Merge staging-next into staging
This commit is contained in:
commit
23e431387b
|
@ -11,11 +11,10 @@
|
|||
- [ ] macOS
|
||||
- [ ] other Linux distributions
|
||||
- [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
|
||||
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nox --run "nox-review wip"`
|
||||
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nix-review --run "nix-review wip"`
|
||||
- [ ] Tested execution of all binary files (usually in `./result/bin/`)
|
||||
- [ ] Determined the impact on package closure size (by running `nix path-info -S` before and after)
|
||||
- [ ] Assured whether relevant documentation is up to date
|
||||
- [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md).
|
||||
|
||||
---
|
||||
|
||||
|
|
|
@ -188,7 +188,7 @@ building Python libraries is `buildPythonPackage`. Let's see how we can build th
|
|||
```nix
|
||||
{ lib, buildPythonPackage, fetchPypi }:
|
||||
|
||||
toolz = buildPythonPackage rec {
|
||||
buildPythonPackage rec {
|
||||
pname = "toolz";
|
||||
version = "0.7.4";
|
||||
|
||||
|
@ -206,7 +206,6 @@ building Python libraries is `buildPythonPackage`. Let's see how we can build th
|
|||
maintainers = with maintainers; [ fridh ];
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
What happens here? The function `buildPythonPackage` is called and as argument
|
||||
|
|
|
@ -189,14 +189,14 @@ $ git rebase --onto nixos-unstable BASEBRANCH FETCH_HEAD <co
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <link xlink:href="https://github.com/madjar/nox">nox</link> tool can
|
||||
be used to review a pull request content in a single command. It doesn't
|
||||
rebase on a channel branch so it might trigger multiple source builds.
|
||||
The <link xlink:href="https://github.com/Mic92/nix-review">nix-review</link>
|
||||
tool can be used to review a pull request content in a single command.
|
||||
<varname>PRNUMBER</varname> should be replaced by the number at the end
|
||||
of the pull request title.
|
||||
of the pull request title. You can also provide the full github pull
|
||||
request url.
|
||||
</para>
|
||||
<screen>
|
||||
$ nix-shell -p nox --run "nox-review -k pr PRNUMBER"
|
||||
$ nix-shell -p nix-review --run "nix-review pr PRNUMBER"
|
||||
</screen>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
|
|
@ -351,26 +351,26 @@ Additional information.
|
|||
</section>
|
||||
|
||||
<section xml:id="submitting-changes-tested-compilation">
|
||||
<title>Tested compilation of all pkgs that depend on this change using <command>nox-review</command></title>
|
||||
<title>Tested compilation of all pkgs that depend on this change using <command>nix-review</command></title>
|
||||
|
||||
<para>
|
||||
If you are updating a package's version, you can use nox to make sure all
|
||||
packages that depend on the updated package still compile correctly. This
|
||||
can be done using the nox utility. The <command>nox-review</command>
|
||||
utility can look for and build all dependencies either based on uncommited
|
||||
changes with the <literal>wip</literal> option or specifying a github pull
|
||||
request number.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
review uncommitted changes:
|
||||
<screen>nix-shell -p nox --run "nox-review wip"</screen>
|
||||
If you are updating a package's version, you can use nix-review to make sure all
|
||||
packages that depend on the updated package still compile correctly.
|
||||
The <command>nix-review</command> utility can look for and build all dependencies
|
||||
either based on uncommited changes with the <literal>wip</literal> option or
|
||||
specifying a github pull request number.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
review changes from pull request number 12345:
|
||||
<screen>nix-shell -p nox --run "nox-review pr 12345"</screen>
|
||||
<screen>nix-shell -p nix-review --run "nix-review pr 12345"</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
review uncommitted changes:
|
||||
<screen>nix-shell -p nix-review --run "nix-review wip"</screen>
|
||||
</para>
|
||||
|
||||
</section>
|
||||
|
||||
<section xml:id="submitting-changes-tested-execution">
|
||||
|
|
|
@ -1588,6 +1588,11 @@
|
|||
github = "fdns";
|
||||
name = "Felipe Espinoza";
|
||||
};
|
||||
ffinkdevs = {
|
||||
email = "fink@h0st.space";
|
||||
github = "ffinkdevs";
|
||||
name = "Fabian Fink";
|
||||
};
|
||||
fgaz = {
|
||||
email = "fgaz@fgaz.me";
|
||||
github = "fgaz";
|
||||
|
@ -1770,6 +1775,11 @@
|
|||
github = "Gerschtli";
|
||||
name = "Tobias Happ";
|
||||
};
|
||||
ggpeti = {
|
||||
email = "ggpeti@gmail.com";
|
||||
github = "ggpeti";
|
||||
name = "Peter Ferenczy";
|
||||
};
|
||||
gilligan = {
|
||||
email = "tobias.pflug@gmail.com";
|
||||
github = "gilligan";
|
||||
|
|
|
@ -6,13 +6,14 @@ debug: generated manual-combined.xml
|
|||
|
||||
manual-combined.xml: generated *.xml **/*.xml
|
||||
rm -f ./manual-combined.xml
|
||||
nix-shell --packages xmloscopy \
|
||||
nix-shell --pure -Q --packages xmloscopy \
|
||||
--run "xmloscopy --docbook5 ./manual.xml ./manual-combined.xml"
|
||||
|
||||
.PHONY: format
|
||||
format:
|
||||
find ../../ -iname '*.xml' -type f -print0 | xargs -0 -I{} -n1 \
|
||||
xmlformat --config-file "../xmlformat.conf" -i {}
|
||||
nix-shell --pure -Q --packages xmlformat \
|
||||
--run "find ../../ -iname '*.xml' -type f -print0 | xargs -0 -I{} -n1 \
|
||||
xmlformat --config-file '../xmlformat.conf' -i {}"
|
||||
|
||||
.PHONY: fix-misc-xml
|
||||
fix-misc-xml:
|
||||
|
|
|
@ -200,8 +200,9 @@ swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
|
|||
<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql_10;
|
||||
</programlisting>
|
||||
The latter option definition changes the default PostgreSQL package used
|
||||
by NixOS’s PostgreSQL service to 10.x. For more information on packages,
|
||||
including how to add new ones, see <xref linkend="sec-custom-packages"/>.
|
||||
by NixOS’s PostgreSQL service to 10.x. For more information on
|
||||
packages, including how to add new ones, see
|
||||
<xref linkend="sec-custom-packages"/>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -4,15 +4,13 @@
|
|||
version="5.0"
|
||||
xml:id="sec-kubernetes">
|
||||
<title>Kubernetes</title>
|
||||
|
||||
<para>
|
||||
The NixOS Kubernetes module is a collective term for a handful of
|
||||
individual submodules implementing the Kubernetes cluster components.
|
||||
The NixOS Kubernetes module is a collective term for a handful of individual
|
||||
submodules implementing the Kubernetes cluster components.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
There are generally two ways of enabling Kubernetes on NixOS.
|
||||
One way is to enable and configure cluster components appropriately by hand:
|
||||
There are generally two ways of enabling Kubernetes on NixOS. One way is to
|
||||
enable and configure cluster components appropriately by hand:
|
||||
<programlisting>
|
||||
services.kubernetes = {
|
||||
apiserver.enable = true;
|
||||
|
@ -33,84 +31,72 @@ services.kubernetes = {
|
|||
<programlisting>
|
||||
<xref linkend="opt-services.kubernetes.roles"/> = [ "node" ];
|
||||
</programlisting>
|
||||
Assigning both the master and node roles is usable if you want a single
|
||||
node Kubernetes cluster for dev or testing purposes:
|
||||
Assigning both the master and node roles is usable if you want a single node
|
||||
Kubernetes cluster for dev or testing purposes:
|
||||
<programlisting>
|
||||
<xref linkend="opt-services.kubernetes.roles"/> = [ "master" "node" ];
|
||||
</programlisting>
|
||||
Note: Assigning either role will also default both
|
||||
<xref linkend="opt-services.kubernetes.flannel.enable"/> and
|
||||
<xref linkend="opt-services.kubernetes.easyCerts"/> to true.
|
||||
This sets up flannel as CNI and activates automatic PKI bootstrapping.
|
||||
<xref linkend="opt-services.kubernetes.easyCerts"/> to true. This sets up
|
||||
flannel as CNI and activates automatic PKI bootstrapping.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
As of kubernetes 1.10.X it has been deprecated to open
|
||||
non-tls-enabled ports on kubernetes components. Thus, from NixOS 19.03 all
|
||||
plain HTTP ports have been disabled by default.
|
||||
While opening insecure ports is still possible, it is recommended not to
|
||||
bind these to other interfaces than loopback.
|
||||
|
||||
To re-enable the insecure port on the apiserver, see options:
|
||||
<xref linkend="opt-services.kubernetes.apiserver.insecurePort"/>
|
||||
and
|
||||
As of kubernetes 1.10.X it has been deprecated to open non-tls-enabled ports
|
||||
on kubernetes components. Thus, from NixOS 19.03 all plain HTTP ports have
|
||||
been disabled by default. While opening insecure ports is still possible, it
|
||||
is recommended not to bind these to other interfaces than loopback. To
|
||||
re-enable the insecure port on the apiserver, see options:
|
||||
<xref linkend="opt-services.kubernetes.apiserver.insecurePort"/> and
|
||||
<xref linkend="opt-services.kubernetes.apiserver.insecureBindAddress"/>
|
||||
</para>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
As of NixOS 19.03, it is mandatory to configure:
|
||||
<xref linkend="opt-services.kubernetes.masterAddress"/>.
|
||||
The masterAddress must be resolveable and routeable by all cluster nodes.
|
||||
In single node clusters, this can be set to <literal>localhost</literal>.
|
||||
<xref linkend="opt-services.kubernetes.masterAddress"/>. The masterAddress
|
||||
must be resolveable and routeable by all cluster nodes. In single node
|
||||
clusters, this can be set to <literal>localhost</literal>.
|
||||
</para>
|
||||
</note>
|
||||
|
||||
<para>
|
||||
Role-based access control (RBAC) authorization mode is enabled by default.
|
||||
This means that anonymous requests to the apiserver secure port will
|
||||
expectedly cause a permission denied error. All cluster components must
|
||||
therefore be configured with x509 certificates for two-way tls communication.
|
||||
The x509 certificate subject section determines the roles and permissions
|
||||
granted by the apiserver to perform clusterwide or namespaced operations.
|
||||
See also:
|
||||
granted by the apiserver to perform clusterwide or namespaced operations. See
|
||||
also:
|
||||
<link
|
||||
xlink:href="https://kubernetes.io/docs/reference/access-authn-authz/rbac/">
|
||||
Using RBAC Authorization</link>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The NixOS kubernetes module provides an option for automatic certificate
|
||||
bootstrapping and configuration,
|
||||
<xref linkend="opt-services.kubernetes.easyCerts"/>.
|
||||
The PKI bootstrapping process involves setting up a certificate authority
|
||||
(CA) daemon (cfssl) on the kubernetes master node. cfssl generates a CA-cert
|
||||
for the cluster, and uses the CA-cert for signing subordinate certs issued to
|
||||
each of the cluster components. Subsequently, the certmgr daemon monitors
|
||||
active certificates and renews them when needed. For single node Kubernetes
|
||||
clusters, setting <xref linkend="opt-services.kubernetes.easyCerts"/> = true
|
||||
is sufficient and no further action is required. For joining extra node
|
||||
machines to an existing cluster on the other hand, establishing initial trust
|
||||
is mandatory.
|
||||
<xref linkend="opt-services.kubernetes.easyCerts"/>. The PKI bootstrapping
|
||||
process involves setting up a certificate authority (CA) daemon (cfssl) on
|
||||
the kubernetes master node. cfssl generates a CA-cert for the cluster, and
|
||||
uses the CA-cert for signing subordinate certs issued to each of the cluster
|
||||
components. Subsequently, the certmgr daemon monitors active certificates and
|
||||
renews them when needed. For single node Kubernetes clusters, setting
|
||||
<xref linkend="opt-services.kubernetes.easyCerts"/> = true is sufficient and
|
||||
no further action is required. For joining extra node machines to an existing
|
||||
cluster on the other hand, establishing initial trust is mandatory.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
To add new nodes to the cluster:
|
||||
On any (non-master) cluster node where
|
||||
To add new nodes to the cluster: On any (non-master) cluster node where
|
||||
<xref linkend="opt-services.kubernetes.easyCerts"/> is enabled, the helper
|
||||
script <literal>nixos-kubernetes-node-join</literal> is available on PATH.
|
||||
Given a token on stdin, it will copy the token to the kubernetes
|
||||
secrets directory and restart the certmgr service. As requested
|
||||
certificates are issued, the script will restart kubernetes cluster
|
||||
components as needed for them to pick up new keypairs.
|
||||
Given a token on stdin, it will copy the token to the kubernetes secrets
|
||||
directory and restart the certmgr service. As requested certificates are
|
||||
issued, the script will restart kubernetes cluster components as needed for
|
||||
them to pick up new keypairs.
|
||||
</para>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
Multi-master (HA) clusters are not supported by the easyCerts module.
|
||||
</para>
|
||||
</note>
|
||||
|
||||
<para>
|
||||
In order to interact with an RBAC-enabled cluster as an administrator, one
|
||||
needs to have cluster-admin privileges. By default, when easyCerts is
|
||||
|
@ -123,5 +109,4 @@ services.kubernetes = {
|
|||
root. Thus, only root on the kubernetes master may obtain cluster-admin
|
||||
rights by means of this file.
|
||||
</para>
|
||||
|
||||
</chapter>
|
||||
|
|
|
@ -5,30 +5,33 @@
|
|||
xml:id="module-services-matrix">
|
||||
<title>Matrix</title>
|
||||
<para>
|
||||
<link xlink:href="https://matrix.org/">Matrix</link>
|
||||
is an open standard for interoperable, decentralised, real-time communication over IP.
|
||||
It can be used to power Instant Messaging, VoIP/WebRTC signalling, Internet of Things communication -
|
||||
or anywhere you need a standard HTTP API for publishing and subscribing to data whilst tracking the conversation history.
|
||||
<link xlink:href="https://matrix.org/">Matrix</link> is an open standard for
|
||||
interoperable, decentralised, real-time communication over IP. It can be used
|
||||
to power Instant Messaging, VoIP/WebRTC signalling, Internet of Things
|
||||
communication - or anywhere you need a standard HTTP API for publishing and
|
||||
subscribing to data whilst tracking the conversation history.
|
||||
</para>
|
||||
<para>
|
||||
This chapter will show you how to set up your own, self-hosted Matrix homeserver using the Synapse reference homeserver,
|
||||
and how to serve your own copy of the Riot web client.
|
||||
See the <link xlink:href="https://matrix.org/docs/projects/try-matrix-now.html">Try Matrix Now!</link>
|
||||
overview page for links to Riot Apps for Android and iOS, desktop clients,
|
||||
as well as bridges to other networks and other projects around Matrix.
|
||||
This chapter will show you how to set up your own, self-hosted Matrix
|
||||
homeserver using the Synapse reference homeserver, and how to serve your own
|
||||
copy of the Riot web client. See the
|
||||
<link xlink:href="https://matrix.org/docs/projects/try-matrix-now.html">Try
|
||||
Matrix Now!</link> overview page for links to Riot Apps for Android and iOS,
|
||||
desktop clients, as well as bridges to other networks and other projects
|
||||
around Matrix.
|
||||
</para>
|
||||
|
||||
<section xml:id="module-services-matrix-synapse">
|
||||
<title>Synapse Homeserver</title>
|
||||
|
||||
<para>
|
||||
<link xlink:href="https://github.com/matrix-org/synapse">Synapse</link>
|
||||
is the reference homeserver implementation of Matrix from the core development team at matrix.org.
|
||||
The following configuration example will set up a synapse server for the <literal>example.org</literal>
|
||||
domain, served from the host <literal>myhostname.example.org</literal>.
|
||||
For more information, please refer to the
|
||||
<link xlink:href="https://github.com/matrix-org/synapse">Synapse</link> is
|
||||
the reference homeserver implementation of Matrix from the core development
|
||||
team at matrix.org. The following configuration example will set up a
|
||||
synapse server for the <literal>example.org</literal> domain, served from
|
||||
the host <literal>myhostname.example.org</literal>. For more information,
|
||||
please refer to the
|
||||
<link xlink:href="https://github.com/matrix-org/synapse#synapse-installation">
|
||||
installation instructions of Synapse
|
||||
</link>.
|
||||
installation instructions of Synapse </link>.
|
||||
<programlisting>
|
||||
let
|
||||
fqdn =
|
||||
|
@ -116,27 +119,28 @@
|
|||
};
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If the <code>A</code> and <code>AAAA</code> DNS records on <literal>example.org</literal>
|
||||
do not point on the same host as the records for <code>myhostname.example.org</code>,
|
||||
you can easily move the <code>/.well-known</code> virtualHost section of the code
|
||||
to the host that is serving <literal>example.org</literal>,
|
||||
while the rest stays on <literal>myhostname.example.org</literal>
|
||||
with no other changes required.
|
||||
This pattern also allows to seamlessly move the homeserver from <literal>myhostname.example.org</literal>
|
||||
to <literal>myotherhost.example.org</literal> by only changing the <code>/.well-known</code> redirection target.
|
||||
If the <code>A</code> and <code>AAAA</code> DNS records on
|
||||
<literal>example.org</literal> do not point on the same host as the records
|
||||
for <code>myhostname.example.org</code>, you can easily move the
|
||||
<code>/.well-known</code> virtualHost section of the code to the host that
|
||||
is serving <literal>example.org</literal>, while the rest stays on
|
||||
<literal>myhostname.example.org</literal> with no other changes required.
|
||||
This pattern also allows to seamlessly move the homeserver from
|
||||
<literal>myhostname.example.org</literal> to
|
||||
<literal>myotherhost.example.org</literal> by only changing the
|
||||
<code>/.well-known</code> redirection target.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you want to run a server with public registration by anybody,
|
||||
you can then enable
|
||||
<option>services.matrix-synapse.enable_registration = true;</option>.
|
||||
Otherwise, or you can generate a registration secret with <command>pwgen -s 64 1</command>
|
||||
and set it with
|
||||
<option>services.matrix-synapse.registration_shared_secret</option>.
|
||||
To create a new user or admin,
|
||||
run the following after you have set the secret and have rebuilt NixOS:
|
||||
|
||||
If you want to run a server with public registration by anybody, you can
|
||||
then enable <option>services.matrix-synapse.enable_registration =
|
||||
true;</option>. Otherwise, or you can generate a registration secret with
|
||||
<command>pwgen -s 64 1</command> and set it with
|
||||
<option>services.matrix-synapse.registration_shared_secret</option>. To
|
||||
create a new user or admin, run the following after you have set the secret
|
||||
and have rebuilt NixOS:
|
||||
<programlisting>
|
||||
$ nix run nixpkgs.matrix-synapse
|
||||
$ register_new_matrix_user -k <your-registration-shared-secret> http://localhost:8008
|
||||
|
@ -147,30 +151,31 @@
|
|||
Success!
|
||||
</programlisting>
|
||||
In the example, this would create a user with the Matrix Identifier
|
||||
<literal>@your-username:example.org</literal>.
|
||||
Note that the registration secret ends up in the nix store and therefore is world-readable
|
||||
by any user on your machine, so it makes sense to only temporarily activate the
|
||||
<option>registration_shared_secret</option> option until a better solution for NixOS is in place.
|
||||
<literal>@your-username:example.org</literal>. Note that the registration
|
||||
secret ends up in the nix store and therefore is world-readable by any user
|
||||
on your machine, so it makes sense to only temporarily activate the
|
||||
<option>registration_shared_secret</option> option until a better solution
|
||||
for NixOS is in place.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section xml:id="module-services-matrix-riot-web">
|
||||
<title>Riot Web Client</title>
|
||||
<para>
|
||||
<link xlink:href="https://github.com/vector-im/riot-web/">Riot Web</link>
|
||||
is the reference web client for Matrix and developed by the core team at matrix.org.
|
||||
The following snippet can be optionally added to the code before to complete the synapse
|
||||
installation with a web client served at
|
||||
<code>https://riot.myhostname.example.org</code> and <code>https://riot.example.org</code>.
|
||||
Alternatively, you can use the hosted copy at
|
||||
<link xlink:href="https://riot.im/app">https://riot.im/app</link>,
|
||||
or use other web clients or native client applications.
|
||||
Due to the <literal>/.well-known</literal> urls set up done above,
|
||||
many clients should fill in the required connection details automatically
|
||||
when you enter your Matrix Identifier.
|
||||
See <link xlink:href="https://matrix.org/docs/projects/try-matrix-now.html">Try Matrix Now!</link>
|
||||
for a list of existing clients and their supported featureset.
|
||||
|
||||
<para>
|
||||
<link xlink:href="https://github.com/vector-im/riot-web/">Riot Web</link> is
|
||||
the reference web client for Matrix and developed by the core team at
|
||||
matrix.org. The following snippet can be optionally added to the code before
|
||||
to complete the synapse installation with a web client served at
|
||||
<code>https://riot.myhostname.example.org</code> and
|
||||
<code>https://riot.example.org</code>. Alternatively, you can use the hosted
|
||||
copy at <link xlink:href="https://riot.im/app">https://riot.im/app</link>,
|
||||
or use other web clients or native client applications. Due to the
|
||||
<literal>/.well-known</literal> urls set up done above, many clients should
|
||||
fill in the required connection details automatically when you enter your
|
||||
Matrix Identifier. See
|
||||
<link xlink:href="https://matrix.org/docs/projects/try-matrix-now.html">Try
|
||||
Matrix Now!</link> for a list of existing clients and their supported
|
||||
featureset.
|
||||
<programlisting>
|
||||
services.nginx.virtualHosts."riot.${fqdn}" = {
|
||||
enableACME = true;
|
||||
|
@ -183,15 +188,16 @@
|
|||
};
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Note that the Riot developers do not recommend running Riot and your Matrix homeserver
|
||||
on the same fully-qualified domain name for security reasons.
|
||||
In the example, this means that you should not reuse the <literal>myhostname.example.org</literal>
|
||||
virtualHost to also serve Riot, but instead serve it on a different subdomain,
|
||||
like <literal>riot.example.org</literal> in the example.
|
||||
See the
|
||||
<link xlink:href="https://github.com/vector-im/riot-web#important-security-note">Riot Important Security Notes</link>
|
||||
for more information on this subject.
|
||||
Note that the Riot developers do not recommend running Riot and your Matrix
|
||||
homeserver on the same fully-qualified domain name for security reasons. In
|
||||
the example, this means that you should not reuse the
|
||||
<literal>myhostname.example.org</literal> virtualHost to also serve Riot,
|
||||
but instead serve it on a different subdomain, like
|
||||
<literal>riot.example.org</literal> in the example. See the
|
||||
<link xlink:href="https://github.com/vector-im/riot-web#important-security-note">Riot
|
||||
Important Security Notes</link> for more information on this subject.
|
||||
</para>
|
||||
</section>
|
||||
</chapter>
|
||||
|
|
|
@ -112,9 +112,8 @@ true
|
|||
$ nixos-option <xref linkend="opt-boot.kernelModules"/>
|
||||
[ "tun" "ipv6" "loop" <replaceable>...</replaceable> ]
|
||||
</screen>
|
||||
Interactive exploration of the configuration is possible using
|
||||
<command>nix repl</command>, a read-eval-print loop for Nix expressions.
|
||||
A typical use:
|
||||
Interactive exploration of the configuration is possible using <command>nix
|
||||
repl</command>, a read-eval-print loop for Nix expressions. A typical use:
|
||||
<screen>
|
||||
$ nix repl '<nixpkgs/nixos>'
|
||||
|
||||
|
@ -128,9 +127,8 @@ nix-repl> map (x: x.hostName) config.<xref linkend="opt-services.httpd.virtualHo
|
|||
|
||||
<para>
|
||||
While abstracting your configuration, you may find it useful to generate
|
||||
modules using code, instead of writing files. The example
|
||||
below would have the same effect as importing a file which sets those
|
||||
options.
|
||||
modules using code, instead of writing files. The example below would have
|
||||
the same effect as importing a file which sets those options.
|
||||
<screen>
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
|
|
|
@ -18,8 +18,8 @@
|
|||
];
|
||||
</programlisting>
|
||||
<para>
|
||||
Even if some of these profiles seem only useful in the context of
|
||||
install media, many are actually intended to be used in real installs.
|
||||
Even if some of these profiles seem only useful in the context of install
|
||||
media, many are actually intended to be used in real installs.
|
||||
</para>
|
||||
<para>
|
||||
What follows is a brief explanation on the purpose and use-case for each
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-profile-all-hardware">
|
||||
<title>All Hardware</title>
|
||||
|
||||
<para>
|
||||
Enables all hardware supported by NixOS: i.e., all firmware is
|
||||
included, and all devices from which one may boot are enabled in the initrd.
|
||||
Its primary use is in the NixOS installation CDs.
|
||||
Enables all hardware supported by NixOS: i.e., all firmware is included, and
|
||||
all devices from which one may boot are enabled in the initrd. Its primary
|
||||
use is in the NixOS installation CDs.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The enabled kernel modules include support for SATA and PATA, SCSI
|
||||
(partially), USB, Firewire (untested), Virtio (QEMU, KVM, etc.), VMware, and
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-profile-base">
|
||||
<title>Base</title>
|
||||
|
||||
<para>
|
||||
Defines the software packages included in the "minimal"
|
||||
installation CD. It installs several utilities useful in a simple recovery or
|
||||
install media, such as a text-mode web browser, and tools for manipulating
|
||||
block devices, networking, hardware diagnostics, and filesystems (with their
|
||||
respective kernel modules).
|
||||
Defines the software packages included in the "minimal" installation CD. It
|
||||
installs several utilities useful in a simple recovery or install media, such
|
||||
as a text-mode web browser, and tools for manipulating block devices,
|
||||
networking, hardware diagnostics, and filesystems (with their respective
|
||||
kernel modules).
|
||||
</para>
|
||||
</section>
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-profile-clone-config">
|
||||
<title>Clone Config</title>
|
||||
|
||||
<para>
|
||||
This profile is used in installer images.
|
||||
It provides an editable configuration.nix that imports all the modules that
|
||||
were also used when creating the image in the first place.
|
||||
As a result it allows users to edit and rebuild the live-system.
|
||||
This profile is used in installer images. It provides an editable
|
||||
configuration.nix that imports all the modules that were also used when
|
||||
creating the image in the first place. As a result it allows users to edit
|
||||
and rebuild the live-system.
|
||||
</para>
|
||||
</section>
|
||||
|
|
|
@ -1,13 +1,15 @@
|
|||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-profile-demo">
|
||||
<title>Demo</title>
|
||||
|
||||
<para>
|
||||
This profile just enables a <systemitem class="username">demo</systemitem> user, with password <literal>demo</literal>, uid <literal>1000</literal>, <systemitem class="groupname">wheel</systemitem>
|
||||
group and <link linkend="opt-services.xserver.displayManager.sddm.autoLogin">
|
||||
autologin in the SDDM display manager</link>.
|
||||
This profile just enables a <systemitem class="username">demo</systemitem>
|
||||
user, with password <literal>demo</literal>, uid <literal>1000</literal>,
|
||||
<systemitem class="groupname">wheel</systemitem> group and
|
||||
<link linkend="opt-services.xserver.displayManager.sddm.autoLogin"> autologin
|
||||
in the SDDM display manager</link>.
|
||||
</para>
|
||||
</section>
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-profile-docker-container">
|
||||
<title>Docker Container</title>
|
||||
|
||||
<para>
|
||||
This is the profile from which the Docker images are generated. It prepares a
|
||||
working system by importing the <link linkend="sec-profile-minimal">Minimal</link> and
|
||||
<link linkend="sec-profile-clone-config">Clone Config</link> profiles, and setting appropriate
|
||||
configuration options that are useful inside a container context, like
|
||||
<xref linkend="opt-boot.isContainer"/>.
|
||||
working system by importing the
|
||||
<link linkend="sec-profile-minimal">Minimal</link> and
|
||||
<link linkend="sec-profile-clone-config">Clone Config</link> profiles, and
|
||||
setting appropriate configuration options that are useful inside a container
|
||||
context, like <xref linkend="opt-boot.isContainer"/>.
|
||||
</para>
|
||||
</section>
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-profile-graphical">
|
||||
<title>Graphical</title>
|
||||
|
||||
<para>
|
||||
Defines a NixOS configuration with the Plasma 5 desktop. It's used by the
|
||||
graphical installation CD.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It sets <xref linkend="opt-services.xserver.enable"/>,
|
||||
<xref linkend="opt-services.xserver.displayManager.sddm.enable"/>,
|
||||
|
|
|
@ -1,21 +1,23 @@
|
|||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-profile-hardened">
|
||||
<title>Hardened</title>
|
||||
|
||||
<para>
|
||||
A profile with most (vanilla) hardening options enabled by default,
|
||||
potentially at the cost of features and performance.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This includes a hardened kernel, and limiting the system information
|
||||
available to processes through the <filename>/sys</filename> and
|
||||
<filename>/proc</filename> filesystems. It also disables the User Namespaces
|
||||
feature of the kernel, which stops Nix from being able to build anything
|
||||
(this particular setting can be overriden via
|
||||
<xref linkend="opt-security.allowUserNamespaces"/>). See the <literal
|
||||
<xref linkend="opt-security.allowUserNamespaces"/>). See the
|
||||
<literal
|
||||
xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix">
|
||||
profile source</literal> for further detail on which settings are altered.
|
||||
</para>
|
||||
|
|
|
@ -1,18 +1,19 @@
|
|||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-profile-headless">
|
||||
<title>Headless</title>
|
||||
|
||||
<para>
|
||||
Common configuration for headless machines (e.g., Amazon EC2 instances).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Disables <link linkend="opt-sound.enable">sound</link>,
|
||||
<link linkend="opt-boot.vesa">vesa</link>, serial consoles,
|
||||
<link linkend="opt-systemd.enableEmergencyMode">emergency mode</link>,
|
||||
<link linkend="opt-boot.loader.grub.splashImage">grub splash images</link> and
|
||||
configures the kernel to reboot automatically on panic.
|
||||
<link linkend="opt-boot.loader.grub.splashImage">grub splash images</link>
|
||||
and configures the kernel to reboot automatically on panic.
|
||||
</para>
|
||||
</section>
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-profile-installation-device">
|
||||
<title>Installation Device</title>
|
||||
|
||||
<para>
|
||||
Provides a basic configuration for installation devices like CDs. This means
|
||||
enabling hardware scans, using the <link linkend="sec-profile-clone-config">
|
||||
|
@ -13,6 +13,7 @@
|
|||
<command>nixos-rebuild</command> to work), a copy of the Nixpkgs channel
|
||||
snapshot used to create the install media.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Additionally, documentation for <link linkend="opt-documentation.enable">
|
||||
Nixpkgs</link> and <link linkend="opt-documentation.nixos.enable">NixOS
|
||||
|
@ -21,11 +22,13 @@
|
|||
NixOS manual is shown automatically on TTY 8, sudo and udisks are disabled.
|
||||
Autologin is enabled as root.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A message is shown to the user to start a display manager if needed,
|
||||
ssh with <xref linkend="opt-services.openssh.permitRootLogin"/> are enabled (but
|
||||
A message is shown to the user to start a display manager if needed, ssh with
|
||||
<xref linkend="opt-services.openssh.permitRootLogin"/> are enabled (but
|
||||
doesn't autostart). WPA Supplicant is also enabled without autostart.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Finally, vim is installed, root is set to not have a password, the kernel is
|
||||
made more silent for remote public IP installs, and several settings are
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-profile-minimal">
|
||||
<title>Minimal</title>
|
||||
|
||||
<para>
|
||||
This profile defines a small NixOS configuration. It does not contain any
|
||||
graphical stuff. It's a very short file that enables
|
||||
<link linkend="opt-environment.noXlibs">noXlibs</link>, sets
|
||||
<link linkend="opt-i18n.supportedLocales">i18n.supportedLocales</link>
|
||||
to only support the user-selected locale,
|
||||
<link linkend="opt-i18n.supportedLocales">i18n.supportedLocales</link> to
|
||||
only support the user-selected locale,
|
||||
<link linkend="opt-documentation.enable">disables packages' documentation
|
||||
</link>, and <link linkend="opt-sound.enable">disables sound</link>.
|
||||
</para>
|
||||
|
|
|
@ -4,10 +4,12 @@
|
|||
version="5.0"
|
||||
xml:id="sec-profile-qemu-guest">
|
||||
<title>QEMU Guest</title>
|
||||
|
||||
<para>
|
||||
This profile contains common configuration for virtual machines running under
|
||||
QEMU (using virtio).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It makes virtio modules available on the initrd, sets the system time from
|
||||
the hardware clock to work around a bug in qemu-kvm, and
|
||||
|
|
|
@ -28,11 +28,9 @@
|
|||
Be aware that keys will be written to the nix store in plaintext! When no
|
||||
networks are set, it will default to using a configuration file at
|
||||
<literal>/etc/wpa_supplicant.conf</literal>. You should edit this file
|
||||
yourself to define wireless networks, WPA keys and so on (see
|
||||
<citerefentry>
|
||||
yourself to define wireless networks, WPA keys and so on (see <citerefentry>
|
||||
<refentrytitle>wpa_supplicant.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</citerefentry>).
|
||||
<manvolnum>5</manvolnum> </citerefentry>).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
|
|
@ -35,8 +35,8 @@
|
|||
</para>
|
||||
<para>
|
||||
NixOS’s default <emphasis>display manager</emphasis> (the program that
|
||||
provides a graphical login prompt and manages the X server) is LightDM. You can
|
||||
select an alternative one by picking one of the following lines:
|
||||
provides a graphical login prompt and manages the X server) is LightDM. You
|
||||
can select an alternative one by picking one of the following lines:
|
||||
<programlisting>
|
||||
<xref linkend="opt-services.xserver.displayManager.sddm.enable"/> = true;
|
||||
<xref linkend="opt-services.xserver.displayManager.slim.enable"/> = true;
|
||||
|
@ -59,9 +59,16 @@
|
|||
<screen>
|
||||
# systemctl start display-manager.service
|
||||
</screen>
|
||||
</para>
|
||||
<para>
|
||||
On 64-bit systems, if you want OpenGL for 32-bit programs such as in Wine,
|
||||
you should also set the following:
|
||||
<programlisting>
|
||||
<xref linkend="opt-hardware.opengl.driSupport32Bit"/> = true;
|
||||
</programlisting>
|
||||
</para>
|
||||
<simplesect xml:id="sec-x11-graphics-cards-nvidia">
|
||||
<title>NVIDIA Graphics Cards</title>
|
||||
<title>Proprietary NVIDIA drivers</title>
|
||||
<para>
|
||||
NVIDIA provides a proprietary driver for its graphics cards that has better
|
||||
3D performance than the X.org drivers. It is not enabled by default because
|
||||
|
@ -71,6 +78,7 @@
|
|||
</programlisting>
|
||||
Or if you have an older card, you may have to use one of the legacy drivers:
|
||||
<programlisting>
|
||||
<xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy390" ];
|
||||
<xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy340" ];
|
||||
<xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy304" ];
|
||||
<xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy173" ];
|
||||
|
@ -78,16 +86,9 @@
|
|||
You may need to reboot after enabling this driver to prevent a clash with
|
||||
other kernel modules.
|
||||
</para>
|
||||
<para>
|
||||
On 64-bit systems, if you want full acceleration for 32-bit programs such as
|
||||
Wine, you should also set the following:
|
||||
<programlisting>
|
||||
<xref linkend="opt-hardware.opengl.driSupport32Bit"/> = true;
|
||||
</programlisting>
|
||||
</para>
|
||||
</simplesect>
|
||||
<simplesect xml:id="sec-x11--graphics-cards-amd">
|
||||
<title>AMD Graphics Cards</title>
|
||||
<title>Proprietary AMD drivers</title>
|
||||
<para>
|
||||
AMD provides a proprietary driver for its graphics cards that has better 3D
|
||||
performance than the X.org drivers. It is not enabled by default because
|
||||
|
@ -99,11 +100,8 @@
|
|||
other kernel modules.
|
||||
</para>
|
||||
<para>
|
||||
On 64-bit systems, if you want full acceleration for 32-bit programs such as
|
||||
Wine, you should also set the following:
|
||||
<programlisting>
|
||||
<xref linkend="opt-hardware.opengl.driSupport32Bit"/> = true;
|
||||
</programlisting>
|
||||
Note: for recent AMD GPUs you most likely want to keep either the defaults
|
||||
or <literal>"amdgpu"</literal> (both free).
|
||||
</para>
|
||||
</simplesect>
|
||||
<simplesect xml:id="sec-x11-touchpads">
|
||||
|
|
|
@ -77,10 +77,10 @@
|
|||
Shared folders can be given a name and a path in the host system in the
|
||||
VirtualBox settings (Machine / Settings / Shared Folders, then click on the
|
||||
"Add" icon). Add the following to the
|
||||
<literal>/etc/nixos/configuration.nix</literal> to auto-mount them. If you
|
||||
do not add <literal>"nofail"</literal>, the system will no boot properly.
|
||||
The same goes for disabling <literal>rngd</literal> which is normally used
|
||||
to get randomness but this does not work in virtual machines.
|
||||
<literal>/etc/nixos/configuration.nix</literal> to auto-mount them. If you do
|
||||
not add <literal>"nofail"</literal>, the system will no boot properly. The
|
||||
same goes for disabling <literal>rngd</literal> which is normally used to get
|
||||
randomness but this does not work in virtual machines.
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
|
|
|
@ -70,9 +70,9 @@
|
|||
<arg>
|
||||
<option>--rollback</option>
|
||||
</arg>
|
||||
|
||||
<arg>
|
||||
<option>--builders</option>
|
||||
<replaceable>builder-spec</replaceable>
|
||||
<option>--builders</option> <replaceable>builder-spec</replaceable>
|
||||
</arg>
|
||||
<sbr />
|
||||
<arg>
|
||||
|
@ -335,22 +335,20 @@ $ ./result/bin/run-*-vm
|
|||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--builders</option>
|
||||
<replaceable>builder-spec</replaceable>
|
||||
<option>--builders</option> <replaceable>builder-spec</replaceable>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Allow ad-hoc remote builders for building the new system.
|
||||
This requires the user executing <command>nixos-rebuild</command> (usually
|
||||
root) to be configured as a trusted user in the Nix daemon. This can be
|
||||
achieved by using the <literal>nix.trustedUsers</literal> NixOS option.
|
||||
Examples values for that option are described in the
|
||||
<literal>Remote builds chapter</literal> in the Nix manual,
|
||||
(i.e. <command>--builders "ssh://bigbrother x86_64-linux"</command>).
|
||||
By specifying an empty string existing builders specified in
|
||||
<filename>/etc/nix/machines</filename> can be ignored:
|
||||
<command>--builders ""</command> for example when they are not
|
||||
reachable due to network connectivity.
|
||||
Allow ad-hoc remote builders for building the new system. This requires
|
||||
the user executing <command>nixos-rebuild</command> (usually root) to be
|
||||
configured as a trusted user in the Nix daemon. This can be achieved by
|
||||
using the <literal>nix.trustedUsers</literal> NixOS option. Examples
|
||||
values for that option are described in the <literal>Remote builds
|
||||
chapter</literal> in the Nix manual, (i.e. <command>--builders
|
||||
"ssh://bigbrother x86_64-linux"</command>). By specifying an empty string
|
||||
existing builders specified in <filename>/etc/nix/machines</filename> can
|
||||
be ignored: <command>--builders ""</command> for example when they are
|
||||
not reachable due to network connectivity.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -639,7 +639,8 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Groups <literal>kvm</literal> and <literal>render</literal> are introduced now, as systemd requires them.
|
||||
Groups <literal>kvm</literal> and <literal>render</literal> are introduced
|
||||
now, as systemd requires them.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
|
|
@ -20,25 +20,27 @@
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
The default Python 3 interpreter is now CPython 3.7 instead of CPython 3.6.
|
||||
The default Python 3 interpreter is now CPython 3.7 instead of CPython
|
||||
3.6.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Added the Pantheon desktop environment.
|
||||
It can be enabled through <varname>services.xserver.desktopManager.pantheon.enable</varname>.
|
||||
Added the Pantheon desktop environment. It can be enabled through
|
||||
<varname>services.xserver.desktopManager.pantheon.enable</varname>.
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
<varname>services.xserver.desktopManager.pantheon</varname> default enables lightdm
|
||||
as a display manager and using Pantheon's greeter.
|
||||
<varname>services.xserver.desktopManager.pantheon</varname> default
|
||||
enables lightdm as a display manager and using Pantheon's greeter.
|
||||
</para>
|
||||
<para>
|
||||
This is because of limitations with the screenlocking implementation, whereas the
|
||||
screenlocker would be non-functional without it.
|
||||
This is because of limitations with the screenlocking implementation,
|
||||
whereas the screenlocker would be non-functional without it.
|
||||
</para>
|
||||
<para>
|
||||
Because of that it is recommended to retain this precaution, however if you'd like to change this set:
|
||||
Because of that it is recommended to retain this precaution, however if
|
||||
you'd like to change this set:
|
||||
</para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
|
@ -52,7 +54,9 @@
|
|||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
<para>to <literal>false</literal> and enable your preferred display manager.</para>
|
||||
<para>
|
||||
to <literal>false</literal> and enable your preferred display manager.
|
||||
</para>
|
||||
</note>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -60,8 +64,8 @@
|
|||
A major refactoring of the Kubernetes module has been completed.
|
||||
Refactorings primarily focus on decoupling components and enhancing
|
||||
security. Two-way TLS and RBAC has been enabled by default for all
|
||||
components, which slightly changes the way the module is configured.
|
||||
See: <xref linkend="sec-kubernetes"/> for details.
|
||||
components, which slightly changes the way the module is configured. See:
|
||||
<xref linkend="sec-kubernetes"/> for details.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -87,10 +91,11 @@
|
|||
<listitem>
|
||||
<para>
|
||||
There is a new <varname>security.googleOsLogin</varname> module for using
|
||||
<link xlink:href="https://cloud.google.com/compute/docs/instances/managing-instance-access">OS Login</link>
|
||||
to manage SSH access to Google Compute Engine instances, which supersedes
|
||||
the imperative and broken <literal>google-accounts-daemon</literal> used
|
||||
in <literal>nixos/modules/virtualisation/google-compute-config.nix</literal>.
|
||||
<link xlink:href="https://cloud.google.com/compute/docs/instances/managing-instance-access">OS
|
||||
Login</link> to manage SSH access to Google Compute Engine instances,
|
||||
which supersedes the imperative and broken
|
||||
<literal>google-accounts-daemon</literal> used in
|
||||
<literal>nixos/modules/virtualisation/google-compute-config.nix</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -101,8 +106,9 @@
|
|||
<listitem>
|
||||
<para>
|
||||
There is a new <varname>services.cockroachdb</varname> module for running
|
||||
CockroachDB databases. NixOS now ships with CockroachDB 2.1.x as well, available
|
||||
on <literal>x86_64-linux</literal> and <literal>aarch64-linux</literal>.
|
||||
CockroachDB databases. NixOS now ships with CockroachDB 2.1.x as well,
|
||||
available on <literal>x86_64-linux</literal> and
|
||||
<literal>aarch64-linux</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -116,9 +122,9 @@
|
|||
<listitem>
|
||||
<para>
|
||||
The <link xlink:href="https://duo.com/docs/duounix">PAM module for Duo
|
||||
Security</link> has been enabled for use. One can configure it using
|
||||
the <option>security.duosec</option> options along with the
|
||||
corresponding PAM option in
|
||||
Security</link> has been enabled for use. One can configure it using the
|
||||
<option>security.duosec</option> options along with the corresponding PAM
|
||||
option in
|
||||
<option>security.pam.services.<name?>.duoSecurity.enable</option>.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -184,16 +190,18 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <varname>buildPythonPackage</varname> function now sets <varname>strictDeps = true</varname>
|
||||
to help distinguish between native and non-native dependencies in order to
|
||||
improve cross-compilation compatibility. Note however that this may break
|
||||
user expressions.
|
||||
The <varname>buildPythonPackage</varname> function now sets
|
||||
<varname>strictDeps = true</varname> to help distinguish between native
|
||||
and non-native dependencies in order to improve cross-compilation
|
||||
compatibility. Note however that this may break user expressions.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <varname>buildPythonPackage</varname> function now sets <varname>LANG = C.UTF-8</varname>
|
||||
to enable Unicode support. The <varname>glibcLocales</varname> package is no longer needed as a build input.
|
||||
The <varname>buildPythonPackage</varname> function now sets <varname>LANG
|
||||
= C.UTF-8</varname> to enable Unicode support. The
|
||||
<varname>glibcLocales</varname> package is no longer needed as a build
|
||||
input.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -201,19 +209,18 @@
|
|||
The Syncthing state and configuration data has been moved from
|
||||
<varname>services.syncthing.dataDir</varname> to the newly defined
|
||||
<varname>services.syncthing.configDir</varname>, which default to
|
||||
<literal>/var/lib/syncthing/.config/syncthing</literal>.
|
||||
This change makes possible to share synced directories using ACLs
|
||||
without Syncthing resetting the permission on every start.
|
||||
<literal>/var/lib/syncthing/.config/syncthing</literal>. This change makes
|
||||
possible to share synced directories using ACLs without Syncthing
|
||||
resetting the permission on every start.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>ntp</literal> module now has sane default restrictions.
|
||||
If you're relying on the previous defaults, which permitted all queries
|
||||
and commands from all firewall-permitted sources, you can set
|
||||
The <literal>ntp</literal> module now has sane default restrictions. If
|
||||
you're relying on the previous defaults, which permitted all queries and
|
||||
commands from all firewall-permitted sources, you can set
|
||||
<varname>services.ntp.restrictDefault</varname> and
|
||||
<varname>services.ntp.restrictSource</varname> to
|
||||
<literal>[]</literal>.
|
||||
<varname>services.ntp.restrictSource</varname> to <literal>[]</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -242,16 +249,20 @@
|
|||
<listitem>
|
||||
<para>
|
||||
Options
|
||||
<literal>services.znc.confOptions.networks.<replaceable>name</replaceable>.userName</literal> and
|
||||
<literal>services.znc.confOptions.networks.<replaceable>name</replaceable>.userName</literal>
|
||||
and
|
||||
<literal>services.znc.confOptions.networks.<replaceable>name</replaceable>.modulePackages</literal>
|
||||
were removed. They were never used for anything and can therefore safely be removed.
|
||||
were removed. They were never used for anything and can therefore safely
|
||||
be removed.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Package <literal>wasm</literal> has been renamed <literal>proglodyte-wasm</literal>. The package
|
||||
<literal>wasm</literal> will be pointed to <literal>ocamlPackages.wasm</literal> in 19.09, so
|
||||
make sure to update your configuration if you want to keep <literal>proglodyte-wasm</literal>
|
||||
Package <literal>wasm</literal> has been renamed
|
||||
<literal>proglodyte-wasm</literal>. The package <literal>wasm</literal>
|
||||
will be pointed to <literal>ocamlPackages.wasm</literal> in 19.09, so make
|
||||
sure to update your configuration if you want to keep
|
||||
<literal>proglodyte-wasm</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -279,37 +290,41 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Package <literal>consul-ui</literal> and passthrough <literal>consul.ui</literal> have been removed.
|
||||
The package <literal>consul</literal> now uses upstream releases that vendor the UI into the binary.
|
||||
See <link xlink:href="https://github.com/NixOS/nixpkgs/pull/48714#issuecomment-433454834">#48714</link>
|
||||
Package <literal>consul-ui</literal> and passthrough
|
||||
<literal>consul.ui</literal> have been removed. The package
|
||||
<literal>consul</literal> now uses upstream releases that vendor the UI
|
||||
into the binary. See
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/48714#issuecomment-433454834">#48714</link>
|
||||
for details.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Slurm introduces the new option
|
||||
<literal>services.slurm.stateSaveLocation</literal>,
|
||||
which is now set to <literal>/var/spool/slurm</literal> by default
|
||||
(instead of <literal>/var/spool</literal>).
|
||||
Make sure to move all files to the new directory or to set the option accordingly.
|
||||
<literal>services.slurm.stateSaveLocation</literal>, which is now set to
|
||||
<literal>/var/spool/slurm</literal> by default (instead of
|
||||
<literal>/var/spool</literal>). Make sure to move all files to the new
|
||||
directory or to set the option accordingly.
|
||||
</para>
|
||||
<para>
|
||||
The slurmctld now runs as user <literal>slurm</literal> instead of <literal>root</literal>.
|
||||
If you want to keep slurmctld running as <literal>root</literal>, set
|
||||
<literal>services.slurm.user = root</literal>.
|
||||
The slurmctld now runs as user <literal>slurm</literal> instead of
|
||||
<literal>root</literal>. If you want to keep slurmctld running as
|
||||
<literal>root</literal>, set <literal>services.slurm.user =
|
||||
root</literal>.
|
||||
</para>
|
||||
<para>
|
||||
The options <literal>services.slurm.nodeName</literal> and
|
||||
<literal>services.slurm.partitionName</literal> are now sets of
|
||||
strings to correctly reflect that fact that each of these
|
||||
options can occour more than once in the configuration.
|
||||
<literal>services.slurm.partitionName</literal> are now sets of strings to
|
||||
correctly reflect that fact that each of these options can occour more
|
||||
than once in the configuration.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>solr</literal> package has been upgraded from 4.10.3 to 7.5.0 and has undergone
|
||||
some major changes. The <literal>services.solr</literal> module has been updated to reflect
|
||||
these changes. Please review http://lucene.apache.org/solr/ carefully before upgrading.
|
||||
The <literal>solr</literal> package has been upgraded from 4.10.3 to 7.5.0
|
||||
and has undergone some major changes. The <literal>services.solr</literal>
|
||||
module has been updated to reflect these changes. Please review
|
||||
http://lucene.apache.org/solr/ carefully before upgrading.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -321,21 +336,24 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The option <literal>services.xserver.displayManager.job.logToFile</literal> which was
|
||||
The option
|
||||
<literal>services.xserver.displayManager.job.logToFile</literal> which was
|
||||
previously set to <literal>true</literal> when using the display managers
|
||||
<literal>lightdm</literal>, <literal>sddm</literal> or <literal>xpra</literal> has been
|
||||
reset to the default value (<literal>false</literal>).
|
||||
<literal>lightdm</literal>, <literal>sddm</literal> or
|
||||
<literal>xpra</literal> has been reset to the default value
|
||||
(<literal>false</literal>).
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Network interface indiscriminate NixOS firewall options
|
||||
(<literal>networking.firewall.allow*</literal>) are now preserved when also
|
||||
setting interface specific rules such as <literal>networking.firewall.interfaces.en0.allow*</literal>.
|
||||
These rules continue to use the pseudo device "default"
|
||||
(<literal>networking.firewall.interfaces.default.*</literal>), and assigning
|
||||
to this pseudo device will override the (<literal>networking.firewall.allow*</literal>)
|
||||
options.
|
||||
(<literal>networking.firewall.allow*</literal>) are now preserved when
|
||||
also setting interface specific rules such as
|
||||
<literal>networking.firewall.interfaces.en0.allow*</literal>. These rules
|
||||
continue to use the pseudo device "default"
|
||||
(<literal>networking.firewall.interfaces.default.*</literal>), and
|
||||
assigning to this pseudo device will override the
|
||||
(<literal>networking.firewall.allow*</literal>) options.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
@ -348,18 +366,18 @@
|
|||
<literal>DynamicUser=</literal> in systemd services. This was already the
|
||||
default behaviour in presence of <literal>services.sssd.enable =
|
||||
true</literal> because nscd caching would interfere with
|
||||
<literal>sssd</literal> in unpredictable ways as well. Because we're
|
||||
using nscd not for caching, but for convincing glibc to find NSS modules
|
||||
in the nix store instead of an absolute path, we have decided to disable
|
||||
caching globally now, as it's usually not the behaviour the user wants and
|
||||
can lead to surprising behaviour. Furthermore, negative caching of host
|
||||
<literal>sssd</literal> in unpredictable ways as well. Because we're using
|
||||
nscd not for caching, but for convincing glibc to find NSS modules in the
|
||||
nix store instead of an absolute path, we have decided to disable caching
|
||||
globally now, as it's usually not the behaviour the user wants and can
|
||||
lead to surprising behaviour. Furthermore, negative caching of host
|
||||
lookups is also disabled now by default. This should fix the issue of dns
|
||||
lookups failing in the presence of an unreliable network.
|
||||
</para>
|
||||
<para>
|
||||
If the old behaviour is desired, this can be restored by setting
|
||||
the <literal>services.nscd.config</literal> option
|
||||
with the desired caching parameters.
|
||||
If the old behaviour is desired, this can be restored by setting the
|
||||
<literal>services.nscd.config</literal> option with the desired caching
|
||||
parameters.
|
||||
<programlisting>
|
||||
services.nscd.config =
|
||||
''
|
||||
|
@ -393,7 +411,8 @@
|
|||
shared hosts yes
|
||||
'';
|
||||
</programlisting>
|
||||
See <link xlink:href="https://github.com/NixOS/nixpkgs/pull/50316">#50316</link>
|
||||
See
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/50316">#50316</link>
|
||||
for details.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -416,74 +435,85 @@
|
|||
The <literal>pam_unix</literal> account module is now loaded with its
|
||||
control field set to <literal>required</literal> instead of
|
||||
<literal>sufficient</literal>, so that later PAM account modules that
|
||||
might do more extensive checks are being executed.
|
||||
Previously, the whole account module verification was exited prematurely
|
||||
in case a nss module provided the account name to
|
||||
<literal>pam_unix</literal>.
|
||||
The LDAP and SSSD NixOS modules already add their NSS modules when
|
||||
enabled. In case your setup breaks due to some later PAM account module
|
||||
previosuly shadowed, or failing NSS lookups, please file a bug. You can
|
||||
get back the old behaviour by manually setting
|
||||
<literal><![CDATA[security.pam.services.<name?>.text]]></literal>.
|
||||
might do more extensive checks are being executed. Previously, the whole
|
||||
account module verification was exited prematurely in case a nss module
|
||||
provided the account name to <literal>pam_unix</literal>. The LDAP and
|
||||
SSSD NixOS modules already add their NSS modules when enabled. In case
|
||||
your setup breaks due to some later PAM account module previosuly
|
||||
shadowed, or failing NSS lookups, please file a bug. You can get back the
|
||||
old behaviour by manually setting <literal>
|
||||
<![CDATA[security.pam.services.<name?>.text]]>
|
||||
</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>pam_unix</literal> password module is now loaded with its
|
||||
control field set to <literal>sufficient</literal> instead of
|
||||
<literal>required</literal>, so that password managed only
|
||||
by later PAM password modules are being executed.
|
||||
Previously, for example, changing an LDAP account's password through PAM
|
||||
was not possible: the whole password module verification
|
||||
was exited prematurely by <literal>pam_unix</literal>,
|
||||
preventing <literal>pam_ldap</literal> to manage the password as it should.
|
||||
<literal>required</literal>, so that password managed only by later PAM
|
||||
password modules are being executed. Previously, for example, changing an
|
||||
LDAP account's password through PAM was not possible: the whole password
|
||||
module verification was exited prematurely by <literal>pam_unix</literal>,
|
||||
preventing <literal>pam_ldap</literal> to manage the password as it
|
||||
should.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>fish</literal> has been upgraded to 3.0.
|
||||
It comes with a number of improvements and backwards incompatible changes.
|
||||
See the <literal>fish</literal> <link xlink:href="https://github.com/fish-shell/fish-shell/releases/tag/3.0.0">release notes</link> for more information.
|
||||
<literal>fish</literal> has been upgraded to 3.0. It comes with a number
|
||||
of improvements and backwards incompatible changes. See the
|
||||
<literal>fish</literal>
|
||||
<link xlink:href="https://github.com/fish-shell/fish-shell/releases/tag/3.0.0">release
|
||||
notes</link> for more information.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The ibus-table input method has had a change in config format, which
|
||||
causes all previous settings to be lost. See
|
||||
<link xlink:href="https://github.com/mike-fabian/ibus-table/commit/f9195f877c5212fef0dfa446acb328c45ba5852b">this commit message</link>
|
||||
for details.
|
||||
<link xlink:href="https://github.com/mike-fabian/ibus-table/commit/f9195f877c5212fef0dfa446acb328c45ba5852b">this
|
||||
commit message</link> for details.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
NixOS module system type <literal>types.optionSet</literal> and
|
||||
<literal>lib.mkOption</literal> argument <literal>options</literal> are deprecated.
|
||||
Use <literal>types.submodule</literal> instead.
|
||||
<literal>lib.mkOption</literal> argument <literal>options</literal> are
|
||||
deprecated. Use <literal>types.submodule</literal> instead.
|
||||
(<link xlink:href="https://github.com/NixOS/nixpkgs/pull/54637">#54637</link>)
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>matrix-synapse</literal> has been updated to version 0.99. It will
|
||||
<link xlink:href="https://github.com/matrix-org/synapse/pull/4509">no longer generate a self-signed certificate on first launch</link>
|
||||
and will be <link xlink:href="https://matrix.org/blog/2019/02/05/synapse-0-99-0/">the last version to accept self-signed certificates</link>.
|
||||
As such, it is now recommended to use a proper certificate verified by a
|
||||
root CA (for example Let's Encrypt).
|
||||
The new <link linkend="module-services-matrix">manual chapter on Matrix</link> contains a working example of using nginx as a reverse proxy
|
||||
in front of <literal>matrix-synapse</literal>, using Let's Encrypt certificates.
|
||||
<literal>matrix-synapse</literal> has been updated to version 0.99. It
|
||||
will <link xlink:href="https://github.com/matrix-org/synapse/pull/4509">no
|
||||
longer generate a self-signed certificate on first launch</link> and will
|
||||
be
|
||||
<link xlink:href="https://matrix.org/blog/2019/02/05/synapse-0-99-0/">the
|
||||
last version to accept self-signed certificates</link>. As such, it is now
|
||||
recommended to use a proper certificate verified by a root CA (for example
|
||||
Let's Encrypt). The new <link linkend="module-services-matrix">manual
|
||||
chapter on Matrix</link> contains a working example of using nginx as a
|
||||
reverse proxy in front of <literal>matrix-synapse</literal>, using Let's
|
||||
Encrypt certificates.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>mailutils</literal> now works by default when
|
||||
<literal>sendmail</literal> is not in a setuid wrapper. As a consequence,
|
||||
the <literal>sendmailPath</literal> argument, having lost its main use, has
|
||||
been removed.
|
||||
the <literal>sendmailPath</literal> argument, having lost its main use,
|
||||
has been removed.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>graylog</literal> has been upgraded from version 2.* to 3.*. Some setups making use of extraConfig (especially those exposing Graylog via reverse proxies) need to be updated as upstream removed/replaced some settings. See <link xlink:href="http://docs.graylog.org/en/3.0/pages/upgrade/graylog-3.0.html#simplified-http-interface-configuration">Upgrading Graylog</link> for details.
|
||||
<literal>graylog</literal> has been upgraded from version 2.* to 3.*. Some
|
||||
setups making use of extraConfig (especially those exposing Graylog via
|
||||
reverse proxies) need to be updated as upstream removed/replaced some
|
||||
settings. See
|
||||
<link xlink:href="http://docs.graylog.org/en/3.0/pages/upgrade/graylog-3.0.html#simplified-http-interface-configuration">Upgrading
|
||||
Graylog</link> for details.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -500,163 +530,174 @@
|
|||
<listitem>
|
||||
<para>
|
||||
The <option>services.matomo</option> module gained the option
|
||||
<option>services.matomo.package</option> which determines the used
|
||||
Matomo version.
|
||||
<option>services.matomo.package</option> which determines the used Matomo
|
||||
version.
|
||||
</para>
|
||||
<para>
|
||||
The Matomo module now also comes with the systemd service <literal>matomo-archive-processing.service</literal>
|
||||
and a timer that automatically triggers archive processing every hour.
|
||||
This means that you can safely
|
||||
The Matomo module now also comes with the systemd service
|
||||
<literal>matomo-archive-processing.service</literal> and a timer that
|
||||
automatically triggers archive processing every hour. This means that you
|
||||
can safely
|
||||
<link xlink:href="https://matomo.org/docs/setup-auto-archiving/#disable-browser-triggers-for-matomo-archiving-and-limit-matomo-reports-to-updating-every-hour">
|
||||
disable browser triggers for Matomo archiving
|
||||
</link> at <literal>Administration > System > General Settings</literal>.
|
||||
disable browser triggers for Matomo archiving </link> at
|
||||
<literal>Administration > System > General Settings</literal>.
|
||||
</para>
|
||||
<para>
|
||||
Additionally, you can enable to
|
||||
<link xlink:href="https://matomo.org/docs/privacy/#step-2-delete-old-visitors-logs">
|
||||
delete old visitor logs
|
||||
</link> at <literal>Administration > System > Privacy</literal>,
|
||||
but make sure that you run <literal>systemctl start matomo-archive-processing.service</literal>
|
||||
at least once without errors if you have already collected data before,
|
||||
so that the reports get archived before the source data gets deleted.
|
||||
delete old visitor logs </link> at <literal>Administration > System >
|
||||
Privacy</literal>, but make sure that you run <literal>systemctl start
|
||||
matomo-archive-processing.service</literal> at least once without errors
|
||||
if you have already collected data before, so that the reports get
|
||||
archived before the source data gets deleted.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>composableDerivation</literal> along with supporting library functions
|
||||
has been removed.
|
||||
<literal>composableDerivation</literal> along with supporting library
|
||||
functions has been removed.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The deprecated <literal>truecrypt</literal> package has been removed
|
||||
and <literal>truecrypt</literal> attribute is now an alias for
|
||||
The deprecated <literal>truecrypt</literal> package has been removed and
|
||||
<literal>truecrypt</literal> attribute is now an alias for
|
||||
<literal>veracrypt</literal>. VeraCrypt is backward-compatible with
|
||||
TrueCrypt volumes. Note that <literal>cryptsetup</literal> also
|
||||
supports loading TrueCrypt volumes.
|
||||
TrueCrypt volumes. Note that <literal>cryptsetup</literal> also supports
|
||||
loading TrueCrypt volumes.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The Kubernetes DNS addons, kube-dns, has been replaced with CoreDNS.
|
||||
This change is made in accordance with Kubernetes making CoreDNS the official default
|
||||
starting from
|
||||
<link xlink:href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#sig-cluster-lifecycle">Kubernetes v1.11</link>.
|
||||
Please beware that upgrading DNS-addon on existing clusters might induce
|
||||
minor downtime while the DNS-addon terminates and re-initializes.
|
||||
Also note that the DNS-service now runs with 2 pod replicas by default.
|
||||
The desired number of replicas can be configured using:
|
||||
<option>services.kubernetes.addons.dns.replicas</option>.
|
||||
The Kubernetes DNS addons, kube-dns, has been replaced with CoreDNS. This
|
||||
change is made in accordance with Kubernetes making CoreDNS the official
|
||||
default starting from
|
||||
<link xlink:href="https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#sig-cluster-lifecycle">Kubernetes
|
||||
v1.11</link>. Please beware that upgrading DNS-addon on existing clusters
|
||||
might induce minor downtime while the DNS-addon terminates and
|
||||
re-initializes. Also note that the DNS-service now runs with 2 pod
|
||||
replicas by default. The desired number of replicas can be configured
|
||||
using: <option>services.kubernetes.addons.dns.replicas</option>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The quassel-webserver package and module was removed from nixpkgs due to the lack
|
||||
of maintainers.
|
||||
The quassel-webserver package and module was removed from nixpkgs due to
|
||||
the lack of maintainers.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The manual gained a
|
||||
<link linkend="module-services-matrix">
|
||||
new chapter on self-hosting <literal>matrix-synapse</literal> and <literal>riot-web</literal>
|
||||
</link>, the most prevalent server and client implementations for the
|
||||
<link xlink:href="https://matrix.org/">Matrix</link> federated communication network.
|
||||
The manual gained a <link linkend="module-services-matrix"> new chapter on
|
||||
self-hosting <literal>matrix-synapse</literal> and
|
||||
<literal>riot-web</literal> </link>, the most prevalent server and client
|
||||
implementations for the
|
||||
<link xlink:href="https://matrix.org/">Matrix</link> federated
|
||||
communication network.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The astah-community package was removed from nixpkgs due to it being discontinued and the downloads not being available anymore.
|
||||
The astah-community package was removed from nixpkgs due to it being
|
||||
discontinued and the downloads not being available anymore.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The httpd service now saves log files with a .log file extension by default for
|
||||
easier integration with the logrotate service.
|
||||
The httpd service now saves log files with a .log file extension by
|
||||
default for easier integration with the logrotate service.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The owncloud server packages and httpd subservice module were removed
|
||||
from nixpkgs due to the lack of maintainers.
|
||||
The owncloud server packages and httpd subservice module were removed from
|
||||
nixpkgs due to the lack of maintainers.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
It is possible now to uze ZRAM devices as general purpose ephemeral block devices,
|
||||
not only as swap. Using more than 1 device as ZRAM swap is no longer recommended,
|
||||
but is still possible by setting <literal>zramSwap.swapDevices</literal> explicitly.
|
||||
It is possible now to uze ZRAM devices as general purpose ephemeral block
|
||||
devices, not only as swap. Using more than 1 device as ZRAM swap is no
|
||||
longer recommended, but is still possible by setting
|
||||
<literal>zramSwap.swapDevices</literal> explicitly.
|
||||
</para>
|
||||
<para>
|
||||
ZRAM algorithm can be changed now.
|
||||
</para>
|
||||
<para>
|
||||
Changes to ZRAM algorithm are applied during <literal>nixos-rebuild switch</literal>,
|
||||
so make sure you have enough swap space on disk to survive ZRAM device rebuild. Alternatively,
|
||||
use <literal>nixos-rebuild boot; reboot</literal>.
|
||||
Changes to ZRAM algorithm are applied during <literal>nixos-rebuild
|
||||
switch</literal>, so make sure you have enough swap space on disk to
|
||||
survive ZRAM device rebuild. Alternatively, use <literal>nixos-rebuild
|
||||
boot; reboot</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Flat volumes are now disabled by default in <literal>hardware.pulseaudio</literal>.
|
||||
This has been done to prevent applications, which are unaware of this feature, setting
|
||||
their volumes to 100% on startup causing harm to your audio hardware and potentially your ears.
|
||||
Flat volumes are now disabled by default in
|
||||
<literal>hardware.pulseaudio</literal>. This has been done to prevent
|
||||
applications, which are unaware of this feature, setting their volumes to
|
||||
100% on startup causing harm to your audio hardware and potentially your
|
||||
ears.
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
With this change application specific volumes are relative to the master volume which can be
|
||||
adjusted independently, whereas before they were absolute; meaning that in effect, it scaled the
|
||||
device-volume with the volume of the loudest application.
|
||||
With this change application specific volumes are relative to the master
|
||||
volume which can be adjusted independently, whereas before they were
|
||||
absolute; meaning that in effect, it scaled the device-volume with the
|
||||
volume of the loudest application.
|
||||
</para>
|
||||
</note>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <link xlink:href="https://github.com/DanielAdolfsson/ndppd"><literal>ndppd</literal></link> module
|
||||
now supports <link linkend="opt-services.ndppd.enable">all config options</link> provided by the current
|
||||
upstream version as service options. Additionally the <literal>ndppd</literal> package doesn't contain
|
||||
the systemd unit configuration from upstream anymore, the unit is completely configured by the NixOS module now.
|
||||
The
|
||||
<link xlink:href="https://github.com/DanielAdolfsson/ndppd"><literal>ndppd</literal></link>
|
||||
module now supports <link linkend="opt-services.ndppd.enable">all config
|
||||
options</link> provided by the current upstream version as service
|
||||
options. Additionally the <literal>ndppd</literal> package doesn't contain
|
||||
the systemd unit configuration from upstream anymore, the unit is
|
||||
completely configured by the NixOS module now.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
New installs of NixOS will default to the Redmine 4.x series unless otherwise specified in
|
||||
<literal>services.redmine.package</literal> while existing installs of NixOS will default to
|
||||
the Redmine 3.x series.
|
||||
New installs of NixOS will default to the Redmine 4.x series unless
|
||||
otherwise specified in <literal>services.redmine.package</literal> while
|
||||
existing installs of NixOS will default to the Redmine 3.x series.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <link linkend="opt-services.grafana.enable">Grafana module</link> now supports declarative
|
||||
<link xlink:href="http://docs.grafana.org/administration/provisioning/">datasource and dashboard</link>
|
||||
provisioning.
|
||||
The <link linkend="opt-services.grafana.enable">Grafana module</link> now
|
||||
supports declarative
|
||||
<link xlink:href="http://docs.grafana.org/administration/provisioning/">datasource
|
||||
and dashboard</link> provisioning.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The use of insecure ports on kubernetes has been deprecated.
|
||||
Thus options:
|
||||
The use of insecure ports on kubernetes has been deprecated. Thus options:
|
||||
<varname>services.kubernetes.apiserver.port</varname> and
|
||||
<varname>services.kubernetes.controllerManager.port</varname>
|
||||
has been renamed to <varname>.insecurePort</varname>,
|
||||
and default of both options has changed to 0 (disabled).
|
||||
<varname>services.kubernetes.controllerManager.port</varname> has been
|
||||
renamed to <varname>.insecurePort</varname>, and default of both options
|
||||
has changed to 0 (disabled).
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Note that the default value of
|
||||
<varname>services.kubernetes.apiserver.bindAddress</varname>
|
||||
has changed from 127.0.0.1 to 0.0.0.0, allowing the apiserver to be
|
||||
accessible from outside the master node itself.
|
||||
If the apiserver insecurePort is enabled,
|
||||
<varname>services.kubernetes.apiserver.bindAddress</varname> has changed
|
||||
from 127.0.0.1 to 0.0.0.0, allowing the apiserver to be accessible from
|
||||
outside the master node itself. If the apiserver insecurePort is enabled,
|
||||
it is strongly recommended to only bind on the loopback interface. See:
|
||||
<varname>services.kubernetes.apiserver.insecurebindAddress</varname>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The option <varname>services.kubernetes.apiserver.allowPrivileged</varname>
|
||||
and <varname>services.kubernetes.kubelet.allowPrivileged</varname> now
|
||||
The option
|
||||
<varname>services.kubernetes.apiserver.allowPrivileged</varname> and
|
||||
<varname>services.kubernetes.kubelet.allowPrivileged</varname> now
|
||||
defaults to false. Disallowing privileged containers on the cluster.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -668,32 +709,34 @@
|
|||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>intel</literal> driver has been removed from the default list of
|
||||
<link linkend="opt-services.xserver.videoDrivers">X.org video drivers</link>.
|
||||
The <literal>modesetting</literal> driver should take over automatically,
|
||||
it is better maintained upstream and has less problems with advanced X11 features.
|
||||
This can lead to a change in the output names used by <literal>xrandr</literal>.
|
||||
Some performance regressions on some GPU models might happen.
|
||||
Some OpenCL and VA-API applications might also break
|
||||
The <literal>intel</literal> driver has been removed from the default list
|
||||
of <link linkend="opt-services.xserver.videoDrivers">X.org video
|
||||
drivers</link>. The <literal>modesetting</literal> driver should take over
|
||||
automatically, it is better maintained upstream and has less problems with
|
||||
advanced X11 features. This can lead to a change in the output names used
|
||||
by <literal>xrandr</literal>. Some performance regressions on some GPU
|
||||
models might happen. Some OpenCL and VA-API applications might also break
|
||||
(Beignet seems to provide OpenCL support with
|
||||
<literal>modesetting</literal> driver, too).
|
||||
Kernel mode setting API does not support backlight control,
|
||||
so <literal>xbacklight</literal> tool will not work;
|
||||
backlight level can be controlled directly via <literal>/sys/</literal>
|
||||
or with <literal>brightnessctl</literal>.
|
||||
Users who need this functionality more than multi-output XRandR are advised
|
||||
to add `intel` to `videoDrivers` and report an issue (or provide additional
|
||||
<literal>modesetting</literal> driver, too). Kernel mode setting API does
|
||||
not support backlight control, so <literal>xbacklight</literal> tool will
|
||||
not work; backlight level can be controlled directly via
|
||||
<literal>/sys/</literal> or with <literal>brightnessctl</literal>. Users
|
||||
who need this functionality more than multi-output XRandR are advised to
|
||||
add `intel` to `videoDrivers` and report an issue (or provide additional
|
||||
details in an existing one)
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Openmpi has been updated to version 4.0.0, which removes some deprecated MPI-1 symbols.
|
||||
This may break some older applications that still rely on those symbols.
|
||||
An upgrade guide can be found <link xlink:href="https://www.open-mpi.org/faq/?category=mpi-removed">here</link>.
|
||||
Openmpi has been updated to version 4.0.0, which removes some deprecated
|
||||
MPI-1 symbols. This may break some older applications that still rely on
|
||||
those symbols. An upgrade guide can be found
|
||||
<link xlink:href="https://www.open-mpi.org/faq/?category=mpi-removed">here</link>.
|
||||
</para>
|
||||
<para>
|
||||
The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by default. You can set the protocols used by the nginx service using <xref linkend="opt-services.nginx.sslProtocols"/>.
|
||||
The nginx package now relies on OpenSSL 1.1 and supports TLS 1.3 by
|
||||
default. You can set the protocols used by the nginx service using
|
||||
<xref linkend="opt-services.nginx.sslProtocols"/>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
|
|
@ -76,14 +76,17 @@
|
|||
<listitem>
|
||||
<para>
|
||||
The <option>documentation</option> module gained an option named
|
||||
<option>documentation.nixos.includeAllModules</option> which makes the generated
|
||||
<citerefentry><refentrytitle>configuration.nix</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> manual page include all options from all NixOS modules
|
||||
included in a given <literal>configuration.nix</literal> configuration file. Currently, it is
|
||||
set to <literal>false</literal> by default as enabling it frequently prevents evaluation. But
|
||||
the plan is to eventually have it set to <literal>true</literal> by default. Please set it to
|
||||
<literal>true</literal> now in your <literal>configuration.nix</literal> and fix all the bugs
|
||||
it uncovers.
|
||||
<option>documentation.nixos.includeAllModules</option> which makes the
|
||||
generated <citerefentry>
|
||||
<refentrytitle>configuration.nix</refentrytitle>
|
||||
<manvolnum>5</manvolnum></citerefentry> manual page include all options
|
||||
from all NixOS modules included in a given
|
||||
<literal>configuration.nix</literal> configuration file. Currently, it is
|
||||
set to <literal>false</literal> by default as enabling it frequently
|
||||
prevents evaluation. But the plan is to eventually have it set to
|
||||
<literal>true</literal> by default. Please set it to
|
||||
<literal>true</literal> now in your <literal>configuration.nix</literal>
|
||||
and fix all the bugs it uncovers.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
|
|
@ -876,6 +876,7 @@
|
|||
./tasks/trackpoint.nix
|
||||
./tasks/powertop.nix
|
||||
./testing/service-runner.nix
|
||||
./virtualisation/anbox.nix
|
||||
./virtualisation/container-config.nix
|
||||
./virtualisation/containers.nix
|
||||
./virtualisation/docker.nix
|
||||
|
|
|
@ -87,9 +87,9 @@
|
|||
|
||||
<para>
|
||||
<emphasis>Please keep in mind that this is not compatible with
|
||||
<literal>programs.zsh.ohMyZsh.custom</literal> as it requires an immutable store
|
||||
path while <literal>custom</literal> shall remain mutable! An evaluation
|
||||
failure will be thrown if both <literal>custom</literal> and
|
||||
<literal>programs.zsh.ohMyZsh.custom</literal> as it requires an immutable
|
||||
store path while <literal>custom</literal> shall remain mutable! An
|
||||
evaluation failure will be thrown if both <literal>custom</literal> and
|
||||
<literal>customPkgs</literal> are set.</emphasis>
|
||||
</para>
|
||||
</section>
|
||||
|
|
|
@ -189,9 +189,10 @@ in
|
|||
|
||||
. /etc/zinputrc
|
||||
|
||||
export SAVEHIST=${toString cfg.histSize}
|
||||
export HISTSIZE=${toString cfg.histSize}
|
||||
export HISTFILE=${cfg.histFile}
|
||||
# Don't export these, otherwise other shells (bash) will try to use same histfile
|
||||
SAVEHIST=${toString cfg.histSize}
|
||||
HISTSIZE=${toString cfg.histSize}
|
||||
HISTFILE=${cfg.histFile}
|
||||
|
||||
${optionalString (cfg.setOptions != []) "setopt ${concatStringsSep " " cfg.setOptions}"}
|
||||
|
||||
|
|
|
@ -86,7 +86,7 @@ in {
|
|||
startAt = cfg.interval;
|
||||
serviceConfig = {
|
||||
ExecStart =
|
||||
"${pkgs.python3Packages.elasticsearch-curator}/bin/curator" +
|
||||
"${pkgs.elasticsearch-curator}/bin/curator" +
|
||||
" --config ${curatorConfig} ${curatorAction}";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -12,9 +12,9 @@
|
|||
An automatic setup is not suported by Matomo, so you need to configure Matomo
|
||||
itself in the browser-based Matomo setup.
|
||||
</para>
|
||||
|
||||
<section xml:id="module-services-matomo-database-setup">
|
||||
<title>Database Setup</title>
|
||||
|
||||
<para>
|
||||
You also need to configure a MariaDB or MySQL database and -user for Matomo
|
||||
yourself, and enter those credentials in your browser. You can use
|
||||
|
@ -46,30 +46,32 @@
|
|||
database is not on the same host.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section xml:id="module-services-matomo-archive-processing">
|
||||
<title>Archive Processing</title>
|
||||
|
||||
<para>
|
||||
This module comes with the systemd service <literal>matomo-archive-processing.service</literal>
|
||||
and a timer that automatically triggers archive processing every hour.
|
||||
This means that you can safely
|
||||
This module comes with the systemd service
|
||||
<literal>matomo-archive-processing.service</literal> and a timer that
|
||||
automatically triggers archive processing every hour. This means that you
|
||||
can safely
|
||||
<link xlink:href="https://matomo.org/docs/setup-auto-archiving/#disable-browser-triggers-for-matomo-archiving-and-limit-matomo-reports-to-updating-every-hour">
|
||||
disable browser triggers for Matomo archiving
|
||||
</link> at <literal>Administration > System > General Settings</literal>.
|
||||
disable browser triggers for Matomo archiving </link> at
|
||||
<literal>Administration > System > General Settings</literal>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
With automatic archive processing, you can now also enable to
|
||||
<link xlink:href="https://matomo.org/docs/privacy/#step-2-delete-old-visitors-logs">
|
||||
delete old visitor logs
|
||||
</link> at <literal>Administration > System > Privacy</literal>,
|
||||
but make sure that you run <literal>systemctl start matomo-archive-processing.service</literal>
|
||||
at least once without errors if you have already collected data before,
|
||||
so that the reports get archived before the source data gets deleted.
|
||||
delete old visitor logs </link> at <literal>Administration > System >
|
||||
Privacy</literal>, but make sure that you run <literal>systemctl start
|
||||
matomo-archive-processing.service</literal> at least once without errors if
|
||||
you have already collected data before, so that the reports get archived
|
||||
before the source data gets deleted.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section xml:id="module-services-matomo-backups">
|
||||
<title>Backup</title>
|
||||
|
||||
<para>
|
||||
You only need to take backups of your MySQL database and the
|
||||
<filename>/var/lib/matomo/config/config.ini.php</filename> file. Use a user
|
||||
|
@ -78,9 +80,9 @@
|
|||
<link xlink:href="https://matomo.org/faq/how-to-install/faq_138/" />.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section xml:id="module-services-matomo-issues">
|
||||
<title>Issues</title>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
|
@ -97,7 +99,6 @@
|
|||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
<section xml:id="module-services-matomo-other-web-servers">
|
||||
<title>Using other Web Servers than nginx</title>
|
||||
|
||||
|
|
|
@ -4,22 +4,24 @@
|
|||
version="5.0"
|
||||
xml:id="module-services-nextcloud">
|
||||
<title>Nextcloud</title>
|
||||
|
||||
<para>
|
||||
<link xlink:href="https://nextcloud.com/">Nextcloud</link> is an open-source, self-hostable cloud
|
||||
platform. The server setup can be automated using
|
||||
<link linkend="opt-services.nextcloud.enable">services.nextcloud</link>. A desktop client is packaged
|
||||
at <literal>pkgs.nextcloud-client</literal>.
|
||||
<link xlink:href="https://nextcloud.com/">Nextcloud</link> is an open-source,
|
||||
self-hostable cloud platform. The server setup can be automated using
|
||||
<link linkend="opt-services.nextcloud.enable">services.nextcloud</link>. A
|
||||
desktop client is packaged at <literal>pkgs.nextcloud-client</literal>.
|
||||
</para>
|
||||
|
||||
<section xml:id="module-services-nextcloud-basic-usage">
|
||||
<title>Basic usage</title>
|
||||
|
||||
<para>
|
||||
Nextcloud is a PHP-based application which requires an HTTP server
|
||||
(<literal><link linkend="opt-services.nextcloud.enable">services.nextcloud</link></literal> optionally supports
|
||||
<literal><link linkend="opt-services.nginx.enable">services.nginx</link></literal>) and a database
|
||||
(it's recommended to use <literal><link linkend="opt-services.postgresql.enable">services.postgresql</link></literal>).
|
||||
(<literal><link linkend="opt-services.nextcloud.enable">services.nextcloud</link></literal>
|
||||
optionally supports
|
||||
<literal><link linkend="opt-services.nginx.enable">services.nginx</link></literal>)
|
||||
and a database (it's recommended to use
|
||||
<literal><link linkend="opt-services.postgresql.enable">services.postgresql</link></literal>).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A very basic configuration may look like this:
|
||||
<programlisting>{ pkgs, ... }:
|
||||
|
@ -55,13 +57,17 @@
|
|||
<link linkend="opt-networking.firewall.allowedTCPPorts">networking.firewall.allowedTCPPorts</link> = [ 80 443 ];
|
||||
}</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The options <literal>hostName</literal> and <literal>nginx.enable</literal> are used internally to configure an
|
||||
HTTP server using <literal><link xlink:href="https://php-fpm.org/">PHP-FPM</link></literal> and <literal>nginx</literal>.
|
||||
The <literal>config</literal> attribute set is used for the <literal>config.php</literal> which is used
|
||||
for the application's configuration.
|
||||
<emphasis>Beware: this isn't entirely pure since the config is modified by the application's runtime!</emphasis>
|
||||
The options <literal>hostName</literal> and <literal>nginx.enable</literal>
|
||||
are used internally to configure an HTTP server using
|
||||
<literal><link xlink:href="https://php-fpm.org/">PHP-FPM</link></literal>
|
||||
and <literal>nginx</literal>. The <literal>config</literal> attribute set is
|
||||
used for the <literal>config.php</literal> which is used for the
|
||||
application's configuration. <emphasis>Beware: this isn't entirely pure
|
||||
since the config is modified by the application's runtime!</emphasis>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
In case the application serves multiple hosts (those are checked with
|
||||
<literal><link xlink:href="http://php.net/manual/en/reserved.variables.server.php">$_SERVER['HTTP_HOST']</link></literal>)
|
||||
|
@ -69,31 +75,41 @@
|
|||
<literal><link linkend="opt-services.nextcloud.config.extraTrustedDomains">services.nextcloud.config.extraTrustedDomains</link></literal>.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section xml:id="module-services-nextcloud-pitfalls-during-upgrade">
|
||||
<title>Pitfalls</title>
|
||||
|
||||
<para>
|
||||
Unfortunately Nextcloud appears to be very stateful when it comes to managing its own configuration. The
|
||||
config file lives in the home directory of the <literal>nextcloud</literal> user (by default
|
||||
<literal>/var/lib/nextcloud/config/config.php</literal>) and is also used to track several
|
||||
states of the application (e.g. whether installed or not).
|
||||
Unfortunately Nextcloud appears to be very stateful when it comes to
|
||||
managing its own configuration. The config file lives in the home directory
|
||||
of the <literal>nextcloud</literal> user (by default
|
||||
<literal>/var/lib/nextcloud/config/config.php</literal>) and is also used to
|
||||
track several states of the application (e.g. whether installed or not).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Right now changes to the <literal>services.nextcloud.config</literal> attribute set won't take effect
|
||||
after the first install
|
||||
(except <literal><link linkend="opt-services.nextcloud.config.extraTrustedDomains">services.nextcloud.config.extraTrustedDomains</link></literal>) since the actual configuration
|
||||
file is generated by the NextCloud installer which also sets up critical parts such as the database
|
||||
structure.
|
||||
Right now changes to the <literal>services.nextcloud.config</literal>
|
||||
attribute set won't take effect after the first install (except
|
||||
<literal><link linkend="opt-services.nextcloud.config.extraTrustedDomains">services.nextcloud.config.extraTrustedDomains</link></literal>)
|
||||
since the actual configuration file is generated by the NextCloud installer
|
||||
which also sets up critical parts such as the database structure.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<emphasis>Warning: don't delete <literal>config.php</literal>! This file tracks the application's state and a deletion can cause unwanted side-effects!</emphasis>
|
||||
<emphasis>Warning: don't delete <literal>config.php</literal>! This file
|
||||
tracks the application's state and a deletion can cause unwanted
|
||||
side-effects!</emphasis>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<emphasis>Warning: don't rerun <literal>nextcloud-occ maintenance:install</literal>! This command tries to install the application and can cause unwanted side-effects!</emphasis>
|
||||
<emphasis>Warning: don't rerun <literal>nextcloud-occ
|
||||
maintenance:install</literal>! This command tries to install the application
|
||||
and can cause unwanted side-effects!</emphasis>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The issues are known and reported in <link xlink:href="https://github.com/NixOS/nixpkgs/issues/49783">#49783</link>, for now it's unfortunately necessary to manually work around these issues.
|
||||
The issues are known and reported in
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/49783">#49783</link>,
|
||||
for now it's unfortunately necessary to manually work around these issues.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
</chapter>
|
||||
|
|
|
@ -276,6 +276,7 @@ let
|
|||
${optionalString (config.tryFiles != null) "try_files ${config.tryFiles};"}
|
||||
${optionalString (config.root != null) "root ${config.root};"}
|
||||
${optionalString (config.alias != null) "alias ${config.alias};"}
|
||||
${optionalString (config.return != null) "return ${config.return};"}
|
||||
${config.extraConfig}
|
||||
${optionalString (config.proxyPass != null && cfg.recommendedProxySettings) "include ${recommendedProxyConfig};"}
|
||||
}
|
||||
|
|
|
@ -64,6 +64,15 @@ with lib;
|
|||
'';
|
||||
};
|
||||
|
||||
return = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "301 http://example.com$request_uri;";
|
||||
description = ''
|
||||
Adds a return directive, for e.g. redirections.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
|
|
|
@ -246,7 +246,7 @@ in
|
|||
default = [ "ati" "cirrus" "vesa" "vmware" "modesetting" ];
|
||||
example = [
|
||||
"ati_unfree" "amdgpu" "amdgpu-pro"
|
||||
"nv" "nvidia" "nvidiaLegacy340" "nvidiaLegacy304"
|
||||
"nv" "nvidia" "nvidiaLegacy390" "nvidiaLegacy340" "nvidiaLegacy304"
|
||||
];
|
||||
# TODO(@oxij): think how to easily add the rest, like those nvidia things
|
||||
relatedPackages = concatLists
|
||||
|
@ -259,6 +259,11 @@ in
|
|||
The names of the video drivers the configuration
|
||||
supports. They will be tried in order until one that
|
||||
supports your card is found.
|
||||
Don't combine those with "incompatible" OpenGL implementations,
|
||||
e.g. free ones (mesa-based) with proprietary ones.
|
||||
|
||||
For unfree "nvidia*", the supported GPU lists are on
|
||||
https://www.nvidia.com/object/unix.html
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -209,10 +209,17 @@ in
|
|||
|
||||
assertions = let
|
||||
ls = sep: concatMapStringsSep sep (x: x.mountPoint);
|
||||
notAutoResizable = fs: fs.autoResize && !(hasPrefix "ext" fs.fsType || fs.fsType == "f2fs");
|
||||
in [
|
||||
{ assertion = ! (fileSystems' ? "cycle");
|
||||
message = "The ‘fileSystems’ option can't be topologically sorted: mountpoint dependency path ${ls " -> " fileSystems'.cycle} loops to ${ls ", " fileSystems'.loops}";
|
||||
}
|
||||
{ assertion = ! (any notAutoResizable fileSystems);
|
||||
message = let
|
||||
fs = head (filter notAutoResizable fileSystems);
|
||||
in
|
||||
"Mountpoint '${fs.mountPoint}': 'autoResize = true' is not supported for 'fsType = \"${fs.fsType}\"':${if fs.fsType == "auto" then " fsType has to be explicitly set and" else ""} only the ext filesystems and f2fs support it.";
|
||||
}
|
||||
];
|
||||
|
||||
# Export for use in other modules
|
||||
|
|
|
@ -0,0 +1,144 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.virtualisation.anbox;
|
||||
kernelPackages = config.boot.kernelPackages;
|
||||
addrOpts = v: addr: pref: name: {
|
||||
address = mkOption {
|
||||
default = addr;
|
||||
type = types.str;
|
||||
description = ''
|
||||
IPv${toString v} ${name} address.
|
||||
'';
|
||||
};
|
||||
|
||||
prefixLength = mkOption {
|
||||
default = pref;
|
||||
type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128));
|
||||
description = ''
|
||||
Subnet mask of the ${name} address, specified as the number of
|
||||
bits in the prefix (<literal>${if v == 4 then "24" else "64"}</literal>).
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
options.virtualisation.anbox = {
|
||||
|
||||
enable = mkEnableOption "Anbox";
|
||||
|
||||
image = mkOption {
|
||||
default = pkgs.anbox.image;
|
||||
example = literalExample "pkgs.anbox.image";
|
||||
type = types.package;
|
||||
description = ''
|
||||
Base android image for Anbox.
|
||||
'';
|
||||
};
|
||||
|
||||
extraInit = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra shell commands to be run inside the container image during init.
|
||||
'';
|
||||
};
|
||||
|
||||
ipv4 = {
|
||||
container = addrOpts 4 "192.168.250.2" 24 "Container";
|
||||
gateway = addrOpts 4 "192.168.250.1" 24 "Host";
|
||||
|
||||
dns = mkOption {
|
||||
default = "1.1.1.1";
|
||||
type = types.string;
|
||||
description = ''
|
||||
Container DNS server.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = singleton {
|
||||
assertion = versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.18";
|
||||
message = "Anbox needs user namespace support to work properly";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ anbox ];
|
||||
|
||||
boot.kernelModules = [ "ashmem_linux" "binder_linux" ];
|
||||
boot.extraModulePackages = [ kernelPackages.anbox ];
|
||||
|
||||
services.udev.extraRules = ''
|
||||
KERNEL=="ashmem", NAME="%k", MODE="0666"
|
||||
KERNEL=="binder*", NAME="%k", MODE="0666"
|
||||
'';
|
||||
|
||||
virtualisation.lxc.enable = true;
|
||||
networking.bridges.anbox0.interfaces = [];
|
||||
networking.interfaces.anbox0.ipv4.addresses = [ cfg.ipv4.gateway ];
|
||||
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "anbox0" ];
|
||||
};
|
||||
|
||||
systemd.services.anbox-container-manager = let
|
||||
anboxloc = "/var/lib/anbox";
|
||||
in {
|
||||
description = "Anbox Container Management Daemon";
|
||||
|
||||
environment.XDG_RUNTIME_DIR="${anboxloc}";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "systemd-udev-settle.service" ];
|
||||
preStart = let
|
||||
initsh = let
|
||||
ip = cfg.ipv4.container.address;
|
||||
gw = cfg.ipv4.gateway.address;
|
||||
dns = cfg.ipv4.dns;
|
||||
in
|
||||
pkgs.writeText "nixos-init" (''
|
||||
#!/system/bin/sh
|
||||
setprop nixos.version ${config.system.nixos.version}
|
||||
|
||||
# we don't have radio
|
||||
setprop ro.radio.noril yes
|
||||
stop ril-daemon
|
||||
|
||||
# speed up boot
|
||||
setprop debug.sf.nobootanimation 1
|
||||
'' + cfg.extraInit);
|
||||
initshloc = "${anboxloc}/rootfs-overlay/system/etc/init.goldfish.sh";
|
||||
in ''
|
||||
mkdir -p ${anboxloc}
|
||||
mkdir -p $(dirname ${initshloc})
|
||||
[ -f ${initshloc} ] && rm ${initshloc}
|
||||
cp ${initsh} ${initshloc}
|
||||
chown 100000:100000 ${initshloc}
|
||||
chmod +x ${initshloc}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.anbox}/bin/anbox container-manager \
|
||||
--data-path=${anboxloc} \
|
||||
--android-image=${cfg.image} \
|
||||
--container-network-address=${cfg.ipv4.container.address} \
|
||||
--container-network-gateway=${cfg.ipv4.gateway.address} \
|
||||
--container-network-dns-servers=${cfg.ipv4.dns} \
|
||||
--use-rootfs-overlay \
|
||||
--privileged
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -20,6 +20,7 @@ in
|
|||
config = {
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
autoResize = true;
|
||||
};
|
||||
|
||||
|
|
|
@ -1,7 +1,15 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<rss xmlns:blogChannel="http://backend.userland.com/blogChannelModule" version="2.0"><channel><title>NixOS News</title><link>https://nixos.org</link><description>News for NixOS, the purely functional Linux distribution.</description><image><title>NixOS</title><url>https://nixos.org/logo/nixos-logo-only-hires.png</url><link>https://nixos.org/</link></image><item><title>
|
||||
NixOS 18.09 released
|
||||
</title><link>https://nixos.org/news.html</link><description>
|
||||
<rss xmlns:blogChannel="http://backend.userland.com/blogChannelModule" version="2.0">
|
||||
<channel>
|
||||
<title>NixOS News</title><link>https://nixos.org</link>
|
||||
<description>News for NixOS, the purely functional Linux distribution.</description>
|
||||
<image>
|
||||
<title>NixOS</title>
|
||||
<url>https://nixos.org/logo/nixos-logo-only-hires.png</url><link>https://nixos.org/</link>
|
||||
</image>
|
||||
<item>
|
||||
<title>NixOS 18.09 released</title><link>https://nixos.org/news.html</link>
|
||||
<description>
|
||||
<a href="https://github.com/NixOS/nixos-artwork/blob/master/releases/18.09-jellyfish/jellyfish.png">
|
||||
<img class="inline" src="logo/nixos-logo-18.09-jellyfish-lores.png" alt="18.09 Jellyfish logo" with="100" height="87"/>
|
||||
</a>
|
||||
|
@ -12,4 +20,8 @@
|
|||
For information on how to upgrade from older release branches
|
||||
to 18.09, check out the
|
||||
<a href="/nixos/manual/index.html#sec-upgrading">manual section on upgrading</a>.
|
||||
</description><pubDate>Sat Oct 06 2018 00:00:00 GMT</pubDate></item></channel></rss>
|
||||
</description>
|
||||
<pubDate>Sat Oct 06 2018 00:00:00 GMT</pubDate>
|
||||
</item>
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
@ -108,6 +108,8 @@ in {
|
|||
# cluster in the database before slurmctld is restarted
|
||||
subtest "add_account", sub {
|
||||
$control->succeed("sacctmgr -i add cluster default");
|
||||
# check for cluster entry
|
||||
$control->succeed("sacctmgr list cluster | awk '{ print \$1 }' | grep default");
|
||||
};
|
||||
|
||||
subtest "can_start_slurmctld", sub {
|
||||
|
@ -133,6 +135,7 @@ in {
|
|||
|
||||
subtest "check_slurm_dbd", sub {
|
||||
# find the srun job from above in the database
|
||||
sleep 2;
|
||||
$submit->succeed("sacct | grep hostname");
|
||||
};
|
||||
'';
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
{ stdenv, fetchFromGitHub, cmake, eigen, libav_all }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "musly";
|
||||
version = "unstable-2017-04-26";
|
||||
src = fetchFromGitHub {
|
||||
owner = "dominikschnitzer";
|
||||
repo = "musly";
|
||||
rev = "f911eacbbe0b39ebe87cb37d0caef09632fa40d6";
|
||||
sha256 = "1q42wvdwy2pac7bhfraqqj2czw7w2m33ms3ifjl8phm7d87i8825";
|
||||
};
|
||||
nativeBuildInputs = [ cmake ];
|
||||
buildInputs = [ eigen (libav_all.override { vaapiSupport = stdenv.isLinux; }).libav_11 ];
|
||||
fixupPhase = if stdenv.isDarwin then ''
|
||||
install_name_tool -change libmusly.dylib $out/lib/libmusly.dylib $out/bin/musly
|
||||
install_name_tool -change libmusly_resample.dylib $out/lib/libmusly_resample.dylib $out/bin/musly
|
||||
install_name_tool -change libmusly_resample.dylib $out/lib/libmusly_resample.dylib $out/lib/libmusly.dylib
|
||||
'' else "";
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = https://www.musly.org;
|
||||
description = "A fast and high-quality audio music similarity library written in C/C++";
|
||||
longDescription = ''
|
||||
Musly analyzes the the audio signal of music pieces to estimate their similarity.
|
||||
No meta-data about the music piece is included in the similarity estimation.
|
||||
To use Musly in your application, have a look at the library documentation
|
||||
or try the command line application included in the package and start generating
|
||||
some automatic music playlists right away.
|
||||
'';
|
||||
license = licenses.mpl20;
|
||||
maintainers = with maintainers; [ ggpeti ];
|
||||
platforms = with platforms; darwin ++ linux;
|
||||
};
|
||||
}
|
|
@ -2,14 +2,14 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "deco";
|
||||
version = "0.0.1";
|
||||
version = "0.0.2";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ebzzry";
|
||||
repo = pname;
|
||||
rev = "037f473ae4bdce5d3e2f76891785f0f7479cca75";
|
||||
sha256 = "1fv15nc9zqbn3c51vnm50yidj5ivpi61zg55cs46x3gi2x79x43q";
|
||||
rev = "49cded5ad123b0169f47cd0dc0f5420f4b581837";
|
||||
sha256 = "19rvqhw0blwga8ck86yy8hj7j1l9hriphlld6yrfd3yip4jprjzz";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{ stdenv, appimage-run, fetchurl }:
|
||||
|
||||
let
|
||||
version = "1.0.120";
|
||||
sha256 = "0j32rg6hm5dirdcibhfhrclnx7vm37fbm4iwkzzinqhzj4jfgbfm";
|
||||
version = "1.0.140";
|
||||
sha256 = "1114v141jayqhvkkxf7dr864j09nf5nz002c7z0pprzr00fifqzx";
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
name = "joplin-${version}";
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
# This file is autogenerated from update.sh in the same directory.
|
||||
{
|
||||
beta = {
|
||||
sha256 = "0z6m7l76qzqsf5d54k331cl7cx1f0lh4x13269mjk7664q382143";
|
||||
sha256bin64 = "0pv5aafwdwcp1ssijgx19ba1ap40j6ayv15ynxvv8fsh51ara1vp";
|
||||
version = "73.0.3683.75";
|
||||
sha256 = "18xzddqi8rgng5vksx23jaiv103prxc38pshwp702nfjfqap7fwy";
|
||||
sha256bin64 = "1r9nnc1xn319aqzxjh10n6nh714lghgskgdkpvw3hnvgb0v9jw4v";
|
||||
version = "73.0.3683.86";
|
||||
};
|
||||
dev = {
|
||||
sha256 = "19fwzxnsd1parqghv4b2mif3cj1k1m5hzqnjsnglkgv6xnqny98g";
|
||||
sha256bin64 = "1aag76dgcnwga1q4jdgm3ziqvxs1qvrsyqfd7bbsi7axz6qi135v";
|
||||
version = "74.0.3724.8";
|
||||
sha256 = "0vdiaraw3jjr7ykdqbrhjzppvqs9d7jkkx1qyi50dyvrhipxdihz";
|
||||
sha256bin64 = "0c5mnb1zz1mjs7h18f1c15ygqxl1kcpm2s1imyprh80mapmsxdxk";
|
||||
version = "74.0.3729.22";
|
||||
};
|
||||
stable = {
|
||||
sha256 = "0z6m7l76qzqsf5d54k331cl7cx1f0lh4x13269mjk7664q382143";
|
||||
sha256bin64 = "10j93186f3ipynyw6nb6bx4haav33gzvmc72sl9ybz6zljd88dpq";
|
||||
version = "73.0.3683.75";
|
||||
sha256 = "18xzddqi8rgng5vksx23jaiv103prxc38pshwp702nfjfqap7fwy";
|
||||
sha256bin64 = "1mmm4lxvcfvdj6jpqaas51lx1c9zky4zp374phs3cmh9v8l2ijkb";
|
||||
version = "73.0.3683.86";
|
||||
};
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -10,10 +10,10 @@ rec {
|
|||
|
||||
firefox = common rec {
|
||||
pname = "firefox";
|
||||
ffversion = "66.0";
|
||||
ffversion = "66.0.1";
|
||||
src = fetchurl {
|
||||
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
|
||||
sha512 = "1izxikivz0jb8kzq4cd040a70s3j83nw324yvvbmi7g808s7s6b8ljia5allbrkqcgrvrx3rq4w09kwffwmwd43jxgc1bfl8af3v8d9";
|
||||
sha512 = "3nh42a9s8hzs3823mddqdcrhjb2nrphaz9v94mmp4xx4vra18mhsyddszk6xg5mx33wamvlalicws6l9h1d4i4dnnpchh2l6ch8m9kc";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -62,10 +62,10 @@ rec {
|
|||
|
||||
firefox-esr-60 = common rec {
|
||||
pname = "firefox-esr";
|
||||
ffversion = "60.6.0esr";
|
||||
ffversion = "60.6.1esr";
|
||||
src = fetchurl {
|
||||
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
|
||||
sha512 = "14vymgczx37q3yj8ndxq6wmmachaf08kx6n3wgjd0qqg5xr18abns999f7ng51abnfrribkrpzmn22vc061sm6wldszawwq6w5r2lg4";
|
||||
sha512 = "3nl3cisn1sw3y6dxnv0bm143dpp091h1s9j7g73qfx5s6sfxl832lan177ikm00ay7fsly251vi1xz17wwicch1himsmhjisnd3ws51";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
}:
|
||||
|
||||
let
|
||||
version = "1.32.0";
|
||||
version = "1.33.0";
|
||||
|
||||
# Update these on version bumps according to Makefile
|
||||
centOsIsoVersion = "v1.15.0";
|
||||
|
@ -18,7 +18,7 @@ in buildGoPackage rec {
|
|||
owner = "minishift";
|
||||
repo = "minishift";
|
||||
rev = "v${version}";
|
||||
sha256 = "06qhcycnr06fw5dmmzwizmknm0j34j43894nl3kxa5mxh8x542pa";
|
||||
sha256 = "0n3pj410bgjblv27p55piln0vi618mnyzzswcyfc2v73bfnzrydf";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig go-bindata makeWrapper ];
|
||||
|
|
|
@ -4,15 +4,15 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-acme";
|
||||
version = "1.1.0";
|
||||
sha256 = "1ha56pr5hixpz2nmqy5558ljkvcs4c23i0jnw4vqdv1a00hi035z";
|
||||
version = "1.1.1";
|
||||
sha256 = "0fva2kw82s94r4s4dpk38kcmssmcr71ia9jyg1rqmc00ifilfrzj";
|
||||
};
|
||||
alicloud =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-alicloud";
|
||||
version = "1.32.1";
|
||||
sha256 = "0gdx54iw6q3w5pkci7433rd5yrplv1f08svsl7r3a75pww16j103";
|
||||
version = "1.34.0";
|
||||
sha256 = "1vcf3jvwn7vgbsyp6lqibh3yy301sykjzl9hgzzwxg4p1wq6i038";
|
||||
};
|
||||
archive =
|
||||
{
|
||||
|
@ -39,22 +39,22 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-aws";
|
||||
version = "2.0.0";
|
||||
sha256 = "17hf59wavv44a8a2vy2smcs3sxnws30h81jxiimg91vh1rrhisrw";
|
||||
version = "2.1.0";
|
||||
sha256 = "1gz7y8k6x3jg8jqy6n105vg2p4vj5zayfhand7xi82w0ykf8kipn";
|
||||
};
|
||||
azuread =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-azuread";
|
||||
version = "0.1.0";
|
||||
sha256 = "0jrsg3a9cb16jinzjhg2pfm65b1bfhdwnyhag1x3x4kffm3gm148";
|
||||
version = "0.2.0";
|
||||
sha256 = "01aiynw905gbn6dv23971yhwv0kfcbckcqp4f65sypn1l8szqyjg";
|
||||
};
|
||||
azurerm =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-azurerm";
|
||||
version = "1.22.1";
|
||||
sha256 = "0jg2vsfkk3z1gppcfwla5aqbn9vaxbl8px1hps7nhmylp06l9avv";
|
||||
version = "1.23.0";
|
||||
sha256 = "11v1832sxnigyiyy4i34mxwn7j18i6iwsff8sqabpa7v9a405ngp";
|
||||
};
|
||||
azurestack =
|
||||
{
|
||||
|
@ -109,8 +109,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-cloudflare";
|
||||
version = "1.11.0";
|
||||
sha256 = "14v4461bxxr5zdr11v1s89m1x9kpjxa1mff9inx2vwkdz9s02w0i";
|
||||
version = "1.12.0";
|
||||
sha256 = "1kq9mbs3if7w9jnsdkj104lvy532lwkd9wr4m0ilh7zql0vm9mpk";
|
||||
};
|
||||
cloudscale =
|
||||
{
|
||||
|
@ -144,8 +144,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-datadog";
|
||||
version = "1.6.0";
|
||||
sha256 = "16rp6kqax7i8fnl4id3sg0jmhjswx7wrnn1mp4z29gca46ji1nfh";
|
||||
version = "1.7.0";
|
||||
sha256 = "0a7nvq2nhfv2jg6jc83jjg11yzzkiwyifdj5ni76nri82mbhb14q";
|
||||
};
|
||||
digitalocean =
|
||||
{
|
||||
|
@ -179,8 +179,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-docker";
|
||||
version = "1.1.0";
|
||||
sha256 = "1ba9z9fd69hpg6kg30nf95zzskzipi74s1aadywc068gfrkdm9jj";
|
||||
version = "1.1.1";
|
||||
sha256 = "0bqwdx8hb7bym4hh01a0n1zrgb1081rvn0qawck712wz0jkzv1r3";
|
||||
};
|
||||
dyn =
|
||||
{
|
||||
|
@ -228,15 +228,15 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-google";
|
||||
version = "2.1.0";
|
||||
sha256 = "1dcdk60xwqr9sazllzxai8g6ghk0pnrz4zwm5qf6m9d3l39y2gkr";
|
||||
version = "2.2.0";
|
||||
sha256 = "1cnybx6gbd6yfl8nmk2i0k4wag1x5srq927k3ayivr0jgk01d8cl";
|
||||
};
|
||||
google-beta =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-google-beta";
|
||||
version = "2.1.0";
|
||||
sha256 = "04lx43bb1kwd36a78l49knk8n6g5bh6p970yhniyypr28zrss1by";
|
||||
version = "2.2.0";
|
||||
sha256 = "0m34qas6plh4pchp9vf0hnb3f07y8lzywwmrycfllqg6f7c38869";
|
||||
};
|
||||
grafana =
|
||||
{
|
||||
|
@ -249,8 +249,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-hcloud";
|
||||
version = "1.8.0";
|
||||
sha256 = "1gahka6012rq1p2wwvsbb1w353vm4aaifgb08a6s9la47ca7944s";
|
||||
version = "1.8.1";
|
||||
sha256 = "07s2fgd9dxajqj0w7pyma0fz5q5a96s7hbpmk1pmbw9lqvxmabgf";
|
||||
};
|
||||
hedvig =
|
||||
{
|
||||
|
@ -263,8 +263,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-helm";
|
||||
version = "0.8.0";
|
||||
sha256 = "1v30sr5dql2365bf63gcr0hqn85gk6lk9lzz1i3w0j232jw700bh";
|
||||
version = "0.9.0";
|
||||
sha256 = "1psqabifb1kabg268ca1x4l79z1xga1pr2sf8x9lrd7z856v18l9";
|
||||
};
|
||||
heroku =
|
||||
{
|
||||
|
@ -305,8 +305,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-influxdb";
|
||||
version = "1.0.3";
|
||||
sha256 = "1mdarb65v977680q55bis9ds84vx8vv84p7sgf0f0svfwq8z9r0k";
|
||||
version = "1.1.0";
|
||||
sha256 = "1mxvc3pwzgj7r79a5vz8n489xny12wa75zpppgh7948fy8m8b23f";
|
||||
};
|
||||
kubernetes =
|
||||
{
|
||||
|
@ -417,8 +417,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-oci";
|
||||
version = "3.17.0-rc1";
|
||||
sha256 = "0c49i4fic0bqgpwg05q60a99w7a236kxyhdww5k4sk04cdg3aa1f";
|
||||
version = "3.18.0-rc1";
|
||||
sha256 = "08i08lvvi3i2xyz49yk59k9qsiywds9l0cp6xijj16vkkgwysiw2";
|
||||
};
|
||||
oneandone =
|
||||
{
|
||||
|
@ -613,8 +613,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-tencentcloud";
|
||||
version = "1.2.2";
|
||||
sha256 = "1ypsfm48c30szg3zc1sknblhwcnca8aapfgp62bhszyqxq6zq37s";
|
||||
version = "1.3.0";
|
||||
sha256 = "1pdzzrg4qrsjiv67yr2g6a9l1n9vqi5n4m53kbb1fp04g3s2sw31";
|
||||
};
|
||||
terraform =
|
||||
{
|
||||
|
@ -648,8 +648,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-ucloud";
|
||||
version = "1.2.0";
|
||||
sha256 = "1pq0288lgj288xjs647n740fbpxgbly0hxy5kz9xr3lf7ld1cclq";
|
||||
version = "1.3.0";
|
||||
sha256 = "16mnkm781x5ijbdcsxc56kw7ppag4js0gmlx64ry8fwywm8ma0pp";
|
||||
};
|
||||
ultradns =
|
||||
{
|
||||
|
@ -662,8 +662,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-vault";
|
||||
version = "1.5.0";
|
||||
sha256 = "1lny94555ws0nd2lp9zkbq6c1324h50izfk88941irl7apjmwzw5";
|
||||
version = "1.6.0";
|
||||
sha256 = "06hykz37yhwhj6fjz2zi5c80mzv8i91kpsr5cdqkc8rnfmcbhzqx";
|
||||
};
|
||||
vcd =
|
||||
{
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ callPackage, stdenv }:
|
||||
|
||||
let
|
||||
stableVersion = "2.1.14";
|
||||
stableVersion = "2.1.15";
|
||||
previewVersion = "2.2.0a2";
|
||||
addVersion = args:
|
||||
let version = if args.stable then stableVersion else previewVersion;
|
||||
|
@ -9,8 +9,8 @@ let
|
|||
in args // { inherit version branch; };
|
||||
mkGui = args: callPackage (import ./gui.nix (addVersion args)) { };
|
||||
mkServer = args: callPackage (import ./server.nix (addVersion args)) { };
|
||||
guiSrcHash = "1k4g1sd9s6nc3rsc918chnkr515qik4hfd4z5lw065bp3lshf48b";
|
||||
serverSrcHash = "0npm9p52jk04g9cmflsfph4dkj6373mfyvd3hff1caqmjalnfxg4";
|
||||
guiSrcHash = "116wigkh5kwna00q200yv2wm8dpi4kmsns96iglzwrrl19fk538p";
|
||||
serverSrcHash = "1mqwydxn58v5ddpnsxvf6vgqwhrfm3mwjwf030lv83zmcjhx237q";
|
||||
in {
|
||||
guiStable = mkGui {
|
||||
stable = true;
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
{
|
||||
"name": "riot-web",
|
||||
"productName": "Riot",
|
||||
"main": "src/electron-main.js",
|
||||
"version": "1.0.4",
|
||||
"description": "A feature-rich client for Matrix.org",
|
||||
"author": "New Vector Ltd.",
|
||||
"dependencies": {
|
||||
"auto-launch": "^5.0.1",
|
||||
"electron-store": "^2.0.0",
|
||||
"electron-window-state": "^4.1.0",
|
||||
"minimist": "^1.2.0",
|
||||
"png-to-ico": "^1.0.2"
|
||||
}
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,77 @@
|
|||
{ stdenv, fetchFromGitHub, yarn2nix, makeWrapper, makeDesktopItem, electron, riot-web }:
|
||||
|
||||
let
|
||||
executableName = "riot-desktop";
|
||||
version = "1.0.4";
|
||||
riot-web-src = fetchFromGitHub {
|
||||
owner = "vector-im";
|
||||
repo = "riot-web";
|
||||
rev = "v${version}";
|
||||
sha256 = "152mi81miams5a7l9rd12bnf6wkd1r0lyicgr35r5fq0p6z7a4dk";
|
||||
};
|
||||
|
||||
in yarn2nix.mkYarnPackage rec {
|
||||
name = "riot-desktop-${version}";
|
||||
inherit version;
|
||||
|
||||
src = "${riot-web-src}/electron_app";
|
||||
|
||||
# The package manifest should be copied on each update of this package.
|
||||
# > cp ${riot-web-src}/electron_app/package.json riot-desktop-package.json
|
||||
packageJSON = ./riot-desktop-package.json;
|
||||
|
||||
# The dependency expression can be regenerated using nixos.yarn2nix with the following command:
|
||||
# > yarn2nix --lockfile=${riot-web-src}/electron_app/yarn.lock > riot-desktop-yarndeps.nix
|
||||
yarnNix = ./riot-desktop-yarndeps.nix;
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
installPhase = ''
|
||||
# resources
|
||||
mkdir -p "$out/share/riot"
|
||||
ln -s '${riot-web}' "$out/share/riot/webapp"
|
||||
cp -r '${riot-web-src}/origin_migrator' "$out/share/riot/origin_migrator"
|
||||
cp -r '.' "$out/share/riot/electron"
|
||||
|
||||
# icons
|
||||
for icon in $out/share/riot/electron/build/icons/*.png; do
|
||||
mkdir -p "$out/share/icons/hicolor/$(basename $icon .png)/apps"
|
||||
ln -s "$icon" "$out/share/icons/hicolor/$(basename $icon .png)/apps/riot.png"
|
||||
done
|
||||
|
||||
# desktop item
|
||||
mkdir -p "$out/share"
|
||||
ln -s "${desktopItem}/share/applications" "$out/share/applications"
|
||||
|
||||
# executable wrapper
|
||||
makeWrapper '${electron}/bin/electron' "$out/bin/${executableName}" \
|
||||
--add-flags "$out/share/riot/electron"
|
||||
'';
|
||||
|
||||
# The desktop item properties should be kept in sync with data from upstream:
|
||||
# * productName and description from
|
||||
# https://github.com/vector-im/riot-web/blob/develop/electron_app/package.json
|
||||
# * category and StartupWMClass from the build.linux section of
|
||||
# https://github.com/vector-im/riot-web/blob/develop/package.json
|
||||
desktopItem = makeDesktopItem {
|
||||
inherit name;
|
||||
exec = executableName;
|
||||
icon = "riot";
|
||||
desktopName = "Riot";
|
||||
genericName = "Matrix Client";
|
||||
comment = meta.description;
|
||||
categories = "Network;InstantMessaging;Chat;";
|
||||
extraEntries = ''
|
||||
StartupWMClass="riot"
|
||||
'';
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A feature-rich client for Matrix.org";
|
||||
homepage = https://about.riot.im/;
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ pacien ];
|
||||
inherit (electron.meta) platforms;
|
||||
};
|
||||
}
|
||||
|
|
@ -13,11 +13,11 @@ let
|
|||
in
|
||||
stdenv.mkDerivation rec {
|
||||
name = "eagle-${version}";
|
||||
version = "9.1.2";
|
||||
version = "9.3.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://eagle-updates.circuits.io/downloads/${builtins.replaceStrings ["."] ["_"] version}/Autodesk_EAGLE_${version}_English_Linux_64bit.tar.gz";
|
||||
sha256 = "0y7ahl9z5a7l9cjk8hzmyv6ga8chlry5rr8v116q5mnsgs4i11an";
|
||||
sha256 = "0hrbw368kskjzwjnqrri5j7c10d0z5m81h3s9zhqfrmwym42vdc5";
|
||||
};
|
||||
|
||||
desktopItem = makeDesktopItem {
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
name = "elan-${version}";
|
||||
version = "0.7.4";
|
||||
version = "0.7.5";
|
||||
|
||||
cargoSha256 = "0vv7kr7rc3lvas7ngp5dp99ajjd5v8k5937ish7zqz1k4970q2f1";
|
||||
|
||||
|
@ -10,7 +10,7 @@ rustPlatform.buildRustPackage rec {
|
|||
owner = "kha";
|
||||
repo = "elan";
|
||||
rev = "v${version}";
|
||||
sha256 = "0yf8mfgp4l78f5cjq1imh462axaa24jfhn69cgf7prw4jrmw3bch";
|
||||
sha256 = "1147f3lzr6lgvf580ppspn20bdwnf6l8idh1h5ana0p0lf5a0dn1";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
|
|
|
@ -121,8 +121,8 @@ in {
|
|||
};
|
||||
|
||||
subversion_1_10 = common {
|
||||
version = "1.10.3";
|
||||
sha256 = "1z6r3n91a4znsh68rl3jisfr7k4faymhbpalmmvsmvsap34al3cz";
|
||||
version = "1.10.4";
|
||||
sha256 = "18c1vdq32nil76w678lxmp73jsbqha3dmzgmfrj76nc0xjmywql2";
|
||||
extraBuildInputs = [ lz4 utf8proc ];
|
||||
};
|
||||
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
{ stdenv, fetchFromGitHub, gnumake,
|
||||
libX11, libXinerama, libXrandr, libXpm, libXft, imlib2 }:
|
||||
stdenv.mkDerivation rec {
|
||||
name = "wmfs-${version}";
|
||||
|
||||
version = "201902";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "xorg62";
|
||||
repo = "wmfs";
|
||||
sha256 = "sha256:1m7dsmmlhq2qipim659cp9aqlriz1cwrrgspl8baa5pncln0gd5c";
|
||||
rev = "b7b8ff812d28c79cb22a73db2739989996fdc6c2";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
gnumake
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
imlib2
|
||||
libX11
|
||||
libXinerama
|
||||
libXrandr
|
||||
libXpm
|
||||
libXft
|
||||
];
|
||||
|
||||
preConfigure = "substituteInPlace configure --replace '-lxft' '-lXft'";
|
||||
|
||||
makeFlags = [
|
||||
"PREFIX=${placeholder "out"}"
|
||||
"XDG_CONFIG_DIR=${placeholder "out"}/etc/xdg"
|
||||
"MANPREFIX=${placeholder "out"}/share/man"
|
||||
];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Window manager from scratch";
|
||||
license = licenses.bsd2;
|
||||
maintainers = [ maintainers.balsoft ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
|
@ -200,7 +200,7 @@ rec {
|
|||
# Unpack all of the parent layers into the image.
|
||||
lowerdir=""
|
||||
extractionID=0
|
||||
for layerTar in $(cat layer-list); do
|
||||
for layerTar in $(tac layer-list); do
|
||||
echo "Unpacking layer $layerTar"
|
||||
extractionID=$((extractionID + 1))
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ let
|
|||
inherit version;
|
||||
sha256 = "678c98275431fad324275dec63791e4a17558b40e5a110e20a82866139a85a5a";
|
||||
};
|
||||
patches = [];
|
||||
postPatch = "";
|
||||
});
|
||||
|
||||
platformio = self.callPackage ./core.nix { };
|
||||
|
|
|
@ -147,7 +147,11 @@ let
|
|||
done < <(find $out $lib $doc -type f -print0)
|
||||
'';
|
||||
|
||||
doInstallCheck = true;
|
||||
# cuda-gdb doesn't run correctly when not using sandboxing, so
|
||||
# temporarily disabling the install check. This should be set to true
|
||||
# when we figure out how to get `cuda-gdb --version` to run correctly
|
||||
# when not using sandboxing.
|
||||
doInstallCheck = false;
|
||||
postInstallCheck = let
|
||||
in ''
|
||||
# Smoke test binaries
|
||||
|
|
|
@ -2474,7 +2474,6 @@ unsupported-platforms:
|
|||
gi-ostree: [ x86_64-darwin ]
|
||||
gtk-mac-integration: [ i686-linux, x86_64-linux ]
|
||||
hcwiid: [ x86_64-darwin ]
|
||||
hfsevents: [ x86_64-darwin ]
|
||||
HFuse: [ x86_64-darwin ]
|
||||
hommage-ds: [ i686-linux, x86_64-linux, x86_64-darwin ]
|
||||
lio-fs: [ x86_64-darwin ]
|
||||
|
|
|
@ -63,10 +63,10 @@ in {
|
|||
sourceVersion = {
|
||||
major = "3";
|
||||
minor = "5";
|
||||
patch = "6";
|
||||
patch = "7";
|
||||
suffix = "";
|
||||
};
|
||||
sha256 = "0pqmf51zy2lzhbaj4yya2py2qr653j9152d0rg3p7wi1yl2dwp7m";
|
||||
sha256 = "1p67pnp2ca5przx2s45r8m55dcn6f5hsm0l4s1zp7mglkf4r4n18";
|
||||
inherit (darwin) CF configd;
|
||||
inherit passthruFun;
|
||||
};
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "fstrm-${version}";
|
||||
version = "0.4.0";
|
||||
version = "0.5.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "farsightsec";
|
||||
repo = "fstrm";
|
||||
rev = "v${version}";
|
||||
sha256 = "11i8b3wy6j3z3fcv816xccxxlrfkczdr8bm2gnan6yv4ppbji4ny";
|
||||
sha256 = "1vm880h6vpnxqh7v0x17yfim6f2fbxwkm03ms58s2h9akmph9xm5";
|
||||
};
|
||||
|
||||
outputs = [ "bin" "out" "dev" ];
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
, autoreconfHook, fetchpatch
|
||||
, git
|
||||
, texinfo
|
||||
, buildPackages
|
||||
, qtbase ? null
|
||||
, pythonSupport ? false, swig2 ? null, python ? null
|
||||
}:
|
||||
|
@ -31,6 +32,8 @@ stdenv.mkDerivation rec {
|
|||
nativeBuildInputs = [ file pkgconfig gnupg autoreconfHook git texinfo ]
|
||||
++ lib.optionals pythonSupport [ python swig2 which ncurses ];
|
||||
|
||||
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "fix-key-expiry.patch";
|
||||
|
@ -46,6 +49,7 @@ stdenv.mkDerivation rec {
|
|||
configureFlags = [
|
||||
"--enable-fixed-path=${gnupg}/bin"
|
||||
"--with-libgpg-error-prefix=${libgpgerror.dev}"
|
||||
"--with-libassuan-prefix=${libassuan.dev}"
|
||||
] ++ lib.optional pythonSupport "--enable-languages=python";
|
||||
|
||||
NIX_CFLAGS_COMPILE =
|
||||
|
|
|
@ -19,6 +19,17 @@ stdenv.mkDerivation rec {
|
|||
cmocka
|
||||
];
|
||||
|
||||
patches = [
|
||||
# CVE-2019-3824
|
||||
# downloading the patch from debian as they have ported the patch from samba to ldb but otherwise is identical to
|
||||
# https://bugzilla.samba.org/attachment.cgi?id=14857
|
||||
(fetchurl {
|
||||
name = "CVE-2019-3824.patch";
|
||||
url = "https://sources.debian.org/data/main/l/ldb/2:1.1.27-1+deb9u1/debian/patches/CVE-2019-3824-master-v4-5-02.patch";
|
||||
sha256 = "1idnqckvjh18rh9sbq90rr4sxfviha9nd1ca9pd6lai0y6r6q4yd";
|
||||
})
|
||||
];
|
||||
|
||||
preConfigure = ''
|
||||
sed -i 's,#!/usr/bin/env python,#!${python}/bin/python,g' buildtools/bin/waf
|
||||
'';
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
{ stdenv, lib, fetchurl, cmake, pkgconfig, gtest, doxygen
|
||||
, graphviz, lcov, writeText }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "properties-cpp";
|
||||
version = "0.0.1";
|
||||
|
||||
src = let srcver = version+"+14.10.20140730"; in
|
||||
fetchurl {
|
||||
url = "https://launchpad.net/ubuntu/+archive/primary/+files/${pname}_${srcver}.orig.tar.gz";
|
||||
sha256 = "08vjyv7ibn6jh2ikj5v48kjpr3n6hlkp9qlvdn8r0vpiwzah0m2w";
|
||||
};
|
||||
|
||||
buildInputs = [ cmake gtest doxygen pkgconfig graphviz lcov ];
|
||||
|
||||
patchPhase = ''
|
||||
sed -i "/add_subdirectory(tests)/d" CMakeLists.txt
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = https://launchpad.net/properties-cpp;
|
||||
description = "A very simple convenience library for handling properties and signals in C++11.";
|
||||
license = licenses.lgpl3;
|
||||
maintainers = with maintainers; [ edwtjo ];
|
||||
};
|
||||
|
||||
}
|
|
@ -45,6 +45,7 @@
|
|||
, "ionic"
|
||||
, "ios-deploy"
|
||||
, "imapnotify"
|
||||
, "indium"
|
||||
, "jake"
|
||||
, "javascript-typescript-langserver"
|
||||
, "jsdoc"
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, buildPythonPackage, fetchPypi, substituteAll, locale, pytest }:
|
||||
{ lib, buildPythonPackage, fetchPypi, substituteAll, locale, pytest }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "click";
|
||||
|
@ -10,10 +10,10 @@ buildPythonPackage rec {
|
|||
sha256 = "5b94b49521f6456670fdb30cd82a4eca9412788a93fa6dd6df72c94d5a8ff2d7";
|
||||
};
|
||||
|
||||
patches = stdenv.lib.optional (stdenv.lib.versionAtLeast version "6.7") (substituteAll {
|
||||
src = ./fix-paths.patch;
|
||||
locale = "${locale}/bin/locale";
|
||||
});
|
||||
postPatch = ''
|
||||
substituteInPlace click/_unicodefun.py \
|
||||
--replace "'locale'" "'${locale}/bin/locale'"
|
||||
'';
|
||||
|
||||
buildInputs = [ pytest ];
|
||||
|
||||
|
@ -24,7 +24,7 @@ buildPythonPackage rec {
|
|||
# https://github.com/pallets/click/issues/823
|
||||
doCheck = false;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
meta = with lib; {
|
||||
homepage = http://click.pocoo.org/;
|
||||
description = "Create beautiful command line interfaces in Python";
|
||||
longDescription = ''
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
diff --git a/click/_unicodefun.py b/click/_unicodefun.py
|
||||
index 620edff..85a3c98 100644
|
||||
--- a/click/_unicodefun.py
|
||||
+++ b/click/_unicodefun.py
|
||||
@@ -63,7 +63,7 @@ def _verify_python3_env():
|
||||
if os.name == 'posix':
|
||||
import subprocess
|
||||
try:
|
||||
- rv = subprocess.Popen(['locale', '-a'], stdout=subprocess.PIPE,
|
||||
+ rv = subprocess.Popen(['@locale@', '-a'], stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE).communicate()[0]
|
||||
except OSError:
|
||||
rv = b''
|
|
@ -45,13 +45,6 @@ buildPythonPackage rec {
|
|||
funcsigs
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace setup.cfg \
|
||||
--replace 'click>=6.7,<7.0' 'click'
|
||||
substituteInPlace setup.py \
|
||||
--replace 'click>=6.7,<7.0' 'click'
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = https://github.com/elastic/curator;
|
||||
description = "Curate, or manage, your Elasticsearch indices and snapshots";
|
||||
|
@ -69,5 +62,8 @@ buildPythonPackage rec {
|
|||
* Perform various actions on the items which remain in the actionable list.
|
||||
'';
|
||||
maintainers = with maintainers; [ basvandijk ];
|
||||
|
||||
# https://github.com/elastic/curator/pull/1280
|
||||
broken = versionAtLeast click.version "7.0";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ lib, buildPythonPackage, fetchPypi
|
||||
, click, jinja2, terminaltables }:
|
||||
, mock, jinja2, click, terminaltables
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "envs";
|
||||
|
@ -10,7 +11,7 @@ buildPythonPackage rec {
|
|||
sha256 = "ccf5cd85ddb8ed335e39ed8a22e0d23658f5a6d7da430f225e6f750c6f50ae42";
|
||||
};
|
||||
|
||||
checkInputs = [ click jinja2 terminaltables ];
|
||||
checkInputs = [ mock jinja2 click terminaltables ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Easy access to environment variables from Python";
|
||||
|
|
|
@ -8,11 +8,11 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "fonttools";
|
||||
version = "3.37.3";
|
||||
version = "3.39.0";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "c898a455a39afbe6707bc17a0e4f720ebe2087fec67683e7c86a13183078204d";
|
||||
sha256 = "0hgv83b4nhk2bl33xa41x0xvsl2b138p974ywkglzckp1123a7z2";
|
||||
extension = "zip";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
{ stdenv
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, fetchPypi
|
||||
, isPy3k
|
||||
, nose
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "munkres";
|
||||
version = "1.0.12";
|
||||
version = "1.1.2";
|
||||
|
||||
# No sdist for 1.0.12, see https://github.com/bmc/munkres/issues/25
|
||||
src = fetchFromGitHub {
|
||||
owner = "bmc";
|
||||
repo = pname;
|
||||
rev = "release-${version}";
|
||||
sha256 = "0m3rkn0z3ialndxmyg26xn081znna34i5maa1i4nkhy6nf0ixdjm";
|
||||
disabled = !isPy3k;
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "81e9ced40c3d0ffc48be4b6da5cfdfaa49041faaaba8075b159974ec47926aea";
|
||||
};
|
||||
|
||||
checkInputs = [ nose ];
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
let
|
||||
pname = "nbxmpp";
|
||||
version = "0.6.9";
|
||||
version = "0.6.10";
|
||||
name = "${pname}-${version}";
|
||||
in buildPythonPackage rec {
|
||||
inherit pname version;
|
||||
|
@ -11,7 +11,7 @@ in buildPythonPackage rec {
|
|||
name = "${name}.tar.bz2";
|
||||
url = "https://dev.gajim.org/gajim/python-nbxmpp/repository/archive.tar.bz2?"
|
||||
+ "ref=${name}";
|
||||
sha256 = "14xrq0r5k1dk7rwj4cxyxfapi6gbnqg70mz94g6hn9ij06284mi7";
|
||||
sha256 = "1w31a747mj9rvlp3n20z0fnvyvihphkgkyr22sk2kap3migw8vai";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ pyopenssl ];
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ stdenv, buildPythonPackage, fetchPypi
|
||||
, pytest, setuptools-git, pytest-shutil, pytest-fixture-config, psutil
|
||||
, requests, future }:
|
||||
, pytest_3, pytest-shutil, pytest-fixture-config, psutil
|
||||
, requests, future, retry }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pytest-server-fixtures";
|
||||
|
@ -11,8 +11,8 @@ buildPythonPackage rec {
|
|||
sha256 = "c89f9532f62cf851489082ece1ec692b6ed5b0f88f20823bea25e2a963ebee8f";
|
||||
};
|
||||
|
||||
buildInputs = [ pytest ];
|
||||
propagatedBuildInputs = [ setuptools-git pytest-shutil pytest-fixture-config psutil requests future ];
|
||||
buildInputs = [ pytest_3 ];
|
||||
propagatedBuildInputs = [ pytest-shutil pytest-fixture-config psutil requests future retry ];
|
||||
|
||||
# RuntimeError: Unable to find a free server number to start Xvfb
|
||||
doCheck = false;
|
||||
|
|
|
@ -8,7 +8,16 @@
|
|||
, pycairo
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
let
|
||||
boost = pkgs.boost.override {
|
||||
enablePython = true;
|
||||
inherit python;
|
||||
};
|
||||
mapnik = pkgs.mapnik.override {
|
||||
inherit python boost;
|
||||
};
|
||||
|
||||
in buildPythonPackage rec {
|
||||
pname = "python-mapnik";
|
||||
version = "3.0.16";
|
||||
|
||||
|
@ -28,15 +37,15 @@ buildPythonPackage rec {
|
|||
export BOOST_THREAD_LIB="boost_thread"
|
||||
export BOOST_SYSTEM_LIB="boost_system"
|
||||
'';
|
||||
buildInputs = with pkgs; [
|
||||
(boost.override {
|
||||
enablePython = true;
|
||||
inherit python;
|
||||
})
|
||||
(mapnik.override {
|
||||
inherit python;
|
||||
boost = (boost.override { enablePython = true; inherit python; });
|
||||
})
|
||||
|
||||
nativeBuildInputs = [
|
||||
mapnik # for mapnik_config
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
mapnik
|
||||
boost
|
||||
] ++ (with pkgs; [
|
||||
cairo
|
||||
harfbuzz
|
||||
icu
|
||||
|
@ -46,7 +55,7 @@ buildPythonPackage rec {
|
|||
libwebp
|
||||
proj
|
||||
zlib
|
||||
];
|
||||
]);
|
||||
propagatedBuildInputs = [ pillow pycairo ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, pbr
|
||||
, decorator
|
||||
, py
|
||||
, mock
|
||||
, pytest
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "retry";
|
||||
version = "0.9.2";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "f8bfa8b99b69c4506d6f5bd3b0aabf77f98cdb17f3c9fc3f5ca820033336fba4";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
pbr
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
decorator
|
||||
py
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
mock
|
||||
pytest
|
||||
];
|
||||
|
||||
checkPhase = ''
|
||||
pytest
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Easy to use retry decorator";
|
||||
homepage = https://github.com/invl/retry;
|
||||
license = licenses.asl20;
|
||||
};
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
{ stdenv
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, pytest
|
||||
, pytest_3
|
||||
, isPyPy
|
||||
}:
|
||||
|
||||
|
@ -16,9 +16,13 @@ buildPythonPackage rec {
|
|||
sha256 = "1s4radwf38kdh3jrn5acbidqlr66sx786fkwi0rgq61hn4n2bdqw";
|
||||
};
|
||||
|
||||
buildInputs = [ pytest ];
|
||||
checkInputs = [ pytest_3 ];
|
||||
|
||||
doCheck = false; # v0.6 is broken with recent pytest 4.x
|
||||
postPatch = ''
|
||||
# fails
|
||||
substituteInPlace tests/test_transport_http.py \
|
||||
--replace "test_sending_unicode_data" "noop"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Lightweight SOAP client (Jurko's fork)";
|
||||
|
|
|
@ -16,7 +16,8 @@ buildPythonPackage rec {
|
|||
disabled = !isPy27;
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
pname = "TileStache";
|
||||
inherit version;
|
||||
sha256 = "11e15dd85501345bcfeb18dce5b1c8fb74ac8d867df2520afe0eefe1edd85f27";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
{ stdenv, fetchFromGitHub, ocamlPackages, cf-private, CoreServices }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "0.94.0";
|
||||
version = "0.95.1";
|
||||
name = "flow-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "facebook";
|
||||
repo = "flow";
|
||||
rev = "refs/tags/v${version}";
|
||||
sha256 = "1bdxbyy2gchqffsk2qi0sbdlyaxp7fgmikrk7nsn5vdfzqswa6gq";
|
||||
sha256 = "0sxmk8qg61j6wdylkw53di65152mynv4agji865h23ay66nyi3lw";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
{ stdenv, fetchFromGitHub }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "libwhich";
|
||||
version = "2019-03-20";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "vtjnash";
|
||||
repo = pname;
|
||||
rev = "b348872107c77cba50b60475aa8ce2ddba86aac0";
|
||||
sha256 = "0fd8hsdc9b9v83j89mxvisgrz77q9rlxnbzd6j63wq66h95r02r9";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
install -Dm755 -t $out/bin libwhich
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Like `which`, for dynamic libraries";
|
||||
homepage = https://github.com/vtjnash/libwhich;
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ dtzWill ];
|
||||
};
|
||||
}
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "strace-${version}";
|
||||
version = "4.26";
|
||||
version = "5.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://strace.io/files/${version}/${name}.tar.xz";
|
||||
sha256 = "070yz8xii8gnb4psiz628zwm5srh266sfb06f7f1qzagxzz2ykbw";
|
||||
sha256 = "1nj7wvsdmhpp53yffj1pnrkjn96mxrbcraa6h03wc7dqn9zdfyiv";
|
||||
};
|
||||
|
||||
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
||||
|
|
|
@ -2,9 +2,9 @@
|
|||
|
||||
buildGoPackage rec {
|
||||
name = "skaffold-${version}";
|
||||
version = "0.24.0";
|
||||
# rev is the 0.24.0 commit, mainly for skaffold version command output
|
||||
rev = "6a829c4b29e3a102b0b14c4584cd174f780402e9";
|
||||
version = "0.25.0";
|
||||
# rev is the 0.25.0 commit, mainly for skaffold version command output
|
||||
rev = "0f4b8fe88969e9fa38346934ea6af7c46772d603";
|
||||
|
||||
goPackagePath = "github.com/GoogleContainerTools/skaffold";
|
||||
subPackages = ["cmd/skaffold"];
|
||||
|
@ -20,7 +20,7 @@ buildGoPackage rec {
|
|||
owner = "GoogleContainerTools";
|
||||
repo = "skaffold";
|
||||
rev = "v${version}";
|
||||
sha256 = "0i1gafyi8wlnfpmkivxarvh2kiickz105cdmpjkxya54rhl4c7i7";
|
||||
sha256 = "0adcim029w64494sb3cw14xhv2vf33l8vhwm2wz8mnmr402nbvkx";
|
||||
};
|
||||
|
||||
meta = {
|
||||
|
|
|
@ -0,0 +1,116 @@
|
|||
{ stdenv, fetchurl, glibc, cups, libusb, libxml2, ghostscript, perl }:
|
||||
|
||||
let
|
||||
|
||||
arch = if stdenv.system == "x86_64-linux"
|
||||
then "x86_64"
|
||||
else "i386";
|
||||
|
||||
in stdenv.mkDerivation rec {
|
||||
name = "samsung-unified-linux-driver-${version}";
|
||||
version = "1.00.36";
|
||||
|
||||
src = fetchurl {
|
||||
sha256 = "1a7ngd03x0bkdl7pszy5zqqic0plxvdxqm5w7klr6hbdskx1lir9";
|
||||
url = "http://www.bchemnet.com/suldr/driver/UnifiedLinuxDriver-${version}.tar.gz";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
cups
|
||||
libusb
|
||||
libxml2
|
||||
perl
|
||||
];
|
||||
|
||||
installPhase = ''
|
||||
|
||||
mkdir -p $out/bin
|
||||
cp -R ${arch}/{gettext,pstosecps,rastertospl,smfpnetdiscovery,usbresetter} $out/bin
|
||||
|
||||
mkdir -p $out/etc/sane.d/dll.d/
|
||||
install -m644 noarch/etc/smfp.conf $out/etc/sane.d
|
||||
echo smfp >> $out/etc/sane.d/dll.d/smfp-scanner.conf
|
||||
|
||||
mkdir -p $out/etc/smfp-common/scanner/share/
|
||||
install -m644 noarch/libsane-smfp.cfg $out/etc/smfp-common/scanner/share/
|
||||
install -m644 noarch/pagesize.xml $out/etc/smfp-common/scanner/share/
|
||||
|
||||
mkdir -p $out/etc/samsung/scanner/share/
|
||||
install -m644 noarch/oem.conf $out/etc/samsung/scanner/share/
|
||||
|
||||
mkdir -p $out/lib
|
||||
install -m755 ${arch}/libscmssc.so* $out/lib
|
||||
|
||||
mkdir -p $out/lib/cups/backend
|
||||
ln -s $out/bin/smfpnetdiscovery $out/lib/cups/backend
|
||||
|
||||
mkdir -p $out/lib/cups/filter
|
||||
ln -s $out/bin/{pstosecps,rastertospl} $out/lib/cups/filter
|
||||
ln -s $ghostscript/bin/gs $out/lib/cups/filter
|
||||
|
||||
mkdir -p $out/lib/sane
|
||||
install -m755 ${arch}/libsane-smfp.so* $out/lib/sane
|
||||
ln -s libsane-smfp.so.1.0.1 $out/lib/sane/libsane-smfp.so.1
|
||||
ln -s libsane-smfp.so.1 $out/lib/sane/libsane-smfp.so
|
||||
|
||||
perl -pi -e \
|
||||
's|/opt/smfp-common/scanner/.usedby/|/tmp/\0\0fp-common/scanner/.usedby/|g' \
|
||||
$out/lib/sane/libsane-smfp.so.1.0.1
|
||||
perl -pi -e 's|/opt|/etc|g' \
|
||||
$out/lib/sane/libsane-smfp.so.1.0.1 \
|
||||
$out/bin/rastertospl \
|
||||
noarch/package_utils \
|
||||
noarch/pre_install.sh
|
||||
|
||||
mkdir -p $out/lib/udev/rules.d
|
||||
(
|
||||
OEM_FILE=noarch/oem.conf
|
||||
INSTALL_LOG_FILE=/dev/null
|
||||
. noarch/scripting_utils
|
||||
. noarch/package_utils
|
||||
. noarch/scanner-script.pkg
|
||||
fill_full_template noarch/etc/smfp.rules.in $out/lib/udev/rules.d/60_smfp_samsung.rules
|
||||
chmod -x $out/lib/udev/rules.d/60_smfp_samsung.rules
|
||||
)
|
||||
|
||||
mkdir -p $out/share
|
||||
cp -R noarch/share/* $out/share
|
||||
gzip -9 $out/share/ppd/*.ppd
|
||||
rm -r $out/share/locale/*/*/install.mo
|
||||
|
||||
mkdir -p $out/share/cups
|
||||
cd $out/share/cups
|
||||
ln -s ../ppd .
|
||||
ln -s ppd model
|
||||
'';
|
||||
|
||||
preFixup = ''
|
||||
for bin in "$out/bin/"*; do
|
||||
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "$bin"
|
||||
patchelf --set-rpath "$out/lib:${stdenv.lib.getLib cups}/lib" "$bin"
|
||||
done
|
||||
|
||||
patchelf --set-rpath "$out/lib:${stdenv.lib.getLib cups}/lib" "$out/lib/libscmssc.so"
|
||||
patchelf --set-rpath "$out/lib:${libxml2.out}/lib:${libusb.out}/lib" "$out/lib/sane/libsane-smfp.so.1.0.1"
|
||||
|
||||
ln -s ${stdenv.cc.cc.lib}/lib/libstdc++.so.6 $out/lib/
|
||||
'';
|
||||
|
||||
# all binaries are already stripped
|
||||
dontStrip = true;
|
||||
|
||||
# we did this in prefixup already
|
||||
dontPatchELF = true;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Unified Linux Driver for Samsung printers and scanners";
|
||||
homepage = http://www.bchemnet.com/suldr;
|
||||
downloadPage = http://www.bchemnet.com/suldr/driver/;
|
||||
license = licenses.unfree;
|
||||
|
||||
# Tested on linux-x86_64. Might work on linux-i386.
|
||||
# Probably won't work on anything else.
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ tohl ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,44 @@
|
|||
# the original samsung-unified-linux-driver_1_00_36 has some paths
|
||||
# hardcoded in binary files
|
||||
#
|
||||
# nixos samsung-unified-linux-driver_1_00_36 tries to fix those paths
|
||||
# by patching the binaries
|
||||
#
|
||||
# this module is needed to put the expected files in the new paths
|
||||
#
|
||||
# printing works without problems
|
||||
#
|
||||
# scanning works, except one detail: sometimes it is possible to scan
|
||||
# more pages in sequence. most of the time though, scanning stops
|
||||
# working after one page. this problem happens both with scanimage
|
||||
# and simple-scan. errors indicate an I/O error. scanning works
|
||||
# again after turning the device off and on. atm i have no idea how
|
||||
# to fix this and no time to do more about it.
|
||||
{config, pkgs, lib ? pkgs.lib, ...}:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.samsung-unified-linux-driver_1_00_36;
|
||||
pkg = pkgs.samsung-unified-linux-driver_1_00_36;
|
||||
in {
|
||||
options = {
|
||||
services.samsung-unified-linux-driver_1_00_36 = {
|
||||
enable = mkEnableOption "enable samsung-unified-linux-driver_1_00_36";
|
||||
};
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
services.printing.drivers = [pkg];
|
||||
hardware.sane.extraBackends = [pkg];
|
||||
environment.etc = {
|
||||
"samsung/scanner/share/oem.conf".source
|
||||
= "${pkg}/etc/samsung/scanner/share/oem.conf";
|
||||
"smfp-common/scanner/share/libsane-smfp.cfg".source
|
||||
= "${pkg}/etc/smfp-common/scanner/share/libsane-smfp.cfg";
|
||||
"smfp-common/scanner/share/pagesize.xml".source
|
||||
= "${pkg}/etc/smfp-common/scanner/share/pagesize.xml";
|
||||
"sane.d/smfp.conf".source
|
||||
= "${pkg}/etc/sane.d/smfp.conf";
|
||||
"sane.d/dll.d/smfp-scanner.conf".source
|
||||
= "${pkg}/etc/sane.d/dll.d/smfp-scanner.conf";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -3,19 +3,19 @@
|
|||
}:
|
||||
|
||||
let
|
||||
version = "1.1.0";
|
||||
rev = "a12239148332ca7a0b1c44a93e1585452d3631c9";
|
||||
version = "1.1.1";
|
||||
rev = "af12e2e4da586275ba931eae8f40a2201251bf59";
|
||||
|
||||
baseUrl = "https://emux.cc/versions/${stdenv.lib.substring 0 8 rev}/CCEmuX";
|
||||
jar =
|
||||
if useCCTweaked
|
||||
then fetchurl {
|
||||
url = "${baseUrl}-cct.jar";
|
||||
sha256 = "1i767v3wnb8jsh7ciqqvw548pka1b8vl18k1rdv5dn21la6n0r1d";
|
||||
sha256 = "0d9gzi1h5vz32fp4lfn7dam189jcm7bwbqwmlpj0c47p8l0d4lsv";
|
||||
}
|
||||
else fetchurl {
|
||||
url = "${baseUrl}-cc.jar";
|
||||
sha256 = "0x9hs814ln193cwybd565mcj6vhnii4wirkiz9na7vcas0y5vmmq";
|
||||
sha256 = "0ky5vxh8m1v98zllifxif8xxd25j2xdp19hjnj4xlkck71lbnb34";
|
||||
};
|
||||
|
||||
desktopIcon = fetchurl {
|
||||
|
|
|
@ -1244,6 +1244,17 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
nord-vim = buildVimPluginFrom2Nix {
|
||||
pname = "nord-vim";
|
||||
version = "2019-03-21";
|
||||
src = fetchFromGitHub {
|
||||
owner = "arcticicestudio";
|
||||
repo = "nord-vim";
|
||||
rev = "bfa069b12b3af000b07eb23c01ff516bab452db7";
|
||||
sha256 = "1wyslhazi9vwnk3z68ibd4gswvc340mwnffg9lnpskqi56qpw005";
|
||||
};
|
||||
};
|
||||
|
||||
nvim-cm-racer = buildVimPluginFrom2Nix {
|
||||
pname = "nvim-cm-racer";
|
||||
version = "2017-07-27";
|
||||
|
|
|
@ -11,6 +11,7 @@ andreshazard/vim-logreview
|
|||
andsild/peskcolor.vim
|
||||
andviro/flake8-vim
|
||||
ap/vim-css-color
|
||||
arcticicestudio/nord-vim
|
||||
artur-shaik/vim-javacomplete2
|
||||
bazelbuild/vim-bazel
|
||||
bbchung/clighter8
|
||||
|
|
|
@ -0,0 +1,127 @@
|
|||
{ stdenv, lib, fetchFromGitHub, fetchurl
|
||||
, cmake, pkgconfig, dbus, makeWrapper
|
||||
, gtest
|
||||
, boost
|
||||
, libcap
|
||||
, systemd
|
||||
, mesa
|
||||
, libGL
|
||||
, libglvnd
|
||||
, glib
|
||||
, git
|
||||
, SDL2
|
||||
, SDL2_image
|
||||
, properties-cpp
|
||||
, protobuf
|
||||
, protobufc
|
||||
, python
|
||||
, lxc
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "anbox";
|
||||
version = "2019-03-07";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = pname;
|
||||
repo = pname;
|
||||
rev = "d521e282965462e82465045ab95d4ae1c4619685";
|
||||
sha256 = "1wfx4bsyxvrjl16dq5pqgial8rnnsnxzbak2ap0waddz847czxwz";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
cmake pkgconfig dbus boost libcap gtest systemd mesa glib
|
||||
SDL2 SDL2_image protobuf protobufc properties-cpp lxc python
|
||||
makeWrapper libGL
|
||||
];
|
||||
|
||||
patchPhase = ''
|
||||
patchShebangs scripts
|
||||
|
||||
cat >cmake/FindGMock.cmake <<'EOF'
|
||||
add_library(gtest INTERFACE)
|
||||
target_include_directories(gtest INTERFACE ${gtest.dev}/include)
|
||||
target_link_libraries(gtest INTERFACE ${gtest}/lib/libgtest.so ''${CMAKE_THREAD_LIBS_INIT})
|
||||
add_dependencies(gtest GMock)
|
||||
|
||||
add_library(gtest_main INTERFACE)
|
||||
target_include_directories(gtest_main INTERFACE ${gtest.dev}/include)
|
||||
target_link_libraries(gtest_main INTERFACE ${gtest}/lib/libgtest_main.so gtest)
|
||||
|
||||
add_library(gmock INTERFACE)
|
||||
target_include_directories(gmock INTERFACE ${gtest.dev}/include)
|
||||
target_link_libraries(gmock INTERFACE ${gtest}/lib/libgmock.so gtest)
|
||||
|
||||
add_library(gmock_main INTERFACE)
|
||||
target_include_directories(gmock_main INTERFACE ${gtest.dev}/include)
|
||||
target_link_libraries(gmock_main INTERFACE ${gtest}/lib/libgmock_main.so gmock gtest_main)
|
||||
|
||||
set(GTEST_LIBRARIES gtest)
|
||||
set(GTEST_MAIN_LIBRARIES gtest_main)
|
||||
set(GMOCK_LIBRARIES gmock gmock_main)
|
||||
set(GTEST_BOTH_LIBRARIES ''${GTEST_LIBRARIES} ''${GTEST_MAIN_LIBRARIES})
|
||||
EOF
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
wrapProgram $out/bin/anbox \
|
||||
--prefix LD_LIBRARY_PATH : ${stdenv.lib.makeLibraryPath [libGL libglvnd]} \
|
||||
--prefix PATH : ${git}/bin
|
||||
|
||||
mkdir -p $out/share/dbus-1/services/
|
||||
cat <<END > $out/share/dbus-1/services/org.anbox.service
|
||||
[D-BUS Service]
|
||||
Name=org.anbox
|
||||
Exec=$out/libexec/anbox-session-manager
|
||||
END
|
||||
|
||||
mkdir $out/libexec
|
||||
cat > $out/libexec/anbox-session-manager <<EOF
|
||||
#!${stdenv.shell}
|
||||
exec $out/bin/anbox session-manager
|
||||
EOF
|
||||
chmod +x $out/libexec/anbox-session-manager
|
||||
|
||||
cat > $out/bin/anbox-application-manager <<EOF
|
||||
#!${stdenv.shell}
|
||||
${systemd}/bin/busctl --user call \
|
||||
org.freedesktop.DBus \
|
||||
/org/freedesktop/DBus \
|
||||
org.freedesktop.DBus \
|
||||
StartServiceByName "su" org.anbox 0
|
||||
|
||||
$out/bin/anbox launch --package=org.anbox.appmgr --component=org.anbox.appmgr.AppViewActivity
|
||||
EOF
|
||||
chmod +x $out/bin/anbox-application-manager
|
||||
'';
|
||||
|
||||
passthru.image = let
|
||||
imgroot = "https://build.anbox.io/android-images";
|
||||
arches = {
|
||||
armv7l-linux = {
|
||||
url = imgroot + "/2017/06/12/android_1_armhf.img";
|
||||
sha256 = "1za4q6vnj8wgphcqpvyq1r8jg6khz7v6b7h6ws1qkd5ljangf1w5";
|
||||
};
|
||||
aarch64-linux = {
|
||||
url = imgroot + "/2017/08/04/android_1_arm64.img";
|
||||
sha256 = "02yvgpx7n0w0ya64y5c7bdxilaiqj9z3s682l5s54vzfnm5a2bg5";
|
||||
};
|
||||
x86_64-linux = {
|
||||
url = imgroot + "/2018/07/19/android_amd64.img";
|
||||
sha256 = "1jlcda4q20w30cm9ikm6bjq01p547nigik1dz7m4v0aps4rws13b";
|
||||
};
|
||||
};
|
||||
in
|
||||
fetchurl {
|
||||
inherit (arches.${stdenv.system}) url sha256;
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = https://anbox.io;
|
||||
description = "Android in a box.";
|
||||
license = licenses.gpl2;
|
||||
maintainers = with maintainers; [ edwtjo ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
|
||||
}
|
|
@ -0,0 +1,43 @@
|
|||
{ stdenv, lib, kernel, fetchFromGitHub }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "anbox-modules";
|
||||
version = "2018-09-08-" + kernel.version;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "anbox";
|
||||
repo = "anbox-modules";
|
||||
rev = "27fd47e11ef6eef93738f8f3df3e42c88975544e";
|
||||
sha256 = "1hnf5x5swjcws6mnxmd3byll8l7qsxxj9pgki2k31rbmqqf2sb0x";
|
||||
};
|
||||
|
||||
nativeBuildInputs = kernel.moduleBuildDependencies;
|
||||
|
||||
KERNEL_SRC="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
|
||||
|
||||
buildPhase = ''
|
||||
for d in ashmem binder;do
|
||||
cd $d
|
||||
make
|
||||
cd -
|
||||
done
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
modDir=$out/lib/modules/${kernel.modDirVersion}/kernel/updates/
|
||||
mkdir -p $modDir
|
||||
for d in ashmem binder;do
|
||||
mv $d/$d*.ko $modDir/.
|
||||
done
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Anbox ashmem and binder drivers.";
|
||||
homepage = https://github.com/anbox/anbox-modules;
|
||||
license = licenses.gpl2;
|
||||
platforms = platforms.linux;
|
||||
broken = (versionOlder kernel.version "4.4") || (kernel.features.grsecurity);
|
||||
maintainers = with maintainers; [ edwtjo ];
|
||||
};
|
||||
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, fetchurl, pkgconfig, udev }:
|
||||
{ stdenv, fetchurl, pkgconfig, udev, buildPackages }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "libatasmart-0.19";
|
||||
|
@ -8,6 +8,7 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "138gvgdwk6h4ljrjsr09pxk1nrki4b155hqdzyr8mlk3bwsfmw31";
|
||||
};
|
||||
|
||||
depsBuildBuild = [ buildPackages.stdenv.cc ];
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
buildInputs = [ udev ];
|
||||
|
||||
|
|
|
@ -12,21 +12,13 @@ let
|
|||
in
|
||||
stdenv.mkDerivation rec {
|
||||
name = "sssd-${version}";
|
||||
version = "1.16.3";
|
||||
version = "1.16.4";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://fedorahosted.org/released/sssd/${name}.tar.gz";
|
||||
sha256 = "1i2fq37w0k71xwqcq1i4l3nglmwybc4694xbrccrih33qsh1fpgf";
|
||||
sha256 = "0ngr7cgimyjc6flqkm7psxagp1m4jlzpqkn28pliifbmdg6i5ckb";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "duplicate-case-value.diff";
|
||||
url = "https://github.com/SSSD/sssd/commit/1ee12b05570fcfb8.diff";
|
||||
sha256 = "01y8i8cfs2gydn84097cl5fynx0db8b0vr345gh57ypp84in3ixw";
|
||||
})
|
||||
];
|
||||
|
||||
# Something is looking for <libxml/foo.h> instead of <libxml2/libxml/foo.h>
|
||||
NIX_CFLAGS_COMPILE = "-I${libxml2.dev}/include/libxml2";
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "slurm-${version}";
|
||||
version = "18.08.5.2";
|
||||
version = "18.08.6.2";
|
||||
|
||||
# N.B. We use github release tags instead of https://www.schedmd.com/downloads.php
|
||||
# because the latter does not keep older releases.
|
||||
|
@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
|
|||
repo = "slurm";
|
||||
# The release tags use - instead of .
|
||||
rev = "${builtins.replaceStrings ["."] ["-"] name}";
|
||||
sha256 = "0x1pdq58sdf0m28cai0lcyzvhhjl7l85gq324pwh8fi3zy2h0n4k";
|
||||
sha256 = "0py1795jrgip00k46gr9f9y49gpv5478kc3v68d90nl158fngixc";
|
||||
};
|
||||
|
||||
outputs = [ "out" "dev" ];
|
||||
|
|
|
@ -4,11 +4,11 @@ with python3.pkgs;
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "mautrix-telegram";
|
||||
version = "0.5.0";
|
||||
version = "0.5.1";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "3d5156f205b94dbac76f7eafb0ca732ba16fa568d4440210f7dd4be5c3252dda";
|
||||
sha256 = "51951845e52c4ca5410e0f4a51d99014dd6df2fcedfca8b7241e045359cbf112";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
{ stdenv, lib, fetchgit, cmake, openssl, boost, zlib, rippled }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "rippled-validator-keys-tool-20180927-${builtins.substring 0 7 rev}";
|
||||
rev = "d7774bcc1dc9439c586ea1c175fcd5ff3960b15f";
|
||||
|
||||
src = fetchgit {
|
||||
url = "https://github.com/ripple/validator-keys-tool.git";
|
||||
inherit rev;
|
||||
sha256 = "1hcbwwa21n692qpbm0vqy5jvvnf4aias309610m4kwdsnzfw0902";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
buildInputs = [ openssl boost zlib rippled ];
|
||||
|
||||
hardeningDisable = ["format"];
|
||||
|
||||
preConfigure = ''
|
||||
export CXX="$(command -v $CXX)"
|
||||
export CC="$(command -v $CC)"
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
install -D validator-keys $out/bin/validator-keys
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Generate master and ephemeral rippled validator keys";
|
||||
homepage = https://github.com/ripple/validator-keys-tool;
|
||||
maintainers = with maintainers; [ offline ];
|
||||
license = licenses.isc;
|
||||
platforms = [ "x86_64-linux" ];
|
||||
};
|
||||
}
|
|
@ -33,10 +33,18 @@ stdenv.mkDerivation rec {
|
|||
[ ./4.x-no-persistent-install.patch
|
||||
./patch-source3__libads__kerberos_keytab.c.patch
|
||||
./4.x-no-persistent-install-dynconfig.patch
|
||||
|
||||
# conditionall disable MacOS incompatible tests
|
||||
(fetchpatch {
|
||||
url = "https://patch-diff.githubusercontent.com/raw/samba-team/samba/pull/107.patch";
|
||||
sha256 = "0r6q34vjj0bdzmcbnrkad9rww58k4krbwicv4gs1g3dj49skpvd6";
|
||||
})
|
||||
|
||||
(fetchpatch {
|
||||
name = "CVE-2019-3824.patch";
|
||||
url = "https://attachments.samba.org/attachment.cgi?id=14859";
|
||||
sha256 = "02qf3zr55mzbimqdv01k3b22jjb084vfr5zabapyr5h1f588mw0q";
|
||||
})
|
||||
];
|
||||
|
||||
buildInputs =
|
||||
|
|
|
@ -84,6 +84,11 @@ stdenv.mkDerivation rec {
|
|||
license = licenses.bsd2;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ arobyn ];
|
||||
knownVulnerabilities = [
|
||||
"CVE-2019-1000018"
|
||||
"CVE-2019-3463"
|
||||
"CVE-2019-3464"
|
||||
];
|
||||
};
|
||||
|
||||
passthru = {
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue