public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1 from NixOS/master

Browse Source 
merge upstream
This commit is contained in:
Christian Gerbrandt 2016-10-14 11:53:34 +02:00 committed by GitHub
commit 49e3c7c9dc
2170 changed files with 64533 additions and 56676 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.editorconfig Normal file
View File

@ -0,0 +1,24 @@
# EditorConfig configuration for nixpkgs
# http://EditorConfig.org
# Top-most EditorConfig file
root = true
# Unix-style newlines with a newline ending every file, utf-8 charset
[*]
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
charset = utf-8
# see https://nixos.org/nixpkgs/manual/#chap-conventions
# Match nix/ruby files, set indent to spaces with width of two
[*.{nix,rb}]
indent_style = space
indent_size = 2
# Match shell/python/perl scripts, set indent to spaces with width of four
[*.{sh,py,pl}]
indent_style = space
indent_size = 4

5
.github/CONTRIBUTING.md vendored
View File

@ -28,5 +28,8 @@ under the terms of [COPYING](../COPYING), which is an MIT-like license.
* Not start with the package name
* Not have a dot at the end
See the nixpkgs manual for more details on how to [Submit changes to nixpkgs](http://hydra.nixos.org/job/nixpkgs/trunk/manual/latest/download-by-type/doc/manual#chap-submitting-changes).
See the nixpkgs manual for more details on how to [Submit changes to nixpkgs](https://nixos.org/nixpkgs/manual/#chap-submitting-changes).
## Reviewing contributions
See the nixpkgs manual for more details on how to [Review contributions](http://hydra.nixos.org/job/nixpkgs/trunk/manual/latest/download-by-type/doc/manual#chap-reviewing-contributions).

3
.mention-bot
View File

@ -4,7 +4,8 @@
"jhasse"
],
"alwaysNotifyForPaths": [
{ "name": "FRidh", "files": ["pkgs/top-level/python-packages.nix", "pkgs/development/interpreters/python/*", "pkgs/development/python-modules/*" ] }
{ "name": "FRidh", "files": ["pkgs/top-level/python-packages.nix", "pkgs/development/interpreters/python/*", "pkgs/development/python-modules/*" ] },
{ "name": "copumpkin", "files": ["pkgs/stdenv/darwin/*", "pkgs/os-specific/darwin/apple-source-releases/*"] }
],
"fileBlacklist": ["pkgs/top-level/all-packages.nix"]
}

10
README.md
View File

@ -2,8 +2,6 @@
[![Build Status](https://travis-ci.org/NixOS/nixpkgs.svg?branch=master)](https://travis-ci.org/NixOS/nixpkgs)
[![Code Triagers Badge](https://www.codetriage.com/nixos/nixpkgs/badges/users.svg)](https://www.codetriage.com/nixos/nixpkgs)
[![Issue Stats](http://www.issuestats.com/github/nixos/nixpkgs/badge/pr?style=flat)](http://www.issuestats.com/github/nixos/nixpkgs)
[![Issue Stats](http://www.issuestats.com/github/nixos/nixpkgs/badge/issue?style=flat)](http://www.issuestats.com/github/nixos/nixpkgs)
Nixpkgs is a collection of packages for the [Nix](https://nixos.org/nix/) package
manager. It is periodically built and tested by the [hydra](http://hydra.nixos.org/)
@ -15,12 +13,12 @@ build daemon as so-called channels. To get channel information via git, add
```
For stability and maximum binary package support, it is recommended to maintain
custom changes on top of one of the channels, e.g. `nixos-16.03` for the latest
custom changes on top of one of the channels, e.g. `nixos-16.09` for the latest
release and `nixos-unstable` for the latest successful build of master:
```
% git remote update channels
% git rebase channels/nixos-16.03
% git rebase channels/nixos-16.09
```
For pull-requests, please rebase onto nixpkgs `master`.
@ -34,9 +32,9 @@ For pull-requests, please rebase onto nixpkgs `master`.
* [Manual (NixOS)](https://nixos.org/nixos/manual/)
* [Nix Wiki](https://nixos.org/wiki/) (deprecated, see milestone ["Move the Wiki!"](https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Move+the+wiki%21%22))
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for 16.03 release](https://hydra.nixos.org/jobset/nixos/release-16.03)
* [Continuous package builds for 16.09 release](https://hydra.nixos.org/jobset/nixos/release-16.09)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for 16.03 release](https://hydra.nixos.org/job/nixos/release-16.03/tested#tabs-constituents)
* [Tests for 16.09 release](https://hydra.nixos.org/job/nixos/release-16.09/tested#tabs-constituents)
Communication:

10
doc/default.nix
View File

@ -60,6 +60,10 @@ pkgs.stdenv.mkDerivation {
inputFile = ../pkgs/development/idris-modules/README.md;
outputFile = "languages-frameworks/idris.xml";
}
+ toDocbook {
inputFile = ../pkgs/development/node-packages/README.md;
outputFile = "languages-frameworks/node.xml";
}
+ toDocbook {
inputFile = ../pkgs/development/r-modules/README.md;
outputFile = "languages-frameworks/r.xml";
@ -93,7 +97,9 @@ pkgs.stdenv.mkDerivation {
cp -r $dst/images $dst/epub/OEBPS
echo "application/epub+zip" > mimetype
zip -0Xq "$dst/Nixpkgs Contributors Guide - NixOS community.epub" mimetype
zip -Xr9D "$dst/Nixpkgs Contributors Guide - NixOS community.epub" $dst/epub/*
manual="$dst/nixpkgs-manual.epub"
zip -0Xq "$manual" mimetype
cd $dst/epub && zip -Xr9D "$manual" *
rm -rf $dst/epub
'';
}

41
doc/languages-frameworks/go.xml
View File

@ -24,7 +24,7 @@ deis = buildGoPackage rec {
sha256 = "1qv9lxqx7m18029lj8cw3k7jngvxs4iciwrypdy0gd2nnghc68sw";
};
goDeps = ./deps.json; <co xml:id='ex-buildGoPackage-3' />
goDeps = ./deps.nix; <co xml:id='ex-buildGoPackage-3' />
buildFlags = "--tags release"; <co xml:id='ex-buildGoPackage-4' />
}
@ -56,7 +56,9 @@ the following arguments are of special significance to the function:
<callout arearefs='ex-buildGoPackage-3'>
<para>
<varname>goDeps</varname> is where the Go dependencies of a Go program are listed
in a JSON format described below.
as a list of package source identified by Go import path.
It could be imported as a separate <varname>deps.nix</varname> file for
readability. The dependency data structure is described below.
</para>
</callout>
@ -70,23 +72,32 @@ the following arguments are of special significance to the function:
</para>
<para>The <varname>goDeps</varname> attribute should point to a JSON file that defines which Go libraries
are needed and should be included in <varname>GOPATH</varname> for <varname>buildPhase</varname>.
<para>The <varname>goDeps</varname> attribute can be imported from a separate
<varname>nix</varname> file that defines which Go libraries are needed and should
be included in <varname>GOPATH</varname> for <varname>buildPhase</varname>.
</para>
<example xml:id='ex-goDeps'><title>deps.json</title>
<example xml:id='ex-goDeps'><title>deps.nix</title>
<programlisting>
[ <co xml:id='ex-goDeps-1' />
{
"goPackagePath": "gopkg.in/yaml.v2", <co xml:id='ex-goDeps-2' />
"fetch": {
"type": "git", <co xml:id='ex-goDeps-3' />
"url": "https://gopkg.in/yaml.v2",
"rev": "a83829b6f1293c91addabc89d0571c246397bbf4",
"sha256": "1m4dsmk90sbi17571h6pld44zxz7jc4lrnl4f27dpd1l8g5xvjhh"
}
}
{
goPackagePath = "gopkg.in/yaml.v2"; <co xml:id='ex-goDeps-2' />
fetch = {
type = "git"; <co xml:id='ex-goDeps-3' />
url = "https://gopkg.in/yaml.v2";
rev = "a83829b6f1293c91addabc89d0571c246397bbf4";
sha256 = "1m4dsmk90sbi17571h6pld44zxz7jc4lrnl4f27dpd1l8g5xvjhh";
};
}
{
goPackagePath = "github.com/docopt/docopt-go";
fetch = {
type = "git";
url = "https://github.com/docopt/docopt-go";
rev = "784ddc588536785e7299f7272f39101f7faccc3f";
sha256 = "0wwz48jl9fvl1iknvn9dqr4gfy1qs03gxaikrxxp9gry6773v3sj";
};
}
]
</programlisting>
</example>

1
doc/languages-frameworks/index.xml
View File

@ -21,6 +21,7 @@ such as Perl or Haskell. These are described in this chapter.</para>
<xi:include href="idris.xml" /> <!-- generated from ../../pkgs/development/idris-modules/README.md -->
<xi:include href="java.xml" />
<xi:include href="lua.xml" />
<xi:include href="node.xml" /> <!-- generated from ../../pkgs/development/node-packages/README.md -->
<xi:include href="perl.xml" />
<xi:include href="python.xml" />
<xi:include href="qt.xml" />

33
doc/multiple-output.xml
View File

@ -45,34 +45,48 @@
<title>File type groups</title>
<para>The support code currently recognizes some particular kinds of outputs and either instructs the build system of the package to put files into their desired outputs or it moves the files during the fixup phase. Each group of file types has an <varname>outputFoo</varname> variable specifying the output name where they should go. If that variable isn't defined by the derivation writer, it is guessed &ndash; a default output name is defined, falling back to other possibilities if the output isn't defined.</para>
<variablelist>
<varlistentry><term><varname>
$outputDev</varname></term><listitem><para>
is for development-only files. These include C(++) headers, pkg-config, cmake and aclocal files. They go to <varname>dev</varname> or <varname>out</varname> by default.
</para></listitem></varlistentry>
</para></listitem>
</varlistentry>
<varlistentry><term><varname>
$outputBin</varname></term><listitem><para>
is meant for user-facing binaries, typically residing in bin/. They go to <varname>bin</varname> or <varname>out</varname> by default.
</para></listitem></varlistentry>
</para></listitem></varlistentry>
<varlistentry><term><varname>
$outputLib</varname></term><listitem><para>
is meant for libraries, typically residing in <filename>lib/</filename> and <filename>libexec/</filename>. They go to <varname>lib</varname> or <varname>out</varname> by default.
</para></listitem></varlistentry>
</para></listitem></varlistentry>
<varlistentry><term><varname>
$outputDoc</varname></term><listitem><para>
is for user documentation, typically residing in <filename>share/doc/</filename>. It goes to <varname>doc</varname> or <varname>out</varname> by default.
</para></listitem></varlistentry>
</para></listitem></varlistentry>
<varlistentry><term><varname>
$outputDocdev</varname></term><listitem><para>
is for <emphasis>developer</emphasis> documentation. Currently we count gtk-doc and man3 pages in there. It goes to <varname>devdoc</varname> or is removed (!) by default. This is because e.g. gtk-doc tends to be rather large and completely unused by nixpkgs users.
</para></listitem></varlistentry>
$outputDevdoc</varname></term><listitem><para>
is for <emphasis>developer</emphasis> documentation. Currently we count gtk-doc in there. It goes to <varname>devdoc</varname> or is removed (!) by default. This is because e.g. gtk-doc tends to be rather large and completely unused by nixpkgs users.
</para></listitem></varlistentry>
<varlistentry><term><varname>
$outputMan</varname></term><listitem><para>
is for man pages (except for section 3). They go to <varname>man</varname> or <varname>doc</varname> or <varname>$outputBin</varname> by default.
</para></listitem></varlistentry>
</para></listitem></varlistentry>
<varlistentry><term><varname>
$outputDevman</varname></term><listitem><para>
is for section 3 man pages. They go to <varname>devman</varname> or <varname>$outputMan</varname> by default.
</para></listitem></varlistentry>
<varlistentry><term><varname>
$outputInfo</varname></term><listitem><para>
is for info pages. They go to <varname>info</varname> or <varname>doc</varname> or <varname>$outputMan</varname> by default.
</para></listitem></varlistentry>
</para></listitem></varlistentry>
</variablelist>
</section>
@ -88,4 +102,3 @@
</section><!--Writing a split derivation-->
</chapter>

46
doc/stdenv.xml
View File

@ -27,7 +27,7 @@ stdenv.mkDerivation {
name = "libfoo-1.2.3";
src = fetchurl {
url = http://example.org/libfoo-1.2.3.tar.bz2;
md5 = "e1ec107956b6ddcb0b8b0679367e9ac9";
sha256 = "0x2g1jqygyr5wiwg4ma1nd7w4ydpy82z9gkcv8vh2v8dn3y58v5m";
};
}</programlisting>
@ -988,6 +988,41 @@ set debug-file-directory ~/.nix-profile/lib/debug
</section>
<section xml:id="ssec-installCheck-phase"><title>The installCheck phase</title>
<para>The installCheck phase checks whether the package was installed
correctly by running its test suite against the installed directories.
The default <function>installCheck</function> calls <command>make
installcheck</command>.</para>
<variablelist>
<title>Variables controlling the installCheck phase</title>
<varlistentry>
<term><varname>doInstallCheck</varname></term>
<listitem><para>If set to a non-empty string, the installCheck phase is
executed, otherwise it is skipped (default). Thus you should set
<programlisting>doInstallCheck = true;</programlisting>
in the derivation to enable install checks.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>preInstallCheck</varname></term>
<listitem><para>Hook executed at the start of the installCheck
phase.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>postInstallCheck</varname></term>
<listitem><para>Hook executed at the end of the installCheck
phase.</para></listitem>
</varlistentry>
</variablelist>
</section>
<section xml:id="ssec-distribution-phase"><title>The distribution
phase</title>
@ -1196,13 +1231,12 @@ echo @foo@
<term><function>stripHash</function>
<replaceable>path</replaceable></term>
<listitem><para>Strips the directory and hash part of a store
path, storing the name part in the environment variable
<literal>strippedName</literal>. For example:
path, outputting the name part to <literal>stdout</literal>.
For example:
<programlisting>
stripHash "/nix/store/9s9r019176g7cvn2nvcw41gsp862y6b4-coreutils-8.24"
# prints coreutils-8.24
echo $strippedName
stripHash "/nix/store/9s9r019176g7cvn2nvcw41gsp862y6b4-coreutils-8.24"
</programlisting>
If you wish to store the result in another variable, then the
@ -1210,7 +1244,7 @@ echo $strippedName
<programlisting>
name="/nix/store/9s9r019176g7cvn2nvcw41gsp862y6b4-coreutils-8.24"
someVar=$(stripHash $name; echo $strippedName)
someVar=$(stripHash $name)
</programlisting>
</para></listitem>

19
lib/attrsets.nix
View File

@ -296,12 +296,17 @@ rec {
/* Converts a store path to a fake derivation. */
toDerivation = path:
let path' = builtins.storePath path; in
{ type = "derivation";
name = builtins.unsafeDiscardStringContext (builtins.substring 33 (-1) (baseNameOf path'));
outPath = path';
outputs = [ "out" ];
};
let
path' = builtins.storePath path;
res =
{ type = "derivation";
name = builtins.unsafeDiscardStringContext (builtins.substring 33 (-1) (baseNameOf path'));
outPath = path';
outputs = [ "out" ];
out = res;
outputName = "out";
};
in res;
/* If `cond' is true, return the attribute set `as',
@ -455,7 +460,7 @@ rec {
getDev = getOutput "dev";
/* Pick the outputs of packages to place in buildInputs */
chooseDevOutputs = drvs: builtins.map (drv: if drv.outputUnspecified or false then drv.dev or drv else drv) drvs;
chooseDevOutputs = drvs: builtins.map getDev drvs;
/*** deprecated stuff ***/

39
lib/default.nix
View File

@ -1,27 +1,46 @@
let
let
# trivial, often used functions
trivial = import ./trivial.nix;
# datatypes
attrsets = import ./attrsets.nix;
lists = import ./lists.nix;
strings = import ./strings.nix;
stringsWithDeps = import ./strings-with-deps.nix;
attrsets = import ./attrsets.nix;
# packaging
customisation = import ./customisation.nix;
maintainers = import ./maintainers.nix;
meta = import ./meta.nix;
sources = import ./sources.nix;
# module system
modules = import ./modules.nix;
options = import ./options.nix;
types = import ./types.nix;
meta = import ./meta.nix;
debug = import ./debug.nix;
misc = import ./deprecated.nix;
maintainers = import ./maintainers.nix;
# constants
licenses = import ./licenses.nix;
platforms = import ./platforms.nix;
systems = import ./systems.nix;
customisation = import ./customisation.nix;
licenses = import ./licenses.nix;
# misc
debug = import ./debug.nix;
misc = import ./deprecated.nix;
# domain-specific
sandbox = import ./sandbox.nix;
fetchers = import ./fetchers.nix;
in
{ inherit trivial lists strings stringsWithDeps attrsets sources options
modules types meta debug maintainers licenses platforms systems sandbox;
{ inherit trivial
attrsets lists strings stringsWithDeps
customisation maintainers meta sources
modules options types
licenses platforms systems
debug misc
sandbox fetchers;
}
# !!! don't include everything at top-level; perhaps only the most
# commonly used functions.

12
lib/fetchers.nix Normal file
View File

@ -0,0 +1,12 @@
# snippets that can be shared by mutliple fetchers (pkgs/build-support)
{
proxyImpureEnvVars = [
# We borrow these environment variables from the caller to allow
# easy proxy configuration. This is impure, but a fixed-output
# derivation like fetchurl is allowed to do so since its result is
# by definition pure.
"http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
];
}

10
lib/licenses.nix
View File

@ -65,6 +65,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
fullName = "Boost Software License 1.0";
};
beerware = spdx {
spdxId = "Beerware";
fullName = ''Beerware License'';
};
bsd2 = spdx {
spdxId = "BSD-2-Clause";
fullName = ''BSD 2-clause "Simplified" License'';
@ -105,6 +110,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
fullName = "Creative Commons Attribution Non Commercial Share Alike 4.0";
};
cc-by-nd-30 = spdx {
spdxId = "CC-BY-ND-3.0";
fullName = "Creative Commons Attribution-No Derivative Works v3.00";
};
cc-by-sa-25 = spdx {
spdxId = "CC-BY-SA-2.5";
fullName = "Creative Commons Attribution Share Alike 2.5";

28
lib/maintainers.nix
View File

@ -12,6 +12,7 @@
abbradar = "Nikolay Amiantov <ab@fmap.me>";
aboseley = "Adam Boseley <adam.boseley@gmail.com>";
abuibrahim = "Ruslan Babayev <ruslan@babayev.com>";
acowley = "Anthony Cowley <acowley@gmail.com>";
adev = "Adrien Devresse <adev@adev.name>";
Adjective-Object = "Maxwell Huang-Hobbs <mhuan13@gmail.com>";
adnelson = "Allen Nelson <ithinkican@gmail.com>";
@ -36,6 +37,7 @@
andsild = "Anders Sildnes <andsild@gmail.com>";
aneeshusa = "Aneesh Agrawal <aneeshusa@gmail.com>";
antono = "Antono Vasiljev <self@antono.info>";
apeyroux = "Alexandre Peyroux <alex@px.io>";
ardumont = "Antoine R. Dumont <eniotna.t@gmail.com>";
aristid = "Aristid Breitkreuz <aristidb@gmail.com>";
arobyn = "Alexei Robyn <shados@shados.net>";
@ -48,6 +50,7 @@
auntie = "Jonathan Glines <auntieNeo@gmail.com>";
avnik = "Alexander V. Nikolaev <avn@avnik.info>";
aycanirican = "Aycan iRiCAN <iricanaycan@gmail.com>";
bachp = "Pascal Bach <pascal.bach@nextrem.ch>";
badi = "Badi' Abdul-Wahid <abdulwahidc@gmail.com>";
balajisivaraman = "Balaji Sivaraman<sivaraman.balaji@gmail.com>";
Baughn = "Svein Ove Aas <sveina@gmail.com>";
@ -86,14 +89,17 @@
cko = "Christine Koppelt <christine.koppelt@gmail.com>";
cleverca22 = "Michael Bishop <cleverca22@gmail.com>";
cmcdragonkai = "Roger Qiu <roger.qiu@matrix.ai>";
cmfwyp = "cmfwyp <cmfwyp@riseup.net>";
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
codsl = "codsl <codsl@riseup.net>";
codyopel = "Cody Opel <codyopel@gmail.com>";
colemickens = "Cole Mickens <cole.mickens@gmail.com>";
copumpkin = "Dan Peebles <pumpkingod@gmail.com>";
corngood = "David McFarland <corngood@gmail.com>";
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
couchemar = "Andrey Pavlov <couchemar@yandex.ru>";
cransom = "Casey Ransom <cransom@hubns.net>";
cryptix = "Henry Bubert <cryptix@riseup.net>";
CrystalGamma = "Jona Stubbe <nixos@crystalgamma.de>";
cstrahan = "Charles Strahan <charles@cstrahan.com>";
cwoac = "Oliver Matthews <oliver@codersoffortune.net>";
@ -102,6 +108,7 @@
danbst = "Danylo Hlynskyi <abcz2.uprola@gmail.com>";
davidak = "David Kleuker <post@davidak.de>";
davidrusu = "David Rusu <davidrusu.me@gmail.com>";
davorb = "Davor Babic <davor@davor.se>";
dbohdan = "Danyil Bohdan <danyil.bohdan@gmail.com>";
dbrock = "Daniel Brockman <daniel@brockman.se>";
deepfire = "Kosyrev Serge <_deepfire@feelingofgreen.ru>";
@ -112,6 +119,7 @@
dezgeg = "Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>";
dfoxfranke = "Daniel Fox Franke <dfoxfranke@gmail.com>";
dgonyeo = "Derek Gonyeo <derek@gonyeo.com>";
dipinhora = "Dipin Hora <dipinhora+github@gmail.com>";
dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
dochang = "Desmond O. Chang <dochang@gmail.com>";
doublec = "Chris Double <chris.double@double.co.nz>";
@ -162,12 +170,15 @@
giogadi = "Luis G. Torres <lgtorres42@gmail.com>";
gleber = "Gleb Peregud <gleber.p@gmail.com>";
globin = "Robin Gloster <mail@glob.in>";
gnidorah = "Alex Ivanov <yourbestfriend@opmbx.org>";
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
goodrone = "Andrew Trachenko <goodrone@gmail.com>";
Gonzih = "Max Gonzih <gonzih@gmail.com>";
gpyh = "Yacine Hmito <yacine.hmito@gmail.com>";
grahamc = "Graham Christensen <graham@grahamc.com>";
gridaphobe = "Eric Seidel <eric@seidel.io>";
guibert = "David Guibert <david.guibert@gmail.com>";
hakuch = "Jesse Haber-Kucharsky <hakuch@gmail.com>";
havvy = "Ryan Scheel <ryan.havvy@gmail.com>";
hbunke = "Hendrik Bunke <bunke.hendrik@gmail.com>";
hce = "Hans-Christian Esperer <hc@hcesperer.org>";
@ -195,6 +206,7 @@
joelmo = "Joel Moberg <joel.moberg@gmail.com>";
joelteon = "Joel Taylor <me@joelt.io>";
joko = "Ioannis Koutras <ioannis.koutras@gmail.com>";
jonafato = "Jon Banafato <jon@jonafato.com>";
jpbernardy = "Jean-Philippe Bernardy <jeanphilippe.bernardy@gmail.com>";
jraygauthier = "Raymond Gauthier <jraygauthier@gmail.com>";
juliendehos = "Julien Dehos <dehos@lisic.univ-littoral.fr>";
@ -205,6 +217,7 @@
kampfschlaefer = "Arnold Krille <arnold@arnoldarts.de>";
kevincox = "Kevin Cox <kevincox@kevincox.ca>";
khumba = "Bryan Gardiner <bog@khumba.net>";
KibaFox = "Kiba Fox <kiba.fox@foxypossibilities.com>";
kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
koral = "Koral <koral@mailoo.org>";
kovirobi = "Kovacsics Robert <kovirobi@gmail.com>";
@ -223,12 +236,14 @@
linquize = "Linquize <linquize@yahoo.com.hk>";
linus = "Linus Arver <linusarver@gmail.com>";
lnl7 = "Daiderd Jordan <daiderd@gmail.com>";
loskutov = "Ignat Loskutov <ignat.loskutov@gmail.com>";
lovek323 = "Jason O'Conal <jason@oconal.id.au>";
lowfatcomputing = "Andreas Wagner <andreas.wagner@lowfatcomputing.org>";
lsix = "Lancelot SIX <lsix@lancelotsix.com>";
lucas8 = "Luc Chabassier <luc.linux@mailoo.org>";
ludo = "Ludovic Courtès <ludo@gnu.org>";
luispedro = "Luis Pedro Coelho <luis@luispedro.org>";
lukasepple = "Lukas Epple <post@lukasepple.de>";
sternenseemann = "Lukas Epple <post@lukasepple.de>";
lukego = "Luke Gorrie <luke@snabb.co>";
lw = "Sergey Sofeychuk <lw@fmap.me>";
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
@ -261,6 +276,7 @@
mingchuan = "Ming Chuan <ming@culpring.com>";
mirdhyn = "Merlin Gaillard <mirdhyn@gmail.com>";
mirrexagon = "Andrew Abbott <mirrexagon@mirrexagon.com>";
mlieberman85 = "Michael Lieberman <mlieberman85@gmail.com>";
modulistic = "Pablo Costa <modulistic@gmail.com>";
mog = "Matthew O'Gorman <mog-lists@rldn.net>";
moosingin3space = "Nathan Moos <moosingin3space@gmail.com>";
@ -270,6 +286,7 @@
mounium = "Katona László <muoniurn@gmail.com>";
MP2E = "Cray Elliott <MP2E@archlinux.us>";
mpscholten = "Marc Scholten <marc@mpscholten.de>";
mpsyco = "Francis St-Amour <fr.st-amour@gmail.com>";
msackman = "Matthew Sackman <matthew@wellquite.org>";
mschristiansen = "Mikkel Christiansen <mikkel@rheosystems.com>";
msteen = "Matthijs Steen <emailmatthijs@gmail.com>";
@ -283,6 +300,7 @@
nckx = "Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>";
nequissimus = "Tim Steinbach <tim@nequissimus.com>";
nfjinjing = "Jinjing Wang <nfjinjing@gmail.com>";
nhooyr = "Anmol Sethi <anmol@aubble.com>";
nico202 = "Nicolò Balzarotti <anothersms@gmail.com>";
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
NikolaMandic = "Ratko Mladic <nikola@mandic.email>";
@ -321,6 +339,7 @@
pmahoney = "Patrick Mahoney <pat@polycrystal.org>";
pmiddend = "Philipp Middendorf <pmidden@secure.mailbox.org>";
prikhi = "Pavan Rikhi <pavan.rikhi@gmail.com>";
primeos = "Michael Weiss <dev.primeos@gmail.com>";
profpatsch = "Profpatsch <mail@profpatsch.de>";
proglodyte = "Proglodyte <proglodyte23@gmail.com>";
pshendry = "Paul Hendry <paul@pshendry.com>";
@ -338,6 +357,7 @@
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
redvers = "Redvers Davies <red@infect.me>";
refnil = "Martin Lavoie <broemartino@gmail.com>";
regnat = "Théophane Hufschmitt <regnat@regnat.ovh>";
relrod = "Ricky Elrod <ricky@elrod.me>";
renzo = "Renzo Carbonara <renzocarbonara@gmail.com>";
retrry = "Tadas Barzdžius <retrry@gmail.com>";
@ -351,6 +371,7 @@
roblabla = "Robin Lambertz <robinlambertz+dev@gmail.com>";
roconnor = "Russell O'Connor <roconnor@theorem.ca>";
romildo = "José Romildo Malaquias <malaquias@gmail.com>";
ronny = "Ronny Pfannschmidt <nixos@ronnypfannschmidt.de>";
rszibele = "Richard Szibele <richard_szibele@hotmail.com>";
rushmorem = "Rushmore Mushambi <rushmore@webenchanter.com>";
rvl = "Rodney Lorrimar <dev+nix@rodney.id.au>";
@ -364,6 +385,7 @@
samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
schmitthenner = "Fabian Schmitthenner <development@schmitthenner.eu>";
schneefux = "schneefux <schneefux+nixos_pkg@schneefux.xyz>";
schristo = "Scott Christopher <schristopher@konputa.com>";
scolobb = "Sergiu Ivanov <sivanov@colimite.fr>";
sepi = "Raffael Mancini <raffael@mancini.lu>";
@ -380,8 +402,8 @@
skeidel = "Sven Keidel <svenkeidel@gmail.com>";
skrzyp = "Jakub Skrzypnik <jot.skrzyp@gmail.com>";
sleexyz = "Sean Lee <freshdried@gmail.com>";
smironov = "Sergey Mironov <ierton@gmail.com>";
solson = "Scott Olson <scott@solson.me>";
smironov = "Sergey Mironov <grrwlf@gmail.com>";
spacefrogg = "Michael Raitza <spacefrogg-nixos@meterriblecrew.net>";
spencerjanssen = "Spencer Janssen <spencerjanssen@gmail.com>";
spinus = "Tomasz Czyż <tomasz.czyz@gmail.com>";
@ -416,6 +438,7 @@
ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
tv = "Tomislav Viljetić <tv@shackspace.de>";
tvestelind = "Tomas Vestelind <tomas.vestelind@fripost.org>";
tvorog = "Marsel Zaripov <marszaripov@gmail.com>";
twey = "James Twey Kay <twey@twey.co.uk>";
uralbash = "Svintsov Dmitry <root@uralbash.ru>";
urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
@ -449,4 +472,5 @@
zohl = "Al Zohali <zohl@fmap.me>";
zoomulator = "Kim Simmons <zoomulator@gmail.com>";
amiloradovsky = "Andrew Miloradovsky <miloradovsky@gmail.com>";
yochai = "Yochai <yochai@titat.info>";
}

79
lib/modules.nix
View File

@ -1,4 +1,5 @@
with import ./lists.nix;
with import ./strings.nix;
with import ./trivial.nix;
with import ./attrsets.nix;
with import ./options.nix;
@ -545,6 +546,84 @@ rec {
use = builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'.";
};
/* Return a module that causes a warning to be shown if any of the "from"
option is defined; the defined values can be used in the "mergeFn" to set
the "to" value.
This function can be used to merge multiple options into one that has a
different type.
"mergeFn" takes the module "config" as a parameter and must return a value
of "to" option type.
mkMergedOptionModule
[ [ "a" "b" "c" ]
[ "d" "e" "f" ] ]
[ "x" "y" "z" ]
(config:
let value = p: getAttrFromPath p config;
in
if (value [ "a" "b" "c" ]) == true then "foo"
else if (value [ "d" "e" "f" ]) == true then "bar"
else "baz")
- options.a.b.c is a removed boolean option
- options.d.e.f is a removed boolean option
- options.x.y.z is a new str option that combines a.b.c and d.e.f
functionality
This show a warning if any a.b.c or d.e.f is set, and set the value of
x.y.z to the result of the merge function
*/
mkMergedOptionModule = from: to: mergeFn:
{ config, options, ... }:
{
options = foldl recursiveUpdate {} (map (path: setAttrByPath path (mkOption {
visible = false;
# To use the value in mergeFn without triggering errors
default = "_mkMergedOptionModule";
})) from);
config = {
warnings = filter (x: x != "") (map (f:
let val = getAttrFromPath f config;
opt = getAttrFromPath f options;
in
optionalString
(val != "_mkMergedOptionModule")
"The option `${showOption f}' defined in ${showFiles opt.files} has been changed to `${showOption to}' that has a different type. Please read `${showOption to}' documentation and update your configuration accordingly."
) from);
} // setAttrByPath to (mkMerge
(optional
(any (f: (getAttrFromPath f config) != "_mkMergedOptionModule") from)
(mergeFn config)));
};
/* Single "from" version of mkMergedOptionModule.
Return a module that causes a warning to be shown if the "from" option is
defined; the defined value can be used in the "mergeFn" to set the "to"
value.
This function can be used to change an option into another that has a
different type.
"mergeFn" takes the module "config" as a parameter and must return a value of
"to" option type.
mkChangedOptionModule [ "a" "b" "c" ] [ "x" "y" "z" ]
(config:
let value = getAttrFromPath [ "a" "b" "c" ] config;
in
if value > 100 then "high"
else "normal")
- options.a.b.c is a removed int option
- options.x.y.z is a new str option that supersedes a.b.c
This show a warning if a.b.c is set, and set the value of x.y.z to the
result of the change function
*/
mkChangedOptionModule = from: to: changeFn:
mkMergedOptionModule [ from ] to changeFn;
/* Like mkRenamedOptionModule, but doesn't show a warning. */
mkAliasOptionModule = from: to: doRename {
inherit from to;

24
lib/trivial.nix
View File

@ -53,6 +53,27 @@ rec {
# argument, but it's nice this way if several uses of `extends` are cascaded.
extends = f: rattrs: self: let super = rattrs self; in super // f self super;
# Create an overridable, recursive attribute set. For example:
#
# nix-repl> obj = makeExtensible (self: { })
#
# nix-repl> obj
# { __unfix__ = «lambda»; extend = «lambda»; }
#
# nix-repl> obj = obj.extend (self: super: { foo = "foo"; })
#
# nix-repl> obj
# { __unfix__ = «lambda»; extend = «lambda»; foo = "foo"; }
#
# nix-repl> obj = obj.extend (self: super: { foo = super.foo + " + "; bar = "bar"; foobar = self.foo + self.bar; })
#
# nix-repl> obj
# { __unfix__ = «lambda»; bar = "bar"; extend = «lambda»; foo = "foo + "; foobar = "foo + bar"; }
makeExtensible = rattrs:
fix' rattrs // {
extend = f: makeExtensible (extends f rattrs);
};
# Flip the order of the arguments of a binary function.
flip = f: a: b: f b a;
@ -113,4 +134,7 @@ rec {
*/
warn = msg: builtins.trace "WARNING: ${msg}";
info = msg: builtins.trace "INFO: ${msg}";
fetchMD5warn = name: context : data : info
"Deprecated use of MD5 hash in ${name} to fetch ${context}" data;
}

2
lib/types.nix
View File

@ -261,7 +261,7 @@ rec {
# declarations from the options attribute of containing option
# declaration.
optionSet = mkOptionType {
name = /* builtins.trace "types.optionSet is deprecated; use types.submodule instead" */ "option set";
name = builtins.trace "types.optionSet is deprecated; use types.submodule instead" "option set";
};
# Augment the given type with an additional type check function.

2
maintainers/scripts/fetch-kde-qt.sh
View File

@ -1,6 +1,8 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p coreutils findutils gnused nix wget
set -efuo pipefail
SRCS=
if [ -d "$1" ]; then
SRCS="$(pwd)/$1/srcs.nix"

10
maintainers/scripts/vanity.sh
View File

@ -101,15 +101,15 @@ cleaner_script="$(echo "$name_list_canonical" | denormalize_name |
# Add github usernames
if [ -n "$NIXPKGS_GITHUB_NAME_CACHE" ]; then
github_adder_script="$(echo "$github_name_list" |
github_adder_script="$(mktemp)"
echo "$github_name_list" |
grep -E "$(echo "$name_list_canonical" | cut -f 2 |
tr '\n' '|' )" |
sort | uniq |
sed -re 's/(.*)\t(.*)/s| \1$| \1\t\2|g;/' |
denormalize_name
)"
denormalize_name > "$github_adder_script"
else
github_adder_script=''
github_adder_script='/dev/null'
fi
echo "$name_list" | denormalize_name
@ -118,5 +118,5 @@ echo
echo "$git_data" | cut -f 1 |
sed -e "$cleaner_script" |
sort | uniq -c | sort -k1n | sed -re "$github_adder_script" |
sort | uniq -c | sort -k1n | sed -rf "$github_adder_script" |
sed -re 's/^ *([0-9]+) /\1\t/'

77
nixos/doc/manual/default.nix
View File

@ -94,14 +94,11 @@ let
"--stringparam chunk.toc ${toc}"
];
olinkDB = stdenv.mkDerivation {
name = "manual-olinkdb";
inherit sources;
buildInputs = [ libxml2 libxslt ];
buildCommand = ''
olinkDB = runCommand "manual-olinkdb"
{ inherit sources;
buildInputs = [ libxml2 libxslt ];
}
''
${copySources}
xsltproc \
@ -133,15 +130,14 @@ let
</targetset>
EOF
'';
};
in rec {
# The NixOS options in JSON format.
optionsJSON = stdenv.mkDerivation {
name = "options-json";
buildCommand = ''
optionsJSON = runCommand "options-json"
{ meta.description = "List of NixOS options in JSON format";
}
''
# Export list of options in different format.
dst=$out/share/doc/nixos
mkdir -p $dst
@ -154,18 +150,14 @@ in rec {
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
''; # */
meta.description = "List of NixOS options in JSON format";
};
# Generate the NixOS manual.
manual = stdenv.mkDerivation {
name = "nixos-manual";
inherit sources;
buildInputs = [ libxml2 libxslt ];
buildCommand = ''
manual = runCommand "nixos-manual"
{ inherit sources;
buildInputs = [ libxml2 libxslt ];
meta.description = "The NixOS manual in HTML format";
allowedReferences = ["out"];
}
''
${copySources}
# Check the validity of the manual sources.
@ -192,20 +184,12 @@ in rec {
echo "doc manual $dst" >> $out/nix-support/hydra-build-products
''; # */
meta.description = "The NixOS manual in HTML format";
allowedReferences = ["out"];
};
manualEpub = stdenv.mkDerivation {
name = "nixos-manual-epub";
inherit sources;
buildInputs = [ libxml2 libxslt zip ];
buildCommand = ''
manualEpub = runCommand "nixos-manual-epub"
{ inherit sources;
buildInputs = [ libxml2 libxslt zip ];
}
''
${copySources}
# Check the validity of the manual sources.
@ -234,17 +218,15 @@ in rec {
mkdir -p $out/nix-support
echo "doc-epub manual $manual" >> $out/nix-support/hydra-build-products
'';
};
# Generate the NixOS manpages.
manpages = stdenv.mkDerivation {
name = "nixos-manpages";
inherit sources;
buildInputs = [ libxml2 libxslt ];
buildCommand = ''
manpages = runCommand "nixos-manpages"
{ inherit sources;
buildInputs = [ libxml2 libxslt ];
allowedReferences = ["out"];
}
''
${copySources}
# Check the validity of the man pages sources.
@ -264,7 +246,4 @@ in rec {
./man-pages.xml
'';
allowedReferences = ["out"];
};
}

3
nixos/doc/manual/development/development.xml
View File

@ -14,8 +14,11 @@ NixOS.</para>
<xi:include href="sources.xml" />
<xi:include href="writing-modules.xml" />
<xi:include href="building-parts.xml" />
<xi:include href="writing-documentation.xml" />
<xi:include href="building-nixos.xml" />
<xi:include href="nixos-tests.xml" />
<xi:include href="testing-installer.xml" />
<xi:include href="reviewing-contributions.xml" />
<xi:include href="releases.xml" />
</part>

88
nixos/doc/manual/development/option-declarations.xml
View File

@ -31,9 +31,9 @@ options = {
<varlistentry>
<term><varname>type</varname></term>
<listitem>
<para>The type of the option (see below). It may be omitted,
but thats not advisable since it may lead to errors that are
hard to diagnose.</para>
<para>The type of the option (see <xref linkend='sec-option-types' />).
It may be omitted, but thats not advisable since it may lead to errors
that are hard to diagnose.</para>
</listitem>
</varlistentry>
@ -65,86 +65,4 @@ options = {
</para>
<para>Here is a non-exhaustive list of option types:
<variablelist>
<varlistentry>
<term><varname>types.bool</varname></term>
<listitem>
<para>A Boolean.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>types.int</varname></term>
<listitem>
<para>An integer.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>types.str</varname></term>
<listitem>
<para>A string.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>types.lines</varname></term>
<listitem>
<para>A string. If there are multiple definitions, they are
concatenated, with newline characters in between.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>types.path</varname></term>
<listitem>
<para>A path, defined as anything that, when coerced to a
string, starts with a slash. This includes derivations.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>types.package</varname></term>
<listitem>
<para>A derivation (such as <literal>pkgs.hello</literal>) or a
store path (such as
<filename>/nix/store/1ifi1cfbfs5iajmvwgrbmrnrw3a147h9-hello-2.10</filename>).</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>types.listOf</varname> <replaceable>t</replaceable></term>
<listitem>
<para>A list of elements of type <replaceable>t</replaceable>
(e.g., <literal>types.listOf types.str</literal> is a list of
strings). Multiple definitions are concatenated together.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>types.attrsOf</varname> <replaceable>t</replaceable></term>
<listitem>
<para>A set of elements of type <replaceable>t</replaceable>
(e.g., <literal>types.attrsOf types.int</literal> is a set of
name/value pairs, the values being integers).</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>types.nullOr</varname> <replaceable>t</replaceable></term>
<listitem>
<para>Either the value <literal>null</literal> or something of
type <replaceable>t</replaceable>.</para>
</listitem>
</varlistentry>
</variablelist>
You can also create new types using the function
<varname>mkOptionType</varname>. See
<filename>lib/types.nix</filename> in Nixpkgs for details.</para>
</section>

394
nixos/doc/manual/development/option-types.xml Normal file
View File

@ -0,0 +1,394 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-option-types">
<title>Options Types</title>
<para>Option types are a way to put constraints on the values a module option
can take.
Types are also responsible of how values are merged in case of multiple
value definitions.</para>
<section><title>Basic Types</title>
<para>Basic types are the simplest available types in the module system.
Basic types include multiple string types that mainly differ in how
definition merging is handled.</para>
<variablelist>
<varlistentry>
<term><varname>types.bool</varname></term>
<listitem><para>A boolean, its values can be <literal>true</literal> or
<literal>false</literal>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.int</varname></term>
<listitem><para>An integer.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.path</varname></term>
<listitem><para>A filesystem path, defined as anything that when coerced to
a string starts with a slash. Even if derivations can be considered as
path, the more specific <literal>types.package</literal> should be
preferred.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.package</varname></term>
<listitem><para>A derivation or a store path.</para></listitem>
</varlistentry>
</variablelist>
<para>String related types:</para>
<variablelist>
<varlistentry>
<term><varname>types.str</varname></term>
<listitem><para>A string. Multiple definitions cannot be
merged.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.lines</varname></term>
<listitem><para>A string. Multiple definitions are concatenated with a new
line <literal>"\n"</literal>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.commas</varname></term>
<listitem><para>A string. Multiple definitions are concatenated with a comma
<literal>","</literal>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.envVar</varname></term>
<listitem><para>A string. Multiple definitions are concatenated with a
collon <literal>":"</literal>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.separatedString</varname>
<replaceable>sep</replaceable></term>
<listitem><para>A string with a custom separator
<replaceable>sep</replaceable>, e.g. <literal>types.separatedString
"|"</literal>.</para></listitem>
</varlistentry>
</variablelist>
</section>
<section><title>Composed Types</title>
<para>Composed types allow to create complex types by taking another type(s)
or value(s) as parameter(s).
It is possible to compose types multiple times, e.g. <literal>with types;
nullOr (enum [ "left" "right" ])</literal>.</para>
<variablelist>
<varlistentry>
<term><varname>types.listOf</varname> <replaceable>t</replaceable></term>
<listitem><para>A list of <replaceable>t</replaceable> type, e.g.
<literal>types.listOf int</literal>. Multiple definitions are merged
with list concatenation.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.attrsOf</varname> <replaceable>t</replaceable></term>
<listitem><para>An attribute set of where all the values are of
<replaceable>t</replaceable> type. Multiple definitions result in the
joined attribute set.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.loaOf</varname> <replaceable>t</replaceable></term>
<listitem><para>An attribute set or a list of <replaceable>t</replaceable>
type. Multiple definitions are merged according to the
value.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.loeOf</varname> <replaceable>t</replaceable></term>
<listitem><para>A list or an element of <replaceable>t</replaceable> type.
Multiple definitions are merged according to the
values.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.nullOr</varname> <replaceable>t</replaceable></term>
<listitem><para><literal>null</literal> or type
<replaceable>t</replaceable>. Multiple definitions are merged according
to type <replaceable>t</replaceable>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.uniq</varname> <replaceable>t</replaceable></term>
<listitem><para>Ensures that type <replaceable>t</replaceable> cannot be
merged. It is used to ensure option definitions are declared only
once.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.enum</varname> <replaceable>l</replaceable></term>
<listitem><para>One element of the list <replaceable>l</replaceable>, e.g.
<literal>types.enum [ "left" "right" ]</literal>. Multiple definitions
cannot be merged</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.either</varname> <replaceable>t1</replaceable>
<replaceable>t2</replaceable></term>
<listitem><para>Type <replaceable>t1</replaceable> or type
<replaceable>t2</replaceable>, e.g. <literal>with types; either int
str</literal>. Multiple definitions cannot be
merged.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>types.submodule</varname> <replaceable>o</replaceable></term>
<listitem><para>A set of sub options <replaceable>o</replaceable>.
<replaceable>o</replaceable> can be an attribute set or a function
returning an attribute set. Submodules are used in composed types to
create modular options. Submodule are detailed in <xref
linkend='section-option-types-submodule' />.</para></listitem>
</varlistentry>
</variablelist>
</section>
<section xml:id='section-option-types-submodule'><title>Submodule</title>
<para>Submodule is a very powerful type that defines a set of sub-options that
are handled like a separate module.
It is especially interesting when used with composed types like
<literal>attrsOf</literal> or <literal>listOf</literal>.</para>
<para>The submodule type take a parameter <replaceable>o</replaceable>, that
should be a set, or a function returning a set with an
<literal>options</literal> key defining the sub-options.
The option set can be defined directly (<xref linkend='ex-submodule-direct'
/>) or as reference (<xref linkend='ex-submodule-reference' />).</para>
<para>Submodule option definitions are type-checked accordingly to the options
declarations. It is possible to declare submodule options inside a submodule
sub-options for even higher modularity.</para>
<example xml:id='ex-submodule-direct'><title>Directly defined submodule</title>
<screen>
options.mod = mkOption {
name = "mod";
description = "submodule example";
type = with types; listOf (submodule {
options = {
foo = mkOption {
type = int;
};
bar = mkOption {
type = str;
};
};
});
};</screen></example>
<example xml:id='ex-submodule-reference'><title>Submodule defined as a
reference</title>
<screen>
let
modOptions = {
options = {
foo = mkOption {
type = int;
};
bar = mkOption {
type = int;
};
};
};
in
options.mod = mkOption {
description = "submodule example";
type = with types; listOf (submodule modOptions);
};</screen></example>
<section><title>Composed with <literal>listOf</literal></title>
<para>When composed with <literal>listOf</literal>, submodule allows multiple
definitions of the submodule option set.</para>
<example xml:id='ex-submodule-listof-declaration'><title>Declaration of a list
of submodules</title>
<screen>
options.mod = mkOption {
description = "submodule example";
type = with types; listOf (submodule {
options = {
foo = mkOption {
type = int;
};
bar = mkOption {
type = str;
};
};
});
};</screen></example>
<example xml:id='ex-submodule-listof-definition'><title>Definition of a list of
submodules</title>
<screen>
config.mod = [
{ foo = 1; bar = "one"; }
{ foo = 2; bar = "two"; }
];</screen></example>
</section>
<section><title>Composed with <literal>attrsOf</literal></title>
<para>When composed with <literal>attrsOf</literal>, submodule allows multiple
named definitions of the submodule option set.</para>
<example xml:id='ex-submodule-attrsof-declaration'><title>Declaration of
attribute sets of submodules</title>
<screen>
options.mod = mkOption {
description = "submodule example";
type = with types; attrsOf (submodule {
options = {
foo = mkOption {
type = int;
};
bar = mkOption {
type = str;
};
};
});
};</screen></example>
<example xml:id='ex-submodule-attrsof-definition'><title>Declaration of
attribute sets of submodules</title>
<screen>
config.mod.one = { foo = 1; bar = "one"; };
config.mod.two = { foo = 2; bar = "two"; };</screen></example>
</section>
</section>
<section><title>Extending types</title>
<para>Types are mainly characterized by their <literal>check</literal> and
<literal>merge</literal> functions.</para>
<variablelist>
<varlistentry>
<term><varname>check</varname></term>
<listitem><para>The function to type check the value. Takes a value as
parameter and return a boolean.
It is possible to extend a type check with the
<literal>addCheck</literal> function (<xref
linkend='ex-extending-type-check-1' />), or to fully override the
check function (<xref linkend='ex-extending-type-check-2' />).</para>
<example xml:id='ex-extending-type-check-1'><title>Adding a type check</title>
<screen>
byte = mkOption {
description = "An integer between 0 and 255.";
type = addCheck (x: x &gt;= 0 &amp;&amp; x &lt;= 255) types.int;
};</screen></example>
<example xml:id='ex-extending-type-check-2'><title>Overriding a type
check</title>
<screen>
nixThings = mkOption {
description = "words that start with 'nix'";
type = types.str // {
check = (x: lib.hasPrefix "nix" x)
};
};</screen></example>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>merge</varname></term>
<listitem><para>Function to merge the options values when multiple values
are set.
The function takes two parameters, <literal>loc</literal> the option path as a
list of strings, and <literal>defs</literal> the list of defined values as a
list.
It is possible to override a type merge function for custom
needs.</para></listitem>
</varlistentry>
</variablelist>
</section>
<section><title>Custom Types</title>
<para>Custom types can be created with the <literal>mkOptionType</literal>
function.
As type creation includes some more complex topics such as submodule handling,
it is recommended to get familiar with <filename
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/types.nix">types.nix</filename>
code before creating a new type.</para>
<para>The only required parameter is <literal>name</literal>.</para>
<variablelist>
<varlistentry>
<term><varname>name</varname></term>
<listitem><para>A string representation of the type function name, name
usually changes accordingly parameters passed to
types.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>check</varname></term>
<listitem><para>A function to type check the definition value. Takes the
definition value as a parameter and returns a boolean indicating the
type check result, <literal>true</literal> for success and
<literal>false</literal> for failure.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>merge</varname></term>
<listitem><para>A function to merge multiple definitions values. Takes two
parameters:</para>
<variablelist>
<varlistentry>
<term><replaceable>loc</replaceable></term>
<listitem><para>The option path as a list of strings, e.g.
<literal>["boot" "loader "grub"
"enable"]</literal>.</para></listitem>
</varlistentry>
<varlistentry>
<term><replaceable>defs</replaceable></term>
<listitem><para>The list of sets of defined <literal>value</literal>
and <literal>file</literal> where the value was defined, e.g.
<literal>[ { file = "/foo.nix"; value = 1; } { file = "/bar.nix";
value = 2 } ]</literal>. The <literal>merge</literal> function
should return the merged value or throw an error in case the
values are impossible or not meant to be merged.</para></listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>getSubOptions</varname></term>
<listitem><para>For composed types that can take a submodule as type
parameter, this function generate sub-options documentation. It takes
the current option prefix as a list and return the set of sub-options.
Usually defined in a recursive manner by adding a term to the prefix,
e.g. <literal>prefix: elemType.getSubOptions (prefix ++
[<replaceable>"prefix"</replaceable>])</literal> where
<replaceable>"prefix"</replaceable> is the newly added
prefix.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>getSubModules</varname></term>
<listitem><para>For composed types that can take a submodule as type
parameter, this function should return the type parameters submodules.
If the type parameter is called <literal>elemType</literal>, the
function should just recursively look into submodules by returning
<literal>elemType.getSubModules;</literal>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>substSubModules</varname></term>
<listitem><para>For composed types that can take a submodule as type
parameter, this function can be used to substitute the parameter of a
submodule type. It takes a module as parameter and return the type with
the submodule options substituted. It is usally defined as a type
function call with a recursive call to
<literal>substSubModules</literal>, e.g for a type
<literal>composedType</literal> that take an <literal>elemtype</literal>
type parameter, this function should be defined as <literal>m:
composedType (elemType.substSubModules m)</literal>.</para></listitem>
</varlistentry>
</variablelist>
</section>
</section>

241
nixos/doc/manual/development/releases.xml Executable file
View File

@ -0,0 +1,241 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-releases">
<title>Releases</title>
<section xml:id="release-process">
<title>Release process</title>
<para>
Going through an example of releasing NixOS 15.09:
</para>
<section xml:id="one-month-before-the-beta">
<title>One month before the beta</title>
<itemizedlist spacing="compact">
<listitem>
<para>
Send an email to nix-dev mailinglist as a warning about upcoming beta "feature freeze" in a month.
</para>
</listitem>
<listitem>
<para>
Discuss with Eelco Dolstra and the community (via IRC, ML) about what will reach the deadline.
Any issue or Pull Request targeting the release should have assigned milestone.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="at-beta-release-time">
<title>At beta release time</title>
<itemizedlist spacing="compact">
<listitem>
<para>
Rename <literal>rl-unstable.xml</literal> -&gt;
<literal>rl-1509.xml</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>git tag -a -m &quot;Release 15.09-beta&quot; 15.09-beta &amp;&amp; git push --tags</literal>
</para>
</listitem>
<listitem>
<para>
From the master branch run <literal>git checkout -B release-15.09</literal>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixos-org-configurations/pull/18">
Make sure channel is created at http://nixos.org/channels/.
</link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/settings/branches">
Lock the branch on github (so developers cant force push)
</link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/compare/bdf161ed8d21...6b63c4616790">bump
<literal>system.defaultChannel</literal> attribute in
<literal>nixos/modules/misc/version.nix</literal></link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/d6b08acd1ccac0d9d502c4b635e00b04d3387f06">update
<literal>versionSuffix</literal> in
<literal>nixos/release.nix</literal></link>, use
<literal>git log --format=%an|wc -l</literal> to get commit
count
</para>
</listitem>
<listitem>
<para>
<literal>echo -n &quot;16.03&quot; &gt; .version</literal> in
master.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/b8a4095003e27659092892a4708bb3698231a842">pick
a new name for unstable branch.</link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/13559">Create
an issue for tracking Zero Hydra Failures progress. ZHF is an effort
to get build failures down to zero.</link>
</para>
</listitem>
<listitem>
<para>
Use https://lwn.net/Vulnerabilities/ and
<link xlink:href="https://github.com/NixOS/nixpkgs/search?utf8=%E2%9C%93&amp;q=vulnerabilities&amp;type=Issues">triage vulnerabilities in an issue</link>.
</para>
</listitem>
<listitem>
<para>
Create two Hydra jobsets: release-15.09 and release-15.09-small with <literal>stableBranch</literal> set to false
</para>
</listitem>
<listitem>
<para>
Edit changelog at
<literal>nixos/doc/manual/release-notes/rl-1509.xml</literal>
(double check desktop versions are noted)
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Get all new NixOS modules
<literal>git diff release-14.12..release-15.09 nixos/modules/module-list.nix|grep ^+</literal>
</para>
</listitem>
<listitem>
<para>
Note systemd, kernel, glibc and Nix upgrades.
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
<section xml:id="before-the-final-release">
<title>Before the final release</title>
<itemizedlist spacing="compact">
<listitem>
<para>
Release Nix (currently only Eelco Dolstra can do that).
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/53710c752a85f00658882531bc90a23a3d1287e4">
Make sure fallback is updated.
</link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/40fd9ae3ac8048758abdcfc7d28a78b5f22fe97e">
Update README.md with new stable NixOS version information.
</link>
</para>
</listitem>
<listitem>
<para>
Change <literal>stableBranch</literal> to true and wait for channel to update.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="at-final-release-time">
<title>At final release time</title>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>git tag -s -a -m &quot;Release 15.09&quot; 15.09</literal>
</para>
</listitem>
<listitem>
<para>
Update http://nixos.org/nixos/download.html and http://nixos.org/nixos/manual in https://github.com/NixOS/nixos-org-configurations
</para>
</listitem>
<listitem>
<para>
Get number of commits for the release:
<literal>git log release-14.04..release-14.12 --format=%an|wc -l</literal>
</para>
</listitem>
<listitem>
<para>
Commits by contributor:
<literal>git log release-14.04..release-14.12 --format=%an|sort|uniq -c|sort -rn</literal>
</para>
</listitem>
<listitem>
<para>
Send an email to nix-dev to announce the release with above information. Best to check how previous email was formulated
to see what needs to be included.
</para>
</listitem>
</itemizedlist>
</section>
</section>
<section xml:id="release-schedule">
<title>Release schedule</title>
<informaltable>
<tgroup cols="2">
<colspec align="left" />
<colspec align="left" />
<thead>
<row>
<entry>
Date
</entry>
<entry>
Event
</entry>
</row>
</thead>
<tbody>
<row>
<entry>
2016-07-25
</entry>
<entry>
Send email to nix-dev about upcoming branch-off
</entry>
</row>
<row>
<entry>
2016-09-01
</entry>
<entry>
<literal>release-16.09</literal> branch and corresponding jobsets are created,
change freeze
</entry>
</row>
<row>
<entry>
2016-09-30
</entry>
<entry>
NixOS 16.09 released
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
</section>
</chapter>

393
nixos/doc/manual/development/reviewing-contributions.xml Normal file
View File

@ -0,0 +1,393 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-reviewing-contributions">
<title>Reviewing contributions</title>
<warning>
<para>The following section is a draft and reviewing policy is still being
discussed.</para>
</warning>
<para>The nixpkgs projects receives a fairly high number of contributions via
GitHub pull-requests. Reviewing and approving these is an important task and a
way to contribute to the project.</para>
<para>The high change rate of nixpkgs make any pull request that is open for
long enough subject to conflicts that will require extra work from the
submitter or the merger. Reviewing pull requests in a timely manner and being
responsive to the comments is the key to avoid these. Github provides sort
filters that can be used to see the <link
xlink:href="https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc">most
recently</link> and the <link
xlink:href="https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-asc">least
recently</link> updated pull-requests.</para>
<para>When reviewing a pull request, please always be nice and polite.
Controversial changes can lead to controversial opinions, but it is important
to respect every community members and their work.</para>
<para>GitHub provides reactions, they are a simple and quick way to provide
feedback to pull-requests or any comments. The thumb-down reaction should be
used with care and if possible accompanied with some explanations so the
submitter has directions to improve his contribution.</para>
<para>Pull-requests reviews should include a list of what has been reviewed in a
comment, so other reviewers and mergers can know the state of the
review.</para>
<para>All the review template samples provided in this section are generic and
meant as examples. Their usage is optional and the reviewer is free to adapt
them to his liking.</para>
<section><title>Package updates</title>
<para>A package update is the most trivial and common type of pull-request.
These pull-requests mainly consist in updating the version part of the package
name and the source hash.</para>
<para>It can happen that non trivial updates include patches or more complex
changes.</para>
<para>Reviewing process:</para>
<itemizedlist>
<listitem><para>Add labels to the pull-request. (Requires commit
rights)</para>
<itemizedlist>
<listitem><para><literal>8.has: package (update)</literal> and any topic
label that fit the updated package.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Ensure that the package versioning is fitting the
guidelines.</para></listitem>
<listitem><para>Ensure that the commit text is fitting the
guidelines.</para></listitem>
<listitem><para>Ensure that the package maintainers are notified.</para>
<itemizedlist>
<listitem><para>mention-bot usually notify GitHub users based on the
submitted changes, but it can happen that it misses some of the
package maintainers.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Ensure that the meta field contains correct
information.</para>
<itemizedlist>
<listitem><para>License can change with version updates, so it should be
checked to be fitting upstream license.</para></listitem>
<listitem><para>If the package has no maintainer, a maintainer must be
set. This can be the update submitter or a community member that
accepts to take maintainership of the package.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Ensure that the code contains no typos.</para></listitem>
<listitem><para>Building the package locally.</para>
<itemizedlist>
<listitem><para>Pull-requests are often targeted to the master or staging
branch so building the pull-request locally as it is submitted can
trigger a large amount of source builds.</para>
<para>It is possible to rebase the changes on nixos-unstable or
nixpkgs-unstable for easier review by running the following commands
from a nixpkgs clone.
<screen>
$ git remote add channels https://github.com/NixOS/nixpkgs-channels.git <co
xml:id='reviewing-rebase-1' />
$ git fetch channels nixos-unstable <co xml:id='reviewing-rebase-2' />
$ git fetch origin pull/PRNUMBER/head <co xml:id='reviewing-rebase-3' />
$ git rebase --onto nixos-unstable BASEBRANCH FETCH_HEAD <co
xml:id='reviewing-rebase-4' />
</screen>
<calloutlist>
<callout arearefs='reviewing-rebase-1'>
<para>This should be done only once to be able to fetch channel
branches from the nixpkgs-channels repository.</para>
</callout>
<callout arearefs='reviewing-rebase-2'>
<para>Fetching the nixos-unstable branch.</para>
</callout>
<callout arearefs='reviewing-rebase-3'>
<para>Fetching the pull-request changes, <varname>PRNUMBER</varname>
is the number at the end of the pull-request title and
<varname>BASEBRANCH</varname> the base branch of the
pull-request.</para>
</callout>
<callout arearefs='reviewing-rebase-3'>
<para>Rebasing the pull-request changes to the nixos-unstable
branch.</para>
</callout>
</calloutlist>
</para>
</listitem>
<listitem>
<para>The <link xlink:href="https://github.com/madjar/nox">nox</link>
tool can be used to review a pull-request content in a single command.
It doesn't rebase on a channel branch so it might trigger multiple
source builds. <varname>PRNUMBER</varname> should be replaced by the
number at the end of the pull-request title.</para>
<screen>
$ nix-shell -p nox --run "nox-review -k pr PRNUMBER"
</screen>
</listitem>
</itemizedlist>
</listitem>
<listitem><para>Running every binary.</para></listitem>
</itemizedlist>
<example><title>Sample template for a package update review</title>
<screen>
##### Reviewed points
- [ ] package name fits guidelines
- [ ] package version fits guidelines
- [ ] package build on ARCHITECTURE
- [ ] executables tested on ARCHITECTURE
- [ ] all depending packages build
##### Possible improvements
##### Comments
</screen></example>
</section>
<section><title>New packages</title>
<para>New packages are a common type of pull-requests. These pull requests
consists in adding a new nix-expression for a package.</para>
<para>Reviewing process:</para>
<itemizedlist>
<listitem><para>Add labels to the pull-request. (Requires commit
rights)</para>
<itemizedlist>
<listitem><para><literal>8.has: package (new)</literal> and any topic
label that fit the new package.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Ensure that the package versioning is fitting the
guidelines.</para></listitem>
<listitem><para>Ensure that the commit name is fitting the
guidelines.</para></listitem>
<listitem><para>Ensure that the meta field contains correct
information.</para>
<itemizedlist>
<listitem><para>License must be checked to be fitting upstream
license.</para></listitem>
<listitem><para>Platforms should be set or the package will not get binary
substitutes.</para></listitem>
<listitem><para>A maintainer must be set, this can be the package
submitter or a community member that accepts to take maintainership of
the package.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Ensure that the code contains no typos.</para></listitem>
<listitem><para>Ensure the package source.</para>
<itemizedlist>
<listitem><para>Mirrors urls should be used when
available.</para></listitem>
<listitem><para>The most appropriate function should be used (e.g.
packages from GitHub should use
<literal>fetchFromGitHub</literal>).</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Building the package locally.</para></listitem>
<listitem><para>Running every binary.</para></listitem>
</itemizedlist>
<example><title>Sample template for a new package review</title>
<screen>
##### Reviewed points
- [ ] package path fits guidelines
- [ ] package name fits guidelines
- [ ] package version fits guidelines
- [ ] package build on ARCHITECTURE
- [ ] executables tested on ARCHITECTURE
- [ ] `meta.description` is set and fits guidelines
- [ ] `meta.license` fits upstream license
- [ ] `meta.platforms` is set
- [ ] `meta.maintainers` is set
- [ ] build time only dependencies are declared in `nativeBuildInputs`
- [ ] source is fetched using the appropriate function
- [ ] phases are respected
- [ ] patches that are remotely available are fetched with `fetchpatch`
##### Possible improvements
##### Comments
</screen></example>
</section>
<section><title>Module updates</title>
<para>Module updates are submissions changing modules in some ways. These often
contains changes to the options or introduce new options.</para>
<para>Reviewing process</para>
<itemizedlist>
<listitem><para>Add labels to the pull-request. (Requires commit
rights)</para>
<itemizedlist>
<listitem><para><literal>8.has: module (update)</literal> and any topic
label that fit the module.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Ensure that the module maintainers are notified.</para>
<itemizedlist>
<listitem><para>Mention-bot notify GitHub users based on the submitted
changes, but it can happen that it miss some of the package
maintainers.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Ensure that the module tests, if any, are
succeeding.</para></listitem>
<listitem><para>Ensure that the introduced options are correct.</para>
<itemizedlist>
<listitem><para>Type should be appropriate (string related types differs
in their merging capabilities, <literal>optionSet</literal> and
<literal>string</literal> types are deprecated).</para></listitem>
<listitem><para>Description, default and example should be
provided.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Ensure that option changes are backward compatible.</para>
<itemizedlist>
<listitem><para><literal>mkRenamedOptionModule</literal> and
<literal>mkAliasOptionModule</literal> functions provide way to make
option changes backward compatible.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Ensure that removed options are declared with
<literal>mkRemovedOptionModule</literal></para></listitem>
<listitem><para>Ensure that changes that are not backward compatible are
mentioned in release notes.</para></listitem>
<listitem><para>Ensure that documentations affected by the change is
updated.</para></listitem>
</itemizedlist>
<example><title>Sample template for a module update review</title>
<screen>
##### Reviewed points
- [ ] changes are backward compatible
- [ ] removed options are declared with `mkRemovedOptionModule`
- [ ] changes that are not backward compatible are documented in release notes
- [ ] module tests succeed on ARCHITECTURE
- [ ] options types are appropriate
- [ ] options description is set
- [ ] options example is provided
- [ ] documentation affected by the changes is updated
##### Possible improvements
##### Comments
</screen></example>
</section>
<section><title>New modules</title>
<para>New modules submissions introduce a new module to NixOS.</para>
<itemizedlist>
<listitem><para>Add labels to the pull-request. (Requires commit
rights)</para>
<itemizedlist>
<listitem><para><literal>8.has: module (new)</literal> and any topic label
that fit the module.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Ensure that the module tests, if any, are
succeeding.</para></listitem>
<listitem><para>Ensure that the introduced options are correct.</para>
<itemizedlist>
<listitem><para>Type should be appropriate (string related types differs
in their merging capabilities, <literal>optionSet</literal> and
<literal>string</literal> types are deprecated).</para></listitem>
<listitem><para>Description, default and example should be
provided.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Ensure that module <literal>meta</literal> field is
present</para>
<itemizedlist>
<listitem><para>Maintainers should be declared in
<literal>meta.maintainers</literal>.</para></listitem>
<listitem><para>Module documentation should be declared with
<literal>meta.doc</literal>.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Ensure that the module respect other modules
functionality.</para>
<itemizedlist>
<listitem><para>For example, enabling a module should not open firewall
ports by default.</para></listitem>
</itemizedlist>
</listitem>
</itemizedlist>
<example><title>Sample template for a new module review</title>
<screen>
##### Reviewed points
- [ ] module path fits the guidelines
- [ ] module tests succeed on ARCHITECTURE
- [ ] options have appropriate types
- [ ] options have default
- [ ] options have example
- [ ] options have descriptions
- [ ] No unneeded package is added to system.environmentPackages
- [ ] meta.maintainers is set
- [ ] module documentation is declared in meta.doc
##### Possible improvements
##### Comments
</screen></example>
</section>
<section><title>Other submissions</title>
<para>Other type of submissions requires different reviewing steps.</para>
<para>If you consider having enough knowledge and experience in a topic and
would like to be a long-term reviewer for related submissions, please contact
the current reviewers for that topic. They will give you information about the
reviewing process.
The main reviewers for a topic can be hard to find as there is no list, but
checking past pull-requests to see who reviewed or git-blaming the code to see
who committed to that topic can give some hints.</para>
<para>Container system, boot system and library changes are some examples of the
pull requests fitting this category.</para>
</section>
<section><title>Merging pull-requests</title>
<para>It is possible for community members that have enough knowledge and
experience on a special topic to contribute by merging pull requests.</para>
<para>TODO: add the procedure to request merging rights.</para>
<!--
The following paragraph about how to deal with unactive contributors is just a
proposition and should be modified to what the community agrees to be the right
policy.
<para>Please note that contributors with commit rights unactive for more than
three months will have their commit rights revoked.</para>
-->
<para>In a case a contributor leaves definitively the Nix community, he should
create an issue or notify the mailing list with references of packages and
modules he maintains so the maintainership can be taken over by other
contributors.</para>
</section>
</chapter>

147
nixos/doc/manual/development/writing-documentation.xml Normal file
View File

@ -0,0 +1,147 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-writing-documentation">
<title>Writing NixOS Documentation</title>
<para>
As NixOS grows, so too does the need for a catalogue and explanation
of its extensive functionality. Collecting pertinent information
from disparate sources and presenting it in an accessible style
would be a worthy contribution to the project.
</para>
<section>
<title>Building the Manual</title>
<para>
The DocBook sources of the <xref linkend="book-nixos-manual"/> are in the
<link xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual"><filename>nixos/doc/manual</filename></link>
subdirectory of the Nixpkgs repository. If you make modifications to
the manual, it's important to build it before committing. You can do
that as follows:
<screen>nix-build nixos/release.nix -A manual.x86_64-linux</screen>
</para>
<para>
When this command successfully finishes, it will tell you where the
manual got generated. The HTML will be accessible through the
<filename>result</filename> symlink at
<filename>./result/share/doc/nixos/index.html</filename>.
</para>
</section>
<section>
<title>Editing DocBook XML</title>
<para>
For general information on how to write in DocBook, see
<link xlink:href="http://www.docbook.org/tdg5/en/html/docbook.html">
DocBook 5: The Definitive Guide</link>.
</para>
<para>
Emacs nXML Mode is very helpful for editing DocBook XML because it
validates the document as you write, and precisely locates
errors. To use it, see <xref linkend="sec-emacs-docbook-xml"/>.
</para>
<para>
<link xlink:href="http://pandoc.org">Pandoc</link> can generate
DocBook XML from a multitude of formats, which makes a good starting
point.
<example xml:id="ex-pandoc-xml-conv">
<title>Pandoc invocation to convert GitHub-Flavoured MarkDown to DocBook 5 XML</title>
<screen>pandoc -f markdown_github -t docbook5 docs.md -o my-section.md</screen>
</example>
Pandoc can also quickly convert a single
<filename>section.xml</filename> to HTML, which is helpful when
drafting.
</para>
<para>
Sometimes writing valid DocBook is simply too difficult. In this
case, submit your documentation updates in a <link
xlink:href="https://github.com/NixOS/nixpkgs/issues/new">GitHub
Issue</link> and someone will handle the conversion to XML for you.
</para>
</section>
<section>
<title>Creating a Topic</title>
<para>
You can use an existing topic as a basis for the new topic or create a topic from scratch.
</para>
<para>
Keep the following guidelines in mind when you create and add a topic:
<itemizedlist>
<listitem><para>
The NixOS <link xlink:href="http://www.docbook.org/tdg5/en/html/book.html"><tag>book</tag></link>
element is in <filename>nixos/doc/manual/manual.xml</filename>.
It includes several
<link xlink:href="http://www.docbook.org/tdg5/en/html/book.html"><tag>part</tag>s</link>
which are in subdirectories.
</para></listitem>
<listitem><para>
Store the topic file in the same directory as the <tag>part</tag>
to which it belongs. If your topic is about configuring a NixOS
module, then the XML file can be stored alongside the module
definition <filename>nix</filename> file.
</para></listitem>
<listitem><para>
If you include multiple words in the file name, separate the words
with a dash. For example: <filename>ipv6-config.xml</filename>.
</para></listitem>
<listitem><para>
Make sure that the <tag>xml:id</tag> value is unique. You can use
abbreviations if the ID is too long. For example:
<varname>nixos-config</varname>.
</para></listitem>
<listitem><para>
Determine whether your topic is a chapter or a section. If you are
unsure, open an existing topic file and check whether the main
element is chapter or section.
</para></listitem>
</itemizedlist>
</para>
</section>
<section>
<title>Adding a Topic to the Book</title>
<para>
Open the parent XML file and add an <varname>xi:include</varname>
element to the list of chapters with the file name of the topic that
you created. If you created a <tag>section</tag>, you add the file to
the <tag>chapter</tag> file. If you created a <tag>chapter</tag>, you
add the file to the <tag>part</tag> file.
</para>
<para>
If the topic is about configuring a NixOS module, it can be
automatically included in the manual by using the
<varname>meta.doc</varname> attribute. See <xref
linkend="sec-meta-attributes"/> for an explanation.
</para>
</section>
</chapter>

1
nixos/doc/manual/development/writing-modules.xml
View File

@ -176,6 +176,7 @@ in {
</example>
<xi:include href="option-declarations.xml" />
<xi:include href="option-types.xml" />
<xi:include href="option-def.xml" />
<xi:include href="meta-attributes.xml" />

172
nixos/doc/manual/release-notes/rl-1609.xml
View File

@ -4,7 +4,7 @@
version="5.0"
xml:id="sec-release-16.09">
<title>Release 16.09 (“Flounder”, 2016/09/??)</title>
<title>Release 16.09 (“Flounder”, 2016/09/30)</title>
<para>In addition to numerous new and upgraded packages, this release
has the following highlights: </para>
@ -12,22 +12,45 @@ has the following highlights: </para>
<itemizedlist>
<listitem>
<para>PXE "netboot" media has landed in <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14740" />.
See <xref linkend="sec-booting-from-pxe" /> for documentation.</para>
<para>Many NixOS configurations and Nix packages now use
significantly less disk space, thanks to the <link
xlink:href="https://github.com/NixOS/nixpkgs/issues/7117">extensive
work on closure size reduction</link>. For example, the closure
size of a minimal NixOS container went down from ~424 MiB in 16.03
to ~212 MiB in 16.09, while the closure size of Firefox went from
~651 MiB to ~259 MiB.</para>
</listitem>
<listitem>
<para>Xorg-server-1.18.*. If you choose <literal>"ati_unfree"</literal> driver,
1.17.* is still used due to ABI incompatibility.</para>
<para>To improve security, packages are now <link
xlink:href="https://github.com/NixOS/nixpkgs/pull/12895">built
using various hardening features</link>. See the Nixpkgs manual
for more information.</para>
</listitem>
<listitem>
<para>Support for PXE netboot. See <xref
linkend="sec-booting-from-pxe" /> for documentation.</para>
</listitem>
<listitem>
<para>X.org server 1.18. If you use the
<literal>ati_unfree</literal> driver, 1.17 is still used due to an
ABI incompatibility.</para>
</listitem>
<listitem>
<para>This release is based on Glibc 2.24, GCC 5.4.0 and systemd
231. The default Linux kernel remains 4.4.</para>
</listitem>
</itemizedlist>
<para>The following new services were added since the last release:</para>
<itemizedlist>
<listitem><para><literal>(this will get automatically generated at release time)</literal></para></listitem>
</itemizedlist>
<itemizedlist>
<listitem><para><literal>(this will get automatically generated at release time)</literal></para></listitem>
</itemizedlist>
<para>When upgrading from a previous release, please be aware of the
following incompatible changes:</para>
@ -36,7 +59,8 @@ following incompatible changes:</para>
<listitem>
<para>A large number of packages have been converted to use the multiple outputs feature
of Nix to greatly reduce the amount of required disk space. This may require changes
of Nix to greatly reduce the amount of required disk space, as
mentioned above. This may require changes
to any custom packages to make them build again; see the relevant chapter in the
Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions
related to multiple-output packages
@ -45,6 +69,25 @@ following incompatible changes:</para>
</para>
</listitem>
<listitem>
<para>Previous versions of Nixpkgs had support for all versions of the LTS
Haskell package set. That support has been dropped. The previously provided
<literal>haskell.packages.lts-x_y</literal> package sets still exist in
name to aviod breaking user code, but these package sets don't actually
contain the versions mandated by the corresponding LTS release. Instead,
our package set it loosely based on the latest available LTS release, i.e.
LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will
drop those old names entirely. <link
xlink:href="http://lists.science.uu.nl/pipermail/nix-dev/2016-June/020585.html">The
motivation for this change</link> has been discussed at length on the
<literal>nix-dev</literal> mailing list and in <link
xlink:href="https://github.com/NixOS/nixpkgs/issues/14897">Github issue
#14897</link>. Development strategies for Haskell hackers who want to rely
on Nix and NixOS have been described in <link
xlink:href="http://lists.science.uu.nl/pipermail/nix-dev/2016-June/020642.html">another
nix-dev article</link>.</para>
</listitem>
<listitem>
<para>Shell aliases for systemd sub-commands
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/15598">were dropped</link>:
@ -58,16 +101,20 @@ following incompatible changes:</para>
</listitem>
<listitem>
<para>/var/setuid-wrappers/
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/18124">is now a symlink so
it can be atomically updated</link>
and it's not mounted as tmpfs anymore since setuid binaries are located on /run/ as tmpfs.
<para>
<literal>/var/empty</literal> is now immutable. Activation script runs <command>chattr +i</command>
to forbid any modifications inside the folder. See <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18365">
the pull request</link> for what bugs this caused.
</para>
</listitem>
<listitem>
<para>Gitlab's maintainence script gitlab-runner was removed and split up into the more clearer
gitlab-run and gitlab-rake scripts because gitlab-runner is a component of Gitlab CI.</para>
<para>Gitlab's maintainance script
<command>gitlab-runner</command> was removed and split up into the
more clearer <command>gitlab-run</command> and
<command>gitlab-rake</command> scripts, because
<command>gitlab-runner</command> is a component of Gitlab
CI.</para>
</listitem>
<listitem>
@ -80,14 +127,49 @@ following incompatible changes:</para>
<listitem>
<para><literal>fonts.fontconfig.ultimate.rendering</literal> was removed
because our presets were obsolete for some time. New presets are hardcoded
into freetype; one selects a preset via <literal>fonts.fontconfig.ultimate.preset</literal>.
into FreeType; you can select a preset via <literal>fonts.fontconfig.ultimate.preset</literal>.
You can customize those presets via ordinary environment variables, using
<literal>environment.variables</literal>.</para>
</listitem>
<listitem>
<para>The <literal>audit</literal> service is no longer enabled by default.
Use <literal>security.audit.enable = true;</literal> to explicitly enable it.</para>
Use <literal>security.audit.enable = true</literal> to explicitly enable it.</para>
</listitem>
<listitem>
<para>
<literal>pkgs.linuxPackages.virtualbox</literal> now contains only the
kernel modules instead of the VirtualBox user space binaries.
If you want to reference the user space binaries, you have to use the new
<literal>pkgs.virtualbox</literal> instead.
</para>
</listitem>
<listitem>
<para><literal>goPackages</literal> was replaced with separated Go
applications in appropriate <literal>nixpkgs</literal>
categories. Each Go package uses its own dependency set. There's
also a new <literal>go2nix</literal> tool introduced to generate a
Go package definition from its Go source automatically.</para>
</listitem>
<listitem>
<para><literal>services.mongodb.extraConfig</literal> configuration format
was changed to YAML.</para>
</listitem>
<listitem>
<para>
PHP has been upgraded to 7.0
</para>
</listitem>
<listitem>
<para>PHP now scans for extra configuration .ini files in /etc/php.d
instead of /etc. This prevents accidentally loading non-PHP .ini files
that may be in /etc.
</para>
</listitem>
</itemizedlist>
@ -105,6 +187,60 @@ following incompatible changes:</para>
functionality. See <xref linkend="sec-grsecurity" /> for documentation
</para></listitem>
<listitem><para>Special filesystems, like <literal>/proc</literal>,
<literal>/run</literal> and others, now have the same mount options
as recommended by systemd and are unified across different places in
NixOS. Mount options are updated during <command>nixos-rebuild
switch</command> if possible. One benefit from this is improved
security — most such filesystems are now mounted with
<literal>noexec</literal>, <literal>nodev</literal> and/or
<literal>nosuid</literal> options.</para></listitem>
<listitem><para>The reverse path filter was interfering with DHCPv4 server
operation in the past. An exception for DHCPv4 and a new option to log
packets that were dropped due to the reverse path filter was added
(<literal>networking.firewall.logReversePathDrops</literal>) for easier
debugging.</para></listitem>
<listitem><para>Containers configuration within
<literal>containers.&lt;name&gt;.config</literal> is <link
xlink:href="https://github.com/NixOS/nixpkgs/pull/17365">now
properly typed and checked</link>. In particular, partial
configurations are merged correctly.</para></listitem>
<listitem>
<para>The directory container setuid wrapper programs,
<filename>/var/setuid-wrappers</filename>, <link
xlink:href="https://github.com/NixOS/nixpkgs/pull/18124">is now
updated atomically to prevent failures if the switch to a new
configuration is interrupted.</link></para>
</listitem>
<listitem>
<para><literal>services.xserver.startGnuPGAgent</literal>
has been removed due to GnuPG 2.1.x bump. See <link
xlink:href="https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c">
how to achieve similar behavior</link>. You might need to
<literal>pkill gpg-agent</literal> after the upgrade
to prevent a stale agent being in the way.
</para>
</listitem>
<listitem><para>
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/e561edc322d275c3687fec431935095cfc717147">
Declarative users could share the uid due to the bug in
the script handling conflict resolution.
</link>
</para></listitem>
<listitem><para>
Gummi boot has been replaced using systemd-boot.
</para></listitem>
<listitem><para>
Hydra package and NixOS module were added for convenience.
</para></listitem>
</itemizedlist>

32
nixos/doc/manual/release-notes/rl-1703.xml
View File

@ -29,7 +29,37 @@ following incompatible changes:</para>
<itemizedlist>
<listitem>
<para></para>
<para>
<literal>gnome</literal> alias has been removed along with
<literal>gtk</literal>, <literal>gtkmm</literal> and several others.
Now you need to use versioned attributes, like <literal>gnome3</literal>.
</para>
</listitem>
<listitem>
<para>
The attribute name of the Radicale daemon has been changed from
<literal>pythonPackages.radicale</literal> to
<literal>radicale</literal>.
</para>
</listitem>
<listitem>
<para>
The Yama LSM is now enabled by default in the kernel,
which prevents ptracing non-child processes.
This means you will not be able to attach gdb to an existing process,
but will need to start that process from gdb (so it is a child).
</para>
</listitem>
<listitem>
<para>
The <literal>stripHash</literal> bash function in <literal>stdenv</literal>
changed according to its documentation; it now outputs the stripped name to
<literal>stdout</literal> instead of putting it in the variable
<literal>strippedName</literal>.
</para>
</listitem>
</itemizedlist>

6
nixos/lib/testing.nix
View File

@ -181,9 +181,11 @@ rec {
eval $i2=/tmp/xchg/$_basename
${coreutils}/bin/ls -la $xchg
done
unset i i2 _basename xchg
export > $xchg/saved-env
unset i i2 _basename
export | ${gnugrep}/bin/grep -v '^xchg=' > $xchg/saved-env
unset xchg
export tests='${testScript}'
${testDriver}/bin/nixos-test-driver ${vm.config.system.build.vm}/bin/run-*-vm
''; # */

2
nixos/modules/config/debug-info.nix
View File

@ -20,7 +20,7 @@ with lib;
<!-- FIXME: ugly, see #10721 -->
<programlisting>
nixpkgs.config.packageOverrides = pkgs: {
hello = overrideDerivation pkgs.hello (attrs: {
hello = pkgs.lib.overrideDerivation pkgs.hello (attrs: {
outputs = attrs.outputs or ["out"] ++ ["debug"];
buildInputs = attrs.buildInputs ++ [&lt;nixpkgs/pkgs/build-support/setup-hooks/separate-debug-info.sh>];
});

18
nixos/modules/config/networking.nix
View File

@ -29,6 +29,19 @@ in
'';
};
networking.hostConf = lib.mkOption {
type = types.lines;
default = "multi on";
example = ''
multi on
reorder on
trim lan
'';
description = ''
The contents of <filename>/etc/host.conf</filename>. See also <citerefentry><refentrytitle>host.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
'';
};
networking.dnsSingleRequest = lib.mkOption {
type = types.bool;
default = false;
@ -171,6 +184,9 @@ in
${cfg.extraHosts}
'';
# /etc/host.conf: resolver configuration file
"host.conf".text = cfg.hostConf;
# /etc/resolvconf.conf: Configuration for openresolv.
"resolvconf.conf".text =
''
@ -232,7 +248,7 @@ in
# and other configurations. If the file is destroyed by an environment
# activation then it must be rebuilt so that applications which interface
# with /etc/resolv.conf directly don't break.
system.activationScripts.resolvconf = stringAfter [ "etc" "tmpfs" "var" ]
system.activationScripts.resolvconf = stringAfter [ "etc" "specialfs" "var" ]
''
# Systemd resolved controls its own resolv.conf
rm -f /run/resolvconf/interfaces/systemd

5
nixos/modules/config/timezone.nix
View File

@ -37,14 +37,15 @@ in
environment.sessionVariables.TZDIR = "/etc/zoneinfo";
# This way services are restarted when tzdata changes.
systemd.globalEnvironment.TZDIR = tzdir;
environment.etc.localtime =
{ source = "${tzdir}/${config.time.timeZone}";
{ source = "/etc/zoneinfo/${config.time.timeZone}";
mode = "direct-symlink";
};
environment.etc.zoneinfo.source = "${pkgs.tzdata}/share/zoneinfo";
environment.etc.zoneinfo.source = tzdir;
};

60
nixos/modules/config/users-groups.nix
View File

@ -131,13 +131,12 @@ let
};
subUidRanges = mkOption {
type = types.listOf types.optionSet;
type = with types; listOf (submodule subordinateUidRange);
default = [];
example = [
{ startUid = 1000; count = 1; }
{ startUid = 100001; count = 65534; }
];
options = [ subordinateUidRange ];
description = ''
Subordinate user ids that user is allowed to use.
They are set into <filename>/etc/subuid</filename> and are used
@ -146,13 +145,12 @@ let
};
subGidRanges = mkOption {
type = types.listOf types.optionSet;
type = with types; listOf (submodule subordinateGidRange);
default = [];
example = [
{ startGid = 100; count = 1; }
{ startGid = 1001; count = 999; }
];
options = [ subordinateGidRange ];
description = ''
Subordinate group ids that user is allowed to use.
They are set into <filename>/etc/subgid</filename> and are used
@ -310,32 +308,36 @@ let
};
subordinateUidRange = {
startUid = mkOption {
type = types.int;
description = ''
Start of the range of subordinate user ids that user is
allowed to use.
'';
};
count = mkOption {
type = types.int;
default = 1;
description = ''Count of subordinate user ids'';
options = {
startUid = mkOption {
type = types.int;
description = ''
Start of the range of subordinate user ids that user is
allowed to use.
'';
};
count = mkOption {
type = types.int;
default = 1;
description = ''Count of subordinate user ids'';
};
};
};
subordinateGidRange = {
startGid = mkOption {
type = types.int;
description = ''
Start of the range of subordinate group ids that user is
allowed to use.
'';
};
count = mkOption {
type = types.int;
default = 1;
description = ''Count of subordinate group ids'';
options = {
startGid = mkOption {
type = types.int;
description = ''
Start of the range of subordinate group ids that user is
allowed to use.
'';
};
count = mkOption {
type = types.int;
default = 1;
description = ''Count of subordinate group ids'';
};
};
};
@ -428,7 +430,7 @@ in {
users.users = mkOption {
default = {};
type = types.loaOf types.optionSet;
type = with types; loaOf (submodule userOpts);
example = {
alice = {
uid = 1234;
@ -444,7 +446,6 @@ in {
Additional user accounts to be created automatically by the system.
This can also be used to set options for root.
'';
options = [ userOpts ];
};
users.groups = mkOption {
@ -453,11 +454,10 @@ in {
{ students.gid = 1001;
hackers = { };
};
type = types.loaOf types.optionSet;
type = with types; loaOf (submodule groupOpts);
description = ''
Additional groups to be created automatically by the system.
'';
options = [ groupOpts ];
};
# FIXME: obsolete - will remove.

2
nixos/modules/hardware/opengl.nix
View File

@ -14,7 +14,7 @@ let
name = "mesa-drivers+txc-${p.mesa_drivers.version}";
paths =
[ p.mesa_drivers
p.mesa_noglu # mainly for libGL
p.mesa_drivers.out # mainly for libGL
(if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc)
];
};

56
nixos/modules/hardware/video/amdgpu-pro.nix Normal file
View File

@ -0,0 +1,56 @@
# This module provides the proprietary AMDGPU-PRO drivers.
{ config, lib, pkgs, pkgs_i686, ... }:
with lib;
let
drivers = config.services.xserver.videoDrivers;
enabled = elem "amdgpu-pro" drivers;
package = config.boot.kernelPackages.amdgpu-pro;
package32 = pkgs_i686.linuxPackages.amdgpu-pro.override { libsOnly = true; kernel = null; };
opengl = config.hardware.opengl;
in
{
config = mkIf enabled {
services.xserver.drivers = singleton
{ name = "amdgpu"; modules = [ package ]; libPath = [ package ]; };
hardware.opengl.package = package;
hardware.opengl.package32 = package32;
boot.extraModulePackages = [ package ];
boot.blacklistedKernelModules = [ "radeon" ];
hardware.firmware = [ package ];
system.activationScripts.setup-amdgpu-pro = ''
mkdir -p /run/lib
ln -sfn ${package}/lib ${package.libCompatDir}
'' + optionalString opengl.driSupport32Bit ''
ln -sfn ${package32}/lib ${package32.libCompatDir}
'';
environment.etc = {
"amd/amdrc".source = package + "/etc/amd/amdrc";
"amd/amdapfxx.blb".source = package + "/etc/amd/amdapfxx.blb";
"gbm/gbm.conf".source = package + "/etc/gbm/gbm.conf";
"OpenCL/vendors/amdocl64.icd".source = package + "/etc/OpenCL/vendors/amdocl64.icd";
"vulkan/icd.d/amd_icd64.json".source = package + "/etc/vulkan/icd.d/amd_icd64.json";
} // optionalAttrs opengl.driSupport32Bit {
"OpenCL/vendors/amdocl32.icd".source = package32 + "/etc/OpenCL/vendors/amdocl32.icd";
"vulkan/icd.d/amd_icd32.json".source = package32 + "/etc/vulkan/icd.d/amd_icd32.json";
};
};
}

61
nixos/modules/hardware/video/displaylink.nix Normal file
View File

@ -0,0 +1,61 @@
{ config, lib, ... }:
with lib;
let
enabled = elem "displaylink" config.services.xserver.videoDrivers;
displaylink = config.boot.kernelPackages.displaylink;
in
{
config = mkIf enabled {
boot.extraModulePackages = [ displaylink ];
boot.kernelModules = [ "evdi" ];
# Those are taken from displaylink-installer.sh and from Arch Linux AUR package.
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="17e9", ATTR{bNumInterfaces}=="*5", TAG+="uaccess"
'';
powerManagement.powerDownCommands = ''
#flush any bytes in pipe
while read -n 1 -t 1 SUSPEND_RESULT < /tmp/PmMessagesPort_out; do : ; done;
#suspend DisplayLinkManager
echo "S" > /tmp/PmMessagesPort_in
#wait until suspend of DisplayLinkManager finish
read -n 1 -t 10 SUSPEND_RESULT < /tmp/PmMessagesPort_out
'';
powerManagement.resumeCommands = ''
#resume DisplayLinkManager
echo "R" > /tmp/PmMessagesPort_in
'';
systemd.services.displaylink = {
description = "DisplayLink Manager Service";
after = [ "display-manager.service" ];
wantedBy = [ "graphical.target" ];
serviceConfig = {
ExecStart = "${displaylink}/bin/DisplayLinkManager";
Restart = "always";
RestartSec = 5;
};
preStart = ''
mkdir -p /var/log/displaylink
'';
};
};
}

29
nixos/modules/i18n/input-method/default.nix
View File

@ -3,26 +3,27 @@
with lib;
let
cfg = config.i18n.inputMethod;
gtk2_cache = pkgs.stdenv.mkDerivation {
preferLocalBuild = true;
allowSubstitutes = false;
name = "gtk2-immodule.cache";
buildInputs = [ pkgs.gtk cfg.package ];
buildCommand = ''
gtk2_cache = pkgs.runCommand "gtk2-immodule.cache"
{ preferLocalBuild = true;
allowSubstitutes = false;
buildInputs = [ pkgs.gtk2 cfg.package ];
}
''
mkdir -p $out/etc/gtk-2.0/
GTK_PATH=${cfg.package}/lib/gtk-2.0/ gtk-query-immodules-2.0 > $out/etc/gtk-2.0/immodules.cache
'';
};
gtk3_cache = pkgs.stdenv.mkDerivation {
preferLocalBuild = true;
allowSubstitutes = false;
name = "gtk3-immodule.cache";
buildInputs = [ pkgs.gtk3 cfg.package ];
buildCommand = ''
gtk3_cache = pkgs.runCommand "gtk3-immodule.cache"
{ preferLocalBuild = true;
allowSubstitutes = false;
buildInputs = [ pkgs.gtk3 cfg.package ];
}
''
mkdir -p $out/etc/gtk-3.0/
GTK_PATH=${cfg.package}/lib/gtk-3.0/ gtk-query-immodules-3.0 > $out/etc/gtk-3.0/immodules.cache
'';
};
in
{
options.i18n = {

12
nixos/modules/i18n/input-method/default.xml
View File

@ -56,8 +56,18 @@ i18n.inputMethod = {
<listitem><para>Table (<literal>ibus-engines.table</literal>): An input method
that load tables of input methods.</para></listitem>
<listitem><para>table-others (<literal>ibus-engines.table-others</literal>):
Various table-based input methods.</para></listitem>
Various table-based input methods. To use this, and any other table-based
input methods, it must appear in the list of engines along with
<literal>table</literal>. For example:
<programlisting>
ibus.engines = with pkgs.ibus-engines; [ table table-others ];
</programlisting>
</para></listitem>
</itemizedlist>
<para>To use any input method, the package must be added in the configuration,
as shown above, and also (after running <literal>nixos-rebuild</literal>) the
input method must be added from IBus' preference dialog.</para>
</section>
<section><title>Fcitx</title>

2
nixos/modules/i18n/input-method/ibus.nix
View File

@ -17,7 +17,7 @@ let
[Desktop Entry]
Name=IBus
Type=Application
Exec=${ibusPackage}/bin/ibus-daemon --daemonize --xim --cache=refresh
Exec=${ibusPackage}/bin/ibus-daemon --daemonize --xim
'';
};
in

11
nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
View File

@ -96,15 +96,16 @@ with lib;
'';
in
pkgs.stdenv.mkDerivation {
inherit (pkg) name meta;
buildCommand = ''
pkgs.runCommand pkg.name
{ inherit (pkg) meta; }
''
mkdir -p $out
cp -prf ${pkg}/* $out/
chmod a+w $out/share/apps/plasma-desktop/init
cp -f ${plasmaInit} $out/share/apps/plasma-desktop/init/00-defaultLayout.js
'';
};
# Disable large stuff that's not very useful on the installation CD.
services.xserver.desktopManager.kde4.enablePIM = false;
}

2
nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
View File

@ -61,7 +61,7 @@ in
pkgs.cryptsetup # needed for dm-crypt volumes
# Some networking tools.
pkgs.sshfsFuse
pkgs.sshfs-fuse
pkgs.socat
pkgs.screen
pkgs.wpa_supplicant # !!! should use the wpa module

2
nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View File

@ -55,7 +55,7 @@ in
pkgs.cryptsetup # needed for dm-crypt volumes
# Some networking tools.
pkgs.sshfsFuse
pkgs.sshfs-fuse
pkgs.socat
pkgs.screen
pkgs.wpa_supplicant # !!! should use the wpa module

5
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -527,8 +527,11 @@ EOF
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
# boot.loader.grub.device = "/dev/sda";
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
EOF
}

2
nixos/modules/installer/tools/nixos-install.sh
View File

@ -259,7 +259,7 @@ chroot $mountPoint /nix/var/nix/profiles/system/activate
# Ask the user to set a root password.
if [ -z "$noRootPasswd" ] && [ -x $mountPoint/var/setuid-wrappers/passwd ] && [ -t 0 ]; then
if [ -z "$noRootPasswd" ] && chroot $mountPoint [ -x /var/setuid-wrappers/passwd ] && [ -t 0 ]; then
echo "setting root password..."
chroot $mountPoint /var/setuid-wrappers/passwd
fi

16
nixos/modules/misc/ids.nix
View File

@ -74,7 +74,6 @@
rtkit = 45;
dovecot2 = 46;
dovenull2 = 47;
unbound = 48;
prayer = 49;
mpd = 50;
clamav = 51;
@ -120,7 +119,6 @@
minidlna = 91;
elasticsearch = 92;
tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
#connman = 94; # unused
firebird = 95;
#keys = 96; # unused
haproxy = 97;
@ -141,7 +139,7 @@
ngircd = 112;
btsync = 113;
minecraft = 114;
monetdb = 115;
#monetdb = 115; # unused (not packaged), removed 2016-09-19
rippled = 116;
murmur = 117;
foundationdb = 118;
@ -274,6 +272,10 @@
gocd-server = 252;
terraria = 253;
mattermost = 254;
prometheus = 255;
telegraf = 256;
gitlab-runner = 257;
postgrey = 258;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -330,7 +332,6 @@
#rtkit = 45; # unused
dovecot2 = 46;
#dovenull = 47; # unused
#unbound = 48; # unused
prayer = 49;
mpd = 50;
clamav = 51;
@ -376,7 +377,6 @@
minidlna = 91;
elasticsearch = 92;
#tcpcryptd = 93; # unused
connman = 94;
firebird = 95;
keys = 96;
haproxy = 97;
@ -395,7 +395,7 @@
#ngircd = 112; # unused
btsync = 113;
#minecraft = 114; # unused
monetdb = 115;
#monetdb = 115; # unused (not packaged), removed 2016-09-19
#ripped = 116; # unused
#murmur = 117; # unused
foundationdb = 118;
@ -518,6 +518,10 @@
gocd-server = 252;
terraria = 253;
mattermost = 254;
prometheus = 255;
#telegraf = 256; # unused
gitlab-runner = 257;
postgrey = 258;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

28
nixos/modules/module-list.nix
View File

@ -38,8 +38,10 @@
./hardware/opengl.nix
./hardware/pcmcia.nix
./hardware/video/amdgpu.nix
./hardware/video/amdgpu-pro.nix
./hardware/video/ati.nix
./hardware/video/bumblebee.nix
./hardware/video/displaylink.nix
./hardware/video/nvidia.nix
./hardware/video/webcam/facetimehd.nix
./i18n/input-method/default.nix
@ -69,6 +71,7 @@
./programs/fish.nix
./programs/freetds.nix
./programs/info.nix
./programs/java.nix
./programs/kbdlight.nix
./programs/light.nix
./programs/man.nix
@ -82,6 +85,7 @@
./programs/ssmtp.nix
./programs/tmux.nix
./programs/venus.nix
./programs/vim.nix
./programs/wvdial.nix
./programs/xfs_quota.nix
./programs/xonsh.nix
@ -132,6 +136,7 @@
./services/computing/slurm/slurm.nix
./services/continuous-integration/buildkite-agent.nix
./services/continuous-integration/hydra/default.nix
./services/continuous-integration/gitlab-runner.nix
./services/continuous-integration/gocd-agent/default.nix
./services/continuous-integration/gocd-server/default.nix
./services/continuous-integration/jenkins/default.nix
@ -144,7 +149,6 @@
./services/databases/hbase.nix
./services/databases/influxdb.nix
./services/databases/memcached.nix
./services/databases/monetdb.nix
./services/databases/mongodb.nix
./services/databases/mysql.nix
./services/databases/neo4j.nix
@ -210,10 +214,12 @@
./services/mail/freepops.nix
./services/mail/mail.nix
./services/mail/mlmmj.nix
./services/mail/offlineimap.nix
./services/mail/opendkim.nix
./services/mail/opensmtpd.nix
./services/mail/postfix.nix
./services/mail/postsrsd.nix
./services/mail/postgrey.nix
./services/mail/spamassassin.nix
./services/mail/rspamd.nix
./services/mail/rmilter.nix
@ -230,7 +236,9 @@
./services/misc/dictd.nix
./services/misc/dysnomia.nix
./services/misc/disnix.nix
./services/misc/docker-registry.nix
./services/misc/emby.nix
./services/misc/errbot.nix
./services/misc/etcd.nix
./services/misc/felix.nix
./services/misc/folding-at-home.nix
@ -250,6 +258,7 @@
./services/misc/mwlib.nix
./services/misc/nix-daemon.nix
./services/misc/nix-gc.nix
./services/misc/nix-optimise.nix
./services/misc/nixos-manual.nix
./services/misc/nix-ssh-serve.nix
./services/misc/nzbget.nix
@ -287,6 +296,9 @@
./services/monitoring/monit.nix
./services/monitoring/munin.nix
./services/monitoring/nagios.nix
./services/monitoring/prometheus/default.nix
./services/monitoring/prometheus/node-exporter.nix
./services/monitoring/prometheus/alertmanager.nix
./services/monitoring/riemann.nix
./services/monitoring/riemann-dash.nix
./services/monitoring/riemann-tools.nix
@ -295,6 +307,7 @@
./services/monitoring/statsd.nix
./services/monitoring/systemhealth.nix
./services/monitoring/teamviewer.nix
./services/monitoring/telegraf.nix
./services/monitoring/ups.nix
./services/monitoring/uptime.nix
./services/monitoring/zabbix-agent.nix
@ -338,6 +351,7 @@
./services/networking/ferm.nix
./services/networking/firefox/sync-server.nix
./services/networking/firewall.nix
./services/networking/flannel.nix
./services/networking/flashpolicyd.nix
./services/networking/freenet.nix
./services/networking/gale.nix
@ -350,6 +364,7 @@
./services/networking/haproxy.nix
./services/networking/heyefi.nix
./services/networking/hostapd.nix
./services/networking/htpdate.nix
./services/networking/i2pd.nix
./services/networking/i2p.nix
./services/networking/iodine.nix
@ -376,7 +391,6 @@
./services/networking/ntopng.nix
./services/networking/ntpd.nix
./services/networking/nylon.nix
./services/networking/offlineimap.nix
./services/networking/oidentd.nix
./services/networking/openfire.nix
./services/networking/openntpd.nix
@ -384,6 +398,7 @@
./services/networking/ostinato.nix
./services/networking/pdnsd.nix
./services/networking/polipo.nix
./services/networking/powerdns.nix
./services/networking/pptpd.nix
./services/networking/prayer.nix
./services/networking/privoxy.nix
@ -426,6 +441,7 @@
./services/networking/wakeonlan.nix
./services/networking/websockify.nix
./services/networking/wicd.nix
./services/networking/wireguard.nix
./services/networking/wpa_supplicant.nix
./services/networking/xinetd.nix
./services/networking/xl2tpd.nix
@ -462,14 +478,20 @@
./services/system/uptimed.nix
./services/torrent/deluge.nix
./services/torrent/flexget.nix
./services/torrent/opentracker.nix
./services/torrent/peerflix.nix
./services/torrent/transmission.nix
./services/ttys/agetty.nix
./services/ttys/gpm.nix
./services/ttys/kmscon.nix
./services/web-apps/atlassian/confluence.nix
./services/web-apps/atlassian/crowd.nix
./services/web-apps/atlassian/jira.nix
./services/web-apps/mattermost.nix
./services/web-apps/nixbot.nix
./services/web-apps/pump.io.nix
./services/web-apps/tt-rss.nix
./services/web-apps/selfoss.nix
./services/web-servers/apache-httpd/default.nix
./services/web-servers/caddy.nix
./services/web-servers/fcgiwrap.nix
@ -502,6 +524,7 @@
./services/x11/hardware/synaptics.nix
./services/x11/hardware/wacom.nix
./services/x11/redshift.nix
./services/x11/urxvtd.nix
./services/x11/window-managers/awesome.nix
#./services/x11/window-managers/compiz.nix
./services/x11/window-managers/default.nix
@ -544,6 +567,7 @@
./system/boot/stage-1.nix
./system/boot/stage-2.nix
./system/boot/systemd.nix
./system/boot/systemd-nspawn.nix
./system/boot/timesyncd.nix
./system/boot/tmp.nix
./system/etc/etc.nix

2
nixos/modules/profiles/base.nix
View File

@ -20,7 +20,7 @@
# Some networking tools.
pkgs.fuse
pkgs.sshfsFuse
pkgs.sshfs-fuse
pkgs.socat
pkgs.screen

2
nixos/modules/programs/bash/bash.nix
View File

@ -16,7 +16,7 @@ let
# programmable completion. If we do, enable all modules installed in
# the system (and user profile).
if shopt -q progcomp &>/dev/null; then
. "${pkgs.bashCompletion}/etc/profile.d/bash_completion.sh"
. "${pkgs.bash-completion}/etc/profile.d/bash_completion.sh"
nullglobStatus=$(shopt -p nullglob)
shopt -s nullglob
for p in $NIX_PROFILES; do

57
nixos/modules/programs/java.nix Normal file
View File

@ -0,0 +1,57 @@
# This module provides JAVA_HOME, with a different way to install java
# system-wide.
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.java;
in
{
options = {
programs.java = {
enable = mkEnableOption "java" // {
description = ''
Install and setup the Java development kit.
<note>
<para>This adds JAVA_HOME to the global environment, by sourcing the
jdk's setup-hook on shell init. It is equivalent to starting a shell
through 'nix-shell -p jdk', or roughly the following system-wide
configuration:
</para>
<programlisting>
environment.variables.JAVA_HOME = ''${pkgs.jdk.home}/lib/openjdk;
environment.systemPackages = [ pkgs.jdk ];
</programlisting>
</note>
'';
};
package = mkOption {
default = pkgs.jdk;
description = ''
Java package to install. Typical values are pkgs.jdk or pkgs.jre.
'';
type = types.package;
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
environment.shellInit = ''
test -e ${cfg.package}/nix-support/setup-hook && source ${cfg.package}/nix-support/setup-hook
'';
};
}

24
nixos/modules/programs/vim.nix Normal file
View File

@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.vim;
in {
options.programs.vim = {
defaultEditor = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
When enabled, installs vim and configures vim to be the default editor
using the EDITOR environment variable.
'';
};
};
config = mkIf cfg.defaultEditor {
environment.systemPackages = [ pkgs.vim ];
environment.variables = { EDITOR = mkOverride 900 "vim"; };
};
}

21
nixos/modules/programs/zsh/zsh.nix
View File

@ -84,6 +84,14 @@ in
type = types.bool;
};
enableSyntaxHighlighting = mkOption {
default = false;
description = ''
Enable zsh-syntax-highlighting
'';
type = types.bool;
};
};
};
@ -102,9 +110,9 @@ in
interactiveShellInit = ''
# history defaults
export SAVEHIST=2000
export HISTSIZE=2000
export HISTFILE=$HOME/.zsh_history
SAVEHIST=2000
HISTSIZE=2000
HISTFILE=$HOME/.zsh_history
setopt HIST_IGNORE_DUPS SHARE_HISTORY HIST_FCNTL_LOCK
@ -120,6 +128,10 @@ in
${if cfg.enableCompletion then "autoload -U compinit && compinit" else ""}
${optionalString (cfg.enableSyntaxHighlighting)
"source ${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh"
}
HELPDIR="${pkgs.zsh}/share/zsh/$ZSH_VERSION/help"
'';
@ -182,7 +194,8 @@ in
environment.etc."zinputrc".source = ./zinputrc;
environment.systemPackages = [ pkgs.zsh ]
++ optional cfg.enableCompletion pkgs.nix-zsh-completions;
++ optional cfg.enableCompletion pkgs.nix-zsh-completions
++ optional cfg.enableSyntaxHighlighting pkgs.zsh-syntax-highlighting;
environment.pathsToLink = optional cfg.enableCompletion "/share/zsh";

6
nixos/modules/rename.nix
View File

@ -15,7 +15,6 @@ with lib;
(mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "networking" "enableRalinkFirmware" ])
(mkRenamedOptionModule [ "services" "cadvisor" "host" ] [ "services" "cadvisor" "listenAddress" ])
(mkRenamedOptionModule [ "services" "dockerRegistry" "host" ] [ "services" "dockerRegistry" "listenAddress" ])
(mkRenamedOptionModule [ "services" "elasticsearch" "host" ] [ "services" "elasticsearch" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "api" "host" ] [ "services" "graphite" "api" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "web" "host" ] [ "services" "graphite" "web" "listenAddress" ])
@ -140,6 +139,9 @@ with lib;
# fontconfig-ultimate
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "rendering" ] [ "fonts" "fontconfig" "ultimate" "preset" ])
# murmur
(mkRenamedOptionModule [ "services" "murmur" "welcome" ] [ "services" "murmur" "welcometext" ])
# Options that are obsolete and have no replacement.
(mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "")
(mkRemovedOptionModule [ "programs" "bash" "enable" ] "")
@ -151,7 +153,7 @@ with lib;
(mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ] "")
(mkRemovedOptionModule [ "services" "printing" "cupsdConf" ] "")
(mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ]
"See the 16.03 release notes for more information.")
"See the 16.09 release notes for more information.")
(mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "")
(mkRemovedOptionModule [ "services" "dovecot2" "package" ] "")
];

4
nixos/modules/security/acme.nix
View File

@ -129,11 +129,10 @@ in
certs = mkOption {
default = { };
type = types.loaOf types.optionSet;
type = with types; loaOf (submodule certOpts);
description = ''
Attribute set of certificates to get signed and renewed.
'';
options = [ certOpts ];
example = {
"example.com" = {
webroot = "/var/www/challenges/";
@ -283,6 +282,7 @@ in
timerConfig = {
OnCalendar = cfg.renewInterval;
Unit = "acme-${cert}.service";
Persistent = "yes";
};
})
);

28
nixos/modules/security/ca.nix
View File

@ -4,10 +4,16 @@ with lib;
let
cfg = config.security.pki;
cacertPackage = pkgs.cacert.override {
blacklist = cfg.caCertificateBlacklist;
};
caCertificates = pkgs.runCommand "ca-certificates.crt"
{ files =
config.security.pki.certificateFiles ++
[ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ];
cfg.certificateFiles ++
[ (builtins.toFile "extra.crt" (concatStringsSep "\n" cfg.certificates)) ];
}
''
cat $files > $out
@ -52,11 +58,27 @@ in
'';
};
security.pki.caCertificateBlacklist = mkOption {
type = types.listOf types.str;
default = [];
example = [
"WoSign" "WoSign China"
"CA WoSign ECC Root"
"Certification Authority of WoSign G2"
];
description = ''
A list of blacklisted CA certificate names that won't be imported from
the Mozilla Trust Store into
<filename>/etc/ssl/certs/ca-certificates.crt</filename>. Use the
names from that file.
'';
};
};
config = {
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
security.pki.certificateFiles = [ "${cacertPackage}/etc/ssl/certs/ca-bundle.crt" ];
# NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.
environment.etc."ssl/certs/ca-certificates.crt".source = caCertificates;

6
nixos/modules/security/grsecurity.xml
View File

@ -149,6 +149,10 @@
<listitem><para>Trusted path execution: a desirable feature, but
requires some more work to operate smoothly on NixOS.</para></listitem>
<listitem><para>Module hardening: would break user initiated module
loading. Might enable this at some point, depending on the potential
breakage.</para></listitem>
</itemizedlist>
</para></listitem>
@ -208,8 +212,6 @@
let
kernel = pkgs.linux_grsec_nixos.override {
extraConfig = ''
GRKERNSEC y
PAX y
GRKERNSEC_CONFIG_AUTO y
GRKERNSEC_CONFIG_SERVER y
GRKERNSEC_CONFIG_SECURITY y

24
nixos/modules/security/hidepid.nix
View File

@ -2,19 +2,19 @@
with lib;
{
options = {
security.hideProcessInformation = mkEnableOption "" // { description = ''
Restrict access to process information to the owning user. Enabling
this option implies, among other things, that command-line arguments
remain private. This option is recommended for most systems, unless
there's a legitimate reason for allowing unprivileged users to inspect
the process information of other users.
meta = {
maintainers = [ maintainers.joachifm ];
doc = ./hidepid.xml;
};
Members of the group "proc" are exempt from process information hiding.
To allow a service to run without process information hiding, add "proc"
to its supplementary groups via
<option>systemd.services.&lt;name?&gt;.serviceConfig.SupplementaryGroups</option>.
''; };
options = {
security.hideProcessInformation = mkOption {
type = types.bool;
default = false;
description = ''
Restrict process information to the owning user.
'';
};
};
config = mkIf config.security.hideProcessInformation {

33
nixos/modules/security/hidepid.xml Normal file
View File

@ -0,0 +1,33 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-hidepid">
<title>Hiding process information</title>
<para>
Setting
<programlisting>
security.hideProcessInformation = true;
</programlisting>
ensures that access to process information is restricted to the
owning user. This implies, among other things, that command-line
arguments remain private. Unless your deployment relies on unprivileged
users being able to inspect the process information of other users, this
option should be safe to enable.
</para>
<para>
Members of the <literal>proc</literal> group are exempt from process
information hiding.
</para>
<para>
To allow a service <replaceable>foo</replaceable> to run without process information hiding, set
<programlisting>
systemd.services.<replaceable>foo</replaceable>.serviceConfig.SupplementaryGroups = [ "proc" ];
</programlisting>
</para>
</chapter>

3
nixos/modules/security/pam.nix
View File

@ -386,8 +386,7 @@ in
security.pam.services = mkOption {
default = [];
type = types.loaOf types.optionSet;
options = [ pamOpts ];
type = with types; loaOf (submodule pamOpts);
description =
''
This option defines the PAM services. A service typically

2
nixos/modules/security/rngd.nix
View File

@ -18,7 +18,7 @@ with lib;
config = mkIf config.security.rngd.enable {
services.udev.extraRules = ''
KERNEL=="random", TAG+="systemd"
SUBSYSTEM=="cpu", ENV{MODALIAS}=="x86cpu:*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
SUBSYSTEM=="cpu", ENV{MODALIAS}=="cpu:type:x86,*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
KERNEL=="hw_random", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
${if config.services.tcsd.enable then "" else ''KERNEL=="tpm0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"''}
'';

2
nixos/modules/security/sudo.nix
View File

@ -74,7 +74,7 @@ in
Defaults env_keep+=SSH_AUTH_SOCK
# "root" is allowed to do anything.
root ALL=(ALL) SETENV: ALL
root ALL=(ALL:ALL) SETENV: ALL
# Users in the "wheel" group can do anything.
%wheel ALL=(ALL:ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL

8
nixos/modules/services/audio/mopidy.nix
View File

@ -21,13 +21,7 @@ in {
services.mopidy = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable Mopidy, a music player daemon.
'';
};
enable = mkEnableOption "Mopidy, a music player daemon";
dataDir = mkOption {
default = "/var/lib/mopidy";

6
nixos/modules/services/audio/ympd.nix
View File

@ -12,11 +12,7 @@ in {
services.ympd = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable ympd, the MPD Web GUI.";
};
enable = mkEnableOption "ympd, the MPD Web GUI";
webPort = mkOption {
type = types.string;

9
nixos/modules/services/backup/bacula.nix
View File

@ -198,8 +198,7 @@ in {
description = ''
This option defines director resources in Bacula File Daemon.
'';
type = types.attrsOf types.optionSet;
options = [ directorOptions ];
type = with types; attrsOf (submodule directorOptions);
};
extraClientConfig = mkOption {
@ -253,8 +252,7 @@ in {
description = ''
This option defines Director resources in Bacula Storage Daemon.
'';
type = types.attrsOf types.optionSet;
options = [ directorOptions ];
type = with types; attrsOf (submodule directorOptions);
};
device = mkOption {
@ -262,8 +260,7 @@ in {
description = ''
This option defines Device resources in Bacula Storage Daemon.
'';
type = types.attrsOf types.optionSet;
options = [ deviceOptions ];
type = with types; attrsOf (submodule deviceOptions);
};
extraStorageConfig = mkOption {

3
nixos/modules/services/backup/rsnapshot.nix
View File

@ -7,11 +7,14 @@ let
cfgfile = pkgs.writeText "rsnapshot.conf" ''
config_version 1.2
cmd_cp ${pkgs.coreutils}/bin/cp
cmd_rm ${pkgs.coreutils}/bin/rm
cmd_rsync ${pkgs.rsync}/bin/rsync
cmd_ssh ${pkgs.openssh}/bin/ssh
cmd_logger ${pkgs.inetutils}/bin/logger
cmd_du ${pkgs.coreutils}/bin/du
cmd_rsnapshot_diff ${pkgs.rsnapshot}/bin/rsnapshot-diff
lockfile /run/rsnapshot.pid
link_dest 1
${cfg.extraConfig}
'';

10
nixos/modules/services/cluster/kubernetes.nix
View File

@ -421,7 +421,7 @@ in {
description = "Kubernetes Api Server";
wantedBy = [ "multi-user.target" ];
requires = ["kubernetes-setup.service"];
after = [ "network-interfaces.target" "etcd.service" ];
after = [ "network.target" "etcd.service" "kubernetes-setup.service" ];
serviceConfig = {
ExecStart = let
authorizationPolicyFile =
@ -468,7 +468,7 @@ in {
systemd.services.kube-scheduler = {
description = "Kubernetes Scheduler Service";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" "kubernetes-apiserver.service" ];
after = [ "network.target" "kubernetes-apiserver.service" ];
serviceConfig = {
ExecStart = ''${cfg.package}/bin/kube-scheduler \
--address=${cfg.scheduler.address} \
@ -487,7 +487,7 @@ in {
systemd.services.kube-controller-manager = {
description = "Kubernetes Controller Manager Service";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" "kubernetes-apiserver.service" ];
after = [ "network.target" "kubernetes-apiserver.service" ];
serviceConfig = {
ExecStart = ''${cfg.package}/bin/kube-controller-manager \
--address=${cfg.controllerManager.address} \
@ -511,7 +511,7 @@ in {
description = "Kubernetes Kubelet Service";
wantedBy = [ "multi-user.target" ];
requires = ["kubernetes-setup.service"];
after = [ "network-interfaces.target" "etcd.service" "docker.service" ];
after = [ "network.target" "etcd.service" "docker.service" "kubernetes-setup.service" ];
path = [ pkgs.gitMinimal pkgs.openssh ];
script = ''
export PATH="/bin:/sbin:/usr/bin:/usr/sbin:$PATH"
@ -542,7 +542,7 @@ in {
systemd.services.kube-proxy = {
description = "Kubernetes Proxy Service";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" "etcd.service" ];
after = [ "network.target" "etcd.service" ];
serviceConfig = {
ExecStart = ''${cfg.package}/bin/kube-proxy \
--master=${cfg.proxy.master} \

51
nixos/modules/services/continuous-integration/gitlab-runner.nix Normal file
View File

@ -0,0 +1,51 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.gitlab-runner;
configFile = pkgs.writeText "config.toml" cfg.configText;
in
{
options.services.gitlab-runner = {
enable = mkEnableOption "Gitlab Runner";
configText = mkOption {
description = "Verbatim config.toml to use";
};
workDir = mkOption {
default = "/var/lib/gitlab-runner";
type = types.path;
description = "The working directory used";
};
};
config = mkIf cfg.enable {
systemd.services.gitlab-runner = {
description = "Gitlab Runner";
after = [ "network.target" "docker.service" ];
requires = [ "docker.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''${pkgs.gitlab-runner.bin}/bin/gitlab-runner run \
--working-directory ${cfg.workDir} \
--config ${configFile} \
--service gitlab-runner \
--user gitlab-runner \
'';
};
};
users.extraUsers.gitlab-runner = {
group = "gitlab-runner";
extraGroups = [ "docker" ];
uid = config.ids.uids.gitlab-runner;
home = cfg.workDir;
createHome = true;
};
users.extraGroups.gitlab-runner.gid = config.ids.gids.gitlab-runner;
};
}

2
nixos/modules/services/continuous-integration/gocd-agent/default.nix
View File

@ -98,7 +98,7 @@ in {
];
description = ''
Specifies startup command line arguments to pass to Go.CD agent
java process. Example contains debug and gcLog arguments.
java process.
'';
};

14
nixos/modules/services/continuous-integration/gocd-server/default.nix
View File

@ -90,7 +90,7 @@ in {
'';
};
extraOptions = mkOption {
startupOptions = mkOption {
default = [
"-Xms${cfg.initialJavaHeapSize}"
"-Xmx${cfg.maxJavaHeapMemory}"
@ -103,6 +103,15 @@ in {
"-Dcruise.server.port=${toString cfg.port}"
"-Dcruise.server.ssl.port=${toString cfg.sslPort}"
];
description = ''
Specifies startup command line arguments to pass to Go.CD server
java process.
'';
};
extraOptions = mkOption {
default = [ ];
example = [
"-X debug"
"-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005"
@ -169,7 +178,8 @@ in {
script = ''
${pkgs.git}/bin/git config --global --add http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
${pkgs.jre}/bin/java -server ${concatStringsSep " " cfg.extraOptions} \
${pkgs.jre}/bin/java -server ${concatStringsSep " " cfg.startupOptions} \
${concatStringsSep " " cfg.extraOptions} \
-jar ${pkgs.gocd-server}/go-server/go.jar
'';

2
nixos/modules/services/databases/cassandra.nix
View File

@ -377,7 +377,7 @@ in {
systemd.services.cassandra = {
description = "Cassandra Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
after = [ "network.target" ];
environment = cassandraEnvironment;
restartTriggers = [ cassandraConfFile cassandraLogFile cassandraRackFile ];
serviceConfig = {

15
nixos/modules/services/databases/influxdb.nix
View File

@ -66,16 +66,16 @@ let
enabled = false;
}];
collectd = {
collectd = [{
enabled = false;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
database = "collectd_db";
port = 25826;
};
}];
opentsdb = {
opentsdb = [{
enabled = false;
};
}];
continuous_queries = {
enabled = true;
@ -160,7 +160,7 @@ in
systemd.services.influxdb = {
description = "InfluxDB Server";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = ''${cfg.package}/bin/influxd -config "${configFile}"'';
User = "${cfg.user}";
@ -171,6 +171,11 @@ in
mkdir -m 0770 -p ${cfg.dataDir}
if [ "$(id -u)" = 0 ]; then chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}; fi
'';
postStart = mkBefore ''
until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://127.0.0.1${toString configOptions.http.bind-address}'/ping; do
sleep 1;
done
'';
};
users.extraUsers = optional (cfg.user == "influxdb") {

88
nixos/modules/services/databases/monetdb.nix
View File

@ -1,88 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.monetdb;
monetdbUser = "monetdb";
in
with lib;
{
###### interface
options = {
services.monetdb = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable MonetDB database server.";
};
package = mkOption {
type = types.path;
description = "MonetDB package to use.";
};
dbfarmDir = mkOption {
type = types.path;
default = "/var/lib/monetdb";
description = ''
Specifies location of Monetdb dbfarm (keeps database and auxiliary files).
'';
};
port = mkOption {
default = "50000";
example = "50000";
description = "Port to listen on.";
};
};
};
###### implementation
config = mkIf cfg.enable {
users.extraUsers.monetdb =
{ name = monetdbUser;
uid = config.ids.uids.monetdb;
description = "monetdb user";
home = cfg.dbfarmDir;
};
users.extraGroups.monetdb.gid = config.ids.gids.monetdb;
environment.systemPackages = [ cfg.package ];
systemd.services.monetdb =
{ description = "MonetDB Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = [ cfg.package ];
preStart =
''
# Initialise the database.
if ! test -e ${cfg.dbfarmDir}/.merovingian_properties; then
mkdir -m 0700 -p ${cfg.dbfarmDir}
chown -R ${monetdbUser} ${cfg.dbfarmDir}
${cfg.package}/bin/monetdbd create ${cfg.dbfarmDir}
${cfg.package}/bin/monetdbd set port=${cfg.port} ${cfg.dbfarmDir}
fi
'';
serviceConfig.ExecStart = "${cfg.package}/bin/monetdbd start -n ${cfg.dbfarmDir}";
serviceConfig.ExecStop = "${cfg.package}/bin/monetdbd stop ${cfg.dbfarmDir}";
unitConfig.RequiresMountsFor = "${cfg.dbfarmDir}";
};
};
}

18
nixos/modules/services/databases/mongodb.nix
View File

@ -12,13 +12,11 @@ let
mongoCnf = pkgs.writeText "mongodb.conf"
''
bind_ip = ${cfg.bind_ip}
${optionalString cfg.quiet "quiet = true"}
dbpath = ${cfg.dbpath}
syslog = true
fork = true
pidfilepath = ${cfg.pidFile}
${optionalString (cfg.replSetName != "") "replSet = ${cfg.replSetName}"}
net.bindIp: ${cfg.bind_ip}
${optionalString cfg.quiet "systemLog.quiet: true"}
systemLog.destination: syslog
storage.dbPath: ${cfg.dbpath}
${optionalString (cfg.replSetName != "") "replication.replSetName: ${cfg.replSetName}"}
${cfg.extraConfig}
'';
@ -84,9 +82,9 @@ in
extraConfig = mkOption {
default = "";
example = ''
nojournal = true
storage.journal.enabled: false
'';
description = "MongoDB extra configuration";
description = "MongoDB extra configuration in YAML format";
};
};
@ -112,7 +110,7 @@ in
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${mongodb}/bin/mongod --quiet --config ${mongoCnf}";
ExecStart = "${mongodb}/bin/mongod --quiet --config ${mongoCnf} --fork --pidfilepath ${cfg.pidFile}";
User = cfg.user;
PIDFile = cfg.pidFile;
Type = "forking";

21
nixos/modules/services/databases/mysql.nix
View File

@ -43,6 +43,7 @@ in
services.mysql = {
enable = mkOption {
type = types.bool;
default = false;
description = "
Whether to enable the MySQL server.
@ -51,23 +52,28 @@ in
package = mkOption {
type = types.package;
example = literalExample "pkgs.mysql";
default = pkgs.mysql;
defaultText = "pkgs.mysql";
example = literalExample "pkgs.mysql55";
description = "
Which MySQL derivation to use.
";
};
port = mkOption {
default = "3306";
type = types.int;
default = 3306;
description = "Port of MySQL";
};
user = mkOption {
type = types.str;
default = "mysql";
description = "User account under which MySQL runs";
};
dataDir = mkOption {
type = types.path;
default = "/var/mysql"; # !!! should be /var/db/mysql
description = "Location where MySQL stores its table files";
};
@ -78,6 +84,7 @@ in
};
extraOptions = mkOption {
type = types.lines;
default = "";
example = ''
key_buffer_size = 6G
@ -115,32 +122,39 @@ in
replication = {
role = mkOption {
type = types.enum [ "master" "slave" "none" ];
default = "none";
description = "Role of the MySQL server instance. Can be either: master, slave or none";
description = "Role of the MySQL server instance.";
};
serverId = mkOption {
type = types.int;
default = 1;
description = "Id of the MySQL server instance. This number must be unique for each instance";
};
masterHost = mkOption {
type = types.str;
description = "Hostname of the MySQL master server";
};
slaveHost = mkOption {
type = types.str;
description = "Hostname of the MySQL slave server";
};
masterUser = mkOption {
type = types.str;
description = "Username of the MySQL replication user";
};
masterPassword = mkOption {
type = types.str;
description = "Password of the MySQL replication user";
};
masterPort = mkOption {
type = types.int;
default = 3306;
description = "Port number on which the MySQL master server runs";
};
@ -167,6 +181,7 @@ in
systemd.services.mysql =
{ description = "MySQL Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
unitConfig.RequiresMountsFor = "${cfg.dataDir}";

2
nixos/modules/services/databases/neo4j.nix
View File

@ -123,7 +123,7 @@ in {
systemd.services.neo4j = {
description = "Neo4j Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
after = [ "network.target" ];
environment = { NEO4J_INSTANCE = cfg.dataDir; };
serviceConfig = {
ExecStart = "${cfg.package}/bin/neo4j console";

3
nixos/modules/services/databases/riak.nix
View File

@ -20,7 +20,7 @@ in
package = mkOption {
type = types.package;
example = literalExample "pkgs.riak2";
example = literalExample "pkgs.riak";
description = ''
Riak package to use.
'';
@ -108,6 +108,7 @@ in
pkgs.bash
];
environment.HOME = "${cfg.dataDir}";
environment.RIAK_DATA_DIR = "${cfg.dataDir}";
environment.RIAK_LOG_DIR = "${cfg.logDir}";
environment.RIAK_ETC_DIR = "/etc/riak";

73
nixos/modules/services/editors/emacs.xml
View File

@ -43,9 +43,10 @@
<title>Installing <application>Emacs</application></title>
<para>
Emacs can installed in the normal way for Nix (see <xref
linkend="sec-package-management" />). In addition, a NixOS
<emphasis>service</emphasis> can be enabled.
Emacs can be installed in the normal way for Nix (see
<xref linkend="sec-package-management" />).
In addition, a NixOS <emphasis>service</emphasis>
can be enabled.
</para>
<section>
@ -59,20 +60,20 @@
<variablelist>
<varlistentry>
<term><varname>emacs</varname></term>
<term><varname>emacs24</varname></term>
<term><varname>emacs25</varname></term>
<listitem>
<para>
The latest stable version of Emacs 24 using the <link
The latest stable version of Emacs 25 using the <link
xlink:href="http://www.gtk.org">GTK+ 2</link> widget
toolkit.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>emacs24-nox</varname></term>
<term><varname>emacs25-nox</varname></term>
<listitem>
<para>
Emacs 24 built without any dependency on X11
Emacs 25 built without any dependency on X11
libraries.
</para>
</listitem>
@ -86,15 +87,6 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>emacs25pre</varname></term>
<listitem>
<para>
A pretest version of what will become the first
version of Emacs 25.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
@ -573,6 +565,55 @@ services.emacs.install = true;
&lt;RET&gt; nixos-rebuild &lt;RET&gt;.</literal>
</para>
</section>
<section xml:id="sec-emacs-docbook-xml">
<title>Editing DocBook 5 XML Documents</title>
<para>
Emacs includes <link
xlink:href="https://www.gnu.org/software/emacs/manual/html_node/nxml-mode/Introduction.html">nXML</link>,
a major-mode for validating and editing XML documents.
When editing DocBook 5.0 documents, such as
<link linkend="book-nixos-manual">this one</link>,
nXML needs to be configured with the relevant schema, which is
not included.
</para>
<para>
To install the DocBook 5.0 schemas, either add
<varname>pkgs.docbook5</varname> to
<varname>environment.systemPackages</varname> (<link
linkend="sec-declarative-package-mgmt">NixOS</link>), or run
<literal>nix-env -i pkgs.docbook5</literal>
(<link linkend="sec-ad-hoc-packages">Nix</link>).
</para>
<para>
Then customize the variable <varname>rng-schema-locating-files</varname> to include <filename>~/.emacs.d/schemas.xml</filename> and put the following text into that file:
<example xml:id="ex-emacs-docbook-xml">
<title>nXML Schema Configuration (<filename>~/.emacs.d/schemas.xml</filename>)</title>
<programlisting language="xml"><![CDATA[
<?xml version="1.0"?>
<!--
To let emacs find this file, evaluate:
(add-to-list 'rng-schema-locating-files "~/.emacs.d/schemas.xml")
-->
<locatingRules xmlns="http://thaiopensource.com/ns/locating-rules/1.0">
<!--
Use this variation if pkgs.docbook5 is added to environment.systemPackages
-->
<namespace ns="http://docbook.org/ns/docbook"
uri="/run/current-system/sw/share/xml/docbook-5.0/rng/docbookxi.rnc"/>
<!--
Use this variation if installing schema with "nix-env -iA pkgs.docbook5".
<namespace ns="http://docbook.org/ns/docbook"
uri="../.nix-profile/share/xml/docbook-5.0/rng/docbookxi.rnc"/>
-->
</locatingRules>
]]></programlisting>
</example>
</para>
</section>
</section>
</chapter>

5
nixos/modules/services/hardware/sane_extra_backends/brscan4.nix
View File

@ -81,12 +81,11 @@ in
{ office1 = { model = "MFC-7860DW"; ip = "192.168.1.2"; };
office2 = { model = "MFC-7860DW"; nodename = "BRW0080927AFBCE"; };
};
type = types.loaOf types.optionSet;
type = with types; loaOf (submodule netDeviceOpts);
description = ''
The list of network devices that will be registered against the brscan4
sane backend.
'';
options = [ netDeviceOpts ];
};
};
@ -113,4 +112,4 @@ in
];
};
}
}

26
nixos/modules/services/hardware/udev.nix
View File

@ -32,13 +32,11 @@ let
'';
# Perform substitutions in all udev rules files.
udevRules = stdenv.mkDerivation {
name = "udev-rules";
preferLocalBuild = true;
allowSubstitutes = false;
buildCommand = ''
udevRules = pkgs.runCommand "udev-rules"
{ preferLocalBuild = true;
allowSubstitutes = false;
}
''
mkdir -p $out
shopt -s nullglob
set +o pipefail
@ -130,15 +128,12 @@ let
ln -s /dev/null $out/80-drivers.rules
''}
''; # */
};
hwdbBin = stdenv.mkDerivation {
name = "hwdb.bin";
preferLocalBuild = true;
allowSubstitutes = false;
buildCommand = ''
hwdbBin = pkgs.runCommand "hwdb.bin"
{ preferLocalBuild = true;
allowSubstitutes = false;
}
''
mkdir -p etc/udev/hwdb.d
for i in ${toString ([udev] ++ cfg.packages)}; do
echo "Adding hwdb files for package $i"
@ -151,7 +146,6 @@ let
${udev}/bin/udevadm hwdb --update --root=$(pwd)
mv etc/udev/hwdb.bin $out
'';
};
# Udev has a 512-character limit for ENV{PATH}, so create a symlink
# tree to work around this.

68
nixos/modules/services/logging/logcheck.nix
View File

@ -62,42 +62,46 @@ let
};
ignoreOptions = {
level = levelOption;
options = {
level = levelOption;
regex = mkOption {
default = "";
type = types.str;
description = ''
Regex specifying which log lines to ignore.
'';
regex = mkOption {
default = "";
type = types.str;
description = ''
Regex specifying which log lines to ignore.
'';
};
};
};
ignoreCronOptions = {
user = mkOption {
default = "root";
type = types.str;
description = ''
User that runs the cronjob.
'';
};
options = {
user = mkOption {
default = "root";
type = types.str;
description = ''
User that runs the cronjob.
'';
};
cmdline = mkOption {
default = "";
type = types.str;
description = ''
Command line for the cron job. Will be turned into a regex for the logcheck ignore rule.
'';
};
cmdline = mkOption {
default = "";
type = types.str;
description = ''
Command line for the cron job. Will be turned into a regex for the logcheck ignore rule.
'';
};
timeArgs = mkOption {
default = null;
type = types.nullOr (types.str);
example = "02 06 * * *";
description = ''
"min hr dom mon dow" crontab time args, to auto-create a cronjob too.
Leave at null to not do this and just add a logcheck ignore rule.
'';
timeArgs = mkOption {
default = null;
type = types.nullOr (types.str);
example = "02 06 * * *";
description = ''
"min hr dom mon dow" crontab time args, to auto-create a cronjob too.
Leave at null to not do this and just add a logcheck ignore rule.
'';
};
};
};
@ -180,8 +184,7 @@ in
description = ''
This option defines extra ignore rules.
'';
type = types.loaOf types.optionSet;
options = [ ignoreOptions ];
type = with types; loaOf (submodule ignoreOptions);
};
ignoreCron = mkOption {
@ -189,8 +192,7 @@ in
description = ''
This option defines extra ignore rules for cronjobs.
'';
type = types.loaOf types.optionSet;
options = [ ignoreOptions ignoreCronOptions ];
type = with types; loaOf (submodule ignoreCronOptions);
};
extraGroups = mkOption {

2
nixos/modules/services/networking/offlineimap.nix → nixos/modules/services/mail/offlineimap.nix
View File

@ -59,7 +59,7 @@ in {
};
path = cfg.path;
};
environment.systemPackages = [ "${cfg.package}" ];
environment.systemPackages = [ cfg.package ];
systemd.user.timers.offlineimap = {
description = "offlineimap timer";
timerConfig = {

79
nixos/modules/services/mail/postgrey.nix Normal file
View File

@ -0,0 +1,79 @@
{ config, lib, pkgs, ... }:
with lib; let
cfg = config.services.postgrey;
in {
options = {
services.postgrey = with types; {
enable = mkOption {
type = bool;
default = false;
description = "Whether to run the Postgrey daemon";
};
inetAddr = mkOption {
type = nullOr string;
default = null;
example = "127.0.0.1";
description = "The inet address to bind to. If none given, bind to /var/run/postgrey.sock";
};
inetPort = mkOption {
type = int;
default = 10030;
description = "The tcp port to bind to";
};
greylistText = mkOption {
type = string;
default = "Greylisted for %%s seconds";
description = "Response status text for greylisted messages";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.postgrey ];
users = {
extraUsers = {
postgrey = {
description = "Postgrey Daemon";
uid = config.ids.uids.postgrey;
group = "postgrey";
};
};
extraGroups = {
postgrey = {
gid = config.ids.gids.postgrey;
};
};
};
systemd.services.postgrey = let
bind-flag = if isNull cfg.inetAddr then
"--unix=/var/run/postgrey.sock"
else
"--inet=${cfg.inetAddr}:${cfg.inetPort}";
in {
description = "Postfix Greylisting Service";
wantedBy = [ "multi-user.target" ];
before = [ "postfix.service" ];
preStart = ''
mkdir -p /var/postgrey
chown postgrey:postgrey /var/postgrey
chmod 0770 /var/postgrey
'';
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.postgrey}/bin/postgrey ${bind-flag} --pidfile=/var/run/postgrey.pid --group=postgrey --user=postgrey --dbdir=/var/postgrey --greylist-text="${cfg.greylistText}"'';
Restart = "always";
RestartSec = 5;
TimeoutSec = 10;
};
};
};
}

2
nixos/modules/services/misc/apache-kafka.nix
View File

@ -139,7 +139,7 @@ in {
systemd.services.apache-kafka = {
description = "Apache Kafka Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.jre}/bin/java \

2
nixos/modules/services/misc/autofs.nix
View File

@ -22,7 +22,7 @@ in
default = false;
description = "
Mount filesystems on demand. Unmount them automatically.
You may also be interested in afuese.
You may also be interested in afuse.
";
};

2
nixos/modules/services/misc/confd.nix Normal file → Executable file
View File

@ -33,7 +33,7 @@ in {
nodes = mkOption {
description = "Confd list of nodes to connect to.";
default = [ "http://127.0.0.1:4001" ];
default = [ "http://127.0.0.1:2379" ];
type = types.listOf types.str;
};

66
nixos/modules/services/misc/docker-registry.nix Normal file
View File

@ -0,0 +1,66 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.dockerRegistry;
in {
options.services.dockerRegistry = {
enable = mkEnableOption "Docker Registry";
listenAddress = mkOption {
description = "Docker registry host or ip to bind to.";
default = "127.0.0.1";
type = types.str;
};
port = mkOption {
description = "Docker registry port to bind to.";
default = 5000;
type = types.int;
};
storagePath = mkOption {
type = types.path;
default = "/var/lib/docker-registry";
description = "Docker registry storage path.";
};
extraConfig = mkOption {
description = ''
Docker extra registry configuration via environment variables.
'';
default = {};
type = types.attrsOf types.str;
};
};
config = mkIf cfg.enable {
systemd.services.docker-registry = {
description = "Docker Container Registry";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = {
REGISTRY_HTTP_ADDR = "${cfg.listenAddress}:${toString cfg.port}";
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY = cfg.storagePath;
} // cfg.extraConfig;
script = ''
${pkgs.docker-distribution}/bin/registry serve \
${pkgs.docker-distribution.out}/share/go/src/github.com/docker/distribution/cmd/registry/config-example.yml
'';
serviceConfig = {
User = "docker-registry";
WorkingDirectory = cfg.storagePath;
};
};
users.extraUsers.docker-registry = {
createHome = true;
home = cfg.storagePath;
};
};
}

2
nixos/modules/services/misc/emby.nix
View File

@ -43,7 +43,7 @@ in
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = "true";
ExecStart = "${pkgs.mono}/bin/mono ${pkgs.emby}/bin/MediaBrowser.Server.Mono.exe";
ExecStart = "${pkgs.emby}/bin/MediaBrowser.Server.Mono";
Restart = "on-failure";
};
};

101
nixos/modules/services/misc/errbot.nix Normal file
View File

@ -0,0 +1,101 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.errbot;
pluginEnv = plugins: pkgs.buildEnv {
name = "errbot-plugins";
paths = plugins;
};
mkConfigFile = instanceCfg: dataDir: pkgs.writeText "errbot-config.py" ''
import logging
BACKEND = '${instanceCfg.backend}'
BOT_DATA_DIR = '${dataDir}'
BOT_EXTRA_PLUGIN_DIR = '${pluginEnv instanceCfg.plugins}'
BOT_LOG_LEVEL = logging.${instanceCfg.logLevel}
BOT_LOG_FILE = False
BOT_ADMINS = (${concatMapStringsSep "," (name: "'${name}'") instanceCfg.admins})
BOT_IDENTITY = ${builtins.toJSON instanceCfg.identity}
${instanceCfg.extraConfig}
'';
in {
options = {
services.errbot.instances = mkOption {
default = {};
description = "Errbot instance configs";
type = types.attrsOf (types.submodule {
options = {
dataDir = mkOption {
type = types.nullOr types.path;
default = null;
description = "Data directory for errbot instance.";
};
plugins = mkOption {
type = types.listOf types.package;
default = [];
description = "List of errbot plugin derivations.";
};
logLevel = mkOption {
type = types.str;
default = "INFO";
description = "Errbot log level";
};
admins = mkOption {
type = types.listOf types.str;
default = [];
description = "List of identifiers of errbot admins.";
};
backend = mkOption {
type = types.str;
default = "XMPP";
description = "Errbot backend name.";
};
identity = mkOption {
type = types.attrs;
description = "Errbot identity configuration";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "String to be appended to the config verbatim";
};
};
});
};
};
config = mkIf (cfg.instances != {}) {
users.extraUsers.errbot.group = "errbot";
users.extraGroups.errbot = {};
systemd.services = mapAttrs' (name: instanceCfg: nameValuePair "errbot-${name}" (
let
dataDir = if !isNull instanceCfg.dataDir then instanceCfg.dataDir else
"/var/lib/errbot/${name}";
in {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p ${dataDir}
chown -R errbot:errbot ${dataDir}
'';
serviceConfig = {
User = "errbot";
Restart = "on-failure";
ExecStart = "${pkgs.errbot}/bin/errbot -c ${mkConfigFile instanceCfg dataDir}";
PermissionsStartOnly = true;
};
})) cfg.instances;
};
}

10
nixos/modules/services/misc/etcd.nix
View File

@ -143,9 +143,9 @@ in {
config = mkIf cfg.enable {
systemd.services.etcd = {
description = "Etcd Daemon";
description = "etcd key-value store";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
after = [ "network.target" ];
environment = (filterAttrs (n: v: v != null) {
ETCD_NAME = cfg.name;
@ -168,12 +168,18 @@ in {
ETCD_INITIAL_CLUSTER_TOKEN = cfg.initialClusterToken;
}) // (mapAttrs' (n: v: nameValuePair "ETCD_${n}" v) cfg.extraConf);
unitConfig = {
Documentation = "https://github.com/coreos/etcd";
};
serviceConfig = {
Type = "notify";
ExecStart = "${pkgs.etcd.bin}/bin/etcd";
User = "etcd";
PermissionsStartOnly = true;
LimitNOFILE = 40000;
};
preStart = ''
mkdir -m 0700 -p ${cfg.dataDir}
if [ "$(id -u)" = 0 ]; then chown etcd ${cfg.dataDir}; fi

2
nixos/modules/services/misc/folding-at-home.nix
View File

@ -50,7 +50,7 @@ in {
};
systemd.services.foldingathome = {
after = [ "network-interfaces.target" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -m 0755 -p ${stateDir}

20
nixos/modules/services/misc/gitlab.nix
View File

@ -449,13 +449,15 @@ in {
Group = cfg.group;
TimeoutSec = "300";
Restart = "on-failure";
WorkingDirectory = gitlabEnv.HOME;
ExecStart =
"${cfg.packages.gitlab-workhorse}/bin/gitlab-workhorse "
+ "-listenUmask 0 "
+ "-listenNetwork unix "
+ "-listenAddr /run/gitlab/gitlab-workhorse.socket "
+ "-authSocket ${gitlabSocket} "
+ "-documentRoot ${cfg.packages.gitlab}/share/gitlab/public";
+ "-documentRoot ${cfg.packages.gitlab}/share/gitlab/public "
+ "-secretPath ${cfg.packages.gitlab}/share/gitlab/.gitlab_workhorse_secret";
};
};
@ -525,17 +527,23 @@ in {
psql postgres -c "CREATE ROLE gitlab WITH LOGIN NOCREATEDB NOCREATEROLE NOCREATEUSER ENCRYPTED PASSWORD '${cfg.databasePassword}'"
${config.services.postgresql.package}/bin/createdb --owner gitlab gitlab || true
touch "${cfg.statePath}/db-created"
# The gitlab:setup task is horribly broken somehow, these two tasks will do the same for setting up the initial database
${gitlab-rake}/bin/gitlab-rake db:migrate RAILS_ENV=production
${gitlab-rake}/bin/gitlab-rake db:seed_fu RAILS_ENV=production \
GITLAB_ROOT_PASSWORD="${cfg.initialRootPassword}" GITLAB_ROOT_EMAIL="${cfg.initialRootEmail}";
fi
fi
# enable required pg_trgm extension for gitlab
psql gitlab -c "CREATE EXTENSION IF NOT EXISTS pg_trgm"
# Always do the db migrations just to be sure the database is up-to-date
${gitlab-rake}/bin/gitlab-rake db:migrate RAILS_ENV=production
# The gitlab:setup task is horribly broken somehow, the db:migrate
# task above and the db:seed_fu below will do the same for setting
# up the initial database
if ! test -e "${cfg.statePath}/db-seeded"; then
${gitlab-rake}/bin/gitlab-rake db:seed_fu RAILS_ENV=production \
GITLAB_ROOT_PASSWORD="${cfg.initialRootPassword}" GITLAB_ROOT_EMAIL="${cfg.initialRootEmail}"
touch "${cfg.statePath}/db-seeded"
fi
# Change permissions in the last step because some of the
# intermediary scripts like to create directories as root.
chown -R ${cfg.user}:${cfg.group} ${cfg.statePath}

55
nixos/modules/services/misc/matrix-synapse.nix
View File

@ -5,15 +5,16 @@ with lib;
let
cfg = config.services.matrix-synapse;
logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig;
mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${if r.compress then "true" else "false"}}'';
mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${if l.tls then "true" else "false"}, x_forwarded: ${if l.x_forwarded then "true" else "false"}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${fromBool r.compress}}'';
mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${fromBool l.tls}, x_forwarded: ${fromBool l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}'';
fromBool = x: if x then "true" else "false";
configFile = pkgs.writeText "homeserver.yaml" ''
tls_certificate_path: "${cfg.tls_certificate_path}"
${optionalString (cfg.tls_private_key_path != null) ''
tls_private_key_path: "${cfg.tls_private_key_path}"
''}
tls_dh_params_path: "${cfg.tls_dh_params_path}"
no_tls: ${if cfg.no_tls then "true" else "false"}
no_tls: ${fromBool cfg.no_tls}
${optionalString (cfg.bind_port != null) ''
bind_port: ${toString cfg.bind_port}
''}
@ -25,7 +26,7 @@ bind_host: "${cfg.bind_host}"
''}
server_name: "${cfg.server_name}"
pid_file: "/var/run/matrix-synapse.pid"
web_client: ${if cfg.web_client then "true" else "false"}
web_client: ${fromBool cfg.web_client}
${optionalString (cfg.public_baseurl != null) ''
public_baseurl: "${cfg.public_baseurl}"
''}
@ -53,14 +54,14 @@ media_store_path: "/var/lib/matrix-synapse/media"
uploads_path: "/var/lib/matrix-synapse/uploads"
max_upload_size: "${cfg.max_upload_size}"
max_image_pixels: "${cfg.max_image_pixels}"
dynamic_thumbnails: ${if cfg.dynamic_thumbnails then "true" else "false"}
dynamic_thumbnails: ${fromBool cfg.dynamic_thumbnails}
url_preview_enabled: False
recaptcha_private_key: "${cfg.recaptcha_private_key}"
recaptcha_public_key: "${cfg.recaptcha_public_key}"
enable_registration_captcha: ${if cfg.enable_registration_captcha then "true" else "false"}
enable_registration_captcha: ${fromBool cfg.enable_registration_captcha}
turn_uris: ${builtins.toJSON cfg.turn_uris}
turn_shared_secret: "${cfg.turn_shared_secret}"
enable_registration: ${if cfg.enable_registration then "true" else "false"}
enable_registration: ${fromBool cfg.enable_registration}
${optionalString (cfg.registration_shared_secret != null) ''
registration_shared_secret: "${cfg.registration_shared_secret}"
''}
@ -68,9 +69,15 @@ recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
turn_user_lifetime: "${cfg.turn_user_lifetime}"
user_creation_max_duration: ${cfg.user_creation_max_duration}
bcrypt_rounds: ${cfg.bcrypt_rounds}
allow_guest_access: {if cfg.allow_guest_access then "true" else "false"}
enable_metrics: ${if cfg.enable_metrics then "true" else "false"}
report_stats: ${if cfg.report_stats then "true" else "false"}
allow_guest_access: ${fromBool cfg.allow_guest_access}
trusted_third_party_id_servers: ${builtins.toJSON cfg.trusted_third_party_id_servers}
room_invite_state_types: ${builtins.toJSON cfg.room_invite_state_types}
${optionalString (cfg.macaroon_secret_key != null) ''
macaroon_secret_key: "${cfg.macaroon_secret_key}"
''}
expire_access_token: ${fromBool cfg.expire_access_token}
enable_metrics: ${fromBool cfg.enable_metrics}
report_stats: ${fromBool cfg.report_stats}
signing_key_path: "/var/lib/matrix-synapse/homeserver.signing.key"
key_refresh_interval: "${cfg.key_refresh_interval}"
perspectives:
@ -469,6 +476,34 @@ in {
accessible to anonymous users.
'';
};
trusted_third_party_id_servers = mkOption {
type = types.listOf types.str;
default = ["matrix.org"];
description = ''
The list of identity servers trusted to verify third party identifiers by this server.
'';
};
room_invite_state_types = mkOption {
type = types.listOf types.str;
default = ["m.room.join_rules" "m.room.canonical_alias" "m.room.avatar" "m.room.name"];
description = ''
A list of event types that will be included in the room_invite_state
'';
};
macaroon_secret_key = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Secret key for authentication tokens
'';
};
expire_access_token = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable access token expiration.
'';
};
key_refresh_interval = mkOption {
type = types.str;
default = "1d";

2
nixos/modules/services/misc/mesos-master.nix
View File

@ -80,7 +80,7 @@ in {
systemd.services.mesos-master = {
description = "Mesos Master";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.mesos}/bin/mesos-master \

2
nixos/modules/services/misc/mesos-slave.nix
View File

@ -105,7 +105,7 @@ in {
systemd.services.mesos-slave = {
description = "Mesos Slave";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
after = [ "network.target" ];
environment.MESOS_CONTAINERIZERS = concatStringsSep "," containerizers;
serviceConfig = {
ExecStart = ''

49
nixos/modules/services/misc/nix-optimise.nix Normal file
View File

@ -0,0 +1,49 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.nix.optimise;
in
{
###### interface
options = {
nix.optimise = {
automatic = mkOption {
default = false;
type = types.bool;
description = "Automatically run the nix store optimiser at a specific time.";
};
dates = mkOption {
default = ["03:45"];
type = types.listOf types.str;
description = ''
Specification (in the format described by
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>) of the time at
which the optimiser will run.
'';
};
};
};
###### implementation
config = {
systemd.services.nix-optimise =
{ description = "Nix Store Optimiser";
serviceConfig.ExecStart = "${config.nix.package}/bin/nix-store --optimise";
startAt = optional cfg.automatic cfg.dates;
};
};
}

78
nixos/modules/services/misc/rippled.nix
View File

@ -154,43 +154,45 @@ let
};
dbOptions = {
type = mkOption {
description = "Rippled database type.";
type = types.enum ["rocksdb" "nudb"];
default = "rocksdb";
};
options = {
type = mkOption {
description = "Rippled database type.";
type = types.enum ["rocksdb" "nudb"];
default = "rocksdb";
};
path = mkOption {
description = "Location to store the database.";
type = types.path;
default = cfg.databasePath;
};
path = mkOption {
description = "Location to store the database.";
type = types.path;
default = cfg.databasePath;
};
compression = mkOption {
description = "Whether to enable snappy compression.";
type = types.nullOr types.bool;
default = null;
};
compression = mkOption {
description = "Whether to enable snappy compression.";
type = types.nullOr types.bool;
default = null;
};
onlineDelete = mkOption {
description = "Enable automatic purging of older ledger information.";
type = types.addCheck (types.nullOr types.int) (v: v > 256);
default = cfg.ledgerHistory;
};
onlineDelete = mkOption {
description = "Enable automatic purging of older ledger information.";
type = types.addCheck (types.nullOr types.int) (v: v > 256);
default = cfg.ledgerHistory;
};
advisoryDelete = mkOption {
description = ''
If set, then require administrative RPC call "can_delete"
to enable online deletion of ledger records.
'';
type = types.nullOr types.bool;
default = null;
};
advisoryDelete = mkOption {
description = ''
If set, then require administrative RPC call "can_delete"
to enable online deletion of ledger records.
'';
type = types.nullOr types.bool;
default = null;
};
extraOpts = mkOption {
description = "Extra database options.";
type = types.lines;
default = "";
extraOpts = mkOption {
description = "Extra database options.";
type = types.lines;
default = "";
};
};
};
@ -213,8 +215,7 @@ in
ports = mkOption {
description = "Ports exposed by rippled";
type = types.attrsOf types.optionSet;
options = [portOptions];
type = with types; attrsOf (submodule portOptions);
default = {
rpc = {
port = 5005;
@ -238,8 +239,7 @@ in
nodeDb = mkOption {
description = "Rippled main database options.";
type = types.nullOr types.optionSet;
options = dbOptions;
type = with types; nullOr (submodule dbOptions);
default = {
type = "rocksdb";
extraOpts = ''
@ -254,15 +254,13 @@ in
tempDb = mkOption {
description = "Rippled temporary database options.";
type = types.nullOr types.optionSet;
options = dbOptions;
type = with types; nullOr (submodule dbOptions);
default = null;
};
importDb = mkOption {
description = "Settings for performing a one-time import.";
type = types.nullOr types.optionSet;
options = dbOptions;
type = with types; nullOr (submodule dbOptions);
default = null;
};

2
nixos/modules/services/misc/svnserve.nix
View File

@ -35,7 +35,7 @@ in
config = mkIf cfg.enable {
systemd.services.svnserve = {
after = [ "network-interfaces.target" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = "mkdir -p ${cfg.svnBaseDir}";
script = "${pkgs.subversion.out}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/var/run/svnserve.pid";

2
nixos/modules/services/misc/taskserver/default.nix
View File

@ -154,7 +154,7 @@ let
certtool = "${pkgs.gnutls.bin}/bin/certtool";
nixos-taskserver = pkgs.buildPythonPackage {
nixos-taskserver = pkgs.pythonPackages.buildPythonPackage {
name = "nixos-taskserver";
namePrefix = "";

2
nixos/modules/services/misc/zookeeper.nix
View File

@ -113,7 +113,7 @@ in {
systemd.services.zookeeper = {
description = "Zookeeper Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
after = [ "network.target" ];
environment = { ZOOCFGDIR = configDir; };
serviceConfig = {
ExecStart = ''

1
nixos/modules/services/monitoring/cadvisor.nix
View File

@ -90,6 +90,7 @@ in {
${optionalString cfg.storageDriverSecure "-storage_driver_secure"}
''}
'';
TimeoutStartSec=300;
};
};

Some files were not shown because too many files have changed in this diff Show More