awakesecurity · bacchanalia · Sep 5, 2023 · Sep 5, 2023 · Jan 14, 2024 · Apr 8, 2022
diff --git a/maintainers/team-list.nix b/maintainers/team-list.nix
@@ -856,6 +856,7 @@ with lib.maintainers;
       qyriad
       _9999years
       lf-
+      alois31
     ];
     scope = "Maintain the Lix package manager inside of Nixpkgs.";
     shortName = "Lix ecosystem";

diff --git a/nixos/modules/config/stub-ld.nix b/nixos/modules/config/stub-ld.nix
@@ -52,7 +52,7 @@ in
     environment.stub-ld = {
       enable = mkOption {
         type = types.bool;
-        default = true;
+        default = false;
         example = false;
         description = ''
           Install a stub ELF loader to print an informative error message

diff --git a/nixos/modules/misc/nixpkgs.nix b/nixos/modules/misc/nixpkgs.nix
@@ -101,8 +101,36 @@ let
           ;
       };
 
-  finalPkgs = if opt.pkgs.isDefined then cfg.pkgs.appendOverlays cfg.overlays else defaultPkgs;
+  overlayedPkgs = if opt.pkgs.isDefined then cfg.pkgs.appendOverlays cfg.overlays else defaultPkgs;
+  splicedPackages = overlayedPkgs.__splicedPackages;
 
+  finalPkgs = if (cfg.scopedOverlays or [ ]) == [ ] then splicedPackages else
+    let
+      # cribbed of lib.makeScope
+      withScope = base: extension:
+        let
+          self = packages self // scope;
+          packages = self: extension self base;
+          scope = {
+            inherit extension packages;
+
+            newScope = scope: base.newScope (self // scope);
+
+            callPackage = self.newScope {};
+            callPackages = base.callPackagesWith self;
+            callPackageWith = autoArgs: base.callPackageWith (self // autoArgs);
+            callPackagesWith = autoArgs: base.callPackagesWith (self // autoArgs);
+
+            appendOverlays = fs: withScope (base.appendOverlays fs) extension;
+            extend = f: self.appendOverlays [f];
+
+            overrideScope = f: lib.makeScope base.newScope (lib.extends f packages);
+            appendOverlaysToScope = fs: withScope base (lib.composeManyExtensions ([extension] ++ fs));
+            extendScope = f: self.appendOverlaysToScope [f];
+          };
+        in base // self;
+    in
+    withScope splicedPackages (lib.composeManyExtensions cfg.scopedOverlays);
 in
 
 {
@@ -194,6 +222,25 @@ in
       '';
     };
 
+    scopedOverlays = lib.mkOption {
+      default = [];
+      example = lib.literalExpression
+        ''
+          [
+            (self: super: {
+              # Log commands run in builds of configuration files
+              runCommand = name: args: text: super.runCommand name args '''
+                set +x
+                ''${text}
+              ''';
+          ]
+        '';
+      type = lib.types.listOf overlayType;
+      description = ''
+        List of overlays to apply in a new scope after `nixpkgs.overlays` is applied accessed trough the `pgks` module argument.
+      '';
+    };
+
     hostPlatform = lib.mkOption {
       type = lib.types.either lib.types.str lib.types.attrs; # TODO utilize lib.systems.parsedPlatform
       example = {
@@ -356,7 +403,7 @@ in
         # which is somewhat costly for Nixpkgs. With an explicit priority, we only
         # evaluate the wrapper to find out that the priority is lower, and then we
         # don't need to evaluate `finalPkgs`.
-        lib.mkOverride lib.modules.defaultOverridePriority finalPkgs.__splicedPackages;
+        lib.mkOverride lib.modules.defaultOverridePriority finalPkgs;
     };
 
     assertions =

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -688,6 +688,7 @@
   ./services/home-automation/zigbee2mqtt.nix
   ./services/home-automation/zwave-js.nix
   ./services/home-automation/zwave-js-ui.nix
+  ./services/infrastructure/terraform-cloud-agent/default.nix
   ./services/logging/SystemdJournal2Gelf.nix
   ./services/logging/awstats.nix
   ./services/logging/filebeat.nix

diff --git a/nixos/modules/services/continuous-integration/buildkite-agents.nix b/nixos/modules/services/continuous-integration/buildkite-agents.nix
@@ -51,6 +51,12 @@ let
           type = lib.types.str;
         };
 
+        user = lib.mkOption {
+          default = "buildkite-agent-${name}";
+          description = "The username of the agent";
+          type = lib.types.passwdEntry lib.types.str;
+        };
+
         extraGroups = lib.mkOption {
           default = [ "keys" ];
           description = "Groups the user for this buildkite agent should belong to";
@@ -178,26 +184,26 @@ in
 
   config.users.users = mapAgents (
     name: cfg: {
-      "buildkite-agent-${name}" = {
-        name = "buildkite-agent-${name}";
+      ${cfg.user} = {
+        name = cfg.user;
         home = cfg.dataDir;
         createHome = true;
         description = "Buildkite agent user";
         extraGroups = cfg.extraGroups;
         isSystemUser = true;
-        group = "buildkite-agent-${name}";
+        group = cfg.user;
       };
     }
   );
   config.users.groups = mapAgents (
     name: cfg: {
-      "buildkite-agent-${name}" = { };
+      ${cfg.user} = { };
     }
   );
 
   config.systemd.services = mapAgents (
     name: cfg: {
-      "buildkite-agent-${name}" = {
+      ${cfg.user} = {
         description = "Buildkite Agent";
         wantedBy = [ "multi-user.target" ];
         after = [ "network.target" ];
@@ -241,7 +247,7 @@ in
 
         serviceConfig = {
           ExecStart = "${cfg.package}/bin/buildkite-agent start --config ${cfg.dataDir}/buildkite-agent.cfg";
-          User = "buildkite-agent-${name}";
+          User = cfg.user;
           RestartSec = 5;
           Restart = "on-failure";
           TimeoutSec = 10;

diff --git a/nixos/modules/services/databases/clickhouse.nix b/nixos/modules/services/databases/clickhouse.nix
@@ -19,6 +19,14 @@ in
 
       package = lib.mkPackageOption pkgs "clickhouse" { };
 
+      usersXml = lib.mkOption {
+        type = lib.types.path;
+        description = ''
+          ClickHouse server users.xml override for
+          declaring user access permissions and privileges
+        '';
+      };
+
     };
 
   };
@@ -27,6 +35,8 @@ in
 
   config = lib.mkIf cfg.enable {
 
+    services.clickhouse.usersXml = lib.mkDefault (cfg.package + "/etc/clickhouse-server/users.xml");
+
     users.users.clickhouse = {
       name = "clickhouse";
       uid = config.ids.uids.clickhouse;
@@ -63,11 +73,11 @@ in
 
     environment.etc = {
       "clickhouse-server/config.xml" = {
-        source = "${cfg.package}/etc/clickhouse-server/config.xml";
+        source = cfg.package + "/etc/clickhouse-server/config.xml";
       };
 
       "clickhouse-server/users.xml" = {
-        source = "${cfg.package}/etc/clickhouse-server/users.xml";
+        source = cfg.usersXml;
       };
     };
-Original file line number
+Diff line change
@@ Expand Up / @@ -856,6 +856,7 @@ with lib.maintainers; @@
           qyriad
           _9999years
           lf-
+          alois31
         ];
         scope = "Maintain the Lix package manager inside of Nixpkgs.";
         shortName = "Lix ecosystem";
@@ Expand Down @@