public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into staging

Browse Source
This commit is contained in:
Vladimír Čunát 2016-07-26 20:52:54 +02:00
commit 49ad8ce561
873 changed files with 16408 additions and 1013057 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -9,6 +9,8 @@ matrix:
- os: linux - os: linux
sudo: required sudo: required
dist: trusty dist: trusty
before_script:
- sudo mount -o remount,exec,size=2G,mode=755 /run/user
script: ./maintainers/scripts/travis-nox-review-pr.sh pr script: ./maintainers/scripts/travis-nox-review-pr.sh pr
- os: osx - os: osx
osx_image: xcode7.3 osx_image: xcode7.3

1
README.md
View File

@ -1,6 +1,7 @@
[<img src="http://nixos.org/logo/nixos-hires.png" width="500px" alt="logo" />](https://nixos.org/nixos) [<img src="http://nixos.org/logo/nixos-hires.png" width="500px" alt="logo" />](https://nixos.org/nixos)
[![Build Status](https://travis-ci.org/NixOS/nixpkgs.svg?branch=master)](https://travis-ci.org/NixOS/nixpkgs) [![Build Status](https://travis-ci.org/NixOS/nixpkgs.svg?branch=master)](https://travis-ci.org/NixOS/nixpkgs)
[![Code Triagers Badge](https://www.codetriage.com/nixos/nixpkgs/badges/users.svg)](https://www.codetriage.com/nixos/nixpkgs)
[![Issue Stats](http://www.issuestats.com/github/nixos/nixpkgs/badge/pr?style=flat)](http://www.issuestats.com/github/nixos/nixpkgs) [![Issue Stats](http://www.issuestats.com/github/nixos/nixpkgs/badge/pr?style=flat)](http://www.issuestats.com/github/nixos/nixpkgs)
[![Issue Stats](http://www.issuestats.com/github/nixos/nixpkgs/badge/issue?style=flat)](http://www.issuestats.com/github/nixos/nixpkgs) [![Issue Stats](http://www.issuestats.com/github/nixos/nixpkgs/badge/issue?style=flat)](http://www.issuestats.com/github/nixos/nixpkgs)

2
default.nix
View File

@ -6,4 +6,4 @@ if ! builtins ? nixVersion || builtins.compareVersions requiredVersion builtins.
else else
import ./pkgs/top-level import ./pkgs/top-level/impure.nix

30
doc/default.nix
View File

@ -1,14 +1,14 @@
with import ./.. { };
with lib;
let let
sources = sourceFilesBySuffices ./. [".xml"]; pkgs = import ./.. { };
lib = pkgs.lib;
sources = lib.sourceFilesBySuffices ./. [".xml"];
sources-langs = ./languages-frameworks; sources-langs = ./languages-frameworks;
in in
stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
name = "nixpkgs-manual"; name = "nixpkgs-manual";
buildInputs = [ pandoc libxml2 libxslt ]; buildInputs = with pkgs; [ pandoc libxml2 libxslt zip ];
xsltFlags = '' xsltFlags = ''
--param section.autolabel 1 --param section.autolabel 1
@ -26,7 +26,7 @@ stdenv.mkDerivation {
extraHeader = ''xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" ''; extraHeader = ''xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" '';
in '' in ''
{ {
pandoc '${inputFile}' -w docbook ${optionalString useChapters "--chapters"} \ pandoc '${inputFile}' -w docbook ${lib.optionalString useChapters "--chapters"} \
--smart \ --smart \
| sed -e 's|<ulink url=|<link xlink:href=|' \ | sed -e 's|<ulink url=|<link xlink:href=|' \
-e 's|</ulink>|</link>|' \ -e 's|</ulink>|</link>|' \
@ -65,25 +65,35 @@ stdenv.mkDerivation {
outputFile = "languages-frameworks/r.xml"; outputFile = "languages-frameworks/r.xml";
} }
+ '' + ''
echo ${nixpkgsVersion} > .version echo ${lib.nixpkgsVersion} > .version
# validate against relaxng schema # validate against relaxng schema
xmllint --nonet --xinclude --noxincludenode manual.xml --output manual-full.xml xmllint --nonet --xinclude --noxincludenode manual.xml --output manual-full.xml
${jing}/bin/jing ${docbook5}/xml/rng/docbook/docbook.rng manual-full.xml ${pkgs.jing}/bin/jing ${pkgs.docbook5}/xml/rng/docbook/docbook.rng manual-full.xml
dst=$out/share/doc/nixpkgs dst=$out/share/doc/nixpkgs
mkdir -p $dst mkdir -p $dst
xsltproc $xsltFlags --nonet --xinclude \ xsltproc $xsltFlags --nonet --xinclude \
--output $dst/manual.html \ --output $dst/manual.html \
${docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \ ${pkgs.docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
./manual.xml ./manual.xml
cp ${./style.css} $dst/style.css cp ${./style.css} $dst/style.css
mkdir -p $dst/images/callouts mkdir -p $dst/images/callouts
cp "${docbook5_xsl}/xml/xsl/docbook/images/callouts/"*.gif $dst/images/callouts/ cp "${pkgs.docbook5_xsl}/xml/xsl/docbook/images/callouts/"*.gif $dst/images/callouts/
mkdir -p $out/nix-support mkdir -p $out/nix-support
echo "doc manual $dst manual.html" >> $out/nix-support/hydra-build-products echo "doc manual $dst manual.html" >> $out/nix-support/hydra-build-products
xsltproc $xsltFlags --nonet --xinclude \
--output $dst/epub/ \
${pkgs.docbook5_xsl}/xml/xsl/docbook/epub/docbook.xsl \
./manual.xml
cp -r $dst/images $dst/epub/OEBPS
echo "application/epub+zip" > mimetype
zip -0Xq "$dst/Nixpkgs Contributors Guide - NixOS community.epub" mimetype
zip -Xr9D "$dst/Nixpkgs Contributors Guide - NixOS community.epub" $dst/epub/*
''; '';
} }

19
doc/stdenv.xml
View File

@ -1319,6 +1319,25 @@ someVar=$(stripHash $name; echo $strippedName)
<envar>GST_PLUGIN_SYSTEM_PATH</envar> environment variable.</para></listitem> <envar>GST_PLUGIN_SYSTEM_PATH</envar> environment variable.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>paxctl</term>
<listitem><para>Defines the <varname>paxmark</varname> helper for
setting per-executable PaX flags on Linux (where it is available by
default; on all other platforms, <varname>paxmark</varname> is a no-op).
For example, to disable secure memory protections on the executable
<replaceable>foo</replaceable>:
<programlisting>
postFixup = ''
paxmark m $out/bin/<replaceable>foo</replaceable>
'';
</programlisting>
The <literal>m</literal> flag is the most common flag and is typically
required for applications that employ JIT compilation or otherwise need to
execute code generated at run-time. Disabling PaX protections should be
considered a last resort: if possible, problematic features should be
disabled or patched to work with PaX.</para></listitem>
</varlistentry>
</variablelist> </variablelist>
</para> </para>

6
lib/maintainers.nix
View File

@ -110,6 +110,7 @@
dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>"; dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
dochang = "Desmond O. Chang <dochang@gmail.com>"; dochang = "Desmond O. Chang <dochang@gmail.com>";
doublec = "Chris Double <chris.double@double.co.nz>"; doublec = "Chris Double <chris.double@double.co.nz>";
drets = "Dmytro Rets <dmitryrets@gmail.com>";
drewkett = "Andrew Burkett <burkett.andrew@gmail.com>"; drewkett = "Andrew Burkett <burkett.andrew@gmail.com>";
ebzzry = "Rommel Martinez <ebzzry@gmail.com>"; ebzzry = "Rommel Martinez <ebzzry@gmail.com>";
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>"; ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
@ -163,6 +164,7 @@
guibert = "David Guibert <david.guibert@gmail.com>"; guibert = "David Guibert <david.guibert@gmail.com>";
havvy = "Ryan Scheel <ryan.havvy@gmail.com>"; havvy = "Ryan Scheel <ryan.havvy@gmail.com>";
hbunke = "Hendrik Bunke <bunke.hendrik@gmail.com>"; hbunke = "Hendrik Bunke <bunke.hendrik@gmail.com>";
hce = "Hans-Christian Esperer <hc@hcesperer.org>";
henrytill = "Henry Till <henrytill@gmail.com>"; henrytill = "Henry Till <henrytill@gmail.com>";
hiberno = "Christian Lask <hiberno@hiberno.net>"; hiberno = "Christian Lask <hiberno@hiberno.net>";
hinton = "Tom Hinton <t@larkery.com>"; hinton = "Tom Hinton <t@larkery.com>";
@ -310,6 +312,7 @@
pmiddend = "Philipp Middendorf <pmidden@secure.mailbox.org>"; pmiddend = "Philipp Middendorf <pmidden@secure.mailbox.org>";
prikhi = "Pavan Rikhi <pavan.rikhi@gmail.com>"; prikhi = "Pavan Rikhi <pavan.rikhi@gmail.com>";
profpatsch = "Profpatsch <mail@profpatsch.de>"; profpatsch = "Profpatsch <mail@profpatsch.de>";
proglodyte = "Proglodyte <proglodyte23@gmail.com>";
pshendry = "Paul Hendry <paul@pshendry.com>"; pshendry = "Paul Hendry <paul@pshendry.com>";
psibi = "Sibi <sibi@psibi.in>"; psibi = "Sibi <sibi@psibi.in>";
pSub = "Pascal Wittmann <mail@pascal-wittmann.de>"; pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
@ -356,6 +359,7 @@
sheganinans = "Aistis Raulinaitis <sheganinans@gmail.com>"; sheganinans = "Aistis Raulinaitis <sheganinans@gmail.com>";
shell = "Shell Turner <cam.turn@gmail.com>"; shell = "Shell Turner <cam.turn@gmail.com>";
shlevy = "Shea Levy <shea@shealevy.com>"; shlevy = "Shea Levy <shea@shealevy.com>";
siddharthist = "Langston Barrett <langston.barrett@gmail.com>";
simonvandel = "Simon Vandel Sillesen <simon.vandel@gmail.com>"; simonvandel = "Simon Vandel Sillesen <simon.vandel@gmail.com>";
sjagoe = "Simon Jagoe <simon@simonjagoe.com>"; sjagoe = "Simon Jagoe <simon@simonjagoe.com>";
sjmackenzie = "Stewart Mackenzie <setori88@gmail.com>"; sjmackenzie = "Stewart Mackenzie <setori88@gmail.com>";
@ -373,6 +377,7 @@
SShrike = "Severen Redwood <severen@shrike.me>"; SShrike = "Severen Redwood <severen@shrike.me>";
stephenmw = "Stephen Weinberg <stephen@q5comm.com>"; stephenmw = "Stephen Weinberg <stephen@q5comm.com>";
steveej = "Stefan Junker <mail@stefanjunker.de>"; steveej = "Stefan Junker <mail@stefanjunker.de>";
swarren83 = "Shawn Warren <shawn.w.warren@gmail.com>";
swistak35 = "Rafał Łasocha <me@swistak35.com>"; swistak35 = "Rafał Łasocha <me@swistak35.com>";
szczyp = "Szczyp <qb@szczyp.com>"; szczyp = "Szczyp <qb@szczyp.com>";
sztupi = "Attila Sztupak <attila.sztupak@gmail.com>"; sztupi = "Attila Sztupak <attila.sztupak@gmail.com>";
@ -430,4 +435,5 @@
zimbatm = "zimbatm <zimbatm@zimbatm.com>"; zimbatm = "zimbatm <zimbatm@zimbatm.com>";
zohl = "Al Zohali <zohl@fmap.me>"; zohl = "Al Zohali <zohl@fmap.me>";
zoomulator = "Kim Simmons <zoomulator@gmail.com>"; zoomulator = "Kim Simmons <zoomulator@gmail.com>";
amiloradovsky = "Andrew Miloradovsky <miloradovsky@gmail.com>";
} }

11
maintainers/scripts/nix-generate-from-cpan.pl
View File

@ -395,15 +395,20 @@ my $meta = read_meta($pkg_path);
DEBUG( "metadata: ", encode_json( $meta->as_struct ) ) if defined $meta; DEBUG( "metadata: ", encode_json( $meta->as_struct ) ) if defined $meta;
my @runtime_deps = sort( uniq( get_deps( $cb, $meta, "runtime" ) ) );
INFO("runtime deps: @runtime_deps");
my @build_deps = sort( uniq( my @build_deps = sort( uniq(
get_deps( $cb, $meta, "configure" ), get_deps( $cb, $meta, "configure" ),
get_deps( $cb, $meta, "build" ), get_deps( $cb, $meta, "build" ),
get_deps( $cb, $meta, "test" ) get_deps( $cb, $meta, "test" )
) ); ) );
INFO("build deps: @build_deps");
my @runtime_deps = sort( uniq( get_deps( $cb, $meta, "runtime" ) ) ); # Filter out runtime dependencies since those are already handled.
INFO("runtime deps: @runtime_deps"); my %in_runtime_deps = map { $_ => 1 } @runtime_deps;
@build_deps = grep { not $in_runtime_deps{$_} } @build_deps;
INFO("build deps: @build_deps");
my $homepage = $meta ? $meta->resources->{homepage} : undef; my $homepage = $meta ? $meta->resources->{homepage} : undef;
INFO("homepage: $homepage") if defined $homepage; INFO("homepage: $homepage") if defined $homepage;

2
maintainers/scripts/travis-nox-review-pr.sh
View File

@ -55,7 +55,7 @@ while test -n "$1"; do
token="--token $GITHUB_TOKEN" token="--token $GITHUB_TOKEN"
fi fi
nix-shell --packages nox git --run "nox-review pr --slug $TRAVIS_REPO_SLUG $token $TRAVIS_PULL_REQUEST" -I nixpkgs=$TRAVIS_BUILD_DIR nix-shell --packages nox git --run "nox-review pr --slug $TRAVIS_REPO_SLUG $token $TRAVIS_PULL_REQUEST"
fi fi
;; ;;

6
nixos/doc/manual/administration/imperative-containers.xml
View File

@ -7,7 +7,11 @@
<title>Imperative Container Management</title> <title>Imperative Container Management</title>
<para>Well cover imperative container management using <para>Well cover imperative container management using
<command>nixos-container</command> first. You create a container with <command>nixos-container</command> first.
Be aware that container management is currently only possible
as <literal>root</literal>.</para>
<para>You create a container with
identifier <literal>foo</literal> as follows: identifier <literal>foo</literal> as follows:
<screen> <screen>

1
nixos/doc/manual/configuration/configuration.xml
View File

@ -23,6 +23,7 @@ effect after you run <command>nixos-rebuild</command>.</para>
<xi:include href="x-windows.xml" /> <xi:include href="x-windows.xml" />
<xi:include href="networking.xml" /> <xi:include href="networking.xml" />
<xi:include href="linux-kernel.xml" /> <xi:include href="linux-kernel.xml" />
<xi:include href="grsecurity.xml" />
<!-- FIXME: auto-include NixOS module docs --> <!-- FIXME: auto-include NixOS module docs -->
<xi:include href="postgresql.xml" /> <xi:include href="postgresql.xml" />

335
nixos/doc/manual/configuration/grsecurity.xml Normal file
View File

@ -0,0 +1,335 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-grsecurity">
<title>Grsecurity/PaX</title>
<para>
Grsecurity/PaX is a set of patches against the Linux kernel that make it
harder to exploit bugs. The patchset includes protections such as
enforcement of non-executable memory, address space layout randomization,
and chroot jail hardening. These and other
<link xlink:href="https://grsecurity.net/features.php">features</link>
render entire classes of exploits inert without additional efforts on the
part of the adversary.
</para>
<para>
The NixOS grsecurity/PaX module is designed with casual users in mind and is
intended to be compatible with normal desktop usage, without unnecessarily
compromising security. The following sections describe the configuration
and administration of a grsecurity/PaX enabled NixOS system. For
more comprehensive coverage, please refer to the
<link xlink:href="https://en.wikibooks.org/wiki/Grsecurity">grsecurity wikibook</link>
and the
<link xlink:href="https://wiki.archlinux.org/index.php/Grsecurity">Arch
Linux wiki page on grsecurity</link>.
<note><para>grsecurity/PaX is only available for the latest linux -stable
kernel; patches against older kernels are available from upstream only for
a fee.</para></note>
<note><para>We standardise on a desktop oriented configuration primarily due
to lack of resources. The grsecurity/PaX configuration state space is huge
and each configuration requires quite a bit of testing to ensure that the
resulting packages work as advertised. Defining additional package sets
would likely result in a large number of functionally broken packages, to
nobody's benefit.</para></note>.
</para>
<sect1 xml:id="sec-grsec-enable"><title>Enabling grsecurity/PaX</title>
<para>
To make use of grsecurity/PaX on NixOS, add the following to your
<filename>configuration.nix</filename>:
<programlisting>
security.grsecurity.enable = true;
</programlisting>
followed by
<programlisting>
# nixos-rebuild boot
# reboot
</programlisting>
For most users, further configuration should be unnecessary. All users
are encouraged to look over <xref linkend="sec-grsec-security" /> before
using the system, however. If you experience problems, please refer to
<xref linkend="sec-grsec-issues" />.
</para>
<para>
Once booted into the new system, you can optionally use
<command>paxtest</command> to exercise various PaX features:
<screen><![CDATA[
# nix-shell -p paxtest --command 'paxtest blackhat'
Executable anonymous mapping : Killed
Executable bss : Killed
# ... remaining output truncated for brevity
]]></screen>
</para>
</sect1>
<sect1 xml:id="sec-grsec-declarative-tuning"><title>Declarative tuning</title>
<para>
The default configuration mode is strictly declarative. Some features
simply cannot be changed at all after boot, while others are locked once the
system is up and running. Moreover, changes to the configuration enter
into effect only upon booting into the new system.
</para>
<para>
The NixOS module exposes a limited number of options for tuning the behavior
of grsecurity/PaX. These are options thought to be of particular interest
to most users. For experts, further tuning is possible via
<option>boot.kernelParams</option> (see
<xref linkend="sec-grsec-kernel-params" />) and
<option>boot.kernel.sysctl."kernel.grsecurity.*"</option> (the wikibook
contains an <link xlink:href="https://en.wikibooks.org/wiki/Grsecurity/Appendix/Sysctl_Options">
exhaustive listing of grsecurity sysctl tunables</link>).
</para>
</sect1>
<sect1 xml:id="sec-grsec-manual-tuning"><title>Manual tuning</title>
<para>
To permit manual tuning of grsecurity runtime parameters, set:
<programlisting>
security.grsecurity.lockTunables = false;
</programlisting>
Once booted into this system, grsecurity features that have a corresponding
sysctl tunable can be changed without rebooting, either by switching into
a new system profile or via the <command>sysctl</command> utility.
</para>
<para>
To lock all grsecurity tunables until the next boot, do:
<screen>
# systemctl start grsec-lock
</screen>
</para>
</sect1>
<sect1 xml:id="sec-grsec-security"><title>Security considerations</title>
<para>
The NixOS kernel is built using upstream's recommended settings for a
desktop deployment that generally favours security over performance. This
section details deviations from upstream's recommendations that may
compromise operational security.
<warning><para>There may be additional problems not covered here!</para>
</warning>.
</para>
<itemizedlist>
<listitem><para>
The following hardening features are disabled in the NixOS kernel:
<itemizedlist>
<listitem><para>Kernel symbol hiding: rendered useless by redistributing
kernel objects.</para></listitem>
<listitem><para>Randomization of kernel structures: rendered useless by
redistributing kernel objects.</para></listitem>
<listitem><para>TCP simultaneous OPEN connection is permitted: breaking
strict TCP conformance is inappropriate for a general purpose kernel.
The trade-off is that an attacker may be able to deny outgoing
connections if they are able to guess the source port allocated by your
OS for that connection <emphasis>and</emphasis> also manage to initiate
a TCP simultaneous OPEN on that port before the connection is actually
established.</para></listitem>
<listitem><para><filename class="directory">/sys</filename> hardening:
breaks systemd.</para></listitem>
<listitem><para>Trusted path execution: a desirable feature, but
requires some more work to operate smoothly on NixOS.</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para>
The NixOS module conditionally weakens <command>chroot</command>
restrictions to accommodate NixOS lightweight containers and sandboxed Nix
builds. This is problematic if the deployment also runs a privileged
network facing process that <emphasis>relies</emphasis> on
<command>chroot</command> for isolation.
</para></listitem>
<listitem><para>
The NixOS kernel is patched to allow usermode helpers from anywhere in the
Nix store. A usermode helper is an executable called by the kernel in
certain circumstances, e.g., <command>modprobe</command>. Vanilla
grsecurity only allows usermode helpers from paths typically owned by the
super user. The NixOS kernel allows an attacker to inject malicious code
into the Nix store which could then be executed by the kernel as a
usermode helper.
</para></listitem>
<listitem><para>
The following features are disabled because they overlap with
vanilla kernel mechanisms:
<itemizedlist>
<listitem><para><filename class="directory">/proc</filename> hardening:
use <option>security.hideProcessInformation</option> instead. This
trades weaker protection for greater compatibility.
</para></listitem>
<listitem><para><command>dmesg</command> restrictions:
use <option>boot.kernel.sysctl."kernel.dmesg_restrict"</option> instead
</para></listitem>
</itemizedlist>
</para></listitem>
</itemizedlist>
</sect1>
<sect1 xml:id="sec-grsec-custom-kernel"><title>Using a custom grsecurity/PaX kernel</title>
<para>
The NixOS kernel is likely to be either too permissive or too restrictive
for many deployment scenarios. In addition to producing a kernel more
suitable for a particular deployment, a custom kernel may improve security
by depriving an attacker the ability to study the kernel object code, adding
yet more guesswork to successfully carry out certain exploits.
</para>
<para>
To use a custom kernel with upstream's recommended settings for server
deployments:
<programlisting>
boot.kernelPackages =
let
kernel = pkgs.linux_grsec_nixos.override {
extraConfig = ''
GRKERNSEC y
PAX y
GRKERNSEC_CONFIG_AUTO y
GRKERNSEC_CONFIG_SERVER y
GRKERNSEC_CONFIG_SECURITY y
'';
};
self = pkgs.linuxPackagesFor kernel self;
in self;
</programlisting>
The wikibook provides an exhaustive listing of
<link xlink:href="https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options">kernel configuration options</link>.
</para>
<para>
The NixOS module makes several assumptions about the kernel and so may be
incompatible with your customised kernel. Most of these assumptions are
encoded as assertions &#x2014; mismatches should ideally result in a build
failure. Currently, the only way to work around incompatibilities is to
eschew the NixOS module and do all configuration yourself.
</para>
</sect1>
<sect1 xml:id="sec-grsec-pax-flags"><title>Per-executable PaX flags</title>
<para>
Manual tuning of per-file PaX flags for executables in the Nix store is
impossible on a properly configured system. If a package in Nixpkgs fails
due to PaX, that is a bug in the package recipe and should be reported to
the maintainer (including relevant <command>dmesg</command> output).
</para>
<para>
For executables installed outside of the Nix store, PaX flags can be set
using the <command>paxctl</command> utility:
<programlisting>
paxctl -czem <replaceable>foo</replaceable>
</programlisting>
<warning>
<para><command>paxctl</command> overwrites files in-place.</para>
</warning>
Equivalently, on file systems that support extended attributes:
<programlisting>
setfattr -n user.pax.flags -v em <replaceable>foo</replaceable>
</programlisting>
<!-- TODO: PaX flags via RBAC policy -->
</para>
</sect1>
<sect1 xml:id="sec-grsec-issues"><title>Issues and work-arounds</title>
<itemizedlist>
<listitem><para>Virtualization: KVM is the preferred virtualization
solution. Xen, Virtualbox, and VMWare are
<emphasis>unsupported</emphasis> and most likely require a custom kernel.
</para></listitem>
<listitem><para>
Attaching <command>gdb</command> to a running process is disallowed by
default: unprivileged users can only ptrace processes that are children of
the ptracing process. To relax this restriction, set
<programlisting>
boot.kernel.sysctl."kernel.grsecurity.harden_ptrace" = 0;
</programlisting>
</para></listitem>
<listitem><para>
Overflows in boot critical code (e.g., the root filesystem module) can
render the system unbootable. Work around by setting
<programlisting>
boot.kernel.kernelParams = [ "pax_size_overflow_report_only" ];
</programlisting>
</para></listitem>
<listitem><para>
The <citerefentry><refentrytitle>modify_ldt
</refentrytitle><manvolnum>2</manvolnum></citerefentry> syscall is disabled
by default. This restriction can interfere with programs designed to run
legacy 16-bit or segmented 32-bit code. To support applications that rely
on this syscall, set
<programlisting>
boot.kernel.sysctl."kernel.modify_ldt" = 1;
</programlisting>
</para></listitem>
</itemizedlist>
</sect1>
<sect1 xml:id="sec-grsec-kernel-params"><title>Grsecurity/PaX kernel parameters</title>
<para>
The NixOS kernel supports the following kernel command line parameters:
<itemizedlist>
<listitem><para>
<literal>pax_nouderef</literal>: disable UDEREF (separate kernel and
user address spaces).
</para></listitem>
<listitem><para>
<literal>pax_weakuderef</literal>: enable a faster but
weaker variant of UDEREF on 64-bit processors with PCID support
(check <code>grep pcid /proc/cpuinfo</code>).
</para></listitem>
<listitem><para>
<literal>pax_sanitize_slab={off|fast|full}</literal>: control kernel
slab object sanitization
</para></listitem>
<listitem><para>
<literal>pax_size_overflow_report_only</literal>: log size overflow
violations but leave the violating task running
</para></listitem>
</itemizedlist>
</para>
</sect1>
</chapter>

11
nixos/doc/manual/release-notes/rl-1609.xml
View File

@ -45,9 +45,14 @@ following incompatible changes:</para>
<para>Other notable improvements:</para> <para>Other notable improvements:</para>
<itemizedlist> <itemizedlist>
<listitem>
<para>todo</para> <listitem><para>Revamped grsecurity/PaX support. There is now only a single
</listitem> general-purpose distribution kernel and the configuration interface has been
streamlined. Desktop users should be able to simply set
<programlisting>security.grsecurity.enable = true</programlisting> to get
a reasonably secure system without having to sacrifice too much
functionality. See <xref linkend="sec-grsecurity" /> for documentation
</para></listitem>
</itemizedlist> </itemizedlist>

10
nixos/modules/config/pulseaudio.nix
View File

@ -27,6 +27,7 @@ let
clientConf = writeText "client.conf" '' clientConf = writeText "client.conf" ''
autospawn=${if nonSystemWide then "yes" else "no"} autospawn=${if nonSystemWide then "yes" else "no"}
${optionalString nonSystemWide "daemon-binary=${cfg.package.out}/bin/pulseaudio"} ${optionalString nonSystemWide "daemon-binary=${cfg.package.out}/bin/pulseaudio"}
${cfg.extraClientConf}
''; '';
# Write an /etc/asound.conf that causes all ALSA applications to # Write an /etc/asound.conf that causes all ALSA applications to
@ -96,6 +97,14 @@ in {
''; '';
}; };
extraClientConf = mkOption {
type = types.str;
default = "";
description = ''
Extra configuration appended to pulse/client.conf file.
'';
};
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pulseaudioLight; default = pulseaudioLight;
@ -161,6 +170,7 @@ in {
ExecStart = "${getBin cfg.package}/bin/pulseaudio --daemonize=no"; ExecStart = "${getBin cfg.package}/bin/pulseaudio --daemonize=no";
Restart = "on-failure"; Restart = "on-failure";
}; };
environment = { DISPLAY = ":${toString config.services.xserver.display}"; };
}; };
sockets.pulseaudio = { sockets.pulseaudio = {

6
nixos/modules/misc/ids.nix
View File

@ -270,6 +270,9 @@
toxvpn = 247; toxvpn = 247;
squeezelite = 248; squeezelite = 248;
turnserver = 249; turnserver = 249;
smokeping = 250;
gocd-agent = 251;
gocd-server = 252;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -510,6 +513,9 @@
#toxvpn = 247; # unused #toxvpn = 247; # unused
#squeezelite = 248; #unused #squeezelite = 248; #unused
turnserver = 249; turnserver = 249;
smokeping = 250;
gocd-agent = 251;
gocd-server = 252;
# When adding a gid, make sure it doesn't match an existing # When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal # uid. Users and groups with the same name should have equal

9
nixos/modules/module-list.nix
View File

@ -84,6 +84,7 @@
./programs/venus.nix ./programs/venus.nix
./programs/wvdial.nix ./programs/wvdial.nix
./programs/xfs_quota.nix ./programs/xfs_quota.nix
./programs/xonsh.nix
./programs/zsh/zsh.nix ./programs/zsh/zsh.nix
./rename.nix ./rename.nix
./security/acme.nix ./security/acme.nix
@ -129,6 +130,8 @@
./services/computing/slurm/slurm.nix ./services/computing/slurm/slurm.nix
./services/continuous-integration/buildkite-agent.nix ./services/continuous-integration/buildkite-agent.nix
./services/continuous-integration/hydra/default.nix ./services/continuous-integration/hydra/default.nix
./services/continuous-integration/gocd-agent/default.nix
./services/continuous-integration/gocd-server/default.nix
./services/continuous-integration/jenkins/default.nix ./services/continuous-integration/jenkins/default.nix
./services/continuous-integration/jenkins/job-builder.nix ./services/continuous-integration/jenkins/job-builder.nix
./services/continuous-integration/jenkins/slave.nix ./services/continuous-integration/jenkins/slave.nix
@ -249,6 +252,7 @@
./services/misc/nix-ssh-serve.nix ./services/misc/nix-ssh-serve.nix
./services/misc/nzbget.nix ./services/misc/nzbget.nix
./services/misc/octoprint.nix ./services/misc/octoprint.nix
./services/misc/packagekit.nix
./services/misc/parsoid.nix ./services/misc/parsoid.nix
./services/misc/phd.nix ./services/misc/phd.nix
./services/misc/plex.nix ./services/misc/plex.nix
@ -394,6 +398,7 @@
./services/networking/shairport-sync.nix ./services/networking/shairport-sync.nix
./services/networking/shout.nix ./services/networking/shout.nix
./services/networking/sniproxy.nix ./services/networking/sniproxy.nix
./services/networking/smokeping.nix
./services/networking/softether.nix ./services/networking/softether.nix
./services/networking/spiped.nix ./services/networking/spiped.nix
./services/networking/sslh.nix ./services/networking/sslh.nix
@ -459,6 +464,7 @@
./services/ttys/gpm.nix ./services/ttys/gpm.nix
./services/ttys/kmscon.nix ./services/ttys/kmscon.nix
./services/web-apps/pump.io.nix ./services/web-apps/pump.io.nix
./services/web-apps/tt-rss.nix
./services/web-servers/apache-httpd/default.nix ./services/web-servers/apache-httpd/default.nix
./services/web-servers/caddy.nix ./services/web-servers/caddy.nix
./services/web-servers/fcgiwrap.nix ./services/web-servers/fcgiwrap.nix
@ -468,7 +474,7 @@
./services/web-servers/lighttpd/gitweb.nix ./services/web-servers/lighttpd/gitweb.nix
./services/web-servers/lighttpd/inginious.nix ./services/web-servers/lighttpd/inginious.nix
./services/web-servers/nginx/default.nix ./services/web-servers/nginx/default.nix
./services/web-servers/phpfpm.nix ./services/web-servers/phpfpm/default.nix
./services/web-servers/shellinabox.nix ./services/web-servers/shellinabox.nix
./services/web-servers/tomcat.nix ./services/web-servers/tomcat.nix
./services/web-servers/uwsgi.nix ./services/web-servers/uwsgi.nix
@ -476,6 +482,7 @@
./services/web-servers/winstone.nix ./services/web-servers/winstone.nix
./services/web-servers/zope2.nix ./services/web-servers/zope2.nix
./services/x11/colord.nix ./services/x11/colord.nix
./services/x11/compton.nix
./services/x11/unclutter.nix ./services/x11/unclutter.nix
./services/x11/desktop-managers/default.nix ./services/x11/desktop-managers/default.nix
./services/x11/display-managers/auto.nix ./services/x11/display-managers/auto.nix

13
nixos/modules/programs/ssmtp.nix
View File

@ -100,6 +100,12 @@ in
Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE) Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
''; '';
}; };
setSendmail = mkOption {
type = types.bool;
default = true;
description = "Whether to set the system sendmail to ssmtp's.";
};
}; };
@ -122,6 +128,13 @@ in
''; '';
environment.systemPackages = [pkgs.ssmtp]; environment.systemPackages = [pkgs.ssmtp];
services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail {
program = "sendmail";
source = "${pkgs.ssmtp}/bin/sendmail";
setuid = false;
setgid = false;
};
}; };

62
nixos/modules/programs/xonsh.nix Normal file
View File

@ -0,0 +1,62 @@
# This module defines global configuration for the xonsh.
{ config, lib, pkgs, ... }:
with lib;
let
cfge = config.environment;
cfg = config.programs.xonsh;
in
{
options = {
programs.xonsh = {
enable = mkOption {
default = false;
description = ''
Whether to configure xnosh as an interactive shell.
'';
type = types.bool;
};
package = mkOption {
type = types.package;
example = literalExample "pkgs.xonsh.override { configFile = \"/path/to/xonshrc\"; }";
description = ''
xonsh package to use.
'';
};
config = mkOption {
default = "";
description = "Control file to customize your shell behavior.";
type = types.lines;
};
};
};
config = mkIf cfg.enable {
environment.etc."xonshrc".text = cfg.config;
environment.systemPackages = [ pkgs.xonsh ];
environment.shells =
[ "/run/current-system/sw/bin/xonsh"
"/var/run/current-system/sw/bin/xonsh"
"${pkgs.xonsh}/bin/xonsh"
];
};
}

6
nixos/modules/security/grsecurity.nix
View File

@ -50,11 +50,11 @@ in
(isEnabled "PAX") (isEnabled "PAX")
(isYES "GRKERNSEC_SYSCTL") (isYES "GRKERNSEC_SYSCTL")
(isYES "GRKERNSEC_SYSCTL_DISTRO") (isYES "GRKERNSEC_SYSCTL_DISTRO")
(isNO "GRKERNSEC_NO_RBAC")
]; ];
# Install PaX related utillities into the system profile. Eventually, we # Install PaX related utillities into the system profile.
# also want to include gradm here. environment.systemPackages = with pkgs; [ gradm paxctl pax-utils ];
environment.systemPackages = with pkgs; [ paxctl pax-utils ];
# Install rules for the grsec device node # Install rules for the grsec device node
services.udev.packages = [ pkgs.gradm ]; services.udev.packages = [ pkgs.gradm ];

212
nixos/modules/services/continuous-integration/gocd-agent/default.nix Normal file
View File

@ -0,0 +1,212 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.gocd-agent;
in {
options = {
services.gocd-agent = {
enable = mkEnableOption "gocd-agent";
user = mkOption {
default = "gocd-agent";
type = types.str;
description = ''
User the Go.CD agent should execute under.
'';
};
group = mkOption {
default = "gocd-agent";
type = types.str;
description = ''
If the default user "gocd-agent" is configured then this is the primary
group of that user.
'';
};
extraGroups = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "wheel" "docker" ];
description = ''
List of extra groups that the "gocd-agent" user should be a part of.
'';
};
packages = mkOption {
default = [ pkgs.stdenv pkgs.jre config.programs.ssh.package pkgs.nix ];
type = types.listOf types.package;
description = ''
Packages to add to PATH for the Go.CD agent process.
'';
};
agentConfig = mkOption {
default = "";
type = types.str;
example = ''
agent.auto.register.resources=ant,java
agent.auto.register.environments=QA,Performance
agent.auto.register.hostname=Agent01
'';
description = ''
Agent registration configuration.
'';
};
goServer = mkOption {
default = "127.0.0.1";
type = types.str;
description = ''
Address of GoCD Server to attach the Go.CD Agent to.
'';
};
goServerPort = mkOption {
default = 8153;
type = types.int;
description = ''
Port that Go.CD Server is Listening on.
'';
};
workDir = mkOption {
default = "/var/lib/go-agent";
type = types.str;
description = ''
Specifies the working directory in which the Go.CD agent java archive resides.
'';
};
heapSize = mkOption {
default = "128m";
type = types.str;
description = ''
Specifies the java heap memory size for the Go.CD agent java process.
'';
};
maxMemory = mkOption {
default = "256m";
type = types.str;
description = ''
Specifies the java maximum memory size for the Go.CD agent java process.
'';
};
startupOptions = mkOption {
default = [
"-Xms${cfg.heapSize}"
"-Xmx${cfg.maxMemory}"
"-Djava.io.tmpdir=/tmp"
"-Dcruise.console.publish.interval=10"
"-Djava.security.egd=file:/dev/./urandom"
];
description = ''
Specifies startup command line arguments to pass to Go.CD agent
java process. Example contains debug and gcLog arguments.
'';
};
extraOptions = mkOption {
default = [ ];
example = [
"-X debug"
"-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5006"
"-verbose:gc"
"-Xloggc:go-agent-gc.log"
"-XX:+PrintGCTimeStamps"
"-XX:+PrintTenuringDistribution"
"-XX:+PrintGCDetails"
"-XX:+PrintGC"
];
description = ''
Specifies additional command line arguments to pass to Go.CD agent
java process. Example contains debug and gcLog arguments.
'';
};
environment = mkOption {
default = { };
type = with types; attrsOf str;
description = ''
Additional environment variables to be passed to the Go.CD agent process.
As a base environment, Go.CD agent receives NIX_PATH from
<option>environment.sessionVariables</option>, NIX_REMOTE is set to
"daemon".
'';
};
};
};
config = mkIf cfg.enable {
users.extraGroups = optional (cfg.group == "gocd-agent") {
name = "gocd-agent";
gid = config.ids.gids.gocd-agent;
};
users.extraUsers = optional (cfg.user == "gocd-agent") {
name = "gocd-agent";
description = "gocd-agent user";
createHome = true;
home = cfg.workDir;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.gocd-agent;
};
systemd.services.gocd-agent = {
description = "GoCD Agent";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment =
let
selectedSessionVars =
lib.filterAttrs (n: v: builtins.elem n [ "NIX_PATH" ])
config.environment.sessionVariables;
in
selectedSessionVars //
{
NIX_REMOTE = "daemon";
AGENT_WORK_DIR = cfg.workDir;
AGENT_STARTUP_ARGS = ''${concatStringsSep " " cfg.startupOptions}'';
LOG_DIR = cfg.workDir;
LOG_FILE = "${cfg.workDir}/go-agent-start.log";
} //
cfg.environment;
path = cfg.packages;
script = ''
MPATH="''${PATH}";
source /etc/profile
export PATH="''${MPATH}:''${PATH}";
if ! test -f ~/.nixpkgs/config.nix; then
mkdir -p ~/.nixpkgs/
echo "{ allowUnfree = true; }" > ~/.nixpkgs/config.nix
fi
mkdir -p config
rm -f config/autoregister.properties
ln -s "${pkgs.writeText "autoregister.properties" cfg.agentConfig}" config/autoregister.properties
${pkgs.git}/bin/git config --global --add http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
${pkgs.jre}/bin/java ${concatStringsSep " " cfg.startupOptions} \
${concatStringsSep " " cfg.extraOptions} \
-jar ${pkgs.gocd-agent}/go-agent/agent-bootstrapper.jar \
${cfg.goServer} \
${toString cfg.goServerPort}
'';
serviceConfig = {
User = cfg.user;
WorkingDirectory = cfg.workDir;
};
};
};
}

183
nixos/modules/services/continuous-integration/gocd-server/default.nix Normal file
View File

@ -0,0 +1,183 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.gocd-server;
in {
options = {
services.gocd-server = {
enable = mkEnableOption "gocd-server";
user = mkOption {
default = "gocd-server";
type = types.str;
description = ''
User the Go.CD server should execute under.
'';
};
group = mkOption {
default = "gocd-server";
type = types.str;
description = ''
If the default user "gocd-server" is configured then this is the primary group of that user.
'';
};
extraGroups = mkOption {
default = [ ];
example = [ "wheel" "docker" ];
description = ''
List of extra groups that the "gocd-server" user should be a part of.
'';
};
listenAddress = mkOption {
default = "0.0.0.0";
example = "localhost";
type = types.str;
description = ''
Specifies the bind address on which the Go.CD server HTTP interface listens.
'';
};
port = mkOption {
default = 8153;
type = types.int;
description = ''
Specifies port number on which the Go.CD server HTTP interface listens.
'';
};
sslPort = mkOption {
default = 8154;
type = types.int;
description = ''
Specifies port number on which the Go.CD server HTTPS interface listens.
'';
};
workDir = mkOption {
default = "/var/lib/go-server";
type = types.str;
description = ''
Specifies the working directory in which the Go.CD server java archive resides.
'';
};
packages = mkOption {
default = [ pkgs.stdenv pkgs.jre config.programs.ssh.package pkgs.nix ];
type = types.listOf types.package;
description = ''
Packages to add to PATH for the Go.CD server's process.
'';
};
heapSize = mkOption {
default = "512m";
type = types.str;
description = ''
Specifies the java heap memory size for the Go.CD server's java process.
'';
};
maxMemory = mkOption {
default = "1024m";
type = types.str;
description = ''
Specifies the java maximum memory size for the Go.CD server's java process.
'';
};
extraOptions = mkOption {
default = [
"-Xms${cfg.heapSize}"
"-Xmx${cfg.maxMemory}"
"-Dcruise.listen.host=${cfg.listenAddress}"
"-Duser.language=en"
"-Djruby.rack.request.size.threshold.bytes=30000000"
"-Duser.country=US"
"-Dcruise.config.dir=${cfg.workDir}/conf"
"-Dcruise.config.file=${cfg.workDir}/conf/cruise-config.xml"
"-Dcruise.server.port=${toString cfg.port}"
"-Dcruise.server.ssl.port=${toString cfg.sslPort}"
];
example = [
"-X debug"
"-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005"
"-verbose:gc"
"-Xloggc:go-server-gc.log"
"-XX:+PrintGCTimeStamps"
"-XX:+PrintTenuringDistribution"
"-XX:+PrintGCDetails"
"-XX:+PrintGC"
];
description = ''
Specifies additional command line arguments to pass to Go.CD server's
java process. Example contains debug and gcLog arguments.
'';
};
environment = mkOption {
default = { };
type = with types; attrsOf str;
description = ''
Additional environment variables to be passed to the gocd-server process.
As a base environment, gocd-server receives NIX_PATH from
<option>environment.sessionVariables</option>, NIX_REMOTE is set to
"daemon".
'';
};
};
};
config = mkIf cfg.enable {
users.extraGroups = optional (cfg.group == "gocd-server") {
name = "gocd-server";
gid = config.ids.gids.gocd-server;
};
users.extraUsers = optional (cfg.user == "gocd-server") {
name = "gocd-server";
description = "gocd-server user";
createHome = true;
home = cfg.workDir;
group = cfg.group;
extraGroups = cfg.extraGroups;
useDefaultShell = true;
uid = config.ids.uids.gocd-server;
};
systemd.services.gocd-server = {
description = "GoCD Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment =
let
selectedSessionVars =
lib.filterAttrs (n: v: builtins.elem n [ "NIX_PATH" ])
config.environment.sessionVariables;
in
selectedSessionVars //
{ NIX_REMOTE = "daemon";
} //
cfg.environment;
path = cfg.packages;
script = ''
${pkgs.git}/bin/git config --global --add http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
${pkgs.jre}/bin/java -server ${concatStringsSep " " cfg.extraOptions} \
-jar ${pkgs.gocd-server}/go-server/go.jar
'';
serviceConfig = {
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.workDir;
};
};
};
}

17
nixos/modules/services/databases/mysql.nix
View File

@ -128,6 +128,10 @@ in
description = "Hostname of the MySQL master server"; description = "Hostname of the MySQL master server";
}; };
slaveHost = mkOption {
description = "Hostname of the MySQL slave server";
};
masterUser = mkOption { masterUser = mkOption {
description = "Username of the MySQL replication user"; description = "Username of the MySQL replication user";
}; };
@ -231,10 +235,21 @@ in
fi fi
'') cfg.initialDatabases} '') cfg.initialDatabases}
${optionalString (cfg.replication.role == "slave" && atLeast55) ${optionalString (cfg.replication.role == "master" && atLeast55)
'' ''
# Set up the replication master # Set up the replication master
( echo "use mysql;"
echo "CREATE USER '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' IDENTIFIED WITH mysql_native_password;"
echo "SET PASSWORD FOR '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' = PASSWORD('${cfg.replication.masterPassword}');"
echo "GRANT REPLICATION SLAVE ON *.* TO '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}';"
) | ${mysql}/bin/mysql -u root -N
''}
${optionalString (cfg.replication.role == "slave" && atLeast55)
''
# Set up the replication slave
( echo "stop slave;" ( echo "stop slave;"
echo "change master to master_host='${cfg.replication.masterHost}', master_user='${cfg.replication.masterUser}', master_password='${cfg.replication.masterPassword}';" echo "change master to master_host='${cfg.replication.masterHost}', master_user='${cfg.replication.masterUser}', master_password='${cfg.replication.masterPassword}';"
echo "start slave;" echo "start slave;"

2
nixos/modules/services/misc/cgminer.nix
View File

@ -126,7 +126,7 @@ in
environment = { environment = {
LD_LIBRARY_PATH = ''/run/opengl-driver/lib:/run/opengl-driver-32/lib''; LD_LIBRARY_PATH = ''/run/opengl-driver/lib:/run/opengl-driver-32/lib'';
DISPLAY = ":0"; DISPLAY = ":${toString config.services.xserver.display}";
GPU_MAX_ALLOC_PERCENT = "100"; GPU_MAX_ALLOC_PERCENT = "100";
GPU_USE_SYNC_OBJECTS = "1"; GPU_USE_SYNC_OBJECTS = "1";
}; };

61
nixos/modules/services/misc/packagekit.nix Normal file
View File

@ -0,0 +1,61 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.packagekit;
backend = "nix";
packagekitConf = ''
[Daemon]
DefaultBackend=${backend}
KeepCache=false
'';
vendorConf = ''
[PackagesNotFound]
DefaultUrl=https://github.com/NixOS/nixpkgs
CodecUrl=https://github.com/NixOS/nixpkgs
HardwareUrl=https://github.com/NixOS/nixpkgs
FontUrl=https://github.com/NixOS/nixpkgs
MimeUrl=https://github.com/NixOS/nixpkgs
'';
in
{
options = {
services.packagekit = {
enable = mkEnableOption
''
PackageKit provides a cross-platform D-Bus abstraction layer for
installing software. Software utilizing PackageKit can install
software regardless of the package manager.
'';
};
};
config = mkIf cfg.enable {
services.dbus.packages = [ pkgs.packagekit ];
systemd.services.packagekit = {
description = "PackageKit Daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.packagekit}/libexec/packagekitd";
serviceConfig.User = "root";
serviceConfig.BusName = "org.freedesktop.PackageKit";
serviceConfig.Type = "dbus";
};
environment.etc."PackageKit/PackageKit.conf".text = packagekitConf;
environment.etc."PackageKit/Vendor.conf".text = vendorConf;
};
}

17
nixos/modules/services/monitoring/grafana.nix
View File

@ -9,6 +9,7 @@ let
envOptions = { envOptions = {
PATHS_DATA = cfg.dataDir; PATHS_DATA = cfg.dataDir;
PATHS_PLUGINS = "${cfg.dataDir}/plugins";
PATHS_LOGS = "${cfg.dataDir}/log"; PATHS_LOGS = "${cfg.dataDir}/log";
SERVER_PROTOCOL = cfg.protocol; SERVER_PROTOCOL = cfg.protocol;
@ -37,6 +38,8 @@ let
USERS_AUTO_ASSIGN_ORG_ROLE = cfg.users.autoAssignOrgRole; USERS_AUTO_ASSIGN_ORG_ROLE = cfg.users.autoAssignOrgRole;
AUTH_ANONYMOUS_ENABLED = b2s cfg.auth.anonymous.enable; AUTH_ANONYMOUS_ENABLED = b2s cfg.auth.anonymous.enable;
AUTH_ANONYMOUS_ORG_NAME = cfg.auth.anonymous.org_name;
AUTH_ANONYMOUS_ORG_ROLE = cfg.auth.anonymous.org_role;
ANALYTICS_REPORTING_ENABLED = b2s cfg.analytics.reporting.enable; ANALYTICS_REPORTING_ENABLED = b2s cfg.analytics.reporting.enable;
} // cfg.extraOptions; } // cfg.extraOptions;
@ -196,6 +199,17 @@ in {
default = false; default = false;
type = types.bool; type = types.bool;
}; };
org_name = mkOption {
description = "Which organization to allow anonymous access to";
default = "Main Org.";
type = types.str;
};
org_role = mkOption {
description = "Which role anonymous users have in the organization";
default = "Viewer";
type = types.str;
};
}; };
analytics.reporting = { analytics.reporting = {
@ -222,6 +236,8 @@ in {
"Grafana passwords will be stored as plaintext in the Nix store!" "Grafana passwords will be stored as plaintext in the Nix store!"
]; ];
environment.systemPackages = [ cfg.package ];
systemd.services.grafana = { systemd.services.grafana = {
description = "Grafana Service Daemon"; description = "Grafana Service Daemon";
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
@ -234,6 +250,7 @@ in {
}; };
preStart = '' preStart = ''
ln -fs ${cfg.package}/share/grafana/conf ${cfg.dataDir} ln -fs ${cfg.package}/share/grafana/conf ${cfg.dataDir}
ln -fs ${cfg.package}/share/grafana/vendor ${cfg.dataDir}
''; '';
}; };

80
nixos/modules/services/monitoring/sysstat.nix Normal file
View File

@ -0,0 +1,80 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.sysstat;
in {
options = {
services.sysstat = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable sar system activity collection.
'';
};
collect-frequency = mkOption {
default = "*:00/10";
description = ''
OnCalendar specification for sysstat-collect
'';
};
collect-args = mkOption {
default = "1 1";
description = ''
Arguments to pass sa1 when collecting statistics
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.sysstat = {
description = "Resets System Activity Logs";
wantedBy = [ "multi-user.target" ];
preStart = "test -d /var/log/sa || mkdir -p /var/log/sa";
serviceConfig = {
User = "root";
RemainAfterExit = true;
Type = "oneshot";
ExecStart = "${pkgs.sysstat}/lib/sa/sa1 --boot";
};
};
systemd.services.sysstat-collect = {
description = "system activity accounting tool";
unitConfig.Documentation = "man:sa1(8)";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${pkgs.sysstat}/lib/sa/sa1 ${cfg.collect-args}";
};
};
systemd.timers.sysstat-collect = {
description = "Run system activity accounting tool on a regular basis";
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = cfg.collect-frequency;
};
systemd.services.sysstat-summary = {
description = "Generate a daily summary of process accounting";
unitConfig.Documentation = "man:sa2(8)";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${pkgs.sysstat}/lib/sa/sa2 -A";
};
};
systemd.timers.sysstat-summary = {
description = "Generate summary of yesterday's process accounting";
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "00:07:00";
};
};
}

2
nixos/modules/services/networking/ddclient.nix
View File

@ -48,7 +48,7 @@ in
default = ""; default = "";
type = str; type = str;
description = '' description = ''
Password. Password. WARNING: The password becomes world readable in the Nix store.
''; '';
}; };

261
nixos/modules/services/networking/smokeping.nix Normal file
View File

@ -0,0 +1,261 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.smokeping;
smokepingHome = "/var/lib/smokeping";
smokepingPidDir = "/run";
configFile = ''
*** General ***
owner = ${cfg.owner}
contact = ${cfg.ownerEmail}
mailhost = ${cfg.mailHost}
#sendmail = /var/setuid-wrappers/sendmail
imgcache = ${smokepingHome}/cache
imgurl = http://${cfg.hostName}:${builtins.toString cfg.port}/cache
datadir = ${smokepingHome}/data
piddir = ${smokepingPidDir}
cgiurl = http://${cfg.hostName}:${builtins.toString cfg.port}/smokeping.cgi
smokemail = ${cfg.smokeMailTemplate}
*** Presentation ***
template = ${cfg.presentationTemplate}
${cfg.presentationConfig}
#*** Alerts ***
#${cfg.alertConfig}
*** Database ***
${cfg.databaseConfig}
*** Probes ***
${cfg.probeConfig}
*** Targets ***
${cfg.targetConfig}
${cfg.extraConfig}
'';
configPath = pkgs.writeText "smokeping.conf" configFile;
cgiHome = pkgs.writeScript "smokeping.fcgi" ''
#!${pkgs.bash}/bin/bash
${cfg.package}/bin/smokeping_cgi ${configPath}
'';
in
{
options = {
services.smokeping = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable the smokeping service";
};
webService = mkOption {
type = types.bool;
default = true;
description = "Enable a smokeping web interface";
};
user = mkOption {
type = types.string;
default = "smokeping";
description = "User that runs smokeping and (optionally) thttpd";
};
mailHost = mkOption {
type = types.string;
default = "127.0.0.1";
description = "Use this SMTP server rather than localhost";
};
smokeMailTemplate = mkOption {
type = types.string;
default = "${cfg.package}/etc/smokemail.dist";
description = "Specify the smokemail template for alerts.";
};
package = mkOption {
type = types.package;
default = pkgs.smokeping;
description = "Specify a custom smokeping package";
};
owner = mkOption {
type = types.string;
default = "nobody";
example = "Joe Admin";
description = "Real name of the owner of the instance";
};
hostName = mkOption {
type = types.string;
default = config.networking.hostName;
example = "somewhere.example.com";
description = "DNS name for the urls generated in the cgi.";
};
port = mkOption {
type = types.int;
default = 8081;
example = 8081;
description = "TCP port to use for the web server.";
};
ownerEmail = mkOption {
type = types.string;
default = "no-reply@${cfg.hostName}";
example = "no-reply@yourdomain.com";
description = "Email contact for owner";
};
databaseConfig = mkOption {
type = types.string;
default = ''
step = 300
pings = 20
# consfn mrhb steps total
AVERAGE 0.5 1 1008
AVERAGE 0.5 12 4320
MIN 0.5 12 4320
MAX 0.5 12 4320
AVERAGE 0.5 144 720
MAX 0.5 144 720
MIN 0.5 144 720
'';
example = literalExample ''
# near constant pings.
step = 30
pings = 20
# consfn mrhb steps total
AVERAGE 0.5 1 10080
AVERAGE 0.5 12 43200
MIN 0.5 12 43200
MAX 0.5 12 43200
AVERAGE 0.5 144 7200
MAX 0.5 144 7200
MIN 0.5 144 7200
'';
description = ''Configure the ping frequency and retention of the rrd files.
Once set, changing the interval will require deletion or migration of all
the collected data.'';
};
alertConfig = mkOption {
type = types.string;
default = "";
example = literalExample ''
to = alertee@address.somewhere
from = smokealert@company.xy
+someloss
type = loss
# in percent
pattern = >0%,*12*,>0%,*12*,>0%
comment = loss 3 times in a row;
'';
description = "Configuration for alerts.";
};
presentationTemplate = mkOption {
type = types.string;
default = "${pkgs.smokeping}/etc/basepage.html.dist";
description = "Default page layout for the web UI.";
};
presentationConfig = mkOption {
type = types.string;
default = ''
+ charts
menu = Charts
title = The most interesting destinations
++ stddev
sorter = StdDev(entries=>4)
title = Top Standard Deviation
menu = Std Deviation
format = Standard Deviation %f
++ max
sorter = Max(entries=>5)
title = Top Max Roundtrip Time
menu = by Max
format = Max Roundtrip Time %f seconds
++ loss
sorter = Loss(entries=>5)
title = Top Packet Loss
menu = Loss
format = Packets Lost %f
++ median
sorter = Median(entries=>5)
title = Top Median Roundtrip Time
menu = by Median
format = Median RTT %f seconds
+ overview
width = 600
height = 50
range = 10h
+ detail
width = 600
height = 200
unison_tolerance = 2
"Last 3 Hours" 3h
"Last 30 Hours" 30h
"Last 10 Days" 10d
"Last 360 Days" 360d
'';
description = "presentation graph style";
};
probeConfig = mkOption {
type = types.string;
default = ''
+ FPing
binary = ${pkgs.fping}/bin/fping
'';
description = "Probe configuration";
};
targetConfig = mkOption {
type = types.string;
default = ''
probe = FPing
menu = Top
title = Network Latency Grapher
remark = Welcome to the SmokePing website of xxx Company. \
Here you will learn all about the latency of our network.
+ Local
menu = Local
title = Local Network
++ LocalMachine
menu = Local Machine
title = This host
host = localhost
'';
description = "Target configuration";
};
extraConfig = mkOption {
type = types.string;
default = "";
description = "Any additional customization not already included.";
};
};
};
config = mkIf cfg.enable {
users.extraUsers = singleton {
name = cfg.user;
isNormalUser = false;
isSystemUser = true;
uid = config.ids.uids.smokeping;
description = "smokeping daemon user";
home = smokepingHome;
};
systemd.services.smokeping = {
wantedBy = [ "multi-user.target"];
serviceConfig.User = cfg.user;
serviceConfig.PermissionsStartOnly = true;
preStart = ''
mkdir -m 0755 -p ${smokepingHome}/cache ${smokepingHome}/data
chown -R ${cfg.user} ${smokepingHome}
cp ${cgiHome} ${smokepingHome}/smokeping.fcgi
${cfg.package}/bin/smokeping --check --config=${configPath}
'';
script = ''${cfg.package}/bin/smokeping --config=${configPath} --nodaemon'';
};
systemd.services.thttpd = mkIf cfg.webService {
wantedBy = [ "multi-user.target"];
requires = [ "smokeping.service"];
partOf = [ "smokeping.service"];
path = with pkgs; [ bash rrdtool smokeping ];
script = ''${pkgs.thttpd}/bin/thttpd -u ${cfg.user} -c "**.fcgi" -d ${smokepingHome} -p ${builtins.toString cfg.port} -D'';
};
};
}

14
nixos/modules/services/networking/syncthing.nix
View File

@ -9,6 +9,7 @@ let
header = { header = {
description = "Syncthing service"; description = "Syncthing service";
after = [ "network.target" ];
environment = { environment = {
STNORESTART = "yes"; STNORESTART = "yes";
STNOUPGRADE = "yes"; STNOUPGRADE = "yes";
@ -113,9 +114,8 @@ in
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
systemd.services = mkIf cfg.systemService { systemd.services.syncthing = mkIf cfg.systemService
syncthing = header // { header // {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = service // { serviceConfig = service // {
User = cfg.user; User = cfg.user;
@ -124,14 +124,14 @@ in
ExecStart = "${cfg.package}/bin/syncthing -no-browser -home=${cfg.dataDir}"; ExecStart = "${cfg.package}/bin/syncthing -no-browser -home=${cfg.dataDir}";
}; };
}; };
};
systemd.user.services = { systemd.user.services.syncthing =
syncthing = header // { header // {
wantedBy = [ "default.target" ];
serviceConfig = service // { serviceConfig = service // {
ExecStart = "${cfg.package}/bin/syncthing -no-browser"; ExecStart = "${cfg.package}/bin/syncthing -no-browser";
}; };
}; };
};
}; };
} }

6
nixos/modules/services/networking/zerotierone.nix
View File

@ -26,6 +26,10 @@ in
KillMode = "process"; KillMode = "process";
}; };
}; };
environment.systemPackages = [ pkgs.zerotierone ];
# ZeroTier does not issue DHCP leases, but some strangers might...
networking.dhcpcd.denyInterfaces = [ "zt0" ];
environment.systemPackages = [ pkgs.zerotierone ];
}; };
} }

569
nixos/modules/services/web-apps/tt-rss.nix Normal file
View File

@ -0,0 +1,569 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.tt-rss;
configVersion = 26;
boolToString = b: if b then "true" else "false";
cacheDir = "cache";
lockDir = "lock";
feedIconsDir = "feed-icons";
dbPort = if cfg.database.port == null
then (if cfg.database.type == "pgsql" then 5432 else 3306)
else cfg.database.port;
poolName = "tt-rss";
virtualHostName = "tt-rss";
tt-rss-config = pkgs.writeText "config.php" ''
<?php
define('PHP_EXECUTABLE', '${pkgs.php}/bin/php');
define('LOCK_DIRECTORY', '${lockDir}');
define('CACHE_DIR', '${cacheDir}');
define('ICONS_DIR', '${feedIconsDir}');
define('ICONS_URL', '${feedIconsDir}');
define('SELF_URL_PATH', '${cfg.selfUrlPath}');
define('MYSQL_CHARSET', 'UTF8');
define('DB_TYPE', '${cfg.database.type}');
define('DB_HOST', '${cfg.database.host}');
define('DB_USER', '${cfg.database.user}');
define('DB_NAME', '${cfg.database.name}');
define('DB_PASS', '${escape ["'" "\\"] cfg.database.password}');
define('DB_PORT', '${toString dbPort}');
define('AUTH_AUTO_CREATE', ${boolToString cfg.auth.autoCreate});
define('AUTH_AUTO_LOGIN', ${boolToString cfg.auth.autoLogin});
define('FEED_CRYPT_KEY', '${escape ["'" "\\"] cfg.feedCryptKey}');
define('SINGLE_USER_MODE', ${boolToString cfg.singleUserMode});
define('SIMPLE_UPDATE_MODE', ${boolToString cfg.simpleUpdateMode});
define('CHECK_FOR_UPDATES', ${boolToString cfg.checkForUpdates});
define('FORCE_ARTICLE_PURGE', ${toString cfg.forceArticlePurge});
define('SESSION_COOKIE_LIFETIME', ${toString cfg.sessionCookieLifetime});
define('ENABLE_GZIP_OUTPUT', ${boolToString cfg.enableGZipOutput});
define('PLUGINS', '${builtins.concatStringsSep "," cfg.plugins}');
define('LOG_DESTINATION', '${cfg.logDestination}');
define('CONFIG_VERSION', ${toString configVersion});
define('PUBSUBHUBBUB_ENABLED', ${boolToString cfg.pubSubHubbub.enable});
define('PUBSUBHUBBUB_HUB', '${cfg.pubSubHubbub.hub}');
define('SPHINX_SERVER', '${cfg.sphinx.server}');
define('SPHINX_INDEX', '${builtins.concatStringsSep "," cfg.sphinx.index}');
define('ENABLE_REGISTRATION', ${boolToString cfg.registration.enable});
define('REG_NOTIFY_ADDRESS', '${cfg.registration.notifyAddress}');
define('REG_MAX_USERS', ${toString cfg.registration.maxUsers});
define('SMTP_SERVER', '${cfg.email.server}');
define('SMTP_LOGIN', '${cfg.email.login}');
define('SMTP_PASSWORD', '${escape ["'" "\\"] cfg.email.password}');
define('SMTP_SECURE', '${cfg.email.security}');
define('SMTP_FROM_NAME', '${escape ["'" "\\"] cfg.email.fromName}');
define('SMTP_FROM_ADDRESS', '${escape ["'" "\\"] cfg.email.fromAddress}');
define('DIGEST_SUBJECT', '${escape ["'" "\\"] cfg.email.digestSubject}');
'';
in {
###### interface
options = {
services.tt-rss = {
enable = mkEnableOption "tt-rss";
user = mkOption {
type = types.str;
default = "nginx";
example = "nginx";
description = ''
User account under which both the service and the web-application run.
'';
};
pool = mkOption {
type = types.str;
default = "${poolName}";
description = ''
Name of existing phpfpm pool that is used to run web-application.
If not specified a pool will be created automatically with
default values.
'';
};
# TODO: Re-enable after https://github.com/NixOS/nixpkgs/pull/15862 is merged
# virtualHost = mkOption {
# type = types.str;
# default = "${virtualHostName}";
# description = ''
# Name of existing nginx virtual host that is used to run web-application.
# If not specified a host will be created automatically with
# default values.
# '';
# };
database = {
type = mkOption {
type = types.enum ["pgsql" "mysql"];
default = "pgsql";
description = ''
Database to store feeds. Supported are pgsql and mysql.
'';
};
host = mkOption {
type = types.str;
default = "localhost";
description = ''
Host of the database.
'';
};
name = mkOption {
type = types.str;
default = "tt_rss";
description = ''
Name of the existing database.
'';
};
user = mkOption {
type = types.str;
default = "tt_rss";
description = ''
The database user. The user must exist and has access to
the specified database.
'';
};
password = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The database user's password.
'';
};
port = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
The database's port. If not set, the default ports will be provided (5432
and 3306 for pgsql and mysql respectively).
'';
};
};
auth = {
autoCreate = mkOption {
type = types.bool;
default = true;
description = ''
Allow authentication modules to auto-create users in tt-rss internal
database when authenticated successfully.
'';
};
autoLogin = mkOption {
type = types.bool;
default = true;
description = ''
Automatically login user on remote or other kind of externally supplied
authentication, otherwise redirect to login form as normal.
If set to true, users won't be able to set application language
and settings profile.
'';
};
};
pubSubHubbub = {
hub = mkOption {
type = types.str;
default = "";
description = ''
URL to a PubSubHubbub-compatible hub server. If defined, "Published
articles" generated feed would automatically become PUSH-enabled.
'';
};
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable client PubSubHubbub support in tt-rss. When disabled, tt-rss
won't try to subscribe to PUSH feed updates.
'';
};
};
sphinx = {
server = mkOption {
type = types.str;
default = "localhost:9312";
description = ''
Hostname:port combination for the Sphinx server.
'';
};
index = mkOption {
type = types.listOf types.str;
default = ["ttrss" "delta"];
description = ''
Index names in Sphinx configuration. Example configuration
files are available on tt-rss wiki.
'';
};
};
registration = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Allow users to register themselves. Please be aware that allowing
random people to access your tt-rss installation is a security risk
and potentially might lead to data loss or server exploit. Disabled
by default.
'';
};
notifyAddress = mkOption {
type = types.str;
default = "";
description = ''
Email address to send new user notifications to.
'';
};
maxUsers = mkOption {
type = types.int;
default = 0;
description = ''
Maximum amount of users which will be allowed to register on this
system. 0 - no limit.
'';
};
};
email = {
server = mkOption {
type = types.str;
default = "";
example = "localhost:25";
description = ''
Hostname:port combination to send outgoing mail. Blank - use system
MTA.
'';
};
login = mkOption {
type = types.str;
default = "";
description = ''
SMTP authentication login used when sending outgoing mail.
'';
};
password = mkOption {
type = types.str;
default = "";
description = ''
SMTP authentication password used when sending outgoing mail.
'';
};
security = mkOption {
type = types.enum ["" "ssl" "tls"];
default = "";
description = ''
Used to select a secure SMTP connection. Allowed values: ssl, tls,
or empty.
'';
};
fromName = mkOption {
type = types.str;
default = "Tiny Tiny RSS";
description = ''
Name for sending outgoing mail. This applies to password reset
notifications, digest emails and any other mail.
'';
};
fromAddress = mkOption {
type = types.str;
default = "";
description = ''
Address for sending outgoing mail. This applies to password reset
notifications, digest emails and any other mail.
'';
};
digestSubject = mkOption {
type = types.str;
default = "[tt-rss] New headlines for last 24 hours";
description = ''
Subject line for email digests.
'';
};
};
sessionCookieLifetime = mkOption {
type = types.int;
default = 86400;
description = ''
Default lifetime of a session (e.g. login) cookie. In seconds,
0 means cookie will be deleted when browser closes.
'';
};
selfUrlPath = mkOption {
type = types.str;
description = ''
Full URL of your tt-rss installation. This should be set to the
location of tt-rss directory, e.g. http://example.org/tt-rss/
You need to set this option correctly otherwise several features
including PUSH, bookmarklets and browser integration will not work properly.
'';
example = "http://localhost";
};
feedCryptKey = mkOption {
type = types.str;
default = "";
description = ''
Key used for encryption of passwords for password-protected feeds
in the database. A string of 24 random characters. If left blank, encryption
is not used. Requires mcrypt functions.
Warning: changing this key will make your stored feed passwords impossible
to decrypt.
'';
};
singleUserMode = mkOption {
type = types.bool;
default = true;
description = ''
Operate in single user mode, disables all functionality related to
multiple users and authentication. Enabling this assumes you have
your tt-rss directory protected by other means (e.g. http auth).
'';
};
simpleUpdateMode = mkOption {
type = types.bool;
default = false;
description = ''
Enables fallback update mode where tt-rss tries to update feeds in
background while tt-rss is open in your browser.
If you don't have a lot of feeds and don't want to or can't run
background processes while not running tt-rss, this method is generally
viable to keep your feeds up to date.
Still, there are more robust (and recommended) updating methods
available, you can read about them here: http://tt-rss.org/wiki/UpdatingFeeds
'';
};
forceArticlePurge = mkOption {
type = types.int;
default = 0;
description = ''
When this option is not 0, users ability to control feed purging
intervals is disabled and all articles (which are not starred)
older than this amount of days are purged.
'';
};
checkForUpdates = mkOption {
type = types.bool;
default = true;
description = ''
Check for updates automatically if running Git version
'';
};
enableGZipOutput = mkOption {
type = types.bool;
default = true;
description = ''
Selectively gzip output to improve wire performance. This requires
PHP Zlib extension on the server.
Enabling this can break tt-rss in several httpd/php configurations,
if you experience weird errors and tt-rss failing to start, blank pages
after login, or content encoding errors, disable it.
'';
};
plugins = mkOption {
type = types.listOf types.str;
default = ["auth_internal" "note"];
description = ''
List of plugins to load automatically for all users.
System plugins have to be specified here. Please enable at least one
authentication plugin here (auth_*).
Users may enable other user plugins from Preferences/Plugins but may not
disable plugins specified in this list.
Disabling auth_internal in this list would automatically disable
reset password link on the login form.
'';
};
logDestination = mkOption {
type = types.enum ["" "sql" "syslog"];
default = "sql";
description = ''
Log destination to use. Possible values: sql (uses internal logging
you can read in Preferences -> System), syslog - logs to system log.
Setting this to blank uses PHP logging (usually to http server
error.log).
'';
};
};
};
###### implementation
config = let
root = "/var/lib/tt-rss";
in mkIf cfg.enable {
services.phpfpm.pools = if cfg.pool == "${poolName}" then {
"${poolName}" = {
listen = "/var/run/phpfpm/${poolName}.sock";
extraConfig = ''
listen.owner = nginx
listen.group = nginx
listen.mode = 0600
user = nginx
pm = dynamic
pm.max_children = 75
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 500
catch_workers_output = 1
'';
};
} else {};
# TODO: Re-enable after https://github.com/NixOS/nixpkgs/pull/15862 is merged
# services.nginx.virtualHosts = if cfg.virtualHost == "${virtualHostName}" then {
# "${virtualHostName}" = {
# root = "${root}";
# extraConfig = ''
# access_log /var/log/nginx-${virtualHostName}-access.log;
# error_log /var/log/nginx-${virtualHostName}-error.log;
# '';
# locations."/" = {
# extraConfig = ''
# index index.php;
# '';
# };
# locations."~ \.php$" = {
# extraConfig = ''
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass unix:${config.services.phpfpm.pools."${cfg.pool}".listen};
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME ${root}/$fastcgi_script_name;
# include ${pkgs.nginx}/conf/fastcgi_params;
# '';
# };
# };
# } else {};
systemd.services.tt-rss = let
dbService = if cfg.database.type == "pgsql" then "postgresql.service" else "mysql.service";
in {
description = "Tiny Tiny RSS feeds update daemon";
preStart = let
callSql = if cfg.database.type == "pgsql" then (e: ''
${optionalString (cfg.database.password != null)
"PGPASSWORD=${cfg.database.password}"} ${pkgs.postgresql95}/bin/psql \
-U ${cfg.database.user} \
-h ${cfg.database.host} \
--port ${toString dbPort} \
-c '${e}' \
${cfg.database.name}'')
else if cfg.database.type == "mysql" then (e: ''
echo '${e}' | ${pkgs.mysql}/bin/mysql \
${optionalString (cfg.database.password != null)
"-p${cfg.database.password}"} \
-u ${cfg.database.user} \
-h ${cfg.database.host} \
-P ${toString dbPort} \
${cfg.database.name}'')
else "";
in ''
rm -rf "${root}/*"
mkdir -m 755 -p "${root}"
cp -r "${pkgs.tt-rss}/"* "${root}"
ln -sf "${tt-rss-config}" "${root}/config.php"
chown -R "${cfg.user}" "${root}"
chmod -R 755 "${root}"
'' + (optionalString (cfg.database.type == "pgsql") ''
exists=$(${callSql "select count(*) > 0 from pg_tables where tableowner = user"} \
| tail -n+3 | head -n-2 | sed -e 's/[ \n\t]*//')
if [ "$exists" == 'f' ]; then
${callSql "\\i ${pkgs.tt-rss}/schema/ttrss_schema_${cfg.database.type}.sql"}
else
echo 'The database contains some data. Leaving it as it is.'
fi;
'') + (optionalString (cfg.database.type == "mysql") ''
exists=$(${callSql "select count(*) > 0 from information_schema.tables where table_schema = schema()"} \
| tail -n+2 | sed -e 's/[ \n\t]*//')
if [ "$exists" == '0' ]; then
${callSql "\\. ${pkgs.tt-rss}/schema/ttrss_schema_${cfg.database.type}.sql"}
else
echo 'The database contains some data. Leaving it as it is.'
fi;
'');
serviceConfig = {
User = "${cfg.user}";
ExecStart = "${pkgs.php}/bin/php /var/lib/tt-rss/update.php --daemon";
StandardOutput = "syslog";
StandardError = "syslog";
PermissionsStartOnly = true;
};
wantedBy = [ "multi-user.target" ];
requires = ["${dbService}"];
after = ["network.target" "${dbService}"];
};
};
}

26
nixos/modules/services/web-servers/caddy.nix
View File

@ -14,12 +14,26 @@ in
description = "Verbatim Caddyfile to use"; description = "Verbatim Caddyfile to use";
}; };
ca = mkOption {
default = "https://acme-v01.api.letsencrypt.org/directory";
example = "https://acme-staging.api.letsencrypt.org/directory";
type = types.string;
description = "Certificate authority ACME server. The default (Let's Encrypt production server) should be fine for most people.";
};
email = mkOption { email = mkOption {
default = ""; default = "";
type = types.string; type = types.string;
description = "Email address (for Let's Encrypt certificate)"; description = "Email address (for Let's Encrypt certificate)";
}; };
agree = mkOption {
default = false;
example = true;
type = types.bool;
description = "Agree to Let's Encrypt Subscriber Agreement";
};
dataDir = mkOption { dataDir = mkOption {
default = "/var/lib/caddy"; default = "/var/lib/caddy";
type = types.path; type = types.path;
@ -33,11 +47,13 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.caddy.bin}/bin/caddy -conf=${configFile} -email=${cfg.email}"; ExecStart = ''${pkgs.caddy.bin}/bin/caddy -conf=${configFile} \
Type = "simple"; -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"}
User = "caddy"; '';
Group = "caddy"; Type = "simple";
AmbientCapabilities = "cap_net_bind_service"; User = "caddy";
Group = "caddy";
AmbientCapabilities = "cap_net_bind_service";
}; };
}; };

5
nixos/modules/services/web-servers/lighttpd/cgit.nix
View File

@ -63,6 +63,11 @@ in
} }
''; '';
systemd.services.lighttpd.preStart = ''
mkdir -p /var/cache/cgit
chown lighttpd:lighttpd /var/cache/cgit
'';
}; };
} }

6
nixos/modules/services/web-servers/lighttpd/default.nix
View File

@ -224,12 +224,6 @@ in
description = "Lighttpd Web Server"; description = "Lighttpd Web Server";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = ''
${if cfg.cgit.enable then ''
mkdir -p /var/cache/cgit
chown lighttpd:lighttpd /var/cache/cgit
'' else ""}
'';
serviceConfig.ExecStart = "${pkgs.lighttpd}/sbin/lighttpd -D -f ${configFile}"; serviceConfig.ExecStart = "${pkgs.lighttpd}/sbin/lighttpd -D -f ${configFile}";
# SIGINT => graceful shutdown # SIGINT => graceful shutdown
serviceConfig.KillSignal = "SIGINT"; serviceConfig.KillSignal = "SIGINT";

34
nixos/modules/services/web-servers/phpfpm.nix → nixos/modules/services/web-servers/phpfpm/default.nix
View File

@ -9,6 +9,12 @@ let
pidFile = "${stateDir}/phpfpm.pid"; pidFile = "${stateDir}/phpfpm.pid";
mkPool = n: p: ''
[${n}]
listen = ${p.listen}
${p.extraConfig}
'';
cfgFile = pkgs.writeText "phpfpm.conf" '' cfgFile = pkgs.writeText "phpfpm.conf" ''
[global] [global]
pid = ${pidFile} pid = ${pidFile}
@ -16,7 +22,7 @@ let
daemonize = yes daemonize = yes
${cfg.extraConfig} ${cfg.extraConfig}
${concatStringsSep "\n" (mapAttrsToList (n: v: "[${n}]\n${v}") cfg.poolConfigs)} ${concatStringsSep "\n" (mapAttrsToList mkPool cfg.pools)}
''; '';
phpIni = pkgs.writeText "php.ini" '' phpIni = pkgs.writeText "php.ini" ''
@ -61,33 +67,19 @@ in {
"Options appended to the PHP configuration file <filename>php.ini</filename>."; "Options appended to the PHP configuration file <filename>php.ini</filename>.";
}; };
poolConfigs = mkOption { pools = mkOption {
type = types.attrsOf types.lines; type = types.attrsOf (types.submodule (import ./pool-options.nix {
inherit lib;
}));
default = {}; default = {};
example = literalExample ''
{ mypool = '''
listen = /run/phpfpm/mypool
user = nobody
pm = dynamic
pm.max_children = 75
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 500
''';
}
'';
description = '' description = ''
A mapping between PHP FPM pool names and their configurations. If no pools are defined, the phpfpm service is disabled.
See the documentation on <literal>php-fpm.conf</literal> for
details on configuration directives. If no pools are defined,
the phpfpm service is disabled.
''; '';
}; };
}; };
}; };
config = mkIf (cfg.poolConfigs != {}) { config = mkIf (cfg.pools != {}) {
systemd.services.phpfpm = { systemd.services.phpfpm = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];

35
nixos/modules/services/web-servers/phpfpm/pool-options.nix Normal file
View File

@ -0,0 +1,35 @@
{ lib }:
with lib; {
options = {
listen = mkOption {
type = types.str;
example = "/path/to/unix/socket";
description = ''
The address on which to accept FastCGI requests.
'';
};
extraConfig = mkOption {
type = types.lines;
example = ''
user = nobody
pm = dynamic
pm.max_children = 75
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 500
'';
description = ''
Extra lines that go into the pool configuration.
See the documentation on <literal>php-fpm.conf</literal> for
details on configuration directives.
'';
};
};
}

225
nixos/modules/services/x11/compton.nix Normal file
View File

@ -0,0 +1,225 @@
{ config, lib, pkgs, ... }:
with lib;
with builtins;
let
cfg = config.services.compton;
configFile = pkgs.writeText "compton.conf"
(optionalString cfg.fade ''
# fading
fading = true;
fade-delta = ${toString cfg.fadeDelta};
fade-in-step = ${elemAt cfg.fadeSteps 0};
fade-out-step = ${elemAt cfg.fadeSteps 1};
fade-exclude = ${toJSON cfg.fadeExclude};
'' +
optionalString cfg.shadow ''
# shadows
shadow = true;
shadow-offset-x = ${toString (elemAt cfg.shadowOffsets 0)};
shadow-offset-y = ${toString (elemAt cfg.shadowOffsets 1)};
shadow-opacity = ${cfg.shadowOpacity};
shadow-exclude = ${toJSON cfg.shadowExclude};
'' + ''
# opacity
active-opacity = ${cfg.activeOpacity};
inactive-opacity = ${cfg.inactiveOpacity};
menu-opacity = ${cfg.menuOpacity};
# other options
backend = ${toJSON cfg.backend};
vsync = ${toJSON cfg.vSync};
refresh-rate = ${toString cfg.refreshRate};
'' + cfg.extraOptions);
in {
options.services.compton = {
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether of not to enable Compton as the X.org composite manager.
'';
};
fade = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Fade windows in and out.
'';
};
fadeDelta = mkOption {
type = types.int;
default = 10;
example = 5;
description = ''
Time between fade animation step (in ms).
'';
};
fadeSteps = mkOption {
type = types.listOf types.str;
default = [ "0.028" "0.03" ];
example = [ "0.04" "0.04" ];
description = ''
Opacity change between fade steps (in and out).
'';
};
fadeExclude = mkOption {
type = types.listOf types.str;
default = [];
example = [
"window_type *= 'menu'"
"name ~= 'Firefox$'"
"focused = 1"
];
description = ''
List of condition of windows that should have no shadow.
See <literal>compton(1)</literal> man page for more examples.
'';
};
shadow = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Draw window shadows.
'';
};
shadowOffsets = mkOption {
type = types.listOf types.int;
default = [ (-15) (-15) ];
example = [ (-10) (-15) ];
description = ''
Left and right offset for shadows (in pixels).
'';
};
shadowOpacity = mkOption {
type = types.str;
default = "0.75";
example = "0.8";
description = ''
Window shadows opacity (number in range 0 - 1).
'';
};
shadowExclude = mkOption {
type = types.listOf types.str;
default = [];
example = [
"window_type *= 'menu'"
"name ~= 'Firefox$'"
"focused = 1"
];
description = ''
List of condition of windows that should have no shadow.
See <literal>compton(1)</literal> man page for more examples.
'';
};
activeOpacity = mkOption {
type = types.str;
default = "1.0";
example = "0.8";
description = ''
Opacity of active windows.
'';
};
inactiveOpacity = mkOption {
type = types.str;
default = "1.0";
example = "0.8";
description = ''
Opacity of inactive windows.
'';
};
menuOpacity = mkOption {
type = types.str;
default = "1.0";
example = "0.8";
description = ''
Opacity of dropdown and popup menu.
'';
};
backend = mkOption {
type = types.str;
default = "glx";
description = ''
Backend to use: <literal>glx</literal> or <literal>xrender</literal>.
'';
};
vSync = mkOption {
type = types.str;
default = "none";
example = "opengl-swc";
description = ''
Enable vertical synchronization using the specified method.
See <literal>compton(1)</literal> man page available methods.
'';
};
refreshRate = mkOption {
type = types.int;
default = 0;
example = 60;
description = ''
Screen refresh rate (0 = automatically detect).
'';
};
package = mkOption {
type = types.package;
default = pkgs.compton;
example = literalExample "pkgs.compton";
description = ''
Compton derivation to use.
'';
};
extraOptions = mkOption {
type = types.str;
default = "";
example = ''
unredir-if-possible = true;
dbe = true;
'';
description = ''
Additional Compton configuration.
'';
};
};
config = mkIf cfg.enable {
systemd.user.services.compton = {
description = "Compton composite manager";
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/compton --config ${configFile}";
RestartSec = 3;
Restart = "always";
};
environment.DISPLAY = ":0";
};
environment.systemPackages = [ cfg.package ];
};
}

3
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -84,7 +84,7 @@ in {
environment.gnome3.packageSet = mkOption { environment.gnome3.packageSet = mkOption {
default = null; default = null;
example = literalExample "pkgs.gnome3_18"; example = literalExample "pkgs.gnome3_20";
description = "Which GNOME 3 package set to use."; description = "Which GNOME 3 package set to use.";
apply = p: if p == null then pkgs.gnome3 else p; apply = p: if p == null then pkgs.gnome3 else p;
}; };
@ -121,6 +121,7 @@ in {
services.upower.enable = config.powerManagement.enable; services.upower.enable = config.powerManagement.enable;
services.dbus.packages = mkIf config.services.printing.enable [ pkgs.system-config-printer ]; services.dbus.packages = mkIf config.services.printing.enable [ pkgs.system-config-printer ];
services.colord.enable = mkDefault true; services.colord.enable = mkDefault true;
services.packagekit.enable = mkDefault true;
hardware.bluetooth.enable = mkDefault true; hardware.bluetooth.enable = mkDefault true;
services.xserver.libinput.enable = mkDefault true; # for controlling touchpad settings via gnome control center services.xserver.libinput.enable = mkDefault true; # for controlling touchpad settings via gnome control center

50
nixos/modules/services/x11/desktop-managers/kde5.nix
View File

@ -50,13 +50,13 @@ in
security.setuidOwners = [ security.setuidOwners = [
{ {
program = "kcheckpass"; program = "kcheckpass";
source = "${kde5.plasma-workspace}/lib/libexec/kcheckpass"; source = "${kde5.plasma-workspace.out}/lib/libexec/kcheckpass";
owner = "root"; owner = "root";
setuid = true; setuid = true;
} }
{ {
program = "start_kdeinit_wrapper"; program = "start_kdeinit";
source = "${kde5.plasma-workspace}/lib/libexec/kf5/start_kdeinit_wrapper"; source = "${kde5.kinit.out}/lib/libexec/kf5/start_kdeinit";
owner = "root"; owner = "root";
setuid = true; setuid = true;
} }
@ -65,10 +65,50 @@ in
environment.systemPackages = environment.systemPackages =
[ [
kde5.frameworkintegration kde5.frameworkintegration
kde5.kactivities
kde5.kauth
kde5.kcmutils
kde5.kconfig
kde5.kconfigwidgets
kde5.kcoreaddons
kde5.kdbusaddons
kde5.kdeclarative
kde5.kded
kde5.kdesu
kde5.kdnssd
kde5.kemoticons
kde5.kfilemetadata
kde5.kglobalaccel
kde5.kguiaddons
kde5.kiconthemes
kde5.kidletime
kde5.kimageformats
kde5.kinit kde5.kinit
kde5.kio
kde5.kjobwidgets
kde5.knewstuff
kde5.knotifications
kde5.knotifyconfig
kde5.kpackage
kde5.kparts
kde5.kpeople
kde5.krunner
kde5.kservice
kde5.ktextwidgets
kde5.kwallet
kde5.kwayland
kde5.kwidgetsaddons
kde5.kxmlgui
kde5.kxmlrpcclient
kde5.plasma-framework
kde5.solid
kde5.sonnet
kde5.threadweaver
kde5.breeze kde5.breeze
kde5.kactivitymanagerd
kde5.kde-cli-tools kde5.kde-cli-tools
kde5.kdecoration
kde5.kdeplasma-addons kde5.kdeplasma-addons
kde5.kgamma5 kde5.kgamma5
kde5.khelpcenter kde5.khelpcenter
@ -76,12 +116,16 @@ in
kde5.kinfocenter kde5.kinfocenter
kde5.kmenuedit kde5.kmenuedit
kde5.kscreen kde5.kscreen
kde5.kscreenlocker
kde5.ksysguard kde5.ksysguard
kde5.kwayland kde5.kwayland
kde5.kwin kde5.kwin
kde5.kwrited kde5.kwrited
kde5.libkscreen
kde5.libksysguard
kde5.milou kde5.milou
kde5.oxygen kde5.oxygen
kde5.plasma-integration
kde5.polkit-kde-agent kde5.polkit-kde-agent
kde5.systemsettings kde5.systemsettings

2
nixos/modules/services/x11/display-managers/default.nix
View File

@ -34,7 +34,7 @@ let
${optionalString cfg.displayManager.logToJournal '' ${optionalString cfg.displayManager.logToJournal ''
if [ -z "$_DID_SYSTEMD_CAT" ]; then if [ -z "$_DID_SYSTEMD_CAT" ]; then
_DID_SYSTEMD_CAT=1 exec ${config.systemd.package}/bin/systemd-cat -t xsession -- "$0" "$1" _DID_SYSTEMD_CAT=1 exec ${config.systemd.package}/bin/systemd-cat -t xsession -- "$0" "$@"
fi fi
''} ''}

100
nixos/modules/services/x11/display-managers/lightdm.nix
View File

@ -4,7 +4,8 @@ with lib;
let let
dmcfg = config.services.xserver.displayManager; xcfg = config.services.xserver;
dmcfg = xcfg.displayManager;
xEnv = config.systemd.services."display-manager".environment; xEnv = config.systemd.services."display-manager".environment;
cfg = dmcfg.lightdm; cfg = dmcfg.lightdm;
@ -36,16 +37,31 @@ let
lightdmConf = writeText "lightdm.conf" lightdmConf = writeText "lightdm.conf"
'' ''
[LightDM] [LightDM]
greeter-user = ${config.users.extraUsers.lightdm.name} ${optionalString cfg.greeter.enable ''
greeters-directory = ${cfg.greeter.package} greeter-user = ${config.users.extraUsers.lightdm.name}
greeters-directory = ${cfg.greeter.package}
''}
sessions-directory = ${dmcfg.session.desktops} sessions-directory = ${dmcfg.session.desktops}
[Seat:*] [Seat:*]
xserver-command = ${xserverWrapper} xserver-command = ${xserverWrapper}
session-wrapper = ${dmcfg.session.script} session-wrapper = ${dmcfg.session.script}
greeter-session = ${cfg.greeter.name} ${optionalString cfg.greeter.enable ''
greeter-session = ${cfg.greeter.name}
''}
${optionalString cfg.autoLogin.enable ''
autologin-user = ${cfg.autoLogin.user}
autologin-user-timeout = ${toString cfg.autoLogin.timeout}
autologin-session = ${defaultSessionName}
''}
${cfg.extraSeatDefaults} ${cfg.extraSeatDefaults}
''; '';
defaultSessionName =
let
dm = xcfg.desktopManager.default;
wm = xcfg.windowManager.default;
in dm + optionalString (wm != "none") (" + " + wm);
in in
{ {
# Note: the order in which lightdm greeter modules are imported # Note: the order in which lightdm greeter modules are imported
@ -68,6 +84,14 @@ in
}; };
greeter = { greeter = {
enable = mkOption {
type = types.bool;
default = true;
description = ''
If set to false, run lightdm in greeterless mode. This only works if autologin
is enabled and autoLogin.timeout is zero.
'';
};
package = mkOption { package = mkOption {
type = types.package; type = types.package;
description = '' description = ''
@ -102,10 +126,67 @@ in
description = "Extra lines to append to SeatDefaults section."; description = "Extra lines to append to SeatDefaults section.";
}; };
autoLogin = mkOption {
default = {};
description = ''
Configuration for automatic login.
'';
type = types.submodule {
options = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Automatically log in as the specified <option>autoLogin.user</option>.
'';
};
user = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
User to be used for the automatic login.
'';
};
timeout = mkOption {
type = types.int;
default = 0;
description = ''
Show the greeter for this many seconds before automatic login occurs.
'';
};
};
};
};
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.autoLogin.enable -> cfg.autoLogin.user != null;
message = ''
LightDM auto-login requires services.xserver.displayManager.lightdm.autoLogin.user to be set
'';
}
{ assertion = cfg.autoLogin.enable -> elem defaultSessionName dmcfg.session.names;
message = ''
LightDM auto-login requires that services.xserver.desktopManager.default and
services.xserver.windowMananger.default are set to valid values. The current
default session: ${defaultSessionName} is not valid.
'';
}
{ assertion = !cfg.greeter.enable -> (cfg.autoLogin.enable && cfg.autoLogin.timeout == 0);
message = ''
LightDM can only run without greeter if automatic login is enabled and the timeout for it
is set to zero.
'';
}
];
services.xserver.displayManager.slim.enable = false; services.xserver.displayManager.slim.enable = false;
services.xserver.displayManager.job = { services.xserver.displayManager.job = {
@ -144,6 +225,17 @@ in
session optional ${pkgs.systemd}/lib/security/pam_systemd.so session optional ${pkgs.systemd}/lib/security/pam_systemd.so
''; '';
}; };
security.pam.services.lightdm-autologin.text = ''
auth requisite pam_nologin.so
auth required pam_succeed_if.so uid >= 1000 quiet
auth required pam_permit.so
account include lightdm
password include lightdm
session include lightdm
'';
users.extraUsers.lightdm = { users.extraUsers.lightdm = {
createHome = true; createHome = true;

9
nixos/modules/services/x11/display-managers/sddm.nix
View File

@ -27,6 +27,7 @@ let
${cfg.stopScript} ${cfg.stopScript}
''; '';
cfgFile = pkgs.writeText "sddm.conf" '' cfgFile = pkgs.writeText "sddm.conf" ''
[General] [General]
HaltCommand=${pkgs.systemd}/bin/systemctl poweroff HaltCommand=${pkgs.systemd}/bin/systemctl poweroff
@ -154,7 +155,7 @@ in
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Automatically log in as the sepecified <option>autoLogin.user</option>. Automatically log in as <option>autoLogin.user</option>.
''; '';
}; };
@ -162,7 +163,7 @@ in
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
description = '' description = ''
User to be used for the autologin. User to be used for the automatic login.
''; '';
}; };
@ -170,8 +171,8 @@ in
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
If true automatic login will kick in again on session exit, otherwise it If true automatic login will kick in again on session exit (logout), otherwise it
will work only the first time. will only log in automatically when the display-manager is started.
''; '';
}; };
}; };

2
nixos/modules/services/x11/hardware/libinput.nix
View File

@ -198,6 +198,8 @@ in {
environment.systemPackages = [ pkgs.xorg.xf86inputlibinput ]; environment.systemPackages = [ pkgs.xorg.xf86inputlibinput ];
services.udev.packages = [ pkgs.libinput ];
services.xserver.config = services.xserver.config =
'' ''
# Automatically enable the libinput driver for all touchpads. # Automatically enable the libinput driver for all touchpads.

2
nixos/modules/services/x11/redshift.nix
View File

@ -108,7 +108,7 @@ in {
RestartSec = 3; RestartSec = 3;
Restart = "always"; Restart = "always";
}; };
environment = { DISPLAY = ":0"; }; environment = { DISPLAY = ":${toString config.services.xserver.display}"; };
}; };
}; };

8
nixos/modules/services/x11/unclutter.nix
View File

@ -39,12 +39,6 @@ in {
default = 1; default = 1;
}; };
displayName = mkOption {
description = "Name of the X11 display";
type = types.str;
default = ":0";
};
excluded = mkOption { excluded = mkOption {
description = "Names of windows where unclutter should not apply"; description = "Names of windows where unclutter should not apply";
type = types.listOf types.str; type = types.listOf types.str;
@ -67,7 +61,7 @@ in {
serviceConfig.ExecStart = '' serviceConfig.ExecStart = ''
${cfg.package}/bin/unclutter \ ${cfg.package}/bin/unclutter \
-idle ${toString cfg.timeout} \ -idle ${toString cfg.timeout} \
-display ${cfg.displayName} \ -display :${toString config.services.xserver.display} \
-jitter ${toString (cfg.threeshold - 1)} \ -jitter ${toString (cfg.threeshold - 1)} \
${optionalString cfg.keystroke "-keystroke"} \ ${optionalString cfg.keystroke "-keystroke"} \
${concatMapStrings (x: " -"+x) cfg.extraOptions} \ ${concatMapStrings (x: " -"+x) cfg.extraOptions} \

1
nixos/modules/services/x11/window-managers/default.nix
View File

@ -19,6 +19,7 @@ in
./jwm.nix ./jwm.nix
./metacity.nix ./metacity.nix
./openbox.nix ./openbox.nix
./pekwm.nix
./notion.nix ./notion.nix
./ratpoison.nix ./ratpoison.nix
./sawfish.nix ./sawfish.nix

25
nixos/modules/services/x11/window-managers/pekwm.nix Normal file
View File

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.windowManager.pekwm;
in
{
###### interface
options = {
services.xserver.windowManager.pekwm.enable = mkEnableOption "pekwm";
};
###### implementation
config = mkIf cfg.enable {
services.xserver.windowManager.session = singleton {
name = "pekwm";
start = ''
${pkgs.pekwm}/bin/pekwm &
waitPID=$!
'';
};
environment.systemPackages = [ pkgs.pekwm ];
};
}

26
nixos/modules/system/boot/luksroot.nix
View File

@ -36,7 +36,7 @@ let
${optionalString (header != null) "--header=${header}"} \ ${optionalString (header != null) "--header=${header}"} \
${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} \ ${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} \
> /.luksopen_args > /.luksopen_args
get_password "Enter LUKS Passphrase" cryptsetup-askpass cryptsetup-askpass
rm /.luksopen_args rm /.luksopen_args
} }
@ -78,7 +78,9 @@ let
for try in $(seq 3); do for try in $(seq 3); do
${optionalString yubikey.twoFactor '' ${optionalString yubikey.twoFactor ''
k_user="$(get_password "Enter two-factor passphrase" cat)" echo -n "Enter two-factor passphrase: "
read -s k_user
echo
''} ''}
if [ ! -z "$k_user" ]; then if [ ! -z "$k_user" ]; then
@ -461,26 +463,6 @@ in
''} ''}
''; '';
boot.initrd.preDeviceCommands = ''
get_password() {
local ret
local reply
local tty_stat
tty_stat="$(stty -g)"
stty -echo
for i in `seq 1 3`; do
echo -n "$1: "
read reply
echo "$reply" | "$2"
if [ "$?" = "0" ]; then
break
fi
done
stty "$tty_stat"
}
'';
boot.initrd.preLVMCommands = concatStrings (mapAttrsToList openCommand preLVM); boot.initrd.preLVMCommands = concatStrings (mapAttrsToList openCommand preLVM);
boot.initrd.postDeviceCommands = concatStrings (mapAttrsToList openCommand postLVM); boot.initrd.postDeviceCommands = concatStrings (mapAttrsToList openCommand postLVM);

12
nixos/modules/system/boot/plymouth.nix
View File

@ -112,6 +112,7 @@ in
sed -i '/loginctl/d' $out/71-seat.rules sed -i '/loginctl/d' $out/71-seat.rules
''; '';
# We use `mkAfter` to ensure that LUKS password prompt would be shown earlier than the splash screen.
boot.initrd.preLVMCommands = mkAfter '' boot.initrd.preLVMCommands = mkAfter ''
mkdir -p /etc/plymouth mkdir -p /etc/plymouth
ln -s ${configFile} /etc/plymouth/plymouthd.conf ln -s ${configFile} /etc/plymouth/plymouthd.conf
@ -121,7 +122,16 @@ in
ln -s $extraUtils/lib/plymouth /etc/plymouth/plugins ln -s $extraUtils/lib/plymouth /etc/plymouth/plugins
plymouthd --mode=boot --pid-file=/run/plymouth/pid --attach-to-session plymouthd --mode=boot --pid-file=/run/plymouth/pid --attach-to-session
plymouth --show-splash plymouth show-splash
'';
boot.initrd.postMountCommands = ''
plymouth update-root-fs --new-root-dir="$targetRoot"
'';
# `mkBefore` to ensure that any custom prompts would be visible.
boot.initrd.preFailCommands = mkBefore ''
plymouth quit --wait
''; '';
}; };

7
nixos/modules/system/boot/stage-1-init.sh
View File

@ -14,8 +14,7 @@ export LVM_SUPPRESS_FD_WARNINGS=true
fail() { fail() {
if [ -n "$panicOnFail" ]; then exit 1; fi if [ -n "$panicOnFail" ]; then exit 1; fi
# If we have a splash screen started, quit it. @preFailCommands@
command -v plymouth >/dev/null 2>&1 && plymouth quit
# If starting stage 2 failed, allow the user to repair the problem # If starting stage 2 failed, allow the user to repair the problem
# in an interactive shell. # in an interactive shell.
@ -173,10 +172,6 @@ udevadm trigger --action=add
udevadm settle udevadm settle
# Load boot-time keymap before any LVM/LUKS initialization
@extraUtils@/bin/busybox loadkmap < "@busyboxKeymap@"
# XXX: Use case usb->lvm will still fail, usb->luks->lvm is covered # XXX: Use case usb->lvm will still fail, usb->luks->lvm is covered
@preLVMCommands@ @preLVMCommands@

21
nixos/modules/system/boot/stage-1.nix
View File

@ -185,15 +185,6 @@ let
}; };
# The binary keymap for busybox to load at boot.
busyboxKeymap = pkgs.runCommand "boottime-keymap"
{ preferLocalBuild = true; }
''
${pkgs.kbd}/bin/loadkeys -qb "${config.i18n.consoleKeyMap}" > $out ||
${pkgs.kbd}/bin/loadkeys -qbu "${config.i18n.consoleKeyMap}" > $out
'';
# The init script of boot stage 1 (loading kernel modules for # The init script of boot stage 1 (loading kernel modules for
# mounting the root FS). # mounting the root FS).
bootStage1 = pkgs.substituteAll { bootStage1 = pkgs.substituteAll {
@ -203,12 +194,12 @@ let
isExecutable = true; isExecutable = true;
inherit udevRules extraUtils modulesClosure busyboxKeymap; inherit udevRules extraUtils modulesClosure;
inherit (config.boot) resumeDevice devSize runSize; inherit (config.boot) resumeDevice devSize runSize;
inherit (config.boot.initrd) checkJournalingFS inherit (config.boot.initrd) checkJournalingFS
preLVMCommands preDeviceCommands postDeviceCommands postMountCommands kernelModules; preLVMCommands preDeviceCommands postDeviceCommands postMountCommands preFailCommands kernelModules;
resumeDevices = map (sd: if sd ? device then sd.device else "/dev/disk/by-label/${sd.label}") resumeDevices = map (sd: if sd ? device then sd.device else "/dev/disk/by-label/${sd.label}")
(filter (sd: (sd ? label || hasPrefix "/dev/" sd.device) && !sd.randomEncryption) config.swapDevices); (filter (sd: (sd ? label || hasPrefix "/dev/" sd.device) && !sd.randomEncryption) config.swapDevices);
@ -336,6 +327,14 @@ in
''; '';
}; };
boot.initrd.preFailCommands = mkOption {
default = "";
type = types.lines;
description = ''
Shell commands to be executed before the failure prompt is shown.
'';
};
boot.initrd.extraUtilsCommands = mkOption { boot.initrd.extraUtilsCommands = mkOption {
internal = true; internal = true;
default = ""; default = "";

2
nixos/modules/system/boot/systemd-lib.nix
View File

@ -176,7 +176,7 @@ rec {
${optionalString (type == "system") '' ${optionalString (type == "system") ''
# Stupid misc. symlinks. # Stupid misc. symlinks.
ln -s ${cfg.defaultUnit} $out/default.target ln -s ${cfg.defaultUnit} $out/default.target
ln -s ${cfg.ctrlAltDelUnit} $out/ctrl-alt-del.target
ln -s rescue.target $out/kbrequest.target ln -s rescue.target $out/kbrequest.target
mkdir -p $out/getty.target.wants/ mkdir -p $out/getty.target.wants/

11
nixos/modules/system/boot/systemd.nix
View File

@ -120,7 +120,6 @@ let
"systemd-poweroff.service" "systemd-poweroff.service"
"halt.target" "halt.target"
"systemd-halt.service" "systemd-halt.service"
"ctrl-alt-del.target"
"shutdown.target" "shutdown.target"
"umount.target" "umount.target"
"final.target" "final.target"
@ -162,7 +161,6 @@ let
"systemd-hostnamed.service" "systemd-hostnamed.service"
"systemd-binfmt.service" "systemd-binfmt.service"
] ]
++ cfg.additionalUpstreamSystemUnits; ++ cfg.additionalUpstreamSystemUnits;
upstreamSystemWants = upstreamSystemWants =
@ -485,6 +483,15 @@ in
description = "Default unit started when the system boots."; description = "Default unit started when the system boots.";
}; };
systemd.ctrlAltDelUnit = mkOption {
default = "reboot.target";
type = types.str;
example = "poweroff.target";
description = ''
Target that should be started when Ctrl-Alt-Delete is pressed.
'';
};
systemd.globalEnvironment = mkOption { systemd.globalEnvironment = mkOption {
type = types.attrs; type = types.attrs;
default = {}; default = {};

37
nixos/modules/system/etc/setup-etc.pl
View File

@ -22,6 +22,33 @@ sub atomicSymlink {
# current configuration. # current configuration.
atomicSymlink $etc, $static or die; atomicSymlink $etc, $static or die;
# Returns 1 if the argument points to the files in /etc/static. That
# means either argument is a symlink to a file in /etc/static or a
# directory with all children being static.
sub isStatic {
my $path = shift;
if (-l $path) {
my $target = readlink $path;
return substr($target, 0, length "/etc/static/") eq "/etc/static/";
}
if (-d $path) {
opendir DIR, "$path" or return 0;
my @names = readdir DIR or die;
closedir DIR;
foreach my $name (@names) {
next if $name eq "." || $name eq "..";
unless (isStatic("$path/$name")) {
return 0;
}
}
return 1;
}
return 0;
}
# Remove dangling symlinks that point to /etc/static. These are # Remove dangling symlinks that point to /etc/static. These are
# configuration files that existed in a previous configuration but not # configuration files that existed in a previous configuration but not
@ -63,6 +90,16 @@ sub link {
my $target = "/etc/$fn"; my $target = "/etc/$fn";
File::Path::make_path(dirname $target); File::Path::make_path(dirname $target);
$created{$fn} = 1; $created{$fn} = 1;
# Rename doesn't work if target is directory.
if (-l $_ && -d $target) {
if (isStatic $target) {
rmtree $target or warn;
} else {
warn "$target directory contains user files. Symlinking may fail.";
}
}
if (-e "$_.mode") { if (-e "$_.mode") {
my $mode = read_file("$_.mode"); chomp $mode; my $mode = read_file("$_.mode"); chomp $mode;
if ($mode eq "direct-symlink") { if ($mode eq "direct-symlink") {

131
nixos/modules/tasks/filesystems/zfs.nix
View File

@ -12,6 +12,7 @@ let
cfgSpl = config.boot.spl; cfgSpl = config.boot.spl;
cfgZfs = config.boot.zfs; cfgZfs = config.boot.zfs;
cfgSnapshots = config.services.zfs.autoSnapshot; cfgSnapshots = config.services.zfs.autoSnapshot;
cfgSnapFlags = cfgSnapshots.flags;
inInitrd = any (fs: fs == "zfs") config.boot.initrd.supportedFilesystems; inInitrd = any (fs: fs == "zfs") config.boot.initrd.supportedFilesystems;
inSystem = any (fs: fs == "zfs") config.boot.supportedFilesystems; inSystem = any (fs: fs == "zfs") config.boot.supportedFilesystems;
@ -45,6 +46,8 @@ let
dataPools = unique (filter (pool: !(elem pool rootPools)) allPools); dataPools = unique (filter (pool: !(elem pool rootPools)) allPools);
snapshotNames = [ "frequent" "hourly" "daily" "weekly" "monthly" ];
in in
{ {
@ -139,6 +142,25 @@ in
''; '';
}; };
flags = mkOption {
default = "-k -p";
example = "-k -p --utc";
type = types.str;
description = ''
Flags to pass to the zfs-auto-snapshot command.
Run <literal>zfs-auto-snapshot</literal> (without any arguments) to
see available flags.
If it's not too inconvenient for snapshots to have timestamps in UTC,
it is suggested that you append <literal>--utc</literal> to the list
of default options (see example).
Otherwise, snapshot names can cause name conflicts or apparent time
reversals due to daylight savings, timezone or other date/time changes.
'';
};
frequent = mkOption { frequent = mkOption {
default = 4; default = 4;
type = types.int; type = types.int;
@ -237,7 +259,9 @@ in
environment.etc."zfs/zed.d".source = "${zfsUserPkg}/etc/zfs/zed.d/*"; environment.etc."zfs/zed.d".source = "${zfsUserPkg}/etc/zfs/zed.d/*";
system.fsPackages = [ zfsUserPkg ]; # XXX: needed? zfs doesn't have (need) a fsck system.fsPackages = [ zfsUserPkg ]; # XXX: needed? zfs doesn't have (need) a fsck
environment.systemPackages = [ zfsUserPkg ]; environment.systemPackages = [ zfsUserPkg ]
++ optional enableAutoSnapshots autosnapPkg; # so the user can run the command to see flags
services.udev.packages = [ zfsUserPkg ]; # to hook zvol naming, etc. services.udev.packages = [ zfsUserPkg ]; # to hook zvol naming, etc.
systemd.packages = [ zfsUserPkg ]; systemd.packages = [ zfsUserPkg ];
@ -270,7 +294,23 @@ in
("$zpool_cmd" list "${pool}" >/dev/null) || "$zpool_cmd" import -d ${cfgZfs.devNodes} -N ${optionalString cfgZfs.forceImportAll "-f"} "${pool}" ("$zpool_cmd" list "${pool}" >/dev/null) || "$zpool_cmd" import -d ${cfgZfs.devNodes} -N ${optionalString cfgZfs.forceImportAll "-f"} "${pool}"
''; '';
}; };
in listToAttrs (map createImportService dataPools) // {
# This forces a sync of any ZFS pools prior to poweroff, even if they're set
# to sync=disabled.
createSyncService = pool:
nameValuePair "zfs-sync-${pool}" {
description = "Sync ZFS pool \"${pool}\"";
wantedBy = [ "shutdown.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
${zfsUserPkg}/sbin/zfs set nixos:shutdown-time="$(date)" "${pool}"
'';
};
in listToAttrs (map createImportService dataPools ++ map createSyncService allPools) // {
"zfs-mount" = { after = [ "systemd-modules-load.service" ]; }; "zfs-mount" = { after = [ "systemd-modules-load.service" ]; };
"zfs-share" = { after = [ "systemd-modules-load.service" ]; }; "zfs-share" = { after = [ "systemd-modules-load.service" ]; };
"zed" = { after = [ "systemd-modules-load.service" ]; }; "zed" = { after = [ "systemd-modules-load.service" ]; };
@ -289,60 +329,41 @@ in
}) })
(mkIf enableAutoSnapshots { (mkIf enableAutoSnapshots {
systemd.services."zfs-snapshot-frequent" = { systemd.services = let
description = "ZFS auto-snapshotting every 15 mins"; descr = name: if name == "frequent" then "15 mins"
after = [ "zfs-import.target" ]; else if name == "hourly" then "hour"
serviceConfig = { else if name == "daily" then "day"
Type = "oneshot"; else if name == "weekly" then "week"
ExecStart = "${zfsAutoSnap} frequent ${toString cfgSnapshots.frequent}"; else if name == "monthly" then "month"
}; else throw "unknown snapshot name";
restartIfChanged = false; numSnapshots = name: builtins.getAttr name cfgSnapshots;
startAt = "*:15,30,45"; in builtins.listToAttrs (map (snapName:
}; {
name = "zfs-snapshot-${snapName}";
value = {
description = "ZFS auto-snapshotting every ${descr snapName}";
after = [ "zfs-import.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${zfsAutoSnap} ${cfgSnapFlags} ${snapName} ${toString (numSnapshots snapName)}";
};
restartIfChanged = false;
};
}) snapshotNames);
systemd.services."zfs-snapshot-hourly" = { systemd.timers = let
description = "ZFS auto-snapshotting every hour"; timer = name: if name == "frequent" then "*:15,30,45" else name;
after = [ "zfs-import.target" ]; in builtins.listToAttrs (map (snapName:
serviceConfig = { {
Type = "oneshot"; name = "zfs-snapshot-${snapName}";
ExecStart = "${zfsAutoSnap} hourly ${toString cfgSnapshots.hourly}"; value = {
}; wantedBy = [ "timers.target" ];
restartIfChanged = false; timerConfig = {
startAt = "hourly"; OnCalendar = timer snapName;
}; Persistent = "yes";
};
systemd.services."zfs-snapshot-daily" = { };
description = "ZFS auto-snapshotting every day"; }) snapshotNames);
after = [ "zfs-import.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${zfsAutoSnap} daily ${toString cfgSnapshots.daily}";
};
restartIfChanged = false;
startAt = "daily";
};
systemd.services."zfs-snapshot-weekly" = {
description = "ZFS auto-snapshotting every week";
after = [ "zfs-import.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${zfsAutoSnap} weekly ${toString cfgSnapshots.weekly}";
};
restartIfChanged = false;
startAt = "weekly";
};
systemd.services."zfs-snapshot-monthly" = {
description = "ZFS auto-snapshotting every month";
after = [ "zfs-import.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${zfsAutoSnap} monthly ${toString cfgSnapshots.monthly}";
};
restartIfChanged = false;
startAt = "monthly";
};
}) })
]; ];
} }

32
nixos/modules/tasks/kbd.nix
View File

@ -7,15 +7,15 @@ let
makeColor = n: value: "COLOR_${toString n}=${value}"; makeColor = n: value: "COLOR_${toString n}=${value}";
makeColorCS = makeColorCS =
let positions = [ "0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "A" "B" "C" "D" "E" "F" ]; let positions = [ "0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "A" "B" "C" "D" "E" "F" ];
in n: value: "\033]P${elemAt position n}${value}"; in n: value: "\\033]P${elemAt positions (n - 1)}${value}";
colors = concatImapStringsSep "\n" makeColor config.i18n.consoleColors; colors = concatImapStringsSep "\n" makeColor config.i18n.consoleColors;
isUnicode = hasSuffix "UTF-8" (toUpper config.i18n.defaultLocale); isUnicode = hasSuffix "UTF-8" (toUpper config.i18n.defaultLocale);
optimizedKeymap = pkgs.runCommand "keymap" { optimizedKeymap = pkgs.runCommand "keymap" {
nativeBuildInputs = [ pkgs.kbd ]; nativeBuildInputs = [ pkgs.kbd ];
LOADKEYS_KEYMAP_PATH = "${kbdEnv}/share/keymaps/**";
} '' } ''
cd ${kbdEnv}/share/keymaps
loadkeys -b ${optionalString isUnicode "-u"} "${config.i18n.consoleKeyMap}" > $out loadkeys -b ${optionalString isUnicode "-u"} "${config.i18n.consoleKeyMap}" > $out
''; '';
@ -61,7 +61,7 @@ in
default = false; default = false;
type = types.bool; type = types.bool;
description = '' description = ''
Enable setting font and keymap as early as possible (in initrd). Enable setting font as early as possible (in initrd).
''; '';
}; };
@ -83,6 +83,20 @@ in
environment.etc."vconsole.conf".source = vconsoleConf; environment.etc."vconsole.conf".source = vconsoleConf;
# Provide kbd with additional packages. # Provide kbd with additional packages.
environment.etc."kbd".source = "${kbdEnv}/share"; environment.etc."kbd".source = "${kbdEnv}/share";
boot.initrd.preLVMCommands = mkBefore ''
kbd_mode ${if isUnicode then "-u" else "-a"} -C /dev/console
printf "\033%%${if isUnicode then "G" else "@"}" >> /dev/console
loadkmap < ${optimizedKeymap}
${optionalString config.boot.earlyVconsoleSetup ''
setfont -C /dev/console $extraUtils/share/consolefonts/font.psf
''}
${concatImapStringsSep "\n" (n: color: ''
printf "${makeColorCS n color}" >> /dev/console
'') config.i18n.consoleColors}
'';
} }
(mkIf (!config.boot.earlyVconsoleSetup) { (mkIf (!config.boot.earlyVconsoleSetup) {
@ -112,18 +126,6 @@ in
cp -L $font $out/share/consolefonts/font.psf cp -L $font $out/share/consolefonts/font.psf
fi fi
''; '';
boot.initrd.preLVMCommands = mkBefore ''
kbd_mode ${if isUnicode then "-u" else "-a"} -C /dev/console
printf "\033%%${if isUnicode then "G" else "@"}" >> /dev/console
loadkmap < ${optimizedKeymap}
setfont -C /dev/console $extraUtils/share/consolefonts/font.psf
${concatImapStringsSep "\n" (n: color: ''
printf "${makeColorCS n color}" >> /dev/console
'') config.i18n.consoleColors}
'';
}) })
])) ]))
]; ];

20
nixos/modules/virtualisation/containers.nix
View File

@ -4,22 +4,6 @@ with lib;
let let
nixos-container = pkgs.substituteAll {
name = "nixos-container";
dir = "bin";
isExecutable = true;
src = ./nixos-container.pl;
perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl";
su = "${pkgs.shadow.su}/bin/su";
inherit (pkgs) utillinux;
postInstall = ''
t=$out/etc/bash_completion.d
mkdir -p $t
cp ${./nixos-container-completion.sh} $t/nixos-container
'';
};
# The container's init script, a small wrapper around the regular # The container's init script, a small wrapper around the regular
# NixOS stage-2 init script. # NixOS stage-2 init script.
containerInit = pkgs.writeScript "container-init" containerInit = pkgs.writeScript "container-init"
@ -410,7 +394,7 @@ in
ExecReload = pkgs.writeScript "reload-container" ExecReload = pkgs.writeScript "reload-container"
'' ''
#! ${pkgs.stdenv.shell} -e #! ${pkgs.stdenv.shell} -e
${nixos-container}/bin/nixos-container run "$INSTANCE" -- \ ${pkgs.nixos-container}/bin/nixos-container run "$INSTANCE" -- \
bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test" bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test"
''; '';
@ -498,6 +482,6 @@ in
networking.dhcpcd.denyInterfaces = [ "ve-*" ]; networking.dhcpcd.denyInterfaces = [ "ve-*" ];
environment.systemPackages = [ nixos-container ]; environment.systemPackages = [ pkgs.nixos-container ];
}); });
} }

4
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -62,7 +62,9 @@ let
idx=2 idx=2
extraDisks="" extraDisks=""
${flip concatMapStrings cfg.emptyDiskImages (size: '' ${flip concatMapStrings cfg.emptyDiskImages (size: ''
${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M" if ! test -e "empty$idx.qcow2"; then
${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "${toString size}M"
fi
extraDisks="$extraDisks -drive index=$idx,file=$(pwd)/empty$idx.qcow2,if=${cfg.qemu.diskInterface},werror=report" extraDisks="$extraDisks -drive index=$idx,file=$(pwd)/empty$idx.qcow2,if=${cfg.qemu.diskInterface},werror=report"
idx=$((idx + 1)) idx=$((idx + 1))
'')} '')}

2
nixos/modules/virtualisation/virtualbox-guest.nix
View File

@ -49,7 +49,7 @@ in
serviceConfig.ExecStart = "@${kernel.virtualboxGuestAdditions}/bin/VBoxService VBoxService --foreground"; serviceConfig.ExecStart = "@${kernel.virtualboxGuestAdditions}/bin/VBoxService VBoxService --foreground";
}; };
services.xserver.videoDrivers = mkOverride 50 [ "virtualbox" ]; services.xserver.videoDrivers = mkOverride 50 [ "virtualbox" "modesetting" ];
services.xserver.config = services.xserver.config =
'' ''

2
nixos/release-combined.nix
View File

@ -64,7 +64,7 @@ in rec {
(all nixos.tests.installer.btrfsSubvols) (all nixos.tests.installer.btrfsSubvols)
(all nixos.tests.installer.btrfsSubvolDefault) (all nixos.tests.installer.btrfsSubvolDefault)
(all nixos.tests.boot.biosCdrom) (all nixos.tests.boot.biosCdrom)
(all nixos.tests.boot.biosUsb) #(all nixos.tests.boot.biosUsb) # disabled due to issue #15690
(all nixos.tests.boot.uefiCdrom) (all nixos.tests.boot.uefiCdrom)
(all nixos.tests.boot.uefiUsb) (all nixos.tests.boot.uefiUsb)
(all nixos.tests.boot-stage1) (all nixos.tests.boot-stage1)

4
nixos/release.nix
View File

@ -228,9 +228,12 @@ in rec {
tests.firewall = callTest tests/firewall.nix {}; tests.firewall = callTest tests/firewall.nix {};
tests.fleet = hydraJob (import tests/fleet.nix { system = "x86_64-linux"; }); tests.fleet = hydraJob (import tests/fleet.nix { system = "x86_64-linux"; });
#tests.gitlab = callTest tests/gitlab.nix {}; #tests.gitlab = callTest tests/gitlab.nix {};
tests.gocd-agent = callTest tests/gocd-agent.nix {};
tests.gocd-server = callTest tests/gocd-server.nix {};
tests.gnome3 = callTest tests/gnome3.nix {}; tests.gnome3 = callTest tests/gnome3.nix {};
tests.gnome3-gdm = callTest tests/gnome3-gdm.nix {}; tests.gnome3-gdm = callTest tests/gnome3-gdm.nix {};
tests.grsecurity = callTest tests/grsecurity.nix {}; tests.grsecurity = callTest tests/grsecurity.nix {};
tests.hibernate = callTest tests/hibernate.nix {};
tests.i3wm = callTest tests/i3wm.nix {}; tests.i3wm = callTest tests/i3wm.nix {};
tests.installer = callSubTests tests/installer.nix {}; tests.installer = callSubTests tests/installer.nix {};
tests.influxdb = callTest tests/influxdb.nix {}; tests.influxdb = callTest tests/influxdb.nix {};
@ -271,6 +274,7 @@ in rec {
tests.sddm = callTest tests/sddm.nix {}; tests.sddm = callTest tests/sddm.nix {};
tests.sddm-kde5 = callTest tests/sddm-kde5.nix {}; tests.sddm-kde5 = callTest tests/sddm-kde5.nix {};
tests.simple = callTest tests/simple.nix {}; tests.simple = callTest tests/simple.nix {};
tests.smokeping = callTest tests/smokeping.nix {};
tests.taskserver = callTest tests/taskserver.nix {}; tests.taskserver = callTest tests/taskserver.nix {};
tests.tomcat = callTest tests/tomcat.nix {}; tests.tomcat = callTest tests/tomcat.nix {};
tests.udisks2 = callTest tests/udisks2.nix {}; tests.udisks2 = callTest tests/udisks2.nix {};

41
nixos/tests/gnome3_18-gdm.nix
View File

@ -1,41 +0,0 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "gnome3-gdm";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lethalman ];
};
machine =
{ config, pkgs, ... }:
{ imports = [ ./common/user-account.nix ];
services.xserver.enable = true;
services.xserver.displayManager.gdm = {
enable = true;
autoLogin = {
enable = true;
user = "alice";
};
};
services.xserver.desktopManager.gnome3.enable = true;
environment.gnome3.packageSet = pkgs.gnome3_20;
virtualisation.memorySize = 512;
};
testScript =
''
$machine->waitForX;
$machine->sleep(15);
# Check that logging in has given the user ownership of devices.
$machine->succeed("getfacl /dev/snd/timer | grep -q alice");
$machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'");
$machine->succeed("xauth merge ~alice/.Xauthority");
$machine->waitForWindow(qr/Terminal/);
$machine->sleep(20);
$machine->screenshot("screen");
'';
})

38
nixos/tests/gnome3_18.nix
View File

@ -1,38 +0,0 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "gnome3";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ domenkozar eelco chaoflow lethalman ];
};
machine =
{ config, pkgs, ... }:
{ imports = [ ./common/user-account.nix ];
services.xserver.enable = true;
services.xserver.displayManager.auto.enable = true;
services.xserver.displayManager.auto.user = "alice";
services.xserver.desktopManager.gnome3.enable = true;
environment.gnome3.packageSet = pkgs.gnome3_18;
virtualisation.memorySize = 512;
};
testScript =
''
$machine->waitForX;
$machine->sleep(15);
# Check that logging in has given the user ownership of devices.
$machine->succeed("getfacl /dev/snd/timer | grep -q alice");
$machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'");
$machine->succeed("xauth merge ~alice/.Xauthority");
$machine->waitForWindow(qr/Terminal/);
$machine->mustSucceed("timeout 900 bash -c 'journalctl -f|grep -m 1 \"GNOME Shell started\"'");
$machine->sleep(10);
$machine->screenshot("screen");
'';
})

34
nixos/tests/gocd-agent.nix Normal file
View File

@ -0,0 +1,34 @@
# verifies:
# 1. GoCD agent starts
# 2. GoCD agent responds
# 3. GoCD agent is available on GoCD server using GoCD API
# 3.1. https://api.go.cd/current/#get-all-agents
import ./make-test.nix ({ pkgs, ...} : {
name = "gocd-agent";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ swarren83 ];
};
nodes = {
gocd_agent =
{ config, pkgs, ... }:
{
virtualisation.memorySize = 2048;
services.gocd-agent = {
enable = true;
};
services.gocd-server = {
enable = true;
};
};
};
testScript = ''
startAll;
$gocd_agent->waitForUnit("gocd-server");
$gocd_agent->waitForOpenPort("8153");
$gocd_agent->waitForUnit("gocd-agent");
$gocd_agent->waitUntilSucceeds("curl -s -f localhost:8153/go/api/agents -H 'Accept: application/vnd.go.cd.v2+json'");
'';
})

28
nixos/tests/gocd-server.nix Normal file
View File

@ -0,0 +1,28 @@
# verifies:
# 1. GoCD server starts
# 2. GoCD server responds
import ./make-test.nix ({ pkgs, ...} :
{
name = "gocd-server";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ swarren83 ];
};
nodes = {
gocd_server =
{ config, pkgs, ... }:
{
virtualisation.memorySize = 2048;
services.gocd-server.enable = true;
};
};
testScript = ''
$gocd_server->start;
$gocd_server->waitForUnit("gocd-server");
$gocd_server->waitForOpenPort("8153");
$gocd_server->waitUntilSucceeds("curl -s -f localhost:8153/go");
'';
})

7
nixos/tests/grsecurity.nix
View File

@ -9,7 +9,6 @@ import ./make-test.nix ({ pkgs, ...} : {
machine = { config, pkgs, ... }: machine = { config, pkgs, ... }:
{ security.grsecurity.enable = true; { security.grsecurity.enable = true;
boot.kernel.sysctl."kernel.grsecurity.deter_bruteforce" = 0; boot.kernel.sysctl."kernel.grsecurity.deter_bruteforce" = 0;
security.apparmor.enable = true;
}; };
testScript = '' testScript = ''
@ -33,9 +32,15 @@ import ./make-test.nix ({ pkgs, ...} : {
$machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotstack") =~ /Killed/ or die; $machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotstack") =~ /Killed/ or die;
}; };
# tcc -run executes run-time generated code and so allows us to test whether
# paxmark actually works (otherwise, the process should be terminated)
subtest "tcc", sub { subtest "tcc", sub {
$machine->execute("echo -e '#include <stdio.h>\nint main(void) { puts(\"hello\"); return 0; }' >main.c"); $machine->execute("echo -e '#include <stdio.h>\nint main(void) { puts(\"hello\"); return 0; }' >main.c");
$machine->succeed("${pkgs.tinycc.bin}/bin/tcc -run main.c"); $machine->succeed("${pkgs.tinycc.bin}/bin/tcc -run main.c");
}; };
subtest "RBAC", sub {
$machine->succeed("[ -c /dev/grsec ]");
};
''; '';
}) })

42
nixos/tests/hibernate.nix Normal file
View File

@ -0,0 +1,42 @@
# Test whether hibernation from partition works.
import ./make-test.nix (pkgs: {
name = "hibernate";
nodes = {
machine = { config, lib, pkgs, ... }: with lib; {
virtualisation.emptyDiskImages = [ config.virtualisation.memorySize ];
systemd.services.backdoor.conflicts = [ "sleep.target" ];
swapDevices = mkOverride 0 [ { device = "/dev/vdb"; } ];
networking.firewall.allowedTCPPorts = [ 4444 ];
systemd.services.listener.serviceConfig.ExecStart = "${pkgs.netcat}/bin/nc -l -p 4444";
};
probe = { config, lib, pkgs, ...}: {
environment.systemPackages = [ pkgs.netcat ];
};
};
# 9P doesn't support reconnection to virtio transport after a hibernation.
# Therefore, machine just hangs on any Nix store access.
# To work around it we run a daemon which listens to a TCP connection and
# try to connect to it as a test.
testScript =
''
$machine->waitForUnit("multi-user.target");
$machine->succeed("mkswap /dev/vdb");
$machine->succeed("swapon -a");
$machine->startJob("listener");
$machine->succeed("systemctl hibernate &");
$machine->waitForShutdown;
$machine->start;
$probe->waitForUnit("network.target");
$probe->waitUntilSucceeds("echo test | nc -c machine 4444");
'';
})

4
nixos/tests/installer.nix
View File

@ -210,6 +210,10 @@ let
pkgs.nixos-artwork pkgs.nixos-artwork
pkgs.perlPackages.XMLLibXML pkgs.perlPackages.XMLLibXML
pkgs.perlPackages.ListCompare pkgs.perlPackages.ListCompare
# add curl so that rather than seeing the test attempt to download
# curl's tarball, we see what it's trying to download
pkgs.curl
] ]
++ optional (bootLoader == "grub" && grubVersion == 1) pkgs.grub ++ optional (bootLoader == "grub" && grubVersion == 1) pkgs.grub
++ optionals (bootLoader == "grub" && grubVersion == 2) [ pkgs.grub2 pkgs.grub2_efi ]; ++ optionals (bootLoader == "grub" && grubVersion == 2) [ pkgs.grub2 pkgs.grub2_efi ];

15
nixos/tests/mysql-replication.nix
View File

@ -19,12 +19,10 @@ in
services.mysql.enable = true; services.mysql.enable = true;
services.mysql.package = pkgs.mysql; services.mysql.package = pkgs.mysql;
services.mysql.replication.role = "master"; services.mysql.replication.role = "master";
services.mysql.replication.slaveHost = "%";
services.mysql.replication.masterUser = replicateUser;
services.mysql.replication.masterPassword = replicatePassword;
services.mysql.initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ]; services.mysql.initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ];
services.mysql.initialScript = pkgs.writeText "initmysql"
''
create user '${replicateUser}'@'%' identified by '${replicatePassword}';
grant replication slave on *.* to '${replicateUser}'@'%';
'';
networking.firewall.allowedTCPPorts = [ 3306 ]; networking.firewall.allowedTCPPorts = [ 3306 ];
}; };
@ -56,10 +54,11 @@ in
}; };
testScript = '' testScript = ''
startAll; $master->start;
$master->waitForUnit("mysql");
$master->waitForUnit("mysql"); $master->waitForUnit("mysql");
$slave1->start;
$slave2->start;
$slave1->waitForUnit("mysql");
$slave2->waitForUnit("mysql"); $slave2->waitForUnit("mysql");
$slave2->sleep(100); # Hopefully this is long enough!! $slave2->sleep(100); # Hopefully this is long enough!!
$slave2->succeed("echo 'use testdb; select * from tests' | mysql -u root -N | grep 4"); $slave2->succeed("echo 'use testdb; select * from tests' | mysql -u root -N | grep 4");

1
nixos/tests/mysql.nix
View File

@ -10,7 +10,6 @@ import ./make-test.nix ({ pkgs, ...} : {
{ {
services.mysql.enable = true; services.mysql.enable = true;
services.mysql.replication.role = "master";
services.mysql.initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ]; services.mysql.initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ];
services.mysql.package = pkgs.mysql; services.mysql.package = pkgs.mysql;
}; };

31
nixos/tests/smokeping.nix Normal file
View File

@ -0,0 +1,31 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "smokeping";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ cransom ];
};
nodes = {
sm =
{ pkgs, config, ... }:
{
services.smokeping = {
enable = true;
port = 8081;
probeConfig = ''
+ FPing
binary = ${pkgs.fping}/bin/fping
offset = 0%
'';
};
};
};
testScript = ''
startAll;
$sm->waitForUnit("smokeping");
$sm->waitForUnit("thttpd");
$sm->waitForFile("/var/lib/smokeping/data/Local/LocalMachine.rrd");
$sm->succeed("curl -s -f localhost:8081/smokeping.fcgi?target=Local");
$sm->succeed("ls /var/lib/smokeping/cache/Local/LocalMachine_mini.png");
'';
})

2
pkgs/applications/altcoins/default.nix
View File

@ -16,6 +16,8 @@ rec {
dogecoin = callPackage ./dogecoin.nix { withGui = true; }; dogecoin = callPackage ./dogecoin.nix { withGui = true; };
dogecoind = callPackage ./dogecoin.nix { withGui = false; }; dogecoind = callPackage ./dogecoin.nix { withGui = false; };
go-ethereum = callPackage ./go-ethereum.nix { };
litecoin = callPackage ./litecoin.nix { withGui = true; }; litecoin = callPackage ./litecoin.nix { withGui = true; };
litecoind = callPackage ./litecoin.nix { withGui = false; }; litecoind = callPackage ./litecoin.nix { withGui = false; };

34
pkgs/applications/altcoins/go-ethereum.nix Normal file
View File

@ -0,0 +1,34 @@
{ stdenv, lib, go, fetchgit }:
stdenv.mkDerivation rec {
name = "go-ethereum-${version}";
version = "1.4.7";
rev = "refs/tags/v${version}";
goPackagePath = "github.com/ethereum/go-ethereum";
buildInputs = [ go ];
src = fetchgit {
inherit rev;
url = "https://${goPackagePath}";
sha256 = "19q518kxkvrr44cvsph4wv3lr6ivqsckz1f22r62932s3sq6gyd8";
};
buildPhase = ''
export GOROOT=$(mktemp -d --suffix=-goroot)
ln -sv ${go}/share/go/* $GOROOT
ln -svf ${go}/bin $GOROOT
make all
'';
installPhase = ''
mkdir -p $out/bin
cp -v build/bin/* $out/bin
'';
meta = {
homepage = "https://ethereum.github.io/go-ethereum/";
description = "Official golang implementation of the Ethereum protocol";
license = with lib.licenses; [ lgpl3 gpl3 ];
};
}

14
pkgs/applications/audio/CharacterCompressor/default.nix
View File

@ -1,27 +1,31 @@
{ stdenv, fetchFromGitHub, faust2jaqt, faust2lv2gui }: { stdenv, fetchFromGitHub, faust2jaqt, faust2lv2gui }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "CharacterCompressor-${version}"; name = "CharacterCompressor-${version}";
version = "0.2"; version = "0.3.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "magnetophon"; owner = "magnetophon";
repo = "CharacterCompressor"; repo = "CharacterCompressor";
rev = "v${version}"; rev = "V${version}";
sha256 = "0fvi8m4nshcxypn4jgxhnh7pxp68wshhav3k8wn3il7qpw71pdxi"; sha256 = "0ci27v5k10prsmcd0g6q5vhr31mz8hsmrsdk436vfbcv3s108rcc";
}; };
buildInputs = [ faust2jaqt faust2lv2gui ]; buildInputs = [ faust2jaqt faust2lv2gui ];
buildPhase = '' buildPhase = ''
faust2jaqt -t 99999 CharacterCompressor.dsp faust2jaqt -vec -time -t 99999 CharacterCompressor.dsp
faust2lv2 -gui -t 99999 CharacterCompressor.dsp faust2lv2 -vec -time -gui -t 99999 CharacterCompressor.dsp
faust2jaqt -vec -time -t 99999 CharacterCompressorMono.dsp
faust2lv2 -vec -time -gui -t 99999 CharacterCompressorMono.dsp
''; '';
installPhase = '' installPhase = ''
mkdir -p $out/bin mkdir -p $out/bin
cp CharacterCompressor $out/bin/ cp CharacterCompressor $out/bin/
cp CharacterCompressorMono $out/bin/
mkdir -p $out/lib/lv2 mkdir -p $out/lib/lv2
cp -r CharacterCompressor.lv2/ $out/lib/lv2 cp -r CharacterCompressor.lv2/ $out/lib/lv2
cp -r CharacterCompressorMono.lv2/ $out/lib/lv2
''; '';
meta = { meta = {

6
pkgs/applications/audio/eq10q/default.nix
View File

@ -1,10 +1,10 @@
{ stdenv, fetchurl, cmake, fftw, gtkmm, libxcb, lv2, pkgconfig, xorg }: { stdenv, fetchurl, cmake, fftw, gtkmm, libxcb, lv2, pkgconfig, xorg }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "eq10q-2-${version}"; name = "eq10q-${version}";
version = "beta7.1"; version = "2.0";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/project/eq10q/${name}.tar.gz"; url = "mirror://sourceforge/project/eq10q/${name}.tar.gz";
sha256 = "1jmrcx4jlx8kgsy5n4jcxa6qkjqvx7d8l2p7dsmw4hj20s39lgyi"; sha256 = "08vlfly0qqrfqiwpn5g5php680icpk97pwnwjadmj5syhgvi0i3h";
}; };
buildInputs = [ cmake fftw gtkmm libxcb lv2 pkgconfig xorg.libpthreadstubs xorg.libXdmcp xorg.libxshmfence ]; buildInputs = [ cmake fftw gtkmm libxcb lv2 pkgconfig xorg.libpthreadstubs xorg.libXdmcp xorg.libxshmfence ];

7
pkgs/applications/audio/pd-plugins/puremapping/default.nix
View File

@ -1,12 +1,13 @@
{ stdenv, fetchurl, unzip, puredata }: { stdenv, fetchurl, unzip, puredata }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "puremapping-1.01"; name = "puremapping-${version}";
version = "20160130";
src = fetchurl { src = fetchurl {
url = "http://www.chnry.net/ch/IMG/zip/puremapping-libdir-generic.zip"; url = "http://www.chnry.net/data/puremapping-${version}-generic.zip";
name = "puremapping"; name = "puremapping";
sha256 = "1ygzxsfj3rnzjkpmgi4wch810q8s5vm1gdam6a938hbbvamafgvc"; sha256 = "1h7qgqd8srrxw2y1rkdw5js4k6f5vc8x6nlm2mq9mq9vjck7n1j7";
}; };
buildInputs = [ unzip puredata ]; buildInputs = [ unzip puredata ];

1
pkgs/applications/audio/pd-plugins/zexy/default.nix
View File

@ -16,7 +16,6 @@ stdenv.mkDerivation rec {
for i in ${puredata}/include/pd/*; do for i in ${puredata}/include/pd/*; do
ln -s $i . ln -s $i .
done done
patchShebangs
./bootstrap.sh ./bootstrap.sh
./configure --enable-lpt=no --prefix=$out ./configure --enable-lpt=no --prefix=$out
''; '';

17
pkgs/applications/audio/plugin-torture/default.nix
View File

@ -1,13 +1,14 @@
{ stdenv, fetchgit, boost, ladspaH, lilv, lv2, pkgconfig, serd, sord, sratom }: { stdenv, fetchFromGitHub, boost, ladspaH, lilv, lv2, pkgconfig, serd, sord, sratom }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "plugin-torture-git-${version}"; name = "plugin-torture-${version}";
version = "2013-10-03"; version = "5";
src = fetchgit { src = fetchFromGitHub {
url = "https://github.com/cth103/plugin-torture"; owner = "cth103";
rev = "9ee06016982bdfbaa215cd0468cc6ada6367462a"; repo = "plugin-torture";
sha256 = "0ynzfs3z95lbw4l1w276as2a37zxp0cw6pi3lbikr0qk0r7j5j10"; rev = "v${version}";
sha256 = "1mlgxjsyaz86wm4k32ll2w5nghjffnsdqlm6kjv02a4dpb2bfrih";
}; };
buildInputs = [ boost ladspaH lilv lv2 pkgconfig serd sord sratom ]; buildInputs = [ boost ladspaH lilv lv2 pkgconfig serd sord sratom ];
@ -15,7 +16,7 @@ stdenv.mkDerivation rec {
installPhase = '' installPhase = ''
mkdir -p $out/bin mkdir -p $out/bin
cp plugin-torture $out/bin/ cp plugin-torture $out/bin/
cp README $out/bin/ cp find-safe-plugins $out/bin/
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {

4
pkgs/applications/audio/ponymix/default.nix
View File

@ -2,10 +2,10 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "ponymix-${version}"; name = "ponymix-${version}";
version = "4"; version = "5";
src = fetchurl { src = fetchurl {
url = "http://code.falconindy.com/archive/ponymix/${name}.tar.xz"; url = "http://code.falconindy.com/archive/ponymix/${name}.tar.xz";
sha256 = "008pk3sqc8955k2f502z1syzv43a4q0yk5ws69lgpqfsy1mzki2d"; sha256 = "0qn2kms9h9b7da2xzkdgzrykhhdywr4psxnz03j8rg7wa9nwfw0x";
}; };
buildInputs = [ libpulseaudio libnotify ]; buildInputs = [ libpulseaudio libnotify ];

6
pkgs/applications/audio/puredata/default.nix
View File

@ -4,11 +4,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "puredata-${version}"; name = "puredata-${version}";
version = "0.45-4"; version = "0.47-1";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/pure-data/pd-${version}.src.tar.gz"; url = "http://msp.ucsd.edu/Software/pd-${version}.src.tar.gz";
sha256 = "1ls2ap5yi2zxvmr247621g4jx0hhfds4j5704a050bn2n3l0va2p"; sha256 = "0k5s949kqd7yw97h3m8z81bjz32bis9m4ih8df1z0ymipnafca67";
}; };
patchPhase = '' patchPhase = ''

21
pkgs/applications/audio/sooperlooper/default.nix
View File

@ -1,18 +1,21 @@
{ stdenv, fetchurl, liblo, libxml2, libjack2, libsndfile, wxGTK, libsigcxx { stdenv, fetchFromGitHub , liblo, libxml2, libjack2, libsndfile, wxGTK, libsigcxx
,libsamplerate, rubberband, pkgconfig, ncurses ,libsamplerate, rubberband, pkgconfig, autoconf, automake, libtool, gettext, ncurses, which
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "sooperlooper-${version}"; name = "sooperlooper-git-${version}";
version = "1.7.3"; version = "19-07-2016";
src = fetchurl {
url = "http://essej.net/sooperlooper/${name}.tar.gz"; src = fetchFromGitHub {
sha256 = "0n2gdxw1fx8nxxnpzf4sj0kp6k6zi1yq59cbz6qqzcnsnpnvszbs"; owner = "essej";
repo = "sooperlooper";
rev = "3bdfe184cd59b51c757b8048536abc1146fb0de4";
sha256 = "0qz25h4idv79m97ici2kzx72fwzks3lysyksk3p3rx72lsijhf3g";
}; };
buildInputs = [ buildInputs = [
liblo libxml2 libjack2 libsndfile wxGTK libsigcxx liblo libxml2 libjack2 libsndfile wxGTK libsigcxx
libsamplerate rubberband pkgconfig ncurses libsamplerate rubberband pkgconfig autoconf automake libtool gettext ncurses which
]; ];
meta = { meta = {

6
pkgs/applications/audio/x42-plugins/default.nix
View File

@ -3,12 +3,12 @@
, lv2, mesa, gtk2, cairo, pango, fftwFloat, zita-convolver }: , lv2, mesa, gtk2, cairo, pango, fftwFloat, zita-convolver }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "2015-07-02"; version = "20160619";
name = "x42-plugins-${version}"; name = "x42-plugins-${version}";
src = fetchurl { src = fetchurl {
url = "http://gareus.org/misc/x42-plugins/x42-plugins-20150702.tar.xz"; url = "http://gareus.org/misc/x42-plugins/${name}.tar.xz";
sha256 = "1mq0grabzbl9xsd53v2qajhr8nngk0d4lx9n0n3nwy95y2gmy6sm"; sha256 = "1ald0c5xbfkdq6g5xwyy8wmbi636m3k3gqrq16kbh46g0kld1as9";
}; };
buildInputs = [ mesa_glu ftgl freefont_ttf libjack2 libltc libsndfile libsamplerate lv2 mesa gtk2 cairo pango fftwFloat pkgconfig zita-convolver]; buildInputs = [ mesa_glu ftgl freefont_ttf libjack2 libltc libsndfile libsamplerate lv2 mesa gtk2 cairo pango fftwFloat pkgconfig zita-convolver];

4
pkgs/applications/backup/crashplan/default.nix
View File

@ -2,14 +2,14 @@
let let
version = "4.7.0"; version = "4.7.0";
rev = "1"; #tracks unversioned changes that occur on download.code42.com from time to time rev = "2"; #tracks unversioned changes that occur on download.code42.com from time to time
in stdenv.mkDerivation rec { in stdenv.mkDerivation rec {
name = "crashplan-${version}-r${rev}"; name = "crashplan-${version}-r${rev}";
crashPlanArchive = fetchurl { crashPlanArchive = fetchurl {
url = "https://download.code42.com/installs/linux/install/CrashPlan/CrashPlan_${version}_Linux.tgz"; url = "https://download.code42.com/installs/linux/install/CrashPlan/CrashPlan_${version}_Linux.tgz";
sha256 = "1r50fyswvqjxsdslbyibbxwz2fs8iim15hxr0k05jrzmkhjm4g5v"; sha256 = "1vi6dqf8kc90axrgdcf6rwnhynxgxkc0qn6pbdp2gvkxdqxrprn8";
}; };
srcs = [ crashPlanArchive ]; srcs = [ crashPlanArchive ];

10
pkgs/applications/editors/emacs-25/default.nix
View File

@ -5,6 +5,7 @@
, autoconf, automake , autoconf, automake
, withX ? !stdenv.isDarwin , withX ? !stdenv.isDarwin
, withGTK3 ? false, gtk3 ? null , withGTK3 ? false, gtk3 ? null
, withXwidgets ? false, webkitgtk24x ? null, wrapGAppsHook ? null, glib_networking ? null
, withGTK2 ? true, gtk2 , withGTK2 ? true, gtk2
}: }:
@ -14,6 +15,7 @@ assert withGTK2 -> withX || stdenv.isDarwin;
assert withGTK3 -> withX || stdenv.isDarwin; assert withGTK3 -> withX || stdenv.isDarwin;
assert withGTK2 -> !withGTK3 && gtk2 != null; assert withGTK2 -> !withGTK3 && gtk2 != null;
assert withGTK3 -> !withGTK2 && gtk3 != null; assert withGTK3 -> !withGTK2 && gtk3 != null;
assert withXwidgets -> withGTK3 && webkitgtk24x != null;
let let
toolkit = toolkit =
@ -49,17 +51,19 @@ stdenv.mkDerivation rec {
imagemagick gconf ] imagemagick gconf ]
++ stdenv.lib.optional (withX && withGTK2) gtk2 ++ stdenv.lib.optional (withX && withGTK2) gtk2
++ stdenv.lib.optional (withX && withGTK3) gtk3 ++ stdenv.lib.optional (withX && withGTK3) gtk3
++ stdenv.lib.optional (stdenv.isDarwin && withX) cairo; ++ stdenv.lib.optional (stdenv.isDarwin && withX) cairo
++ stdenv.lib.optionals withXwidgets [webkitgtk24x wrapGAppsHook glib_networking];
propagatedBuildInputs = stdenv.lib.optionals stdenv.isDarwin [ AppKit GSS ImageIO ]; propagatedBuildInputs = stdenv.lib.optionals stdenv.isDarwin [ AppKit GSS ImageIO ];
configureFlags = configureFlags =
if stdenv.isDarwin (if stdenv.isDarwin
then [ "--with-ns" "--disable-ns-self-contained" ] then [ "--with-ns" "--disable-ns-self-contained" ]
else if withX else if withX
then [ "--with-x-toolkit=${toolkit}" "--with-xft" ] then [ "--with-x-toolkit=${toolkit}" "--with-xft" ]
else [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no" else [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no"
"--with-gif=no" "--with-tiff=no" ]; "--with-gif=no" "--with-tiff=no" ])
++ stdenv.lib.optional withXwidgets "--with-xwidgets";
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (stdenv.isDarwin && withX) NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (stdenv.isDarwin && withX)
"-I${cairo.dev}/include/cairo"; "-I${cairo.dev}/include/cairo";

14
pkgs/applications/editors/emacs-modes/cask/default.nix
View File

@ -1,12 +1,14 @@
{ stdenv, fetchgit, emacs, python }: { stdenv, fetchFromGitHub, emacs, python }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "cask-0.7.3"; version = "0.7.4";
name = "cask-${version}";
src = fetchgit { src = fetchFromGitHub {
url = "https://github.com/cask/cask.git"; owner = "cask";
rev = "717b64a9ba7640ec366e8573da0c01f9c4d57b0c"; repo = "cask";
sha256 = "0bq24hac1z77g1bybwlk991dcc3pss2gjpwq0a6vvrqg5hw02lsf"; rev = "v${version}";
sha256 = "1hvm6r6a8rgjwnn2mcamwqrmhz424vlr4mbvbri3wmn0ikbk510l";
}; };
buildInputs = [ emacs python ]; buildInputs = [ emacs python ];

2
pkgs/applications/editors/geany/with-vte.nix
View File

@ -2,5 +2,7 @@
let name = builtins.replaceStrings ["geany-"] ["geany-with-vte-"] geany.name; let name = builtins.replaceStrings ["geany-"] ["geany-with-vte-"] geany.name;
in in
runCommand "${name}" { nativeBuildInputs = [ makeWrapper ]; } " runCommand "${name}" { nativeBuildInputs = [ makeWrapper ]; } "
mkdir -p $out
ln -s ${geany}/share $out
makeWrapper ${geany}/bin/geany $out/bin/geany --prefix LD_LIBRARY_PATH : ${gnome.vte}/lib makeWrapper ${geany}/bin/geany $out/bin/geany --prefix LD_LIBRARY_PATH : ${gnome.vte}/lib
" "

2
pkgs/applications/editors/idea/default.nix
View File

@ -31,7 +31,7 @@ let
buildInputs = x.buildInputs ++ [ makeWrapper ]; buildInputs = x.buildInputs ++ [ makeWrapper ];
installPhase = x.installPhase + '' installPhase = x.installPhase + ''
wrapProgram "$out/bin/android-studio" \ wrapProgram "$out/bin/android-studio" \
--set ANDROID_HOME "${androidsdk}/libexec/android-sdk-linux/" \ --set ANDROID_HOME "${androidsdk}/libexec/" \
--set LD_LIBRARY_PATH "${stdenv.cc.cc.lib}/lib" # Gradle installs libnative-platform.so in ~/.gradle, that requires libstdc++.so.6 --set LD_LIBRARY_PATH "${stdenv.cc.cc.lib}/lib" # Gradle installs libnative-platform.so in ~/.gradle, that requires libstdc++.so.6
''; '';
}); });

38
pkgs/applications/editors/uemacs/default.nix Normal file
View File

@ -0,0 +1,38 @@
{ stdenv, fetchgit, ncurses }:
stdenv.mkDerivation rec {
name = "uemacs-${version}";
version = "2014-12-08";
src = fetchgit {
url = git://git.kernel.org/pub/scm/editors/uemacs/uemacs.git;
rev = "8841922689769960fa074fbb053cb8507f2f3ed9";
sha256 = "14yq7kpkax111cg6k7i3mnqk7sq7a65krq6qizzj7vvnm7bsj3sd";
};
postPatch = ''
substituteInPlace Makefile \
--replace "-lcurses" "-lncurses" \
--replace "CFLAGS=-O2" "CFLAGS+=" \
--replace "BINDIR=/usr/bin" "BINDIR=$out/bin" \
--replace "LIBDIR=/usr/lib" "LIBDIR=$out/share/uemacs"
substituteInPlace epath.h \
--replace "/usr/global/lib/" "$out/share/uemacs/" \
--replace "/usr/local/bin/" "$out/bin/" \
--replace "/usr/local/lib/" "$out/share/uemacs/" \
--replace "/usr/local/" "$out/bin/" \
--replace "/usr/lib/" "$out/share/uemacs/"
mkdir -p $out/bin $out/share/uemacs
'';
buildInputs = [ ncurses ];
meta = with stdenv.lib; {
homepage = https://git.kernel.org/cgit/editors/uemacs/uemacs.git;
description = "Torvalds Micro-emacs fork";
longDescription = ''
uEmacs/PK 4.0 is a full screen editor based on MicroEMACS 3.9e
'';
license = licenses.unfree;
};
}

35
pkgs/applications/editors/vis/default.nix
View File

@ -1,12 +1,18 @@
{ stdenv, fetchFromGitHub, unzip, pkgconfig, makeWrapper, ncurses, libtermkey, lpeg, lua }: { stdenv, fetchFromGitHub, unzip, pkgconfig, makeWrapper
, ncurses, libtermkey, lpeg, lua
, acl ? null, libselinux ? null
, version ? "2016-07-15"
, rev ? "5c2cee9461ef1199f2e80ddcda699595b11fdf08"
, sha256 ? "1jmsv72hq0c2f2rnpllvd70cmxbjwfhynzwaxx24f882zlggwsnd"
}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "vis-nightly-${version}"; name = "vis-nightly-${version}";
version = "2016-04-15"; inherit version;
src = fetchFromGitHub { src = fetchFromGitHub {
sha256 = "0a4gpwniy5r9dpfq51fxjxxnxavdjv8x76w9bbjnbnh8n63p3sj7"; inherit sha256;
rev = "472c559a273d3c7b0f5ee92260c5544bc3d74576"; inherit rev;
repo = "vis"; repo = "vis";
owner = "martanne"; owner = "martanne";
}; };
@ -14,12 +20,14 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
buildInputs = [ buildInputs = [
unzip unzip pkgconfig
pkgconfig ncurses
ncurses libtermkey
libtermkey lua
lua lpeg
lpeg ] ++ stdenv.lib.optional stdenv.isLinux [
acl
libselinux
]; ];
LUA_CPATH="${lpeg}/lib/lua/${lua.luaversion}/?.so;"; LUA_CPATH="${lpeg}/lib/lua/${lua.luaversion}/?.so;";
@ -33,11 +41,10 @@ stdenv.mkDerivation rec {
--prefix VIS_PATH : "$out/share/vis" --prefix VIS_PATH : "$out/share/vis"
''; '';
meta = { meta = with stdenv.lib; {
description = "A vim like editor"; description = "A vim like editor";
homepage = http://github.com/martanne/vis; homepage = http://github.com/martanne/vis;
license = stdenv.lib.licenses.isc; license = licenses.isc;
maintainers = [ stdenv.lib.maintainers.vrthra ]; maintainers = [ maintainers.vrthra ];
}; };
} }

6
pkgs/applications/gis/saga/default.nix
View File

@ -2,15 +2,15 @@
libharu, opencv, vigra, postgresql }: libharu, opencv, vigra, postgresql }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "saga-2.2.2"; name = "saga-2.3.1";
buildInputs = [ gdal wxGTK30 proj libharu opencv vigra postgresql libiodbc lzma jasper ]; buildInputs = [ gdal wxGTK30 proj libharu opencv vigra postgresql libiodbc lzma jasper ];
enableParallelBuilding = true; enableParallelBuilding = true;
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/project/saga-gis/SAGA%20-%202.2/SAGA%202.2.2/saga-2.2.2.tar.gz"; url = "mirror://sourceforge/project/saga-gis/SAGA%20-%202.3/SAGA%202.3.1/saga_2.3.1.tar.gz";
sha256 = "031cd70b7ec248f32f955a9316aefc7f7ab283c5129c49aa4bd748717d20357e"; sha256 = "1h4zkfid9z02mqm1f8az9j0pzmm95f83ra57c4r7bvrrz21w3xaq";
}; };
meta = { meta = {

4
pkgs/applications/graphics/ImageMagick/default.nix
View File

@ -11,8 +11,8 @@ let
else throw "ImageMagick is not supported on this platform."; else throw "ImageMagick is not supported on this platform.";
cfg = { cfg = {
version = "6.9.3-9"; version = "6.9.5-2";
sha256 = "0q19jgn1iv7zqrw8ibxp4z57iihrc9kyb09k2wnspcacs6vrvinf"; sha256 = "09h3rpr1jnzd7ipy5d16r2gi0bwg4hk5khwzv4cyhv1xzs8pk7pj";
patches = []; patches = [];
} }
# Freeze version on mingw so we don't need to port the patch too often. # Freeze version on mingw so we don't need to port the patch too often.

19
pkgs/applications/graphics/ImageMagick/imagetragick.patch
View File

@ -1,15 +1,8 @@
diff --git a/config/policy.xml b/config/policy.xml
index ca3b022..b058c05 100644
--- a/config/policy.xml --- a/config/policy.xml
+++ b/config/policy.xml +++ b/config/policy.xml
@@ -58,4 +58,10 @@ 67a68,72
<!-- <policy domain="resource" name="time" value="3600"/> --> > <policy domain="coder" rights="none" pattern="EPHEMERAL" />
<!-- <policy domain="system" name="precision" value="6"/> --> > <policy domain="coder" rights="none" pattern="URL" />
<policy domain="cache" name="shared-secret" value="passphrase"/> > <policy domain="coder" rights="none" pattern="HTTPS" />
+ > <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" /> > <policy domain="coder" rights="none" pattern="MSL" />
+ <policy domain="coder" rights="none" pattern="URL" />
+ <policy domain="coder" rights="none" pattern="HTTPS" />
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="coder" rights="none" pattern="MSL" />
</policymap>

3
pkgs/applications/graphics/darktable/default.nix
View File

@ -3,7 +3,7 @@
, libgnome_keyring, gtk3, ilmbase, intltool, lcms, lcms2 , libgnome_keyring, gtk3, ilmbase, intltool, lcms, lcms2
, lensfun, libXau, libXdmcp, libexif, libglade, libgphoto2, libjpeg , lensfun, libXau, libXdmcp, libexif, libglade, libgphoto2, libjpeg
, libpng, libpthreadstubs, librsvg, libtiff, libxcb , libpng, libpthreadstubs, librsvg, libtiff, libxcb
, openexr, pixman, pkgconfig, sqlite, bash, libxslt, openjpeg , openexr, osm-gps-map, pixman, pkgconfig, sqlite, bash, libxslt, openjpeg
, mesa, lua, pugixml, colord, colord-gtk, libxshmfence, libxkbcommon , mesa, lua, pugixml, colord, colord-gtk, libxshmfence, libxkbcommon
, epoxy, at_spi2_core, libwebp, libsecret, wrapGAppsHook, gnome3 , epoxy, at_spi2_core, libwebp, libsecret, wrapGAppsHook, gnome3
}: }:
@ -27,6 +27,7 @@ stdenv.mkDerivation rec {
libsoup graphicsmagick SDL json_glib openjpeg mesa lua pugixml libsoup graphicsmagick SDL json_glib openjpeg mesa lua pugixml
colord colord-gtk libxshmfence libxkbcommon epoxy at_spi2_core colord colord-gtk libxshmfence libxkbcommon epoxy at_spi2_core
libwebp libsecret wrapGAppsHook gnome3.adwaita-icon-theme libwebp libsecret wrapGAppsHook gnome3.adwaita-icon-theme
osm-gps-map
]; ];
cmakeFlags = [ cmakeFlags = [

22
pkgs/applications/graphics/exrtools/default.nix Normal file
View File

@ -0,0 +1,22 @@
{ stdenv, fetchurl, pkgconfig, openexr, libpng12, libjpeg }:
stdenv.mkDerivation rec {
name = "exrtools";
version = "0.4";
src = fetchurl {
url = "http://scanline.ca/exrtools/${name}-${version}.tar.gz";
sha256 = "0jpkskqs1yjiighab4s91jy0c0qxcscwadfn94xy2mm2bx2qwp4z";
};
buildInputs = [ stdenv pkgconfig openexr libpng12 libjpeg ];
meta = with stdenv.lib; {
description = "Collection of utilities for manipulating OpenEXR images";
homepage = "http://scanline.ca/exrtools";
platforms = platforms.linux;
license = licenses.mit;
maintainers = [ maintainers.juliendehos ];
};
}

4
pkgs/applications/graphics/gimp/2.8.nix
View File

@ -5,7 +5,7 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "gimp-${version}"; name = "gimp-${version}";
version = "2.8.16"; version = "2.8.18";
# This declarations for `gimp-with-plugins` wrapper, # This declarations for `gimp-with-plugins` wrapper,
# (used for determining $out/lib/gimp/${majorVersion}/ paths) # (used for determining $out/lib/gimp/${majorVersion}/ paths)
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
src = fetchurl { src = fetchurl {
url = "http://download.gimp.org/pub/gimp/v2.8/${name}.tar.bz2"; url = "http://download.gimp.org/pub/gimp/v2.8/${name}.tar.bz2";
sha256 = "1dsgazia9hmab8cw3iis7s69dvqyfj5wga7ds7w2q5mms1xqbqwm"; sha256 = "0halh6sl3d2j9gahyabj6h6r3yyldcy7sfb4qrfazpkqqr3j5p9r";
}; };
buildInputs = buildInputs =

13
pkgs/applications/graphics/shotwell/default.nix
View File

@ -1,19 +1,19 @@
{ fetchurl, stdenv, m4, glibc, gtk3, libexif, libgphoto2, libsoup, libxml2, vala, sqlite { fetchurl, stdenv, m4, glibc, gtk3, libexif, libgphoto2, libsoup, libxml2, vala, sqlite
, webkitgtk, pkgconfig, gnome3, gst_all_1, which, udev, libgudev, libraw, glib, json_glib , webkitgtk, pkgconfig, gnome3, gst_all_1, which, udev, libgudev, libraw, glib, json_glib
, gettext, desktop_file_utils, lcms2, gdk_pixbuf, librsvg, makeWrapper , gettext, desktop_file_utils, lcms2, gdk_pixbuf, librsvg, makeWrapper
, gnome_doc_utils, hicolor_icon_theme }: , gnome_doc_utils, hicolor_icon_theme, itstool }:
# for dependencies see http://www.yorba.org/projects/shotwell/install/ # for dependencies see http://www.yorba.org/projects/shotwell/install/
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "${major}.${minor}"; version = "${major}.${minor}";
major = "0.23"; major = "0.23";
minor = "2"; minor = "4";
name = "shotwell-${version}"; name = "shotwell-${version}";
src = fetchurl { src = fetchurl {
url = "mirror://gnome/sources/shotwell/${major}/${name}.tar.xz"; url = "mirror://gnome/sources/shotwell/${major}/${name}.tar.xz";
sha256 = "d52caae4e3204f2f78e2eb828d955848ea6fef5c91d3ac6e9eb0b185c0490b39"; sha256 = "1hnl0lxibklmr1cy95ij1b3jgvdsw4zlcja53ngfxvlsi2r2bbxi";
}; };
NIX_CFLAGS_COMPILE = "-I${glib.dev}/include/glib-2.0 -I${glib.out}/lib/glib-2.0/include"; NIX_CFLAGS_COMPILE = "-I${glib.dev}/include/glib-2.0 -I${glib.out}/lib/glib-2.0/include";
@ -24,11 +24,6 @@ stdenv.mkDerivation rec {
patchShebangs . patchShebangs .
''; '';
postInstall = ''
mkdir -p $out/share/gsettings-schemas/$name
mv $out/share/glib-2.0 $out/share/gsettings-schemas/$name/
'';
preFixup = '' preFixup = ''
wrapProgram "$out/bin/shotwell" \ wrapProgram "$out/bin/shotwell" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
@ -42,7 +37,7 @@ stdenv.mkDerivation rec {
which udev libgudev gnome3.gexiv2 hicolor_icon_theme which udev libgudev gnome3.gexiv2 hicolor_icon_theme
libraw json_glib gettext desktop_file_utils glib lcms2 gdk_pixbuf librsvg libraw json_glib gettext desktop_file_utils glib lcms2 gdk_pixbuf librsvg
makeWrapper gnome_doc_utils gnome3.rest makeWrapper gnome_doc_utils gnome3.rest
gnome3.defaultIconTheme ]; gnome3.defaultIconTheme itstool ];
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "Popular photo organizer for the GNOME desktop"; description = "Popular photo organizer for the GNOME desktop";

4
pkgs/applications/misc/emem/default.nix
View File

@ -2,14 +2,14 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "emem"; pname = "emem";
version = "0.2.16"; version = "0.2.23";
name = "${pname}-${version}"; name = "${pname}-${version}";
inherit jdk; inherit jdk;
src = fetchurl { src = fetchurl {
url = "https://github.com/ebzzry/${pname}/releases/download/v${version}/${pname}.jar"; url = "https://github.com/ebzzry/${pname}/releases/download/v${version}/${pname}.jar";
sha256 = "1j6i40mcfwcx85zv0pxpwrqj0zy9s5qd7j63zdqf0lckkjvyrih9"; sha256 = "0isvhwczbm5fr8bkq45g9i80s50r4vw92b7f3wdzwx7p5sj48pwj";
}; };
buildInputs = [ ]; buildInputs = [ ];

34
pkgs/applications/misc/gpg-mdp/default.nix Normal file
View File

@ -0,0 +1,34 @@
{ fetchurl, stdenv, ncurses, gnupg }:
let version = "0.7.4";
in stdenv.mkDerivation {
# mdp renamed to gpg-mdp because there is a mdp package already.
name = "gpg-mdp-${version}";
meta = {
homepage = https://tamentis.com/projects/mdp/;
license = [stdenv.lib.licenses.isc];
description = "Manage your passwords with GnuPG and a text editor";
};
src = fetchurl {
url = "https://tamentis.com/projects/mdp/files/mdp-${version}.tar.gz";
sha256 = "04mdnx4ccpxf9m2myy9nvpl9ma4jgzmv9bkrzv2b9affzss3r34g";
};
buildInputs = [ ncurses ];
prePatch = ''
substituteInPlace ./configure \
--replace "alias echo=/bin/echo" ""
substituteInPlace ./src/config.c \
--replace "/usr/bin/gpg" "${gnupg}/bin/gpg2" \
--replace "/usr/bin/vi" "vi"
substituteInPlace ./mdp.1 \
--replace "/usr/bin/gpg" "${gnupg}/bin/gpg2"
'';
# we add symlinks to the binary and man page with the name 'gpg-mdp', in case
# the completely unrelated program also named 'mdp' is already installed.
postFixup = ''
ln -s $out/bin/mdp $out/bin/gpg-mdp
ln -s $out/share/man/man1/mdp.1.gz $out/share/man/man1/gpg-mdp.1.gz
'';
}

18
pkgs/applications/misc/hugo/default.nix Normal file
View File

@ -0,0 +1,18 @@
{ stdenv, buildGoPackage, fetchFromGitHub }:
buildGoPackage rec {
name = "hugo-${version}";
version = "v0.16";
rev = "8b54843a0db694facbaf368af4e777d0ae5fb992";
goPackagePath = "github.com/spf13/hugo";
src = fetchFromGitHub {
inherit rev;
owner = "spf13";
repo = "hugo";
sha256 = "135mrdi8i56z9m2sihjrdfab6lrczbfgavwvfrngvi1zxnx7scmv";
};
goDeps = ./deps.json;
}

44
pkgs/applications/misc/hugo/deps.json Normal file
View File

@ -0,0 +1,44 @@
[
{
"include": "../../libs.json",
"packages": [
"gopkg.in/yaml.v2",
"github.com/hashicorp/hcl",
"github.com/pkg/sftp",
"golang.org/x/sys",
"github.com/hashicorp/go-multierror",
"golang.org/x/crypto",
"github.com/pkg/errors",
"github.com/kr/fs",
"github.com/kyokomi/emoji",
"github.com/bep/inflect",
"github.com/BurntSushi/toml",
"github.com/PuerkitoBio/purell",
"github.com/PuerkitoBio/urlesc",
"github.com/dchest/cssmin",
"github.com/eknkc/amber",
"github.com/gorilla/websocket",
"github.com/kardianos/osext",
"github.com/miekg/mmark",
"github.com/mitchellh/mapstructure",
"github.com/russross/blackfriday",
"github.com/shurcooL/sanitized_anchor_name",
"github.com/spf13/afero",
"github.com/spf13/cast",
"github.com/spf13/jwalterweatherman",
"github.com/spf13/cobra",
"github.com/cpuguy83/go-md2man",
"github.com/inconshreveable/mousetrap",
"github.com/spf13/pflag",
"github.com/spf13/fsync",
"github.com/spf13/viper",
"github.com/kr/pretty",
"github.com/kr/text",
"github.com/magiconair/properties",
"golang.org/x/text",
"github.com/yosssi/ace",
"github.com/spf13/nitro",
"github.com/fsnotify/fsnotify"
]
}
]

31
pkgs/applications/misc/lighthouse/Makefile.patch
View File

@ -1,31 +0,0 @@
# Description: Fix lighthouse Makefile
Index: Makefile
===================================================================
--- ./Makefile 1970-01-01 02:00:01.000000000 +0200
+++ ./Makefile 1970-01-01 02:00:01.000000000 +0200
@@ -19,21 +19,10 @@
endif
# Library specific
-HAS_GDK := $(shell pkg-config --exists gdk-2.0 echo $?)
-ifdef $(HAS_GDK)
- CFLAGS+=`pkg-config --cflags gdk-2.0`
- LDFLAGS+=`pkg-config --libs gdk-2.0`
-else
- CFLAGS+=-DNO_GDK
-endif
-HAS_PANGO := $(shell pkg-config --exists pango echo $?)
-ifdef $(HAS_PANGO)
- CFLAGS+=`pkg-config --cflags pango`
- LDFLAGS+=`pkg-config --libs pango`
-else
- CFLAGS+=-DNO_PANGO
-endif
-
+CFLAGS+=$(shell pkg-config --cflags gdk-2.0)
+LDFLAGS+=$(shell pkg-config --libs gdk-2.0)
+CFLAGS+=$(shell pkg-config --cflags pango)
+LDFLAGS+=$(shell pkg-config --libs pango)
all: lighthouse

Some files were not shown because too many files have changed in this diff Show More