public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into sage-8.4

This commit is contained in:
Timo Kaufmann 2018-09-27 12:07:37 +02:00
parent 1217882907 ea817ad88d
commit 2f6b13950e
803 changed files with 56473 additions and 17948 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/cross-compilation.xml
View File

@ -47,13 +47,9 @@
<para>
In Nixpkgs, these three platforms are defined as attribute sets under the
names <literal>buildPlatform</literal>, <literal>hostPlatform</literal>,
and <literal>targetPlatform</literal>. All three are always defined as
attributes in the standard environment, and at the top level. That means
one can get at them just like a dependency in a function that is imported
with <literal>callPackage</literal>:
<programlisting>{ stdenv, buildPlatform, hostPlatform, fooDep, barDep, .. }: ...buildPlatform...</programlisting>
, or just off <varname>stdenv</varname>:
names <literal>buildPlatform</literal>, <literal>hostPlatform</literal>, and
<literal>targetPlatform</literal>. They are always defined as attributes in
the standard environment. That means one can access them like:
<programlisting>{ stdenv, fooDep, barDep, .. }: ...stdenv.buildPlatform...</programlisting>
.
</para>

42
doc/functions.xml
View File

@ -638,6 +638,48 @@ buildImage {
<literal>pkgs.cacert</literal> to <varname>contents</varname>.
</para>
</note>
<example xml:id="example-pkgs-dockerTools-buildImage-creation-date">
<title>Impurely Defining a Docker Layer's Creation Date</title>
<para>
By default <function>buildImage</function> will use a static
date of one second past the UNIX Epoch. This allows
<function>buildImage</function> to produce binary reproducible
images. When listing images with <command>docker list
images</command>, the newly created images will be listed like
this:
</para>
<screen><![CDATA[
$ docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
hello latest 08c791c7846e 48 years ago 25.2MB
]]></screen>
<para>
You can break binary reproducibility but have a sorted,
meaningful <literal>CREATED</literal> column by setting
<literal>created</literal> to <literal>now</literal>.
</para>
<programlisting><![CDATA[
pkgs.dockerTools.buildImage {
name = "hello";
tag = "latest";
created = "now";
contents = pkgs.hello;
config.Cmd = [ "/bin/hello" ];
}
]]></programlisting>
<para>
and now the Docker CLI will display a reasonable date and
sort the images as expected:
<screen><![CDATA[
$ docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
hello latest de2bf4786de6 About a minute ago 25.2MB
]]></screen>
however, the produced images will not be binary reproducible.
</para>
</example>
</section>
<section xml:id="ssec-pkgs-dockerTools-fetchFromRegistry">

3
doc/languages-frameworks/rust.section.md
View File

@ -64,9 +64,6 @@ When the `Cargo.lock`, provided by upstream, is not in sync with the
added in `cargoPatches` will also be prepended to the patches in `patches` at
build-time.
To install crates with nix there is also an experimental project called
[nixcrates](https://github.com/fractalide/nixcrates).
## Compiling Rust crates using Nix instead of Cargo
### Simple operation

32
doc/languages-frameworks/vim.section.md
View File

@ -15,6 +15,7 @@ At the moment we support three different methods for managing plugins:
- Vim packages (*recommend*)
- VAM (=vim-addon-manager)
- Pathogen
- vim-plug
## Custom configuration
@ -59,7 +60,7 @@ vim_configurable.customize {
}
```
For Neovim the syntax is
For Neovim the syntax is:
```
neovim.override {
@ -96,6 +97,35 @@ The resulting package can be added to `packageOverrides` in `~/.nixpkgs/config.n
After that you can install your special grafted `myVim` or `myNeovim` packages.
## Managing plugins with vim-plug
To use [vim-plug](https://github.com/junegunn/vim-plug) to manage your Vim
plugins the following example can be used:
```
vim_configurable.customize {
vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; {
# loaded on launch
plug.plugins = [ youcompleteme fugitive phpCompletion elm-vim ];
};
}
```
For Neovim the syntax is:
```
neovim.override {
configure = {
customRC = ''
# here your custom configuration goes!
'';
plug.plugins = with pkgs.vimPlugins; [
vim-go
];
};
}
```
## Managing plugins with VAM
### Handling dependencies of Vim plugins

66
doc/package-notes.xml
View File

@ -643,15 +643,15 @@ cp ${myEmacsConfig} $out/share/emacs/site-lisp/default.el
required dependencies manually - but it's tedious and there is always a
possibility that an unwanted dependency will sneak in through some other
package. To completely override such a package you can use
<varname>overrideScope</varname>.
<varname>overrideScope'</varname>.
</para>
<screen>
overrides = super: self: rec {
overrides = self: super: rec {
haskell-mode = self.melpaPackages.haskell-mode;
...
};
((emacsPackagesNgGen emacs).overrideScope overrides).emacsWithPackages (p: with p; [
((emacsPackagesNgGen emacs).overrideScope' overrides).emacsWithPackages (p: with p; [
# here both these package will use haskell-mode of our own choice
ghc-mod
dante
@ -814,4 +814,64 @@ citrix_receiver.override {
</para>
</section>
</section>
<section xml:id="sec-ibus-typing-booster">
<title>ibus-engines.typing-booster</title>
<para>This package is an ibus-based completion method to speed up typing.</para>
<section xml:id="sec-ibus-typing-booster-activate">
<title>Activating the engine</title>
<para>
IBus needs to be configured accordingly to activate <literal>typing-booster</literal>. The configuration
depends on the desktop manager in use. For detailed instructions, please refer to the
<link xlink:href="https://mike-fabian.github.io/ibus-typing-booster/documentation.html">upstream docs</link>.
</para>
<para>
On NixOS you need to explicitly enable <literal>ibus</literal> with given engines
before customizing your desktop to use <literal>typing-booster</literal>. This can be achieved
using the <literal>ibus</literal> module:
<programlisting>{ pkgs, ... }: {
i18n.inputMethod = {
enabled = "ibus";
ibus.engines = with pkgs.ibus-engines; [ typing-booster ];
};
}</programlisting>
</para>
</section>
<section xml:id="sec-ibus-typing-booster-customize-hunspell">
<title>Using custom hunspell dictionaries</title>
<para>
The IBus engine is based on <literal>hunspell</literal> to support completion in many languages.
By default the dictionaries <literal>de-de</literal>, <literal>en-us</literal>, <literal>es-es</literal>,
<literal>it-it</literal>, <literal>sv-se</literal> and <literal>sv-fi</literal>
are in use. To add another dictionary, the package can be overridden like this:
<programlisting>ibus-engines.typing-booster.override {
langs = [ "de-at" "en-gb" ];
}</programlisting>
</para>
<para>
<emphasis>Note: each language passed to <literal>langs</literal> must be an attribute name in
<literal>pkgs.hunspellDicts</literal>.</emphasis>
</para>
</section>
<section xml:id="sec-ibus-typing-booster-emoji-picker">
<title>Built-in emoji picker</title>
<para>
The <literal>ibus-engines.typing-booster</literal> package contains a program
named <literal>emoji-picker</literal>. To display all emojis correctly,
a special font such as <literal>noto-fonts-emoji</literal> is needed:
</para>
<para>
On NixOS it can be installed using the following expression:
<programlisting>{ pkgs, ... }: {
fonts.fonts = with pkgs; [ noto-fonts-emoji ];
}</programlisting>
</para>
</section>
</section>
</chapter>

2
doc/stdenv.xml
View File

@ -2129,7 +2129,7 @@ someVar=$(stripHash $name)
The most typical use of the setup hook is actually to add other hooks which
are then run (i.e. after all the setup hooks) on each dependency. For
example, the C compiler wrapper's setup hook feeds itself flags for each
dependency that contains relevant libaries and headers. This is done by
dependency that contains relevant libraries and headers. This is done by
defining a bash function, and appending its name to one of
<envar>envBuildBuildHooks</envar>`, <envar>envBuildHostHooks</envar>`,
<envar>envBuildTargetHooks</envar>`, <envar>envHostHostHooks</envar>`,

11
lib/attrsets.nix
View File

@ -435,12 +435,15 @@ rec {
useful for deep-overriding.
Example:
x = { a = { b = 4; c = 3; }; }
overrideExisting x { a = { b = 6; d = 2; }; }
=> { a = { b = 6; d = 2; }; }
overrideExisting {} { a = 1; }
=> {}
overrideExisting { b = 2; } { a = 1; }
=> { b = 2; }
overrideExisting { a = 3; b = 2; } { a = 1; }
=> { a = 1; b = 2; }
*/
overrideExisting = old: new:
old // listToAttrs (map (attr: nameValuePair attr (attrByPath [attr] old.${attr} new)) (attrNames old));
mapAttrs (name: value: new.${name} or value) old;
/* Get a package output.
If no output is found, fallback to `.out` and then to the default.

10
lib/customisation.nix
View File

@ -185,7 +185,7 @@ rec {
/* Make a set of packages with a common scope. All packages called
with the provided `callPackage' will be evaluated with the same
arguments. Any package in the set may depend on any other. The
`overrideScope' function allows subsequent modification of the package
`overrideScope'` function allows subsequent modification of the package
set in a consistent way, i.e. all packages in the set will be
called with the overridden packages. The package sets may be
hierarchical: the packages in the set are called with the scope
@ -195,10 +195,10 @@ rec {
let self = f self // {
newScope = scope: newScope (self // scope);
callPackage = self.newScope {};
# TODO(@Ericson2314): Haromonize argument order of `g` with everything else
overrideScope = g:
makeScope newScope
(lib.fixedPoints.extends (lib.flip g) f);
overrideScope = g: lib.warn
"`overrideScope` (from `lib.makeScope`) is deprecated. Do `overrideScope' (self: self: { })` instead of `overrideScope (super: self: { })`. All other overrides have the parameters in that order, including other definitions of `overrideScope`. This was the only definition violating the pattern."
(makeScope newScope (lib.fixedPoints.extends (lib.flip g) f));
overrideScope' = g: makeScope newScope (lib.fixedPoints.extends g f);
packages = f;
};
in self;

4
lib/systems/examples.nix
View File

@ -48,7 +48,7 @@ rec {
armv7a-android-prebuilt = rec {
config = "armv7a-unknown-linux-androideabi";
sdkVer = "24";
ndkVer = "17";
ndkVer = "17c";
platform = platforms.armv7a-android;
useAndroidPrebuilt = true;
};
@ -56,7 +56,7 @@ rec {
aarch64-android-prebuilt = rec {
config = "aarch64-unknown-linux-android";
sdkVer = "24";
ndkVer = "17";
ndkVer = "17c";
platform = platforms.aarch64-multiplatform;
useAndroidPrebuilt = true;
};

7
lib/tests/check-eval.nix Normal file
View File

@ -0,0 +1,7 @@
# Throws an error if any of our lib tests fail.
let tests = [ "misc" "systems" ];
all = builtins.concatLists (map (f: import (./. + "/${f}.nix")) tests);
in if all == []
then null
else throw (builtins.toJSON all)

14
lib/tests/misc.nix
View File

@ -236,6 +236,20 @@ runTests {
};
};
testOverrideExistingEmpty = {
expr = overrideExisting {} { a = 1; };
expected = {};
};
testOverrideExistingDisjoint = {
expr = overrideExisting { b = 2; } { a = 1; };
expected = { b = 2; };
};
testOverrideExistingOverride = {
expr = overrideExisting { a = 3; b = 2; } { a = 1; };
expected = { a = 1; b = 2; };
};
# GENERATORS
# these tests assume attributes are converted to lists

37
maintainers/maintainer-list.nix
View File

@ -18,6 +18,11 @@
for an example on how to work with this data.
*/
{
"1000101" = {
email = "jan.hrnko@satoshilabs.com";
github = "1000101";
name = "Jan Hrnko";
};
a1russell = {
email = "adamlr6+pub@gmail.com";
github = "a1russell";
@ -216,6 +221,11 @@
github = "amiloradovsky";
name = "Andrew Miloradovsky";
};
aminb = {
email = "amin@aminb.org";
github = "aminb";
name = "Amin Bandali";
};
aminechikhaoui = {
email = "amine.chikhaoui91@gmail.com";
github = "AmineChikhaoui";
@ -227,7 +237,7 @@
name = "Andrew Morsillo";
};
AndersonTorres = {
email = "torres.anderson.85@gmail.com";
email = "torres.anderson.85@protonmail.com";
github = "AndersonTorres";
name = "Anderson Torres";
};
@ -376,6 +386,16 @@
github = "auntie";
name = "Jonathan Glines";
};
avaq = {
email = "avaq+nixos@xs4all.nl";
github = "avaq";
name = "Aldwin Vlasblom";
};
avery = {
email = "averyl+nixos@protonmail.com";
github = "AveryLychee";
name = "Avery Lychee";
};
avnik = {
email = "avn@avnik.info";
github = "avnik";
@ -678,6 +698,11 @@
github = "Chaddai";
name = "Chaddaï Fouché";
};
chaduffy = {
email = "charles@dyfis.net";
github = "charles-dyfis-net";
name = "Charles Duffy";
};
changlinli = {
email = "mail@changlinli.com";
github = "changlinli";
@ -1847,6 +1872,11 @@
github = "jerith666";
name = "Matt McHenry";
};
jeschli = {
email = "jeschli@gmail.com";
github = "jeschli";
name = "Markus Hihn";
};
jethro = {
email = "jethrokuan95@gmail.com";
github = "jethrokuan";
@ -2813,6 +2843,11 @@
github = "muflax";
name = "Stefan Dorn";
};
mvnetbiz = {
email = "mvnetbiz@gmail.com";
github = "mvnetbiz";
name = "Matt Votava";
};
myrl = {
email = "myrl.0xf@gmail.com";
github = "myrl";

7
nixos/doc/manual/default.nix
View File

@ -252,7 +252,7 @@ in rec {
''; # */
# Generate the NixOS manual.
manual = runCommand "nixos-manual"
manualHTML = runCommand "nixos-manual-html"
{ inherit sources;
nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
meta.description = "The NixOS manual in HTML format";
@ -281,6 +281,11 @@ in rec {
echo "doc manual $dst" >> $out/nix-support/hydra-build-products
''; # */
# Alias for backward compatibility. TODO(@oxij): remove eventually.
manual = manualHTML;
# Index page of the NixOS manual.
manualHTMLIndex = "${manualHTML}/share/doc/nixos/index.html";
manualEpub = runCommand "nixos-manual-epub"
{ inherit sources;

2
nixos/doc/manual/development/building-parts.xml
View File

@ -34,7 +34,7 @@ $ nix-build -A system</screen>
</varlistentry>
<varlistentry>
<term>
<varname>system.build.manual.manual</varname>
<varname>system.build.manual.manualHTML</varname>
</term>
<listitem>
<para>

10
nixos/doc/manual/development/running-nixos-tests-interactively.xml
View File

@ -19,6 +19,7 @@ starting VDE switch for network 1
&gt; startAll
&gt; testScript
&gt; $machine->succeed("touch /tmp/foo")
&gt; print($machine->succeed("pwd"), "\n") # Show stdout of command
</screen>
The function <command>testScript</command> executes the entire test script
and drops you back into the test driver command line upon its completion.
@ -33,8 +34,11 @@ $ nix-build nixos/tests/login.nix -A driver
$ ./result/bin/nixos-run-vms
</screen>
The script <command>nixos-run-vms</command> starts the virtual machines
defined by test. The root file system of the VMs is created on the fly and
kept across VM restarts in
<filename>./</filename><varname>hostname</varname><filename>.qcow2</filename>.
defined by test.
</para>
<para>
The machine state is kept across VM restarts in
<filename>/tmp/vm-state-</filename><varname>machinename</varname>.
</para>
</section>

2
nixos/doc/manual/development/writing-nixos-tests.xml
View File

@ -108,7 +108,7 @@ xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualis
<programlisting>
$machine->start;
$machine->waitForUnit("default.target");
$machine->succeed("uname") =~ /Linux/;
die unless $machine->succeed("uname") =~ /Linux/;
</programlisting>
The first line is actually unnecessary; machines are implicitly started when
you first execute an action on them (such as <literal>waitForUnit</literal>

46
nixos/doc/manual/release-notes/rl-1809.xml
View File

@ -91,7 +91,7 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
<para>
When enabled the <literal>iproute2</literal> will copy the files expected
by ip route (e.g., <filename>rt_tables</filename>) in
<filename>/run/iproute2</filename>. This allows to write aliases for
<filename>/etc/iproute2</filename>. This allows to write aliases for
routing tables for instance.
</para>
</listitem>
@ -139,50 +139,6 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
seen a complete rewrite. (See above.)
</para>
</listitem>
<listitem>
<para>
The minimum version of Nix required to evaluate Nixpkgs is now 2.0.
</para>
<itemizedlist>
<listitem>
<para>
For users of NixOS 18.03, NixOS 18.03 defaulted to Nix 2.0, but
supported using Nix 1.11 by setting <literal>nix.package =
pkgs.nix1;</literal>. If this option is set to a Nix 1.11 package, you
will need to either unset the option or upgrade it to Nix 2.0.
</para>
</listitem>
<listitem>
<para>
For users of NixOS 17.09, you will first need to upgrade Nix by setting
<literal>nix.package = pkgs.nixStable2;</literal> and run
<command>nixos-rebuild switch</command> as the <literal>root</literal>
user.
</para>
</listitem>
<listitem>
<para>
For users of a daemon-less Nix installation on Linux or macOS, you can
upgrade Nix by running <command>curl https://nixos.org/nix/install |
sh</command>, or prior to doing a channel update, running
<command>nix-env -iA nix</command>.
</para>
<para>
If you have already run a channel update and Nix is no longer able to
evaluate Nixpkgs, the error message printed should provide adequate
directions for upgrading Nix.
</para>
</listitem>
<listitem>
<para>
For users of the Nix daemon on macOS, you can upgrade Nix by running
<command>sudo -i sh -c 'nix-channel --update &amp;&amp; nix-env -iA
nixpkgs.nix'; sudo launchctl stop org.nixos.nix-daemon; sudo launchctl
start org.nixos.nix-daemon</command>.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<literal>lib.strict</literal> is removed. Use

65
nixos/doc/manual/release-notes/rl-1903.xml
View File

@ -42,6 +42,71 @@
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-19.03-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the following
incompatible changes:
</para>
<itemizedlist>
<listitem>
<para>
The minimum version of Nix required to evaluate Nixpkgs is now 2.0.
</para>
<itemizedlist>
<listitem>
<para>
For users of NixOS 18.03 and 19.03, NixOS defaults to Nix 2.0, but
supports using Nix 1.11 by setting <literal>nix.package =
pkgs.nix1;</literal>. If this option is set to a Nix 1.11 package, you
will need to either unset the option or upgrade it to Nix 2.0.
</para>
</listitem>
<listitem>
<para>
For users of NixOS 17.09, you will first need to upgrade Nix by setting
<literal>nix.package = pkgs.nixStable2;</literal> and run
<command>nixos-rebuild switch</command> as the <literal>root</literal>
user.
</para>
</listitem>
<listitem>
<para>
For users of a daemon-less Nix installation on Linux or macOS, you can
upgrade Nix by running <command>curl https://nixos.org/nix/install |
sh</command>, or prior to doing a channel update, running
<command>nix-env -iA nix</command>.
</para>
<para>
If you have already run a channel update and Nix is no longer able to
evaluate Nixpkgs, the error message printed should provide adequate
directions for upgrading Nix.
</para>
</listitem>
<listitem>
<para>
For users of the Nix daemon on macOS, you can upgrade Nix by running
<command>sudo -i sh -c 'nix-channel --update &amp;&amp; nix-env -iA
nixpkgs.nix'; sudo launchctl stop org.nixos.nix-daemon; sudo launchctl
start org.nixos.nix-daemon</command>.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Package <varname>rabbitmq_server</varname> is renamed to <varname>rabbitmq-server</varname>.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"

2
nixos/lib/build-vms.nix
View File

@ -28,7 +28,7 @@ rec {
modules = configurations ++
[ ../modules/virtualisation/qemu-vm.nix
../modules/testing/test-instrumentation.nix # !!! should only get added for automated test runs
{ key = "no-manual"; services.nixosManual.enable = false; }
{ key = "no-manual"; documentation.nixos.enable = false; }
{ key = "qemu"; system.build.qemu = qemu; }
] ++ optional minimal ../modules/testing/minimal-kernel.nix;
extraArgs = { inherit nodes; };

35
nixos/modules/config/iproute2.nix
View File

@ -4,20 +4,29 @@ with lib;
let
cfg = config.networking.iproute2;
confDir = "/run/iproute2";
in
{
options.networking.iproute2.enable = mkEnableOption "copy IP route configuration files";
config = mkMerge [
({ nixpkgs.config.iproute2.confDir = confDir; })
(mkIf cfg.enable {
system.activationScripts.iproute2 = ''
cp -R ${pkgs.iproute}/etc/iproute2 ${confDir}
chmod -R 664 ${confDir}
chmod +x ${confDir}
options.networking.iproute2 = {
enable = mkEnableOption "copy IP route configuration files";
rttablesExtraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Verbatim lines to add to /etc/iproute2/rt_tables
'';
})
];
};
};
config = mkIf cfg.enable {
environment.etc."iproute2/bpf_pinning" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/bpf_pinning"; };
environment.etc."iproute2/ematch_map" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/ematch_map"; };
environment.etc."iproute2/group" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/group"; };
environment.etc."iproute2/nl_protos" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/nl_protos"; };
environment.etc."iproute2/rt_dsfield" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/rt_dsfield"; };
environment.etc."iproute2/rt_protos" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/rt_protos"; };
environment.etc."iproute2/rt_realms" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/rt_realms"; };
environment.etc."iproute2/rt_scopes" = { mode = "0644"; text = fileContents "${pkgs.iproute}/etc/iproute2/rt_scopes"; };
environment.etc."iproute2/rt_tables" = { mode = "0644"; text = (fileContents "${pkgs.iproute}/etc/iproute2/rt_tables")
+ (optionalString (cfg.rttablesExtraConfig != "") "\n\n${cfg.rttablesExtraConfig}"); };
};
}

2
nixos/modules/config/system-path.nix
View File

@ -13,7 +13,7 @@ let
pkgs.attr
pkgs.bashInteractive # bash with ncurses support
pkgs.bzip2
pkgs.coreutils
pkgs.coreutils-full
pkgs.cpio
pkgs.curl
pkgs.diffutils

49
nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix Normal file
View File

@ -0,0 +1,49 @@
# This module contains the basic configuration for building a graphical NixOS
# installation CD.
{ config, lib, pkgs, ... }:
with lib;
{
imports = [ ./installation-cd-base.nix ];
services.xserver = {
enable = true;
# Don't start the X server by default.
autorun = mkForce false;
# Automatically login as root.
displayManager.slim = {
enable = true;
defaultUser = "root";
autoLogin = true;
};
};
# Provide networkmanager for easy wireless configuration.
networking.networkmanager.enable = true;
networking.wireless.enable = mkForce false;
# KDE complains if power management is disabled (to be precise, if
# there is no power management backend such as upower).
powerManagement.enable = true;
environment.systemPackages = [
# Include gparted for partitioning disks.
pkgs.gparted
# Include some editors.
pkgs.vim
pkgs.bvi # binary editor
pkgs.joe
# Firefox for reading the manual.
pkgs.firefox
pkgs.glxinfo
];
}

63
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix
View File

@ -6,47 +6,11 @@
with lib;
{
imports = [ ./installation-cd-base.nix ];
imports = [ ./installation-cd-graphical-base.nix ];
services.xserver = {
enable = true;
# GDM doesn't start in virtual machines with ISO
displayManager.slim = {
enable = true;
defaultUser = "root";
autoLogin = true;
};
desktopManager.gnome3 = {
enable = true;
extraGSettingsOverrides = ''
[org.gnome.desktop.background]
show-desktop-icons=true
services.xserver.desktopManager.gnome3.enable = true;
[org.gnome.nautilus.desktop]
trash-icon-visible=false
volumes-visible=false
home-icon-visible=false
network-icon-visible=false
'';
extraGSettingsOverridePackages = [ pkgs.gnome3.nautilus ];
};
};
environment.systemPackages =
[ # Include gparted for partitioning disks.
pkgs.gparted
# Include some editors.
pkgs.vim
pkgs.bvi # binary editor
pkgs.joe
pkgs.glxinfo
];
# Don't start the X server by default.
services.xserver.autorun = mkForce false;
services.xserver.displayManager.slim.enable = mkForce false;
# Auto-login as root.
services.xserver.displayManager.gdm.autoLogin = {
@ -54,25 +18,4 @@ with lib;
user = "root";
};
system.activationScripts.installerDesktop = let
# Must be executable
desktopFile = pkgs.writeScript "nixos-manual.desktop" ''
[Desktop Entry]
Version=1.0
Type=Link
Name=NixOS Manual
URL=${config.system.build.manual.manual}/share/doc/nixos/index.html
Icon=system-help
'';
# use cp and chmod +x, we must be sure the apps are in the nix store though
in ''
mkdir -p /root/Desktop
ln -sfT ${desktopFile} /root/Desktop/nixos-manual.desktop
cp ${pkgs.gnome3.gnome-terminal}/share/applications/gnome-terminal.desktop /root/Desktop/gnome-terminal.desktop
chmod a+rx /root/Desktop/gnome-terminal.desktop
cp ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
chmod a+rx /root/Desktop/gparted.desktop
'';
}

49
nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
View File

@ -1,23 +1,14 @@
# This module defines a NixOS installation CD that contains X11 and
# KDE 5.
# Plasma5.
{ config, lib, pkgs, ... }:
with lib;
{
imports = [ ./installation-cd-base.nix ];
imports = [ ./installation-cd-graphical-base.nix ];
services.xserver = {
enable = true;
# Automatically login as root.
displayManager.slim = {
enable = true;
defaultUser = "root";
autoLogin = true;
};
desktopManager.plasma5 = {
enable = true;
enableQt4Support = false;
@ -27,45 +18,25 @@ with lib;
synaptics.enable = true;
};
environment.systemPackages =
[ pkgs.glxinfo
# Include gparted for partitioning disks.
pkgs.gparted
# Firefox for reading the manual.
pkgs.firefox
# Include some editors.
pkgs.vim
pkgs.bvi # binary editor
pkgs.joe
];
# Provide networkmanager for easy wireless configuration.
networking.networkmanager.enable = true;
networking.wireless.enable = mkForce false;
# KDE complains if power management is disabled (to be precise, if
# there is no power management backend such as upower).
powerManagement.enable = true;
# Don't start the X server by default.
services.xserver.autorun = mkForce false;
environment.systemPackages = with pkgs; [
# Graphical text editor
kate
];
system.activationScripts.installerDesktop = let
desktopFile = pkgs.writeText "nixos-manual.desktop" ''
manualDesktopFile = pkgs.writeScript "nixos-manual.desktop" ''
[Desktop Entry]
Version=1.0
Type=Application
Name=NixOS Manual
Exec=firefox ${config.system.build.manual.manual}/share/doc/nixos/index.html
Exec=firefox ${config.system.build.manual.manualHTMLIndex}
Icon=text-html
'';
in ''
mkdir -p /root/Desktop
ln -sfT ${desktopFile} /root/Desktop/nixos-manual.desktop
ln -sfT ${manualDesktopFile} /root/Desktop/nixos-manual.desktop
ln -sfT ${pkgs.konsole}/share/applications/org.kde.konsole.desktop /root/Desktop/org.kde.konsole.desktop
ln -sfT ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
'';

2
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -233,7 +233,7 @@ let
"
# Make our own efi program, we can't rely on "grub-install" since it seems to
# probe for devices, even with --skip-fs-probe.
${pkgs.grub2_efi}/bin/grub-mkimage -o $out/EFI/boot/${if targetArch == "x64" then "bootx64" else "bootx32"}.efi -p /EFI/boot -O ${if targetArch == "x64" then "x86_64" else "i386"}-efi \
${pkgs.grub2_efi}/bin/grub-mkimage -o $out/EFI/boot/${if targetArch == "x64" then "bootx64" else "bootia32"}.efi -p /EFI/boot -O ${if targetArch == "x64" then "x86_64" else "i386"}-efi \
$MODULES
cp ${pkgs.grub2_efi}/share/grub/unicode.pf2 $out/EFI/boot/

2
nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View File

@ -137,7 +137,7 @@ in
# Setting vesa, we don't get the nvidia driver, which can't work in arm.
services.xserver.videoDrivers = [ "vesa" ];
services.nixosManual.enable = false;
documentation.nixos.enable = false;
# Include the firmware for various wireless cards.
networking.enableRalinkFirmware = true;

8
nixos/modules/installer/tools/nix-fallback-paths.nix
View File

@ -1,6 +1,6 @@
{
x86_64-linux = "/nix/store/h180y3n5k1ypxgm1pcvj243qix5j45zz-nix-2.1.1";
i686-linux = "/nix/store/v2y4k4v9ml07jmfq739wyflapg3b7b5k-nix-2.1.1";
aarch64-linux = "/nix/store/v485craglq7xm5996ci8qy5dyc17dab0-nix-2.1.1";
x86_64-darwin = "/nix/store/lc3ymlix73kaad5srjdgaxp9ngr1sg6g-nix-2.1.1";
x86_64-linux = "/nix/store/mxg4bbblxfns96yrz0nalxyiyjl7gj98-nix-2.1.2";
i686-linux = "/nix/store/bgjgmbwirx63mwwychpikd7yc4k4lbjv-nix-2.1.2";
aarch64-linux = "/nix/store/yi18azn4nwrcwvaiag04jnxc1qs38fy5-nix-2.1.2";
x86_64-darwin = "/nix/store/fpivmcck2qpw5plrp599iraw2x9jp18k-nix-2.1.2";
}

99
nixos/modules/misc/documentation.nix
View File

@ -1,8 +1,72 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, baseModules, ... }:
with lib;
let cfg = config.documentation; in
let
cfg = config.documentation;
/* For the purpose of generating docs, evaluate options with each derivation
in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}".
It isn't perfect, but it seems to cover a vast majority of use cases.
Caveat: even if the package is reached by a different means,
the path above will be shown and not e.g. `${config.services.foo.package}`. */
manual = import ../../doc/manual rec {
inherit pkgs config;
version = config.system.nixos.release;
revision = "release-${version}";
options =
let
scrubbedEval = evalModules {
modules = [ { nixpkgs.localSystem = config.nixpkgs.localSystem; } ] ++ baseModules;
args = (config._module.args) // { modules = [ ]; };
specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; };
};
scrubDerivations = namePrefix: pkgSet: mapAttrs
(name: value:
let wholeName = "${namePrefix}.${name}"; in
if isAttrs value then
scrubDerivations wholeName value
// (optionalAttrs (isDerivation value) { outPath = "\${${wholeName}}"; })
else value
)
pkgSet;
in scrubbedEval.options;
};
helpScript = pkgs.writeScriptBin "nixos-help"
''
#! ${pkgs.runtimeShell} -e
# Finds first executable browser in a colon-separated list.
# (see how xdg-open defines BROWSER)
browser="$(
IFS=: ; for b in $BROWSER; do
[ -n "$(type -P "$b" || true)" ] && echo "$b" && break
done
)"
if [ -z "$browser" ]; then
browser="$(type -P xdg-open || true)"
if [ -z "$browser" ]; then
browser="$(type -P w3m || true)"
if [ -z "$browser" ]; then
echo "$0: unable to start a web browser; please set \$BROWSER"
exit 1
fi
fi
fi
exec "$browser" ${manual.manualHTMLIndex}
'';
desktopItem = pkgs.makeDesktopItem {
name = "nixos-manual";
desktopName = "NixOS Manual";
genericName = "View NixOS documentation in a web browser";
icon = "nix-snowflake";
exec = "${helpScript}/bin/nixos-help";
categories = "System";
};
in
{
@ -66,6 +130,22 @@ let cfg = config.documentation; in
'';
};
nixos.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to install NixOS's own documentation.
<itemizedlist>
<listitem><para>This includes man pages like
<citerefentry><refentrytitle>configuration.nix</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> if <option>man.enable</option> is
set.</para></listitem>
<listitem><para>This includes the HTML manual and the <command>nixos-help</command> command if
<option>doc.enable</option> is set.</para></listitem>
</itemizedlist>
'';
};
};
};
@ -99,6 +179,21 @@ let cfg = config.documentation; in
environment.extraOutputsToInstall = [ "doc" ] ++ optional cfg.dev.enable "devdoc";
})
(mkIf cfg.nixos.enable {
system.build.manual = manual;
environment.systemPackages = []
++ optional cfg.man.enable manual.manpages
++ optionals cfg.doc.enable ([ manual.manualHTML helpScript ]
++ optionals config.services.xserver.enable [ desktopItem pkgs.nixos-icons ]);
services.mingetty.helpLine = mkIf cfg.doc.enable (
"\nRun `nixos-help` "
+ optionalString config.services.nixosManual.showManual "or press <Alt-F${toString config.services.nixosManual.ttyNumber}> "
+ "for the NixOS manual."
);
})
]);
}

2
nixos/modules/misc/ids.nix
View File

@ -329,6 +329,7 @@
# kvm = 302; # unused
# render = 303; # unused
zeronet = 304;
lirc = 305;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -618,6 +619,7 @@
kvm = 302; # default udev rules from systemd requires these
render = 303; # default udev rules from systemd requires these
zeronet = 304;
lirc = 305;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

5
nixos/modules/module-list.nix
View File

@ -272,9 +272,11 @@
./services/hardware/interception-tools.nix
./services/hardware/irqbalance.nix
./services/hardware/lcd.nix
./services/hardware/lirc.nix
./services/hardware/nvidia-optimus.nix
./services/hardware/pcscd.nix
./services/hardware/pommed.nix
./services/hardware/ratbagd.nix
./services/hardware/sane.nix
./services/hardware/sane_extra_backends/brscan4.nix
./services/hardware/tcsd.nix
@ -496,6 +498,7 @@
./services/networking/dnsdist.nix
./services/networking/dnsmasq.nix
./services/networking/ejabberd.nix
./services/networking/epmd.nix
./services/networking/fakeroute.nix
./services/networking/ferm.nix
./services/networking/firefox/sync-server.nix
@ -556,6 +559,7 @@
./services/networking/nsd.nix
./services/networking/ntopng.nix
./services/networking/ntpd.nix
./services/networking/nullidentdmod.nix
./services/networking/nylon.nix
./services/networking/ocserv.nix
./services/networking/oidentd.nix
@ -680,6 +684,7 @@
./services/web-apps/atlassian/confluence.nix
./services/web-apps/atlassian/crowd.nix
./services/web-apps/atlassian/jira.nix
./services/web-apps/codimd.nix
./services/web-apps/frab.nix
./services/web-apps/mattermost.nix
./services/web-apps/nexus.nix

7
nixos/modules/profiles/graphical.nix
View File

@ -7,9 +7,12 @@
services.xserver = {
enable = true;
displayManager.sddm.enable = true;
desktopManager.plasma5.enable = true;
desktopManager.plasma5 = {
enable = true;
enableQt4Support = false;
};
libinput.enable = true; # for touchpad support on many laptops
};
environment.systemPackages = [ pkgs.glxinfo ];
environment.systemPackages = [ pkgs.glxinfo pkgs.firefox ];
}

3
nixos/modules/profiles/installation-device.nix
View File

@ -22,9 +22,10 @@ with lib;
config = {
# Enable in installer, even if the minimal profile disables it.
services.nixosManual.enable = mkForce true;
documentation.enable = mkForce true;
# Show the manual.
documentation.nixos.enable = mkForce true;
services.nixosManual.showManual = true;
# Let the user play Rogue on TTY 8 during the installation.

1
nixos/modules/profiles/minimal.nix
View File

@ -12,7 +12,6 @@ with lib;
i18n.supportedLocales = [ (config.i18n.defaultLocale + "/UTF-8") ];
documentation.enable = mkDefault false;
services.nixosManual.enable = mkDefault false;
sound.enable = mkDefault false;
}

17
nixos/modules/programs/yabar.nix
View File

@ -44,10 +44,23 @@ in
enable = mkEnableOption "yabar";
package = mkOption {
default = pkgs.yabar;
example = literalExample "pkgs.yabar-unstable";
default = pkgs.yabar-unstable;
example = literalExample "pkgs.yabar";
type = types.package;
# `yabar-stable` segfaults under certain conditions.
apply = x: if x == pkgs.yabar-unstable then x else flip warn x ''
It's not recommended to use `yabar' with `programs.yabar', the (old) stable release
tends to segfault under certain circumstances:
* https://github.com/geommer/yabar/issues/86
* https://github.com/geommer/yabar/issues/68
* https://github.com/geommer/yabar/issues/143
Most of them don't occur on master anymore, until a new release is published, it's recommended
to use `yabar-unstable'.
'';
description = ''
The package which contains the `yabar` binary.

1
nixos/modules/rename.nix
View File

@ -276,6 +276,7 @@ with lib;
(mkRenamedOptionModule [ "programs" "info" "enable" ] [ "documentation" "info" "enable" ])
(mkRenamedOptionModule [ "programs" "man" "enable" ] [ "documentation" "man" "enable" ])
(mkRenamedOptionModule [ "services" "nixosManual" "enable" ] [ "documentation" "nixos" "enable" ])
] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"

90
nixos/modules/services/amqp/rabbitmq.nix
View File

@ -4,14 +4,18 @@ with lib;
let
cfg = config.services.rabbitmq;
config_file = pkgs.writeText "rabbitmq.config" cfg.config;
config_file_wo_suffix = builtins.substring 0 ((builtins.stringLength config_file) - 7) config_file;
inherit (builtins) concatStringsSep;
config_file_content = lib.generators.toKeyValue {} cfg.configItems;
config_file = pkgs.writeText "rabbitmq.conf" config_file_content;
advanced_config_file = pkgs.writeText "advanced.config" cfg.config;
in {
###### interface
options = {
services.rabbitmq = {
enable = mkOption {
default = false;
description = ''
@ -20,6 +24,15 @@ in {
'';
};
package = mkOption {
default = pkgs.rabbitmq-server;
type = types.package;
defaultText = "pkgs.rabbitmq-server";
description = ''
Which rabbitmq package to use.
'';
};
listenAddress = mkOption {
default = "127.0.0.1";
example = "";
@ -30,6 +43,10 @@ in {
<literal>guest</literal> with password
<literal>guest</literal> by default, so you should delete
this user if you intend to allow external access.
Together with 'port' setting it's mostly an alias for
configItems."listeners.tcp.1" and it's left for backwards
compatibility with previous version of this module.
'';
type = types.str;
};
@ -60,11 +77,29 @@ in {
'';
};
configItems = mkOption {
default = {};
type = types.attrsOf types.str;
example = ''
{
"auth_backends.1.authn" = "rabbit_auth_backend_ldap";
"auth_backends.1.authz" = "rabbit_auth_backend_internal";
}
'';
description = ''
New style config options.
See http://www.rabbitmq.com/configure.html
'';
};
config = mkOption {
default = "";
type = types.str;
description = ''
Verbatim configuration file contents.
Verbatim advanced configuration file contents.
Prefered way is to use configItems.
See http://www.rabbitmq.com/configure.html
'';
};
@ -74,6 +109,12 @@ in {
type = types.listOf types.str;
description = "The names of plugins to enable";
};
pluginDirs = mkOption {
default = [];
type = types.listOf types.path;
description = "The list of directories containing external plugins";
};
};
};
@ -81,7 +122,10 @@ in {
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.rabbitmq_server ];
# This is needed so we will have 'rabbitmqctl' in our PATH
environment.systemPackages = [ cfg.package ];
services.epmd.enable = true;
users.users.rabbitmq = {
description = "RabbitMQ server user";
@ -93,44 +137,54 @@ in {
users.groups.rabbitmq.gid = config.ids.gids.rabbitmq;
services.rabbitmq.configItems = {
"listeners.tcp.1" = mkDefault "${cfg.listenAddress}:${toString cfg.port}";
};
systemd.services.rabbitmq = {
description = "RabbitMQ Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
after = [ "network.target" "epmd.socket" ];
wants = [ "network.target" "epmd.socket" ];
path = [ pkgs.rabbitmq_server pkgs.procps ];
path = [ cfg.package pkgs.procps ];
environment = {
RABBITMQ_MNESIA_BASE = "${cfg.dataDir}/mnesia";
RABBITMQ_NODE_IP_ADDRESS = cfg.listenAddress;
RABBITMQ_NODE_PORT = toString cfg.port;
RABBITMQ_LOGS = "-";
RABBITMQ_SASL_LOGS = "-";
RABBITMQ_PID_FILE = "${cfg.dataDir}/pid";
SYS_PREFIX = "";
RABBITMQ_CONFIG_FILE = config_file;
RABBITMQ_PLUGINS_DIR = concatStringsSep ":" cfg.pluginDirs;
RABBITMQ_ENABLED_PLUGINS_FILE = pkgs.writeText "enabled_plugins" ''
[ ${concatStringsSep "," cfg.plugins} ].
'';
} // optionalAttrs (cfg.config != "") { RABBITMQ_CONFIG_FILE = config_file_wo_suffix; };
} // optionalAttrs (cfg.config != "") { RABBITMQ_ADVANCED_CONFIG_FILE = advanced_config_file; };
serviceConfig = {
ExecStart = "${pkgs.rabbitmq_server}/sbin/rabbitmq-server";
ExecStop = "${pkgs.rabbitmq_server}/sbin/rabbitmqctl stop";
PermissionsStartOnly = true; # preStart must be run as root
ExecStart = "${cfg.package}/sbin/rabbitmq-server";
ExecStop = "${cfg.package}/sbin/rabbitmqctl shutdown";
User = "rabbitmq";
Group = "rabbitmq";
WorkingDirectory = cfg.dataDir;
Type = "notify";
NotifyAccess = "all";
UMask = "0027";
LimitNOFILE = "100000";
Restart = "on-failure";
RestartSec = "10";
TimeoutStartSec = "3600";
};
postStart = ''
rabbitmqctl wait ${cfg.dataDir}/pid
'';
preStart = ''
${optionalString (cfg.cookie != "") ''
echo -n ${cfg.cookie} > ${cfg.dataDir}/.erlang.cookie
chown rabbitmq:rabbitmq ${cfg.dataDir}/.erlang.cookie
chmod 600 ${cfg.dataDir}/.erlang.cookie
''}
mkdir -p /var/log/rabbitmq
chown rabbitmq:rabbitmq /var/log/rabbitmq
'';
};

2
nixos/modules/services/databases/postgresql.nix
View File

@ -188,6 +188,8 @@ in
uid = config.ids.uids.postgres;
group = "postgres";
description = "PostgreSQL server user";
home = "${cfg.dataDir}";
useDefaultShell = true;
};
users.groups.postgres.gid = config.ids.gids.postgres;

85
nixos/modules/services/hardware/lirc.nix Normal file
View File

@ -0,0 +1,85 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.lirc;
in {
###### interface
options = {
services.lirc = {
enable = mkEnableOption "LIRC daemon";
options = mkOption {
type = types.lines;
example = ''
[lircd]
nodaemon = False
'';
description = "LIRC default options descriped in man:lircd(8) (<filename>lirc_options.conf</filename>)";
};
configs = mkOption {
type = types.listOf types.lines;
description = "Configurations for lircd to load, see man:lircd.conf(5) for details (<filename>lircd.conf</filename>)";
};
extraArguments = mkOption {
type = types.listOf types.str;
default = [];
description = "Extra arguments to lircd.";
};
};
};
###### implementation
config = mkIf cfg.enable {
# Note: LIRC executables raises a warning, if lirc_options.conf do not exists
environment.etc."lirc/lirc_options.conf".text = cfg.options;
environment.systemPackages = [ pkgs.lirc ];
systemd.sockets.lircd = {
description = "LIRC daemon socket";
wantedBy = [ "sockets.target" ];
socketConfig = {
ListenStream = "/run/lirc/lircd";
SocketUser = "lirc";
SocketMode = "0660";
};
};
systemd.services.lircd = let
configFile = pkgs.writeText "lircd.conf" (builtins.concatStringsSep "\n" cfg.configs);
in {
description = "LIRC daemon service";
after = [ "network.target" ];
unitConfig.Documentation = [ "man:lircd(8)" ];
serviceConfig = {
RuntimeDirectory = "lirc";
ExecStart = ''
${pkgs.lirc}/bin/lircd --nodaemon \
${escapeShellArgs cfg.extraArguments} \
${configFile}
'';
User = "lirc";
};
};
users.users.lirc = {
uid = config.ids.uids.lirc;
group = "lirc";
description = "LIRC user for lircd";
};
users.groups.lirc.gid = config.ids.gids.lirc;
};
}

32
nixos/modules/services/hardware/ratbagd.nix Normal file
View File

@ -0,0 +1,32 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.ratbagd;
in
{
###### interface
options = {
services.ratbagd = {
enable = mkOption {
default = false;
description = ''
Whether to enable ratbagd for configuring gaming mice.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
# Give users access to the "ratbagctl" tool
environment.systemPackages = [ pkgs.libratbag ];
services.dbus.packages = [ pkgs.libratbag ];
systemd.packages = [ pkgs.libratbag ];
};
}

15
nixos/modules/services/hardware/trezord.nix
View File

@ -26,15 +26,14 @@ in {
name = "trezord-udev-rules";
destination = "/etc/udev/rules.d/51-trezor.rules";
text = ''
# Trezor 1
SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0666", GROUP="dialout", SYMLINK+="trezor%n"
KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0666", GROUP="dialout"
# TREZOR v1 (One)
SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0666", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0666", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl"
# Trezor 2 (Model-T)
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0661", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl"
];
# TREZOR v2 (T)
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0661", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0666", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0666", GROUP="dialout", TAG+="uaccess", TAG+="udev-acl"
'';
});

18
nixos/modules/services/mail/exim.nix
View File

@ -2,7 +2,7 @@
let
inherit (lib) mkIf mkOption singleton types;
inherit (pkgs) coreutils exim;
inherit (pkgs) coreutils;
cfg = config.services.exim;
in
@ -57,6 +57,16 @@ in
'';
};
package = mkOption {
type = types.package;
default = pkgs.exim;
defaultText = "pkgs.exim";
description = ''
The Exim derivation to use.
This can be used to enable features such as LDAP or PAM support.
'';
};
};
};
@ -74,7 +84,7 @@ in
spool_directory = ${cfg.spoolDir}
${cfg.config}
'';
systemPackages = [ exim ];
systemPackages = [ cfg.package ];
};
users.users = singleton {
@ -89,14 +99,14 @@ in
gid = config.ids.gids.exim;
};
security.wrappers.exim.source = "${exim}/bin/exim";
security.wrappers.exim.source = "${cfg.package}/bin/exim";
systemd.services.exim = {
description = "Exim Mail Daemon";
wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."exim.conf".source ];
serviceConfig = {
ExecStart = "${exim}/bin/exim -bdf -q30m";
ExecStart = "${cfg.package}/bin/exim -bdf -q30m";
ExecReload = "${coreutils}/bin/kill -HUP $MAINPID";
};
preStart = ''

5
nixos/modules/services/mail/rmilter.nix
View File

@ -89,7 +89,7 @@ in
bindSocket.path = mkOption {
type = types.str;
default = "/run/rmilter/rmilter.sock";
default = "/run/rmilter.sock";
description = ''
Path to Unix domain socket to listen on.
'';
@ -193,6 +193,9 @@ in
config = mkMerge [
(mkIf cfg.enable {
warnings = [
''`config.services.rmilter' is deprecated, `rmilter' deprecated and unsupported by upstream, and will be removed from next releases. Use built-in rspamd milter instead.''
];
users.users = singleton {
name = cfg.user;

19
nixos/modules/services/misc/airsonic.nix
View File

@ -73,6 +73,24 @@ in {
${cfg.home}/transcoders.
'';
};
jvmOptions = mkOption {
description = ''
Extra command line options for the JVM running AirSonic.
Useful for sending jukebox output to non-default alsa
devices.
'';
default = [
];
type = types.listOf types.str;
example = [
"-Djavax.sound.sampled.Clip='#CODEC [plughw:1,0]'"
"-Djavax.sound.sampled.Port='#Port CODEC [hw:1]'"
"-Djavax.sound.sampled.SourceDataLine='#CODEC [plughw:1,0]'"
"-Djavax.sound.sampled.TargetDataLine='#CODEC [plughw:1,0]'"
];
};
};
};
@ -98,6 +116,7 @@ in {
-Dserver.port=${toString cfg.port} \
-Dairsonic.contextPath=${cfg.contextPath} \
-Djava.awt.headless=true \
${toString cfg.jvmOptions} \
-verbose:gc \
-jar ${pkgs.airsonic}/webapps/airsonic.war
'';

17
nixos/modules/services/misc/emby.nix
View File

@ -36,11 +36,18 @@ in
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
test -d ${cfg.dataDir} || {
echo "Creating initial Emby data directory in ${cfg.dataDir}"
mkdir -p ${cfg.dataDir}
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
}
if [ -d ${cfg.dataDir} ]
then
for plugin in ${cfg.dataDir}/plugins/*
do
echo "Correcting permissions of plugin: $plugin"
chmod u+w $plugin
done
else
echo "Creating initial Emby data directory in ${cfg.dataDir}"
mkdir -p ${cfg.dataDir}
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
fi
'';
serviceConfig = {

15
nixos/modules/services/misc/gitlab.nix
View File

@ -162,7 +162,7 @@ let
makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \
${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \
--set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package ]}:$PATH' \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \
--set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \
--run 'cd ${cfg.packages.gitlab}/share/gitlab'
'';
@ -203,6 +203,7 @@ in {
default = pkgs.gitlab;
defaultText = "pkgs.gitlab";
description = "Reference to the gitlab package";
example = "pkgs.gitlab-ee";
};
packages.gitlab-shell = mkOption {
@ -501,7 +502,7 @@ in {
};
systemd.services.gitlab-workhorse = {
after = [ "network.target" "gitlab.service" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment.HOME = gitlabEnv.HOME;
environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH;
@ -569,9 +570,9 @@ in {
mkdir -p /run/gitlab
mkdir -p ${cfg.statePath}/log
ln -sf ${cfg.statePath}/log /run/gitlab/log
ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp
ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads
[ -d /run/gitlab/log ] || ln -sf ${cfg.statePath}/log /run/gitlab/log
[ -d /run/gitlab/tmp ] || ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp
[ -d /run/gitlab/uploads ] || ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads
ln -sf $GITLAB_SHELL_CONFIG_PATH /run/gitlab/shell-config.yml
chown -R ${cfg.user}:${cfg.group} /run/gitlab
@ -629,6 +630,10 @@ in {
touch "${cfg.statePath}/db-seeded"
fi
# The gitlab:shell:setup regenerates the authorized_keys file so that
# the store path to the gitlab-shell in it gets updated
${pkgs.sudo}/bin/sudo -u ${cfg.user} force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup RAILS_ENV=production
# The gitlab:shell:create_hooks task seems broken for fixing links
# so we instead delete all the hooks and create them anew
rm -f ${cfg.statePath}/repositories/**/*.git/hooks

131
nixos/modules/services/misc/nixos-manual.nix
View File

@ -1,91 +1,21 @@
# This module includes the NixOS man-pages in the system environment,
# and optionally starts a browser that shows the NixOS manual on one
# of the virtual consoles. The latter is useful for the installation
# This module optionally starts a browser that shows the NixOS manual
# on one of the virtual consoles which is useful for the installation
# CD.
{ config, lib, pkgs, baseModules, ... }:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.nixosManual;
/* For the purpose of generating docs, evaluate options with each derivation
in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}".
It isn't perfect, but it seems to cover a vast majority of use cases.
Caveat: even if the package is reached by a different means,
the path above will be shown and not e.g. `${config.services.foo.package}`. */
manual = import ../../../doc/manual rec {
inherit pkgs config;
version = config.system.nixos.release;
revision = "release-${version}";
options =
let
scrubbedEval = evalModules {
modules = [ { nixpkgs.localSystem = config.nixpkgs.localSystem; } ] ++ baseModules;
args = (config._module.args) // { modules = [ ]; };
specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; };
};
scrubDerivations = namePrefix: pkgSet: mapAttrs
(name: value:
let wholeName = "${namePrefix}.${name}"; in
if isAttrs value then
scrubDerivations wholeName value
// (optionalAttrs (isDerivation value) { outPath = "\${${wholeName}}"; })
else value
)
pkgSet;
in scrubbedEval.options;
};
entry = "${manual.manual}/share/doc/nixos/index.html";
helpScript = pkgs.writeScriptBin "nixos-help"
''
#! ${pkgs.runtimeShell} -e
# Finds first executable browser in a colon-separated list.
# (see how xdg-open defines BROWSER)
browser="$(
IFS=: ; for b in $BROWSER; do
[ -n "$(type -P "$b" || true)" ] && echo "$b" && break
done
)"
if [ -z "$browser" ]; then
browser="$(type -P xdg-open || true)"
if [ -z "$browser" ]; then
browser="$(type -P w3m || true)"
if [ -z "$browser" ]; then
echo "$0: unable to start a web browser; please set \$BROWSER"
exit 1
fi
fi
fi
exec "$browser" ${entry}
'';
desktopItem = pkgs.makeDesktopItem {
name = "nixos-manual";
desktopName = "NixOS Manual";
genericName = "View NixOS documentation in a web browser";
icon = "nix-snowflake";
exec = "${helpScript}/bin/nixos-help";
categories = "System";
};
cfgd = config.documentation;
in
{
options = {
services.nixosManual.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to build the NixOS manual pages.
'';
};
# TODO(@oxij): rename this to `.enable` eventually.
services.nixosManual.showManual = mkOption {
type = types.bool;
default = false;
@ -114,37 +44,30 @@ in
};
config = mkIf cfg.enable {
config = mkMerge [
(mkIf cfg.showManual {
assertions = singleton {
assertion = cfgd.enable && cfgd.nixos.enable;
message = "Can't enable `services.nixosManual.showManual` without `documentation.nixos.enable`";
};
})
(mkIf (cfg.showManual && cfgd.enable && cfgd.nixos.enable) {
boot.extraTTYs = [ "tty${toString cfg.ttyNumber}" ];
system.build.manual = manual;
environment.systemPackages = []
++ optionals config.services.xserver.enable [ desktopItem pkgs.nixos-icons ]
++ optional config.documentation.man.enable manual.manpages
++ optionals config.documentation.doc.enable [ manual.manual helpScript ];
boot.extraTTYs = mkIf cfg.showManual ["tty${toString cfg.ttyNumber}"];
systemd.services = optionalAttrs cfg.showManual
{ "nixos-manual" =
{ description = "NixOS Manual";
wantedBy = [ "multi-user.target" ];
serviceConfig =
{ ExecStart = "${cfg.browser} ${entry}";
StandardInput = "tty";
StandardOutput = "tty";
TTYPath = "/dev/tty${toString cfg.ttyNumber}";
TTYReset = true;
TTYVTDisallocate = true;
Restart = "always";
};
systemd.services."nixos-manual" = {
description = "NixOS Manual";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${cfg.browser} ${config.system.build.manual.manualHTMLIndex}";
StandardInput = "tty";
StandardOutput = "tty";
TTYPath = "/dev/tty${toString cfg.ttyNumber}";
TTYReset = true;
TTYVTDisallocate = true;
Restart = "always";
};
};
services.mingetty.helpLine = "\nRun `nixos-help` "
+ lib.optionalString cfg.showManual "or press <Alt-F${toString cfg.ttyNumber}> "
+ "for the NixOS manual.";
};
})
];
}

1
nixos/modules/services/monitoring/datadog-agent.nix
View File

@ -213,7 +213,6 @@ in {
Group = "datadog";
Restart = "always";
RestartSec = 2;
PrivateTmp = true;
};
restartTriggers = [ datadogPkg ] ++ map (etc: etc.source) etcfiles;
} attrs;

52
nixos/modules/services/networking/chrony.nix
View File

@ -3,12 +3,10 @@
with lib;
let
cfg = config.services.chrony;
stateDir = "/var/lib/chrony";
keyFile = "/etc/chrony.keys";
cfg = config.services.chrony;
keyFile = "${stateDir}/chrony.keys";
configFile = pkgs.writeText "chrony.conf" ''
${concatMapStringsSep "\n" (server: "server " + server) cfg.servers}
@ -19,7 +17,6 @@ let
}
driftfile ${stateDir}/chrony.drift
keyfile ${keyFile}
${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"}
@ -27,18 +24,11 @@ let
${cfg.extraConfig}
'';
chronyFlags = "-n -m -u chrony -f ${configFile} ${toString cfg.extraFlags}";
chronyFlags = "-m -u chrony -f ${configFile} ${toString cfg.extraFlags}";
in
{
###### interface
options = {
services.chrony = {
enable = mkOption {
default = false;
description = ''
@ -83,15 +73,9 @@ in
description = "Extra flags passed to the chronyd command.";
};
};
};
###### implementation
config = mkIf cfg.enable {
# Make chronyc available in the system path
environment.systemPackages = [ pkgs.chrony ];
users.groups = singleton
@ -113,26 +97,30 @@ in
{ description = "chrony NTP daemon";
wantedBy = [ "multi-user.target" ];
wants = [ "time-sync.target" ];
before = [ "time-sync.target" ];
after = [ "network.target" ];
wants = [ "time-sync.target" ];
before = [ "time-sync.target" ];
after = [ "network.target" ];
conflicts = [ "ntpd.service" "systemd-timesyncd.service" ];
path = [ pkgs.chrony ];
preStart =
''
mkdir -m 0755 -p ${stateDir}
touch ${keyFile}
chmod 0640 ${keyFile}
chown chrony:chrony ${stateDir} ${keyFile}
'';
preStart = ''
mkdir -m 0755 -p ${stateDir}
touch ${keyFile}
chmod 0640 ${keyFile}
chown chrony:chrony ${stateDir} ${keyFile}
'';
serviceConfig =
{ ExecStart = "${pkgs.chrony}/bin/chronyd ${chronyFlags}";
{ Type = "forking";
ExecStart = "${pkgs.chrony}/bin/chronyd ${chronyFlags}";
ProtectHome = "yes";
ProtectSystem = "full";
PrivateTmp = "yes";
ConditionCapability = "CAP_SYS_TIME";
};
};
};
}

56
nixos/modules/services/networking/epmd.nix Normal file
View File

@ -0,0 +1,56 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.epmd;
in
{
###### interface
options.services.epmd = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable socket activation for Erlang Port Mapper Daemon (epmd),
which acts as a name server on all hosts involved in distributed
Erlang computations.
'';
};
package = mkOption {
type = types.package;
default = pkgs.erlang;
description = ''
The Erlang package to use to get epmd binary. That way you can re-use
an Erlang runtime that is already installed for other purposes.
'';
};
};
###### implementation
config = mkIf cfg.enable {
systemd.sockets.epmd = rec {
description = "Erlang Port Mapper Daemon Activation Socket";
wantedBy = [ "sockets.target" ];
before = wantedBy;
socketConfig = {
ListenStream = "4369";
Accept = "false";
};
};
systemd.services.epmd = {
description = "Erlang Port Mapper Daemon";
after = [ "network.target" ];
requires = [ "epmd.socket" ];
serviceConfig = {
DynamicUser = true;
ExecStart = "${cfg.package}/bin/epmd -systemd";
Type = "notify";
};
};
};
}

2
nixos/modules/services/networking/iwd.nix
View File

@ -22,6 +22,8 @@ in {
systemd.packages = [ pkgs.iwd ];
systemd.services.iwd.wantedBy = [ "multi-user.target" ];
systemd.tmpfiles.rules = [
"d /var/lib/iwd 0700 root root -"
];

34
nixos/modules/services/networking/nullidentdmod.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, lib, pkgs, ... }: with lib; let
cfg = config.services.nullidentdmod;
in {
options.services.nullidentdmod = with types; {
enable = mkEnableOption "Enable the nullidentdmod identd daemon";
userid = mkOption {
type = nullOr str;
description = "User ID to return. Set to null to return a random string each time.";
default = null;
example = "alice";
};
};
config = mkIf cfg.enable {
systemd.sockets.nullidentdmod = {
description = "Socket for identd (NullidentdMod)";
listenStreams = [ "113" ];
socketConfig.Accept = true;
wantedBy = [ "sockets.target" ];
};
systemd.services."nullidentdmod@" = {
description = "NullidentdMod service";
serviceConfig = {
DynamicUser = true;
ExecStart = "${pkgs.nullidentdmod}/bin/nullidentdmod${optionalString (cfg.userid != null) " ${cfg.userid}"}";
StandardInput = "socket";
StandardOutput = "socket";
};
};
};
}

3
nixos/modules/services/networking/shairport-sync.nix
View File

@ -27,7 +27,7 @@ in
};
arguments = mkOption {
default = "-v -o pulse";
default = "-v -d pulse";
description = ''
Arguments to pass to the daemon. Defaults to a local pulseaudio
server.
@ -72,6 +72,7 @@ in
serviceConfig = {
User = cfg.user;
ExecStart = "${pkgs.shairport-sync}/bin/shairport-sync ${cfg.arguments}";
RuntimeDirectory = "shairport-sync";
};
};

2
nixos/modules/services/networking/teamspeak3.nix
View File

@ -124,7 +124,7 @@ in
dbsqlpath=${ts3}/lib/teamspeak/sql/ logpath=${cfg.logPath} \
voice_ip=${cfg.voiceIP} default_voice_port=${toString cfg.defaultVoicePort} \
filetransfer_ip=${cfg.fileTransferIP} filetransfer_port=${toString cfg.fileTransferPort} \
query_ip=${cfg.queryIP} query_port=${toString cfg.queryPort}
query_ip=${cfg.queryIP} query_port=${toString cfg.queryPort} license_accepted=1
'';
WorkingDirectory = cfg.dataDir;
User = user;

2
nixos/modules/services/security/tor.nix
View File

@ -208,7 +208,7 @@ in
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable tor transaprent proxy";
description = "Whether to enable tor transparent proxy";
};
listenAddress = mkOption {

920
nixos/modules/services/web-apps/codimd.nix Normal file
View File

@ -0,0 +1,920 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.codimd;
prettyJSON = conf:
pkgs.runCommand "codimd-config.json" { } ''
echo '${builtins.toJSON conf}' | ${pkgs.jq}/bin/jq \
'{production:del(.[]|nulls)|del(.[][]?|nulls)}' > $out
'';
in
{
options.services.codimd = {
enable = mkEnableOption "the CodiMD Markdown Editor";
groups = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Groups to which the codimd user should be added.
'';
};
workDir = mkOption {
type = types.path;
default = "/var/lib/codimd";
description = ''
Working directory for the CodiMD service.
'';
};
configuration = {
debug = mkEnableOption "debug mode";
domain = mkOption {
type = types.nullOr types.str;
default = null;
example = "codimd.org";
description = ''
Domain name for the CodiMD instance.
'';
};
urlPath = mkOption {
type = types.nullOr types.str;
default = null;
example = "/url/path/to/codimd";
description = ''
Path under which CodiMD is accessible.
'';
};
host = mkOption {
type = types.str;
default = "localhost";
description = ''
Address to listen on.
'';
};
port = mkOption {
type = types.int;
default = 3000;
example = "80";
description = ''
Port to listen on.
'';
};
path = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/run/codimd.sock";
description = ''
Specify where a UNIX domain socket should be placed.
'';
};
allowOrigin = mkOption {
type = types.listOf types.str;
default = [];
example = [ "localhost" "codimd.org" ];
description = ''
List of domains to whitelist.
'';
};
useSSL = mkOption {
type = types.bool;
default = false;
description = ''
Enable to use SSL server. This will also enable
<option>protocolUseSSL</option>.
'';
};
hsts = {
enable = mkOption {
type = types.bool;
default = true;
description = ''
Wheter to enable HSTS if HTTPS is also enabled.
'';
};
maxAgeSeconds = mkOption {
type = types.int;
default = 31536000;
description = ''
Max duration for clients to keep the HSTS status.
'';
};
includeSubdomains = mkOption {
type = types.bool;
default = true;
description = ''
Whether to include subdomains in HSTS.
'';
};
preload = mkOption {
type = types.bool;
default = true;
description = ''
Whether to allow preloading of the site's HSTS status.
'';
};
};
csp = mkOption {
type = types.nullOr types.attrs;
default = null;
example = literalExample ''
{
enable = true;
directives = {
scriptSrc = "trustworthy.scripts.example.com";
};
upgradeInsecureRequest = "auto";
addDefaults = true;
}
'';
description = ''
Specify the Content Security Policy which is passed to Helmet.
For configuration details see <link xlink:href="https://helmetjs.github.io/docs/csp/"
>https://helmetjs.github.io/docs/csp/</link>.
'';
};
protocolUseSSL = mkOption {
type = types.bool;
default = false;
description = ''
Enable to use TLS for resource paths.
This only applies when <option>domain</option> is set.
'';
};
urlAddPort = mkOption {
type = types.bool;
default = false;
description = ''
Enable to add the port to callback URLs.
This only applies when <option>domain</option> is set
and only for ports other than 80 and 443.
'';
};
useCDN = mkOption {
type = types.bool;
default = true;
description = ''
Whether to use CDN resources or not.
'';
};
allowAnonymous = mkOption {
type = types.bool;
default = true;
description = ''
Whether to allow anonymous usage.
'';
};
allowAnonymousEdits = mkOption {
type = types.bool;
default = false;
description = ''
Whether to allow guests to edit existing notes with the `freely' permission,
when <option>allowAnonymous</option> is enabled.
'';
};
allowFreeURL = mkOption {
type = types.bool;
default = false;
description = ''
Whether to allow note creation by accessing a nonexistent note URL.
'';
};
defaultPermission = mkOption {
type = types.enum [ "freely" "editable" "limited" "locked" "private" ];
default = "editable";
description = ''
Default permissions for notes.
This only applies for signed-in users.
'';
};
dbURL = mkOption {
type = types.nullOr types.str;
default = null;
example = ''
postgres://user:pass@host:5432/dbname
'';
description = ''
Specify which database to use.
CodiMD supports mysql, postgres, sqlite and mssql.
See <link xlink:href="https://sequelize.readthedocs.io/en/v3/">
https://sequelize.readthedocs.io/en/v3/</link> for more information.
Note: This option overrides <option>db</option>.
'';
};
db = mkOption {
type = types.attrs;
default = {};
example = literalExample ''
{
dialect = "sqlite";
storage = "/var/lib/codimd/db.codimd.sqlite";
}
'';
description = ''
Specify the configuration for sequelize.
CodiMD supports mysql, postgres, sqlite and mssql.
See <link xlink:href="https://sequelize.readthedocs.io/en/v3/">
https://sequelize.readthedocs.io/en/v3/</link> for more information.
Note: This option overrides <option>db</option>.
'';
};
sslKeyPath= mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/codimd/codimd.key";
description = ''
Path to the SSL key. Needed when <option>useSSL</option> is enabled.
'';
};
sslCertPath = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/codimd/codimd.crt";
description = ''
Path to the SSL cert. Needed when <option>useSSL</option> is enabled.
'';
};
sslCAPath = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/var/lib/codimd/ca.crt" ];
description = ''
SSL ca chain. Needed when <option>useSSL</option> is enabled.
'';
};
dhParamPath = mkOption {
type = types.nullOr types.str;
default = null;
example = "/var/lib/codimd/dhparam.pem";
description = ''
Path to the SSL dh params. Needed when <option>useSSL</option> is enabled.
'';
};
tmpPath = mkOption {
type = types.str;
default = "/tmp";
description = ''
Path to the temp directory CodiMD should use.
Note that <option>serviceConfig.PrivateTmp</option> is enabled for
the CodiMD systemd service by default.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
defaultNotePath = mkOption {
type = types.nullOr types.str;
default = "./public/default.md";
description = ''
Path to the default Note file.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
docsPath = mkOption {
type = types.nullOr types.str;
default = "./public/docs";
description = ''
Path to the docs directory.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
indexPath = mkOption {
type = types.nullOr types.str;
default = "./public/views/index.ejs";
description = ''
Path to the index template file.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
hackmdPath = mkOption {
type = types.nullOr types.str;
default = "./public/views/hackmd.ejs";
description = ''
Path to the hackmd template file.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
errorPath = mkOption {
type = types.nullOr types.str;
default = null;
defaultText = "./public/views/error.ejs";
description = ''
Path to the error template file.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
prettyPath = mkOption {
type = types.nullOr types.str;
default = null;
defaultText = "./public/views/pretty.ejs";
description = ''
Path to the pretty template file.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
slidePath = mkOption {
type = types.nullOr types.str;
default = null;
defaultText = "./public/views/slide.hbs";
description = ''
Path to the slide template file.
(Non-canonical paths are relative to CodiMD's base directory)
'';
};
uploadsPath = mkOption {
type = types.str;
default = "${cfg.workDir}/uploads";
defaultText = "/var/lib/codimd/uploads";
description = ''
Path under which uploaded files are saved.
'';
};
sessionName = mkOption {
type = types.str;
default = "connect.sid";
description = ''
Specify the name of the session cookie.
'';
};
sessionSecret = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Specify the secret used to sign the session cookie.
If unset, one will be generated on startup.
'';
};
sessionLife = mkOption {
type = types.int;
default = 1209600000;
description = ''
Session life time in milliseconds.
'';
};
heartbeatInterval = mkOption {
type = types.int;
default = 5000;
description = ''
Specify the socket.io heartbeat interval.
'';
};
heartbeatTimeout = mkOption {
type = types.int;
default = 10000;
description = ''
Specify the socket.io heartbeat timeout.
'';
};
documentMaxLength = mkOption {
type = types.int;
default = 100000;
description = ''
Specify the maximum document length.
'';
};
email = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable email sign-in.
'';
};
allowEmailRegister = mkOption {
type = types.bool;
default = true;
description = ''
Wether to enable email registration.
'';
};
allowGravatar = mkOption {
type = types.bool;
default = true;
description = ''
Whether to use gravatar as profile picture source.
'';
};
imageUploadType = mkOption {
type = types.enum [ "imgur" "s3" "minio" "filesystem" ];
default = "filesystem";
description = ''
Specify where to upload images.
'';
};
minio = mkOption {
type = types.nullOr (types.submodule {
options = {
accessKey = mkOption {
type = types.str;
description = ''
Minio access key.
'';
};
secretKey = mkOption {
type = types.str;
description = ''
Minio secret key.
'';
};
endpoint = mkOption {
type = types.str;
description = ''
Minio endpoint.
'';
};
port = mkOption {
type = types.int;
default = 9000;
description = ''
Minio listen port.
'';
};
secure = mkOption {
type = types.bool;
default = true;
description = ''
Whether to use HTTPS for Minio.
'';
};
};
});
default = null;
description = "Configure the minio third-party integration.";
};
s3 = mkOption {
type = types.nullOr (types.submodule {
options = {
accessKeyId = mkOption {
type = types.str;
description = ''
AWS access key id.
'';
};
secretAccessKey = mkOption {
type = types.str;
description = ''
AWS access key.
'';
};
region = mkOption {
type = types.str;
description = ''
AWS S3 region.
'';
};
};
});
default = null;
description = "Configure the s3 third-party integration.";
};
s3bucket = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Specify the bucket name for upload types <literal>s3</literal> and <literal>minio</literal>.
'';
};
allowPDFExport = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable PDF exports.
'';
};
imgur.clientId = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Imgur API client ID.
'';
};
azure = mkOption {
type = types.nullOr (types.submodule {
options = {
connectionString = mkOption {
type = types.str;
description = ''
Azure Blob Storage connection string.
'';
};
container = mkOption {
type = types.str;
description = ''
Azure Blob Storage container name.
It will be created if non-existent.
'';
};
};
});
default = null;
description = "Configure the azure third-party integration.";
};
oauth2 = mkOption {
type = types.nullOr (types.submodule {
options = {
authorizationURL = mkOption {
type = types.str;
description = ''
Specify the OAuth authorization URL.
'';
};
tokenURL = mkOption {
type = types.str;
description = ''
Specify the OAuth token URL.
'';
};
clientID = mkOption {
type = types.str;
description = ''
Specify the OAuth client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
Specify the OAuth client secret.
'';
};
};
});
default = null;
description = "Configure the OAuth integration.";
};
facebook = mkOption {
type = types.nullOr (types.submodule {
options = {
clientID = mkOption {
type = types.str;
description = ''
Facebook API client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
Facebook API client secret.
'';
};
};
});
default = null;
description = "Configure the facebook third-party integration";
};
twitter = mkOption {
type = types.nullOr (types.submodule {
options = {
consumerKey = mkOption {
type = types.str;
description = ''
Twitter API consumer key.
'';
};
consumerSecret = mkOption {
type = types.str;
description = ''
Twitter API consumer secret.
'';
};
};
});
default = null;
description = "Configure the Twitter third-party integration.";
};
github = mkOption {
type = types.nullOr (types.submodule {
options = {
clientID = mkOption {
type = types.str;
description = ''
GitHub API client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
Github API client secret.
'';
};
};
});
default = null;
description = "Configure the GitHub third-party integration.";
};
gitlab = mkOption {
type = types.nullOr (types.submodule {
options = {
baseURL = mkOption {
type = types.str;
default = "";
description = ''
GitLab API authentication endpoint.
Only needed for other endpoints than gitlab.com.
'';
};
clientID = mkOption {
type = types.str;
description = ''
GitLab API client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
GitLab API client secret.
'';
};
scope = mkOption {
type = types.enum [ "api" "read_user" ];
default = "api";
description = ''
GitLab API requested scope.
GitLab snippet import/export requires api scope.
'';
};
};
});
default = null;
description = "Configure the GitLab third-party integration.";
};
mattermost = mkOption {
type = types.nullOr (types.submodule {
options = {
baseURL = mkOption {
type = types.str;
description = ''
Mattermost authentication endpoint.
'';
};
clientID = mkOption {
type = types.str;
description = ''
Mattermost API client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
Mattermost API client secret.
'';
};
};
});
default = null;
description = "Configure the Mattermost third-party integration.";
};
dropbox = mkOption {
type = types.nullOr (types.submodule {
options = {
clientID = mkOption {
type = types.str;
description = ''
Dropbox API client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
Dropbox API client secret.
'';
};
appKey = mkOption {
type = types.str;
description = ''
Dropbox app key.
'';
};
};
});
default = null;
description = "Configure the Dropbox third-party integration.";
};
google = mkOption {
type = types.nullOr (types.submodule {
options = {
clientID = mkOption {
type = types.str;
description = ''
Google API client ID.
'';
};
clientSecret = mkOption {
type = types.str;
description = ''
Google API client secret.
'';
};
};
});
default = null;
description = "Configure the Google third-party integration.";
};
ldap = mkOption {
type = types.nullOr (types.submodule {
options = {
providerName = mkOption {
type = types.str;
default = "";
description = ''
Optional name to be displayed at login form, indicating the LDAP provider.
'';
};
url = mkOption {
type = types.str;
example = "ldap://localhost";
description = ''
URL of LDAP server.
'';
};
bindDn = mkOption {
type = types.str;
description = ''
Bind DN for LDAP access.
'';
};
bindCredentials = mkOption {
type = types.str;
description = ''
Bind credentials for LDAP access.
'';
};
searchBase = mkOption {
type = types.str;
example = "o=users,dc=example,dc=com";
description = ''
LDAP directory to begin search from.
'';
};
searchFilter = mkOption {
type = types.str;
example = "(uid={{username}})";
description = ''
LDAP filter to search with.
'';
};
searchAttributes = mkOption {
type = types.listOf types.str;
example = [ "displayName" "mail" ];
description = ''
LDAP attributes to search with.
'';
};
userNameField = mkOption {
type = types.str;
default = "";
description = ''
LDAP field which is used as the username on CodiMD.
By default <option>useridField</option> is used.
'';
};
useridField = mkOption {
type = types.str;
example = "uid";
description = ''
LDAP field which is a unique identifier for users on CodiMD.
'';
};
tlsca = mkOption {
type = types.str;
example = "server-cert.pem,root.pem";
description = ''
Root CA for LDAP TLS in PEM format.
'';
};
};
});
default = null;
description = "Configure the LDAP integration.";
};
saml = mkOption {
type = types.nullOr (types.submodule {
options = {
idpSsoUrl = mkOption {
type = types.str;
example = "https://idp.example.com/sso";
description = ''
IdP authentication endpoint.
'';
};
idpCert = mkOption {
type = types.path;
example = "/path/to/cert.pem";
description = ''
Path to IdP certificate file in PEM format.
'';
};
issuer = mkOption {
type = types.str;
default = "";
description = ''
Optional identity of the service provider.
This defaults to the server URL.
'';
};
identifierFormat = mkOption {
type = types.str;
default = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
description = ''
Optional name identifier format.
'';
};
groupAttribute = mkOption {
type = types.str;
default = "";
example = "memberOf";
description = ''
Optional attribute name for group list.
'';
};
externalGroups = mkOption {
type = types.listOf types.str;
default = [];
example = [ "Temporary-staff" "External-users" ];
description = ''
Excluded group names.
'';
};
requiredGroups = mkOption {
type = types.listOf types.str;
default = [];
example = [ "Hackmd-users" "Codimd-users" ];
description = ''
Required group names.
'';
};
attribute = {
id = mkOption {
type = types.str;
default = "";
description = ''
Attribute map for `id'.
Defaults to `NameID' of SAML response.
'';
};
username = mkOption {
type = types.str;
default = "";
description = ''
Attribute map for `username'.
Defaults to `NameID' of SAML response.
'';
};
email = mkOption {
type = types.str;
default = "";
description = ''
Attribute map for `email'.
Defaults to `NameID' of SAML response if
<option>identifierFormat</option> has
the default value.
'';
};
};
};
});
default = null;
description = "Configure the SAML integration.";
};
};
};
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.configuration.db == {} -> (
cfg.configuration.dbURL != "" && cfg.configuration.dbURL != null
);
message = "Database configuration for CodiMD missing."; }
];
users.groups.codimd = {};
users.users.codimd = {
description = "CodiMD service user";
group = "codimd";
extraGroups = cfg.groups;
home = cfg.workDir;
createHome = true;
};
systemd.services.codimd = {
description = "CodiMD Service";
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" ];
preStart = ''
mkdir -p ${cfg.workDir}
chown -R codimd: ${cfg.workDir}
'';
serviceConfig = {
WorkingDirectory = cfg.workDir;
ExecStart = "${pkgs.codimd}/bin/codimd";
Environment = [
"CMD_CONFIG_FILE=${prettyJSON cfg.configuration}"
"NODE_ENV=production"
];
Restart = "always";
User = "codimd";
PermissionsStartOnly = true;
PrivateTmp = true;
};
};
};
}

1
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -81,6 +81,7 @@ in
kconfig
kconfigwidgets
kcoreaddons
kdoctools
kdbusaddons
kdeclarative
kded

2
nixos/modules/services/x11/display-managers/default.nix
View File

@ -266,7 +266,7 @@ in
session. Each session script can set the
<varname>waitPID</varname> shell variable to make this script
wait until the end of the user session. Each script is used
to define either a windows manager or a desktop manager. These
to define either a window manager or a desktop manager. These
can be differentiated by setting the attribute
<varname>manage</varname> either to <literal>"window"</literal>
or <literal>"desktop"</literal>.

13
nixos/modules/services/x11/display-managers/lightdm.nix
View File

@ -197,7 +197,7 @@ in
# lightdm relaunches itself via just `lightdm`, so needs to be on the PATH
execCmd = ''
export PATH=${lightdm}/sbin:$PATH
exec ${lightdm}/sbin/lightdm --log-dir=/var/log --run-dir=/run
exec ${lightdm}/sbin/lightdm
'';
};
@ -246,12 +246,19 @@ in
'';
users.users.lightdm = {
createHome = true;
home = "/var/lib/lightdm-data";
home = "/var/lib/lightdm";
group = "lightdm";
uid = config.ids.uids.lightdm;
};
systemd.tmpfiles.rules = [
"d /run/lightdm 0711 lightdm lightdm 0"
"d /var/cache/lightdm 0711 root lightdm -"
"d /var/lib/lightdm 1770 lightdm lightdm -"
"d /var/lib/lightdm-data 1775 lightdm lightdm -"
"d /var/log/lightdm 0711 root lightdm -"
];
users.groups.lightdm.gid = config.ids.gids.lightdm;
services.xserver.tty = null; # We might start multiple X servers so let the tty increment themselves..
services.xserver.display = null; # We specify our own display (and logfile) in xserver-wrapper up there

4
nixos/modules/services/x11/display-managers/sddm.nix
View File

@ -263,7 +263,9 @@ in
};
environment.etc."sddm.conf".source = cfgFile;
environment.pathsToLink = [ "/share/sddm/themes" ];
environment.pathsToLink = [
"/share/sddm"
];
users.groups.sddm.gid = config.ids.gids.sddm;

2
nixos/modules/services/x11/hardware/libinput.nix
View File

@ -205,7 +205,7 @@ in {
})
];
services.udev.packages = [ pkgs.libinput ];
services.udev.packages = [ pkgs.libinput.out ];
services.xserver.config =
''

61
nixos/modules/system/activation/top-level.nix
View File

@ -93,49 +93,52 @@ let
${config.system.extraSystemBuilderCmds}
'';
# Handle assertions
failed = map (x: x.message) (filter (x: !x.assertion) config.assertions);
showWarnings = res: fold (w: x: builtins.trace "warning: ${w}" x) res config.warnings;
# Putting it all together. This builds a store path containing
# symlinks to the various parts of the built configuration (the
# kernel, systemd units, init scripts, etc.) as well as a script
# `switch-to-configuration' that activates the configuration and
# makes it bootable.
baseSystem = showWarnings (
if [] == failed then pkgs.stdenvNoCC.mkDerivation {
name = let hn = config.networking.hostName;
nn = if (hn != "") then hn else "unnamed";
in "nixos-system-${nn}-${config.system.nixos.label}";
preferLocalBuild = true;
allowSubstitutes = false;
buildCommand = systemBuilder;
baseSystem = pkgs.stdenvNoCC.mkDerivation {
name = let hn = config.networking.hostName;
nn = if (hn != "") then hn else "unnamed";
in "nixos-system-${nn}-${config.system.nixos.label}";
preferLocalBuild = true;
allowSubstitutes = false;
buildCommand = systemBuilder;
inherit (pkgs) utillinux coreutils;
systemd = config.systemd.package;
inherit (pkgs.stdenv) shell;
inherit (pkgs) utillinux coreutils;
systemd = config.systemd.package;
shell = "${pkgs.bash}/bin/sh";
inherit children;
kernelParams = config.boot.kernelParams;
installBootLoader =
config.system.build.installBootLoader
or "echo 'Warning: do not know how to make this configuration bootable; please enable a boot loader.' 1>&2; true";
activationScript = config.system.activationScripts.script;
nixosLabel = config.system.nixos.label;
inherit children;
kernelParams = config.boot.kernelParams;
installBootLoader =
config.system.build.installBootLoader
or "echo 'Warning: do not know how to make this configuration bootable; please enable a boot loader.' 1>&2; true";
activationScript = config.system.activationScripts.script;
nixosLabel = config.system.nixos.label;
configurationName = config.boot.loader.grub.configurationName;
configurationName = config.boot.loader.grub.configurationName;
# Needed by switch-to-configuration.
# Needed by switch-to-configuration.
perl = "${pkgs.perl}/bin/perl " + (concatMapStringsSep " " (lib: "-I${lib}/${pkgs.perl.libPrefix}") (with pkgs.perlPackages; [ FileSlurp NetDBus XMLParser XMLTwig ]));
} else throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failed)}");
perl = "${pkgs.perl}/bin/perl " + (concatMapStringsSep " " (lib: "-I${lib}/${pkgs.perl.libPrefix}") (with pkgs.perlPackages; [ FileSlurp NetDBus XMLParser XMLTwig ]));
};
# Handle assertions and warnings
failedAssertions = map (x: x.message) (filter (x: !x.assertion) config.assertions);
showWarnings = res: fold (w: x: builtins.trace "warning: ${w}" x) res config.warnings;
baseSystemAssertWarn = if failedAssertions != []
then throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failedAssertions)}"
else showWarnings baseSystem;
# Replace runtime dependencies
system = fold ({ oldDependency, newDependency }: drv:
pkgs.replaceDependency { inherit oldDependency newDependency drv; }
) baseSystem config.system.replaceRuntimeDependencies;
) baseSystemAssertWarn config.system.replaceRuntimeDependencies;
in

15
nixos/modules/system/boot/luksroot.nix
View File

@ -11,19 +11,30 @@ let
exit 1
}
dev_exist() {
local target="$1"
if [ -e $target ]; then
return 0
else
local uuid=$(echo -n $target | sed -e 's,UUID=\(.*\),\1,g')
local dev=$(blkid --uuid $uuid)
return $?
fi
}
wait_target() {
local name="$1"
local target="$2"
local secs="''${3:-10}"
local desc="''${4:-$name $target to appear}"
if [ ! -e $target ]; then
if ! dev_exist $target; then
echo -n "Waiting $secs seconds for $desc..."
local success=false;
for try in $(seq $secs); do
echo -n "."
sleep 1
if [ -e $target ]; then
if dev_exist $target; then
success=true
break
fi

44
nixos/modules/virtualisation/google-compute-image.nix
View File

@ -97,8 +97,8 @@ in
"google-instance-setup.service"
"google-network-setup.service"
];
wantedBy = [ "multi-user.target" ];
requires = ["network.target"];
wantedBy = ["multi-user.target"];
path = with pkgs; [ shadow ];
serviceConfig = {
Type = "simple";
@ -113,8 +113,8 @@ in
"google-instance-setup.service"
"google-network-setup.service"
];
requires = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
requires = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${gce}/bin/google_clock_skew_daemon --debug";
@ -123,7 +123,7 @@ in
systemd.services.google-instance-setup = {
description = "Google Compute Engine Instance Setup";
after = ["fs.target" "network-online.target" "network.target" "rsyslog.service"];
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
before = ["sshd.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "sshd.service" "multi-user.target" ];
@ -134,15 +134,17 @@ in
};
};
systemd.services.google-ip-forwarding-daemon = {
description = "Google Compute Engine IP Forwarding Daemon";
after = ["network.target" "google-instance-setup.service" "google-network-setup.service"];
systemd.services.google-network-daemon = {
description = "Google Compute Engine Network Daemon";
after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
wants = ["local-fs.target" "network-online.target" "network.target"];
requires = ["network.target"];
partOf = ["network.target"];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ iproute ];
serviceConfig = {
Type = "simple";
ExecStart = "${gce}/bin/google_ip_forwarding_daemon --debug";
ExecStart = "${gce}/bin/google_network_daemon --debug";
Type = "oneshot";
};
};
@ -153,8 +155,9 @@ in
"network-online.target"
"network.target"
"rsyslog.service"
"systemd-resolved.service"
"google-instance-setup.service"
"google-network-setup.service"
"google-network-daemon.service"
];
wants = [ "local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
@ -167,23 +170,6 @@ in
};
};
systemd.services.google-network-setup = {
description = "Google Compute Engine Network Setup";
after = [
"local-fs.target"
"network-online.target"
"network.target"
"rsyslog.service"
];
wants = [ "local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${gce}/bin/google_network_setup --debug";
KillMode = "process";
Type = "oneshot";
};
};
systemd.services.google-startup-scripts = {
description = "Google Compute Engine Startup Scripts";
after = [
@ -192,9 +178,9 @@ in
"network.target"
"rsyslog.service"
"google-instance-setup.service"
"google-network-setup.service"
"google-network-daemon.service"
];
wants = [ "local-fs.target" "network-online.target" "network.target"];
wants = ["local-fs.target" "network-online.target" "network.target"];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";

9
nixos/release.nix
View File

@ -128,7 +128,8 @@ in rec {
channel = import lib/make-channel.nix { inherit pkgs nixpkgs version versionSuffix; };
manual = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manual);
manualHTML = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manualHTML);
manual = manualHTML; # TODO(@oxij): remove eventually
manualEpub = (buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manualEpub));
manpages = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manpages);
manualGeneratedSources = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.generatedSources);
@ -261,6 +262,7 @@ in rec {
tests.chromium = (callSubTestsOnMatchingSystems ["x86_64-linux"] tests/chromium.nix {}).stable or {};
tests.cjdns = callTest tests/cjdns.nix {};
tests.cloud-init = callTest tests/cloud-init.nix {};
tests.codimd = callTest tests/codimd.nix {};
tests.containers-ipv4 = callTest tests/containers-ipv4.nix {};
tests.containers-ipv6 = callTest tests/containers-ipv6.nix {};
tests.containers-bridge = callTest tests/containers-bridge.nix {};
@ -284,7 +286,8 @@ in rec {
tests.ecryptfs = callTest tests/ecryptfs.nix {};
tests.etcd = callTestOnMatchingSystems ["x86_64-linux"] tests/etcd.nix {};
tests.ec2-nixops = (callSubTestsOnMatchingSystems ["x86_64-linux"] tests/ec2.nix {}).boot-ec2-nixops or {};
tests.ec2-config = (callSubTestsOnMatchingSystems ["x86_64-linux"] tests/ec2.nix {}).boot-ec2-config or {};
# ec2-config doesn't work in a sandbox as the simulated ec2 instance needs network access
#tests.ec2-config = (callSubTestsOnMatchingSystems ["x86_64-linux"] tests/ec2.nix {}).boot-ec2-config or {};
tests.elk = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/elk.nix {};
tests.env = callTest tests/env.nix {};
tests.ferm = callTest tests/ferm.nix {};
@ -379,7 +382,7 @@ in rec {
tests.pgmanage = callTest tests/pgmanage.nix {};
tests.postgis = callTest tests/postgis.nix {};
tests.powerdns = callTest tests/powerdns.nix {};
#tests.pgjwt = callTest tests/pgjwt.nix {};
tests.pgjwt = callTest tests/pgjwt.nix {};
tests.predictable-interface-names = callSubTests tests/predictable-interface-names.nix {};
tests.printing = callTest tests/printing.nix {};
tests.prometheus = callTest tests/prometheus.nix {};

29
nixos/tests/acme.nix
View File

@ -1,32 +1,5 @@
let
commonConfig = { lib, nodes, ... }: {
networking.nameservers = [
nodes.letsencrypt.config.networking.primaryIPAddress
];
nixpkgs.overlays = lib.singleton (self: super: {
cacert = super.cacert.overrideDerivation (drv: {
installPhase = (drv.installPhase or "") + ''
cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \
>> "$out/etc/ssl/certs/ca-bundle.crt"
'';
});
# Override certifi so that it accepts fake certificate for Let's Encrypt
# Need to override the attribute used by simp_le, which is python3Packages
python3Packages = (super.python3.override {
packageOverrides = lib.const (pysuper: {
certifi = pysuper.certifi.overridePythonAttrs (attrs: {
postPatch = (attrs.postPatch or "") + ''
cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \
> certifi/cacert.pem
'';
});
});
}).pkgs;
});
};
commonConfig = ./common/letsencrypt/common.nix;
in import ./make-test.nix {
name = "acme";

1
nixos/tests/atd.nix
View File

@ -16,6 +16,7 @@ import ./make-test.nix ({ pkgs, ... }:
testScript = ''
startAll;
$machine->waitForUnit('atd.service'); # wait for atd to start
$machine->fail("test -f ~root/at-1");
$machine->fail("test -f ~alice/at-1");

56
nixos/tests/codimd.nix Normal file
View File

@ -0,0 +1,56 @@
import ./make-test.nix ({ pkgs, lib, ... }:
{
name = "codimd";
meta = with lib.maintainers; {
maintainers = [ willibutz ];
};
nodes = {
codimdSqlite = { ... }: {
services = {
codimd = {
enable = true;
configuration.dbURL = "sqlite:///var/lib/codimd/codimd.db";
};
};
};
codimdPostgres = { ... }: {
systemd.services.codimd.after = [ "postgresql.service" ];
services = {
codimd = {
enable = true;
configuration.dbURL = "postgres://codimd:snakeoilpassword@localhost:5432/codimddb";
};
postgresql = {
enable = true;
initialScript = pkgs.writeText "pg-init-script.sql" ''
CREATE ROLE codimd LOGIN PASSWORD 'snakeoilpassword';
CREATE DATABASE codimddb OWNER codimd;
'';
};
};
};
};
testScript = ''
startAll();
subtest "CodiMD sqlite", sub {
$codimdSqlite->waitForUnit("codimd.service");
$codimdSqlite->waitForOpenPort(3000);
$codimdSqlite->sleep(10); # avoid 503 during startup
$codimdSqlite->succeed("curl -sSf http://localhost:3000/new");
};
subtest "CodiMD postgres", sub {
$codimdPostgres->waitForUnit("postgresql.service");
$codimdPostgres->waitForUnit("codimd.service");
$codimdPostgres->waitForOpenPort(5432);
$codimdPostgres->waitForOpenPort(3000);
$codimdPostgres->sleep(10); # avoid 503 during startup
$codimdPostgres->succeed("curl -sSf http://localhost:3000/new");
};
'';
})

27
nixos/tests/common/letsencrypt/common.nix Normal file
View File

@ -0,0 +1,27 @@
{ lib, nodes, ... }: {
networking.nameservers = [
nodes.letsencrypt.config.networking.primaryIPAddress
];
nixpkgs.overlays = lib.singleton (self: super: {
cacert = super.cacert.overrideDerivation (drv: {
installPhase = (drv.installPhase or "") + ''
cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \
>> "$out/etc/ssl/certs/ca-bundle.crt"
'';
});
# Override certifi so that it accepts fake certificate for Let's Encrypt
# Need to override the attribute used by simp_le, which is python3Packages
python3Packages = (super.python3.override {
packageOverrides = lib.const (pysuper: {
certifi = pysuper.certifi.overridePythonAttrs (attrs: {
postPatch = (attrs.postPatch or "") + ''
cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \
> certifi/cacert.pem
'';
});
});
}).pkgs;
});
}

8
nixos/tests/containers-imperative.nix
View File

@ -13,6 +13,7 @@ import ./make-test.nix ({ pkgs, ...} : {
# XXX: Sandbox setup fails while trying to hardlink files from the host's
# store file system into the prepared chroot directory.
nix.useSandbox = false;
nix.binaryCaches = []; # don't try to access cache.nixos.org
virtualisation.writableStore = true;
virtualisation.memorySize = 1024;
@ -27,9 +28,10 @@ import ./make-test.nix ({ pkgs, ...} : {
};
};
};
in [
pkgs.stdenv pkgs.stdenvNoCC emptyContainer.config.containers.foo.path
pkgs.libxslt
in with pkgs; [
stdenv stdenvNoCC emptyContainer.config.containers.foo.path
libxslt desktop-file-utils texinfo docbook5 libxml2
docbook_xsl_ns xorg.lndir documentation-highlighter
];
};

7
nixos/tests/docker-tools.nix
View File

@ -20,7 +20,10 @@ import ./make-test.nix ({ pkgs, ... }: {
''
$docker->waitForUnit("sockets.target");
# Ensure Docker images use a stable date by default
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("[ '1970-01-01T00:00:01Z' = \"\$(docker inspect ${pkgs.dockerTools.examples.bash.imageName} | ${pkgs.jq}/bin/jq -r .[].Created)\" ]");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version");
$docker->succeed("docker rmi ${pkgs.dockerTools.examples.bash.imageName}");
@ -51,5 +54,9 @@ import ./make-test.nix ({ pkgs, ... }: {
$docker->succeed("docker run --rm runasrootextracommands cat extraCommands");
$docker->succeed("docker run --rm runasrootextracommands cat runAsRoot");
$docker->succeed("docker rmi '${pkgs.dockerTools.examples.runAsRootExtraCommands.imageName}'");
# Ensure Docker images can use an unstable date
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("[ '1970-01-01T00:00:01Z' != \"\$(docker inspect ${pkgs.dockerTools.examples.unstableDate.imageName} | ${pkgs.jq}/bin/jq -r .[].Created)\" ]");
'';
})

4
nixos/tests/ferm.nix
View File

@ -11,6 +11,7 @@ import ./make-test.nix ({ pkgs, ...} : {
with pkgs.lib;
{
networking = {
dhcpcd.enable = false;
interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::2"; prefixLength = 64; } ];
interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.2"; prefixLength = 24; } ];
};
@ -20,6 +21,7 @@ import ./make-test.nix ({ pkgs, ...} : {
with pkgs.lib;
{
networking = {
dhcpcd.enable = false;
interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::1"; prefixLength = 64; } ];
interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ];
};
@ -51,7 +53,7 @@ import ./make-test.nix ({ pkgs, ...} : {
''
startAll;
$client->waitForUnit("network.target");
$client->waitForUnit("network-online.target");
$server->waitForUnit("ferm.service");
$server->waitForUnit("nginx.service");
$server->waitUntilSucceeds("ss -ntl | grep -q 80");

6
nixos/tests/gdk-pixbuf.nix
View File

@ -10,10 +10,12 @@ import ./make-test.nix ({ pkgs, ... }: {
environment.systemPackages = with pkgs; [ gnome-desktop-testing ];
environment.variables.XDG_DATA_DIRS = [ "${pkgs.gdk_pixbuf.installedTests}/share" ];
virtualisation.memorySize = 4096; # Tests allocate a lot of memory trying to exploit a CVE
# Tests allocate a lot of memory trying to exploit a CVE
# but qemu-system-i386 has a 2047M memory limit
virtualisation.memorySize = if pkgs.stdenv.isi686 then 2047 else 4096;
};
testScript = ''
$machine->succeed("gnome-desktop-testing-runner");
$machine->succeed("gnome-desktop-testing-runner -t 1800"); # increase timeout to 1800s
'';
})

2
nixos/tests/hibernate.nix
View File

@ -35,8 +35,8 @@ import ./make-test.nix (pkgs: {
$machine->waitForOpenPort(4444);
$machine->succeed("systemctl hibernate &");
$machine->waitForShutdown;
$probe->waitForUnit("multi-user.target");
$machine->start;
$probe->waitForUnit("network.target");
$probe->waitUntilSucceeds("echo test | nc machine 4444 -N");
'';

2
nixos/tests/hound.nix
View File

@ -52,7 +52,7 @@ import ./make-test.nix ({ pkgs, ... } : {
$machine->waitForUnit("network.target");
$machine->waitForUnit("hound.service");
$machine->waitForOpenPort(6080);
$machine->succeed('curl http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep "Filename" | grep "hello"');
$machine->waitUntilSucceeds('curl http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep "Filename" | grep "hello"');
'';
})

87
nixos/tests/installer.nix
View File

@ -282,9 +282,9 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary linux-swap 1M 1024M",
"parted --script /dev/vda -- mkpart primary ext2 1024M -1s",
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
. " mkpart primary linux-swap 1M 1024M"
. " mkpart primary ext2 1024M -1s",
"udevadm settle",
"mkswap /dev/vda1 -L swap",
"swapon -L swap",
@ -299,11 +299,11 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted --script /dev/vda mklabel gpt",
"parted --script /dev/vda -- mkpart ESP fat32 1M 50MiB", # /boot
"parted --script /dev/vda -- set 1 boot on",
"parted --script /dev/vda -- mkpart primary linux-swap 50MiB 1024MiB",
"parted --script /dev/vda -- mkpart primary ext2 1024MiB -1MiB", # /
"flock /dev/vda parted --script /dev/vda -- mklabel gpt"
. " mkpart ESP fat32 1M 50MiB" # /boot
. " set 1 boot on"
. " mkpart primary linux-swap 50MiB 1024MiB"
. " mkpart primary ext2 1024MiB -1MiB", # /
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
@ -321,11 +321,11 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted --script /dev/vda mklabel gpt",
"parted --script /dev/vda -- mkpart ESP fat32 1M 50MiB", # /boot
"parted --script /dev/vda -- set 1 boot on",
"parted --script /dev/vda -- mkpart primary linux-swap 50MiB 1024MiB",
"parted --script /dev/vda -- mkpart primary ext2 1024MiB -1MiB", # /
"flock /dev/vda parted --script /dev/vda -- mklabel gpt"
. " mkpart ESP fat32 1M 50MiB" # /boot
. " set 1 boot on"
. " mkpart primary linux-swap 50MiB 1024MiB"
. " mkpart primary ext2 1024MiB -1MiB", # /
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
@ -345,10 +345,10 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
"parted --script /dev/vda -- mkpart primary linux-swap 50MB 1024M",
"parted --script /dev/vda -- mkpart primary ext2 1024M -1s", # /
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
. " mkpart primary ext2 1M 50MB" # /boot
. " mkpart primary linux-swap 50MB 1024M"
. " mkpart primary ext2 1024M -1s", # /
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
@ -366,10 +366,10 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
"parted --script /dev/vda -- mkpart primary linux-swap 50MB 1024M",
"parted --script /dev/vda -- mkpart primary ext2 1024M -1s", # /
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
. " mkpart primary ext2 1M 50MB" # /boot
. " mkpart primary linux-swap 50MB 1024M"
. " mkpart primary ext2 1024M -1s", # /
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
@ -402,9 +402,9 @@ in {
createPartitions =
''
$machine->succeed(
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary linux-swap 1M 1024M",
"parted --script /dev/vda -- mkpart primary 1024M -1s",
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
. " mkpart primary linux-swap 1M 1024M"
. " mkpart primary 1024M -1s",
"udevadm settle",
"mkswap /dev/vda1 -L swap",
@ -425,11 +425,11 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary 1M 2048M", # PV1
"parted --script /dev/vda -- set 1 lvm on",
"parted --script /dev/vda -- mkpart primary 2048M -1s", # PV2
"parted --script /dev/vda -- set 2 lvm on",
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
. " mkpart primary 1M 2048M" # PV1
. " set 1 lvm on"
. " mkpart primary 2048M -1s" # PV2
. " set 2 lvm on",
"udevadm settle",
"pvcreate /dev/vda1 /dev/vda2",
"vgcreate MyVolGroup /dev/vda1 /dev/vda2",
@ -447,10 +447,10 @@ in {
luksroot = makeInstallerTest "luksroot"
{ createPartitions = ''
$machine->succeed(
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
"parted --script /dev/vda -- mkpart primary linux-swap 50M 1024M",
"parted --script /dev/vda -- mkpart primary 1024M -1s", # LUKS
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
. " mkpart primary ext2 1M 50MB" # /boot
. " mkpart primary linux-swap 50M 1024M"
. " mkpart primary 1024M -1s", # LUKS
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
@ -481,11 +481,11 @@ in {
filesystemEncryptedWithKeyfile = makeInstallerTest "filesystemEncryptedWithKeyfile"
{ createPartitions = ''
$machine->succeed(
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
"parted --script /dev/vda -- mkpart primary linux-swap 50M 1024M",
"parted --script /dev/vda -- mkpart primary 1024M 1280M", # LUKS with keyfile
"parted --script /dev/vda -- mkpart primary 1280M -1s",
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
. " mkpart primary ext2 1M 50MB" # /boot
. " mkpart primary linux-swap 50M 1024M"
. " mkpart primary 1024M 1280M" # LUKS with keyfile
. " mkpart primary 1280M -1s",
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
@ -520,7 +520,7 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted --script /dev/vda --"
"flock /dev/vda parted --script /dev/vda --"
. " mklabel msdos"
. " mkpart primary ext2 1M 100MB" # /boot
. " mkpart extended 100M -1s"
@ -531,8 +531,10 @@ in {
"udevadm settle",
"ls -l /dev/vda* >&2",
"cat /proc/partitions >&2",
"udevadm control --stop-exec-queue",
"mdadm --create --force /dev/md0 --metadata 1.2 --level=raid1 --raid-devices=2 /dev/vda5 /dev/vda6",
"mdadm --create --force /dev/md1 --metadata 1.2 --level=raid1 --raid-devices=2 /dev/vda7 /dev/vda8",
"udevadm control --start-exec-queue",
"udevadm settle",
"mkswap -f /dev/md1 -L swap",
"swapon -L swap",
@ -555,14 +557,15 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted --script /dev/sda mklabel msdos",
"parted --script /dev/sda -- mkpart primary linux-swap 1M 1024M",
"parted --script /dev/sda -- mkpart primary ext2 1024M -1s",
"flock /dev/sda parted --script /dev/sda -- mklabel msdos"
. " mkpart primary linux-swap 1M 1024M"
. " mkpart primary ext2 1024M -1s",
"udevadm settle",
"mkswap /dev/sda1 -L swap",
"swapon -L swap",
"mkfs.ext3 -L nixos /dev/sda2",
"mount LABEL=nixos /mnt",
"mkdir -p /mnt/tmp",
);
'';
grubVersion = 1;

2
nixos/tests/misc.nix
View File

@ -14,7 +14,7 @@ import ./make-test.nix ({ pkgs, ...} : rec {
{ swapDevices = mkOverride 0
[ { device = "/root/swapfile"; size = 128; } ];
environment.variables.EDITOR = mkOverride 0 "emacs";
services.nixosManual.enable = mkOverride 0 true;
documentation.nixos.enable = mkOverride 0 true;
systemd.tmpfiles.rules = [ "d /tmp 1777 root root 10d" ];
fileSystems = mkVMOverride { "/tmp2" =
{ fsType = "tmpfs";

4
nixos/tests/networking.nix
View File

@ -467,7 +467,7 @@ let
# Wait for networking to come up
$machine->start;
$machine->waitForUnit("network.target");
$machine->waitForUnit("network-online.target");
# Test interfaces set up
my $list = $machine->succeed("ip tuntap list | sort");
@ -479,7 +479,9 @@ let
# Test interfaces clean up
$machine->succeed("systemctl stop network-addresses-tap0");
$machine->sleep(10);
$machine->succeed("systemctl stop network-addresses-tun0");
$machine->sleep(10);
my $residue = $machine->succeed("ip tuntap list");
$residue eq "" or die(
"Some virtual interface has not been properly cleaned:\n",

3
nixos/tests/prosody.nix
View File

@ -6,6 +6,9 @@ import ./make-test.nix {
enable = true;
# TODO: use a self-signed certificate
c2sRequireEncryption = false;
extraConfig = ''
storage = "sql"
'';
};
environment.systemPackages = let
sendMessage = pkgs.writeScriptBin "send-message" ''

16
nixos/tests/yabar.nix
View File

@ -8,18 +8,26 @@ with lib;
maintainers = [ ma27 ];
};
nodes.yabar = {
machine = {
imports = [ ./common/x11.nix ./common/user-account.nix ];
services.xserver.displayManager.auto.user = "bob";
programs.yabar.enable = true;
programs.yabar.bars = {
top.indicators.date.exec = "YABAR_DATE";
};
};
testScript = ''
$yabar->start;
$yabar->waitForX;
$machine->start;
$machine->waitForX;
$yabar->waitForUnit("yabar.service", "bob");
# confirm proper startup
$machine->waitForUnit("yabar.service", "bob");
$machine->sleep(10);
$machine->waitForUnit("yabar.service", "bob");
$machine->screenshot("top_bar");
'';
})

2
pkgs/applications/altcoins/bitcoin-abc.nix
View File

@ -26,6 +26,8 @@ stdenv.mkDerivation rec {
configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ]
++ optionals withGui [ "--with-gui=qt5" ];
enableParallelBuilding = true;
meta = {
description = "Peer-to-peer electronic cash system (Cash client)";
longDescription= ''

2
pkgs/applications/altcoins/bitcoin-classic.nix
View File

@ -26,6 +26,8 @@ stdenv.mkDerivation rec {
configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ]
++ optionals withGui [ "--with-gui=qt5" ];
enableParallelBuilding = true;
meta = {
description = "Peer-to-peer electronic cash system (Classic client)";
longDescription= ''

2
pkgs/applications/altcoins/bitcoin-xt.nix
View File

@ -27,6 +27,8 @@ stdenv.mkDerivation rec{
"--with-libcurl-headers=${curl.dev}/include"
] ++ optionals withGui [ "--with-gui=qt4" ];
enableParallelBuilding = true;
meta = {
description = "Peer-to-peer electronic cash system (XT client)";
longDescription= ''

13
pkgs/applications/altcoins/bitcoin.nix
View File

@ -5,13 +5,13 @@
with stdenv.lib;
stdenv.mkDerivation rec{
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version;
version = "0.16.2";
version = "0.16.3";
src = fetchurl {
urls = [ "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
"https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
];
sha256 = "1n07qykx5hc0ph8fwn7hfrbsrjv19fdzvs5h0nysq4wfgn5wa40r";
sha256 = "060223dzzk2izfzhxwlzzd0fhbgglvbgps2nyc4zz767vybysvl3";
};
nativeBuildInputs = [ pkgconfig autoreconfHook ];
@ -20,7 +20,12 @@ stdenv.mkDerivation rec{
++ optionals stdenv.isLinux [ utillinux ]
++ optionals withGui [ qtbase qttools qrencode ];
configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ]
configureFlags = [ "--with-boost-libdir=${boost.out}/lib"
"--disable-bench"
] ++ optionals (!doCheck) [
"--disable-tests"
"--disable-gui-tests"
]
++ optionals withGui [ "--with-gui=qt5"
"--with-qt-bindir=${qtbase.dev}/bin:${qttools.dev}/bin"
];
@ -29,6 +34,8 @@ stdenv.mkDerivation rec{
# find or load the Qt platform plugin "minimal""
doCheck = false;
enableParallelBuilding = true;
meta = {
description = "Peer-to-peer electronic cash system";
longDescription= ''

4
pkgs/applications/altcoins/clightning.nix
View File

@ -4,14 +4,14 @@
with stdenv.lib;
stdenv.mkDerivation rec {
name = "clightning-${version}";
version = "0.6";
version = "0.6.1";
src = fetchFromGitHub {
fetchSubmodules = true;
owner = "ElementsProject";
repo = "lightning";
rev = "v${version}";
sha256 = "1xbi8c7kn21wj255fxnb9s0sqnzbn3wsz4p96z084k8mw1nc71vn";
sha256 = "0qx30i1c97ic4ii8bm0sk9dh76nfg4ihl9381gxjj14i4jr1q8y4";
};
enableParallelBuilding = true;

33
pkgs/applications/altcoins/dapp.nix
View File

@ -1,33 +0,0 @@
{ lib, stdenv, fetchFromGitHub, makeWrapper
, seth, git, solc, shellcheck, nodejs, hevm }:
stdenv.mkDerivation rec {
name = "dapp-${version}";
version = "0.5.7";
src = fetchFromGitHub {
owner = "dapphub";
repo = "dapp";
rev = "v${version}";
sha256 = "128f35hczarihb263as391wr9zbyc1q1p49qbxh30via23r1brb0";
};
nativeBuildInputs = [makeWrapper shellcheck];
buildPhase = "true";
doCheck = true;
checkPhase = "make test";
makeFlags = ["prefix=$(out)"];
postInstall = let path = lib.makeBinPath [
nodejs solc git seth hevm
]; in ''
wrapProgram "$out/bin/dapp" --prefix PATH : "${path}"
'';
meta = {
description = "Simple tool for creating Ethereum-based dapps";
homepage = https://github.com/dapphub/dapp/;
maintainers = [stdenv.lib.maintainers.dbrock];
license = lib.licenses.gpl3;
inherit version;
};
}

6
pkgs/applications/altcoins/default.nix
View File

@ -50,7 +50,6 @@ rec {
dogecoin = callPackage ./dogecoin.nix { boost = boost165; withGui = true; };
dogecoind = callPackage ./dogecoin.nix { boost = boost165; withGui = false; };
ethsign = callPackage ./ethsign { };
freicoin = callPackage ./freicoin.nix { boost = boost155; };
go-ethereum = callPackage ./go-ethereum.nix {
@ -78,11 +77,6 @@ rec {
namecoind = callPackage ./namecoin.nix { withGui = false; };
ethabi = callPackage ./ethabi.nix { };
ethrun = callPackage ./ethrun.nix { };
seth = callPackage ./seth.nix { };
dapp = callPackage ./dapp.nix { };
hevm = (haskellPackages.callPackage ./hevm.nix {});
stellar-core = callPackage ./stellar-core.nix { };

26
pkgs/applications/altcoins/ethrun.nix
View File

@ -1,26 +0,0 @@
{ stdenv, fetchFromGitHub, rustPlatform }:
with rustPlatform;
buildRustPackage rec {
name = "ethrun-${version}";
version = "0.1.0";
src = fetchFromGitHub {
owner = "dapphub";
repo = "ethrun";
rev = "v${version}";
sha256 = "1w651g4p2mc4ljp20l8lwvfx3l3fzyp6gf2izr85vyb1wjbaccqn";
};
cargoSha256 = "14x8pbjgkz0g724lnvd9mi2alqd6fipjljw6xsraf9gqwijn1kn0";
meta = with stdenv.lib; {
description = "Directly run Ethereum bytecode";
homepage = https://github.com/dapphub/ethrun/;
maintainers = [ maintainers.dbrock ];
license = licenses.gpl3;
broken = true; # mark temporary as broken
inherit version;
};
}

60
pkgs/applications/altcoins/ethsign/default.nix
View File

@ -1,60 +0,0 @@
{ stdenv, buildGoPackage, fetchFromGitHub, fetchgit }:
buildGoPackage rec {
name = "ethsign-${version}";
version = "0.8.2";
goPackagePath = "github.com/dapphub/ethsign";
hardeningDisable = ["fortify"];
src = fetchFromGitHub {
owner = "dapphub";
repo = "ethsign";
rev = "v${version}";
sha256 = "1gd0bq5x49sjm83r2wivjf03dxvhdli6cvwb9b853wwcvy4inmmh";
};
extraSrcs = [
{
goPackagePath = "github.com/ethereum/go-ethereum";
src = fetchFromGitHub {
owner = "ethereum";
repo = "go-ethereum";
rev = "v1.7.3";
sha256 = "1w6rbq2qpjyf2v9mr18yiv2af1h2sgyvgrdk4bd8ixgl3qcd5b11";
};
}
{
goPackagePath = "gopkg.in/urfave/cli.v1";
src = fetchFromGitHub {
owner = "urfave";
repo = "cli";
rev = "v1.19.1";
sha256 = "1ny63c7bfwfrsp7vfkvb4i0xhq4v7yxqnwxa52y4xlfxs4r6v6fg";
};
}
{
goPackagePath = "golang.org/x/crypto";
src = fetchgit {
url = "https://go.googlesource.com/crypto";
rev = "94eea52f7b742c7cbe0b03b22f0c4c8631ece122";
sha256 = "095zyvjb0m2pz382500miqadhk7w3nis8z3j941z8cq4rdafijvi";
};
}
{
goPackagePath = "golang.org/x/sys";
src = fetchgit {
url = "https://go.googlesource.com/sys";
rev = "53aa286056ef226755cd898109dbcdaba8ac0b81";
sha256 = "1yd17ccklby099cpdcsgx6lf0lj968hsnppp16mwh9009ldf72r1";
};
}
];
meta = with stdenv.lib; {
homepage = https://github.com/dapphub/ethsign;
description = "Make raw signed Ethereum transactions";
broken = stdenv.isDarwin; # test with CoreFoundation 10.11
license = [licenses.gpl3];
};
}

62
pkgs/applications/altcoins/hevm.nix
View File

@ -1,62 +0,0 @@
{ mkDerivation, abstract-par, aeson, ansi-wl-pprint, async, base
, base16-bytestring, base64-bytestring, binary, brick, bytestring
, cereal, containers, cryptonite, data-dword, deepseq, directory
, filepath, ghci-pretty, here, HUnit, lens
, lens-aeson, memory, monad-par, mtl, optparse-generic, process
, QuickCheck, quickcheck-text, readline, rosezipper, scientific
, stdenv, tasty, tasty-hunit, tasty-quickcheck, temporary, text
, text-format, unordered-containers, vector, vty
, restless-git
, fetchFromGitHub, lib, makeWrapper
, zlib, bzip2, solc, coreutils
, bash
}:
lib.overrideDerivation (mkDerivation rec {
pname = "hevm";
version = "0.8.5";
src = fetchFromGitHub {
owner = "dapphub";
repo = "hevm";
rev = "v${version}";
sha256 = "1a27bh0azf2hdg5hp6s9azv2rhzy7vrlq1kmg688g9nfwwwhgkp0";
};
isLibrary = false;
isExecutable = true;
enableSharedExecutables = false;
postInstall = ''
wrapProgram $out/bin/hevm \
--add-flags '+RTS -N$((`${coreutils}/bin/nproc` - 1)) -RTS' \
--suffix PATH : "${lib.makeBinPath [bash coreutils]}"
'';
extraLibraries = [
abstract-par aeson ansi-wl-pprint base base16-bytestring
base64-bytestring binary brick bytestring cereal containers
cryptonite data-dword deepseq directory filepath ghci-pretty lens
lens-aeson memory monad-par mtl optparse-generic process QuickCheck
quickcheck-text readline rosezipper scientific temporary text text-format
unordered-containers vector vty restless-git
];
executableHaskellDepends = [
async readline zlib bzip2
];
testHaskellDepends = [
base binary bytestring ghci-pretty here HUnit lens mtl QuickCheck
tasty tasty-hunit tasty-quickcheck text vector
];
homepage = https://github.com/dapphub/hevm;
description = "Ethereum virtual machine evaluator";
license = stdenv.lib.licenses.agpl3;
maintainers = [stdenv.lib.maintainers.dbrock];
broken = true; # 2018-04-10
}) (attrs: {
buildInputs = attrs.buildInputs ++ [solc];
nativeBuildInputs = attrs.nativeBuildInputs ++ [makeWrapper];
})

2
pkgs/applications/altcoins/litecoin.nix
View File

@ -29,6 +29,8 @@ stdenv.mkDerivation rec {
configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ]
++ optionals withGui [ "--with-gui=qt4" ];
enableParallelBuilding = true;
meta = {
description = "A lite version of Bitcoin using scrypt as a proof-of-work algorithm";
longDescription= ''

33
pkgs/applications/altcoins/seth.nix
View File

@ -1,33 +0,0 @@
{ stdenv, makeWrapper, lib, fetchFromGitHub
, bc, coreutils, curl, ethabi, git, gnused, jshon, perl, solc, which
, nodejs, ethsign
}:
stdenv.mkDerivation rec {
name = "seth-${version}";
version = "0.6.3";
src = fetchFromGitHub {
owner = "dapphub";
repo = "seth";
rev = "v${version}";
sha256 = "0la2nfqsscpbq6zwa6hsd73nimdnrhilrmgyy77yr3jca2wjhsjk";
};
nativeBuildInputs = [makeWrapper];
buildPhase = "true";
makeFlags = ["prefix=$(out)"];
postInstall = let path = lib.makeBinPath [
bc coreutils curl ethabi git gnused jshon perl solc which nodejs ethsign
]; in ''
wrapProgram "$out/bin/seth" --prefix PATH : "${path}"
'';
meta = {
description = "Command-line client for talking to Ethereum nodes";
homepage = https://github.com/dapphub/seth/;
maintainers = [stdenv.lib.maintainers.dbrock];
license = lib.licenses.gpl3;
inherit version;
};
}

4
pkgs/applications/audio/drumgizmo/default.nix
View File

@ -3,12 +3,12 @@
}:
stdenv.mkDerivation rec {
version = "0.9.15";
version = "0.9.16";
name = "drumgizmo-${version}";
src = fetchurl {
url = "https://www.drumgizmo.org/releases/${name}/${name}.tar.gz";
sha256 = "13bgqyw74pq3ss63zd9bjmgr4dah792pcphyqmr7bnvrgfjr6bx6";
sha256 = "0ivr61n9gpigsfgn20rh3n09li8sxh1q095r6wiw0shqhn3vaxlg";
};
configureFlags = [ "--enable-lv2" ];

4
pkgs/applications/audio/elisa/default.nix
View File

@ -7,13 +7,13 @@
mkDerivation rec {
name = "elisa-${version}";
version = "0.2.1";
version = "0.2.80";
src = fetchFromGitHub {
owner = "KDE";
repo = "elisa";
rev = "v${version}";
sha256 = "0b3rx3gh6adlrbmgj75dicqv6qzzn4fyfxbf1nwh3zd2hi0ca89w";
sha256 = "0wc2kkp28gp1rfgg14a769lalwd44yz7jxkrzanh91v5j2kkln07";
};
nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook ];

4
pkgs/applications/audio/gpodder/default.nix
View File

@ -5,14 +5,14 @@
python3Packages.buildPythonApplication rec {
pname = "gpodder";
version = "3.10.3";
version = "3.10.5";
format = "other";
src = fetchFromGitHub {
owner = "gpodder";
repo = "gpodder";
rev = version;
sha256 = "0j0amjq1wvr5p10vckg900a8xfnxw6z028qw72ayh58216m5jb5l";
sha256 = "00lvma40d62h4haybabh15x1y7rnmd84whbjgjv773igwagkn9vw";
};
postPatch = with stdenv.lib; ''

2
pkgs/applications/audio/gradio/default.nix
View File

@ -56,7 +56,7 @@ in stdenv.mkDerivation rec {
enableParallelBuilding = true;
postInstall = ''
${glib.dev}/bin/glib-compile-schemas $out/share/glib-2.0/schemas
glib-compile-schemas "$out"/share/glib-2.0/schemas
'';
patches = [ ./0001-Remove-post-install-script-that-hardcodes-paths.patch ];

4
pkgs/applications/audio/jaaa/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "jaaa-${version}";
version = "0.8.4";
version = "0.9.2";
src = fetchurl {
url = "https://kokkinizita.linuxaudio.org/linuxaudio/downloads/${name}.tar.bz2";
sha256 = "0jyll4rkb6vja2widc340ww078rr24c6nmxbxdqvbxw409nccd01";
sha256 = "1czksxx2g8na07k7g57qlz0vvkkgi5bzajcx7vc7jhb94hwmmxbc";
};
buildInputs = [

4
pkgs/applications/audio/japa/default.nix
View File

@ -1,12 +1,12 @@
{ stdenv, fetchurl, alsaLib, libjack2, fftwFloat, libclthreads, libclxclient, libX11, libXft, zita-alsa-pcmi, }:
stdenv.mkDerivation rec {
version = "0.8.4";
version = "0.9.2";
name = "japa-${version}";
src = fetchurl {
url = "https://kokkinizita.linuxaudio.org/linuxaudio/downloads/${name}.tar.bz2";
sha256 = "1jhj7s4vqk5c4lchdall0kslvj5sh91902hhfjvs6r3a5nrhwcp0";
sha256 = "1zmi4wg23hwsypg3h6y3qb72cbrihqcs19qrbzgs5a67d13q4897";
};
buildInputs = [ alsaLib libjack2 fftwFloat libclthreads libclxclient libX11 libXft zita-alsa-pcmi ];

4
pkgs/applications/audio/lollypop/default.nix
View File

@ -4,7 +4,7 @@
, gobjectIntrospection, wrapGAppsHook }:
python3.pkgs.buildPythonApplication rec {
version = "0.9.522";
version = "0.9.601";
name = "lollypop-${version}";
format = "other";
@ -14,7 +14,7 @@ python3.pkgs.buildPythonApplication rec {
url = "https://gitlab.gnome.org/World/lollypop";
rev = "refs/tags/${version}";
fetchSubmodules = true;
sha256 = "0f2brwv884cvmxj644jcj9sg5hix3wvnjy2ndg0fh5cxyqz0kwn5";
sha256 = "029hyylwjsbwkw1v75nbkkmrncgz30y2qwdysmpz0xyb5q7x6zbj";
};
nativeBuildInputs = with python3.pkgs; [

4
pkgs/applications/audio/mixxx/default.nix
View File

@ -7,13 +7,13 @@
stdenv.mkDerivation rec {
name = "mixxx-${version}";
version = "2.1.3";
version = "2.1.4";
src = fetchFromGitHub {
owner = "mixxxdj";
repo = "mixxx";
rev = "release-${version}";
sha256 = "1fm8lkbnxka4haidf6yr8mb3r6vaxmc97hhrp8pcx0fvq2mnzvy2";
sha256 = "1q1px4033marraprvgr5yq9jlz943kcc10fdkn7py2ma8cfgnipq";
};
nativeBuildInputs = [ makeWrapper ];

4
pkgs/applications/audio/mopidy/iris.nix
View File

@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris";
version = "3.25.1";
version = "3.26.2";
src = pythonPackages.fetchPypi {
inherit pname version;
sha256 = "148ksv87lw3l3dwncmlq8qzv6xik29axdgaljdcp0g4pd98a7dlk";
sha256 = "04jg5k8znkn0iirfnsndm74f8mypj8zwj76j489l0m263k1kn715";
};
propagatedBuildInputs = [

Some files were not shown because too many files have changed in this diff Show More