public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/staging' into fix/cross-xfsprogs

Browse Source
This commit is contained in:
John Ericson 2018-12-02 12:32:03 -05:00
commit 24270193b7
871 changed files with 10107 additions and 5804 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
doc/coding-conventions.xml
View File

@ -56,25 +56,30 @@ foo { arg = ...; }
or list elements should be aligned: or list elements should be aligned:
<programlisting> <programlisting>
# A long list. # A long list.
list = list = [
[ elem1 elem1
elem2 elem2
elem3 elem3
]; ];
# A long attribute set. # A long attribute set.
attrs =
{ attr1 = short_expr;
attr2 =
if true then big_expr else big_expr;
};
# Alternatively:
attrs = { attrs = {
attr1 = short_expr; attr1 = short_expr;
attr2 = attr2 =
if true then big_expr else big_expr; if true then big_expr else big_expr;
}; };
# Combined
listOfAttrs = [
{
attr1 = 3;
attr2 = "fff";
}
{
attr1 = 5;
attr2 = "ggg";
}
];
</programlisting> </programlisting>
</para> </para>
</listitem> </listitem>

2
doc/cross-compilation.xml
View File

@ -385,7 +385,7 @@ nix-build &lt;nixpkgs&gt; --arg crossSystem '(import &lt;nixpkgs/lib&gt;).system
Eventually we would like to make these platform examples an unnecessary Eventually we would like to make these platform examples an unnecessary
convenience so that convenience so that
<programlisting> <programlisting>
nix-build &lt;nixpkgs&gt; --arg crossSystem.config '&lt;arch&gt;-&lt;os&gt;-&lt;vendor&gt;-&lt;abi&gt;' -A whatever</programlisting> nix-build &lt;nixpkgs&gt; --arg crossSystem '{ config = "&lt;arch&gt;-&lt;os&gt;-&lt;vendor&gt;-&lt;abi&gt;"; }' -A whatever</programlisting>
works in the vast majority of cases. The problem today is dependencies on works in the vast majority of cases. The problem today is dependencies on
other sorts of configuration which aren't given proper defaults. We rely on other sorts of configuration which aren't given proper defaults. We rely on
the examples to crudely to set those configuration parameters in some the examples to crudely to set those configuration parameters in some

11
doc/languages-frameworks/ruby.xml
View File

@ -50,6 +50,17 @@ bundlerEnv rec {
future updates can be run easily. future updates can be run easily.
</para> </para>
<para>
Updating Ruby packages can then be done like this:
</para>
<screen>
<![CDATA[$ cd pkgs/servers/monitoring/sensu
$ nix-shell -p bundler --run 'bundle lock --update'
$ nix-shell -p bundix --run 'bundix'
]]>
</screen>
<para> <para>
For tools written in Ruby - i.e. where the desire is to install a package and For tools written in Ruby - i.e. where the desire is to install a package and
then execute e.g. <command>rake</command> at the command line, there is an then execute e.g. <command>rake</command> at the command line, there is an

43
doc/stdenv.xml
View File

@ -2428,12 +2428,31 @@ addEnvHooks "$hostOffset" myBashFunction
<para> <para>
This is a special setup hook which helps in packaging proprietary This is a special setup hook which helps in packaging proprietary
software in that it automatically tries to find missing shared library software in that it automatically tries to find missing shared library
dependencies of ELF files. All packages within the dependencies of ELF files based on the given
<envar>runtimeDependencies</envar> environment variable are <varname>buildInputs</varname> and <varname>nativeBuildInputs</varname>.
unconditionally added to executables, which is useful for programs that </para>
use <citerefentry> <para>
<refentrytitle>dlopen</refentrytitle> You can also specify a <envar>runtimeDependencies</envar> environment
<manvolnum>3</manvolnum> </citerefentry> to load libraries at runtime. variable which lists dependencies that are unconditionally added to all
executables.
</para>
<para>
This is useful for programs that use <citerefentry>
<refentrytitle>dlopen</refentrytitle>
<manvolnum>3</manvolnum>
</citerefentry> to load libraries at runtime.
</para>
<para>
In certain situations you may want to run the main command
(<command>autoPatchelf</command>) of the setup hook on a file or a set
of directories instead of unconditionally patching all outputs. This
can be done by setting the <envar>dontAutoPatchelf</envar> environment
variable to a non-empty value.
</para>
<para>
The <command>autoPatchelf</command> command also recognizes a
<parameter class="command">--no-recurse</parameter> command line flag,
which prevents it from recursing into subdirectories.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2455,7 +2474,17 @@ addEnvHooks "$hostOffset" myBashFunction
use the cntr exec subcommand. Note that <command>cntr</command> also use the cntr exec subcommand. Note that <command>cntr</command> also
needs to be executed on the machine that is doing the build, which might needs to be executed on the machine that is doing the build, which might
be not the case when remote builders are enabled. be not the case when remote builders are enabled.
<command>cntr</command> is only supported on linux based platforms. <command>cntr</command> is only supported on Linux-based platforms. To
use it first add <literal>cntr</literal> to your
<literal>environment.systemPackages</literal> on NixOS or alternatively to
the root user on non-NixOS systems. Then in the package that is supposed
to be inspected, add <literal>breakpointHook</literal> to
<literal>nativeBuildInputs</literal>.
<programlisting>
nativeBuildInputs = [ breakpointHook ];
</programlisting>
When a build failure happens there will be an instruction printed that
shows how to attach with <literal>cntr</literal> to the build sandbox.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>

40
lib/systems/default.nix
View File

@ -66,6 +66,46 @@ rec {
# uname -r # uname -r
release = null; release = null;
}; };
qemuArch =
if final.isArm then "arm"
else if final.isx86_64 then "x86_64"
else if final.isx86 then "i386"
else {
"powerpc" = "ppc";
"powerpc64" = "ppc64";
"powerpc64le" = "ppc64";
"mips64" = "mips";
"mipsel64" = "mipsel";
}.${final.parsed.cpu.name} or final.parsed.cpu.name;
emulator = pkgs: let
qemu-user = pkgs.qemu.override {
smartcardSupport = false;
spiceSupport = false;
openGLSupport = false;
virglSupport = false;
vncSupport = false;
gtkSupport = false;
sdlSupport = false;
pulseSupport = false;
smbdSupport = false;
seccompSupport = false;
hostCpuTargets = ["${final.qemuArch}-linux-user"];
};
wine-name = "wine${toString final.parsed.cpu.bits}";
wine = (pkgs.winePackagesFor wine-name).minimal;
in
if final.parsed.kernel.name == pkgs.stdenv.hostPlatform.parsed.kernel.name &&
(final.parsed.cpu.name == pkgs.stdenv.hostPlatform.parsed.cpu.name ||
(final.platform.isi686 && pkgs.stdenv.hostPlatform.isx86_64))
then pkgs.runtimeShell
else if final.isWindows
then "${wine}/bin/${wine-name}"
else if final.isLinux && pkgs.stdenv.hostPlatform.isLinux
then "${qemu-user}/bin/qemu-${final.qemuArch}"
else throw "Don't know how to run ${final.config} executables.";
} // mapAttrs (n: v: v final.parsed) inspect.predicates } // mapAttrs (n: v: v final.parsed) inspect.predicates
// args; // args;
in assert final.useAndroidPrebuilt -> final.isAndroid; in assert final.useAndroidPrebuilt -> final.isAndroid;

13
lib/systems/examples.nix
View File

@ -2,7 +2,14 @@
# `crossSystem`. They are put here for user convenience, but also used by cross # `crossSystem`. They are put here for user convenience, but also used by cross
# tests and linux cross stdenv building, so handle with care! # tests and linux cross stdenv building, so handle with care!
{ lib }: { lib }:
let platforms = import ./platforms.nix { inherit lib; }; in let
platforms = import ./platforms.nix { inherit lib; };
riscv = bits: {
config = "riscv${bits}-unknown-linux-gnu";
platform = platforms.riscv-multiplatform bits;
};
in
rec { rec {
# #
@ -92,10 +99,6 @@ rec {
musl64 = { config = "x86_64-unknown-linux-musl"; }; musl64 = { config = "x86_64-unknown-linux-musl"; };
musl32 = { config = "i686-unknown-linux-musl"; }; musl32 = { config = "i686-unknown-linux-musl"; };
riscv = bits: {
config = "riscv${bits}-unknown-linux-gnu";
platform = platforms.riscv-multiplatform bits;
};
riscv64 = riscv "64"; riscv64 = riscv "64";
riscv32 = riscv "32"; riscv32 = riscv "32";

19
nixos/doc/manual/configuration/modularity.xml
View File

@ -127,4 +127,23 @@ nix-repl> map (x: x.hostName) config.<xref linkend="opt-services.httpd.virtualHo
[ "example.org" "example.gov" ] [ "example.org" "example.gov" ]
</screen> </screen>
</para> </para>
<para>
While abstracting your configuration, you may find it useful to generate
modules using code, instead of writing files. The example
below would have the same effect as importing a file which sets those
options.
<screen>
{ config, pkgs, ... }:
let netConfig = { hostName }: {
networking.hostName = hostName;
networking.useDHCP = false;
};
in
{ imports = [ (netConfig "nixos.localdomain") ]; }
</screen>
</para>
</section> </section>

2
nixos/doc/manual/development/running-nixos-tests-interactively.xml
View File

@ -19,7 +19,7 @@ starting VDE switch for network 1
&gt; startAll &gt; startAll
&gt; testScript &gt; testScript
&gt; $machine->succeed("touch /tmp/foo") &gt; $machine->succeed("touch /tmp/foo")
&gt; print($machine->succeed("pwd"), "\n") # Show stdout of command &gt; print($machine->succeed("pwd")) # Show stdout of command
</screen> </screen>
The function <command>testScript</command> executes the entire test script The function <command>testScript</command> executes the entire test script
and drops you back into the test driver command line upon its completion. and drops you back into the test driver command line upon its completion.

2
nixos/doc/manual/development/writing-nixos-tests.xml
View File

@ -108,7 +108,7 @@ xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualis
<programlisting> <programlisting>
$machine->start; $machine->start;
$machine->waitForUnit("default.target"); $machine->waitForUnit("default.target");
die unless $machine->succeed("uname") =~ /Linux/; $machine->succeed("uname") =~ /Linux/ or die;
</programlisting> </programlisting>
The first line is actually unnecessary; machines are implicitly started when The first line is actually unnecessary; machines are implicitly started when
you first execute an action on them (such as <literal>waitForUnit</literal> you first execute an action on them (such as <literal>waitForUnit</literal>

28
nixos/doc/manual/release-notes/rl-1903.xml
View File

@ -111,6 +111,16 @@
without Syncthing resetting the permission on every start. without Syncthing resetting the permission on every start.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>ntp</literal> module now has sane default restrictions.
If you're relying on the previous defaults, which permitted all queries
and commands from all firewall-permitted sources, you can set
<varname>services.ntp.restrictDefault</varname> and
<varname>services.ntp.restrictSource</varname> to
<literal>[]</literal>.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Package <varname>rabbitmq_server</varname> is renamed to Package <varname>rabbitmq_server</varname> is renamed to
@ -231,8 +241,22 @@
(<literal>networking.firewall.interfaces.default.*</literal>), and assigning (<literal>networking.firewall.interfaces.default.*</literal>), and assigning
to this pseudo device will override the (<literal>networking.firewall.allow*</literal>) to this pseudo device will override the (<literal>networking.firewall.allow*</literal>)
options. options.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
GitLab Shell previously used the nix store paths for the
<literal>gitlab-shell</literal> command in its
<literal>authorized_keys</literal> file, which might stop working after
garbage collection. To circumvent that, we regenerated that file on each
startup. As <literal>gitlab-shell</literal> has now been changed to use
<literal>/var/run/current-system/sw/bin/gitlab-shell</literal>, this is
not necessary anymore, but there might be leftover lines with a nix store
path. Regenerate the <literal>authorized_keys</literal> file via
<command>sudo -u git -H gitlab-rake gitlab:shell:setup</command> in that
case.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>

20
nixos/lib/make-system-tarball.nix
View File

@ -1,4 +1,4 @@
{ stdenv, perl, pixz, pathsFromGraph { stdenv, closureInfo, pixz
, # The file name of the resulting tarball , # The file name of the resulting tarball
fileName ? "nixos-system-${stdenv.hostPlatform.system}" fileName ? "nixos-system-${stdenv.hostPlatform.system}"
@ -29,24 +29,28 @@
, extraInputs ? [ pixz ] , extraInputs ? [ pixz ]
}: }:
let
symlinks = map (x: x.symlink) storeContents;
objects = map (x: x.object) storeContents;
in
stdenv.mkDerivation { stdenv.mkDerivation {
name = "tarball"; name = "tarball";
builder = ./make-system-tarball.sh; builder = ./make-system-tarball.sh;
buildInputs = [ perl ] ++ extraInputs; buildInputs = extraInputs;
inherit fileName pathsFromGraph extraArgs extraCommands compressCommand; inherit fileName extraArgs extraCommands compressCommand;
# !!! should use XML. # !!! should use XML.
sources = map (x: x.source) contents; sources = map (x: x.source) contents;
targets = map (x: x.target) contents; targets = map (x: x.target) contents;
# !!! should use XML. # !!! should use XML.
objects = map (x: x.object) storeContents; inherit symlinks objects;
symlinks = map (x: x.symlink) storeContents;
# For obtaining the closure of `storeContents'. closureInfo = closureInfo {
exportReferencesGraph = rootPaths = objects;
map (x: [("closure-" + baseNameOf x.object) x.object]) storeContents; };
extension = compressionExtension; extension = compressionExtension;
} }

9
nixos/lib/make-system-tarball.sh
View File

@ -3,7 +3,6 @@ source $stdenv/setup
sources_=($sources) sources_=($sources)
targets_=($targets) targets_=($targets)
echo $objects
objects=($objects) objects=($objects)
symlinks=($symlinks) symlinks=($symlinks)
@ -14,8 +13,6 @@ stripSlash() {
if test "${res:0:1}" = /; then res=${res:1}; fi if test "${res:0:1}" = /; then res=${res:1}; fi
} }
touch pathlist
# Add the individual files. # Add the individual files.
for ((i = 0; i < ${#targets_[@]}; i++)); do for ((i = 0; i < ${#targets_[@]}; i++)); do
stripSlash "${targets_[$i]}" stripSlash "${targets_[$i]}"
@ -25,9 +22,9 @@ done
# Add the closures of the top-level store objects. # Add the closures of the top-level store objects.
chmod +w .
mkdir -p nix/store mkdir -p nix/store
storePaths=$(perl $pathsFromGraph closure-*) for i in $(< $closureInfo/store-paths); do
for i in $storePaths; do
cp -a "$i" "${i:1}" cp -a "$i" "${i:1}"
done done
@ -35,7 +32,7 @@ done
# TODO tar ruxo # TODO tar ruxo
# Also include a manifest of the closures in a format suitable for # Also include a manifest of the closures in a format suitable for
# nix-store --load-db. # nix-store --load-db.
printRegistration=1 perl $pathsFromGraph closure-* > nix-path-registration cp $closureInfo/registration nix-path-registration
# Add symlinks to the top-level store objects. # Add symlinks to the top-level store objects.
for ((n = 0; n < ${#objects[*]}; n++)); do for ((n = 0; n < ${#objects[*]}; n++)); do

2
nixos/lib/testing.nix
View File

@ -1,5 +1,5 @@
{ system { system
, pkgs , pkgs ? import ../.. { inherit system config; }
# Use a minimal kernel? # Use a minimal kernel?
, minimal ? false , minimal ? false
# Ignored # Ignored

4
nixos/maintainers/scripts/gce/create-gce.sh
View File

@ -7,9 +7,9 @@ BUCKET_NAME="${BUCKET_NAME:-nixos-cloud-images}"
TIMESTAMP="$(date +%Y%m%d%H%M)" TIMESTAMP="$(date +%Y%m%d%H%M)"
export TIMESTAMP export TIMESTAMP
nix-build '<nixpkgs/nixos>' \ nix-build '<nixpkgs/nixos/lib/eval-config.nix>' \
-A config.system.build.googleComputeImage \ -A config.system.build.googleComputeImage \
--arg configuration "{ imports = [ <nixpkgs/nixos/modules/virtualisation/google-compute-image.nix> ]; }" \ --arg modules "[ <nixpkgs/nixos/modules/virtualisation/google-compute-image.nix> ]" \
--argstr system x86_64-linux \ --argstr system x86_64-linux \
-o gce \ -o gce \
-j 10 -j 10

14
nixos/modules/config/i18n.nix
View File

@ -34,6 +34,17 @@ with lib;
''; '';
}; };
extraLocaleSettings = mkOption {
type = types.attrsOf types.str;
default = {};
example = { LC_MESSAGES = "en_US.UTF-8"; LC_TIME = "de_DE.UTF-8"; };
description = ''
A set of additional system-wide locale settings other than
<literal>LANG</literal> which can be configured with
<option>i18n.defaultLocale</option>.
'';
};
supportedLocales = mkOption { supportedLocales = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = ["all"]; default = ["all"];
@ -129,7 +140,7 @@ with lib;
environment.sessionVariables = environment.sessionVariables =
{ LANG = config.i18n.defaultLocale; { LANG = config.i18n.defaultLocale;
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
}; } // config.i18n.extraLocaleSettings;
systemd.globalEnvironment = mkIf (config.i18n.supportedLocales != []) { systemd.globalEnvironment = mkIf (config.i18n.supportedLocales != []) {
LOCALE_ARCHIVE = "${config.i18n.glibcLocales}/lib/locale/locale-archive"; LOCALE_ARCHIVE = "${config.i18n.glibcLocales}/lib/locale/locale-archive";
@ -141,6 +152,7 @@ with lib;
source = pkgs.writeText "locale.conf" source = pkgs.writeText "locale.conf"
'' ''
LANG=${config.i18n.defaultLocale} LANG=${config.i18n.defaultLocale}
${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}
''; '';
}; };

2
nixos/modules/config/no-x-libs.nix
View File

@ -35,7 +35,7 @@ with lib;
networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; }; networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; };
networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; }; networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; };
pinentry = super.pinentry_ncurses; pinentry = super.pinentry_ncurses;
gobjectIntrospection = super.gobjectIntrospection.override { x11Support = false; }; gobject-introspection = super.gobject-introspection.override { x11Support = false; };
})); }));
}; };
} }

4
nixos/modules/hardware/raid/hpsa.nix
View File

@ -8,7 +8,7 @@ let
version = "2.40-13.0"; version = "2.40-13.0";
src = pkgs.fetchurl { src = pkgs.fetchurl {
url = "http://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/${name}_amd64.deb"; url = "https://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/${name}_amd64.deb";
sha256 = "11w7fwk93lmfw0yya4jpjwdmgjimqxx6412sqa166g1pz4jil4sw"; sha256 = "11w7fwk93lmfw0yya4jpjwdmgjimqxx6412sqa166g1pz4jil4sw";
}; };
@ -34,7 +34,7 @@ let
meta = with lib; { meta = with lib; {
description = "HP Smart Array CLI"; description = "HP Smart Array CLI";
homepage = http://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/; homepage = https://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/;
license = licenses.unfreeRedistributable; license = licenses.unfreeRedistributable;
platforms = [ "x86_64-linux" ]; platforms = [ "x86_64-linux" ];
maintainers = with maintainers; [ volth ]; maintainers = with maintainers; [ volth ];

4
nixos/modules/installer/cd-dvd/sd-image.nix
View File

@ -134,7 +134,9 @@ in
${config.sdImage.populateBootCommands} ${config.sdImage.populateBootCommands}
# Copy the populated /boot into the SD image # Copy the populated /boot into the SD image
(cd boot; mcopy -bpsvm -i ../bootpart.img ./* ::) (cd boot; mcopy -psvm -i ../bootpart.img ./* ::)
# Verify the FAT partition before copying it.
fsck.vfat -vn bootpart.img
dd conv=notrunc if=bootpart.img of=$img seek=$START count=$SECTORS dd conv=notrunc if=bootpart.img of=$img seek=$START count=$SECTORS
''; '';
}) {}; }) {};

4
nixos/modules/misc/ids.nix
View File

@ -175,7 +175,7 @@
dnsmasq = 141; dnsmasq = 141;
uhub = 142; uhub = 142;
yandexdisk = 143; yandexdisk = 143;
#collectd = 144; #unused mxisd = 144; # was once collectd
consul = 145; consul = 145;
mailpile = 146; mailpile = 146;
redmine = 147; redmine = 147;
@ -484,7 +484,7 @@
#dnsmasq = 141; # unused #dnsmasq = 141; # unused
uhub = 142; uhub = 142;
#yandexdisk = 143; # unused #yandexdisk = 143; # unused
#collectd = 144; # unused mxisd = 144; # was once collectd
#consul = 145; # unused #consul = 145; # unused
mailpile = 146; mailpile = 146;
redmine = 147; redmine = 147;

3
nixos/modules/module-list.nix
View File

@ -246,6 +246,7 @@
./services/desktops/gnome3/gnome-documents.nix ./services/desktops/gnome3/gnome-documents.nix
./services/desktops/gnome3/gnome-keyring.nix ./services/desktops/gnome3/gnome-keyring.nix
./services/desktops/gnome3/gnome-online-accounts.nix ./services/desktops/gnome3/gnome-online-accounts.nix
./services/desktops/gnome3/gnome-remote-desktop.nix
./services/desktops/gnome3/gnome-online-miners.nix ./services/desktops/gnome3/gnome-online-miners.nix
./services/desktops/gnome3/gnome-terminal-server.nix ./services/desktops/gnome3/gnome-terminal-server.nix
./services/desktops/gnome3/gnome-user-share.nix ./services/desktops/gnome3/gnome-user-share.nix
@ -332,6 +333,7 @@
./services/mail/rspamd.nix ./services/mail/rspamd.nix
./services/mail/rss2email.nix ./services/mail/rss2email.nix
./services/mail/rmilter.nix ./services/mail/rmilter.nix
./services/mail/roundcube.nix
./services/mail/nullmailer.nix ./services/mail/nullmailer.nix
./services/misc/airsonic.nix ./services/misc/airsonic.nix
./services/misc/apache-kafka.nix ./services/misc/apache-kafka.nix
@ -560,6 +562,7 @@
./services/networking/miredo.nix ./services/networking/miredo.nix
./services/networking/mstpd.nix ./services/networking/mstpd.nix
./services/networking/murmur.nix ./services/networking/murmur.nix
./services/networking/mxisd.nix
./services/networking/namecoind.nix ./services/networking/namecoind.nix
./services/networking/nat.nix ./services/networking/nat.nix
./services/networking/ndppd.nix ./services/networking/ndppd.nix

2
nixos/modules/profiles/base.nix
View File

@ -49,7 +49,7 @@
]; ];
# Include support for various filesystems. # Include support for various filesystems.
boot.supportedFilesystems = [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; boot.supportedFilesystems = [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "zfs" "ntfs" "cifs" ];
# Configure host id for ZFS to work # Configure host id for ZFS to work
networking.hostId = lib.mkDefault "8425e349"; networking.hostId = lib.mkDefault "8425e349";

16
nixos/modules/profiles/docker-container.nix
View File

@ -15,15 +15,19 @@ in {
# Create the tarball # Create the tarball
system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix { system.build.tarball = pkgs.callPackage ../../lib/make-system-tarball.nix {
contents = []; contents = [
{
source = "${config.system.build.toplevel}/.";
target = "./";
}
];
extraArgs = "--owner=0"; extraArgs = "--owner=0";
# Add init script to image # Add init script to image
storeContents = [ storeContents = pkgs2storeContents [
{ object = config.system.build.toplevel + "/init"; config.system.build.toplevel
symlink = "/init"; pkgs.stdenv
} ];
] ++ (pkgs2storeContents [ pkgs.stdenv ]);
# Some container managers like lxc need these # Some container managers like lxc need these
extraCommands = "mkdir -p proc sys dev"; extraCommands = "mkdir -p proc sys dev";

2
nixos/modules/profiles/hardened.nix
View File

@ -12,6 +12,8 @@ with lib;
boot.kernelPackages = mkDefault pkgs.linuxPackages_hardened; boot.kernelPackages = mkDefault pkgs.linuxPackages_hardened;
nix.allowedUsers = mkDefault [ "@users" ];
security.hideProcessInformation = mkDefault true; security.hideProcessInformation = mkDefault true;
security.lockKernelModules = mkDefault true; security.lockKernelModules = mkDefault true;

2
nixos/modules/programs/sway-beta.nix
View File

@ -8,7 +8,7 @@ let
swayWrapped = pkgs.writeShellScriptBin "sway" '' swayWrapped = pkgs.writeShellScriptBin "sway" ''
${cfg.extraSessionCommands} ${cfg.extraSessionCommands}
exec ${pkgs.dbus.dbus-launch} --exit-with-session ${swayPackage}/bin/sway exec ${pkgs.dbus.dbus-launch} --exit-with-session ${swayPackage}/bin/sway "$@"
''; '';
swayJoined = pkgs.symlinkJoin { swayJoined = pkgs.symlinkJoin {
name = "sway-joined"; name = "sway-joined";

2
nixos/modules/services/backup/borgbackup.nix
View File

@ -191,7 +191,7 @@ in {
options = { options = {
paths = mkOption { paths = mkOption {
type = with types; either path (nonEmptyListOf path); type = with types; either path (listOf str);
description = "Path(s) to back up."; description = "Path(s) to back up.";
example = "/home/user"; example = "/home/user";
apply = x: if isList x then x else [ x ]; apply = x: if isList x then x else [ x ];

8
nixos/modules/services/cluster/kubernetes/default.nix
View File

@ -784,7 +784,7 @@ in {
clusterCidr = mkOption { clusterCidr = mkOption {
description = "Kubernetes controller manager and proxy CIDR Range for Pods in cluster."; description = "Kubernetes controller manager and proxy CIDR Range for Pods in cluster.";
default = "10.1.0.0/16"; default = "10.1.0.0/16";
type = types.str; type = types.nullOr types.str;
}; };
flannel.enable = mkOption { flannel.enable = mkOption {
@ -1018,9 +1018,9 @@ in {
${if (cfg.controllerManager.rootCaFile!=null) ${if (cfg.controllerManager.rootCaFile!=null)
then "--root-ca-file=${cfg.controllerManager.rootCaFile}" then "--root-ca-file=${cfg.controllerManager.rootCaFile}"
else "--root-ca-file=/var/run/kubernetes/apiserver.crt"} \ else "--root-ca-file=/var/run/kubernetes/apiserver.crt"} \
${optionalString (cfg.clusterCidr!=null) ${if (cfg.clusterCidr!=null)
"--cluster-cidr=${cfg.clusterCidr}"} \ then "--cluster-cidr=${cfg.clusterCidr} --allocate-node-cidrs=true"
--allocate-node-cidrs=true \ else "--allocate-node-cidrs=false"} \
${optionalString (cfg.controllerManager.featureGates != []) ${optionalString (cfg.controllerManager.featureGates != [])
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.controllerManager.featureGates}"} \ "--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.controllerManager.featureGates}"} \
${optionalString cfg.verbose "--v=6"} \ ${optionalString cfg.verbose "--v=6"} \

3
nixos/modules/services/databases/postgresql.nix
View File

@ -238,6 +238,9 @@ in
User = "postgres"; User = "postgres";
Group = "postgres"; Group = "postgres";
PermissionsStartOnly = true; PermissionsStartOnly = true;
Type = if lib.versionAtLeast cfg.package.version "9.6"
then "notify"
else "simple";
# Shut down Postgres using SIGINT ("Fast Shutdown mode"). See # Shut down Postgres using SIGINT ("Fast Shutdown mode"). See
# http://www.postgresql.org/docs/current/static/server-shutdown.html # http://www.postgresql.org/docs/current/static/server-shutdown.html

18
nixos/modules/services/desktops/gnome3/gnome-remote-desktop.nix Normal file
View File

@ -0,0 +1,18 @@
# Remote desktop daemon using Pipewire.
{ config, lib, pkgs, ... }:
with lib;
{
###### interface
options = {
services.gnome3.gnome-remote-desktop = {
enable = mkEnableOption "Remote Desktop support using Pipewire";
};
};
###### implementation
config = mkIf config.services.gnome3.gnome-remote-desktop.enable {
systemd.packages = [ pkgs.gnome3.gnome-remote-desktop ];
};
}

153
nixos/modules/services/mail/roundcube.nix Normal file
View File

@ -0,0 +1,153 @@
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.services.roundcube;
in
{
options.services.roundcube = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable roundcube.
Also enables nginx virtual host management.
Further nginx configuration can be done by adapting <literal>services.nginx.virtualHosts.&lt;name&gt;</literal>.
See <xref linkend="opt-services.nginx.virtualHosts"/> for further information.
'';
};
hostName = mkOption {
type = types.str;
example = "webmail.example.com";
description = "Hostname to use for the nginx vhost";
};
database = {
username = mkOption {
type = types.str;
default = "roundcube";
description = "Username for the postgresql connection";
};
host = mkOption {
type = types.str;
default = "localhost";
description = ''
Host of the postgresql server. If this is not set to
<literal>localhost</literal>, you have to create the
postgresql user and database yourself, with appropriate
permissions.
'';
};
password = mkOption {
type = types.str;
description = "Password for the postgresql connection";
};
dbname = mkOption {
type = types.str;
default = "roundcube";
description = "Name of the postgresql database";
};
};
plugins = mkOption {
type = types.listOf types.str;
default = [];
description = ''
List of roundcube plugins to enable. Currently, only those directly shipped with Roundcube are supported.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra configuration for roundcube webmail instance";
};
};
config = mkIf cfg.enable {
environment.etc."roundcube/config.inc.php".text = ''
<?php
$config = array();
$config['db_dsnw'] = 'pgsql://${cfg.database.username}:${cfg.database.password}@${cfg.database.host}/${cfg.database.dbname}';
$config['log_driver'] = 'syslog';
$config['max_message_size'] = '25M';
$config['plugins'] = [${concatMapStringsSep "," (p: "'${p}'") cfg.plugins}];
${cfg.extraConfig}
'';
services.nginx = {
enable = true;
virtualHosts = {
${cfg.hostName} = {
forceSSL = mkDefault true;
enableACME = mkDefault true;
locations."/" = {
root = pkgs.roundcube;
index = "index.php";
extraConfig = ''
location ~* \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/phpfpm/roundcube;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
}
'';
};
};
};
};
services.postgresql = mkIf (cfg.database.host == "localhost") {
enable = true;
};
services.phpfpm.poolConfigs.roundcube = ''
listen = /run/phpfpm/roundcube
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
user = nginx
pm = dynamic
pm.max_children = 75
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 20
pm.max_requests = 500
php_admin_value[error_log] = 'stderr'
php_admin_flag[log_errors] = on
php_admin_value[post_max_size] = 25M
php_admin_value[upload_max_filesize] = 25M
catch_workers_output = yes
'';
systemd.services.phpfpm-roundcube.after = [ "roundcube-setup.service" ];
systemd.services.roundcube-setup = let
pgSuperUser = config.services.postgresql.superUser;
in {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
path = [ config.services.postgresql.package ];
script = ''
mkdir -p /var/lib/roundcube
if [ ! -f /var/lib/roundcube/db-created ]; then
if [ "${cfg.database.host}" = "localhost" ]; then
${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql postgres -c "create role ${cfg.database.username} with login password '${cfg.database.password}'";
${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql postgres -c "create database ${cfg.database.dbname} with owner ${cfg.database.username}";
fi
PGPASSWORD=${cfg.database.password} ${pkgs.postgresql}/bin/psql -U ${cfg.database.username} \
-f ${pkgs.roundcube}/SQL/postgres.initial.sql \
-h ${cfg.database.host} ${cfg.database.dbname}
touch /var/lib/roundcube/db-created
fi
${pkgs.php}/bin/php ${pkgs.roundcube}/bin/update.sh
'';
serviceConfig.Type = "oneshot";
};
};
}

17
nixos/modules/services/mail/rspamd.nix
View File

@ -45,7 +45,9 @@ let
else "${config.socket}${maybeOption "mode"}${maybeOption "owner"}${maybeOption "group"}"; else "${config.socket}${maybeOption "mode"}${maybeOption "owner"}${maybeOption "group"}";
}; };
workerOpts = { name, ... }: { traceWarning = w: x: builtins.trace "warning: ${w}" x;
workerOpts = { name, options, ... }: {
options = { options = {
enable = mkOption { enable = mkOption {
type = types.nullOr types.bool; type = types.nullOr types.bool;
@ -59,9 +61,18 @@ let
}; };
type = mkOption { type = mkOption {
type = types.nullOr (types.enum [ type = types.nullOr (types.enum [
"normal" "controller" "fuzzy_storage" "rspamd_proxy" "lua" "normal" "controller" "fuzzy_storage" "rspamd_proxy" "lua" "proxy"
]); ]);
description = "The type of this worker"; description = ''
The type of this worker. The type <literal>proxy</literal> is
deprecated and only kept for backwards compatibility and should be
replaced with <literal>rspamd_proxy</literal>.
'';
apply = let
from = "services.rspamd.workers.\”${name}\".type";
files = options.type.files;
warning = "The option `${from}` defined in ${showFiles files} has enum value `proxy` which has been renamed to `rspamd_proxy`";
in x: if x == "proxy" then traceWarning warning "rspamd_proxy" else x;
}; };
bindSockets = mkOption { bindSockets = mkOption {
type = types.listOf (types.either types.str (types.submodule bindSocketOpts)); type = types.listOf (types.either types.str (types.submodule bindSocketOpts));

4
nixos/modules/services/misc/gitlab.nix
View File

@ -609,10 +609,6 @@ in {
touch "${cfg.statePath}/db-seeded" touch "${cfg.statePath}/db-seeded"
fi fi
# The gitlab:shell:setup regenerates the authorized_keys file so that
# the store path to the gitlab-shell in it gets updated
${pkgs.sudo}/bin/sudo -u ${cfg.user} -H force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup
# The gitlab:shell:create_hooks task seems broken for fixing links # The gitlab:shell:create_hooks task seems broken for fixing links
# so we instead delete all the hooks and create them anew # so we instead delete all the hooks and create them anew
rm -f ${cfg.statePath}/repositories/**/*.git/hooks rm -f ${cfg.statePath}/repositories/**/*.git/hooks

2
nixos/modules/services/monitoring/apcupsd.nix
View File

@ -180,7 +180,7 @@ in
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = "${pkgs.apcupsd}/bin/apcupsd --killpower -f ${configFile}"; ExecStart = "${pkgs.apcupsd}/bin/apcupsd --killpower -f ${configFile}";
TimeoutSec = 0; TimeoutSec = "infinity";
StandardOutput = "tty"; StandardOutput = "tty";
RemainAfterExit = "yes"; RemainAfterExit = "yes";
}; };

2
nixos/modules/services/monitoring/osquery.nix
View File

@ -78,7 +78,7 @@ in
mkdir -p "$(dirname ${escapeShellArg cfg.databasePath})" mkdir -p "$(dirname ${escapeShellArg cfg.databasePath})"
''; '';
serviceConfig = { serviceConfig = {
TimeoutStartSec = 0; TimeoutStartSec = "infinity";
ExecStart = "${pkgs.osquery}/bin/osqueryd --logger_path ${escapeShellArg cfg.loggerPath} --pidfile ${escapeShellArg cfg.pidfile} --database_path ${escapeShellArg cfg.databasePath}"; ExecStart = "${pkgs.osquery}/bin/osqueryd --logger_path ${escapeShellArg cfg.loggerPath} --pidfile ${escapeShellArg cfg.pidfile} --database_path ${escapeShellArg cfg.databasePath}";
KillMode = "process"; KillMode = "process";
KillSignal = "SIGTERM"; KillSignal = "SIGTERM";

2
nixos/modules/services/monitoring/systemhealth.nix
View File

@ -8,7 +8,7 @@ let
systemhealth = with pkgs; stdenv.mkDerivation { systemhealth = with pkgs; stdenv.mkDerivation {
name = "systemhealth-1.0"; name = "systemhealth-1.0";
src = fetchurl { src = fetchurl {
url = "http://www.brianlane.com/static/downloads/systemhealth/systemhealth-1.0.tar.bz2"; url = "https://www.brianlane.com/downloads/systemhealth/systemhealth-1.0.tar.bz2";
sha256 = "1q69lz7hmpbdpbz36zb06nzfkj651413n9icx0njmyr3xzq1j9qy"; sha256 = "1q69lz7hmpbdpbz36zb06nzfkj651413n9icx0njmyr3xzq1j9qy";
}; };
buildInputs = [ python ]; buildInputs = [ python ];

2
nixos/modules/services/networking/consul.nix
View File

@ -185,7 +185,7 @@ in
PermissionsStartOnly = true; PermissionsStartOnly = true;
User = if cfg.dropPrivileges then "consul" else null; User = if cfg.dropPrivileges then "consul" else null;
Restart = "on-failure"; Restart = "on-failure";
TimeoutStartSec = "0"; TimeoutStartSec = "infinity";
} // (optionalAttrs (cfg.leaveOnStop) { } // (optionalAttrs (cfg.leaveOnStop) {
ExecStop = "${cfg.package.bin}/bin/consul leave"; ExecStop = "${cfg.package.bin}/bin/consul leave";
}); });

10
nixos/modules/services/networking/flashpolicyd.nix
View File

@ -11,7 +11,7 @@ let
src = pkgs.fetchurl { src = pkgs.fetchurl {
name = "flashpolicyd_v0.6.zip"; name = "flashpolicyd_v0.6.zip";
url = "http://www.adobe.com/content/dotcom/en/devnet/flashplayer/articles/socket_policy_files/_jcr_content/articlePrerequistes/multiplefiles/node_1277808777771/file.res/flashpolicyd_v0.6%5B1%5D.zip"; url = "https://download.adobe.com/pub/adobe/devnet/flashplayer/articles/socket_policy_files/flashpolicyd_v0.6.zip";
sha256 = "16zk237233npwfq1m4ksy4g5lzy1z9fp95w7pz0cdlpmv0fv9sm3"; sha256 = "16zk237233npwfq1m4ksy4g5lzy1z9fp95w7pz0cdlpmv0fv9sm3";
}; };
@ -35,9 +35,9 @@ in
###### interface ###### interface
options = { options = {
services.flashpolicyd = { services.flashpolicyd = {
enable = mkOption { enable = mkOption {
default = false; default = false;
description = description =
@ -47,13 +47,13 @@ in
connections to your server. connections to your server.
''; '';
}; };
policy = mkOption { policy = mkOption {
default = default =
'' ''
<?xml version="1.0"?> <?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd"> <!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy> <cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/> <site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="*" /> <allow-access-from domain="*" to-ports="*" />
</cross-domain-policy> </cross-domain-policy>

125
nixos/modules/services/networking/mxisd.nix Normal file
View File

@ -0,0 +1,125 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.mxisd;
server = optionalAttrs (cfg.server.name != null) { inherit (cfg.server) name; }
// optionalAttrs (cfg.server.port != null) { inherit (cfg.server) port; };
baseConfig = {
matrix.domain = cfg.matrix.domain;
key.path = "${cfg.dataDir}/signing.key";
storage = {
provider.sqlite.database = "${cfg.dataDir}/mxisd.db";
};
} // optionalAttrs (server != {}) { inherit server; };
# merges baseConfig and extraConfig into a single file
fullConfig = recursiveUpdate baseConfig cfg.extraConfig;
configFile = pkgs.writeText "mxisd-config.yaml" (builtins.toJSON fullConfig);
in {
options = {
services.mxisd = {
enable = mkEnableOption "mxisd matrix federated identity server";
package = mkOption {
type = types.package;
default = pkgs.mxisd;
defaultText = "pkgs.mxisd";
description = "The mxisd package to use";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/mxisd";
description = "Where data mxisd uses resides";
};
extraConfig = mkOption {
type = types.attrs;
default = {};
description = "Extra options merged into the mxisd configuration";
};
matrix = {
domain = mkOption {
type = types.str;
description = ''
the domain of the matrix homeserver
'';
};
};
server = {
name = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Public hostname of mxisd, if different from the Matrix domain.
'';
};
port = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
HTTP port to listen on (unencrypted)
'';
};
};
};
};
config = mkIf cfg.enable {
users.users = [
{
name = "mxisd";
group = "mxisd";
home = cfg.dataDir;
createHome = true;
shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.mxisd;
}
];
users.groups = [
{
name = "mxisd";
gid = config.ids.gids.mxisd;
}
];
systemd.services.mxisd = {
description = "a federated identity server for the matrix ecosystem";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
# mxisd / spring.boot needs the configuration to be named "application.yaml"
preStart = ''
config=${cfg.dataDir}/application.yaml
cp ${configFile} $config
chmod 444 $config
'';
serviceConfig = {
Type = "simple";
User = "mxisd";
Group = "mxisd";
ExecStart = "${cfg.package}/bin/mxisd --spring.config.location=${cfg.dataDir}/ --spring.profiles.active=systemd --java.security.egd=file:/dev/./urandom";
WorkingDirectory = cfg.dataDir;
PermissionsStartOnly = true;
SuccessExitStatus = 143;
Restart = "on-failure";
};
};
};
}

38
nixos/modules/services/networking/ntpd.nix
View File

@ -15,6 +15,10 @@ let
configFile = pkgs.writeText "ntp.conf" '' configFile = pkgs.writeText "ntp.conf" ''
driftfile ${stateDir}/ntp.drift driftfile ${stateDir}/ntp.drift
restrict default ${toString cfg.restrictDefault}
restrict -6 default ${toString cfg.restrictDefault}
restrict source ${toString cfg.restrictSource}
restrict 127.0.0.1 restrict 127.0.0.1
restrict -6 ::1 restrict -6 ::1
@ -36,11 +40,40 @@ in
enable = mkOption { enable = mkOption {
default = false; default = false;
description = '' description = ''
Whether to synchronise your machine's time using the NTP Whether to synchronise your machine's time using ntpd, as a peer in
protocol. the NTP network.
</para>
<para>
Disables <literal>systemd.timesyncd</literal> if enabled.
''; '';
}; };
restrictDefault = mkOption {
type = types.listOf types.str;
description = ''
The restriction flags to be set by default.
</para>
<para>
The default flags prevent external hosts from using ntpd as a DDoS
reflector, setting system time, and querying OS/ntpd version. As
recommended in section 6.5.1.1.3, answer "No" of
http://support.ntp.org/bin/view/Support/AccessRestrictions
'';
default = [ "limited" "kod" "nomodify" "notrap" "noquery" "nopeer" ];
};
restrictSource = mkOption {
type = types.listOf types.str;
description = ''
The restriction flags to be set on source.
</para>
<para>
The default flags allow peers to be added by ntpd from configured
pool(s), but not by other means.
'';
default = [ "limited" "kod" "nomodify" "notrap" "noquery" ];
};
servers = mkOption { servers = mkOption {
default = config.networking.timeServers; default = config.networking.timeServers;
description = '' description = ''
@ -51,6 +84,7 @@ in
extraFlags = mkOption { extraFlags = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
description = "Extra flags passed to the ntpd command."; description = "Extra flags passed to the ntpd command.";
example = literalExample ''[ "--interface=eth0" ]'';
default = []; default = [];
}; };

7
nixos/modules/services/security/tor.nix
View File

@ -92,6 +92,7 @@ let
# Hidden services # Hidden services
+ concatStrings (flip mapAttrsToList cfg.hiddenServices (n: v: '' + concatStrings (flip mapAttrsToList cfg.hiddenServices (n: v: ''
HiddenServiceDir ${torDirectory}/onion/${v.name} HiddenServiceDir ${torDirectory}/onion/${v.name}
${optionalString (v.version != null) "HiddenServiceVersion ${toString v.version}"}
${flip concatMapStrings v.map (p: '' ${flip concatMapStrings v.map (p: ''
HiddenServicePort ${toString p.port} ${p.destination} HiddenServicePort ${toString p.port} ${p.destination}
'')} '')}
@ -667,6 +668,12 @@ in
}; };
})); }));
}; };
version = mkOption {
default = null;
description = "Rendezvous service descriptor version to publish for the hidden service. Currently, versions 2 and 3 are supported. (Default: 2)";
type = types.nullOr (types.enum [ 2 3 ]);
};
}; };
config = { config = {

8
nixos/modules/services/system/cloud-init.nix
View File

@ -119,7 +119,7 @@ in
{ Type = "oneshot"; { Type = "oneshot";
ExecStart = "${pkgs.cloud-init}/bin/cloud-init init --local"; ExecStart = "${pkgs.cloud-init}/bin/cloud-init init --local";
RemainAfterExit = "yes"; RemainAfterExit = "yes";
TimeoutSec = "0"; TimeoutSec = "infinity";
StandardOutput = "journal+console"; StandardOutput = "journal+console";
}; };
}; };
@ -137,7 +137,7 @@ in
{ Type = "oneshot"; { Type = "oneshot";
ExecStart = "${pkgs.cloud-init}/bin/cloud-init init"; ExecStart = "${pkgs.cloud-init}/bin/cloud-init init";
RemainAfterExit = "yes"; RemainAfterExit = "yes";
TimeoutSec = "0"; TimeoutSec = "infinity";
StandardOutput = "journal+console"; StandardOutput = "journal+console";
}; };
}; };
@ -153,7 +153,7 @@ in
{ Type = "oneshot"; { Type = "oneshot";
ExecStart = "${pkgs.cloud-init}/bin/cloud-init modules --mode=config"; ExecStart = "${pkgs.cloud-init}/bin/cloud-init modules --mode=config";
RemainAfterExit = "yes"; RemainAfterExit = "yes";
TimeoutSec = "0"; TimeoutSec = "infinity";
StandardOutput = "journal+console"; StandardOutput = "journal+console";
}; };
}; };
@ -169,7 +169,7 @@ in
{ Type = "oneshot"; { Type = "oneshot";
ExecStart = "${pkgs.cloud-init}/bin/cloud-init modules --mode=final"; ExecStart = "${pkgs.cloud-init}/bin/cloud-init modules --mode=final";
RemainAfterExit = "yes"; RemainAfterExit = "yes";
TimeoutSec = "0"; TimeoutSec = "infinity";
StandardOutput = "journal+console"; StandardOutput = "journal+console";
}; };
}; };

4
nixos/modules/services/web-servers/apache-httpd/mediawiki.nix
View File

@ -86,7 +86,7 @@ let
name= "mediawiki-1.29.1"; name= "mediawiki-1.29.1";
src = pkgs.fetchurl { src = pkgs.fetchurl {
url = "http://download.wikimedia.org/mediawiki/1.29/${name}.tar.gz"; url = "https://releases.wikimedia.org/mediawiki/1.29/${name}.tar.gz";
sha256 = "03mpazbxvb011s2nmlw5p6dc43yjgl5yrsilmj1imyykm57bwb3m"; sha256 = "03mpazbxvb011s2nmlw5p6dc43yjgl5yrsilmj1imyykm57bwb3m";
}; };
@ -311,7 +311,7 @@ in
description = '' description = ''
Any additional text to be appended to MediaWiki's Any additional text to be appended to MediaWiki's
configuration file. This is a PHP script. For configuration configuration file. This is a PHP script. For configuration
settings, see <link xlink:href='http://www.mediawiki.org/wiki/Manual:Configuration_settings'/>. settings, see <link xlink:href='https://www.mediawiki.org/wiki/Manual:Configuration_settings'/>.
''; '';
}; };

1
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -107,6 +107,7 @@ in {
services.gnome3.gnome-documents.enable = mkDefault true; services.gnome3.gnome-documents.enable = mkDefault true;
services.gnome3.gnome-keyring.enable = true; services.gnome3.gnome-keyring.enable = true;
services.gnome3.gnome-online-accounts.enable = mkDefault true; services.gnome3.gnome-online-accounts.enable = mkDefault true;
services.gnome3.gnome-remote-desktop.enable = mkDefault true;
services.gnome3.gnome-terminal-server.enable = mkDefault true; services.gnome3.gnome-terminal-server.enable = mkDefault true;
services.gnome3.gnome-user-share.enable = mkDefault true; services.gnome3.gnome-user-share.enable = mkDefault true;
services.gnome3.gvfs.enable = true; services.gnome3.gvfs.enable = true;

2
nixos/modules/services/x11/display-managers/gdm.nix
View File

@ -116,7 +116,7 @@ in
environment = { environment = {
GDM_X_SERVER_EXTRA_ARGS = toString GDM_X_SERVER_EXTRA_ARGS = toString
(filter (arg: arg != "-terminate") cfg.xserverArgs); (filter (arg: arg != "-terminate") cfg.xserverArgs);
GDM_SESSIONS_DIR = "${cfg.session.desktops}/share/xsessions"; XDG_DATA_DIRS = "${cfg.session.desktops}/share/";
# Find the mouse # Find the mouse
XCURSOR_PATH = "~/.icons:${pkgs.gnome3.adwaita-icon-theme}/share/icons"; XCURSOR_PATH = "~/.icons:${pkgs.gnome3.adwaita-icon-theme}/share/icons";
} // optionalAttrs (xSessionWrapper != null) { } // optionalAttrs (xSessionWrapper != null) {

30
nixos/modules/services/x11/urxvtd.nix
View File

@ -18,27 +18,17 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.user = { systemd.user.services.urxvtd = {
sockets.urxvtd = { description = "urxvt terminal daemon";
description = "socket for urxvtd, the urxvt terminal daemon"; wantedBy = [ "graphical-session.target" ];
wantedBy = [ "graphical-session.target" ]; partOf = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ]; path = [ pkgs.xsel ];
socketConfig = { serviceConfig = {
ListenStream = "%t/urxvtd-socket"; ExecStart = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtd -o";
}; Environment = "RXVT_SOCKET=%t/urxvtd-socket";
Restart = "on-failure";
RestartSec = "5s";
}; };
services.urxvtd = {
description = "urxvt terminal daemon";
path = [ pkgs.xsel ];
serviceConfig = {
ExecStart = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtd -o";
Environment = "RXVT_SOCKET=%t/urxvtd-socket";
Restart = "on-failure";
RestartSec = "5s";
};
};
}; };
environment.systemPackages = [ pkgs.rxvt_unicode-with-plugins ]; environment.systemPackages = [ pkgs.rxvt_unicode-with-plugins ];

2
nixos/modules/system/boot/systemd-nspawn.nix
View File

@ -112,7 +112,7 @@ in {
environment.etc."systemd/nspawn".source = generateUnits "nspawn" units [] []; environment.etc."systemd/nspawn".source = generateUnits "nspawn" units [] [];
systemd.targets."multi-user".wants = [ "machines.target "]; systemd.targets."multi-user".wants = [ "machines.target" ];
}; };
} }

8
nixos/modules/virtualisation/container-config.nix
View File

@ -22,12 +22,8 @@ with lib;
# Not supported in systemd-nspawn containers. # Not supported in systemd-nspawn containers.
security.audit.enable = false; security.audit.enable = false;
# Make sure that root user in container will talk to host nix-daemon # Use the host's nix-daemon.
environment.etc."profile".text = '' environment.variables.NIX_REMOTE = "daemon";
export NIX_REMOTE=daemon
'';
}; };

38
nixos/modules/virtualisation/docker-image.nix
View File

@ -17,3 +17,41 @@
# Socket activated ssh presents problem in Docker. # Socket activated ssh presents problem in Docker.
services.openssh.startWhenNeeded = false; services.openssh.startWhenNeeded = false;
} }
# Example usage:
#
## default.nix
# let
# nixos = import <nixpkgs/nixos> {
# configuration = ./configuration.nix;
# system = "x86_64-linux";
# };
# in
# nixos.config.system.build.tarball
#
## configuration.nix
# { pkgs, config, lib, ... }:
# {
# imports = [
# <nixpkgs/nixos/modules/virtualisation/docker-image.nix>
# <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
# ];
#
# documentation.doc.enable = false;
#
# environment.systemPackages = with pkgs; [
# bashInteractive
# cacert
# nix
# ];
# }
#
## Run
# Build the tarball:
# $ nix-build default.nix
# Load into docker:
# $ docker import result/tarball/nixos-system-*.tar.xz nixos-docker
# Boots into systemd
# $ docker run --privileged -it nixos-docker /init
# Log into the container
# $ docker exec -it <container-name> /run/current-system/sw/bin/bash

262
nixos/modules/virtualisation/google-compute-config.nix
View File

@ -1,5 +1,261 @@
{ ... }: { config, lib, pkgs, ... }:
with lib;
let
gce = pkgs.google-compute-engine;
cfg = config.virtualisation.googleComputeImage;
in
{ {
imports = [ <nixpkgs/nixos/modules/virtualisation/google-compute-image.nix> ]; imports = [
../profiles/headless.nix
../profiles/qemu-guest.nix
];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
autoResize = true;
};
boot.growPartition = true;
boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
boot.initrd.kernelModules = [ "virtio_scsi" ];
boot.kernelModules = [ "virtio_pci" "virtio_net" ];
# Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd.
boot.loader.grub.device = "/dev/sda";
boot.loader.timeout = 0;
# Don't put old configurations in the GRUB menu. The user has no
# way to select them anyway.
boot.loader.grub.configurationLimit = 0;
# Allow root logins only using the SSH key that the user specified
# at instance creation time.
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
services.openssh.passwordAuthentication = mkDefault false;
# Use GCE udev rules for dynamic disk volumes
services.udev.packages = [ gce ];
# Force getting the hostname from Google Compute.
networking.hostName = mkDefault "";
# Always include cryptsetup so that NixOps can use it.
environment.systemPackages = [ pkgs.cryptsetup ];
# Make sure GCE image does not replace host key that NixOps sets
environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
[InstanceSetup]
set_host_keys = false
'';
# Rely on GCP's firewall instead
networking.firewall.enable = mkDefault false;
# Configure default metadata hostnames
networking.extraHosts = ''
169.254.169.254 metadata.google.internal metadata
'';
networking.timeServers = [ "metadata.google.internal" ];
networking.usePredictableInterfaceNames = false;
# GC has 1460 MTU
networking.interfaces.eth0.mtu = 1460;
# allow the google-accounts-daemon to manage users
users.mutableUsers = true;
# and allow users to sudo without password
security.sudo.enable = true;
security.sudo.extraConfig = ''
%google-sudoers ALL=(ALL:ALL) NOPASSWD:ALL
'';
# NOTE: google-accounts tries to write to /etc/sudoers.d but the folder doesn't exist
# FIXME: not such file or directory on dynamic SSH provisioning
systemd.services.google-accounts-daemon = {
description = "Google Compute Engine Accounts Daemon";
# This daemon creates dynamic users
enable = config.users.mutableUsers;
after = [
"network.target"
"google-instance-setup.service"
"google-network-setup.service"
];
requires = ["network.target"];
wantedBy = ["multi-user.target"];
path = with pkgs; [ shadow ];
serviceConfig = {
Type = "simple";
ExecStart = "${gce}/bin/google_accounts_daemon --debug";
};
};
systemd.services.google-clock-skew-daemon = {
description = "Google Compute Engine Clock Skew Daemon";
after = [
"network.target"
"google-instance-setup.service"
"google-network-setup.service"
];
requires = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${gce}/bin/google_clock_skew_daemon --debug";
};
};
systemd.services.google-instance-setup = {
description = "Google Compute Engine Instance Setup";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
before = ["sshd.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "sshd.service" "multi-user.target" ];
path = with pkgs; [ ethtool openssh ];
serviceConfig = {
ExecStart = "${gce}/bin/google_instance_setup --debug";
Type = "oneshot";
};
};
systemd.services.google-network-daemon = {
description = "Google Compute Engine Network Daemon";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
requires = ["network.target"];
partOf = ["network.target"];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ iproute ];
serviceConfig = {
ExecStart = "${gce}/bin/google_network_daemon --debug";
};
};
systemd.services.google-shutdown-scripts = {
description = "Google Compute Engine Shutdown Scripts";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
"systemd-resolved.service"
"google-instance-setup.service"
"google-network-daemon.service"
];
wants = [ "local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.coreutils}/bin/true";
ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown";
Type = "oneshot";
RemainAfterExit = true;
TimeoutStopSec = "infinity";
};
};
systemd.services.google-startup-scripts = {
description = "Google Compute Engine Startup Scripts";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
"google-instance-setup.service"
"google-network-daemon.service"
];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";
KillMode = "process";
Type = "oneshot";
};
};
# Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
boot.kernel.sysctl = {
# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
# of TCP functionality/features under normal conditions. When flood
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/features (e.g. TCP Window scaling).
"net.ipv4.tcp_syncookies" = mkDefault "1";
# ignores source-routed packets
"net.ipv4.conf.all.accept_source_route" = mkDefault "0";
# ignores source-routed packets
"net.ipv4.conf.default.accept_source_route" = mkDefault "0";
# ignores ICMP redirects
"net.ipv4.conf.all.accept_redirects" = mkDefault "0";
# ignores ICMP redirects
"net.ipv4.conf.default.accept_redirects" = mkDefault "0";
# ignores ICMP redirects from non-GW hosts
"net.ipv4.conf.all.secure_redirects" = mkDefault "1";
# ignores ICMP redirects from non-GW hosts
"net.ipv4.conf.default.secure_redirects" = mkDefault "1";
# don't allow traffic between networks or act as a router
"net.ipv4.ip_forward" = mkDefault "0";
# don't allow traffic between networks or act as a router
"net.ipv4.conf.all.send_redirects" = mkDefault "0";
# don't allow traffic between networks or act as a router
"net.ipv4.conf.default.send_redirects" = mkDefault "0";
# reverse path filtering - IP spoofing protection
"net.ipv4.conf.all.rp_filter" = mkDefault "1";
# reverse path filtering - IP spoofing protection
"net.ipv4.conf.default.rp_filter" = mkDefault "1";
# ignores ICMP broadcasts to avoid participating in Smurf attacks
"net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1";
# ignores bad ICMP errors
"net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1";
# logs spoofed, source-routed, and redirect packets
"net.ipv4.conf.all.log_martians" = mkDefault "1";
# log spoofed, source-routed, and redirect packets
"net.ipv4.conf.default.log_martians" = mkDefault "1";
# implements RFC 1337 fix
"net.ipv4.tcp_rfc1337" = mkDefault "1";
# randomizes addresses of mmap base, heap, stack and VDSO page
"kernel.randomize_va_space" = mkDefault "2";
# Reboot the machine soon after a kernel panic.
"kernel.panic" = mkDefault "10";
## Not part of the original config
# provides protection from ToCToU races
"fs.protected_hardlinks" = mkDefault "1";
# provides protection from ToCToU races
"fs.protected_symlinks" = mkDefault "1";
# makes locating kernel addresses more difficult
"kernel.kptr_restrict" = mkDefault "1";
# set ptrace protections
"kernel.yama.ptrace_scope" = mkOverride 500 "1";
# set perf only available to root
"kernel.perf_event_paranoid" = mkDefault "2";
};
} }

362
nixos/modules/virtualisation/google-compute-image.nix
View File

@ -2,333 +2,59 @@
with lib; with lib;
let let
diskSize = 1536; # MB cfg = config.virtualisation.googleComputeImage;
gce = pkgs.google-compute-engine; defaultConfigFile = pkgs.writeText "configuration.nix" ''
{ ... }:
{
imports = [
<nixpkgs/nixos/modules/virtualisation/google-compute-image.nix>
];
}
'';
in in
{ {
imports = [ ../profiles/headless.nix ../profiles/qemu-guest.nix ];
system.build.googleComputeImage = import ../../lib/make-disk-image.nix { imports = [ ./google-compute-config.nix ];
name = "google-compute-image";
postVM = ''
PATH=$PATH:${pkgs.stdenv.lib.makeBinPath [ pkgs.gnutar pkgs.gzip ]}
pushd $out
mv $diskImage disk.raw
tar -Szcf nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw.tar.gz disk.raw
rm $out/disk.raw
popd
'';
configFile = <nixpkgs/nixos/modules/virtualisation/google-compute-config.nix>;
format = "raw";
inherit diskSize;
inherit config lib pkgs;
};
fileSystems."/" = { options = {
device = "/dev/disk/by-label/nixos"; virtualisation.googleComputeImage.diskSize = mkOption {
autoResize = true; type = with types; int;
}; default = 1536;
description = ''
Size of disk image. Unit is MB.
'';
};
boot.growPartition = true; virtualisation.googleComputeImage.configFile = mkOption {
boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ]; type = with types; nullOr str;
boot.initrd.kernelModules = [ "virtio_scsi" ]; default = null;
boot.kernelModules = [ "virtio_pci" "virtio_net" ]; description = ''
A path to a configuration file which will be placed at `/etc/nixos/configuration.nix`
# Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. and be used when switching to a new configuration.
boot.loader.grub.device = "/dev/sda"; If set to `null`, a default configuration is used, where the only import is
boot.loader.timeout = 0; `<nixpkgs/nixos/modules/virtualisation/google-compute-image.nix>`.
'';
# Don't put old configurations in the GRUB menu. The user has no
# way to select them anyway.
boot.loader.grub.configurationLimit = 0;
# Allow root logins only using the SSH key that the user specified
# at instance creation time.
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
services.openssh.passwordAuthentication = mkDefault false;
# Use GCE udev rules for dynamic disk volumes
services.udev.packages = [ gce ];
# Force getting the hostname from Google Compute.
networking.hostName = mkDefault "";
# Always include cryptsetup so that NixOps can use it.
environment.systemPackages = [ pkgs.cryptsetup ];
# Make sure GCE image does not replace host key that NixOps sets
environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
[InstanceSetup]
set_host_keys = false
'';
# Rely on GCP's firewall instead
networking.firewall.enable = mkDefault false;
# Configure default metadata hostnames
networking.extraHosts = ''
169.254.169.254 metadata.google.internal metadata
'';
networking.timeServers = [ "metadata.google.internal" ];
networking.usePredictableInterfaceNames = false;
# GC has 1460 MTU
networking.interfaces.eth0.mtu = 1460;
# allow the google-accounts-daemon to manage users
users.mutableUsers = true;
# and allow users to sudo without password
security.sudo.enable = true;
security.sudo.extraConfig = ''
%google-sudoers ALL=(ALL:ALL) NOPASSWD:ALL
'';
# NOTE: google-accounts tries to write to /etc/sudoers.d but the folder doesn't exist
# FIXME: not such file or directory on dynamic SSH provisioning
systemd.services.google-accounts-daemon = {
description = "Google Compute Engine Accounts Daemon";
# This daemon creates dynamic users
enable = config.users.mutableUsers;
after = [
"network.target"
"google-instance-setup.service"
"google-network-setup.service"
];
requires = ["network.target"];
wantedBy = ["multi-user.target"];
path = with pkgs; [ shadow ];
serviceConfig = {
Type = "simple";
ExecStart = "${gce}/bin/google_accounts_daemon --debug";
}; };
}; };
systemd.services.google-clock-skew-daemon = { #### implementation
description = "Google Compute Engine Clock Skew Daemon"; config = {
after = [
"network.target" system.build.googleComputeImage = import ../../lib/make-disk-image.nix {
"google-instance-setup.service" name = "google-compute-image";
"google-network-setup.service" postVM = ''
]; PATH=$PATH:${with pkgs; stdenv.lib.makeBinPath [ gnutar gzip ]}
requires = ["network.target"]; pushd $out
wantedBy = ["multi-user.target"]; mv $diskImage disk.raw
serviceConfig = { tar -Szcf nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw.tar.gz disk.raw
Type = "simple"; rm $out/disk.raw
ExecStart = "${gce}/bin/google_clock_skew_daemon --debug"; popd
'';
format = "raw";
configFile = if isNull cfg.configFile then defaultConfigFile else cfg.configFile;
inherit (cfg) diskSize;
inherit config lib pkgs;
}; };
};
systemd.services.google-instance-setup = {
description = "Google Compute Engine Instance Setup";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
before = ["sshd.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "sshd.service" "multi-user.target" ];
path = with pkgs; [ ethtool openssh ];
serviceConfig = {
ExecStart = "${gce}/bin/google_instance_setup --debug";
Type = "oneshot";
};
};
systemd.services.google-network-daemon = {
description = "Google Compute Engine Network Daemon";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
requires = ["network.target"];
partOf = ["network.target"];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ iproute ];
serviceConfig = {
ExecStart = "${gce}/bin/google_network_daemon --debug";
};
};
systemd.services.google-shutdown-scripts = {
description = "Google Compute Engine Shutdown Scripts";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
"systemd-resolved.service"
"google-instance-setup.service"
"google-network-daemon.service"
];
wants = [ "local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.coreutils}/bin/true";
ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown";
Type = "oneshot";
RemainAfterExit = true;
TimeoutStopSec = 0;
};
};
systemd.services.google-startup-scripts = {
description = "Google Compute Engine Startup Scripts";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
"google-instance-setup.service"
"google-network-daemon.service"
];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";
KillMode = "process";
Type = "oneshot";
};
};
# TODO: remove this
systemd.services.fetch-ssh-keys =
{ description = "Fetch host keys and authorized_keys for root user";
wantedBy = [ "sshd.service" ];
before = [ "sshd.service" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
script = let wget = "${pkgs.wget}/bin/wget --retry-connrefused -t 15 --waitretry=10 --header='Metadata-Flavor: Google'";
mktemp = "mktemp --tmpdir=/run"; in
''
# When dealing with cryptographic keys, we want to keep things private.
umask 077
# Don't download the SSH key if it has already been downloaded
echo "Obtaining SSH keys..."
mkdir -m 0700 -p /root/.ssh
AUTH_KEYS=$(${mktemp})
${wget} -O $AUTH_KEYS http://metadata.google.internal/computeMetadata/v1/instance/attributes/sshKeys
if [ -s $AUTH_KEYS ]; then
# Read in key one by one, split in case Google decided
# to append metadata (it does sometimes) and add to
# authorized_keys if not already present.
touch /root/.ssh/authorized_keys
NEW_KEYS=$(${mktemp})
# Yes this is a nix escape of two single quotes.
while IFS=''' read -r line || [[ -n "$line" ]]; do
keyLine=$(echo -n "$line" | cut -d ':' -f2)
IFS=' ' read -r -a array <<< "$keyLine"
if [ ''${#array[@]} -ge 3 ]; then
echo ''${array[@]:0:3} >> $NEW_KEYS
echo "Added ''${array[@]:2} to authorized_keys"
fi
done < $AUTH_KEYS
mv $NEW_KEYS /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
rm -f $KEY_PUB
else
echo "Downloading http://metadata.google.internal/computeMetadata/v1/project/attributes/sshKeys failed."
false
fi
rm -f $AUTH_KEYS
SSH_HOST_KEYS_DIR=$(${mktemp} -d)
${wget} -O $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key
${wget} -O $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key.pub http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssh_host_ed25519_key_pub
if [ -s $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key -a -s $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key.pub ]; then
mv -f $SSH_HOST_KEYS_DIR/ssh_host_ed25519_key* /etc/ssh/
chmod 600 /etc/ssh/ssh_host_ed25519_key
chmod 644 /etc/ssh/ssh_host_ed25519_key.pub
else
echo "Setup of ssh host keys from http://metadata.google.internal/computeMetadata/v1/instance/attributes/ failed."
false
fi
rm -rf $SSH_HOST_KEYS_DIR
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.StandardError = "journal+console";
serviceConfig.StandardOutput = "journal+console";
};
# Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
boot.kernel.sysctl = {
# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
# of TCP functionality/features under normal conditions. When flood
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/features (e.g. TCP Window scaling).
"net.ipv4.tcp_syncookies" = mkDefault "1";
# ignores source-routed packets
"net.ipv4.conf.all.accept_source_route" = mkDefault "0";
# ignores source-routed packets
"net.ipv4.conf.default.accept_source_route" = mkDefault "0";
# ignores ICMP redirects
"net.ipv4.conf.all.accept_redirects" = mkDefault "0";
# ignores ICMP redirects
"net.ipv4.conf.default.accept_redirects" = mkDefault "0";
# ignores ICMP redirects from non-GW hosts
"net.ipv4.conf.all.secure_redirects" = mkDefault "1";
# ignores ICMP redirects from non-GW hosts
"net.ipv4.conf.default.secure_redirects" = mkDefault "1";
# don't allow traffic between networks or act as a router
"net.ipv4.ip_forward" = mkDefault "0";
# don't allow traffic between networks or act as a router
"net.ipv4.conf.all.send_redirects" = mkDefault "0";
# don't allow traffic between networks or act as a router
"net.ipv4.conf.default.send_redirects" = mkDefault "0";
# reverse path filtering - IP spoofing protection
"net.ipv4.conf.all.rp_filter" = mkDefault "1";
# reverse path filtering - IP spoofing protection
"net.ipv4.conf.default.rp_filter" = mkDefault "1";
# ignores ICMP broadcasts to avoid participating in Smurf attacks
"net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1";
# ignores bad ICMP errors
"net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1";
# logs spoofed, source-routed, and redirect packets
"net.ipv4.conf.all.log_martians" = mkDefault "1";
# log spoofed, source-routed, and redirect packets
"net.ipv4.conf.default.log_martians" = mkDefault "1";
# implements RFC 1337 fix
"net.ipv4.tcp_rfc1337" = mkDefault "1";
# randomizes addresses of mmap base, heap, stack and VDSO page
"kernel.randomize_va_space" = mkDefault "2";
# Reboot the machine soon after a kernel panic.
"kernel.panic" = mkDefault "10";
## Not part of the original config
# provides protection from ToCToU races
"fs.protected_hardlinks" = mkDefault "1";
# provides protection from ToCToU races
"fs.protected_symlinks" = mkDefault "1";
# makes locating kernel addresses more difficult
"kernel.kptr_restrict" = mkDefault "1";
# set ptrace protections
"kernel.yama.ptrace_scope" = mkOverride 500 "1";
# set perf only available to root
"kernel.perf_event_paranoid" = mkDefault "2";
}; };

1
nixos/tests/all-tests.nix
View File

@ -178,6 +178,7 @@ in
rabbitmq = handleTest ./rabbitmq.nix {}; rabbitmq = handleTest ./rabbitmq.nix {};
radicale = handleTest ./radicale.nix {}; radicale = handleTest ./radicale.nix {};
redmine = handleTest ./redmine.nix {}; redmine = handleTest ./redmine.nix {};
roundcube = handleTest ./roundcube.nix {};
rspamd = handleTest ./rspamd.nix {}; rspamd = handleTest ./rspamd.nix {};
rss2email = handleTest ./rss2email.nix {}; rss2email = handleTest ./rss2email.nix {};
rsyslogd = handleTest ./rsyslogd.nix {}; rsyslogd = handleTest ./rsyslogd.nix {};

4
nixos/tests/gitlab.nix
View File

@ -16,6 +16,7 @@ import ./make-test.nix ({ pkgs, lib, ...} : with lib; {
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"localhost" = { "localhost" = {
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
@ -75,7 +76,8 @@ import ./make-test.nix ({ pkgs, lib, ...} : with lib; {
$gitlab->waitForUnit("gitlab.service"); $gitlab->waitForUnit("gitlab.service");
$gitlab->waitForUnit("gitlab-sidekiq.service"); $gitlab->waitForUnit("gitlab-sidekiq.service");
$gitlab->waitForFile("/var/gitlab/state/tmp/sockets/gitlab.socket"); $gitlab->waitForFile("/var/gitlab/state/tmp/sockets/gitlab.socket");
$gitlab->waitUntilSucceeds("curl -sSf http://localhost/users/sign_in"); $gitlab->waitUntilSucceeds("curl -sSf http://gitlab/users/sign_in");
$gitlab->succeed("curl -isSf http://gitlab | grep -i location | grep -q http://gitlab/users/sign_in");
$gitlab->succeed("${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2") $gitlab->succeed("${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2")
''; '';
}) })

7
nixos/tests/hardened.nix
View File

@ -10,6 +10,7 @@ import ./make-test.nix ({ pkgs, ...} : {
{ users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; }; { users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
users.users.sybil = { isNormalUser = true; group = "wheel"; }; users.users.sybil = { isNormalUser = true; group = "wheel"; };
imports = [ ../modules/profiles/hardened.nix ]; imports = [ ../modules/profiles/hardened.nix ];
nix.useSandbox = false;
virtualisation.emptyDiskImages = [ 4096 ]; virtualisation.emptyDiskImages = [ 4096 ];
boot.initrd.postDeviceCommands = '' boot.initrd.postDeviceCommands = ''
${pkgs.dosfstools}/bin/mkfs.vfat -n EFISYS /dev/vdb ${pkgs.dosfstools}/bin/mkfs.vfat -n EFISYS /dev/vdb
@ -63,5 +64,11 @@ import ./make-test.nix ({ pkgs, ...} : {
$machine->succeed("mount /dev/disk/by-label/EFISYS /efi"); $machine->succeed("mount /dev/disk/by-label/EFISYS /efi");
$machine->succeed("mountpoint -q /efi"); # now mounted $machine->succeed("mountpoint -q /efi"); # now mounted
}; };
# Test Nix dæmon usage
subtest "nix-daemon", sub {
$machine->fail("su -l nobody -s /bin/sh -c 'nix ping-store'");
$machine->succeed("su -l alice -c 'nix ping-store'") =~ "OK";
};
''; '';
}) })

21
nixos/tests/mxisd.nix Normal file
View File

@ -0,0 +1,21 @@
import ./make-test.nix ({ pkgs, ... } : {
name = "mxisd";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ mguentner ];
};
nodes = {
server_mxisd = args : {
services.mxisd.enable = true;
services.mxisd.matrix.domain = "example.org";
};
};
testScript = ''
startAll;
$server_mxisd->waitForUnit("mxisd.service");
$server_mxisd->waitForOpenPort(8090);
$server_mxisd->succeed("curl -Ssf \"http://127.0.0.1:8090/_matrix/identity/api/v1\"")
'';
})

28
nixos/tests/roundcube.nix Normal file
View File

@ -0,0 +1,28 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "roundcube";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ globin ];
};
nodes = {
roundcube = { config, pkgs, ... }: {
services.roundcube = {
enable = true;
hostName = "roundcube";
database.password = "notproduction";
};
services.nginx.virtualHosts.roundcube = {
forceSSL = false;
enableACME = false;
};
};
};
testScript = ''
$roundcube->start;
$roundcube->waitForUnit("postgresql.service");
$roundcube->waitForUnit("phpfpm-roundcube.service");
$roundcube->waitForUnit("nginx.service");
$roundcube->succeed("curl -sSfL http://roundcube/");
'';
})

1
nixos/tests/rspamd.nix
View File

@ -235,6 +235,7 @@ in
services.rspamd = { services.rspamd = {
enable = true; enable = true;
postfix.enable = true; postfix.enable = true;
workers.rspamd_proxy.type = "proxy";
}; };
}; };
testScript = '' testScript = ''

6
pkgs/applications/audio/a2jmidid/default.nix
View File

@ -9,12 +9,12 @@ in stdenv.mkDerivation rec {
version = "8"; version = "8";
src = fetchurl { src = fetchurl {
url = "http://repo.or.cz/a2jmidid.git/snapshot/7383d268c4bfe85df9f10df6351677659211d1ca.tar.gz"; url = "https://repo.or.cz/a2jmidid.git/snapshot/7383d268c4bfe85df9f10df6351677659211d1ca.tar.gz";
sha256 = "06dgf5655znbvrd7fhrv8msv6zw8vk0hjqglcqkh90960mnnmwz7"; sha256 = "06dgf5655znbvrd7fhrv8msv6zw8vk0hjqglcqkh90960mnnmwz7";
}; };
nativeBuildInputs = [ pkgconfig wafHook ]; nativeBuildInputs = [ pkgconfig makeWrapper wafHook ];
buildInputs = [ makeWrapper alsaLib dbus libjack2 python dbus-python ]; buildInputs = [ alsaLib dbus libjack2 python dbus-python ];
postInstall = '' postInstall = ''
wrapProgram $out/bin/a2j_control --set PYTHONPATH $PYTHONPATH wrapProgram $out/bin/a2j_control --set PYTHONPATH $PYTHONPATH

4
pkgs/applications/audio/avldrums-lv2/default.nix
View File

@ -3,13 +3,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
pname = "avldrums.lv2"; pname = "avldrums.lv2";
version = "0.3.0"; version = "0.3.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "x42"; owner = "x42";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "0w51gdshq2i5bix2x5l3g3gnycy84nlzf5sj0jkrw0zrnbk6ghwg"; sha256 = "0yhq3n5bahhqpj40mvlkxcjsdsw63jsbz20pl77bx2qj30w25i2j";
fetchSubmodules = true; fetchSubmodules = true;
}; };

80
pkgs/applications/audio/cadence/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv { stdenv
, fetchurl , fetchzip
, pkgconfig , pkgconfig
, qtbase , qtbase
, makeWrapper , makeWrapper
@ -12,31 +12,13 @@
version = "0.9.0"; version = "0.9.0";
pname = "cadence"; pname = "cadence";
src = fetchurl { src = fetchzip {
url = "https://github.com/falkTX/Cadence/archive/v${version}.tar.gz"; url = "https://github.com/falkTX/Cadence/archive/v${version}.tar.gz";
sha256 = "07z1mnb0bmldb3i31bgw816pnvlvr9gawr51rpx3mhixg5wpiqzb"; sha256 = "08vcggypkdfr70v49innahs5s11hi222dhhnm5wcqzdgksphqzwx";
}; };
buildInputs = [ nativeBuildInputs = [ makeWrapper pkgconfig ];
makeWrapper buildInputs = [ qtbase ];
pkgconfig
qtbase
];
apps = [
"cadence"
"cadence-jacksettings"
"cadence-pulse2loopback"
"claudia"
"cadence-aloop-daemon"
"cadence-logs"
"cadence-render"
"catarina"
"claudia-launcher"
"cadence-pulse2jack"
"cadence-session-start"
"catia"
];
makeFlags = '' makeFlags = ''
PREFIX="" PREFIX=""
@ -46,20 +28,54 @@
propagatedBuildInputs = with python3Packages; [ pyqt5 ]; propagatedBuildInputs = with python3Packages; [ pyqt5 ];
postInstall = '' postInstall = ''
# replace with our own wrappers. # replace with our own wrappers. They need to be changed manually since it wouldn't work otherwise
for app in $apps; do rm $out/bin/cadence
rm $out/bin/$app makeWrapper ${python3Packages.python.interpreter} $out/bin/cadence \
makeWrapper ${python3Packages.python.interpreter} $out/bin/$app \ --set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \ --add-flags "-O $out/share/cadence/src/cadence.py"
--add-flags "-O $out/share/cadence/src/$app.py" rm $out/bin/claudia
done makeWrapper ${python3Packages.python.interpreter} $out/bin/claudia \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/claudia.py"
rm $out/bin/catarina
makeWrapper ${python3Packages.python.interpreter} $out/bin/catarina \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/catarina.py"
rm $out/bin/catia
makeWrapper ${python3Packages.python.interpreter} $out/bin/catia \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/catia.py"
rm $out/bin/cadence-jacksettings
makeWrapper ${python3Packages.python.interpreter} $out/bin/cadence-jacksettings \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/jacksettings.py"
rm $out/bin/cadence-aloop-daemon
makeWrapper ${python3Packages.python.interpreter} $out/bin/cadence-aloop-daemon \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/cadence_aloop_daemon.py"
rm $out/bin/cadence-logs
makeWrapper ${python3Packages.python.interpreter} $out/bin/cadence-logs \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/logs.py"
rm $out/bin/cadence-render
makeWrapper ${python3Packages.python.interpreter} $out/bin/cadence-render \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/render.py"
rm $out/bin/claudia-launcher
makeWrapper ${python3Packages.python.interpreter} $out/bin/claudia-launcher \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/claudia_launcher.py"
rm $out/bin/cadence-session-start
makeWrapper ${python3Packages.python.interpreter} $out/bin/cadence-session-start \
--set PYTHONPATH "$PYTHONPATH:$out/share/cadence" \
--add-flags "-O $out/share/cadence/src/cadence_session_start.py"
''; '';
meta = { meta = {
homepage = https://github.com/falkTX/Cadence/; homepage = https://github.com/falkTX/Cadence/;
description = "Collection of tools useful for audio production"; description = "Collection of tools useful for audio production";
license = stdenv.lib.licenses.mit; license = stdenv.lib.licenses.gpl2Plus;
maintainers = with stdenv.lib.maintainers; [ genesis ]; maintainers = with stdenv.lib.maintainers; [ genesis ];
platforms = stdenv.lib.platforms.linux; platforms = [ "x86_64-linux" ];
}; };
} }

4
pkgs/applications/audio/cozy-audiobooks/default.nix
View File

@ -8,7 +8,7 @@
, desktop-file-utils , desktop-file-utils
, gtk3 , gtk3
, gst_all_1 , gst_all_1
, gobjectIntrospection , gobject-introspection
, python3Packages , python3Packages
, file , file
, cairo , cairo
@ -36,7 +36,7 @@ python3Packages.buildPythonApplication rec {
wrapGAppsHook wrapGAppsHook
appstream-glib appstream-glib
desktop-file-utils desktop-file-utils
gobjectIntrospection gobject-introspection
]; ];
buildInputs = [ buildInputs = [

37
pkgs/applications/audio/distrho/default.nix
View File

@ -1,7 +1,13 @@
{ stdenv, fetchFromGitHub, alsaLib, fftwSinglePrec, freetype, libjack2 { stdenv, fetchFromGitHub, alsaLib, fftwSinglePrec, freetype, libjack2
, pkgconfig, premake3, xorg, ladspa-sdk }: , pkgconfig, ladspa-sdk, premake3
, libX11, libXcomposite, libXcursor, libXext, libXinerama, libXrender
}:
stdenv.mkDerivation rec { let
premakeos = if stdenv.hostPlatform.isDarwin then "osx"
else if stdenv.hostPlatform.isWindows then "mingw"
else "linux";
in stdenv.mkDerivation rec {
name = "distrho-ports-${version}"; name = "distrho-ports-${version}";
version = "2018-04-16"; version = "2018-04-16";
@ -12,27 +18,26 @@ stdenv.mkDerivation rec {
sha256 = "0l4zwl4mli8jzch32a1fh7c88r9q17xnkxsdw17ds5hadnxlk12v"; sha256 = "0l4zwl4mli8jzch32a1fh7c88r9q17xnkxsdw17ds5hadnxlk12v";
}; };
configurePhase = ''
runHook preConfigure
sh ./scripts/premake-update.sh ${premakeos}
runHook postConfigure
'';
patchPhase = '' patchPhase = ''
sed -e "s#@./scripts#sh scripts#" -i Makefile sed -e "s#@./scripts#sh scripts#" -i Makefile
''; '';
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig premake3 ];
buildInputs = [ buildInputs = [
alsaLib fftwSinglePrec freetype libjack2 premake3 alsaLib fftwSinglePrec freetype libjack2
xorg.libX11 xorg.libXcomposite xorg.libXcursor xorg.libXext libX11 libXcomposite libXcursor libXext
xorg.libXinerama xorg.libXrender ladspa-sdk libXinerama libXrender ladspa-sdk
]; ];
buildPhase = '' makeFlags = "PREFIX=$(out)";
sh ./scripts/premake-update.sh linux
make lv2
'';
installPhase = ''
mkdir -p $out/bin
mkdir -p $out/lib/lv2
cp -a bin/lv2/* $out/lib/lv2/
'';
meta = with stdenv.lib; { meta = with stdenv.lib; {
homepage = http://distrho.sourceforge.net; homepage = http://distrho.sourceforge.net;

4
pkgs/applications/audio/dragonfly-reverb/default.nix
View File

@ -6,8 +6,8 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "michaelwillis"; owner = "michaelwillis";
repo = "dragonfly-reverb"; repo = "dragonfly-reverb";
rev = "0.9.4"; rev = "1.0.0";
sha256 = "0lc45jybjwg4wrcz4s9lvzpvqawgj825rkqhz2xxvalfbvjazi53"; sha256 = "05m4hd8lg0a7iiia6cbiw5qmc4p8vbkxp2qh7ywaabawiwa9r24x";
fetchSubmodules = true; fetchSubmodules = true;
}; };

44
pkgs/applications/audio/gnome-podcasts/default.nix Normal file
View File

@ -0,0 +1,44 @@
{ stdenv, fetchurl, fetchFromGitLab, meson, ninja, gettext, cargo, rustc, python3, rustPlatform, pkgconfig, gnome3
, glib, libhandy, gtk3, dbus, openssl, sqlite, gst_all_1, wrapGAppsHook }:
# TODO: build from git for easier updates
# rustPlatform.buildRustPackage rec {
stdenv.mkDerivation rec {
version = "0.4.6";
name = "gnome-podcasts-${version}";
src = fetchurl {
url = https://gitlab.gnome.org/World/podcasts/uploads/e59ac5d618d7daf4c7f33ba72957c466/gnome-podcasts-0.4.6.tar.xz;
sha256 = "0g2rk3w251fp5jwbxs5ya1adv8nsgdqjy1vmfg8qqab6qyndhbrc";
};
# src = fetchFromGitLab {
# domain = "gitlab.gnome.org";
# owner = "World";
# repo = "podcasts";
# rev = version;
# sha256 = "15xj98dhxvys0cnya9488qsfsm0ys1wy69wkc39z8j6hwdm7byq2";
# };
nativeBuildInputs = [
meson ninja pkgconfig gettext cargo rustc python3 wrapGAppsHook
];
buildInputs = [
glib gtk3 libhandy dbus openssl sqlite gst_all_1.gstreamer gst_all_1.gst-plugins-base gst_all_1.gst-plugins-bad
];
# cargoSha256 = "0721b5f700vvvzvmdl8nfjaa6j412q1fjssgrjv8n6rmn9z13d2v";
postPatch = ''
chmod +x scripts/compile-gschema.py # patchShebangs requires executable file
patchShebangs scripts/compile-gschema.py
'';
meta = with stdenv.lib; {
description = "Listen to your favorite podcasts";
homepage = https://wiki.gnome.org/Apps/Podcasts;
license = licenses.gpl3;
maintainers = gnome3.maintainers;
platforms = platforms.unix;
};
}

4
pkgs/applications/audio/gpodder/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchFromGitHub, python3, python3Packages, intltool { stdenv, fetchFromGitHub, python3, python3Packages, intltool
, glibcLocales, gnome3, gtk3, wrapGAppsHook , glibcLocales, gnome3, gtk3, wrapGAppsHook
, ipodSupport ? false, libgpod, gobjectIntrospection , ipodSupport ? false, libgpod, gobject-introspection
}: }:
python3Packages.buildPythonApplication rec { python3Packages.buildPythonApplication rec {
@ -27,7 +27,7 @@ python3Packages.buildPythonApplication rec {
buildInputs = [ buildInputs = [
python3 python3
gobjectIntrospection gobject-introspection
gnome3.defaultIconTheme gnome3.defaultIconTheme
]; ];

4
pkgs/applications/audio/lollypop/default.nix
View File

@ -1,7 +1,7 @@
{ stdenv, fetchgit, meson, ninja, pkgconfig { stdenv, fetchgit, meson, ninja, pkgconfig
, python3, gtk3, gst_all_1, libsecret, libsoup , python3, gtk3, gst_all_1, libsecret, libsoup
, appstream-glib, desktop-file-utils, gnome3 , appstream-glib, desktop-file-utils, gnome3
, gobjectIntrospection, wrapGAppsHook }: , gobject-introspection, wrapGAppsHook }:
python3.pkgs.buildPythonApplication rec { python3.pkgs.buildPythonApplication rec {
version = "0.9.611"; version = "0.9.611";
@ -20,7 +20,7 @@ python3.pkgs.buildPythonApplication rec {
nativeBuildInputs = with python3.pkgs; [ nativeBuildInputs = with python3.pkgs; [
appstream-glib appstream-glib
desktop-file-utils desktop-file-utils
gobjectIntrospection gobject-introspection
meson meson
ninja ninja
pkgconfig pkgconfig

4
pkgs/applications/audio/mopidy/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, pythonPackages, wrapGAppsHook { stdenv, fetchFromGitHub, pythonPackages, wrapGAppsHook
, gst_all_1, glib-networking, gobjectIntrospection , gst_all_1, glib-networking, gobject-introspection
}: }:
pythonPackages.buildPythonApplication rec { pythonPackages.buildPythonApplication rec {
@ -17,7 +17,7 @@ pythonPackages.buildPythonApplication rec {
buildInputs = with gst_all_1; [ buildInputs = with gst_all_1; [
gst-plugins-base gst-plugins-good gst-plugins-ugly gst-plugins-bad gst-plugins-base gst-plugins-good gst-plugins-ugly gst-plugins-bad
glib-networking gobjectIntrospection glib-networking gobject-introspection
]; ];
propagatedBuildInputs = with pythonPackages; [ propagatedBuildInputs = with pythonPackages; [

6
pkgs/applications/audio/mopidy/iris.nix
View File

@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec { pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris"; pname = "Mopidy-Iris";
version = "3.31.1"; version = "3.31.2";
src = pythonPackages.fetchPypi { src = pythonPackages.fetchPypi {
inherit pname version; inherit pname version;
sha256 = "1djxkgjvfzijvlq3gill1p20l0q64dbv9wd55whbir1l7y8wdga5"; sha256 = "0639ib5nicrabckjd17wdmhl8n3822gc2p1bn0xv8mq70paspar6";
}; };
propagatedBuildInputs = [ propagatedBuildInputs = [
@ -17,7 +17,7 @@ pythonPackages.buildPythonApplication rec {
pylast pylast
spotipy spotipy
raven raven
tornado tornado_4
]); ]);
postPatch = "sed -i /tornado/d setup.py"; postPatch = "sed -i /tornado/d setup.py";

4
pkgs/applications/audio/mopidy/local-images.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, pythonPackages, mopidy, gobjectIntrospection }: { stdenv, fetchFromGitHub, pythonPackages, mopidy, gobject-introspection }:
pythonPackages.buildPythonApplication rec { pythonPackages.buildPythonApplication rec {
pname = "mopidy-local-images"; pname = "mopidy-local-images";
@ -11,7 +11,7 @@ pythonPackages.buildPythonApplication rec {
sha256 = "0gdqxws0jish50mmi57mlqcs659wrllzv00czl18niz94vzvyc0d"; sha256 = "0gdqxws0jish50mmi57mlqcs659wrllzv00czl18niz94vzvyc0d";
}; };
buildInputs = [ gobjectIntrospection ]; buildInputs = [ gobject-introspection ];
checkInputs = [ checkInputs = [
pythonPackages.mock pythonPackages.mock

4
pkgs/applications/audio/pithos/default.nix
View File

@ -1,4 +1,4 @@
{ fetchFromGitHub, stdenv, pythonPackages, gtk3, gobjectIntrospection, libnotify { fetchFromGitHub, stdenv, pythonPackages, gtk3, gobject-introspection, libnotify
, gst_all_1, wrapGAppsHook }: , gst_all_1, wrapGAppsHook }:
pythonPackages.buildPythonApplication rec { pythonPackages.buildPythonApplication rec {
@ -27,7 +27,7 @@ pythonPackages.buildPythonApplication rec {
buildInputs = [ wrapGAppsHook ]; buildInputs = [ wrapGAppsHook ];
propagatedBuildInputs = propagatedBuildInputs =
[ gtk3 gobjectIntrospection libnotify ] ++ [ gtk3 gobject-introspection libnotify ] ++
(with gst_all_1; [ gstreamer gst-plugins-base gst-plugins-good gst-plugins-ugly gst-plugins-bad ]) ++ (with gst_all_1; [ gstreamer gst-plugins-base gst-plugins-good gst-plugins-ugly gst-plugins-bad ]) ++
(with pythonPackages; [ pygobject3 pylast ]); (with pythonPackages; [ pygobject3 pylast ]);

4
pkgs/applications/audio/quodlibet/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, python3, wrapGAppsHook, gettext, intltool, libsoup, gnome3, gtk3, gdk_pixbuf, { stdenv, fetchurl, python3, wrapGAppsHook, gettext, intltool, libsoup, gnome3, gtk3, gdk_pixbuf,
tag ? "", xvfb_run, dbus, glibcLocales, glib, glib-networking, gobjectIntrospection, tag ? "", xvfb_run, dbus, glibcLocales, glib, glib-networking, gobject-introspection,
gst_all_1, withGstPlugins ? true, gst_all_1, withGstPlugins ? true,
xineBackend ? false, xineLib, xineBackend ? false, xineLib,
withDbusPython ? false, withPyInotify ? false, withMusicBrainzNgs ? false, withPahoMqtt ? false, withDbusPython ? false, withPyInotify ? false, withMusicBrainzNgs ? false, withPahoMqtt ? false,
@ -24,7 +24,7 @@ python3.pkgs.buildPythonApplication rec {
checkInputs = with python3.pkgs; [ pytest pytest_xdist pyflakes pycodestyle polib xvfb_run dbus.daemon glibcLocales ]; checkInputs = with python3.pkgs; [ pytest pytest_xdist pyflakes pycodestyle polib xvfb_run dbus.daemon glibcLocales ];
buildInputs = [ gnome3.defaultIconTheme libsoup glib glib-networking gtk3 webkitgtk gdk_pixbuf keybinder3 gtksourceview libmodplug libappindicator-gtk3 kakasi gobjectIntrospection ] buildInputs = [ gnome3.defaultIconTheme libsoup glib glib-networking gtk3 webkitgtk gdk_pixbuf keybinder3 gtksourceview libmodplug libappindicator-gtk3 kakasi gobject-introspection ]
++ (if xineBackend then [ xineLib ] else with gst_all_1; ++ (if xineBackend then [ xineLib ] else with gst_all_1;
[ gstreamer gst-plugins-base ] ++ optionals withGstPlugins [ gst-plugins-good gst-plugins-ugly gst-plugins-bad ]); [ gstreamer gst-plugins-base ] ++ optionals withGstPlugins [ gst-plugins-good gst-plugins-ugly gst-plugins-bad ]);

14
pkgs/applications/audio/renoise/default.nix
View File

@ -1,4 +1,5 @@
{ stdenv, fetchurl, libX11, libXext, libXcursor, libXrandr, libjack2, alsaLib, releasePath ? null }: { stdenv, fetchurl, libX11, libXext, libXcursor, libXrandr, libjack2, alsaLib
, mpg123, releasePath ? null }:
with stdenv.lib; with stdenv.lib;
@ -35,7 +36,7 @@ stdenv.mkDerivation rec {
releasePath releasePath
else throw "Platform is not supported by Renoise"; else throw "Platform is not supported by Renoise";
buildInputs = [ libX11 libXext libXcursor libXrandr alsaLib libjack2 ]; buildInputs = [ alsaLib libjack2 libX11 libXcursor libXext libXrandr ];
installPhase = '' installPhase = ''
cp -r Resources $out cp -r Resources $out
@ -54,13 +55,18 @@ stdenv.mkDerivation rec {
mkdir $out/bin mkdir $out/bin
ln -s $out/renoise $out/bin/renoise ln -s $out/renoise $out/bin/renoise
'';
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) --set-rpath $out/lib $out/renoise postFixup = ''
patchelf \
--set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
--set-rpath ${mpg123}/lib:$out/lib \
$out/renoise
''; '';
meta = { meta = {
description = "Modern tracker-based DAW"; description = "Modern tracker-based DAW";
homepage = http://www.renoise.com/; homepage = https://www.renoise.com/;
license = licenses.unfree; license = licenses.unfree;
maintainers = []; maintainers = [];
platforms = [ "i686-linux" "x86_64-linux" ]; platforms = [ "i686-linux" "x86_64-linux" ];

2
pkgs/applications/audio/seq24/default.nix
View File

@ -5,7 +5,7 @@ stdenv.mkDerivation rec {
version = "0.9.3"; version = "0.9.3";
src = fetchurl { src = fetchurl {
url = "http://launchpad.net/seq24/trunk/${version}/+download/${name}.tar.gz"; url = "https://launchpad.net/seq24/trunk/${version}/+download/${name}.tar.gz";
sha256 = "1qpyb7355s21sgy6gibkybxpzx4ikha57a8w644lca6qy9mhcwi3"; sha256 = "1qpyb7355s21sgy6gibkybxpzx4ikha57a8w644lca6qy9mhcwi3";
}; };

4
pkgs/applications/audio/sonata/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, pkgconfig, intltool, wrapGAppsHook { stdenv, fetchFromGitHub, pkgconfig, intltool, wrapGAppsHook
, python3Packages, gnome3, gtk3, gobjectIntrospection}: , python3Packages, gnome3, gtk3, gobject-introspection}:
let let
inherit (python3Packages) buildPythonApplication isPy3k dbus-python pygobject3 mpd2; inherit (python3Packages) buildPythonApplication isPy3k dbus-python pygobject3 mpd2;
@ -29,7 +29,7 @@ in buildPythonApplication rec {
''; '';
propagatedBuildInputs = [ propagatedBuildInputs = [
gobjectIntrospection gtk3 pygobject3 gobject-introspection gtk3 pygobject3
]; ];
# The optional tagpy dependency (for editing metadata) is not yet # The optional tagpy dependency (for editing metadata) is not yet

6
pkgs/applications/audio/synthv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "synthv1-${version}"; name = "synthv1-${version}";
version = "0.9.2"; version = "0.9.3";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/synthv1/${name}.tar.gz"; url = "mirror://sourceforge/synthv1/${name}.tar.gz";
sha256 = "1r60l286n8y4a4rrlnbc3h7xk4s2pvqykvskls89prxg0lkpz7kl"; sha256 = "0f58k5n2k667q8wsigg7bzl3lfgaf6jdj98r2a5nvyb18v1wpy2c";
}; };
buildInputs = [ qt5.qtbase qt5.qttools libjack2 alsaLib liblo lv2 ]; buildInputs = [ qt5.qtbase qt5.qttools libjack2 alsaLib liblo lv2 ];
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "An old-school 4-oscillator subtractive polyphonic synthesizer with stereo fx"; description = "An old-school 4-oscillator subtractive polyphonic synthesizer with stereo fx";
homepage = http://synthv1.sourceforge.net/; homepage = https://synthv1.sourceforge.io/;
license = licenses.gpl2Plus; license = licenses.gpl2Plus;
platforms = platforms.linux; platforms = platforms.linux;
maintainers = [ maintainers.goibhniu ]; maintainers = [ maintainers.goibhniu ];

37
pkgs/applications/audio/transcribe/default.nix
View File

@ -1,33 +1,31 @@
{ stdenv, fetchzip, lib, makeWrapper, alsaLib, atk, cairo, gdk_pixbuf { stdenv, fetchzip, wrapGAppsHook, alsaLib, atk, cairo, gdk_pixbuf
, glib, gst-ffmpeg, gst-plugins-bad, gst-plugins-base , glib, gst_all_1, gtk3, libSM, libX11, libpng12, pango, zlib }:
, gst-plugins-good, gst-plugins-ugly, gstreamer, gtk2, libSM, libX11
, libpng12, pango, zlib }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "transcribe-${version}"; name = "transcribe-${version}";
version = "8.40"; version = "8.72";
src = if stdenv.hostPlatform.system == "i686-linux" then src = if stdenv.hostPlatform.system == "i686-linux" then
fetchzip { fetchzip {
url = "https://www.seventhstring.com/xscribe/downlinux32_old/xscsetup.tar.gz"; url = "https://www.seventhstring.com/xscribe/downlinux32/xscsetup.tar.gz";
sha256 = "1ngidmj9zz8bmv754s5xfsjv7v6xr03vck4kigzq4bpc9b1fdhjq"; sha256 = "1h5l7ry9c9awpxfnd29b0wm973ifrhj17xl5d2fdsclw2swsickb";
} }
else if stdenv.hostPlatform.system == "x86_64-linux" then else if stdenv.hostPlatform.system == "x86_64-linux" then
fetchzip { fetchzip {
url = "https://www.seventhstring.com/xscribe/downlinux64_old/xsc64setup.tar.gz"; url = "https://www.seventhstring.com/xscribe/downlinux64/xsc64setup.tar.gz";
sha256 = "0svzi8svj6zn06gj0hr8mpnhq4416dvb4g5al0gpb1g3paywdaf9"; sha256 = "1rpd3ppnx5i5yrnfbjrx7h7dk48kwl99i9lnpa75ap7nxvbiznm0";
} }
else throw "Platform not supported"; else throw "Platform not supported";
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ wrapGAppsHook ];
buildInputs = [ gst-plugins-base gst-plugins-good buildInputs = with gst_all_1; [ gst-plugins-base gst-plugins-good
gst-plugins-bad gst-plugins-ugly gst-ffmpeg ]; gst-plugins-bad gst-plugins-ugly ];
dontPatchELF = true; dontPatchELF = true;
libPath = lib.makeLibraryPath [ libPath = with gst_all_1; stdenv.lib.makeLibraryPath [
stdenv.cc.cc glib gtk2 atk pango cairo gdk_pixbuf alsaLib stdenv.cc.cc glib gtk3 atk pango cairo gdk_pixbuf alsaLib
libX11 libSM libpng12 gstreamer gst-plugins-base zlib libX11 libSM libpng12 gstreamer gst-plugins-base zlib
]; ];
@ -42,13 +40,18 @@ stdenv.mkDerivation rec {
patchelf \ patchelf \
--set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \ --set-interpreter $(cat ${stdenv.cc}/nix-support/dynamic-linker) \
$out/libexec/transcribe $out/libexec/transcribe
'';
wrapProgram $out/libexec/transcribe \ preFixup = ''
--prefix GST_PLUGIN_SYSTEM_PATH : "$GST_PLUGIN_SYSTEM_PATH" \ gappsWrapperArgs+=(
--prefix GST_PLUGIN_SYSTEM_PATH : "$GST_PLUGIN_SYSTEM_PATH_1_0"
--prefix LD_LIBRARY_PATH : "${libPath}" --prefix LD_LIBRARY_PATH : "${libPath}"
)
'';
postFixup = ''
ln -s $out/libexec/transcribe $out/bin/ ln -s $out/libexec/transcribe $out/bin/
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "Software to help transcribe recorded music"; description = "Software to help transcribe recorded music";

4
pkgs/applications/audio/vocal/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, cmake, ninja, pkgconfig, vala_0_40, gtk3, libxml2, granite, webkitgtk, clutter-gtk { stdenv, fetchFromGitHub, cmake, ninja, pkgconfig, vala_0_40, gtk3, libxml2, granite, webkitgtk, clutter-gtk
, clutter-gst, libunity, libnotify, sqlite, gst_all_1, libsoup, json-glib, gnome3, gobjectIntrospection, wrapGAppsHook }: , clutter-gst, libunity, libnotify, sqlite, gst_all_1, libsoup, json-glib, gnome3, gobject-introspection, wrapGAppsHook }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "vocal"; pname = "vocal";
@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ nativeBuildInputs = [
cmake cmake
gobjectIntrospection gobject-introspection
libxml2 libxml2
ninja ninja
pkgconfig pkgconfig

6
pkgs/applications/audio/x42-plugins/default.nix
View File

@ -3,12 +3,12 @@
, libGLU, lv2, gtk2, cairo, pango, fftwFloat, zita-convolver }: , libGLU, lv2, gtk2, cairo, pango, fftwFloat, zita-convolver }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "20180812"; version = "20181103";
name = "x42-plugins-${version}"; name = "x42-plugins-${version}";
src = fetchurl { src = fetchurl {
url = "https://gareus.org/misc/x42-plugins/${name}.tar.xz"; url = "https://gareus.org/misc/x42-plugins/${name}.tar.xz";
sha256 = "0gzwzxpa2k2w9c6j3pspwi9slfyd57wb192d6yqcg92pfmnxy9dz"; sha256 = "085d6qjj7nl22f0xamqdrnfxwi8zrfwgkwm1svm73bjkdv270438";
}; };
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];
@ -34,6 +34,6 @@ stdenv.mkDerivation rec {
homepage = https://github.com/x42/x42-plugins; homepage = https://github.com/x42/x42-plugins;
maintainers = with maintainers; [ magnetophon ]; maintainers = with maintainers; [ magnetophon ];
license = licenses.gpl2; license = licenses.gpl2;
platforms = platforms.linux; platforms = [ "i686-linux" "x86_64-linux" ];
}; };
} }

4
pkgs/applications/display-managers/lightdm/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchFromGitHub, pam, pkgconfig, autoconf, automake, libtool, libxcb { stdenv, fetchFromGitHub, pam, pkgconfig, autoconf, automake, libtool, libxcb
, glib, libXdmcp, itstool, intltool, libxklavier, libgcrypt, audit, busybox , glib, libXdmcp, itstool, intltool, libxklavier, libgcrypt, audit, busybox
, polkit, accountsservice, gtk-doc, gnome3, gobjectIntrospection, vala , polkit, accountsservice, gtk-doc, gnome3, gobject-introspection, vala
, withQt4 ? false, qt4 , withQt4 ? false, qt4
, withQt5 ? false, qtbase , withQt5 ? false, qtbase
}: }:
@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
automake automake
gnome3.yelp-tools gnome3.yelp-tools
gnome3.yelp-xsl gnome3.yelp-xsl
gobjectIntrospection gobject-introspection
gtk-doc gtk-doc
intltool intltool
itstool itstool

12
pkgs/applications/editors/android-studio/default.nix
View File

@ -13,14 +13,14 @@ let
sha256Hash = "117skqjax1xz9plarhdnrw2rwprjpybdc7mx7wggxapyy920vv5r"; sha256Hash = "117skqjax1xz9plarhdnrw2rwprjpybdc7mx7wggxapyy920vv5r";
}; };
betaVersion = { betaVersion = {
version = "3.3.0.16"; # "Android Studio 3.3 Beta 4" version = "3.3.0.17"; # "Android Studio 3.3 RC 1"
build = "182.5114240"; build = "182.5138683";
sha256Hash = "12gzwnlvc1w5lywpdckdgwxy2yrhf0m0fvaljdsis2arw0x9qdh2"; sha256Hash = "0apc566l4gwkwvfgj50d4qxm2gw26rxdlyr8kj3kfcra9a33c2b7";
}; };
latestVersion = { # canary & dev latestVersion = { # canary & dev
version = "3.4.0.3"; # "Android Studio 3.4 Canary 4" version = "3.4.0.5"; # "Android Studio 3.4 Canary 6"
build = "183.5129585"; build = "183.5146016";
sha256Hash = "10y09sy0h4yp39dwpp8x7kjvw8r7hvk0qllbbaqj76j33xa85793"; sha256Hash = "1z2asimpsw15iild7c4aqicph6v327qx3ffjgvl2n8vr5rspsns1";
}; };
in rec { in rec {
# Old alias # Old alias

4
pkgs/applications/editors/eclipse/plugins.nix
View File

@ -555,12 +555,12 @@ rec {
spotbugs = buildEclipseUpdateSite rec { spotbugs = buildEclipseUpdateSite rec {
name = "spotbugs-${version}"; name = "spotbugs-${version}";
version = "3.1.8"; version = "3.1.9";
src = fetchzip { src = fetchzip {
stripRoot = false; stripRoot = false;
url = "https://github.com/spotbugs/spotbugs/releases/download/${version}/eclipsePlugin.zip"; url = "https://github.com/spotbugs/spotbugs/releases/download/${version}/eclipsePlugin.zip";
sha256 = "0086shivxx745f69226f59xcv7l9xliwyr9kxm6zyn753c888js3"; sha256 = "0m68jbyaiz0rm4qq3nnwnvgndzv2c6ay6i29kh0p0vdbanggq3xz";
}; };
meta = with stdenv.lib; { meta = with stdenv.lib; {

31
pkgs/applications/editors/gnome-builder/default.nix
View File

@ -3,16 +3,15 @@
, desktop-file-utils , desktop-file-utils
, docbook_xsl , docbook_xsl
, docbook_xml_dtd_43 , docbook_xml_dtd_43
, fetchpatch
, fetchurl , fetchurl
, flatpak , flatpak
, glibcLocales , glibcLocales
, gnome3 , gnome3
, gobjectIntrospection , gobject-introspection
, gspell , gspell
, gtk-doc , gtk-doc
, gtk3 , gtk3
, gtksourceview3 , gtksourceview4
, hicolor-icon-theme , hicolor-icon-theme
, json-glib , json-glib
, jsonrpc-glib , jsonrpc-glib
@ -31,14 +30,14 @@
, wrapGAppsHook , wrapGAppsHook
}: }:
let let
version = "3.28.4"; version = "3.30.0";
pname = "gnome-builder"; pname = "gnome-builder";
in stdenv.mkDerivation { in stdenv.mkDerivation {
name = "${pname}-${version}"; name = "${pname}-${version}";
src = fetchurl { src = fetchurl {
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "0ibb74jlyrl5f6rj1b74196zfg2qaf870lxgi76qzpkgwq0iya05"; sha256 = "1pshzpjy9rk6gijlm97s316aihykzxrmb07vilp17q5857passak";
}; };
nativeBuildInputs = [ nativeBuildInputs = [
@ -47,7 +46,7 @@ in stdenv.mkDerivation {
docbook_xsl docbook_xsl
docbook_xml_dtd_43 docbook_xml_dtd_43
glibcLocales # for Meson's gtkdochelper glibcLocales # for Meson's gtkdochelper
gobjectIntrospection gobject-introspection
gtk-doc gtk-doc
hicolor-icon-theme hicolor-icon-theme
meson meson
@ -67,7 +66,7 @@ in stdenv.mkDerivation {
gnome3.vte gnome3.vte
gspell gspell
gtk3 gtk3
gtksourceview3 gtksourceview4
json-glib json-glib
jsonrpc-glib jsonrpc-glib
libdazzle libdazzle
@ -87,24 +86,6 @@ in stdenv.mkDerivation {
patchShebangs build-aux/meson/post_install.py patchShebangs build-aux/meson/post_install.py
''; '';
patches = [
(fetchpatch {
name = "absolute-shared-library-path.patch";
url = "https://gitlab.gnome.org/GNOME/gnome-builder/commit/1011cabc519fd7322e2d695c79bfce3e18ff6200.patch";
sha256 = "1g12zziidzrphp527aa8sklfaln4qpjprkz73f0c9w5ph6k252fw";
})
(fetchpatch {
name = "python-libprefix.patch";
url = "https://gitlab.gnome.org/GNOME/gnome-builder/commit/43494ce83a347f369ed4cfb8dd71d3b93452736b.patch";
sha256 = "0kgi3n3g13n1j4xa61ln9xiahcfdc43bxi5mw4yva2d5px445msf";
})
(fetchpatch {
name = "ostree-dependency.patch";
url = "https://gitlab.gnome.org/GNOME/gnome-builder/commit/8b11773b65c95f464a0de16b91318c1ca73deeae.patch";
sha256 = "18r4hd90id0w6r0lzqpw83bcj45nm9jhr46a0ffi1mcayb18mgbk";
})
];
mesonFlags = [ mesonFlags = [
"-Dpython_libprefix=${python3.libPrefix}" "-Dpython_libprefix=${python3.libPrefix}"
"-Dwith_docs=true" "-Dwith_docs=true"

4
pkgs/applications/editors/gnome-latex/default.nix
View File

@ -1,14 +1,14 @@
{ stdenv, fetchurl, wrapGAppsHook { stdenv, fetchurl, wrapGAppsHook
, tepl, amtk, gnome3, glib, pkgconfig, intltool, itstool, libxml2 }: , tepl, amtk, gnome3, glib, pkgconfig, intltool, itstool, libxml2 }:
let let
version = "3.30.1"; version = "3.30.2";
pname = "gnome-latex"; pname = "gnome-latex";
in stdenv.mkDerivation { in stdenv.mkDerivation {
name = "${pname}-${version}"; name = "${pname}-${version}";
src = fetchurl { src = fetchurl {
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "0yvkp311ikmiypzj2q6ypvyw5migxiqp8lwhyl3qq6mk6p0x66w8"; sha256 = "0fn3vy6w714wy0bz3y11zpdprpwxbv5xfiyyxjwp2nix9mbvv2sm";
}; };
NIX_CFLAGS_COMPILE = "-I${glib.dev}/include/gio-unix-2.0"; NIX_CFLAGS_COMPILE = "-I${glib.dev}/include/gio-unix-2.0";

28
pkgs/applications/editors/jetbrains/default.nix
View File

@ -276,12 +276,12 @@ in
goland = buildGoland rec { goland = buildGoland rec {
name = "goland-${version}"; name = "goland-${version}";
version = "2018.2.4"; /* updated by script */ version = "2018.3"; /* updated by script */
description = "Up and Coming Go IDE"; description = "Up and Coming Go IDE";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/go/${name}.tar.gz"; url = "https://download.jetbrains.com/go/${name}.tar.gz";
sha256 = "0aan23ggs314bvpsldsv9m4pdmnlgdcjac9x6hv1j145a1pp439i"; /* updated by script */ sha256 = "0hd44flxqnnxg390mkf4ppjs2nxv0nwdc7a2i65f69bp5h61x783"; /* updated by script */
}; };
wmClass = "jetbrains-goland"; wmClass = "jetbrains-goland";
update-channel = "GoLand Release"; update-channel = "GoLand Release";
@ -289,12 +289,12 @@ in
idea-community = buildIdea rec { idea-community = buildIdea rec {
name = "idea-community-${version}"; name = "idea-community-${version}";
version = "2018.2.6"; /* updated by script */ version = "2018.3"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition"; description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = stdenv.lib.licenses.asl20; license = stdenv.lib.licenses.asl20;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "02hpbyivji9vnik7p04zrja1rhhl49r0365g0i6sa1rrwd1fhvwf"; /* updated by script */ sha256 = "01ccz5ksbv8xh8mnk3zxqpia8zgayy8bcgmbwqibrykz47y6r7yy"; /* updated by script */
}; };
wmClass = "jetbrains-idea-ce"; wmClass = "jetbrains-idea-ce";
update-channel = "IntelliJ IDEA Release"; update-channel = "IntelliJ IDEA Release";
@ -302,12 +302,12 @@ in
idea-ultimate = buildIdea rec { idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}"; name = "idea-ultimate-${version}";
version = "2018.2.6"; /* updated by script */ version = "2018.3"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license"; description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jdk.tar.gz"; url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jdk.tar.gz";
sha256 = "0x0ylcbj8spvzmwxrw3p4c64ad27iz58lwj4yb8a6vwh6p22gflk"; /* updated by script */ sha256 = "16z0pqmxjn5dl42rbz7mx8gi13xs3220pzkdsdkh1k1ny9caqzvj"; /* updated by script */
}; };
wmClass = "jetbrains-idea"; wmClass = "jetbrains-idea";
update-channel = "IntelliJ IDEA Release"; update-channel = "IntelliJ IDEA Release";
@ -328,12 +328,12 @@ in
pycharm-community = buildPycharm rec { pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}"; name = "pycharm-community-${version}";
version = "2018.2.5"; /* updated by script */ version = "2018.3"; /* updated by script */
description = "PyCharm Community Edition"; description = "PyCharm Community Edition";
license = stdenv.lib.licenses.asl20; license = stdenv.lib.licenses.asl20;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz"; url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "0zfnhrkv4y90a3myq13406vzivg234l69x0c5d7vyv6ys7dmq5fm"; /* updated by script */ sha256 = "0kgrh3w4lpk7qkp5gss24in1nqahdfllvf97qz6r77zn9n5k1wq7"; /* updated by script */
}; };
wmClass = "jetbrains-pycharm-ce"; wmClass = "jetbrains-pycharm-ce";
update-channel = "PyCharm Release"; update-channel = "PyCharm Release";
@ -341,12 +341,12 @@ in
pycharm-professional = buildPycharm rec { pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}"; name = "pycharm-professional-${version}";
version = "2018.2.5"; /* updated by script */ version = "2018.3"; /* updated by script */
description = "PyCharm Professional Edition"; description = "PyCharm Professional Edition";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz"; url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "0yfq25kmzzd15x83zdbrq9j62c32maklzhsk1rzymabyb56blh5c"; /* updated by script */ sha256 = "0q4scwnqy0h725g9z5hd145c3n10iaj04z790s4lixg1c63h3y8q"; /* updated by script */
}; };
wmClass = "jetbrains-pycharm"; wmClass = "jetbrains-pycharm";
update-channel = "PyCharm Release"; update-channel = "PyCharm Release";
@ -367,12 +367,12 @@ in
ruby-mine = buildRubyMine rec { ruby-mine = buildRubyMine rec {
name = "ruby-mine-${version}"; name = "ruby-mine-${version}";
version = "2018.2.4"; /* updated by script */ version = "2018.2.5"; /* updated by script */
description = "The Most Intelligent Ruby and Rails IDE"; description = "The Most Intelligent Ruby and Rails IDE";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz"; url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz";
sha256 = "0dk3ch749ai5kyg9q8819ckrqw2jk4f656iqrkkpab9fjqfjylka"; /* updated by script */ sha256 = "0b01fnifk5iawyf2zi7r5ffz8dxlh18g2ilrkc5746vmnsp0jxq4"; /* updated by script */
}; };
wmClass = "jetbrains-rubymine"; wmClass = "jetbrains-rubymine";
update-channel = "RubyMine 2018.2"; update-channel = "RubyMine 2018.2";
@ -380,12 +380,12 @@ in
webstorm = buildWebStorm rec { webstorm = buildWebStorm rec {
name = "webstorm-${version}"; name = "webstorm-${version}";
version = "2018.2.6"; /* updated by script */ version = "2018.3"; /* updated by script */
description = "Professional IDE for Web and JavaScript development"; description = "Professional IDE for Web and JavaScript development";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz"; url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "1snx59b6d0szd1a07agpqxlprhy2mc9jvbnxcck5hfwxl3ic7x5g"; /* updated by script */ sha256 = "0msvgdjbdipc4g8j705d1jya2mjmx4wwhb23nch3znh7grryr75s"; /* updated by script */
}; };
wmClass = "jetbrains-webstorm"; wmClass = "jetbrains-webstorm";
update-channel = "WebStorm Release"; update-channel = "WebStorm Release";

2
pkgs/applications/editors/monodevelop/default.nix
View File

@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
}; };
nunit2510 = fetchurl { nunit2510 = fetchurl {
url = "http://launchpad.net/nunitv2/2.5/2.5.10/+download/NUnit-2.5.10.11092.zip"; url = "https://launchpad.net/nunitv2/2.5/2.5.10/+download/NUnit-2.5.10.11092.zip";
sha256 = "0k5h5bz1p2v3d0w0hpkpbpvdkcszgp8sr9ik498r1bs72w5qlwnc"; sha256 = "0k5h5bz1p2v3d0w0hpkpbpvdkcszgp8sr9ik498r1bs72w5qlwnc";
}; };

4
pkgs/applications/editors/quilter/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchFromGitHub, fetchpatch, vala_0_40, pkgconfig, meson, ninja, python3 { stdenv, fetchFromGitHub, fetchpatch, vala_0_40, pkgconfig, meson, ninja, python3
, granite, gtk3, desktop-file-utils, gnome3, gtksourceview, webkitgtk, gtkspell3 , granite, gtk3, desktop-file-utils, gnome3, gtksourceview, webkitgtk, gtkspell3
, discount, gobjectIntrospection, wrapGAppsHook }: , discount, gobject-introspection, wrapGAppsHook }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "quilter"; pname = "quilter";
@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ nativeBuildInputs = [
desktop-file-utils desktop-file-utils
gobjectIntrospection gobject-introspection
meson meson
ninja ninja
pkgconfig pkgconfig

4
pkgs/applications/editors/rednotebook/default.nix
View File

@ -1,5 +1,5 @@
{ lib, buildPythonApplication, fetchFromGitHub { lib, buildPythonApplication, fetchFromGitHub
, gdk_pixbuf, glib, gobjectIntrospection, gtk3, gtksourceview, pango, webkitgtk , gdk_pixbuf, glib, gobject-introspection, gtk3, gtksourceview, pango, webkitgtk
, pygobject3, pyyaml , pygobject3, pyyaml
}: }:
@ -17,7 +17,7 @@ buildPythonApplication rec {
# We have not packaged tests. # We have not packaged tests.
doCheck = false; doCheck = false;
nativeBuildInputs = [ gobjectIntrospection ]; nativeBuildInputs = [ gobject-introspection ];
propagatedBuildInputs = [ propagatedBuildInputs = [
gdk_pixbuf glib gtk3 gtksourceview pango webkitgtk gdk_pixbuf glib gtk3 gtksourceview pango webkitgtk

37
pkgs/applications/graphics/deskew/default.nix Normal file
View File

@ -0,0 +1,37 @@
{ stdenv, fetchFromBitbucket, libtiff, fpc }:
stdenv.mkDerivation rec {
name = "deskew-${version}";
version = "1.25";
src = fetchFromBitbucket {
owner = "galfar";
repo = "app-deskew";
rev = "v${version}";
sha256 = "0zjjj66qhgqkmfxl3q7p78dv4xl4ci918pgl4d5259pqdj1bfgc8";
};
nativeBuildInputs = [ fpc ];
buildInputs = [ libtiff ];
buildPhase = ''
rm -r Bin # Remove pre-compiled binary
mkdir Bin
chmod +x compile.sh
./compile.sh
'';
installPhase = ''
install -Dt $out/bin Bin/*
'';
meta = with stdenv.lib; {
description = "A command line tool for deskewing scanned text documents";
homepage = https://bitbucket.org/galfar/app-deskew/overview;
license = licenses.mit;
maintainers = with maintainers; [ryantm];
platforms = platforms.all;
};
}

4
pkgs/applications/graphics/mypaint/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, gtk3, intltool, json_c, lcms2, libpng, librsvg, gobjectIntrospection, hicolor-icon-theme { stdenv, fetchFromGitHub, gtk3, intltool, json_c, lcms2, libpng, librsvg, gobject-introspection, hicolor-icon-theme
, gdk_pixbuf, pkgconfig, python2Packages, scons, swig, wrapGAppsHook }: , gdk_pixbuf, pkgconfig, python2Packages, scons, swig, wrapGAppsHook }:
let let
@ -17,7 +17,7 @@ in stdenv.mkDerivation rec {
nativeBuildInputs = [ nativeBuildInputs = [
intltool pkgconfig scons swig wrapGAppsHook intltool pkgconfig scons swig wrapGAppsHook
gobjectIntrospection # for setup hook gobject-introspection # for setup hook
]; ];
buildInputs = [ buildInputs = [

4
pkgs/applications/graphics/photoflow/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, gettext, glib, libxml2, pkgconfig, swig, automake, gobjectIntrospection, cmake, ninja, libtiff, libjpeg, fftw, exiv2, lensfun, gtkmm2, libraw, lcms2, libexif, vips, expat, pcre, pugixml }: { stdenv, fetchFromGitHub, gettext, glib, libxml2, pkgconfig, swig, automake, gobject-introspection, cmake, ninja, libtiff, libjpeg, fftw, exiv2, lensfun, gtkmm2, libraw, lcms2, libexif, vips, expat, pcre, pugixml }:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "photoflow-unstable-2018-08-28"; name = "photoflow-unstable-2018-08-28";
@ -17,7 +17,7 @@ stdenv.mkDerivation {
pkgconfig pkgconfig
swig swig
automake automake
gobjectIntrospection gobject-introspection
cmake cmake
ninja ninja
]; ];

4
pkgs/applications/graphics/rapid-photo-downloader/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, python3Packages { stdenv, fetchurl, python3Packages
, file, intltool, gobjectIntrospection, libgudev , file, intltool, gobject-introspection, libgudev
, udisks, glib, gnome3, gst_all_1, libnotify , udisks, glib, gnome3, gst_all_1, libnotify
, exiv2, exiftool, qt5, gdk_pixbuf , exiv2, exiftool, qt5, gdk_pixbuf
}: }:
@ -23,7 +23,7 @@ python3Packages.buildPythonApplication rec {
--replace "import problemnotification" "import raphodo.problemnotification" --replace "import problemnotification" "import raphodo.problemnotification"
''; '';
nativeBuildInputs = [ file intltool gobjectIntrospection ]; nativeBuildInputs = [ file intltool gobject-introspection ];
buildInputs = [ buildInputs = [
libgudev libgudev

13
pkgs/applications/graphics/shotwell/default.nix
View File

@ -1,23 +1,23 @@
{ fetchurl, stdenv, meson, ninja, gtk3, libexif, libgphoto2, libsoup, libxml2, vala, sqlite { fetchurl, stdenv, meson, ninja, gtk3, libexif, libgphoto2, libsoup, libxml2, vala, sqlite
, webkitgtk, pkgconfig, gnome3, gst_all_1, libgudev, libraw, glib, json-glib , webkitgtk, pkgconfig, gnome3, gst_all_1, libgudev, libraw, glib, json-glib
, gettext, desktop-file-utils, gdk_pixbuf, librsvg, wrapGAppsHook , gettext, desktop-file-utils, gdk_pixbuf, librsvg, wrapGAppsHook
, gobjectIntrospection, itstool, libgdata }: , gobject-introspection, itstool, libgdata, python3 }:
# for dependencies see https://wiki.gnome.org/Apps/Shotwell/BuildingAndInstalling # for dependencies see https://wiki.gnome.org/Apps/Shotwell/BuildingAndInstalling
let let
pname = "shotwell"; pname = "shotwell";
version = "0.28.2"; version = "0.30.1";
in stdenv.mkDerivation rec { in stdenv.mkDerivation rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
src = fetchurl { src = fetchurl {
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz"; url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz";
sha256 = "0pa7lb33i4hdnz7hr7x938d48ilrnj47jzb99la79rmm08yyin8n"; sha256 = "01hsmig06hjv34yf9y60hv2gml593xfkza4ilq4b22gr8l4v2qip";
}; };
nativeBuildInputs = [ nativeBuildInputs = [
meson ninja vala pkgconfig itstool gettext desktop-file-utils wrapGAppsHook gobjectIntrospection meson ninja vala pkgconfig itstool gettext desktop-file-utils python3 wrapGAppsHook gobject-introspection
]; ];
buildInputs = [ buildInputs = [
@ -28,8 +28,9 @@ in stdenv.mkDerivation rec {
gnome3.gcr gnome3.defaultIconTheme libgdata gnome3.gcr gnome3.defaultIconTheme libgdata
]; ];
postInstall = '' postPatch = ''
glib-compile-schemas $out/share/glib-2.0/schemas chmod +x build-aux/meson/postinstall.py # patchShebangs requires executable file
patchShebangs build-aux/meson/postinstall.py
''; '';
passthru = { passthru = {

10
pkgs/applications/graphics/tesseract/4.x.nix
View File

@ -7,20 +7,20 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "tesseract-${version}"; name = "tesseract-${version}";
version = "4.00.00alpha-git-20170410"; version = "4.0.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "tesseract-ocr"; owner = "tesseract-ocr";
repo = "tesseract"; repo = "tesseract";
rev = "36a995bdc92eb2dd8bc5a63205708944a3f990a1"; rev = version;
sha256 = "0xz3krvap8sdm27v1dyb34lcdmx11wzvxyszpppfsfmjgkvg19bq"; sha256 = "1b5fi2vibc4kk9b30kkk4ais4bw8fbbv24bzr5709194hb81cav8";
}; };
tessdata = fetchFromGitHub { tessdata = fetchFromGitHub {
owner = "tesseract-ocr"; owner = "tesseract-ocr";
repo = "tessdata"; repo = "tessdata";
rev = "8bf2e7ad08db9ca174ae2b0b3a7498c9f1f71d40"; rev = version;
sha256 = "0idwkv4qsmmqhrxcgyhy32yldl3vk054m7dkv4fjswfnalgsx794"; sha256 = "1chw1ya5zf8aaj2ixr9x013x7vwwwjjmx6f2ag0d6i14lypygy28";
}; };
nativeBuildInputs = [ pkgconfig autoreconfHook autoconf-archive ]; nativeBuildInputs = [ pkgconfig autoreconfHook autoconf-archive ];

58
pkgs/applications/inferno/default.nix
View File

@ -1,58 +0,0 @@
{ fetchhg, stdenv, xorg, makeWrapper }:
stdenv.mkDerivation rec {
# Inferno is a rolling release from a mercurial repository. For the verison number
# of the package I'm using the mercurial commit number.
rev = "785";
name = "inferno-${rev}";
host = "Linux";
objtype = "386";
src = fetchhg {
url = "https://bitbucket.org/inferno-os/inferno-os";
sha256 = "1b428ma9fi5skvfrxp91dr43a62kax89wmx7950ahc1cxyx90k7x";
};
buildInputs = [ makeWrapper ] ++ (with xorg; [ libX11 libXpm libXext xextproto ]);
infernoWrapper = ./inferno;
configurePhase = ''
sed -e 's@^ROOT=.*$@ROOT='"$out"'/share/inferno@g' \
-e 's@^OBJTYPE=.*$@OBJTYPE=${objtype}@g' \
-e 's@^SYSHOST=.*$@SYSHOST=${host}@g' \
-i mkconfig
# Get rid of an annoying warning
sed -e 's/_BSD_SOURCE/_DEFAULT_SOURCE/g' \
-i ${host}/${objtype}/include/lib9.h
'';
buildPhase = ''
mkdir -p $out/share/inferno
cp -r . $out/share/inferno
./makemk.sh
export PATH=$PATH:$out/share/inferno/Linux/386/bin
mk nuke
mk
'';
installPhase = ''
# Installs executables in $out/share/inferno/${host}/${objtype}/bin
mk install
mkdir -p $out/bin
# Install start-up script
makeWrapper $infernoWrapper $out/bin/inferno \
--suffix PATH ':' "$out/share/inferno/Linux/386/bin" \
--set INFERNO_ROOT "$out/share/inferno"
'';
hardeningDisable = [ "fortify" ];
meta = {
description = "A compact distributed operating system for building cross-platform distributed systems";
homepage = http://inferno-os.org/;
license = stdenv.lib.licenses.gpl2;
maintainers = with stdenv.lib.maintainers; [ doublec kovirobi ];
platforms = with stdenv.lib.platforms; linux;
};
}

31
pkgs/applications/inferno/inferno
View File

@ -1,31 +0,0 @@
#! /usr/bin/env bash
export INFERNO_HOME="$HOME/.local/share/inferno"
if [ -n "$XDG_DATA_HOME" ]
then export INFERNO_HOME="$XDG_DATA_HOME/inferno"
fi
if [ ! -d $INFERNO_HOME ]; then
mkdir -p $INFERNO_HOME
fi
if [ ! -d $INFERNO_HOME/tmp ]; then
mkdir -p $INFERNO_HOME/tmp
fi
for d in $INFERNO_HOME/{acme,appl,dis,lib,man,module,usr/inferno}; do
if [ ! -d $d ]; then
mkdir -p $d
cp --no-preserve=all -r $INFERNO_ROOT/${d#$INFERNO_HOME/}/* $d/
chmod -R +w $d
fi
done
if [ ! -d $INFERNO_HOME/usr/$USER ]; then
mkdir -p $INFERNO_HOME/usr/$USER
cp -r $INFERNO_ROOT/usr/inferno/* $INFERNO_HOME/usr/$USER/
chmod -R +w $INFERNO_HOME/usr/$USER
fi
exec emu "$@" /dis/sh.dis -c "bind -b -c '#U*$INFERNO_HOME/' /; /dis/sh.dis"

4
pkgs/applications/kde/dolphin.nix
View File

@ -4,7 +4,8 @@
baloo, baloo-widgets, kactivities, kbookmarks, kcmutils, baloo, baloo-widgets, kactivities, kbookmarks, kcmutils,
kcompletion, kconfig, kcoreaddons, kdelibs4support, kdbusaddons, kcompletion, kconfig, kcoreaddons, kdelibs4support, kdbusaddons,
kfilemetadata, ki18n, kiconthemes, kinit, kio, knewstuff, knotifications, kfilemetadata, ki18n, kiconthemes, kinit, kio, knewstuff, knotifications,
kparts, ktexteditor, kwindowsystem, phonon, solid kparts, ktexteditor, kwindowsystem, phonon, solid,
wayland, qtwayland
}: }:
mkDerivation { mkDerivation {
@ -19,6 +20,7 @@ mkDerivation {
kcoreaddons kdelibs4support kdbusaddons kfilemetadata ki18n kiconthemes kcoreaddons kdelibs4support kdbusaddons kfilemetadata ki18n kiconthemes
kinit kio knewstuff knotifications kparts ktexteditor kwindowsystem kinit kio knewstuff knotifications kparts ktexteditor kwindowsystem
phonon solid phonon solid
wayland qtwayland
]; ];
outputs = [ "out" "dev" ]; outputs = [ "out" "dev" ];
# We need the RPATH for linking, because the `libkdeinit5_dolphin.so` links # We need the RPATH for linking, because the `libkdeinit5_dolphin.so` links

75
pkgs/applications/misc/aminal/default.nix Normal file
View File

@ -0,0 +1,75 @@
{ buildGoPackage
, Carbon
, Cocoa
, Kernel
, cf-private
, fetchFromGitHub
, lib
, mesa_glu
, stdenv
, xorg
}:
buildGoPackage rec {
name = "aminal-${version}";
version = "0.7.4";
goPackagePath = "github.com/liamg/aminal";
buildInputs =
lib.optionals stdenv.isLinux [
mesa_glu
xorg.libX11
xorg.libXcursor
xorg.libXi
xorg.libXinerama
xorg.libXrandr
xorg.libXxf86vm
] ++ lib.optionals stdenv.isDarwin [
Carbon
Cocoa
Kernel
cf-private /* Needed for NSDefaultRunLoopMode */
];
src = fetchFromGitHub {
owner = "liamg";
repo = "aminal";
rev = "v${version}";
sha256 = "0wnzxjlv98pi3gy4hp3d19pwpa4kf1h5rqy03s9bcqdbpb1v1b7v";
};
preBuild = ''
buildFlagsArray=("-ldflags=-X ${goPackagePath}/version.Version=${version}")
'';
meta = with lib; {
description = "Golang terminal emulator from scratch";
longDescription = ''
Aminal is a modern terminal emulator for Mac/Linux implemented in Golang
and utilising OpenGL.
The project is experimental at the moment, so you probably won't want to
rely on Aminal as your main terminal for a while.
Features:
- Unicode support
- OpenGL rendering
- Customisation options
- True colour support
- Support for common ANSI escape sequences a la xterm
- Scrollback buffer
- Clipboard access
- Clickable URLs
- Multi platform support (Windows coming soon...)
- Sixel support
- Hints/overlays
- Built-in patched fonts for powerline
- Retina display support
'';
homepage = https://github.com/liamg/aminal;
license = licenses.gpl3;
maintainers = with maintainers; [ kalbasit ];
platforms = platforms.linux ++ platforms.darwin;
};
}

30
pkgs/applications/misc/autospotting/default.nix Normal file
View File

@ -0,0 +1,30 @@
{ stdenv, buildGoPackage, fetchFromGitHub }:
buildGoPackage rec {
name = "autospotting-${version}";
version = "unstable-2018-11-17";
goPackagePath = "github.com/AutoSpotting/AutoSpotting";
src = fetchFromGitHub {
owner = "AutoSpotting";
repo = "AutoSpotting";
rev = "122ab8f292a2f718dd85e79ec22acd455122907e";
sha256 = "0p48lgig9kblxvgq1kggczkn4qdbx6ciq9c8x0179i80vl4jf7v6";
};
goDeps = ./deps.nix;
# patching path where repository used to exist
postPatch = ''
sed -i "s+github.com/cristim/autospotting/core+github.com/AutoSpotting/AutoSpotting/core+" autospotting.go
'';
meta = with stdenv.lib; {
homepage = https://github.com/AutoSpotting/AutoSpotting;
description = "Automatically convert your existing AutoScaling groups to up to 90% cheaper spot instances with minimal configuration changes";
license = licenses.free;
maintainers = [ maintainers.costrouc ];
platforms = platforms.linux;
};
}

75
pkgs/applications/misc/autospotting/deps.nix generated Normal file
View File

@ -0,0 +1,75 @@
# file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix)
[
{
goPackagePath = "github.com/aws/aws-lambda-go";
fetch = {
type = "git";
url = "https://github.com/aws/aws-lambda-go";
rev = "2d482ef09017ae953b1e8d5a6ddac5b696663a3c";
sha256 = "06v2yfvn4sn116lds0526a8mfrsng4vafrdjf1dhpalqarrbdvmz";
};
}
{
goPackagePath = "github.com/aws/aws-sdk-go";
fetch = {
type = "git";
url = "https://github.com/aws/aws-sdk-go";
rev = "9333060a8d957db41bff1c80603a802aa674fad8";
sha256 = "0fnypw6zm6k70fzhm5a8g69ag64rxbrrpdk7l3rkfqd99slyg5kz";
};
}
{
goPackagePath = "github.com/cristim/ec2-instances-info";
fetch = {
type = "git";
url = "https://github.com/cristim/ec2-instances-info";
rev = "73c042a5558cd6d8b61fb82502d6f7aec334e9ed";
sha256 = "1xajrkxqqz5wlbi9w2wdhnk115rbmqxyga29f8v9psq8hzwgi0rg";
};
}
{
goPackagePath = "github.com/davecgh/go-spew";
fetch = {
type = "git";
url = "https://github.com/davecgh/go-spew";
rev = "d8f796af33cc11cb798c1aaeb27a4ebc5099927d";
sha256 = "19z27f306fpsrjdvkzd61w1bdazcdbczjyjck177g33iklinhpvx";
};
}
{
goPackagePath = "github.com/go-ini/ini";
fetch = {
type = "git";
url = "https://github.com/go-ini/ini";
rev = "5cf292cae48347c2490ac1a58fe36735fb78df7e";
sha256 = "0xbnw1nd22q6k863n5gs0nxld15w0p8qxbhfky85akcb5rk1vwi9";
};
}
{
goPackagePath = "github.com/jmespath/go-jmespath";
fetch = {
type = "git";
url = "https://github.com/jmespath/go-jmespath";
rev = "0b12d6b5";
sha256 = "1vv6hph8j6xgv7gwl9vvhlsaaqsm22sxxqmgmldi4v11783pc1ld";
};
}
{
goPackagePath = "github.com/namsral/flag";
fetch = {
type = "git";
url = "https://github.com/namsral/flag";
rev = "67f268f20922975c067ed799e4be6bacf152208c";
sha256 = "1lmxq3z276zrsggpfq9b7yklzzxdyib49zr8sznb1lcqlvxqsr47";
};
}
{
goPackagePath = "github.com/pkg/errors";
fetch = {
type = "git";
url = "https://github.com/pkg/errors";
rev = "645ef00459ed84a119197bfb8d8205042c6df63d";
sha256 = "001i6n71ghp2l6kdl3qq1v2vmghcz3kicv9a5wgcihrzigm75pp5";
};
}
]

4
pkgs/applications/misc/font-manager/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchFromGitHub, automake, autoconf, libtool, { stdenv, fetchFromGitHub, automake, autoconf, libtool,
pkgconfig, file, intltool, libxml2, json-glib , sqlite, itstool, pkgconfig, file, intltool, libxml2, json-glib , sqlite, itstool,
librsvg, vala, gnome3, wrapGAppsHook, gobjectIntrospection librsvg, vala, gnome3, wrapGAppsHook, gobject-introspection
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
gnome3.yelp-tools gnome3.yelp-tools
wrapGAppsHook wrapGAppsHook
# For setup hook # For setup hook
gobjectIntrospection gobject-introspection
]; ];
buildInputs = [ buildInputs = [

4
pkgs/applications/misc/gImageReader/default.nix
View File

@ -6,7 +6,7 @@
# Gtk deps # Gtk deps
# upstream gImagereader supports Qt too # upstream gImagereader supports Qt too
, gtk3, gobjectIntrospection, wrapGAppsHook , gtk3, gobject-introspection, wrapGAppsHook
, gnome3, gtkspell3, gtkspellmm, cairomm , gnome3, gtkspell3, gtkspellmm, cairomm
}: }:
@ -33,7 +33,7 @@ stdenv.mkDerivation rec {
# Gtk specific # Gtk specific
wrapGAppsHook wrapGAppsHook
gobjectIntrospection gobject-introspection
]; ];
buildInputs = [ buildInputs = [

79
pkgs/applications/misc/gnome-recipes/default.nix Normal file
View File

@ -0,0 +1,79 @@
{ stdenv
, fetchurl
, meson
, ninja
, pkgconfig
, gnome3
, desktop-file-utils
, gettext
, itstool
, python3
, wrapGAppsHook
, gtk3
, glib
, libsoup
, gnome-online-accounts
, rest
, json-glib
, gnome-autoar
, gspell
, libcanberra }:
let
pname = "gnome-recipes";
version = "2.0.2";
in stdenv.mkDerivation rec {
name = "${pname}-${version}";
src = fetchurl {
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz";
sha256 = "1yymii3yf823d9x28fbhqdqm1wa30s40j94x0am9fjj0nzyd5s8v";
};
nativeBuildInputs = [
meson
ninja
pkgconfig
desktop-file-utils
gettext
itstool
python3
wrapGAppsHook
];
buildInputs = [
gtk3
glib
libsoup
gnome-online-accounts
rest
json-glib
gnome-autoar
gspell
libcanberra
];
# https://github.com/NixOS/nixpkgs/issues/36468
# https://gitlab.gnome.org/GNOME/recipes/issues/76
NIX_CFLAGS_COMPILE = "-I${gnome3.glib.dev}/include/gio-unix-2.0";
postPatch = ''
chmod +x src/list_to_c.py
patchShebangs src/list_to_c.py
patchShebangs meson_post_install.py
'';
passthru = {
updateScript = gnome3.updateScript {
packageName = pname;
};
};
meta = with stdenv.lib; {
description = "Recipe management application for GNOME";
homepage = https://wiki.gnome.org/Apps/Recipes;
maintainers = gnome3.maintainers;
license = licenses.gpl3;
platforms = platforms.unix;
};
}

Some files were not shown because too many files have changed in this diff Show More