gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "nixos: allow more things to be disabled"

Browse Source
This commit is contained in:
nikstur
2025-08-10 22:22:08 +02:00
committed by GitHub
parent ee2d8ebb65
commit d5ae87bdeb
10 changed files with 181 additions and 246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
nixos/modules/config/system-path.nix
View File

@@ -8,47 +8,41 @@
}: }:
let let
corePackageNames = [ requiredPackages =
"acl" map (pkg: lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg)
"attr" [
"bashInteractive" # bash with ncurses support pkgs.acl
"bzip2" pkgs.attr
"coreutils-full" pkgs.bashInteractive # bash with ncurses support
"cpio" pkgs.bzip2
"curl" pkgs.coreutils-full
"diffutils" pkgs.cpio
"findutils" pkgs.curl
"gawk" pkgs.diffutils
"getent" pkgs.findutils
"getconf" pkgs.gawk
"gnugrep" pkgs.stdenv.cc.libc
"gnupatch" pkgs.getent
"gnused" pkgs.getconf
"gnutar" pkgs.gnugrep
"gzip" pkgs.gnupatch
"xz" pkgs.gnused
"less" pkgs.gnutar
"libcap" pkgs.gzip
"ncurses" pkgs.xz
"netcat" pkgs.less
"mkpasswd" pkgs.libcap
"procps" pkgs.ncurses
"su" pkgs.netcat
"time" config.programs.ssh.package
"util-linux" pkgs.mkpasswd
"which" pkgs.procps
"zstd" pkgs.su
]; pkgs.time
corePackages = pkgs.util-linux
(map ( pkgs.which
n: pkgs.zstd
let ];
pkg = pkgs.${n};
in
lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg
) corePackageNames)
++ [ pkgs.stdenv.cc.libc ];
corePackagesText = "[ ${lib.concatMapStringsSep " " (n: "pkgs.${n}") corePackageNames} ]";
defaultPackageNames = [ defaultPackageNames = [
"perl" "perl"
@@ -86,29 +80,6 @@ in
''; '';
}; };
corePackages = lib.mkOption {
type = lib.types.listOf lib.types.package;
default = corePackages;
defaultText = lib.literalMD ''
these packages, with their `meta.priority` numerically increased
(thus lowering their installation priority):
${corePackagesText}
'';
example = [ ];
description = ''
Set of core packages for a normal interactive system.
Only change this if you know what you're doing!
Like with systemPackages, packages are installed to
{file}`/run/current-system/sw`. They are
automatically available to all users, and are
automatically updated every time you rebuild the system
configuration.
'';
};
defaultPackages = lib.mkOption { defaultPackages = lib.mkOption {
type = lib.types.listOf lib.types.package; type = lib.types.listOf lib.types.package;
default = defaultPackages; default = defaultPackages;
@@ -180,7 +151,7 @@ in
config = { config = {
environment.systemPackages = config.environment.corePackages ++ config.environment.defaultPackages; environment.systemPackages = requiredPackages ++ config.environment.defaultPackages;
environment.pathsToLink = [ environment.pathsToLink = [
"/bin" "/bin"

232
nixos/modules/programs/bash/bash.nix
View File

@@ -23,23 +23,28 @@ let
in in
{ {
imports = [
(lib.mkRemovedOptionModule [ "programs" "bash" "enable" ] "")
];
options = { options = {
programs.bash = { programs.bash = {
enable = lib.mkOption { /*
default = true; enable = lib.mkOption {
description = '' default = true;
Whenever to configure Bash as an interactive shell. description = ''
Note that this tries to make Bash the default Whenever to configure Bash as an interactive shell.
{option}`users.defaultUserShell`, Note that this tries to make Bash the default
which in turn means that you might need to explicitly {option}`users.defaultUserShell`,
set this variable if you have another shell configured which in turn means that you might need to explicitly
with NixOS. set this variable if you have another shell configured
''; with NixOS.
type = lib.types.bool; '';
}; type = lib.types.bool;
};
*/
shellAliases = lib.mkOption { shellAliases = lib.mkOption {
default = { }; default = { };
@@ -124,120 +129,121 @@ in
}; };
config = lib.mkIf cfg.enable { config = # lib.mkIf cfg.enable
{
programs.bash = { programs.bash = {
shellAliases = builtins.mapAttrs (name: lib.mkDefault) cfge.shellAliases; shellAliases = builtins.mapAttrs (name: lib.mkDefault) cfge.shellAliases;
shellInit = '' shellInit = ''
if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]; then if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]; then
. ${config.system.build.setEnvironment} . ${config.system.build.setEnvironment}
fi
${cfge.shellInit}
'';
loginShellInit = cfge.loginShellInit;
interactiveShellInit = ''
# Check the window size after every command.
shopt -s checkwinsize
# Disable hashing (i.e. caching) of command lookups.
set +h
${cfg.promptInit}
${cfg.promptPluginInit}
${bashAliases}
${cfge.interactiveShellInit}
'';
};
environment.etc.profile.text = ''
# /etc/profile: DO NOT EDIT -- this file has been generated automatically.
# This file is read for login shells.
# Only execute this file once per shell.
if [ -n "$__ETC_PROFILE_SOURCED" ]; then return; fi
__ETC_PROFILE_SOURCED=1
# Prevent this file from being sourced by interactive non-login child shells.
export __ETC_PROFILE_DONE=1
${cfg.shellInit}
${cfg.loginShellInit}
# Read system-wide modifications.
if test -f /etc/profile.local; then
. /etc/profile.local
fi fi
${cfge.shellInit} if [ -n "''${BASH_VERSION:-}" ]; then
. /etc/bashrc
fi
''; '';
loginShellInit = cfge.loginShellInit; environment.etc.bashrc.text = ''
# /etc/bashrc: DO NOT EDIT -- this file has been generated automatically.
interactiveShellInit = '' # Only execute this file once per shell.
# Check the window size after every command. if [ -n "$__ETC_BASHRC_SOURCED" ] || [ -n "$NOSYSBASHRC" ]; then return; fi
shopt -s checkwinsize __ETC_BASHRC_SOURCED=1
# Disable hashing (i.e. caching) of command lookups. # If the profile was not loaded in a parent process, source
set +h # it. But otherwise don't do it because we don't want to
# clobber overridden values of $PATH, etc.
if [ -z "$__ETC_PROFILE_DONE" ]; then
. /etc/profile
fi
${cfg.promptInit} # We are not always an interactive shell.
${cfg.promptPluginInit} if [ -n "$PS1" ]; then
${bashAliases} ${cfg.interactiveShellInit}
fi
${cfge.interactiveShellInit} # Read system-wide modifications.
if test -f /etc/bashrc.local; then
. /etc/bashrc.local
fi
''; '';
environment.etc.bash_logout.text = ''
# /etc/bash_logout: DO NOT EDIT -- this file has been generated automatically.
# Only execute this file once per shell.
if [ -n "$__ETC_BASHLOGOUT_SOURCED" ] || [ -n "$NOSYSBASHLOGOUT" ]; then return; fi
__ETC_BASHLOGOUT_SOURCED=1
${cfg.logout}
# Read system-wide modifications.
if test -f /etc/bash_logout.local; then
. /etc/bash_logout.local
fi
'';
# Configuration for readline in bash. We use "option default"
# priority to allow user override using both .text and .source.
environment.etc.inputrc.source = lib.mkOptionDefault ./inputrc;
users.defaultUserShell = lib.mkDefault pkgs.bashInteractive;
environment.pathsToLink = lib.optionals cfg.completion.enable [
"/etc/bash_completion.d"
"/share/bash-completion"
];
environment.shells = [
"/run/current-system/sw/bin/bash"
"/run/current-system/sw/bin/sh"
"${pkgs.bashInteractive}/bin/bash"
"${pkgs.bashInteractive}/bin/sh"
];
}; };
environment.etc.profile.text = ''
# /etc/profile: DO NOT EDIT -- this file has been generated automatically.
# This file is read for login shells.
# Only execute this file once per shell.
if [ -n "$__ETC_PROFILE_SOURCED" ]; then return; fi
__ETC_PROFILE_SOURCED=1
# Prevent this file from being sourced by interactive non-login child shells.
export __ETC_PROFILE_DONE=1
${cfg.shellInit}
${cfg.loginShellInit}
# Read system-wide modifications.
if test -f /etc/profile.local; then
. /etc/profile.local
fi
if [ -n "''${BASH_VERSION:-}" ]; then
. /etc/bashrc
fi
'';
environment.etc.bashrc.text = ''
# /etc/bashrc: DO NOT EDIT -- this file has been generated automatically.
# Only execute this file once per shell.
if [ -n "$__ETC_BASHRC_SOURCED" ] || [ -n "$NOSYSBASHRC" ]; then return; fi
__ETC_BASHRC_SOURCED=1
# If the profile was not loaded in a parent process, source
# it. But otherwise don't do it because we don't want to
# clobber overridden values of $PATH, etc.
if [ -z "$__ETC_PROFILE_DONE" ]; then
. /etc/profile
fi
# We are not always an interactive shell.
if [ -n "$PS1" ]; then
${cfg.interactiveShellInit}
fi
# Read system-wide modifications.
if test -f /etc/bashrc.local; then
. /etc/bashrc.local
fi
'';
environment.etc.bash_logout.text = ''
# /etc/bash_logout: DO NOT EDIT -- this file has been generated automatically.
# Only execute this file once per shell.
if [ -n "$__ETC_BASHLOGOUT_SOURCED" ] || [ -n "$NOSYSBASHLOGOUT" ]; then return; fi
__ETC_BASHLOGOUT_SOURCED=1
${cfg.logout}
# Read system-wide modifications.
if test -f /etc/bash_logout.local; then
. /etc/bash_logout.local
fi
'';
# Configuration for readline in bash. We use "option default"
# priority to allow user override using both .text and .source.
environment.etc.inputrc.source = lib.mkOptionDefault ./inputrc;
users.defaultUserShell = lib.mkDefault pkgs.bashInteractive;
environment.pathsToLink = lib.optionals cfg.completion.enable [
"/etc/bash_completion.d"
"/share/bash-completion"
];
environment.shells = [
"/run/current-system/sw/bin/bash"
"/run/current-system/sw/bin/sh"
"${pkgs.bashInteractive}/bin/bash"
"${pkgs.bashInteractive}/bin/sh"
];
};
} }

33
nixos/modules/programs/fuse.nix
View File

@@ -1,9 +1,4 @@
{ { config, lib, ... }:
config,
lib,
pkgs,
...
}:
let let
cfg = config.programs.fuse; cfg = config.programs.fuse;
@@ -12,10 +7,6 @@ in
meta.maintainers = with lib.maintainers; [ ]; meta.maintainers = with lib.maintainers; [ ];
options.programs.fuse = { options.programs.fuse = {
enable = lib.mkEnableOption "fuse" // {
default = true;
};
mountMax = lib.mkOption { mountMax = lib.mkOption {
# In the C code it's an "int" (i.e. signed and at least 16 bit), but # In the C code it's an "int" (i.e. signed and at least 16 bit), but
# negative numbers obviously make no sense: # negative numbers obviously make no sense:
@@ -36,30 +27,10 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = {
environment.systemPackages = [
pkgs.fuse
pkgs.fuse3
];
security.wrappers =
let
mkSetuidRoot = source: {
setuid = true;
owner = "root";
group = "root";
inherit source;
};
in
{
fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount";
fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3";
};
environment.etc."fuse.conf".text = '' environment.etc."fuse.conf".text = ''
${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other ${lib.optionalString (!cfg.userAllowOther) "#"}user_allow_other
mount_max = ${builtins.toString cfg.mountMax} mount_max = ${builtins.toString cfg.mountMax}
''; '';
}; };
} }

2
nixos/modules/programs/ssh.nix
View File

@@ -335,8 +335,6 @@ in
} }
); );
environment.corePackages = [ cfg.package ];
# SSH configuration. Slight duplication of the sshd_config # SSH configuration. Slight duplication of the sshd_config
# generation in the sshd service. # generation in the sshd service.
environment.etc."ssh/ssh_config".text = '' environment.etc."ssh/ssh_config".text = ''

2
nixos/modules/security/wrappers/default.nix
View File

@@ -266,6 +266,8 @@ in
in in
{ {
# These are mount related wrappers that require the +s permission. # These are mount related wrappers that require the +s permission.
fusermount = mkSetuidRoot "${lib.getBin pkgs.fuse}/bin/fusermount";
fusermount3 = mkSetuidRoot "${lib.getBin pkgs.fuse3}/bin/fusermount3";
mount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/mount"; mount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/mount";
umount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/umount"; umount = mkSetuidRoot "${lib.getBin pkgs.util-linux}/bin/umount";
}; };

2
nixos/modules/system/activation/activation-script.nix
View File

@@ -317,7 +317,7 @@ in
source ${config.system.build.earlyMountScript} source ${config.system.build.earlyMountScript}
''; '';
systemd.user = lib.mkIf config.system.activatable { systemd.user = {
services.nixos-activation = { services.nixos-activation = {
description = "Run user-specific NixOS activation"; description = "Run user-specific NixOS activation";
script = config.system.userActivationScripts.script; script = config.system.userActivationScripts.script;

4
nixos/modules/system/boot/kernel.nix
View File

@@ -414,9 +414,7 @@ in
ln -s ${initrdPath} $out/initrd ln -s ${initrdPath} $out/initrd
${optionalString (config.boot.initrd.secrets != { }) '' ln -s ${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets $out
ln -s ${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets $out
''}
ln -s ${config.hardware.firmware}/lib/firmware $out/firmware ln -s ${config.hardware.firmware}/lib/firmware $out/firmware
''; '';

19
nixos/modules/system/boot/kexec.nix
View File

@@ -1,22 +1,7 @@
{ { pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
let
cfg = config.boot.kexec;
in
{ {
options.boot.kexec = { config = lib.mkIf (lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexec-tools) {
enable = lib.mkEnableOption "kexec" // {
default = lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexec-tools;
defaultText = lib.literalExpression ''lib.meta.availableOn pkgs.stdenv.hostPlatform pkgs.kexec-tools'';
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.kexec-tools ]; environment.systemPackages = [ pkgs.kexec-tools ];
systemd.services.prepare-kexec = { systemd.services.prepare-kexec = {

8
nixos/modules/tasks/filesystems.nix
View File

@@ -461,7 +461,13 @@ in
# Add the mount helpers to the system path so that `mount' can find them. # Add the mount helpers to the system path so that `mount' can find them.
system.fsPackages = [ pkgs.dosfstools ]; system.fsPackages = [ pkgs.dosfstools ];
environment.systemPackages = config.system.fsPackages; environment.systemPackages =
with pkgs;
[
fuse3
fuse
]
++ config.system.fsPackages;
environment.etc.fstab.text = environment.etc.fstab.text =
let let

24
nixos/modules/tasks/network-interfaces.nix
View File

@@ -1767,19 +1767,17 @@ in
text = cfg.hostName + "\n"; text = cfg.hostName + "\n";
}; };
environment.corePackages = lib.mkOptionDefault ( environment.systemPackages = [
[ pkgs.host
pkgs.host pkgs.hostname-debian
pkgs.hostname-debian pkgs.iproute2
pkgs.iproute2 pkgs.iputils
pkgs.iputils ]
] ++ optionals config.networking.wireless.enable [
++ optionals config.networking.wireless.enable [ pkgs.wirelesstools # FIXME: obsolete?
pkgs.wirelesstools # FIXME: obsolete? pkgs.iw
pkgs.iw ]
] ++ bridgeStp;
++ bridgeStp
);
# Wake-on-LAN configuration is shared by the scripted and networkd backends. # Wake-on-LAN configuration is shared by the scripted and networkd backends.
systemd.network.links = pipe interfaces [ systemd.network.links = pipe interfaces [