diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index c710f8dc3ea..602cd5bdd94 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -93,6 +93,11 @@
github = "adolfogc";
name = "Adolfo E. GarcĂa Castro";
};
+ aepsil0n = {
+ email = "eduard.bopp@aepsil0n.de";
+ github = "aepsil0n";
+ name = "Eduard Bopp";
+ };
aespinosa = {
email = "allan.espinosa@outlook.com";
github = "aespinosa";
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index 3d626bf515a..5242444a60b 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -37,7 +37,15 @@ with lib;
(mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ])
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
(mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ])
- (mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "listenAddress" ])
+ (mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ])
+ (mkRenamedOptionModule [ "services" "neo4j" "listenAddress" ] [ "services" "neo4j" "defaultListenAddress" ])
+ (mkRenamedOptionModule [ "services" "neo4j" "enableBolt" ] [ "services" "neo4j" "bolt" "enable" ])
+ (mkRenamedOptionModule [ "services" "neo4j" "enableHttps" ] [ "services" "neo4j" "https" "enable" ])
+ (mkRenamedOptionModule [ "services" "neo4j" "certDir" ] [ "services" "neo4j" "directories" "certificates" ])
+ (mkRenamedOptionModule [ "services" "neo4j" "dataDir" ] [ "services" "neo4j" "directories" "home" ])
+ (mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
+ (mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
+ (mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
(mkRenamedOptionModule [ "services" "shout" "host" ] [ "services" "shout" "listenAddress" ])
(mkRenamedOptionModule [ "services" "sslh" "host" ] [ "services" "sslh" "listenAddress" ])
(mkRenamedOptionModule [ "services" "statsd" "host" ] [ "services" "statsd" "listenAddress" ])
diff --git a/nixos/modules/services/databases/neo4j.nix b/nixos/modules/services/databases/neo4j.nix
index 5015618c424..5533182c311 100644
--- a/nixos/modules/services/databases/neo4j.nix
+++ b/nixos/modules/services/databases/neo4j.nix
@@ -1,32 +1,87 @@
-{ config, lib, pkgs, ... }:
+{ config, options, lib, pkgs, ... }:
with lib;
let
cfg = config.services.neo4j;
+ certDirOpt = options.services.neo4j.directories.certificates;
+ isDefaultPathOption = opt: isOption opt && opt.type == types.path && opt.highestPrio >= 1500;
+
+ sslPolicies = mapAttrsToList (
+ name: conf: ''
+ dbms.ssl.policy.${name}.allow_key_generation=${boolToString conf.allowKeyGeneration}
+ dbms.ssl.policy.${name}.base_directory=${conf.baseDirectory}
+ ${optionalString (conf.ciphers != null) ''
+ dbms.ssl.policy.${name}.ciphers=${concatStringsSep "," conf.ciphers}
+ ''}
+ dbms.ssl.policy.${name}.client_auth=${conf.clientAuth}
+ ${if length (splitString "/" conf.privateKey) > 1 then
+ ''dbms.ssl.policy.${name}.private_key=${conf.privateKey}''
+ else
+ ''dbms.ssl.policy.${name}.private_key=${conf.baseDirectory}/${conf.privateKey}''
+ }
+ ${if length (splitString "/" conf.privateKey) > 1 then
+ ''dbms.ssl.policy.${name}.public_certificate=${conf.publicCertificate}''
+ else
+ ''dbms.ssl.policy.${name}.public_certificate=${conf.baseDirectory}/${conf.publicCertificate}''
+ }
+ dbms.ssl.policy.${name}.revoked_dir=${conf.revokedDir}
+ dbms.ssl.policy.${name}.tls_versions=${concatStringsSep "," conf.tlsVersions}
+ dbms.ssl.policy.${name}.trust_all=${boolToString conf.trustAll}
+ dbms.ssl.policy.${name}.trusted_dir=${conf.trustedDir}
+ ''
+ ) cfg.ssl.policies;
serverConfig = pkgs.writeText "neo4j.conf" ''
- dbms.directories.data=${cfg.dataDir}/data
- dbms.directories.certificates=${cfg.certDir}
- dbms.directories.logs=${cfg.dataDir}/logs
- dbms.directories.plugins=${cfg.dataDir}/plugins
- dbms.connector.http.type=HTTP
- dbms.connector.http.enabled=true
- dbms.connector.http.address=${cfg.listenAddress}:${toString cfg.port}
- ${optionalString cfg.enableBolt ''
- dbms.connector.bolt.type=BOLT
- dbms.connector.bolt.enabled=true
- dbms.connector.bolt.tls_level=OPTIONAL
- dbms.connector.bolt.address=${cfg.listenAddress}:${toString cfg.boltPort}
+ # General
+ dbms.allow_upgrade=${boolToString cfg.allowUpgrade}
+ dbms.connectors.default_listen_address=${cfg.defaultListenAddress}
+ dbms.read_only=${boolToString cfg.readOnly}
+ ${optionalString (cfg.workerCount > 0) ''
+ dbms.threads.worker_count=${toString cfg.workerCount}
''}
- ${optionalString cfg.enableHttps ''
- dbms.connector.https.type=HTTP
- dbms.connector.https.enabled=true
- dbms.connector.https.encryption=TLS
- dbms.connector.https.address=${cfg.listenAddress}:${toString cfg.httpsPort}
+
+ # Directories
+ dbms.directories.certificates=${cfg.directories.certificates}
+ dbms.directories.data=${cfg.directories.data}
+ dbms.directories.logs=${cfg.directories.home}/logs
+ dbms.directories.plugins=${cfg.directories.plugins}
+ ${optionalString (cfg.constrainLoadCsv) ''
+ dbms.directories.import=${cfg.directories.imports}
''}
- dbms.shell.enabled=true
- ${cfg.extraServerConfig}
+
+ # HTTP Connector
+ ${optionalString (cfg.http.enable) ''
+ dbms.connector.http.enabled=${boolToString cfg.http.enable}
+ dbms.connector.http.listen_address=${cfg.http.listenAddress}
+ ''}
+ ${optionalString (!cfg.http.enable) ''
+ # It is not possible to disable the HTTP connector. To fully prevent
+ # clients from connecting to HTTP, block the HTTP port (7474 by default)
+ # via firewall. listen_address is set to the loopback interface to
+ # prevent remote clients from connecting.
+ dbms.connector.http.listen_address=127.0.0.1
+ ''}
+
+ # HTTPS Connector
+ dbms.connector.https.enabled=${boolToString cfg.https.enable}
+ dbms.connector.https.listen_address=${cfg.https.listenAddress}
+ https.ssl_policy=${cfg.https.sslPolicy}
+
+ # BOLT Connector
+ dbms.connector.bolt.enabled=${boolToString cfg.bolt.enable}
+ dbms.connector.bolt.listen_address=${cfg.bolt.listenAddress}
+ bolt.ssl_policy=${cfg.bolt.sslPolicy}
+ dbms.connector.bolt.tls_level=${cfg.bolt.tlsLevel}
+
+ # neo4j-shell
+ dbms.shell.enabled=${boolToString cfg.shell.enable}
+
+ # SSL Policies
+ ${concatStringsSep "\n" sslPolicies}
+
+ # Default retention policy from neo4j.conf
+ dbms.tx_log.rotation.retention_policy=1 days
# Default JVM parameters from neo4j.conf
dbms.jvm.additional=-XX:+UseG1GC
@@ -36,8 +91,14 @@ let
dbms.jvm.additional=-XX:+TrustFinalNonStaticFields
dbms.jvm.additional=-XX:+DisableExplicitGC
dbms.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048
-
+ dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true
dbms.jvm.additional=-Dunsupported.dbms.udc.source=tarball
+
+ # Usage Data Collector
+ dbms.udc.enabled=${boolToString cfg.udc.enable}
+
+ # Extra Configuration
+ ${cfg.extraServerConfig}
'';
in {
@@ -45,105 +106,547 @@ in {
###### interface
options.services.neo4j = {
+
enable = mkOption {
- description = "Whether to enable neo4j.";
- default = false;
type = types.bool;
+ default = false;
+ description = ''
+ Whether to enable Neo4j Community Edition.
+ '';
};
- package = mkOption {
- description = "Neo4j package to use.";
- default = pkgs.neo4j;
- defaultText = "pkgs.neo4j";
- type = types.package;
+ allowUpgrade = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Allow upgrade of Neo4j database files from an older version.
+ '';
};
- listenAddress = mkOption {
- description = "Neo4j listen address.";
- default = "127.0.0.1";
- type = types.str;
- };
-
- port = mkOption {
- description = "Neo4j port to listen for HTTP traffic.";
- default = 7474;
- type = types.int;
- };
-
- enableBolt = mkOption {
- description = "Enable bolt for Neo4j.";
+ constrainLoadCsv = mkOption {
+ type = types.bool;
default = true;
- type = types.bool;
+ description = ''
+ Sets the root directory for file URLs used with the Cypher
+ LOAD CSV clause to be that defined by
+ . It restricts
+ access to only those files within that directory and its
+ subdirectories.
+
+
+ Setting this option to false introduces
+ possible security problems.
+ '';
};
- boltPort = mkOption {
- description = "Neo4j port to listen for BOLT traffic.";
- default = 7687;
- type = types.int;
- };
-
- enableHttps = mkOption {
- description = "Enable https for Neo4j.";
- default = false;
- type = types.bool;
- };
-
- httpsPort = mkOption {
- description = "Neo4j port to listen for HTTPS traffic.";
- default = 7473;
- type = types.int;
- };
-
- certDir = mkOption {
- description = "Neo4j TLS certificates directory.";
- default = "${cfg.dataDir}/certificates";
- type = types.path;
- };
-
- dataDir = mkOption {
- description = "Neo4j data directory.";
- default = "/var/lib/neo4j";
- type = types.path;
+ defaultListenAddress = mkOption {
+ type = types.str;
+ default = "127.0.0.1";
+ description = ''
+ Default network interface to listen for incoming connections. To
+ listen for connections on all interfaces, use "0.0.0.0".
+
+
+ Specifies the default IP address and address part of connector
+ specific options. To bind specific
+ connectors to a specific network interfaces, specify the entire
+ option for that connector.
+ '';
};
extraServerConfig = mkOption {
- description = "Extra configuration for neo4j server.";
- default = "";
type = types.lines;
+ default = "";
+ description = ''
+ Extra configuration for Neo4j Community server. Refer to the
+ complete reference
+ of Neo4j configuration settings.
+ '';
};
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs.neo4j;
+ defaultText = "pkgs.neo4j";
+ description = ''
+ Neo4j package to use.
+ '';
+ };
+
+ readOnly = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Only allow read operations from this Neo4j instance.
+ '';
+ };
+
+ workerCount = mkOption {
+ type = types.ints.between 0 44738;
+ default = 0;
+ description = ''
+ Number of Neo4j worker threads, where the default of
+ 0 indicates a worker count equal to the number of
+ available processors.
+ '';
+ };
+
+ bolt = {
+ enable = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Enable the BOLT connector for Neo4j. Setting this option to
+ false will stop Neo4j from listening for incoming
+ connections on the BOLT port (7687 by default).
+ '';
+ };
+
+ listenAddress = mkOption {
+ type = types.str;
+ default = ":7687";
+ description = ''
+ Neo4j listen address for BOLT traffic. The listen address is
+ expressed in the format <ip-address>:<port-number>.
+ '';
+ };
+
+ sslPolicy = mkOption {
+ type = types.str;
+ default = "legacy";
+ description = ''
+ Neo4j SSL policy for BOLT traffic.
+
+
+ The legacy policy is a special policy which is not defined in
+ the policy configuration section, but rather derives from
+ and
+ associated files (by default: neo4j.key and
+ neo4j.cert). Its use will be deprecated.
+
+
+ Note: This connector must be configured to support/require
+ SSL/TLS for the legacy policy to actually be utilized. See
+ .
+ '';
+ };
+
+ tlsLevel = mkOption {
+ type = types.enum [ "REQUIRED" "OPTIONAL" "DISABLED" ];
+ default = "OPTIONAL";
+ description = ''
+ SSL/TSL requirement level for BOLT traffic.
+ '';
+ };
+ };
+
+ directories = {
+ certificates = mkOption {
+ type = types.path;
+ default = "${cfg.directories.home}/certificates";
+ description = ''
+ Directory for storing certificates to be used by Neo4j for
+ TLS connections.
+
+
+ When setting this directory to something other than its default,
+ ensure the directory's existence, and that read/write permissions are
+ given to the Neo4j daemon user neo4j.
+
+
+ Note that changing this directory from its default will prevent
+ the directory structure required for each SSL policy from being
+ automatically generated. A policy's directory structure as defined by
+ its , and
+ must then be setup manually. The
+ existence of these directories is mandatory, as well as the presence
+ of the certificate file and the private key. Ensure the correct
+ permissions are set on these directories and files.
+ '';
+ };
+
+ data = mkOption {
+ type = types.path;
+ default = "${cfg.directories.home}/data";
+ description = ''
+ Path of the data directory. You must not configure more than one
+ Neo4j installation to use the same data directory.
+
+
+ When setting this directory to something other than its default,
+ ensure the directory's existence, and that read/write permissions are
+ given to the Neo4j daemon user neo4j.
+ '';
+ };
+
+ home = mkOption {
+ type = types.path;
+ default = "/var/lib/neo4j";
+ description = ''
+ Path of the Neo4j home directory. Other default directories are
+ subdirectories of this path. This directory will be created if
+ non-existent, and its ownership will be chown to
+ the Neo4j daemon user neo4j.
+ '';
+ };
+
+ imports = mkOption {
+ type = types.path;
+ default = "${cfg.directories.home}/import";
+ description = ''
+ The root directory for file URLs used with the Cypher
+ LOAD CSV clause. Only meaningful when
+ is set to
+ true.
+
+
+ When setting this directory to something other than its default,
+ ensure the directory's existence, and that read permission is
+ given to the Neo4j daemon user neo4j.
+ '';
+ };
+
+ plugins = mkOption {
+ type = types.path;
+ default = "${cfg.directories.home}/plugins";
+ description = ''
+ Path of the database plugin directory. Compiled Java JAR files that
+ contain database procedures will be loaded if they are placed in
+ this directory.
+
+
+ When setting this directory to something other than its default,
+ ensure the directory's existence, and that read permission is
+ given to the Neo4j daemon user neo4j.
+ '';
+ };
+ };
+
+ http = {
+ enable = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ The HTTP connector is required for Neo4j, and cannot be disabled.
+ Setting this option to false will force the HTTP
+ connector's to the loopback
+ interface to prevent connection of remote clients. To prevent all
+ clients from connecting, block the HTTP port (7474 by default) by
+ firewall.
+ '';
+ };
+
+ listenAddress = mkOption {
+ type = types.str;
+ default = ":7474";
+ description = ''
+ Neo4j listen address for HTTP traffic. The listen address is
+ expressed in the format <ip-address>:<port-number>.
+ '';
+ };
+ };
+
+ https = {
+ enable = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Enable the HTTPS connector for Neo4j. Setting this option to
+ false will stop Neo4j from listening for incoming
+ connections on the HTTPS port (7473 by default).
+ '';
+ };
+
+ listenAddress = mkOption {
+ type = types.str;
+ default = ":7473";
+ description = ''
+ Neo4j listen address for HTTPS traffic. The listen address is
+ expressed in the format <ip-address>:<port-number>.
+ '';
+ };
+
+ sslPolicy = mkOption {
+ type = types.str;
+ default = "legacy";
+ description = ''
+ Neo4j SSL policy for HTTPS traffic.
+
+
+ The legacy policy is a special policy which is not defined in the
+ policy configuration section, but rather derives from
+ and
+ associated files (by default: neo4j.key and
+ neo4j.cert). Its use will be deprecated.
+ '';
+ };
+ };
+
+ shell = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Enable a remote shell server which Neo4j Shell clients can log in to.
+ Only applicable to neo4j-shell.
+ '';
+ };
+ };
+
+ ssl.policies = mkOption {
+ type = with types; attrsOf (submodule ({ name, config, options, ... }: {
+ options = {
+
+ allowKeyGeneration = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Allows the generation of a private key and associated self-signed
+ certificate. Only performed when both objects cannot be found for
+ this policy. It is recommended to turn this off again after keys
+ have been generated.
+
+
+ The public certificate is required to be duplicated to the
+ directory holding trusted certificates as defined by the
+ option.
+
+
+ Keys should in general be generated and distributed offline by a
+ trusted certificate authority and not by utilizing this mode.
+ '';
+ };
+
+ baseDirectory = mkOption {
+ type = types.path;
+ default = "${cfg.directories.certificates}/${name}";
+ description = ''
+ The mandatory base directory for cryptographic objects of this
+ policy. This path is only automatically generated when this
+ option as well as are
+ left at their default. Ensure read/write permissions are given
+ to the Neo4j daemon user neo4j.
+
+
+ It is also possible to override each individual
+ configuration with absolute paths. See the
+ and
+ policy options.
+ '';
+ };
+
+ ciphers = mkOption {
+ type = types.nullOr (types.listOf types.str);
+ default = null;
+ description = ''
+ Restrict the allowed ciphers of this policy to those defined
+ here. The default ciphers are those of the JVM platform.
+ '';
+ };
+
+ clientAuth = mkOption {
+ type = types.enum [ "NONE" "OPTIONAL" "REQUIRE" ];
+ default = "REQUIRE";
+ description = ''
+ The client authentication stance for this policy.
+ '';
+ };
+
+ privateKey = mkOption {
+ type = types.str;
+ default = "private.key";
+ description = ''
+ The name of private PKCS #8 key file for this policy to be found
+ in the , or the absolute path to
+ the key file. It is mandatory that a key can be found or generated.
+ '';
+ };
+
+ publicCertificate = mkOption {
+ type = types.str;
+ default = "public.crt";
+ description = ''
+ The name of public X.509 certificate (chain) file in PEM format
+ for this policy to be found in the ,
+ or the absolute path to the certificate file. It is mandatory
+ that a certificate can be found or generated.
+
+
+ The public certificate is required to be duplicated to the
+ directory holding trusted certificates as defined by the
+ option.
+ '';
+ };
+
+ revokedDir = mkOption {
+ type = types.path;
+ default = "${config.baseDirectory}/revoked";
+ description = ''
+ Path to directory of CRLs (Certificate Revocation Lists) in
+ PEM format. Must be an absolute path. The existence of this
+ directory is mandatory and will need to be created manually when:
+ setting this option to something other than its default; setting
+ either this policy's or
+ to something other than
+ their default. Ensure read/write permissions are given to the
+ Neo4j daemon user neo4j.
+ '';
+ };
+
+ tlsVersions = mkOption {
+ type = types.listOf types.str;
+ default = [ "TLSv1.2" ];
+ description = ''
+ Restrict the TLS protocol versions of this policy to those
+ defined here.
+ '';
+ };
+
+ trustAll = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Makes this policy trust all remote parties. Enabling this is not
+ recommended and the policy's trusted directory will be ignored.
+ Use of this mode is discouraged. It would offer encryption but
+ no security.
+ '';
+ };
+
+ trustedDir = mkOption {
+ type = types.path;
+ default = "${config.baseDirectory}/trusted";
+ description = ''
+ Path to directory of X.509 certificates in PEM format for
+ trusted parties. Must be an absolute path. The existence of this
+ directory is mandatory and will need to be created manually when:
+ setting this option to something other than its default; setting
+ either this policy's or
+ to something other than
+ their default. Ensure read/write permissions are given to the
+ Neo4j daemon user neo4j.
+
+
+ The public certificate as defined by
+ is required to be duplicated
+ to this directory.
+ '';
+ };
+
+ directoriesToCreate = mkOption {
+ type = types.listOf types.path;
+ internal = true;
+ readOnly = true;
+ description = ''
+ Directories of this policy that will be created automatically
+ when the certificates directory is left at its default value.
+ This includes all options of type path that are left at their
+ default value.
+ '';
+ };
+
+ };
+
+ config.directoriesToCreate = optionals
+ (certDirOpt.highestPrio >= 1500 && options.baseDirectory.highestPrio >= 1500)
+ (map (opt: opt.value) (filter isDefaultPathOption (attrValues options)));
+
+ }));
+ default = {};
+ description = ''
+ Defines the SSL policies for use with Neo4j connectors. Each attribute
+ of this set defines a policy, with the attribute name defining the name
+ of the policy and its namespace. Refer to the operations manual section
+ on Neo4j's
+ SSL Framework
+ for further details.
+ '';
+ };
+
+ udc = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Enable the Usage Data Collector which Neo4j uses to collect usage
+ data. Refer to the operations manual section on the
+ Usage Data Collector
+ for more information.
+ '';
+ };
+ };
+
};
###### implementation
- config = mkIf cfg.enable {
- systemd.services.neo4j = {
- description = "Neo4j Daemon";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
- environment = {
- NEO4J_HOME = "${cfg.package}/share/neo4j";
- NEO4J_CONF = "${cfg.dataDir}/conf";
+ config =
+ let
+ # Assertion helpers
+ policyNameList = attrNames cfg.ssl.policies;
+ validPolicyNameList = [ "legacy" ] ++ policyNameList;
+ validPolicyNameString = concatStringsSep ", " validPolicyNameList;
+
+ # Capture various directories left at their default so they can be created.
+ defaultDirectoriesToCreate = map (opt: opt.value) (filter isDefaultPathOption (attrValues options.services.neo4j.directories));
+ policyDirectoriesToCreate = concatMap (pol: pol.directoriesToCreate) (attrValues cfg.ssl.policies);
+ in
+
+ mkIf cfg.enable {
+ assertions = [
+ { assertion = !elem "legacy" policyNameList;
+ message = "The policy 'legacy' is special to Neo4j, and its name is reserved."; }
+ { assertion = elem cfg.bolt.sslPolicy validPolicyNameList;
+ message = "Invalid policy assigned: `services.neo4j.bolt.sslPolicy = \"${cfg.bolt.sslPolicy}\"`, defined policies are: ${validPolicyNameString}"; }
+ { assertion = elem cfg.https.sslPolicy validPolicyNameList;
+ message = "Invalid policy assigned: `services.neo4j.https.sslPolicy = \"${cfg.https.sslPolicy}\"`, defined policies are: ${validPolicyNameString}"; }
+ ];
+
+ systemd.services.neo4j = {
+ description = "Neo4j Daemon";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ environment = {
+ NEO4J_HOME = "${cfg.package}/share/neo4j";
+ NEO4J_CONF = "${cfg.directories.home}/conf";
+ };
+ serviceConfig = {
+ ExecStart = "${cfg.package}/bin/neo4j console";
+ User = "neo4j";
+ PermissionsStartOnly = true;
+ LimitNOFILE = 40000;
+ };
+
+ preStart = ''
+ # Directories Setup
+ # Always ensure home exists with nested conf, logs directories.
+ mkdir -m 0700 -p ${cfg.directories.home}/{conf,logs}
+
+ # Create other sub-directories and policy directories that have been left at their default.
+ ${concatMapStringsSep "\n" (
+ dir: ''
+ mkdir -m 0700 -p ${dir}
+ '') (defaultDirectoriesToCreate ++ policyDirectoriesToCreate)}
+
+ # Place the configuration where Neo4j can find it.
+ ln -fs ${serverConfig} ${cfg.directories.home}/conf/neo4j.conf
+
+ # Ensure neo4j user ownership
+ chown -R neo4j ${cfg.directories.home}
+ '';
};
- serviceConfig = {
- ExecStart = "${cfg.package}/bin/neo4j console";
- User = "neo4j";
- PermissionsStartOnly = true;
- LimitNOFILE = 40000;
+
+ environment.systemPackages = [ cfg.package ];
+
+ users.users = singleton {
+ name = "neo4j";
+ uid = config.ids.uids.neo4j;
+ description = "Neo4j daemon user";
+ home = cfg.directories.home;
};
- preStart = ''
- mkdir -m 0700 -p ${cfg.dataDir}/{data/graph.db,conf,logs}
- ln -fs ${serverConfig} ${cfg.dataDir}/conf/neo4j.conf
- if [ "$(id -u)" = 0 ]; then chown -R neo4j ${cfg.dataDir}; fi
- '';
};
- environment.systemPackages = [ cfg.package ];
-
- users.users = singleton {
- name = "neo4j";
- uid = config.ids.uids.neo4j;
- description = "Neo4j daemon user";
- home = cfg.dataDir;
- };
+ meta = {
+ maintainers = with lib.maintainers; [ patternspandemic ];
};
}
diff --git a/pkgs/applications/science/math/clp/default.nix b/pkgs/applications/science/math/clp/default.nix
index daa9a53c59a..4899ebe42d7 100644
--- a/pkgs/applications/science/math/clp/default.nix
+++ b/pkgs/applications/science/math/clp/default.nix
@@ -1,24 +1,22 @@
{ stdenv, fetchurl, zlib }:
stdenv.mkDerivation rec {
- version = "1.16.11";
- name = "clp-${version}";
- src = fetchurl {
- url = "https://www.coin-or.org/download/source/Clp/Clp-${version}.tgz";
- sha256 = "0fazlqpp845186nmixa9f1xfxqqkdr1xj4va7q29m8594ca4a9dm";
- };
+ version = "1.16.11";
+ name = "clp-${version}";
+ src = fetchurl {
+ url = "https://www.coin-or.org/download/source/Clp/Clp-${version}.tgz";
+ sha256 = "0fazlqpp845186nmixa9f1xfxqqkdr1xj4va7q29m8594ca4a9dm";
+ };
- propagatedBuildInputs = [ zlib ];
+ propagatedBuildInputs = [ zlib ];
- doCheck = true;
+ doCheck = true;
- checkTarget = "test";
-
- meta = {
- license = stdenv.lib.licenses.epl10;
- homepage = https://projects.coin-or.org/Clp;
- description = "An open-source linear programming solver written in C++";
- platforms = stdenv.lib.platforms.all;
- maintainers = [ stdenv.lib.maintainers.vbgl ];
- };
+ meta = {
+ license = stdenv.lib.licenses.epl10;
+ homepage = https://projects.coin-or.org/Clp;
+ description = "An open-source linear programming solver written in C++";
+ platforms = stdenv.lib.platforms.all;
+ maintainers = [ stdenv.lib.maintainers.vbgl ];
+ };
}
diff --git a/pkgs/desktops/gnome-3/apps/gnome-sound-recorder/default.nix b/pkgs/desktops/gnome-3/apps/gnome-sound-recorder/default.nix
new file mode 100644
index 00000000000..60953d99ac2
--- /dev/null
+++ b/pkgs/desktops/gnome-3/apps/gnome-sound-recorder/default.nix
@@ -0,0 +1,35 @@
+{ stdenv, fetchurl, pkgconfig, intltool, gobjectIntrospection, wrapGAppsHook, gjs, glib, gtk3, gdk_pixbuf, gst_all_1, gnome3 }:
+
+let
+ pname = "gnome-sound-recorder";
+ version = "3.28.1";
+in stdenv.mkDerivation rec {
+ name = "${pname}-${version}";
+
+ src = fetchurl {
+ url = "mirror://gnome/sources/${pname}/${gnome3.versionBranch version}/${name}.tar.xz";
+ sha256 = "0y0srj1hvr1waa35p6dj1r1mlgcsscc0i99jni50ijp4zb36fjqy";
+ };
+
+ nativeBuildInputs = [ pkgconfig intltool gobjectIntrospection wrapGAppsHook ];
+ buildInputs = [ gjs glib gtk3 gdk_pixbuf ] ++ (with gst_all_1; [ gstreamer.dev gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad ]);
+
+ # TODO: fix this in gstreamer
+ # TODO: make stdenv.lib.getBin respect outputBin
+ PKG_CONFIG_GSTREAMER_1_0_TOOLSDIR = "${gst_all_1.gstreamer.dev}/bin";
+
+ passthru = {
+ updateScript = gnome3.updateScript {
+ packageName = pname;
+ attrPath = "gnome3.${pname}";
+ };
+ };
+
+ meta = with stdenv.lib; {
+ description = "A simple and modern sound recorder";
+ homepage = https://wiki.gnome.org/Apps/SoundRecorder;
+ license = licenses.gpl2Plus;
+ maintainers = gnome3.maintainers;
+ platforms = platforms.linux;
+ };
+}
diff --git a/pkgs/desktops/gnome-3/default.nix b/pkgs/desktops/gnome-3/default.nix
index 9d62bead40d..b456ff6c95f 100644
--- a/pkgs/desktops/gnome-3/default.nix
+++ b/pkgs/desktops/gnome-3/default.nix
@@ -289,6 +289,8 @@ lib.makeScope pkgs.newScope (self: with self; {
gnome-power-manager = callPackage ./apps/gnome-power-manager { };
+ gnome-sound-recorder = callPackage ./apps/gnome-sound-recorder { };
+
gnome-weather = callPackage ./apps/gnome-weather { };
nautilus-sendto = callPackage ./apps/nautilus-sendto { };
diff --git a/pkgs/development/haskell-modules/configuration-nix.nix b/pkgs/development/haskell-modules/configuration-nix.nix
index 2e3a8e1c867..86494e9323b 100644
--- a/pkgs/development/haskell-modules/configuration-nix.nix
+++ b/pkgs/development/haskell-modules/configuration-nix.nix
@@ -421,16 +421,6 @@ self: super: builtins.intersectAttrs super {
# so disable this on Darwin only
${if pkgs.stdenv.isDarwin then null else "GLUT"} = addPkgconfigDepend (appendPatch super.GLUT ./patches/GLUT.patch) pkgs.freeglut;
- idris = overrideCabal super.idris (drv: {
- # https://github.com/idris-lang/Idris-dev/issues/2499
- librarySystemDepends = (drv.librarySystemDepends or []) ++ [pkgs.gmp];
-
- # tests and build run executable, so need to set LD_LIBRARY_PATH
- preBuild = ''
- export LD_LIBRARY_PATH="$PWD/dist/build:$LD_LIBRARY_PATH"
- '';
- });
-
libsystemd-journal = overrideCabal super.libsystemd-journal (old: {
librarySystemDepends = old.librarySystemDepends or [] ++ [ pkgs.systemd ];
});
diff --git a/pkgs/development/haskell-modules/generic-builder.nix b/pkgs/development/haskell-modules/generic-builder.nix
index d1304c79694..c68d84bdb8a 100644
--- a/pkgs/development/haskell-modules/generic-builder.nix
+++ b/pkgs/development/haskell-modules/generic-builder.nix
@@ -160,6 +160,9 @@ let
"--enable-library-for-ghci" # TODO: Should this be configurable?
] ++ optionals (enableDeadCodeElimination && (stdenv.lib.versionOlder "8.0.1" ghc.version)) [
"--ghc-option=-split-sections"
+ ] ++ optionals dontStrip [
+ "--disable-library-stripping"
+ "--disable-executable-stripping"
] ++ optionals isGhcjs [
"--ghcjs"
] ++ optionals isCross ([
diff --git a/pkgs/development/idris-modules/build-idris-package.nix b/pkgs/development/idris-modules/build-idris-package.nix
index 7168eb2c956..3ed1404fef7 100644
--- a/pkgs/development/idris-modules/build-idris-package.nix
+++ b/pkgs/development/idris-modules/build-idris-package.nix
@@ -20,7 +20,7 @@ let
};
in
stdenv.mkDerivation ({
- name = "${name}-${version}";
+ name = "idris-${name}-${version}";
buildInputs = [ idris-with-packages gmp ] ++ extraBuildInputs;
propagatedBuildInputs = allIdrisDeps;
diff --git a/pkgs/development/interpreters/clojure/default.nix b/pkgs/development/interpreters/clojure/default.nix
index 4843653e5dc..4ea149d1137 100644
--- a/pkgs/development/interpreters/clojure/default.nix
+++ b/pkgs/development/interpreters/clojure/default.nix
@@ -13,7 +13,9 @@ stdenv.mkDerivation rec {
outputs = [ "out" "prefix" ];
- installPhase = ''
+ installPhase = let
+ binPath = stdenv.lib.makeBinPath [ rlwrap jdk ];
+ in ''
mkdir -p $prefix/libexec
cp clojure-tools-${version}.jar $prefix/libexec
cp {,example-}deps.edn $prefix
@@ -21,8 +23,8 @@ stdenv.mkDerivation rec {
substituteInPlace clojure --replace PREFIX $prefix
install -Dt $out/bin clj clojure
- wrapProgram $out/bin/clj --suffix PATH ${rlwrap}/bin
- wrapProgram $out/bin/clojure --suffix PATH ${jdk}/bin
+ wrapProgram $out/bin/clj --prefix PATH : ${binPath}
+ wrapProgram $out/bin/clojure --prefix PATH : ${binPath}
'';
meta = with stdenv.lib; {
diff --git a/pkgs/development/libraries/ffmpeg/generic.nix b/pkgs/development/libraries/ffmpeg/generic.nix
index bc70c5ab237..3d9027db160 100644
--- a/pkgs/development/libraries/ffmpeg/generic.nix
+++ b/pkgs/development/libraries/ffmpeg/generic.nix
@@ -26,7 +26,7 @@
* see `ffmpeg-full' for an ffmpeg build with all features included.
*
* Need fixes to support Darwin:
- * libvpx pulseaudio
+ * pulseaudio
*
* Known issues:
* 0.6 - fails to compile (unresolved) (so far, only disabling a number of
@@ -58,6 +58,8 @@ let
disDarwinOrArmFix = origArg: minVer: fixArg: if ((isDarwin || isAarch32) && reqMin minVer) then fixArg else origArg;
vaapiSupport = reqMin "0.6" && ((isLinux || isFreeBSD) && !isAarch32);
+
+ vpxSupport = reqMin "0.6" && !isAarch32;
in
assert openglSupport -> libGLU_combined != null;
@@ -130,7 +132,7 @@ stdenv.mkDerivation rec {
(ifMinVer "0.6" (enableFeature vaapiSupport "vaapi"))
"--enable-vdpau"
"--enable-libvorbis"
- (disDarwinOrArmFix (ifMinVer "0.6" "--enable-libvpx") "0.6" "--disable-libvpx")
+ (ifMinVer "0.6" (enableFeature vpxSupport "libvpx"))
(ifMinVer "2.4" "--enable-lzma")
(ifMinVer "2.2" (enableFeature openglSupport "opengl"))
(disDarwinOrArmFix (ifMinVer "0.9" "--enable-libpulse") "0.9" "--disable-libpulse")
@@ -159,7 +161,8 @@ stdenv.mkDerivation rec {
bzip2 fontconfig freetype gnutls libiconv lame libass libogg libtheora
libvdpau libvorbis lzma soxr x264 x265 xvidcore zlib libopus
] ++ optional openglSupport libGLU_combined
- ++ optionals (!isDarwin && !isAarch32) [ libvpx libpulseaudio ] # Need to be fixed on Darwin and ARM
+ ++ optional vpxSupport libvpx
+ ++ optionals (!isDarwin && !isAarch32) [ libpulseaudio ] # Need to be fixed on Darwin and ARM
++ optional ((isLinux || isFreeBSD) && !isAarch32) libva
++ optional isLinux alsaLib
++ optionals isDarwin darwinFrameworks
diff --git a/pkgs/development/libraries/libcouchbase/default.nix b/pkgs/development/libraries/libcouchbase/default.nix
index 6531a4cd9ed..347e3218c1d 100644
--- a/pkgs/development/libraries/libcouchbase/default.nix
+++ b/pkgs/development/libraries/libcouchbase/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs = [ libevent openssl ];
- doCheck = (!stdenv.isDarwin);
+ doCheck = !stdenv.isDarwin;
checkPhase = "ctest";
meta = with stdenv.lib; {
diff --git a/pkgs/development/python-modules/parsy/default.nix b/pkgs/development/python-modules/parsy/default.nix
new file mode 100644
index 00000000000..4183f30caad
--- /dev/null
+++ b/pkgs/development/python-modules/parsy/default.nix
@@ -0,0 +1,26 @@
+{ lib, buildPythonPackage, fetchPypi, pythonOlder, pytest }:
+
+buildPythonPackage rec {
+ pname = "parsy";
+ version = "1.2.0";
+
+ src = fetchPypi {
+ inherit pname version;
+ sha256 = "0mdqg07x5ybmbmj55x75gyhfcjrn7ml0cf3z0jwbskx845j31m6x";
+ };
+
+ checkInputs = [ pytest ];
+
+ checkPhase = ''
+ py.test test/
+ '';
+
+ disabled = pythonOlder "3.4";
+
+ meta = with lib; {
+ homepage = https://github.com/python-parsy/parsy;
+ description = "Easy-to-use parser combinators, for parsing in pure Python";
+ license = [ licenses.mit ];
+ maintainers = with maintainers; [ aepsil0n ];
+ };
+}
diff --git a/pkgs/development/tools/build-managers/doit/default.nix b/pkgs/development/tools/build-managers/doit/default.nix
index e6ec8c2a80c..c6ed406840d 100644
--- a/pkgs/development/tools/build-managers/doit/default.nix
+++ b/pkgs/development/tools/build-managers/doit/default.nix
@@ -22,10 +22,10 @@ in python3Packages.buildPythonApplication {
doCheck = false;
checkPhase = "py.test";
- meta = {
+ meta = with stdenv.lib; {
homepage = http://pydoit.org/;
description = "A task management & automation tool";
- license = stdenv.lib.licenses.mit;
+ license = licenses.mit;
longDescription = ''
doit is a modern open-source build-tool written in python
designed to be simple to use and flexible to deal with complex
@@ -33,6 +33,7 @@ in python3Packages.buildPythonApplication {
custom work-flows where there is no out-of-the-box solution
available.
'';
- platforms = stdenv.lib.platforms.all;
+ maintainers = with maintainers; [ pSub ];
+ platforms = platforms.all;
};
}
diff --git a/pkgs/development/tools/vagrant/Gemfile.lock b/pkgs/development/tools/vagrant/Gemfile.lock
index 8991bd9eb54..2a1515fd143 100644
--- a/pkgs/development/tools/vagrant/Gemfile.lock
+++ b/pkgs/development/tools/vagrant/Gemfile.lock
@@ -11,7 +11,7 @@ GIT
PATH
remote: .
specs:
- vagrant (2.1.1)
+ vagrant (2.1.2)
childprocess (~> 0.6.0)
erubis (~> 2.7.0)
hashicorp-checkpoint (~> 0.1.5)
@@ -25,8 +25,6 @@ PATH
rest-client (>= 1.6.0, < 3.0)
ruby_dep (<= 1.3.1)
wdm (~> 0.1.0)
- win32-file (~> 0.8.1)
- win32-file-security (~> 1.0.10)
winrm (~> 2.1)
winrm-elevated (~> 1.1)
winrm-fs (~> 1.0)
@@ -47,8 +45,6 @@ GEM
erubis (2.7.0)
fake_ftp (0.1.1)
ffi (1.9.23)
- ffi-win32-extensions (1.0.3)
- ffi
gssapi (1.2.0)
ffi (>= 1.0.1)
gyoku (1.3.1)
@@ -119,16 +115,6 @@ GEM
addressable (>= 2.3.6)
crack (>= 0.3.2)
hashdiff
- win32-file (0.8.1)
- ffi
- ffi-win32-extensions
- win32-file-stat (>= 1.4.0)
- win32-file-security (1.0.10)
- ffi
- ffi-win32-extensions
- win32-file-stat (1.5.5)
- ffi
- ffi-win32-extensions
winrm (2.2.3)
builder (>= 2.1.2)
erubis (~> 2.7)
@@ -160,4 +146,4 @@ DEPENDENCIES
webmock (~> 2.3.1)
BUNDLED WITH
- 1.14.6
+ 1.16.2
diff --git a/pkgs/development/tools/vagrant/default.nix b/pkgs/development/tools/vagrant/default.nix
index 886706ed30b..fe75c9fd208 100644
--- a/pkgs/development/tools/vagrant/default.nix
+++ b/pkgs/development/tools/vagrant/default.nix
@@ -1,6 +1,10 @@
{ lib, fetchurl, buildRubyGem, bundlerEnv, ruby, libarchive }:
let
+ # NOTE: bumping the version and updating the hash is insufficient;
+ # you must copy a fresh Gemfile.lock from the vagrant source,
+ # and use bundix to generate a new gemset.nix.
+ # Do not change the existing Gemfile.
version = "2.1.2";
url = "https://github.com/hashicorp/vagrant/archive/v${version}.tar.gz";
sha256 = "0fb90v43d30whhyjlgb9mmy93ccbpr01pz97kp5hrg3wfd7703b1";
diff --git a/pkgs/development/tools/vagrant/gemset.nix b/pkgs/development/tools/vagrant/gemset.nix
index 867927cdc24..598f5cc6723 100644
--- a/pkgs/development/tools/vagrant/gemset.nix
+++ b/pkgs/development/tools/vagrant/gemset.nix
@@ -75,15 +75,6 @@
};
version = "1.9.23";
};
- ffi-win32-extensions = {
- dependencies = ["ffi"];
- source = {
- remotes = ["https://rubygems.org"];
- sha256 = "1ywkkbr3bpi2ais2jr8yrsqwwrm48jg262anmdkcb9if95vajx7l";
- type = "gem";
- };
- version = "1.0.3";
- };
gssapi = {
dependencies = ["ffi"];
source = {
@@ -406,7 +397,7 @@
version = "0.0.7.5";
};
vagrant = {
- dependencies = ["childprocess" "erubis" "hashicorp-checkpoint" "i18n" "listen" "log4r" "net-scp" "net-sftp" "net-ssh" "rb-kqueue" "rest-client" "ruby_dep" "wdm" "win32-file" "win32-file-security" "winrm" "winrm-elevated" "winrm-fs"];
+ dependencies = ["childprocess" "erubis" "hashicorp-checkpoint" "i18n" "listen" "log4r" "net-scp" "net-sftp" "net-ssh" "rb-kqueue" "rest-client" "ruby_dep" "wdm" "winrm" "winrm-elevated" "winrm-fs"];
};
vagrant-spec = {
dependencies = ["childprocess" "log4r" "rspec" "thor"];
@@ -436,33 +427,6 @@
};
version = "2.3.2";
};
- win32-file = {
- dependencies = ["ffi" "ffi-win32-extensions" "win32-file-stat"];
- source = {
- remotes = ["https://rubygems.org"];
- sha256 = "0mjylzv4bbnxyjqf7hnd9ghcs5xr2sv8chnmkqdi2cc6pya2xax0";
- type = "gem";
- };
- version = "0.8.1";
- };
- win32-file-security = {
- dependencies = ["ffi" "ffi-win32-extensions"];
- source = {
- remotes = ["https://rubygems.org"];
- sha256 = "0lpq821a1hrxmm0ki5c34wijzhn77g4ny76v698ixwg853y2ir9r";
- type = "gem";
- };
- version = "1.0.10";
- };
- win32-file-stat = {
- dependencies = ["ffi" "ffi-win32-extensions"];
- source = {
- remotes = ["https://rubygems.org"];
- sha256 = "0lc3yajcb8xxabvj9qian938k60ixydvs3ixl5fldi0nlvnvk468";
- type = "gem";
- };
- version = "1.5.5";
- };
winrm = {
dependencies = ["builder" "erubis" "gssapi" "gyoku" "httpclient" "logging" "nori" "rubyntlm"];
source = {
diff --git a/pkgs/tools/admin/aws-rotate-key/default.nix b/pkgs/tools/admin/aws-rotate-key/default.nix
new file mode 100644
index 00000000000..cffb67e7d6c
--- /dev/null
+++ b/pkgs/tools/admin/aws-rotate-key/default.nix
@@ -0,0 +1,25 @@
+{ stdenv, buildGoPackage, fetchFromGitHub }:
+
+buildGoPackage rec {
+ name = "aws-rotate-key-${version}";
+ version = "1.0.0";
+
+ goPackagePath = "github.com/Fullscreen/aws-rotate-key";
+
+ src = fetchFromGitHub {
+ rev = "v${version}";
+ owner = "Fullscreen";
+ repo = "aws-rotate-key";
+ sha256 = "13q7rns65cj8b4i0s75dbswijpra9z74b462zribwfjdm29by5k1";
+ };
+
+ goDeps = ./deps.nix;
+
+ meta = with stdenv.lib; {
+ description = "Easily rotate your AWS key";
+ homepage = https://github.com/Fullscreen/aws-rotate-key;
+ license = licenses.mit;
+ maintainers = [maintainers.mbode];
+ platforms = platforms.unix;
+ };
+}
diff --git a/pkgs/tools/admin/aws-rotate-key/deps.nix b/pkgs/tools/admin/aws-rotate-key/deps.nix
new file mode 100644
index 00000000000..680a18e7e2d
--- /dev/null
+++ b/pkgs/tools/admin/aws-rotate-key/deps.nix
@@ -0,0 +1,29 @@
+[
+ {
+ goPackagePath = "github.com/go-ini/ini";
+ fetch = {
+ type = "git";
+ url = "https://github.com/go-ini/ini";
+ rev = "af26abd521cd7697481572fdbc4a53cbea3dde1b";
+ sha256 = "1yribbqy9i4i70dfg3yrjhkn3n0fywpr3kismn2mvi882mm01pxz";
+ };
+ }
+ {
+ goPackagePath = "github.com/jmespath/go-jmespath";
+ fetch = {
+ type = "git";
+ url = "https://github.com/jmespath/go-jmespath";
+ rev = "c2b33e8439af944379acbdd9c3a5fe0bc44bd8a5";
+ sha256 = "1r6w7ydx8ydryxk3sfhzsk8m6f1nsik9jg3i1zhi69v4kfl4d5cz";
+ };
+ }
+ {
+ goPackagePath = "github.com/aws/aws-sdk-go";
+ fetch = {
+ type = "git";
+ url = "https://github.com/aws/aws-sdk-go";
+ rev = "f844700ba2a387dfee7ab3679e7544b5dbd6d394";
+ sha256 = "0s9100bzqj58nnax3dxfgi5qr4rbaa53cb0cj3s58k9jc9z6270m";
+ };
+ }
+]
diff --git a/pkgs/tools/admin/bluemix-cli/default.nix b/pkgs/tools/admin/bluemix-cli/default.nix
index 2c24728fab9..7ae54aab4b9 100644
--- a/pkgs/tools/admin/bluemix-cli/default.nix
+++ b/pkgs/tools/admin/bluemix-cli/default.nix
@@ -2,16 +2,30 @@
stdenv.mkDerivation rec {
name = "bluemix-cli-${version}";
- version = "0.6.6";
+ version = "0.8.0";
- src = fetchurl {
- name = "linux64.tar.gz";
- url = "https://clis.ng.bluemix.net/download/bluemix-cli/${version}/linux64";
- sha256 = "1swjawc4szqrl0wgjcb4na1hbxylaqp2mp53lxsbfbk1db0c3y85";
- };
+ src =
+ if stdenv.system == "i686-linux" then
+ fetchurl {
+ name = "linux32-${version}.tar.gz";
+ url = "https://clis.ng.bluemix.net/download/bluemix-cli/${version}/linux32";
+ sha256 = "1ryngbjlw59x33rfd32bcz49r93a1q1g92jh7xmi9vydgqnzsifh";
+ }
+ else
+ fetchurl {
+ name = "linux64-${version}.tar.gz";
+ url = "https://clis.ng.bluemix.net/download/bluemix-cli/${version}/linux64";
+ sha256 = "056zbaca430ldcn0s86vy40m5abvwpfrmvqybbr6fjwfv9zngywx";
+ }
+ ;
installPhase = ''
- install -m755 -D --target $out/bin bin/bluemix bin/bluemix-analytics bin/cfcli/cf
+ install -m755 -D -t $out/bin bin/ibmcloud bin/ibmcloud-analytics
+ install -m755 -D -t $out/bin/cfcli bin/cfcli/cf
+ ln -sv $out/bin/ibmcloud $out/bin/bx
+ ln -sv $out/bin/ibmcloud $out/bin/bluemix
+ install -D -t "$out/etc/bash_completion.d" bx/bash_autocomplete
+ install -D -t "$out/share/zsh/site-functions" bx/zsh_autocomplete
'';
meta = with lib; {
@@ -19,7 +33,7 @@ stdenv.mkDerivation rec {
homepage = "https://console.bluemix.net/docs/cli/index.html";
downloadPage = "https://console.bluemix.net/docs/cli/reference/bluemix_cli/download_cli.html#download_install";
license = licenses.unfree;
- maintainers = [ maintainers.tazjin ];
- platforms = [ "x86_64-linux" ];
+ maintainers = [ maintainers.tazjin maintainers.jensbin ];
+ platforms = [ "x86_64-linux" "i686-linux" ];
};
}
diff --git a/pkgs/tools/graphics/ibniz/default.nix b/pkgs/tools/graphics/ibniz/default.nix
new file mode 100644
index 00000000000..11fad25b85a
--- /dev/null
+++ b/pkgs/tools/graphics/ibniz/default.nix
@@ -0,0 +1,26 @@
+{ stdenv, fetchurl, SDL }:
+
+stdenv.mkDerivation rec {
+ name = "ibniz-${version}";
+ version = "1.18";
+
+ src = fetchurl {
+ url = "http://www.pelulamu.net/ibniz/${name}.tar.gz";
+ sha256 = "10b4dka8zx7y84m1a58z9j2vly8mz9aw9wn8z9vx9av739j95wp2";
+ };
+
+ buildInputs = [ SDL ];
+
+ installPhase = ''
+ mkdir -p $out/bin
+ cp ibniz $out/bin
+ '';
+
+ meta = with stdenv.lib; {
+ description = "Virtual machine designed for extremely compact low-level audiovisual programs";
+ homepage = "http://www.pelulamu.net/ibniz/";
+ license = licenses.zlib;
+ platforms = platforms.linux;
+ maintainers = [ maintainers.dezgeg ];
+ };
+}
diff --git a/pkgs/tools/misc/mmake/default.nix b/pkgs/tools/misc/mmake/default.nix
index ce8ad76ba82..c6f9f4749b3 100644
--- a/pkgs/tools/misc/mmake/default.nix
+++ b/pkgs/tools/misc/mmake/default.nix
@@ -17,7 +17,13 @@ buildGoPackage rec {
meta = with stdenv.lib; {
homepage = https://github.com/tj/mmake;
- description = "Mmake is a small program which wraps make to provide additional functionality, such as user-friendly help output, remote includes, and eventually more. It otherwise acts as a pass-through to standard make.";
+ description = "A small program which wraps make to provide additional functionality";
+ longDescription = ''
+ Mmake is a small program which wraps make to provide additional
+ functionality, such as user-friendly help output, remote
+ includes, and eventually more. It otherwise acts as a
+ pass-through to standard make.
+ '';
license = licenses.mit;
platforms = platforms.all;
maintainers = [ maintainers.gabesoft ];
diff --git a/pkgs/tools/misc/toilet/default.nix b/pkgs/tools/misc/toilet/default.nix
index 2b240e022d8..10e481b7664 100644
--- a/pkgs/tools/misc/toilet/default.nix
+++ b/pkgs/tools/misc/toilet/default.nix
@@ -12,10 +12,11 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ libcaca ];
- meta = {
+ meta = with stdenv.lib; {
description = "Display large colourful characters in text mode";
homepage = http://caca.zoy.org/wiki/toilet;
- license = stdenv.lib.licenses.wtfpl;
- platforms = stdenv.lib.platforms.all;
+ license = licenses.wtfpl;
+ maintainers = with maintainers; [ pSub ];
+ platforms = platforms.all;
};
}
diff --git a/pkgs/tools/text/aha/default.nix b/pkgs/tools/text/aha/default.nix
index d8c42a0f20d..89319ac492f 100644
--- a/pkgs/tools/text/aha/default.nix
+++ b/pkgs/tools/text/aha/default.nix
@@ -22,6 +22,7 @@ stdenv.mkDerivation rec {
'';
homepage = https://github.com/theZiz/aha;
license = with licenses; [ lgpl2Plus mpl11 ];
+ maintainers = with maintainers; [ pSub ];
platforms = platforms.linux;
};
}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index e815305b539..c1957bd65be 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -555,6 +555,8 @@ with pkgs;
awslogs = callPackage ../tools/admin/awslogs { };
+ aws-rotate-key = callPackage ../tools/admin/aws-rotate-key { };
+
aws_shell = pythonPackages.callPackage ../tools/admin/aws_shell { };
aws-sam-cli = callPackage ../development/tools/aws-sam-cli { };
@@ -3087,6 +3089,8 @@ with pkgs;
iannix = libsForQt5.callPackage ../applications/audio/iannix { };
+ ibniz = callPackage ../tools/graphics/ibniz { };
+
icecast = callPackage ../servers/icecast { };
darkice = callPackage ../tools/audio/darkice { };
@@ -6646,20 +6650,7 @@ with pkgs;
icedtea_web = icedtea8_web;
idrisPackages = callPackage ../development/idris-modules {
-
- idris-no-deps =
- let
- inherit (self.haskell) lib;
- haskellPackages = self.haskellPackages.override {
- overrides = self: super: {
- binary = lib.dontCheck self.binary_0_8_5_1;
- parsers = lib.dontCheck super.parsers;
- semigroupoids = lib.dontCheck super.semigroupoids;
- trifecta = lib.dontCheck super.trifecta;
- };
- };
- in
- haskellPackages.idris;
+ idris-no-deps = haskellPackages.idris;
};
idris = idrisPackages.with-packages [ idrisPackages.base ] ;
@@ -9139,7 +9130,6 @@ with pkgs;
game-music-emu = if stdenv.isDarwin then null else game-music-emu;
libjack2 = if stdenv.isDarwin then null else libjack2;
libmodplug = if stdenv.isDarwin then null else libmodplug;
- libvpx = if stdenv.isDarwin then null else libvpx;
openal = if stdenv.isDarwin then null else openal;
libpulseaudio = if stdenv.isDarwin then null else libpulseaudio;
samba = if stdenv.isDarwin then null else samba;
diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix
index ede0a70b438..e4f63e2347e 100644
--- a/pkgs/top-level/perl-packages.nix
+++ b/pkgs/top-level/perl-packages.nix
@@ -11955,6 +11955,25 @@ let self = _self // overrides; _self = with self; {
};
};
+ PerconaToolkit = buildPerlPackage rec {
+ name = "Percona-Toolkit-3.0.11";
+ src = fetchFromGitHub {
+ owner = "percona";
+ repo = "percona-toolkit";
+ rev = "6e5c5c5e6db0a32c6951c8f798c4547539cdab87";
+ sha256 = "18wxvp7psqrx0zdvg47azrals572hv9fx1s3p0q65s87lnk3q63l";
+ };
+ outputs = [ "out" ];
+ buildInputs = [ DBDmysql DBI DigestMD5 IOSocketSSL TermReadKey TimeHiRes ];
+ meta = {
+ description = ''Collection of advanced command-line tools to perform a variety of MySQL and system tasks.'';
+ homepage = http://www.percona.com/software/percona-toolkit;
+ license = with stdenv.lib.licenses; [ lgpl2 ];
+ platforms = stdenv.lib.platforms.linux;
+ maintainers = with stdenv.lib.maintainers; [ izorkin ];
+ };
+ };
+
Perl5lib = buildPerlPackage rec {
name = "perl5lib-1.02";
src = fetchurl {
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index de4966ec953..43d9f110a75 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -1855,6 +1855,8 @@ in {
'';
};
+ parsy = callPackage ../development/python-modules/parsy { };
+
portpicker = callPackage ../development/python-modules/portpicker { };
pkginfo = callPackage ../development/python-modules/pkginfo { };
diff --git a/pkgs/top-level/release.nix b/pkgs/top-level/release.nix
index 81f0874ca12..5553c4d5265 100644
--- a/pkgs/top-level/release.nix
+++ b/pkgs/top-level/release.nix
@@ -166,6 +166,7 @@ let
} // (mapTestOn ((packagePlatforms pkgs) // rec {
haskell.compiler = packagePlatforms pkgs.haskell.compiler;
haskellPackages = packagePlatforms pkgs.haskellPackages;
+ idrisPackages = packagePlatforms pkgs.idrisPackages;
# Language packages disabled in https://github.com/NixOS/nixpkgs/commit/ccd1029f58a3bb9eca32d81bf3f33cb4be25cc66