file}`/run/current-system/sw`. They are 106 - automatically available to all users, and are 107 - automatically updated every time you rebuild the system 108 - configuration. 109 - ''; 110 - }; 111 - 112 83 defaultPackages = lib.mkOption { 113 84 type = lib.types.listOf lib.types.package; 114 85 default = defaultPackages; ··· 180 151 181 152 config = { 182 153 183 - environment.systemPackages = config.environment.corePackages ++ config.environment.defaultPackages; 154 + environment.systemPackages = requiredPackages ++ config.environment.defaultPackages; 184 155 185 156 environment.pathsToLink = [ 186 157 "/bin"
+103 -97
nixos/modules/programs/bash/bash.nix
··· 23 23 in 24 24 25 25 { 26 + imports = [ 27 + (lib.mkRemovedOptionModule [ "programs" "bash" "enable" ] "") 28 + ]; 26 29 27 30 options = { 28 31 29 32 programs.bash = { 30 33 31 - enable = lib.mkOption { 32 - default = true; 33 - description = '' 34 - Whenever to configure Bash as an interactive shell. 35 - Note that this tries to make Bash the default 36 - {option}`users.defaultUserShell`, 37 - which in turn means that you might need to explicitly 38 - set this variable if you have another shell configured 39 - with NixOS. 40 - ''; 41 - type = lib.types.bool; 42 - }; 34 + /* 35 + enable = lib.mkOption { 36 + default = true; 37 + description = '' 38 + Whenever to configure Bash as an interactive shell. 39 + Note that this tries to make Bash the default 40 + {option}`users.defaultUserShell`, 41 + which in turn means that you might need to explicitly 42 + set this variable if you have another shell configured 43 + with NixOS. 44 + ''; 45 + type = lib.types.bool; 46 + }; 47 + */ 43 48 44 49 shellAliases = lib.mkOption { 45 50 default = { }; ··· 124 129 125 130 }; 126 131 127 - config = lib.mkIf cfg.enable { 132 + config = # lib.mkIf cfg.enable 133 + { 128 134 129 - programs.bash = { 135 + programs.bash = { 130 136 131 - shellAliases = builtins.mapAttrs (name: lib.mkDefault) cfge.shellAliases; 137 + shellAliases = builtins.mapAttrs (name: lib.mkDefault) cfge.shellAliases; 132 138 133 - shellInit = '' 134 - if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]; then 135 - . ${config.system.build.setEnvironment} 136 - fi 139 + shellInit = '' 140 + if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]; then 141 + . ${config.system.build.setEnvironment} 142 + fi 137 143 138 - ${cfge.shellInit} 139 - ''; 144 + ${cfge.shellInit} 145 + ''; 140 146 141 - loginShellInit = cfge.loginShellInit; 147 + loginShellInit = cfge.loginShellInit; 142 148 143 - interactiveShellInit = '' 144 - # Check the window size after every command. 145 - shopt -s checkwinsize 149 + interactiveShellInit = '' 150 + # Check the window size after every command. 151 + shopt -s checkwinsize 146 152 147 - # Disable hashing (i.e. caching) of command lookups. 148 - set +h 153 + # Disable hashing (i.e. caching) of command lookups. 154 + set +h 149 155 150 - ${cfg.promptInit} 151 - ${cfg.promptPluginInit} 152 - ${bashAliases} 156 + ${cfg.promptInit} 157 + ${cfg.promptPluginInit} 158 + ${bashAliases} 153 159 154 - ${cfge.interactiveShellInit} 155 - ''; 160 + ${cfge.interactiveShellInit} 161 + ''; 156 162 157 - }; 163 + }; 158 164 159 - environment.etc.profile.text = '' 160 - # /etc/profile: DO NOT EDIT -- this file has been generated automatically. 161 - # This file is read for login shells. 165 + environment.etc.profile.text = '' 166 + # /etc/profile: DO NOT EDIT -- this file has been generated automatically. 167 + # This file is read for login shells. 162 168 163 - # Only execute this file once per shell. 164 - if [ -n "$__ETC_PROFILE_SOURCED" ]; then return; fi 165 - __ETC_PROFILE_SOURCED=1 169 + # Only execute this file once per shell. 170 + if [ -n "$__ETC_PROFILE_SOURCED" ]; then return; fi 171 + __ETC_PROFILE_SOURCED=1 166 172 167 - # Prevent this file from being sourced by interactive non-login child shells. 168 - export __ETC_PROFILE_DONE=1 173 + # Prevent this file from being sourced by interactive non-login child shells. 174 + export __ETC_PROFILE_DONE=1 169 175 170 - ${cfg.shellInit} 171 - ${cfg.loginShellInit} 176 + ${cfg.shellInit} 177 + ${cfg.loginShellInit} 172 178 173 - # Read system-wide modifications. 174 - if test -f /etc/profile.local; then 175 - . /etc/profile.local 176 - fi 179 + # Read system-wide modifications. 180 + if test -f /etc/profile.local; then 181 + . /etc/profile.local 182 + fi 177 183 178 - if [ -n "''${BASH_VERSION:-}" ]; then 179 - . /etc/bashrc 180 - fi 181 - ''; 184 + if [ -n "''${BASH_VERSION:-}" ]; then 185 + . /etc/bashrc 186 + fi 187 + ''; 182 188 183 - environment.etc.bashrc.text = '' 184 - # /etc/bashrc: DO NOT EDIT -- this file has been generated automatically. 189 + environment.etc.bashrc.text = '' 190 + # /etc/bashrc: DO NOT EDIT -- this file has been generated automatically. 185 191 186 - # Only execute this file once per shell. 187 - if [ -n "$__ETC_BASHRC_SOURCED" ] || [ -n "$NOSYSBASHRC" ]; then return; fi 188 - __ETC_BASHRC_SOURCED=1 192 + # Only execute this file once per shell. 193 + if [ -n "$__ETC_BASHRC_SOURCED" ] || [ -n "$NOSYSBASHRC" ]; then return; fi 194 + __ETC_BASHRC_SOURCED=1 189 195 190 - # If the profile was not loaded in a parent process, source 191 - # it. But otherwise don't do it because we don't want to 192 - # clobber overridden values of $PATH, etc. 193 - if [ -z "$__ETC_PROFILE_DONE" ]; then 194 - . /etc/profile 195 - fi 196 + # If the profile was not loaded in a parent process, source 197 + # it. But otherwise don't do it because we don't want to 198 + # clobber overridden values of $PATH, etc. 199 + if [ -z "$__ETC_PROFILE_DONE" ]; then 200 + . /etc/profile 201 + fi 196 202 197 - # We are not always an interactive shell. 198 - if [ -n "$PS1" ]; then 199 - ${cfg.interactiveShellInit} 200 - fi 203 + # We are not always an interactive shell. 204 + if [ -n "$PS1" ]; then 205 + ${cfg.interactiveShellInit} 206 + fi 201 207 202 - # Read system-wide modifications. 203 - if test -f /etc/bashrc.local; then 204 - . /etc/bashrc.local 205 - fi 206 - ''; 208 + # Read system-wide modifications. 209 + if test -f /etc/bashrc.local; then 210 + . /etc/bashrc.local 211 + fi 212 + ''; 207 213 208 - environment.etc.bash_logout.text = '' 209 - # /etc/bash_logout: DO NOT EDIT -- this file has been generated automatically. 214 + environment.etc.bash_logout.text = '' 215 + # /etc/bash_logout: DO NOT EDIT -- this file has been generated automatically. 210 216 211 - # Only execute this file once per shell. 212 - if [ -n "$__ETC_BASHLOGOUT_SOURCED" ] || [ -n "$NOSYSBASHLOGOUT" ]; then return; fi 213 - __ETC_BASHLOGOUT_SOURCED=1 217 + # Only execute this file once per shell. 218 + if [ -n "$__ETC_BASHLOGOUT_SOURCED" ] || [ -n "$NOSYSBASHLOGOUT" ]; then return; fi 219 + __ETC_BASHLOGOUT_SOURCED=1 214 220 215 - ${cfg.logout} 221 + ${cfg.logout} 216 222 217 - # Read system-wide modifications. 218 - if test -f /etc/bash_logout.local; then 219 - . /etc/bash_logout.local 220 - fi 221 - ''; 223 + # Read system-wide modifications. 224 + if test -f /etc/bash_logout.local; then 225 + . /etc/bash_logout.local 226 + fi 227 + ''; 222 228 223 - # Configuration for readline in bash. We use "option default" 224 - # priority to allow user override using both .text and .source. 225 - environment.etc.inputrc.source = lib.mkOptionDefault ./inputrc; 229 + # Configuration for readline in bash. We use "option default" 230 + # priority to allow user override using both .text and .source. 231 + environment.etc.inputrc.source = lib.mkOptionDefault ./inputrc; 226 232 227 - users.defaultUserShell = lib.mkDefault pkgs.bashInteractive; 233 + users.defaultUserShell = lib.mkDefault pkgs.bashInteractive; 228 234 229 - environment.pathsToLink = lib.optionals cfg.completion.enable [ 230 - "/etc/bash_completion.d" 231 - "/share/bash-completion" 232 - ]; 235 + environment.pathsToLink = lib.optionals cfg.completion.enable [ 236 + "/etc/bash_completion.d" 237 + "/share/bash-completion" 238 + ]; 233 239 234 - environment.shells = [ 235 - "/run/current-system/sw/bin/bash" 236 - "/run/current-system/sw/bin/sh" 237 - "${pkgs.bashInteractive}/bin/bash" 238 - "${pkgs.bashInteractive}/bin/sh" 239 - ]; 240 + environment.shells = [ 241 + "/run/current-system/sw/bin/bash" 242 + "/run/current-system/sw/bin/sh" 243 + "${pkgs.bashInteractive}/bin/bash" 244 + "${pkgs.bashInteractive}/bin/sh" 245 + ]; 240 246 241 - }; 247 + }; 242 248 243 249 }
+2 -31
nixos/modules/programs/fuse.nix
··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: 1 + { config, lib, ... }: 7 2 8 3 let 9 4 cfg = config.programs.fuse; ··· 12 7 meta.maintainers = with lib.maintainers; [ ]; 13 8 14 9 options.programs.fuse = { 15 - enable = lib.mkEnableOption "fuse" // { 16 - default = true; 17 - }; 18 - 19 10 mountMax = lib.mkOption { 20 11 # In the C code it's an "int" (i.e. signed and at least 16 bit), but 21 12 # negative numbers obviously make no sense: ··· 36 27 }; 37 28 }; 38 29 39 - config = lib.mkIf cfg.enable { 40 - environment.systemPackages = [ 41 - pkgs.fuse 42 - pkgs.fuse3 43 - ]; 44 - 45 - security.wrappers = 46 - let 47 - mkSetuidRoot = source: { 48 - setuid = true; 49 - owner = "root"; 50 - group = "root"; 51 - inherit source; 52 - }; 53 - in 54 - { 55 - fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount"; 56 - fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3"; 57 - }; 58 - 30 + config = { 59 31 environment.etc."fuse.conf".text = '' 60 32 ${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other 61 33 mount_max = ${builtins.toString cfg.mountMax} 62 34 ''; 63 - 64 35 }; 65 36 }
-2
nixos/modules/programs/ssh.nix
··· 335 335 } 336 336 ); 337 337 338 - environment.corePackages = [ cfg.package ]; 339 - 340 338 # SSH configuration. Slight duplication of the sshd_config 341 339 # generation in the sshd service. 342 340 environment.etc."ssh/ssh_config".text = ''
+2
nixos/modules/security/wrappers/default.nix
··· 266 266 in 267 267 { 268 268 # These are mount related wrappers that require the +s permission. 269 + fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount"; 270 + fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3"; 269 271 mount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/mount"; 270 272 umount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/umount"; 271 273 };
+1 -1
nixos/modules/system/activation/activation-script.nix
··· 317 317 source ${config.system.build.earlyMountScript} 318 318 ''; 319 319 320 - systemd.user = lib.mkIf config.system.activatable { 320 + systemd.user = { 321 321 services.nixos-activation = { 322 322 description = "Run user-specific NixOS activation"; 323 323 script = config.system.userActivationScripts.script;
+1 -3
nixos/modules/system/boot/kernel.nix
··· 414 414 415 415 ln -s ${initrdPath} $out/initrd 416 416 417 - ${optionalString (config.boot.initrd.secrets != { }) '' 418 - ln -s ${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets $out 419 - ''} 417 + ln -s ${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets $out 420 418 421 419 ln -s ${config.hardware.firmware}/lib/firmware $out/firmware 422 420 '';
+2 -17
nixos/modules/system/boot/kexec.nix
··· 1 - { 2 - config, 3 - pkgs, 4 - lib, 5 - ... 6 - }: 1 + { pkgs, lib, ... }: 7 2 8 - let 9 - cfg = config.boot.kexec; 10 - in 11 3 { 12 - options.boot.kexec = { 13 - enable = lib.mkEnableOption "kexec" // { 14 - default = lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexec-tools; 15 - defaultText = lib.literalExpression ''lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexec-tools''; 16 - }; 17 - }; 18 - 19 - config = lib.mkIf cfg.enable { 4 + config = lib.mkIf (lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexec-tools) { 20 5 environment.systemPackages = [ pkgs.kexec-tools ]; 21 6 22 7 systemd.services.prepare-kexec = {
+7 -1
nixos/modules/tasks/filesystems.nix
··· 461 461 # Add the mount helpers to the system path so that `mount' can find them. 462 462 system.fsPackages = [ pkgs.dosfstools ]; 463 463 464 - environment.systemPackages = config.system.fsPackages; 464 + environment.systemPackages = 465 + with pkgs; 466 + [ 467 + fuse3 468 + fuse 469 + ] 470 + ++ config.system.fsPackages; 465 471 466 472 environment.etc.fstab.text = 467 473 let
+11 -13
nixos/modules/tasks/network-interfaces.nix
··· 1767 1767 text = cfg.hostName + "\n"; 1768 1768 }; 1769 1769 1770 - environment.corePackages = lib.mkOptionDefault ( 1771 - [ 1772 - pkgs.host 1773 - pkgs.hostname-debian 1774 - pkgs.iproute2 1775 - pkgs.iputils 1776 - ] 1777 - ++ optionals config.networking.wireless.enable [ 1778 - pkgs.wirelesstools # FIXME: obsolete? 1779 - pkgs.iw 1780 - ] 1781 - ++ bridgeStp 1782 - ); 1770 + environment.systemPackages = [ 1771 + pkgs.host 1772 + pkgs.hostname-debian 1773 + pkgs.iproute2 1774 + pkgs.iputils 1775 + ] 1776 + ++ optionals config.networking.wireless.enable [ 1777 + pkgs.wirelesstools # FIXME: obsolete? 1778 + pkgs.iw 1779 + ] 1780 + ++ bridgeStp; 1783 1781 1784 1782 # Wake-on-LAN configuration is shared by the scripted and networkd backends. 1785 1783 systemd.network.links = pipe interfaces [