Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'upstream/master' into HEAD
- Loading branch information
Showing
50 changed files
with
1,725 additions
and
822 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
# fwupd daemon. | ||
|
||
{ config, lib, pkgs, ... }: | ||
|
||
with lib; | ||
|
||
let | ||
cfg = config.services.fwupd; | ||
originalEtc = | ||
let | ||
isRegular = v: v == "regular"; | ||
listFiles = d: builtins.attrNames (filterAttrs (const isRegular) (builtins.readDir d)); | ||
copiedDirs = [ "fwupd/remotes.d" "pki/fwupd" "pki/fwupd-metadata" ]; | ||
originalFiles = concatMap (d: map (f: "${d}/${f}") (listFiles "${pkgs.fwupd}/etc/${d}")) copiedDirs; | ||
mkEtcFile = n: nameValuePair n { source = "${pkgs.fwupd}/etc/${n}"; }; | ||
in listToAttrs (map mkEtcFile originalFiles); | ||
extraTrustedKeys = | ||
let | ||
mkName = p: "pki/fwupd/${baseNameOf (toString p)}"; | ||
mkEtcFile = p: nameValuePair (mkName p) { source = p; }; | ||
in listToAttrs (map mkEtcFile cfg.extraTrustedKeys); | ||
in { | ||
|
||
###### interface | ||
options = { | ||
services.fwupd = { | ||
enable = mkOption { | ||
type = types.bool; | ||
default = false; | ||
description = '' | ||
Whether to enable fwupd, a DBus service that allows | ||
applications to update firmware. | ||
''; | ||
}; | ||
|
||
blacklistDevices = mkOption { | ||
type = types.listOf types.string; | ||
default = []; | ||
example = [ "2082b5e0-7a64-478a-b1b2-e3404fab6dad" ]; | ||
description = '' | ||
Allow blacklisting specific devices by their GUID | ||
''; | ||
}; | ||
|
||
blacklistPlugins = mkOption { | ||
type = types.listOf types.string; | ||
default = []; | ||
example = [ "udev" ]; | ||
description = '' | ||
Allow blacklisting specific plugins | ||
''; | ||
}; | ||
|
||
extraTrustedKeys = mkOption { | ||
type = types.listOf types.path; | ||
default = []; | ||
example = literalExample "[ /etc/nixos/fwupd/myfirmware.pem ]"; | ||
description = '' | ||
Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files. By default trusted firmware can be upgraded (but not downgraded) without the user or administrator password. Only very few keys are installed by default. | ||
''; | ||
}; | ||
}; | ||
}; | ||
|
||
|
||
###### implementation | ||
config = mkIf cfg.enable { | ||
environment.systemPackages = [ pkgs.fwupd ]; | ||
|
||
environment.etc = { | ||
"fwupd/daemon.conf" = { | ||
source = pkgs.writeText "daemon.conf" '' | ||
[fwupd] | ||
BlacklistDevices=${lib.concatStringsSep ";" cfg.blacklistDevices} | ||
BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins} | ||
''; | ||
}; | ||
} // originalEtc // extraTrustedKeys; | ||
|
||
services.dbus.packages = [ pkgs.fwupd ]; | ||
|
||
services.udev.packages = [ pkgs.fwupd ]; | ||
|
||
systemd.packages = [ pkgs.fwupd ]; | ||
|
||
systemd.tmpfiles.rules = [ | ||
"d /var/lib/fwupd 0755 root root -" | ||
]; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.