public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'closure-size' (#7701) into staging

Browse Source
This commit is contained in:
Vladimír Čunát 2016-04-10 11:37:43 +02:00
commit 4fa9983ab2
1195 changed files with 67145 additions and 31682 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
.github/ISSUE_TEMPLATE.md vendored
View File

@ -1,17 +1,13 @@
## Basic info ## Issue description
To make sure that we are on the same page:
* Kernel: (run `uname -a`)
* System: (NixOS: `nixos-version`, Ubuntu/Fedora: `lsb_release -a`, ...)
* Nix version: (run `nix-env --version`)
* Nixpkgs version: (run `nix-instantiate --eval '<nixpkgs>' -A lib.nixpkgsVersion`)
## Describe your issue here
### Expected result
### Actual result
### Steps to reproduce ### Steps to reproduce
## Technical details
* System: (NixOS: `nixos-version`, Ubuntu/Fedora: `lsb_release -a`, ...)
* Nix version: (run `nix-env --version`)
* Nixpkgs version: (run `nix-instantiate --eval '<nixpkgs>' -A lib.nixpkgsVersion`)

8
README.md
View File

@ -14,12 +14,12 @@ build daemon as so-called channels. To get channel information via git, add
``` ```
For stability and maximum binary package support, it is recommended to maintain For stability and maximum binary package support, it is recommended to maintain
custom changes on top of one of the channels, e.g. `nixos-15.09` for the latest custom changes on top of one of the channels, e.g. `nixos-16.03` for the latest
release and `nixos-unstable` for the latest successful build of master: release and `nixos-unstable` for the latest successful build of master:
``` ```
% git remote update channels % git remote update channels
% git rebase channels/nixos-15.09 % git rebase channels/nixos-16.03
``` ```
For pull-requests, please rebase onto nixpkgs `master`. For pull-requests, please rebase onto nixpkgs `master`.
@ -33,9 +33,9 @@ For pull-requests, please rebase onto nixpkgs `master`.
* [Manual (NixOS)](https://nixos.org/nixos/manual/) * [Manual (NixOS)](https://nixos.org/nixos/manual/)
* [Nix Wiki](https://nixos.org/wiki/) * [Nix Wiki](https://nixos.org/wiki/)
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined) * [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for 15.09 release](https://hydra.nixos.org/jobset/nixos/release-15.09) * [Continuous package builds for 16.03 release](https://hydra.nixos.org/jobset/nixos/release-16.03)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents) * [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for 15.09 release](https://hydra.nixos.org/job/nixos/release-15.09/tested#tabs-constituents) * [Tests for 16.03 release](https://hydra.nixos.org/job/nixos/release-16.03/tested#tabs-constituents)
Communication: Communication:

37
doc/introduction.md
View File

@ -6,13 +6,14 @@ date: 2015-11-25
# Introduction # Introduction
The Nix Packages collection (Nixpkgs) is a set of over 30,000 packages for the The Nix Packages collection (Nixpkgs) is a set of thousands of packages for the
[Nix package manager](http://nixos.org/nix/), released under a [permissive MIT/X11 license](https://github.com/NixOS/nixpkgs/blob/master/COPYING). [Nix package manager](http://nixos.org/nix/), released under a
Packages are available for several architectures, and can be used with the Nix package manager [permissive MIT/X11 license](https://github.com/NixOS/nixpkgs/blob/master/COPYING).
on most GNU/Linux distributions as well as NixOS. Packages are available for several platforms, and can be used with the Nix
package manager on most GNU/Linux distributions as well as NixOS.
This manual describes how to write packages for the Nix Packages collection This manual primarily describes how to write packages for the Nix Packages collection
(Nixpkgs). Thus its for packagers and developers who want to add packages to (Nixpkgs). Thus its mainly for packagers and developers who want to add packages to
Nixpkgs. If you like to learn more about the Nix package manager and the Nix Nixpkgs. If you like to learn more about the Nix package manager and the Nix
expression language, then you are kindly referred to the [Nix manual](http://nixos.org/nix/manual/). expression language, then you are kindly referred to the [Nix manual](http://nixos.org/nix/manual/).
@ -20,29 +21,33 @@ expression language, then you are kindly referred to the [Nix manual](http://nix
Nix expressions describe how to build packages from source and are collected in Nix expressions describe how to build packages from source and are collected in
the [nixpkgs repository](https://github.com/NixOS/nixpkgs). Also included in the the [nixpkgs repository](https://github.com/NixOS/nixpkgs). Also included in the
collection are Nix expressions for [NixOS modules](http://nixos.org/nixos/manual/index.html#sec-writing-modules). With collection are Nix expressions for
these expressions the Nix package manager can build binary packages. [NixOS modules](http://nixos.org/nixos/manual/index.html#sec-writing-modules).
With these expressions the Nix package manager can build binary packages.
Packages, including the Nix packages collection, are distributed through Packages, including the Nix packages collection, are distributed through
[channels](http://nixos.org/nix/manual/#sec-channels). The collection is [channels](http://nixos.org/nix/manual/#sec-channels). The collection is
distributed for users of Nix on non-NixOS distributions through the channel distributed for users of Nix on non-NixOS distributions through the channel
`nixpkgs`. Users of NixOS generally use one of the `nixos-*` channels, e.g. `nixpkgs`. Users of NixOS generally use one of the `nixos-*` channels, e.g.
`nixos-15.09`, which includes all packages and modules for the stable NixOS `nixos-16.03`, which includes all packages and modules for the stable NixOS
15.09. The channels of the stable NixOS releases are generally only given 16.03. The purpose of stable NixOS releases are generally only given
security updates. More up to date packages and modules are available via the security updates. More up to date packages and modules are available via the
`nixos-unstable` channel. `nixos-unstable` channel.
Both `nixos-unstable` and `nixpkgs` follow the `master` branch of the Nixpkgs Both `nixos-unstable` and `nixpkgs` follow the `master` branch of the Nixpkgs
repository, although both do lag the `master` branch by generally [a couple of days](http://howoldis.herokuapp.com/). Updates to a channel are distributed as repository, although both do lag the `master` branch by generally
soon as all tests for that channel pass, e.g. [this table](http://hydra.nixos.org/job/nixpkgs/trunk/unstable#tabs-constituents) [a couple of days](http://howoldis.herokuapp.com/). Updates to a channel are
distributed as soon as all tests for that channel pass, e.g.
[this table](http://hydra.nixos.org/job/nixpkgs/trunk/unstable#tabs-constituents)
shows the status of tests for the `nixpkgs` channel. shows the status of tests for the `nixpkgs` channel.
The tests are conducted by a cluster called [Hydra](http://nixos.org/hydra/), The tests are conducted by a cluster called [Hydra](http://nixos.org/hydra/),
which also builds binary packages from the Nix expressions in Nixpkgs. As soon which also builds binary packages from the Nix expressions in Nixpkgs for
as a channel is updated, the binaries are made available via a [binary cache](https://cache.nixos.org). Until the channel updates, binaries that have `x86_64-linux`, `i686-linux` and `x86_64-darwin`.
already been built, are available via [Hydra's binary cache](https://hydra.nixos.org). The binaries are made available via a [binary cache](https://cache.nixos.org).
The current Nix expressions of the channels are available in the The current Nix expressions of the channels are available in the
[`nixpkgs-channels`](https://github.com/NixOS/nixpkgs-channels) repository, [`nixpkgs-channels`](https://github.com/NixOS/nixpkgs-channels) repository,
which has branches corresponding to the available channels. There is also the which has branches corresponding to the available channels. There is also the
Nixpkgs Monitor which keeps track of updates and security vulnerabilities. [Nixpkgs Monitor](http://monitor.nixos.org) which keeps track of updates
and security vulnerabilities.

1
doc/manual.xml
View File

@ -12,6 +12,7 @@
<xi:include href="introduction.xml" /> <xi:include href="introduction.xml" />
<xi:include href="quick-start.xml" /> <xi:include href="quick-start.xml" />
<xi:include href="stdenv.xml" /> <xi:include href="stdenv.xml" />
<xi:include href="multiple-output.xml" />
<xi:include href="configuration.xml" /> <xi:include href="configuration.xml" />
<xi:include href="functions.xml" /> <xi:include href="functions.xml" />
<xi:include href="meta.xml" /> <xi:include href="meta.xml" />

91
doc/multiple-output.xml Normal file
View File

@ -0,0 +1,91 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter [
<!ENTITY ndash "&#x2013;"> <!-- @vcunat likes to use this one ;-) -->
]>
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-multiple-output">
<title>Multiple-output packages</title>
<section><title>Introduction</title>
<para>The Nix language allows a derivation to produce multiple outputs, which is similar to what is utilized by other Linux distribution packaging systems. The outputs reside in separate nix store paths, so they can be mostly handled independently of each other, including passing to build inputs, garbage collection or binary substitution. The exception is that building from source always produces all the outputs.</para>
<para>The main motivation is to save disk space by reducing runtime closure sizes; consequently also sizes of substituted binaries get reduced. Splitting can be used to have more granular runtime dependencies, for example the typical reduction is to split away development-only files, as those are typically not needed during runtime. As a result, closure sizes of many packages can get reduced to a half or even much less.</para>
<note><para>The reduction effects could be instead achieved by building the parts in completely separate derivations. That would often additionally reduce build-time closures, but it tends to be much harder to write such derivations, as build systems typically assume all parts are being built at once. This compromise approach of single source package producing multiple binary packages is also utilized often by rpm and deb.</para></note>
</section>
<section><title>Installing a split package</title>
<para>When installing a package via <varname>systemPackages</varname> or <command>nix-env</command> you have several options:</para>
<warning><para>Currently <command>nix-env</command> almost always installs all outputs until https://github.com/NixOS/nix/pull/815 gets merged.</para></warning>
<itemizedlist>
<listitem><para>You can install particular outputs explicitly, as each is available in the Nix language as an attribute of the package. The <varname>outputs</varname> attribute contains a list of output names.</para></listitem>
<listitem><para>You can let it use the default outputs. These are handled by <varname>meta.outputsToInstall</varname> attribute that contains a list of output names.</para>
<para>TODO: more about tweaking the attribute, etc.</para></listitem>
<listitem><para>NixOS provides configuration option <varname>environment.extraOutputsToInstall</varname> that allows adding extra outputs of <varname>environment.systemPackages</varname> atop the default ones. It's mainly meant for documentation and debug symbols, and it's also modified by specific options.</para>
<note><para>At this moment there is no similar configurability for packages installed by <command>nix-env</command>. You can still use approach from <xref linkend="sec-modify-via-packageOverrides" /> to override <varname>meta.outputsToInstall</varname> attributes, but that's a rather inconvenient way.</para></note>
</listitem>
</itemizedlist>
</section>
<section><title>Using a split package</title>
<para>In the Nix language the individual outputs can be reached explicitly as attributes, e.g. <varname>coreutils.info</varname>, but the typical case is just using packages as build inputs.</para>
<para>When a multiple-output derivation gets into a build input of another derivation, the first output is added (<varname>.dev</varname> by convention) and also <varname>propagatedBuildOutputs</varname> of that package which by default contain <varname>$outputBin</varname> and <varname>$outputLib</varname>. (See <xref linkend="multiple-output-file-type-groups" />.)</para>
</section>
<section><title>Writing a split derivation</title>
<para>Here you find how to write a derivation that produces multiple outputs.</para>
<para>In nixpkgs there is a framework supporting multiple-output derivations. It tries to cover most cases by default behavior. You can find the source separated in &lt;<filename>nixpkgs/pkgs/build-support/setup-hooks/multiple-outputs.sh</filename>&gt;; it's relatively well-readable. The whole machinery is triggered by defining the <varname>outputs</varname> attribute to contain the list of desired output names (strings).</para>
<programlisting>outputs = [ "dev" "out" "bin" "doc" ];</programlisting>
<para>Often such a single line is enough. For each output an equally named environment variable is passed to the builder and contains the path in nix store for that output. By convention, the first output should usually be <varname>dev</varname>; typically you also want to have the main <varname>out</varname> output, as it catches any files that didn't get elsewhere.</para>
<note><para>There is a special handling of the <varname>debug</varname> output, described at <xref linkend="stdenv-separateDebugInfo" />.</para></note>
<section xml:id="multiple-output-file-type-groups">
<title>File type groups</title>
<para>The support code currently recognizes some particular kinds of outputs and either instructs the build system of the package to put files into their desired outputs or it moves the files during the fixup phase. Each group of file types has an <varname>outputFoo</varname> variable specifying the output name where they should go. If that variable isn't defined by the derivation writer, it is guessed &ndash; a default output name is defined, falling back to other possibilities if the output isn't defined.</para>
<variablelist>
<varlistentry><term><varname>
$outputDev</varname></term><listitem><para>
is for development-only files. These include C(++) headers, pkg-config, cmake and aclocal files. They go to <varname>dev</varname> or <varname>out</varname> by default.
</para></listitem></varlistentry>
<varlistentry><term><varname>
$outputBin</varname></term><listitem><para>
is meant for user-facing binaries, typically residing in bin/. They go to <varname>bin</varname> or <varname>out</varname> by default.
</para></listitem></varlistentry>
<varlistentry><term><varname>
$outputLib</varname></term><listitem><para>
is meant for libraries, typically residing in <filename>lib/</filename> and <filename>libexec/</filename>. They go to <varname>lib</varname> or <varname>out</varname> by default.
</para></listitem></varlistentry>
<varlistentry><term><varname>
$outputDoc</varname></term><listitem><para>
is for user documentation, typically residing in <filename>share/doc/</filename>. It goes to <varname>doc</varname> or <varname>out</varname> by default.
</para></listitem></varlistentry>
<varlistentry><term><varname>
$outputDocdev</varname></term><listitem><para>
is for <emphasis>developer</emphasis> documentation. Currently we count gtk-doc and man3 pages in there. It goes to <varname>docdev</varname> or is removed (!) by default. This is because e.g. gtk-doc tends to be rather large and completely unused by nixpkgs users.
</para></listitem></varlistentry>
<varlistentry><term><varname>
$outputMan</varname></term><listitem><para>
is for man pages (except for section 3). They go to <varname>man</varname> or <varname>doc</varname> or <varname>$outputBin</varname> by default.
</para></listitem></varlistentry>
<varlistentry><term><varname>
$outputInfo</varname></term><listitem><para>
is for info pages. They go to <varname>info</varname> or <varname>doc</varname> or <varname>$outputMan</varname> by default.
</para></listitem></varlistentry>
</variablelist>
</section>
<section><title>Common caveats</title>
<itemizedlist>
<listitem><para>Some configure scripts don't like some of the parameters passed by default by the framework, e.g. <literal>--docdir=/foo/bar</literal>. You can disable this by setting <literal>setOutputFlags = false;</literal>.</para></listitem>
<listitem><para>The outputs of a single derivation can retain references to each other, but note that circular references are not allowed. (And each strongly-connected component would act as a single output anyway.)</para></listitem>
<listitem><para>Most of split packages contain their core functionality in libraries. These libraries tend to refer to various kind of data that typically gets into <varname>out</varname>, e.g. locale strings, so there is often no advantage in separating the libraries into <varname>lib</varname>, as keeping them in <varname>out</varname> is easier.</para></listitem>
<listitem><para>Some packages have hidden assumptions on install paths, which complicates splitting.</para></listitem>
</itemizedlist>
</section>
</section><!--Writing a split derivation-->
</chapter>

2
doc/stdenv.xml
View File

@ -956,7 +956,7 @@ following:
phase.</para></listitem> phase.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="stdenv-separateDebugInfo">
<term><varname>separateDebugInfo</varname></term> <term><varname>separateDebugInfo</varname></term>
<listitem><para>If set to <literal>true</literal>, the standard <listitem><para>If set to <literal>true</literal>, the standard
environment will enable debug information in C/C++ builds. After environment will enable debug information in C/C++ builds. After

2
lib/customisation.nix
View File

@ -129,7 +129,7 @@ rec {
}; };
outputsList = map outputToAttrListElement outputs; outputsList = map outputToAttrListElement outputs;
in commonAttrs.${drv.outputName}; in commonAttrs // { outputUnspecified = true; };
/* Strip a derivation of all non-essential attributes, returning /* Strip a derivation of all non-essential attributes, returning

3
lib/maintainers.nix
View File

@ -81,6 +81,7 @@
copumpkin = "Dan Peebles <pumpkingod@gmail.com>"; copumpkin = "Dan Peebles <pumpkingod@gmail.com>";
coroa = "Jonas Hörsch <jonas@chaoflow.net>"; coroa = "Jonas Hörsch <jonas@chaoflow.net>";
couchemar = "Andrey Pavlov <couchemar@yandex.ru>"; couchemar = "Andrey Pavlov <couchemar@yandex.ru>";
CrystalGamma = "Jona Stubbe <nixos@crystalgamma.de>";
cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>"; cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
cwoac = "Oliver Matthews <oliver@codersoffortune.net>"; cwoac = "Oliver Matthews <oliver@codersoffortune.net>";
DamienCassou = "Damien Cassou <damien@cassou.me>"; DamienCassou = "Damien Cassou <damien@cassou.me>";
@ -117,6 +118,7 @@
ertes = "Ertugrul Söylemez <ertesx@gmx.de>"; ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
exi = "Reno Reckling <nixos@reckling.org>"; exi = "Reno Reckling <nixos@reckling.org>";
exlevan = "Alexey Levan <exlevan@gmail.com>"; exlevan = "Alexey Levan <exlevan@gmail.com>";
expipiplus1 = "Joe Hermaszewski <nix@monoid.al>";
fadenb = "Tristan Helmich <tristan.helmich+nixos@gmail.com>"; fadenb = "Tristan Helmich <tristan.helmich+nixos@gmail.com>";
falsifian = "James Cook <james.cook@utoronto.ca>"; falsifian = "James Cook <james.cook@utoronto.ca>";
flosse = "Markus Kohlhase <mail@markus-kohlhase.de>"; flosse = "Markus Kohlhase <mail@markus-kohlhase.de>";
@ -186,6 +188,7 @@
ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>"; ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
lassulus = "Lassulus <lassulus@gmail.com>"; lassulus = "Lassulus <lassulus@gmail.com>";
layus = "Guillaume Maudoux <layus.on@gmail.com>"; layus = "Guillaume Maudoux <layus.on@gmail.com>";
ldesgoui = "Lucas Desgouilles <ldesgoui@gmail.com>";
lebastr = "Alexander Lebedev <lebastr@gmail.com>"; lebastr = "Alexander Lebedev <lebastr@gmail.com>";
leenaars = "Michiel Leenaars <ml.software@leenaa.rs>"; leenaars = "Michiel Leenaars <ml.software@leenaa.rs>";
leonardoce = "Leonardo Cecchi <leonardo.cecchi@gmail.com>"; leonardoce = "Leonardo Cecchi <leonardo.cecchi@gmail.com>";

6
lib/strings.nix
View File

@ -98,7 +98,9 @@ rec {
makeLibraryPath [ pkgs.openssl pkgs.zlib ] makeLibraryPath [ pkgs.openssl pkgs.zlib ]
=> "/nix/store/9rz8gxhzf8sw4kf2j2f1grr49w8zx5vj-openssl-1.0.1r/lib:/nix/store/wwh7mhwh269sfjkm6k5665b5kgp7jrk2-zlib-1.2.8/lib" => "/nix/store/9rz8gxhzf8sw4kf2j2f1grr49w8zx5vj-openssl-1.0.1r/lib:/nix/store/wwh7mhwh269sfjkm6k5665b5kgp7jrk2-zlib-1.2.8/lib"
*/ */
makeLibraryPath = makeSearchPath "lib"; makeLibraryPath = pkgs: makeSearchPath "lib"
# try to guess the right output of each pkg
(map (pkg: pkg.lib or (pkg.out or pkg)) pkgs);
/* Construct a binary search path (such as $PATH) containing the /* Construct a binary search path (such as $PATH) containing the
binaries for a set of packages. binaries for a set of packages.
@ -258,7 +260,7 @@ rec {
/* Cut a string with a separator and produces a list of strings which /* Cut a string with a separator and produces a list of strings which
were separated by this separator. were separated by this separator.
NOTE: this function is not performant and should be avoided NOTE: this function is not performant and should never be used.
Example: Example:
splitString "." "foo.bar.baz" splitString "." "foo.bar.baz"

4
maintainers/scripts/find-tarballs.nix
View File

@ -14,12 +14,12 @@ let
operator = const [ ]; operator = const [ ];
}); });
urls = map (drv: { url = head drv.urls; hash = drv.outputHash; type = drv.outputHashAlgo; }) fetchurlDependencies; urls = map (drv: { url = head (drv.urls or [ drv.url ]); hash = drv.outputHash; type = drv.outputHashAlgo; }) fetchurlDependencies;
fetchurlDependencies = fetchurlDependencies =
filter filter
(drv: drv.outputHash or "" != "" && drv.outputHashMode or "flat" == "flat" (drv: drv.outputHash or "" != "" && drv.outputHashMode or "flat" == "flat"
&& drv.postFetch or "" == "" && drv ? urls) && drv.postFetch or "" == "" && (drv ? url || drv ? urls))
dependencies; dependencies;
dependencies = map (x: x.value) (genericClosure { dependencies = map (x: x.value) (genericClosure {

2
nixos/doc/manual/default.nix
View File

@ -44,7 +44,7 @@ let
echo "for hints about the offending path)." echo "for hints about the offending path)."
exit 1 exit 1
fi fi
${libxslt}/bin/xsltproc \ ${libxslt.bin}/bin/xsltproc \
--stringparam revision '${revision}' \ --stringparam revision '${revision}' \
-o $out ${./options-to-docbook.xsl} $optionsXML -o $out ${./options-to-docbook.xsl} $optionsXML
''; '';

16
nixos/doc/manual/installation/installing-usb.xml
View File

@ -7,10 +7,18 @@
<title>Booting from a USB Drive</title> <title>Booting from a USB Drive</title>
<para>For systems without CD drive, the NixOS live CD can be booted from <para>For systems without CD drive, the NixOS live CD can be booted from
a USB stick. For non-UEFI installations, a USB stick. You can use the <command>dd</command> utility to write the image:
<link xlink:href="http://unetbootin.sourceforge.net/">unetbootin</link> <command>dd if=<replaceable>path-to-image</replaceable>
will work. For UEFI installations, you should mount the ISO, copy its contents of=<replaceable>/dev/sdb</replaceable></command>. Be careful about specifying the
verbatim to your drive, then either: correct drive; you can use the <command>lsblk</command> command to get a list of
block devices.</para>
<para>The <command>dd</command> utility will write the image verbatim to the drive,
making it the recommended option for both UEFI and non-UEFI installations. For
non-UEFI installations, you can alternatively use
<link xlink:href="http://unetbootin.sourceforge.net/">unetbootin</link>. If you
cannot use <command>dd</command> for a UEFI installation, you can also mount the
ISO, copy its contents verbatim to your drive, then either:
<itemizedlist> <itemizedlist>
<listitem> <listitem>

4
nixos/doc/manual/installation/installing.xml
View File

@ -157,10 +157,6 @@ $ nano /mnt/etc/nixos/configuration.nix
<command>nixos-generate-config</command> will figure out the <command>nixos-generate-config</command> will figure out the
required modules.</para></note> required modules.</para></note>
<para>Examples of real-world NixOS configuration files can be
found at <link
xlink:href="https://nixos.org/repos/nix/configurations/trunk/"/>.</para>
</listitem> </listitem>
<listitem><para>Do the installation: <listitem><para>Do the installation:

63
nixos/doc/manual/release-notes/rl-1603.xml
View File

@ -4,7 +4,7 @@
version="5.0" version="5.0"
xml:id="sec-release-16.03"> xml:id="sec-release-16.03">
<title>Release 16.03 (“Emu”, 2016/03/??)</title> <title>Release 16.03 (“Emu”, 2016/03/31)</title>
<para>In addition to numerous new and upgraded packages, this release <para>In addition to numerous new and upgraded packages, this release
has the following highlights:</para> has the following highlights:</para>
@ -33,6 +33,10 @@ has the following highlights:</para>
<para>Glibc 2.23 (was 2.21).</para> <para>Glibc 2.23 (was 2.21).</para>
</listitem> </listitem>
<listitem>
<para>Binutils 2.26 (was 2.23.1). See #909</para>
</listitem>
<listitem> <listitem>
<para>Improved support for ensuring <link <para>Improved support for ensuring <link
xlink:href="https://reproducible-builds.org/">bitwise reproducible xlink:href="https://reproducible-builds.org/">bitwise reproducible
@ -58,10 +62,57 @@ has the following highlights:</para>
<itemizedlist> <itemizedlist>
<listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem> <listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem>
<listitem><para><literal>services/networking/pdnsd.nix</literal></para></listitem> <listitem><para><literal>hardware/video/webcam/facetimehd.nix</literal></para></listitem>
<listitem><para><literal>services/web-apps/pump.io.nix</literal></para></listitem>
<listitem><para><literal>services/security/haka.nix</literal></para></listitem>
<listitem><para><literal>i18n/inputMethod/default.nix</literal></para></listitem> <listitem><para><literal>i18n/inputMethod/default.nix</literal></para></listitem>
<listitem><para><literal>i18n/inputMethod/fcitx.nix</literal></para></listitem>
<listitem><para><literal>i18n/inputMethod/ibus.nix</literal></para></listitem>
<listitem><para><literal>i18n/inputMethod/nabi.nix</literal></para></listitem>
<listitem><para><literal>i18n/inputMethod/uim.nix</literal></para></listitem>
<listitem><para><literal>programs/fish.nix</literal></para></listitem>
<listitem><para><literal>security/acme.nix</literal></para></listitem>
<listitem><para><literal>security/audit.nix</literal></para></listitem>
<listitem><para><literal>security/oath.nix</literal></para></listitem>
<listitem><para><literal>services/hardware/irqbalance.nix</literal></para></listitem>
<listitem><para><literal>services/mail/dspam.nix</literal></para></listitem>
<listitem><para><literal>services/mail/opendkim.nix</literal></para></listitem>
<listitem><para><literal>services/mail/postsrsd.nix</literal></para></listitem>
<listitem><para><literal>services/mail/rspamd.nix</literal></para></listitem>
<listitem><para><literal>services/mail/rmilter.nix</literal></para></listitem>
<listitem><para><literal>services/misc/autofs.nix</literal></para></listitem>
<listitem><para><literal>services/misc/bepasty.nix</literal></para></listitem>
<listitem><para><literal>services/misc/calibre-server.nix</literal></para></listitem>
<listitem><para><literal>services/misc/cfdyndns.nix</literal></para></listitem>
<listitem><para><literal>services/misc/gammu-smsd.nix</literal></para></listitem>
<listitem><para><literal>services/misc/mathics.nix</literal></para></listitem>
<listitem><para><literal>services/misc/matrix-synapse.nix</literal></para></listitem>
<listitem><para><literal>services/misc/octoprint.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/hdaps.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/heapster.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem>
<listitem><para><literal>services/network-filesystems/netatalk.nix</literal></para></listitem>
<listitem><para><literal>services/network-filesystems/xtreemfs.nix</literal></para></listitem>
<listitem><para><literal>services/networking/autossh.nix</literal></para></listitem>
<listitem><para><literal>services/networking/dnschain.nix</literal></para></listitem>
<listitem><para><literal>services/networking/gale.nix</literal></para></listitem>
<listitem><para><literal>services/networking/miniupnpd.nix</literal></para></listitem>
<listitem><para><literal>services/networking/namecoind.nix</literal></para></listitem>
<listitem><para><literal>services/networking/ostinato.nix</literal></para></listitem>
<listitem><para><literal>services/networking/pdnsd.nix</literal></para></listitem>
<listitem><para><literal>services/networking/shairport-sync.nix</literal></para></listitem>
<listitem><para><literal>services/networking/supplicant.nix</literal></para></listitem>
<listitem><para><literal>services/search/kibana.nix</literal></para></listitem>
<listitem><para><literal>services/security/haka.nix</literal></para></listitem>
<listitem><para><literal>services/security/physlock.nix</literal></para></listitem>
<listitem><para><literal>services/web-apps/pump.io.nix</literal></para></listitem>
<listitem><para><literal>services/x11/hardware/libinput.nix</literal></para></listitem>
<listitem><para><literal>services/x11/window-managers/windowlab.nix</literal></para></listitem>
<listitem><para><literal>system/boot/initrd-network.nix</literal></para></listitem>
<listitem><para><literal>system/boot/initrd-ssh.nix</literal></para></listitem>
<listitem><para><literal>system/boot/loader/loader.nix</literal></para></listitem>
<listitem><para><literal>system/boot/networkd.nix</literal></para></listitem>
<listitem><para><literal>system/boot/resolved.nix</literal></para></listitem>
<listitem><para><literal>virtualisation/lxd.nix</literal></para></listitem>
<listitem><para><literal>virtualisation/rkt.nix</literal></para></listitem>
</itemizedlist> </itemizedlist>
</para> </para>
@ -114,7 +165,7 @@ following incompatible changes:</para>
<programlisting><![CDATA[ <programlisting><![CDATA[
{ {
imports = [ <nixos/modules/services/misc/gitit.nix> ]; imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ];
} }
]]></programlisting> ]]></programlisting>
@ -297,7 +348,7 @@ $TTL 1800
<para> <para>
<literal>service.syncthing.dataDir</literal> options now has to point <literal>service.syncthing.dataDir</literal> options now has to point
to exact folder where syncthing is writing to. Example configuration should to exact folder where syncthing is writing to. Example configuration should
loook something like: look something like:
</para> </para>
<programlisting> <programlisting>
services.syncthing = { services.syncthing = {

22
nixos/maintainers/scripts/ec2/create-amis.sh
View File

@ -8,14 +8,15 @@ echo "keeping state in $stateDir"
mkdir -p $stateDir mkdir -p $stateDir
version=$(nix-instantiate --eval --strict '<nixpkgs>' -A lib.nixpkgsVersion | sed s/'"'//g) version=$(nix-instantiate --eval --strict '<nixpkgs>' -A lib.nixpkgsVersion | sed s/'"'//g)
echo "NixOS version is $version" major=${version:0:5}
echo "NixOS version is $version ($major)"
rm -f ec2-amis.nix rm -f ec2-amis.nix
for type in hvm pv; do for type in hvm pv; do
link=$stateDir/$type link=$stateDir/$type
imageFile=$link/nixos.img imageFile=$link/nixos.qcow2
system=x86_64-linux system=x86_64-linux
arch=x86_64 arch=x86_64
@ -61,12 +62,19 @@ for type in hvm pv; do
# Bundle the image. # Bundle the image.
imageDir=$stateDir/$type-bundled imageDir=$stateDir/$type-bundled
# Convert the image to raw format.
rawFile=$stateDir/$type.raw
if ! [ -e $rawFile ]; then
qemu-img convert -f qcow2 -O raw $imageFile $rawFile.tmp
mv $rawFile.tmp $rawFile
fi
if ! [ -d $imageDir ]; then if ! [ -d $imageDir ]; then
rm -rf $imageDir.tmp rm -rf $imageDir.tmp
mkdir -p $imageDir.tmp mkdir -p $imageDir.tmp
ec2-bundle-image \ ec2-bundle-image \
-d $imageDir.tmp \ -d $imageDir.tmp \
-i $imageFile --arch $arch \ -i $rawFile --arch $arch \
--user "$AWS_ACCOUNT" -c "$EC2_CERT" -k "$EC2_PRIVATE_KEY" --user "$AWS_ACCOUNT" -c "$EC2_CERT" -k "$EC2_PRIVATE_KEY"
mv $imageDir.tmp $imageDir mv $imageDir.tmp $imageDir
fi fi
@ -75,14 +83,14 @@ for type in hvm pv; do
if ! [ -e $imageDir/uploaded ]; then if ! [ -e $imageDir/uploaded ]; then
echo "uploading bundle to S3..." echo "uploading bundle to S3..."
ec2-upload-bundle \ ec2-upload-bundle \
-m $imageDir/nixos.img.manifest.xml \ -m $imageDir/$type.raw.manifest.xml \
-b "$bucket/$bucketDir" \ -b "$bucket/$bucketDir" \
-a "$EC2_ACCESS_KEY" -s "$EC2_SECRET_KEY" \ -a "$EC2_ACCESS_KEY" -s "$EC2_SECRET_KEY" \
--location EU --location EU
touch $imageDir/uploaded touch $imageDir/uploaded
fi fi
extraFlags="$bucket/$bucketDir/nixos.img.manifest.xml" extraFlags="$bucket/$bucketDir/$type.raw.manifest.xml"
else else
@ -90,7 +98,7 @@ for type in hvm pv; do
# to upload a huge raw image. # to upload a huge raw image.
vhdFile=$stateDir/$type.vhd vhdFile=$stateDir/$type.vhd
if ! [ -e $vhdFile ]; then if ! [ -e $vhdFile ]; then
qemu-img convert -O vpc $imageFile $vhdFile.tmp qemu-img convert -f qcow2 -O vpc $imageFile $vhdFile.tmp
mv $vhdFile.tmp $vhdFile mv $vhdFile.tmp $vhdFile
fi fi
@ -209,7 +217,7 @@ for type in hvm pv; do
prevRegion="$region" prevRegion="$region"
fi fi
echo " \"15.09\".$region.$type-$store = \"$ami\";" >> ec2-amis.nix echo " \"$major\".$region.$type-$store = \"$ami\";" >> ec2-amis.nix
done done
done done

2
nixos/modules/config/debug-info.nix
View File

@ -38,7 +38,7 @@ with lib;
# environment.pathsToLink, and we can't have both. # environment.pathsToLink, and we can't have both.
#environment.pathsToLink = [ "/lib/debug/.build-id" ]; #environment.pathsToLink = [ "/lib/debug/.build-id" ];
environment.outputsToLink = environment.extraOutputsToInstall =
optional config.environment.enableDebugInfo "debug"; optional config.environment.enableDebugInfo "debug";
}; };

2
nixos/modules/config/fonts/fontconfig.nix
View File

@ -236,7 +236,7 @@ with lib;
# Versioned fontconfig > 2.10. Take shared fonts.conf from fontconfig. # Versioned fontconfig > 2.10. Take shared fonts.conf from fontconfig.
# Otherwise specify only font directories. # Otherwise specify only font directories.
environment.etc."fonts/${pkgs.fontconfig.configVersion}/fonts.conf".source = environment.etc."fonts/${pkgs.fontconfig.configVersion}/fonts.conf".source =
"${pkgs.fontconfig}/etc/fonts/fonts.conf"; "${pkgs.fontconfig.out}/etc/fonts/fonts.conf";
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text = environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text =
let let

2
nixos/modules/config/networking.nix
View File

@ -148,7 +148,7 @@ in
"protocols".source = pkgs.iana_etc + "/etc/protocols"; "protocols".source = pkgs.iana_etc + "/etc/protocols";
# /etc/rpc: RPC program numbers. # /etc/rpc: RPC program numbers.
"rpc".source = pkgs.glibc + "/etc/rpc"; "rpc".source = pkgs.glibc.out + "/etc/rpc";
# /etc/hosts: Hostname-to-IP mappings. # /etc/hosts: Hostname-to-IP mappings.
"hosts".text = "hosts".text =

34
nixos/modules/config/pulseaudio.nix
View File

@ -26,7 +26,7 @@ let
# are built with PulseAudio support (like KDE). # are built with PulseAudio support (like KDE).
clientConf = writeText "client.conf" '' clientConf = writeText "client.conf" ''
autospawn=${if nonSystemWide then "yes" else "no"} autospawn=${if nonSystemWide then "yes" else "no"}
${optionalString nonSystemWide "daemon-binary=${cfg.package}/bin/pulseaudio"} ${optionalString nonSystemWide "daemon-binary=${cfg.package.out}/bin/pulseaudio"}
''; '';
# Write an /etc/asound.conf that causes all ALSA applications to # Write an /etc/asound.conf that causes all ALSA applications to
@ -130,11 +130,11 @@ in {
source = clientConf; source = clientConf;
}; };
hardware.pulseaudio.configFile = mkDefault "${cfg.package}/etc/pulse/default.pa"; hardware.pulseaudio.configFile = mkDefault "${cfg.package.out}/etc/pulse/default.pa";
} }
(mkIf cfg.enable { (mkIf cfg.enable {
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package.out ];
environment.etc = singleton { environment.etc = singleton {
target = "asound.conf"; target = "asound.conf";
@ -150,6 +150,29 @@ in {
target = "pulse/default.pa"; target = "pulse/default.pa";
source = cfg.configFile; source = cfg.configFile;
}; };
systemd.user = {
services.pulseaudio = {
description = "PulseAudio Server";
# NixOS doesn't support "Also" so we bring it in manually
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "notify";
ExecStart = "${cfg.package}/bin/pulseaudio --daemonize=no";
Restart = "on-failure";
};
};
sockets.pulseaudio = {
description = "PulseAudio Socket";
wantedBy = [ "sockets.target" ];
socketConfig = {
Priority = 6;
Backlog = 5;
ListenStream = "%t/pulse/native";
};
};
};
}) })
(mkIf systemWide { (mkIf systemWide {
@ -171,8 +194,9 @@ in {
before = [ "sound.target" ]; before = [ "sound.target" ];
environment.PULSE_RUNTIME_PATH = stateDir; environment.PULSE_RUNTIME_PATH = stateDir;
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/pulseaudio -D --log-level=${cfg.daemon.logLevel} --system --use-pid-file -n --file=${cfg.configFile}"; Type = "notify";
PIDFile = "${stateDir}/pid"; ExecStart = "${cfg.package.out}/bin/pulseaudio --daemonize=no --log-level=${cfg.daemon.logLevel} --system -n --file=${cfg.configFile}";
Restart = "on-failure";
}; };
}; };
}) })

11
nixos/modules/config/system-path.nix
View File

@ -73,11 +73,11 @@ in
description = "List of directories to be symlinked in <filename>/run/current-system/sw</filename>."; description = "List of directories to be symlinked in <filename>/run/current-system/sw</filename>.";
}; };
outputsToLink = mkOption { extraOutputsToInstall = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [ ];
example = [ "doc" ]; example = [ "doc" "info" "docdev" ];
description = "List of package outputs to be symlinked into <filename>/run/current-system/sw</filename>."; description = "List of additional package outputs to be symlinked into <filename>/run/current-system/sw</filename>.";
}; };
}; };
@ -123,9 +123,10 @@ in
system.path = pkgs.buildEnv { system.path = pkgs.buildEnv {
name = "system-path"; name = "system-path";
paths = config.environment.systemPackages; paths = config.environment.systemPackages;
inherit (config.environment) pathsToLink outputsToLink; inherit (config.environment) pathsToLink extraOutputsToInstall;
ignoreCollisions = true; ignoreCollisions = true;
# !!! Hacky, should modularise. # !!! Hacky, should modularise.
# outputs TODO: note that the tools will often not be linked by default
postBuild = postBuild =
'' ''
if [ -x $out/bin/update-mime-database -a -w $out/share/mime ]; then if [ -x $out/bin/update-mime-database -a -w $out/share/mime ]; then

2
nixos/modules/installer/tools/auto-upgrade.nix
View File

@ -78,7 +78,7 @@ let cfg = config.system.autoUpgrade; in
HOME = "/root"; HOME = "/root";
}; };
path = [ pkgs.gnutar pkgs.xz config.nix.package ]; path = [ pkgs.gnutar pkgs.xz.bin config.nix.package ];
script = '' script = ''
${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch ${toString cfg.flags} ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch ${toString cfg.flags}

2
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -165,7 +165,7 @@ sub pciCheck {
) ) ) )
{ {
# we need e.g. brcmfmac43602-pcie.bin # we need e.g. brcmfmac43602-pcie.bin
push @imports, "<nixos/modules/hardware/network/broadcom-43xx.nix>"; push @imports, "<nixpkgs/nixos/modules/hardware/network/broadcom-43xx.nix>";
} }
# Can't rely on $module here, since the module may not be loaded # Can't rely on $module here, since the module may not be loaded

4
nixos/modules/misc/ids.nix
View File

@ -257,6 +257,8 @@
radicale = 234; radicale = 234;
hydra-queue-runner = 235; hydra-queue-runner = 235;
hydra-www = 236; hydra-www = 236;
syncthing = 237;
mfi = 238;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -485,6 +487,8 @@
pdnsd = 229; pdnsd = 229;
octoprint = 230; octoprint = 230;
radicale = 234; radicale = 234;
syncthing = 237;
#mfi = 238; # unused
# When adding a gid, make sure it doesn't match an existing # When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal # uid. Users and groups with the same name should have equal

4
nixos/modules/module-list.nix
View File

@ -283,6 +283,7 @@
./services/network-filesystems/openafs-client/default.nix ./services/network-filesystems/openafs-client/default.nix
./services/network-filesystems/rsyncd.nix ./services/network-filesystems/rsyncd.nix
./services/network-filesystems/samba.nix ./services/network-filesystems/samba.nix
./services/network-filesystems/tahoe.nix
./services/network-filesystems/diod.nix ./services/network-filesystems/diod.nix
./services/network-filesystems/u9fs.nix ./services/network-filesystems/u9fs.nix
./services/network-filesystems/yandex-disk.nix ./services/network-filesystems/yandex-disk.nix
@ -327,12 +328,13 @@
./services/networking/hostapd.nix ./services/networking/hostapd.nix
./services/networking/i2pd.nix ./services/networking/i2pd.nix
./services/networking/i2p.nix ./services/networking/i2p.nix
./services/networking/iodined.nix ./services/networking/iodine.nix
./services/networking/ircd-hybrid/default.nix ./services/networking/ircd-hybrid/default.nix
./services/networking/kippo.nix ./services/networking/kippo.nix
./services/networking/lambdabot.nix ./services/networking/lambdabot.nix
./services/networking/libreswan.nix ./services/networking/libreswan.nix
./services/networking/mailpile.nix ./services/networking/mailpile.nix
./services/networking/mfi.nix
./services/networking/mjpg-streamer.nix ./services/networking/mjpg-streamer.nix
./services/networking/minidlna.nix ./services/networking/minidlna.nix
./services/networking/miniupnpd.nix ./services/networking/miniupnpd.nix

2
nixos/modules/profiles/base.nix
View File

@ -35,7 +35,7 @@
# Tools to create / manipulate filesystems. # Tools to create / manipulate filesystems.
pkgs.ntfsprogs # for resizing NTFS partitions pkgs.ntfsprogs # for resizing NTFS partitions
pkgs.dosfstools pkgs.dosfstools
pkgs.xfsprogs pkgs.xfsprogs.bin
pkgs.jfsutils pkgs.jfsutils
pkgs.f2fs-tools pkgs.f2fs-tools

3
nixos/modules/programs/fish.nix
View File

@ -101,6 +101,9 @@ in
end end
''; '';
# include programs that bring their own completions
environment.pathsToLink = [ "/share/fish/vendor_completions.d" ];
environment.systemPackages = [ pkgs.fish ]; environment.systemPackages = [ pkgs.fish ];
environment.shells = [ environment.shells = [

2
nixos/modules/programs/man.nix
View File

@ -23,7 +23,7 @@ with lib;
environment.pathsToLink = [ "/share/man" ]; environment.pathsToLink = [ "/share/man" ];
environment.outputsToLink = [ "man" ]; environment.extraOutputsToInstall = [ "man" ];
}; };

1
nixos/modules/programs/ssh.nix
View File

@ -189,6 +189,7 @@ in
# Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
PubkeyAcceptedKeyTypes +ssh-dss PubkeyAcceptedKeyTypes +ssh-dss
HostKeyAlgorithms +ssh-dss
${cfg.extraConfig} ${cfg.extraConfig}
''; '';

4
nixos/modules/programs/xfs_quota.nix
View File

@ -89,8 +89,8 @@ in
nameValuePair "xfs_quota-${name}" { nameValuePair "xfs_quota-${name}" {
description = "Setup xfs_quota for project ${name}"; description = "Setup xfs_quota for project ${name}";
script = '' script = ''
${pkgs.xfsprogs}/bin/xfs_quota -x -c 'project -s ${name}' ${opts.fileSystem} ${pkgs.xfsprogs.bin}/bin/xfs_quota -x -c 'project -s ${name}' ${opts.fileSystem}
${pkgs.xfsprogs}/bin/xfs_quota -x -c 'limit -p ${limitOptions opts} ${name}' ${opts.fileSystem} ${pkgs.xfsprogs.bin}/bin/xfs_quota -x -c 'limit -p ${limitOptions opts} ${name}' ${opts.fileSystem}
''; '';
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];

7
nixos/modules/rename.nix
View File

@ -101,6 +101,13 @@ with lib;
# Enlightenment # Enlightenment
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "e19" "enable" ] [ "services" "xserver" "desktopManager" "enlightenment" "enable" ]) (mkRenamedOptionModule [ "services" "xserver" "desktopManager" "e19" "enable" ] [ "services" "xserver" "desktopManager" "enlightenment" "enable" ])
# Iodine
(mkRenamedOptionModule [ "services" "iodined" "enable" ] [ "services" "iodine" "server" "enable" ])
(mkRenamedOptionModule [ "services" "iodined" "domain" ] [ "services" "iodine" "server" "domain" ])
(mkRenamedOptionModule [ "services" "iodined" "ip" ] [ "services" "iodine" "server" "ip" ])
(mkRenamedOptionModule [ "services" "iodined" "extraConfig" ] [ "services" "iodine" "server" "extraConfig" ])
(mkRemovedOptionModule [ "services" "iodined" "client" ])
# Options that are obsolete and have no replacement. # Options that are obsolete and have no replacement.
(mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ]) (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ])
(mkRemovedOptionModule [ "programs" "bash" "enable" ]) (mkRemovedOptionModule [ "programs" "bash" "enable" ])

6
nixos/modules/security/apparmor-suid.nix
View File

@ -28,9 +28,9 @@ with lib;
capability setuid, capability setuid,
network inet raw, network inet raw,
${pkgs.glibc}/lib/*.so mr, ${pkgs.glibc.out}/lib/*.so mr,
${pkgs.libcap}/lib/libcap.so* mr, ${pkgs.libcap.out}/lib/libcap.so* mr,
${pkgs.attr}/lib/libattr.so* mr, ${pkgs.attr.out}/lib/libattr.so* mr,
${pkgs.iputils}/bin/ping mixr, ${pkgs.iputils}/bin/ping mixr,
/var/setuid-wrappers/ping.real r, /var/setuid-wrappers/ping.real r,

8
nixos/modules/security/polkit.nix
View File

@ -59,9 +59,9 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.polkit ]; environment.systemPackages = [ pkgs.polkit.bin pkgs.polkit.out ];
systemd.packages = [ pkgs.polkit ]; systemd.packages = [ pkgs.polkit.out ];
systemd.services.polkit.restartTriggers = [ config.system.path ]; systemd.services.polkit.restartTriggers = [ config.system.path ];
systemd.services.polkit.unitConfig.X-StopIfChanged = false; systemd.services.polkit.unitConfig.X-StopIfChanged = false;
@ -79,7 +79,7 @@ in
${cfg.extraConfig} ${cfg.extraConfig}
''; #TODO: validation on compilation (at least against typos) ''; #TODO: validation on compilation (at least against typos)
services.dbus.packages = [ pkgs.polkit ]; services.dbus.packages = [ pkgs.polkit.out ];
security.pam.services.polkit-1 = {}; security.pam.services.polkit-1 = {};
@ -90,7 +90,7 @@ in
owner = "root"; owner = "root";
group = "root"; group = "root";
setuid = true; setuid = true;
source = "${pkgs.polkit}/lib/polkit-1/polkit-agent-helper-1"; source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1";
} }
]; ];

4
nixos/modules/security/setuid-wrappers.nix
View File

@ -8,12 +8,12 @@ let
setuidWrapper = pkgs.stdenv.mkDerivation { setuidWrapper = pkgs.stdenv.mkDerivation {
name = "setuid-wrapper"; name = "setuid-wrapper";
buildCommand = '' unpackPhase = "true";
installPhase = ''
mkdir -p $out/bin mkdir -p $out/bin
cp ${./setuid-wrapper.c} setuid-wrapper.c cp ${./setuid-wrapper.c} setuid-wrapper.c
gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" \ gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" \
setuid-wrapper.c -o $out/bin/setuid-wrapper setuid-wrapper.c -o $out/bin/setuid-wrapper
strip -S $out/bin/setuid-wrapper
''; '';
}; };

2
nixos/modules/services/backup/crashplan.nix
View File

@ -50,7 +50,7 @@ with lib;
ensureDir ${crashplan.vardir}/log 777 ensureDir ${crashplan.vardir}/log 777
cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf
for x in app.asar bin EULA.txt install.vars lang lib libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libmd564.so libmd5.so share skin upgrade; do for x in app.asar bin EULA.txt install.vars lang lib libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libmd564.so libmd5.so share skin upgrade; do
if [ -e $x ]; then if [ -e ${crashplan.vardir}/$x ]; then
true; true;
else else
ln -s ${crashplan}/$x ${crashplan.vardir}/$x; ln -s ${crashplan}/$x ${crashplan.vardir}/$x;

4
nixos/modules/services/continuous-integration/jenkins/default.nix
View File

@ -161,11 +161,11 @@ in {
''; '';
postStart = '' postStart = ''
until ${pkgs.curl}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} ; do until ${pkgs.curl.bin}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} ; do
sleep 10 sleep 10
done done
while true ; do while true ; do
index=`${pkgs.curl}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix}` index=`${pkgs.curl.bin}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix}`
if [[ !("$index" =~ 'Please wait while Jenkins is restarting' || if [[ !("$index" =~ 'Please wait while Jenkins is restarting' ||
"$index" =~ 'Please wait while Jenkins is getting ready to work') ]]; then "$index" =~ 'Please wait while Jenkins is getting ready to work') ]]; then
exit 0 exit 0

2
nixos/modules/services/databases/openldap.nix
View File

@ -87,7 +87,7 @@ in
mkdir -p ${cfg.dataDir} mkdir -p ${cfg.dataDir}
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
''; '';
serviceConfig.ExecStart = "${openldap}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -f ${configFile}"; serviceConfig.ExecStart = "${openldap.out}/libexec/slapd -u ${cfg.user} -g ${cfg.group} -d 0 -f ${configFile}";
}; };
users.extraUsers.openldap = users.extraUsers.openldap =

2
nixos/modules/services/desktops/gnome3/gvfs.nix
View File

@ -37,7 +37,7 @@ in
services.dbus.packages = [ gnome3.gvfs ]; services.dbus.packages = [ gnome3.gvfs ];
services.udev.packages = [ pkgs.libmtp ]; services.udev.packages = [ pkgs.libmtp.bin ];
}; };

2
nixos/modules/services/hardware/udev.nix
View File

@ -72,7 +72,7 @@ let
run_progs=$(grep -v '^[[:space:]]*#' $out/* | grep 'RUN+="[^/$]' | run_progs=$(grep -v '^[[:space:]]*#' $out/* | grep 'RUN+="[^/$]' |
sed -e 's/.*RUN+="\([^ "]*\)[ "].*/\1/' | uniq) sed -e 's/.*RUN+="\([^ "]*\)[ "].*/\1/' | uniq)
for i in $import_progs $run_progs; do for i in $import_progs $run_progs; do
if [[ ! -x ${pkgs.udev}/lib/udev/$i && ! $i =~ socket:.* ]]; then if [[ ! -x ${udev}/lib/udev/$i && ! $i =~ socket:.* ]]; then
echo "FAIL" echo "FAIL"
echo "$i is called in udev rules but not installed by udev" echo "$i is called in udev rules but not installed by udev"
exit 1 exit 1

2
nixos/modules/services/hardware/upower.nix
View File

@ -51,7 +51,7 @@ in
systemd.services.upower = systemd.services.upower =
{ description = "Power Management Daemon"; { description = "Power Management Daemon";
path = [ pkgs.glib ]; # needed for gdbus path = [ pkgs.glib.out ]; # needed for gdbus
serviceConfig = serviceConfig =
{ Type = "dbus"; { Type = "dbus";
BusName = "org.freedesktop.UPower"; BusName = "org.freedesktop.UPower";

2
nixos/modules/services/misc/docker-registry.nix
View File

@ -65,7 +65,7 @@ in {
}; };
postStart = '' postStart = ''
until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/'; do until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/'; do
sleep 1; sleep 1;
done done
''; '';

2
nixos/modules/services/misc/nix-daemon.nix
View File

@ -358,7 +358,7 @@ in
systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ]; systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ];
systemd.services.nix-daemon = systemd.services.nix-daemon =
{ path = [ nix pkgs.openssl pkgs.utillinux config.programs.ssh.package ] { path = [ nix pkgs.openssl.bin pkgs.utillinux config.programs.ssh.package ]
++ optionals cfg.distributedBuilds [ pkgs.gzip ]; ++ optionals cfg.distributedBuilds [ pkgs.gzip ];
environment = cfg.envVars environment = cfg.envVars

1
nixos/modules/services/misc/plex.nix
View File

@ -128,6 +128,7 @@ in
Group = cfg.group; Group = cfg.group;
PermissionsStartOnly = "true"; PermissionsStartOnly = "true";
ExecStart = "/bin/sh -c '${cfg.package}/usr/lib/plexmediaserver/Plex\\ Media\\ Server'"; ExecStart = "/bin/sh -c '${cfg.package}/usr/lib/plexmediaserver/Plex\\ Media\\ Server'";
Restart = "on-failure";
}; };
environment = { environment = {
PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=cfg.dataDir; PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=cfg.dataDir;

2
nixos/modules/services/misc/subsonic.nix
View File

@ -97,7 +97,7 @@ in
transcoders = mkOption { transcoders = mkOption {
type = types.listOf types.path; type = types.listOf types.path;
default = [ "${pkgs.ffmpeg}/bin/ffmpeg" ]; default = [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ];
description = '' description = ''
List of paths to transcoder executables that should be accessible List of paths to transcoder executables that should be accessible
from Subsonic. Symlinks will be created to each executable inside from Subsonic. Symlinks will be created to each executable inside

2
nixos/modules/services/misc/svnserve.nix
View File

@ -38,7 +38,7 @@ in
after = [ "network-interfaces.target" ]; after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = "mkdir -p ${cfg.svnBaseDir}"; preStart = "mkdir -p ${cfg.svnBaseDir}";
script = "${pkgs.subversion}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/var/run/svnserve.pid"; script = "${pkgs.subversion.out}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/var/run/svnserve.pid";
}; };
}; };
} }

2
nixos/modules/services/monitoring/cadvisor.nix
View File

@ -71,7 +71,7 @@ in {
after = [ "network.target" "docker.service" "influxdb.service" ]; after = [ "network.target" "docker.service" "influxdb.service" ];
postStart = mkBefore '' postStart = mkBefore ''
until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
sleep 1; sleep 1;
done done
''; '';

2
nixos/modules/services/monitoring/graphite.nix
View File

@ -509,7 +509,7 @@ in {
}; };
in "${aenv}/${pkgs.python.sitePackages}"; in "${aenv}/${pkgs.python.sitePackages}";
GRAPHITE_API_CONFIG = graphiteApiConfig; GRAPHITE_API_CONFIG = graphiteApiConfig;
LD_LIBRARY_PATH = "${pkgs.cairo}/lib"; LD_LIBRARY_PATH = "${pkgs.cairo.out}/lib";
}; };
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''

286
nixos/modules/services/network-filesystems/tahoe.nix Normal file
View File

@ -0,0 +1,286 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.tahoe;
in
{
options.services.tahoe = {
introducers = mkOption {
default = {};
type = types.loaOf types.optionSet;
description = ''
The Tahoe introducers.
'';
options = {
nickname = mkOption {
type = types.str;
description = ''
The nickname of this Tahoe introducer.
'';
};
tub.port = mkOption {
default = 3458;
type = types.int;
description = ''
The port on which the introducer will listen.
'';
};
package = mkOption {
default = pkgs.tahoelafs;
defaultText = "pkgs.tahoelafs";
type = types.package;
example = literalExample "pkgs.tahoelafs";
description = ''
The package to use for the Tahoe LAFS daemon.
'';
};
};
};
nodes = mkOption {
default = {};
type = types.loaOf types.optionSet;
description = ''
The Tahoe nodes.
'';
options = {
nickname = mkOption {
type = types.str;
description = ''
The nickname of this Tahoe node.
'';
};
tub.port = mkOption {
default = 3457;
type = types.int;
description = ''
The port on which the tub will listen.
This is the correct setting to tweak if you want Tahoe's storage
system to listen on a different port.
'';
};
web.port = mkOption {
default = 3456;
type = types.int;
description = ''
The port on which the Web server will listen.
This is the correct setting to tweak if you want Tahoe's WUI to
listen on a different port.
'';
};
client.introducer = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
The furl for a Tahoe introducer node.
Like all furls, keep this safe and don't share it.
'';
};
client.helper = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
The furl for a Tahoe helper node.
Like all furls, keep this safe and don't share it.
'';
};
client.shares.needed = mkOption {
default = 3;
type = types.int;
description = ''
The number of shares required to reconstitute a file.
'';
};
client.shares.happy = mkOption {
default = 7;
type = types.int;
description = ''
The number of distinct storage nodes required to store
a file.
'';
};
client.shares.total = mkOption {
default = 10;
type = types.int;
description = ''
The number of shares required to store a file.
'';
};
storage.enable = mkEnableOption "storage service";
storage.reservedSpace = mkOption {
default = "1G";
type = types.str;
description = ''
The amount of filesystem space to not use for storage.
'';
};
helper.enable = mkEnableOption "helper service";
package = mkOption {
default = pkgs.tahoelafs;
defaultText = "pkgs.tahoelafs";
type = types.package;
example = literalExample "pkgs.tahoelafs";
description = ''
The package to use for the Tahoe LAFS daemon.
'';
};
};
};
};
config = mkMerge [
(mkIf (cfg.introducers != {}) {
environment = {
etc = flip mapAttrs' cfg.introducers (node: settings:
nameValuePair "tahoe-lafs/introducer-${node}.cfg" {
mode = "0444";
text = ''
# This configuration is generated by Nix. Edit at your own
# peril; here be dragons.
[node]
nickname = ${settings.nickname}
tub.port = ${toString settings.tub.port}
'';
});
# Actually require Tahoe, so that we will have it installed.
systemPackages = flip mapAttrsToList cfg.introducers (node: settings:
settings.package
);
};
# Open up the firewall.
# networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.introducers
# (node: settings: settings.tub.port);
systemd.services = flip mapAttrs' cfg.introducers (node: settings:
let
pidfile = "/run/tahoe.introducer-${node}.pid";
# This is a directory, but it has no trailing slash. Tahoe commands
# get antsy when there's a trailing slash.
nodedir = "/var/db/tahoe-lafs/introducer-${node}";
in nameValuePair "tahoe.introducer-${node}" {
description = "Tahoe LAFS node ${node}";
wantedBy = [ "multi-user.target" ];
path = [ settings.package ];
restartTriggers = [
config.environment.etc."tahoe-lafs/introducer-${node}.cfg".source ];
serviceConfig = {
Type = "simple";
PIDFile = pidfile;
};
preStart = ''
if [ \! -d ${nodedir} ]; then
mkdir -p /var/db/tahoe-lafs
tahoe create-introducer ${nodedir}
fi
# Tahoe has created a predefined tahoe.cfg which we must now
# scribble over.
# XXX I thought that a symlink would work here, but it doesn't, so
# we must do this on every prestart. Fixes welcome.
# rm ${nodedir}/tahoe.cfg
# ln -s /etc/tahoe-lafs/introducer-${node}.cfg ${nodedir}/tahoe.cfg
cp /etc/tahoe-lafs/introducer-${node}.cfg ${nodedir}/tahoe.cfg
'';
# Believe it or not, Tahoe is very brittle about the order of
# arguments to $(tahoe start). The node directory must come first,
# and arguments which alter Twisted's behavior come afterwards.
script = ''
tahoe start ${nodedir} -n -l- --pidfile=${pidfile}
'';
});
users.extraUsers = flip mapAttrs' cfg.introducers (node: _:
nameValuePair "tahoe.introducer-${node}" {
description = "Tahoe node user for introducer ${node}";
isSystemUser = true;
});
})
(mkIf (cfg.nodes != {}) {
environment = {
etc = flip mapAttrs' cfg.nodes (node: settings:
nameValuePair "tahoe-lafs/${node}.cfg" {
mode = "0444";
text = ''
# This configuration is generated by Nix. Edit at your own
# peril; here be dragons.
[node]
nickname = ${settings.nickname}
tub.port = ${toString settings.tub.port}
# This is a Twisted endpoint. Twisted Web doesn't work on
# non-TCP. ~ C.
web.port = tcp:${toString settings.web.port}
[client]
${optionalString (settings.client.introducer != null)
"introducer.furl = ${settings.client.introducer}"}
${optionalString (settings.client.helper != null)
"helper.furl = ${settings.client.helper}"}
shares.needed = ${toString settings.client.shares.needed}
shares.happy = ${toString settings.client.shares.happy}
shares.total = ${toString settings.client.shares.total}
[storage]
enabled = ${if settings.storage.enable then "true" else "false"}
reserved_space = ${settings.storage.reservedSpace}
[helper]
enabled = ${if settings.helper.enable then "true" else "false"}
'';
});
# Actually require Tahoe, so that we will have it installed.
systemPackages = flip mapAttrsToList cfg.nodes (node: settings:
settings.package
);
};
# Open up the firewall.
# networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.nodes
# (node: settings: settings.tub.port);
systemd.services = flip mapAttrs' cfg.nodes (node: settings:
let
pidfile = "/run/tahoe.${node}.pid";
# This is a directory, but it has no trailing slash. Tahoe commands
# get antsy when there's a trailing slash.
nodedir = "/var/db/tahoe-lafs/${node}";
in nameValuePair "tahoe.${node}" {
description = "Tahoe LAFS node ${node}";
wantedBy = [ "multi-user.target" ];
path = [ settings.package ];
restartTriggers = [
config.environment.etc."tahoe-lafs/${node}.cfg".source ];
serviceConfig = {
Type = "simple";
PIDFile = pidfile;
};
preStart = ''
if [ \! -d ${nodedir} ]; then
mkdir -p /var/db/tahoe-lafs
tahoe create-node ${nodedir}
fi
# Tahoe has created a predefined tahoe.cfg which we must now
# scribble over.
# XXX I thought that a symlink would work here, but it doesn't, so
# we must do this on every prestart. Fixes welcome.
# rm ${nodedir}/tahoe.cfg
# ln -s /etc/tahoe-lafs/${node}.cfg ${nodedir}/tahoe.cfg
cp /etc/tahoe-lafs/${node}.cfg ${nodedir}/tahoe.cfg
'';
# Believe it or not, Tahoe is very brittle about the order of
# arguments to $(tahoe start). The node directory must come first,
# and arguments which alter Twisted's behavior come afterwards.
script = ''
tahoe start ${nodedir} -n -l- --pidfile=${pidfile}
'';
});
users.extraUsers = flip mapAttrs' cfg.nodes (node: _:
nameValuePair "tahoe.${node}" {
description = "Tahoe node user for node ${node}";
isSystemUser = true;
});
})
];
}

19
nixos/modules/services/network-filesystems/u9fs.nix
View File

@ -27,10 +27,17 @@ in
''; '';
}; };
user = mkOption {
type = types.str;
default = "nobody";
description =
"User to run u9fs under.";
};
extraArgs = mkOption { extraArgs = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
example = "-a none -u nobody"; example = "-a none";
description = description =
'' ''
Extra arguments to pass on invocation, Extra arguments to pass on invocation,
@ -38,13 +45,6 @@ in
''; '';
}; };
fsroot = mkOption {
type = types.path;
default = "/";
example = "/srv";
description = "File system root to serve to clients.";
};
}; };
}; };
@ -63,9 +63,10 @@ in
reloadIfChanged = true; reloadIfChanged = true;
requires = [ "u9fs.socket" ]; requires = [ "u9fs.socket" ];
serviceConfig = serviceConfig =
{ ExecStart = "-${pkgs.u9fs}/bin/u9fs ${cfg.extraArgs} ${cfg.fsroot}"; { ExecStart = "-${pkgs.u9fs}/bin/u9fs ${cfg.extraArgs}";
StandardInput = "socket"; StandardInput = "socket";
StandardError = "journal"; StandardError = "journal";
User = cfg.user;
}; };
}; };
}; };

12
nixos/modules/services/networking/dnscrypt-proxy.nix
View File

@ -151,7 +151,7 @@ in
/etc/group r, /etc/group r,
${config.environment.etc."nsswitch.conf".source} r, ${config.environment.etc."nsswitch.conf".source} r,
${pkgs.glibc}/lib/*.so mr, ${pkgs.glibc.out}/lib/*.so mr,
${pkgs.tzdata}/share/zoneinfo/** r, ${pkgs.tzdata}/share/zoneinfo/** r,
network inet stream, network inet stream,
@ -159,12 +159,12 @@ in
network inet dgram, network inet dgram,
network inet6 dgram, network inet6 dgram,
${pkgs.gcc.cc}/lib/libssp.so.* mr, ${pkgs.gcc.cc.lib}/lib/libssp.so.* mr,
${pkgs.libsodium}/lib/libsodium.so.* mr, ${pkgs.libsodium.out}/lib/libsodium.so.* mr,
${pkgs.systemd}/lib/libsystemd.so.* mr, ${pkgs.systemd}/lib/libsystemd.so.* mr,
${pkgs.xz}/lib/liblzma.so.* mr, ${pkgs.xz.out}/lib/liblzma.so.* mr,
${pkgs.libgcrypt}/lib/libgcrypt.so.* mr, ${pkgs.libgcrypt.out}/lib/libgcrypt.so.* mr,
${pkgs.libgpgerror}/lib/libgpg-error.so.* mr, ${pkgs.libgpgerror.out}/lib/libgpg-error.so.* mr,
${pkgs.libcap}/lib/libcap.so.* mr, ${pkgs.libcap}/lib/libcap.so.* mr,
${pkgs.lz4}/lib/liblz4.so.* mr, ${pkgs.lz4}/lib/liblz4.so.* mr,
${pkgs.attr}/lib/libattr.so.* mr, ${pkgs.attr}/lib/libattr.so.* mr,

2
nixos/modules/services/networking/i2pd.nix
View File

@ -8,7 +8,7 @@ let
homeDir = "/var/lib/i2pd"; homeDir = "/var/lib/i2pd";
extip = "EXTIP=\$(${pkgs.curl}/bin/curl -sf \"http://jsonip.com\" | ${pkgs.gawk}/bin/awk -F'\"' '{print $4}')"; extip = "EXTIP=\$(${pkgs.curl.bin}/bin/curl -sf \"http://jsonip.com\" | ${pkgs.gawk}/bin/awk -F'\"' '{print $4}')";
toYesNo = b: if b then "yes" else "no"; toYesNo = b: if b then "yes" else "no";

136
nixos/modules/services/networking/iodine.nix Normal file
View File

@ -0,0 +1,136 @@
# NixOS module for iodine, ip over dns daemon
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.iodine;
iodinedUser = "iodined";
in
{
### configuration
options = {
services.iodine = {
clients = mkOption {
default = {};
description = ''
Each attribute of this option defines a systemd service that
runs iodine. Many or none may be defined.
The name of each service is
<literal>iodine-<replaceable>name</replaceable></literal>
where <replaceable>name</replaceable> is the name of the
corresponding attribute name.
'';
example = literalExample ''
{
foo = {
server = "tunnel.mdomain.com";
relay = "8.8.8.8";
extraConfig = "-P mysecurepassword";
}
}
'';
type = types.attrsOf (types.submodule (
{
options = {
server = mkOption {
type = types.str;
default = "";
description = "Domain or Subdomain of server running iodined";
example = "tunnel.mydomain.com";
};
relay = mkOption {
type = types.str;
default = "";
description = "DNS server to use as a intermediate relay to the iodined server";
example = "8.8.8.8";
};
extraConfig = mkOption {
type = types.str;
default = "";
description = "Additional command line parameters";
example = "-P mysecurepassword -l 192.168.1.10 -p 23";
};
};
}));
};
server = {
enable = mkOption {
type = types.bool;
default = false;
description = "enable iodined server";
};
ip = mkOption {
type = types.str;
default = "";
description = "The assigned ip address or ip range";
example = "172.16.10.1/24";
};
domain = mkOption {
type = types.str;
default = "";
description = "Domain or subdomain of which nameservers point to us";
example = "tunnel.mydomain.com";
};
extraConfig = mkOption {
type = types.str;
default = "";
description = "Additional command line parameters";
example = "-P mysecurepassword -l 192.168.1.10 -p 23";
};
};
};
};
### implementation
config = mkIf (cfg.server.enable || cfg.clients != {}) {
environment.systemPackages = [ pkgs.iodine ];
boot.kernelModules = [ "tun" ];
systemd.services =
let
createIodineClientService = name: cfg:
{
description = "iodine client - ${name}";
wantedBy = [ "ip-up.target" ];
serviceConfig = {
RestartSec = "30s";
Restart = "always";
ExecStart = "${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.relay} ${cfg.server}";
};
};
in
listToAttrs (
mapAttrsToList
(name: value: nameValuePair "iodine-${name}" (createIodineClientService name value))
cfg.clients
) // {
iodined = mkIf (cfg.server.enable) {
description = "iodine, ip over dns server daemon";
wantedBy = [ "ip-up.target" ];
serviceConfig.ExecStart = "${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${cfg.server.ip} ${cfg.server.domain}";
};
};
users.extraUsers = singleton {
name = iodinedUser;
uid = config.ids.uids.iodined;
description = "Iodine daemon user";
};
users.extraGroups.iodined.gid = config.ids.gids.iodined;
};
}

86
nixos/modules/services/networking/iodined.nix
View File

@ -1,86 +0,0 @@
# NixOS module for iodine, ip over dns daemon
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.iodined;
iodinedUser = "iodined";
in
{
### configuration
options = {
services.iodined = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable iodine, ip over dns daemon";
};
client = mkOption {
type = types.bool;
default = false;
description = "Start iodine in client mode";
};
ip = mkOption {
type = types.str;
default = "";
description = "Assigned ip address or ip range";
example = "172.16.10.1/24";
};
domain = mkOption {
type = types.str;
default = "";
description = "Domain or subdomain of which nameservers point to us";
example = "tunnel.mydomain.com";
};
extraConfig = mkOption {
type = types.str;
default = "";
description = "Additional command line parameters";
example = "-P mysecurepassword -l 192.168.1.10 -p 23";
};
};
};
### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.iodine ];
boot.kernelModules = [ "tun" ];
systemd.services.iodined = {
description = "iodine, ip over dns daemon";
wantedBy = [ "ip-up.target" ];
serviceConfig.ExecStart = "${pkgs.iodine}/sbin/iodined -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.ip} ${cfg.domain}";
};
users.extraUsers = singleton {
name = iodinedUser;
uid = config.ids.uids.iodined;
description = "Iodine daemon user";
};
users.extraGroups.iodined.gid = config.ids.gids.iodined;
assertions = [{ assertion = if !cfg.client then cfg.ip != "" else true;
message = "cannot start iodined without ip set";}
{ assertion = cfg.domain != "";
message = "cannot start iodined without domain name set";}];
};
}

90
nixos/modules/services/networking/mfi.nix Normal file
View File

@ -0,0 +1,90 @@
{ config, lib, pkgs, utils, ... }:
with lib;
let
name = "Ubiquiti mFi Controller";
cfg = config.services.mfi;
stateDir = "/var/lib/mfi";
# XXX 2 runtime exceptions using jre8: JSPException on GET / ; can't initialize ./data/keystore on first run.
cmd = "@${pkgs.jre7}/bin/java java -jar ${stateDir}/lib/ace.jar";
mountPoints = [
{ what = "${pkgs.mfi}/dl"; where = "${stateDir}/dl"; }
{ what = "${pkgs.mfi}/lib"; where = "${stateDir}/lib"; }
{ what = "${pkgs.mongodb248}/bin"; where = "${stateDir}/bin"; }
];
systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints;
ports = [ 6080 6880 6443 6843 ];
in
{
options = {
services.mfi = {
enable = mkEnableOption name;
openPorts = mkOption {
type = types.bool;
default = true;
description = "Whether to open TCP ports ${concatMapStrings (a: "${toString a} ") ports}for the services.";
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = mkIf config.services.mfi.openPorts ports;
users.users.mfi = {
uid = config.ids.uids.mfi;
description = "mFi controller daemon user";
home = "${stateDir}";
};
# We must create the binary directories as bind mounts instead of symlinks
# This is because the controller resolves all symlinks to absolute paths
# to be used as the working directory.
systemd.mounts = map ({ what, where }: {
bindsTo = [ "mfi.service" ];
partOf = [ "mfi.service" ];
unitConfig.RequiresMountsFor = stateDir;
options = "bind";
what = what;
where = where;
}) mountPoints;
systemd.services.mfi = {
description = "mFi controller daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ] ++ systemdMountPoints;
partOf = systemdMountPoints;
bindsTo = systemdMountPoints;
unitConfig.RequiresMountsFor = stateDir;
preStart = ''
# Clear ./webapps each run.
rm -rf "${stateDir}/webapps"
mkdir -p "${stateDir}/webapps"
ln -s "${pkgs.mfi}/webapps/ROOT.war" "${stateDir}/webapps"
# Copy initial config only once.
test -e "${stateDir}/conf" || cp -ar "${pkgs.mfi}/conf" "${stateDir}/conf"
test -e "${stateDir}/data" || cp -ar "${pkgs.mfi}/data" "${stateDir}/data"
# Fix Permissions.
# (Bind-mounts cause errors; ignore exit codes)
chown -fR mfi: "${stateDir}" || true
chmod -fR u=rwX,go= "${stateDir}" || true
'';
postStop = ''
rm -rf "${stateDir}/webapps"
'';
serviceConfig = {
Type = "simple";
ExecStart = "${cmd} start";
ExecStop = "${cmd} stop";
User = "mfi";
PermissionsStartOnly = true;
UMask = "0077";
WorkingDirectory = "${stateDir}";
};
};
};
}

17
nixos/modules/services/networking/minidlna.nix
View File

@ -58,9 +58,9 @@ in
services.minidlna.config = services.minidlna.config =
'' ''
port=${toString port} port=${toString port}
friendly_name=NixOS Media Server friendly_name=${config.networking.hostName} MiniDLNA
db_dir=/var/cache/minidlna db_dir=/var/cache/minidlna
log_dir=/var/log/minidlna log_level=warn
inotify=yes inotify=yes
${concatMapStrings (dir: '' ${concatMapStrings (dir: ''
media_dir=${dir} media_dir=${dir}
@ -83,21 +83,18 @@ in
preStart = preStart =
'' ''
mkdir -p /var/cache/minidlna /var/log/minidlna /run/minidlna mkdir -p /var/cache/minidlna
chown minidlna /var/cache/minidlna /var/log/minidlna /run/minidlna chown -R minidlna:minidlna /var/cache/minidlna
''; '';
# FIXME: log through the journal rather than
# /var/log/minidlna. The -d flag does that, but also raises
# the log level to debug...
serviceConfig = serviceConfig =
{ User = "minidlna"; { User = "minidlna";
Group = "nogroup"; Group = "minidlna";
PermissionsStartOnly = true; PermissionsStartOnly = true;
Type = "forking"; RuntimeDirectory = "minidlna";
PIDFile = "/run/minidlna/pid"; PIDFile = "/run/minidlna/pid";
ExecStart = ExecStart =
"@${pkgs.minidlna}/sbin/minidlnad minidlnad -P /run/minidlna/pid" + "${pkgs.minidlna}/sbin/minidlnad -S -P /run/minidlna/pid" +
" -f ${pkgs.writeText "minidlna.conf" cfg.config}"; " -f ${pkgs.writeText "minidlna.conf" cfg.config}";
}; };
}; };

2
nixos/modules/services/networking/nix-serve.nix
View File

@ -50,7 +50,7 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ config.nix.package pkgs.bzip2 ]; path = [ config.nix.package pkgs.bzip2.bin ];
environment.NIX_REMOTE = "daemon"; environment.NIX_REMOTE = "daemon";
environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile; environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile;

33
nixos/modules/services/networking/syncthing.nix
View File

@ -5,6 +5,7 @@ with lib;
let let
cfg = config.services.syncthing; cfg = config.services.syncthing;
defaultUser = "syncthing";
in in
@ -17,6 +18,7 @@ in
services.syncthing = { services.syncthing = {
enable = mkOption { enable = mkOption {
type = types.bool;
default = false; default = false;
description = '' description = ''
Whether to enable the Syncthing, self-hosted open-source alternative Whether to enable the Syncthing, self-hosted open-source alternative
@ -26,7 +28,8 @@ in
}; };
user = mkOption { user = mkOption {
default = "syncthing"; type = types.string;
default = defaultUser;
description = '' description = ''
Syncthing will be run under this user (user must exist, Syncthing will be run under this user (user must exist,
this can be your user name). this can be your user name).
@ -34,8 +37,8 @@ in
}; };
all_proxy = mkOption { all_proxy = mkOption {
type = types.string; type = types.nullOr types.string;
default = ""; default = null;
example = "socks5://address.com:1234"; example = "socks5://address.com:1234";
description = '' description = ''
Overwrites all_proxy environment variable for the syncthing process to Overwrites all_proxy environment variable for the syncthing process to
@ -45,6 +48,7 @@ in
}; };
dataDir = mkOption { dataDir = mkOption {
type = types.path;
default = "/var/lib/syncthing"; default = "/var/lib/syncthing";
description = '' description = ''
Path where the settings and keys will exist. Path where the settings and keys will exist.
@ -71,20 +75,33 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
users = mkIf (cfg.user == defaultUser) {
extraUsers."${defaultUser}" =
{ group = defaultUser;
home = cfg.dataDir;
createHome = true;
uid = config.ids.uids.syncthing;
description = "Syncthing daemon user";
};
extraGroups."${defaultUser}".gid =
config.ids.gids.syncthing;
};
systemd.services.syncthing = systemd.services.syncthing =
{ {
description = "Syncthing service"; description = "Syncthing service";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment = { environment = {
STNORESTART = "yes"; # do not self-restart STNORESTART = "yes"; # do not self-restart
STNOUPGRADE = "yes"; STNOUPGRADE = "yes";
} // inherit (cfg) all_proxy;
(config.networking.proxy.envVars) // } // config.networking.proxy.envVars;
(if cfg.all_proxy != "" then { all_proxy = cfg.all_proxy; } else {});
serviceConfig = { serviceConfig = {
User = "${cfg.user}"; User = cfg.user;
Group = optionalString (cfg.user == defaultUser) defaultUser;
PermissionsStartOnly = true; PermissionsStartOnly = true;
Restart = "on-failure"; Restart = "on-failure";
ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}";

8
nixos/modules/services/printing/cupsd.nix
View File

@ -14,21 +14,21 @@ let
additionalBackends = pkgs.runCommand "additional-cups-backends" { } additionalBackends = pkgs.runCommand "additional-cups-backends" { }
'' ''
mkdir -p $out mkdir -p $out
if [ ! -e ${cups}/lib/cups/backend/smb ]; then if [ ! -e ${cups.out}/lib/cups/backend/smb ]; then
mkdir -p $out/lib/cups/backend mkdir -p $out/lib/cups/backend
ln -sv ${pkgs.samba}/bin/smbspool $out/lib/cups/backend/smb ln -sv ${pkgs.samba}/bin/smbspool $out/lib/cups/backend/smb
fi fi
# Provide support for printing via HTTPS. # Provide support for printing via HTTPS.
if [ ! -e ${cups}/lib/cups/backend/https ]; then if [ ! -e ${cups.out}/lib/cups/backend/https ]; then
mkdir -p $out/lib/cups/backend mkdir -p $out/lib/cups/backend
ln -sv ${cups}/lib/cups/backend/ipp $out/lib/cups/backend/https ln -sv ${cups.out}/lib/cups/backend/ipp $out/lib/cups/backend/https
fi fi
''; '';
# Here we can enable additional backends, filters, etc. that are not # Here we can enable additional backends, filters, etc. that are not
# part of CUPS itself, e.g. the SMB backend is part of Samba. Since # part of CUPS itself, e.g. the SMB backend is part of Samba. Since
# we can't update ${cups}/lib/cups itself, we create a symlink tree # we can't update ${cups.out}/lib/cups itself, we create a symlink tree
# here and add the additional programs. The ServerBin directive in # here and add the additional programs. The ServerBin directive in
# cupsd.conf tells cupsd to use this tree. # cupsd.conf tells cupsd to use this tree.
bindir = pkgs.buildEnv { bindir = pkgs.buildEnv {

2
nixos/modules/services/search/elasticsearch.nix
View File

@ -148,7 +148,7 @@ in {
if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi
''; '';
postStart = mkBefore '' postStart = mkBefore ''
until ${pkgs.curl}/bin/curl -s -o /dev/null ${cfg.listenAddress}:${toString cfg.port}; do until ${pkgs.curl.bin}/bin/curl -s -o /dev/null ${cfg.listenAddress}:${toString cfg.port}; do
sleep 1 sleep 1
done done
''; '';

26
nixos/modules/services/system/dbus.nix
View File

@ -121,7 +121,7 @@ in
security.setuidOwners = singleton security.setuidOwners = singleton
{ program = "dbus-daemon-launch-helper"; { program = "dbus-daemon-launch-helper";
source = "${pkgs.dbus_daemon}/libexec/dbus-daemon-launch-helper"; source = "${pkgs.dbus_daemon.lib}/libexec/dbus-daemon-launch-helper";
owner = "root"; owner = "root";
group = "messagebus"; group = "messagebus";
setuid = true; setuid = true;
@ -139,6 +139,30 @@ in
systemd.services.dbus.restartTriggers = [ configDir ]; systemd.services.dbus.restartTriggers = [ configDir ];
systemd.user = {
services.dbus = {
description = "D-Bus User Message Bus";
requires = [ "dbus.socket" ];
# NixOS doesn't support "Also" so we pull it in manually
# As the .service is supposed to come up at the same time as
# the .socket, we use basic.target instead of default.target
wantedBy = [ "basic.target" ];
serviceConfig = {
ExecStart = "${pkgs.dbus_daemon}/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation";
ExecReload = "${pkgs.dbus_daemon}/bin/dbus-send --print-reply --session --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig";
};
};
sockets.dbus = {
description = "D-Bus User Message Bus Socket";
socketConfig = {
ListenStream = "%t/bus";
ExecStartPost = "-${config.systemd.package}/bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=%t/bus";
};
wantedBy = [ "sockets.target" ];
};
};
environment.pathsToLink = [ "/etc/dbus-1" "/share/dbus-1" ]; environment.pathsToLink = [ "/etc/dbus-1" "/share/dbus-1" ];
}; };

10
nixos/modules/services/system/nscd.nix
View File

@ -64,14 +64,14 @@ in
restartTriggers = [ config.environment.etc.hosts.source config.environment.etc."nsswitch.conf".source ]; restartTriggers = [ config.environment.etc.hosts.source config.environment.etc."nsswitch.conf".source ];
serviceConfig = serviceConfig =
{ ExecStart = "@${pkgs.glibc}/sbin/nscd nscd -f ${cfgFile}"; { ExecStart = "@${pkgs.glibc.bin}/sbin/nscd nscd -f ${cfgFile}";
Type = "forking"; Type = "forking";
PIDFile = "/run/nscd/nscd.pid"; PIDFile = "/run/nscd/nscd.pid";
Restart = "always"; Restart = "always";
ExecReload = ExecReload =
[ "${pkgs.glibc}/sbin/nscd --invalidate passwd" [ "${pkgs.glibc.bin}/sbin/nscd --invalidate passwd"
"${pkgs.glibc}/sbin/nscd --invalidate group" "${pkgs.glibc.bin}/sbin/nscd --invalidate group"
"${pkgs.glibc}/sbin/nscd --invalidate hosts" "${pkgs.glibc.bin}/sbin/nscd --invalidate hosts"
]; ];
}; };
@ -79,7 +79,7 @@ in
# its pid. So wait until it's ready. # its pid. So wait until it's ready.
postStart = postStart =
'' ''
while ! ${pkgs.glibc}/sbin/nscd -g -f ${cfgFile} > /dev/null; do while ! ${pkgs.glibc.bin}/sbin/nscd -g -f ${cfgFile} > /dev/null; do
sleep 0.2 sleep 0.2
done done
''; '';

28
nixos/modules/services/torrent/transmission.nix
View File

@ -113,21 +113,21 @@ in
#include <abstractions/base> #include <abstractions/base>
#include <abstractions/nameservice> #include <abstractions/nameservice>
${pkgs.glibc}/lib/*.so mr, ${pkgs.glibc.out}/lib/*.so mr,
${pkgs.libevent}/lib/libevent*.so* mr, ${pkgs.libevent.out}/lib/libevent*.so* mr,
${pkgs.curl}/lib/libcurl*.so* mr, ${pkgs.curl.out}/lib/libcurl*.so* mr,
${pkgs.openssl}/lib/libssl*.so* mr, ${pkgs.openssl.out}/lib/libssl*.so* mr,
${pkgs.openssl}/lib/libcrypto*.so* mr, ${pkgs.openssl.out}/lib/libcrypto*.so* mr,
${pkgs.zlib}/lib/libz*.so* mr, ${pkgs.zlib.out}/lib/libz*.so* mr,
${pkgs.libssh2}/lib/libssh2*.so* mr, ${pkgs.libssh2.out}/lib/libssh2*.so* mr,
${pkgs.systemd}/lib/libsystemd*.so* mr, ${pkgs.systemd}/lib/libsystemd*.so* mr,
${pkgs.xz}/lib/liblzma*.so* mr, ${pkgs.xz.out}/lib/liblzma*.so* mr,
${pkgs.libgcrypt}/lib/libgcrypt*.so* mr, ${pkgs.libgcrypt.out}/lib/libgcrypt*.so* mr,
${pkgs.libgpgerror}/lib/libgpg-error*.so* mr, ${pkgs.libgpgerror.out}/lib/libgpg-error*.so* mr,
${pkgs.libnghttp2}/lib/libnghttp2*.so* mr, ${pkgs.libnghttp2.out}/lib/libnghttp2*.so* mr,
${pkgs.c-ares}/lib/libcares*.so* mr, ${pkgs.c-ares.out}/lib/libcares*.so* mr,
${pkgs.libcap}/lib/libcap*.so* mr, ${pkgs.libcap.out}/lib/libcap*.so* mr,
${pkgs.attr}/lib/libattr*.so* mr, ${pkgs.attr.out}/lib/libattr*.so* mr,
${pkgs.lz4}/lib/liblz4*.so* mr, ${pkgs.lz4}/lib/liblz4*.so* mr,
@{PROC}/sys/kernel/random/uuid r, @{PROC}/sys/kernel/random/uuid r,

5
nixos/modules/services/web-servers/apache-httpd/default.nix
View File

@ -6,13 +6,13 @@ let
mainCfg = config.services.httpd; mainCfg = config.services.httpd;
httpd = mainCfg.package; httpd = mainCfg.package.out;
version24 = !versionOlder httpd.version "2.4"; version24 = !versionOlder httpd.version "2.4";
httpdConf = mainCfg.configFile; httpdConf = mainCfg.configFile;
php = pkgs.php.override { apacheHttpd = httpd; }; php = pkgs.php.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ };
getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80; getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80;
@ -685,6 +685,7 @@ in
serviceConfig.ExecStart = "@${httpd}/bin/httpd httpd -f ${httpdConf}"; serviceConfig.ExecStart = "@${httpd}/bin/httpd httpd -f ${httpdConf}";
serviceConfig.ExecStop = "${httpd}/bin/httpd -f ${httpdConf} -k graceful-stop"; serviceConfig.ExecStop = "${httpd}/bin/httpd -f ${httpdConf} -k graceful-stop";
serviceConfig.ExecReload = "${httpd}/bin/httpd -f ${httpdConf} -k graceful";
serviceConfig.Type = "forking"; serviceConfig.Type = "forking";
serviceConfig.PIDFile = "${mainCfg.stateDir}/httpd.pid"; serviceConfig.PIDFile = "${mainCfg.stateDir}/httpd.pid";
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";

2
nixos/modules/services/web-servers/apache-httpd/owncloud.nix
View File

@ -333,7 +333,7 @@ let
'version' => '${config.package.version}', 'version' => '${config.package.version}',
'openssl' => '${pkgs.openssl}/bin/openssl' 'openssl' => '${pkgs.openssl.bin}/bin/openssl'
); );

2
nixos/modules/services/web-servers/apache-httpd/phabricator.nix
View File

@ -39,7 +39,7 @@ in {
"${pkgs.diffutils}" "${pkgs.diffutils}"
] ++ ] ++
(if config.mercurial then ["${pkgs.mercurial}"] else []) ++ (if config.mercurial then ["${pkgs.mercurial}"] else []) ++
(if config.subversion then ["${pkgs.subversion}"] else []) ++ (if config.subversion then ["${pkgs.subversion.out}"] else []) ++
(if config.git then ["${pkgs.git}"] else []); (if config.git then ["${pkgs.git}"] else []);
startupScript = pkgs.writeScript "activatePhabricator" '' startupScript = pkgs.writeScript "activatePhabricator" ''

11
nixos/modules/services/web-servers/apache-httpd/trac.nix
View File

@ -5,14 +5,19 @@ with lib;
let let
# Build a Subversion instance with Apache modules and Swig/Python bindings. # Build a Subversion instance with Apache modules and Swig/Python bindings.
subversion = pkgs.subversion.override (origArgs: { subversion = pkgs.subversion.override {
bdbSupport = true; bdbSupport = true;
httpServer = true; httpServer = true;
pythonBindings = true; pythonBindings = true;
}); apacheHttpd = httpd;
};
pythonLib = p: "${p}/"; pythonLib = p: "${p}/";
httpd = serverInfo.serverConfig.package;
versionPre24 = versionOlder httpd.version "2.4";
in in
{ {
@ -82,7 +87,7 @@ in
AuthName "${config.ldapAuthentication.name}" AuthName "${config.ldapAuthentication.name}"
AuthBasicProvider "ldap" AuthBasicProvider "ldap"
AuthLDAPURL "${config.ldapAuthentication.url}" AuthLDAPURL "${config.ldapAuthentication.url}"
authzldapauthoritative Off ${if versionPre24 then "authzldapauthoritative Off" else ""}
require valid-user require valid-user
</LocationMatch> </LocationMatch>
'' else ""} '' else ""}

2
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -166,7 +166,7 @@ in {
}; };
environment.variables.GIO_EXTRA_MODULES = [ "${gnome3.dconf}/lib/gio/modules" environment.variables.GIO_EXTRA_MODULES = [ "${gnome3.dconf}/lib/gio/modules"
"${gnome3.glib_networking}/lib/gio/modules" "${gnome3.glib_networking.out}/lib/gio/modules"
"${gnome3.gvfs}/lib/gio/modules" ]; "${gnome3.gvfs}/lib/gio/modules" ];
environment.systemPackages = gnome3.corePackages ++ cfg.sessionPath environment.systemPackages = gnome3.corePackages ++ cfg.sessionPath
++ (removePackagesByName gnome3.optionalPackages config.environment.gnome3.excludePackages); ++ (removePackagesByName gnome3.optionalPackages config.environment.gnome3.excludePackages);

13
nixos/modules/services/x11/desktop-managers/kde5.nix
View File

@ -62,13 +62,13 @@ in
${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1" ${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1"
''} ''}
exec ${kde5.plasma-workspace}/bin/startkde exec startkde
''; '';
}; };
security.setuidOwners = singleton { security.setuidOwners = singleton {
program = "kcheckpass"; program = "kcheckpass";
source = "${kde5.plasma-workspace}/lib/libexec/kcheckpass"; source = "${kde5.plasma-workspace.out}/lib/libexec/kcheckpass";
owner = "root"; owner = "root";
group = "root"; group = "root";
setuid = true; setuid = true;
@ -171,19 +171,22 @@ in
# Enable GTK applications to load SVG icons # Enable GTK applications to load SVG icons
environment.variables = mkIf (lib.hasAttr "breeze-icons" kde5) { environment.variables = mkIf (lib.hasAttr "breeze-icons" kde5) {
GDK_PIXBUF_MODULE_FILE = "${pkgs.librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache"; GDK_PIXBUF_MODULE_FILE = "${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache";
}; };
fonts.fonts = [ (kde5.oxygen-fonts or pkgs.noto-fonts) ]; fonts.fonts = [ (kde5.oxygen-fonts or pkgs.noto-fonts) ];
programs.ssh.askPassword = "${kde5.ksshaskpass}/bin/ksshaskpass"; programs.ssh.askPassword = "${kde5.ksshaskpass.out}/bin/ksshaskpass";
# Enable helpful DBus services. # Enable helpful DBus services.
services.udisks2.enable = true; services.udisks2.enable = true;
services.upower.enable = config.powerManagement.enable; services.upower.enable = config.powerManagement.enable;
# Extra UDEV rules used by Solid # Extra UDEV rules used by Solid
services.udev.packages = [ pkgs.media-player-info ]; services.udev.packages = [
pkgs.libmtp
pkgs.media-player-info
];
services.xserver.displayManager.sddm = { services.xserver.displayManager.sddm = {
theme = "breeze"; theme = "breeze";

8
nixos/modules/services/x11/display-managers/default.nix
View File

@ -45,7 +45,7 @@ let
${optionalString cfg.startDbusSession '' ${optionalString cfg.startDbusSession ''
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
exec ${pkgs.dbus.tools}/bin/dbus-launch --exit-with-session "$0" "$sessionType" exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" "$sessionType"
fi fi
''} ''}
@ -55,11 +55,11 @@ let
# Start PulseAudio if enabled. # Start PulseAudio if enabled.
${optionalString (config.hardware.pulseaudio.enable) '' ${optionalString (config.hardware.pulseaudio.enable) ''
${optionalString (!config.hardware.pulseaudio.systemWide) ${optionalString (!config.hardware.pulseaudio.systemWide)
"${config.hardware.pulseaudio.package}/bin/pulseaudio --start" "${config.hardware.pulseaudio.package.out}/bin/pulseaudio --start"
} }
# Publish access credentials in the root window. # Publish access credentials in the root window.
${config.hardware.pulseaudio.package}/bin/pactl load-module module-x11-publish "display=$DISPLAY" ${config.hardware.pulseaudio.package.out}/bin/pactl load-module module-x11-publish "display=$DISPLAY"
''} ''}
# Tell systemd about our $DISPLAY. This is needed by the # Tell systemd about our $DISPLAY. This is needed by the
@ -275,7 +275,7 @@ in
}; };
config = { config = {
services.xserver.displayManager.xserverBin = "${xorg.xorgserver}/bin/X"; services.xserver.displayManager.xserverBin = "${xorg.xorgserver.out}/bin/X";
}; };
imports = [ imports = [

6
nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix
View File

@ -24,9 +24,9 @@ let
# This wrapper ensures that we actually get themes # This wrapper ensures that we actually get themes
makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \ makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \
$out/greeter \ $out/greeter \
--prefix PATH : "${pkgs.glibc}/bin" \ --prefix PATH : "${pkgs.glibc.bin}/bin" \
--set GDK_PIXBUF_MODULE_FILE "${pkgs.gdk_pixbuf}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \ --set GDK_PIXBUF_MODULE_FILE "${pkgs.gdk_pixbuf.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \
--set GTK_PATH "${theme}:${pkgs.gtk3}" \ --set GTK_PATH "${theme}:${pkgs.gtk3.out}" \
--set GTK_EXE_PREFIX "${theme}" \ --set GTK_EXE_PREFIX "${theme}" \
--set GTK_DATA_PREFIX "${theme}" \ --set GTK_DATA_PREFIX "${theme}" \
--set XDG_DATA_DIRS "${theme}/share:${icons}/share" \ --set XDG_DATA_DIRS "${theme}/share:${icons}/share" \

2
nixos/modules/services/x11/display-managers/sddm.nix
View File

@ -48,7 +48,7 @@ let
[XDisplay] [XDisplay]
MinimumVT=${toString xcfg.tty} MinimumVT=${toString xcfg.tty}
ServerPath=${xserverWrapper} ServerPath=${xserverWrapper}
XephyrPath=${pkgs.xorg.xorgserver}/bin/Xephyr XephyrPath=${pkgs.xorg.xorgserver.out}/bin/Xephyr
SessionCommand=${dmcfg.session.script} SessionCommand=${dmcfg.session.script}
SessionDir=${dmcfg.session.desktops} SessionDir=${dmcfg.session.desktops}
XauthPath=${pkgs.xorg.xauth}/bin/xauth XauthPath=${pkgs.xorg.xauth}/bin/xauth

2
nixos/modules/services/x11/terminal-server.nix
View File

@ -41,7 +41,7 @@ with lib;
{ description = "Terminal Server"; { description = "Terminal Server";
path = path =
[ pkgs.xorgserver pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth [ pkgs.xorgserver.out pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth
pkgs.nettools pkgs.shadow pkgs.procps pkgs.utillinux pkgs.bash pkgs.nettools pkgs.shadow pkgs.procps pkgs.utillinux pkgs.bash
]; ];

2
nixos/modules/services/x11/window-managers/metacity.nix
View File

@ -20,7 +20,7 @@ in
services.xserver.windowManager.session = singleton services.xserver.windowManager.session = singleton
{ name = "metacity"; { name = "metacity";
start = '' start = ''
env LD_LIBRARY_PATH=${xorg.libX11}/lib:${xorg.libXext}/lib:/usr/lib/ env LD_LIBRARY_PATH=${xorg.libX11.out}/lib:${xorg.libXext.out}/lib:/usr/lib/
# !!! Hack: load the schemas for Metacity. # !!! Hack: load the schemas for Metacity.
GCONF_CONFIG_SOURCE=xml::~/.gconf ${gnome.GConf}/bin/gconftool-2 \ GCONF_CONFIG_SOURCE=xml::~/.gconf ${gnome.GConf}/bin/gconftool-2 \
--makefile-install-rule ${gnome.metacity}/etc/gconf/schemas/*.schemas # */ --makefile-install-rule ${gnome.metacity}/etc/gconf/schemas/*.schemas # */

13
nixos/modules/services/x11/xserver.nix
View File

@ -219,6 +219,12 @@ in
''; '';
}; };
dpi = mkOption {
type = types.nullOr types.int;
default = 0;
description = "DPI resolution to use for X server.";
};
startDbusSession = mkOption { startDbusSession = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -450,7 +456,7 @@ in
]); ]);
environment.systemPackages = environment.systemPackages =
[ xorg.xorgserver [ xorg.xorgserver.out
xorg.xrandr xorg.xrandr
xorg.xrdb xorg.xrdb
xorg.setxkbmap xorg.setxkbmap
@ -487,7 +493,7 @@ in
XKB_BINDIR = "${xorg.xkbcomp}/bin"; # Needed for the Xkb extension. XKB_BINDIR = "${xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" ( LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${xorg.libX11}/lib" "${xorg.libXext}/lib" ] [ "${xorg.libX11.out}/lib" "${xorg.libXext.out}/lib" ]
++ concatLists (catAttrs "libPath" cfg.drivers)); ++ concatLists (catAttrs "libPath" cfg.drivers));
} // cfg.displayManager.job.environment; } // cfg.displayManager.job.environment;
@ -513,12 +519,13 @@ in
"-xkbdir" "${cfg.xkbDir}" "-xkbdir" "${cfg.xkbDir}"
] ++ optional (cfg.display != null) ":${toString cfg.display}" ] ++ optional (cfg.display != null) ":${toString cfg.display}"
++ optional (cfg.tty != null) "vt${toString cfg.tty}" ++ optional (cfg.tty != null) "vt${toString cfg.tty}"
++ optional (cfg.dpi != null) "-dpi ${toString cfg.dpi}"
++ optionals (cfg.display != null) [ "-logfile" "/var/log/X.${toString cfg.display}.log" ] ++ optionals (cfg.display != null) [ "-logfile" "/var/log/X.${toString cfg.display}.log" ]
++ optional (!cfg.enableTCP) "-nolisten tcp"; ++ optional (!cfg.enableTCP) "-nolisten tcp";
services.xserver.modules = services.xserver.modules =
concatLists (catAttrs "modules" cfg.drivers) ++ concatLists (catAttrs "modules" cfg.drivers) ++
[ xorg.xorgserver [ xorg.xorgserver.out
xorg.xf86inputevdev xorg.xf86inputevdev
]; ];

3
nixos/modules/system/activation/activation-script.nix
View File

@ -12,7 +12,8 @@ let
''; '';
}); });
path = path = map # outputs TODO?
(pkg: (pkg.bin or (pkg.out or pkg)))
[ pkgs.coreutils pkgs.gnugrep pkgs.findutils [ pkgs.coreutils pkgs.gnugrep pkgs.findutils
pkgs.glibc # needed for getent pkgs.glibc # needed for getent
pkgs.shadow pkgs.shadow

4
nixos/modules/system/boot/luksroot.nix
View File

@ -436,9 +436,9 @@ in
${optionalString luks.yubikeySupport '' ${optionalString luks.yubikeySupport ''
copy_bin_and_libs ${pkgs.ykpers}/bin/ykchalresp copy_bin_and_libs ${pkgs.ykpers}/bin/ykchalresp
copy_bin_and_libs ${pkgs.ykpers}/bin/ykinfo copy_bin_and_libs ${pkgs.ykpers}/bin/ykinfo
copy_bin_and_libs ${pkgs.openssl}/bin/openssl copy_bin_and_libs ${pkgs.openssl.bin}/bin/openssl
cc -O3 -I${pkgs.openssl}/include -L${pkgs.openssl}/lib ${./pbkdf2-sha512.c} -o pbkdf2-sha512 -lcrypto cc -O3 -I${pkgs.openssl}/include -L${pkgs.openssl.out}/lib ${./pbkdf2-sha512.c} -o pbkdf2-sha512 -lcrypto
strip -s pbkdf2-sha512 strip -s pbkdf2-sha512
copy_bin_and_libs pbkdf2-sha512 copy_bin_and_libs pbkdf2-sha512

7
nixos/modules/system/boot/stage-1-init.sh
View File

@ -434,11 +434,8 @@ udevadm control --exit
# Reset the logging file descriptors. # Reset the logging file descriptors.
# Do this just before pkill, which will kill the tee process. # Do this just before pkill, which will kill the tee process.
if test -n "@logCommands@" exec 1>&$logOutFd 2>&$logErrFd
then eval "exec $logOutFd>&- $logErrFd>&-"
exec 1>&$logOutFd 2>&$logErrFd
eval "exec $logOutFd>&- $logErrFd>&-"
fi
# Kill any remaining processes, just to be sure we're not taking any # Kill any remaining processes, just to be sure we're not taking any
# with us into stage 2. But keep storage daemons like unionfs-fuse. # with us into stage 2. But keep storage daemons like unionfs-fuse.

6
nixos/modules/system/boot/stage-1.nix
View File

@ -67,6 +67,10 @@ let
copy_bin_and_libs $BIN copy_bin_and_libs $BIN
done done
# Copy modprobe.
copy_bin_and_libs ${pkgs.kmod}/bin/kmod
ln -sf kmod $out/bin/modprobe
# Copy resize2fs if needed. # Copy resize2fs if needed.
${optionalString (any (fs: fs.autoResize) (attrValues config.fileSystems)) '' ${optionalString (any (fs: fs.autoResize) (attrValues config.fileSystems)) ''
# We need mke2fs in the initrd. # We need mke2fs in the initrd.
@ -76,7 +80,7 @@ let
${config.boot.initrd.extraUtilsCommands} ${config.boot.initrd.extraUtilsCommands}
# Copy ld manually since it isn't detected correctly # Copy ld manually since it isn't detected correctly
cp -pv ${pkgs.glibc}/lib/ld*.so.? $out/lib cp -pv ${pkgs.glibc.out}/lib/ld*.so.? $out/lib
# Copy all of the needed libraries for the binaries # Copy all of the needed libraries for the binaries
for BIN in $(find $out/{bin,sbin} -type f); do for BIN in $(find $out/{bin,sbin} -type f); do

13
nixos/modules/system/boot/stage-2.nix
View File

@ -7,11 +7,14 @@ let
kernel = config.boot.kernelPackages.kernel; kernel = config.boot.kernelPackages.kernel;
activateConfiguration = config.system.activationScripts.script; activateConfiguration = config.system.activationScripts.script;
readonlyMountpoint = pkgs.runCommand "readonly-mountpoint" {} '' readonlyMountpoint = pkgs.stdenv.mkDerivation {
mkdir -p $out/bin name = "readonly-mountpoint";
cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint unpackPhase = "true";
strip -s $out/bin/readonly-mountpoint installPhase = ''
''; mkdir -p $out/bin
cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint
'';
};
bootStage2 = pkgs.substituteAll { bootStage2 = pkgs.substituteAll {
src = ./stage-2-init.sh; src = ./stage-2-init.sh;

6
nixos/modules/tasks/filesystems/unionfs-fuse.nix
View File

@ -18,9 +18,9 @@
boot.initrd.postDeviceCommands = '' boot.initrd.postDeviceCommands = ''
# Hacky!!! fuse hard-codes the path to mount # Hacky!!! fuse hard-codes the path to mount
mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}/bin mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin
ln -s $(which mount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}/bin ln -s $(which mount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin
ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}/bin ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}-bin/bin
''; '';
}) })

4
nixos/modules/tasks/filesystems/xfs.nix
View File

@ -11,13 +11,13 @@ in
{ {
config = mkIf (any (fs: fs == "xfs") config.boot.supportedFilesystems) { config = mkIf (any (fs: fs == "xfs") config.boot.supportedFilesystems) {
system.fsPackages = [ pkgs.xfsprogs ]; system.fsPackages = [ pkgs.xfsprogs.bin ];
boot.initrd.availableKernelModules = mkIf inInitrd [ "xfs" "crc32c" ]; boot.initrd.availableKernelModules = mkIf inInitrd [ "xfs" "crc32c" ];
boot.initrd.extraUtilsCommands = mkIf inInitrd boot.initrd.extraUtilsCommands = mkIf inInitrd
'' ''
copy_bin_and_libs ${pkgs.xfsprogs}/sbin/fsck.xfs copy_bin_and_libs ${pkgs.xfsprogs.bin}/bin/fsck.xfs
''; '';
# Trick just to set 'sh' after the extraUtils nuke-refs. # Trick just to set 'sh' after the extraUtils nuke-refs.

37
nixos/modules/virtualisation/ec2-amis.nix
View File

@ -89,4 +89,41 @@
"15.09".us-west-2.hvm-s3 = "ami-2956b849"; "15.09".us-west-2.hvm-s3 = "ami-2956b849";
"15.09".us-west-2.pv-ebs = "ami-005fb160"; "15.09".us-west-2.pv-ebs = "ami-005fb160";
"15.09".us-west-2.pv-s3 = "ami-cd55bbad"; "15.09".us-west-2.pv-s3 = "ami-cd55bbad";
"16.03".ap-northeast-1.hvm-ebs = "ami-885040e6";
"16.03".ap-northeast-1.hvm-s3 = "ami-d15a4abf";
"16.03".ap-northeast-1.pv-ebs = "ami-7f455511";
"16.03".ap-northeast-1.pv-s3 = "ami-6d7d6d03";
"16.03".ap-southeast-1.hvm-ebs = "ami-478a5f24";
"16.03".ap-southeast-1.hvm-s3 = "ami-b2885dd1";
"16.03".ap-southeast-1.pv-ebs = "ami-55b46136";
"16.03".ap-southeast-1.pv-s3 = "ami-92b762f1";
"16.03".ap-southeast-2.hvm-ebs = "ami-26b09345";
"16.03".ap-southeast-2.hvm-s3 = "ami-52ac8f31";
"16.03".ap-southeast-2.pv-ebs = "ami-1fb3907c";
"16.03".ap-southeast-2.pv-s3 = "ami-49b1922a";
"16.03".eu-central-1.hvm-ebs = "ami-2bd63744";
"16.03".eu-central-1.hvm-s3 = "ami-82d435ed";
"16.03".eu-central-1.pv-ebs = "ami-b729c8d8";
"16.03".eu-central-1.pv-s3 = "ami-a12dccce";
"16.03".eu-west-1.hvm-ebs = "ami-87c242f4";
"16.03".eu-west-1.hvm-s3 = "ami-b6c343c5";
"16.03".eu-west-1.pv-ebs = "ami-6bc94918";
"16.03".eu-west-1.pv-s3 = "ami-00cb4b73";
"16.03".sa-east-1.hvm-ebs = "ami-845cd3e8";
"16.03".sa-east-1.hvm-s3 = "ami-8142cded";
"16.03".sa-east-1.pv-ebs = "ami-1643cc7a";
"16.03".sa-east-1.pv-s3 = "ami-1646c97a";
"16.03".us-east-1.hvm-ebs = "ami-2cc4d046";
"16.03".us-east-1.hvm-s3 = "ami-9bc9ddf1";
"16.03".us-east-1.pv-ebs = "ami-7df4e017";
"16.03".us-east-1.pv-s3 = "ami-90f2e6fa";
"16.03".us-west-1.hvm-ebs = "ami-d8116db8";
"16.03".us-west-1.hvm-s3 = "ami-a7166ac7";
"16.03".us-west-1.pv-ebs = "ami-e90c7089";
"16.03".us-west-1.pv-s3 = "ami-5b0c703b";
"16.03".us-west-2.hvm-ebs = "ami-b339ccd3";
"16.03".us-west-2.hvm-s3 = "ami-2c3bce4c";
"16.03".us-west-2.pv-ebs = "ami-0625d066";
"16.03".us-west-2.pv-s3 = "ami-7414e114";
} }

2
nixos/modules/virtualisation/virtualbox-guest.nix
View File

@ -66,7 +66,7 @@ in
services.xserver.displayManager.sessionCommands = services.xserver.displayManager.sessionCommands =
'' ''
PATH=${makeSearchPath "bin" [ pkgs.gnugrep pkgs.which pkgs.xorg.xorgserver ]}:$PATH \ PATH=${makeSearchPath "bin" [ pkgs.gnugrep pkgs.which pkgs.xorg.xorgserver.out ]}:$PATH \
${kernel.virtualboxGuestAdditions}/bin/VBoxClient-all ${kernel.virtualboxGuestAdditions}/bin/VBoxClient-all
''; '';

2
nixos/tests/cadvisor.nix
View File

@ -14,7 +14,7 @@ import ./make-test.nix ({ pkgs, ... } : {
services.cadvisor.storageDriver = "influxdb"; services.cadvisor.storageDriver = "influxdb";
services.influxdb.enable = true; services.influxdb.enable = true;
systemd.services.influxdb.postStart = mkAfter '' systemd.services.influxdb.postStart = mkAfter ''
${pkgs.curl}/bin/curl -X POST 'http://localhost:8086/db?u=root&p=root' \ ${pkgs.curl.bin}/bin/curl -X POST 'http://localhost:8086/db?u=root&p=root' \
-d '{"name": "root"}' -d '{"name": "root"}'
''; '';
}; };

2
pkgs/applications/altcoins/bitcoin-xt.nix
View File

@ -19,7 +19,7 @@ stdenv.mkDerivation rec{
configureFlags = [ configureFlags = [
"--with-boost-libdir=${boost.lib}/lib" "--with-boost-libdir=${boost.lib}/lib"
"--with-libcurl-headers=${curl}/include" "--with-libcurl-headers=${curl.dev}/include"
] ++ optionals withGui [ "--with-gui=qt4" ]; ] ++ optionals withGui [ "--with-gui=qt4" ];
meta = { meta = {

2
pkgs/applications/audio/ardour/default.nix
View File

@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
# have to do that ourself. # have to do that ourself.
patchPhase = '' patchPhase = ''
printf '#include "libs/ardour/ardour/revision.h"\nnamespace ARDOUR { const char* revision = \"${tag}-${builtins.substring 0 8 src.rev}\"; }\n' > libs/ardour/revision.cc printf '#include "libs/ardour/ardour/revision.h"\nnamespace ARDOUR { const char* revision = \"${tag}-${builtins.substring 0 8 src.rev}\"; }\n' > libs/ardour/revision.cc
sed 's|/usr/include/libintl.h|${glibc}/include/libintl.h|' -i wscript sed 's|/usr/include/libintl.h|${glibc.dev}/include/libintl.h|' -i wscript
patchShebangs ./tools/ patchShebangs ./tools/
''; '';

6
pkgs/applications/audio/audacity/default.nix
View File

@ -18,6 +18,12 @@ stdenv.mkDerivation rec {
sha256 = "19fr674mw844zmkp1476yigkcnmb6zyn78av64ccdwi3p68i00rf"; sha256 = "19fr674mw844zmkp1476yigkcnmb6zyn78av64ccdwi3p68i00rf";
})]; })];
# fix with gcc-5 from http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2012-December/245884.html
postPatch = ''
substituteInPlace lib-src/libnyquist/nyquist/ffts/src/fftlib.c \
--replace 'inline void' 'static inline void'
'';
preConfigure = /* we prefer system-wide libs */ '' preConfigure = /* we prefer system-wide libs */ ''
mv lib-src lib-src-rm mv lib-src lib-src-rm
mkdir lib-src mkdir lib-src

2
pkgs/applications/audio/baudline/default.nix
View File

@ -36,7 +36,7 @@ stdenv.mkDerivation rec {
cp -r . "$out/libexec/baudline/" cp -r . "$out/libexec/baudline/"
interpreter="$(echo ${stdenv.glibc}/lib/ld-linux*)" interpreter="$(echo ${stdenv.glibc.out}/lib/ld-linux*)"
for prog in "$out"/libexec/baudline/baudline*; do for prog in "$out"/libexec/baudline/baudline*; do
patchelf --interpreter "$interpreter" "$prog" patchelf --interpreter "$interpreter" "$prog"
ln -sr "$prog" "$out/bin/" ln -sr "$prog" "$out/bin/"

2
pkgs/applications/audio/caudec/default.nix
View File

@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
postFixup = '' postFixup = ''
for executable in $(cd $out/bin && ls); do for executable in $(cd $out/bin && ls); do
wrapProgram $out/bin/$executable \ wrapProgram $out/bin/$executable \
--prefix PATH : "${bc}/bin:${findutils}/bin:${sox}/bin:${procps}/bin:${opusTools}/bin:${lame}/bin:${flac}/bin" --prefix PATH : "${bc}/bin:${findutils}/bin:${sox}/bin:${procps}/bin:${opusTools}/bin:${lame}/bin:${flac.bin}/bin"
done done
''; '';

4
pkgs/applications/audio/drumgizmo/default.nix
View File

@ -3,12 +3,12 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "0.9.9"; version = "0.9.10";
name = "drumgizmo-${version}"; name = "drumgizmo-${version}";
src = fetchurl { src = fetchurl {
url = "http://www.drumgizmo.org/releases/${name}/${name}.tar.gz"; url = "http://www.drumgizmo.org/releases/${name}/${name}.tar.gz";
sha256 = "03dnh2p4s6n107n0r86h9j1jwy85a8qwjkh0288k60qpdqy1c7vp"; sha256 = "142si734lsyywxhn7msiz053ir96kl5im3h1jql3vhcb4807f3d1";
}; };
configureFlags = [ "--enable-lv2" ]; configureFlags = [ "--enable-lv2" ];

4
pkgs/applications/audio/flac/default.nix
View File

@ -8,12 +8,12 @@ stdenv.mkDerivation rec {
sha256 = "4773c0099dba767d963fd92143263be338c48702172e8754b9bc5103efe1c56c"; sha256 = "4773c0099dba767d963fd92143263be338c48702172e8754b9bc5103efe1c56c";
}; };
outputs = [ "out" "doc" ];
buildInputs = [ libogg ]; buildInputs = [ libogg ];
#doCheck = true; # takes lots of time #doCheck = true; # takes lots of time
outputs = [ "dev" "out" "bin" "doc" ];
meta = with stdenv.lib; { meta = with stdenv.lib; {
homepage = http://xiph.org/flac/; homepage = http://xiph.org/flac/;
description = "Library and tools for encoding and decoding the FLAC lossless audio file format"; description = "Library and tools for encoding and decoding the FLAC lossless audio file format";

2
pkgs/applications/audio/google-musicmanager/default.nix
View File

@ -36,7 +36,7 @@ stdenv.mkDerivation rec {
buildPhase = '' buildPhase = ''
patchelf \ patchelf \
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath "$out/opt/google/musicmanager:${readline}/lib:${ncurses}/lib:${stdenv.cc.libc}/lib:${qt48}/lib:${stdenv.cc.cc}/lib:${libidn}/lib:${expat}/lib:${flac}/lib:${libvorbis}/lib" opt/google/musicmanager/MusicManager --set-rpath "$out/opt/google/musicmanager:${stdenv.lib.makeLibraryPath [ readline ncurses stdenv.cc.libc.out qt48 stdenv.cc.cc libidn expat flac libvorbis ]}" opt/google/musicmanager/MusicManager
''; '';
dontPatchELF = true; dontPatchELF = true;

30
pkgs/applications/audio/japa/default.nix Normal file
View File

@ -0,0 +1,30 @@
{ stdenv, fetchurl, alsaLib, libjack2, fftwFloat, libclthreads, libclxclient, libX11, libXft, zita-alsa-pcmi, }:
stdenv.mkDerivation rec {
version = "0.8.4";
name = "japa-${version}";
src = fetchurl {
url = "http://kokkinizita.linuxaudio.org/linuxaudio/downloads/${name}.tar.bz2";
sha256 = "1jhj7s4vqk5c4lchdall0kslvj5sh91902hhfjvs6r3a5nrhwcp0";
};
buildInputs = [ alsaLib libjack2 fftwFloat libclthreads libclxclient libX11 libXft zita-alsa-pcmi ];
preConfigure = ''
cd ./source/
'';
makeFlags = [
"PREFIX=$(out)"
"SUFFIX=''"
];
meta = {
description = "A 'perceptual' or 'psychoacoustic' audio spectrum analyser for JACK and ALSA";
homepage = http://kokkinizita.linuxaudio.org/linuxaudio/index.html;
license = stdenv.lib.licenses.gpl2;
maintainers = [ stdenv.lib.maintainers.magnetophon ];
platforms = stdenv.lib.platforms.linux;
};
}

2
pkgs/applications/audio/milkytracker/default.nix
View File

@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
''; '';
preBuild='' preBuild=''
export CPATH=${zlib}/lib export CPATH=${zlib.out}/lib
''; '';
buildInputs = [ SDL alsaLib autoconf automake libjack2 perl zlib zziplib ]; buildInputs = [ SDL alsaLib autoconf automake libjack2 perl zlib zziplib ];

4
pkgs/applications/audio/paprefs/default.nix
View File

@ -1,5 +1,5 @@
{ fetchurl, stdenv, pkgconfig, libpulseaudio, gtkmm, libglademm { fetchurl, stdenv, pkgconfig, libpulseaudio, gtkmm, libglademm
, dbus_glib, gconfmm, intltool }: , dbus_glib, GConf, gconfmm, intltool }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "paprefs-0.9.10"; name = "paprefs-0.9.10";
@ -13,6 +13,8 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig intltool ]; nativeBuildInputs = [ pkgconfig intltool ];
propagatedUserEnvPkgs = [ GConf ];
configureFlags = [ "--disable-lynx" ]; configureFlags = [ "--disable-lynx" ];
meta = with stdenv.lib; { meta = with stdenv.lib; {

18
pkgs/applications/audio/spotify/default.nix
View File

@ -1,11 +1,11 @@
{ fetchurl, stdenv, dpkg, xorg, alsaLib, makeWrapper, openssl_1_0_1, freetype { fetchurl, stdenv, dpkg, xorg, alsaLib, makeWrapper, openssl, freetype
, glib, pango, cairo, atk, gdk_pixbuf, gtk, cups, nspr, nss, libpng, GConf , glib, pango, cairo, atk, gdk_pixbuf, gtk, cups, nspr, nss, libpng, GConf
, libgcrypt, udev, fontconfig, dbus, expat, ffmpeg_0_10, curl, zlib, gnome }: , libgcrypt, libudev, fontconfig, dbus, expat, ffmpeg_0_10, curl, zlib, gnome }:
assert stdenv.system == "x86_64-linux"; assert stdenv.system == "x86_64-linux";
let let
version = "1.0.26.125.g64dc8bc6-14"; version = "1.0.27.71.g0a26e3b2-9";
deps = [ deps = [
alsaLib alsaLib
@ -27,7 +27,7 @@ let
nss nss
pango pango
stdenv.cc.cc stdenv.cc.cc
udev libudev
xorg.libX11 xorg.libX11
xorg.libXcomposite xorg.libXcomposite
xorg.libXcursor xorg.libXcursor
@ -50,7 +50,7 @@ stdenv.mkDerivation {
src = src =
fetchurl { fetchurl {
url = "http://repository-origin.spotify.com/pool/non-free/s/spotify-client/spotify-client_${version}_amd64.deb"; url = "http://repository-origin.spotify.com/pool/non-free/s/spotify-client/spotify-client_${version}_amd64.deb";
sha256 = "09wanpml2a6k8asfc0pd56n7fia37amgsplsan1qdh6dwdzr3rv5"; sha256 = "1rs08cvn0y1lzazlmzj4sn2iyacadwi6j70n5c7rvfvvs4p61p42";
}; };
buildInputs = [ dpkg makeWrapper ]; buildInputs = [ dpkg makeWrapper ];
@ -68,10 +68,10 @@ stdenv.mkDerivation {
# Work around Spotify referring to a specific minor version of # Work around Spotify referring to a specific minor version of
# OpenSSL. # OpenSSL.
ln -s ${openssl_1_0_1}/lib/libssl.so $libdir/libssl.so.1.0.0 ln -s ${openssl.out}/lib/libssl.so $libdir/libssl.so.1.0.0
ln -s ${openssl_1_0_1}/lib/libcrypto.so $libdir/libcrypto.so.1.0.0 ln -s ${openssl.out}/lib/libcrypto.so $libdir/libcrypto.so.1.0.0
ln -s ${nspr}/lib/libnspr4.so $libdir/libnspr4.so ln -s ${nspr.out}/lib/libnspr4.so $libdir/libnspr4.so
ln -s ${nspr}/lib/libplc4.so $libdir/libplc4.so ln -s ${nspr.out}/lib/libplc4.so $libdir/libplc4.so
rpath="$out/share/spotify:$libdir" rpath="$out/share/spotify:$libdir"

2
pkgs/applications/audio/swh-lv2/default.nix
View File

@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
}; };
patchPhase = '' patchPhase = ''
sed -e "s#xsltproc#${libxslt}/bin/xsltproc#" -i Makefile sed -e "s#xsltproc#${libxslt.bin}/bin/xsltproc#" -i Makefile
sed -e "s#PREFIX = /usr/local#PREFIX = $out#" -i Makefile sed -e "s#PREFIX = /usr/local#PREFIX = $out#" -i Makefile
''; '';

2
pkgs/applications/audio/yoshimi/default.nix
View File

@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
preConfigure = "cd src"; preConfigure = "cd src";
cmakeFlags = [ "-DFLTK_MATH_LIBRARY=${stdenv.glibc}/lib/libm.so -DCMAKE_INSTALL_DATAROOTDIR=$out" ]; cmakeFlags = [ "-DFLTK_MATH_LIBRARY=${stdenv.glibc.out}/lib/libm.so -DCMAKE_INSTALL_DATAROOTDIR=$out" ];
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "high quality software synthesizer based on ZynAddSubFX"; description = "high quality software synthesizer based on ZynAddSubFX";

8
pkgs/applications/backup/crashplan/default.nix
View File

@ -1,13 +1,15 @@
{ stdenv, fetchurl, makeWrapper, jre, cpio, gawk, gnugrep, gnused, procps, swt, gtk2, glib, libXtst }: { stdenv, fetchurl, makeWrapper, jre, cpio, gawk, gnugrep, gnused, procps, swt, gtk2, glib, libXtst }:
let version = "4.6.0"; let
version = "4.6.0";
rev = "2"; #tracks unversioned changes that occur on download.code42.com from time to time
in stdenv.mkDerivation rec { in stdenv.mkDerivation rec {
name = "crashplan-${version}"; name = "crashplan-${version}-r${rev}";
crashPlanArchive = fetchurl { crashPlanArchive = fetchurl {
url = "https://download.code42.com/installs/linux/install/CrashPlan/CrashPlan_${version}_Linux.tgz"; url = "https://download.code42.com/installs/linux/install/CrashPlan/CrashPlan_${version}_Linux.tgz";
sha256 = "0h9zk6i1pdvl101c8l4v4x6i7q4wkmkqp2dkm0lq7ha96lrvac47"; sha256 = "13rmmdj048r8k4v7ig4i6pnvwyzc1vasfgksf070bx6ksklgbq47";
}; };
srcs = [ crashPlanArchive ]; srcs = [ crashPlanArchive ];

4
pkgs/applications/display-managers/sddm/default.nix
View File

@ -72,7 +72,7 @@ stdenv.mkDerivation {
nativeBuildInputs = [ lndir makeQtWrapper ]; nativeBuildInputs = [ lndir makeQtWrapper ];
buildInputs = [ unwrapped ] ++ themes; buildInputs = [ unwrapped ] ++ themes;
inherit themes; themes = map (pkg: pkg.out or pkg) themes;
inherit unwrapped; inherit unwrapped;
installPhase = '' installPhase = ''
@ -81,7 +81,7 @@ stdenv.mkDerivation {
mkdir -p "$out/share/sddm" mkdir -p "$out/share/sddm"
for pkg in $unwrapped $themes; do for pkg in $unwrapped $themes; do
local sddmDir="$pkg/share/sddm" local sddmDir="$pkg/share/sddm"
if [[ -d "$sddmDir" ]]; then if [ -d "$sddmDir" ]; then
lndir -silent "$sddmDir" "$out/share/sddm" lndir -silent "$sddmDir" "$out/share/sddm"
fi fi
done done

4
pkgs/applications/display-managers/slim/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, cmake, pkgconfig, xorg, libjpeg, libpng { stdenv, fetchurl, cmake, pkgconfig, xorg, libjpeg, libpng
, fontconfig, freetype, pam, dbus_libs, makeWrapper, pkgs }: , fontconfig, freetype, pam, dbus_libs, makeWrapper }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "slim-1.3.6"; name = "slim-1.3.6";
@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
buildInputs = buildInputs =
[ cmake pkgconfig libjpeg libpng fontconfig freetype [ cmake pkgconfig libjpeg libpng fontconfig freetype
pam dbus_libs pam dbus_libs (stdenv.cc.libc.out or null)
xorg.libX11 xorg.libXext xorg.libXrandr xorg.libXrender xorg.libXmu xorg.libXft makeWrapper xorg.libX11 xorg.libXext xorg.libXrandr xorg.libXrender xorg.libXmu xorg.libXft makeWrapper
]; ];

Some files were not shown because too many files have changed in this diff Show More