diff --git a/.mention-bot b/.mention-bot
new file mode 100644
index 00000000000..36e38ed82b9
--- /dev/null
+++ b/.mention-bot
@@ -0,0 +1,6 @@
+{
+ // users in this list will never be mentioned by mention-bot
+ "userBlacklist": [
+ "civodul"
+ ]
+}
diff --git a/default.nix b/default.nix
index e2227b13bbb..12c3cf87618 100644
--- a/default.nix
+++ b/default.nix
@@ -1,4 +1,4 @@
-let requiredVersion = "1.10"; in
+let requiredVersion = import ./lib/minver.nix; in
if ! builtins ? nixVersion || builtins.compareVersions requiredVersion builtins.nixVersion == 1 then
diff --git a/doc/configuration.xml b/doc/configuration.xml
new file mode 100644
index 00000000000..ce25bbfce77
--- /dev/null
+++ b/doc/configuration.xml
@@ -0,0 +1,109 @@
+
+
+<filename>~/.nixpkgs/config.nix</filename>: global configuration
+
+Nix packages can be configured to allow or deny certain options.
+
+To apply the configuration edit
+~/.nixpkgs/config.nix and set it like
+
+
+{
+ allowUnfree = true;
+}
+
+
+and will allow the Nix package manager to install unfree licensed packages.
+
+The configuration as listed also applies to NixOS under
+ set.
+
+
+
+
+ Allow installing of packages that are distributed under
+ unfree license by setting allowUnfree =
+ true; or deny them by setting it to
+ false.
+
+ Same can be achieved by setting the environment variable:
+
+
+$ export NIXPKGS_ALLOW_UNFREE=1
+
+
+
+
+
+
+ Whenever unfree packages are not allowed, single packages
+ can still be allowed by a predicate function that accepts package
+ as an argument and should return a boolean:
+
+
+allowUnfreePredicate = (pkg: ...);
+
+
+ Example to allow flash player only:
+
+
+allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "flashplayer-" pkg.name);
+
+
+
+
+
+
+ Whenever unfree packages are not allowed, packages can still
+ be whitelisted by their license:
+
+
+whitelistedLicenses = with stdenv.lib.licenses; [ amd wtfpl ];
+
+
+
+
+
+ In addition to whitelisting licenses which are denied by the
+ allowUnfree setting, you can also explicitely
+ deny installation of packages which have a certain license:
+
+
+blacklistedLicenses = with stdenv.lib.licenses; [ agpl3 gpl3 ];
+
+
+
+
+
+
+A complete list of licenses can be found in the file
+lib/licenses.nix of the nix package tree.
+
+
+
+
+Modify
+packages via <literal>packageOverrides</literal>
+
+You can define a function called
+packageOverrides in your local
+~/.nixpkgs/config to overide nix packages. It
+must be a function that takes pkgs as an argument and return modified
+set of packages.
+
+
+{
+ packageOverrides = pkgs: rec {
+ foo = pkgs.foo.override { ... };
+ };
+}
+
+
+
+
+
+
+
+
diff --git a/doc/functions.xml b/doc/functions.xml
index 39010f8ab14..e2bc751e140 100644
--- a/doc/functions.xml
+++ b/doc/functions.xml
@@ -88,6 +88,13 @@ in ...
<pkg>.overrideDerivation
+
+ Do not use this function in Nixpkgs. Because it breaks
+ package abstraction and doesn’t provide error checking for
+ function arguments, it is only intended for ad-hoc customisation
+ (such as in ~/.nixpkgs/config.nix).
+
+
The function overrideDerivation is usually available for all the
derivations in the nixpkgs expression (pkgs).
diff --git a/doc/language-support.xml b/doc/language-support.xml
index 9a88ea4fa6f..f0d5dbd3e64 100644
--- a/doc/language-support.xml
+++ b/doc/language-support.xml
@@ -1,4 +1,3 @@
-
diff --git a/doc/meta.xml b/doc/meta.xml
index 98031612523..ea8a363f0fd 100644
--- a/doc/meta.xml
+++ b/doc/meta.xml
@@ -33,7 +33,7 @@ the package. The value of a meta-attribute must be a string.
command-line using nix-env:
-$ nix-env -qa hello --meta --json
+$ nix-env -qa hello --json
{
"hello": {
"meta": {
diff --git a/doc/packageconfig.xml b/doc/packageconfig.xml
deleted file mode 100644
index 4e0fcc3b6a4..00000000000
--- a/doc/packageconfig.xml
+++ /dev/null
@@ -1,88 +0,0 @@
-
-
-<filename>~/.nixpkgs/config.nix</filename>: global configuration
-
-
- Nix packages can be configured to allow or deny certain options.
-
-
-
- To apply the configuration edit ~/.nixpkgs/config.nix
- and set it like
-{
- allowUnfree = true;
-}
- and will allow the Nix package manager to install unfree licensed packages.
-
- The configuration as listed also applies to NixOS under set.
-
-
-
-
-
- Allow installing of packages that are distributed under unfree license by setting
- allowUnfree = true;
- or deny them by setting it to false.
-
-
- Same can be achieved by setting the environment variable:
- $ export NIXPKGS_ALLOW_UNFREE=1
-
-
-
-
-
- Whenever unfree packages are not allowed, single packages can
- still be allowed by a predicate function that accepts package
- as an argument and should return a boolean:
- allowUnfreePredicate = (pkg: ...);
-
- Example to allow flash player only:
- allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "flashplayer-" pkg.name);
-
-
-
-
-
- Whenever unfree packages are not allowed, packages can still be
- whitelisted by their license:
- whitelistedLicenses = with stdenv.lib.licenses; [ amd wtfpl ];
-
-
-
-
-
- In addition to whitelisting licenses which are denied by the
- allowUnfree setting, you can also explicitely
- deny installation of packages which have a certain license:
- blacklistedLicenses = with stdenv.lib.licenses; [ agpl3 gpl3 ];
-
-
-
-
-
- A complete list of licenses can be found in the file
- lib/licenses.nix of the nix package tree.
-
-
-Modify
-packages via <literal>packageOverrides</literal>
-
-
-
- You can define a function called packageOverrides
- in your local ~/.nixpkgs/config to overide nix
- packages. It must be a function that takes pkgs as an argument and
- return modified set of packages.
-
- {
- packageOverrides = pkgs: rec {
- foo = pkgs.foo.override { ... };
- };
-}
-
-
-
-
diff --git a/doc/submitting-changes.xml b/doc/submitting-changes.xml
index fe331d08250..0fd1954c528 100644
--- a/doc/submitting-changes.xml
+++ b/doc/submitting-changes.xml
@@ -270,7 +270,7 @@ Additional information.
-If staging is already in a broken state, please refrain from adding extra new breakages. Stabilize it for a few days, merge into master, then resume development on staging. Keep an eye on the staging evaluations here.
+If staging is already in a broken state, please refrain from adding extra new breakages. Stabilize it for a few days, merge into master, then resume development on staging. Keep an eye on the staging evaluations here. If any fixes for staging happen to be already in master, then master can be merged into staging.
diff --git a/lib/maintainers.nix b/lib/maintainers.nix
index 05d51784782..596b8a49a10 100644
--- a/lib/maintainers.nix
+++ b/lib/maintainers.nix
@@ -92,7 +92,7 @@
eikek = "Eike Kettner ";
elasticdog = "Aaron Bull Schaefer ";
ellis = "Ellis Whitehead ";
- emery = "Emery Hemingway ";
+ ehmry = "Emery Hemingway ";
enolan = "Echo Nolan ";
epitrochoid = "Mabry Cervin ";
ericbmerritt = "Eric Merritt ";
@@ -182,7 +182,7 @@
malyn = "Michael Alyn Miller ";
manveru = "Michael Fellinger ";
marcweber = "Marc Weber ";
- markWot = "Markus Wotringer '';
+ in
+ mkOptionType {
+ name = "one of ${concatMapStringsSep ", " show values}";
+ check = flip elem values;
+ merge = mergeOneOption;
+ };
either = t1: t2: mkOptionType {
name = "${t1.name} or ${t2.name}";
diff --git a/maintainers/scripts/copy-tarballs.pl b/maintainers/scripts/copy-tarballs.pl
index c6d77529dd4..6be1300e513 100755
--- a/maintainers/scripts/copy-tarballs.pl
+++ b/maintainers/scripts/copy-tarballs.pl
@@ -1,97 +1,142 @@
-#! /run/current-system/sw/bin/perl -w
+#! /usr/bin/env nix-shell
+#! nix-shell -i perl -p perl perlPackages.NetAmazonS3 nixUnstable
+
+# This command uploads tarballs to tarballs.nixos.org, the
+# content-addressed cache used by fetchurl as a fallback for when
+# upstream tarballs disappear or change. Usage:
+#
+# 1) To upload a single file:
+#
+# $ copy-tarballs.pl --file /path/to/tarball.tar.gz
+#
+# 2) To upload all files obtained via calls to fetchurl in a Nix derivation:
+#
+# $ copy-tarballs.pl --expr '(import {}).hello'
use strict;
-use XML::Simple;
+use warnings;
use File::Basename;
use File::Path;
-use File::Copy 'cp';
-use IPC::Open2;
+use JSON;
+use Net::Amazon::S3;
use Nix::Store;
-my $myDir = dirname($0);
+# S3 setup.
+my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die;
+my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die;
-my $tarballsCache = $ENV{'NIX_TARBALLS_CACHE'} // "/tarballs";
+my $s3 = Net::Amazon::S3->new(
+ { aws_access_key_id => $aws_access_key_id,
+ aws_secret_access_key => $aws_secret_access_key,
+ retry => 1,
+ });
-my $xml = `nix-instantiate --eval-only --xml --strict ''`;
-die "$0: evaluation failed\n" if $? != 0;
+my $bucket = $s3->bucket("nixpkgs-tarballs") or die;
-my $data = XMLin($xml) or die;
-
-mkpath($tarballsCache);
-mkpath("$tarballsCache/md5");
-mkpath("$tarballsCache/sha1");
-mkpath("$tarballsCache/sha256");
-
-foreach my $file (@{$data->{list}->{attrs}}) {
- my $url = $file->{attr}->{url}->{string}->{value};
- my $algo = $file->{attr}->{type}->{string}->{value};
- my $hash = $file->{attr}->{hash}->{string}->{value};
-
- if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) {
- print STDERR "skipping $url (unsupported scheme)\n";
- next;
- }
-
- $url =~ /([^\/]+)$/;
- my $fn = $1;
-
- if (!defined $fn) {
- print STDERR "skipping $url (no file name)\n";
- next;
- }
-
- if ($fn =~ /[&?=%]/ || $fn =~ /^\./) {
- print STDERR "skipping $url (bad character in file name)\n";
- next;
- }
-
- if ($fn !~ /[a-zA-Z]/) {
- print STDERR "skipping $url (no letter in file name)\n";
- next;
- }
-
- if ($fn !~ /[0-9]/) {
- print STDERR "skipping $url (no digit in file name)\n";
- next;
- }
-
- if ($fn !~ /[-_\.]/) {
- print STDERR "skipping $url (no dash/dot/underscore in file name)\n";
- next;
- }
-
- my $dstPath = "$tarballsCache/$fn";
-
- next if -e $dstPath;
-
- print "downloading $url to $dstPath...\n";
-
- next if $ENV{DRY_RUN};
-
- $ENV{QUIET} = 1;
- $ENV{PRINT_PATH} = 1;
- my $fh;
- my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
- waitpid($pid, 0) or die;
- if ($? != 0) {
- print STDERR "failed to fetch $url: $?\n";
- next;
- }
- <$fh>; my $storePath = <$fh>; chomp $storePath;
-
- die unless -e $storePath;
-
- cp($storePath, $dstPath) or die;
-
- my $md5 = hashFile("md5", 0, $storePath) or die;
- symlink("../$fn", "$tarballsCache/md5/$md5");
-
- my $sha1 = hashFile("sha1", 0, $storePath) or die;
- symlink("../$fn", "$tarballsCache/sha1/$sha1");
-
- my $sha256 = hashFile("sha256", 0, $storePath) or die;
- symlink("../$fn", "$tarballsCache/sha256/$sha256");
-
- $sha256 = hashFile("sha256", 1, $storePath) or die;
- symlink("../$fn", "$tarballsCache/sha256/$sha256");
+sub alreadyMirrored {
+ my ($algo, $hash) = @_;
+ return defined $bucket->get_key("$algo/$hash");
+}
+
+sub uploadFile {
+ my ($fn, $name) = @_;
+
+ my $md5_16 = hashFile("md5", 0, $fn) or die;
+ my $sha1_16 = hashFile("sha1", 0, $fn) or die;
+ my $sha256_32 = hashFile("sha256", 1, $fn) or die;
+ my $sha256_16 = hashFile("sha256", 0, $fn) or die;
+ my $sha512_32 = hashFile("sha512", 1, $fn) or die;
+ my $sha512_16 = hashFile("sha512", 0, $fn) or die;
+
+ my $mainKey = "sha512/$sha512_16";
+
+ # Upload the file as sha512/.
+ print STDERR "uploading $fn to $mainKey...\n";
+ $bucket->add_key_filename($mainKey, $fn, { 'x-amz-meta-original-name' => $name })
+ or die "failed to upload $fn to $mainKey\n";
+
+ # Create redirects from the other hash types.
+ sub redirect {
+ my ($name, $dest) = @_;
+ #print STDERR "linking $name to $dest...\n";
+ $bucket->add_key($name, "", { 'x-amz-website-redirect-location' => "/" . $dest })
+ or die "failed to create redirect from $name to $dest\n";
+ }
+ redirect "md5/$md5_16", $mainKey;
+ redirect "sha1/$sha1_16", $mainKey;
+ redirect "sha256/$sha256_32", $mainKey;
+ redirect "sha256/$sha256_16", $mainKey;
+ redirect "sha512/$sha512_32", $mainKey;
+}
+
+my $op = $ARGV[0] // "";
+
+if ($op eq "--file") {
+ my $fn = $ARGV[1] // die "$0: --file requires a file name\n";
+ if (alreadyMirrored("sha512", hashFile("sha512", 0, $fn))) {
+ print STDERR "$fn is already mirrored\n";
+ } else {
+ uploadFile($fn, basename $fn);
+ }
+}
+
+elsif ($op eq "--expr") {
+
+ # Evaluate find-tarballs.nix.
+ my $expr = $ARGV[1] // die "$0: --expr requires a Nix expression\n";
+ my $pid = open(JSON, "-|", "nix-instantiate", "--eval-only", "--json", "--strict",
+ "",
+ "--arg", "expr", $expr);
+ my $stdout = ;
+ waitpid($pid, 0);
+ die "$0: evaluation failed\n" if $?;
+ close JSON;
+
+ my $fetches = decode_json($stdout);
+
+ print STDERR "evaluation returned ", scalar(@{$fetches}), " tarballs\n";
+
+ # Check every fetchurl call discovered by find-tarballs.nix.
+ my $mirrored = 0;
+ my $have = 0;
+ foreach my $fetch (@{$fetches}) {
+ my $url = $fetch->{url};
+ my $algo = $fetch->{type};
+ my $hash = $fetch->{hash};
+
+ if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) {
+ print STDERR "skipping $url (unsupported scheme)\n";
+ next;
+ }
+
+ if (alreadyMirrored($algo, $hash)) {
+ $have++;
+ next;
+ }
+
+ print STDERR "mirroring $url...\n";
+
+ next if $ENV{DRY_RUN};
+
+ # Download the file using nix-prefetch-url.
+ $ENV{QUIET} = 1;
+ $ENV{PRINT_PATH} = 1;
+ my $fh;
+ my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
+ waitpid($pid, 0) or die;
+ if ($? != 0) {
+ print STDERR "failed to fetch $url: $?\n";
+ next;
+ }
+ <$fh>; my $storePath = <$fh>; chomp $storePath;
+
+ uploadFile($storePath, $url);
+ $mirrored++;
+ }
+
+ print STDERR "mirrored $mirrored files, already have $have files\n";
+}
+
+else {
+ die "Syntax: $0 --file FILENAME | --expr EXPR\n";
}
diff --git a/maintainers/scripts/find-tarballs.nix b/maintainers/scripts/find-tarballs.nix
index 5d0cb19aba4..2dd17d9df88 100644
--- a/maintainers/scripts/find-tarballs.nix
+++ b/maintainers/scripts/find-tarballs.nix
@@ -4,9 +4,11 @@
with import ../.. { };
with lib;
+{ expr ? removeAttrs (import ../../pkgs/top-level/release.nix { }) [ "tarball" "unstable" ] }:
+
let
- root = removeAttrs (import ../../pkgs/top-level/release.nix { }) [ "tarball" "unstable" ];
+ root = expr;
uniqueUrls = map (x: x.file) (genericClosure {
startSet = map (file: { key = file.url; inherit file; }) urls;
@@ -15,7 +17,10 @@ let
urls = map (drv: { url = head drv.urls; hash = drv.outputHash; type = drv.outputHashAlgo; }) fetchurlDependencies;
- fetchurlDependencies = filter (drv: drv.outputHash or "" != "" && drv ? urls) dependencies;
+ fetchurlDependencies =
+ filter
+ (drv: drv.outputHash or "" != "" && drv.outputHashMode == "flat" && drv.postFetch or "" == "" && drv ? urls)
+ dependencies;
dependencies = map (x: x.value) (genericClosure {
startSet = map keyDrv (derivationsIn' root);
diff --git a/maintainers/scripts/vanity.sh b/maintainers/scripts/vanity.sh
index fd8f78ac5ef..c5665ab862a 100755
--- a/maintainers/scripts/vanity.sh
+++ b/maintainers/scripts/vanity.sh
@@ -12,7 +12,7 @@ git_data="$(echo "$raw_git_log" | grep 'Author:' |
# Also there are a few manual entries
maintainers="$(cat "$(dirname "$0")/../../lib/maintainers.nix" |
grep '=' | sed -re 's/\\"/''/g;
- s/ *([^ =]*) *= *" *(.*[^ ]) *[<](.*)[>] *".*/\1\t\2\t\3/')"
+ s/[ ]*([^ =]*)[ ]*=[ ]*" *(.*[^ ]) *[<](.*)[>] *".*/\1\t\2\t\3/')"
git_lines="$( ( echo "$git_data";
cat "$(dirname "$0")/vanity-manual-equalities.txt") | sort |uniq)"
diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml
index c9b31afdfcf..cf6e4ace413 100644
--- a/nixos/doc/manual/release-notes/rl-unstable.xml
+++ b/nixos/doc/manual/release-notes/rl-unstable.xml
@@ -104,6 +104,15 @@ nginx.override {
You can (still) use the html-tidy package, which got updated
to a stable release from this new upstream.
+
+
+ extraDeviceOptions argument is removed
+ from bumblebee package. Instead there are
+ now two separate arguments: extraNvidiaDeviceOptions
+ and extraNouveauDeviceOptions for setting
+ extra X11 options for nvidia and nouveau drivers, respectively.
+
+
diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix
index e76f15f2337..cbda3434893 100644
--- a/nixos/modules/config/networking.nix
+++ b/nixos/modules/config/networking.nix
@@ -96,6 +96,15 @@ in
example = "http://127.0.0.1:3128";
};
+ allProxy = lib.mkOption {
+ type = types.nullOr types.str;
+ default = cfg.proxy.default;
+ description = ''
+ This option specifies the all_proxy environment variable.
+ '';
+ example = "http://127.0.0.1:3128";
+ };
+
noProxy = lib.mkOption {
type = types.nullOr types.str;
default = null;
@@ -183,6 +192,8 @@ in
rsync_proxy = cfg.proxy.rsyncProxy;
} // optionalAttrs (cfg.proxy.ftpProxy != null) {
ftp_proxy = cfg.proxy.ftpProxy;
+ } // optionalAttrs (cfg.proxy.allProxy != null) {
+ all_proxy = cfg.proxy.allProxy;
} // optionalAttrs (cfg.proxy.noProxy != null) {
no_proxy = cfg.proxy.noProxy;
};
diff --git a/nixos/modules/hardware/video/bumblebee.nix b/nixos/modules/hardware/video/bumblebee.nix
index e2202e1e17d..b10846ac18a 100644
--- a/nixos/modules/hardware/video/bumblebee.nix
+++ b/nixos/modules/hardware/video/bumblebee.nix
@@ -2,10 +2,20 @@
with lib;
let
+ cfg = config.hardware.bumblebee;
+
kernel = config.boot.kernelPackages;
- bumblebee = if config.hardware.bumblebee.connectDisplay
- then pkgs.bumblebee_display
- else pkgs.bumblebee;
+
+ useNvidia = cfg.driver == "nvidia";
+
+ bumblebee = pkgs.bumblebee.override {
+ inherit useNvidia;
+ useDisplayDevice = cfg.connectDisplay;
+ };
+
+ primus = pkgs.primus.override {
+ inherit useNvidia;
+ };
in
@@ -29,6 +39,7 @@ in
type = types.str;
description = ''Group for bumblebee socket'';
};
+
hardware.bumblebee.connectDisplay = mkOption {
default = false;
type = types.bool;
@@ -40,26 +51,30 @@ in
Only nvidia driver is supported so far.
'';
};
+
+ hardware.bumblebee.driver = mkOption {
+ default = "nvidia";
+ type = types.enum [ "nvidia" "nouveau" ];
+ description = ''
+ Set driver used by bumblebeed. Supported are nouveau and nvidia.
+ '';
+ };
};
config = mkIf config.hardware.bumblebee.enable {
boot.blacklistedKernelModules = [ "nouveau" "nvidia" ];
boot.kernelModules = [ "bbswitch" ];
- boot.extraModulePackages = [ kernel.bbswitch kernel.nvidia_x11 ];
+ boot.extraModulePackages = [ kernel.bbswitch ] ++ optional useNvidia kernel.nvidia_x11;
- environment.systemPackages = [ bumblebee pkgs.primus ];
+ environment.systemPackages = [ bumblebee primus ];
systemd.services.bumblebeed = {
description = "Bumblebee Hybrid Graphics Switcher";
wantedBy = [ "display-manager.service" ];
path = [ kernel.bbswitch bumblebee ];
serviceConfig = {
- ExecStart = "${bumblebee}/bin/bumblebeed --use-syslog -g ${config.hardware.bumblebee.group}";
- Restart = "always";
- RestartSec = 60;
- CPUSchedulingPolicy = "idle";
+ ExecStart = "${bumblebee}/bin/bumblebeed --use-syslog -g ${cfg.group} --driver ${cfg.driver}";
};
- environment.LD_LIBRARY_PATH="/run/opengl-driver/lib/";
environment.MODULE_DIR="/run/current-system/kernel-modules/lib/modules/";
};
};
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index 2b40120641a..6ff95605d4b 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -237,6 +237,7 @@
calibre-server = 213;
heapster = 214;
bepasty = 215;
+ pumpio = 216;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@@ -451,6 +452,7 @@
xtreemfs = 212;
calibre-server = 213;
bepasty = 215;
+ pumpio = 216;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index a8cf38f1c8f..963daf721ad 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -312,6 +312,7 @@
./services/networking/lambdabot.nix
./services/networking/mailpile.nix
./services/networking/minidlna.nix
+ ./services/networking/miniupnpd.nix
./services/networking/mstpd.nix
./services/networking/murmur.nix
./services/networking/namecoind.nix
@@ -401,6 +402,7 @@
./services/ttys/agetty.nix
./services/ttys/gpm.nix
./services/ttys/kmscon.nix
+ ./services/web-apps/pump.io.nix
./services/web-servers/apache-httpd/default.nix
./services/web-servers/fcgiwrap.nix
./services/web-servers/jboss/default.nix
@@ -506,6 +508,7 @@
./virtualisation/amazon-options.nix
./virtualisation/openvswitch.nix
./virtualisation/parallels-guest.nix
+ ./virtualisation/rkt.nix
./virtualisation/virtualbox-guest.nix
./virtualisation/virtualbox-host.nix
./virtualisation/vmware-guest.nix
diff --git a/nixos/modules/services/amqp/rabbitmq.nix b/nixos/modules/services/amqp/rabbitmq.nix
index 780d5daded9..61545a5acba 100644
--- a/nixos/modules/services/amqp/rabbitmq.nix
+++ b/nixos/modules/services/amqp/rabbitmq.nix
@@ -65,7 +65,7 @@ in {
type = types.str;
description = ''
Verbatim configuration file contents.
- See http://www.rabbitmq.com/configure.htm
+ See http://www.rabbitmq.com/configure.html
'';
};
diff --git a/nixos/modules/services/hardware/tlp.nix b/nixos/modules/services/hardware/tlp.nix
index 23b6edcefd1..6427c5be681 100644
--- a/nixos/modules/services/hardware/tlp.nix
+++ b/nixos/modules/services/hardware/tlp.nix
@@ -10,7 +10,6 @@ enableRDW = config.networking.networkmanager.enable;
tlp = pkgs.tlp.override {
inherit enableRDW;
- kmod = config.system.sbin.modprobe;
};
# XXX: We can't use writeTextFile + readFile here because it triggers
@@ -69,6 +68,8 @@ in
ExecStart = "${tlp}/bin/tlp init start";
ExecStop = "${tlp}/bin/tlp init stop";
};
+
+ environment.MODULE_DIR="/run/current-system/kernel-modules/lib/modules/";
};
tlp-sleep = {
@@ -87,6 +88,8 @@ in
ExecStart = "${tlp}/bin/tlp suspend";
ExecStop = "${tlp}/bin/tlp resume";
};
+
+ environment.MODULE_DIR="/run/current-system/kernel-modules/lib/modules/";
};
};
diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix
index 4505c5ceb84..949357ab20f 100644
--- a/nixos/modules/services/misc/gitlab.nix
+++ b/nixos/modules/services/misc/gitlab.nix
@@ -27,6 +27,7 @@ let
http_settings:
self_signed_cert: false
repos_path: "${cfg.stateDir}/repositories"
+ secret_file: "${cfg.stateDir}/config/gitlab_shell_secret"
log_file: "${cfg.stateDir}/log/gitlab-shell.log"
redis:
bin: ${pkgs.redis}/bin/redis-cli
@@ -142,7 +143,7 @@ in {
config = mkIf cfg.enable {
- environment.systemPackages = [ gitlab-runner pkgs.gitlab-shell ];
+ environment.systemPackages = [ pkgs.git gitlab-runner pkgs.gitlab-shell ];
assertions = [
{ assertion = cfg.databasePassword != "";
@@ -154,7 +155,6 @@ in {
services.redis.enable = mkDefault true;
# We use postgres as the main data store.
services.postgresql.enable = mkDefault true;
- services.postgresql.package = mkDefault pkgs.postgresql;
# Use postfix to send out mails.
services.postfix.enable = mkDefault true;
@@ -209,6 +209,23 @@ in {
};
};
+ systemd.services.gitlab-git-http-server = {
+ after = [ "network.target" "gitlab.service" ];
+ wantedBy = [ "multi-user.target" ];
+ environment.HOME = "${cfg.stateDir}/home";
+ path = with pkgs; [
+ gitAndTools.git
+ openssh
+ ];
+ serviceConfig = {
+ Type = "simple";
+ User = "gitlab";
+ Group = "gitlab";
+ TimeoutSec = "300";
+ ExecStart = "${pkgs.gitlab-git-http-server}/bin/gitlab-git-http-server -listenUmask 0 -listenNetwork unix -listenAddr ${cfg.stateDir}/tmp/sockets/gitlab-git-http-server.socket -authBackend http://localhost:8080 ${cfg.stateDir}/repositories";
+ };
+ };
+
systemd.services.gitlab = {
after = [ "network.target" "postgresql.service" "redis.service" ];
wantedBy = [ "multi-user.target" ];
@@ -219,6 +236,8 @@ in {
environment.GITLAB_APPLICATION_LOG_PATH = "${cfg.stateDir}/log/application.log";
environment.GITLAB_SATELLITES_PATH = "${cfg.stateDir}/satellites";
environment.GITLAB_SHELL_PATH = "${pkgs.gitlab-shell}";
+ environment.GITLAB_SHELL_CONFIG_PATH = "${cfg.stateDir}/shell/config.yml";
+ environment.GITLAB_SHELL_SECRET_PATH = "${cfg.stateDir}/config/gitlab_shell_secret";
environment.GITLAB_REPOSITORIES_PATH = "${cfg.stateDir}/repositories";
environment.GITLAB_SHELL_HOOKS_PATH = "${cfg.stateDir}/shell/hooks";
environment.BUNDLE_GEMFILE = "${pkgs.gitlab}/share/gitlab/Gemfile";
@@ -247,7 +266,7 @@ in {
rm -rf ${cfg.stateDir}/config
mkdir -p ${cfg.stateDir}/config
# TODO: What exactly is gitlab-shell doing with the secret?
- head -c 20 /dev/urandom > ${cfg.stateDir}/config/gitlab_shell_secret
+ tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 20 > ${cfg.stateDir}/config/gitlab_shell_secret
mkdir -p ${cfg.stateDir}/home/.ssh
touch ${cfg.stateDir}/home/.ssh/authorized_keys
@@ -272,6 +291,7 @@ in {
fi
fi
+ ${bundler}/bin/bundle exec rake -f ${pkgs.gitlab}/share/gitlab/Rakefile db:migrate RAILS_ENV=production
# Install the shell required to push repositories
ln -fs ${pkgs.writeText "config.yml" gitlabShellYml} ${cfg.stateDir}/shell/config.yml
export GITLAB_SHELL_CONFIG_PATH=""${cfg.stateDir}/shell/config.yml
@@ -296,5 +316,4 @@ in {
};
};
-
}
diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix
index 7534eb0ae6a..3e1f53e79f3 100644
--- a/nixos/modules/services/misc/nixos-manual.nix
+++ b/nixos/modules/services/misc/nixos-manual.nix
@@ -117,7 +117,7 @@ in
services.mingetty.helpLine = mkIf cfg.showManual
"\nPress for the NixOS manual.";
- services.nixosManual.browser = mkDefault "${pkgs.w3m}/bin/w3m";
+ services.nixosManual.browser = mkDefault "${pkgs.w3m-nox}/bin/w3m";
};
diff --git a/nixos/modules/services/misc/redmine.nix b/nixos/modules/services/misc/redmine.nix
index eb6575887d5..7c9483911f2 100644
--- a/nixos/modules/services/misc/redmine.nix
+++ b/nixos/modules/services/misc/redmine.nix
@@ -124,7 +124,7 @@ in {
assertions = [
{ assertion = cfg.databasePassword != "";
- message = "databasePassword must be set";
+ message = "services.redmine.databasePassword must be set";
}
];
diff --git a/nixos/modules/services/monitoring/teamviewer.nix b/nixos/modules/services/monitoring/teamviewer.nix
index 533f1ea6644..dd98ecab828 100644
--- a/nixos/modules/services/monitoring/teamviewer.nix
+++ b/nixos/modules/services/monitoring/teamviewer.nix
@@ -14,7 +14,7 @@ in
options = {
- services.teamviewer.enable = mkEnableOption "teamviewer daemon";
+ services.teamviewer.enable = mkEnableOption "TeamViewer daemon";
};
@@ -27,9 +27,9 @@ in
systemd.services.teamviewerd = {
description = "TeamViewer remote control daemon";
- wantedBy = [ "graphical.target" ];
+ wantedBy = [ "multi-user.target" ];
after = [ "NetworkManager-wait-online.service" "network.target" ];
- preStart = "mkdir -pv /var/tmp/teamviewer10/{logs,config}";
+ preStart = "mkdir -pv /var/lib/teamviewer /var/log/teamviewer";
serviceConfig = {
Type = "forking";
diff --git a/nixos/modules/services/networking/cntlm.nix b/nixos/modules/services/networking/cntlm.nix
index a50aa4d0636..76c0fd7d0ea 100644
--- a/nixos/modules/services/networking/cntlm.nix
+++ b/nixos/modules/services/networking/cntlm.nix
@@ -73,29 +73,28 @@ in
###### implementation
config = mkIf config.services.cntlm.enable {
-
+ systemd.services.cntlm = {
+ description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ Type = "forking";
+ User = "cntlm";
+ ExecStart = ''
+ ${pkgs.cntlm}/bin/cntlm -U cntlm \
+ -c ${pkgs.writeText "cntlm_config" cfg.extraConfig}
+ '';
+ };
+ };
+
services.cntlm.netbios_hostname = mkDefault config.networking.hostName;
- users.extraUsers = singleton {
+ users.extraUsers.cntlm = {
name = "cntlm";
description = "cntlm system-wide daemon";
home = "/var/empty";
};
- jobs.cntlm =
- { description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy";
-
- startOn = "started network-interfaces";
-
- daemonType = "fork";
-
- exec =
- ''
- ${pkgs.cntlm}/bin/cntlm -U cntlm \
- -c ${pkgs.writeText "cntlm_config" cfg.extraConfig}
- '';
- };
-
services.cntlm.extraConfig =
''
# Cntlm Authentication Proxy Configuration
@@ -108,8 +107,7 @@ in
${concatMapStrings (port: ''
Listen ${toString port}
'') cfg.port}
- '';
-
+ '';
};
}
diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix
index 5802d8b95b3..ee06dfbbca3 100644
--- a/nixos/modules/services/networking/ddclient.nix
+++ b/nixos/modules/services/networking/ddclient.nix
@@ -18,7 +18,7 @@ let
password=${config.services.ddclient.password}
protocol=${config.services.ddclient.protocol}
server=${config.services.ddclient.server}
- ssl=${if config.services.ddclient.ssl then "yes" else "yes"}
+ ssl=${if config.services.ddclient.ssl then "yes" else "no"}
wildcard=YES
${config.services.ddclient.domain}
${config.services.ddclient.extraConfig}
diff --git a/nixos/modules/services/networking/hostapd.nix b/nixos/modules/services/networking/hostapd.nix
index 2adbb0a5c4e..5a6ca139dda 100644
--- a/nixos/modules/services/networking/hostapd.nix
+++ b/nixos/modules/services/networking/hostapd.nix
@@ -53,11 +53,13 @@ in
default = false;
description = ''
Enable putting a wireless interface into infrastructure mode,
- allowing other wireless devices to associate with the wireless interface and do
- wireless networking. A simple access point will enable hostapd.wpa, and
- hostapd.wpa_passphrase, hostapd.ssid, dhcpd on the wireless interface to
- provide IP addresses to the associated stations, and nat (from the wireless
- interface to an upstream interface).
+ allowing other wireless devices to associate with the wireless
+ interface and do wireless networking. A simple access point will
+ ,
+ , and
+ , as well as DHCP on the wireless
+ interface to provide IP addresses to the associated stations, and
+ NAT (from the wireless interface to an upstream interface).
'';
};
@@ -73,7 +75,10 @@ in
default = "nl80211";
example = "hostapd";
type = types.string;
- description = "Which driver hostapd will use. Most things will probably use the default.";
+ description = ''
+ Which driver hostapd will use.
+ Most applications will probably use the default.
+ '';
};
ssid = mkOption {
@@ -87,7 +92,10 @@ in
default = "b";
example = "g";
type = types.string;
- description = "Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g";
+ description = ''
+ Operation mode.
+ (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g).
+ '';
};
channel = mkOption {
@@ -97,8 +105,9 @@ in
description =
''
Channel number (IEEE 802.11)
- Please note that some drivers do not use this value from hostapd and the
- channel will need to be configured separately with iwconfig.
+ Please note that some drivers do not use this value from
+ hostapd and the channel will need to be configured
+ separately with iwconfig.
'';
};
@@ -106,12 +115,16 @@ in
default = "wheel";
example = "network";
type = types.string;
- description = "members of this group can control hostapd";
+ description = ''
+ Members of this group can control hostapd.
+ '';
};
wpa = mkOption {
default = true;
- description = "enable WPA (IEEE 802.11i/D3.0) to authenticate to the access point";
+ description = ''
+ Enable WPA (IEEE 802.11i/D3.0) to authenticate with the access point.
+ '';
};
wpaPassphrase = mkOption {
@@ -121,8 +134,9 @@ in
description =
''
WPA-PSK (pre-shared-key) passphrase. Clients will need this
- passphrase to associate with this access point. Warning: This passphrase will
- get put into a world-readable file in the nix store.
+ passphrase to associate with this access point.
+ Warning: This passphrase will get put into a world-readable file in
+ the Nix store!
'';
};
@@ -134,7 +148,7 @@ in
ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40]
'';
type = types.string;
- description = "Extra configuration options to put in the hostapd.conf";
+ description = "Extra configuration options to put in hostapd.conf.";
};
};
};
diff --git a/nixos/modules/services/networking/miniupnpd.nix b/nixos/modules/services/networking/miniupnpd.nix
new file mode 100644
index 00000000000..e654eb80b17
--- /dev/null
+++ b/nixos/modules/services/networking/miniupnpd.nix
@@ -0,0 +1,70 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.miniupnpd;
+ configFile = pkgs.writeText "miniupnpd.conf" ''
+ ext_ifname=${cfg.externalInterface}
+ enable_natpmp=${if cfg.natpmp then "yes" else "no"}
+ enable_upnp=${if cfg.upnp then "yes" else "no"}
+
+ ${concatMapStrings (range: ''
+ listening_ip=${range}
+ '') cfg.internalIPs}
+
+ ${cfg.appendConfig}
+ '';
+in
+{
+ options = {
+ services.miniupnpd = {
+ enable = mkEnableOption "MiniUPnP daemon";
+
+ externalInterface = mkOption {
+ type = types.str;
+ description = ''
+ Name of the external interface.
+ '';
+ };
+
+ internalIPs = mkOption {
+ type = types.listOf types.str;
+ example = [ "192.168.1.0/24" ];
+ description = ''
+ The IP address ranges to listen on.
+ '';
+ };
+
+ natpmp = mkEnableOption "NAT-PMP support";
+
+ upnp = mkOption {
+ default = true;
+ type = types.bool;
+ description = ''
+ Whether to enable UPNP support.
+ '';
+ };
+
+ appendConfig = mkOption {
+ type = types.lines;
+ default = "";
+ description = ''
+ Configuration lines appended to the MiniUPnP config.
+ '';
+ };
+ };
+ };
+
+ config = mkIf cfg.enable {
+ systemd.services.miniupnpd = {
+ description = "MiniUPnP daemon";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ path = [ pkgs.miniupnpd ];
+ serviceConfig = {
+ ExecStart = "${pkgs.miniupnpd}/bin/miniupnpd -d -f ${configFile}";
+ };
+ };
+ };
+}
diff --git a/nixos/modules/services/networking/nsd.nix b/nixos/modules/services/networking/nsd.nix
index 36d9f5d2f16..e85f2681125 100644
--- a/nixos/modules/services/networking/nsd.nix
+++ b/nixos/modules/services/networking/nsd.nix
@@ -300,22 +300,8 @@ in
options = {
services.nsd = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to enable the NSD authoritative domain name server.
- '';
- };
-
- bind8Stats = mkOption {
- type = types.bool;
- default = false;
- example = true;
- description = ''
- Wheter to enable BIND8 like statisics.
- '';
- };
+ enable = mkEnableOption "NSD authoritative DNS server";
+ bind8Stats = mkEnableOption "BIND8 like statistics";
rootServer = mkOption {
type = types.bool;
@@ -483,13 +469,7 @@ in
ratelimit = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Enable ratelimit capabilities.
- '';
- };
+ enable = mkEnableOption "ratelimit capabilities";
size = mkOption {
type = types.int;
@@ -548,13 +528,7 @@ in
remoteControl = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Wheter to enable remote control via nsd-control(8).
- '';
- };
+ enable = mkEnableOption "remote control via nsd-control";
interfaces = mkOption {
type = types.listOf types.str;
diff --git a/nixos/modules/services/networking/shout.nix b/nixos/modules/services/networking/shout.nix
index f55b87a9614..fe3cba8f149 100644
--- a/nixos/modules/services/networking/shout.nix
+++ b/nixos/modules/services/networking/shout.nix
@@ -57,7 +57,7 @@ in {
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
- preStart = if isNull cfg.configFile then null
+ preStart = if isNull cfg.configFile then ""
else ''
ln -sf ${pkgs.writeText "config.js" cfg.configFile} \
${shoutHome}/config.js
diff --git a/nixos/modules/services/networking/strongswan.nix b/nixos/modules/services/networking/strongswan.nix
index 8778b0364f9..d6960a5df47 100644
--- a/nixos/modules/services/networking/strongswan.nix
+++ b/nixos/modules/services/networking/strongswan.nix
@@ -118,7 +118,7 @@ in
systemd.services.strongswan = {
description = "strongSwan IPSec Service";
wantedBy = [ "multi-user.target" ];
- path = with pkgs; [ kmod iproute iptables utillinux ]; # XXX Linux
+ path = with pkgs; [ config.system.sbin.modprobe iproute iptables utillinux ]; # XXX Linux
wants = [ "keys.target" ];
after = [ "network.target" "keys.target" ];
environment = {
diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix
index 5822fb111b8..c4dc6512a0d 100644
--- a/nixos/modules/services/torrent/transmission.nix
+++ b/nixos/modules/services/torrent/transmission.nix
@@ -113,21 +113,26 @@ in
#include
#include
- ${pkgs.glibc.out}/lib/*.so mr,
- ${pkgs.libevent.out}/lib/libevent*.so* mr,
- ${pkgs.curl.out}/lib/libcurl*.so* mr,
- ${pkgs.openssl.out}/lib/libssl*.so* mr,
- ${pkgs.openssl.out}/lib/libcrypto*.so* mr,
- ${pkgs.zlib.out}/lib/libz*.so* mr,
- ${pkgs.libssh2.out}/lib/libssh2*.so* mr,
- ${pkgs.systemd}/lib/libsystemd*.so* mr,
- ${pkgs.xz.out}/lib/liblzma*.so* mr,
- ${pkgs.libgcrypt.out}/lib/libgcrypt*.so* mr,
+ ${pkgs.glibc.out}/lib/*.so mr,
+ ${pkgs.libevent.out}/lib/libevent*.so* mr,
+ ${pkgs.curl.out}/lib/libcurl*.so* mr,
+ ${pkgs.openssl.out}/lib/libssl*.so* mr,
+ ${pkgs.openssl.out}/lib/libcrypto*.so* mr,
+ ${pkgs.zlib.out}/lib/libz*.so* mr,
+ ${pkgs.libssh2.out}/lib/libssh2*.so* mr,
+ ${pkgs.systemd}/lib/libsystemd*.so* mr,
+ ${pkgs.xz.out}/lib/liblzma*.so* mr,
+ ${pkgs.libgcrypt.out}/lib/libgcrypt*.so* mr,
${pkgs.libgpgerror.out}/lib/libgpg-error*.so* mr,
+ ${pkgs.libnghttp2.out}/lib/libnghttp2*.so* mr,
+ ${pkgs.c-ares.out}/lib/libcares*.so* mr,
+ ${pkgs.libcap.out}/lib/libcap*.so* mr,
+ ${pkgs.attr.out}/lib/libattr*.so* mr,
@{PROC}/sys/kernel/random/uuid r,
@{PROC}/sys/vm/overcommit_memory r,
+ ${pkgs.openssl}/etc/** r,
${pkgs.transmission}/share/transmission/** r,
owner ${settingsDir}/** rw,
diff --git a/nixos/modules/services/web-apps/pump.io.nix b/nixos/modules/services/web-apps/pump.io.nix
new file mode 100644
index 00000000000..b7c64bc6940
--- /dev/null
+++ b/nixos/modules/services/web-apps/pump.io.nix
@@ -0,0 +1,364 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.pumpio;
+ dataDir = "/var/lib/pump.io";
+ user = "pumpio";
+
+ configOptions = {
+ driver = if cfg.driver == "disk" then null else cfg.driver;
+ params = ({ } //
+ (if cfg.driver == "disk" then {
+ dir = dataDir;
+ } else { }) //
+ (if cfg.driver == "mongodb" || cfg.driver == "redis" then {
+ host = cfg.dbHost;
+ port = cfg.dbPort;
+ dbname = cfg.dbName;
+ dbuser = cfg.dbUser;
+ dbpass = cfg.dbPassword;
+ } else { }) //
+ (if cfg.driver == "memcached" then {
+ host = cfg.dbHost;
+ port = cfg.dbPort;
+ } else { }) //
+ cfg.driverParams);
+
+ secret = cfg.secret;
+
+ address = cfg.address;
+ port = cfg.port;
+
+ noweb = false;
+ urlPort = cfg.urlPort;
+ hostname = cfg.hostname;
+ favicon = cfg.favicon;
+
+ site = cfg.site;
+ owner = cfg.owner;
+ ownerURL = cfg.ownerURL;
+
+ key = cfg.sslKey;
+ cert = cfg.sslCert;
+ bounce = false;
+
+ spamhost = cfg.spamHost;
+ spamclientid = cfg.spamClientId;
+ spamclientsecret = cfg.spamClientSecret;
+
+ requireEmail = cfg.requireEmail;
+ smtpserver = cfg.smtpHost;
+ smtpport = cfg.smtpPort;
+ smtpuser = cfg.smtpUser;
+ smtppass = cfg.smtpPassword;
+ smtpusessl = cfg.smtpUseSSL;
+ smtpfrom = cfg.smtpFrom;
+
+ nologger = false;
+ uploaddir = "${dataDir}/uploads";
+ debugClient = false;
+ firehose = cfg.firehose;
+ disableRegistration = cfg.disableRegistration;
+ } //
+ (if cfg.port < 1024 then {
+ serverUser = user; # have pump.io listen then drop privileges
+ } else { }) //
+ cfg.extraConfig;
+
+in
+
+{
+ options = {
+
+ services.pumpio = {
+
+ enable = mkEnableOption "Pump.io social streams server";
+
+ secret = mkOption {
+ type = types.str;
+ example = "my dog has fleas";
+ description = ''
+ A session-generating secret, server-wide password. Warning:
+ this is stored in cleartext in the Nix store!
+ '';
+ };
+
+ site = mkOption {
+ type = types.str;
+ example = "Awesome Sauce";
+ description = "Name of the server";
+ };
+
+ owner = mkOption {
+ type = types.str;
+ default = "";
+ example = "Awesome Inc.";
+ description = "Name of owning entity, if you want to link to it.";
+ };
+
+ ownerURL = mkOption {
+ type = types.str;
+ default = "";
+ example = "https://pump.io";
+ description = "URL of owning entity, if you want to link to it.";
+ };
+
+ address = mkOption {
+ type = types.str;
+ default = "localhost";
+ description = ''
+ Web server listen address.
+ '';
+ };
+
+ port = mkOption {
+ type = types.int;
+ default = 31337;
+ description = ''
+ Port to listen on. Defaults to 31337, which is suitable for
+ running behind a reverse proxy. For a standalone server,
+ use 443.
+ '';
+ };
+
+ hostname = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ The hostname of the server, used for generating
+ URLs. Defaults to "localhost" which doesn't do much for you.
+ '';
+ };
+
+ urlPort = mkOption {
+ type = types.int;
+ default = 443;
+ description = ''
+ Port to use for generating URLs. This basically has to be
+ either 80 or 443 because the host-meta and Webfinger
+ protocols don't make any provision for HTTP/HTTPS servers
+ running on other ports.
+ '';
+ };
+
+ favicon = mkOption {
+ type = types.nullOr types.path;
+ default = null;
+ description = ''
+ Local filesystem path to the favicon.ico file to use. This
+ will be served as "/favicon.ico" by the server.
+ '';
+ };
+
+ sslKey = mkOption {
+ type = types.path;
+ example = "${dataDir}/myserver.key";
+ default = "";
+ description = ''
+ The path to the server certificate private key. The
+ certificate is required, but it can be self-signed.
+ '';
+ };
+
+ sslCert = mkOption {
+ type = types.path;
+ example = "${dataDir}/myserver.crt";
+ default = "";
+ description = ''
+ The path to the server certificate. The certificate is
+ required, but it can be self-signed.
+ '';
+ };
+
+ firehose = mkOption {
+ type = types.str;
+ default = "ofirehose.com";
+ description = ''
+ Firehose host running the ofirehose software. Defaults to
+ "ofirehose.com". Public notices will be ping this firehose
+ server and from there go out to search engines and the
+ world. If you want to disconnect from the public web, set
+ this to something falsy.
+ '';
+ };
+
+ disableRegistration = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Disables registering new users on the site through the Web
+ or the API.
+ '';
+ };
+
+ requireEmail = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Require an e-mail address to register.";
+ };
+
+ extraConfig = mkOption {
+ default = { };
+ description = ''
+ Extra configuration options which are serialized to json and added
+ to the pump.io.json config file.
+ '';
+ };
+
+ driver = mkOption {
+ type = types.enum [ "mongodb" "disk" "lrucache" "memcached" "redis" ];
+ default = "mongodb";
+ description = "Type of database. Corresponds to a nodejs databank driver.";
+ };
+
+ driverParams = mkOption {
+ default = { };
+ description = "Extra parameters for the driver.";
+ };
+
+ dbHost = mkOption {
+ type = types.str;
+ default = "localhost";
+ description = "The database host to connect to.";
+ };
+
+ dbPort = mkOption {
+ type = types.int;
+ default = 27017;
+ description = "The port that the database is listening on.";
+ };
+
+ dbName = mkOption {
+ type = types.str;
+ default = "pumpio";
+ description = "The name of the database to use.";
+ };
+
+ dbUser = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ The username. Defaults to null, meaning no authentication.
+ '';
+ };
+
+ dbPassword = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ The password corresponding to dbUser. Warning: this is
+ stored in cleartext in the Nix store!
+ '';
+ };
+
+ smtpHost = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ example = "localhost";
+ description = ''
+ Server to use for sending transactional email. If it's not
+ set up, no email is sent and features like password recovery
+ and email notification won't work.
+ '';
+ };
+
+ smtpPort = mkOption {
+ type = types.int;
+ default = 25;
+ description = ''
+ Port to connect to on SMTP server.
+ '';
+ };
+
+ smtpUser = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ Username to use to connect to SMTP server. Might not be
+ necessary for some servers.
+ '';
+ };
+
+ smtpPassword = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ Password to use to connect to SMTP server. Might not be
+ necessary for some servers. Warning: this is stored in
+ cleartext in the Nix store!
+ '';
+ };
+
+ smtpUseSSL = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Only use SSL with the SMTP server. By default, a SSL
+ connection is negotiated using TLS. You may need to change
+ the smtpPort value if you set this.
+ '';
+ };
+
+ smtpFrom = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ Email address to use in the "From:" header of outgoing
+ notifications. Defaults to 'no-reply@' plus the site
+ hostname.
+ '';
+ };
+
+ spamHost = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ Host running activityspam software to use to test updates
+ for spam.
+ '';
+ };
+ spamClientId = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = "OAuth pair for spam server.";
+ };
+ spamClientSecret = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ OAuth pair for spam server. Warning: this is
+ stored in cleartext in the Nix store!
+ '';
+ };
+ };
+
+ };
+
+ config = mkIf cfg.enable {
+ systemd.services."pump.io" =
+ { description = "pump.io social network stream server";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig.ExecStart = "${pkgs.pumpio}/bin/pump -c /etc/pump.io.json";
+ serviceConfig.User = if cfg.port < 1024 then "root" else user;
+ serviceConfig.Group = user;
+ };
+
+ environment.etc."pump.io.json" = {
+ mode = "0440";
+ gid = config.ids.gids.pumpio;
+ text = builtins.toJSON configOptions;
+ };
+
+ users.extraGroups.pumpio.gid = config.ids.gids.pumpio;
+ users.extraUsers.pumpio = {
+ group = "pumpio";
+ uid = config.ids.uids.pumpio;
+ description = "Pump.io user";
+ home = dataDir;
+ createHome = true;
+ };
+ };
+}
diff --git a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix
index a5e539bc9ba..9994de0f9b4 100644
--- a/nixos/modules/services/web-servers/apache-httpd/owncloud.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/owncloud.nix
@@ -70,7 +70,7 @@ let
"proxyuserpwd" => "",
/* List of trusted domains, to prevent host header poisoning ownCloud is only using these Host headers */
- 'trusted_domains' => array('${config.trustedDomain}'),
+ ${if config.trustedDomain != "" then "'trusted_domains' => array('${config.trustedDomain}')," else ""}
/* Theme to use for ownCloud */
"theme" => "",
@@ -331,7 +331,7 @@ let
*/
'share_folder' => '/',
- 'version' => '${pkgs.owncloud.version}',
+ 'version' => '${config.package.version}',
'openssl' => '${pkgs.openssl}/bin/openssl'
@@ -345,16 +345,15 @@ rec {
extraConfig =
''
- ServerName ${config.siteName}
- ServerAdmin ${config.adminAddr}
- DocumentRoot ${documentRoot}
+ ${if config.urlPrefix != "" then "Alias ${config.urlPrefix} ${config.package}" else ''
- RewriteEngine On
- RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
- RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
+ RewriteEngine On
+ RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
+ RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
+ ''}
-
- ${builtins.readFile "${pkgs.owncloud}/.htaccess"}
+
+ ${builtins.readFile "${config.package}/.htaccess"}
'';
@@ -362,12 +361,29 @@ rec {
{ name = "OC_CONFIG_PATH"; value = "${config.dataDir}/config/"; }
];
- documentRoot = pkgs.owncloud;
+ documentRoot = if config.urlPrefix == "" then config.package else null;
enablePHP = true;
options = {
+ package = mkOption {
+ type = types.package;
+ default = pkgs.owncloud70;
+ example = literalExample "pkgs.owncloud70";
+ description = ''
+ PostgreSQL package to use.
+ '';
+ };
+
+ urlPrefix = mkOption {
+ default = "";
+ example = "/owncloud";
+ description = ''
+ The URL prefix under which the owncloud service appears.
+ '';
+ };
+
id = mkOption {
default = "main";
description = ''
@@ -552,7 +568,7 @@ rec {
cp ${owncloudConfig} ${config.dataDir}/config/config.php
mkdir -p ${config.dataDir}/storage
mkdir -p ${config.dataDir}/apps
- cp -r ${pkgs.owncloud}/apps/* ${config.dataDir}/apps/
+ cp -r ${config.package}/apps/* ${config.dataDir}/apps/
chmod -R ug+rw ${config.dataDir}
chmod -R o-rwx ${config.dataDir}
chown -R wwwrun:wwwrun ${config.dataDir}
@@ -566,7 +582,11 @@ rec {
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -h "/tmp" -U postgres -d ${config.dbName} -Atw -c "$QUERY" || true
fi
- ${php}/bin/php ${pkgs.owncloud}/occ upgrade || true
+ if [ -e ${config.package}/config/ca-bundle.crt ]; then
+ cp -f ${config.package}/config/ca-bundle.crt ${config.dataDir}/config/
+ fi
+
+ ${php}/bin/php ${config.package}/occ upgrade >> ${config.dataDir}/upgrade.log || true
chown wwwrun:wwwrun ${config.dataDir}/owncloud.log || true
diff --git a/nixos/modules/services/web-servers/apache-httpd/wordpress.nix b/nixos/modules/services/web-servers/apache-httpd/wordpress.nix
index a28c8567f9f..937b2698ce9 100644
--- a/nixos/modules/services/web-servers/apache-httpd/wordpress.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/wordpress.nix
@@ -5,7 +5,7 @@ with lib;
let
- version = "4.3";
+ version = "4.3.1";
fullversion = "${version}";
# Our bare-bones wp-config.php file using the above settings
@@ -74,7 +74,7 @@ let
owner = "WordPress";
repo = "WordPress";
rev = "${fullversion}";
- sha256 = "0sz5jjhjpwqis8336gyq9a77cr4sf8zahd1y4pzmpvpzn9cn503y";
+ sha256 = "1rk10vcv4z9p04hfzc0wkbilrgx7m9ssyr6c3w6vw3vl1bcgqxza";
};
installPhase = ''
mkdir -p $out
diff --git a/nixos/modules/services/x11/desktop-managers/kde5.nix b/nixos/modules/services/x11/desktop-managers/kde5.nix
index dc6aa137cbd..0f3cb5735e7 100644
--- a/nixos/modules/services/x11/desktop-managers/kde5.nix
+++ b/nixos/modules/services/x11/desktop-managers/kde5.nix
@@ -108,16 +108,26 @@ in
kdeApps.okular
kdeApps.print-manager
+ # Oxygen icons moved to KDE Frameworks 5.16 and later.
(kdeApps.oxygen-icons or kf5.oxygen-icons5)
pkgs.hicolor_icon_theme
plasma5.kde-gtk-config
- pkgs.orion # GTK theme, nearly identical to Breeze
]
+
+ # Plasma 5.5 and later has a Breeze GTK theme.
+ # If it is not available, Orion is very similar to Breeze.
+ ++ lib.optional (!(lib.hasAttr "breeze-gtk" plasma5)) pkgs.orion
+
+ # Install Breeze icons if available
+ ++ lib.optional (lib.hasAttr "breeze-icons" kf5) kf5.breeze-icons
+
+ # Optional hardware support features
++ lib.optional config.hardware.bluetooth.enable plasma5.bluedevil
++ lib.optional config.networking.networkmanager.enable plasma5.plasma-nm
++ lib.optional config.hardware.pulseaudio.enable plasma5.plasma-pa
++ lib.optional config.powerManagement.enable plasma5.powerdevil
+
++ lib.optionals cfg.phonon.gstreamer.enable
[
pkgs.phonon_backend_gstreamer
@@ -135,6 +145,7 @@ in
pkgs.gst_all_1.gst-plugins-bad
pkgs.gst_all_1.gst-libav # for mp3 playback
]
+
++ lib.optionals cfg.phonon.vlc.enable
[
pkgs.phonon_qt5_backend_vlc
@@ -166,6 +177,14 @@ in
# Extra UDEV rules used by Solid
services.udev.packages = [ pkgs.media-player-info ];
+ services.xserver.displayManager.sddm = {
+ theme = "breeze";
+ themes = [
+ plasma5.plasma-workspace
+ (kdeApps.oxygen-icons or kf5.oxygen-icons5)
+ ];
+ };
+
security.pam.services.kde = { allowNullPassword = true; };
};
diff --git a/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix
new file mode 100644
index 00000000000..4b598ca48b0
--- /dev/null
+++ b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix
@@ -0,0 +1,121 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ dmcfg = config.services.xserver.displayManager;
+ ldmcfg = dmcfg.lightdm;
+ cfg = ldmcfg.greeters.gtk;
+
+ inherit (pkgs) stdenv lightdm writeScript writeText;
+
+ theme = cfg.theme.package;
+ icons = cfg.iconTheme.package;
+
+ # The default greeter provided with this expression is the GTK greeter.
+ # Again, we need a few things in the environment for the greeter to run with
+ # fonts/icons.
+ wrappedGtkGreeter = stdenv.mkDerivation {
+ name = "lightdm-gtk-greeter";
+ buildInputs = [ pkgs.makeWrapper ];
+
+ buildCommand = ''
+ # This wrapper ensures that we actually get themes
+ makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \
+ $out/greeter \
+ --prefix PATH : "${pkgs.glibc.bin}/bin" \
+ --set GDK_PIXBUF_MODULE_FILE "${pkgs.gdk_pixbuf.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \
+ --set GTK_PATH "${theme}:${pkgs.gtk3.out}" \
+ --set GTK_EXE_PREFIX "${theme}" \
+ --set GTK_DATA_PREFIX "${theme}" \
+ --set XDG_DATA_DIRS "${theme}/share:${icons}/share" \
+ --set XDG_CONFIG_HOME "${theme}/share"
+
+ cat - > $out/lightdm-gtk-greeter.desktop << EOF
+ [Desktop Entry]
+ Name=LightDM Greeter
+ Comment=This runs the LightDM Greeter
+ Exec=$out/greeter
+ Type=Application
+ EOF
+ '';
+ };
+
+ gtkGreeterConf = writeText "lightdm-gtk-greeter.conf"
+ ''
+ [greeter]
+ theme-name = ${cfg.theme.name}
+ icon-theme-name = ${cfg.iconTheme.name}
+ background = ${ldmcfg.background}
+ '';
+
+in
+{
+ options = {
+
+ services.xserver.displayManager.lightdm.greeters.gtk = {
+
+ enable = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Whether to enable lightdm-gtk-greeter as the lightdm greeter.
+ '';
+ };
+
+ theme = {
+
+ package = mkOption {
+ type = types.path;
+ default = pkgs.gnome3.gnome_themes_standard;
+ description = ''
+ The package path that contains the theme given in the name option.
+ '';
+ };
+
+ name = mkOption {
+ type = types.str;
+ default = "Adwaita";
+ description = ''
+ Name of the theme to use for the lightdm-gtk-greeter.
+ '';
+ };
+
+ };
+
+ iconTheme = {
+
+ package = mkOption {
+ type = types.path;
+ default = pkgs.gnome3.defaultIconTheme;
+ description = ''
+ The package path that contains the icon theme given in the name option.
+ '';
+ };
+
+ name = mkOption {
+ type = types.str;
+ default = "Adwaita";
+ description = ''
+ Name of the icon theme to use for the lightdm-gtk-greeter.
+ '';
+ };
+
+ };
+
+ };
+
+ };
+
+ config = mkIf (ldmcfg.enable && cfg.enable) {
+
+ services.xserver.displayManager.lightdm.greeter = mkDefault {
+ package = wrappedGtkGreeter;
+ name = "lightdm-gtk-greeter";
+ };
+
+ environment.etc."lightdm/lightdm-gtk-greeter.conf".source = gtkGreeterConf;
+
+ };
+}
diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix
index 48fab024356..c8ccf43029d 100644
--- a/nixos/modules/services/x11/display-managers/lightdm.nix
+++ b/nixos/modules/services/x11/display-managers/lightdm.nix
@@ -18,38 +18,6 @@ let
exec ${dmcfg.xserverBin} ${dmcfg.xserverArgs}
'';
- theme = pkgs.gnome3.gnome_themes_standard;
- icons = pkgs.gnome3.defaultIconTheme;
-
- # The default greeter provided with this expression is the GTK greeter.
- # Again, we need a few things in the environment for the greeter to run with
- # fonts/icons.
- wrappedGtkGreeter = stdenv.mkDerivation {
- name = "lightdm-gtk-greeter";
- buildInputs = [ pkgs.makeWrapper ];
-
- buildCommand = ''
- # This wrapper ensures that we actually get themes
- makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \
- $out/greeter \
- --prefix PATH : "${pkgs.glibc.bin}/bin" \
- --set GDK_PIXBUF_MODULE_FILE "${pkgs.gdk_pixbuf.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" \
- --set GTK_PATH "${theme}:${pkgs.gtk3.out}" \
- --set GTK_EXE_PREFIX "${theme}" \
- --set GTK_DATA_PREFIX "${theme}" \
- --set XDG_DATA_DIRS "${theme}/share:${icons}/share" \
- --set XDG_CONFIG_HOME "${theme}/share"
-
- cat - > $out/lightdm-gtk-greeter.desktop << EOF
- [Desktop Entry]
- Name=LightDM Greeter
- Comment=This runs the LightDM Greeter
- Exec=$out/greeter
- Type=Application
- EOF
- '';
- };
-
usersConf = writeText "users.conf"
''
[UserList]
@@ -72,34 +40,42 @@ let
${cfg.extraSeatDefaults}
'';
- gtkGreeterConf = writeText "lightdm-gtk-greeter.conf"
- ''
- [greeter]
- theme-name = Adwaita
- icon-theme-name = Adwaita
- background = ${cfg.background}
- '';
-
in
{
+ # Note: the order in which lightdm greeter modules are imported
+ # here determines the default: later modules (if enable) are
+ # preferred.
+ imports = [
+ ./lightdm-greeters/gtk.nix
+ ];
+
options = {
+
services.xserver.displayManager.lightdm = {
enable = mkOption {
+ type = types.bool;
default = false;
description = ''
Whether to enable lightdm as the display manager.
'';
};
- greeter = mkOption {
- description = ''
- The LightDM greeter to login via. The package should be a directory
- containing a .desktop file matching the name in the 'name' option.
- '';
- default = {
- name = "lightdm-gtk-greeter";
- package = wrappedGtkGreeter;
+ greeter = {
+ package = mkOption {
+ type = types.path;
+ description = ''
+ The LightDM greeter to login via. The package should be a directory
+ containing a .desktop file matching the name in the 'name' option.
+ '';
+
+ };
+ name = mkOption {
+ type = types.string;
+ description = ''
+ The name of a .desktop file in the directory specified
+ in the 'package' option.
+ '';
};
};
@@ -135,7 +111,6 @@ in
'';
};
- environment.etc."lightdm/lightdm-gtk-greeter.conf".source = gtkGreeterConf;
environment.etc."lightdm/lightdm.conf".source = lightdmConf;
environment.etc."lightdm/users.conf".source = usersConf;
diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix
index 16a0d1b6d96..ae947a5d2d4 100644
--- a/nixos/modules/services/x11/display-managers/sddm.nix
+++ b/nixos/modules/services/x11/display-managers/sddm.nix
@@ -9,6 +9,8 @@ let
cfg = dmcfg.sddm;
xEnv = config.systemd.services."display-manager".environment;
+ sddm = pkgs.sddm.override { inherit (cfg) themes; };
+
xserverWrapper = pkgs.writeScript "xserver-wrapper" ''
#!/bin/sh
${concatMapStrings (n: "export ${n}=\"${getAttr n xEnv}\"\n") (attrNames xEnv)}
@@ -22,6 +24,8 @@ let
[Theme]
Current=${cfg.theme}
+ ThemeDir=${sddm}/share/sddm/themes
+ FacesDir=${sddm}/share/sddm/faces
[Users]
MaximumUid=${toString config.ids.uids.nixbld}
@@ -86,6 +90,14 @@ in
'';
};
+ themes = mkOption {
+ type = types.listOf types.package;
+ default = [];
+ description = ''
+ Extra packages providing themes.
+ '';
+ };
+
autoLogin = mkOption {
default = {};
description = ''
@@ -146,8 +158,7 @@ in
services.xserver.displayManager.job = {
logsXsession = true;
- #execCmd = "${pkgs.sddm}/bin/sddm";
- execCmd = "exec ${pkgs.sddm}/bin/sddm";
+ execCmd = "exec ${sddm}/bin/sddm";
};
security.pam.services = {
diff --git a/nixos/modules/services/x11/window-managers/afterstep.nix b/nixos/modules/services/x11/window-managers/afterstep.nix
index 395dabb86b5..ba88a64c702 100644
--- a/nixos/modules/services/x11/window-managers/afterstep.nix
+++ b/nixos/modules/services/x11/window-managers/afterstep.nix
@@ -8,10 +8,7 @@ in
{
###### interface
options = {
- services.xserver.windowManager.afterstep.enable = mkOption {
- default = false;
- description = "Enable the Afterstep window manager.";
- };
+ services.xserver.windowManager.afterstep.enable = mkEnableOption "afterstep";
};
###### implementation
diff --git a/nixos/modules/services/x11/window-managers/bspwm.nix b/nixos/modules/services/x11/window-managers/bspwm.nix
index d234a432e9a..8b4e91d25aa 100644
--- a/nixos/modules/services/x11/window-managers/bspwm.nix
+++ b/nixos/modules/services/x11/window-managers/bspwm.nix
@@ -8,12 +8,7 @@ in
{
options = {
- services.xserver.windowManager.bspwm.enable = mkOption {
- type = types.bool;
- default = false;
- example = true;
- description = "Enable the bspwm window manager.";
- };
+ services.xserver.windowManager.bspwm.enable = mkEnableOption "bspwm";
};
config = mkIf cfg.enable {
diff --git a/nixos/modules/services/x11/window-managers/clfswm.nix b/nixos/modules/services/x11/window-managers/clfswm.nix
index 9d8eecb56c7..176c1f46127 100644
--- a/nixos/modules/services/x11/window-managers/clfswm.nix
+++ b/nixos/modules/services/x11/window-managers/clfswm.nix
@@ -8,14 +8,7 @@ in
{
options = {
- services.xserver.windowManager.clfswm = {
- enable = mkOption {
- type = types.bool;
- default = false;
- example = true;
- description = "Enable the clfswm tiling window manager.";
- };
- };
+ services.xserver.windowManager.clfswm.enable = mkEnableOption "clfswm";
};
config = mkIf cfg.enable {
diff --git a/nixos/modules/services/x11/window-managers/compiz.nix b/nixos/modules/services/x11/window-managers/compiz.nix
index ffd71e5f91e..539a83f9906 100644
--- a/nixos/modules/services/x11/window-managers/compiz.nix
+++ b/nixos/modules/services/x11/window-managers/compiz.nix
@@ -15,10 +15,7 @@ in
services.xserver.windowManager.compiz = {
- enable = mkOption {
- default = false;
- description = "Enable the Compiz window manager.";
- };
+ enable = mkEnableOption "compiz";
renderingFlag = mkOption {
default = "";
diff --git a/nixos/modules/services/x11/window-managers/default.nix b/nixos/modules/services/x11/window-managers/default.nix
index 31f42f5ffb9..37d3348b8a3 100644
--- a/nixos/modules/services/x11/window-managers/default.nix
+++ b/nixos/modules/services/x11/window-managers/default.nix
@@ -12,6 +12,7 @@ in
./bspwm.nix
./clfswm.nix
./compiz.nix
+ ./dwm.nix
./fluxbox.nix
./herbstluftwm.nix
./i3.nix
diff --git a/nixos/modules/services/x11/window-managers/dwm.nix b/nixos/modules/services/x11/window-managers/dwm.nix
new file mode 100644
index 00000000000..a74bfce097d
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/dwm.nix
@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ cfg = config.services.xserver.windowManager.dwm;
+
+in
+
+{
+
+ ###### interface
+
+ options = {
+ services.xserver.windowManager.dwm.enable = mkEnableOption "dwm";
+ };
+
+
+ ###### implementation
+
+ config = mkIf cfg.enable {
+
+ services.xserver.windowManager.session = singleton
+ { name = "dwm";
+ start =
+ ''
+ ${pkgs.dwm}/bin/dwm &
+ waitPID=$!
+ '';
+ };
+
+ environment.systemPackages = [ pkgs.dwm ];
+
+ };
+
+}
diff --git a/nixos/modules/services/x11/window-managers/fluxbox.nix b/nixos/modules/services/x11/window-managers/fluxbox.nix
index 4748ce99ccf..b409335702a 100644
--- a/nixos/modules/services/x11/window-managers/fluxbox.nix
+++ b/nixos/modules/services/x11/window-managers/fluxbox.nix
@@ -8,10 +8,7 @@ in
{
###### interface
options = {
- services.xserver.windowManager.fluxbox.enable = mkOption {
- default = false;
- description = "Enable the Fluxbox window manager.";
- };
+ services.xserver.windowManager.fluxbox.enable = mkEnableOption "fluxbox";
};
###### implementation
diff --git a/nixos/modules/services/x11/window-managers/herbstluftwm.nix b/nixos/modules/services/x11/window-managers/herbstluftwm.nix
index 6cda910b6b3..829935fa432 100644
--- a/nixos/modules/services/x11/window-managers/herbstluftwm.nix
+++ b/nixos/modules/services/x11/window-managers/herbstluftwm.nix
@@ -8,12 +8,7 @@ in
{
options = {
- services.xserver.windowManager.herbstluftwm.enable = mkOption {
- type = types.bool;
- default = false;
- example = true;
- description = "Enable the herbstluftwm window manager.";
- };
+ services.xserver.windowManager.herbstluftwm.enable = mkEnableOption "herbstluftwm";
};
config = mkIf cfg.enable {
diff --git a/nixos/modules/services/x11/window-managers/i3.nix b/nixos/modules/services/x11/window-managers/i3.nix
index e85c3bce591..0d5816e363d 100644
--- a/nixos/modules/services/x11/window-managers/i3.nix
+++ b/nixos/modules/services/x11/window-managers/i3.nix
@@ -9,11 +9,7 @@ in
{
options = {
services.xserver.windowManager.i3 = {
- enable = mkOption {
- default = false;
- example = true;
- description = "Enable the i3 tiling window manager.";
- };
+ enable = mkEnableOption "i3";
configFile = mkOption {
default = null;
diff --git a/nixos/modules/services/x11/window-managers/icewm.nix b/nixos/modules/services/x11/window-managers/icewm.nix
index 9a3e8022189..f4ae9222df6 100644
--- a/nixos/modules/services/x11/window-managers/icewm.nix
+++ b/nixos/modules/services/x11/window-managers/icewm.nix
@@ -8,7 +8,7 @@ in
{
###### interface
options = {
- services.xserver.windowManager.icewm.enable = mkEnableOption "oroborus";
+ services.xserver.windowManager.icewm.enable = mkEnableOption "icewm";
};
###### implementation
diff --git a/nixos/modules/services/x11/window-managers/metacity.nix b/nixos/modules/services/x11/window-managers/metacity.nix
index d13cbcfe40e..3e5229be634 100644
--- a/nixos/modules/services/x11/window-managers/metacity.nix
+++ b/nixos/modules/services/x11/window-managers/metacity.nix
@@ -12,13 +12,7 @@ in
{
options = {
-
- services.xserver.windowManager.metacity.enable = mkOption {
- default = false;
- example = true;
- description = "Enable the metacity window manager.";
- };
-
+ services.xserver.windowManager.metacity.enable = mkEnableOption "metacity";
};
config = mkIf cfg.enable {
diff --git a/nixos/modules/services/x11/window-managers/notion.nix b/nixos/modules/services/x11/window-managers/notion.nix
index 1bfc2a86e96..4ece0d241c9 100644
--- a/nixos/modules/services/x11/window-managers/notion.nix
+++ b/nixos/modules/services/x11/window-managers/notion.nix
@@ -8,13 +8,7 @@ in
{
options = {
- services.xserver.windowManager.notion = {
- enable = mkOption {
- default = false;
- example = true;
- description = "Enable the notion tiling window manager.";
- };
- };
+ services.xserver.windowManager.notion.enable = mkEnableOption "notion";
};
config = mkIf cfg.enable {
diff --git a/nixos/modules/services/x11/window-managers/openbox.nix b/nixos/modules/services/x11/window-managers/openbox.nix
index 8fc759dda68..091b533b28b 100644
--- a/nixos/modules/services/x11/window-managers/openbox.nix
+++ b/nixos/modules/services/x11/window-managers/openbox.nix
@@ -1,5 +1,6 @@
{lib, pkgs, config, ...}:
+with lib;
let
inherit (lib) mkOption mkIf;
cfg = config.services.xserver.windowManager.openbox;
@@ -7,13 +8,7 @@ in
{
options = {
- services.xserver.windowManager.openbox = {
- enable = mkOption {
- default = false;
- example = true;
- description = "Enable the Openbox window manager.";
- };
- };
+ services.xserver.windowManager.openbox.enable = mkEnableOption "oroborus";
};
config = mkIf cfg.enable {
diff --git a/nixos/modules/services/x11/window-managers/ratpoison.nix b/nixos/modules/services/x11/window-managers/ratpoison.nix
index c203c35cd1b..0d58481d457 100644
--- a/nixos/modules/services/x11/window-managers/ratpoison.nix
+++ b/nixos/modules/services/x11/window-managers/ratpoison.nix
@@ -8,10 +8,7 @@ in
{
###### interface
options = {
- services.xserver.windowManager.ratpoison.enable = mkOption {
- default = false;
- description = "Enable the Ratpoison window manager.";
- };
+ services.xserver.windowManager.ratpoison.enable = mkEnableOption "ratpoison";
};
###### implementation
diff --git a/nixos/modules/services/x11/window-managers/sawfish.nix b/nixos/modules/services/x11/window-managers/sawfish.nix
index 74a11926020..b988b5e1829 100644
--- a/nixos/modules/services/x11/window-managers/sawfish.nix
+++ b/nixos/modules/services/x11/window-managers/sawfish.nix
@@ -8,10 +8,7 @@ in
{
###### interface
options = {
- services.xserver.windowManager.sawfish.enable = mkOption {
- default = false;
- description = "Enable the Sawfish window manager.";
- };
+ services.xserver.windowManager.sawfish.enable = mkEnableOption "sawfish";
};
###### implementation
diff --git a/nixos/modules/services/x11/window-managers/spectrwm.nix b/nixos/modules/services/x11/window-managers/spectrwm.nix
index 5db6b41ba8f..a1dc298d242 100644
--- a/nixos/modules/services/x11/window-managers/spectrwm.nix
+++ b/nixos/modules/services/x11/window-managers/spectrwm.nix
@@ -9,13 +9,7 @@ in
{
options = {
- services.xserver.windowManager.spectrwm = {
- enable = mkOption {
- default = false;
- example = true;
- description = "Enable the spectrwm window manager.";
- };
- };
+ services.xserver.windowManager.spectrwm.enable = mkEnableOption "spectrwm";
};
config = mkIf cfg.enable {
diff --git a/nixos/modules/services/x11/window-managers/stumpwm.nix b/nixos/modules/services/x11/window-managers/stumpwm.nix
index eb7b8665f23..3d3f2e0028c 100644
--- a/nixos/modules/services/x11/window-managers/stumpwm.nix
+++ b/nixos/modules/services/x11/window-managers/stumpwm.nix
@@ -8,14 +8,7 @@ in
{
options = {
- services.xserver.windowManager.stumpwm = {
- enable = mkOption {
- type = types.bool;
- default = false;
- example = true;
- description = "Enable the stumpwm tiling window manager.";
- };
- };
+ services.xserver.windowManager.stumpwm.enable = mkEnableOption "stumpwm";
};
config = mkIf cfg.enable {
diff --git a/nixos/modules/services/x11/window-managers/twm.nix b/nixos/modules/services/x11/window-managers/twm.nix
index 684b34c2f24..fc09901aae3 100644
--- a/nixos/modules/services/x11/window-managers/twm.nix
+++ b/nixos/modules/services/x11/window-managers/twm.nix
@@ -13,12 +13,7 @@ in
###### interface
options = {
-
- services.xserver.windowManager.twm.enable = mkOption {
- default = false;
- description = "Enable the twm window manager.";
- };
-
+ services.xserver.windowManager.twm.enable = mkEnableOption "twm";
};
diff --git a/nixos/modules/services/x11/window-managers/windowmaker.nix b/nixos/modules/services/x11/window-managers/windowmaker.nix
index 27cedb7da0c..b6272375805 100644
--- a/nixos/modules/services/x11/window-managers/windowmaker.nix
+++ b/nixos/modules/services/x11/window-managers/windowmaker.nix
@@ -8,10 +8,7 @@ in
{
###### interface
options = {
- services.xserver.windowManager.windowmaker.enable = mkOption {
- default = false;
- description = "Enable the Windowmaker window manager.";
- };
+ services.xserver.windowManager.windowmaker.enable = mkEnableOption "windowmaker";
};
###### implementation
diff --git a/nixos/modules/services/x11/window-managers/wmii.nix b/nixos/modules/services/x11/window-managers/wmii.nix
index e6f534a1be6..30c8df78224 100644
--- a/nixos/modules/services/x11/window-managers/wmii.nix
+++ b/nixos/modules/services/x11/window-managers/wmii.nix
@@ -1,5 +1,6 @@
-{ config, lib, pkgs, options, modulesPath }:
+{ config, lib, pkgs, options, modulesPath, ... }:
+with lib;
let
inherit (lib) mkOption mkIf singleton;
cfg = config.services.xserver.windowManager.wmii;
@@ -7,11 +8,7 @@ let
in
{
options = {
- services.xserver.windowManager.wmii.enable = mkOption {
- default = false;
- example = true;
- description = "Enable the wmii window manager.";
- };
+ services.xserver.windowManager.wmii.enable = mkEnableOption "wmii";
};
config = mkIf cfg.enable {
diff --git a/nixos/modules/services/x11/window-managers/xmonad.nix b/nixos/modules/services/x11/window-managers/xmonad.nix
index 288800d514d..6af88d4f645 100644
--- a/nixos/modules/services/x11/window-managers/xmonad.nix
+++ b/nixos/modules/services/x11/window-managers/xmonad.nix
@@ -1,5 +1,6 @@
{pkgs, lib, config, ...}:
+with lib;
let
inherit (lib) mkOption mkIf optionals literalExample;
cfg = config.services.xserver.windowManager.xmonad;
@@ -13,12 +14,7 @@ in
{
options = {
services.xserver.windowManager.xmonad = {
- enable = mkOption {
- default = false;
- example = true;
- description = "Enable the xmonad window manager.";
- };
-
+ enable = mkEnableOption "xmonad";
haskellPackages = mkOption {
default = pkgs.haskellPackages;
defaultText = "pkgs.haskellPackages";
diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix
index 5f09e937537..87dbbd7cd51 100644
--- a/nixos/modules/system/boot/loader/grub/grub.nix
+++ b/nixos/modules/system/boot/loader/grub/grub.nix
@@ -470,7 +470,7 @@ in
] ++ flip concatMap cfg.mirroredBoots (args: [
{
assertion = args.devices != [ ];
- message = "A boot path cannot have an empty devices string in ${arg.path}";
+ message = "A boot path cannot have an empty devices string in ${args.path}";
}
{
assertion = hasPrefix "/" args.path;
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
index d145baeebe9..826368e711a 100644
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -148,6 +148,12 @@ let
# Misc.
"systemd-sysctl.service"
+ "dbus-org.freedesktop.timedate1.service"
+ "dbus-org.freedesktop.locale1.service"
+ "dbus-org.freedesktop.hostname1.service"
+ "systemd-timedated.service"
+ "systemd-localed.service"
+ "systemd-hostnamed.service"
]
++ cfg.additionalUpstreamSystemUnits;
diff --git a/nixos/modules/tasks/kbd.nix b/nixos/modules/tasks/kbd.nix
index 5969da7062b..e36e9f85f1e 100644
--- a/nixos/modules/tasks/kbd.nix
+++ b/nixos/modules/tasks/kbd.nix
@@ -56,6 +56,8 @@ in
# it has a restart trigger.
systemd.services."systemd-vconsole-setup" =
{ wantedBy = [ "multi-user.target" ];
+ before = [ "display-manager.service" ];
+ after = [ "systemd-udev-settle.service" ];
restartTriggers = [ vconsoleConf ];
};
diff --git a/nixos/modules/virtualisation/azure-agent.nix b/nixos/modules/virtualisation/azure-agent.nix
new file mode 100644
index 00000000000..e657cc51939
--- /dev/null
+++ b/nixos/modules/virtualisation/azure-agent.nix
@@ -0,0 +1,170 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ cfg = config.virtualisation.azure.agent;
+
+ waagent = with pkgs; stdenv.mkDerivation rec {
+ name = "waagent-2.0";
+ src = pkgs.fetchgit {
+ url = https://github.com/Phreedom/WALinuxAgent.git;
+ rev = "9dba81c7b1239c7971ec96e405e403c7cd224e6b";
+ sha256 = "0khxk3ns3z37v26f2qj6m3m698a0vqpc9bxg5p7fyr3xza5gzwhs";
+ };
+ buildInputs = [ makeWrapper python pythonPackages.wrapPython ];
+ runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh
+ nettools # for hostname
+ procps # for pidof
+ shadow # for useradd, usermod
+ utillinux # for (u)mount, fdisk, sfdisk, mkswap
+ parted
+ ];
+ pythonPath = [ pythonPackages.pyasn1 ];
+
+ configurePhase = false;
+ buildPhase = false;
+
+ installPhase = ''
+ substituteInPlace config/99-azure-product-uuid.rules \
+ --replace /bin/chmod "${coreutils}/bin/chmod"
+ mkdir -p $out/lib/udev/rules.d
+ cp config/*.rules $out/lib/udev/rules.d
+
+ mkdir -p $out/bin
+ cp waagent $out/bin/
+ chmod +x $out/bin/waagent
+
+ wrapProgram "$out/bin/waagent" \
+ --prefix PYTHONPATH : $PYTHONPATH \
+ --prefix PATH : "${makeSearchPath "bin" runtimeDeps}"
+ '';
+ };
+
+ provisionedHook = pkgs.writeScript "provisioned-hook" ''
+ #!${pkgs.stdenv.shell}
+ ${config.systemd.package}/bin/systemctl start provisioned.target
+ '';
+
+in
+
+{
+
+ ###### interface
+
+ options.virtualisation.azure.agent.enable = mkOption {
+ default = false;
+ description = "Whether to enable the Windows Azure Linux Agent.";
+ };
+
+ ###### implementation
+
+ config = mkIf cfg.enable {
+ assertions = [ {
+ assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64;
+ message = "Azure not currently supported on ${pkgs.stdenv.system}";
+ } {
+ assertion = config.networking.networkmanager.enable == false;
+ message = "Windows Azure Linux Agent is not compatible with NetworkManager";
+ } ];
+
+ boot.initrd.kernelModules = [ "ata_piix" ];
+ networking.firewall.allowedUDPPorts = [ 68 ];
+
+
+ environment.etc."waagent.conf".text = ''
+ #
+ # Windows Azure Linux Agent Configuration
+ #
+
+ Role.StateConsumer=${provisionedHook}
+
+ # Enable instance creation
+ Provisioning.Enabled=y
+
+ # Password authentication for root account will be unavailable.
+ Provisioning.DeleteRootPassword=n
+
+ # Generate fresh host key pair.
+ Provisioning.RegenerateSshHostKeyPair=y
+
+ # Supported values are "rsa", "dsa" and "ecdsa".
+ Provisioning.SshHostKeyPairType=ed25519
+
+ # Monitor host name changes and publish changes via DHCP requests.
+ Provisioning.MonitorHostName=y
+
+ # Decode CustomData from Base64.
+ Provisioning.DecodeCustomData=n
+
+ # Execute CustomData after provisioning.
+ Provisioning.ExecuteCustomData=n
+
+ # Format if unformatted. If 'n', resource disk will not be mounted.
+ ResourceDisk.Format=y
+
+ # File system on the resource disk
+ # Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.
+ ResourceDisk.Filesystem=ext4
+
+ # Mount point for the resource disk
+ ResourceDisk.MountPoint=/mnt/resource
+
+ # Respond to load balancer probes if requested by Windows Azure.
+ LBProbeResponder=y
+
+ # Enable logging to serial console (y|n)
+ # When stdout is not enough...
+ # 'y' if not set
+ Logs.Console=y
+
+ # Enable verbose logging (y|n)
+ Logs.Verbose=n
+
+ # Root device timeout in seconds.
+ OS.RootDeviceScsiTimeout=300
+ '';
+
+ services.udev.packages = [ waagent ];
+
+ networking.dhcpcd.persistent = true;
+
+ services.logrotate = {
+ enable = true;
+ config = ''
+ /var/log/waagent.log {
+ compress
+ monthly
+ rotate 6
+ notifempty
+ missingok
+ }
+ '';
+ };
+
+ systemd.targets.provisioned = {
+ description = "Services Requiring Azure VM provisioning to have finished";
+ wantedBy = [ "sshd.service" ];
+ before = [ "sshd.service" ];
+ };
+
+
+ systemd.services.waagent = {
+ wantedBy = [ "sshd.service" ];
+ before = [ "sshd.service" ];
+ after = [ "ip-up.target" ];
+ wants = [ "ip-up.target" ];
+
+ path = [ pkgs.e2fsprogs ];
+ description = "Windows Azure Agent Service";
+ unitConfig.ConditionPathExists = "/etc/waagent.conf";
+ serviceConfig = {
+ ExecStart = "${waagent}/bin/waagent -daemon";
+ Type = "simple";
+ };
+ };
+
+ };
+
+}
diff --git a/nixos/modules/virtualisation/azure-common.nix b/nixos/modules/virtualisation/azure-common.nix
index 47022c6887c..eedf115ee15 100644
--- a/nixos/modules/virtualisation/azure-common.nix
+++ b/nixos/modules/virtualisation/azure-common.nix
@@ -4,6 +4,9 @@ with lib;
{
imports = [ ../profiles/headless.nix ];
+ require = [ ./azure-agent.nix ];
+ virtualisation.azure.agent.enable = true;
+
boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ];
boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ];
diff --git a/nixos/modules/virtualisation/azure-image.nix b/nixos/modules/virtualisation/azure-image.nix
index 1013396c049..024be4a5116 100644
--- a/nixos/modules/virtualisation/azure-image.nix
+++ b/nixos/modules/virtualisation/azure-image.nix
@@ -98,8 +98,8 @@ in
systemd.services.fetch-ssh-keys =
{ description = "Fetch host keys and authorized_keys for root user";
- wantedBy = [ "sshd.service" ];
- before = [ "sshd.service" ];
+ wantedBy = [ "sshd.service" "waagent.service" ];
+ before = [ "sshd.service" "waagent.service" ];
after = [ "local-fs.target" ];
path = [ pkgs.coreutils ];
@@ -108,14 +108,14 @@ in
eval "$(base64 --decode /metadata/CustomData.bin)"
if ! [ -z "$ssh_host_ecdsa_key" ]; then
echo "downloaded ssh_host_ecdsa_key"
- echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ecdsa_key
- chmod 600 /etc/ssh/ssh_host_ecdsa_key
+ echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ed25519_key
+ chmod 600 /etc/ssh/ssh_host_ed25519_key
fi
if ! [ -z "$ssh_host_ecdsa_key_pub" ]; then
echo "downloaded ssh_host_ecdsa_key_pub"
- echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ecdsa_key.pub
- chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub
+ echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ed25519_key.pub
+ chmod 644 /etc/ssh/ssh_host_ed25519_key.pub
fi
if ! [ -z "$ssh_root_auth_key" ]; then
diff --git a/nixos/modules/virtualisation/nova-image.nix b/nixos/modules/virtualisation/nova-image.nix
index 44c83aee273..13e36e7888b 100644
--- a/nixos/modules/virtualisation/nova-image.nix
+++ b/nixos/modules/virtualisation/nova-image.nix
@@ -21,7 +21,6 @@ with lib;
imports = [
../profiles/qemu-guest.nix
../profiles/headless.nix
- ./ec2-data.nix
];
fileSystems."/".device = "/dev/disk/by-label/nixos";
diff --git a/nixos/modules/virtualisation/rkt.nix b/nixos/modules/virtualisation/rkt.nix
new file mode 100644
index 00000000000..7b4d46e0749
--- /dev/null
+++ b/nixos/modules/virtualisation/rkt.nix
@@ -0,0 +1,62 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.virtualisation.rkt;
+in
+{
+ options.virtualisation.rkt = {
+ enable = mkEnableOption "rkt metadata service";
+
+ gc = {
+ automatic = mkOption {
+ default = true;
+ type = types.bool;
+ description = "Automatically run the garbage collector at a specific time.";
+ };
+
+ dates = mkOption {
+ default = "03:15";
+ type = types.str;
+ description = ''
+ Specification (in the format described by
+ systemd.time
+ 5) of the time at
+ which the garbage collector will run.
+ '';
+ };
+
+ options = mkOption {
+ default = "--grace-period=24h";
+ type = types.str;
+ description = ''
+ Options given to rkt gc when the
+ garbage collector is run automatically.
+ '';
+ };
+ };
+ };
+
+ config = mkIf cfg.enable {
+ environment.systemPackages = [ pkgs.rkt ];
+
+ systemd.services.rkt = {
+ description = "rkt metadata service";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.rkt}/bin/rkt metadata-service";
+ };
+ };
+
+ systemd.services.rkt-gc = {
+ description = "rkt garbage collection";
+ startAt = optionalString cfg.gc.automatic cfg.gc.dates;
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "${pkgs.rkt}/bin/rkt gc ${cfg.gc.options}";
+ };
+ };
+ };
+}
diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix
index 4dc221dba68..9a2a77b3155 100644
--- a/nixos/release-combined.nix
+++ b/nixos/release-combined.nix
@@ -83,6 +83,7 @@ in rec {
(all nixos.tests.openssh)
(all nixos.tests.printing)
(all nixos.tests.proxy)
+ (all nixos.tests.sddm)
(all nixos.tests.simple)
(all nixos.tests.udisks2)
(all nixos.tests.xfce)
diff --git a/nixos/release.nix b/nixos/release.nix
index f0df3fe3e1e..b5ac97b3b94 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -283,9 +283,11 @@ in rec {
tests.peerflix = callTest tests/peerflix.nix {};
tests.printing = callTest tests/printing.nix {};
tests.proxy = callTest tests/proxy.nix {};
+ tests.pumpio = callTest tests/pump.io.nix {};
tests.quake3 = callTest tests/quake3.nix {};
tests.runInMachine = callTest tests/run-in-machine.nix {};
tests.sddm = callTest tests/sddm.nix {};
+ tests.sddm-kde5 = callTest tests/sddm-kde5.nix {};
tests.simple = callTest tests/simple.nix {};
tests.tomcat = callTest tests/tomcat.nix {};
tests.udisks2 = callTest tests/udisks2.nix {};
diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix
index 213dd4ca43b..1d1e12d0ee3 100644
--- a/nixos/tests/chromium.nix
+++ b/nixos/tests/chromium.nix
@@ -26,8 +26,8 @@ import ./make-test.nix (
