···

       
80
       
 
       
    };

     

       
81
       
 
       


     

       
82
       
 
       
    # ‘/etc/locale.conf’ is used by systemd.

     

       
83
       
-
       
    environment.etc = singleton

     

       
84
       
-
       
      { target = "locale.conf";

     

       
85
       
-
       
        source = pkgs.writeText "locale.conf"

     

       
86
       
-
       
          ''

     

       
87
       
-
       
            LANG=${config.i18n.defaultLocale}

     

       
88
       
-
       
            ${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}

     

       
89
       
-
       
          '';

     

       
90
       
-
       
      };

     

       
91
       
 
       


     

       
92
       
 
       
  };

     

       
93
       
 
       
}

     

···

       
80
       
 
       
    };

     

       
81
       
 
       


     

       
82
       
 
       
    # ‘/etc/locale.conf’ is used by systemd.

     

       
83
       
+
       
    environment.etc."locale.conf".source = pkgs.writeText "locale.conf"

     

       
84
       
+
       
      ''

     

       
85
       
+
       
        LANG=${config.i18n.defaultLocale}

     

       
86
       
+
       
        ${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}

     

       
87
       
+
       
      '';

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
88
       
 
       


     

       
89
       
 
       
  };

     

       
90
       
 
       
}

     

···

       
224
       
 
       


     

       
225
       
 
       
  config = mkIf cfg.enable {

     

       
226
       
 
       


     

       
227
       
-
       
    environment.etc = optional (!cfg.daemon.enable) ldapConfig;

     

       
0
       
 
       

     

       
0
       
 
       

     

       
228
       
 
       


     

       
229
       
 
       
    system.activationScripts = mkIf (!cfg.daemon.enable) {

     

       
230
       
 
       
      ldap = stringAfter [ "etc" "groups" "users" ] ''

     

···

       
224
       
 
       


     

       
225
       
 
       
  config = mkIf cfg.enable {

     

       
226
       
 
       


     

       
227
       
+
       
    environment.etc = optionalAttrs (!cfg.daemon.enable) {

     

       
228
       
+
       
      "ldap.conf" = ldapConfig;

     

       
229
       
+
       
    };

     

       
230
       
 
       


     

       
231
       
 
       
    system.activationScripts = mkIf (!cfg.daemon.enable) {

     

       
232
       
 
       
      ldap = stringAfter [ "etc" "groups" "users" ] ''

     

···

       
215
       
 
       


     

       
216
       
 
       
  config = mkMerge [

     

       
217
       
 
       
    {

     

       
218
       
-
       
      environment.etc = singleton {

     

       
219
       
-
       
        target = "pulse/client.conf";

     

       
220
       
-
       
        source = clientConf;

     

       
221
       
 
       
      };

     

       
222
       
 
       


     

       
223
       
 
       
      hardware.pulseaudio.configFile = mkDefault "${getBin overriddenPackage}/etc/pulse/default.pa";

     
···

       
228
       
 
       


     

       
229
       
 
       
      sound.enable = true;

     

       
230
       
 
       


     

       
231
       
-
       
      environment.etc = [

     

       
232
       
-
       
        { target = "asound.conf";

     

       
233
       
-
       
          source = alsaConf; }

     

       
234
       
 
       


     

       
235
       
-
       
        { target = "pulse/daemon.conf";

     

       
236
       
-
       
          source = writeText "daemon.conf" (lib.generators.toKeyValue {} cfg.daemon.config); }

     

       
237
       
 
       


     

       
238
       
-
       
        { target = "openal/alsoft.conf";

     

       
239
       
-
       
          source = writeText "alsoft.conf" "drivers=pulse"; }

     

       
240
       
 
       


     

       
241
       
-
       
        { target = "libao.conf";

     

       
242
       
-
       
          source = writeText "libao.conf" "default_driver=pulse"; }

     

       
243
       
-
       
      ];

     

       
244
       
 
       


     

       
245
       
 
       
      # Disable flat volumes to enable relative ones

     

       
246
       
 
       
      hardware.pulseaudio.daemon.config.flat-volumes = mkDefault "no";

     
···

       
275
       
 
       
    })

     

       
276
       
 
       


     

       
277
       
 
       
    (mkIf nonSystemWide {

     

       
278
       
-
       
      environment.etc = singleton {

     

       
279
       
-
       
        target = "pulse/default.pa";

     

       
280
       
-
       
        source = myConfigFile;

     

       
281
       
 
       
      };

     

       
282
       
 
       
      systemd.user = {

     

       
283
       
 
       
        services.pulseaudio = {

     

···

       
215
       
 
       


     

       
216
       
 
       
  config = mkMerge [

     

       
217
       
 
       
    {

     

       
218
       
+
       
      environment.etc = {

     

       
219
       
+
       
        "pulse/client.conf".source = clientConf;

     

       
0
       
 
       

     

       
220
       
 
       
      };

     

       
221
       
 
       


     

       
222
       
 
       
      hardware.pulseaudio.configFile = mkDefault "${getBin overriddenPackage}/etc/pulse/default.pa";

     
···

       
227
       
 
       


     

       
228
       
 
       
      sound.enable = true;

     

       
229
       
 
       


     

       
230
       
+
       
      environment.etc = {

     

       
231
       
+
       
        "asound.conf".source = alsaConf;

     

       
0
       
 
       

     

       
232
       
 
       


     

       
233
       
+
       
        "pulse/daemon.conf".source = writeText "daemon.conf"

     

       
234
       
+
       
          (lib.generators.toKeyValue {} cfg.daemon.config);

     

       
235
       
 
       


     

       
236
       
+
       
        "openal/alsoft.conf".source = writeText "alsoft.conf" "drivers=pulse";

     

       
0
       
 
       

     

       
237
       
 
       


     

       
238
       
+
       
        "libao.conf".source = writeText "libao.conf" "default_driver=pulse";

     

       
239
       
+
       
      };

     

       
0
       
 
       

     

       
240
       
 
       


     

       
241
       
 
       
      # Disable flat volumes to enable relative ones

     

       
242
       
 
       
      hardware.pulseaudio.daemon.config.flat-volumes = mkDefault "no";

     
···

       
271
       
 
       
    })

     

       
272
       
 
       


     

       
273
       
 
       
    (mkIf nonSystemWide {

     

       
274
       
+
       
      environment.etc = {

     

       
275
       
+
       
        "pulse/default.pa".source = myConfigFile;

     

       
0
       
 
       

     

       
276
       
 
       
      };

     

       
277
       
 
       
      systemd.user = {

     

       
278
       
 
       
        services.pulseaudio = {

     

···

       
122
       
 
       


     

       
123
       
 
       
  /* fake entry, just to have a happy stage-1. Users

     

       
124
       
 
       
     may boot without having stage-1 though */

     

       
125
       
-
       
  fileSystems = [

     

       
126
       
 
       
    { mountPoint = "/";

     

       
127
       
 
       
      device = "/dev/something";

     

       
128
       
-
       
      }

     

       
129
       
-
       
  ];

     

       
130
       
 
       


     

       
131
       
 
       
  nixpkgs.config = {

     

       
132
       
 
       
    packageOverrides = p: {

     

···

       
122
       
 
       


     

       
123
       
 
       
  /* fake entry, just to have a happy stage-1. Users

     

       
124
       
 
       
     may boot without having stage-1 though */

     

       
125
       
+
       
  fileSystems.fake =

     

       
126
       
 
       
    { mountPoint = "/";

     

       
127
       
 
       
      device = "/dev/something";

     

       
128
       
+
       
    };

     

       
0
       
 
       

     

       
129
       
 
       


     

       
130
       
 
       
  nixpkgs.config = {

     

       
131
       
 
       
    packageOverrides = p: {

     

···

       
117
       
 
       


     

       
118
       
 
       
  /* fake entry, just to have a happy stage-1. Users

     

       
119
       
 
       
     may boot without having stage-1 though */

     

       
120
       
-
       
  fileSystems = [

     

       
121
       
 
       
    { mountPoint = "/";

     

       
122
       
 
       
      device = "/dev/something";

     

       
123
       
-
       
      }

     

       
124
       
-
       
  ];

     

       
125
       
 
       


     

       
126
       
 
       
  services.mingetty = {

     

       
127
       
 
       
    # Some more help text.

     

···

       
117
       
 
       


     

       
118
       
 
       
  /* fake entry, just to have a happy stage-1. Users

     

       
119
       
 
       
     may boot without having stage-1 though */

     

       
120
       
+
       
  fileSystems.fake =

     

       
121
       
 
       
    { mountPoint = "/";

     

       
122
       
 
       
      device = "/dev/something";

     

       
123
       
+
       
    };

     

       
0
       
 
       

     

       
124
       
 
       


     

       
125
       
 
       
  services.mingetty = {

     

       
126
       
 
       
    # Some more help text.

     

···

       
41
       
 
       


     

       
42
       
 
       
    # In stage 1 of the boot, mount the CD/DVD as the root FS by label

     

       
43
       
 
       
    # so that we don't need to know its device.

     

       
44
       
-
       
    fileSystems = [ ];

     

       
45
       
 
       


     

       
46
       
 
       
    # boot.initrd.availableKernelModules = [ "mvsdio" "reiserfs" "ext3" "ext4" ];

     

       
47
       
 
       


     

···

       
41
       
 
       


     

       
42
       
 
       
    # In stage 1 of the boot, mount the CD/DVD as the root FS by label

     

       
43
       
 
       
    # so that we don't need to know its device.

     

       
44
       
+
       
    fileSystems = { };

     

       
45
       
 
       


     

       
46
       
 
       
    # boot.initrd.availableKernelModules = [ "mvsdio" "reiserfs" "ext3" "ext4" ];

     

       
47
       
 
       


     

···

       
6
       
 
       
  cfg = config.programs.dconf;

     

       
7
       
 
       


     

       
8
       
 
       
  mkDconfProfile = name: path:

     

       
9
       
-
       
    { source = path; target = "dconf/profile/${name}"; };

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
10
       
 
       


     

       
11
       
 
       
in

     

       
12
       
 
       
{

     
···

       
29
       
 
       
  ###### implementation

     

       
30
       
 
       


     

       
31
       
 
       
  config = mkIf (cfg.profiles != {} || cfg.enable) {

     

       
32
       
-
       
    environment.etc = optionals (cfg.profiles != {})

     

       
33
       
-
       
      (mapAttrsToList mkDconfProfile cfg.profiles);

     

       
34
       
 
       


     

       
35
       
 
       
    services.dbus.packages = [ pkgs.dconf ];

     

       
36
       
 
       


     

···

       
6
       
 
       
  cfg = config.programs.dconf;

     

       
7
       
 
       


     

       
8
       
 
       
  mkDconfProfile = name: path:

     

       
9
       
+
       
    {

     

       
10
       
+
       
      name = "dconf/profile/${name}";

     

       
11
       
+
       
      value.source = path; 

     

       
12
       
+
       
    };

     

       
13
       
 
       


     

       
14
       
 
       
in

     

       
15
       
 
       
{

     
···

       
32
       
 
       
  ###### implementation

     

       
33
       
 
       


     

       
34
       
 
       
  config = mkIf (cfg.profiles != {} || cfg.enable) {

     

       
35
       
+
       
    environment.etc = optionalAttrs (cfg.profiles != {})

     

       
36
       
+
       
      (mapAttrs' mkDconfProfile cfg.profiles);

     

       
37
       
 
       


     

       
38
       
 
       
    services.dbus.packages = [ pkgs.dconf ];

     

       
39
       
 
       


     

···

       
76
       
 
       
        config.users.defaultUserShell;

     

       
77
       
 
       


     

       
78
       
 
       
    environment.etc =

     

       
79
       
-
       
      [ { # /etc/login.defs: global configuration for pwdutils.  You

     

       
80
       
-
       
          # cannot login without it!

     

       
81
       
-
       
          source = pkgs.writeText "login.defs" loginDefs;

     

       
82
       
-
       
          target = "login.defs";

     

       
83
       
-
       
        }

     

       
84
       
 
       


     

       
85
       
-
       
        { # /etc/default/useradd: configuration for useradd.

     

       
86
       
-
       
          source = pkgs.writeText "useradd"

     

       
87
       
-
       
            ''

     

       
88
       
-
       
              GROUP=100

     

       
89
       
-
       
              HOME=/home

     

       
90
       
-
       
              SHELL=${utils.toShellPath config.users.defaultUserShell}

     

       
91
       
-
       
            '';

     

       
92
       
-
       
          target = "default/useradd";

     

       
93
       
-
       
        }

     

       
94
       
-
       
      ];

     

       
95
       
 
       


     

       
96
       
 
       
    security.pam.services =

     

       
97
       
 
       
      { chsh = { rootOK = true; };

     

···

       
76
       
 
       
        config.users.defaultUserShell;

     

       
77
       
 
       


     

       
78
       
 
       
    environment.etc =

     

       
79
       
+
       
      { # /etc/login.defs: global configuration for pwdutils.  You

     

       
80
       
+
       
        # cannot login without it!

     

       
81
       
+
       
        "login.defs".source = pkgs.writeText "login.defs" loginDefs;

     

       
0
       
 
       

     

       
0
       
 
       

     

       
82
       
 
       


     

       
83
       
+
       
        # /etc/default/useradd: configuration for useradd.

     

       
84
       
+
       
        "default/useradd".source = pkgs.writeText "useradd"

     

       
85
       
+
       
          ''

     

       
86
       
+
       
            GROUP=100

     

       
87
       
+
       
            HOME=/home

     

       
88
       
+
       
            SHELL=${utils.toShellPath config.users.defaultUserShell}

     

       
89
       
+
       
          '';

     

       
90
       
+
       
      };

     

       
0
       
 
       

     

       
0
       
 
       

     

       
91
       
 
       


     

       
92
       
 
       
    security.pam.services =

     

       
93
       
 
       
      { chsh = { rootOK = true; };

     

···

       
25
       
 
       
    accept_env_factor=${boolToStr cfg.acceptEnvFactor}

     

       
26
       
 
       
  '';

     

       
27
       
 
       


     

       
28
       
-
       
  loginCfgFile = optional cfg.ssh.enable

     

       
29
       
-
       
    { source = pkgs.writeText "login_duo.conf" configFileLogin;

     

       
30
       
-
       
      mode   = "0600";

     

       
31
       
-
       
      user   = "sshd";

     

       
32
       
-
       
      target = "duo/login_duo.conf";

     

       
33
       
-
       
    };

     

       
0
       
 
       

     

       
34
       
 
       


     

       
35
       
-
       
  pamCfgFile = optional cfg.pam.enable

     

       
36
       
-
       
    { source = pkgs.writeText "pam_duo.conf" configFilePam;

     

       
37
       
-
       
      mode   = "0600";

     

       
38
       
-
       
      user   = "sshd";

     

       
39
       
-
       
      target = "duo/pam_duo.conf";

     

       
40
       
-
       
    };

     

       
0
       
 
       

     

       
41
       
 
       
in

     

       
42
       
 
       
{

     

       
43
       
 
       
  options = {

     
···

       
186
       
 
       
     environment.systemPackages = [ pkgs.duo-unix ];

     

       
187
       
 
       


     

       
188
       
 
       
     security.wrappers.login_duo.source = "${pkgs.duo-unix.out}/bin/login_duo";

     

       
189
       
-
       
     environment.etc = loginCfgFile ++ pamCfgFile;

     

       
190
       
 
       


     

       
191
       
 
       
     /* If PAM *and* SSH are enabled, then don't do anything special.

     

       
192
       
 
       
     If PAM isn't used, set the default SSH-only options. */

     

···

       
25
       
 
       
    accept_env_factor=${boolToStr cfg.acceptEnvFactor}

     

       
26
       
 
       
  '';

     

       
27
       
 
       


     

       
28
       
+
       
  loginCfgFile = optionalAttrs cfg.ssh.enable {

     

       
29
       
+
       
    "duo/login_duo.conf" =

     

       
30
       
+
       
      { source = pkgs.writeText "login_duo.conf" configFileLogin;

     

       
31
       
+
       
        mode   = "0600";

     

       
32
       
+
       
        user   = "sshd";

     

       
33
       
+
       
      };

     

       
34
       
+
       
  };

     

       
35
       
 
       


     

       
36
       
+
       
  pamCfgFile = optional cfg.pam.enable {

     

       
37
       
+
       
    "duo/pam_duo.conf" =

     

       
38
       
+
       
      { source = pkgs.writeText "pam_duo.conf" configFilePam;

     

       
39
       
+
       
        mode   = "0600";

     

       
40
       
+
       
        user   = "sshd";

     

       
41
       
+
       
      };

     

       
42
       
+
       
  };

     

       
43
       
 
       
in

     

       
44
       
 
       
{

     

       
45
       
 
       
  options = {

     
···

       
188
       
 
       
     environment.systemPackages = [ pkgs.duo-unix ];

     

       
189
       
 
       


     

       
190
       
 
       
     security.wrappers.login_duo.source = "${pkgs.duo-unix.out}/bin/login_duo";

     

       
191
       
+
       
     environment.etc = loginCfgFile // pamCfgFile;

     

       
192
       
 
       


     

       
193
       
 
       
     /* If PAM *and* SSH are enabled, then don't do anything special.

     

       
194
       
 
       
     If PAM isn't used, set the default SSH-only options. */

     

···

       
475
       
 
       


     

       
476
       
 
       
  motd = pkgs.writeText "motd" config.users.motd;

     

       
477
       
 
       


     

       
478
       
-
       
  makePAMService = pamService:

     

       
479
       
-
       
    { source = pkgs.writeText "${pamService.name}.pam" pamService.text;

     

       
480
       
-
       
      target = "pam.d/${pamService.name}";

     

       
481
       
 
       
    };

     

       
482
       
 
       


     

       
483
       
 
       
in

     
···

       
760
       
 
       
      };

     

       
761
       
 
       
    };

     

       
762
       
 
       


     

       
763
       
-
       
    environment.etc =

     

       
764
       
-
       
      mapAttrsToList (n: v: makePAMService v) config.security.pam.services;

     

       
765
       
 
       


     

       
766
       
 
       
    security.pam.services =

     

       
767
       
 
       
      { other.text =

     

···

       
475
       
 
       


     

       
476
       
 
       
  motd = pkgs.writeText "motd" config.users.motd;

     

       
477
       
 
       


     

       
478
       
+
       
  makePAMService = name: service:

     

       
479
       
+
       
    { name = "pam.d/${name}";

     

       
480
       
+
       
      value.source = pkgs.writeText "${name}.pam" service.text;

     

       
481
       
 
       
    };

     

       
482
       
 
       


     

       
483
       
 
       
in

     
···

       
760
       
 
       
      };

     

       
761
       
 
       
    };

     

       
762
       
 
       


     

       
763
       
+
       
    environment.etc = mapAttrs' makePAMService config.security.pam.services;

     

       
0
       
 
       

     

       
764
       
 
       


     

       
765
       
 
       
    security.pam.services =

     

       
766
       
 
       
      { other.text =

     

···

       
36
       
 
       
  config = mkIf (cfg.enable || anyPamMount) {

     

       
37
       
 
       


     

       
38
       
 
       
    environment.systemPackages = [ pkgs.pam_mount ];

     

       
39
       
-
       
    environment.etc = [{

     

       
40
       
-
       
      target = "security/pam_mount.conf.xml";

     

       
41
       
 
       
      source =

     

       
42
       
 
       
        let

     

       
43
       
 
       
          extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users;

     
···

       
66
       
 
       
          ${concatStringsSep "\n" cfg.extraVolumes}

     

       
67
       
 
       
          </pam_mount>

     

       
68
       
 
       
          '';

     

       
69
       
-
       
    }];

     

       
70
       
 
       


     

       
71
       
 
       
  };

     

       
72
       
 
       
}

     

···

       
36
       
 
       
  config = mkIf (cfg.enable || anyPamMount) {

     

       
37
       
 
       


     

       
38
       
 
       
    environment.systemPackages = [ pkgs.pam_mount ];

     

       
39
       
+
       
    environment.etc."security/pam_mount.conf.xml" = {

     

       
0
       
 
       

     

       
40
       
 
       
      source =

     

       
41
       
 
       
        let

     

       
42
       
 
       
          extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users;

     
···

       
65
       
 
       
          ${concatStringsSep "\n" cfg.extraVolumes}

     

       
66
       
 
       
          </pam_mount>

     

       
67
       
 
       
          '';

     

       
68
       
+
       
    };

     

       
69
       
 
       


     

       
70
       
 
       
  };

     

       
71
       
 
       
}

     

···

       
34
       
 
       


     

       
35
       
 
       
    services.dbus.packages = [ pkgs.rtkit ];

     

       
36
       
 
       


     

       
37
       
-
       
    users.users = singleton

     

       
38
       
-
       
      { name = "rtkit";

     

       
39
       
-
       
        uid = config.ids.uids.rtkit;

     

       
40
       
 
       
        description = "RealtimeKit daemon";

     

       
41
       
 
       
      };

     

       
42
       
 
       


     

···

       
34
       
 
       


     

       
35
       
 
       
    services.dbus.packages = [ pkgs.rtkit ];

     

       
36
       
 
       


     

       
37
       
+
       
    users.users.rtkit =

     

       
38
       
+
       
      { uid = config.ids.uids.rtkit;

     

       
0
       
 
       

     

       
39
       
 
       
        description = "RealtimeKit daemon";

     

       
40
       
 
       
      };

     

       
41
       
 
       


     

···

       
212
       
 
       


     

       
213
       
 
       
    security.pam.services.sudo = { sshAgentAuth = true; };

     

       
214
       
 
       


     

       
215
       
-
       
    environment.etc = singleton

     

       
216
       
 
       
      { source =

     

       
217
       
 
       
          pkgs.runCommand "sudoers"

     

       
218
       
 
       
          {

     
···

       
222
       
 
       
          # Make sure that the sudoers file is syntactically valid.

     

       
223
       
 
       
          # (currently disabled - NIXOS-66)

     

       
224
       
 
       
          "${pkgs.buildPackages.sudo}/sbin/visudo -f $src -c && cp $src $out";

     

       
225
       
-
       
        target = "sudoers";

     

       
226
       
 
       
        mode = "0440";

     

       
227
       
 
       
      };

     

       
228
       
 
       


     

···

       
212
       
 
       


     

       
213
       
 
       
    security.pam.services.sudo = { sshAgentAuth = true; };

     

       
214
       
 
       


     

       
215
       
+
       
    environment.etc.sudoers =

     

       
216
       
 
       
      { source =

     

       
217
       
 
       
          pkgs.runCommand "sudoers"

     

       
218
       
 
       
          {

     
···

       
222
       
 
       
          # Make sure that the sudoers file is syntactically valid.

     

       
223
       
 
       
          # (currently disabled - NIXOS-66)

     

       
224
       
 
       
          "${pkgs.buildPackages.sudo}/sbin/visudo -f $src -c && cp $src $out";

     

       
0
       
 
       

     

       
225
       
 
       
        mode = "0440";

     

       
226
       
 
       
      };

     

       
227
       
 
       


     

···

       
184
       
 
       
      };

     

       
185
       
 
       
    };

     

       
186
       
 
       


     

       
187
       
-
       
    users.users = optionalAttrs (cfg.user == name) (singleton {

     

       
188
       
-
       
      inherit uid;

     

       
189
       
-
       
      inherit name;

     

       
190
       
-
       
      group = cfg.group;

     

       
191
       
-
       
      extraGroups = [ "audio" ];

     

       
192
       
-
       
      description = "Music Player Daemon user";

     

       
193
       
-
       
      home = "${cfg.dataDir}";

     

       
194
       
-
       
    });

     

       
0
       
 
       

     

       
195
       
 
       


     

       
196
       
-
       
    users.groups = optionalAttrs (cfg.group == name) (singleton {

     

       
197
       
-
       
      inherit name;

     

       
198
       
-
       
      gid = gid;

     

       
199
       
-
       
    });

     

       
200
       
 
       
  };

     

       
201
       
 
       


     

       
202
       
 
       
}

     

···

       
184
       
 
       
      };

     

       
185
       
 
       
    };

     

       
186
       
 
       


     

       
187
       
+
       
    users.users = optionalAttrs (cfg.user == name) {

     

       
188
       
+
       
      ${name} = {

     

       
189
       
+
       
        inherit uid;

     

       
190
       
+
       
        group = cfg.group;

     

       
191
       
+
       
        extraGroups = [ "audio" ];

     

       
192
       
+
       
        description = "Music Player Daemon user";

     

       
193
       
+
       
        home = "${cfg.dataDir}";

     

       
194
       
+
       
      };

     

       
195
       
+
       
    };

     

       
196
       
 
       


     

       
197
       
+
       
    users.groups = optionalAttrs (cfg.group == name) {

     

       
198
       
+
       
      ${name}.gid = gid;

     

       
199
       
+
       
    };

     

       
0
       
 
       

     

       
200
       
 
       
  };

     

       
201
       
 
       


     

       
202
       
 
       
}

     

···

       
84
       
 
       
  };

     

       
85
       
 
       


     

       
86
       
 
       
  config = mkIf cfg.enable {

     

       
87
       
-
       
    users.users = optionalAttrs (cfg.user == defaultUser) (singleton

     

       
88
       
-
       
      { name = defaultUser;

     

       
89
       
 
       
        isSystemUser = true;

     

       
90
       
 
       
        createHome = false;

     

       
91
       
 
       
        home = cfg.location;

     

       
92
       
 
       
        group = "nogroup";

     

       
93
       
-
       
      });

     

       
0
       
 
       

     

       
94
       
 
       


     

       
95
       
 
       
    services.mysql.ensureUsers = [{

     

       
96
       
 
       
      name = cfg.user;

     

···

       
84
       
 
       
  };

     

       
85
       
 
       


     

       
86
       
 
       
  config = mkIf cfg.enable {

     

       
87
       
+
       
    users.users = optionalAttrs (cfg.user == defaultUser) {

     

       
88
       
+
       
      ${defaultUser} = {

     

       
89
       
 
       
        isSystemUser = true;

     

       
90
       
 
       
        createHome = false;

     

       
91
       
 
       
        home = cfg.location;

     

       
92
       
 
       
        group = "nogroup";

     

       
93
       
+
       
      };

     

       
94
       
+
       
    };

     

       
95
       
 
       


     

       
96
       
 
       
    services.mysql.ensureUsers = [{

     

       
97
       
 
       
      name = cfg.user;

     

···

       
266
       
 
       
        "d /var/lib/kubernetes 0755 kubernetes kubernetes -"

     

       
267
       
 
       
      ];

     

       
268
       
 
       


     

       
269
       
-
       
      users.users = singleton {

     

       
270
       
-
       
        name = "kubernetes";

     

       
271
       
 
       
        uid = config.ids.uids.kubernetes;

     

       
272
       
 
       
        description = "Kubernetes user";

     

       
273
       
 
       
        extraGroups = [ "docker" ];

     

···

       
266
       
 
       
        "d /var/lib/kubernetes 0755 kubernetes kubernetes -"

     

       
267
       
 
       
      ];

     

       
268
       
 
       


     

       
269
       
+
       
      users.users.kubernetes = {

     

       
0
       
 
       

     

       
270
       
 
       
        uid = config.ids.uids.kubernetes;

     

       
271
       
 
       
        description = "Kubernetes user";

     

       
272
       
 
       
        extraGroups = [ "docker" ];

     

···

       
223
       
 
       


     

       
224
       
 
       
  config = mkIf cfg.enable {

     

       
225
       
 
       
    users.groups = optional (cfg.group == "buildbot") {

     

       
226
       
-
       
      name = "buildbot";

     

       
227
       
 
       
    };

     

       
228
       
 
       


     

       
229
       
-
       
    users.users = optional (cfg.user == "buildbot") {

     

       
230
       
-
       
      name = "buildbot";

     

       
231
       
-
       
      description = "Buildbot User.";

     

       
232
       
-
       
      isNormalUser = true;

     

       
233
       
-
       
      createHome = true;

     

       
234
       
-
       
      home = cfg.home;

     

       
235
       
-
       
      group = cfg.group;

     

       
236
       
-
       
      extraGroups = cfg.extraGroups;

     

       
237
       
-
       
      useDefaultShell = true;

     

       
0
       
 
       

     

       
238
       
 
       
    };

     

       
239
       
 
       


     

       
240
       
 
       
    systemd.services.buildbot-master = {

     

···

       
223
       
 
       


     

       
224
       
 
       
  config = mkIf cfg.enable {

     

       
225
       
 
       
    users.groups = optional (cfg.group == "buildbot") {

     

       
226
       
+
       
      buildbot = { };

     

       
227
       
 
       
    };

     

       
228
       
 
       


     

       
229
       
+
       
    users.users = optionalAttrs (cfg.user == "buildbot") {

     

       
230
       
+
       
      buildbot = {

     

       
231
       
+
       
        description = "Buildbot User.";

     

       
232
       
+
       
        isNormalUser = true;

     

       
233
       
+
       
        createHome = true;

     

       
234
       
+
       
        home = cfg.home;

     

       
235
       
+
       
        group = cfg.group;

     

       
236
       
+
       
        extraGroups = cfg.extraGroups;

     

       
237
       
+
       
        useDefaultShell = true;

     

       
238
       
+
       
      };

     

       
239
       
 
       
    };

     

       
240
       
 
       


     

       
241
       
 
       
    systemd.services.buildbot-master = {

     

···

       
137
       
 
       
    services.buildbot-worker.workerPassFile = mkDefault (pkgs.writeText "buildbot-worker-password" cfg.workerPass);

     

       
138
       
 
       


     

       
139
       
 
       
    users.groups = optional (cfg.group == "bbworker") {

     

       
140
       
-
       
      name = "bbworker";

     

       
141
       
 
       
    };

     

       
142
       
 
       


     

       
143
       
-
       
    users.users = optional (cfg.user == "bbworker") {

     

       
144
       
-
       
      name = "bbworker";

     

       
145
       
-
       
      description = "Buildbot Worker User.";

     

       
146
       
-
       
      isNormalUser = true;

     

       
147
       
-
       
      createHome = true;

     

       
148
       
-
       
      home = cfg.home;

     

       
149
       
-
       
      group = cfg.group;

     

       
150
       
-
       
      extraGroups = cfg.extraGroups;

     

       
151
       
-
       
      useDefaultShell = true;

     

       
0
       
 
       

     

       
152
       
 
       
    };

     

       
153
       
 
       


     

       
154
       
 
       
    systemd.services.buildbot-worker = {

     

···

       
137
       
 
       
    services.buildbot-worker.workerPassFile = mkDefault (pkgs.writeText "buildbot-worker-password" cfg.workerPass);

     

       
138
       
 
       


     

       
139
       
 
       
    users.groups = optional (cfg.group == "bbworker") {

     

       
140
       
+
       
      bbworker = { };

     

       
141
       
 
       
    };

     

       
142
       
 
       


     

       
143
       
+
       
    users.users = optionalAttrs (cfg.user == "bbworker") {

     

       
144
       
+
       
      bbworker = {

     

       
145
       
+
       
        description = "Buildbot Worker User.";

     

       
146
       
+
       
        isNormalUser = true;

     

       
147
       
+
       
        createHome = true;

     

       
148
       
+
       
        home = cfg.home;

     

       
149
       
+
       
        group = cfg.group;

     

       
150
       
+
       
        extraGroups = cfg.extraGroups;

     

       
151
       
+
       
        useDefaultShell = true;

     

       
152
       
+
       
      };

     

       
153
       
 
       
    };

     

       
154
       
 
       


     

       
155
       
 
       
    systemd.services.buildbot-worker = {

     

···

       
135
       
 
       
  };

     

       
136
       
 
       


     

       
137
       
 
       
  config = mkIf cfg.enable {

     

       
138
       
-
       
    users.groups = optional (cfg.group == "gocd-agent") {

     

       
139
       
-
       
      name = "gocd-agent";

     

       
140
       
-
       
      gid = config.ids.gids.gocd-agent;

     

       
141
       
 
       
    };

     

       
142
       
 
       


     

       
143
       
-
       
    users.users = optional (cfg.user == "gocd-agent") {

     

       
144
       
-
       
      name = "gocd-agent";

     

       
145
       
-
       
      description = "gocd-agent user";

     

       
146
       
-
       
      createHome = true;

     

       
147
       
-
       
      home = cfg.workDir;

     

       
148
       
-
       
      group = cfg.group;

     

       
149
       
-
       
      extraGroups = cfg.extraGroups;

     

       
150
       
-
       
      useDefaultShell = true;

     

       
151
       
-
       
      uid = config.ids.uids.gocd-agent;

     

       
0
       
 
       

     

       
152
       
 
       
    };

     

       
153
       
 
       


     

       
154
       
 
       
    systemd.services.gocd-agent = {

     

···

       
135
       
 
       
  };

     

       
136
       
 
       


     

       
137
       
 
       
  config = mkIf cfg.enable {

     

       
138
       
+
       
    users.groups = optionalAttrs (cfg.group == "gocd-agent") {

     

       
139
       
+
       
      gocd-agent.gid = config.ids.gids.gocd-agent;

     

       
0
       
 
       

     

       
140
       
 
       
    };

     

       
141
       
 
       


     

       
142
       
+
       
    users.users = optionalAttrs (cfg.user == "gocd-agent") {

     

       
143
       
+
       
      gocd-agent = {

     

       
144
       
+
       
        description = "gocd-agent user";

     

       
145
       
+
       
        createHome = true;

     

       
146
       
+
       
        home = cfg.workDir;

     

       
147
       
+
       
        group = cfg.group;

     

       
148
       
+
       
        extraGroups = cfg.extraGroups;

     

       
149
       
+
       
        useDefaultShell = true;

     

       
150
       
+
       
        uid = config.ids.uids.gocd-agent;

     

       
151
       
+
       
      };

     

       
152
       
 
       
    };

     

       
153
       
 
       


     

       
154
       
 
       
    systemd.services.gocd-agent = {

     

···

       
143
       
 
       
  };

     

       
144
       
 
       


     

       
145
       
 
       
  config = mkIf cfg.enable {

     

       
146
       
-
       
    users.groups = optional (cfg.group == "gocd-server") {

     

       
147
       
-
       
      name = "gocd-server";

     

       
148
       
-
       
      gid = config.ids.gids.gocd-server;

     

       
149
       
 
       
    };

     

       
150
       
 
       


     

       
151
       
-
       
    users.users = optional (cfg.user == "gocd-server") {

     

       
152
       
-
       
      name = "gocd-server";

     

       
153
       
-
       
      description = "gocd-server user";

     

       
154
       
-
       
      createHome = true;

     

       
155
       
-
       
      home = cfg.workDir;

     

       
156
       
-
       
      group = cfg.group;

     

       
157
       
-
       
      extraGroups = cfg.extraGroups;

     

       
158
       
-
       
      useDefaultShell = true;

     

       
159
       
-
       
      uid = config.ids.uids.gocd-server;

     

       
0
       
 
       

     

       
160
       
 
       
    };

     

       
161
       
 
       


     

       
162
       
 
       
    systemd.services.gocd-server = {

     

···

       
143
       
 
       
  };

     

       
144
       
 
       


     

       
145
       
 
       
  config = mkIf cfg.enable {

     

       
146
       
+
       
    users.groups = optionalAttrs (cfg.group == "gocd-server") {

     

       
147
       
+
       
      gocd-server.gid = config.ids.gids.gocd-server;

     

       
0
       
 
       

     

       
148
       
 
       
    };

     

       
149
       
 
       


     

       
150
       
+
       
    users.users = optionalAttrs (cfg.user == "gocd-server") {

     

       
151
       
+
       
      gocd-server = {

     

       
152
       
+
       
        description = "gocd-server user";

     

       
153
       
+
       
        createHome = true;

     

       
154
       
+
       
        home = cfg.workDir;

     

       
155
       
+
       
        group = cfg.group;

     

       
156
       
+
       
        extraGroups = cfg.extraGroups;

     

       
157
       
+
       
        useDefaultShell = true;

     

       
158
       
+
       
        uid = config.ids.uids.gocd-server;

     

       
159
       
+
       
      };

     

       
160
       
 
       
    };

     

       
161
       
 
       


     

       
162
       
 
       
    systemd.services.gocd-server = {

     

···

       
150
       
 
       
      pkgs.dejavu_fonts

     

       
151
       
 
       
    ];

     

       
152
       
 
       


     

       
153
       
-
       
    users.groups = optional (cfg.group == "jenkins") {

     

       
154
       
-
       
      name = "jenkins";

     

       
155
       
-
       
      gid = config.ids.gids.jenkins;

     

       
156
       
 
       
    };

     

       
157
       
 
       


     

       
158
       
-
       
    users.users = optional (cfg.user == "jenkins") {

     

       
159
       
-
       
      name = "jenkins";

     

       
160
       
-
       
      description = "jenkins user";

     

       
161
       
-
       
      createHome = true;

     

       
162
       
-
       
      home = cfg.home;

     

       
163
       
-
       
      group = cfg.group;

     

       
164
       
-
       
      extraGroups = cfg.extraGroups;

     

       
165
       
-
       
      useDefaultShell = true;

     

       
166
       
-
       
      uid = config.ids.uids.jenkins;

     

       
0
       
 
       

     

       
167
       
 
       
    };

     

       
168
       
 
       


     

       
169
       
 
       
    systemd.services.jenkins = {

     

···

       
150
       
 
       
      pkgs.dejavu_fonts

     

       
151
       
 
       
    ];

     

       
152
       
 
       


     

       
153
       
+
       
    users.groups = optionalAttrs (cfg.group == "jenkins") {

     

       
154
       
+
       
      jenkins.gid = config.ids.gids.jenkins;

     

       
0
       
 
       

     

       
155
       
 
       
    };

     

       
156
       
 
       


     

       
157
       
+
       
    users.users = optionalAttrs (cfg.user == "jenkins") {

     

       
158
       
+
       
      jenkins = {

     

       
159
       
+
       
        description = "jenkins user";

     

       
160
       
+
       
        createHome = true;

     

       
161
       
+
       
        home = cfg.home;

     

       
162
       
+
       
        group = cfg.group;

     

       
163
       
+
       
        extraGroups = cfg.extraGroups;

     

       
164
       
+
       
        useDefaultShell = true;

     

       
165
       
+
       
        uid = config.ids.uids.jenkins;

     

       
166
       
+
       
      };

     

       
167
       
 
       
    };

     

       
168
       
 
       


     

       
169
       
 
       
    systemd.services.jenkins = {

     

···

       
51
       
 
       


     

       
52
       
 
       
  config = mkIf (cfg.enable && !masterCfg.enable) {

     

       
53
       
 
       
    users.groups = optional (cfg.group == "jenkins") {

     

       
54
       
-
       
      name = "jenkins";

     

       
55
       
-
       
      gid = config.ids.gids.jenkins;

     

       
56
       
 
       
    };

     

       
57
       
 
       


     

       
58
       
-
       
    users.users = optional (cfg.user == "jenkins") {

     

       
59
       
-
       
      name = "jenkins";

     

       
60
       
-
       
      description = "jenkins user";

     

       
61
       
-
       
      createHome = true;

     

       
62
       
-
       
      home = cfg.home;

     

       
63
       
-
       
      group = cfg.group;

     

       
64
       
-
       
      useDefaultShell = true;

     

       
65
       
-
       
      uid = config.ids.uids.jenkins;

     

       
0
       
 
       

     

       
66
       
 
       
    };

     

       
67
       
 
       
  };

     

       
68
       
 
       
}

     

···

       
51
       
 
       


     

       
52
       
 
       
  config = mkIf (cfg.enable && !masterCfg.enable) {

     

       
53
       
 
       
    users.groups = optional (cfg.group == "jenkins") {

     

       
54
       
+
       
      jenkins.gid = config.ids.gids.jenkins;

     

       
0
       
 
       

     

       
55
       
 
       
    };

     

       
56
       
 
       


     

       
57
       
+
       
    users.users = optionalAttrs (cfg.user == "jenkins") {

     

       
58
       
+
       
      jenkins = {

     

       
59
       
+
       
        description = "jenkins user";

     

       
60
       
+
       
        createHome = true;

     

       
61
       
+
       
        home = cfg.home;

     

       
62
       
+
       
        group = cfg.group;

     

       
63
       
+
       
        useDefaultShell = true;

     

       
64
       
+
       
        uid = config.ids.uids.jenkins;

     

       
65
       
+
       
      };

     

       
66
       
 
       
    };

     

       
67
       
 
       
  };

     

       
68
       
 
       
}

     

···

       
171
       
 
       


     

       
172
       
 
       
    environment.systemPackages = [ crdb ];

     

       
173
       
 
       


     

       
174
       
-
       
    users.users = optionalAttrs (cfg.user == "cockroachdb") (singleton

     

       
175
       
-
       
      { name        = "cockroachdb";

     

       
176
       
 
       
        description = "CockroachDB Server User";

     

       
177
       
 
       
        uid         = config.ids.uids.cockroachdb;

     

       
178
       
 
       
        group       = cfg.group;

     

       
179
       
-
       
      });

     

       
0
       
 
       

     

       
180
       
 
       


     

       
181
       
-
       
    users.groups = optionalAttrs (cfg.group == "cockroachdb") (singleton

     

       
182
       
-
       
      { name = "cockroachdb";

     

       
183
       
-
       
        gid  = config.ids.gids.cockroachdb;

     

       
184
       
-
       
      });

     

       
185
       
 
       


     

       
186
       
 
       
    networking.firewall.allowedTCPPorts = lib.optionals cfg.openPorts

     

       
187
       
 
       
      [ cfg.http.port cfg.listen.port ];

     

···

       
171
       
 
       


     

       
172
       
 
       
    environment.systemPackages = [ crdb ];

     

       
173
       
 
       


     

       
174
       
+
       
    users.users = optionalAttrs (cfg.user == "cockroachdb") {

     

       
175
       
+
       
      cockroachdb = {

     

       
176
       
 
       
        description = "CockroachDB Server User";

     

       
177
       
 
       
        uid         = config.ids.uids.cockroachdb;

     

       
178
       
 
       
        group       = cfg.group;

     

       
179
       
+
       
      };

     

       
180
       
+
       
    };

     

       
181
       
 
       


     

       
182
       
+
       
    users.groups = optionalAttrs (cfg.group == "cockroachdb") {

     

       
183
       
+
       
      cockroachdb.gid = config.ids.gids.cockroachdb;

     

       
184
       
+
       
    };

     

       
0
       
 
       

     

       
185
       
 
       


     

       
186
       
 
       
    networking.firewall.allowedTCPPorts = lib.optionals cfg.openPorts

     

       
187
       
 
       
      [ cfg.http.port cfg.listen.port ];

     

···

       
341
       
 
       


     

       
342
       
 
       
    environment.systemPackages = [ pkg ];

     

       
343
       
 
       


     

       
344
       
-
       
    users.users = optionalAttrs (cfg.user == "foundationdb") (singleton

     

       
345
       
-
       
      { name        = "foundationdb";

     

       
346
       
 
       
        description = "FoundationDB User";

     

       
347
       
 
       
        uid         = config.ids.uids.foundationdb;

     

       
348
       
 
       
        group       = cfg.group;

     

       
349
       
-
       
      });

     

       
0
       
 
       

     

       
350
       
 
       


     

       
351
       
-
       
    users.groups = optionalAttrs (cfg.group == "foundationdb") (singleton

     

       
352
       
-
       
      { name = "foundationdb";

     

       
353
       
-
       
        gid  = config.ids.gids.foundationdb;

     

       
354
       
-
       
      });

     

       
355
       
 
       


     

       
356
       
 
       
    networking.firewall.allowedTCPPortRanges = mkIf cfg.openFirewall

     

       
357
       
 
       
      [ { from = cfg.listenPortStart;

     

···

       
341
       
 
       


     

       
342
       
 
       
    environment.systemPackages = [ pkg ];

     

       
343
       
 
       


     

       
344
       
+
       
    users.users = optionalAttrs (cfg.user == "foundationdb") {

     

       
345
       
+
       
      foundationdb = {

     

       
346
       
 
       
        description = "FoundationDB User";

     

       
347
       
 
       
        uid         = config.ids.uids.foundationdb;

     

       
348
       
 
       
        group       = cfg.group;

     

       
349
       
+
       
      };

     

       
350
       
+
       
    };

     

       
351
       
 
       


     

       
352
       
+
       
    users.groups = optionalAttrs (cfg.group == "foundationdb") {

     

       
353
       
+
       
      foundationdb.gid = config.ids.gids.foundationdb;

     

       
354
       
+
       
    };

     

       
0
       
 
       

     

       
355
       
 
       


     

       
356
       
 
       
    networking.firewall.allowedTCPPortRanges = mkIf cfg.openFirewall

     

       
357
       
 
       
      [ { from = cfg.listenPortStart;

     

···

       
182
       
 
       
        '';

     

       
183
       
 
       
    };

     

       
184
       
 
       


     

       
185
       
-
       
    users.users = optional (cfg.user == "influxdb") {

     

       
186
       
-
       
      name = "influxdb";

     

       
187
       
-
       
      uid = config.ids.uids.influxdb;

     

       
188
       
-
       
      description = "Influxdb daemon user";

     

       
0
       
 
       

     

       
189
       
 
       
    };

     

       
190
       
 
       


     

       
191
       
-
       
    users.groups = optional (cfg.group == "influxdb") {

     

       
192
       
-
       
      name = "influxdb";

     

       
193
       
-
       
      gid = config.ids.gids.influxdb;

     

       
194
       
 
       
    };

     

       
195
       
 
       
  };

     

       
196
       
 
       


     

···

       
182
       
 
       
        '';

     

       
183
       
 
       
    };

     

       
184
       
 
       


     

       
185
       
+
       
    users.users = optionalAttrs (cfg.user == "influxdb") {

     

       
186
       
+
       
      influxdb = {

     

       
187
       
+
       
        uid = config.ids.uids.influxdb;

     

       
188
       
+
       
        description = "Influxdb daemon user";

     

       
189
       
+
       
      };

     

       
190
       
 
       
    };

     

       
191
       
 
       


     

       
192
       
+
       
    users.groups = optionalAttrs (cfg.group == "influxdb") {

     

       
193
       
+
       
      influxdb.gid = config.ids.gids.influxdb;

     

       
0
       
 
       

     

       
194
       
 
       
    };

     

       
195
       
 
       
  };

     

       
196
       
 
       


     

···

       
64
       
 
       


     

       
65
       
 
       
  config = mkIf config.services.memcached.enable {

     

       
66
       
 
       


     

       
67
       
-
       
    users.users = optional (cfg.user == "memcached") {

     

       
68
       
-
       
      name = "memcached";

     

       
69
       
-
       
      description = "Memcached server user";

     

       
70
       
-
       
      isSystemUser = true;

     

       
71
       
 
       
    };

     

       
72
       
 
       


     

       
73
       
 
       
    environment.systemPackages = [ memcached ];

     

···

       
64
       
 
       


     

       
65
       
 
       
  config = mkIf config.services.memcached.enable {

     

       
66
       
 
       


     

       
67
       
+
       
    users.users = optionalAttrs (cfg.user == "memcached") {

     

       
68
       
+
       
      memcached.description = "Memcached server user";

     

       
69
       
+
       
      memcached.isSystemUser = true;

     

       
0
       
 
       

     

       
70
       
 
       
    };

     

       
71
       
 
       


     

       
72
       
 
       
    environment.systemPackages = [ memcached ];

     

···

       
650
       
 
       


     

       
651
       
 
       
      environment.systemPackages = [ cfg.package ];

     

       
652
       
 
       


     

       
653
       
-
       
      users.users = singleton {

     

       
654
       
-
       
        name = "neo4j";

     

       
655
       
 
       
        uid = config.ids.uids.neo4j;

     

       
656
       
 
       
        description = "Neo4j daemon user";

     

       
657
       
 
       
        home = cfg.directories.home;

     

···

       
650
       
 
       


     

       
651
       
 
       
      environment.systemPackages = [ cfg.package ];

     

       
652
       
 
       


     

       
653
       
+
       
      users.users.neo4j = {

     

       
0
       
 
       

     

       
654
       
 
       
        uid = config.ids.uids.neo4j;

     

       
655
       
 
       
        description = "Neo4j daemon user";

     

       
656
       
 
       
        home = cfg.directories.home;

     

···

       
54
       
 
       


     

       
55
       
 
       
  config = mkIf cfg.enable {

     

       
56
       
 
       


     

       
57
       
-
       
    users.users = singleton

     

       
58
       
-
       
      { name = virtuosoUser;

     

       
59
       
-
       
        uid = config.ids.uids.virtuoso;

     

       
60
       
 
       
        description = "virtuoso user";

     

       
61
       
 
       
        home = stateDir;

     

       
62
       
 
       
      };

     

···

       
54
       
 
       


     

       
55
       
 
       
  config = mkIf cfg.enable {

     

       
56
       
 
       


     

       
57
       
+
       
    users.users.${virtuosoUser} =

     

       
58
       
+
       
      { uid = config.ids.uids.virtuoso;

     

       
0
       
 
       

     

       
59
       
 
       
        description = "virtuoso user";

     

       
60
       
 
       
        home = stateDir;

     

       
61
       
 
       
      };

     

···

       
111
       
 
       
  };

     

       
112
       
 
       


     

       
113
       
 
       
  config = mkIf (cfg.enable) {

     

       
114
       
-
       
    users.users = optional (cfg.user == "infinoted")

     

       
115
       
-
       
      { name = "infinoted";

     

       
116
       
-
       
        description = "Infinoted user";

     

       
117
       
-
       
        group = cfg.group;

     

       
118
       
-
       
        isSystemUser = true;

     

       
0
       
 
       

     

       
119
       
 
       
      };

     

       
120
       
-
       
    users.groups = optional (cfg.group == "infinoted")

     

       
121
       
-
       
      { name = "infinoted";

     

       
122
       
 
       
      };

     

       
123
       
 
       


     

       
124
       
 
       
    systemd.services.infinoted =

     

···

       
111
       
 
       
  };

     

       
112
       
 
       


     

       
113
       
 
       
  config = mkIf (cfg.enable) {

     

       
114
       
+
       
    users.users = optionalAttrs (cfg.user == "infinoted")

     

       
115
       
+
       
      { infinoted = {

     

       
116
       
+
       
          description = "Infinoted user";

     

       
117
       
+
       
          group = cfg.group;

     

       
118
       
+
       
          isSystemUser = true;

     

       
119
       
+
       
        };

     

       
120
       
 
       
      };

     

       
121
       
+
       
    users.groups = optionalAttrs (cfg.group == "infinoted")

     

       
122
       
+
       
      { infinoted = { };

     

       
123
       
 
       
      };

     

       
124
       
 
       


     

       
125
       
 
       
    systemd.services.infinoted =

     

···

       
74
       
 
       


     

       
75
       
 
       
    environment.systemPackages = [ bluez-bluetooth ];

     

       
76
       
 
       


     

       
77
       
-
       
    environment.etc = singleton {

     

       
78
       
-
       
      source = pkgs.writeText "main.conf" (generators.toINI { } cfg.config + optionalString (cfg.extraConfig != null) cfg.extraConfig);

     

       
79
       
-
       
      target = "bluetooth/main.conf";

     

       
80
       
 
       
    };

     

       
81
       
 
       


     

       
82
       
 
       
    services.udev.packages = [ bluez-bluetooth ];

     

···

       
74
       
 
       


     

       
75
       
 
       
    environment.systemPackages = [ bluez-bluetooth ];

     

       
76
       
 
       


     

       
77
       
+
       
    environment.etc."bluetooth/main.conf"= {

     

       
78
       
+
       
      source = pkgs.writeText "main.conf"

     

       
79
       
+
       
        (generators.toINI { } cfg.config + optionalString (cfg.extraConfig != null) cfg.extraConfig);

     

       
80
       
 
       
    };

     

       
81
       
 
       


     

       
82
       
 
       
    services.udev.packages = [ bluez-bluetooth ];

     

···

       
67
       
 
       
{

     

       
68
       
 
       
  options = {

     

       
69
       
 
       


     

       
70
       
-
       
    hardware.sane.brscan4.enable = 

     

       
71
       
 
       
      mkEnableOption "Brother's brscan4 scan backend" // {

     

       
72
       
 
       
      description = ''

     

       
73
       
 
       
        When enabled, will automatically register the "brscan4" sane

     

       
74
       
-
       
        backend and bring configuration files to their expected location. 

     

       
75
       
 
       
      '';

     

       
76
       
 
       
    };

     

       
77
       
 
       


     
···

       
95
       
 
       
      pkgs.brscan4

     

       
96
       
 
       
    ];

     

       
97
       
 
       


     

       
98
       
-
       
    environment.etc = singleton {

     

       
99
       
-
       
      target = "opt/brother/scanner/brscan4";

     

       
100
       
-
       
      source = "${etcFiles}/etc/opt/brother/scanner/brscan4";

     

       
101
       
-
       
    };

     

       
102
       
 
       


     

       
103
       
 
       
    assertions = [

     

       
104
       
 
       
      { assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList;

     

       
105
       
-
       
          

     

       
106
       
 
       
        message = ''

     

       
107
       
 
       
          When describing a network device as part of the attribute list

     

       
108
       
 
       
          `hardware.sane.brscan4.netDevices`, only one of its `ip` or `nodename`

     

···

       
67
       
 
       
{

     

       
68
       
 
       
  options = {

     

       
69
       
 
       


     

       
70
       
+
       
    hardware.sane.brscan4.enable =

     

       
71
       
 
       
      mkEnableOption "Brother's brscan4 scan backend" // {

     

       
72
       
 
       
      description = ''

     

       
73
       
 
       
        When enabled, will automatically register the "brscan4" sane

     

       
74
       
+
       
        backend and bring configuration files to their expected location.

     

       
75
       
 
       
      '';

     

       
76
       
 
       
    };

     

       
77
       
 
       


     
···

       
95
       
 
       
      pkgs.brscan4

     

       
96
       
 
       
    ];

     

       
97
       
 
       


     

       
98
       
+
       
    environment.etc."opt/brother/scanner/brscan4" =

     

       
99
       
+
       
      { source = "${etcFiles}/etc/opt/brother/scanner/brscan4"; };

     

       
0
       
 
       

     

       
0
       
 
       

     

       
100
       
 
       


     

       
101
       
 
       
    assertions = [

     

       
102
       
 
       
      { assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList;

     

       
0
       
 
       

     

       
103
       
 
       
        message = ''

     

       
104
       
 
       
          When describing a network device as part of the attribute list

     

       
105
       
 
       
          `hardware.sane.brscan4.netDevices`, only one of its `ip` or `nodename`

     

···

       
137
       
 
       
      serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";

     

       
138
       
 
       
    };

     

       
139
       
 
       


     

       
140
       
-
       
    users.users = optionalAttrs (cfg.user == "tss") (singleton

     

       
141
       
-
       
      { name = "tss";

     

       
142
       
 
       
        group = "tss";

     

       
143
       
 
       
        uid = config.ids.uids.tss;

     

       
144
       
-
       
      });

     

       
0
       
 
       

     

       
145
       
 
       


     

       
146
       
-
       
    users.groups = optionalAttrs (cfg.group == "tss") (singleton

     

       
147
       
-
       
      { name = "tss";

     

       
148
       
-
       
        gid = config.ids.gids.tss;

     

       
149
       
-
       
      });

     

       
150
       
 
       
  };

     

       
151
       
 
       
}

     

···

       
137
       
 
       
      serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";

     

       
138
       
 
       
    };

     

       
139
       
 
       


     

       
140
       
+
       
    users.users = optionalAttrs (cfg.user == "tss") {

     

       
141
       
+
       
      tss = {

     

       
142
       
 
       
        group = "tss";

     

       
143
       
 
       
        uid = config.ids.uids.tss;

     

       
144
       
+
       
      };

     

       
145
       
+
       
    };

     

       
146
       
 
       


     

       
147
       
+
       
    users.groups = optionalAttrs (cfg.group == "tss") {

     

       
148
       
+
       
      tss.gid = config.ids.gids.tss;

     

       
149
       
+
       
    };

     

       
0
       
 
       

     

       
150
       
 
       
  };

     

       
151
       
 
       
}

     

···

       
103
       
 
       


     

       
104
       
 
       
    services.udev.packages = [ tlp ];

     

       
105
       
 
       


     

       
106
       
-
       
    environment.etc = [{ source = confFile;

     

       
107
       
-
       
                         target = "default/tlp";

     

       
108
       
-
       
                       }

     

       
109
       
-
       
                      ] ++ optional enableRDW {

     

       
110
       
-
       
                        source = "${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm";

     

       
111
       
-
       
                        target = "NetworkManager/dispatcher.d/99tlp-rdw-nm";

     

       
112
       
-
       
                      };

     

       
0
       
 
       

     

       
113
       
 
       


     

       
114
       
 
       
    environment.systemPackages = [ tlp ];

     

       
115
       
 
       


     

···

       
103
       
 
       


     

       
104
       
 
       
    services.udev.packages = [ tlp ];

     

       
105
       
 
       


     

       
106
       
+
       
    environment.etc =

     

       
107
       
+
       
      {

     

       
108
       
+
       
        "default/tlp".source = confFile;

     

       
109
       
+
       
      } // optionalAttrs enableRDW {

     

       
110
       
+
       
        "NetworkManager/dispatcher.d/99tlp-rdw-nm" = {

     

       
111
       
+
       
          source = "${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm";

     

       
112
       
+
       
        };

     

       
113
       
+
       
      };

     

       
114
       
 
       


     

       
115
       
 
       
    environment.systemPackages = [ tlp ];

     

       
116
       
 
       


     

···

       
281
       
 
       
    boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];

     

       
282
       
 
       


     

       
283
       
 
       
    environment.etc =

     

       
284
       
-
       
      [ { source = udevRules;

     

       
285
       
-
       
          target = "udev/rules.d";

     

       
286
       
-
       
        }

     

       
287
       
-
       
        { source = hwdbBin;

     

       
288
       
-
       
          target = "udev/hwdb.bin";

     

       
289
       
-
       
        }

     

       
290
       
-
       
      ];

     

       
291
       
 
       


     

       
292
       
 
       
    system.requiredKernelConfig = with config.lib.kernelConfig; [

     

       
293
       
 
       
      (isEnabled "UNIX")

     

···

       
281
       
 
       
    boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];

     

       
282
       
 
       


     

       
283
       
 
       
    environment.etc =

     

       
284
       
+
       
      {

     

       
285
       
+
       
        "udev/rules.d".source = udevRules;

     

       
286
       
+
       
        "udev/hwdb.bin".source = hwdbBin;

     

       
287
       
+
       
      };

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
288
       
 
       


     

       
289
       
 
       
    system.requiredKernelConfig = with config.lib.kernelConfig; [

     

       
290
       
 
       
      (isEnabled "UNIX")

     

···

       
43
       
 
       


     

       
44
       
 
       
  config = mkIf cfg.enable {

     

       
45
       
 
       


     

       
46
       
-
       
    users.users = optional (cfg.user == defaultUserGroup) {

     

       
47
       
-
       
      name = cfg.user;

     

       
48
       
-
       
      description = "usbmuxd user";

     

       
49
       
-
       
      group = cfg.group;

     

       
50
       
-
       
      isSystemUser = true;

     

       
0
       
 
       

     

       
51
       
 
       
    };

     

       
52
       
 
       


     

       
53
       
 
       
    users.groups = optional (cfg.group == defaultUserGroup) {

     

       
54
       
-
       
      name = cfg.group;

     

       
55
       
 
       
    };

     

       
56
       
 
       


     

       
57
       
 
       
    # Give usbmuxd permission for Apple devices

     

···

       
43
       
 
       


     

       
44
       
 
       
  config = mkIf cfg.enable {

     

       
45
       
 
       


     

       
46
       
+
       
    users.users = optionalAttrs (cfg.user == defaultUserGroup) {

     

       
47
       
+
       
      ${cfg.user} = {

     

       
48
       
+
       
        description = "usbmuxd user";

     

       
49
       
+
       
        group = cfg.group;

     

       
50
       
+
       
        isSystemUser = true;

     

       
51
       
+
       
      };

     

       
52
       
 
       
    };

     

       
53
       
 
       


     

       
54
       
 
       
    users.groups = optional (cfg.group == defaultUserGroup) {

     

       
55
       
+
       
      ${cfg.group} = { };

     

       
56
       
 
       
    };

     

       
57
       
 
       


     

       
58
       
 
       
    # Give usbmuxd permission for Apple devices

     

···

       
213
       
 
       
        mapAttrsToList writeIgnoreRule cfg.ignore

     

       
214
       
 
       
        ++ mapAttrsToList writeIgnoreCronRule cfg.ignoreCron;

     

       
215
       
 
       


     

       
216
       
-
       
    users.users = optionalAttrs (cfg.user == "logcheck") (singleton

     

       
217
       
-
       
      { name = "logcheck";

     

       
218
       
 
       
        uid = config.ids.uids.logcheck;

     

       
219
       
 
       
        shell = "/bin/sh";

     

       
220
       
 
       
        description = "Logcheck user account";

     

       
221
       
 
       
        extraGroups = cfg.extraGroups;

     

       
222
       
-
       
      });

     

       
0
       
 
       

     

       
223
       
 
       


     

       
224
       
 
       
    system.activationScripts.logcheck = ''

     

       
225
       
 
       
      mkdir -m 700 -p /var/{lib,lock}/logcheck

     

···

       
213
       
 
       
        mapAttrsToList writeIgnoreRule cfg.ignore

     

       
214
       
 
       
        ++ mapAttrsToList writeIgnoreCronRule cfg.ignoreCron;

     

       
215
       
 
       


     

       
216
       
+
       
    users.users = optionalAttrs (cfg.user == "logcheck") {

     

       
217
       
+
       
      logcheck = {

     

       
218
       
 
       
        uid = config.ids.uids.logcheck;

     

       
219
       
 
       
        shell = "/bin/sh";

     

       
220
       
 
       
        description = "Logcheck user account";

     

       
221
       
 
       
        extraGroups = cfg.extraGroups;

     

       
222
       
+
       
      };

     

       
223
       
+
       
    };

     

       
224
       
 
       


     

       
225
       
 
       
    system.activationScripts.logcheck = ''

     

       
226
       
 
       
      mkdir -m 700 -p /var/{lib,lock}/logcheck

     

···

       
310
       
 
       
     ++ optional cfg.enablePop3 "pop3"

     

       
311
       
 
       
     ++ optional cfg.enableLmtp "lmtp";

     

       
312
       
 
       


     

       
313
       
-
       
    users.users = [

     

       
314
       
-
       
      { name = "dovenull";

     

       
315
       
-
       
        uid = config.ids.uids.dovenull2;

     

       
316
       
-
       
        description = "Dovecot user for untrusted logins";

     

       
317
       
-
       
        group = "dovenull";

     

       
318
       
-
       
      }

     

       
319
       
-
       
    ] ++ optional (cfg.user == "dovecot2")

     

       
320
       
-
       
         { name = "dovecot2";

     

       
321
       
-
       
           uid = config.ids.uids.dovecot2;

     

       
322
       
 
       
           description = "Dovecot user";

     

       
323
       
 
       
           group = cfg.group;

     

       
324
       
-
       
         }

     

       
325
       
-
       
      ++ optional (cfg.createMailUser && cfg.mailUser != null)

     

       
326
       
-
       
         ({ name = cfg.mailUser;

     

       
327
       
-
       
            description = "Virtual Mail User";

     

       
328
       
-
       
         } // optionalAttrs (cfg.mailGroup != null) {

     

       
329
       
-
       
           group = cfg.mailGroup;

     

       
330
       
-
       
         });

     

       
331
       
 
       


     

       
332
       
-
       
    users.groups = optional (cfg.group == "dovecot2")

     

       
333
       
-
       
      { name = "dovecot2";

     

       
334
       
-
       
        gid = config.ids.gids.dovecot2;

     

       
335
       
-
       
      }

     

       
336
       
-
       
    ++ optional (cfg.createMailUser && cfg.mailGroup != null)

     

       
337
       
-
       
      { name = cfg.mailGroup;

     

       
338
       
-
       
      }

     

       
339
       
-
       
    ++ singleton

     

       
340
       
-
       
      { name = "dovenull";

     

       
341
       
-
       
        gid = config.ids.gids.dovenull2;

     

       
342
       
-
       
      };

     

       
343
       
 
       


     

       
344
       
 
       
    environment.etc."dovecot/modules".source = modulesDir;

     

       
345
       
 
       
    environment.etc."dovecot/dovecot.conf".source = cfg.configFile;

     

···

       
310
       
 
       
     ++ optional cfg.enablePop3 "pop3"

     

       
311
       
 
       
     ++ optional cfg.enableLmtp "lmtp";

     

       
312
       
 
       


     

       
313
       
+
       
    users.users = {

     

       
314
       
+
       
      dovenull =

     

       
315
       
+
       
        { uid = config.ids.uids.dovenull2;

     

       
316
       
+
       
          description = "Dovecot user for untrusted logins";

     

       
317
       
+
       
          group = "dovenull";

     

       
318
       
+
       
        };

     

       
319
       
+
       
    } // optionalAttrs (cfg.user == "dovecot2") {

     

       
320
       
+
       
      dovecot2 =

     

       
321
       
+
       
         { uid = config.ids.uids.dovecot2;

     

       
322
       
 
       
           description = "Dovecot user";

     

       
323
       
 
       
           group = cfg.group;

     

       
324
       
+
       
         };

     

       
325
       
+
       
    } // optionalAttrs (cfg.createMailUser && cfg.mailUser != null) {

     

       
326
       
+
       
      ${cfg.mailUser} =

     

       
327
       
+
       
        { description = "Virtual Mail User"; } //

     

       
328
       
+
       
        optionalAttrs (cfg.mailGroup != null)

     

       
329
       
+
       
          { group = cfg.mailGroup; };

     

       
330
       
+
       
    };

     

       
331
       
 
       


     

       
332
       
+
       
    users.groups = {

     

       
333
       
+
       
      dovenull.gid = config.ids.gids.dovenull2;

     

       
334
       
+
       
    } // optionalAttrs (cfg.group == "dovecot2") {

     

       
335
       
+
       
      dovecot2.gid = config.ids.gids.dovecot2;

     

       
336
       
+
       
    } // optionalAttrs (cfg.createMailUser && cfg.mailGroup != null) {

     

       
337
       
+
       
      ${cfg.mailgroup} = { };

     

       
338
       
+
       
    };

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
339
       
 
       


     

       
340
       
 
       
    environment.etc."dovecot/modules".source = modulesDir;

     

       
341
       
 
       
    environment.etc."dovecot/dovecot.conf".source = cfg.configFile;

     

···

       
86
       
 
       


     

       
87
       
 
       
  config = mkIf cfg.enable (mkMerge [

     

       
88
       
 
       
    {

     

       
89
       
-
       
      users.users = optionalAttrs (cfg.user == "dspam") (singleton

     

       
90
       
-
       
        { name = "dspam";

     

       
91
       
 
       
          group = cfg.group;

     

       
92
       
 
       
          uid = config.ids.uids.dspam;

     

       
93
       
-
       
        });

     

       
0
       
 
       

     

       
94
       
 
       


     

       
95
       
-
       
      users.groups = optionalAttrs (cfg.group == "dspam") (singleton

     

       
96
       
-
       
        { name = "dspam";

     

       
97
       
-
       
          gid = config.ids.gids.dspam;

     

       
98
       
-
       
        });

     

       
99
       
 
       


     

       
100
       
 
       
      environment.systemPackages = [ dspam ];

     

       
101
       
 
       


     

···

       
86
       
 
       


     

       
87
       
 
       
  config = mkIf cfg.enable (mkMerge [

     

       
88
       
 
       
    {

     

       
89
       
+
       
      users.users = optionalAttrs (cfg.user == "dspam") {

     

       
90
       
+
       
        dspam = {

     

       
91
       
 
       
          group = cfg.group;

     

       
92
       
 
       
          uid = config.ids.uids.dspam;

     

       
93
       
+
       
        };

     

       
94
       
+
       
      };

     

       
95
       
 
       


     

       
96
       
+
       
      users.groups = optionalAttrs (cfg.group == "dspam") {

     

       
97
       
+
       
        dspam.gid = config.ids.gids.dspam;

     

       
98
       
+
       
      };

     

       
0
       
 
       

     

       
99
       
 
       


     

       
100
       
 
       
      environment.systemPackages = [ dspam ];

     

       
101
       
 
       


     

···

       
87
       
 
       
      systemPackages = [ cfg.package ];

     

       
88
       
 
       
    };

     

       
89
       
 
       


     

       
90
       
-
       
    users.users = singleton {

     

       
91
       
-
       
      name = cfg.user;

     

       
92
       
 
       
      description = "Exim mail transfer agent user";

     

       
93
       
 
       
      uid = config.ids.uids.exim;

     

       
94
       
 
       
      group = cfg.group;

     

       
95
       
 
       
    };

     

       
96
       
 
       


     

       
97
       
-
       
    users.groups = singleton {

     

       
98
       
-
       
      name = cfg.group;

     

       
99
       
 
       
      gid = config.ids.gids.exim;

     

       
100
       
 
       
    };

     

       
101
       
 
       


     

···

       
87
       
 
       
      systemPackages = [ cfg.package ];

     

       
88
       
 
       
    };

     

       
89
       
 
       


     

       
90
       
+
       
    users.users.${cfg.user} = {

     

       
0
       
 
       

     

       
91
       
 
       
      description = "Exim mail transfer agent user";

     

       
92
       
 
       
      uid = config.ids.uids.exim;

     

       
93
       
 
       
      group = cfg.group;

     

       
94
       
 
       
    };

     

       
95
       
 
       


     

       
96
       
+
       
    users.groups.${cfg.group} = {

     

       
0
       
 
       

     

       
97
       
 
       
      gid = config.ids.gids.exim;

     

       
98
       
 
       
    };

     

       
99
       
 
       


     

···

       
94
       
 
       


     

       
95
       
 
       
  config = mkIf cfg.enable {

     

       
96
       
 
       


     

       
97
       
-
       
    users.users = singleton {

     

       
98
       
-
       
      name = cfg.user;

     

       
99
       
 
       
      description = "mlmmj user";

     

       
100
       
 
       
      home = stateDir;

     

       
101
       
 
       
      createHome = true;

     
···

       
104
       
 
       
      useDefaultShell = true;

     

       
105
       
 
       
    };

     

       
106
       
 
       


     

       
107
       
-
       
    users.groups = singleton {

     

       
108
       
-
       
      name = cfg.group;

     

       
109
       
 
       
      gid = config.ids.gids.mlmmj;

     

       
110
       
 
       
    };

     

       
111
       
 
       


     

···

       
94
       
 
       


     

       
95
       
 
       
  config = mkIf cfg.enable {

     

       
96
       
 
       


     

       
97
       
+
       
    users.users.${cfg.user} = {

     

       
0
       
 
       

     

       
98
       
 
       
      description = "mlmmj user";

     

       
99
       
 
       
      home = stateDir;

     

       
100
       
 
       
      createHome = true;

     
···

       
103
       
 
       
      useDefaultShell = true;

     

       
104
       
 
       
    };

     

       
105
       
 
       


     

       
106
       
+
       
    users.groups.${cfg.group} = {

     

       
0
       
 
       

     

       
107
       
 
       
      gid = config.ids.gids.mlmmj;

     

       
108
       
 
       
    };

     

       
109
       
 
       


     

···

       
201
       
 
       
    };

     

       
202
       
 
       


     

       
203
       
 
       
    users = {

     

       
204
       
-
       
      users = singleton {

     

       
205
       
-
       
        name = cfg.user;

     

       
206
       
 
       
        description = "Nullmailer relay-only mta user";

     

       
207
       
 
       
        group = cfg.group;

     

       
208
       
 
       
      };

     

       
209
       
 
       


     

       
210
       
-
       
      groups = singleton {

     

       
211
       
-
       
        name = cfg.group;

     

       
212
       
-
       
      };

     

       
213
       
 
       
    };

     

       
214
       
 
       


     

       
215
       
 
       
    systemd.tmpfiles.rules = [

     

···

       
201
       
 
       
    };

     

       
202
       
 
       


     

       
203
       
 
       
    users = {

     

       
204
       
+
       
      users.${cfg.user} = {

     

       
0
       
 
       

     

       
205
       
 
       
        description = "Nullmailer relay-only mta user";

     

       
206
       
 
       
        group = cfg.group;

     

       
207
       
 
       
      };

     

       
208
       
 
       


     

       
209
       
+
       
      groups.${cfg.group} = { };

     

       
0
       
 
       

     

       
0
       
 
       

     

       
210
       
 
       
    };

     

       
211
       
 
       


     

       
212
       
 
       
    systemd.tmpfiles.rules = [

     

···

       
91
       
 
       


     

       
92
       
 
       
  config = mkIf cfg.enable {

     

       
93
       
 
       


     

       
94
       
-
       
    users.users = optionalAttrs (cfg.user == "opendkim") (singleton

     

       
95
       
-
       
      { name = "opendkim";

     

       
96
       
 
       
        group = cfg.group;

     

       
97
       
 
       
        uid = config.ids.uids.opendkim;

     

       
98
       
-
       
      });

     

       
0
       
 
       

     

       
99
       
 
       


     

       
100
       
-
       
    users.groups = optionalAttrs (cfg.group == "opendkim") (singleton

     

       
101
       
-
       
      { name = "opendkim";

     

       
102
       
-
       
        gid = config.ids.gids.opendkim;

     

       
103
       
-
       
      });

     

       
104
       
 
       


     

       
105
       
 
       
    environment.systemPackages = [ pkgs.opendkim ];

     

       
106
       
 
       


     

···

       
91
       
 
       


     

       
92
       
 
       
  config = mkIf cfg.enable {

     

       
93
       
 
       


     

       
94
       
+
       
    users.users = optionalAttrs (cfg.user == "opendkim") {

     

       
95
       
+
       
      opendkim = {

     

       
96
       
 
       
        group = cfg.group;

     

       
97
       
 
       
        uid = config.ids.uids.opendkim;

     

       
98
       
+
       
      };

     

       
99
       
+
       
    };

     

       
100
       
 
       


     

       
101
       
+
       
    users.groups = optionalAttrs (cfg.group == "opendkim") {

     

       
102
       
+
       
      opendkimgid = config.ids.gids.opendkim;

     

       
103
       
+
       
    };

     

       
0
       
 
       

     

       
104
       
 
       


     

       
105
       
 
       
    environment.systemPackages = [ pkgs.opendkim ];

     

       
106