public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into consistent-bazel-ref

Browse Source
This commit is contained in:
John Ericson 2020-04-01 16:16:30 -04:00
commit 6bf6ec8a96
3594 changed files with 114013 additions and 71489 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
.github/CODEOWNERS vendored
View File

@ -31,6 +31,9 @@
/pkgs/build-support/bintools-wrapper @Ericson2314 @orivej
/pkgs/build-support/setup-hooks @Ericson2314
# Nixpkgs build-support
/pkgs/build-support/writers @lassulus @Profpatsch
# NixOS Internals
/nixos/default.nix @nbp @infinisil
/nixos/lib/from-env.nix @nbp @infinisil
@ -63,11 +66,11 @@
/doc/languages-frameworks/python.section.md @FRidh
# Haskell
/pkgs/development/compilers/ghc @basvandijk @cdepillabout
/pkgs/development/haskell-modules @basvandijk @cdepillabout @infinisil
/pkgs/development/haskell-modules/default.nix @basvandijk @cdepillabout
/pkgs/development/haskell-modules/generic-builder.nix @basvandijk @cdepillabout
/pkgs/development/haskell-modules/hoogle.nix @basvandijk @cdepillabout
/pkgs/development/compilers/ghc @cdepillabout
/pkgs/development/haskell-modules @cdepillabout @infinisil
/pkgs/development/haskell-modules/default.nix @cdepillabout
/pkgs/development/haskell-modules/generic-builder.nix @cdepillabout
/pkgs/development/haskell-modules/hoogle.nix @cdepillabout
# Perl
/pkgs/development/interpreters/perl @volth
@ -79,8 +82,8 @@
/pkgs/development/r-modules @peti
# Ruby
/pkgs/development/interpreters/ruby @alyssais @zimbatm
/pkgs/development/ruby-modules @alyssais @zimbatm
/pkgs/development/interpreters/ruby @alyssais
/pkgs/development/ruby-modules @alyssais
# Rust
/pkgs/development/compilers/rust @Mic92 @LnL7

1
.gitignore vendored
View File

@ -11,6 +11,7 @@ result-*
.version-suffix
.DS_Store
.mypy_cache
/pkgs/development/libraries/qt-5/*/tmp/
/pkgs/desktops/kde-5/*/tmp/

2
.version
View File

@ -1 +1 @@
20.03
20.09

1
README.md
View File

@ -24,6 +24,7 @@
* [IRC - #nixos on freenode.net](irc://irc.freenode.net/#nixos)
* [NixOS Weekly](https://weekly.nixos.org/)
* [Community-maintained wiki](https://nixos.wiki/)
* [Community-maintained list of ways to get in touch](https://nixos.wiki/wiki/Get_In_Touch#Chat) (Discord, Matrix, Telegram, other IRC channels, etc.)
# Other Project Repositories

4
doc/Makefile
View File

@ -87,7 +87,7 @@ functions/library/generated: doc-support/result
ln -rfs ./doc-support/result/function-docs functions/library/generated
%.section.xml: %.section.md
pandoc $^ -w docbook+smart \
pandoc $^ -w docbook \
-f markdown+smart \
| sed -e 's|<ulink url=|<link xlink:href=|' \
-e 's|</ulink>|</link>|' \
@ -98,7 +98,7 @@ functions/library/generated: doc-support/result
| cat > $@
%.chapter.xml: %.chapter.md
pandoc $^ -w docbook+smart \
pandoc $^ -w docbook \
--top-level-division=chapter \
-f markdown+smart \
| sed -e 's|<ulink url=|<link xlink:href=|' \

2
doc/builders/images/ocitools.xml
View File

@ -25,7 +25,7 @@
buildContainer {
args = [ (with pkgs; writeScript "run.sh" ''
#!${bash}/bin/bash
${coreutils}/bin/exec ${bash}/bin/bash
exec ${bash}/bin/bash
'').outPath ]; <co xml:id='ex-ociTools-buildContainer-1' />
mounts = {

3
doc/contributing/quick-start.xml
View File

@ -69,8 +69,7 @@
<listitem>
<para>
JDiskReport, a Java utility: <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/misc/jdiskreport/default.nix"><filename>pkgs/tools/misc/jdiskreport/default.nix</filename></link> (and the <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/misc/jdiskreport/builder.sh">builder</link>). Nixpkgs doesnt have a decent <varname>stdenv</varname> for Java yet so this is pretty ad-hoc.
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/misc/jdiskreport/default.nix"><filename>pkgs/tools/misc/jdiskreport/default.nix</filename></link>. Nixpkgs doesnt have a decent <varname>stdenv</varname> for Java yet so this is pretty ad-hoc.
</para>
</listitem>
<listitem>

44
doc/functions/library/attrsets.xml
View File

@ -1667,4 +1667,48 @@ recursiveUpdate
]]></programlisting>
</example>
</section>
<section xml:id="function-library-lib.attrsets.recurseIntoAttrs">
<title><function>lib.attrsets.recurseIntoAttrs</function></title>
<subtitle><literal>recurseIntoAttrs :: AttrSet -> AttrSet</literal>
</subtitle>
<xi:include href="./locations.xml" xpointer="lib.attrsets.recurseIntoAttrs" />
<para>
Make various Nix tools consider the contents of the resulting
attribute set when looking for what to build, find, etc.
</para>
<para>
This function only affects a single attribute set; it does not apply itself recursively for nested attribute sets.
</para>
<variablelist>
<varlistentry>
<term>
<varname>attrs</varname>
</term>
<listitem>
<para>
An attribute set to scan for derivations.
</para>
</listitem>
</varlistentry>
</variablelist>
<example xml:id="function-library-lib.attrsets.recurseIntoAttrs-example">
<title>Making Nix look inside an attribute set</title>
<programlisting><![CDATA[
{ pkgs ? import <nixpkgs> {} }:
{
myTools = pkgs.lib.recurseIntoAttrs {
inherit (pkgs) hello figlet;
};
}
]]></programlisting>
</example>
</section>
</section>

2
doc/languages-frameworks/android.section.md
View File

@ -235,5 +235,5 @@ package manager uses. To update the expressions run the `generate.sh` script
that is stored in the `pkgs/development/mobile/androidenv/` sub directory:
```bash
sh ./generate.sh
./generate.sh
```

2
doc/languages-frameworks/crystal.section.md
View File

@ -66,6 +66,6 @@ crystal.buildCrystalPackage rec {
shardsFile = ./shards.nix;
crystalBinaries.mint.src = "src/mint.cr";
buildInputs = [ openssl_1_0_2 ];
buildInputs = [ openssl ];
}
```

2
doc/languages-frameworks/gnome.xml
View File

@ -233,7 +233,7 @@ mkDerivation {
</term>
<listitem>
<para>
You can rely on applications depending on the library set the necessary environment variables but that it often easy to miss. Instead we recommend to patch the paths in the source code whenever possible. Here are some examples:
You can rely on applications depending on the library setting the necessary environment variables but that is often easy to miss. Instead we recommend to patch the paths in the source code whenever possible. Here are some examples:
<itemizedlist>
<listitem xml:id="ssec-gnome-common-issues-unwrappable-package-gnome-shell-ext">
<para>

2
doc/languages-frameworks/go.xml
View File

@ -42,7 +42,7 @@ pet = buildGoModule rec {
meta = with lib; {
description = "Simple command-line snippet manager, written in Go";
homepage = https://github.com/knqyf263/pet;
homepage = "https://github.com/knqyf263/pet";
license = licenses.mit;
maintainers = with maintainers; [ kalbasit ];
platforms = platforms.linux ++ platforms.darwin;

16
doc/languages-frameworks/haskell.section.md
View File

@ -84,18 +84,18 @@ nix-env -qaP -A nixos.haskellPackages
nix-env -iA nixos.haskellPackages.cabal-install
```
Our current default compiler is GHC 8.6.x and the `haskellPackages` set
Our current default compiler is GHC 8.8.x and the `haskellPackages` set
contains packages built with that particular version. Nixpkgs contains the last
three major releases of GHC and there is a whole family of package sets
available that defines Hackage packages built with each of those compilers,
too:
```shell
nix-env -f "<nixpkgs>" -qaP -A haskell.packages.ghc844
nix-env -f "<nixpkgs>" -qaP -A haskell.packages.ghc882
nix-env -f "<nixpkgs>" -qaP -A haskell.packages.ghc865
nix-env -f "<nixpkgs>" -qaP -A haskell.packages.ghc8101
```
The name `haskellPackages` is really just a synonym for
`haskell.packages.ghc865`, because we prefer that package set internally and
`haskell.packages.ghc882`, because we prefer that package set internally and
recommend it to our users as their default choice, but ultimately you are free
to compile your Haskell packages with any GHC version you please. The following
command displays the complete list of available compilers:
@ -112,8 +112,10 @@ haskell.compiler.ghc865 ghc-8.6.5
haskell.compiler.integer-simple.ghc865 ghc-8.6.5
haskell.compiler.ghc881 ghc-8.8.1
haskell.compiler.integer-simple.ghc881 ghc-8.8.1
haskell.compiler.ghc882 ghc-8.8.1.20191211
haskell.compiler.integer-simple.ghc882 ghc-8.8.1.20191211
haskell.compiler.ghc882 ghc-8.8.2
haskell.compiler.integer-simple.ghc882 ghc-8.8.2
haskell.compiler.ghc883 ghc-8.8.3
haskell.compiler.integer-simple.ghc883 ghc-8.8.3
haskell.compiler.ghcjs ghcjs-8.6.0.1
```
@ -367,7 +369,7 @@ automatically select the right version of GHC and other build tools to build,
test and execute apps in an existing project downloaded from somewhere on the
Internet. Pass the `--nix` flag to any `stack` command to do so, e.g.
```shell
git clone --recursive https://github.com/yesodweb/wai
git clone --recurse-submodules https://github.com/yesodweb/wai.git
cd wai
stack --nix build
```

2
doc/languages-frameworks/idris.section.md
View File

@ -96,7 +96,7 @@ build-idris-package {
meta = {
description = "Idris YAML lib";
homepage = https://github.com/Heather/Idris.Yaml;
homepage = "https://github.com/Heather/Idris.Yaml";
license = lib.licenses.mit;
maintainers = [ lib.maintainers.brainrape ];
};

4
doc/languages-frameworks/ocaml.xml
View File

@ -36,7 +36,7 @@ buildDunePackage rec {
doCheck = true;
meta = {
homepage = https://github.com/inhabitedtype/angstrom;
homepage = "https://github.com/inhabitedtype/angstrom";
description = "OCaml parser combinators built for speed and memory efficiency";
license = stdenv.lib.licenses.bsd3;
maintainers = with stdenv.lib.maintainers; [ sternenseemann ];
@ -63,7 +63,7 @@ buildDunePackage rec {
};
meta = with stdenv.lib; {
homepage = https://github.com/flowtype/ocaml-wtf8;
homepage = "https://github.com/flowtype/ocaml-wtf8";
description = "WTF-8 is a superset of UTF-8 that allows unpaired surrogates.";
license = licenses.mit;
maintainers = [ maintainers.eqyiel ];

366
doc/languages-frameworks/python.section.md
View File

@ -72,8 +72,9 @@ Now you can use the Python interpreter, as well as the extra packages (`numpy`,
##### Environment defined in `~/.config/nixpkgs/config.nix`
If you prefer to, you could also add the environment as a package override to the Nixpkgs set, e.g.
using `config.nix`,
If you prefer you could also add the environment as a package override to the
Nixpkgs set, e.g. using `config.nix`,
```nix
{ # ...
@ -83,15 +84,18 @@ using `config.nix`,
}
```
and install it in your profile with
```shell
nix-env -iA nixpkgs.myEnv
```
The environment is is installed by referring to the attribute, and considering
the `nixpkgs` channel was used.
##### Environment defined in `/etc/nixos/configuration.nix`
For the sake of completeness, here's another example how to install the environment system-wide.
For the sake of completeness, here's another example how to install the
environment system-wide.
```nix
{ # ...
@ -109,40 +113,56 @@ into a profile. For development you may need to use multiple environments.
`nix-shell` gives the possibility to temporarily load another environment, akin
to `virtualenv`.
There are two methods for loading a shell with Python packages. The first and recommended method
is to create an environment with `python.buildEnv` or `python.withPackages` and load that. E.g.
There are two methods for loading a shell with Python packages. The first and
recommended method is to create an environment with `python.buildEnv` or
`python.withPackages` and load that. E.g.
```sh
$ nix-shell -p 'python35.withPackages(ps: with ps; [ numpy toolz ])'
```
opens a shell from which you can launch the interpreter
```sh
[nix-shell:~] python3
```
The other method, which is not recommended, does not create an environment and requires you to list the packages directly,
The other method, which is not recommended, does not create an environment and
requires you to list the packages directly,
```sh
$ nix-shell -p python35.pkgs.numpy python35.pkgs.toolz
```
Again, it is possible to launch the interpreter from the shell.
The Python interpreter has the attribute `pkgs` which contains all Python libraries for that specific interpreter.
Again, it is possible to launch the interpreter from the shell. The Python
interpreter has the attribute `pkgs` which contains all Python libraries for
that specific interpreter.
##### Load environment from `.nix` expression
As explained in the Nix manual, `nix-shell` can also load an
expression from a `.nix` file. Say we want to have Python 3.5, `numpy`
and `toolz`, like before, in an environment. Consider a `shell.nix` file
with
```nix
with import <nixpkgs> {};
(python35.withPackages (ps: [ps.numpy ps.toolz])).env
```
Executing `nix-shell` gives you again a Nix shell from which you can run Python.
What's happening here?
1. We begin with importing the Nix Packages collections. `import <nixpkgs>` imports the `<nixpkgs>` function, `{}` calls it and the `with` statement brings all attributes of `nixpkgs` in the local scope. These attributes form the main package set.
1. We begin with importing the Nix Packages collections. `import <nixpkgs>`
imports the `<nixpkgs>` function, `{}` calls it and the `with` statement
brings all attributes of `nixpkgs` in the local scope. These attributes form
the main package set.
2. Then we create a Python 3.5 environment with the `withPackages` function.
3. The `withPackages` function expects us to provide a function as an argument that takes the set of all python packages and returns a list of packages to include in the environment. Here, we select the packages `numpy` and `toolz` from the package set.
3. The `withPackages` function expects us to provide a function as an argument
that takes the set of all python packages and returns a list of packages to
include in the environment. Here, we select the packages `numpy` and `toolz`
from the package set.
To combine this with `mkShell` you can:
@ -166,20 +186,23 @@ in mkShell {
A convenient option with `nix-shell` is the `--run`
option, with which you can execute a command in the `nix-shell`. We can
e.g. directly open a Python shell
```sh
$ nix-shell -p python35Packages.numpy python35Packages.toolz --run "python3"
```
or run a script
```sh
$ nix-shell -p python35Packages.numpy python35Packages.toolz --run "python3 myscript.py"
```
##### `nix-shell` as shebang
In fact, for the second use case, there is a more convenient method. You can
add a [shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)) to your script
In fact, for the second use case, there is a more convenient method. You can add
a [shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)) to your script
specifying which dependencies `nix-shell` needs. With the following shebang, you
can just execute `./myscript.py`, and it will make available all dependencies and
run the script in the `python3` shell.
can just execute `./myscript.py`, and it will make available all dependencies
and run the script in the `python3` shell.
```py
#! /usr/bin/env nix-shell
@ -218,7 +241,7 @@ buildPythonPackage rec {
doCheck = false;
meta = with lib; {
homepage = https://github.com/pytoolz/toolz;
homepage = "https://github.com/pytoolz/toolz";
description = "List processing tools and functional utilities";
license = licenses.bsd3;
maintainers = with maintainers; [ fridh ];
@ -270,6 +293,7 @@ with import <nixpkgs> {};
in python35.withPackages (ps: [ps.numpy my_toolz])
).env
```
Executing `nix-shell` will result in an environment in which you can use
Python 3.5 and the `toolz` package. As you can see we had to explicitly mention
for which Python version we want to build a package.
@ -311,7 +335,7 @@ buildPythonPackage rec {
propagatedBuildInputs = [ numpy multipledispatch dateutil ];
meta = with lib; {
homepage = https://github.com/ContinuumIO/datashape;
homepage = "https://github.com/ContinuumIO/datashape";
description = "A data description language";
license = licenses.bsd2;
maintainers = with maintainers; [ fridh ];
@ -345,7 +369,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "Pythonic binding for the libxml2 and libxslt libraries";
homepage = https://lxml.de;
homepage = "https://lxml.de";
license = licenses.bsd3;
maintainers = with maintainers; [ sjourdois ];
};
@ -355,12 +379,12 @@ buildPythonPackage rec {
In this example `lxml` and Nix are able to work out exactly where the relevant
files of the dependencies are. This is not always the case.
The example below shows bindings to The Fastest Fourier Transform in the West, commonly known as
FFTW. On Nix we have separate packages of FFTW for the different types of floats
(`"single"`, `"double"`, `"long-double"`). The bindings need all three types,
and therefore we add all three as `buildInputs`. The bindings don't expect to
find each of them in a different folder, and therefore we have to set `LDFLAGS`
and `CFLAGS`.
The example below shows bindings to The Fastest Fourier Transform in the West,
commonly known as FFTW. On Nix we have separate packages of FFTW for the
different types of floats (`"single"`, `"double"`, `"long-double"`). The
bindings need all three types, and therefore we add all three as `buildInputs`.
The bindings don't expect to find each of them in a different folder, and
therefore we have to set `LDFLAGS` and `CFLAGS`.
```nix
{ lib, pkgs, buildPythonPackage, fetchPypi, numpy, scipy }:
@ -404,17 +428,18 @@ instead of installing the package this command creates a special link to the pro
That way, you can run updated code without having to reinstall after each and every change you make.
Development mode is also available. Let's see how you can use it.
In the previous Nix expression the source was fetched from an url. We can also refer to a local source instead using
`src = ./path/to/source/tree;`
In the previous Nix expression the source was fetched from an url. We can also
refer to a local source instead using `src = ./path/to/source/tree;`
If we create a `shell.nix` file which calls `buildPythonPackage`, and if `src`
is a local source, and if the local source has a `setup.py`, then development
mode is activated.
In the following example we create a simple environment that
has a Python 3.5 version of our package in it, as well as its dependencies and
other packages we like to have in the environment, all specified with `propagatedBuildInputs`.
Indeed, we can just add any package we like to have in our environment to `propagatedBuildInputs`.
In the following example we create a simple environment that has a Python 3.5
version of our package in it, as well as its dependencies and other packages we
like to have in the environment, all specified with `propagatedBuildInputs`.
Indeed, we can just add any package we like to have in our environment to
`propagatedBuildInputs`.
```nix
with import <nixpkgs> {};
@ -427,7 +452,8 @@ buildPythonPackage rec {
}
```
It is important to note that due to how development mode is implemented on Nix it is not possible to have multiple packages simultaneously in development mode.
It is important to note that due to how development mode is implemented on Nix
it is not possible to have multiple packages simultaneously in development mode.
### Organising your packages
@ -497,13 +523,13 @@ and in this case the `python35` interpreter is automatically used.
### Interpreters
Versions 2.7, 3.5, 3.6, 3.7 and 3.8 of the CPython interpreter are available as
respectively `python27`, `python35`, `python36`, `python37` and `python38`. The aliases
`python2` and `python3` correspond to respectively `python27` and
respectively `python27`, `python35`, `python36`, `python37` and `python38`. The
aliases `python2` and `python3` correspond to respectively `python27` and
`python37`. The default interpreter, `python`, maps to `python2`. The PyPy
interpreters compatible with Python 2.7 and 3 are available as `pypy27` and
`pypy3`, with aliases `pypy2` mapping to `pypy27` and `pypy` mapping to
`pypy2`. The Nix expressions for the interpreters can be
found in `pkgs/development/interpreters/python`.
`pypy3`, with aliases `pypy2` mapping to `pypy27` and `pypy` mapping to `pypy2`.
The Nix expressions for the interpreters can be found in
`pkgs/development/interpreters/python`.
All packages depending on any Python interpreter get appended
`out/{python.sitePackages}` to `$PYTHONPATH` if such directory
@ -532,9 +558,10 @@ Python libraries and applications that use `setuptools` or
`buildPythonApplication` functions. These two functions also support installing a `wheel`.
All Python packages reside in `pkgs/top-level/python-packages.nix` and all
applications elsewhere. In case a package is used as both a library and an application,
then the package should be in `pkgs/top-level/python-packages.nix` since only those packages are made
available for all interpreter versions. The preferred location for library expressions is in
applications elsewhere. In case a package is used as both a library and an
application, then the package should be in `pkgs/top-level/python-packages.nix`
since only those packages are made available for all interpreter versions. The
preferred location for library expressions is in
`pkgs/development/python-modules`. It is important that these packages are
called from `pkgs/top-level/python-packages.nix` and not elsewhere, to guarantee
the right version of the package is built.
@ -562,6 +589,7 @@ The `buildPythonPackage` function is implemented in
using setup hooks.
The following is an example:
```nix
{ lib, buildPythonPackage, fetchPypi, hypothesis, setuptools_scm, attrs, py, setuptools, six, pluggy }:
@ -608,38 +636,67 @@ as the interpreter unless overridden otherwise.
##### `buildPythonPackage` parameters
All parameters from `stdenv.mkDerivation` function are still supported. The following are specific to `buildPythonPackage`:
All parameters from `stdenv.mkDerivation` function are still supported. The
following are specific to `buildPythonPackage`:
* `catchConflicts ? true`: If `true`, abort package build if a package name appears more than once in dependency tree. Default is `true`.
* `disabled` ? false: If `true`, package is not built for the particular Python interpreter version.
* `catchConflicts ? true`: If `true`, abort package build if a package name
appears more than once in dependency tree. Default is `true`.
* `disabled` ? false: If `true`, package is not built for the particular Python
interpreter version.
* `dontWrapPythonPrograms ? false`: Skip wrapping of python programs.
* `permitUserSite ? false`: Skip setting the `PYTHONNOUSERSITE` environment variable in wrapped programs.
* `installFlags ? []`: A list of strings. Arguments to be passed to `pip install`. To pass options to `python setup.py install`, use `--install-option`. E.g., `installFlags=["--install-option='--cpp_implementation'"]`.
* `format ? "setuptools"`: Format of the source. Valid options are `"setuptools"`, `"pyproject"`, `"flit"`, `"wheel"`, and `"other"`. `"setuptools"` is for when the source has a `setup.py` and `setuptools` is used to build a wheel, `flit`, in case `flit` should be used to build a wheel, and `wheel` in case a wheel is provided. Use `other` when a custom `buildPhase` and/or `installPhase` is needed.
* `makeWrapperArgs ? []`: A list of strings. Arguments to be passed to `makeWrapper`, which wraps generated binaries. By default, the arguments to `makeWrapper` set `PATH` and `PYTHONPATH` environment variables before calling the binary. Additional arguments here can allow a developer to set environment variables which will be available when the binary is run. For example, `makeWrapperArgs = ["--set FOO BAR" "--set BAZ QUX"]`.
* `namePrefix`: Prepends text to `${name}` parameter. In case of libraries, this defaults to `"python3.5-"` for Python 3.5, etc., and in case of applications to `""`.
* `pythonPath ? []`: List of packages to be added into `$PYTHONPATH`. Packages in `pythonPath` are not propagated (contrary to `propagatedBuildInputs`).
* `permitUserSite ? false`: Skip setting the `PYTHONNOUSERSITE` environment
variable in wrapped programs.
* `installFlags ? []`: A list of strings. Arguments to be passed to `pip
install`. To pass options to `python setup.py install`, use
`--install-option`. E.g., `installFlags=["--install-option='--cpp_implementation'"]`.
* `format ? "setuptools"`: Format of the source. Valid options are
`"setuptools"`, `"pyproject"`, `"flit"`, `"wheel"`, and `"other"`.
`"setuptools"` is for when the source has a `setup.py` and `setuptools` is
used to build a wheel, `flit`, in case `flit` should be used to build a wheel,
and `wheel` in case a wheel is provided. Use `other` when a custom
`buildPhase` and/or `installPhase` is needed.
* `makeWrapperArgs ? []`: A list of strings. Arguments to be passed to
`makeWrapper`, which wraps generated binaries. By default, the arguments to
`makeWrapper` set `PATH` and `PYTHONPATH` environment variables before calling
the binary. Additional arguments here can allow a developer to set environment
variables which will be available when the binary is run. For example,
`makeWrapperArgs = ["--set FOO BAR" "--set BAZ QUX"]`.
* `namePrefix`: Prepends text to `${name}` parameter. In case of libraries, this
defaults to `"python3.5-"` for Python 3.5, etc., and in case of applications
to `""`.
* `pythonPath ? []`: List of packages to be added into `$PYTHONPATH`. Packages
in `pythonPath` are not propagated (contrary to `propagatedBuildInputs`).
* `preShellHook`: Hook to execute commands before `shellHook`.
* `postShellHook`: Hook to execute commands after `shellHook`.
* `removeBinByteCode ? true`: Remove bytecode from `/bin`. Bytecode is only created when the filenames end with `.py`.
* `removeBinByteCode ? true`: Remove bytecode from `/bin`. Bytecode is only
created when the filenames end with `.py`.
* `setupPyGlobalFlags ? []`: List of flags passed to `setup.py` command.
* `setupPyBuildFlags ? []`: List of flags passed to `setup.py build_ext` command.
The `stdenv.mkDerivation` function accepts various parameters for describing build inputs (see "Specifying dependencies"). The following are of special
interest for Python packages, either because these are primarily used, or because their behaviour is different:
The `stdenv.mkDerivation` function accepts various parameters for describing
build inputs (see "Specifying dependencies"). The following are of special
interest for Python packages, either because these are primarily used, or
because their behaviour is different:
* `nativeBuildInputs ? []`: Build-time only dependencies. Typically executables as well as the items listed in `setup_requires`.
* `buildInputs ? []`: Build and/or run-time dependencies that need to be be compiled for the host machine. Typically non-Python libraries which are being linked.
* `checkInputs ? []`: Dependencies needed for running the `checkPhase`. These are added to `nativeBuildInputs` when `doCheck = true`. Items listed in `tests_require` go here.
* `propagatedBuildInputs ? []`: Aside from propagating dependencies, `buildPythonPackage` also injects code into and wraps executables with the paths included in this list. Items listed in `install_requires` go here.
* `nativeBuildInputs ? []`: Build-time only dependencies. Typically executables
as well as the items listed in `setup_requires`.
* `buildInputs ? []`: Build and/or run-time dependencies that need to be be
compiled for the host machine. Typically non-Python libraries which are being
linked.
* `checkInputs ? []`: Dependencies needed for running the `checkPhase`. These
are added to `nativeBuildInputs` when `doCheck = true`. Items listed in
`tests_require` go here.
* `propagatedBuildInputs ? []`: Aside from propagating dependencies,
`buildPythonPackage` also injects code into and wraps executables with the
paths included in this list. Items listed in `install_requires` go here.
##### Overriding Python packages
The `buildPythonPackage` function has a `overridePythonAttrs` method that
can be used to override the package. In the following example we create an
environment where we have the `blaze` package using an older version of `pandas`.
We override first the Python interpreter and pass
`packageOverrides` which contains the overrides for packages in the package set.
The `buildPythonPackage` function has a `overridePythonAttrs` method that can be
used to override the package. In the following example we create an environment
where we have the `blaze` package using an older version of `pandas`. We
override first the Python interpreter and pass `packageOverrides` which contains
the overrides for packages in the package set.
```nix
with import <nixpkgs> {};
@ -725,15 +782,18 @@ youtube-dl = with pythonPackages; toPythonApplication youtube-dl;
#### `toPythonModule` function
In some cases, such as bindings, a package is created using
`stdenv.mkDerivation` and added as attribute in `all-packages.nix`.
The Python bindings should be made available from `python-packages.nix`.
The `toPythonModule` function takes a derivation and makes certain Python-specific modifications.
`stdenv.mkDerivation` and added as attribute in `all-packages.nix`. The Python
bindings should be made available from `python-packages.nix`. The
`toPythonModule` function takes a derivation and makes certain Python-specific
modifications.
```nix
opencv = toPythonModule (pkgs.opencv.override {
enablePython = true;
pythonPackages = self;
});
```
Do pay attention to passing in the right Python version!
#### `python.buildEnv` function
@ -741,6 +801,7 @@ Do pay attention to passing in the right Python version!
Python environments can be created using the low-level `pkgs.buildEnv` function.
This example shows how to create an environment that has the Pyramid Web Framework.
Saving the following as `default.nix`
```nix
with import <nixpkgs> {};
@ -751,6 +812,7 @@ python.buildEnv.override {
```
and running `nix-build` will create
```
/nix/store/cf1xhjwzmdki7fasgr4kz6di72ykicl5-python-2.7.8-env
```
@ -760,6 +822,7 @@ with wrapped binaries in `bin/`.
You can also use the `env` attribute to create local environments with needed
packages installed. This is somewhat comparable to `virtualenv`. For example,
running `nix-shell` with the following `shell.nix`
```nix
with import <nixpkgs> {};
@ -777,7 +840,8 @@ specified packages in its path.
* `extraLibs`: List of packages installed inside the environment.
* `postBuild`: Shell command executed after the build of environment.
* `ignoreCollisions`: Ignore file collisions inside the environment (default is `false`).
* `permitUserSite`: Skip setting the `PYTHONNOUSERSITE` environment variable in wrapped binaries in the environment.
* `permitUserSite`: Skip setting the `PYTHONNOUSERSITE` environment variable in
wrapped binaries in the environment.
#### `python.withPackages` function
@ -785,15 +849,17 @@ The `python.withPackages` function provides a simpler interface to the `python.b
It takes a function as an argument that is passed the set of python packages and returns the list
of the packages to be included in the environment. Using the `withPackages` function, the previous
example for the Pyramid Web Framework environment can be written like this:
```nix
with import <nixpkgs> {};
python.withPackages (ps: [ps.pyramid])
```
`withPackages` passes the correct package set for the specific interpreter version as an
argument to the function. In the above example, `ps` equals `pythonPackages`.
But you can also easily switch to using python3:
`withPackages` passes the correct package set for the specific interpreter
version as an argument to the function. In the above example, `ps` equals
`pythonPackages`. But you can also easily switch to using python3:
```nix
with import <nixpkgs> {};
@ -802,30 +868,35 @@ python3.withPackages (ps: [ps.pyramid])
Now, `ps` is set to `python3Packages`, matching the version of the interpreter.
As `python.withPackages` simply uses `python.buildEnv` under the hood, it also supports the `env`
attribute. The `shell.nix` file from the previous section can thus be also written like this:
As `python.withPackages` simply uses `python.buildEnv` under the hood, it also
supports the `env` attribute. The `shell.nix` file from the previous section can
thus be also written like this:
```nix
with import <nixpkgs> {};
(python36.withPackages (ps: [ps.numpy ps.requests])).env
```
In contrast to `python.buildEnv`, `python.withPackages` does not support the more advanced options
such as `ignoreCollisions = true` or `postBuild`. If you need them, you have to use `python.buildEnv`.
In contrast to `python.buildEnv`, `python.withPackages` does not support the
more advanced options such as `ignoreCollisions = true` or `postBuild`. If you
need them, you have to use `python.buildEnv`.
Python 2 namespace packages may provide `__init__.py` that collide. In that case `python.buildEnv`
should be used with `ignoreCollisions = true`.
Python 2 namespace packages may provide `__init__.py` that collide. In that case
`python.buildEnv` should be used with `ignoreCollisions = true`.
#### Setup hooks
The following are setup hooks specifically for Python packages. Most of these are
used in `buildPythonPackage`.
The following are setup hooks specifically for Python packages. Most of these
are used in `buildPythonPackage`.
- `eggUnpackhook` to move an egg to the correct folder so it can be installed with the `eggInstallHook`
- `eggUnpackhook` to move an egg to the correct folder so it can be installed
with the `eggInstallHook`
- `eggBuildHook` to skip building for eggs.
- `eggInstallHook` to install eggs.
- `flitBuildHook` to build a wheel using `flit`.
- `pipBuildHook` to build a wheel using `pip` and PEP 517. Note a build system (e.g. `setuptools` or `flit`) should still be added as `nativeBuildInput`.
- `pipBuildHook` to build a wheel using `pip` and PEP 517. Note a build system
(e.g. `setuptools` or `flit`) should still be added as `nativeBuildInput`.
- `pipInstallHook` to install wheels.
- `pytestCheckHook` to run tests with `pytest`.
- `pythonCatchConflictsHook` to check whether a Python package is not already existing.
@ -833,8 +904,10 @@ used in `buildPythonPackage`.
- `pythonRemoveBinBytecode` to remove bytecode from the `/bin` folder.
- `setuptoolsBuildHook` to build a wheel using `setuptools`.
- `setuptoolsCheckHook` to run tests with `python setup.py test`.
- `venvShellHook` to source a Python 3 `venv` at the `venvDir` location. A `venv` is created if it does not yet exist.
- `wheelUnpackHook` to move a wheel to the correct folder so it can be installed with the `pipInstallHook`.
- `venvShellHook` to source a Python 3 `venv` at the `venvDir` location. A
`venv` is created if it does not yet exist.
- `wheelUnpackHook` to move a wheel to the correct folder so it can be installed
with the `pipInstallHook`.
### Development mode
@ -856,11 +929,11 @@ pythonPackages.buildPythonPackage {
}
```
Running `nix-shell` with no arguments should give you
the environment in which the package would be built with
`nix-build`.
Running `nix-shell` with no arguments should give you the environment in which
the package would be built with `nix-build`.
Shortcut to setup environments with C headers/libraries and python packages:
```shell
nix-shell -p pythonPackages.pyramid zlib libjpeg git
```
@ -872,19 +945,22 @@ Note: There is a boolean value `lib.inNixShell` set to `true` if nix-shell is in
Packages inside nixpkgs are written by hand. However many tools exist in
community to help save time. No tool is preferred at the moment.
- [pypi2nix](https://github.com/nix-community/pypi2nix): Generate Nix expressions for your Python project. Note that [sharing derivations from pypi2nix with nixpkgs is possible but not encouraged](https://github.com/nix-community/pypi2nix/issues/222#issuecomment-443497376).
- [pypi2nix](https://github.com/nix-community/pypi2nix): Generate Nix
expressions for your Python project. Note that [sharing derivations from
pypi2nix with nixpkgs is possible but not
encouraged](https://github.com/nix-community/pypi2nix/issues/222#issuecomment-443497376).
- [python2nix](https://github.com/proger/python2nix) by Vladimir Kirillov.
### Deterministic builds
The Python interpreters are now built deterministically.
Minor modifications had to be made to the interpreters in order to generate
deterministic bytecode. This has security implications and is relevant for
those using Python in a `nix-shell`.
The Python interpreters are now built deterministically. Minor modifications had
to be made to the interpreters in order to generate deterministic bytecode. This
has security implications and is relevant for those using Python in a
`nix-shell`.
When the environment variable `DETERMINISTIC_BUILD` is set, all bytecode will have timestamp 1.
The `buildPythonPackage` function sets `DETERMINISTIC_BUILD=1` and
[PYTHONHASHSEED=0](https://docs.python.org/3.5/using/cmdline.html#envvar-PYTHONHASHSEED).
When the environment variable `DETERMINISTIC_BUILD` is set, all bytecode will
have timestamp 1. The `buildPythonPackage` function sets `DETERMINISTIC_BUILD=1`
and [PYTHONHASHSEED=0](https://docs.python.org/3.5/using/cmdline.html#envvar-PYTHONHASHSEED).
Both are also exported in `nix-shell`.
@ -899,9 +975,10 @@ example of such a situation is when `py.test` is used.
#### Common issues
- Non-working tests can often be deselected. By default `buildPythonPackage` runs `python setup.py test`.
Most python modules follows the standard test protocol where the pytest runner can be used instead.
`py.test` supports a `-k` parameter to ignore test methods or classes:
* Non-working tests can often be deselected. By default `buildPythonPackage`
runs `python setup.py test`. Most python modules follows the standard test
protocol where the pytest runner can be used instead. `py.test` supports a
`-k` parameter to ignore test methods or classes:
```nix
buildPythonPackage {
@ -913,7 +990,8 @@ example of such a situation is when `py.test` is used.
'';
}
```
- Tests that attempt to access `$HOME` can be fixed by using the following work-around before running tests (e.g. `preCheck`): `export HOME=$(mktemp -d)`
* Tests that attempt to access `$HOME` can be fixed by using the following
work-around before running tests (e.g. `preCheck`): `export HOME=$(mktemp -d)`
## FAQ
@ -925,8 +1003,9 @@ should also be done when packaging `A`.
### How to override a Python package?
We can override the interpreter and pass `packageOverrides`.
In the following example we rename the `pandas` package and build it.
We can override the interpreter and pass `packageOverrides`. In the following
example we rename the `pandas` package and build it.
```nix
with import <nixpkgs> {};
@ -939,14 +1018,16 @@ with import <nixpkgs> {};
in python.withPackages(ps: [ps.pandas])).env
```
Using `nix-build` on this expression will build an environment that contains the
package `pandas` but with the new name `foo`.
All packages in the package set will use the renamed package.
A typical use case is to switch to another version of a certain package.
For example, in the Nixpkgs repository we have multiple versions of `django` and `scipy`.
In the following example we use a different version of `scipy` and create an environment that uses it.
All packages in the Python package set will now use the updated `scipy` version.
All packages in the package set will use the renamed package. A typical use case
is to switch to another version of a certain package. For example, in the
Nixpkgs repository we have multiple versions of `django` and `scipy`. In the
following example we use a different version of `scipy` and create an
environment that uses it. All packages in the Python package set will now use
the updated `scipy` version.
```nix
with import <nixpkgs> {};
@ -958,10 +1039,13 @@ with import <nixpkgs> {};
in (pkgs.python35.override {inherit packageOverrides;}).withPackages (ps: [ps.blaze])
).env
```
The requested package `blaze` depends on `pandas` which itself depends on `scipy`.
If you want the whole of Nixpkgs to use your modifications, then you can use `overlays`
as explained in this manual. In the following example we build a `inkscape` using a different version of `numpy`.
If you want the whole of Nixpkgs to use your modifications, then you can use
`overlays` as explained in this manual. In the following example we build a
`inkscape` using a different version of `numpy`.
```nix
let
pkgs = import <nixpkgs> {};
@ -982,19 +1066,28 @@ Executing `python setup.py bdist_wheel` in a `nix-shell `fails with
ValueError: ZIP does not support timestamps before 1980
```
This is because files from the Nix store (which have a timestamp of the UNIX epoch of January 1, 1970) are included in the .ZIP, but .ZIP archives follow the DOS convention of counting timestamps from 1980.
This is because files from the Nix store (which have a timestamp of the UNIX
epoch of January 1, 1970) are included in the .ZIP, but .ZIP archives follow the
DOS convention of counting timestamps from 1980.
The command `bdist_wheel` reads the `SOURCE_DATE_EPOCH` environment variable, which `nix-shell` sets to 1. Unsetting this variable or giving it a value corresponding to 1980 or later enables building wheels.
The command `bdist_wheel` reads the `SOURCE_DATE_EPOCH` environment variable,
which `nix-shell` sets to 1. Unsetting this variable or giving it a value
corresponding to 1980 or later enables building wheels.
Use 1980 as timestamp:
```shell
nix-shell --run "SOURCE_DATE_EPOCH=315532800 python3 setup.py bdist_wheel"
```
or the current time:
```shell
nix-shell --run "SOURCE_DATE_EPOCH=$(date +%s) python3 setup.py bdist_wheel"
```
or unset `SOURCE_DATE_EPOCH`:
```shell
nix-shell --run "unset SOURCE_DATE_EPOCH; python3 setup.py bdist_wheel"
```
@ -1002,13 +1095,18 @@ nix-shell --run "unset SOURCE_DATE_EPOCH; python3 setup.py bdist_wheel"
### `install_data` / `data_files` problems
If you get the following error:
```
could not create '/nix/store/6l1bvljpy8gazlsw2aw9skwwp4pmvyxw-python-2.7.8/etc':
Permission denied
```
This is a [known bug](https://github.com/pypa/setuptools/issues/130) in `setuptools`.
Setuptools `install_data` does not respect `--prefix`. An example of such package using the feature is `pkgs/tools/X11/xpra/default.nix`.
This is a [known bug](https://github.com/pypa/setuptools/issues/130) in
`setuptools`. Setuptools `install_data` does not respect `--prefix`. An example
of such package using the feature is `pkgs/tools/X11/xpra/default.nix`.
As workaround install it as an extra `preInstall` step:
```shell
${python.interpreter} setup.py install_data --install-dir=$out --root=$out
sed -i '/ = data\_files/d' setup.py
@ -1031,13 +1129,16 @@ function.
### How to consume python modules using pip in a virtual environment like I am used to on other Operating Systems?
While this approach is not very idiomatic from Nix perspective, it can still be useful when dealing with pre-existing
projects or in situations where it's not feasible or desired to write derivations for all required dependencies.
While this approach is not very idiomatic from Nix perspective, it can still be
useful when dealing with pre-existing projects or in situations where it's not
feasible or desired to write derivations for all required dependencies.
This is an example of a `default.nix` for a `nix-shell`, which allows to consume a virtual environment created by `venv`,
and install python modules through `pip` the traditional way.
This is an example of a `default.nix` for a `nix-shell`, which allows to consume
a virtual environment created by `venv`, and install python modules through
`pip` the traditional way.
Create this `default.nix` file, together with a `requirements.txt` and simply execute `nix-shell`.
Create this `default.nix` file, together with a `requirements.txt` and simply
execute `nix-shell`.
```nix
with import <nixpkgs> { };
@ -1082,8 +1183,9 @@ in pkgs.mkShell rec {
}
```
In case the supplied venvShellHook is insufficient, or when python 2 support is needed,
you can define your own shell hook and adapt to your needs like in the following example:
In case the supplied venvShellHook is insufficient, or when python 2 support is
needed, you can define your own shell hook and adapt to your needs like in the
following example:
```nix
with import <nixpkgs> { };
@ -1152,11 +1254,11 @@ If you need to change a package's attribute(s) from `configuration.nix` you coul
```
`pythonPackages.zerobin` is now globally overridden. All packages and also the
`zerobin` NixOS service use the new definition.
Note that `python-super` refers to the old package set and `python-self`
to the new, overridden version.
`zerobin` NixOS service use the new definition. Note that `python-super` refers
to the old package set and `python-self` to the new, overridden version.
To modify only a Python package set instead of a whole Python derivation, use this snippet:
To modify only a Python package set instead of a whole Python derivation, use
this snippet:
```nix
myPythonPackages = pythonPackages.override {
@ -1188,11 +1290,12 @@ self: super: {
### How to use Intel's MKL with numpy and scipy?
A `site.cfg` is created that configures BLAS based on the `blas` parameter
of the `numpy` derivation. By passing in `mkl`, `numpy` and packages depending
on `numpy` will be built with `mkl`.
A `site.cfg` is created that configures BLAS based on the `blas` parameter of
the `numpy` derivation. By passing in `mkl`, `numpy` and packages depending on
`numpy` will be built with `mkl`.
The following is an overlay that configures `numpy` to use `mkl`:
```nix
self: super: {
python37 = super.python37.override {
@ -1228,10 +1331,21 @@ In a `setup.py` or `setup.cfg` it is common to declare dependencies:
Following rules are desired to be respected:
* Python libraries are called from `python-packages.nix` and packaged with `buildPythonPackage`. The expression of a library should be in `pkgs/development/python-modules/<name>/default.nix`. Libraries in `pkgs/top-level/python-packages.nix` are sorted quasi-alphabetically to avoid merge conflicts.
* Python applications live outside of `python-packages.nix` and are packaged with `buildPythonApplication`.
* Python libraries are called from `python-packages.nix` and packaged with
`buildPythonPackage`. The expression of a library should be in
`pkgs/development/python-modules/<name>/default.nix`. Libraries in
`pkgs/top-level/python-packages.nix` are sorted quasi-alphabetically to avoid
merge conflicts.
* Python applications live outside of `python-packages.nix` and are packaged
with `buildPythonApplication`.
* Make sure libraries build for all Python interpreters.
* By default we enable tests. Make sure the tests are found and, in the case of libraries, are passing for all interpreters. If certain tests fail they can be disabled individually. Try to avoid disabling the tests altogether. In any case, when you disable tests, leave a comment explaining why.
* Commit names of Python libraries should reflect that they are Python libraries, so write for example `pythonPackages.numpy: 1.11 -> 1.12`.
* Attribute names in `python-packages.nix` should be normalized according to [PEP 0503](https://www.python.org/dev/peps/pep-0503/#normalized-names).
This means that characters should be converted to lowercase and `.` and `_` should be replaced by a single `-` (foo-bar-baz instead of Foo__Bar.baz )
* By default we enable tests. Make sure the tests are found and, in the case of
libraries, are passing for all interpreters. If certain tests fail they can be
disabled individually. Try to avoid disabling the tests altogether. In any
case, when you disable tests, leave a comment explaining why.
* Commit names of Python libraries should reflect that they are Python
libraries, so write for example `pythonPackages.numpy: 1.11 -> 1.12`.
* Attribute names in `python-packages.nix` should be normalized according to
[PEP 0503](https://www.python.org/dev/peps/pep-0503/#normalized-names). This
means that characters should be converted to lowercase and `.` and `_` should
be replaced by a single `-` (foo-bar-baz instead of Foo__Bar.baz )

22
doc/languages-frameworks/rust.section.md
View File

@ -37,11 +37,10 @@ rustPlatform.buildRustPackage rec {
};
cargoSha256 = "17ldqr3asrdcsh4l29m3b5r37r5d0b3npq1lrgjmxb6vlx6a36qh";
verifyCargoDeps = true;
meta = with stdenv.lib; {
description = "A fast line-oriented regex search tool, similar to ag and ack";
homepage = https://github.com/BurntSushi/ripgrep;
homepage = "https://github.com/BurntSushi/ripgrep";
license = licenses.unlicense;
maintainers = [ maintainers.tailhook ];
platforms = platforms.all;
@ -54,17 +53,16 @@ all crate sources of this package. Currently it is obtained by inserting a
fake checksum into the expression and building the package once. The correct
checksum can be then take from the failed build.
When the `Cargo.lock`, provided by upstream, is not in sync with the
`Cargo.toml`, it is possible to use `cargoPatches` to update it. All patches
added in `cargoPatches` will also be prepended to the patches in `patches` at
build-time.
Per the instructions in the [Cargo Book](https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html)
best practices guide, Rust applications should always commit the `Cargo.lock`
file in git to ensure a reproducible build. However, a few packages do not, and
Nix depends on this file, so if it missing you can use `cargoPatches` to apply
it in the `patchPhase`. Consider sending a PR upstream with a note to the
maintainer describing why it's important to include in the application.
When `verifyCargoDeps` is set to `true`, the build will also verify that the
`cargoSha256` is not out of date by comparing the `Cargo.lock` file in both the
`cargoDeps` and `src`. Note that this option changes the value of `cargoSha256`
since it also copies the `Cargo.lock` in it. To avoid breaking
backward-compatibility this option is not enabled by default but hopefully will
be in the future.
The fetcher will verify that the `Cargo.lock` file is in sync with the `src`
attribute, and fail the build if not. It will also will compress the vendor
directory into a tar.gz archive.
### Building a crate for a different target

7
doc/languages-frameworks/vim.section.md
View File

@ -261,12 +261,7 @@ deoplete-fish = super.deoplete-fish.overrideAttrs(old: {
Sometimes plugins require an override that must be changed when the plugin is updated. This can cause issues when Vim plugins are auto-updated but the associated override isn't updated. For these plugins, the override should be written so that it specifies all information required to install the plugin, and running `./update.py` doesn't change the derivation for the plugin. Manually updating the override is required to update these types of plugins. An example of such a plugin is `LanguageClient-neovim`.
To add a new plugin:
1. run `./update.py` and create a commit named "vimPlugins: Update",
2. add the new plugin to [vim-plugin-names](/pkgs/misc/vim-plugins/vim-plugin-names) and add overrides if required to [overrides.nix](/pkgs/misc/vim-plugins/overrides.nix),
3. run `./update.py` again and create a commit named "vimPlugins.[name]: init at [version]" (where `name` and `version` can be found in [generated.nix](/pkgs/misc/vim-plugins/generated.nix)), and
4. create a pull request.
To add a new plugin, run `./update.py --add "[owner]/[name]"`. **NOTE**: This script automatically commits to your git repository. Be sure to check out a fresh branch before running.
## Important repositories

2
doc/stdenv/meta.xml
View File

@ -11,7 +11,7 @@ meta = with stdenv.lib; {
GNU Hello is a program that prints "Hello, world!" when you run it.
It is fully customizable.
'';
homepage = https://www.gnu.org/software/hello/manual/;
homepage = "https://www.gnu.org/software/hello/manual/";
license = licenses.gpl3Plus;
maintainers = [ maintainers.eelco ];
platforms = platforms.all;

14
lib/attrsets.nix
View File

@ -473,6 +473,20 @@ rec {
/* Pick the outputs of packages to place in buildInputs */
chooseDevOutputs = drvs: builtins.map getDev drvs;
/* Make various Nix tools consider the contents of the resulting
attribute set when looking for what to build, find, etc.
This function only affects a single attribute set; it does not
apply itself recursively for nested attribute sets.
*/
recurseIntoAttrs =
attrs: attrs // { recurseForDerivations = true; };
/* Undo the effect of recurseIntoAttrs.
*/
dontRecurseIntoAttrs =
attrs: attrs // { recurseForDerivations = false; };
/*** deprecated stuff ***/
zipWithNames = zipAttrsWithNames;

7
lib/customisation.nix
View File

@ -131,7 +131,12 @@ rec {
origArgs = auto // args;
pkgs = f origArgs;
mkAttrOverridable = name: _: makeOverridable (newArgs: (f newArgs).${name}) origArgs;
in lib.mapAttrs mkAttrOverridable pkgs;
in
if lib.isDerivation pkgs then throw
("function `callPackages` was called on a *single* derivation "
+ ''"${pkgs.name or "<unknown-name>"}";''
+ " did you mean to use `callPackage` instead?")
else lib.mapAttrs mkAttrOverridable pkgs;
/* Add attributes to each output of a derivation without changing

7
lib/default.nix
View File

@ -24,6 +24,7 @@ let
# packaging
customisation = callLibs ./customisation.nix;
maintainers = import ../maintainers/maintainer-list.nix;
teams = callLibs ../maintainers/team-list.nix;
meta = callLibs ./meta.nix;
sources = callLibs ./sources.nix;
versions = callLibs ./versions.nix;
@ -55,6 +56,9 @@ let
# back-compat aliases
platforms = systems.doubles;
# linux kernel configuration
kernel = callLibs ./kernel.nix;
inherit (builtins) add addErrorContext attrNames concatLists
deepSeq elem elemAt filter genericClosure genList getAttr
hasAttr head isAttrs isBool isInt isList isString length
@ -73,7 +77,8 @@ let
genAttrs isDerivation toDerivation optionalAttrs
zipAttrsWithNames zipAttrsWith zipAttrs recursiveUpdateUntil
recursiveUpdate matchAttrs overrideExisting getOutput getBin
getLib getDev chooseDevOutputs zipWithNames zip;
getLib getDev chooseDevOutputs zipWithNames zip
recurseIntoAttrs dontRecurseIntoAttrs;
inherit (lists) singleton forEach foldr fold foldl foldl' imap0 imap1
concatMap flatten remove findSingle findFirst any all count
optional optionals toList range partition zipListsWith zipLists

71
lib/generators.nix
View File

@ -76,10 +76,14 @@ rec {
* mkKeyValue is the same as in toINI.
*/
toKeyValue = {
mkKeyValue ? mkKeyValueDefault {} "="
}: attrs:
let mkLine = k: v: mkKeyValue k v + "\n";
in libStr.concatStrings (libAttr.mapAttrsToList mkLine attrs);
mkKeyValue ? mkKeyValueDefault {} "=",
listsAsDuplicateKeys ? false
}:
let mkLine = k: v: mkKeyValue k v + "\n";
mkLines = if listsAsDuplicateKeys
then k: v: map (mkLine k) (if lib.isList v then v else [v])
else k: v: [ (mkLine k v) ];
in attrs: libStr.concatStrings (lib.concatLists (libAttr.mapAttrsToList mkLines attrs));
/* Generate an INI-style config file from an
@ -106,7 +110,9 @@ rec {
# apply transformations (e.g. escapes) to section names
mkSectionName ? (name: libStr.escape [ "[" "]" ] name),
# format a setting line from key and value
mkKeyValue ? mkKeyValueDefault {} "="
mkKeyValue ? mkKeyValueDefault {} "=",
# allow lists as values for duplicate keys
listsAsDuplicateKeys ? false
}: attrsOfAttrs:
let
# map function to string for each key val
@ -115,11 +121,64 @@ rec {
(libAttr.mapAttrsToList mapFn attrs);
mkSection = sectName: sectValues: ''
[${mkSectionName sectName}]
'' + toKeyValue { inherit mkKeyValue; } sectValues;
'' + toKeyValue { inherit mkKeyValue listsAsDuplicateKeys; } sectValues;
in
# map input to ini sections
mapAttrsToStringsSep "\n" mkSection attrsOfAttrs;
/* Generate a git-config file from an attrset.
*
* It has two major differences from the regular INI format:
*
* 1. values are indented with tabs
* 2. sections can have sub-sections
*
* generators.toGitINI {
* url."ssh://git@github.com/".insteadOf = "https://github.com";
* user.name = "edolstra";
* }
*
*> [url "ssh://git@github.com/"]
*> insteadOf = https://github.com/
*>
*> [user]
*> name = edolstra
*/
toGitINI = attrs:
with builtins;
let
mkSectionName = name:
let
containsQuote = libStr.hasInfix ''"'' name;
sections = libStr.splitString "." name;
section = head sections;
subsections = tail sections;
subsection = concatStringsSep "." subsections;
in if containsQuote || subsections == [ ] then
name
else
''${section} "${subsection}"'';
# generation for multiple ini values
mkKeyValue = k: v:
let mkKeyValue = mkKeyValueDefault { } " = " k;
in concatStringsSep "\n" (map (kv: "\t" + mkKeyValue kv) (lib.toList v));
# converts { a.b.c = 5; } to { "a.b".c = 5; } for toINI
gitFlattenAttrs = let
recurse = path: value:
if isAttrs value then
lib.mapAttrsToList (name: value: recurse ([ name ] ++ path) value) value
else if length path > 1 then {
${concatStringsSep "." (lib.reverseList (tail path))}.${head path} = value;
} else {
${head path} = value;
};
in attrs: lib.foldl lib.recursiveUpdate { } (lib.flatten (recurse [ ] attrs));
toINI_ = toINI { inherit mkKeyValue mkSectionName; };
in
toINI_ (gitFlattenAttrs attrs);
/* Generates JSON from an arbitrary (non-function) value.
* For more information see the documentation of the builtin.

17
lib/kernel.nix
View File

@ -1,12 +1,7 @@
{ lib, version }:
{ lib }:
with lib;
{
# Common patterns/legacy
whenAtLeast = ver: mkIf (versionAtLeast version ver);
whenOlder = ver: mkIf (versionOlder version ver);
# range is (inclusive, exclusive)
whenBetween = verLow: verHigh: mkIf (versionAtLeast version verLow && versionOlder version verHigh);
# Keeping these around in case we decide to change this horrible implementation :)
@ -18,4 +13,14 @@ with lib;
module = { tristate = "m"; };
freeform = x: { freeform = x; };
/*
Common patterns/legacy used in common-config/hardened-config.nix
*/
whenHelpers = version: {
whenAtLeast = ver: mkIf (versionAtLeast version ver);
whenOlder = ver: mkIf (versionOlder version ver);
# range is (inclusive, exclusive)
whenBetween = verLow: verHigh: mkIf (versionAtLeast version verLow && versionOlder version verHigh);
};
}

12
lib/licenses.nix
View File

@ -649,6 +649,13 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
url = http://metadata.ftp-master.debian.org/changelogs/main/d/debianutils/debianutils_4.8.1_copyright;
};
sspl = {
shortName = "SSPL";
fullName = "Server Side Public License";
url = https://www.mongodb.com/licensing/server-side-public-license;
free = false;
};
tcltk = spdx {
spdxId = "TCL";
fullName = "TCL/TK License";
@ -675,6 +682,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
# channel and NixOS images.
};
unicode-dfs-2016 = spdx {
spdxId = "Unicode-DFS-2016";
fullName = "Unicode License Agreement - Data Files and Software (2016)";
};
unlicense = spdx {
spdxId = "Unlicense";
fullName = "The Unlicense";

15
lib/modules.nix
View File

@ -93,7 +93,11 @@ rec {
res set._definedNames
else
res;
result = { inherit options config; };
result = {
inherit options;
config = removeAttrs config [ "_module" ];
inherit (config) _module;
};
in result;
# collectModules :: (modulesPath: String) -> (modules: [ Module ]) -> (args: Attrs) -> [ Module ]
@ -389,7 +393,7 @@ rec {
let
# Process mkMerge and mkIf properties.
defs' = concatMap (m:
map (value: { inherit (m) file; inherit value; }) (dischargeProperties m.value)
map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
) defs;
# Process mkOverride properties.
@ -410,10 +414,9 @@ rec {
# Type-check the remaining definitions, and merge them. Or throw if no definitions.
mergedValue =
if isDefined then
foldl' (res: def:
if type.check def.value then res
else throw "The option value `${showOption loc}' in `${def.file}' is not of type `${type.description}'."
) (type.merge loc defsFinal) defsFinal
if all (def: type.check def.value) defsFinal then type.merge loc defsFinal
else let firstInvalid = findFirst (def: ! type.check def.value) null defsFinal;
in throw "The option value `${showOption loc}' in `${firstInvalid.file}' is not of type `${type.description}'."
else
# (nixos-option detects this specific error message and gives it special
# handling. If changed here, please change it there too.)

2
lib/options.nix
View File

@ -159,7 +159,7 @@ rec {
let ss = opt.type.getSubOptions opt.loc;
in if ss != {} then optionAttrSetToDocList' opt.loc ss else [];
in
[ docOption ] ++ subOptions) (collect isOption options);
[ docOption ] ++ optionals docOption.visible subOptions) (collect isOption options);
/* This function recursively removes all derivation attributes from

7
lib/sources.nix
View File

@ -63,17 +63,14 @@ rec {
# https://nixos.org/nix/manual/#builtin-filterSource
#
# name: Optional name to use as part of the store path.
# This defaults `src.name` or otherwise `baseNameOf src`.
# We recommend setting `name` whenever `src` is syntactically `./.`.
# Otherwise, you depend on `./.`'s name in the parent directory,
# which can cause inconsistent names, defeating caching.
# This defaults to `src.name` or otherwise `"source"`.
#
cleanSourceWith = { filter ? _path: _type: true, src, name ? null }:
let
isFiltered = src ? _isLibCleanSourceWith;
origSrc = if isFiltered then src.origSrc else src;
filter' = if isFiltered then name: type: filter name type && src.filter name type else filter;
name' = if name != null then name else if isFiltered then src.name else baseNameOf src;
name' = if name != null then name else if isFiltered then src.name else "source";
in {
inherit origSrc;
filter = filter';

1
lib/systems/default.nix
View File

@ -65,6 +65,7 @@ rec {
freebsd = "FreeBSD";
openbsd = "OpenBSD";
wasi = "Wasi";
genode = "Genode";
}.${final.parsed.kernel.name} or null;
# uname -p

3
lib/systems/doubles.nix
View File

@ -35,6 +35,8 @@ let
"vc4-none"
"js-ghcjs"
"aarch64-genode" "x86_64-genode"
];
allParsed = map parse.mkSystemFromString all;
@ -68,6 +70,7 @@ in {
unix = filterDoubles predicates.isUnix;
wasi = filterDoubles predicates.isWasi;
windows = filterDoubles predicates.isWindows;
genode = filterDoubles predicates.isGenode;
embedded = filterDoubles predicates.isNone;

1
lib/systems/inspect.nix
View File

@ -47,6 +47,7 @@ rec {
isMinGW = { kernel = kernels.windows; abi = abis.gnu; };
isWasi = { kernel = kernels.wasi; };
isGhcjs = { kernel = kernels.ghcjs; };
isGenode = { kernel = kernels.genode; };
isNone = { kernel = kernels.none; };
isAndroid = [ { abi = abis.android; } { abi = abis.androideabi; } ];

3
lib/systems/parse.nix
View File

@ -279,6 +279,7 @@ rec {
wasi = { execFormat = wasm; families = { }; };
windows = { execFormat = pe; families = { }; };
ghcjs = { execFormat = unknown; families = { }; };
genode = { execFormat = elf; families = { }; };
} // { # aliases
# 'darwin' is the kernel for all of them. We choose macOS by default.
darwin = kernels.macos;
@ -395,6 +396,8 @@ rec {
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 1; abi = elemAt l 2; }
else if (elemAt l 2 == "ghcjs")
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 2; }
else if hasPrefix "genode" (elemAt l 2)
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; }
else throw "Target specification with 3 components is ambiguous";
"4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
}.${toString (length l)}

12
lib/tests/misc.nix
View File

@ -348,6 +348,18 @@ runTests {
'';
};
testToINIDuplicateKeys = {
expr = generators.toINI { listsAsDuplicateKeys = true; } { foo.bar = true; baz.qux = [ 1 false ]; };
expected = ''
[baz]
qux=1
qux=false
[foo]
bar=true
'';
};
testToINIDefaultEscapes = {
expr = generators.toINI {} {
"no [ and ] allowed unescaped" = {

13
lib/tests/modules.sh
View File

@ -185,6 +185,14 @@ checkConfigError 'The option .* defined in .* does not exist' config.enable ./di
# Check that imports can depend on derivations
checkConfigOutput "true" config.enable ./import-from-store.nix
# Check that configs can be conditional on option existence
checkConfigOutput true config.enable ./define-option-dependently.nix ./declare-enable.nix ./declare-int-positive-value.nix
checkConfigOutput 360 config.value ./define-option-dependently.nix ./declare-enable.nix ./declare-int-positive-value.nix
checkConfigOutput 7 config.value ./define-option-dependently.nix ./declare-int-positive-value.nix
checkConfigOutput true config.set.enable ./define-option-dependently-nested.nix ./declare-enable-nested.nix ./declare-int-positive-value-nested.nix
checkConfigOutput 360 config.set.value ./define-option-dependently-nested.nix ./declare-enable-nested.nix ./declare-int-positive-value-nested.nix
checkConfigOutput 7 config.set.value ./define-option-dependently-nested.nix ./declare-int-positive-value-nested.nix
# Check attrsOf and lazyAttrsOf. Only lazyAttrsOf should be lazy, and only
# attrsOf should work with conditional definitions
# In addition, lazyAttrsOf should honor an options emptyValue
@ -194,6 +202,11 @@ checkConfigOutput "true" config.conditionalWorks ./declare-attrsOf.nix ./attrsOf
checkConfigOutput "false" config.conditionalWorks ./declare-lazyAttrsOf.nix ./attrsOf-conditional-check.nix
checkConfigOutput "empty" config.value.foo ./declare-lazyAttrsOf.nix ./attrsOf-conditional-check.nix
# Even with multiple assignments, a type error should be thrown if any of them aren't valid
checkConfigError 'The option value .* in .* is not of type .*' \
config.value ./declare-int-unsigned-value.nix ./define-value-list.nix ./define-value-int-positive.nix
cat <<EOF
====== module tests ======
$pass Pass

14
lib/tests/modules/declare-enable-nested.nix Normal file
View File

@ -0,0 +1,14 @@
{ lib, ... }:
{
options.set = {
enable = lib.mkOption {
default = false;
example = true;
type = lib.types.bool;
description = ''
Some descriptive text
'';
};
};
}

9
lib/tests/modules/declare-int-positive-value-nested.nix Normal file
View File

@ -0,0 +1,9 @@
{ lib, ... }:
{
options.set = {
value = lib.mkOption {
type = lib.types.ints.positive;
};
};
}

16
lib/tests/modules/define-option-dependently-nested.nix Normal file
View File

@ -0,0 +1,16 @@
{ lib, options, ... }:
# Some modules may be distributed separately and need to adapt to other modules
# that are distributed and versioned separately.
{
# Always defined, but the value depends on the presence of an option.
config.set = {
value = if options ? set.enable then 360 else 7;
}
# Only define if possible.
// lib.optionalAttrs (options ? set.enable) {
enable = true;
};
}

16
lib/tests/modules/define-option-dependently.nix Normal file
View File

@ -0,0 +1,16 @@
{ lib, options, ... }:
# Some modules may be distributed separately and need to adapt to other modules
# that are distributed and versioned separately.
{
# Always defined, but the value depends on the presence of an option.
config = {
value = if options ? enable then 360 else 7;
}
# Only define if possible.
// lib.optionalAttrs (options ? enable) {
enable = true;
};
}

5
lib/tests/systems.nix
View File

@ -12,16 +12,17 @@ let
expected = lib.sort lib.lessThan y;
};
in with lib.systems.doubles; lib.runTests {
testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ js);
testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ js ++ genode);
testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv6l-none" "armv7a-linux" "armv7l-linux" "arm-none" "armv7a-darwin" ];
testi686 = mseteq i686 [ "i686-linux" "i686-freebsd" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-windows" "i686-none" "i686-darwin" ];
testmips = mseteq mips [ "mipsel-linux" ];
testx86_64 = mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" "x86_64-windows" "x86_64-none" ];
testx86_64 = mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-genode" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" "x86_64-windows" "x86_64-none" ];
testcygwin = mseteq cygwin [ "i686-cygwin" "x86_64-cygwin" ];
testdarwin = mseteq darwin [ "x86_64-darwin" "i686-darwin" "aarch64-darwin" "armv7a-darwin" ];
testfreebsd = mseteq freebsd [ "i686-freebsd" "x86_64-freebsd" ];
testgenode = mseteq genode [ "aarch64-genode" "x86_64-genode" ];
testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */);
testillumos = mseteq illumos [ "x86_64-solaris" ];
testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "mipsel-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux" "powerpc64le-linux" ];

2
lib/trivial.nix
View File

@ -171,7 +171,7 @@ rec {
On each release the first letter is bumped and a new animal is chosen
starting with that new letter.
*/
codeName = "Markhor";
codeName = "Nightingale";
/* Returns the current nixpkgs version suffix as string. */
versionSuffix =

462
maintainers/maintainer-list.nix
View File

@ -1,5 +1,5 @@
/* List of NixOS maintainers.
```nix
handle = {
# Required
name = "Your name";
@ -13,32 +13,33 @@
fingerprint = "AAAA BBBB CCCC DDDD EEEE FFFF 0000 1111 2222 3333";
}];
};
```
where
where
- `handle` is the handle you are going to use in nixpkgs expressions,
- `name` is your, preferably real, name,
- `email` is your maintainer email address, and
- `github` is your GitHub handle (as it appears in the URL of your profile page, `https://github.com/<userhandle>`),
- `githubId` is your GitHub user ID, which can be found at `https://api.github.com/users/<userhandle>`,
- `keys` is a list of your PGP/GPG key IDs and fingerprints.
- `handle` is the handle you are going to use in nixpkgs expressions,
- `name` is your, preferably real, name,
- `email` is your maintainer email address, and
- `github` is your GitHub handle (as it appears in the URL of your profile page, `https://github.com/<userhandle>`),
- `githubId` is your GitHub user ID, which can be found at `https://api.github.com/users/<userhandle>`,
- `keys` is a list of your PGP/GPG key IDs and fingerprints.
`handle == github` is strongly preferred whenever `github` is an acceptable attribute name and is short and convenient.
`handle == github` is strongly preferred whenever `github` is an acceptable attribute name and is short and convenient.
Add PGP/GPG keys only if you actually use them to sign commits and/or mail.
Add PGP/GPG keys only if you actually use them to sign commits and/or mail.
To get the required PGP/GPG values for a key run
```shell
gpg --keyid-format 0xlong --fingerprint <email> | head -n 2
```
To get the required PGP/GPG values for a key run
```shell
gpg --keyid-format 0xlong --fingerprint <email> | head -n 2
```
!!! Note that PGP/GPG values stored here are for informational purposes only, don't use this file as a source of truth.
!!! Note that PGP/GPG values stored here are for informational purposes only, don't use this file as a source of truth.
More fields may be added in the future.
More fields may be added in the future.
Please keep the list alphabetically sorted.
See `./scripts/check-maintainer-github-handles.sh` for an example on how to work with this data.
*/
Please keep the list alphabetically sorted.
See `./scripts/check-maintainer-github-handles.sh` for an example on how to work with this data.
*/
{
"0x4A6F" = {
email = "0x4A6F@shackspace.de";
@ -301,6 +302,12 @@
githubId = 786394;
name = "Alexander Krupenkin ";
};
albakham = {
email = "dev@geber.ga";
github = "albakham";
githubId = 43479487;
name = "Titouan Biteau";
};
alexarice = {
email = "alexrice999@hotmail.co.uk";
github = "alexarice";
@ -357,6 +364,22 @@
githubId = 5892756;
name = "Alec Snyder";
};
AluisioASG = {
name = "Aluísio Augusto Silva Gonçalves";
email = "aluisio@aasg.name";
github = "AluisioASG";
githubId = 1904165;
keys = [{
longkeyid = "rsa4096/0x9FAA63E097506D9D";
fingerprint = "7FDB 17B3 C29B 5BA6 E5A9 8BB2 9FAA 63E0 9750 6D9D";
}];
};
almac = {
email = "alma.cemerlic@gmail.com";
github = "a1mac";
githubId = 60479013;
name = "Alma Cemerlic";
};
alunduil = {
email = "alunduil@gmail.com";
github = "alunduil";
@ -395,10 +418,15 @@
githubId = 20530052;
name = "Andrew Miloradovsky";
};
aminb = {
email = "amin@aminb.org";
github = "aminb";
notbandali = {
name = "Amin Bandali";
email = "bandali@gnu.org";
github = "notbandali";
githubId = 1254858;
keys = [{
longkeyid = "rsa4096/0xA21A020248816103";
fingerprint = "BE62 7373 8E61 6D6D 1B3A 08E8 A21A 0202 4881 6103";
}];
};
aminechikhaoui = {
email = "amine.chikhaoui91@gmail.com";
@ -628,6 +656,12 @@
githubId = 10285250;
name = "Artur E. Ruuge";
};
asbachb = {
email = "asbachb-nixpkgs-5c2a@impl.it";
github = "asbachb";
githubId = 1482768;
name = "Benjamin Asbach";
};
ashalkhakov = {
email = "artyom.shalkhakov@gmail.com";
github = "ashalkhakov";
@ -694,6 +728,12 @@
githubId = 55833;
name = "Troels Henriksen";
};
atkinschang = {
email = "atkinschang+nixpkgs@gmail.com";
github = "AtkinsChang";
githubId = 5193600;
name = "Atkins Chang";
};
atnnn = {
email = "etienne@atnnn.com";
github = "atnnn";
@ -1069,6 +1109,18 @@
githubId = 7716744;
name = "Berno Strik";
};
brettlyons = {
email = "blyons@fastmail.com";
github = "brettlyons";
githubId = 3043718;
name = "Brett Lyons";
};
btlvr = {
email = "btlvr@protonmail.com";
github = "btlvr";
githubId = 32319131;
name = "Brett L";
};
buffet = {
email = "niclas@countingsort.com";
github = "buffet";
@ -1222,6 +1274,20 @@
githubId = 5949913;
name = "Carlos Fernandez Sanz";
};
cge = {
email = "cevans@evanslabs.org";
github = "cgevans";
githubId = 2054509;
name = "Constantine Evans";
keys = [
{ longkeyid = "rsa4096/0xB67DB1D20A93A9F9";
fingerprint = "32B1 6EE7 DBA5 16DE 526E 4C5A B67D B1D2 0A93 A9F9";
}
{ longkeyid = "rsa4096/0x1A1D58B86AE2AABD";
fingerprint = "669C 1D24 5A87 DB34 6BE4 3216 1A1D 58B8 6AE2 AABD";
}
];
};
chaduffy = {
email = "charles@dyfis.net";
github = "charles-dyfis-net";
@ -1340,6 +1406,12 @@
githubId = 25088352;
name = "Christian Kögler";
};
clkamp = {
email = "c@lkamp.de";
github = "clkamp";
githubId = 46303707;
name = "Christian Lütke-Stetzkamp";
};
kampka = {
email = "christian@kampka.net";
github = "kampka";
@ -1427,6 +1499,16 @@
githubId = 5684605;
name = "Cole Scott";
};
cole-h = {
name = "Cole Helbling";
email = "cole.e.helbling@outlook.com";
github = "cole-h";
githubId = 28582702;
keys = [{
longkeyid = "rsa4096/0xB37E0F2371016A4C";
fingerprint = "68B8 0D57 B2E5 4AC3 EC1F 49B0 B37E 0F23 7101 6A4C";
}];
};
copumpkin = {
email = "pumpkingod@gmail.com";
github = "copumpkin";
@ -1528,10 +1610,12 @@
githubId = 2217136;
name = "Ștefan D. Mihăilă";
keys = [
{ longkeyid = "rsa4096/6E68A39BF16A3ECB";
{
longkeyid = "rsa4096/6E68A39BF16A3ECB";
fingerprint = "CBC9 C7CC 51F0 4A61 3901 C723 6E68 A39B F16A 3ECB";
}
{ longkeyid = "rsa4096/6220AD7846220A52";
{
longkeyid = "rsa4096/6220AD7846220A52";
fingerprint = "7EAB 1447 5BBA 7DDE 7092 7276 6220 AD78 4622 0A52";
}
];
@ -1748,7 +1832,7 @@
name = "Didier J. Devroye";
};
devhell = {
email = "\"^\"@regexmail.net";
email = ''"^"@regexmail.net'';
github = "devhell";
githubId = 896182;
name = "devhell";
@ -1872,6 +1956,12 @@
githubId = 126339;
name = "Domen Kozar";
};
dominikh = {
email = "dominik@honnef.co";
github = "dominikh";
githubId = 39825;
name = "Dominik Honnef";
};
doronbehar = {
email = "me@doronbehar.com";
github = "doronbehar";
@ -1914,7 +2004,7 @@
drewrisinger = {
email = "drisinger+nixpkgs@gmail.com";
github = "drewrisinger";
gitHubId = 10198051;
githubId = 10198051;
name = "Drew Risinger";
};
dsferruzza = {
@ -2087,7 +2177,7 @@
};
ehmry = {
email = "ehmry@posteo.net";
github= "ehmry";
github = "ehmry";
githubId = 537775;
name = "Emery Hemingway";
};
@ -2175,10 +2265,10 @@
name = "Jack Kelly";
};
enorris = {
name = "Eric Norris";
email = "erictnorris@gmail.com";
github = "ericnorris";
githubId = 1906605;
name = "Eric Norris";
email = "erictnorris@gmail.com";
github = "ericnorris";
githubId = 1906605;
};
Enteee = {
email = "nix@duckpond.ch";
@ -2235,6 +2325,7 @@
ericdallo = {
email = "ercdll1337@gmail.com";
github = "ericdallo";
githubId = 7820865;
name = "Eric Dallo";
};
ericsagnes = {
@ -2578,7 +2669,7 @@
email = "ftrvxmtrx@gmail.com";
github = "ftrvxmtrx";
githubId = 248148;
name = "Siarhei Zirukin";
name = "Sigrid Solveig Haflínudóttir";
};
fuerbringer = {
email = "severin@fuerbringer.info";
@ -2700,6 +2791,12 @@
githubId = 3217744;
name = "Peter Ferenczy";
};
gila = {
email = "jeffry.molanus@gmail.com";
github = "gila";
githubId = 15957973;
name = "Jeffry Molanus";
};
gilligan = {
email = "tobias.pflug@gmail.com";
github = "gilligan";
@ -2773,9 +2870,14 @@
name = "Graham Christensen";
};
grburst = {
email = "grburst@openmailbox.org";
github = "grburst";
name = "Julius Elias";
email = "GRBurst@protonmail.com";
github = "GRBurst";
githubId = 4647221;
name = "GRBurst";
keys = [{
longkeyid = "rsa4096/0x797F623868CD00C2";
fingerprint = "7FC7 98AB 390E 1646 ED4D 8F1F 797F 6238 68CD 00C2";
}];
};
greydot = {
email = "lanablack@amok.cc";
@ -2841,7 +2943,7 @@
github = "hansjoergschurr";
githubId = 9850776;
name = "Hans-Jörg Schurr";
};
};
HaoZeke = {
email = "r95g10@gmail.com";
github = "haozeke";
@ -2980,6 +3082,12 @@
githubId = 12491746;
name = "Masato Yonekawa";
};
i077 = {
email = "nixpkgs@imranhossa.in";
github = "i077";
githubId = 2789926;
name = "Imran Hossain";
};
iand675 = {
email = "ian@iankduncan.com";
github = "iand675";
@ -3040,6 +3148,12 @@
githubId = 4401220;
name = "Michael Eden";
};
illiusdope = {
email = "mat@marini.ca";
github = "illiusdope";
githubId = 61913481;
name = "Mat Marini";
};
ilya-fedin = {
email = "fedin-ilja2010@ya.ru";
github = "ilya-fedin";
@ -3275,6 +3389,12 @@
githubId = 1198065;
name = "Jeffrey David Johnson";
};
jefflabonte = {
email = "grimsleepless@protonmail.com";
github = "jefflabonte";
githubId = 9425955;
name = "Jean-François Labonté";
};
jensbin = {
email = "jensbin+git@pm.me";
github = "jensbin";
@ -3528,6 +3648,12 @@
github = "jorsn";
githubId = 4646725;
};
joshuafern = {
name = "Joshua Fern";
email = "joshuafern@protonmail.com";
github = "JoshuaFern";
githubId = 4300747;
};
jpas = {
name = "Jarrod Pas";
email = "jarrod@jarrodpas.com";
@ -3636,6 +3762,16 @@
githubId = 66669;
name = "Jeff Zellner";
};
kaction = {
name = "Dmitry Bogatov";
email = "KAction@disroot.org";
github = "kaction";
githubId = 44864956;
key = [{
longkeyid = "ed25519/0x749FD4DFA2E94236";
fingerprint = "3F87 0A7C A7B4 3731 2F13 6083 749F D4DF A2E9 4236";
}];
};
kaiha = {
email = "kai.harries@gmail.com";
github = "kaiha";
@ -3669,6 +3805,12 @@
github = "kampfschlaefer";
name = "Arnold Krille";
};
karantan = {
name = "Gasper Vozel";
email = "karantan@gmail.com";
github = "karantan";
githubId = 7062631;
};
karolchmist = {
email = "info+nix@chmist.com";
name = "karolchmist";
@ -3837,6 +3979,11 @@
githubId = 13721712;
name = "Konrad Langenberg";
};
kolbycrouch = {
email = "kjc.devel@gmail.com";
github = "kolbycrouch";
name = "Kolby Crouch";
};
konimex = {
email = "herdiansyah@netc.eu";
github = "konimex";
@ -4055,6 +4202,12 @@
github = "leonardoce";
name = "Leonardo Cecchi";
};
leshainc = {
email = "leshainc@fomalhaut.me";
github = "LeshaInc";
githubId = 42153076;
name = "Alexey Nikashkin";
};
lethalman = {
email = "lucabru@src.gnome.org";
github = "lethalman";
@ -4067,6 +4220,16 @@
githubId = 3425311;
name = "Antoine Eiche";
};
lexuge = {
name = "Harry Ying";
email = "lexugeyky@outlook.com";
github = "LEXUGE";
githubId = 13804737;
keys = [{
longkeyid = "rsa4096/0xAE53B4C2E58EDD45";
fingerprint = "7FE2 113A A08B 695A C8B8 DDE6 AE53 B4C2 E58E DD45";
}];
};
lheckemann = {
email = "git@sphalerite.org";
github = "lheckemann";
@ -4150,10 +4313,10 @@
}];
};
luis = {
email = "luis.nixos@gmail.com";
github = "Luis-Hebendanz";
githubId = 22085373;
name = "Luis Hebendanz";
email = "luis.nixos@gmail.com";
github = "Luis-Hebendanz";
githubId = 22085373;
name = "Luis Hebendanz";
};
lionello = {
email = "lio@lunesu.com";
@ -4241,6 +4404,12 @@
github = "ltavard";
name = "Laure Tavard";
};
luc65r = {
email = "lucas@ransan.tk";
github = "luc65r";
githubId = 59375051;
name = "Lucas Ransan";
};
lucus16 = {
email = "lars.jellema@gmail.com";
github = "Lucus16";
@ -4259,6 +4428,16 @@
githubId = 1784379;
name = "Kyohei Kadota";
};
Luflosi = {
name = "Luflosi";
email = "luflosi@luflosi.de";
github = "Luflosi";
githubId = 15217907;
keys = [{
longkeyid = "rsa4096/0x6F987CCF224D20B9";
fingerprint = "66D1 3048 2B5F 2069 81A6 6B83 6F98 7CCF 224D 20B9";
}];
};
luispedro = {
email = "luis@luispedro.org";
github = "luispedro";
@ -4386,12 +4565,12 @@
githubId = 50230945;
name = "Marcus Boyd";
};
marenz = {
email = "marenz@arkom.men";
github = "marenz2569";
githubId = 12773269;
name = "Markus Schmidl";
};
marenz = {
email = "marenz@arkom.men";
github = "marenz2569";
githubId = 12773269;
name = "Markus Schmidl";
};
markus1189 = {
email = "markus1189@gmail.com";
github = "markus1189";
@ -4460,6 +4639,12 @@
githubId = 1711539;
name = "matklad";
};
matt-snider = {
email = "matt.snider@protonmail.com";
github = "matt-snider";
githubId = 11810057;
name = "Matt Snider";
};
matthewbauer = {
email = "mjbauer95@gmail.com";
github = "matthewbauer";
@ -4494,6 +4679,12 @@
githubId = 1269099;
name = "Marius Bakke";
};
mbaillie = {
email = "martin@baillie.email";
github = "martinbaillie";
githubId = 613740;
name = "Martin Baillie";
};
mbbx6spp = {
email = "me@susanpotter.net";
github = "mbbx6spp";
@ -4635,7 +4826,7 @@
githubId = 668926;
name = "Maximilian Güntner";
};
mhaselsteiner = {
mhaselsteiner = {
email = "magdalena.haselsteiner@gmx.at";
github = "mhaselsteiner";
githubId = 20536514;
@ -4698,12 +4889,24 @@
githubId = 3958340;
name = "Eshin Kunishima";
};
mikesperber = {
email = "sperber@deinprogramm.de";
github = "mikesperber";
githubId = 1387206;
name = "Mike Sperber";
};
mildlyincompetent = {
email = "nix@kch.dev";
github = "mildlyincompetent";
githubId = 19479662;
name = "Kajetan Champlewski";
};
millerjason = {
email = "mailings-github@millerjason.com";
github = "millerjason";
githubId = 7610974;
name = "Jason Miller";
};
miltador = {
email = "miltador@yandex.ua";
name = "Vasiliy Solovey";
@ -4717,7 +4920,12 @@
minijackson = {
email = "minijackson@riseup.net";
github = "minijackson";
githubId = 1200507;
name = "Rémi Nicole";
keys = [{
longkeyid = "rsa2048/0xFEA888C9F5D64F62";
fingerprint = "3196 83D3 9A1B 4DE1 3DC2 51FD FEA8 88C9 F5D6 4F62";
}];
};
mirdhyn = {
email = "mirdhyn@gmail.com";
@ -4800,11 +5008,11 @@
mmilata = {
email = "martin@martinmilata.cz";
github = "mmilata";
gitHubId = 85857;
githubId = 85857;
name = "Martin Milata";
};
mmlb = {
email = "me.mmlb@mmlb.me";
email = "manny@peekaboo.mmlb.icu";
github = "mmlb";
name = "Manuel Mendez";
};
@ -4877,6 +5085,12 @@
githubId = 118035;
name = "Corbin Simpson";
};
mothsart = {
email = "jerem.ferry@gmail.com";
github = "mothsart";
githubId = 10601196;
name = "Jérémie Ferry";
};
mounium = {
email = "muoniurn@gmail.com";
github = "mounium";
@ -5414,6 +5628,12 @@
githubId = 11016164;
name = "Fedor Pakhomov";
};
paluh = {
email = "paluho@gmail.com";
github = "paluh";
githubId = 190249;
name = "Tomasz Rybarczyk";
};
pamplemousse = {
email = "xav.maso@gmail.com";
github = "Pamplemousse";
@ -5687,11 +5907,10 @@
github = "pradyuman";
githubId = 9904569;
name = "Pradyuman Vig";
keys = [
{ longkeyid = "rsa4096/4F74D5361C4CA31E";
fingerprint = "240B 57DE 4271 2480 7CE3 EAC8 4F74 D536 1C4C A31E";
}
];
keys = [{
longkeyid = "rsa4096/4F74D5361C4CA31E";
fingerprint = "240B 57DE 4271 2480 7CE3 EAC8 4F74 D536 1C4C A31E";
}];
};
prikhi = {
email = "pavan.rikhi@gmail.com";
@ -5705,10 +5924,12 @@
githubId = 7537109;
name = "Michael Weiss";
keys = [
{ longkeyid = "ed25519/0x130826A6C2A389FD"; # Git only
{
longkeyid = "ed25519/0x130826A6C2A389FD"; # Git only
fingerprint = "86A7 4A55 07D0 58D1 322E 37FD 1308 26A6 C2A3 89FD";
}
{ longkeyid = "rsa3072/0xBCA9943DD1DF4C04"; # Email, etc.
{
longkeyid = "rsa3072/0xBCA9943DD1DF4C04"; # Email, etc.
fingerprint = "AF85 991C C950 49A2 4205 1933 BCA9 943D D1DF 4C04";
}
];
@ -5793,6 +6014,12 @@
githubId = 37715;
name = "Brian McKenna";
};
puzzlewolf = {
email = "nixos@nora.pink";
github = "puzzlewolf";
githubId = 23097564;
name = "Nora Widdecke";
};
pxc = {
email = "patrick.callahan@latitudeengineering.com";
name = "Patrick Callahan";
@ -5803,6 +6030,12 @@
githubId = 4579165;
name = "Danny Bautista";
};
peelz = {
email = "peelz.dev+nixpkgs@gmail.com";
github = "louistakepillz";
githubId = 920910;
name = "peelz";
};
q3k = {
email = "q3k@q3k.org";
github = "q3k";
@ -5831,6 +6064,11 @@
fingerprint = "7573 56D7 79BB B888 773E 415E 736C CDF9 EF51 BD97";
}];
};
raboof = {
email = "arnout@bzzt.net";
github = "raboof";
name = "Arnout Engelen";
};
rafaelgg = {
email = "rafael.garcia.gallego@gmail.com";
github = "rafaelgg";
@ -6025,6 +6263,20 @@
githubId = 807447;
name = "Robert Scott";
};
risson = {
name = "Marc Schmitt";
email = "marc.schmitt@risson.space";
github = "rissson";
githubId = 18313093;
keys = [
{ longkeyid = "rsa4096/0xF6FD87B15C263EC9";
fingerprint = "8A0E 6A7C 08AB B9DE 67DE 2A13 F6FD 87B1 5C26 3EC9";
}
{ longkeyid = "ed25519/0xBBB7A6801DF1E03F";
fingerprint = "C0A7 A9BB 115B C857 4D75 EA99 BBB7 A680 1DF1 E03F";
}
];
};
rittelle = {
email = "rittelle@posteo.de";
github = "rittelle";
@ -6043,6 +6295,12 @@
githubId = 2507744;
name = "Roland Koebler";
};
rkrzr = {
email = "ops+nixpkgs@channable.com";
github = "rkrzr";
githubId = 82817;
name = "Robert Kreuzer";
};
rlupton20 = {
email = "richard.lupton@gmail.com";
github = "rlupton20";
@ -6054,12 +6312,10 @@
github = "rnhmjoj";
githubId = 2817565;
name = "Michele Guerini Rocco";
keys =
[
{ longkeyid = "ed25519/0xBFBAF4C975F76450";
fingerprint = "92B2 904F D293 C94D C4C9 3E6B BFBA F4C9 75F7 6450";
}
];
keys = [{
longkeyid = "ed25519/0xBFBAF4C975F76450";
fingerprint = "92B2 904F D293 C94D C4C9 3E6B BFBA F4C9 75F7 6450";
}];
};
rob = {
email = "rob.vermaas@gmail.com";
@ -6241,6 +6497,12 @@
githubId = 766350;
name = "Richard Zetterberg";
};
samdoshi = {
email = "sam@metal-fish.co.uk";
github = "samdoshi";
githubId = 112490;
name = "Sam Doshi";
};
samdroid-apps = {
email = "sam@sam.today";
github = "samdroid-apps";
@ -6258,10 +6520,10 @@
}];
};
samrose = {
email = "samuel.rose@gmail.com";
github = "samrose";
githubId = 115821;
name = "Sam Rose";
email = "samuel.rose@gmail.com";
github = "samrose";
githubId = 115821;
name = "Sam Rose";
};
samueldr = {
email = "samuel@dionne-riel.com";
@ -6573,6 +6835,12 @@
githubId = 848812;
name = "Stephan Jau";
};
sjfloat = {
email = "steve+nixpkgs@jonescape.com";
github = "sjfloat";
githubId = 216167;
name = "Steve Jones";
};
sjmackenzie = {
email = "setori88@gmail.com";
github = "sjmackenzie";
@ -6592,6 +6860,12 @@
email = "jot.skrzyp@gmail.com";
name = "Jakub Skrzypnik";
};
skykanin = {
email = "skykanin@users.noreply.github.com";
github = "skykanin";
githubId = 3789764;
name = "skykanin";
};
sleexyz = {
email = "freshdried@gmail.com";
github = "sleexyz";
@ -6734,6 +7008,12 @@
githubId = 4061736;
name = "Severen Redwood";
};
sstef = {
email = "stephane@nix.frozenid.net";
github = "fkstef";
githubId = 8668915;
name = "Stephane Schitter";
};
steell = {
email = "steve@steellworks.com";
github = "Steell";
@ -7056,6 +7336,12 @@
githubId = 378734;
name = "TG Θ";
};
th0rgal = {
email = "thomas.marchand@tuta.io";
github = "Th0rgal";
githubId = 41830259;
name = "Thomas Marchand";
};
thall = {
email = "niclas.thall@gmail.com";
github = "thall";
@ -7097,6 +7383,12 @@
githubId = 8547242;
name = "Stefan Rohrbacher";
};
"thelegy" = {
email = "mail+nixos@0jb.de";
github = "thelegy";
githubId = 3105057;
name = "Jan Beinke";
};
thesola10 = {
email = "thesola10@bobile.fr";
github = "thesola10";
@ -7119,6 +7411,12 @@
githubId = 844343;
name = "Thiago K. Okada";
};
thmzlt = {
email = "git@thomazleite.com";
github = "thmzlt";
githubId = 7709;
name = "Thomaz Leite";
};
ThomasMader = {
email = "thomas.mader@gmail.com";
github = "ThomasMader";
@ -7194,10 +7492,10 @@
github = "tkerber";
githubId = 5722198;
name = "Thomas Kerber";
keys = [ {
keys = [{
longkeyid = "rsa4096/0x8489B911F9ED617B";
fingerprint = "556A 403F B0A2 D423 F656 3424 8489 B911 F9ED 617B";
} ];
}];
};
tmplt = {
email = "tmplt@dragons.rocks";
@ -7428,6 +7726,12 @@
github = "valeriangalliat";
name = "Valérian Galliat";
};
valodim = {
email = "look@my.amazin.horse";
github = "valodim";
githubId = 27813;
name = "Vincent Breitmoser";
};
vandenoever = {
email = "jos@vandenoever.info";
github = "vandenoever";
@ -7471,7 +7775,8 @@
};
vcunat = {
name = "Vladimír Čunát";
email = "v@cunat.cz"; # vcunat@gmail.com predominated in commits before 2019/03
# vcunat@gmail.com predominated in commits before 2019/03
email = "v@cunat.cz";
github = "vcunat";
githubId = 1785925;
keys = [{
@ -7686,7 +7991,7 @@
email = "worldofpeace@protonmail.ch";
github = "worldofpeace";
githubId = 28888242;
name = "Worldofpeace";
name = "worldofpeace";
};
wscott = {
email = "wsc9tt@gmail.com";
@ -8040,4 +8345,21 @@
githubId = 3674056;
name = "Asad Saeeduddin";
};
ngerstle = {
name = "Nicholas Gerstle";
email = "ngerstle@gmail.com";
github = "ngerstle";
};
xavierzwirtz = {
email = "me@xavierzwirtz.com";
github = "xavierzwirtz";
githubId = 474343;
name = "Xavier Zwirtz";
};
ymeister = {
name = "Yuri Meister";
email = "47071325+ymeister@users.noreply.github.com";
github = "ymeister";
githubId = 47071325;
};
}

2
maintainers/scripts/luarocks-packages.csv
View File

@ -6,8 +6,10 @@ basexx,,,,,
binaryheap,,,,,vcunat
bit32,,,,lua5_1,lblasc
busted,,,,,
cassowary,,,,,marsam
cjson,lua-cjson,,,,
compat53,,,,,vcunat
cosmo,,,,,marsam
coxpcall,,,1.17.0-1,,
cqueues,,,,,vcunat
cyrussasl,,,,,vcunat

1 # nix name luarocks name server version luaversion maintainers
6 binaryheap vcunat
7 bit32 lua5_1 lblasc
8 busted
9 cassowary marsam
10 cjson lua-cjson
11 compat53 vcunat
12 cosmo marsam
13 coxpcall 1.17.0-1
14 cqueues vcunat
15 cyrussasl vcunat

13
maintainers/scripts/nix-generate-from-cpan.pl
View File

@ -6,6 +6,7 @@ use warnings;
use CPAN::Meta();
use CPANPLUS::Backend();
use Module::CoreList;
use Getopt::Long::Descriptive qw( describe_options );
use JSON::PP qw( encode_json );
use Log::Log4perl qw(:easy);
@ -164,7 +165,7 @@ Readonly::Hash my %LICENSE_MAP => (
# License not provided in metadata.
unknown => {
licenses => [qw( unknown )],
licenses => [],
amb => 1
}
);
@ -278,14 +279,8 @@ sub get_deps {
foreach my $n ( $deps->required_modules ) {
next if $n eq "perl";
# Figure out whether the module is a core module by attempting
# to `use` the module in a pure Perl interpreter and checking
# whether it succeeded. Note, $^X is a magic variable holding
# the path to the running Perl interpreter.
if ( system("env -i $^X -M$n -e1 >/dev/null 2>&1") == 0 ) {
DEBUG("skipping Perl-builtin module $n");
next;
}
my @core = Module::CoreList->find_modules(qr/^$n$/);
next if (@core);
my $pkg = module_to_pkg( $cb, $n );

5
maintainers/scripts/update.nix
View File

@ -2,6 +2,7 @@
, maintainer ? null
, path ? null
, max-workers ? null
, include-overlays ? false
, keep-going ? null
}:
@ -20,9 +21,7 @@ let
in
[x] ++ nubOn f xs;
pkgs = import ./../../default.nix {
overlays = [];
};
pkgs = import ./../../default.nix (if include-overlays then { } else { overlays = []; });
packagesWith = cond: return: set:
nubOn (pkg: pkg.updateScript)

33
maintainers/team-list.nix Normal file
View File

@ -0,0 +1,33 @@
/* List of maintainer teams.
name = {
# Required
members = [ maintainer1 maintainer2 ];
scope = "Maintain foo packages.";
};
where
- `members` is the list of maintainers belonging to the group,
- `scope` describes the scope of the group.
More fields may be added in the future.
Please keep the list alphabetically sorted.
*/
{ lib }:
with lib.maintainers; {
freedesktop = {
members = [ jtojnar worldofpeace ];
scope = "Maintain Freedesktop.org packages for graphical desktop.";
};
gnome = {
members = [
hedning
jtojnar
worldofpeace
];
scope = "Maintain GNOME desktop environment and platform.";
};
}

1
nixos/doc/manual/configuration/configuration.xml
View File

@ -21,7 +21,6 @@
<xi:include href="xfce.xml" />
<xi:include href="networking.xml" />
<xi:include href="linux-kernel.xml" />
<xi:include href="matrix.xml" />
<xi:include href="../generated/modules.xml" xpointer="xpointer(//section[@id='modules']/*)" />
<xi:include href="profiles.xml" />
<xi:include href="kubernetes.xml" />

1
nixos/doc/manual/configuration/modularity.xml
View File

@ -36,6 +36,7 @@
{ <xref linkend="opt-services.xserver.enable"/> = true;
<xref linkend="opt-services.xserver.displayManager.sddm.enable"/> = true;
<xref linkend="opt-services.xserver.desktopManager.plasma5.enable"/> = true;
<xref linkend="opt-environment.systemPackages"/> = [ pkgs.vim ];
}
</programlisting>
Note that both <filename>configuration.nix</filename> and

1
nixos/doc/manual/configuration/xfce.xml
View File

@ -9,7 +9,6 @@
<programlisting>
<xref linkend="opt-services.xserver.desktopManager.xfce.enable" /> = true;
<xref linkend="opt-services.xserver.displayManager.defaultSession" /> = "xfce";
};
</programlisting>
</para>
<para>

5
nixos/doc/manual/development/releases.xml
View File

@ -71,8 +71,9 @@
<para>
<link xlink:href="https://github.com/NixOS/nixpkgs/commit/d6b08acd1ccac0d9d502c4b635e00b04d3387f06">
Update <literal>versionSuffix</literal> in
<literal>nixos/release.nix</literal></link>, use <literal>git log
--format=%an|wc -l</literal> to get the commit count
<literal>nixos/release.nix</literal></link>, use
<literal>git rev-list --count 17.09-beta</literal>
to get the commit count.
</para>
</listitem>
<listitem>

3
nixos/doc/manual/installation/installing.xml
View File

@ -24,8 +24,7 @@
</para>
<para>
The NixOS manual is available on virtual console 8 (press Alt+F8 to access)
or by running <command>nixos-help</command>.
The NixOS manual is available by running <command>nixos-help</command>.
</para>
<para>

1
nixos/doc/manual/release-notes/release-notes.xml
View File

@ -8,6 +8,7 @@
This section lists the release notes for each stable version of NixOS and
current unstable revision.
</para>
<xi:include href="rl-2009.xml" />
<xi:include href="rl-2003.xml" />
<xi:include href="rl-1909.xml" />
<xi:include href="rl-1903.xml" />

224
nixos/doc/manual/release-notes/rl-2003.xml
View File

@ -154,7 +154,7 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
</listitem>
<listitem>
<para>
The <literal>99-main.network</literal> file was removed. Maching all
The <literal>99-main.network</literal> file was removed. Matching all
network interfaces caused many breakages, see
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/18962">#18962</link>
and <link xlink:href="https://github.com/NixOS/nixpkgs/pull/71106">#71106</link>.
@ -196,10 +196,10 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
</listitem>
<listitem>
<para>
There is now only one Xfce package-set and module. This means attributes, <literal>xfce4-14</literal>
<literal>xfce4-12</literal>, and <literal>xfceUnstable</literal> all now point to the latest Xfce 4.14
packages. And in future NixOS releases will be the latest released version of Xfce available at the
time during the releases development (if viable).
There is now only one Xfce package-set and module. This means that attributes <literal>xfce4-14</literal>
and <literal>xfceUnstable</literal> all now point to the latest Xfce 4.14
packages. And in the future NixOS releases will be the latest released version of Xfce available at the
time of the release's development (if viable).
</para>
</listitem>
<listitem>
@ -235,7 +235,7 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
<listitem>
<para>
The <literal>buildRustCrate</literal> infrastructure now produces <literal>lib</literal> outputs in addition to the <literal>out</literal> output.
This has led to drastically reduced closed sizes for some rust crates since development dependencies are now in the <literal>lib</literal> output.
This has led to drastically reduced closure sizes for some rust crates since development dependencies are now in the <literal>lib</literal> output.
</para>
</listitem>
<listitem>
@ -625,6 +625,138 @@ auth required pam_succeed_if.so uid >= 1000 quiet
to a fairly old snapshot from the <package>gcc7</package>-branch.
</para>
</listitem>
<listitem>
<para>
The <citerefentry><refentrytitle>nixos-build-vms</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>-script now uses the python test-driver.
</para>
</listitem>
<listitem>
<para>
The <package>riot-web</package> package now accepts configuration overrides as an attribute set instead of a string.
A formerly used JSON configuration can be converted to an attribute set with <literal>builtins.fromJSON</literal>.
</para>
<para>
The new default configuration also disables automatic guest account registration and analytics to improve privacy.
The previous behavior can be restored by setting <literal>config.riot-web.conf = { disable_guests = false; piwik = true; }</literal>.
</para>
</listitem>
<listitem>
<para>
Stand-alone usage of <literal>Upower</literal> now requires
<option>services.upower.enable</option> instead of just installing into
<xref linkend="opt-environment.systemPackages"/>.
</para>
</listitem>
<listitem>
<para>
<package>nextcloud</package> has been updated to <literal>v18.0.2</literal>. This means
that users from NixOS 19.09 can't upgrade directly since you can only move one version
forward and 19.09 uses <literal>v16.0.8</literal>.
</para>
<para>
To provide a safe upgrade-path and to circumvent similar issues in the future, the following
measures were taken:
<itemizedlist>
<listitem>
<para>
The <package>pkgs.nextcloud</package>-attribute has been removed and replaced with
versioned attributes (currently <package>pkgs.nextcloud17</package> and
<package>pkgs.nextcloud18</package>). With this change major-releases can be backported
without breaking stuff and to make upgrade-paths easier.
</para>
</listitem>
<listitem>
<para>
Existing setups will be detected using
<link linkend="opt-system.stateVersion">system.stateVersion</link>: by default,
<package>nextcloud17</package> will be used, but will raise a warning which notes
that after that deploy it's recommended to update to the latest stable version
(<package>nextcloud18</package>) by declaring the newly introduced setting
<link linkend="opt-services.nextcloud.package">services.nextcloud.package</link>.
</para>
</listitem>
<listitem>
<para>
Users with an overlay (e.g. to use <package>nextcloud</package> at version
<literal>v18</literal> on <literal>19.09</literal>) will get an evaluation error
by default. This is done to ensure that our
<link linkend="opt-services.nextcloud.package">package</link>-option doesn't select an
older version by accident. It's recommended to use <package>pkgs.nextcloud18</package>
or to set <link linkend="opt-services.nextcloud.package">package</link> to
<package>pkgs.nextcloud</package> explicitly.
</para>
</listitem>
</itemizedlist>
</para>
<warning>
<para>
Please note that if you're comming from <literal>19.03</literal> or older, you have
to manually upgrade to <literal>19.09</literal> first to upgrade your server
to Nextcloud v16.
</para>
</warning>
</listitem>
<listitem>
<para>
<package>Hydra</package> has gained a massive performance improvement due to
<link xlink:href="https://github.com/NixOS/hydra/pull/710">some database schema
changes</link> by adding several IDs and better indexing. However, it's necessary
to upgrade Hydra in multiple steps:
<itemizedlist>
<listitem>
<para>
At first, an older version of Hydra needs to be deployed which adds those
(nullable) columns. When having set <link linkend="opt-system.stateVersion">stateVersion
</link> to a value older than <literal>20.03</literal>, this package will be selected
by default from the module when upgrading. Otherwise, the package can be deployed using
the following config:
<programlisting>{ pkgs, ... }: {
<link linkend="opt-services.hydra.package">services.hydra.package</link> = pkgs.hydra-migration;
}</programlisting>
</para>
</listitem>
<listitem>
<para>
Automatically fill the newly added ID columns on the server by running the following
command:
<screen>
<prompt>$ </prompt>hydra-backfill-ids
</screen>
<warning>
<para>Please note that this process can take a while depending on your database-size!</para>
</warning>
</para>
</listitem>
<listitem>
<para>
Deploy a newer version of Hydra to activate the DB optimizations. You can choose from
either <package>hydra-unstable</package> (latest <literal>master</literal> compiled
against <package>nixUnstable</package>) and <package>hydra-flakes</package> (latest
version with flake-support).
<warning>
<para>
If your <link linkend="opt-system.stateVersion">stateVersion</link> is set to
<literal>20.03</literal> or greater, <package>hydra-unstable</package> will be used
automatically! This will break your setup if you didn't run the migration.
</para>
</warning>
Please note that Hydra is currently not available with <package>nixStable</package>
as this doesn't compile anymore.
</para>
</listitem>
</itemizedlist>
<warning>
<para>
<package>pkgs.hydra</package> has been removed to ensure a graceful database-migration
using the dedicated package-attributes. If you still have <package>pkgs.hydra</package>
defined in e.g. an overlay, an assertion error will be thrown. To circumvent this,
you need to set <xref linkend="opt-services.hydra.package" /> to <package>pkgs.hydra</package>
explicitly and make sure you know what you're doing!
</para>
</warning>
</para>
</listitem>
</itemizedlist>
</section>
@ -687,6 +819,86 @@ auth required pam_succeed_if.so uid >= 1000 quiet
via <option>boot.initrd.luks.fido2Support</option>.
</para>
</listitem>
<listitem>
<para>
Predicatbly named network-interfaces get renamed in stage-1. This means that it's possible
to use the proper interface name for e.g. dropbear-setups.
</para>
<para>
For further reference, please read <link xlink:href="https://github.com/NixOS/nixpkgs/pull/68953">#68953</link> or the corresponding <link xlink:href="https://discourse.nixos.org/t/predictable-network-interface-names-in-initrd/4055">discourse thread</link>.
</para>
</listitem>
<listitem>
<para>
The <package>matrix-synapse</package>-package has been updated to
<link xlink:href="https://github.com/matrix-org/synapse/releases/tag/v1.11.1">v1.11.1</link>.
Due to <link xlink:href="https://github.com/matrix-org/synapse/releases/tag/v1.10.0rc1">stricter requirements</link>
for database configuration when using <package>postgresql</package>, the automated database setup
of the module has been removed to avoid any further edge-cases.
</para>
<para>
<package>matrix-synapse</package> expects <literal>postgresql</literal>-databases to have the options
<literal>LC_COLLATE</literal> and <literal>LC_CTYPE</literal> set to
<link xlink:href="https://www.postgresql.org/docs/12/locale.html"><literal>'C'</literal></link> which basically
instructs <literal>postgresql</literal> to ignore any locale-based preferences.
</para>
<para>
Depending on your setup, you need to incorporate one of the following changes in your setup to
upgrade to 20.03:
<itemizedlist>
<listitem><para>If you use <literal>sqlite3</literal> you don't need to do anything.</para></listitem>
<listitem><para>If you use <literal>postgresql</literal> on a different server, you don't need
to change anything as well since this module was never designed to configure remote databases.
</para></listitem>
<listitem><para>If you use <literal>postgresql</literal> and configured your synapse initially on
<literal>19.09</literal> or older, you simply need to enable <package>postgresql</package>-support
explicitly:
<programlisting>{ ... }: {
services.matrix-synapse = {
<link linkend="opt-services.matrix-synapse.enable">enable</link> = true;
/* and all the other config you've defined here */
};
<link linkend="opt-services.postgresql.enable">services.postgresql.enable</link> = true;
}</programlisting>
</para></listitem>
<listitem><para>If you deploy a fresh <package>matrix-synapse</package>, you need to configure
the database yourself (e.g. by using the
<link linkend="opt-services.postgresql.initialScript">services.postgresql.initialScript</link>
option). An example for this can be found in the
<link linkend="module-services-matrix">documentation of the Matrix module</link>.
</para></listitem>
<listitem><para>If you initially deployed your <package>matrix-synapse</package> on
<literal>nixos-unstable</literal> <emphasis>after</emphasis> the <literal>19.09</literal>-release,
your database is misconfigured due to a regression in NixOS. For now, <package>matrix-synapse</package> will
startup with a warning, but it's recommended to reconfigure the database to set the values
<literal>LC_COLLATE</literal> and <literal>LC_CTYPE</literal> to
<link xlink:href="https://www.postgresql.org/docs/12/locale.html"><literal>'C'</literal></link>.
</para></listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
The <link linkend="opt-systemd.network.links">systemd.network.links</link> option is now respected
even when <link linkend="opt-systemd.network.enable">systemd-networkd</link> is disabled.
This mirrors the behaviour of systemd - It's udev that parses <literal>.link</literal> files,
not <command>systemd-networkd</command>.
</para>
</listitem>
<listitem>
<para>
<package>mongodb</package> has been updated to version <literal>3.4.24</literal>.
<warning>
<para>
Please note that <package>mongodb</package> has been relicensed under their own
<link xlink:href="https://www.mongodb.com/licensing/server-side-public-license/faq"><literal>
sspl</literal></link>-license. Since it's not entirely free and not OSI-approved,
it's listed as non-free. This means that Hydra doesn't provide prebuilt
<package>mongodb</package>-packages and needs to be built locally.
</para>
</warning>
</para>
</listitem>
</itemizedlist>
</section>
</section>

144
nixos/doc/manual/release-notes/rl-2009.xml Normal file
View File

@ -0,0 +1,144 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09">
<title>Release 20.09 (“Nightingale”, 2020.09/??)</title>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-highlights">
<title>Highlights</title>
<para>
In addition to numerous new and upgraded packages, this release has the
following highlights:
</para>
<itemizedlist>
<listitem>
<para>
Support is planned until the end of April 2021, handing over to 21.03.
</para>
</listitem>
<listitem>
<para>
PHP now defaults to PHP 7.4, updated from 7.3.
</para>
</listitem>
<listitem>
<para>
Two new options, <link linkend="opt-services.openssh.authorizedKeysCommand">authorizedKeysCommand</link>
and <link linkend="opt-services.openssh.authorizedKeysCommandUser">authorizedKeysCommandUser</link>, have
been added to the <literal>openssh</literal> module. If you have <literal>AuthorizedKeysCommand</literal>
in your <link linkend="opt-services.openssh.extraConfig">services.openssh.extraConfig</link> you should
make use of these new options instead.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-new-services">
<title>New Services</title>
<para>
The following new services were added since the last release:
</para>
<itemizedlist>
<listitem>
<para />
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the following
incompatible changes:
</para>
<itemizedlist>
<listitem>
<para>
Grafana is now built without support for phantomjs by default. Phantomjs support has been
<link xlink:href="https://grafana.com/docs/grafana/latest/guides/whats-new-in-v6-4/">deprecated in Grafana</link>
and the <package>phantomjs</package> project is
<link xlink:href="https://github.com/ariya/phantomjs/issues/15344#issue-302015362">currently unmaintained</link>.
It can still be enabled by providing <literal>phantomJsSupport = true</literal> to the package instanciation:
<programlisting>{
services.grafana.package = pkgs.grafana.overrideAttrs (oldAttrs: rec {
phantomJsSupport = false;
});
}</programlisting>
</para>
</listitem>
<listitem>
<para>
The <link linkend="opt-services.supybot.enable">supybot</link> module now uses <literal>/var/lib/supybot</literal>
as its default <link linkend="opt-services.supybot.stateDir">stateDir</link> path if <literal>stateVersion</literal>
is 20.09 or higher. It also enables number of
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Sandboxing">systemd sandboxing options</link>
which may possibly interfere with some plugins. If this is the case you can disable the options through attributes in
<option>systemd.services.supybot.serviceConfig</option>.
</para>
</listitem>
<listitem>
<para>
The <literal>security.duosec.skey</literal> option, which stored a secret in the
nix store, has been replaced by a new
<link linkend="opt-security.duosec.secretKeyFile">security.duosec.secretKeyFile</link>
option for better security.
</para>
<para>
<literal>security.duosec.ikey</literal> has been renamed to
<link linkend="opt-security.duosec.integrationKey">security.duosec.integrationKey</link>.
</para>
</listitem>
<listitem>
<para>
The initrd SSH support now uses OpenSSH rather than Dropbear to
allow the use of Ed25519 keys and other OpenSSH-specific
functionality. Host keys must now be in the OpenSSH format, and at
least one pre-generated key must be specified.
</para>
<para>
If you used the <option>boot.initrd.network.ssh.host*Key</option>
options, you'll get an error explaining how to convert your host
keys and migrate to the new
<option>boot.initrd.network.ssh.hostKeys</option> option.
Otherwise, if you don't have any host keys set, you'll need to
generate some; see the <option>hostKeys</option> option
documentation for instructions.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-notable-changes">
<title>Other Notable Changes</title>
<itemizedlist>
<listitem>
<para />
</listitem>
</itemizedlist>
</section>
</section>

10
nixos/lib/eval-config.nix
View File

@ -41,6 +41,12 @@ let
# default to the argument. That way this new default could propagate all
# they way through, but has the last priority behind everything else.
nixpkgs.system = lib.mkDefault system;
# Stash the value of the `system` argument. When using `nesting.children`
# we want to have the same default value behavior (immediately above)
# without any interference from the user's configuration.
nixpkgs.initialSystem = system;
_module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_);
};
};
@ -55,7 +61,7 @@ in rec {
args = extraArgs;
specialArgs =
{ modulesPath = builtins.toString ../modules; } // specialArgs;
}) config options;
}) config options _module;
# These are the extra arguments passed to every module. In
# particular, Nixpkgs is passed through the "pkgs" argument.
@ -63,5 +69,5 @@ in rec {
inherit baseModules extraModules modules;
};
inherit (config._module.args) pkgs;
inherit (_module.args) pkgs;
}

4
nixos/lib/make-options-doc/default.nix
View File

@ -133,6 +133,7 @@ in {
optionsJSON = pkgs.runCommand "options.json"
{ meta.description = "List of NixOS options in JSON format";
buildInputs = [ pkgs.brotli ];
}
''
# Export list of options in different format.
@ -141,8 +142,11 @@ in {
cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix))} $dst/options.json
brotli -9 < $dst/options.json > $dst/options.json.br
mkdir -p $out/nix-support
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
echo "file json-br $dst/options.json.br" >> $out/nix-support/hydra-build-products
''; # */
optionsDocBook = pkgs.runCommand "options-docbook.xml" {} ''

15
nixos/lib/test-driver/test-driver.py
View File

@ -6,6 +6,7 @@ from xml.sax.saxutils import XMLGenerator
import _thread
import atexit
import base64
import codecs
import os
import pathlib
import ptpython.repl
@ -101,10 +102,12 @@ def make_command(args: list) -> str:
def create_vlan(vlan_nr: str) -> Tuple[str, str, "subprocess.Popen[bytes]", Any]:
global log
log.log("starting VDE switch for network {}".format(vlan_nr))
vde_socket = os.path.abspath("./vde{}.ctl".format(vlan_nr))
vde_socket = tempfile.mkdtemp(
prefix="nixos-test-vde-", suffix="-vde{}.ctl".format(vlan_nr)
)
pty_master, pty_slave = pty.openpty()
vde_process = subprocess.Popen(
["vde_switch", "-s", vde_socket, "--dirmode", "0777"],
["vde_switch", "-s", vde_socket, "--dirmode", "0700"],
bufsize=1,
stdin=pty_slave,
stdout=subprocess.PIPE,
@ -115,6 +118,7 @@ def create_vlan(vlan_nr: str) -> Tuple[str, str, "subprocess.Popen[bytes]", Any]
fd.write("version\n")
# TODO: perl version checks if this can be read from
# an if not, dies. we could hang here forever. Fix it.
assert vde_process.stdout is not None
vde_process.stdout.readline()
if not os.path.exists(os.path.join(vde_socket, "ctl")):
raise Exception("cannot start vde_switch")
@ -139,7 +143,7 @@ def retry(fn: Callable) -> None:
class Logger:
def __init__(self) -> None:
self.logfile = os.environ.get("LOGFILE", "/dev/null")
self.logfile_handle = open(self.logfile, "wb")
self.logfile_handle = codecs.open(self.logfile, "wb")
self.xml = XMLGenerator(self.logfile_handle, encoding="utf-8")
self.queue: "Queue[Dict[str, str]]" = Queue(1000)
@ -739,6 +743,7 @@ class Machine:
self.shell, _ = self.shell_socket.accept()
def process_serial_output() -> None:
assert self.process.stdout is not None
for _line in self.process.stdout:
# Ignore undecodable bytes that may occur in boot menus
line = _line.decode(errors="ignore").replace("\r", "").rstrip()
@ -911,7 +916,7 @@ def subtest(name: str) -> Iterator[None]:
if __name__ == "__main__":
log = Logger()
vlan_nrs = list(dict.fromkeys(os.environ["VLANS"].split()))
vlan_nrs = list(dict.fromkeys(os.environ.get("VLANS", "").split()))
vde_sockets = [create_vlan(v) for v in vlan_nrs]
for nr, vde_socket, _, _ in vde_sockets:
os.environ["QEMU_VDE_SOCKET_{}".format(nr)] = vde_socket
@ -936,7 +941,7 @@ if __name__ == "__main__":
machine.process.kill()
for _, _, process, _ in vde_sockets:
process.kill()
process.terminate()
log.close()
tic = time.time()

19
nixos/lib/testing-python.nix
View File

@ -175,13 +175,13 @@ in rec {
nodeNames = builtins.attrNames nodes;
invalidNodeNames = lib.filter
(node: builtins.match "^[A-z_][A-z0-9_]+$" node == null) nodeNames;
(node: builtins.match "^[A-z_]([A-z0-9_]+)?$" node == null) nodeNames;
in
if lib.length invalidNodeNames > 0 then
throw ''
Cannot create machines out of (${lib.concatStringsSep ", " invalidNodeNames})!
All machines are referenced as perl variables in the testing framework which will break the
All machines are referenced as python variables in the testing framework which will break the
script when special characters are used.
Please stick to alphanumeric chars and underscores as separation.
@ -218,12 +218,12 @@ in rec {
'';
testScript = ''
startAll;
$client->waitForUnit("multi-user.target");
start_all()
client.wait_for_unit("multi-user.target")
${preBuild}
$client->succeed("env -i ${bash}/bin/bash ${buildrunner} /tmp/xchg/saved-env >&2");
client.succeed("env -i ${bash}/bin/bash ${buildrunner} /tmp/xchg/saved-env >&2")
${postBuild}
$client->succeed("sync"); # flush all data before pulling the plug
client.succeed("sync") # flush all data before pulling the plug
'';
vmRunCommand = writeText "vm-run" ''
@ -263,9 +263,12 @@ in rec {
{ ... }:
{
inherit require;
imports = [
../tests/common/auto.nix
];
virtualisation.memorySize = 1024;
services.xserver.enable = true;
services.xserver.displayManager.auto.enable = true;
test-support.displayManager.auto.enable = true;
services.xserver.displayManager.defaultSession = "none+icewm";
services.xserver.windowManager.icewm.enable = true;
};
@ -274,7 +277,7 @@ in rec {
machine = client;
preBuild =
''
$client->waitForX;
client.wait_for_x()
'';
} // args);

5
nixos/lib/testing.nix
View File

@ -250,9 +250,12 @@ in rec {
{ ... }:
{
inherit require;
imports = [
../tests/common/auto.nix
];
virtualisation.memorySize = 1024;
services.xserver.enable = true;
services.xserver.displayManager.auto.enable = true;
test-support.displayManager.auto.enable = true;
services.xserver.displayManager.defaultSession = "none+icewm";
services.xserver.windowManager.icewm.enable = true;
};

2
nixos/lib/utils.nix
View File

@ -14,7 +14,7 @@ rec {
# becomes dev-xyzzy. FIXME: slow.
escapeSystemdPath = s:
replaceChars ["/" "-" " "] ["-" "\\x2d" "\\x20"]
(if hasPrefix "/" s then substring 1 (stringLength s) s else s);
(removePrefix "/" s);
# Returns a system path for a given shell package
toShellPath = shell:

1
nixos/maintainers/scripts/azure-new/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
azure

42
nixos/maintainers/scripts/azure-new/README.md Normal file
View File

@ -0,0 +1,42 @@
# azure
## Demo
Here's a demo of this being used: https://asciinema.org/a/euXb9dIeUybE3VkstLWLbvhmp
## Usage
This is meant to be an example image that you can copy into your own
project and modify to your own needs. Notice that the example image
includes a built-in test user account, which by default uses your
`~/.ssh/id_ed25519.pub` as an `authorized_key`.
Build and upload the image
```shell
$ ./upload-image.sh ./examples/basic/image.nix
...
+ attr=azbasic
+ nix-build ./examples/basic/image.nix --out-link azure
/nix/store/qdpzknpskzw30vba92mb24xzll1dqsmd-azure-image
...
95.5 %, 0 Done, 0 Failed, 1 Pending, 0 Skipped, 1 Total, 2-sec Throughput (Mb/s): 932.9565
...
/subscriptions/aff271ee-e9be-4441-b9bb-42f5af4cbaeb/resourceGroups/nixos-images/providers/Microsoft.Compute/images/azure-image-todo-makethisbetter
```
Take the output, boot an Azure VM:
```
img="/subscriptions/.../..." # use output from last command
./boot-vm.sh "${img}"
...
=> booted
```
## Future Work
1. If the user specifies a hard-coded user, then the agent could be removed.
Probably has security benefits; definitely has closure-size benefits.
(It's likely the VM will need to be booted with a special flag. See:
https://github.com/Azure/azure-cli/issues/12775 for details.)

36
nixos/maintainers/scripts/azure-new/boot-vm.sh Executable file
View File

@ -0,0 +1,36 @@
#!/usr/bin/env bash
set -euo pipefail
set -x
image="${1}"
location="westus2"
group="nixos-test-vm"
vm_size="Standard_D2s_v3"; os_size=42;
# ensure group
az group create --location "westus2" --name "${group}"
group_id="$(az group show --name "${group}" -o tsv --query "[id]")"
# (optional) identity
if ! az identity show -n "${group}-identity" -g "${group}" &>/dev/stderr; then
az identity create --name "${group}-identity" --resource-group "${group}"
fi
# (optional) role assignment, to the resource group, bad but not really great alternatives
identity_id="$(az identity show --name "${group}-identity" --resource-group "${group}" -o tsv --query "[id]")"
principal_id="$(az identity show --name "${group}-identity" --resource-group "${group}" -o tsv --query "[principalId]")"
until az role assignment create --assignee "${principal_id}" --role "Owner" --scope "${group_id}"; do sleep 1; done
# boot vm
az vm create \
--name "${group}-vm" \
--resource-group "${group}" \
--assign-identity "${identity_id}" \
--size "${vm_size}" \
--os-disk-size-gb "${os_size}" \
--image "${image}" \
--admin-username "${USER}" \
--location "westus2" \
--storage-sku "Premium_LRS" \
--ssh-key-values "$(ssh-add -L)"

7
nixos/maintainers/scripts/azure-new/common.sh Normal file
View File

@ -0,0 +1,7 @@
export group="${AZURE_RESOURCE_GROUP:-"azure"}"
export location="${AZURE_LOCATION:-"westus2"}"
img_file=$(echo azure/*.vhd)
img_name="$(basename "${img_file}")"
img_name="${img_name%".vhd"}"
export img_name="${img_name//[._]/-}"

10
nixos/maintainers/scripts/azure-new/examples/basic/image.nix Normal file
View File

@ -0,0 +1,10 @@
let
pkgs = (import <nixpkgs> {});
machine = import "${pkgs.path}/nixos/lib/eval-config.nix" {
system = "x86_64-linux";
modules = [
({config, ...}: { imports = [ ./system.nix ]; })
];
};
in
machine.config.system.build.azureImage

34
nixos/maintainers/scripts/azure-new/examples/basic/system.nix Normal file
View File

@ -0,0 +1,34 @@
{ pkgs, modulesPath, ... }:
let username = "azurenixosuser";
in
{
imports = [
"${modulesPath}/virtualisation/azure-common.nix"
"${modulesPath}/virtualisation/azure-image.nix"
];
## NOTE: This is just an example of how to hard-code a user.
## The normal Azure agent IS included and DOES provision a user based
## on the information passed at VM creation time.
users.users."${username}" = {
isNormalUser = true;
home = "/home/${username}";
description = "Azure NixOS Test User";
openssh.authorizedKeys.keys = [ (builtins.readFile ~/.ssh/id_ed25519.pub) ];
};
nix.trustedUsers = [ username ];
virtualisation.azureImage.diskSize = 2500;
system.stateVersion = "20.03";
boot.kernelPackages = pkgs.linuxPackages_latest;
# test user doesn't have a password
services.openssh.passwordAuthentication = false;
security.sudo.wheelNeedsPassword = false;
environment.systemPackages = with pkgs; [
git file htop wget curl
];
}

13
nixos/maintainers/scripts/azure-new/shell.nix Normal file
View File

@ -0,0 +1,13 @@
with (import ../../../../default.nix {});
stdenv.mkDerivation {
name = "nixcfg-azure-devenv";
nativeBuildInputs = [
azure-cli
bash
cacert
azure-storage-azcopy
];
AZURE_CONFIG_DIR="/tmp/azure-cli/.azure";
}

58
nixos/maintainers/scripts/azure-new/upload-image.sh Executable file
View File

@ -0,0 +1,58 @@
#!/usr/bin/env bash
set -euo pipefail
set -x
image_nix="${1:-"./examples/basic/image.nix"}"
nix-build "${image_nix}" --out-link "azure"
group="nixos-images"
location="westus2"
img_name="nixos-image"
img_file="$(readlink -f ./azure/disk.vhd)"
if ! az group show -n "${group}" &>/dev/null; then
az group create --name "${group}" --location "${location}"
fi
# note: the disk access token song/dance is tedious
# but allows us to upload direct to a disk image
# thereby avoid storage accounts (and naming them) entirely!
if ! az disk show -g "${group}" -n "${img_name}" &>/dev/null; then
bytes="$(stat -c %s ${img_file})"
size="30"
az disk create \
--resource-group "${group}" \
--name "${img_name}" \
--for-upload true --upload-size-bytes "${bytes}"
timeout=$(( 60 * 60 )) # disk access token timeout
sasurl="$(\
az disk grant-access \
--access-level Write \
--resource-group "${group}" \
--name "${img_name}" \
--duration-in-seconds ${timeout} \
| jq -r '.accessSas'
)"
azcopy copy "${img_file}" "${sasurl}" \
--blob-type PageBlob
az disk revoke-access \
--resource-group "${group}" \
--name "${img_name}"
fi
if ! az image show -g "${group}" -n "${img_name}" &>/dev/null; then
diskid="$(az disk show -g "${group}" -n "${img_name}" -o json | jq -r .id)"
az image create \
--resource-group "${group}" \
--name "${img_name}" \
--source "${diskid}" \
--os-type "linux" >/dev/null
fi
imageid="$(az image show -g "${group}" -n "${img_name}" -o json | jq -r .id)"
echo "${imageid}"

11
nixos/maintainers/scripts/ec2/amazon-image.nix
View File

@ -8,10 +8,15 @@ in {
imports = [ ../../../modules/virtualisation/amazon-image.nix ];
# Required to provide good EBS experience,
# Amazon recomments setting this to the highest possible value for a good EBS
# experience, which prior to 4.15 was 255.
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html#timeout-nvme-ebs-volumes
# TODO change value to 4294967295 when kernel is updated to 4.15 or later
config.boot.kernelParams = [ "nvme_core.io_timeout=255" ];
config.boot.kernelParams =
let timeout =
if pkgs.lib.versionAtLeast config.boot.kernelPackages.kernel.version "4.15"
then "4294967295"
else "255";
in [ "nvme_core.io_timeout=${timeout}" ];
options.amazonImage = {
name = mkOption {

2
nixos/maintainers/scripts/ec2/create-amis.sh
View File

@ -18,7 +18,7 @@ state_dir=$HOME/amis/ec2-images
home_region=eu-west-1
bucket=nixos-amis
regions=(eu-west-1 eu-west-2 eu-west-3 eu-central-1
regions=(eu-west-1 eu-west-2 eu-west-3 eu-central-1 eu-north-1
us-east-1 us-east-2 us-west-1 us-west-2
ca-central-1
ap-southeast-1 ap-southeast-2 ap-northeast-1 ap-northeast-2

27
nixos/modules/config/networking.nix
View File

@ -35,12 +35,22 @@ in
'';
};
networking.hostFiles = lib.mkOption {
type = types.listOf types.path;
defaultText = lib.literalExample "Hosts from `networking.hosts` and `networking.extraHosts`";
example = lib.literalExample ''[ "''${pkgs.my-blocklist-package}/share/my-blocklist/hosts" ]'';
description = ''
Files that should be concatenated together to form <filename>/etc/hosts</filename>.
'';
};
networking.extraHosts = lib.mkOption {
type = types.lines;
default = "";
example = "192.168.0.1 lanlocalhost";
description = ''
Additional verbatim entries to be appended to <filename>/etc/hosts</filename>.
For adding hosts from derivation results, use <option>networking.hostFiles</option> instead.
'';
};
@ -159,6 +169,15 @@ in
"::1" = [ "localhost" ];
};
networking.hostFiles = let
stringHosts =
let
oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip} + "\n";
allToString = set: concatMapStrings (oneToString set) (attrNames set);
in pkgs.writeText "string-hosts" (allToString (filterAttrs (_: v: v != []) cfg.hosts));
extraHosts = pkgs.writeText "extra-hosts" cfg.extraHosts;
in mkBefore [ stringHosts extraHosts ];
environment.etc =
{ # /etc/services: TCP/UDP port assignments.
services.source = pkgs.iana-etc + "/etc/services";
@ -167,12 +186,8 @@ in
protocols.source = pkgs.iana-etc + "/etc/protocols";
# /etc/hosts: Hostname-to-IP mappings.
hosts.text = let
oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip};
allToString = set: concatMapStringsSep "\n" (oneToString set) (attrNames set);
in ''
${allToString (filterAttrs (_: v: v != []) cfg.hosts)}
${cfg.extraHosts}
hosts.source = pkgs.runCommandNoCC "hosts" {} ''
cat ${escapeShellArgs cfg.hostFiles} > $out
'';
# /etc/host.conf: resolver configuration file

2
nixos/modules/config/swap.nix
View File

@ -185,6 +185,8 @@ in
{ description = "Initialisation of swap device ${sw.device}";
wantedBy = [ "${realDevice'}.swap" ];
before = [ "${realDevice'}.swap" ];
# If swap is encrypted, depending on rngd resolves a possible entropy starvation during boot
after = mkIf (config.security.rngd.enable && sw.randomEncryption.enable) [ "rngd.service" ];
path = [ pkgs.utillinux ] ++ optional sw.randomEncryption.enable pkgs.cryptsetup;
script =

1
nixos/modules/config/system-path.nix
View File

@ -116,6 +116,7 @@ in
"/lib" # FIXME: remove and update debug-info.nix
"/sbin"
"/share/emacs"
"/share/hunspell"
"/share/nano"
"/share/org"
"/share/themes"

31
nixos/modules/hardware/brightnessctl.nix
View File

@ -1,31 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.brightnessctl;
in
{
options = {
hardware.brightnessctl = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Enable brightnessctl in userspace.
This will allow brightness control from users in the video group.
'';
};
};
};
config = mkIf cfg.enable {
services.udev.packages = with pkgs; [ brightnessctl ];
environment.systemPackages = with pkgs; [ brightnessctl ];
};
}

7
nixos/modules/hardware/sensor/iio.nix
View File

@ -8,7 +8,12 @@ with lib;
options = {
hardware.sensor.iio = {
enable = mkOption {
description = "Enable this option to support IIO sensors.";
description = ''
Enable this option to support IIO sensors.
IIO sensors are used for orientation and ambient light
sensors on some mobile devices.
'';
type = types.bool;
default = false;
};

19
nixos/modules/hardware/uinput.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, pkgs, lib, ... }:
let
cfg = config.hardware.uinput;
in {
options.hardware.uinput = {
enable = lib.mkEnableOption "uinput support";
};
config = lib.mkIf cfg.enable {
boot.kernelModules = [ "uinput" ];
users.groups.uinput = {};
services.udev.extraRules = ''
SUBSYSTEM=="misc", KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"
'';
};
}

2
nixos/modules/hardware/video/amdgpu-pro.nix
View File

@ -30,7 +30,7 @@ in
nixpkgs.config.xorg.abiCompat = "1.19";
services.xserver.drivers = singleton
{ name = "amdgpu"; modules = [ package ]; };
{ name = "amdgpu"; modules = [ package ]; display = true; };
hardware.opengl.package = package;
hardware.opengl.package32 = package32;

2
nixos/modules/hardware/video/ati.nix
View File

@ -21,7 +21,7 @@ in
nixpkgs.config.xorg.abiCompat = "1.17";
services.xserver.drivers = singleton
{ name = "fglrx"; modules = [ ati_x11 ]; };
{ name = "fglrx"; modules = [ ati_x11 ]; display = true; };
hardware.opengl.package = ati_x11;
hardware.opengl.package32 = pkgs.pkgsi686Linux.linuxPackages.ati_drivers_x11.override { libsOnly = true; kernel = null; };

138
nixos/modules/hardware/video/nvidia.nix
View File

@ -34,26 +34,57 @@ let
enabled = nvidia_x11 != null;
cfg = config.hardware.nvidia;
optimusCfg = cfg.optimus_prime;
pCfg = cfg.prime;
syncCfg = pCfg.sync;
offloadCfg = pCfg.offload;
primeEnabled = syncCfg.enable || offloadCfg.enable;
in
{
imports =
[
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "enable" ] [ "hardware" "nvidia" "prime" "sync" "enable" ])
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "allowExternalGpu" ] [ "hardware" "nvidia" "prime" "sync" "allowExternalGpu" ])
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "nvidiaBusId" ] [ "hardware" "nvidia" "prime" "nvidiaBusId" ])
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "intelBusId" ] [ "hardware" "nvidia" "prime" "intelBusId" ])
];
options = {
hardware.nvidia.modesetting.enable = lib.mkOption {
type = lib.types.bool;
hardware.nvidia.modesetting.enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable kernel modesetting when using the NVIDIA proprietary driver.
Enabling this fixes screen tearing when using Optimus via PRIME (see
<option>hardware.nvidia.optimus_prime.enable</option>. This is not enabled
<option>hardware.nvidia.prime.sync.enable</option>. This is not enabled
by default because it is not officially supported by NVIDIA and would not
work with SLI.
'';
};
hardware.nvidia.optimus_prime.enable = lib.mkOption {
type = lib.types.bool;
hardware.nvidia.prime.nvidiaBusId = mkOption {
type = types.str;
default = "";
example = "PCI:1:0:0";
description = ''
Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci
shows the NVIDIA GPU at "01:00.0", set this option to "PCI:1:0:0".
'';
};
hardware.nvidia.prime.intelBusId = mkOption {
type = types.str;
default = "";
example = "PCI:0:2:0";
description = ''
Bus ID of the Intel GPU. You can find it using lspci; for example if lspci
shows the Intel GPU at "00:02.0", set this option to "PCI:0:2:0".
'';
};
hardware.nvidia.prime.sync.enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME.
@ -66,8 +97,8 @@ in
be the only driver there.
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be
specified (<option>hardware.nvidia.optimus_prime.nvidiaBusId</option> and
<option>hardware.nvidia.optimus_prime.intelBusId</option>).
specified (<option>hardware.nvidia.prime.nvidiaBusId</option> and
<option>hardware.nvidia.prime.intelBusId</option>).
If you enable this, you may want to also enable kernel modesetting for the
NVIDIA driver (<option>hardware.nvidia.modesetting.enable</option>) in order
@ -79,31 +110,23 @@ in
'';
};
hardware.nvidia.optimus_prime.allowExternalGpu = lib.mkOption {
type = lib.types.bool;
hardware.nvidia.prime.sync.allowExternalGpu = mkOption {
type = types.bool;
default = false;
description = ''
Configure X to allow external NVIDIA GPUs when using optimus.
'';
};
hardware.nvidia.optimus_prime.nvidiaBusId = lib.mkOption {
type = lib.types.str;
default = "";
example = "PCI:1:0:0";
hardware.nvidia.prime.offload.enable = mkOption {
type = types.bool;
default = false;
description = ''
Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci
shows the NVIDIA GPU at "01:00.0", set this option to "PCI:1:0:0".
'';
};
Enable render offload support using the NVIDIA proprietary driver via PRIME.
hardware.nvidia.optimus_prime.intelBusId = lib.mkOption {
type = lib.types.str;
default = "";
example = "PCI:0:2:0";
description = ''
Bus ID of the Intel GPU. You can find it using lspci; for example if lspci
shows the Intel GPU at "00:02.0", set this option to "PCI:0:2:0".
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be
specified (<option>hardware.nvidia.prime.nvidiaBusId</option> and
<option>hardware.nvidia.prime.intelBusId</option>).
'';
};
};
@ -116,12 +139,19 @@ in
}
{
assertion = !optimusCfg.enable ||
(optimusCfg.nvidiaBusId != "" && optimusCfg.intelBusId != "");
assertion = primeEnabled -> pCfg.nvidiaBusId != "" && pCfg.intelBusId != "";
message = ''
When NVIDIA Optimus via PRIME is enabled, the GPU bus IDs must configured.
When NVIDIA PRIME is enabled, the GPU bus IDs must configured.
'';
}
{
assertion = offloadCfg.enable -> versionAtLeast nvidia_x11.version "435.21";
message = "NVIDIA PRIME render offload is currently only supported on versions >= 435.21.";
}
{
assertion = !(syncCfg.enable && offloadCfg.enable);
message = "Only one NVIDIA PRIME solution may be used at a time.";
}
];
# If Optimus/PRIME is enabled, we:
@ -136,36 +166,38 @@ in
# - Configure the display manager to run specific `xrandr` commands which will
# configure/enable displays connected to the Intel GPU.
services.xserver.drivers = singleton {
services.xserver.useGlamor = mkDefault offloadCfg.enable;
services.xserver.drivers = optional primeEnabled {
name = "modesetting";
display = offloadCfg.enable;
deviceSection = ''
BusID "${pCfg.intelBusId}"
${optionalString syncCfg.enable ''Option "AccelMethod" "none"''}
'';
} ++ singleton {
name = "nvidia";
modules = [ nvidia_x11.bin ];
deviceSection = optionalString optimusCfg.enable
display = !offloadCfg.enable;
deviceSection = optionalString primeEnabled
''
BusID "${optimusCfg.nvidiaBusId}"
${optionalString optimusCfg.allowExternalGpu "Option \"AllowExternalGpus\""}
BusID "${pCfg.nvidiaBusId}"
${optionalString syncCfg.allowExternalGpu "Option \"AllowExternalGpus\""}
'';
screenSection =
''
Option "RandRRotation" "on"
${optionalString optimusCfg.enable "Option \"AllowEmptyInitialConfiguration\""}
${optionalString syncCfg.enable "Option \"AllowEmptyInitialConfiguration\""}
'';
};
services.xserver.extraConfig = optionalString optimusCfg.enable
''
Section "Device"
Identifier "nvidia-optimus-intel"
Driver "modesetting"
BusID "${optimusCfg.intelBusId}"
Option "AccelMethod" "none"
EndSection
'';
services.xserver.serverLayoutSection = optionalString optimusCfg.enable
''
Inactive "nvidia-optimus-intel"
'';
services.xserver.serverLayoutSection = optionalString syncCfg.enable ''
Inactive "Device-modesetting[0]"
'' + optionalString offloadCfg.enable ''
Option "AllowNVIDIAGPUScreens"
'';
services.xserver.displayManager.setupCommands = optionalString optimusCfg.enable ''
services.xserver.displayManager.setupCommands = optionalString syncCfg.enable ''
# Added by nvidia configuration module for Optimus/PRIME.
${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource modesetting NVIDIA-0
${pkgs.xorg.xrandr}/bin/xrandr --auto
@ -175,11 +207,13 @@ in
source = "${nvidia_x11.bin}/share/nvidia/nvidia-application-profiles-rc";
};
hardware.opengl.package = nvidia_x11.out;
hardware.opengl.package32 = nvidia_libs32;
hardware.opengl.package = mkIf (!offloadCfg.enable) nvidia_x11.out;
hardware.opengl.package32 = mkIf (!offloadCfg.enable) nvidia_libs32;
hardware.opengl.extraPackages = optional offloadCfg.enable nvidia_x11.out;
hardware.opengl.extraPackages32 = optional offloadCfg.enable nvidia_libs32;
environment.systemPackages = [ nvidia_x11.bin nvidia_x11.settings ]
++ lib.filter (p: p != null) [ nvidia_x11.persistenced ];
++ filter (p: p != null) [ nvidia_x11.persistenced ];
systemd.tmpfiles.rules = optional config.virtualisation.docker.enableNvidia
"L+ /run/nvidia-docker/bin - - - - ${nvidia_x11.bin}/origBin"
@ -190,10 +224,10 @@ in
# nvidia-uvm is required by CUDA applications.
boot.kernelModules = [ "nvidia-uvm" ] ++
lib.optionals config.services.xserver.enable [ "nvidia" "nvidia_modeset" "nvidia_drm" ];
optionals config.services.xserver.enable [ "nvidia" "nvidia_modeset" "nvidia_drm" ];
# If requested enable modesetting via kernel parameter.
boot.kernelParams = optional cfg.modesetting.enable "nvidia-drm.modeset=1";
boot.kernelParams = optional (offloadCfg.enable || cfg.modesetting.enable) "nvidia-drm.modeset=1";
# Create /dev/nvidia-uvm when the nvidia-uvm module is loaded.
services.udev.extraRules =

12
nixos/modules/hardware/wooting.nix Normal file
View File

@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }:
with lib;
{
options.hardware.wooting.enable =
mkEnableOption "Enable support for Wooting keyboards";
config = mkIf config.hardware.wooting.enable {
environment.systemPackages = [ pkgs.wootility ];
services.udev.packages = [ pkgs.wooting-udev-rules ];
};
}

4
nixos/modules/i18n/input-method/ibus.nix
View File

@ -75,5 +75,9 @@ in
QT_IM_MODULE = "ibus";
XMODIFIERS = "@im=ibus";
};
xdg.portal.extraPortals = mkIf xdg.portal.enable [
ibusPackage
];
};
}

4
nixos/modules/installer/cd-dvd/channel.nix
View File

@ -21,7 +21,9 @@ let
if [ ! -e $out/nixos/nixpkgs ]; then
ln -s . $out/nixos/nixpkgs
fi
echo -n ${config.system.nixos.revision} > $out/nixos/.git-revision
${optionalString (config.system.nixos.revision != null) ''
echo -n ${config.system.nixos.revision} > $out/nixos/.git-revision
''}
echo -n ${config.system.nixos.versionSuffix} > $out/nixos/.version-suffix
echo ${config.system.nixos.versionSuffix} | sed -e s/pre// > $out/nixos/svn-revision
'';

3
nixos/modules/installer/cd-dvd/installation-cd-graphical-base.nix
View File

@ -44,6 +44,9 @@ with lib;
pkgs.bvi # binary editor
pkgs.joe
# Include some version control tools.
pkgs.git
# Firefox for reading the manual.
pkgs.firefox

21
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix
View File

@ -1,5 +1,4 @@
# This module defines a NixOS installation CD that contains X11 and
# GNOME 3.
# This module defines a NixOS installation CD that contains GNOME.
{ lib, ... }:
@ -10,10 +9,22 @@ with lib;
services.xserver.desktopManager.gnome3.enable = true;
# Auto-login as root.
services.xserver.displayManager.gdm.autoLogin = {
# Wayland can be problematic for some hardware like Nvidia graphics cards.
services.xserver.displayManager.defaultSession = "gnome-xorg";
services.xserver.displayManager.gdm = {
enable = true;
user = "root";
# autoSuspend makes the machine automatically suspend after inactivity.
# It's possible someone could/try to ssh'd into the machine and obviously
# have issues because it's inactive.
# See:
# * https://github.com/NixOS/nixpkgs/pull/63790
# * https://gitlab.gnome.org/GNOME/gnome-control-center/issues/22
autoSuspend = false;
autoLogin = {
enable = true;
user = "nixos";
};
};
}

8
nixos/modules/installer/tools/nix-fallback-paths.nix
View File

@ -1,6 +1,6 @@
{
x86_64-linux = "/nix/store/0q5qnh10m2sfrriszc1ysmggw659q6qm-nix-2.3.2";
i686-linux = "/nix/store/i7ad7r5d8a5b3l22hg4a1im2qq05y6vd-nix-2.3.2";
aarch64-linux = "/nix/store/bv06pavfw0dbqzr8w3l7s71nx27gnxa0-nix-2.3.2";
x86_64-darwin = "/nix/store/x6mnl1nij7y4v5ihlplr4k937ayr403r-nix-2.3.2";
x86_64-linux = "/nix/store/ddmmzn4ggz1f66lwxjy64n89864yj9w9-nix-2.3.3";
i686-linux = "/nix/store/5axys7hsggb4282dsbps5k5p0v59yv13-nix-2.3.3";
aarch64-linux = "/nix/store/k80nwvi19hxwbz3c9cxgp24f1jjxwmcc-nix-2.3.3";
x86_64-darwin = "/nix/store/lrnvapsqmf0ja6zfyx4cpxr7ahdr7f9b-nix-2.3.3";
}

2
nixos/modules/installer/tools/nixos-build-vms/build-vms.nix
View File

@ -5,7 +5,7 @@
let nodes = import networkExpr; in
with import ../../../../lib/testing.nix {
with import ../../../../lib/testing-python.nix {
inherit system;
pkgs = import ../../../../.. { inherit system config; };
};

18
nixos/modules/installer/tools/nixos-enter.sh
View File

@ -60,15 +60,15 @@ chmod 0755 "$mountPoint/dev" "$mountPoint/sys"
mount --rbind /dev "$mountPoint/dev"
mount --rbind /sys "$mountPoint/sys"
# If silent, write both stdout and stderr of activation script to /dev/null
# otherwise, write both streams to stderr of this process
if [ "$silent" -eq 0 ]; then
PIPE_TARGET="/dev/stderr"
else
PIPE_TARGET="/dev/null"
fi
(
# If silent, write both stdout and stderr of activation script to /dev/null
# otherwise, write both streams to stderr of this process
if [ "$silent" -eq 1 ]; then
exec 2>/dev/null
fi
# Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings.
LOCALE_ARCHIVE="$system/sw/lib/locale/locale-archive" chroot "$mountPoint" "$system/activate" >>$PIPE_TARGET 2>&1 || true
# Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings.
LOCALE_ARCHIVE="$system/sw/lib/locale/locale-archive" chroot "$mountPoint" "$system/activate" 1>&2 || true
)
exec chroot "$mountPoint" "${command[@]}"

8
nixos/modules/installer/tools/tools.nix
View File

@ -42,7 +42,10 @@ let
inherit (config.system.nixos-generate-config) configuration;
};
nixos-option = pkgs.callPackage ./nixos-option { };
nixos-option =
if lib.versionAtLeast (lib.getVersion pkgs.nix) "2.4pre"
then null
else pkgs.callPackage ./nixos-option { };
nixos-version = makeProg {
name = "nixos-version";
@ -184,10 +187,9 @@ in
nixos-install
nixos-rebuild
nixos-generate-config
nixos-option
nixos-version
nixos-enter
];
] ++ lib.optional (nixos-option != null) nixos-option;
system.build = {
inherit nixos-install nixos-generate-config nixos-option nixos-rebuild nixos-enter;

18
nixos/modules/misc/documentation.nix
View File

@ -17,6 +17,7 @@ let
inherit pkgs config;
version = config.system.nixos.release;
revision = "release-${version}";
extraSources = cfg.nixos.extraModuleSources;
options =
let
scrubbedEval = evalModules {
@ -163,6 +164,19 @@ in
'';
};
nixos.extraModuleSources = mkOption {
type = types.listOf (types.either types.path types.str);
default = [ ];
description = ''
Which extra NixOS module paths the generated NixOS's documentation should strip
from options.
'';
example = literalExample ''
# e.g. with options from modules in ''${pkgs.customModules}/nix:
[ pkgs.customModules ]
'';
};
};
};
@ -204,9 +218,7 @@ in
++ optionals config.services.xserver.enable [ desktopItem pkgs.nixos-icons ]);
services.mingetty.helpLine = mkIf cfg.doc.enable (
"\nRun `nixos-help` "
+ optionalString config.services.nixosManual.showManual "or press <Alt-F${toString config.services.nixosManual.ttyNumber}> "
+ "for the NixOS manual."
"\nRun 'nixos-help' for the NixOS manual."
);
})

4
nixos/modules/misc/ids.nix
View File

@ -133,7 +133,7 @@ in
tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
firebird = 95;
#keys = 96; # unused
#haproxy = 97; # DynamicUser as of 2019-11-08
#haproxy = 97; # dynamically allocated as of 2020-03-11
mongodb = 98;
openldap = 99;
#users = 100; # unused
@ -448,7 +448,7 @@ in
#tcpcryptd = 93; # unused
firebird = 95;
keys = 96;
#haproxy = 97; # DynamicUser as of 2019-11-08
#haproxy = 97; # dynamically allocated as of 2020-03-11
#mongodb = 98; # unused
openldap = 99;
munin = 102;

12
nixos/modules/misc/nixpkgs.nix
View File

@ -216,6 +216,14 @@ in
Ignored when <code>nixpkgs.pkgs</code> is set.
'';
};
initialSystem = mkOption {
type = types.str;
internal = true;
description = ''
Preserved value of <literal>system</literal> passed to <literal>eval-config.nix</literal>.
'';
};
};
config = {
@ -228,8 +236,8 @@ in
let
nixosExpectedSystem =
if config.nixpkgs.crossSystem != null
then config.nixpkgs.crossSystem.system
else config.nixpkgs.localSystem.system;
then config.nixpkgs.crossSystem.system or (lib.systems.parse.doubleFromSystem (lib.systems.parse.mkSystemFromString config.nixpkgs.crossSystem.config))
else config.nixpkgs.localSystem.system or (lib.systems.parse.doubleFromSystem (lib.systems.parse.mkSystemFromString config.nixpkgs.localSystem.config));
nixosOption =
if config.nixpkgs.crossSystem != null
then "nixpkgs.crossSystem"

6
nixos/modules/misc/version.nix
View File

@ -4,10 +4,6 @@ with lib;
let
cfg = config.system.nixos;
gitRepo = "${toString pkgs.path}/.git";
gitRepoValid = lib.pathIsGitRepo gitRepo;
gitCommitId = lib.substring 0 7 (commitIdFromGitRepo gitRepo);
in
{
@ -98,8 +94,6 @@ in
# These defaults are set here rather than up there so that
# changing them would not rebuild the manual
version = mkDefault (cfg.release + cfg.versionSuffix);
revision = mkIf gitRepoValid (mkDefault gitCommitId);
versionSuffix = mkIf gitRepoValid (mkDefault (".git." + gitCommitId));
};
# Generate /etc/os-release. See

25
nixos/modules/module-list.nix
View File

@ -41,7 +41,6 @@
./hardware/acpilight.nix
./hardware/all-firmware.nix
./hardware/bladeRF.nix
./hardware/brightnessctl.nix
./hardware/brillo.nix
./hardware/ckb-next.nix
./hardware/cpu/amd-microcode.nix
@ -65,6 +64,8 @@
./hardware/tuxedo-keyboard.nix
./hardware/usb-wwan.nix
./hardware/onlykey.nix
./hardware/wooting.nix
./hardware/uinput.nix
./hardware/video/amdgpu.nix
./hardware/video/amdgpu-pro.nix
./hardware/video/ati.nix
@ -201,6 +202,7 @@
./security/wrappers/default.nix
./security/sudo.nix
./security/systemd-confinement.nix
./security/tpm2.nix
./services/admin/oxidized.nix
./services/admin/salt/master.nix
./services/admin/salt/minion.nix
@ -248,9 +250,10 @@
./services/cluster/kubernetes/proxy.nix
./services/cluster/kubernetes/scheduler.nix
./services/computing/boinc/client.nix
./services/computing/torque/server.nix
./services/computing/torque/mom.nix
./services/computing/foldingathome/client.nix
./services/computing/slurm/slurm.nix
./services/computing/torque/mom.nix
./services/computing/torque/server.nix
./services/continuous-integration/buildbot/master.nix
./services/continuous-integration/buildbot/worker.nix
./services/continuous-integration/buildkite-agents.nix
@ -292,12 +295,12 @@
./services/desktops/deepin/deepin.nix
./services/desktops/dleyna-renderer.nix
./services/desktops/dleyna-server.nix
./services/desktops/pantheon/contractor.nix
./services/desktops/pantheon/files.nix
./services/desktops/flatpak.nix
./services/desktops/geoclue2.nix
./services/desktops/gsignond.nix
./services/desktops/gvfs.nix
./services/desktops/malcontent.nix
./services/desktops/pipewire.nix
./services/desktops/gnome3/at-spi2-core.nix
./services/desktops/gnome3/chrome-gnome-shell.nix
@ -365,6 +368,7 @@
./services/hardware/thermald.nix
./services/hardware/undervolt.nix
./services/hardware/vdr.nix
./services/hardware/xow.nix
./services/logging/SystemdJournal2Gelf.nix
./services/logging/awstats.nix
./services/logging/fluentd.nix
@ -406,6 +410,7 @@
./services/mail/sympa.nix
./services/mail/nullmailer.nix
./services/misc/airsonic.nix
./services/misc/ankisyncd.nix
./services/misc/apache-kafka.nix
./services/misc/autofs.nix
./services/misc/autorandr.nix
@ -431,7 +436,6 @@
./services/misc/ethminer.nix
./services/misc/exhibitor.nix
./services/misc/felix.nix
./services/misc/folding-at-home.nix
./services/misc/freeswitch.nix
./services/misc/fstrim.nix
./services/misc/gammu-smsd.nix
@ -466,7 +470,6 @@
./services/misc/nix-daemon.nix
./services/misc/nix-gc.nix
./services/misc/nix-optimise.nix
./services/misc/nixos-manual.nix
./services/misc/nix-ssh-serve.nix
./services/misc/novacomd.nix
./services/misc/nzbget.nix
@ -482,7 +485,6 @@
./services/misc/redmine.nix
./services/misc/rippled.nix
./services/misc/ripple-data-api.nix
./services/misc/rogue.nix
./services/misc/serviio.nix
./services/misc/safeeyes.nix
./services/misc/sickbeard.nix
@ -641,6 +643,7 @@
./services/networking/lldpd.nix
./services/networking/logmein-hamachi.nix
./services/networking/mailpile.nix
./services/networking/magic-wormhole-mailbox-server.nix
./services/networking/matterbridge.nix
./services/networking/mjpg-streamer.nix
./services/networking/minidlna.nix
@ -651,6 +654,7 @@
./services/networking/miredo.nix
./services/networking/mstpd.nix
./services/networking/mtprotoproxy.nix
./services/networking/mullvad-vpn.nix
./services/networking/murmur.nix
./services/networking/mxisd.nix
./services/networking/namecoind.nix
@ -661,6 +665,7 @@
./services/networking/ngircd.nix
./services/networking/nghttpx/default.nix
./services/networking/nix-serve.nix
./services/networking/nix-store-gcs-proxy.nix
./services/networking/nixops-dns.nix
./services/networking/nntp-proxy.nix
./services/networking/nsd.nix
@ -688,6 +693,7 @@
./services/networking/prosody.nix
./services/networking/quagga.nix
./services/networking/quassel.nix
./services/networking/quorum.nix
./services/networking/quicktun.nix
./services/networking/racoon.nix
./services/networking/radicale.nix
@ -707,6 +713,7 @@
./services/networking/shorewall6.nix
./services/networking/shout.nix
./services/networking/sniproxy.nix
./services/networking/smartdns.nix
./services/networking/smokeping.nix
./services/networking/softether.nix
./services/networking/spacecookie.nix
@ -724,6 +731,7 @@
./services/networking/syncthing.nix
./services/networking/syncthing-relay.nix
./services/networking/syncplay.nix
./services/networking/tailscale.nix
./services/networking/tcpcrypt.nix
./services/networking/teamspeak3.nix
./services/networking/tedicross.nix
@ -808,6 +816,7 @@
./services/ttys/agetty.nix
./services/ttys/gpm.nix
./services/ttys/kmscon.nix
./services/wayland/cage.nix
./services/web-apps/atlassian/confluence.nix
./services/web-apps/atlassian/crowd.nix
./services/web-apps/atlassian/jira.nix
@ -816,11 +825,13 @@
./services/web-apps/documize.nix
./services/web-apps/dokuwiki.nix
./services/web-apps/frab.nix
./services/web-apps/gerrit.nix
./services/web-apps/gotify-server.nix
./services/web-apps/grocy.nix
./services/web-apps/icingaweb2/icingaweb2.nix
./services/web-apps/icingaweb2/module-monitoring.nix
./services/web-apps/ihatemoney
./services/web-apps/jirafeau.nix
./services/web-apps/limesurvey.nix
./services/web-apps/mattermost.nix
./services/web-apps/mediawiki.nix

4
nixos/modules/profiles/installation-device.nix
View File

@ -26,10 +26,6 @@ with lib;
# Show the manual.
documentation.nixos.enable = mkForce true;
services.nixosManual.showManual = true;
# Let the user play Rogue on TTY 8 during the installation.
#services.rogue.enable = true;
# Use less privileged nixos user
users.users.nixos = {

30
nixos/modules/programs/firejail.nix
View File

@ -5,28 +5,34 @@ with lib;
let
cfg = config.programs.firejail;
wrappedBins = pkgs.stdenv.mkDerivation {
name = "firejail-wrapped-binaries";
nativeBuildInputs = with pkgs; [ makeWrapper ];
buildCommand = ''
wrappedBins = pkgs.runCommand "firejail-wrapped-binaries"
{ preferLocalBuild = true;
allowSubstitutes = false;
}
''
mkdir -p $out/bin
${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: binary: ''
cat <<_EOF >$out/bin/${command}
#!${pkgs.stdenv.shell} -e
/run/wrappers/bin/firejail ${binary} "\$@"
_EOF
chmod 0755 $out/bin/${command}
cat <<_EOF >$out/bin/${command}
#! ${pkgs.runtimeShell} -e
exec /run/wrappers/bin/firejail ${binary} "\$@"
_EOF
chmod 0755 $out/bin/${command}
'') cfg.wrappedBinaries)}
'';
};
in {
options.programs.firejail = {
enable = mkEnableOption "firejail";
wrappedBinaries = mkOption {
type = types.attrs;
type = types.attrsOf types.path;
default = {};
example = literalExample ''
{
firefox = "''${lib.getBin pkgs.firefox}/bin/firefox";
mpv = "''${lib.getBin pkgs.mpv}/bin/mpv";
}
'';
description = ''
Wrap the binaries in firejail and place them in the global path.
</para>
@ -41,7 +47,7 @@ in {
config = mkIf cfg.enable {
security.wrappers.firejail.source = "${lib.getBin pkgs.firejail}/bin/firejail";
environment.systemPackages = [ wrappedBins ];
environment.systemPackages = [ pkgs.firejail ] ++ [ wrappedBins ];
};
meta.maintainers = with maintainers; [ peterhoeg ];

12
nixos/modules/programs/fish_completion-generator.patch
View File

@ -1,11 +1,13 @@
--- a/create_manpage_completions.py
+++ b/create_manpage_completions.py
@@ -776,8 +776,6 @@ def parse_manpage_at_path(manpage_path, output_directory):
@@ -844,10 +844,6 @@ def parse_manpage_at_path(manpage_path, output_directory):
built_command_output.insert(0, "# " + CMDNAME)
- # Output the magic word Autogenerated so we can tell if we can overwrite this
- built_command_output.insert(1, "# Autogenerated from man page " + manpage_path)
- built_command_output.insert(
- 1, "# Autogenerated from man page " + manpage_path
- )
# built_command_output.insert(2, "# using " + parser.__class__.__name__) # XXX MISATTRIBUTES THE CULPABILE PARSER! Was really using Type2 but reporting TypeDeroffManParser
for line in built_command_output:

12
nixos/modules/programs/ssmtp.nix
View File

@ -14,8 +14,16 @@ in
{
imports = [
(mkRenamedOptionModule [ "networking" "defaultMailServer" ] [ "services" "ssmtp" ])
(mkRenamedOptionModule [ "services" "ssmtp" "directDelivery" ] [ "services" "ssmtp" "enable" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "directDelivery" ] [ "services" "ssmtp" "enable" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "hostName" ] [ "services" "ssmtp" "hostName" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "domain" ] [ "services" "ssmtp" "domain" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "root" ] [ "services" "ssmtp" "root" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useTLS" ] [ "services" "ssmtp" "useTLS" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "useSTARTTLS" ] [ "services" "ssmtp" "useSTARTTLS" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authUser" ] [ "services" "ssmtp" "authUser" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPass" ] [ "services" "ssmtp" "authPass" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "authPassFile" ] [ "services" "ssmtp" "authPassFile" ])
(mkRenamedOptionModule [ "networking" "defaultMailServer" "setSendmail" ] [ "services" "ssmtp" "setSendmail" ])
];
options = {

4
nixos/modules/programs/sway.nix
View File

@ -88,10 +88,10 @@ in {
default = with pkgs; [
swaylock swayidle
xwayland alacritty dmenu
rxvt_unicode # For backward compatibility (old default terminal)
rxvt-unicode # For backward compatibility (old default terminal)
];
defaultText = literalExample ''
with pkgs; [ swaylock swayidle xwayland rxvt_unicode dmenu ];
with pkgs; [ swaylock swayidle xwayland rxvt-unicode dmenu ];
'';
example = literalExample ''
with pkgs; [

3
nixos/modules/programs/zsh/zsh.nix
View File

@ -162,9 +162,8 @@ in
# This file is read for all shells.
# Only execute this file once per shell.
# But don't clobber the environment of interactive non-login children!
if [ -n "$__ETC_ZSHENV_SOURCED" ]; then return; fi
export __ETC_ZSHENV_SOURCED=1
__ETC_ZSHENV_SOURCED=1
if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]; then
. ${config.system.build.setEnvironment}

18
nixos/modules/rename.nix
View File

@ -21,12 +21,12 @@ with lib;
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "group" ] "")
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
(mkRemovedOptionModule [ "environment.blcr.enable" ] "The BLCR module has been removed")
(mkRemovedOptionModule [ "services.beegfsEnable" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services.beegfs" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services.osquery" ] "The osquery module has been removed")
(mkRemovedOptionModule [ "services.fourStore" ] "The fourStore module has been removed")
(mkRemovedOptionModule [ "services.fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
(mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed")
(mkRemovedOptionModule [ "services" "beegfsEnable" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services" "beegfs" ] "The BeeGFS module has been removed")
(mkRemovedOptionModule [ "services" "osquery" ] "The osquery module has been removed")
(mkRemovedOptionModule [ "services" "fourStore" ] "The fourStore module has been removed")
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
(mkRemovedOptionModule [ "programs" "way-cooler" ] ("way-cooler is abandoned by its author: " +
"https://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html"))
(mkRemovedOptionModule [ "services" "xserver" "multitouch" ] ''
@ -42,6 +42,12 @@ with lib;
instead, or any other display manager in NixOS as they all support auto-login.
'')
(mkRemovedOptionModule [ "services" "dnscrypt-proxy" ] "Use services.dnscrypt-proxy2 instead")
(mkRemovedOptionModule ["hardware" "brightnessctl" ] ''
The brightnessctl module was removed because newer versions of
brightnessctl don't require the udev rules anymore (they can use the
systemd-logind API). Instead of using the module you can now
simply add the brightnessctl package to environment.systemPackages.
'')
# Do NOT add any option renames here, see top of the file
];

65
nixos/modules/security/acme.nix
View File

@ -136,6 +136,27 @@ let
challenge to ensure the DNS entries required are available.
'';
};
ocspMustStaple = mkOption {
type = types.bool;
default = false;
description = ''
Turns on the OCSP Must-Staple TLS extension.
Make sure you know what you're doing! See:
<itemizedlist>
<listitem><para><link xlink:href="https://blog.apnic.net/2019/01/15/is-the-web-ready-for-ocsp-must-staple/" /></para></listitem>
<listitem><para><link xlink:href="https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html" /></para></listitem>
</itemizedlist>
'';
};
extraLegoRenewFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Additional flags to pass to lego renew.
'';
};
};
};
@ -174,7 +195,7 @@ in
renewInterval = mkOption {
type = types.str;
default = "weekly";
default = "daily";
description = ''
Systemd calendar expression when to check for renewal. See
<citerefentry><refentrytitle>systemd.time</refentrytitle>
@ -281,19 +302,23 @@ in
lpath = "acme/${cert}";
apath = "/var/lib/${lpath}";
spath = "/var/lib/acme/.lego";
rights = if data.allowKeysForGroup then "750" else "700";
fileMode = if data.allowKeysForGroup then "640" else "600";
globalOpts = [ "-d" data.domain "--email" data.email "--path" "." "--key-type" data.keyType ]
++ optionals (cfg.acceptTerms) [ "--accept-tos" ]
++ optionals (data.dnsProvider != null && !data.dnsPropagationCheck) [ "--dns.disable-cp" ]
++ concatLists (mapAttrsToList (name: root: [ "-d" name ]) data.extraDomains)
++ (if data.dnsProvider != null then [ "--dns" data.dnsProvider ] else [ "--http" "--http.webroot" data.webroot ])
++ optionals (cfg.server != null || data.server != null) ["--server" (if data.server == null then cfg.server else data.server)];
runOpts = escapeShellArgs (globalOpts ++ [ "run" ]);
renewOpts = escapeShellArgs (globalOpts ++ [ "renew" "--days" (toString cfg.validMinDays) ]);
certOpts = optionals data.ocspMustStaple [ "--must-staple" ];
runOpts = escapeShellArgs (globalOpts ++ [ "run" ] ++ certOpts);
renewOpts = escapeShellArgs (globalOpts ++
[ "renew" "--days" (toString cfg.validMinDays) ] ++
certOpts ++ data.extraLegoRenewFlags);
acmeService = {
description = "Renew ACME Certificate for ${cert}";
after = [ "network.target" "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = mkIf (!config.boot.isContainer) [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
# With RemainAfterExit the service is considered active even
@ -306,7 +331,7 @@ in
Group = data.group;
PrivateTmp = true;
StateDirectory = "acme/.lego ${lpath}";
StateDirectoryMode = rights;
StateDirectoryMode = if data.allowKeysForGroup then "750" else "700";
WorkingDirectory = spath;
# Only try loading the credentialsFile if the dns challenge is enabled
EnvironmentFile = if data.dnsProvider != null then data.credentialsFile else null;
@ -325,14 +350,15 @@ in
KEY=${spath}/certificates/${keyName}.key
if [ -e $KEY -a $KEY -nt key.pem ]; then
cp -p ${spath}/certificates/${keyName}.key key.pem
cp -p ${spath}/certificates/${keyName}.crt cert.pem
cp -p ${spath}/certificates/${keyName}.crt fullchain.pem
cp -p ${spath}/certificates/${keyName}.issuer.crt chain.pem
cat cert.pem chain.pem > fullchain.pem
cat key.pem cert.pem chain.pem > full.pem
chmod ${rights} *.pem
chown '${data.user}:${data.group}' *.pem
ln -sf fullchain.pem cert.pem
cat key.pem fullchain.pem > full.pem
fi
chmod ${fileMode} *.pem
chown '${data.user}:${data.group}' *.pem
${data.postRun}
'';
in
@ -374,7 +400,7 @@ in
# Give key acme permissions
chown '${data.user}:${data.group}' "${apath}/"{key,fullchain,full}.pem
chmod ${rights} "${apath}/"{key,fullchain,full}.pem
chmod ${fileMode} "${apath}/"{key,fullchain,full}.pem
'';
serviceConfig = {
Type = "oneshot";
@ -399,7 +425,17 @@ in
systemd.tmpfiles.rules =
map (data: "d ${data.webroot}/.well-known/acme-challenge - ${data.user} ${data.group}") (filter (data: data.webroot != null) (attrValues cfg.certs));
systemd.timers = flip mapAttrs' cfg.certs (cert: data: nameValuePair
systemd.timers = let
# Allow systemd to pick a convenient time within the day
# to run the check.
# This allows the coalescing of multiple timer jobs.
# We divide by the number of certificates so that if you
# have many certificates, the renewals are distributed over
# the course of the day to avoid rate limits.
numCerts = length (attrNames cfg.certs);
_24hSecs = 60 * 60 * 24;
AccuracySec = "${toString (_24hSecs / numCerts)}s";
in flip mapAttrs' cfg.certs (cert: data: nameValuePair
("acme-${cert}")
({
description = "Renew ACME Certificate for ${cert}";
@ -408,8 +444,9 @@ in
OnCalendar = cfg.renewInterval;
Unit = "acme-${cert}.service";
Persistent = "yes";
AccuracySec = "5m";
RandomizedDelaySec = "1h";
inherit AccuracySec;
# Skew randomly within the day, per https://letsencrypt.org/docs/integration-guide/.
RandomizedDelaySec = "24h";
};
})
);

Some files were not shown because too many files have changed in this diff Show More