|
|
|
[
|
|
|
|
./config/debug-info.nix
|
|
|
|
./config/fonts/corefonts.nix
|
|
|
|
./config/fonts/fontconfig.nix
|
|
|
|
./config/fonts/fontconfig-penultimate.nix
|
|
|
|
./config/fonts/fontconfig-ultimate.nix
|
|
|
|
./config/fonts/fontdir.nix
|
|
|
|
./config/fonts/fonts.nix
|
|
|
|
./config/fonts/ghostscript.nix
|
|
|
|
./config/xdg/autostart.nix
|
|
|
|
./config/xdg/icons.nix
|
|
|
|
./config/xdg/menus.nix
|
|
|
|
./config/xdg/mime.nix
|
|
|
|
./config/appstream.nix
|
|
|
|
./config/xdg/sounds.nix
|
|
|
|
./config/gtk/gtk-icon-cache.nix
|
|
|
|
./config/gnu.nix
|
|
|
|
./config/i18n.nix
|
|
|
|
./config/iproute2.nix
|
|
|
|
./config/krb5/default.nix
|
|
|
|
./config/ldap.nix
|
|
|
|
./config/networking.nix
|
|
|
|
./config/no-x-libs.nix
|
|
|
|
./config/nsswitch.nix
|
|
|
|
./config/power-management.nix
|
|
|
|
./config/pulseaudio.nix
|
|
|
|
./config/shells-environment.nix
|
|
|
|
./config/swap.nix
|
|
|
|
./config/sysctl.nix
|
|
|
|
./config/system-environment.nix
|
|
|
|
./config/system-path.nix
|
|
|
|
./config/terminfo.nix
|
|
|
|
./config/timezone.nix
|
|
|
|
./config/unix-odbc-drivers.nix
|
|
|
|
./config/users-groups.nix
|
|
|
|
./config/vpnc.nix
|
|
|
|
./config/zram.nix
|
|
|
|
./hardware/all-firmware.nix
|
|
|
|
./hardware/bladeRF.nix
|
|
|
|
./hardware/brightnessctl.nix
|
|
|
|
./hardware/ckb-next.nix
|
|
|
|
./hardware/cpu/amd-microcode.nix
|
|
|
|
./hardware/cpu/intel-microcode.nix
|
|
|
|
./hardware/digitalbitbox.nix
|
|
|
|
./hardware/sensor/iio.nix
|
|
|
|
./hardware/ksm.nix
|
|
|
|
./hardware/ledger.nix
|
|
|
|
./hardware/mcelog.nix
|
|
|
|
./hardware/network/b43.nix
|
|
|
|
./hardware/nitrokey.nix
|
|
|
|
./hardware/opengl.nix
|
|
|
|
./hardware/pcmcia.nix
|
|
|
|
./hardware/raid/hpsa.nix
|
|
|
|
./hardware/steam-hardware.nix
|
|
|
|
./hardware/usb-wwan.nix
|
|
|
|
./hardware/onlykey.nix
|
|
|
|
./hardware/video/amdgpu.nix
|
|
|
|
./hardware/video/amdgpu-pro.nix
|
|
|
|
./hardware/video/ati.nix
|
|
|
|
./hardware/video/capture/mwprocapture.nix
|
|
|
|
./hardware/video/bumblebee.nix
|
|
|
|
./hardware/video/displaylink.nix
|
|
|
|
./hardware/video/nvidia.nix
|
|
|
|
./hardware/video/uvcvideo/default.nix
|
|
|
|
./hardware/video/webcam/facetimehd.nix
|
|
|
|
./i18n/input-method/default.nix
|
|
|
|
./i18n/input-method/fcitx.nix
|
|
|
|
./i18n/input-method/ibus.nix
|
|
|
|
./i18n/input-method/nabi.nix
|
|
|
|
./i18n/input-method/uim.nix
|
|
|
|
./installer/tools/tools.nix
|
|
|
|
./misc/assertions.nix
|
|
|
|
./misc/crashdump.nix
|
|
|
|
./misc/documentation.nix
|
|
|
|
./misc/extra-arguments.nix
|
|
|
|
./misc/ids.nix
|
|
|
|
./misc/lib.nix
|
|
|
|
./misc/label.nix
|
|
|
|
./misc/locate.nix
|
|
|
|
./misc/meta.nix
|
|
|
|
./misc/nixpkgs.nix
|
|
|
|
./misc/passthru.nix
|
|
|
|
./misc/version.nix
|
|
|
|
./programs/adb.nix
|
|
|
|
./programs/atop.nix
|
|
|
|
./programs/autojump.nix
|
|
|
|
./programs/bash/bash.nix
|
|
|
|
./programs/bcc.nix
|
|
|
|
./programs/blcr.nix
|
|
|
|
./programs/browserpass.nix
|
|
|
|
./programs/ccache.nix
|
|
|
|
./programs/cdemu.nix
|
|
|
|
./programs/chromium.nix
|
|
|
|
./programs/command-not-found/command-not-found.nix
|
|
|
|
./programs/criu.nix
|
|
|
|
./programs/dconf.nix
|
|
|
|
./programs/digitalbitbox/default.nix
|
|
|
|
./programs/dmrconfig.nix
|
|
|
|
./programs/environment.nix
|
|
|
|
./programs/firejail.nix
|
|
|
|
./programs/fish.nix
|
|
|
|
./programs/freetds.nix
|
|
|
|
./programs/gnupg.nix
|
|
|
|
./programs/gphoto2.nix
|
|
|
|
./programs/iftop.nix
|
|
|
|
./programs/iotop.nix
|
|
|
|
./programs/java.nix
|
|
|
|
./programs/kbdlight.nix
|
|
|
|
./programs/less.nix
|
|
|
|
./programs/light.nix
|
|
|
|
./programs/mosh.nix
|
|
|
|
./programs/mininet.nix
|
|
|
|
./programs/mtr.nix
|
|
|
|
./programs/nano.nix
|
|
|
|
./programs/nm-applet.nix
|
|
|
|
./programs/npm.nix
|
|
|
|
./programs/oblogout.nix
|
|
|
|
./programs/plotinus.nix
|
|
|
|
./programs/qt5ct.nix
|
|
|
|
./programs/screen.nix
|
|
|
|
./programs/sedutil.nix
|
|
|
|
./programs/slock.nix
|
|
|
|
./programs/shadow.nix
|
|
|
|
./programs/shell.nix
|
|
|
|
./programs/spacefm.nix
|
|
|
|
./programs/singularity.nix
|
|
|
|
./programs/ssh.nix
|
|
|
|
./programs/ssmtp.nix
|
|
|
|
./programs/sysdig.nix
|
|
|
|
./programs/systemtap.nix
|
|
|
|
./programs/sway.nix
|
|
|
|
./programs/thefuck.nix
|
|
|
|
./programs/tmux.nix
|
|
|
|
./programs/udevil.nix
|
|
|
|
./programs/venus.nix
|
|
|
|
./programs/vim.nix
|
|
|
|
./programs/wavemon.nix
|
|
|
|
./programs/way-cooler.nix
|
|
|
|
./programs/wireshark.nix
|
|
|
|
./programs/xfs_quota.nix
|
|
|
|
./programs/xonsh.nix
|
|
|
|
./programs/xss-lock.nix
|
|
|
|
./programs/yabar.nix
|
|
|
|
./programs/zsh/oh-my-zsh.nix
|
|
|
|
./programs/zsh/zsh.nix
|
|
|
|
./programs/zsh/zsh-autoenv.nix
|
|
|
|
./programs/zsh/zsh-autosuggestions.nix
|
|
|
|
./programs/zsh/zsh-syntax-highlighting.nix
|
|
|
|
./rename.nix
|
|
|
|
./security/acme.nix
|
|
|
|
./security/apparmor.nix
|
|
|
|
./security/apparmor-suid.nix
|
|
|
|
./security/audit.nix
|
|
|
|
./security/auditd.nix
|
|
|
|
./security/ca.nix
|
|
|
|
./security/chromium-suid-sandbox.nix
|
|
|
|
./security/dhparams.nix
|
|
|
|
./security/duosec.nix
|
|
|
|
./security/google_oslogin.nix
|
|
|
|
./security/hidepid.nix
|
|
|
|
./security/lock-kernel-modules.nix
|
|
|
|
./security/misc.nix
|
|
|
|
./security/oath.nix
|
|
|
|
./security/pam.nix
|
|
|
|
./security/pam_usb.nix
|
|
|
|
./security/pam_mount.nix
|
|
|
|
./security/polkit.nix
|
|
|
|
./security/prey.nix
|
|
|
|
./security/rngd.nix
|
|
|
|
./security/rtkit.nix
|
|
|
|
./security/wrappers/default.nix
|
|
|
|
./security/sudo.nix
|
nixos: Add 'chroot' options to systemd.services
Currently, if you want to properly chroot a systemd service, you could
do it using BindReadOnlyPaths=/nix/store (which is not what I'd call
"properly", because the whole store is still accessible) or use a
separate derivation that gathers the runtime closure of the service you
want to chroot. The former is the easier method and there is also a
method directly offered by systemd, called ProtectSystem, which still
leaves the whole store accessible. The latter however is a bit more
involved, because you need to bind-mount each store path of the runtime
closure of the service you want to chroot.
This can be achieved using pkgs.closureInfo and a small derivation that
packs everything into a systemd unit, which later can be added to
systemd.packages. That's also what I did several times[1][2] in the
past.
However, this process got a bit tedious, so I decided that it would be
generally useful for NixOS, so this very implementation was born.
Now if you want to chroot a systemd service, all you need to do is:
{
systemd.services.yourservice = {
description = "My Shiny Service";
wantedBy = [ "multi-user.target" ];
chroot.enable = true;
serviceConfig.ExecStart = "${pkgs.myservice}/bin/myservice";
};
}
If more than the dependencies for the ExecStart* and ExecStop* (which
btw. also includes "script" and {pre,post}Start) need to be in the
chroot, it can be specified using the chroot.packages option. By
default (which uses the "full-apivfs"[3] confinement mode), a user
namespace is set up as well and /proc, /sys and /dev are mounted
appropriately.
In addition - and by default - a /bin/sh executable is provided as well,
which is useful for most programs that use the system() C library call
to execute commands via shell. The shell providing /bin/sh is dash
instead of the default in NixOS (which is bash), because it's way more
lightweight and after all we're chrooting because we want to lower the
attack surface and it should be only used for "/bin/sh -c something".
Prior to submitting this here, I did a first implementation of this
outside[4] of nixpkgs, which duplicated the "pathSafeName" functionality
from systemd-lib.nix, just because it's only a single line.
However, I decided to just re-use the one from systemd here and
subsequently made it available when importing systemd-lib.nix, so that
the systemd-chroot implementation also benefits from fixes to that
functionality (which is now a proper function).
Unfortunately, we do have a few limitations as well. The first being
that DynamicUser doesn't work in conjunction with tmpfs, because it
already sets up a tmpfs in a different path and simply ignores the one
we define. We could probably solve this by detecting it and try to
bind-mount our paths to that different path whenever DynamicUser is
enabled.
The second limitation/issue is that RootDirectoryStartOnly doesn't work
right now, because it only affects the RootDirectory option and not the
individual bind mounts or our tmpfs. It would be helpful if systemd
would have a way to disable specific bind mounts as well or at least
have some way to ignore failures for the bind mounts/tmpfs setup.
Another quirk we do have right now is that systemd tries to create a
/usr directory within the chroot, which subsequently fails. Fortunately,
this is just an ugly error and not a hard failure.
[1]: https://github.com/headcounter/shabitica/blob/3bb01728a0237ad5e7/default.nix#L43-L62
[2]: https://github.com/aszlig/avonc/blob/dedf29e092481a33dc/nextcloud.nix#L103-L124
[3]: The reason this is called "full-apivfs" instead of just "full" is
to make room for a *real* "full" confinement mode, which is more
restrictive even.
[4]: https://github.com/aszlig/avonc/blob/92a20bece4df54625e/systemd-chroot.nix
Signed-off-by: aszlig <aszlig@nix.build>
5 years ago
|
|
|
./security/systemd-chroot.nix
|
|
|
|
./services/admin/oxidized.nix
|
|
|
|
./services/admin/salt/master.nix
|
|
|
|
./services/admin/salt/minion.nix
|
|
|
|
./services/amqp/activemq/default.nix
|
|
|
|
./services/amqp/rabbitmq.nix
|
|
|
|
./services/audio/alsa.nix
|
|
|
|
./services/audio/icecast.nix
|
|
|
|
./services/audio/liquidsoap.nix
|
|
|
|
./services/audio/mpd.nix
|
|
|
|
./services/audio/mopidy.nix
|
|
|
|
./services/audio/slimserver.nix
|
|
|
|
./services/audio/snapserver.nix
|
|
|
|
./services/audio/squeezelite.nix
|
|
|
|
./services/audio/ympd.nix
|
|
|
|
./services/backup/bacula.nix
|
|
|
|
./services/backup/borgbackup.nix
|
|
|
|
./services/backup/duplicati.nix
|
|
|
|
./services/backup/crashplan.nix
|
|
|
|
./services/backup/crashplan-small-business.nix
|
|
|
|
./services/backup/duplicity.nix
|
|
|
|
./services/backup/mysql-backup.nix
|
|
|
|
./services/backup/postgresql-backup.nix
|
|
|
|
./services/backup/restic.nix
|
|
|
|
./services/backup/restic-rest-server.nix
|
|
|
|
./services/backup/rsnapshot.nix
|
|
|
|
./services/backup/tarsnap.nix
|
|
|
|
./services/backup/znapzend.nix
|
|
|
|
./services/cluster/hadoop/default.nix
|
|
|
|
./services/cluster/kubernetes/addons/dns.nix
|
|
|
|
./services/cluster/kubernetes/addons/dashboard.nix
|
|
|
|
./services/cluster/kubernetes/addon-manager.nix
|
|
|
|
./services/cluster/kubernetes/apiserver.nix
|
|
|
|
./services/cluster/kubernetes/controller-manager.nix
|
|
|
|
./services/cluster/kubernetes/default.nix
|
|
|
|
./services/cluster/kubernetes/flannel.nix
|
|
|
|
./services/cluster/kubernetes/kubelet.nix
|
|
|
|
./services/cluster/kubernetes/pki.nix
|
|
|
|
./services/cluster/kubernetes/proxy.nix
|
|
|
|
./services/cluster/kubernetes/scheduler.nix
|
|
|
|
./services/computing/boinc/client.nix
|
|
|
|
./services/computing/torque/server.nix
|
|
|
|
./services/computing/torque/mom.nix
|
|
|
|
./services/computing/slurm/slurm.nix
|
|
|
|
./services/continuous-integration/buildbot/master.nix
|
|
|
|
./services/continuous-integration/buildbot/worker.nix
|
|
|
|
./services/continuous-integration/buildkite-agent.nix
|
|
|
|
./services/continuous-integration/hail.nix
|
|
|
|
./services/continuous-integration/hydra/default.nix
|
|
|
|
./services/continuous-integration/gitlab-runner.nix
|
|
|
|
./services/continuous-integration/gocd-agent/default.nix
|
|
|
|
./services/continuous-integration/gocd-server/default.nix
|
|
|
|
./services/continuous-integration/jenkins/default.nix
|
|
|
|
./services/continuous-integration/jenkins/job-builder.nix
|
|
|
|
./services/continuous-integration/jenkins/slave.nix
|
|
|
|
./services/databases/4store-endpoint.nix
|
|
|
|
./services/databases/4store.nix
|
|
|
|
./services/databases/aerospike.nix
|
|
|
|
./services/databases/cassandra.nix
|
|
|
|
./services/databases/clickhouse.nix
|
|
|
|
./services/databases/cockroachdb.nix
|
|
|
|
./services/databases/couchdb.nix
|
|
|
|
./services/databases/firebird.nix
|
|
|
|
./services/databases/foundationdb.nix
|
|
|
|
./services/databases/hbase.nix
|
|
|
|
./services/databases/influxdb.nix
|
|
|
|
./services/databases/memcached.nix
|
|
|
|
./services/databases/monetdb.nix
|
|
|
|
./services/databases/mongodb.nix
|
|
|
|
./services/databases/mysql.nix
|
|
|
|
./services/databases/neo4j.nix
|
|
|
|
./services/databases/openldap.nix
|
|
|
|
./services/databases/opentsdb.nix
|
|
|
|
./services/databases/pgmanage.nix
|
|
|
|
./services/databases/postgresql.nix
|
|
|
|
./services/databases/redis.nix
|
|
|
|
./services/databases/riak.nix
|
|
|
|
./services/databases/riak-cs.nix
|
|
|
|
./services/databases/stanchion.nix
|
|
|
|
./services/databases/virtuoso.nix
|
|
|
|
./services/desktops/accountsservice.nix
|
|
|
|
./services/desktops/bamf.nix
|
|
|
|
./services/desktops/dleyna-renderer.nix
|
|
|
|
./services/desktops/dleyna-server.nix
|
|
|
|
./services/desktops/pantheon/contractor.nix
|
|
|
|
./services/desktops/pantheon/files.nix
|
|
|
|
./services/desktops/flatpak.nix
|
|
|
|
./services/desktops/geoclue2.nix
|
|
|
|
./services/desktops/gsignond.nix
|
|
|
|
./services/desktops/pipewire.nix
|
|
|
|
./services/desktops/gnome3/at-spi2-core.nix
|
|
|
|
./services/desktops/gnome3/chrome-gnome-shell.nix
|
|
|
|
./services/desktops/gnome3/evolution-data-server.nix
|
|
|
|
./services/desktops/gnome3/file-roller.nix
|
|
|
|
./services/desktops/gnome3/gnome-disks.nix
|
|
|
|
./services/desktops/gnome3/gnome-documents.nix
|
|
|
|
./services/desktops/gnome3/gnome-keyring.nix
|
|
|
|
./services/desktops/gnome3/gnome-online-accounts.nix
|
|
|
|
./services/desktops/gnome3/gnome-remote-desktop.nix
|
|
|
|
./services/desktops/gnome3/gnome-online-miners.nix
|
|
|
|
./services/desktops/gnome3/gnome-settings-daemon.nix
|
|
|
|
./services/desktops/gnome3/gnome-terminal-server.nix
|
|
|
|
./services/desktops/gnome3/gnome-user-share.nix
|
|
|
|
./services/desktops/gnome3/gpaste.nix
|
|
|
|
./services/desktops/gnome3/gvfs.nix
|
|
|
|
./services/desktops/gnome3/rygel.nix
|
|
|
|
./services/desktops/gnome3/seahorse.nix
|
|
|
|
./services/desktops/gnome3/sushi.nix
|
|
|
|
./services/desktops/gnome3/tracker.nix
|
|
|
|
./services/desktops/gnome3/tracker-miners.nix
|
|
|
|
./services/desktops/profile-sync-daemon.nix
|
|
|
|
./services/desktops/telepathy.nix
|
|
|
|
./services/desktops/tumbler.nix
|
|
|
|
./services/desktops/zeitgeist.nix
|
|
|
|
./services/development/bloop.nix
|
|
|
|
./services/development/hoogle.nix
|
|
|
|
./services/development/jupyter/default.nix
|
|
|
|
./services/editors/emacs.nix
|
|
|
|
./services/editors/infinoted.nix
|
|
|
|
./services/games/factorio.nix
|
|
|
|
./services/games/minecraft-server.nix
|
|
|
|
./services/games/minetest-server.nix
|
|
|
|
./services/games/terraria.nix
|
|
|
|
./services/hardware/acpid.nix
|
|
|
|
./services/hardware/actkbd.nix
|
|
|
|
./services/hardware/bluetooth.nix
|
|
|
|
./services/hardware/bolt.nix
|
|
|
|
./services/hardware/brltty.nix
|
|
|
|
./services/hardware/freefall.nix
|
|
|
|
./services/hardware/fwupd.nix
|
|
|
|
./services/hardware/illum.nix
|
|
|
|
./services/hardware/interception-tools.nix
|
|
|
|
./services/hardware/irqbalance.nix
|
|
|
|
./services/hardware/lcd.nix
|
|
|
|
./services/hardware/lirc.nix
|
|
|
|
./services/hardware/nvidia-optimus.nix
|
|
|
|
./services/hardware/pcscd.nix
|
|
|
|
./services/hardware/pommed.nix
|
|
|
|
./services/hardware/ratbagd.nix
|
|
|
|
./services/hardware/sane.nix
|
|
|
|
./services/hardware/sane_extra_backends/brscan4.nix
|
|
|
|
./services/hardware/tcsd.nix
|
|
|
|
./services/hardware/tlp.nix
|
|
|
|
./services/hardware/thinkfan.nix
|
|
|
|
./services/hardware/trezord.nix
|
|
|
|
./services/hardware/triggerhappy.nix
|
|
|
|
./services/hardware/u2f.nix
|
|
|
|
./services/hardware/udev.nix
|
|
|
|
./services/hardware/udisks2.nix
|
|
|
|
./services/hardware/upower.nix
|
|
|
|
./services/hardware/usbmuxd.nix
|
|
|
|
./services/hardware/thermald.nix
|
|
|
|
./services/hardware/undervolt.nix
|
|
|
|
./services/hardware/vdr.nix
|
|
|
|
./services/logging/SystemdJournal2Gelf.nix
|
|
|
|
./services/logging/awstats.nix
|
|
|
|
./services/logging/fluentd.nix
|
|
|
|
./services/logging/graylog.nix
|
|
|
|
./services/logging/heartbeat.nix
|
|
|
|
./services/logging/journalbeat.nix
|
|
|
|
./services/logging/journaldriver.nix
|
|
|
|
./services/logging/journalwatch.nix
|
|
|
|
./services/logging/klogd.nix
|
|
|
|
./services/logging/logcheck.nix
|
|
|
|
./services/logging/logrotate.nix
|
|
|
|
./services/logging/logstash.nix
|
|
|
|
./services/logging/rsyslogd.nix
|
|
|
|
./services/logging/syslog-ng.nix
|
|
|
|
./services/logging/syslogd.nix
|
|
|
|
./services/mail/clamsmtp.nix
|
|
|
|
./services/mail/davmail.nix
|
|
|
|
./services/mail/dkimproxy-out.nix
|
|
|
|
./services/mail/dovecot.nix
|
|
|
|
./services/mail/dspam.nix
|
|
|
|
./services/mail/exim.nix
|
|
|
|
./services/mail/freepops.nix
|
|
|
|
./services/mail/mail.nix
|
|
|
|
./services/mail/mailhog.nix
|
|
|
|
./services/mail/mlmmj.nix
|
|
|
|
./services/mail/offlineimap.nix
|
|
|
|
./services/mail/opendkim.nix
|
|
|
|
./services/mail/opensmtpd.nix
|
|
|
|
./services/mail/pfix-srsd.nix
|
|
|
|
./services/mail/postfix.nix
|
|
|
|
./services/mail/postsrsd.nix
|
|
|
|
./services/mail/postgrey.nix
|
|
|
|
./services/mail/spamassassin.nix
|
|
|
|
./services/mail/rspamd.nix
|
|
|
|
./services/mail/rss2email.nix
|
|
|
|
./services/mail/rmilter.nix
|
|
|
|
./services/mail/roundcube.nix
|
|
|
|
./services/mail/nullmailer.nix
|
|
|
|
./services/misc/airsonic.nix
|
|
|
|
./services/misc/apache-kafka.nix
|
|
|
|
./services/misc/autofs.nix
|
|
|
|
./services/misc/autorandr.nix
|
|
|
|
./services/misc/beanstalkd.nix
|
|
|
|
./services/misc/bees.nix
|
|
|
|
./services/misc/bepasty.nix
|
|
|
|
./services/misc/canto-daemon.nix
|
|
|
|
./services/misc/calibre-server.nix
|
|
|
|
./services/misc/cfdyndns.nix
|
|
|
|
./services/misc/clipmenu.nix
|
|
|
|
./services/misc/cpuminer-cryptonight.nix
|
|
|
|
./services/misc/cgminer.nix
|
|
|
|
./services/misc/confd.nix
|
|
|
|
./services/misc/couchpotato.nix
|
|
|
|
./services/misc/devmon.nix
|
|
|
|
./services/misc/dictd.nix
|
|
|
|
./services/misc/dysnomia.nix
|
|
|
|
./services/misc/disnix.nix
|
|
|
|
./services/misc/docker-registry.nix
|
|
|
|
./services/misc/emby.nix
|
|
|
|
./services/misc/errbot.nix
|
|
|
|
./services/misc/etcd.nix
|
|
|
|
./services/misc/exhibitor.nix
|
|
|
|
./services/misc/felix.nix
|
|
|
|
./services/misc/folding-at-home.nix
|
|
|
|
./services/misc/fstrim.nix
|
|
|
|
./services/misc/gammu-smsd.nix
|
nixos/geoip-updater: new service
The GeoIP databases from MaxMind have no stable URLs and change every
month (or so). Our current method of packaging these database in Nix and
playing catch-up with ever-changing file hashes is a bad idea. For
instance, it makes it impossible to realize old NixOS configurations.
This patch adds a NixOS service that periodically updates the GeoIP
databases in /var/lib/geoip-databases. Moving NixOS modules over can be
done in later patches.
I tried adding MD5 check, but not all databases have them, so i skipped
it. We are downloading over HTTPS though, it should be good. I also
tried adding zip support, but the first zip file I extracted had a
different filename inside than the archive name, which breaks an
assumption in this service, so I skipped that too.
Changes v9 -> v10:
- Pass "--max-time" to curl to set upper bound on downloads (ensures
no indefinite hanging if there's problem with networking).
Timeout for network connectivity check: 60s.
Timeout for geoip database (each): 15m.
Changes v8 -> v9:
- Mention the random timer delay in the documentation for the
'interval' option.
Changes v7 -> v8:
- Add "RemainAfterExit=true" for the setup service, so it won't be
restarted needlessly. (Thanks @danbst!)
Changes v6 -> v7:
- Add --skip-existing flag to geoip-updater, which skips updating
existing database files. Pass that flag when we run the service on
boot (and on any NixOS configuration change).
(IMHO, this is somewhat a workaround for systemd persistent timers
not being triggered immediately when a timer has never expired
before. But it does have the nice side effect of ensuring that the
installed databases always correspond to the configured ones, since
the service is now always run after configuration changes.)
Changes v5 -> v6:
- Update database files atomically (per DB)
- If a database is removed from the configuration, it'll be removed
from /var/lib/geoip-databases too (on next run).
- Add NixOS module assertion so that if user inputs non- .gz or .xz
file there will be a build time error instead of runtime.
- Run updater as user "nobody" instead of "root".
- Rename NixOS service from "geoip-databases" to "geoip-updater".
- Drop RemainAfterExit, or else the timer won't trigger the unit.
- Bring back "curl --fail", or else we won't catch and log curl
failures.
Changes v4 -> v5:
- Add "GeoLite2-City.mmdb.gz" to default database list.
Changes v3 -> v4:
- Remove unneeded geoip-updater-setup.service after adding
'wantedBy = [ "multi-user.target" ]' directly to
geoip-updater.service
- Drop unneeded "Service" name from service descriptions.
Changes v2 -> v3:
- Network may be down when starting from a cold boot, so try a few
times. Possibly, if using systemd-networkd, it'll pass on the first
try. But with default DHCP on NixOS, the service is started before
hostnames can be resolved and thus we need a few extra seconds.
- Add error handling and mark service as failed if fatal error.
- Add proper syslog log levels.
- Add RandomizedDelaySec=3600 to the timer to not put high load on the
MaxMind servers. Suggested by @Mic92.
- Set RemainAfterExit on geoip-updater.service instead of
geoip-updater-setup.service. (The latter is only a proxy that pulls
in the former service).
Changes v1 -> v2:
From Данило Глинський (Danylo Hlynskyi) <abcz2.uprola@gmail.com>:
nixos/geoip-databases: add `databases` option and fix initial setup
There were two great issues when using this service:
- When you just enable service, databases aren't downloaded, they are
downloaded when timer triggers. Fixed this with automatic download on
first system activation.
- When there is no internet, updater outputs nothing to logs, which is
IMO misbehavior. Fixed this with removing `--fail` option, better be
explicit here.
8 years ago
|
|
|
./services/misc/geoip-updater.nix
|
|
|
|
./services/misc/gitea.nix
|
|
|
|
#./services/misc/gitit.nix
|
|
|
|
./services/misc/gitlab.nix
|
|
|
|
./services/misc/gitolite.nix
|
|
|
|
./services/misc/gitweb.nix
|
|
|
|
./services/misc/gogs.nix
|
|
|
|
./services/misc/gollum.nix
|
|
|
|
./services/misc/gpsd.nix
|
|
|
|
./services/misc/headphones.nix
|
|
|
|
./services/misc/home-assistant.nix
|
|
|
|
./services/misc/ihaskell.nix
|
|
|
|
./services/misc/irkerd.nix
|
|
|
|
./services/misc/jackett.nix
|
|
|
|
./services/misc/logkeys.nix
|
|
|
|
./services/misc/leaps.nix
|
|
|
|
./services/misc/lidarr.nix
|
|
|
|
./services/misc/mantisbt.nix
|
|
|
|
./services/misc/mathics.nix
|
|
|
|
./services/misc/matrix-synapse.nix
|
|
|
|
./services/misc/mbpfan.nix
|
|
|
|
./services/misc/mediatomb.nix
|
|
|
|
./services/misc/mesos-master.nix
|
|
|
|
./services/misc/mesos-slave.nix
|
|
|
|
./services/misc/mwlib.nix
|
|
|
|
./services/misc/nix-daemon.nix
|
|
|
|
./services/misc/nix-gc.nix
|
|
|
|
./services/misc/nix-optimise.nix
|
|
|
|
./services/misc/nixos-manual.nix
|
|
|
|
./services/misc/nix-ssh-serve.nix
|
|
|
|
./services/misc/novacomd.nix
|
|
|
|
./services/misc/nzbget.nix
|
|
|
|
./services/misc/octoprint.nix
|
|
|
|
./services/misc/osrm.nix
|
|
|
|
./services/misc/packagekit.nix
|
|
|
|
./services/misc/parsoid.nix
|
|
|
|
./services/misc/phd.nix
|
|
|
|
./services/misc/plex.nix
|
|
|
|
./services/misc/tautulli.nix
|
|
|
|
./services/misc/pykms.nix
|
|
|
|
./services/misc/radarr.nix
|
|
|
|
./services/misc/redmine.nix
|
|
|
|
./services/misc/rippled.nix
|
|
|
|
./services/misc/ripple-data-api.nix
|
|
|
|
./services/misc/rogue.nix
|
|
|
|
./services/misc/serviio.nix
|
|
|
|
./services/misc/safeeyes.nix
|
|
|
|
./services/misc/sickbeard.nix
|
|
|
|
./services/misc/siproxd.nix
|
|
|
|
./services/misc/snapper.nix
|
|
|
|
./services/misc/sonarr.nix
|
|
|
|
./services/misc/spice-vdagentd.nix
|
|
|
|
./services/misc/ssm-agent.nix
|
|
|
|
./services/misc/sssd.nix
|
|
|
|
./services/misc/subsonic.nix
|
|
|
|
./services/misc/sundtek.nix
|
|
|
|
./services/misc/svnserve.nix
|
|
|
|
./services/misc/synergy.nix
|
|
|
|
./services/misc/sysprof.nix
|
|
|
|
./services/misc/taskserver
|
|
|
|
./services/misc/tzupdate.nix
|
|
|
|
./services/misc/uhub.nix
|
|
|
|
./services/misc/weechat.nix
|
|
|
|
./services/misc/xmr-stak.nix
|
|
|
|
./services/misc/zoneminder.nix
|
|
|
|
./services/misc/zookeeper.nix
|
|
|
|
./services/monitoring/alerta.nix
|
|
|
|
./services/monitoring/apcupsd.nix
|
|
|
|
./services/monitoring/arbtt.nix
|
|
|
|
./services/monitoring/bosun.nix
|
|
|
|
./services/monitoring/cadvisor.nix
|
|
|
|
./services/monitoring/collectd.nix
|
|
|
|
./services/monitoring/das_watchdog.nix
|
|
|
|
./services/monitoring/datadog-agent.nix
|
|
|
|
./services/monitoring/dd-agent/dd-agent.nix
|
|
|
|
./services/monitoring/fusion-inventory.nix
|
|
|
|
./services/monitoring/grafana.nix
|
|
|
|
./services/monitoring/grafana-reporter.nix
|
|
|
|
./services/monitoring/graphite.nix
|
|
|
|
./services/monitoring/hdaps.nix
|
|
|
|
./services/monitoring/heapster.nix
|
|
|
|
./services/monitoring/incron.nix
|
|
|
|
./services/monitoring/kapacitor.nix
|
|
|
|
./services/monitoring/longview.nix
|
|
|
|
./services/monitoring/monit.nix
|
|
|
|
./services/monitoring/munin.nix
|
|
|
|
./services/monitoring/nagios.nix
|
|
|
|
./services/monitoring/netdata.nix
|
|
|
|
./services/monitoring/osquery.nix
|
|
|
|
./services/monitoring/prometheus/default.nix
|
|
|
|
./services/monitoring/prometheus/alertmanager.nix
|
|
|
|
./services/monitoring/prometheus/exporters.nix
|
|
|
|
./services/monitoring/riemann.nix
|
|
|
|
./services/monitoring/riemann-dash.nix
|
|
|
|
./services/monitoring/riemann-tools.nix
|
|
|
|
./services/monitoring/scollector.nix
|
|
|
|
./services/monitoring/smartd.nix
|
|
|
|
./services/monitoring/sysstat.nix
|
|
|
|
./services/monitoring/systemhealth.nix
|
|
|
|
./services/monitoring/teamviewer.nix
|
|
|
|
./services/monitoring/telegraf.nix
|
|
|
|
./services/monitoring/ups.nix
|
|
|
|
./services/monitoring/uptime.nix
|
|
|
|
./services/monitoring/vnstat.nix
|
|
|
|
./services/monitoring/zabbix-agent.nix
|
|
|
|
./services/monitoring/zabbix-server.nix
|
|
|
|
./services/network-filesystems/beegfs.nix
|
|
|
|
./services/network-filesystems/cachefilesd.nix
|
|
|
|
./services/network-filesystems/davfs2.nix
|
|
|
|
./services/network-filesystems/drbd.nix
|
|
|
|
./services/network-filesystems/glusterfs.nix
|
|
|
|
./services/network-filesystems/kbfs.nix
|
|
|
|
./services/network-filesystems/ipfs.nix
|
|
|
|
./services/network-filesystems/netatalk.nix
|
|
|
|
./services/network-filesystems/nfsd.nix
|
|
|
|
./services/network-filesystems/openafs/client.nix
|
|
|
|
./services/network-filesystems/openafs/server.nix
|
|
|
|
./services/network-filesystems/rsyncd.nix
|
|
|
|
./services/network-filesystems/samba.nix
|
|
|
|
./services/network-filesystems/tahoe.nix
|
|
|
|
./services/network-filesystems/diod.nix
|
|
|
|
./services/network-filesystems/u9fs.nix
|
|
|
|
./services/network-filesystems/yandex-disk.nix
|
|
|
|
./services/network-filesystems/xtreemfs.nix
|
|
|
|
./services/network-filesystems/ceph.nix
|
|
|
|
./services/networking/amuled.nix
|
|
|
|
./services/networking/aria2.nix
|
|
|
|
./services/networking/asterisk.nix
|
|
|
|
./services/networking/atftpd.nix
|
|
|
|
./services/networking/avahi-daemon.nix
|
|
|
|
./services/networking/babeld.nix
|
|
|
|
./services/networking/bind.nix
|
|
|
|
./services/networking/autossh.nix
|
|
|
|
./services/networking/bird.nix
|
|
|
|
./services/networking/bitlbee.nix
|
|
|
|
./services/networking/btsync.nix
|
|
|
|
./services/networking/charybdis.nix
|
|
|
|
./services/networking/chrony.nix
|
|
|
|
./services/networking/cjdns.nix
|
|
|
|
./services/networking/cntlm.nix
|
|
|
|
./services/networking/connman.nix
|
|
|
|
./services/networking/consul.nix
|
|
|
|
./services/networking/coredns.nix
|
|
|
|
./services/networking/coturn.nix
|
|
|
|
./services/networking/dante.nix
|
|
|
|
./services/networking/ddclient.nix
|
|
|
|
./services/networking/dhcpcd.nix
|
|
|
|
./services/networking/dhcpd.nix
|
|
|
|
./services/networking/dnscache.nix
|
|
|
|
./services/networking/dnschain.nix
|
|
|
|
./services/networking/dnscrypt-proxy.nix
|
|
|
|
./services/networking/dnscrypt-wrapper.nix
|
|
|
|
./services/networking/dnsdist.nix
|
|
|
|
./services/networking/dnsmasq.nix
|
|
|
|
./services/networking/ejabberd.nix
|
|
|
|
./services/networking/epmd.nix
|
|
|
|
./services/networking/eternal-terminal.nix
|
|
|
|
./services/networking/fakeroute.nix
|
|
|
|
./services/networking/ferm.nix
|
|
|
|
./services/networking/firefox/sync-server.nix
|
|
|
|
./services/networking/fireqos.nix
|
|
|
|
./services/networking/firewall.nix
|
|
|
|
./services/networking/flannel.nix
|
|
|
|
./services/networking/flashpolicyd.nix
|
|
|
|
./services/networking/freenet.nix
|
|
|
|
./services/networking/freeradius.nix
|
|
|
|
./services/networking/gale.nix
|
|
|
|
./services/networking/gateone.nix
|
|
|
|
./services/networking/gdomap.nix
|
|
|
|
./services/networking/git-daemon.nix
|
|
|
|
./services/networking/gnunet.nix
|
|
|
|
./services/networking/gogoclient.nix
|
|
|
|
./services/networking/gvpe.nix
|
|
|
|
./services/networking/hans.nix
|
|
|
|
./services/networking/haproxy.nix
|
|
|
|
./services/networking/heyefi.nix
|
|
|
|
./services/networking/hostapd.nix
|
|
|
|
./services/networking/htpdate.nix
|
|
|
|
./services/networking/hylafax/default.nix
|
|
|
|
./services/networking/i2pd.nix
|
|
|
|
./services/networking/i2p.nix
|
|
|
|
./services/networking/iodine.nix
|
|
|
|
./services/networking/iperf3.nix
|
|
|
|
./services/networking/ircd-hybrid/default.nix
|
|
|
|
./services/networking/iwd.nix
|
|
|
|
./services/networking/keepalived/default.nix
|
|
|
|
./services/networking/keybase.nix
|
|
|
|
./services/networking/kippo.nix
|
|
|
|
./services/networking/kresd.nix
|
|
|
|
./services/networking/lambdabot.nix
|
|
|
|
./services/networking/libreswan.nix
|
|
|
|
./services/networking/lldpd.nix
|
|
|
|
./services/networking/logmein-hamachi.nix
|
|
|
|
./services/networking/mailpile.nix
|
|
|
|
./services/networking/matterbridge.nix
|
|
|
|
./services/networking/mjpg-streamer.nix
|
|
|
|
./services/networking/minidlna.nix
|
|
|
|
./services/networking/miniupnpd.nix
|
|
|
|
./services/networking/mosquitto.nix
|
|
|
|
./services/networking/monero.nix
|
|
|
|
./services/networking/morty.nix
|
|
|
|
./services/networking/miredo.nix
|
|
|
|
./services/networking/mstpd.nix
|
|
|
|
./services/networking/murmur.nix
|
|
|
|
./services/networking/mxisd.nix
|
|
|
|
./services/networking/namecoind.nix
|
|
|
|
./services/networking/nat.nix
|
|
|
|
./services/networking/ndppd.nix
|
|
|
|
./services/networking/networkmanager.nix
|
|
|
|
./services/networking/nftables.nix
|
|
|
|
./services/networking/ngircd.nix
|
|
|
|
./services/networking/nghttpx/default.nix
|
|
|
|
./services/networking/nix-serve.nix
|
|
|
|
./services/networking/nixops-dns.nix
|
|
|
|
./services/networking/nntp-proxy.nix
|
|
|
|
./services/networking/nsd.nix
|
|
|
|
./services/networking/ntopng.nix
|
|
|
|
./services/networking/ntpd.nix
|
|
|
|
./services/networking/nullidentdmod.nix
|
|
|
|
./services/networking/nylon.nix
|
|
|
|
./services/networking/ocserv.nix
|
|
|
|
./services/networking/oidentd.nix
|
|
|
|
./services/networking/openfire.nix
|
|
|
|
./services/networking/openntpd.nix
|
|
|
|
./services/networking/openvpn.nix
|
|
|
|
./services/networking/ostinato.nix
|
|
|
|
./services/networking/owamp.nix
|
|
|
|
./services/networking/pdnsd.nix
|
|
|
|
./services/networking/polipo.nix
|
|
|
|
./services/networking/powerdns.nix
|
|
|
|
./services/networking/pdns-recursor.nix
|
|
|
|
./services/networking/pptpd.nix
|
|
|
|
./services/networking/prayer.nix
|
|
|
|
./services/networking/privoxy.nix
|
|
|
|
./services/networking/prosody.nix
|
|
|
|
./services/networking/quagga.nix
|
|
|
|
./services/networking/quassel.nix
|
|
|
|
./services/networking/racoon.nix
|
|
|
|
./services/networking/radicale.nix
|
|
|
|
./services/networking/radvd.nix
|
|
|
|
./services/networking/rdnssd.nix
|
|
|
|
./services/networking/redsocks.nix
|
|
|
|
./services/networking/resilio.nix
|
|
|
|
./services/networking/rpcbind.nix
|
|
|
|
./services/networking/rxe.nix
|
|
|
|
./services/networking/sabnzbd.nix
|
|
|
|
./services/networking/searx.nix
|
|
|
|
./services/networking/seeks.nix
|
|
|
|
./services/networking/skydns.nix
|
|
|
|
./services/networking/shadowsocks.nix
|
|
|
|
./services/networking/shairport-sync.nix
|
|
|
|
./services/networking/shout.nix
|
|
|
|
./services/networking/sniproxy.nix
|
|
|
|
./services/networking/smokeping.nix
|
|
|
|
./services/networking/softether.nix
|
|
|
|
./services/networking/spiped.nix
|
|
|
|
./services/networking/squid.nix
|
|
|
|
./services/networking/sslh.nix
|
|
|
|
./services/networking/ssh/lshd.nix
|
|
|
|
./services/networking/ssh/sshd.nix
|
|
|
|
./services/networking/strongswan.nix
|
|
|
|
./services/networking/strongswan-swanctl/module.nix
|
|
|
|
./services/networking/stunnel.nix
|
|
|
|
./services/networking/stubby.nix
|
|
|
|
./services/networking/supplicant.nix
|
|
|
|
./services/networking/supybot.nix
|
|
|
|
./services/networking/syncthing.nix
|
|
|
|
./services/networking/syncthing-relay.nix
|
|
|
|
./services/networking/tcpcrypt.nix
|
|
|
|
./services/networking/teamspeak3.nix
|
|
|
|
./services/networking/tinc.nix
|
|
|
|
./services/networking/tinydns.nix
|
|
|
|
./services/networking/tftpd.nix
|
|
|
|
./services/networking/tox-bootstrapd.nix
|
|
|
|
./services/networking/toxvpn.nix
|
|
|
|
./services/networking/tvheadend.nix
|
|
|
|
./services/networking/unbound.nix
|
|
|
|
./services/networking/unifi.nix
|
|
|
|
./services/networking/vsftpd.nix
|
|
|
|
./services/networking/wakeonlan.nix
|
|
|
|
./services/networking/websockify.nix
|
|
|
|
./services/networking/wicd.nix
|
|
|
|
./services/networking/wireguard.nix
|
|
|
|
./services/networking/wpa_supplicant.nix
|
|
|
|
./services/networking/xinetd.nix
|
|
|
|
./services/networking/xl2tpd.nix
|
|
|
|
./services/networking/xrdp.nix
|
|
|
|
./services/networking/zerobin.nix
|
|
|
|
./services/networking/zeronet.nix
|
|
|
|
./services/networking/zerotierone.nix
|
|
|
|
./services/networking/znc/default.nix
|
|
|
|
./services/printing/cupsd.nix
|
|
|
|
./services/scheduling/atd.nix
|
|
|
|
./services/scheduling/chronos.nix
|
|
|
|
./services/scheduling/cron.nix
|
|
|
|
./services/scheduling/fcron.nix
|
|
|
|
./services/scheduling/marathon.nix
|
|
|
|
./services/search/elasticsearch.nix
|
|
|
|
./services/search/elasticsearch-curator.nix
|
|
|
|
./services/search/hound.nix
|
|
|
|
./services/search/kibana.nix
|
|
|
|
./services/search/solr.nix
|
|
|
|
./services/security/certmgr.nix
|
|
|
|
./services/security/cfssl.nix
|
|
|
|
./services/security/clamav.nix
|
|
|
|
./services/security/fail2ban.nix
|
|
|
|
./services/security/fprintd.nix
|
|
|
|
./services/security/fprot.nix
|
|
|
|
./services/security/haka.nix
|
|
|
|
./services/security/haveged.nix
|
|
|
|
./services/security/hologram-server.nix
|
|
|
|
./services/security/hologram-agent.nix
|
|
|
|
./services/security/munge.nix
|
|
|
|
./services/security/nginx-sso.nix
|
|
|
|
./services/security/oauth2_proxy.nix
|
|
|
|
./services/security/oauth2_proxy_nginx.nix
|
|
|
|
./services/security/physlock.nix
|
|
|
|
./services/security/shibboleth-sp.nix
|
|
|
|
./services/security/sks.nix
|
|
|
|
./services/security/sshguard.nix
|
|
|
|
./services/security/tor.nix
|
|
|
|
./services/security/torify.nix
|
|
|
|
./services/security/torsocks.nix
|
|
|
|
./services/security/usbguard.nix
|
|
|
|
./services/security/vault.nix
|
|
|
|
./services/system/cgmanager.nix
|
|
|
|
./services/system/cloud-init.nix
|
|
|
|
./services/system/dbus.nix
|
|
|
|
./services/system/earlyoom.nix
|
|
|
|
./services/system/localtime.nix
|
|
|
|
./services/system/kerberos/default.nix
|
|
|
|
./services/system/nscd.nix
|
|
|
|
./services/system/saslauthd.nix
|
|
|
|
./services/system/uptimed.nix
|
|
|
|
./services/torrent/deluge.nix
|
|
|
|
./services/torrent/flexget.nix
|
|
|
|
./services/torrent/opentracker.nix
|
|
|
|
./services/torrent/peerflix.nix
|
|
|
|
./services/torrent/transmission.nix
|
|
|
|
./services/ttys/agetty.nix
|
|
|
|
./services/ttys/gpm.nix
|
|
|
|
./services/ttys/kmscon.nix
|
|
|
|
./services/web-apps/atlassian/confluence.nix
|
|
|
|
./services/web-apps/atlassian/crowd.nix
|
|
|
|
./services/web-apps/atlassian/jira.nix
|
|
|
|
./services/web-apps/codimd.nix
|
|
|
|
./services/web-apps/frab.nix
|
|
|
|
./services/web-apps/icingaweb2/icingaweb2.nix
|
|
|
|
./services/web-apps/icingaweb2/module-monitoring.nix
|
|
|
|
./services/web-apps/mattermost.nix
|
|
|
|
./services/web-apps/nextcloud.nix
|
|
|
|
./services/web-apps/nexus.nix
|
|
|
|
./services/web-apps/pgpkeyserver-lite.nix
|
|
|
|
./services/web-apps/matomo.nix
|
|
|
|
./services/web-apps/restya-board.nix
|
|
|
|
./services/web-apps/tt-rss.nix
|
|
|
|
./services/web-apps/selfoss.nix
|
|
|
|
./services/web-apps/virtlyst.nix
|
|
|
|
./services/web-apps/youtrack.nix
|
|
|
|
./services/web-servers/apache-httpd/default.nix
|
|
|
|
./services/web-servers/caddy.nix
|
|
|
|
./services/web-servers/fcgiwrap.nix
|
|
|
|
./services/web-servers/hitch/default.nix
|
|
|
|
./services/web-servers/hydron.nix
|
|
|
|
./services/web-servers/jboss/default.nix
|
|
|
|
./services/web-servers/lighttpd/cgit.nix
|
|
|
|
./services/web-servers/lighttpd/collectd.nix
|
|
|
|
./services/web-servers/lighttpd/default.nix
|
|
|
|
./services/web-servers/lighttpd/gitweb.nix
|
|
|
|
./services/web-servers/meguca.nix
|
|
|
|
./services/web-servers/mighttpd2.nix
|
|
|
|
./services/web-servers/minio.nix
|
|
|
|
./services/web-servers/nginx/default.nix
|
|
|
|
./services/web-servers/nginx/gitweb.nix
|
|
|
|
./services/web-servers/phpfpm/default.nix
|
|
|
|
./services/web-servers/shellinabox.nix
|
|
|
|
./services/web-servers/tomcat.nix
|
|
|
|
./services/web-servers/traefik.nix
|
|
|
|
./services/web-servers/uwsgi.nix
|
|
|
|
./services/web-servers/varnish/default.nix
|
|
|
|
./services/web-servers/winstone.nix
|
|
|
|
./services/web-servers/zope2.nix
|
|
|
|
./services/x11/colord.nix
|
|
|
|
./services/x11/compton.nix
|
|
|
|
./services/x11/unclutter.nix
|
|
|
|
./services/x11/unclutter-xfixes.nix
|
|
|
|
./services/x11/desktop-managers/default.nix
|
|
|
|
./services/x11/display-managers/auto.nix
|
|
|
|
./services/x11/display-managers/default.nix
|
|
|
|
./services/x11/display-managers/gdm.nix
|
|
|
|
./services/x11/display-managers/lightdm.nix
|
|
|
|
./services/x11/display-managers/sddm.nix
|
|
|
|
./services/x11/display-managers/slim.nix
|
|
|
|
./services/x11/display-managers/startx.nix
|
|
|
|
./services/x11/display-managers/xpra.nix
|
|
|
|
./services/x11/fractalart.nix
|
|
|
|
./services/x11/hardware/libinput.nix
|
|
|
|
./services/x11/hardware/multitouch.nix
|
|
|
|
./services/x11/hardware/synaptics.nix
|
|
|
|
./services/x11/hardware/wacom.nix
|
|
|
|
./services/x11/gdk-pixbuf.nix
|
|
|
|
./services/x11/redshift.nix
|
|
|
|
./services/x11/urxvtd.nix
|
|
|
|
./services/x11/window-managers/awesome.nix
|
|
|
|
./services/x11/window-managers/default.nix
|
|
|
|
./services/x11/window-managers/fluxbox.nix
|
|
|
|
./services/x11/window-managers/icewm.nix
|
|
|
|
./services/x11/window-managers/bspwm.nix
|
|
|
|
./services/x11/window-managers/metacity.nix
|
|
|
|
./services/x11/window-managers/none.nix
|
|
|
|
./services/x11/window-managers/twm.nix
|
|
|
|
./services/x11/window-managers/windowlab.nix
|
|
|
|
./services/x11/window-managers/wmii.nix
|
|
|
|
./services/x11/window-managers/xmonad.nix
|
|
|
|
./services/x11/xautolock.nix
|
|
|
|
./services/x11/xbanish.nix
|
|
|
|
./services/x11/xfs.nix
|
|
|
|
./services/x11/xserver.nix
|
|
|
|
./system/activation/activation-script.nix
|
|
|
|
./system/activation/top-level.nix
|
|
|
|
./system/boot/binfmt.nix
|
|
|
|
./system/boot/coredump.nix
|
|
|
|
./system/boot/emergency-mode.nix
|
|
|
|
./system/boot/grow-partition.nix
|
|
|
|
./system/boot/initrd-network.nix
|
|
|
|
./system/boot/initrd-ssh.nix
|
|
|
|
./system/boot/kernel.nix
|
|
|
|
./system/boot/kexec.nix
|
|
|
|
./system/boot/loader/efi.nix
|
|
|
|
./system/boot/loader/generations-dir/generations-dir.nix
|
|
|
|
./system/boot/loader/generic-extlinux-compatible
|
|
|
|
./system/boot/loader/grub/grub.nix
|
|
|
|
./system/boot/loader/grub/ipxe.nix
|
|
|
|
./system/boot/loader/grub/memtest.nix
|
|
|
|
./system/boot/loader/init-script/init-script.nix
|
|
|
|
./system/boot/loader/loader.nix
|
|
|
|
./system/boot/loader/raspberrypi/raspberrypi.nix
|
|
|
|
./system/boot/loader/systemd-boot/systemd-boot.nix
|
|
|
|
./system/boot/luksroot.nix
|
|
|
|
./system/boot/modprobe.nix
|
|
|
|
./system/boot/networkd.nix
|
|
|
|
./system/boot/plymouth.nix
|
|
|
|
./system/boot/resolved.nix
|
|
|
|
./system/boot/shutdown.nix
|
|
|
|
./system/boot/stage-1.nix
|
|
|
|
./system/boot/stage-2.nix
|
|
|
|
./system/boot/systemd.nix
|
|
|
|
./system/boot/systemd-nspawn.nix
|
|
|
|
./system/boot/timesyncd.nix
|
|
|
|
./system/boot/tmp.nix
|
|
|
|
./system/etc/etc.nix
|
|
|
|
./tasks/auto-upgrade.nix
|
|
|
|
./tasks/bcache.nix
|
|
|
|
./tasks/cpu-freq.nix
|
|
|
|
./tasks/encrypted-devices.nix
|
|
|
|
./tasks/filesystems.nix
|
|
|
|
./tasks/filesystems/bcachefs.nix
|
|
|
|
./tasks/filesystems/btrfs.nix
|
|
|
|
./tasks/filesystems/cifs.nix
|
|
|
|
./tasks/filesystems/ecryptfs.nix
|
|
|
|
./tasks/filesystems/exfat.nix
|
|
|
|
./tasks/filesystems/ext.nix
|
|
|
|
./tasks/filesystems/f2fs.nix
|
|
|
|
./tasks/filesystems/jfs.nix
|
|
|
|
./tasks/filesystems/nfs.nix
|
|
|
|
./tasks/filesystems/ntfs.nix
|
|
|
|
./tasks/filesystems/reiserfs.nix
|
|
|
|
./tasks/filesystems/unionfs-fuse.nix
|
|
|
|
./tasks/filesystems/vboxsf.nix
|
|
|
|
./tasks/filesystems/vfat.nix
|
|
|
|
./tasks/filesystems/xfs.nix
|
|
|
|
./tasks/filesystems/zfs.nix
|
|
|
|
./tasks/kbd.nix
|
|
|
|
./tasks/lvm.nix
|
|
|
|
./tasks/network-interfaces.nix
|
|
|
|
./tasks/network-interfaces-systemd.nix
|
|
|
|
./tasks/network-interfaces-scripted.nix
|
|
|
|
./tasks/scsi-link-power-management.nix
|
|
|
|
./tasks/swraid.nix
|
|
|
|
./tasks/trackpoint.nix
|
|
|
|
./tasks/powertop.nix
|
|
|
|
./testing/service-runner.nix
|
|
|
|
./virtualisation/container-config.nix
|
|
|
|
./virtualisation/containers.nix
|
|
|
|
./virtualisation/docker.nix
|
|
|
|
./virtualisation/ecs-agent.nix
|
|
|
|
./virtualisation/libvirtd.nix
|
|
|
|
./virtualisation/lxc.nix
|
|
|
|
./virtualisation/lxcfs.nix
|
|
|
|
./virtualisation/lxd.nix
|
|
|
|
./virtualisation/amazon-options.nix
|
|
|
|
./virtualisation/hyperv-guest.nix
|
|
|
|
./virtualisation/kvmgt.nix
|
|
|
|
./virtualisation/openvswitch.nix
|
|
|
|
./virtualisation/parallels-guest.nix
|
|
|
|
./virtualisation/qemu-guest-agent.nix
|
|
|
|
./virtualisation/rkt.nix
|
|
|
|
./virtualisation/virtualbox-guest.nix
|
|
|
|
./virtualisation/virtualbox-host.nix
|
|
|
|
./virtualisation/vmware-guest.nix
|
|
|
|
./virtualisation/xen-dom0.nix
|
|
|
|
./virtualisation/xe-guest-utilities.nix
|
|
|
|
]
|