Merge master into staging
This commit is contained in:
commit
6ce04af137
|
@ -682,6 +682,177 @@ hello latest de2bf4786de6 About a minute ago 25.2MB
|
||||||
</example>
|
</example>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section xml:id="ssec-pkgs-dockerTools-buildLayeredImage">
|
||||||
|
<title>buildLayeredImage</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Create a Docker image with many of the store paths being on their own layer
|
||||||
|
to improve sharing between images.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<varname>name</varname>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The name of the resulting image.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<varname>tag</varname> <emphasis>optional</emphasis>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Tag of the generated image.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<emphasis>Default:</emphasis> the output path's hash
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<varname>contents</varname> <emphasis>optional</emphasis>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Top level paths in the container. Either a single derivation, or a list
|
||||||
|
of derivations.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<emphasis>Default:</emphasis> <literal>[]</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<varname>config</varname> <emphasis>optional</emphasis>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Run-time configuration of the container. A full list of the options are
|
||||||
|
available at in the
|
||||||
|
<link xlink:href="https://github.com/moby/moby/blob/master/image/spec/v1.2.md#image-json-field-descriptions">
|
||||||
|
Docker Image Specification v1.2.0 </link>.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<emphasis>Default:</emphasis> <literal>{}</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<varname>created</varname> <emphasis>optional</emphasis>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Date and time the layers were created. Follows the same
|
||||||
|
<literal>now</literal> exception supported by
|
||||||
|
<literal>buildImage</literal>.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<emphasis>Default:</emphasis> <literal>1970-01-01T00:00:01Z</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<varname>maxLayers</varname> <emphasis>optional</emphasis>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Maximum number of layers to create.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<emphasis>Default:</emphasis> <literal>24</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
|
||||||
|
<section xml:id="dockerTools-buildLayeredImage-arg-contents">
|
||||||
|
<title>Behavior of <varname>contents</varname> in the final image</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Each path directly listed in <varname>contents</varname> will have a
|
||||||
|
symlink in the root of the image.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
For example:
|
||||||
|
<programlisting><![CDATA[
|
||||||
|
pkgs.dockerTools.buildLayeredImage {
|
||||||
|
name = "hello";
|
||||||
|
contents = [ pkgs.hello ];
|
||||||
|
}
|
||||||
|
]]></programlisting>
|
||||||
|
will create symlinks for all the paths in the <literal>hello</literal>
|
||||||
|
package:
|
||||||
|
<screen><![CDATA[
|
||||||
|
/bin/hello -> /nix/store/h1zb1padqbbb7jicsvkmrym3r6snphxg-hello-2.10/bin/hello
|
||||||
|
/share/info/hello.info -> /nix/store/h1zb1padqbbb7jicsvkmrym3r6snphxg-hello-2.10/share/info/hello.info
|
||||||
|
/share/locale/bg/LC_MESSAGES/hello.mo -> /nix/store/h1zb1padqbbb7jicsvkmrym3r6snphxg-hello-2.10/share/locale/bg/LC_MESSAGES/hello.mo
|
||||||
|
]]></screen>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section xml:id="dockerTools-buildLayeredImage-arg-config">
|
||||||
|
<title>Automatic inclusion of <varname>config</varname> references</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The closure of <varname>config</varname> is automatically included in the
|
||||||
|
closure of the final image.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
This allows you to make very simple Docker images with very little code.
|
||||||
|
This container will start up and run <command>hello</command>:
|
||||||
|
<programlisting><![CDATA[
|
||||||
|
pkgs.dockerTools.buildLayeredImage {
|
||||||
|
name = "hello";
|
||||||
|
config.Cmd = [ "${pkgs.hello}/bin/hello" ];
|
||||||
|
}
|
||||||
|
]]></programlisting>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section xml:id="dockerTools-buildLayeredImage-arg-maxLayers">
|
||||||
|
<title>Adjusting <varname>maxLayers</varname></title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Increasing the <varname>maxLayers</varname> increases the number of layers
|
||||||
|
which have a chance to be shared between different images.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Modern Docker installations support up to 128 layers, however older
|
||||||
|
versions support as few as 42.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
If the produced image will not be extended by other Docker builds, it is
|
||||||
|
safe to set <varname>maxLayers</varname> to <literal>128</literal>.
|
||||||
|
However it will be impossible to extend the image further.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The first (<literal>maxLayers-2</literal>) most "popular" paths will have
|
||||||
|
their own individual layers, then layer #<literal>maxLayers-1</literal>
|
||||||
|
will contain all the remaining "unpopular" paths, and finally layer
|
||||||
|
#<literal>maxLayers</literal> will contain the Image configuration.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Docker's Layers are not inherently ordered, they are content-addressable
|
||||||
|
and are not explicitly layered until they are composed in to an Image.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section xml:id="ssec-pkgs-dockerTools-fetchFromRegistry">
|
<section xml:id="ssec-pkgs-dockerTools-fetchFromRegistry">
|
||||||
<title>pullImage</title>
|
<title>pullImage</title>
|
||||||
|
|
||||||
|
|
|
@ -413,11 +413,8 @@ packageOverrides = pkgs: {
|
||||||
in your <filename>/etc/nixos/configuration.nix</filename>. You'll also need
|
in your <filename>/etc/nixos/configuration.nix</filename>. You'll also need
|
||||||
<programlisting>hardware.pulseaudio.support32Bit = true;</programlisting>
|
<programlisting>hardware.pulseaudio.support32Bit = true;</programlisting>
|
||||||
if you are using PulseAudio - this will enable 32bit ALSA apps integration.
|
if you are using PulseAudio - this will enable 32bit ALSA apps integration.
|
||||||
To use the Steam controller, you need to add
|
To use the Steam controller or other Steam supported controllers such as the DualShock 4 or Nintendo Switch Pro, you need to add
|
||||||
<programlisting>services.udev.extraRules = ''
|
<programlisting>hardware.steam-hardware.enable = true;</programlisting>
|
||||||
SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
|
|
||||||
KERNEL=="uinput", MODE="0660", GROUP="users", OPTIONS+="static_node=uinput"
|
|
||||||
'';</programlisting>
|
|
||||||
to your configuration.
|
to your configuration.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
|
@ -1332,6 +1332,11 @@
|
||||||
github = "etu";
|
github = "etu";
|
||||||
name = "Elis Hirwing";
|
name = "Elis Hirwing";
|
||||||
};
|
};
|
||||||
|
evck = {
|
||||||
|
email = "eric@evenchick.com";
|
||||||
|
github = "ericevenchick";
|
||||||
|
name = "Eric Evenchick";
|
||||||
|
};
|
||||||
exfalso = {
|
exfalso = {
|
||||||
email = "0slemi0@gmail.com";
|
email = "0slemi0@gmail.com";
|
||||||
github = "exfalso";
|
github = "exfalso";
|
||||||
|
@ -1635,6 +1640,11 @@
|
||||||
github = "hamhut1066";
|
github = "hamhut1066";
|
||||||
name = "Hamish Hutchings";
|
name = "Hamish Hutchings";
|
||||||
};
|
};
|
||||||
|
haslersn = {
|
||||||
|
email = "haslersn@fius.informatik.uni-stuttgart.de";
|
||||||
|
github = "haslersn";
|
||||||
|
name = "Sebastian Hasler";
|
||||||
|
};
|
||||||
havvy = {
|
havvy = {
|
||||||
email = "ryan.havvy@gmail.com";
|
email = "ryan.havvy@gmail.com";
|
||||||
github = "havvy";
|
github = "havvy";
|
||||||
|
@ -2566,6 +2576,11 @@
|
||||||
github = "mdaiter";
|
github = "mdaiter";
|
||||||
name = "Matthew S. Daiter";
|
name = "Matthew S. Daiter";
|
||||||
};
|
};
|
||||||
|
mdevlamynck = {
|
||||||
|
email = "matthias.devlamynck@mailoo.org";
|
||||||
|
github = "mdevlamynck";
|
||||||
|
name = "Matthias Devlamynck";
|
||||||
|
};
|
||||||
meditans = {
|
meditans = {
|
||||||
email = "meditans@gmail.com";
|
email = "meditans@gmail.com";
|
||||||
github = "meditans";
|
github = "meditans";
|
||||||
|
@ -4003,6 +4018,11 @@
|
||||||
github = "sztupi";
|
github = "sztupi";
|
||||||
name = "Attila Sztupak";
|
name = "Attila Sztupak";
|
||||||
};
|
};
|
||||||
|
t184256 = {
|
||||||
|
email = "monk@unboiled.info";
|
||||||
|
github = "t184256";
|
||||||
|
name = "Alexander Sosedkin";
|
||||||
|
};
|
||||||
tadfisher = {
|
tadfisher = {
|
||||||
email = "tadfisher@gmail.com";
|
email = "tadfisher@gmail.com";
|
||||||
github = "tadfisher";
|
github = "tadfisher";
|
||||||
|
@ -4436,6 +4456,11 @@
|
||||||
github = "vrthra";
|
github = "vrthra";
|
||||||
name = "Rahul Gopinath";
|
name = "Rahul Gopinath";
|
||||||
};
|
};
|
||||||
|
vskilet = {
|
||||||
|
email = "victor@sene.ovh";
|
||||||
|
github = "vskilet";
|
||||||
|
name = "Victor SENE";
|
||||||
|
};
|
||||||
vyp = {
|
vyp = {
|
||||||
email = "elisp.vim@gmail.com";
|
email = "elisp.vim@gmail.com";
|
||||||
github = "vyp";
|
github = "vyp";
|
||||||
|
|
|
@ -73,8 +73,7 @@ Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
There are several ways to change the configuration of the container. First,
|
To change the configuration of the container, you can edit
|
||||||
on the host, you can edit
|
|
||||||
<literal>/var/lib/container/<replaceable>name</replaceable>/etc/nixos/configuration.nix</literal>,
|
<literal>/var/lib/container/<replaceable>name</replaceable>/etc/nixos/configuration.nix</literal>,
|
||||||
and run
|
and run
|
||||||
<screen>
|
<screen>
|
||||||
|
@ -87,8 +86,7 @@ Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
|
||||||
<xref linkend="opt-services.httpd.enable"/> = true;
|
<xref linkend="opt-services.httpd.enable"/> = true;
|
||||||
<xref linkend="opt-services.httpd.adminAddr"/> = "foo@example.org";
|
<xref linkend="opt-services.httpd.adminAddr"/> = "foo@example.org";
|
||||||
<xref linkend="opt-networking.firewall.allowedTCPPorts"/> = [ 80 ];
|
<xref linkend="opt-networking.firewall.allowedTCPPorts"/> = [ 80 ];
|
||||||
'
|
'
|
||||||
|
|
||||||
# curl http://$(nixos-container show-ip foo)/
|
# curl http://$(nixos-container show-ip foo)/
|
||||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">…
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">…
|
||||||
</screen>
|
</screen>
|
||||||
|
@ -97,11 +95,13 @@ Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Alternatively, you can change the configuration from within the container
|
Note that in previous versions of NixOS (17.09 and earlier) one could also
|
||||||
itself by running <command>nixos-rebuild switch</command> inside the
|
use all nix-related commands (like <command>nixos-rebuild switch</command>)
|
||||||
container. Note that the container by default does not have a copy of the
|
from inside the container. However, since the release of Nix 2.0 this is not
|
||||||
NixOS channel, so you should run <command>nix-channel --update</command>
|
supported anymore. Supporting Nix commands inside the container might be
|
||||||
first.
|
possible again in future versions. See
|
||||||
|
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/40355">the github
|
||||||
|
issue</link> for tracking progress on this issue.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
|
|
|
@ -84,18 +84,17 @@ nixpkgs.config.packageOverrides = pkgs:
|
||||||
allowImportFromDerivation = true;
|
allowImportFromDerivation = true;
|
||||||
};
|
};
|
||||||
]]></screen>
|
]]></screen>
|
||||||
|
You can edit the config with this snippet (by default <command>make
|
||||||
You can edit the config with this snippet (by default <command>make menuconfig</command> won't work
|
menuconfig</command> won't work out of the box on nixos):
|
||||||
out of the box on nixos):
|
<screen><![CDATA[
|
||||||
<screen><![CDATA[
|
|
||||||
nix-shell -E 'with import <nixpkgs> {}; kernelToOverride.overrideAttrs (o: {nativeBuildInputs=o.nativeBuildInputs ++ [ pkgconfig ncurses ];})'
|
nix-shell -E 'with import <nixpkgs> {}; kernelToOverride.overrideAttrs (o: {nativeBuildInputs=o.nativeBuildInputs ++ [ pkgconfig ncurses ];})'
|
||||||
]]></screen>
|
]]></screen>
|
||||||
|
or you can let nixpkgs generate the configuration. Nixpkgs generates it via
|
||||||
|
answering the interactive kernel utility <command>make config</command>. The
|
||||||
or you can let nixpkgs generate the configuration.
|
answers depend on parameters passed to
|
||||||
Nixpkgs generates it via answering the interactive kernel utility <command>make config</command>.
|
<filename>pkgs/os-specific/linux/kernel/generic.nix</filename> (which you
|
||||||
The answers depend on parameters passed to <filename>pkgs/os-specific/linux/kernel/generic.nix</filename>
|
can influence by overriding <literal>extraConfig, autoModules,
|
||||||
(which you can influence by overriding <literal>extraConfig, autoModules, modDirVersion, preferBuiltin, extraConfig</literal>).
|
modDirVersion, preferBuiltin, extraConfig</literal>).
|
||||||
<screen><![CDATA[
|
<screen><![CDATA[
|
||||||
|
|
||||||
mptcp93.override ({
|
mptcp93.override ({
|
||||||
|
|
|
@ -0,0 +1,37 @@
|
||||||
|
<section xmlns="http://docbook.org/ns/docbook"
|
||||||
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||||
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
|
version="5.0"
|
||||||
|
xml:id="sec-debugging-nixos-tests">
|
||||||
|
<title>Debugging NixOS tests</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Tests may fail and infrastructure offers access to inspect machine state.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
To prevent test from stopping and cleaning up, insert a sleep command:
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<programlisting>
|
||||||
|
$machine->succeed("sleep 84000");
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
As soon as machine starts run as root:
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<programlisting>
|
||||||
|
nix-shell -p socat --run "socat STDIO,raw,echo=0,escape=0x11 UNIX:/tmp/nix-build-vm-test-run-*.drv-0/vm-state-machine/backdoor"
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
You may need to find the correct path, replacing <literal>/tmp</literal>,
|
||||||
|
<literal>*</literal> or <literal>machine</literal>.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Press "enter" to open up console and login as "root". After you're done,
|
||||||
|
press "ctrl-q" to exit the console.
|
||||||
|
</para>
|
||||||
|
</section>
|
|
@ -16,4 +16,5 @@ xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/tests">nixos/test
|
||||||
<xi:include href="writing-nixos-tests.xml" />
|
<xi:include href="writing-nixos-tests.xml" />
|
||||||
<xi:include href="running-nixos-tests.xml" />
|
<xi:include href="running-nixos-tests.xml" />
|
||||||
<xi:include href="running-nixos-tests-interactively.xml" />
|
<xi:include href="running-nixos-tests-interactively.xml" />
|
||||||
|
<xi:include href="debugging-nixos-tests.xml" />
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -5,28 +5,29 @@
|
||||||
xml:id="sec-installing-behind-proxy">
|
xml:id="sec-installing-behind-proxy">
|
||||||
<title>Installing behind a proxy</title>
|
<title>Installing behind a proxy</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
To install NixOS behind a proxy, do the following before running
|
To install NixOS behind a proxy, do the following before running
|
||||||
<literal>nixos-install</literal>.
|
<literal>nixos-install</literal>.
|
||||||
</para>
|
</para>
|
||||||
<orderedlist numeration="arabic">
|
|
||||||
|
<orderedlist numeration="arabic">
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Update proxy configuration in
|
Update proxy configuration in
|
||||||
<literal>/mnt/etc/nixos/configuration.nix</literal> to keep the
|
<literal>/mnt/etc/nixos/configuration.nix</literal> to keep the internet
|
||||||
internet accessible after reboot.
|
accessible after reboot.
|
||||||
</para>
|
</para>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
networking.proxy.default = "http://user:password@proxy:port/";
|
networking.proxy.default = "http://user:password@proxy:port/";
|
||||||
networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Setup the proxy environment variables in the shell where you are
|
Setup the proxy environment variables in the shell where you are running
|
||||||
running <literal>nixos-install</literal>.
|
<literal>nixos-install</literal>.
|
||||||
</para>
|
</para>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
# proxy_url="http://user:password@proxy:port/"
|
# proxy_url="http://user:password@proxy:port/"
|
||||||
# export http_proxy="$proxy_url"
|
# export http_proxy="$proxy_url"
|
||||||
# export HTTP_PROXY="$proxy_url"
|
# export HTTP_PROXY="$proxy_url"
|
||||||
|
@ -34,14 +35,14 @@ networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||||
# export HTTPS_PROXY="$proxy_url"
|
# export HTTPS_PROXY="$proxy_url"
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
</orderedlist>
|
</orderedlist>
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para>
|
<para>
|
||||||
If you are switching networks with different proxy configurations, use the
|
If you are switching networks with different proxy configurations, use the
|
||||||
<literal>nesting.clone</literal> option in
|
<literal>nesting.clone</literal> option in
|
||||||
<literal>configuration.nix</literal> to switch proxies at runtime.
|
<literal>configuration.nix</literal> to switch proxies at runtime. Refer to
|
||||||
Refer to <xref linkend="ch-options" /> for more information.
|
<xref linkend="ch-options" /> for more information.
|
||||||
</para>
|
</para>
|
||||||
</note>
|
</note>
|
||||||
</section>
|
</section>
|
||||||
|
|
|
@ -327,8 +327,8 @@ Retype new UNIX password: ***
|
||||||
<note>
|
<note>
|
||||||
<para>
|
<para>
|
||||||
For unattended installations, it is possible to use
|
For unattended installations, it is possible to use
|
||||||
<command>nixos-install --no-root-passwd</command>
|
<command>nixos-install --no-root-passwd</command> in order to disable the
|
||||||
in order to disable the password prompt entirely.
|
password prompt entirely.
|
||||||
</para>
|
</para>
|
||||||
</note>
|
</note>
|
||||||
</para>
|
</para>
|
||||||
|
|
|
@ -17,8 +17,8 @@
|
||||||
<para>
|
<para>
|
||||||
If you encounter problems, please report them on the
|
If you encounter problems, please report them on the
|
||||||
<literal
|
<literal
|
||||||
xlink:href="https://discourse.nixos.org">Discourse</literal>
|
xlink:href="https://discourse.nixos.org">Discourse</literal> or
|
||||||
or on the <link
|
on the <link
|
||||||
xlink:href="irc://irc.freenode.net/#nixos">
|
xlink:href="irc://irc.freenode.net/#nixos">
|
||||||
<literal>#nixos</literal> channel on Freenode</link>. Bugs should be
|
<literal>#nixos</literal> channel on Freenode</link>. Bugs should be
|
||||||
reported in
|
reported in
|
||||||
|
|
|
@ -435,11 +435,11 @@ system.autoUpgrade.enable = true;
|
||||||
<programlisting>
|
<programlisting>
|
||||||
system.stateVersion = "14.12";
|
system.stateVersion = "14.12";
|
||||||
</programlisting>
|
</programlisting>
|
||||||
The new option <option>system.stateVersion</option> ensures that
|
The new option <option>system.stateVersion</option> ensures that certain
|
||||||
certain configuration changes that could break existing systems (such as
|
configuration changes that could break existing systems (such as the
|
||||||
the <command>sshd</command> host key setting) will maintain compatibility
|
<command>sshd</command> host key setting) will maintain compatibility with
|
||||||
with the specified NixOS release. NixOps sets the state version of
|
the specified NixOS release. NixOps sets the state version of existing
|
||||||
existing deployments automatically.
|
deployments automatically.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
|
|
@ -36,7 +36,8 @@ programs.firejail = {
|
||||||
};
|
};
|
||||||
</programlisting>
|
</programlisting>
|
||||||
<para>
|
<para>
|
||||||
This will place <literal>firefox</literal> and <literal>mpv</literal> binaries in the global path wrapped by firejail.
|
This will place <literal>firefox</literal> and <literal>mpv</literal>
|
||||||
|
binaries in the global path wrapped by firejail.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -75,16 +76,20 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The <varname>services.cassandra</varname> module has been reworked and
|
The <varname>services.cassandra</varname> module has been reworked and was
|
||||||
was rewritten from scratch. The service has succeeding tests for
|
rewritten from scratch. The service has succeeding tests for the versions
|
||||||
the versions 2.1, 2.2, 3.0 and 3.11 of <link
|
2.1, 2.2, 3.0 and 3.11 of
|
||||||
xlink:href="https://cassandra.apache.org/">Apache Cassandra</link>.
|
<link
|
||||||
|
xlink:href="https://cassandra.apache.org/">Apache
|
||||||
|
Cassandra</link>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
There is a new <varname>services.foundationdb</varname> module for deploying
|
There is a new <varname>services.foundationdb</varname> module for
|
||||||
<link xlink:href="https://www.foundationdb.org">FoundationDB</link> clusters.
|
deploying
|
||||||
|
<link xlink:href="https://www.foundationdb.org">FoundationDB</link>
|
||||||
|
clusters.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -97,18 +102,20 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<varname>services.strongswan-swanctl</varname>
|
<varname>services.strongswan-swanctl</varname> is a modern replacement for
|
||||||
is a modern replacement for <varname>services.strongswan</varname>.
|
<varname>services.strongswan</varname>. You can use either one of them to
|
||||||
You can use either one of them to setup IPsec VPNs but not both at the same time.
|
setup IPsec VPNs but not both at the same time.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
<varname>services.strongswan-swanctl</varname> uses the
|
<varname>services.strongswan-swanctl</varname> uses the
|
||||||
<link xlink:href="https://wiki.strongswan.org/projects/strongswan/wiki/swanctl">swanctl</link>
|
<link xlink:href="https://wiki.strongswan.org/projects/strongswan/wiki/swanctl">swanctl</link>
|
||||||
command which uses the modern
|
command which uses the modern
|
||||||
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md">vici</link>
|
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md">vici</link>
|
||||||
<emphasis>Versatile IKE Configuration Interface</emphasis>.
|
<emphasis>Versatile IKE Configuration Interface</emphasis>. The deprecated
|
||||||
The deprecated <literal>ipsec</literal> command used in <varname>services.strongswan</varname> is using the legacy
|
<literal>ipsec</literal> command used in
|
||||||
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/README_LEGACY.md">stroke configuration interface</link>.
|
<varname>services.strongswan</varname> is using the legacy
|
||||||
|
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/README_LEGACY.md">stroke
|
||||||
|
configuration interface</link>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -135,8 +142,8 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The deprecated <varname>services.cassandra</varname> module has
|
The deprecated <varname>services.cassandra</varname> module has seen a
|
||||||
seen a complete rewrite. (See above.)
|
complete rewrite. (See above.)
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -186,41 +193,44 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<varname>services.munge</varname> now runs as user (and group) <literal>munge</literal> instead of root.
|
<varname>services.munge</varname> now runs as user (and group)
|
||||||
Make sure the key file is accessible to the daemon.
|
<literal>munge</literal> instead of root. Make sure the key file is
|
||||||
|
accessible to the daemon.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<varname>dockerTools.buildImage</varname> now uses <literal>null</literal> as default value for <varname>tag</varname>,
|
<varname>dockerTools.buildImage</varname> now uses <literal>null</literal>
|
||||||
which indicates that the nix output hash will be used as tag.
|
as default value for <varname>tag</varname>, which indicates that the nix
|
||||||
|
output hash will be used as tag.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The ELK stack: <varname>elasticsearch</varname>, <varname>logstash</varname> and <varname>kibana</varname>
|
The ELK stack: <varname>elasticsearch</varname>,
|
||||||
has been upgraded from 2.* to 6.3.*.
|
<varname>logstash</varname> and <varname>kibana</varname> has been
|
||||||
The 2.* versions have been <link xlink:href="https://www.elastic.co/support/eol">unsupported since last year</link>
|
upgraded from 2.* to 6.3.*. The 2.* versions have been
|
||||||
so they have been removed. You can still use the 5.* versions under the names
|
<link xlink:href="https://www.elastic.co/support/eol">unsupported since
|
||||||
<varname>elasticsearch5</varname>, <varname>logstash5</varname> and
|
last year</link> so they have been removed. You can still use the 5.*
|
||||||
<varname>kibana5</varname>.
|
versions under the names <varname>elasticsearch5</varname>,
|
||||||
|
<varname>logstash5</varname> and <varname>kibana5</varname>.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
The elastic beats:
|
The elastic beats: <varname>filebeat</varname>,
|
||||||
<varname>filebeat</varname>, <varname>heartbeat</varname>,
|
<varname>heartbeat</varname>, <varname>metricbeat</varname> and
|
||||||
<varname>metricbeat</varname> and <varname>packetbeat</varname>
|
<varname>packetbeat</varname> have had the same treatment: they now target
|
||||||
have had the same treatment: they now target 6.3.* as well.
|
6.3.* as well. The 5.* versions are available under the names:
|
||||||
The 5.* versions are available under the names:
|
|
||||||
<varname>filebeat5</varname>, <varname>heartbeat5</varname>,
|
<varname>filebeat5</varname>, <varname>heartbeat5</varname>,
|
||||||
<varname>metricbeat5</varname> and <varname>packetbeat5</varname>
|
<varname>metricbeat5</varname> and <varname>packetbeat5</varname>
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
The ELK-6.3 stack now comes with
|
The ELK-6.3 stack now comes with
|
||||||
<link xlink:href="https://www.elastic.co/products/x-pack/open">X-Pack by default</link>.
|
<link xlink:href="https://www.elastic.co/products/x-pack/open">X-Pack by
|
||||||
Since X-Pack is licensed under the
|
default</link>. Since X-Pack is licensed under the
|
||||||
<link xlink:href="https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE.txt">Elastic License</link>
|
<link xlink:href="https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE.txt">Elastic
|
||||||
the ELK packages now have an unfree license. To use them you need to specify
|
License</link> the ELK packages now have an unfree license. To use them
|
||||||
<literal>allowUnfree = true;</literal> in your nixpkgs configuration.
|
you need to specify <literal>allowUnfree = true;</literal> in your nixpkgs
|
||||||
|
configuration.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Fortunately there is also a free variant of the ELK stack without X-Pack.
|
Fortunately there is also a free variant of the ELK stack without X-Pack.
|
||||||
|
@ -234,17 +244,20 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
||||||
Options
|
Options
|
||||||
<literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.ramfsMountPoint</literal>
|
<literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.ramfsMountPoint</literal>
|
||||||
<literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.storage.mountPoint</literal>
|
<literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.storage.mountPoint</literal>
|
||||||
were removed. <literal>luksroot.nix</literal> module never supported more than one YubiKey at
|
were removed. <literal>luksroot.nix</literal> module never supported more
|
||||||
a time anyway, hence those options never had any effect. You should be able to remove them
|
than one YubiKey at a time anyway, hence those options never had any
|
||||||
from your config without any issues.
|
effect. You should be able to remove them from your config without any
|
||||||
|
issues.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>stdenv.system</literal> and <literal>system</literal> in nixpkgs now refer to the host platform instead of the build platform.
|
<literal>stdenv.system</literal> and <literal>system</literal> in nixpkgs
|
||||||
For native builds this is not change, let alone a breaking one.
|
now refer to the host platform instead of the build platform. For native
|
||||||
For cross builds, it is a breaking change, and <literal>stdenv.buildPlatform.system</literal> can be used instead for the old behavior.
|
builds this is not change, let alone a breaking one. For cross builds, it
|
||||||
They should be using that anyways for clarity.
|
is a breaking change, and <literal>stdenv.buildPlatform.system</literal>
|
||||||
|
can be used instead for the old behavior. They should be using that
|
||||||
|
anyways for clarity.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
@ -298,26 +311,33 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The <literal>pkgs</literal> argument to NixOS modules can now be set directly using <literal>nixpkgs.pkgs</literal>. Previously, only the <literal>system</literal>, <literal>config</literal> and <literal>overlays</literal> arguments could be used to influence <literal>pkgs</literal>.
|
The <literal>pkgs</literal> argument to NixOS modules can now be set
|
||||||
|
directly using <literal>nixpkgs.pkgs</literal>. Previously, only the
|
||||||
|
<literal>system</literal>, <literal>config</literal> and
|
||||||
|
<literal>overlays</literal> arguments could be used to influence
|
||||||
|
<literal>pkgs</literal>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
A NixOS system can now be constructed more easily based on a preexisting invocation of Nixpkgs. For example:
|
A NixOS system can now be constructed more easily based on a preexisting
|
||||||
<programlisting>
|
invocation of Nixpkgs. For example:
|
||||||
|
<programlisting>
|
||||||
inherit (pkgs.nixos {
|
inherit (pkgs.nixos {
|
||||||
boot.loader.grub.enable = false;
|
boot.loader.grub.enable = false;
|
||||||
fileSystems."/".device = "/dev/xvda1";
|
fileSystems."/".device = "/dev/xvda1";
|
||||||
}) toplevel kernel initialRamdisk manual;
|
}) toplevel kernel initialRamdisk manual;
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
This benefits evaluation performance, lets you write Nixpkgs packages that
|
||||||
This benefits evaluation performance, lets you write Nixpkgs packages that depend on NixOS images and is consistent with a deployment architecture that would be centered around Nixpkgs overlays.
|
depend on NixOS images and is consistent with a deployment architecture
|
||||||
|
that would be centered around Nixpkgs overlays.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>lib.traceValIfNot</literal> has been deprecated. Use
|
<literal>lib.traceValIfNot</literal> has been deprecated. Use
|
||||||
<literal>if/then/else</literal> and <literal>lib.traceValSeq</literal> instead.
|
<literal>if/then/else</literal> and <literal>lib.traceValSeq</literal>
|
||||||
|
instead.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -336,9 +356,9 @@ inherit (pkgs.nixos {
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>lib.recursiveUpdateUntil</literal> was not acting according to its
|
<literal>lib.recursiveUpdateUntil</literal> was not acting according to
|
||||||
specification. It has been fixed to act according to the docstring, and a
|
its specification. It has been fixed to act according to the docstring,
|
||||||
test has been added.
|
and a test has been added.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -409,10 +429,10 @@ inherit (pkgs.nixos {
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The Kubernetes package has been bumped to major version 1.11.
|
The Kubernetes package has been bumped to major version 1.11. Please
|
||||||
Please consult the
|
consult the
|
||||||
<link xlink:href="https://github.com/kubernetes/kubernetes/blob/release-1.11/CHANGELOG-1.11.md">release notes</link>
|
<link xlink:href="https://github.com/kubernetes/kubernetes/blob/release-1.11/CHANGELOG-1.11.md">release
|
||||||
for details on new features and api changes.
|
notes</link> for details on new features and api changes.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -432,8 +452,8 @@ inherit (pkgs.nixos {
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The option <varname>services.kubernetes.apiserver.address</varname>
|
The option <varname>services.kubernetes.apiserver.address</varname> was
|
||||||
was renamed to <varname>services.kubernetes.apiserver.bindAddress</varname>.
|
renamed to <varname>services.kubernetes.apiserver.bindAddress</varname>.
|
||||||
Note that the default value has changed from 127.0.0.1 to 0.0.0.0.
|
Note that the default value has changed from 127.0.0.1 to 0.0.0.0.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
@ -445,45 +465,51 @@ inherit (pkgs.nixos {
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The option <varname>services.kubernetes.addons.dashboard.enableRBAC</varname>
|
The option
|
||||||
was renamed to <varname>services.kubernetes.addons.dashboard.rbac.enable</varname>.
|
<varname>services.kubernetes.addons.dashboard.enableRBAC</varname> was
|
||||||
|
renamed to
|
||||||
|
<varname>services.kubernetes.addons.dashboard.rbac.enable</varname>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The Kubernetes Dashboard now has only minimal RBAC permissions by default.
|
The Kubernetes Dashboard now has only minimal RBAC permissions by default.
|
||||||
If dashboard cluster-admin rights are desired,
|
If dashboard cluster-admin rights are desired, set
|
||||||
set <varname>services.kubernetes.addons.dashboard.rbac.clusterAdmin</varname> to true.
|
<varname>services.kubernetes.addons.dashboard.rbac.clusterAdmin</varname>
|
||||||
On existing clusters, in order for the revocation of privileges to take effect,
|
to true. On existing clusters, in order for the revocation of privileges
|
||||||
the current ClusterRoleBinding for kubernetes-dashboard must be manually removed:
|
to take effect, the current ClusterRoleBinding for kubernetes-dashboard
|
||||||
<literal>kubectl delete clusterrolebinding kubernetes-dashboard</literal>
|
must be manually removed: <literal>kubectl delete clusterrolebinding
|
||||||
|
kubernetes-dashboard</literal>
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The <varname>programs.screen</varname> module provides allows to configure
|
The <varname>programs.screen</varname> module provides allows to configure
|
||||||
<literal>/etc/screenrc</literal>, however the module behaved fairly counterintuitive as
|
<literal>/etc/screenrc</literal>, however the module behaved fairly
|
||||||
the config exists, but the package wasn't available. Since 18.09 <literal>pkgs.screen</literal>
|
counterintuitive as the config exists, but the package wasn't available.
|
||||||
will be added to <literal>environment.systemPackages</literal>.
|
Since 18.09 <literal>pkgs.screen</literal> will be added to
|
||||||
|
<literal>environment.systemPackages</literal>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The module <option>services.networking.hostapd</option> now uses WPA2 by default.
|
The module <option>services.networking.hostapd</option> now uses WPA2 by
|
||||||
|
default.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<varname>s6Dns</varname>, <varname>s6Networking</varname>,
|
<varname>s6Dns</varname>, <varname>s6Networking</varname>,
|
||||||
<varname>s6LinuxUtils</varname> and <varname>s6PortableUtils</varname>
|
<varname>s6LinuxUtils</varname> and <varname>s6PortableUtils</varname>
|
||||||
renamed to
|
renamed to <varname>s6-dns</varname>, <varname>s6-networking</varname>,
|
||||||
<varname>s6-dns</varname>, <varname>s6-networking</varname>,
|
<varname>s6-linux-utils</varname> and <varname>s6-portable-utils</varname>
|
||||||
<varname>s6-linux-utils</varname> and <varname>s6-portable-utils</varname> respectively.
|
respectively.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The module option <option>nix.useSandbox</option> is now defaulted to <literal>true</literal>.
|
The module option <option>nix.useSandbox</option> is now defaulted to
|
||||||
|
<literal>true</literal>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -495,24 +521,28 @@ inherit (pkgs.nixos {
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The default display manager is now LightDM.
|
The default display manager is now LightDM. To use SLiM set
|
||||||
To use SLiM set <literal>services.xserver.displayManager.slim.enable</literal>
|
<literal>services.xserver.displayManager.slim.enable</literal> to
|
||||||
to <literal>true</literal>.
|
<literal>true</literal>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
NixOS option descriptions are now automatically broken up into individual
|
NixOS option descriptions are now automatically broken up into individual
|
||||||
paragraphs if the text contains two consecutive newlines, so it's no
|
paragraphs if the text contains two consecutive newlines, so it's no
|
||||||
longer necessary to use <code></para><para></code> to start
|
longer necessary to use <code></para><para></code> to start a
|
||||||
a new paragraph.
|
new paragraph.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Top-level <literal>buildPlatform</literal>, <literal>hostPlatform</literal>, and <literal>targetPlatform</literal> in Nixpkgs are deprecated.
|
Top-level <literal>buildPlatform</literal>,
|
||||||
Please use their equivalents in <literal>stdenv</literal> instead:
|
<literal>hostPlatform</literal>, and <literal>targetPlatform</literal> in
|
||||||
<literal>stdenv.buildPlatform</literal>, <literal>stdenv.hostPlatform</literal>, and <literal>stdenv.targetPlatform</literal>.
|
Nixpkgs are deprecated. Please use their equivalents in
|
||||||
|
<literal>stdenv</literal> instead:
|
||||||
|
<literal>stdenv.buildPlatform</literal>,
|
||||||
|
<literal>stdenv.hostPlatform</literal>, and
|
||||||
|
<literal>stdenv.targetPlatform</literal>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
|
@ -101,7 +101,8 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Package <varname>rabbitmq_server</varname> is renamed to <varname>rabbitmq-server</varname>.
|
Package <varname>rabbitmq_server</varname> is renamed to
|
||||||
|
<varname>rabbitmq-server</varname>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
|
@ -155,8 +155,10 @@ sub start {
|
||||||
$ENV{USE_TMPDIR} = 1;
|
$ENV{USE_TMPDIR} = 1;
|
||||||
$ENV{QEMU_OPTS} =
|
$ENV{QEMU_OPTS} =
|
||||||
($self->{allowReboot} ? "" : "-no-reboot ") .
|
($self->{allowReboot} ? "" : "-no-reboot ") .
|
||||||
"-monitor unix:./monitor -chardev socket,id=shell,path=./shell " .
|
"-monitor unix:./monitor " .
|
||||||
"-device virtio-serial -device virtconsole,chardev=shell " .
|
"-chardev socket,id=shell,path=./shell -device virtio-serial -device virtconsole,chardev=shell " .
|
||||||
|
# socket backdoor, see "Debugging NixOS tests" section in NixOS manual
|
||||||
|
"-chardev socket,id=backdoor,path=./backdoor,server,nowait -device virtio-serial -device virtconsole,chardev=backdoor " .
|
||||||
"-device virtio-rng-pci " .
|
"-device virtio-rng-pci " .
|
||||||
($showGraphics ? "-serial stdio" : "-nographic") . " " . ($ENV{QEMU_OPTS} || "");
|
($showGraphics ? "-serial stdio" : "-nographic") . " " . ($ENV{QEMU_OPTS} || "");
|
||||||
chdir $self->{stateDir} or die;
|
chdir $self->{stateDir} or die;
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
cfg = config.hardware.steam-hardware;
|
||||||
|
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options.hardware.steam-hardware = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.udev.packages = [
|
||||||
|
pkgs.steamPackages.steam
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -3,32 +3,50 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-services-input-methods">
|
xml:id="module-services-input-methods">
|
||||||
|
<title>Input Methods</title>
|
||||||
|
<para>
|
||||||
|
Input methods are an operating system component that allows any data, such as
|
||||||
|
keyboard strokes or mouse movements, to be received as input. In this way
|
||||||
|
users can enter characters and symbols not found on their input devices.
|
||||||
|
Using an input method is obligatory for any language that has more graphemes
|
||||||
|
than there are keys on the keyboard.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The following input methods are available in NixOS:
|
||||||
|
</para>
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
IBus: The intelligent input bus.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Fcitx: A customizable lightweight input method.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Nabi: A Korean input method based on XIM.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Uim: The universal input method, is a library with a XIM bridge.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
<section xml:id="module-services-input-methods-ibus">
|
||||||
|
<title>IBus</title>
|
||||||
|
|
||||||
<title>Input Methods</title>
|
<para>
|
||||||
|
IBus is an Intelligent Input Bus. It provides full featured and user
|
||||||
|
friendly input method user interface.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>Input methods are an operating system component that allows any data, such
|
<para>
|
||||||
as keyboard strokes or mouse movements, to be received as input. In this way
|
The following snippet can be used to configure IBus:
|
||||||
users can enter characters and symbols not found on their input devices. Using
|
</para>
|
||||||
an input method is obligatory for any language that has more graphemes than
|
|
||||||
there are keys on the keyboard.</para>
|
|
||||||
|
|
||||||
<para>The following input methods are available in NixOS:</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem><para>IBus: The intelligent input bus.</para></listitem>
|
|
||||||
<listitem><para>Fcitx: A customizable lightweight input
|
|
||||||
method.</para></listitem>
|
|
||||||
<listitem><para>Nabi: A Korean input method based on XIM.</para></listitem>
|
|
||||||
<listitem><para>Uim: The universal input method, is a library with a XIM
|
|
||||||
bridge.</para></listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<section xml:id="module-services-input-methods-ibus"><title>IBus</title>
|
|
||||||
|
|
||||||
<para>IBus is an Intelligent Input Bus. It provides full featured and user
|
|
||||||
friendly input method user interface.</para>
|
|
||||||
|
|
||||||
<para>The following snippet can be used to configure IBus:</para>
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
i18n.inputMethod = {
|
i18n.inputMethod = {
|
||||||
|
@ -37,57 +55,89 @@ i18n.inputMethod = {
|
||||||
};
|
};
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
<para><literal>i18n.inputMethod.ibus.engines</literal> is optional and can be
|
<para>
|
||||||
used to add extra IBus engines.</para>
|
<literal>i18n.inputMethod.ibus.engines</literal> is optional and can be used
|
||||||
|
to add extra IBus engines.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>Available extra IBus engines are:</para>
|
<para>
|
||||||
|
Available extra IBus engines are:
|
||||||
|
</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem><para>Anthy (<literal>ibus-engines.anthy</literal>): Anthy is a
|
<listitem>
|
||||||
system for Japanese input method. It converts Hiragana text to Kana Kanji
|
<para>
|
||||||
mixed text.</para></listitem>
|
Anthy (<literal>ibus-engines.anthy</literal>): Anthy is a system for
|
||||||
<listitem><para>Hangul (<literal>ibus-engines.hangul</literal>): Korean input
|
Japanese input method. It converts Hiragana text to Kana Kanji mixed text.
|
||||||
method.</para></listitem>
|
</para>
|
||||||
<listitem><para>m17n (<literal>ibus-engines.m17n</literal>): m17n is an input
|
</listitem>
|
||||||
method that uses input methods and corresponding icons in the m17n
|
<listitem>
|
||||||
database.</para></listitem>
|
<para>
|
||||||
<listitem><para>mozc (<literal>ibus-engines.mozc</literal>): A Japanese input
|
Hangul (<literal>ibus-engines.hangul</literal>): Korean input method.
|
||||||
method from Google.</para></listitem>
|
</para>
|
||||||
<listitem><para>Table (<literal>ibus-engines.table</literal>): An input method
|
</listitem>
|
||||||
that load tables of input methods.</para></listitem>
|
<listitem>
|
||||||
<listitem><para>table-others (<literal>ibus-engines.table-others</literal>):
|
<para>
|
||||||
Various table-based input methods. To use this, and any other table-based
|
m17n (<literal>ibus-engines.m17n</literal>): m17n is an input method that
|
||||||
input methods, it must appear in the list of engines along with
|
uses input methods and corresponding icons in the m17n database.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
mozc (<literal>ibus-engines.mozc</literal>): A Japanese input method from
|
||||||
|
Google.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Table (<literal>ibus-engines.table</literal>): An input method that load
|
||||||
|
tables of input methods.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
table-others (<literal>ibus-engines.table-others</literal>): Various
|
||||||
|
table-based input methods. To use this, and any other table-based input
|
||||||
|
methods, it must appear in the list of engines along with
|
||||||
<literal>table</literal>. For example:
|
<literal>table</literal>. For example:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
ibus.engines = with pkgs.ibus-engines; [ table table-others ];
|
ibus.engines = with pkgs.ibus-engines; [ table table-others ];
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para></listitem>
|
</para>
|
||||||
</itemizedlist>
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
<para>To use any input method, the package must be added in the configuration,
|
<para>
|
||||||
as shown above, and also (after running <literal>nixos-rebuild</literal>) the
|
To use any input method, the package must be added in the configuration, as
|
||||||
input method must be added from IBus' preference dialog.</para>
|
shown above, and also (after running <literal>nixos-rebuild</literal>) the
|
||||||
|
input method must be added from IBus' preference dialog.
|
||||||
|
</para>
|
||||||
|
|
||||||
<simplesect xml:id="module-services-input-methods-troubleshooting">
|
<simplesect xml:id="module-services-input-methods-troubleshooting">
|
||||||
<title>Troubleshooting</title>
|
<title>Troubleshooting</title>
|
||||||
<para>If IBus works in some applications but not others, a likely cause of
|
<para>
|
||||||
this is that IBus is depending on a different version of
|
If IBus works in some applications but not others, a likely cause of this
|
||||||
<literal>glib</literal> to what the applications are depending on. This can
|
is that IBus is depending on a different version of <literal>glib</literal>
|
||||||
be checked by running <literal>nix-store -q --requisites <path> | grep
|
to what the applications are depending on. This can be checked by running
|
||||||
glib</literal>, where <literal><path></literal> is the path of either
|
<literal>nix-store -q --requisites <path> | grep glib</literal>,
|
||||||
IBus or an application in the Nix store. The <literal>glib</literal>
|
where <literal><path></literal> is the path of either IBus or an
|
||||||
packages must match exactly. If they do not, uninstalling and reinstalling
|
application in the Nix store. The <literal>glib</literal> packages must
|
||||||
the application is a likely fix.</para>
|
match exactly. If they do not, uninstalling and reinstalling the
|
||||||
</simplesect>
|
application is a likely fix.
|
||||||
</section>
|
</para>
|
||||||
|
</simplesect>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-input-methods-fcitx">
|
||||||
|
<title>Fcitx</title>
|
||||||
|
|
||||||
<section xml:id="module-services-input-methods-fcitx"><title>Fcitx</title>
|
<para>
|
||||||
|
Fcitx is an input method framework with extension support. It has three
|
||||||
|
built-in Input Method Engine, Pinyin, QuWei and Table-based input methods.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>Fcitx is an input method framework with extension support. It has three
|
<para>
|
||||||
built-in Input Method Engine, Pinyin, QuWei and Table-based input
|
The following snippet can be used to configure Fcitx:
|
||||||
methods.</para>
|
</para>
|
||||||
<para>The following snippet can be used to configure Fcitx:</para>
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
i18n.inputMethod = {
|
i18n.inputMethod = {
|
||||||
|
@ -96,51 +146,89 @@ i18n.inputMethod = {
|
||||||
};
|
};
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
<para><literal>i18n.inputMethod.fcitx.engines</literal> is optional and can be
|
<para>
|
||||||
used to add extra Fcitx engines.</para>
|
<literal>i18n.inputMethod.fcitx.engines</literal> is optional and can be
|
||||||
|
used to add extra Fcitx engines.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>Available extra Fcitx engines are:</para>
|
<para>
|
||||||
|
Available extra Fcitx engines are:
|
||||||
|
</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem><para>Anthy (<literal>fcitx-engines.anthy</literal>): Anthy is a
|
<listitem>
|
||||||
system for Japanese input method. It converts Hiragana text to Kana Kanji
|
<para>
|
||||||
mixed text.</para></listitem>
|
Anthy (<literal>fcitx-engines.anthy</literal>): Anthy is a system for
|
||||||
<listitem><para>Chewing (<literal>fcitx-engines.chewing</literal>): Chewing is
|
Japanese input method. It converts Hiragana text to Kana Kanji mixed text.
|
||||||
an intelligent Zhuyin input method. It is one of the most popular input
|
</para>
|
||||||
methods among Traditional Chinese Unix users.</para></listitem>
|
</listitem>
|
||||||
<listitem><para>Hangul (<literal>fcitx-engines.hangul</literal>): Korean input
|
<listitem>
|
||||||
method.</para></listitem>
|
<para>
|
||||||
<listitem><para>Unikey (<literal>fcitx-engines.unikey</literal>): Vietnamese input
|
Chewing (<literal>fcitx-engines.chewing</literal>): Chewing is an
|
||||||
method.</para></listitem>
|
intelligent Zhuyin input method. It is one of the most popular input
|
||||||
<listitem><para>m17n (<literal>fcitx-engines.m17n</literal>): m17n is an input
|
methods among Traditional Chinese Unix users.
|
||||||
method that uses input methods and corresponding icons in the m17n
|
</para>
|
||||||
database.</para></listitem>
|
</listitem>
|
||||||
<listitem><para>mozc (<literal>fcitx-engines.mozc</literal>): A Japanese input
|
<listitem>
|
||||||
method from Google.</para></listitem>
|
<para>
|
||||||
<listitem><para>table-others (<literal>fcitx-engines.table-others</literal>):
|
Hangul (<literal>fcitx-engines.hangul</literal>): Korean input method.
|
||||||
Various table-based input methods.</para></listitem>
|
</para>
|
||||||
</itemizedlist>
|
</listitem>
|
||||||
</section>
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Unikey (<literal>fcitx-engines.unikey</literal>): Vietnamese input method.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
m17n (<literal>fcitx-engines.m17n</literal>): m17n is an input method that
|
||||||
|
uses input methods and corresponding icons in the m17n database.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
mozc (<literal>fcitx-engines.mozc</literal>): A Japanese input method from
|
||||||
|
Google.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
table-others (<literal>fcitx-engines.table-others</literal>): Various
|
||||||
|
table-based input methods.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-input-methods-nabi">
|
||||||
|
<title>Nabi</title>
|
||||||
|
|
||||||
<section xml:id="module-services-input-methods-nabi"><title>Nabi</title>
|
<para>
|
||||||
|
Nabi is an easy to use Korean X input method. It allows you to enter
|
||||||
<para>Nabi is an easy to use Korean X input method. It allows you to enter
|
|
||||||
phonetic Korean characters (hangul) and pictographic Korean characters
|
phonetic Korean characters (hangul) and pictographic Korean characters
|
||||||
(hanja).</para>
|
(hanja).
|
||||||
<para>The following snippet can be used to configure Nabi:</para>
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The following snippet can be used to configure Nabi:
|
||||||
|
</para>
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
i18n.inputMethod = {
|
i18n.inputMethod = {
|
||||||
<link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "nabi";
|
<link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "nabi";
|
||||||
};
|
};
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
<section xml:id="module-services-input-methods-uim">
|
||||||
|
<title>Uim</title>
|
||||||
|
|
||||||
<section xml:id="module-services-input-methods-uim"><title>Uim</title>
|
<para>
|
||||||
|
Uim (short for "universal input method") is a multilingual input method
|
||||||
|
framework. Applications can use it through so-called bridges.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>Uim (short for "universal input method") is a multilingual input method
|
<para>
|
||||||
framework. Applications can use it through so-called bridges.</para>
|
The following snippet can be used to configure uim:
|
||||||
<para>The following snippet can be used to configure uim:</para>
|
</para>
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
i18n.inputMethod = {
|
i18n.inputMethod = {
|
||||||
|
@ -148,8 +236,9 @@ i18n.inputMethod = {
|
||||||
};
|
};
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
<para>Note: The <xref linkend="opt-i18n.inputMethod.uim.toolbar"/> option can be
|
<para>
|
||||||
used to choose uim toolbar.</para>
|
Note: The <xref linkend="opt-i18n.inputMethod.uim.toolbar"/> option can be
|
||||||
|
used to choose uim toolbar.
|
||||||
</section>
|
</para>
|
||||||
|
</section>
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
x86_64-linux = "/nix/store/mxg4bbblxfns96yrz0nalxyiyjl7gj98-nix-2.1.2";
|
x86_64-linux = "/nix/store/cdcia67siabmj6li7vyffgv2cry86fq8-nix-2.1.3";
|
||||||
i686-linux = "/nix/store/bgjgmbwirx63mwwychpikd7yc4k4lbjv-nix-2.1.2";
|
i686-linux = "/nix/store/6q3xi6y5qnsv7d62b8n00hqfxi8rs2xs-nix-2.1.3";
|
||||||
aarch64-linux = "/nix/store/yi18azn4nwrcwvaiag04jnxc1qs38fy5-nix-2.1.2";
|
aarch64-linux = "/nix/store/2v93d0vimlm28jg0ms6v1i6lc0fq13pn-nix-2.1.3";
|
||||||
x86_64-darwin = "/nix/store/fpivmcck2qpw5plrp599iraw2x9jp18k-nix-2.1.2";
|
x86_64-darwin = "/nix/store/dkjlfkrknmxbjmpfk3dg4q3nmb7m3zvk-nix-2.1.3";
|
||||||
}
|
}
|
||||||
|
|
|
@ -289,7 +289,7 @@
|
||||||
stanchion = 262;
|
stanchion = 262;
|
||||||
riak-cs = 263;
|
riak-cs = 263;
|
||||||
infinoted = 264;
|
infinoted = 264;
|
||||||
# keystone = 265; # unused, removed 2017-12-13
|
sickbeard = 265;
|
||||||
# glance = 266; # unused, removed 2017-12-13
|
# glance = 266; # unused, removed 2017-12-13
|
||||||
couchpotato = 267;
|
couchpotato = 267;
|
||||||
gogs = 268;
|
gogs = 268;
|
||||||
|
@ -330,6 +330,7 @@
|
||||||
# render = 303; # unused
|
# render = 303; # unused
|
||||||
zeronet = 304;
|
zeronet = 304;
|
||||||
lirc = 305;
|
lirc = 305;
|
||||||
|
lidarr = 306;
|
||||||
|
|
||||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||||
|
|
||||||
|
@ -580,7 +581,7 @@
|
||||||
stanchion = 262;
|
stanchion = 262;
|
||||||
riak-cs = 263;
|
riak-cs = 263;
|
||||||
infinoted = 264;
|
infinoted = 264;
|
||||||
# keystone = 265; # unused, removed 2017-12-13
|
sickbeard = 265;
|
||||||
# glance = 266; # unused, removed 2017-12-13
|
# glance = 266; # unused, removed 2017-12-13
|
||||||
couchpotato = 267;
|
couchpotato = 267;
|
||||||
gogs = 268;
|
gogs = 268;
|
||||||
|
@ -620,6 +621,7 @@
|
||||||
render = 303; # default udev rules from systemd requires these
|
render = 303; # default udev rules from systemd requires these
|
||||||
zeronet = 304;
|
zeronet = 304;
|
||||||
lirc = 305;
|
lirc = 305;
|
||||||
|
lidarr = 306;
|
||||||
|
|
||||||
# When adding a gid, make sure it doesn't match an existing
|
# When adding a gid, make sure it doesn't match an existing
|
||||||
# uid. Users and groups with the same name should have equal
|
# uid. Users and groups with the same name should have equal
|
||||||
|
|
|
@ -46,6 +46,7 @@
|
||||||
./hardware/opengl.nix
|
./hardware/opengl.nix
|
||||||
./hardware/pcmcia.nix
|
./hardware/pcmcia.nix
|
||||||
./hardware/raid/hpsa.nix
|
./hardware/raid/hpsa.nix
|
||||||
|
./hardware/steam-hardware.nix
|
||||||
./hardware/usb-wwan.nix
|
./hardware/usb-wwan.nix
|
||||||
./hardware/onlykey.nix
|
./hardware/onlykey.nix
|
||||||
./hardware/video/amdgpu.nix
|
./hardware/video/amdgpu.nix
|
||||||
|
@ -365,6 +366,7 @@
|
||||||
./services/misc/jackett.nix
|
./services/misc/jackett.nix
|
||||||
./services/misc/logkeys.nix
|
./services/misc/logkeys.nix
|
||||||
./services/misc/leaps.nix
|
./services/misc/leaps.nix
|
||||||
|
./services/misc/lidarr.nix
|
||||||
./services/misc/mantisbt.nix
|
./services/misc/mantisbt.nix
|
||||||
./services/misc/mathics.nix
|
./services/misc/mathics.nix
|
||||||
./services/misc/matrix-synapse.nix
|
./services/misc/matrix-synapse.nix
|
||||||
|
@ -395,6 +397,7 @@
|
||||||
./services/misc/rogue.nix
|
./services/misc/rogue.nix
|
||||||
./services/misc/serviio.nix
|
./services/misc/serviio.nix
|
||||||
./services/misc/safeeyes.nix
|
./services/misc/safeeyes.nix
|
||||||
|
./services/misc/sickbeard.nix
|
||||||
./services/misc/siproxd.nix
|
./services/misc/siproxd.nix
|
||||||
./services/misc/snapper.nix
|
./services/misc/snapper.nix
|
||||||
./services/misc/sonarr.nix
|
./services/misc/sonarr.nix
|
||||||
|
|
|
@ -3,49 +3,42 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-programs-digitalbitbox">
|
xml:id="module-programs-digitalbitbox">
|
||||||
|
|
||||||
<title>Digital Bitbox</title>
|
<title>Digital Bitbox</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Digital Bitbox is a hardware wallet and second-factor authenticator.
|
Digital Bitbox is a hardware wallet and second-factor authenticator.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The <literal>digitalbitbox</literal> programs module may be
|
The <literal>digitalbitbox</literal> programs module may be installed by
|
||||||
installed by setting <literal>programs.digitalbitbox</literal>
|
setting <literal>programs.digitalbitbox</literal> to <literal>true</literal>
|
||||||
to <literal>true</literal> in a manner similar to
|
in a manner similar to
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<xref linkend="opt-programs.digitalbitbox.enable"/> = true;
|
<xref linkend="opt-programs.digitalbitbox.enable"/> = true;
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
and bundles the <literal>digitalbitbox</literal> package (see
|
||||||
and bundles the <literal>digitalbitbox</literal> package (see <xref
|
<xref
|
||||||
linkend="sec-digitalbitbox-package" />), which contains the
|
linkend="sec-digitalbitbox-package" />), which contains the
|
||||||
<literal>dbb-app</literal> and <literal>dbb-cli</literal> binaries,
|
<literal>dbb-app</literal> and <literal>dbb-cli</literal> binaries, along
|
||||||
along with the hardware module (see <xref
|
with the hardware module (see
|
||||||
|
<xref
|
||||||
linkend="sec-digitalbitbox-hardware-module" />) which sets up the
|
linkend="sec-digitalbitbox-hardware-module" />) which sets up the
|
||||||
necessary udev rules to access the device.
|
necessary udev rules to access the device.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Enabling the digitalbitbox module is pretty much the easiest way to
|
Enabling the digitalbitbox module is pretty much the easiest way to get a
|
||||||
get a Digital Bitbox device working on your system.
|
Digital Bitbox device working on your system.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
For more information, see
|
For more information, see
|
||||||
<link xlink:href="https://digitalbitbox.com/start_linux" />.
|
<link xlink:href="https://digitalbitbox.com/start_linux" />.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<section xml:id="sec-digitalbitbox-package">
|
<section xml:id="sec-digitalbitbox-package">
|
||||||
<title>Package</title>
|
<title>Package</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The binaries, <literal>dbb-app</literal> (a GUI tool) and
|
The binaries, <literal>dbb-app</literal> (a GUI tool) and
|
||||||
<literal>dbb-cli</literal> (a CLI tool), are available through the
|
<literal>dbb-cli</literal> (a CLI tool), are available through the
|
||||||
<literal>digitalbitbox</literal> package which could be installed
|
<literal>digitalbitbox</literal> package which could be installed as
|
||||||
as follows:
|
follows:
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<xref linkend="opt-environment.systemPackages"/> = [
|
<xref linkend="opt-environment.systemPackages"/> = [
|
||||||
pkgs.digitalbitbox
|
pkgs.digitalbitbox
|
||||||
|
@ -53,25 +46,21 @@
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
||||||
<section xml:id="sec-digitalbitbox-hardware-module">
|
<section xml:id="sec-digitalbitbox-hardware-module">
|
||||||
<title>Hardware</title>
|
<title>Hardware</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The digitalbitbox hardware package enables the udev rules for
|
The digitalbitbox hardware package enables the udev rules for Digital Bitbox
|
||||||
Digital Bitbox devices and may be installed as follows:
|
devices and may be installed as follows:
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<xref linkend="opt-hardware.digitalbitbox.enable"/> = true;
|
<xref linkend="opt-hardware.digitalbitbox.enable"/> = true;
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
In order to alter the udev rules, one may provide different values for
|
In order to alter the udev rules, one may provide different values for the
|
||||||
the <literal>udevRule51</literal> and <literal>udevRule52</literal>
|
<literal>udevRule51</literal> and <literal>udevRule52</literal> attributes
|
||||||
attributes by means of overriding as follows:
|
by means of overriding as follows:
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
programs.digitalbitbox = {
|
programs.digitalbitbox = {
|
||||||
<link linkend="opt-programs.digitalbitbox.enable">enable</link> = true;
|
<link linkend="opt-programs.digitalbitbox.enable">enable</link> = true;
|
||||||
|
|
|
@ -3,23 +3,28 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-program-plotinus">
|
xml:id="module-program-plotinus">
|
||||||
|
<title>Plotinus</title>
|
||||||
<title>Plotinus</title>
|
<para>
|
||||||
|
<emphasis>Source:</emphasis>
|
||||||
<para><emphasis>Source:</emphasis> <filename>modules/programs/plotinus.nix</filename></para>
|
<filename>modules/programs/plotinus.nix</filename>
|
||||||
|
</para>
|
||||||
<para><emphasis>Upstream documentation:</emphasis> <link xlink:href="https://github.com/p-e-w/plotinus"/></para>
|
<para>
|
||||||
|
<emphasis>Upstream documentation:</emphasis>
|
||||||
<para>Plotinus is a searchable command palette in every modern GTK+ application.</para>
|
<link xlink:href="https://github.com/p-e-w/plotinus"/>
|
||||||
|
</para>
|
||||||
<para>When in a GTK+3 application and Plotinus is enabled, you can press <literal>Ctrl+Shift+P</literal> to open the command palette. The command palette provides a searchable list of of all menu items in the application.</para>
|
<para>
|
||||||
|
Plotinus is a searchable command palette in every modern GTK+ application.
|
||||||
<para>To enable Plotinus, add the following to your <filename>configuration.nix</filename>:
|
</para>
|
||||||
|
<para>
|
||||||
|
When in a GTK+3 application and Plotinus is enabled, you can press
|
||||||
|
<literal>Ctrl+Shift+P</literal> to open the command palette. The command
|
||||||
|
palette provides a searchable list of of all menu items in the application.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
To enable Plotinus, add the following to your
|
||||||
|
<filename>configuration.nix</filename>:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<xref linkend="opt-programs.plotinus.enable"/> = true;
|
<xref linkend="opt-programs.plotinus.enable"/> = true;
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
</para>
|
||||||
</para>
|
|
||||||
|
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -3,18 +3,20 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-programs-zsh-ohmyzsh">
|
xml:id="module-programs-zsh-ohmyzsh">
|
||||||
|
<title>Oh my ZSH</title>
|
||||||
|
<para>
|
||||||
|
<literal><link xlink:href="https://ohmyz.sh/">oh-my-zsh</link></literal> is a
|
||||||
|
framework to manage your <link xlink:href="https://www.zsh.org/">ZSH</link>
|
||||||
|
configuration including completion scripts for several CLI tools or custom
|
||||||
|
prompt themes.
|
||||||
|
</para>
|
||||||
|
<section xml:id="module-programs-oh-my-zsh-usage">
|
||||||
|
<title>Basic usage</title>
|
||||||
|
|
||||||
<title>Oh my ZSH</title>
|
<para>
|
||||||
|
The module uses the <literal>oh-my-zsh</literal> package with all available
|
||||||
<para><literal><link xlink:href="https://ohmyz.sh/">oh-my-zsh</link></literal> is a framework
|
features. The initial setup using Nix expressions is fairly similar to the
|
||||||
to manage your <link xlink:href="https://www.zsh.org/">ZSH</link> configuration
|
configuration format of <literal>oh-my-zsh</literal>.
|
||||||
including completion scripts for several CLI tools or custom prompt themes.</para>
|
|
||||||
|
|
||||||
<section xml:id="module-programs-oh-my-zsh-usage"><title>Basic usage</title>
|
|
||||||
<para>The module uses the <literal>oh-my-zsh</literal> package with all available features. The
|
|
||||||
initial setup using Nix expressions is fairly similar to the configuration format
|
|
||||||
of <literal>oh-my-zsh</literal>.
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
{
|
{
|
||||||
programs.ohMyZsh = {
|
programs.ohMyZsh = {
|
||||||
|
@ -24,39 +26,50 @@ of <literal>oh-my-zsh</literal>.
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
For a detailed explanation of these arguments please refer to the
|
||||||
|
<link xlink:href="https://github.com/robbyrussell/oh-my-zsh/wiki"><literal>oh-my-zsh</literal>
|
||||||
|
docs</link>.
|
||||||
|
</para>
|
||||||
|
|
||||||
For a detailed explanation of these arguments please refer to the
|
<para>
|
||||||
<link xlink:href="https://github.com/robbyrussell/oh-my-zsh/wiki"><literal>oh-my-zsh</literal> docs</link>.
|
The expression generates the needed configuration and writes it into your
|
||||||
</para>
|
<literal>/etc/zshrc</literal>.
|
||||||
<para>The expression generates the needed
|
</para>
|
||||||
configuration and writes it into your <literal>/etc/zshrc</literal>.
|
</section>
|
||||||
</para></section>
|
<section xml:id="module-programs-oh-my-zsh-additions">
|
||||||
|
<title>Custom additions</title>
|
||||||
|
|
||||||
<section xml:id="module-programs-oh-my-zsh-additions"><title>Custom additions</title>
|
<para>
|
||||||
|
Sometimes third-party or custom scripts such as a modified theme may be
|
||||||
<para>Sometimes third-party or custom scripts such as a modified theme may be needed.
|
needed. <literal>oh-my-zsh</literal> provides the
|
||||||
<literal>oh-my-zsh</literal> provides the
|
<link xlink:href="https://github.com/robbyrussell/oh-my-zsh/wiki/Customization#overriding-internals"><literal>ZSH_CUSTOM</literal></link>
|
||||||
<link xlink:href="https://github.com/robbyrussell/oh-my-zsh/wiki/Customization#overriding-internals"><literal>ZSH_CUSTOM</literal></link>
|
environment variable for this which points to a directory with additional
|
||||||
environment variable for this which points to a directory with additional scripts.</para>
|
scripts.
|
||||||
|
</para>
|
||||||
<para>The module can do this as well:
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The module can do this as well:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
{
|
{
|
||||||
programs.ohMyZsh.custom = "~/path/to/custom/scripts";
|
programs.ohMyZsh.custom = "~/path/to/custom/scripts";
|
||||||
}
|
}
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para></section>
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-programs-oh-my-zsh-environments">
|
||||||
|
<title>Custom environments</title>
|
||||||
|
|
||||||
<section xml:id="module-programs-oh-my-zsh-environments"><title>Custom environments</title>
|
<para>
|
||||||
|
There are several extensions for <literal>oh-my-zsh</literal> packaged in
|
||||||
<para>There are several extensions for <literal>oh-my-zsh</literal> packaged in <literal>nixpkgs</literal>.
|
<literal>nixpkgs</literal>. One of them is
|
||||||
One of them is <link xlink:href="https://github.com/spwhitt/nix-zsh-completions">nix-zsh-completions</link>
|
<link xlink:href="https://github.com/spwhitt/nix-zsh-completions">nix-zsh-completions</link>
|
||||||
which bundles completion scripts and a plugin for <literal>oh-my-zsh</literal>.</para>
|
which bundles completion scripts and a plugin for
|
||||||
|
<literal>oh-my-zsh</literal>.
|
||||||
<para>Rather than using a single mutable path for <literal>ZSH_CUSTOM</literal>, it's also possible to
|
</para>
|
||||||
generate this path from a list of Nix packages:
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Rather than using a single mutable path for <literal>ZSH_CUSTOM</literal>,
|
||||||
|
it's also possible to generate this path from a list of Nix packages:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
|
@ -66,42 +79,59 @@ generate this path from a list of Nix packages:
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
Internally a single store path will be created using
|
||||||
|
<literal>buildEnv</literal>. Please refer to the docs of
|
||||||
|
<link xlink:href="https://nixos.org/nixpkgs/manual/#sec-building-environment"><literal>buildEnv</literal></link>
|
||||||
|
for further reference.
|
||||||
|
</para>
|
||||||
|
|
||||||
Internally a single store path will be created using <literal>buildEnv</literal>.
|
<para>
|
||||||
Please refer to the docs of
|
<emphasis>Please keep in mind that this is not compatible with
|
||||||
<link xlink:href="https://nixos.org/nixpkgs/manual/#sec-building-environment"><literal>buildEnv</literal></link>
|
<literal>programs.ohMyZsh.custom</literal> as it requires an immutable store
|
||||||
for further reference.</para>
|
path while <literal>custom</literal> shall remain mutable! An evaluation
|
||||||
|
failure will be thrown if both <literal>custom</literal> and
|
||||||
|
<literal>customPkgs</literal> are set.</emphasis>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-programs-oh-my-zsh-packaging-customizations">
|
||||||
|
<title>Package your own customizations</title>
|
||||||
|
|
||||||
<para><emphasis>Please keep in mind that this is not compatible with <literal>programs.ohMyZsh.custom</literal>
|
<para>
|
||||||
as it requires an immutable store path while <literal>custom</literal> shall remain mutable! An evaluation failure
|
If third-party customizations (e.g. new themes) are supposed to be added to
|
||||||
will be thrown if both <literal>custom</literal> and <literal>customPkgs</literal> are set.</emphasis>
|
<literal>oh-my-zsh</literal> there are several pitfalls to keep in mind:
|
||||||
</para></section>
|
</para>
|
||||||
|
|
||||||
<section xml:id="module-programs-oh-my-zsh-packaging-customizations"><title>Package your own customizations</title>
|
<itemizedlist>
|
||||||
|
|
||||||
<para>If third-party customizations (e.g. new themes) are supposed to be added to <literal>oh-my-zsh</literal>
|
|
||||||
there are several pitfalls to keep in mind:</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>To comply with the default structure of <literal>ZSH</literal> the entire output needs to be written to
|
<para>
|
||||||
<literal>$out/share/zsh.</literal></para>
|
To comply with the default structure of <literal>ZSH</literal> the entire
|
||||||
</listitem>
|
output needs to be written to <literal>$out/share/zsh.</literal>
|
||||||
<listitem>
|
|
||||||
<para>Completion scripts are supposed to be stored at <literal>$out/share/zsh/site-functions</literal>. This directory
|
|
||||||
is part of the <literal><link xlink:href="http://zsh.sourceforge.net/Doc/Release/Functions.html">fpath</link></literal>
|
|
||||||
and the package should be compatible with pure <literal>ZSH</literal> setups. The module will automatically link
|
|
||||||
the contents of <literal>site-functions</literal> to completions directory in the proper store path.</para>
|
|
||||||
</listitem>
|
|
||||||
<listitem>
|
|
||||||
<para>The <literal>plugins</literal> directory needs the structure <literal>pluginname/pluginname.plugin.zsh</literal>
|
|
||||||
as structured in the <link xlink:href="https://github.com/robbyrussell/oh-my-zsh/tree/91b771914bc7c43dd7c7a43b586c5de2c225ceb7/plugins">upstream repo.</link>
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Completion scripts are supposed to be stored at
|
||||||
|
<literal>$out/share/zsh/site-functions</literal>. This directory is part
|
||||||
|
of the
|
||||||
|
<literal><link xlink:href="http://zsh.sourceforge.net/Doc/Release/Functions.html">fpath</link></literal>
|
||||||
|
and the package should be compatible with pure <literal>ZSH</literal>
|
||||||
|
setups. The module will automatically link the contents of
|
||||||
|
<literal>site-functions</literal> to completions directory in the proper
|
||||||
|
store path.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>plugins</literal> directory needs the structure
|
||||||
|
<literal>pluginname/pluginname.plugin.zsh</literal> as structured in the
|
||||||
|
<link xlink:href="https://github.com/robbyrussell/oh-my-zsh/tree/91b771914bc7c43dd7c7a43b586c5de2c225ceb7/plugins">upstream
|
||||||
|
repo.</link>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
A derivation for <literal>oh-my-zsh</literal> may look like this:
|
A derivation for <literal>oh-my-zsh</literal> may look like this:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
{ stdenv, fetchFromGitHub }:
|
{ stdenv, fetchFromGitHub }:
|
||||||
|
|
||||||
|
@ -120,6 +150,6 @@ stdenv.mkDerivation rec {
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -11,7 +11,7 @@ let
|
||||||
cfg = config.programs.zsh;
|
cfg = config.programs.zsh;
|
||||||
|
|
||||||
zshAliases = concatStringsSep "\n" (
|
zshAliases = concatStringsSep "\n" (
|
||||||
mapAttrsFlatten (k: v: "alias ${k}='${v}'") cfg.shellAliases
|
mapAttrsFlatten (k: v: "alias ${k}=${escapeShellArg v}") cfg.shellAliases
|
||||||
);
|
);
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
|
@ -39,6 +39,7 @@ with lib;
|
||||||
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "address" ] ["services" "kubernetes" "apiserver" "bindAddress"])
|
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "address" ] ["services" "kubernetes" "apiserver" "bindAddress"])
|
||||||
(mkRemovedOptionModule [ "services" "kubernetes" "apiserver" "publicAddress" ] "")
|
(mkRemovedOptionModule [ "services" "kubernetes" "apiserver" "publicAddress" ] "")
|
||||||
(mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ])
|
(mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ])
|
||||||
|
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "cadvisorPort" ] "")
|
||||||
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
|
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
|
||||||
(mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ])
|
(mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ])
|
||||||
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ])
|
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ])
|
||||||
|
|
|
@ -3,23 +3,25 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-security-acme">
|
xml:id="module-security-acme">
|
||||||
|
<title>SSL/TLS Certificates with ACME</title>
|
||||||
|
<para>
|
||||||
|
NixOS supports automatic domain validation & certificate retrieval and
|
||||||
|
renewal using the ACME protocol. This is currently only implemented by and
|
||||||
|
for Let's Encrypt. The alternative ACME client <literal>simp_le</literal> is
|
||||||
|
used under the hood.
|
||||||
|
</para>
|
||||||
|
<section xml:id="module-security-acme-prerequisites">
|
||||||
|
<title>Prerequisites</title>
|
||||||
|
|
||||||
<title>SSL/TLS Certificates with ACME</title>
|
<para>
|
||||||
|
You need to have a running HTTP server for verification. The server must
|
||||||
<para>NixOS supports automatic domain validation & certificate
|
have a webroot defined that can serve
|
||||||
retrieval and renewal using the ACME protocol. This is currently only
|
<filename>.well-known/acme-challenge</filename>. This directory must be
|
||||||
implemented by and for Let's Encrypt. The alternative ACME client
|
writeable by the user that will run the ACME client.
|
||||||
<literal>simp_le</literal> is used under the hood.</para>
|
</para>
|
||||||
|
|
||||||
<section xml:id="module-security-acme-prerequisites"><title>Prerequisites</title>
|
|
||||||
|
|
||||||
<para>You need to have a running HTTP server for verification. The server must
|
|
||||||
have a webroot defined that can serve
|
|
||||||
<filename>.well-known/acme-challenge</filename>. This directory must be
|
|
||||||
writeable by the user that will run the ACME client.</para>
|
|
||||||
|
|
||||||
<para>For instance, this generic snippet could be used for Nginx:
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
For instance, this generic snippet could be used for Nginx:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
http {
|
http {
|
||||||
server {
|
server {
|
||||||
|
@ -37,43 +39,47 @@ http {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
</section>
|
||||||
</section>
|
<section xml:id="module-security-acme-configuring">
|
||||||
|
<title>Configuring</title>
|
||||||
<section xml:id="module-security-acme-configuring"><title>Configuring</title>
|
|
||||||
|
|
||||||
<para>To enable ACME certificate retrieval & renewal for a certificate for
|
|
||||||
<literal>foo.example.com</literal>, add the following in your
|
|
||||||
<filename>configuration.nix</filename>:
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
To enable ACME certificate retrieval & renewal for a certificate for
|
||||||
|
<literal>foo.example.com</literal>, add the following in your
|
||||||
|
<filename>configuration.nix</filename>:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<xref linkend="opt-security.acme.certs"/>."foo.example.com" = {
|
<xref linkend="opt-security.acme.certs"/>."foo.example.com" = {
|
||||||
<link linkend="opt-security.acme.certs._name_.webroot">webroot</link> = "/var/www/challenges";
|
<link linkend="opt-security.acme.certs._name_.webroot">webroot</link> = "/var/www/challenges";
|
||||||
<link linkend="opt-security.acme.certs._name_.email">email</link> = "foo@example.com";
|
<link linkend="opt-security.acme.certs._name_.email">email</link> = "foo@example.com";
|
||||||
};
|
};
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>The private key <filename>key.pem</filename> and certificate
|
<para>
|
||||||
<filename>fullchain.pem</filename> will be put into
|
The private key <filename>key.pem</filename> and certificate
|
||||||
<filename>/var/lib/acme/foo.example.com</filename>. The target directory can
|
<filename>fullchain.pem</filename> will be put into
|
||||||
be configured with the option <xref linkend="opt-security.acme.directory"/>.
|
<filename>/var/lib/acme/foo.example.com</filename>. The target directory can
|
||||||
</para>
|
be configured with the option <xref linkend="opt-security.acme.directory"/>.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>Refer to <xref linkend="ch-options" /> for all available configuration
|
<para>
|
||||||
options for the <link linkend="opt-security.acme.certs">security.acme</link> module.</para>
|
Refer to <xref linkend="ch-options" /> for all available configuration
|
||||||
|
options for the <link linkend="opt-security.acme.certs">security.acme</link>
|
||||||
|
module.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-security-acme-nginx">
|
||||||
|
<title>Using ACME certificates in Nginx</title>
|
||||||
|
|
||||||
</section>
|
<para>
|
||||||
|
NixOS supports fetching ACME certificates for you by setting
|
||||||
<section xml:id="module-security-acme-nginx"><title>Using ACME certificates in Nginx</title>
|
<literal><link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link>
|
||||||
<para>NixOS supports fetching ACME certificates for you by setting
|
= true;</literal> in a virtualHost config. We first create self-signed
|
||||||
<literal><link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;</literal> in a virtualHost config. We
|
placeholder certificates in place of the real ACME certs. The placeholder
|
||||||
first create self-signed placeholder certificates in place of the
|
certs are overwritten when the ACME certs arrive. For
|
||||||
real ACME certs. The placeholder certs are overwritten when the ACME
|
<literal>foo.example.com</literal> the config would look like.
|
||||||
certs arrive. For <literal>foo.example.com</literal> the config would
|
</para>
|
||||||
look like.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
@ -89,5 +95,5 @@ services.nginx = {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</section>
|
</section>
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -3,31 +3,26 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="sec-hidepid">
|
xml:id="sec-hidepid">
|
||||||
|
|
||||||
<title>Hiding process information</title>
|
<title>Hiding process information</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Setting
|
Setting
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<xref linkend="opt-security.hideProcessInformation"/> = true;
|
<xref linkend="opt-security.hideProcessInformation"/> = true;
|
||||||
</programlisting>
|
</programlisting>
|
||||||
ensures that access to process information is restricted to the
|
ensures that access to process information is restricted to the owning user.
|
||||||
owning user. This implies, among other things, that command-line
|
This implies, among other things, that command-line arguments remain private.
|
||||||
arguments remain private. Unless your deployment relies on unprivileged
|
Unless your deployment relies on unprivileged users being able to inspect the
|
||||||
users being able to inspect the process information of other users, this
|
process information of other users, this option should be safe to enable.
|
||||||
option should be safe to enable.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Members of the <literal>proc</literal> group are exempt from process
|
Members of the <literal>proc</literal> group are exempt from process
|
||||||
information hiding.
|
information hiding.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
To allow a service <replaceable>foo</replaceable> to run without process information hiding, set
|
To allow a service <replaceable>foo</replaceable> to run without process
|
||||||
|
information hiding, set
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.<replaceable>foo</replaceable>.serviceConfig</link>.SupplementaryGroups = [ "proc" ];
|
<link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.<replaceable>foo</replaceable>.serviceConfig</link>.SupplementaryGroups = [ "proc" ];
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -622,13 +622,6 @@ in {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: remove this deprecated flag
|
|
||||||
cadvisorPort = mkOption {
|
|
||||||
description = "Kubernetes kubelet local cadvisor port.";
|
|
||||||
default = 4194;
|
|
||||||
type = types.int;
|
|
||||||
};
|
|
||||||
|
|
||||||
clusterDns = mkOption {
|
clusterDns = mkOption {
|
||||||
description = "Use alternative DNS.";
|
description = "Use alternative DNS.";
|
||||||
default = "10.1.0.1";
|
default = "10.1.0.1";
|
||||||
|
@ -862,7 +855,6 @@ in {
|
||||||
--hostname-override=${cfg.kubelet.hostname} \
|
--hostname-override=${cfg.kubelet.hostname} \
|
||||||
--allow-privileged=${boolToString cfg.kubelet.allowPrivileged} \
|
--allow-privileged=${boolToString cfg.kubelet.allowPrivileged} \
|
||||||
--root-dir=${cfg.dataDir} \
|
--root-dir=${cfg.dataDir} \
|
||||||
--cadvisor_port=${toString cfg.kubelet.cadvisorPort} \
|
|
||||||
${optionalString (cfg.kubelet.clusterDns != "")
|
${optionalString (cfg.kubelet.clusterDns != "")
|
||||||
"--cluster-dns=${cfg.kubelet.clusterDns}"} \
|
"--cluster-dns=${cfg.kubelet.clusterDns}"} \
|
||||||
${optionalString (cfg.kubelet.clusterDomain != "")
|
${optionalString (cfg.kubelet.clusterDomain != "")
|
||||||
|
|
|
@ -3,42 +3,50 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-services-foundationdb">
|
xml:id="module-services-foundationdb">
|
||||||
|
<title>FoundationDB</title>
|
||||||
|
<para>
|
||||||
|
<emphasis>Source:</emphasis>
|
||||||
|
<filename>modules/services/databases/foundationdb.nix</filename>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<emphasis>Upstream documentation:</emphasis>
|
||||||
|
<link xlink:href="https://apple.github.io/foundationdb/"/>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<emphasis>Maintainer:</emphasis> Austin Seipp
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<emphasis>Available version(s):</emphasis> 5.1.x, 5.2.x, 6.0.x
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
FoundationDB (or "FDB") is an open source, distributed, transactional
|
||||||
|
key-value store.
|
||||||
|
</para>
|
||||||
|
<section xml:id="module-services-foundationdb-configuring">
|
||||||
|
<title>Configuring and basic setup</title>
|
||||||
|
|
||||||
<title>FoundationDB</title>
|
<para>
|
||||||
|
To enable FoundationDB, add the following to your
|
||||||
<para><emphasis>Source:</emphasis> <filename>modules/services/databases/foundationdb.nix</filename></para>
|
<filename>configuration.nix</filename>:
|
||||||
|
|
||||||
<para><emphasis>Upstream documentation:</emphasis> <link xlink:href="https://apple.github.io/foundationdb/"/></para>
|
|
||||||
|
|
||||||
<para><emphasis>Maintainer:</emphasis> Austin Seipp</para>
|
|
||||||
|
|
||||||
<para><emphasis>Available version(s):</emphasis> 5.1.x, 5.2.x, 6.0.x</para>
|
|
||||||
|
|
||||||
<para>FoundationDB (or "FDB") is an open source, distributed, transactional
|
|
||||||
key-value store.</para>
|
|
||||||
|
|
||||||
<section xml:id="module-services-foundationdb-configuring"><title>Configuring and basic setup</title>
|
|
||||||
|
|
||||||
<para>To enable FoundationDB, add the following to your
|
|
||||||
<filename>configuration.nix</filename>:
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
services.foundationdb.enable = true;
|
services.foundationdb.enable = true;
|
||||||
services.foundationdb.package = pkgs.foundationdb52; # FoundationDB 5.2.x
|
services.foundationdb.package = pkgs.foundationdb52; # FoundationDB 5.2.x
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>The <option>services.foundationdb.package</option> option is required,
|
<para>
|
||||||
and must always be specified. Due to the fact FoundationDB network protocols and
|
The <option>services.foundationdb.package</option> option is required, and
|
||||||
on-disk storage formats may change between (major) versions, and upgrades must
|
must always be specified. Due to the fact FoundationDB network protocols and
|
||||||
be explicitly handled by the user, you must always manually specify this
|
on-disk storage formats may change between (major) versions, and upgrades
|
||||||
yourself so that the NixOS module will use the proper version. Note that minor,
|
must be explicitly handled by the user, you must always manually specify
|
||||||
bugfix releases are always compatible.</para>
|
this yourself so that the NixOS module will use the proper version. Note
|
||||||
|
that minor, bugfix releases are always compatible.
|
||||||
<para>After running <command>nixos-rebuild</command>, you can verify whether
|
</para>
|
||||||
FoundationDB is running by executing <command>fdbcli</command> (which is added
|
|
||||||
to <option>environment.systemPackages</option>):
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
After running <command>nixos-rebuild</command>, you can verify whether
|
||||||
|
FoundationDB is running by executing <command>fdbcli</command> (which is
|
||||||
|
added to <option>environment.systemPackages</option>):
|
||||||
<programlisting>
|
<programlisting>
|
||||||
$ sudo -u foundationdb fdbcli
|
$ sudo -u foundationdb fdbcli
|
||||||
Using cluster file `/etc/foundationdb/fdb.cluster'.
|
Using cluster file `/etc/foundationdb/fdb.cluster'.
|
||||||
|
@ -66,14 +74,14 @@ Cluster:
|
||||||
|
|
||||||
fdb>
|
fdb>
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>You can also write programs using the available client libraries.
|
|
||||||
For example, the following Python program can be run in order to grab the
|
|
||||||
cluster status, as a quick example. (This example uses
|
|
||||||
<command>nix-shell</command> shebang support to automatically supply the
|
|
||||||
necessary Python modules).
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
You can also write programs using the available client libraries. For
|
||||||
|
example, the following Python program can be run in order to grab the
|
||||||
|
cluster status, as a quick example. (This example uses
|
||||||
|
<command>nix-shell</command> shebang support to automatically supply the
|
||||||
|
necessary Python modules).
|
||||||
<programlisting>
|
<programlisting>
|
||||||
a@link> cat fdb-status.py
|
a@link> cat fdb-status.py
|
||||||
#! /usr/bin/env nix-shell
|
#! /usr/bin/env nix-shell
|
||||||
|
@ -100,255 +108,336 @@ a@link> ./fdb-status.py
|
||||||
FoundationDB available: True
|
FoundationDB available: True
|
||||||
a@link>
|
a@link>
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>FoundationDB is run under the <command>foundationdb</command> user and
|
<para>
|
||||||
group by default, but this may be changed in the NixOS configuration. The
|
FoundationDB is run under the <command>foundationdb</command> user and group
|
||||||
systemd unit <command>foundationdb.service</command> controls the
|
by default, but this may be changed in the NixOS configuration. The systemd
|
||||||
<command>fdbmonitor</command> process.</para>
|
unit <command>foundationdb.service</command> controls the
|
||||||
|
<command>fdbmonitor</command> process.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>By default, the NixOS module for FoundationDB creates a single
|
<para>
|
||||||
SSD-storage based database for development and basic usage. This storage engine
|
By default, the NixOS module for FoundationDB creates a single SSD-storage
|
||||||
is designed for SSDs and will perform poorly on HDDs; however it can handle far
|
based database for development and basic usage. This storage engine is
|
||||||
more data than the alternative "memory" engine and is a better default choice
|
designed for SSDs and will perform poorly on HDDs; however it can handle far
|
||||||
for most deployments. (Note that you can change the storage backend on-the-fly
|
more data than the alternative "memory" engine and is a better default
|
||||||
for a given FoundationDB cluster using <command>fdbcli</command>.)</para>
|
choice for most deployments. (Note that you can change the storage backend
|
||||||
|
on-the-fly for a given FoundationDB cluster using
|
||||||
|
<command>fdbcli</command>.)
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>Furthermore, only 1 server process and 1 backup agent are started in the
|
<para>
|
||||||
default configuration. See below for more on scaling to increase this.</para>
|
Furthermore, only 1 server process and 1 backup agent are started in the
|
||||||
|
default configuration. See below for more on scaling to increase this.
|
||||||
<para>FoundationDB stores all data for all server processes under
|
</para>
|
||||||
<filename>/var/lib/foundationdb</filename>. You can override this using
|
|
||||||
<option>services.foundationdb.dataDir</option>, e.g.
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
FoundationDB stores all data for all server processes under
|
||||||
|
<filename>/var/lib/foundationdb</filename>. You can override this using
|
||||||
|
<option>services.foundationdb.dataDir</option>, e.g.
|
||||||
<programlisting>
|
<programlisting>
|
||||||
services.foundationdb.dataDir = "/data/fdb";
|
services.foundationdb.dataDir = "/data/fdb";
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
|
||||||
</para>
|
<para>
|
||||||
|
Similarly, logs are stored under <filename>/var/log/foundationdb</filename>
|
||||||
|
by default, and there is a corresponding
|
||||||
|
<option>services.foundationdb.logDir</option> as well.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-foundationdb-scaling">
|
||||||
|
<title>Scaling processes and backup agents</title>
|
||||||
|
|
||||||
<para>Similarly, logs are stored under
|
<para>
|
||||||
<filename>/var/log/foundationdb</filename> by default, and there is a
|
Scaling the number of server processes is quite easy; simply specify
|
||||||
corresponding <option>services.foundationdb.logDir</option> as well.</para>
|
<option>services.foundationdb.serverProcesses</option> to be the number of
|
||||||
|
FoundationDB worker processes that should be started on the machine.
|
||||||
|
</para>
|
||||||
|
|
||||||
</section>
|
<para>
|
||||||
|
FoundationDB worker processes typically require 4GB of RAM per-process at
|
||||||
|
minimum for good performance, so this option is set to 1 by default since
|
||||||
|
the maximum amount of RAM is unknown. You're advised to abide by this
|
||||||
|
restriction, so pick a number of processes so that each has 4GB or more.
|
||||||
|
</para>
|
||||||
|
|
||||||
<section xml:id="module-services-foundationdb-scaling"><title>Scaling processes and backup agents</title>
|
<para>
|
||||||
|
A similar option exists in order to scale backup agent processes,
|
||||||
|
<option>services.foundationdb.backupProcesses</option>. Backup agents are
|
||||||
|
not as performance/RAM sensitive, so feel free to experiment with the number
|
||||||
|
of available backup processes.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-foundationdb-clustering">
|
||||||
|
<title>Clustering</title>
|
||||||
|
|
||||||
<para>Scaling the number of server processes is quite easy; simply specify
|
<para>
|
||||||
<option>services.foundationdb.serverProcesses</option> to be the number of
|
FoundationDB on NixOS works similarly to other Linux systems, so this
|
||||||
FoundationDB worker processes that should be started on the machine.</para>
|
section will be brief. Please refer to the full FoundationDB documentation
|
||||||
|
for more on clustering.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>FoundationDB worker processes typically require 4GB of RAM per-process at
|
<para>
|
||||||
minimum for good performance, so this option is set to 1 by default since the
|
FoundationDB organizes clusters using a set of
|
||||||
maximum amount of RAM is unknown. You're advised to abide by this restriction,
|
<emphasis>coordinators</emphasis>, which are just specially-designated
|
||||||
so pick a number of processes so that each has 4GB or more.</para>
|
worker processes. By default, every installation of FoundationDB on NixOS
|
||||||
|
will start as its own individual cluster, with a single coordinator: the
|
||||||
|
first worker process on <command>localhost</command>.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>A similar option exists in order to scale backup agent processes,
|
<para>
|
||||||
<option>services.foundationdb.backupProcesses</option>. Backup agents are not
|
Coordinators are specified globally using the
|
||||||
as performance/RAM sensitive, so feel free to experiment with the number of
|
<command>/etc/foundationdb/fdb.cluster</command> file, which all servers and
|
||||||
available backup processes.</para>
|
client applications will use to find and join coordinators. Note that this
|
||||||
|
file <emphasis>can not</emphasis> be managed by NixOS so easily:
|
||||||
|
FoundationDB is designed so that it will rewrite the file at runtime for all
|
||||||
|
clients and nodes when cluster coordinators change, with clients
|
||||||
|
transparently handling this without intervention. It is fundamentally a
|
||||||
|
mutable file, and you should not try to manage it in any way in NixOS.
|
||||||
|
</para>
|
||||||
|
|
||||||
</section>
|
<para>
|
||||||
|
When dealing with a cluster, there are two main things you want to do:
|
||||||
|
</para>
|
||||||
|
|
||||||
<section xml:id="module-services-foundationdb-clustering"><title>Clustering</title>
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Add a node to the cluster for storage/compute.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Promote an ordinary worker to a coordinator.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
<para>FoundationDB on NixOS works similarly to other Linux systems, so this
|
<para>
|
||||||
section will be brief. Please refer to the full FoundationDB documentation for
|
A node must already be a member of the cluster in order to properly be
|
||||||
more on clustering.</para>
|
promoted to a coordinator, so you must always add it first if you wish to
|
||||||
|
promote it.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>FoundationDB organizes clusters using a set of
|
<para>
|
||||||
<emphasis>coordinators</emphasis>, which are just specially-designated worker
|
To add a machine to a FoundationDB cluster:
|
||||||
processes. By default, every installation of FoundationDB on NixOS will start
|
</para>
|
||||||
as its own individual cluster, with a single coordinator: the first worker
|
|
||||||
process on <command>localhost</command>.</para>
|
|
||||||
|
|
||||||
<para>Coordinators are specified globally using the
|
<itemizedlist>
|
||||||
<command>/etc/foundationdb/fdb.cluster</command> file, which all servers and
|
<listitem>
|
||||||
client applications will use to find and join coordinators. Note that this file
|
<para>
|
||||||
<emphasis>can not</emphasis> be managed by NixOS so easily: FoundationDB is
|
Choose one of the servers to start as the initial coordinator.
|
||||||
designed so that it will rewrite the file at runtime for all clients and nodes
|
</para>
|
||||||
when cluster coordinators change, with clients transparently handling this
|
</listitem>
|
||||||
without intervention. It is fundamentally a mutable file, and you should not
|
<listitem>
|
||||||
try to manage it in any way in NixOS.</para>
|
<para>
|
||||||
|
Copy the <command>/etc/foundationdb/fdb.cluster</command> file from this
|
||||||
|
server to all the other servers. Restart FoundationDB on all of these
|
||||||
|
other servers, so they join the cluster.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
All of these servers are now connected and working together in the
|
||||||
|
cluster, under the chosen coordinator.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
<para>When dealing with a cluster, there are two main things you want to
|
<para>
|
||||||
do:</para>
|
At this point, you can add as many nodes as you want by just repeating the
|
||||||
|
above steps. By default there will still be a single coordinator: you can
|
||||||
|
use <command>fdbcli</command> to change this and add new coordinators.
|
||||||
|
</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<para>
|
||||||
<listitem><para>Add a node to the cluster for storage/compute.</para></listitem>
|
As a convenience, FoundationDB can automatically assign coordinators based
|
||||||
<listitem><para>Promote an ordinary worker to a coordinator.</para></listitem>
|
on the redundancy mode you wish to achieve for the cluster. Once all the
|
||||||
</itemizedlist>
|
nodes have been joined, simply set the replication policy, and then issue
|
||||||
|
the <command>coordinators auto</command> command
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>A node must already be a member of the cluster in order to properly be
|
<para>
|
||||||
promoted to a coordinator, so you must always add it first if you wish to
|
For example, assuming we have 3 nodes available, we can enable double
|
||||||
promote it.</para>
|
redundancy mode, then auto-select coordinators. For double redundancy, 3
|
||||||
|
coordinators is ideal: therefore FoundationDB will make
|
||||||
<para>To add a machine to a FoundationDB cluster:</para>
|
<emphasis>every</emphasis> node a coordinator automatically:
|
||||||
|
</para>
|
||||||
<itemizedlist>
|
|
||||||
<listitem><para>Choose one of the servers to start as the initial coordinator.
|
|
||||||
</para></listitem>
|
|
||||||
<listitem><para>Copy the <command>/etc/foundationdb/fdb.cluster</command> file
|
|
||||||
from this server to all the other servers. Restart FoundationDB on all of
|
|
||||||
these other servers, so they join the cluster.</para></listitem>
|
|
||||||
<listitem><para>All of these servers are now connected and working together
|
|
||||||
in the cluster, under the chosen coordinator.</para></listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
<para>At this point, you can add as many nodes as you want by just repeating
|
|
||||||
the above steps. By default there will still be a single coordinator: you can
|
|
||||||
use <command>fdbcli</command> to change this and add new coordinators.</para>
|
|
||||||
|
|
||||||
<para>As a convenience, FoundationDB can automatically assign coordinators
|
|
||||||
based on the redundancy mode you wish to achieve for the cluster. Once all the
|
|
||||||
nodes have been joined, simply set the replication policy, and then issue the
|
|
||||||
<command>coordinators auto</command> command</para>
|
|
||||||
|
|
||||||
<para>For example, assuming we have 3 nodes available, we can enable double
|
|
||||||
redundancy mode, then auto-select coordinators. For double redundancy, 3
|
|
||||||
coordinators is ideal: therefore FoundationDB will make
|
|
||||||
<emphasis>every</emphasis> node a coordinator automatically:</para>
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
fdbcli> configure double ssd
|
fdbcli> configure double ssd
|
||||||
fdbcli> coordinators auto
|
fdbcli> coordinators auto
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
<para>This will transparently update all the servers within seconds, and
|
<para>
|
||||||
appropriately rewrite the <command>fdb.cluster</command> file, as well as
|
This will transparently update all the servers within seconds, and
|
||||||
informing all client processes to do the same.</para>
|
appropriately rewrite the <command>fdb.cluster</command> file, as well as
|
||||||
|
informing all client processes to do the same.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-foundationdb-connectivity">
|
||||||
|
<title>Client connectivity</title>
|
||||||
|
|
||||||
</section>
|
<para>
|
||||||
|
By default, all clients must use the current <command>fdb.cluster</command>
|
||||||
|
file to access a given FoundationDB cluster. This file is located by default
|
||||||
|
in <command>/etc/foundationdb/fdb.cluster</command> on all machines with the
|
||||||
|
FoundationDB service enabled, so you may copy the active one from your
|
||||||
|
cluster to a new node in order to connect, if it is not part of the cluster.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-foundationdb-authorization">
|
||||||
|
<title>Client authorization and TLS</title>
|
||||||
|
|
||||||
<section xml:id="module-services-foundationdb-connectivity"><title>Client connectivity</title>
|
<para>
|
||||||
|
By default, any user who can connect to a FoundationDB process with the
|
||||||
|
correct cluster configuration can access anything. FoundationDB uses a
|
||||||
|
pluggable design to transport security, and out of the box it supports a
|
||||||
|
LibreSSL-based plugin for TLS support. This plugin not only does in-flight
|
||||||
|
encryption, but also performs client authorization based on the given
|
||||||
|
endpoint's certificate chain. For example, a FoundationDB server may be
|
||||||
|
configured to only accept client connections over TLS, where the client TLS
|
||||||
|
certificate is from organization <emphasis>Acme Co</emphasis> in the
|
||||||
|
<emphasis>Research and Development</emphasis> unit.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>By default, all clients must use the current
|
<para>
|
||||||
<command>fdb.cluster</command> file to access a given FoundationDB cluster.
|
Configuring TLS with FoundationDB is done using the
|
||||||
This file is located by default in
|
<option>services.foundationdb.tls</option> options in order to control the
|
||||||
<command>/etc/foundationdb/fdb.cluster</command> on all machines with the
|
peer verification string, as well as the certificate and its private key.
|
||||||
FoundationDB service enabled, so you may copy the active one from your cluster
|
</para>
|
||||||
to a new node in order to connect, if it is not part of the cluster.</para>
|
|
||||||
|
|
||||||
</section>
|
<para>
|
||||||
|
Note that the certificate and its private key must be accessible to the
|
||||||
|
FoundationDB user account that the server runs under. These files are also
|
||||||
|
NOT managed by NixOS, as putting them into the store may reveal private
|
||||||
|
information.
|
||||||
|
</para>
|
||||||
|
|
||||||
<section xml:id="module-services-foundationdb-authorization"><title>Client authorization and TLS</title>
|
<para>
|
||||||
|
After you have a key and certificate file in place, it is not enough to
|
||||||
<para>By default, any user who can connect to a FoundationDB process with the
|
simply set the NixOS module options -- you must also configure the
|
||||||
correct cluster configuration can access anything. FoundationDB uses a
|
<command>fdb.cluster</command> file to specify that a given set of
|
||||||
pluggable design to transport security, and out of the box it supports a
|
coordinators use TLS. This is as simple as adding the suffix
|
||||||
LibreSSL-based plugin for TLS support. This plugin not only does in-flight
|
<command>:tls</command> to your cluster coordinator configuration, after the
|
||||||
encryption, but also performs client authorization based on the given
|
port number. For example, assuming you have a coordinator on localhost with
|
||||||
endpoint's certificate chain. For example, a FoundationDB server may be
|
the default configuration, simply specifying:
|
||||||
configured to only accept client connections over TLS, where the client TLS
|
</para>
|
||||||
certificate is from organization <emphasis>Acme Co</emphasis> in the
|
|
||||||
<emphasis>Research and Development</emphasis> unit.</para>
|
|
||||||
|
|
||||||
<para>Configuring TLS with FoundationDB is done using the
|
|
||||||
<option>services.foundationdb.tls</option> options in order to control the peer
|
|
||||||
verification string, as well as the certificate and its private key.</para>
|
|
||||||
|
|
||||||
<para>Note that the certificate and its private key must be accessible to the
|
|
||||||
FoundationDB user account that the server runs under. These files are also NOT
|
|
||||||
managed by NixOS, as putting them into the store may reveal private
|
|
||||||
information.</para>
|
|
||||||
|
|
||||||
<para>After you have a key and certificate file in place, it is not enough to
|
|
||||||
simply set the NixOS module options -- you must also configure the
|
|
||||||
<command>fdb.cluster</command> file to specify that a given set of coordinators
|
|
||||||
use TLS. This is as simple as adding the suffix <command>:tls</command> to your
|
|
||||||
cluster coordinator configuration, after the port number. For example, assuming
|
|
||||||
you have a coordinator on localhost with the default configuration, simply
|
|
||||||
specifying:</para>
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
XXXXXX:XXXXXX@127.0.0.1:4500:tls
|
XXXXXX:XXXXXX@127.0.0.1:4500:tls
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
<para>will configure all clients and server processes to use TLS from now
|
<para>
|
||||||
on.</para>
|
will configure all clients and server processes to use TLS from now on.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-foundationdb-disaster-recovery">
|
||||||
|
<title>Backups and Disaster Recovery</title>
|
||||||
|
|
||||||
</section>
|
<para>
|
||||||
|
The usual rules for doing FoundationDB backups apply on NixOS as written in
|
||||||
|
the FoundationDB manual. However, one important difference is the security
|
||||||
|
profile for NixOS: by default, the <command>foundationdb</command> systemd
|
||||||
|
unit uses <emphasis>Linux namespaces</emphasis> to restrict write access to
|
||||||
|
the system, except for the log directory, data directory, and the
|
||||||
|
<command>/etc/foundationdb/</command> directory. This is enforced by default
|
||||||
|
and cannot be disabled.
|
||||||
|
</para>
|
||||||
|
|
||||||
<section xml:id="module-services-foundationdb-disaster-recovery"><title>Backups and Disaster Recovery</title>
|
<para>
|
||||||
|
However, a side effect of this is that the <command>fdbbackup</command>
|
||||||
|
command doesn't work properly for local filesystem backups: FoundationDB
|
||||||
|
uses a server process alongside the database processes to perform backups
|
||||||
|
and copy the backups to the filesystem. As a result, this process is put
|
||||||
|
under the restricted namespaces above: the backup process can only write to
|
||||||
|
a limited number of paths.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>The usual rules for doing FoundationDB backups apply on NixOS as written
|
<para>
|
||||||
in the FoundationDB manual. However, one important difference is the security
|
In order to allow flexible backup locations on local disks, the FoundationDB
|
||||||
profile for NixOS: by default, the <command>foundationdb</command> systemd unit
|
NixOS module supports a
|
||||||
uses <emphasis>Linux namespaces</emphasis> to restrict write access to the
|
<option>services.foundationdb.extraReadWritePaths</option> option. This
|
||||||
system, except for the log directory, data directory, and the
|
option takes a list of paths, and adds them to the systemd unit, allowing
|
||||||
<command>/etc/foundationdb/</command> directory. This is enforced by default
|
the processes inside the service to write (and read) the specified
|
||||||
and cannot be disabled.</para>
|
directories.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>However, a side effect of this is that the <command>fdbbackup</command>
|
<para>
|
||||||
command doesn't work properly for local filesystem backups: FoundationDB uses a
|
For example, to create backups in <command>/opt/fdb-backups</command>, first
|
||||||
server process alongside the database processes to perform backups and copy the
|
set up the paths in the module options:
|
||||||
backups to the filesystem. As a result, this process is put under the
|
</para>
|
||||||
restricted namespaces above: the backup process can only write to a limited
|
|
||||||
number of paths.</para>
|
|
||||||
|
|
||||||
<para>In order to allow flexible backup locations on local disks, the
|
|
||||||
FoundationDB NixOS module supports a
|
|
||||||
<option>services.foundationdb.extraReadWritePaths</option> option. This option
|
|
||||||
takes a list of paths, and adds them to the systemd unit, allowing the
|
|
||||||
processes inside the service to write (and read) the specified
|
|
||||||
directories.</para>
|
|
||||||
|
|
||||||
<para>For example, to create backups in <command>/opt/fdb-backups</command>,
|
|
||||||
first set up the paths in the module options:</para>
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ];
|
services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ];
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
<para>Restart the FoundationDB service, and it will now be able to write to
|
<para>
|
||||||
this directory (even if it does not yet exist.) Note: this path
|
Restart the FoundationDB service, and it will now be able to write to this
|
||||||
<emphasis>must</emphasis> exist before restarting the unit. Otherwise, systemd
|
directory (even if it does not yet exist.) Note: this path
|
||||||
will not include it in the private FoundationDB namespace (and it will not add
|
<emphasis>must</emphasis> exist before restarting the unit. Otherwise,
|
||||||
it dynamically at runtime).</para>
|
systemd will not include it in the private FoundationDB namespace (and it
|
||||||
|
will not add it dynamically at runtime).
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>You can now perform a backup:</para>
|
<para>
|
||||||
|
You can now perform a backup:
|
||||||
|
</para>
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
$ sudo -u foundationdb fdbbackup start -t default -d file:///opt/fdb-backups
|
$ sudo -u foundationdb fdbbackup start -t default -d file:///opt/fdb-backups
|
||||||
$ sudo -u foundationdb fdbbackup status -t default
|
$ sudo -u foundationdb fdbbackup status -t default
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-foundationdb-limitations">
|
||||||
|
<title>Known limitations</title>
|
||||||
|
|
||||||
</section>
|
<para>
|
||||||
|
The FoundationDB setup for NixOS should currently be considered beta.
|
||||||
|
FoundationDB is not new software, but the NixOS compilation and integration
|
||||||
|
has only undergone fairly basic testing of all the available functionality.
|
||||||
|
</para>
|
||||||
|
|
||||||
<section xml:id="module-services-foundationdb-limitations"><title>Known limitations</title>
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
There is no way to specify individual parameters for individual
|
||||||
|
<command>fdbserver</command> processes. Currently, all server processes
|
||||||
|
inherit all the global <command>fdbmonitor</command> settings.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Ruby bindings are not currently installed.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Go bindings are not currently installed.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-foundationdb-options">
|
||||||
|
<title>Options</title>
|
||||||
|
|
||||||
<para>The FoundationDB setup for NixOS should currently be considered beta.
|
<para>
|
||||||
FoundationDB is not new software, but the NixOS compilation and integration has
|
NixOS's FoundationDB module allows you to configure all of the most relevant
|
||||||
only undergone fairly basic testing of all the available functionality.</para>
|
configuration options for <command>fdbmonitor</command>, matching it quite
|
||||||
|
closely. A complete list of options for the FoundationDB module may be found
|
||||||
<itemizedlist>
|
<link linkend="opt-services.foundationdb.enable">here</link>. You should
|
||||||
<listitem><para>There is no way to specify individual parameters for
|
also read the FoundationDB documentation as well.
|
||||||
individual <command>fdbserver</command> processes. Currently, all server
|
</para>
|
||||||
processes inherit all the global <command>fdbmonitor</command> settings.
|
</section>
|
||||||
</para></listitem>
|
<section xml:id="module-services-foundationdb-full-docs">
|
||||||
<listitem><para>Ruby bindings are not currently installed.</para></listitem>
|
<title>Full documentation</title>
|
||||||
<listitem><para>Go bindings are not currently installed.</para></listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section xml:id="module-services-foundationdb-options"><title>Options</title>
|
|
||||||
|
|
||||||
<para>NixOS's FoundationDB module allows you to configure all of the most
|
|
||||||
relevant configuration options for <command>fdbmonitor</command>, matching it
|
|
||||||
quite closely. A complete list of options for the FoundationDB module may be
|
|
||||||
found <link linkend="opt-services.foundationdb.enable">here</link>. You should
|
|
||||||
also read the FoundationDB documentation as well.</para>
|
|
||||||
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section xml:id="module-services-foundationdb-full-docs"><title>Full documentation</title>
|
|
||||||
|
|
||||||
<para>FoundationDB is a complex piece of software, and requires careful
|
|
||||||
administration to properly use. Full documentation for administration can be
|
|
||||||
found here: <link xlink:href="https://apple.github.io/foundationdb/"/>.</para>
|
|
||||||
|
|
||||||
</section>
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
FoundationDB is a complex piece of software, and requires careful
|
||||||
|
administration to properly use. Full documentation for administration can be
|
||||||
|
found here: <link xlink:href="https://apple.github.io/foundationdb/"/>.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -3,36 +3,39 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-postgresql">
|
xml:id="module-postgresql">
|
||||||
|
<title>PostgreSQL</title>
|
||||||
<title>PostgreSQL</title>
|
|
||||||
|
|
||||||
<!-- FIXME: render nicely -->
|
<!-- FIXME: render nicely -->
|
||||||
|
|
||||||
<!-- FIXME: source can be added automatically -->
|
<!-- FIXME: source can be added automatically -->
|
||||||
<para><emphasis>Source:</emphasis> <filename>modules/services/databases/postgresql.nix</filename></para>
|
<para>
|
||||||
|
<emphasis>Source:</emphasis>
|
||||||
<para><emphasis>Upstream documentation:</emphasis> <link xlink:href="http://www.postgresql.org/docs/"/></para>
|
<filename>modules/services/databases/postgresql.nix</filename>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<emphasis>Upstream documentation:</emphasis>
|
||||||
|
<link xlink:href="http://www.postgresql.org/docs/"/>
|
||||||
|
</para>
|
||||||
<!-- FIXME: more stuff, like maintainer? -->
|
<!-- FIXME: more stuff, like maintainer? -->
|
||||||
|
<para>
|
||||||
|
PostgreSQL is an advanced, free relational database.
|
||||||
|
<!-- MORE -->
|
||||||
|
</para>
|
||||||
|
<section xml:id="module-services-postgres-configuring">
|
||||||
|
<title>Configuring</title>
|
||||||
|
|
||||||
<para>PostgreSQL is an advanced, free relational database.<!-- MORE --></para>
|
<para>
|
||||||
|
To enable PostgreSQL, add the following to your
|
||||||
<section xml:id="module-services-postgres-configuring"><title>Configuring</title>
|
<filename>configuration.nix</filename>:
|
||||||
|
|
||||||
<para>To enable PostgreSQL, add the following to your
|
|
||||||
<filename>configuration.nix</filename>:
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<xref linkend="opt-services.postgresql.enable"/> = true;
|
<xref linkend="opt-services.postgresql.enable"/> = true;
|
||||||
<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql94;
|
<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql94;
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
Note that you are required to specify the desired version of PostgreSQL
|
||||||
Note that you are required to specify the desired version of
|
(e.g. <literal>pkgs.postgresql94</literal>). Since upgrading your PostgreSQL
|
||||||
PostgreSQL (e.g. <literal>pkgs.postgresql94</literal>). Since
|
version requires a database dump and reload (see below), NixOS cannot
|
||||||
upgrading your PostgreSQL version requires a database dump and reload
|
provide a default value for
|
||||||
(see below), NixOS cannot provide a default value for
|
<xref linkend="opt-services.postgresql.package"/> such as the most recent
|
||||||
<xref linkend="opt-services.postgresql.package"/> such as the most recent
|
release of PostgreSQL.
|
||||||
release of PostgreSQL.</para>
|
</para>
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
<para>After running <command>nixos-rebuild</command>, you can verify
|
<para>After running <command>nixos-rebuild</command>, you can verify
|
||||||
|
@ -47,31 +50,28 @@ alice=>
|
||||||
</screen>
|
</screen>
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<para>By default, PostgreSQL stores its databases in
|
<para>
|
||||||
<filename>/var/db/postgresql</filename>. You can override this using
|
By default, PostgreSQL stores its databases in
|
||||||
<xref linkend="opt-services.postgresql.dataDir"/>, e.g.
|
<filename>/var/db/postgresql</filename>. You can override this using
|
||||||
|
<xref linkend="opt-services.postgresql.dataDir"/>, e.g.
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<xref linkend="opt-services.postgresql.dataDir"/> = "/data/postgresql";
|
<xref linkend="opt-services.postgresql.dataDir"/> = "/data/postgresql";
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-postgres-upgrading">
|
||||||
|
<title>Upgrading</title>
|
||||||
|
|
||||||
</para>
|
<para>
|
||||||
|
FIXME: document dump/upgrade/load cycle.
|
||||||
</section>
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-postgres-options">
|
||||||
<section xml:id="module-services-postgres-upgrading"><title>Upgrading</title>
|
<title>Options</title>
|
||||||
|
|
||||||
<para>FIXME: document dump/upgrade/load cycle.</para>
|
|
||||||
|
|
||||||
</section>
|
|
||||||
|
|
||||||
|
|
||||||
<section xml:id="module-services-postgres-options"><title>Options</title>
|
|
||||||
|
|
||||||
<para>A complete list of options for the PostgreSQL module may be found <link linkend="opt-services.postgresql.enable">here</link>.</para>
|
|
||||||
|
|
||||||
</section>
|
|
||||||
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
A complete list of options for the PostgreSQL module may be found
|
||||||
|
<link linkend="opt-services.postgresql.enable">here</link>.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -3,51 +3,54 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-services-flatpak">
|
xml:id="module-services-flatpak">
|
||||||
|
<title>Flatpak</title>
|
||||||
<title>Flatpak</title>
|
<para>
|
||||||
|
<emphasis>Source:</emphasis>
|
||||||
<para><emphasis>Source:</emphasis> <filename>modules/services/desktop/flatpak.nix</filename></para>
|
<filename>modules/services/desktop/flatpak.nix</filename>
|
||||||
|
</para>
|
||||||
<para><emphasis>Upstream documentation:</emphasis> <link xlink:href="https://github.com/flatpak/flatpak/wiki"/></para>
|
<para>
|
||||||
|
<emphasis>Upstream documentation:</emphasis>
|
||||||
<para>Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.</para>
|
<link xlink:href="https://github.com/flatpak/flatpak/wiki"/>
|
||||||
|
</para>
|
||||||
<para>
|
<para>
|
||||||
To enable Flatpak, add the following to your <filename>configuration.nix</filename>:
|
Flatpak is a system for building, distributing, and running sandboxed desktop
|
||||||
|
applications on Linux.
|
||||||
<programlisting>
|
</para>
|
||||||
|
<para>
|
||||||
|
To enable Flatpak, add the following to your
|
||||||
|
<filename>configuration.nix</filename>:
|
||||||
|
<programlisting>
|
||||||
<xref linkend="opt-services.flatpak.enable"/> = true;
|
<xref linkend="opt-services.flatpak.enable"/> = true;
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
<para>
|
||||||
<para>
|
For the sandboxed apps to work correctly, desktop integration portals need to
|
||||||
For the sandboxed apps to work correctly, desktop integration portals need to be installed. If you run GNOME, this will be handled automatically for you; in other cases, you will need to add something like the following to your <filename>configuration.nix</filename>:
|
be installed. If you run GNOME, this will be handled automatically for you;
|
||||||
|
in other cases, you will need to add something like the following to your
|
||||||
<programlisting>
|
<filename>configuration.nix</filename>:
|
||||||
|
<programlisting>
|
||||||
<xref linkend="opt-services.flatpak.extraPortals"/> = [ pkgs.xdg-desktop-portal-gtk ];
|
<xref linkend="opt-services.flatpak.extraPortals"/> = [ pkgs.xdg-desktop-portal-gtk ];
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
<para>
|
||||||
<para>
|
Then, you will need to add a repository, for example,
|
||||||
Then, you will need to add a repository, for example, <link xlink:href="https://github.com/flatpak/flatpak/wiki">Flathub</link>, either using the following commands:
|
<link xlink:href="https://github.com/flatpak/flatpak/wiki">Flathub</link>,
|
||||||
|
either using the following commands:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
|
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
|
||||||
flatpak update
|
flatpak update
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
or by opening the
|
||||||
or by opening the <link xlink:href="https://flathub.org/repo/flathub.flatpakrepo">repository file</link> in GNOME Software.
|
<link xlink:href="https://flathub.org/repo/flathub.flatpakrepo">repository
|
||||||
</para>
|
file</link> in GNOME Software.
|
||||||
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Finally, you can search and install programs:
|
Finally, you can search and install programs:
|
||||||
|
<programlisting>
|
||||||
<programlisting>
|
|
||||||
flatpak search bustle
|
flatpak search bustle
|
||||||
flatpak install flathub org.freedesktop.Bustle
|
flatpak install flathub org.freedesktop.Bustle
|
||||||
flatpak run org.freedesktop.Bustle
|
flatpak run org.freedesktop.Bustle
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
Again, GNOME Software offers graphical interface for these tasks.
|
Again, GNOME Software offers graphical interface for these tasks.
|
||||||
</para>
|
</para>
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -3,88 +3,87 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-services-emacs">
|
xml:id="module-services-emacs">
|
||||||
|
|
||||||
<title>Emacs</title>
|
<title>Emacs</title>
|
||||||
|
<!--
|
||||||
<!--
|
|
||||||
Documentation contributors:
|
Documentation contributors:
|
||||||
Damien Cassou @DamienCassou
|
Damien Cassou @DamienCassou
|
||||||
Thomas Tuegel @ttuegel
|
Thomas Tuegel @ttuegel
|
||||||
Rodney Lorrimar @rvl
|
Rodney Lorrimar @rvl
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
<link xlink:href="http://www.gnu.org/software/emacs/">Emacs</link>
|
<link xlink:href="http://www.gnu.org/software/emacs/">Emacs</link> is an
|
||||||
is an extensible, customizable, self-documenting real-time display
|
extensible, customizable, self-documenting real-time display editor — and
|
||||||
editor — and more. At its core is an interpreter for Emacs Lisp, a
|
more. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp
|
||||||
dialect of the Lisp programming language with extensions to
|
programming language with extensions to support text editing.
|
||||||
support text editing.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Emacs runs within a graphical desktop environment using the X
|
Emacs runs within a graphical desktop environment using the X Window System,
|
||||||
Window System, but works equally well on a text terminal. Under
|
but works equally well on a text terminal. Under
|
||||||
<productname>macOS</productname>, a "Mac port" edition is
|
<productname>macOS</productname>, a "Mac port" edition is available, which
|
||||||
available, which uses Apple's native GUI frameworks.
|
uses Apple's native GUI frameworks.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
<productname>Nixpkgs</productname> provides a superior environment
|
<productname>Nixpkgs</productname> provides a superior environment for
|
||||||
for running <application>Emacs</application>. It's simple to
|
running <application>Emacs</application>. It's simple to create custom builds
|
||||||
create custom builds by overriding the default packages. Chaotic
|
by overriding the default packages. Chaotic collections of Emacs Lisp code
|
||||||
collections of Emacs Lisp code and extensions can be brought under
|
and extensions can be brought under control using declarative package
|
||||||
control using declarative package
|
|
||||||
management. <productname>NixOS</productname> even provides a
|
management. <productname>NixOS</productname> even provides a
|
||||||
<command>systemd</command> user service for automatically
|
<command>systemd</command> user service for automatically starting the Emacs
|
||||||
starting the Emacs daemon.
|
daemon.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<section xml:id="module-services-emacs-installing">
|
<section xml:id="module-services-emacs-installing">
|
||||||
<title>Installing <application>Emacs</application></title>
|
<title>Installing <application>Emacs</application></title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Emacs can be installed in the normal way for Nix (see
|
Emacs can be installed in the normal way for Nix (see
|
||||||
<xref linkend="sec-package-management" />).
|
<xref linkend="sec-package-management" />). In addition, a NixOS
|
||||||
In addition, a NixOS <emphasis>service</emphasis>
|
<emphasis>service</emphasis> can be enabled.
|
||||||
can be enabled.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<section xml:id="module-services-emacs-releases">
|
<section xml:id="module-services-emacs-releases">
|
||||||
<title>The Different Releases of Emacs</title>
|
<title>The Different Releases of Emacs</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
<productname>Nixpkgs</productname> defines several basic Emacs
|
<productname>Nixpkgs</productname> defines several basic Emacs packages.
|
||||||
packages. The following are attributes belonging to the
|
The following are attributes belonging to the <varname>pkgs</varname> set:
|
||||||
<varname>pkgs</varname> set:
|
|
||||||
|
|
||||||
<variablelist>
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>emacs</varname></term>
|
<term>
|
||||||
<term><varname>emacs25</varname></term>
|
<varname>emacs</varname>
|
||||||
|
</term>
|
||||||
|
<term>
|
||||||
|
<varname>emacs25</varname>
|
||||||
|
</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The latest stable version of Emacs 25 using the <link
|
The latest stable version of Emacs 25 using the
|
||||||
xlink:href="http://www.gtk.org">GTK+ 2</link> widget
|
<link
|
||||||
toolkit.
|
xlink:href="http://www.gtk.org">GTK+ 2</link>
|
||||||
|
widget toolkit.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>emacs25-nox</varname></term>
|
<term>
|
||||||
|
<varname>emacs25-nox</varname>
|
||||||
|
</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Emacs 25 built without any dependency on X11
|
Emacs 25 built without any dependency on X11 libraries.
|
||||||
libraries.
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>emacsMacport</varname></term>
|
<term>
|
||||||
<term><varname>emacs25Macport</varname></term>
|
<varname>emacsMacport</varname>
|
||||||
|
</term>
|
||||||
|
<term>
|
||||||
|
<varname>emacs25Macport</varname>
|
||||||
|
</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Emacs 25 with the "Mac port" patches, providing a more
|
Emacs 25 with the "Mac port" patches, providing a more native look and
|
||||||
native look and feel under macOS.
|
feel under macOS.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -92,61 +91,60 @@
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
If those aren't suitable, then the following imitation Emacs
|
If those aren't suitable, then the following imitation Emacs editors are
|
||||||
editors are also available in Nixpkgs:
|
also available in Nixpkgs:
|
||||||
<link xlink:href="https://www.gnu.org/software/zile/">Zile</link>,
|
<link xlink:href="https://www.gnu.org/software/zile/">Zile</link>,
|
||||||
<link xlink:href="http://homepage.boetes.org/software/mg/">mg</link>,
|
<link xlink:href="http://homepage.boetes.org/software/mg/">mg</link>,
|
||||||
<link xlink:href="http://yi-editor.github.io/">Yi</link>.
|
<link xlink:href="http://yi-editor.github.io/">Yi</link>.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section xml:id="module-services-emacs-adding-packages">
|
<section xml:id="module-services-emacs-adding-packages">
|
||||||
<title>Adding Packages to Emacs</title>
|
<title>Adding Packages to Emacs</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Emacs includes an entire ecosystem of functionality beyond
|
Emacs includes an entire ecosystem of functionality beyond text editing,
|
||||||
text editing, including a project planner, mail and news
|
including a project planner, mail and news reader, debugger interface,
|
||||||
reader, debugger interface, calendar, and more.
|
calendar, and more.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Most extensions are gotten with the Emacs packaging system
|
Most extensions are gotten with the Emacs packaging system
|
||||||
(<filename>package.el</filename>) from <link
|
(<filename>package.el</filename>) from
|
||||||
|
<link
|
||||||
xlink:href="https://elpa.gnu.org/">Emacs Lisp Package Archive
|
xlink:href="https://elpa.gnu.org/">Emacs Lisp Package Archive
|
||||||
(<acronym>ELPA</acronym>)</link>,
|
(<acronym>ELPA</acronym>)</link>,
|
||||||
<link xlink:href="https://melpa.org/"><acronym>MELPA</acronym></link>,
|
<link xlink:href="https://melpa.org/"><acronym>MELPA</acronym></link>,
|
||||||
<link xlink:href="https://stable.melpa.org/">MELPA Stable</link>,
|
<link xlink:href="https://stable.melpa.org/">MELPA Stable</link>, and
|
||||||
and <link xlink:href="http://orgmode.org/elpa.html">Org ELPA</link>.
|
<link xlink:href="http://orgmode.org/elpa.html">Org ELPA</link>. Nixpkgs is
|
||||||
Nixpkgs is regularly updated to mirror all these archives.
|
regularly updated to mirror all these archives.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Under NixOS, you can continue to use
|
Under NixOS, you can continue to use
|
||||||
<function>package-list-packages</function> and
|
<function>package-list-packages</function> and
|
||||||
<function>package-install</function> to install packages. You
|
<function>package-install</function> to install packages. You can also
|
||||||
can also declare the set of Emacs packages you need using the
|
declare the set of Emacs packages you need using the derivations from
|
||||||
derivations from Nixpkgs. The rest of this section discusses
|
Nixpkgs. The rest of this section discusses declarative installation of
|
||||||
declarative installation of Emacs packages through nixpkgs.
|
Emacs packages through nixpkgs.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para>
|
<para>
|
||||||
This documentation describes the new Emacs packages
|
This documentation describes the new Emacs packages framework in NixOS
|
||||||
framework in NixOS 16.03
|
16.03 (<varname>emacsPackagesNg</varname>) which should not be confused
|
||||||
(<varname>emacsPackagesNg</varname>) which should not be
|
with the previous and deprecated framework
|
||||||
confused with the previous and deprecated framework
|
|
||||||
(<varname>emacs24Packages</varname>).
|
(<varname>emacs24Packages</varname>).
|
||||||
</para>
|
</para>
|
||||||
</note>
|
</note>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The first step to declare the list of packages you want in
|
The first step to declare the list of packages you want in your Emacs
|
||||||
your Emacs installation is to create a dedicated
|
installation is to create a dedicated derivation. This can be done in a
|
||||||
derivation. This can be done in a dedicated
|
dedicated <filename>emacs.nix</filename> file such as:
|
||||||
<filename>emacs.nix</filename> file such as:
|
|
||||||
|
|
||||||
<example xml:id="ex-emacsNix">
|
<example xml:id="ex-emacsNix">
|
||||||
<title>Nix expression to build Emacs with packages (<filename>emacs.nix</filename>)</title>
|
<title>Nix expression to build Emacs with packages (<filename>emacs.nix</filename>)</title>
|
||||||
<programlisting language="nix">
|
<programlisting language="nix">
|
||||||
/*
|
/*
|
||||||
This is a nix expression to build Emacs and some Emacs packages I like
|
This is a nix expression to build Emacs and some Emacs packages I like
|
||||||
from source on any distribution where Nix is installed. This will install
|
from source on any distribution where Nix is installed. This will install
|
||||||
|
@ -182,101 +180,87 @@ in
|
||||||
])
|
])
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</example>
|
</example>
|
||||||
|
|
||||||
<calloutlist>
|
<calloutlist>
|
||||||
<callout arearefs="ex-emacsNix-1">
|
<callout arearefs="ex-emacsNix-1">
|
||||||
<para>
|
<para>
|
||||||
The first non-comment line in this file
|
The first non-comment line in this file (<literal>{ pkgs ? ...
|
||||||
(<literal>{ pkgs ? ... }</literal>)
|
}</literal>) indicates that the whole file represents a function.
|
||||||
indicates that the whole file represents a function.
|
|
||||||
</para>
|
</para>
|
||||||
</callout>
|
</callout>
|
||||||
|
|
||||||
<callout arearefs="ex-emacsNix-2">
|
<callout arearefs="ex-emacsNix-2">
|
||||||
<para>
|
<para>
|
||||||
The <varname>let</varname> expression below defines a
|
The <varname>let</varname> expression below defines a
|
||||||
<varname>myEmacs</varname> binding pointing to the current
|
<varname>myEmacs</varname> binding pointing to the current stable
|
||||||
stable version of Emacs. This binding is here to separate the
|
version of Emacs. This binding is here to separate the choice of the
|
||||||
choice of the Emacs binary from the specification of the
|
Emacs binary from the specification of the required packages.
|
||||||
required packages.
|
|
||||||
</para>
|
</para>
|
||||||
</callout>
|
</callout>
|
||||||
|
|
||||||
<callout arearefs="ex-emacsNix-3">
|
<callout arearefs="ex-emacsNix-3">
|
||||||
<para>
|
<para>
|
||||||
This generates an <varname>emacsWithPackages</varname>
|
This generates an <varname>emacsWithPackages</varname> function. It
|
||||||
function. It takes a single argument: a function from a
|
takes a single argument: a function from a package set to a list of
|
||||||
package set to a list of packages (the packages that will
|
packages (the packages that will be available in Emacs).
|
||||||
be available in Emacs).
|
|
||||||
</para>
|
</para>
|
||||||
</callout>
|
</callout>
|
||||||
|
|
||||||
<callout arearefs="ex-emacsNix-4">
|
<callout arearefs="ex-emacsNix-4">
|
||||||
<para>
|
<para>
|
||||||
The rest of the file specifies the list of packages to
|
The rest of the file specifies the list of packages to install. In the
|
||||||
install. In the example, two packages
|
example, two packages (<varname>magit</varname> and
|
||||||
(<varname>magit</varname> and
|
<varname>zerodark-theme</varname>) are taken from MELPA stable.
|
||||||
<varname>zerodark-theme</varname>) are taken from MELPA
|
|
||||||
stable.
|
|
||||||
</para>
|
</para>
|
||||||
</callout>
|
</callout>
|
||||||
|
|
||||||
<callout arearefs="ex-emacsNix-5">
|
<callout arearefs="ex-emacsNix-5">
|
||||||
<para>
|
<para>
|
||||||
Two packages (<varname>undo-tree</varname> and
|
Two packages (<varname>undo-tree</varname> and
|
||||||
<varname>zoom-frm</varname>) are taken from MELPA.
|
<varname>zoom-frm</varname>) are taken from MELPA.
|
||||||
</para>
|
</para>
|
||||||
</callout>
|
</callout>
|
||||||
|
|
||||||
<callout arearefs="ex-emacsNix-6">
|
<callout arearefs="ex-emacsNix-6">
|
||||||
<para>Three packages are taken from GNU ELPA.</para>
|
|
||||||
</callout>
|
|
||||||
|
|
||||||
<callout arearefs="ex-emacsNix-7">
|
|
||||||
<para>
|
<para>
|
||||||
<varname>notmuch</varname> is taken from a nixpkgs derivation
|
Three packages are taken from GNU ELPA.
|
||||||
which contains an Emacs mode.
|
</para>
|
||||||
|
</callout>
|
||||||
|
<callout arearefs="ex-emacsNix-7">
|
||||||
|
<para>
|
||||||
|
<varname>notmuch</varname> is taken from a nixpkgs derivation which
|
||||||
|
contains an Emacs mode.
|
||||||
</para>
|
</para>
|
||||||
</callout>
|
</callout>
|
||||||
|
|
||||||
</calloutlist>
|
</calloutlist>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The result of this configuration will be an
|
The result of this configuration will be an <command>emacs</command>
|
||||||
<command>emacs</command> command which launches Emacs with all
|
command which launches Emacs with all of your chosen packages in the
|
||||||
of your chosen packages in the <varname>load-path</varname>.
|
<varname>load-path</varname>.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
You can check that it works by executing this in a terminal:
|
You can check that it works by executing this in a terminal:
|
||||||
|
|
||||||
<screen>
|
<screen>
|
||||||
$ nix-build emacs.nix
|
$ nix-build emacs.nix
|
||||||
$ ./result/bin/emacs -q
|
$ ./result/bin/emacs -q
|
||||||
</screen>
|
</screen>
|
||||||
|
and then typing <literal>M-x package-initialize</literal>. Check that you
|
||||||
and then typing <literal>M-x package-initialize</literal>.
|
can use all the packages you want in this Emacs instance. For example, try
|
||||||
Check that you can use all the packages you want in this
|
switching to the zerodark theme through <literal>M-x load-theme <RET>
|
||||||
Emacs instance. For example, try switching to the zerodark
|
zerodark <RET> y</literal>.
|
||||||
theme through
|
|
||||||
<literal>M-x load-theme <RET> zerodark <RET> y</literal>.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<tip>
|
<tip>
|
||||||
<para>
|
<para>
|
||||||
A few popular extensions worth checking out are: auctex,
|
A few popular extensions worth checking out are: auctex, company,
|
||||||
company, edit-server, flycheck, helm, iedit, magit,
|
edit-server, flycheck, helm, iedit, magit, multiple-cursors, projectile,
|
||||||
multiple-cursors, projectile, and yasnippet.
|
and yasnippet.
|
||||||
</para>
|
</para>
|
||||||
</tip>
|
</tip>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The list of available packages in the various ELPA
|
The list of available packages in the various ELPA repositories can be seen
|
||||||
repositories can be seen with the following commands:
|
with the following commands:
|
||||||
<example xml:id="module-services-emacs-querying-packages">
|
<example xml:id="module-services-emacs-querying-packages">
|
||||||
<title>Querying Emacs packages</title>
|
<title>Querying Emacs packages</title>
|
||||||
<programlisting><![CDATA[
|
<programlisting><![CDATA[
|
||||||
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.elpaPackages
|
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.elpaPackages
|
||||||
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.melpaPackages
|
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.melpaPackages
|
||||||
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.melpaStablePackages
|
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.melpaStablePackages
|
||||||
|
@ -286,14 +270,13 @@ nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.orgPackages
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
If you are on NixOS, you can install this particular Emacs for
|
If you are on NixOS, you can install this particular Emacs for all users by
|
||||||
all users by adding it to the list of system packages
|
adding it to the list of system packages (see
|
||||||
(see <xref linkend="sec-declarative-package-mgmt" />). Simply
|
<xref linkend="sec-declarative-package-mgmt" />). Simply modify your file
|
||||||
modify your file <filename>configuration.nix</filename> to
|
<filename>configuration.nix</filename> to make it contain:
|
||||||
make it contain:
|
|
||||||
<example xml:id="module-services-emacs-configuration-nix">
|
<example xml:id="module-services-emacs-configuration-nix">
|
||||||
<title>Custom Emacs in <filename>configuration.nix</filename></title>
|
<title>Custom Emacs in <filename>configuration.nix</filename></title>
|
||||||
<programlisting><![CDATA[
|
<programlisting><![CDATA[
|
||||||
{
|
{
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
# [...]
|
# [...]
|
||||||
|
@ -305,23 +288,24 @@ nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.orgPackages
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
In this case, the next <command>nixos-rebuild switch</command>
|
In this case, the next <command>nixos-rebuild switch</command> will take
|
||||||
will take care of adding your <command>emacs</command> to the
|
care of adding your <command>emacs</command> to the <varname>PATH</varname>
|
||||||
<varname>PATH</varname> environment variable
|
environment variable (see <xref linkend="sec-changing-config" />).
|
||||||
(see <xref linkend="sec-changing-config" />).
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<!-- fixme: i think the following is better done with config.nix
|
<!-- fixme: i think the following is better done with config.nix
|
||||||
https://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides
|
https://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
If you are not on NixOS or want to install this particular
|
If you are not on NixOS or want to install this particular Emacs only for
|
||||||
Emacs only for yourself, you can do so by adding it to your
|
yourself, you can do so by adding it to your
|
||||||
<filename>~/.config/nixpkgs/config.nix</filename>
|
<filename>~/.config/nixpkgs/config.nix</filename> (see
|
||||||
(see <link xlink:href="http://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides">Nixpkgs manual</link>):
|
<link xlink:href="http://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides">Nixpkgs
|
||||||
|
manual</link>):
|
||||||
<example xml:id="module-services-emacs-config-nix">
|
<example xml:id="module-services-emacs-config-nix">
|
||||||
<title>Custom Emacs in <filename>~/.config/nixpkgs/config.nix</filename></title>
|
<title>Custom Emacs in <filename>~/.config/nixpkgs/config.nix</filename></title>
|
||||||
<programlisting><![CDATA[
|
<programlisting><![CDATA[
|
||||||
{
|
{
|
||||||
packageOverrides = super: let self = super.pkgs; in {
|
packageOverrides = super: let self = super.pkgs; in {
|
||||||
myemacs = import /path/to/emacs.nix { pkgs = self; };
|
myemacs = import /path/to/emacs.nix { pkgs = self; };
|
||||||
|
@ -332,9 +316,8 @@ https://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
In this case, the next
|
In this case, the next <literal>nix-env -f '<nixpkgs>' -iA
|
||||||
<literal>nix-env -f '<nixpkgs>' -iA myemacs</literal>
|
myemacs</literal> will take care of adding your emacs to the
|
||||||
will take care of adding your emacs to the
|
|
||||||
<varname>PATH</varname> environment variable.
|
<varname>PATH</varname> environment variable.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
|
@ -344,17 +327,16 @@ https://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
If you want, you can tweak the Emacs package itself from your
|
If you want, you can tweak the Emacs package itself from your
|
||||||
<filename>emacs.nix</filename>. For example, if you want to
|
<filename>emacs.nix</filename>. For example, if you want to have a
|
||||||
have a GTK+3-based Emacs instead of the default GTK+2-based
|
GTK+3-based Emacs instead of the default GTK+2-based binary and remove the
|
||||||
binary and remove the automatically generated
|
automatically generated <filename>emacs.desktop</filename> (useful is you
|
||||||
<filename>emacs.desktop</filename> (useful is you only use
|
only use <command>emacsclient</command>), you can change your file
|
||||||
<command>emacsclient</command>), you can change your file
|
|
||||||
<filename>emacs.nix</filename> in this way:
|
<filename>emacs.nix</filename> in this way:
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<example xml:id="ex-emacsGtk3Nix">
|
<example xml:id="ex-emacsGtk3Nix">
|
||||||
<title>Custom Emacs build</title>
|
<title>Custom Emacs build</title>
|
||||||
<programlisting><![CDATA[
|
<programlisting><![CDATA[
|
||||||
{ pkgs ? import <nixpkgs> {} }:
|
{ pkgs ? import <nixpkgs> {} }:
|
||||||
let
|
let
|
||||||
myEmacs = (pkgs.emacs.override {
|
myEmacs = (pkgs.emacs.override {
|
||||||
|
@ -373,22 +355,19 @@ in [...]
|
||||||
</example>
|
</example>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
After building this file as shown in <xref linkend="ex-emacsNix" />,
|
After building this file as shown in <xref linkend="ex-emacsNix" />, you
|
||||||
you will get an GTK3-based Emacs binary pre-loaded with your
|
will get an GTK3-based Emacs binary pre-loaded with your favorite packages.
|
||||||
favorite packages.
|
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
<section xml:id="module-services-emacs-running">
|
||||||
<section xml:id="module-services-emacs-running">
|
|
||||||
<title>Running Emacs as a Service</title>
|
<title>Running Emacs as a Service</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
<productname>NixOS</productname> provides an optional
|
<productname>NixOS</productname> provides an optional
|
||||||
<command>systemd</command> service which launches
|
<command>systemd</command> service which launches
|
||||||
<link xlink:href="https://www.gnu.org/software/emacs/manual/html_node/emacs/Emacs-Server.html">
|
<link xlink:href="https://www.gnu.org/software/emacs/manual/html_node/emacs/Emacs-Server.html">
|
||||||
Emacs daemon
|
Emacs daemon </link> with the user's login session.
|
||||||
</link>
|
|
||||||
with the user's login session.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
|
@ -400,10 +379,8 @@ in [...]
|
||||||
<title>Enabling the Service</title>
|
<title>Enabling the Service</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
To install and enable the <command>systemd</command>
|
To install and enable the <command>systemd</command> user service for Emacs
|
||||||
user service for Emacs daemon, add the following to your
|
daemon, add the following to your <filename>configuration.nix</filename>:
|
||||||
<filename>configuration.nix</filename>:
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<xref linkend="opt-services.emacs.enable"/> = true;
|
<xref linkend="opt-services.emacs.enable"/> = true;
|
||||||
<xref linkend="opt-services.emacs.package"/> = import /home/cassou/.emacs.d { pkgs = pkgs; };
|
<xref linkend="opt-services.emacs.package"/> = import /home/cassou/.emacs.d { pkgs = pkgs; };
|
||||||
|
@ -411,45 +388,41 @@ in [...]
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The <varname>services.emacs.package</varname> option allows a
|
The <varname>services.emacs.package</varname> option allows a custom
|
||||||
custom derivation to be used, for example, one created by
|
derivation to be used, for example, one created by
|
||||||
<function>emacsWithPackages</function>.
|
<function>emacsWithPackages</function>.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Ensure that the Emacs server is enabled for your user's Emacs
|
Ensure that the Emacs server is enabled for your user's Emacs
|
||||||
configuration, either by customizing the
|
configuration, either by customizing the <varname>server-mode</varname>
|
||||||
<varname>server-mode</varname> variable, or by adding
|
variable, or by adding <literal>(server-start)</literal> to
|
||||||
<literal>(server-start)</literal> to
|
|
||||||
<filename>~/.emacs.d/init.el</filename>.
|
<filename>~/.emacs.d/init.el</filename>.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
To start the daemon, execute the following:
|
To start the daemon, execute the following:
|
||||||
|
|
||||||
<screen>
|
<screen>
|
||||||
$ nixos-rebuild switch # to activate the new configuration.nix
|
$ nixos-rebuild switch # to activate the new configuration.nix
|
||||||
$ systemctl --user daemon-reload # to force systemd reload
|
$ systemctl --user daemon-reload # to force systemd reload
|
||||||
$ systemctl --user start emacs.service # to start the Emacs daemon
|
$ systemctl --user start emacs.service # to start the Emacs daemon
|
||||||
</screen>
|
</screen>
|
||||||
|
|
||||||
The server should now be ready to serve Emacs clients.
|
The server should now be ready to serve Emacs clients.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section xml:id="module-services-emacs-starting-client">
|
<section xml:id="module-services-emacs-starting-client">
|
||||||
<title>Starting the client</title>
|
<title>Starting the client</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Ensure that the emacs server is enabled, either by customizing
|
Ensure that the emacs server is enabled, either by customizing the
|
||||||
the <varname>server-mode</varname> variable, or by adding
|
<varname>server-mode</varname> variable, or by adding
|
||||||
<literal>(server-start)</literal> to
|
<literal>(server-start)</literal> to <filename>~/.emacs</filename>.
|
||||||
<filename>~/.emacs</filename>.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
To connect to the emacs daemon, run one of the following:
|
To connect to the emacs daemon, run one of the following:
|
||||||
<programlisting><![CDATA[
|
<programlisting><![CDATA[
|
||||||
emacsclient FILENAME
|
emacsclient FILENAME
|
||||||
emacsclient --create-frame # opens a new frame (window)
|
emacsclient --create-frame # opens a new frame (window)
|
||||||
emacsclient --create-frame --tty # opens a new frame on the current terminal
|
emacsclient --create-frame --tty # opens a new frame on the current terminal
|
||||||
|
@ -459,31 +432,28 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal
|
||||||
|
|
||||||
<section xml:id="module-services-emacs-editor-variable">
|
<section xml:id="module-services-emacs-editor-variable">
|
||||||
<title>Configuring the <varname>EDITOR</varname> variable</title>
|
<title>Configuring the <varname>EDITOR</varname> variable</title>
|
||||||
<!--<title><command>emacsclient</command> as the Default Editor</title>-->
|
|
||||||
|
<!--<title><command>emacsclient</command> as the Default Editor</title>-->
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
If <xref linkend="opt-services.emacs.defaultEditor"/> is
|
If <xref linkend="opt-services.emacs.defaultEditor"/> is
|
||||||
<literal>true</literal>, the <varname>EDITOR</varname> variable
|
<literal>true</literal>, the <varname>EDITOR</varname> variable will be set
|
||||||
will be set to a wrapper script which launches
|
to a wrapper script which launches <command>emacsclient</command>.
|
||||||
<command>emacsclient</command>.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Any setting of <varname>EDITOR</varname> in the shell config
|
Any setting of <varname>EDITOR</varname> in the shell config files will
|
||||||
files will override
|
override <varname>services.emacs.defaultEditor</varname>. To make sure
|
||||||
<varname>services.emacs.defaultEditor</varname>.
|
<varname>EDITOR</varname> refers to the Emacs wrapper script, remove any
|
||||||
To make sure <varname>EDITOR</varname> refers to the Emacs
|
existing <varname>EDITOR</varname> assignment from
|
||||||
wrapper script, remove any existing <varname>EDITOR</varname>
|
<filename>.profile</filename>, <filename>.bashrc</filename>,
|
||||||
assignment from <filename>.profile</filename>,
|
<filename>.zshenv</filename> or any other shell config file.
|
||||||
<filename>.bashrc</filename>, <filename>.zshenv</filename> or
|
|
||||||
any other shell config file.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
If you have formed certain bad habits when editing files,
|
If you have formed certain bad habits when editing files, these can be
|
||||||
these can be corrected with a shell alias to the wrapper
|
corrected with a shell alias to the wrapper script:
|
||||||
script:
|
<programlisting>alias vi=$EDITOR</programlisting>
|
||||||
<programlisting>alias vi=$EDITOR</programlisting>
|
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
@ -491,12 +461,10 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal
|
||||||
<title>Per-User Enabling of the Service</title>
|
<title>Per-User Enabling of the Service</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
In general, <command>systemd</command> user services
|
In general, <command>systemd</command> user services are globally enabled
|
||||||
are globally enabled by symlinks in
|
by symlinks in <filename>/etc/systemd/user</filename>. In the case where
|
||||||
<filename>/etc/systemd/user</filename>. In the case where
|
Emacs daemon is not wanted for all users, it is possible to install the
|
||||||
Emacs daemon is not wanted for all users, it is possible to
|
service but not globally enable it:
|
||||||
install the service but not globally enable it:
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<xref linkend="opt-services.emacs.enable"/> = false;
|
<xref linkend="opt-services.emacs.enable"/> = false;
|
||||||
<xref linkend="opt-services.emacs.install"/> = true;
|
<xref linkend="opt-services.emacs.install"/> = true;
|
||||||
|
@ -504,27 +472,23 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
To enable the <command>systemd</command> user service for just
|
To enable the <command>systemd</command> user service for just the
|
||||||
the currently logged in user, run:
|
currently logged in user, run:
|
||||||
|
<programlisting>systemctl --user enable emacs</programlisting>
|
||||||
<programlisting>systemctl --user enable emacs</programlisting>
|
|
||||||
|
|
||||||
This will add the symlink
|
This will add the symlink
|
||||||
<filename>~/.config/systemd/user/emacs.service</filename>.
|
<filename>~/.config/systemd/user/emacs.service</filename>.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
<section xml:id="module-services-emacs-configuring">
|
||||||
<section xml:id="module-services-emacs-configuring">
|
|
||||||
<title>Configuring Emacs</title>
|
<title>Configuring Emacs</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The Emacs init file should be changed to load the extension
|
The Emacs init file should be changed to load the extension packages at
|
||||||
packages at startup:
|
startup:
|
||||||
|
|
||||||
<example xml:id="module-services-emacs-package-initialisation">
|
<example xml:id="module-services-emacs-package-initialisation">
|
||||||
<title>Package initialization in <filename>.emacs</filename></title>
|
<title>Package initialization in <filename>.emacs</filename></title>
|
||||||
<programlisting><![CDATA[
|
<programlisting><![CDATA[
|
||||||
(require 'package)
|
(require 'package)
|
||||||
|
|
||||||
;; optional. makes unpure packages archives unavailable
|
;; optional. makes unpure packages archives unavailable
|
||||||
|
@ -537,13 +501,13 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
After the declarative emacs package configuration has been
|
After the declarative emacs package configuration has been tested,
|
||||||
tested, previously downloaded packages can be cleaned up by
|
previously downloaded packages can be cleaned up by removing
|
||||||
removing <filename>~/.emacs.d/elpa</filename> (do make a backup
|
<filename>~/.emacs.d/elpa</filename> (do make a backup first, in case you
|
||||||
first, in case you forgot a package).
|
forgot a package).
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
todo: is it worth documenting customizations for
|
todo: is it worth documenting customizations for
|
||||||
server-switch-hook, server-done-hook?
|
server-switch-hook, server-done-hook?
|
||||||
-->
|
-->
|
||||||
|
@ -552,47 +516,52 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal
|
||||||
<title>A Major Mode for Nix Expressions</title>
|
<title>A Major Mode for Nix Expressions</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Of interest may be <varname>melpaPackages.nix-mode</varname>,
|
Of interest may be <varname>melpaPackages.nix-mode</varname>, which
|
||||||
which provides syntax highlighting for the Nix language. This is
|
provides syntax highlighting for the Nix language. This is particularly
|
||||||
particularly convenient if you regularly edit Nix files.
|
convenient if you regularly edit Nix files.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section xml:id="module-services-emacs-man-pages">
|
<section xml:id="module-services-emacs-man-pages">
|
||||||
<title>Accessing man pages</title>
|
<title>Accessing man pages</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
You can use <function>woman</function> to get completion of all
|
You can use <function>woman</function> to get completion of all available
|
||||||
available man pages. For example, type <literal>M-x woman
|
man pages. For example, type <literal>M-x woman <RET> nixos-rebuild
|
||||||
<RET> nixos-rebuild <RET>.</literal>
|
<RET>.</literal>
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section xml:id="sec-emacs-docbook-xml">
|
<section xml:id="sec-emacs-docbook-xml">
|
||||||
<title>Editing DocBook 5 XML Documents</title>
|
<title>Editing DocBook 5 XML Documents</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Emacs includes <link
|
Emacs includes
|
||||||
|
<link
|
||||||
xlink:href="https://www.gnu.org/software/emacs/manual/html_node/nxml-mode/Introduction.html">nXML</link>,
|
xlink:href="https://www.gnu.org/software/emacs/manual/html_node/nxml-mode/Introduction.html">nXML</link>,
|
||||||
a major-mode for validating and editing XML documents.
|
a major-mode for validating and editing XML documents. When editing DocBook
|
||||||
When editing DocBook 5.0 documents, such as
|
5.0 documents, such as <link linkend="book-nixos-manual">this one</link>,
|
||||||
<link linkend="book-nixos-manual">this one</link>,
|
nXML needs to be configured with the relevant schema, which is not
|
||||||
nXML needs to be configured with the relevant schema, which is
|
included.
|
||||||
not included.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
To install the DocBook 5.0 schemas, either add
|
To install the DocBook 5.0 schemas, either add
|
||||||
<varname>pkgs.docbook5</varname> to
|
<varname>pkgs.docbook5</varname> to
|
||||||
<xref linkend="opt-environment.systemPackages"/> (<link
|
<xref linkend="opt-environment.systemPackages"/>
|
||||||
|
(<link
|
||||||
linkend="sec-declarative-package-mgmt">NixOS</link>), or run
|
linkend="sec-declarative-package-mgmt">NixOS</link>), or run
|
||||||
<literal>nix-env -i pkgs.docbook5</literal>
|
<literal>nix-env -i pkgs.docbook5</literal>
|
||||||
(<link linkend="sec-ad-hoc-packages">Nix</link>).
|
(<link linkend="sec-ad-hoc-packages">Nix</link>).
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Then customize the variable <varname>rng-schema-locating-files</varname> to include <filename>~/.emacs.d/schemas.xml</filename> and put the following text into that file:
|
Then customize the variable <varname>rng-schema-locating-files</varname> to
|
||||||
|
include <filename>~/.emacs.d/schemas.xml</filename> and put the following
|
||||||
|
text into that file:
|
||||||
<example xml:id="ex-emacs-docbook-xml">
|
<example xml:id="ex-emacs-docbook-xml">
|
||||||
<title>nXML Schema Configuration (<filename>~/.emacs.d/schemas.xml</filename>)</title>
|
<title>nXML Schema Configuration (<filename>~/.emacs.d/schemas.xml</filename>)</title>
|
||||||
<programlisting language="xml"><![CDATA[
|
<programlisting language="xml"><![CDATA[
|
||||||
<?xml version="1.0"?>
|
<?xml version="1.0"?>
|
||||||
<!--
|
<!--
|
||||||
To let emacs find this file, evaluate:
|
To let emacs find this file, evaluate:
|
||||||
|
@ -613,8 +582,6 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal
|
||||||
]]></programlisting>
|
]]></programlisting>
|
||||||
</example>
|
</example>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -115,36 +115,10 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
indexOf = default: start: list: e:
|
|
||||||
if list == []
|
|
||||||
then default
|
|
||||||
else if (head list) == e then start
|
|
||||||
else (indexOf default (start + (length (listenStreams (head list).socket))) (tail list) e);
|
|
||||||
|
|
||||||
systemdSocket = indexOf (abort "Socket not found") 0 allSockets;
|
|
||||||
|
|
||||||
isUnixSocket = socket: hasPrefix "/" (if (isString socket) then socket else socket.socket);
|
isUnixSocket = socket: hasPrefix "/" (if (isString socket) then socket else socket.socket);
|
||||||
isPort = hasPrefix "*:";
|
|
||||||
isIPv4Socket = hasPrefix "*v4:";
|
|
||||||
isIPv6Socket = hasPrefix "*v6:";
|
|
||||||
isLocalHost = hasPrefix "localhost:";
|
|
||||||
listenStreams = socket:
|
|
||||||
if (isLocalHost socket) then
|
|
||||||
let port = (removePrefix "localhost:" socket);
|
|
||||||
in [ "127.0.0.1:${port}" ] ++ (if config.networking.enableIPv6 then ["[::1]:${port}"] else [])
|
|
||||||
else if (isIPv6Socket socket) then [removePrefix "*v6:" socket]
|
|
||||||
else if (isPort socket) then [removePrefix "*:" socket]
|
|
||||||
else if (isIPv4Socket socket) then
|
|
||||||
throw "error: IPv4 only socket not supported in rspamd with socket activation"
|
|
||||||
else if (length (splitString " " socket)) != 1 then
|
|
||||||
throw "error: string options not supported in rspamd with socket activation"
|
|
||||||
else [socket];
|
|
||||||
|
|
||||||
mkBindSockets = enabled: socks: concatStringsSep "\n " (flatten (map (each:
|
mkBindSockets = enabled: socks: concatStringsSep "\n "
|
||||||
if cfg.socketActivation && enabled != false then
|
(flatten (map (each: "bind_socket = \"${each.rawEntry}\";") socks));
|
||||||
let systemd = (systemdSocket each);
|
|
||||||
in (imap (idx: e: "bind_socket = \"systemd:${toString (systemd + idx - 1)}\";") (listenStreams each.socket))
|
|
||||||
else "bind_socket = \"${each.rawEntry}\";") socks));
|
|
||||||
|
|
||||||
rspamdConfFile = pkgs.writeText "rspamd.conf"
|
rspamdConfFile = pkgs.writeText "rspamd.conf"
|
||||||
''
|
''
|
||||||
|
@ -175,18 +149,6 @@ let
|
||||||
${cfg.extraConfig}
|
${cfg.extraConfig}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
allMappedSockets = flatten (mapAttrsToList (name: value:
|
|
||||||
if value.enable != false
|
|
||||||
then imap (idx: each: {
|
|
||||||
name = "${name}";
|
|
||||||
index = idx;
|
|
||||||
value = each;
|
|
||||||
}) value.bindSockets
|
|
||||||
else []) cfg.workers);
|
|
||||||
allSockets = map (e: e.value) allMappedSockets;
|
|
||||||
|
|
||||||
allSocketNames = map (each: "rspamd-${each.name}-${toString each.index}.socket") allMappedSockets;
|
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -205,13 +167,6 @@ in
|
||||||
description = "Whether to run the rspamd daemon in debug mode.";
|
description = "Whether to run the rspamd daemon in debug mode.";
|
||||||
};
|
};
|
||||||
|
|
||||||
socketActivation = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
description = ''
|
|
||||||
Enable systemd socket activation for rspamd.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
workers = mkOption {
|
workers = mkOption {
|
||||||
type = with types; attrsOf (submodule workerOpts);
|
type = with types; attrsOf (submodule workerOpts);
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -272,13 +227,6 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
services.rspamd.socketActivation = mkDefault (!opts.bindSocket.isDefined && !opts.bindUISocket.isDefined);
|
|
||||||
|
|
||||||
assertions = [ {
|
|
||||||
assertion = !cfg.socketActivation || !(opts.bindSocket.isDefined || opts.bindUISocket.isDefined);
|
|
||||||
message = "Can't use socketActivation for rspamd when using renamed bind socket options";
|
|
||||||
} ];
|
|
||||||
|
|
||||||
# Allow users to run 'rspamc' and 'rspamadm'.
|
# Allow users to run 'rspamc' and 'rspamadm'.
|
||||||
environment.systemPackages = [ pkgs.rspamd ];
|
environment.systemPackages = [ pkgs.rspamd ];
|
||||||
|
|
||||||
|
@ -299,17 +247,14 @@ in
|
||||||
systemd.services.rspamd = {
|
systemd.services.rspamd = {
|
||||||
description = "Rspamd Service";
|
description = "Rspamd Service";
|
||||||
|
|
||||||
wantedBy = mkIf (!cfg.socketActivation) [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ] ++
|
after = [ "network.target" ];
|
||||||
(if cfg.socketActivation then allSocketNames else []);
|
|
||||||
requires = mkIf cfg.socketActivation allSocketNames;
|
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f";
|
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RuntimeDirectory = "rspamd";
|
RuntimeDirectory = "rspamd";
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
Sockets = mkIf cfg.socketActivation (concatStringsSep " " allSocketNames);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
preStart = ''
|
preStart = ''
|
||||||
|
@ -317,24 +262,10 @@ in
|
||||||
${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /var/lib/rspamd
|
${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /var/lib/rspamd
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
systemd.sockets = mkIf cfg.socketActivation
|
|
||||||
(listToAttrs (map (each: {
|
|
||||||
name = "rspamd-${each.name}-${toString each.index}";
|
|
||||||
value = {
|
|
||||||
description = "Rspamd socket ${toString each.index} for worker ${each.name}";
|
|
||||||
wantedBy = [ "sockets.target" ];
|
|
||||||
listenStreams = (listenStreams each.value.socket);
|
|
||||||
socketConfig = {
|
|
||||||
BindIPv6Only = mkIf (isIPv6Socket each.value.socket) "ipv6-only";
|
|
||||||
Service = "rspamd.service";
|
|
||||||
SocketUser = mkIf (isUnixSocket each.value.socket) each.value.owner;
|
|
||||||
SocketGroup = mkIf (isUnixSocket each.value.socket) each.value.group;
|
|
||||||
SocketMode = mkIf (isUnixSocket each.value.socket) each.value.mode;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}) allMappedSockets));
|
|
||||||
};
|
};
|
||||||
imports = [
|
imports = [
|
||||||
|
(mkRemovedOptionModule [ "services" "rspamd" "socketActivation" ]
|
||||||
|
"Socket activation never worked correctly and could at this time not be fixed and so was removed")
|
||||||
(mkRenamedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" "normal" "bindSockets" ])
|
(mkRenamedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" "normal" "bindSockets" ])
|
||||||
(mkRenamedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" "controller" "bindSockets" ])
|
(mkRenamedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" "controller" "bindSockets" ])
|
||||||
];
|
];
|
||||||
|
|
|
@ -3,20 +3,22 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-services-gitlab">
|
xml:id="module-services-gitlab">
|
||||||
|
<title>Gitlab</title>
|
||||||
|
<para>
|
||||||
|
Gitlab is a feature-rich git hosting service.
|
||||||
|
</para>
|
||||||
|
<section xml:id="module-services-gitlab-prerequisites">
|
||||||
|
<title>Prerequisites</title>
|
||||||
|
|
||||||
<title>Gitlab</title>
|
<para>
|
||||||
|
The gitlab service exposes only an Unix socket at
|
||||||
|
<literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to
|
||||||
|
configure a webserver to proxy HTTP requests to the socket.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>Gitlab is a feature-rich git hosting service.</para>
|
<para>
|
||||||
|
For instance, the following configuration could be used to use nginx as
|
||||||
<section xml:id="module-services-gitlab-prerequisites"><title>Prerequisites</title>
|
|
||||||
|
|
||||||
<para>The gitlab service exposes only an Unix socket at
|
|
||||||
<literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to configure a
|
|
||||||
webserver to proxy HTTP requests to the socket.</para>
|
|
||||||
|
|
||||||
<para>For instance, the following configuration could be used to use nginx as
|
|
||||||
frontend proxy:
|
frontend proxy:
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<link linkend="opt-services.nginx.enable">services.nginx</link> = {
|
<link linkend="opt-services.nginx.enable">services.nginx</link> = {
|
||||||
<link linkend="opt-services.nginx.enable">enable</link> = true;
|
<link linkend="opt-services.nginx.enable">enable</link> = true;
|
||||||
|
@ -31,21 +33,24 @@ webserver to proxy HTTP requests to the socket.</para>
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-gitlab-configuring">
|
||||||
|
<title>Configuring</title>
|
||||||
|
|
||||||
</section>
|
<para>
|
||||||
|
Gitlab depends on both PostgreSQL and Redis and will automatically enable
|
||||||
|
both services. In the case of PostgreSQL, a database and a role will be
|
||||||
|
created.
|
||||||
|
</para>
|
||||||
|
|
||||||
<section xml:id="module-services-gitlab-configuring"><title>Configuring</title>
|
<para>
|
||||||
|
The default state dir is <literal>/var/gitlab/state</literal>. This is where
|
||||||
<para>Gitlab depends on both PostgreSQL and Redis and will automatically enable
|
all data like the repositories and uploads will be stored.
|
||||||
both services. In the case of PostgreSQL, a database and a role will be created.
|
</para>
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>The default state dir is <literal>/var/gitlab/state</literal>. This is where
|
|
||||||
all data like the repositories and uploads will be stored.</para>
|
|
||||||
|
|
||||||
<para>A basic configuration with some custom settings could look like this:
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
A basic configuration with some custom settings could look like this:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
services.gitlab = {
|
services.gitlab = {
|
||||||
<link linkend="opt-services.gitlab.enable">enable</link> = true;
|
<link linkend="opt-services.gitlab.enable">enable</link> = true;
|
||||||
|
@ -105,40 +110,41 @@ services.gitlab = {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>If you're setting up a new Gitlab instance, generate new secrets. You
|
<para>
|
||||||
for instance use <literal>tr -dc A-Za-z0-9 < /dev/urandom | head -c 128</literal>
|
If you're setting up a new Gitlab instance, generate new secrets. You for
|
||||||
to generate a new secret. Gitlab encrypts sensitive data stored in the database.
|
instance use <literal>tr -dc A-Za-z0-9 < /dev/urandom | head -c
|
||||||
If you're restoring an existing Gitlab instance, you must specify the secrets
|
128</literal> to generate a new secret. Gitlab encrypts sensitive data
|
||||||
secret from <literal>config/secrets.yml</literal> located in your Gitlab state
|
stored in the database. If you're restoring an existing Gitlab instance, you
|
||||||
folder.</para>
|
must specify the secrets secret from <literal>config/secrets.yml</literal>
|
||||||
|
located in your Gitlab state folder.
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>Refer to <xref linkend="ch-options" /> for all available configuration
|
<para>
|
||||||
options for the <link linkend="opt-services.gitlab.enable">services.gitlab</link> module.</para>
|
Refer to <xref linkend="ch-options" /> for all available configuration
|
||||||
|
options for the
|
||||||
|
<link linkend="opt-services.gitlab.enable">services.gitlab</link> module.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-gitlab-maintenance">
|
||||||
|
<title>Maintenance</title>
|
||||||
|
|
||||||
</section>
|
<para>
|
||||||
|
You can run Gitlab's rake tasks with <literal>gitlab-rake</literal> which
|
||||||
<section xml:id="module-services-gitlab-maintenance"><title>Maintenance</title>
|
will be available on the system when gitlab is enabled. You will have to run
|
||||||
|
the command as the user that you configured to run gitlab with.
|
||||||
<para>You can run Gitlab's rake tasks with <literal>gitlab-rake</literal>
|
</para>
|
||||||
which will be available on the system when gitlab is enabled. You will
|
|
||||||
have to run the command as the user that you configured to run gitlab
|
|
||||||
with.</para>
|
|
||||||
|
|
||||||
<para>For example, to backup a Gitlab instance:
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
For example, to backup a Gitlab instance:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
$ sudo -u git -H gitlab-rake gitlab:backup:create
|
$ sudo -u git -H gitlab-rake gitlab:backup:create
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
A list of all availabe rake tasks can be obtained by running:
|
||||||
A list of all availabe rake tasks can be obtained by running:
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
$ sudo -u git -H gitlab-rake -T
|
$ sudo -u git -H gitlab-rake -T
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
</section>
|
||||||
</section>
|
|
||||||
|
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.lidarr;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
services.lidarr = {
|
||||||
|
enable = mkEnableOption "Lidarr";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd.services.lidarr = {
|
||||||
|
description = "Lidarr";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
preStart = ''
|
||||||
|
[ ! -d /var/lib/lidarr ] && mkdir -p /var/lib/lidarr
|
||||||
|
chown -R lidarr:lidarr /var/lib/lidarr
|
||||||
|
'';
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
User = "lidarr";
|
||||||
|
Group = "lidarr";
|
||||||
|
PermissionsStartOnly = "true";
|
||||||
|
ExecStart = "${pkgs.lidarr}/bin/Lidarr";
|
||||||
|
Restart = "on-failure";
|
||||||
|
|
||||||
|
StateDirectory = "/var/lib/lidarr/";
|
||||||
|
StateDirectoryMode = "0770";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.lidarr = {
|
||||||
|
uid = config.ids.uids.lidarr;
|
||||||
|
home = "/var/lib/lidarr";
|
||||||
|
group = "lidarr";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.lidarr.gid = config.ids.gids.lidarr;
|
||||||
|
};
|
||||||
|
}
|
|
@ -345,7 +345,6 @@ in
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default =
|
default =
|
||||||
[
|
[
|
||||||
"$HOME/.nix-defexpr/channels"
|
|
||||||
"nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
|
"nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
|
||||||
"nixos-config=/etc/nixos/configuration.nix"
|
"nixos-config=/etc/nixos/configuration.nix"
|
||||||
"/nix/var/nix/profiles/per-user/root/channels"
|
"/nix/var/nix/profiles/per-user/root/channels"
|
||||||
|
@ -436,7 +435,7 @@ in
|
||||||
|
|
||||||
# Set up the environment variables for running Nix.
|
# Set up the environment variables for running Nix.
|
||||||
environment.sessionVariables = cfg.envVars //
|
environment.sessionVariables = cfg.envVars //
|
||||||
{ NIX_PATH = concatStringsSep ":" cfg.nixPath;
|
{ NIX_PATH = cfg.nixPath;
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.extraInit = optionalString (!isNix20)
|
environment.extraInit = optionalString (!isNix20)
|
||||||
|
@ -446,6 +445,10 @@ in
|
||||||
if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then
|
if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then
|
||||||
export NIX_REMOTE=daemon
|
export NIX_REMOTE=daemon
|
||||||
fi
|
fi
|
||||||
|
'' + ''
|
||||||
|
if [ -e "$HOME/.nix-defexpr/channels" ]; then
|
||||||
|
export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}"
|
||||||
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
nix.nrBuildUsers = mkDefault (lib.max 32 cfg.maxJobs);
|
nix.nrBuildUsers = mkDefault (lib.max 32 cfg.maxJobs);
|
||||||
|
|
|
@ -0,0 +1,92 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
name = "sickbeard";
|
||||||
|
|
||||||
|
cfg = config.services.sickbeard;
|
||||||
|
sickbeard = cfg.package;
|
||||||
|
|
||||||
|
in
|
||||||
|
{
|
||||||
|
|
||||||
|
###### interface
|
||||||
|
|
||||||
|
options = {
|
||||||
|
services.sickbeard = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Whether to enable the sickbeard server.";
|
||||||
|
};
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.sickbeard;
|
||||||
|
example = literalExample "pkgs.sickrage";
|
||||||
|
description =''
|
||||||
|
Enable <literal>pkgs.sickrage</literal> or <literal>pkgs.sickgear</literal>
|
||||||
|
as an alternative to SickBeard
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
dataDir = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
default = "/var/lib/${name}";
|
||||||
|
description = "Path where to store data files.";
|
||||||
|
};
|
||||||
|
configFile = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
default = "${cfg.dataDir}/config.ini";
|
||||||
|
description = "Path to config file.";
|
||||||
|
};
|
||||||
|
port = mkOption {
|
||||||
|
type = types.ints.u16;
|
||||||
|
default = 8081;
|
||||||
|
description = "Port to bind to.";
|
||||||
|
};
|
||||||
|
user = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = name;
|
||||||
|
description = "User to run the service as";
|
||||||
|
};
|
||||||
|
group = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = name;
|
||||||
|
description = "Group to run the service as";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
###### implementation
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
users.users = optionalAttrs (cfg.user == name) (singleton {
|
||||||
|
name = name;
|
||||||
|
uid = config.ids.uids.sickbeard;
|
||||||
|
group = cfg.group;
|
||||||
|
description = "sickbeard user";
|
||||||
|
home = cfg.dataDir;
|
||||||
|
createHome = true;
|
||||||
|
});
|
||||||
|
|
||||||
|
users.groups = optionalAttrs (cfg.group == name) (singleton {
|
||||||
|
name = name;
|
||||||
|
gid = config.ids.gids.sickbeard;
|
||||||
|
});
|
||||||
|
|
||||||
|
systemd.services.sickbeard = {
|
||||||
|
description = "Sickbeard Server";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
User = cfg.user;
|
||||||
|
Group = cfg.group;
|
||||||
|
ExecStart = "${sickbeard}/SickBeard.py --datadir ${cfg.dataDir} --config ${cfg.configFile} --port ${toString cfg.port}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,52 +2,44 @@
|
||||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-taskserver">
|
xml:id="module-taskserver">
|
||||||
|
|
||||||
<title>Taskserver</title>
|
<title>Taskserver</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Taskserver is the server component of
|
Taskserver is the server component of
|
||||||
<link xlink:href="https://taskwarrior.org/">Taskwarrior</link>, a free and
|
<link xlink:href="https://taskwarrior.org/">Taskwarrior</link>, a free and
|
||||||
open source todo list application.
|
open source todo list application.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
<emphasis>Upstream documentation:</emphasis>
|
<emphasis>Upstream documentation:</emphasis>
|
||||||
<link xlink:href="https://taskwarrior.org/docs/#taskd"/>
|
<link xlink:href="https://taskwarrior.org/docs/#taskd"/>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<section xml:id="module-services-taskserver-configuration">
|
<section xml:id="module-services-taskserver-configuration">
|
||||||
<title>Configuration</title>
|
<title>Configuration</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Taskserver does all of its authentication via TLS using client
|
Taskserver does all of its authentication via TLS using client certificates,
|
||||||
certificates, so you either need to roll your own CA or purchase a
|
so you either need to roll your own CA or purchase a certificate from a
|
||||||
certificate from a known CA, which allows creation of client
|
known CA, which allows creation of client certificates. These certificates
|
||||||
certificates.
|
are usually advertised as <quote>server certificates</quote>.
|
||||||
|
|
||||||
These certificates are usually advertised as
|
|
||||||
<quote>server certificates</quote>.
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
So in order to make it easier to handle your own CA, there is a helper
|
So in order to make it easier to handle your own CA, there is a helper tool
|
||||||
tool called <command>nixos-taskserver</command> which manages the custom
|
called <command>nixos-taskserver</command> which manages the custom CA along
|
||||||
CA along with Taskserver organisations, users and groups.
|
with Taskserver organisations, users and groups.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
While the client certificates in Taskserver only authenticate whether a
|
While the client certificates in Taskserver only authenticate whether a user
|
||||||
user is allowed to connect, every user has its own UUID which identifies
|
is allowed to connect, every user has its own UUID which identifies it as an
|
||||||
it as an entity.
|
entity.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
With <command>nixos-taskserver</command> the client certificate is created
|
With <command>nixos-taskserver</command> the client certificate is created
|
||||||
along with the UUID of the user, so it handles all of the credentials
|
along with the UUID of the user, so it handles all of the credentials needed
|
||||||
needed in order to setup the Taskwarrior client to work with a Taskserver.
|
in order to setup the Taskwarrior client to work with a Taskserver.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section xml:id="module-services-taskserver-nixos-taskserver-tool">
|
<section xml:id="module-services-taskserver-nixos-taskserver-tool">
|
||||||
<title>The nixos-taskserver tool</title>
|
<title>The nixos-taskserver tool</title>
|
||||||
|
|
||||||
|
@ -60,14 +52,14 @@
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The tool is designed to not interfere if the command is used to manually
|
The tool is designed to not interfere if the command is used to manually set
|
||||||
set up some organisations, users or groups.
|
up some organisations, users or groups.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
For example if you add a new organisation using
|
For example if you add a new organisation using <command>nixos-taskserver
|
||||||
<command>nixos-taskserver org add foo</command>, the organisation is not
|
org add foo</command>, the organisation is not modified and deleted no
|
||||||
modified and deleted no matter what you define in
|
matter what you define in
|
||||||
<option>services.taskserver.organisations</option>, even if you're adding
|
<option>services.taskserver.organisations</option>, even if you're adding
|
||||||
the same organisation in that option.
|
the same organisation in that option.
|
||||||
</para>
|
</para>
|
||||||
|
@ -89,10 +81,10 @@
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
This is done using
|
This is done using <command>nixos-taskserver user export $orgname
|
||||||
<command>nixos-taskserver user export $orgname $username</command> which
|
$username</command> which is printing a shell script fragment to stdout
|
||||||
is printing a shell script fragment to stdout which can either be used
|
which can either be used verbatim or adjusted to import the user on the
|
||||||
verbatim or adjusted to import the user on the client machine.
|
client machine.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
|
@ -110,9 +102,8 @@
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Now in order to import the <literal>alice</literal> user to another
|
Now in order to import the <literal>alice</literal> user to another machine
|
||||||
machine <literal>alicebox</literal>, all we need to do is something like
|
<literal>alicebox</literal>, all we need to do is something like this:
|
||||||
this:
|
|
||||||
<screen>
|
<screen>
|
||||||
$ ssh server nixos-taskserver user export my-company alice | sh
|
$ ssh server nixos-taskserver user export my-company alice | sh
|
||||||
</screen>
|
</screen>
|
||||||
|
@ -127,8 +118,8 @@ $ ssh server nixos-taskserver user export my-company alice | sh
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Subsequent synchronisation requests merely require the command
|
Subsequent synchronisation requests merely require the command <command>task
|
||||||
<command>task sync</command> after that stage.
|
sync</command> after that stage.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
<section xml:id="module-services-taskserver-manual-ca-management">
|
<section xml:id="module-services-taskserver-manual-ca-management">
|
||||||
|
|
|
@ -3,22 +3,24 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-services-weechat">
|
xml:id="module-services-weechat">
|
||||||
|
<title>WeeChat</title>
|
||||||
|
<para>
|
||||||
|
<link xlink:href="https://weechat.org/">WeeChat</link> is a fast and
|
||||||
|
extensible IRC client.
|
||||||
|
</para>
|
||||||
|
<section>
|
||||||
|
<title>Basic Usage</title>
|
||||||
|
|
||||||
<title>WeeChat</title>
|
<para>
|
||||||
<para><link xlink:href="https://weechat.org/">WeeChat</link> is a fast and extensible IRC client.</para>
|
By default, the module creates a
|
||||||
|
<literal><link xlink:href="https://www.freedesktop.org/wiki/Software/systemd/">systemd</link></literal>
|
||||||
<section><title>Basic Usage</title>
|
unit which runs the chat client in a detached
|
||||||
<para>
|
<literal><link xlink:href="https://www.gnu.org/software/screen/">screen</link></literal>
|
||||||
By default, the module creates a
|
session.
|
||||||
<literal><link xlink:href="https://www.freedesktop.org/wiki/Software/systemd/">systemd</link></literal> unit
|
</para>
|
||||||
which runs the chat client in a detached
|
|
||||||
<literal><link xlink:href="https://www.gnu.org/software/screen/">screen</link></literal> session.
|
|
||||||
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
This can be done by enabling the <literal>weechat</literal> service:
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
This can be done by enabling the <literal>weechat</literal> service:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
|
@ -26,19 +28,22 @@ This can be done by enabling the <literal>weechat</literal> service:
|
||||||
<link linkend="opt-services.weechat.enable">services.weechat.enable</link> = true;
|
<link linkend="opt-services.weechat.enable">services.weechat.enable</link> = true;
|
||||||
}
|
}
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
<para>
|
|
||||||
The service is managed by a dedicated user
|
|
||||||
named <literal>weechat</literal> in the state directory
|
|
||||||
<literal>/var/lib/weechat</literal>.
|
|
||||||
</para>
|
|
||||||
</section>
|
|
||||||
<section><title>Re-attaching to WeeChat</title>
|
|
||||||
<para>
|
|
||||||
WeeChat runs in a screen session owned by a dedicated user. To explicitly
|
|
||||||
allow your another user to attach to this session, the <literal>screenrc</literal> needs to be tweaked
|
|
||||||
by adding <link xlink:href="https://www.gnu.org/software/screen/manual/html_node/Multiuser.html#Multiuser">multiuser</link> support:
|
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The service is managed by a dedicated user named <literal>weechat</literal>
|
||||||
|
in the state directory <literal>/var/lib/weechat</literal>.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section>
|
||||||
|
<title>Re-attaching to WeeChat</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
WeeChat runs in a screen session owned by a dedicated user. To explicitly
|
||||||
|
allow your another user to attach to this session, the
|
||||||
|
<literal>screenrc</literal> needs to be tweaked by adding
|
||||||
|
<link xlink:href="https://www.gnu.org/software/screen/manual/html_node/Multiuser.html#Multiuser">multiuser</link>
|
||||||
|
support:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
{
|
{
|
||||||
<link linkend="opt-programs.screen.screenrc">programs.screen.screenrc</link> = ''
|
<link linkend="opt-programs.screen.screenrc">programs.screen.screenrc</link> = ''
|
||||||
|
@ -47,15 +52,15 @@ by adding <link xlink:href="https://www.gnu.org/software/screen/manual/html_node
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
Now, the session can be re-attached like this:
|
||||||
Now, the session can be re-attached like this:
|
|
||||||
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
screen -r weechat-screen
|
screen -r weechat-screen
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
<para>
|
|
||||||
<emphasis>The session name can be changed using <link linkend="opt-services.weechat.sessionName">services.weechat.sessionName.</link></emphasis>
|
<para>
|
||||||
</para>
|
<emphasis>The session name can be changed using
|
||||||
</section>
|
<link linkend="opt-services.weechat.sessionName">services.weechat.sessionName.</link></emphasis>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -3,13 +3,19 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-services-prometheus-exporters">
|
xml:id="module-services-prometheus-exporters">
|
||||||
|
<title>Prometheus exporters</title>
|
||||||
|
<para>
|
||||||
|
Prometheus exporters provide metrics for the
|
||||||
|
<link xlink:href="https://prometheus.io">prometheus monitoring system</link>.
|
||||||
|
</para>
|
||||||
|
<section xml:id="module-services-prometheus-exporters-configuration">
|
||||||
|
<title>Configuration</title>
|
||||||
|
|
||||||
<title>Prometheus exporters</title>
|
<para>
|
||||||
|
One of the most common exporters is the
|
||||||
<para>Prometheus exporters provide metrics for the <link xlink:href="https://prometheus.io">prometheus monitoring system</link>.</para>
|
<link xlink:href="https://github.com/prometheus/node_exporter">node
|
||||||
|
exporter</link>, it provides hardware and OS metrics from the host it's
|
||||||
<section xml:id="module-services-prometheus-exporters-configuration"><title>Configuration</title>
|
running on. The exporter could be configured as follows:
|
||||||
<para>One of the most common exporters is the <link xlink:href="https://github.com/prometheus/node_exporter">node exporter</link>, it provides hardware and OS metrics from the host it's running on. The exporter could be configured as follows:
|
|
||||||
<programlisting>
|
<programlisting>
|
||||||
services.promtheus.exporters.node = {
|
services.promtheus.exporters.node = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -24,18 +30,30 @@
|
||||||
firewallFilter = "-i br0 -p tcp -m tcp --dport 9100";
|
firewallFilter = "-i br0 -p tcp -m tcp --dport 9100";
|
||||||
};
|
};
|
||||||
</programlisting>
|
</programlisting>
|
||||||
It should now serve all metrics from the collectors
|
It should now serve all metrics from the collectors that are explicitly
|
||||||
that are explicitly enabled and the ones that are
|
enabled and the ones that are
|
||||||
<link xlink:href="https://github.com/prometheus/node_exporter#enabled-by-default">enabled by default</link>, via http under <literal>/metrics</literal>. In this example the firewall should just
|
<link xlink:href="https://github.com/prometheus/node_exporter#enabled-by-default">enabled
|
||||||
allow incoming connections to the exporter's port on the bridge interface <literal>br0</literal>
|
by default</link>, via http under <literal>/metrics</literal>. In this
|
||||||
(this would have to be configured seperately of course).
|
example the firewall should just allow incoming connections to the
|
||||||
For more information about configuration see <literal>man configuration.nix</literal> or
|
exporter's port on the bridge interface <literal>br0</literal> (this would
|
||||||
search through the <link xlink:href="https://nixos.org/nixos/options.html#prometheus.exporters">available options</link>.
|
have to be configured seperately of course). For more information about
|
||||||
</para>
|
configuration see <literal>man configuration.nix</literal> or search through
|
||||||
</section>
|
the
|
||||||
<section xml:id="module-services-prometheus-exporters-new-exporter"><title>Adding a new exporter</title>
|
<link xlink:href="https://nixos.org/nixos/options.html#prometheus.exporters">available
|
||||||
<para>To add a new exporter, it has to be packaged first (see <literal>nixpkgs/pkgs/servers/monitoring/prometheus/</literal> for examples), then a module can be added. The postfix exporter is used in this example:</para>
|
options</link>.
|
||||||
<itemizedlist>
|
</para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="module-services-prometheus-exporters-new-exporter">
|
||||||
|
<title>Adding a new exporter</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
To add a new exporter, it has to be packaged first (see
|
||||||
|
<literal>nixpkgs/pkgs/servers/monitoring/prometheus/</literal> for
|
||||||
|
examples), then a module can be added. The postfix exporter is used in this
|
||||||
|
example:
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Some default options for all exporters are provided by
|
Some default options for all exporters are provided by
|
||||||
|
@ -44,23 +62,56 @@ search through the <link xlink:href="https://nixos.org/nixos/options.html#promet
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem override='none'>
|
<listitem override='none'>
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem><para><literal>enable</literal></para></listitem>
|
<listitem>
|
||||||
<listitem><para><literal>port</literal></para></listitem>
|
<para>
|
||||||
<listitem><para><literal>listenAddress</literal></para></listitem>
|
<literal>enable</literal>
|
||||||
<listitem><para><literal>extraFlags</literal></para></listitem>
|
</para>
|
||||||
<listitem><para><literal>openFirewall</literal></para></listitem>
|
</listitem>
|
||||||
<listitem><para><literal>firewallFilter</literal></para></listitem>
|
<listitem>
|
||||||
<listitem><para><literal>user</literal></para></listitem>
|
<para>
|
||||||
<listitem><para><literal>group</literal></para></listitem>
|
<literal>port</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>listenAddress</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>extraFlags</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>openFirewall</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>firewallFilter</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>user</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<literal>group</literal>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>As there is already a package available, the module can now be added.
|
<para>
|
||||||
This is accomplished by adding a new file to the
|
As there is already a package available, the module can now be added. This
|
||||||
<literal>nixos/modules/services/monitoring/prometheus/exporters/</literal> directory,
|
is accomplished by adding a new file to the
|
||||||
which will be called postfix.nix and contains all exporter specific options
|
<literal>nixos/modules/services/monitoring/prometheus/exporters/</literal>
|
||||||
and configuration:
|
directory, which will be called postfix.nix and contains all exporter
|
||||||
<programlisting>
|
specific options and configuration:
|
||||||
|
<programlisting>
|
||||||
# nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix
|
# nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix
|
||||||
{ config, lib, pkgs }:
|
{ config, lib, pkgs }:
|
||||||
|
|
||||||
|
@ -124,12 +175,13 @@ search through the <link xlink:href="https://nixos.org/nixos/options.html#promet
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
This should already be enough for the postfix exporter. Additionally one could
|
This should already be enough for the postfix exporter. Additionally one
|
||||||
now add assertions and conditional default values. This can be done in the
|
could now add assertions and conditional default values. This can be done
|
||||||
'meta-module' that combines all exporter definitions and generates the submodules:
|
in the 'meta-module' that combines all exporter definitions and generates
|
||||||
|
the submodules:
|
||||||
<literal>nixpkgs/nixos/modules/services/prometheus/exporters.nix</literal>
|
<literal>nixpkgs/nixos/modules/services/prometheus/exporters.nix</literal>
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -3,48 +3,46 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="sec-dnscrypt-proxy">
|
xml:id="sec-dnscrypt-proxy">
|
||||||
|
|
||||||
<title>DNSCrypt client proxy</title>
|
<title>DNSCrypt client proxy</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
The DNSCrypt client proxy relays DNS queries to a DNSCrypt enabled
|
The DNSCrypt client proxy relays DNS queries to a DNSCrypt enabled upstream
|
||||||
upstream resolver. The traffic between the client and the upstream
|
resolver. The traffic between the client and the upstream resolver is
|
||||||
resolver is encrypted and authenticated, mitigating the risk of MITM
|
encrypted and authenticated, mitigating the risk of MITM attacks, DNS
|
||||||
attacks, DNS poisoning attacks, and third-party snooping (assuming the
|
poisoning attacks, and third-party snooping (assuming the upstream is
|
||||||
upstream is trustworthy).
|
trustworthy).
|
||||||
</para>
|
</para>
|
||||||
|
<sect1 xml:id="sec-dnscrypt-proxy-configuration">
|
||||||
<sect1 xml:id="sec-dnscrypt-proxy-configuration"><title>Basic configuration</title>
|
<title>Basic configuration</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
To enable the client proxy, set
|
To enable the client proxy, set
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<xref linkend="opt-services.dnscrypt-proxy.enable"/> = true;
|
<xref linkend="opt-services.dnscrypt-proxy.enable"/> = true;
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Enabling the client proxy does not alter the system nameserver; to
|
Enabling the client proxy does not alter the system nameserver; to relay
|
||||||
relay local queries, prepend <literal>127.0.0.1</literal> to
|
local queries, prepend <literal>127.0.0.1</literal> to
|
||||||
<option>networking.nameservers</option>.
|
<option>networking.nameservers</option>.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
</sect1>
|
</sect1>
|
||||||
|
<sect1 xml:id="sec-dnscrypt-proxy-forwarder">
|
||||||
<sect1 xml:id="sec-dnscrypt-proxy-forwarder"><title>As a forwarder for another DNS client</title>
|
<title>As a forwarder for another DNS client</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
To run the DNSCrypt proxy client as a forwarder for another
|
To run the DNSCrypt proxy client as a forwarder for another DNS client,
|
||||||
DNS client, change the default proxy listening port to a
|
change the default proxy listening port to a non-standard value and point
|
||||||
non-standard value and point the other client to it:
|
the other client to it:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
<xref linkend="opt-services.dnscrypt-proxy.localPort"/> = 43;
|
<xref linkend="opt-services.dnscrypt-proxy.localPort"/> = 43;
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<sect2 xml:id="sec-dnscrypt-proxy-forwarder-dsnmasq"><title>dnsmasq</title>
|
<sect2 xml:id="sec-dnscrypt-proxy-forwarder-dsnmasq">
|
||||||
|
<title>dnsmasq</title>
|
||||||
<para>
|
<para>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
{
|
{
|
||||||
<xref linkend="opt-services.dnsmasq.enable"/> = true;
|
<xref linkend="opt-services.dnsmasq.enable"/> = true;
|
||||||
<xref linkend="opt-services.dnsmasq.servers"/> = [ "127.0.0.1#43" ];
|
<xref linkend="opt-services.dnsmasq.servers"/> = [ "127.0.0.1#43" ];
|
||||||
|
@ -53,9 +51,10 @@
|
||||||
</para>
|
</para>
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
||||||
<sect2 xml:id="sec-dnscrypt-proxy-forwarder-unbound"><title>unbound</title>
|
<sect2 xml:id="sec-dnscrypt-proxy-forwarder-unbound">
|
||||||
|
<title>unbound</title>
|
||||||
<para>
|
<para>
|
||||||
<programlisting>
|
<programlisting>
|
||||||
{
|
{
|
||||||
<xref linkend="opt-services.unbound.enable"/> = true;
|
<xref linkend="opt-services.unbound.enable"/> = true;
|
||||||
<xref linkend="opt-services.unbound.forwardAddresses"/> = [ "127.0.0.1@43" ];
|
<xref linkend="opt-services.unbound.forwardAddresses"/> = [ "127.0.0.1@43" ];
|
||||||
|
@ -63,7 +62,5 @@
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
</sect2>
|
</sect2>
|
||||||
|
|
||||||
</sect1>
|
</sect1>
|
||||||
|
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -95,7 +95,7 @@ in
|
||||||
environment.etc."clamav/freshclam.conf".source = freshclamConfigFile;
|
environment.etc."clamav/freshclam.conf".source = freshclamConfigFile;
|
||||||
environment.etc."clamav/clamd.conf".source = clamdConfigFile;
|
environment.etc."clamav/clamd.conf".source = clamdConfigFile;
|
||||||
|
|
||||||
systemd.services.clamav-daemon = optionalAttrs cfg.daemon.enable {
|
systemd.services.clamav-daemon = mkIf cfg.daemon.enable {
|
||||||
description = "ClamAV daemon (clamd)";
|
description = "ClamAV daemon (clamd)";
|
||||||
after = optional cfg.updater.enable "clamav-freshclam.service";
|
after = optional cfg.updater.enable "clamav-freshclam.service";
|
||||||
requires = optional cfg.updater.enable "clamav-freshclam.service";
|
requires = optional cfg.updater.enable "clamav-freshclam.service";
|
||||||
|
@ -116,7 +116,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.timers.clamav-freshclam = optionalAttrs cfg.updater.enable {
|
systemd.timers.clamav-freshclam = mkIf cfg.updater.enable {
|
||||||
description = "Timer for ClamAV virus database updater (freshclam)";
|
description = "Timer for ClamAV virus database updater (freshclam)";
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
|
@ -125,7 +125,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.clamav-freshclam = optionalAttrs cfg.updater.enable {
|
systemd.services.clamav-freshclam = mkIf cfg.updater.enable {
|
||||||
description = "ClamAV virus database updater (freshclam)";
|
description = "ClamAV virus database updater (freshclam)";
|
||||||
restartTriggers = [ freshclamConfigFile ];
|
restartTriggers = [ freshclamConfigFile ];
|
||||||
|
|
||||||
|
@ -137,6 +137,7 @@ in
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
ExecStart = "${pkg}/bin/freshclam";
|
ExecStart = "${pkg}/bin/freshclam";
|
||||||
|
SuccessExitStatus = "1"; # if databases are up to date
|
||||||
PrivateTmp = "yes";
|
PrivateTmp = "yes";
|
||||||
PrivateDevices = "yes";
|
PrivateDevices = "yes";
|
||||||
};
|
};
|
||||||
|
|
|
@ -3,28 +3,24 @@
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-services-matomo">
|
xml:id="module-services-matomo">
|
||||||
|
|
||||||
<title>Matomo</title>
|
<title>Matomo</title>
|
||||||
<para>
|
<para>
|
||||||
Matomo is a real-time web analytics application.
|
Matomo is a real-time web analytics application. This module configures
|
||||||
This module configures php-fpm as backend for Matomo, optionally configuring an nginx vhost as well.
|
php-fpm as backend for Matomo, optionally configuring an nginx vhost as well.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
An automatic setup is not suported by Matomo, so you need to configure Matomo itself in the browser-based Matomo setup.
|
An automatic setup is not suported by Matomo, so you need to configure Matomo
|
||||||
|
itself in the browser-based Matomo setup.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
|
|
||||||
<section xml:id="module-services-matomo-database-setup">
|
<section xml:id="module-services-matomo-database-setup">
|
||||||
<title>Database Setup</title>
|
<title>Database Setup</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
You also need to configure a MariaDB or MySQL database and -user for Matomo yourself,
|
You also need to configure a MariaDB or MySQL database and -user for Matomo
|
||||||
and enter those credentials in your browser.
|
yourself, and enter those credentials in your browser. You can use
|
||||||
You can use passwordless database authentication via the UNIX_SOCKET authentication plugin
|
passwordless database authentication via the UNIX_SOCKET authentication
|
||||||
with the following SQL commands:
|
plugin with the following SQL commands:
|
||||||
|
<programlisting>
|
||||||
<programlisting>
|
|
||||||
# For MariaDB
|
# For MariaDB
|
||||||
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
|
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
|
||||||
CREATE DATABASE matomo;
|
CREATE DATABASE matomo;
|
||||||
|
@ -37,59 +33,58 @@
|
||||||
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
|
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
|
||||||
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
|
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
Then fill in <literal>matomo</literal> as database user and database name,
|
||||||
Then fill in <literal>matomo</literal> as database user and database name, and leave the password field blank.
|
and leave the password field blank. This authentication works by allowing
|
||||||
This authentication works by allowing only the <literal>matomo</literal> unix user to authenticate as the
|
only the <literal>matomo</literal> unix user to authenticate as the
|
||||||
<literal>matomo</literal> database user (without needing a password), but no other users.
|
<literal>matomo</literal> database user (without needing a password), but no
|
||||||
For more information on passwordless login, see
|
other users. For more information on passwordless login, see
|
||||||
<link xlink:href="https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/" />.
|
<link xlink:href="https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/" />.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Of course, you can use password based authentication as well, e.g. when the database is not on the same host.
|
Of course, you can use password based authentication as well, e.g. when the
|
||||||
|
database is not on the same host.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
||||||
<section xml:id="module-services-matomo-backups">
|
<section xml:id="module-services-matomo-backups">
|
||||||
<title>Backup</title>
|
<title>Backup</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
You only need to take backups of your MySQL database and the
|
You only need to take backups of your MySQL database and the
|
||||||
<filename>/var/lib/matomo/config/config.ini.php</filename> file.
|
<filename>/var/lib/matomo/config/config.ini.php</filename> file. Use a user
|
||||||
Use a user in the <literal>matomo</literal> group or root to access the file.
|
in the <literal>matomo</literal> group or root to access the file. For more
|
||||||
For more information, see <link xlink:href="https://matomo.org/faq/how-to-install/faq_138/" />.
|
information, see
|
||||||
|
<link xlink:href="https://matomo.org/faq/how-to-install/faq_138/" />.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
||||||
<section xml:id="module-services-matomo-issues">
|
<section xml:id="module-services-matomo-issues">
|
||||||
<title>Issues</title>
|
<title>Issues</title>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Matomo's file integrity check will warn you.
|
Matomo's file integrity check will warn you. This is due to the patches
|
||||||
This is due to the patches necessary for NixOS, you can safely ignore this.
|
necessary for NixOS, you can safely ignore this.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Matomo will warn you that the JavaScript tracker is not writable.
|
Matomo will warn you that the JavaScript tracker is not writable. This is
|
||||||
This is because it's located in the read-only nix store.
|
because it's located in the read-only nix store. You can safely ignore
|
||||||
You can safely ignore this, unless you need a plugin that needs JavaScript tracker access.
|
this, unless you need a plugin that needs JavaScript tracker access.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
||||||
<section xml:id="module-services-matomo-other-web-servers">
|
<section xml:id="module-services-matomo-other-web-servers">
|
||||||
<title>Using other Web Servers than nginx</title>
|
<title>Using other Web Servers than nginx</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
You can use other web servers by forwarding calls for <filename>index.php</filename> and
|
You can use other web servers by forwarding calls for
|
||||||
<filename>piwik.php</filename> to the <literal>/run/phpfpm-matomo.sock</literal> fastcgi unix socket.
|
<filename>index.php</filename> and <filename>piwik.php</filename> to the
|
||||||
You can use the nginx configuration in the module code as a reference to what else should be configured.
|
<literal>/run/phpfpm-matomo.sock</literal> fastcgi unix socket. You can use
|
||||||
|
the nginx configuration in the module code as a reference to what else
|
||||||
|
should be configured.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -142,7 +142,10 @@ in
|
||||||
|
|
||||||
systemd.user.services.dbus.wantedBy = [ "default.target" ];
|
systemd.user.services.dbus.wantedBy = [ "default.target" ];
|
||||||
|
|
||||||
programs.dconf.profiles.gdm = "${gdm}/share/dconf/profile/gdm";
|
programs.dconf.profiles.gdm = pkgs.writeText "dconf-gdm-profile" ''
|
||||||
|
system-db:local
|
||||||
|
${gdm}/share/dconf/profile/gdm
|
||||||
|
'';
|
||||||
|
|
||||||
# Use AutomaticLogin if delay is zero, because it's immediate.
|
# Use AutomaticLogin if delay is zero, because it's immediate.
|
||||||
# Otherwise with TimedLogin with zero seconds the prompt is still
|
# Otherwise with TimedLogin with zero seconds the prompt is still
|
||||||
|
|
|
@ -46,6 +46,7 @@ let
|
||||||
greeters-directory = ${cfg.greeter.package}
|
greeters-directory = ${cfg.greeter.package}
|
||||||
''}
|
''}
|
||||||
sessions-directory = ${dmcfg.session.desktops}/share/xsessions
|
sessions-directory = ${dmcfg.session.desktops}/share/xsessions
|
||||||
|
${cfg.extraConfig}
|
||||||
|
|
||||||
[Seat:*]
|
[Seat:*]
|
||||||
xserver-command = ${xserverWrapper}
|
xserver-command = ${xserverWrapper}
|
||||||
|
@ -113,6 +114,15 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
extraConfig = mkOption {
|
||||||
|
type = types.lines;
|
||||||
|
default = "";
|
||||||
|
example = ''
|
||||||
|
user-authority-in-system-dir = true
|
||||||
|
'';
|
||||||
|
description = "Extra lines to append to LightDM section.";
|
||||||
|
};
|
||||||
|
|
||||||
background = mkOption {
|
background = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png";
|
default = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png";
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
config = lib.mkIf (pkgs.kexectools.meta.available) {
|
config = lib.mkIf (lib.any (lib.meta.platformMatch pkgs.stdenv.hostPlatform) pkgs.kexectools.meta.platforms) {
|
||||||
environment.systemPackages = [ pkgs.kexectools ];
|
environment.systemPackages = [ pkgs.kexectools ];
|
||||||
|
|
||||||
systemd.services."prepare-kexec" =
|
systemd.services."prepare-kexec" =
|
||||||
|
|
|
@ -886,6 +886,9 @@ in
|
||||||
#systemd.services.systemd-logind.restartTriggers = [ config.environment.etc."systemd/logind.conf".source ];
|
#systemd.services.systemd-logind.restartTriggers = [ config.environment.etc."systemd/logind.conf".source ];
|
||||||
systemd.services.systemd-logind.restartIfChanged = false;
|
systemd.services.systemd-logind.restartIfChanged = false;
|
||||||
systemd.services.systemd-logind.stopIfChanged = false;
|
systemd.services.systemd-logind.stopIfChanged = false;
|
||||||
|
# The user-runtime-dir@ service is managed by systemd-logind we should not touch it or else we break the users' sessions.
|
||||||
|
systemd.services."user-runtime-dir@".stopIfChanged = false;
|
||||||
|
systemd.services."user-runtime-dir@".restartIfChanged = false;
|
||||||
systemd.services.systemd-journald.restartTriggers = [ config.environment.etc."systemd/journald.conf".source ];
|
systemd.services.systemd-journald.restartTriggers = [ config.environment.etc."systemd/journald.conf".source ];
|
||||||
systemd.services.systemd-journald.stopIfChanged = false;
|
systemd.services.systemd-journald.stopIfChanged = false;
|
||||||
systemd.targets.local-fs.unitConfig.X-StopOnReconfiguration = true;
|
systemd.targets.local-fs.unitConfig.X-StopOnReconfiguration = true;
|
||||||
|
|
|
@ -55,7 +55,8 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
|
||||||
systemd.services."serial-getty@hvc0".enable = false;
|
systemd.services."serial-getty@hvc0".enable = false;
|
||||||
|
|
||||||
# Only use a serial console, no TTY.
|
# Only use a serial console, no TTY.
|
||||||
virtualisation.qemu.consoles = [ qemuSerialDevice ];
|
# hvc1: socket backdoor, see "Debugging NixOS tests" section in NixOS manual
|
||||||
|
virtualisation.qemu.consoles = [ "hvc1" qemuSerialDevice ];
|
||||||
|
|
||||||
boot.initrd.preDeviceCommands =
|
boot.initrd.preDeviceCommands =
|
||||||
''
|
''
|
||||||
|
|
|
@ -1,10 +1,12 @@
|
||||||
{ nixpkgs ? { outPath = (import ../lib).cleanSource ./..; revCount = 130979; shortRev = "gfedcba"; }
|
with import ../lib;
|
||||||
|
|
||||||
|
{ nixpkgs ? { outPath = cleanSource ./..; revCount = 130979; shortRev = "gfedcba"; }
|
||||||
, stableBranch ? false
|
, stableBranch ? false
|
||||||
, supportedSystems ? [ "x86_64-linux" "aarch64-linux" ]
|
, supportedSystems ? [ "x86_64-linux" "aarch64-linux" ]
|
||||||
|
, configuration ? {}
|
||||||
}:
|
}:
|
||||||
|
|
||||||
with import ../pkgs/top-level/release-lib.nix { inherit supportedSystems; };
|
with import ../pkgs/top-level/release-lib.nix { inherit supportedSystems; };
|
||||||
with import ../lib;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
|
@ -51,7 +53,7 @@ let
|
||||||
|
|
||||||
hydraJob ((import lib/eval-config.nix {
|
hydraJob ((import lib/eval-config.nix {
|
||||||
inherit system;
|
inherit system;
|
||||||
modules = [ module versionModule { isoImage.isoBaseName = "nixos-${type}"; } ];
|
modules = [ configuration module versionModule { isoImage.isoBaseName = "nixos-${type}"; } ];
|
||||||
}).config.system.build.isoImage);
|
}).config.system.build.isoImage);
|
||||||
|
|
||||||
|
|
||||||
|
@ -62,7 +64,7 @@ let
|
||||||
|
|
||||||
hydraJob ((import lib/eval-config.nix {
|
hydraJob ((import lib/eval-config.nix {
|
||||||
inherit system;
|
inherit system;
|
||||||
modules = [ module versionModule ];
|
modules = [ configuration module versionModule ];
|
||||||
}).config.system.build.sdImage);
|
}).config.system.build.sdImage);
|
||||||
|
|
||||||
|
|
||||||
|
@ -75,7 +77,7 @@ let
|
||||||
|
|
||||||
config = (import lib/eval-config.nix {
|
config = (import lib/eval-config.nix {
|
||||||
inherit system;
|
inherit system;
|
||||||
modules = [ module versionModule ];
|
modules = [ configuration module versionModule ];
|
||||||
}).config;
|
}).config;
|
||||||
|
|
||||||
tarball = config.system.build.tarball;
|
tarball = config.system.build.tarball;
|
||||||
|
@ -95,16 +97,19 @@ let
|
||||||
|
|
||||||
buildFromConfig = module: sel: forAllSystems (system: hydraJob (sel (import ./lib/eval-config.nix {
|
buildFromConfig = module: sel: forAllSystems (system: hydraJob (sel (import ./lib/eval-config.nix {
|
||||||
inherit system;
|
inherit system;
|
||||||
modules = [ module versionModule ] ++ singleton
|
modules = [ configuration module versionModule ] ++ singleton
|
||||||
({ ... }:
|
({ ... }:
|
||||||
{ fileSystems."/".device = mkDefault "/dev/sda1";
|
{ fileSystems."/".device = mkDefault "/dev/sda1";
|
||||||
boot.loader.grub.device = mkDefault "/dev/sda";
|
boot.loader.grub.device = mkDefault "/dev/sda";
|
||||||
});
|
});
|
||||||
}).config));
|
}).config));
|
||||||
|
|
||||||
makeNetboot = config:
|
makeNetboot = { module, system, ... }:
|
||||||
let
|
let
|
||||||
configEvaled = import lib/eval-config.nix config;
|
configEvaled = import lib/eval-config.nix {
|
||||||
|
inherit system;
|
||||||
|
modules = [ module versionModule ];
|
||||||
|
};
|
||||||
build = configEvaled.config.system.build;
|
build = configEvaled.config.system.build;
|
||||||
kernelTarget = configEvaled.pkgs.stdenv.hostPlatform.platform.kernelTarget;
|
kernelTarget = configEvaled.pkgs.stdenv.hostPlatform.platform.kernelTarget;
|
||||||
in
|
in
|
||||||
|
@ -140,11 +145,8 @@ in rec {
|
||||||
initialRamdisk = buildFromConfig ({ ... }: { }) (config: config.system.build.initialRamdisk);
|
initialRamdisk = buildFromConfig ({ ... }: { }) (config: config.system.build.initialRamdisk);
|
||||||
|
|
||||||
netboot = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system: makeNetboot {
|
netboot = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system: makeNetboot {
|
||||||
|
module = ./modules/installer/netboot/netboot-minimal.nix;
|
||||||
inherit system;
|
inherit system;
|
||||||
modules = [
|
|
||||||
./modules/installer/netboot/netboot-minimal.nix
|
|
||||||
versionModule
|
|
||||||
];
|
|
||||||
});
|
});
|
||||||
|
|
||||||
iso_minimal = forAllSystems (system: makeIso {
|
iso_minimal = forAllSystems (system: makeIso {
|
||||||
|
|
|
@ -58,5 +58,9 @@ import ./make-test.nix ({ pkgs, ... }: {
|
||||||
# Ensure Docker images can use an unstable date
|
# Ensure Docker images can use an unstable date
|
||||||
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
|
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
|
||||||
$docker->succeed("[ '1970-01-01T00:00:01Z' != \"\$(docker inspect ${pkgs.dockerTools.examples.unstableDate.imageName} | ${pkgs.jq}/bin/jq -r .[].Created)\" ]");
|
$docker->succeed("[ '1970-01-01T00:00:01Z' != \"\$(docker inspect ${pkgs.dockerTools.examples.unstableDate.imageName} | ${pkgs.jq}/bin/jq -r .[].Created)\" ]");
|
||||||
|
|
||||||
|
# Ensure Layered Docker images work
|
||||||
|
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layered-image}'");
|
||||||
|
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-image.imageName}");
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
|
|
@ -14,8 +14,8 @@ in
|
||||||
keys = [ snakeOilPublicKey ];
|
keys = [ snakeOilPublicKey ];
|
||||||
protocol = "ssh-ng";
|
protocol = "ssh-ng";
|
||||||
};
|
};
|
||||||
server.nix.package = pkgs.nixUnstable;
|
server.nix.package = pkgs.nix;
|
||||||
client.nix.package = pkgs.nixUnstable;
|
client.nix.package = pkgs.nix;
|
||||||
};
|
};
|
||||||
testScript = ''
|
testScript = ''
|
||||||
startAll;
|
startAll;
|
||||||
|
|
|
@ -13,13 +13,10 @@ let
|
||||||
$machine->succeed("[[ \"\$(stat -c %G ${socket})\" == \"${group}\" ]]");
|
$machine->succeed("[[ \"\$(stat -c %G ${socket})\" == \"${group}\" ]]");
|
||||||
$machine->succeed("[[ \"\$(stat -c %a ${socket})\" == \"${mode}\" ]]");
|
$machine->succeed("[[ \"\$(stat -c %a ${socket})\" == \"${mode}\" ]]");
|
||||||
'';
|
'';
|
||||||
simple = name: socketActivation: enableIPv6: makeTest {
|
simple = name: enableIPv6: makeTest {
|
||||||
name = "rspamd-${name}";
|
name = "rspamd-${name}";
|
||||||
machine = {
|
machine = {
|
||||||
services.rspamd = {
|
services.rspamd.enable = true;
|
||||||
enable = true;
|
|
||||||
socketActivation = socketActivation;
|
|
||||||
};
|
|
||||||
networking.enableIPv6 = enableIPv6;
|
networking.enableIPv6 = enableIPv6;
|
||||||
};
|
};
|
||||||
testScript = ''
|
testScript = ''
|
||||||
|
@ -32,13 +29,6 @@ let
|
||||||
sleep 10;
|
sleep 10;
|
||||||
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
|
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
|
||||||
$machine->log($machine->succeed("systemctl cat rspamd.service"));
|
$machine->log($machine->succeed("systemctl cat rspamd.service"));
|
||||||
${if socketActivation then ''
|
|
||||||
$machine->log($machine->succeed("systemctl cat rspamd-controller-1.socket"));
|
|
||||||
$machine->log($machine->succeed("systemctl cat rspamd-normal-1.socket"));
|
|
||||||
'' else ''
|
|
||||||
$machine->fail("systemctl cat rspamd-controller-1.socket");
|
|
||||||
$machine->fail("systemctl cat rspamd-normal-1.socket");
|
|
||||||
''}
|
|
||||||
$machine->log($machine->succeed("curl http://localhost:11334/auth"));
|
$machine->log($machine->succeed("curl http://localhost:11334/auth"));
|
||||||
$machine->log($machine->succeed("curl http://127.0.0.1:11334/auth"));
|
$machine->log($machine->succeed("curl http://127.0.0.1:11334/auth"));
|
||||||
${optionalString enableIPv6 ''
|
${optionalString enableIPv6 ''
|
||||||
|
@ -48,10 +38,8 @@ let
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
simple = simple "simple" false true;
|
simple = simple "simple" true;
|
||||||
ipv4only = simple "ipv4only" false false;
|
ipv4only = simple "ipv4only" false;
|
||||||
simple-socketActivated = simple "simple-socketActivated" true true;
|
|
||||||
ipv4only-socketActivated = simple "ipv4only-socketActivated" true false;
|
|
||||||
deprecated = makeTest {
|
deprecated = makeTest {
|
||||||
name = "rspamd-deprecated";
|
name = "rspamd-deprecated";
|
||||||
machine = {
|
machine = {
|
||||||
|
@ -68,7 +56,6 @@ in
|
||||||
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
|
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
|
||||||
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
|
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
|
||||||
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
|
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
|
||||||
$machine->fail("systemctl cat rspamd-normal-1.socket");
|
|
||||||
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
|
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
|
||||||
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
|
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
|
||||||
'';
|
'';
|
||||||
|
@ -79,7 +66,6 @@ in
|
||||||
machine = {
|
machine = {
|
||||||
services.rspamd = {
|
services.rspamd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
socketActivation = false;
|
|
||||||
workers.normal.bindSockets = [{
|
workers.normal.bindSockets = [{
|
||||||
socket = "/run/rspamd.sock";
|
socket = "/run/rspamd.sock";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
|
@ -101,38 +87,6 @@ in
|
||||||
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
|
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
|
||||||
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
|
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
|
||||||
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
|
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
|
||||||
$machine->fail("systemctl cat rspamd-normal-1.socket");
|
|
||||||
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
|
|
||||||
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
socketActivated = makeTest {
|
|
||||||
name = "rspamd-socketActivated";
|
|
||||||
machine = {
|
|
||||||
services.rspamd = {
|
|
||||||
enable = true;
|
|
||||||
workers.normal.bindSockets = [{
|
|
||||||
socket = "/run/rspamd.sock";
|
|
||||||
mode = "0600";
|
|
||||||
owner = "root";
|
|
||||||
group = "root";
|
|
||||||
}];
|
|
||||||
workers.controller.bindSockets = [{
|
|
||||||
socket = "/run/rspamd-worker.sock";
|
|
||||||
mode = "0666";
|
|
||||||
owner = "root";
|
|
||||||
group = "root";
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
testScript = ''
|
|
||||||
startAll
|
|
||||||
$machine->waitForFile("/run/rspamd.sock");
|
|
||||||
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
|
|
||||||
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
|
|
||||||
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
|
|
||||||
$machine->log($machine->succeed("systemctl cat rspamd-normal-1.socket"));
|
|
||||||
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
|
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
|
||||||
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
|
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
let
|
let
|
||||||
version = "2.0.1";
|
version = "2.0.3";
|
||||||
sha256 = "0rfq0izpswfwbyvr5kb6zjyf6sd7l1706c0sp7ccy6ykdfb4v6zs";
|
sha256 = "1yf3ln4ksk8613kqkpsh16cj8xwx761q6czy57rs8kfh7pgc2pzb";
|
||||||
cargoSha256 = "1ij17bfwvikqi5aj71j1nwf3jhkf3y9a0kwydajviwal47p9grl9";
|
cargoSha256 = "1jayk4ngwbg0rv7x1slkl2z46czgy2hnfcxc0dhaz4xpbp2bjqq8";
|
||||||
patches = [ ./patches/vendored-sources-2.0.patch ];
|
patches = [ ./patches/vendored-sources-2.0.patch ];
|
||||||
in
|
in
|
||||||
import ./parity.nix { inherit version sha256 cargoSha256 patches; }
|
import ./parity.nix { inherit version sha256 cargoSha256 patches; }
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
let
|
let
|
||||||
version = "1.11.8";
|
version = "1.11.10";
|
||||||
sha256 = "0qk5vl8ql3pr9pz5iz7whahwqi1fcbsf8kphn6z4grgc87id7b19";
|
sha256 = "15sk6dvc8h1bdm6v7xlq517km0bakb9f13h1n7ixj311vahnmk15";
|
||||||
cargoSha256 = "0p2idd36cyzp2ax81k533bdma4hz0ws2981qj2s7jnhvmj4941l8";
|
cargoSha256 = "0p2idd36cyzp2ax81k533bdma4hz0ws2981qj2s7jnhvmj4941l8";
|
||||||
patches = [ ./patches/vendored-sources-1.11.patch ];
|
patches = [ ./patches/vendored-sources-1.11.patch ];
|
||||||
in
|
in
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
{ stdenv, fetchurl }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
name = "csa-${version}";
|
||||||
|
version = "0.5.100810";
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "mirror://sourceforge/csa/${name}.tar.gz";
|
||||||
|
sha256 = "1syg81dzdil0dyx1mlx1n7if3qsf2iz243p2zv34a1acfqm509r3";
|
||||||
|
};
|
||||||
|
|
||||||
|
# after running either cellular leveler mono or stereo, the other stops working,
|
||||||
|
# so we remove one of them:
|
||||||
|
postInstall = "rm $out/lib/ladspa/celllm_3890.*";
|
||||||
|
|
||||||
|
meta = with stdenv.lib; {
|
||||||
|
homepage = https://sourceforge.net/projects/csa/;
|
||||||
|
description = "A group of LADSPA Audio plugins for FM broadcast and more";
|
||||||
|
longDescription = ''
|
||||||
|
CSA means : Contrôle Signal Audio.
|
||||||
|
It contains the following plugins:
|
||||||
|
Emphazised Limiter, Cellular Leveler, Simple right/left amplifier. Blind Peak Meter.
|
||||||
|
'';
|
||||||
|
license = licenses.gpl3;
|
||||||
|
maintainers = [ maintainers.magnetophon ];
|
||||||
|
platforms = platforms.linux;
|
||||||
|
};
|
||||||
|
}
|
|
@ -4,11 +4,11 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "puredata-${version}";
|
name = "puredata-${version}";
|
||||||
version = "0.48-2";
|
version = "0.49-0";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "http://msp.ucsd.edu/Software/pd-${version}.src.tar.gz";
|
url = "http://msp.ucsd.edu/Software/pd-${version}.src.tar.gz";
|
||||||
sha256 = "0p86hncgzkrl437v2wch2fg9iyn6mnrgbn811sh9pwmrjj2f06v8";
|
sha256 = "18rzqbpgnnvyslap7k0ly87aw1bbxkb0rk5agpr423ibs9slxq6j";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ autoreconfHook gettext makeWrapper ];
|
nativeBuildInputs = [ autoreconfHook gettext makeWrapper ];
|
||||||
|
@ -20,11 +20,9 @@ stdenv.mkDerivation rec {
|
||||||
"--enable-jack"
|
"--enable-jack"
|
||||||
"--enable-fftw"
|
"--enable-fftw"
|
||||||
"--disable-portaudio"
|
"--disable-portaudio"
|
||||||
|
"--disable-oss"
|
||||||
];
|
];
|
||||||
|
|
||||||
# https://github.com/pure-data/pure-data/issues/188
|
|
||||||
# --disable-oss
|
|
||||||
|
|
||||||
postInstall = ''
|
postInstall = ''
|
||||||
wrapProgram $out/bin/pd --prefix PATH : ${tk}/bin
|
wrapProgram $out/bin/pd --prefix PATH : ${tk}/bin
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
{ stdenv, fetchFromGitHub, makeWrapper
|
||||||
|
, flac, sox }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
name = "redoflacs-${version}";
|
||||||
|
version = "0.30.20150202";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "sirjaren";
|
||||||
|
repo = "redoflacs";
|
||||||
|
rev = "86c6f5becca0909dcb2a0cb9ed747a575d7a4735";
|
||||||
|
sha256 = "1gzlmh4vnf2fl0x8ig2n1f76082ngldsv85i27dv15y2m1kffw2j";
|
||||||
|
};
|
||||||
|
|
||||||
|
dontBuild = true;
|
||||||
|
|
||||||
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
runHook preInstall
|
||||||
|
|
||||||
|
install -Dm755 -t $out/bin redoflacs
|
||||||
|
install -Dm644 -t $out/share/doc/redoflacs LICENSE *.md
|
||||||
|
|
||||||
|
runHook postInstall
|
||||||
|
'';
|
||||||
|
|
||||||
|
postFixup = ''
|
||||||
|
wrapProgram $out/bin/redoflacs \
|
||||||
|
--prefix PATH : ${stdenv.lib.makeBinPath [ flac sox ]}
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = with stdenv.lib; {
|
||||||
|
description = "Parallel BASH commandline FLAC compressor, verifier, organizer, analyzer, and retagger";
|
||||||
|
homepage = src.meta.homepage;
|
||||||
|
license = licenses.gpl2;
|
||||||
|
platforms = platforms.all;
|
||||||
|
};
|
||||||
|
}
|
|
@ -9,14 +9,14 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
ver_branch = "2.0";
|
ver_branch = "2.0";
|
||||||
version = "2.0.5";
|
version = "2.0.6";
|
||||||
in
|
in
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "lightdm-gtk-greeter-${version}";
|
name = "lightdm-gtk-greeter-${version}";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "${meta.homepage}/${ver_branch}/${version}/+download/${name}.tar.gz";
|
url = "${meta.homepage}/${ver_branch}/${version}/+download/${name}.tar.gz";
|
||||||
sha256 = "1pw70db8320wvkhkrw4i2qprxlrqy3jmb6yrr4bm3lgrizahiijx";
|
sha256 = "1pis5qyg95pg31dvnfqq34bzgj00hg4vs547r8h60lxjk81z8p15";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ pkgconfig ];
|
nativeBuildInputs = [ pkgconfig ];
|
||||||
|
|
|
@ -8,19 +8,15 @@ let
|
||||||
inherit (gnome2) GConf gnome_vfs;
|
inherit (gnome2) GConf gnome_vfs;
|
||||||
};
|
};
|
||||||
stableVersion = {
|
stableVersion = {
|
||||||
version = "3.1.4.0"; # "Android Studio 3.1.4"
|
version = "3.2.0.26"; # "Android Studio 3.2.0"
|
||||||
build = "173.4907809";
|
build = "181.5014246";
|
||||||
sha256Hash = "0xx6yprylmcb32ipmwdcfkgddlm1nrxi1w68miclvgrbk015brf2";
|
sha256Hash = "0v1a3b0n8dq5p8f6jap2ypqw724v61ki31qhqmh9hn36mn6d8wg6";
|
||||||
};
|
|
||||||
betaVersion = {
|
|
||||||
version = "3.2.0.25"; # "Android Studio 3.2 RC 3"
|
|
||||||
build = "181.4987877";
|
|
||||||
sha256Hash = "0mriakxxchc0wbqkl236pp4fsqbq3gb2qrkdg5hx9zz763dc59gp";
|
|
||||||
};
|
};
|
||||||
|
betaVersion = stableVersion;
|
||||||
latestVersion = { # canary & dev
|
latestVersion = { # canary & dev
|
||||||
version = "3.3.0.10"; # "Android Studio 3.3 Canary 11"
|
version = "3.3.0.11"; # "Android Studio 3.3 Canary 12"
|
||||||
build = "182.5012296";
|
build = "182.5026711";
|
||||||
sha256Hash = "0gqwf904y2pvp10l96gr055gjl1zf9pkb7840abqhl26liliwdm4";
|
sha256Hash = "0k1f8yw3gdil78iqxlwhbz71w1307hwwf8z9m7hs0v9b4ri6x2wk";
|
||||||
};
|
};
|
||||||
in rec {
|
in rec {
|
||||||
# Old alias
|
# Old alias
|
||||||
|
|
|
@ -73,13 +73,13 @@ let
|
||||||
};
|
};
|
||||||
in stdenv.lib.mapAttrs common {
|
in stdenv.lib.mapAttrs common {
|
||||||
atom = {
|
atom = {
|
||||||
version = "1.30.0";
|
version = "1.31.0";
|
||||||
sha256 = "1hqizfn9c249l51rlpfgk0h374maqgw6pagswlh4xa278qzb6qzs";
|
sha256 = "184vsj7qcpzwiq2v5kh8i21wfzhinhybxmr71y41sjqp78s2gy57";
|
||||||
};
|
};
|
||||||
|
|
||||||
atom-beta = {
|
atom-beta = {
|
||||||
version = "1.31.0";
|
version = "1.32.0";
|
||||||
beta = 0;
|
beta = 0;
|
||||||
sha256 = "11nlaz89rg6lgzsxp83qdqk4bnn2cij2p5aqjd9a3phd7v70xmy5";
|
sha256 = "12k5cn70a0diyaqbmq6s6l2sbi9i3d9p7i38qnm97lnw0y1kh0jm";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -96,22 +96,7 @@ rec {
|
||||||
|
|
||||||
### Eclipse Platform
|
### Eclipse Platform
|
||||||
|
|
||||||
eclipse-platform = eclipse-platform-48; # always point to latest
|
eclipse-platform = eclipse-platform-49; # always point to latest
|
||||||
|
|
||||||
eclipse-platform-46 = buildEclipse {
|
|
||||||
name = "eclipse-platform-4.6.2";
|
|
||||||
description = "Eclipse Platform Neon 2";
|
|
||||||
sources = {
|
|
||||||
"x86_64-linux" = fetchurl {
|
|
||||||
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.6.2-201611241400/eclipse-platform-4.6.2-linux-gtk-x86_64.tar.gz;
|
|
||||||
sha256 = "1fmpirjkp210angyfz3nr5jp58snjy6784zkkbmdxkiyg9kg2wqq";
|
|
||||||
};
|
|
||||||
"i686-linux" = fetchurl {
|
|
||||||
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.6.2-201611241400/eclipse-platform-4.6.2-linux-gtk.tar.gz;
|
|
||||||
sha256 = "0274g6ypiqsqkch10868ygbm6avc5pa57saz9wd196kdivl1bdpm";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
eclipse-platform-47 = buildEclipse {
|
eclipse-platform-47 = buildEclipse {
|
||||||
name = "eclipse-platform-4.7.3a";
|
name = "eclipse-platform-4.7.3a";
|
||||||
|
@ -143,6 +128,21 @@ rec {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
eclipse-platform-49 = buildEclipse {
|
||||||
|
name = "eclipse-platform-4.9";
|
||||||
|
description = "Eclipse Platform 2018-09";
|
||||||
|
sources = {
|
||||||
|
"x86_64-linux" = fetchurl {
|
||||||
|
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.9-201809060745/eclipse-platform-4.9-linux-gtk-x86_64.tar.gz;
|
||||||
|
sha512 = "875714bb411145c917fccedf2f7c4fd2757640b2debf4a18f775604233abd6f0da893b350cc03da44413d7ec6fae3f773ef08634e632058e4b705e6cda2893eb";
|
||||||
|
};
|
||||||
|
"i686-linux" = fetchurl {
|
||||||
|
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.9-201809060745/eclipse-platform-4.9-linux-gtk.tar.gz;
|
||||||
|
sha512 = "758bc0de30fa5c4b76b343ea0325611d87b6928ef5002244f2f1ba2a9fa937de89b2a94ce2c8d33d79344fd574d6e8a72c5d127fe416d785f48600e9e85fce86";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
### Eclipse Scala SDK
|
### Eclipse Scala SDK
|
||||||
|
|
||||||
eclipse-scala-sdk = eclipse-scala-sdk-441; # always point to latest
|
eclipse-scala-sdk = eclipse-scala-sdk-441; # always point to latest
|
||||||
|
@ -165,22 +165,7 @@ rec {
|
||||||
|
|
||||||
### Eclipse SDK
|
### Eclipse SDK
|
||||||
|
|
||||||
eclipse-sdk = eclipse-sdk-48; # always point to latest
|
eclipse-sdk = eclipse-sdk-49; # always point to latest
|
||||||
|
|
||||||
eclipse-sdk-46 = buildEclipse {
|
|
||||||
name = "eclipse-sdk-4.6.2";
|
|
||||||
description = "Eclipse Neon 2 Classic";
|
|
||||||
sources = {
|
|
||||||
"x86_64-linux" = fetchurl {
|
|
||||||
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.6.2-201611241400/eclipse-SDK-4.6.2-linux-gtk-x86_64.tar.gz;
|
|
||||||
sha256 = "0g3nk1gcz178j8xk6nblkfsaysm8gq8101383fx60x6w25rdfgjb";
|
|
||||||
};
|
|
||||||
"i686-linux" = fetchurl {
|
|
||||||
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.6.2-201611241400/eclipse-SDK-4.6.2-linux-gtk.tar.gz;
|
|
||||||
sha256 = "09wlkcxs5h3j8habqxgr4all99vkgmyixc0vr9dj3qs0kl85k5mz";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
eclipse-sdk-47 = buildEclipse {
|
eclipse-sdk-47 = buildEclipse {
|
||||||
name = "eclipse-sdk-4.7.3a";
|
name = "eclipse-sdk-4.7.3a";
|
||||||
|
@ -212,6 +197,21 @@ rec {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
eclipse-sdk-49 = buildEclipse {
|
||||||
|
name = "eclipse-sdk-4.9";
|
||||||
|
description = "Eclipse 2018-09 Classic";
|
||||||
|
sources = {
|
||||||
|
"x86_64-linux" = fetchurl {
|
||||||
|
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.9-201809060745/eclipse-SDK-4.9-linux-gtk-x86_64.tar.gz;
|
||||||
|
sha512 = "5e74a0411f56b3973b7c6d8c3727392297d55ad458a814b4cc3f2f6a57dbeebc64852d1a6a958db5c3b08c620093bfb5bcc0d2c6a400f5594b82c2ef5d5fa9fb";
|
||||||
|
};
|
||||||
|
"i686-linux" = fetchurl {
|
||||||
|
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.9-201809060745/eclipse-SDK-4.9-linux-gtk.tar.gz;
|
||||||
|
sha512 = "b1861bd99c8e43f1d04247226584246aa7844af5e2da820fe98a51018dbe8ff4c25dbb9fa655f56e103f95c0696f40a65dcce13430c63aa080f786738e70eb8b";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
eclipse-sdk-37 = buildEclipse {
|
eclipse-sdk-37 = buildEclipse {
|
||||||
name = "eclipse-sdk-3.7";
|
name = "eclipse-sdk-3.7";
|
||||||
description = "Eclipse Classic";
|
description = "Eclipse Classic";
|
||||||
|
|
|
@ -470,12 +470,12 @@ rec {
|
||||||
|
|
||||||
jdt = buildEclipseUpdateSite rec {
|
jdt = buildEclipseUpdateSite rec {
|
||||||
name = "jdt-${version}";
|
name = "jdt-${version}";
|
||||||
version = "4.8";
|
version = "4.9";
|
||||||
|
|
||||||
src = fetchzip {
|
src = fetchzip {
|
||||||
stripRoot = false;
|
stripRoot = false;
|
||||||
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.8-201806110500/org.eclipse.jdt-4.8.zip;
|
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.9-201809060745/org.eclipse.jdt-4.9.zip;
|
||||||
sha256 = "1my0d1114mx5gzxmwqlx0rcny39ly97ixlwx53ljk6qcryhdnr88";
|
sha256 = "144rqrw0crxd2v862dqxm2p5y60n4pbzdryv709xnhcw54rycm7n";
|
||||||
};
|
};
|
||||||
|
|
||||||
meta = with stdenv.lib; {
|
meta = with stdenv.lib; {
|
||||||
|
|
|
@ -59,8 +59,11 @@ self:
|
||||||
inherit (self.melpaPackages) easy-kill;
|
inherit (self.melpaPackages) easy-kill;
|
||||||
};
|
};
|
||||||
|
|
||||||
# missing git
|
egg = super.egg.overrideAttrs (attrs: {
|
||||||
egg = markBroken super.egg;
|
# searches for Git at build time
|
||||||
|
nativeBuildInputs =
|
||||||
|
(attrs.nativeBuildInputs or []) ++ [ external.git ];
|
||||||
|
});
|
||||||
|
|
||||||
# upstream issue: missing file header
|
# upstream issue: missing file header
|
||||||
elmine = markBroken super.elmine;
|
elmine = markBroken super.elmine;
|
||||||
|
@ -146,6 +149,18 @@ self:
|
||||||
(attrs.nativeBuildInputs or []) ++ [ external.git ];
|
(attrs.nativeBuildInputs or []) ++ [ external.git ];
|
||||||
});
|
});
|
||||||
|
|
||||||
|
magithub = super.magithub.overrideAttrs (attrs: {
|
||||||
|
# searches for Git at build time
|
||||||
|
nativeBuildInputs =
|
||||||
|
(attrs.nativeBuildInputs or []) ++ [ external.git ];
|
||||||
|
});
|
||||||
|
|
||||||
|
magit-svn = super.magit-svn.overrideAttrs (attrs: {
|
||||||
|
# searches for Git at build time
|
||||||
|
nativeBuildInputs =
|
||||||
|
(attrs.nativeBuildInputs or []) ++ [ external.git ];
|
||||||
|
});
|
||||||
|
|
||||||
magit-todos = super.magit-todos.overrideAttrs (attrs: {
|
magit-todos = super.magit-todos.overrideAttrs (attrs: {
|
||||||
# searches for Git at build time
|
# searches for Git at build time
|
||||||
nativeBuildInputs =
|
nativeBuildInputs =
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{stdenv, fetchurl, fltk13, ghostscript}:
|
{ stdenv, fetchurl, fltk13, ghostscript, xlibs }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "flpsed-${version}";
|
name = "flpsed-${version}";
|
||||||
|
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
|
||||||
description = "WYSIWYG PostScript annotator";
|
description = "WYSIWYG PostScript annotator";
|
||||||
homepage = http://flpsed.org/flpsed.html;
|
homepage = http://flpsed.org/flpsed.html;
|
||||||
license = licenses.gpl3;
|
license = licenses.gpl3;
|
||||||
platforms = platforms.mesaPlatforms;
|
platforms = platforms.linux;
|
||||||
maintainers = with maintainers; [ fuuzetsu ];
|
maintainers = with maintainers; [ fuuzetsu ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,7 +26,7 @@ with stdenv; lib.makeOverridable mkDerivation rec {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = [ makeWrapper patchelf p7zip unzip ];
|
nativeBuildInputs = [ makeWrapper patchelf p7zip unzip ];
|
||||||
|
|
||||||
patchPhase = ''
|
patchPhase = ''
|
||||||
get_file_size() {
|
get_file_size() {
|
||||||
|
|
|
@ -130,7 +130,8 @@ let
|
||||||
longDescription = ''
|
longDescription = ''
|
||||||
IDE for Java SE, Groovy & Scala development Powerful
|
IDE for Java SE, Groovy & Scala development Powerful
|
||||||
environment for building Google Android apps Integration
|
environment for building Google Android apps Integration
|
||||||
with JUnit, TestNG, popular SCMs, Ant & Maven.
|
with JUnit, TestNG, popular SCMs, Ant & Maven. Also known
|
||||||
|
as IntelliJ.
|
||||||
'';
|
'';
|
||||||
maintainers = with maintainers; [ edwtjo ];
|
maintainers = with maintainers; [ edwtjo ];
|
||||||
platforms = platforms.linux;
|
platforms = platforms.linux;
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
gtk2, wrapGAppsHook, libXScrnSaver, libxkbfile, libsecret }:
|
gtk2, wrapGAppsHook, libXScrnSaver, libxkbfile, libsecret }:
|
||||||
|
|
||||||
let
|
let
|
||||||
version = "1.26.1";
|
version = "1.27.2";
|
||||||
channel = "stable";
|
channel = "stable";
|
||||||
|
|
||||||
plat = {
|
plat = {
|
||||||
|
@ -12,9 +12,9 @@ let
|
||||||
}.${stdenv.hostPlatform.system};
|
}.${stdenv.hostPlatform.system};
|
||||||
|
|
||||||
sha256 = {
|
sha256 = {
|
||||||
"i686-linux" = "1g7kqbz6mrf8ngx2bnwpi9fifq5rjznxgsgwjb532z3nh92ypa8n";
|
"i686-linux" = "33704d089b03c636e8c46d434068c97b66e5a9d323b991bd327067aa90e87afa";
|
||||||
"x86_64-linux" = "02yldycakn5zxj1ji4nmhdyazqlkjqpzdj3g8j501c3j28pgiwjy";
|
"x86_64-linux" = "11023c652dd89bde1b7fbc8a7dc04fd4f87df3bfe6952a1c0ad75ab861e3196d";
|
||||||
"x86_64-darwin" = "0pnsfkh20mj7pzqw7wlfd98jqc6a1mnsq1iira15n7fafqgj8zpl";
|
"x86_64-darwin" = "d1f2d046775406e6f339883dab432fcaa149e763ccfcd017556a46e890de6476";
|
||||||
}.${stdenv.hostPlatform.system};
|
}.${stdenv.hostPlatform.system};
|
||||||
|
|
||||||
archive_fmt = if stdenv.hostPlatform.system == "x86_64-darwin" then "zip" else "tar.gz";
|
archive_fmt = if stdenv.hostPlatform.system == "x86_64-darwin" then "zip" else "tar.gz";
|
||||||
|
|
|
@ -6,11 +6,11 @@
|
||||||
|
|
||||||
mkDerivation rec {
|
mkDerivation rec {
|
||||||
name = "kgraphviewer-${version}";
|
name = "kgraphviewer-${version}";
|
||||||
version = "2.4.2";
|
version = "2.4.3";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://kde/stable/kgraphviewer/${version}/${name}.tar.xz";
|
url = "mirror://kde/stable/kgraphviewer/${version}/${name}.tar.xz";
|
||||||
sha256 = "1jc5zfgy4narwgn7rscfwz7l5pjy0jghal6yb3kd4sfadi78nhs9";
|
sha256 = "1h6pgg89gvxl8gw7wmkabyqqrzad5pxyv5lsmn1fl4ir8lcc5q2l";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
|
|
|
@ -4,13 +4,13 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "openimageio-${version}";
|
name = "openimageio-${version}";
|
||||||
version = "1.8.9";
|
version = "1.8.14";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "OpenImageIO";
|
owner = "OpenImageIO";
|
||||||
repo = "oiio";
|
repo = "oiio";
|
||||||
rev = "Release-${version}";
|
rev = "Release-${version}";
|
||||||
sha256 = "0xyfb41arvi3cc5jvgj2m8skzjrb0xma8sml74svygjgagxfj65h";
|
sha256 = "07axn7bziy9h5jawpwcchag0nkczivaajsw69mxgmr508gw9r0xn";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = [ "bin" "out" "dev" "doc" ];
|
outputs = [ "bin" "out" "dev" "doc" ];
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ stdenv,
|
{ stdenv,
|
||||||
lib,
|
lib,
|
||||||
fetchFromGitHub,
|
fetchgit,
|
||||||
rustPlatform,
|
rustPlatform,
|
||||||
cmake,
|
cmake,
|
||||||
makeWrapper,
|
makeWrapper,
|
||||||
|
@ -50,17 +50,19 @@ let
|
||||||
OpenGL
|
OpenGL
|
||||||
];
|
];
|
||||||
in buildRustPackage rec {
|
in buildRustPackage rec {
|
||||||
name = "alacritty-${version}";
|
name = "alacritty-unstable-${version}";
|
||||||
version = "0.2.0";
|
version = "0.2.0";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
# At the moment we cannot handle git dependencies in buildRustPackage.
|
||||||
owner = "jwilm";
|
# This fork only replaces rust-fontconfig/libfontconfig with a git submodules.
|
||||||
repo = "alacritty";
|
src = fetchgit {
|
||||||
rev = "v${version}";
|
url = https://github.com/Mic92/alacritty.git;
|
||||||
sha256 = "11z7diji64x6n3m5m2d0a9215aajg7mpklflvpwrglmghnvi74y6";
|
rev = "rev-${version}";
|
||||||
|
sha256 = "1c9izflacm693rwkxwakxgnpkvxwc8mqasr5p7x0ys6xg91h9sxn";
|
||||||
|
fetchSubmodules = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
cargoSha256 = "0ms0248bb2lgbzcqks6i0qhn1gaiim3jf1kl17qw52c8an3rc652";
|
cargoSha256 = "1ijgkwv9ij4haig1h6n2b9xbhp5vahy9vp1sx72wxaaj9476msjx";
|
||||||
|
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
cmake
|
cmake
|
||||||
|
@ -117,5 +119,6 @@ in buildRustPackage rec {
|
||||||
homepage = https://github.com/jwilm/alacritty;
|
homepage = https://github.com/jwilm/alacritty;
|
||||||
license = with licenses; [ asl20 ];
|
license = with licenses; [ asl20 ];
|
||||||
maintainers = with maintainers; [ mic92 ];
|
maintainers = with maintainers; [ mic92 ];
|
||||||
|
platforms = [ "x86_64-linux" "x86_64-darwin" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,11 +3,11 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "chirp-daily-${version}";
|
name = "chirp-daily-${version}";
|
||||||
version = "20180815";
|
version = "20180906";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://trac.chirp.danplanet.com/chirp_daily/daily-${version}/${name}.tar.gz";
|
url = "https://trac.chirp.danplanet.com/chirp_daily/daily-${version}/${name}.tar.gz";
|
||||||
sha256 = "0z3jh9sbszs8x0xjmkgxa3b1xnw3w9b13pml4i5apx3mj171npyv";
|
sha256 = "00cq15892p46z1j1fl2pd17y7k4rc6cfz7gaxb446mshxrvbfgam";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ makeWrapper ];
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|
|
@ -34,6 +34,7 @@ python3Packages.buildPythonApplication rec {
|
||||||
# plugins
|
# plugins
|
||||||
keepkey
|
keepkey
|
||||||
trezor
|
trezor
|
||||||
|
btchip
|
||||||
];
|
];
|
||||||
|
|
||||||
nativeBuildInputs = [ makeWrapper ];
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|
|
@ -41,10 +41,10 @@ python3Packages.buildPythonApplication rec {
|
||||||
# plugins
|
# plugins
|
||||||
keepkey
|
keepkey
|
||||||
trezor
|
trezor
|
||||||
|
btchip
|
||||||
|
|
||||||
# TODO plugins
|
# TODO plugins
|
||||||
# amodem
|
# amodem
|
||||||
# btchip
|
|
||||||
];
|
];
|
||||||
|
|
||||||
preBuild = ''
|
preBuild = ''
|
||||||
|
|
|
@ -33,14 +33,14 @@ let
|
||||||
};
|
};
|
||||||
|
|
||||||
in with py.pkgs; buildPythonApplication rec {
|
in with py.pkgs; buildPythonApplication rec {
|
||||||
version = "3.4.0";
|
version = "4.0.0a4";
|
||||||
name = "gcalcli-${version}";
|
name = "gcalcli-${version}";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "insanum";
|
owner = "insanum";
|
||||||
repo = "gcalcli";
|
repo = "gcalcli";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "171awccgnmfv4j7m2my9387sjy60g18kzgvscl6pzdid9fn9rrm8";
|
sha256 = "00giq5cdigidzv5bz4wgzi1yp6xlf2rdcy6ynmsc6bcf0cl5x64d";
|
||||||
};
|
};
|
||||||
|
|
||||||
propagatedBuildInputs = [
|
propagatedBuildInputs = [
|
||||||
|
@ -55,7 +55,7 @@ in with py.pkgs; buildPythonApplication rec {
|
||||||
"command = '${libnotify}/bin/notify-send -i view-calendar-upcoming-events -u critical -a Calendar %s'"
|
"command = '${libnotify}/bin/notify-send -i view-calendar-upcoming-events -u critical -a Calendar %s'"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# There are no tests as of 3.4.0
|
# There are no tests as of 4.0.0a4
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
|
|
|
@ -26,13 +26,13 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "gnuradio-${version}";
|
name = "gnuradio-${version}";
|
||||||
version = "3.7.13.3";
|
version = "3.7.13.4";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "gnuradio";
|
owner = "gnuradio";
|
||||||
repo = "gnuradio";
|
repo = "gnuradio";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "1qpa53axqavdv2ykby7rwh7xmhvv964xq1d7rcvbwkry7dngrbib";
|
sha256 = "0ybfn2zfr9lc1bi3c794l4bzpj8y6vas9c4rbcj4nqlx0zf3p8fn";
|
||||||
fetchSubmodules = true;
|
fetchSubmodules = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,19 @@
|
||||||
{ stdenv, fetchurl
|
{ stdenv, fetchurl
|
||||||
, qtbase, qtsvg, qtserialport, qtwebkit, qtmultimedia, qttools, qtconnectivity
|
, qtbase, qtsvg, qtserialport, qtwebkit, qtmultimedia, qttools, qtconnectivity
|
||||||
, yacc, flex, zlib, qmake, makeWrapper
|
, yacc, flex, zlib, qmake, makeDesktopItem, makeWrapper
|
||||||
}:
|
}:
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
|
let
|
||||||
|
desktopItem = makeDesktopItem {
|
||||||
|
name = "goldencheetah";
|
||||||
|
exec = "GoldenCheetah";
|
||||||
|
icon = "goldencheetah";
|
||||||
|
desktopName = "GoldenCheetah";
|
||||||
|
genericName = "GoldenCheetah";
|
||||||
|
comment = "Performance software for cyclists, runners and triathletes";
|
||||||
|
categories = "Application;Utility;";
|
||||||
|
};
|
||||||
|
in stdenv.mkDerivation rec {
|
||||||
name = "golden-cheetah-${version}";
|
name = "golden-cheetah-${version}";
|
||||||
version = "3.4";
|
version = "3.4";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
|
@ -27,6 +38,8 @@ stdenv.mkDerivation rec {
|
||||||
mkdir -p $out/bin
|
mkdir -p $out/bin
|
||||||
cp src/GoldenCheetah $out/bin
|
cp src/GoldenCheetah $out/bin
|
||||||
wrapProgram $out/bin/GoldenCheetah --set LD_LIBRARY_PATH "${zlib.out}/lib"
|
wrapProgram $out/bin/GoldenCheetah --set LD_LIBRARY_PATH "${zlib.out}/lib"
|
||||||
|
install -Dm644 "${desktopItem}/share/applications/"* -t $out/share/applications/
|
||||||
|
install -Dm644 src/Resources/images/gc.png $out/share/pixmaps/goldencheetah.png
|
||||||
|
|
||||||
runHook postInstall
|
runHook postInstall
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -11,22 +11,22 @@ GEM
|
||||||
diff-lcs (~> 1.1)
|
diff-lcs (~> 1.1)
|
||||||
mime-types (>= 1.16)
|
mime-types (>= 1.16)
|
||||||
posix-spawn (~> 0.3)
|
posix-spawn (~> 0.3)
|
||||||
gollum (4.1.3)
|
gollum (4.1.4)
|
||||||
gemojione (~> 3.2)
|
gemojione (~> 3.2)
|
||||||
gollum-lib (>= 4.2.9)
|
gollum-lib (~> 4.2, >= 4.2.10)
|
||||||
kramdown (~> 1.9.0)
|
kramdown (~> 1.9.0)
|
||||||
mustache (>= 0.99.5, < 1.0.0)
|
mustache (>= 0.99.5, < 1.0.0)
|
||||||
sinatra (~> 1.4, >= 1.4.4)
|
sinatra (~> 1.4, >= 1.4.4)
|
||||||
useragent (~> 0.16.2)
|
useragent (~> 0.16.2)
|
||||||
gollum-grit_adapter (1.0.1)
|
gollum-grit_adapter (1.0.1)
|
||||||
gitlab-grit (~> 2.7, >= 2.7.1)
|
gitlab-grit (~> 2.7, >= 2.7.1)
|
||||||
gollum-lib (4.2.9)
|
gollum-lib (4.2.10)
|
||||||
gemojione (~> 3.2)
|
gemojione (~> 3.2)
|
||||||
github-markup (~> 1.6)
|
github-markup (~> 1.6)
|
||||||
gollum-grit_adapter (~> 1.0)
|
gollum-grit_adapter (~> 1.0)
|
||||||
nokogiri (>= 1.6.1, < 2.0)
|
nokogiri (>= 1.6.1, < 2.0)
|
||||||
rouge (~> 2.1)
|
rouge (~> 2.1)
|
||||||
sanitize (~> 2.1)
|
sanitize (~> 2.1.1, >= 2.1.1)
|
||||||
stringex (~> 2.6)
|
stringex (~> 2.6)
|
||||||
twitter-text (= 1.14.7)
|
twitter-text (= 1.14.7)
|
||||||
json (2.1.0)
|
json (2.1.0)
|
||||||
|
@ -43,7 +43,7 @@ GEM
|
||||||
rack-protection (1.5.5)
|
rack-protection (1.5.5)
|
||||||
rack
|
rack
|
||||||
rouge (2.2.1)
|
rouge (2.2.1)
|
||||||
sanitize (2.1.0)
|
sanitize (2.1.1)
|
||||||
nokogiri (>= 1.4.4)
|
nokogiri (>= 1.4.4)
|
||||||
sinatra (1.4.8)
|
sinatra (1.4.8)
|
||||||
rack (~> 1.5)
|
rack (~> 1.5)
|
||||||
|
|
|
@ -45,10 +45,10 @@
|
||||||
dependencies = ["gemojione" "gollum-lib" "kramdown" "mustache" "sinatra" "useragent"];
|
dependencies = ["gemojione" "gollum-lib" "kramdown" "mustache" "sinatra" "useragent"];
|
||||||
source = {
|
source = {
|
||||||
remotes = ["https://rubygems.org"];
|
remotes = ["https://rubygems.org"];
|
||||||
sha256 = "1146irmnm0xyzjzw8k14wvb6h4cqh4q53ds92wk6jpsfs6r1pjq6";
|
sha256 = "0ik1b0f73lcxfwfml1h84dp6br79g0z9v6x54wvl46n9d1ndrhl7";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "4.1.3";
|
version = "4.1.4";
|
||||||
};
|
};
|
||||||
gollum-grit_adapter = {
|
gollum-grit_adapter = {
|
||||||
dependencies = ["gitlab-grit"];
|
dependencies = ["gitlab-grit"];
|
||||||
|
@ -63,10 +63,10 @@
|
||||||
dependencies = ["gemojione" "github-markup" "gollum-grit_adapter" "nokogiri" "rouge" "sanitize" "stringex" "twitter-text"];
|
dependencies = ["gemojione" "github-markup" "gollum-grit_adapter" "nokogiri" "rouge" "sanitize" "stringex" "twitter-text"];
|
||||||
source = {
|
source = {
|
||||||
remotes = ["https://rubygems.org"];
|
remotes = ["https://rubygems.org"];
|
||||||
sha256 = "1w48mrjgy4ykd1ix421n96nx0w15iid2aj3sgglpl3bdkizxhfqj";
|
sha256 = "1699wiir6f2a8yawk3qg0xn3zdc10mz783v53ri1ivfnzdrm3dvf";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "4.2.9";
|
version = "4.2.10";
|
||||||
};
|
};
|
||||||
json = {
|
json = {
|
||||||
source = {
|
source = {
|
||||||
|
@ -163,10 +163,10 @@
|
||||||
dependencies = ["nokogiri"];
|
dependencies = ["nokogiri"];
|
||||||
source = {
|
source = {
|
||||||
remotes = ["https://rubygems.org"];
|
remotes = ["https://rubygems.org"];
|
||||||
sha256 = "0xsv6xqrlz91rd8wifjknadbl3z5h6qphmxy0hjb189qbdghggn3";
|
sha256 = "12ip1d80r0dgc621qn7c32bk12xxgkkg3w6q21s1ckxivcd7r898";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "2.1.0";
|
version = "2.1.1";
|
||||||
};
|
};
|
||||||
sinatra = {
|
sinatra = {
|
||||||
dependencies = ["rack" "rack-protection" "tilt"];
|
dependencies = ["rack" "rack-protection" "tilt"];
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
{stdenv, fetchFromGitHub, python}:
|
{stdenv, fetchFromGitHub, python}:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
version = "3.6";
|
version = "3.7";
|
||||||
name = "googler-${version}";
|
name = "googler-${version}";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "jarun";
|
owner = "jarun";
|
||||||
repo = "googler";
|
repo = "googler";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "1j1755b9mfmkqkgjrlsi4wr82352pqc9rfyalammqn6qrm3v3lb6";
|
sha256 = "0dxg849ckyy181zlrb57hd959cgvx105c35ksmvi4wl285sh5kpj";
|
||||||
};
|
};
|
||||||
|
|
||||||
propagatedBuildInputs = [ python ];
|
propagatedBuildInputs = [ python ];
|
||||||
|
|
|
@ -2,13 +2,13 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "gpxsee-${version}";
|
name = "gpxsee-${version}";
|
||||||
version = "5.17";
|
version = "5.18";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "tumic0";
|
owner = "tumic0";
|
||||||
repo = "GPXSee";
|
repo = "GPXSee";
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "0fr835glvwnpq6sy181z0gskvwfrmvh7115r3d92xy71v8b1l5ib";
|
sha256 = "0dl10fr881b8fwf2yj14bd6gagb8hm0s46q18y2y56rw98nk4vrq";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ qmake ];
|
nativeBuildInputs = [ qmake ];
|
||||||
|
|
|
@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
|
||||||
sha256 = "1wp22wm7smlsb25x0cck4p660cycfczxj381930crd1qrf68mw4h";
|
sha256 = "1wp22wm7smlsb25x0cck4p660cycfczxj381930crd1qrf68mw4h";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = [ patchelf makeWrapper ];
|
nativeBuildInputs = [ patchelf makeWrapper ];
|
||||||
|
|
||||||
buildPhase = with xorg; ''
|
buildPhase = with xorg; ''
|
||||||
patchelf --set-rpath "${stdenv.lib.makeLibraryPath [ libX11 libXext libXrender libXtst libXi ]}" ./jre/lib/amd64/xawt/libmawt.so
|
patchelf --set-rpath "${stdenv.lib.makeLibraryPath [ libX11 libXext libXrender libXtst libXi ]}" ./jre/lib/amd64/xawt/libmawt.so
|
||||||
|
|
|
@ -3,11 +3,11 @@
|
||||||
|
|
||||||
with builtins; buildDotnetPackage rec {
|
with builtins; buildDotnetPackage rec {
|
||||||
baseName = "keepass";
|
baseName = "keepass";
|
||||||
version = "2.39.1";
|
version = "2.40";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://sourceforge/keepass/KeePass-${version}-Source.zip";
|
url = "mirror://sourceforge/keepass/KeePass-${version}-Source.zip";
|
||||||
sha256 = "0y69w9zzxqj7xrn632bw6bibrknjbx1k3qcvi9axn67sqmzaka00";
|
sha256 = "1gldl74wz2lvsci6rn71d6q1zmnhr52z6fjib9nsragsazq5byz9";
|
||||||
};
|
};
|
||||||
|
|
||||||
sourceRoot = ".";
|
sourceRoot = ".";
|
||||||
|
|
|
@ -40,6 +40,10 @@ in with python.pkgs; buildPythonApplication rec {
|
||||||
unidecode
|
unidecode
|
||||||
];
|
];
|
||||||
|
|
||||||
|
postInstall = ''
|
||||||
|
install -D misc/zsh/_khard $out/share/zsh/site-functions/
|
||||||
|
'';
|
||||||
|
|
||||||
# Fails; but there are no tests anyway.
|
# Fails; but there are no tests anyway.
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
with python3Packages;
|
with python3Packages;
|
||||||
buildPythonApplication rec {
|
buildPythonApplication rec {
|
||||||
version = "0.12.0";
|
version = "0.12.3";
|
||||||
name = "kitty-${version}";
|
name = "kitty-${version}";
|
||||||
format = "other";
|
format = "other";
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@ buildPythonApplication rec {
|
||||||
owner = "kovidgoyal";
|
owner = "kovidgoyal";
|
||||||
repo = "kitty";
|
repo = "kitty";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "1n2pi9pc903inls1fvz257q7wpif76rj394qkgq7pixpisijdyjm";
|
sha256 = "1nhk8pbwr673gw9qjgca4lzjgp8rw7sf99ra4wsh8jplf3kvgq5c";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
|
@ -33,8 +33,8 @@ buildPythonApplication rec {
|
||||||
--replace "find_library('startup-notification-1')" "'${libstartup_notification}/lib/libstartup-notification-1.so'"
|
--replace "find_library('startup-notification-1')" "'${libstartup_notification}/lib/libstartup-notification-1.so'"
|
||||||
|
|
||||||
substituteInPlace docs/Makefile \
|
substituteInPlace docs/Makefile \
|
||||||
--replace 'python3 .. +launch $(shell which sphinx-build)' \
|
--replace 'python3 .. +launch :sphinx-build' \
|
||||||
'PYTHONPATH=$PYTHONPATH:.. HOME=$TMPDIR/nowhere $(shell which sphinx-build)'
|
'PYTHONPATH=$PYTHONPATH:.. HOME=$TMPDIR/nowhere sphinx-build'
|
||||||
'';
|
'';
|
||||||
|
|
||||||
buildPhase = ''
|
buildPhase = ''
|
||||||
|
|
|
@ -2,11 +2,11 @@
|
||||||
, desktop-file-utils, libSM, imagemagick }:
|
, desktop-file-utils, libSM, imagemagick }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
version = "18.08";
|
version = "18.08.1";
|
||||||
name = "mediainfo-gui-${version}";
|
name = "mediainfo-gui-${version}";
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://mediaarea.net/download/source/mediainfo/${version}/mediainfo_${version}.tar.xz";
|
url = "https://mediaarea.net/download/source/mediainfo/${version}/mediainfo_${version}.tar.xz";
|
||||||
sha256 = "0l4bhrgwfn3da6cr0jz5vs17sk7k0bc26nk7hymv04xifns5999n";
|
sha256 = "0rq2dczjq26g5i0ac8px7xmxjvqq4h0rzd97fy5824yb2c5ksxs9";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ autoreconfHook pkgconfig ];
|
nativeBuildInputs = [ autoreconfHook pkgconfig ];
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
{ stdenv, fetchurl, pythonPackages }:
|
||||||
|
|
||||||
|
pythonPackages.buildPythonApplication rec {
|
||||||
|
name = "menumaker-${version}";
|
||||||
|
version = "0.99.10";
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "mirror://sourceforge/menumaker/${name}.tar.gz";
|
||||||
|
sha256 = "1mm4cvg3kphkkd8nwrhcg6d9nm5ar7mgc0wf6fxk6zck1l7xn8ky";
|
||||||
|
};
|
||||||
|
|
||||||
|
format = "other";
|
||||||
|
|
||||||
|
meta = with stdenv.lib; {
|
||||||
|
description = "Heuristics-driven menu generator for several window managers";
|
||||||
|
homepage = http://menumaker.sourceforge.net;
|
||||||
|
license = licenses.bsd2;
|
||||||
|
platforms = platforms.unix;
|
||||||
|
maintainers = [ maintainers.romildo ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,44 @@
|
||||||
|
{ stdenv, fetchFromGitHub, python2Packages }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
name = "neap-${version}";
|
||||||
|
version = "0.7.2";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "vzxwco";
|
||||||
|
repo = "neap";
|
||||||
|
rev = "v${version}";
|
||||||
|
sha256 = "04da8rq23rl1qcvrdm5m3l90xbwyli7x601sckv7hmkip2q3g1kz";
|
||||||
|
};
|
||||||
|
|
||||||
|
nativeBuildInputs = [
|
||||||
|
python2Packages.wrapPython
|
||||||
|
];
|
||||||
|
|
||||||
|
buildInputs = [
|
||||||
|
python2Packages.python
|
||||||
|
];
|
||||||
|
|
||||||
|
pythonPath = [
|
||||||
|
python2Packages.xlib
|
||||||
|
python2Packages.pygtk
|
||||||
|
];
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
install -D -t $out/bin neap
|
||||||
|
install -D -t $out/share/man/man1 neap.1
|
||||||
|
install -D -t $out/share/applications neap.desktop
|
||||||
|
'';
|
||||||
|
|
||||||
|
postFixup = ''
|
||||||
|
wrapPythonPrograms
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = with stdenv.lib; {
|
||||||
|
description = "Systray workspace pager";
|
||||||
|
homepage = https://github.com/vzxwco/neap;
|
||||||
|
license = licenses.bsd2;
|
||||||
|
platforms = platforms.unix;
|
||||||
|
maintainers = [ maintainers.romildo ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -3,11 +3,11 @@
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
|
|
||||||
name = "netsurf-buildsystem-${version}";
|
name = "netsurf-buildsystem-${version}";
|
||||||
version = "1.6";
|
version = "1.7";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "http://download.netsurf-browser.org/libs/releases/buildsystem-${version}.tar.gz";
|
url = "http://download.netsurf-browser.org/libs/releases/buildsystem-${version}.tar.gz";
|
||||||
sha256 = "0p5k708lcq8dip9xxck6hml32bjrbyipprm22bbsvdnsc0pqm71x";
|
sha256 = "1q23aaycv35ma5471l1gxib8lfq2s9kprrkaqgfc926d04rlbmhw";
|
||||||
};
|
};
|
||||||
|
|
||||||
makeFlags = [
|
makeFlags = [
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
diff -Naur org.kde.plasma.volumewin7mixer/CMakeLists.txt org.kde.plasma.volumewin7mixer.patch/CMakeLists.txt
|
||||||
|
--- org.kde.plasma.volumewin7mixer/CMakeLists.txt 1970-01-01 01:00:00.000000000 +0100
|
||||||
|
+++ org.kde.plasma.volumewin7mixer.patch/CMakeLists.txt 2016-04-19 11:23:35.137866949 +0200
|
||||||
|
@@ -0,0 +1,15 @@
|
||||||
|
+# Set minimum CMake version (required for CMake 3.0 or later)
|
||||||
|
+cmake_minimum_required(VERSION 2.8.12)
|
||||||
|
+
|
||||||
|
+# Use Extra CMake Modules (ECM) for common functionality.
|
||||||
|
+# See http://api.kde.org/ecm/manual/ecm.7.html
|
||||||
|
+# and http://api.kde.org/ecm/manual/ecm-kde-modules.7.html
|
||||||
|
+find_package(ECM REQUIRED NO_MODULE)
|
||||||
|
+# Needed by find_package(KF5Plasma) below.
|
||||||
|
+set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH} ${ECM_KDE_MODULE_DIR} ${CMAKE_MODULE_PATH})
|
||||||
|
+
|
||||||
|
+# Locate plasma_install_package macro.
|
||||||
|
+find_package(KF5Plasma REQUIRED)
|
||||||
|
+
|
||||||
|
+# Add installatation target ("make install").
|
||||||
|
+plasma_install_package(package org.kde.plasma.volumewin7mixer)
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
{ stdenv, cmake, extra-cmake-modules, plasma-framework, kwindowsystem, plasma-pa, fetchFromGitHub }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
name = "plasma-applet-volumewin7mixer-${version}";
|
||||||
|
version = "23";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "Zren";
|
||||||
|
repo = "plasma-applet-volumewin7mixer";
|
||||||
|
rev = "v${version}";
|
||||||
|
sha256 = "1j2bq343lnhwqz26qfsvg7vjxv84ibzbc4y86rjkh07nqjwb3xsc";
|
||||||
|
};
|
||||||
|
|
||||||
|
patches = [ ./cmake.patch ];
|
||||||
|
postPatch = '' rm build '';
|
||||||
|
nativeBuildInputs = [ cmake extra-cmake-modules ];
|
||||||
|
buildInputs = [ plasma-framework kwindowsystem plasma-pa ];
|
||||||
|
|
||||||
|
meta = with stdenv.lib; {
|
||||||
|
description = "A fork of the default volume plasmoid with a Windows 7 theme (vertical sliders).";
|
||||||
|
homepage = "https://github.com/Zren/plasma-applet-volumewin7mixer";
|
||||||
|
license = licenses.gpl2Plus;
|
||||||
|
platforms = platforms.linux;
|
||||||
|
maintainers = with maintainers; [ mdevlamynck ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
{ stdenv, fetchFromGitHub, python3Packages, file, less
|
{ stdenv, lib, fetchFromGitHub, python3Packages, file, less, highlight
|
||||||
, imagePreviewSupport ? true, w3m ? null}:
|
, imagePreviewSupport ? true, w3m ? null}:
|
||||||
|
|
||||||
with stdenv.lib;
|
with stdenv.lib;
|
||||||
|
@ -24,6 +24,11 @@ python3Packages.buildPythonApplication rec {
|
||||||
'';
|
'';
|
||||||
|
|
||||||
preConfigure = ''
|
preConfigure = ''
|
||||||
|
${lib.optionalString (highlight != null) ''
|
||||||
|
sed -i -e 's|^\s*highlight\b|${highlight}/bin/highlight|' \
|
||||||
|
ranger/data/scope.sh
|
||||||
|
''}
|
||||||
|
|
||||||
substituteInPlace ranger/data/scope.sh \
|
substituteInPlace ranger/data/scope.sh \
|
||||||
--replace "/bin/echo" "echo"
|
--replace "/bin/echo" "echo"
|
||||||
|
|
||||||
|
@ -36,7 +41,7 @@ python3Packages.buildPythonApplication rec {
|
||||||
|
|
||||||
# give file previews out of the box
|
# give file previews out of the box
|
||||||
substituteInPlace ranger/config/rc.conf \
|
substituteInPlace ranger/config/rc.conf \
|
||||||
--replace "set preview_script ~/.config/ranger/scope.sh" "set preview_script $out/share/doc/ranger/config/scope.sh"
|
--replace "#set preview_script ~/.config/ranger/scope.sh" "set preview_script $out/share/doc/ranger/config/scope.sh"
|
||||||
'' + optionalString imagePreviewSupport ''
|
'' + optionalString imagePreviewSupport ''
|
||||||
substituteInPlace ranger/ext/img_display.py \
|
substituteInPlace ranger/ext/img_display.py \
|
||||||
--replace /usr/lib/w3m ${w3m}/libexec/w3m
|
--replace /usr/lib/w3m ${w3m}/libexec/w3m
|
||||||
|
@ -46,7 +51,7 @@ python3Packages.buildPythonApplication rec {
|
||||||
--replace "set preview_images false" "set preview_images true"
|
--replace "set preview_images false" "set preview_images true"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
meta = with stdenv.lib; {
|
meta = with lib; {
|
||||||
description = "File manager with minimalistic curses interface";
|
description = "File manager with minimalistic curses interface";
|
||||||
homepage = http://ranger.github.io/;
|
homepage = http://ranger.github.io/;
|
||||||
license = licenses.gpl3;
|
license = licenses.gpl3;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ stdenv, fetchFromGitHub, pkgconfig, vte, gtk }:
|
{ stdenv, fetchFromGitHub, pkgconfig, vte, gtk }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "stupidterm-2018-03-10";
|
name = "stupidterm-2018-09-25";
|
||||||
|
|
||||||
nativeBuildInputs = [ pkgconfig ];
|
nativeBuildInputs = [ pkgconfig ];
|
||||||
|
|
||||||
|
@ -10,8 +10,8 @@ stdenv.mkDerivation rec {
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "esmil";
|
owner = "esmil";
|
||||||
repo = "stupidterm";
|
repo = "stupidterm";
|
||||||
rev = "0463519a96c9e4f9ce9fdc99d8e776499346ccba";
|
rev = "d1bc020797330df83d427e361d3620e346a4e792";
|
||||||
sha256 = "1vbk53xyjn33myb3fix6y7sxb1x3rndrkk5l9qa60qaw2ivkr965";
|
sha256 = "1yh2vhq3d0qbh0dh2h9yc7s9gkffgkb987vvwz2bdnvlskrjmmdj";
|
||||||
};
|
};
|
||||||
|
|
||||||
makeFlags = "PKGCONFIG=${pkgconfig}/bin/pkg-config binary=stupidterm";
|
makeFlags = "PKGCONFIG=${pkgconfig}/bin/pkg-config binary=stupidterm";
|
||||||
|
|
|
@ -7,11 +7,11 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "workrave-${version}";
|
name = "workrave-${version}";
|
||||||
version = "1.10.20";
|
version = "1.10.21";
|
||||||
|
|
||||||
src = let
|
src = let
|
||||||
in fetchFromGitHub {
|
in fetchFromGitHub {
|
||||||
sha256 = "099a87zkrkmsgfz9isrfm89dh545x52891jh6qxmn19h6wwsi941";
|
sha256 = "150qca8c552fakjlzkgarsxgp87l1xcwn19svqsa9d0cygqxjgia";
|
||||||
rev = with stdenv.lib;
|
rev = with stdenv.lib;
|
||||||
"v" + concatStringsSep "_" (splitString "." version);
|
"v" + concatStringsSep "_" (splitString "." version);
|
||||||
repo = "workrave";
|
repo = "workrave";
|
||||||
|
|
|
@ -3,14 +3,14 @@
|
||||||
}:
|
}:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "xterm-335";
|
name = "xterm-337";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
urls = [
|
urls = [
|
||||||
"ftp://ftp.invisible-island.net/xterm/${name}.tgz"
|
"ftp://ftp.invisible-island.net/xterm/${name}.tgz"
|
||||||
"https://invisible-mirror.net/archives/xterm/${name}.tgz"
|
"https://invisible-mirror.net/archives/xterm/${name}.tgz"
|
||||||
];
|
];
|
||||||
sha256 = "15nbgys4s2idhx6jzzc24g9bb1s6yps5fyg2bafvs0gkkcm1ggz0";
|
sha256 = "19ygmswikbwa633bxf24cvk7qdxjz2nq3cv9zdgqvrs7sgg7gb6c";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs =
|
buildInputs =
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
{ stdenv, buildGoPackage, fetchurl, fetchFromGitHub, go-bindata }:
|
{ stdenv, buildGoPackage, fetchurl, fetchFromGitHub, go-bindata }:
|
||||||
|
|
||||||
let
|
let
|
||||||
version = "1.4.10";
|
version = "1.4.13";
|
||||||
|
|
||||||
# TODO: must build the extension instead of downloading it. But since it's
|
# TODO: must build the extension instead of downloading it. But since it's
|
||||||
# literally an asset that is indifferent regardless of the platform, this
|
# literally an asset that is indifferent regardless of the platform, this
|
||||||
# might be just enough.
|
# might be just enough.
|
||||||
webext = fetchurl {
|
webext = fetchurl {
|
||||||
url = "https://github.com/browsh-org/browsh/releases/download/v${version}/browsh-${version}-an.fx.xpi";
|
url = "https://github.com/browsh-org/browsh/releases/download/v${version}/browsh-${version}-an.fx.xpi";
|
||||||
sha256 = "0rgwzv1qahqy52q7zz4dklnwx7w4x3gj92ka8n0ypgf9fjjnmqas";
|
sha256 = "11477z7mva8lwfxsrfxckvgqkxrjhc80czra8cqhpakf0fih1a4g";
|
||||||
};
|
};
|
||||||
|
|
||||||
in buildGoPackage rec {
|
in buildGoPackage rec {
|
||||||
|
|
|
@ -28,12 +28,6 @@ rec {
|
||||||
|
|
||||||
patches = nixpkgsPatches ++ [
|
patches = nixpkgsPatches ++ [
|
||||||
./no-buildconfig.patch
|
./no-buildconfig.patch
|
||||||
# fix build with rust >= 1.29 and firefox < 63
|
|
||||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1479540
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://github.com/mozilla/gecko-dev/commit/eec0d4f8714e6671402d41632232ef57348e65c4.patch";
|
|
||||||
sha256 = "1cjaqx811bcnp8b6z16q25csaclaic3b11q45ck02srd99n8qp0j";
|
|
||||||
})
|
|
||||||
];
|
];
|
||||||
|
|
||||||
extraNativeBuildInputs = [ python3 ];
|
extraNativeBuildInputs = [ python3 ];
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
, flashplayer, hal-flash
|
, flashplayer, hal-flash
|
||||||
, MPlayerPlugin, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2
|
, MPlayerPlugin, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2
|
||||||
, jrePlugin, icedtea_web
|
, jrePlugin, icedtea_web
|
||||||
, trezor-bridge, bluejeans, djview4, adobe-reader
|
, bluejeans, djview4, adobe-reader
|
||||||
, google_talk_plugin, fribid, gnome3/*.gnome-shell*/
|
, google_talk_plugin, fribid, gnome3/*.gnome-shell*/
|
||||||
, esteidfirefoxplugin
|
, esteidfirefoxplugin
|
||||||
, browserpass, chrome-gnome-shell, uget-integrator, plasma-browser-integration, bukubrow
|
, browserpass, chrome-gnome-shell, uget-integrator, plasma-browser-integration, bukubrow
|
||||||
|
@ -55,7 +55,6 @@ let
|
||||||
++ lib.optional (cfg.enableGoogleTalkPlugin or false) google_talk_plugin
|
++ lib.optional (cfg.enableGoogleTalkPlugin or false) google_talk_plugin
|
||||||
++ lib.optional (cfg.enableFriBIDPlugin or false) fribid
|
++ lib.optional (cfg.enableFriBIDPlugin or false) fribid
|
||||||
++ lib.optional (cfg.enableGnomeExtensions or false) gnome3.gnome-shell
|
++ lib.optional (cfg.enableGnomeExtensions or false) gnome3.gnome-shell
|
||||||
++ lib.optional (cfg.enableTrezor or false) trezor-bridge
|
|
||||||
++ lib.optional (cfg.enableBluejeans or false) bluejeans
|
++ lib.optional (cfg.enableBluejeans or false) bluejeans
|
||||||
++ lib.optional (cfg.enableAdobeReader or false) adobe-reader
|
++ lib.optional (cfg.enableAdobeReader or false) adobe-reader
|
||||||
++ lib.optional (cfg.enableEsteid or false) esteidfirefoxplugin
|
++ lib.optional (cfg.enableEsteid or false) esteidfirefoxplugin
|
||||||
|
|
|
@ -71,9 +71,8 @@ in stdenv.mkDerivation rec {
|
||||||
|
|
||||||
src = chromium.upstream-info.binary;
|
src = chromium.upstream-info.binary;
|
||||||
|
|
||||||
|
nativeBuildInputs = [ patchelf makeWrapper ];
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
patchelf makeWrapper
|
|
||||||
|
|
||||||
# needed for GSETTINGS_SCHEMAS_PATH
|
# needed for GSETTINGS_SCHEMAS_PATH
|
||||||
gsettings-desktop-schemas glib gtk
|
gsettings-desktop-schemas glib gtk
|
||||||
|
|
||||||
|
|
|
@ -1,46 +0,0 @@
|
||||||
{ stdenv, fetchurl, dpkg }:
|
|
||||||
|
|
||||||
stdenv.mkDerivation {
|
|
||||||
name = "TREZOR-bridge-1.0.5";
|
|
||||||
|
|
||||||
passthru = {
|
|
||||||
mozillaPlugin = "/lib/mozilla/plugins";
|
|
||||||
};
|
|
||||||
|
|
||||||
src =
|
|
||||||
if stdenv.hostPlatform.system == "x86_64-linux" then
|
|
||||||
fetchurl {
|
|
||||||
url = https://mytrezor.com/data/plugin/1.0.5/browser-plugin-trezor_1.0.5_amd64.deb;
|
|
||||||
sha256 = "0097h4v88yca4aayzprrh4pk03xvvj7ncz2mi83chm81gsr2v67z";
|
|
||||||
}
|
|
||||||
else
|
|
||||||
fetchurl {
|
|
||||||
url = https://mytrezor.com/data/plugin/1.0.5/browser-plugin-trezor_1.0.5_i386.deb;
|
|
||||||
sha256 = "0xzbq78s3ivg00f0bj6gyjgf47pvjx2l4mm05jjmdar60bf1xr1n";
|
|
||||||
};
|
|
||||||
|
|
||||||
phases = [ "unpackPhase" "installPhase" "fixupPhase" ];
|
|
||||||
|
|
||||||
dontStrip = true;
|
|
||||||
dontPatchELF = true;
|
|
||||||
|
|
||||||
unpackPhase = "${dpkg}/bin/dpkg-deb -x $src .";
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out/etc/udev/rules.d/ $out/lib/mozilla/plugins
|
|
||||||
cp ./lib/udev/rules.d/51-trezor-udev.rules $out/etc/udev/rules.d/
|
|
||||||
cp ./usr/lib/mozilla/plugins/npBitcoinTrezorPlugin.so $out/lib/mozilla/plugins
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with stdenv.lib;
|
|
||||||
{ description = "Plugin for browser to TREZOR device communication";
|
|
||||||
homepage = https://mytrezor.com;
|
|
||||||
license = licenses.unfree;
|
|
||||||
maintainers = with maintainers; [ ehmry ];
|
|
||||||
# Download URL, .deb content & hash (yikes) changed, not version.
|
|
||||||
# New archive doesn't contain any Mozilla plugin at all.
|
|
||||||
broken = true;
|
|
||||||
platforms = platforms.linux;
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ stdenv, cmake, fetchFromGitHub
|
{ stdenv, cmake, fetchFromGitHub
|
||||||
, qtbase, qtmultimedia, qtwebengine
|
, qtbase, qtmultimedia, qtwebengine
|
||||||
, version ? "0.9.96"
|
, version ? "0.9.99.3"
|
||||||
, sourceSha ? "1xzfy3jjx9sskwwbk7l8hnwnjf8af62p4kjkydp0ld0j50apc39p"
|
, sourceSha ? "0dkismjs3daz5afx6s5arwvynsw5qpvv2rqbzvmpihn6khnhap55"
|
||||||
}:
|
}:
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
name = "otter-browser-${version}";
|
name = "otter-browser-${version}";
|
||||||
|
|
|
@ -13,11 +13,11 @@
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "${product}-${version}";
|
name = "${product}-${version}";
|
||||||
product = "vivaldi";
|
product = "vivaldi";
|
||||||
version = "1.15.1147.64-1";
|
version = "2.0.1309.29-2";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://downloads.vivaldi.com/stable/${product}-stable_${version}_amd64.deb";
|
url = "https://downloads.vivaldi.com/stable/${product}-stable_${version}_amd64.deb";
|
||||||
sha256 = "01xbfrrq2kj75cb6grpq9a4y88j1s87h2nnvy1fmyb4a2db6y0ag";
|
sha256 = "09vaf191djbrfijvhklivh2ifj8w68car2vz956gsw4lhz07kzck";
|
||||||
};
|
};
|
||||||
|
|
||||||
unpackPhase = ''
|
unpackPhase = ''
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue