Merge master into staging

This commit is contained in:
Frederik Rietdijk 2018-10-02 18:22:37 +02:00
commit 6ce04af137
402 changed files with 13082 additions and 6278 deletions

View File

@ -682,6 +682,177 @@ hello latest de2bf4786de6 About a minute ago 25.2MB
</example> </example>
</section> </section>
<section xml:id="ssec-pkgs-dockerTools-buildLayeredImage">
<title>buildLayeredImage</title>
<para>
Create a Docker image with many of the store paths being on their own layer
to improve sharing between images.
</para>
<variablelist>
<varlistentry>
<term>
<varname>name</varname>
</term>
<listitem>
<para>
The name of the resulting image.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>tag</varname> <emphasis>optional</emphasis>
</term>
<listitem>
<para>
Tag of the generated image.
</para>
<para>
<emphasis>Default:</emphasis> the output path's hash
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>contents</varname> <emphasis>optional</emphasis>
</term>
<listitem>
<para>
Top level paths in the container. Either a single derivation, or a list
of derivations.
</para>
<para>
<emphasis>Default:</emphasis> <literal>[]</literal>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>config</varname> <emphasis>optional</emphasis>
</term>
<listitem>
<para>
Run-time configuration of the container. A full list of the options are
available at in the
<link xlink:href="https://github.com/moby/moby/blob/master/image/spec/v1.2.md#image-json-field-descriptions">
Docker Image Specification v1.2.0 </link>.
</para>
<para>
<emphasis>Default:</emphasis> <literal>{}</literal>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>created</varname> <emphasis>optional</emphasis>
</term>
<listitem>
<para>
Date and time the layers were created. Follows the same
<literal>now</literal> exception supported by
<literal>buildImage</literal>.
</para>
<para>
<emphasis>Default:</emphasis> <literal>1970-01-01T00:00:01Z</literal>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>maxLayers</varname> <emphasis>optional</emphasis>
</term>
<listitem>
<para>
Maximum number of layers to create.
</para>
<para>
<emphasis>Default:</emphasis> <literal>24</literal>
</para>
</listitem>
</varlistentry>
</variablelist>
<section xml:id="dockerTools-buildLayeredImage-arg-contents">
<title>Behavior of <varname>contents</varname> in the final image</title>
<para>
Each path directly listed in <varname>contents</varname> will have a
symlink in the root of the image.
</para>
<para>
For example:
<programlisting><![CDATA[
pkgs.dockerTools.buildLayeredImage {
name = "hello";
contents = [ pkgs.hello ];
}
]]></programlisting>
will create symlinks for all the paths in the <literal>hello</literal>
package:
<screen><![CDATA[
/bin/hello -> /nix/store/h1zb1padqbbb7jicsvkmrym3r6snphxg-hello-2.10/bin/hello
/share/info/hello.info -> /nix/store/h1zb1padqbbb7jicsvkmrym3r6snphxg-hello-2.10/share/info/hello.info
/share/locale/bg/LC_MESSAGES/hello.mo -> /nix/store/h1zb1padqbbb7jicsvkmrym3r6snphxg-hello-2.10/share/locale/bg/LC_MESSAGES/hello.mo
]]></screen>
</para>
</section>
<section xml:id="dockerTools-buildLayeredImage-arg-config">
<title>Automatic inclusion of <varname>config</varname> references</title>
<para>
The closure of <varname>config</varname> is automatically included in the
closure of the final image.
</para>
<para>
This allows you to make very simple Docker images with very little code.
This container will start up and run <command>hello</command>:
<programlisting><![CDATA[
pkgs.dockerTools.buildLayeredImage {
name = "hello";
config.Cmd = [ "${pkgs.hello}/bin/hello" ];
}
]]></programlisting>
</para>
</section>
<section xml:id="dockerTools-buildLayeredImage-arg-maxLayers">
<title>Adjusting <varname>maxLayers</varname></title>
<para>
Increasing the <varname>maxLayers</varname> increases the number of layers
which have a chance to be shared between different images.
</para>
<para>
Modern Docker installations support up to 128 layers, however older
versions support as few as 42.
</para>
<para>
If the produced image will not be extended by other Docker builds, it is
safe to set <varname>maxLayers</varname> to <literal>128</literal>.
However it will be impossible to extend the image further.
</para>
<para>
The first (<literal>maxLayers-2</literal>) most "popular" paths will have
their own individual layers, then layer #<literal>maxLayers-1</literal>
will contain all the remaining "unpopular" paths, and finally layer
#<literal>maxLayers</literal> will contain the Image configuration.
</para>
<para>
Docker's Layers are not inherently ordered, they are content-addressable
and are not explicitly layered until they are composed in to an Image.
</para>
</section>
</section>
<section xml:id="ssec-pkgs-dockerTools-fetchFromRegistry"> <section xml:id="ssec-pkgs-dockerTools-fetchFromRegistry">
<title>pullImage</title> <title>pullImage</title>

View File

@ -413,11 +413,8 @@ packageOverrides = pkgs: {
in your <filename>/etc/nixos/configuration.nix</filename>. You'll also need in your <filename>/etc/nixos/configuration.nix</filename>. You'll also need
<programlisting>hardware.pulseaudio.support32Bit = true;</programlisting> <programlisting>hardware.pulseaudio.support32Bit = true;</programlisting>
if you are using PulseAudio - this will enable 32bit ALSA apps integration. if you are using PulseAudio - this will enable 32bit ALSA apps integration.
To use the Steam controller, you need to add To use the Steam controller or other Steam supported controllers such as the DualShock 4 or Nintendo Switch Pro, you need to add
<programlisting>services.udev.extraRules = '' <programlisting>hardware.steam-hardware.enable = true;</programlisting>
SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
KERNEL=="uinput", MODE="0660", GROUP="users", OPTIONS+="static_node=uinput"
'';</programlisting>
to your configuration. to your configuration.
</para> </para>
</section> </section>

View File

@ -1332,6 +1332,11 @@
github = "etu"; github = "etu";
name = "Elis Hirwing"; name = "Elis Hirwing";
}; };
evck = {
email = "eric@evenchick.com";
github = "ericevenchick";
name = "Eric Evenchick";
};
exfalso = { exfalso = {
email = "0slemi0@gmail.com"; email = "0slemi0@gmail.com";
github = "exfalso"; github = "exfalso";
@ -1635,6 +1640,11 @@
github = "hamhut1066"; github = "hamhut1066";
name = "Hamish Hutchings"; name = "Hamish Hutchings";
}; };
haslersn = {
email = "haslersn@fius.informatik.uni-stuttgart.de";
github = "haslersn";
name = "Sebastian Hasler";
};
havvy = { havvy = {
email = "ryan.havvy@gmail.com"; email = "ryan.havvy@gmail.com";
github = "havvy"; github = "havvy";
@ -2566,6 +2576,11 @@
github = "mdaiter"; github = "mdaiter";
name = "Matthew S. Daiter"; name = "Matthew S. Daiter";
}; };
mdevlamynck = {
email = "matthias.devlamynck@mailoo.org";
github = "mdevlamynck";
name = "Matthias Devlamynck";
};
meditans = { meditans = {
email = "meditans@gmail.com"; email = "meditans@gmail.com";
github = "meditans"; github = "meditans";
@ -4003,6 +4018,11 @@
github = "sztupi"; github = "sztupi";
name = "Attila Sztupak"; name = "Attila Sztupak";
}; };
t184256 = {
email = "monk@unboiled.info";
github = "t184256";
name = "Alexander Sosedkin";
};
tadfisher = { tadfisher = {
email = "tadfisher@gmail.com"; email = "tadfisher@gmail.com";
github = "tadfisher"; github = "tadfisher";
@ -4436,6 +4456,11 @@
github = "vrthra"; github = "vrthra";
name = "Rahul Gopinath"; name = "Rahul Gopinath";
}; };
vskilet = {
email = "victor@sene.ovh";
github = "vskilet";
name = "Victor SENE";
};
vyp = { vyp = {
email = "elisp.vim@gmail.com"; email = "elisp.vim@gmail.com";
github = "vyp"; github = "vyp";

View File

@ -73,8 +73,7 @@ Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
</para> </para>
<para> <para>
There are several ways to change the configuration of the container. First, To change the configuration of the container, you can edit
on the host, you can edit
<literal>/var/lib/container/<replaceable>name</replaceable>/etc/nixos/configuration.nix</literal>, <literal>/var/lib/container/<replaceable>name</replaceable>/etc/nixos/configuration.nix</literal>,
and run and run
<screen> <screen>
@ -87,8 +86,7 @@ Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
<xref linkend="opt-services.httpd.enable"/> = true; <xref linkend="opt-services.httpd.enable"/> = true;
<xref linkend="opt-services.httpd.adminAddr"/> = "foo@example.org"; <xref linkend="opt-services.httpd.adminAddr"/> = "foo@example.org";
<xref linkend="opt-networking.firewall.allowedTCPPorts"/> = [ 80 ]; <xref linkend="opt-networking.firewall.allowedTCPPorts"/> = [ 80 ];
' '
# curl http://$(nixos-container show-ip foo)/ # curl http://$(nixos-container show-ip foo)/
&lt;!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">… &lt;!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">…
</screen> </screen>
@ -97,11 +95,13 @@ Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
</para> </para>
<para> <para>
Alternatively, you can change the configuration from within the container Note that in previous versions of NixOS (17.09 and earlier) one could also
itself by running <command>nixos-rebuild switch</command> inside the use all nix-related commands (like <command>nixos-rebuild switch</command>)
container. Note that the container by default does not have a copy of the from inside the container. However, since the release of Nix 2.0 this is not
NixOS channel, so you should run <command>nix-channel --update</command> supported anymore. Supporting Nix commands inside the container might be
first. possible again in future versions. See
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/40355">the github
issue</link> for tracking progress on this issue.
</para> </para>
<para> <para>

View File

@ -84,18 +84,17 @@ nixpkgs.config.packageOverrides = pkgs:
allowImportFromDerivation = true; allowImportFromDerivation = true;
}; };
]]></screen> ]]></screen>
You can edit the config with this snippet (by default <command>make
You can edit the config with this snippet (by default <command>make menuconfig</command> won't work menuconfig</command> won't work out of the box on nixos):
out of the box on nixos): <screen><![CDATA[
<screen><![CDATA[
nix-shell -E 'with import <nixpkgs> {}; kernelToOverride.overrideAttrs (o: {nativeBuildInputs=o.nativeBuildInputs ++ [ pkgconfig ncurses ];})' nix-shell -E 'with import <nixpkgs> {}; kernelToOverride.overrideAttrs (o: {nativeBuildInputs=o.nativeBuildInputs ++ [ pkgconfig ncurses ];})'
]]></screen> ]]></screen>
or you can let nixpkgs generate the configuration. Nixpkgs generates it via
answering the interactive kernel utility <command>make config</command>. The
or you can let nixpkgs generate the configuration. answers depend on parameters passed to
Nixpkgs generates it via answering the interactive kernel utility <command>make config</command>. <filename>pkgs/os-specific/linux/kernel/generic.nix</filename> (which you
The answers depend on parameters passed to <filename>pkgs/os-specific/linux/kernel/generic.nix</filename> can influence by overriding <literal>extraConfig, autoModules,
(which you can influence by overriding <literal>extraConfig, autoModules, modDirVersion, preferBuiltin, extraConfig</literal>). modDirVersion, preferBuiltin, extraConfig</literal>).
<screen><![CDATA[ <screen><![CDATA[
mptcp93.override ({ mptcp93.override ({

View File

@ -0,0 +1,37 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-debugging-nixos-tests">
<title>Debugging NixOS tests</title>
<para>
Tests may fail and infrastructure offers access to inspect machine state.
</para>
<para>
To prevent test from stopping and cleaning up, insert a sleep command:
</para>
<programlisting>
$machine->succeed("sleep 84000");
</programlisting>
<para>
As soon as machine starts run as root:
</para>
<programlisting>
nix-shell -p socat --run "socat STDIO,raw,echo=0,escape=0x11 UNIX:/tmp/nix-build-vm-test-run-*.drv-0/vm-state-machine/backdoor"
</programlisting>
<para>
You may need to find the correct path, replacing <literal>/tmp</literal>,
<literal>*</literal> or <literal>machine</literal>.
</para>
<para>
Press "enter" to open up console and login as "root". After you're done,
press "ctrl-q" to exit the console.
</para>
</section>

View File

@ -16,4 +16,5 @@ xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/tests">nixos/test
<xi:include href="writing-nixos-tests.xml" /> <xi:include href="writing-nixos-tests.xml" />
<xi:include href="running-nixos-tests.xml" /> <xi:include href="running-nixos-tests.xml" />
<xi:include href="running-nixos-tests-interactively.xml" /> <xi:include href="running-nixos-tests-interactively.xml" />
<xi:include href="debugging-nixos-tests.xml" />
</chapter> </chapter>

View File

@ -5,28 +5,29 @@
xml:id="sec-installing-behind-proxy"> xml:id="sec-installing-behind-proxy">
<title>Installing behind a proxy</title> <title>Installing behind a proxy</title>
<para> <para>
To install NixOS behind a proxy, do the following before running To install NixOS behind a proxy, do the following before running
<literal>nixos-install</literal>. <literal>nixos-install</literal>.
</para> </para>
<orderedlist numeration="arabic">
<orderedlist numeration="arabic">
<listitem> <listitem>
<para> <para>
Update proxy configuration in Update proxy configuration in
<literal>/mnt/etc/nixos/configuration.nix</literal> to keep the <literal>/mnt/etc/nixos/configuration.nix</literal> to keep the internet
internet accessible after reboot. accessible after reboot.
</para> </para>
<programlisting> <programlisting>
networking.proxy.default = &quot;http://user:password@proxy:port/&quot;; networking.proxy.default = &quot;http://user:password@proxy:port/&quot;;
networking.proxy.noProxy = &quot;127.0.0.1,localhost,internal.domain&quot;; networking.proxy.noProxy = &quot;127.0.0.1,localhost,internal.domain&quot;;
</programlisting> </programlisting>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
Setup the proxy environment variables in the shell where you are Setup the proxy environment variables in the shell where you are running
running <literal>nixos-install</literal>. <literal>nixos-install</literal>.
</para> </para>
<programlisting> <programlisting>
# proxy_url=&quot;http://user:password@proxy:port/&quot; # proxy_url=&quot;http://user:password@proxy:port/&quot;
# export http_proxy=&quot;$proxy_url&quot; # export http_proxy=&quot;$proxy_url&quot;
# export HTTP_PROXY=&quot;$proxy_url&quot; # export HTTP_PROXY=&quot;$proxy_url&quot;
@ -34,14 +35,14 @@ networking.proxy.noProxy = &quot;127.0.0.1,localhost,internal.domain&quot;;
# export HTTPS_PROXY=&quot;$proxy_url&quot; # export HTTPS_PROXY=&quot;$proxy_url&quot;
</programlisting> </programlisting>
</listitem> </listitem>
</orderedlist> </orderedlist>
<note> <note>
<para> <para>
If you are switching networks with different proxy configurations, use the If you are switching networks with different proxy configurations, use the
<literal>nesting.clone</literal> option in <literal>nesting.clone</literal> option in
<literal>configuration.nix</literal> to switch proxies at runtime. <literal>configuration.nix</literal> to switch proxies at runtime. Refer to
Refer to <xref linkend="ch-options" /> for more information. <xref linkend="ch-options" /> for more information.
</para> </para>
</note> </note>
</section> </section>

View File

@ -327,8 +327,8 @@ Retype new UNIX password: ***
<note> <note>
<para> <para>
For unattended installations, it is possible to use For unattended installations, it is possible to use
<command>nixos-install --no-root-passwd</command> <command>nixos-install --no-root-passwd</command> in order to disable the
in order to disable the password prompt entirely. password prompt entirely.
</para> </para>
</note> </note>
</para> </para>

View File

@ -17,8 +17,8 @@
<para> <para>
If you encounter problems, please report them on the If you encounter problems, please report them on the
<literal <literal
xlink:href="https://discourse.nixos.org">Discourse</literal> xlink:href="https://discourse.nixos.org">Discourse</literal> or
or on the <link on the <link
xlink:href="irc://irc.freenode.net/#nixos"> xlink:href="irc://irc.freenode.net/#nixos">
<literal>#nixos</literal> channel on Freenode</link>. Bugs should be <literal>#nixos</literal> channel on Freenode</link>. Bugs should be
reported in reported in

View File

@ -435,11 +435,11 @@ system.autoUpgrade.enable = true;
<programlisting> <programlisting>
system.stateVersion = "14.12"; system.stateVersion = "14.12";
</programlisting> </programlisting>
The new option <option>system.stateVersion</option> ensures that The new option <option>system.stateVersion</option> ensures that certain
certain configuration changes that could break existing systems (such as configuration changes that could break existing systems (such as the
the <command>sshd</command> host key setting) will maintain compatibility <command>sshd</command> host key setting) will maintain compatibility with
with the specified NixOS release. NixOps sets the state version of the specified NixOS release. NixOps sets the state version of existing
existing deployments automatically. deployments automatically.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>

View File

@ -19,13 +19,13 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
Support for wrapping binaries using <literal>firejail</literal> has been Support for wrapping binaries using <literal>firejail</literal> has been
added through <varname>programs.firejail.wrappedBinaries</varname>. added through <varname>programs.firejail.wrappedBinaries</varname>.
</para> </para>
<para> <para>
For example For example
</para> </para>
<programlisting> <programlisting>
programs.firejail = { programs.firejail = {
enable = true; enable = true;
@ -35,9 +35,10 @@ programs.firejail = {
}; };
}; };
</programlisting> </programlisting>
<para> <para>
This will place <literal>firefox</literal> and <literal>mpv</literal> binaries in the global path wrapped by firejail. This will place <literal>firefox</literal> and <literal>mpv</literal>
</para> binaries in the global path wrapped by firejail.
</para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
@ -75,16 +76,20 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
The <varname>services.cassandra</varname> module has been reworked and The <varname>services.cassandra</varname> module has been reworked and was
was rewritten from scratch. The service has succeeding tests for rewritten from scratch. The service has succeeding tests for the versions
the versions 2.1, 2.2, 3.0 and 3.11 of <link 2.1, 2.2, 3.0 and 3.11 of
xlink:href="https://cassandra.apache.org/">Apache Cassandra</link>. <link
xlink:href="https://cassandra.apache.org/">Apache
Cassandra</link>.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
There is a new <varname>services.foundationdb</varname> module for deploying There is a new <varname>services.foundationdb</varname> module for
<link xlink:href="https://www.foundationdb.org">FoundationDB</link> clusters. deploying
<link xlink:href="https://www.foundationdb.org">FoundationDB</link>
clusters.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -97,24 +102,26 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<varname>services.strongswan-swanctl</varname> <varname>services.strongswan-swanctl</varname> is a modern replacement for
is a modern replacement for <varname>services.strongswan</varname>. <varname>services.strongswan</varname>. You can use either one of them to
You can use either one of them to setup IPsec VPNs but not both at the same time. setup IPsec VPNs but not both at the same time.
</para> </para>
<para> <para>
<varname>services.strongswan-swanctl</varname> uses the <varname>services.strongswan-swanctl</varname> uses the
<link xlink:href="https://wiki.strongswan.org/projects/strongswan/wiki/swanctl">swanctl</link> <link xlink:href="https://wiki.strongswan.org/projects/strongswan/wiki/swanctl">swanctl</link>
command which uses the modern command which uses the modern
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md">vici</link> <link xlink:href="https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md">vici</link>
<emphasis>Versatile IKE Configuration Interface</emphasis>. <emphasis>Versatile IKE Configuration Interface</emphasis>. The deprecated
The deprecated <literal>ipsec</literal> command used in <varname>services.strongswan</varname> is using the legacy <literal>ipsec</literal> command used in
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/README_LEGACY.md">stroke configuration interface</link>. <varname>services.strongswan</varname> is using the legacy
<link xlink:href="https://github.com/strongswan/strongswan/blob/master/README_LEGACY.md">stroke
configuration interface</link>.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The new <varname>services.elasticsearch-curator</varname> service The new <varname>services.elasticsearch-curator</varname> service
periodically curates or manages, your Elasticsearch indices and snapshots. periodically curates or manages, your Elasticsearch indices and snapshots.
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -135,8 +142,8 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
The deprecated <varname>services.cassandra</varname> module has The deprecated <varname>services.cassandra</varname> module has seen a
seen a complete rewrite. (See above.) complete rewrite. (See above.)
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -186,41 +193,44 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<varname>services.munge</varname> now runs as user (and group) <literal>munge</literal> instead of root. <varname>services.munge</varname> now runs as user (and group)
Make sure the key file is accessible to the daemon. <literal>munge</literal> instead of root. Make sure the key file is
accessible to the daemon.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<varname>dockerTools.buildImage</varname> now uses <literal>null</literal> as default value for <varname>tag</varname>, <varname>dockerTools.buildImage</varname> now uses <literal>null</literal>
which indicates that the nix output hash will be used as tag. as default value for <varname>tag</varname>, which indicates that the nix
output hash will be used as tag.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The ELK stack: <varname>elasticsearch</varname>, <varname>logstash</varname> and <varname>kibana</varname> The ELK stack: <varname>elasticsearch</varname>,
has been upgraded from 2.* to 6.3.*. <varname>logstash</varname> and <varname>kibana</varname> has been
The 2.* versions have been <link xlink:href="https://www.elastic.co/support/eol">unsupported since last year</link> upgraded from 2.* to 6.3.*. The 2.* versions have been
so they have been removed. You can still use the 5.* versions under the names <link xlink:href="https://www.elastic.co/support/eol">unsupported since
<varname>elasticsearch5</varname>, <varname>logstash5</varname> and last year</link> so they have been removed. You can still use the 5.*
<varname>kibana5</varname>. versions under the names <varname>elasticsearch5</varname>,
<varname>logstash5</varname> and <varname>kibana5</varname>.
</para> </para>
<para> <para>
The elastic beats: The elastic beats: <varname>filebeat</varname>,
<varname>filebeat</varname>, <varname>heartbeat</varname>, <varname>heartbeat</varname>, <varname>metricbeat</varname> and
<varname>metricbeat</varname> and <varname>packetbeat</varname> <varname>packetbeat</varname> have had the same treatment: they now target
have had the same treatment: they now target 6.3.* as well. 6.3.* as well. The 5.* versions are available under the names:
The 5.* versions are available under the names:
<varname>filebeat5</varname>, <varname>heartbeat5</varname>, <varname>filebeat5</varname>, <varname>heartbeat5</varname>,
<varname>metricbeat5</varname> and <varname>packetbeat5</varname> <varname>metricbeat5</varname> and <varname>packetbeat5</varname>
</para> </para>
<para> <para>
The ELK-6.3 stack now comes with The ELK-6.3 stack now comes with
<link xlink:href="https://www.elastic.co/products/x-pack/open">X-Pack by default</link>. <link xlink:href="https://www.elastic.co/products/x-pack/open">X-Pack by
Since X-Pack is licensed under the default</link>. Since X-Pack is licensed under the
<link xlink:href="https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE.txt">Elastic License</link> <link xlink:href="https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE.txt">Elastic
the ELK packages now have an unfree license. To use them you need to specify License</link> the ELK packages now have an unfree license. To use them
<literal>allowUnfree = true;</literal> in your nixpkgs configuration. you need to specify <literal>allowUnfree = true;</literal> in your nixpkgs
configuration.
</para> </para>
<para> <para>
Fortunately there is also a free variant of the ELK stack without X-Pack. Fortunately there is also a free variant of the ELK stack without X-Pack.
@ -231,20 +241,23 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
Options Options
<literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.ramfsMountPoint</literal> <literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.ramfsMountPoint</literal>
<literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.storage.mountPoint</literal> <literal>boot.initrd.luks.devices.<replaceable>name</replaceable>.yubikey.storage.mountPoint</literal>
were removed. <literal>luksroot.nix</literal> module never supported more than one YubiKey at were removed. <literal>luksroot.nix</literal> module never supported more
a time anyway, hence those options never had any effect. You should be able to remove them than one YubiKey at a time anyway, hence those options never had any
from your config without any issues. effect. You should be able to remove them from your config without any
issues.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<literal>stdenv.system</literal> and <literal>system</literal> in nixpkgs now refer to the host platform instead of the build platform. <literal>stdenv.system</literal> and <literal>system</literal> in nixpkgs
For native builds this is not change, let alone a breaking one. now refer to the host platform instead of the build platform. For native
For cross builds, it is a breaking change, and <literal>stdenv.buildPlatform.system</literal> can be used instead for the old behavior. builds this is not change, let alone a breaking one. For cross builds, it
They should be using that anyways for clarity. is a breaking change, and <literal>stdenv.buildPlatform.system</literal>
can be used instead for the old behavior. They should be using that
anyways for clarity.
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -298,26 +311,33 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The <literal>pkgs</literal> argument to NixOS modules can now be set directly using <literal>nixpkgs.pkgs</literal>. Previously, only the <literal>system</literal>, <literal>config</literal> and <literal>overlays</literal> arguments could be used to influence <literal>pkgs</literal>. The <literal>pkgs</literal> argument to NixOS modules can now be set
directly using <literal>nixpkgs.pkgs</literal>. Previously, only the
<literal>system</literal>, <literal>config</literal> and
<literal>overlays</literal> arguments could be used to influence
<literal>pkgs</literal>.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
A NixOS system can now be constructed more easily based on a preexisting invocation of Nixpkgs. For example: A NixOS system can now be constructed more easily based on a preexisting
<programlisting> invocation of Nixpkgs. For example:
<programlisting>
inherit (pkgs.nixos { inherit (pkgs.nixos {
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
fileSystems."/".device = "/dev/xvda1"; fileSystems."/".device = "/dev/xvda1";
}) toplevel kernel initialRamdisk manual; }) toplevel kernel initialRamdisk manual;
</programlisting> </programlisting>
This benefits evaluation performance, lets you write Nixpkgs packages that
This benefits evaluation performance, lets you write Nixpkgs packages that depend on NixOS images and is consistent with a deployment architecture that would be centered around Nixpkgs overlays. depend on NixOS images and is consistent with a deployment architecture
that would be centered around Nixpkgs overlays.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<literal>lib.traceValIfNot</literal> has been deprecated. Use <literal>lib.traceValIfNot</literal> has been deprecated. Use
<literal>if/then/else</literal> and <literal>lib.traceValSeq</literal> instead. <literal>if/then/else</literal> and <literal>lib.traceValSeq</literal>
instead.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -336,9 +356,9 @@ inherit (pkgs.nixos {
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<literal>lib.recursiveUpdateUntil</literal> was not acting according to its <literal>lib.recursiveUpdateUntil</literal> was not acting according to
specification. It has been fixed to act according to the docstring, and a its specification. It has been fixed to act according to the docstring,
test has been added. and a test has been added.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -408,11 +428,11 @@ inherit (pkgs.nixos {
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The Kubernetes package has been bumped to major version 1.11. The Kubernetes package has been bumped to major version 1.11. Please
Please consult the consult the
<link xlink:href="https://github.com/kubernetes/kubernetes/blob/release-1.11/CHANGELOG-1.11.md">release notes</link> <link xlink:href="https://github.com/kubernetes/kubernetes/blob/release-1.11/CHANGELOG-1.11.md">release
for details on new features and api changes. notes</link> for details on new features and api changes.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -432,8 +452,8 @@ inherit (pkgs.nixos {
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The option <varname>services.kubernetes.apiserver.address</varname> The option <varname>services.kubernetes.apiserver.address</varname> was
was renamed to <varname>services.kubernetes.apiserver.bindAddress</varname>. renamed to <varname>services.kubernetes.apiserver.bindAddress</varname>.
Note that the default value has changed from 127.0.0.1 to 0.0.0.0. Note that the default value has changed from 127.0.0.1 to 0.0.0.0.
</para> </para>
</listitem> </listitem>
@ -445,76 +465,86 @@ inherit (pkgs.nixos {
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The option <varname>services.kubernetes.addons.dashboard.enableRBAC</varname> The option
was renamed to <varname>services.kubernetes.addons.dashboard.rbac.enable</varname>. <varname>services.kubernetes.addons.dashboard.enableRBAC</varname> was
renamed to
<varname>services.kubernetes.addons.dashboard.rbac.enable</varname>.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The Kubernetes Dashboard now has only minimal RBAC permissions by default. The Kubernetes Dashboard now has only minimal RBAC permissions by default.
If dashboard cluster-admin rights are desired, If dashboard cluster-admin rights are desired, set
set <varname>services.kubernetes.addons.dashboard.rbac.clusterAdmin</varname> to true. <varname>services.kubernetes.addons.dashboard.rbac.clusterAdmin</varname>
On existing clusters, in order for the revocation of privileges to take effect, to true. On existing clusters, in order for the revocation of privileges
the current ClusterRoleBinding for kubernetes-dashboard must be manually removed: to take effect, the current ClusterRoleBinding for kubernetes-dashboard
<literal>kubectl delete clusterrolebinding kubernetes-dashboard</literal> must be manually removed: <literal>kubectl delete clusterrolebinding
kubernetes-dashboard</literal>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The <varname>programs.screen</varname> module provides allows to configure The <varname>programs.screen</varname> module provides allows to configure
<literal>/etc/screenrc</literal>, however the module behaved fairly counterintuitive as <literal>/etc/screenrc</literal>, however the module behaved fairly
the config exists, but the package wasn't available. Since 18.09 <literal>pkgs.screen</literal> counterintuitive as the config exists, but the package wasn't available.
will be added to <literal>environment.systemPackages</literal>. Since 18.09 <literal>pkgs.screen</literal> will be added to
<literal>environment.systemPackages</literal>.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The module <option>services.networking.hostapd</option> now uses WPA2 by default. The module <option>services.networking.hostapd</option> now uses WPA2 by
default.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<varname>s6Dns</varname>, <varname>s6Networking</varname>, <varname>s6Dns</varname>, <varname>s6Networking</varname>,
<varname>s6LinuxUtils</varname> and <varname>s6PortableUtils</varname> <varname>s6LinuxUtils</varname> and <varname>s6PortableUtils</varname>
renamed to renamed to <varname>s6-dns</varname>, <varname>s6-networking</varname>,
<varname>s6-dns</varname>, <varname>s6-networking</varname>, <varname>s6-linux-utils</varname> and <varname>s6-portable-utils</varname>
<varname>s6-linux-utils</varname> and <varname>s6-portable-utils</varname> respectively. respectively.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The module option <option>nix.useSandbox</option> is now defaulted to <literal>true</literal>. The module option <option>nix.useSandbox</option> is now defaulted to
<literal>true</literal>.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The config activation script of <literal>nixos-rebuild</literal> now The config activation script of <literal>nixos-rebuild</literal> now
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemctl.html#Manager%20Lifecycle%20Commands">reloads</link> <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemctl.html#Manager%20Lifecycle%20Commands">reloads</link>
all user units for each authenticated user. all user units for each authenticated user.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The default display manager is now LightDM. The default display manager is now LightDM. To use SLiM set
To use SLiM set <literal>services.xserver.displayManager.slim.enable</literal> <literal>services.xserver.displayManager.slim.enable</literal> to
to <literal>true</literal>. <literal>true</literal>.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
NixOS option descriptions are now automatically broken up into individual NixOS option descriptions are now automatically broken up into individual
paragraphs if the text contains two consecutive newlines, so it's no paragraphs if the text contains two consecutive newlines, so it's no
longer necessary to use <code>&lt;/para&gt;&lt;para&gt;</code> to start longer necessary to use <code>&lt;/para&gt;&lt;para&gt;</code> to start a
a new paragraph. new paragraph.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
Top-level <literal>buildPlatform</literal>, <literal>hostPlatform</literal>, and <literal>targetPlatform</literal> in Nixpkgs are deprecated. Top-level <literal>buildPlatform</literal>,
Please use their equivalents in <literal>stdenv</literal> instead: <literal>hostPlatform</literal>, and <literal>targetPlatform</literal> in
<literal>stdenv.buildPlatform</literal>, <literal>stdenv.hostPlatform</literal>, and <literal>stdenv.targetPlatform</literal>. Nixpkgs are deprecated. Please use their equivalents in
<literal>stdenv</literal> instead:
<literal>stdenv.buildPlatform</literal>,
<literal>stdenv.hostPlatform</literal>, and
<literal>stdenv.targetPlatform</literal>.
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>
</section> </section>

View File

@ -100,9 +100,10 @@
</itemizedlist> </itemizedlist>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
Package <varname>rabbitmq_server</varname> is renamed to <varname>rabbitmq-server</varname>. Package <varname>rabbitmq_server</varname> is renamed to
</para> <varname>rabbitmq-server</varname>.
</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>

View File

@ -155,8 +155,10 @@ sub start {
$ENV{USE_TMPDIR} = 1; $ENV{USE_TMPDIR} = 1;
$ENV{QEMU_OPTS} = $ENV{QEMU_OPTS} =
($self->{allowReboot} ? "" : "-no-reboot ") . ($self->{allowReboot} ? "" : "-no-reboot ") .
"-monitor unix:./monitor -chardev socket,id=shell,path=./shell " . "-monitor unix:./monitor " .
"-device virtio-serial -device virtconsole,chardev=shell " . "-chardev socket,id=shell,path=./shell -device virtio-serial -device virtconsole,chardev=shell " .
# socket backdoor, see "Debugging NixOS tests" section in NixOS manual
"-chardev socket,id=backdoor,path=./backdoor,server,nowait -device virtio-serial -device virtconsole,chardev=backdoor " .
"-device virtio-rng-pci " . "-device virtio-rng-pci " .
($showGraphics ? "-serial stdio" : "-nographic") . " " . ($ENV{QEMU_OPTS} || ""); ($showGraphics ? "-serial stdio" : "-nographic") . " " . ($ENV{QEMU_OPTS} || "");
chdir $self->{stateDir} or die; chdir $self->{stateDir} or die;

View File

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.steam-hardware;
in
{
options.hardware.steam-hardware = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive";
};
};
config = mkIf cfg.enable {
services.udev.packages = [
pkgs.steamPackages.steam
];
};
}

View File

@ -3,32 +3,50 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-services-input-methods"> xml:id="module-services-input-methods">
<title>Input Methods</title>
<para>
Input methods are an operating system component that allows any data, such as
keyboard strokes or mouse movements, to be received as input. In this way
users can enter characters and symbols not found on their input devices.
Using an input method is obligatory for any language that has more graphemes
than there are keys on the keyboard.
</para>
<para>
The following input methods are available in NixOS:
</para>
<itemizedlist>
<listitem>
<para>
IBus: The intelligent input bus.
</para>
</listitem>
<listitem>
<para>
Fcitx: A customizable lightweight input method.
</para>
</listitem>
<listitem>
<para>
Nabi: A Korean input method based on XIM.
</para>
</listitem>
<listitem>
<para>
Uim: The universal input method, is a library with a XIM bridge.
</para>
</listitem>
</itemizedlist>
<section xml:id="module-services-input-methods-ibus">
<title>IBus</title>
<title>Input Methods</title> <para>
IBus is an Intelligent Input Bus. It provides full featured and user
friendly input method user interface.
</para>
<para>Input methods are an operating system component that allows any data, such <para>
as keyboard strokes or mouse movements, to be received as input. In this way The following snippet can be used to configure IBus:
users can enter characters and symbols not found on their input devices. Using </para>
an input method is obligatory for any language that has more graphemes than
there are keys on the keyboard.</para>
<para>The following input methods are available in NixOS:</para>
<itemizedlist>
<listitem><para>IBus: The intelligent input bus.</para></listitem>
<listitem><para>Fcitx: A customizable lightweight input
method.</para></listitem>
<listitem><para>Nabi: A Korean input method based on XIM.</para></listitem>
<listitem><para>Uim: The universal input method, is a library with a XIM
bridge.</para></listitem>
</itemizedlist>
<section xml:id="module-services-input-methods-ibus"><title>IBus</title>
<para>IBus is an Intelligent Input Bus. It provides full featured and user
friendly input method user interface.</para>
<para>The following snippet can be used to configure IBus:</para>
<programlisting> <programlisting>
i18n.inputMethod = { i18n.inputMethod = {
@ -37,57 +55,89 @@ i18n.inputMethod = {
}; };
</programlisting> </programlisting>
<para><literal>i18n.inputMethod.ibus.engines</literal> is optional and can be <para>
used to add extra IBus engines.</para> <literal>i18n.inputMethod.ibus.engines</literal> is optional and can be used
to add extra IBus engines.
</para>
<para>Available extra IBus engines are:</para> <para>
Available extra IBus engines are:
</para>
<itemizedlist> <itemizedlist>
<listitem><para>Anthy (<literal>ibus-engines.anthy</literal>): Anthy is a <listitem>
system for Japanese input method. It converts Hiragana text to Kana Kanji <para>
mixed text.</para></listitem> Anthy (<literal>ibus-engines.anthy</literal>): Anthy is a system for
<listitem><para>Hangul (<literal>ibus-engines.hangul</literal>): Korean input Japanese input method. It converts Hiragana text to Kana Kanji mixed text.
method.</para></listitem> </para>
<listitem><para>m17n (<literal>ibus-engines.m17n</literal>): m17n is an input </listitem>
method that uses input methods and corresponding icons in the m17n <listitem>
database.</para></listitem> <para>
<listitem><para>mozc (<literal>ibus-engines.mozc</literal>): A Japanese input Hangul (<literal>ibus-engines.hangul</literal>): Korean input method.
method from Google.</para></listitem> </para>
<listitem><para>Table (<literal>ibus-engines.table</literal>): An input method </listitem>
that load tables of input methods.</para></listitem> <listitem>
<listitem><para>table-others (<literal>ibus-engines.table-others</literal>): <para>
Various table-based input methods. To use this, and any other table-based m17n (<literal>ibus-engines.m17n</literal>): m17n is an input method that
input methods, it must appear in the list of engines along with uses input methods and corresponding icons in the m17n database.
<literal>table</literal>. For example: </para>
</listitem>
<listitem>
<para>
mozc (<literal>ibus-engines.mozc</literal>): A Japanese input method from
Google.
</para>
</listitem>
<listitem>
<para>
Table (<literal>ibus-engines.table</literal>): An input method that load
tables of input methods.
</para>
</listitem>
<listitem>
<para>
table-others (<literal>ibus-engines.table-others</literal>): Various
table-based input methods. To use this, and any other table-based input
methods, it must appear in the list of engines along with
<literal>table</literal>. For example:
<programlisting> <programlisting>
ibus.engines = with pkgs.ibus-engines; [ table table-others ]; ibus.engines = with pkgs.ibus-engines; [ table table-others ];
</programlisting> </programlisting>
</para></listitem> </para>
</itemizedlist> </listitem>
</itemizedlist>
<para>To use any input method, the package must be added in the configuration, <para>
as shown above, and also (after running <literal>nixos-rebuild</literal>) the To use any input method, the package must be added in the configuration, as
input method must be added from IBus' preference dialog.</para> shown above, and also (after running <literal>nixos-rebuild</literal>) the
input method must be added from IBus' preference dialog.
</para>
<simplesect xml:id="module-services-input-methods-troubleshooting"> <simplesect xml:id="module-services-input-methods-troubleshooting">
<title>Troubleshooting</title> <title>Troubleshooting</title>
<para>If IBus works in some applications but not others, a likely cause of <para>
this is that IBus is depending on a different version of If IBus works in some applications but not others, a likely cause of this
<literal>glib</literal> to what the applications are depending on. This can is that IBus is depending on a different version of <literal>glib</literal>
be checked by running <literal>nix-store -q --requisites &lt;path&gt; | grep to what the applications are depending on. This can be checked by running
glib</literal>, where <literal>&lt;path&gt;</literal> is the path of either <literal>nix-store -q --requisites &lt;path&gt; | grep glib</literal>,
IBus or an application in the Nix store. The <literal>glib</literal> where <literal>&lt;path&gt;</literal> is the path of either IBus or an
packages must match exactly. If they do not, uninstalling and reinstalling application in the Nix store. The <literal>glib</literal> packages must
the application is a likely fix.</para> match exactly. If they do not, uninstalling and reinstalling the
</simplesect> application is a likely fix.
</section> </para>
</simplesect>
</section>
<section xml:id="module-services-input-methods-fcitx">
<title>Fcitx</title>
<section xml:id="module-services-input-methods-fcitx"><title>Fcitx</title> <para>
Fcitx is an input method framework with extension support. It has three
built-in Input Method Engine, Pinyin, QuWei and Table-based input methods.
</para>
<para>Fcitx is an input method framework with extension support. It has three <para>
built-in Input Method Engine, Pinyin, QuWei and Table-based input The following snippet can be used to configure Fcitx:
methods.</para> </para>
<para>The following snippet can be used to configure Fcitx:</para>
<programlisting> <programlisting>
i18n.inputMethod = { i18n.inputMethod = {
@ -96,51 +146,89 @@ i18n.inputMethod = {
}; };
</programlisting> </programlisting>
<para><literal>i18n.inputMethod.fcitx.engines</literal> is optional and can be <para>
used to add extra Fcitx engines.</para> <literal>i18n.inputMethod.fcitx.engines</literal> is optional and can be
used to add extra Fcitx engines.
</para>
<para>Available extra Fcitx engines are:</para> <para>
Available extra Fcitx engines are:
</para>
<itemizedlist> <itemizedlist>
<listitem><para>Anthy (<literal>fcitx-engines.anthy</literal>): Anthy is a <listitem>
system for Japanese input method. It converts Hiragana text to Kana Kanji <para>
mixed text.</para></listitem> Anthy (<literal>fcitx-engines.anthy</literal>): Anthy is a system for
<listitem><para>Chewing (<literal>fcitx-engines.chewing</literal>): Chewing is Japanese input method. It converts Hiragana text to Kana Kanji mixed text.
an intelligent Zhuyin input method. It is one of the most popular input </para>
methods among Traditional Chinese Unix users.</para></listitem> </listitem>
<listitem><para>Hangul (<literal>fcitx-engines.hangul</literal>): Korean input <listitem>
method.</para></listitem> <para>
<listitem><para>Unikey (<literal>fcitx-engines.unikey</literal>): Vietnamese input Chewing (<literal>fcitx-engines.chewing</literal>): Chewing is an
method.</para></listitem> intelligent Zhuyin input method. It is one of the most popular input
<listitem><para>m17n (<literal>fcitx-engines.m17n</literal>): m17n is an input methods among Traditional Chinese Unix users.
method that uses input methods and corresponding icons in the m17n </para>
database.</para></listitem> </listitem>
<listitem><para>mozc (<literal>fcitx-engines.mozc</literal>): A Japanese input <listitem>
method from Google.</para></listitem> <para>
<listitem><para>table-others (<literal>fcitx-engines.table-others</literal>): Hangul (<literal>fcitx-engines.hangul</literal>): Korean input method.
Various table-based input methods.</para></listitem> </para>
</itemizedlist> </listitem>
</section> <listitem>
<para>
Unikey (<literal>fcitx-engines.unikey</literal>): Vietnamese input method.
</para>
</listitem>
<listitem>
<para>
m17n (<literal>fcitx-engines.m17n</literal>): m17n is an input method that
uses input methods and corresponding icons in the m17n database.
</para>
</listitem>
<listitem>
<para>
mozc (<literal>fcitx-engines.mozc</literal>): A Japanese input method from
Google.
</para>
</listitem>
<listitem>
<para>
table-others (<literal>fcitx-engines.table-others</literal>): Various
table-based input methods.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="module-services-input-methods-nabi">
<title>Nabi</title>
<section xml:id="module-services-input-methods-nabi"><title>Nabi</title> <para>
Nabi is an easy to use Korean X input method. It allows you to enter
phonetic Korean characters (hangul) and pictographic Korean characters
(hanja).
</para>
<para>Nabi is an easy to use Korean X input method. It allows you to enter <para>
phonetic Korean characters (hangul) and pictographic Korean characters The following snippet can be used to configure Nabi:
(hanja).</para> </para>
<para>The following snippet can be used to configure Nabi:</para>
<programlisting> <programlisting>
i18n.inputMethod = { i18n.inputMethod = {
<link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "nabi"; <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "nabi";
}; };
</programlisting> </programlisting>
</section> </section>
<section xml:id="module-services-input-methods-uim">
<title>Uim</title>
<section xml:id="module-services-input-methods-uim"><title>Uim</title> <para>
Uim (short for "universal input method") is a multilingual input method
framework. Applications can use it through so-called bridges.
</para>
<para>Uim (short for "universal input method") is a multilingual input method <para>
framework. Applications can use it through so-called bridges.</para> The following snippet can be used to configure uim:
<para>The following snippet can be used to configure uim:</para> </para>
<programlisting> <programlisting>
i18n.inputMethod = { i18n.inputMethod = {
@ -148,8 +236,9 @@ i18n.inputMethod = {
}; };
</programlisting> </programlisting>
<para>Note: The <xref linkend="opt-i18n.inputMethod.uim.toolbar"/> option can be <para>
used to choose uim toolbar.</para> Note: The <xref linkend="opt-i18n.inputMethod.uim.toolbar"/> option can be
used to choose uim toolbar.
</section> </para>
</section>
</chapter> </chapter>

View File

@ -1,6 +1,6 @@
{ {
x86_64-linux = "/nix/store/mxg4bbblxfns96yrz0nalxyiyjl7gj98-nix-2.1.2"; x86_64-linux = "/nix/store/cdcia67siabmj6li7vyffgv2cry86fq8-nix-2.1.3";
i686-linux = "/nix/store/bgjgmbwirx63mwwychpikd7yc4k4lbjv-nix-2.1.2"; i686-linux = "/nix/store/6q3xi6y5qnsv7d62b8n00hqfxi8rs2xs-nix-2.1.3";
aarch64-linux = "/nix/store/yi18azn4nwrcwvaiag04jnxc1qs38fy5-nix-2.1.2"; aarch64-linux = "/nix/store/2v93d0vimlm28jg0ms6v1i6lc0fq13pn-nix-2.1.3";
x86_64-darwin = "/nix/store/fpivmcck2qpw5plrp599iraw2x9jp18k-nix-2.1.2"; x86_64-darwin = "/nix/store/dkjlfkrknmxbjmpfk3dg4q3nmb7m3zvk-nix-2.1.3";
} }

View File

@ -289,7 +289,7 @@
stanchion = 262; stanchion = 262;
riak-cs = 263; riak-cs = 263;
infinoted = 264; infinoted = 264;
# keystone = 265; # unused, removed 2017-12-13 sickbeard = 265;
# glance = 266; # unused, removed 2017-12-13 # glance = 266; # unused, removed 2017-12-13
couchpotato = 267; couchpotato = 267;
gogs = 268; gogs = 268;
@ -330,6 +330,7 @@
# render = 303; # unused # render = 303; # unused
zeronet = 304; zeronet = 304;
lirc = 305; lirc = 305;
lidarr = 306;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -580,7 +581,7 @@
stanchion = 262; stanchion = 262;
riak-cs = 263; riak-cs = 263;
infinoted = 264; infinoted = 264;
# keystone = 265; # unused, removed 2017-12-13 sickbeard = 265;
# glance = 266; # unused, removed 2017-12-13 # glance = 266; # unused, removed 2017-12-13
couchpotato = 267; couchpotato = 267;
gogs = 268; gogs = 268;
@ -620,6 +621,7 @@
render = 303; # default udev rules from systemd requires these render = 303; # default udev rules from systemd requires these
zeronet = 304; zeronet = 304;
lirc = 305; lirc = 305;
lidarr = 306;
# When adding a gid, make sure it doesn't match an existing # When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal # uid. Users and groups with the same name should have equal

View File

@ -46,6 +46,7 @@
./hardware/opengl.nix ./hardware/opengl.nix
./hardware/pcmcia.nix ./hardware/pcmcia.nix
./hardware/raid/hpsa.nix ./hardware/raid/hpsa.nix
./hardware/steam-hardware.nix
./hardware/usb-wwan.nix ./hardware/usb-wwan.nix
./hardware/onlykey.nix ./hardware/onlykey.nix
./hardware/video/amdgpu.nix ./hardware/video/amdgpu.nix
@ -365,6 +366,7 @@
./services/misc/jackett.nix ./services/misc/jackett.nix
./services/misc/logkeys.nix ./services/misc/logkeys.nix
./services/misc/leaps.nix ./services/misc/leaps.nix
./services/misc/lidarr.nix
./services/misc/mantisbt.nix ./services/misc/mantisbt.nix
./services/misc/mathics.nix ./services/misc/mathics.nix
./services/misc/matrix-synapse.nix ./services/misc/matrix-synapse.nix
@ -395,6 +397,7 @@
./services/misc/rogue.nix ./services/misc/rogue.nix
./services/misc/serviio.nix ./services/misc/serviio.nix
./services/misc/safeeyes.nix ./services/misc/safeeyes.nix
./services/misc/sickbeard.nix
./services/misc/siproxd.nix ./services/misc/siproxd.nix
./services/misc/snapper.nix ./services/misc/snapper.nix
./services/misc/sonarr.nix ./services/misc/sonarr.nix

View File

@ -3,75 +3,64 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-programs-digitalbitbox"> xml:id="module-programs-digitalbitbox">
<title>Digital Bitbox</title>
<title>Digital Bitbox</title> <para>
Digital Bitbox is a hardware wallet and second-factor authenticator.
<para> </para>
Digital Bitbox is a hardware wallet and second-factor authenticator. <para>
</para> The <literal>digitalbitbox</literal> programs module may be installed by
setting <literal>programs.digitalbitbox</literal> to <literal>true</literal>
<para> in a manner similar to
The <literal>digitalbitbox</literal> programs module may be
installed by setting <literal>programs.digitalbitbox</literal>
to <literal>true</literal> in a manner similar to
<programlisting> <programlisting>
<xref linkend="opt-programs.digitalbitbox.enable"/> = true; <xref linkend="opt-programs.digitalbitbox.enable"/> = true;
</programlisting> </programlisting>
and bundles the <literal>digitalbitbox</literal> package (see
and bundles the <literal>digitalbitbox</literal> package (see <xref <xref
linkend="sec-digitalbitbox-package" />), which contains the linkend="sec-digitalbitbox-package" />), which contains the
<literal>dbb-app</literal> and <literal>dbb-cli</literal> binaries, <literal>dbb-app</literal> and <literal>dbb-cli</literal> binaries, along
along with the hardware module (see <xref with the hardware module (see
<xref
linkend="sec-digitalbitbox-hardware-module" />) which sets up the linkend="sec-digitalbitbox-hardware-module" />) which sets up the
necessary udev rules to access the device. necessary udev rules to access the device.
</para> </para>
<para>
Enabling the digitalbitbox module is pretty much the easiest way to get a
Digital Bitbox device working on your system.
</para>
<para>
For more information, see
<link xlink:href="https://digitalbitbox.com/start_linux" />.
</para>
<section xml:id="sec-digitalbitbox-package">
<title>Package</title>
<para> <para>
Enabling the digitalbitbox module is pretty much the easiest way to The binaries, <literal>dbb-app</literal> (a GUI tool) and
get a Digital Bitbox device working on your system. <literal>dbb-cli</literal> (a CLI tool), are available through the
</para> <literal>digitalbitbox</literal> package which could be installed as
follows:
<para>
For more information, see
<link xlink:href="https://digitalbitbox.com/start_linux" />.
</para>
<section xml:id="sec-digitalbitbox-package">
<title>Package</title>
<para>
The binaries, <literal>dbb-app</literal> (a GUI tool) and
<literal>dbb-cli</literal> (a CLI tool), are available through the
<literal>digitalbitbox</literal> package which could be installed
as follows:
<programlisting> <programlisting>
<xref linkend="opt-environment.systemPackages"/> = [ <xref linkend="opt-environment.systemPackages"/> = [
pkgs.digitalbitbox pkgs.digitalbitbox
]; ];
</programlisting> </programlisting>
</para> </para>
</section> </section>
<section xml:id="sec-digitalbitbox-hardware-module">
<title>Hardware</title>
<section xml:id="sec-digitalbitbox-hardware-module">
<title>Hardware</title>
<para>
The digitalbitbox hardware package enables the udev rules for
Digital Bitbox devices and may be installed as follows:
<para>
The digitalbitbox hardware package enables the udev rules for Digital Bitbox
devices and may be installed as follows:
<programlisting> <programlisting>
<xref linkend="opt-hardware.digitalbitbox.enable"/> = true; <xref linkend="opt-hardware.digitalbitbox.enable"/> = true;
</programlisting> </programlisting>
</para> </para>
<para>
In order to alter the udev rules, one may provide different values for
the <literal>udevRule51</literal> and <literal>udevRule52</literal>
attributes by means of overriding as follows:
<para>
In order to alter the udev rules, one may provide different values for the
<literal>udevRule51</literal> and <literal>udevRule52</literal> attributes
by means of overriding as follows:
<programlisting> <programlisting>
programs.digitalbitbox = { programs.digitalbitbox = {
<link linkend="opt-programs.digitalbitbox.enable">enable</link> = true; <link linkend="opt-programs.digitalbitbox.enable">enable</link> = true;
@ -80,6 +69,6 @@ programs.digitalbitbox = {
}; };
}; };
</programlisting> </programlisting>
</para> </para>
</section> </section>
</chapter> </chapter>

View File

@ -3,23 +3,28 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-program-plotinus"> xml:id="module-program-plotinus">
<title>Plotinus</title>
<title>Plotinus</title> <para>
<emphasis>Source:</emphasis>
<para><emphasis>Source:</emphasis> <filename>modules/programs/plotinus.nix</filename></para> <filename>modules/programs/plotinus.nix</filename>
</para>
<para><emphasis>Upstream documentation:</emphasis> <link xlink:href="https://github.com/p-e-w/plotinus"/></para> <para>
<emphasis>Upstream documentation:</emphasis>
<para>Plotinus is a searchable command palette in every modern GTK+ application.</para> <link xlink:href="https://github.com/p-e-w/plotinus"/>
</para>
<para>When in a GTK+3 application and Plotinus is enabled, you can press <literal>Ctrl+Shift+P</literal> to open the command palette. The command palette provides a searchable list of of all menu items in the application.</para> <para>
Plotinus is a searchable command palette in every modern GTK+ application.
<para>To enable Plotinus, add the following to your <filename>configuration.nix</filename>: </para>
<para>
When in a GTK+3 application and Plotinus is enabled, you can press
<literal>Ctrl+Shift+P</literal> to open the command palette. The command
palette provides a searchable list of of all menu items in the application.
</para>
<para>
To enable Plotinus, add the following to your
<filename>configuration.nix</filename>:
<programlisting> <programlisting>
<xref linkend="opt-programs.plotinus.enable"/> = true; <xref linkend="opt-programs.plotinus.enable"/> = true;
</programlisting> </programlisting>
</para>
</para>
</chapter> </chapter>

View File

@ -3,18 +3,20 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-programs-zsh-ohmyzsh"> xml:id="module-programs-zsh-ohmyzsh">
<title>Oh my ZSH</title>
<para>
<literal><link xlink:href="https://ohmyz.sh/">oh-my-zsh</link></literal> is a
framework to manage your <link xlink:href="https://www.zsh.org/">ZSH</link>
configuration including completion scripts for several CLI tools or custom
prompt themes.
</para>
<section xml:id="module-programs-oh-my-zsh-usage">
<title>Basic usage</title>
<title>Oh my ZSH</title> <para>
The module uses the <literal>oh-my-zsh</literal> package with all available
<para><literal><link xlink:href="https://ohmyz.sh/">oh-my-zsh</link></literal> is a framework features. The initial setup using Nix expressions is fairly similar to the
to manage your <link xlink:href="https://www.zsh.org/">ZSH</link> configuration configuration format of <literal>oh-my-zsh</literal>.
including completion scripts for several CLI tools or custom prompt themes.</para>
<section xml:id="module-programs-oh-my-zsh-usage"><title>Basic usage</title>
<para>The module uses the <literal>oh-my-zsh</literal> package with all available features. The
initial setup using Nix expressions is fairly similar to the configuration format
of <literal>oh-my-zsh</literal>.
<programlisting> <programlisting>
{ {
programs.ohMyZsh = { programs.ohMyZsh = {
@ -24,39 +26,50 @@ of <literal>oh-my-zsh</literal>.
}; };
} }
</programlisting> </programlisting>
For a detailed explanation of these arguments please refer to the
<link xlink:href="https://github.com/robbyrussell/oh-my-zsh/wiki"><literal>oh-my-zsh</literal>
docs</link>.
</para>
For a detailed explanation of these arguments please refer to the <para>
<link xlink:href="https://github.com/robbyrussell/oh-my-zsh/wiki"><literal>oh-my-zsh</literal> docs</link>. The expression generates the needed configuration and writes it into your
</para> <literal>/etc/zshrc</literal>.
<para>The expression generates the needed </para>
configuration and writes it into your <literal>/etc/zshrc</literal>. </section>
</para></section> <section xml:id="module-programs-oh-my-zsh-additions">
<title>Custom additions</title>
<section xml:id="module-programs-oh-my-zsh-additions"><title>Custom additions</title> <para>
Sometimes third-party or custom scripts such as a modified theme may be
<para>Sometimes third-party or custom scripts such as a modified theme may be needed. needed. <literal>oh-my-zsh</literal> provides the
<literal>oh-my-zsh</literal> provides the <link xlink:href="https://github.com/robbyrussell/oh-my-zsh/wiki/Customization#overriding-internals"><literal>ZSH_CUSTOM</literal></link>
<link xlink:href="https://github.com/robbyrussell/oh-my-zsh/wiki/Customization#overriding-internals"><literal>ZSH_CUSTOM</literal></link> environment variable for this which points to a directory with additional
environment variable for this which points to a directory with additional scripts.</para> scripts.
</para>
<para>The module can do this as well:
<para>
The module can do this as well:
<programlisting> <programlisting>
{ {
programs.ohMyZsh.custom = "~/path/to/custom/scripts"; programs.ohMyZsh.custom = "~/path/to/custom/scripts";
} }
</programlisting> </programlisting>
</para></section> </para>
</section>
<section xml:id="module-programs-oh-my-zsh-environments">
<title>Custom environments</title>
<section xml:id="module-programs-oh-my-zsh-environments"><title>Custom environments</title> <para>
There are several extensions for <literal>oh-my-zsh</literal> packaged in
<para>There are several extensions for <literal>oh-my-zsh</literal> packaged in <literal>nixpkgs</literal>. <literal>nixpkgs</literal>. One of them is
One of them is <link xlink:href="https://github.com/spwhitt/nix-zsh-completions">nix-zsh-completions</link> <link xlink:href="https://github.com/spwhitt/nix-zsh-completions">nix-zsh-completions</link>
which bundles completion scripts and a plugin for <literal>oh-my-zsh</literal>.</para> which bundles completion scripts and a plugin for
<literal>oh-my-zsh</literal>.
<para>Rather than using a single mutable path for <literal>ZSH_CUSTOM</literal>, it's also possible to </para>
generate this path from a list of Nix packages:
<para>
Rather than using a single mutable path for <literal>ZSH_CUSTOM</literal>,
it's also possible to generate this path from a list of Nix packages:
<programlisting> <programlisting>
{ pkgs, ... }: { pkgs, ... }:
{ {
@ -66,42 +79,59 @@ generate this path from a list of Nix packages:
]; ];
} }
</programlisting> </programlisting>
Internally a single store path will be created using
<literal>buildEnv</literal>. Please refer to the docs of
<link xlink:href="https://nixos.org/nixpkgs/manual/#sec-building-environment"><literal>buildEnv</literal></link>
for further reference.
</para>
Internally a single store path will be created using <literal>buildEnv</literal>. <para>
Please refer to the docs of <emphasis>Please keep in mind that this is not compatible with
<link xlink:href="https://nixos.org/nixpkgs/manual/#sec-building-environment"><literal>buildEnv</literal></link> <literal>programs.ohMyZsh.custom</literal> as it requires an immutable store
for further reference.</para> path while <literal>custom</literal> shall remain mutable! An evaluation
failure will be thrown if both <literal>custom</literal> and
<literal>customPkgs</literal> are set.</emphasis>
</para>
</section>
<section xml:id="module-programs-oh-my-zsh-packaging-customizations">
<title>Package your own customizations</title>
<para><emphasis>Please keep in mind that this is not compatible with <literal>programs.ohMyZsh.custom</literal> <para>
as it requires an immutable store path while <literal>custom</literal> shall remain mutable! An evaluation failure If third-party customizations (e.g. new themes) are supposed to be added to
will be thrown if both <literal>custom</literal> and <literal>customPkgs</literal> are set.</emphasis> <literal>oh-my-zsh</literal> there are several pitfalls to keep in mind:
</para></section> </para>
<section xml:id="module-programs-oh-my-zsh-packaging-customizations"><title>Package your own customizations</title> <itemizedlist>
<listitem>
<para>If third-party customizations (e.g. new themes) are supposed to be added to <literal>oh-my-zsh</literal> <para>
there are several pitfalls to keep in mind:</para> To comply with the default structure of <literal>ZSH</literal> the entire
output needs to be written to <literal>$out/share/zsh.</literal>
<itemizedlist>
<listitem>
<para>To comply with the default structure of <literal>ZSH</literal> the entire output needs to be written to
<literal>$out/share/zsh.</literal></para>
</listitem>
<listitem>
<para>Completion scripts are supposed to be stored at <literal>$out/share/zsh/site-functions</literal>. This directory
is part of the <literal><link xlink:href="http://zsh.sourceforge.net/Doc/Release/Functions.html">fpath</link></literal>
and the package should be compatible with pure <literal>ZSH</literal> setups. The module will automatically link
the contents of <literal>site-functions</literal> to completions directory in the proper store path.</para>
</listitem>
<listitem>
<para>The <literal>plugins</literal> directory needs the structure <literal>pluginname/pluginname.plugin.zsh</literal>
as structured in the <link xlink:href="https://github.com/robbyrussell/oh-my-zsh/tree/91b771914bc7c43dd7c7a43b586c5de2c225ceb7/plugins">upstream repo.</link>
</para> </para>
</listitem> </listitem>
</itemizedlist> <listitem>
<para>
Completion scripts are supposed to be stored at
<literal>$out/share/zsh/site-functions</literal>. This directory is part
of the
<literal><link xlink:href="http://zsh.sourceforge.net/Doc/Release/Functions.html">fpath</link></literal>
and the package should be compatible with pure <literal>ZSH</literal>
setups. The module will automatically link the contents of
<literal>site-functions</literal> to completions directory in the proper
store path.
</para>
</listitem>
<listitem>
<para>
The <literal>plugins</literal> directory needs the structure
<literal>pluginname/pluginname.plugin.zsh</literal> as structured in the
<link xlink:href="https://github.com/robbyrussell/oh-my-zsh/tree/91b771914bc7c43dd7c7a43b586c5de2c225ceb7/plugins">upstream
repo.</link>
</para>
</listitem>
</itemizedlist>
<para> <para>
A derivation for <literal>oh-my-zsh</literal> may look like this: A derivation for <literal>oh-my-zsh</literal> may look like this:
<programlisting> <programlisting>
{ stdenv, fetchFromGitHub }: { stdenv, fetchFromGitHub }:
@ -120,6 +150,6 @@ stdenv.mkDerivation rec {
''; '';
} }
</programlisting> </programlisting>
</para> </para>
</section> </section>
</chapter> </chapter>

View File

@ -11,7 +11,7 @@ let
cfg = config.programs.zsh; cfg = config.programs.zsh;
zshAliases = concatStringsSep "\n" ( zshAliases = concatStringsSep "\n" (
mapAttrsFlatten (k: v: "alias ${k}='${v}'") cfg.shellAliases mapAttrsFlatten (k: v: "alias ${k}=${escapeShellArg v}") cfg.shellAliases
); );
in in

View File

@ -39,6 +39,7 @@ with lib;
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "address" ] ["services" "kubernetes" "apiserver" "bindAddress"]) (mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "address" ] ["services" "kubernetes" "apiserver" "bindAddress"])
(mkRemovedOptionModule [ "services" "kubernetes" "apiserver" "publicAddress" ] "") (mkRemovedOptionModule [ "services" "kubernetes" "apiserver" "publicAddress" ] "")
(mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ]) (mkRenamedOptionModule [ "services" "kubernetes" "addons" "dashboard" "enableRBAC" ] [ "services" "kubernetes" "addons" "dashboard" "rbac" "enable" ])
(mkRemovedOptionModule [ "services" "kubernetes" "kubelet" "cadvisorPort" ] "")
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ]) (mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
(mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ]) (mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ]) (mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ])

View File

@ -3,23 +3,25 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-security-acme"> xml:id="module-security-acme">
<title>SSL/TLS Certificates with ACME</title>
<para>
NixOS supports automatic domain validation &amp; certificate retrieval and
renewal using the ACME protocol. This is currently only implemented by and
for Let's Encrypt. The alternative ACME client <literal>simp_le</literal> is
used under the hood.
</para>
<section xml:id="module-security-acme-prerequisites">
<title>Prerequisites</title>
<title>SSL/TLS Certificates with ACME</title> <para>
You need to have a running HTTP server for verification. The server must
<para>NixOS supports automatic domain validation &amp; certificate have a webroot defined that can serve
retrieval and renewal using the ACME protocol. This is currently only <filename>.well-known/acme-challenge</filename>. This directory must be
implemented by and for Let's Encrypt. The alternative ACME client writeable by the user that will run the ACME client.
<literal>simp_le</literal> is used under the hood.</para> </para>
<section xml:id="module-security-acme-prerequisites"><title>Prerequisites</title>
<para>You need to have a running HTTP server for verification. The server must
have a webroot defined that can serve
<filename>.well-known/acme-challenge</filename>. This directory must be
writeable by the user that will run the ACME client.</para>
<para>For instance, this generic snippet could be used for Nginx:
<para>
For instance, this generic snippet could be used for Nginx:
<programlisting> <programlisting>
http { http {
server { server {
@ -37,43 +39,47 @@ http {
} }
} }
</programlisting> </programlisting>
</para> </para>
</section>
</section> <section xml:id="module-security-acme-configuring">
<title>Configuring</title>
<section xml:id="module-security-acme-configuring"><title>Configuring</title>
<para>To enable ACME certificate retrieval &amp; renewal for a certificate for
<literal>foo.example.com</literal>, add the following in your
<filename>configuration.nix</filename>:
<para>
To enable ACME certificate retrieval &amp; renewal for a certificate for
<literal>foo.example.com</literal>, add the following in your
<filename>configuration.nix</filename>:
<programlisting> <programlisting>
<xref linkend="opt-security.acme.certs"/>."foo.example.com" = { <xref linkend="opt-security.acme.certs"/>."foo.example.com" = {
<link linkend="opt-security.acme.certs._name_.webroot">webroot</link> = "/var/www/challenges"; <link linkend="opt-security.acme.certs._name_.webroot">webroot</link> = "/var/www/challenges";
<link linkend="opt-security.acme.certs._name_.email">email</link> = "foo@example.com"; <link linkend="opt-security.acme.certs._name_.email">email</link> = "foo@example.com";
}; };
</programlisting> </programlisting>
</para> </para>
<para>The private key <filename>key.pem</filename> and certificate <para>
<filename>fullchain.pem</filename> will be put into The private key <filename>key.pem</filename> and certificate
<filename>/var/lib/acme/foo.example.com</filename>. The target directory can <filename>fullchain.pem</filename> will be put into
be configured with the option <xref linkend="opt-security.acme.directory"/>. <filename>/var/lib/acme/foo.example.com</filename>. The target directory can
</para> be configured with the option <xref linkend="opt-security.acme.directory"/>.
</para>
<para>Refer to <xref linkend="ch-options" /> for all available configuration <para>
options for the <link linkend="opt-security.acme.certs">security.acme</link> module.</para> Refer to <xref linkend="ch-options" /> for all available configuration
options for the <link linkend="opt-security.acme.certs">security.acme</link>
module.
</para>
</section>
<section xml:id="module-security-acme-nginx">
<title>Using ACME certificates in Nginx</title>
</section> <para>
NixOS supports fetching ACME certificates for you by setting
<section xml:id="module-security-acme-nginx"><title>Using ACME certificates in Nginx</title> <literal><link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link>
<para>NixOS supports fetching ACME certificates for you by setting = true;</literal> in a virtualHost config. We first create self-signed
<literal><link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;</literal> in a virtualHost config. We placeholder certificates in place of the real ACME certs. The placeholder
first create self-signed placeholder certificates in place of the certs are overwritten when the ACME certs arrive. For
real ACME certs. The placeholder certs are overwritten when the ACME <literal>foo.example.com</literal> the config would look like.
certs arrive. For <literal>foo.example.com</literal> the config would </para>
look like.
</para>
<programlisting> <programlisting>
services.nginx = { services.nginx = {
@ -89,5 +95,5 @@ services.nginx = {
}; };
} }
</programlisting> </programlisting>
</section> </section>
</chapter> </chapter>

View File

@ -3,31 +3,26 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="sec-hidepid"> xml:id="sec-hidepid">
<title>Hiding process information</title>
<title>Hiding process information</title> <para>
Setting
<para>
Setting
<programlisting> <programlisting>
<xref linkend="opt-security.hideProcessInformation"/> = true; <xref linkend="opt-security.hideProcessInformation"/> = true;
</programlisting> </programlisting>
ensures that access to process information is restricted to the ensures that access to process information is restricted to the owning user.
owning user. This implies, among other things, that command-line This implies, among other things, that command-line arguments remain private.
arguments remain private. Unless your deployment relies on unprivileged Unless your deployment relies on unprivileged users being able to inspect the
users being able to inspect the process information of other users, this process information of other users, this option should be safe to enable.
option should be safe to enable. </para>
</para> <para>
Members of the <literal>proc</literal> group are exempt from process
<para> information hiding.
Members of the <literal>proc</literal> group are exempt from process </para>
information hiding. <para>
</para> To allow a service <replaceable>foo</replaceable> to run without process
information hiding, set
<para>
To allow a service <replaceable>foo</replaceable> to run without process information hiding, set
<programlisting> <programlisting>
<link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.<replaceable>foo</replaceable>.serviceConfig</link>.SupplementaryGroups = [ "proc" ]; <link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.<replaceable>foo</replaceable>.serviceConfig</link>.SupplementaryGroups = [ "proc" ];
</programlisting> </programlisting>
</para> </para>
</chapter> </chapter>

View File

@ -622,13 +622,6 @@ in {
type = types.bool; type = types.bool;
}; };
# TODO: remove this deprecated flag
cadvisorPort = mkOption {
description = "Kubernetes kubelet local cadvisor port.";
default = 4194;
type = types.int;
};
clusterDns = mkOption { clusterDns = mkOption {
description = "Use alternative DNS."; description = "Use alternative DNS.";
default = "10.1.0.1"; default = "10.1.0.1";
@ -862,7 +855,6 @@ in {
--hostname-override=${cfg.kubelet.hostname} \ --hostname-override=${cfg.kubelet.hostname} \
--allow-privileged=${boolToString cfg.kubelet.allowPrivileged} \ --allow-privileged=${boolToString cfg.kubelet.allowPrivileged} \
--root-dir=${cfg.dataDir} \ --root-dir=${cfg.dataDir} \
--cadvisor_port=${toString cfg.kubelet.cadvisorPort} \
${optionalString (cfg.kubelet.clusterDns != "") ${optionalString (cfg.kubelet.clusterDns != "")
"--cluster-dns=${cfg.kubelet.clusterDns}"} \ "--cluster-dns=${cfg.kubelet.clusterDns}"} \
${optionalString (cfg.kubelet.clusterDomain != "") ${optionalString (cfg.kubelet.clusterDomain != "")

View File

@ -3,42 +3,50 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-services-foundationdb"> xml:id="module-services-foundationdb">
<title>FoundationDB</title>
<para>
<emphasis>Source:</emphasis>
<filename>modules/services/databases/foundationdb.nix</filename>
</para>
<para>
<emphasis>Upstream documentation:</emphasis>
<link xlink:href="https://apple.github.io/foundationdb/"/>
</para>
<para>
<emphasis>Maintainer:</emphasis> Austin Seipp
</para>
<para>
<emphasis>Available version(s):</emphasis> 5.1.x, 5.2.x, 6.0.x
</para>
<para>
FoundationDB (or "FDB") is an open source, distributed, transactional
key-value store.
</para>
<section xml:id="module-services-foundationdb-configuring">
<title>Configuring and basic setup</title>
<title>FoundationDB</title> <para>
To enable FoundationDB, add the following to your
<para><emphasis>Source:</emphasis> <filename>modules/services/databases/foundationdb.nix</filename></para> <filename>configuration.nix</filename>:
<para><emphasis>Upstream documentation:</emphasis> <link xlink:href="https://apple.github.io/foundationdb/"/></para>
<para><emphasis>Maintainer:</emphasis> Austin Seipp</para>
<para><emphasis>Available version(s):</emphasis> 5.1.x, 5.2.x, 6.0.x</para>
<para>FoundationDB (or "FDB") is an open source, distributed, transactional
key-value store.</para>
<section xml:id="module-services-foundationdb-configuring"><title>Configuring and basic setup</title>
<para>To enable FoundationDB, add the following to your
<filename>configuration.nix</filename>:
<programlisting> <programlisting>
services.foundationdb.enable = true; services.foundationdb.enable = true;
services.foundationdb.package = pkgs.foundationdb52; # FoundationDB 5.2.x services.foundationdb.package = pkgs.foundationdb52; # FoundationDB 5.2.x
</programlisting> </programlisting>
</para> </para>
<para>The <option>services.foundationdb.package</option> option is required, <para>
and must always be specified. Due to the fact FoundationDB network protocols and The <option>services.foundationdb.package</option> option is required, and
on-disk storage formats may change between (major) versions, and upgrades must must always be specified. Due to the fact FoundationDB network protocols and
be explicitly handled by the user, you must always manually specify this on-disk storage formats may change between (major) versions, and upgrades
yourself so that the NixOS module will use the proper version. Note that minor, must be explicitly handled by the user, you must always manually specify
bugfix releases are always compatible.</para> this yourself so that the NixOS module will use the proper version. Note
that minor, bugfix releases are always compatible.
<para>After running <command>nixos-rebuild</command>, you can verify whether </para>
FoundationDB is running by executing <command>fdbcli</command> (which is added
to <option>environment.systemPackages</option>):
<para>
After running <command>nixos-rebuild</command>, you can verify whether
FoundationDB is running by executing <command>fdbcli</command> (which is
added to <option>environment.systemPackages</option>):
<programlisting> <programlisting>
$ sudo -u foundationdb fdbcli $ sudo -u foundationdb fdbcli
Using cluster file `/etc/foundationdb/fdb.cluster'. Using cluster file `/etc/foundationdb/fdb.cluster'.
@ -66,14 +74,14 @@ Cluster:
fdb> fdb>
</programlisting> </programlisting>
</para> </para>
<para>You can also write programs using the available client libraries.
For example, the following Python program can be run in order to grab the
cluster status, as a quick example. (This example uses
<command>nix-shell</command> shebang support to automatically supply the
necessary Python modules).
<para>
You can also write programs using the available client libraries. For
example, the following Python program can be run in order to grab the
cluster status, as a quick example. (This example uses
<command>nix-shell</command> shebang support to automatically supply the
necessary Python modules).
<programlisting> <programlisting>
a@link> cat fdb-status.py a@link> cat fdb-status.py
#! /usr/bin/env nix-shell #! /usr/bin/env nix-shell
@ -100,255 +108,336 @@ a@link> ./fdb-status.py
FoundationDB available: True FoundationDB available: True
a@link> a@link>
</programlisting> </programlisting>
</para> </para>
<para>FoundationDB is run under the <command>foundationdb</command> user and <para>
group by default, but this may be changed in the NixOS configuration. The FoundationDB is run under the <command>foundationdb</command> user and group
systemd unit <command>foundationdb.service</command> controls the by default, but this may be changed in the NixOS configuration. The systemd
<command>fdbmonitor</command> process.</para> unit <command>foundationdb.service</command> controls the
<command>fdbmonitor</command> process.
</para>
<para>By default, the NixOS module for FoundationDB creates a single <para>
SSD-storage based database for development and basic usage. This storage engine By default, the NixOS module for FoundationDB creates a single SSD-storage
is designed for SSDs and will perform poorly on HDDs; however it can handle far based database for development and basic usage. This storage engine is
more data than the alternative "memory" engine and is a better default choice designed for SSDs and will perform poorly on HDDs; however it can handle far
for most deployments. (Note that you can change the storage backend on-the-fly more data than the alternative "memory" engine and is a better default
for a given FoundationDB cluster using <command>fdbcli</command>.)</para> choice for most deployments. (Note that you can change the storage backend
on-the-fly for a given FoundationDB cluster using
<command>fdbcli</command>.)
</para>
<para>Furthermore, only 1 server process and 1 backup agent are started in the <para>
default configuration. See below for more on scaling to increase this.</para> Furthermore, only 1 server process and 1 backup agent are started in the
default configuration. See below for more on scaling to increase this.
<para>FoundationDB stores all data for all server processes under </para>
<filename>/var/lib/foundationdb</filename>. You can override this using
<option>services.foundationdb.dataDir</option>, e.g.
<para>
FoundationDB stores all data for all server processes under
<filename>/var/lib/foundationdb</filename>. You can override this using
<option>services.foundationdb.dataDir</option>, e.g.
<programlisting> <programlisting>
services.foundationdb.dataDir = "/data/fdb"; services.foundationdb.dataDir = "/data/fdb";
</programlisting> </programlisting>
</para>
</para> <para>
Similarly, logs are stored under <filename>/var/log/foundationdb</filename>
by default, and there is a corresponding
<option>services.foundationdb.logDir</option> as well.
</para>
</section>
<section xml:id="module-services-foundationdb-scaling">
<title>Scaling processes and backup agents</title>
<para>Similarly, logs are stored under <para>
<filename>/var/log/foundationdb</filename> by default, and there is a Scaling the number of server processes is quite easy; simply specify
corresponding <option>services.foundationdb.logDir</option> as well.</para> <option>services.foundationdb.serverProcesses</option> to be the number of
FoundationDB worker processes that should be started on the machine.
</para>
</section> <para>
FoundationDB worker processes typically require 4GB of RAM per-process at
minimum for good performance, so this option is set to 1 by default since
the maximum amount of RAM is unknown. You're advised to abide by this
restriction, so pick a number of processes so that each has 4GB or more.
</para>
<section xml:id="module-services-foundationdb-scaling"><title>Scaling processes and backup agents</title> <para>
A similar option exists in order to scale backup agent processes,
<option>services.foundationdb.backupProcesses</option>. Backup agents are
not as performance/RAM sensitive, so feel free to experiment with the number
of available backup processes.
</para>
</section>
<section xml:id="module-services-foundationdb-clustering">
<title>Clustering</title>
<para>Scaling the number of server processes is quite easy; simply specify <para>
<option>services.foundationdb.serverProcesses</option> to be the number of FoundationDB on NixOS works similarly to other Linux systems, so this
FoundationDB worker processes that should be started on the machine.</para> section will be brief. Please refer to the full FoundationDB documentation
for more on clustering.
</para>
<para>FoundationDB worker processes typically require 4GB of RAM per-process at <para>
minimum for good performance, so this option is set to 1 by default since the FoundationDB organizes clusters using a set of
maximum amount of RAM is unknown. You're advised to abide by this restriction, <emphasis>coordinators</emphasis>, which are just specially-designated
so pick a number of processes so that each has 4GB or more.</para> worker processes. By default, every installation of FoundationDB on NixOS
will start as its own individual cluster, with a single coordinator: the
first worker process on <command>localhost</command>.
</para>
<para>A similar option exists in order to scale backup agent processes, <para>
<option>services.foundationdb.backupProcesses</option>. Backup agents are not Coordinators are specified globally using the
as performance/RAM sensitive, so feel free to experiment with the number of <command>/etc/foundationdb/fdb.cluster</command> file, which all servers and
available backup processes.</para> client applications will use to find and join coordinators. Note that this
file <emphasis>can not</emphasis> be managed by NixOS so easily:
FoundationDB is designed so that it will rewrite the file at runtime for all
clients and nodes when cluster coordinators change, with clients
transparently handling this without intervention. It is fundamentally a
mutable file, and you should not try to manage it in any way in NixOS.
</para>
</section> <para>
When dealing with a cluster, there are two main things you want to do:
</para>
<section xml:id="module-services-foundationdb-clustering"><title>Clustering</title> <itemizedlist>
<listitem>
<para>
Add a node to the cluster for storage/compute.
</para>
</listitem>
<listitem>
<para>
Promote an ordinary worker to a coordinator.
</para>
</listitem>
</itemizedlist>
<para>FoundationDB on NixOS works similarly to other Linux systems, so this <para>
section will be brief. Please refer to the full FoundationDB documentation for A node must already be a member of the cluster in order to properly be
more on clustering.</para> promoted to a coordinator, so you must always add it first if you wish to
promote it.
</para>
<para>FoundationDB organizes clusters using a set of <para>
<emphasis>coordinators</emphasis>, which are just specially-designated worker To add a machine to a FoundationDB cluster:
processes. By default, every installation of FoundationDB on NixOS will start </para>
as its own individual cluster, with a single coordinator: the first worker
process on <command>localhost</command>.</para>
<para>Coordinators are specified globally using the <itemizedlist>
<command>/etc/foundationdb/fdb.cluster</command> file, which all servers and <listitem>
client applications will use to find and join coordinators. Note that this file <para>
<emphasis>can not</emphasis> be managed by NixOS so easily: FoundationDB is Choose one of the servers to start as the initial coordinator.
designed so that it will rewrite the file at runtime for all clients and nodes </para>
when cluster coordinators change, with clients transparently handling this </listitem>
without intervention. It is fundamentally a mutable file, and you should not <listitem>
try to manage it in any way in NixOS.</para> <para>
Copy the <command>/etc/foundationdb/fdb.cluster</command> file from this
server to all the other servers. Restart FoundationDB on all of these
other servers, so they join the cluster.
</para>
</listitem>
<listitem>
<para>
All of these servers are now connected and working together in the
cluster, under the chosen coordinator.
</para>
</listitem>
</itemizedlist>
<para>When dealing with a cluster, there are two main things you want to <para>
do:</para> At this point, you can add as many nodes as you want by just repeating the
above steps. By default there will still be a single coordinator: you can
use <command>fdbcli</command> to change this and add new coordinators.
</para>
<itemizedlist> <para>
<listitem><para>Add a node to the cluster for storage/compute.</para></listitem> As a convenience, FoundationDB can automatically assign coordinators based
<listitem><para>Promote an ordinary worker to a coordinator.</para></listitem> on the redundancy mode you wish to achieve for the cluster. Once all the
</itemizedlist> nodes have been joined, simply set the replication policy, and then issue
the <command>coordinators auto</command> command
</para>
<para>A node must already be a member of the cluster in order to properly be <para>
promoted to a coordinator, so you must always add it first if you wish to For example, assuming we have 3 nodes available, we can enable double
promote it.</para> redundancy mode, then auto-select coordinators. For double redundancy, 3
coordinators is ideal: therefore FoundationDB will make
<para>To add a machine to a FoundationDB cluster:</para> <emphasis>every</emphasis> node a coordinator automatically:
</para>
<itemizedlist>
<listitem><para>Choose one of the servers to start as the initial coordinator.
</para></listitem>
<listitem><para>Copy the <command>/etc/foundationdb/fdb.cluster</command> file
from this server to all the other servers. Restart FoundationDB on all of
these other servers, so they join the cluster.</para></listitem>
<listitem><para>All of these servers are now connected and working together
in the cluster, under the chosen coordinator.</para></listitem>
</itemizedlist>
<para>At this point, you can add as many nodes as you want by just repeating
the above steps. By default there will still be a single coordinator: you can
use <command>fdbcli</command> to change this and add new coordinators.</para>
<para>As a convenience, FoundationDB can automatically assign coordinators
based on the redundancy mode you wish to achieve for the cluster. Once all the
nodes have been joined, simply set the replication policy, and then issue the
<command>coordinators auto</command> command</para>
<para>For example, assuming we have 3 nodes available, we can enable double
redundancy mode, then auto-select coordinators. For double redundancy, 3
coordinators is ideal: therefore FoundationDB will make
<emphasis>every</emphasis> node a coordinator automatically:</para>
<programlisting> <programlisting>
fdbcli> configure double ssd fdbcli> configure double ssd
fdbcli> coordinators auto fdbcli> coordinators auto
</programlisting> </programlisting>
<para>This will transparently update all the servers within seconds, and <para>
appropriately rewrite the <command>fdb.cluster</command> file, as well as This will transparently update all the servers within seconds, and
informing all client processes to do the same.</para> appropriately rewrite the <command>fdb.cluster</command> file, as well as
informing all client processes to do the same.
</para>
</section>
<section xml:id="module-services-foundationdb-connectivity">
<title>Client connectivity</title>
</section> <para>
By default, all clients must use the current <command>fdb.cluster</command>
file to access a given FoundationDB cluster. This file is located by default
in <command>/etc/foundationdb/fdb.cluster</command> on all machines with the
FoundationDB service enabled, so you may copy the active one from your
cluster to a new node in order to connect, if it is not part of the cluster.
</para>
</section>
<section xml:id="module-services-foundationdb-authorization">
<title>Client authorization and TLS</title>
<section xml:id="module-services-foundationdb-connectivity"><title>Client connectivity</title> <para>
By default, any user who can connect to a FoundationDB process with the
correct cluster configuration can access anything. FoundationDB uses a
pluggable design to transport security, and out of the box it supports a
LibreSSL-based plugin for TLS support. This plugin not only does in-flight
encryption, but also performs client authorization based on the given
endpoint's certificate chain. For example, a FoundationDB server may be
configured to only accept client connections over TLS, where the client TLS
certificate is from organization <emphasis>Acme Co</emphasis> in the
<emphasis>Research and Development</emphasis> unit.
</para>
<para>By default, all clients must use the current <para>
<command>fdb.cluster</command> file to access a given FoundationDB cluster. Configuring TLS with FoundationDB is done using the
This file is located by default in <option>services.foundationdb.tls</option> options in order to control the
<command>/etc/foundationdb/fdb.cluster</command> on all machines with the peer verification string, as well as the certificate and its private key.
FoundationDB service enabled, so you may copy the active one from your cluster </para>
to a new node in order to connect, if it is not part of the cluster.</para>
</section> <para>
Note that the certificate and its private key must be accessible to the
FoundationDB user account that the server runs under. These files are also
NOT managed by NixOS, as putting them into the store may reveal private
information.
</para>
<section xml:id="module-services-foundationdb-authorization"><title>Client authorization and TLS</title> <para>
After you have a key and certificate file in place, it is not enough to
<para>By default, any user who can connect to a FoundationDB process with the simply set the NixOS module options -- you must also configure the
correct cluster configuration can access anything. FoundationDB uses a <command>fdb.cluster</command> file to specify that a given set of
pluggable design to transport security, and out of the box it supports a coordinators use TLS. This is as simple as adding the suffix
LibreSSL-based plugin for TLS support. This plugin not only does in-flight <command>:tls</command> to your cluster coordinator configuration, after the
encryption, but also performs client authorization based on the given port number. For example, assuming you have a coordinator on localhost with
endpoint's certificate chain. For example, a FoundationDB server may be the default configuration, simply specifying:
configured to only accept client connections over TLS, where the client TLS </para>
certificate is from organization <emphasis>Acme Co</emphasis> in the
<emphasis>Research and Development</emphasis> unit.</para>
<para>Configuring TLS with FoundationDB is done using the
<option>services.foundationdb.tls</option> options in order to control the peer
verification string, as well as the certificate and its private key.</para>
<para>Note that the certificate and its private key must be accessible to the
FoundationDB user account that the server runs under. These files are also NOT
managed by NixOS, as putting them into the store may reveal private
information.</para>
<para>After you have a key and certificate file in place, it is not enough to
simply set the NixOS module options -- you must also configure the
<command>fdb.cluster</command> file to specify that a given set of coordinators
use TLS. This is as simple as adding the suffix <command>:tls</command> to your
cluster coordinator configuration, after the port number. For example, assuming
you have a coordinator on localhost with the default configuration, simply
specifying:</para>
<programlisting> <programlisting>
XXXXXX:XXXXXX@127.0.0.1:4500:tls XXXXXX:XXXXXX@127.0.0.1:4500:tls
</programlisting> </programlisting>
<para>will configure all clients and server processes to use TLS from now <para>
on.</para> will configure all clients and server processes to use TLS from now on.
</para>
</section>
<section xml:id="module-services-foundationdb-disaster-recovery">
<title>Backups and Disaster Recovery</title>
</section> <para>
The usual rules for doing FoundationDB backups apply on NixOS as written in
the FoundationDB manual. However, one important difference is the security
profile for NixOS: by default, the <command>foundationdb</command> systemd
unit uses <emphasis>Linux namespaces</emphasis> to restrict write access to
the system, except for the log directory, data directory, and the
<command>/etc/foundationdb/</command> directory. This is enforced by default
and cannot be disabled.
</para>
<section xml:id="module-services-foundationdb-disaster-recovery"><title>Backups and Disaster Recovery</title> <para>
However, a side effect of this is that the <command>fdbbackup</command>
command doesn't work properly for local filesystem backups: FoundationDB
uses a server process alongside the database processes to perform backups
and copy the backups to the filesystem. As a result, this process is put
under the restricted namespaces above: the backup process can only write to
a limited number of paths.
</para>
<para>The usual rules for doing FoundationDB backups apply on NixOS as written <para>
in the FoundationDB manual. However, one important difference is the security In order to allow flexible backup locations on local disks, the FoundationDB
profile for NixOS: by default, the <command>foundationdb</command> systemd unit NixOS module supports a
uses <emphasis>Linux namespaces</emphasis> to restrict write access to the <option>services.foundationdb.extraReadWritePaths</option> option. This
system, except for the log directory, data directory, and the option takes a list of paths, and adds them to the systemd unit, allowing
<command>/etc/foundationdb/</command> directory. This is enforced by default the processes inside the service to write (and read) the specified
and cannot be disabled.</para> directories.
</para>
<para>However, a side effect of this is that the <command>fdbbackup</command> <para>
command doesn't work properly for local filesystem backups: FoundationDB uses a For example, to create backups in <command>/opt/fdb-backups</command>, first
server process alongside the database processes to perform backups and copy the set up the paths in the module options:
backups to the filesystem. As a result, this process is put under the </para>
restricted namespaces above: the backup process can only write to a limited
number of paths.</para>
<para>In order to allow flexible backup locations on local disks, the
FoundationDB NixOS module supports a
<option>services.foundationdb.extraReadWritePaths</option> option. This option
takes a list of paths, and adds them to the systemd unit, allowing the
processes inside the service to write (and read) the specified
directories.</para>
<para>For example, to create backups in <command>/opt/fdb-backups</command>,
first set up the paths in the module options:</para>
<programlisting> <programlisting>
services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ]; services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ];
</programlisting> </programlisting>
<para>Restart the FoundationDB service, and it will now be able to write to <para>
this directory (even if it does not yet exist.) Note: this path Restart the FoundationDB service, and it will now be able to write to this
<emphasis>must</emphasis> exist before restarting the unit. Otherwise, systemd directory (even if it does not yet exist.) Note: this path
will not include it in the private FoundationDB namespace (and it will not add <emphasis>must</emphasis> exist before restarting the unit. Otherwise,
it dynamically at runtime).</para> systemd will not include it in the private FoundationDB namespace (and it
will not add it dynamically at runtime).
</para>
<para>You can now perform a backup:</para> <para>
You can now perform a backup:
</para>
<programlisting> <programlisting>
$ sudo -u foundationdb fdbbackup start -t default -d file:///opt/fdb-backups $ sudo -u foundationdb fdbbackup start -t default -d file:///opt/fdb-backups
$ sudo -u foundationdb fdbbackup status -t default $ sudo -u foundationdb fdbbackup status -t default
</programlisting> </programlisting>
</section>
<section xml:id="module-services-foundationdb-limitations">
<title>Known limitations</title>
</section> <para>
The FoundationDB setup for NixOS should currently be considered beta.
FoundationDB is not new software, but the NixOS compilation and integration
has only undergone fairly basic testing of all the available functionality.
</para>
<section xml:id="module-services-foundationdb-limitations"><title>Known limitations</title> <itemizedlist>
<listitem>
<para>
There is no way to specify individual parameters for individual
<command>fdbserver</command> processes. Currently, all server processes
inherit all the global <command>fdbmonitor</command> settings.
</para>
</listitem>
<listitem>
<para>
Ruby bindings are not currently installed.
</para>
</listitem>
<listitem>
<para>
Go bindings are not currently installed.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="module-services-foundationdb-options">
<title>Options</title>
<para>The FoundationDB setup for NixOS should currently be considered beta. <para>
FoundationDB is not new software, but the NixOS compilation and integration has NixOS's FoundationDB module allows you to configure all of the most relevant
only undergone fairly basic testing of all the available functionality.</para> configuration options for <command>fdbmonitor</command>, matching it quite
closely. A complete list of options for the FoundationDB module may be found
<itemizedlist> <link linkend="opt-services.foundationdb.enable">here</link>. You should
<listitem><para>There is no way to specify individual parameters for also read the FoundationDB documentation as well.
individual <command>fdbserver</command> processes. Currently, all server </para>
processes inherit all the global <command>fdbmonitor</command> settings. </section>
</para></listitem> <section xml:id="module-services-foundationdb-full-docs">
<listitem><para>Ruby bindings are not currently installed.</para></listitem> <title>Full documentation</title>
<listitem><para>Go bindings are not currently installed.</para></listitem>
</itemizedlist>
</section>
<section xml:id="module-services-foundationdb-options"><title>Options</title>
<para>NixOS's FoundationDB module allows you to configure all of the most
relevant configuration options for <command>fdbmonitor</command>, matching it
quite closely. A complete list of options for the FoundationDB module may be
found <link linkend="opt-services.foundationdb.enable">here</link>. You should
also read the FoundationDB documentation as well.</para>
</section>
<section xml:id="module-services-foundationdb-full-docs"><title>Full documentation</title>
<para>FoundationDB is a complex piece of software, and requires careful
administration to properly use. Full documentation for administration can be
found here: <link xlink:href="https://apple.github.io/foundationdb/"/>.</para>
</section>
<para>
FoundationDB is a complex piece of software, and requires careful
administration to properly use. Full documentation for administration can be
found here: <link xlink:href="https://apple.github.io/foundationdb/"/>.
</para>
</section>
</chapter> </chapter>

View File

@ -3,36 +3,39 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-postgresql"> xml:id="module-postgresql">
<title>PostgreSQL</title>
<title>PostgreSQL</title>
<!-- FIXME: render nicely --> <!-- FIXME: render nicely -->
<!-- FIXME: source can be added automatically --> <!-- FIXME: source can be added automatically -->
<para><emphasis>Source:</emphasis> <filename>modules/services/databases/postgresql.nix</filename></para> <para>
<emphasis>Source:</emphasis>
<para><emphasis>Upstream documentation:</emphasis> <link xlink:href="http://www.postgresql.org/docs/"/></para> <filename>modules/services/databases/postgresql.nix</filename>
</para>
<para>
<emphasis>Upstream documentation:</emphasis>
<link xlink:href="http://www.postgresql.org/docs/"/>
</para>
<!-- FIXME: more stuff, like maintainer? --> <!-- FIXME: more stuff, like maintainer? -->
<para>
PostgreSQL is an advanced, free relational database.
<!-- MORE -->
</para>
<section xml:id="module-services-postgres-configuring">
<title>Configuring</title>
<para>PostgreSQL is an advanced, free relational database.<!-- MORE --></para> <para>
To enable PostgreSQL, add the following to your
<section xml:id="module-services-postgres-configuring"><title>Configuring</title> <filename>configuration.nix</filename>:
<para>To enable PostgreSQL, add the following to your
<filename>configuration.nix</filename>:
<programlisting> <programlisting>
<xref linkend="opt-services.postgresql.enable"/> = true; <xref linkend="opt-services.postgresql.enable"/> = true;
<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql94; <xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql94;
</programlisting> </programlisting>
Note that you are required to specify the desired version of PostgreSQL
Note that you are required to specify the desired version of (e.g. <literal>pkgs.postgresql94</literal>). Since upgrading your PostgreSQL
PostgreSQL (e.g. <literal>pkgs.postgresql94</literal>). Since version requires a database dump and reload (see below), NixOS cannot
upgrading your PostgreSQL version requires a database dump and reload provide a default value for
(see below), NixOS cannot provide a default value for <xref linkend="opt-services.postgresql.package"/> such as the most recent
<xref linkend="opt-services.postgresql.package"/> such as the most recent release of PostgreSQL.
release of PostgreSQL.</para> </para>
<!-- <!--
<para>After running <command>nixos-rebuild</command>, you can verify <para>After running <command>nixos-rebuild</command>, you can verify
@ -47,31 +50,28 @@ alice=>
</screen> </screen>
--> -->
<para>By default, PostgreSQL stores its databases in <para>
<filename>/var/db/postgresql</filename>. You can override this using By default, PostgreSQL stores its databases in
<xref linkend="opt-services.postgresql.dataDir"/>, e.g. <filename>/var/db/postgresql</filename>. You can override this using
<xref linkend="opt-services.postgresql.dataDir"/>, e.g.
<programlisting> <programlisting>
<xref linkend="opt-services.postgresql.dataDir"/> = "/data/postgresql"; <xref linkend="opt-services.postgresql.dataDir"/> = "/data/postgresql";
</programlisting> </programlisting>
</para>
</section>
<section xml:id="module-services-postgres-upgrading">
<title>Upgrading</title>
</para> <para>
FIXME: document dump/upgrade/load cycle.
</section> </para>
</section>
<section xml:id="module-services-postgres-options">
<section xml:id="module-services-postgres-upgrading"><title>Upgrading</title> <title>Options</title>
<para>FIXME: document dump/upgrade/load cycle.</para>
</section>
<section xml:id="module-services-postgres-options"><title>Options</title>
<para>A complete list of options for the PostgreSQL module may be found <link linkend="opt-services.postgresql.enable">here</link>.</para>
</section>
<para>
A complete list of options for the PostgreSQL module may be found
<link linkend="opt-services.postgresql.enable">here</link>.
</para>
</section>
</chapter> </chapter>

View File

@ -3,51 +3,54 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-services-flatpak"> xml:id="module-services-flatpak">
<title>Flatpak</title>
<title>Flatpak</title> <para>
<emphasis>Source:</emphasis>
<para><emphasis>Source:</emphasis> <filename>modules/services/desktop/flatpak.nix</filename></para> <filename>modules/services/desktop/flatpak.nix</filename>
</para>
<para><emphasis>Upstream documentation:</emphasis> <link xlink:href="https://github.com/flatpak/flatpak/wiki"/></para> <para>
<emphasis>Upstream documentation:</emphasis>
<para>Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.</para> <link xlink:href="https://github.com/flatpak/flatpak/wiki"/>
</para>
<para> <para>
To enable Flatpak, add the following to your <filename>configuration.nix</filename>: Flatpak is a system for building, distributing, and running sandboxed desktop
applications on Linux.
<programlisting> </para>
<para>
To enable Flatpak, add the following to your
<filename>configuration.nix</filename>:
<programlisting>
<xref linkend="opt-services.flatpak.enable"/> = true; <xref linkend="opt-services.flatpak.enable"/> = true;
</programlisting> </programlisting>
</para> </para>
<para>
<para> For the sandboxed apps to work correctly, desktop integration portals need to
For the sandboxed apps to work correctly, desktop integration portals need to be installed. If you run GNOME, this will be handled automatically for you; in other cases, you will need to add something like the following to your <filename>configuration.nix</filename>: be installed. If you run GNOME, this will be handled automatically for you;
in other cases, you will need to add something like the following to your
<programlisting> <filename>configuration.nix</filename>:
<programlisting>
<xref linkend="opt-services.flatpak.extraPortals"/> = [ pkgs.xdg-desktop-portal-gtk ]; <xref linkend="opt-services.flatpak.extraPortals"/> = [ pkgs.xdg-desktop-portal-gtk ];
</programlisting> </programlisting>
</para> </para>
<para>
<para> Then, you will need to add a repository, for example,
Then, you will need to add a repository, for example, <link xlink:href="https://github.com/flatpak/flatpak/wiki">Flathub</link>, either using the following commands: <link xlink:href="https://github.com/flatpak/flatpak/wiki">Flathub</link>,
either using the following commands:
<programlisting> <programlisting>
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak update flatpak update
</programlisting> </programlisting>
or by opening the
or by opening the <link xlink:href="https://flathub.org/repo/flathub.flatpakrepo">repository file</link> in GNOME Software. <link xlink:href="https://flathub.org/repo/flathub.flatpakrepo">repository
</para> file</link> in GNOME Software.
</para>
<para> <para>
Finally, you can search and install programs: Finally, you can search and install programs:
<programlisting>
<programlisting>
flatpak search bustle flatpak search bustle
flatpak install flathub org.freedesktop.Bustle flatpak install flathub org.freedesktop.Bustle
flatpak run org.freedesktop.Bustle flatpak run org.freedesktop.Bustle
</programlisting> </programlisting>
Again, GNOME Software offers graphical interface for these tasks. Again, GNOME Software offers graphical interface for these tasks.
</para> </para>
</chapter> </chapter>

View File

@ -3,150 +3,148 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-services-emacs"> xml:id="module-services-emacs">
<title>Emacs</title>
<title>Emacs</title> <!--
<!--
Documentation contributors: Documentation contributors:
Damien Cassou @DamienCassou Damien Cassou @DamienCassou
Thomas Tuegel @ttuegel Thomas Tuegel @ttuegel
Rodney Lorrimar @rvl Rodney Lorrimar @rvl
--> -->
<para>
<link xlink:href="http://www.gnu.org/software/emacs/">Emacs</link> is an
extensible, customizable, self-documenting real-time display editor — and
more. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp
programming language with extensions to support text editing.
</para>
<para>
Emacs runs within a graphical desktop environment using the X Window System,
but works equally well on a text terminal. Under
<productname>macOS</productname>, a "Mac port" edition is available, which
uses Apple's native GUI frameworks.
</para>
<para>
<productname>Nixpkgs</productname> provides a superior environment for
running <application>Emacs</application>. It's simple to create custom builds
by overriding the default packages. Chaotic collections of Emacs Lisp code
and extensions can be brought under control using declarative package
management. <productname>NixOS</productname> even provides a
<command>systemd</command> user service for automatically starting the Emacs
daemon.
</para>
<section xml:id="module-services-emacs-installing">
<title>Installing <application>Emacs</application></title>
<para> <para>
<link xlink:href="http://www.gnu.org/software/emacs/">Emacs</link> Emacs can be installed in the normal way for Nix (see
is an extensible, customizable, self-documenting real-time display <xref linkend="sec-package-management" />). In addition, a NixOS
editor — and more. At its core is an interpreter for Emacs Lisp, a <emphasis>service</emphasis> can be enabled.
dialect of the Lisp programming language with extensions to
support text editing.
</para> </para>
<para> <section xml:id="module-services-emacs-releases">
Emacs runs within a graphical desktop environment using the X <title>The Different Releases of Emacs</title>
Window System, but works equally well on a text terminal. Under
<productname>macOS</productname>, a "Mac port" edition is
available, which uses Apple's native GUI frameworks.
</para>
<para> <para>
<productname>Nixpkgs</productname> provides a superior environment <productname>Nixpkgs</productname> defines several basic Emacs packages.
for running <application>Emacs</application>. It's simple to The following are attributes belonging to the <varname>pkgs</varname> set:
create custom builds by overriding the default packages. Chaotic <variablelist>
collections of Emacs Lisp code and extensions can be brought under <varlistentry>
control using declarative package <term>
management. <productname>NixOS</productname> even provides a <varname>emacs</varname>
<command>systemd</command> user service for automatically </term>
starting the Emacs daemon. <term>
</para> <varname>emacs25</varname>
</term>
<listitem>
<para>
The latest stable version of Emacs 25 using the
<link
xlink:href="http://www.gtk.org">GTK+ 2</link>
widget toolkit.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>emacs25-nox</varname>
</term>
<listitem>
<para>
Emacs 25 built without any dependency on X11 libraries.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>emacsMacport</varname>
</term>
<term>
<varname>emacs25Macport</varname>
</term>
<listitem>
<para>
Emacs 25 with the "Mac port" patches, providing a more native look and
feel under macOS.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
<section xml:id="module-services-emacs-installing"> <para>
<title>Installing <application>Emacs</application></title> If those aren't suitable, then the following imitation Emacs editors are
also available in Nixpkgs:
<link xlink:href="https://www.gnu.org/software/zile/">Zile</link>,
<link xlink:href="http://homepage.boetes.org/software/mg/">mg</link>,
<link xlink:href="http://yi-editor.github.io/">Yi</link>.
</para>
</section>
<para> <section xml:id="module-services-emacs-adding-packages">
Emacs can be installed in the normal way for Nix (see <title>Adding Packages to Emacs</title>
<xref linkend="sec-package-management" />).
In addition, a NixOS <emphasis>service</emphasis>
can be enabled.
</para>
<section xml:id="module-services-emacs-releases"> <para>
<title>The Different Releases of Emacs</title> Emacs includes an entire ecosystem of functionality beyond text editing,
including a project planner, mail and news reader, debugger interface,
calendar, and more.
</para>
<para> <para>
<productname>Nixpkgs</productname> defines several basic Emacs Most extensions are gotten with the Emacs packaging system
packages. The following are attributes belonging to the (<filename>package.el</filename>) from
<varname>pkgs</varname> set: <link
<variablelist>
<varlistentry>
<term><varname>emacs</varname></term>
<term><varname>emacs25</varname></term>
<listitem>
<para>
The latest stable version of Emacs 25 using the <link
xlink:href="http://www.gtk.org">GTK+ 2</link> widget
toolkit.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>emacs25-nox</varname></term>
<listitem>
<para>
Emacs 25 built without any dependency on X11
libraries.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>emacsMacport</varname></term>
<term><varname>emacs25Macport</varname></term>
<listitem>
<para>
Emacs 25 with the "Mac port" patches, providing a more
native look and feel under macOS.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
<para>
If those aren't suitable, then the following imitation Emacs
editors are also available in Nixpkgs:
<link xlink:href="https://www.gnu.org/software/zile/">Zile</link>,
<link xlink:href="http://homepage.boetes.org/software/mg/">mg</link>,
<link xlink:href="http://yi-editor.github.io/">Yi</link>.
</para>
</section>
<section xml:id="module-services-emacs-adding-packages">
<title>Adding Packages to Emacs</title>
<para>
Emacs includes an entire ecosystem of functionality beyond
text editing, including a project planner, mail and news
reader, debugger interface, calendar, and more.
</para>
<para>
Most extensions are gotten with the Emacs packaging system
(<filename>package.el</filename>) from <link
xlink:href="https://elpa.gnu.org/">Emacs Lisp Package Archive xlink:href="https://elpa.gnu.org/">Emacs Lisp Package Archive
(<acronym>ELPA</acronym>)</link>, (<acronym>ELPA</acronym>)</link>,
<link xlink:href="https://melpa.org/"><acronym>MELPA</acronym></link>, <link xlink:href="https://melpa.org/"><acronym>MELPA</acronym></link>,
<link xlink:href="https://stable.melpa.org/">MELPA Stable</link>, <link xlink:href="https://stable.melpa.org/">MELPA Stable</link>, and
and <link xlink:href="http://orgmode.org/elpa.html">Org ELPA</link>. <link xlink:href="http://orgmode.org/elpa.html">Org ELPA</link>. Nixpkgs is
Nixpkgs is regularly updated to mirror all these archives. regularly updated to mirror all these archives.
</para> </para>
<para> <para>
Under NixOS, you can continue to use Under NixOS, you can continue to use
<function>package-list-packages</function> and <function>package-list-packages</function> and
<function>package-install</function> to install packages. You <function>package-install</function> to install packages. You can also
can also declare the set of Emacs packages you need using the declare the set of Emacs packages you need using the derivations from
derivations from Nixpkgs. The rest of this section discusses Nixpkgs. The rest of this section discusses declarative installation of
declarative installation of Emacs packages through nixpkgs. Emacs packages through nixpkgs.
</para> </para>
<note> <note>
<para> <para>
This documentation describes the new Emacs packages This documentation describes the new Emacs packages framework in NixOS
framework in NixOS 16.03 16.03 (<varname>emacsPackagesNg</varname>) which should not be confused
(<varname>emacsPackagesNg</varname>) which should not be with the previous and deprecated framework
confused with the previous and deprecated framework (<varname>emacs24Packages</varname>).
(<varname>emacs24Packages</varname>). </para>
</para> </note>
</note>
<para> <para>
The first step to declare the list of packages you want in The first step to declare the list of packages you want in your Emacs
your Emacs installation is to create a dedicated installation is to create a dedicated derivation. This can be done in a
derivation. This can be done in a dedicated dedicated <filename>emacs.nix</filename> file such as:
<filename>emacs.nix</filename> file such as: <example xml:id="ex-emacsNix">
<title>Nix expression to build Emacs with packages (<filename>emacs.nix</filename>)</title>
<example xml:id="ex-emacsNix"> <programlisting language="nix">
<title>Nix expression to build Emacs with packages (<filename>emacs.nix</filename>)</title>
<programlisting language="nix">
/* /*
This is a nix expression to build Emacs and some Emacs packages I like This is a nix expression to build Emacs and some Emacs packages I like
from source on any distribution where Nix is installed. This will install from source on any distribution where Nix is installed. This will install
@ -181,119 +179,104 @@ in
pkgs.notmuch # From main packages set <co xml:id="ex-emacsNix-7" /> pkgs.notmuch # From main packages set <co xml:id="ex-emacsNix-7" />
]) ])
</programlisting> </programlisting>
</example> </example>
<calloutlist>
<calloutlist> <callout arearefs="ex-emacsNix-1">
<callout arearefs="ex-emacsNix-1">
<para>
The first non-comment line in this file
(<literal>{ pkgs ? ... }</literal>)
indicates that the whole file represents a function.
</para>
</callout>
<callout arearefs="ex-emacsNix-2">
<para>
The <varname>let</varname> expression below defines a
<varname>myEmacs</varname> binding pointing to the current
stable version of Emacs. This binding is here to separate the
choice of the Emacs binary from the specification of the
required packages.
</para>
</callout>
<callout arearefs="ex-emacsNix-3">
<para>
This generates an <varname>emacsWithPackages</varname>
function. It takes a single argument: a function from a
package set to a list of packages (the packages that will
be available in Emacs).
</para>
</callout>
<callout arearefs="ex-emacsNix-4">
<para>
The rest of the file specifies the list of packages to
install. In the example, two packages
(<varname>magit</varname> and
<varname>zerodark-theme</varname>) are taken from MELPA
stable.
</para>
</callout>
<callout arearefs="ex-emacsNix-5">
<para>
Two packages (<varname>undo-tree</varname> and
<varname>zoom-frm</varname>) are taken from MELPA.
</para>
</callout>
<callout arearefs="ex-emacsNix-6">
<para>Three packages are taken from GNU ELPA.</para>
</callout>
<callout arearefs="ex-emacsNix-7">
<para>
<varname>notmuch</varname> is taken from a nixpkgs derivation
which contains an Emacs mode.
</para>
</callout>
</calloutlist>
</para>
<para> <para>
The result of this configuration will be an The first non-comment line in this file (<literal>{ pkgs ? ...
<command>emacs</command> command which launches Emacs with all }</literal>) indicates that the whole file represents a function.
of your chosen packages in the <varname>load-path</varname>.
</para> </para>
</callout>
<callout arearefs="ex-emacsNix-2">
<para> <para>
You can check that it works by executing this in a terminal: The <varname>let</varname> expression below defines a
<varname>myEmacs</varname> binding pointing to the current stable
version of Emacs. This binding is here to separate the choice of the
Emacs binary from the specification of the required packages.
</para>
</callout>
<callout arearefs="ex-emacsNix-3">
<para>
This generates an <varname>emacsWithPackages</varname> function. It
takes a single argument: a function from a package set to a list of
packages (the packages that will be available in Emacs).
</para>
</callout>
<callout arearefs="ex-emacsNix-4">
<para>
The rest of the file specifies the list of packages to install. In the
example, two packages (<varname>magit</varname> and
<varname>zerodark-theme</varname>) are taken from MELPA stable.
</para>
</callout>
<callout arearefs="ex-emacsNix-5">
<para>
Two packages (<varname>undo-tree</varname> and
<varname>zoom-frm</varname>) are taken from MELPA.
</para>
</callout>
<callout arearefs="ex-emacsNix-6">
<para>
Three packages are taken from GNU ELPA.
</para>
</callout>
<callout arearefs="ex-emacsNix-7">
<para>
<varname>notmuch</varname> is taken from a nixpkgs derivation which
contains an Emacs mode.
</para>
</callout>
</calloutlist>
</para>
<para>
The result of this configuration will be an <command>emacs</command>
command which launches Emacs with all of your chosen packages in the
<varname>load-path</varname>.
</para>
<para>
You can check that it works by executing this in a terminal:
<screen> <screen>
$ nix-build emacs.nix $ nix-build emacs.nix
$ ./result/bin/emacs -q $ ./result/bin/emacs -q
</screen> </screen>
and then typing <literal>M-x package-initialize</literal>. Check that you
can use all the packages you want in this Emacs instance. For example, try
switching to the zerodark theme through <literal>M-x load-theme &lt;RET&gt;
zerodark &lt;RET&gt; y</literal>.
</para>
and then typing <literal>M-x package-initialize</literal>. <tip>
Check that you can use all the packages you want in this <para>
Emacs instance. For example, try switching to the zerodark A few popular extensions worth checking out are: auctex, company,
theme through edit-server, flycheck, helm, iedit, magit, multiple-cursors, projectile,
<literal>M-x load-theme &lt;RET&gt; zerodark &lt;RET&gt; y</literal>. and yasnippet.
</para> </para>
</tip>
<tip> <para>
<para> The list of available packages in the various ELPA repositories can be seen
A few popular extensions worth checking out are: auctex, with the following commands:
company, edit-server, flycheck, helm, iedit, magit, <example xml:id="module-services-emacs-querying-packages">
multiple-cursors, projectile, and yasnippet. <title>Querying Emacs packages</title>
</para> <programlisting><![CDATA[
</tip>
<para>
The list of available packages in the various ELPA
repositories can be seen with the following commands:
<example xml:id="module-services-emacs-querying-packages">
<title>Querying Emacs packages</title>
<programlisting><![CDATA[
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.elpaPackages nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.elpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.melpaPackages nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.melpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.melpaStablePackages nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.melpaStablePackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.orgPackages nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.orgPackages
]]></programlisting> ]]></programlisting>
</example> </example>
</para> </para>
<para> <para>
If you are on NixOS, you can install this particular Emacs for If you are on NixOS, you can install this particular Emacs for all users by
all users by adding it to the list of system packages adding it to the list of system packages (see
(see <xref linkend="sec-declarative-package-mgmt" />). Simply <xref linkend="sec-declarative-package-mgmt" />). Simply modify your file
modify your file <filename>configuration.nix</filename> to <filename>configuration.nix</filename> to make it contain:
make it contain: <example xml:id="module-services-emacs-configuration-nix">
<example xml:id="module-services-emacs-configuration-nix"> <title>Custom Emacs in <filename>configuration.nix</filename></title>
<title>Custom Emacs in <filename>configuration.nix</filename></title> <programlisting><![CDATA[
<programlisting><![CDATA[
{ {
environment.systemPackages = [ environment.systemPackages = [
# [...] # [...]
@ -301,60 +284,59 @@ nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.orgPackages
]; ];
} }
]]></programlisting> ]]></programlisting>
</example> </example>
</para> </para>
<para> <para>
In this case, the next <command>nixos-rebuild switch</command> In this case, the next <command>nixos-rebuild switch</command> will take
will take care of adding your <command>emacs</command> to the care of adding your <command>emacs</command> to the <varname>PATH</varname>
<varname>PATH</varname> environment variable environment variable (see <xref linkend="sec-changing-config" />).
(see <xref linkend="sec-changing-config" />). </para>
</para>
<!-- fixme: i think the following is better done with config.nix <!-- fixme: i think the following is better done with config.nix
https://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides https://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides
--> -->
<para>
If you are not on NixOS or want to install this particular <para>
Emacs only for yourself, you can do so by adding it to your If you are not on NixOS or want to install this particular Emacs only for
<filename>~/.config/nixpkgs/config.nix</filename> yourself, you can do so by adding it to your
(see <link xlink:href="http://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides">Nixpkgs manual</link>): <filename>~/.config/nixpkgs/config.nix</filename> (see
<example xml:id="module-services-emacs-config-nix"> <link xlink:href="http://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides">Nixpkgs
<title>Custom Emacs in <filename>~/.config/nixpkgs/config.nix</filename></title> manual</link>):
<programlisting><![CDATA[ <example xml:id="module-services-emacs-config-nix">
<title>Custom Emacs in <filename>~/.config/nixpkgs/config.nix</filename></title>
<programlisting><![CDATA[
{ {
packageOverrides = super: let self = super.pkgs; in { packageOverrides = super: let self = super.pkgs; in {
myemacs = import /path/to/emacs.nix { pkgs = self; }; myemacs = import /path/to/emacs.nix { pkgs = self; };
}; };
} }
]]></programlisting> ]]></programlisting>
</example> </example>
</para> </para>
<para> <para>
In this case, the next In this case, the next <literal>nix-env -f '&lt;nixpkgs&gt;' -iA
<literal>nix-env -f '&lt;nixpkgs&gt;' -iA myemacs</literal> myemacs</literal> will take care of adding your emacs to the
will take care of adding your emacs to the <varname>PATH</varname> environment variable.
<varname>PATH</varname> environment variable. </para>
</para> </section>
</section>
<section xml:id="module-services-emacs-advanced"> <section xml:id="module-services-emacs-advanced">
<title>Advanced Emacs Configuration</title> <title>Advanced Emacs Configuration</title>
<para> <para>
If you want, you can tweak the Emacs package itself from your If you want, you can tweak the Emacs package itself from your
<filename>emacs.nix</filename>. For example, if you want to <filename>emacs.nix</filename>. For example, if you want to have a
have a GTK+3-based Emacs instead of the default GTK+2-based GTK+3-based Emacs instead of the default GTK+2-based binary and remove the
binary and remove the automatically generated automatically generated <filename>emacs.desktop</filename> (useful is you
<filename>emacs.desktop</filename> (useful is you only use only use <command>emacsclient</command>), you can change your file
<command>emacsclient</command>), you can change your file <filename>emacs.nix</filename> in this way:
<filename>emacs.nix</filename> in this way: </para>
</para>
<example xml:id="ex-emacsGtk3Nix"> <example xml:id="ex-emacsGtk3Nix">
<title>Custom Emacs build</title> <title>Custom Emacs build</title>
<programlisting><![CDATA[ <programlisting><![CDATA[
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> {} }:
let let
myEmacs = (pkgs.emacs.override { myEmacs = (pkgs.emacs.override {
@ -370,161 +352,143 @@ let
}); });
in [...] in [...]
]]></programlisting> ]]></programlisting>
</example> </example>
<para> <para>
After building this file as shown in <xref linkend="ex-emacsNix" />, After building this file as shown in <xref linkend="ex-emacsNix" />, you
you will get an GTK3-based Emacs binary pre-loaded with your will get an GTK3-based Emacs binary pre-loaded with your favorite packages.
favorite packages. </para>
</para>
</section>
</section> </section>
</section>
<section xml:id="module-services-emacs-running"> <section xml:id="module-services-emacs-running">
<title>Running Emacs as a Service</title> <title>Running Emacs as a Service</title>
<para> <para>
<productname>NixOS</productname> provides an optional <productname>NixOS</productname> provides an optional
<command>systemd</command> service which launches <command>systemd</command> service which launches
<link xlink:href="https://www.gnu.org/software/emacs/manual/html_node/emacs/Emacs-Server.html"> <link xlink:href="https://www.gnu.org/software/emacs/manual/html_node/emacs/Emacs-Server.html">
Emacs daemon Emacs daemon </link> with the user's login session.
</link>
with the user's login session.
</para> </para>
<para> <para>
<emphasis>Source:</emphasis> <emphasis>Source:</emphasis>
<filename>modules/services/editors/emacs.nix</filename> <filename>modules/services/editors/emacs.nix</filename>
</para> </para>
<section xml:id="module-services-emacs-enabling"> <section xml:id="module-services-emacs-enabling">
<title>Enabling the Service</title> <title>Enabling the Service</title>
<para>
To install and enable the <command>systemd</command>
user service for Emacs daemon, add the following to your
<filename>configuration.nix</filename>:
<para>
To install and enable the <command>systemd</command> user service for Emacs
daemon, add the following to your <filename>configuration.nix</filename>:
<programlisting> <programlisting>
<xref linkend="opt-services.emacs.enable"/> = true; <xref linkend="opt-services.emacs.enable"/> = true;
<xref linkend="opt-services.emacs.package"/> = import /home/cassou/.emacs.d { pkgs = pkgs; }; <xref linkend="opt-services.emacs.package"/> = import /home/cassou/.emacs.d { pkgs = pkgs; };
</programlisting> </programlisting>
</para> </para>
<para> <para>
The <varname>services.emacs.package</varname> option allows a The <varname>services.emacs.package</varname> option allows a custom
custom derivation to be used, for example, one created by derivation to be used, for example, one created by
<function>emacsWithPackages</function>. <function>emacsWithPackages</function>.
</para> </para>
<para> <para>
Ensure that the Emacs server is enabled for your user's Emacs Ensure that the Emacs server is enabled for your user's Emacs
configuration, either by customizing the configuration, either by customizing the <varname>server-mode</varname>
<varname>server-mode</varname> variable, or by adding variable, or by adding <literal>(server-start)</literal> to
<literal>(server-start)</literal> to <filename>~/.emacs.d/init.el</filename>.
<filename>~/.emacs.d/init.el</filename>. </para>
</para>
<para>
To start the daemon, execute the following:
<para>
To start the daemon, execute the following:
<screen> <screen>
$ nixos-rebuild switch # to activate the new configuration.nix $ nixos-rebuild switch # to activate the new configuration.nix
$ systemctl --user daemon-reload # to force systemd reload $ systemctl --user daemon-reload # to force systemd reload
$ systemctl --user start emacs.service # to start the Emacs daemon $ systemctl --user start emacs.service # to start the Emacs daemon
</screen> </screen>
The server should now be ready to serve Emacs clients.
The server should now be ready to serve Emacs clients. </para>
</para>
</section> </section>
<section xml:id="module-services-emacs-starting-client"> <section xml:id="module-services-emacs-starting-client">
<title>Starting the client</title> <title>Starting the client</title>
<para>
Ensure that the emacs server is enabled, either by customizing
the <varname>server-mode</varname> variable, or by adding
<literal>(server-start)</literal> to
<filename>~/.emacs</filename>.
</para>
<para> <para>
To connect to the emacs daemon, run one of the following: Ensure that the emacs server is enabled, either by customizing the
<programlisting><![CDATA[ <varname>server-mode</varname> variable, or by adding
<literal>(server-start)</literal> to <filename>~/.emacs</filename>.
</para>
<para>
To connect to the emacs daemon, run one of the following:
<programlisting><![CDATA[
emacsclient FILENAME emacsclient FILENAME
emacsclient --create-frame # opens a new frame (window) emacsclient --create-frame # opens a new frame (window)
emacsclient --create-frame --tty # opens a new frame on the current terminal emacsclient --create-frame --tty # opens a new frame on the current terminal
]]></programlisting> ]]></programlisting>
</para> </para>
</section> </section>
<section xml:id="module-services-emacs-editor-variable"> <section xml:id="module-services-emacs-editor-variable">
<title>Configuring the <varname>EDITOR</varname> variable</title> <title>Configuring the <varname>EDITOR</varname> variable</title>
<!--<title><command>emacsclient</command> as the Default Editor</title>-->
<para> <!--<title><command>emacsclient</command> as the Default Editor</title>-->
If <xref linkend="opt-services.emacs.defaultEditor"/> is
<literal>true</literal>, the <varname>EDITOR</varname> variable
will be set to a wrapper script which launches
<command>emacsclient</command>.
</para>
<para> <para>
Any setting of <varname>EDITOR</varname> in the shell config If <xref linkend="opt-services.emacs.defaultEditor"/> is
files will override <literal>true</literal>, the <varname>EDITOR</varname> variable will be set
<varname>services.emacs.defaultEditor</varname>. to a wrapper script which launches <command>emacsclient</command>.
To make sure <varname>EDITOR</varname> refers to the Emacs </para>
wrapper script, remove any existing <varname>EDITOR</varname>
assignment from <filename>.profile</filename>,
<filename>.bashrc</filename>, <filename>.zshenv</filename> or
any other shell config file.
</para>
<para> <para>
If you have formed certain bad habits when editing files, Any setting of <varname>EDITOR</varname> in the shell config files will
these can be corrected with a shell alias to the wrapper override <varname>services.emacs.defaultEditor</varname>. To make sure
script: <varname>EDITOR</varname> refers to the Emacs wrapper script, remove any
<programlisting>alias vi=$EDITOR</programlisting> existing <varname>EDITOR</varname> assignment from
</para> <filename>.profile</filename>, <filename>.bashrc</filename>,
<filename>.zshenv</filename> or any other shell config file.
</para>
<para>
If you have formed certain bad habits when editing files, these can be
corrected with a shell alias to the wrapper script:
<programlisting>alias vi=$EDITOR</programlisting>
</para>
</section> </section>
<section xml:id="module-services-emacs-per-user"> <section xml:id="module-services-emacs-per-user">
<title>Per-User Enabling of the Service</title> <title>Per-User Enabling of the Service</title>
<para>
In general, <command>systemd</command> user services
are globally enabled by symlinks in
<filename>/etc/systemd/user</filename>. In the case where
Emacs daemon is not wanted for all users, it is possible to
install the service but not globally enable it:
<para>
In general, <command>systemd</command> user services are globally enabled
by symlinks in <filename>/etc/systemd/user</filename>. In the case where
Emacs daemon is not wanted for all users, it is possible to install the
service but not globally enable it:
<programlisting> <programlisting>
<xref linkend="opt-services.emacs.enable"/> = false; <xref linkend="opt-services.emacs.enable"/> = false;
<xref linkend="opt-services.emacs.install"/> = true; <xref linkend="opt-services.emacs.install"/> = true;
</programlisting> </programlisting>
</para> </para>
<para> <para>
To enable the <command>systemd</command> user service for just To enable the <command>systemd</command> user service for just the
the currently logged in user, run: currently logged in user, run:
<programlisting>systemctl --user enable emacs</programlisting>
<programlisting>systemctl --user enable emacs</programlisting> This will add the symlink
<filename>~/.config/systemd/user/emacs.service</filename>.
This will add the symlink </para>
<filename>~/.config/systemd/user/emacs.service</filename>.
</para>
</section> </section>
</section> </section>
<section xml:id="module-services-emacs-configuring">
<section xml:id="module-services-emacs-configuring">
<title>Configuring Emacs</title> <title>Configuring Emacs</title>
<para> <para>
The Emacs init file should be changed to load the extension The Emacs init file should be changed to load the extension packages at
packages at startup: startup:
<example xml:id="module-services-emacs-package-initialisation">
<example xml:id="module-services-emacs-package-initialisation"> <title>Package initialization in <filename>.emacs</filename></title>
<title>Package initialization in <filename>.emacs</filename></title> <programlisting><![CDATA[
<programlisting><![CDATA[
(require 'package) (require 'package)
;; optional. makes unpure packages archives unavailable ;; optional. makes unpure packages archives unavailable
@ -533,66 +497,71 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal
(setq package-enable-at-startup nil) (setq package-enable-at-startup nil)
(package-initialize) (package-initialize)
]]></programlisting> ]]></programlisting>
</example> </example>
</para> </para>
<para> <para>
After the declarative emacs package configuration has been After the declarative emacs package configuration has been tested,
tested, previously downloaded packages can be cleaned up by previously downloaded packages can be cleaned up by removing
removing <filename>~/.emacs.d/elpa</filename> (do make a backup <filename>~/.emacs.d/elpa</filename> (do make a backup first, in case you
first, in case you forgot a package). forgot a package).
</para> </para>
<!-- <!--
todo: is it worth documenting customizations for todo: is it worth documenting customizations for
server-switch-hook, server-done-hook? server-switch-hook, server-done-hook?
--> -->
<section xml:id="module-services-emacs-major-mode"> <section xml:id="module-services-emacs-major-mode">
<title>A Major Mode for Nix Expressions</title> <title>A Major Mode for Nix Expressions</title>
<para> <para>
Of interest may be <varname>melpaPackages.nix-mode</varname>, Of interest may be <varname>melpaPackages.nix-mode</varname>, which
which provides syntax highlighting for the Nix language. This is provides syntax highlighting for the Nix language. This is particularly
particularly convenient if you regularly edit Nix files. convenient if you regularly edit Nix files.
</para> </para>
</section> </section>
<section xml:id="module-services-emacs-man-pages"> <section xml:id="module-services-emacs-man-pages">
<title>Accessing man pages</title> <title>Accessing man pages</title>
<para>
You can use <function>woman</function> to get completion of all <para>
available man pages. For example, type <literal>M-x woman You can use <function>woman</function> to get completion of all available
&lt;RET&gt; nixos-rebuild &lt;RET&gt;.</literal> man pages. For example, type <literal>M-x woman &lt;RET&gt; nixos-rebuild
</para> &lt;RET&gt;.</literal>
</para>
</section> </section>
<section xml:id="sec-emacs-docbook-xml"> <section xml:id="sec-emacs-docbook-xml">
<title>Editing DocBook 5 XML Documents</title> <title>Editing DocBook 5 XML Documents</title>
<para>
Emacs includes <link <para>
Emacs includes
<link
xlink:href="https://www.gnu.org/software/emacs/manual/html_node/nxml-mode/Introduction.html">nXML</link>, xlink:href="https://www.gnu.org/software/emacs/manual/html_node/nxml-mode/Introduction.html">nXML</link>,
a major-mode for validating and editing XML documents. a major-mode for validating and editing XML documents. When editing DocBook
When editing DocBook 5.0 documents, such as 5.0 documents, such as <link linkend="book-nixos-manual">this one</link>,
<link linkend="book-nixos-manual">this one</link>, nXML needs to be configured with the relevant schema, which is not
nXML needs to be configured with the relevant schema, which is included.
not included. </para>
</para>
<para> <para>
To install the DocBook 5.0 schemas, either add To install the DocBook 5.0 schemas, either add
<varname>pkgs.docbook5</varname> to <varname>pkgs.docbook5</varname> to
<xref linkend="opt-environment.systemPackages"/> (<link <xref linkend="opt-environment.systemPackages"/>
(<link
linkend="sec-declarative-package-mgmt">NixOS</link>), or run linkend="sec-declarative-package-mgmt">NixOS</link>), or run
<literal>nix-env -i pkgs.docbook5</literal> <literal>nix-env -i pkgs.docbook5</literal>
(<link linkend="sec-ad-hoc-packages">Nix</link>). (<link linkend="sec-ad-hoc-packages">Nix</link>).
</para> </para>
<para> <para>
Then customize the variable <varname>rng-schema-locating-files</varname> to include <filename>~/.emacs.d/schemas.xml</filename> and put the following text into that file: Then customize the variable <varname>rng-schema-locating-files</varname> to
<example xml:id="ex-emacs-docbook-xml"> include <filename>~/.emacs.d/schemas.xml</filename> and put the following
<title>nXML Schema Configuration (<filename>~/.emacs.d/schemas.xml</filename>)</title> text into that file:
<programlisting language="xml"><![CDATA[ <example xml:id="ex-emacs-docbook-xml">
<title>nXML Schema Configuration (<filename>~/.emacs.d/schemas.xml</filename>)</title>
<programlisting language="xml"><![CDATA[
<?xml version="1.0"?> <?xml version="1.0"?>
<!-- <!--
To let emacs find this file, evaluate: To let emacs find this file, evaluate:
@ -612,9 +581,7 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal
</locatingRules> </locatingRules>
]]></programlisting> ]]></programlisting>
</example> </example>
</para> </para>
</section> </section>
</section> </section>
</chapter> </chapter>

View File

@ -115,36 +115,10 @@ let
}; };
}; };
indexOf = default: start: list: e:
if list == []
then default
else if (head list) == e then start
else (indexOf default (start + (length (listenStreams (head list).socket))) (tail list) e);
systemdSocket = indexOf (abort "Socket not found") 0 allSockets;
isUnixSocket = socket: hasPrefix "/" (if (isString socket) then socket else socket.socket); isUnixSocket = socket: hasPrefix "/" (if (isString socket) then socket else socket.socket);
isPort = hasPrefix "*:";
isIPv4Socket = hasPrefix "*v4:";
isIPv6Socket = hasPrefix "*v6:";
isLocalHost = hasPrefix "localhost:";
listenStreams = socket:
if (isLocalHost socket) then
let port = (removePrefix "localhost:" socket);
in [ "127.0.0.1:${port}" ] ++ (if config.networking.enableIPv6 then ["[::1]:${port}"] else [])
else if (isIPv6Socket socket) then [removePrefix "*v6:" socket]
else if (isPort socket) then [removePrefix "*:" socket]
else if (isIPv4Socket socket) then
throw "error: IPv4 only socket not supported in rspamd with socket activation"
else if (length (splitString " " socket)) != 1 then
throw "error: string options not supported in rspamd with socket activation"
else [socket];
mkBindSockets = enabled: socks: concatStringsSep "\n " (flatten (map (each: mkBindSockets = enabled: socks: concatStringsSep "\n "
if cfg.socketActivation && enabled != false then (flatten (map (each: "bind_socket = \"${each.rawEntry}\";") socks));
let systemd = (systemdSocket each);
in (imap (idx: e: "bind_socket = \"systemd:${toString (systemd + idx - 1)}\";") (listenStreams each.socket))
else "bind_socket = \"${each.rawEntry}\";") socks));
rspamdConfFile = pkgs.writeText "rspamd.conf" rspamdConfFile = pkgs.writeText "rspamd.conf"
'' ''
@ -175,18 +149,6 @@ let
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
allMappedSockets = flatten (mapAttrsToList (name: value:
if value.enable != false
then imap (idx: each: {
name = "${name}";
index = idx;
value = each;
}) value.bindSockets
else []) cfg.workers);
allSockets = map (e: e.value) allMappedSockets;
allSocketNames = map (each: "rspamd-${each.name}-${toString each.index}.socket") allMappedSockets;
in in
{ {
@ -205,13 +167,6 @@ in
description = "Whether to run the rspamd daemon in debug mode."; description = "Whether to run the rspamd daemon in debug mode.";
}; };
socketActivation = mkOption {
type = types.bool;
description = ''
Enable systemd socket activation for rspamd.
'';
};
workers = mkOption { workers = mkOption {
type = with types; attrsOf (submodule workerOpts); type = with types; attrsOf (submodule workerOpts);
description = '' description = ''
@ -272,13 +227,6 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.rspamd.socketActivation = mkDefault (!opts.bindSocket.isDefined && !opts.bindUISocket.isDefined);
assertions = [ {
assertion = !cfg.socketActivation || !(opts.bindSocket.isDefined || opts.bindUISocket.isDefined);
message = "Can't use socketActivation for rspamd when using renamed bind socket options";
} ];
# Allow users to run 'rspamc' and 'rspamadm'. # Allow users to run 'rspamc' and 'rspamadm'.
environment.systemPackages = [ pkgs.rspamd ]; environment.systemPackages = [ pkgs.rspamd ];
@ -299,17 +247,14 @@ in
systemd.services.rspamd = { systemd.services.rspamd = {
description = "Rspamd Service"; description = "Rspamd Service";
wantedBy = mkIf (!cfg.socketActivation) [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ] ++ after = [ "network.target" ];
(if cfg.socketActivation then allSocketNames else []);
requires = mkIf cfg.socketActivation allSocketNames;
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f"; ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f";
Restart = "always"; Restart = "always";
RuntimeDirectory = "rspamd"; RuntimeDirectory = "rspamd";
PrivateTmp = true; PrivateTmp = true;
Sockets = mkIf cfg.socketActivation (concatStringsSep " " allSocketNames);
}; };
preStart = '' preStart = ''
@ -317,24 +262,10 @@ in
${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /var/lib/rspamd ${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /var/lib/rspamd
''; '';
}; };
systemd.sockets = mkIf cfg.socketActivation
(listToAttrs (map (each: {
name = "rspamd-${each.name}-${toString each.index}";
value = {
description = "Rspamd socket ${toString each.index} for worker ${each.name}";
wantedBy = [ "sockets.target" ];
listenStreams = (listenStreams each.value.socket);
socketConfig = {
BindIPv6Only = mkIf (isIPv6Socket each.value.socket) "ipv6-only";
Service = "rspamd.service";
SocketUser = mkIf (isUnixSocket each.value.socket) each.value.owner;
SocketGroup = mkIf (isUnixSocket each.value.socket) each.value.group;
SocketMode = mkIf (isUnixSocket each.value.socket) each.value.mode;
};
};
}) allMappedSockets));
}; };
imports = [ imports = [
(mkRemovedOptionModule [ "services" "rspamd" "socketActivation" ]
"Socket activation never worked correctly and could at this time not be fixed and so was removed")
(mkRenamedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" "normal" "bindSockets" ]) (mkRenamedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" "normal" "bindSockets" ])
(mkRenamedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" "controller" "bindSockets" ]) (mkRenamedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" "controller" "bindSockets" ])
]; ];

View File

@ -3,20 +3,22 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-services-gitlab"> xml:id="module-services-gitlab">
<title>Gitlab</title>
<para>
Gitlab is a feature-rich git hosting service.
</para>
<section xml:id="module-services-gitlab-prerequisites">
<title>Prerequisites</title>
<title>Gitlab</title> <para>
The gitlab service exposes only an Unix socket at
<para>Gitlab is a feature-rich git hosting service.</para> <literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to
configure a webserver to proxy HTTP requests to the socket.
<section xml:id="module-services-gitlab-prerequisites"><title>Prerequisites</title> </para>
<para>The gitlab service exposes only an Unix socket at
<literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to configure a
webserver to proxy HTTP requests to the socket.</para>
<para>For instance, the following configuration could be used to use nginx as
frontend proxy:
<para>
For instance, the following configuration could be used to use nginx as
frontend proxy:
<programlisting> <programlisting>
<link linkend="opt-services.nginx.enable">services.nginx</link> = { <link linkend="opt-services.nginx.enable">services.nginx</link> = {
<link linkend="opt-services.nginx.enable">enable</link> = true; <link linkend="opt-services.nginx.enable">enable</link> = true;
@ -31,21 +33,24 @@ webserver to proxy HTTP requests to the socket.</para>
}; };
}; };
</programlisting> </programlisting>
</para> </para>
</section>
<section xml:id="module-services-gitlab-configuring">
<title>Configuring</title>
</section> <para>
Gitlab depends on both PostgreSQL and Redis and will automatically enable
both services. In the case of PostgreSQL, a database and a role will be
created.
</para>
<section xml:id="module-services-gitlab-configuring"><title>Configuring</title> <para>
The default state dir is <literal>/var/gitlab/state</literal>. This is where
<para>Gitlab depends on both PostgreSQL and Redis and will automatically enable all data like the repositories and uploads will be stored.
both services. In the case of PostgreSQL, a database and a role will be created. </para>
</para>
<para>The default state dir is <literal>/var/gitlab/state</literal>. This is where
all data like the repositories and uploads will be stored.</para>
<para>A basic configuration with some custom settings could look like this:
<para>
A basic configuration with some custom settings could look like this:
<programlisting> <programlisting>
services.gitlab = { services.gitlab = {
<link linkend="opt-services.gitlab.enable">enable</link> = true; <link linkend="opt-services.gitlab.enable">enable</link> = true;
@ -105,40 +110,41 @@ services.gitlab = {
}; };
}; };
</programlisting> </programlisting>
</para> </para>
<para>If you're setting up a new Gitlab instance, generate new secrets. You <para>
for instance use <literal>tr -dc A-Za-z0-9 &lt; /dev/urandom | head -c 128</literal> If you're setting up a new Gitlab instance, generate new secrets. You for
to generate a new secret. Gitlab encrypts sensitive data stored in the database. instance use <literal>tr -dc A-Za-z0-9 &lt; /dev/urandom | head -c
If you're restoring an existing Gitlab instance, you must specify the secrets 128</literal> to generate a new secret. Gitlab encrypts sensitive data
secret from <literal>config/secrets.yml</literal> located in your Gitlab state stored in the database. If you're restoring an existing Gitlab instance, you
folder.</para> must specify the secrets secret from <literal>config/secrets.yml</literal>
located in your Gitlab state folder.
</para>
<para>Refer to <xref linkend="ch-options" /> for all available configuration <para>
options for the <link linkend="opt-services.gitlab.enable">services.gitlab</link> module.</para> Refer to <xref linkend="ch-options" /> for all available configuration
options for the
<link linkend="opt-services.gitlab.enable">services.gitlab</link> module.
</para>
</section>
<section xml:id="module-services-gitlab-maintenance">
<title>Maintenance</title>
</section> <para>
You can run Gitlab's rake tasks with <literal>gitlab-rake</literal> which
<section xml:id="module-services-gitlab-maintenance"><title>Maintenance</title> will be available on the system when gitlab is enabled. You will have to run
the command as the user that you configured to run gitlab with.
<para>You can run Gitlab's rake tasks with <literal>gitlab-rake</literal> </para>
which will be available on the system when gitlab is enabled. You will
have to run the command as the user that you configured to run gitlab
with.</para>
<para>For example, to backup a Gitlab instance:
<para>
For example, to backup a Gitlab instance:
<programlisting> <programlisting>
$ sudo -u git -H gitlab-rake gitlab:backup:create $ sudo -u git -H gitlab-rake gitlab:backup:create
</programlisting> </programlisting>
A list of all availabe rake tasks can be obtained by running:
A list of all availabe rake tasks can be obtained by running:
<programlisting> <programlisting>
$ sudo -u git -H gitlab-rake -T $ sudo -u git -H gitlab-rake -T
</programlisting> </programlisting>
</para> </para>
</section>
</section>
</chapter> </chapter>

View File

@ -0,0 +1,46 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.lidarr;
in
{
options = {
services.lidarr = {
enable = mkEnableOption "Lidarr";
};
};
config = mkIf cfg.enable {
systemd.services.lidarr = {
description = "Lidarr";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
[ ! -d /var/lib/lidarr ] && mkdir -p /var/lib/lidarr
chown -R lidarr:lidarr /var/lib/lidarr
'';
serviceConfig = {
Type = "simple";
User = "lidarr";
Group = "lidarr";
PermissionsStartOnly = "true";
ExecStart = "${pkgs.lidarr}/bin/Lidarr";
Restart = "on-failure";
StateDirectory = "/var/lib/lidarr/";
StateDirectoryMode = "0770";
};
};
users.users.lidarr = {
uid = config.ids.uids.lidarr;
home = "/var/lib/lidarr";
group = "lidarr";
};
users.groups.lidarr.gid = config.ids.gids.lidarr;
};
}

View File

@ -345,7 +345,6 @@ in
type = types.listOf types.str; type = types.listOf types.str;
default = default =
[ [
"$HOME/.nix-defexpr/channels"
"nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
"nixos-config=/etc/nixos/configuration.nix" "nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels" "/nix/var/nix/profiles/per-user/root/channels"
@ -436,7 +435,7 @@ in
# Set up the environment variables for running Nix. # Set up the environment variables for running Nix.
environment.sessionVariables = cfg.envVars // environment.sessionVariables = cfg.envVars //
{ NIX_PATH = concatStringsSep ":" cfg.nixPath; { NIX_PATH = cfg.nixPath;
}; };
environment.extraInit = optionalString (!isNix20) environment.extraInit = optionalString (!isNix20)
@ -446,6 +445,10 @@ in
if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then
export NIX_REMOTE=daemon export NIX_REMOTE=daemon
fi fi
'' + ''
if [ -e "$HOME/.nix-defexpr/channels" ]; then
export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}"
fi
''; '';
nix.nrBuildUsers = mkDefault (lib.max 32 cfg.maxJobs); nix.nrBuildUsers = mkDefault (lib.max 32 cfg.maxJobs);

View File

@ -0,0 +1,92 @@
{ config, lib, pkgs, ... }:
with lib;
let
name = "sickbeard";
cfg = config.services.sickbeard;
sickbeard = cfg.package;
in
{
###### interface
options = {
services.sickbeard = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the sickbeard server.";
};
package = mkOption {
type = types.package;
default = pkgs.sickbeard;
example = literalExample "pkgs.sickrage";
description =''
Enable <literal>pkgs.sickrage</literal> or <literal>pkgs.sickgear</literal>
as an alternative to SickBeard
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/${name}";
description = "Path where to store data files.";
};
configFile = mkOption {
type = types.path;
default = "${cfg.dataDir}/config.ini";
description = "Path to config file.";
};
port = mkOption {
type = types.ints.u16;
default = 8081;
description = "Port to bind to.";
};
user = mkOption {
type = types.str;
default = name;
description = "User to run the service as";
};
group = mkOption {
type = types.str;
default = name;
description = "Group to run the service as";
};
};
};
###### implementation
config = mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == name) (singleton {
name = name;
uid = config.ids.uids.sickbeard;
group = cfg.group;
description = "sickbeard user";
home = cfg.dataDir;
createHome = true;
});
users.groups = optionalAttrs (cfg.group == name) (singleton {
name = name;
gid = config.ids.gids.sickbeard;
});
systemd.services.sickbeard = {
description = "Sickbeard Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = "${sickbeard}/SickBeard.py --datadir ${cfg.dataDir} --config ${cfg.configFile} --port ${toString cfg.port}";
};
};
};
}

View File

@ -2,101 +2,93 @@
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0" version="5.0"
xml:id="module-taskserver"> xml:id="module-taskserver">
<title>Taskserver</title>
<title>Taskserver</title> <para>
Taskserver is the server component of
<link xlink:href="https://taskwarrior.org/">Taskwarrior</link>, a free and
open source todo list application.
</para>
<para>
<emphasis>Upstream documentation:</emphasis>
<link xlink:href="https://taskwarrior.org/docs/#taskd"/>
</para>
<section xml:id="module-services-taskserver-configuration">
<title>Configuration</title>
<para> <para>
Taskserver is the server component of Taskserver does all of its authentication via TLS using client certificates,
<link xlink:href="https://taskwarrior.org/">Taskwarrior</link>, a free and so you either need to roll your own CA or purchase a certificate from a
open source todo list application. known CA, which allows creation of client certificates. These certificates
are usually advertised as <quote>server certificates</quote>.
</para> </para>
<para> <para>
<emphasis>Upstream documentation:</emphasis> So in order to make it easier to handle your own CA, there is a helper tool
<link xlink:href="https://taskwarrior.org/docs/#taskd"/> called <command>nixos-taskserver</command> which manages the custom CA along
with Taskserver organisations, users and groups.
</para> </para>
<section xml:id="module-services-taskserver-configuration"> <para>
<title>Configuration</title> While the client certificates in Taskserver only authenticate whether a user
is allowed to connect, every user has its own UUID which identifies it as an
entity.
</para>
<para> <para>
Taskserver does all of its authentication via TLS using client With <command>nixos-taskserver</command> the client certificate is created
certificates, so you either need to roll your own CA or purchase a along with the UUID of the user, so it handles all of the credentials needed
certificate from a known CA, which allows creation of client in order to setup the Taskwarrior client to work with a Taskserver.
certificates. </para>
</section>
<section xml:id="module-services-taskserver-nixos-taskserver-tool">
<title>The nixos-taskserver tool</title>
These certificates are usually advertised as <para>
<quote>server certificates</quote>. Because Taskserver by default only provides scripts to setup users
</para> imperatively, the <command>nixos-taskserver</command> tool is used for
addition and deletion of organisations along with users and groups defined
by <xref linkend="opt-services.taskserver.organisations"/> and as well for
imperative set up.
</para>
<para> <para>
So in order to make it easier to handle your own CA, there is a helper The tool is designed to not interfere if the command is used to manually set
tool called <command>nixos-taskserver</command> which manages the custom up some organisations, users or groups.
CA along with Taskserver organisations, users and groups. </para>
</para>
<para> <para>
While the client certificates in Taskserver only authenticate whether a For example if you add a new organisation using <command>nixos-taskserver
user is allowed to connect, every user has its own UUID which identifies org add foo</command>, the organisation is not modified and deleted no
it as an entity. matter what you define in
</para> <option>services.taskserver.organisations</option>, even if you're adding
the same organisation in that option.
</para>
<para> <para>
With <command>nixos-taskserver</command> the client certificate is created The tool is modelled to imitate the official <command>taskd</command>
along with the UUID of the user, so it handles all of the credentials command, documentation for each subcommand can be shown by using the
needed in order to setup the Taskwarrior client to work with a Taskserver. <option>--help</option> switch.
</para> </para>
</section> </section>
<section xml:id="module-services-taskserver-declarative-ca-management">
<title>Declarative/automatic CA management</title>
<section xml:id="module-services-taskserver-nixos-taskserver-tool"> <para>
<title>The nixos-taskserver tool</title> Everything is done according to what you specify in the module options,
however in order to set up a Taskwarrior client for synchronisation with a
Taskserver instance, you have to transfer the keys and certificates to the
client machine.
</para>
<para> <para>
Because Taskserver by default only provides scripts to setup users This is done using <command>nixos-taskserver user export $orgname
imperatively, the <command>nixos-taskserver</command> tool is used for $username</command> which is printing a shell script fragment to stdout
addition and deletion of organisations along with users and groups defined which can either be used verbatim or adjusted to import the user on the
by <xref linkend="opt-services.taskserver.organisations"/> and as well for client machine.
imperative set up. </para>
</para>
<para> <para>
The tool is designed to not interfere if the command is used to manually For example, let's say you have the following configuration:
set up some organisations, users or groups.
</para>
<para>
For example if you add a new organisation using
<command>nixos-taskserver org add foo</command>, the organisation is not
modified and deleted no matter what you define in
<option>services.taskserver.organisations</option>, even if you're adding
the same organisation in that option.
</para>
<para>
The tool is modelled to imitate the official <command>taskd</command>
command, documentation for each subcommand can be shown by using the
<option>--help</option> switch.
</para>
</section>
<section xml:id="module-services-taskserver-declarative-ca-management">
<title>Declarative/automatic CA management</title>
<para>
Everything is done according to what you specify in the module options,
however in order to set up a Taskwarrior client for synchronisation with a
Taskserver instance, you have to transfer the keys and certificates to the
client machine.
</para>
<para>
This is done using
<command>nixos-taskserver user export $orgname $username</command> which
is printing a shell script fragment to stdout which can either be used
verbatim or adjusted to import the user on the client machine.
</para>
<para>
For example, let's say you have the following configuration:
<screen> <screen>
{ {
<xref linkend="opt-services.taskserver.enable"/> = true; <xref linkend="opt-services.taskserver.enable"/> = true;
@ -105,40 +97,39 @@
<link linkend="opt-services.taskserver.organisations._name_.users">services.taskserver.organisations.my-company.users</link> = [ "alice" ]; <link linkend="opt-services.taskserver.organisations._name_.users">services.taskserver.organisations.my-company.users</link> = [ "alice" ];
} }
</screen> </screen>
This creates an organisation called <literal>my-company</literal> with the This creates an organisation called <literal>my-company</literal> with the
user <literal>alice</literal>. user <literal>alice</literal>.
</para> </para>
<para> <para>
Now in order to import the <literal>alice</literal> user to another Now in order to import the <literal>alice</literal> user to another machine
machine <literal>alicebox</literal>, all we need to do is something like <literal>alicebox</literal>, all we need to do is something like this:
this:
<screen> <screen>
$ ssh server nixos-taskserver user export my-company alice | sh $ ssh server nixos-taskserver user export my-company alice | sh
</screen> </screen>
Of course, if no SSH daemon is available on the server you can also copy Of course, if no SSH daemon is available on the server you can also copy
&amp; paste it directly into a shell. &amp; paste it directly into a shell.
</para> </para>
<para> <para>
After this step the user should be set up and you can start synchronising After this step the user should be set up and you can start synchronising
your tasks for the first time with <command>task sync init</command> on your tasks for the first time with <command>task sync init</command> on
<literal>alicebox</literal>. <literal>alicebox</literal>.
</para> </para>
<para> <para>
Subsequent synchronisation requests merely require the command Subsequent synchronisation requests merely require the command <command>task
<command>task sync</command> after that stage. sync</command> after that stage.
</para> </para>
</section> </section>
<section xml:id="module-services-taskserver-manual-ca-management"> <section xml:id="module-services-taskserver-manual-ca-management">
<title>Manual CA management</title> <title>Manual CA management</title>
<para> <para>
If you set any options within If you set any options within
<link linkend="opt-services.taskserver.pki.manual.ca.cert">service.taskserver.pki.manual</link>.*, <link linkend="opt-services.taskserver.pki.manual.ca.cert">service.taskserver.pki.manual</link>.*,
<command>nixos-taskserver</command> won't issue certificates, but you can <command>nixos-taskserver</command> won't issue certificates, but you can
still use it for adding or removing user accounts. still use it for adding or removing user accounts.
</para> </para>
</section> </section>
</chapter> </chapter>

View File

@ -3,22 +3,24 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-services-weechat"> xml:id="module-services-weechat">
<title>WeeChat</title>
<para>
<link xlink:href="https://weechat.org/">WeeChat</link> is a fast and
extensible IRC client.
</para>
<section>
<title>Basic Usage</title>
<title>WeeChat</title> <para>
<para><link xlink:href="https://weechat.org/">WeeChat</link> is a fast and extensible IRC client.</para> By default, the module creates a
<literal><link xlink:href="https://www.freedesktop.org/wiki/Software/systemd/">systemd</link></literal>
<section><title>Basic Usage</title> unit which runs the chat client in a detached
<para> <literal><link xlink:href="https://www.gnu.org/software/screen/">screen</link></literal>
By default, the module creates a session.
<literal><link xlink:href="https://www.freedesktop.org/wiki/Software/systemd/">systemd</link></literal> unit </para>
which runs the chat client in a detached
<literal><link xlink:href="https://www.gnu.org/software/screen/">screen</link></literal> session.
</para>
<para>
This can be done by enabling the <literal>weechat</literal> service:
<para>
This can be done by enabling the <literal>weechat</literal> service:
<programlisting> <programlisting>
{ ... }: { ... }:
@ -26,19 +28,22 @@ This can be done by enabling the <literal>weechat</literal> service:
<link linkend="opt-services.weechat.enable">services.weechat.enable</link> = true; <link linkend="opt-services.weechat.enable">services.weechat.enable</link> = true;
} }
</programlisting> </programlisting>
</para> </para>
<para>
The service is managed by a dedicated user
named <literal>weechat</literal> in the state directory
<literal>/var/lib/weechat</literal>.
</para>
</section>
<section><title>Re-attaching to WeeChat</title>
<para>
WeeChat runs in a screen session owned by a dedicated user. To explicitly
allow your another user to attach to this session, the <literal>screenrc</literal> needs to be tweaked
by adding <link xlink:href="https://www.gnu.org/software/screen/manual/html_node/Multiuser.html#Multiuser">multiuser</link> support:
<para>
The service is managed by a dedicated user named <literal>weechat</literal>
in the state directory <literal>/var/lib/weechat</literal>.
</para>
</section>
<section>
<title>Re-attaching to WeeChat</title>
<para>
WeeChat runs in a screen session owned by a dedicated user. To explicitly
allow your another user to attach to this session, the
<literal>screenrc</literal> needs to be tweaked by adding
<link xlink:href="https://www.gnu.org/software/screen/manual/html_node/Multiuser.html#Multiuser">multiuser</link>
support:
<programlisting> <programlisting>
{ {
<link linkend="opt-programs.screen.screenrc">programs.screen.screenrc</link> = '' <link linkend="opt-programs.screen.screenrc">programs.screen.screenrc</link> = ''
@ -47,15 +52,15 @@ by adding <link xlink:href="https://www.gnu.org/software/screen/manual/html_node
''; '';
} }
</programlisting> </programlisting>
Now, the session can be re-attached like this:
Now, the session can be re-attached like this:
<programlisting> <programlisting>
screen -r weechat-screen screen -r weechat-screen
</programlisting> </programlisting>
</para> </para>
<para>
<emphasis>The session name can be changed using <link linkend="opt-services.weechat.sessionName">services.weechat.sessionName.</link></emphasis> <para>
</para> <emphasis>The session name can be changed using
</section> <link linkend="opt-services.weechat.sessionName">services.weechat.sessionName.</link></emphasis>
</para>
</section>
</chapter> </chapter>

View File

@ -3,13 +3,19 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-services-prometheus-exporters"> xml:id="module-services-prometheus-exporters">
<title>Prometheus exporters</title>
<para>
Prometheus exporters provide metrics for the
<link xlink:href="https://prometheus.io">prometheus monitoring system</link>.
</para>
<section xml:id="module-services-prometheus-exporters-configuration">
<title>Configuration</title>
<title>Prometheus exporters</title> <para>
One of the most common exporters is the
<para>Prometheus exporters provide metrics for the <link xlink:href="https://prometheus.io">prometheus monitoring system</link>.</para> <link xlink:href="https://github.com/prometheus/node_exporter">node
exporter</link>, it provides hardware and OS metrics from the host it's
<section xml:id="module-services-prometheus-exporters-configuration"><title>Configuration</title> running on. The exporter could be configured as follows:
<para>One of the most common exporters is the <link xlink:href="https://github.com/prometheus/node_exporter">node exporter</link>, it provides hardware and OS metrics from the host it's running on. The exporter could be configured as follows:
<programlisting> <programlisting>
services.promtheus.exporters.node = { services.promtheus.exporters.node = {
enable = true; enable = true;
@ -24,43 +30,88 @@
firewallFilter = "-i br0 -p tcp -m tcp --dport 9100"; firewallFilter = "-i br0 -p tcp -m tcp --dport 9100";
}; };
</programlisting> </programlisting>
It should now serve all metrics from the collectors It should now serve all metrics from the collectors that are explicitly
that are explicitly enabled and the ones that are enabled and the ones that are
<link xlink:href="https://github.com/prometheus/node_exporter#enabled-by-default">enabled by default</link>, via http under <literal>/metrics</literal>. In this example the firewall should just <link xlink:href="https://github.com/prometheus/node_exporter#enabled-by-default">enabled
allow incoming connections to the exporter's port on the bridge interface <literal>br0</literal> by default</link>, via http under <literal>/metrics</literal>. In this
(this would have to be configured seperately of course). example the firewall should just allow incoming connections to the
For more information about configuration see <literal>man configuration.nix</literal> or exporter's port on the bridge interface <literal>br0</literal> (this would
search through the <link xlink:href="https://nixos.org/nixos/options.html#prometheus.exporters">available options</link>. have to be configured seperately of course). For more information about
</para> configuration see <literal>man configuration.nix</literal> or search through
</section> the
<section xml:id="module-services-prometheus-exporters-new-exporter"><title>Adding a new exporter</title> <link xlink:href="https://nixos.org/nixos/options.html#prometheus.exporters">available
<para>To add a new exporter, it has to be packaged first (see <literal>nixpkgs/pkgs/servers/monitoring/prometheus/</literal> for examples), then a module can be added. The postfix exporter is used in this example:</para> options</link>.
<itemizedlist> </para>
<listitem> </section>
<section xml:id="module-services-prometheus-exporters-new-exporter">
<title>Adding a new exporter</title>
<para>
To add a new exporter, it has to be packaged first (see
<literal>nixpkgs/pkgs/servers/monitoring/prometheus/</literal> for
examples), then a module can be added. The postfix exporter is used in this
example:
</para>
<itemizedlist>
<listitem>
<para> <para>
Some default options for all exporters are provided by Some default options for all exporters are provided by
<literal>nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix</literal>: <literal>nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix</literal>:
</para> </para>
</listitem> </listitem>
<listitem override='none'> <listitem override='none'>
<itemizedlist> <itemizedlist>
<listitem><para><literal>enable</literal></para></listitem> <listitem>
<listitem><para><literal>port</literal></para></listitem> <para>
<listitem><para><literal>listenAddress</literal></para></listitem> <literal>enable</literal>
<listitem><para><literal>extraFlags</literal></para></listitem> </para>
<listitem><para><literal>openFirewall</literal></para></listitem> </listitem>
<listitem><para><literal>firewallFilter</literal></para></listitem> <listitem>
<listitem><para><literal>user</literal></para></listitem> <para>
<listitem><para><literal>group</literal></para></listitem> <literal>port</literal>
</para>
</listitem>
<listitem>
<para>
<literal>listenAddress</literal>
</para>
</listitem>
<listitem>
<para>
<literal>extraFlags</literal>
</para>
</listitem>
<listitem>
<para>
<literal>openFirewall</literal>
</para>
</listitem>
<listitem>
<para>
<literal>firewallFilter</literal>
</para>
</listitem>
<listitem>
<para>
<literal>user</literal>
</para>
</listitem>
<listitem>
<para>
<literal>group</literal>
</para>
</listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
<listitem> <listitem>
<para>As there is already a package available, the module can now be added. <para>
This is accomplished by adding a new file to the As there is already a package available, the module can now be added. This
<literal>nixos/modules/services/monitoring/prometheus/exporters/</literal> directory, is accomplished by adding a new file to the
which will be called postfix.nix and contains all exporter specific options <literal>nixos/modules/services/monitoring/prometheus/exporters/</literal>
and configuration: directory, which will be called postfix.nix and contains all exporter
<programlisting> specific options and configuration:
<programlisting>
# nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix # nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix
{ config, lib, pkgs }: { config, lib, pkgs }:
@ -121,15 +172,16 @@ search through the <link xlink:href="https://nixos.org/nixos/options.html#promet
} }
</programlisting> </programlisting>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
This should already be enough for the postfix exporter. Additionally one could This should already be enough for the postfix exporter. Additionally one
now add assertions and conditional default values. This can be done in the could now add assertions and conditional default values. This can be done
'meta-module' that combines all exporter definitions and generates the submodules: in the 'meta-module' that combines all exporter definitions and generates
<literal>nixpkgs/nixos/modules/services/prometheus/exporters.nix</literal> the submodules:
<literal>nixpkgs/nixos/modules/services/prometheus/exporters.nix</literal>
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>
</chapter> </chapter>

View File

@ -3,67 +3,64 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="sec-dnscrypt-proxy"> xml:id="sec-dnscrypt-proxy">
<title>DNSCrypt client proxy</title>
<title>DNSCrypt client proxy</title> <para>
The DNSCrypt client proxy relays DNS queries to a DNSCrypt enabled upstream
resolver. The traffic between the client and the upstream resolver is
encrypted and authenticated, mitigating the risk of MITM attacks, DNS
poisoning attacks, and third-party snooping (assuming the upstream is
trustworthy).
</para>
<sect1 xml:id="sec-dnscrypt-proxy-configuration">
<title>Basic configuration</title>
<para> <para>
The DNSCrypt client proxy relays DNS queries to a DNSCrypt enabled To enable the client proxy, set
upstream resolver. The traffic between the client and the upstream <programlisting>
resolver is encrypted and authenticated, mitigating the risk of MITM
attacks, DNS poisoning attacks, and third-party snooping (assuming the
upstream is trustworthy).
</para>
<sect1 xml:id="sec-dnscrypt-proxy-configuration"><title>Basic configuration</title>
<para>
To enable the client proxy, set
<programlisting>
<xref linkend="opt-services.dnscrypt-proxy.enable"/> = true; <xref linkend="opt-services.dnscrypt-proxy.enable"/> = true;
</programlisting> </programlisting>
</para> </para>
<para> <para>
Enabling the client proxy does not alter the system nameserver; to Enabling the client proxy does not alter the system nameserver; to relay
relay local queries, prepend <literal>127.0.0.1</literal> to local queries, prepend <literal>127.0.0.1</literal> to
<option>networking.nameservers</option>. <option>networking.nameservers</option>.
</para> </para>
</sect1>
</sect1> <sect1 xml:id="sec-dnscrypt-proxy-forwarder">
<title>As a forwarder for another DNS client</title>
<sect1 xml:id="sec-dnscrypt-proxy-forwarder"><title>As a forwarder for another DNS client</title>
<para> <para>
To run the DNSCrypt proxy client as a forwarder for another To run the DNSCrypt proxy client as a forwarder for another DNS client,
DNS client, change the default proxy listening port to a change the default proxy listening port to a non-standard value and point
non-standard value and point the other client to it: the other client to it:
<programlisting> <programlisting>
<xref linkend="opt-services.dnscrypt-proxy.localPort"/> = 43; <xref linkend="opt-services.dnscrypt-proxy.localPort"/> = 43;
</programlisting> </programlisting>
</para> </para>
<sect2 xml:id="sec-dnscrypt-proxy-forwarder-dsnmasq"><title>dnsmasq</title> <sect2 xml:id="sec-dnscrypt-proxy-forwarder-dsnmasq">
<para> <title>dnsmasq</title>
<programlisting> <para>
<programlisting>
{ {
<xref linkend="opt-services.dnsmasq.enable"/> = true; <xref linkend="opt-services.dnsmasq.enable"/> = true;
<xref linkend="opt-services.dnsmasq.servers"/> = [ "127.0.0.1#43" ]; <xref linkend="opt-services.dnsmasq.servers"/> = [ "127.0.0.1#43" ];
} }
</programlisting> </programlisting>
</para> </para>
</sect2> </sect2>
<sect2 xml:id="sec-dnscrypt-proxy-forwarder-unbound"><title>unbound</title> <sect2 xml:id="sec-dnscrypt-proxy-forwarder-unbound">
<para> <title>unbound</title>
<programlisting> <para>
<programlisting>
{ {
<xref linkend="opt-services.unbound.enable"/> = true; <xref linkend="opt-services.unbound.enable"/> = true;
<xref linkend="opt-services.unbound.forwardAddresses"/> = [ "127.0.0.1@43" ]; <xref linkend="opt-services.unbound.forwardAddresses"/> = [ "127.0.0.1@43" ];
} }
</programlisting> </programlisting>
</para> </para>
</sect2> </sect2>
</sect1>
</sect1>
</chapter> </chapter>

View File

@ -95,7 +95,7 @@ in
environment.etc."clamav/freshclam.conf".source = freshclamConfigFile; environment.etc."clamav/freshclam.conf".source = freshclamConfigFile;
environment.etc."clamav/clamd.conf".source = clamdConfigFile; environment.etc."clamav/clamd.conf".source = clamdConfigFile;
systemd.services.clamav-daemon = optionalAttrs cfg.daemon.enable { systemd.services.clamav-daemon = mkIf cfg.daemon.enable {
description = "ClamAV daemon (clamd)"; description = "ClamAV daemon (clamd)";
after = optional cfg.updater.enable "clamav-freshclam.service"; after = optional cfg.updater.enable "clamav-freshclam.service";
requires = optional cfg.updater.enable "clamav-freshclam.service"; requires = optional cfg.updater.enable "clamav-freshclam.service";
@ -116,7 +116,7 @@ in
}; };
}; };
systemd.timers.clamav-freshclam = optionalAttrs cfg.updater.enable { systemd.timers.clamav-freshclam = mkIf cfg.updater.enable {
description = "Timer for ClamAV virus database updater (freshclam)"; description = "Timer for ClamAV virus database updater (freshclam)";
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
@ -125,7 +125,7 @@ in
}; };
}; };
systemd.services.clamav-freshclam = optionalAttrs cfg.updater.enable { systemd.services.clamav-freshclam = mkIf cfg.updater.enable {
description = "ClamAV virus database updater (freshclam)"; description = "ClamAV virus database updater (freshclam)";
restartTriggers = [ freshclamConfigFile ]; restartTriggers = [ freshclamConfigFile ];
@ -137,6 +137,7 @@ in
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = "${pkg}/bin/freshclam"; ExecStart = "${pkg}/bin/freshclam";
SuccessExitStatus = "1"; # if databases are up to date
PrivateTmp = "yes"; PrivateTmp = "yes";
PrivateDevices = "yes"; PrivateDevices = "yes";
}; };

View File

@ -3,28 +3,24 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-services-matomo"> xml:id="module-services-matomo">
<title>Matomo</title>
<title>Matomo</title> <para>
<para> Matomo is a real-time web analytics application. This module configures
Matomo is a real-time web analytics application. php-fpm as backend for Matomo, optionally configuring an nginx vhost as well.
This module configures php-fpm as backend for Matomo, optionally configuring an nginx vhost as well. </para>
</para> <para>
An automatic setup is not suported by Matomo, so you need to configure Matomo
itself in the browser-based Matomo setup.
</para>
<section xml:id="module-services-matomo-database-setup">
<title>Database Setup</title>
<para> <para>
An automatic setup is not suported by Matomo, so you need to configure Matomo itself in the browser-based Matomo setup. You also need to configure a MariaDB or MySQL database and -user for Matomo
</para> yourself, and enter those credentials in your browser. You can use
passwordless database authentication via the UNIX_SOCKET authentication
plugin with the following SQL commands:
<section xml:id="module-services-matomo-database-setup"> <programlisting>
<title>Database Setup</title>
<para>
You also need to configure a MariaDB or MySQL database and -user for Matomo yourself,
and enter those credentials in your browser.
You can use passwordless database authentication via the UNIX_SOCKET authentication plugin
with the following SQL commands:
<programlisting>
# For MariaDB # For MariaDB
INSTALL PLUGIN unix_socket SONAME 'auth_socket'; INSTALL PLUGIN unix_socket SONAME 'auth_socket';
CREATE DATABASE matomo; CREATE DATABASE matomo;
@ -37,59 +33,58 @@
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket; CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
</programlisting> </programlisting>
Then fill in <literal>matomo</literal> as database user and database name,
and leave the password field blank. This authentication works by allowing
only the <literal>matomo</literal> unix user to authenticate as the
<literal>matomo</literal> database user (without needing a password), but no
other users. For more information on passwordless login, see
<link xlink:href="https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/" />.
</para>
Then fill in <literal>matomo</literal> as database user and database name, and leave the password field blank. <para>
This authentication works by allowing only the <literal>matomo</literal> unix user to authenticate as the Of course, you can use password based authentication as well, e.g. when the
<literal>matomo</literal> database user (without needing a password), but no other users. database is not on the same host.
For more information on passwordless login, see </para>
<link xlink:href="https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/" />. </section>
</para> <section xml:id="module-services-matomo-backups">
<title>Backup</title>
<para>
You only need to take backups of your MySQL database and the
<filename>/var/lib/matomo/config/config.ini.php</filename> file. Use a user
in the <literal>matomo</literal> group or root to access the file. For more
information, see
<link xlink:href="https://matomo.org/faq/how-to-install/faq_138/" />.
</para>
</section>
<section xml:id="module-services-matomo-issues">
<title>Issues</title>
<itemizedlist>
<listitem>
<para> <para>
Of course, you can use password based authentication as well, e.g. when the database is not on the same host. Matomo's file integrity check will warn you. This is due to the patches
necessary for NixOS, you can safely ignore this.
</para> </para>
</section> </listitem>
<listitem>
<section xml:id="module-services-matomo-backups">
<title>Backup</title>
<para> <para>
You only need to take backups of your MySQL database and the Matomo will warn you that the JavaScript tracker is not writable. This is
<filename>/var/lib/matomo/config/config.ini.php</filename> file. because it's located in the read-only nix store. You can safely ignore
Use a user in the <literal>matomo</literal> group or root to access the file. this, unless you need a plugin that needs JavaScript tracker access.
For more information, see <link xlink:href="https://matomo.org/faq/how-to-install/faq_138/" />.
</para> </para>
</section> </listitem>
</itemizedlist>
</section>
<section xml:id="module-services-matomo-other-web-servers">
<title>Using other Web Servers than nginx</title>
<para>
<section xml:id="module-services-matomo-issues"> You can use other web servers by forwarding calls for
<title>Issues</title> <filename>index.php</filename> and <filename>piwik.php</filename> to the
<itemizedlist> <literal>/run/phpfpm-matomo.sock</literal> fastcgi unix socket. You can use
<listitem> the nginx configuration in the module code as a reference to what else
<para> should be configured.
Matomo's file integrity check will warn you. </para>
This is due to the patches necessary for NixOS, you can safely ignore this. </section>
</para>
</listitem>
<listitem>
<para>
Matomo will warn you that the JavaScript tracker is not writable.
This is because it's located in the read-only nix store.
You can safely ignore this, unless you need a plugin that needs JavaScript tracker access.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="module-services-matomo-other-web-servers">
<title>Using other Web Servers than nginx</title>
<para>
You can use other web servers by forwarding calls for <filename>index.php</filename> and
<filename>piwik.php</filename> to the <literal>/run/phpfpm-matomo.sock</literal> fastcgi unix socket.
You can use the nginx configuration in the module code as a reference to what else should be configured.
</para>
</section>
</chapter> </chapter>

View File

@ -142,7 +142,10 @@ in
systemd.user.services.dbus.wantedBy = [ "default.target" ]; systemd.user.services.dbus.wantedBy = [ "default.target" ];
programs.dconf.profiles.gdm = "${gdm}/share/dconf/profile/gdm"; programs.dconf.profiles.gdm = pkgs.writeText "dconf-gdm-profile" ''
system-db:local
${gdm}/share/dconf/profile/gdm
'';
# Use AutomaticLogin if delay is zero, because it's immediate. # Use AutomaticLogin if delay is zero, because it's immediate.
# Otherwise with TimedLogin with zero seconds the prompt is still # Otherwise with TimedLogin with zero seconds the prompt is still

View File

@ -46,6 +46,7 @@ let
greeters-directory = ${cfg.greeter.package} greeters-directory = ${cfg.greeter.package}
''} ''}
sessions-directory = ${dmcfg.session.desktops}/share/xsessions sessions-directory = ${dmcfg.session.desktops}/share/xsessions
${cfg.extraConfig}
[Seat:*] [Seat:*]
xserver-command = ${xserverWrapper} xserver-command = ${xserverWrapper}
@ -113,6 +114,15 @@ in
}; };
}; };
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
user-authority-in-system-dir = true
'';
description = "Extra lines to append to LightDM section.";
};
background = mkOption { background = mkOption {
type = types.str; type = types.str;
default = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png"; default = "${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png";

View File

@ -1,7 +1,7 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
{ {
config = lib.mkIf (pkgs.kexectools.meta.available) { config = lib.mkIf (lib.any (lib.meta.platformMatch pkgs.stdenv.hostPlatform) pkgs.kexectools.meta.platforms) {
environment.systemPackages = [ pkgs.kexectools ]; environment.systemPackages = [ pkgs.kexectools ];
systemd.services."prepare-kexec" = systemd.services."prepare-kexec" =

View File

@ -886,6 +886,9 @@ in
#systemd.services.systemd-logind.restartTriggers = [ config.environment.etc."systemd/logind.conf".source ]; #systemd.services.systemd-logind.restartTriggers = [ config.environment.etc."systemd/logind.conf".source ];
systemd.services.systemd-logind.restartIfChanged = false; systemd.services.systemd-logind.restartIfChanged = false;
systemd.services.systemd-logind.stopIfChanged = false; systemd.services.systemd-logind.stopIfChanged = false;
# The user-runtime-dir@ service is managed by systemd-logind we should not touch it or else we break the users' sessions.
systemd.services."user-runtime-dir@".stopIfChanged = false;
systemd.services."user-runtime-dir@".restartIfChanged = false;
systemd.services.systemd-journald.restartTriggers = [ config.environment.etc."systemd/journald.conf".source ]; systemd.services.systemd-journald.restartTriggers = [ config.environment.etc."systemd/journald.conf".source ];
systemd.services.systemd-journald.stopIfChanged = false; systemd.services.systemd-journald.stopIfChanged = false;
systemd.targets.local-fs.unitConfig.X-StopOnReconfiguration = true; systemd.targets.local-fs.unitConfig.X-StopOnReconfiguration = true;

View File

@ -55,7 +55,8 @@ with import ../../lib/qemu-flags.nix { inherit pkgs; };
systemd.services."serial-getty@hvc0".enable = false; systemd.services."serial-getty@hvc0".enable = false;
# Only use a serial console, no TTY. # Only use a serial console, no TTY.
virtualisation.qemu.consoles = [ qemuSerialDevice ]; # hvc1: socket backdoor, see "Debugging NixOS tests" section in NixOS manual
virtualisation.qemu.consoles = [ "hvc1" qemuSerialDevice ];
boot.initrd.preDeviceCommands = boot.initrd.preDeviceCommands =
'' ''

View File

@ -1,10 +1,12 @@
{ nixpkgs ? { outPath = (import ../lib).cleanSource ./..; revCount = 130979; shortRev = "gfedcba"; } with import ../lib;
{ nixpkgs ? { outPath = cleanSource ./..; revCount = 130979; shortRev = "gfedcba"; }
, stableBranch ? false , stableBranch ? false
, supportedSystems ? [ "x86_64-linux" "aarch64-linux" ] , supportedSystems ? [ "x86_64-linux" "aarch64-linux" ]
, configuration ? {}
}: }:
with import ../pkgs/top-level/release-lib.nix { inherit supportedSystems; }; with import ../pkgs/top-level/release-lib.nix { inherit supportedSystems; };
with import ../lib;
let let
@ -51,7 +53,7 @@ let
hydraJob ((import lib/eval-config.nix { hydraJob ((import lib/eval-config.nix {
inherit system; inherit system;
modules = [ module versionModule { isoImage.isoBaseName = "nixos-${type}"; } ]; modules = [ configuration module versionModule { isoImage.isoBaseName = "nixos-${type}"; } ];
}).config.system.build.isoImage); }).config.system.build.isoImage);
@ -62,7 +64,7 @@ let
hydraJob ((import lib/eval-config.nix { hydraJob ((import lib/eval-config.nix {
inherit system; inherit system;
modules = [ module versionModule ]; modules = [ configuration module versionModule ];
}).config.system.build.sdImage); }).config.system.build.sdImage);
@ -75,7 +77,7 @@ let
config = (import lib/eval-config.nix { config = (import lib/eval-config.nix {
inherit system; inherit system;
modules = [ module versionModule ]; modules = [ configuration module versionModule ];
}).config; }).config;
tarball = config.system.build.tarball; tarball = config.system.build.tarball;
@ -95,16 +97,19 @@ let
buildFromConfig = module: sel: forAllSystems (system: hydraJob (sel (import ./lib/eval-config.nix { buildFromConfig = module: sel: forAllSystems (system: hydraJob (sel (import ./lib/eval-config.nix {
inherit system; inherit system;
modules = [ module versionModule ] ++ singleton modules = [ configuration module versionModule ] ++ singleton
({ ... }: ({ ... }:
{ fileSystems."/".device = mkDefault "/dev/sda1"; { fileSystems."/".device = mkDefault "/dev/sda1";
boot.loader.grub.device = mkDefault "/dev/sda"; boot.loader.grub.device = mkDefault "/dev/sda";
}); });
}).config)); }).config));
makeNetboot = config: makeNetboot = { module, system, ... }:
let let
configEvaled = import lib/eval-config.nix config; configEvaled = import lib/eval-config.nix {
inherit system;
modules = [ module versionModule ];
};
build = configEvaled.config.system.build; build = configEvaled.config.system.build;
kernelTarget = configEvaled.pkgs.stdenv.hostPlatform.platform.kernelTarget; kernelTarget = configEvaled.pkgs.stdenv.hostPlatform.platform.kernelTarget;
in in
@ -140,11 +145,8 @@ in rec {
initialRamdisk = buildFromConfig ({ ... }: { }) (config: config.system.build.initialRamdisk); initialRamdisk = buildFromConfig ({ ... }: { }) (config: config.system.build.initialRamdisk);
netboot = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system: makeNetboot { netboot = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system: makeNetboot {
module = ./modules/installer/netboot/netboot-minimal.nix;
inherit system; inherit system;
modules = [
./modules/installer/netboot/netboot-minimal.nix
versionModule
];
}); });
iso_minimal = forAllSystems (system: makeIso { iso_minimal = forAllSystems (system: makeIso {

View File

@ -58,5 +58,9 @@ import ./make-test.nix ({ pkgs, ... }: {
# Ensure Docker images can use an unstable date # Ensure Docker images can use an unstable date
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'"); $docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("[ '1970-01-01T00:00:01Z' != \"\$(docker inspect ${pkgs.dockerTools.examples.unstableDate.imageName} | ${pkgs.jq}/bin/jq -r .[].Created)\" ]"); $docker->succeed("[ '1970-01-01T00:00:01Z' != \"\$(docker inspect ${pkgs.dockerTools.examples.unstableDate.imageName} | ${pkgs.jq}/bin/jq -r .[].Created)\" ]");
# Ensure Layered Docker images work
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layered-image}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-image.imageName}");
''; '';
}) })

View File

@ -14,8 +14,8 @@ in
keys = [ snakeOilPublicKey ]; keys = [ snakeOilPublicKey ];
protocol = "ssh-ng"; protocol = "ssh-ng";
}; };
server.nix.package = pkgs.nixUnstable; server.nix.package = pkgs.nix;
client.nix.package = pkgs.nixUnstable; client.nix.package = pkgs.nix;
}; };
testScript = '' testScript = ''
startAll; startAll;

View File

@ -13,13 +13,10 @@ let
$machine->succeed("[[ \"\$(stat -c %G ${socket})\" == \"${group}\" ]]"); $machine->succeed("[[ \"\$(stat -c %G ${socket})\" == \"${group}\" ]]");
$machine->succeed("[[ \"\$(stat -c %a ${socket})\" == \"${mode}\" ]]"); $machine->succeed("[[ \"\$(stat -c %a ${socket})\" == \"${mode}\" ]]");
''; '';
simple = name: socketActivation: enableIPv6: makeTest { simple = name: enableIPv6: makeTest {
name = "rspamd-${name}"; name = "rspamd-${name}";
machine = { machine = {
services.rspamd = { services.rspamd.enable = true;
enable = true;
socketActivation = socketActivation;
};
networking.enableIPv6 = enableIPv6; networking.enableIPv6 = enableIPv6;
}; };
testScript = '' testScript = ''
@ -32,13 +29,6 @@ let
sleep 10; sleep 10;
$machine->log($machine->succeed("cat /etc/rspamd.conf")); $machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->log($machine->succeed("systemctl cat rspamd.service")); $machine->log($machine->succeed("systemctl cat rspamd.service"));
${if socketActivation then ''
$machine->log($machine->succeed("systemctl cat rspamd-controller-1.socket"));
$machine->log($machine->succeed("systemctl cat rspamd-normal-1.socket"));
'' else ''
$machine->fail("systemctl cat rspamd-controller-1.socket");
$machine->fail("systemctl cat rspamd-normal-1.socket");
''}
$machine->log($machine->succeed("curl http://localhost:11334/auth")); $machine->log($machine->succeed("curl http://localhost:11334/auth"));
$machine->log($machine->succeed("curl http://127.0.0.1:11334/auth")); $machine->log($machine->succeed("curl http://127.0.0.1:11334/auth"));
${optionalString enableIPv6 '' ${optionalString enableIPv6 ''
@ -48,10 +38,8 @@ let
}; };
in in
{ {
simple = simple "simple" false true; simple = simple "simple" true;
ipv4only = simple "ipv4only" false false; ipv4only = simple "ipv4only" false;
simple-socketActivated = simple "simple-socketActivated" true true;
ipv4only-socketActivated = simple "ipv4only-socketActivated" true false;
deprecated = makeTest { deprecated = makeTest {
name = "rspamd-deprecated"; name = "rspamd-deprecated";
machine = { machine = {
@ -68,7 +56,6 @@ in
${checkSocket "/run/rspamd.sock" "root" "root" "600" } ${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" } ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
$machine->log($machine->succeed("cat /etc/rspamd.conf")); $machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->fail("systemctl cat rspamd-normal-1.socket");
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat")); $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping")); $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
''; '';
@ -79,7 +66,6 @@ in
machine = { machine = {
services.rspamd = { services.rspamd = {
enable = true; enable = true;
socketActivation = false;
workers.normal.bindSockets = [{ workers.normal.bindSockets = [{
socket = "/run/rspamd.sock"; socket = "/run/rspamd.sock";
mode = "0600"; mode = "0600";
@ -101,38 +87,6 @@ in
${checkSocket "/run/rspamd.sock" "root" "root" "600" } ${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" } ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
$machine->log($machine->succeed("cat /etc/rspamd.conf")); $machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->fail("systemctl cat rspamd-normal-1.socket");
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
'';
};
socketActivated = makeTest {
name = "rspamd-socketActivated";
machine = {
services.rspamd = {
enable = true;
workers.normal.bindSockets = [{
socket = "/run/rspamd.sock";
mode = "0600";
owner = "root";
group = "root";
}];
workers.controller.bindSockets = [{
socket = "/run/rspamd-worker.sock";
mode = "0666";
owner = "root";
group = "root";
}];
};
};
testScript = ''
startAll
$machine->waitForFile("/run/rspamd.sock");
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->log($machine->succeed("systemctl cat rspamd-normal-1.socket"));
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat")); $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping")); $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
''; '';

View File

@ -1,7 +1,7 @@
let let
version = "2.0.1"; version = "2.0.3";
sha256 = "0rfq0izpswfwbyvr5kb6zjyf6sd7l1706c0sp7ccy6ykdfb4v6zs"; sha256 = "1yf3ln4ksk8613kqkpsh16cj8xwx761q6czy57rs8kfh7pgc2pzb";
cargoSha256 = "1ij17bfwvikqi5aj71j1nwf3jhkf3y9a0kwydajviwal47p9grl9"; cargoSha256 = "1jayk4ngwbg0rv7x1slkl2z46czgy2hnfcxc0dhaz4xpbp2bjqq8";
patches = [ ./patches/vendored-sources-2.0.patch ]; patches = [ ./patches/vendored-sources-2.0.patch ];
in in
import ./parity.nix { inherit version sha256 cargoSha256 patches; } import ./parity.nix { inherit version sha256 cargoSha256 patches; }

View File

@ -1,6 +1,6 @@
let let
version = "1.11.8"; version = "1.11.10";
sha256 = "0qk5vl8ql3pr9pz5iz7whahwqi1fcbsf8kphn6z4grgc87id7b19"; sha256 = "15sk6dvc8h1bdm6v7xlq517km0bakb9f13h1n7ixj311vahnmk15";
cargoSha256 = "0p2idd36cyzp2ax81k533bdma4hz0ws2981qj2s7jnhvmj4941l8"; cargoSha256 = "0p2idd36cyzp2ax81k533bdma4hz0ws2981qj2s7jnhvmj4941l8";
patches = [ ./patches/vendored-sources-1.11.patch ]; patches = [ ./patches/vendored-sources-1.11.patch ];
in in

View File

@ -0,0 +1,28 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
name = "csa-${version}";
version = "0.5.100810";
src = fetchurl {
url = "mirror://sourceforge/csa/${name}.tar.gz";
sha256 = "1syg81dzdil0dyx1mlx1n7if3qsf2iz243p2zv34a1acfqm509r3";
};
# after running either cellular leveler mono or stereo, the other stops working,
# so we remove one of them:
postInstall = "rm $out/lib/ladspa/celllm_3890.*";
meta = with stdenv.lib; {
homepage = https://sourceforge.net/projects/csa/;
description = "A group of LADSPA Audio plugins for FM broadcast and more";
longDescription = ''
CSA means : Contrôle Signal Audio.
It contains the following plugins:
Emphazised Limiter, Cellular Leveler, Simple right/left amplifier. Blind Peak Meter.
'';
license = licenses.gpl3;
maintainers = [ maintainers.magnetophon ];
platforms = platforms.linux;
};
}

View File

@ -4,11 +4,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "puredata-${version}"; name = "puredata-${version}";
version = "0.48-2"; version = "0.49-0";
src = fetchurl { src = fetchurl {
url = "http://msp.ucsd.edu/Software/pd-${version}.src.tar.gz"; url = "http://msp.ucsd.edu/Software/pd-${version}.src.tar.gz";
sha256 = "0p86hncgzkrl437v2wch2fg9iyn6mnrgbn811sh9pwmrjj2f06v8"; sha256 = "18rzqbpgnnvyslap7k0ly87aw1bbxkb0rk5agpr423ibs9slxq6j";
}; };
nativeBuildInputs = [ autoreconfHook gettext makeWrapper ]; nativeBuildInputs = [ autoreconfHook gettext makeWrapper ];
@ -20,11 +20,9 @@ stdenv.mkDerivation rec {
"--enable-jack" "--enable-jack"
"--enable-fftw" "--enable-fftw"
"--disable-portaudio" "--disable-portaudio"
"--disable-oss"
]; ];
# https://github.com/pure-data/pure-data/issues/188
# --disable-oss
postInstall = '' postInstall = ''
wrapProgram $out/bin/pd --prefix PATH : ${tk}/bin wrapProgram $out/bin/pd --prefix PATH : ${tk}/bin
''; '';

View File

@ -0,0 +1,39 @@
{ stdenv, fetchFromGitHub, makeWrapper
, flac, sox }:
stdenv.mkDerivation rec {
name = "redoflacs-${version}";
version = "0.30.20150202";
src = fetchFromGitHub {
owner = "sirjaren";
repo = "redoflacs";
rev = "86c6f5becca0909dcb2a0cb9ed747a575d7a4735";
sha256 = "1gzlmh4vnf2fl0x8ig2n1f76082ngldsv85i27dv15y2m1kffw2j";
};
dontBuild = true;
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
runHook preInstall
install -Dm755 -t $out/bin redoflacs
install -Dm644 -t $out/share/doc/redoflacs LICENSE *.md
runHook postInstall
'';
postFixup = ''
wrapProgram $out/bin/redoflacs \
--prefix PATH : ${stdenv.lib.makeBinPath [ flac sox ]}
'';
meta = with stdenv.lib; {
description = "Parallel BASH commandline FLAC compressor, verifier, organizer, analyzer, and retagger";
homepage = src.meta.homepage;
license = licenses.gpl2;
platforms = platforms.all;
};
}

View File

@ -9,14 +9,14 @@
let let
ver_branch = "2.0"; ver_branch = "2.0";
version = "2.0.5"; version = "2.0.6";
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "lightdm-gtk-greeter-${version}"; name = "lightdm-gtk-greeter-${version}";
src = fetchurl { src = fetchurl {
url = "${meta.homepage}/${ver_branch}/${version}/+download/${name}.tar.gz"; url = "${meta.homepage}/${ver_branch}/${version}/+download/${name}.tar.gz";
sha256 = "1pw70db8320wvkhkrw4i2qprxlrqy3jmb6yrr4bm3lgrizahiijx"; sha256 = "1pis5qyg95pg31dvnfqq34bzgj00hg4vs547r8h60lxjk81z8p15";
}; };
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];

View File

@ -8,19 +8,15 @@ let
inherit (gnome2) GConf gnome_vfs; inherit (gnome2) GConf gnome_vfs;
}; };
stableVersion = { stableVersion = {
version = "3.1.4.0"; # "Android Studio 3.1.4" version = "3.2.0.26"; # "Android Studio 3.2.0"
build = "173.4907809"; build = "181.5014246";
sha256Hash = "0xx6yprylmcb32ipmwdcfkgddlm1nrxi1w68miclvgrbk015brf2"; sha256Hash = "0v1a3b0n8dq5p8f6jap2ypqw724v61ki31qhqmh9hn36mn6d8wg6";
};
betaVersion = {
version = "3.2.0.25"; # "Android Studio 3.2 RC 3"
build = "181.4987877";
sha256Hash = "0mriakxxchc0wbqkl236pp4fsqbq3gb2qrkdg5hx9zz763dc59gp";
}; };
betaVersion = stableVersion;
latestVersion = { # canary & dev latestVersion = { # canary & dev
version = "3.3.0.10"; # "Android Studio 3.3 Canary 11" version = "3.3.0.11"; # "Android Studio 3.3 Canary 12"
build = "182.5012296"; build = "182.5026711";
sha256Hash = "0gqwf904y2pvp10l96gr055gjl1zf9pkb7840abqhl26liliwdm4"; sha256Hash = "0k1f8yw3gdil78iqxlwhbz71w1307hwwf8z9m7hs0v9b4ri6x2wk";
}; };
in rec { in rec {
# Old alias # Old alias

View File

@ -73,13 +73,13 @@ let
}; };
in stdenv.lib.mapAttrs common { in stdenv.lib.mapAttrs common {
atom = { atom = {
version = "1.30.0"; version = "1.31.0";
sha256 = "1hqizfn9c249l51rlpfgk0h374maqgw6pagswlh4xa278qzb6qzs"; sha256 = "184vsj7qcpzwiq2v5kh8i21wfzhinhybxmr71y41sjqp78s2gy57";
}; };
atom-beta = { atom-beta = {
version = "1.31.0"; version = "1.32.0";
beta = 0; beta = 0;
sha256 = "11nlaz89rg6lgzsxp83qdqk4bnn2cij2p5aqjd9a3phd7v70xmy5"; sha256 = "12k5cn70a0diyaqbmq6s6l2sbi9i3d9p7i38qnm97lnw0y1kh0jm";
}; };
} }

View File

@ -96,22 +96,7 @@ rec {
### Eclipse Platform ### Eclipse Platform
eclipse-platform = eclipse-platform-48; # always point to latest eclipse-platform = eclipse-platform-49; # always point to latest
eclipse-platform-46 = buildEclipse {
name = "eclipse-platform-4.6.2";
description = "Eclipse Platform Neon 2";
sources = {
"x86_64-linux" = fetchurl {
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.6.2-201611241400/eclipse-platform-4.6.2-linux-gtk-x86_64.tar.gz;
sha256 = "1fmpirjkp210angyfz3nr5jp58snjy6784zkkbmdxkiyg9kg2wqq";
};
"i686-linux" = fetchurl {
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.6.2-201611241400/eclipse-platform-4.6.2-linux-gtk.tar.gz;
sha256 = "0274g6ypiqsqkch10868ygbm6avc5pa57saz9wd196kdivl1bdpm";
};
};
};
eclipse-platform-47 = buildEclipse { eclipse-platform-47 = buildEclipse {
name = "eclipse-platform-4.7.3a"; name = "eclipse-platform-4.7.3a";
@ -143,6 +128,21 @@ rec {
}; };
}; };
eclipse-platform-49 = buildEclipse {
name = "eclipse-platform-4.9";
description = "Eclipse Platform 2018-09";
sources = {
"x86_64-linux" = fetchurl {
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.9-201809060745/eclipse-platform-4.9-linux-gtk-x86_64.tar.gz;
sha512 = "875714bb411145c917fccedf2f7c4fd2757640b2debf4a18f775604233abd6f0da893b350cc03da44413d7ec6fae3f773ef08634e632058e4b705e6cda2893eb";
};
"i686-linux" = fetchurl {
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.9-201809060745/eclipse-platform-4.9-linux-gtk.tar.gz;
sha512 = "758bc0de30fa5c4b76b343ea0325611d87b6928ef5002244f2f1ba2a9fa937de89b2a94ce2c8d33d79344fd574d6e8a72c5d127fe416d785f48600e9e85fce86";
};
};
};
### Eclipse Scala SDK ### Eclipse Scala SDK
eclipse-scala-sdk = eclipse-scala-sdk-441; # always point to latest eclipse-scala-sdk = eclipse-scala-sdk-441; # always point to latest
@ -165,22 +165,7 @@ rec {
### Eclipse SDK ### Eclipse SDK
eclipse-sdk = eclipse-sdk-48; # always point to latest eclipse-sdk = eclipse-sdk-49; # always point to latest
eclipse-sdk-46 = buildEclipse {
name = "eclipse-sdk-4.6.2";
description = "Eclipse Neon 2 Classic";
sources = {
"x86_64-linux" = fetchurl {
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.6.2-201611241400/eclipse-SDK-4.6.2-linux-gtk-x86_64.tar.gz;
sha256 = "0g3nk1gcz178j8xk6nblkfsaysm8gq8101383fx60x6w25rdfgjb";
};
"i686-linux" = fetchurl {
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.6.2-201611241400/eclipse-SDK-4.6.2-linux-gtk.tar.gz;
sha256 = "09wlkcxs5h3j8habqxgr4all99vkgmyixc0vr9dj3qs0kl85k5mz";
};
};
};
eclipse-sdk-47 = buildEclipse { eclipse-sdk-47 = buildEclipse {
name = "eclipse-sdk-4.7.3a"; name = "eclipse-sdk-4.7.3a";
@ -212,6 +197,21 @@ rec {
}; };
}; };
eclipse-sdk-49 = buildEclipse {
name = "eclipse-sdk-4.9";
description = "Eclipse 2018-09 Classic";
sources = {
"x86_64-linux" = fetchurl {
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.9-201809060745/eclipse-SDK-4.9-linux-gtk-x86_64.tar.gz;
sha512 = "5e74a0411f56b3973b7c6d8c3727392297d55ad458a814b4cc3f2f6a57dbeebc64852d1a6a958db5c3b08c620093bfb5bcc0d2c6a400f5594b82c2ef5d5fa9fb";
};
"i686-linux" = fetchurl {
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.9-201809060745/eclipse-SDK-4.9-linux-gtk.tar.gz;
sha512 = "b1861bd99c8e43f1d04247226584246aa7844af5e2da820fe98a51018dbe8ff4c25dbb9fa655f56e103f95c0696f40a65dcce13430c63aa080f786738e70eb8b";
};
};
};
eclipse-sdk-37 = buildEclipse { eclipse-sdk-37 = buildEclipse {
name = "eclipse-sdk-3.7"; name = "eclipse-sdk-3.7";
description = "Eclipse Classic"; description = "Eclipse Classic";

View File

@ -470,12 +470,12 @@ rec {
jdt = buildEclipseUpdateSite rec { jdt = buildEclipseUpdateSite rec {
name = "jdt-${version}"; name = "jdt-${version}";
version = "4.8"; version = "4.9";
src = fetchzip { src = fetchzip {
stripRoot = false; stripRoot = false;
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.8-201806110500/org.eclipse.jdt-4.8.zip; url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.9-201809060745/org.eclipse.jdt-4.9.zip;
sha256 = "1my0d1114mx5gzxmwqlx0rcny39ly97ixlwx53ljk6qcryhdnr88"; sha256 = "144rqrw0crxd2v862dqxm2p5y60n4pbzdryv709xnhcw54rycm7n";
}; };
meta = with stdenv.lib; { meta = with stdenv.lib; {

View File

@ -59,8 +59,11 @@ self:
inherit (self.melpaPackages) easy-kill; inherit (self.melpaPackages) easy-kill;
}; };
# missing git egg = super.egg.overrideAttrs (attrs: {
egg = markBroken super.egg; # searches for Git at build time
nativeBuildInputs =
(attrs.nativeBuildInputs or []) ++ [ external.git ];
});
# upstream issue: missing file header # upstream issue: missing file header
elmine = markBroken super.elmine; elmine = markBroken super.elmine;
@ -146,6 +149,18 @@ self:
(attrs.nativeBuildInputs or []) ++ [ external.git ]; (attrs.nativeBuildInputs or []) ++ [ external.git ];
}); });
magithub = super.magithub.overrideAttrs (attrs: {
# searches for Git at build time
nativeBuildInputs =
(attrs.nativeBuildInputs or []) ++ [ external.git ];
});
magit-svn = super.magit-svn.overrideAttrs (attrs: {
# searches for Git at build time
nativeBuildInputs =
(attrs.nativeBuildInputs or []) ++ [ external.git ];
});
magit-todos = super.magit-todos.overrideAttrs (attrs: { magit-todos = super.magit-todos.overrideAttrs (attrs: {
# searches for Git at build time # searches for Git at build time
nativeBuildInputs = nativeBuildInputs =

View File

@ -1,4 +1,4 @@
{stdenv, fetchurl, fltk13, ghostscript}: { stdenv, fetchurl, fltk13, ghostscript, xlibs }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "flpsed-${version}"; name = "flpsed-${version}";
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
description = "WYSIWYG PostScript annotator"; description = "WYSIWYG PostScript annotator";
homepage = http://flpsed.org/flpsed.html; homepage = http://flpsed.org/flpsed.html;
license = licenses.gpl3; license = licenses.gpl3;
platforms = platforms.mesaPlatforms; platforms = platforms.linux;
maintainers = with maintainers; [ fuuzetsu ]; maintainers = with maintainers; [ fuuzetsu ];
}; };
} }

View File

@ -26,7 +26,7 @@ with stdenv; lib.makeOverridable mkDerivation rec {
''; '';
}; };
buildInputs = [ makeWrapper patchelf p7zip unzip ]; nativeBuildInputs = [ makeWrapper patchelf p7zip unzip ];
patchPhase = '' patchPhase = ''
get_file_size() { get_file_size() {

View File

@ -130,7 +130,8 @@ let
longDescription = '' longDescription = ''
IDE for Java SE, Groovy & Scala development Powerful IDE for Java SE, Groovy & Scala development Powerful
environment for building Google Android apps Integration environment for building Google Android apps Integration
with JUnit, TestNG, popular SCMs, Ant & Maven. with JUnit, TestNG, popular SCMs, Ant & Maven. Also known
as IntelliJ.
''; '';
maintainers = with maintainers; [ edwtjo ]; maintainers = with maintainers; [ edwtjo ];
platforms = platforms.linux; platforms = platforms.linux;

View File

@ -2,7 +2,7 @@
gtk2, wrapGAppsHook, libXScrnSaver, libxkbfile, libsecret }: gtk2, wrapGAppsHook, libXScrnSaver, libxkbfile, libsecret }:
let let
version = "1.26.1"; version = "1.27.2";
channel = "stable"; channel = "stable";
plat = { plat = {
@ -12,9 +12,9 @@ let
}.${stdenv.hostPlatform.system}; }.${stdenv.hostPlatform.system};
sha256 = { sha256 = {
"i686-linux" = "1g7kqbz6mrf8ngx2bnwpi9fifq5rjznxgsgwjb532z3nh92ypa8n"; "i686-linux" = "33704d089b03c636e8c46d434068c97b66e5a9d323b991bd327067aa90e87afa";
"x86_64-linux" = "02yldycakn5zxj1ji4nmhdyazqlkjqpzdj3g8j501c3j28pgiwjy"; "x86_64-linux" = "11023c652dd89bde1b7fbc8a7dc04fd4f87df3bfe6952a1c0ad75ab861e3196d";
"x86_64-darwin" = "0pnsfkh20mj7pzqw7wlfd98jqc6a1mnsq1iira15n7fafqgj8zpl"; "x86_64-darwin" = "d1f2d046775406e6f339883dab432fcaa149e763ccfcd017556a46e890de6476";
}.${stdenv.hostPlatform.system}; }.${stdenv.hostPlatform.system};
archive_fmt = if stdenv.hostPlatform.system == "x86_64-darwin" then "zip" else "tar.gz"; archive_fmt = if stdenv.hostPlatform.system == "x86_64-darwin" then "zip" else "tar.gz";

View File

@ -6,11 +6,11 @@
mkDerivation rec { mkDerivation rec {
name = "kgraphviewer-${version}"; name = "kgraphviewer-${version}";
version = "2.4.2"; version = "2.4.3";
src = fetchurl { src = fetchurl {
url = "mirror://kde/stable/kgraphviewer/${version}/${name}.tar.xz"; url = "mirror://kde/stable/kgraphviewer/${version}/${name}.tar.xz";
sha256 = "1jc5zfgy4narwgn7rscfwz7l5pjy0jghal6yb3kd4sfadi78nhs9"; sha256 = "1h6pgg89gvxl8gw7wmkabyqqrzad5pxyv5lsmn1fl4ir8lcc5q2l";
}; };
buildInputs = [ buildInputs = [

View File

@ -4,13 +4,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "openimageio-${version}"; name = "openimageio-${version}";
version = "1.8.9"; version = "1.8.14";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "OpenImageIO"; owner = "OpenImageIO";
repo = "oiio"; repo = "oiio";
rev = "Release-${version}"; rev = "Release-${version}";
sha256 = "0xyfb41arvi3cc5jvgj2m8skzjrb0xma8sml74svygjgagxfj65h"; sha256 = "07axn7bziy9h5jawpwcchag0nkczivaajsw69mxgmr508gw9r0xn";
}; };
outputs = [ "bin" "out" "dev" "doc" ]; outputs = [ "bin" "out" "dev" "doc" ];

View File

@ -1,6 +1,6 @@
{ stdenv, { stdenv,
lib, lib,
fetchFromGitHub, fetchgit,
rustPlatform, rustPlatform,
cmake, cmake,
makeWrapper, makeWrapper,
@ -50,17 +50,19 @@ let
OpenGL OpenGL
]; ];
in buildRustPackage rec { in buildRustPackage rec {
name = "alacritty-${version}"; name = "alacritty-unstable-${version}";
version = "0.2.0"; version = "0.2.0";
src = fetchFromGitHub { # At the moment we cannot handle git dependencies in buildRustPackage.
owner = "jwilm"; # This fork only replaces rust-fontconfig/libfontconfig with a git submodules.
repo = "alacritty"; src = fetchgit {
rev = "v${version}"; url = https://github.com/Mic92/alacritty.git;
sha256 = "11z7diji64x6n3m5m2d0a9215aajg7mpklflvpwrglmghnvi74y6"; rev = "rev-${version}";
sha256 = "1c9izflacm693rwkxwakxgnpkvxwc8mqasr5p7x0ys6xg91h9sxn";
fetchSubmodules = true;
}; };
cargoSha256 = "0ms0248bb2lgbzcqks6i0qhn1gaiim3jf1kl17qw52c8an3rc652"; cargoSha256 = "1ijgkwv9ij4haig1h6n2b9xbhp5vahy9vp1sx72wxaaj9476msjx";
nativeBuildInputs = [ nativeBuildInputs = [
cmake cmake
@ -117,5 +119,6 @@ in buildRustPackage rec {
homepage = https://github.com/jwilm/alacritty; homepage = https://github.com/jwilm/alacritty;
license = with licenses; [ asl20 ]; license = with licenses; [ asl20 ];
maintainers = with maintainers; [ mic92 ]; maintainers = with maintainers; [ mic92 ];
platforms = [ "x86_64-linux" "x86_64-darwin" ];
}; };
} }

View File

@ -3,11 +3,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "chirp-daily-${version}"; name = "chirp-daily-${version}";
version = "20180815"; version = "20180906";
src = fetchurl { src = fetchurl {
url = "https://trac.chirp.danplanet.com/chirp_daily/daily-${version}/${name}.tar.gz"; url = "https://trac.chirp.danplanet.com/chirp_daily/daily-${version}/${name}.tar.gz";
sha256 = "0z3jh9sbszs8x0xjmkgxa3b1xnw3w9b13pml4i5apx3mj171npyv"; sha256 = "00cq15892p46z1j1fl2pd17y7k4rc6cfz7gaxb446mshxrvbfgam";
}; };
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];

View File

@ -34,6 +34,7 @@ python3Packages.buildPythonApplication rec {
# plugins # plugins
keepkey keepkey
trezor trezor
btchip
]; ];
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];

View File

@ -41,10 +41,10 @@ python3Packages.buildPythonApplication rec {
# plugins # plugins
keepkey keepkey
trezor trezor
btchip
# TODO plugins # TODO plugins
# amodem # amodem
# btchip
]; ];
preBuild = '' preBuild = ''

View File

@ -33,14 +33,14 @@ let
}; };
in with py.pkgs; buildPythonApplication rec { in with py.pkgs; buildPythonApplication rec {
version = "3.4.0"; version = "4.0.0a4";
name = "gcalcli-${version}"; name = "gcalcli-${version}";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "insanum"; owner = "insanum";
repo = "gcalcli"; repo = "gcalcli";
rev = "v${version}"; rev = "v${version}";
sha256 = "171awccgnmfv4j7m2my9387sjy60g18kzgvscl6pzdid9fn9rrm8"; sha256 = "00giq5cdigidzv5bz4wgzi1yp6xlf2rdcy6ynmsc6bcf0cl5x64d";
}; };
propagatedBuildInputs = [ propagatedBuildInputs = [
@ -55,7 +55,7 @@ in with py.pkgs; buildPythonApplication rec {
"command = '${libnotify}/bin/notify-send -i view-calendar-upcoming-events -u critical -a Calendar %s'" "command = '${libnotify}/bin/notify-send -i view-calendar-upcoming-events -u critical -a Calendar %s'"
''; '';
# There are no tests as of 3.4.0 # There are no tests as of 4.0.0a4
doCheck = false; doCheck = false;
meta = with lib; { meta = with lib; {

View File

@ -26,13 +26,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "gnuradio-${version}"; name = "gnuradio-${version}";
version = "3.7.13.3"; version = "3.7.13.4";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "gnuradio"; owner = "gnuradio";
repo = "gnuradio"; repo = "gnuradio";
rev = "v${version}"; rev = "v${version}";
sha256 = "1qpa53axqavdv2ykby7rwh7xmhvv964xq1d7rcvbwkry7dngrbib"; sha256 = "0ybfn2zfr9lc1bi3c794l4bzpj8y6vas9c4rbcj4nqlx0zf3p8fn";
fetchSubmodules = true; fetchSubmodules = true;
}; };

View File

@ -1,8 +1,19 @@
{ stdenv, fetchurl { stdenv, fetchurl
, qtbase, qtsvg, qtserialport, qtwebkit, qtmultimedia, qttools, qtconnectivity , qtbase, qtsvg, qtserialport, qtwebkit, qtmultimedia, qttools, qtconnectivity
, yacc, flex, zlib, qmake, makeWrapper , yacc, flex, zlib, qmake, makeDesktopItem, makeWrapper
}: }:
stdenv.mkDerivation rec {
let
desktopItem = makeDesktopItem {
name = "goldencheetah";
exec = "GoldenCheetah";
icon = "goldencheetah";
desktopName = "GoldenCheetah";
genericName = "GoldenCheetah";
comment = "Performance software for cyclists, runners and triathletes";
categories = "Application;Utility;";
};
in stdenv.mkDerivation rec {
name = "golden-cheetah-${version}"; name = "golden-cheetah-${version}";
version = "3.4"; version = "3.4";
src = fetchurl { src = fetchurl {
@ -27,6 +38,8 @@ stdenv.mkDerivation rec {
mkdir -p $out/bin mkdir -p $out/bin
cp src/GoldenCheetah $out/bin cp src/GoldenCheetah $out/bin
wrapProgram $out/bin/GoldenCheetah --set LD_LIBRARY_PATH "${zlib.out}/lib" wrapProgram $out/bin/GoldenCheetah --set LD_LIBRARY_PATH "${zlib.out}/lib"
install -Dm644 "${desktopItem}/share/applications/"* -t $out/share/applications/
install -Dm644 src/Resources/images/gc.png $out/share/pixmaps/goldencheetah.png
runHook postInstall runHook postInstall
''; '';

View File

@ -11,22 +11,22 @@ GEM
diff-lcs (~> 1.1) diff-lcs (~> 1.1)
mime-types (>= 1.16) mime-types (>= 1.16)
posix-spawn (~> 0.3) posix-spawn (~> 0.3)
gollum (4.1.3) gollum (4.1.4)
gemojione (~> 3.2) gemojione (~> 3.2)
gollum-lib (>= 4.2.9) gollum-lib (~> 4.2, >= 4.2.10)
kramdown (~> 1.9.0) kramdown (~> 1.9.0)
mustache (>= 0.99.5, < 1.0.0) mustache (>= 0.99.5, < 1.0.0)
sinatra (~> 1.4, >= 1.4.4) sinatra (~> 1.4, >= 1.4.4)
useragent (~> 0.16.2) useragent (~> 0.16.2)
gollum-grit_adapter (1.0.1) gollum-grit_adapter (1.0.1)
gitlab-grit (~> 2.7, >= 2.7.1) gitlab-grit (~> 2.7, >= 2.7.1)
gollum-lib (4.2.9) gollum-lib (4.2.10)
gemojione (~> 3.2) gemojione (~> 3.2)
github-markup (~> 1.6) github-markup (~> 1.6)
gollum-grit_adapter (~> 1.0) gollum-grit_adapter (~> 1.0)
nokogiri (>= 1.6.1, < 2.0) nokogiri (>= 1.6.1, < 2.0)
rouge (~> 2.1) rouge (~> 2.1)
sanitize (~> 2.1) sanitize (~> 2.1.1, >= 2.1.1)
stringex (~> 2.6) stringex (~> 2.6)
twitter-text (= 1.14.7) twitter-text (= 1.14.7)
json (2.1.0) json (2.1.0)
@ -43,7 +43,7 @@ GEM
rack-protection (1.5.5) rack-protection (1.5.5)
rack rack
rouge (2.2.1) rouge (2.2.1)
sanitize (2.1.0) sanitize (2.1.1)
nokogiri (>= 1.4.4) nokogiri (>= 1.4.4)
sinatra (1.4.8) sinatra (1.4.8)
rack (~> 1.5) rack (~> 1.5)

View File

@ -45,10 +45,10 @@
dependencies = ["gemojione" "gollum-lib" "kramdown" "mustache" "sinatra" "useragent"]; dependencies = ["gemojione" "gollum-lib" "kramdown" "mustache" "sinatra" "useragent"];
source = { source = {
remotes = ["https://rubygems.org"]; remotes = ["https://rubygems.org"];
sha256 = "1146irmnm0xyzjzw8k14wvb6h4cqh4q53ds92wk6jpsfs6r1pjq6"; sha256 = "0ik1b0f73lcxfwfml1h84dp6br79g0z9v6x54wvl46n9d1ndrhl7";
type = "gem"; type = "gem";
}; };
version = "4.1.3"; version = "4.1.4";
}; };
gollum-grit_adapter = { gollum-grit_adapter = {
dependencies = ["gitlab-grit"]; dependencies = ["gitlab-grit"];
@ -63,10 +63,10 @@
dependencies = ["gemojione" "github-markup" "gollum-grit_adapter" "nokogiri" "rouge" "sanitize" "stringex" "twitter-text"]; dependencies = ["gemojione" "github-markup" "gollum-grit_adapter" "nokogiri" "rouge" "sanitize" "stringex" "twitter-text"];
source = { source = {
remotes = ["https://rubygems.org"]; remotes = ["https://rubygems.org"];
sha256 = "1w48mrjgy4ykd1ix421n96nx0w15iid2aj3sgglpl3bdkizxhfqj"; sha256 = "1699wiir6f2a8yawk3qg0xn3zdc10mz783v53ri1ivfnzdrm3dvf";
type = "gem"; type = "gem";
}; };
version = "4.2.9"; version = "4.2.10";
}; };
json = { json = {
source = { source = {
@ -163,10 +163,10 @@
dependencies = ["nokogiri"]; dependencies = ["nokogiri"];
source = { source = {
remotes = ["https://rubygems.org"]; remotes = ["https://rubygems.org"];
sha256 = "0xsv6xqrlz91rd8wifjknadbl3z5h6qphmxy0hjb189qbdghggn3"; sha256 = "12ip1d80r0dgc621qn7c32bk12xxgkkg3w6q21s1ckxivcd7r898";
type = "gem"; type = "gem";
}; };
version = "2.1.0"; version = "2.1.1";
}; };
sinatra = { sinatra = {
dependencies = ["rack" "rack-protection" "tilt"]; dependencies = ["rack" "rack-protection" "tilt"];

View File

@ -1,14 +1,14 @@
{stdenv, fetchFromGitHub, python}: {stdenv, fetchFromGitHub, python}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "3.6"; version = "3.7";
name = "googler-${version}"; name = "googler-${version}";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "jarun"; owner = "jarun";
repo = "googler"; repo = "googler";
rev = "v${version}"; rev = "v${version}";
sha256 = "1j1755b9mfmkqkgjrlsi4wr82352pqc9rfyalammqn6qrm3v3lb6"; sha256 = "0dxg849ckyy181zlrb57hd959cgvx105c35ksmvi4wl285sh5kpj";
}; };
propagatedBuildInputs = [ python ]; propagatedBuildInputs = [ python ];

View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "gpxsee-${version}"; name = "gpxsee-${version}";
version = "5.17"; version = "5.18";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "tumic0"; owner = "tumic0";
repo = "GPXSee"; repo = "GPXSee";
rev = version; rev = version;
sha256 = "0fr835glvwnpq6sy181z0gskvwfrmvh7115r3d92xy71v8b1l5ib"; sha256 = "0dl10fr881b8fwf2yj14bd6gagb8hm0s46q18y2y56rw98nk4vrq";
}; };
nativeBuildInputs = [ qmake ]; nativeBuildInputs = [ qmake ];

View File

@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
sha256 = "1wp22wm7smlsb25x0cck4p660cycfczxj381930crd1qrf68mw4h"; sha256 = "1wp22wm7smlsb25x0cck4p660cycfczxj381930crd1qrf68mw4h";
}; };
buildInputs = [ patchelf makeWrapper ]; nativeBuildInputs = [ patchelf makeWrapper ];
buildPhase = with xorg; '' buildPhase = with xorg; ''
patchelf --set-rpath "${stdenv.lib.makeLibraryPath [ libX11 libXext libXrender libXtst libXi ]}" ./jre/lib/amd64/xawt/libmawt.so patchelf --set-rpath "${stdenv.lib.makeLibraryPath [ libX11 libXext libXrender libXtst libXi ]}" ./jre/lib/amd64/xawt/libmawt.so

View File

@ -3,11 +3,11 @@
with builtins; buildDotnetPackage rec { with builtins; buildDotnetPackage rec {
baseName = "keepass"; baseName = "keepass";
version = "2.39.1"; version = "2.40";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/keepass/KeePass-${version}-Source.zip"; url = "mirror://sourceforge/keepass/KeePass-${version}-Source.zip";
sha256 = "0y69w9zzxqj7xrn632bw6bibrknjbx1k3qcvi9axn67sqmzaka00"; sha256 = "1gldl74wz2lvsci6rn71d6q1zmnhr52z6fjib9nsragsazq5byz9";
}; };
sourceRoot = "."; sourceRoot = ".";

View File

@ -40,6 +40,10 @@ in with python.pkgs; buildPythonApplication rec {
unidecode unidecode
]; ];
postInstall = ''
install -D misc/zsh/_khard $out/share/zsh/site-functions/
'';
# Fails; but there are no tests anyway. # Fails; but there are no tests anyway.
doCheck = false; doCheck = false;

View File

@ -7,7 +7,7 @@
with python3Packages; with python3Packages;
buildPythonApplication rec { buildPythonApplication rec {
version = "0.12.0"; version = "0.12.3";
name = "kitty-${version}"; name = "kitty-${version}";
format = "other"; format = "other";
@ -15,7 +15,7 @@ buildPythonApplication rec {
owner = "kovidgoyal"; owner = "kovidgoyal";
repo = "kitty"; repo = "kitty";
rev = "v${version}"; rev = "v${version}";
sha256 = "1n2pi9pc903inls1fvz257q7wpif76rj394qkgq7pixpisijdyjm"; sha256 = "1nhk8pbwr673gw9qjgca4lzjgp8rw7sf99ra4wsh8jplf3kvgq5c";
}; };
buildInputs = [ buildInputs = [
@ -33,8 +33,8 @@ buildPythonApplication rec {
--replace "find_library('startup-notification-1')" "'${libstartup_notification}/lib/libstartup-notification-1.so'" --replace "find_library('startup-notification-1')" "'${libstartup_notification}/lib/libstartup-notification-1.so'"
substituteInPlace docs/Makefile \ substituteInPlace docs/Makefile \
--replace 'python3 .. +launch $(shell which sphinx-build)' \ --replace 'python3 .. +launch :sphinx-build' \
'PYTHONPATH=$PYTHONPATH:.. HOME=$TMPDIR/nowhere $(shell which sphinx-build)' 'PYTHONPATH=$PYTHONPATH:.. HOME=$TMPDIR/nowhere sphinx-build'
''; '';
buildPhase = '' buildPhase = ''

View File

@ -2,11 +2,11 @@
, desktop-file-utils, libSM, imagemagick }: , desktop-file-utils, libSM, imagemagick }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "18.08"; version = "18.08.1";
name = "mediainfo-gui-${version}"; name = "mediainfo-gui-${version}";
src = fetchurl { src = fetchurl {
url = "https://mediaarea.net/download/source/mediainfo/${version}/mediainfo_${version}.tar.xz"; url = "https://mediaarea.net/download/source/mediainfo/${version}/mediainfo_${version}.tar.xz";
sha256 = "0l4bhrgwfn3da6cr0jz5vs17sk7k0bc26nk7hymv04xifns5999n"; sha256 = "0rq2dczjq26g5i0ac8px7xmxjvqq4h0rzd97fy5824yb2c5ksxs9";
}; };
nativeBuildInputs = [ autoreconfHook pkgconfig ]; nativeBuildInputs = [ autoreconfHook pkgconfig ];

View File

@ -0,0 +1,21 @@
{ stdenv, fetchurl, pythonPackages }:
pythonPackages.buildPythonApplication rec {
name = "menumaker-${version}";
version = "0.99.10";
src = fetchurl {
url = "mirror://sourceforge/menumaker/${name}.tar.gz";
sha256 = "1mm4cvg3kphkkd8nwrhcg6d9nm5ar7mgc0wf6fxk6zck1l7xn8ky";
};
format = "other";
meta = with stdenv.lib; {
description = "Heuristics-driven menu generator for several window managers";
homepage = http://menumaker.sourceforge.net;
license = licenses.bsd2;
platforms = platforms.unix;
maintainers = [ maintainers.romildo ];
};
}

View File

@ -0,0 +1,44 @@
{ stdenv, fetchFromGitHub, python2Packages }:
stdenv.mkDerivation rec {
name = "neap-${version}";
version = "0.7.2";
src = fetchFromGitHub {
owner = "vzxwco";
repo = "neap";
rev = "v${version}";
sha256 = "04da8rq23rl1qcvrdm5m3l90xbwyli7x601sckv7hmkip2q3g1kz";
};
nativeBuildInputs = [
python2Packages.wrapPython
];
buildInputs = [
python2Packages.python
];
pythonPath = [
python2Packages.xlib
python2Packages.pygtk
];
installPhase = ''
install -D -t $out/bin neap
install -D -t $out/share/man/man1 neap.1
install -D -t $out/share/applications neap.desktop
'';
postFixup = ''
wrapPythonPrograms
'';
meta = with stdenv.lib; {
description = "Systray workspace pager";
homepage = https://github.com/vzxwco/neap;
license = licenses.bsd2;
platforms = platforms.unix;
maintainers = [ maintainers.romildo ];
};
}

View File

@ -3,11 +3,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "netsurf-buildsystem-${version}"; name = "netsurf-buildsystem-${version}";
version = "1.6"; version = "1.7";
src = fetchurl { src = fetchurl {
url = "http://download.netsurf-browser.org/libs/releases/buildsystem-${version}.tar.gz"; url = "http://download.netsurf-browser.org/libs/releases/buildsystem-${version}.tar.gz";
sha256 = "0p5k708lcq8dip9xxck6hml32bjrbyipprm22bbsvdnsc0pqm71x"; sha256 = "1q23aaycv35ma5471l1gxib8lfq2s9kprrkaqgfc926d04rlbmhw";
}; };
makeFlags = [ makeFlags = [

View File

@ -0,0 +1,20 @@
diff -Naur org.kde.plasma.volumewin7mixer/CMakeLists.txt org.kde.plasma.volumewin7mixer.patch/CMakeLists.txt
--- org.kde.plasma.volumewin7mixer/CMakeLists.txt 1970-01-01 01:00:00.000000000 +0100
+++ org.kde.plasma.volumewin7mixer.patch/CMakeLists.txt 2016-04-19 11:23:35.137866949 +0200
@@ -0,0 +1,15 @@
+# Set minimum CMake version (required for CMake 3.0 or later)
+cmake_minimum_required(VERSION 2.8.12)
+
+# Use Extra CMake Modules (ECM) for common functionality.
+# See http://api.kde.org/ecm/manual/ecm.7.html
+# and http://api.kde.org/ecm/manual/ecm-kde-modules.7.html
+find_package(ECM REQUIRED NO_MODULE)
+# Needed by find_package(KF5Plasma) below.
+set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH} ${ECM_KDE_MODULE_DIR} ${CMAKE_MODULE_PATH})
+
+# Locate plasma_install_package macro.
+find_package(KF5Plasma REQUIRED)
+
+# Add installatation target ("make install").
+plasma_install_package(package org.kde.plasma.volumewin7mixer)

View File

@ -0,0 +1,26 @@
{ stdenv, cmake, extra-cmake-modules, plasma-framework, kwindowsystem, plasma-pa, fetchFromGitHub }:
stdenv.mkDerivation rec {
name = "plasma-applet-volumewin7mixer-${version}";
version = "23";
src = fetchFromGitHub {
owner = "Zren";
repo = "plasma-applet-volumewin7mixer";
rev = "v${version}";
sha256 = "1j2bq343lnhwqz26qfsvg7vjxv84ibzbc4y86rjkh07nqjwb3xsc";
};
patches = [ ./cmake.patch ];
postPatch = '' rm build '';
nativeBuildInputs = [ cmake extra-cmake-modules ];
buildInputs = [ plasma-framework kwindowsystem plasma-pa ];
meta = with stdenv.lib; {
description = "A fork of the default volume plasmoid with a Windows 7 theme (vertical sliders).";
homepage = "https://github.com/Zren/plasma-applet-volumewin7mixer";
license = licenses.gpl2Plus;
platforms = platforms.linux;
maintainers = with maintainers; [ mdevlamynck ];
};
}

View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, python3Packages, file, less { stdenv, lib, fetchFromGitHub, python3Packages, file, less, highlight
, imagePreviewSupport ? true, w3m ? null}: , imagePreviewSupport ? true, w3m ? null}:
with stdenv.lib; with stdenv.lib;
@ -24,6 +24,11 @@ python3Packages.buildPythonApplication rec {
''; '';
preConfigure = '' preConfigure = ''
${lib.optionalString (highlight != null) ''
sed -i -e 's|^\s*highlight\b|${highlight}/bin/highlight|' \
ranger/data/scope.sh
''}
substituteInPlace ranger/data/scope.sh \ substituteInPlace ranger/data/scope.sh \
--replace "/bin/echo" "echo" --replace "/bin/echo" "echo"
@ -36,7 +41,7 @@ python3Packages.buildPythonApplication rec {
# give file previews out of the box # give file previews out of the box
substituteInPlace ranger/config/rc.conf \ substituteInPlace ranger/config/rc.conf \
--replace "set preview_script ~/.config/ranger/scope.sh" "set preview_script $out/share/doc/ranger/config/scope.sh" --replace "#set preview_script ~/.config/ranger/scope.sh" "set preview_script $out/share/doc/ranger/config/scope.sh"
'' + optionalString imagePreviewSupport '' '' + optionalString imagePreviewSupport ''
substituteInPlace ranger/ext/img_display.py \ substituteInPlace ranger/ext/img_display.py \
--replace /usr/lib/w3m ${w3m}/libexec/w3m --replace /usr/lib/w3m ${w3m}/libexec/w3m
@ -46,7 +51,7 @@ python3Packages.buildPythonApplication rec {
--replace "set preview_images false" "set preview_images true" --replace "set preview_images false" "set preview_images true"
''; '';
meta = with stdenv.lib; { meta = with lib; {
description = "File manager with minimalistic curses interface"; description = "File manager with minimalistic curses interface";
homepage = http://ranger.github.io/; homepage = http://ranger.github.io/;
license = licenses.gpl3; license = licenses.gpl3;

View File

@ -1,7 +1,7 @@
{ stdenv, fetchFromGitHub, pkgconfig, vte, gtk }: { stdenv, fetchFromGitHub, pkgconfig, vte, gtk }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "stupidterm-2018-03-10"; name = "stupidterm-2018-09-25";
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];
@ -10,8 +10,8 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "esmil"; owner = "esmil";
repo = "stupidterm"; repo = "stupidterm";
rev = "0463519a96c9e4f9ce9fdc99d8e776499346ccba"; rev = "d1bc020797330df83d427e361d3620e346a4e792";
sha256 = "1vbk53xyjn33myb3fix6y7sxb1x3rndrkk5l9qa60qaw2ivkr965"; sha256 = "1yh2vhq3d0qbh0dh2h9yc7s9gkffgkb987vvwz2bdnvlskrjmmdj";
}; };
makeFlags = "PKGCONFIG=${pkgconfig}/bin/pkg-config binary=stupidterm"; makeFlags = "PKGCONFIG=${pkgconfig}/bin/pkg-config binary=stupidterm";

View File

@ -7,11 +7,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "workrave-${version}"; name = "workrave-${version}";
version = "1.10.20"; version = "1.10.21";
src = let src = let
in fetchFromGitHub { in fetchFromGitHub {
sha256 = "099a87zkrkmsgfz9isrfm89dh545x52891jh6qxmn19h6wwsi941"; sha256 = "150qca8c552fakjlzkgarsxgp87l1xcwn19svqsa9d0cygqxjgia";
rev = with stdenv.lib; rev = with stdenv.lib;
"v" + concatStringsSep "_" (splitString "." version); "v" + concatStringsSep "_" (splitString "." version);
repo = "workrave"; repo = "workrave";

View File

@ -3,14 +3,14 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "xterm-335"; name = "xterm-337";
src = fetchurl { src = fetchurl {
urls = [ urls = [
"ftp://ftp.invisible-island.net/xterm/${name}.tgz" "ftp://ftp.invisible-island.net/xterm/${name}.tgz"
"https://invisible-mirror.net/archives/xterm/${name}.tgz" "https://invisible-mirror.net/archives/xterm/${name}.tgz"
]; ];
sha256 = "15nbgys4s2idhx6jzzc24g9bb1s6yps5fyg2bafvs0gkkcm1ggz0"; sha256 = "19ygmswikbwa633bxf24cvk7qdxjz2nq3cv9zdgqvrs7sgg7gb6c";
}; };
buildInputs = buildInputs =

View File

@ -1,14 +1,14 @@
{ stdenv, buildGoPackage, fetchurl, fetchFromGitHub, go-bindata }: { stdenv, buildGoPackage, fetchurl, fetchFromGitHub, go-bindata }:
let let
version = "1.4.10"; version = "1.4.13";
# TODO: must build the extension instead of downloading it. But since it's # TODO: must build the extension instead of downloading it. But since it's
# literally an asset that is indifferent regardless of the platform, this # literally an asset that is indifferent regardless of the platform, this
# might be just enough. # might be just enough.
webext = fetchurl { webext = fetchurl {
url = "https://github.com/browsh-org/browsh/releases/download/v${version}/browsh-${version}-an.fx.xpi"; url = "https://github.com/browsh-org/browsh/releases/download/v${version}/browsh-${version}-an.fx.xpi";
sha256 = "0rgwzv1qahqy52q7zz4dklnwx7w4x3gj92ka8n0ypgf9fjjnmqas"; sha256 = "11477z7mva8lwfxsrfxckvgqkxrjhc80czra8cqhpakf0fih1a4g";
}; };
in buildGoPackage rec { in buildGoPackage rec {

View File

@ -28,12 +28,6 @@ rec {
patches = nixpkgsPatches ++ [ patches = nixpkgsPatches ++ [
./no-buildconfig.patch ./no-buildconfig.patch
# fix build with rust >= 1.29 and firefox < 63
# https://bugzilla.mozilla.org/show_bug.cgi?id=1479540
(fetchpatch {
url = "https://github.com/mozilla/gecko-dev/commit/eec0d4f8714e6671402d41632232ef57348e65c4.patch";
sha256 = "1cjaqx811bcnp8b6z16q25csaclaic3b11q45ck02srd99n8qp0j";
})
]; ];
extraNativeBuildInputs = [ python3 ]; extraNativeBuildInputs = [ python3 ];

View File

@ -4,7 +4,7 @@
, flashplayer, hal-flash , flashplayer, hal-flash
, MPlayerPlugin, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2 , MPlayerPlugin, ffmpeg, xorg, libpulseaudio, libcanberra-gtk2
, jrePlugin, icedtea_web , jrePlugin, icedtea_web
, trezor-bridge, bluejeans, djview4, adobe-reader , bluejeans, djview4, adobe-reader
, google_talk_plugin, fribid, gnome3/*.gnome-shell*/ , google_talk_plugin, fribid, gnome3/*.gnome-shell*/
, esteidfirefoxplugin , esteidfirefoxplugin
, browserpass, chrome-gnome-shell, uget-integrator, plasma-browser-integration, bukubrow , browserpass, chrome-gnome-shell, uget-integrator, plasma-browser-integration, bukubrow
@ -55,7 +55,6 @@ let
++ lib.optional (cfg.enableGoogleTalkPlugin or false) google_talk_plugin ++ lib.optional (cfg.enableGoogleTalkPlugin or false) google_talk_plugin
++ lib.optional (cfg.enableFriBIDPlugin or false) fribid ++ lib.optional (cfg.enableFriBIDPlugin or false) fribid
++ lib.optional (cfg.enableGnomeExtensions or false) gnome3.gnome-shell ++ lib.optional (cfg.enableGnomeExtensions or false) gnome3.gnome-shell
++ lib.optional (cfg.enableTrezor or false) trezor-bridge
++ lib.optional (cfg.enableBluejeans or false) bluejeans ++ lib.optional (cfg.enableBluejeans or false) bluejeans
++ lib.optional (cfg.enableAdobeReader or false) adobe-reader ++ lib.optional (cfg.enableAdobeReader or false) adobe-reader
++ lib.optional (cfg.enableEsteid or false) esteidfirefoxplugin ++ lib.optional (cfg.enableEsteid or false) esteidfirefoxplugin

View File

@ -71,9 +71,8 @@ in stdenv.mkDerivation rec {
src = chromium.upstream-info.binary; src = chromium.upstream-info.binary;
nativeBuildInputs = [ patchelf makeWrapper ];
buildInputs = [ buildInputs = [
patchelf makeWrapper
# needed for GSETTINGS_SCHEMAS_PATH # needed for GSETTINGS_SCHEMAS_PATH
gsettings-desktop-schemas glib gtk gsettings-desktop-schemas glib gtk

View File

@ -1,46 +0,0 @@
{ stdenv, fetchurl, dpkg }:
stdenv.mkDerivation {
name = "TREZOR-bridge-1.0.5";
passthru = {
mozillaPlugin = "/lib/mozilla/plugins";
};
src =
if stdenv.hostPlatform.system == "x86_64-linux" then
fetchurl {
url = https://mytrezor.com/data/plugin/1.0.5/browser-plugin-trezor_1.0.5_amd64.deb;
sha256 = "0097h4v88yca4aayzprrh4pk03xvvj7ncz2mi83chm81gsr2v67z";
}
else
fetchurl {
url = https://mytrezor.com/data/plugin/1.0.5/browser-plugin-trezor_1.0.5_i386.deb;
sha256 = "0xzbq78s3ivg00f0bj6gyjgf47pvjx2l4mm05jjmdar60bf1xr1n";
};
phases = [ "unpackPhase" "installPhase" "fixupPhase" ];
dontStrip = true;
dontPatchELF = true;
unpackPhase = "${dpkg}/bin/dpkg-deb -x $src .";
installPhase = ''
mkdir -p $out/etc/udev/rules.d/ $out/lib/mozilla/plugins
cp ./lib/udev/rules.d/51-trezor-udev.rules $out/etc/udev/rules.d/
cp ./usr/lib/mozilla/plugins/npBitcoinTrezorPlugin.so $out/lib/mozilla/plugins
'';
meta = with stdenv.lib;
{ description = "Plugin for browser to TREZOR device communication";
homepage = https://mytrezor.com;
license = licenses.unfree;
maintainers = with maintainers; [ ehmry ];
# Download URL, .deb content & hash (yikes) changed, not version.
# New archive doesn't contain any Mozilla plugin at all.
broken = true;
platforms = platforms.linux;
};
}

View File

@ -1,7 +1,7 @@
{ stdenv, cmake, fetchFromGitHub { stdenv, cmake, fetchFromGitHub
, qtbase, qtmultimedia, qtwebengine , qtbase, qtmultimedia, qtwebengine
, version ? "0.9.96" , version ? "0.9.99.3"
, sourceSha ? "1xzfy3jjx9sskwwbk7l8hnwnjf8af62p4kjkydp0ld0j50apc39p" , sourceSha ? "0dkismjs3daz5afx6s5arwvynsw5qpvv2rqbzvmpihn6khnhap55"
}: }:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "otter-browser-${version}"; name = "otter-browser-${version}";

View File

@ -13,11 +13,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "${product}-${version}"; name = "${product}-${version}";
product = "vivaldi"; product = "vivaldi";
version = "1.15.1147.64-1"; version = "2.0.1309.29-2";
src = fetchurl { src = fetchurl {
url = "https://downloads.vivaldi.com/stable/${product}-stable_${version}_amd64.deb"; url = "https://downloads.vivaldi.com/stable/${product}-stable_${version}_amd64.deb";
sha256 = "01xbfrrq2kj75cb6grpq9a4y88j1s87h2nnvy1fmyb4a2db6y0ag"; sha256 = "09vaf191djbrfijvhklivh2ifj8w68car2vz956gsw4lhz07kzck";
}; };
unpackPhase = '' unpackPhase = ''

Some files were not shown because too many files have changed in this diff Show More