mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-10 19:55:41 +03:00
4f0dadbf38
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build a08b3a4d19.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
228 lines
7.2 KiB
Nix
228 lines
7.2 KiB
Nix
# fwupd daemon.
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.services.fwupd;
|
|
|
|
format = pkgs.formats.ini {
|
|
listToValue = l: lib.concatStringsSep ";" (map (s: lib.generators.mkValueStringDefault { } s) l);
|
|
mkKeyValue = lib.generators.mkKeyValueDefault { } "=";
|
|
};
|
|
|
|
customEtc = {
|
|
"fwupd/fwupd.conf" = {
|
|
source = format.generate "fwupd.conf" (
|
|
{
|
|
fwupd = cfg.daemonSettings;
|
|
}
|
|
// lib.optionalAttrs (lib.length (lib.attrNames cfg.uefiCapsuleSettings) != 0) {
|
|
uefi_capsule = cfg.uefiCapsuleSettings;
|
|
}
|
|
);
|
|
# fwupd tries to chmod the file if it doesn't have the right permissions
|
|
mode = "0640";
|
|
};
|
|
};
|
|
|
|
originalEtc =
|
|
let
|
|
mkEtcFile = n: lib.nameValuePair n { source = "${cfg.package}/etc/${n}"; };
|
|
in
|
|
lib.listToAttrs (map mkEtcFile cfg.package.filesInstalledToEtc);
|
|
extraTrustedKeys =
|
|
let
|
|
mkName = p: "pki/fwupd/${baseNameOf (toString p)}";
|
|
mkEtcFile = p: lib.nameValuePair (mkName p) { source = p; };
|
|
in
|
|
lib.listToAttrs (map mkEtcFile cfg.extraTrustedKeys);
|
|
|
|
enableRemote = base: remote: {
|
|
"fwupd/remotes.d/${remote}.conf" = {
|
|
source = pkgs.runCommand "${remote}-enabled.conf" { } ''
|
|
sed "s,^Enabled=false,Enabled=true," \
|
|
"${base}/etc/fwupd/remotes.d/${remote}.conf" > "$out"
|
|
'';
|
|
};
|
|
};
|
|
remotes =
|
|
(lib.foldl' (
|
|
configFiles: remote: configFiles // (enableRemote cfg.package remote)
|
|
) { } cfg.extraRemotes)
|
|
// (
|
|
# We cannot include the file in $out and rely on filesInstalledToEtc
|
|
# to install it because it would create a cyclic dependency between
|
|
# the outputs. We also need to enable the remote,
|
|
# which should not be done by default.
|
|
lib.optionalAttrs (cfg.daemonSettings.TestDevices or false) (
|
|
enableRemote cfg.package.installedTests "fwupd-tests"
|
|
)
|
|
);
|
|
|
|
in
|
|
{
|
|
|
|
###### interface
|
|
options = {
|
|
services.fwupd = {
|
|
enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = ''
|
|
Whether to enable fwupd, a DBus service that allows
|
|
applications to update firmware.
|
|
'';
|
|
};
|
|
|
|
extraTrustedKeys = lib.mkOption {
|
|
type = lib.types.listOf lib.types.path;
|
|
default = [ ];
|
|
example = lib.literalExpression "[ /etc/nixos/fwupd/myfirmware.pem ]";
|
|
description = ''
|
|
Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files. By default trusted firmware can be upgraded (but not downgraded) without the user or administrator password. Only very few keys are installed by default.
|
|
'';
|
|
};
|
|
|
|
extraRemotes = lib.mkOption {
|
|
type = with lib.types; listOf str;
|
|
default = [ ];
|
|
example = [ "lvfs-testing" ];
|
|
description = ''
|
|
Enables extra remotes in fwupd. See `/etc/fwupd/remotes.d`.
|
|
'';
|
|
};
|
|
|
|
package = lib.mkPackageOption pkgs "fwupd" { };
|
|
|
|
daemonSettings = lib.mkOption {
|
|
type = lib.types.submodule {
|
|
freeformType = format.type.nestedTypes.elemType;
|
|
options = {
|
|
DisabledDevices = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ ];
|
|
example = [ "2082b5e0-7a64-478a-b1b2-e3404fab6dad" ];
|
|
description = ''
|
|
List of device GUIDs to be disabled.
|
|
'';
|
|
};
|
|
|
|
DisabledPlugins = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ ];
|
|
example = [ "udev" ];
|
|
description = ''
|
|
List of plugins to be disabled.
|
|
'';
|
|
};
|
|
|
|
EspLocation = lib.mkOption {
|
|
type = lib.types.path;
|
|
default = config.boot.loader.efi.efiSysMountPoint;
|
|
defaultText = lib.literalExpression "config.boot.loader.efi.efiSysMountPoint";
|
|
description = ''
|
|
The EFI system partition (ESP) path used if UDisks is not available
|
|
or if this partition is not mounted at /boot/efi, /boot, or /efi
|
|
'';
|
|
};
|
|
|
|
TestDevices = lib.mkOption {
|
|
internal = true;
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = ''
|
|
Create virtual test devices and remote for validating daemon flows.
|
|
This is only intended for CI testing and development purposes.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
default = { };
|
|
description = ''
|
|
Configurations for the fwupd daemon.
|
|
'';
|
|
};
|
|
|
|
uefiCapsuleSettings = lib.mkOption {
|
|
type = lib.types.submodule {
|
|
freeformType = format.type.nestedTypes.elemType;
|
|
};
|
|
default = { };
|
|
description = ''
|
|
UEFI capsule configurations for the fwupd daemon.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
imports = [
|
|
(lib.mkRenamedOptionModule
|
|
[ "services" "fwupd" "blacklistDevices" ]
|
|
[ "services" "fwupd" "daemonSettings" "DisabledDevices" ]
|
|
)
|
|
(lib.mkRenamedOptionModule
|
|
[ "services" "fwupd" "blacklistPlugins" ]
|
|
[ "services" "fwupd" "daemonSettings" "DisabledPlugins" ]
|
|
)
|
|
(lib.mkRenamedOptionModule
|
|
[ "services" "fwupd" "disabledDevices" ]
|
|
[ "services" "fwupd" "daemonSettings" "DisabledDevices" ]
|
|
)
|
|
(lib.mkRenamedOptionModule
|
|
[ "services" "fwupd" "disabledPlugins" ]
|
|
[ "services" "fwupd" "daemonSettings" "DisabledPlugins" ]
|
|
)
|
|
(lib.mkRemovedOptionModule [ "services" "fwupd" "enableTestRemote" ]
|
|
"This option was removed after being removed upstream. It only provided a method for testing fwupd functionality, and should not have been exposed for use outside of nix tests."
|
|
)
|
|
];
|
|
|
|
###### implementation
|
|
config = lib.mkIf cfg.enable {
|
|
# Disable test related plug-ins implicitly so that users do not have to care about them.
|
|
services.fwupd.daemonSettings = {
|
|
EspLocation = config.boot.loader.efi.efiSysMountPoint;
|
|
};
|
|
|
|
environment.systemPackages = [ cfg.package ];
|
|
|
|
# customEtc overrides some files from the package
|
|
environment.etc = originalEtc // customEtc // extraTrustedKeys // remotes;
|
|
|
|
services.dbus.packages = [ cfg.package ];
|
|
|
|
services.udev.packages = [ cfg.package ];
|
|
|
|
# required to update the firmware of disks
|
|
services.udisks2.enable = true;
|
|
|
|
systemd = {
|
|
packages = [ cfg.package ];
|
|
|
|
# fwupd-refresh expects a user that we do not create, so just run with DynamicUser
|
|
# instead and ensure we take ownership of /var/lib/fwupd
|
|
services.fwupd-refresh.serviceConfig = {
|
|
StateDirectory = "fwupd";
|
|
# Better for debugging, upstream sets stderr to null for some reason..
|
|
StandardError = "inherit";
|
|
};
|
|
|
|
timers.fwupd-refresh.wantedBy = [ "timers.target" ];
|
|
};
|
|
|
|
users.users.fwupd-refresh = {
|
|
isSystemUser = true;
|
|
group = "fwupd-refresh";
|
|
};
|
|
users.groups.fwupd-refresh = { };
|
|
|
|
security.polkit.enable = true;
|
|
};
|
|
|
|
meta = {
|
|
maintainers = pkgs.fwupd.meta.maintainers;
|
|
};
|
|
}
|