public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into sage-8.4

This commit is contained in:
Timo Kaufmann 2018-09-27 12:07:37 +02:00
parent 1217882907 ea817ad88d
commit 2f6b13950e
803 changed files with 56473 additions and 17948 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/cross-compilation.xml
View File

@ -47,13 +47,9 @@
<para> <para>
In Nixpkgs, these three platforms are defined as attribute sets under the In Nixpkgs, these three platforms are defined as attribute sets under the
names <literal>buildPlatform</literal>, <literal>hostPlatform</literal>, names <literal>buildPlatform</literal>, <literal>hostPlatform</literal>, and
and <literal>targetPlatform</literal>. All three are always defined as <literal>targetPlatform</literal>. They are always defined as attributes in
attributes in the standard environment, and at the top level. That means the standard environment. That means one can access them like:
one can get at them just like a dependency in a function that is imported
with <literal>callPackage</literal>:
<programlisting>{ stdenv, buildPlatform, hostPlatform, fooDep, barDep, .. }: ...buildPlatform...</programlisting>
, or just off <varname>stdenv</varname>:
<programlisting>{ stdenv, fooDep, barDep, .. }: ...stdenv.buildPlatform...</programlisting> <programlisting>{ stdenv, fooDep, barDep, .. }: ...stdenv.buildPlatform...</programlisting>
. .
</para> </para>

42
doc/functions.xml
View File

@ -638,6 +638,48 @@ buildImage {
<literal>pkgs.cacert</literal> to <varname>contents</varname>. <literal>pkgs.cacert</literal> to <varname>contents</varname>.
</para> </para>
</note> </note>
<example xml:id="example-pkgs-dockerTools-buildImage-creation-date">
<title>Impurely Defining a Docker Layer's Creation Date</title>
<para>
By default <function>buildImage</function> will use a static
date of one second past the UNIX Epoch. This allows
<function>buildImage</function> to produce binary reproducible
images. When listing images with <command>docker list
images</command>, the newly created images will be listed like
this:
</para>
<screen><![CDATA[
$ docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
hello latest 08c791c7846e 48 years ago 25.2MB
]]></screen>
<para>
You can break binary reproducibility but have a sorted,
meaningful <literal>CREATED</literal> column by setting
<literal>created</literal> to <literal>now</literal>.
</para>
<programlisting><![CDATA[
pkgs.dockerTools.buildImage {
name = "hello";
tag = "latest";
created = "now";
contents = pkgs.hello;
config.Cmd = [ "/bin/hello" ];
}
]]></programlisting>
<para>
and now the Docker CLI will display a reasonable date and
sort the images as expected:
<screen><![CDATA[
$ docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
hello latest de2bf4786de6 About a minute ago 25.2MB
]]></screen>
however, the produced images will not be binary reproducible.
</para>
</example>
</section> </section>
<section xml:id="ssec-pkgs-dockerTools-fetchFromRegistry"> <section xml:id="ssec-pkgs-dockerTools-fetchFromRegistry">

3
doc/languages-frameworks/rust.section.md
View File

@ -64,9 +64,6 @@ When the `Cargo.lock`, provided by upstream, is not in sync with the
added in `cargoPatches` will also be prepended to the patches in `patches` at added in `cargoPatches` will also be prepended to the patches in `patches` at
build-time. build-time.
To install crates with nix there is also an experimental project called
[nixcrates](https://github.com/fractalide/nixcrates).
## Compiling Rust crates using Nix instead of Cargo ## Compiling Rust crates using Nix instead of Cargo
### Simple operation ### Simple operation

32
doc/languages-frameworks/vim.section.md
View File

@ -15,6 +15,7 @@ At the moment we support three different methods for managing plugins:
- Vim packages (*recommend*) - Vim packages (*recommend*)
- VAM (=vim-addon-manager) - VAM (=vim-addon-manager)
- Pathogen - Pathogen
- vim-plug
## Custom configuration ## Custom configuration
@ -59,7 +60,7 @@ vim_configurable.customize {
} }
``` ```
For Neovim the syntax is For Neovim the syntax is:
``` ```
neovim.override { neovim.override {
@ -96,6 +97,35 @@ The resulting package can be added to `packageOverrides` in `~/.nixpkgs/config.n
After that you can install your special grafted `myVim` or `myNeovim` packages. After that you can install your special grafted `myVim` or `myNeovim` packages.
## Managing plugins with vim-plug
To use [vim-plug](https://github.com/junegunn/vim-plug) to manage your Vim
plugins the following example can be used:
```
vim_configurable.customize {
vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; {
# loaded on launch
plug.plugins = [ youcompleteme fugitive phpCompletion elm-vim ];
};
}
```
For Neovim the syntax is:
```
neovim.override {
configure = {
customRC = ''
# here your custom configuration goes!
'';
plug.plugins = with pkgs.vimPlugins; [
vim-go
];
};
}
```
## Managing plugins with VAM ## Managing plugins with VAM
### Handling dependencies of Vim plugins ### Handling dependencies of Vim plugins

66
doc/package-notes.xml
View File

@ -643,15 +643,15 @@ cp ${myEmacsConfig} $out/share/emacs/site-lisp/default.el
required dependencies manually - but it's tedious and there is always a required dependencies manually - but it's tedious and there is always a
possibility that an unwanted dependency will sneak in through some other possibility that an unwanted dependency will sneak in through some other
package. To completely override such a package you can use package. To completely override such a package you can use
<varname>overrideScope</varname>. <varname>overrideScope'</varname>.
</para> </para>
<screen> <screen>
overrides = super: self: rec { overrides = self: super: rec {
haskell-mode = self.melpaPackages.haskell-mode; haskell-mode = self.melpaPackages.haskell-mode;
... ...
}; };
((emacsPackagesNgGen emacs).overrideScope overrides).emacsWithPackages (p: with p; [ ((emacsPackagesNgGen emacs).overrideScope' overrides).emacsWithPackages (p: with p; [
# here both these package will use haskell-mode of our own choice # here both these package will use haskell-mode of our own choice
ghc-mod ghc-mod
dante dante
@ -814,4 +814,64 @@ citrix_receiver.override {
</para> </para>
</section> </section>
</section> </section>
<section xml:id="sec-ibus-typing-booster">
<title>ibus-engines.typing-booster</title>
<para>This package is an ibus-based completion method to speed up typing.</para>
<section xml:id="sec-ibus-typing-booster-activate">
<title>Activating the engine</title>
<para>
IBus needs to be configured accordingly to activate <literal>typing-booster</literal>. The configuration
depends on the desktop manager in use. For detailed instructions, please refer to the
<link xlink:href="https://mike-fabian.github.io/ibus-typing-booster/documentation.html">upstream docs</link>.
</para>
<para>
On NixOS you need to explicitly enable <literal>ibus</literal> with given engines
before customizing your desktop to use <literal>typing-booster</literal>. This can be achieved
using the <literal>ibus</literal> module:
<programlisting>{ pkgs, ... }: {
i18n.inputMethod = {
enabled = "ibus";
ibus.engines = with pkgs.ibus-engines; [ typing-booster ];
};
}</programlisting>
</para>
</section>
<section xml:id="sec-ibus-typing-booster-customize-hunspell">
<title>Using custom hunspell dictionaries</title>
<para>
The IBus engine is based on <literal>hunspell</literal> to support completion in many languages.
By default the dictionaries <literal>de-de</literal>, <literal>en-us</literal>, <literal>es-es</literal>,
<literal>it-it</literal>, <literal>sv-se</literal> and <literal>sv-fi</literal>
are in use. To add another dictionary, the package can be overridden like this:
<programlisting>ibus-engines.typing-booster.override {
langs = [ "de-at" "en-gb" ];
}</programlisting>
</para>
<para>
<emphasis>Note: each language passed to <literal>langs</literal> must be an attribute name in
<literal>pkgs.hunspellDicts</literal>.</emphasis>
</para>
</section>
<section xml:id="sec-ibus-typing-booster-emoji-picker">
<title>Built-in emoji picker</title>
<para>
The <literal>ibus-engines.typing-booster</literal> package contains a program
named <literal>emoji-picker</literal>. To display all emojis correctly,
a special font such as <literal>noto-fonts-emoji</literal> is needed:
</para>
<para>
On NixOS it can be installed using the following expression:
<programlisting>{ pkgs, ... }: {
fonts.fonts = with pkgs; [ noto-fonts-emoji ];
}</programlisting>
</para>
</section>
</section>
</chapter> </chapter>

2
doc/stdenv.xml
View File

@ -2129,7 +2129,7 @@ someVar=$(stripHash $name)
The most typical use of the setup hook is actually to add other hooks which The most typical use of the setup hook is actually to add other hooks which
are then run (i.e. after all the setup hooks) on each dependency. For are then run (i.e. after all the setup hooks) on each dependency. For
example, the C compiler wrapper's setup hook feeds itself flags for each example, the C compiler wrapper's setup hook feeds itself flags for each
dependency that contains relevant libaries and headers. This is done by dependency that contains relevant libraries and headers. This is done by
defining a bash function, and appending its name to one of defining a bash function, and appending its name to one of
<envar>envBuildBuildHooks</envar>`, <envar>envBuildHostHooks</envar>`, <envar>envBuildBuildHooks</envar>`, <envar>envBuildHostHooks</envar>`,
<envar>envBuildTargetHooks</envar>`, <envar>envHostHostHooks</envar>`, <envar>envBuildTargetHooks</envar>`, <envar>envHostHostHooks</envar>`,

11
lib/attrsets.nix
View File

@ -435,12 +435,15 @@ rec {
useful for deep-overriding. useful for deep-overriding.
Example: Example:
x = { a = { b = 4; c = 3; }; } overrideExisting {} { a = 1; }
overrideExisting x { a = { b = 6; d = 2; }; } => {}
=> { a = { b = 6; d = 2; }; } overrideExisting { b = 2; } { a = 1; }
=> { b = 2; }
overrideExisting { a = 3; b = 2; } { a = 1; }
=> { a = 1; b = 2; }
*/ */
overrideExisting = old: new: overrideExisting = old: new:
old // listToAttrs (map (attr: nameValuePair attr (attrByPath [attr] old.${attr} new)) (attrNames old)); mapAttrs (name: value: new.${name} or value) old;
/* Get a package output. /* Get a package output.
If no output is found, fallback to `.out` and then to the default. If no output is found, fallback to `.out` and then to the default.

10
lib/customisation.nix
View File

@ -185,7 +185,7 @@ rec {
/* Make a set of packages with a common scope. All packages called /* Make a set of packages with a common scope. All packages called
with the provided `callPackage' will be evaluated with the same with the provided `callPackage' will be evaluated with the same
arguments. Any package in the set may depend on any other. The arguments. Any package in the set may depend on any other. The
`overrideScope' function allows subsequent modification of the package `overrideScope'` function allows subsequent modification of the package
set in a consistent way, i.e. all packages in the set will be set in a consistent way, i.e. all packages in the set will be
called with the overridden packages. The package sets may be called with the overridden packages. The package sets may be
hierarchical: the packages in the set are called with the scope hierarchical: the packages in the set are called with the scope
@ -195,10 +195,10 @@ rec {
let self = f self // { let self = f self // {
newScope = scope: newScope (self // scope); newScope = scope: newScope (self // scope);
callPackage = self.newScope {}; callPackage = self.newScope {};
# TODO(@Ericson2314): Haromonize argument order of `g` with everything else overrideScope = g: lib.warn
overrideScope = g: "`overrideScope` (from `lib.makeScope`) is deprecated. Do `overrideScope' (self: self: { })` instead of `overrideScope (super: self: { })`. All other overrides have the parameters in that order, including other definitions of `overrideScope`. This was the only definition violating the pattern."
makeScope newScope (makeScope newScope (lib.fixedPoints.extends (lib.flip g) f));
(lib.fixedPoints.extends (lib.flip g) f); overrideScope' = g: makeScope newScope (lib.fixedPoints.extends g f);
packages = f; packages = f;
}; };
in self; in self;

4
lib/systems/examples.nix
View File

@ -48,7 +48,7 @@ rec {
armv7a-android-prebuilt = rec { armv7a-android-prebuilt = rec {
config = "armv7a-unknown-linux-androideabi"; config = "armv7a-unknown-linux-androideabi";
sdkVer = "24"; sdkVer = "24";
ndkVer = "17"; ndkVer = "17c";
platform = platforms.armv7a-android; platform = platforms.armv7a-android;
useAndroidPrebuilt = true; useAndroidPrebuilt = true;
}; };
@ -56,7 +56,7 @@ rec {
aarch64-android-prebuilt = rec { aarch64-android-prebuilt = rec {
config = "aarch64-unknown-linux-android"; config = "aarch64-unknown-linux-android";
sdkVer = "24"; sdkVer = "24";
ndkVer = "17"; ndkVer = "17c";
platform = platforms.aarch64-multiplatform; platform = platforms.aarch64-multiplatform;
useAndroidPrebuilt = true; useAndroidPrebuilt = true;
}; };

7
lib/tests/check-eval.nix Normal file
View File

@ -0,0 +1,7 @@
# Throws an error if any of our lib tests fail.
let tests = [ "misc" "systems" ];
all = builtins.concatLists (map (f: import (./. + "/${f}.nix")) tests);
in if all == []
then null
else throw (builtins.toJSON all)

14
lib/tests/misc.nix
View File

@ -236,6 +236,20 @@ runTests {
}; };
}; };
testOverrideExistingEmpty = {
expr = overrideExisting {} { a = 1; };
expected = {};
};
testOverrideExistingDisjoint = {
expr = overrideExisting { b = 2; } { a = 1; };
expected = { b = 2; };
};
testOverrideExistingOverride = {
expr = overrideExisting { a = 3; b = 2; } { a = 1; };
expected = { a = 1; b = 2; };
};
# GENERATORS # GENERATORS
# these tests assume attributes are converted to lists # these tests assume attributes are converted to lists

37
maintainers/maintainer-list.nix
View File

@ -18,6 +18,11 @@
for an example on how to work with this data. for an example on how to work with this data.
*/ */
{ {
"1000101" = {
email = "jan.hrnko@satoshilabs.com";
github = "1000101";
name = "Jan Hrnko";
};
a1russell = { a1russell = {
email = "adamlr6+pub@gmail.com"; email = "adamlr6+pub@gmail.com";
github = "a1russell"; github = "a1russell";
@ -216,6 +221,11 @@
github = "amiloradovsky"; github = "amiloradovsky";
name = "Andrew Miloradovsky"; name = "Andrew Miloradovsky";
}; };
aminb = {
email = "amin@aminb.org";
github = "aminb";
name = "Amin Bandali";
};
aminechikhaoui = { aminechikhaoui = {
email = "amine.chikhaoui91@gmail.com"; email = "amine.chikhaoui91@gmail.com";
github = "AmineChikhaoui"; github = "AmineChikhaoui";
@ -227,7 +237,7 @@
name = "Andrew Morsillo"; name = "Andrew Morsillo";
}; };
AndersonTorres = { AndersonTorres = {
email = "torres.anderson.85@gmail.com"; email = "torres.anderson.85@protonmail.com";
github = "AndersonTorres"; github = "AndersonTorres";
name = "Anderson Torres"; name = "Anderson Torres";
}; };
@ -376,6 +386,16 @@
github = "auntie"; github = "auntie";
name = "Jonathan Glines"; name = "Jonathan Glines";
}; };
avaq = {
email = "avaq+nixos@xs4all.nl";
github = "avaq";
name = "Aldwin Vlasblom";
};
avery = {
email = "averyl+nixos@protonmail.com";
github = "AveryLychee";
name = "Avery Lychee";
};
avnik = { avnik = {
email = "avn@avnik.info"; email = "avn@avnik.info";
github = "avnik"; github = "avnik";
@ -678,6 +698,11 @@
github = "Chaddai"; github = "Chaddai";
name = "Chaddaï Fouché"; name = "Chaddaï Fouché";
}; };
chaduffy = {
email = "charles@dyfis.net";
github = "charles-dyfis-net";
name = "Charles Duffy";
};
changlinli = { changlinli = {
email = "mail@changlinli.com"; email = "mail@changlinli.com";
github = "changlinli"; github = "changlinli";
@ -1847,6 +1872,11 @@
github = "jerith666"; github = "jerith666";
name = "Matt McHenry"; name = "Matt McHenry";
}; };
jeschli = {
email = "jeschli@gmail.com";
github = "jeschli";
name = "Markus Hihn";
};
jethro = { jethro = {
email = "jethrokuan95@gmail.com"; email = "jethrokuan95@gmail.com";
github = "jethrokuan"; github = "jethrokuan";
@ -2813,6 +2843,11 @@
github = "muflax"; github = "muflax";
name = "Stefan Dorn"; name = "Stefan Dorn";
}; };
mvnetbiz = {
email = "mvnetbiz@gmail.com";
github = "mvnetbiz";
name = "Matt Votava";
};
myrl = { myrl = {
email = "myrl.0xf@gmail.com"; email = "myrl.0xf@gmail.com";
github = "myrl"; github = "myrl";

7
nixos/doc/manual/default.nix
View File

@ -252,7 +252,7 @@ in rec {
''; # */ ''; # */
# Generate the NixOS manual. # Generate the NixOS manual.
manual = runCommand "nixos-manual" manualHTML = runCommand "nixos-manual-html"
{ inherit sources; { inherit sources;
nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ]; nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
meta.description = "The NixOS manual in HTML format"; meta.description = "The NixOS manual in HTML format";
@ -281,6 +281,11 @@ in rec {
echo "doc manual $dst" >> $out/nix-support/hydra-build-products echo "doc manual $dst" >> $out/nix-support/hydra-build-products
''; # */ ''; # */
# Alias for backward compatibility. TODO(@oxij): remove eventually.
manual = manualHTML;
# Index page of the NixOS manual.
manualHTMLIndex = "${manualHTML}/share/doc/nixos/index.html";
manualEpub = runCommand "nixos-manual-epub" manualEpub = runCommand "nixos-manual-epub"
{ inherit sources; { inherit sources;

2
nixos/doc/manual/development/building-parts.xml
View File

@ -34,7 +34,7 @@ $ nix-build -A system</screen>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term> <term>
<varname>system.build.manual.manual</varname> <varname>system.build.manual.manualHTML</varname>
</term> </term>
<listitem> <listitem>
<para> <para>

10
nixos/doc/manual/development/running-nixos-tests-interactively.xml
View File

@ -19,6 +19,7 @@ starting VDE switch for network 1
&gt; startAll &gt; startAll
&gt; testScript &gt; testScript
&gt; $machine->succeed("touch /tmp/foo") &gt; $machine->succeed("touch /tmp/foo")
&gt; print($machine->succeed("pwd"), "\n") # Show stdout of command
</screen> </screen>
The function <command>testScript</command> executes the entire test script The function <command>testScript</command> executes the entire test script
and drops you back into the test driver command line upon its completion. and drops you back into the test driver command line upon its completion.
@ -33,8 +34,11 @@ $ nix-build nixos/tests/login.nix -A driver
$ ./result/bin/nixos-run-vms $ ./result/bin/nixos-run-vms
</screen> </screen>
The script <command>nixos-run-vms</command> starts the virtual machines The script <command>nixos-run-vms</command> starts the virtual machines
defined by test. The root file system of the VMs is created on the fly and defined by test.
kept across VM restarts in </para>
<filename>./</filename><varname>hostname</varname><filename>.qcow2</filename>.
<para>
The machine state is kept across VM restarts in
<filename>/tmp/vm-state-</filename><varname>machinename</varname>.
</para> </para>
</section> </section>

2
nixos/doc/manual/development/writing-nixos-tests.xml
View File

@ -108,7 +108,7 @@ xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualis
<programlisting> <programlisting>
$machine->start; $machine->start;
$machine->waitForUnit("default.target"); $machine->waitForUnit("default.target");
$machine->succeed("uname") =~ /Linux/; die unless $machine->succeed("uname") =~ /Linux/;
</programlisting> </programlisting>
The first line is actually unnecessary; machines are implicitly started when The first line is actually unnecessary; machines are implicitly started when
you first execute an action on them (such as <literal>waitForUnit</literal> you first execute an action on them (such as <literal>waitForUnit</literal>

46
nixos/doc/manual/release-notes/rl-1809.xml
View File

@ -91,7 +91,7 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
<para> <para>
When enabled the <literal>iproute2</literal> will copy the files expected When enabled the <literal>iproute2</literal> will copy the files expected
by ip route (e.g., <filename>rt_tables</filename>) in by ip route (e.g., <filename>rt_tables</filename>) in
<filename>/run/iproute2</filename>. This allows to write aliases for <filename>/etc/iproute2</filename>. This allows to write aliases for
routing tables for instance. routing tables for instance.
</para> </para>
</listitem> </listitem>
@ -139,50 +139,6 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
seen a complete rewrite. (See above.) seen a complete rewrite. (See above.)
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The minimum version of Nix required to evaluate Nixpkgs is now 2.0.
</para>
<itemizedlist>
<listitem>
<para>
For users of NixOS 18.03, NixOS 18.03 defaulted to Nix 2.0, but
supported using Nix 1.11 by setting <literal>nix.package =
pkgs.nix1;</literal>. If this option is set to a Nix 1.11 package, you
will need to either unset the option or upgrade it to Nix 2.0.
</para>
</listitem>
<listitem>
<para>
For users of NixOS 17.09, you will first need to upgrade Nix by setting
<literal>nix.package = pkgs.nixStable2;</literal> and run
<command>nixos-rebuild switch</command> as the <literal>root</literal>
user.
</para>
</listitem>
<listitem>
<para>
For users of a daemon-less Nix installation on Linux or macOS, you can
upgrade Nix by running <command>curl https://nixos.org/nix/install |
sh</command>, or prior to doing a channel update, running
<command>nix-env -iA nix</command>.
</para>
<para>
If you have already run a channel update and Nix is no longer able to
evaluate Nixpkgs, the error message printed should provide adequate
directions for upgrading Nix.
</para>
</listitem>
<listitem>
<para>
For users of the Nix daemon on macOS, you can upgrade Nix by running
<command>sudo -i sh -c 'nix-channel --update &amp;&amp; nix-env -iA
nixpkgs.nix'; sudo launchctl stop org.nixos.nix-daemon; sudo launchctl
start org.nixos.nix-daemon</command>.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem> <listitem>
<para> <para>
<literal>lib.strict</literal> is removed. Use <literal>lib.strict</literal> is removed. Use

65
nixos/doc/manual/release-notes/rl-1903.xml
View File

@ -42,6 +42,71 @@
</itemizedlist> </itemizedlist>
</section> </section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-19.03-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the following
incompatible changes:
</para>
<itemizedlist>
<listitem>
<para>
The minimum version of Nix required to evaluate Nixpkgs is now 2.0.
</para>
<itemizedlist>
<listitem>
<para>
For users of NixOS 18.03 and 19.03, NixOS defaults to Nix 2.0, but
supports using Nix 1.11 by setting <literal>nix.package =
pkgs.nix1;</literal>. If this option is set to a Nix 1.11 package, you
will need to either unset the option or upgrade it to Nix 2.0.
</para>
</listitem>
<listitem>
<para>
For users of NixOS 17.09, you will first need to upgrade Nix by setting
<literal>nix.package = pkgs.nixStable2;</literal> and run
<command>nixos-rebuild switch</command> as the <literal>root</literal>
user.
</para>
</listitem>
<listitem>
<para>
For users of a daemon-less Nix installation on Linux or macOS, you can
upgrade Nix by running <command>curl https://nixos.org/nix/install |
sh</command>, or prior to doing a channel update, running
<command>nix-env -iA nix</command>.
</para>
<para>
If you have already run a channel update and Nix is no longer able to
evaluate Nixpkgs, the error message printed should provide adequate
directions for upgrading Nix.
</para>
</listitem>
<listitem>
<para>
For users of the Nix daemon on macOS, you can upgrade Nix by running
<command>sudo -i sh -c 'nix-channel --update &amp;&amp; nix-env -iA
nixpkgs.nix'; sudo launchctl stop org.nixos.nix-daemon; sudo launchctl
start org.nixos.nix-daemon</command>.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Package <varname>rabbitmq_server</varname> is renamed to <varname>rabbitmq-server</varname>.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"

2
nixos/lib/build-vms.nix
View File

@ -28,7 +28,7 @@ rec {
modules = configurations ++ modules = configurations ++
[ ../modules/virtualisation/qemu-vm.nix [ ../modules/virtualisation/qemu-vm.nix
../modules/testing/test-instrumentation.nix # !!! should only get added for automated test runs ../modules/testing/test-instrumentation.nix # !!! should only get added for automated test runs
{ key = "no-manual"; services.nixosManual.enable = false; } { key = "no-manual"; documentation.nixos.enable = false; }
{ key = "qemu"; system.build.qemu = qemu; } { key = "qemu"; system.build.qemu = qemu; }
] ++ optional minimal ../modules/testing/minimal-kernel.nix; ] ++ optional minimal ../modules/testing/minimal-kernel.nix;
extraArgs = { inherit nodes; }; extraArgs = { inherit nodes; };

35
nixos/modules/config/iproute2.nix
View File

@ -4,20 +4,29 @@ with lib;
let let
cfg = config.networking.iproute2; cfg = config.networking.iproute2;
confDir = "/run/iproute2";
in in
{ {
options.networking.iproute2.enable = mkEnableOption "copy IP route configuration files"; options.networking.iproute2 = {
enable = mkEnableOption "copy IP route configuration files";
config = mkMerge [ rttablesExtraConfig = mkOption {
({ nixpkgs.config.iproute2.confDir = confDir; }) type = types.lines;
default = "";
(mkIf cfg.enable { description = ''
system.activationScripts.iproute2 = '' Verbatim lines to add to /etc/iproute2/rt_tables
cp -R ${pkgs.iproute}/etc/iproute2 ${confDir}
chmod -R 664 ${confDir}
chmod +x ${confDir}
''; '';
}) };
]; };
config = mkIf cfg.enable {
environment.etc."iproute2/bpf_pinning" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/bpf_pinning"; };
environment.etc."iproute2/ematch_map" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/ematch_map"; };
environment.etc."iproute2/group" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/group"; };
environment.etc."iproute2/nl_protos" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/nl_protos"; };
environment.etc."iproute2/rt_dsfield" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/rt_dsfield"; };
environment.etc."iproute2/rt_protos" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/rt_protos"; };
environment.etc."iproute2/rt_realms" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/rt_realms"; };
environment.etc."iproute2/rt_scopes" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/rt_scopes"; };
environment.etc."iproute2/rt_tables" = { mode = "0644"; text = (fileContents "${pkgs.iproute}/etc/iproute2/rt_tables")
+ (optionalString (cfg.rttablesExtraConfig != "") "\n\n${cfg.rttablesExtraConfig}"); };
};
} }

2
nixos/modules/config/system-path.nix
View File

@ -13,7 +13,7 @@ let
pkgs.attr pkgs.attr
pkgs.bashInteractive # bash with ncurses support pkgs.bashInteractive # bash with ncurses support
pkgs.bzip2 pkgs.bzip2
pkgs.coreutils pkgs.coreutils-full
pkgs.cpio pkgs.cpio
pkgs.curl pkgs.curl
pkgs.diffutils pkgs.diffutils

49
nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix Normal file
View File

@ -0,0 +1,49 @@
# This module contains the basic configuration for building a graphical NixOS
# installation CD.
{ config, lib, pkgs, ... }:
with lib;
{
imports = [ ./installation-cd-base.nix ];
services.xserver = {
enable = true;
# Don't start the X server by default.
autorun = mkForce false;
# Automatically login as root.
displayManager.slim = {
enable = true;
defaultUser = "root";
autoLogin = true;
};
};
# Provide networkmanager for easy wireless configuration.
networking.networkmanager.enable = true;
networking.wireless.enable = mkForce false;
# KDE complains if power management is disabled (to be precise, if
# there is no power management backend such as upower).
powerManagement.enable = true;
environment.systemPackages = [
# Include gparted for partitioning disks.
pkgs.gparted
# Include some editors.
pkgs.vim
pkgs.bvi # binary editor
pkgs.joe
# Firefox for reading the manual.
pkgs.firefox
pkgs.glxinfo
];
}

63
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix
View File

@ -6,47 +6,11 @@
with lib; with lib;
{ {
imports = [ ./installation-cd-base.nix ]; imports = [ ./installation-cd-graphical-base.nix ];
services.xserver = { services.xserver.desktopManager.gnome3.enable = true;
enable = true;
# GDM doesn't start in virtual machines with ISO
displayManager.slim = {
enable = true;
defaultUser = "root";
autoLogin = true;
};
desktopManager.gnome3 = {
enable = true;
extraGSettingsOverrides = ''
[org.gnome.desktop.background]
show-desktop-icons=true
[org.gnome.nautilus.desktop] services.xserver.displayManager.slim.enable = mkForce false;
trash-icon-visible=false
volumes-visible=false
home-icon-visible=false
network-icon-visible=false
'';
extraGSettingsOverridePackages = [ pkgs.gnome3.nautilus ];
};
};
environment.systemPackages =
[ # Include gparted for partitioning disks.
pkgs.gparted
# Include some editors.
pkgs.vim
pkgs.bvi # binary editor
pkgs.joe
pkgs.glxinfo
];
# Don't start the X server by default.
services.xserver.autorun = mkForce false;
# Auto-login as root. # Auto-login as root.
services.xserver.displayManager.gdm.autoLogin = { services.xserver.displayManager.gdm.autoLogin = {
@ -54,25 +18,4 @@ with lib;
user = "root"; user = "root";
}; };
system.activationScripts.installerDesktop = let
# Must be executable
desktopFile = pkgs.writeScript "nixos-manual.desktop" ''
[Desktop Entry]
Version=1.0
Type=Link
Name=NixOS Manual
URL=${config.system.build.manual.manual}/share/doc/nixos/index.html
Icon=system-help
'';
# use cp and chmod +x, we must be sure the apps are in the nix store though
in ''
mkdir -p /root/Desktop
ln -sfT ${desktopFile} /root/Desktop/nixos-manual.desktop
cp ${pkgs.gnome3.gnome-terminal}/share/applications/gnome-terminal.desktop /root/Desktop/gnome-terminal.desktop
chmod a+rx /root/Desktop/gnome-terminal.desktop
cp ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
chmod a+rx /root/Desktop/gparted.desktop
'';
} }

49
nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
View File

@ -1,23 +1,14 @@
# This module defines a NixOS installation CD that contains X11 and # This module defines a NixOS installation CD that contains X11 and
# KDE 5. # Plasma5.
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
{ {
imports = [ ./installation-cd-base.nix ]; imports = [ ./installation-cd-graphical-base.nix ];
services.xserver = { services.xserver = {
enable = true;
# Automatically login as root.
displayManager.slim = {
enable = true;
defaultUser = "root";
autoLogin = true;
};
desktopManager.plasma5 = { desktopManager.plasma5 = {
enable = true; enable = true;
enableQt4Support = false; enableQt4Support = false;
@ -27,45 +18,25 @@ with lib;
synaptics.enable = true; synaptics.enable = true;
}; };
environment.systemPackages = environment.systemPackages = with pkgs; [
[ pkgs.glxinfo # Graphical text editor
kate
# Include gparted for partitioning disks. ];
pkgs.gparted
# Firefox for reading the manual.
pkgs.firefox
# Include some editors.
pkgs.vim
pkgs.bvi # binary editor
pkgs.joe
];
# Provide networkmanager for easy wireless configuration.
networking.networkmanager.enable = true;
networking.wireless.enable = mkForce false;
# KDE complains if power management is disabled (to be precise, if
# there is no power management backend such as upower).
powerManagement.enable = true;
# Don't start the X server by default.
services.xserver.autorun = mkForce false;
system.activationScripts.installerDesktop = let system.activationScripts.installerDesktop = let
desktopFile = pkgs.writeText "nixos-manual.desktop" ''
manualDesktopFile = pkgs.writeScript "nixos-manual.desktop" ''
[Desktop Entry] [Desktop Entry]
Version=1.0 Version=1.0
Type=Application Type=Application
Name=NixOS Manual Name=NixOS Manual
Exec=firefox ${config.system.build.manual.manual}/share/doc/nixos/index.html Exec=firefox ${config.system.build.manual.manualHTMLIndex}
Icon=text-html Icon=text-html
''; '';
in '' in ''
mkdir -p /root/Desktop mkdir -p /root/Desktop
ln -sfT ${desktopFile} /root/Desktop/nixos-manual.desktop ln -sfT ${manualDesktopFile} /root/Desktop/nixos-manual.desktop
ln -sfT ${pkgs.konsole}/share/applications/org.kde.konsole.desktop /root/Desktop/org.kde.konsole.desktop ln -sfT ${pkgs.konsole}/share/applications/org.kde.konsole.desktop /root/Desktop/org.kde.konsole.desktop
ln -sfT ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop ln -sfT ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
''; '';

2
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -233,7 +233,7 @@ let
" "
# Make our own efi program, we can't rely on "grub-install" since it seems to # Make our own efi program, we can't rely on "grub-install" since it seems to
# probe for devices, even with --skip-fs-probe. # probe for devices, even with --skip-fs-probe.
${pkgs.grub2_efi}/bin/grub-mkimage -o $out/EFI/boot/${if targetArch == "x64" then "bootx64" else "bootx32"}.efi -p /EFI/boot -O ${if targetArch == "x64" then "x86_64" else "i386"}-efi \ ${pkgs.grub2_efi}/bin/grub-mkimage -o $out/EFI/boot/${if targetArch == "x64" then "bootx64" else "bootia32"}.efi -p /EFI/boot -O ${if targetArch == "x64" then "x86_64" else "i386"}-efi \
$MODULES $MODULES
cp ${pkgs.grub2_efi}/share/grub/unicode.pf2 $out/EFI/boot/ cp ${pkgs.grub2_efi}/share/grub/unicode.pf2 $out/EFI/boot/

2
nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View File

@ -137,7 +137,7 @@ in
# Setting vesa, we don't get the nvidia driver, which can't work in arm. # Setting vesa, we don't get the nvidia driver, which can't work in arm.
services.xserver.videoDrivers = [ "vesa" ]; services.xserver.videoDrivers = [ "vesa" ];
services.nixosManual.enable = false; documentation.nixos.enable = false;
# Include the firmware for various wireless cards. # Include the firmware for various wireless cards.
networking.enableRalinkFirmware = true; networking.enableRalinkFirmware = true;

8
nixos/modules/installer/tools/nix-fallback-paths.nix
View File

@ -1,6 +1,6 @@
{ {
x86_64-linux = "/nix/store/h180y3n5k1ypxgm1pcvj243qix5j45zz-nix-2.1.1"; x86_64-linux = "/nix/store/mxg4bbblxfns96yrz0nalxyiyjl7gj98-nix-2.1.2";
i686-linux = "/nix/store/v2y4k4v9ml07jmfq739wyflapg3b7b5k-nix-2.1.1"; i686-linux = "/nix/store/bgjgmbwirx63mwwychpikd7yc4k4lbjv-nix-2.1.2";
aarch64-linux = "/nix/store/v485craglq7xm5996ci8qy5dyc17dab0-nix-2.1.1"; aarch64-linux = "/nix/store/yi18azn4nwrcwvaiag04jnxc1qs38fy5-nix-2.1.2";
x86_64-darwin = "/nix/store/lc3ymlix73kaad5srjdgaxp9ngr1sg6g-nix-2.1.1"; x86_64-darwin = "/nix/store/fpivmcck2qpw5plrp599iraw2x9jp18k-nix-2.1.2";
} }

99
nixos/modules/misc/documentation.nix
View File

@ -1,8 +1,72 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, baseModules, ... }:
with lib; with lib;
let cfg = config.documentation; in let
cfg = config.documentation;
/* For the purpose of generating docs, evaluate options with each derivation
in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}".
It isn't perfect, but it seems to cover a vast majority of use cases.
Caveat: even if the package is reached by a different means,
the path above will be shown and not e.g. `${config.services.foo.package}`. */
manual = import ../../doc/manual rec {
inherit pkgs config;
version = config.system.nixos.release;
revision = "release-${version}";
options =
let
scrubbedEval = evalModules {
modules = [ { nixpkgs.localSystem = config.nixpkgs.localSystem; } ] ++ baseModules;
args = (config._module.args) // { modules = [ ]; };
specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; };
};
scrubDerivations = namePrefix: pkgSet: mapAttrs
(name: value:
let wholeName = "${namePrefix}.${name}"; in
if isAttrs value then
scrubDerivations wholeName value
// (optionalAttrs (isDerivation value) { outPath = "\${${wholeName}}"; })
else value
)
pkgSet;
in scrubbedEval.options;
};
helpScript = pkgs.writeScriptBin "nixos-help"
''
#! ${pkgs.runtimeShell} -e
# Finds first executable browser in a colon-separated list.
# (see how xdg-open defines BROWSER)
browser="$(
IFS=: ; for b in $BROWSER; do
[ -n "$(type -P "$b" || true)" ] && echo "$b" && break
done
)"
if [ -z "$browser" ]; then
browser="$(type -P xdg-open || true)"
if [ -z "$browser" ]; then
browser="$(type -P w3m || true)"
if [ -z "$browser" ]; then
echo "$0: unable to start a web browser; please set \$BROWSER"
exit 1
fi
fi
fi
exec "$browser" ${manual.manualHTMLIndex}
'';
desktopItem = pkgs.makeDesktopItem {
name = "nixos-manual";
desktopName = "NixOS Manual";
genericName = "View NixOS documentation in a web browser";
icon = "nix-snowflake";
exec = "${helpScript}/bin/nixos-help";
categories = "System";
};
in
{ {
@ -66,6 +130,22 @@ let cfg = config.documentation; in
''; '';
}; };
nixos.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to install NixOS's own documentation.
<itemizedlist>
<listitem><para>This includes man pages like
<citerefentry><refentrytitle>configuration.nix</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> if <option>man.enable</option> is
set.</para></listitem>
<listitem><para>This includes the HTML manual and the <command>nixos-help</command> command if
<option>doc.enable</option> is set.</para></listitem>
</itemizedlist>
'';
};
}; };
}; };
@ -99,6 +179,21 @@ let cfg = config.documentation; in
environment.extraOutputsToInstall = [ "doc" ] ++ optional cfg.dev.enable "devdoc"; environment.extraOutputsToInstall = [ "doc" ] ++ optional cfg.dev.enable "devdoc";
}) })
(mkIf cfg.nixos.enable {
system.build.manual = manual;
environment.systemPackages = []
++ optional cfg.man.enable manual.manpages
++ optionals cfg.doc.enable ([ manual.manualHTML helpScript ]
++ optionals config.services.xserver.enable [ desktopItem pkgs.nixos-icons ]);
services.mingetty.helpLine = mkIf cfg.doc.enable (
"\nRun `nixos-help` "
+ optionalString config.services.nixosManual.showManual "or press <Alt-F${toString config.services.nixosManual.ttyNumber}> "
+ "for the NixOS manual."
);
})
]); ]);
} }

2
nixos/modules/misc/ids.nix
View File

@ -329,6 +329,7 @@
# kvm = 302; # unused # kvm = 302; # unused
# render = 303; # unused # render = 303; # unused
zeronet = 304; zeronet = 304;
lirc = 305;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -618,6 +619,7 @@
kvm = 302; # default udev rules from systemd requires these kvm = 302; # default udev rules from systemd requires these
render = 303; # default udev rules from systemd requires these render = 303; # default udev rules from systemd requires these
zeronet = 304; zeronet = 304;
lirc = 305;
# When adding a gid, make sure it doesn't match an existing # When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal # uid. Users and groups with the same name should have equal

5
nixos/modules/module-list.nix
View File

@ -272,9 +272,11 @@
./services/hardware/interception-tools.nix ./services/hardware/interception-tools.nix
./services/hardware/irqbalance.nix ./services/hardware/irqbalance.nix
./services/hardware/lcd.nix ./services/hardware/lcd.nix
./services/hardware/lirc.nix
./services/hardware/nvidia-optimus.nix ./services/hardware/nvidia-optimus.nix
./services/hardware/pcscd.nix ./services/hardware/pcscd.nix
./services/hardware/pommed.nix ./services/hardware/pommed.nix
./services/hardware/ratbagd.nix
./services/hardware/sane.nix ./services/hardware/sane.nix
./services/hardware/sane_extra_backends/brscan4.nix ./services/hardware/sane_extra_backends/brscan4.nix
./services/hardware/tcsd.nix ./services/hardware/tcsd.nix
@ -496,6 +498,7 @@
./services/networking/dnsdist.nix ./services/networking/dnsdist.nix
./services/networking/dnsmasq.nix ./services/networking/dnsmasq.nix
./services/networking/ejabberd.nix ./services/networking/ejabberd.nix
./services/networking/epmd.nix
./services/networking/fakeroute.nix ./services/networking/fakeroute.nix
./services/networking/ferm.nix ./services/networking/ferm.nix
./services/networking/firefox/sync-server.nix ./services/networking/firefox/sync-server.nix
@ -556,6 +559,7 @@
./services/networking/nsd.nix ./services/networking/nsd.nix
./services/networking/ntopng.nix ./services/networking/ntopng.nix
./services/networking/ntpd.nix ./services/networking/ntpd.nix
./services/networking/nullidentdmod.nix
./services/networking/nylon.nix ./services/networking/nylon.nix
./services/networking/ocserv.nix ./services/networking/ocserv.nix
./services/networking/oidentd.nix ./services/networking/oidentd.nix
@ -680,6 +684,7 @@
./services/web-apps/atlassian/confluence.nix ./services/web-apps/atlassian/confluence.nix
./services/web-apps/atlassian/crowd.nix ./services/web-apps/atlassian/crowd.nix
./services/web-apps/atlassian/jira.nix ./services/web-apps/atlassian/jira.nix
./services/web-apps/codimd.nix
./services/web-apps/frab.nix ./services/web-apps/frab.nix
./services/web-apps/mattermost.nix ./services/web-apps/mattermost.nix
./services/web-apps/nexus.nix ./services/web-apps/nexus.nix

7
nixos/modules/profiles/graphical.nix
View File

@ -7,9 +7,12 @@
services.xserver = { services.xserver = {
enable = true; enable = true;
displayManager.sddm.enable = true; displayManager.sddm.enable = true;
desktopManager.plasma5.enable = true; desktopManager.plasma5 = {
enable = true;
enableQt4Support = false;
};
libinput.enable = true; # for touchpad support on many laptops libinput.enable = true; # for touchpad support on many laptops
}; };
environment.systemPackages = [ pkgs.glxinfo ]; environment.systemPackages = [ pkgs.glxinfo pkgs.firefox ];
} }

3
nixos/modules/profiles/installation-device.nix
View File

@ -22,9 +22,10 @@ with lib;
config = { config = {
# Enable in installer, even if the minimal profile disables it. # Enable in installer, even if the minimal profile disables it.
services.nixosManual.enable = mkForce true; documentation.enable = mkForce true;
# Show the manual. # Show the manual.
documentation.nixos.enable = mkForce true;
services.nixosManual.showManual = true; services.nixosManual.showManual = true;
# Let the user play Rogue on TTY 8 during the installation. # Let the user play Rogue on TTY 8 during the installation.

1
nixos/modules/profiles/minimal.nix
View File

@ -12,7 +12,6 @@ with lib;
i18n.supportedLocales = [ (config.i18n.defaultLocale + "/UTF-8") ]; i18n.supportedLocales = [ (config.i18n.defaultLocale + "/UTF-8") ];
documentation.enable = mkDefault false; documentation.enable = mkDefault false;
services.nixosManual.enable = mkDefault false;
sound.enable = mkDefault false; sound.enable = mkDefault false;
} }

17
nixos/modules/programs/yabar.nix
View File

@ -44,10 +44,23 @@ in
enable = mkEnableOption "yabar"; enable = mkEnableOption "yabar";
package = mkOption { package = mkOption {
default = pkgs.yabar; default = pkgs.yabar-unstable;
example = literalExample "pkgs.yabar-unstable"; example = literalExample "pkgs.yabar";
type = types.package; type = types.package;
# `yabar-stable` segfaults under certain conditions.
apply = x: if x == pkgs.yabar-unstable then x else flip warn x ''
It's not recommended to use `yabar' with `programs.yabar', the (old) stable release
tends to segfault under certain circumstances:
* https://github.com/geommer/yabar/issues/86
* https://github.com/geommer/yabar/issues/68
* https://github.com/geommer/yabar/issues/143
Most of them don't occur on master anymore, until a new release is published, it's recommended
to use `yabar-unstable'.
'';
description = '' description = ''
The package which contains the `yabar` binary. The package which contains the `yabar` binary.

1
nixos/modules/rename.nix
View File

@ -276,6 +276,7 @@ with lib;
(mkRenamedOptionModule [ "programs" "info" "enable" ] [ "documentation" "info" "enable" ]) (mkRenamedOptionModule [ "programs" "info" "enable" ] [ "documentation" "info" "enable" ])
(mkRenamedOptionModule [ "programs" "man" "enable" ] [ "documentation" "man" "enable" ]) (mkRenamedOptionModule [ "programs" "man" "enable" ] [ "documentation" "man" "enable" ])
(mkRenamedOptionModule [ "services" "nixosManual" "enable" ] [ "documentation" "nixos" "enable" ])
] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter" ] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter" "jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"

90
nixos/modules/services/amqp/rabbitmq.nix
View File

@ -4,14 +4,18 @@ with lib;
let let
cfg = config.services.rabbitmq; cfg = config.services.rabbitmq;
config_file = pkgs.writeText "rabbitmq.config" cfg.config;
config_file_wo_suffix = builtins.substring 0 ((builtins.stringLength config_file) - 7) config_file; inherit (builtins) concatStringsSep;
config_file_content = lib.generators.toKeyValue {} cfg.configItems;
config_file = pkgs.writeText "rabbitmq.conf" config_file_content;
advanced_config_file = pkgs.writeText "advanced.config" cfg.config;
in { in {
###### interface ###### interface
options = { options = {
services.rabbitmq = { services.rabbitmq = {
enable = mkOption { enable = mkOption {
default = false; default = false;
description = '' description = ''
@ -20,6 +24,15 @@ in {
''; '';
}; };
package = mkOption {
default = pkgs.rabbitmq-server;
type = types.package;
defaultText = "pkgs.rabbitmq-server";
description = ''
Which rabbitmq package to use.
'';
};
listenAddress = mkOption { listenAddress = mkOption {
default = "127.0.0.1"; default = "127.0.0.1";
example = ""; example = "";
@ -30,6 +43,10 @@ in {
<literal>guest</literal> with password <literal>guest</literal> with password
<literal>guest</literal> by default, so you should delete <literal>guest</literal> by default, so you should delete
this user if you intend to allow external access. this user if you intend to allow external access.
Together with 'port' setting it's mostly an alias for
configItems."listeners.tcp.1" and it's left for backwards
compatibility with previous version of this module.
''; '';
type = types.str; type = types.str;
}; };
@ -60,11 +77,29 @@ in {
''; '';
}; };
configItems = mkOption {
default = {};
type = types.attrsOf types.str;
example = ''
{
"auth_backends.1.authn" = "rabbit_auth_backend_ldap";
"auth_backends.1.authz" = "rabbit_auth_backend_internal";
}
'';
description = ''
New style config options.
See http://www.rabbitmq.com/configure.html
'';
};
config = mkOption { config = mkOption {
default = ""; default = "";
type = types.str; type = types.str;
description = '' description = ''
Verbatim configuration file contents. Verbatim advanced configuration file contents.
Prefered way is to use configItems.
See http://www.rabbitmq.com/configure.html See http://www.rabbitmq.com/configure.html
''; '';
}; };
@ -74,6 +109,12 @@ in {
type = types.listOf types.str; type = types.listOf types.str;
description = "The names of plugins to enable"; description = "The names of plugins to enable";
}; };
pluginDirs = mkOption {
default = [];
type = types.listOf types.path;
description = "The list of directories containing external plugins";
};
}; };
}; };
@ -81,7 +122,10 @@ in {
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.rabbitmq_server ]; # This is needed so we will have 'rabbitmqctl' in our PATH
environment.systemPackages = [ cfg.package ];
services.epmd.enable = true;
users.users.rabbitmq = { users.users.rabbitmq = {
description = "RabbitMQ server user"; description = "RabbitMQ server user";
@ -93,44 +137,54 @@ in {
users.groups.rabbitmq.gid = config.ids.gids.rabbitmq; users.groups.rabbitmq.gid = config.ids.gids.rabbitmq;
services.rabbitmq.configItems = {
"listeners.tcp.1" = mkDefault "${cfg.listenAddress}:${toString cfg.port}";
};
systemd.services.rabbitmq = { systemd.services.rabbitmq = {
description = "RabbitMQ Server"; description = "RabbitMQ Server";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" "epmd.socket" ];
wants = [ "network.target" "epmd.socket" ];
path = [ pkgs.rabbitmq_server pkgs.procps ]; path = [ cfg.package pkgs.procps ];
environment = { environment = {
RABBITMQ_MNESIA_BASE = "${cfg.dataDir}/mnesia"; RABBITMQ_MNESIA_BASE = "${cfg.dataDir}/mnesia";
RABBITMQ_NODE_IP_ADDRESS = cfg.listenAddress;
RABBITMQ_NODE_PORT = toString cfg.port;
RABBITMQ_LOGS = "-"; RABBITMQ_LOGS = "-";
RABBITMQ_SASL_LOGS = "-";
RABBITMQ_PID_FILE = "${cfg.dataDir}/pid";
SYS_PREFIX = ""; SYS_PREFIX = "";
RABBITMQ_CONFIG_FILE = config_file;
RABBITMQ_PLUGINS_DIR = concatStringsSep ":" cfg.pluginDirs;
RABBITMQ_ENABLED_PLUGINS_FILE = pkgs.writeText "enabled_plugins" '' RABBITMQ_ENABLED_PLUGINS_FILE = pkgs.writeText "enabled_plugins" ''
[ ${concatStringsSep "," cfg.plugins} ]. [ ${concatStringsSep "," cfg.plugins} ].
''; '';
} // optionalAttrs (cfg.config != "") { RABBITMQ_CONFIG_FILE = config_file_wo_suffix; }; } // optionalAttrs (cfg.config != "") { RABBITMQ_ADVANCED_CONFIG_FILE = advanced_config_file; };
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.rabbitmq_server}/sbin/rabbitmq-server"; PermissionsStartOnly = true; # preStart must be run as root
ExecStop = "${pkgs.rabbitmq_server}/sbin/rabbitmqctl stop"; ExecStart = "${cfg.package}/sbin/rabbitmq-server";
ExecStop = "${cfg.package}/sbin/rabbitmqctl shutdown";
User = "rabbitmq"; User = "rabbitmq";
Group = "rabbitmq"; Group = "rabbitmq";
WorkingDirectory = cfg.dataDir; WorkingDirectory = cfg.dataDir;
Type = "notify";
NotifyAccess = "all";
UMask = "0027";
LimitNOFILE = "100000";
Restart = "on-failure";
RestartSec = "10";
TimeoutStartSec = "3600";
}; };
postStart = ''
rabbitmqctl wait ${cfg.dataDir}/pid
'';
preStart = '' preStart = ''
${optionalString (cfg.cookie != "") '' ${optionalString (cfg.cookie != "") ''
echo -n ${cfg.cookie} > ${cfg.dataDir}/.erlang.cookie echo -n ${cfg.cookie} > ${cfg.dataDir}/.erlang.cookie
chown rabbitmq:rabbitmq ${cfg.dataDir}/.erlang.cookie
chmod 600 ${cfg.dataDir}/.erlang.cookie chmod 600 ${cfg.dataDir}/.erlang.cookie
''} ''}
mkdir -p /var/log/rabbitmq
chown rabbitmq:rabbitmq /var/log/rabbitmq
''; '';
}; };

2
nixos/modules/services/databases/postgresql.nix
View File

@ -188,6 +188,8 @@ in
uid = config.ids.uids.postgres; uid = config.ids.uids.postgres;
group = "postgres"; group = "postgres";
description = "PostgreSQL server user"; description = "PostgreSQL server user";
home = "${cfg.dataDir}";
useDefaultShell = true;
}; };
users.groups.postgres.gid = config.ids.gids.postgres; users.groups.postgres.gid = config.ids.gids.postgres;

85
nixos/modules/services/hardware/lirc.nix Normal file
View File

@ -0,0 +1,85 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.lirc;
in {
###### interface
options = {
services.lirc = {
enable = mkEnableOption "LIRC daemon";
options = mkOption {
type = types.lines;
example = ''
[lircd]
nodaemon = False
'';
description = "LIRC default options descriped in man:lircd(8) (<filename>lirc_options.conf</filename>)";
};
configs = mkOption {
type = types.listOf types.lines;
description = "Configurations for lircd to load, see man:lircd.conf(5) for details (<filename>lircd.conf</filename>)";
};
extraArguments = mkOption {
type = types.listOf types.str;
default = [];
description = "Extra arguments to lircd.";
};
};
};
###### implementation
config = mkIf cfg.enable {
# Note: LIRC executables raises a warning, if lirc_options.conf do not exists
environment.etc."lirc/lirc_options.conf".text = cfg.options;
environment.systemPackages = [ pkgs.lirc ];
systemd.sockets.lircd = {
description = "LIRC daemon socket";
wantedBy = [ "sockets.target" ];
socketConfig = {
ListenStream = "/run/lirc/lircd";
SocketUser = "lirc";
SocketMode = "0660";
};
};
systemd.services.lircd = let
configFile = pkgs.writeText "lircd.conf" (builtins.concatStringsSep "\n" cfg.configs);
in {
description = "LIRC daemon service";
after = [ "network.target" ];
unitConfig.Documentation = [ "man:lircd(8)" ];
serviceConfig = {
RuntimeDirectory = "lirc";
ExecStart = ''
${pkgs.lirc}/bin/lircd --nodaemon \
${escapeShellArgs cfg.extraArguments} \
${configFile}
'';
User = "lirc";
};
};
users.users.lirc = {
uid = config.ids.uids.lirc;
group = "lirc";
description = "LIRC user for lircd";
};
users.groups.lirc.gid = config.ids.gids.lirc;
};
}

32
nixos/modules/services/hardware/ratbagd.nix Normal file
View File

@ -0,0 +1,32 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.ratbagd;
in
{
###### interface
options = {
services.ratbagd = {
enable = mkOption {
default = false;
description = ''
Whether to enable ratbagd for configuring gaming mice.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
# Give users access to the "ratbagctl" tool
environment.systemPackages = [ pkgs.libratbag ];
services.dbus.packages = [ pkgs.libratbag ];
systemd.packages = [ pkgs.libratbag ];
};
}

15
nixos/modules/services/hardware/trezord.nix
View File

@ -26,15 +26,14 @@ in {
name = "trezord-udev-rules"; name = "trezord-udev-rules";
destination = "/etc/udev/rules.d/51-trezor.rules"; destination = "/etc/udev/rules.d/51-trezor.rules";
text = '' text = ''
# Trezor 1 # TREZOR v1 (One)
SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0666", GROUP="dialout", SYMLINK+="trezor%n" SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0666", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0666", GROUP="dialout" KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0666", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl"
# Trezor 2 (Model-T) # TREZOR v2 (T)
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0661", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0661", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0666", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl" KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0666", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl"
];
''; '';
}); });

18
nixos/modules/services/mail/exim.nix
View File

@ -2,7 +2,7 @@
let let
inherit (lib) mkIf mkOption singleton types; inherit (lib) mkIf mkOption singleton types;
inherit (pkgs) coreutils exim; inherit (pkgs) coreutils;
cfg = config.services.exim; cfg = config.services.exim;
in in
@ -57,6 +57,16 @@ in
''; '';
}; };
package = mkOption {
type = types.package;
default = pkgs.exim;
defaultText = "pkgs.exim";
description = ''
The Exim derivation to use.
This can be used to enable features such as LDAP or PAM support.
'';
};
}; };
}; };
@ -74,7 +84,7 @@ in
spool_directory = ${cfg.spoolDir} spool_directory = ${cfg.spoolDir}
${cfg.config} ${cfg.config}
''; '';
systemPackages = [ exim ]; systemPackages = [ cfg.package ];
}; };
users.users = singleton { users.users = singleton {
@ -89,14 +99,14 @@ in
gid = config.ids.gids.exim; gid = config.ids.gids.exim;
}; };
security.wrappers.exim.source = "${exim}/bin/exim"; security.wrappers.exim.source = "${cfg.package}/bin/exim";
systemd.services.exim = { systemd.services.exim = {
description = "Exim Mail Daemon"; description = "Exim Mail Daemon";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."exim.conf".source ]; restartTriggers = [ config.environment.etc."exim.conf".source ];
serviceConfig = { serviceConfig = {
ExecStart = "${exim}/bin/exim -bdf -q30m"; ExecStart = "${cfg.package}/bin/exim -bdf -q30m";
ExecReload = "${coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${coreutils}/bin/kill -HUP $MAINPID";
}; };
preStart = '' preStart = ''

5
nixos/modules/services/mail/rmilter.nix
View File

@ -89,7 +89,7 @@ in
bindSocket.path = mkOption { bindSocket.path = mkOption {
type = types.str; type = types.str;
default = "/run/rmilter/rmilter.sock"; default = "/run/rmilter.sock";
description = '' description = ''
Path to Unix domain socket to listen on. Path to Unix domain socket to listen on.
''; '';
@ -193,6 +193,9 @@ in
config = mkMerge [ config = mkMerge [
(mkIf cfg.enable { (mkIf cfg.enable {
warnings = [
''`config.services.rmilter' is deprecated, `rmilter' deprecated and unsupported by upstream, and will be removed from next releases. Use built-in rspamd milter instead.''
];
users.users = singleton { users.users = singleton {
name = cfg.user; name = cfg.user;

19
nixos/modules/services/misc/airsonic.nix
View File

@ -73,6 +73,24 @@ in {
${cfg.home}/transcoders. ${cfg.home}/transcoders.
''; '';
}; };
jvmOptions = mkOption {
description = ''
Extra command line options for the JVM running AirSonic.
Useful for sending jukebox output to non-default alsa
devices.
'';
default = [
];
type = types.listOf types.str;
example = [
"-Djavax.sound.sampled.Clip='#CODEC [plughw:1,0]'"
"-Djavax.sound.sampled.Port='#Port CODEC [hw:1]'"
"-Djavax.sound.sampled.SourceDataLine='#CODEC [plughw:1,0]'"
"-Djavax.sound.sampled.TargetDataLine='#CODEC [plughw:1,0]'"
];
};
}; };
}; };
@ -98,6 +116,7 @@ in {
-Dserver.port=${toString cfg.port} \ -Dserver.port=${toString cfg.port} \
-Dairsonic.contextPath=${cfg.contextPath} \ -Dairsonic.contextPath=${cfg.contextPath} \
-Djava.awt.headless=true \ -Djava.awt.headless=true \
${toString cfg.jvmOptions} \
-verbose:gc \ -verbose:gc \
-jar ${pkgs.airsonic}/webapps/airsonic.war -jar ${pkgs.airsonic}/webapps/airsonic.war
''; '';

17
nixos/modules/services/misc/emby.nix
View File

@ -36,11 +36,18 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = '' preStart = ''
test -d ${cfg.dataDir} || { if [ -d ${cfg.dataDir} ]
echo "Creating initial Emby data directory in ${cfg.dataDir}" then
mkdir -p ${cfg.dataDir} for plugin in ${cfg.dataDir}/plugins/*
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} do
} echo "Correcting permissions of plugin: $plugin"
chmod u+w $plugin
done
else
echo "Creating initial Emby data directory in ${cfg.dataDir}"
mkdir -p ${cfg.dataDir}
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
fi
''; '';
serviceConfig = { serviceConfig = {

15
nixos/modules/services/misc/gitlab.nix
View File

@ -162,7 +162,7 @@ let
makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \ makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \
${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \
--set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \ --set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package ]}:$PATH' \ --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \
--set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \ --set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \
--run 'cd ${cfg.packages.gitlab}/share/gitlab' --run 'cd ${cfg.packages.gitlab}/share/gitlab'
''; '';
@ -203,6 +203,7 @@ in {
default = pkgs.gitlab; default = pkgs.gitlab;
defaultText = "pkgs.gitlab"; defaultText = "pkgs.gitlab";
description = "Reference to the gitlab package"; description = "Reference to the gitlab package";
example = "pkgs.gitlab-ee";
}; };
packages.gitlab-shell = mkOption { packages.gitlab-shell = mkOption {
@ -501,7 +502,7 @@ in {
}; };
systemd.services.gitlab-workhorse = { systemd.services.gitlab-workhorse = {
after = [ "network.target" "gitlab.service" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment.HOME = gitlabEnv.HOME; environment.HOME = gitlabEnv.HOME;
environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH; environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH;
@ -569,9 +570,9 @@ in {
mkdir -p /run/gitlab mkdir -p /run/gitlab
mkdir -p ${cfg.statePath}/log mkdir -p ${cfg.statePath}/log
ln -sf ${cfg.statePath}/log /run/gitlab/log [ -d /run/gitlab/log ] || ln -sf ${cfg.statePath}/log /run/gitlab/log
ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp [ -d /run/gitlab/tmp ] || ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp
ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads [ -d /run/gitlab/uploads ] || ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads
ln -sf $GITLAB_SHELL_CONFIG_PATH /run/gitlab/shell-config.yml ln -sf $GITLAB_SHELL_CONFIG_PATH /run/gitlab/shell-config.yml
chown -R ${cfg.user}:${cfg.group} /run/gitlab chown -R ${cfg.user}:${cfg.group} /run/gitlab
@ -629,6 +630,10 @@ in {
touch "${cfg.statePath}/db-seeded" touch "${cfg.statePath}/db-seeded"
fi fi
# The gitlab:shell:setup regenerates the authorized_keys file so that
# the store path to the gitlab-shell in it gets updated
${pkgs.sudo}/bin/sudo -u ${cfg.user} force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup RAILS_ENV=production
# The gitlab:shell:create_hooks task seems broken for fixing links # The gitlab:shell:create_hooks task seems broken for fixing links
# so we instead delete all the hooks and create them anew # so we instead delete all the hooks and create them anew
rm -f ${cfg.statePath}/repositories/**/*.git/hooks rm -f ${cfg.statePath}/repositories/**/*.git/hooks

131
nixos/modules/services/misc/nixos-manual.nix
View File

@ -1,91 +1,21 @@
# This module includes the NixOS man-pages in the system environment, # This module optionally starts a browser that shows the NixOS manual
# and optionally starts a browser that shows the NixOS manual on one # on one of the virtual consoles which is useful for the installation
# of the virtual consoles. The latter is useful for the installation
# CD. # CD.
{ config, lib, pkgs, baseModules, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.services.nixosManual; cfg = config.services.nixosManual;
cfgd = config.documentation;
/* For the purpose of generating docs, evaluate options with each derivation
in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}".
It isn't perfect, but it seems to cover a vast majority of use cases.
Caveat: even if the package is reached by a different means,
the path above will be shown and not e.g. `${config.services.foo.package}`. */
manual = import ../../../doc/manual rec {
inherit pkgs config;
version = config.system.nixos.release;
revision = "release-${version}";
options =
let
scrubbedEval = evalModules {
modules = [ { nixpkgs.localSystem = config.nixpkgs.localSystem; } ] ++ baseModules;
args = (config._module.args) // { modules = [ ]; };
specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; };
};
scrubDerivations = namePrefix: pkgSet: mapAttrs
(name: value:
let wholeName = "${namePrefix}.${name}"; in
if isAttrs value then
scrubDerivations wholeName value
// (optionalAttrs (isDerivation value) { outPath = "\${${wholeName}}"; })
else value
)
pkgSet;
in scrubbedEval.options;
};
entry = "${manual.manual}/share/doc/nixos/index.html";
helpScript = pkgs.writeScriptBin "nixos-help"
''
#! ${pkgs.runtimeShell} -e
# Finds first executable browser in a colon-separated list.
# (see how xdg-open defines BROWSER)
browser="$(
IFS=: ; for b in $BROWSER; do
[ -n "$(type -P "$b" || true)" ] && echo "$b" && break
done
)"
if [ -z "$browser" ]; then
browser="$(type -P xdg-open || true)"
if [ -z "$browser" ]; then
browser="$(type -P w3m || true)"
if [ -z "$browser" ]; then
echo "$0: unable to start a web browser; please set \$BROWSER"
exit 1
fi
fi
fi
exec "$browser" ${entry}
'';
desktopItem = pkgs.makeDesktopItem {
name = "nixos-manual";
desktopName = "NixOS Manual";
genericName = "View NixOS documentation in a web browser";
icon = "nix-snowflake";
exec = "${helpScript}/bin/nixos-help";
categories = "System";
};
in in
{ {
options = { options = {
services.nixosManual.enable = mkOption { # TODO(@oxij): rename this to `.enable` eventually.
type = types.bool;
default = true;
description = ''
Whether to build the NixOS manual pages.
'';
};
services.nixosManual.showManual = mkOption { services.nixosManual.showManual = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -114,37 +44,30 @@ in
}; };
config = mkIf cfg.enable { config = mkMerge [
(mkIf cfg.showManual {
assertions = singleton {
assertion = cfgd.enable && cfgd.nixos.enable;
message = "Can't enable `services.nixosManual.showManual` without `documentation.nixos.enable`";
};
})
(mkIf (cfg.showManual && cfgd.enable && cfgd.nixos.enable) {
boot.extraTTYs = [ "tty${toString cfg.ttyNumber}" ];
system.build.manual = manual; systemd.services."nixos-manual" = {
description = "NixOS Manual";
environment.systemPackages = [] wantedBy = [ "multi-user.target" ];
++ optionals config.services.xserver.enable [ desktopItem pkgs.nixos-icons ] serviceConfig = {
++ optional config.documentation.man.enable manual.manpages ExecStart = "${cfg.browser} ${config.system.build.manual.manualHTMLIndex}";
++ optionals config.documentation.doc.enable [ manual.manual helpScript ]; StandardInput = "tty";
StandardOutput = "tty";
boot.extraTTYs = mkIf cfg.showManual ["tty${toString cfg.ttyNumber}"]; TTYPath = "/dev/tty${toString cfg.ttyNumber}";
TTYReset = true;
systemd.services = optionalAttrs cfg.showManual TTYVTDisallocate = true;
{ "nixos-manual" = Restart = "always";
{ description = "NixOS Manual";
wantedBy = [ "multi-user.target" ];
serviceConfig =
{ ExecStart = "${cfg.browser} ${entry}";
StandardInput = "tty";
StandardOutput = "tty";
TTYPath = "/dev/tty${toString cfg.ttyNumber}";
TTYReset = true;
TTYVTDisallocate = true;
Restart = "always";
};
}; };
}; };
})
services.mingetty.helpLine = "\nRun `nixos-help` " ];
+ lib.optionalString cfg.showManual "or press <Alt-F${toString cfg.ttyNumber}> "
+ "for the NixOS manual.";
};
} }

1
nixos/modules/services/monitoring/datadog-agent.nix
View File

@ -213,7 +213,6 @@ in {
Group = "datadog"; Group = "datadog";
Restart = "always"; Restart = "always";
RestartSec = 2; RestartSec = 2;
PrivateTmp = true;
}; };
restartTriggers = [ datadogPkg ] ++ map (etc: etc.source) etcfiles; restartTriggers = [ datadogPkg ] ++ map (etc: etc.source) etcfiles;
} attrs; } attrs;

52
nixos/modules/services/networking/chrony.nix
View File

@ -3,12 +3,10 @@
with lib; with lib;
let let
cfg = config.services.chrony;
stateDir = "/var/lib/chrony"; stateDir = "/var/lib/chrony";
keyFile = "${stateDir}/chrony.keys";
keyFile = "/etc/chrony.keys";
cfg = config.services.chrony;
configFile = pkgs.writeText "chrony.conf" '' configFile = pkgs.writeText "chrony.conf" ''
${concatMapStringsSep "\n" (server: "server " + server) cfg.servers} ${concatMapStringsSep "\n" (server: "server " + server) cfg.servers}
@ -19,7 +17,6 @@ let
} }
driftfile ${stateDir}/chrony.drift driftfile ${stateDir}/chrony.drift
keyfile ${keyFile} keyfile ${keyFile}
${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"} ${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"}
@ -27,18 +24,11 @@ let
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
chronyFlags = "-n -m -u chrony -f ${configFile} ${toString cfg.extraFlags}"; chronyFlags = "-m -u chrony -f ${configFile} ${toString cfg.extraFlags}";
in in
{ {
###### interface
options = { options = {
services.chrony = { services.chrony = {
enable = mkOption { enable = mkOption {
default = false; default = false;
description = '' description = ''
@ -83,15 +73,9 @@ in
description = "Extra flags passed to the chronyd command."; description = "Extra flags passed to the chronyd command.";
}; };
}; };
}; };
###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Make chronyc available in the system path
environment.systemPackages = [ pkgs.chrony ]; environment.systemPackages = [ pkgs.chrony ];
users.groups = singleton users.groups = singleton
@ -113,26 +97,30 @@ in
{ description = "chrony NTP daemon"; { description = "chrony NTP daemon";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
wants = [ "time-sync.target" ]; wants = [ "time-sync.target" ];
before = [ "time-sync.target" ]; before = [ "time-sync.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
conflicts = [ "ntpd.service" "systemd-timesyncd.service" ]; conflicts = [ "ntpd.service" "systemd-timesyncd.service" ];
path = [ pkgs.chrony ]; path = [ pkgs.chrony ];
preStart = preStart = ''
'' mkdir -m 0755 -p ${stateDir}
mkdir -m 0755 -p ${stateDir} touch ${keyFile}
touch ${keyFile} chmod 0640 ${keyFile}
chmod 0640 ${keyFile} chown chrony:chrony ${stateDir} ${keyFile}
chown chrony:chrony ${stateDir} ${keyFile} '';
'';
serviceConfig = serviceConfig =
{ ExecStart = "${pkgs.chrony}/bin/chronyd ${chronyFlags}"; { Type = "forking";
ExecStart = "${pkgs.chrony}/bin/chronyd ${chronyFlags}";
ProtectHome = "yes";
ProtectSystem = "full";
PrivateTmp = "yes";
ConditionCapability = "CAP_SYS_TIME";
}; };
}; };
}; };
} }

56
nixos/modules/services/networking/epmd.nix Normal file
View File

@ -0,0 +1,56 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.epmd;
in
{
###### interface
options.services.epmd = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable socket activation for Erlang Port Mapper Daemon (epmd),
which acts as a name server on all hosts involved in distributed
Erlang computations.
'';
};
package = mkOption {
type = types.package;
default = pkgs.erlang;
description = ''
The Erlang package to use to get epmd binary. That way you can re-use
an Erlang runtime that is already installed for other purposes.
'';
};
};
###### implementation
config = mkIf cfg.enable {
systemd.sockets.epmd = rec {
description = "Erlang Port Mapper Daemon Activation Socket";
wantedBy = [ "sockets.target" ];
before = wantedBy;
socketConfig = {
ListenStream = "4369";
Accept = "false";
};
};
systemd.services.epmd = {
description = "Erlang Port Mapper Daemon";
after = [ "network.target" ];
requires = [ "epmd.socket" ];
serviceConfig = {
DynamicUser = true;
ExecStart = "${cfg.package}/bin/epmd -systemd";
Type = "notify";
};
};
};
}

2
nixos/modules/services/networking/iwd.nix
View File

@ -22,6 +22,8 @@ in {
systemd.packages = [ pkgs.iwd ]; systemd.packages = [ pkgs.iwd ];
systemd.services.iwd.wantedBy = [ "multi-user.target" ];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/lib/iwd 0700 root root -" "d /var/lib/iwd 0700 root root -"
]; ];

34
nixos/modules/services/networking/nullidentdmod.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, lib, pkgs, ... }: with lib; let
cfg = config.services.nullidentdmod;
in {
options.services.nullidentdmod = with types; {
enable = mkEnableOption "Enable the nullidentdmod identd daemon";
userid = mkOption {
type = nullOr str;
description = "User ID to return. Set to null to return a random string each time.";
default = null;
example = "alice";
};
};
config = mkIf cfg.enable {
systemd.sockets.nullidentdmod = {
description = "Socket for identd (NullidentdMod)";
listenStreams = [ "113" ];
socketConfig.Accept = true;
wantedBy = [ "sockets.target" ];
};
systemd.services."nullidentdmod@" = {
description = "NullidentdMod service";
serviceConfig = {
DynamicUser = true;
ExecStart = "${pkgs.nullidentdmod}/bin/nullidentdmod${optionalString (cfg.userid != null) " ${cfg.userid}"}";
StandardInput = "socket";
StandardOutput = "socket";
};
};
};
}

3
nixos/modules/services/networking/shairport-sync.nix
View File

@ -27,7 +27,7 @@ in
}; };
arguments = mkOption { arguments = mkOption {
default = "-v -o pulse"; default = "-v -d pulse";
description = '' description = ''
Arguments to pass to the daemon. Defaults to a local pulseaudio Arguments to pass to the daemon. Defaults to a local pulseaudio
server. server.
@ -72,6 +72,7 @@ in
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;
ExecStart = "${pkgs.shairport-sync}/bin/shairport-sync ${cfg.arguments}"; ExecStart = "${pkgs.shairport-sync}/bin/shairport-sync ${cfg.arguments}";
RuntimeDirectory = "shairport-sync";
}; };
}; };

2
nixos/modules/services/networking/teamspeak3.nix
View File

@ -124,7 +124,7 @@ in
dbsqlpath=${ts3}/lib/teamspeak/sql/ logpath=${cfg.logPath} \ dbsqlpath=${ts3}/lib/teamspeak/sql/ logpath=${cfg.logPath} \
voice_ip=${cfg.voiceIP} default_voice_port=${toString cfg.defaultVoicePort} \ voice_ip=${cfg.voiceIP} default_voice_port=${toString cfg.defaultVoicePort} \
filetransfer_ip=${cfg.fileTransferIP} filetransfer_port=${toString cfg.fileTransferPort} \ filetransfer_ip=${cfg.fileTransferIP} filetransfer_port=${toString cfg.fileTransferPort} \
query_ip=${cfg.queryIP} query_port=${toString cfg.queryPort} query_ip=${cfg.queryIP} query_port=${toString cfg.queryPort} license_accepted=1
''; '';
WorkingDirectory = cfg.dataDir; WorkingDirectory = cfg.dataDir;
User = user; User = user;

2
nixos/modules/services/security/tor.nix
View File

@ -208,7 +208,7 @@ in
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Whether to enable tor transaprent proxy"; description = "Whether to enable tor transparent proxy";
}; };
listenAddress = mkOption { listenAddress = mkOption {

920
nixos/modules/services/web-apps/codimd.nix Normal file
View File

@ -0,0 +1,920 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.codimd;
prettyJSON = conf:
pkgs.runCommand "codimd-config.json" { } ''
echo '${builtins.toJSON conf}' | ${pkgs.jq}/bin/jq \
'{production:del(.[]|nulls)|del(.[][]?|nulls)}' > $out
'';
in
{
options.services.codimd = {
enable = mkEnableOption "the CodiMD Markdown Editor";
groups = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Groups to which the codimd user should be added.
'';
};
workDir = mkOption {
type = types.path;
default = "/var/lib/codimd";
description = ''
Working directory for the CodiMD service.
'';
};
configuration = {
debug = mkEnableOption "debug mode";
domain = mkOption {
type = types.nullOr types.str;
default = null;
example = "codimd.org";
description = ''
Domain name for the CodiMD instance.
'';
};
urlPath = mkOption {
type = types.nullOr types.str;
default = null;
example = "/url/path/to/codimd";
description = ''
Path under which CodiMD is accessible.
'';
};
host = mkOption {
type = types.str;
default = "localhost";
description = ''
Address to listen on.
'';
};
port = mkOption {
type = types.int;
default = 3000;
example = "80";
description = ''
Port to listen on.
'';
};
path = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/run/codimd.sock";
description = ''
Specify where a UNIX domain socket should be placed.
'';
};
allowOrigin = mkOption {
type = types.listOf types.str;
default = [];
example = [ "localhost" "codimd.org" ];
description = ''
List of domains to whitelist.
'';
};
useSSL = mkOption {
type = types.bool;
default = false;
description = ''
Enable to use SSL server. This will also enable
<option>protocolUseSSL</option>.
'';
};
hsts = {
enable = mkOption {
type = types.bool;
default = true;
description = ''
Wheter to enable HSTS if HTTPS is also enabled.
'';
};
maxAgeSeconds = mkOption {
type = types.int;
default = 31536000;
description = ''
Max duration for clients to keep the HSTS status.
'';
};
includeSubdomains = mkOption {
type = types.bool;
default = true;
description = ''
Whether to include subdomains in HSTS.
'';
};
preload = mkOption {
type = types.bool;
default = true;
description = ''
Whether to allow preloading of the site's HSTS status.
'';
};
};
csp = mkOption {
type = types.nullOr types.attrs;
default = null;
example = literalExample ''
{
enable = true;
directives = {
scriptSrc = "trustworthy.scripts.example.com";
};
upgradeInsecureRequest = "auto";
addDefaults = true;
}
'';
description = ''
Specify the Content Security Policy which is passed to Helmet.
For configuration details see <link xlink:href="https://helmetjs.github.io/docs/csp/"
>https://helmetjs.github.io/docs/csp/</link>.
'';
};
protocolUseSSL = mkOption {
type = types.bool;
default = false;
description = ''
Enable to use TLS for resource paths.
This only applies when <option>domain</option> is set.
'';
};
urlAddPort = mkOption {
type = types.bool;
default = false;
description = ''
Enable to add the port to callback URLs.
This only applies when <option>domain</option> is set
and only for ports other than 80 and 443.
'';
};
useCDN = mkOption {
type = types.bool;
default = true;
description = ''
Whether to use CDN resources or not.
'';
};
allowAnonymous = mkOption {
type = types.bool;
default = true;
description = ''
Whether to allow anonymous usage.
'';
};
allowAnonymousEdits = mkOption {
type = types.bool;
default = false;
description = ''
Whether to allow guests to edit existing notes with the `freely' permission,
when <option>allowAnonymous</option> is enabled.
'';
};
allowFreeURL = mkOption {
type = types.bool;
default = false;
description = ''
Whether to allow note creation by accessing a nonexistent note URL.
'';
};
defaultPermission = mkOption {
type = types.enum [ "freely" "editable" "limited" "locked" "private" ];
default = "editable";
description = ''
Default permissions for notes.
This only applies for signed-in users.
'';
};
dbURL = mkOption {
type = types.nullOr types.str;
default = null;
example = ''
postgres://user:pass@host:5432/dbname
'';
description = ''
Specify which database to use.
CodiMD supports mysql, postgres, sqlite and mssql.
See <link xlink:href="https://sequelize.readthedocs.io/en/v3/">
https://sequelize.readthedocs.io/en/v3/</link> for more information.
Note: This option overrides <option>db</option>.
'';
};
db = mkOption {
type = types.attrs;
default = {};
example = literalExample ''
{
dialect = "sqlite";
storage = "/var/lib/codimd/db.codimd.sqlite";
}
'';
description = ''
Specify the configuration for sequelize.
CodiMD supports mysql, postgres, sqlite and mssql.
See <link xlink:href="https://sequelize.readthedocs.io/en/v3/">
https://sequelize.readthedocs.io/en/v3/</link> for more information.
Note: This option overrides <option>db</option>.
'';
};
sslKeyPath= mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/codimd/codimd.key";
description = ''
Path to the SSL key. Needed when <option>useSSL</option> is enabled.
'';
};
sslCertPath = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/codimd/codimd.crt";
description = ''
Path to the SSL cert. Needed when <option>useSSL</option> is enabled.
'';
};
sslCAPath = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/var/lib/codimd/ca.crt" ];
description = ''
SSL ca chain. Needed when <option>useSSL</option> is enabled.
'';
};
dhParamPath = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/codimd/dhparam.pem";
description = ''
Path to the SSL dh params. Needed when <option>useSSL</option> is enabled.
'';
};
tmpPath = mkOption {
type = types.str;
default = "/tmp";
description = ''
Path to the temp directory CodiMD should use.
Note that <option>serviceConfig.PrivateTmp</option> is enabled for
the CodiMD systemd service by default.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
defaultNotePath = mkOption {
type = types.nullOr types.str;
default = "./public/default.md";
description = ''
Path to the default Note file.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
docsPath = mkOption {
type = types.nullOr types.str;
default = "./public/docs";
description = ''
Path to the docs directory.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
indexPath = mkOption {
type = types.nullOr types.str;
default = "./public/views/index.ejs";
description = ''
Path to the index template file.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
hackmdPath = mkOption {
type = types.nullOr types.str;
default = "./public/views/hackmd.ejs";
description = ''
Path to the hackmd template file.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
errorPath = mkOption {
type = types.nullOr types.str;
default = null;
defaultText = "./public/views/error.ejs";
description = ''
Path to the error template file.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
prettyPath = mkOption {
type = types.nullOr types.str;
default = null;
defaultText = "./public/views/pretty.ejs";
description = ''
Path to the pretty template file.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
slidePath = mkOption {
type = types.nullOr types.str;
default = null;
defaultText = "./public/views/slide.hbs";
description = ''
Path to the slide template file.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
uploadsPath = mkOption {
type = types.str;
default = "${cfg.workDir}/uploads";
defaultText = "/var/lib/codimd/uploads";
description = ''
Path under which uploaded files are saved.
'';
};
sessionName = mkOption {
type = types.str;
default = "connect.sid";
description = ''
Specify the name of the session cookie.
'';
};
sessionSecret = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Specify the secret used to sign the session cookie.
If unset, one will be generated on startup.
'';
};
sessionLife = mkOption {
type = types.int;
default = 1209600000;
description = ''
Session life time in milliseconds.
'';
};
heartbeatInterval = mkOption {
type = types.int;
default = 5000;
description = ''
Specify the socket.io heartbeat interval.
'';
};
heartbeatTimeout = mkOption {
type = types.int;
default = 10000;
description = ''
Specify the socket.io heartbeat timeout.
'';
};
documentMaxLength = mkOption {
type = types.int;
default = 100000;
description = ''
Specify the maximum document length.
'';
};
email = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable email sign-in.
'';
};
allowEmailRegister = mkOption {
type = types.bool;
default = true;
description = ''
Wether to enable email registration.
'';
};
allowGravatar = mkOption {
type = types.bool;
default = true;
description = ''
Whether to use gravatar as profile picture source.
'';
};
imageUploadType = mkOption {
type = types.enum [ "imgur" "s3" "minio" "filesystem" ];
default = "filesystem";
description = ''
Specify where to upload images.
'';
};
minio = mkOption {
type = types.nullOr (types.submodule {
options = {
accessKey = mkOption {
type = types.str;
description = ''
Minio access key.
'';
};
secretKey = mkOption {
type = types.str;
description = ''
Minio secret key.
'';
};
endpoint = mkOption {
type = types.str;
description = ''
Minio endpoint.
'';
};
port = mkOption {
type = types.int;
default = 9000;
description = ''
Minio listen port.
'';
};
secure = mkOption {
type = types.bool;
default = true;
description = ''
Whether to use HTTPS for Minio.
'';
};
};
});
default = null;
description = "Configure the minio third-party integration.";
};
s3 = mkOption {
type = types.nullOr (types.submodule {
options = {
accessKeyId = mkOption {
type = types.str;
description = ''
AWS access key id.
'';
};
secretAccessKey = mkOption {
type = types.str;
description = ''
AWS access key.
'';
};
region = mkOption {
type = types.str;
description = ''
AWS S3 region.
'';
};
};
});
default = null;
description = "Configure the s3 third-party integration.";
};
s3bucket = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Specify the bucket name for upload types <literal>s3</literal> and <literal>minio</literal>.
'';
};
allowPDFExport = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable PDF exports.
'';
};
imgur.clientId = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Imgur API client ID.
'';
};
azure = mkOption {
type = types.nullOr (types.submodule {
options = {
connectionString = mkOption {
type = types.str;
description = ''
Azure Blob Storage connection string.
'';
};
container = mkOption {
type = types.str;
description = ''
Azure Blob Storage container name.
It will be created if non-existent.
'';
};
};
});
default = null;
description = "Configure the azure third-party integration.";
};
oauth2 = mkOption {
type = types.nullOr (types.submodule {
options = {
authorizationURL = mkOption {
type = types.str;
description = ''
Specify the OAuth authorization URL.
'';
};
tokenURL = mkOption {
type = types.str;
description = ''
Specify the OAuth token URL.
'';
};
clientID = mkOption {
type = types.str;
description = ''
Specify the OAuth client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
Specify the OAuth client secret.
'';
};
};
});
default = null;
description = "Configure the OAuth integration.";
};
facebook = mkOption {
type = types.nullOr (types.submodule {
options = {
clientID = mkOption {
type = types.str;
description = ''
Facebook API client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
Facebook API client secret.
'';
};
};
});
default = null;
description = "Configure the facebook third-party integration";
};
twitter = mkOption {
type = types.nullOr (types.submodule {
options = {
consumerKey = mkOption {
type = types.str;
description = ''
Twitter API consumer key.
'';
};
consumerSecret = mkOption {
type = types.str;
description = ''
Twitter API consumer secret.
'';
};
};
});
default = null;
description = "Configure the Twitter third-party integration.";
};
github = mkOption {
type = types.nullOr (types.submodule {
options = {
clientID = mkOption {
type = types.str;
description = ''
GitHub API client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
Github API client secret.
'';
};
};
});
default = null;
description = "Configure the GitHub third-party integration.";
};
gitlab = mkOption {
type = types.nullOr (types.submodule {
options = {
baseURL = mkOption {
type = types.str;
default = "";
description = ''
GitLab API authentication endpoint.
Only needed for other endpoints than gitlab.com.
'';
};
clientID = mkOption {
type = types.str;
description = ''
GitLab API client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
GitLab API client secret.
'';
};
scope = mkOption {
type = types.enum [ "api" "read_user" ];
default = "api";
description = ''
GitLab API requested scope.
GitLab snippet import/export requires api scope.
'';
};
};
});
default = null;
description = "Configure the GitLab third-party integration.";
};
mattermost = mkOption {
type = types.nullOr (types.submodule {
options = {
baseURL = mkOption {
type = types.str;
description = ''
Mattermost authentication endpoint.
'';
};
clientID = mkOption {
type = types.str;
description = ''
Mattermost API client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
Mattermost API client secret.
'';
};
};
});
default = null;
description = "Configure the Mattermost third-party integration.";
};
dropbox = mkOption {
type = types.nullOr (types.submodule {
options = {
clientID = mkOption {
type = types.str;
description = ''
Dropbox API client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
Dropbox API client secret.
'';
};
appKey = mkOption {
type = types.str;
description = ''
Dropbox app key.
'';
};
};
});
default = null;
description = "Configure the Dropbox third-party integration.";
};
google = mkOption {
type = types.nullOr (types.submodule {
options = {
clientID = mkOption {
type = types.str;
description = ''
Google API client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
Google API client secret.
'';
};
};
});
default = null;
description = "Configure the Google third-party integration.";
};
ldap = mkOption {
type = types.nullOr (types.submodule {
options = {
providerName = mkOption {
type = types.str;
default = "";
description = ''
Optional name to be displayed at login form, indicating the LDAP provider.
'';
};
url = mkOption {
type = types.str;
example = "ldap://localhost";
description = ''
URL of LDAP server.
'';
};
bindDn = mkOption {
type = types.str;
description = ''
Bind DN for LDAP access.
'';
};
bindCredentials = mkOption {
type = types.str;
description = ''
Bind credentials for LDAP access.
'';
};
searchBase = mkOption {
type = types.str;
example = "o=users,dc=example,dc=com";
description = ''
LDAP directory to begin search from.
'';
};
searchFilter = mkOption {
type = types.str;
example = "(uid={{username}})";
description = ''
LDAP filter to search with.
'';
};
searchAttributes = mkOption {
type = types.listOf types.str;
example = [ "displayName" "mail" ];
description = ''
LDAP attributes to search with.
'';
};
userNameField = mkOption {
type = types.str;
default = "";
description = ''
LDAP field which is used as the username on CodiMD.
By default <option>useridField</option> is used.
'';
};
useridField = mkOption {
type = types.str;
example = "uid";
description = ''
LDAP field which is a unique identifier for users on CodiMD.
'';
};
tlsca = mkOption {
type = types.str;
example = "server-cert.pem,root.pem";
description = ''
Root CA for LDAP TLS in PEM format.
'';
};
};
});
default = null;
description = "Configure the LDAP integration.";
};
saml = mkOption {
type = types.nullOr (types.submodule {
options = {
idpSsoUrl = mkOption {
type = types.str;
example = "https://idp.example.com/sso";
description = ''
IdP authentication endpoint.
'';
};
idpCert = mkOption {
type = types.path;
example = "/path/to/cert.pem";
description = ''
Path to IdP certificate file in PEM format.
'';
};
issuer = mkOption {
type = types.str;
default = "";
description = ''
Optional identity of the service provider.
This defaults to the server URL.
'';
};
identifierFormat = mkOption {
type = types.str;
default = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
description = ''
Optional name identifier format.
'';
};
groupAttribute = mkOption {
type = types.str;
default = "";
example = "memberOf";
description = ''
Optional attribute name for group list.
'';
};
externalGroups = mkOption {
type = types.listOf types.str;
default = [];
example = [ "Temporary-staff" "External-users" ];
description = ''
Excluded group names.
'';
};
requiredGroups = mkOption {
type = types.listOf types.str;
default = [];
example = [ "Hackmd-users" "Codimd-users" ];
description = ''
Required group names.
'';
};
attribute = {
id = mkOption {
type = types.str;
default = "";
description = ''
Attribute map for `id'.
Defaults to `NameID' of SAML response.
'';
};
username = mkOption {
type = types.str;
default = "";
description = ''
Attribute map for `username'.
Defaults to `NameID' of SAML response.
'';
};
email = mkOption {
type = types.str;
default = "";
description = ''
Attribute map for `email'.
Defaults to `NameID' of SAML response if
<option>identifierFormat</option> has
the default value.
'';
};
};
};
});
default = null;
description = "Configure the SAML integration.";
};
};
};
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.configuration.db == {} -> (
cfg.configuration.dbURL != "" && cfg.configuration.dbURL != null
);
message = "Database configuration for CodiMD missing."; }
];
users.groups.codimd = {};
users.users.codimd = {
description = "CodiMD service user";
group = "codimd";
extraGroups = cfg.groups;
home = cfg.workDir;
createHome = true;
};
systemd.services.codimd = {
description = "CodiMD Service";
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" ];
preStart = ''
mkdir -p ${cfg.workDir}
chown -R codimd: ${cfg.workDir}
'';
serviceConfig = {
WorkingDirectory = cfg.workDir;
ExecStart = "${pkgs.codimd}/bin/codimd";
Environment = [
"CMD_CONFIG_FILE=${prettyJSON cfg.configuration}"
"NODE_ENV=production"
];
Restart = "always";
User = "codimd";
PermissionsStartOnly = true;
PrivateTmp = true;
};
};
};
}

1
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -81,6 +81,7 @@ in
kconfig kconfig
kconfigwidgets kconfigwidgets
kcoreaddons kcoreaddons
kdoctools
kdbusaddons kdbusaddons
kdeclarative kdeclarative
kded kded

2
nixos/modules/services/x11/display-managers/default.nix
View File

@ -266,7 +266,7 @@ in
session. Each session script can set the session. Each session script can set the
<varname>waitPID</varname> shell variable to make this script <varname>waitPID</varname> shell variable to make this script
wait until the end of the user session. Each script is used wait until the end of the user session. Each script is used
to define either a windows manager or a desktop manager. These to define either a window manager or a desktop manager. These
can be differentiated by setting the attribute can be differentiated by setting the attribute
<varname>manage</varname> either to <literal>"window"</literal> <varname>manage</varname> either to <literal>"window"</literal>
or <literal>"desktop"</literal>. or <literal>"desktop"</literal>.

13
nixos/modules/services/x11/display-managers/lightdm.nix
View File

@ -197,7 +197,7 @@ in
# lightdm relaunches itself via just `lightdm`, so needs to be on the PATH # lightdm relaunches itself via just `lightdm`, so needs to be on the PATH
execCmd = '' execCmd = ''
export PATH=${lightdm}/sbin:$PATH export PATH=${lightdm}/sbin:$PATH
exec ${lightdm}/sbin/lightdm --log-dir=/var/log --run-dir=/run exec ${lightdm}/sbin/lightdm
''; '';
}; };
@ -246,12 +246,19 @@ in
''; '';
users.users.lightdm = { users.users.lightdm = {
createHome = true; home = "/var/lib/lightdm";
home = "/var/lib/lightdm-data";
group = "lightdm"; group = "lightdm";
uid = config.ids.uids.lightdm; uid = config.ids.uids.lightdm;
}; };
systemd.tmpfiles.rules = [
"d /run/lightdm 0711 lightdm lightdm 0"
"d /var/cache/lightdm 0711 root lightdm -"
"d /var/lib/lightdm 1770 lightdm lightdm -"
"d /var/lib/lightdm-data 1775 lightdm lightdm -"
"d /var/log/lightdm 0711 root lightdm -"
];
users.groups.lightdm.gid = config.ids.gids.lightdm; users.groups.lightdm.gid = config.ids.gids.lightdm;
services.xserver.tty = null; # We might start multiple X servers so let the tty increment themselves.. services.xserver.tty = null; # We might start multiple X servers so let the tty increment themselves..
services.xserver.display = null; # We specify our own display (and logfile) in xserver-wrapper up there services.xserver.display = null; # We specify our own display (and logfile) in xserver-wrapper up there

4
nixos/modules/services/x11/display-managers/sddm.nix
View File

@ -263,7 +263,9 @@ in
}; };
environment.etc."sddm.conf".source = cfgFile; environment.etc."sddm.conf".source = cfgFile;
environment.pathsToLink = [ "/share/sddm/themes" ]; environment.pathsToLink = [
"/share/sddm"
];
users.groups.sddm.gid = config.ids.gids.sddm; users.groups.sddm.gid = config.ids.gids.sddm;

2
nixos/modules/services/x11/hardware/libinput.nix
View File

@ -205,7 +205,7 @@ in {
}) })
]; ];
services.udev.packages = [ pkgs.libinput ]; services.udev.packages = [ pkgs.libinput.out ];
services.xserver.config = services.xserver.config =
'' ''

61
nixos/modules/system/activation/top-level.nix
View File

@ -93,49 +93,52 @@ let
${config.system.extraSystemBuilderCmds} ${config.system.extraSystemBuilderCmds}
''; '';
# Handle assertions
failed = map (x: x.message) (filter (x: !x.assertion) config.assertions);
showWarnings = res: fold (w: x: builtins.trace "warning: ${w}" x) res config.warnings;
# Putting it all together. This builds a store path containing # Putting it all together. This builds a store path containing
# symlinks to the various parts of the built configuration (the # symlinks to the various parts of the built configuration (the
# kernel, systemd units, init scripts, etc.) as well as a script # kernel, systemd units, init scripts, etc.) as well as a script
# `switch-to-configuration' that activates the configuration and # `switch-to-configuration' that activates the configuration and
# makes it bootable. # makes it bootable.
baseSystem = showWarnings ( baseSystem = pkgs.stdenvNoCC.mkDerivation {
if [] == failed then pkgs.stdenvNoCC.mkDerivation { name = let hn = config.networking.hostName;
name = let hn = config.networking.hostName; nn = if (hn != "") then hn else "unnamed";
nn = if (hn != "") then hn else "unnamed"; in "nixos-system-${nn}-${config.system.nixos.label}";
in "nixos-system-${nn}-${config.system.nixos.label}"; preferLocalBuild = true;
preferLocalBuild = true; allowSubstitutes = false;
allowSubstitutes = false; buildCommand = systemBuilder;
buildCommand = systemBuilder;
inherit (pkgs) utillinux coreutils; inherit (pkgs) utillinux coreutils;
systemd = config.systemd.package; systemd = config.systemd.package;
inherit (pkgs.stdenv) shell; shell = "${pkgs.bash}/bin/sh";
inherit children; inherit children;
kernelParams = config.boot.kernelParams; kernelParams = config.boot.kernelParams;
installBootLoader = installBootLoader =
config.system.build.installBootLoader config.system.build.installBootLoader
or "echo 'Warning: do not know how to make this configuration bootable; please enable a boot loader.' 1>&2; true"; or "echo 'Warning: do not know how to make this configuration bootable; please enable a boot loader.' 1>&2; true";
activationScript = config.system.activationScripts.script; activationScript = config.system.activationScripts.script;
nixosLabel = config.system.nixos.label; nixosLabel = config.system.nixos.label;
configurationName = config.boot.loader.grub.configurationName; configurationName = config.boot.loader.grub.configurationName;
# Needed by switch-to-configuration. # Needed by switch-to-configuration.
perl = "${pkgs.perl}/bin/perl " + (concatMapStringsSep " " (lib: "-I${lib}/${pkgs.perl.libPrefix}") (with pkgs.perlPackages; [ FileSlurp NetDBus XMLParser XMLTwig ])); perl = "${pkgs.perl}/bin/perl " + (concatMapStringsSep " " (lib: "-I${lib}/${pkgs.perl.libPrefix}") (with pkgs.perlPackages; [ FileSlurp NetDBus XMLParser XMLTwig ]));
} else throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failed)}"); };
# Handle assertions and warnings
failedAssertions = map (x: x.message) (filter (x: !x.assertion) config.assertions);
showWarnings = res: fold (w: x: builtins.trace "warning: ${w}" x) res config.warnings;
baseSystemAssertWarn = if failedAssertions != []
then throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failedAssertions)}"
else showWarnings baseSystem;
# Replace runtime dependencies # Replace runtime dependencies
system = fold ({ oldDependency, newDependency }: drv: system = fold ({ oldDependency, newDependency }: drv:
pkgs.replaceDependency { inherit oldDependency newDependency drv; } pkgs.replaceDependency { inherit oldDependency newDependency drv; }
) baseSystem config.system.replaceRuntimeDependencies; ) baseSystemAssertWarn config.system.replaceRuntimeDependencies;
in in

15
nixos/modules/system/boot/luksroot.nix
View File

@ -11,19 +11,30 @@ let
exit 1 exit 1
} }
dev_exist() {
local target="$1"
if [ -e $target ]; then
return 0
else
local uuid=$(echo -n $target | sed -e 's,UUID=\(.*\),\1,g')
local dev=$(blkid --uuid $uuid)
return $?
fi
}
wait_target() { wait_target() {
local name="$1" local name="$1"
local target="$2" local target="$2"
local secs="''${3:-10}" local secs="''${3:-10}"
local desc="''${4:-$name $target to appear}" local desc="''${4:-$name $target to appear}"
if [ ! -e $target ]; then if ! dev_exist $target; then
echo -n "Waiting $secs seconds for $desc..." echo -n "Waiting $secs seconds for $desc..."
local success=false; local success=false;
for try in $(seq $secs); do for try in $(seq $secs); do
echo -n "." echo -n "."
sleep 1 sleep 1
if [ -e $target ]; then if dev_exist $target; then
success=true success=true
break break
fi fi

44
nixos/modules/virtualisation/google-compute-image.nix
View File

@ -97,8 +97,8 @@ in
"google-instance-setup.service" "google-instance-setup.service"
"google-network-setup.service" "google-network-setup.service"
]; ];
wantedBy = [ "multi-user.target" ];
requires = ["network.target"]; requires = ["network.target"];
wantedBy = ["multi-user.target"];
path = with pkgs; [ shadow ]; path = with pkgs; [ shadow ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
@ -113,8 +113,8 @@ in
"google-instance-setup.service" "google-instance-setup.service"
"google-network-setup.service" "google-network-setup.service"
]; ];
requires = [ "network.target" ]; requires = ["network.target"];
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${gce}/bin/google_clock_skew_daemon --debug"; ExecStart = "${gce}/bin/google_clock_skew_daemon --debug";
@ -123,7 +123,7 @@ in
systemd.services.google-instance-setup = { systemd.services.google-instance-setup = {
description = "Google Compute Engine Instance Setup"; description = "Google Compute Engine Instance Setup";
after = ["fs.target" "network-online.target" "network.target" "rsyslog.service"]; after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
before = ["sshd.service"]; before = ["sshd.service"];
wants = ["local-fs.target" "network-online.target" "network.target"]; wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "sshd.service" "multi-user.target" ]; wantedBy = [ "sshd.service" "multi-user.target" ];
@ -134,15 +134,17 @@ in
}; };
}; };
systemd.services.google-ip-forwarding-daemon = { systemd.services.google-network-daemon = {
description = "Google Compute Engine IP Forwarding Daemon"; description = "Google Compute Engine Network Daemon";
after = ["network.target" "google-instance-setup.service" "google-network-setup.service"]; after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
requires = ["network.target"]; requires = ["network.target"];
partOf = ["network.target"];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = with pkgs; [ iproute ]; path = with pkgs; [ iproute ];
serviceConfig = { serviceConfig = {
Type = "simple"; ExecStart = "${gce}/bin/google_network_daemon --debug";
ExecStart = "${gce}/bin/google_ip_forwarding_daemon --debug"; Type = "oneshot";
}; };
}; };
@ -153,8 +155,9 @@ in
"network-online.target" "network-online.target"
"network.target" "network.target"
"rsyslog.service" "rsyslog.service"
"systemd-resolved.service"
"google-instance-setup.service" "google-instance-setup.service"
"google-network-setup.service" "google-network-daemon.service"
]; ];
wants = [ "local-fs.target" "network-online.target" "network.target"]; wants = [ "local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -167,23 +170,6 @@ in
}; };
}; };
systemd.services.google-network-setup = {
description = "Google Compute Engine Network Setup";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
];
wants = [ "local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${gce}/bin/google_network_setup --debug";
KillMode = "process";
Type = "oneshot";
};
};
systemd.services.google-startup-scripts = { systemd.services.google-startup-scripts = {
description = "Google Compute Engine Startup Scripts"; description = "Google Compute Engine Startup Scripts";
after = [ after = [
@ -192,9 +178,9 @@ in
"network.target" "network.target"
"rsyslog.service" "rsyslog.service"
"google-instance-setup.service" "google-instance-setup.service"
"google-network-setup.service" "google-network-daemon.service"
]; ];
wants = [ "local-fs.target" "network-online.target" "network.target"]; wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup"; ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";

9
nixos/release.nix
View File

@ -128,7 +128,8 @@ in rec {
channel = import lib/make-channel.nix { inherit pkgs nixpkgs version versionSuffix; }; channel = import lib/make-channel.nix { inherit pkgs nixpkgs version versionSuffix; };
manual = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manual); manualHTML = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manualHTML);
manual = manualHTML; # TODO(@oxij): remove eventually
manualEpub = (buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manualEpub)); manualEpub = (buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manualEpub));
manpages = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manpages); manpages = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manpages);
manualGeneratedSources = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.generatedSources); manualGeneratedSources = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.generatedSources);
@ -261,6 +262,7 @@ in rec {
tests.chromium = (callSubTestsOnMatchingSystems ["x86_64-linux"] tests/chromium.nix {}).stable or {}; tests.chromium = (callSubTestsOnMatchingSystems ["x86_64-linux"] tests/chromium.nix {}).stable or {};
tests.cjdns = callTest tests/cjdns.nix {}; tests.cjdns = callTest tests/cjdns.nix {};
tests.cloud-init = callTest tests/cloud-init.nix {}; tests.cloud-init = callTest tests/cloud-init.nix {};
tests.codimd = callTest tests/codimd.nix {};
tests.containers-ipv4 = callTest tests/containers-ipv4.nix {}; tests.containers-ipv4 = callTest tests/containers-ipv4.nix {};
tests.containers-ipv6 = callTest tests/containers-ipv6.nix {}; tests.containers-ipv6 = callTest tests/containers-ipv6.nix {};
tests.containers-bridge = callTest tests/containers-bridge.nix {}; tests.containers-bridge = callTest tests/containers-bridge.nix {};
@ -284,7 +286,8 @@ in rec {
tests.ecryptfs = callTest tests/ecryptfs.nix {}; tests.ecryptfs = callTest tests/ecryptfs.nix {};
tests.etcd = callTestOnMatchingSystems ["x86_64-linux"] tests/etcd.nix {}; tests.etcd = callTestOnMatchingSystems ["x86_64-linux"] tests/etcd.nix {};
tests.ec2-nixops = (callSubTestsOnMatchingSystems ["x86_64-linux"] tests/ec2.nix {}).boot-ec2-nixops or {}; tests.ec2-nixops = (callSubTestsOnMatchingSystems ["x86_64-linux"] tests/ec2.nix {}).boot-ec2-nixops or {};
tests.ec2-config = (callSubTestsOnMatchingSystems ["x86_64-linux"] tests/ec2.nix {}).boot-ec2-config or {}; # ec2-config doesn't work in a sandbox as the simulated ec2 instance needs network access
#tests.ec2-config = (callSubTestsOnMatchingSystems ["x86_64-linux"] tests/ec2.nix {}).boot-ec2-config or {};
tests.elk = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/elk.nix {}; tests.elk = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/elk.nix {};
tests.env = callTest tests/env.nix {}; tests.env = callTest tests/env.nix {};
tests.ferm = callTest tests/ferm.nix {}; tests.ferm = callTest tests/ferm.nix {};
@ -379,7 +382,7 @@ in rec {
tests.pgmanage = callTest tests/pgmanage.nix {}; tests.pgmanage = callTest tests/pgmanage.nix {};
tests.postgis = callTest tests/postgis.nix {}; tests.postgis = callTest tests/postgis.nix {};
tests.powerdns = callTest tests/powerdns.nix {}; tests.powerdns = callTest tests/powerdns.nix {};
#tests.pgjwt = callTest tests/pgjwt.nix {}; tests.pgjwt = callTest tests/pgjwt.nix {};
tests.predictable-interface-names = callSubTests tests/predictable-interface-names.nix {}; tests.predictable-interface-names = callSubTests tests/predictable-interface-names.nix {};
tests.printing = callTest tests/printing.nix {}; tests.printing = callTest tests/printing.nix {};
tests.prometheus = callTest tests/prometheus.nix {}; tests.prometheus = callTest tests/prometheus.nix {};

29
nixos/tests/acme.nix
View File

@ -1,32 +1,5 @@
let let
commonConfig = { lib, nodes, ... }: { commonConfig = ./common/letsencrypt/common.nix;
networking.nameservers = [
nodes.letsencrypt.config.networking.primaryIPAddress
];
nixpkgs.overlays = lib.singleton (self: super: {
cacert = super.cacert.overrideDerivation (drv: {
installPhase = (drv.installPhase or "") + ''
cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \
>> "$out/etc/ssl/certs/ca-bundle.crt"
'';
});
# Override certifi so that it accepts fake certificate for Let's Encrypt
# Need to override the attribute used by simp_le, which is python3Packages
python3Packages = (super.python3.override {
packageOverrides = lib.const (pysuper: {
certifi = pysuper.certifi.overridePythonAttrs (attrs: {
postPatch = (attrs.postPatch or "") + ''
cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \
> certifi/cacert.pem
'';
});
});
}).pkgs;
});
};
in import ./make-test.nix { in import ./make-test.nix {
name = "acme"; name = "acme";

1
nixos/tests/atd.nix
View File

@ -16,6 +16,7 @@ import ./make-test.nix ({ pkgs, ... }:
testScript = '' testScript = ''
startAll; startAll;
$machine->waitForUnit('atd.service'); # wait for atd to start
$machine->fail("test -f ~root/at-1"); $machine->fail("test -f ~root/at-1");
$machine->fail("test -f ~alice/at-1"); $machine->fail("test -f ~alice/at-1");

56
nixos/tests/codimd.nix Normal file
View File

@ -0,0 +1,56 @@
import ./make-test.nix ({ pkgs, lib, ... }:
{
name = "codimd";
meta = with lib.maintainers; {
maintainers = [ willibutz ];
};
nodes = {
codimdSqlite = { ... }: {
services = {
codimd = {
enable = true;
configuration.dbURL = "sqlite:///var/lib/codimd/codimd.db";
};
};
};
codimdPostgres = { ... }: {
systemd.services.codimd.after = [ "postgresql.service" ];
services = {
codimd = {
enable = true;
configuration.dbURL = "postgres://codimd:snakeoilpassword@localhost:5432/codimddb";
};
postgresql = {
enable = true;
initialScript = pkgs.writeText "pg-init-script.sql" ''
CREATE ROLE codimd LOGIN PASSWORD 'snakeoilpassword';
CREATE DATABASE codimddb OWNER codimd;
'';
};
};
};
};
testScript = ''
startAll();
subtest "CodiMD sqlite", sub {
$codimdSqlite->waitForUnit("codimd.service");
$codimdSqlite->waitForOpenPort(3000);
$codimdSqlite->sleep(10); # avoid 503 during startup
$codimdSqlite->succeed("curl -sSf http://localhost:3000/new");
};
subtest "CodiMD postgres", sub {
$codimdPostgres->waitForUnit("postgresql.service");
$codimdPostgres->waitForUnit("codimd.service");
$codimdPostgres->waitForOpenPort(5432);
$codimdPostgres->waitForOpenPort(3000);
$codimdPostgres->sleep(10); # avoid 503 during startup
$codimdPostgres->succeed("curl -sSf http://localhost:3000/new");
};
'';
})

27
nixos/tests/common/letsencrypt/common.nix Normal file
View File

@ -0,0 +1,27 @@
{ lib, nodes, ... }: {
networking.nameservers = [
nodes.letsencrypt.config.networking.primaryIPAddress
];
nixpkgs.overlays = lib.singleton (self: super: {
cacert = super.cacert.overrideDerivation (drv: {
installPhase = (drv.installPhase or "") + ''
cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \
>> "$out/etc/ssl/certs/ca-bundle.crt"
'';
});
# Override certifi so that it accepts fake certificate for Let's Encrypt
# Need to override the attribute used by simp_le, which is python3Packages
python3Packages = (super.python3.override {
packageOverrides = lib.const (pysuper: {
certifi = pysuper.certifi.overridePythonAttrs (attrs: {
postPatch = (attrs.postPatch or "") + ''
cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \
> certifi/cacert.pem
'';
});
});
}).pkgs;
});
}

8
nixos/tests/containers-imperative.nix
View File

@ -13,6 +13,7 @@ import ./make-test.nix ({ pkgs, ...} : {
# XXX: Sandbox setup fails while trying to hardlink files from the host's # XXX: Sandbox setup fails while trying to hardlink files from the host's
# store file system into the prepared chroot directory. # store file system into the prepared chroot directory.
nix.useSandbox = false; nix.useSandbox = false;
nix.binaryCaches = []; # don't try to access cache.nixos.org
virtualisation.writableStore = true; virtualisation.writableStore = true;
virtualisation.memorySize = 1024; virtualisation.memorySize = 1024;
@ -27,9 +28,10 @@ import ./make-test.nix ({ pkgs, ...} : {
}; };
}; };
}; };
in [ in with pkgs; [
pkgs.stdenv pkgs.stdenvNoCC emptyContainer.config.containers.foo.path stdenv stdenvNoCC emptyContainer.config.containers.foo.path
pkgs.libxslt libxslt desktop-file-utils texinfo docbook5 libxml2
docbook_xsl_ns xorg.lndir documentation-highlighter
]; ];
}; };

7
nixos/tests/docker-tools.nix
View File

@ -20,7 +20,10 @@ import ./make-test.nix ({ pkgs, ... }: {
'' ''
$docker->waitForUnit("sockets.target"); $docker->waitForUnit("sockets.target");
# Ensure Docker images use a stable date by default
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'"); $docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("[ '1970-01-01T00:00:01Z' = \"\$(docker inspect ${pkgs.dockerTools.examples.bash.imageName} | ${pkgs.jq}/bin/jq -r .[].Created)\" ]");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version"); $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version");
$docker->succeed("docker rmi ${pkgs.dockerTools.examples.bash.imageName}"); $docker->succeed("docker rmi ${pkgs.dockerTools.examples.bash.imageName}");
@ -51,5 +54,9 @@ import ./make-test.nix ({ pkgs, ... }: {
$docker->succeed("docker run --rm runasrootextracommands cat extraCommands"); $docker->succeed("docker run --rm runasrootextracommands cat extraCommands");
$docker->succeed("docker run --rm runasrootextracommands cat runAsRoot"); $docker->succeed("docker run --rm runasrootextracommands cat runAsRoot");
$docker->succeed("docker rmi '${pkgs.dockerTools.examples.runAsRootExtraCommands.imageName}'"); $docker->succeed("docker rmi '${pkgs.dockerTools.examples.runAsRootExtraCommands.imageName}'");
# Ensure Docker images can use an unstable date
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("[ '1970-01-01T00:00:01Z' != \"\$(docker inspect ${pkgs.dockerTools.examples.unstableDate.imageName} | ${pkgs.jq}/bin/jq -r .[].Created)\" ]");
''; '';
}) })

4
nixos/tests/ferm.nix
View File

@ -11,6 +11,7 @@ import ./make-test.nix ({ pkgs, ...} : {
with pkgs.lib; with pkgs.lib;
{ {
networking = { networking = {
dhcpcd.enable = false;
interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::2"; prefixLength = 64; } ]; interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::2"; prefixLength = 64; } ];
interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.2"; prefixLength = 24; } ]; interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.2"; prefixLength = 24; } ];
}; };
@ -20,6 +21,7 @@ import ./make-test.nix ({ pkgs, ...} : {
with pkgs.lib; with pkgs.lib;
{ {
networking = { networking = {
dhcpcd.enable = false;
interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::1"; prefixLength = 64; } ]; interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::1"; prefixLength = 64; } ];
interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ]; interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ];
}; };
@ -51,7 +53,7 @@ import ./make-test.nix ({ pkgs, ...} : {
'' ''
startAll; startAll;
$client->waitForUnit("network.target"); $client->waitForUnit("network-online.target");
$server->waitForUnit("ferm.service"); $server->waitForUnit("ferm.service");
$server->waitForUnit("nginx.service"); $server->waitForUnit("nginx.service");
$server->waitUntilSucceeds("ss -ntl | grep -q 80"); $server->waitUntilSucceeds("ss -ntl | grep -q 80");

6
nixos/tests/gdk-pixbuf.nix
View File

@ -10,10 +10,12 @@ import ./make-test.nix ({ pkgs, ... }: {
environment.systemPackages = with pkgs; [ gnome-desktop-testing ]; environment.systemPackages = with pkgs; [ gnome-desktop-testing ];
environment.variables.XDG_DATA_DIRS = [ "${pkgs.gdk_pixbuf.installedTests}/share" ]; environment.variables.XDG_DATA_DIRS = [ "${pkgs.gdk_pixbuf.installedTests}/share" ];
virtualisation.memorySize = 4096; # Tests allocate a lot of memory trying to exploit a CVE # Tests allocate a lot of memory trying to exploit a CVE
# but qemu-system-i386 has a 2047M memory limit
virtualisation.memorySize = if pkgs.stdenv.isi686 then 2047 else 4096;
}; };
testScript = '' testScript = ''
$machine->succeed("gnome-desktop-testing-runner"); $machine->succeed("gnome-desktop-testing-runner -t 1800"); # increase timeout to 1800s
''; '';
}) })

2
nixos/tests/hibernate.nix
View File

@ -35,8 +35,8 @@ import ./make-test.nix (pkgs: {
$machine->waitForOpenPort(4444); $machine->waitForOpenPort(4444);
$machine->succeed("systemctl hibernate &"); $machine->succeed("systemctl hibernate &");
$machine->waitForShutdown; $machine->waitForShutdown;
$probe->waitForUnit("multi-user.target");
$machine->start; $machine->start;
$probe->waitForUnit("network.target");
$probe->waitUntilSucceeds("echo test | nc machine 4444 -N"); $probe->waitUntilSucceeds("echo test | nc machine 4444 -N");
''; '';

2
nixos/tests/hound.nix
View File

@ -52,7 +52,7 @@ import ./make-test.nix ({ pkgs, ... } : {
$machine->waitForUnit("network.target"); $machine->waitForUnit("network.target");
$machine->waitForUnit("hound.service"); $machine->waitForUnit("hound.service");
$machine->waitForOpenPort(6080); $machine->waitForOpenPort(6080);
$machine->succeed('curl http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep "Filename" | grep "hello"'); $machine->waitUntilSucceeds('curl http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep "Filename" | grep "hello"');
''; '';
}) })

87
nixos/tests/installer.nix
View File

@ -282,9 +282,9 @@ in {
{ createPartitions = { createPartitions =
'' ''
$machine->succeed( $machine->succeed(
"parted --script /dev/vda mklabel msdos", "flock /dev/vda parted --script /dev/vda -- mklabel msdos"
"parted --script /dev/vda -- mkpart primary linux-swap 1M 1024M", . " mkpart primary linux-swap 1M 1024M"
"parted --script /dev/vda -- mkpart primary ext2 1024M -1s", . " mkpart primary ext2 1024M -1s",
"udevadm settle", "udevadm settle",
"mkswap /dev/vda1 -L swap", "mkswap /dev/vda1 -L swap",
"swapon -L swap", "swapon -L swap",
@ -299,11 +299,11 @@ in {
{ createPartitions = { createPartitions =
'' ''
$machine->succeed( $machine->succeed(
"parted --script /dev/vda mklabel gpt", "flock /dev/vda parted --script /dev/vda -- mklabel gpt"
"parted --script /dev/vda -- mkpart ESP fat32 1M 50MiB", # /boot . " mkpart ESP fat32 1M 50MiB" # /boot
"parted --script /dev/vda -- set 1 boot on", . " set 1 boot on"
"parted --script /dev/vda -- mkpart primary linux-swap 50MiB 1024MiB", . " mkpart primary linux-swap 50MiB 1024MiB"
"parted --script /dev/vda -- mkpart primary ext2 1024MiB -1MiB", # / . " mkpart primary ext2 1024MiB -1MiB", # /
"udevadm settle", "udevadm settle",
"mkswap /dev/vda2 -L swap", "mkswap /dev/vda2 -L swap",
"swapon -L swap", "swapon -L swap",
@ -321,11 +321,11 @@ in {
{ createPartitions = { createPartitions =
'' ''
$machine->succeed( $machine->succeed(
"parted --script /dev/vda mklabel gpt", "flock /dev/vda parted --script /dev/vda -- mklabel gpt"
"parted --script /dev/vda -- mkpart ESP fat32 1M 50MiB", # /boot . " mkpart ESP fat32 1M 50MiB" # /boot
"parted --script /dev/vda -- set 1 boot on", . " set 1 boot on"
"parted --script /dev/vda -- mkpart primary linux-swap 50MiB 1024MiB", . " mkpart primary linux-swap 50MiB 1024MiB"
"parted --script /dev/vda -- mkpart primary ext2 1024MiB -1MiB", # / . " mkpart primary ext2 1024MiB -1MiB", # /
"udevadm settle", "udevadm settle",
"mkswap /dev/vda2 -L swap", "mkswap /dev/vda2 -L swap",
"swapon -L swap", "swapon -L swap",
@ -345,10 +345,10 @@ in {
{ createPartitions = { createPartitions =
'' ''
$machine->succeed( $machine->succeed(
"parted --script /dev/vda mklabel msdos", "flock /dev/vda parted --script /dev/vda -- mklabel msdos"
"parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot . " mkpart primary ext2 1M 50MB" # /boot
"parted --script /dev/vda -- mkpart primary linux-swap 50MB 1024M", . " mkpart primary linux-swap 50MB 1024M"
"parted --script /dev/vda -- mkpart primary ext2 1024M -1s", # / . " mkpart primary ext2 1024M -1s", # /
"udevadm settle", "udevadm settle",
"mkswap /dev/vda2 -L swap", "mkswap /dev/vda2 -L swap",
"swapon -L swap", "swapon -L swap",
@ -366,10 +366,10 @@ in {
{ createPartitions = { createPartitions =
'' ''
$machine->succeed( $machine->succeed(
"parted --script /dev/vda mklabel msdos", "flock /dev/vda parted --script /dev/vda -- mklabel msdos"
"parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot . " mkpart primary ext2 1M 50MB" # /boot
"parted --script /dev/vda -- mkpart primary linux-swap 50MB 1024M", . " mkpart primary linux-swap 50MB 1024M"
"parted --script /dev/vda -- mkpart primary ext2 1024M -1s", # / . " mkpart primary ext2 1024M -1s", # /
"udevadm settle", "udevadm settle",
"mkswap /dev/vda2 -L swap", "mkswap /dev/vda2 -L swap",
"swapon -L swap", "swapon -L swap",
@ -402,9 +402,9 @@ in {
createPartitions = createPartitions =
'' ''
$machine->succeed( $machine->succeed(
"parted --script /dev/vda mklabel msdos", "flock /dev/vda parted --script /dev/vda -- mklabel msdos"
"parted --script /dev/vda -- mkpart primary linux-swap 1M 1024M", . " mkpart primary linux-swap 1M 1024M"
"parted --script /dev/vda -- mkpart primary 1024M -1s", . " mkpart primary 1024M -1s",
"udevadm settle", "udevadm settle",
"mkswap /dev/vda1 -L swap", "mkswap /dev/vda1 -L swap",
@ -425,11 +425,11 @@ in {
{ createPartitions = { createPartitions =
'' ''
$machine->succeed( $machine->succeed(
"parted --script /dev/vda mklabel msdos", "flock /dev/vda parted --script /dev/vda -- mklabel msdos"
"parted --script /dev/vda -- mkpart primary 1M 2048M", # PV1 . " mkpart primary 1M 2048M" # PV1
"parted --script /dev/vda -- set 1 lvm on", . " set 1 lvm on"
"parted --script /dev/vda -- mkpart primary 2048M -1s", # PV2 . " mkpart primary 2048M -1s" # PV2
"parted --script /dev/vda -- set 2 lvm on", . " set 2 lvm on",
"udevadm settle", "udevadm settle",
"pvcreate /dev/vda1 /dev/vda2", "pvcreate /dev/vda1 /dev/vda2",
"vgcreate MyVolGroup /dev/vda1 /dev/vda2", "vgcreate MyVolGroup /dev/vda1 /dev/vda2",
@ -447,10 +447,10 @@ in {
luksroot = makeInstallerTest "luksroot" luksroot = makeInstallerTest "luksroot"
{ createPartitions = '' { createPartitions = ''
$machine->succeed( $machine->succeed(
"parted --script /dev/vda mklabel msdos", "flock /dev/vda parted --script /dev/vda -- mklabel msdos"
"parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot . " mkpart primary ext2 1M 50MB" # /boot
"parted --script /dev/vda -- mkpart primary linux-swap 50M 1024M", . " mkpart primary linux-swap 50M 1024M"
"parted --script /dev/vda -- mkpart primary 1024M -1s", # LUKS . " mkpart primary 1024M -1s", # LUKS
"udevadm settle", "udevadm settle",
"mkswap /dev/vda2 -L swap", "mkswap /dev/vda2 -L swap",
"swapon -L swap", "swapon -L swap",
@ -481,11 +481,11 @@ in {
filesystemEncryptedWithKeyfile = makeInstallerTest "filesystemEncryptedWithKeyfile" filesystemEncryptedWithKeyfile = makeInstallerTest "filesystemEncryptedWithKeyfile"
{ createPartitions = '' { createPartitions = ''
$machine->succeed( $machine->succeed(
"parted --script /dev/vda mklabel msdos", "flock /dev/vda parted --script /dev/vda -- mklabel msdos"
"parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot . " mkpart primary ext2 1M 50MB" # /boot
"parted --script /dev/vda -- mkpart primary linux-swap 50M 1024M", . " mkpart primary linux-swap 50M 1024M"
"parted --script /dev/vda -- mkpart primary 1024M 1280M", # LUKS with keyfile . " mkpart primary 1024M 1280M" # LUKS with keyfile
"parted --script /dev/vda -- mkpart primary 1280M -1s", . " mkpart primary 1280M -1s",
"udevadm settle", "udevadm settle",
"mkswap /dev/vda2 -L swap", "mkswap /dev/vda2 -L swap",
"swapon -L swap", "swapon -L swap",
@ -520,7 +520,7 @@ in {
{ createPartitions = { createPartitions =
'' ''
$machine->succeed( $machine->succeed(
"parted --script /dev/vda --" "flock /dev/vda parted --script /dev/vda --"
. " mklabel msdos" . " mklabel msdos"
. " mkpart primary ext2 1M 100MB" # /boot . " mkpart primary ext2 1M 100MB" # /boot
. " mkpart extended 100M -1s" . " mkpart extended 100M -1s"
@ -531,8 +531,10 @@ in {
"udevadm settle", "udevadm settle",
"ls -l /dev/vda* >&2", "ls -l /dev/vda* >&2",
"cat /proc/partitions >&2", "cat /proc/partitions >&2",
"udevadm control --stop-exec-queue",
"mdadm --create --force /dev/md0 --metadata 1.2 --level=raid1 --raid-devices=2 /dev/vda5 /dev/vda6", "mdadm --create --force /dev/md0 --metadata 1.2 --level=raid1 --raid-devices=2 /dev/vda5 /dev/vda6",
"mdadm --create --force /dev/md1 --metadata 1.2 --level=raid1 --raid-devices=2 /dev/vda7 /dev/vda8", "mdadm --create --force /dev/md1 --metadata 1.2 --level=raid1 --raid-devices=2 /dev/vda7 /dev/vda8",
"udevadm control --start-exec-queue",
"udevadm settle", "udevadm settle",
"mkswap -f /dev/md1 -L swap", "mkswap -f /dev/md1 -L swap",
"swapon -L swap", "swapon -L swap",
@ -555,14 +557,15 @@ in {
{ createPartitions = { createPartitions =
'' ''
$machine->succeed( $machine->succeed(
"parted --script /dev/sda mklabel msdos", "flock /dev/sda parted --script /dev/sda -- mklabel msdos"
"parted --script /dev/sda -- mkpart primary linux-swap 1M 1024M", . " mkpart primary linux-swap 1M 1024M"
"parted --script /dev/sda -- mkpart primary ext2 1024M -1s", . " mkpart primary ext2 1024M -1s",
"udevadm settle", "udevadm settle",
"mkswap /dev/sda1 -L swap", "mkswap /dev/sda1 -L swap",
"swapon -L swap", "swapon -L swap",
"mkfs.ext3 -L nixos /dev/sda2", "mkfs.ext3 -L nixos /dev/sda2",
"mount LABEL=nixos /mnt", "mount LABEL=nixos /mnt",
"mkdir -p /mnt/tmp",
); );
''; '';
grubVersion = 1; grubVersion = 1;

2
nixos/tests/misc.nix
View File

@ -14,7 +14,7 @@ import ./make-test.nix ({ pkgs, ...} : rec {
{ swapDevices = mkOverride 0 { swapDevices = mkOverride 0
[ { device = "/root/swapfile"; size = 128; } ]; [ { device = "/root/swapfile"; size = 128; } ];
environment.variables.EDITOR = mkOverride 0 "emacs"; environment.variables.EDITOR = mkOverride 0 "emacs";
services.nixosManual.enable = mkOverride 0 true; documentation.nixos.enable = mkOverride 0 true;
systemd.tmpfiles.rules = [ "d /tmp 1777 root root 10d" ]; systemd.tmpfiles.rules = [ "d /tmp 1777 root root 10d" ];
fileSystems = mkVMOverride { "/tmp2" = fileSystems = mkVMOverride { "/tmp2" =
{ fsType = "tmpfs"; { fsType = "tmpfs";

4
nixos/tests/networking.nix
View File

@ -467,7 +467,7 @@ let
# Wait for networking to come up # Wait for networking to come up
$machine->start; $machine->start;
$machine->waitForUnit("network.target"); $machine->waitForUnit("network-online.target");
# Test interfaces set up # Test interfaces set up
my $list = $machine->succeed("ip tuntap list | sort"); my $list = $machine->succeed("ip tuntap list | sort");
@ -479,7 +479,9 @@ let
# Test interfaces clean up # Test interfaces clean up
$machine->succeed("systemctl stop network-addresses-tap0"); $machine->succeed("systemctl stop network-addresses-tap0");
$machine->sleep(10);
$machine->succeed("systemctl stop network-addresses-tun0"); $machine->succeed("systemctl stop network-addresses-tun0");
$machine->sleep(10);
my $residue = $machine->succeed("ip tuntap list"); my $residue = $machine->succeed("ip tuntap list");
$residue eq "" or die( $residue eq "" or die(
"Some virtual interface has not been properly cleaned:\n", "Some virtual interface has not been properly cleaned:\n",

3
nixos/tests/prosody.nix
View File

@ -6,6 +6,9 @@ import ./make-test.nix {
enable = true; enable = true;
# TODO: use a self-signed certificate # TODO: use a self-signed certificate
c2sRequireEncryption = false; c2sRequireEncryption = false;
extraConfig = ''
storage = "sql"
'';
}; };
environment.systemPackages = let environment.systemPackages = let
sendMessage = pkgs.writeScriptBin "send-message" '' sendMessage = pkgs.writeScriptBin "send-message" ''

16
nixos/tests/yabar.nix
View File

@ -8,18 +8,26 @@ with lib;
maintainers = [ ma27 ]; maintainers = [ ma27 ];
}; };
nodes.yabar = { machine = {
imports = [ ./common/x11.nix ./common/user-account.nix ]; imports = [ ./common/x11.nix ./common/user-account.nix ];
services.xserver.displayManager.auto.user = "bob"; services.xserver.displayManager.auto.user = "bob";
programs.yabar.enable = true; programs.yabar.enable = true;
programs.yabar.bars = {
top.indicators.date.exec = "YABAR_DATE";
};
}; };
testScript = '' testScript = ''
$yabar->start; $machine->start;
$yabar->waitForX; $machine->waitForX;
$yabar->waitForUnit("yabar.service", "bob"); # confirm proper startup
$machine->waitForUnit("yabar.service", "bob");
$machine->sleep(10);
$machine->waitForUnit("yabar.service", "bob");
$machine->screenshot("top_bar");
''; '';
}) })

2
pkgs/applications/altcoins/bitcoin-abc.nix
View File

@ -26,6 +26,8 @@ stdenv.mkDerivation rec {
configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ] configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ]
++ optionals withGui [ "--with-gui=qt5" ]; ++ optionals withGui [ "--with-gui=qt5" ];
enableParallelBuilding = true;
meta = { meta = {
description = "Peer-to-peer electronic cash system (Cash client)"; description = "Peer-to-peer electronic cash system (Cash client)";
longDescription= '' longDescription= ''

2
pkgs/applications/altcoins/bitcoin-classic.nix
View File

@ -26,6 +26,8 @@ stdenv.mkDerivation rec {
configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ] configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ]
++ optionals withGui [ "--with-gui=qt5" ]; ++ optionals withGui [ "--with-gui=qt5" ];
enableParallelBuilding = true;
meta = { meta = {
description = "Peer-to-peer electronic cash system (Classic client)"; description = "Peer-to-peer electronic cash system (Classic client)";
longDescription= '' longDescription= ''

2
pkgs/applications/altcoins/bitcoin-xt.nix
View File

@ -27,6 +27,8 @@ stdenv.mkDerivation rec{
"--with-libcurl-headers=${curl.dev}/include" "--with-libcurl-headers=${curl.dev}/include"
] ++ optionals withGui [ "--with-gui=qt4" ]; ] ++ optionals withGui [ "--with-gui=qt4" ];
enableParallelBuilding = true;
meta = { meta = {
description = "Peer-to-peer electronic cash system (XT client)"; description = "Peer-to-peer electronic cash system (XT client)";
longDescription= '' longDescription= ''

13
pkgs/applications/altcoins/bitcoin.nix
View File

@ -5,13 +5,13 @@
with stdenv.lib; with stdenv.lib;
stdenv.mkDerivation rec{ stdenv.mkDerivation rec{
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version; name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version;
version = "0.16.2"; version = "0.16.3";
src = fetchurl { src = fetchurl {
urls = [ "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" urls = [ "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
"https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" "https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
]; ];
sha256 = "1n07qykx5hc0ph8fwn7hfrbsrjv19fdzvs5h0nysq4wfgn5wa40r"; sha256 = "060223dzzk2izfzhxwlzzd0fhbgglvbgps2nyc4zz767vybysvl3";
}; };
nativeBuildInputs = [ pkgconfig autoreconfHook ]; nativeBuildInputs = [ pkgconfig autoreconfHook ];
@ -20,7 +20,12 @@ stdenv.mkDerivation rec{
++ optionals stdenv.isLinux [ utillinux ] ++ optionals stdenv.isLinux [ utillinux ]
++ optionals withGui [ qtbase qttools qrencode ]; ++ optionals withGui [ qtbase qttools qrencode ];
configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ] configureFlags = [ "--with-boost-libdir=${boost.out}/lib"
"--disable-bench"
] ++ optionals (!doCheck) [
"--disable-tests"
"--disable-gui-tests"
]
++ optionals withGui [ "--with-gui=qt5" ++ optionals withGui [ "--with-gui=qt5"
"--with-qt-bindir=${qtbase.dev}/bin:${qttools.dev}/bin" "--with-qt-bindir=${qtbase.dev}/bin:${qttools.dev}/bin"
]; ];
@ -29,6 +34,8 @@ stdenv.mkDerivation rec{
# find or load the Qt platform plugin "minimal"" # find or load the Qt platform plugin "minimal""
doCheck = false; doCheck = false;
enableParallelBuilding = true;
meta = { meta = {
description = "Peer-to-peer electronic cash system"; description = "Peer-to-peer electronic cash system";
longDescription= '' longDescription= ''

4
pkgs/applications/altcoins/clightning.nix
View File

@ -4,14 +4,14 @@
with stdenv.lib; with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "clightning-${version}"; name = "clightning-${version}";
version = "0.6"; version = "0.6.1";
src = fetchFromGitHub { src = fetchFromGitHub {
fetchSubmodules = true; fetchSubmodules = true;
owner = "ElementsProject"; owner = "ElementsProject";
repo = "lightning"; repo = "lightning";
rev = "v${version}"; rev = "v${version}";
sha256 = "1xbi8c7kn21wj255fxnb9s0sqnzbn3wsz4p96z084k8mw1nc71vn"; sha256 = "0qx30i1c97ic4ii8bm0sk9dh76nfg4ihl9381gxjj14i4jr1q8y4";
}; };
enableParallelBuilding = true; enableParallelBuilding = true;

33
pkgs/applications/altcoins/dapp.nix
View File

@ -1,33 +0,0 @@
{ lib, stdenv, fetchFromGitHub, makeWrapper
, seth, git, solc, shellcheck, nodejs, hevm }:
stdenv.mkDerivation rec {
name = "dapp-${version}";
version = "0.5.7";
src = fetchFromGitHub {
owner = "dapphub";
repo = "dapp";
rev = "v${version}";
sha256 = "128f35hczarihb263as391wr9zbyc1q1p49qbxh30via23r1brb0";
};
nativeBuildInputs = [makeWrapper shellcheck];
buildPhase = "true";
doCheck = true;
checkPhase = "make test";
makeFlags = ["prefix=$(out)"];
postInstall = let path = lib.makeBinPath [
nodejs solc git seth hevm
]; in ''
wrapProgram "$out/bin/dapp" --prefix PATH : "${path}"
'';
meta = {
description = "Simple tool for creating Ethereum-based dapps";
homepage = https://github.com/dapphub/dapp/;
maintainers = [stdenv.lib.maintainers.dbrock];
license = lib.licenses.gpl3;
inherit version;
};
}

6
pkgs/applications/altcoins/default.nix
View File

@ -50,7 +50,6 @@ rec {
dogecoin = callPackage ./dogecoin.nix { boost = boost165; withGui = true; }; dogecoin = callPackage ./dogecoin.nix { boost = boost165; withGui = true; };
dogecoind = callPackage ./dogecoin.nix { boost = boost165; withGui = false; }; dogecoind = callPackage ./dogecoin.nix { boost = boost165; withGui = false; };
ethsign = callPackage ./ethsign { };
freicoin = callPackage ./freicoin.nix { boost = boost155; }; freicoin = callPackage ./freicoin.nix { boost = boost155; };
go-ethereum = callPackage ./go-ethereum.nix { go-ethereum = callPackage ./go-ethereum.nix {
@ -78,11 +77,6 @@ rec {
namecoind = callPackage ./namecoin.nix { withGui = false; }; namecoind = callPackage ./namecoin.nix { withGui = false; };
ethabi = callPackage ./ethabi.nix { }; ethabi = callPackage ./ethabi.nix { };
ethrun = callPackage ./ethrun.nix { };
seth = callPackage ./seth.nix { };
dapp = callPackage ./dapp.nix { };
hevm = (haskellPackages.callPackage ./hevm.nix {});
stellar-core = callPackage ./stellar-core.nix { }; stellar-core = callPackage ./stellar-core.nix { };

26
pkgs/applications/altcoins/ethrun.nix
View File

@ -1,26 +0,0 @@
{ stdenv, fetchFromGitHub, rustPlatform }:
with rustPlatform;
buildRustPackage rec {
name = "ethrun-${version}";
version = "0.1.0";
src = fetchFromGitHub {
owner = "dapphub";
repo = "ethrun";
rev = "v${version}";
sha256 = "1w651g4p2mc4ljp20l8lwvfx3l3fzyp6gf2izr85vyb1wjbaccqn";
};
cargoSha256 = "14x8pbjgkz0g724lnvd9mi2alqd6fipjljw6xsraf9gqwijn1kn0";
meta = with stdenv.lib; {
description = "Directly run Ethereum bytecode";
homepage = https://github.com/dapphub/ethrun/;
maintainers = [ maintainers.dbrock ];
license = licenses.gpl3;
broken = true; # mark temporary as broken
inherit version;
};
}

60
pkgs/applications/altcoins/ethsign/default.nix
View File

@ -1,60 +0,0 @@
{ stdenv, buildGoPackage, fetchFromGitHub, fetchgit }:
buildGoPackage rec {
name = "ethsign-${version}";
version = "0.8.2";
goPackagePath = "github.com/dapphub/ethsign";
hardeningDisable = ["fortify"];
src = fetchFromGitHub {
owner = "dapphub";
repo = "ethsign";
rev = "v${version}";
sha256 = "1gd0bq5x49sjm83r2wivjf03dxvhdli6cvwb9b853wwcvy4inmmh";
};
extraSrcs = [
{
goPackagePath = "github.com/ethereum/go-ethereum";
src = fetchFromGitHub {
owner = "ethereum";
repo = "go-ethereum";
rev = "v1.7.3";
sha256 = "1w6rbq2qpjyf2v9mr18yiv2af1h2sgyvgrdk4bd8ixgl3qcd5b11";
};
}
{
goPackagePath = "gopkg.in/urfave/cli.v1";
src = fetchFromGitHub {
owner = "urfave";
repo = "cli";
rev = "v1.19.1";
sha256 = "1ny63c7bfwfrsp7vfkvb4i0xhq4v7yxqnwxa52y4xlfxs4r6v6fg";
};
}
{
goPackagePath = "golang.org/x/crypto";
src = fetchgit {
url = "https://go.googlesource.com/crypto";
rev = "94eea52f7b742c7cbe0b03b22f0c4c8631ece122";
sha256 = "095zyvjb0m2pz382500miqadhk7w3nis8z3j941z8cq4rdafijvi";
};
}
{
goPackagePath = "golang.org/x/sys";
src = fetchgit {
url = "https://go.googlesource.com/sys";
rev = "53aa286056ef226755cd898109dbcdaba8ac0b81";
sha256 = "1yd17ccklby099cpdcsgx6lf0lj968hsnppp16mwh9009ldf72r1";
};
}
];
meta = with stdenv.lib; {
homepage = https://github.com/dapphub/ethsign;
description = "Make raw signed Ethereum transactions";
broken = stdenv.isDarwin; # test with CoreFoundation 10.11
license = [licenses.gpl3];
};
}

62
pkgs/applications/altcoins/hevm.nix
View File

@ -1,62 +0,0 @@
{ mkDerivation, abstract-par, aeson, ansi-wl-pprint, async, base
, base16-bytestring, base64-bytestring, binary, brick, bytestring
, cereal, containers, cryptonite, data-dword, deepseq, directory
, filepath, ghci-pretty, here, HUnit, lens
, lens-aeson, memory, monad-par, mtl, optparse-generic, process
, QuickCheck, quickcheck-text, readline, rosezipper, scientific
, stdenv, tasty, tasty-hunit, tasty-quickcheck, temporary, text
, text-format, unordered-containers, vector, vty
, restless-git
, fetchFromGitHub, lib, makeWrapper
, zlib, bzip2, solc, coreutils
, bash
}:
lib.overrideDerivation (mkDerivation rec {
pname = "hevm";
version = "0.8.5";
src = fetchFromGitHub {
owner = "dapphub";
repo = "hevm";
rev = "v${version}";
sha256 = "1a27bh0azf2hdg5hp6s9azv2rhzy7vrlq1kmg688g9nfwwwhgkp0";
};
isLibrary = false;
isExecutable = true;
enableSharedExecutables = false;
postInstall = ''
wrapProgram $out/bin/hevm \
--add-flags '+RTS -N$((`${coreutils}/bin/nproc` - 1)) -RTS' \
--suffix PATH : "${lib.makeBinPath [bash coreutils]}"
'';
extraLibraries = [
abstract-par aeson ansi-wl-pprint base base16-bytestring
base64-bytestring binary brick bytestring cereal containers
cryptonite data-dword deepseq directory filepath ghci-pretty lens
lens-aeson memory monad-par mtl optparse-generic process QuickCheck
quickcheck-text readline rosezipper scientific temporary text text-format
unordered-containers vector vty restless-git
];
executableHaskellDepends = [
async readline zlib bzip2
];
testHaskellDepends = [
base binary bytestring ghci-pretty here HUnit lens mtl QuickCheck
tasty tasty-hunit tasty-quickcheck text vector
];
homepage = https://github.com/dapphub/hevm;
description = "Ethereum virtual machine evaluator";
license = stdenv.lib.licenses.agpl3;
maintainers = [stdenv.lib.maintainers.dbrock];
broken = true; # 2018-04-10
}) (attrs: {
buildInputs = attrs.buildInputs ++ [solc];
nativeBuildInputs = attrs.nativeBuildInputs ++ [makeWrapper];
})

2
pkgs/applications/altcoins/litecoin.nix
View File

@ -29,6 +29,8 @@ stdenv.mkDerivation rec {
configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ] configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ]
++ optionals withGui [ "--with-gui=qt4" ]; ++ optionals withGui [ "--with-gui=qt4" ];
enableParallelBuilding = true;
meta = { meta = {
description = "A lite version of Bitcoin using scrypt as a proof-of-work algorithm"; description = "A lite version of Bitcoin using scrypt as a proof-of-work algorithm";
longDescription= '' longDescription= ''

33
pkgs/applications/altcoins/seth.nix
View File

@ -1,33 +0,0 @@
{ stdenv, makeWrapper, lib, fetchFromGitHub
, bc, coreutils, curl, ethabi, git, gnused, jshon, perl, solc, which
, nodejs, ethsign
}:
stdenv.mkDerivation rec {
name = "seth-${version}";
version = "0.6.3";
src = fetchFromGitHub {
owner = "dapphub";
repo = "seth";
rev = "v${version}";
sha256 = "0la2nfqsscpbq6zwa6hsd73nimdnrhilrmgyy77yr3jca2wjhsjk";
};
nativeBuildInputs = [makeWrapper];
buildPhase = "true";
makeFlags = ["prefix=$(out)"];
postInstall = let path = lib.makeBinPath [
bc coreutils curl ethabi git gnused jshon perl solc which nodejs ethsign
]; in ''
wrapProgram "$out/bin/seth" --prefix PATH : "${path}"
'';
meta = {
description = "Command-line client for talking to Ethereum nodes";
homepage = https://github.com/dapphub/seth/;
maintainers = [stdenv.lib.maintainers.dbrock];
license = lib.licenses.gpl3;
inherit version;
};
}

4
pkgs/applications/audio/drumgizmo/default.nix
View File

@ -3,12 +3,12 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "0.9.15"; version = "0.9.16";
name = "drumgizmo-${version}"; name = "drumgizmo-${version}";
src = fetchurl { src = fetchurl {
url = "https://www.drumgizmo.org/releases/${name}/${name}.tar.gz"; url = "https://www.drumgizmo.org/releases/${name}/${name}.tar.gz";
sha256 = "13bgqyw74pq3ss63zd9bjmgr4dah792pcphyqmr7bnvrgfjr6bx6"; sha256 = "0ivr61n9gpigsfgn20rh3n09li8sxh1q095r6wiw0shqhn3vaxlg";
}; };
configureFlags = [ "--enable-lv2" ]; configureFlags = [ "--enable-lv2" ];

4
pkgs/applications/audio/elisa/default.nix
View File

@ -7,13 +7,13 @@
mkDerivation rec { mkDerivation rec {
name = "elisa-${version}"; name = "elisa-${version}";
version = "0.2.1"; version = "0.2.80";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "KDE"; owner = "KDE";
repo = "elisa"; repo = "elisa";
rev = "v${version}"; rev = "v${version}";
sha256 = "0b3rx3gh6adlrbmgj75dicqv6qzzn4fyfxbf1nwh3zd2hi0ca89w"; sha256 = "0wc2kkp28gp1rfgg14a769lalwd44yz7jxkrzanh91v5j2kkln07";
}; };
nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook ]; nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook ];

4
pkgs/applications/audio/gpodder/default.nix
View File

@ -5,14 +5,14 @@
python3Packages.buildPythonApplication rec { python3Packages.buildPythonApplication rec {
pname = "gpodder"; pname = "gpodder";
version = "3.10.3"; version = "3.10.5";
format = "other"; format = "other";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "gpodder"; owner = "gpodder";
repo = "gpodder"; repo = "gpodder";
rev = version; rev = version;
sha256 = "0j0amjq1wvr5p10vckg900a8xfnxw6z028qw72ayh58216m5jb5l"; sha256 = "00lvma40d62h4haybabh15x1y7rnmd84whbjgjv773igwagkn9vw";
}; };
postPatch = with stdenv.lib; '' postPatch = with stdenv.lib; ''

2
pkgs/applications/audio/gradio/default.nix
View File

@ -56,7 +56,7 @@ in stdenv.mkDerivation rec {
enableParallelBuilding = true; enableParallelBuilding = true;
postInstall = '' postInstall = ''
${glib.dev}/bin/glib-compile-schemas $out/share/glib-2.0/schemas glib-compile-schemas "$out"/share/glib-2.0/schemas
''; '';
patches = [ ./0001-Remove-post-install-script-that-hardcodes-paths.patch ]; patches = [ ./0001-Remove-post-install-script-that-hardcodes-paths.patch ];

4
pkgs/applications/audio/jaaa/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "jaaa-${version}"; name = "jaaa-${version}";
version = "0.8.4"; version = "0.9.2";
src = fetchurl { src = fetchurl {
url = "https://kokkinizita.linuxaudio.org/linuxaudio/downloads/${name}.tar.bz2"; url = "https://kokkinizita.linuxaudio.org/linuxaudio/downloads/${name}.tar.bz2";
sha256 = "0jyll4rkb6vja2widc340ww078rr24c6nmxbxdqvbxw409nccd01"; sha256 = "1czksxx2g8na07k7g57qlz0vvkkgi5bzajcx7vc7jhb94hwmmxbc";
}; };
buildInputs = [ buildInputs = [

4
pkgs/applications/audio/japa/default.nix
View File

@ -1,12 +1,12 @@
{ stdenv, fetchurl, alsaLib, libjack2, fftwFloat, libclthreads, libclxclient, libX11, libXft, zita-alsa-pcmi, }: { stdenv, fetchurl, alsaLib, libjack2, fftwFloat, libclthreads, libclxclient, libX11, libXft, zita-alsa-pcmi, }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "0.8.4"; version = "0.9.2";
name = "japa-${version}"; name = "japa-${version}";
src = fetchurl { src = fetchurl {
url = "https://kokkinizita.linuxaudio.org/linuxaudio/downloads/${name}.tar.bz2"; url = "https://kokkinizita.linuxaudio.org/linuxaudio/downloads/${name}.tar.bz2";
sha256 = "1jhj7s4vqk5c4lchdall0kslvj5sh91902hhfjvs6r3a5nrhwcp0"; sha256 = "1zmi4wg23hwsypg3h6y3qb72cbrihqcs19qrbzgs5a67d13q4897";
}; };
buildInputs = [ alsaLib libjack2 fftwFloat libclthreads libclxclient libX11 libXft zita-alsa-pcmi ]; buildInputs = [ alsaLib libjack2 fftwFloat libclthreads libclxclient libX11 libXft zita-alsa-pcmi ];

4
pkgs/applications/audio/lollypop/default.nix
View File

@ -4,7 +4,7 @@
, gobjectIntrospection, wrapGAppsHook }: , gobjectIntrospection, wrapGAppsHook }:
python3.pkgs.buildPythonApplication rec { python3.pkgs.buildPythonApplication rec {
version = "0.9.522"; version = "0.9.601";
name = "lollypop-${version}"; name = "lollypop-${version}";
format = "other"; format = "other";
@ -14,7 +14,7 @@ python3.pkgs.buildPythonApplication rec {
url = "https://gitlab.gnome.org/World/lollypop"; url = "https://gitlab.gnome.org/World/lollypop";
rev = "refs/tags/${version}"; rev = "refs/tags/${version}";
fetchSubmodules = true; fetchSubmodules = true;
sha256 = "0f2brwv884cvmxj644jcj9sg5hix3wvnjy2ndg0fh5cxyqz0kwn5"; sha256 = "029hyylwjsbwkw1v75nbkkmrncgz30y2qwdysmpz0xyb5q7x6zbj";
}; };
nativeBuildInputs = with python3.pkgs; [ nativeBuildInputs = with python3.pkgs; [

4
pkgs/applications/audio/mixxx/default.nix
View File

@ -7,13 +7,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "mixxx-${version}"; name = "mixxx-${version}";
version = "2.1.3"; version = "2.1.4";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "mixxxdj"; owner = "mixxxdj";
repo = "mixxx"; repo = "mixxx";
rev = "release-${version}"; rev = "release-${version}";
sha256 = "1fm8lkbnxka4haidf6yr8mb3r6vaxmc97hhrp8pcx0fvq2mnzvy2"; sha256 = "1q1px4033marraprvgr5yq9jlz943kcc10fdkn7py2ma8cfgnipq";
}; };
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];

4
pkgs/applications/audio/mopidy/iris.nix
View File

@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec { pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris"; pname = "Mopidy-Iris";
version = "3.25.1"; version = "3.26.2";
src = pythonPackages.fetchPypi { src = pythonPackages.fetchPypi {
inherit pname version; inherit pname version;
sha256 = "148ksv87lw3l3dwncmlq8qzv6xik29axdgaljdcp0g4pd98a7dlk"; sha256 = "04jg5k8znkn0iirfnsndm74f8mypj8zwj76j489l0m263k1kn715";
}; };
propagatedBuildInputs = [ propagatedBuildInputs = [

Some files were not shown because too many files have changed in this diff Show More