nixos: fix various modules after with lib removal (#370042)

JohnRTitor · web-flow · commit f28864e00da1 · 2025-01-02T03:45:35.000+05:30
diff --git a/nixos/modules/services/security/certmgr.nix b/nixos/modules/services/security/certmgr.nix
@@ -130,7 +130,7 @@ in
                 type = addCheck str (
                   x:
                   cfg.svcManager == "command"
-                  || elem x [
+                  || lib.elem x [
                     "restart"
                     "reload"
                     "nop"
diff --git a/nixos/modules/services/security/cfssl.nix b/nixos/modules/services/security/cfssl.nix
@@ -193,7 +193,7 @@ in
           ExecStart =
             with cfg;
             let
-              opt = n: v: optionalString (v != null) ''-${n}="${v}"'';
+              opt = n: v: lib.optionalString (v != null) ''-${n}="${v}"'';
             in
             lib.concatStringsSep " \\\n" [
               "${pkgs.cfssl}/bin/cfssl serve"
diff --git a/nixos/modules/services/security/endlessh-go.nix b/nixos/modules/services/security/endlessh-go.nix
@@ -94,14 +94,14 @@ in
           Restart = "always";
           ExecStart =
             with cfg;
-            concatStringsSep " " (
+            lib.concatStringsSep " " (
               [
                 (lib.getExe cfg.package)
                 "-logtostderr"
                 "-host=${listenAddress}"
                 "-port=${toString port}"
               ]
-              ++ optionals prometheus.enable [
+              ++ lib.optionals prometheus.enable [
                 "-enable_prometheus"
                 "-prometheus_host=${prometheus.listenAddress}"
                 "-prometheus_port=${toString prometheus.port}"
@@ -149,7 +149,7 @@ in
         };
     };
 
-    networking.firewall.allowedTCPPorts = with cfg; optionals openFirewall [ port ];
+    networking.firewall.allowedTCPPorts = with cfg; lib.optionals openFirewall [ port ];
   };
 
   meta.maintainers = with lib.maintainers; [ azahi ];
diff --git a/nixos/modules/services/security/endlessh.nix b/nixos/modules/services/security/endlessh.nix
@@ -60,7 +60,7 @@ in
           Restart = "always";
           ExecStart =
             with cfg;
-            concatStringsSep " " (
+            lib.concatStringsSep " " (
               [
                 "${pkgs.endlessh}/bin/endlessh"
                 "-p ${toString port}"
@@ -109,7 +109,7 @@ in
         };
     };
 
-    networking.firewall.allowedTCPPorts = with cfg; optionals openFirewall [ port ];
+    networking.firewall.allowedTCPPorts = with cfg; lib.optionals openFirewall [ port ];
   };
 
   meta.maintainers = with lib.maintainers; [ azahi ];
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
@@ -5,7 +5,6 @@
   pkgs,
   ...
 }:
-with builtins;
 let
   cfg = config.services.tor;
   opt = options.services.tor;
@@ -15,7 +14,7 @@ let
     See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en#${option}).
   '';
   bindsPrivilegedPort =
-    any
+    lib.any
       (
         p0:
         let
@@ -25,7 +24,7 @@ let
           false
         else
           let
-            p2 = if isInt p1 then p1 else toInt p1;
+            p2 = if lib.isInt p1 then p1 else lib.toInt p1;
           in
           p1 != null && 0 < p2 && p2 < 1024
       )
@@ -197,7 +196,7 @@ let
           config = lib.mkIf doConfig {
             # Only add flags in SOCKSPort to avoid duplicates
             flags =
-              filter (name: config.${name} == true) flags
+              lib.filter (name: config.${name} == true) flags
               ++ lib.optional (config.SessionGroup != null) "SessionGroup=${toString config.SessionGroup}";
           };
         }
@@ -272,16 +271,16 @@ let
     k: v:
     if v == null then
       ""
-    else if isBool v then
+    else if lib.isBool v then
       (if v then "1" else "0")
     else if v ? "unix" && v.unix != null then
-      "unix:" + v.unix + lib.optionalString (v ? "flags") (" " + concatStringsSep " " v.flags)
+      "unix:" + v.unix + lib.optionalString (v ? "flags") (" " + lib.concatStringsSep " " v.flags)
     else if v ? "port" && v.port != null then
       lib.optionalString (v ? "addr" && v.addr != null) "${v.addr}:"
       + toString v.port
-      + lib.optionalString (v ? "flags") (" " + concatStringsSep " " v.flags)
+      + lib.optionalString (v ? "flags") (" " + lib.concatStringsSep " " v.flags)
     else if k == "ServerTransportPlugin" then
-      lib.optionalString (v.transports != [ ]) "${concatStringsSep "," v.transports} exec ${v.exec}"
+      lib.optionalString (v.transports != [ ]) "${lib.concatStringsSep "," v.transports} exec ${v.exec}"
     else if k == "HidServAuth" then
       v.onion + " " + v.auth
     else
@@ -298,15 +297,15 @@ let
           k: v:
           # Not necesssary, but prettier rendering
           if
-            elem k [
+            lib.elem k [
               "AutomapHostsSuffixes"
               "DirPolicy"
               "ExitPolicy"
               "SocksPolicy"
             ]
             && v != [ ]
           then
-            concatStringsSep "," v
+            lib.concatStringsSep "," v
           else
             v
         ) (lib.filterAttrs (k: v: !(v == null || v == "")) settings)
@@ -750,7 +749,7 @@ in
                     ]);
                   apply = map (
                     v:
-                    if isInt v then
+                    if lib.isInt v then
                       {
                         port = v;
                         target = null;
@@ -816,7 +815,7 @@ in
                   settings.HiddenServiceVersion = config.version;
                   settings.HiddenServiceAuthorizeClient =
                     if config.authorizeClient != null then
-                      config.authorizeClient.authType + " " + concatStringsSep "," config.authorizeClient.clientNames
+                      config.authorizeClient.authType + " " + lib.concatStringsSep "," config.authorizeClient.clientNames
                     else
                       null;
                   settings.HiddenServicePort = map (
@@ -998,7 +997,7 @@ in
                   }
                 ))
               ]);
-            apply = p: if isInt p || isString p then { port = p; } else p;
+            apply = p: if lib.isInt p || lib.isString p then { port = p; } else p;
           };
           options.ExtORPortCookieAuthFile = optionPath "ExtORPortCookieAuthFile";
           options.ExtORPortCookieAuthFileGroupReadable = optionBool "ExtORPortCookieAuthFileGroupReadable";
@@ -1198,17 +1197,17 @@ in
         lib.mapAttrsToList (
           n: o:
           lib.optionals (o.settings.HiddenServiceVersion == 2) [
-            (optional (o.settings.HiddenServiceExportCircuitID != null) ''
+            (lib.optional (o.settings.HiddenServiceExportCircuitID != null) ''
               HiddenServiceExportCircuitID is used in the HiddenService: ${n}
               but this option is only for v3 hidden services.
             '')
           ]
           ++ lib.optionals (o.settings.HiddenServiceVersion != 2) [
-            (optional (o.settings.HiddenServiceAuthorizeClient != null) ''
+            (lib.optional (o.settings.HiddenServiceAuthorizeClient != null) ''
               HiddenServiceAuthorizeClient is used in the HiddenService: ${n}
               but this option is only for v2 hidden services.
             '')
-            (optional (o.settings.RendPostPeriod != null) ''
+            (lib.optional (o.settings.RendPostPeriod != null) ''
               RendPostPeriod is used in the HiddenService: ${n}
               but this option is only for v2 hidden services.
             '')
@@ -1245,7 +1244,7 @@ in
         }
         //
           lib.optionalAttrs
-            (elem cfg.relay.role [
+            (lib.elem cfg.relay.role [
               "bridge"
               "private-bridge"
             ])
@@ -1307,13 +1306,13 @@ in
 
     networking.firewall = lib.mkIf cfg.openFirewall {
       allowedTCPPorts =
-        concatMap
+        lib.concatMap
           (
             o:
-            if isInt o && o > 0 then
+            if lib.isInt o && o > 0 then
               [ o ]
             else
-              lib.optionals (o ? "port" && isInt o.port && o.port > 0) [ o.port ]
+              lib.optionals (o ? "port" && lib.isInt o.port && o.port > 0) [ o.port ]
           )
           (
             lib.flatten [
@@ -1341,40 +1340,40 @@ in
           (
             "+"
             + pkgs.writeShellScript "ExecStartPre" (
-              concatStringsSep "\n" (
+              lib.concatStringsSep "\n" (
                 lib.flatten (
                   [ "set -eu" ]
                   ++ lib.mapAttrsToList (
                     name: onion:
                     lib.optional (onion.authorizedClients != [ ]) ''
-                      rm -rf ${escapeShellArg onion.path}/authorized_clients
-                      install -d -o tor -g tor -m 0700 ${escapeShellArg onion.path} ${escapeShellArg onion.path}/authorized_clients
+                      rm -rf ${lib.escapeShellArg onion.path}/authorized_clients
+                      install -d -o tor -g tor -m 0700 ${lib.escapeShellArg onion.path} ${lib.escapeShellArg onion.path}/authorized_clients
                     ''
-                    ++ imap0 (i: pubKey: ''
+                    ++ lib.imap0 (i: pubKey: ''
                       echo ${pubKey} |
-                      install -o tor -g tor -m 0400 /dev/stdin ${escapeShellArg onion.path}/authorized_clients/${toString i}.auth
+                      install -o tor -g tor -m 0400 /dev/stdin ${lib.escapeShellArg onion.path}/authorized_clients/${toString i}.auth
                     '') onion.authorizedClients
                     ++ lib.optional (onion.secretKey != null) ''
-                      install -d -o tor -g tor -m 0700 ${escapeShellArg onion.path}
-                      key="$(cut -f1 -d: ${escapeShellArg onion.secretKey} | head -1)"
+                      install -d -o tor -g tor -m 0700 ${lib.escapeShellArg onion.path}
+                      key="$(cut -f1 -d: ${lib.escapeShellArg onion.secretKey} | head -1)"
                       case "$key" in
                        ("== ed25519v"*"-secret")
-                        install -o tor -g tor -m 0400 ${escapeShellArg onion.secretKey} ${escapeShellArg onion.path}/hs_ed25519_secret_key;;
+                        install -o tor -g tor -m 0400 ${lib.escapeShellArg onion.secretKey} ${lib.escapeShellArg onion.path}/hs_ed25519_secret_key;;
                        (*) echo >&2 "NixOS does not (yet) support secret key type for onion: ${name}"; exit 1;;
                       esac
                     ''
                   ) cfg.relay.onionServices
                   ++ lib.mapAttrsToList (
                     name: onion:
-                    imap0 (
+                    lib.imap0 (
                       i: prvKeyPath:
                       let
-                        hostname = removeSuffix ".onion" name;
+                        hostname = lib.removeSuffix ".onion" name;
                       in
                       ''
-                        printf "%s:" ${escapeShellArg hostname} | cat - ${escapeShellArg prvKeyPath} |
+                        printf "%s:" ${lib.escapeShellArg hostname} | cat - ${lib.escapeShellArg prvKeyPath} |
                         install -o tor -g tor -m 0700 /dev/stdin \
-                         ${runDir}/ClientOnionAuthDir/${escapeShellArg hostname}.${toString i}.auth_private
+                         ${runDir}/ClientOnionAuthDir/${lib.escapeShellArg hostname}.${toString i}.auth_private
                       ''
                     ) onion.clientAuthorizations
                   ) cfg.client.onionServices
@@ -1417,7 +1416,7 @@ in
         BindPaths = [ stateDir ];
         BindReadOnlyPaths =
           [
-            storeDir
+            builtins.storeDir
             "/etc"
           ]
           ++ lib.optionals config.services.resolved.enable [
diff --git a/nixos/modules/services/system/cloud-init.nix b/nixos/modules/services/system/cloud-init.nix
@@ -17,9 +17,9 @@ let
       util-linux
       busybox
     ]
-    ++ optional cfg.btrfs.enable btrfs-progs
-    ++ optional cfg.ext4.enable e2fsprogs
-    ++ optional cfg.xfs.enable xfsprogs
+    ++ lib.optional cfg.btrfs.enable btrfs-progs
+    ++ lib.optional cfg.ext4.enable e2fsprogs
+    ++ lib.optional cfg.xfs.enable xfsprogs
     ++ cfg.extraPackages;
   hasFs = fsName: lib.any (fs: fs.fsType == fsName) (lib.attrValues config.fileSystems);
   settingsFormat = pkgs.formats.yaml { };
diff --git a/nixos/modules/services/torrent/magnetico.nix b/nixos/modules/services/torrent/magnetico.nix
@@ -15,7 +15,7 @@ let
       credentialsFile
     else
       pkgs.writeText "magnetico-credentials" (
-        concatStrings (mapAttrsToList (user: hash: "${user}:${hash}\n") cfg.web.credentials)
+        lib.concatStrings (lib.mapAttrsToList (user: hash: "${user}:${hash}\n") cfg.web.credentials)
       );
 
   # default options in magneticod/main.go
@@ -28,7 +28,7 @@ let
 
   crawlerArgs =
     with cfg.crawler;
-    escapeShellArgs (
+    lib.escapeShellArgs (
       [
         "--database=${dbURI}"
         "--indexer-addr=${address}:${toString port}"
@@ -40,7 +40,7 @@ let
 
   webArgs =
     with cfg.web;
-    escapeShellArgs (
+    lib.escapeShellArgs (
       [
         "--database=${dbURI}"
         (
