public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'staging-next' into staging

This commit is contained in:
Jan Tojnar 2021-01-24 20:43:48 +01:00
parent 8f2c39bfec cc8fd11ffb
commit 3c5dff210a
No known key found for this signature in database
GPG Key ID: 7FAB2A15F7A607A4
631 changed files with 2683 additions and 2201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/licenses.nix
View File

@ -87,7 +87,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
beerware = spdx {
spdxId = "Beerware";
fullName = ''Beerware License'';
fullName = "Beerware License";
};
blueOak100 = spdx {
@ -107,7 +107,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
bsd2Patent = spdx {
spdxId = "BSD-2-Clause-Patent";
fullName = ''BSD-2-Clause Plus Patent License'';
fullName = "BSD-2-Clause Plus Patent License";
};
bsd3 = spdx {

6
maintainers/maintainer-list.nix
View File

@ -3699,6 +3699,12 @@
githubId = 896431;
name = "Chris Hodapp";
};
holymonson = {
email = "holymonson@gmail.com";
github = "holymonson";
githubId = 902012;
name = "Monson Shao";
};
hongchangwu = {
email = "wuhc85@gmail.com";
github = "hongchangwu";

2
nixos/modules/config/console.nix
View File

@ -83,7 +83,7 @@ in
packages = mkOption {
type = types.listOf types.package;
default = with pkgs.kbdKeymaps; [ dvp neo ];
defaultText = ''with pkgs.kbdKeymaps; [ dvp neo ]'';
defaultText = "with pkgs.kbdKeymaps; [ dvp neo ]";
description = ''
List of additional packages that provide console fonts, keymaps and
other resources for virtual consoles use.

2
nixos/modules/config/fonts/fontconfig.nix
View File

@ -436,7 +436,7 @@ in
useEmbeddedBitmaps = mkOption {
type = types.bool;
default = false;
description = ''Use embedded bitmaps in fonts like Calibri.'';
description = "Use embedded bitmaps in fonts like Calibri.";
};
};

2
nixos/modules/config/i18n.nix
View File

@ -84,7 +84,7 @@ with lib;
environment.etc."locale.conf".source = pkgs.writeText "locale.conf"
''
LANG=${config.i18n.defaultLocale}
${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}
${concatStringsSep "\n" (mapAttrsToList (n: v: "${n}=${v}") config.i18n.extraLocaleSettings)}
'';
};

3
nixos/modules/config/networking.nix
View File

@ -195,8 +195,7 @@ in
'';
# /etc/netgroup: Network-wide groups.
netgroup.text = mkDefault ''
'';
netgroup.text = mkDefault "";
# /etc/host.conf: resolver configuration file
"host.conf".text = ''

2
nixos/modules/config/pulseaudio.nix
View File

@ -183,7 +183,7 @@ in {
config = mkOption {
type = types.attrsOf types.unspecified;
default = {};
description = ''Config of the pulse daemon. See <literal>man pulse-daemon.conf</literal>.'';
description = "Config of the pulse daemon. See <literal>man pulse-daemon.conf</literal>.";
example = literalExample ''{ realtime-scheduling = "yes"; }'';
};
};

4
nixos/modules/config/users-groups.nix
View File

@ -364,7 +364,7 @@ let
count = mkOption {
type = types.int;
default = 1;
description = ''Count of subordinate user ids'';
description = "Count of subordinate user ids";
};
};
};
@ -381,7 +381,7 @@ let
count = mkOption {
type = types.int;
default = 1;
description = ''Count of subordinate group ids'';
description = "Count of subordinate group ids";
};
};
};

2
nixos/modules/hardware/video/bumblebee.nix
View File

@ -40,7 +40,7 @@ in
default = "wheel";
example = "video";
type = types.str;
description = ''Group for bumblebee socket'';
description = "Group for bumblebee socket";
};
connectDisplay = mkOption {

2
nixos/modules/misc/locate.nix
View File

@ -215,7 +215,7 @@ in {
''
else ''
exec ${cfg.locate}/bin/updatedb \
${optionalString (cfg.localuser != null && ! isMLocate) ''--localuser=${cfg.localuser}''} \
${optionalString (cfg.localuser != null && ! isMLocate) "--localuser=${cfg.localuser}"} \
--output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
'';
environment = optionalAttrs (!isMLocate) {

2
nixos/modules/misc/nixpkgs.nix
View File

@ -73,7 +73,7 @@ in
}
'';
type = pkgsType;
example = literalExample ''import <nixpkgs> {}'';
example = literalExample "import <nixpkgs> {}";
description = ''
If set, the pkgs argument to all NixOS modules is the value of
this option, extended with <code>nixpkgs.overlays</code>, if

14
nixos/modules/programs/captive-browser.nix
View File

@ -27,14 +27,14 @@ in
# the options below are the same as in "captive-browser.toml"
browser = mkOption {
type = types.str;
default = concatStringsSep " " [ ''${pkgs.chromium}/bin/chromium''
''--user-data-dir=''${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive''
default = concatStringsSep " " [ "${pkgs.chromium}/bin/chromium"
"--user-data-dir=\${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive"
''--proxy-server="socks5://$PROXY"''
''--host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost"''
''--no-first-run''
''--new-window''
''--incognito''
''http://cache.nixos.org/''
"--no-first-run"
"--new-window"
"--incognito"
"http://cache.nixos.org/"
];
description = ''
The shell (/bin/sh) command executed once the proxy starts.
@ -62,7 +62,7 @@ in
socks5-addr = mkOption {
type = types.str;
default = "localhost:1666";
description = ''the listen address for the SOCKS5 proxy server'';
description = "the listen address for the SOCKS5 proxy server";
};
bindInterface = mkOption {

2
nixos/modules/programs/command-not-found/command-not-found.nix
View File

@ -80,6 +80,8 @@ in
# Retry the command if we just installed it.
if [ $? = 126 ]; then
"$@"
else
return 127
fi
else
# Indicate than there was an error so ZSH falls back to its default handler

2
nixos/modules/programs/fish.nix
View File

@ -24,7 +24,7 @@ let
"source /etc/fish/${file}.fish"
else
''
set fish_function_path ${pkgs.fishPlugins.foreign-env}/share/fish-foreign-env/functions $fish_function_path
set fish_function_path ${pkgs.fishPlugins.foreign-env}/share/fish/vendor_functions.d $fish_function_path
fenv source /etc/fish/foreign-env/${file} > /dev/null
set -e fish_function_path[1]
'';

2
nixos/modules/programs/ssh.nix
View File

@ -36,7 +36,7 @@ in
askPassword = mkOption {
type = types.str;
default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
description = ''Program used by SSH to ask for passwords.'';
description = "Program used by SSH to ask for passwords.";
};
forwardX11 = mkOption {

2
nixos/modules/programs/xss-lock.nix
View File

@ -11,7 +11,7 @@ in
lockerCommand = mkOption {
default = "${pkgs.i3lock}/bin/i3lock";
example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy'';
example = literalExample "\${pkgs.i3lock-fancy}/bin/i3lock-fancy";
type = types.separatedString " ";
description = "Locker to be used with xsslock";
};

6
nixos/modules/services/audio/mpd.nix
View File

@ -74,7 +74,7 @@ in {
musicDirectory = mkOption {
type = with types; either path (strMatching "(http|https|nfs|smb)://.+");
default = "${cfg.dataDir}/music";
defaultText = ''''${dataDir}/music'';
defaultText = "\${dataDir}/music";
description = ''
The directory or NFS/SMB network share where MPD reads music from. If left
as the default value this directory will automatically be created before
@ -86,7 +86,7 @@ in {
playlistDirectory = mkOption {
type = types.path;
default = "${cfg.dataDir}/playlists";
defaultText = ''''${dataDir}/playlists'';
defaultText = "\${dataDir}/playlists";
description = ''
The directory where MPD stores playlists. If left as the default value
this directory will automatically be created before the MPD server starts,
@ -155,7 +155,7 @@ in {
dbFile = mkOption {
type = types.nullOr types.str;
default = "${cfg.dataDir}/tag_cache";
defaultText = ''''${dataDir}/tag_cache'';
defaultText = "\${dataDir}/tag_cache";
description = ''
The path to MPD's database. If set to <literal>null</literal> the
parameter is omitted from the configuration.

3
nixos/modules/services/backup/bacula.nix
View File

@ -190,8 +190,7 @@ let
};
devices = mkOption {
description = ''
'';
description = "";
};
extraAutochangerConfig = mkOption {

2
nixos/modules/services/backup/tarsnap.nix
View File

@ -354,7 +354,7 @@ in
script = let
tarsnap = ''tarsnap --configfile "/etc/tarsnap/${name}.conf"'';
lastArchive = ''$(${tarsnap} --list-archives | sort | tail -1)'';
lastArchive = "$(${tarsnap} --list-archives | sort | tail -1)";
run = ''${tarsnap} -x -f "${lastArchive}" ${optionalString cfg.verbose "-v"}'';
in if (cfg.cachedir != null) then ''

3
nixos/modules/services/cluster/hadoop/default.nix
View File

@ -50,8 +50,7 @@ with lib;
default = pkgs.hadoop;
defaultText = "pkgs.hadoop";
example = literalExample "pkgs.hadoop";
description = ''
'';
description = "";
};
};

6
nixos/modules/services/computing/slurm/slurm.nix
View File

@ -14,8 +14,8 @@ let
ClusterName=${cfg.clusterName}
StateSaveLocation=${cfg.stateSaveLocation}
SlurmUser=${cfg.user}
${optionalString (cfg.controlMachine != null) ''controlMachine=${cfg.controlMachine}''}
${optionalString (cfg.controlAddr != null) ''controlAddr=${cfg.controlAddr}''}
${optionalString (cfg.controlMachine != null) "controlMachine=${cfg.controlMachine}"}
${optionalString (cfg.controlAddr != null) "controlAddr=${cfg.controlAddr}"}
${toString (map (x: "NodeName=${x}\n") cfg.nodeName)}
${toString (map (x: "PartitionName=${x}\n") cfg.partitionName)}
PlugStackConfig=${plugStackConfig}/plugstack.conf
@ -25,7 +25,7 @@ let
plugStackConfig = pkgs.writeTextDir "plugstack.conf"
''
${optionalString cfg.enableSrunX11 ''optional ${pkgs.slurm-spank-x11}/lib/x11.so''}
${optionalString cfg.enableSrunX11 "optional ${pkgs.slurm-spank-x11}/lib/x11.so"}
${cfg.extraPlugstackConfig}
'';

1
nixos/modules/services/continuous-integration/buildbot/master.nix
View File

@ -223,6 +223,7 @@ in {
};
pythonPackages = mkOption {
type = types.listOf types.package;
default = pythonPackages: with pythonPackages; [ ];
defaultText = "pythonPackages: with pythonPackages; [ ]";
description = "Packages to add the to the PYTHONPATH of the buildbot process.";

3
nixos/modules/services/databases/couchdb.nix
View File

@ -16,8 +16,7 @@ let
[admins]
${cfg.adminUser} = ${cfg.adminPass}
'' else
''
'') + (if useVersion2 then
"") + (if useVersion2 then
''
[chttpd]
'' else

2
nixos/modules/services/databases/firebird.nix
View File

@ -117,7 +117,7 @@ in
serviceConfig.User = cfg.user;
serviceConfig.LogsDirectory = "firebird";
serviceConfig.LogsDirectoryMode = "0700";
serviceConfig.ExecStart = ''${firebird}/bin/fbserver -d'';
serviceConfig.ExecStart = "${firebird}/bin/fbserver -d";
# TODO think about shutdown
};

8
nixos/modules/services/databases/neo4j.nix
View File

@ -16,14 +16,14 @@ let
''}
dbms.ssl.policy.${name}.client_auth=${conf.clientAuth}
${if length (splitString "/" conf.privateKey) > 1 then
''dbms.ssl.policy.${name}.private_key=${conf.privateKey}''
"dbms.ssl.policy.${name}.private_key=${conf.privateKey}"
else
''dbms.ssl.policy.${name}.private_key=${conf.baseDirectory}/${conf.privateKey}''
"dbms.ssl.policy.${name}.private_key=${conf.baseDirectory}/${conf.privateKey}"
}
${if length (splitString "/" conf.privateKey) > 1 then
''dbms.ssl.policy.${name}.public_certificate=${conf.publicCertificate}''
"dbms.ssl.policy.${name}.public_certificate=${conf.publicCertificate}"
else
''dbms.ssl.policy.${name}.public_certificate=${conf.baseDirectory}/${conf.publicCertificate}''
"dbms.ssl.policy.${name}.public_certificate=${conf.baseDirectory}/${conf.publicCertificate}"
}
dbms.ssl.policy.${name}.revoked_dir=${conf.revokedDir}
dbms.ssl.policy.${name}.tls_versions=${concatStringsSep "," conf.tlsVersions}

2
nixos/modules/services/development/bloop.nix
View File

@ -44,7 +44,7 @@ in {
};
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.bloop}/bin/bloop server'';
ExecStart = "${pkgs.bloop}/bin/bloop server";
Restart = "always";
};
};

8
nixos/modules/services/editors/infinoted.nix
View File

@ -141,14 +141,14 @@ in {
install -o ${cfg.user} -g ${cfg.group} -m 0600 /dev/null /var/lib/infinoted/infinoted.conf
cat >>/var/lib/infinoted/infinoted.conf <<EOF
[infinoted]
${optionalString (cfg.keyFile != null) ''key-file=${cfg.keyFile}''}
${optionalString (cfg.certificateFile != null) ''certificate-file=${cfg.certificateFile}''}
${optionalString (cfg.certificateChain != null) ''certificate-chain=${cfg.certificateChain}''}
${optionalString (cfg.keyFile != null) "key-file=${cfg.keyFile}"}
${optionalString (cfg.certificateFile != null) "certificate-file=${cfg.certificateFile}"}
${optionalString (cfg.certificateChain != null) "certificate-chain=${cfg.certificateChain}"}
port=${toString cfg.port}
security-policy=${cfg.securityPolicy}
root-directory=${cfg.rootDirectory}
plugins=${concatStringsSep ";" cfg.plugins}
${optionalString (cfg.passwordFile != null) ''password=$(head -n 1 ${cfg.passwordFile})''}
${optionalString (cfg.passwordFile != null) "password=$(head -n 1 ${cfg.passwordFile})"}
${cfg.extraConfig}
EOF

2
nixos/modules/services/games/openarena.nix
View File

@ -19,7 +19,7 @@ in
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''Extra flags to pass to <command>oa_ded</command>'';
description = "Extra flags to pass to <command>oa_ded</command>";
example = [
"+set dedicated 2"
"+set sv_hostname 'My NixOS OpenArena Server'"

4
nixos/modules/services/logging/logstash.nix
View File

@ -100,7 +100,7 @@ in
inputConfig = mkOption {
type = types.lines;
default = ''generator { }'';
default = "generator { }";
description = "Logstash input configuration.";
example = ''
# Read from journal
@ -131,7 +131,7 @@ in
outputConfig = mkOption {
type = types.lines;
default = ''stdout { codec => rubydebug }'';
default = "stdout { codec => rubydebug }";
description = "Logstash output configuration.";
example = ''
redis { host => ["localhost"] data_type => "list" key => "logstash" codec => json }

2
nixos/modules/services/mail/postgrey.nix
View File

@ -163,7 +163,7 @@ in {
systemd.services.postgrey = let
bind-flag = if cfg.socket ? path then
''--unix=${cfg.socket.path} --socketmode=${cfg.socket.mode}''
"--unix=${cfg.socket.path} --socketmode=${cfg.socket.mode}"
else
''--inet=${optionalString (cfg.socket.addr != null) (cfg.socket.addr + ":")}${toString cfg.socket.port}'';
in {

1
nixos/modules/services/misc/autofs.nix
View File

@ -52,6 +52,7 @@ in
};
timeout = mkOption {
type = types.int;
default = 600;
description = "Set the global minimum timeout, in seconds, until directories are unmounted";
};

2
nixos/modules/services/misc/cgminer.nix
View File

@ -120,7 +120,7 @@ in
wantedBy = [ "multi-user.target" ];
environment = {
LD_LIBRARY_PATH = ''/run/opengl-driver/lib:/run/opengl-driver-32/lib'';
LD_LIBRARY_PATH = "/run/opengl-driver/lib:/run/opengl-driver-32/lib";
DISPLAY = ":${toString config.services.xserver.display}";
GPU_MAX_ALLOC_PERCENT = "100";
GPU_USE_SYNC_OBJECTS = "1";

2
nixos/modules/services/misc/dictd.nix
View File

@ -27,7 +27,7 @@ in
default = with pkgs.dictdDBs; [ wiktionary wordnet ];
defaultText = "with pkgs.dictdDBs; [ wiktionary wordnet ]";
example = literalExample "[ pkgs.dictdDBs.nld2eng ]";
description = ''List of databases to make available.'';
description = "List of databases to make available.";
};
};

2
nixos/modules/services/misc/exhibitor.nix
View File

@ -185,7 +185,7 @@ in
};
zkExtraCfg = mkOption {
type = types.str;
default = ''initLimit=5&syncLimit=2&tickTime=2000'';
default = "initLimit=5&syncLimit=2&tickTime=2000";
description = ''
Extra options to pass into Zookeeper
'';

3
nixos/modules/services/misc/gitea.nix
View File

@ -597,8 +597,7 @@ in
users.groups.gitea = {};
warnings =
optional (cfg.database.password != "") ''
config.services.gitea.database.password will be stored as plaintext in the Nix store. Use database.passwordFile instead.'' ++
optional (cfg.database.password != "") "config.services.gitea.database.password will be stored as plaintext in the Nix store. Use database.passwordFile instead." ++
optional (cfg.extraConfig != null) ''
services.gitea.`extraConfig` is deprecated, please use services.gitea.`settings`.
'';

3
nixos/modules/services/misc/matrix-synapse.nix
View File

@ -504,8 +504,7 @@ in {
report_stats = mkOption {
type = types.bool;
default = false;
description = ''
'';
description = "";
};
servers = mkOption {
type = types.attrsOf (types.attrsOf types.str);

2
nixos/modules/services/monitoring/apcupsd.nix
View File

@ -104,7 +104,7 @@ in
hooks = mkOption {
default = {};
example = {
doshutdown = ''# shell commands to notify that the computer is shutting down'';
doshutdown = "# shell commands to notify that the computer is shutting down";
};
type = types.attrsOf types.lines;
description = ''

6
nixos/modules/services/monitoring/graphite.nix
View File

@ -25,10 +25,10 @@ let
graphiteApiConfig = pkgs.writeText "graphite-api.yaml" ''
search_index: ${dataDir}/index
${optionalString (config.time.timeZone != null) ''time_zone: ${config.time.timeZone}''}
${optionalString (cfg.api.finders != []) ''finders:''}
${optionalString (config.time.timeZone != null) "time_zone: ${config.time.timeZone}"}
${optionalString (cfg.api.finders != []) "finders:"}
${concatMapStringsSep "\n" (f: " - " + f.moduleName) cfg.api.finders}
${optionalString (cfg.api.functions != []) ''functions:''}
${optionalString (cfg.api.functions != []) "functions:"}
${concatMapStringsSep "\n" (f: " - " + f) cfg.api.functions}
${cfg.api.extraConfig}
'';

2
nixos/modules/services/monitoring/incron.nix
View File

@ -67,7 +67,7 @@ in
config = mkIf cfg.enable {
warnings = optional (cfg.allow != null && cfg.deny != null)
''If `services.incron.allow` is set then `services.incron.deny` will be ignored.'';
"If `services.incron.allow` is set then `services.incron.deny` will be ignored.";
environment.systemPackages = [ pkgs.incron ];

2
nixos/modules/services/monitoring/prometheus/exporters/collectd.nix
View File

@ -20,7 +20,7 @@ in
port = mkOption {
type = types.int;
default = 25826;
description = ''Network address on which to accept collectd binary network packets.'';
description = "Network address on which to accept collectd binary network packets.";
};
listenAddress = mkOption {

2
nixos/modules/services/monitoring/telegraf.nix
View File

@ -69,7 +69,7 @@ in {
umask 077
${pkgs.envsubst}/bin/envsubst -i "${configFile}" > /var/run/telegraf/config.toml
'');
ExecStart=''${cfg.package}/bin/telegraf -config ${finalConfigFile}'';
ExecStart="${cfg.package}/bin/telegraf -config ${finalConfigFile}";
ExecReload="${pkgs.coreutils}/bin/kill -HUP $MAINPID";
RuntimeDirectory = "telegraf";
User = "telegraf";

4
nixos/modules/services/monitoring/thanos.nix
View File

@ -12,7 +12,7 @@ let
};
optionToArgs = opt: v : optional (v != null) ''--${opt}="${toString v}"'';
flagToArgs = opt: v : optional v ''--${opt}'';
flagToArgs = opt: v : optional v "--${opt}";
listToArgs = opt: vs : map (v: ''--${opt}="${v}"'') vs;
attrsToArgs = opt: kvs: mapAttrsToList (k: v: ''--${opt}=${k}=\"${v}\"'') kvs;
@ -67,7 +67,7 @@ let
preferLocalBuild = true;
json = builtins.toFile "${name}.json" (builtins.toJSON attrs);
nativeBuildInputs = [ pkgs.remarshal ];
} ''json2yaml -i $json -o $out'';
} "json2yaml -i $json -o $out";
thanos = cmd: "${cfg.package}/bin/thanos ${cmd}" +
(let args = cfg.${cmd}.arguments;

2
nixos/modules/services/monitoring/ups.nix
View File

@ -205,7 +205,7 @@ in
after = [ "upsd.service" ];
wantedBy = [ "multi-user.target" ];
# TODO: replace 'root' by another username.
script = ''${pkgs.nut}/bin/upsdrvctl -u root start'';
script = "${pkgs.nut}/bin/upsdrvctl -u root start";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;

4
nixos/modules/services/network-filesystems/ceph.nix
View File

@ -48,7 +48,7 @@ let
ExecStart = ''${ceph.out}/bin/${if daemonType == "rgw" then "radosgw" else "ceph-${daemonType}"} \
-f --cluster ${clusterName} --id ${daemonId}'';
} // optionalAttrs (daemonType == "osd") {
ExecStartPre = ''${ceph.lib}/libexec/ceph/ceph-osd-prestart.sh --id ${daemonId} --cluster ${clusterName}'';
ExecStartPre = "${ceph.lib}/libexec/ceph/ceph-osd-prestart.sh --id ${daemonId} --cluster ${clusterName}";
RestartSec = "20s";
PrivateDevices = "no"; # osd needs disk access
} // optionalAttrs ( daemonType == "mon") {
@ -353,7 +353,7 @@ in
];
warnings = optional (cfg.global.monInitialMembers == null)
''Not setting up a list of members in monInitialMembers requires that you set the host variable for each mon daemon or else the cluster won't function'';
"Not setting up a list of members in monInitialMembers requires that you set the host variable for each mon daemon or else the cluster won't function";
environment.etc."ceph/ceph.conf".text = let
# Merge the extraConfig set for mgr daemons, as mgr don't have their own section

4
nixos/modules/services/networking/amuled.nix
View File

@ -24,13 +24,15 @@ in
};
dataDir = mkOption {
default = ''/home/${user}/'';
type = types.str;
default = "/home/${user}/";
description = ''
The directory holding configuration, incoming and temporary files.
'';
};
user = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The user the AMule daemon should run as.

4
nixos/modules/services/networking/cntlm.nix
View File

@ -42,13 +42,13 @@ in
};
domain = mkOption {
description = ''Proxy account domain/workgroup name.'';
description = "Proxy account domain/workgroup name.";
};
password = mkOption {
default = "/etc/cntlm.password";
type = types.str;
description = ''Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.'';
description = "Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.";
};
netbios_hostname = mkOption {

3
nixos/modules/services/networking/connman.nix
View File

@ -42,8 +42,7 @@ in {
extraConfig = mkOption {
type = types.lines;
default = ''
'';
default = "";
description = ''
Configuration lines appended to the generated connman configuration file.
'';

3
nixos/modules/services/networking/dnsdist.nix
View File

@ -26,8 +26,7 @@ in {
extraConfig = mkOption {
type = types.lines;
default = ''
'';
default = "";
description = ''
Extra lines to be added verbatim to dnsdist.conf.
'';

4
nixos/modules/services/networking/gateone.nix
View File

@ -10,12 +10,12 @@ options = {
pidDir = mkOption {
default = "/run/gateone";
type = types.path;
description = ''Path of pid files for GateOne.'';
description = "Path of pid files for GateOne.";
};
settingsDir = mkOption {
default = "/var/lib/gateone";
type = types.path;
description = ''Path of configuration files for GateOne.'';
description = "Path of configuration files for GateOne.";
};
};
};

4
nixos/modules/services/networking/hostapd.nix
View File

@ -20,8 +20,8 @@ let
ssid=${cfg.ssid}
hw_mode=${cfg.hwMode}
channel=${toString cfg.channel}
${optionalString (cfg.countryCode != null) ''country_code=${cfg.countryCode}''}
${optionalString (cfg.countryCode != null) ''ieee80211d=1''}
${optionalString (cfg.countryCode != null) "country_code=${cfg.countryCode}"}
${optionalString (cfg.countryCode != null) "ieee80211d=1"}
# logging (debug level)
logger_syslog=-1

6
nixos/modules/services/networking/hylafax/modem-default.nix
View File

@ -5,7 +5,7 @@
{
TagLineFont = "etc/LiberationSans-25.pcf";
TagLineLocale = ''en_US.UTF-8'';
TagLineLocale = "en_US.UTF-8";
AdminGroup = "root"; # groups that can change server config
AnswerRotary = "fax"; # don't accept anything else but faxes
@ -16,7 +16,7 @@
SessionTracing = "0x78701";
UUCPLockDir = "/var/lock";
SendPageCmd = ''${pkgs.coreutils}/bin/false''; # prevent pager transmit
SendUUCPCmd = ''${pkgs.coreutils}/bin/false''; # prevent UUCP transmit
SendPageCmd = "${pkgs.coreutils}/bin/false"; # prevent pager transmit
SendUUCPCmd = "${pkgs.coreutils}/bin/false"; # prevent UUCP transmit
}

20
nixos/modules/services/networking/hylafax/options.nix
View File

@ -85,8 +85,8 @@ let
# Otherwise, we use `false` to provoke
# an error if hylafax tries to use it.
c.sendmailPath = mkMerge [
(mkIfDefault noWrapper ''${pkgs.coreutils}/bin/false'')
(mkIfDefault (!noWrapper) ''${wrapperDir}/${program}'')
(mkIfDefault noWrapper "${pkgs.coreutils}/bin/false")
(mkIfDefault (!noWrapper) "${wrapperDir}/${program}")
];
importDefaultConfig = file:
lib.attrsets.mapAttrs
@ -121,7 +121,7 @@ in
options.services.hylafax = {
enable = mkEnableOption ''HylaFAX server'';
enable = mkEnableOption "HylaFAX server";
autostart = mkOption {
type = bool;
@ -139,28 +139,28 @@ in
type = nullOr str1;
default = null;
example = "49";
description = ''Country code for server and all modems.'';
description = "Country code for server and all modems.";
};
areaCode = mkOption {
type = nullOr str1;
default = null;
example = "30";
description = ''Area code for server and all modems.'';
description = "Area code for server and all modems.";
};
longDistancePrefix = mkOption {
type = nullOr str;
default = null;
example = "0";
description = ''Long distance prefix for server and all modems.'';
description = "Long distance prefix for server and all modems.";
};
internationalPrefix = mkOption {
type = nullOr str;
default = null;
example = "00";
description = ''International prefix for server and all modems.'';
description = "International prefix for server and all modems.";
};
spoolAreaPath = mkOption {
@ -267,7 +267,7 @@ in
spoolExtraInit = mkOption {
type = lines;
default = "";
example = ''chmod 0755 . # everyone may read my faxes'';
example = "chmod 0755 . # everyone may read my faxes";
description = ''
Additional shell code that is executed within the
spooling area directory right after its setup.
@ -345,7 +345,7 @@ in
faxqclean.doneqMinutes = mkOption {
type = int1;
default = 15;
example = literalExample ''24*60'';
example = literalExample "24*60";
description = ''
Set the job
age threshold (in minutes) that controls how long
@ -355,7 +355,7 @@ in
faxqclean.docqMinutes = mkOption {
type = int1;
default = 60;
example = literalExample ''24*60'';
example = literalExample "24*60";
description = ''
Set the document
age threshold (in minutes) that controls how long

28
nixos/modules/services/networking/hylafax/systemd.nix
View File

@ -16,12 +16,12 @@ let
mkLines = conf:
(lib.concatLists
(lib.flip lib.mapAttrsToList conf
(k: map (v: ''${k}: ${v}'')
(k: map (v: "${k}: ${v}")
)));
include = mkLines { Include = conf.Include or []; };
other = mkLines ( conf // { Include = []; } );
in
pkgs.writeText ''hylafax-config${name}''
pkgs.writeText "hylafax-config${name}"
(concatStringsSep "\n" (include ++ other));
globalConfigPath = mkConfigFile "" cfg.faxqConfig;
@ -29,7 +29,7 @@ let
modemConfigPath =
let
mkModemConfigFile = { config, name, ... }:
mkConfigFile ''.${name}''
mkConfigFile ".${name}"
(cfg.commonModemConfig // config);
mkLine = { name, type, ... }@modem: ''
# check if modem config file exists:
@ -81,7 +81,7 @@ let
description = "HylaFAX queue manager sendq watch";
documentation = [ "man:faxq(8)" "man:sendq(5)" ];
wantedBy = [ "multi-user.target" ];
pathConfig.PathExistsGlob = [ ''${cfg.spoolAreaPath}/sendq/q*'' ];
pathConfig.PathExistsGlob = [ "${cfg.spoolAreaPath}/sendq/q*" ];
};
timers = mkMerge [
@ -134,7 +134,7 @@ let
exit 1
fi
'';
serviceConfig.ExecStop = ''${setupSpoolScript}'';
serviceConfig.ExecStop = "${setupSpoolScript}";
serviceConfig.RemainAfterExit = true;
serviceConfig.Type = "oneshot";
unitConfig.RequiresMountsFor = [ cfg.spoolAreaPath ];
@ -145,7 +145,7 @@ let
documentation = [ "man:faxq(8)" ];
requires = [ "hylafax-spool.service" ];
after = [ "hylafax-spool.service" ];
wants = mapModems ( { name, ... }: ''hylafax-faxgetty@${name}.service'' );
wants = mapModems ( { name, ... }: "hylafax-faxgetty@${name}.service" );
wantedBy = mkIf cfg.autostart [ "multi-user.target" ];
serviceConfig.Type = "forking";
serviceConfig.ExecStart = ''${pkgs.hylafaxplus}/spool/bin/faxq -q "${cfg.spoolAreaPath}"'';
@ -155,7 +155,7 @@ let
# stopped will always yield a failed send attempt:
# The fax service is started when the job is created with
# `sendfax`, but modems need some time to initialize.
serviceConfig.ExecStartPost = [ ''${waitFaxqScript}'' ];
serviceConfig.ExecStartPost = [ "${waitFaxqScript}" ];
# faxquit fails if the pipe is already gone
# (e.g. the service is already stopping)
serviceConfig.ExecStop = ''-${pkgs.hylafaxplus}/spool/bin/faxquit -q "${cfg.spoolAreaPath}"'';
@ -186,7 +186,7 @@ let
wantedBy = mkIf cfg.faxcron.enable.spoolInit requires;
startAt = mkIf (cfg.faxcron.enable.frequency!=null) cfg.faxcron.enable.frequency;
serviceConfig.ExecStart = concatStringsSep " " [
''${pkgs.hylafaxplus}/spool/bin/faxcron''
"${pkgs.hylafaxplus}/spool/bin/faxcron"
''-q "${cfg.spoolAreaPath}"''
''-info ${toString cfg.faxcron.infoDays}''
''-log ${toString cfg.faxcron.logDays}''
@ -202,18 +202,18 @@ let
wantedBy = mkIf cfg.faxqclean.enable.spoolInit requires;
startAt = mkIf (cfg.faxqclean.enable.frequency!=null) cfg.faxqclean.enable.frequency;
serviceConfig.ExecStart = concatStringsSep " " [
''${pkgs.hylafaxplus}/spool/bin/faxqclean''
"${pkgs.hylafaxplus}/spool/bin/faxqclean"
''-q "${cfg.spoolAreaPath}"''
''-v''
(optionalString (cfg.faxqclean.archiving!="never") ''-a'')
(optionalString (cfg.faxqclean.archiving=="always") ''-A'')
"-v"
(optionalString (cfg.faxqclean.archiving!="never") "-a")
(optionalString (cfg.faxqclean.archiving=="always") "-A")
''-j ${toString (cfg.faxqclean.doneqMinutes*60)}''
''-d ${toString (cfg.faxqclean.docqMinutes*60)}''
];
};
mkFaxgettyService = { name, ... }:
lib.nameValuePair ''hylafax-faxgetty@${name}'' rec {
lib.nameValuePair "hylafax-faxgetty@${name}" rec {
description = "HylaFAX faxgetty for %I";
documentation = [ "man:faxgetty(8)" ];
bindsTo = [ "dev-%i.device" ];
@ -221,7 +221,7 @@ let
after = bindsTo ++ requires;
before = [ "hylafax-faxq.service" "getty.target" ];
unitConfig.StopWhenUnneeded = true;
unitConfig.AssertFileNotEmpty = ''${cfg.spoolAreaPath}/etc/config.%I'';
unitConfig.AssertFileNotEmpty = "${cfg.spoolAreaPath}/etc/config.%I";
serviceConfig.UtmpIdentifier = "%I";
serviceConfig.TTYPath = "/dev/%I";
serviceConfig.Restart = "always";

14
nixos/modules/services/networking/kippo.nix
View File

@ -17,37 +17,37 @@ in
enable = mkOption {
default = false;
type = types.bool;
description = ''Enable the kippo honeypot ssh server.'';
description = "Enable the kippo honeypot ssh server.";
};
port = mkOption {
default = 2222;
type = types.int;
description = ''TCP port number for kippo to bind to.'';
description = "TCP port number for kippo to bind to.";
};
hostname = mkOption {
default = "nas3";
type = types.str;
description = ''Hostname for kippo to present to SSH login'';
description = "Hostname for kippo to present to SSH login";
};
varPath = mkOption {
default = "/var/lib/kippo";
type = types.path;
description = ''Path of read/write files needed for operation and configuration.'';
description = "Path of read/write files needed for operation and configuration.";
};
logPath = mkOption {
default = "/var/log/kippo";
type = types.path;
description = ''Path of log files needed for operation and configuration.'';
description = "Path of log files needed for operation and configuration.";
};
pidPath = mkOption {
default = "/run/kippo";
type = types.path;
description = ''Path of pid files needed for operation.'';
description = "Path of pid files needed for operation.";
};
extraConfig = mkOption {
default = "";
type = types.lines;
description = ''Extra verbatim configuration added to the end of kippo.cfg.'';
description = "Extra verbatim configuration added to the end of kippo.cfg.";
};
};

62
nixos/modules/services/networking/nomad.nix
View File

@ -66,6 +66,20 @@ in
description = ''
Configuration for Nomad. See the <link xlink:href="https://www.nomadproject.io/docs/configuration">documentation</link>
for supported values.
Notes about <literal>data_dir</literal>:
If <literal>data_dir</literal> is set to a value other than the
default value of <literal>"/var/lib/nomad"</literal> it is the Nomad
cluster manager's responsibility to make sure that this directory
exists and has the appropriate permissions.
Additionally, if <literal>dropPrivileges</literal> is
<literal>true</literal> then <literal>data_dir</literal>
<emphasis>cannot</emphasis> be customized. Setting
<literal>dropPrivileges</literal> to <literal>true</literal> enables
the <literal>DynamicUser</literal> feature of systemd which directly
manages and operates on <literal>StateDirectory</literal>.
'';
example = literalExample ''
{
@ -109,25 +123,28 @@ in
iptables
]);
serviceConfig = {
DynamicUser = cfg.dropPrivileges;
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStart = "${cfg.package}/bin/nomad agent -config=/etc/nomad.json" +
concatMapStrings (path: " -config=${path}") cfg.extraSettingsPaths;
KillMode = "process";
KillSignal = "SIGINT";
LimitNOFILE = 65536;
LimitNPROC = "infinity";
OOMScoreAdjust = -1000;
Restart = "on-failure";
RestartSec = 2;
# Agrees with the default `data_dir = "/var/lib/nomad"` in `settings` above.
StateDirectory = "nomad";
TasksMax = "infinity";
User = optionalString cfg.dropPrivileges "nomad";
} // (optionalAttrs cfg.enableDocker {
SupplementaryGroups = "docker"; # space-separated string
});
serviceConfig = mkMerge [
{
DynamicUser = cfg.dropPrivileges;
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStart = "${cfg.package}/bin/nomad agent -config=/etc/nomad.json" +
concatMapStrings (path: " -config=${path}") cfg.extraSettingsPaths;
KillMode = "process";
KillSignal = "SIGINT";
LimitNOFILE = 65536;
LimitNPROC = "infinity";
OOMScoreAdjust = -1000;
Restart = "on-failure";
RestartSec = 2;
TasksMax = "infinity";
}
(mkIf cfg.enableDocker {
SupplementaryGroups = "docker"; # space-separated string
})
(mkIf (cfg.settings.data_dir == "/var/lib/nomad") {
StateDirectory = "nomad";
})
];
unitConfig = {
StartLimitIntervalSec = 10;
@ -135,6 +152,13 @@ in
};
};
assertions = [
{
assertion = cfg.dropPrivileges -> cfg.settings.data_dir == "/var/lib/nomad";
message = "settings.data_dir must be equal to \"/var/lib/nomad\" if dropPrivileges is true";
}
];
# Docker support requires the Docker daemon to be running.
virtualisation.docker.enable = mkIf cfg.enableDocker true;
};

1
nixos/modules/services/networking/ntp/chrony.nix
View File

@ -82,6 +82,7 @@ in
};
initstepslew = mkOption {
type = types.attrsOf (types.either types.bool types.int);
default = {
enabled = true;
threshold = 1000; # by default, same threshold as 'ntpd -g' (1000s)

2
nixos/modules/services/networking/owamp.nix
View File

@ -10,7 +10,7 @@ in
###### interface
options = {
services.owamp.enable = mkEnableOption ''Enable OWAMP server'';
services.owamp.enable = mkEnableOption "Enable OWAMP server";
};

2
nixos/modules/services/networking/quassel.nix
View File

@ -61,7 +61,7 @@ in
};
dataDir = mkOption {
default = ''/home/${user}/.config/quassel-irc.org'';
default = "/home/${user}/.config/quassel-irc.org";
description = ''
The directory holding configuration files, the SQlite database and the SSL Cert.
'';

2
nixos/modules/services/networking/smokeping.nix
View File

@ -303,7 +303,7 @@ in
${cfg.package}/bin/smokeping --check --config=${configPath}
${cfg.package}/bin/smokeping --static --config=${configPath}
'';
script = ''${cfg.package}/bin/smokeping --config=${configPath} --nodaemon'';
script = "${cfg.package}/bin/smokeping --config=${configPath} --nodaemon";
};
systemd.services.thttpd = mkIf cfg.webService {
wantedBy = [ "multi-user.target"];

12
nixos/modules/services/networking/ssh/lshd.nix
View File

@ -56,25 +56,25 @@ in
syslog = mkOption {
type = types.bool;
default = true;
description = ''Whether to enable syslog output.'';
description = "Whether to enable syslog output.";
};
passwordAuthentication = mkOption {
type = types.bool;
default = true;
description = ''Whether to enable password authentication.'';
description = "Whether to enable password authentication.";
};
publicKeyAuthentication = mkOption {
type = types.bool;
default = true;
description = ''Whether to enable public key authentication.'';
description = "Whether to enable public key authentication.";
};
rootLogin = mkOption {
type = types.bool;
default = false;
description = ''Whether to enable remote root login.'';
description = "Whether to enable remote root login.";
};
loginShell = mkOption {
@ -96,13 +96,13 @@ in
tcpForwarding = mkOption {
type = types.bool;
default = true;
description = ''Whether to enable TCP/IP forwarding.'';
description = "Whether to enable TCP/IP forwarding.";
};
x11Forwarding = mkOption {
type = types.bool;
default = true;
description = ''Whether to enable X11 forwarding.'';
description = "Whether to enable X11 forwarding.";
};
subsystems = mkOption {

2
nixos/modules/services/networking/strongswan-swanctl/swanctl-params.nix
View File

@ -1273,7 +1273,7 @@ in {
provided the user is prompted during an interactive
<literal>--load-creds</literal> call.
'';
} ''Definition for a private key that's stored on a token/smartcard/TPM.'';
} "Definition for a private key that's stored on a token/smartcard/TPM.";
};

2
nixos/modules/services/networking/supybot.nix
View File

@ -70,7 +70,7 @@ in
value must be a function which receives the attrset defined
in <varname>python3Packages</varname> as the sole argument.
'';
example = literalExample ''p: [ p.lxml p.requests ]'';
example = literalExample "p: [ p.lxml p.requests ]";
};
};

4
nixos/modules/services/networking/wpa_supplicant.nix
View File

@ -14,8 +14,8 @@ let
then ''"${psk}"''
else pskRaw;
baseAuth = if key != null
then ''psk=${key}''
else ''key_mgmt=NONE'';
then "psk=${key}"
else "key_mgmt=NONE";
in ''
network={
ssid="${ssid}"

2
nixos/modules/services/security/usbguard.nix
View File

@ -173,7 +173,7 @@ in
serviceConfig = {
Type = "simple";
ExecStart = ''${cfg.package}/bin/usbguard-daemon -P -k -c ${daemonConfFile}'';
ExecStart = "${cfg.package}/bin/usbguard-daemon -P -k -c ${daemonConfFile}";
Restart = "on-failure";
StateDirectory = [

46
nixos/modules/services/security/vault.nix
View File

@ -27,6 +27,11 @@ let
''}
${cfg.extraConfig}
'';
allConfigPaths = [configFile] ++ cfg.extraSettingsPaths;
configOptions = escapeShellArgs (concatMap (p: ["-config" p]) allConfigPaths);
in
{
@ -84,7 +89,14 @@ in
storageConfig = mkOption {
type = types.nullOr types.lines;
default = null;
description = "Storage configuration";
description = ''
HCL configuration to insert in the storageBackend section.
Confidential values should not be specified here because this option's
value is written to the Nix store, which is publicly readable.
Provide credentials and such in a separate file using
<xref linkend="opt-services.vault.extraSettingsPaths"/>.
'';
};
telemetryConfig = mkOption {
@ -98,6 +110,36 @@ in
default = "";
description = "Extra text appended to <filename>vault.hcl</filename>.";
};
extraSettingsPaths = mkOption {
type = types.listOf types.path;
default = [];
description = ''
Configuration files to load besides the immutable one defined by the NixOS module.
This can be used to avoid putting credentials in the Nix store, which can be read by any user.
Each path can point to a JSON- or HCL-formatted file, or a directory
to be scanned for files with <literal>.hcl</literal> or
<literal>.json</literal> extensions.
To upload the confidential file with NixOps, use for example:
<programlisting><![CDATA[
# https://releases.nixos.org/nixops/latest/manual/manual.html#opt-deployment.keys
deployment.keys."vault.hcl" = let db = import ./db-credentials.nix; in {
text = ${"''"}
storage "postgresql" {
connection_url = "postgres://''${db.username}:''${db.password}@host.example.com/exampledb?sslmode=verify-ca"
}
${"''"};
user = "vault";
};
services.vault.extraSettingsPaths = ["/run/keys/vault.hcl"];
services.vault.storageBackend = "postgresql";
users.users.vault.extraGroups = ["keys"];
]]></programlisting>
'';
};
};
};
@ -136,7 +178,7 @@ in
serviceConfig = {
User = "vault";
Group = "vault";
ExecStart = "${cfg.package}/bin/vault server -config ${configFile}";
ExecStart = "${cfg.package}/bin/vault server ${configOptions}";
ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID";
PrivateDevices = true;
PrivateTmp = true;

2
nixos/modules/services/system/cloud-init.nix
View File

@ -98,7 +98,7 @@ in
- final-message
- power-state-change
'';
description = ''cloud-init configuration.'';
description = "cloud-init configuration.";
};
};

2
nixos/modules/services/web-apps/dokuwiki.nix
View File

@ -336,7 +336,7 @@ in
locations."/" = {
priority = 1;
index = "doku.php";
extraConfig = ''try_files $uri $uri/ @dokuwiki;'';
extraConfig = "try_files $uri $uri/ @dokuwiki;";
};
locations."@dokuwiki" = {

2
nixos/modules/services/web-apps/keycloak.nix
View File

@ -565,7 +565,7 @@ in
assertions = [
{
assertion = (cfg.databaseUseSSL && cfg.databaseType == "postgresql") -> (cfg.databaseCaCert != null);
message = ''A CA certificate must be specified (in 'services.keycloak.databaseCaCert') when PostgreSQL is used with SSL'';
message = "A CA certificate must be specified (in 'services.keycloak.databaseCaCert') when PostgreSQL is used with SSL";
}
];

2
nixos/modules/services/web-apps/moodle.nix
View File

@ -84,7 +84,7 @@ in
type = mkOption {
type = types.enum [ "mysql" "pgsql" ];
default = "mysql";
description = ''Database engine to use.'';
description = "Database engine to use.";
};
host = mkOption {

2
nixos/modules/services/web-servers/lighttpd/default.nix
View File

@ -193,7 +193,7 @@ in
configText = mkOption {
default = "";
type = types.lines;
example = ''...verbatim config file contents...'';
example = "...verbatim config file contents...";
description = ''
Overridable config file contents to use for lighttpd. By default, use
the contents automatically generated by NixOS.

3
nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix
View File

@ -60,8 +60,7 @@ in
version = mkOption {
default = 2;
type = types.enum [ 0 1 2 3 4 ];
description = ''
'';
description = "";
};
uboot = {

2
nixos/modules/tasks/filesystems/zfs.nix
View File

@ -662,7 +662,7 @@ in
# - HDDs are mixed with SSDs
# - There is a SSDs in a pool that is currently trimmed.
# - There are only HDDs and we would set the system in a degraded state
serviceConfig.ExecStart = ''${pkgs.runtimeShell} -c 'for pool in $(zpool list -H -o name); do zpool trim $pool; done || true' '';
serviceConfig.ExecStart = "${pkgs.runtimeShell} -c 'for pool in $(zpool list -H -o name); do zpool trim $pool; done || true' ";
};
systemd.timers.zpool-trim.timerConfig.Persistent = "yes";

4
nixos/modules/virtualisation/nixos-containers.nix
View File

@ -170,7 +170,7 @@ let
${concatStringsSep "\n" (
mapAttrsToList (name: cfg:
''ip link del dev ${name} 2> /dev/null || true ''
"ip link del dev ${name} 2> /dev/null || true "
) cfg.extraVeths
)}
'';
@ -185,7 +185,7 @@ let
fi
''
else
''${ipcmd} add ${cfg.${attribute}} dev $ifaceHost'';
"${ipcmd} add ${cfg.${attribute}} dev $ifaceHost";
renderExtraVeth = name: cfg:
if cfg.hostBridge != null then
''

9
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -136,10 +136,8 @@ let
cp ${bootDisk}/efi-vars.fd "$NIX_EFI_VARS" || exit 1
chmod 0644 "$NIX_EFI_VARS" || exit 1
fi
'' else ''
''}
'' else ''
''}
'' else ""}
'' else ""}
cd $TMPDIR
idx=0
@ -187,8 +185,7 @@ let
efiVars=$out/efi-vars.fd
cp ${efiVarsDefault} $efiVars
chmod 0644 $efiVars
'' else ''
''}
'' else ""}
'';
buildInputs = [ pkgs.util-linux ];
QEMU_OPTS = "-nographic -serial stdio -monitor none"

2
nixos/modules/virtualisation/railcar.nix
View File

@ -105,7 +105,7 @@ in
stateDir = mkOption {
type = types.path;
default = ''/var/railcar'';
default = "/var/railcar";
description = "Railcar persistent state directory";
};

3
nixos/release-combined.nix
View File

@ -60,8 +60,7 @@ in rec {
(onFullSupported "nixos.tests.boot-stage1")
(onSystems ["x86_64-linux"] "nixos.tests.boot.uefiCdrom")
(onSystems ["x86_64-linux"] "nixos.tests.boot.uefiUsb")
# TODO (@primeos): Fix the test failure since https://github.com/NixOS/nixpkgs/pull/110010:
#(onSystems ["x86_64-linux"] "nixos.tests.chromium")
(onSystems ["x86_64-linux"] "nixos.tests.chromium")
(onFullSupported "nixos.tests.containers-imperative")
(onFullSupported "nixos.tests.containers-ip")
(onSystems ["x86_64-linux"] "nixos.tests.docker")

1
nixos/tests/all-tests.nix
View File

@ -408,6 +408,7 @@ in
uwsgi = handleTest ./uwsgi.nix {};
v2ray = handleTest ./v2ray.nix {};
vault = handleTest ./vault.nix {};
vault-postgresql = handleTest ./vault-postgresql.nix {};
vector = handleTest ./vector.nix {};
victoriametrics = handleTest ./victoriametrics.nix {};
virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};

115
nixos/tests/chromium.nix
View File

@ -51,7 +51,7 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
testScript = let
xdo = name: text: let
xdoScript = pkgs.writeText "${name}.xdo" text;
in "${pkgs.xdotool}/bin/xdotool '${xdoScript}'";
in "${pkgs.xdotool}/bin/xdotool ${xdoScript}";
in ''
import shlex
from contextlib import contextmanager, _GeneratorContextManager
@ -76,96 +76,59 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
def create_new_win():
"""Creates a new Chromium window."""
with machine.nested("Creating a new Chromium window"):
status, _ = machine.execute(
machine.wait_until_succeeds(
ru(
"${xdo "new-window" ''
"${xdo "create_new_win-select_main_window" ''
search --onlyvisible --name "startup done"
windowfocus --sync
windowactivate --sync
''}"
)
)
if status == 0:
machine.execute(
ru(
"${xdo "new-window" ''
key Ctrl+n
''}"
)
)
def close_win():
def try_close(_):
status, _ = machine.execute(
machine.send_key("ctrl-n")
# Wait until the new window appears:
machine.wait_until_succeeds(
ru(
"${xdo "close-window" ''
search --onlyvisible --name "new tab"
"${xdo "create_new_win-wait_for_window" ''
search --onlyvisible --name "New Tab"
windowfocus --sync
windowactivate --sync
''}"
)
)
if status == 0:
machine.execute(
ru(
"${xdo "close-window" ''
key Ctrl+w
''}"
)
)
for _ in range(1, 20):
status, _ = machine.execute(
ru(
"${xdo "wait-for-close" ''
search --onlyvisible --name "new tab"
''}"
)
)
if status != 0:
return True
machine.sleep(1)
return False
retry(try_close)
def wait_for_new_win():
ret = False
with machine.nested("Waiting for new Chromium window to appear"):
for _ in range(1, 20):
status, _ = machine.execute(
ru(
"${xdo "wait-for-window" ''
search --onlyvisible --name "new tab"
windowfocus --sync
windowactivate --sync
''}"
)
)
if status == 0:
ret = True
machine.sleep(10)
break
machine.sleep(1)
return ret
def create_and_wait_for_new_win():
for _ in range(1, 3):
create_new_win()
if wait_for_new_win():
return True
assert False, "new window did not appear within 60 seconds"
def close_new_tab_win():
"""Closes the Chromium window with the title "New Tab"."""
machine.wait_until_succeeds(
ru(
"${xdo "close_new_tab_win-select_main_window" ''
search --onlyvisible --name "New Tab"
windowfocus --sync
windowactivate --sync
''}"
)
)
machine.send_key("ctrl-w")
# Wait until the closed window disappears:
machine.wait_until_fails(
ru(
"${xdo "close_new_tab_win-wait_for_close" ''
search --onlyvisible --name "New Tab"
''}"
)
)
@contextmanager
def test_new_win(description):
create_and_wait_for_new_win()
create_new_win()
with machine.nested(description):
yield
close_win()
# Close the newly created window:
machine.send_key("ctrl-w")
machine.wait_for_x()
@ -192,9 +155,11 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
)
)
create_and_wait_for_new_win()
create_new_win()
# Optional: Wait for the new tab page to fully load before taking the screenshot:
machine.wait_for_text("Web Store")
machine.screenshot("empty_windows")
close_win()
close_new_tab_win()
machine.screenshot("startup_done")
@ -202,7 +167,7 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
machine.succeed(
ru(
"${xdo "type-url" ''
search --sync --onlyvisible --name "new tab"
search --sync --onlyvisible --name "New Tab"
windowfocus --sync
type --delay 1000 "chrome://sandbox"
''}"
@ -212,7 +177,7 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
machine.succeed(
ru(
"${xdo "submit-url" ''
search --sync --onlyvisible --name "new tab"
search --sync --onlyvisible --name "New Tab"
windowfocus --sync
key --delay 1000 Return
''}"
@ -224,7 +189,7 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
machine.succeed(
ru(
"${xdo "find-window" ''
search --sync --onlyvisible --name "sandbox status"
search --sync --onlyvisible --name "Sandbox Status"
windowfocus --sync
''}"
)
@ -258,7 +223,7 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
machine.succeed(
ru(
"${xdo "find-window-after-copy" ''
search --onlyvisible --name "sandbox status"
search --onlyvisible --name "Sandbox Status"
''}"
)
)

68
nixos/tests/nomad.nix
View File

@ -2,7 +2,7 @@ import ./make-test-python.nix (
{ lib, ... }: {
name = "nomad";
nodes = {
server = { pkgs, lib, ... }: {
default_server = { pkgs, lib, ... }: {
networking = {
interfaces.eth1.ipv4.addresses = lib.mkOverride 0 [{
address = "192.168.1.1";
@ -30,24 +30,68 @@ import ./make-test-python.nix (
enableDocker = false;
};
};
custom_state_dir_server = { pkgs, lib, ... }: {
networking = {
interfaces.eth1.ipv4.addresses = lib.mkOverride 0 [{
address = "192.168.1.1";
prefixLength = 16;
}];
};
environment.etc."nomad.custom.json".source =
(pkgs.formats.json { }).generate "nomad.custom.json" {
region = "universe";
datacenter = "earth";
};
services.nomad = {
enable = true;
dropPrivileges = false;
settings = {
data_dir = "/nomad/data/dir";
server = {
enabled = true;
bootstrap_expect = 1;
};
};
extraSettingsPaths = [ "/etc/nomad.custom.json" ];
enableDocker = false;
};
systemd.services.nomad.serviceConfig.ExecStartPre = "${pkgs.writeShellScript "mk_data_dir" ''
set -euxo pipefail
${pkgs.coreutils}/bin/mkdir -p /nomad/data/dir
''}";
};
};
testScript = ''
server.wait_for_unit("nomad.service")
def test_nomad_server(server):
server.wait_for_unit("nomad.service")
# wait for healthy server
server.wait_until_succeeds(
"[ $(nomad operator raft list-peers | grep true | wc -l) == 1 ]"
)
# wait for healthy server
server.wait_until_succeeds(
"[ $(nomad operator raft list-peers | grep true | wc -l) == 1 ]"
)
# wait for server liveness
server.succeed("[ $(nomad server members | grep -o alive | wc -l) == 1 ]")
# wait for server liveness
server.succeed("[ $(nomad server members | grep -o alive | wc -l) == 1 ]")
# check the region
server.succeed("nomad server members | grep -o universe")
# check the region
server.succeed("nomad server members | grep -o universe")
# check the datacenter
server.succeed("[ $(nomad server members | grep -o earth | wc -l) == 1 ]")
# check the datacenter
server.succeed("[ $(nomad server members | grep -o earth | wc -l) == 1 ]")
servers = [default_server, custom_state_dir_server]
for server in servers:
test_nomad_server(server)
'';
}
)

70
nixos/tests/vault-postgresql.nix Normal file
View File

@ -0,0 +1,70 @@
/* This test checks that
- multiple config files can be loaded
- the storage backend can be in a file outside the nix store
as is required for security (required because while confidentiality is
always covered, availability isn't)
- the postgres integration works
*/
import ./make-test-python.nix ({ pkgs, ... }:
{
name = "vault-postgresql";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lnl7 roberth ];
};
machine = { lib, pkgs, ... }: {
virtualisation.memorySize = 512;
environment.systemPackages = [ pkgs.vault ];
environment.variables.VAULT_ADDR = "http://127.0.0.1:8200";
services.vault.enable = true;
services.vault.extraSettingsPaths = [ "/run/vault.hcl" ];
systemd.services.vault = {
after = [
"postgresql.service"
];
# Try for about 10 minutes rather than the default of 5 attempts.
serviceConfig.RestartSec = 1;
serviceConfig.StartLimitBurst = 600;
};
# systemd.services.vault.unitConfig.RequiresMountsFor = "/run/keys/";
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "init.psql" ''
CREATE USER vaultuser WITH ENCRYPTED PASSWORD 'thisisthepass';
GRANT CONNECT ON DATABASE postgres TO vaultuser;
-- https://www.vaultproject.io/docs/configuration/storage/postgresql
CREATE TABLE vault_kv_store (
parent_path TEXT COLLATE "C" NOT NULL,
path TEXT COLLATE "C",
key TEXT COLLATE "C",
value BYTEA,
CONSTRAINT pkey PRIMARY KEY (path, key)
);
CREATE INDEX parent_path_idx ON vault_kv_store (parent_path);
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO vaultuser;
'';
};
testScript =
''
secretConfig = """
storage "postgresql" {
connection_url = "postgres://vaultuser:thisisthepass@localhost/postgres?sslmode=disable"
}
"""
start_all()
machine.wait_for_unit("multi-user.target")
machine.succeed("cat >/root/vault.hcl <<EOF\n%s\nEOF\n" % secretConfig)
machine.succeed(
"install --owner vault --mode 0400 /root/vault.hcl /run/vault.hcl; rm /root/vault.hcl"
)
machine.wait_for_unit("vault.service")
machine.wait_for_open_port(8200)
machine.succeed("vault operator init")
machine.succeed("vault status | grep Sealed | grep true")
'';
})

1
nixos/tests/vault.nix
View File

@ -8,6 +8,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
environment.systemPackages = [ pkgs.vault ];
environment.variables.VAULT_ADDR = "http://127.0.0.1:8200";
services.vault.enable = true;
virtualisation.memorySize = 512;
};
testScript =

2
pkgs/applications/audio/lsp-plugins/default.nix
View File

@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
buildInputs = [ jack2Full libsndfile libGLU libGL lv2 cairo ladspaH ];
makeFlags = [
"PREFIX=${placeholder ''out''}"
"PREFIX=${placeholder "out"}"
"ETC_PATH=$(out)/etc"
];

2
pkgs/applications/audio/zam-plugins/default.nix
View File

@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
'';
makeFlags = [
"PREFIX=${placeholder ''out''}"
"PREFIX=${placeholder "out"}"
];
enableParallelBuilding = true;

4
pkgs/applications/blockchains/exodus/default.nix
View File

@ -4,11 +4,11 @@ cups, vivaldi-ffmpeg-codecs, libpulseaudio, at-spi2-core, libxkbcommon, mesa }:
stdenv.mkDerivation rec {
pname = "exodus";
version = "21.1.7";
version = "21.1.18";
src = fetchurl {
url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip";
sha256 = "sha256-im0z3g225EhboJFoHBweHefn2QAKvYGSAP7e4Mz6Jm8=";
sha256 = "sha256-cc0m1gOwIY4M0ljSSdj8WaQfU/ikGI1Zlf8gGDdht4Q=";
};
sourceRoot = ".";

6
pkgs/applications/blockchains/openethereum/default.nix
View File

@ -12,16 +12,16 @@
rustPlatform.buildRustPackage rec {
pname = "openethereum";
version = "3.1.0";
version = "3.1.1";
src = fetchFromGitHub {
owner = "openethereum";
repo = "openethereum";
rev = "v${version}";
sha256 = "cs84Zz0nhagGDu5sDFTaFZF3SPEgJU8F4vGX7KLihOM=";
sha256 = "sha256-RUrJuJF0R0mc7XdLyk915fRWtMfzjp5QE6oeWxHfyEQ=";
};
cargoSha256 = "6suNkHw1BbISb0MkYkUaD+mpUal+kn3y1SFVqzJFqJc=";
cargoSha256 = "sha256-b+winsCzU0sXGDX6nUtWq4JrIyTcJ3uva7RlV5VsXfk=";
LIBCLANG_PATH = "${llvmPackages.libclang}/lib";
nativeBuildInputs = [

2
pkgs/applications/editors/manuskript/default.nix
View File

@ -26,7 +26,7 @@ python3Packages.buildPythonApplication rec {
--replace sample-projects $out/share/${pname}/sample-projects
'';
buildPhase = '''';
buildPhase = "";
installPhase = ''
mkdir -p $out/share/${pname}

2
pkgs/applications/editors/rstudio/default.nix
View File

@ -122,7 +122,7 @@ mkDerivation rec {
mimeType = "text/x-r-source;text/x-r;text/x-R;text/x-r-doc;text/x-r-sweave;text/x-r-markdown;text/x-r-html;text/x-r-presentation;application/x-r-data;application/x-r-project;text/x-r-history;text/x-r-profile;text/x-tex;text/x-markdown;text/html;text/css;text/javascript;text/x-chdr;text/x-csrc;text/x-c++hdr;text/x-c++src;";
};
qtWrapperArgs = [ ''--suffix PATH : ${gnumake}/bin'' ];
qtWrapperArgs = [ "--suffix PATH : ${gnumake}/bin" ];
postInstall = ''
mkdir $out/share

3
pkgs/applications/editors/vim/configurable.nix
View File

@ -137,8 +137,7 @@ in stdenv.mkDerivation rec {
++ lib.optional tclSupport tcl
++ lib.optional rubySupport ruby;
preConfigure = ''
'' + lib.optionalString ftNixSupport ''
preConfigure = "" + lib.optionalString ftNixSupport ''
cp ${vimPlugins.vim-nix.src}/ftplugin/nix.vim runtime/ftplugin/nix.vim
cp ${vimPlugins.vim-nix.src}/indent/nix.vim runtime/indent/nix.vim
cp ${vimPlugins.vim-nix.src}/syntax/nix.vim runtime/syntax/nix.vim

2
pkgs/applications/graphics/ahoviewer/default.nix
View File

@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
NIX_LDFLAGS = "-lpthread";
postPatch = ''patchShebangs version.sh'';
postPatch = "patchShebangs version.sh";
postInstall = ''
wrapProgram $out/bin/ahoviewer \

2
pkgs/applications/graphics/ipe/default.nix
View File

@ -22,7 +22,7 @@ mkDerivation rec {
nativeBuildInputs = [ pkg-config ];
qtWrapperArgs = [ ''--prefix PATH : ${texlive}/bin'' ];
qtWrapperArgs = [ "--prefix PATH : ${texlive}/bin" ];
enableParallelBuilding = true;

2
pkgs/applications/graphics/mandelbulber/default.nix
View File

@ -47,7 +47,7 @@ mkDerivation rec {
sourceRoot = "${src.name}/mandelbulber2";
qmakeFlags = [
"SHARED_PATH=${placeholder ''out''}"
"SHARED_PATH=${placeholder "out"}"
(if withOpenCL
then "qmake/mandelbulber-opencl.pro"
else "qmake/mandelbulber.pro")

6
pkgs/applications/graphics/pinta/default.nix
View File

@ -56,9 +56,9 @@ buildDotnetPackage rec {
'';
makeWrapperArgs = [
''--prefix MONO_GAC_PREFIX : ${gtksharp}''
''--prefix LD_LIBRARY_PATH : ${gtksharp}/lib''
''--prefix LD_LIBRARY_PATH : ${gtksharp.gtk.out}/lib''
"--prefix MONO_GAC_PREFIX : ${gtksharp}"
"--prefix LD_LIBRARY_PATH : ${gtksharp}/lib"
"--prefix LD_LIBRARY_PATH : ${gtksharp.gtk.out}/lib"
];
postInstall = ''

6
pkgs/applications/logging/humioctl/default.nix
View File

@ -1,9 +1,9 @@
{ buildGoModule, fetchFromGitHub, installShellFiles, lib, stdenv }:
let
humioCtlVersion = "0.28.1";
sha256 = "0vy07nzafqhc14i179sfrzb795yh4pcyjj3py9fwq0nwnmxndby4";
vendorSha256 = "0anvah2rpqvxgmdrdj73k3vbf8073nmsl3aykgvb1nraf3gz3bpk";
humioCtlVersion = "0.28.2";
sha256 = "sha256-mCYxgBiuKylL2Qx4RCnD4ZoMFUm2J6VIL/Erc0u3BMA=";
vendorSha256 = "sha256-867x33Aq27D2m14NqqsdByC39pjjyJZbfX3jmwVU2yo=";
in buildGoModule {
name = "humioctl-${humioCtlVersion}";
pname = "humioctl";

2
pkgs/applications/misc/bleachbit/default.nix
View File

@ -54,7 +54,7 @@ python3Packages.buildPythonApplication rec {
# prevent double wrapping from wrapGApps and wrapPythonProgram
dontWrapGApps = true;
makeWrapperArgs = [
''''${gappsWrapperArgs[@]}''
"\${gappsWrapperArgs[@]}"
];
strictDeps = false;

2
pkgs/applications/misc/digitalbitbox/default.nix
View File

@ -94,7 +94,7 @@ in mkDerivation rec {
"format"
];
qtWrapperArgs = [ ''--prefix LD_LIBRARY_PATH : $out/lib'' ];
qtWrapperArgs = [ "--prefix LD_LIBRARY_PATH : $out/lib" ];
postInstall = ''
mkdir -p "$out/lib"

2
pkgs/applications/misc/dupeguru/default.nix
View File

@ -38,7 +38,7 @@ python3Packages.buildPythonApplication rec {
];
makeFlags = [
"PREFIX=${placeholder ''out''}"
"PREFIX=${placeholder "out"}"
"NO_VENV=1"
];

4
pkgs/applications/misc/fetchmail/default.nix
View File

@ -1,7 +1,7 @@
{ lib, stdenv, fetchurl, openssl }:
let
version = "6.4.14";
version = "6.4.15";
in
stdenv.mkDerivation {
pname = "fetchmail";
@ -9,7 +9,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "mirror://sourceforge/fetchmail/fetchmail-${version}.tar.xz";
sha256 = "1jxxb3qyrh7118fwqa3bhirjh97j2w8r71s8vcb6vp3w1wwhfis2";
sha256 = "sha256-c1shdHSTfhPPzeotQqNGv2hIfg1h7+vk0Nnt3LOia5Y=";
};
buildInputs = [ openssl ];

14
pkgs/applications/misc/ikiwiki/default.nix
View File

@ -60,13 +60,13 @@ stdenv.mkDerivation {
postInstall = ''
for a in "$out/bin/"*; do
wrapProgram $a --suffix PERL5LIB : $PERL5LIB --prefix PATH : ${perlPackages.perl}/bin:$out/bin \
${lib.optionalString gitSupport ''--prefix PATH : ${git}/bin ''} \
${lib.optionalString monotoneSupport ''--prefix PATH : ${monotone}/bin ''} \
${lib.optionalString bazaarSupport ''--prefix PATH : ${breezy}/bin ''} \
${lib.optionalString cvsSupport ''--prefix PATH : ${cvs}/bin ''} \
${lib.optionalString cvsSupport ''--prefix PATH : ${cvsps}/bin ''} \
${lib.optionalString subversionSupport ''--prefix PATH : ${subversion.out}/bin ''} \
${lib.optionalString mercurialSupport ''--prefix PATH : ${mercurial}/bin ''} \
${lib.optionalString gitSupport "--prefix PATH : ${git}/bin "} \
${lib.optionalString monotoneSupport "--prefix PATH : ${monotone}/bin "} \
${lib.optionalString bazaarSupport "--prefix PATH : ${breezy}/bin "} \
${lib.optionalString cvsSupport "--prefix PATH : ${cvs}/bin "} \
${lib.optionalString cvsSupport "--prefix PATH : ${cvsps}/bin "} \
${lib.optionalString subversionSupport "--prefix PATH : ${subversion.out}/bin "} \
${lib.optionalString mercurialSupport "--prefix PATH : ${mercurial}/bin "} \
${lib.optionalString docutilsSupport ''--prefix PYTHONPATH : "$(toPythonPath ${docutils})" ''} \
${lib.concatMapStrings (x: "--prefix PATH : ${x}/bin ") extraUtils}
done

2
pkgs/applications/misc/lutris/default.nix
View File

@ -101,7 +101,7 @@ in buildPythonApplication rec {
dontWrapGApps = true;
makeWrapperArgs = [
"--prefix PATH : ${binPath}"
''''${gappsWrapperArgs[@]}''
"\${gappsWrapperArgs[@]}"
];
# needed for glib-schemas to work correctly (will crash on dialogues otherwise)
# see https://github.com/NixOS/nixpkgs/issues/56943

6
pkgs/applications/misc/navi/default.nix
View File

@ -2,16 +2,16 @@
rustPlatform.buildRustPackage rec {
pname = "navi";
version = "2.13.1";
version = "2.14.0";
src = fetchFromGitHub {
owner = "denisidoro";
repo = "navi";
rev = "v${version}";
sha256 = "0nzjcahnx637m24xhzgrhvaic52b1bqx6lkklmy8xlbka7i2xid2";
sha256 = "sha256-4XR+HazX65jiMvZpLNMNOc8gVVAxMx3bNcVNT6UPJ3o=";
};
cargoSha256 = "12xyh57b6lblplh87fw1cvfwzkx9bz9qbhii34n4yzfzp6sv530n";
cargoSha256 = "sha256-ZBs9/yoY3na21rQd5zJzFujZZSq2BDoENKYAWI1fnTg=";
nativeBuildInputs = [ makeWrapper ];

Some files were not shown because too many files have changed in this diff Show More