Merge branch 'master' of https://github.com/NixOS/nixpkgs into update
Conflicts: pkgs/development/libraries/haskell/text-binary/default.nix pkgs/top-level/haskell-defaults.nix pkgs/top-level/haskell-packages.nix
This commit is contained in:
commit
6fa969839a
@ -1,3 +1,5 @@
|
||||
language: python
|
||||
python: "3.4"
|
||||
script: ./maintainers/scripts/travis-nox-review-pr.sh
|
||||
before_install: ./maintainers/scripts/travis-nox-review-pr.sh nix
|
||||
install: ./maintainers/scripts/travis-nox-review-pr.sh nox
|
||||
script: ./maintainers/scripts/travis-nox-review-pr.sh build
|
||||
|
@ -10,9 +10,7 @@
|
||||
|
||||
<listitem><para><command>$ git clone git://github.com/NixOS/nixpkgs.git</command></para></listitem>
|
||||
|
||||
<listitem><para><command>$ cd nixpkgs/pkgs/top-level</command></para></listitem>
|
||||
|
||||
<listitem><para><command>$ nix-build -A tarball release.nix</command></para></listitem>
|
||||
<listitem><para><command>$ nix-build -A manual nixpkgs/pkgs/top-level/release.nix</command></para></listitem>
|
||||
|
||||
<listitem><para>Inside the built derivation you shall see <literal>manual/index.html</literal> file.</para></listitem>
|
||||
|
||||
|
@ -108,7 +108,7 @@ a <varname>preConfigure</varname> hook to generate a configuration
|
||||
file used by <filename>Makefile.PL</filename>:
|
||||
|
||||
<programlisting>
|
||||
{buildPerlPackage, fetchurl, db}:
|
||||
{ buildPerlPackage, fetchurl, db }:
|
||||
|
||||
buildPerlPackage rec {
|
||||
name = "BerkeleyDB-0.36";
|
||||
@ -191,45 +191,424 @@ you need it.</para>
|
||||
</section>
|
||||
|
||||
|
||||
<section><title>Python</title>
|
||||
<section xml:id="python"><title>Python</title>
|
||||
|
||||
<para>
|
||||
Currently supported interpreters are <varname>python26</varname>, <varname>python27</varname>,
|
||||
<varname>python32</varname>, <varname>python33</varname>, <varname>python34</varname>
|
||||
and <varname>pypy</varname>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<varname>python</varname> is an alias of <varname>python27</varname> and <varname>python3</varname> is an alias of <varname>python34</varname>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<varname>python26</varname> and <varname>python27</varname> do not include modules that require
|
||||
external dependencies (to reduce dependency bloat). Following modules need to be added as
|
||||
<varname>buildInput</varname> explicitly:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><varname>python.modules.bsddb</varname></para></listitem>
|
||||
<listitem><para><varname>python.modules.curses</varname></para></listitem>
|
||||
<listitem><para><varname>python.modules.curses_panel</varname></para></listitem>
|
||||
<listitem><para><varname>python.modules.crypt</varname></para></listitem>
|
||||
<listitem><para><varname>python.modules.gdbm</varname></para></listitem>
|
||||
<listitem><para><varname>python.modules.sqlite3</varname></para></listitem>
|
||||
<listitem><para><varname>python.modules.tkinter</varname></para></listitem>
|
||||
<listitem><para><varname>python.modules.readline</varname></para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>For convenience <varname>python27Full</varname> and <varname>python26Full</varname>
|
||||
are provided with all modules included.</para>
|
||||
|
||||
<para>
|
||||
Python packages that
|
||||
use <link xlink:href="http://pypi.python.org/pypi/setuptools/"><literal>setuptools</literal></link>,
|
||||
which many Python packages do nowadays, can be built very simply using
|
||||
the <varname>buildPythonPackage</varname> function. This function is
|
||||
implemented
|
||||
in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/python-modules/generic/default.nix"><filename>pkgs/development/python-modules/generic/default.nix</filename></link>
|
||||
and works similarly to <varname>buildPerlPackage</varname>. (See
|
||||
<xref linkend="ssec-language-perl"/> for details.)
|
||||
use <link xlink:href="http://pypi.python.org/pypi/setuptools/"><literal>setuptools</literal></link> or <literal>distutils</literal>,
|
||||
can be built using the <varname>buildPythonPackage</varname> function as documented below.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Python packages that use <varname>buildPythonPackage</varname> are
|
||||
defined
|
||||
in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/python-packages.nix"><filename>pkgs/top-level/python-packages.nix</filename></link>.
|
||||
Most of them are simple. For example:
|
||||
|
||||
<programlisting>
|
||||
twisted = buildPythonPackage {
|
||||
name = "twisted-8.1.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = http://tmrc.mit.edu/mirror/twisted/Twisted/8.1/Twisted-8.1.0.tar.bz2;
|
||||
sha256 = "0q25zbr4xzknaghha72mq57kh53qw1bf8csgp63pm9sfi72qhirl";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ pkgs.ZopeInterface ];
|
||||
|
||||
meta = {
|
||||
homepage = http://twistedmatrix.com/;
|
||||
description = "Twisted, an event-driven networking engine written in Python";
|
||||
license = "MIT";
|
||||
};
|
||||
};
|
||||
</programlisting>
|
||||
All packages depending on any Python interpreter get appended <varname>$out/${python.libPrefix}/site-packages</varname>
|
||||
to <literal>$PYTHONPATH</literal> if such directory exists.
|
||||
</para>
|
||||
|
||||
<variablelist>
|
||||
<title>
|
||||
Useful attributes on interpreters packages:
|
||||
</title>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>libPrefix</varname></term>
|
||||
<listitem><para>
|
||||
Name of the folder in <literal>${python}/lib/</literal> for corresponding interpreter.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>interpreter</varname></term>
|
||||
<listitem><para>
|
||||
Alias for <literal>${python}/bin/${executable}.</literal>
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>buildEnv</varname></term>
|
||||
<listitem><para>
|
||||
Function to build python interpreter environments with extra packages bundled together.
|
||||
See <xref linkend="python-build-env" /> for usage and documentation.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>sitePackages</varname></term>
|
||||
<listitem><para>
|
||||
Alias for <literal>lib/${libPrefix}/site-packages</literal>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>executable</varname></term>
|
||||
<listitem><para>
|
||||
Name of the interpreter executable, ie <literal>python3.4</literal>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
<section xml:id="build-python-package"><title><varname>buildPythonPackage</varname> function</title>
|
||||
|
||||
<para>
|
||||
The function is implemented in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/python-modules/generic/default.nix">
|
||||
<filename>pkgs/development/python-modules/generic/default.nix</filename></link>.
|
||||
Example usage:
|
||||
|
||||
<programlisting language="nix">
|
||||
twisted = buildPythonPackage {
|
||||
name = "twisted-8.1.0";
|
||||
|
||||
src = pkgs.fetchurl {
|
||||
url = http://tmrc.mit.edu/mirror/twisted/Twisted/8.1/Twisted-8.1.0.tar.bz2;
|
||||
sha256 = "0q25zbr4xzknaghha72mq57kh53qw1bf8csgp63pm9sfi72qhirl";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ self.ZopeInterface ];
|
||||
|
||||
meta = {
|
||||
homepage = http://twistedmatrix.com/;
|
||||
description = "Twisted, an event-driven networking engine written in Python";
|
||||
license = stdenv.lib.licenses.mit;
|
||||
};
|
||||
};
|
||||
</programlisting>
|
||||
|
||||
Most of Python packages that use <varname>buildPythonPackage</varname> are defined
|
||||
in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/python-packages.nix"><filename>pkgs/top-level/python-packages.nix</filename></link>
|
||||
and generated for each python interpreter separately into attribute sets <varname>python26Packages</varname>,
|
||||
<varname>python27Packages</varname>, <varname>python32Packages</varname>, <varname>python33Packages</varname>,
|
||||
<varname>python34Packages</varname> and <varname>pypyPackages</varname>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<function>buildPythonPackage</function> mainly does four things:
|
||||
|
||||
<orderedlist>
|
||||
<listitem><para>
|
||||
In the <varname>configurePhase</varname>, it patches
|
||||
<literal>setup.py</literal> to always include setuptools before
|
||||
distutils for monkeypatching machinery to take place.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
In the <varname>buildPhase</varname>, it calls
|
||||
<literal>${python.interpreter} setup.py build ...</literal>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
In the <varname>installPhase</varname>, it calls
|
||||
<literal>${python.interpreter} setup.py install ...</literal>
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
In the <varname>postFixup</varname> phase, <literal>wrapPythonPrograms</literal>
|
||||
bash function is called to wrap all programs in <filename>$out/bin/*</filename>
|
||||
directory to include <literal>$PYTHONPATH</literal> and <literal>$PATH</literal>
|
||||
environment variables.
|
||||
</para></listitem>
|
||||
</orderedlist>
|
||||
</para>
|
||||
|
||||
<para>By default <varname>doCheck = true</varname> is set and tests are run with
|
||||
<literal>${python.interpreter} setup.py test</literal> command in <varname>checkPhase</varname>.</para>
|
||||
|
||||
<para><varname>propagatedBuildInputs</varname> packages are propagated to user environment.</para>
|
||||
|
||||
<para>
|
||||
By default <varname>meta.platforms</varname> is set to the same value
|
||||
as the interpreter unless overriden otherwise.
|
||||
</para>
|
||||
|
||||
<variablelist>
|
||||
<title>
|
||||
<varname>buildPythonPackage</varname> parameters
|
||||
(all parameters from <varname>mkDerivation</varname> function are still supported)
|
||||
</title>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>namePrefix</varname></term>
|
||||
<listitem><para>
|
||||
Prepended text to <varname>${name}</varname> parameter.
|
||||
Defaults to <literal>"python3.3-"</literal> for Python 3.3, etc. Set it to
|
||||
<literal>""</literal>
|
||||
if you're packaging an application or a command line tool.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>disabled</varname></term>
|
||||
<listitem><para>
|
||||
If <varname>true</varname>, package is not build for
|
||||
particular python interpreter version. Grep around
|
||||
<filename>pkgs/top-level/python-packages.nix</filename>
|
||||
for examples.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>setupPyInstallFlags</varname></term>
|
||||
<listitem><para>
|
||||
List of flags passed to <command>setup.py install</command> command.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>setupPyBuildFlags</varname></term>
|
||||
<listitem><para>
|
||||
List of flags passed to <command>setup.py build</command> command.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>pythonPath</varname></term>
|
||||
<listitem><para>
|
||||
List of packages to be added into <literal>$PYTHONPATH</literal>.
|
||||
Packages in <varname>pythonPath</varname> are not propagated into user environment
|
||||
(contrary to <varname>propagatedBuildInputs</varname>).
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>preShellHook</varname></term>
|
||||
<listitem><para>
|
||||
Hook to execute commands before <varname>shellHook</varname>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>postShellHook</varname></term>
|
||||
<listitem><para>
|
||||
Hook to execute commands after <varname>shellHook</varname>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>distutilsExtraCfg</varname></term>
|
||||
<listitem><para>
|
||||
Extra lines passed to <varname>[easy_install]</varname> section of
|
||||
<filename>distutils.cfg</filename> (acts as global setup.cfg
|
||||
configuration).
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
</section>
|
||||
|
||||
<section xml:id="python-build-env"><title><function>python.buildEnv</function> function</title>
|
||||
<para>
|
||||
Create Python environments using low-level <function>pkgs.buildEnv</function> function. Example <filename>default.nix</filename>:
|
||||
|
||||
<programlisting language="nix">
|
||||
<![CDATA[
|
||||
with import <nixpkgs> {};
|
||||
|
||||
python.buildEnv.override {
|
||||
extraLibs = [ pkgs.pythonPackages.pyramid ];
|
||||
ignoreCollisions = true;
|
||||
}
|
||||
]]>
|
||||
</programlisting>
|
||||
|
||||
Running <command>nix-build</command> will create
|
||||
<filename>/nix/store/cf1xhjwzmdki7fasgr4kz6di72ykicl5-python-2.7.8-env</filename>
|
||||
with wrapped binaries in <filename>bin/</filename>.
|
||||
</para>
|
||||
|
||||
<variablelist>
|
||||
<title>
|
||||
<function>python.buildEnv</function> arguments
|
||||
</title>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>extraLibs</varname></term>
|
||||
<listitem><para>
|
||||
List of packages installed inside the environment.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>postBuild</varname></term>
|
||||
<listitem><para>
|
||||
Shell command executed after the build of environment.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>ignoreCollisions</varname></term>
|
||||
<listitem><para>
|
||||
Ignore file collisions inside the environment (default is <varname>false</varname>).
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</section>
|
||||
|
||||
<section xml:id="python-tools"><title>Tools</title>
|
||||
|
||||
<para>Packages inside nixpkgs are written by hand. However many tools
|
||||
exist in community to help save time. No tool is preferred at the moment.
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>
|
||||
<link xlink:href="https://github.com/proger/python2nix">python2nix</link>
|
||||
by Vladimir Kirillov
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<link xlink:href="https://github.com/garbas/pypi2nix">pypi2nix</link>
|
||||
by Rok Garbas
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
<link xlink:href="https://github.com/offlinehacker/pypi2nix">pypi2nix</link>
|
||||
by Jaka Hudoklin
|
||||
</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
</section>
|
||||
|
||||
<section xml:id="python-development"><title>Development</title>
|
||||
|
||||
<para>
|
||||
To develop Python packages <function>bulidPythonPackage</function> has
|
||||
additional logic inside <varname>shellPhase</varname> to run
|
||||
<command>${python.interpreter} setup.py develop</command> for the package.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Given a <filename>default.nix</filename>:
|
||||
|
||||
<programlisting language="nix">
|
||||
<![CDATA[
|
||||
with import <nixpkgs> {};
|
||||
|
||||
buildPythonPackage {
|
||||
name = "myproject";
|
||||
|
||||
buildInputs = with pkgs.pythonPackages; [ pyramid ];
|
||||
|
||||
src = ./.;
|
||||
}
|
||||
]]>
|
||||
</programlisting>
|
||||
|
||||
Running <command>nix-shell</command> with no arguments should give you
|
||||
the environment in which the package would be build with
|
||||
<command>nix-build</command>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Shortcut to setup environments with C headers/libraries and python packages:
|
||||
|
||||
<programlisting language="bash">$ nix-shell -p pythonPackages.pyramid zlib libjpeg git</programlisting>
|
||||
</para>
|
||||
|
||||
<note><para>
|
||||
There is a boolean value <varname>lib.inNixShell</varname> set to
|
||||
<varname>true</varname> if nix-shell is invoked.
|
||||
</para></note>
|
||||
|
||||
</section>
|
||||
|
||||
<section xml:id="python-faq"><title>FAQ</title>
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term>How to solve circular dependencies?</term>
|
||||
<listitem><para>
|
||||
If you have packages <varname>A</varname> and <varname>B</varname> that
|
||||
depend on each other, when packaging <varname>B</varname> override package
|
||||
<varname>A</varname> not to depend on <varname>B</varname> as input
|
||||
(and also the other way around).
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>install_data / data_files</varname> problems resulting into <literal>error: could not create '/nix/store/6l1bvljpy8gazlsw2aw9skwwp4pmvyxw-python-2.7.8/etc': Permission denied</literal></term>
|
||||
<listitem><para>
|
||||
<link xlink:href="https://bitbucket.org/pypa/setuptools/issue/130/install_data-doesnt-respect-prefix">
|
||||
Known bug in setuptools <varname>install_data</varname> does not respect --prefix</link>. Example of
|
||||
such package using the feature is <filename>pkgs/tools/X11/xpra/default.nix</filename>. As workaround
|
||||
install it as an extra <varname>preInstall</varname> step:
|
||||
|
||||
<programlisting>${python.interpreter} setup.py install_data --install-dir=$out --root=$out
|
||||
sed -i '/ = data_files/d' setup.py</programlisting>
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>Rationale of non-existent global site-packages</term>
|
||||
<listitem><para>
|
||||
There is no need to have global site-packages in Nix. Each package has isolated
|
||||
dependency tree and installing any python package will only populate <varname>$PATH</varname>
|
||||
inside user environment. See <xref linkend="python-build-env" /> to create self-contained
|
||||
interpreter with a set of packages.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
</section>
|
||||
|
||||
|
||||
<section xml:id="python-contrib"><title>Contributing guidelines</title>
|
||||
<para>
|
||||
Following rules are desired to be respected:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>
|
||||
Make sure package builds for all python interpreters. Use <varname>disabled</varname> argument to
|
||||
<function>buildPythonPackage</function> to set unsupported interpreters.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
If tests need to be disabled for a package, make sure you leave a comment about reasoning.
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>
|
||||
Packages in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/python-packages.nix"><filename>pkgs/top-level/python-packages.nix</filename></link>
|
||||
are sorted quasi-alphabetically to avoid merge conflicts.
|
||||
</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
</section>
|
||||
|
||||
</section>
|
||||
|
||||
|
||||
|
@ -116,6 +116,13 @@ hello-2.3 A program that produces a familiar, friendly greeting
|
||||
<listitem><para>Package version.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>branch</varname></term>
|
||||
<listitem><para>Release branch. Used to specify that a package is not
|
||||
going to receive updates that are not in this branch; for example, Linux
|
||||
kernel 3.0 is supposed to be updated to 3.0.X, not 3.1.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>homepage</varname></term>
|
||||
<listitem><para>The package’s homepage. Example:
|
||||
|
@ -1,44 +0,0 @@
|
||||
<?xml version="1.0"?>
|
||||
|
||||
<xsl:stylesheet
|
||||
version="1.0"
|
||||
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
xmlns:str="http://exslt.org/strings"
|
||||
extension-element-prefixes="str">
|
||||
|
||||
<xsl:output method="xml"/>
|
||||
|
||||
<xsl:template match="function|command|literal|varname|filename|option|quote">`<xsl:apply-templates/>'</xsl:template>
|
||||
|
||||
<xsl:template match="token"><xsl:text> </xsl:text><xsl:apply-templates /><xsl:text>
|
||||
</xsl:text></xsl:template>
|
||||
|
||||
<xsl:template match="screen|programlisting">
|
||||
<screen><xsl:apply-templates select="str:split(., '
')" /></screen>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="section[following::section]">
|
||||
<section>
|
||||
<xsl:apply-templates />
|
||||
<screen><xsl:text>
|
||||
</xsl:text></screen>
|
||||
</section>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="*">
|
||||
<xsl:element name="{name(.)}" namespace="{namespace-uri(.)}">
|
||||
<xsl:copy-of select="namespace::*" />
|
||||
<xsl:for-each select="@*">
|
||||
<xsl:attribute name="{name(.)}" namespace="{namespace-uri(.)}">
|
||||
<xsl:value-of select="."/>
|
||||
</xsl:attribute>
|
||||
</xsl:for-each>
|
||||
<xsl:apply-templates/>
|
||||
</xsl:element>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="text()">
|
||||
<xsl:value-of select="translate(., '‘’“”—', concat("`'", '""-'))" />
|
||||
</xsl:template>
|
||||
|
||||
</xsl:stylesheet>
|
@ -150,8 +150,8 @@ genericBuild
|
||||
|
||||
<listitem><para>GNU <command>tar</command>.</para></listitem>
|
||||
|
||||
<listitem><para><command>gzip</command> and
|
||||
<command>bzip2</command>.</para></listitem>
|
||||
<listitem><para><command>gzip</command>, <command>bzip2</command>
|
||||
and <command>xz</command>.</para></listitem>
|
||||
|
||||
<listitem><para>GNU Make. It has been patched to provide
|
||||
<quote>nested</quote> output that can be fed into the
|
||||
@ -341,9 +341,11 @@ It supports the following files by default:
|
||||
<term>Tar files</term>
|
||||
<listitem><para>These can optionally be compressed using
|
||||
<command>gzip</command> (<filename>.tar.gz</filename>,
|
||||
<filename>.tgz</filename> or <filename>.tar.Z</filename>) or
|
||||
<filename>.tgz</filename> or <filename>.tar.Z</filename>),
|
||||
<command>bzip2</command> (<filename>.tar.bz2</filename> or
|
||||
<filename>.tbz2</filename>).</para></listitem>
|
||||
<filename>.tbz2</filename>) or <command>xz</command>
|
||||
(<filename>.tar.xz</filename> or
|
||||
<filename>.tar.lzma</filename>).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -445,9 +447,10 @@ Additional file types can be supported by setting the
|
||||
<listitem><para>The list of patches. They must be in the format
|
||||
accepted by the <command>patch</command> command, and may
|
||||
optionally be compressed using <command>gzip</command>
|
||||
(<filename>.gz</filename>) or <command>bzip2</command>
|
||||
(<filename>.bz2</filename>).</para></listitem>
|
||||
</varlistentry>
|
||||
(<filename>.gz</filename>), <command>bzip2</command>
|
||||
(<filename>.bz2</filename>) or <command>xz</command>
|
||||
(<filename>.xz</filename>).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>patchFlags</varname></term>
|
||||
@ -1117,12 +1120,9 @@ echo @foo@
|
||||
<varlistentry>
|
||||
<term>Python</term>
|
||||
<listitem><para>Adds the
|
||||
<filename>lib/python2.5/site-packages</filename> subdirectory of
|
||||
<filename>lib/${python.libPrefix}/site-packages</filename> subdirectory of
|
||||
each build input to the <envar>PYTHONPATH</envar> environment
|
||||
variable.</para>
|
||||
|
||||
<note><para>This should be generalised: the Python version
|
||||
shouldn’t be hard-coded.</para></note></listitem>
|
||||
variable.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -62,6 +62,8 @@ rec {
|
||||
makeOverridable f (origArgs // (if builtins.isFunction newArgs then newArgs origArgs else newArgs));
|
||||
deepOverride = newArgs:
|
||||
makeOverridable f (lib.overrideExisting (lib.mapAttrs (deepOverrider newArgs) origArgs) newArgs);
|
||||
overrideDerivation = fdrv:
|
||||
makeOverridable (args: overrideDerivation (f args) fdrv) origArgs;
|
||||
})
|
||||
else ff;
|
||||
|
||||
|
242
lib/licenses.nix
242
lib/licenses.nix
@ -1,303 +1,405 @@
|
||||
let
|
||||
|
||||
lib = import ./default.nix;
|
||||
|
||||
spdx = lic: lic // {
|
||||
url = "http://spdx.org/licenses/${lic.shortName}";
|
||||
};
|
||||
url = "http://spdx.org/licenses/${lic.spdxId}";
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
rec {
|
||||
lib.mapAttrs (n: v: v // { shortName = n; }) rec {
|
||||
/* License identifiers from spdx.org where possible.
|
||||
* If you cannot find your license here, then look for a similar license or
|
||||
* add it to this list. The URL mentioned above is a good source for inspiration.
|
||||
*/
|
||||
|
||||
afl21 = spdx {
|
||||
spdxId = "AFL-2.1";
|
||||
fullName = "Academic Free License";
|
||||
};
|
||||
|
||||
agpl3 = spdx {
|
||||
shortName = "AGPL-3.0";
|
||||
spdxId = "AGPL-3.0";
|
||||
fullName = "GNU Affero General Public License v3.0";
|
||||
};
|
||||
|
||||
agpl3Plus = {
|
||||
shortName = "AGPL-3.0+";
|
||||
fullName = "GNU Affero General Public License v3.0 or later";
|
||||
inherit (agpl3) url;
|
||||
};
|
||||
|
||||
amazonsl = {
|
||||
fullName = "Amazon Software License";
|
||||
url = http://aws.amazon.com/asl/;
|
||||
free = false;
|
||||
};
|
||||
|
||||
amd = {
|
||||
shortName = "amd";
|
||||
fullName = "AMD License Agreement";
|
||||
url = http://developer.amd.com/amd-license-agreement/;
|
||||
};
|
||||
|
||||
apsl20 = spdx {
|
||||
shortName = "APSL-2.0";
|
||||
spdxId = "APSL-2.0";
|
||||
fullName = "Apple Public Source License 2.0";
|
||||
};
|
||||
|
||||
artistic1 = spdx {
|
||||
spdxId = "Artistic-1.0";
|
||||
fullName = "Artistic License 1.0";
|
||||
};
|
||||
|
||||
artistic2 = spdx {
|
||||
shortName = "Artistic-2.0";
|
||||
spdxId = "Artistic-2.0";
|
||||
fullName = "Artistic License 2.0";
|
||||
};
|
||||
|
||||
asl20 = spdx {
|
||||
shortName = "Apache-2.0";
|
||||
spdxId = "Apache-2.0";
|
||||
fullName = "Apache License 2.0";
|
||||
};
|
||||
|
||||
boost = spdx {
|
||||
shortName = "BSL-1.0";
|
||||
spdxId = "BSL-1.0";
|
||||
fullName = "Boost Software License 1.0";
|
||||
};
|
||||
|
||||
bsd2 = spdx {
|
||||
shortName = "BSD-2-Clause";
|
||||
spdxId = "BSD-2-Clause";
|
||||
fullName = ''BSD 2-clause "Simplified" License'';
|
||||
};
|
||||
|
||||
bsd3 = spdx {
|
||||
shortName = "BSD-3-Clause";
|
||||
spdxId = "BSD-3-Clause";
|
||||
fullName = ''BSD 3-clause "New" or "Revised" License'';
|
||||
};
|
||||
|
||||
bsdOriginal = spdx {
|
||||
shortName = "BSD-4-Clause";
|
||||
spdxId = "BSD-4-Clause";
|
||||
fullName = ''BSD 4-clause "Original" or "Old" License'';
|
||||
};
|
||||
|
||||
cc0 = spdx {
|
||||
shortName = "CC0-1.0";
|
||||
fullName = ''Creative Commons Zero v1.0 Universal'';
|
||||
spdxId = "CC0-1.0";
|
||||
fullName = "Creative Commons Zero v1.0 Universal";
|
||||
};
|
||||
|
||||
cc-by-30 = spdx {
|
||||
shortName = "CC-BY-3.0";
|
||||
spdxId = "CC-BY-3.0";
|
||||
fullName = "Creative Commons Attribution 3.0";
|
||||
};
|
||||
|
||||
cc-by-sa-30 = spdx {
|
||||
spdxId = "CC-BY-SA-3.0";
|
||||
fullName = "Creative Commons Attribution Share Alike 3.0";
|
||||
};
|
||||
|
||||
cc-by-40 = spdx {
|
||||
shortName = "CC-BY-4.0";
|
||||
spdxId = "CC-BY-4.0";
|
||||
fullName = "Creative Commons Attribution 4.0";
|
||||
};
|
||||
|
||||
cddl = spdx {
|
||||
shortName = "CDDL-1.0";
|
||||
spdxId = "CDDL-1.0";
|
||||
fullName = "Common Development and Distribution License 1.0";
|
||||
};
|
||||
|
||||
cecill20 = spdx {
|
||||
spdxId = "CECILL-2.0";
|
||||
fullName = "CeCILL Free Software License Agreement v2.0";
|
||||
};
|
||||
|
||||
cecill-b = spdx {
|
||||
shortName = "CECILL-B";
|
||||
spdxId = "CECILL-B";
|
||||
fullName = "CeCILL-B Free Software License Agreement";
|
||||
};
|
||||
|
||||
cecill-c = spdx {
|
||||
shortName = "CECILL-C";
|
||||
spdxId = "CECILL-C";
|
||||
fullName = "CeCILL-C Free Software License Agreement";
|
||||
};
|
||||
|
||||
cpl10 = spdx {
|
||||
shortName = "CPL-1.0";
|
||||
spdxId = "CPL-1.0";
|
||||
fullName = "Common Public License 1.0";
|
||||
};
|
||||
|
||||
epl10 = spdx {
|
||||
shortName = "EPL-1.0";
|
||||
spdxId = "EPL-1.0";
|
||||
fullName = "Eclipse Public License 1.0";
|
||||
};
|
||||
|
||||
free = "free";
|
||||
free = {
|
||||
fullName = "Unspecified free software license";
|
||||
};
|
||||
|
||||
gpl1 = spdx {
|
||||
shortName = "GPL-1.0";
|
||||
fullName = "GNU General Public License v1.0 only";
|
||||
};
|
||||
|
||||
gpl1Plus = spdx {
|
||||
spdxId = "GPL-1.0+";
|
||||
fullName = "GNU General Public License v1.0 or later";
|
||||
};
|
||||
|
||||
gpl2 = spdx {
|
||||
shortName = "GPL-2.0";
|
||||
spdxId = "GPL-2.0";
|
||||
fullName = "GNU General Public License v2.0 only";
|
||||
};
|
||||
|
||||
gpl2ClasspathPlus = {
|
||||
fullName = "GNU General Public License v2.0 or later (with Classpath exception)";
|
||||
url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
|
||||
};
|
||||
|
||||
gpl2Oss = {
|
||||
shortName = "GPL-2.0-with-OSS";
|
||||
fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)";
|
||||
url = http://www.mysql.com/about/legal/licensing/foss-exception;
|
||||
};
|
||||
|
||||
gpl2Plus = spdx {
|
||||
shortName = "GPL-2.0+";
|
||||
spdxId = "GPL-2.0+";
|
||||
fullName = "GNU General Public License v2.0 or later";
|
||||
};
|
||||
|
||||
gpl3 = spdx {
|
||||
shortName = "GPL-3.0";
|
||||
spdxId = "GPL-3.0";
|
||||
fullName = "GNU General Public License v3.0 only";
|
||||
};
|
||||
|
||||
gpl3Plus = spdx {
|
||||
shortName = "GPL-3.0+";
|
||||
spdxId = "GPL-3.0+";
|
||||
fullName = "GNU General Public License v3.0 or later";
|
||||
};
|
||||
|
||||
gpl3ClasspathPlus = {
|
||||
shortName = "GPL-3.0+-with-classpath-exception";
|
||||
fullName = "GNU General Public License v3.0 or later (with Classpath exception)";
|
||||
url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
|
||||
};
|
||||
|
||||
# Intel's license, seems free
|
||||
iasl = {
|
||||
fullName = "iASL";
|
||||
url = http://www.calculate-linux.org/packages/licenses/iASL;
|
||||
};
|
||||
|
||||
inria = {
|
||||
shortName = "INRIA-NCLA";
|
||||
fullName = "INRIA Non-Commercial License Agreement";
|
||||
url = "http://compcert.inria.fr/doc/LICENSE";
|
||||
};
|
||||
|
||||
ipa = spdx {
|
||||
shortName = "IPA";
|
||||
spdxId = "IPA";
|
||||
fullName = "IPA Font License";
|
||||
};
|
||||
|
||||
ipl10 = spdx {
|
||||
shortName = "IPL-1.0";
|
||||
spdxId = "IPL-1.0";
|
||||
fullName = "IBM Public License v1.0";
|
||||
};
|
||||
|
||||
isc = spdx {
|
||||
shortName = "ISC";
|
||||
spdxId = "ISC";
|
||||
fullName = "ISC License";
|
||||
};
|
||||
|
||||
lgpl2 = spdx {
|
||||
shortName = "LGPL-2.0";
|
||||
spdxId = "LGPL-2.0";
|
||||
fullName = "GNU Library General Public License v2 only";
|
||||
};
|
||||
|
||||
lgpl2Plus = spdx {
|
||||
shortName = "LGPL-2.0+";
|
||||
spdxId = "LGPL-2.0+";
|
||||
fullName = "GNU Library General Public License v2 or later";
|
||||
};
|
||||
|
||||
lgpl21 = spdx {
|
||||
shortName = "LGPL-2.1";
|
||||
spdxId = "LGPL-2.1";
|
||||
fullName = "GNU Library General Public License v2.1 only";
|
||||
};
|
||||
|
||||
lgpl21Plus = spdx {
|
||||
shortName = "LGPL-2.1+";
|
||||
spdxId = "LGPL-2.1+";
|
||||
fullName = "GNU Library General Public License v2.1 or later";
|
||||
};
|
||||
|
||||
lgpl3 = spdx {
|
||||
shortName = "LGPL-3.0";
|
||||
spdxId = "LGPL-3.0";
|
||||
fullName = "GNU Lesser General Public License v3.0 only";
|
||||
};
|
||||
|
||||
lgpl3Plus = spdx {
|
||||
shortName = "LGPL-3.0+";
|
||||
spdxId = "LGPL-3.0+";
|
||||
fullName = "GNU Lesser General Public License v3.0 or later";
|
||||
};
|
||||
|
||||
libpng = spdx {
|
||||
shortName = "Libpng";
|
||||
spdxId = "Libpng";
|
||||
fullName = "libpng License";
|
||||
};
|
||||
|
||||
libtiff = {
|
||||
shortName = "libtiff";
|
||||
fullName = "libtiff license";
|
||||
url = https://fedoraproject.org/wiki/Licensing/libtiff;
|
||||
libtiff = spdx {
|
||||
spdxId = "libtiff";
|
||||
fullName = "libtiff License";
|
||||
};
|
||||
|
||||
llgpl21 = {
|
||||
shortName = "LLGPL-2.1";
|
||||
fullName = "Lisp LGPL; GNU Lesser General Public License version 2.1 with Franz Inc. preamble for clarification of LGPL terms in context of Lisp";
|
||||
url = http://opensource.franz.com/preamble.html;
|
||||
};
|
||||
|
||||
lppl12 = spdx {
|
||||
spdxId = "LPPL-1.2";
|
||||
fullName = "LaTeX Project Public License v1.2";
|
||||
};
|
||||
|
||||
lpl-102 = spdx {
|
||||
shortName = "LPL-1.02";
|
||||
spdxId = "LPL-1.02";
|
||||
fullName = "Lucent Public License v1.02";
|
||||
};
|
||||
|
||||
# spdx.org does not (yet) differentiate between the X11 and Expat versions
|
||||
# for details see http://en.wikipedia.org/wiki/MIT_License#Various_versions
|
||||
mit = spdx {
|
||||
shortName = "MIT";
|
||||
spdxId = "MIT";
|
||||
fullName = "MIT License";
|
||||
};
|
||||
|
||||
mpl11 = spdx {
|
||||
shortName = "MPL-1.1";
|
||||
spdxId = "MPL-1.1";
|
||||
fullName = "Mozilla Public License 1.1";
|
||||
};
|
||||
|
||||
mpl20 = spdx {
|
||||
shortName = "MPL-2.0";
|
||||
spdxId = "MPL-2.0";
|
||||
fullName = "Mozilla Public License 2.0";
|
||||
};
|
||||
|
||||
msrla = {
|
||||
shortName = "MSR-LA";
|
||||
fullName = "Microsoft Research License Agreement";
|
||||
url = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
|
||||
};
|
||||
|
||||
ncsa = spdx {
|
||||
shortName = "NCSA";
|
||||
spdxId = "NCSA";
|
||||
fullName = "University of Illinois/NCSA Open Source License";
|
||||
};
|
||||
|
||||
ofl = spdx {
|
||||
shortName = "OFL-1.1";
|
||||
spdxId = "OFL-1.1";
|
||||
fullName = "SIL Open Font License 1.1";
|
||||
};
|
||||
|
||||
openssl = spdx {
|
||||
shortName = "OpenSSL";
|
||||
spdxId = "OpenSSL";
|
||||
fullName = "OpenSSL License";
|
||||
};
|
||||
|
||||
php301 = spdx {
|
||||
spdxId = "PHP-3.01";
|
||||
fullName = "PHP License v3.01";
|
||||
};
|
||||
|
||||
postgresql = spdx {
|
||||
shortName = "PostgreSQL";
|
||||
spdxId = "PostgreSQL";
|
||||
fullName = "PostgreSQL License";
|
||||
};
|
||||
|
||||
psfl = spdx {
|
||||
shortName = "Python-2.0";
|
||||
spdxId = "Python-2.0";
|
||||
fullName = "Python Software Foundation License version 2";
|
||||
#url = http://docs.python.org/license.html;
|
||||
};
|
||||
|
||||
publicDomain = {
|
||||
shortName = "Public Domain";
|
||||
fullname = "Public Domain";
|
||||
fullName = "Public Domain";
|
||||
};
|
||||
|
||||
qpl = spdx {
|
||||
spdxId = "QPL-1.0";
|
||||
fullName = "Q Public License 1.0";
|
||||
};
|
||||
|
||||
qwt = {
|
||||
fullName = "Qwt License, Version 1.0";
|
||||
url = http://qwt.sourceforge.net/qwtlicense.html;
|
||||
};
|
||||
|
||||
ruby = spdx {
|
||||
spdxId = "Ruby";
|
||||
fullName = "Ruby License";
|
||||
};
|
||||
|
||||
sgi-b-20 = spdx {
|
||||
spdxId = "SGI-B-2.0";
|
||||
fullName = "SGI Free Software License B v2.0";
|
||||
};
|
||||
|
||||
sleepycat = spdx {
|
||||
shortName = "Sleepycat";
|
||||
fullName = "Sleepycat License";
|
||||
spdxId = "Sleepycat";
|
||||
fullName = "Sleepycat License";
|
||||
};
|
||||
|
||||
tcltk = {
|
||||
shortName = "Tcl/Tk";
|
||||
fullName = "Tcl/Tk license";
|
||||
url = http://www.tcl.tk/software/tcltk/license.html;
|
||||
tcltk = spdx {
|
||||
spdxId = "TCL";
|
||||
fullName = "TCL/TK License";
|
||||
};
|
||||
|
||||
unfree = "unfree";
|
||||
unfree = {
|
||||
fullName = "Unfree";
|
||||
free = false;
|
||||
};
|
||||
|
||||
unfreeRedistributable = "unfree-redistributable";
|
||||
unfreeRedistributable = {
|
||||
fullName = "Unfree redistributable";
|
||||
free = false;
|
||||
};
|
||||
|
||||
unfreeRedistributableFirmware = "unfree-redistributable-firmware";
|
||||
unfreeRedistributableFirmware = {
|
||||
fullName = "Unfree redistributable firmware";
|
||||
# Note: we currently consider these "free" for inclusion in the
|
||||
# channel and NixOS images.
|
||||
};
|
||||
|
||||
unlicense = spdx {
|
||||
spdxId = "Unlicense";
|
||||
fullName = "The Unlicense";
|
||||
};
|
||||
|
||||
vsl10 = spdx {
|
||||
spdxId = "VSL-1.0";
|
||||
fullName = "Vovida Software License v1.0";
|
||||
};
|
||||
|
||||
w3c = spdx {
|
||||
spdxId = "W3C";
|
||||
fullName = "W3C Software Notice and License";
|
||||
};
|
||||
|
||||
wadalab = {
|
||||
shortName = "wadalab";
|
||||
fullName = "Wadalab Font License";
|
||||
url = https://fedoraproject.org/wiki/Licensing:Wadalab?rd=Licensing/Wadalab;
|
||||
};
|
||||
|
||||
wtfpl = spdx {
|
||||
spdxId = "WTFPL";
|
||||
fullName = "Do What The F*ck You Want To Public License";
|
||||
};
|
||||
|
||||
zlib = spdx {
|
||||
shortName = "Zlib";
|
||||
spdxId = "Zlib";
|
||||
fullName = "zlib License";
|
||||
};
|
||||
|
||||
zpt20 = spdx { # FIXME: why zpt* instead of zpl*
|
||||
shortName = "ZPL-2.0";
|
||||
spdxId = "ZPL-2.0";
|
||||
fullName = "Zope Public License 2.0";
|
||||
};
|
||||
|
||||
zpt21 = spdx {
|
||||
shortName = "ZPL-2.1";
|
||||
spdxId = "ZPL-2.1";
|
||||
fullName = "Zope Public License 2.1";
|
||||
};
|
||||
|
||||
|
@ -223,4 +223,14 @@ rec {
|
||||
|
||||
crossLists = f: foldl (fs: args: concatMap (f: map f args) fs) [f];
|
||||
|
||||
# Remove duplicate elements from the list
|
||||
unique = list:
|
||||
if list == [] then
|
||||
[]
|
||||
else
|
||||
let
|
||||
x = head list;
|
||||
xs = unique (drop 1 list);
|
||||
in [x] ++ remove x xs;
|
||||
|
||||
}
|
||||
|
@ -5,12 +5,13 @@
|
||||
alphabetically sorted. */
|
||||
|
||||
_1126 = "Christian Lask <mail@elfsechsundzwanzig.de>";
|
||||
abbradar = "Nikolay Amiantov <ab@fmap.me>";
|
||||
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
|
||||
aherrmann = "Andreas Herrmann <andreash87@gmx.ch>";
|
||||
ak = "Alexander Kjeldaas <ak@formalprivacy.com>";
|
||||
akc = "Anders Claesson <akc@akc.is>";
|
||||
algorith = "Dries Van Daele <dries_van_daele@telenet.be>";
|
||||
all = "Nix Committers <nix-commits@lists.science.uu.nl>";
|
||||
abbradar = "Nikolay Amiantov <ab@fmap.me>";
|
||||
amiddelk = "Arie Middelkoop <amiddelk@gmail.com>";
|
||||
amorsillo = "Andrew Morsillo <andrew.morsillo@gmail.com>";
|
||||
AndersonTorres = "Anderson Torres <torres.anderson.85@gmail.com>";
|
||||
@ -18,10 +19,12 @@
|
||||
antono = "Antono Vasiljev <self@antono.info>";
|
||||
aristid = "Aristid Breitkreuz <aristidb@gmail.com>";
|
||||
arobyn = "Alexei Robyn <shados@shados.net>";
|
||||
asppsa = "Alastair Pharo <asppsa@gmail.com>";
|
||||
astsmtl = "Alexander Tsamutali <astsmtl@yandex.ru>";
|
||||
aszlig = "aszlig <aszlig@redmoonstudios.org>";
|
||||
auntie = "Jonathan Glines <auntieNeo@gmail.com>";
|
||||
aycanirican = "Aycan iRiCAN <iricanaycan@gmail.com>";
|
||||
balajisivaraman = "Balaji Sivaraman<sivaraman.balaji@gmail.com>";
|
||||
bbenoist = "Baptist BENOIST <return_0@live.com>";
|
||||
bennofs = "Benno Fünfstück <benno.fuenfstueck@gmail.com>";
|
||||
berdario = "Dario Bertini <berdario@gmail.com>";
|
||||
@ -37,42 +40,57 @@
|
||||
cdepillabout = "Dennis Gosnell <cdep.illabout@gmail.com>";
|
||||
cfouche = "Chaddaï Fouché <chaddai.fouche@gmail.com>";
|
||||
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
|
||||
christopherpoole = "Christopher Mark Poole <mail@christopherpoole.net>";
|
||||
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
|
||||
codyopel = "Cody Opel <codyopel@gmail.com>";
|
||||
copumpkin = "Dan Peebles <pumpkingod@gmail.com>";
|
||||
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
|
||||
cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
|
||||
DamienCassou = "Damien Cassou <damien.cassou@gmail.com>";
|
||||
DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
|
||||
davidrusu = "David Rusu <davidrusu.me@gmail.com>";
|
||||
dbohdan = "Danyil Bohdan <danyil.bohdan@gmail.com>";
|
||||
DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
|
||||
dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
|
||||
doublec = "Chris Double <chris.double@double.co.nz>";
|
||||
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
|
||||
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
|
||||
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
|
||||
eikek = "Eike Kettner <eike.kettner@posteo.de>";
|
||||
ellis = "Ellis Whitehead <nixos@ellisw.net>";
|
||||
emery = "Emery Hemingway <emery@vfemail.net>";
|
||||
ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
|
||||
exlevan = "Alexey Levan <exlevan@gmail.com>";
|
||||
falsifian = "James Cook <james.cook@utoronto.ca>";
|
||||
flosse = "Markus Kohlhase <mail@markus-kohlhase.de>";
|
||||
fluffynukeit = "Daniel Austin <dan@fluffynukeit.com>";
|
||||
fpletz = "Franz Pletz <fpletz@fnordicwalking.de>";
|
||||
ftrvxmtrx = "Siarhei Zirukin <ftrvxmtrx@gmail.com>";
|
||||
funfunctor = "Edward O'Callaghan <eocallaghan@alterapraxis.com>";
|
||||
fuuzetsu = "Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>";
|
||||
gal_bolle = "Florent Becker <florent.becker@ens-lyon.org>";
|
||||
garbas = "Rok Garbas <rok@garbas.si>";
|
||||
gavin = "Gavin Rogers <gavin@praxeology.co.uk>";
|
||||
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
|
||||
guibert = "David Guibert <david.guibert@gmail.com>";
|
||||
henrytill = "Henry Till <henrytill@gmail.com>";
|
||||
hinton = "Tom Hinton <t@larkery.com>";
|
||||
hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";
|
||||
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
|
||||
iElectric = "Domen Kozar <domen@dev.si>";
|
||||
iyzsong = "Song Wenwu <iyzsong@gmail.com>";
|
||||
jagajaga = "Arseniy Seroka <ars.seroka@gmail.com>";
|
||||
jcumming = "Jack Cummings <jack@mudshark.org>";
|
||||
jgeerds = "Jascha Geerds <jg@ekby.de>";
|
||||
jirkamarsik = "Jirka Marsik <jiri.marsik89@gmail.com>";
|
||||
joachifm = "Joachim Fasting <joachifm@fastmail.fm>";
|
||||
joamaki = "Jussi Maki <joamaki@gmail.com>";
|
||||
joelteon = "Joel Taylor <me@joelt.io>";
|
||||
jpbernardy = "Jean-Philippe Bernardy <jeanphilippe.bernardy@gmail.com>";
|
||||
jwiegley = "John Wiegley <johnw@newartisans.com>";
|
||||
jzellner = "Jeff Zellner <jeffz@eml.cc>";
|
||||
kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
|
||||
koral = "Koral <koral@mailoo.org>";
|
||||
kragniz = "Louis Taylor <kragniz@gmail.com>";
|
||||
ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
|
||||
lethalman = "Luca Bruno <lucabru@src.gnome.org>";
|
||||
lhvwb = "Nathaniel Baxter <nathaniel.baxter@gmail.com>";
|
||||
@ -80,6 +98,7 @@
|
||||
lovek323 = "Jason O'Conal <jason@oconal.id.au>";
|
||||
ludo = "Ludovic Courtès <ludo@gnu.org>";
|
||||
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
|
||||
magnetophon = "Bart Brouns <bart@magnetophon.nl>";
|
||||
manveru = "Michael Fellinger <m.fellinger@gmail.com>";
|
||||
marcweber = "Marc Weber <marco-oweber@gmx.de>";
|
||||
matejc = "Matej Cotman <cotman.matej@gmail.com>";
|
||||
@ -89,19 +108,24 @@
|
||||
mornfall = "Petr Ročkai <me@mornfall.net>";
|
||||
MP2E = "Cray Elliott <MP2E@archlinux.us>";
|
||||
msackman = "Matthew Sackman <matthew@wellquite.org>";
|
||||
muflax = "Stefan Dorn <mail@muflax.com>";
|
||||
nathan-gs = "Nathan Bijnens <nathan@nathan.gs>";
|
||||
nckx = "Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>";
|
||||
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
|
||||
nslqqq = "Nikita Mikhailov <nslqqq@gmail.com>";
|
||||
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
|
||||
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
|
||||
olcai = "Erik Timan <dev@timan.info>";
|
||||
orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
|
||||
page = "Carles Pagès <page@cubata.homelinux.net>";
|
||||
pashev = "Igor Pashev <pashev.igor@gmail.com>";
|
||||
phreedom = "Evgeny Egorochkin <phreedom@yandex.ru>";
|
||||
pierron = "Nicolas B. Pierron <nixos@nbp.name>";
|
||||
piotr = "Piotr Pietraszkiewicz <ppietrasa@gmail.com>";
|
||||
pkmx = "Chih-Mao Chen <pkmx.tw@gmail.com>";
|
||||
plcplc = "Philip Lykke Carlsen <plcplc@gmail.com>";
|
||||
pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
|
||||
puffnfresh = "Brian McKenna <brian@brianmckenna.org>";
|
||||
qknight = "Joachim Schiele <js@lastlog.de>";
|
||||
raskin = "Michael Raskin <7c6f434c@mail.ru>";
|
||||
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
|
||||
@ -116,20 +140,27 @@
|
||||
rszibele = "Richard Szibele <richard_szibele@hotmail.com>";
|
||||
rycee = "Robert Helgesson <robert@rycee.net>";
|
||||
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
|
||||
schristo = "Scott Christopher <schristopher@konputa.com>";
|
||||
sepi = "Raffael Mancini <raffael@mancini.lu>";
|
||||
shell = "Shell Turner <cam.turn@gmail.com>";
|
||||
shlevy = "Shea Levy <shea@shealevy.com>";
|
||||
simons = "Peter Simons <simons@cryp.to>";
|
||||
sjmackenzie = "Stewart Mackenzie <setori88@gmail.com>";
|
||||
skeidel = "Sven Keidel <svenkeidel@gmail.com>";
|
||||
smironov = "Sergey Mironov <ierton@gmail.com>";
|
||||
sprock = "Roger Mason <rmason@mun.ca>";
|
||||
spwhitt = "Spencer Whitt <sw@swhitt.me>";
|
||||
sztupi = "Attila Sztupak <attila.sztupak@gmail.com>";
|
||||
tailhook = "Paul Colomiets <paul@colomiets.name>";
|
||||
thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
|
||||
the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
|
||||
thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
|
||||
titanous = "Jonathan Rudenberg <jonathan@titanous.com>";
|
||||
tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
|
||||
tstrobel = "Thomas Strobel <ts468@cam.ac.uk>";
|
||||
ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
|
||||
tv = "Tomislav Viljetić <tv@shackspace.de>";
|
||||
twey = "James ‘Twey’ Kay <twey@twey.co.uk>";
|
||||
urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
|
||||
vandenoever = "Jos van den Oever <jos@vandenoever.info>";
|
||||
vbgl = "Vincent Laporte <Vincent.Laporte@gmail.com>";
|
||||
@ -138,6 +169,7 @@
|
||||
viric = "Lluís Batlle i Rossell <viric@viric.name>";
|
||||
vizanto = "Danny Wilson <danny@prime.vc>";
|
||||
vlstill = "Vladimír Štill <xstill@fi.muni.cz>";
|
||||
vozz = "Oliver Hunt <oliver.huntuk@gmail.com>";
|
||||
winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
|
||||
wizeman = "Ricardo M. Correia <rcorreia@wizy.org>";
|
||||
wjlroe = "William Roe <willroe@gmail.com>";
|
||||
@ -149,4 +181,5 @@
|
||||
zef = "Zef Hemel <zef@zef.me>";
|
||||
zimbatm = "zimbatm <zimbatm@zimbatm.com>";
|
||||
zoomulator = "Kim Simmons <zoomulator@gmail.com>";
|
||||
Gonzih = "Max Gonzih <gonzih@gmail.com>";
|
||||
}
|
||||
|
@ -58,7 +58,7 @@ rec {
|
||||
if m ? config || m ? options then
|
||||
let badAttrs = removeAttrs m ["imports" "options" "config" "key" "_file"]; in
|
||||
if badAttrs != {} then
|
||||
throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'."
|
||||
throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by assignments to the top-level attributes `config' or `options'."
|
||||
else
|
||||
{ file = m._file or file;
|
||||
key = toString m.key or key;
|
||||
|
14
maintainers/docker/.dockerignore
Normal file
14
maintainers/docker/.dockerignore
Normal file
@ -0,0 +1,14 @@
|
||||
*~
|
||||
,*
|
||||
.*.swp
|
||||
.*.swo
|
||||
result
|
||||
result-*
|
||||
/doc/NEWS.html
|
||||
/doc/NEWS.txt
|
||||
/doc/manual.html
|
||||
/doc/manual.pdf
|
||||
.version-suffix
|
||||
|
||||
.DS_Store
|
||||
.git
|
12
maintainers/docker/Dockerfile
Normal file
12
maintainers/docker/Dockerfile
Normal file
@ -0,0 +1,12 @@
|
||||
FROM busybox
|
||||
|
||||
RUN dir=`mktemp -d` && trap 'rm -rf "$dir"' EXIT && \
|
||||
wget -O- http://nixos.org/releases/nix/nix-1.7/nix-1.7-x86_64-linux.tar.bz2 | bzcat | tar x -C $dir && \
|
||||
mkdir -m 0755 /nix && USER=root sh $dir/*/install && \
|
||||
echo ". /root/.nix-profile/etc/profile.d/nix.sh" >> /etc/profile
|
||||
|
||||
ADD . /root/nix/nixpkgs
|
||||
ONBUILD ENV NIX_PATH nixpkgs=/root/nix/nixpkgs:nixos=/root/nix/nixpkgs/nixos
|
||||
ONBUILD ENV PATH /root/.nix-profile/bin:/root/.nix-profile/sbin:/bin:/sbin:/usr/bin:/usr/sbin
|
||||
ONBUILD ENV ENV /etc/profile
|
||||
ENV ENV /etc/profile
|
@ -1,29 +1,40 @@
|
||||
#! /usr/bin/env bash
|
||||
set -e
|
||||
|
||||
# Install Nix
|
||||
bash <(curl https://nixos.org/nix/install)
|
||||
source $HOME/.nix-profile/etc/profile.d/nix.sh
|
||||
export NIX_CURL_FLAGS=-sS
|
||||
|
||||
# Make sure we can use hydra's binary cache
|
||||
sudo mkdir /etc/nix
|
||||
sudo tee /etc/nix/nix.conf <<EOF
|
||||
if [[ $1 == nix ]]; then
|
||||
echo "=== Installing Nix..."
|
||||
# Install Nix
|
||||
bash <(curl -sS https://nixos.org/nix/install)
|
||||
source $HOME/.nix-profile/etc/profile.d/nix.sh
|
||||
|
||||
# Make sure we can use hydra's binary cache
|
||||
sudo mkdir /etc/nix
|
||||
sudo tee /etc/nix/nix.conf <<EOF >/dev/null
|
||||
binary-caches = http://cache.nixos.org http://hydra.nixos.org
|
||||
trusted-binary-caches = http://hydra.nixos.org
|
||||
build-max-jobs = 4
|
||||
EOF
|
||||
|
||||
if [ "${TRAVIS_PULL_REQUEST}" = "false" ]; then
|
||||
echo "Not a pull request, checking evaluation"
|
||||
nix-build pkgs/top-level/release.nix -A tarball
|
||||
exit 0
|
||||
# Verify evaluation
|
||||
echo "=== Verifying that nixpkgs evaluates..."
|
||||
nix-env -f. -qa --json >/dev/null
|
||||
elif [[ $1 == nox ]]; then
|
||||
echo "=== Installing nox..."
|
||||
git clone -q https://github.com/madjar/nox
|
||||
pip --quiet install -e nox
|
||||
elif [[ $1 == build ]]; then
|
||||
source $HOME/.nix-profile/etc/profile.d/nix.sh
|
||||
|
||||
if [[ $TRAVIS_PULL_REQUEST == false ]]; then
|
||||
echo "===> Not a pull request, checking evaluation"
|
||||
nix-build pkgs/top-level/release.nix -A tarball
|
||||
else
|
||||
echo "=== Checking PR"
|
||||
nox-review pr ${TRAVIS_PULL_REQUEST}
|
||||
fi
|
||||
else
|
||||
echo "$0: Unknown option $1" >&2
|
||||
false
|
||||
fi
|
||||
|
||||
echo "Installing nox"
|
||||
git clone https://github.com/madjar/nox
|
||||
pip --quiet install -e nox
|
||||
|
||||
echo "Reviewing PR"
|
||||
# The current HEAD is the PR merged into origin/master, so we compare
|
||||
# against origin/master
|
||||
nox-review wip --against origin/master
|
||||
|
@ -1,3 +1,6 @@
|
||||
viric viriketo@gmail.com
|
||||
Pjotr Prins pjotr.public01@thebird.nl
|
||||
Pjotr Prins pjotr.public05@thebird.nl
|
||||
Wouter den Breejen wbreejen
|
||||
MarcWeber marcweber
|
||||
Ricardo Correia Ricardo M. Correia
|
||||
|
@ -3,25 +3,55 @@
|
||||
export LANG=C LC_ALL=C LC_COLLATE=C
|
||||
|
||||
# Load git log
|
||||
git_data="$(git log | grep 'Author:' |
|
||||
sed -e 's/^ *Author://; s/\\//g; s/^ *//; s/ *$//;
|
||||
raw_git_log="$(git log)"
|
||||
git_data="$(echo "$raw_git_log" | grep 'Author:' |
|
||||
sed -e 's/^ *Author://; s/\\//g; s/^ *//; s/ *$//;
|
||||
s/ @ .*//; s/ *[<]/\t/; s/[>]//')"
|
||||
|
||||
# Name - nick - email correspondence from log and from maintainer list
|
||||
# Also there are a few manual entries
|
||||
maintainers="$(cat "$(dirname "$0")/../../lib/maintainers.nix" |
|
||||
maintainers="$(cat "$(dirname "$0")/../../lib/maintainers.nix" |
|
||||
grep '=' | sed -re 's/\\"/''/g;
|
||||
s/ *([^ =]*) *= *" *(.*[^ ]) *[<](.*)[>] *".*/\1\t\2\t\3/')"
|
||||
git_lines="$( ( echo "$git_data";
|
||||
cat vanity-manual-equalities.txt) | sort |uniq)"
|
||||
git_lines="$( ( echo "$git_data";
|
||||
cat "$(dirname "$0")/vanity-manual-equalities.txt") | sort |uniq)"
|
||||
|
||||
emails="$(
|
||||
( echo "$maintainers" | cut -f 3; echo "$git_data" | cut -f 2 ) |
|
||||
sort | uniq | grep -E ".+@.+[.].+"
|
||||
)"
|
||||
|
||||
fetchGithubName () {
|
||||
commitid="$(
|
||||
echo "$raw_git_log" | grep -B3 "Author: .*[<]$1[>]" | head -n 3 |
|
||||
grep '^commit ' | tail -n 1 | sed -e 's/^commit //'
|
||||
)"
|
||||
userid="$(
|
||||
curl https://github.com/NixOS/nixpkgs/commit/"$commitid" 2>/dev/null |
|
||||
grep authored -B10 | grep 'href="/' |
|
||||
sed -re 's@.* href="/@@; s@".*@@' |
|
||||
grep -v "/commit/"
|
||||
)";
|
||||
echo "$userid"
|
||||
}
|
||||
|
||||
[ -n "$NIXPKGS_GITHUB_NAME_CACHE" ] && {
|
||||
echo "$emails" | while read email; do
|
||||
line="$(grep "$email " "$NIXPKGS_GITHUB_NAME_CACHE")"
|
||||
[ -z "$line" ] && {
|
||||
echo "$email $(fetchGithubName "$email")" >> \
|
||||
"$NIXPKGS_GITHUB_NAME_CACHE"
|
||||
}
|
||||
done
|
||||
}
|
||||
|
||||
# For RDF
|
||||
normalize_name () {
|
||||
sed -e 's/ /_/g; s/'\''/*/g; s/"/**/g;'
|
||||
sed -e 's/%/%25/g; s/ /%20/g; s/'\''/%27/g; s/"/%22/g; s/`/%60/g'
|
||||
}
|
||||
|
||||
denormalize_name () {
|
||||
sed -e 's/_/ /g; s/[*][*]/"/g; s/[*]/'\''/g;'
|
||||
sed -e 's/%20/ /g; s/%27/'\''/g; s/%22/"/g; s/%60/`/g; s/%25/%/g;';
|
||||
}
|
||||
|
||||
n3="$(mktemp --suffix .n3)"
|
||||
@ -37,6 +67,9 @@ echo "$maintainers" | sed -re 's@(.*)\t(.*)\t(.*)@<my://name/\3> <my://can-be> <
|
||||
echo "$git_lines" | grep ' ' | cut -f 1 | sed -e 's@.*@<my://name/&> <my://is-name> <my://0>.@'
|
||||
echo "$git_lines" | grep -v ' ' | cut -f 1 | sed -e 's@.*@<my://name/&> <my://is-name> <my://1>.@'
|
||||
echo "$maintainers" | cut -f 2 | sed -e 's@.*@<my://name/&> <my://is-name> <my://0>.@'
|
||||
[ -n "$NIXPKGS_GITHUB_NAME_CACHE" ] && cat "$NIXPKGS_GITHUB_NAME_CACHE" |
|
||||
grep -v " $" |
|
||||
sed -re 's@(.*)\t(.*)@<my://name/\1> <my://at-github> <my://github/\2>.@'
|
||||
) | normalize_name | grep -E '<my://[-a-z]+>' | sort | uniq > "$n3"
|
||||
|
||||
# Get transitive closure
|
||||
@ -47,19 +80,43 @@ name_list="$(
|
||||
?x <my://can-be>+ ?y.
|
||||
?x <my://is-name> ?g.
|
||||
}
|
||||
" | tail -n +2 |
|
||||
sed -re 's@<my://name/@@g; s@<my://@@g; s@>@@g;' |
|
||||
" | tail -n +2 |
|
||||
sed -re 's@<my://name/@@g; s@<my://@@g; s@>@@g;' |
|
||||
sort -k 2,3 -t ' '
|
||||
)"
|
||||
github_name_list="$(
|
||||
"$sparql" --results=TSV --data="$n3" "
|
||||
select ?x ?y where {
|
||||
?x (<my://can-be>+ / <my://at-github>) ?y.
|
||||
}
|
||||
" | tail -n +2 |
|
||||
sed -re 's@<my://(name|github)/@@g; s@<my://@@g; s@>@@g;'
|
||||
)"
|
||||
|
||||
# Take first spelling option for every person
|
||||
name_list_canonical="$(echo "$name_list" | cut -f 1,2 | uniq -f1)"
|
||||
|
||||
cleaner_script="$(echo "$name_list_canonical" | denormalize_name |
|
||||
cleaner_script="$(echo "$name_list_canonical" | denormalize_name |
|
||||
sed -re 's/(.*)\t(.*)/s#^\2$#\1#g/g')"
|
||||
|
||||
# Add github usernames
|
||||
if [ -n "$NIXPKGS_GITHUB_NAME_CACHE" ]; then
|
||||
github_adder_script="$(echo "$github_name_list" |
|
||||
grep -E "$(echo "$name_list_canonical" | cut -f 2 |
|
||||
tr '\n' '|' )" |
|
||||
sort | uniq |
|
||||
sed -re 's/(.*)\t(.*)/s| \1$| \1\t\2|g;/' |
|
||||
denormalize_name
|
||||
)"
|
||||
else
|
||||
github_adder_script=''
|
||||
fi
|
||||
|
||||
echo "$name_list" | denormalize_name
|
||||
|
||||
echo
|
||||
|
||||
echo "$git_data" | cut -f 1 | sed -re "$cleaner_script" | sort | uniq -c | sort -k1n
|
||||
echo "$git_data" | cut -f 1 |
|
||||
sed -e "$cleaner_script" |
|
||||
sort | uniq -c | sort -k1n | sed -re "$github_adder_script" |
|
||||
sed -re 's/^ *([0-9]+) /\1\t/'
|
||||
|
@ -56,7 +56,7 @@ root file system), you can use
|
||||
boot.initrd.extraKernelModules = [ "cifs" ];
|
||||
</programlisting>
|
||||
This causes the specified modules and their dependencies to be added
|
||||
to the initial ramdark.</para>
|
||||
to the initial ramdisk.</para>
|
||||
|
||||
<para>Kernel runtime parameters can be set through
|
||||
<option>boot.kernel.sysctl</option>, e.g.
|
||||
|
@ -13,7 +13,7 @@ use NetworkManager. You can enable NetworkManager by setting:
|
||||
services.networkmanager.enable = true;
|
||||
</programlisting>
|
||||
|
||||
Some desktop managers (e.g., GNOME) enable NetworkManager
|
||||
some desktop managers (e.g., GNOME) enable NetworkManager
|
||||
automatically for you.</para>
|
||||
|
||||
<para>All users that should have permission to change network settings
|
||||
|
@ -30,34 +30,13 @@ let
|
||||
else
|
||||
fn;
|
||||
|
||||
# Convert the list of options into an XML file and a JSON file. The builtin
|
||||
# unsafeDiscardStringContext is used to prevent the realisation of the store
|
||||
# paths which are used in options definitions.
|
||||
# Convert the list of options into an XML file. The builtin
|
||||
# unsafeDiscardStringContext is used to prevent the realisation of
|
||||
# the store paths which are used in options definitions.
|
||||
optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML optionsList'));
|
||||
optionsJSON = builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON optionsList'));
|
||||
|
||||
# Tools-friendly version of the list of NixOS options.
|
||||
options' = stdenv.mkDerivation {
|
||||
name = "options";
|
||||
|
||||
buildCommand = ''
|
||||
# Export list of options in different format.
|
||||
dst=$out/share/doc/nixos
|
||||
mkdir -p $dst
|
||||
|
||||
cp ${optionsJSON} $dst/options.json
|
||||
cp ${optionsXML} $dst/options.xml
|
||||
|
||||
mkdir -p $out/nix-support
|
||||
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
|
||||
echo "file xml $dst/options.xml" >> $out/nix-support/hydra-build-products
|
||||
''; # */
|
||||
|
||||
meta.description = "List of NixOS options in various formats.";
|
||||
};
|
||||
|
||||
optionsDocBook = runCommand "options-db.xml" {} ''
|
||||
optionsXML=${options'}/share/doc/nixos/options.xml
|
||||
optionsXML=${optionsXML}
|
||||
if grep /nixpkgs/nixos/modules $optionsXML; then
|
||||
echo "The manual appears to depend on the location of Nixpkgs, which is bad"
|
||||
echo "since this prevents sharing via the NixOS channel. This is typically"
|
||||
@ -83,8 +62,25 @@ let
|
||||
|
||||
in rec {
|
||||
|
||||
# Tools-friendly version of the list of NixOS options.
|
||||
options = options';
|
||||
# The NixOS options in JSON format.
|
||||
optionsJSON = stdenv.mkDerivation {
|
||||
name = "options-json";
|
||||
|
||||
buildCommand = ''
|
||||
# Export list of options in different format.
|
||||
dst=$out/share/doc/nixos
|
||||
mkdir -p $dst
|
||||
|
||||
cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON
|
||||
(listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList'))))
|
||||
} $dst/options.json
|
||||
|
||||
mkdir -p $out/nix-support
|
||||
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
|
||||
''; # */
|
||||
|
||||
meta.description = "List of NixOS options in JSON format";
|
||||
};
|
||||
|
||||
# Generate the NixOS manual.
|
||||
manual = stdenv.mkDerivation {
|
||||
|
@ -39,24 +39,13 @@ $ firefox result/log.html
|
||||
|
||||
</para>
|
||||
|
||||
<para>It is also possible to run the test environment interactively,
|
||||
allowing you to experiment with the VMs. For example:
|
||||
<title>Running Tests interactively</title>
|
||||
|
||||
<screen>
|
||||
$ nix-build login.nix -A driver
|
||||
$ ./result/bin/nixos-run-vms
|
||||
</screen>
|
||||
|
||||
The script <command>nixos-run-vms</command> starts the virtual
|
||||
machines defined by test. The root file system of the VMs is created
|
||||
on the fly and kept across VM restarts in
|
||||
<filename>./</filename><varname>hostname</varname><filename>.qcow2</filename>.</para>
|
||||
|
||||
<para>Finally, the test itself can be run interactively. This is
|
||||
<para>The test itself can be run interactively. This is
|
||||
particularly useful when developing or debugging a test:
|
||||
|
||||
<screen>
|
||||
$ nix-build tests/ -A nfs.driver
|
||||
$ nix-build nixos/tests/login.nix -A driver
|
||||
$ ./result/bin/nixos-test-driver
|
||||
starting VDE switch for network 1
|
||||
>
|
||||
@ -66,6 +55,7 @@ You can then take any Perl statement, e.g.
|
||||
|
||||
<screen>
|
||||
> startAll
|
||||
> testScript
|
||||
> $machine->succeed("touch /tmp/foo")
|
||||
</screen>
|
||||
|
||||
@ -74,4 +64,16 @@ script and drops you back into the test driver command line upon its
|
||||
completion. This allows you to inspect the state of the VMs after the
|
||||
test (e.g. to debug the test script).</para>
|
||||
|
||||
</section>
|
||||
<para>To just start and experiment with the VMs, run:
|
||||
|
||||
<screen>
|
||||
$ nix-build nixos/tests/login.nix -A driver
|
||||
$ ./result/bin/nixos-run-vms
|
||||
</screen>
|
||||
|
||||
The script <command>nixos-run-vms</command> starts the virtual
|
||||
machines defined by test. The root file system of the VMs is created
|
||||
on the fly and kept across VM restarts in
|
||||
<filename>./</filename><varname>hostname</varname><filename>.qcow2</filename>.</para>
|
||||
|
||||
</section>
|
||||
|
@ -11,14 +11,9 @@
|
||||
<listitem><para>Boot from the CD.</para></listitem>
|
||||
|
||||
<listitem><para>The CD contains a basic NixOS installation. (It
|
||||
also contains Memtest86+, useful if you want to test new hardware.)
|
||||
also contains Memtest86+, useful if you want to test new hardware).
|
||||
When it’s finished booting, it should have detected most of your
|
||||
hardware and brought up networking (check
|
||||
<command>ifconfig</command>). Networking is necessary for the
|
||||
installer, since it will download lots of stuff (such as source
|
||||
tarballs or Nixpkgs channel binaries). It’s best if you have a DHCP
|
||||
server on your network. Otherwise configure networking manually
|
||||
using <command>ifconfig</command>.</para></listitem>
|
||||
hardware.</para></listitem>
|
||||
|
||||
<listitem><para>The NixOS manual is available on virtual console 8
|
||||
(press Alt+F8 to access).</para></listitem>
|
||||
@ -29,6 +24,16 @@
|
||||
<listitem><para>If you downloaded the graphical ISO image, you can
|
||||
run <command>start display-manager</command> to start KDE.</para></listitem>
|
||||
|
||||
<listitem><para>The boot process should have brought up networking (check
|
||||
<command>ip a</command>). Networking is necessary for the
|
||||
installer, since it will download lots of stuff (such as source
|
||||
tarballs or Nixpkgs channel binaries). It’s best if you have a DHCP
|
||||
server on your network. Otherwise configure networking manually
|
||||
using <command>ifconfig</command>.</para>
|
||||
<para>To manually configure the network on the graphical installer,
|
||||
first disable network-manager with
|
||||
<command>systemctl stop network-manager</command>.</para></listitem>
|
||||
|
||||
<listitem><para>The NixOS installer doesn’t do any partitioning or
|
||||
formatting yet, so you need to that yourself. Use the following
|
||||
commands:
|
||||
|
@ -63,7 +63,7 @@ end.) For instance, to use the NixOS 14.04 stable channel:
|
||||
$ nix-channel --add http://nixos.org/channels/nixos-14.04 nixos
|
||||
</screen>
|
||||
|
||||
But it you want to live on the bleeding edge:
|
||||
But if you want to live on the bleeding edge:
|
||||
|
||||
<screen>
|
||||
$ nix-channel --add http://nixos.org/channels/nixos-unstable nixos
|
||||
|
@ -10,7 +10,7 @@
|
||||
<para>This section lists the release notes for each stable version of NixOS.</para>
|
||||
</partintro>
|
||||
|
||||
<xi:include href="rl-1410.xml" />
|
||||
<xi:include href="rl-1411.xml" />
|
||||
<xi:include href="rl-1404.xml" />
|
||||
<xi:include href="rl-1310.xml" />
|
||||
|
||||
|
@ -1,22 +0,0 @@
|
||||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-release-14.10">
|
||||
|
||||
<title>Release 14.10 (“Caterpillar”, 2014/10/??)</title>
|
||||
|
||||
<para>When upgrading from a previous release, please be aware of the
|
||||
following incompatible changes:
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>The host side of a container virtual Ethernet pair
|
||||
is now called <literal>ve-<replaceable>container-name</replaceable></literal>
|
||||
rather than <literal>c-<replaceable>container-name</replaceable></literal>.</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
</para>
|
||||
|
||||
</chapter>
|
37
nixos/doc/manual/release-notes/rl-1411.xml
Normal file
37
nixos/doc/manual/release-notes/rl-1411.xml
Normal file
@ -0,0 +1,37 @@
|
||||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-release-14.11">
|
||||
|
||||
<title>Release 14.11 (“Caterpillar”, 2014/11/??)</title>
|
||||
|
||||
<para>When upgrading from a previous release, please be aware of the
|
||||
following incompatible changes:
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>The default version of Apache httpd is now 2.4. If
|
||||
you use the <option>extraConfig</option> option to pass literal
|
||||
Apache configuration text, you may need to update it — see <link
|
||||
xlink:href="http://httpd.apache.org/docs/2.4/upgrading.html">Apache’s
|
||||
documentation</link> for details. If you wish to continue to use
|
||||
httpd 2.2, add the following line to your NixOS configuration:
|
||||
|
||||
<programlisting>
|
||||
services.httpd.package = pkgs.apacheHttpd_2_2;
|
||||
</programlisting>
|
||||
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>The host side of a container virtual Ethernet pair
|
||||
is now called <literal>ve-<replaceable>container-name</replaceable></literal>
|
||||
rather than <literal>c-<replaceable>container-name</replaceable></literal>.</para></listitem>
|
||||
|
||||
<listitem><para>GNOME 3.10 support has been dropped. The default GNOME version is now 3.12.</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
</para>
|
||||
|
||||
</chapter>
|
@ -19,7 +19,8 @@ in
|
||||
{
|
||||
imports = [ ./amazon-base-config.nix ];
|
||||
ec2.hvm = true;
|
||||
boot.loader.grub.device = lib.mkOverride 0 "nodev";
|
||||
boot.loader.grub.device = lib.mkOverride 0 "/dev/xvdg";
|
||||
boot.kernelParams = [ "console=ttyS0" ];
|
||||
|
||||
boot.initrd.extraUtilsCommands = ''
|
||||
cp -v ${pkgs.gawk}/bin/gawk $out/bin/gawk
|
||||
|
@ -19,8 +19,17 @@ parser.add_argument('--key', dest='key_name', action='store_true', help='Keypair
|
||||
args = parser.parse_args()
|
||||
|
||||
instance_type = "m3.medium" if args.hvm else "m1.small"
|
||||
ebs_size = 8 if args.hvm else 20
|
||||
|
||||
if args.hvm:
|
||||
virtualization_type = "hvm"
|
||||
root_block = "/dev/sda1"
|
||||
image_type = 'hvm'
|
||||
else:
|
||||
virtualization_type = "paravirtual"
|
||||
root_block = "/dev/sda"
|
||||
image_type = 'ebs'
|
||||
|
||||
ebs_size = 20
|
||||
|
||||
# Start a NixOS machine in the given region.
|
||||
f = open("ebs-creator-config.nix", "w")
|
||||
@ -76,10 +85,6 @@ if args.hvm:
|
||||
m.upload_file("./amazon-hvm-config.nix", "/mnt/etc/nixos/configuration.nix")
|
||||
m.upload_file("./amazon-hvm-install-config.nix", "/mnt/etc/nixos/amazon-hvm-install-config.nix")
|
||||
m.run_command("NIXOS_CONFIG=/etc/nixos/amazon-hvm-install-config.nix nixos-install")
|
||||
m.run_command('nix-env -iA nixos.pkgs.grub')
|
||||
m.run_command('cp /nix/store/*-grub-0.97*/lib/grub/i386-pc/* /mnt/boot/grub')
|
||||
m.run_command('echo "(hd1) /dev/xvdg" > device.map')
|
||||
m.run_command('echo -e "root (hd1,0)\nsetup (hd1)" | grub --device-map=device.map --batch')
|
||||
else:
|
||||
m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/configuration.nix")
|
||||
m.run_command("nixos-install")
|
||||
@ -87,7 +92,7 @@ else:
|
||||
m.run_command("umount /mnt")
|
||||
|
||||
if args.hvm:
|
||||
ami_name = "nixos-{0}-x86_64-ebs-hvm".format(version)
|
||||
ami_name = "nixos-{0}-x86_64-hvm".format(version)
|
||||
description = "NixOS {0} (x86_64; EBS root; hvm)".format(version)
|
||||
else:
|
||||
ami_name = "nixos-{0}-x86_64-ebs".format(version)
|
||||
@ -102,58 +107,40 @@ def check():
|
||||
|
||||
m.connect()
|
||||
volume = m._conn.get_all_volumes([], filters={'attachment.instance-id': m.resource_id, 'attachment.device': "/dev/sdg"})[0]
|
||||
if args.hvm:
|
||||
instance = m._conn.run_instances( image_id="ami-5f491f36"
|
||||
, instance_type=instance_type
|
||||
, key_name=args.key_name
|
||||
, placement=m.zone
|
||||
, security_groups=["eelco-test"]).instances[0]
|
||||
nixops.util.check_wait(lambda: instance.update() == 'running', max_tries=120)
|
||||
instance.stop()
|
||||
nixops.util.check_wait(lambda: instance.update() == 'stopped', max_tries=120)
|
||||
old_root_volume = m._conn.get_all_volumes([], filters={'attachment.instance-id': instance.id, 'attachment.device': "/dev/sda1"})[0]
|
||||
old_root_volume.detach()
|
||||
volume.detach()
|
||||
nixops.util.check_wait(lambda: volume.update() == 'available', max_tries=120)
|
||||
nixops.util.check_wait(lambda: old_root_volume.update() == 'available', max_tries=120)
|
||||
volume.attach(instance.id, '/dev/sda1')
|
||||
nixops.util.check_wait(lambda: volume.update() == 'in-use', max_tries=120)
|
||||
|
||||
ami_id = m._conn.create_image(instance.id, ami_name, description)
|
||||
time.sleep(5)
|
||||
image = m._conn.get_all_images([ami_id])[0]
|
||||
nixops.util.check_wait(lambda: image.update() == 'available', max_tries=120)
|
||||
instance.terminate()
|
||||
# Create a snapshot.
|
||||
snapshot = volume.create_snapshot(description=description)
|
||||
print >> sys.stderr, "created snapshot {0}".format(snapshot.id)
|
||||
|
||||
else:
|
||||
# Create a snapshot.
|
||||
snapshot = volume.create_snapshot(description=description)
|
||||
print >> sys.stderr, "created snapshot {0}".format(snapshot.id)
|
||||
nixops.util.check_wait(check, max_tries=120)
|
||||
|
||||
nixops.util.check_wait(check, max_tries=120)
|
||||
m._conn.create_tags([snapshot.id], {'Name': ami_name})
|
||||
|
||||
m._conn.create_tags([snapshot.id], {'Name': ami_name})
|
||||
if not args.keep: depl.destroy_resources()
|
||||
|
||||
if not args.keep: depl.destroy_resources()
|
||||
# Register the image.
|
||||
aki = m._conn.get_all_images(filters={'manifest-location': 'ec2*pv-grub-hd0_1.03-x86_64*'})[0]
|
||||
print >> sys.stderr, "using kernel image {0} - {1}".format(aki.id, aki.location)
|
||||
|
||||
# Register the image.
|
||||
aki = m._conn.get_all_images(filters={'manifest-location': '*pv-grub-hd0_1.03-x86_64*'})[0]
|
||||
print >> sys.stderr, "using kernel image {0} - {1}".format(aki.id, aki.location)
|
||||
block_map = BlockDeviceMapping()
|
||||
block_map[root_block] = BlockDeviceType(snapshot_id=snapshot.id, delete_on_termination=True, size=ebs_size, volume_type="gp2")
|
||||
block_map['/dev/sdb'] = BlockDeviceType(ephemeral_name="ephemeral0")
|
||||
block_map['/dev/sdc'] = BlockDeviceType(ephemeral_name="ephemeral1")
|
||||
block_map['/dev/sdd'] = BlockDeviceType(ephemeral_name="ephemeral2")
|
||||
block_map['/dev/sde'] = BlockDeviceType(ephemeral_name="ephemeral3")
|
||||
|
||||
block_map = BlockDeviceMapping()
|
||||
block_map['/dev/sda'] = BlockDeviceType(snapshot_id=snapshot.id, delete_on_termination=True)
|
||||
block_map['/dev/sdb'] = BlockDeviceType(ephemeral_name="ephemeral0")
|
||||
block_map['/dev/sdc'] = BlockDeviceType(ephemeral_name="ephemeral1")
|
||||
block_map['/dev/sdd'] = BlockDeviceType(ephemeral_name="ephemeral2")
|
||||
block_map['/dev/sde'] = BlockDeviceType(ephemeral_name="ephemeral3")
|
||||
|
||||
ami_id = m._conn.register_image(
|
||||
common_args = dict(
|
||||
name=ami_name,
|
||||
description=description,
|
||||
architecture="x86_64",
|
||||
root_device_name="/dev/sda",
|
||||
kernel_id=aki.id,
|
||||
block_device_map=block_map)
|
||||
root_device_name=root_block,
|
||||
block_device_map=block_map,
|
||||
virtualization_type=virtualization_type,
|
||||
delete_root_volume_on_termination=True
|
||||
)
|
||||
if not args.hvm:
|
||||
common_args['kernel_id']=aki.id
|
||||
ami_id = m._conn.register_image(**common_args)
|
||||
|
||||
print >> sys.stderr, "registered AMI {0}".format(ami_id)
|
||||
|
||||
@ -197,17 +184,12 @@ test_depl.nix_exprs = [os.path.abspath("./ebs-test.nix")]
|
||||
test_depl.deploy(create_only=True)
|
||||
test_depl.machines['machine'].run_command("nixos-version")
|
||||
|
||||
if args.hvm:
|
||||
image_type = 'hvm'
|
||||
else:
|
||||
image_type = 'ebs'
|
||||
|
||||
# Log the AMI ID.
|
||||
f = open("{0}.{1}.ami-id".format(args.region, image_type), "w")
|
||||
f.write("{0}".format(ami_id))
|
||||
f.close()
|
||||
|
||||
for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'sa-east-1']:
|
||||
for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', 'eu-central-1', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'sa-east-1']:
|
||||
if args.region != dest:
|
||||
print >> sys.stderr, "copying image from region {0} to {1}".format(args.region, dest)
|
||||
conn = boto.ec2.connect_to_region(dest)
|
||||
|
@ -27,9 +27,11 @@ with lib;
|
||||
|
||||
config = mkIf config.fonts.enableFontConfig {
|
||||
|
||||
# Bring in the default (upstream) fontconfig configuration.
|
||||
# Fontconfig 2.10 backward compatibility
|
||||
|
||||
# Bring in the default (upstream) fontconfig configuration, only for fontconfig 2.10
|
||||
environment.etc."fonts/fonts.conf".source =
|
||||
pkgs.makeFontsConf { fontDirectories = config.fonts.fonts; };
|
||||
pkgs.makeFontsConf { fontconfig = pkgs.fontconfig_210; fontDirectories = config.fonts.fonts; };
|
||||
|
||||
environment.etc."fonts/conf.d/00-nixos.conf".text =
|
||||
''
|
||||
@ -47,6 +49,29 @@ with lib;
|
||||
</fontconfig>
|
||||
'';
|
||||
|
||||
# Versioned fontconfig > 2.10. Take shared fonts.conf from fontconfig.
|
||||
# Otherwise specify only font directories.
|
||||
environment.etc."fonts/${pkgs.fontconfig.configVersion}/fonts.conf".source =
|
||||
"${pkgs.fontconfig}/etc/fonts/fonts.conf";
|
||||
environment.etc."fonts/${pkgs.fontconfig.configVersion}/conf.d/00-nixos.conf".text =
|
||||
''
|
||||
<?xml version='1.0'?>
|
||||
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
|
||||
<fontconfig>
|
||||
|
||||
<!-- Set the default hinting style to "slight". -->
|
||||
<match target="font">
|
||||
<edit mode="assign" name="hintstyle">
|
||||
<const>hintslight</const>
|
||||
</edit>
|
||||
</match>
|
||||
|
||||
<!-- Font directories -->
|
||||
${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
|
||||
|
||||
</fontconfig>
|
||||
'';
|
||||
|
||||
environment.systemPackages = [ pkgs.fontconfig ];
|
||||
|
||||
};
|
||||
|
@ -13,14 +13,6 @@ with lib;
|
||||
type = types.listOf types.path;
|
||||
example = literalExample "[ pkgs.dejavu_fonts ]";
|
||||
description = "List of primary font paths.";
|
||||
apply = list: list ++
|
||||
[ # - the user's current profile
|
||||
"~/.nix-profile/lib/X11/fonts"
|
||||
"~/.nix-profile/share/fonts"
|
||||
# - the default profile
|
||||
"/nix/var/nix/profiles/default/lib/X11/fonts"
|
||||
"/nix/var/nix/profiles/default/share/fonts"
|
||||
];
|
||||
};
|
||||
|
||||
};
|
||||
|
@ -39,6 +39,73 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
networking.proxy = {
|
||||
|
||||
default = lib.mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.
|
||||
'';
|
||||
example = "http://127.0.0.1:3128";
|
||||
};
|
||||
|
||||
httpProxy = lib.mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = cfg.proxy.default;
|
||||
description = ''
|
||||
This option specifies the http_proxy environment variable.
|
||||
'';
|
||||
example = "http://127.0.0.1:3128";
|
||||
};
|
||||
|
||||
httpsProxy = lib.mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = cfg.proxy.default;
|
||||
description = ''
|
||||
This option specifies the https_proxy environment variable.
|
||||
'';
|
||||
example = "http://127.0.0.1:3128";
|
||||
};
|
||||
|
||||
ftpProxy = lib.mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = cfg.proxy.default;
|
||||
description = ''
|
||||
This option specifies the ftp_proxy environment variable.
|
||||
'';
|
||||
example = "http://127.0.0.1:3128";
|
||||
};
|
||||
|
||||
rsyncProxy = lib.mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = cfg.proxy.default;
|
||||
description = ''
|
||||
This option specifies the rsync_proxy environment variable.
|
||||
'';
|
||||
example = "http://127.0.0.1:3128";
|
||||
};
|
||||
|
||||
noProxy = lib.mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
This option specifies the no_proxy environment variable.
|
||||
If a default proxy is used and noProxy is null,
|
||||
then noProxy will be set to 127.0.0.1,localhost.
|
||||
'';
|
||||
example = "127.0.0.1,localhost,.localdomain";
|
||||
};
|
||||
|
||||
envVars = lib.mkOption {
|
||||
type = types.attrs;
|
||||
internal = true;
|
||||
default = {};
|
||||
description = ''
|
||||
Environment variables used for the network proxy.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
@ -84,13 +151,59 @@ in
|
||||
dnsmasq_conf=/etc/dnsmasq-conf.conf
|
||||
dnsmasq_resolv=/etc/dnsmasq-resolv.conf
|
||||
'';
|
||||
};
|
||||
|
||||
} // (optionalAttrs config.services.resolved.enable (
|
||||
if dnsmasqResolve then {
|
||||
"dnsmasq-resolv.conf".source = "/run/systemd/resolve/resolv.conf";
|
||||
} else {
|
||||
"resolv.conf".source = "/run/systemd/resolve/resolv.conf";
|
||||
}
|
||||
));
|
||||
|
||||
networking.proxy.envVars =
|
||||
optionalAttrs (cfg.proxy.default != null) {
|
||||
# other options already fallback to proxy.default
|
||||
no_proxy = "127.0.0.1,localhost";
|
||||
} // optionalAttrs (cfg.proxy.httpProxy != null) {
|
||||
http_proxy = cfg.proxy.httpProxy;
|
||||
} // optionalAttrs (cfg.proxy.httpsProxy != null) {
|
||||
https_proxy = cfg.proxy.httpsProxy;
|
||||
} // optionalAttrs (cfg.proxy.rsyncProxy != null) {
|
||||
rsync_proxy = cfg.proxy.rsyncProxy;
|
||||
} // optionalAttrs (cfg.proxy.ftpProxy != null) {
|
||||
ftp_proxy = cfg.proxy.ftpProxy;
|
||||
} // optionalAttrs (cfg.proxy.noProxy != null) {
|
||||
no_proxy = cfg.proxy.noProxy;
|
||||
};
|
||||
|
||||
# Install the proxy environment variables
|
||||
environment.sessionVariables = cfg.proxy.envVars;
|
||||
|
||||
# The ‘ip-up’ target is started when we have IP connectivity. So
|
||||
# services that depend on IP connectivity (like ntpd) should be
|
||||
# pulled in by this target.
|
||||
systemd.targets.ip-up.description = "Services Requiring IP Connectivity";
|
||||
|
||||
# This is needed when /etc/resolv.conf is being overriden by networkd
|
||||
# and other configurations. If the file is destroyed by an environment
|
||||
# activation then it must be rebuilt so that applications which interface
|
||||
# with /etc/resolv.conf directly don't break.
|
||||
system.activationScripts.resolvconf = stringAfter [ "etc" "tmpfs" "var" ]
|
||||
''
|
||||
# Systemd resolved controls its own resolv.conf
|
||||
rm -f /run/resolvconf/interfaces/systemd
|
||||
${optionalString config.services.resolved.enable ''
|
||||
rm -rf /run/resolvconf/interfaces
|
||||
mkdir -p /run/resolvconf/interfaces
|
||||
ln -s /run/systemd/resolve/resolv.conf /run/resolvconf/interfaces/systemd
|
||||
''}
|
||||
|
||||
# Make sure resolv.conf is up to date if not managed by systemd
|
||||
${optionalString (!config.services.resolved.enable) ''
|
||||
${pkgs.openresolv}/bin/resolvconf -u
|
||||
''}
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
}
|
||||
|
@ -35,29 +35,27 @@ in
|
||||
|
||||
config = {
|
||||
|
||||
environment.etc =
|
||||
[ # Name Service Switch configuration file. Required by the C library.
|
||||
# !!! Factor out the mdns stuff. The avahi module should define
|
||||
# an option used by this module.
|
||||
{ source = pkgs.writeText "nsswitch.conf"
|
||||
''
|
||||
passwd: files ldap
|
||||
group: files ldap
|
||||
shadow: files ldap
|
||||
hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} ${optionalString nsswins "wins"} myhostname
|
||||
networks: files dns
|
||||
ethers: files
|
||||
services: files
|
||||
protocols: files
|
||||
'';
|
||||
target = "nsswitch.conf";
|
||||
}
|
||||
];
|
||||
# Name Service Switch configuration file. Required by the C
|
||||
# library. !!! Factor out the mdns stuff. The avahi module
|
||||
# should define an option used by this module.
|
||||
environment.etc."nsswitch.conf".text =
|
||||
''
|
||||
passwd: files ldap
|
||||
group: files ldap
|
||||
shadow: files ldap
|
||||
hosts: files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} ${optionalString nsswins "wins"} myhostname mymachines
|
||||
networks: files dns
|
||||
ethers: files
|
||||
services: files
|
||||
protocols: files
|
||||
'';
|
||||
|
||||
# Use nss-myhostname to ensure that our hostname always resolves to
|
||||
# a valid IP address. It returns all locally configured IP
|
||||
# addresses, or ::1 and 127.0.0.2 as fallbacks.
|
||||
system.nssModules = [ pkgs.systemd ];
|
||||
# Systemd provides nss-myhostname to ensure that our hostname
|
||||
# always resolves to a valid IP address. It returns all locally
|
||||
# configured IP addresses, or ::1 and 127.0.0.2 as
|
||||
# fallbacks. Systemd also provides nss-mymachines to return IP
|
||||
# addresses of local containers.
|
||||
system.nssModules = [ config.systemd.package ];
|
||||
|
||||
};
|
||||
}
|
||||
|
@ -12,7 +12,7 @@ let
|
||||
|
||||
# Forces 32bit pulseaudio and alsaPlugins to be built/supported for apps
|
||||
# using 32bit alsa on 64bit linux.
|
||||
enable32BitAlsaPlugins = stdenv.isx86_64 && (pkgs_i686.alsaLib != null);
|
||||
enable32BitAlsaPlugins = stdenv.isx86_64 && (pkgs_i686.alsaLib != null && pkgs_i686.pulseaudio != null);
|
||||
|
||||
ids = config.ids;
|
||||
|
||||
@ -126,8 +126,7 @@ in {
|
||||
(mkIf cfg.enable {
|
||||
environment.systemPackages = [
|
||||
cfg.package
|
||||
(lib.optional enable32BitAlsaPlugins pkgs_i686.pulseaudio)
|
||||
];
|
||||
] ++ lib.optionals enable32BitAlsaPlugins [ pkgs_i686.pulseaudio ];
|
||||
|
||||
environment.etc = singleton {
|
||||
target = "asound.conf";
|
||||
|
@ -6,6 +6,15 @@ use JSON;
|
||||
make_path("/var/lib/nixos", { mode => 0755 });
|
||||
|
||||
|
||||
sub hashPassword {
|
||||
my ($password) = @_;
|
||||
my $salt = "";
|
||||
my @chars = ('.', '/', 0..9, 'A'..'Z', 'a'..'z');
|
||||
$salt .= $chars[rand 64] for (1..8);
|
||||
return crypt($password, '$6$' . $salt . '$');
|
||||
}
|
||||
|
||||
|
||||
# Functions for allocating free GIDs/UIDs. FIXME: respect ID ranges in
|
||||
# /etc/login.defs.
|
||||
sub allocId {
|
||||
@ -114,7 +123,7 @@ foreach my $g (@{$spec->{groups}}) {
|
||||
}
|
||||
|
||||
# Update the persistent list of declarative groups.
|
||||
write_file($declGroupsFile, join(" ", sort(keys %groupsOut)));
|
||||
write_file($declGroupsFile, { binmode => ':utf8' }, join(" ", sort(keys %groupsOut)));
|
||||
|
||||
# Merge in the existing /etc/group.
|
||||
foreach my $name (keys %groupsCur) {
|
||||
@ -131,7 +140,7 @@ foreach my $name (keys %groupsCur) {
|
||||
# Rewrite /etc/group. FIXME: acquire lock.
|
||||
my @lines = map { join(":", $_->{name}, $_->{password}, $_->{gid}, $_->{members}) . "\n" }
|
||||
(sort { $a->{gid} <=> $b->{gid} } values(%groupsOut));
|
||||
write_file("/etc/group.tmp", @lines);
|
||||
write_file("/etc/group.tmp", { binmode => ':utf8' }, @lines);
|
||||
rename("/etc/group.tmp", "/etc/group") or die;
|
||||
system("nscd --invalidate group");
|
||||
|
||||
@ -160,6 +169,12 @@ foreach my $u (@{$spec->{users}}) {
|
||||
} else {
|
||||
$u->{uid} = allocUid($u->{isSystemUser}) if !defined $u->{uid};
|
||||
|
||||
if (defined $u->{initialPassword}) {
|
||||
$u->{hashedPassword} = hashPassword($u->{initialPassword});
|
||||
} elsif (defined $u->{initialHashedPassword}) {
|
||||
$u->{hashedPassword} = $u->{initialHashedPassword};
|
||||
}
|
||||
|
||||
# Create a home directory.
|
||||
if ($u->{createHome}) {
|
||||
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
|
||||
@ -174,6 +189,8 @@ foreach my $u (@{$spec->{users}}) {
|
||||
} else {
|
||||
warn "warning: password file ‘$u->{passwordFile}’ does not exist\n";
|
||||
}
|
||||
} elsif (defined $u->{password}) {
|
||||
$u->{hashedPassword} = hashPassword($u->{password});
|
||||
}
|
||||
|
||||
$u->{fakePassword} = $existing->{fakePassword} // "x";
|
||||
@ -181,7 +198,7 @@ foreach my $u (@{$spec->{users}}) {
|
||||
}
|
||||
|
||||
# Update the persistent list of declarative users.
|
||||
write_file($declUsersFile, join(" ", sort(keys %usersOut)));
|
||||
write_file($declUsersFile, { binmode => ':utf8' }, join(" ", sort(keys %usersOut)));
|
||||
|
||||
# Merge in the existing /etc/passwd.
|
||||
foreach my $name (keys %usersCur) {
|
||||
@ -197,7 +214,7 @@ foreach my $name (keys %usersCur) {
|
||||
# Rewrite /etc/passwd. FIXME: acquire lock.
|
||||
@lines = map { join(":", $_->{name}, $_->{fakePassword}, $_->{uid}, $_->{gid}, $_->{description}, $_->{home}, $_->{shell}) . "\n" }
|
||||
(sort { $a->{uid} <=> $b->{uid} } (values %usersOut));
|
||||
write_file("/etc/passwd.tmp", @lines);
|
||||
write_file("/etc/passwd.tmp", { binmode => ':utf8' }, @lines);
|
||||
rename("/etc/passwd.tmp", "/etc/passwd") or die;
|
||||
system("nscd --invalidate passwd");
|
||||
|
||||
@ -208,32 +225,22 @@ my %shadowSeen;
|
||||
|
||||
foreach my $line (-f "/etc/shadow" ? read_file("/etc/shadow") : ()) {
|
||||
chomp $line;
|
||||
my ($name, $password, @rest) = split(':', $line, -9);
|
||||
my ($name, $hashedPassword, @rest) = split(':', $line, -9);
|
||||
my $u = $usersOut{$name};;
|
||||
next if !defined $u;
|
||||
$password = $u->{hashedPassword} if defined $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME
|
||||
push @shadowNew, join(":", $name, $password, @rest) . "\n";
|
||||
$hashedPassword = "!" if !$spec->{mutableUsers};
|
||||
$hashedPassword = $u->{hashedPassword} if defined $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME
|
||||
push @shadowNew, join(":", $name, $hashedPassword, @rest) . "\n";
|
||||
$shadowSeen{$name} = 1;
|
||||
}
|
||||
|
||||
foreach my $u (values %usersOut) {
|
||||
next if defined $shadowSeen{$u->{name}};
|
||||
my $password = "!";
|
||||
$password = $u->{hashedPassword} if defined $u->{hashedPassword};
|
||||
my $hashedPassword = "!";
|
||||
$hashedPassword = $u->{hashedPassword} if defined $u->{hashedPassword};
|
||||
# FIXME: set correct value for sp_lstchg.
|
||||
push @shadowNew, join(":", $u->{name}, $password, "1::::::") . "\n";
|
||||
push @shadowNew, join(":", $u->{name}, $hashedPassword, "1::::::") . "\n";
|
||||
}
|
||||
|
||||
write_file("/etc/shadow.tmp", { perms => 0600 }, @shadowNew);
|
||||
write_file("/etc/shadow.tmp", { binmode => ':utf8', perms => 0600 }, @shadowNew);
|
||||
rename("/etc/shadow.tmp", "/etc/shadow") or die;
|
||||
|
||||
|
||||
# Call chpasswd to apply password. FIXME: generate the hashes directly
|
||||
# and merge into the /etc/shadow updating above.
|
||||
foreach my $u (@{$spec->{users}}) {
|
||||
if (defined $u->{password}) {
|
||||
my $pid = open(PW, "| chpasswd") or die;
|
||||
print PW "$u->{name}:$u->{password}\n";
|
||||
close PW or die "unable to change password of user ‘$u->{name}’: $?\n";
|
||||
}
|
||||
}
|
||||
|
@ -8,19 +8,19 @@ let
|
||||
cfg = config.users;
|
||||
|
||||
passwordDescription = ''
|
||||
The options <literal>hashedPassword</literal>,
|
||||
<literal>password</literal> and <literal>passwordFile</literal>
|
||||
The options <option>hashedPassword</option>,
|
||||
<option>password</option> and <option>passwordFile</option>
|
||||
controls what password is set for the user.
|
||||
<literal>hashedPassword</literal> overrides both
|
||||
<literal>password</literal> and <literal>passwordFile</literal>.
|
||||
<literal>password</literal> overrides <literal>passwordFile</literal>.
|
||||
<option>hashedPassword</option> overrides both
|
||||
<option>password</option> and <option>passwordFile</option>.
|
||||
<option>password</option> overrides <option>passwordFile</option>.
|
||||
If none of these three options are set, no password is assigned to
|
||||
the user, and the user will not be able to do password logins.
|
||||
If the option <literal>users.mutableUsers</literal> is true, the
|
||||
If the option <option>users.mutableUsers</option> is true, the
|
||||
password defined in one of the three options will only be set when
|
||||
the user is created for the first time. After that, you are free to
|
||||
change the password with the ordinary user management commands. If
|
||||
<literal>users.mutableUsers</literal> is false, you cannot change
|
||||
<option>users.mutableUsers</option> is false, you cannot change
|
||||
user passwords, they will always be set according to the password
|
||||
options.
|
||||
'';
|
||||
@ -155,7 +155,7 @@ let
|
||||
default = false;
|
||||
description = ''
|
||||
If true, the user's shell will be set to
|
||||
<literal>cfg.defaultUserShell</literal>.
|
||||
<option>users.defaultUserShell</option>.
|
||||
'';
|
||||
};
|
||||
|
||||
@ -163,7 +163,7 @@ let
|
||||
type = with types; uniq (nullOr str);
|
||||
default = null;
|
||||
description = ''
|
||||
Specifies the (hashed) password for the user.
|
||||
Specifies the hashed password for the user.
|
||||
${passwordDescription}
|
||||
'';
|
||||
};
|
||||
@ -184,13 +184,44 @@ let
|
||||
type = with types; uniq (nullOr string);
|
||||
default = null;
|
||||
description = ''
|
||||
The path to a file that contains the user's password. The password
|
||||
The full path to a file that contains the user's password. The password
|
||||
file is read on each system activation. The file should contain
|
||||
exactly one line, which should be the password in an encrypted form
|
||||
that is suitable for the <literal>chpasswd -e</literal> command.
|
||||
${passwordDescription}
|
||||
'';
|
||||
};
|
||||
|
||||
initialHashedPassword = mkOption {
|
||||
type = with types; uniq (nullOr str);
|
||||
default = null;
|
||||
description = ''
|
||||
Specifies the initial hashed password for the user, i.e. the
|
||||
hashed password assigned if the user does not already
|
||||
exist. If <option>users.mutableUsers</option> is true, the
|
||||
password can be changed subsequently using the
|
||||
<command>passwd</command> command. Otherwise, it's
|
||||
equivalent to setting the <option>password</option> option.
|
||||
'';
|
||||
};
|
||||
|
||||
initialPassword = mkOption {
|
||||
type = with types; uniq (nullOr str);
|
||||
default = null;
|
||||
description = ''
|
||||
Specifies the initial password for the user, i.e. the
|
||||
password assigned if the user does not already exist. If
|
||||
<option>users.mutableUsers</option> is true, the password
|
||||
can be changed subsequently using the
|
||||
<command>passwd</command> command. Otherwise, it's
|
||||
equivalent to setting the <option>password</option>
|
||||
option. The same caveat applies: the password specified here
|
||||
is world-readable in the Nix store, so it should only be
|
||||
used for guest accounts or passwords that will be changed
|
||||
promptly.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkMerge
|
||||
@ -204,6 +235,14 @@ let
|
||||
useDefaultShell = mkDefault true;
|
||||
isSystemUser = mkDefault false;
|
||||
})
|
||||
# If !mutableUsers, setting ‘initialPassword’ is equivalent to
|
||||
# setting ‘password’ (and similarly for hashed passwords).
|
||||
(mkIf (!cfg.mutableUsers && config.initialPassword != null) {
|
||||
password = mkDefault config.initialPassword;
|
||||
})
|
||||
(mkIf (!cfg.mutableUsers && config.initialHashedPassword != null) {
|
||||
hashedPassword = mkDefault config.initialHashedPassword;
|
||||
})
|
||||
];
|
||||
|
||||
};
|
||||
@ -306,7 +345,8 @@ let
|
||||
users = mapAttrsToList (n: u:
|
||||
{ inherit (u)
|
||||
name uid group description home shell createHome isSystemUser
|
||||
password passwordFile hashedPassword;
|
||||
password passwordFile hashedPassword
|
||||
initialPassword initialHashedPassword;
|
||||
}) cfg.extraUsers;
|
||||
groups = mapAttrsToList (n: g:
|
||||
{ inherit (g) name gid;
|
||||
@ -386,24 +426,12 @@ in {
|
||||
options = [ groupOpts ];
|
||||
};
|
||||
|
||||
# FIXME: obsolete - will remove.
|
||||
security.initialRootPassword = mkOption {
|
||||
type = types.str;
|
||||
default = "!";
|
||||
example = "";
|
||||
description = ''
|
||||
The (hashed) password for the root account set on initial
|
||||
installation. The empty string denotes that root can login
|
||||
locally without a password (but not via remote services such
|
||||
as SSH, or indirectly via <command>su</command> or
|
||||
<command>sudo</command>). The string <literal>!</literal>
|
||||
prevents root from logging in using a password.
|
||||
Note that setting this option sets
|
||||
<literal>users.extraUsers.root.hashedPassword</literal>.
|
||||
Also, if <literal>users.mutableUsers</literal> is false
|
||||
you cannot change the root password manually, so in that case
|
||||
the name of this option is a bit misleading, since it will define
|
||||
the root password beyond the user initialisation phase.
|
||||
'';
|
||||
visible = false;
|
||||
};
|
||||
|
||||
};
|
||||
@ -421,7 +449,7 @@ in {
|
||||
shell = mkDefault cfg.defaultUserShell;
|
||||
group = "root";
|
||||
extraGroups = [ "grsecurity" ];
|
||||
hashedPassword = mkDefault config.security.initialRootPassword;
|
||||
initialHashedPassword = mkDefault config.security.initialRootPassword;
|
||||
};
|
||||
nobody = {
|
||||
uid = ids.uids.nobody;
|
||||
|
@ -12,7 +12,8 @@ with lib;
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Turn on this option if you want to enable all the firmware shipped with Debian/Ubuntu.
|
||||
Turn on this option if you want to enable all the firmware shipped with Debian/Ubuntu
|
||||
and iwlwifi.
|
||||
'';
|
||||
};
|
||||
|
||||
@ -22,7 +23,11 @@ with lib;
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.hardware.enableAllFirmware {
|
||||
hardware.firmware = [ "${pkgs.firmwareLinuxNonfree}/lib/firmware" ];
|
||||
hardware.firmware = [
|
||||
"${pkgs.firmwareLinuxNonfree}/lib/firmware"
|
||||
"${pkgs.iwlegacy}/lib/firmware"
|
||||
"${pkgs.iwlwifi}/lib/firmware"
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -30,7 +30,7 @@ with lib;
|
||||
boot.kernelModules = [ "bbswitch" ];
|
||||
boot.extraModulePackages = [ kernel.bbswitch kernel.nvidia_x11 ];
|
||||
|
||||
environment.systemPackages = [ pkgs.bumblebee ];
|
||||
environment.systemPackages = [ pkgs.bumblebee pkgs.primus ];
|
||||
|
||||
systemd.services.bumblebeed = {
|
||||
description = "Bumblebee Hybrid Graphics Switcher";
|
||||
|
@ -11,7 +11,8 @@ let
|
||||
# FIXME: should introduce an option like
|
||||
# ‘hardware.video.nvidia.package’ for overriding the default NVIDIA
|
||||
# driver.
|
||||
enabled = elem "nvidia" drivers || elem "nvidiaLegacy173" drivers || elem "nvidiaLegacy304" drivers;
|
||||
enabled = elem "nvidia" drivers || elem "nvidiaLegacy173" drivers
|
||||
|| elem "nvidiaLegacy304" drivers || elem "nvidiaLegacy340" drivers;
|
||||
|
||||
nvidia_x11 =
|
||||
if elem "nvidia" drivers then
|
||||
@ -20,6 +21,8 @@ let
|
||||
config.boot.kernelPackages.nvidia_x11_legacy173
|
||||
else if elem "nvidiaLegacy304" drivers then
|
||||
config.boot.kernelPackages.nvidia_x11_legacy304
|
||||
else if elem "nvidiaLegacy340" drivers then
|
||||
config.boot.kernelPackages.nvidia_x11_legacy340
|
||||
else throw "impossible";
|
||||
|
||||
in
|
||||
|
@ -42,6 +42,12 @@ with lib;
|
||||
# Get a console as soon as the initrd loads fbcon on EFI boot.
|
||||
boot.initrd.kernelModules = [ "fbcon" ];
|
||||
|
||||
# Add support for cow filesystems and their utilities
|
||||
boot.supportedFilesystems = [ "zfs" "btrfs" ];
|
||||
|
||||
# Configure host id for ZFS to work
|
||||
networking.hostId = "8425e349";
|
||||
|
||||
# Allow the user to log in as root without a password.
|
||||
security.initialRootPassword = "";
|
||||
users.extraUsers.root.initialHashedPassword = "";
|
||||
}
|
||||
|
@ -11,6 +11,13 @@ with lib;
|
||||
# Provide wicd for easy wireless configuration.
|
||||
#networking.wicd.enable = true;
|
||||
|
||||
# Include gparted for partitioning disks
|
||||
environment.systemPackages = [ pkgs.gparted ];
|
||||
|
||||
# Provide networkmanager for easy wireless configuration.
|
||||
networking.networkmanager.enable = true;
|
||||
networking.wireless.enable = mkForce false;
|
||||
|
||||
# KDE complains if power management is disabled (to be precise, if
|
||||
# there is no power management backend such as upower).
|
||||
powerManagement.enable = true;
|
||||
@ -27,4 +34,70 @@ with lib;
|
||||
AutoLoginUser=root
|
||||
AutoLoginPass=""
|
||||
'';
|
||||
|
||||
# Custom kde-workspace adding some icons on the desktop
|
||||
|
||||
system.activationScripts.installerDesktop = let
|
||||
openManual = pkgs.writeScript "nixos-manual.sh" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
cd ${config.system.build.manual.manual}/share/doc/nixos/
|
||||
konqueror ./index.html
|
||||
'';
|
||||
|
||||
desktopFile = pkgs.writeText "nixos-manual.desktop" ''
|
||||
[Desktop Entry]
|
||||
Version=1.0
|
||||
Type=Application
|
||||
Name=NixOS Manual
|
||||
Exec=${openManual}
|
||||
Icon=konqueror
|
||||
'';
|
||||
|
||||
in ''
|
||||
mkdir -p /root/Desktop
|
||||
ln -sfT ${desktopFile} /root/Desktop/nixos-manual.desktop
|
||||
ln -sfT ${pkgs.kde4.konsole}/share/applications/kde4/konsole.desktop /root/Desktop/konsole.desktop
|
||||
ln -sfT ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
|
||||
'';
|
||||
|
||||
services.xserver.desktopManager.kde4.kdeWorkspacePackage = let
|
||||
pkg = pkgs.kde4.kde_workspace;
|
||||
|
||||
plasmaInit = pkgs.writeText "00-defaultLayout.js" ''
|
||||
loadTemplate("org.kde.plasma-desktop.defaultPanel")
|
||||
|
||||
for (var i = 0; i < screenCount; ++i) {
|
||||
var desktop = new Activity
|
||||
desktop.name = i18n("Desktop")
|
||||
desktop.screen = i
|
||||
desktop.wallpaperPlugin = 'image'
|
||||
desktop.wallpaperMode = 'SingleImage'
|
||||
|
||||
var folderview = desktop.addWidget("folderview");
|
||||
folderview.writeConfig("url", "desktop:/");
|
||||
|
||||
//Create more panels for other screens
|
||||
if (i > 0){
|
||||
var panel = new Panel
|
||||
panel.screen = i
|
||||
panel.location = 'bottom'
|
||||
panel.height = screenGeometry(i).height > 1024 ? 35 : 27
|
||||
var tasks = panel.addWidget("tasks")
|
||||
tasks.writeConfig("showOnlyCurrentScreen", true);
|
||||
}
|
||||
}
|
||||
'';
|
||||
|
||||
in
|
||||
pkgs.stdenv.mkDerivation {
|
||||
inherit (pkg) name meta;
|
||||
|
||||
buildCommand = ''
|
||||
mkdir -p $out
|
||||
cp -prf ${pkg}/* $out/
|
||||
chmod a+w $out/share/apps/plasma-desktop/init
|
||||
cp -f ${plasmaInit} $out/share/apps/plasma-desktop/init/00-defaultLayout.js
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -176,7 +176,10 @@ in
|
||||
# UUID of the USB stick. It would be nicer to write
|
||||
# `root=/dev/disk/by-label/...' here, but UNetbootin doesn't
|
||||
# recognise that.
|
||||
boot.kernelParams = [ "root=LABEL=${config.isoImage.volumeID}" ];
|
||||
boot.kernelParams =
|
||||
[ "root=LABEL=${config.isoImage.volumeID}"
|
||||
"boot.shell_on_fail"
|
||||
];
|
||||
|
||||
fileSystems."/" =
|
||||
{ fsType = "tmpfs";
|
||||
|
@ -76,7 +76,6 @@ in
|
||||
pkgs.ntfsprogs # for resizing NTFS partitions
|
||||
pkgs.btrfsProgs
|
||||
pkgs.jfsutils
|
||||
pkgs.jfsrec
|
||||
|
||||
# Some compression/archiver tools.
|
||||
pkgs.unzip
|
||||
|
@ -235,7 +235,7 @@ chomp $virt;
|
||||
# Check if we're a VirtualBox guest. If so, enable the guest
|
||||
# additions.
|
||||
if ($virt eq "oracle") {
|
||||
push @attrs, "services.virtualbox.enable = true;"
|
||||
push @attrs, "services.virtualboxGuest.enable = true;"
|
||||
}
|
||||
|
||||
|
||||
@ -430,7 +430,7 @@ my $hwConfig = <<EOF;
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =${\multiLineList(" ", @imports)};
|
||||
@ -476,6 +476,14 @@ EOF
|
||||
EOF
|
||||
}
|
||||
|
||||
# Generate a random 32-bit value to use as the host id
|
||||
open my $rnd, "<", "/dev/urandom" or die $!;
|
||||
read $rnd, $hostIdBin, 4;
|
||||
close $rnd;
|
||||
|
||||
# Convert the 32-bit value to a hex string
|
||||
my $hostIdHex = unpack("H*", $hostIdBin);
|
||||
|
||||
write_file($fn, <<EOF);
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
@ -491,6 +499,7 @@ EOF
|
||||
|
||||
$bootLoaderConfig
|
||||
# networking.hostName = "nixos"; # Define your hostname.
|
||||
networking.hostId = "$hostIdHex";
|
||||
# networking.wireless.enable = true; # Enables wireless.
|
||||
|
||||
# Select internationalisation properties.
|
||||
|
@ -1,7 +1,7 @@
|
||||
# This module generates nixos-install, nixos-rebuild,
|
||||
# nixos-generate-config, etc.
|
||||
|
||||
{ config, pkgs, modulesPath, lib, ... }:
|
||||
{ config, pkgs, modulesPath, ... }:
|
||||
|
||||
let
|
||||
|
||||
|
@ -154,6 +154,24 @@
|
||||
collectd = 144;
|
||||
consul = 145;
|
||||
mailpile = 146;
|
||||
redmine = 147;
|
||||
seeks = 148;
|
||||
prosody = 149;
|
||||
i2pd = 150;
|
||||
dnscrypt-proxy = 151;
|
||||
systemd-network = 152;
|
||||
systemd-resolve = 153;
|
||||
systemd-timesync = 154;
|
||||
liquidsoap = 155;
|
||||
etcd = 156;
|
||||
docker-registry = 157;
|
||||
hbase = 158;
|
||||
opentsdb = 159;
|
||||
scollector = 160;
|
||||
bosun = 161;
|
||||
kubernetes = 162;
|
||||
peerflix = 163;
|
||||
chronos = 164;
|
||||
|
||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||
|
||||
@ -273,8 +291,21 @@
|
||||
mlmmj = 135;
|
||||
riemann = 137;
|
||||
riemanndash = 138;
|
||||
hbase = 139;
|
||||
opentsdb = 140;
|
||||
uhub = 142;
|
||||
mailpile = 146;
|
||||
redmine = 147;
|
||||
seeks = 148;
|
||||
prosody = 149;
|
||||
i2pd = 150;
|
||||
systemd-network = 152;
|
||||
systemd-resolve = 153;
|
||||
systemd-timesync = 154;
|
||||
liquidsoap = 155;
|
||||
scollector = 156;
|
||||
bosun = 157;
|
||||
kubernetes = 158;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399!
|
||||
|
||||
|
@ -58,6 +58,7 @@
|
||||
./programs/dconf.nix
|
||||
./programs/environment.nix
|
||||
./programs/info.nix
|
||||
./programs/light.nix
|
||||
./programs/nano.nix
|
||||
./programs/screen.nix
|
||||
./programs/shadow.nix
|
||||
@ -66,6 +67,7 @@
|
||||
./programs/ssmtp.nix
|
||||
./programs/uim.nix
|
||||
./programs/venus.nix
|
||||
./programs/virtualbox-host.nix
|
||||
./programs/wvdial.nix
|
||||
./programs/freetds.nix
|
||||
./programs/zsh/zsh.nix
|
||||
@ -88,10 +90,12 @@
|
||||
./services/audio/alsa.nix
|
||||
# Disabled as fuppes it does no longer builds.
|
||||
# ./services/audio/fuppes.nix
|
||||
./services/audio/liquidsoap.nix
|
||||
./services/audio/mpd.nix
|
||||
./services/audio/mopidy.nix
|
||||
./services/backup/almir.nix
|
||||
./services/backup/bacula.nix
|
||||
./services/backup/crashplan.nix
|
||||
./services/backup/mysql-backup.nix
|
||||
./services/backup/postgresql-backup.nix
|
||||
./services/backup/rsnapshot.nix
|
||||
@ -105,13 +109,15 @@
|
||||
./services/databases/4store.nix
|
||||
./services/databases/couchdb.nix
|
||||
./services/databases/firebird.nix
|
||||
./services/databases/hbase.nix
|
||||
./services/databases/influxdb.nix
|
||||
./services/databases/memcached.nix
|
||||
./services/databases/monetdb.nix
|
||||
./services/databases/mongodb.nix
|
||||
./services/databases/mysql.nix
|
||||
./services/databases/neo4j.nix
|
||||
./services/databases/neo4j.nix
|
||||
./services/databases/openldap.nix
|
||||
./services/databases/opentsdb.nix
|
||||
./services/databases/postgresql.nix
|
||||
./services/databases/redis.nix
|
||||
./services/databases/virtuoso.nix
|
||||
@ -163,6 +169,8 @@
|
||||
./services/misc/cgminer.nix
|
||||
./services/misc/dictd.nix
|
||||
./services/misc/disnix.nix
|
||||
./services/misc/docker-registry.nix
|
||||
./services/misc/etcd.nix
|
||||
./services/misc/felix.nix
|
||||
./services/misc/folding-at-home.nix
|
||||
./services/misc/gitolite.nix
|
||||
@ -174,6 +182,7 @@
|
||||
./services/misc/nixos-manual.nix
|
||||
./services/misc/nix-ssh-serve.nix
|
||||
./services/misc/phd.nix
|
||||
./services/misc/redmine.nix
|
||||
./services/misc/rippled.nix
|
||||
./services/misc/rogue.nix
|
||||
./services/misc/siproxd.nix
|
||||
@ -182,6 +191,7 @@
|
||||
./services/misc/uhub.nix
|
||||
./services/misc/zookeeper.nix
|
||||
./services/monitoring/apcupsd.nix
|
||||
./services/monitoring/bosun.nix
|
||||
./services/monitoring/collectd.nix
|
||||
./services/monitoring/dd-agent.nix
|
||||
./services/monitoring/graphite.nix
|
||||
@ -190,6 +200,7 @@
|
||||
./services/monitoring/nagios.nix
|
||||
./services/monitoring/riemann.nix
|
||||
./services/monitoring/riemann-dash.nix
|
||||
./services/monitoring/scollector.nix
|
||||
./services/monitoring/smartd.nix
|
||||
./services/monitoring/statsd.nix
|
||||
./services/monitoring/systemhealth.nix
|
||||
@ -218,6 +229,7 @@
|
||||
./services/networking/ddclient.nix
|
||||
./services/networking/dhcpcd.nix
|
||||
./services/networking/dhcpd.nix
|
||||
./services/networking/dnscrypt-proxy.nix
|
||||
./services/networking/dnsmasq.nix
|
||||
./services/networking/ejabberd.nix
|
||||
./services/networking/firewall.nix
|
||||
@ -229,6 +241,7 @@
|
||||
./services/networking/gvpe.nix
|
||||
./services/networking/haproxy.nix
|
||||
./services/networking/hostapd.nix
|
||||
./services/networking/i2pd.nix
|
||||
./services/networking/ifplugd.nix
|
||||
./services/networking/iodined.nix
|
||||
./services/networking/ircd-hybrid/default.nix
|
||||
@ -250,6 +263,7 @@
|
||||
./services/networking/polipo.nix
|
||||
./services/networking/prayer.nix
|
||||
./services/networking/privoxy.nix
|
||||
./services/networking/prosody.nix
|
||||
./services/networking/quassel.nix
|
||||
./services/networking/radicale.nix
|
||||
./services/networking/radvd.nix
|
||||
@ -257,9 +271,11 @@
|
||||
./services/networking/rpcbind.nix
|
||||
./services/networking/sabnzbd.nix
|
||||
./services/networking/searx.nix
|
||||
./services/networking/seeks.nix
|
||||
./services/networking/spiped.nix
|
||||
./services/networking/ssh/lshd.nix
|
||||
./services/networking/ssh/sshd.nix
|
||||
./services/networking/strongswan.nix
|
||||
./services/networking/supybot.nix
|
||||
./services/networking/syncthing.nix
|
||||
./services/networking/tcpcrypt.nix
|
||||
@ -276,6 +292,7 @@
|
||||
./services/networking/znc.nix
|
||||
./services/printing/cupsd.nix
|
||||
./services/scheduling/atd.nix
|
||||
./services/scheduling/chronos.nix
|
||||
./services/scheduling/cron.nix
|
||||
./services/scheduling/fcron.nix
|
||||
./services/search/elasticsearch.nix
|
||||
@ -293,6 +310,7 @@
|
||||
./services/system/nscd.nix
|
||||
./services/system/uptimed.nix
|
||||
./services/torrent/deluge.nix
|
||||
./services/torrent/peerflix.nix
|
||||
./services/torrent/transmission.nix
|
||||
./services/ttys/agetty.nix
|
||||
./services/ttys/gpm.nix
|
||||
@ -341,6 +359,7 @@
|
||||
./system/boot/loader/efi.nix
|
||||
./system/boot/loader/generations-dir/generations-dir.nix
|
||||
./system/boot/loader/grub/grub.nix
|
||||
./system/boot/loader/grub/ipxe.nix
|
||||
./system/boot/loader/grub/memtest.nix
|
||||
./system/boot/loader/gummiboot/gummiboot.nix
|
||||
./system/boot/loader/init-script/init-script.nix
|
||||
@ -354,6 +373,7 @@
|
||||
./system/boot/tmp.nix
|
||||
./system/etc/etc.nix
|
||||
./system/upstart/upstart.nix
|
||||
./tasks/bcache.nix
|
||||
./tasks/cpu-freq.nix
|
||||
./tasks/encrypted-devices.nix
|
||||
./tasks/filesystems.nix
|
||||
@ -361,6 +381,7 @@
|
||||
./tasks/filesystems/cifs.nix
|
||||
./tasks/filesystems/ext.nix
|
||||
./tasks/filesystems/f2fs.nix
|
||||
./tasks/filesystems/jfs.nix
|
||||
./tasks/filesystems/nfs.nix
|
||||
./tasks/filesystems/reiserfs.nix
|
||||
./tasks/filesystems/unionfs-fuse.nix
|
||||
@ -370,6 +391,8 @@
|
||||
./tasks/kbd.nix
|
||||
./tasks/lvm.nix
|
||||
./tasks/network-interfaces.nix
|
||||
./tasks/network-interfaces-systemd.nix
|
||||
./tasks/network-interfaces-scripted.nix
|
||||
./tasks/scsi-link-power-management.nix
|
||||
./tasks/swraid.nix
|
||||
./tasks/trackpoint.nix
|
||||
@ -377,9 +400,12 @@
|
||||
./virtualisation/container-config.nix
|
||||
./virtualisation/containers.nix
|
||||
./virtualisation/docker.nix
|
||||
./virtualisation/kubernetes.nix
|
||||
./virtualisation/libvirtd.nix
|
||||
./virtualisation/lxc.nix
|
||||
#./virtualisation/nova.nix
|
||||
./virtualisation/openvswitch.nix
|
||||
./virtualisation/parallels-guest.nix
|
||||
./virtualisation/virtualbox-guest.nix
|
||||
#./virtualisation/xen-dom0.nix
|
||||
]
|
||||
|
@ -34,7 +34,6 @@
|
||||
pkgs.xfsprogs
|
||||
pkgs.jfsutils
|
||||
pkgs.f2fs-tools
|
||||
#pkgs.jfsrec # disabled because of Boost dependency
|
||||
|
||||
# Some compression/archiver tools.
|
||||
pkgs.unzip
|
||||
|
@ -40,7 +40,6 @@ in
|
||||
# TODO: move most of these elsewhere
|
||||
environment.profileRelativeEnvVars =
|
||||
{ PATH = [ "/bin" "/sbin" "/lib/kde4/libexec" ];
|
||||
MANPATH = [ "/man" "/share/man" ];
|
||||
INFOPATH = [ "/info" "/share/info" ];
|
||||
PKG_CONFIG_PATH = [ "/lib/pkgconfig" ];
|
||||
TERMINFO_DIRS = [ "/share/terminfo" ];
|
||||
|
26
nixos/modules/programs/light.nix
Normal file
26
nixos/modules/programs/light.nix
Normal file
@ -0,0 +1,26 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.programs.light;
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
programs.light = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to install Light backlight control with setuid wrapper.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.light ];
|
||||
security.setuidPrograms = [ "light" ];
|
||||
};
|
||||
}
|
@ -59,6 +59,14 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
agentTimeout = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
default = "1h";
|
||||
description = ''
|
||||
How long to keep the private keys in memory. Use null to keep them forever.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
default = pkgs.openssh;
|
||||
description = ''
|
||||
@ -99,7 +107,10 @@ in
|
||||
wantedBy = [ "default.target" ];
|
||||
serviceConfig =
|
||||
{ ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
|
||||
ExecStart = "${cfg.package}/bin/ssh-agent -a %t/ssh-agent";
|
||||
ExecStart =
|
||||
"${cfg.package}/bin/ssh-agent " +
|
||||
optionalString (cfg.agentTimeout != null) ("-t ${cfg.agentTimeout} ") +
|
||||
"-a %t/ssh-agent";
|
||||
StandardOutput = "null";
|
||||
Type = "forking";
|
||||
Restart = "on-failure";
|
||||
|
@ -20,6 +20,7 @@ in
|
||||
networking.defaultMailServer = {
|
||||
|
||||
directDelivery = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
@ -35,6 +36,7 @@ in
|
||||
};
|
||||
|
||||
hostName = mkOption {
|
||||
type = types.str;
|
||||
example = "mail.example.org";
|
||||
description = ''
|
||||
The host name of the default mail server to use to deliver
|
||||
@ -42,7 +44,17 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
root = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "root@example.org";
|
||||
description = ''
|
||||
The e-mail to which mail for users with UID < 1000 is forwarded.
|
||||
'';
|
||||
};
|
||||
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "example.org";
|
||||
description = ''
|
||||
@ -51,6 +63,7 @@ in
|
||||
};
|
||||
|
||||
useTLS = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
@ -60,6 +73,7 @@ in
|
||||
};
|
||||
|
||||
useSTARTTLS = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
@ -70,6 +84,7 @@ in
|
||||
};
|
||||
|
||||
authUser = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "foo@example.org";
|
||||
description = ''
|
||||
@ -78,6 +93,7 @@ in
|
||||
};
|
||||
|
||||
authPass = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "correctHorseBatteryStaple";
|
||||
description = ''
|
||||
@ -96,6 +112,7 @@ in
|
||||
''
|
||||
MailHub=${cfg.hostName}
|
||||
FromLineOverride=YES
|
||||
${if cfg.root != "" then "root=${cfg.root}" else ""}
|
||||
${if cfg.domain != "" then "rewriteDomain=${cfg.domain}" else ""}
|
||||
UseTLS=${if cfg.useTLS then "YES" else "NO"}
|
||||
UseSTARTTLS=${if cfg.useSTARTTLS then "YES" else "NO"}
|
||||
|
72
nixos/modules/programs/virtualbox-host.nix
Normal file
72
nixos/modules/programs/virtualbox-host.nix
Normal file
@ -0,0 +1,72 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
virtualbox = config.boot.kernelPackages.virtualbox;
|
||||
in
|
||||
|
||||
{
|
||||
options = {
|
||||
services.virtualboxHost.enable = mkEnableOption "VirtualBox Host support";
|
||||
};
|
||||
|
||||
config = mkIf config.services.virtualboxHost.enable {
|
||||
boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ];
|
||||
boot.extraModulePackages = [ virtualbox ];
|
||||
environment.systemPackages = [ virtualbox ];
|
||||
|
||||
security.setuidOwners = let
|
||||
mkVboxStub = program: {
|
||||
inherit program;
|
||||
owner = "root";
|
||||
group = "vboxusers";
|
||||
setuid = true;
|
||||
};
|
||||
in map mkVboxStub [
|
||||
"VBoxBFE"
|
||||
"VBoxBalloonCtrl"
|
||||
"VBoxHeadless"
|
||||
"VBoxManage"
|
||||
"VBoxSDL"
|
||||
"VirtualBox"
|
||||
];
|
||||
|
||||
users.extraGroups.vboxusers.gid = config.ids.gids.vboxusers;
|
||||
|
||||
services.udev.extraRules =
|
||||
''
|
||||
KERNEL=="vboxdrv", OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"
|
||||
KERNEL=="vboxdrvu", OWNER="root", GROUP="root", MODE="0666", TAG+="systemd"
|
||||
KERNEL=="vboxnetctl", OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"
|
||||
SUBSYSTEM=="usb_device", ACTION=="add", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
|
||||
SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
|
||||
SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
|
||||
SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
|
||||
'';
|
||||
|
||||
# Since we lack the right setuid binaries, set up a host-only network by default.
|
||||
|
||||
systemd.services."vboxnet0" =
|
||||
{ description = "VirtualBox vboxnet0 Interface";
|
||||
requires = [ "dev-vboxnetctl.device" ];
|
||||
after = [ "dev-vboxnetctl.device" ];
|
||||
wantedBy = [ "network.target" "sys-subsystem-net-devices-vboxnet0.device" ];
|
||||
path = [ virtualbox ];
|
||||
serviceConfig.RemainAfterExit = true;
|
||||
serviceConfig.Type = "oneshot";
|
||||
script =
|
||||
''
|
||||
if ! [ -e /sys/class/net/vboxnet0 ]; then
|
||||
VBoxManage hostonlyif create
|
||||
fi
|
||||
'';
|
||||
postStop =
|
||||
''
|
||||
VBoxManage hostonlyif remove vboxnet0
|
||||
'';
|
||||
};
|
||||
|
||||
networking.interfaces.vboxnet0.ip4 = [ { address = "192.168.56.1"; prefixLength = 24; } ];
|
||||
};
|
||||
}
|
@ -1,48 +1,8 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let virtualbox = config.boot.kernelPackages.virtualbox; in
|
||||
|
||||
{
|
||||
boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ];
|
||||
boot.extraModulePackages = [ virtualbox ];
|
||||
environment.systemPackages = [ virtualbox ];
|
||||
|
||||
users.extraGroups.vboxusers.gid = config.ids.gids.vboxusers;
|
||||
|
||||
services.udev.extraRules =
|
||||
''
|
||||
KERNEL=="vboxdrv", OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"
|
||||
KERNEL=="vboxdrvu", OWNER="root", GROUP="root", MODE="0666", TAG+="systemd"
|
||||
KERNEL=="vboxnetctl", OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"
|
||||
SUBSYSTEM=="usb_device", ACTION=="add", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
|
||||
SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
|
||||
SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
|
||||
SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
|
||||
'';
|
||||
|
||||
# Since we lack the right setuid binaries, set up a host-only network by default.
|
||||
|
||||
systemd.services."vboxnet0" =
|
||||
{ description = "VirtualBox vboxnet0 Interface";
|
||||
requires = [ "dev-vboxnetctl.device" ];
|
||||
after = [ "dev-vboxnetctl.device" ];
|
||||
wantedBy = [ "network.target" "sys-subsystem-net-devices-vboxnet0.device" ];
|
||||
path = [ virtualbox ];
|
||||
serviceConfig.RemainAfterExit = true;
|
||||
serviceConfig.Type = "oneshot";
|
||||
script =
|
||||
''
|
||||
if ! [ -e /sys/class/net/vboxnet0 ]; then
|
||||
VBoxManage hostonlyif create
|
||||
fi
|
||||
'';
|
||||
postStop =
|
||||
''
|
||||
VBoxManage hostonlyif remove vboxnet0
|
||||
'';
|
||||
};
|
||||
|
||||
networking.interfaces.vboxnet0.ip4 = [ { address = "192.168.56.1"; prefixLength = 24; } ];
|
||||
let
|
||||
msg = "Importing <nixpkgs/nixos/modules/programs/virtualbox.nix> is "
|
||||
+ "deprecated, please use `services.virtualboxHost.enable = true' "
|
||||
+ "instead.";
|
||||
in {
|
||||
config.warnings = [ msg ];
|
||||
config.services.virtualboxHost.enable = true;
|
||||
}
|
||||
|
@ -107,6 +107,12 @@ in zipModules ([]
|
||||
++ obsolete [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ]
|
||||
++ obsolete [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "xbmc" ]
|
||||
|
||||
# VirtualBox
|
||||
++ obsolete [ "services" "virtualbox" "enable" ] [ "services" "virtualboxGuest" "enable" ]
|
||||
|
||||
# proxy
|
||||
++ obsolete [ "nix" "proxy" ] [ "networking" "proxy" "default" ]
|
||||
|
||||
# KDE
|
||||
++ deprecated [ "kde" "extraPackages" ] [ "environment" "kdePackages" ]
|
||||
# ++ obsolete [ "environment" "kdePackages" ] [ "environment" "systemPackages" ] # !!! doesn't work!
|
||||
@ -130,5 +136,7 @@ in zipModules ([]
|
||||
++ obsolete' [ "boot" "initrd" "luks" "enable" ]
|
||||
++ obsolete' [ "programs" "bash" "enable" ]
|
||||
++ obsolete' [ "services" "samba" "defaultShare" ]
|
||||
++ obsolete' [ "services" "syslog-ng" "serviceName" ]
|
||||
++ obsolete' [ "services" "syslog-ng" "listenToJournal" ]
|
||||
|
||||
)
|
||||
|
@ -16,6 +16,7 @@ with lib;
|
||||
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
||||
# FIXME: unneeded - remove eventually.
|
||||
OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
||||
# FIXME: unneeded - remove eventually.
|
||||
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt";
|
||||
};
|
||||
|
||||
|
@ -30,7 +30,7 @@ in
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable the stable grsecurity patch, based on Linux 3.2.
|
||||
Enable the stable grsecurity patch, based on Linux 3.14.
|
||||
'';
|
||||
};
|
||||
|
||||
@ -38,7 +38,7 @@ in
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable the testing grsecurity patch, based on Linux 3.13.
|
||||
Enable the testing grsecurity patch, based on Linux 3.17.
|
||||
'';
|
||||
};
|
||||
|
||||
@ -226,8 +226,8 @@ in
|
||||
[ { assertion = cfg.stable || cfg.testing;
|
||||
message = ''
|
||||
If grsecurity is enabled, you must select either the
|
||||
stable patch (with kernel 3.2), or the testing patch (with
|
||||
kernel 3.13) to continue.
|
||||
stable patch (with kernel 3.14), or the testing patch (with
|
||||
kernel 3.17) to continue.
|
||||
'';
|
||||
}
|
||||
{ assertion = (cfg.stable -> !cfg.testing) || (cfg.testing -> !cfg.stable);
|
||||
|
@ -46,6 +46,14 @@ in
|
||||
<filename>sudoers</filename> file.
|
||||
'';
|
||||
};
|
||||
|
||||
security.sudo.extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra configuration text appended to <filename>sudoers</filename>.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@ -55,7 +63,8 @@ in
|
||||
|
||||
security.sudo.configFile =
|
||||
''
|
||||
# Don't edit this file. Set the NixOS option ‘security.sudo.configFile’ instead.
|
||||
# Don't edit this file. Set the NixOS options ‘security.sudo.configFile’
|
||||
# and security.sudo.extraConfig instead.
|
||||
|
||||
# Environment variables to keep for root and %wheel.
|
||||
Defaults:root,%wheel env_keep+=TERMINFO_DIRS
|
||||
@ -69,6 +78,7 @@ in
|
||||
|
||||
# Users in the "wheel" group can do anything.
|
||||
%wheel ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
security.setuidPrograms = [ "sudo" "sudoedit" ];
|
||||
|
74
nixos/modules/services/audio/liquidsoap.nix
Normal file
74
nixos/modules/services/audio/liquidsoap.nix
Normal file
@ -0,0 +1,74 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
streams = builtins.attrNames config.services.liquidsoap.streams;
|
||||
|
||||
streamService =
|
||||
name:
|
||||
let stream = builtins.getAttr name config.services.liquidsoap.streams; in
|
||||
{ inherit name;
|
||||
value = {
|
||||
after = [ "network-online.target" "sound.target" ];
|
||||
description = "${name} liquidsoap stream";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.wget ];
|
||||
preStart =
|
||||
''
|
||||
mkdir -p /var/log/liquidsoap
|
||||
chown liquidsoap -R /var/log/liquidsoap
|
||||
'';
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly="true";
|
||||
ExecStart = "${pkgs.liquidsoap}/bin/liquidsoap ${stream}";
|
||||
User = "liquidsoap";
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
##### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.liquidsoap.streams = mkOption {
|
||||
|
||||
description =
|
||||
''
|
||||
Set of Liquidsoap streams to start,
|
||||
one systemd service per stream.
|
||||
'';
|
||||
|
||||
default = {};
|
||||
|
||||
example = {
|
||||
myStream1 = literalExample "\"/etc/liquidsoap/myStream1.liq\"";
|
||||
myStream2 = literalExample "./myStream2.liq";
|
||||
myStream3 = literalExample "\"out(playlist(\"/srv/music/\"))\"";
|
||||
};
|
||||
|
||||
type = types.attrsOf (types.either types.path types.str);
|
||||
};
|
||||
|
||||
};
|
||||
##### implementation
|
||||
|
||||
config = mkIf (builtins.length streams != 0) {
|
||||
|
||||
users.extraUsers.liquidsoap = {
|
||||
uid = config.ids.uids.liquidsoap;
|
||||
group = "liquidsoap";
|
||||
extraGroups = [ "audio" ];
|
||||
description = "Liquidsoap streaming user";
|
||||
home = "/var/lib/liquidsoap";
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
users.extraGroups.liquidsoap.gid = config.ids.gids.liquidsoap;
|
||||
|
||||
systemd.services = builtins.listToAttrs ( map streamService streams );
|
||||
};
|
||||
|
||||
}
|
@ -109,6 +109,7 @@ in {
|
||||
};
|
||||
|
||||
sqlalchemy_engine_url = mkOption {
|
||||
default = "postgresql:///bacula";
|
||||
example = ''
|
||||
postgresql://bacula:bacula@localhost:5432/bacula
|
||||
mysql+mysqlconnector://<user>:<password>@<hostname>/<database>'
|
||||
|
63
nixos/modules/services/backup/crashplan.nix
Normal file
63
nixos/modules/services/backup/crashplan.nix
Normal file
@ -0,0 +1,63 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.crashplan;
|
||||
crashplan = pkgs.crashplan;
|
||||
varDir = "/var/lib/crashplan";
|
||||
in
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
options = {
|
||||
services.crashplan = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Starts crashplan background service.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ crashplan ];
|
||||
|
||||
systemd.services.crashplan = {
|
||||
description = "CrashPlan Backup Engine";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
preStart = ''
|
||||
ensureDir() {
|
||||
dir=$1
|
||||
mode=$2
|
||||
|
||||
if ! test -e $dir; then
|
||||
${pkgs.coreutils}/bin/mkdir -m $mode -p $dir
|
||||
elif [ "$(${pkgs.coreutils}/bin/stat -c %a $dir)" != "$mode" ]; then
|
||||
${pkgs.coreutils}/bin/chmod $mode $dir
|
||||
fi
|
||||
}
|
||||
|
||||
ensureDir ${crashplan.vardir} 755
|
||||
ensureDir ${crashplan.vardir}/conf 700
|
||||
ensureDir ${crashplan.manifestdir} 700
|
||||
ensureDir ${crashplan.vardir}/cache 700
|
||||
ensureDir ${crashplan.vardir}/backupArchives 700
|
||||
ensureDir ${crashplan.vardir}/log 777
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
EnvironmentFile = "${crashplan}/bin/run.conf";
|
||||
ExecStart = "${crashplan}/bin/CrashPlanEngine start";
|
||||
ExecStop = "${crashplan}/bin/CrashPlanEngine stop";
|
||||
PIDFile = "${crashplan.vardir}/CrashPlanEngine.pid";
|
||||
WorkingDirectory = crashplan;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -39,11 +39,20 @@ in
|
||||
as retain options.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.rsnapshot;
|
||||
example = literalExample "pkgs.rsnapshotGit";
|
||||
description = ''
|
||||
RSnapshot package to use.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable (let
|
||||
myRsnapshot = pkgs.rsnapshot.override { configFile = rsnapshotCfg; };
|
||||
myRsnapshot = cfg.package.override { configFile = rsnapshotCfg; };
|
||||
rsnapshotCfg = with pkgs; writeText "gen-rsnapshot.conf" (''
|
||||
config_version 1.2
|
||||
cmd_cp ${coreutils}/bin/cp
|
||||
|
@ -56,14 +56,13 @@ with lib;
|
||||
{ name = endpointUser;
|
||||
uid = config.ids.uids.fourstorehttp;
|
||||
description = "4Store SPARQL endpoint user";
|
||||
# home = stateDir;
|
||||
};
|
||||
|
||||
services.avahi.enable = true;
|
||||
|
||||
jobs.fourStoreEndpoint = {
|
||||
name = "4store-endpoint";
|
||||
startOn = "filesystem";
|
||||
startOn = "ip-up";
|
||||
|
||||
exec = ''
|
||||
${run} '${pkgs.rdf4store}/bin/4s-httpd -D ${cfg.options} ${if cfg.listenAddress!=null then "-H ${cfg.listenAddress}" else "" } -p ${toString cfg.port} ${cfg.database}'
|
||||
|
@ -54,7 +54,7 @@ with lib;
|
||||
|
||||
jobs.fourStore = {
|
||||
name = "4store";
|
||||
startOn = "filesystem";
|
||||
startOn = "ip-up";
|
||||
|
||||
preStart = ''
|
||||
mkdir -p ${stateDir}/
|
||||
|
133
nixos/modules/services/databases/hbase.nix
Normal file
133
nixos/modules/services/databases/hbase.nix
Normal file
@ -0,0 +1,133 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.hbase;
|
||||
|
||||
configFile = pkgs.writeText "hbase-site.xml" ''
|
||||
<configuration>
|
||||
<property>
|
||||
<name>hbase.rootdir</name>
|
||||
<value>file://${cfg.dataDir}/hbase</value>
|
||||
</property>
|
||||
<property>
|
||||
<name>hbase.zookeeper.property.dataDir</name>
|
||||
<value>${cfg.dataDir}/zookeeper</value>
|
||||
</property>
|
||||
</configuration>
|
||||
'';
|
||||
|
||||
configDir = pkgs.runCommand "hbase-config-dir" {} ''
|
||||
mkdir -p $out
|
||||
cp ${cfg.package}/conf/* $out/
|
||||
rm $out/hbase-site.xml
|
||||
ln -s ${configFile} $out/hbase-site.xml
|
||||
'' ;
|
||||
|
||||
in {
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.hbase = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to run HBase.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.hbase;
|
||||
example = literalExample "pkgs.hbase";
|
||||
description = ''
|
||||
HBase package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
default = "hbase";
|
||||
description = ''
|
||||
User account under which HBase runs.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.string;
|
||||
default = "hbase";
|
||||
description = ''
|
||||
Group account under which HBase runs.
|
||||
'';
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/hbase";
|
||||
description = ''
|
||||
Specifies location of HBase database files. This location should be
|
||||
writable and readable for the user the HBase service runs as
|
||||
(hbase by default).
|
||||
'';
|
||||
};
|
||||
|
||||
logDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/log/hbase";
|
||||
description = ''
|
||||
Specifies the location of HBase log files.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.services.hbase.enable {
|
||||
|
||||
systemd.services.hbase = {
|
||||
description = "HBase Server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
environment = {
|
||||
JAVA_HOME = "${pkgs.jre}";
|
||||
HBASE_LOG_DIR = cfg.logDir;
|
||||
};
|
||||
|
||||
preStart =
|
||||
''
|
||||
mkdir -p ${cfg.dataDir};
|
||||
mkdir -p ${cfg.logDir};
|
||||
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
chown ${cfg.user}:${cfg.group} ${cfg.dataDir}
|
||||
chown ${cfg.user}:${cfg.group} ${cfg.logDir}
|
||||
fi
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = true;
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStart = "${cfg.package}/bin/hbase --config ${configDir} master start";
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers.hbase = {
|
||||
description = "HBase Server user";
|
||||
group = "hbase";
|
||||
uid = config.ids.uids.hbase;
|
||||
};
|
||||
|
||||
users.extraGroups.hbase.gid = config.ids.gids.hbase;
|
||||
|
||||
};
|
||||
}
|
@ -19,7 +19,7 @@ let
|
||||
org.neo4j.server.webadmin.rrdb.location=${cfg.dataDir}/data/rrd
|
||||
org.neo4j.server.webadmin.data.uri=/db/data/
|
||||
org.neo4j.server.webadmin.management.uri=/db/manage/
|
||||
org.neo4j.server.db.tuning.properties=${pkgs.neo4j}/share/neo4j/conf/neo4j.properties
|
||||
org.neo4j.server.db.tuning.properties=${cfg.package}/share/neo4j/conf/neo4j.properties
|
||||
org.neo4j.server.manage.console_engines=shell
|
||||
${cfg.extraServerConfig}
|
||||
'';
|
||||
@ -46,6 +46,12 @@ in {
|
||||
type = types.uniq types.bool;
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
description = "Neo4j package to use.";
|
||||
default = pkgs.neo4j;
|
||||
type = types.package;
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
description = "Neo4j listen address.";
|
||||
default = "127.0.0.1";
|
||||
@ -119,7 +125,7 @@ in {
|
||||
after = [ "network-interfaces.target" ];
|
||||
environment = { NEO4J_INSTANCE = cfg.dataDir; };
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.neo4j}/bin/neo4j console";
|
||||
ExecStart = "${cfg.package}/bin/neo4j console";
|
||||
User = "neo4j";
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
|
100
nixos/modules/services/databases/opentsdb.nix
Normal file
100
nixos/modules/services/databases/opentsdb.nix
Normal file
@ -0,0 +1,100 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.opentsdb;
|
||||
|
||||
configFile = pkgs.writeText "opentsdb.conf" ''
|
||||
tsd.core.auto_create_metrics = true
|
||||
tsd.http.request.enable_chunked = true
|
||||
'';
|
||||
|
||||
in {
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.opentsdb = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to run OpenTSDB.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.opentsdb;
|
||||
example = literalExample "pkgs.opentsdb";
|
||||
description = ''
|
||||
OpenTSDB package to use.
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
default = "opentsdb";
|
||||
description = ''
|
||||
User account under which OpenTSDB runs.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.string;
|
||||
default = "opentsdb";
|
||||
description = ''
|
||||
Group account under which OpenTSDB runs.
|
||||
'';
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 4242;
|
||||
description = ''
|
||||
Which port OpenTSDB listens on.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.services.opentsdb.enable {
|
||||
|
||||
systemd.services.opentsdb = {
|
||||
description = "OpenTSDB Server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "hbase.service" ];
|
||||
|
||||
environment.JAVA_HOME = "${pkgs.jre}";
|
||||
path = [ pkgs.gnuplot ];
|
||||
|
||||
preStart =
|
||||
''
|
||||
COMPRESSION=NONE HBASE_HOME=${config.services.hbase.package} ${cfg.package}/share/opentsdb/tools/create_table.sh
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = true;
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStart = "${cfg.package}/bin/tsdb tsd --staticroot=${cfg.package}/share/opentsdb/static --cachedir=/tmp/opentsdb --port=${toString cfg.port} --config=${configFile}";
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers.opentsdb = {
|
||||
description = "OpenTSDB Server user";
|
||||
group = "opentsdb";
|
||||
uid = config.ids.uids.opentsdb;
|
||||
};
|
||||
|
||||
users.extraGroups.opentsdb.gid = config.ids.gids.opentsdb;
|
||||
|
||||
};
|
||||
}
|
@ -63,7 +63,7 @@ with lib;
|
||||
|
||||
jobs.virtuoso = {
|
||||
name = "virtuoso";
|
||||
startOn = "filesystem";
|
||||
startOn = "ip-up";
|
||||
|
||||
preStart = ''
|
||||
mkdir -p ${stateDir}
|
||||
|
@ -19,6 +19,8 @@ in {
|
||||
|
||||
###### implementation
|
||||
config = mkIf cfg.enable {
|
||||
services.dbus.packages = [ pkgs.thermald ];
|
||||
|
||||
systemd.services.thermald = {
|
||||
description = "Thermal Daemon Service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -31,6 +31,7 @@ let
|
||||
buildCommand = ''
|
||||
mkdir -p $out
|
||||
shopt -s nullglob
|
||||
set +o pipefail
|
||||
|
||||
# Set a reasonable $PATH for programs called by udev rules.
|
||||
echo 'ENV{PATH}="${udevPath}/bin:${udevPath}/sbin"' > $out/00-path.rules
|
||||
@ -168,7 +169,6 @@ in
|
||||
hardware.firmware = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [];
|
||||
example = [ "/root/my-firmware" ];
|
||||
description = ''
|
||||
List of directories containing firmware files. Such files
|
||||
will be loaded automatically if the kernel asks for them
|
||||
@ -177,10 +177,10 @@ in
|
||||
firmware file with the same name, the first path in the list
|
||||
takes precedence. Note that you must rebuild your system if
|
||||
you add files to any of these directories. For quick testing,
|
||||
put firmware files in /root/test-firmware and add that
|
||||
directory to the list.
|
||||
Note that you can also add firmware packages to this
|
||||
list as these are directories in the nix store.
|
||||
put firmware files in <filename>/root/test-firmware</filename>
|
||||
and add that directory to the list. Note that you can also
|
||||
add firmware packages to this list as these are directories in
|
||||
the nix store.
|
||||
'';
|
||||
apply = list: pkgs.buildEnv {
|
||||
name = "firmware";
|
||||
@ -244,6 +244,11 @@ in
|
||||
echo "regenerating udev hardware database..."
|
||||
${config.systemd.package}/bin/udevadm hwdb --update && ln -sfn ${config.systemd.package} /var/lib/udev/prev-systemd
|
||||
fi
|
||||
|
||||
# Allow the kernel to find our firmware.
|
||||
if [ -e /sys/module/firmware_class/parameters/path ]; then
|
||||
echo -n "${config.hardware.firmware}" > /sys/module/firmware_class/parameters/path
|
||||
fi
|
||||
'';
|
||||
|
||||
systemd.services.systemd-udevd =
|
||||
|
@ -21,6 +21,7 @@ in
|
||||
|
||||
config = mkOption {
|
||||
default = "";
|
||||
type = types.lines;
|
||||
description = ''
|
||||
The contents of the logrotate config file
|
||||
'';
|
||||
|
@ -4,6 +4,16 @@ with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.logstash;
|
||||
pluginPath = lib.concatStringsSep ":" cfg.plugins;
|
||||
havePluginPath = lib.length cfg.plugins > 0;
|
||||
ops = lib.optionalString;
|
||||
verbosityFlag = {
|
||||
debug = "--debug";
|
||||
info = "--verbose";
|
||||
warn = ""; # intentionally empty
|
||||
error = "--quiet";
|
||||
fatal = "--silent";
|
||||
}."${cfg.logLevel}";
|
||||
|
||||
in
|
||||
|
||||
@ -20,12 +30,56 @@ in
|
||||
description = "Enable logstash.";
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.logstash;
|
||||
example = literalExample "pkgs.logstash";
|
||||
description = "Logstash package to use.";
|
||||
};
|
||||
|
||||
plugins = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [ ];
|
||||
example = literalExample "[ pkgs.logstash-contrib ]";
|
||||
description = "The paths to find other logstash plugins in.";
|
||||
};
|
||||
|
||||
logLevel = mkOption {
|
||||
type = types.enum [ "debug" "info" "warn" "error" "fatal" ];
|
||||
default = "warn";
|
||||
description = "Logging verbosity level.";
|
||||
};
|
||||
|
||||
watchdogTimeout = mkOption {
|
||||
type = types.int;
|
||||
default = 10;
|
||||
description = "Set watchdog timeout value in seconds.";
|
||||
};
|
||||
|
||||
filterWorkers = mkOption {
|
||||
type = types.int;
|
||||
default = 1;
|
||||
description = "The quantity of filter workers to run.";
|
||||
};
|
||||
|
||||
enableWeb = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enable the logstash web interface.";
|
||||
};
|
||||
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
description = "Address on which to start webserver.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.str;
|
||||
default = "9292";
|
||||
description = "Port on which to start webserver.";
|
||||
};
|
||||
|
||||
inputConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = ''stdin { type => "example" }'';
|
||||
@ -79,19 +133,26 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = { JAVA_HOME = jre; };
|
||||
serviceConfig = {
|
||||
ExecStart = "${logstash}/bin/logstash agent -f ${writeText "logstash.conf" ''
|
||||
input {
|
||||
${cfg.inputConfig}
|
||||
}
|
||||
ExecStart =
|
||||
"${cfg.package}/bin/logstash agent " +
|
||||
"-w ${toString cfg.filterWorkers} " +
|
||||
ops havePluginPath "--pluginpath ${pluginPath} " +
|
||||
"${verbosityFlag} " +
|
||||
"--watchdog-timeout ${toString cfg.watchdogTimeout} " +
|
||||
"-f ${writeText "logstash.conf" ''
|
||||
input {
|
||||
${cfg.inputConfig}
|
||||
}
|
||||
|
||||
filter {
|
||||
${cfg.filterConfig}
|
||||
}
|
||||
filter {
|
||||
${cfg.filterConfig}
|
||||
}
|
||||
|
||||
output {
|
||||
${cfg.outputConfig}
|
||||
}
|
||||
''} ${optionalString cfg.enableWeb "-- web"}";
|
||||
output {
|
||||
${cfg.outputConfig}
|
||||
}
|
||||
''} " +
|
||||
ops cfg.enableWeb "-- web -a ${cfg.address} -p ${cfg.port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -7,8 +7,7 @@ let
|
||||
cfg = config.services.syslog-ng;
|
||||
|
||||
syslogngConfig = pkgs.writeText "syslog-ng.conf" ''
|
||||
@version: 3.5
|
||||
@include "scl.conf"
|
||||
${cfg.configHeader}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
@ -44,15 +43,6 @@ in {
|
||||
The package providing syslog-ng binaries.
|
||||
'';
|
||||
};
|
||||
serviceName = mkOption {
|
||||
type = types.str;
|
||||
default = "syslog-ng";
|
||||
description = ''
|
||||
The name of the systemd service that runs syslog-ng. Set this to
|
||||
<literal>syslog</literal> if you want journald to automatically
|
||||
forward all logs to syslog-ng.
|
||||
'';
|
||||
};
|
||||
extraModulePaths = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
@ -72,16 +62,28 @@ in {
|
||||
Configuration added to the end of <literal>syslog-ng.conf</literal>.
|
||||
'';
|
||||
};
|
||||
configHeader = mkOption {
|
||||
type = types.lines;
|
||||
default = ''
|
||||
@version: 3.6
|
||||
@include "scl.conf"
|
||||
'';
|
||||
description = ''
|
||||
The very first lines of the configuration file. Should usually contain
|
||||
the syslog-ng version header.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services."${cfg.serviceName}" = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
systemd.services.syslog-ng = {
|
||||
description = "syslog-ng daemon";
|
||||
preStart = "mkdir -p /{var,run}/syslog-ng";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "multi-user.target" ]; # makes sure hostname etc is set
|
||||
serviceConfig = {
|
||||
Type = "notify";
|
||||
Sockets = "syslog.socket";
|
||||
StandardOutput = "null";
|
||||
Restart = "on-failure";
|
||||
ExecStart = "${cfg.package}/sbin/syslog-ng ${concatStringsSep " " syslogngOptions}";
|
||||
|
82
nixos/modules/services/misc/docker-registry.nix
Normal file
82
nixos/modules/services/misc/docker-registry.nix
Normal file
@ -0,0 +1,82 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.dockerRegistry;
|
||||
|
||||
in {
|
||||
###### interface
|
||||
|
||||
options.services.dockerRegistry = {
|
||||
enable = mkOption {
|
||||
description = "Whether to enable docker registry server.";
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
description = "Docker registry host or ip to bind to.";
|
||||
default = "127.0.0.1";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
description = "Docker registry port to bind to.";
|
||||
default = 5000;
|
||||
type = types.int;
|
||||
};
|
||||
|
||||
storagePath = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/docker/registry";
|
||||
description = "Docker registry strorage path.";
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
description = ''
|
||||
Docker extra registry configuration. See
|
||||
<link xlink:href="https://github.com/docker/docker-registry/blob/master/config/config_sample.yml"/>
|
||||
'';
|
||||
default = {};
|
||||
type = types.attrsOf types.str;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.docker-registry = {
|
||||
description = "Docker Container Registry";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
environment = {
|
||||
REGISTRY_HOST = cfg.host;
|
||||
REGISTRY_PORT = toString cfg.port;
|
||||
GUNICORN_OPTS = "[--preload]"; # see https://github.com/docker/docker-registry#sqlalchemy
|
||||
STORAGE_PATH = cfg.storagePath;
|
||||
} // cfg.extraConfig;
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.pythonPackages.docker_registry}/bin/docker-registry";
|
||||
User = "docker-registry";
|
||||
Group = "docker";
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
mkdir -p ${cfg.storagePath}
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
chown -R docker-registry:docker ${cfg.storagePath}
|
||||
fi
|
||||
'';
|
||||
postStart = ''
|
||||
until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.host}:${toString cfg.port}/'; do
|
||||
sleep 1;
|
||||
done
|
||||
'';
|
||||
};
|
||||
|
||||
users.extraGroups.docker.gid = mkDefault config.ids.gids.docker;
|
||||
users.extraUsers.docker-registry.uid = config.ids.uids.docker-registry;
|
||||
};
|
||||
}
|
144
nixos/modules/services/misc/etcd.nix
Normal file
144
nixos/modules/services/misc/etcd.nix
Normal file
@ -0,0 +1,144 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.etcd;
|
||||
|
||||
in {
|
||||
|
||||
options.services.etcd = {
|
||||
enable = mkOption {
|
||||
description = "Whether to enable etcd.";
|
||||
default = false;
|
||||
type = types.uniq types.bool;
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
description = "Etcd unique node name.";
|
||||
default = config.networking.hostName;
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
advertiseClientUrls = mkOption {
|
||||
description = "Etcd list of this member's client URLs to advertise to the rest of the cluster.";
|
||||
default = cfg.listenClientUrls;
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
|
||||
listenClientUrls = mkOption {
|
||||
description = "Etcd list of URLs to listen on for client traffic.";
|
||||
default = ["http://localhost:4001"];
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
|
||||
listenPeerUrls = mkOption {
|
||||
description = "Etcd list of URLs to listen on for peer traffic.";
|
||||
default = ["http://localhost:7001"];
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
|
||||
initialAdvertisePeerUrls = mkOption {
|
||||
description = "Etcd list of this member's peer URLs to advertise to rest of the cluster.";
|
||||
default = cfg.listenPeerUrls;
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
|
||||
initialCluster = mkOption {
|
||||
description = "Etcd initial cluster configuration for bootstrapping.";
|
||||
default = ["${cfg.name}=http://localhost:7001"];
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
|
||||
initialClusterState = mkOption {
|
||||
description = "Etcd initial cluster configuration for bootstrapping.";
|
||||
default = "new";
|
||||
type = types.enum ["new" "existing"];
|
||||
};
|
||||
|
||||
initialClusterToken = mkOption {
|
||||
description = "Etcd initial cluster token for etcd cluster during bootstrap.";
|
||||
default = "etcd-cluster";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
discovery = mkOption {
|
||||
description = "Etcd discovery url";
|
||||
default = "";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
extraConf = mkOption {
|
||||
description = ''
|
||||
Etcd extra configuration. See
|
||||
<link xlink:href='https://github.com/coreos/etcd/blob/master/Documentation/configuration.md#environment-variables' />
|
||||
'';
|
||||
type = types.attrsOf types.str;
|
||||
default = {};
|
||||
example = literalExample ''
|
||||
{
|
||||
"CORS": "*",
|
||||
"NAME": "default-name",
|
||||
"MAX_RESULT_BUFFER": "1024",
|
||||
"MAX_CLUSTER_SIZE": "9",
|
||||
"MAX_RETRY_ATTEMPTS": "3"
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/etcd";
|
||||
description = "Etcd data directory.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.etcd = {
|
||||
description = "Etcd Daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
|
||||
environment = {
|
||||
ETCD_NAME = cfg.name;
|
||||
ETCD_DISCOVERY = cfg.discovery;
|
||||
ETCD_DATA_DIR = cfg.dataDir;
|
||||
ETCD_ADVERTISE_CLIENT_URLS = concatStringsSep "," cfg.advertiseClientUrls;
|
||||
ETCD_LISTEN_CLIENT_URLS = concatStringsSep "," cfg.listenClientUrls;
|
||||
ETCD_LISTEN_PEER_URLS = concatStringsSep "," cfg.listenPeerUrls;
|
||||
ETCD_INITIAL_ADVERTISE_PEER_URLS = concatStringsSep "," cfg.initialAdvertisePeerUrls;
|
||||
} // (optionalAttrs (cfg.discovery == ""){
|
||||
ETCD_INITIAL_CLUSTER = concatStringsSep "," cfg.initialCluster;
|
||||
ETCD_INITIAL_CLUSTER_STATE = cfg.initialClusterState;
|
||||
ETCD_INITIAL_CLUSTER_TOKEN = cfg.initialClusterToken;
|
||||
}) // (mapAttrs' (n: v: nameValuePair "ETCD_${n}" v) cfg.extraConf);
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.etcd}/bin/etcd";
|
||||
User = "etcd";
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
preStart = ''
|
||||
mkdir -m 0700 -p ${cfg.dataDir}
|
||||
if [ "$(id -u)" = 0 ]; then chown etcd ${cfg.dataDir}; fi
|
||||
'';
|
||||
postStart = ''
|
||||
until ${pkgs.etcdctl}/bin/etcdctl set /nixos/state 'up'; do
|
||||
sleep 1;
|
||||
done
|
||||
until ${pkgs.etcdctl}/bin/etcdctl get /nixos/state | grep up; do
|
||||
sleep 1;
|
||||
done
|
||||
'';
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.etcdctl ];
|
||||
|
||||
users.extraUsers = singleton {
|
||||
name = "etcd";
|
||||
uid = config.ids.uids.etcd;
|
||||
description = "Etcd daemon user";
|
||||
home = cfg.dataDir;
|
||||
};
|
||||
};
|
||||
}
|
@ -15,14 +15,21 @@ in
|
||||
default = false;
|
||||
description = ''
|
||||
Enable gitolite management under the
|
||||
<literal>gitolite</literal> user. The Gitolite home
|
||||
directory is <literal>/var/lib/gitolite</literal>. After
|
||||
<literal>gitolite</literal> user. After
|
||||
switching to a configuration with Gitolite enabled, you can
|
||||
then run <literal>git clone
|
||||
gitolite@host:gitolite-admin.git</literal> to manage it further.
|
||||
'';
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/gitolite";
|
||||
description = ''
|
||||
Gitolite home directory (used to store all the repositories).
|
||||
'';
|
||||
};
|
||||
|
||||
adminPubkey = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
@ -39,13 +46,21 @@ in
|
||||
A list of custom git hooks that get copied to <literal>~/.gitolite/hooks/common</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "gitolite";
|
||||
description = ''
|
||||
Gitolite user account. This is the username of the gitolite endpoint.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.extraUsers.gitolite = {
|
||||
users.extraUsers.${cfg.user} = {
|
||||
description = "Gitolite user";
|
||||
home = "/var/lib/gitolite";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
uid = config.ids.uids.gitolite;
|
||||
useDefaultShell = true;
|
||||
@ -55,13 +70,13 @@ in
|
||||
description = "Gitolite initialization";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig.User = "gitolite";
|
||||
serviceConfig.User = "${cfg.user}";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.RemainAfterExit = true;
|
||||
|
||||
path = [ pkgs.gitolite pkgs.git pkgs.perl pkgs.bash pkgs.openssh ];
|
||||
script = ''
|
||||
cd /var/lib/gitolite
|
||||
cd ${cfg.dataDir}
|
||||
mkdir -p .gitolite/logs
|
||||
if [ ! -d repositories ]; then
|
||||
gitolite setup -pk ${pubkeyFile}
|
||||
|
@ -4,11 +4,11 @@ with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.mesos.master;
|
||||
|
||||
|
||||
in {
|
||||
|
||||
options.services.mesos = {
|
||||
|
||||
|
||||
master = {
|
||||
enable = mkOption {
|
||||
description = "Whether to enable the Mesos Master.";
|
||||
@ -31,36 +31,36 @@ in {
|
||||
'';
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
|
||||
workDir = mkOption {
|
||||
description = "The Mesos work directory.";
|
||||
default = "/var/lib/mesos/master";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
|
||||
extraCmdLineOptions = mkOption {
|
||||
description = ''
|
||||
Extra command line options for Mesos Master.
|
||||
|
||||
|
||||
See https://mesos.apache.org/documentation/latest/configuration/
|
||||
'';
|
||||
default = [ "" ];
|
||||
type = types.listOf types.string;
|
||||
example = [ "--credentials=VALUE" ];
|
||||
};
|
||||
|
||||
|
||||
quorum = mkOption {
|
||||
description = ''
|
||||
The size of the quorum of replicas when using 'replicated_log' based
|
||||
registry. It is imperative to set this value to be a majority of
|
||||
masters i.e., quorum > (number of masters)/2.
|
||||
|
||||
|
||||
If 0 will fall back to --registry=in_memory.
|
||||
'';
|
||||
default = 0;
|
||||
type = types.int;
|
||||
};
|
||||
|
||||
|
||||
logLevel = mkOption {
|
||||
description = ''
|
||||
The logging level used. Possible values:
|
||||
@ -86,11 +86,12 @@ in {
|
||||
${pkgs.mesos}/bin/mesos-master \
|
||||
--port=${toString cfg.port} \
|
||||
--zk=${cfg.zk} \
|
||||
${if cfg.quorum == 0 then "--registry=in_memory" else "--registry=replicated_log --quorum=${cfg.quorum}"} \
|
||||
${if cfg.quorum == 0 then "--registry=in_memory" else "--registry=replicated_log --quorum=${toString cfg.quorum}"} \
|
||||
--work_dir=${cfg.workDir} \
|
||||
--logging_level=${cfg.logLevel} \
|
||||
${toString cfg.extraCmdLineOptions}
|
||||
'';
|
||||
Restart = "on-failure";
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
preStart = ''
|
||||
@ -98,6 +99,6 @@ in {
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
@ -4,7 +4,7 @@ with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.mesos.slave;
|
||||
|
||||
|
||||
in {
|
||||
|
||||
options.services.mesos = {
|
||||
@ -29,30 +29,30 @@ in {
|
||||
'';
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
|
||||
withHadoop = mkOption {
|
||||
description = "Add the HADOOP_HOME to the slave.";
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
|
||||
workDir = mkOption {
|
||||
description = "The Mesos work directory.";
|
||||
default = "/var/lib/mesos/slave";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
|
||||
extraCmdLineOptions = mkOption {
|
||||
description = ''
|
||||
Extra command line options for Mesos Slave.
|
||||
|
||||
|
||||
See https://mesos.apache.org/documentation/latest/configuration/
|
||||
'';
|
||||
default = [ "" ];
|
||||
type = types.listOf types.string;
|
||||
example = [ "--gc_delay=3days" ];
|
||||
};
|
||||
|
||||
|
||||
logLevel = mkOption {
|
||||
description = ''
|
||||
The logging level used. Possible values:
|
||||
@ -72,6 +72,7 @@ in {
|
||||
description = "Mesos Slave";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
environment.MESOS_CONTAINERIZERS = "docker,mesos";
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.mesos}/bin/mesos-slave \
|
||||
@ -80,6 +81,7 @@ in {
|
||||
${optionalString cfg.withHadoop "--hadoop-home=${pkgs.hadoop}"} \
|
||||
--work_dir=${cfg.workDir} \
|
||||
--logging_level=${cfg.logLevel} \
|
||||
--docker=${pkgs.docker}/libexec/docker/docker \
|
||||
${toString cfg.extraCmdLineOptions}
|
||||
'';
|
||||
PermissionsStartOnly = true;
|
||||
@ -89,5 +91,5 @@ in {
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -36,6 +36,7 @@ let
|
||||
# /etc/nixos/configuration.nix. Do not edit it!
|
||||
build-users-group = nixbld
|
||||
build-max-jobs = ${toString (cfg.maxJobs)}
|
||||
build-cores = ${toString (cfg.buildCores)}
|
||||
build-use-chroot = ${if cfg.useChroot then "true" else "false"}
|
||||
build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
|
||||
binary-caches = ${toString cfg.binaryCaches}
|
||||
@ -74,6 +75,19 @@ in
|
||||
";
|
||||
};
|
||||
|
||||
buildCores = mkOption {
|
||||
type = types.int;
|
||||
default = 1;
|
||||
example = 64;
|
||||
description = ''
|
||||
This option defines the maximum number of concurrent tasks during
|
||||
one build. It affects, e.g., -j option for make. The default is 1.
|
||||
Some builds may become non-deterministic with this option; use with
|
||||
care! Packages will only be affected if enableParallelBuilding is
|
||||
set for them.
|
||||
'';
|
||||
};
|
||||
|
||||
useChroot = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
@ -179,17 +193,6 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
proxy = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
This option specifies the proxy to use for fetchurl. The real effect
|
||||
is just exporting http_proxy, https_proxy and ftp_proxy with that
|
||||
value.
|
||||
'';
|
||||
example = "http://127.0.0.1:3128";
|
||||
};
|
||||
|
||||
# Environment variables for running Nix.
|
||||
envVars = mkOption {
|
||||
type = types.attrs;
|
||||
@ -278,7 +281,9 @@ in
|
||||
{ path = [ nix pkgs.openssl pkgs.utillinux pkgs.openssh ]
|
||||
++ optionals cfg.distributedBuilds [ pkgs.gzip ];
|
||||
|
||||
environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; };
|
||||
environment = cfg.envVars
|
||||
// { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; }
|
||||
// config.networking.proxy.envVars;
|
||||
|
||||
serviceConfig =
|
||||
{ Nice = cfg.daemonNiceLevel;
|
||||
@ -303,13 +308,6 @@ in
|
||||
NIX_BUILD_HOOK = "${nix}/libexec/nix/build-remote.pl";
|
||||
NIX_REMOTE_SYSTEMS = "/etc/nix/machines";
|
||||
NIX_CURRENT_LOAD = "/run/nix/current-load";
|
||||
}
|
||||
|
||||
# !!! These should not be defined here, but in some general proxy configuration module!
|
||||
// optionalAttrs (cfg.proxy != "") {
|
||||
http_proxy = cfg.proxy;
|
||||
https_proxy = cfg.proxy;
|
||||
ftp_proxy = cfg.proxy;
|
||||
};
|
||||
|
||||
# Set up the environment variables for running Nix.
|
||||
|
222
nixos/modules/services/misc/redmine.nix
Normal file
222
nixos/modules/services/misc/redmine.nix
Normal file
@ -0,0 +1,222 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
# TODO: support non-postgresql
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.redmine;
|
||||
|
||||
ruby = pkgs.ruby;
|
||||
rubyLibs = pkgs.rubyLibs;
|
||||
|
||||
databaseYml = ''
|
||||
production:
|
||||
adapter: postgresql
|
||||
database: ${cfg.databaseName}
|
||||
host: ${cfg.databaseHost}
|
||||
password: ${cfg.databasePassword}
|
||||
username: ${cfg.databaseUsername}
|
||||
encoding: utf8
|
||||
'';
|
||||
|
||||
configurationYml = ''
|
||||
default:
|
||||
# Absolute path to the directory where attachments are stored.
|
||||
# The default is the 'files' directory in your Redmine instance.
|
||||
# Your Redmine instance needs to have write permission on this
|
||||
# directory.
|
||||
# Examples:
|
||||
# attachments_storage_path: /var/redmine/files
|
||||
# attachments_storage_path: D:/redmine/files
|
||||
attachments_storage_path: ${cfg.stateDir}/files
|
||||
|
||||
# Absolute path to the SCM commands errors (stderr) log file.
|
||||
# The default is to log in the 'log' directory of your Redmine instance.
|
||||
# Example:
|
||||
# scm_stderr_log_file: /var/log/redmine_scm_stderr.log
|
||||
scm_stderr_log_file: ${cfg.stateDir}/redmine_scm_stderr.log
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
unpackTheme = unpack "theme";
|
||||
unpackPlugin = unpack "plugin";
|
||||
unpack = id: (name: source:
|
||||
pkgs.stdenv.mkDerivation {
|
||||
name = "redmine-${id}-${name}";
|
||||
buildInputs = [ pkgs.unzip ];
|
||||
buildCommand = ''
|
||||
mkdir -p $out
|
||||
cd $out
|
||||
unpackFile ${source}
|
||||
'';
|
||||
});
|
||||
|
||||
in {
|
||||
|
||||
options = {
|
||||
services.redmine = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable the redmine service.
|
||||
'';
|
||||
};
|
||||
|
||||
stateDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/redmine";
|
||||
description = "The state directory, logs and plugins are stored here";
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Extra configuration in configuration.yml";
|
||||
};
|
||||
|
||||
themes = mkOption {
|
||||
type = types.attrsOf types.path;
|
||||
default = {};
|
||||
description = "Set of themes";
|
||||
};
|
||||
|
||||
plugins = mkOption {
|
||||
type = types.attrsOf types.path;
|
||||
default = {};
|
||||
description = "Set of plugins";
|
||||
};
|
||||
|
||||
#databaseType = mkOption {
|
||||
# type = types.str;
|
||||
# default = "postgresql";
|
||||
# description = "Type of database";
|
||||
#};
|
||||
|
||||
databaseHost = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = "Database hostname";
|
||||
};
|
||||
|
||||
databasePassword = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Database user password";
|
||||
};
|
||||
|
||||
databaseName = mkOption {
|
||||
type = types.str;
|
||||
default = "redmine";
|
||||
description = "Database name";
|
||||
};
|
||||
|
||||
databaseUsername = mkOption {
|
||||
type = types.str;
|
||||
default = "redmine";
|
||||
description = "Database user";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{ assertion = cfg.databasePassword != "";
|
||||
message = "databasePassword must be set";
|
||||
}
|
||||
];
|
||||
|
||||
users.extraUsers = [
|
||||
{ name = "redmine";
|
||||
group = "redmine";
|
||||
uid = config.ids.uids.redmine;
|
||||
} ];
|
||||
|
||||
users.extraGroups = [
|
||||
{ name = "redmine";
|
||||
gid = config.ids.gids.redmine;
|
||||
} ];
|
||||
|
||||
systemd.services.redmine = {
|
||||
after = [ "network.target" "postgresql.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment.RAILS_ENV = "production";
|
||||
environment.RAILS_ETC = "${cfg.stateDir}/config";
|
||||
environment.RAILS_LOG = "${cfg.stateDir}/log";
|
||||
environment.RAILS_VAR = "${cfg.stateDir}/var";
|
||||
environment.RAILS_CACHE = "${cfg.stateDir}/cache";
|
||||
environment.RAILS_PLUGINS = "${cfg.stateDir}/plugins";
|
||||
environment.RAILS_PUBLIC = "${cfg.stateDir}/public";
|
||||
environment.RAILS_TMP = "${cfg.stateDir}/tmp";
|
||||
environment.SCHEMA = "${cfg.stateDir}/cache/schema.db";
|
||||
environment.HOME = "${pkgs.redmine}/share/redmine";
|
||||
environment.REDMINE_LANG = "en";
|
||||
environment.GEM_HOME = "${pkgs.redmine}/share/redmine/vendor/bundle/ruby/1.9.1";
|
||||
environment.GEM_PATH = "${rubyLibs.bundler}/lib/ruby/gems/1.9";
|
||||
path = with pkgs; [
|
||||
imagemagickBig
|
||||
subversion
|
||||
mercurial
|
||||
cvs
|
||||
config.services.postgresql.package
|
||||
bazaar
|
||||
gitAndTools.git
|
||||
# once we build binaries for darc enable it
|
||||
#darcs
|
||||
];
|
||||
preStart = ''
|
||||
# TODO: use env vars
|
||||
for i in plugins public/plugin_assets db files log config cache var/files tmp; do
|
||||
mkdir -p ${cfg.stateDir}/$i
|
||||
done
|
||||
|
||||
chown -R redmine:redmine ${cfg.stateDir}
|
||||
chmod -R 755 ${cfg.stateDir}
|
||||
|
||||
rm -rf ${cfg.stateDir}/public/*
|
||||
cp -R ${pkgs.redmine}/share/redmine/public/* ${cfg.stateDir}/public/
|
||||
for theme in ${concatStringsSep " " (mapAttrsToList unpackTheme cfg.themes)}; do
|
||||
ln -fs $theme/* ${cfg.stateDir}/public/themes/
|
||||
done
|
||||
|
||||
rm -rf ${cfg.stateDir}/plugins/*
|
||||
for plugin in ${concatStringsSep " " (mapAttrsToList unpackPlugin cfg.plugins)}; do
|
||||
ln -fs $plugin/* ${cfg.stateDir}/plugins/''${plugin##*-redmine-plugin-}
|
||||
done
|
||||
|
||||
ln -fs ${pkgs.writeText "database.yml" databaseYml} ${cfg.stateDir}/config/database.yml
|
||||
ln -fs ${pkgs.writeText "configuration.yml" configurationYml} ${cfg.stateDir}/config/configuration.yml
|
||||
|
||||
if [ "${cfg.databaseHost}" = "127.0.0.1" ]; then
|
||||
if ! test -e "${cfg.stateDir}/db-created"; then
|
||||
psql postgres -c "CREATE ROLE redmine WITH LOGIN NOCREATEDB NOCREATEROLE NOCREATEUSER ENCRYPTED PASSWORD '${cfg.databasePassword}'"
|
||||
${config.services.postgresql.package}/bin/createdb --owner redmine redmine || true
|
||||
touch "${cfg.stateDir}/db-created"
|
||||
fi
|
||||
fi
|
||||
|
||||
cd ${pkgs.redmine}/share/redmine/
|
||||
${ruby}/bin/rake db:migrate
|
||||
${ruby}/bin/rake redmine:plugins:migrate
|
||||
${ruby}/bin/rake redmine:load_default_data
|
||||
${ruby}/bin/rake generate_secret_token
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = true; # preStart must be run as root
|
||||
Type = "simple";
|
||||
User = "redmine";
|
||||
Group = "redmine";
|
||||
TimeoutSec = "300";
|
||||
WorkingDirectory = "${pkgs.redmine}/share/redmine";
|
||||
ExecStart="${ruby}/bin/ruby ${pkgs.redmine}/share/redmine/script/rails server webrick -e production -P ${cfg.stateDir}/redmine.pid";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
0
nixos/modules/services/misc/zookeeper.nix
Executable file → Normal file
0
nixos/modules/services/misc/zookeeper.nix
Executable file → Normal file
136
nixos/modules/services/monitoring/bosun.nix
Normal file
136
nixos/modules/services/monitoring/bosun.nix
Normal file
@ -0,0 +1,136 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.bosun;
|
||||
|
||||
configFile = pkgs.writeText "bosun.conf" ''
|
||||
tsdbHost = ${cfg.opentsdbHost}
|
||||
httpListen = ${cfg.listenAddress}
|
||||
stateFile = ${cfg.stateFile}
|
||||
checkFrequency = 5m
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
in {
|
||||
|
||||
options = {
|
||||
|
||||
services.bosun = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to run bosun.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
example = literalExample "pkgs.bosun";
|
||||
description = ''
|
||||
bosun binary to use.
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
default = "bosun";
|
||||
description = ''
|
||||
User account under which bosun runs.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.string;
|
||||
default = "bosun";
|
||||
description = ''
|
||||
Group account under which bosun runs.
|
||||
'';
|
||||
};
|
||||
|
||||
opentsdbHost = mkOption {
|
||||
type = types.string;
|
||||
default = "localhost:4242";
|
||||
description = ''
|
||||
Host and port of the OpenTSDB database that stores bosun data.
|
||||
'';
|
||||
};
|
||||
|
||||
listenAddress = mkOption {
|
||||
type = types.string;
|
||||
default = ":8070";
|
||||
description = ''
|
||||
The host address and port that bosun's web interface will listen on.
|
||||
'';
|
||||
};
|
||||
|
||||
stateFile = mkOption {
|
||||
type = types.string;
|
||||
default = "/var/lib/bosun/bosun.state";
|
||||
description = ''
|
||||
Path to bosun's state file.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.string;
|
||||
default = "";
|
||||
description = ''
|
||||
Extra configuration options for Bosun. You should describe your
|
||||
desired templates, alerts, macros, etc through this configuration
|
||||
option.
|
||||
|
||||
A detailed description of the supported syntax can be found at-spi2-atk
|
||||
http://bosun.org/configuration.html
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.bosun.package = mkDefault pkgs.bosun;
|
||||
|
||||
systemd.services.bosun = {
|
||||
description = "bosun metrics collector (part of Bosun)";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
preStart =
|
||||
''
|
||||
mkdir -p `dirname ${cfg.stateFile}`;
|
||||
touch ${cfg.stateFile}
|
||||
touch ${cfg.stateFile}.tmp
|
||||
|
||||
if [ "$(id -u)" = 0 ]; then
|
||||
chown ${cfg.user}:${cfg.group} ${cfg.stateFile}
|
||||
chown ${cfg.user}:${cfg.group} ${cfg.stateFile}.tmp
|
||||
fi
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = true;
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/bosun -c ${configFile}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers.bosun = {
|
||||
description = "bosun user";
|
||||
group = "bosun";
|
||||
uid = config.ids.uids.bosun;
|
||||
};
|
||||
|
||||
users.extraGroups.bosun.gid = config.ids.gids.bosun;
|
||||
|
||||
};
|
||||
|
||||
}
|
@ -24,6 +24,8 @@ let
|
||||
GRAPHITE_URL = cfg.seyren.graphiteUrl;
|
||||
} // cfg.seyren.extraConfig;
|
||||
|
||||
pagerConfig = pkgs.writeText "alarms.yaml" cfg.pager.alerts;
|
||||
|
||||
configDir = pkgs.buildEnv {
|
||||
name = "graphite-config";
|
||||
paths = lists.filter (el: el != null) [
|
||||
@ -83,13 +85,21 @@ in {
|
||||
|
||||
api = {
|
||||
enable = mkOption {
|
||||
description = "Whether to enable graphite api.";
|
||||
description = ''
|
||||
Whether to enable graphite api. Graphite api is lightweight alternative
|
||||
to graphite web, with api and without dashboard. It's advised to use
|
||||
grafana as alternative dashboard and influxdb as alternative to
|
||||
graphite carbon.
|
||||
|
||||
For more information visit
|
||||
<link xlink:href="http://graphite-api.readthedocs.org/en/latest/"/>
|
||||
'';
|
||||
default = false;
|
||||
type = types.uniq types.bool;
|
||||
};
|
||||
|
||||
finders = mkOption {
|
||||
description = "List of finder plugins load.";
|
||||
description = "List of finder plugins to load.";
|
||||
default = [];
|
||||
example = [ pkgs.python27Packages.graphite_influxdb ];
|
||||
type = types.listOf types.package;
|
||||
@ -296,175 +306,247 @@ in {
|
||||
example = literalExample ''
|
||||
{
|
||||
GRAPHITE_USERNAME = "user";
|
||||
GRAPHITE_PASSWORD = "pass";
|
||||
GRAPHITE_PASSWORD = "pass";
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
pager = {
|
||||
enable = mkOption {
|
||||
description = ''
|
||||
Whether to enable graphite-pager service. For more information visit
|
||||
<link xlink:href="https://github.com/seatgeek/graphite-pager"/>
|
||||
'';
|
||||
default = false;
|
||||
type = types.uniq types.bool;
|
||||
};
|
||||
|
||||
redisUrl = mkOption {
|
||||
description = "Redis connection string.";
|
||||
default = "redis://localhost:${toString config.services.redis.port}/";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
graphiteUrl = mkOption {
|
||||
description = "URL to your graphite service.";
|
||||
default = "http://${cfg.web.host}:${toString cfg.web.port}";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
alerts = mkOption {
|
||||
description = "Alerts configuration for graphite-pager.";
|
||||
default = ''
|
||||
alerts:
|
||||
- target: constantLine(100)
|
||||
warning: 90
|
||||
critical: 200
|
||||
name: Test
|
||||
'';
|
||||
example = literalExample ''
|
||||
pushbullet_key: pushbullet_api_key
|
||||
alerts:
|
||||
- target: stats.seatgeek.app.deal_quality.venue_info_cache.hit
|
||||
warning: .5
|
||||
critical: 1
|
||||
name: Deal quality venue cache hits
|
||||
'';
|
||||
type = types.lines;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf (
|
||||
cfg.carbon.enableAggregator ||
|
||||
cfg.carbon.enableCache ||
|
||||
cfg.carbon.enableRelay ||
|
||||
cfg.web.enable ||
|
||||
cfg.api.enable ||
|
||||
cfg.seyren.enable
|
||||
) {
|
||||
systemd.services.carbonCache = {
|
||||
enable = cfg.carbon.enableCache;
|
||||
description = "Graphite Data Storage Backend";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
environment = carbonEnv;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-cache"}";
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
preStart = ''
|
||||
mkdir -p ${cfg.dataDir}/whisper
|
||||
chmod 0700 ${cfg.dataDir}/whisper
|
||||
chown -R graphite:graphite ${cfg.dataDir}
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.carbonAggregator = {
|
||||
enable = cfg.carbon.enableAggregator;
|
||||
description = "Carbon Data Aggregator";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
environment = carbonEnv;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-aggregator"}";
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.carbonRelay = {
|
||||
enable = cfg.carbon.enableRelay;
|
||||
description = "Carbon Data Relay";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
environment = carbonEnv;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-relay"}";
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.graphiteWeb = {
|
||||
enable = cfg.web.enable;
|
||||
description = "Graphite Web Interface";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
path = [ pkgs.perl ];
|
||||
environment = {
|
||||
PYTHONPATH = "${pkgs.python27Packages.graphite_web}/lib/python2.7/site-packages";
|
||||
DJANGO_SETTINGS_MODULE = "graphite.settings";
|
||||
GRAPHITE_CONF_DIR = configDir;
|
||||
GRAPHITE_STORAGE_DIR = dataDir;
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.python27Packages.waitress}/bin/waitress-serve \
|
||||
--host=${cfg.web.host} --port=${toString cfg.web.port} \
|
||||
--call django.core.handlers.wsgi:WSGIHandler'';
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
preStart = ''
|
||||
if ! test -e ${dataDir}/db-created; then
|
||||
mkdir -p ${dataDir}/{whisper/,log/webapp/}
|
||||
chmod 0700 ${dataDir}/{whisper/,log/webapp/}
|
||||
|
||||
# populate database
|
||||
${pkgs.python27Packages.graphite_web}/bin/manage-graphite.py syncdb --noinput
|
||||
|
||||
# create index
|
||||
${pkgs.python27Packages.graphite_web}/bin/build-index.sh
|
||||
|
||||
touch ${dataDir}/db-created
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf cfg.carbon.enableCache {
|
||||
systemd.services.carbonCache = {
|
||||
description = "Graphite Data Storage Backend";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
environment = carbonEnv;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-cache"}";
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
preStart = ''
|
||||
mkdir -p ${cfg.dataDir}/whisper
|
||||
chmod 0700 ${cfg.dataDir}/whisper
|
||||
chown -R graphite:graphite ${cfg.dataDir}
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.graphiteApi = {
|
||||
enable = cfg.api.enable;
|
||||
description = "Graphite Api Interface";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
environment = {
|
||||
PYTHONPATH =
|
||||
"${cfg.api.package}/lib/python2.7/site-packages:" +
|
||||
concatMapStringsSep ":" (f: f + "/lib/python2.7/site-packages") cfg.api.finders;
|
||||
GRAPHITE_API_CONFIG = graphiteApiConfig;
|
||||
LD_LIBRARY_PATH = "${pkgs.cairo}/lib";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.python27Packages.waitress}/bin/waitress-serve \
|
||||
--host=${cfg.api.host} --port=${toString cfg.api.port} \
|
||||
graphite_api.app:app
|
||||
'';
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
preStart = ''
|
||||
if ! test -e ${dataDir}/db-created; then
|
||||
mkdir -p ${dataDir}/cache/
|
||||
chmod 0700 ${dataDir}/cache/
|
||||
})
|
||||
|
||||
touch ${dataDir}/db-created
|
||||
|
||||
chown -R graphite:graphite ${cfg.dataDir}
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.seyren = {
|
||||
enable = cfg.seyren.enable;
|
||||
description = "Graphite Alerting Dashboard";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" "mongodb.service" ];
|
||||
environment = seyrenConfig;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.seyren}/bin/seyren -httpPort ${toString cfg.seyren.port}";
|
||||
WorkingDirectory = dataDir;
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
(mkIf cfg.carbon.enableAggregator {
|
||||
systemd.services.carbonAggregator = {
|
||||
enable = cfg.carbon.enableAggregator;
|
||||
description = "Carbon Data Aggregator";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
environment = carbonEnv;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-aggregator"}";
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
};
|
||||
};
|
||||
preStart = ''
|
||||
if ! test -e ${dataDir}/db-created; then
|
||||
mkdir -p ${dataDir}
|
||||
chown -R graphite:graphite ${dataDir}
|
||||
fi
|
||||
'';
|
||||
};
|
||||
})
|
||||
|
||||
services.mongodb.enable = mkDefault cfg.seyren.enable;
|
||||
(mkIf cfg.carbon.enableRelay {
|
||||
systemd.services.carbonRelay = {
|
||||
description = "Carbon Data Relay";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
environment = carbonEnv;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-relay"}";
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
};
|
||||
};
|
||||
})
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.pythonPackages.carbon
|
||||
pkgs.python27Packages.graphite_web
|
||||
pkgs.python27Packages.waitress
|
||||
];
|
||||
(mkIf (cfg.carbon.enableCache || cfg.carbon.enableAggregator || cfg.carbon.enableRelay) {
|
||||
environment.systemPackages = [
|
||||
pkgs.pythonPackages.carbon
|
||||
];
|
||||
})
|
||||
|
||||
users.extraUsers = singleton {
|
||||
name = "graphite";
|
||||
uid = config.ids.uids.graphite;
|
||||
description = "Graphite daemon user";
|
||||
home = dataDir;
|
||||
};
|
||||
users.extraGroups.graphite.gid = config.ids.gids.graphite;
|
||||
};
|
||||
(mkIf cfg.web.enable {
|
||||
systemd.services.graphiteWeb = {
|
||||
description = "Graphite Web Interface";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
path = [ pkgs.perl ];
|
||||
environment = {
|
||||
PYTHONPATH = "${pkgs.python27Packages.graphite_web}/lib/python2.7/site-packages";
|
||||
DJANGO_SETTINGS_MODULE = "graphite.settings";
|
||||
GRAPHITE_CONF_DIR = configDir;
|
||||
GRAPHITE_STORAGE_DIR = dataDir;
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.python27Packages.waitress}/bin/waitress-serve \
|
||||
--host=${cfg.web.host} --port=${toString cfg.web.port} \
|
||||
--call django.core.handlers.wsgi:WSGIHandler'';
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
preStart = ''
|
||||
if ! test -e ${dataDir}/db-created; then
|
||||
mkdir -p ${dataDir}/{whisper/,log/webapp/}
|
||||
chmod 0700 ${dataDir}/{whisper/,log/webapp/}
|
||||
|
||||
# populate database
|
||||
${pkgs.python27Packages.graphite_web}/bin/manage-graphite.py syncdb --noinput
|
||||
|
||||
# create index
|
||||
${pkgs.python27Packages.graphite_web}/bin/build-index.sh
|
||||
|
||||
touch ${dataDir}/db-created
|
||||
|
||||
chown -R graphite:graphite ${cfg.dataDir}
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.python27Packages.graphite_web ];
|
||||
})
|
||||
|
||||
(mkIf cfg.api.enable {
|
||||
systemd.services.graphiteApi = {
|
||||
description = "Graphite Api Interface";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
environment = {
|
||||
PYTHONPATH =
|
||||
"${cfg.api.package}/lib/python2.7/site-packages:" +
|
||||
concatMapStringsSep ":" (f: f + "/lib/python2.7/site-packages") cfg.api.finders;
|
||||
GRAPHITE_API_CONFIG = graphiteApiConfig;
|
||||
LD_LIBRARY_PATH = "${pkgs.cairo}/lib";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.python27Packages.waitress}/bin/waitress-serve \
|
||||
--host=${cfg.api.host} --port=${toString cfg.api.port} \
|
||||
graphite_api.app:app
|
||||
'';
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
preStart = ''
|
||||
if ! test -e ${dataDir}/db-created; then
|
||||
mkdir -p ${dataDir}/cache/
|
||||
chmod 0700 ${dataDir}/cache/
|
||||
|
||||
touch ${dataDir}/db-created
|
||||
|
||||
chown -R graphite:graphite ${cfg.dataDir}
|
||||
fi
|
||||
'';
|
||||
};
|
||||
})
|
||||
|
||||
(mkIf cfg.seyren.enable {
|
||||
systemd.services.seyren = {
|
||||
description = "Graphite Alerting Dashboard";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" "mongodb.service" ];
|
||||
environment = seyrenConfig;
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.seyren}/bin/seyren -httpPort ${toString cfg.seyren.port}";
|
||||
WorkingDirectory = dataDir;
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
};
|
||||
preStart = ''
|
||||
if ! test -e ${dataDir}/db-created; then
|
||||
mkdir -p ${dataDir}
|
||||
chown -R graphite:graphite ${dataDir}
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
services.mongodb.enable = mkDefault true;
|
||||
})
|
||||
|
||||
(mkIf cfg.pager.enable {
|
||||
systemd.services.graphitePager = {
|
||||
description = "Graphite Pager Alerting Daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" "redis.service" ];
|
||||
environment = {
|
||||
REDIS_URL = cfg.pager.redisUrl;
|
||||
GRAPHITE_URL = cfg.pager.graphiteUrl;
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.pythonPackages.graphite_pager}/bin/graphite-pager --config ${pagerConfig}";
|
||||
User = "graphite";
|
||||
Group = "graphite";
|
||||
};
|
||||
};
|
||||
|
||||
services.redis.enable = mkDefault true;
|
||||
|
||||
environment.systemPackages = [ pkgs.pythonPackages.graphite_pager ];
|
||||
})
|
||||
|
||||
(mkIf (
|
||||
cfg.carbon.enableCache || cfg.carbon.enableAggregator || cfg.carbon.enableRelay ||
|
||||
cfg.web.enable || cfg.api.enable ||
|
||||
cfg.seyren.enable || cfg.pager.enable
|
||||
) {
|
||||
users.extraUsers = singleton {
|
||||
name = "graphite";
|
||||
uid = config.ids.uids.graphite;
|
||||
description = "Graphite daemon user";
|
||||
home = dataDir;
|
||||
};
|
||||
users.extraGroups.graphite.gid = config.ids.gids.graphite;
|
||||
})
|
||||
];
|
||||
}
|
||||
|
@ -11,11 +11,15 @@ let
|
||||
cfg.extraClasspathEntries ++ [ "${riemann}/share/java/riemann.jar" ]
|
||||
);
|
||||
|
||||
riemannConfig = concatStringsSep "\n" (
|
||||
[cfg.config] ++ (map (f: ''(load-file "${f}")'') cfg.configFiles)
|
||||
);
|
||||
|
||||
launcher = writeScriptBin "riemann" ''
|
||||
#!/bin/sh
|
||||
exec ${openjdk}/bin/java ${concatStringsSep "\n" cfg.extraJavaOpts} \
|
||||
-cp ${classpath} \
|
||||
riemann.bin ${writeText "riemann.config" cfg.config}
|
||||
riemann.bin ${writeText "riemann-config.clj" riemannConfig}
|
||||
'';
|
||||
|
||||
in {
|
||||
@ -36,6 +40,16 @@ in {
|
||||
Contents of the Riemann configuration file.
|
||||
'';
|
||||
};
|
||||
configFiles = mkOption {
|
||||
type = with types; listOf path;
|
||||
default = [];
|
||||
description = ''
|
||||
Extra files containing Riemann configuration. These files will be
|
||||
loaded at runtime by Riemann (with Clojure's
|
||||
<literal>load-file</literal> function) at the end of the
|
||||
configuration.
|
||||
'';
|
||||
};
|
||||
extraClasspathEntries = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [];
|
||||
|
114
nixos/modules/services/monitoring/scollector.nix
Normal file
114
nixos/modules/services/monitoring/scollector.nix
Normal file
@ -0,0 +1,114 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.scollector;
|
||||
|
||||
collectors = pkgs.runCommand "collectors" {}
|
||||
''
|
||||
mkdir -p $out
|
||||
${lib.concatStringsSep
|
||||
"\n"
|
||||
(lib.mapAttrsToList
|
||||
(frequency: binaries:
|
||||
"mkdir -p $out/${frequency}\n" +
|
||||
(lib.concatStringsSep
|
||||
"\n"
|
||||
(map (path: "ln -s ${path} $out/${frequency}/$(basename ${path})")
|
||||
binaries)))
|
||||
cfg.collectors)}
|
||||
'';
|
||||
|
||||
in {
|
||||
|
||||
options = {
|
||||
|
||||
services.scollector = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to run scollector.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.scollector;
|
||||
example = literalExample "pkgs.scollector";
|
||||
description = ''
|
||||
scollector binary to use.
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
default = "scollector";
|
||||
description = ''
|
||||
User account under which scollector runs.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.string;
|
||||
default = "scollector";
|
||||
description = ''
|
||||
Group account under which scollector runs.
|
||||
'';
|
||||
};
|
||||
|
||||
bosunHost = mkOption {
|
||||
type = types.string;
|
||||
default = "localhost:8070";
|
||||
description = ''
|
||||
Host and port of the bosun server that will store the collected
|
||||
data.
|
||||
'';
|
||||
};
|
||||
|
||||
collectors = mkOption {
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
example = literalExample "{ 0 = [ \"\${postgresStats}/bin/collect-stats\" ]; }";
|
||||
description = ''
|
||||
An attribute set mapping the frequency of collection to a list of
|
||||
binaries that should be executed at that frequency. You can use "0"
|
||||
to run a binary forever.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf config.services.scollector.enable {
|
||||
|
||||
systemd.services.scollector = {
|
||||
description = "scollector metrics collector (part of Bosun)";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
path = [ pkgs.coreutils pkgs.iproute ];
|
||||
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = true;
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/scollector -h=${cfg.bosunHost} -c=${collectors}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers.scollector = {
|
||||
description = "scollector user";
|
||||
group = "scollector";
|
||||
uid = config.ids.uids.scollector;
|
||||
};
|
||||
|
||||
users.extraGroups.scollector.gid = config.ids.gids.scollector;
|
||||
|
||||
};
|
||||
|
||||
}
|
@ -32,6 +32,8 @@ let
|
||||
${optionalString (cfg.dbPassword != "") ''
|
||||
DBPassword = ${cfg.dbPassword}
|
||||
''}
|
||||
|
||||
${config.services.zabbixServer.extraConfig}
|
||||
'';
|
||||
|
||||
useLocalPostgres = cfg.dbServer == "localhost" || cfg.dbServer == "";
|
||||
@ -46,6 +48,7 @@ in
|
||||
|
||||
services.zabbixServer.enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to run the Zabbix server on this machine.
|
||||
'';
|
||||
@ -53,6 +56,7 @@ in
|
||||
|
||||
services.zabbixServer.dbServer = mkOption {
|
||||
default = "localhost";
|
||||
type = types.str;
|
||||
description = ''
|
||||
Hostname or IP address of the database server.
|
||||
Use an empty string ("") to use peer authentication.
|
||||
@ -61,9 +65,18 @@ in
|
||||
|
||||
services.zabbixServer.dbPassword = mkOption {
|
||||
default = "";
|
||||
type = types.str;
|
||||
description = "Password used to connect to the database server.";
|
||||
};
|
||||
|
||||
services.zabbixServer.extraConfig = mkOption {
|
||||
default = "";
|
||||
type = types.lines;
|
||||
description = ''
|
||||
Configuration that is injected verbatim into the configuration file.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
@ -64,6 +64,13 @@ in
|
||||
Use fixed port for rpc.mountd, usefull if server is behind firewall.
|
||||
'';
|
||||
};
|
||||
|
||||
lockdPort = mkOption {
|
||||
default = 0;
|
||||
description = ''
|
||||
Fix the lockd port number. This can help setting firewall rules for NFS.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
@ -104,6 +111,9 @@ in
|
||||
# Create a state directory required by NFSv4.
|
||||
mkdir -p /var/lib/nfs/v4recovery
|
||||
|
||||
${pkgs.procps}/sbin/sysctl -w fs.nfs.nlm_tcpport=${builtins.toString cfg.lockdPort}
|
||||
${pkgs.procps}/sbin/sysctl -w fs.nfs.nlm_udpport=${builtins.toString cfg.lockdPort}
|
||||
|
||||
rpc.nfsd \
|
||||
${if cfg.hostName != null then "-H ${cfg.hostName}" else ""} \
|
||||
${builtins.toString cfg.nproc}
|
||||
|
@ -48,9 +48,10 @@ in
|
||||
|
||||
servers = mkOption {
|
||||
default = [
|
||||
"0.pool.ntp.org"
|
||||
"1.pool.ntp.org"
|
||||
"2.pool.ntp.org"
|
||||
"0.nixos.pool.ntp.org"
|
||||
"1.nixos.pool.ntp.org"
|
||||
"2.nixos.pool.ntp.org"
|
||||
"3.nixos.pool.ntp.org"
|
||||
];
|
||||
description = ''
|
||||
The set of NTP servers from which to synchronise.
|
||||
@ -99,8 +100,8 @@ in
|
||||
jobs.chronyd =
|
||||
{ description = "chrony daemon";
|
||||
|
||||
wantedBy = [ "ip-up.target" ];
|
||||
partOf = [ "ip-up.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
path = [ chrony ];
|
||||
|
||||
|
11
nixos/modules/services/networking/cjdns-hosts.sh
Normal file
11
nixos/modules/services/networking/cjdns-hosts.sh
Normal file
@ -0,0 +1,11 @@
|
||||
pubs=($pubs)
|
||||
hosts=($hosts)
|
||||
|
||||
lines="''\n"
|
||||
for ((i = 0; i < ${#pubs[*]}; i++)); do
|
||||
addr=$($cjdns/bin/publictoip6 ${pubs[i]})
|
||||
lines="${lines}$addr ${hosts[i]}\n"
|
||||
done
|
||||
lines="${lines}''"
|
||||
|
||||
echo -ne $lines > $out
|
@ -4,8 +4,46 @@ with lib;
|
||||
|
||||
let
|
||||
|
||||
pkg = pkgs.cjdns;
|
||||
|
||||
cfg = config.services.cjdns;
|
||||
|
||||
connectToSubmodule =
|
||||
{ options, ... }:
|
||||
{ options =
|
||||
{ password = mkOption {
|
||||
type = types.str;
|
||||
description = "Authorized password to the opposite end of the tunnel.";
|
||||
};
|
||||
publicKey = mkOption {
|
||||
type = types.str;
|
||||
description = "Public key at the opposite end of the tunnel.";
|
||||
};
|
||||
hostname = mkOption {
|
||||
default = "";
|
||||
example = "foobar.hype";
|
||||
type = types.str;
|
||||
description = "Optional hostname to add to /etc/hosts; prevents reverse lookup failures.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
peers = mapAttrsToList (n: v: v) (cfg.ETHInterface.connectTo // cfg.UDPInterface.connectTo);
|
||||
|
||||
pubs = toString (map (p: if p.hostname == "" then "" else p.publicKey) peers);
|
||||
hosts = toString (map (p: if p.hostname == "" then "" else p.hostname) peers);
|
||||
|
||||
cjdnsHosts =
|
||||
if hosts != "" then
|
||||
import (pkgs.stdenv.mkDerivation {
|
||||
name = "cjdns-hosts";
|
||||
builder = ./cjdns-hosts.sh;
|
||||
|
||||
inherit (pkgs) cjdns;
|
||||
inherit pubs hosts;
|
||||
})
|
||||
else "";
|
||||
|
||||
# would be nice to merge 'cfg' with a //,
|
||||
# but the json nesting is wacky.
|
||||
cjdrouteConf = builtins.toJSON ( {
|
||||
@ -44,7 +82,7 @@ in
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable the cjdns network encryption
|
||||
and routing engine. A file at /etc/cjdns.keys will
|
||||
@ -53,84 +91,80 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
confFile = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "/etc/cjdroute.conf";
|
||||
description = ''
|
||||
Ignore all other cjdns options and load configuration from this file.
|
||||
'';
|
||||
};
|
||||
|
||||
authorizedPasswords = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
example = [
|
||||
default = [ ];
|
||||
example = [
|
||||
"snyrfgkqsc98qh1y4s5hbu0j57xw5s0"
|
||||
"z9md3t4p45mfrjzdjurxn4wuj0d8swv"
|
||||
"49275fut6tmzu354pq70sr5b95qq0vj"
|
||||
"z9md3t4p45mfrjzdjurxn4wuj0d8swv"
|
||||
"49275fut6tmzu354pq70sr5b95qq0vj"
|
||||
];
|
||||
description = ''
|
||||
Any remote cjdns nodes that offer these passwords on
|
||||
connection will be allowed to route through this node.
|
||||
description = ''
|
||||
Any remote cjdns nodes that offer these passwords on
|
||||
connection will be allowed to route through this node.
|
||||
'';
|
||||
};
|
||||
|
||||
admin = {
|
||||
bind = mkOption {
|
||||
type = types.string;
|
||||
default = "127.0.0.1:11234";
|
||||
description = ''
|
||||
default = "127.0.0.1:11234";
|
||||
description = ''
|
||||
Bind the administration port to this address and port.
|
||||
'';
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
UDPInterface = {
|
||||
bind = mkOption {
|
||||
type = types.string;
|
||||
default = "";
|
||||
default = "";
|
||||
example = "192.168.1.32:43211";
|
||||
description = ''
|
||||
Address and port to bind UDP tunnels to.
|
||||
'';
|
||||
};
|
||||
Address and port to bind UDP tunnels to.
|
||||
'';
|
||||
};
|
||||
connectTo = mkOption {
|
||||
type = types.attrsOf ( types.submodule (
|
||||
{ options, ... }:
|
||||
{ options = {
|
||||
# TODO make host an option, and add it to networking.extraHosts
|
||||
password = mkOption {
|
||||
type = types.str;
|
||||
description = "Authorized password to the opposite end of the tunnel.";
|
||||
};
|
||||
publicKey = mkOption {
|
||||
type = types.str;
|
||||
description = "Public key at the opposite end of the tunnel.";
|
||||
};
|
||||
};
|
||||
}
|
||||
));
|
||||
default = { };
|
||||
type = types.attrsOf ( types.submodule ( connectToSubmodule ) );
|
||||
default = { };
|
||||
example = {
|
||||
"192.168.1.1:27313" = {
|
||||
password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM";
|
||||
hostname = "homer.hype";
|
||||
password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM";
|
||||
publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k";
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
Credentials for making UDP tunnels.
|
||||
'';
|
||||
};
|
||||
Credentials for making UDP tunnels.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
ETHInterface = {
|
||||
bind = mkOption {
|
||||
default = "";
|
||||
example = "eth0";
|
||||
description = ''
|
||||
Bind to this device for native ethernet operation.
|
||||
'';
|
||||
};
|
||||
default = "";
|
||||
example = "eth0";
|
||||
description = ''
|
||||
Bind to this device for native ethernet operation.
|
||||
'';
|
||||
};
|
||||
|
||||
beacon = mkOption {
|
||||
type = types.int;
|
||||
type = types.int;
|
||||
default = 2;
|
||||
description = ''
|
||||
Auto-connect to other cjdns nodes on the same network.
|
||||
Options:
|
||||
0: Disabled.
|
||||
0: Disabled.
|
||||
1: Accept beacons, this will cause cjdns to accept incoming
|
||||
beacon messages and try connecting to the sender.
|
||||
2: Accept and send beacons, this will cause cjdns to broadcast
|
||||
@ -142,32 +176,20 @@ in
|
||||
};
|
||||
|
||||
connectTo = mkOption {
|
||||
type = types.attrsOf ( types.submodule (
|
||||
{ options, ... }:
|
||||
{ options = {
|
||||
password = mkOption {
|
||||
type = types.str;
|
||||
description = "Authorized password to the opposite end of the tunnel.";
|
||||
};
|
||||
publicKey = mkOption {
|
||||
type = types.str;
|
||||
description = "Public key at the opposite end of the tunnel.";
|
||||
};
|
||||
};
|
||||
}
|
||||
));
|
||||
default = { };
|
||||
type = types.attrsOf ( types.submodule ( connectToSubmodule ) );
|
||||
default = { };
|
||||
example = {
|
||||
"01:02:03:04:05:06" = {
|
||||
password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM";
|
||||
hostname = "homer.hype";
|
||||
password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM";
|
||||
publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k";
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
Credentials for connecting look similar to UDP credientials
|
||||
description = ''
|
||||
Credentials for connecting look similar to UDP credientials
|
||||
except they begin with the mac address.
|
||||
'';
|
||||
};
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
@ -182,37 +204,51 @@ in
|
||||
|
||||
systemd.services.cjdns = {
|
||||
description = "encrypted networking for everybody";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-interfaces.target" ];
|
||||
wantedBy = [ "network.target" ];
|
||||
after = [ "networkSetup.service" "network-interfaces.target" ];
|
||||
|
||||
script = ''
|
||||
source /etc/cjdns.keys
|
||||
echo '${cjdrouteConf}' | sed \
|
||||
-e "s/@CJDNS_ADMIN_PASSWORD@/$CJDNS_ADMIN_PASSWORD/g" \
|
||||
-e "s/@CJDNS_PRIVATE_KEY@/$CJDNS_PRIVATE_KEY/g" \
|
||||
| ${pkgs.cjdns}/bin/cjdroute
|
||||
preStart = if cfg.confFile != "" then "" else ''
|
||||
[ -e /etc/cjdns.keys ] && source /etc/cjdns.keys
|
||||
|
||||
if [ -z "$CJDNS_PRIVATE_KEY" ]; then
|
||||
shopt -s lastpipe
|
||||
${pkg}/bin/makekeys | { read private ipv6 public; }
|
||||
|
||||
umask 0077
|
||||
echo "CJDNS_PRIVATE_KEY=$private" >> /etc/cjdns.keys
|
||||
echo -e "CJDNS_IPV6=$ipv6\nCJDNS_PUBLIC_KEY=$public" > /etc/cjdns.public
|
||||
|
||||
chmod 600 /etc/cjdns.keys
|
||||
chmod 444 /etc/cjdns.public
|
||||
fi
|
||||
|
||||
if [ -z "$CJDNS_ADMIN_PASSWORD" ]; then
|
||||
echo "CJDNS_ADMIN_PASSWORD=$(${pkgs.coreutils}/bin/head -c 96 /dev/urandom | ${pkgs.coreutils}/bin/tr -dc A-Za-z0-9)" \
|
||||
>> /etc/cjdns.keys
|
||||
fi
|
||||
'';
|
||||
|
||||
script = (
|
||||
if cfg.confFile != "" then "${pkg}/bin/cjdroute < ${cfg.confFile}" else
|
||||
''
|
||||
source /etc/cjdns.keys
|
||||
echo '${cjdrouteConf}' | sed \
|
||||
-e "s/@CJDNS_ADMIN_PASSWORD@/$CJDNS_ADMIN_PASSWORD/g" \
|
||||
-e "s/@CJDNS_PRIVATE_KEY@/$CJDNS_PRIVATE_KEY/g" \
|
||||
| ${pkg}/bin/cjdroute
|
||||
''
|
||||
);
|
||||
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
Restart = "on-failure";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
|
||||
system.activationScripts.cjdns = ''
|
||||
grep -q "CJDNS_PRIVATE_KEY=" /etc/cjdns.keys || \
|
||||
echo "CJDNS_PRIVATE_KEY=$(${pkgs.cjdns}/bin/makekey)" \
|
||||
>> /etc/cjdns.keys
|
||||
|
||||
grep -q "CJDNS_ADMIN_PASSWORD=" /etc/cjdns.keys || \
|
||||
echo "CJDNS_ADMIN_PASSWORD=$(${pkgs.coreutils}/bin/head -c 96 /dev/urandom | ${pkgs.coreutils}/bin/tr -dc A-Za-z0-9)" \
|
||||
>> /etc/cjdns.keys
|
||||
|
||||
chmod 600 /etc/cjdns.keys
|
||||
'';
|
||||
networking.extraHosts = "${cjdnsHosts}";
|
||||
|
||||
assertions = [
|
||||
{ assertion = ( cfg.ETHInterface.bind != "" || cfg.UDPInterface.bind != "" );
|
||||
{ assertion = ( cfg.ETHInterface.bind != "" || cfg.UDPInterface.bind != "" || cfg.confFile == "" );
|
||||
message = "Neither cjdns.ETHInterface.bind nor cjdns.UDPInterface.bind defined.";
|
||||
}
|
||||
{ assertion = config.networking.enableIPv6;
|
||||
@ -222,4 +258,4 @@ in
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
}
|
||||
|
@ -8,15 +8,29 @@ let
|
||||
|
||||
cfg = config.networking.dhcpcd;
|
||||
|
||||
interfaces = attrValues config.networking.interfaces;
|
||||
|
||||
enableDHCP = config.networking.useDHCP || any (i: i.useDHCP == true) interfaces;
|
||||
|
||||
# Don't start dhcpcd on explicitly configured interfaces or on
|
||||
# interfaces that are part of a bridge, bond or sit device.
|
||||
ignoredInterfaces =
|
||||
map (i: i.name) (filter (i: i.ip4 != [ ] || i.ipAddress != null) (attrValues config.networking.interfaces))
|
||||
map (i: i.name) (filter (i: if i.useDHCP != null then !i.useDHCP else i.ip4 != [ ] || i.ipAddress != null) interfaces)
|
||||
++ mapAttrsToList (i: _: i) config.networking.sits
|
||||
++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges))
|
||||
++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bonds))
|
||||
++ config.networking.dhcpcd.denyInterfaces;
|
||||
|
||||
arrayAppendOrNull = a1: a2: if a1 == null && a2 == null then null
|
||||
else if a1 == null then a2 else if a2 == null then a1
|
||||
else a1 ++ a2;
|
||||
|
||||
# If dhcp is disabled but explicit interfaces are enabled,
|
||||
# we need to provide dhcp just for those interfaces.
|
||||
allowInterfaces = arrayAppendOrNull cfg.allowInterfaces
|
||||
(if !config.networking.useDHCP && enableDHCP then
|
||||
map (i: i.name) (filter (i: i.useDHCP == true) interfaces) else null);
|
||||
|
||||
# Config file adapted from the one that ships with dhcpcd.
|
||||
dhcpcdConf = pkgs.writeText "dhcpcd.conf"
|
||||
''
|
||||
@ -41,7 +55,7 @@ let
|
||||
denyinterfaces ${toString ignoredInterfaces} lo peth* vif* tap* tun* virbr* vnet* vboxnet* sit*
|
||||
|
||||
# Use the list of allowed interfaces if specified
|
||||
${optionalString (cfg.allowInterfaces != null) "allowinterfaces ${toString cfg.allowInterfaces}"}
|
||||
${optionalString (allowInterfaces != null) "allowinterfaces ${toString allowInterfaces}"}
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
@ -132,7 +146,7 @@ in
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.networking.useDHCP {
|
||||
config = mkIf enableDHCP {
|
||||
|
||||
systemd.services.dhcpcd =
|
||||
{ description = "DHCP Client";
|
||||
|
134
nixos/modules/services/networking/dnscrypt-proxy.nix
Normal file
134
nixos/modules/services/networking/dnscrypt-proxy.nix
Normal file
@ -0,0 +1,134 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
apparmorEnabled = config.security.apparmor.enable;
|
||||
dnscrypt-proxy = pkgs.dnscrypt-proxy;
|
||||
cfg = config.services.dnscrypt-proxy;
|
||||
uid = config.ids.uids.dnscrypt-proxy;
|
||||
daemonArgs =
|
||||
[ "--daemonize"
|
||||
"--user=dnscrypt-proxy"
|
||||
"--local-address=${cfg.localAddress}:${toString cfg.port}"
|
||||
(optionalString cfg.tcpOnly "--tcp-only")
|
||||
"--resolvers-list=${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
|
||||
"--resolver-name=${cfg.resolverName}"
|
||||
];
|
||||
in
|
||||
|
||||
{
|
||||
##### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.dnscrypt-proxy = {
|
||||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Enable dnscrypt-proxy.
|
||||
The proxy relays regular DNS queries to a DNSCrypt enabled
|
||||
upstream resolver.
|
||||
The traffic between the client and the upstream resolver is
|
||||
encrypted and authenticated, which may mitigate the risk of MITM
|
||||
attacks and third-party snooping (assuming the upstream is
|
||||
trustworthy).
|
||||
'';
|
||||
};
|
||||
|
||||
localAddress = mkOption {
|
||||
default = "127.0.0.1";
|
||||
type = types.string;
|
||||
description = ''
|
||||
Listen for DNS queries on this address.
|
||||
'';
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
default = 53;
|
||||
type = types.int;
|
||||
description = ''
|
||||
Listen on this port.
|
||||
'';
|
||||
};
|
||||
|
||||
resolverName = mkOption {
|
||||
default = "opendns";
|
||||
type = types.string;
|
||||
description = ''
|
||||
The name of the upstream DNSCrypt resolver to use.
|
||||
See <literal>${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv</literal>
|
||||
for alternative resolvers (e.g., if you are concerned about logging
|
||||
and/or server location).
|
||||
'';
|
||||
};
|
||||
|
||||
tcpOnly = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Force sending encrypted DNS queries to the upstream resolver
|
||||
over TCP instead of UDP (on port 443).
|
||||
Enabling this option may help circumvent filtering, but should
|
||||
not be used otherwise.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
##### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
### AppArmor profile
|
||||
|
||||
security.apparmor.profiles = mkIf apparmorEnabled [
|
||||
(pkgs.writeText "apparmor-dnscrypt-proxy" ''
|
||||
|
||||
${dnscrypt-proxy}/sbin/dnscrypt-proxy {
|
||||
capability ipc_lock,
|
||||
capability net_bind_service,
|
||||
capability net_admin,
|
||||
capability sys_chroot,
|
||||
capability setgid,
|
||||
capability setuid,
|
||||
|
||||
/dev/null rw,
|
||||
/dev/urandom r,
|
||||
|
||||
${pkgs.glibc}/lib/*.so mr,
|
||||
${pkgs.tzdata}/share/zoneinfo/** r,
|
||||
|
||||
${dnscrypt-proxy}/share/dnscrypt-proxy/** r,
|
||||
${pkgs.gcc.gcc}/lib/libssp.so.* mr,
|
||||
${pkgs.libsodium}/lib/libsodium.so.* mr,
|
||||
}
|
||||
'')
|
||||
];
|
||||
|
||||
### User
|
||||
|
||||
users.extraUsers = singleton {
|
||||
inherit uid;
|
||||
name = "dnscrypt-proxy";
|
||||
description = "dnscrypt-proxy daemon user";
|
||||
};
|
||||
|
||||
### Service definition
|
||||
|
||||
systemd.services.dnscrypt-proxy = {
|
||||
description = "dnscrypt-proxy daemon";
|
||||
after = [ "network.target" ] ++ optional apparmorEnabled "apparmor.service";
|
||||
requires = mkIf apparmorEnabled [ "apparmor.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
ExecStart = "${dnscrypt-proxy}/sbin/dnscrypt-proxy ${toString daemonArgs}";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
@ -82,7 +82,7 @@ in
|
||||
|
||||
systemd.services.dnsmasq = {
|
||||
description = "dnsmasq daemon";
|
||||
after = [ "network.target" ];
|
||||
after = [ "network.target" "systemd-resolved.conf" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ dnsmasq ];
|
||||
preStart = ''
|
||||
|
@ -187,6 +187,12 @@ let
|
||||
# Clean up after added ruleset
|
||||
ip46tables -D INPUT -j nixos-fw 2>/dev/null || true
|
||||
|
||||
${optionalString (kernelHasRPFilter && cfg.checkReversePath) ''
|
||||
if ! ip46tables -D PREROUTING -t raw -m rpfilter --invert -j DROP; then
|
||||
echo "<2>failed to stop rpfilter support" >&2
|
||||
fi
|
||||
''}
|
||||
|
||||
${cfg.extraStopCommands}
|
||||
'';
|
||||
|
||||
@ -452,8 +458,9 @@ in
|
||||
|
||||
systemd.services.firewall = {
|
||||
description = "Firewall";
|
||||
wantedBy = [ "network.target" ];
|
||||
after = [ "network-interfaces.target" "systemd-modules-load.service" ];
|
||||
wantedBy = [ "network-pre.target" ];
|
||||
before = [ "network-pre.target" ];
|
||||
after = [ "systemd-modules-load.service" ];
|
||||
|
||||
path = [ pkgs.iptables ];
|
||||
|
||||
|
@ -3,7 +3,6 @@ with lib;
|
||||
let
|
||||
|
||||
cfg = config.services.gitDaemon;
|
||||
gitUser = "git";
|
||||
|
||||
in
|
||||
{
|
||||
@ -14,6 +13,7 @@ in
|
||||
services.gitDaemon = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable Git daemon, which allows public hosting of git repositories
|
||||
@ -28,6 +28,7 @@ in
|
||||
};
|
||||
|
||||
basePath = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "/srv/git/";
|
||||
description = ''
|
||||
@ -38,6 +39,7 @@ in
|
||||
};
|
||||
|
||||
exportAll = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Publish all directories that look like Git repositories (have the objects
|
||||
@ -52,6 +54,7 @@ in
|
||||
};
|
||||
|
||||
repositories = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [ "/srv/git" "/home/user/git/repo2" ];
|
||||
description = ''
|
||||
@ -64,21 +67,36 @@ in
|
||||
};
|
||||
|
||||
listenAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "example.com";
|
||||
description = "Listen on a specific IP address or hostname.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 9418;
|
||||
description = "Port to listen on.";
|
||||
};
|
||||
|
||||
options = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Extra configuration options to be passed to Git daemon.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "git";
|
||||
description = "User under which Git daemon would be running.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "git";
|
||||
description = "Group under which Git daemon would be running.";
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
@ -86,14 +104,14 @@ in
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
users.extraUsers = singleton
|
||||
{ name = gitUser;
|
||||
users.extraUsers = if cfg.user != "git" then {} else singleton
|
||||
{ name = "git";
|
||||
uid = config.ids.uids.git;
|
||||
description = "Git daemon user";
|
||||
};
|
||||
|
||||
users.extraGroups = singleton
|
||||
{ name = gitUser;
|
||||
users.extraGroups = if cfg.group != "git" then {} else singleton
|
||||
{ name = "git";
|
||||
gid = config.ids.gids.git;
|
||||
};
|
||||
|
||||
@ -103,8 +121,8 @@ in
|
||||
exec = "${pkgs.git}/bin/git daemon --reuseaddr "
|
||||
+ (optionalString (cfg.basePath != "") "--base-path=${cfg.basePath} ")
|
||||
+ (optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ")
|
||||
+ "--port=${toString cfg.port} --user=${gitUser} --group=${gitUser} ${cfg.options} "
|
||||
+ "--verbose " + (optionalString cfg.exportAll "--export-all") + concatStringsSep " " cfg.repositories;
|
||||
+ "--port=${toString cfg.port} --user=${cfg.user} --group=${cfg.group} ${cfg.options} "
|
||||
+ "--verbose " + (optionalString cfg.exportAll "--export-all ") + concatStringsSep " " cfg.repositories;
|
||||
};
|
||||
|
||||
};
|
||||
|
@ -76,8 +76,7 @@ in
|
||||
exec ${pkgs.gogoclient}/bin/gogoc -y -f /var/lib/gogoc/gogoc.conf
|
||||
'';
|
||||
} // optionalAttrs cfg.autorun {
|
||||
wantedBy = [ "ip-up.target" ];
|
||||
partOf = [ "ip-up.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
};
|
||||
|
198
nixos/modules/services/networking/i2pd.nix
Normal file
198
nixos/modules/services/networking/i2pd.nix
Normal file
@ -0,0 +1,198 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.i2pd;
|
||||
|
||||
homeDir = "/var/lib/i2pd";
|
||||
|
||||
extip = "EXTIP=$(${pkgs.curl}/bin/curl -sf "http://jsonip.com" | ${pkgs.gawk}/bin/awk -F'\"' '{print $4}')";
|
||||
|
||||
i2pSh = pkgs.writeScriptBin "i2pd" ''
|
||||
#!/bin/sh
|
||||
${if isNull cfg.extIp then extip else ""}
|
||||
${pkgs.i2pd}/bin/i2p --log=1 --daemon=0 --service=0 \
|
||||
--v6=${if cfg.enableIPv6 then "1" else "0"} \
|
||||
--unreachable=${if cfg.unreachable then "1" else "0"} \
|
||||
--host=${if isNull cfg.extIp then "$EXTIP" else cfg.extIp} \
|
||||
${if isNull cfg.port then "" else "--port=${toString cfg.port}"} \
|
||||
--httpproxyport=${toString cfg.proxy.httpPort} \
|
||||
--socksproxyport=${toString cfg.proxy.socksPort} \
|
||||
--ircport=${toString cfg.irc.port} \
|
||||
--ircdest=${cfg.irc.dest} \
|
||||
--irckeys=${cfg.irc.keyFile} \
|
||||
--eepport=${toString cfg.eep.port} \
|
||||
${if isNull cfg.sam.port then "" else "--samport=${toString cfg.sam.port}"} \
|
||||
--eephost=${cfg.eep.host} \
|
||||
--eepkeys=${cfg.eep.keyFile}
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.i2pd = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enables I2Pd as a running service upon activation.
|
||||
'';
|
||||
};
|
||||
|
||||
extIp = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Your external IP.
|
||||
'';
|
||||
};
|
||||
|
||||
unreachable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
If the router is declared to be unreachable and needs introduction nodes.
|
||||
'';
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = with types; nullOr int;
|
||||
default = null;
|
||||
description = ''
|
||||
I2P listen port. If no one is given the router will pick between 9111 and 30777.
|
||||
'';
|
||||
};
|
||||
|
||||
enableIPv6 = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enables IPv6 connectivity. Disabled by default.
|
||||
'';
|
||||
};
|
||||
|
||||
http = {
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 7070;
|
||||
description = ''
|
||||
HTTP listen port.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
proxy = {
|
||||
httpPort = mkOption {
|
||||
type = types.int;
|
||||
default = 4446;
|
||||
description = ''
|
||||
HTTP proxy listen port.
|
||||
'';
|
||||
};
|
||||
socksPort = mkOption {
|
||||
type = types.int;
|
||||
default = 4447;
|
||||
description = ''
|
||||
SOCKS proxy listen port.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
irc = {
|
||||
dest = mkOption {
|
||||
type = types.str;
|
||||
default = "irc.postman.i2p";
|
||||
description = ''
|
||||
Destination I2P tunnel endpoint address of IRC server. irc.postman.i2p by default.
|
||||
'';
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 6668;
|
||||
description = ''
|
||||
Local IRC tunnel endoint port to listen on. 6668 by default.
|
||||
'';
|
||||
};
|
||||
keyFile = mkOption {
|
||||
type = types.str;
|
||||
default = "privKeys.dat";
|
||||
description = ''
|
||||
File name containing destination keys. privKeys.dat by default.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
eep = {
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = ''
|
||||
Address to forward incoming traffic to. 127.0.0.1 by default.
|
||||
'';
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 80;
|
||||
description = ''
|
||||
Port to forward incoming trafic to. 80 by default.
|
||||
'';
|
||||
};
|
||||
keyFile = mkOption {
|
||||
type = types.str;
|
||||
default = "privKeys.dat";
|
||||
description = ''
|
||||
File name containing destination keys. privKeys.dat by default.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
sam = {
|
||||
port = mkOption {
|
||||
type = with types; nullOr int;
|
||||
default = null;
|
||||
description = ''
|
||||
Local SAM tunnel endpoint. Usually 7656. SAM is disabled if not specified.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
users.extraUsers.i2pd = {
|
||||
group = "i2pd";
|
||||
description = "I2Pd User";
|
||||
home = homeDir;
|
||||
createHome = true;
|
||||
uid = config.ids.uids.i2pd;
|
||||
};
|
||||
|
||||
users.extraGroups.i2pd.gid = config.ids.gids.i2pd;
|
||||
|
||||
systemd.services.i2pd = {
|
||||
description = "Minimal I2P router";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig =
|
||||
{
|
||||
User = "i2pd";
|
||||
WorkingDirectory = homeDir;
|
||||
Restart = "on-abort";
|
||||
ExecStart = "${i2pSh}/bin/i2pd";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
#
|
@ -79,7 +79,7 @@ in
|
||||
{ description = "MiniDLNA Server";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
after = [ "network.target" "local-fs.target" ];
|
||||
|
||||
preStart =
|
||||
''
|
||||
|
@ -157,9 +157,9 @@ in
|
||||
|
||||
boot = {
|
||||
kernelModules = [ "nf_nat_ftp" ];
|
||||
kernel.sysctl = mkOverride 99 {
|
||||
"net.ipv4.conf.all.forwarding" = true;
|
||||
"net.ipv4.conf.default.forwarding" = true;
|
||||
kernel.sysctl = {
|
||||
"net.ipv4.conf.all.forwarding" = mkOverride 99 true;
|
||||
"net.ipv4.conf.default.forwarding" = mkOverride 99 true;
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -52,6 +52,7 @@ let
|
||||
#!/bin/sh
|
||||
if test "$2" = "up"; then
|
||||
${config.systemd.package}/bin/systemctl start ip-up.target
|
||||
${config.systemd.package}/bin/systemctl start network-online.target
|
||||
fi
|
||||
'';
|
||||
|
||||
@ -177,8 +178,8 @@ in {
|
||||
systemd.services."networkmanager-init" = {
|
||||
description = "NetworkManager initialisation";
|
||||
wantedBy = [ "network.target" ];
|
||||
wants = [ "NetworkManager.service" ];
|
||||
before = [ "NetworkManager.service" ];
|
||||
wants = [ "network-manager.service" ];
|
||||
before = [ "network-manager.service" ];
|
||||
script = ''
|
||||
mkdir -m 700 -p /etc/NetworkManager/system-connections
|
||||
mkdir -m 755 -p ${stateDirs}
|
||||
@ -193,7 +194,7 @@ in {
|
||||
};
|
||||
|
||||
powerManagement.resumeCommands = ''
|
||||
systemctl restart NetworkManager
|
||||
Systemctl restart network-manager
|
||||
'';
|
||||
|
||||
security.polkit.extraConfig = polkitConf;
|
||||
|
@ -45,9 +45,10 @@ in
|
||||
|
||||
servers = mkOption {
|
||||
default = [
|
||||
"0.pool.ntp.org"
|
||||
"1.pool.ntp.org"
|
||||
"2.pool.ntp.org"
|
||||
"0.nixos.pool.ntp.org"
|
||||
"1.nixos.pool.ntp.org"
|
||||
"2.nixos.pool.ntp.org"
|
||||
"3.nixos.pool.ntp.org"
|
||||
];
|
||||
description = ''
|
||||
The set of NTP servers from which to synchronise.
|
||||
@ -76,8 +77,7 @@ in
|
||||
jobs.ntpd =
|
||||
{ description = "NTP Daemon";
|
||||
|
||||
wantedBy = [ "ip-up.target" ];
|
||||
partOf = [ "ip-up.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
path = [ ntp ];
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user