pyrox.dev
Revert "nixos: allow more things to be disabled" (#432616)
+36
-65
nixos/modules/config/system-path.nix
+36
-65
nixos/modules/config/system-path.nix
···
8
}:
9
let
10
11
-
corePackageNames = [
12
-
"acl"
13
-
"attr"
14
-
"bashInteractive" # bash with ncurses support
15
-
"bzip2"
16
-
"coreutils-full"
17
-
"cpio"
18
-
"curl"
19
-
"diffutils"
20
-
"findutils"
21
-
"gawk"
22
-
"getent"
23
-
"getconf"
24
-
"gnugrep"
25
-
"gnupatch"
26
-
"gnused"
27
-
"gnutar"
28
-
"gzip"
29
-
"xz"
30
-
"less"
31
-
"libcap"
32
-
"ncurses"
33
-
"netcat"
34
-
"mkpasswd"
35
-
"procps"
36
-
"su"
37
-
"time"
38
-
"util-linux"
39
-
"which"
40
-
"zstd"
41
-
];
42
-
corePackages =
43
-
(map (
44
-
n:
45
-
let
46
-
pkg = pkgs.${n};
47
-
in
48
-
lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg
49
-
) corePackageNames)
50
-
++ [ pkgs.stdenv.cc.libc ];
51
-
corePackagesText = "[ ${lib.concatMapStringsSep " " (n: "pkgs.${n}") corePackageNames} ]";
52
53
defaultPackageNames = [
54
"perl"
···
86
'';
87
};
88
89
-
corePackages = lib.mkOption {
90
-
type = lib.types.listOf lib.types.package;
91
-
default = corePackages;
92
-
defaultText = lib.literalMD ''
93
-
these packages, with their `meta.priority` numerically increased
94
-
(thus lowering their installation priority):
95
-
96
-
${corePackagesText}
97
-
'';
98
-
example = [ ];
99
-
description = ''
100
-
Set of core packages for a normal interactive system.
101
-
102
-
Only change this if you know what you're doing!
103
-
104
-
Like with systemPackages, packages are installed to
105
-
{file}`/run/current-system/sw`. They are
106
-
automatically available to all users, and are
107
-
automatically updated every time you rebuild the system
108
-
configuration.
109
-
'';
110
-
};
111
-
112
defaultPackages = lib.mkOption {
113
type = lib.types.listOf lib.types.package;
114
default = defaultPackages;
···
180
181
config = {
182
183
-
environment.systemPackages = config.environment.corePackages ++ config.environment.defaultPackages;
184
185
environment.pathsToLink = [
186
"/bin"
···
8
}:
9
let
10
11
+
requiredPackages =
12
+
map (pkg: lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg)
13
+
[
14
+
pkgs.acl
15
+
pkgs.attr
16
+
pkgs.bashInteractive # bash with ncurses support
17
+
pkgs.bzip2
18
+
pkgs.coreutils-full
19
+
pkgs.cpio
20
+
pkgs.curl
21
+
pkgs.diffutils
22
+
pkgs.findutils
23
+
pkgs.gawk
24
+
pkgs.stdenv.cc.libc
25
+
pkgs.getent
26
+
pkgs.getconf
27
+
pkgs.gnugrep
28
+
pkgs.gnupatch
29
+
pkgs.gnused
30
+
pkgs.gnutar
31
+
pkgs.gzip
32
+
pkgs.xz
33
+
pkgs.less
34
+
pkgs.libcap
35
+
pkgs.ncurses
36
+
pkgs.netcat
37
+
config.programs.ssh.package
38
+
pkgs.mkpasswd
39
+
pkgs.procps
40
+
pkgs.su
41
+
pkgs.time
42
+
pkgs.util-linux
43
+
pkgs.which
44
+
pkgs.zstd
45
+
];
46
47
defaultPackageNames = [
48
"perl"
···
80
'';
81
};
82
83
defaultPackages = lib.mkOption {
84
type = lib.types.listOf lib.types.package;
85
default = defaultPackages;
···
151
152
config = {
153
154
+
environment.systemPackages = requiredPackages ++ config.environment.defaultPackages;
155
156
environment.pathsToLink = [
157
"/bin"
+103
-97
nixos/modules/programs/bash/bash.nix
+103
-97
nixos/modules/programs/bash/bash.nix
···
23
in
24
25
{
26
27
options = {
28
29
programs.bash = {
30
31
-
enable = lib.mkOption {
32
-
default = true;
33
-
description = ''
34
-
Whenever to configure Bash as an interactive shell.
35
-
Note that this tries to make Bash the default
36
-
{option}`users.defaultUserShell`,
37
-
which in turn means that you might need to explicitly
38
-
set this variable if you have another shell configured
39
-
with NixOS.
40
-
'';
41
-
type = lib.types.bool;
42
-
};
43
44
shellAliases = lib.mkOption {
45
default = { };
···
124
125
};
126
127
-
config = lib.mkIf cfg.enable {
128
129
-
programs.bash = {
130
131
-
shellAliases = builtins.mapAttrs (name: lib.mkDefault) cfge.shellAliases;
132
133
-
shellInit = ''
134
-
if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]; then
135
-
. ${config.system.build.setEnvironment}
136
-
fi
137
138
-
${cfge.shellInit}
139
-
'';
140
141
-
loginShellInit = cfge.loginShellInit;
142
143
-
interactiveShellInit = ''
144
-
# Check the window size after every command.
145
-
shopt -s checkwinsize
146
147
-
# Disable hashing (i.e. caching) of command lookups.
148
-
set +h
149
150
-
${cfg.promptInit}
151
-
${cfg.promptPluginInit}
152
-
${bashAliases}
153
154
-
${cfge.interactiveShellInit}
155
-
'';
156
157
-
};
158
159
-
environment.etc.profile.text = ''
160
-
# /etc/profile: DO NOT EDIT -- this file has been generated automatically.
161
-
# This file is read for login shells.
162
163
-
# Only execute this file once per shell.
164
-
if [ -n "$__ETC_PROFILE_SOURCED" ]; then return; fi
165
-
__ETC_PROFILE_SOURCED=1
166
167
-
# Prevent this file from being sourced by interactive non-login child shells.
168
-
export __ETC_PROFILE_DONE=1
169
170
-
${cfg.shellInit}
171
-
${cfg.loginShellInit}
172
173
-
# Read system-wide modifications.
174
-
if test -f /etc/profile.local; then
175
-
. /etc/profile.local
176
-
fi
177
178
-
if [ -n "''${BASH_VERSION:-}" ]; then
179
-
. /etc/bashrc
180
-
fi
181
-
'';
182
183
-
environment.etc.bashrc.text = ''
184
-
# /etc/bashrc: DO NOT EDIT -- this file has been generated automatically.
185
186
-
# Only execute this file once per shell.
187
-
if [ -n "$__ETC_BASHRC_SOURCED" ] || [ -n "$NOSYSBASHRC" ]; then return; fi
188
-
__ETC_BASHRC_SOURCED=1
189
190
-
# If the profile was not loaded in a parent process, source
191
-
# it. But otherwise don't do it because we don't want to
192
-
# clobber overridden values of $PATH, etc.
193
-
if [ -z "$__ETC_PROFILE_DONE" ]; then
194
-
. /etc/profile
195
-
fi
196
197
-
# We are not always an interactive shell.
198
-
if [ -n "$PS1" ]; then
199
-
${cfg.interactiveShellInit}
200
-
fi
201
202
-
# Read system-wide modifications.
203
-
if test -f /etc/bashrc.local; then
204
-
. /etc/bashrc.local
205
-
fi
206
-
'';
207
208
-
environment.etc.bash_logout.text = ''
209
-
# /etc/bash_logout: DO NOT EDIT -- this file has been generated automatically.
210
211
-
# Only execute this file once per shell.
212
-
if [ -n "$__ETC_BASHLOGOUT_SOURCED" ] || [ -n "$NOSYSBASHLOGOUT" ]; then return; fi
213
-
__ETC_BASHLOGOUT_SOURCED=1
214
215
-
${cfg.logout}
216
217
-
# Read system-wide modifications.
218
-
if test -f /etc/bash_logout.local; then
219
-
. /etc/bash_logout.local
220
-
fi
221
-
'';
222
223
-
# Configuration for readline in bash. We use "option default"
224
-
# priority to allow user override using both .text and .source.
225
-
environment.etc.inputrc.source = lib.mkOptionDefault ./inputrc;
226
227
-
users.defaultUserShell = lib.mkDefault pkgs.bashInteractive;
228
229
-
environment.pathsToLink = lib.optionals cfg.completion.enable [
230
-
"/etc/bash_completion.d"
231
-
"/share/bash-completion"
232
-
];
233
234
-
environment.shells = [
235
-
"/run/current-system/sw/bin/bash"
236
-
"/run/current-system/sw/bin/sh"
237
-
"${pkgs.bashInteractive}/bin/bash"
238
-
"${pkgs.bashInteractive}/bin/sh"
239
-
];
240
241
-
};
242
243
}
···
23
in
24
25
{
26
+
imports = [
27
+
(lib.mkRemovedOptionModule [ "programs" "bash" "enable" ] "")
28
+
];
29
30
options = {
31
32
programs.bash = {
33
34
+
/*
35
+
enable = lib.mkOption {
36
+
default = true;
37
+
description = ''
38
+
Whenever to configure Bash as an interactive shell.
39
+
Note that this tries to make Bash the default
40
+
{option}`users.defaultUserShell`,
41
+
which in turn means that you might need to explicitly
42
+
set this variable if you have another shell configured
43
+
with NixOS.
44
+
'';
45
+
type = lib.types.bool;
46
+
};
47
+
*/
48
49
shellAliases = lib.mkOption {
50
default = { };
···
129
130
};
131
132
+
config = # lib.mkIf cfg.enable
133
+
{
134
135
+
programs.bash = {
136
137
+
shellAliases = builtins.mapAttrs (name: lib.mkDefault) cfge.shellAliases;
138
139
+
shellInit = ''
140
+
if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]; then
141
+
. ${config.system.build.setEnvironment}
142
+
fi
143
144
+
${cfge.shellInit}
145
+
'';
146
147
+
loginShellInit = cfge.loginShellInit;
148
149
+
interactiveShellInit = ''
150
+
# Check the window size after every command.
151
+
shopt -s checkwinsize
152
153
+
# Disable hashing (i.e. caching) of command lookups.
154
+
set +h
155
156
+
${cfg.promptInit}
157
+
${cfg.promptPluginInit}
158
+
${bashAliases}
159
160
+
${cfge.interactiveShellInit}
161
+
'';
162
163
+
};
164
165
+
environment.etc.profile.text = ''
166
+
# /etc/profile: DO NOT EDIT -- this file has been generated automatically.
167
+
# This file is read for login shells.
168
169
+
# Only execute this file once per shell.
170
+
if [ -n "$__ETC_PROFILE_SOURCED" ]; then return; fi
171
+
__ETC_PROFILE_SOURCED=1
172
173
+
# Prevent this file from being sourced by interactive non-login child shells.
174
+
export __ETC_PROFILE_DONE=1
175
176
+
${cfg.shellInit}
177
+
${cfg.loginShellInit}
178
179
+
# Read system-wide modifications.
180
+
if test -f /etc/profile.local; then
181
+
. /etc/profile.local
182
+
fi
183
184
+
if [ -n "''${BASH_VERSION:-}" ]; then
185
+
. /etc/bashrc
186
+
fi
187
+
'';
188
189
+
environment.etc.bashrc.text = ''
190
+
# /etc/bashrc: DO NOT EDIT -- this file has been generated automatically.
191
192
+
# Only execute this file once per shell.
193
+
if [ -n "$__ETC_BASHRC_SOURCED" ] || [ -n "$NOSYSBASHRC" ]; then return; fi
194
+
__ETC_BASHRC_SOURCED=1
195
196
+
# If the profile was not loaded in a parent process, source
197
+
# it. But otherwise don't do it because we don't want to
198
+
# clobber overridden values of $PATH, etc.
199
+
if [ -z "$__ETC_PROFILE_DONE" ]; then
200
+
. /etc/profile
201
+
fi
202
203
+
# We are not always an interactive shell.
204
+
if [ -n "$PS1" ]; then
205
+
${cfg.interactiveShellInit}
206
+
fi
207
208
+
# Read system-wide modifications.
209
+
if test -f /etc/bashrc.local; then
210
+
. /etc/bashrc.local
211
+
fi
212
+
'';
213
214
+
environment.etc.bash_logout.text = ''
215
+
# /etc/bash_logout: DO NOT EDIT -- this file has been generated automatically.
216
217
+
# Only execute this file once per shell.
218
+
if [ -n "$__ETC_BASHLOGOUT_SOURCED" ] || [ -n "$NOSYSBASHLOGOUT" ]; then return; fi
219
+
__ETC_BASHLOGOUT_SOURCED=1
220
221
+
${cfg.logout}
222
223
+
# Read system-wide modifications.
224
+
if test -f /etc/bash_logout.local; then
225
+
. /etc/bash_logout.local
226
+
fi
227
+
'';
228
229
+
# Configuration for readline in bash. We use "option default"
230
+
# priority to allow user override using both .text and .source.
231
+
environment.etc.inputrc.source = lib.mkOptionDefault ./inputrc;
232
233
+
users.defaultUserShell = lib.mkDefault pkgs.bashInteractive;
234
235
+
environment.pathsToLink = lib.optionals cfg.completion.enable [
236
+
"/etc/bash_completion.d"
237
+
"/share/bash-completion"
238
+
];
239
240
+
environment.shells = [
241
+
"/run/current-system/sw/bin/bash"
242
+
"/run/current-system/sw/bin/sh"
243
+
"${pkgs.bashInteractive}/bin/bash"
244
+
"${pkgs.bashInteractive}/bin/sh"
245
+
];
246
247
+
};
248
249
}
+2
-31
nixos/modules/programs/fuse.nix
+2
-31
nixos/modules/programs/fuse.nix
···
1
-
{
2
-
config,
3
-
lib,
4
-
pkgs,
5
-
...
6
-
}:
7
8
let
9
cfg = config.programs.fuse;
···
12
meta.maintainers = with lib.maintainers; [ ];
13
14
options.programs.fuse = {
15
-
enable = lib.mkEnableOption "fuse" // {
16
-
default = true;
17
-
};
18
-
19
mountMax = lib.mkOption {
20
# In the C code it's an "int" (i.e. signed and at least 16 bit), but
21
# negative numbers obviously make no sense:
···
36
};
37
};
38
39
-
config = lib.mkIf cfg.enable {
40
-
environment.systemPackages = [
41
-
pkgs.fuse
42
-
pkgs.fuse3
43
-
];
44
-
45
-
security.wrappers =
46
-
let
47
-
mkSetuidRoot = source: {
48
-
setuid = true;
49
-
owner = "root";
50
-
group = "root";
51
-
inherit source;
52
-
};
53
-
in
54
-
{
55
-
fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount";
56
-
fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3";
57
-
};
58
-
59
environment.etc."fuse.conf".text = ''
60
${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other
61
mount_max = ${builtins.toString cfg.mountMax}
62
'';
63
-
64
};
65
}
···
1
+
{ config, lib, ... }:
2
3
let
4
cfg = config.programs.fuse;
···
7
meta.maintainers = with lib.maintainers; [ ];
8
9
options.programs.fuse = {
10
mountMax = lib.mkOption {
11
# In the C code it's an "int" (i.e. signed and at least 16 bit), but
12
# negative numbers obviously make no sense:
···
27
};
28
};
29
30
+
config = {
31
environment.etc."fuse.conf".text = ''
32
${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other
33
mount_max = ${builtins.toString cfg.mountMax}
34
'';
35
};
36
}
-2
nixos/modules/programs/ssh.nix
-2
nixos/modules/programs/ssh.nix
+2
nixos/modules/security/wrappers/default.nix
+2
nixos/modules/security/wrappers/default.nix
···
266
in
267
{
268
# These are mount related wrappers that require the +s permission.
269
+
fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount";
270
+
fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3";
271
mount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/mount";
272
umount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/umount";
273
};
+1
-1
nixos/modules/system/activation/activation-script.nix
+1
-1
nixos/modules/system/activation/activation-script.nix
+1
-3
nixos/modules/system/boot/kernel.nix
+1
-3
nixos/modules/system/boot/kernel.nix
+2
-17
nixos/modules/system/boot/kexec.nix
+2
-17
nixos/modules/system/boot/kexec.nix
···
1
-
{
2
-
config,
3
-
pkgs,
4
-
lib,
5
-
...
6
-
}:
7
8
-
let
9
-
cfg = config.boot.kexec;
10
-
in
11
{
12
-
options.boot.kexec = {
13
-
enable = lib.mkEnableOption "kexec" // {
14
-
default = lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexec-tools;
15
-
defaultText = lib.literalExpression ''lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexec-tools'';
16
-
};
17
-
};
18
-
19
-
config = lib.mkIf cfg.enable {
20
environment.systemPackages = [ pkgs.kexec-tools ];
21
22
systemd.services.prepare-kexec = {
+7
-1
nixos/modules/tasks/filesystems.nix
+7
-1
nixos/modules/tasks/filesystems.nix
···
461
# Add the mount helpers to the system path so that `mount' can find them.
462
system.fsPackages = [ pkgs.dosfstools ];
463
464
+
environment.systemPackages =
465
+
with pkgs;
466
+
[
467
+
fuse3
468
+
fuse
469
+
]
470
+
++ config.system.fsPackages;
471
472
environment.etc.fstab.text =
473
let
+11
-13
nixos/modules/tasks/network-interfaces.nix
+11
-13
nixos/modules/tasks/network-interfaces.nix
···
1767
text = cfg.hostName + "\n";
1768
};
1769
1770
-
environment.corePackages = lib.mkOptionDefault (
1771
-
[
1772
-
pkgs.host
1773
-
pkgs.hostname-debian
1774
-
pkgs.iproute2
1775
-
pkgs.iputils
1776
-
]
1777
-
++ optionals config.networking.wireless.enable [
1778
-
pkgs.wirelesstools # FIXME: obsolete?
1779
-
pkgs.iw
1780
-
]
1781
-
++ bridgeStp
1782
-
);
1783
1784
# Wake-on-LAN configuration is shared by the scripted and networkd backends.
1785
systemd.network.links = pipe interfaces [
···
1767
text = cfg.hostName + "\n";
1768
};
1769
1770
+
environment.systemPackages = [
1771
+
pkgs.host
1772
+
pkgs.hostname-debian
1773
+
pkgs.iproute2
1774
+
pkgs.iputils
1775
+
]
1776
+
++ optionals config.networking.wireless.enable [
1777
+
pkgs.wirelesstools # FIXME: obsolete?
1778
+
pkgs.iw
1779
+
]
1780
+
++ bridgeStp;
1781
1782
# Wake-on-LAN configuration is shared by the scripted and networkd backends.
1783
systemd.network.links = pipe interfaces [