public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge master into test-1515

Browse Source 
To get rid of 2k aborted builds. ?compare=1095725
This commit is contained in:
Vladimír Čunát 2014-04-12 10:38:40 +02:00
commit 7be0e37ca2
342 changed files with 5371 additions and 1823 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/lists.nix
View File

@ -226,4 +226,7 @@ in rec {
deepSeqList = xs: y: if any (x: deepSeq x false) xs then y else y; deepSeqList = xs: y: if any (x: deepSeq x false) xs then y else y;
crossLists = f: foldl (fs: args: concatMap (f: map f args) fs) [f]; crossLists = f: foldl (fs: args: concatMap (f: map f args) fs) [f];
# List difference, xs - ys. Removes elements of ys from xs.
difference = xs: ys: filter (y: !(builtins.elem y ys)) xs;
} }

1
lib/maintainers.nix
View File

@ -28,6 +28,7 @@
coroa = "Jonas Hörsch <jonas@chaoflow.net>"; coroa = "Jonas Hörsch <jonas@chaoflow.net>";
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>"; edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>"; eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
emery = "Emery Hemingawy <emery@vfemail.net>";
ertes = "Ertugrul Söylemez <es@ertes.de>"; ertes = "Ertugrul Söylemez <es@ertes.de>";
falsifian = "James Cook <james.cook@utoronto.ca>"; falsifian = "James Cook <james.cook@utoronto.ca>";
garbas = "Rok Garbas <rok@garbas.si>"; garbas = "Rok Garbas <rok@garbas.si>";

3
maintainers/scripts/nixpkgs-lint.pl
View File

@ -31,8 +31,7 @@ GetOptions("package|p=s" => \$filter,
"maintainer|m=s" => \$maintainer, "maintainer|m=s" => \$maintainer,
"file|f=s" => \$path, "file|f=s" => \$path,
"help" => sub { showHelp() } "help" => sub { showHelp() }
) ) or exit 1;
or die("syntax: $0 ...\n");
# Evaluate Nixpkgs into an XML representation. # Evaluate Nixpkgs into an XML representation.
my $xml = `nix-env -f '$path' -qa '$filter' --xml --meta --drv-path`; my $xml = `nix-env -f '$path' -qa '$filter' --xml --meta --drv-path`;

242
nixos/doc/manual/containers.xml Normal file
View File

@ -0,0 +1,242 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="ch-containers">
<title>Containers</title>
<para>NixOS allows you to easily run other NixOS instances as
<emphasis>containers</emphasis>. Containers are a light-weight
approach to virtualisation that runs software in the container at the
same speed as in the host system. NixOS containers share the Nix store
of the host, making container creation very efficient.</para>
<warning><para>Currently, NixOS containers are not perfectly isolated
from the host system. This means that a user with root access to the
container can do things that affect the host. So you should not give
container root access to untrusted users.</para></warning>
<para>NixOS containers can be created in two ways: imperatively, using
the command <command>nixos-container</command>, and declaratively, by
specifying them in your <filename>configuration.nix</filename>. The
declarative approach implies that containers get upgraded along with
your host system when you run <command>nixos-rebuild</command>, which
is often not what you want. By contrast, in the imperative approach,
containers are configured and updated independently from the host
system.</para>
<section><title>Imperative container management</title>
<para>Well cover imperative container management using
<command>nixos-container</command> first. You create a container with
identifier <literal>foo</literal> as follows:
<screen>
$ nixos-container create foo
</screen>
This creates the containers root directory in
<filename>/var/lib/containers/foo</filename> and a small configuration
file in <filename>/etc/containers/foo.conf</filename>. It also builds
the containers initial system configuration and stores it in
<filename>/nix/var/nix/profiles/per-container/foo/system</filename>. You
can modify the initial configuration of the container on the command
line. For instance, to create a container that has
<command>sshd</command> running, with the given public key for
<literal>root</literal>:
<screen>
$ nixos-container create foo --config 'services.openssh.enable = true; \
users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"];'
</screen>
</para>
<para>Creating a container does not start it. To start the container,
run:
<screen>
$ nixos-container start foo
</screen>
This command will return as soon as the container has booted and has
reached <literal>multi-user.target</literal>. On the host, the
container runs within a systemd unit called
<literal>container@<replaceable>container-name</replaceable>.service</literal>.
Thus, if something went wrong, you can get status info using
<command>systemctl</command>:
<screen>
$ systemctl status container@foo
</screen>
</para>
<para>If the container has started succesfully, you can log in as
root using the <command>root-login</command> operation:
<screen>
$ nixos-container root-login foo
[root@foo:~]#
</screen>
Note that only root on the host can do this (since there is no
authentication). You can also get a regular login prompt using the
<command>login</command> operation, which is available to all users on
the host:
<screen>
$ nixos-container login foo
foo login: alice
Password: ***
</screen>
With <command>nixos-container run</command>, you can execute arbitrary
commands in the container:
<screen>
$ nixos-container run foo -- uname -a
Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
</screen>
</para>
<para>There are several ways to change the configuration of the
container. First, on the host, you can edit
<literal>/var/lib/container/<replaceable>name</replaceable>/etc/nixos/configuration.nix</literal>,
and run
<screen>
$ nixos-container update foo
</screen>
This will build and activate the new configuration. You can also
specify a new configuration on the command line:
<screen>
$ nixos-container update foo --config 'services.httpd.enable = true; \
services.httpd.adminAddr = "foo@example.org";'
$ curl http://$(nixos-container show-ip foo)/
&lt;!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">…
</screen>
However, note that this will overwrite the containers
<filename>/etc/nixos/configuration.nix</filename>.</para>
<para>Alternatively, you can change the configuration from within the
container itself by running <command>nixos-rebuild switch</command>
inside the container. Note that the container by default does not have
a copy of the NixOS channel, so you should run <command>nix-channel
--update</command> first.</para>
<para>Containers can be stopped and started using
<literal>nixos-container stop</literal> and <literal>nixos-container
start</literal>, respectively, or by using
<command>systemctl</command> on the containers service unit. To
destroy a container, including its file system, do
<screen>
$ nixos-container destroy foo
</screen>
</para>
</section>
<section><title>Declarative container specification</title>
<para>You can also specify containers and their configuration in the
hosts <filename>configuration.nix</filename>. For example, the
following specifies that there shall be a container named
<literal>database</literal> running PostgreSQL:
<programlisting>
containers.database =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql92;
};
};
</programlisting>
If you run <literal>nixos-rebuild switch</literal>, the container will
be built and started. If the container was already running, it will be
updated in place, without rebooting.</para>
<para>By default, declarative containers share the network namespace
of the host, meaning that they can listen on (privileged)
ports. However, they cannot change the network configuration. You can
give a container its own network as follows:
<programlisting>
containers.database =
{ privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
};
</programlisting>
This gives the container a private virtual Ethernet interface with IP
address <literal>192.168.100.11</literal>, which is hooked up to a
virtual Ethernet interface on the host with IP address
<literal>192.168.100.10</literal>. (See the next section for details
on container networking.)</para>
<para>To disable the container, just remove it from
<filename>configuration.nix</filename> and run <literal>nixos-rebuild
switch</literal>. Note that this will not delete the root directory of
the container in <literal>/var/lib/containers</literal>.</para>
</section>
<section><title>Networking</title>
<para>When you create a container using <literal>nixos-container
create</literal>, it gets it own private IPv4 address in the range
<literal>10.233.0.0/16</literal>. You can get the containers IPv4
address as follows:
<screen>
$ nixos-container show-ip foo
10.233.4.2
$ ping -c1 10.233.4.2
64 bytes from 10.233.4.2: icmp_seq=1 ttl=64 time=0.106 ms
</screen>
</para>
<para>Networking is implemented using a pair of virtual Ethernet
devices. The network interface in the container is called
<literal>eth0</literal>, while the matching interface in the host is
called <literal>c-<replaceable>container-name</replaceable></literal>
(e.g., <literal>c-foo</literal>). The container has its own network
namespace and the <literal>CAP_NET_ADMIN</literal> capability, so it
can perform arbitrary network configuration such as setting up
firewall rules, without affecting or having access to the hosts
network.</para>
<para>By default, containers cannot talk to the outside network. If
you want that, you should set up Network Address Translation (NAT)
rules on the host to rewrite container traffic to use your external
IP address. This can be accomplished using the following configuration
on the host:
<programlisting>
networking.nat.enable = true;
networking.nat.internalInterfaces = ["c-+"];
networking.nat.externalInterface = "eth0";
</programlisting>
where <literal>eth0</literal> should be replaced with the desired
external interface. Note that <literal>c-+</literal> is a wildcard
that matches all container interfaces.</para>
</section>
</chapter>

1
nixos/doc/manual/manual.xml
View File

@ -54,6 +54,7 @@
<xi:include href="running.xml" /> <xi:include href="running.xml" />
<!-- <xi:include href="userconfiguration.xml" /> --> <!-- <xi:include href="userconfiguration.xml" /> -->
<xi:include href="troubleshooting.xml" /> <xi:include href="troubleshooting.xml" />
<xi:include href="containers.xml" />
<xi:include href="development.xml" /> <xi:include href="development.xml" />
<xi:include href="release-notes.xml" /> <xi:include href="release-notes.xml" />

39
nixos/doc/manual/release-notes.xml
View File

@ -7,7 +7,7 @@
<section xml:id="sec-release-14.02"> <section xml:id="sec-release-14.02">
<title>Release 14.02 (“Baboon”, 2014/02/??)</title> <title>Release 14.04 (“Baboon”, 2014/04/??)</title>
<para>This is the second stable release branch of NixOS. The main <para>This is the second stable release branch of NixOS. The main
enhancements are the following: enhancements are the following:
@ -18,13 +18,9 @@ enhancements are the following:
<xref linkend="sec-uefi-installation"/> for <xref linkend="sec-uefi-installation"/> for
details.</para></listitem> details.</para></listitem>
<listitem><para>NixOS is now based on Glibc 2.18 and GCC <listitem><para>NixOS is now based on Glibc 2.19 and GCC
4.8.</para></listitem> 4.8.</para></listitem>
<listitem><para>The mysql55 service has been merged into the
mysql service, which no longer sets a default for the 'package
option.</para></listitem>
</itemizedlist> </itemizedlist>
</para> </para>
@ -34,10 +30,41 @@ following incompatible changes:
<itemizedlist> <itemizedlist>
<listitem><para>Nixpkgs no longer exposes unfree packages by
default. If your NixOS configuration requires unfree packages from
Nixpkgs, you need to enable support for them explicitly by setting:
<programlisting>
nixpkgs.config.allowUnfree = true;
</programlisting>
Otherwise, you get an error message such as:
<screen>
error: package nvidia-x11-331.49-3.12.17 in ‘…/nvidia-x11/default.nix:56
has an unfree license, refusing to evaluate
</screen>
</para></listitem>
<listitem><para>The firewall is now enabled by default. If you dont
want this, you need to disable it explicitly:
<programlisting>
networking.firewall.enable = false;
</programlisting>
</para></listitem>
<listitem><para>The option <listitem><para>The option
<option>boot.loader.grub.memtest86</option> has been renamed to <option>boot.loader.grub.memtest86</option> has been renamed to
<option>boot.loader.grub.memtest86.enable</option>.</para></listitem> <option>boot.loader.grub.memtest86.enable</option>.</para></listitem>
<listitem><para>The <literal>mysql55</literal> service has been
merged into the <literal>mysql</literal> service, which no longer
sets a default for the option
<option>services.mysql.package</option>.</para></listitem>
</itemizedlist> </itemizedlist>
</para> </para>

7
nixos/lib/eval-config.nix
View File

@ -26,10 +26,15 @@ rec {
# These are the extra arguments passed to every module. In # These are the extra arguments passed to every module. In
# particular, Nixpkgs is passed through the "pkgs" argument. # particular, Nixpkgs is passed through the "pkgs" argument.
# FIXME: we enable config.allowUnfree to make packages like
# nvidia-x11 available. This isn't a problem because if the user has
# nixpkgs.config.allowUnfree = false, then evaluation will fail on
# the 64-bit package anyway. However, it would be cleaner to respect
# nixpkgs.config here.
extraArgs = extraArgs_ // { extraArgs = extraArgs_ // {
inherit pkgs modules baseModules; inherit pkgs modules baseModules;
modulesPath = ../modules; modulesPath = ../modules;
pkgs_i686 = import ./nixpkgs.nix { system = "i686-linux"; }; pkgs_i686 = import ./nixpkgs.nix { system = "i686-linux"; config.allowUnfree = true; };
utils = import ./utils.nix pkgs; utils = import ./utils.nix pkgs;
}; };

2
nixos/lib/test-driver/test-driver.pl
View File

@ -147,7 +147,7 @@ sub runTests {
$log->nest("syncing", sub { $log->nest("syncing", sub {
foreach my $vm (values %vms) { foreach my $vm (values %vms) {
next unless $vm->isUp(); next unless $vm->isUp();
$vm->execute("sync /tmp/xchg"); $vm->execute("sync");
} }
}); });

1
nixos/modules/config/system-path.nix
View File

@ -46,6 +46,7 @@ let
pkgs.rsync pkgs.rsync
pkgs.strace pkgs.strace
pkgs.sysvtools pkgs.sysvtools
pkgs.su
pkgs.time pkgs.time
pkgs.usbutils pkgs.usbutils
pkgs.utillinux pkgs.utillinux

94
nixos/modules/config/users-groups.nix
View File

@ -7,6 +7,9 @@ let
ids = config.ids; ids = config.ids;
cfg = config.users; cfg = config.users;
nonUidUsers = filterAttrs (n: u: u.createUser && u.uid == null) cfg.extraUsers;
nonGidGroups = filterAttrs (n: g: g.gid == null) cfg.extraGroups;
passwordDescription = '' passwordDescription = ''
The options <literal>hashedPassword</literal>, The options <literal>hashedPassword</literal>,
<literal>password</literal> and <literal>passwordFile</literal> <literal>password</literal> and <literal>passwordFile</literal>
@ -31,7 +34,10 @@ let
name = mkOption { name = mkOption {
type = types.str; type = types.str;
description = "The name of the user account. If undefined, the name of the attribute set will be used."; description = ''
The name of the user account. If undefined, the name of the
attribute set will be used.
'';
}; };
description = mkOption { description = mkOption {
@ -46,8 +52,14 @@ let
}; };
uid = mkOption { uid = mkOption {
type = with types; uniq int; type = with types; nullOr int;
description = "The account UID."; default = null;
description = ''
The account UID. If the <literal>mutableUsers</literal> option
is false, the UID cannot be null. Otherwise, the UID might be
null, in which case a free UID is picked on activation (by the
useradd command).
'';
}; };
group = mkOption { group = mkOption {
@ -151,12 +163,21 @@ let
name = mkOption { name = mkOption {
type = types.str; type = types.str;
description = "The name of the group. If undefined, the name of the attribute set will be used."; description = ''
The name of the group. If undefined, the name of the attribute set
will be used.
'';
}; };
gid = mkOption { gid = mkOption {
type = with types; uniq int; type = with types; nullOr int;
description = "The GID of the group."; default = null;
description = ''
The group GID. If the <literal>mutableUsers</literal> option
is false, the GID cannot be null. Otherwise, the GID might be
null, in which case a free GID is picked on activation (by the
groupadd command).
'';
}; };
members = mkOption { members = mkOption {
@ -218,13 +239,15 @@ let
groupFile = pkgs.writeText "group" ( groupFile = pkgs.writeText "group" (
concatStringsSep "\n" (map (g: mkGroupEntry g.name) ( concatStringsSep "\n" (map (g: mkGroupEntry g.name) (
sortOn "gid" (attrValues cfg.extraGroups) let f = g: g.gid != null; in
sortOn "gid" (filter f (attrValues cfg.extraGroups))
)) ))
); );
passwdFile = pkgs.writeText "passwd" ( passwdFile = pkgs.writeText "passwd" (
concatStringsSep "\n" (map (u: mkPasswdEntry u.name) ( concatStringsSep "\n" (map (u: mkPasswdEntry u.name) (
sortOn "uid" (filter (u: u.createUser) (attrValues cfg.extraUsers)) let f = u: u.createUser && (u.uid != null); in
sortOn "uid" (filter f (attrValues cfg.extraUsers))
)) ))
); );
@ -261,11 +284,11 @@ let
then builtins.trace "Duplicate ${idAttr} ${id}" { dup = true; acc = null; } then builtins.trace "Duplicate ${idAttr} ${id}" { dup = true; acc = null; }
else { dup = false; acc = newAcc; } else { dup = false; acc = newAcc; }
) { dup = false; acc = {}; } (builtins.attrNames set)).dup; ) { dup = false; acc = {}; } (builtins.attrNames set)).dup;
uidsAreUnique = idsAreUnique cfg.extraUsers "uid";
gidsAreUnique = idsAreUnique cfg.extraGroups "gid";
in
{ uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.extraUsers) "uid";
gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.extraGroups) "gid";
in {
###### interface ###### interface
@ -424,15 +447,30 @@ in
} }
fi fi
''; '';
mkhome = n: u: mkhome = n: u: ''
let uid="$(id -u ${u.name})"
uid = toString u.uid; gid="$(id -g ${u.name})"
gid = toString ((getGroup u.group).gid); h="${u.home}"
h = u.home; test -a "$h" || mkdir -p "$h" || true
in '' test "$(stat -c %u "$h")" = $uid || chown $uid "$h" || true
test -a "${h}" || mkdir -p "${h}" || true test "$(stat -c %g "$h")" = $gid || chgrp $gid "$h" || true
test "$(stat -c %u "${h}")" = ${uid} || chown ${uid} "${h}" || true '';
test "$(stat -c %g "${h}")" = ${gid} || chgrp ${gid} "${h}" || true groupadd = n: g: ''
if [ -z "$(getent group "${g.name}")" ]; then
echo "Adding group ${g.name}"
${pkgs.shadow}/sbin/groupadd "${g.name}"
fi
'';
useradd = n: u: ''
if ! id "${u.name}" &>/dev/null; then
echo "Adding user ${u.name}"
${pkgs.shadow}/sbin/useradd \
-g "${u.group}" \
-s "${u.shell}" \
-d "${u.home}" \
"${u.name}"
echo "${u.name}:x" | ${pkgs.shadow}/sbin/chpasswd -e
fi
''; '';
in stringAfter [ "etc" ] '' in stringAfter [ "etc" ] ''
touch /etc/group touch /etc/group
@ -441,6 +479,8 @@ in
VISUAL=${merger passwdFile} ${pkgs.shadow}/sbin/vipw &>/dev/null VISUAL=${merger passwdFile} ${pkgs.shadow}/sbin/vipw &>/dev/null
${pkgs.shadow}/sbin/grpconv ${pkgs.shadow}/sbin/grpconv
${pkgs.shadow}/sbin/pwconv ${pkgs.shadow}/sbin/pwconv
${concatStrings (mapAttrsToList groupadd nonGidGroups)}
${concatStrings (mapAttrsToList useradd nonUidUsers)}
${concatStrings (mapAttrsToList mkhome mkhomeUsers)} ${concatStrings (mapAttrsToList mkhome mkhomeUsers)}
${concatStrings (mapAttrsToList setpw setpwUsers)} ${concatStrings (mapAttrsToList setpw setpwUsers)}
''; '';
@ -448,7 +488,17 @@ in
# for backwards compatibility # for backwards compatibility
system.activationScripts.groups = stringAfter [ "users" ] ""; system.activationScripts.groups = stringAfter [ "users" ] "";
assertions = [ { assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique); message = "uids and gids must be unique!"; } ]; assertions = [
{ assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
message = "uids and gids must be unique!";
}
{ assertion = cfg.mutableUsers || (nonUidUsers == {});
message = "When mutableUsers is false, no uid can be null";
}
{ assertion = cfg.mutableUsers || (nonGidGroups == {});
message = "When mutableUsers is false, no gid can be null";
}
];
}; };

2
nixos/modules/installer/cd-dvd/channel.nix
View File

@ -28,7 +28,7 @@ in
{ {
# Provide the NixOS/Nixpkgs sources in /etc/nixos. This is required # Provide the NixOS/Nixpkgs sources in /etc/nixos. This is required
# for nixos-install. # for nixos-install.
boot.postBootCommands = boot.postBootCommands = mkAfter
'' ''
if ! [ -e /var/lib/nixos/did-channel-init ]; then if ! [ -e /var/lib/nixos/did-channel-init ]; then
echo "unpacking the NixOS/Nixpkgs sources..." echo "unpacking the NixOS/Nixpkgs sources..."

5
nixos/modules/installer/cd-dvd/installation-cd-base.nix
View File

@ -29,8 +29,9 @@ with pkgs.lib;
boot.kernel.sysctl."vm.overcommit_memory" = "1"; boot.kernel.sysctl."vm.overcommit_memory" = "1";
# To speed up installation a little bit, include the complete stdenv # To speed up installation a little bit, include the complete stdenv
# in the Nix store on the CD. # in the Nix store on the CD. Archive::Cpio is needed for the
isoImage.storeContents = [ pkgs.stdenv pkgs.busybox ]; # initrd builder.
isoImage.storeContents = [ pkgs.stdenv pkgs.busybox pkgs.perlPackages.ArchiveCpio ];
# EFI booting # EFI booting
isoImage.makeEfiBootable = true; isoImage.makeEfiBootable = true;

14
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -96,9 +96,9 @@ my $videoDriver;
sub pciCheck { sub pciCheck {
my $path = shift; my $path = shift;
my $vendor = read_file "$path/vendor"; my $vendor = read_file "$path/vendor"; chomp $vendor;
my $device = read_file "$path/device"; my $device = read_file "$path/device"; chomp $device;
my $class = read_file "$path/class"; my $class = read_file "$path/class"; chomp $class;
my $module; my $module;
if (-e "$path/driver/module") { if (-e "$path/driver/module") {
@ -130,6 +130,7 @@ sub pciCheck {
# broadcom STA driver (wl.ko) # broadcom STA driver (wl.ko)
# list taken from http://www.broadcom.com/docs/linux_sta/README.txt # list taken from http://www.broadcom.com/docs/linux_sta/README.txt
# FIXME: still needed?
if ($vendor eq "0x14e4" && if ($vendor eq "0x14e4" &&
($device eq "0x4311" || $device eq "0x4312" || $device eq "0x4313" || ($device eq "0x4311" || $device eq "0x4312" || $device eq "0x4313" ||
$device eq "0x4315" || $device eq "0x4327" || $device eq "0x4328" || $device eq "0x4315" || $device eq "0x4327" || $device eq "0x4328" ||
@ -156,6 +157,7 @@ sub pciCheck {
# Assume that all NVIDIA cards are supported by the NVIDIA driver. # Assume that all NVIDIA cards are supported by the NVIDIA driver.
# There may be exceptions (e.g. old cards). # There may be exceptions (e.g. old cards).
# FIXME: do we want to enable an unfree driver here?
$videoDriver = "nvidia" if $vendor eq "0x10de" && $class =~ /^0x03/; $videoDriver = "nvidia" if $vendor eq "0x10de" && $class =~ /^0x03/;
} }
@ -170,9 +172,9 @@ push @attrs, "hardware.opengl.videoDrivers = [ \"$videoDriver\" ];" if $videoDri
sub usbCheck { sub usbCheck {
my $path = shift; my $path = shift;
my $class = read_file "$path/bInterfaceClass"; my $class = read_file "$path/bInterfaceClass"; chomp $class;
my $subclass = read_file "$path/bInterfaceSubClass"; my $subclass = read_file "$path/bInterfaceSubClass"; chomp $subclass;
my $protocol = read_file "$path/bInterfaceProtocol"; my $protocol = read_file "$path/bInterfaceProtocol"; chomp $protocol;
my $module; my $module;
if (-e "$path/driver/module") { if (-e "$path/driver/module") {

8
nixos/modules/misc/ids.nix
View File

@ -124,6 +124,11 @@
btsync = 113; btsync = 113;
minecraft = 114; minecraft = 114;
monetdb = 115; monetdb = 115;
rippled = 116;
murmur = 117;
foundationdb = 118;
newrelic = 119;
starbound = 120;
# When adding a uid, make sure it doesn't match an existing gid. # When adding a uid, make sure it doesn't match an existing gid.
@ -223,6 +228,9 @@
systemd-journal-gateway = 110; systemd-journal-gateway = 110;
notbit = 111; notbit = 111;
monetdb = 115; monetdb = 115;
foundationdb = 118;
newrelic = 119;
starbound = 120;
# When adding a gid, make sure it doesn't match an existing uid. # When adding a gid, make sure it doesn't match an existing uid.

9
nixos/modules/module-list.nix
View File

@ -96,6 +96,11 @@
./services/databases/postgresql.nix ./services/databases/postgresql.nix
./services/databases/virtuoso.nix ./services/databases/virtuoso.nix
./services/databases/monetdb.nix ./services/databases/monetdb.nix
./services/desktops/accountservice.nix
./services/desktops/gnome3/at-spi2-core.nix
./services/desktops/gnome3/evolution-data-server.nix
./services/desktops/gnome3/sushi.nix
./services/desktops/telepathy.nix
./services/games/ghost-one.nix ./services/games/ghost-one.nix
./services/games/minecraft-server.nix ./services/games/minecraft-server.nix
./services/hardware/acpid.nix ./services/hardware/acpid.nix
@ -133,6 +138,7 @@
./services/misc/nix-gc.nix ./services/misc/nix-gc.nix
./services/misc/nix-ssh-serve.nix ./services/misc/nix-ssh-serve.nix
./services/misc/nixos-manual.nix ./services/misc/nixos-manual.nix
./services/misc/rippled.nix
./services/misc/rogue.nix ./services/misc/rogue.nix
./services/misc/svnserve.nix ./services/misc/svnserve.nix
./services/misc/synergy.nix ./services/misc/synergy.nix
@ -158,6 +164,7 @@
./services/networking/bind.nix ./services/networking/bind.nix
./services/networking/bitlbee.nix ./services/networking/bitlbee.nix
./services/networking/btsync.nix ./services/networking/btsync.nix
./services/networking/cjdns.nix
./services/networking/connman.nix ./services/networking/connman.nix
./services/networking/cntlm.nix ./services/networking/cntlm.nix
./services/networking/chrony.nix ./services/networking/chrony.nix
@ -181,6 +188,7 @@
./services/networking/ircd-hybrid/default.nix ./services/networking/ircd-hybrid/default.nix
./services/networking/kippo.nix ./services/networking/kippo.nix
./services/networking/minidlna.nix ./services/networking/minidlna.nix
./services/networking/murmur.nix
./services/networking/nat.nix ./services/networking/nat.nix
./services/networking/networkmanager.nix ./services/networking/networkmanager.nix
./services/networking/ngircd.nix ./services/networking/ngircd.nix
@ -299,6 +307,7 @@
./tasks/scsi-link-power-management.nix ./tasks/scsi-link-power-management.nix
./tasks/swraid.nix ./tasks/swraid.nix
./testing/service-runner.nix ./testing/service-runner.nix
./virtualisation/container-config.nix
./virtualisation/containers.nix ./virtualisation/containers.nix
./virtualisation/libvirtd.nix ./virtualisation/libvirtd.nix
#./virtualisation/nova.nix #./virtualisation/nova.nix

1
nixos/modules/profiles/installation-device.nix
View File

@ -45,7 +45,6 @@ with pkgs.lib;
# Enable wpa_supplicant, but don't start it by default. # Enable wpa_supplicant, but don't start it by default.
networking.wireless.enable = true; networking.wireless.enable = true;
networking.wireless.userControlled.enable = true;
jobs.wpa_supplicant.startOn = pkgs.lib.mkOverride 50 ""; jobs.wpa_supplicant.startOn = pkgs.lib.mkOverride 50 "";
# Tell the Nix evaluator to garbage collect more aggressively. # Tell the Nix evaluator to garbage collect more aggressively.

2
nixos/modules/programs/ssh.nix
View File

@ -31,7 +31,7 @@ in
setXAuthLocation = mkOption { setXAuthLocation = mkOption {
type = types.bool; type = types.bool;
default = true; default = config.services.xserver.enable;
description = '' description = ''
Whether to set the path to <command>xauth</command> for X11-forwarded connections. Whether to set the path to <command>xauth</command> for X11-forwarded connections.
This causes a dependency on X11 packages. This causes a dependency on X11 packages.

5
nixos/modules/services/continuous-integration/jenkins/default.nix
View File

@ -25,7 +25,8 @@ in {
default = "jenkins"; default = "jenkins";
type = with types; string; type = with types; string;
description = '' description = ''
User the jenkins server should execute under. If the default user "jenkins" is configured then this is the primary
group of that user.
''; '';
}; };
@ -42,7 +43,7 @@ in {
default = 8080; default = 8080;
type = types.uniq types.int; type = types.uniq types.int;
description = '' description = ''
Specifies port number on which the jenkins HTTP interface listens. The default is 8080 Specifies port number on which the jenkins HTTP interface listens. The default is 8080.
''; '';
}; };

3
nixos/modules/services/continuous-integration/jenkins/slave.nix
View File

@ -33,7 +33,8 @@ in {
default = "jenkins"; default = "jenkins";
type = with types; string; type = with types; string;
description = '' description = ''
User the jenkins slave agent should execute under. If the default slave agent user "jenkins" is configured then this is
the primary group of that user.
''; '';
}; };

8
nixos/modules/services/databases/postgresql.nix
View File

@ -197,6 +197,7 @@ in
fi fi
rm -f ${cfg.dataDir}/*.conf rm -f ${cfg.dataDir}/*.conf
touch "${cfg.dataDir}/.first_startup" touch "${cfg.dataDir}/.first_startup"
touch "${cfg.dataDir}/postgresql-user-created"
fi fi
ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf" ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf"
@ -225,11 +226,16 @@ in
# Wait for PostgreSQL to be ready to accept connections. # Wait for PostgreSQL to be ready to accept connections.
postStart = postStart =
'' ''
while ! su -s ${pkgs.stdenv.shell} postgres -c 'psql postgres -c ""' 2> /dev/null; do while ! ${pkgs.postgresql93}/bin/pg_isready > /dev/null; do
if ! kill -0 "$MAINPID"; then exit 1; fi if ! kill -0 "$MAINPID"; then exit 1; fi
sleep 0.1 sleep 0.1
done done
if ! [ -e ${cfg.dataDir}/postgresql-user-created ]; then
createuser --superuser postgres
touch ${cfg.dataDir}/postgresql-user-created
fi
if test -e "${cfg.dataDir}/.first_startup"; then if test -e "${cfg.dataDir}/.first_startup"; then
${optionalString (cfg.initialScript != null) '' ${optionalString (cfg.initialScript != null) ''
cat "${cfg.initialScript}" | su -s ${pkgs.stdenv.shell} postgres -c 'psql postgres' cat "${cfg.initialScript}" | su -s ${pkgs.stdenv.shell} postgres -c 'psql postgres'

40
nixos/modules/services/desktops/accountservice.nix Normal file
View File

@ -0,0 +1,40 @@
# AccountsService daemon.
{ config, pkgs, ... }:
with pkgs.lib;
{
###### interface
options = {
services.accounts-daemon = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable AccountsService, a DBus service for accessing
the list of user accounts and information attached to those accounts.
'';
};
};
};
###### implementation
config = mkIf config.services.accounts-daemon.enable {
environment.systemPackages = [ pkgs.accountservice ];
services.dbus.packages = [ pkgs.accountservice ];
systemd.packages = [ pkgs.accountservice ];
};
}

39
nixos/modules/services/desktops/gnome3/at-spi2-core.nix Normal file
View File

@ -0,0 +1,39 @@
# at-spi2-core daemon.
{ config, pkgs, ... }:
with pkgs.lib;
{
###### interface
options = {
services.gnome3.at-spi2-core = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable at-spi2-core, a service for the Assistive Technologies
available on the GNOME platform.
'';
};
};
};
###### implementation
config = mkIf config.services.gnome3.at-spi2-core.enable {
environment.systemPackages = [ pkgs.gnome3.at_spi2_core ];
services.dbus.packages = [ pkgs.gnome3.at_spi2_core ];
};
}

39
nixos/modules/services/desktops/gnome3/evolution-data-server.nix Normal file
View File

@ -0,0 +1,39 @@
# Evolution Data Server daemon.
{ config, pkgs, ... }:
with pkgs.lib;
{
###### interface
options = {
services.gnome3.evolution-data-server = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Evolution Data Server, a collection of services for
storing addressbooks and calendars.
'';
};
};
};
###### implementation
config = mkIf config.services.gnome3.evolution-data-server.enable {
environment.systemPackages = [ pkgs.evolution_data_server ];
services.dbus.packages = [ pkgs.evolution_data_server ];
};
}

38
nixos/modules/services/desktops/gnome3/sushi.nix Normal file
View File

@ -0,0 +1,38 @@
# GNOME Sushi daemon.
{ config, pkgs, ... }:
with pkgs.lib;
{
###### interface
options = {
services.gnome3.sushi = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Sushi, a quick previewer for nautilus.
'';
};
};
};
###### implementation
config = mkIf config.services.gnome3.sushi.enable {
environment.systemPackages = [ pkgs.gnome3.sushi ];
services.dbus.packages = [ pkgs.gnome3.sushi ];
};
}

39
nixos/modules/services/desktops/telepathy.nix Normal file
View File

@ -0,0 +1,39 @@
# Telepathy daemon.
{ config, pkgs, ... }:
with pkgs.lib;
{
###### interface
options = {
services.telepathy = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Telepathy service, a communications framework
that enables real-time communication via pluggable protocol backends.
'';
};
};
};
###### implementation
config = mkIf config.services.telepathy.enable {
environment.systemPackages = [ pkgs.telepathy_mission_control ];
services.dbus.packages = [ pkgs.telepathy_mission_control ];
};
}

2
nixos/modules/services/hardware/udisks.nix
View File

@ -40,8 +40,6 @@ with pkgs.lib;
''; '';
services.udev.packages = [ pkgs.udisks ]; services.udev.packages = [ pkgs.udisks ];
systemd.packages = [ pkgs.udisks ];
}; };
} }

2
nixos/modules/services/misc/nix-daemon.nix
View File

@ -253,7 +253,7 @@ in
config = { config = {
nix.chrootDirs = [ "/dev" "/dev/pts" "/proc" "/bin" ]; nix.chrootDirs = [ "/bin" ];
environment.etc."nix/nix.conf".source = nixConf; environment.etc."nix/nix.conf".source = nixConf;

314
nixos/modules/services/misc/rippled.nix Normal file
View File

@ -0,0 +1,314 @@
# configuration building is commented out until better tested.
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.rippled;
rippledStateCfgFile = "/var/lib/rippled/rippled.cfg";
rippledCfg = ''
[node_db]
type=HyperLevelDB
path=/var/lib/rippled/db/hyperldb
[debug_logfile]
/var/log/rippled/debug.log
''
+ optionalString (cfg.peerIp != null) ''
[peer_ip]
${cfg.peerIp}
[peer_port]
${toString cfg.peerPort}
''
+ cfg.extraConfig;
rippledCfgFile = pkgs.writeText "rippled.cfg" rippledCfg;
in
{
###### interface
options = {
services.rippled = {
enable = mkOption {
default = false;
description = "Whether to enable rippled";
};
#
# Rippled has a simple configuration file layout that is easy to
# build with nix. Many of the options are defined here but are
# commented out until the code to append them to the config above
# is written and they are tested.
#
# If you find a yourself implementing more options, please submit a
# pull request.
#
/*
ips = mkOption {
default = [ "r.ripple.com 51235" ];
example = [ "192.168.0.1" "192.168.0.1 3939" "r.ripple.com 51235" ];
description = ''
List of hostnames or ips where the Ripple protocol is served.
For a starter list, you can either copy entries from:
https://ripple.com/ripple.txt or if you prefer you can let it
default to r.ripple.com 51235
A port may optionally be specified after adding a space to the
address. By convention, if known, IPs are listed in from most
to least trusted.
'';
};
ipsFixed = mkOption {
default = null;
example = [ "192.168.0.1" "192.168.0.1 3939" "r.ripple.com 51235" ];
description = ''
List of IP addresses or hostnames to which rippled should always
attempt to maintain peer connections with. This is useful for
manually forming private networks, for example to configure a
validation server that connects to the Ripple network through a
public-facing server, or for building a set of cluster peers.
A port may optionally be specified after adding a space to the address
'';
};
*/
peerIp = mkOption {
default = null;
example = "0.0.0.0";
description = ''
IP address or domain to bind to allow external connections from peers.
Defaults to not binding, which disallows external connections from peers.
'';
};
peerPort = mkOption {
default = 51235;
description = ''
If peerIp is supplied, corresponding port to bind to for peer connections.
'';
};
/*
peerPortProxy = mkOption {
type = types.int;
example = 51236;
description = ''
An optional, additional listening port number for peers. Incoming
connections on this port will be required to provide a PROXY Protocol
handshake, described in this document (external link):
http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
The PROXY Protocol is a popular method used by elastic load balancing
service providers such as Amazon, to identify the true IP address and
port number of external incoming connections.
In addition to enabling this setting, it will also be required to
use your provider-specific control panel or administrative web page
to configure your server instance to receive PROXY Protocol handshakes,
and also to restrict access to your instance to the Elastic Load Balancer.
'';
};
peerPrivate = mkOption {
default = null;
example = 0;
description = ''
0: Request peers to broadcast your address. Normal outbound peer connections [default]
1: Request peers not broadcast your address. Only connect to configured peers.
'';
};
peerSslCipherList = mkOption {
default = null;
example = "ALL:!LOW:!EXP:!MD5:@STRENGTH";
description = ''
A colon delimited string with the allowed SSL cipher modes for peer. The
choices for for ciphers are defined by the OpenSSL API function
SSL_CTX_set_cipher_list, documented here (external link):
http://pic.dhe.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=%2Fcom.ibm.ztpf-ztpfdf.doc_put.cur%2Fgtpc2%2Fcpp_ssl_ctx_set_cipher_list.html
The default setting of "ALL:!LOW:!EXP:!MD5:@STRENGTH", which allows
non-authenticated peer connections (they are, however, secure).
'';
};
nodeSeed = mkOption {
default = null;
example = "RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE";
description = ''
This is used for clustering. To force a particular node seed or key, the
key can be set here. The format is the same as the validation_seed field.
To obtain a validation seed, use the rippled validation_create command.
'';
};
clusterNodes = mkOption {
default = null;
example = [ "n9KorY8QtTdRx7TVDpwnG9NvyxsDwHUKUEeDLY3AkiGncVaSXZi5" ];
description = ''
To extend full trust to other nodes, place their node public keys here.
Generally, you should only do this for nodes under common administration.
Node public keys start with an 'n'. To give a node a name for identification
place a space after the public key and then the name.
'';
};
sntpServers = mkOption {
default = null;
example = [ "time.nist.gov" "pool.ntp.org" ];
description = ''
IP address or domain of NTP servers to use for time synchronization.
'';
};
# TODO: websocket options
rpcAllowRemote = mkOption {
default = false;
description = ''
false: Allow RPC connections only from 127.0.0.1. [default]
true: Allow RPC connections from any IP.
'';
};
rpcAdminAllow = mkOption {
example = [ "10.0.0.4" ];
description = ''
List of IP addresses allowed to have admin access.
'';
};
rpcAdminUser = mkOption {
type = types.str;
description = ''
As a server, require this as the admin user to be specified. Also, require
rpc_admin_user and rpc_admin_password to be checked for RPC admin functions.
The request must specify these as the admin_user and admin_password in the
request object.
'';
};
rpcAdminPassword = mkOption {
type = types.str;
description = ''
As a server, require this as the admin pasword to be specified. Also,
require rpc_admin_user and rpc_admin_password to be checked for RPC admin
functions. The request must specify these as the admin_user and
admin_password in the request object.
'';
};
rpcIp = mkOption {
type = types.str;
description = ''
IP address or domain to bind to allow insecure RPC connections.
Defaults to not binding, which disallows RPC connections.
'';
};
rpcPort = mkOption {
type = types.int;
description = ''
If rpcIp is supplied, corresponding port to bind to for peer connections.
'';
};
rpcUser = mkOption {
type = types.str;
description = ''
Require a this user to specified and require rpcPassword to
be checked for RPC access via the rpcIp and rpcPort. The user and password
must be specified via HTTP's basic authentication method.
As a client, supply this to the server via HTTP's basic authentication
method.
'';
};
rpcPassword = mkOption {
type = types.str;
description = ''
Require a this password to specified and require rpc_user to
be checked for RPC access via the rpcIp and rpcPort. The user and password
must be specified via HTTP's basic authentication method.
As a client, supply this to the server via HTTP's basic authentication
method.
'';
};
rpcStartup = mkOption {
example = [ ''"command" : "log_level"'' ''"partition" : "ripplecalc"'' ''"severity" : "trace"'' ];
description = "List of RPC commands to run at startup.";
};
rpcSecure = mkOption {
default = false;
description = ''
false: Server certificates are not provided for RPC clients using SSL [default]
true: Client RPC connections wil be provided with SSL certificates.
Note that if rpc_secure is enabled, it will also be necessasry to configure the
certificate file settings located in rpcSslCert, rpcSslChain, and rpcSslKey
'';
};
*/
extraConfig = mkOption {
default = "";
description = ''
Extra lines to be added verbatim to the rippled.cfg configuration file.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
users.extraUsers = singleton
{ name = "rippled";
description = "Ripple server user";
uid = config.ids.uids.rippled;
home = "/var/lib/rippled";
};
systemd.services.rippled = {
path = [ pkgs.rippled ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.rippled}/bin/rippled --fg -q --conf ${rippledStateCfgFile}";
WorkingDirectory = "/var/lib/rippled";
};
};
networking.firewall.allowedTCPPorts = mkIf (cfg.peerIp != null) [ cfg.peerPort ];
system.activationScripts.rippled = ''
mkdir -p /var/{lib,log}/rippled
chown -R rippled /var/{lib,log}/rippled
ln -sf ${rippledCfgFile} ${rippledStateCfgFile}
'';
};
}

4
nixos/modules/services/networking/avahi-daemon.nix
View File

@ -142,6 +142,10 @@ in
services.dbus.enable = true; services.dbus.enable = true;
services.dbus.packages = [avahi]; services.dbus.packages = [avahi];
# Enabling Avahi without exposing it in the firewall doesn't make
# sense.
networking.firewall.allowedUDPPorts = [ 5353 ];
}; };
} }

207
nixos/modules/services/networking/cjdns.nix Normal file
View File

@ -0,0 +1,207 @@
# You may notice the commented out sections in this file,
# it would be great to configure cjdns from nix, but cjdns
# reads its configuration from stdin, including the private
# key and admin password, all nested in a JSON structure.
#
# Until a good method of storing the keys outside the nix
# store and mixing them back into a string is devised
# (without too much shell hackery), a skeleton of the
# configuration building lies commented out.
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.cjdns;
/*
# can't keep keys and passwords in the nix store,
# but don't want to deal with this stdin quagmire.
cjdrouteConf = '' {
"admin": {"bind": "${cfg.admin.bind}", "password": "\${CJDNS_ADMIN}" },
"privateKey": "\${CJDNS_KEY}",
"interfaces": {
''
+ optionalString (cfg.interfaces.udp.bind.address != null) ''
"UDPInterface": [ {
"bind": "${cfg.interfaces.udp.bind.address}:"''
${if cfg.interfaces.upd.bind.port != null
then ${toString cfg.interfaces.udp.bind.port}
else ${RANDOM}
fi)
+ '' } ]''
+ (if cfg.interfaces.eth.bind != null then ''
"ETHInterface": [ {
"bind": "${cfg.interfaces.eth.bind}",
"beacon": ${toString cfg.interfaces.eth.beacon}
} ]
'' fi )
+ ''
},
"router": { "interface": { "type": "TUNInterface" }, },
"security": [ { "setuser": "nobody" } ]
}
'';
cjdrouteConfFile = pkgs.writeText "cjdroute.conf" cjdrouteConf
*/
in
{
options = {
services.cjdns = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable this option to start a instance of the
cjdns network encryption and and routing engine.
Configuration will be read from <literal>confFile</literal>.
'';
};
confFile = mkOption {
default = "/etc/cjdroute.conf";
description = ''
Configuration file to pipe to cjdroute.
'';
};
/*
admin = {
bind = mkOption {
default = "127.0.0.1:11234";
description = ''
Bind the administration port to this address and port.
'';
};
passwordFile = mkOption {
example = "/root/cjdns.adminPassword";
description = ''
File containing a password to the administration port.
'';
};
};
keyFile = mkOption {
type = types.str;
example = "/root/cjdns.key";
description = ''
Path to a file containing a cjdns private key on a single line.
'';
};
passwordsFile = mkOption {
type = types.str;
default = null;
example = "/root/cjdns.authorizedPasswords";
description = ''
A file containing a list of json dictionaries with passwords.
For example:
{"password": "s8xf5z7znl4jt05g922n3wpk75wkypk"},
{ "name": "nice guy",
"password": "xhthk1mglz8tpjrbbvdlhyc092rhpx5"},
{"password": "3qfxyhmrht7uwzq29pmhbdm9w4bnc8w"}
'';
};
interfaces = {
udp = {
bind = {
address = mkOption {
default = "0.0.0.0";
description = ''
Address to bind UDP tunnels to; disable by setting to null;
'';
};
port = mkOption {
type = types.int;
default = null;
description = ''
Port to bind UDP tunnels to.
A port will be choosen at random if this is not set.
This option is required to act as the server end of
a tunnel.
'';
};
};
};
eth = {
bind = mkOption {
default = null;
example = "eth0";
description = ''
Bind to this device and operate with native wire format.
'';
};
beacon = mkOption {
default = 2;
description = ''
Auto-connect to other cjdns nodes on the same network.
Options:
0 -- Disabled.
1 -- Accept beacons, this will cause cjdns to accept incoming
beacon messages and try connecting to the sender.
2 -- Accept and send beacons, this will cause cjdns to broadcast
messages on the local network which contain a randomly
generated per-session password, other nodes which have this
set to 1 or 2 will hear the beacon messages and connect
automatically.
'';
};
connectTo = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Credentials for connecting look similar to UDP credientials
except they begin with the mac address, for example:
"01:02:03:04:05:06":{"password":"a","publicKey":"b"}
'';
};
};
};
*/
};
};
config = mkIf config.services.cjdns.enable {
boot.kernelModules = [ "tun" ];
/*
networking.firewall.allowedUDPPorts = mkIf (cfg.udp.bind.port != null) [
cfg.udp.bind.port
];
*/
systemd.services.cjdns = {
description = "encrypted networking for everybody";
wantedBy = [ "multi-user.target" ];
wants = [ "network.target" ];
before = [ "network.target" ];
path = [ pkgs.cjdns ];
serviceConfig = {
Type = "forking";
ExecStart = ''
${pkgs.stdenv.shell} -c "${pkgs.cjdns}/sbin/cjdroute < ${cfg.confFile}"
'';
Restart = "on-failure";
};
};
};
}

5
nixos/modules/services/networking/dhcpcd.nix
View File

@ -34,8 +34,9 @@ let
# Ignore peth* devices; on Xen, they're renamed physical # Ignore peth* devices; on Xen, they're renamed physical
# Ethernet cards used for bridging. Likewise for vif* and tap* # Ethernet cards used for bridging. Likewise for vif* and tap*
# (Xen) and virbr* and vnet* (libvirt). # (Xen) and virbr* and vnet* (libvirt) and c-* and ctmp-* (NixOS
denyinterfaces ${toString ignoredInterfaces} peth* vif* tap* tun* virbr* vnet* vboxnet* # containers).
denyinterfaces ${toString ignoredInterfaces} peth* vif* tap* tun* virbr* vnet* vboxnet* c-* ctmp-*
${config.networking.dhcpcd.extraConfig} ${config.networking.dhcpcd.extraConfig}
''; '';

8
nixos/modules/services/networking/firewall.nix
View File

@ -32,9 +32,9 @@ let
'' ''
# Helper command to manipulate both the IPv4 and IPv6 tables. # Helper command to manipulate both the IPv4 and IPv6 tables.
ip46tables() { ip46tables() {
iptables "$@" iptables -w "$@"
${optionalString config.networking.enableIPv6 '' ${optionalString config.networking.enableIPv6 ''
ip6tables "$@" ip6tables -w "$@"
''} ''}
} }
''; '';
@ -54,7 +54,7 @@ in
networking.firewall.enable = mkOption { networking.firewall.enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = true;
description = description =
'' ''
Whether to enable the firewall. This is a simple stateful Whether to enable the firewall. This is a simple stateful
@ -386,7 +386,7 @@ in
# Optionally respond to ICMPv4 pings. # Optionally respond to ICMPv4 pings.
${optionalString cfg.allowPing '' ${optionalString cfg.allowPing ''
iptables -A nixos-fw -p icmp --icmp-type echo-request ${optionalString (cfg.pingLimit != null) iptables -w -A nixos-fw -p icmp --icmp-type echo-request ${optionalString (cfg.pingLimit != null)
"-m limit ${cfg.pingLimit} " "-m limit ${cfg.pingLimit} "
}-j nixos-fw-accept }-j nixos-fw-accept
''} ''}

253
nixos/modules/services/networking/murmur.nix Normal file
View File

@ -0,0 +1,253 @@
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.murmur;
configFile = pkgs.writeText "murmurd.ini" ''
database=/var/lib/murmur/murmur.sqlite
dbDriver=QSQLITE
autobanAttempts=${toString cfg.autobanAttempts}
autobanTimeframe=${toString cfg.autobanTimeframe}
autobanTime=${toString cfg.autobanTime}
logfile=/var/log/murmur/murmurd.log
pidfile=${cfg.pidfile}
welcome="${cfg.welcome}"
port=${toString cfg.port}
${if cfg.hostName == "" then "" else "host="+cfg.hostName}
${if cfg.password == "" then "" else "serverpassword="+cfg.password}
bandwidth=${toString cfg.bandwidth}
users=${toString cfg.users}
textmessagelength=${toString cfg.textMsgLength}
imagemessagelength=${toString cfg.imgMsgLength}
allowhtml=${if cfg.allowHtml then "true" else "false"}
logdays=${toString cfg.logDays}
bonjour=${if cfg.bonjour then "true" else "false"}
sendversion=${if cfg.sendVersion then "true" else "false"}
${if cfg.registerName == "" then "" else "registerName="+cfg.registerName}
${if cfg.registerPassword == "" then "" else "registerPassword="+cfg.registerPassword}
${if cfg.registerUrl == "" then "" else "registerUrl="+cfg.registerUrl}
${if cfg.registerHostname == "" then "" else "registerHostname="+cfg.registerHostname}
certrequired=${if cfg.clientCertRequired then "true" else "false"}
${if cfg.sslCert == "" then "" else "sslCert="+cfg.sslCert}
${if cfg.sslKey == "" then "" else "sslKey="+cfg.sslKey}
'';
in
{
options = {
services.murmur = {
enable = mkOption {
type = types.bool;
default = false;
description = "If enabled, start the Murmur Service.";
};
autobanAttempts = mkOption {
type = types.int;
default = 10;
description = ''
Number of attempts a client is allowed to make in
<literal>autobanTimeframe</literal> seconds, before being
banned for <literal>autobanTime</literal>.
'';
};
autobanTimeframe = mkOption {
type = types.int;
default = 120;
description = ''
Timeframe in which a client can connect without being banned
for repeated attempts (in seconds).
'';
};
autobanTime = mkOption {
type = types.int;
default = 300;
description = "The amount of time an IP ban lasts (in seconds).";
};
pidfile = mkOption {
type = types.path;
default = "/tmp/murmurd.pid";
description = "Path to PID file for Murmur daemon.";
};
welcome = mkOption {
type = types.str;
default = "";
description = "Welcome message for connected clients.";
};
port = mkOption {
type = types.int;
default = 64738;
description = "Ports to bind to (UDP and TCP).";
};
hostName = mkOption {
type = types.str;
default = "";
description = "Host to bind to. Defaults binding on all addresses.";
};
password = mkOption {
type = types.str;
default = "";
description = "Required password to join server, if specified.";
};
bandwidth = mkOption {
type = types.int;
default = 72000;
description = ''
Maximum bandwidth (in bits per second) that clients may send
speech at.
'';
};
users = mkOption {
type = types.int;
default = 100;
description = "Maximum number of concurrent clients allowed.";
};
textMsgLength = mkOption {
type = types.int;
default = 5000;
description = "Max length of text messages. Set 0 for no limit.";
};
imgMsgLength = mkOption {
type = types.int;
default = 131072;
description = "Max length of image messages. Set 0 for no limit.";
};
allowHtml = mkOption {
type = types.bool;
default = true;
description = ''
Allow HTML in client messages, comments, and channel
descriptions.
'';
};
logDays = mkOption {
type = types.int;
default = 31;
description = ''
How long to store RPC logs for in the database. Set 0 to
keep logs forever, or -1 to disable DB logging.
'';
};
bonjour = mkOption {
type = types.bool;
default = false;
description = ''
Enable Bonjour auto-discovery, which allows clients over
your LAN to automatically discover Murmur servers.
'';
};
sendVersion = mkOption {
type = types.bool;
default = true;
description = "Send Murmur version in UDP response.";
};
registerName = mkOption {
type = types.str;
default = "";
description = ''
Public server registration name, and also the name of the
Root channel. Even if you don't publicly register your
server, you probably still want to set this.
'';
};
registerPassword = mkOption {
type = types.str;
default = "";
description = ''
Public server registry password, used authenticate your
server to the registry to prevent impersonation; required for
subsequent registry updates.
'';
};
registerUrl = mkOption {
type = types.str;
default = "";
description = "URL website for your server.";
};
registerHostname = mkOption {
type = types.str;
default = "";
description = ''
DNS hostname where your server can be reached. This is only
needed if you want your server to be accessed by its
hostname and not IP - but the name *must* resolve on the
internet properly.
'';
};
clientCertRequired = mkOption {
type = types.bool;
default = false;
description = "Require clients to authenticate via certificates.";
};
sslCert = mkOption {
type = types.str;
default = "";
description = "Path to your SSL certificate.";
};
sslKey = mkOption {
type = types.str;
default = "";
description = "Path to your SSL key.";
};
};
};
config = mkIf cfg.enable {
users.extraUsers.murmur = {
description = "Murmur Service user";
home = "/var/lib/murmur";
createHome = true;
uid = config.ids.uids.murmur;
};
systemd.services.murmur = {
description = "Murmur Chat Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target "];
serviceConfig = {
Type = "forking";
PIDFile = cfg.pidfile;
Restart = "always";
User = "murmur";
ExecStart = "${pkgs.murmur}/bin/murmurd -ini ${configFile}";
PermissionsStartOnly = true;
};
preStart = ''
mkdir -p /var/log/murmur
chown -R murmur /var/log/murmur
'';
};
};
}

59
nixos/modules/services/networking/nat.nix
View File

@ -10,6 +10,8 @@ let
cfg = config.networking.nat; cfg = config.networking.nat;
dest = if cfg.externalIP == null then "-j MASQUERADE" else "-j SNAT --to-source ${cfg.externalIP}";
in in
{ {
@ -27,14 +29,27 @@ in
''; '';
}; };
networking.nat.internalInterfaces = mkOption {
type = types.listOf types.str;
default = [];
example = [ "eth0" ];
description =
''
The interfaces for which to perform NAT. Packets coming from
these interface and destined for the external interface will
be rewritten.
'';
};
networking.nat.internalIPs = mkOption { networking.nat.internalIPs = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [];
example = [ "192.168.1.0/24" ]; example = [ "192.168.1.0/24" ];
description = description =
'' ''
The IP address ranges for which to perform NAT. Packets The IP address ranges for which to perform NAT. Packets
coming from these networks and destined for the external coming from these addresses (on any interface) and destined
interface will be rewritten. for the external interface will be rewritten.
''; '';
}; };
@ -80,25 +95,37 @@ in
preStart = preStart =
'' ''
iptables -t nat -F POSTROUTING iptables -w -t nat -F PREROUTING
iptables -t nat -X iptables -w -t nat -F POSTROUTING
'' iptables -w -t nat -X
+ (concatMapStrings (network:
'' # We can't match on incoming interface in POSTROUTING, so
iptables -t nat -A POSTROUTING \ # mark packets coming from the external interfaces.
-s ${network} -o ${cfg.externalInterface} \ ${concatMapStrings (iface: ''
${if cfg.externalIP == null iptables -w -t nat -A PREROUTING \
then "-j MASQUERADE" -i '${iface}' -j MARK --set-mark 1
else "-j SNAT --to-source ${cfg.externalIP}"} '') cfg.internalInterfaces}
''
) cfg.internalIPs) + # NAT the marked packets.
'' ${optionalString (cfg.internalInterfaces != []) ''
iptables -w -t nat -A POSTROUTING -m mark --mark 1 \
-o ${cfg.externalInterface} ${dest}
''}
# NAT packets coming from the internal IPs.
${concatMapStrings (range: ''
iptables -w -t nat -A POSTROUTING \
-s '${range}' -o ${cfg.externalInterface} ${dest}
'') cfg.internalIPs}
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
''; '';
postStop = postStop =
'' ''
iptables -t nat -F POSTROUTING iptables -w -t nat -F PREROUTING
iptables -w -t nat -F POSTROUTING
iptables -w -t nat -X
''; '';
}; };
}; };

2
nixos/modules/services/networking/ntpd.nix
View File

@ -36,7 +36,7 @@ in
services.ntp = { services.ntp = {
enable = mkOption { enable = mkOption {
default = true; default = !config.boot.isContainer;
description = '' description = ''
Whether to synchronise your machine's time using the NTP Whether to synchronise your machine's time using the NTP
protocol. protocol.

6
nixos/modules/services/security/fprot.nix
View File

@ -18,7 +18,6 @@ in {
}; };
productData = mkOption { productData = mkOption {
default = "${pkgs.fprot}/opt/f-prot/product.data";
description = '' description = ''
product.data file. Defaults to the one supplied with installation package. product.data file. Defaults to the one supplied with installation package.
''; '';
@ -32,7 +31,6 @@ in {
}; };
licenseKeyfile = mkOption { licenseKeyfile = mkOption {
default = "${pkgs.fprot}/opt/f-prot/license.key";
description = '' description = ''
License keyfile. Defaults to the one supplied with installation package. License keyfile. Defaults to the one supplied with installation package.
''; '';
@ -45,6 +43,10 @@ in {
###### implementation ###### implementation
config = mkIf cfg.updater.enable { config = mkIf cfg.updater.enable {
services.fprot.updater.productData = mkDefault "${pkgs.fprot}/opt/f-prot/product.data";
services.fprot.updater.licenseKeyfile = mkDefault "${pkgs.fprot}/opt/f-prot/license.key";
environment.systemPackages = [ pkgs.fprot ]; environment.systemPackages = [ pkgs.fprot ];
environment.etc = singleton { environment.etc = singleton {
source = "${pkgs.fprot}/opt/f-prot/f-prot.conf"; source = "${pkgs.fprot}/opt/f-prot/f-prot.conf";

2
nixos/modules/services/web-servers/apache-httpd/default.nix
View File

@ -621,7 +621,7 @@ in
{ description = "Apache HTTPD"; { description = "Apache HTTPD";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "keys.target" ]; wants = [ "keys.target" ];
after = [ "network.target" "fs.target" "postgresql.service" "keys.target" ]; after = [ "network.target" "fs.target" "postgresql.service" "keys.target" ];
path = path =

9
nixos/modules/services/web-servers/phpfpm.nix
View File

@ -35,6 +35,13 @@ in {
''; '';
}; };
phpPackage = mkOption {
default = pkgs.php54;
description = ''
The PHP package to use for running the FPM service.
'';
};
poolConfigs = mkOption { poolConfigs = mkOption {
type = types.attrsOf types.lines; type = types.attrsOf types.lines;
default = {}; default = {};
@ -68,7 +75,7 @@ in {
mkdir -p "${stateDir}" mkdir -p "${stateDir}"
''; '';
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.php54}/sbin/php-fpm -y ${cfgFile}"; ExecStart = "${cfg.phpPackage}/sbin/php-fpm -y ${cfgFile}";
PIDFile = pidFile; PIDFile = pidFile;
}; };
}; };

53
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -15,6 +15,13 @@ in {
description = "Enable Gnome 3 desktop manager."; description = "Enable Gnome 3 desktop manager.";
}; };
environment.gnome3.excludePackages = mkOption {
default = [];
example = "[ pkgs.gnome3.totem ]";
type = types.listOf types.package;
description = "Which packages gnome should exclude from the default environment";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -22,6 +29,11 @@ in {
# Enable helpful DBus services. # Enable helpful DBus services.
security.polkit.enable = true; security.polkit.enable = true;
services.udisks2.enable = true; services.udisks2.enable = true;
services.accounts-daemon.enable = true;
services.gnome3.at-spi2-core.enable = true;
services.gnome3.evolution-data-server.enable = true;
services.gnome3.sushi.enable = true;
services.telepathy.enable = true;
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
services.upower.enable = config.powerManagement.enable; services.upower.enable = config.powerManagement.enable;
@ -46,24 +58,35 @@ in {
environment.variables.GIO_EXTRA_MODULES = [ "${gnome3.dconf}/lib/gio/modules" environment.variables.GIO_EXTRA_MODULES = [ "${gnome3.dconf}/lib/gio/modules"
"${pkgs.glib_networking}/lib/gio/modules" ]; "${pkgs.glib_networking}/lib/gio/modules" ];
environment.systemPackages = environment.systemPackages =
[ gnome3.evince [ gnome3.dconf
gnome3.eog
gnome3.dconf
gnome3.vino
gnome3.epiphany
gnome3.baobab
gnome3.gucharmap
gnome3.nautilus
gnome3.yelp
pkgs.glib_networking pkgs.glib_networking
pkgs.ibus pkgs.ibus
gnome3.gnome_shell gnome3.gnome-backgrounds
gnome3.gnome_settings_daemon
gnome3.gnome_terminal
gnome3.gnome_icon_theme
gnome3.gnome_themes_standard
gnome3.gnome_control_center gnome3.gnome_control_center
]; gnome3.gnome_icon_theme
gnome3.gnome_settings_daemon
gnome3.gnome_shell
gnome3.gnome_themes_standard
] ++ (lists.difference [
gnome3.baobab
gnome3.eog
gnome3.epiphany
gnome3.evince
gnome3.gucharmap
gnome3.nautilus
gnome3.totem
gnome3.vino
gnome3.yelp
gnome3.gnome-calculator
gnome3.gnome-contacts
gnome3.gnome-font-viewer
gnome3.gnome-screenshot
gnome3.gnome-system-log
gnome3.gnome-system-monitor
gnome3.gnome_terminal
gnome3.file-roller
] config.environment.gnome3.excludePackages);
}; };

12
nixos/modules/system/activation/switch-to-configuration.pl
View File

@ -26,7 +26,10 @@ EOF
exit 1; exit 1;
} }
die "This is not a NixOS installation (/etc/NIXOS is missing)!\n" unless -f "/etc/NIXOS"; # This is a NixOS installation if it has /etc/NIXOS or a proper
# /etc/os-release.
die "This is not a NixOS installation!\n" unless
-f "/etc/NIXOS" || (read_file("/etc/os-release", err_mode => 'quiet') // "") =~ /ID=nixos/s;
openlog("nixos", "", LOG_USER); openlog("nixos", "", LOG_USER);
@ -173,7 +176,10 @@ while (my ($unit, $state) = each %{$activePrev}) {
# FIXME: do something? # FIXME: do something?
} else { } else {
my $unitInfo = parseUnit($newUnitFile); my $unitInfo = parseUnit($newUnitFile);
if (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes")) { if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) {
write_file($reloadListFile, { append => 1 }, "$unit\n");
}
elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes")) {
push @unitsToSkip, $unit; push @unitsToSkip, $unit;
} else { } else {
# If this unit is socket-activated, then stop the # If this unit is socket-activated, then stop the
@ -321,7 +327,7 @@ if (scalar @restart > 0) {
# that are symlinks to other units. We shouldn't start both at the # that are symlinks to other units. We shouldn't start both at the
# same time because we'll get a "Failed to add path to set" error from # same time because we'll get a "Failed to add path to set" error from
# systemd. # systemd.
my @start = unique("default.target", "timers.target", split('\n', read_file($startListFile, err_mode => 'quiet') // "")); my @start = unique("default.target", "timers.target", "sockets.target", split('\n', read_file($startListFile, err_mode => 'quiet') // ""));
print STDERR "starting the following units: ", join(", ", sort(@start)), "\n"; print STDERR "starting the following units: ", join(", ", sort(@start)), "\n";
system("@systemd@/bin/systemctl", "start", "--", @start) == 0 or $res = 4; system("@systemd@/bin/systemctl", "start", "--", @start) == 0 or $res = 4;
unlink($startListFile); unlink($startListFile);

11
nixos/modules/system/boot/systemd-unit-options.nix
View File

@ -243,6 +243,17 @@ in rec {
''; '';
}; };
reloadIfChanged = mkOption {
type = types.bool;
default = false;
description = ''
Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed. If
enabled, the value of <option>restartIfChanged</option> is
ignored.
'';
};
stopIfChanged = mkOption { stopIfChanged = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;

6
nixos/modules/system/boot/systemd.nix
View File

@ -279,7 +279,11 @@ let
[Service] [Service]
${let env = cfg.globalEnvironment // def.environment; ${let env = cfg.globalEnvironment // def.environment;
in concatMapStrings (n: "Environment=\"${n}=${getAttr n env}\"\n") (attrNames env)} in concatMapStrings (n: "Environment=\"${n}=${getAttr n env}\"\n") (attrNames env)}
${optionalString (!def.restartIfChanged) "X-RestartIfChanged=false"} ${if def.reloadIfChanged then ''
X-ReloadIfChanged=true
'' else if !def.restartIfChanged then ''
X-RestartIfChanged=false
'' else ""}
${optionalString (!def.stopIfChanged) "X-StopIfChanged=false"} ${optionalString (!def.stopIfChanged) "X-StopIfChanged=false"}
${attrsToSection def.serviceConfig} ${attrsToSection def.serviceConfig}
''; '';

103
nixos/modules/virtualisation/container-config.nix Normal file
View File

@ -0,0 +1,103 @@
{ config, pkgs, lib, ... }:
with lib;
{
config = mkIf config.boot.isContainer {
# Provide a login prompt on /var/lib/login.socket. On the host,
# you can connect to it by running socat
# unix:<path-to-container>/var/lib/login.socket -,echo=0,raw.
systemd.sockets.login =
{ description = "Login Socket";
wantedBy = [ "sockets.target" ];
socketConfig =
{ ListenStream = "/var/lib/login.socket";
SocketMode = "0666";
Accept = true;
};
};
systemd.services."login@" =
{ description = "Login %i";
environment.TERM = "linux";
serviceConfig =
{ Type = "simple";
StandardInput = "socket";
ExecStart = "${pkgs.socat}/bin/socat -t0 - exec:${pkgs.shadow}/bin/login,pty,setsid,setpgid,stderr,ctty";
TimeoutStopSec = 1; # FIXME
};
};
# Also provide a root login prompt on /var/lib/root-login.socket
# that doesn't ask for a password. This socket can only be used by
# root on the host.
systemd.sockets.root-login =
{ description = "Root Login Socket";
wantedBy = [ "sockets.target" ];
socketConfig =
{ ListenStream = "/var/lib/root-login.socket";
SocketMode = "0600";
Accept = true;
};
};
systemd.services."root-login@" =
{ description = "Root Login %i";
environment.TERM = "linux";
serviceConfig =
{ Type = "simple";
StandardInput = "socket";
ExecStart = "${pkgs.socat}/bin/socat -t0 - \"exec:${pkgs.shadow}/bin/login -f root,pty,setsid,setpgid,stderr,ctty\"";
TimeoutStopSec = 1; # FIXME
};
};
# Provide a daemon on /var/lib/run-command.socket that reads a
# command from stdin and executes it.
systemd.sockets.run-command =
{ description = "Run Command Socket";
wantedBy = [ "sockets.target" ];
socketConfig =
{ ListenStream = "/var/lib/run-command.socket";
SocketMode = "0600"; # only root can connect
Accept = true;
};
};
systemd.services."run-command@" =
{ description = "Run Command %i";
environment.TERM = "linux";
serviceConfig =
{ Type = "simple";
StandardInput = "socket";
TimeoutStopSec = 1; # FIXME
};
script =
''
#! ${pkgs.stdenv.shell} -e
source /etc/bashrc
read c
eval "command=($c)"
exec "''${command[@]}"
'';
};
systemd.services.container-startup-done =
{ description = "Container Startup Notification";
wantedBy = [ "multi-user.target" ];
after = [ "multi-user.target" ];
script =
''
if [ -p /var/lib/startup-done ]; then
echo done > /var/lib/startup-done
fi
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
};
};
}

216
nixos/modules/virtualisation/containers.nix
View File

@ -2,6 +2,29 @@
with pkgs.lib; with pkgs.lib;
let
runInNetns = pkgs.stdenv.mkDerivation {
name = "run-in-netns";
unpackPhase = "true";
buildPhase = ''
mkdir -p $out/bin
gcc ${./run-in-netns.c} -o $out/bin/run-in-netns
'';
installPhase = "true";
};
nixos-container = pkgs.substituteAll {
name = "nixos-container";
dir = "bin";
isExecutable = true;
src = ./nixos-container.pl;
perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl";
inherit (pkgs) socat;
};
in
{ {
options = { options = {
@ -14,19 +37,12 @@ with pkgs.lib;
''; '';
}; };
systemd.containers = mkOption { containers = mkOption {
type = types.attrsOf (types.submodule ( type = types.attrsOf (types.submodule (
{ config, options, name, ... }: { config, options, name, ... }:
{ {
options = { options = {
root = mkOption {
type = types.path;
description = ''
The root directory of the container.
'';
};
config = mkOption { config = mkOption {
description = '' description = ''
A specification of the desired configuration of this A specification of the desired configuration of this
@ -45,21 +61,53 @@ with pkgs.lib;
''; '';
}; };
privateNetwork = mkOption {
type = types.bool;
default = false;
description = ''
Whether to give the container its own private virtual
Ethernet interface. The interface is called
<literal>eth0</literal>, and is hooked up to the interface
<literal>c-<replaceable>container-name</replaceable></literal>
on the host. If this option is not set, then the
container shares the network interfaces of the host,
and can bind to any port on any interface.
'';
};
hostAddress = mkOption {
type = types.nullOr types.string;
default = null;
example = "10.231.136.1";
description = ''
The IPv4 address assigned to the host interface.
'';
};
localAddress = mkOption {
type = types.nullOr types.string;
default = null;
example = "10.231.136.2";
description = ''
The IPv4 address assigned to <literal>eth0</literal>
in the container.
'';
};
}; };
config = mkMerge config = mkMerge
[ { root = mkDefault "/var/lib/containers/${name}"; [ (mkIf options.config.isDefined {
}
(mkIf options.config.isDefined {
path = (import ../../lib/eval-config.nix { path = (import ../../lib/eval-config.nix {
modules = modules =
let extraConfig = let extraConfig =
{ boot.isContainer = true; { boot.isContainer = true;
security.initialRootPassword = mkDefault "!"; security.initialRootPassword = mkDefault "!";
networking.hostName = mkDefault name; networking.hostName = mkDefault name;
networking.useDHCP = false;
}; };
in [ extraConfig config.config ]; in [ extraConfig config.config ];
prefix = [ "systemd" "containers" name ]; prefix = [ "containers" name ];
}).config.system.build.toplevel; }).config.system.build.toplevel;
}) })
]; ];
@ -69,12 +117,10 @@ with pkgs.lib;
example = literalExample example = literalExample
'' ''
{ webserver = { webserver =
{ root = "/containers/webserver"; { path = "/nix/var/nix/profiles/webserver";
path = "/nix/var/nix/profiles/webserver";
}; };
database = database =
{ root = "/containers/database"; { config =
config =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ services.postgresql.enable = true; { services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql92; services.postgresql.package = pkgs.postgresql92;
@ -94,29 +140,96 @@ with pkgs.lib;
}; };
config = { config = mkIf (!config.boot.isContainer) {
systemd.services = mapAttrs' (name: container: nameValuePair "container-${name}" systemd.services."container@" =
{ description = "Container '${name}'"; { description = "Container '%i'";
wantedBy = [ "multi-user.target" ]; unitConfig.RequiresMountsFor = [ "/var/lib/containers/%i" ];
unitConfig.RequiresMountsFor = [ container.root ]; path = [ pkgs.iproute ];
environment.INSTANCE = "%i";
environment.root = "/var/lib/containers/%i";
preStart = preStart =
'' ''
mkdir -p -m 0755 ${container.root}/etc mkdir -p -m 0755 $root/var/lib
if ! [ -e ${container.root}/etc/os-release ]; then
touch ${container.root}/etc/os-release # Create a named pipe to get a signal when the container
fi # has finished booting.
rm -f $root/var/lib/startup-done
mkfifo -m 0600 $root/var/lib/startup-done
''; '';
serviceConfig.ExecStart = script =
"${config.systemd.package}/bin/systemd-nspawn -M ${name} -D ${container.root} --bind-ro=/nix ${container.path}/init"; ''
mkdir -p -m 0755 "$root/etc" "$root/var/lib"
if ! [ -e "$root/etc/os-release" ]; then
touch "$root/etc/os-release"
fi
mkdir -p -m 0755 \
"/nix/var/nix/profiles/per-container/$INSTANCE" \
"/nix/var/nix/gcroots/per-container/$INSTANCE"
SYSTEM_PATH=/nix/var/nix/profiles/system
if [ -f "/etc/containers/$INSTANCE.conf" ]; then
. "/etc/containers/$INSTANCE.conf"
fi
# Cleanup from last time.
ifaceHost=c-$INSTANCE
ifaceCont=ctmp-$INSTANCE
ns=net-$INSTANCE
ip netns del $ns 2> /dev/null || true
ip link del $ifaceHost 2> /dev/null || true
ip link del $ifaceCont 2> /dev/null || true
if [ "$PRIVATE_NETWORK" = 1 ]; then
# Create a pair of virtual ethernet devices. On the host,
# we get c-<container-name, and on the guest, we get
# eth0.
ip link add $ifaceHost type veth peer name $ifaceCont
ip netns add $ns
ip link set $ifaceCont netns $ns
ip netns exec $ns ip link set $ifaceCont name eth0
ip netns exec $ns ip link set dev eth0 up
ip link set dev $ifaceHost up
if [ -n "$HOST_ADDRESS" ]; then
ip addr add $HOST_ADDRESS dev $ifaceHost
ip netns exec $ns ip route add $HOST_ADDRESS dev eth0
ip netns exec $ns ip route add default via $HOST_ADDRESS
fi
if [ -n "$LOCAL_ADDRESS" ]; then
ip netns exec $ns ip addr add $LOCAL_ADDRESS dev eth0
ip route add $LOCAL_ADDRESS dev $ifaceHost
fi
runInNetNs="${runInNetns}/bin/run-in-netns $ns"
extraFlags="--capability=CAP_NET_ADMIN"
fi
exec $runInNetNs ${config.systemd.package}/bin/systemd-nspawn \
-M "$INSTANCE" -D "/var/lib/containers/$INSTANCE" $extraFlags \
--bind-ro=/nix/store \
--bind-ro=/nix/var/nix/db \
--bind-ro=/nix/var/nix/daemon-socket \
--bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
--bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
"$SYSTEM_PATH/init"
'';
postStart =
''
# This blocks until the container-startup-done service
# writes something to this pipe. FIXME: it also hangs
# until the start timeout expires if systemd-nspawn exits.
read x < $root/var/lib/startup-done
'';
preStop = preStop =
'' ''
pid="$(cat /sys/fs/cgroup/systemd/machine/${name}.nspawn/system/tasks 2> /dev/null)" pid="$(cat /sys/fs/cgroup/systemd/machine/$INSTANCE.nspawn/system/tasks 2> /dev/null)"
if [ -n "$pid" ]; then if [ -n "$pid" ]; then
# Send the RTMIN+3 signal, which causes the container # Send the RTMIN+3 signal, which causes the container
# systemd to start halt.target. # systemd to start halt.target.
@ -131,7 +244,52 @@ with pkgs.lib;
done done
fi fi
''; '';
}) config.systemd.containers;
restartIfChanged = false;
#reloadIfChanged = true; # FIXME
serviceConfig.ExecReload = pkgs.writeScript "reload-container"
''
#! ${pkgs.stdenv.shell} -e
SYSTEM_PATH=/nix/var/nix/profiles/system
if [ -f "/etc/containers/$INSTANCE.conf" ]; then
. "/etc/containers/$INSTANCE.conf"
fi
echo $SYSTEM_PATH/bin/switch-to-configuration test | \
${pkgs.socat}/bin/socat unix:$root/var/lib/run-command.socket -
'';
serviceConfig.SyslogIdentifier = "container %i";
};
# Generate a configuration file in /etc/containers for each
# container so that container@.target can get the container
# configuration.
environment.etc = mapAttrs' (name: cfg: nameValuePair "containers/${name}.conf"
{ text =
''
SYSTEM_PATH=${cfg.path}
${optionalString cfg.privateNetwork ''
PRIVATE_NETWORK=1
${optionalString (cfg.hostAddress != null) ''
HOST_ADDRESS=${cfg.hostAddress}
''}
${optionalString (cfg.localAddress != null) ''
LOCAL_ADDRESS=${cfg.localAddress}
''}
''}
'';
}) config.containers;
# FIXME: auto-start containers.
# Generate /etc/hosts entries for the containers.
networking.extraHosts = concatStrings (mapAttrsToList (name: cfg: optionalString (cfg.localAddress != null)
''
${cfg.localAddress} ${name}.containers
'') config.containers);
environment.systemPackages = [ nixos-container ];
}; };
} }

3
nixos/modules/virtualisation/libvirtd.nix
View File

@ -24,6 +24,7 @@ in
virtualisation.libvirtd.enable = virtualisation.libvirtd.enable =
mkOption { mkOption {
type = types.bool;
default = false; default = false;
description = description =
'' ''
@ -36,6 +37,7 @@ in
virtualisation.libvirtd.enableKVM = virtualisation.libvirtd.enableKVM =
mkOption { mkOption {
type = types.bool;
default = true; default = true;
description = description =
'' ''
@ -45,6 +47,7 @@ in
virtualisation.libvirtd.extraConfig = virtualisation.libvirtd.extraConfig =
mkOption { mkOption {
type = types.lines;
default = ""; default = "";
description = description =
'' ''

238
nixos/modules/virtualisation/nixos-container.pl Normal file
View File

@ -0,0 +1,238 @@
#! @perl@
use strict;
use POSIX;
use File::Path;
use File::Slurp;
use Fcntl ':flock';
use Getopt::Long qw(:config gnu_getopt);
my $socat = '@socat@/bin/socat';
# Parse the command line.
sub showHelp {
print <<EOF;
Usage: nixos-container list
nixos-container create <container-name> [--config <string>] [--ensure-unique-name]
nixos-container destroy <container-name>
nixos-container start <container-name>
nixos-container stop <container-name>
nixos-container login <container-name>
nixos-container root-login <container-name>
nixos-container run <container-name> -- args...
nixos-container set-root-password <container-name> <password>
nixos-container show-ip <container-name>
EOF
exit 0;
}
my $ensureUniqueName = 0;
my $extraConfig = "";
GetOptions(
"help" => sub { showHelp() },
"ensure-unique-name" => \$ensureUniqueName,
"config=s" => \$extraConfig
) or exit 1;
my $action = $ARGV[0] or die "$0: no action specified\n";
# Execute the selected action.
mkpath("/etc/containers", 0, 0755);
mkpath("/var/lib/containers", 0, 0700);
if ($action eq "list") {
foreach my $confFile (glob "/etc/containers/*.conf") {
$confFile =~ /\/([^\/]+).conf$/ or next;
print "$1\n";
}
exit 0;
}
my $containerName = $ARGV[1] or die "$0: no container name specified\n";
$containerName =~ /^[a-zA-Z0-9\-]+$/ or die "$0: invalid container name\n";
sub writeNixOSConfig {
my ($nixosConfigFile) = @_;
my $nixosConfig = <<EOF;
{ config, pkgs, ... }:
with pkgs.lib;
{ boot.isContainer = true;
security.initialRootPassword = mkDefault "!";
networking.hostName = mkDefault "$containerName";
networking.useDHCP = false;
$extraConfig
}
EOF
write_file($nixosConfigFile, $nixosConfig);
}
if ($action eq "create") {
# Acquire an exclusive lock to prevent races with other
# invocations of nixos-container create.
my $lockFN = "/run/lock/nixos-container";
open(my $lock, '>>', $lockFN) or die "$0: opening $lockFN: $!";
flock($lock, LOCK_EX) or die "$0: could not lock $lockFN: $!";
my $confFile = "/etc/containers/$containerName.conf";
my $root = "/var/lib/containers/$containerName";
# Maybe generate a unique name.
if ($ensureUniqueName) {
my $base = $containerName;
for (my $nr = 0; ; $nr++) {
$containerName = "$base-$nr";
$confFile = "/etc/containers/$containerName.conf";
$root = "/var/lib/containers/$containerName";
last unless -e $confFile || -e $root;
}
}
die "$0: container $containerName already exists\n" if -e $confFile;
# Get an unused IP address.
my %usedIPs;
foreach my $confFile2 (glob "/etc/containers/*.conf") {
my $s = read_file($confFile2) or die;
$usedIPs{$1} = 1 if $s =~ /^HOST_ADDRESS=([0-9\.]+)$/m;
$usedIPs{$1} = 1 if $s =~ /^LOCAL_ADDRESS=([0-9\.]+)$/m;
}
my ($ipPrefix, $hostAddress, $localAddress);
for (my $nr = 1; $nr < 255; $nr++) {
$ipPrefix = "10.233.$nr";
$hostAddress = "$ipPrefix.1";
$localAddress = "$ipPrefix.2";
last unless $usedIPs{$hostAddress} || $usedIPs{$localAddress};
$ipPrefix = undef;
}
die "$0: out of IP addresses\n" unless defined $ipPrefix;
my @conf;
push @conf, "PRIVATE_NETWORK=1\n";
push @conf, "HOST_ADDRESS=$hostAddress\n";
push @conf, "LOCAL_ADDRESS=$localAddress\n";
write_file($confFile, \@conf);
close($lock);
print STDERR "host IP is $hostAddress, container IP is $localAddress\n";
mkpath("$root/etc/nixos", 0, 0755);
my $nixosConfigFile = "$root/etc/nixos/configuration.nix";
writeNixOSConfig $nixosConfigFile;
# The per-container directory is restricted to prevent users on
# the host from messing with guest users who happen to have the
# same uid.
my $profileDir = "/nix/var/nix/profiles/per-container";
mkpath($profileDir, 0, 0700);
$profileDir = "$profileDir/$containerName";
mkpath($profileDir, 0, 0755);
system("nix-env", "-p", "$profileDir/system",
"-I", "nixos-config=$nixosConfigFile", "-f", "<nixpkgs/nixos>",
"--set", "-A", "system") == 0
or die "$0: failed to build initial container configuration\n";
print "$containerName\n" if $ensureUniqueName;
exit 0;
}
my $root = "/var/lib/containers/$containerName";
my $profileDir = "/nix/var/nix/profiles/per-container/$containerName";
my $confFile = "/etc/containers/$containerName.conf";
die "$0: container $containerName does not exist\n" if !-e $confFile;
sub isContainerRunning {
my $status = `systemctl show 'container\@$containerName'`;
return $status =~ /ActiveState=active/;
}
sub stopContainer {
system("systemctl", "stop", "container\@$containerName") == 0
or die "$0: failed to stop container\n";
}
if ($action eq "destroy") {
die "$0: cannot destroy declarative container (remove it from your configuration.nix instead)\n"
unless POSIX::access($confFile, &POSIX::W_OK);
stopContainer if isContainerRunning;
rmtree($profileDir) if -e $profileDir;
rmtree($root) if -e $root;
unlink($confFile) or die;
}
elsif ($action eq "start") {
system("systemctl", "start", "container\@$containerName") == 0
or die "$0: failed to start container\n";
}
elsif ($action eq "stop") {
stopContainer;
}
elsif ($action eq "update") {
my $nixosConfigFile = "$root/etc/nixos/configuration.nix";
# FIXME: may want to be more careful about clobbering the existing
# configuration.nix.
writeNixOSConfig $nixosConfigFile if defined $extraConfig;
system("nix-env", "-p", "$profileDir/system",
"-I", "nixos-config=$nixosConfigFile", "-f", "<nixpkgs/nixos>",
"--set", "-A", "system") == 0
or die "$0: failed to build container configuration\n";
if (isContainerRunning) {
print STDERR "reloading container...\n";
system("systemctl", "reload", "container\@$containerName") == 0
or die "$0: failed to reload container\n";
}
}
elsif ($action eq "login") {
exec($socat, "unix:$root/var/lib/login.socket", "-,echo=0,raw");
}
elsif ($action eq "root-login") {
exec($socat, "unix:$root/var/lib/root-login.socket", "-,echo=0,raw");
}
elsif ($action eq "run") {
shift @ARGV; shift @ARGV;
open(SOCAT, "|-", $socat, "unix:$root/var/lib/run-command.socket", "-");
print SOCAT join(' ', map { "'$_'" } @ARGV), "\n";
close(SOCAT);
}
elsif ($action eq "set-root-password") {
# FIXME: don't get password from the command line.
my $password = $ARGV[2] or die "$0: no password given\n";
open(SOCAT, "|-", $socat, "unix:$root/var/lib/run-command.socket", "-");
print SOCAT "passwd\n";
print SOCAT "$password\n";
print SOCAT "$password\n";
close(SOCAT);
}
elsif ($action eq "show-ip") {
my $s = read_file($confFile) or die;
$s =~ /^LOCAL_ADDRESS=([0-9\.]+)$/m or die "$0: cannot get IP address\n";
print "$1\n";
}
else {
die "$0: unknown action $action\n";
}

50
nixos/modules/virtualisation/run-in-netns.c Normal file
View File

@ -0,0 +1,50 @@
#define _GNU_SOURCE
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <sched.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mount.h>
#include <fcntl.h>
#include <linux/limits.h>
int main(int argc, char * * argv)
{
if (argc < 3) {
fprintf(stderr, "%s: missing arguments\n", argv[0]);
return 1;
}
char nsPath[PATH_MAX];
sprintf(nsPath, "/run/netns/%s", argv[1]);
int fd = open(nsPath, O_RDONLY);
if (fd == -1) {
fprintf(stderr, "%s: opening network namespace: %s\n", argv[0], strerror(errno));
return 1;
}
if (setns(fd, CLONE_NEWNET) == -1) {
fprintf(stderr, "%s: setting network namespace: %s\n", argv[0], strerror(errno));
return 1;
}
umount2(nsPath, MNT_DETACH);
if (unlink(nsPath) == -1) {
fprintf(stderr, "%s: unlinking network namespace: %s\n", argv[0], strerror(errno));
return 1;
}
/* FIXME: Remount /sys so that /sys/class/net reflects the
interfaces visible in the network namespace. This requires
bind-mounting /sys/fs/cgroups etc. */
execv(argv[2], argv + 2);
fprintf(stderr, "%s: running command: %s\n", argv[0], strerror(errno));
return 1;
}

2
nixos/release-combined.nix
View File

@ -60,8 +60,8 @@ in rec {
(all nixos.tests.openssh) (all nixos.tests.openssh)
(all nixos.tests.printing) (all nixos.tests.printing)
(all nixos.tests.proxy) (all nixos.tests.proxy)
(all nixos.tests.udisks)
(all nixos.tests.xfce) (all nixos.tests.xfce)
(all nixos.tests.gnome3)
nixpkgs.tarball nixpkgs.tarball
(all nixpkgs.emacs) (all nixpkgs.emacs)

8
nixos/tests/bittorrent.nix
View File

@ -33,6 +33,8 @@ in
services.httpd.enable = true; services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org"; services.httpd.adminAddr = "foo@example.org";
services.httpd.documentRoot = "/tmp"; services.httpd.documentRoot = "/tmp";
networking.firewall.enable = false; # FIXME: figure out what ports we actually need
}; };
router = router =
@ -50,11 +52,13 @@ in
virtualisation.vlans = [ 2 ]; virtualisation.vlans = [ 2 ];
networking.defaultGateway = networking.defaultGateway =
nodes.router.config.networking.interfaces.eth2.ipAddress; nodes.router.config.networking.interfaces.eth2.ipAddress;
networking.firewall.enable = false;
}; };
client2 = client2 =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ environment.systemPackages = [ pkgs.transmission ]; { environment.systemPackages = [ pkgs.transmission ];
networking.firewall.enable = false;
}; };
}; };
@ -66,8 +70,8 @@ in
# Enable NAT on the router and start miniupnpd. # Enable NAT on the router and start miniupnpd.
$router->waitForUnit("nat"); $router->waitForUnit("nat");
$router->succeed( $router->succeed(
"iptables -t nat -N MINIUPNPD", "iptables -w -t nat -N MINIUPNPD",
"iptables -t nat -A PREROUTING -i eth1 -j MINIUPNPD", "iptables -w -t nat -A PREROUTING -i eth1 -j MINIUPNPD",
"echo 1 > /proc/sys/net/ipv4/ip_forward", "echo 1 > /proc/sys/net/ipv4/ip_forward",
"miniupnpd -f ${miniupnpdConf nodes}" "miniupnpd -f ${miniupnpdConf nodes}"
); );

81
nixos/tests/containers.nix Normal file
View File

@ -0,0 +1,81 @@
# Test for NixOS' container support.
{ pkgs, ... }:
{
machine =
{ config, pkgs, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;
virtualisation.memorySize = 768;
containers.webserver =
{ privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.2";
config =
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowPing = true;
};
};
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
};
testScript =
''
$machine->succeed("nixos-container list") =~ /webserver/;
# Start the webserver container.
$machine->succeed("nixos-container start webserver");
# Since "start" returns after the container has reached
# multi-user.target, we should now be able to access it.
my $ip = $machine->succeed("nixos-container show-ip webserver");
chomp $ip;
$machine->succeed("ping -c1 $ip");
$machine->succeed("curl --fail http://$ip/ > /dev/null");
# Stop the container.
$machine->succeed("nixos-container stop webserver");
$machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
# Make sure we have a NixOS tree (required by nixos-container create).
$machine->succeed("nix-env -qa -A nixos.pkgs.hello >&2");
# Create some containers imperatively.
my $id1 = $machine->succeed("nixos-container create foo --ensure-unique-name");
chomp $id1;
$machine->log("created container $id1");
my $id2 = $machine->succeed("nixos-container create foo --ensure-unique-name");
chomp $id2;
$machine->log("created container $id2");
die if $id1 eq $id2;
my $ip1 = $machine->succeed("nixos-container show-ip $id1");
chomp $ip1;
my $ip2 = $machine->succeed("nixos-container show-ip $id2");
chomp $ip2;
die if $ip1 eq $ip2;
# Start one of them.
$machine->succeed("nixos-container start $id1");
# Execute commands via the root shell.
$machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/;
$machine->succeed("nixos-container set-root-password $id1 foobar");
# Destroy the containers.
$machine->succeed("nixos-container destroy $id1");
$machine->succeed("nixos-container destroy $id2");
# Destroying a declarative container should fail.
$machine->fail("nixos-container destroy webserver");
'';
}

3
nixos/tests/default.nix
View File

@ -8,6 +8,7 @@ with import ../lib/testing.nix { inherit system minimal; };
{ {
avahi = makeTest (import ./avahi.nix); avahi = makeTest (import ./avahi.nix);
bittorrent = makeTest (import ./bittorrent.nix); bittorrent = makeTest (import ./bittorrent.nix);
containers = makeTest (import ./containers.nix);
firefox = makeTest (import ./firefox.nix); firefox = makeTest (import ./firefox.nix);
firewall = makeTest (import ./firewall.nix); firewall = makeTest (import ./firewall.nix);
installer = makeTests (import ./installer.nix); installer = makeTests (import ./installer.nix);
@ -25,6 +26,7 @@ with import ../lib/testing.nix { inherit system minimal; };
mysql = makeTest (import ./mysql.nix); mysql = makeTest (import ./mysql.nix);
mysql_replication = makeTest (import ./mysql-replication.nix); mysql_replication = makeTest (import ./mysql-replication.nix);
munin = makeTest (import ./munin.nix); munin = makeTest (import ./munin.nix);
mumble = makeTest (import ./mumble.nix);
nat = makeTest (import ./nat.nix); nat = makeTest (import ./nat.nix);
nfs3 = makeTest (import ./nfs.nix { version = 3; }); nfs3 = makeTest (import ./nfs.nix { version = 3; });
#nfs4 = makeTest (import ./nfs.nix { version = 4; }); #nfs4 = makeTest (import ./nfs.nix { version = 4; });
@ -37,6 +39,7 @@ with import ../lib/testing.nix { inherit system minimal; };
simple = makeTest (import ./simple.nix); simple = makeTest (import ./simple.nix);
#subversion = makeTest (import ./subversion.nix); #subversion = makeTest (import ./subversion.nix);
tomcat = makeTest (import ./tomcat.nix); tomcat = makeTest (import ./tomcat.nix);
udisks = makeTest (import ./udisks.nix);
#trac = makeTest (import ./trac.nix); #trac = makeTest (import ./trac.nix);
xfce = makeTest (import ./xfce.nix); xfce = makeTest (import ./xfce.nix);
runInMachine.test = import ./run-in-machine.nix { inherit system; }; runInMachine.test = import ./run-in-machine.nix { inherit system; };

3
nixos/tests/firewall.nix
View File

@ -17,6 +17,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ services.httpd.enable = true; { services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org"; services.httpd.adminAddr = "foo@example.org";
networking.firewall.enable = false;
}; };
}; };
@ -33,7 +34,7 @@
$walled->succeed("curl -v http://localhost/ >&2"); $walled->succeed("curl -v http://localhost/ >&2");
# Connections to the firewalled machine should fail. # Connections to the firewalled machine should fail.
$attacker->fail("curl -v http://walled/ >&2"); $attacker->fail("curl --fail --connect-timeout 2 http://walled/ >&2");
$attacker->fail("ping -c 1 walled >&2"); $attacker->fail("ping -c 1 walled >&2");
# Outgoing connections/pings should still work. # Outgoing connections/pings should still work.

2
nixos/tests/installer.nix
View File

@ -79,6 +79,8 @@ let
virtualisation.writableStore = true; virtualisation.writableStore = true;
virtualisation.pathsInNixDB = channelContents ++ [ pkgs.hello.src ]; virtualisation.pathsInNixDB = channelContents ++ [ pkgs.hello.src ];
virtualisation.memorySize = 768; virtualisation.memorySize = 768;
networking.firewall.allowedTCPPorts = [ 80 ];
}; };
channelContents = [ pkgs.rlwrap ]; channelContents = [ pkgs.rlwrap ];

1
nixos/tests/ipv6.nix
View File

@ -12,6 +12,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ services.httpd.enable = true; { services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org"; services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
}; };
router = router =

14
nixos/tests/jenkins.nix
View File

@ -3,21 +3,27 @@
# 2. jenkins user can be extended on both master and slave # 2. jenkins user can be extended on both master and slave
# 3. jenkins service not started on slave node # 3. jenkins service not started on slave node
{ pkgs, ... }: { pkgs, ... }:
{ {
nodes = { nodes = {
master = { pkgs, config, ... }: {
services.jenkins.enable = true; master =
{ config, pkgs, ... }:
{ services.jenkins.enable = true;
# should have no effect # should have no effect
services.jenkinsSlave.enable = true; services.jenkinsSlave.enable = true;
users.extraUsers.jenkins.extraGroups = [ "users" ]; users.extraUsers.jenkins.extraGroups = [ "users" ];
}; };
slave = { pkgs, config, ... }: {
services.jenkinsSlave.enable = true; slave =
{ config, pkgs, ... }:
{ services.jenkinsSlave.enable = true;
users.extraUsers.jenkins.extraGroups = [ "users" ]; users.extraUsers.jenkins.extraGroups = [ "users" ];
}; };
}; };
testScript = '' testScript = ''

55
nixos/tests/mumble.nix Normal file
View File

@ -0,0 +1,55 @@
{ pkgs, ... }:
let
client = { config, pkgs, ... }: {
imports = [ ./common/x11.nix ];
environment.systemPackages = [ pkgs.mumble ];
};
in
{
nodes = {
server = { config, pkgs, ... }: {
services.murmur.enable = true;
services.murmur.registerName = "NixOS tests";
networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
};
client1 = client;
client2 = client;
};
testScript = ''
startAll;
$server->waitForUnit("murmur.service");
$client1->waitForX;
$client2->waitForX;
$client1->execute("mumble mumble://client1\@server/test &");
$client2->execute("mumble mumble://client2\@server/test &");
$server->sleep(10); # Wait for Mumble UI to pop up
# cancel client audio configuration
$client1->sendKeys("esc");
$client2->sendKeys("esc");
$server->sleep(1);
# cancel client cert configuration
$client1->sendKeys("esc");
$client2->sendKeys("esc");
$server->sleep(1);
# accept server certificate
$client1->sendChars("y");
$client2->sendChars("y");
# Find clients in logs
$server->waitUntilSucceeds("grep -q 'client1' /var/log/murmur/murmurd.log");
$server->waitUntilSucceeds("grep -q 'client2' /var/log/murmur/murmurd.log");
$server->sleep(5); # wait to get screenshot
$client1->screenshot("screen1");
$client2->screenshot("screen2");
'';
}

1
nixos/tests/mysql-replication.nix
View File

@ -19,6 +19,7 @@ in
create user '${replicateUser}'@'%' identified by '${replicatePassword}'; create user '${replicateUser}'@'%' identified by '${replicatePassword}';
grant replication slave on *.* to '${replicateUser}'@'%'; grant replication slave on *.* to '${replicateUser}'@'%';
''; '';
networking.firewall.allowedTCPPorts = [ 3306 ];
}; };
slave1 = slave1 =

3
nixos/tests/nat.nix
View File

@ -12,6 +12,7 @@
{ client = { client =
{ config, pkgs, nodes, ... }: { config, pkgs, nodes, ... }:
{ virtualisation.vlans = [ 1 ]; { virtualisation.vlans = [ 1 ];
networking.firewall.allowPing = true;
networking.defaultGateway = networking.defaultGateway =
nodes.router.config.networking.interfaces.eth2.ipAddress; nodes.router.config.networking.interfaces.eth2.ipAddress;
}; };
@ -19,6 +20,7 @@
router = router =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ virtualisation.vlans = [ 2 1 ]; { virtualisation.vlans = [ 2 1 ];
networking.firewall.allowPing = true;
networking.nat.enable = true; networking.nat.enable = true;
networking.nat.internalIPs = [ "192.168.1.0/24" ]; networking.nat.internalIPs = [ "192.168.1.0/24" ];
networking.nat.externalInterface = "eth1"; networking.nat.externalInterface = "eth1";
@ -27,6 +29,7 @@
server = server =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ virtualisation.vlans = [ 2 ]; { virtualisation.vlans = [ 2 ];
networking.firewall.enable = false;
services.httpd.enable = true; services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org"; services.httpd.adminAddr = "foo@example.org";
services.vsftpd.enable = true; services.vsftpd.enable = true;

2
nixos/tests/nfs.nix
View File

@ -13,6 +13,7 @@ let
options = "vers=${toString version}"; options = "vers=${toString version}";
} }
]; ];
networking.firewall.enable = false; # FIXME: only open statd
}; };
in in
@ -31,6 +32,7 @@ in
/data 192.168.1.0/255.255.255.0(rw,no_root_squash,no_subtree_check,fsid=0) /data 192.168.1.0/255.255.255.0(rw,no_root_squash,no_subtree_check,fsid=0)
''; '';
services.nfs.server.createMountPoints = true; services.nfs.server.createMountPoints = true;
networking.firewall.enable = false; # FIXME: figure out what ports need to be allowed
}; };
}; };

3
nixos/tests/printing.nix
View File

@ -17,6 +17,7 @@
Allow from all Allow from all
</Location> </Location>
''; '';
networking.firewall.allowedTCPPorts = [ 631 ];
}; };
client = client =
@ -37,7 +38,7 @@
$client->succeed("lpstat -H") =~ "/var/run/cups/cups.sock" or die; $client->succeed("lpstat -H") =~ "/var/run/cups/cups.sock" or die;
$client->succeed("curl --fail http://localhost:631/"); $client->succeed("curl --fail http://localhost:631/");
$client->succeed("curl --fail http://server:631/"); $client->succeed("curl --fail http://server:631/");
$server->fail("curl --fail http://client:631/"); $server->fail("curl --fail --connect-timeout 2 http://client:631/");
# Add a HP Deskjet printer connected via USB to the server. # Add a HP Deskjet printer connected via USB to the server.
$server->succeed("lpadmin -p DeskjetLocal -v usb://HP/Deskjet%205400%20series?serial=TH93I152S123XY -m 'drv:///sample.drv/deskjet.ppd' -E"); $server->succeed("lpadmin -p DeskjetLocal -v usb://HP/Deskjet%205400%20series?serial=TH93I152S123XY -m 'drv:///sample.drv/deskjet.ppd' -E");

11
nixos/tests/proxy.nix
View File

@ -5,12 +5,10 @@ let
backend = backend =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ { services.httpd.enable = true;
services.openssh.enable = true;
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org"; services.httpd.adminAddr = "foo@example.org";
services.httpd.documentRoot = "${pkgs.valgrind}/share/doc/valgrind/html"; services.httpd.documentRoot = "${pkgs.valgrind}/share/doc/valgrind/html";
networking.firewall.allowedTCPPorts = [ 80 ];
}; };
in in
@ -21,8 +19,7 @@ in
{ proxy = { proxy =
{ config, pkgs, nodes, ... }: { config, pkgs, nodes, ... }:
{ { services.httpd.enable = true;
services.httpd.enable = true;
services.httpd.adminAddr = "bar@example.org"; services.httpd.adminAddr = "bar@example.org";
services.httpd.extraModules = ["proxy_balancer"]; services.httpd.extraModules = ["proxy_balancer"];
@ -50,6 +47,8 @@ in
# For testing; don't want to wait forever for dead backend servers. # For testing; don't want to wait forever for dead backend servers.
ProxyTimeout 5 ProxyTimeout 5
''; '';
networking.firewall.allowedTCPPorts = [ 80 ];
}; };
backend1 = backend; backend1 = backend;

1
nixos/tests/quake3.nix
View File

@ -37,6 +37,7 @@ rec {
"'+map q3dm7' '+addbot grunt' '+addbot daemia' 2> /tmp/log"; "'+map q3dm7' '+addbot grunt' '+addbot daemia' 2> /tmp/log";
}; };
nixpkgs.config.packageOverrides = overrides; nixpkgs.config.packageOverrides = overrides;
networking.firewall.allowedUDPPorts = [ 27960 ];
}; };
client1 = client; client1 = client;

9
nixos/tests/tomcat.nix
View File

@ -5,13 +5,12 @@
server = server =
{ pkgs, config, ... }: { pkgs, config, ... }:
{ { services.tomcat.enable = true;
services.tomcat.enable = true;
services.httpd.enable = true; services.httpd.enable = true;
services.httpd.adminAddr = "foo@bar.com"; services.httpd.adminAddr = "foo@bar.com";
services.httpd.extraSubservices = [ services.httpd.extraSubservices =
{ serviceType = "tomcat-connector"; } [ { serviceType = "tomcat-connector"; } ];
]; networking.firewall.allowedTCPPorts = [ 80 ];
}; };
client = { }; client = { };

56
nixos/tests/udisks.nix Normal file
View File

@ -0,0 +1,56 @@
{ pkgs, ... }:
let
stick = pkgs.fetchurl {
url = http://nixos.org/~eelco/nix/udisks-test.img.xz;
sha256 = "0was1xgjkjad91nipzclaz5biv3m4b2nk029ga6nk7iklwi19l8b";
};
in
{
machine =
{ config, pkgs, ... }:
{ services.udisks.enable = true;
imports = [ ./common/user-account.nix ];
security.polkit.extraConfig =
''
polkit.addRule(function(action, subject) {
if (subject.user == "alice") return "yes";
});
'';
};
testScript =
''
my $stick = $machine->stateDir . "/usbstick.img";
system("xz -d < ${stick} > $stick") == 0 or die;
$machine->succeed("udisks --enumerate | grep /org/freedesktop/UDisks/devices/vda");
$machine->fail("udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1");
# Attach a USB stick and wait for it to show up.
$machine->sendMonitorCommand("usb_add disk:$stick");
$machine->waitUntilSucceeds("udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1");
$machine->succeed("udisks --show-info /dev/sda1 | grep 'label:.*USBSTICK'");
# Mount the stick as a non-root user and do some stuff with it.
$machine->succeed("su - alice -c 'udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1'");
$machine->succeed("su - alice -c 'udisks --mount /dev/sda1'");
$machine->succeed("su - alice -c 'cat /media/USBSTICK/test.txt'") =~ /Hello World/;
$machine->succeed("su - alice -c 'echo foo > /media/USBSTICK/bar.txt'");
# Unmounting the stick should make the mountpoint disappear.
$machine->succeed("su - alice -c 'udisks --unmount /dev/sda1'");
$machine->fail("[ -d /media/USBSTICK ]");
# Remove the USB stick.
$machine->sendMonitorCommand("usb_del 0.3"); # FIXME
$machine->waitUntilFails("udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1");
$machine->fail("[ -e /dev/sda ]");
'';
}

4
pkgs/applications/editors/emacs-modes/flymake-cursor/default.nix
View File

@ -5,7 +5,7 @@ stdenv.mkDerivation rec {
src = fetchurl { src = fetchurl {
url = "http://www.emacswiki.org/emacs/download/flymake-cursor.el"; url = "http://www.emacswiki.org/emacs/download/flymake-cursor.el";
sha256 = "1qqppd1786w8pl1avjb01n23lwihb7m0hr23abjklsxz03gmp4qz"; sha256 = "10cpzrd588ya52blghxss5zkn6x8hc7bx1h0qbcdlybbmkjgpkxr";
}; };
phases = [ "buildPhase" "installPhase"]; phases = [ "buildPhase" "installPhase"];
@ -26,7 +26,5 @@ stdenv.mkDerivation rec {
description = "Displays flymake error msg in minibuffer after delay"; description = "Displays flymake error msg in minibuffer after delay";
homepage = http://www.emacswiki.org/emacs/flymake-cursor.el; homepage = http://www.emacswiki.org/emacs/flymake-cursor.el;
license = stdenv.lib.licenses.publicDomain; license = stdenv.lib.licenses.publicDomain;
platforms = stdenv.lib.platforms.all;
}; };
} }

6
pkgs/applications/editors/emacs-modes/idris/default.nix
View File

@ -1,12 +1,12 @@
{ stdenv, fetchgit, emacs }: { stdenv, fetchgit, emacs }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "idris-mode-20140223"; name = "idris-mode-20140405";
src = fetchgit { src = fetchgit {
url = https://github.com/idris-hackers/idris-mode.git; url = https://github.com/idris-hackers/idris-mode.git;
rev = "486470533e74c55192e92a1afa050475915ee1e7"; rev = "2e2d18fb757da4b42940ebe2a57d7a117175489f";
sha256 = "ff2e6bd8fbf421e8f2db0789d2ff56c5103775b911b99bab64e4652d332bad43"; sha256 = "d4b52c6c43c038c94a7464cd9c849cd40c01696c440da8b057c00a9be22f9ac0";
}; };
buildInputs = [ emacs ]; buildInputs = [ emacs ];

8
pkgs/applications/graphics/shotwell/default.nix
View File

@ -35,9 +35,15 @@ in stdenv.mkDerivation rec {
''; '';
postInstall = '' postInstall = ''
mkdir -p $out/share/gsettings-schemas/$name
mv $out/share/glib-2.0 $out/share/gsettings-schemas/$name/
'';
preFixup = ''
wrapProgram "$out/bin/shotwell" \ wrapProgram "$out/bin/shotwell" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome3.gsettings_desktop_schemas}/share:${gtk3}/share:$out/share" --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gtk3}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
rm $out/share/icons/hicolor/icon-theme.cache
''; '';

4
pkgs/applications/misc/calibre/default.nix
View File

@ -4,11 +4,11 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "calibre-1.25.0"; name = "calibre-1.31.0";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/calibre/${name}.tar.xz"; url = "mirror://sourceforge/calibre/${name}.tar.xz";
sha256 = "1y221r5vgq426ldqjrx3qvgf3j3v2wncwzra747psvhwf95zd5fd"; sha256 = "1fl42y8ppw8s51v66dqsrg1ib28yi6z5779r9wfvdbl9v1clilfc";
}; };
inherit python; inherit python;

4
pkgs/applications/misc/ikiwiki/default.nix
View File

@ -23,7 +23,7 @@ assert mercurialSupport -> (mercurial != null);
let let
name = "ikiwiki"; name = "ikiwiki";
version = "3.20140125"; version = "3.20140227";
lib = stdenv.lib; lib = stdenv.lib;
in in
@ -32,7 +32,7 @@ stdenv.mkDerivation {
src = fetchurl { src = fetchurl {
url = "http://ftp.de.debian.org/debian/pool/main/i/ikiwiki/${name}_${version}.tar.gz"; url = "http://ftp.de.debian.org/debian/pool/main/i/ikiwiki/${name}_${version}.tar.gz";
sha256 = "06r95xhm8pnvswgmkf3j7h4n6b1nmk0v0znmnzblkdx7xh12m0hd"; sha256 = "1bbpqs4c1la1yqcxcxj3xip3wadjnjq0wawv19j6d6baymm66cr3";
}; };
buildInputs = [ perl TextMarkdown URI HTMLParser HTMLScrubber HTMLTemplate buildInputs = [ perl TextMarkdown URI HTMLParser HTMLScrubber HTMLTemplate

7
pkgs/applications/misc/surf/default.nix
View File

@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
sha256 = "01b8hq8z2wd7ssym5bypx2b15mrs1lhgkrcgxf700kswxvxcrhgx"; sha256 = "01b8hq8z2wd7ssym5bypx2b15mrs1lhgkrcgxf700kswxvxcrhgx";
}; };
buildInputs = [ gtk makeWrapper webkit pkgconfig glib libsoup ]; buildInputs = [ gtk makeWrapper webkit gsettings_desktop_schemas pkgconfig glib libsoup ];
# Allow users set their own list of patches # Allow users set their own list of patches
inherit patches; inherit patches;
@ -21,9 +21,12 @@ stdenv.mkDerivation rec {
preConfigure = [ ''sed -i "s@PREFIX = /usr/local@PREFIX = $out@g" config.mk'' ]; preConfigure = [ ''sed -i "s@PREFIX = /usr/local@PREFIX = $out@g" config.mk'' ];
installPhase = '' installPhase = ''
make PREFIX=/ DESTDIR=$out install make PREFIX=/ DESTDIR=$out install
'';
preFixup = ''
wrapProgram "$out/bin/surf" \ wrapProgram "$out/bin/surf" \
--prefix GIO_EXTRA_MODULES : ${glib_networking}/lib/gio/modules \ --prefix GIO_EXTRA_MODULES : ${glib_networking}/lib/gio/modules \
--prefix XDG_DATA_DIRS : "${gsettings_desktop_schemas}/share" --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
''; '';
meta = { meta = {

47
pkgs/applications/misc/synergy/cryptopp.patch
View File

@ -1,8 +1,7 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt diff -urN synergy-1.4.17-Source/CMakeLists.txt synergy-1.4.17-Source-fix/CMakeLists.txt
index 3b61fc0..2206646 100644 --- synergy-1.4.17-Source/CMakeLists.txt 2014-03-14 21:34:19.000000000 +0100
--- a/CMakeLists.txt +++ synergy-1.4.17-Source-fix/CMakeLists.txt 2014-04-11 13:37:18.839338710 +0200
+++ b/CMakeLists.txt @@ -145,6 +145,9 @@
@@ -133,6 +133,9 @@ if (UNIX)
check_type_size(long SIZEOF_LONG) check_type_size(long SIZEOF_LONG)
check_type_size(short SIZEOF_SHORT) check_type_size(short SIZEOF_SHORT)
@ -12,21 +11,20 @@ index 3b61fc0..2206646 100644
# pthread is used on both Linux and Mac # pthread is used on both Linux and Mac
check_library_exists("pthread" pthread_create "" HAVE_PTHREAD) check_library_exists("pthread" pthread_create "" HAVE_PTHREAD)
if (HAVE_PTHREAD) if (HAVE_PTHREAD)
@@ -303,7 +306,6 @@ if (VNC_SUPPORT) @@ -317,7 +320,6 @@
endif() endif()
add_subdirectory(src) add_subdirectory(src)
-add_subdirectory(tools) -add_subdirectory(ext)
if (WIN32) if (WIN32)
# add /analyze in order to unconver potential bugs in the source code # TODO: consider using /analyze to uncover potential bugs in the source code.
diff --git a/src/lib/io/CCryptoMode.h b/src/lib/io/CCryptoMode.h diff -urN synergy-1.4.17-Source/src/lib/io/CryptoMode_cryptopp.h synergy-1.4.17-Source-fix/src/lib/io/CryptoMode_cryptopp.h
index 9b7e8ad..0d659ac 100644 --- synergy-1.4.17-Source/src/lib/io/CryptoMode_cryptopp.h 2014-02-28 13:36:45.000000000 +0100
--- a/src/lib/io/CCryptoMode.h +++ synergy-1.4.17-Source-fix/src/lib/io/CryptoMode_cryptopp.h 2014-04-11 13:36:01.111985556 +0200
+++ b/src/lib/io/CCryptoMode.h @@ -25,6 +25,6 @@
@@ -17,9 +17,9 @@ # pragma GCC system_header
#endif
#pragma once
-#include <cryptopp562/gcm.h> -#include <cryptopp562/gcm.h>
-#include <cryptopp562/modes.h> -#include <cryptopp562/modes.h>
@ -34,21 +32,14 @@ index 9b7e8ad..0d659ac 100644
+#include <cryptopp/gcm.h> +#include <cryptopp/gcm.h>
+#include <cryptopp/modes.h> +#include <cryptopp/modes.h>
+#include <cryptopp/aes.h> +#include <cryptopp/aes.h>
#include "ECryptoMode.h" diff -urN synergy-1.4.17-Source/src/lib/io/CryptoStream_cryptopp.h synergy-1.4.17-Source-fix/src/lib/io/CryptoStream_cryptopp.h
#include "CString.h" --- synergy-1.4.17-Source/src/lib/io/CryptoStream_cryptopp.h 2014-02-28 13:36:45.000000000 +0100
+++ synergy-1.4.17-Source-fix/src/lib/io/CryptoStream_cryptopp.h 2014-04-11 13:36:07.173013005 +0200
@@ -25,5 +25,5 @@
# pragma GCC system_header
#endif
diff --git a/src/lib/io/CCryptoStream.h b/src/lib/io/CCryptoStream.h
index 104b1f6..09c4dc4 100644
--- a/src/lib/io/CCryptoStream.h
+++ b/src/lib/io/CCryptoStream.h
@@ -20,8 +20,8 @@
#include "BasicTypes.h"
#include "CStreamFilter.h"
#include "CCryptoMode.h"
-#include <cryptopp562/osrng.h> -#include <cryptopp562/osrng.h>
-#include <cryptopp562/sha.h> -#include <cryptopp562/sha.h>
+#include <cryptopp/osrng.h> +#include <cryptopp/osrng.h>
+#include <cryptopp/sha.h> +#include <cryptopp/sha.h>
class CCryptoOptions;

20
pkgs/applications/misc/synergy/default.nix
View File

@ -1,29 +1,31 @@
{ stdenv, fetchurl, cmake, x11, libX11, libXi, libXtst, libXrandr, xinput { stdenv, fetchurl, cmake, x11, libX11, libXi, libXtst, libXrandr, xinput, curl
, cryptopp ? null, unzip ? null }: , cryptopp ? null, unzip }:
assert stdenv.isLinux -> cryptopp != null; assert stdenv.isLinux -> cryptopp != null;
assert !stdenv.isLinux -> unzip != null;
with stdenv.lib; with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "synergy-1.4.15"; name = "synergy-1.4.17";
src = fetchurl { src = fetchurl {
url = "http://synergy.googlecode.com/files/${name}-Source.tar.gz"; url = "http://fossfiles.com/synergy/${name}-r2055-Source.tar.gz";
sha256 = "0l1mxxky9hacyva0npzkgkwg4wkmihzq3abdrds0w5f6is44adv4"; sha256 = "1mwaapvq9vsm0rdpq99fyzcw6wbp83rg6cylcqcgjjd21c6y9iwm";
}; };
patches = optional stdenv.isLinux ./cryptopp.patch; patches = optional stdenv.isLinux ./cryptopp.patch;
postPatch = if stdenv.isLinux then '' postPatch = (if stdenv.isLinux then ''
sed -i -e '/HAVE_X11_EXTENSIONS_XRANDR_H/c \ sed -i -e '/HAVE_X11_EXTENSIONS_XRANDR_H/c \
set(HAVE_X11_EXTENSIONS_XRANDR_H true)' CMakeLists.txt set(HAVE_X11_EXTENSIONS_XRANDR_H true)' CMakeLists.txt
'' else '' '' else ''
${unzip}/bin/unzip -d tools/cryptopp562 tools/cryptopp562.zip ${unzip}/bin/unzip -d ext/cryptopp562 ext/cryptopp562.zip
'') + ''
${unzip}/bin/unzip -d ext/gmock-1.6.0 ext/gmock-1.6.0.zip
${unzip}/bin/unzip -d ext/gtest-1.6.0 ext/gtest-1.6.0.zip
''; '';
buildInputs = [ cmake x11 libX11 libXi libXtst libXrandr xinput ] buildInputs = [ cmake x11 libX11 libXi libXtst libXrandr xinput curl ]
++ optional stdenv.isLinux cryptopp; ++ optional stdenv.isLinux cryptopp;
# At this moment make install doesn't work for synergy # At this moment make install doesn't work for synergy

6
pkgs/applications/networking/browsers/chromium/sources.nix
View File

@ -11,8 +11,8 @@
sha256 = "1na5d6z4a0wkabn7cj62vyiv3mmvcb6qdvrkyy6fj79h7gk2hb7k"; sha256 = "1na5d6z4a0wkabn7cj62vyiv3mmvcb6qdvrkyy6fj79h7gk2hb7k";
}; };
stable = { stable = {
version = "33.0.1750.152"; version = "34.0.1847.116";
url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-33.0.1750.152.tar.xz"; url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-34.0.1847.116.tar.xz";
sha256 = "0byc23vwn9alsva0jqvwvgnbx2bm7x48m3jln02y4fpf1f265m4z"; sha256 = "04cpfav5rqa117igvzmrw0045r2ljxg5fqb46qgqvkgff30pjrfx";
}; };
} }

6
pkgs/applications/networking/browsers/dwb/default.nix
View File

@ -10,17 +10,17 @@ stdenv.mkDerivation {
sha256 = "145sq2wv0s0n32cwpwgy59ff6ppcv80ialak7nnj1rpqicfqb72h"; sha256 = "145sq2wv0s0n32cwpwgy59ff6ppcv80ialak7nnj1rpqicfqb72h";
}; };
buildInputs = [ pkgconfig makeWrapper libsoup webkit gtk3 gnutls json_c m4 ]; buildInputs = [ pkgconfig makeWrapper gsettings_desktop_schemas libsoup webkit gtk3 gnutls json_c m4 ];
# There are Xlib and gtk warnings therefore I have set Wno-error # There are Xlib and gtk warnings therefore I have set Wno-error
preBuild='' preBuild=''
makeFlagsArray=(CPPFLAGS="-Wno-error" GTK=3 PREFIX=$out); makeFlagsArray=(CPPFLAGS="-Wno-error" GTK=3 PREFIX=$out);
''; '';
postInstall='' preFixup=''
wrapProgram "$out/bin/dwb" \ wrapProgram "$out/bin/dwb" \
--prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" \ --prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" \
--prefix XDG_DATA_DIRS : "${gsettings_desktop_schemas}/share:$out/share" --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH:$out/share"
wrapProgram "$out/bin/dwbem" \ wrapProgram "$out/bin/dwbem" \
--prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" --prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules"
''; '';

6
pkgs/applications/networking/browsers/mozilla-plugins/flashplayer-11/default.nix
View File

@ -36,7 +36,7 @@
let let
# -> http://get.adobe.com/flashplayer/ # -> http://get.adobe.com/flashplayer/
version = "11.2.202.346"; version = "11.2.202.350";
src = src =
if stdenv.system == "x86_64-linux" then if stdenv.system == "x86_64-linux" then
@ -47,7 +47,7 @@ let
else rec { else rec {
inherit version; inherit version;
url = "http://fpdownload.macromedia.com/get/flashplayer/pdc/${version}/install_flash_player_11_linux.x86_64.tar.gz"; url = "http://fpdownload.macromedia.com/get/flashplayer/pdc/${version}/install_flash_player_11_linux.x86_64.tar.gz";
sha256 = "19jgiw5f0ksxqgi6jkla4qq7gx9gnn9jmpjgqanb7mhl5fdl0v55"; sha256 = "0f5y05c0acvdzd7a7qi93kd17byazf9swm6gml5rph5bc25aw77l";
} }
else if stdenv.system == "i686-linux" then else if stdenv.system == "i686-linux" then
if debug then { if debug then {
@ -58,7 +58,7 @@ let
} else rec { } else rec {
inherit version; inherit version;
url = "http://fpdownload.macromedia.com/get/flashplayer/pdc/${version}/install_flash_player_11_linux.i386.tar.gz"; url = "http://fpdownload.macromedia.com/get/flashplayer/pdc/${version}/install_flash_player_11_linux.i386.tar.gz";
sha256 = "01f4zady0r0n5rfqq2285svc13wiypmfrm8fnirmr5lpwl5d89ra"; sha256 = "0nsrj56xbpn8r4365zby8qbc38cl2anb5ky0h7jwyh7xyrs9xmml";
} }
else throw "Flash Player is not supported on this platform"; else throw "Flash Player is not supported on this platform";

6
pkgs/applications/networking/browsers/vimb/default.nix
View File

@ -16,14 +16,14 @@ stdenv.mkDerivation rec {
sed -i s,/etc/ssl/certs/ca-certificates.crt,/etc/ssl/certs/ca-bundle.crt, src/default.h sed -i s,/etc/ssl/certs/ca-certificates.crt,/etc/ssl/certs/ca-bundle.crt, src/default.h
''; '';
buildInputs = [ makeWrapper gtk libsoup pkgconfig webkit ]; buildInputs = [ makeWrapper gtk libsoup pkgconfig webkit gsettings_desktop_schemas ];
makeFlags = [ "PREFIX=$(out)" ]; makeFlags = [ "PREFIX=$(out)" ];
postInstall = '' preFixup = ''
wrapProgram "$out/bin/vimb" \ wrapProgram "$out/bin/vimb" \
--prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" \ --prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" \
--prefix XDG_DATA_DIRS : "${gsettings_desktop_schemas}/share" --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
''; '';
meta = { meta = {

7
pkgs/applications/networking/browsers/vimprobable2/default.nix
View File

@ -14,13 +14,16 @@ stdenv.mkDerivation rec {
sed -i s,/etc/ssl/certs/ca-certificates.crt,/etc/ssl/certs/ca-bundle.crt, config.h sed -i s,/etc/ssl/certs/ca-certificates.crt,/etc/ssl/certs/ca-bundle.crt, config.h
''; '';
buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit ]; buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit gsettings_desktop_schemas ];
installPhase = '' installPhase = ''
make PREFIX=/ DESTDIR=$out install make PREFIX=/ DESTDIR=$out install
'';
preFixup = ''
wrapProgram "$out/bin/vimprobable2" \ wrapProgram "$out/bin/vimprobable2" \
--prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" \ --prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" \
--prefix XDG_DATA_DIRS : "${gsettings_desktop_schemas}/share" --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
''; '';
meta = { meta = {

2
pkgs/applications/networking/instant-messengers/telepathy/logger/default.nix
View File

@ -19,8 +19,6 @@ stdenv.mkDerivation rec {
configureFlags = "--enable-call"; configureFlags = "--enable-call";
installFlags = "gsettingsschemadir=\${out}/share/telepathy/logger/glib-2.0/schemas/";
meta = { meta = {
description = "Logger service for Telepathy framework"; description = "Logger service for Telepathy framework";
homepage = http://telepathy.freedesktop.org/wiki/Logger ; homepage = http://telepathy.freedesktop.org/wiki/Logger ;

9
pkgs/applications/networking/instant-messengers/telepathy/mission-control/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, pkgconfig, telepathy_glib, libxslt }: { stdenv, fetchurl, pkgconfig, telepathy_glib, libxslt, makeWrapper }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "${pname}-5.16.0"; name = "${pname}-5.16.0";
@ -9,7 +9,12 @@ stdenv.mkDerivation rec {
sha256 = "1l61w6j04mbrjsbcfrlc0safh9nlsjnj0z6lszal64r9bhkcghzd"; sha256 = "1l61w6j04mbrjsbcfrlc0safh9nlsjnj0z6lszal64r9bhkcghzd";
}; };
buildInputs = [ telepathy_glib ]; buildInputs = [ telepathy_glib makeWrapper ];
nativeBuildInputs = [ pkgconfig libxslt ]; nativeBuildInputs = [ pkgconfig libxslt ];
preFixup = ''
wrapProgram "$out/libexec/mission-control-5" \
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
'';
} }

5
pkgs/applications/networking/newsreaders/liferea/default.nix
View File

@ -28,16 +28,15 @@ stdenv.mkDerivation rec {
]; ];
preFixup = '' preFixup = ''
rm $out/share/icons/hicolor/icon-theme.cache''; rm $out/share/icons/hicolor/icon-theme.cache
postInstall = ''
for f in "$out"/bin/*; do for f in "$out"/bin/*; do
wrapProgram "$f" \ wrapProgram "$f" \
--prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pygobject3})" \ --prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pygobject3})" \
--prefix LD_LIBRARY_PATH : "${gnome3.libgnome_keyring}/lib" \ --prefix LD_LIBRARY_PATH : "${gnome3.libgnome_keyring}/lib" \
--prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
--prefix GIO_EXTRA_MODULES : "${gnome3.dconf}/lib/gio/modules:${glib_networking}/lib/gio/modules" \ --prefix GIO_EXTRA_MODULES : "${gnome3.dconf}/lib/gio/modules:${glib_networking}/lib/gio/modules" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome3.gnome_icon_theme}/share:${gnome3.gsettings_desktop_schemas}/share:${gnome3.gtk}/share:$out/share" --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome3.gnome_icon_theme}/share:${gnome3.gtk}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
done done
''; '';

2
pkgs/applications/networking/p2p/ncdc/default.nix
View File

@ -15,5 +15,7 @@ stdenv.mkDerivation rec {
description = "modern and lightweight direct connect client with a friendly ncurses interface"; description = "modern and lightweight direct connect client with a friendly ncurses interface";
homepage = http://dev.yorhel.nl/ncdc; homepage = http://dev.yorhel.nl/ncdc;
license = stdenv.lib.licenses.mit; license = stdenv.lib.licenses.mit;
platforms = stdenv.lib.platforms.linux; # arbitrary
maintainers = [ stdenv.lib.maintainers.emery ];
}; };
} }

9
pkgs/applications/networking/remote/teamviewer/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, libX11, libXtst, libXext, libXdamage, libXfixes, wine, makeWrapper { stdenv, fetchurl, libX11, libXtst, libXext, libXdamage, libXfixes, wine, makeWrapper
, bash }: , bash, findutils, coreutils }:
assert stdenv.system == "i686-linux"; assert stdenv.system == "i686-linux";
let let
@ -31,6 +31,13 @@ stdenv.mkDerivation {
cat > $out/bin/teamviewer << EOF cat > $out/bin/teamviewer << EOF
#!${bash}/bin/sh #!${bash}/bin/sh
# Teamviewer puts symlinks to nix store paths in ~/.teamviewer. When those
# paths become garbage collected, teamviewer crashes upon start because of
# those broken symlinks. An easy workaround to this behaviour is simply to
# delete all symlinks before we start teamviewer. Teamviewer will fixup the
# symlinks, just like it did the first time the user ran it.
${findutils}/bin/find "\$HOME"/.teamviewer/*/*/"Program Files/TeamViewer/" -type l -print0 | ${findutils}/bin/xargs -0 ${coreutils}/bin/rm
export LD_LIBRARY_PATH=${toldpath}\''${LD_LIBRARY_PATH:+:\$LD_LIBRARY_PATH} export LD_LIBRARY_PATH=${toldpath}\''${LD_LIBRARY_PATH:+:\$LD_LIBRARY_PATH}
export PATH=${topath}\''${PATH:+:\$PATH} export PATH=${topath}\''${PATH:+:\$PATH}
$out/share/teamviewer/wrapper wine "c:\Program Files\TeamViewer\Version7\TeamViewer.exe" "\$@" $out/share/teamviewer/wrapper wine "c:\Program Files\TeamViewer\Version7\TeamViewer.exe" "\$@"

4
pkgs/applications/networking/sniffers/wireshark/default.nix
View File

@ -17,6 +17,10 @@ stdenv.mkDerivation {
geoip libnl c-ares gtk python geoip libnl c-ares gtk python
]; ];
preConfigure = ''
sed -re 's/g_memmove/memmove/' -i $(grep -rl g_memmove .)
'';
configureFlags = "--disable-usr-local --disable-silent-rules --with-gtk2 --without-gtk3 --without-qt --with-ssl"; configureFlags = "--disable-usr-local --disable-silent-rules --with-gtk2 --without-gtk3 --without-qt --with-ssl";
desktopItem = makeDesktopItem { desktopItem = makeDesktopItem {

47
pkgs/applications/science/logic/boolector/default.nix Normal file
View File

@ -0,0 +1,47 @@
{ stdenv, fetchurl, zlib, useV16 ? false }:
let
v15 = rec {
name = "boolector-${version}";
version = "1.5.118";
src = fetchurl {
url = "http://fmv.jku.at/boolector/${name}-with-sat-solvers.tar.gz";
sha256 = "17j7q02rryvfwgvglxnhx0kv8hxwy8wbhzawn48lw05i98vxlmk9";
};
};
v16 = rec {
name = "boolector-${version}";
version = "1.6.0";
src = fetchurl {
url = "http://fmv.jku.at/boolector/${name}-with-sat-solvers.tar.gz";
sha256 = "0jka4r6bc3i24axgdp6qbq6gjadwz9kvi11s2c5sbwmdnjd7cp85";
};
};
boolectorPkg = if useV16 then v16 else v15;
license = with stdenv.lib.licenses; if useV16 then unfreeRedistributable else gpl3;
in
stdenv.mkDerivation (boolectorPkg // {
buildInputs = [ zlib ];
enableParallelBuilding = false;
buildPhase = "./build.sh";
installPhase = ''
mkdir -p $out/bin $out/lib $out/include
cp boolector/boolector $out/bin
cp boolector/deltabtor $out/bin
cp boolector/synthebtor $out/bin
cp boolector/libboolector.a $out/lib
cp boolector/boolector.h $out/include
'';
meta = {
inherit license;
description = "An extremely fast SMT solver for bit-vectors and arrays";
homepage = "http://fmv.jku.at/boolector";
platforms = stdenv.lib.platforms.linux;
maintainers = [ stdenv.lib.maintainers.thoughtpolice ];
};
})

4
pkgs/applications/science/math/R/default.nix
View File

@ -5,11 +5,11 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "R-3.0.3"; name = "R-3.1.0";
src = fetchurl { src = fetchurl {
url = "http://cran.r-project.org/src/base/R-3/${name}.tar.gz"; url = "http://cran.r-project.org/src/base/R-3/${name}.tar.gz";
sha256 = "1mp6zp25nycn8bxnnq97gq6n21c6vprm6qc4drwap57j82azsz5r"; sha256 = "1qjzbw341bvi1h4jwbvdkvq8j0z9l3m85mpgrlfw0n2cz2806s4a";
}; };
buildInputs = [ blas bzip2 gfortran liblapack libX11 libXmu libXt buildInputs = [ blas bzip2 gfortran liblapack libX11 libXmu libXt

16
pkgs/applications/version-management/git-and-tools/git-annex/default.nix
View File

@ -1,9 +1,9 @@
{ cabal, aeson, async, blazeBuilder, bloomfilter, bup, byteable { cabal, aeson, async, blazeBuilder, bloomfilter, bup, byteable
, caseInsensitive, clientsession, cryptoApi, cryptohash, curl , caseInsensitive, clientsession, cryptoApi, cryptohash, curl
, dataDefault, dataenc, DAV, dbus, dlist, dns, editDistance , dataDefault, dataenc, DAV, dbus, dlist, dns, editDistance
, extensibleExceptions, feed, filepath, git, gnupg1, gnutls, hamlet , extensibleExceptions, fdoNotify, feed, filepath, git, gnupg1
, hinotify, hS3, hslogger, HTTP, httpClient, httpConduit, httpTypes , gnutls, hamlet, hinotify, hS3, hslogger, HTTP, httpClient
, IfElse, json, liftedBase, lsof, MissingH , httpConduit, httpTypes, IfElse, json, liftedBase, lsof, MissingH
, MonadCatchIOTransformers, monadControl, mtl, network , MonadCatchIOTransformers, monadControl, mtl, network
, networkConduit, networkInfo, networkMulticast , networkConduit, networkInfo, networkMulticast
, networkProtocolXmpp, openssh, optparseApplicative, perl , networkProtocolXmpp, openssh, optparseApplicative, perl
@ -16,16 +16,16 @@
cabal.mkDerivation (self: { cabal.mkDerivation (self: {
pname = "git-annex"; pname = "git-annex";
version = "5.20140320"; version = "5.20140405";
sha256 = "0jhg5nbvdsiaprpj4h57fpfskhx0nqva4yx6krfd90i9gwgkm8l5"; sha256 = "0nbfnv9z2jhx2jr2nma0y1znvbaa09rv1drl6wk27j6xsbiq3p3k";
isLibrary = false; isLibrary = false;
isExecutable = true; isExecutable = true;
buildDepends = [ buildDepends = [
aeson async blazeBuilder bloomfilter byteable caseInsensitive aeson async blazeBuilder bloomfilter byteable caseInsensitive
clientsession cryptoApi cryptohash dataDefault dataenc DAV dbus clientsession cryptoApi cryptohash dataDefault dataenc DAV dbus
dlist dns editDistance extensibleExceptions feed filepath gnutls dlist dns editDistance extensibleExceptions fdoNotify feed filepath
hamlet hinotify hS3 hslogger HTTP httpClient httpConduit httpTypes gnutls hamlet hinotify hS3 hslogger HTTP httpClient httpConduit
IfElse json liftedBase MissingH MonadCatchIOTransformers httpTypes IfElse json liftedBase MissingH MonadCatchIOTransformers
monadControl mtl network networkConduit networkInfo monadControl mtl network networkConduit networkInfo
networkMulticast networkProtocolXmpp optparseApplicative QuickCheck networkMulticast networkProtocolXmpp optparseApplicative QuickCheck
random regexTdfa SafeSemaphore securemem SHA stm tasty tastyHunit random regexTdfa SafeSemaphore securemem SHA stm tasty tastyHunit

14
pkgs/applications/version-management/git-and-tools/git/default.nix
View File

@ -10,7 +10,7 @@
let let
version = "1.9.1"; version = "1.9.2";
svn = subversionClient.override { perlBindings = true; }; svn = subversionClient.override { perlBindings = true; };
@ -21,7 +21,7 @@ stdenv.mkDerivation {
src = fetchurl { src = fetchurl {
url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz"; url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz";
sha256 = "0yx7qf9hqgfvrliqvk775pw3zh982nx5r16iw7n997q4ik7gnqpr"; sha256 = "1x4rb06vw4ckdflmn01r5l9spvn7cng4i5mm3sbd0n8cz0n6xz13";
}; };
patches = [ ./docbook2texi.patch ./symlinks-in-bin.patch ]; patches = [ ./docbook2texi.patch ./symlinks-in-bin.patch ];
@ -47,8 +47,7 @@ stdenv.mkDerivation {
postInstall = postInstall =
'' ''
notSupported() { notSupported() {
echo -e "#\!/bin/sh\necho '`basename $1` not supported, $2'\nexit 1" > "$1" unlink $1 || true
chmod +x $1
} }
# Install git-subtree. # Install git-subtree.
@ -94,7 +93,7 @@ stdenv.mkDerivation {
--set GITPERLLIB "$gitperllib" \ --set GITPERLLIB "$gitperllib" \
--prefix PATH : "${svn}/bin" '' --prefix PATH : "${svn}/bin" ''
else '' # replace git-svn by notification script else '' # replace git-svn by notification script
notSupported $out/libexec/git-core/git-svn "reinstall with config git = { svnSupport = true } set" notSupported $out/libexec/git-core/git-svn
'') '')
+ (if sendEmailSupport then + (if sendEmailSupport then
@ -106,7 +105,7 @@ stdenv.mkDerivation {
wrapProgram $out/libexec/git-core/git-send-email \ wrapProgram $out/libexec/git-core/git-send-email \
--set GITPERLLIB "$gitperllib" '' --set GITPERLLIB "$gitperllib" ''
else '' # replace git-send-email by notification script else '' # replace git-send-email by notification script
notSupported $out/libexec/git-core/git-send-email "reinstall with config git = { sendEmailSupport = true } set" notSupported $out/libexec/git-core/git-send-email
'') '')
+ stdenv.lib.optionalString withManual ''# Install man pages and Info manual + stdenv.lib.optionalString withManual ''# Install man pages and Info manual
@ -123,8 +122,7 @@ stdenv.mkDerivation {
'' else '' '' else ''
# Don't wrap Tcl/Tk, replace them by notification scripts # Don't wrap Tcl/Tk, replace them by notification scripts
for prog in bin/gitk libexec/git-core/git-gui; do for prog in bin/gitk libexec/git-core/git-gui; do
notSupported "$out/$prog" \ notSupported "$out/$prog"
"reinstall with config git = { guiSupport = true; } set"
done done
''); '');

4
pkgs/applications/version-management/git-and-tools/stgit/default.nix
View File

@ -1,14 +1,14 @@
{ stdenv, fetchurl, python, git }: { stdenv, fetchurl, python, git }:
let let
name = "stgit-0.16"; name = "stgit-0.17.1";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
inherit name; inherit name;
src = fetchurl { src = fetchurl {
url = "http://download.gna.org/stgit/${name}.tar.gz"; url = "http://download.gna.org/stgit/${name}.tar.gz";
sha256 = "0hla6401g2kicaakz4awk67yf8fhqbw1shn1p9ma5x6ca29s3w82"; sha256 = "1pka0ns9x0kabn036zsf0mwmwiynckhnva51kgxsch9fqah6acyl";
}; };
buildInputs = [ python git ]; buildInputs = [ python git ];

4
pkgs/applications/version-management/git-and-tools/svn2git/default.nix
View File

@ -1,14 +1,14 @@
{ stdenv, fetchurl, ruby, makeWrapper, git }: { stdenv, fetchurl, ruby, makeWrapper, git }:
let let
version = "2.2.2"; version = "2.2.5";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
name = "svn2git-${version}"; name = "svn2git-${version}";
src = fetchurl { src = fetchurl {
url = "https://github.com/nirvdrum/svn2git/archive/v${version}.tar.gz"; url = "https://github.com/nirvdrum/svn2git/archive/v${version}.tar.gz";
sha256 = "14zinkpgybz15jvbfw0sb432w6f5w4sa5pdqycjwva8v8lxqn9mh"; sha256 = "1afmrr80357pg3kawyghhc55z1pszaq8fyrrjmxa6nr9dcrqjwwh";
}; };
buildInputs = [ ruby makeWrapper ]; buildInputs = [ ruby makeWrapper ];

7
pkgs/applications/video/avidemux/default.nix
View File

@ -1,8 +1,10 @@
{stdenv, fetchurl, cmake, pkgconfig, libxml2, qt4, gtk, gettext, SDL, {stdenv, fetchurl, cmake, pkgconfig, libxml2, qt4, gtk, gettext, SDL,
libXv, pixman, libpthreadstubs, libXau, libXdmcp, libxslt, x264, libXv, pixman, libpthreadstubs, libXau, libXdmcp, libxslt, x264,
alsaLib, lame, faac, faad2, libvorbis, yasm, libvpx, xvidcore, libva }: alsaLib, lame, faad2, libvorbis, yasm, libvpx, xvidcore, libva,
faac ? null, faacSupport ? false }:
assert stdenv ? glibc; assert stdenv ? glibc;
assert faacSupport -> faac != null;
stdenv.mkDerivation { stdenv.mkDerivation {
name = "avidemux-2.5.6"; name = "avidemux-2.5.6";
@ -14,7 +16,8 @@ stdenv.mkDerivation {
buildInputs = [ cmake pkgconfig libxml2 qt4 gtk gettext SDL libXv buildInputs = [ cmake pkgconfig libxml2 qt4 gtk gettext SDL libXv
pixman libpthreadstubs libXau libXdmcp libxslt x264 alsaLib pixman libpthreadstubs libXau libXdmcp libxslt x264 alsaLib
lame faac faad2 libvorbis yasm libvpx xvidcore libva ]; lame faad2 libvorbis yasm libvpx xvidcore libva
] ++ stdenv.lib.optional faacSupport faac;
cmakeFlags = "-DPTHREAD_INCLUDE_DIR=${stdenv.glibc}/include" + cmakeFlags = "-DPTHREAD_INCLUDE_DIR=${stdenv.glibc}/include" +
" -DGETTEXT_INCLUDE_DIR=${gettext}/include" + " -DGETTEXT_INCLUDE_DIR=${gettext}/include" +

21
pkgs/applications/virtualization/docker/default.nix
View File

@ -1,36 +1,33 @@
{ stdenv, fetchurl, makeWrapper, go, lxc, sqlite, iproute, iptables, lvm2 { stdenv, fetchurl, makeWrapper, go, lxc, sqlite, iproute, bridge_utils, devicemapper,
, bash}: btrfsProgs, iptables, bash}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "docker-${version}"; name = "docker-${version}";
version = "0.7.6"; version = "0.9.1";
src = fetchurl { src = fetchurl {
url = "https://github.com/dotcloud/docker/archive/v${version}.tar.gz"; url = "https://github.com/dotcloud/docker/archive/v${version}.tar.gz";
sha256 = "0anlzba2vm1fs5nf0dl2svrgj3ddsbl5iyhsm8vfbi3f23vppkfv"; sha256 = "0m4s21dxd1bj08xrmi7iw77djj3cpxvjsin12p6v6v1qnigm18ww";
}; };
phases = ["unpackPhase" "preBuild" "buildPhase" "installPhase"]; phases = ["unpackPhase" "preBuild" "buildPhase" "installPhase"];
buildInputs = [ makeWrapper go sqlite lxc iproute lvm2 iptables ]; buildInputs = [ makeWrapper go sqlite lxc iproute bridge_utils devicemapper btrfsProgs iptables ];
preBuild = '' preBuild = ''
patchShebangs ./hack patchShebangs ./hack
''; '';
buildPhase = '' buildPhase = ''
mkdir -p src/github.com/dotcloud export AUTO_GOPATH=1
ln -sn "../../../" "src/github.com/dotcloud/docker" export DOCKER_GITCOMMIT="867b2a90c228f62cdcd44907ceef279a2d8f1ac5"
export GOPATH="$(pwd):$(pwd)/vendor"
export DOCKER_GITCOMMIT="bc3b2ec0622f50879ae96f042056b6bd2e0b4fba"
export DOCKER_INITPATH="$out/libexec/docker/dockerinit"
./hack/make.sh dynbinary ./hack/make.sh dynbinary
''; '';
installPhase = '' installPhase = ''
install -Dm755 ./bundles/${version}/dynbinary/docker-${version} $out/bin/docker install -Dm755 ./bundles/${version}/dynbinary/docker-${version} $out/bin/docker
install -Dm755 ./bundles/${version}/dynbinary/dockerinit-${version} $out/libexec/docker/dockerinit install -Dm755 ./bundles/${version}/dynbinary/dockerinit-${version} $out/bin/dockerinit
wrapProgram $out/bin/docker --prefix PATH : "${iproute}/sbin:${lvm2}:sbin:${lxc}/bin:${iptables}/sbin" wrapProgram $out/bin/docker --prefix PATH : "${iproute}/sbin:sbin:${lxc}/bin:${iptables}/sbin"
# systemd # systemd
install -Dm644 ./contrib/init/systemd/docker.service $out/etc/systemd/system/docker.service install -Dm644 ./contrib/init/systemd/docker.service $out/etc/systemd/system/docker.service

20
pkgs/build-support/kernel/cpio-clean.pl Normal file
View File

@ -0,0 +1,20 @@
use strict;
# Make inode number, link info and mtime consistent in order to get a consistent hash.
#
# Author: Alexander Kjeldaas <ak@formalprivacy.com>
use Archive::Cpio;
my $cpio = Archive::Cpio->new;
my $IN = \*STDIN;
my $ino = 1;
$cpio->read_with_handler($IN, sub {
my ($e) = @_;
$e->{inode} = $ino;
$ino++;
$e->{nlink} = 1;
$e->{mtime} = 1;
$cpio->write_one(\*STDOUT, $e);
});
$cpio->write_trailer(\*STDOUT);

5
pkgs/build-support/kernel/make-initrd.nix
View File

@ -12,10 +12,10 @@
# `contents = {object = ...; symlink = /init;}' is a typical # `contents = {object = ...; symlink = /init;}' is a typical
# argument. # argument.
{stdenv, perl, cpio, contents, ubootChooser, compressor}: {stdenv, perl, perlArchiveCpio, cpio, contents, ubootChooser, compressor}:
let let
inputsFun = ubootName : [perl cpio] inputsFun = ubootName : [perl cpio perlArchiveCpio ]
++ stdenv.lib.optional (ubootName != null) [ (ubootChooser ubootName) ]; ++ stdenv.lib.optional (ubootName != null) [ (ubootChooser ubootName) ];
makeUInitrdFun = ubootName : (ubootName != null); makeUInitrdFun = ubootName : (ubootName != null);
in in
@ -35,6 +35,7 @@ stdenv.mkDerivation {
exportReferencesGraph = exportReferencesGraph =
map (x: [("closure-" + baseNameOf x.symlink) x.object]) contents; map (x: [("closure-" + baseNameOf x.symlink) x.object]) contents;
pathsFromGraph = ./paths-from-graph.pl; pathsFromGraph = ./paths-from-graph.pl;
cpioClean = ./cpio-clean.pl;
crossAttrs = { crossAttrs = {
nativeBuildInputs = inputsFun stdenv.cross.platform.uboot; nativeBuildInputs = inputsFun stdenv.cross.platform.uboot;

2
pkgs/build-support/kernel/make-initrd.sh
View File

@ -36,7 +36,7 @@ storePaths=$(perl $pathsFromGraph closure-*)
# Put the closure in a gzipped cpio archive. # Put the closure in a gzipped cpio archive.
mkdir -p $out mkdir -p $out
(cd root && find * -print0 | cpio -o -H newc --null | $compressor > $out/initrd) (cd root && find * -print0 | cpio -o -H newc --null | perl $cpioClean | $compressor > $out/initrd)
if [ -n "$makeUInitrd" ]; then if [ -n "$makeUInitrd" ]; then
mv $out/initrd $out/initrd.gz mv $out/initrd $out/initrd.gz

4
pkgs/data/sgml+xml/stylesheets/xslt/docbook-xsl-ns/default.nix
View File

@ -1,11 +1,11 @@
{stdenv, fetchurl}: {stdenv, fetchurl}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "docbook-xsl-ns-1.75.2"; name = "docbook-xsl-ns-1.78.1";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/docbook/${name}.tar.bz2"; url = "mirror://sourceforge/docbook/${name}.tar.bz2";
sha256 = "1pr7m0hmqilk25hjx33kq2vqn2xf6cx6zhxqm35fdvnjccazlxg2"; sha256 = "1x3sc0axk9z3i6n0jhlsmzlmb723a4sjgslm9g12by6phirdx3ng";
}; };
buildPhase = "true"; buildPhase = "true";

4
pkgs/desktops/cinnamon/cinnamon-desktop.nix
View File

@ -22,10 +22,6 @@ stdenv.mkDerivation {
xkeyboard_config libxkbfile libX11 libXrandr libXext xkeyboard_config libxkbfile libX11 libXrandr libXext
]; ];
postInstall = ''
${glib}/bin/glib-compile-schemas $out/share/glib-2.0/schemas/
'';
meta = { meta = {
homepage = "http://cinnamon.linuxmint.com"; homepage = "http://cinnamon.linuxmint.com";
description = "Library and data for various Cinnamon modules"; description = "Library and data for various Cinnamon modules";

8
pkgs/desktops/cinnamon/cinnamon-session.nix
View File

@ -13,7 +13,7 @@ stdenv.mkDerivation {
}; };
configureFlags = "--disable-schemas-compile --enable-systemd --disable-gconf" ; configureFlags = "--enable-systemd --disable-gconf" ;
patches = [ ./remove-sessionmigration.patch ./timeout.patch]; patches = [ ./remove-sessionmigration.patch ./timeout.patch];
@ -23,17 +23,17 @@ stdenv.mkDerivation {
gtk3 dbus_glib upower json_glib gtk3 dbus_glib upower json_glib
intltool systemd xorg.xtrans intltool systemd xorg.xtrans
makeWrapper makeWrapper
cinnamon-desktop/*gschemas*/
]; ];
preBuild = "patchShebangs ./scripts"; preBuild = "patchShebangs ./scripts";
postInstall = '' postFixup = ''
${glib}/bin/glib-compile-schemas $out/share/glib-2.0/schemas/
rm $out/share/icons/hicolor/icon-theme.cache rm $out/share/icons/hicolor/icon-theme.cache
for f in "$out"/bin/*; do for f in "$out"/bin/*; do
wrapProgram "$f" --prefix XDG_DATA_DIRS : "$out/share:${cinnamon-desktop}/share" wrapProgram "$f" --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
done done
''; '';

2
pkgs/desktops/gnome-3/core/baobab/default.nix
View File

@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
rm $out/share/icons/HighContrast/icon-theme.cache rm $out/share/icons/HighContrast/icon-theme.cache
wrapProgram "$out/bin/baobab" \ wrapProgram "$out/bin/baobab" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "${gtk3}/share:${gnome3.gnome_themes_standard}/share:${gnome3.gsettings_desktop_schemas}/share:$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" --prefix XDG_DATA_DIRS : "${gtk3}/share:${gnome3.gnome_themes_standard}/share:$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH"
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {

12
pkgs/desktops/gnome-3/core/dconf/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, vala, libxslt, pkgconfig, glib, dbus_glib, gnome3 { stdenv, fetchurl, vala, libxslt, pkgconfig, glib, dbus_glib, gnome3
, libxml2, intltool, docbook_xsl_ns, docbook_xsl }: , libxml2, intltool, docbook_xsl_ns, docbook_xsl, makeWrapper }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "dconf-${version}"; name = "dconf-${version}";
@ -11,7 +11,15 @@ stdenv.mkDerivation rec {
}; };
buildInputs = [ vala libxslt pkgconfig glib dbus_glib gnome3.gtk libxml2 buildInputs = [ vala libxslt pkgconfig glib dbus_glib gnome3.gtk libxml2
intltool docbook_xsl docbook_xsl_ns ]; intltool docbook_xsl docbook_xsl_ns makeWrapper ];
preFixup = ''
wrapProgram "$out/bin/dconf-editor" \
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
rm $out/lib/gio/modules/giomodule.cache
rm $out/share/icons/hicolor/icon-theme.cache
'';
meta = with stdenv.lib; { meta = with stdenv.lib; {
platforms = platforms.linux; platforms = platforms.linux;

8
pkgs/desktops/gnome-3/core/empathy/default.nix
View File

@ -39,12 +39,12 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true; enableParallelBuilding = true;
installFlags = "gsettingsschemadir=\${out}/share/empathy/glib-2.0/schemas/"; preFixup = ''
postInstall = ''
wrapProgram "$out/bin/empathy" \ wrapProgram "$out/bin/empathy" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gtk3}/share:${gnome3.gnome_themes_standard}/:${gnome3.gnome_themes_standard}/share:${hicolor_icon_theme}/share:${gnome3.gsettings_desktop_schemas}/share:$out/share:$out/share/empathy:${telepathy_logger}/share/telepathy/logger:${folks}/share/folks:${evolution_data_server}/share/evolution-data-server" --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gtk3}/share:${gnome3.gnome_themes_standard}/:${gnome3.gnome_themes_standard}/share:${hicolor_icon_theme}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
rm $out/share/icons/hicolor/icon-theme.cache
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {

Some files were not shown because too many files have changed in this diff Show More