treewide/nixos: remove with lib; part 5

nixos/modules/installer/sd-card/sd-image.nix

@@ -10,53 +10,49 @@
 #
 # The derivation for the SD image will be placed in
 # config.system.build.sdImage
-
 { config, lib, pkgs, ... }:
-
-with lib;
-
 let
   rootfsImage = pkgs.callPackage ../../../lib/make-ext4-fs.nix ({
     inherit (config.sdImage) storePaths;
     compressImage = config.sdImage.compressImage;
     populateImageCommands = config.sdImage.populateRootCommands;
     volumeLabel = "NIXOS_SD";
-  } // optionalAttrs (config.sdImage.rootPartitionUUID != null) {
+  } // lib.optionalAttrs (config.sdImage.rootPartitionUUID != null) {
     uuid = config.sdImage.rootPartitionUUID;
   });
 in
 {
   imports = [
-    (mkRemovedOptionModule [ "sdImage" "bootPartitionID" ] "The FAT partition for SD image now only holds the Raspberry Pi firmware files. Use firmwarePartitionID to configure that partition's ID.")
-    (mkRemovedOptionModule [ "sdImage" "bootSize" ] "The boot files for SD image have been moved to the main ext4 partition. The FAT partition now only holds the Raspberry Pi firmware files. Changing its size may not be required.")
+    (lib.mkRemovedOptionModule [ "sdImage" "bootPartitionID" ] "The FAT lib.partition for SD image now only holds the Raspberry Pi firmware files. Use firmwarePartitionID to configure that lib.partition's ID.")
+    (lib.mkRemovedOptionModule [ "sdImage" "bootSize" ] "The boot files for SD image have been moved to the main ext4 lib.partition. The FAT lib.partition now only holds the Raspberry Pi firmware files. Changing its size may not be required.")
     ../../profiles/all-hardware.nix
   ];
 
   options.sdImage = {
-    imageName = mkOption {
+    imageName = lib.mkOption {
       default = "${config.sdImage.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.img";
       description = ''
         Name of the generated image file.
       '';
     };
 
-    imageBaseName = mkOption {
+    imageBaseName = lib.mkOption {
       default = "nixos-sd-image";
       description = ''
         Prefix of the name of the generated image file.
       '';
     };
 
-    storePaths = mkOption {
-      type = with types; listOf package;
-      example = literalExpression "[ pkgs.stdenv ]";
+    storePaths = lib.mkOption {
+      type = with lib.types; listOf package;
+      example = lib.literalExpression "[ pkgs.stdenv ]";
       description = ''
         Derivations to be included in the Nix store in the generated SD image.
       '';
     };
 
-    firmwarePartitionOffset = mkOption {
-      type = types.int;
+    firmwarePartitionOffset = lib.mkOption {
+      type = lib.types.int;
       default = 8;
       description = ''
         Gap in front of the /boot/firmware partition, in mebibytes (1024×1024
@@ -71,52 +67,52 @@ in
       '';
     };
 
-    firmwarePartitionID = mkOption {
-      type = types.str;
+    firmwarePartitionID = lib.mkOption {
+      type = lib.types.str;
       default = "0x2178694e";
       description = ''
         Volume ID for the /boot/firmware partition on the SD card. This value
         must be a 32-bit hexadecimal number.
       '';
     };
 
-    firmwarePartitionName = mkOption {
-      type = types.str;
+    firmwarePartitionName = lib.mkOption {
+      type = lib.types.str;
       default = "FIRMWARE";
       description = ''
         Name of the filesystem which holds the boot firmware.
       '';
     };
 
-    rootPartitionUUID = mkOption {
-      type = types.nullOr types.str;
+    rootPartitionUUID = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
       default = null;
       example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
       description = ''
         UUID for the filesystem on the main NixOS partition on the SD card.
       '';
     };
 
-    firmwareSize = mkOption {
-      type = types.int;
+    firmwareSize = lib.mkOption {
+      type = lib.types.int;
       # As of 2019-08-18 the Raspberry pi firmware + u-boot takes ~18MiB
       default = 30;
       description = ''
         Size of the /boot/firmware partition, in megabytes.
       '';
     };
 
-    populateFirmwareCommands = mkOption {
-      example = literalExpression "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''";
+    populateFirmwareCommands = lib.mkOption {
+      example = lib.literalExpression "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''";
       description = ''
         Shell commands to populate the ./firmware directory.
         All files in that directory are copied to the
         /boot/firmware partition on the SD image.
       '';
     };
 
-    populateRootCommands = mkOption {
-      example = literalExpression "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''";
+    populateRootCommands = lib.mkOption {
+      example = lib.literalExpression "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''";
       description = ''
         Shell commands to populate the ./files directory.
         All files in that directory are copied to the
@@ -125,34 +121,34 @@ in
       '';
     };
 
-    postBuildCommands = mkOption {
-      example = literalExpression "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''";
+    postBuildCommands = lib.mkOption {
+      example = lib.literalExpression "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''";
       default = "";
       description = ''
         Shell commands to run after the image is built.
         Can be used for boards requiring to dd u-boot SPL before actual partitions.
       '';
     };
 
-    compressImage = mkOption {
-      type = types.bool;
+    compressImage = lib.mkOption {
+      type = lib.types.bool;
       default = true;
       description = ''
         Whether the SD image should be compressed using
         {command}`zstd`.
       '';
     };
 
-    expandOnBoot = mkOption {
-      type = types.bool;
+    expandOnBoot = lib.mkOption {
+      type = lib.types.bool;
       default = true;
       description = ''
         Whether to configure the sd image to expand it's partition on boot.
       '';
     };
 
-    nixPathRegistrationFile = mkOption {
-      type = types.str;
+    nixPathRegistrationFile = lib.mkOption {
+      type = lib.types.str;
       default = "/nix-path-registration";
       description = ''
         Location of the file containing the input for nix-store --load-db once the machine has booted.

nixos/modules/profiles/clone-config.nix

@@ -1,7 +1,4 @@
 { config, lib, pkgs, modules, ... }:
-
-with lib;
-
 let
 
   # Location of the repository on the harddrive
@@ -10,29 +7,29 @@ let
   # Check if the path is from the NixOS repository
   isNixOSFile = path:
     let s = toString path; in
-      removePrefix nixosPath s != s;
+      lib.removePrefix nixosPath s != s;
 
   # Copy modules given as extra configuration files.  Unfortunately, we
   # cannot serialized attribute set given in the list of modules (that's why
   # you should use files).
   moduleFiles =
     # FIXME: use typeOf (Nix 1.6.1).
-    filter (x: !isAttrs x && !lib.isFunction x) modules;
+    lib.filter (x: !lib.isAttrs x && !lib.isFunction x) modules;
 
   # Partition module files because between NixOS and non-NixOS files.  NixOS
   # files may change if the repository is updated.
-  partitionedModuleFiles =
-    let p = partition isNixOSFile moduleFiles; in
+  lib.partitionedModuleFiles =
+    let p = lib.partition isNixOSFile moduleFiles; in
     { nixos = p.right; others = p.wrong; };
 
   # Path transformed to be valid on the installation device.  Thus the
   # device configuration could be rebuild.
   relocatedModuleFiles =
     let
       relocateNixOS = path:
-        "<nixpkgs/nixos" + removePrefix nixosPath (toString path) + ">";
+        "<nixpkgs/nixos" + lib.removePrefix nixosPath (toString path) + ">";
     in
-      { nixos = map relocateNixOS partitionedModuleFiles.nixos;
+      { nixos = map relocateNixOS lib.partitionedModuleFiles.nixos;
         others = []; # TODO: copy the modules to the install-device repository.
       };
 
@@ -59,23 +56,23 @@ in
 
   options = {
 
-    installer.cloneConfig = mkOption {
+    installer.cloneConfig = lib.mkOption {
       default = true;
       description = ''
         Try to clone the installation-device configuration by re-using it's
         profile from the list of imported modules.
       '';
     };
 
-    installer.cloneConfigIncludes = mkOption {
+    installer.cloneConfigIncludes = lib.mkOption {
       default = [];
       example = [ "./nixos/modules/hardware/network/rt73.nix" ];
       description = ''
         List of modules used to re-build this installation device profile.
       '';
     };
 
-    installer.cloneConfigExtra = mkOption {
+    installer.cloneConfigExtra = lib.mkOption {
       default = "";
       description = ''
         Extra text to include in the cloned configuration.nix included in this
@@ -94,7 +91,7 @@ in
         # Provide a mount point for nixos-install.
         mkdir -p /mnt
 
-        ${optionalString config.installer.cloneConfig ''
+        ${lib.optionalString config.installer.cloneConfig ''
           # Provide a configuration for the CD/DVD itself, to allow users
           # to run nixos-rebuild to change the configuration of the
           # running system on the CD/DVD.

nixos/modules/profiles/hardened.nix

@@ -5,38 +5,34 @@
 # stability. If you experience any stability issues when using the
 # profile, try disabling it. If you report an issue and use this
 # profile, always mention that you do.
-
 { config, lib, pkgs, ... }:
-
-with lib;
-
 {
   meta = {
-    maintainers = [ maintainers.joachifm maintainers.emily ];
+    maintainers = [ lib.maintainers.joachifm lib.maintainers.emily ];
   };
 
-  boot.kernelPackages = mkDefault pkgs.linuxPackages_hardened;
+  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened;
 
-  nix.settings.allowed-users = mkDefault [ "@users" ];
+  nix.settings.allowed-users = lib.mkDefault [ "@users" ];
 
-  environment.memoryAllocator.provider = mkDefault "scudo";
-  environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
+  environment.memoryAllocator.provider = lib.mkDefault "scudo";
+  environment.variables.SCUDO_OPTIONS = lib.mkDefault "ZeroContents=1";
 
-  security.lockKernelModules = mkDefault true;
+  security.lockKernelModules = lib.mkDefault true;
 
-  security.protectKernelImage = mkDefault true;
+  security.protectKernelImage = lib.mkDefault true;
 
-  security.allowSimultaneousMultithreading = mkDefault false;
+  security.allowSimultaneousMultithreading = lib.mkDefault false;
 
-  security.forcePageTableIsolation = mkDefault true;
+  security.forcePageTableIsolation = lib.mkDefault true;
 
   # This is required by podman to run containers in rootless mode.
-  security.unprivilegedUsernsClone = mkDefault config.virtualisation.containers.enable;
+  security.unprivilegedUsernsClone = lib.mkDefault config.virtualisation.containers.enable;
 
-  security.virtualisation.flushL1DataCache = mkDefault "always";
+  security.virtualisation.flushL1DataCache = lib.mkDefault "always";
 
-  security.apparmor.enable = mkDefault true;
-  security.apparmor.killUnconfinedConfinables = mkDefault true;
+  security.apparmor.enable = lib.mkDefault true;
+  security.apparmor.killUnconfinedConfinables = lib.mkDefault true;
 
   boot.kernelParams = [
     # Don't merge slabs
@@ -83,35 +79,35 @@ with lib;
   ];
 
   # Hide kptrs even for processes with CAP_SYSLOG
-  boot.kernel.sysctl."kernel.kptr_restrict" = mkOverride 500 2;
+  boot.kernel.sysctl."kernel.kptr_restrict" = lib.mkOverride 500 2;
 
   # Disable bpf() JIT (to eliminate spray attacks)
-  boot.kernel.sysctl."net.core.bpf_jit_enable" = mkDefault false;
+  boot.kernel.sysctl."net.core.bpf_jit_enable" = lib.mkDefault false;
 
   # Disable ftrace debugging
-  boot.kernel.sysctl."kernel.ftrace_enabled" = mkDefault false;
+  boot.kernel.sysctl."kernel.ftrace_enabled" = lib.mkDefault false;
 
   # Enable strict reverse path filtering (that is, do not attempt to route
   # packets that "obviously" do not belong to the iface's network; dropped
   # packets are logged as martians).
-  boot.kernel.sysctl."net.ipv4.conf.all.log_martians" = mkDefault true;
-  boot.kernel.sysctl."net.ipv4.conf.all.rp_filter" = mkDefault "1";
-  boot.kernel.sysctl."net.ipv4.conf.default.log_martians" = mkDefault true;
-  boot.kernel.sysctl."net.ipv4.conf.default.rp_filter" = mkDefault "1";
+  boot.kernel.sysctl."net.ipv4.conf.all.log_martians" = lib.mkDefault true;
+  boot.kernel.sysctl."net.ipv4.conf.all.rp_filter" = lib.mkDefault "1";
+  boot.kernel.sysctl."net.ipv4.conf.default.log_martians" = lib.mkDefault true;
+  boot.kernel.sysctl."net.ipv4.conf.default.rp_filter" = lib.mkDefault "1";
 
   # Ignore broadcast ICMP (mitigate SMURF)
-  boot.kernel.sysctl."net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault true;
+  boot.kernel.sysctl."net.ipv4.icmp_echo_ignore_broadcasts" = lib.mkDefault true;
 
   # Ignore incoming ICMP redirects (note: default is needed to ensure that the
   # setting is applied to interfaces added after the sysctls are set)
-  boot.kernel.sysctl."net.ipv4.conf.all.accept_redirects" = mkDefault false;
-  boot.kernel.sysctl."net.ipv4.conf.all.secure_redirects" = mkDefault false;
-  boot.kernel.sysctl."net.ipv4.conf.default.accept_redirects" = mkDefault false;
-  boot.kernel.sysctl."net.ipv4.conf.default.secure_redirects" = mkDefault false;
-  boot.kernel.sysctl."net.ipv6.conf.all.accept_redirects" = mkDefault false;
-  boot.kernel.sysctl."net.ipv6.conf.default.accept_redirects" = mkDefault false;
+  boot.kernel.sysctl."net.ipv4.conf.all.accept_redirects" = lib.mkDefault false;
+  boot.kernel.sysctl."net.ipv4.conf.all.secure_redirects" = lib.mkDefault false;
+  boot.kernel.sysctl."net.ipv4.conf.default.accept_redirects" = lib.mkDefault false;
+  boot.kernel.sysctl."net.ipv4.conf.default.secure_redirects" = lib.mkDefault false;
+  boot.kernel.sysctl."net.ipv6.conf.all.accept_redirects" = lib.mkDefault false;
+  boot.kernel.sysctl."net.ipv6.conf.default.accept_redirects" = lib.mkDefault false;
 
   # Ignore outgoing ICMP redirects (this is ipv4 only)
-  boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = mkDefault false;
-  boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = mkDefault false;
+  boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = lib.mkDefault false;
+  boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = lib.mkDefault false;
 }