public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into staging-next

Browse Source 
Hydra nixpkgs: ?compare=1512490
This commit is contained in:
Vladimír Čunát 2019-04-02 20:56:53 +02:00
commit 2771375d6e
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
677 changed files with 14350 additions and 6998 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/CODEOWNERS vendored
View File

@ -58,11 +58,11 @@
/doc/languages-frameworks/python.section.md @FRidh /doc/languages-frameworks/python.section.md @FRidh
# Haskell # Haskell
/pkgs/development/compilers/ghc @peti @basvandijk /pkgs/development/compilers/ghc @basvandijk
/pkgs/development/haskell-modules @peti @basvandijk /pkgs/development/haskell-modules @basvandijk
/pkgs/development/haskell-modules/default.nix @peti @basvandijk /pkgs/development/haskell-modules/default.nix @basvandijk
/pkgs/development/haskell-modules/generic-builder.nix @peti @basvandijk /pkgs/development/haskell-modules/generic-builder.nix @basvandijk
/pkgs/development/haskell-modules/hoogle.nix @peti @basvandijk /pkgs/development/haskell-modules/hoogle.nix @basvandijk
# Perl # Perl
/pkgs/development/interpreters/perl @volth /pkgs/development/interpreters/perl @volth

11
doc/Makefile
View File

@ -78,15 +78,14 @@ manual-full.xml: ${MD_TARGETS} .version functions/library/locations.xml function
nix-instantiate --eval \ nix-instantiate --eval \
-E '(import ../lib).version' > .version -E '(import ../lib).version' > .version
function_locations := $(shell nix-build --no-out-link ./lib-function-locations.nix)
functions/library/locations.xml: functions/library/locations.xml:
ln -s $(function_locations) ./functions/library/locations.xml nix-build ./lib-function-locations.nix \
--out-link $@
functions/library/generated: functions/library/generated: functions/library/locations.xml
nix-build ./lib-function-docs.nix \ nix-build ./lib-function-docs.nix \
--arg locationsXml $(function_locations)\ --arg locationsXml $< \
--out-link ./functions/library/generated --out-link $@
%.section.xml: %.section.md %.section.xml: %.section.md
pandoc $^ -w docbook+smart \ pandoc $^ -w docbook+smart \

374
doc/cross-compilation.xml
View File

@ -12,11 +12,12 @@
computing power and memory to compile their own programs. One might think computing power and memory to compile their own programs. One might think
that cross-compilation is a fairly niche concern. However, there are that cross-compilation is a fairly niche concern. However, there are
significant advantages to rigorously distinguishing between build-time and significant advantages to rigorously distinguishing between build-time and
run-time environments! This applies even when one is developing and run-time environments! Significant, because the benefits apply even when one
deploying on the same machine. Nixpkgs is increasingly adopting the opinion is developing and deploying on the same machine. Nixpkgs is increasingly
that packages should be written with cross-compilation in mind, and nixpkgs adopting the opinion that packages should be written with cross-compilation
should evaluate in a similar way (by minimizing cross-compilation-specific in mind, and nixpkgs should evaluate in a similar way (by minimizing
special cases) whether or not one is cross-compiling. cross-compilation-specific special cases) whether or not one is
cross-compiling.
</para> </para>
<para> <para>
@ -30,7 +31,7 @@
<section xml:id="sec-cross-packaging"> <section xml:id="sec-cross-packaging">
<title>Packaging in a cross-friendly manner</title> <title>Packaging in a cross-friendly manner</title>
<section xml:id="sec-cross-platform-parameters"> <section xml:id="ssec-cross-platform-parameters">
<title>Platform parameters</title> <title>Platform parameters</title>
<para> <para>
@ -218,8 +219,20 @@
</variablelist> </variablelist>
</section> </section>
<section xml:id="sec-cross-specifying-dependencies"> <section xml:id="ssec-cross-dependency-categorization">
<title>Specifying Dependencies</title> <title>Theory of dependency categorization</title>
<note>
<para>
This is a rather philosophical description that isn't very
Nixpkgs-specific. For an overview of all the relevant attributes given to
<varname>mkDerivation</varname>, see
<xref
linkend="ssec-stdenv-dependencies"/>. For a description of how
everything is implemented, see
<xref linkend="ssec-cross-dependency-implementation" />.
</para>
</note>
<para> <para>
In this section we explore the relationship between both runtime and In this section we explore the relationship between both runtime and
@ -227,84 +240,98 @@
</para> </para>
<para> <para>
A runtime dependency between 2 packages implies that between them both the A run time dependency between two packages requires that their host
host and target platforms match. This is directly implied by the meaning of platforms match. This is directly implied by the meaning of "host platform"
"host platform" and "runtime dependency": The package dependency exists and "runtime dependency": The package dependency exists while both packages
while both packages are running on a single host platform. are running on a single host platform.
</para> </para>
<para> <para>
A build time dependency, however, implies a shift in platforms between the A build time dependency, however, has a shift in platforms between the
depending package and the depended-on package. The meaning of a build time depending package and the depended-on package. "build time dependency"
dependency is that to build the depending package we need to be able to run means that to build the depending package we need to be able to run the
the depended-on's package. The depending package's build platform is depended-on's package. The depending package's build platform is therefore
therefore equal to the depended-on package's host platform. Analogously, equal to the depended-on package's host platform.
the depending package's host platform is equal to the depended-on package's
target platform.
</para> </para>
<para> <para>
In this manner, given the 3 platforms for one package, we can determine the If both the dependency and depending packages aren't compilers or other
three platforms for all its transitive dependencies. This is the most machine-code-producing tools, we're done. And indeed
important guiding principle behind cross-compilation with Nixpkgs, and will <varname>buildInputs</varname> and <varname>nativeBuildInputs</varname>
be called the <wordasword>sliding window principle</wordasword>. have covered these simpler build-time and run-time (respectively) changes
for many years. But if the dependency does produce machine code, we might
need to worry about its target platform too. In principle, that target
platform might be any of the depending package's build, host, or target
platforms, but we prohibit dependencies from a "later" platform to an
earlier platform to limit confusion because we've never seen a legitimate
use for them.
</para> </para>
<para> <para>
Some examples will make this clearer. If a package is being built with a Finally, if the depending package is a compiler or other
<literal>(build, host, target)</literal> platform triple of <literal>(foo, machine-code-producing tool, it might need dependencies that run at "emit
bar, bar)</literal>, then its build-time dependencies would have a triple time". This is for compilers that (regrettably) insist on being built
of <literal>(foo, foo, bar)</literal>, and <emphasis>those together with their source langauges' standard libraries. Assuming build !=
packages'</emphasis> build-time dependencies would have a triple of host != target, a run-time dependency of the standard library cannot be run
<literal>(foo, foo, foo)</literal>. In other words, it should take two at the compiler's build time or run time, but only at the run time of code
"rounds" of following build-time dependency edges before one reaches a emitted by the compiler.
fixed point where, by the sliding window principle, the platform triple no
longer changes. Indeed, this happens with cross-compilation, where only
rounds of native dependencies starting with the second necessarily coincide
with native packages.
</para> </para>
<note>
<para>
The depending package's target platform is unconstrained by the sliding
window principle, which makes sense in that one can in principle build
cross compilers targeting arbitrary platforms.
</para>
</note>
<para> <para>
How does this work in practice? Nixpkgs is now structured so that Putting this all together, that means we have dependencies in the form
build-time dependencies are taken from <varname>buildPackages</varname>, "host → target", in at most the following six combinations:
whereas run-time dependencies are taken from the top level attribute set. <table>
For example, <varname>buildPackages.gcc</varname> should be used at <caption>Possible dependency types</caption>
build-time, while <varname>gcc</varname> should be used at run-time. Now, <thead>
for most of Nixpkgs's history, there was no <tr>
<varname>buildPackages</varname>, and most packages have not been <th>Dependency's host platform</th>
refactored to use it explicitly. Instead, one can use the six <th>Dependency's target platform</th>
(<emphasis>gasp</emphasis>) attributes used for specifying dependencies as </tr>
documented in <xref linkend="ssec-stdenv-dependencies"/>. We "splice" </thead>
together the run-time and build-time package sets with <tbody>
<varname>callPackage</varname>, and then <varname>mkDerivation</varname> <tr>
for each of four attributes pulls the right derivation out. This splicing <td>build</td>
can be skipped when not cross-compiling as the package sets are the same, <td>build</td>
but is a bit slow for cross-compiling. Because of this, a </tr>
best-of-both-worlds solution is in the works with no splicing or explicit <tr>
access of <varname>buildPackages</varname> needed. For now, feel free to <td>build</td>
use either method. <td>host</td>
</tr>
<tr>
<td>build</td>
<td>target</td>
</tr>
<tr>
<td>host</td>
<td>host</td>
</tr>
<tr>
<td>host</td>
<td>target</td>
</tr>
<tr>
<td>target</td>
<td>target</td>
</tr>
</tbody>
</table>
</para> </para>
<note> <para>
<para> Some examples will make this table clearer. Suppose there's some package
There is also a "backlink" <varname>targetPackages</varname>, yielding a that is being built with a <literal>(build, host, target)</literal>
package set whose <varname>buildPackages</varname> is the current package platform triple of <literal>(foo, bar, baz)</literal>. If it has a
set. This is a hack, though, to accommodate compilers with lousy build build-time library dependency, that would be a "host → build" dependency
systems. Please do not use this unless you are absolutely sure you are with a triple of <literal>(foo, foo, *)</literal> (the target platform is
packaging such a compiler and there is no other way. irrelevant). If it needs a compiler to be built, that would be a "build →
</para> host" dependency with a triple of <literal>(foo, foo, *)</literal> (the
</note> target platform is irrelevant). That compiler, would be built with another
compiler, also "build → host" dependency, with a triple of <literal>(foo,
foo, foo)</literal>.
</para>
</section> </section>
<section xml:id="sec-cross-cookbook"> <section xml:id="ssec-cross-cookbook">
<title>Cross packaging cookbook</title> <title>Cross packaging cookbook</title>
<para> <para>
@ -450,21 +477,202 @@ nix-build &lt;nixpkgs&gt; --arg crossSystem '{ config = "&lt;arch&gt;-&lt;os&gt;
<section xml:id="sec-cross-infra"> <section xml:id="sec-cross-infra">
<title>Cross-compilation infrastructure</title> <title>Cross-compilation infrastructure</title>
<para> <section xml:id="ssec-cross-dependency-implementation">
To be written. <title>Implementation of dependencies</title>
</para>
<note>
<para> <para>
If one explores Nixpkgs, they will see derivations with names like The categorizes of dependencies developed in
<literal>gccCross</literal>. Such <literal>*Cross</literal> derivations is <xref
a holdover from before we properly distinguished between the host and linkend="ssec-cross-dependency-categorization"/> are specified as
target platforms—the derivation with "Cross" in the name covered the lists of derivations given to <varname>mkDerivation</varname>, as
<literal>build = host != target</literal> case, while the other covered the documented in <xref linkend="ssec-stdenv-dependencies"/>. In short,
<literal>host = target</literal>, with build platform the same or not based each list of dependencies for "host → target" of "foo → bar" is called
on whether one was using its <literal>.nativeDrv</literal> or <varname>depsFooBar</varname>, with exceptions for backwards
<literal>.crossDrv</literal>. This ugliness will disappear soon. compatibility that <varname>depsBuildHost</varname> is instead called
<varname>nativeBuildInputs</varname> and <varname>depsHostTarget</varname>
is instead called <varname>buildInputs</varname>. Nixpkgs is now structured
so that each <varname>depsFooBar</varname> is automatically taken from
<varname>pkgsFooBar</varname>. (These <varname>pkgsFooBar</varname>s are
quite new, so there is no special case for
<varname>nativeBuildInputs</varname> and <varname>buildInputs</varname>.)
For example, <varname>pkgsBuildHost.gcc</varname> should be used at
build-time, while <varname>pkgsHostTarget.gcc</varname> should be used at
run-time.
</para> </para>
</note>
<para>
Now, for most of Nixpkgs's history, there were no
<varname>pkgsFooBar</varname> attributes, and most packages have not been
refactored to use it explicitly. Prior to those, there were just
<varname>buildPackages</varname>, <varname>pkgs</varname>, and
<varname>targetPackages</varname>. Those are now redefined as aliases to
<varname>pkgsBuildHost</varname>, <varname>pkgsHostTarget</varname>, and
<varname>pkgsTargetTarget</varname>. It is acceptable, even
recommended, to use them for libraries to show that the host platform is
irrelevant.
</para>
<para>
But before that, there was just <varname>pkgs</varname>, even though both
<varname>buildInputs</varname> and <varname>nativeBuildInputs</varname>
existed. [Cross barely worked, and those were implemented with some hacks
on <varname>mkDerivation</varname> to override dependencies.] What this
means is the vast majority of packages do not use any explicit package set
to populate their dependencies, just using whatever
<varname>callPackage</varname> gives them even if they do correctly sort
their dependencies into the multiple lists described above. And indeed,
asking that users both sort their dependencies, <emphasis>and</emphasis>
take them from the right attribute set, is both too onerous and redundant,
so the recommended approach (for now) is to continue just categorizing by
list and not using an explicit package set.
</para>
<para>
To make this work, we "splice" together the six
<varname>pkgsFooBar</varname> package sets and have
<varname>callPackage</varname> actually take its arguments from that. This
is currently implemented in <filename>pkgs/top-level/splice.nix</filename>.
<varname>mkDerivation</varname> then, for each dependency attribute, pulls
the right derivation out from the splice. This splicing can be skipped when
not cross-compiling as the package sets are the same, but still is a bit
slow for cross-compiling. We'd like to do something better, but haven't
come up with anything yet.
</para>
</section>
<section xml:id="ssec-bootstrapping">
<title>Bootstrapping</title>
<para>
Each of the package sets described above come from a single bootstrapping
stage. While <filename>pkgs/top-level/default.nix</filename>, coordinates
the composition of stages at a high level,
<filename>pkgs/top-level/stage.nix</filename> "ties the knot" (creates the
fixed point) of each stage. The package sets are defined per-stage however,
so they can be thought of as edges between stages (the nodes) in a graph.
Compositions like <literal>pkgsBuildTarget.targetPackages</literal> can be
thought of as paths to this graph.
</para>
<para>
While there are many package sets, and thus many edges, the stages can also
be arranged in a linear chain. In other words, many of the edges are
redundant as far as connectivity is concerned. This hinges on the type of
bootstrapping we do. Currently for cross it is:
<orderedlist>
<listitem>
<para>
<literal>(native, native, native)</literal>
</para>
</listitem>
<listitem>
<para>
<literal>(native, native, foreign)</literal>
</para>
</listitem>
<listitem>
<para>
<literal>(native, foreign, foreign)</literal>
</para>
</listitem>
</orderedlist>
In each stage, <varname>pkgsBuildHost</varname> refers the the previous
stage, <varname>pkgsBuildBuild</varname> refers to the one before that, and
<varname>pkgsHostTarget</varname> refers to the current one, and
<varname>pkgsTargetTarget</varname> refers to the next one. When there is
no previous or next stage, they instead refer to the current stage. Note
how all the invariants regarding the mapping between dependency and depending
packages' build host and target platforms are preserved.
<varname>pkgsBuildTarget</varname> and <varname>pkgsHostHost</varname> are
more complex in that the stage fitting the requirements isn't always a
fixed chain of "prevs" and "nexts" away (modulo the "saturating"
self-references at the ends). We just special case each instead. All the primary
edges are implemented is in <filename>pkgs/stdenv/booter.nix</filename>,
and secondarily aliases in <filename>pkgs/top-level/stage.nix</filename>.
</para>
<note>
<para>
Note the native stages are bootstrapped in legacy ways that predate the
current cross implementation. This is why the the bootstrapping stages
leading up to the final stages are ignored inthe previous paragraph.
</para>
</note>
<para>
If one looks at the 3 platform triples, one can see that they overlap such
that one could put them together into a chain like:
<programlisting>
(native, native, native, foreign, foreign)
</programlisting>
If one imagines the saturating self references at the end being replaced
with infinite stages, and then overlays those platform triples, one ends up
with the infinite tuple:
<programlisting>
(native..., native, native, native, foreign, foreign, foreign...)
</programlisting>
On can then imagine any sequence of platforms such that there are bootstrap
stages with their 3 platforms determined by "sliding a window" that is the
3 tuple through the sequence. This was the original model for
bootstrapping. Without a target platform (assume a better world where all
compilers are multi-target and all standard libraries are built in their
own derivation), this is sufficient. Conversely if one wishes to cross
compile "faster", with a "Canadian Cross" bootstraping stage where
<literal>build != host != target</literal>, more bootstrapping stages are
needed since no sliding window providess the pesky
<varname>pkgsBuildTarget</varname> package set since it skips the Canadian
cross stage's "host".
</para>
<note>
<para>
It is much better to refer to <varname>buildPackages</varname> than
<varname>targetPackages</varname>, or more broadly package sets that do
not mention "target". There are three reasons for this.
</para>
<para>
First, it is because bootstrapping stages do not have a unique
<varname>targetPackages</varname>. For example a <literal>(x86-linux,
x86-linux, arm-linux)</literal> and <literal>(x86-linux, x86-linux,
x86-windows)</literal> package set both have a <literal>(x86-linux,
x86-linux, x86-linux)</literal> package set. Because there is no canonical
<varname>targetPackages</varname> for such a native (<literal>build ==
host == target</literal>) package set, we set their
<varname>targetPackages</varname>
</para>
<para>
Second, it is because this is a frequent source of hard-to-follow
"infinite recursions" / cycles. When only package sets that don't mention
target are used, the package set forms a directed acyclic graph. This
means that all cycles that exist are confined to one stage. This means
they are a lot smaller, and easier to follow in the code or a backtrace. It
also means they are present in native and cross builds alike, and so more
likely to be caught by CI and other users.
</para>
<para>
Thirdly, it is because everything target-mentioning only exists to
accommodate compilers with lousy build systems that insist on the compiler
itself and standard library being built together. Of course that is bad
because bigger derivations means longer rebuilds. It is also problematic because
it tends to make the standard libraries less like other libraries than
they could be, complicating code and build systems alike. Because of the
other problems, and because of these innate disadvantages, compilers ought
to be packaged another way where possible.
</para>
</note>
<note>
<para>
If one explores Nixpkgs, they will see derivations with names like
<literal>gccCross</literal>. Such <literal>*Cross</literal> derivations is
a holdover from before we properly distinguished between the host and
target platforms—the derivation with "Cross" in the name covered the
<literal>build = host != target</literal> case, while the other covered
the <literal>host = target</literal>, with build platform the same or not
based on whether one was using its <literal>.nativeDrv</literal> or
<literal>.crossDrv</literal>. This ugliness will disappear soon.
</para>
</note>
</section>
</section> </section>
</chapter> </chapter>

23
doc/functions/dockertools.xml
View File

@ -417,10 +417,11 @@ pkgs.dockerTools.buildLayeredImage {
pullImage { pullImage {
imageName = "nixos/nix"; <co xml:id='ex-dockerTools-pullImage-1' /> imageName = "nixos/nix"; <co xml:id='ex-dockerTools-pullImage-1' />
imageDigest = "sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b"; <co xml:id='ex-dockerTools-pullImage-2' /> imageDigest = "sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b"; <co xml:id='ex-dockerTools-pullImage-2' />
finalImageTag = "1.11"; <co xml:id='ex-dockerTools-pullImage-3' /> finalImageName = "nix"; <co xml:id='ex-dockerTools-pullImage-3' />
sha256 = "0mqjy3zq2v6rrhizgb9nvhczl87lcfphq9601wcprdika2jz7qh8"; <co xml:id='ex-dockerTools-pullImage-4' /> finalImageTag = "1.11"; <co xml:id='ex-dockerTools-pullImage-4' />
os = "linux"; <co xml:id='ex-dockerTools-pullImage-5' /> sha256 = "0mqjy3zq2v6rrhizgb9nvhczl87lcfphq9601wcprdika2jz7qh8"; <co xml:id='ex-dockerTools-pullImage-5' />
arch = "x86_64"; <co xml:id='ex-dockerTools-pullImage-6' /> os = "linux"; <co xml:id='ex-dockerTools-pullImage-6' />
arch = "x86_64"; <co xml:id='ex-dockerTools-pullImage-7' />
} }
</programlisting> </programlisting>
</example> </example>
@ -451,6 +452,14 @@ sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b
</para> </para>
</callout> </callout>
<callout arearefs='ex-dockerTools-pullImage-3'> <callout arearefs='ex-dockerTools-pullImage-3'>
<para>
<varname>finalImageName</varname>, if specified, this is the name of the
image to be created. Note it is never used to fetch the image since we
prefer to rely on the immutable digest ID. By default it's equal to
<varname>imageName</varname>.
</para>
</callout>
<callout arearefs='ex-dockerTools-pullImage-4'>
<para> <para>
<varname>finalImageTag</varname>, if specified, this is the tag of the <varname>finalImageTag</varname>, if specified, this is the tag of the
image to be created. Note it is never used to fetch the image since we image to be created. Note it is never used to fetch the image since we
@ -458,19 +467,19 @@ sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b
<literal>latest</literal>. <literal>latest</literal>.
</para> </para>
</callout> </callout>
<callout arearefs='ex-dockerTools-pullImage-4'> <callout arearefs='ex-dockerTools-pullImage-5'>
<para> <para>
<varname>sha256</varname> is the checksum of the whole fetched image. This <varname>sha256</varname> is the checksum of the whole fetched image. This
argument is required. argument is required.
</para> </para>
</callout> </callout>
<callout arearefs='ex-dockerTools-pullImage-5'> <callout arearefs='ex-dockerTools-pullImage-6'>
<para> <para>
<varname>os</varname>, if specified, is the operating system of the <varname>os</varname>, if specified, is the operating system of the
fetched image. By default it's <literal>linux</literal>. fetched image. By default it's <literal>linux</literal>.
</para> </para>
</callout> </callout>
<callout arearefs='ex-dockerTools-pullImage-6'> <callout arearefs='ex-dockerTools-pullImage-7'>
<para> <para>
<varname>arch</varname>, if specified, is the cpu architecture of the <varname>arch</varname>, if specified, is the cpu architecture of the
fetched image. By default it's <literal>x86_64</literal>. fetched image. By default it's <literal>x86_64</literal>.

7
doc/multiple-output.xml
View File

@ -101,6 +101,13 @@
contain <varname>$outputBin</varname> and <varname>$outputLib</varname> are contain <varname>$outputBin</varname> and <varname>$outputLib</varname> are
also added. (See <xref linkend="multiple-output-file-type-groups" />.) also added. (See <xref linkend="multiple-output-file-type-groups" />.)
</para> </para>
<para>
In some cases it may be desirable to combine different outputs under a
single store path. A function <literal>symlinkJoin</literal> can be used to
do this. (Note that it may negate some closure size benefits of using a
multiple-output package.)
</para>
</section> </section>
<section xml:id="sec-multiple-outputs-"> <section xml:id="sec-multiple-outputs-">
<title>Writing a split derivation</title> <title>Writing a split derivation</title>

27
doc/package-notes.xml
View File

@ -883,6 +883,33 @@ citrix_receiver.override {
On NixOS it can be installed using the following expression: On NixOS it can be installed using the following expression:
<programlisting>{ pkgs, ... }: { <programlisting>{ pkgs, ... }: {
fonts.fonts = with pkgs; [ noto-fonts-emoji ]; fonts.fonts = with pkgs; [ noto-fonts-emoji ];
}</programlisting>
</para>
</section>
</section>
<section xml:id="dlib">
<title>DLib</title>
<para>
<link xlink:href="http://dlib.net/">DLib</link> is a modern, C++-based toolkit which
provides several machine learning algorithms.
</para>
<section xml:id="compiling-without-avx-support">
<title>Compiling without AVX support</title>
<para>
Especially older CPUs don't support
<link xlink:href="https://en.wikipedia.org/wiki/Advanced_Vector_Extensions">AVX</link>
(<abbrev>Advanced Vector Extensions</abbrev>) instructions that are used by DLib to
optimize their algorithms.
</para>
<para>
On the affected hardware errors like <literal>Illegal instruction</literal> will occur.
In those cases AVX support needs to be disabled:
<programlisting>self: super: {
dlib = super.dlib.override { avxSupport = false; };
}</programlisting> }</programlisting>
</para> </para>
</section> </section>

3
doc/reviewing-contributions.xml
View File

@ -189,7 +189,8 @@ $ git rebase --onto nixos-unstable BASEBRANCH FETCH_HEAD <co
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The <link xlink:href="https://github.com/Mic92/nix-review">nix-review</link> The
<link xlink:href="https://github.com/Mic92/nix-review">nix-review</link>
tool can be used to review a pull request content in a single command. tool can be used to review a pull request content in a single command.
<varname>PRNUMBER</varname> should be replaced by the number at the end <varname>PRNUMBER</varname> should be replaced by the number at the end
of the pull request title. You can also provide the full github pull of the pull request title. You can also provide the full github pull

41
doc/stdenv.xml
View File

@ -222,9 +222,10 @@ genericBuild
</footnote> </footnote>
But even if one is not cross compiling, the platforms imply whether or not But even if one is not cross compiling, the platforms imply whether or not
the dependency is needed at run-time or build-time, a concept that makes the dependency is needed at run-time or build-time, a concept that makes
perfect sense outside of cross compilation. For now, the run-time/build-time perfect sense outside of cross compilation. By default, the
distinction is just a hint for mental clarity, but in the future it perhaps run-time/build-time distinction is just a hint for mental clarity, but with
could be enforced. <varname>strictDeps</varname> set it is mostly enforced even in the native
case.
</para> </para>
<para> <para>
@ -348,7 +349,10 @@ let f(h, h + 1, i) = i + h
<para> <para>
Overall, the unifying theme here is that propagation shouldn't be Overall, the unifying theme here is that propagation shouldn't be
introducing transitive dependencies involving platforms the depending introducing transitive dependencies involving platforms the depending
package is unaware of. The offset bounds checking and definition of package is unaware of. [One can imagine the dependending package asking for
dependencies with the platforms it knows about; other platforms it doesn't
know how to ask for. The platform description in that scenario is a kind of
unforagable capability.] The offset bounds checking and definition of
<function>mapOffset</function> together ensure that this is the case. <function>mapOffset</function> together ensure that this is the case.
Discovering a new offset is discovering a new platform, and since those Discovering a new offset is discovering a new platform, and since those
platforms weren't in the derivation "spec" of the needing package, they platforms weren't in the derivation "spec" of the needing package, they
@ -2633,21 +2637,20 @@ addEnvHooks "$hostOffset" myBashFunction
happens. It prevents nix from cleaning up the build environment happens. It prevents nix from cleaning up the build environment
immediately and allows the user to attach to a build environment using immediately and allows the user to attach to a build environment using
the <command>cntr</command> command. Upon build error it will print the <command>cntr</command> command. Upon build error it will print
instructions on how to use <command>cntr</command>, which can be used instructions on how to use <command>cntr</command>, which can be used to
to enter the environment for debugging. Installing cntr and enter the environment for debugging. Installing cntr and running the
running the command will provide shell access to the build sandbox of command will provide shell access to the build sandbox of failed build.
failed build. At <filename>/var/lib/cntr</filename> the sandboxed At <filename>/var/lib/cntr</filename> the sandboxed filesystem is
filesystem is mounted. All commands and files of the system are still mounted. All commands and files of the system are still accessible
accessible within the shell. To execute commands from the sandbox use within the shell. To execute commands from the sandbox use the cntr exec
the cntr exec subcommand. Note that <command>cntr</command> also needs subcommand. Note that <command>cntr</command> also needs to be executed
to be executed on the machine that is doing the build, which might not on the machine that is doing the build, which might not be the case when
be the case when remote builders are enabled. <command>cntr</command> is remote builders are enabled. <command>cntr</command> is only supported
only supported on Linux-based platforms. To use it first add on Linux-based platforms. To use it first add <literal>cntr</literal> to
<literal>cntr</literal> to your your <literal>environment.systemPackages</literal> on NixOS or
<literal>environment.systemPackages</literal> on NixOS or alternatively alternatively to the root user on non-NixOS systems. Then in the package
to the root user on non-NixOS systems. Then in the package that is that is supposed to be inspected, add <literal>breakpointHook</literal>
supposed to be inspected, add <literal>breakpointHook</literal> to to <literal>nativeBuildInputs</literal>.
<literal>nativeBuildInputs</literal>.
<programlisting> <programlisting>
nativeBuildInputs = [ breakpointHook ]; nativeBuildInputs = [ breakpointHook ];
</programlisting> </programlisting>

19
doc/submitting-changes.xml
View File

@ -354,23 +354,22 @@ Additional information.
<title>Tested compilation of all pkgs that depend on this change using <command>nix-review</command></title> <title>Tested compilation of all pkgs that depend on this change using <command>nix-review</command></title>
<para> <para>
If you are updating a package's version, you can use nix-review to make sure all If you are updating a package's version, you can use nix-review to make
packages that depend on the updated package still compile correctly. sure all packages that depend on the updated package still compile
The <command>nix-review</command> utility can look for and build all dependencies correctly. The <command>nix-review</command> utility can look for and build
either based on uncommited changes with the <literal>wip</literal> option or all dependencies either based on uncommited changes with the
specifying a github pull request number. <literal>wip</literal> option or specifying a github pull request number.
</para> </para>
<para> <para>
review changes from pull request number 12345: review changes from pull request number 12345:
<screen>nix-shell -p nix-review --run "nix-review pr 12345"</screen> <screen>nix-shell -p nix-review --run "nix-review pr 12345"</screen>
</para> </para>
<para> <para>
review uncommitted changes: review uncommitted changes:
<screen>nix-shell -p nix-review --run "nix-review wip"</screen> <screen>nix-shell -p nix-review --run "nix-review wip"</screen>
</para> </para>
</section> </section>
<section xml:id="submitting-changes-tested-execution"> <section xml:id="submitting-changes-tested-execution">

2
lib/lists.nix
View File

@ -7,7 +7,7 @@ let
in in
rec { rec {
inherit (builtins) head tail length isList elemAt concatLists filter elem genList; inherit (builtins) head tail length isList elemAt concatLists filter elem genList map;
/* Create a list consisting of a single element. `singleton x` is /* Create a list consisting of a single element. `singleton x` is
sometimes more convenient with respect to indentation than `[x]` sometimes more convenient with respect to indentation than `[x]`

1
lib/systems/default.nix
View File

@ -34,6 +34,7 @@ rec {
else if final.isUClibc then "uclibc" else if final.isUClibc then "uclibc"
else if final.isAndroid then "bionic" else if final.isAndroid then "bionic"
else if final.isLinux /* default */ then "glibc" else if final.isLinux /* default */ then "glibc"
else if final.isMsp430 then "newlib"
else if final.isAvr then "avrlibc" else if final.isAvr then "avrlibc"
else if final.isNetBSD then "nblibc" else if final.isNetBSD then "nblibc"
# TODO(@Ericson2314) think more about other operating systems # TODO(@Ericson2314) think more about other operating systems

5
lib/systems/examples.nix
View File

@ -102,6 +102,11 @@ rec {
riscv64 = riscv "64"; riscv64 = riscv "64";
riscv32 = riscv "32"; riscv32 = riscv "32";
msp430 = {
config = "msp430-elf";
libc = "newlib";
};
avr = { avr = {
config = "avr"; config = "avr";
}; };

1
lib/systems/inspect.nix
View File

@ -20,6 +20,7 @@ rec {
isRiscV = { cpu = { family = "riscv"; }; }; isRiscV = { cpu = { family = "riscv"; }; };
isSparc = { cpu = { family = "sparc"; }; }; isSparc = { cpu = { family = "sparc"; }; };
isWasm = { cpu = { family = "wasm"; }; }; isWasm = { cpu = { family = "wasm"; }; };
isMsp430 = { cpu = { family = "msp430"; }; };
isAvr = { cpu = { family = "avr"; }; }; isAvr = { cpu = { family = "avr"; }; };
isAlpha = { cpu = { family = "alpha"; }; }; isAlpha = { cpu = { family = "alpha"; }; };

1
lib/systems/parse.nix
View File

@ -109,6 +109,7 @@ rec {
alpha = { bits = 64; significantByte = littleEndian; family = "alpha"; }; alpha = { bits = 64; significantByte = littleEndian; family = "alpha"; };
msp430 = { bits = 16; significantByte = littleEndian; family = "msp430"; };
avr = { bits = 8; family = "avr"; }; avr = { bits = 8; family = "avr"; };
}; };

15
maintainers/maintainer-list.nix
View File

@ -147,6 +147,11 @@
github = "aepsil0n"; github = "aepsil0n";
name = "Eduard Bopp"; name = "Eduard Bopp";
}; };
aerialx = {
email = "aaron+nixos@aaronlindsay.com";
github = "AerialX";
name = "Aaron Lindsay";
};
aespinosa = { aespinosa = {
email = "allan.espinosa@outlook.com"; email = "allan.espinosa@outlook.com";
github = "aespinosa"; github = "aespinosa";
@ -335,6 +340,11 @@
github = "andrew-d"; github = "andrew-d";
name = "Andrew Dunham"; name = "Andrew Dunham";
}; };
andrewchambers = {
email = "ac@acha.ninja";
github = "andrewchambers";
name = "Andrew Chambers";
};
andrewrk = { andrewrk = {
email = "superjoe30@gmail.com"; email = "superjoe30@gmail.com";
github = "andrewrk"; github = "andrewrk";
@ -5391,4 +5401,9 @@
github = "minijackson"; github = "minijackson";
name = "Rémi Nicole"; name = "Rémi Nicole";
}; };
shazow = {
email = "andrey.petrov@shazow.net";
github = "shazow";
name = "Andrey Petrov";
};
} }

9
maintainers/scripts/fetch-kde-qt.sh
View File

@ -14,12 +14,13 @@ fi
tmp=$(mktemp -d) tmp=$(mktemp -d)
pushd $tmp >/dev/null pushd $tmp >/dev/null
wget -nH -r -c --no-parent "${WGET_ARGS[@]}" >/dev/null wget -nH -r -c --no-parent "${WGET_ARGS[@]}" -A '*.tar.xz.sha256' -A '*.mirrorlist' >/dev/null
find -type f -name '*.mirrorlist' -delete
csv=$(mktemp) csv=$(mktemp)
find . -type f | while read src; do find . -type f | while read src; do
# Sanitize file name # Sanitize file name
filename=$(basename "$src" | tr '@' '_') filename=$(gawk '{ print $2 }' "$src" | tr '@' '_')
nameVersion="${filename%.tar.*}" nameVersion="${filename%.tar.*}"
name=$(echo "$nameVersion" | sed -e 's,-[[:digit:]].*,,' | sed -e 's,-opensource-src$,,' | sed -e 's,-everywhere-src$,,') name=$(echo "$nameVersion" | sed -e 's,-[[:digit:]].*,,' | sed -e 's,-opensource-src$,,' | sed -e 's,-everywhere-src$,,')
version=$(echo "$nameVersion" | sed -e 's,^\([[:alpha:]][[:alnum:]]*-\)\+,,') version=$(echo "$nameVersion" | sed -e 's,^\([[:alpha:]][[:alnum:]]*-\)\+,,')
@ -38,8 +39,8 @@ gawk -F , "{ print \$1 }" $csv | sort | uniq | while read name; do
latestVersion=$(echo "$versions" | sort -rV | head -n 1) latestVersion=$(echo "$versions" | sort -rV | head -n 1)
src=$(gawk -F , "/^$name,$latestVersion,/ { print \$3 }" $csv) src=$(gawk -F , "/^$name,$latestVersion,/ { print \$3 }" $csv)
filename=$(gawk -F , "/^$name,$latestVersion,/ { print \$4 }" $csv) filename=$(gawk -F , "/^$name,$latestVersion,/ { print \$4 }" $csv)
url="${src:2}" url="$(dirname "${src:2}")/$filename"
sha256=$(nix-hash --type sha256 --base32 --flat "$src") sha256=$(gawk '{ print $1 }' "$src")
cat >>"$SRCS" <<EOF cat >>"$SRCS" <<EOF
$name = { $name = {
version = "$latestVersion"; version = "$latestVersion";

9
nixos/doc/manual/configuration/declarative-packages.xml
View File

@ -27,8 +27,13 @@ nixos.firefox firefox-23.0 Mozilla Firefox - the browser, reloaded
<replaceable>...</replaceable> <replaceable>...</replaceable>
</screen> </screen>
The first column in the output is the <emphasis>attribute name</emphasis>, The first column in the output is the <emphasis>attribute name</emphasis>,
such as <literal>nixos.thunderbird</literal>. (The <literal>nixos</literal> such as <literal>nixos.thunderbird</literal>.
prefix allows distinguishing between different channels that you might have.) </para>
<para>
Note: the <literal>nixos</literal> prefix tells us that we want to get the
package from the <literal>nixos</literal> channel and works only in CLI tools.
In declarative configuration use <literal>pkgs</literal> prefix (variable).
</para> </para>
<para> <para>

18
nixos/doc/manual/release-notes/rl-1903.xml
View File

@ -68,6 +68,17 @@
<xref linkend="sec-kubernetes"/> for details. <xref linkend="sec-kubernetes"/> for details.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
There is now a set of <option>confinement</option> options for
<option>systemd.services</option>, which allows to restrict services
into a <citerefentry>
<refentrytitle>chroot</refentrytitle>
<manvolnum>2</manvolnum>
</citerefentry>ed environment that only contains the store paths from
the runtime closure of the service.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
@ -516,6 +527,13 @@
Graylog</link> for details. Graylog</link> for details.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The option <literal>users.ldap.bind.password</literal> was renamed to <literal>users.ldap.bind.passwordFile</literal>,
and needs to be readable by the <literal>nslcd</literal> user.
Same applies to the new <literal>users.ldap.daemon.rootpwmodpwFile</literal> option.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>

43
nixos/doc/manual/release-notes/rl-1909.xml
View File

@ -42,6 +42,39 @@
</itemizedlist> </itemizedlist>
</section> </section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-19.09-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the following
incompatible changes:
</para>
<itemizedlist>
<listitem>
<para>
Buildbot no longer supports Python 2, as support was dropped upstream in
version 2.0.0. Configurations may need to be modified to make them
compatible with Python 3.
</para>
</listitem>
<listitem>
<para>
PostgreSQL now uses
<filename class="directory">/run/postgresql</filename> as its socket
directory instead of <filename class="directory">/tmp</filename>. So
if you run an application like eg. Nextcloud, where you need to use
the Unix socket path as the database host name, you need to change it
accordingly.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
@ -66,6 +99,16 @@
and fix all the bugs it uncovers. and fix all the bugs it uncovers.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>vlc</literal> package gained support for Chromecast
streaming, enabled by default. TCP port 8010 must be open for it to work,
so something like <literal>networking.firewall.allowedTCPPorts = [ 8010
];</literal> may be required in your configuration. Also consider enabling
<link xlink:href="https://nixos.wiki/wiki/Accelerated_Video_Playback">
Accelerated Video Playback</link> for better transcoding performance.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
</section> </section>

87
nixos/modules/config/ldap.nix
View File

@ -27,25 +27,29 @@ let
''; '';
}; };
nslcdConfig = { nslcdConfig = writeText "nslcd.conf" ''
target = "nslcd.conf"; uid nslcd
source = writeText "nslcd.conf" '' gid nslcd
uid nslcd uri ${cfg.server}
gid nslcd base ${cfg.base}
uri ${cfg.server} timelimit ${toString cfg.timeLimit}
base ${cfg.base} bind_timelimit ${toString cfg.bind.timeLimit}
timelimit ${toString cfg.timeLimit} ${optionalString (cfg.bind.distinguishedName != "")
bind_timelimit ${toString cfg.bind.timeLimit} "binddn ${cfg.bind.distinguishedName}" }
${optionalString (cfg.bind.distinguishedName != "") ${optionalString (cfg.daemon.rootpwmoddn != "")
"binddn ${cfg.bind.distinguishedName}" } "rootpwmoddn ${cfg.daemon.rootpwmoddn}" }
${optionalString (cfg.daemon.rootpwmoddn != "") ${optionalString (cfg.daemon.extraConfig != "") cfg.daemon.extraConfig }
"rootpwmoddn ${cfg.daemon.rootpwmoddn}" } '';
${optionalString (cfg.daemon.extraConfig != "") cfg.daemon.extraConfig }
'';
};
insertLdapPassword = !config.users.ldap.daemon.enable && # nslcd normally reads configuration from /etc/nslcd.conf.
config.users.ldap.bind.distinguishedName != ""; # this file might contain secrets. We append those at runtime,
# so redirect its location to something more temporary.
nslcdWrapped = runCommandNoCC "nslcd-wrapped" { nativeBuildInputs = [ makeWrapper ]; } ''
mkdir -p $out/bin
makeWrapper ${nss_pam_ldapd}/sbin/nslcd $out/bin/nslcd \
--set LD_PRELOAD "${pkgs.libredirect}/lib/libredirect.so" \
--set NIX_REDIRECTS "/etc/nslcd.conf=/run/nslcd/nslcd.conf"
'';
in in
@ -139,13 +143,13 @@ in
''; '';
}; };
rootpwmodpw = mkOption { rootpwmodpwFile = mkOption {
default = ""; default = "";
example = "/run/keys/nslcd.rootpwmodpw"; example = "/run/keys/nslcd.rootpwmodpw";
type = types.str; type = types.str;
description = '' description = ''
The path to a file containing the credentials with which The path to a file containing the credentials with which to bind to
to bind to the LDAP server if the root user tries to change a user's password the LDAP server if the root user tries to change a user's password.
''; '';
}; };
}; };
@ -161,7 +165,7 @@ in
''; '';
}; };
password = mkOption { passwordFile = mkOption {
default = "/etc/ldap/bind.password"; default = "/etc/ldap/bind.password";
type = types.str; type = types.str;
description = '' description = ''
@ -220,14 +224,14 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.etc = if cfg.daemon.enable then [nslcdConfig] else [ldapConfig]; environment.etc = optional (!cfg.daemon.enable) ldapConfig;
system.activationScripts = mkIf insertLdapPassword { system.activationScripts = mkIf (!cfg.daemon.enable) {
ldap = stringAfter [ "etc" "groups" "users" ] '' ldap = stringAfter [ "etc" "groups" "users" ] ''
if test -f "${cfg.bind.password}" ; then if test -f "${cfg.bind.passwordFile}" ; then
umask 0077 umask 0077
conf="$(mktemp)" conf="$(mktemp)"
printf 'bindpw %s\n' "$(cat ${cfg.bind.password})" | printf 'bindpw %s\n' "$(cat ${cfg.bind.passwordFile})" |
cat ${ldapConfig.source} - >"$conf" cat ${ldapConfig.source} - >"$conf"
mv -fT "$conf" /etc/ldap.conf mv -fT "$conf" /etc/ldap.conf
fi fi
@ -251,7 +255,6 @@ in
}; };
systemd.services = mkIf cfg.daemon.enable { systemd.services = mkIf cfg.daemon.enable {
nslcd = { nslcd = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -259,32 +262,32 @@ in
umask 0077 umask 0077
conf="$(mktemp)" conf="$(mktemp)"
{ {
cat ${nslcdConfig.source} cat ${nslcdConfig}
test -z '${cfg.bind.distinguishedName}' -o ! -f '${cfg.bind.password}' || test -z '${cfg.bind.distinguishedName}' -o ! -f '${cfg.bind.passwordFile}' ||
printf 'bindpw %s\n' "$(cat '${cfg.bind.password}')" printf 'bindpw %s\n' "$(cat '${cfg.bind.passwordFile}')"
test -z '${cfg.daemon.rootpwmoddn}' -o ! -f '${cfg.daemon.rootpwmodpw}' || test -z '${cfg.daemon.rootpwmoddn}' -o ! -f '${cfg.daemon.rootpwmodpwFile}' ||
printf 'rootpwmodpw %s\n' "$(cat '${cfg.daemon.rootpwmodpw}')" printf 'rootpwmodpw %s\n' "$(cat '${cfg.daemon.rootpwmodpwFile}')"
} >"$conf" } >"$conf"
mv -fT "$conf" /etc/nslcd.conf mv -fT "$conf" /run/nslcd/nslcd.conf
''; '';
restartTriggers = [ "/run/nslcd/nslcd.conf" ];
# NOTE: because one cannot pass a custom config path to `nslcd`
# (which is only able to use `/etc/nslcd.conf`)
# changes in `nslcdConfig` won't change `serviceConfig`,
# and thus won't restart `nslcd`.
# Therefore `restartTriggers` is used on `/etc/nslcd.conf`.
restartTriggers = [ nslcdConfig.source ];
serviceConfig = { serviceConfig = {
ExecStart = "${nss_pam_ldapd}/sbin/nslcd"; ExecStart = "${nslcdWrapped}/bin/nslcd";
Type = "forking"; Type = "forking";
PIDFile = "/run/nslcd/nslcd.pid";
Restart = "always"; Restart = "always";
User = "nslcd";
Group = "nslcd";
RuntimeDirectory = [ "nslcd" ]; RuntimeDirectory = [ "nslcd" ];
PIDFile = "/run/nslcd/nslcd.pid";
}; };
}; };
}; };
}; };
imports =
[ (mkRenamedOptionModule [ "users" "ldap" "bind" "password"] [ "users" "ldap" "bind" "passwordFile"])
];
} }

2
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -88,7 +88,7 @@ let
# result in incorrect boot entries. # result in incorrect boot entries.
baseIsolinuxCfg = '' baseIsolinuxCfg = ''
SERIAL 0 38400 SERIAL 0 115200
TIMEOUT ${builtins.toString syslinuxTimeout} TIMEOUT ${builtins.toString syslinuxTimeout}
UI vesamenu.c32 UI vesamenu.c32
MENU TITLE NixOS MENU TITLE NixOS

4
nixos/modules/module-list.nix
View File

@ -172,6 +172,7 @@
./security/rtkit.nix ./security/rtkit.nix
./security/wrappers/default.nix ./security/wrappers/default.nix
./security/sudo.nix ./security/sudo.nix
./security/systemd-confinement.nix
./services/admin/oxidized.nix ./services/admin/oxidized.nix
./services/admin/salt/master.nix ./services/admin/salt/master.nix
./services/admin/salt/minion.nix ./services/admin/salt/minion.nix
@ -349,6 +350,7 @@
./services/mail/exim.nix ./services/mail/exim.nix
./services/mail/freepops.nix ./services/mail/freepops.nix
./services/mail/mail.nix ./services/mail/mail.nix
./services/mail/mailcatcher.nix
./services/mail/mailhog.nix ./services/mail/mailhog.nix
./services/mail/mlmmj.nix ./services/mail/mlmmj.nix
./services/mail/offlineimap.nix ./services/mail/offlineimap.nix
@ -630,6 +632,7 @@
./services/networking/prosody.nix ./services/networking/prosody.nix
./services/networking/quagga.nix ./services/networking/quagga.nix
./services/networking/quassel.nix ./services/networking/quassel.nix
./services/networking/quicktun.nix
./services/networking/racoon.nix ./services/networking/racoon.nix
./services/networking/radicale.nix ./services/networking/radicale.nix
./services/networking/radvd.nix ./services/networking/radvd.nix
@ -880,6 +883,7 @@
./virtualisation/container-config.nix ./virtualisation/container-config.nix
./virtualisation/containers.nix ./virtualisation/containers.nix
./virtualisation/docker.nix ./virtualisation/docker.nix
./virtualisation/docker-containers.nix
./virtualisation/ecs-agent.nix ./virtualisation/ecs-agent.nix
./virtualisation/libvirtd.nix ./virtualisation/libvirtd.nix
./virtualisation/lxc.nix ./virtualisation/lxc.nix

33
nixos/modules/programs/browserpass.nix
View File

@ -4,15 +4,34 @@ with lib;
{ {
###### interface options.programs.browserpass.enable = mkEnableOption "Browserpass native messaging host";
options = {
programs.browserpass.enable = mkEnableOption "the NativeMessaging configuration for Chromium, Chrome, and Vivaldi.";
};
###### implementation
config = mkIf config.programs.browserpass.enable { config = mkIf config.programs.browserpass.enable {
environment.systemPackages = [ pkgs.browserpass ]; environment.etc = let
environment.etc = { appId = "com.github.browserpass.native.json";
source = part: "${pkgs.browserpass}/lib/browserpass/${part}/${appId}";
in {
# chromium
"chromium/native-messaging-hosts/${appId}".source = source "hosts/chromium";
"chromium/policies/managed/${appId}".source = source "policies/chromium";
# chrome
"opt/chrome/native-messaging-hosts/${appId}".source = source "hosts/chromium";
"opt/chrome/policies/managed/${appId}".source = source "policies/chromium";
# vivaldi
"opt/vivaldi/native-messaging-hosts/${appId}".source = source "hosts/chromium";
"opt/vivaldi/policies/managed/${appId}".source = source "policies/chromium";
# brave
"opt/brave/native-messaging-hosts/${appId}".source = source "hosts/chromium";
"opt/brave/policies/managed/${appId}".source = source "policies/chromium";
}
# As with the v2 backwards compatibility in the pkgs.browserpass
# declaration, this part can be removed once the browser extension
# auto-updates to v3 (planned 2019-04-13, see
# https://github.com/browserpass/browserpass-native/issues/31)
// {
"chromium/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json"; "chromium/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json";
"chromium/policies/managed/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-policy.json"; "chromium/policies/managed/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-policy.json";
"opt/chrome/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json"; "opt/chrome/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json";

74
nixos/modules/rename.nix
View File

@ -4,26 +4,12 @@ with lib;
{ {
imports = [ imports = [
# !!! These were renamed the other way, but got reverted later.
# !!! Drop these before 18.09 is released.
(mkRenamedOptionModule [ "system" "nixos" "stateVersion" ] [ "system" "stateVersion" ])
(mkRenamedOptionModule [ "system" "nixos" "defaultChannel" ] [ "system" "defaultChannel" ])
(mkRenamedOptionModule [ "environment" "x11Packages" ] [ "environment" "systemPackages" ])
(mkRenamedOptionModule [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ])
(mkRenamedOptionModule [ "environment" "nix" ] [ "nix" "package" ])
(mkRenamedOptionModule [ "fonts" "enableFontConfig" ] [ "fonts" "fontconfig" "enable" ])
(mkRenamedOptionModule [ "fonts" "extraFonts" ] [ "fonts" "fonts" ])
(mkRenamedOptionModule [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ])
(mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "hardware" "enableRedistributableFirmware" ]) (mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel3945ABGFirmware" ] [ "hardware" "enableRedistributableFirmware" ]) (mkRenamedOptionModule [ "networking" "enableIntel3945ABGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel2100BGFirmware" ] [ "hardware" "enableRedistributableFirmware" ]) (mkRenamedOptionModule [ "networking" "enableIntel2100BGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ]) (mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ]) (mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ]) (mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ])
(mkRenamedOptionModule [ "services" "cadvisor" "host" ] [ "services" "cadvisor" "listenAddress" ])
(mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ] (mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ]
(config: (config:
let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config; let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config;
@ -33,11 +19,7 @@ with lib;
let value = getAttrFromPath [ "services" "ddclient" "domain" ] config; let value = getAttrFromPath [ "services" "ddclient" "domain" ] config;
in if value != "" then [ value ] else [])) in if value != "" then [ value ] else []))
(mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "") (mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "")
(mkRenamedOptionModule [ "services" "elasticsearch" "host" ] [ "services" "elasticsearch" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "api" "host" ] [ "services" "graphite" "api" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "web" "host" ] [ "services" "graphite" "web" "listenAddress" ])
(mkRenamedOptionModule [ "services" "i2pd" "extIp" ] [ "services" "i2pd" "address" ]) (mkRenamedOptionModule [ "services" "i2pd" "extIp" ] [ "services" "i2pd" "address" ])
(mkRenamedOptionModule [ "services" "kibana" "host" ] [ "services" "kibana" "listenAddress" ])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "admissionControl" ] [ "services" "kubernetes" "apiserver" "enableAdmissionPlugins" ]) (mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "admissionControl" ] [ "services" "kubernetes" "apiserver" "enableAdmissionPlugins" ])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "address" ] ["services" "kubernetes" "apiserver" "bindAddress"]) (mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "address" ] ["services" "kubernetes" "apiserver" "bindAddress"])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "port" ] ["services" "kubernetes" "apiserver" "insecurePort"]) (mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "port" ] ["services" "kubernetes" "apiserver" "insecurePort"])
@ -54,7 +36,6 @@ with lib;
(mkRenamedOptionModule [ "services" "kubernetes" "proxy" "address" ] ["services" "kubernetes" "proxy" "bindAddress"]) (mkRenamedOptionModule [ "services" "kubernetes" "proxy" "address" ] ["services" "kubernetes" "proxy" "bindAddress"])
(mkRemovedOptionModule [ "services" "kubernetes" "verbose" ] "") (mkRemovedOptionModule [ "services" "kubernetes" "verbose" ] "")
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ]) (mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
(mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ]) (mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "listenAddress" ] [ "services" "neo4j" "defaultListenAddress" ]) (mkRenamedOptionModule [ "services" "neo4j" "listenAddress" ] [ "services" "neo4j" "defaultListenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "enableBolt" ] [ "services" "neo4j" "bolt" "enable" ]) (mkRenamedOptionModule [ "services" "neo4j" "enableBolt" ] [ "services" "neo4j" "bolt" "enable" ])
@ -64,10 +45,6 @@ with lib;
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.") (mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.") (mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.") (mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
(mkRenamedOptionModule [ "services" "shout" "host" ] [ "services" "shout" "listenAddress" ])
(mkRenamedOptionModule [ "services" "sslh" "host" ] [ "services" "sslh" "listenAddress" ])
(mkRenamedOptionModule [ "services" "statsd" "host" ] [ "services" "statsd" "listenAddress" ])
(mkRenamedOptionModule [ "services" "subsonic" "host" ] [ "services" "subsonic" "listenAddress" ])
(mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ]) (mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
(mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ]) (mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ])
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ]) (mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
@ -91,82 +68,31 @@ with lib;
(mkRenamedOptionModule [ "services" "xserver" "displayManager" "logToJournal" ] [ "services" "xserver" "displayManager" "job" "logToJournal" ]) (mkRenamedOptionModule [ "services" "xserver" "displayManager" "logToJournal" ] [ "services" "xserver" "displayManager" "job" "logToJournal" ])
# Old Grub-related options. # Old Grub-related options.
(mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ])
(mkRenamedOptionModule [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ])
(mkRenamedOptionModule [ "boot" "loader" "grub" "timeout" ] [ "boot" "loader" "timeout" ]) (mkRenamedOptionModule [ "boot" "loader" "grub" "timeout" ] [ "boot" "loader" "timeout" ])
(mkRenamedOptionModule [ "boot" "loader" "gummiboot" "timeout" ] [ "boot" "loader" "timeout" ]) (mkRenamedOptionModule [ "boot" "loader" "gummiboot" "timeout" ] [ "boot" "loader" "timeout" ])
# smartd
(mkRenamedOptionModule [ "services" "smartd" "deviceOpts" ] [ "services" "smartd" "defaults" "monitored" ])
# OpenSSH # OpenSSH
(mkRenamedOptionModule [ "services" "sshd" "ports" ] [ "services" "openssh" "ports" ])
(mkAliasOptionModule [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ]) (mkAliasOptionModule [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ])
(mkRenamedOptionModule [ "services" "sshd" "allowSFTP" ] [ "services" "openssh" "allowSFTP" ])
(mkRenamedOptionModule [ "services" "sshd" "forwardX11" ] [ "services" "openssh" "forwardX11" ])
(mkRenamedOptionModule [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ])
(mkRenamedOptionModule [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ])
(mkRenamedOptionModule [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ])
(mkRenamedOptionModule [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ])
(mkAliasOptionModule [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ]) (mkAliasOptionModule [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ])
# VirtualBox
(mkRenamedOptionModule [ "services" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ])
(mkRenamedOptionModule [ "services" "virtualboxGuest" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ])
(mkRenamedOptionModule [ "programs" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "host" "enable" ])
(mkRenamedOptionModule [ "programs" "virtualbox" "addNetworkInterface" ] [ "virtualisation" "virtualbox" "host" "addNetworkInterface" ])
(mkRenamedOptionModule [ "programs" "virtualbox" "enableHardening" ] [ "virtualisation" "virtualbox" "host" "enableHardening" ])
(mkRenamedOptionModule [ "services" "virtualboxHost" "enable" ] [ "virtualisation" "virtualbox" "host" "enable" ])
(mkRenamedOptionModule [ "services" "virtualboxHost" "addNetworkInterface" ] [ "virtualisation" "virtualbox" "host" "addNetworkInterface" ])
(mkRenamedOptionModule [ "services" "virtualboxHost" "enableHardening" ] [ "virtualisation" "virtualbox" "host" "enableHardening" ])
# libvirtd # libvirtd
(mkRemovedOptionModule [ "virtualisation" "libvirtd" "enableKVM" ] (mkRemovedOptionModule [ "virtualisation" "libvirtd" "enableKVM" ]
"Set the option `virtualisation.libvirtd.qemuPackage' instead.") "Set the option `virtualisation.libvirtd.qemuPackage' instead.")
# Tarsnap
(mkRenamedOptionModule [ "services" "tarsnap" "config" ] [ "services" "tarsnap" "archives" ])
# ibus # ibus
(mkRenamedOptionModule [ "programs" "ibus" "plugins" ] [ "i18n" "inputMethod" "ibus" "engines" ]) (mkRenamedOptionModule [ "programs" "ibus" "plugins" ] [ "i18n" "inputMethod" "ibus" "engines" ])
# proxy
(mkRenamedOptionModule [ "nix" "proxy" ] [ "networking" "proxy" "default" ])
# sandboxing # sandboxing
(mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ]) (mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ])
(mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ]) (mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ])
# KDE
(mkRenamedOptionModule [ "kde" "extraPackages" ] [ "environment" "systemPackages" ])
(mkRenamedOptionModule [ "environment" "kdePackages" ] [ "environment" "systemPackages" ])
# Multiple efi bootloaders now
(mkRenamedOptionModule [ "boot" "loader" "efi" "efibootmgr" "enable" ] [ "boot" "loader" "efi" "canTouchEfiVariables" ])
# NixOS environment changes
# !!! this hardcodes bash, could we detect from config which shell is actually used?
(mkRenamedOptionModule [ "environment" "promptInit" ] [ "programs" "bash" "promptInit" ])
(mkRenamedOptionModule [ "services" "xserver" "driSupport" ] [ "hardware" "opengl" "driSupport" ])
(mkRenamedOptionModule [ "services" "xserver" "driSupport32Bit" ] [ "hardware" "opengl" "driSupport32Bit" ])
(mkRenamedOptionModule [ "services" "xserver" "s3tcSupport" ] [ "hardware" "opengl" "s3tcSupport" ])
(mkRenamedOptionModule [ "hardware" "opengl" "videoDrivers" ] [ "services" "xserver" "videoDrivers" ])
(mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ]) (mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
(mkRenamedOptionModule [ "services" "mysql55" ] [ "services" "mysql" ])
(mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ]) (mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
# opendkim # opendkim
(mkRenamedOptionModule [ "services" "opendkim" "keyFile" ] [ "services" "opendkim" "keyPath" ]) (mkRenamedOptionModule [ "services" "opendkim" "keyFile" ] [ "services" "opendkim" "keyPath" ])
# XBMC
(mkRenamedOptionModule [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
(mkRenamedOptionModule [ "services" "hostapd" "extraCfg" ] [ "services" "hostapd" "extraConfig" ])
# Enlightenment # Enlightenment
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "e19" "enable" ] [ "services" "xserver" "desktopManager" "enlightenment" "enable" ]) (mkRenamedOptionModule [ "services" "xserver" "desktopManager" "e19" "enable" ] [ "services" "xserver" "desktopManager" "enlightenment" "enable" ])

2
nixos/modules/security/duosec.nix
View File

@ -76,7 +76,7 @@ in
}; };
failmode = mkOption { failmode = mkOption {
type = types.enum [ "safe" "enum" ]; type = types.enum [ "safe" "secure" ];
default = "safe"; default = "safe";
description = '' description = ''
On service or configuration errors that prevent Duo On service or configuration errors that prevent Duo

60
nixos/modules/security/pam.nix
View File

@ -48,6 +48,16 @@ let
''; '';
}; };
yubicoAuth = mkOption {
default = config.security.pam.yubico.enable;
type = types.bool;
description = ''
If set, users listed in
<filename>~/.yubico/authorized_yubikeys</filename>
are able to log in with the asociated Yubikey tokens.
'';
};
googleAuthenticator = { googleAuthenticator = {
enable = mkOption { enable = mkOption {
default = false; default = false;
@ -340,6 +350,8 @@ let
"auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"} "auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"}
${let oath = config.security.pam.oath; in optionalString cfg.oathAuth ${let oath = config.security.pam.oath; in optionalString cfg.oathAuth
"auth requisite ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits}"} "auth requisite ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits}"}
${let yubi = config.security.pam.yubico; in optionalString cfg.yubicoAuth
"auth ${yubi.control} ${pkgs.yubico-pam}/lib/security/pam_yubico.so id=${toString yubi.id} ${optionalString yubi.debug "debug"}"}
'' + '' +
# Modules in this block require having the password set in PAM_AUTHTOK. # Modules in this block require having the password set in PAM_AUTHTOK.
# pam_unix is marked as 'sufficient' on NixOS which means nothing will run # pam_unix is marked as 'sufficient' on NixOS which means nothing will run
@ -636,6 +648,54 @@ in
}; };
}; };
security.pam.yubico = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Enables Yubico PAM (<literal>yubico-pam</literal>) module.
If set, users listed in
<filename>~/.yubico/authorized_yubikeys</filename>
are able to log in with the associated Yubikey tokens.
The file must have only one line:
<literal>username:yubikey_token_id1:yubikey_token_id2</literal>
More information can be found <link
xlink:href="https://developers.yubico.com/yubico-pam/">here</link>.
'';
};
control = mkOption {
default = "sufficient";
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
description = ''
This option sets pam "control".
If you want to have multi factor authentication, use "required".
If you want to use Yubikey instead of regular password, use "sufficient".
Read
<citerefentry>
<refentrytitle>pam.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
for better understanding of this option.
'';
};
id = mkOption {
example = "42";
type = types.string;
description = "client id";
};
debug = mkOption {
default = false;
type = types.bool;
description = ''
Debug output to stderr.
'';
};
};
security.pam.enableEcryptfs = mkOption { security.pam.enableEcryptfs = mkOption {
default = false; default = false;
description = '' description = ''

199
nixos/modules/security/systemd-confinement.nix Normal file
View File

@ -0,0 +1,199 @@
{ config, pkgs, lib, ... }:
let
toplevelConfig = config;
inherit (lib) types;
inherit (import ../system/boot/systemd-lib.nix {
inherit config pkgs lib;
}) mkPathSafeName;
in {
options.systemd.services = lib.mkOption {
type = types.attrsOf (types.submodule ({ name, config, ... }: {
options.confinement.enable = lib.mkOption {
type = types.bool;
default = false;
description = ''
If set, all the required runtime store paths for this service are
bind-mounted into a <literal>tmpfs</literal>-based <citerefentry>
<refentrytitle>chroot</refentrytitle>
<manvolnum>2</manvolnum>
</citerefentry>.
'';
};
options.confinement.fullUnit = lib.mkOption {
type = types.bool;
default = false;
description = ''
Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
<warning><para>While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate. It's better
to use <option>confinement.packages</option> to <emphasis
role="strong">explicitly</emphasis> add additional store paths to the
chroot.</para></warning>
'';
};
options.confinement.packages = lib.mkOption {
type = types.listOf (types.either types.str types.package);
default = [];
description = let
mkScOption = optName: "<option>serviceConfig.${optName}</option>";
in ''
Additional packages or strings with context to add to the closure of
the chroot. By default, this includes all the packages from the
${lib.concatMapStringsSep ", " mkScOption [
"ExecReload" "ExecStartPost" "ExecStartPre" "ExecStop"
"ExecStopPost"
]} and ${mkScOption "ExecStart"} options. If you want to have all the
dependencies of this systemd unit, you can use
<option>confinement.fullUnit</option>.
<note><para>The store paths listed in <option>path</option> are
<emphasis role="strong">not</emphasis> included in the closure as
well as paths from other options except those listed
above.</para></note>
'';
};
options.confinement.binSh = lib.mkOption {
type = types.nullOr types.path;
default = toplevelConfig.environment.binsh;
defaultText = "config.environment.binsh";
example = lib.literalExample "\${pkgs.dash}/bin/dash";
description = ''
The program to make available as <filename>/bin/sh</filename> inside
the chroot. If this is set to <literal>null</literal>, no
<filename>/bin/sh</filename> is provided at all.
This is useful for some applications, which for example use the
<citerefentry>
<refentrytitle>system</refentrytitle>
<manvolnum>3</manvolnum>
</citerefentry> library function to execute commands.
'';
};
options.confinement.mode = lib.mkOption {
type = types.enum [ "full-apivfs" "chroot-only" ];
default = "full-apivfs";
description = ''
The value <literal>full-apivfs</literal> (the default) sets up
private <filename class="directory">/dev</filename>, <filename
class="directory">/proc</filename>, <filename
class="directory">/sys</filename> and <filename
class="directory">/tmp</filename> file systems in a separate user
name space.
If this is set to <literal>chroot-only</literal>, only the file
system name space is set up along with the call to <citerefentry>
<refentrytitle>chroot</refentrytitle>
<manvolnum>2</manvolnum>
</citerefentry>.
<note><para>This doesn't cover network namespaces and is solely for
file system level isolation.</para></note>
'';
};
config = let
rootName = "${mkPathSafeName name}-chroot";
inherit (config.confinement) binSh fullUnit;
wantsAPIVFS = lib.mkDefault (config.confinement.mode == "full-apivfs");
in lib.mkIf config.confinement.enable {
serviceConfig = {
RootDirectory = pkgs.runCommand rootName {} "mkdir \"$out\"";
TemporaryFileSystem = "/";
PrivateMounts = lib.mkDefault true;
# https://github.com/NixOS/nixpkgs/issues/14645 is a future attempt
# to change some of these to default to true.
#
# If we run in chroot-only mode, having something like PrivateDevices
# set to true by default will mount /dev within the chroot, whereas
# with "chroot-only" it's expected that there are no /dev, /proc and
# /sys file systems available.
#
# However, if this suddenly becomes true, the attack surface will
# increase, so let's explicitly set these options to true/false
# depending on the mode.
MountAPIVFS = wantsAPIVFS;
PrivateDevices = wantsAPIVFS;
PrivateTmp = wantsAPIVFS;
PrivateUsers = wantsAPIVFS;
ProtectControlGroups = wantsAPIVFS;
ProtectKernelModules = wantsAPIVFS;
ProtectKernelTunables = wantsAPIVFS;
};
confinement.packages = let
execOpts = [
"ExecReload" "ExecStart" "ExecStartPost" "ExecStartPre" "ExecStop"
"ExecStopPost"
];
execPkgs = lib.concatMap (opt: let
isSet = config.serviceConfig ? ${opt};
in lib.optional isSet config.serviceConfig.${opt}) execOpts;
unitAttrs = toplevelConfig.systemd.units."${name}.service";
allPkgs = lib.singleton (builtins.toJSON unitAttrs);
unitPkgs = if fullUnit then allPkgs else execPkgs;
in unitPkgs ++ lib.optional (binSh != null) binSh;
};
}));
};
config.assertions = lib.concatLists (lib.mapAttrsToList (name: cfg: let
whatOpt = optName: "The 'serviceConfig' option '${optName}' for"
+ " service '${name}' is enabled in conjunction with"
+ " 'confinement.enable'";
in lib.optionals cfg.confinement.enable [
{ assertion = !cfg.serviceConfig.RootDirectoryStartOnly or false;
message = "${whatOpt "RootDirectoryStartOnly"}, but right now systemd"
+ " doesn't support restricting bind-mounts to 'ExecStart'."
+ " Please either define a separate service or find a way to run"
+ " commands other than ExecStart within the chroot.";
}
{ assertion = !cfg.serviceConfig.DynamicUser or false;
message = "${whatOpt "DynamicUser"}. Please create a dedicated user via"
+ " the 'users.users' option instead as this combination is"
+ " currently not supported.";
}
]) config.systemd.services);
config.systemd.packages = lib.concatLists (lib.mapAttrsToList (name: cfg: let
rootPaths = let
contents = lib.concatStringsSep "\n" cfg.confinement.packages;
in pkgs.writeText "${mkPathSafeName name}-string-contexts.txt" contents;
chrootPaths = pkgs.runCommand "${mkPathSafeName name}-chroot-paths" {
closureInfo = pkgs.closureInfo { inherit rootPaths; };
serviceName = "${name}.service";
excludedPath = rootPaths;
} ''
mkdir -p "$out/lib/systemd/system"
serviceFile="$out/lib/systemd/system/$serviceName"
echo '[Service]' > "$serviceFile"
# /bin/sh is special here, because the option value could contain a
# symlink and we need to properly resolve it.
${lib.optionalString (cfg.confinement.binSh != null) ''
binsh=${lib.escapeShellArg cfg.confinement.binSh}
realprog="$(readlink -e "$binsh")"
echo "BindReadOnlyPaths=$realprog:/bin/sh" >> "$serviceFile"
''}
while read storePath; do
if [ -L "$storePath" ]; then
# Currently, systemd can't cope with symlinks in Bind(ReadOnly)Paths,
# so let's just bind-mount the target to that location.
echo "BindReadOnlyPaths=$(readlink -e "$storePath"):$storePath"
elif [ "$storePath" != "$excludedPath" ]; then
echo "BindReadOnlyPaths=$storePath"
fi
done < "$closureInfo/store-paths" >> "$serviceFile"
'';
in lib.optional cfg.confinement.enable chrootPaths) config.systemd.services);
}

6
nixos/modules/services/continuous-integration/buildbot/master.nix
View File

@ -199,10 +199,10 @@ in {
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.pythonPackages.buildbot-full; default = pkgs.python3Packages.buildbot-full;
defaultText = "pkgs.pythonPackages.buildbot-full"; defaultText = "pkgs.python3Packages.buildbot-full";
description = "Package to use for buildbot."; description = "Package to use for buildbot.";
example = literalExample "pkgs.python3Packages.buildbot-full"; example = literalExample "pkgs.python3Packages.buildbot";
}; };
packages = mkOption { packages = mkOption {

6
nixos/modules/services/continuous-integration/buildbot/worker.nix
View File

@ -118,10 +118,10 @@ in {
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.pythonPackages.buildbot-worker; default = pkgs.python3Packages.buildbot-worker;
defaultText = "pkgs.pythonPackages.buildbot-worker"; defaultText = "pkgs.python3Packages.buildbot-worker";
description = "Package to use for buildbot worker."; description = "Package to use for buildbot worker.";
example = literalExample "pkgs.python3Packages.buildbot-worker"; example = literalExample "pkgs.python2Packages.buildbot-worker";
}; };
packages = mkOption { packages = mkOption {

82
nixos/modules/services/databases/mysql.nix
View File

@ -103,6 +103,24 @@ in
}; };
initialDatabases = mkOption { initialDatabases = mkOption {
type = types.listOf (types.submodule {
options = {
name = mkOption {
type = types.str;
description = ''
The name of the database to create.
'';
};
schema = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
The initial schema of the database; if null (the default),
an empty database is created.
'';
};
};
});
default = []; default = [];
description = '' description = ''
List of database names and their initial schemas that should be used to create databases on the first startup List of database names and their initial schemas that should be used to create databases on the first startup
@ -115,11 +133,13 @@ in
}; };
initialScript = mkOption { initialScript = mkOption {
type = types.nullOr types.lines;
default = null; default = null;
description = "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database"; description = "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database";
}; };
ensureDatabases = mkOption { ensureDatabases = mkOption {
type = types.listOf types.str;
default = []; default = [];
description = '' description = ''
Ensures that the specified databases exist. Ensures that the specified databases exist.
@ -134,6 +154,38 @@ in
}; };
ensureUsers = mkOption { ensureUsers = mkOption {
type = types.listOf (types.submodule {
options = {
name = mkOption {
type = types.str;
description = ''
Name of the user to ensure.
'';
};
ensurePermissions = mkOption {
type = types.attrsOf types.str;
default = {};
description = ''
Permissions to ensure for the user, specified as attribute set.
The attribute names specify the database and tables to grant the permissions for,
separated by a dot. You may use wildcards here.
The attribute values specfiy the permissions to grant.
You may specify one or multiple comma-separated SQL privileges here.
For more information on how to specify the target
and on which privileges exist, see the
<link xlink:href="https://mariadb.com/kb/en/library/grant/">GRANT syntax</link>.
The attributes are used as <code>GRANT ''${attrName} ON ''${attrValue}</code>.
'';
example = literalExample ''
{
"database.*" = "ALL PRIVILEGES";
"*.*" = "SELECT, LOCK TABLES";
}
'';
};
};
});
default = []; default = [];
description = '' description = ''
Ensures that the specified users exist and have at least the ensured permissions. Ensures that the specified users exist and have at least the ensured permissions.
@ -143,20 +195,22 @@ in
option is changed. This means that users created and permissions assigned once through this option or option is changed. This means that users created and permissions assigned once through this option or
otherwise have to be removed manually. otherwise have to be removed manually.
''; '';
example = literalExample ''[ example = literalExample ''
{ [
name = "nextcloud"; {
ensurePermissions = { name = "nextcloud";
"nextcloud.*" = "ALL PRIVILEGES"; ensurePermissions = {
}; "nextcloud.*" = "ALL PRIVILEGES";
} };
{ }
name = "backup"; {
ensurePermissions = { name = "backup";
"*.*" = "SELECT, LOCK TABLES"; ensurePermissions = {
}; "*.*" = "SELECT, LOCK TABLES";
} };
]''; }
]
'';
}; };
# FIXME: remove this option; it's a really bad idea. # FIXME: remove this option; it's a really bad idea.

94
nixos/modules/services/databases/openldap.nix
View File

@ -8,7 +8,20 @@ let
openldap = pkgs.openldap; openldap = pkgs.openldap;
dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents; dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents;
configFile = pkgs.writeText "slapd.conf" cfg.extraConfig; configFile = pkgs.writeText "slapd.conf" ((optionalString cfg.defaultSchemas ''
include ${pkgs.openldap.out}/etc/schema/core.schema
include ${pkgs.openldap.out}/etc/schema/cosine.schema
include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema
include ${pkgs.openldap.out}/etc/schema/nis.schema
'') + ''
${cfg.extraConfig}
database ${cfg.database}
suffix ${cfg.suffix}
rootdn ${cfg.rootdn}
rootpw ${cfg.rootpw}
directory ${cfg.dataDir}
${cfg.extraDatabaseConfig}
'');
configOpts = if cfg.configDir == null then "-f ${configFile}" configOpts = if cfg.configDir == null then "-f ${configFile}"
else "-F ${cfg.configDir}"; else "-F ${cfg.configDir}";
in in
@ -54,6 +67,52 @@ in
description = "The database directory."; description = "The database directory.";
}; };
defaultSchemas = mkOption {
type = types.bool;
default = true;
description = ''
Include the default schemas core, cosine, inetorgperson and nis.
This setting will be ignored if configDir is set.
'';
};
database = mkOption {
type = types.str;
default = "mdb";
description = ''
Database type to use for the LDAP.
This setting will be ignored if configDir is set.
'';
};
suffix = mkOption {
type = types.str;
example = "dc=example,dc=org";
description = ''
Specify the DN suffix of queries that will be passed to this backend
database.
This setting will be ignored if configDir is set.
'';
};
rootdn = mkOption {
type = types.str;
example = "cn=admin,dc=example,dc=org";
description = ''
Specify the distinguished name that is not subject to access control
or administrative limit restrictions for operations on this database.
This setting will be ignored if configDir is set.
'';
};
rootpw = mkOption {
type = types.str;
description = ''
Password for the root user.
This setting will be ignored if configDir is set.
'';
};
logLevel = mkOption { logLevel = mkOption {
type = types.str; type = types.str;
default = "0"; default = "0";
@ -118,6 +177,39 @@ in
# ... # ...
''; '';
}; };
extraDatabaseConfig = mkOption {
type = types.lines;
default = "";
description = ''
slapd.conf configuration after the database option.
This setting will be ignored if configDir is set.
'';
example = ''
# Indices to maintain for this directory
# unique id so equality match only
index uid eq
# allows general searching on commonname, givenname and email
index cn,gn,mail eq,sub
# allows multiple variants on surname searching
index sn eq,sub
# sub above includes subintial,subany,subfinal
# optimise department searches
index ou eq
# if searches will include objectClass uncomment following
# index objectClass eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber
# other database parameters
# read more in slapd.conf reference section
cachesize 10000
checkpoint 128 15
'';
};
}; };
}; };

1
nixos/modules/services/databases/postgresql.nix
View File

@ -238,6 +238,7 @@ in
User = "postgres"; User = "postgres";
Group = "postgres"; Group = "postgres";
PermissionsStartOnly = true; PermissionsStartOnly = true;
RuntimeDirectory = "postgresql";
Type = if lib.versionAtLeast cfg.package.version "9.6" Type = if lib.versionAtLeast cfg.package.version "9.6"
then "notify" then "notify"
else "simple"; else "simple";

2
nixos/modules/services/desktops/gsignond.nix
View File

@ -9,6 +9,8 @@ let
in in
{ {
meta.maintainers = pkgs.pantheon.maintainers;
###### interface ###### interface
options = { options = {

2
nixos/modules/services/desktops/pantheon/contractor.nix
View File

@ -6,6 +6,8 @@ with lib;
{ {
meta.maintainers = pkgs.pantheon.maintainers;
###### interface ###### interface
options = { options = {

2
nixos/modules/services/desktops/pantheon/files.nix
View File

@ -6,6 +6,8 @@ with lib;
{ {
meta.maintainers = pkgs.pantheon.maintainers;
###### interface ###### interface
options = { options = {

60
nixos/modules/services/mail/mailcatcher.nix Normal file
View File

@ -0,0 +1,60 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.mailcatcher;
inherit (lib) mkEnableOption mkIf mkOption types;
in
{
# interface
options = {
services.mailcatcher = {
enable = mkEnableOption "Enable MailCatcher.";
http.ip = mkOption {
type = types.str;
default = "127.0.0.1";
description = "The ip address of the http server.";
};
http.port = mkOption {
type = types.port;
default = 1080;
description = "The port address of the http server.";
};
smtp.ip = mkOption {
type = types.str;
default = "127.0.0.1";
description = "The ip address of the smtp server.";
};
smtp.port = mkOption {
type = types.port;
default = 1025;
description = "The port address of the smtp server.";
};
};
};
# implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.mailcatcher ];
systemd.services.mailcatcher = {
description = "MailCatcher Service";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
Restart = "always";
ExecStart = "${pkgs.mailcatcher}/bin/mailcatcher --foreground --no-quit --http-ip ${cfg.http.ip} --http-port ${toString cfg.http.port} --smtp-ip ${cfg.smtp.ip} --smtp-port ${toString cfg.smtp.port}";
};
};
};
}

23
nixos/modules/services/misc/docker-registry.nix
View File

@ -14,9 +14,10 @@ let
log.fields.service = "registry"; log.fields.service = "registry";
storage = { storage = {
cache.blobdescriptor = blobCache; cache.blobdescriptor = blobCache;
filesystem.rootdirectory = cfg.storagePath;
delete.enabled = cfg.enableDelete; delete.enabled = cfg.enableDelete;
}; } // (if cfg.storagePath != null
then { filesystem.rootdirectory = cfg.storagePath; }
else {});
http = { http = {
addr = "${cfg.listenAddress}:${builtins.toString cfg.port}"; addr = "${cfg.listenAddress}:${builtins.toString cfg.port}";
headers.X-Content-Type-Options = ["nosniff"]; headers.X-Content-Type-Options = ["nosniff"];
@ -61,9 +62,12 @@ in {
}; };
storagePath = mkOption { storagePath = mkOption {
type = types.path; type = types.nullOr types.path;
default = "/var/lib/docker-registry"; default = "/var/lib/docker-registry";
description = "Docker registry storage path."; description = ''
Docker registry storage path for the filesystem storage backend. Set to
null to configure another backend via extraConfig.
'';
}; };
enableDelete = mkOption { enableDelete = mkOption {
@ -140,9 +144,12 @@ in {
startAt = optional cfg.enableGarbageCollect cfg.garbageCollectDates; startAt = optional cfg.enableGarbageCollect cfg.garbageCollectDates;
}; };
users.users.docker-registry = { users.users.docker-registry =
createHome = true; if cfg.storagePath != null
home = cfg.storagePath; then {
}; createHome = true;
home = cfg.storagePath;
}
else {};
}; };
} }

40
nixos/modules/services/misc/gitlab.nix
View File

@ -160,6 +160,22 @@ let
''; '';
}; };
gitlab-rails = pkgs.stdenv.mkDerivation rec {
name = "gitlab-rails";
buildInputs = [ pkgs.makeWrapper ];
dontBuild = true;
unpackPhase = ":";
installPhase = ''
mkdir -p $out/bin
makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rails $out/bin/gitlab-rails \
${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \
--run 'cd ${cfg.packages.gitlab}/share/gitlab'
'';
};
extraGitlabRb = pkgs.writeText "extra-gitlab.rb" cfg.extraGitlabRb;
smtpSettings = pkgs.writeText "gitlab-smtp-settings.rb" '' smtpSettings = pkgs.writeText "gitlab-smtp-settings.rb" ''
if Rails.env.production? if Rails.env.production?
Rails.application.config.action_mailer.delivery_method = :smtp Rails.application.config.action_mailer.delivery_method = :smtp
@ -266,6 +282,26 @@ in {
description = "Extra configuration in config/database.yml."; description = "Extra configuration in config/database.yml.";
}; };
extraGitlabRb = mkOption {
type = types.str;
default = "";
example = ''
if Rails.env.production?
Rails.application.config.action_mailer.delivery_method = :sendmail
ActionMailer::Base.delivery_method = :sendmail
ActionMailer::Base.sendmail_settings = {
location: "/run/wrappers/bin/sendmail",
arguments: "-i -t"
}
end
'';
description = ''
Extra configuration to be placed in config/extra-gitlab.rb. This can
be used to add configuration not otherwise exposed through this module's
options.
'';
};
host = mkOption { host = mkOption {
type = types.str; type = types.str;
default = config.networking.hostName; default = config.networking.hostName;
@ -439,7 +475,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.git gitlab-rake cfg.packages.gitlab-shell ]; environment.systemPackages = [ pkgs.git gitlab-rake gitlab-rails cfg.packages.gitlab-shell ];
# Redis is required for the sidekiq queue runner. # Redis is required for the sidekiq queue runner.
services.redis.enable = mkDefault true; services.redis.enable = mkDefault true;
@ -512,6 +548,7 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = with pkgs; [ path = with pkgs; [
openssh openssh
procps # See https://gitlab.com/gitlab-org/gitaly/issues/1562
gitAndTools.git gitAndTools.git
cfg.packages.gitaly.rubyEnv cfg.packages.gitaly.rubyEnv
cfg.packages.gitaly.rubyEnv.wrappedRuby cfg.packages.gitaly.rubyEnv.wrappedRuby
@ -586,6 +623,7 @@ in {
[ -L /run/gitlab/uploads ] || ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads [ -L /run/gitlab/uploads ] || ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads
cp ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION cp ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
ln -sf ${extraGitlabRb} ${cfg.statePath}/config/initializers/extra-gitlab.rb
${optionalString cfg.smtp.enable '' ${optionalString cfg.smtp.enable ''
ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb
''} ''}

2
nixos/modules/services/misc/plex.nix
View File

@ -146,7 +146,7 @@ in
PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS="6"; PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS="6";
PLEX_MEDIA_SERVER_TMPDIR="/tmp"; PLEX_MEDIA_SERVER_TMPDIR="/tmp";
PLEX_MEDIA_SERVER_USE_SYSLOG="true"; PLEX_MEDIA_SERVER_USE_SYSLOG="true";
LD_LIBRARY_PATH="/run/opengl-driver/lib:${cfg.package}/usr/lib/plexmediaserver"; LD_LIBRARY_PATH="/run/opengl-driver/lib:${cfg.package}/usr/lib/plexmediaserver/lib";
LC_ALL="en_US.UTF-8"; LC_ALL="en_US.UTF-8";
LANG="en_US.UTF-8"; LANG="en_US.UTF-8";
}; };

13
nixos/modules/services/networking/firewall.nix
View File

@ -261,10 +261,14 @@ let
fi fi
''; '';
canonicalizePortList =
ports: lib.unique (builtins.sort builtins.lessThan ports);
commonOptions = { commonOptions = {
allowedTCPPorts = mkOption { allowedTCPPorts = mkOption {
type = types.listOf types.int; type = types.listOf types.port;
default = [ ]; default = [ ];
apply = canonicalizePortList;
example = [ 22 80 ]; example = [ 22 80 ];
description = description =
'' ''
@ -274,7 +278,7 @@ let
}; };
allowedTCPPortRanges = mkOption { allowedTCPPortRanges = mkOption {
type = types.listOf (types.attrsOf types.int); type = types.listOf (types.attrsOf types.port);
default = [ ]; default = [ ];
example = [ { from = 8999; to = 9003; } ]; example = [ { from = 8999; to = 9003; } ];
description = description =
@ -285,8 +289,9 @@ let
}; };
allowedUDPPorts = mkOption { allowedUDPPorts = mkOption {
type = types.listOf types.int; type = types.listOf types.port;
default = [ ]; default = [ ];
apply = canonicalizePortList;
example = [ 53 ]; example = [ 53 ];
description = description =
'' ''
@ -295,7 +300,7 @@ let
}; };
allowedUDPPortRanges = mkOption { allowedUDPPortRanges = mkOption {
type = types.listOf (types.attrsOf types.int); type = types.listOf (types.attrsOf types.port);
default = [ ]; default = [ ];
example = [ { from = 60000; to = 61000; } ]; example = [ { from = 60000; to = 61000; } ];
description = description =

118
nixos/modules/services/networking/quicktun.nix Normal file
View File

@ -0,0 +1,118 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.quicktun;
in
with lib;
{
options = {
services.quicktun = mkOption {
default = { };
description = "QuickTun tunnels";
type = types.attrsOf (types.submodule {
options = {
tunMode = mkOption {
type = types.int;
default = 0;
example = 1;
description = "";
};
remoteAddress = mkOption {
type = types.str;
example = "tunnel.example.com";
description = "";
};
localAddress = mkOption {
type = types.str;
example = "0.0.0.0";
description = "";
};
localPort = mkOption {
type = types.int;
default = 2998;
description = "";
};
remotePort = mkOption {
type = types.int;
default = 2998;
description = "";
};
remoteFloat = mkOption {
type = types.int;
default = 0;
description = "";
};
protocol = mkOption {
type = types.str;
default = "nacltai";
description = "";
};
privateKey = mkOption {
type = types.str;
description = "";
};
publicKey = mkOption {
type = types.str;
description = "";
};
timeWindow = mkOption {
type = types.int;
default = 5;
description = "";
};
upScript = mkOption {
type = types.lines;
default = "";
description = "";
};
};
});
};
};
config = mkIf (cfg != []) {
systemd.services = fold (a: b: a // b) {} (
mapAttrsToList (name: qtcfg: {
"quicktun-${name}" = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = {
"INTERFACE" = name;
"TUN_MODE" = toString qtcfg.tunMode;
"REMOTE_ADDRESS" = qtcfg.remoteAddress;
"LOCAL_ADDRESS" = qtcfg.localAddress;
"LOCAL_PORT" = toString qtcfg.localPort;
"REMOTE_PORT" = toString qtcfg.remotePort;
"REMOTE_FLOAT" = toString qtcfg.remoteFloat;
"PRIVATE_KEY" = qtcfg.privateKey;
"PUBLIC_KEY" = qtcfg.publicKey;
"TIME_WINDOW" = toString qtcfg.timeWindow;
"TUN_UP_SCRIPT" = pkgs.writeScript "quicktun-${name}-up.sh" qtcfg.upScript;
"SUID" = "nobody";
};
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.quicktun}/bin/quicktun.${qtcfg.protocol}";
};
};
}) cfg
);
};
}

4
nixos/modules/services/scheduling/cron.nix
View File

@ -64,8 +64,8 @@ in
sendmail. See <option>security.wrappers</option> sendmail. See <option>security.wrappers</option>
If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root
will is allowed to have its own crontab file. The /var/cron/cron.deny file is allowed to have its own crontab file. The /var/cron/cron.deny file
is created automatically for you. So every user can use a crontab. is created automatically for you, so every user can use a crontab.
Many nixos modules set systemCronJobs, so if you decide to disable vixie cron Many nixos modules set systemCronJobs, so if you decide to disable vixie cron
and enable another cron daemon, you may want it to get its system crontab and enable another cron daemon, you may want it to get its system crontab

2
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -172,7 +172,7 @@ in {
Database host. Database host.
Note: for using Unix authentication with PostgreSQL, this should be Note: for using Unix authentication with PostgreSQL, this should be
set to <literal>/tmp</literal>. set to <literal>/run/postgresql</literal>.
''; '';
}; };
dbport = mkOption { dbport = mkOption {

2
nixos/modules/services/web-apps/nextcloud.xml
View File

@ -33,7 +33,7 @@
config = { config = {
<link linkend="opt-services.nextcloud.config.dbtype">dbtype</link> = "pgsql"; <link linkend="opt-services.nextcloud.config.dbtype">dbtype</link> = "pgsql";
<link linkend="opt-services.nextcloud.config.dbuser">dbuser</link> = "nextcloud"; <link linkend="opt-services.nextcloud.config.dbuser">dbuser</link> = "nextcloud";
<link linkend="opt-services.nextcloud.config.dbhost">dbhost</link> = "/tmp"; # nextcloud will add /.s.PGSQL.5432 by itself <link linkend="opt-services.nextcloud.config.dbhost">dbhost</link> = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
<link linkend="opt-services.nextcloud.config.dbname">dbname</link> = "nextcloud"; <link linkend="opt-services.nextcloud.config.dbname">dbname</link> = "nextcloud";
<link linkend="opt-services.nextcloud.config.adminpassFile">adminpassFile</link> = "/path/to/admin-pass-file"; <link linkend="opt-services.nextcloud.config.adminpassFile">adminpassFile</link> = "/path/to/admin-pass-file";
<link linkend="opt-services.nextcloud.config.adminuser">adminuser</link> = "root"; <link linkend="opt-services.nextcloud.config.adminuser">adminuser</link> = "root";

20
nixos/modules/services/web-servers/meguca.nix
View File

@ -86,11 +86,19 @@ in with lib; {
default = false; default = false;
description = "Serve and listen only through HTTPS."; description = "Serve and listen only through HTTPS.";
}; };
videoPaths = mkOption {
type = types.listOf types.path;
default = [];
example = [ "/home/okina/Videos/tehe_pero.webm" ];
description = "Videos that will be symlinked into www/videos.";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
security.sudo.enable = cfg.enable; security.sudo.enable = cfg.enable;
services.postgresql.enable = cfg.enable; services.postgresql.enable = cfg.enable;
services.postgresql.package = pkgs.postgresql_11;
services.meguca.passwordFile = mkDefault (pkgs.writeText "meguca-password-file" cfg.password); services.meguca.passwordFile = mkDefault (pkgs.writeText "meguca-password-file" cfg.password);
services.meguca.postgresArgsFile = mkDefault (pkgs.writeText "meguca-postgres-args" cfg.postgresArgs); services.meguca.postgresArgsFile = mkDefault (pkgs.writeText "meguca-postgres-args" cfg.postgresArgs);
services.meguca.postgresArgs = mkDefault "user=meguca password=${cfg.password} dbname=meguca sslmode=disable"; services.meguca.postgresArgs = mkDefault "user=meguca password=${cfg.password} dbname=meguca sslmode=disable";
@ -102,8 +110,16 @@ in with lib; {
preStart = '' preStart = ''
# Ensure folder exists or create it and links and permissions are correct # Ensure folder exists or create it and links and permissions are correct
mkdir -p ${escapeShellArg cfg.dataDir} mkdir -p ${escapeShellArg cfg.dataDir}/www
ln -sf ${pkgs.meguca}/share/meguca/www ${escapeShellArg cfg.dataDir} rm -rf ${escapeShellArg cfg.dataDir}/www/videos
ln -sf ${pkgs.meguca}/share/meguca/www/* ${escapeShellArg cfg.dataDir}/www
unlink ${escapeShellArg cfg.dataDir}/www/videos
mkdir -p ${escapeShellArg cfg.dataDir}/www/videos
for vid in ${escapeShellArg cfg.videoPaths}; do
ln -sf $vid ${escapeShellArg cfg.dataDir}/www/videos
done
chmod 750 ${escapeShellArg cfg.dataDir} chmod 750 ${escapeShellArg cfg.dataDir}
chown -R meguca:meguca ${escapeShellArg cfg.dataDir} chown -R meguca:meguca ${escapeShellArg cfg.dataDir}

19
nixos/modules/services/x11/colord.nix
View File

@ -18,22 +18,23 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.colord ];
services.dbus.packages = [ pkgs.colord ]; services.dbus.packages = [ pkgs.colord ];
services.udev.packages = [ pkgs.colord ]; services.udev.packages = [ pkgs.colord ];
environment.systemPackages = [ pkgs.colord ]; systemd.packages = [ pkgs.colord ];
systemd.services.colord = { environment.etc."tmpfiles.d/colord.conf".source = "${pkgs.colord}/lib/tmpfiles.d/colord.conf";
description = "Manage, Install and Generate Color Profiles";
serviceConfig = { users.users.colord = {
Type = "dbus"; home = "/var/lib/colord";
BusName = "org.freedesktop.ColorManager"; group = "colord";
ExecStart = "${pkgs.colord}/libexec/colord";
PrivateTmp = true;
};
}; };
users.groups.colord = {};
}; };
} }

3
nixos/modules/services/x11/desktop-managers/pantheon.nix
View File

@ -14,6 +14,9 @@ let
in in
{ {
meta.maintainers = pkgs.pantheon.maintainers;
options = { options = {
services.xserver.desktopManager.pantheon = { services.xserver.desktopManager.pantheon = {

2
nixos/modules/services/x11/window-managers/dwm.nix
View File

@ -25,7 +25,7 @@ in
{ name = "dwm"; { name = "dwm";
start = start =
'' ''
${pkgs.dwm}/bin/dwm & dwm &
waitPID=$! waitPID=$!
''; '';
}; };

9
nixos/modules/system/boot/systemd-lib.nix
View File

@ -9,12 +9,11 @@ in rec {
shellEscape = s: (replaceChars [ "\\" ] [ "\\\\" ] s); shellEscape = s: (replaceChars [ "\\" ] [ "\\\\" ] s);
mkPathSafeName = lib.replaceChars ["@" ":" "\\" "[" "]"] ["-" "-" "-" "" ""];
makeUnit = name: unit: makeUnit = name: unit:
let
pathSafeName = lib.replaceChars ["@" ":" "\\" "[" "]"] ["-" "-" "-" "" ""] name;
in
if unit.enable then if unit.enable then
pkgs.runCommand "unit-${pathSafeName}" pkgs.runCommand "unit-${mkPathSafeName name}"
{ preferLocalBuild = true; { preferLocalBuild = true;
allowSubstitutes = false; allowSubstitutes = false;
inherit (unit) text; inherit (unit) text;
@ -24,7 +23,7 @@ in rec {
echo -n "$text" > $out/${shellEscape name} echo -n "$text" > $out/${shellEscape name}
'' ''
else else
pkgs.runCommand "unit-${pathSafeName}-disabled" pkgs.runCommand "unit-${mkPathSafeName name}-disabled"
{ preferLocalBuild = true; { preferLocalBuild = true;
allowSubstitutes = false; allowSubstitutes = false;
} }

14
nixos/modules/virtualisation/containers.nix
View File

@ -36,8 +36,9 @@ let
#! ${pkgs.runtimeShell} -e #! ${pkgs.runtimeShell} -e
# Initialise the container side of the veth pair. # Initialise the container side of the veth pair.
if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ] || [ -n "$HOST_BRIDGE" ]; then if [ -n "$HOST_ADDRESS" ] || [ -n "$HOST_ADDRESS6" ] ||
[ -n "$LOCAL_ADDRESS" ] || [ -n "$LOCAL_ADDRESS6" ] ||
[ -n "$HOST_BRIDGE" ]; then
ip link set host0 name eth0 ip link set host0 name eth0
ip link set dev eth0 up ip link set dev eth0 up
@ -88,7 +89,8 @@ let
extraFlags+=" --private-network" extraFlags+=" --private-network"
fi fi
if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ]; then if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ] ||
[ -n "$HOST_ADDRESS6" ] || [ -n "$LOCAL_ADDRESS6" ]; then
extraFlags+=" --network-veth" extraFlags+=" --network-veth"
fi fi
@ -159,7 +161,8 @@ let
# Clean up existing machined registration and interfaces. # Clean up existing machined registration and interfaces.
machinectl terminate "$INSTANCE" 2> /dev/null || true machinectl terminate "$INSTANCE" 2> /dev/null || true
if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ]; then if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ] ||
[ -n "$HOST_ADDRESS6" ] || [ -n "$LOCAL_ADDRESS6" ]; then
ip link del dev "ve-$INSTANCE" 2> /dev/null || true ip link del dev "ve-$INSTANCE" 2> /dev/null || true
ip link del dev "vb-$INSTANCE" 2> /dev/null || true ip link del dev "vb-$INSTANCE" 2> /dev/null || true
fi fi
@ -208,7 +211,8 @@ let
''; '';
in in
'' ''
if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ]; then if [ -n "$HOST_ADDRESS" ] || [ -n "$LOCAL_ADDRESS" ] ||
[ -n "$HOST_ADDRESS6" ] || [ -n "$LOCAL_ADDRESS6" ]; then
if [ -z "$HOST_BRIDGE" ]; then if [ -z "$HOST_BRIDGE" ]; then
ifaceHost=ve-$INSTANCE ifaceHost=ve-$INSTANCE
ip link set dev $ifaceHost up ip link set dev $ifaceHost up

233
nixos/modules/virtualisation/docker-containers.nix Normal file
View File

@ -0,0 +1,233 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.docker-containers;
dockerContainer =
{ name, config, ... }: {
options = {
image = mkOption {
type = types.str;
description = "Docker image to run.";
example = "library/hello-world";
};
cmd = mkOption {
type = with types; listOf str;
default = [];
description = "Commandline arguments to pass to the image's entrypoint.";
example = literalExample ''
["--port=9000"]
'';
};
entrypoint = mkOption {
type = with types; nullOr str;
description = "Overwrite the default entrypoint of the image.";
default = null;
example = "/bin/my-app";
};
environment = mkOption {
type = with types; attrsOf str;
default = {};
description = "Environment variables to set for this container.";
example = literalExample ''
{
DATABASE_HOST = "db.example.com";
DATABASE_PORT = "3306";
}
'';
};
log-driver = mkOption {
type = types.str;
default = "none";
description = ''
Logging driver for the container. The default of
<literal>"none"</literal> means that the container's logs will be
handled as part of the systemd unit. Setting this to
<literal>"journald"</literal> will result in duplicate logging, but
the container's logs will be visible to the <command>docker
logs</command> command.
For more details and a full list of logging drivers, refer to the
<link xlink:href="https://docs.docker.com/engine/reference/run/#logging-drivers---log-driver">
Docker engine documentation</link>
'';
};
ports = mkOption {
type = with types; listOf str;
default = [];
description = ''
Network ports to publish from the container to the outer host.
</para>
<para>
Valid formats:
</para>
<itemizedlist>
<listitem>
<para>
<literal>&lt;ip&gt;:&lt;hostPort&gt;:&lt;containerPort&gt;</literal>
</para>
</listitem>
<listitem>
<para>
<literal>&lt;ip&gt;::&lt;containerPort&gt;</literal>
</para>
</listitem>
<listitem>
<para>
<literal>&lt;hostPort&gt;:&lt;containerPort&gt;</literal>
</para>
</listitem>
<listitem>
<para>
<literal>&lt;containerPort&gt;</literal>
</para>
</listitem>
</itemizedlist>
<para>
Both <literal>hostPort</literal> and
<literal>containerPort</literal> can be specified as a range of
ports. When specifying ranges for both, the number of container
ports in the range must match the number of host ports in the
range. Example: <literal>1234-1236:1234-1236/tcp</literal>
</para>
<para>
When specifying a range for <literal>hostPort</literal> only, the
<literal>containerPort</literal> must <emphasis>not</emphasis> be a
range. In this case, the container port is published somewhere
within the specified <literal>hostPort</literal> range. Example:
<literal>1234-1236:1234/tcp</literal>
</para>
<para>
Refer to the
<link xlink:href="https://docs.docker.com/engine/reference/run/#expose-incoming-ports">
Docker engine documentation</link> for full details.
'';
example = literalExample ''
[
"8080:9000"
]
'';
};
user = mkOption {
type = with types; nullOr str;
default = null;
description = ''
Override the username or UID (and optionally groupname or GID) used
in the container.
'';
example = "nobody:nogroup";
};
volumes = mkOption {
type = with types; listOf str;
default = [];
description = ''
List of volumes to attach to this container.
Note that this is a list of <literal>"src:dst"</literal> strings to
allow for <literal>src</literal> to refer to
<literal>/nix/store</literal> paths, which would difficult with an
attribute set. There are also a variety of mount options available
as a third field; please refer to the
<link xlink:href="https://docs.docker.com/engine/reference/run/#volume-shared-filesystems">
docker engine documentation</link> for details.
'';
example = literalExample ''
[
"volume_name:/path/inside/container"
"/path/on/host:/path/inside/container"
]
'';
};
workdir = mkOption {
type = with types; nullOr str;
default = null;
description = "Override the default working directory for the container.";
example = "/var/lib/hello_world";
};
extraDockerOptions = mkOption {
type = with types; listOf str;
default = [];
description = "Extra options for <command>docker run</command>.";
example = literalExample ''
["--network=host"]
'';
};
};
};
mkService = name: container: {
wantedBy = [ "multi-user.target" ];
after = [ "docker.service" "docker.socket" ];
requires = [ "docker.service" "docker.socket" ];
serviceConfig = {
ExecStart = concatStringsSep " \\\n " ([
"${pkgs.docker}/bin/docker run"
"--rm"
"--name=%n"
"--log-driver=${container.log-driver}"
] ++ optional (! isNull container.entrypoint)
"--entrypoint=${escapeShellArg container.entrypoint}"
++ (mapAttrsToList (k: v: "-e ${escapeShellArg k}=${escapeShellArg v}") container.environment)
++ map (p: "-p ${escapeShellArg p}") container.ports
++ optional (! isNull container.user) "-u ${escapeShellArg container.user}"
++ map (v: "-v ${escapeShellArg v}") container.volumes
++ optional (! isNull container.workdir) "-w ${escapeShellArg container.workdir}"
++ map escapeShellArg container.extraDockerOptions
++ [container.image]
++ map escapeShellArg container.cmd
);
ExecStartPre = "-${pkgs.docker}/bin/docker rm -f %n";
ExecStop = "${pkgs.docker}/bin/docker stop %n";
ExecStopPost = "-${pkgs.docker}/bin/docker rm -f %n";
### There is no generalized way of supporting `reload` for docker
### containers. Some containers may respond well to SIGHUP sent to their
### init process, but it is not guaranteed; some apps have other reload
### mechanisms, some don't have a reload signal at all, and some docker
### images just have broken signal handling. The best compromise in this
### case is probably to leave ExecReload undefined, so `systemctl reload`
### will at least result in an error instead of potentially undefined
### behaviour.
###
### Advanced users can still override this part of the unit to implement
### a custom reload handler, since the result of all this is a normal
### systemd service from the perspective of the NixOS module system.
###
# ExecReload = ...;
###
TimeoutStartSec = 0;
TimeoutStopSec = 120;
Restart = "always";
};
};
in {
options.docker-containers = mkOption {
default = {};
type = types.attrsOf (types.submodule dockerContainer);
description = "Docker containers to run as systemd services.";
};
config = mkIf (cfg != {}) {
systemd.services = mapAttrs' (n: v: nameValuePair "docker-${n}" (mkService n v)) cfg;
virtualisation.docker.enable = true;
};
}

1
nixos/modules/virtualisation/virtualbox-image.nix
View File

@ -94,6 +94,7 @@ in {
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
autoResize = true; autoResize = true;
fsType = "ext4";
}; };
boot.growPartition = true; boot.growPartition = true;

1
nixos/release-combined.nix
View File

@ -64,6 +64,7 @@ in rec {
#(all nixos.tests.containers) #(all nixos.tests.containers)
(all nixos.tests.containers-imperative) (all nixos.tests.containers-imperative)
(all nixos.tests.containers-ipv4) (all nixos.tests.containers-ipv4)
(all nixos.tests.containers-ipv6)
nixos.tests.chromium.x86_64-linux or [] nixos.tests.chromium.x86_64-linux or []
(all nixos.tests.firefox) (all nixos.tests.firefox)
(all nixos.tests.firewall) (all nixos.tests.firewall)

1
nixos/release-small.nix
View File

@ -33,6 +33,7 @@ in rec {
inherit (nixos'.tests) inherit (nixos'.tests)
containers-imperative containers-imperative
containers-ipv4 containers-ipv4
containers-ipv6
firewall firewall
ipv6 ipv6
login login

7
nixos/tests/all-tests.nix
View File

@ -59,6 +59,7 @@ in
dhparams = handleTest ./dhparams.nix {}; dhparams = handleTest ./dhparams.nix {};
dnscrypt-proxy = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy.nix {}; dnscrypt-proxy = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy.nix {};
docker = handleTestOn ["x86_64-linux"] ./docker.nix {}; docker = handleTestOn ["x86_64-linux"] ./docker.nix {};
docker-containers = handleTestOn ["x86_64-linux"] ./docker-containers.nix {};
docker-edge = handleTestOn ["x86_64-linux"] ./docker-edge.nix {}; docker-edge = handleTestOn ["x86_64-linux"] ./docker-edge.nix {};
docker-preloader = handleTestOn ["x86_64-linux"] ./docker-preloader.nix {}; docker-preloader = handleTestOn ["x86_64-linux"] ./docker-preloader.nix {};
docker-registry = handleTest ./docker-registry.nix {}; docker-registry = handleTest ./docker-registry.nix {};
@ -113,10 +114,11 @@ in
ipv6 = handleTest ./ipv6.nix {}; ipv6 = handleTest ./ipv6.nix {};
jackett = handleTest ./jackett.nix {}; jackett = handleTest ./jackett.nix {};
jenkins = handleTest ./jenkins.nix {}; jenkins = handleTest ./jenkins.nix {};
#kafka = handleTest ./kafka.nix {}; # broken since openjdk: 8u181 -> 8u192 kafka = handleTest ./kafka.nix {};
kerberos = handleTest ./kerberos/default.nix {}; kerberos = handleTest ./kerberos/default.nix {};
kernel-latest = handleTest ./kernel-latest.nix {}; kernel-latest = handleTest ./kernel-latest.nix {};
kernel-lts = handleTest ./kernel-lts.nix {}; kernel-lts = handleTest ./kernel-lts.nix {};
kernel-testing = handleTest ./kernel-testing.nix {};
keymap = handleTest ./keymap.nix {}; keymap = handleTest ./keymap.nix {};
knot = handleTest ./knot.nix {}; knot = handleTest ./knot.nix {};
kubernetes.dns = handleTestOn ["x86_64-linux"] ./kubernetes/dns.nix {}; kubernetes.dns = handleTestOn ["x86_64-linux"] ./kubernetes/dns.nix {};
@ -130,6 +132,7 @@ in
#lightdm = handleTest ./lightdm.nix {}; #lightdm = handleTest ./lightdm.nix {};
login = handleTest ./login.nix {}; login = handleTest ./login.nix {};
#logstash = handleTest ./logstash.nix {}; #logstash = handleTest ./logstash.nix {};
mailcatcher = handleTest ./mailcatcher.nix {};
mathics = handleTest ./mathics.nix {}; mathics = handleTest ./mathics.nix {};
matrix-synapse = handleTest ./matrix-synapse.nix {}; matrix-synapse = handleTest ./matrix-synapse.nix {};
memcached = handleTest ./memcached.nix {}; memcached = handleTest ./memcached.nix {};
@ -219,6 +222,7 @@ in
switchTest = handleTest ./switch-test.nix {}; switchTest = handleTest ./switch-test.nix {};
syncthing-relay = handleTest ./syncthing-relay.nix {}; syncthing-relay = handleTest ./syncthing-relay.nix {};
systemd = handleTest ./systemd.nix {}; systemd = handleTest ./systemd.nix {};
systemd-confinement = handleTest ./systemd-confinement.nix {};
taskserver = handleTest ./taskserver.nix {}; taskserver = handleTest ./taskserver.nix {};
telegraf = handleTest ./telegraf.nix {}; telegraf = handleTest ./telegraf.nix {};
tomcat = handleTest ./tomcat.nix {}; tomcat = handleTest ./tomcat.nix {};
@ -228,6 +232,7 @@ in
upnp = handleTest ./upnp.nix {}; upnp = handleTest ./upnp.nix {};
vault = handleTest ./vault.nix {}; vault = handleTest ./vault.nix {};
virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};
wireguard = handleTest ./wireguard {};
wordpress = handleTest ./wordpress.nix {}; wordpress = handleTest ./wordpress.nix {};
xautolock = handleTest ./xautolock.nix {}; xautolock = handleTest ./xautolock.nix {};
xdg-desktop-portal = handleTest ./xdg-desktop-portal.nix {}; xdg-desktop-portal = handleTest ./xdg-desktop-portal.nix {};

203
nixos/tests/buildbot.nix
View File

@ -5,116 +5,109 @@
with import ../lib/testing.nix { inherit system pkgs; }; with import ../lib/testing.nix { inherit system pkgs; };
let # Test ensures buildbot master comes up correctly and workers can connect
# Test ensures buildbot master comes up correctly and workers can connect makeTest {
mkBuildbotTest = python: makeTest { name = "buildbot";
name = "buildbot";
nodes = { nodes = {
bbmaster = { pkgs, ... }: { bbmaster = { pkgs, ... }: {
services.buildbot-master = { services.buildbot-master = {
enable = true; enable = true;
package = python.pkgs.buildbot-full;
# NOTE: use fake repo due to no internet in hydra ci # NOTE: use fake repo due to no internet in hydra ci
factorySteps = [ factorySteps = [
"steps.Git(repourl='git://gitrepo/fakerepo.git', mode='incremental')" "steps.Git(repourl='git://gitrepo/fakerepo.git', mode='incremental')"
"steps.ShellCommand(command=['bash', 'fakerepo.sh'])" "steps.ShellCommand(command=['bash', 'fakerepo.sh'])"
]; ];
changeSource = [ changeSource = [
"changes.GitPoller('git://gitrepo/fakerepo.git', workdir='gitpoller-workdir', branch='master', pollinterval=300)" "changes.GitPoller('git://gitrepo/fakerepo.git', workdir='gitpoller-workdir', branch='master', pollinterval=300)"
]; ];
};
networking.firewall.allowedTCPPorts = [ 8010 8011 9989 ];
environment.systemPackages = with pkgs; [ git python.pkgs.buildbot-full ];
};
bbworker = { pkgs, ... }: {
services.buildbot-worker = {
enable = true;
masterUrl = "bbmaster:9989";
};
environment.systemPackages = with pkgs; [ git python.pkgs.buildbot-worker ];
};
gitrepo = { pkgs, ... }: {
services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [ 22 9418 ];
environment.systemPackages = with pkgs; [ git ];
}; };
networking.firewall.allowedTCPPorts = [ 8010 8011 9989 ];
environment.systemPackages = with pkgs; [ git python3Packages.buildbot-full ];
}; };
testScript = '' bbworker = { pkgs, ... }: {
#Start up and populate fake repo services.buildbot-worker = {
$gitrepo->waitForUnit("multi-user.target"); enable = true;
print($gitrepo->execute(" \ masterUrl = "bbmaster:9989";
git config --global user.name 'Nobody Fakeuser' && \ };
git config --global user.email 'nobody\@fakerepo.com' && \ environment.systemPackages = with pkgs; [ git python3Packages.buildbot-worker ];
rm -rvf /srv/repos/fakerepo.git /tmp/fakerepo && \ };
mkdir -pv /srv/repos/fakerepo ~/.ssh && \
ssh-keyscan -H gitrepo > ~/.ssh/known_hosts && \
cat ~/.ssh/known_hosts && \
cd /srv/repos/fakerepo && \
git init && \
echo -e '#!/bin/sh\necho fakerepo' > fakerepo.sh && \
cat fakerepo.sh && \
touch .git/git-daemon-export-ok && \
git add fakerepo.sh .git/git-daemon-export-ok && \
git commit -m fakerepo && \
git daemon --verbose --export-all --base-path=/srv/repos --reuseaddr & \
"));
# Test gitrepo
$bbmaster->waitForUnit("network-online.target");
#$bbmaster->execute("nc -z gitrepo 9418");
print($bbmaster->execute(" \
rm -rfv /tmp/fakerepo && \
git clone git://gitrepo/fakerepo /tmp/fakerepo && \
pwd && \
ls -la && \
ls -la /tmp/fakerepo \
"));
# Test start master and connect worker
$bbmaster->waitForUnit("buildbot-master.service");
$bbmaster->waitUntilSucceeds("curl -s --head http://bbmaster:8010") =~ /200 OK/;
$bbworker->waitForUnit("network-online.target");
$bbworker->execute("nc -z bbmaster 8010");
$bbworker->execute("nc -z bbmaster 9989");
$bbworker->waitForUnit("buildbot-worker.service");
print($bbworker->execute("ls -la /home/bbworker/worker"));
# Test stop buildbot master and worker
print($bbmaster->execute(" \
systemctl -l --no-pager status buildbot-master && \
systemctl stop buildbot-master \
"));
$bbworker->fail("nc -z bbmaster 8010");
$bbworker->fail("nc -z bbmaster 9989");
print($bbworker->execute(" \
systemctl -l --no-pager status buildbot-worker && \
systemctl stop buildbot-worker && \
ls -la /home/bbworker/worker \
"));
# Test buildbot daemon mode
$bbmaster->execute("buildbot create-master /tmp");
$bbmaster->execute("mv -fv /tmp/master.cfg.sample /tmp/master.cfg");
$bbmaster->execute("sed -i 's/8010/8011/' /tmp/master.cfg");
$bbmaster->execute("buildbot start /tmp");
$bbworker->execute("nc -z bbmaster 8011");
$bbworker->waitUntilSucceeds("curl -s --head http://bbmaster:8011") =~ /200 OK/;
$bbmaster->execute("buildbot stop /tmp");
$bbworker->fail("nc -z bbmaster 8011");
'';
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ nand0p ];
gitrepo = { pkgs, ... }: {
services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [ 22 9418 ];
environment.systemPackages = with pkgs; [ git ];
};
}; };
in {
python2 = mkBuildbotTest pkgs.python2; testScript = ''
python3 = mkBuildbotTest pkgs.python3; #Start up and populate fake repo
$gitrepo->waitForUnit("multi-user.target");
print($gitrepo->execute(" \
git config --global user.name 'Nobody Fakeuser' && \
git config --global user.email 'nobody\@fakerepo.com' && \
rm -rvf /srv/repos/fakerepo.git /tmp/fakerepo && \
mkdir -pv /srv/repos/fakerepo ~/.ssh && \
ssh-keyscan -H gitrepo > ~/.ssh/known_hosts && \
cat ~/.ssh/known_hosts && \
cd /srv/repos/fakerepo && \
git init && \
echo -e '#!/bin/sh\necho fakerepo' > fakerepo.sh && \
cat fakerepo.sh && \
touch .git/git-daemon-export-ok && \
git add fakerepo.sh .git/git-daemon-export-ok && \
git commit -m fakerepo && \
git daemon --verbose --export-all --base-path=/srv/repos --reuseaddr & \
"));
# Test gitrepo
$bbmaster->waitForUnit("network-online.target");
#$bbmaster->execute("nc -z gitrepo 9418");
print($bbmaster->execute(" \
rm -rfv /tmp/fakerepo && \
git clone git://gitrepo/fakerepo /tmp/fakerepo && \
pwd && \
ls -la && \
ls -la /tmp/fakerepo \
"));
# Test start master and connect worker
$bbmaster->waitForUnit("buildbot-master.service");
$bbmaster->waitUntilSucceeds("curl -s --head http://bbmaster:8010") =~ /200 OK/;
$bbworker->waitForUnit("network-online.target");
$bbworker->execute("nc -z bbmaster 8010");
$bbworker->execute("nc -z bbmaster 9989");
$bbworker->waitForUnit("buildbot-worker.service");
print($bbworker->execute("ls -la /home/bbworker/worker"));
# Test stop buildbot master and worker
print($bbmaster->execute(" \
systemctl -l --no-pager status buildbot-master && \
systemctl stop buildbot-master \
"));
$bbworker->fail("nc -z bbmaster 8010");
$bbworker->fail("nc -z bbmaster 9989");
print($bbworker->execute(" \
systemctl -l --no-pager status buildbot-worker && \
systemctl stop buildbot-worker && \
ls -la /home/bbworker/worker \
"));
# Test buildbot daemon mode
$bbmaster->execute("buildbot create-master /tmp");
$bbmaster->execute("mv -fv /tmp/master.cfg.sample /tmp/master.cfg");
$bbmaster->execute("sed -i 's/8010/8011/' /tmp/master.cfg");
$bbmaster->execute("buildbot start /tmp");
$bbworker->execute("nc -z bbmaster 8011");
$bbworker->waitUntilSucceeds("curl -s --head http://bbmaster:8011") =~ /200 OK/;
$bbmaster->execute("buildbot stop /tmp");
$bbworker->fail("nc -z bbmaster 8011");
'';
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ nand0p ];
} }

29
nixos/tests/docker-containers.nix Normal file
View File

@ -0,0 +1,29 @@
# Test Docker containers as systemd units
import ./make-test.nix ({ pkgs, lib, ... }: {
name = "docker-containers";
meta = {
maintainers = with lib.maintainers; [ benley ];
};
nodes = {
docker = { pkgs, ... }:
{
virtualisation.docker.enable = true;
virtualisation.dockerPreloader.images = [ pkgs.dockerTools.examples.nginx ];
docker-containers.nginx = {
image = "nginx-container";
ports = ["8181:80"];
};
};
};
testScript = ''
startAll;
$docker->waitForUnit("docker-nginx.service");
$docker->waitForOpenPort(8181);
$docker->waitUntilSucceeds("curl http://localhost:8181|grep Hello");
'';
})

4
nixos/tests/docker-tools.nix
View File

@ -34,8 +34,8 @@ import ./make-test.nix ({ pkgs, ... }: {
# To test the pullImage tool # To test the pullImage tool
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.nixFromDockerHub}'"); $docker->succeed("docker load --input='${pkgs.dockerTools.examples.nixFromDockerHub}'");
$docker->succeed("docker run --rm nixos/nix:2.2.1 nix-store --version"); $docker->succeed("docker run --rm nix:2.2.1 nix-store --version");
$docker->succeed("docker rmi nixos/nix:2.2.1"); $docker->succeed("docker rmi nix:2.2.1");
# To test runAsRoot and entry point # To test runAsRoot and entry point
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.nginx}'"); $docker->succeed("docker load --input='${pkgs.dockerTools.examples.nginx}'");

6
nixos/tests/home-assistant.nix
View File

@ -33,11 +33,13 @@ in {
longitude = "0.0"; longitude = "0.0";
elevation = 0; elevation = 0;
auth_providers = [ auth_providers = [
{ type = "legacy_api_password"; } {
type = "legacy_api_password";
api_password = apiPassword;
}
]; ];
}; };
frontend = { }; frontend = { };
http.api_password = apiPassword;
mqtt = { # Use hbmqtt as broker mqtt = { # Use hbmqtt as broker
password = mqttPassword; password = mqttPassword;
}; };

1
nixos/tests/kafka.nix
View File

@ -72,4 +72,5 @@ in with pkgs; {
kafka_1_1 = makeKafkaTest "kafka_1_1" apacheKafka_1_1; kafka_1_1 = makeKafkaTest "kafka_1_1" apacheKafka_1_1;
kafka_2_0 = makeKafkaTest "kafka_2_0" apacheKafka_2_0; kafka_2_0 = makeKafkaTest "kafka_2_0" apacheKafka_2_0;
kafka_2_1 = makeKafkaTest "kafka_2_1" apacheKafka_2_1; kafka_2_1 = makeKafkaTest "kafka_2_1" apacheKafka_2_1;
kafka_2_2 = makeKafkaTest "kafka_2_2" apacheKafka_2_2;
} }

17
nixos/tests/kernel-testing.nix Normal file
View File

@ -0,0 +1,17 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "kernel-testing";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ nequissimus ];
};
machine = { pkgs, ... }:
{
boot.kernelPackages = pkgs.linuxPackages_testing;
};
testScript =
''
$machine->succeed("uname -s | grep 'Linux'");
$machine->succeed("uname -a | grep '${pkgs.linuxPackages_testing.kernel.modDirVersion}'");
'';
})

9
nixos/tests/ldap.nix
View File

@ -28,20 +28,19 @@ let
users.ldap.daemon = { users.ldap.daemon = {
enable = useDaemon; enable = useDaemon;
rootpwmoddn = "cn=admin,${dbSuffix}"; rootpwmoddn = "cn=admin,${dbSuffix}";
rootpwmodpw = "/etc/nslcd.rootpwmodpw"; rootpwmodpwFile = "/etc/nslcd.rootpwmodpw";
}; };
# NOTE: password stored in clear in Nix's store, but this is a test.
environment.etc."nslcd.rootpwmodpw".source = pkgs.writeText "rootpwmodpw" dbAdminPwd;
users.ldap.loginPam = true; users.ldap.loginPam = true;
users.ldap.nsswitch = true; users.ldap.nsswitch = true;
users.ldap.server = "ldap://server"; users.ldap.server = "ldap://server";
users.ldap.base = "ou=posix,${dbSuffix}"; users.ldap.base = "ou=posix,${dbSuffix}";
users.ldap.bind = { users.ldap.bind = {
distinguishedName = "cn=admin,${dbSuffix}"; distinguishedName = "cn=admin,${dbSuffix}";
password = "/etc/ldap/bind.password"; passwordFile = "/etc/ldap/bind.password";
}; };
# NOTE: password stored in clear in Nix's store, but this is a test. # NOTE: passwords stored in clear in Nix's store, but this is a test.
environment.etc."ldap/bind.password".source = pkgs.writeText "password" dbAdminPwd; environment.etc."ldap/bind.password".source = pkgs.writeText "password" dbAdminPwd;
environment.etc."nslcd.rootpwmodpw".source = pkgs.writeText "rootpwmodpw" dbAdminPwd;
}; };
in in

26
nixos/tests/mailcatcher.nix Normal file
View File

@ -0,0 +1,26 @@
import ./make-test.nix ({ lib, ... }:
{
name = "mailcatcher";
meta.maintainers = [ lib.maintainers.aanderse ];
machine =
{ pkgs, ... }:
{
services.mailcatcher.enable = true;
networking.defaultMailServer.directDelivery = true;
networking.defaultMailServer.hostName = "localhost:1025";
environment.systemPackages = [ pkgs.mailutils ];
};
testScript = ''
startAll;
$machine->waitForUnit('mailcatcher.service');
$machine->waitForOpenPort('1025');
$machine->succeed('echo "this is the body of the email" | mail -s "subject" root@example.org');
$machine->succeed('curl http://localhost:1080/messages/1.source') =~ /this is the body of the email/ or die;
'';
})

29
nixos/tests/minio.nix
View File

@ -1,4 +1,24 @@
import ./make-test.nix ({ pkgs, ...} : { import ./make-test.nix ({ pkgs, ...} :
let
accessKey = "BKIKJAA5BMMU2RHO6IBB";
secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12";
minioPythonScript = pkgs.writeScript "minio-test.py" ''
#! ${pkgs.python3.withPackages(ps: [ ps.minio ])}/bin/python
import io
import os
from minio import Minio
minioClient = Minio('localhost:9000',
access_key='${accessKey}',
secret_key='${secretKey}',
secure=False)
sio = io.BytesIO()
sio.write(b'Test from Python')
sio.seek(0, os.SEEK_END)
sio_len = sio.tell()
sio.seek(0)
minioClient.put_object('test-bucket', 'test.txt', sio, sio_len, content_type='text/plain')
'';
in {
name = "minio"; name = "minio";
meta = with pkgs.stdenv.lib.maintainers; { meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ bachp ]; maintainers = [ bachp ];
@ -8,8 +28,7 @@ import ./make-test.nix ({ pkgs, ...} : {
machine = { pkgs, ... }: { machine = { pkgs, ... }: {
services.minio = { services.minio = {
enable = true; enable = true;
accessKey = "BKIKJAA5BMMU2RHO6IBB"; inherit accessKey secretKey;
secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12";
}; };
environment.systemPackages = [ pkgs.minio-client ]; environment.systemPackages = [ pkgs.minio-client ];
@ -25,9 +44,11 @@ import ./make-test.nix ({ pkgs, ...} : {
$machine->waitForOpenPort(9000); $machine->waitForOpenPort(9000);
# Create a test bucket on the server # Create a test bucket on the server
$machine->succeed("mc config host add minio http://localhost:9000 BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 S3v4"); $machine->succeed("mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} S3v4");
$machine->succeed("mc mb minio/test-bucket"); $machine->succeed("mc mb minio/test-bucket");
$machine->succeed("${minioPythonScript}");
$machine->succeed("mc ls minio") =~ /test-bucket/ or die; $machine->succeed("mc ls minio") =~ /test-bucket/ or die;
$machine->succeed("mc cat minio/test-bucket/test.txt") =~ /Test from Python/ or die;
$machine->shutdown; $machine->shutdown;
''; '';

28
nixos/tests/mysql.nix
View File

@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ...} : {
}; };
nodes = { nodes = {
master = mysql =
{ pkgs, ... }: { pkgs, ... }:
{ {
@ -13,12 +13,34 @@ import ./make-test.nix ({ pkgs, ...} : {
services.mysql.initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ]; services.mysql.initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ];
services.mysql.package = pkgs.mysql; services.mysql.package = pkgs.mysql;
}; };
mariadb =
{ pkgs, ... }:
{
users.users.testuser = { };
services.mysql.enable = true;
services.mysql.ensureDatabases = [ "testdb" ];
services.mysql.ensureUsers = [{
name = "testuser";
ensurePermissions = {
"testdb.*" = "ALL PRIVILEGES";
};
}];
services.mysql.package = pkgs.mariadb;
};
}; };
testScript = '' testScript = ''
startAll; startAll;
$master->waitForUnit("mysql"); $mysql->waitForUnit("mysql");
$master->succeed("echo 'use testdb; select * from tests' | mysql -u root -N | grep 4"); $mysql->succeed("echo 'use testdb; select * from tests' | mysql -u root -N | grep 4");
$mariadb->waitForUnit("mysql");
$mariadb->succeed("echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser");
$mariadb->succeed("echo 'use testdb; insert into tests values (42);' | sudo -u testuser mysql -u testuser");
$mariadb->succeed("echo 'use testdb; select test_id from tests' | sudo -u testuser mysql -u testuser -N | grep 42");
''; '';
}) })

14
nixos/tests/openldap.nix
View File

@ -4,16 +4,12 @@ import ./make-test.nix {
machine = { pkgs, ... }: { machine = { pkgs, ... }: {
services.openldap = { services.openldap = {
enable = true; enable = true;
extraConfig = '' suffix = "dc=example";
include ${pkgs.openldap}/etc/schema/core.schema rootdn = "cn=root,dc=example";
include ${pkgs.openldap}/etc/schema/cosine.schema rootpw = "notapassword";
include ${pkgs.openldap}/etc/schema/inetorgperson.schema database = "bdb";
include ${pkgs.openldap}/etc/schema/nis.schema extraDatabaseConfig = ''
database bdb
suffix dc=example
directory /var/db/openldap directory /var/db/openldap
rootdn cn=root,dc=example
rootpw notapassword
''; '';
declarativeContents = '' declarativeContents = ''
dn: dc=example dn: dc=example

3
nixos/tests/predictable-interface-names.nix
View File

@ -20,8 +20,7 @@ in pkgs.lib.listToAttrs (pkgs.lib.crossLists (predictable: withNetworkd: {
testScript = '' testScript = ''
print $machine->succeed("ip link"); print $machine->succeed("ip link");
$machine->succeed("ip link show ${if predictable then "ens3" else "eth0"}"); $machine->${if predictable then "fail" else "succeed"}("ip link show eth0 ");
$machine->fail("ip link show ${if predictable then "eth0" else "ens3"}");
''; '';
}; };
}) [[true false] [true false]]) }) [[true false] [true false]])

168
nixos/tests/systemd-confinement.nix Normal file
View File

@ -0,0 +1,168 @@
import ./make-test.nix {
name = "systemd-confinement";
machine = { pkgs, lib, ... }: let
testServer = pkgs.writeScript "testserver.sh" ''
#!${pkgs.stdenv.shell}
export PATH=${lib.escapeShellArg "${pkgs.coreutils}/bin"}
${lib.escapeShellArg pkgs.stdenv.shell} 2>&1
echo "exit-status:$?"
'';
testClient = pkgs.writeScriptBin "chroot-exec" ''
#!${pkgs.stdenv.shell} -e
output="$(echo "$@" | nc -NU "/run/test$(< /teststep).sock")"
ret="$(echo "$output" | sed -nre '$s/^exit-status:([0-9]+)$/\1/p')"
echo "$output" | head -n -1
exit "''${ret:-1}"
'';
mkTestStep = num: { description, config ? {}, testScript }: {
systemd.sockets."test${toString num}" = {
description = "Socket for Test Service ${toString num}";
wantedBy = [ "sockets.target" ];
socketConfig.ListenStream = "/run/test${toString num}.sock";
socketConfig.Accept = true;
};
systemd.services."test${toString num}@" = {
description = "Confined Test Service ${toString num}";
confinement = (config.confinement or {}) // { enable = true; };
serviceConfig = (config.serviceConfig or {}) // {
ExecStart = testServer;
StandardInput = "socket";
};
} // removeAttrs config [ "confinement" "serviceConfig" ];
__testSteps = lib.mkOrder num ''
subtest '${lib.escape ["\\" "'"] description}', sub {
$machine->succeed('echo ${toString num} > /teststep');
${testScript}
};
'';
};
in {
imports = lib.imap1 mkTestStep [
{ description = "chroot-only confinement";
config.confinement.mode = "chroot-only";
testScript = ''
$machine->succeed(
'test "$(chroot-exec ls -1 / | paste -sd,)" = bin,nix',
'test "$(chroot-exec id -u)" = 0',
'chroot-exec chown 65534 /bin',
);
'';
}
{ description = "full confinement with APIVFS";
testScript = ''
$machine->fail(
'chroot-exec ls -l /etc',
'chroot-exec ls -l /run',
'chroot-exec chown 65534 /bin',
);
$machine->succeed(
'test "$(chroot-exec id -u)" = 0',
'chroot-exec chown 0 /bin',
);
'';
}
{ description = "check existence of bind-mounted /etc";
config.serviceConfig.BindReadOnlyPaths = [ "/etc" ];
testScript = ''
$machine->succeed('test -n "$(chroot-exec cat /etc/passwd)"');
'';
}
{ description = "check if User/Group really runs as non-root";
config.serviceConfig.User = "chroot-testuser";
config.serviceConfig.Group = "chroot-testgroup";
testScript = ''
$machine->succeed('chroot-exec ls -l /dev');
$machine->succeed('test "$(chroot-exec id -u)" != 0');
$machine->fail('chroot-exec touch /bin/test');
'';
}
(let
symlink = pkgs.runCommand "symlink" {
target = pkgs.writeText "symlink-target" "got me\n";
} "ln -s \"$target\" \"$out\"";
in {
description = "check if symlinks are properly bind-mounted";
config.confinement.packages = lib.singleton symlink;
testScript = ''
$machine->fail('chroot-exec test -e /etc');
$machine->succeed('chroot-exec cat ${symlink} >&2');
$machine->succeed('test "$(chroot-exec cat ${symlink})" = "got me"');
'';
})
{ description = "check if StateDirectory works";
config.serviceConfig.User = "chroot-testuser";
config.serviceConfig.Group = "chroot-testgroup";
config.serviceConfig.StateDirectory = "testme";
testScript = ''
$machine->succeed('chroot-exec touch /tmp/canary');
$machine->succeed('chroot-exec "echo works > /var/lib/testme/foo"');
$machine->succeed('test "$(< /var/lib/testme/foo)" = works');
$machine->succeed('test ! -e /tmp/canary');
'';
}
{ description = "check if /bin/sh works";
testScript = ''
$machine->succeed(
'chroot-exec test -e /bin/sh',
'test "$(chroot-exec \'/bin/sh -c "echo bar"\')" = bar',
);
'';
}
{ description = "check if suppressing /bin/sh works";
config.confinement.binSh = null;
testScript = ''
$machine->succeed(
'chroot-exec test ! -e /bin/sh',
'test "$(chroot-exec \'/bin/sh -c "echo foo"\')" != foo',
);
'';
}
{ description = "check if we can set /bin/sh to something different";
config.confinement.binSh = "${pkgs.hello}/bin/hello";
testScript = ''
$machine->succeed(
'chroot-exec test -e /bin/sh',
'test "$(chroot-exec /bin/sh -g foo)" = foo',
);
'';
}
{ description = "check if only Exec* dependencies are included";
config.environment.FOOBAR = pkgs.writeText "foobar" "eek\n";
testScript = ''
$machine->succeed('test "$(chroot-exec \'cat "$FOOBAR"\')" != eek');
'';
}
{ description = "check if all unit dependencies are included";
config.environment.FOOBAR = pkgs.writeText "foobar" "eek\n";
config.confinement.fullUnit = true;
testScript = ''
$machine->succeed('test "$(chroot-exec \'cat "$FOOBAR"\')" = eek');
'';
}
];
options.__testSteps = lib.mkOption {
type = lib.types.lines;
description = "All of the test steps combined as a single script.";
};
config.environment.systemPackages = lib.singleton testClient;
config.users.groups.chroot-testgroup = {};
config.users.users.chroot-testuser = {
description = "Chroot Test User";
group = "chroot-testgroup";
};
};
testScript = { nodes, ... }: ''
$machine->waitForUnit('multi-user.target');
${nodes.machine.config.__testSteps}
'';
}

97
nixos/tests/wireguard/default.nix Normal file
View File

@ -0,0 +1,97 @@
let
wg-snakeoil-keys = import ./snakeoil-keys.nix;
in
import ../make-test.nix ({ pkgs, ...} : {
name = "wireguard";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
};
nodes = {
peer0 = { lib, ... }: {
boot.kernel.sysctl = {
"net.ipv6.conf.all.forwarding" = "1";
"net.ipv6.conf.default.forwarding" = "1";
"net.ipv4.ip_forward" = "1";
};
networking.useDHCP = false;
networking.interfaces.eth1 = {
ipv4.addresses = lib.singleton {
address = "192.168.0.1";
prefixLength = 24;
};
ipv6.addresses = lib.singleton {
address = "fd00::1";
prefixLength = 64;
};
};
networking.firewall.allowedUDPPorts = [ 23542 ];
networking.wireguard.interfaces.wg0 = {
ips = [ "10.23.42.1/32" "fc00::1/128" ];
listenPort = 23542;
inherit (wg-snakeoil-keys.peer0) privateKey;
peers = lib.singleton {
allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];
inherit (wg-snakeoil-keys.peer1) publicKey;
};
};
};
peer1 = { pkgs, lib, ... }: {
boot.kernel.sysctl = {
"net.ipv6.conf.all.forwarding" = "1";
"net.ipv6.conf.default.forwarding" = "1";
"net.ipv4.ip_forward" = "1";
};
networking.useDHCP = false;
networking.interfaces.eth1 = {
ipv4.addresses = lib.singleton {
address = "192.168.0.2";
prefixLength = 24;
};
ipv6.addresses = lib.singleton {
address = "fd00::2";
prefixLength = 64;
};
};
networking.wireguard.interfaces.wg0 = {
ips = [ "10.23.42.2/32" "fc00::2/128" ];
listenPort = 23542;
allowedIPsAsRoutes = false;
inherit (wg-snakeoil-keys.peer1) privateKey;
peers = lib.singleton {
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "192.168.0.1:23542";
persistentKeepalive = 25;
inherit (wg-snakeoil-keys.peer0) publicKey;
};
postSetup = let inherit (pkgs) iproute; in ''
${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0
${iproute}/bin/ip route replace fc00::1/128 dev wg0
'';
};
};
};
testScript = ''
startAll;
$peer0->waitForUnit("wireguard-wg0.service");
$peer1->waitForUnit("wireguard-wg0.service");
$peer1->succeed("ping -c5 fc00::1");
$peer1->succeed("ping -c5 10.23.42.1")
'';
})

11
nixos/tests/wireguard/snakeoil-keys.nix Normal file
View File

@ -0,0 +1,11 @@
{
peer0 = {
privateKey = "OPuVRS2T0/AtHDp3PXkNuLQYDiqJaBEEnYe42BSnJnQ=";
publicKey = "IujkG119YPr2cVQzJkSLYCdjpHIDjvr/qH1w1tdKswY=";
};
peer1 = {
privateKey = "uO8JVo/sanx2DOM0L9GUEtzKZ82RGkRnYgpaYc7iXmg=";
publicKey = "Ks9yRJIi/0vYgRmn14mIOQRwkcUGBujYINbMpik2SBI=";
};
}

28
pkgs/applications/altcoins/monero-gui/default.nix
View File

@ -2,8 +2,8 @@
, makeWrapper, makeDesktopItem , makeWrapper, makeDesktopItem
, qtbase, qmake, qtmultimedia, qttools , qtbase, qmake, qtmultimedia, qttools
, qtgraphicaleffects, qtdeclarative , qtgraphicaleffects, qtdeclarative
, qtlocation, qtquickcontrols2, qtwebchannel , qtlocation, qtquickcontrols, qtquickcontrols2
, qtwebengine, qtx11extras, qtxmlpatterns , qtwebchannel, qtwebengine, qtx11extras, qtxmlpatterns
, monero, unbound, readline, boost, libunwind , monero, unbound, readline, boost, libunwind
, libsodium, pcsclite, zeromq, cppzmq, pkgconfig , libsodium, pcsclite, zeromq, cppzmq, pkgconfig
, hidapi , hidapi
@ -11,22 +11,35 @@
with stdenv.lib; with stdenv.lib;
let
qmlPath = qmlLib: "${qmlLib}/${qtbase.qtQmlPrefix}";
qml2ImportPath = concatMapStringsSep ":" qmlPath [
qtbase.bin qtmultimedia.bin qtgraphicaleffects
qtdeclarative.bin qtlocation.bin
qtquickcontrols qtquickcontrols2.bin
qtwebchannel.bin qtwebengine.bin qtxmlpatterns
];
in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "monero-gui-${version}"; name = "monero-gui-${version}";
version = "0.13.0.4"; version = "0.14.0.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "monero-project"; owner = "monero-project";
repo = "monero-gui"; repo = "monero-gui";
rev = "v${version}"; rev = "v${version}";
sha256 = "142yj5s15bhm300dislq3x5inw1f37shnrd5vyj78jjcvry3wymw"; sha256 = "1l4kx2vidr7bpds43jdbwyaz0q1dy7sricpz061ff1fkappbxdh8";
}; };
nativeBuildInputs = [ qmake pkgconfig ]; nativeBuildInputs = [ qmake pkgconfig ];
buildInputs = [ buildInputs = [
qtbase qtmultimedia qtgraphicaleffects qtbase qtmultimedia qtgraphicaleffects
qtdeclarative qtlocation qtquickcontrols2 qtdeclarative qtlocation
qtquickcontrols qtquickcontrols2
qtwebchannel qtwebengine qtx11extras qtwebchannel qtwebengine qtx11extras
qtxmlpatterns monero unbound readline qtxmlpatterns monero unbound readline
boost libunwind libsodium pcsclite zeromq boost libunwind libsodium pcsclite zeromq
@ -81,6 +94,11 @@ stdenv.mkDerivation rec {
cp $src/images/appicons/$size.png \ cp $src/images/appicons/$size.png \
$out/share/icons/hicolor/$size/apps/monero.png $out/share/icons/hicolor/$size/apps/monero.png
done; done;
# wrap runtime dependencies
wrapProgram $out/bin/monero-wallet-gui \
--set QML2_IMPORT_PATH "${qml2ImportPath}" \
--set QT_PLUGIN_PATH "${qtbase.bin}/${qtbase.qtPluginPrefix}"
''; '';
meta = { meta = {

10
pkgs/applications/altcoins/monero-gui/move-log-file.patch
View File

@ -13,15 +13,17 @@ index 79223c0..e80b317 100644
parser.addHelpOption(); parser.addHelpOption();
parser.process(app); parser.process(app);
diff --git a/Logger.cpp b/Logger.cpp diff --git a/Logger.cpp b/Logger.cpp
index 660bafc..dae24d4 100644 index 6b1daba..c357762 100644
--- a/Logger.cpp --- a/Logger.cpp
+++ b/Logger.cpp +++ b/Logger.cpp
@@ -15,7 +15,7 @@ static const QString default_name = "monero-wallet-gui.log"; @@ -28,8 +28,8 @@ static const QString defaultLogName = "monero-wallet-gui.log";
#elif defined(Q_OS_MAC) static const QString appFolder = "Library/Logs";
static const QString osPath = QStandardPaths::standardLocations(QStandardPaths::HomeLocation).at(0) + "/Library/Logs";
#else // linux + bsd #else // linux + bsd
//HomeLocation = "~"
- static const QString osPath = QStandardPaths::standardLocations(QStandardPaths::HomeLocation).at(0); - static const QString osPath = QStandardPaths::standardLocations(QStandardPaths::HomeLocation).at(0);
- static const QString appFolder = ".bitmonero";
+ static const QString osPath = QStandardPaths::standardLocations(QStandardPaths::CacheLocation).at(0); + static const QString osPath = QStandardPaths::standardLocations(QStandardPaths::CacheLocation).at(0);
+ static const QString appFolder = "bitmonero";
#endif #endif

4
pkgs/applications/altcoins/monero/default.nix
View File

@ -11,12 +11,12 @@ with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "monero-${version}"; name = "monero-${version}";
version = "0.13.0.4"; version = "0.14.0.2";
src = fetchgit { src = fetchgit {
url = "https://github.com/monero-project/monero.git"; url = "https://github.com/monero-project/monero.git";
rev = "v${version}"; rev = "v${version}";
sha256 = "1ambgakapijhsi1pd70vw8vvnlwa3nid944lqkbfq3wl25lmc70d"; sha256 = "1471iy6c8dfdqcmcwcp0m7fp9xl74dcm5hqlfdfi217abhawfs8k";
}; };
nativeBuildInputs = [ cmake pkgconfig git ]; nativeBuildInputs = [ cmake pkgconfig git ];

3
pkgs/applications/audio/clementine/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, fetchpatch, boost, cmake, chromaprint, gettext, gst_all_1, liblastfm { stdenv, fetchFromGitHub, fetchpatch, boost, cmake, chromaprint, gettext, gst_all_1, liblastfm
, qt4, taglib, fftw, glew, qjson, sqlite, libgpod, libplist, usbmuxd, libmtp , taglib, fftw, glew, qjson, sqlite, libgpod, libplist, usbmuxd, libmtp
, libpulseaudio, gvfs, libcdio, libechonest, libspotify, pcre, projectm, protobuf , libpulseaudio, gvfs, libcdio, libechonest, libspotify, pcre, projectm, protobuf
, qca2, pkgconfig, sparsehash, config, makeWrapper, gst_plugins }: , qca2, pkgconfig, sparsehash, config, makeWrapper, gst_plugins }:
@ -49,7 +49,6 @@ let
protobuf protobuf
qca2 qca2
qjson qjson
qt4
sqlite sqlite
taglib taglib
] ]

16
pkgs/applications/audio/csound/csound-manual/default.nix
View File

@ -1,19 +1,20 @@
{ {
stdenv, fetchurl, docbook_xsl, stdenv, fetchFromGitHub, docbook_xsl,
docbook_xml_dtd_45, python, pygments, docbook_xml_dtd_45, python, pygments,
libxslt libxslt
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "6.12.0"; pname = "csound-manual";
name = "csound-manual-${version}"; version = "unstable-2019-02-22";
src = fetchurl { src = fetchFromGitHub {
url = "https://github.com/csound/manual/archive/${version}.tar.gz"; owner = "csound";
sha256 = "1v1scp468rnfbcajnp020kdj8zigimc2mbcwzxxqi8sf8paccdrp"; repo = "manual";
rev = "3b0bdc83f9245261b4b85a57c3ed636d5d924a4f";
sha256 = "074byjhaxraapyg54dxgg7hi1d4978aa9c1rmyi50p970nsxnacn";
}; };
prePatch = '' prePatch = ''
substituteInPlace manual.xml \ substituteInPlace manual.xml \
--replace "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" \ --replace "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" \
@ -41,4 +42,3 @@ stdenv.mkDerivation rec {
platforms = stdenv.lib.platforms.all; platforms = stdenv.lib.platforms.all;
}; };
} }

4
pkgs/applications/audio/lollypop/default.nix
View File

@ -5,7 +5,7 @@
python3.pkgs.buildPythonApplication rec { python3.pkgs.buildPythonApplication rec {
pname = "lollypop"; pname = "lollypop";
version = "1.0"; version = "1.0.3";
format = "other"; format = "other";
doCheck = false; doCheck = false;
@ -14,7 +14,7 @@ python3.pkgs.buildPythonApplication rec {
url = "https://gitlab.gnome.org/World/lollypop"; url = "https://gitlab.gnome.org/World/lollypop";
rev = "refs/tags/${version}"; rev = "refs/tags/${version}";
fetchSubmodules = true; fetchSubmodules = true;
sha256 = "00hjxpgmhzhyjjdpm92cbbxwnc17xdhhk8svk5ih3n18yk5655fs"; sha256 = "1gjxcwl467h7011j9v4zy1j0fjlz480ibvk4akr6xwjg894jykbx";
}; };
nativeBuildInputs = [ nativeBuildInputs = [

13
pkgs/applications/audio/muse/default.nix
View File

@ -18,7 +18,7 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "muse-sequencer-${version}"; name = "muse-sequencer-${version}";
version = "3.0.2"; version = "3.1pre1";
meta = with stdenv.lib; { meta = with stdenv.lib; {
homepage = http://www.muse-sequencer.org; homepage = http://www.muse-sequencer.org;
@ -38,11 +38,16 @@ stdenv.mkDerivation rec {
fetchFromGitHub { fetchFromGitHub {
owner = "muse-sequencer"; owner = "muse-sequencer";
repo = "muse"; repo = "muse";
rev = "02d9dc6abd757c3c1783fdd46dacd3c4ef2c0a6d"; rev = "2167ae053c16a633d8377acdb1debaac10932838";
sha256 = "0pn0mcg79z3bhjwxbss3ylypdz3gg70q5d1ij3x8yw65ryxbqf51"; sha256 = "0rsdx8lvcbz5bapnjvypw8h8bq587s9z8cf2znqrk6ah38s6fsrf";
}; };
nativeBuildInputs = [
pkgconfig
gitAndTools.gitFull
];
buildInputs = [ buildInputs = [
libjack2 libjack2
qt5.qtsvg qt5.qtsvg
@ -57,8 +62,6 @@ stdenv.mkDerivation rec {
lash lash
dssi dssi
liblo liblo
pkgconfig
gitAndTools.gitFull
]; ];
sourceRoot = "source/muse3"; sourceRoot = "source/muse3";

4
pkgs/applications/audio/musescore/default.nix
View File

@ -6,11 +6,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "musescore-${version}"; name = "musescore-${version}";
version = "3.0.1"; version = "3.0.5";
src = fetchzip { src = fetchzip {
url = "https://download.musescore.com/releases/MuseScore-${version}/MuseScore-${version}.zip"; url = "https://download.musescore.com/releases/MuseScore-${version}/MuseScore-${version}.zip";
sha256 = "1l9djxq5hdfqiya2jwcag7qq4dhmb9qcv68y27dlza19imrnim80"; sha256 = "1pbf6v0l3nixxr8k5igwhj09wnqvw92av6q6yjrbb3kyjh5br2d8";
stripRoot = false; stripRoot = false;
}; };

4
pkgs/applications/audio/padthv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "padthv1-${version}"; name = "padthv1-${version}";
version = "0.9.4"; version = "0.9.5";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/padthv1/${name}.tar.gz"; url = "mirror://sourceforge/padthv1/${name}.tar.gz";
sha256 = "0k4vlg3clsn2i4k12imvcjiwlp9nx1mikwyrnarg9shxzzdzcf4y"; sha256 = "0cd1jfb3ynfrsbz8jwfsbvs5liyddxg4zghrvz931qkkqi117hbh";
}; };
buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools fftw ]; buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools fftw ];

4
pkgs/applications/audio/paprefs/default.nix
View File

@ -1,11 +1,11 @@
{ fetchurl, stdenv, meson, ninja, gettext, pkgconfig, pulseaudioFull, gtkmm3, dbus-glib, wrapGAppsHook }: { fetchurl, stdenv, meson, ninja, gettext, pkgconfig, pulseaudioFull, gtkmm3, dbus-glib, wrapGAppsHook }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "paprefs-1.0"; name = "paprefs-1.1";
src = fetchurl { src = fetchurl {
url = "https://freedesktop.org/software/pulseaudio/paprefs/${name}.tar.xz"; url = "https://freedesktop.org/software/pulseaudio/paprefs/${name}.tar.xz";
sha256 = "0y77i9gaaassvvjrpwb4xbgqcmr51zmj5rh4z8zm687i5izf84md"; sha256 = "189z5p20hk0xv9vwvym293503j4pwl03xqk9hl7cl6dwgv0l7wkf";
}; };
nativeBuildInputs = [ meson ninja gettext pkgconfig wrapGAppsHook ]; nativeBuildInputs = [ meson ninja gettext pkgconfig wrapGAppsHook ];

4
pkgs/applications/audio/parlatype/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, pkgconfig, meson, gnome3, at-spi2-core, dbus, gst_all_1, sphinxbase, pocketsphinx, ninja, gettext, appstream-glib, python3, glib, gobject-introspection, gsettings-desktop-schemas, itstool, wrapGAppsHook, makeWrapper, hicolor-icon-theme }: { stdenv, fetchFromGitHub, pkgconfig, meson, gtk3, at-spi2-core, dbus, gst_all_1, sphinxbase, pocketsphinx, ninja, gettext, appstream-glib, python3, glib, gobject-introspection, gsettings-desktop-schemas, itstool, wrapGAppsHook, makeWrapper, hicolor-icon-theme }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "parlatype"; pname = "parlatype";
@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
]; ];
buildInputs = [ buildInputs = [
gnome3.gtk gtk3
at-spi2-core at-spi2-core
dbus dbus
gst_all_1.gstreamer gst_all_1.gstreamer

50
pkgs/applications/audio/paulstretch/default.nix Normal file
View File

@ -0,0 +1,50 @@
{ stdenv, fetchFromGitHub, audiofile, libvorbis, fltk, fftw, fftwFloat,
minixml, pkgconfig, libmad, libjack2, portaudio, libsamplerate }:
stdenv.mkDerivation {
pname = "paulstretch";
version = "2.2-2";
src = fetchFromGitHub {
owner = "paulnasca";
repo = "paulstretch_cpp";
rev = "7f5c3993abe420661ea0b808304b0e2b4b0048c5";
sha256 = "06dy03dbz1yznhsn0xvsnkpc5drzwrgxbxdx0hfpsjn2xcg0jrnc";
};
nativeBuildInputs = [ pkgconfig ];
buildInputs = [
audiofile
libvorbis
fltk
fftw
fftwFloat
minixml
libmad
libjack2
portaudio
libsamplerate
];
buildPhase = ''
bash compile_linux_fftw_jack.sh
'';
installPhase = ''
install -Dm555 ./paulstretch $out/bin/paulstretch
'';
meta = with stdenv.lib; {
description = "Produces high quality extreme sound stretching";
longDescription = ''
This is a program for stretching the audio. It is suitable only for
extreme sound stretching of the audio (like 50x) and for applying
special effects by "spectral smoothing" the sounds.
It can transform any sound/music to a texture.
'';
homepage = http://hypermammut.sourceforge.net/paulstretch/;
platforms = platforms.linux;
license = licenses.gpl2;
};
}

4
pkgs/applications/audio/qmmp/default.nix
View File

@ -29,11 +29,11 @@
# handle that. # handle that.
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "qmmp-1.2.5"; name = "qmmp-1.3.1";
src = fetchurl { src = fetchurl {
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2"; url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
sha256 = "1xs8kg65088yzdhdkymmknkp1s4adzv095f5jhjvy62s8ymyjvnx"; sha256 = "1dmybzibpr6hpr2iv1wvrjgww842mng2x0rh1mr8gs8j191xvlhw";
}; };
buildInputs = buildInputs =

4
pkgs/applications/audio/reaper/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchurl, autoPatchelfHook, makeWrapper { stdenv, fetchurl, autoPatchelfHook, makeWrapper
, alsaLib, xorg , alsaLib, xorg
, gnome3, pango, gdk_pixbuf, cairo, glib, freetype , gnome3, gtk3, pango, gdk_pixbuf, cairo, glib, freetype
, libpulseaudio, xdg_utils , libpulseaudio, xdg_utils
}: }:
@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
]; ];
runtimeDependencies = [ runtimeDependencies = [
gnome3.gtk gtk3
]; ];
dontBuild = true; dontBuild = true;

3
pkgs/applications/audio/rhythmbox/default.nix
View File

@ -4,6 +4,7 @@
, perlPackages , perlPackages
, gtk3 , gtk3
, intltool , intltool
, libpeas
, libsoup , libsoup
, gnome3 , gnome3
, totem-pl-parser , totem-pl-parser
@ -48,7 +49,7 @@ in stdenv.mkDerivation rec {
json-glib json-glib
gtk3 gtk3
gnome3.libpeas libpeas
totem-pl-parser totem-pl-parser
gnome3.adwaita-icon-theme gnome3.adwaita-icon-theme

4
pkgs/applications/audio/samplv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "samplv1-${version}"; name = "samplv1-${version}";
version = "0.9.4"; version = "0.9.5";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/samplv1/${name}.tar.gz"; url = "mirror://sourceforge/samplv1/${name}.tar.gz";
sha256 = "17a61lliplhs14b3x83qz3kv7ww4dn3a02jfdlcx2z903hwn5sld"; sha256 = "0402rdr46za21w34m7ajzbwiiqcd1h0da3b0ldsr2z5g2mrkzxv8";
}; };
buildInputs = [ libjack2 alsaLib liblo libsndfile lv2 qt5.qtbase qt5.qttools]; buildInputs = [ libjack2 alsaLib liblo libsndfile lv2 qt5.qtbase qt5.qttools];

4
pkgs/applications/audio/synthv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "synthv1-${version}"; name = "synthv1-${version}";
version = "0.9.4"; version = "0.9.5";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/synthv1/${name}.tar.gz"; url = "mirror://sourceforge/synthv1/${name}.tar.gz";
sha256 = "18xjj14g8gnnbwyrf39bdxc5aswb620w9i323skdf6rnaq229jyv"; sha256 = "1b9w4cml3cmcg09kh852cahas6l9ks8wl3gzp1az8rzxz4229yg1";
}; };
buildInputs = [ qt5.qtbase qt5.qttools libjack2 alsaLib liblo lv2 ]; buildInputs = [ qt5.qtbase qt5.qttools libjack2 alsaLib liblo lv2 ];

4
pkgs/applications/audio/yoshimi/default.nix
View File

@ -6,11 +6,11 @@ assert stdenv ? glibc;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "yoshimi-${version}"; name = "yoshimi-${version}";
version = "1.5.10.1"; version = "1.5.10.2";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/yoshimi/${name}.tar.bz2"; url = "mirror://sourceforge/yoshimi/${name}.tar.bz2";
sha256 = "02mmy17sa3dlwmjjahn8rfd6h67c5s0q3fvkf6ljrc2mbbpwc375"; sha256 = "1rr99qkq80s8l2iv3x4ccxan07m15dvmd5s9b10386bfjbwbya01";
}; };
buildInputs = [ buildInputs = [

4
pkgs/applications/backup/deja-dup/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchFromGitLab, substituteAll, meson, ninja, pkgconfig, vala_0_40, gettext { stdenv, fetchFromGitLab, substituteAll, meson, ninja, pkgconfig, vala_0_40, gettext
, gnome3, libnotify, itstool, glib, gtk3, libxml2 , gnome3, libnotify, itstool, glib, gtk3, libxml2
, coreutils, libsecret, pcre, libxkbcommon, wrapGAppsHook , coreutils, libpeas, libsecret, pcre, libxkbcommon, wrapGAppsHook
, libpthreadstubs, libXdmcp, epoxy, at-spi2-core, dbus, libgpgerror , libpthreadstubs, libXdmcp, epoxy, at-spi2-core, dbus, libgpgerror
, appstream-glib, desktop-file-utils, duplicity , appstream-glib, desktop-file-utils, duplicity
}: }:
@ -35,7 +35,7 @@ stdenv.mkDerivation rec {
]; ];
buildInputs = [ buildInputs = [
libnotify gnome3.libpeas glib gtk3 libsecret libnotify libpeas glib gtk3 libsecret
pcre libxkbcommon libpthreadstubs libXdmcp epoxy gnome3.nautilus pcre libxkbcommon libpthreadstubs libXdmcp epoxy gnome3.nautilus
at-spi2-core dbus gnome3.gnome-online-accounts libgpgerror at-spi2-core dbus gnome3.gnome-online-accounts libgpgerror
]; ];

3
pkgs/applications/editors/android-studio/common.nix
View File

@ -39,11 +39,12 @@
let let
drvName = "android-studio-${channel}-${version}"; drvName = "android-studio-${channel}-${version}";
archiveFormat = if builtins.elem channel [ "dev" "canary" ] then "tar.gz" else "zip";
androidStudio = stdenv.mkDerivation { androidStudio = stdenv.mkDerivation {
name = drvName; name = drvName;
src = fetchurl { src = fetchurl {
url = "https://dl.google.com/dl/android/studio/ide-zips/${version}/android-studio-ide-${build}-linux.zip"; url = "https://dl.google.com/dl/android/studio/ide-zips/${version}/android-studio-ide-${build}-linux.${archiveFormat}";
sha256 = sha256Hash; sha256 = sha256Hash;
}; };

12
pkgs/applications/editors/android-studio/default.nix
View File

@ -13,14 +13,14 @@ let
sha256Hash = "0smh3d3v8n0isxg7fkls20622gp52f58i2b6wa4a0g8wnvmd6mw2"; sha256Hash = "0smh3d3v8n0isxg7fkls20622gp52f58i2b6wa4a0g8wnvmd6mw2";
}; };
betaVersion = { betaVersion = {
version = "3.4.0.16"; # "Android Studio 3.4 RC 2" version = "3.4.0.17"; # "Android Studio 3.4 RC 3"
build = "183.5370308"; build = "183.5400832";
sha256Hash = "0d7d6n7n1zzhxpdykbwwbrw139mqxkp20d4l0570pk7975p1s2q9"; sha256Hash = "1v4apc73jdhavhzj8j46mzh15rw08w1hd9y9ykarj3b5q7i2vyq1";
}; };
latestVersion = { # canary & dev latestVersion = { # canary & dev
version = "3.5.0.6"; # "Android Studio 3.5 Canary 7" version = "3.5.0.8"; # "Android Studio 3.5 Canary 9"
build = "183.5346365"; build = "191.5409101";
sha256Hash = "0dfkhzsxabrv8cwgyv3gicpglgpccmi1ig5shlhp6a006awgfyj0"; sha256Hash = "06fc5l40nxm0hyn8c34wsckxxyh1i2q5a53zd4nbhwxi8wsrda7i";
}; };
in rec { in rec {
# Old alias (TODO @primeos: Remove after 19.03 is branched off): # Old alias (TODO @primeos: Remove after 19.03 is branched off):

13
pkgs/applications/editors/emacs/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, lib, fetchurl, ncurses, xlibsWrapper, libXaw, libXpm, Xaw3d, libXcursor { stdenv, lib, fetchpatch, fetchurl, ncurses, xlibsWrapper, libXaw, libXpm
, pkgconfig, gettext, libXft, dbus, libpng, libjpeg, libungif , Xaw3d, libXcursor, pkgconfig, gettext, libXft, dbus, libpng, libjpeg, libungif
, libtiff, librsvg, gconf, libxml2, imagemagick, gnutls, libselinux , libtiff, librsvg, gconf, libxml2, imagemagick, gnutls, libselinux
, alsaLib, cairo, acl, gpm, cf-private, AppKit, GSS, ImageIO, m17n_lib, libotf , alsaLib, cairo, acl, gpm, cf-private, AppKit, GSS, ImageIO, m17n_lib, libotf
, systemd ? null , systemd ? null
@ -44,6 +44,13 @@ stdenv.mkDerivation rec {
patches = [ patches = [
./clean-env.patch ./clean-env.patch
./tramp-detect-wrapped-gvfsd.patch ./tramp-detect-wrapped-gvfsd.patch
# should drop this at next package update
(fetchpatch {
name = "support-hunspell-1.7.0-in-ispell.el.patch";
url = "https://git.savannah.gnu.org/cgit/emacs.git/patch/?id=2925ce5a7ec1424cfaea9f2f86bd3cab27832584";
sha256 = "0w7cgw6zgr7phbivb98innps1rlqf5q2lhwkrwdmai8sbca5bd11";
})
]; ];
postPatch = lib.optionalString srcRepo '' postPatch = lib.optionalString srcRepo ''
@ -123,7 +130,7 @@ stdenv.mkDerivation rec {
let libPath = lib.makeLibraryPath [ let libPath = lib.makeLibraryPath [
libXcursor libXcursor
]; ];
in lib.optionalString (withX && toolkit == "lucid") '' in lib.optionalString (stdenv.isLinux && withX && toolkit == "lucid") ''
patchelf --set-rpath \ patchelf --set-rpath \
"$(patchelf --print-rpath "$out/bin/emacs"):${libPath}" \ "$(patchelf --print-rpath "$out/bin/emacs"):${libPath}" \
"$out/bin/emacs" "$out/bin/emacs"

3
pkgs/applications/editors/gnome-builder/default.nix
View File

@ -17,6 +17,7 @@
, json-glib , json-glib
, jsonrpc-glib , jsonrpc-glib
, libdazzle , libdazzle
, libpeas
, libxml2 , libxml2
, meson , meson
, ninja , ninja
@ -64,7 +65,7 @@ in stdenv.mkDerivation {
flatpak flatpak
gnome3.devhelp gnome3.devhelp
libgit2-glib libgit2-glib
gnome3.libpeas libpeas
vte vte
gspell gspell
gtk3 gtk3

46
pkgs/applications/editors/jetbrains/default.nix
View File

@ -250,12 +250,12 @@ in
clion = buildClion rec { clion = buildClion rec {
name = "clion-${version}"; name = "clion-${version}";
version = "2018.3.4"; /* updated by script */ version = "2019.1"; /* updated by script */
description = "C/C++ IDE. New. Intelligent. Cross-platform"; description = "C/C++ IDE. New. Intelligent. Cross-platform";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/cpp/CLion-${version}.tar.gz"; url = "https://download.jetbrains.com/cpp/CLion-${version}.tar.gz";
sha256 = "1zglpw9vc3ybdmwymi0c2m6anhcmx9jcqi69gnn06n9f4x1v6gwn"; /* updated by script */ sha256 = "1rlqnnv6b7lg18si31zd97ixnslwp8j6imkkjq0j5n9sydsr8xzj"; /* updated by script */
}; };
wmClass = "jetbrains-clion"; wmClass = "jetbrains-clion";
update-channel = "CLion RELEASE"; # channel's id as in http://www.jetbrains.com/updates/updates.xml update-channel = "CLion RELEASE"; # channel's id as in http://www.jetbrains.com/updates/updates.xml
@ -263,12 +263,12 @@ in
datagrip = buildDataGrip rec { datagrip = buildDataGrip rec {
name = "datagrip-${version}"; name = "datagrip-${version}";
version = "2018.3.2"; /* updated by script */ version = "2018.3.4"; /* updated by script */
description = "Your Swiss Army Knife for Databases and SQL"; description = "Your Swiss Army Knife for Databases and SQL";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/datagrip/${name}.tar.gz"; url = "https://download.jetbrains.com/datagrip/${name}.tar.gz";
sha256 = "0vj1cgmg33626i38x9wmh5hqr1lf0x3m23gzq30rp4q4cbi38806"; /* updated by script */ sha256 = "10sw41kkf2k60xjpwgc73i182y7px3dmqz2awnrl4gffdb9jgzmy"; /* updated by script */
}; };
wmClass = "jetbrains-datagrip"; wmClass = "jetbrains-datagrip";
update-channel = "DataGrip RELEASE"; update-channel = "DataGrip RELEASE";
@ -276,12 +276,12 @@ in
goland = buildGoland rec { goland = buildGoland rec {
name = "goland-${version}"; name = "goland-${version}";
version = "2018.3.3"; /* updated by script */ version = "2019.1"; /* updated by script */
description = "Up and Coming Go IDE"; description = "Up and Coming Go IDE";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/go/${name}.tar.gz"; url = "https://download.jetbrains.com/go/${name}.tar.gz";
sha256 = "065z8084xkv6w8m7pq98rgls1avzrqm23mrxdq5172rs5p1c5r9f"; /* updated by script */ sha256 = "0aq3x5aixh86h1zvvwrbr2f1nnqdpfvlsadd2ckmf5s5kghvg5r9"; /* updated by script */
}; };
wmClass = "jetbrains-goland"; wmClass = "jetbrains-goland";
update-channel = "GoLand RELEASE"; update-channel = "GoLand RELEASE";
@ -289,12 +289,12 @@ in
idea-community = buildIdea rec { idea-community = buildIdea rec {
name = "idea-community-${version}"; name = "idea-community-${version}";
version = "2018.3.4"; /* updated by script */ version = "2019.1"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition"; description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = stdenv.lib.licenses.asl20; license = stdenv.lib.licenses.asl20;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "0j5yc7n04jlyyghmwllpfvcd2g6k1syjp07xb1ljyx7rm4jcf8q6"; /* updated by script */ sha256 = "0zyw88dd2v4igp080l99cyq6h0bmyri8a50fjp69ripiz9qaawx1"; /* updated by script */
}; };
wmClass = "jetbrains-idea-ce"; wmClass = "jetbrains-idea-ce";
update-channel = "IntelliJ IDEA RELEASE"; update-channel = "IntelliJ IDEA RELEASE";
@ -302,12 +302,12 @@ in
idea-ultimate = buildIdea rec { idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}"; name = "idea-ultimate-${version}";
version = "2018.3.4"; /* updated by script */ version = "2019.1"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license"; description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jdk.tar.gz"; url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jbr.tar.gz";
sha256 = "0s3r3h1zcwkfqhsfb224fgy62fdhnd4gjgk2h6pyhq1frnh3x5bg"; /* updated by script */ sha256 = "0fsdf090cwwrsq3azknc9rpwwsl71cvsx4flivnqwfakb6rh4f1j"; /* updated by script */
}; };
wmClass = "jetbrains-idea"; wmClass = "jetbrains-idea";
update-channel = "IntelliJ IDEA RELEASE"; update-channel = "IntelliJ IDEA RELEASE";
@ -315,12 +315,12 @@ in
phpstorm = buildPhpStorm rec { phpstorm = buildPhpStorm rec {
name = "phpstorm-${version}"; name = "phpstorm-${version}";
version = "2018.3.3"; /* updated by script */ version = "2019.1"; /* updated by script */
description = "Professional IDE for Web and PHP developers"; description = "Professional IDE for Web and PHP developers";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz"; url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz";
sha256 = "0znhw83h46a3haspwcin5xjf3ask8ijxla778p9vdbi9xs0zqx39"; /* updated by script */ sha256 = "1bv2a16wsc9j82w14qfrfjgszwkihk0jwp8bp8z9618q04c8vmgf"; /* updated by script */
}; };
wmClass = "jetbrains-phpstorm"; wmClass = "jetbrains-phpstorm";
update-channel = "PhpStorm RELEASE"; update-channel = "PhpStorm RELEASE";
@ -328,12 +328,12 @@ in
pycharm-community = buildPycharm rec { pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}"; name = "pycharm-community-${version}";
version = "2018.3.4"; /* updated by script */ version = "2019.1"; /* updated by script */
description = "PyCharm Community Edition"; description = "PyCharm Community Edition";
license = stdenv.lib.licenses.asl20; license = stdenv.lib.licenses.asl20;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz"; url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "11kzzwkp206l466ii6vm6iqmhpx0s594vh37x2lwwsgmg6qzz6vq"; /* updated by script */ sha256 = "173qm2g6pjga2jlw8sa59bxw543b56r56ikqwv2wp0jq5z61v26f"; /* updated by script */
}; };
wmClass = "jetbrains-pycharm-ce"; wmClass = "jetbrains-pycharm-ce";
update-channel = "PyCharm RELEASE"; update-channel = "PyCharm RELEASE";
@ -341,12 +341,12 @@ in
pycharm-professional = buildPycharm rec { pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}"; name = "pycharm-professional-${version}";
version = "2018.3.4"; /* updated by script */ version = "2019.1"; /* updated by script */
description = "PyCharm Professional Edition"; description = "PyCharm Professional Edition";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz"; url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "1m8lzghs6g57fwcv6bpmnf21d4w2k10gsmi0i2wv2j8ff4hcy7ij"; /* updated by script */ sha256 = "0gjphdzdxgvflkzaakf3c1wnig86lxhxyx6xk6rg40yj6f2hzi47"; /* updated by script */
}; };
wmClass = "jetbrains-pycharm"; wmClass = "jetbrains-pycharm";
update-channel = "PyCharm RELEASE"; update-channel = "PyCharm RELEASE";
@ -354,12 +354,12 @@ in
rider = buildRider rec { rider = buildRider rec {
name = "rider-${version}"; name = "rider-${version}";
version = "2018.3.2"; /* updated by script */ version = "2018.3.4"; /* updated by script */
description = "A cross-platform .NET IDE based on the IntelliJ platform and ReSharper"; description = "A cross-platform .NET IDE based on the IntelliJ platform and ReSharper";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/rider/JetBrains.Rider-${version}.tar.gz"; url = "https://download.jetbrains.com/rider/JetBrains.Rider-${version}.tar.gz";
sha256 = "1ffzbp2xca2z8g0wlkvmqr0j2f2dnqafpnvzk9zd5asfhhbyrhg5"; /* updated by script */ sha256 = "1klmg8wgj3shp4s0n2nn7n39zsk1mch6g9ifhwn5cgywpbzgam4p"; /* updated by script */
}; };
wmClass = "jetbrains-rider"; wmClass = "jetbrains-rider";
update-channel = "Rider RELEASE"; update-channel = "Rider RELEASE";
@ -367,12 +367,12 @@ in
ruby-mine = buildRubyMine rec { ruby-mine = buildRubyMine rec {
name = "ruby-mine-${version}"; name = "ruby-mine-${version}";
version = "2018.3.3"; /* updated by script */ version = "2018.3.5"; /* updated by script */
description = "The Most Intelligent Ruby and Rails IDE"; description = "The Most Intelligent Ruby and Rails IDE";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz"; url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz";
sha256 = "1zjcdsr91y07dhqmhqy2yq6c0rhsxg2m52fz14hhmphddlwvhzny"; /* updated by script */ sha256 = "1gykag8fsfqxv0d6fipn18hhpdvn4qxva2kkb0v330vp73wm2i2w"; /* updated by script */
}; };
wmClass = "jetbrains-rubymine"; wmClass = "jetbrains-rubymine";
update-channel = "RubyMine RELEASE"; update-channel = "RubyMine RELEASE";
@ -380,12 +380,12 @@ in
webstorm = buildWebStorm rec { webstorm = buildWebStorm rec {
name = "webstorm-${version}"; name = "webstorm-${version}";
version = "2018.3.4"; /* updated by script */ version = "2019.1"; /* updated by script */
description = "Professional IDE for Web and JavaScript development"; description = "Professional IDE for Web and JavaScript development";
license = stdenv.lib.licenses.unfree; license = stdenv.lib.licenses.unfree;
src = fetchurl { src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz"; url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "11l39yy8qdrr89y9x3i9acp0am4xb86z6v7wg1kc9fd5p13jr2xs"; /* updated by script */ sha256 = "0r6a9g8ydnxf805gn2wajnwkcyfn0xksbsrs8wq6j4ghipkhscxj"; /* updated by script */
}; };
wmClass = "jetbrains-webstorm"; wmClass = "jetbrains-webstorm";
update-channel = "WebStorm RELEASE"; update-channel = "WebStorm RELEASE";

10
pkgs/applications/editors/jucipp/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchgit, gnome3, at-spi2-core, { stdenv, fetchgit, gnome3, gtksourceview3, at-spi2-core, gtksourceviewmm,
boost, epoxy, cmake, aspell, llvmPackages, libgit2, pkgconfig, pcre, boost, epoxy, cmake, aspell, llvmPackages, libgit2, pkgconfig, pcre,
libXdmcp, libxkbcommon, libpthreadstubs, wrapGAppsHook, aspellDicts, libXdmcp, libxkbcommon, libpthreadstubs, wrapGAppsHook, aspellDicts, gtkmm3,
coreutils, glibc, dbus, openssl, libxml2, gnumake, ctags }: coreutils, glibc, dbus, openssl, libxml2, gnumake, ctags }:
with stdenv.lib; with stdenv.lib;
@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
dbus dbus
openssl openssl
libxml2 libxml2
gnome3.gtksourceview gtksourceview3
at-spi2-core at-spi2-core
pcre pcre
epoxy epoxy
@ -39,9 +39,9 @@ stdenv.mkDerivation rec {
aspell aspell
libgit2 libgit2
libxkbcommon libxkbcommon
gnome3.gtkmm3 gtkmm3
libpthreadstubs libpthreadstubs
gnome3.gtksourceviewmm gtksourceviewmm
llvmPackages.clang.cc llvmPackages.clang.cc
llvmPackages.lldb llvmPackages.lldb
gnome3.dconf gnome3.dconf

4
pkgs/applications/editors/kdevelop5/kdev-php.nix
View File

@ -2,14 +2,14 @@
let let
pname = "kdev-php"; pname = "kdev-php";
version = "5.3.1"; version = "5.3.2";
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
src = fetchurl { src = fetchurl {
url = "https://github.com/KDE/${pname}/archive/v${version}.tar.gz"; url = "https://github.com/KDE/${pname}/archive/v${version}.tar.gz";
sha256 = "1xiz4v6w30dsa7l4nk3jw3hxpkx71b0yaaj2k8s7xzgjif824bgl"; sha256 = "0yjn7y7al2xs8g0mrjvcym8gbjy4wmiv7lsljcrasjd7ymag1wgs";
}; };
cmakeFlags = [ cmakeFlags = [

4
pkgs/applications/editors/kdevelop5/kdev-python.nix
View File

@ -2,14 +2,14 @@
let let
pname = "kdev-python"; pname = "kdev-python";
version = "5.3.1"; version = "5.3.2";
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "${pname}-${version}"; name = "${pname}-${version}";
src = fetchurl { src = fetchurl {
url = "https://github.com/KDE/${pname}/archive/v${version}.tar.gz"; url = "https://github.com/KDE/${pname}/archive/v${version}.tar.gz";
sha256 = "11hf8n6vrlaz31c0p3xbnf0df2q5j6ykgc9ip0l5g33kadwn5b9j"; sha256 = "0gqv1abzfpxkrf538rb62d2291lmlra8rghm9q9r3x8a46wh96zm";
}; };
cmakeFlags = [ cmakeFlags = [

4
pkgs/applications/editors/kdevelop5/kdevelop.nix
View File

@ -9,7 +9,7 @@
let let
pname = "kdevelop"; pname = "kdevelop";
version = "5.3.1"; version = "5.3.2";
qtVersion = "5.${lib.versions.minor qtbase.version}"; qtVersion = "5.${lib.versions.minor qtbase.version}";
in in
mkDerivation rec { mkDerivation rec {
@ -17,7 +17,7 @@ mkDerivation rec {
src = fetchurl { src = fetchurl {
url = "mirror://kde/stable/${pname}/${version}/src/${name}.tar.xz"; url = "mirror://kde/stable/${pname}/${version}/src/${name}.tar.xz";
sha256 = "1098ra7qpal6578hsv20kvxc63v47sp85wjhqr5rgzr2fm7jf6fr"; sha256 = "0akgdnvrab6mbwnmvgzsplk0qh83k1hnm5xc06yxr1s1a5sxbk08";
}; };
nativeBuildInputs = [ nativeBuildInputs = [

4
pkgs/applications/editors/neovim/neovim-remote.nix
View File

@ -4,14 +4,14 @@ with stdenv.lib;
pythonPackages.buildPythonApplication rec { pythonPackages.buildPythonApplication rec {
pname = "neovim-remote"; pname = "neovim-remote";
version = "2.1.4"; version = "2.1.5";
disabled = !pythonPackages.isPy3k; disabled = !pythonPackages.isPy3k;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "mhinz"; owner = "mhinz";
repo = "neovim-remote"; repo = "neovim-remote";
rev = "v${version}"; rev = "v${version}";
sha256 = "1s438cbyyzgg96b6639wk1ny6d6p2ywcba41l3r027wzyl7wrn8v"; sha256 = "1h05b68ka1ka217f6svq8yxvnscwf9sl5cx46c0b6ygcbz1vr3ba";
}; };
propagatedBuildInputs = with pythonPackages; [ pynvim psutil ]; propagatedBuildInputs = with pythonPackages; [ pynvim psutil ];

63
pkgs/applications/editors/retext/default.nix Normal file
View File

@ -0,0 +1,63 @@
{ lib, stdenv, python3, fetchFromGitHub, makeWrapper, buildEnv, aspellDicts
# Use `lib.collect lib.isDerivation aspellDicts;` to make all dictionaries
# available.
, enchantAspellDicts ? with aspellDicts; [ en en-computers en-science ]
}:
let
version = "7.0.4";
python = let
packageOverrides = self: super: {
markdown = super.markdown.overridePythonAttrs(old: rec {
src = super.fetchPypi {
version = "3.0.1";
pname = "Markdown";
sha256 = "d02e0f9b04c500cde6637c11ad7c72671f359b87b9fe924b2383649d8841db7c";
};
});
chardet = super.chardet.overridePythonAttrs(old: rec {
src = super.fetchPypi {
version = "2.3.0";
pname = "chardet";
sha256 = "e53e38b3a4afe6d1132de62b7400a4ac363452dc5dfcf8d88e8e0cce663c68aa";
};
});
};
in python3.override { inherit packageOverrides; };
pythonEnv = python.withPackages (ps: with ps; [
pyqt5 docutils pyenchant Markups markdown pygments chardet
]);
in python.pkgs.buildPythonApplication {
inherit version;
pname = "retext";
src = fetchFromGitHub {
owner = "retext-project";
repo = "retext";
rev = "${version}";
sha256 = "1zcapywspc9v5zf5cxqkcy019np9n41gmryqixj66zsvd544c6si";
};
doCheck = false;
nativeBuildInputs = [ makeWrapper ];
propagatedBuildInputs = [ pythonEnv ];
postInstall = ''
mv $out/bin/retext $out/bin/.retext
makeWrapper "$out/bin/.retext" "$out/bin/retext" \
--set ASPELL_CONF "dict-dir ${buildEnv {
name = "aspell-all-dicts";
paths = map (path: "${path}/lib/aspell") enchantAspellDicts;
}}"
'';
meta = with stdenv.lib; {
homepage = https://github.com/retext-project/retext/;
description = "Simple but powerful editor for Markdown and reStructuredText";
license = licenses.gpl3;
maintainers = with maintainers; [ klntsky ];
platforms = platforms.unix;
};
}

Some files were not shown because too many files have changed in this diff Show More