pyrox.dev
+34
nixos/doc/manual/default.nix
+34
nixos/doc/manual/default.nix
······sed -e '/@PYTHON_MACHINE_METHODS@/ {' -e 'r ${testDriverMachineDocstrings}/machine-methods.md' -e 'd' -e '}' \+inherit (evalModules { modules = [ ../../modules/system/service/portable/service.nix ]; }) options;+inherit (evalModules { modules = [ ../../modules/system/service/systemd/service.nix ]; }) options;+# TODO: filter out options that are not systemd-specific, maybe also change option prefix to just `service-opt-`?
+1
nixos/doc/manual/development/development.md
+1
nixos/doc/manual/development/development.md
+98
nixos/doc/manual/development/modular-services.md
+98
nixos/doc/manual/development/modular-services.md
···+Status: in development. This functionality is new in NixOS 25.11, and significant changes should be expected. We'd love to hear your feedback in <https://github.com/NixOS/nixpkgs/pull/372170>+Traditionally, NixOS services were defined using sets of options *in* modules, not *as* modules. This made them non-modular, resulting in problems with composability, reuse, and portability.+A configuration management framework is an application of `evalModules` with the `class` and `specialArgs` input attribute set to particular values.+NixOS is such a configuration management framework, and so are [Home Manager](https://github.com/nix-community/home-manager) and [`nix-darwin`](https://github.com/lnl7/nix-darwin).+The service management component of a configuration management framework is the set of module options that connects Nix expressions with the underlying service (or process) manager.+For NixOS this is the module wrapping [`systemd`](https://systemd.io/), on `nix-darwin` this is the module wrapping [`launchd`](https://en.wikipedia.org/wiki/Launchd).+A *modular service* is a [module] that defines values for a core set of options declared in the service management component of a configuration management framework, including which program to run.+Since it's a module, it can be composed with other modules via `imports` to extend its functionality.+<!-- ^ This is how composition is *always* provided, instead of a difficult thing (but this is reference docs, not a changelog) -->+- a module with systemd-specific options, whose values or defaults derive from the generic module's option values.+So note that the default value of `system.services.<name>` is not a complete service. It requires that the user provide a value, and this is typically done by importing a module. For example:+<!-- Not using typical example syntax, because reading this is *not* optional, and should it should not be folded closed. -->+It is possible to write service modules that are portable. This is done by either avoiding the `systemd` option tree, or by defining process-manager-specific definitions in an optional way:+This way, the module can be loaded into a configuration manager that does not use systemd, and the `systemd` definitions will be ignored.+Similarly, other configuration managers can declare their own options for services to customize.+Compared to traditional services, modular services are inherently more composable, by virtue of being modules and receiving a user-provided name when imported.+However, composition can not end there, because services need to be able to interact with each other.+These aren't mutually exclusive. In fact, it is a good practice when developing services to first write them as individual services, and then compose them into a higher-level composition. Each of these services is a valid modular service, including their composition.+Many services could be migrated to the modular service system, but even when the modular service system is mature, it is not necessary to migrate all services.+For instance, many system-wide services are a mandatory part of a desktop system, and it doesn't make sense to have multiple instances of them.+Moving their logic into separate Nix files may still be beneficial for the efficient evaluation of configurations that don't use those services, but that is a rather minor benefit, unless modular services potentially become the standard way to define services.
+18
nixos/doc/manual/redirects.json
+18
nixos/doc/manual/redirects.json
···
+3
-1
nixos/modules/misc/assertions.nix
+3
-1
nixos/modules/misc/assertions.nix
+2
nixos/modules/module-list.nix
+2
nixos/modules/module-list.nix
···
+219
-216
nixos/modules/services/web-apps/nextcloud.nix
+219
-216
nixos/modules/services/web-apps/nextcloud.nix
···············+${lib.optionalString (s3.sseCKeyFile != null) "'sse_c_key' => nix_read_secret('s3_sse_c_key'),"}···-[ 'path' => '${webroot}/${name}', 'url' => '/${name}', 'writable' => ${boolToString writable} ],+[ 'path' => '${webroot}/${name}', 'url' => '/${name}', 'writable' => ${lib.boolToString writable} ],···-${optionalString (c.dbtableprefix != null) "'dbtableprefix' => '${toString c.dbtableprefix}',"}+${lib.optionalString (showAppStoreSetting) "'appstoreenabled' => ${renderedAppStoreSetting},"}···$CONFIG = array_replace_recursive($CONFIG, nix_read_secret_and_decode_json_file('secret_file'));···This folder will be populated with a config.php file and a data folder which contains the state of the instance (excluding the database).";Extra apps to install. Should be an attrSet of appid to packages generated by fetchNextcloudApp.Using this will disable the appstore to prevent Nextcloud from updating these apps (see [](#opt-services.nextcloud.appstoreEnable)).···Automatically enable the apps in [](#opt-services.nextcloud.extraApps) every time Nextcloud starts.If set to false, apps need to be enabled in the Nextcloud web user interface or with `nextcloud-occ app:enable`.···Set this to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting.·········This is sometimes necessary to be able to install a certain Nextcloud app that has additional requirements.-defaultPHPSettings // { "openssl.cafile" = literalExpression "config.security.pki.caBundle"; }+defaultPHPSettings // { "openssl.cafile" = lib.literalExpression "config.security.pki.caBundle"; }······Options for Nextcloud's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives.··················set only in the initial setup of Nextcloud by the systemd service `nextcloud-setup.service`.······[upstream documentation](https://docs.nextcloud.com/server/22/admin_manual/configuration_files/primary_storage.html)······This is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF).You may want to disable it for increased security. In that case, previews will still be available·········See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html>············See the [nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) for details.···············Secret options which will be appended to Nextcloud's config.php file (written as JSON, in the same············Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release.Using `services.nextcloud.config.dbtableprefix` is deprecated. Fresh installations with this+++ (lib.optional (lib.versionOlder overridePackage.version "26") (upgradeWarning 25 "23.05"))+++ (lib.optional (lib.versionOlder overridePackage.version "27") (upgradeWarning 26 "23.11"))+++ (lib.optional (lib.versionOlder overridePackage.version "28") (upgradeWarning 27 "24.05"))+++ (lib.optional (lib.versionOlder overridePackage.version "29") (upgradeWarning 28 "24.11"))+++ (lib.optional (lib.versionOlder overridePackage.version "30") (upgradeWarning 29 "24.11"))+++ (lib.optional (lib.versionOlder overridePackage.version "31") (upgradeWarning 30 "25.05"));············+after = lib.optional mysqlLocal "mysql.service" ++ lib.optional pgsqlLocal "postgresql.target";+requires = lib.optional mysqlLocal "mysql.service" ++ lib.optional pgsqlLocal "postgresql.target";·········PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";···# NixOS already provides its own integrity check and the nix store is read-only, therefore Nextcloud does not need to do its own integrity checks.·········add_header Strict-Transport-Security "max-age=${toString cfg.nginx.hstsMaxAge}; includeSubDomains" always;···gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;···
+28
nixos/modules/system/service/README.md
+28
nixos/modules/system/service/README.md
···+See the [Modular Services chapter] in the manual [[source]](../../doc/manual/development/modular-services.md).+- `systemServices`: similar to does not allow importing a composition of services into `system`. Not sure if that's a good idea in the first place, but I've kept the possibility open.+- `services.abstract`: used in https://github.com/NixOS/nixpkgs/pull/267111, but too weird. Service modules should fit naturally into the configuration system.+Also "abstract" is wrong, because it has submodules - in other words, evalModules results, concrete services - not abstract at all.+- For now, do not add an `enable` option, because it's ambiguous. Does it disable at the Nix level (not generate anything) or at the systemd level (generate a service that is disabled)?+- Move all process options into a `process` option tree. Putting this at the root is messy, because we also have sub-services at that level. Those are rather distinct. Grouping them "by kind" should raise fewer questions.+- This reserves `modules/service` for actual service modules, at least until those are lifted out of NixOS, potentially
+33
nixos/modules/system/service/portable/lib.nix
+33
nixos/modules/system/service/portable/lib.nix
···
+48
nixos/modules/system/service/portable/service.nix
+48
nixos/modules/system/service/portable/service.nix
···+A collection of [modular services](https://nixos.org/manual/nixos/unstable/#modular-services) that are configured in one go.+It **does not** automatically create any other relationship between services (e.g. systemd slices), unless perhaps such a behavior is explicitly defined and enabled in another option.
+183
nixos/modules/system/service/portable/test.nix
+183
nixos/modules/system/service/portable/test.nix
···
+121
nixos/modules/system/service/systemd/service.nix
+121
nixos/modules/system/service/systemd/service.nix
···+This module configures systemd services, with the notable difference that their unit names will be prefixed with the abstract service name.+This option's value is not suitable for reading, but you can define a module here that interacts with just the unit configuration in the host system configuration.+This means that the module has not been combined with the system configuration yet, no values can be read from this option.+What you can do instead is define a module that reads from the module arguments (such as `config`) that are available when the module is merged into the system configuration.
+90
nixos/modules/system/service/systemd/system.nix
+90
nixos/modules/system/service/systemd/system.nix
···+A collection of NixOS [modular services](https://nixos.org/manual/nixos/unstable/#modular-services) that are configured as systemd services.
+92
nixos/modules/system/service/systemd/test.nix
+92
nixos/modules/system/service/systemd/test.nix
···+grep -F 'ExecStart="${hello}/bin/hello" "--greeting" "hoi"' ${toplevel}/etc/systemd/system/foo.service >/dev/null+grep -F 'ExecStart="${hello}/bin/hello" "--greeting" "hoi"' ${toplevel}/etc/systemd/system/bar.service >/dev/null+grep 'ExecStart="${hello}/bin/hello" "--greeting" ".*database.*"' ${toplevel}/etc/systemd/system/bar-db.service >/dev/null
+3
nixos/modules/system/service/systemd/user.nix
+3
nixos/modules/system/service/systemd/user.nix
+14
nixos/tests/all-tests.nix
+14
nixos/tests/all-tests.nix
·········
+120
nixos/tests/ghostunnel-modular.nix
+120
nixos/tests/ghostunnel-modular.nix
···+cmd("${hostPkgs.openssl}/bin/openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -subj '/C=NL/ST=Zuid-Holland/L=The Hague/O=Stevige Balken en Planken B.V./OU=OpSec/CN=Certificate Authority' -out ca.pem")+cmd("${hostPkgs.openssl}/bin/openssl req -subj '/CN=service' -sha256 -new -key service-key.pem -out service.csr")+cmd("${hostPkgs.openssl}/bin/openssl x509 -req -days 365 -sha256 -in service.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out service-cert.pem -extfile extfile.cnf")+cmd("${hostPkgs.openssl}/bin/openssl req -subj '/CN=client' -new -key client-key.pem -out client.csr")+cmd("${hostPkgs.openssl}/bin/openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem -extfile extfile-client.cnf")+client.succeed("bash -c 'diff <(curl -v --no-progress-meter http://backend/hi.txt) <(echo hi)'")+client.succeed("bash -c 'diff <(curl -v --no-progress-meter --insecure https://service/hi.txt) <(echo hi)'")+client.succeed("bash -c 'diff <(curl -v --no-progress-meter --cacert /root/ca.pem https://service/hi.txt) <(echo hi)'")+client.succeed("bash -c 'diff <(curl -v --no-progress-meter --cert /root/client-cert.pem --key /root/client-key.pem --cacert /root/ca.pem https://service:1443/hi.txt) <(echo hi)'")+client.fail("bash -c 'diff <(curl -v --no-progress-meter --cacert /root/ca.pem https://service:1443/hi.txt) <(echo hi)'")
+13
pkgs/applications/editors/vim/plugins/generated.nix
+13
pkgs/applications/editors/vim/plugins/generated.nix
···
+1
pkgs/applications/editors/vim/plugins/vim-plugin-names
+1
pkgs/applications/editors/vim/plugins/vim-plugin-names
···
+3
pkgs/applications/video/olive-editor/default.nix
+3
pkgs/applications/video/olive-editor/default.nix
+2
-2
pkgs/by-name/as/astyle/package.nix
+2
-2
pkgs/by-name/as/astyle/package.nix
···
+2
-2
pkgs/by-name/bl/blender/package.nix
+2
-2
pkgs/by-name/bl/blender/package.nix
······
+3
-3
pkgs/by-name/ch/chhoto-url/package.nix
+3
-3
pkgs/by-name/ch/chhoto-url/package.nix
······
+2
-2
pkgs/by-name/ch/chroma/package.nix
+2
-2
pkgs/by-name/ch/chroma/package.nix
······
+5
-5
pkgs/by-name/ch/chroma/src.json
+5
-5
pkgs/by-name/ch/chroma/src.json
···
+2
-2
pkgs/by-name/gh/gh-f/package.nix
+2
-2
pkgs/by-name/gh/gh-f/package.nix
···
+6
pkgs/by-name/gh/ghostunnel/package.nix
+6
pkgs/by-name/gh/ghostunnel/package.nix
······
+241
pkgs/by-name/gh/ghostunnel/service.nix
+241
pkgs/by-name/gh/ghostunnel/service.nix
···
+3
-3
pkgs/by-name/gi/gickup/package.nix
+3
-3
pkgs/by-name/gi/gickup/package.nix
···
+2
-2
pkgs/by-name/gp/gpupad/package.nix
+2
-2
pkgs/by-name/gp/gpupad/package.nix
······
+3
-3
pkgs/by-name/in/inputplumber/package.nix
+3
-3
pkgs/by-name/in/inputplumber/package.nix
···
+2
-2
pkgs/by-name/li/libdwarf/package.nix
+2
-2
pkgs/by-name/li/libdwarf/package.nix
···
+4
-4
pkgs/by-name/ma/maa-assistant-arknights/pin.json
+4
-4
pkgs/by-name/ma/maa-assistant-arknights/pin.json
···
+3
-3
pkgs/by-name/me/mergiraf/package.nix
+3
-3
pkgs/by-name/me/mergiraf/package.nix
···
+1
-1
pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/redirects.py
+1
-1
pkgs/by-name/ni/nixos-render-docs/src/nixos_render_docs/redirects.py
···+ignored_identifier_patterns = ("opt-", "auto-generated-", "function-library-", "service-opt-", "systemd-service-opt")# filter out automatically generated identifiers from module options and library documentation
+4
-4
pkgs/by-name/ol/olympus-unwrapped/package.nix
+4
-4
pkgs/by-name/ol/olympus-unwrapped/package.nix
······
+2
-2
pkgs/by-name/op/opengamepadui/package.nix
+2
-2
pkgs/by-name/op/opengamepadui/package.nix
······
-15
pkgs/by-name/op/openimageio/2.nix
-15
pkgs/by-name/op/openimageio/2.nix
···
+4
-13
pkgs/by-name/pc/pcsx2/package.nix
+4
-13
pkgs/by-name/pc/pcsx2/package.nix
············-# Can't avoid the double wrapping, the binary wrapper from qtWrapperArgs doesn't support --run
+8
-4
pkgs/by-name/pc/pcsx2/update.sh
+8
-4
pkgs/by-name/pc/pcsx2/update.sh
···
+3
-3
pkgs/by-name/pl/playwright-mcp/package.nix
+3
-3
pkgs/by-name/pl/playwright-mcp/package.nix
···
+3
-3
pkgs/by-name/re/redpanda-client/package.nix
+3
-3
pkgs/by-name/re/redpanda-client/package.nix
······
+2
-2
pkgs/by-name/ro/robin-map/package.nix
+2
-2
pkgs/by-name/ro/robin-map/package.nix
···
+2
-2
pkgs/by-name/sa/saga/package.nix
+2
-2
pkgs/by-name/sa/saga/package.nix
···
+6
-2
pkgs/development/beam-modules/elixir-ls/launch.sh.patch
+6
-2
pkgs/development/beam-modules/elixir-ls/launch.sh.patch
·········
+2
-2
pkgs/development/libraries/embree/2.x.nix
+2
-2
pkgs/development/libraries/embree/2.x.nix
+4
pkgs/development/libraries/libinput/default.nix
+4
pkgs/development/libraries/libinput/default.nix
···
+30
-6
pkgs/development/python-modules/imageio/default.nix
+30
-6
pkgs/development/python-modules/imageio/default.nix
············
-13
pkgs/development/python-modules/imageio/libgl-path.patch
-13
pkgs/development/python-modules/imageio/libgl-path.patch
···
+5
-13
pkgs/development/python-modules/materialx/default.nix
+5
-13
pkgs/development/python-modules/materialx/default.nix
···············
+2
-2
pkgs/development/python-modules/playwright/default.nix
+2
-2
pkgs/development/python-modules/playwright/default.nix
······
+17
-1
pkgs/development/python-modules/playwright/update.sh
+17
-1
pkgs/development/python-modules/playwright/update.sh
···+mcp_version=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} -s https://api.github.com/repos/microsoft/playwright-mcp/releases/latest | jq -r '.tag_name | sub("^v"; "")')+curl -fsSL -o package-lock.json "https://raw.githubusercontent.com/microsoft/playwright-mcp/v${mcp_version}/package-lock.json"······
+8
-8
pkgs/development/web/playwright/browsers.json
+8
-8
pkgs/development/web/playwright/browsers.json
······
+4
-4
pkgs/development/web/playwright/chromium-headless-shell.nix
+4
-4
pkgs/development/web/playwright/chromium-headless-shell.nix
······
+4
-4
pkgs/development/web/playwright/chromium.nix
+4
-4
pkgs/development/web/playwright/chromium.nix
······
+4
-4
pkgs/development/web/playwright/driver.nix
+4
-4
pkgs/development/web/playwright/driver.nix
·········
+4
-4
pkgs/development/web/playwright/firefox.nix
+4
-4
pkgs/development/web/playwright/firefox.nix
······
+9
-5
pkgs/development/web/playwright/webkit.nix
+9
-5
pkgs/development/web/playwright/webkit.nix
·········
+6
-6
pkgs/top-level/aliases.nix
+6
-6
pkgs/top-level/aliases.nix
···gcj6 = throw "gcj6 has been removed from Nixpkgs, as it is unmaintained and obsolete"; # Added 2024-09-13gcolor2 = throw "'gcolor2' has been removed due to lack of maintenance upstream and depending on gtk2. Consider using 'gcolor3' or 'eyedropper' instead"; # Added 2024-09-15gdome2 = throw "'gdome2' has been removed from nixpkgs, as it is umaintained and obsolete"; # Added 2024-12-29-geocode-glib = "throw 'geocode-glib' has been removed, as it was unused and used outdated libraries"; # Added 2025-04-16+geocode-glib = throw "throw 'geocode-glib' has been removed, as it was unused and used outdated libraries"; # Added 2025-04-16geos_3_11 = throw "geos_3_11 has been removed from nixpgks. Please use a more recent 'geos' instead.";gfbgraph = throw "'gfbgraph' has been removed as it was archived upstream and unused in nixpkgs"; # Added 2025-04-20···gsignond = throw "'gsignond' and its plugins have been removed due to lack of maintenance upstream"; # added 2025-04-17gsignondPlugins = throw "'gsignondPlugins' have been removed alongside 'gsignond' due to lack of maintenance upstream and depending on libsoup_2"; # added 2025-04-17gtetrinet = throw "'gtetrinet' has been removed because it depends on GNOME 2 libraries"; # Added 2024-06-27-gtk-engine-bluecurve = "'gtk-engine-bluecurve' has been removed as it has been archived upstream."; # Added 2024-12-04+gtk-engine-bluecurve = throw "'gtk-engine-bluecurve' has been removed as it has been archived upstream."; # Added 2024-12-04gtk2fontsel = throw "'gtk2fontsel' has been removed due to lack of maintenance upstream. GTK now has a built-in font chooser so it's no longer needed for newer apps"; # Added 2024-10-19gtkextra = throw "'gtkextra' has been removed due to lack of maintenance upstream."; # Added 2025-06-10···-scry = "'scry' has been removed as it was archived upstream. Use 'crystalline' instead"; # Added 2025-02-12+scry = throw "'scry' has been removed as it was archived upstream. Use 'crystalline' instead"; # Added 2025-02-12semeru-bin-16 = throw "Semeru 16 has been removed as it has reached its end of life"; # Added 2024-08-01semeru-jre-bin-16 = throw "Semeru 16 has been removed as it has reached its end of life"; # Added 2024-08-01sensu = throw "sensu has been removed as the upstream project is deprecated. Consider using `sensu-go`"; # Added 2024-10-28···timelens = throw "'timelens' has been removed due to lack of upstream maintenance"; # Added 2025-01-25toil = throw "toil was removed as it was broken and requires obsolete versions of libraries"; # Added 2024-09-22···ubootBeagleboneBlack = throw "'ubootBeagleboneBlack' has been renamed to/replaced by 'ubootAmx335xEVM'"; # Converted to throw 2024-10-17unicorn-emu = throw "'unicorn-emu' has been renamed to/replaced by 'unicorn'"; # Converted to throw 2024-10-17uniffi-bindgen = throw "uniffi-bindgen has been removed since upstream no longer provides a standalone package for the CLI";
-2
pkgs/top-level/all-packages.nix
-2
pkgs/top-level/all-packages.nix
···