public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge origin/master into haskell-updates.

This commit is contained in:
Peter Simons 2021-04-28 10:16:26 +02:00
parent befcd3e782 5c5ec0bff6
commit 84a522635f
1222 changed files with 16801 additions and 8682 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/CODEOWNERS vendored
View File

@ -11,7 +11,7 @@
/.github/CODEOWNERS @edolstra
# GitHub actions
/.github/workflows @Mic92 @zowoq
/.github/workflows @NixOS/Security @Mic92 @zowoq
/.github/workflows/merge-staging @FRidh
# EditorConfig

4
.github/workflows/labels.yml vendored
View File

@ -4,6 +4,10 @@ on:
pull_request_target:
types: [edited, opened, synchronize, reopened]
permissions:
contents: read
pull-requests: write
jobs:
labels:
runs-on: ubuntu-latest

2
.github/workflows/manual-nixos.yml vendored
View File

@ -1,5 +1,7 @@
name: "Build NixOS manual"
permissions: read-all
on:
pull_request_target:
branches:

2
.github/workflows/manual-nixpkgs.yml vendored
View File

@ -1,5 +1,7 @@
name: "Build Nixpkgs manual"
permissions: read-all
on:
pull_request_target:
branches:

4
doc/builders/images.xml
View File

@ -5,8 +5,8 @@
<para>
This chapter describes tools for creating various types of images.
</para>
<xi:include href="images/appimagetools.xml" />
<xi:include href="images/appimagetools.section.xml" />
<xi:include href="images/dockertools.section.xml" />
<xi:include href="images/ocitools.section.xml" />
<xi:include href="images/snaptools.xml" />
<xi:include href="images/snaptools.section.xml" />
</chapter>

48
doc/builders/images/appimagetools.section.md Normal file
View File

@ -0,0 +1,48 @@
# pkgs.appimageTools {#sec-pkgs-appimageTools}
`pkgs.appimageTools` is a set of functions for extracting and wrapping [AppImage](https://appimage.org/) files. They are meant to be used if traditional packaging from source is infeasible, or it would take too long. To quickly run an AppImage file, `pkgs.appimage-run` can be used as well.
::: warning
The `appimageTools` API is unstable and may be subject to backwards-incompatible changes in the future.
:::
## AppImage formats {#ssec-pkgs-appimageTools-formats}
There are different formats for AppImages, see [the specification](https://github.com/AppImage/AppImageSpec/blob/74ad9ca2f94bf864a4a0dac1f369dd4f00bd1c28/draft.md#image-format) for details.
- Type 1 images are ISO 9660 files that are also ELF executables.
- Type 2 images are ELF executables with an appended filesystem.
They can be told apart with `file -k`:
```ShellSession
$ file -k type1.AppImage
type1.AppImage: ELF 64-bit LSB executable, x86-64, version 1 (SYSV) ISO 9660 CD-ROM filesystem data 'AppImage' (Lepton 3.x), scale 0-0,
spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 0.000000, dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.18, BuildID[sha1]=d629f6099d2344ad82818172add1d38c5e11bc6d, stripped\012- data
$ file -k type2.AppImage
type2.AppImage: ELF 64-bit LSB executable, x86-64, version 1 (SYSV) (Lepton 3.x), scale 232-60668, spot sensor temperature -4.187500, color scheme 15, show scale bar, calibration: offset -0.000000, slope 0.000000 (Lepton 2.x), scale 4111-45000, spot sensor temperature 412442.250000, color scheme 3, minimum point enabled, calibration: offset -75402534979642766821519867692934234112.000000, slope 5815371847733706829839455140374904832.000000, dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.18, BuildID[sha1]=79dcc4e55a61c293c5e19edbd8d65b202842579f, stripped\012- data
```
Note how the type 1 AppImage is described as an `ISO 9660 CD-ROM filesystem`, and the type 2 AppImage is not.
## Wrapping {#ssec-pkgs-appimageTools-wrapping}
Depending on the type of AppImage you're wrapping, you'll have to use `wrapType1` or `wrapType2`.
```nix
appimageTools.wrapType2 { # or wrapType1
name = "patchwork";
src = fetchurl {
url = "https://github.com/ssbc/patchwork/releases/download/v3.11.4/Patchwork-3.11.4-linux-x86_64.AppImage";
sha256 = "1blsprpkvm0ws9b96gb36f0rbf8f5jgmw4x6dsb1kswr4ysf591s";
};
extraPkgs = pkgs: with pkgs; [ ];
}
```
- `name` specifies the name of the resulting image.
- `src` specifies the AppImage file to extract.
- `extraPkgs` allows you to pass a function to include additional packages inside the FHS environment your AppImage is going to run in. There are a few ways to learn which dependencies an application needs:
- Looking through the extracted AppImage files, reading its scripts and running `patchelf` and `ldd` on its executables. This can also be done in `appimage-run`, by setting `APPIMAGE_DEBUG_EXEC=bash`.
- Running `strace -vfefile` on the wrapped executable, looking for libraries that can't be found.

102
doc/builders/images/appimagetools.xml
View File

@ -1,102 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xml:id="sec-pkgs-appimageTools">
<title>pkgs.appimageTools</title>
<para>
<varname>pkgs.appimageTools</varname> is a set of functions for extracting and wrapping <link xlink:href="https://appimage.org/">AppImage</link> files. They are meant to be used if traditional packaging from source is infeasible, or it would take too long. To quickly run an AppImage file, <literal>pkgs.appimage-run</literal> can be used as well.
</para>
<warning>
<para>
The <varname>appimageTools</varname> API is unstable and may be subject to backwards-incompatible changes in the future.
</para>
</warning>
<section xml:id="ssec-pkgs-appimageTools-formats">
<title>AppImage formats</title>
<para>
There are different formats for AppImages, see <link xlink:href="https://github.com/AppImage/AppImageSpec/blob/74ad9ca2f94bf864a4a0dac1f369dd4f00bd1c28/draft.md#image-format">the specification</link> for details.
</para>
<itemizedlist>
<listitem>
<para>
Type 1 images are ISO 9660 files that are also ELF executables.
</para>
</listitem>
<listitem>
<para>
Type 2 images are ELF executables with an appended filesystem.
</para>
</listitem>
</itemizedlist>
<para>
They can be told apart with <command>file -k</command>:
</para>
<screen>
<prompt>$ </prompt>file -k type1.AppImage
type1.AppImage: ELF 64-bit LSB executable, x86-64, version 1 (SYSV) ISO 9660 CD-ROM filesystem data 'AppImage' (Lepton 3.x), scale 0-0,
spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 0.000000, dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.18, BuildID[sha1]=d629f6099d2344ad82818172add1d38c5e11bc6d, stripped\012- data
<prompt>$ </prompt>file -k type2.AppImage
type2.AppImage: ELF 64-bit LSB executable, x86-64, version 1 (SYSV) (Lepton 3.x), scale 232-60668, spot sensor temperature -4.187500, color scheme 15, show scale bar, calibration: offset -0.000000, slope 0.000000 (Lepton 2.x), scale 4111-45000, spot sensor temperature 412442.250000, color scheme 3, minimum point enabled, calibration: offset -75402534979642766821519867692934234112.000000, slope 5815371847733706829839455140374904832.000000, dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.18, BuildID[sha1]=79dcc4e55a61c293c5e19edbd8d65b202842579f, stripped\012- data
</screen>
<para>
Note how the type 1 AppImage is described as an <literal>ISO 9660 CD-ROM filesystem</literal>, and the type 2 AppImage is not.
</para>
</section>
<section xml:id="ssec-pkgs-appimageTools-wrapping">
<title>Wrapping</title>
<para>
Depending on the type of AppImage you're wrapping, you'll have to use <varname>wrapType1</varname> or <varname>wrapType2</varname>.
</para>
<programlisting>
appimageTools.wrapType2 { # or wrapType1
name = "patchwork"; <co xml:id='ex-appimageTools-wrapping-1' />
src = fetchurl { <co xml:id='ex-appimageTools-wrapping-2' />
url = "https://github.com/ssbc/patchwork/releases/download/v3.11.4/Patchwork-3.11.4-linux-x86_64.AppImage";
sha256 = "1blsprpkvm0ws9b96gb36f0rbf8f5jgmw4x6dsb1kswr4ysf591s";
};
extraPkgs = pkgs: with pkgs; [ ]; <co xml:id='ex-appimageTools-wrapping-3' />
}</programlisting>
<calloutlist>
<callout arearefs='ex-appimageTools-wrapping-1'>
<para>
<varname>name</varname> specifies the name of the resulting image.
</para>
</callout>
<callout arearefs='ex-appimageTools-wrapping-2'>
<para>
<varname>src</varname> specifies the AppImage file to extract.
</para>
</callout>
<callout arearefs='ex-appimageTools-wrapping-3'>
<para>
<varname>extraPkgs</varname> allows you to pass a function to include additional packages inside the FHS environment your AppImage is going to run in. There are a few ways to learn which dependencies an application needs:
<itemizedlist>
<listitem>
<para>
Looking through the extracted AppImage files, reading its scripts and running <command>patchelf</command> and <command>ldd</command> on its executables. This can also be done in <command>appimage-run</command>, by setting <command>APPIMAGE_DEBUG_EXEC=bash</command>.
</para>
</listitem>
<listitem>
<para>
Running <command>strace -vfefile</command> on the wrapped executable, looking for libraries that can't be found.
</para>
</listitem>
</itemizedlist>
</para>
</callout>
</calloutlist>
</section>
</section>

28
doc/builders/images/snap/example-firefox.nix
View File

@ -1,28 +0,0 @@
let
inherit (import <nixpkgs> { }) snapTools firefox;
in snapTools.makeSnap {
meta = {
name = "nix-example-firefox";
summary = firefox.meta.description;
architectures = [ "amd64" ];
apps.nix-example-firefox = {
command = "${firefox}/bin/firefox";
plugs = [
"pulseaudio"
"camera"
"browser-support"
"avahi-observe"
"cups-control"
"desktop"
"desktop-legacy"
"gsettings"
"home"
"network"
"mount-observe"
"removable-media"
"x11"
];
};
confinement = "strict";
};
}

12
doc/builders/images/snap/example-hello.nix
View File

@ -1,12 +0,0 @@
let
inherit (import <nixpkgs> { }) snapTools hello;
in snapTools.makeSnap {
meta = {
name = "hello";
summary = hello.meta.description;
description = hello.meta.longDescription;
architectures = [ "amd64" ];
confinement = "strict";
apps.hello.command = "${hello}/bin/hello";
};
}

71
doc/builders/images/snaptools.section.md Normal file
View File

@ -0,0 +1,71 @@
# pkgs.snapTools {#sec-pkgs-snapTools}
`pkgs.snapTools` is a set of functions for creating Snapcraft images. Snap and Snapcraft is not used to perform these operations.
## The makeSnap Function {#ssec-pkgs-snapTools-makeSnap-signature}
`makeSnap` takes a single named argument, `meta`. This argument mirrors [the upstream `snap.yaml` format](https://docs.snapcraft.io/snap-format) exactly.
The `base` should not be specified, as `makeSnap` will force set it.
Currently, `makeSnap` does not support creating GUI stubs.
## Build a Hello World Snap {#ssec-pkgs-snapTools-build-a-snap-hello}
The following expression packages GNU Hello as a Snapcraft snap.
```{#ex-snapTools-buildSnap-hello .nix}
let
inherit (import <nixpkgs> { }) snapTools hello;
in snapTools.makeSnap {
meta = {
name = "hello";
summary = hello.meta.description;
description = hello.meta.longDescription;
architectures = [ "amd64" ];
confinement = "strict";
apps.hello.command = "${hello}/bin/hello";
};
}
```
`nix-build` this expression and install it with `snap install ./result --dangerous`. `hello` will now be the Snapcraft version of the package.
## Build a Graphical Snap {#ssec-pkgs-snapTools-build-a-snap-firefox}
Graphical programs require many more integrations with the host. This example uses Firefox as an example, because it is one of the most complicated programs we could package.
```{#ex-snapTools-buildSnap-firefox .nix}
let
inherit (import <nixpkgs> { }) snapTools firefox;
in snapTools.makeSnap {
meta = {
name = "nix-example-firefox";
summary = firefox.meta.description;
architectures = [ "amd64" ];
apps.nix-example-firefox = {
command = "${firefox}/bin/firefox";
plugs = [
"pulseaudio"
"camera"
"browser-support"
"avahi-observe"
"cups-control"
"desktop"
"desktop-legacy"
"gsettings"
"home"
"network"
"mount-observe"
"removable-media"
"x11"
];
};
confinement = "strict";
};
}
```
`nix-build` this expression and install it with `snap install ./result --dangerous`. `nix-example-firefox` will now be the Snapcraft version of the Firefox package.
The specific meaning behind plugs can be looked up in the [Snapcraft interface documentation](https://docs.snapcraft.io/supported-interfaces).

59
doc/builders/images/snaptools.xml
View File

@ -1,59 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xml:id="sec-pkgs-snapTools">
<title>pkgs.snapTools</title>
<para>
<varname>pkgs.snapTools</varname> is a set of functions for creating Snapcraft images. Snap and Snapcraft is not used to perform these operations.
</para>
<section xml:id="ssec-pkgs-snapTools-makeSnap-signature">
<title>The makeSnap Function</title>
<para>
<function>makeSnap</function> takes a single named argument, <parameter>meta</parameter>. This argument mirrors <link xlink:href="https://docs.snapcraft.io/snap-format">the upstream <filename>snap.yaml</filename> format</link> exactly.
</para>
<para>
The <parameter>base</parameter> should not be specified, as <function>makeSnap</function> will force set it.
</para>
<para>
Currently, <function>makeSnap</function> does not support creating GUI stubs.
</para>
</section>
<section xml:id="ssec-pkgs-snapTools-build-a-snap-hello">
<title>Build a Hello World Snap</title>
<example xml:id="ex-snapTools-buildSnap-hello">
<title>Making a Hello World Snap</title>
<para>
The following expression packages GNU Hello as a Snapcraft snap.
</para>
<programlisting><xi:include href="./snap/example-hello.nix" parse="text" /></programlisting>
<para>
<command>nix-build</command> this expression and install it with <command>snap install ./result --dangerous</command>. <command>hello</command> will now be the Snapcraft version of the package.
</para>
</example>
</section>
<section xml:id="ssec-pkgs-snapTools-build-a-snap-firefox">
<title>Build a Hello World Snap</title>
<example xml:id="ex-snapTools-buildSnap-firefox">
<title>Making a Graphical Snap</title>
<para>
Graphical programs require many more integrations with the host. This example uses Firefox as an example, because it is one of the most complicated programs we could package.
</para>
<programlisting><xi:include href="./snap/example-firefox.nix" parse="text" /></programlisting>
<para>
<command>nix-build</command> this expression and install it with <command>snap install ./result --dangerous</command>. <command>nix-example-firefox</command> will now be the Snapcraft version of the Firefox package.
</para>
<para>
The specific meaning behind plugs can be looked up in the <link xlink:href="https://docs.snapcraft.io/supported-interfaces">Snapcraft interface documentation</link>.
</para>
</example>
</section>
</section>

2
doc/contributing/submitting-changes.chapter.md
View File

@ -161,7 +161,7 @@ Many Nix packages are designed to run on multiple platforms. As such, its imp
### Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests) {#submitting-changes-nixos-tests}
Packages with automated tests are much more likely to be merged in a timely fashion because it doesnt require as much manual testing by the maintainer to verify the functionality of the package. If there are existing tests for the package, they should be run to verify your changes do not break the tests. Tests only apply to packages with NixOS modules defined and can only be run on Linux. For more details on writing and running tests, see the [section in the NixOS manual](https://nixos.org/nixos/manual/index.html#sec-nixos-tests).
Packages with automated tests are much more likely to be merged in a timely fashion because it doesnt require as much manual testing by the maintainer to verify the functionality of the package. If there are existing tests for the package, they should be run to verify your changes do not break the tests. Tests can only be run on Linux. For more details on writing and running tests, see the [section in the NixOS manual](https://nixos.org/nixos/manual/index.html#sec-nixos-tests).
### Tested compilation of all pkgs that depend on this change using `nixpkgs-review` {#submitting-changes-tested-compilation}

99
doc/languages-frameworks/agda.section.md
View File

@ -2,16 +2,19 @@
## How to use Agda
Agda can be installed from `agda`:
```ShellSession
$ nix-env -iA agda
```
Agda is available as the [agda](https://search.nixos.org/packages?channel=unstable&show=agda&from=0&size=30&sort=relevance&query=agda)
package.
To use Agda with libraries, the `agda.withPackages` function can be used. This function either takes:
The `agda` package installs an Agda-wrapper, which calls `agda` with `--library-file`
set to a generated library-file within the nix store, this means your library-file in
`$HOME/.agda/libraries` will be ignored. By default the agda package installs Agda
with no libraries, i.e. the generated library-file is empty. To use Agda with libraries,
the `agda.withPackages` function can be used. This function either takes:
* A list of packages,
* or a function which returns a list of packages when given the `agdaPackages` attribute set,
* or an attribute set containing a list of packages and a GHC derivation for compilation (see below).
* or an attribute set containing a function which returns a list of packages when given the `agdaPackages` attribute set and a GHC derivation for compilation (see below).
For example, suppose we wanted a version of Agda which has access to the standard library. This can be obtained with the expressions:
@ -27,9 +30,66 @@ agda.withPackages (p: [ p.standard-library ])
or can be called as in the [Compiling Agda](#compiling-agda) section.
If you want to use a library in your home directory (for instance if it is a development version) then typecheck it manually (using `agda.withPackages` if necessary) and then override the `src` attribute of the package to point to your local repository.
If you want to use a different version of a library (for instance a development version)
override the `src` attribute of the package to point to your local repository
Agda will not by default use these libraries. To tell Agda to use the library we have some options:
```nix
agda.withPackages (p: [
(p.standard-library.overrideAttrs (oldAttrs: {
version = "local version";
src = /path/to/local/repo/agda-stdlib;
}))
])
```
You can also reference a GitHub repository
```nix
agda.withPackages (p: [
(p.standard-library.overrideAttrs (oldAttrs: {
version = "1.5";
src = fetchFromGitHub {
repo = "agda-stdlib";
owner = "agda";
rev = "v1.5";
sha256 = "16fcb7ssj6kj687a042afaa2gq48rc8abihpm14k684ncihb2k4w";
};
}))
])
```
If you want to use a library not added to Nixpkgs, you can add a
dependency to a local library by calling `agdaPackages.mkDerivation`.
```nix
agda.withPackages (p: [
(p.mkDerivation {
pname = "your-agda-lib";
version = "1.0.0";
src = /path/to/your-agda-lib;
})
])
```
Again you can reference GitHub
```nix
agda.withPackages (p: [
(p.mkDerivation {
pname = "your-agda-lib";
version = "1.0.0";
src = fetchFromGitHub {
repo = "repo";
owner = "owner";
version = "...";
rev = "...";
sha256 = "...";
};
})
])
```
See [Building Agda Packages](#building-agda-packages) for more information on `mkDerivation`.
Agda will not by default use these libraries. To tell Agda to use a library we have some options:
* Call `agda` with the library flag:
```ShellSession
@ -46,7 +106,7 @@ depend: standard-library
More information can be found in the [official Agda documentation on library management](https://agda.readthedocs.io/en/v2.6.1/tools/package-system.html).
## Compiling Agda
Agda modules can be compiled with the `--compile` flag. A version of `ghc` with `ieee754` is made available to the Agda program via the `--with-compiler` flag.
Agda modules can be compiled using the GHC backend with the `--compile` flag. A version of `ghc` with `ieee754` is made available to the Agda program via the `--with-compiler` flag.
This can be overridden by a different version of `ghc` as follows:
```nix
@ -65,6 +125,21 @@ A derivation can then be written using `agdaPackages.mkDerivation`. This has sim
* `libraryName` should be the name that appears in the `*.agda-lib` file, defaulting to `pname`.
* `libraryFile` should be the file name of the `*.agda-lib` file, defaulting to `${libraryName}.agda-lib`.
Here is an example `default.nix`
```nix
{ nixpkgs ? <nixpkgs> }:
with (import nixpkgs {});
agdaPackages.mkDerivation {
version = "1.0";
pname = "my-agda-lib";
src = ./.;
buildInputs = [
agdaPackages.standard-library
];
}
```
### Building Agda packages
The default build phase for `agdaPackages.mkDerivation` simply runs `agda` on the `Everything.agda` file.
If something else is needed to build the package (e.g. `make`) then the `buildPhase` should be overridden.
@ -80,10 +155,16 @@ By default, Agda sources are files ending on `.agda`, or literate Agda files end
## Adding Agda packages to Nixpkgs
To add an Agda package to `nixpkgs`, the derivation should be written to `pkgs/development/libraries/agda/${library-name}/` and an entry should be added to `pkgs/top-level/agda-packages.nix`. Here it is called in a scope with access to all other Agda libraries, so the top line of the `default.nix` can look like:
```nix
{ mkDerivation, standard-library, fetchFromGitHub }:
```
and `mkDerivation` should be called instead of `agdaPackages.mkDerivation`. Here is an example skeleton derivation for iowa-stdlib:
Note that the derivation function is called with `mkDerivation` set to `agdaPackages.mkDerivation`, therefore you
could use a similar set as in your `default.nix` from [Writing Agda Packages](#writing-agda-packages) with
`agdaPackages.mkDerivation` replaced with `mkDerivation`.
Here is an example skeleton derivation for iowa-stdlib:
```nix
mkDerivation {

8
doc/languages-frameworks/android.section.md
View File

@ -25,7 +25,7 @@ let
abiVersions = [ "armeabi-v7a" "arm64-v8a" ];
cmakeVersions = [ "3.10.2" ];
includeNDK = true;
ndkVersion = "22.0.7026061";
ndkVersions = ["22.0.7026061"];
useGoogleAPIs = false;
useGoogleTVAddOns = false;
includeExtras = [
@ -52,7 +52,11 @@ The following parameters are supported:
* `cmakeVersions` specifies which CMake versions should be deployed.
* `includeNDK` specifies that the Android NDK bundle should be included.
Defaults to: `false`.
* `ndkVersion` specifies the NDK version that we want to use.
* `ndkVersions` specifies the NDK versions that we want to use. These are linked
under the `ndk` directory of the SDK root, and the first is linked under the
`ndk-bundle` directory.
* `ndkVersion` is equivalent to specifying one entry in `ndkVersions`, and
`ndkVersions` overrides this parameter if provided.
* `includeExtras` is an array of identifier strings referring to arbitrary
add-on packages that should be installed.
* `platformVersions` specifies which platform SDK versions should be included.

2
doc/stdenv/cross-compilation.chapter.md
View File

@ -123,7 +123,7 @@ depsBuildBuild = [ buildPackages.stdenv.cc ];
Add the following to your `mkDerivation` invocation.
```nix
doCheck = stdenv.hostPlatform == stdenv.buildPlatfrom;
doCheck = stdenv.hostPlatform == stdenv.buildPlatform;
```
## Cross-building packages {#sec-cross-usage}

5
lib/licenses.nix
View File

@ -125,6 +125,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) ({
fullName = ''BSD 4-clause "Original" or "Old" License'';
};
bsdOriginalUC = spdx {
spdxId = "BSD-4-Clause-UC";
fullName = "BSD 4-Clause University of California-Specific";
};
bsdProtection = spdx {
spdxId = "BSD-Protection";
fullName = "BSD Protection License";

13
lib/systems/default.nix
View File

@ -112,6 +112,19 @@ rec {
aarch64 = "arm64";
}.${final.parsed.cpu.name} or final.parsed.cpu.name;
darwinPlatform =
if final.isMacOS then "macos"
else if final.isiOS then "ios"
else null;
# The canonical name for this attribute is darwinSdkVersion, but some
# platforms define the old name "sdkVer".
darwinSdkVersion = final.sdkVer or "10.12";
darwinMinVersion = final.darwinSdkVersion;
darwinMinVersionVariable =
if final.isMacOS then "MACOSX_DEPLOYMENT_TARGET"
else if final.isiOS then "IPHONEOS_DEPLOYMENT_TARGET"
else null;
emulator = pkgs: let
qemu-user = pkgs.qemu.override {
smartcardSupport = false;

68
lib/systems/doubles.nix
View File

@ -6,43 +6,53 @@ let
inherit (lib.attrsets) matchAttrs;
all = [
"aarch64-linux"
"armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux"
"mipsel-linux"
"i686-cygwin" "i686-freebsd" "i686-linux" "i686-netbsd" "i686-openbsd"
"x86_64-cygwin" "x86_64-freebsd" "x86_64-linux"
"x86_64-netbsd" "x86_64-openbsd" "x86_64-solaris"
# Cygwin
"i686-cygwin" "x86_64-cygwin"
# Darwin
"x86_64-darwin" "i686-darwin" "aarch64-darwin" "armv7a-darwin"
"x86_64-windows" "i686-windows"
# FreeBSD
"i686-freebsd" "x86_64-freebsd"
"wasm64-wasi" "wasm32-wasi"
# Genode
"aarch64-genode" "i686-genode" "x86_64-genode"
"x86_64-redox"
"powerpc64-linux"
"powerpc64le-linux"
"riscv32-linux" "riscv64-linux"
"arm-none" "armv6l-none" "aarch64-none"
"avr-none"
"i686-none" "x86_64-none"
"powerpc-none"
"msp430-none"
"riscv64-none" "riscv32-none"
"vc4-none"
"or1k-none"
"mmix-mmixware"
# illumos
"x86_64-solaris"
# JS
"js-ghcjs"
"aarch64-genode" "i686-genode" "x86_64-genode"
# Linux
"aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux"
"armv7l-linux" "i686-linux" "mipsel-linux" "powerpc64-linux"
"powerpc64le-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux"
# MMIXware
"mmix-mmixware"
# NetBSD
"aarch64-netbsd" "armv6l-netbsd" "armv7a-netbsd" "armv7l-netbsd"
"i686-netbsd" "mipsel-netbsd" "powerpc-netbsd" "riscv32-netbsd"
"riscv64-netbsd" "x86_64-netbsd"
# none
"aarch64-none" "arm-none" "armv6l-none" "avr-none" "i686-none" "msp430-none"
"or1k-none" "powerpc-none" "riscv32-none" "riscv64-none" "vc4-none"
"x86_64-none"
# OpenBSD
"i686-openbsd" "x86_64-openbsd"
# Redox
"x86_64-redox"
# WASI
"wasm64-wasi" "wasm32-wasi"
# Windows
"x86_64-windows" "i686-windows"
];
allParsed = map parse.mkSystemFromString all;

2
lib/systems/examples.nix
View File

@ -217,6 +217,7 @@ rec {
sdkVer = "14.3";
xcodeVer = "12.3";
xcodePlatform = "iPhoneSimulator";
darwinPlatform = "ios-simulator";
useiOSPrebuilt = true;
};
@ -226,6 +227,7 @@ rec {
sdkVer = "14.3";
xcodeVer = "12.3";
xcodePlatform = "iPhoneSimulator";
darwinPlatform = "ios-simulator";
useiOSPrebuilt = true;
};

6
lib/tests/systems.nix
View File

@ -15,9 +15,9 @@ in
with lib.systems.doubles; lib.runTests {
testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ mmix ++ js ++ genode ++ redox);
testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv6l-none" "armv7a-linux" "armv7l-linux" "arm-none" "armv7a-darwin" ];
testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv6l-netbsd" "armv6l-none" "armv7a-linux" "armv7a-netbsd" "armv7l-linux" "armv7l-netbsd" "arm-none" "armv7a-darwin" ];
testi686 = mseteq i686 [ "i686-linux" "i686-freebsd" "i686-genode" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-windows" "i686-none" "i686-darwin" ];
testmips = mseteq mips [ "mipsel-linux" ];
testmips = mseteq mips [ "mipsel-linux" "mipsel-netbsd" ];
testmmix = mseteq mmix [ "mmix-mmixware" ];
testx86_64 = mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-genode" "x86_64-redox" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" "x86_64-windows" "x86_64-none" ];
@ -29,7 +29,7 @@ with lib.systems.doubles; lib.runTests {
testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */);
testillumos = mseteq illumos [ "x86_64-solaris" ];
testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "mipsel-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux" "powerpc64-linux" "powerpc64le-linux" ];
testnetbsd = mseteq netbsd [ "i686-netbsd" "x86_64-netbsd" ];
testnetbsd = mseteq netbsd [ "aarch64-netbsd" "armv6l-netbsd" "armv7a-netbsd" "armv7l-netbsd" "i686-netbsd" "mipsel-netbsd" "powerpc-netbsd" "riscv32-netbsd" "riscv64-netbsd" "x86_64-netbsd" ];
testopenbsd = mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ];
testwindows = mseteq windows [ "i686-cygwin" "x86_64-cygwin" "i686-windows" "x86_64-windows" ];
testunix = mseteq unix (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ cygwin ++ redox);

48
maintainers/maintainer-list.nix
View File

@ -492,12 +492,24 @@
fingerprint = "B422 CFB1 C9EF 73F7 E1E2 698D F53E 3233 42F7 A6D3A";
}];
};
amanjeev = {
email = "aj@amanjeev.com";
github = "amanjeev";
githubId = 160476;
name = "Amanjeev Sethi";
};
amar1729 = {
email = "amar.paul16@gmail.com";
github = "amar1729";
githubId = 15623522;
name = "Amar Paul";
};
ambroisie = {
email = "bruno.nixpkgs@belanyi.fr";
github = "ambroisie";
githubId = 12465195;
name = "Bruno BELANYI";
};
ambrop72 = {
email = "ambrop7@gmail.com";
github = "ambrop72";
@ -3008,13 +3020,13 @@
name = "John Ericson";
};
erictapen = {
email = "justin.humm@posteo.de";
email = "kerstin@erictapen.name";
github = "erictapen";
githubId = 11532355;
name = "Justin Humm";
name = "Kerstin Humm";
keys = [{
longkeyid = "rsa4096/0x438871E000AA178E";
fingerprint = "984E 4BAD 9127 4D0E AE47 FF03 4388 71E0 00AA 178E";
longkeyid = "rsa4096/0x40293358C7B9326B";
fingerprint = "F178 B4B4 6165 6D1B 7C15 B55D 4029 3358 C7B9 326B";
}];
};
erikryb = {
@ -4401,6 +4413,12 @@
githubId = 5283991;
name = "Jake Waksbaum";
};
jakubgs = {
email = "jakub@gsokolowski.pl";
github = "jakubgs";
githubId = 2212681;
name = "Jakub Grzgorz Sokołowski";
};
jamiemagee = {
email = "jamie.magee@gmail.com";
github = "JamieMagee";
@ -6977,6 +6995,12 @@
githubId = 818502;
name = "Nathan Yong";
};
nbren12 = {
email = "nbren12@gmail.com";
github = "nbren12";
githubId = 1386642;
name = "Noah Brenowitz";
};
nckx = {
email = "github@tobias.gr";
github = "nckx";
@ -8827,6 +8851,12 @@
githubId = 15379000;
name = "schneefux";
};
schnusch = {
email = "schnusch@users.noreply.github.com";
github = "schnusch";
githubId = 5104601;
name = "schnusch";
};
schristo = {
email = "schristopher@konputa.com";
name = "Scott Christopher";
@ -9420,8 +9450,8 @@
name = "Stian Lågstad";
};
StijnDW = {
email = "stekke@airmail.cc";
github = "StijnDW";
email = "nixdev@rinsa.eu";
github = "Stekke";
githubId = 1751956;
name = "Stijn DW";
};
@ -9837,6 +9867,12 @@
githubId = 3105057;
name = "Jan Beinke";
};
therealansh = {
email = "tyagiansh23@gmail.com";
github = "therealansh";
githubId = 57180880;
name = "Ansh Tyagi";
};
thesola10 = {
email = "me@thesola.io";
github = "thesola10";

1
maintainers/team-list.nix
View File

@ -110,7 +110,6 @@ with lib.maintainers; {
members = [
mmilata
petabyteboy
prusnak
ryantm
];
scope = "Maintain Jitsi.";

43
nixos/doc/manual/configuration/x-windows.xml
View File

@ -204,18 +204,18 @@
XKB
</link>
keyboard layouts using the option
<option>
<link linkend="opt-services.xserver.extraLayouts">
services.xserver.extraLayouts
</link>
</option>.
<option><link linkend="opt-services.xserver.extraLayouts">
services.xserver.extraLayouts</link></option>.
</para>
<para>
As a first example, we are going to create a layout based on the basic US
layout, with an additional layer to type some greek symbols by pressing the
right-alt key.
</para>
<para>
To do this we are going to create a <literal>us-greek</literal> file
with a <literal>xkb_symbols</literal> section.
Create a file called <literal>us-greek</literal> with the following
content (under a directory called <literal>symbols</literal>; it's
an XKB peculiarity that will help with testing):
</para>
<programlisting>
xkb_symbols &quot;us-greek&quot;
@ -231,14 +231,13 @@ xkb_symbols &quot;us-greek&quot;
};
</programlisting>
<para>
To install the layout, the filepath, a description and the list of
languages must be given:
A minimal layout specification must include the following:
</para>
<programlisting>
<xref linkend="opt-services.xserver.extraLayouts"/>.us-greek = {
description = "US layout with alt-gr greek";
languages = [ "eng" ];
symbolsFile = /path/to/us-greek;
symbolsFile = /yourpath/symbols/us-greek;
}
</programlisting>
<note>
@ -248,9 +247,27 @@ xkb_symbols &quot;us-greek&quot;
</para>
</note>
<para>
The layout should now be installed and ready to use: try it by
running <literal>setxkbmap us-greek</literal> and type
<literal>&lt;alt&gt;+a</literal>. To change the default the usual
Applying this customization requires rebuilding several packages,
and a broken XKB file can lead to the X session crashing at login.
Therefore, you're strongly advised to <emphasis role="strong">test
your layout before applying it</emphasis>:
<screen>
<prompt>$ </prompt>nix-shell -p xorg.xkbcomp
<prompt>$ </prompt>setxkbmap -I/yourpath us-greek -print | xkbcomp -I/yourpath - $DISPLAY
</screen>
</para>
<para>
You can inspect the predefined XKB files for examples:
<screen>
<prompt>$ </prompt>echo "$(nix-build --no-out-link '&lt;nixpkgs&gt;' -A xorg.xkeyboardconfig)/etc/X11/xkb/"
</screen>
</para>
<para>
Once the configuration is applied, and you did a logout/login
cycle, the layout should be ready to use. You can try it by e.g.
running <literal>setxkbmap us-greek</literal> and then type
<literal>&lt;alt&gt;+a</literal> (it may not get applied in your
terminal straight away). To change the default, the usual
<option>
<link linkend="opt-services.xserver.layout">
services.xserver.layout

22
nixos/doc/manual/development/writing-nixos-tests.xml
View File

@ -186,6 +186,25 @@ start_all()
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<methodname>get_screen_text_variants</methodname>
</term>
<listitem>
<para>
Return a list of different interpretations of what is currently visible
on the machine's screen using optical character recognition. The number
and order of the interpretations is not specified and is subject to
change, but if no exception is raised at least one will be returned.
</para>
<note>
<para>
This requires passing <option>enableOCR</option> to the test attribute
set.
</para>
</note>
</listitem>
</varlistentry>
<varlistentry>
<term>
<methodname>get_screen_text</methodname>
@ -350,7 +369,8 @@ start_all()
<para>
Wait until the supplied regular expressions matches the textual contents
of the screen by using optical character recognition (see
<methodname>get_screen_text</methodname>).
<methodname>get_screen_text</methodname> and
<methodname>get_screen_text_variants</methodname>).
</para>
<note>
<para>

13
nixos/doc/manual/release-notes/rl-2105.xml
View File

@ -94,6 +94,12 @@
been introduced.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0.
Now nginx uses the zlib-ng library by default.
</para>
</listitem>
</itemizedlist>
</section>
@ -680,6 +686,13 @@ environment.systemPackages = [
All CUDA toolkit versions prior to CUDA 10 have been removed.
</para>
</listitem>
<listitem>
<para>
The <package>babeld</package> service is now being run as an unprivileged user. To achieve that the module configures
<literal>skip-kernel-setup true</literal> and takes care of setting forwarding and rp_filter sysctls by itself as well
as for each interface in <varname>services.babeld.interfaces</varname>.
</para>
</listitem>
</itemizedlist>
</section>

78
nixos/lib/make-disk-image.nix
View File

@ -15,6 +15,8 @@
, # size of the boot partition, is only used if partitionTableType is
# either "efi" or "hybrid"
# This will be undersized slightly, as this is actually the offset of
# the end of the partition. Generally it will be 1MiB smaller.
bootSize ? "256M"
, # The files and directories to be placed in the target file system.
@ -163,6 +165,8 @@ let format' = format; in let
closureInfo = pkgs.closureInfo { rootPaths = [ config.system.build.toplevel channelSources ]; };
blockSize = toString (4 * 1024); # ext4fs block size (not block device sector size)
prepareImage = ''
export PATH=${binPath}
@ -175,6 +179,24 @@ let format' = format; in let
echo $(( "$1" * 512 ))
}
# Given lines of numbers, adds them together
sum_lines() {
local acc=0
while read -r number; do
acc=$((acc+number))
done
echo "$acc"
}
mebibyte=$(( 1024 * 1024 ))
# Approximative percentage of reserved space in an ext4 fs over 512MiB.
# 0.05208587646484375
# × 1000, integer part: 52
compute_fudge() {
echo $(( $1 * 52 / 1000 ))
}
mkdir $out
root="$PWD/root"
@ -235,12 +257,53 @@ let format' = format; in let
${if diskSize == "auto" then ''
${if partitionTableType == "efi" || partitionTableType == "hybrid" then ''
additionalSpace=$(( ($(numfmt --from=iec '${additionalSpace}') + $(numfmt --from=iec '${bootSize}')) / 1000 ))
# Add the GPT at the end
gptSpace=$(( 512 * 34 * 1 ))
# Normally we'd need to account for alignment and things, if bootSize
# represented the actual size of the boot partition. But it instead
# represents the offset at which it ends.
# So we know bootSize is the reserved space in front of the partition.
reservedSpace=$(( gptSpace + $(numfmt --from=iec '${bootSize}') ))
'' else if partitionTableType == "legacy+gpt" then ''
# Add the GPT at the end
gptSpace=$(( 512 * 34 * 1 ))
# And include the bios_grub partition; the ext4 partition starts at 2MB exactly.
reservedSpace=$(( gptSpace + 2 * mebibyte ))
'' else if partitionTableType == "legacy" then ''
# Add the 1MiB aligned reserved space (includes MBR)
reservedSpace=$(( mebibyte ))
'' else ''
additionalSpace=$(( $(numfmt --from=iec '${additionalSpace}') / 1000 ))
reservedSpace=0
''}
diskSize=$(( $(set -- $(du -d0 $root); echo "$1") + $additionalSpace ))
truncate -s "$diskSize"K $diskImage
additionalSpace=$(( $(numfmt --from=iec '${additionalSpace}') + reservedSpace ))
# Compute required space in filesystem blocks
diskUsage=$(find . ! -type d -exec 'du' '--apparent-size' '--block-size' "${blockSize}" '{}' ';' | cut -f1 | sum_lines)
# Each inode takes space!
numInodes=$(find . | wc -l)
# Convert to bytes, inodes take two blocks each!
diskUsage=$(( (diskUsage + 2 * numInodes) * ${blockSize} ))
# Then increase the required space to account for the reserved blocks.
fudge=$(compute_fudge $diskUsage)
requiredFilesystemSpace=$(( diskUsage + fudge ))
diskSize=$(( requiredFilesystemSpace + additionalSpace ))
# Round up to the nearest mebibyte.
# This ensures whole 512 bytes sector sizes in the disk image
# and helps towards aligning partitions optimally.
if (( diskSize % mebibyte )); then
diskSize=$(( ( diskSize / mebibyte + 1) * mebibyte ))
fi
truncate -s "$diskSize" $diskImage
printf "Automatic disk size...\n"
printf " Closure space use: %d bytes\n" $diskUsage
printf " fudge: %d bytes\n" $fudge
printf " Filesystem size needed: %d bytes\n" $requiredFilesystemSpace
printf " Additional space: %d bytes\n" $additionalSpace
printf " Disk image size: %d bytes\n" $diskSize
'' else ''
truncate -s ${toString diskSize}M $diskImage
''}
@ -251,9 +314,9 @@ let format' = format; in let
# Get start & length of the root partition in sectors to $START and $SECTORS.
eval $(partx $diskImage -o START,SECTORS --nr ${rootPartition} --pairs)
mkfs.${fsType} -F -L ${label} $diskImage -E offset=$(sectorsToBytes $START) $(sectorsToKilobytes $SECTORS)K
mkfs.${fsType} -b ${blockSize} -F -L ${label} $diskImage -E offset=$(sectorsToBytes $START) $(sectorsToKilobytes $SECTORS)K
'' else ''
mkfs.${fsType} -F -L ${label} $diskImage
mkfs.${fsType} -b ${blockSize} -F -L ${label} $diskImage
''}
echo "copying staging root to image..."
@ -283,6 +346,9 @@ in pkgs.vmTools.runInLinuxVM (
# Some tools assume these exist
ln -s vda /dev/xvda
ln -s vda /dev/sda
# make systemd-boot find ESP without udev
mkdir /dev/block
ln -s /dev/vda1 /dev/block/254:1
mountPoint=/mnt
mkdir $mountPoint

81
nixos/lib/test-driver/test-driver.py
View File

@ -1,7 +1,7 @@
#! /somewhere/python3
from contextlib import contextmanager, _GeneratorContextManager
from queue import Queue, Empty
from typing import Tuple, Any, Callable, Dict, Iterator, Optional, List
from typing import Tuple, Any, Callable, Dict, Iterator, Optional, List, Iterable
from xml.sax.saxutils import XMLGenerator
import queue
import io
@ -205,6 +205,37 @@ class Logger:
self.xml.endElement("nest")
def _perform_ocr_on_screenshot(
screenshot_path: str, model_ids: Iterable[int]
) -> List[str]:
if shutil.which("tesseract") is None:
raise Exception("OCR requested but enableOCR is false")
magick_args = (
"-filter Catrom -density 72 -resample 300 "
+ "-contrast -normalize -despeckle -type grayscale "
+ "-sharpen 1 -posterize 3 -negate -gamma 100 "
+ "-blur 1x65535"
)
tess_args = f"-c debug_file=/dev/null --psm 11"
cmd = f"convert {magick_args} {screenshot_path} tiff:{screenshot_path}.tiff"
ret = subprocess.run(cmd, shell=True, capture_output=True)
if ret.returncode != 0:
raise Exception(f"TIFF conversion failed with exit code {ret.returncode}")
model_results = []
for model_id in model_ids:
cmd = f"tesseract {screenshot_path}.tiff - {tess_args} --oem {model_id}"
ret = subprocess.run(cmd, shell=True, capture_output=True)
if ret.returncode != 0:
raise Exception(f"OCR failed with exit code {ret.returncode}")
model_results.append(ret.stdout.decode("utf-8"))
return model_results
class Machine:
def __init__(self, args: Dict[str, Any]) -> None:
if "name" in args:
@ -637,43 +668,29 @@ class Machine:
"""Debugging: Dump the contents of the TTY<n>"""
self.execute("fold -w 80 /dev/vcs{} | systemd-cat".format(tty))
def _get_screen_text_variants(self, model_ids: Iterable[int]) -> List[str]:
with tempfile.TemporaryDirectory() as tmpdir:
screenshot_path = os.path.join(tmpdir, "ppm")
self.send_monitor_command(f"screendump {screenshot_path}")
return _perform_ocr_on_screenshot(screenshot_path, model_ids)
def get_screen_text_variants(self) -> List[str]:
return self._get_screen_text_variants([0, 1, 2])
def get_screen_text(self) -> str:
if shutil.which("tesseract") is None:
raise Exception("get_screen_text used but enableOCR is false")
magick_args = (
"-filter Catrom -density 72 -resample 300 "
+ "-contrast -normalize -despeckle -type grayscale "
+ "-sharpen 1 -posterize 3 -negate -gamma 100 "
+ "-blur 1x65535"
)
tess_args = "-c debug_file=/dev/null --psm 11 --oem 2"
with self.nested("performing optical character recognition"):
with tempfile.NamedTemporaryFile() as tmpin:
self.send_monitor_command("screendump {}".format(tmpin.name))
cmd = "convert {} {} tiff:- | tesseract - - {}".format(
magick_args, tmpin.name, tess_args
)
ret = subprocess.run(cmd, shell=True, capture_output=True)
if ret.returncode != 0:
raise Exception(
"OCR failed with exit code {}".format(ret.returncode)
)
return ret.stdout.decode("utf-8")
return self._get_screen_text_variants([2])[0]
def wait_for_text(self, regex: str) -> None:
def screen_matches(last: bool) -> bool:
text = self.get_screen_text()
matches = re.search(regex, text) is not None
variants = self.get_screen_text_variants()
for text in variants:
if re.search(regex, text) is not None:
return True
if last and not matches:
self.log("Last OCR attempt failed. Text was: {}".format(text))
if last:
self.log("Last OCR attempt failed. Text was: {}".format(variants))
return matches
return False
with self.nested("waiting for {} to appear on screen".format(regex)):
retry(screen_matches)

2
nixos/modules/hardware/printers.nix
View File

@ -15,7 +15,7 @@ let
${ppdOptionsString p.ppdOptions}
'';
ensureDefaultPrinter = name: ''
${pkgs.cups}/bin/lpoptions -d '${name}'
${pkgs.cups}/bin/lpadmin -d '${name}'
'';
# "graph but not # or /" can't be implemented as regex alone due to missing lookahead support

2
nixos/modules/installer/tools/nixos-install.sh
View File

@ -125,7 +125,7 @@ fi
# Resolve the flake.
if [[ -n $flake ]]; then
flake=$(nix "${flakeFlags[@]}" flake info --json "${extraBuildFlags[@]}" "${lockFlags[@]}" -- "$flake" | jq -r .url)
flake=$(nix "${flakeFlags[@]}" flake metadata --json "${extraBuildFlags[@]}" "${lockFlags[@]}" -- "$flake" | jq -r .url)
fi
if [[ ! -e $NIXOS_CONFIG && -z $system && -z $flake ]]; then

6
nixos/modules/module-list.nix
View File

@ -133,6 +133,7 @@
./programs/file-roller.nix
./programs/firejail.nix
./programs/fish.nix
./programs/flexoptix-app.nix
./programs/freetds.nix
./programs/fuse.nix
./programs/geary.nix
@ -468,6 +469,7 @@
./services/misc/couchpotato.nix
./services/misc/devmon.nix
./services/misc/dictd.nix
./services/misc/duckling.nix
./services/misc/dwm-status.nix
./services/misc/dysnomia.nix
./services/misc/disnix.nix
@ -529,6 +531,7 @@
./services/misc/parsoid.nix
./services/misc/plex.nix
./services/misc/plikd.nix
./services/misc/podgrab.nix
./services/misc/tautulli.nix
./services/misc/pinnwand.nix
./services/misc/pykms.nix
@ -700,6 +703,9 @@
./services/networking/iodine.nix
./services/networking/iperf3.nix
./services/networking/ircd-hybrid/default.nix
./services/networking/iscsi/initiator.nix
./services/networking/iscsi/root-initiator.nix
./services/networking/iscsi/target.nix
./services/networking/iwd.nix
./services/networking/jicofo.nix
./services/networking/jitsi-videobridge.nix

25
nixos/modules/programs/flexoptix-app.nix Normal file
View File

@ -0,0 +1,25 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.flexoptix-app;
in {
options = {
programs.flexoptix-app = {
enable = mkEnableOption "FLEXOPTIX app + udev rules";
package = mkOption {
description = "FLEXOPTIX app package to use";
type = types.package;
default = pkgs.flexoptix-app;
defaultText = "\${pkgs.flexoptix-app}";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
services.udev.packages = [ cfg.package ];
};
}

69
nixos/modules/services/hardware/pcscd.nix
View File

@ -10,39 +10,37 @@ let
paths = map (p: "${p}/pcsc/drivers") config.services.pcscd.plugins;
};
in {
in
{
###### interface
options = {
options.services.pcscd = {
enable = mkEnableOption "PCSC-Lite daemon";
services.pcscd = {
enable = mkEnableOption "PCSC-Lite daemon";
plugins = mkOption {
type = types.listOf types.package;
default = [ pkgs.ccid ];
defaultText = "[ pkgs.ccid ]";
example = literalExample "[ pkgs.pcsc-cyberjack ]";
description = "Plugin packages to be used for PCSC-Lite.";
};
plugins = mkOption {
type = types.listOf types.package;
default = [ pkgs.ccid ];
defaultText = "[ pkgs.ccid ]";
example = literalExample "[ pkgs.pcsc-cyberjack ]";
description = "Plugin packages to be used for PCSC-Lite.";
};
readerConfig = mkOption {
type = types.lines;
default = "";
example = ''
FRIENDLYNAME "Some serial reader"
DEVICENAME /dev/ttyS0
LIBPATH /path/to/serial_reader.so
CHANNELID 1
'';
description = ''
Configuration for devices that aren't hotpluggable.
readerConfig = mkOption {
type = types.lines;
default = "";
example = ''
FRIENDLYNAME "Some serial reader"
DEVICENAME /dev/ttyS0
LIBPATH /path/to/serial_reader.so
CHANNELID 1
'';
description = ''
Configuration for devices that aren't hotpluggable.
See <citerefentry><refentrytitle>reader.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for valid options.
'';
};
See <citerefentry><refentrytitle>reader.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for valid options.
'';
};
};
@ -50,20 +48,15 @@ in {
config = mkIf config.services.pcscd.enable {
systemd.sockets.pcscd = {
description = "PCSC-Lite Socket";
wantedBy = [ "sockets.target" ];
before = [ "multi-user.target" ];
socketConfig.ListenStream = "/run/pcscd/pcscd.comm";
};
environment.etc."reader.conf".source = cfgFile;
systemd.packages = [ (getBin pkgs.pcsclite) ];
systemd.sockets.pcscd.wantedBy = [ "sockets.target" ];
systemd.services.pcscd = {
description = "PCSC-Lite daemon";
environment.PCSCLITE_HP_DROPDIR = pluginEnv;
serviceConfig = {
ExecStart = "${getBin pkgs.pcsclite}/sbin/pcscd -f -x -c ${cfgFile}";
ExecReload = "${getBin pkgs.pcsclite}/sbin/pcscd -H";
};
restartTriggers = [ "/etc/reader.conf" ];
};
};
}

9
nixos/modules/services/mail/exim.nix
View File

@ -67,6 +67,13 @@ in
'';
};
queueRunnerInterval = mkOption {
type = types.str;
default = "5m";
description = ''
How often to spawn a new queue runner.
'';
};
};
};
@ -104,7 +111,7 @@ in
wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."exim.conf".source ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/exim -bdf -q30m";
ExecStart = "${cfg.package}/bin/exim -bdf -q${cfg.queueRunnerInterval}";
ExecReload = "${coreutils}/bin/kill -HUP $MAINPID";
};
preStart = ''

65
nixos/modules/services/mail/spamassassin.nix
View File

@ -126,19 +126,36 @@ in
};
systemd.services.sa-update = {
# Needs to be able to contact the update server.
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
serviceConfig = {
Type = "oneshot";
User = "spamd";
Group = "spamd";
StateDirectory = "spamassassin";
ExecStartPost = "+${pkgs.systemd}/bin/systemctl -q --no-block try-reload-or-restart spamd.service";
};
script = ''
set +e
${pkgs.su}/bin/su -s "${pkgs.bash}/bin/bash" -c "${pkgs.spamassassin}/bin/sa-update --gpghomedir=/var/lib/spamassassin/sa-update-keys/" spamd
v=$?
${pkgs.spamassassin}/bin/sa-update --verbose --gpghomedir=/var/lib/spamassassin/sa-update-keys/
rc=$?
set -e
if [ $v -gt 1 ]; then
echo "sa-update execution error"
exit $v
if [[ $rc -gt 1 ]]; then
# sa-update failed.
exit $rc
fi
if [ $v -eq 0 ]; then
systemctl reload spamd.service
if [[ $rc -eq 1 ]]; then
# No update was available, exit successfully.
exit 0
fi
# An update was available and installed. Compile the rules.
${pkgs.spamassassin}/bin/sa-compile
'';
};
@ -153,32 +170,22 @@ in
};
systemd.services.spamd = {
description = "Spam Assassin Server";
description = "SpamAssassin Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
wants = [ "sa-update.service" ];
after = [
"network.target"
"sa-update.service"
];
serviceConfig = {
ExecStart = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --virtual-config-dir=/var/lib/spamassassin/user-%u --allow-tell --pidfile=/run/spamd.pid";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "spamd";
Group = "spamd";
ExecStart = "+${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --virtual-config-dir=%S/spamassassin/user-%u --allow-tell --pidfile=/run/spamd.pid";
ExecReload = "+${pkgs.coreutils}/bin/kill -HUP $MAINPID";
StateDirectory = "spamassassin";
};
# 0 and 1 no error, exitcode > 1 means error:
# https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes
preStart = ''
echo "Recreating '/var/lib/spamasassin' with creating '3.004001' (or similar) and 'sa-update-keys'"
mkdir -p /var/lib/spamassassin
chown spamd:spamd /var/lib/spamassassin -R
set +e
${pkgs.su}/bin/su -s "${pkgs.bash}/bin/bash" -c "${pkgs.spamassassin}/bin/sa-update --gpghomedir=/var/lib/spamassassin/sa-update-keys/" spamd
v=$?
set -e
if [ $v -gt 1 ]; then
echo "sa-update execution error"
exit $v
fi
chown spamd:spamd /var/lib/spamassassin -R
'';
};
};
}

39
nixos/modules/services/misc/duckling.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.duckling;
in {
options = {
services.duckling = {
enable = mkEnableOption "duckling";
port = mkOption {
type = types.port;
default = 8080;
description = ''
Port on which duckling will run.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.duckling = {
description = "Duckling server service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = {
PORT = builtins.toString cfg.port;
};
serviceConfig = {
ExecStart = "${pkgs.haskellPackages.duckling}/bin/duckling-example-exe --no-access-log --no-error-log";
Restart = "always";
DynamicUser = true;
};
};
};
}

6
nixos/modules/services/misc/gitlab.nix
View File

@ -588,7 +588,7 @@ in {
the DB. If you change or lose this key you will be unable to
access variables stored in database.
Make sure the secret is at least 30 characters and all random,
Make sure the secret is at least 32 characters and all random,
no regular words or you'll be exposed to dictionary attacks.
This should be a string, not a nix path, since nix paths are
@ -604,7 +604,7 @@ in {
the DB. If you change or lose this key you will be unable to
access variables stored in database.
Make sure the secret is at least 30 characters and all random,
Make sure the secret is at least 32 characters and all random,
no regular words or you'll be exposed to dictionary attacks.
This should be a string, not a nix path, since nix paths are
@ -620,7 +620,7 @@ in {
tokens. If you change or lose this key, users which have 2FA
enabled for login won't be able to login anymore.
Make sure the secret is at least 30 characters and all random,
Make sure the secret is at least 32 characters and all random,
no regular words or you'll be exposed to dictionary attacks.
This should be a string, not a nix path, since nix paths are

6
nixos/modules/services/misc/jellyfin.nix
View File

@ -18,6 +18,7 @@ in
package = mkOption {
type = types.package;
default = pkgs.jellyfin;
example = literalExample "pkgs.jellyfin";
description = ''
Jellyfin package to use.
@ -98,11 +99,6 @@ in
};
};
services.jellyfin.package = mkDefault (
if versionAtLeast config.system.stateVersion "20.09" then pkgs.jellyfin
else pkgs.jellyfin_10_5
);
users.users = mkIf (cfg.user == "jellyfin") {
jellyfin = {
group = cfg.group;

50
nixos/modules/services/misc/podgrab.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.podgrab;
in
{
options.services.podgrab = with lib; {
enable = mkEnableOption "Podgrab, a self-hosted podcast manager";
passwordFile = mkOption {
type = with types; nullOr str;
default = null;
example = "/run/secrets/password.env";
description = ''
The path to a file containing the PASSWORD environment variable
definition for Podgrab's authentification.
'';
};
port = mkOption {
type = types.port;
default = 8080;
example = 4242;
description = "The port on which Podgrab will listen for incoming HTTP traffic.";
};
};
config = lib.mkIf cfg.enable {
systemd.services.podgrab = {
description = "Podgrab podcast manager";
wantedBy = [ "multi-user.target" ];
environment = {
CONFIG = "/var/lib/podgrab/config";
DATA = "/var/lib/podgrab/data";
GIN_MODE = "release";
PORT = toString cfg.port;
};
serviceConfig = {
DynamicUser = true;
EnvironmentFile = lib.optional (cfg.passwordFile != null) [
cfg.passwordFile
];
ExecStart = "${pkgs.podgrab}/bin/podgrab";
WorkingDirectory = "${pkgs.podgrab}/share";
StateDirectory = [ "podgrab/config" "podgrab/data" ];
};
};
};
meta.maintainers = with lib.maintainers; [ ambroisie ];
}

2
nixos/modules/services/monitoring/nagios.nix
View File

@ -192,6 +192,7 @@ in
path = [ pkgs.nagios ] ++ cfg.plugins;
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartTriggers = [ nagiosCfgFile ];
serviceConfig = {
User = "nagios";
@ -201,7 +202,6 @@ in
LogsDirectory = "nagios";
StateDirectory = "nagios";
ExecStart = "${pkgs.nagios}/bin/nagios /etc/nagios.cfg";
X-ReloadIfChanged = nagiosCfgFile;
};
};

28
nixos/modules/services/monitoring/vnstat.nix
View File

@ -6,21 +6,21 @@ let
cfg = config.services.vnstat;
in {
options.services.vnstat = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable update of network usage statistics via vnstatd.
'';
};
enable = mkEnableOption "update of network usage statistics via vnstatd";
};
config = mkIf cfg.enable {
users.users.vnstatd = {
isSystemUser = true;
description = "vnstat daemon user";
home = "/var/lib/vnstat";
createHome = true;
environment.systemPackages = [ pkgs.vnstat ];
users = {
groups.vnstatd = {};
users.vnstatd = {
isSystemUser = true;
group = "vnstatd";
description = "vnstat daemon user";
};
};
systemd.services.vnstat = {
@ -33,7 +33,6 @@ in {
"man:vnstat(1)"
"man:vnstat.conf(5)"
];
preStart = "chmod 755 /var/lib/vnstat";
serviceConfig = {
ExecStart = "${pkgs.vnstat}/bin/vnstatd -n";
ExecReload = "${pkgs.procps}/bin/kill -HUP $MAINPID";
@ -52,7 +51,10 @@ in {
RestrictNamespaces = true;
User = "vnstatd";
Group = "vnstatd";
};
};
};
meta.maintainers = [ maintainers.evils ];
}

16
nixos/modules/services/networking/babeld.nix
View File

@ -19,7 +19,10 @@ let
"interface ${name} ${paramsString interface}\n";
configFile = with cfg; pkgs.writeText "babeld.conf" (
(optionalString (cfg.interfaceDefaults != null) ''
''
skip-kernel-setup true
''
+ (optionalString (cfg.interfaceDefaults != null) ''
default ${paramsString cfg.interfaceDefaults}
'')
+ (concatMapStrings interfaceConfig (attrNames cfg.interfaces))
@ -84,13 +87,22 @@ in
config = mkIf config.services.babeld.enable {
boot.kernel.sysctl = {
"net.ipv6.conf.all.forwarding" = 1;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv4.conf.all.forwarding" = 1;
"net.ipv4.conf.all.rp_filter" = 0;
} // lib.mapAttrs' (ifname: _: lib.nameValuePair "net.ipv4.conf.${ifname}.rp_filter" (lib.mkDefault 0)) config.services.babeld.interfaces;
systemd.services.babeld = {
description = "Babel routing daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.babeld}/bin/babeld -c ${configFile} -I /run/babeld/babeld.pid -S /var/lib/babeld/state";
AmbientCapabilities = [ "CAP_NET_ADMIN" ];
CapabilityBoundingSet = [ "CAP_NET_ADMIN" ];
DynamicUser = true;
IPAddressAllow = [ "fe80::/64" "ff00::/8" "::1/128" "127.0.0.0/8" ];
IPAddressDeny = "any";
LockPersonality = true;
@ -98,7 +110,7 @@ in
MemoryDenyWriteExecute = true;
ProtectSystem = "strict";
ProtectClock = true;
ProtectKernelTunables = false; # Couldn't write sysctl: Read-only file system
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;

84
nixos/modules/services/networking/iscsi/initiator.nix Normal file
View File

@ -0,0 +1,84 @@
{ config, lib, pkgs, ... }: with lib;
let
cfg = config.services.openiscsi;
in
{
options.services.openiscsi = with types; {
enable = mkEnableOption "the openiscsi iscsi daemon";
enableAutoLoginOut = mkEnableOption ''
automatic login and logout of all automatic targets.
You probably do not want this.
'';
discoverPortal = mkOption {
type = nullOr str;
default = null;
description = "Portal to discover targets on";
};
name = mkOption {
type = str;
description = "Name of this iscsi initiator";
example = "iqn.2020-08.org.linux-iscsi.initiatorhost:example";
};
package = mkOption {
type = package;
description = "openiscsi package to use";
default = pkgs.openiscsi;
defaultText = "pkgs.openiscsi";
};
extraConfig = mkOption {
type = str;
default = "";
description = "Lines to append to default iscsid.conf";
};
extraConfigFile = mkOption {
description = ''
Append an additional file's contents to /etc/iscsid.conf. Use a non-store path
and store passwords in this file.
'';
default = null;
type = nullOr str;
};
};
config = mkIf cfg.enable {
environment.etc."iscsi/iscsid.conf.fragment".source = pkgs.runCommand "iscsid.conf" {} ''
cat "${cfg.package}/etc/iscsi/iscsid.conf" > $out
cat << 'EOF' >> $out
${cfg.extraConfig}
${optionalString cfg.enableAutoLoginOut "node.startup = automatic"}
EOF
'';
environment.etc."iscsi/initiatorname.iscsi".text = "InitiatorName=${cfg.name}";
system.activationScripts.iscsid = let
extraCfgDumper = optionalString (cfg.extraConfigFile != null) ''
if [ -f "${cfg.extraConfigFile}" ]; then
printf "\n# The following is from ${cfg.extraConfigFile}:\n"
cat "${cfg.extraConfigFile}"
else
echo "Warning: services.openiscsi.extraConfigFile ${cfg.extraConfigFile} does not exist!" >&2
fi
'';
in ''
(
cat ${config.environment.etc."iscsi/iscsid.conf.fragment".source}
${extraCfgDumper}
) > /etc/iscsi/iscsid.conf
'';
systemd.packages = [ cfg.package ];
systemd.services."iscsid".wantedBy = [ "multi-user.target" ];
systemd.sockets."iscsid".wantedBy = [ "sockets.target" ];
systemd.services."iscsi" = mkIf cfg.enableAutoLoginOut {
wantedBy = [ "remote-fs.target" ];
serviceConfig.ExecStartPre = mkIf (cfg.discoverPortal != null) "${cfg.package}/bin/iscsiadm --mode discoverydb --type sendtargets --portal ${escapeShellArg cfg.discoverPortal} --discover";
};
environment.systemPackages = [ cfg.package ];
boot.kernelModules = [ "iscsi_tcp" ];
};
}

181
nixos/modules/services/networking/iscsi/root-initiator.nix Normal file
View File

@ -0,0 +1,181 @@
{ config, lib, pkgs, ... }: with lib;
let
cfg = config.boot.iscsi-initiator;
in
{
# If you're booting entirely off another machine you may want to add
# this snippet to always boot the latest "system" version. It is not
# enabled by default in case you have an initrd on a local disk:
#
# boot.initrd.postMountCommands = ''
# ln -sfn /nix/var/nix/profiles/system/init /mnt-root/init
# stage2Init=/init
# '';
#
# Note: Theoretically you might want to connect to multiple portals and
# log in to multiple targets, however the authors of this module so far
# don't have the need or expertise to reasonably implement it. Also,
# consider carefully before making your boot chain depend on multiple
# machines to be up.
options.boot.iscsi-initiator = with types; {
name = mkOption {
description = ''
Name of the iSCSI initiator to boot from. Note, booting from iscsi
requires networkd based networking.
'';
default = null;
example = "iqn.2020-08.org.linux-iscsi.initiatorhost:example";
type = nullOr str;
};
discoverPortal = mkOption {
description = ''
iSCSI portal to boot from.
'';
default = null;
example = "192.168.1.1:3260";
type = nullOr str;
};
target = mkOption {
description = ''
Name of the iSCSI target to boot from.
'';
default = null;
example = "iqn.2020-08.org.linux-iscsi.targethost:example";
type = nullOr str;
};
logLevel = mkOption {
description = ''
Higher numbers elicits more logs.
'';
default = 1;
example = 8;
type = int;
};
loginAll = mkOption {
description = ''
Do not log into a specific target on the portal, but to all that we discover.
This overrides setting target.
'';
type = bool;
default = false;
};
extraConfig = mkOption {
description = "Extra lines to append to /etc/iscsid.conf";
default = null;
type = nullOr lines;
};
extraConfigFile = mkOption {
description = ''
Append an additional file's contents to `/etc/iscsid.conf`. Use a non-store path
and store passwords in this file. Note: the file specified here must be available
in the initrd, see: `boot.initrd.secrets`.
'';
default = null;
type = nullOr str;
};
};
config = mkIf (cfg.name != null) {
# The "scripted" networking configuration (ie: non-networkd)
# doesn't properly order the start and stop of the interfaces, and the
# network interfaces are torn down before unmounting disks. Since this
# module is specifically for very-early-boot network mounts, we need
# the network to stay on.
#
# We could probably fix the scripted options to properly order, but I'm
# not inclined to invest that time today. Hopefully this gets users far
# enough along and they can just use networkd.
networking.useNetworkd = true;
networking.useDHCP = false; # Required to set useNetworkd = true
boot.initrd = {
network.enable = true;
# By default, the stage-1 disables the network and resets the interfaces
# on startup. Since our startup disks are on the network, we can't let
# the network not work.
network.flushBeforeStage2 = false;
kernelModules = [ "iscsi_tcp" ];
extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.openiscsi}/bin/iscsid
copy_bin_and_libs ${pkgs.openiscsi}/bin/iscsiadm
${optionalString (!config.boot.initrd.network.ssh.enable) "cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib"}
mkdir -p $out/etc/iscsi
cp ${config.environment.etc.hosts.source} $out/etc/hosts
cp ${pkgs.openiscsi}/etc/iscsi/iscsid.conf $out/etc/iscsi/iscsid.fragment.conf
chmod +w $out/etc/iscsi/iscsid.fragment.conf
cat << 'EOF' >> $out/etc/iscsi/iscsid.fragment.conf
${optionalString (cfg.extraConfig != null) cfg.extraConfig}
EOF
'';
extraUtilsCommandsTest = ''
$out/bin/iscsiadm --version
'';
preLVMCommands = let
extraCfgDumper = optionalString (cfg.extraConfigFile != null) ''
if [ -f "${cfg.extraConfigFile}" ]; then
printf "\n# The following is from ${cfg.extraConfigFile}:\n"
cat "${cfg.extraConfigFile}"
else
echo "Warning: boot.iscsi-initiator.extraConfigFile ${cfg.extraConfigFile} does not exist!" >&2
fi
'';
in ''
${optionalString (!config.boot.initrd.network.ssh.enable) ''
# stolen from initrd-ssh.nix
echo 'root:x:0:0:root:/root:/bin/ash' > /etc/passwd
echo 'passwd: files' > /etc/nsswitch.conf
''}
cp -f $extraUtils/etc/hosts /etc/hosts
mkdir -p /etc/iscsi /run/lock/iscsi
echo "InitiatorName=${cfg.name}" > /etc/iscsi/initiatorname.iscsi
(
cat "$extraUtils/etc/iscsi/iscsid.fragment.conf"
printf "\n"
${optionalString cfg.loginAll ''echo "node.startup = automatic"''}
${extraCfgDumper}
) > /etc/iscsi/iscsid.conf
iscsid --foreground --no-pid-file --debug ${toString cfg.logLevel} &
iscsiadm --mode discoverydb \
--type sendtargets \
--discover \
--portal ${escapeShellArg cfg.discoverPortal} \
--debug ${toString cfg.logLevel}
${if cfg.loginAll then ''
iscsiadm --mode node --loginall all
'' else ''
iscsiadm --mode node --targetname ${escapeShellArg cfg.target} --login
''}
pkill -9 iscsid
'';
};
services.openiscsi = {
enable = true;
inherit (cfg) name;
};
assertions = [
{
assertion = cfg.loginAll -> cfg.target == null;
message = "iSCSI target name is set while login on all portals is enabled.";
}
];
};
}

53
nixos/modules/services/networking/iscsi/target.nix Normal file
View File

@ -0,0 +1,53 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.target;
in
{
###### interface
options = {
services.target = with types; {
enable = mkEnableOption "the kernel's LIO iscsi target";
config = mkOption {
type = attrs;
default = {};
description = ''
Content of /etc/target/saveconfig.json
This file is normally read and written by targetcli
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.etc."target/saveconfig.json" = {
text = builtins.toJSON cfg.config;
mode = "0600";
};
environment.systemPackages = with pkgs; [ targetcli ];
boot.kernelModules = [ "configfs" "target_core_mod" "iscsi_target_mod" ];
systemd.services.iscsi-target = {
enable = true;
after = [ "network.target" "local-fs.target" ];
requires = [ "sys-kernel-config.mount" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.python3.pkgs.rtslib}/bin/targetctl restore";
ExecStop = "${pkgs.python3.pkgs.rtslib}/bin/targetctl clear";
RemainAfterExit = "yes";
};
};
systemd.tmpfiles.rules = [
"d /etc/target 0700 root root - -"
];
};
}

32
nixos/modules/services/security/sshguard.nix
View File

@ -5,6 +5,21 @@ with lib;
let
cfg = config.services.sshguard;
configFile = let
args = lib.concatStringsSep " " ([
"-afb"
"-p info"
"-o cat"
"-n1"
] ++ (map (name: "-t ${escapeShellArg name}") cfg.services));
backend = if config.networking.nftables.enable
then "sshg-fw-nft-sets"
else "sshg-fw-ipset";
in pkgs.writeText "sshguard.conf" ''
BACKEND="${pkgs.sshguard}/libexec/${backend}"
LOGREADER="LANG=C ${pkgs.systemd}/bin/journalctl ${args}"
'';
in {
###### interface
@ -85,20 +100,7 @@ in {
config = mkIf cfg.enable {
environment.etc."sshguard.conf".text = let
args = lib.concatStringsSep " " ([
"-afb"
"-p info"
"-o cat"
"-n1"
] ++ (map (name: "-t ${escapeShellArg name}") cfg.services));
backend = if config.networking.nftables.enable
then "sshg-fw-nft-sets"
else "sshg-fw-ipset";
in ''
BACKEND="${pkgs.sshguard}/libexec/${backend}"
LOGREADER="LANG=C ${pkgs.systemd}/bin/journalctl ${args}"
'';
environment.etc."sshguard.conf".source = configFile;
systemd.services.sshguard = {
description = "SSHGuard brute-force attacks protection system";
@ -107,6 +109,8 @@ in {
after = [ "network.target" ];
partOf = optional config.networking.firewall.enable "firewall.service";
restartTriggers = [ configFile ];
path = with pkgs; if config.networking.nftables.enable
then [ nftables iproute2 systemd ]
else [ iptables ipset iproute2 systemd ];

13
nixos/modules/services/web-apps/mastodon.nix
View File

@ -31,6 +31,8 @@ let
// (if cfg.smtp.authenticate then { SMTP_LOGIN = cfg.smtp.user; } else {})
// cfg.extraConfig;
systemCallsList = [ "@clock" "@cpu-emulation" "@debug" "@keyring" "@module" "@mount" "@obsolete" "@raw-io" "@reboot" "@setuid" "@swap" ];
cfgService = {
# User and group
User = cfg.user;
@ -68,7 +70,6 @@ let
PrivateMounts = true;
# System Call Filtering
SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @reboot @resources @setuid @swap";
};
envFile = pkgs.writeText "mastodon.env" (lib.concatMapStrings (s: s + "\n") (
@ -432,6 +433,8 @@ in {
serviceConfig = {
Type = "oneshot";
WorkingDirectory = cfg.package;
# System Call Filtering
SystemCallFilter = "~" + lib.concatStringsSep " " (systemCallsList ++ [ "@resources" ]);
} // cfgService;
after = [ "network.target" ];
@ -457,6 +460,8 @@ in {
Type = "oneshot";
EnvironmentFile = "/var/lib/mastodon/.secrets_env";
WorkingDirectory = cfg.package;
# System Call Filtering
SystemCallFilter = "~" + lib.concatStringsSep " " (systemCallsList ++ [ "@resources" ]);
} // cfgService;
after = [ "mastodon-init-dirs.service" "network.target" ] ++ (if databaseActuallyCreateLocally then [ "postgresql.service" ] else []);
wantedBy = [ "multi-user.target" ];
@ -481,6 +486,8 @@ in {
# Runtime directory and mode
RuntimeDirectory = "mastodon-streaming";
RuntimeDirectoryMode = "0750";
# System Call Filtering
SystemCallFilter = "~" + lib.concatStringsSep " " (systemCallsList ++ [ "@privileged" "@resources" ]);
} // cfgService;
};
@ -503,6 +510,8 @@ in {
# Runtime directory and mode
RuntimeDirectory = "mastodon-web";
RuntimeDirectoryMode = "0750";
# System Call Filtering
SystemCallFilter = "~" + lib.concatStringsSep " " (systemCallsList ++ [ "@resources" ]);
} // cfgService;
path = with pkgs; [ file imagemagick ffmpeg ];
};
@ -522,6 +531,8 @@ in {
RestartSec = 20;
EnvironmentFile = "/var/lib/mastodon/.secrets_env";
WorkingDirectory = cfg.package;
# System Call Filtering
SystemCallFilter = "~" + lib.concatStringsSep " " systemCallsList;
} // cfgService;
path = with pkgs; [ file imagemagick ffmpeg ];
};

15
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -10,7 +10,7 @@ let
extensions = { enabled, all }:
(with all;
enabled
++ optional (!cfg.disableImagemagick) imagick
++ optional cfg.enableImagemagick imagick
# Optionally enabled depending on caching settings
++ optional cfg.caching.apcu apcu
++ optional cfg.caching.redis redis
@ -63,6 +63,9 @@ in {
Further details about this can be found in the `Nextcloud`-section of the NixOS-manual
(which can be openend e.g. by running `nixos-help`).
'')
(mkRemovedOptionModule [ "services" "nextcloud" "disableImagemagick" ] ''
Use services.nextcloud.nginx.enableImagemagick instead.
'')
];
options.services.nextcloud = {
@ -303,16 +306,14 @@ in {
};
};
disableImagemagick = mkOption {
type = types.bool;
default = false;
description = ''
Whether to not load the ImageMagick module into PHP.
enableImagemagick = mkEnableOption ''
Whether to load the ImageMagick module into PHP.
This is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF).
You may want to disable it for increased security. In that case, previews will still be available
for some images (e.g. JPEG and PNG).
See https://github.com/nextcloud/server/issues/13099
'';
'' // {
default = true;
};
caching = {

1
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -887,6 +887,7 @@ in
users.users = optionalAttrs (cfg.user == "nginx") {
nginx = {
group = cfg.group;
isSystemUser = true;
uid = config.ids.uids.nginx;
};
};

9
nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
View File

@ -236,9 +236,12 @@ def main() -> None:
gens += get_generations(profile)
remove_old_entries(gens)
for gen in gens:
write_entry(*gen, machine_id)
if os.readlink(system_dir(*gen)) == args.default_config:
write_loader_conf(*gen)
try:
write_entry(*gen, machine_id)
if os.readlink(system_dir(*gen)) == args.default_config:
write_loader_conf(*gen)
except OSError as e:
print("ignoring profile '{}' in the list of boot entries because of the following error:\n{}".format(profile, e), file=sys.stderr)
memtest_entry_file = "@efiSysMountPoint@/loader/entries/memtest86.conf"
if os.path.exists(memtest_entry_file):

11
nixos/modules/virtualisation/nixos-containers.nix
View File

@ -439,21 +439,16 @@ in
default = false;
description = ''
Whether this NixOS machine is a lightweight container running
in another NixOS system. If set to true, support for nested
containers is disabled by default, but can be reenabled by
setting <option>boot.enableContainers</option> to true.
in another NixOS system.
'';
};
boot.enableContainers = mkOption {
type = types.bool;
default = !config.boot.isContainer;
default = true;
description = ''
Whether to enable support for NixOS containers. Defaults to true
(at no cost if containers are not actually used), but only if the
system is not itself a lightweight container of a host.
To enable support for nested containers, this option has to be
explicitly set to true (in the outer container).
(at no cost if containers are not actually used).
'';
};

3
nixos/modules/virtualisation/xen-dom0.nix
View File

@ -161,9 +161,6 @@ in
environment.systemPackages = [ cfg.package ];
# Make sure Domain 0 gets the required configuration
#boot.kernelPackages = pkgs.boot.kernelPackages.override { features={xen_dom0=true;}; };
boot.kernelModules =
[ "xen-evtchn" "xen-gntdev" "xen-gntalloc" "xen-blkback" "xen-netback"
"xen-pciback" "evtchn" "gntdev" "netbk" "blkbk" "xen-scsibk"

2
nixos/release.nix
View File

@ -138,7 +138,7 @@ in rec {
# Build the initial ramdisk so Hydra can keep track of its size over time.
initialRamdisk = buildFromConfig ({ ... }: { }) (config: config.system.build.initialRamdisk);
netboot = forMatchingSystems [ "x86_64-linux" "aarch64-linux" ] (system: makeNetboot {
netboot = forMatchingSystems supportedSystems (system: makeNetboot {
module = ./modules/installer/netboot/netboot-minimal.nix;
inherit system;
});

3
nixos/tests/all-tests.nix
View File

@ -75,6 +75,7 @@ in
containers-ip = handleTest ./containers-ip.nix {};
containers-macvlans = handleTest ./containers-macvlans.nix {};
containers-names = handleTest ./containers-names.nix {};
containers-nested = handleTest ./containers-nested.nix {};
containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {};
containers-portforward = handleTest ./containers-portforward.nix {};
containers-reloadable = handleTest ./containers-reloadable.nix {};
@ -185,6 +186,7 @@ in
iodine = handleTest ./iodine.nix {};
ipfs = handleTest ./ipfs.nix {};
ipv6 = handleTest ./ipv6.nix {};
iscsi-root = handleTest ./iscsi-root.nix {};
jackett = handleTest ./jackett.nix {};
jellyfin = handleTest ./jellyfin.nix {};
jenkins = handleTest ./jenkins.nix {};
@ -322,6 +324,7 @@ in
pleroma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./pleroma.nix {};
plikd = handleTest ./plikd.nix {};
plotinus = handleTest ./plotinus.nix {};
podgrab = handleTest ./podgrab.nix {};
podman = handleTestOn ["x86_64-linux"] ./podman.nix {};
pomerium = handleTestOn ["x86_64-linux"] ./pomerium.nix {};
postfix = handleTest ./postfix.nix {};

6
nixos/tests/babeld.nix
View File

@ -25,9 +25,6 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : {
{
virtualisation.vlans = [ 10 20 ];
boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = 1;
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking = {
useDHCP = false;
firewall.enable = false;
@ -74,9 +71,6 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : {
{
virtualisation.vlans = [ 20 30 ];
boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = 1;
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking = {
useDHCP = false;
firewall.enable = false;

30
nixos/tests/containers-nested.nix Normal file
View File

@ -0,0 +1,30 @@
# Test for NixOS' container nesting.
import ./make-test-python.nix ({ pkgs, ... }: {
name = "nested";
meta = with pkgs.lib.maintainers; { maintainers = [ sorki ]; };
machine = { lib, ... }:
let
makeNested = subConf: {
containers.nested = {
autoStart = true;
privateNetwork = true;
config = subConf;
};
};
in makeNested (makeNested { });
testScript = ''
machine.start()
machine.wait_for_unit("container@nested.service")
machine.succeed("systemd-run --pty --machine=nested -- machinectl list | grep nested")
print(
machine.succeed(
"systemd-run --pty --machine=nested -- systemd-run --pty --machine=nested -- systemctl status"
)
)
'';
})

6
nixos/tests/gitlab.nix
View File

@ -57,9 +57,9 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; {
};
};
secrets = {
secretFile = pkgs.writeText "secret" "r8X9keSKynU7p4aKlh4GO1Bo77g5a7vj";
otpFile = pkgs.writeText "otpsecret" "Zu5hGx3YvQx40DvI8WoZJQpX2paSDOlG";
dbFile = pkgs.writeText "dbsecret" "lsGltKWTejOf6JxCVa7nLDenzkO9wPLR";
secretFile = pkgs.writeText "secret" "Aig5zaic";
otpFile = pkgs.writeText "otpsecret" "Riew9mue";
dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
};
};

126
nixos/tests/hibernate.nix
View File

@ -1,44 +1,120 @@
# Test whether hibernation from partition works.
import ./make-test-python.nix (pkgs: {
{ system ? builtins.currentSystem
, config ? {}
, pkgs ? import ../.. { inherit system config; }
}:
with import ../lib/testing-python.nix { inherit system pkgs; };
let
# System configuration of the installed system, which is used for the actual
# hibernate testing.
installedConfig = with pkgs.lib; {
imports = [
../modules/testing/test-instrumentation.nix
../modules/profiles/qemu-guest.nix
../modules/profiles/minimal.nix
];
hardware.enableAllFirmware = mkForce false;
documentation.nixos.enable = false;
boot.loader.grub.device = "/dev/vda";
systemd.services.backdoor.conflicts = [ "sleep.target" ];
powerManagement.resumeCommands = "systemctl --no-block restart backdoor.service";
fileSystems = {
"/".device = "/dev/vda2";
};
swapDevices = mkOverride 0 [ { device = "/dev/vda1"; } ];
};
installedSystem = (import ../lib/eval-config.nix {
inherit system;
modules = [ installedConfig ];
}).config.system.build.toplevel;
in makeTest {
name = "hibernate";
nodes = {
# System configuration used for installing the installedConfig from above.
machine = { config, lib, pkgs, ... }: with lib; {
virtualisation.emptyDiskImages = [ config.virtualisation.memorySize ];
imports = [
../modules/profiles/installation-device.nix
../modules/profiles/base.nix
];
systemd.services.backdoor.conflicts = [ "sleep.target" ];
nix.binaryCaches = mkForce [ ];
nix.extraOptions = ''
hashed-mirrors =
connect-timeout = 1
'';
swapDevices = mkOverride 0 [ { device = "/dev/vdb"; } ];
networking.firewall.allowedTCPPorts = [ 4444 ];
systemd.services.listener.serviceConfig.ExecStart = "${pkgs.netcat}/bin/nc -l 4444 -k";
};
probe = { pkgs, ...}: {
environment.systemPackages = [ pkgs.netcat ];
virtualisation.diskSize = 8 * 1024;
virtualisation.emptyDiskImages = [
# Small root disk for installer
512
];
virtualisation.bootDevice = "/dev/vdb";
};
};
# 9P doesn't support reconnection to virtio transport after a hibernation.
# Therefore, machine just hangs on any Nix store access.
# To work around it we run a daemon which listens to a TCP connection and
# try to connect to it as a test.
# To avoid this, we install NixOS onto a temporary disk with everything we need
# included into the store.
testScript =
''
def create_named_machine(name):
return create_machine(
{
"qemuFlags": "-cpu max ${
if system == "x86_64-linux" then "-m 1024"
else "-m 768 -enable-kvm -machine virt,gic-version=host"}",
"hdaInterface": "virtio",
"hda": "vm-state-machine/machine.qcow2",
"name": name,
}
)
# Install NixOS
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("mkswap /dev/vdb")
machine.succeed("swapon -a")
machine.start_job("listener")
machine.wait_for_open_port(4444)
machine.succeed("systemctl hibernate &")
machine.wait_for_shutdown()
probe.wait_for_unit("multi-user.target")
machine.start()
probe.wait_until_succeeds("echo test | nc machine 4444 -N")
machine.succeed(
# Partition /dev/vda
"flock /dev/vda parted --script /dev/vda -- mklabel msdos"
+ " mkpart primary linux-swap 1M 1024M"
+ " mkpart primary ext2 1024M -1s",
"udevadm settle",
"mkfs.ext3 -L nixos /dev/vda2",
"mount LABEL=nixos /mnt",
"mkswap /dev/vda1 -L swap",
# Install onto /mnt
"nix-store --load-db < ${pkgs.closureInfo {rootPaths = [installedSystem];}}/registration",
"nixos-install --root /mnt --system ${installedSystem} --no-root-passwd",
)
machine.shutdown()
# Start up
hibernate = create_named_machine("hibernate")
# Drop in file that checks if we un-hibernated properly (and not booted fresh)
hibernate.succeed(
"mkdir /run/test",
"mount -t ramfs -o size=1m ramfs /run/test",
"echo not persisted to disk > /run/test/suspended",
)
# Hibernate machine
hibernate.succeed("systemctl hibernate &")
hibernate.wait_for_shutdown()
# Restore machine from hibernation, validate our ramfs file is there.
resume = create_named_machine("resume")
resume.start()
resume.succeed("grep 'not persisted to disk' /run/test/suspended")
'';
})
}

13
nixos/tests/installer.nix
View File

@ -294,7 +294,7 @@ let
# the same during and after installation.
virtualisation.emptyDiskImages = [ 512 ];
virtualisation.bootDevice =
if grubVersion == 1 then "/dev/sdb" else "/dev/vdb";
if grubVersion == 1 then "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive2" else "/dev/vdb";
virtualisation.qemu.diskInterface =
if grubVersion == 1 then "scsi" else "virtio";
@ -695,22 +695,23 @@ in {
};
# Test a basic install using GRUB 1.
grub1 = makeInstallerTest "grub1" {
grub1 = makeInstallerTest "grub1" rec {
createPartitions = ''
machine.succeed(
"flock /dev/sda parted --script /dev/sda -- mklabel msdos"
"flock ${grubDevice} parted --script ${grubDevice} -- mklabel msdos"
+ " mkpart primary linux-swap 1M 1024M"
+ " mkpart primary ext2 1024M -1s",
"udevadm settle",
"mkswap /dev/sda1 -L swap",
"mkswap ${grubDevice}-part1 -L swap",
"swapon -L swap",
"mkfs.ext3 -L nixos /dev/sda2",
"mkfs.ext3 -L nixos ${grubDevice}-part2",
"mount LABEL=nixos /mnt",
"mkdir -p /mnt/tmp",
)
'';
grubVersion = 1;
grubDevice = "/dev/sda";
# /dev/sda is not stable, even when the SCSI disk number is.
grubDevice = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive1";
};
# Test using labels to identify volumes in grub

161
nixos/tests/iscsi-root.nix Normal file
View File

@ -0,0 +1,161 @@
import ./make-test-python.nix (
{ pkgs, lib, ... }:
let
initiatorName = "iqn.2020-08.org.linux-iscsi.initiatorhost:example";
targetName = "iqn.2003-01.org.linux-iscsi.target.x8664:sn.acf8fd9c23af";
in
{
name = "iscsi";
meta = {
maintainers = pkgs.lib.teams.deshaw.members
++ (with pkgs.lib.maintainers; [ ajs124 ]);
};
nodes = {
target = { config, pkgs, lib, ... }: {
services.target = {
enable = true;
config = {
fabric_modules = [];
storage_objects = [
{
dev = "/dev/vdb";
name = "test";
plugin = "block";
write_back = true;
wwn = "92b17c3f-6b40-4168-b082-ceeb7b495522";
}
];
targets = [
{
fabric = "iscsi";
tpgs = [
{
enable = true;
attributes = {
authentication = 0;
generate_node_acls = 1;
};
luns = [
{
alias = "94dfe06967";
alua_tg_pt_gp_name = "default_tg_pt_gp";
index = 0;
storage_object = "/backstores/block/test";
}
];
node_acls = [
{
mapped_luns = [
{
alias = "d42f5bdf8a";
index = 0;
tpg_lun = 0;
write_protect = false;
}
];
node_wwn = initiatorName;
}
];
portals = [
{
ip_address = "0.0.0.0";
iser = false;
offload = false;
port = 3260;
}
];
tag = 1;
}
];
wwn = targetName;
}
];
};
};
networking.firewall.allowedTCPPorts = [ 3260 ];
networking.firewall.allowedUDPPorts = [ 3260 ];
virtualisation.memorySize = 2048;
virtualisation.emptyDiskImages = [ 2048 ];
};
initiatorAuto = { nodes, config, pkgs, ... }: {
services.openiscsi = {
enable = true;
enableAutoLoginOut = true;
discoverPortal = "target";
name = initiatorName;
};
environment.systemPackages = with pkgs; [
xfsprogs
];
system.extraDependencies = [ nodes.initiatorRootDisk.config.system.build.toplevel ];
nix.binaryCaches = lib.mkForce [];
nix.extraOptions = ''
hashed-mirrors =
connect-timeout = 1
'';
};
initiatorRootDisk = { config, pkgs, modulesPath, lib, ... }: {
boot.loader.grub.enable = false;
boot.kernelParams = lib.mkOverride 5 (
[
"boot.shell_on_fail"
"console=tty1"
"ip=${config.networking.primaryIPAddress}:::255.255.255.0::ens9:none"
]
);
# defaults to true, puts some code in the initrd that tries to mount an overlayfs on /nix/store
virtualisation.writableStore = false;
fileSystems = lib.mkOverride 5 {
"/" = {
fsType = "xfs";
device = "/dev/sda";
options = [ "_netdev" ];
};
};
boot.iscsi-initiator = {
discoverPortal = "target";
name = initiatorName;
target = targetName;
};
};
};
testScript = { nodes, ... }: ''
target.start()
target.wait_for_unit("iscsi-target.service")
initiatorAuto.start()
initiatorAuto.wait_for_unit("iscsid.service")
initiatorAuto.wait_for_unit("iscsi.service")
initiatorAuto.get_unit_info("iscsi")
initiatorAuto.succeed("set -x; while ! test -e /dev/sda; do sleep 1; done")
initiatorAuto.succeed("mkfs.xfs /dev/sda")
initiatorAuto.succeed("mkdir /mnt && mount /dev/sda /mnt")
initiatorAuto.succeed(
"nixos-install --no-bootloader --no-root-passwd --system ${nodes.initiatorRootDisk.config.system.build.toplevel}"
)
initiatorAuto.succeed("umount /mnt && rmdir /mnt")
initiatorAuto.shutdown()
initiatorRootDisk.start()
initiatorRootDisk.wait_for_unit("multi-user.target")
initiatorRootDisk.wait_for_unit("iscsid")
initiatorRootDisk.succeed("touch test")
initiatorRootDisk.shutdown()
'';
}
)

2
nixos/tests/nextcloud/basic.nix
View File

@ -51,7 +51,7 @@ in {
nextcloudWithoutMagick = args@{ config, pkgs, lib, ... }:
lib.mkMerge
[ (nextcloud args)
{ services.nextcloud.disableImagemagick = true; } ];
{ services.nextcloud.enableImagemagick = false; } ];
};
testScript = { nodes, ... }: let

34
nixos/tests/podgrab.nix Normal file
View File

@ -0,0 +1,34 @@
let
defaultPort = 8080;
customPort = 4242;
in
import ./make-test-python.nix ({ pkgs, ... }: {
name = "podgrab";
nodes = {
default = { ... }: {
services.podgrab.enable = true;
};
customized = { ... }: {
services.podgrab = {
enable = true;
port = customPort;
};
};
};
testScript = ''
start_all()
default.wait_for_unit("podgrab")
default.wait_for_open_port("${toString defaultPort}")
default.succeed("curl --fail http://localhost:${toString defaultPort}")
customized.wait_for_unit("podgrab")
customized.wait_for_open_port("${toString customPort}")
customized.succeed("curl --fail http://localhost:${toString customPort}")
'';
meta.maintainers = with pkgs.lib.maintainers; [ ambroisie ];
})

6
nixos/tests/prometheus-exporters.nix
View File

@ -118,6 +118,8 @@ let
metricProvider = {
services.bird2.enable = true;
services.bird2.config = ''
router id 127.0.0.1;
protocol kernel MyObviousTestString {
ipv4 {
import all;
@ -132,7 +134,9 @@ let
exporterTest = ''
wait_for_unit("prometheus-bird-exporter.service")
wait_for_open_port(9324)
succeed("curl -sSf http://localhost:9324/metrics | grep -q 'MyObviousTestString'")
wait_until_succeeds(
"curl -sSf http://localhost:9324/metrics | grep -q 'MyObviousTestString'"
)
'';
};

4
pkgs/applications/audio/amarok/default.nix
View File

@ -3,7 +3,7 @@
, qca-qt5, qjson, qtquickcontrols2, qtscript, qtwebengine
, karchive, kcmutils, kconfig, kdnssd, kguiaddons, kinit, kirigami2, knewstuff, knotifyconfig, ktexteditor, kwindowsystem
, fftw, phonon, plasma-framework, threadweaver
, curl, ffmpeg_3, gdk-pixbuf, libaio, liblastfm, libmtp, loudmouth, lzo, lz4, mysql57, pcre, snappy, taglib, taglib_extras
, curl, ffmpeg, gdk-pixbuf, libaio, liblastfm, libmtp, loudmouth, lzo, lz4, mysql57, pcre, snappy, taglib, taglib_extras
}:
mkDerivation rec {
@ -23,7 +23,7 @@ mkDerivation rec {
qca-qt5 qjson qtquickcontrols2 qtscript qtwebengine
karchive kcmutils kconfig kdnssd kguiaddons kinit kirigami2 knewstuff knotifyconfig ktexteditor kwindowsystem
phonon plasma-framework threadweaver
curl fftw ffmpeg_3 gdk-pixbuf libaio liblastfm libmtp loudmouth lz4 lzo mysql57.server mysql57.server.static
curl fftw ffmpeg gdk-pixbuf libaio liblastfm libmtp loudmouth lz4 lzo mysql57.server mysql57.server.static
pcre snappy taglib taglib_extras
];

6
pkgs/applications/audio/fdkaac/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "fdkaac";
version = "1.0.1";
version = "1.0.2";
src = fetchFromGitHub {
owner = "nu774";
repo = pname;
rev = "v${version}";
sha256 = "02mzx4bird2q5chzpavfc9pg259hwfvq6px85xarm59vmj9nryb6";
sha256 = "tHhICq/FzbkvWkDdNzGqGoo7nIDb+DJXmkFwtPIA89c=";
};
nativeBuildInputs = [ autoreconfHook ];
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
doCheck = true;
meta = with lib; {
description = "Command line encoder frontend for libfdk-aac encder";
description = "Command line encoder frontend for libfdk-aac encoder";
longDescription = ''
fdkaac reads linear PCM audio in either WAV, raw PCM, or CAF format,
and encodes it into either M4A / AAC file.

4
pkgs/applications/audio/flacon/default.nix
View File

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "flacon";
version = "6.1.0";
version = "7.0.1";
src = fetchFromGitHub {
owner = "flacon";
repo = "flacon";
rev = "v${version}";
sha256 = "04yp3aym7h70xjni9ancqv5lc4zds5a8dgw3fzgqs8k5nmh074gv";
sha256 = "sha256-35tARJkyhC8EisIyDCwuT/UUruzLjJRUuZysuqeNssM=";
};
nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ];

4
pkgs/applications/audio/kmetronome/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "kmetronome";
version = "1.0.1";
version = "1.2.0";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${version}/${pname}-${version}.tar.bz2";
sha256 = "0bzm6vzlm32kjrgn1nvp096b2d41ybys2sk145nhy992wg56v32s";
sha256 = "1ln0nm24w6bj7wc8cay08j5azzznigd39cbbw3h4skg6fxd8p0s7";
};
nativeBuildInputs = [ cmake pkg-config qttools ];

69
pkgs/applications/audio/mousai/default.nix Normal file
View File

@ -0,0 +1,69 @@
{ lib
, python3
, fetchFromGitHub
, appstream-glib
, desktop-file-utils
, gettext
, glib
, gobject-introspection
, gst_all_1
, gtk3
, libhandy
, librsvg
, meson
, ninja
, pkg-config
, wrapGAppsHook
}:
python3.pkgs.buildPythonApplication rec {
pname = "mousai";
version = "0.3.1";
format = "other";
src = fetchFromGitHub {
owner = "SeaDve";
repo = "Mousai";
rev = "v${version}";
sha256 = "0x57dci0prhlj79h74yh79cazn48rn0bckz5j3z4njk4fwc3fvfx";
};
postPatch = ''
patchShebangs build-aux/meson
'';
nativeBuildInputs = [
appstream-glib
desktop-file-utils
gettext
glib
gtk3
meson
ninja
pkg-config
wrapGAppsHook
];
buildInputs = [
gobject-introspection
gst_all_1.gstreamer
gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-good
gtk3
libhandy
librsvg
];
propagatedBuildInputs = with python3.pkgs; [
pygobject3
requests
];
meta = with lib; {
description = "Identify any songs in seconds";
homepage = "https://github.com/SeaDve/Mousai";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ dotlambda ];
};
}

6
pkgs/applications/audio/pulseeffects/default.nix
View File

@ -46,15 +46,13 @@ let
];
in stdenv.mkDerivation rec {
pname = "pulseeffects";
# 5.0.3 crashes. Test carefully before updating.
# https://github.com/wwmm/pulseeffects/issues/927
version = "5.0.2";
version = "5.0.3";
src = fetchFromGitHub {
owner = "wwmm";
repo = "pulseeffects";
rev = "v${version}";
sha256 = "14ir25q6bws26im6qmj3k6hkfdh5pc6mbvln7wkdwy5dv0vix3cm";
sha256 = "1dicvq17vajk3vr4g1y80599ahkw0dp5ynlany1cfljfjz40s8sx";
};
nativeBuildInputs = [

10
pkgs/applications/audio/qmmp/default.nix
View File

@ -4,7 +4,7 @@
, curl, libmms
# input plugins
, libmad, taglib, libvorbis, libogg, flac, libmpcdec, libmodplug, libsndfile
, libcdio, cdparanoia, libcddb, faad2, ffmpeg_3, wildmidi
, libcdio, cdparanoia, libcddb, faad2, ffmpeg, wildmidi
# output plugins
, alsaLib, libpulseaudio
# effect plugins
@ -44,7 +44,7 @@ mkDerivation rec {
curl libmms
# input plugins
libmad taglib libvorbis libogg flac libmpcdec libmodplug libsndfile
libcdio cdparanoia libcddb faad2 ffmpeg_3 wildmidi
libcdio cdparanoia libcddb faad2 ffmpeg wildmidi
# output plugins
alsaLib libpulseaudio
# effect plugins
@ -53,10 +53,10 @@ mkDerivation rec {
meta = with lib; {
description = "Qt-based audio player that looks like Winamp";
homepage = "http://qmmp.ylsoftware.com/";
license = licenses.gpl2;
homepage = "https://qmmp.ylsoftware.com/";
license = licenses.gpl2Plus;
platforms = platforms.linux;
maintainers = [ maintainers.bjornfor ];
repositories.svn = "http://qmmp.googlecode.com/svn/";
repositories.svn = "https://svn.code.sf.net/p/qmmp-dev/code";
};
}

1
pkgs/applications/audio/quodlibet/default.nix
View File

@ -30,7 +30,6 @@ python3.pkgs.buildPythonApplication rec {
++ optionals withDbusPython [ dbus-python ]
++ optionals withPyInotify [ pyinotify ]
++ optionals withMusicBrainzNgs [ musicbrainzngs ]
++ optionals stdenv.isDarwin [ pyobjc ]
++ optionals withPahoMqtt [ paho-mqtt ];
LC_ALL = "en_US.UTF-8";

12
pkgs/applications/audio/r128gain/default.nix
View File

@ -3,7 +3,7 @@
, genericUpdater
, substituteAll
, common-updater-scripts
, ffmpeg_3
, ffmpeg
, python3Packages
, sox
}:
@ -20,12 +20,10 @@ python3Packages.buildPythonApplication rec {
};
patches = [
(
substituteAll {
src = ./ffmpeg-location.patch;
ffmpeg = ffmpeg_3;
}
)
(substituteAll {
src = ./ffmpeg-location.patch;
inherit ffmpeg;
})
];
propagatedBuildInputs = with python3Packages; [ crcmod ffmpeg-python mutagen tqdm ];

11
pkgs/applications/audio/vmpk/default.nix
View File

@ -5,16 +5,21 @@
mkDerivation rec {
pname = "vmpk";
version = "0.7.2";
version = "0.8.2";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${version}/${pname}-${version}.tar.bz2";
sha256 = "5oLrjQADg59Mxpb0CNLQAE574IOSYLDLJNaQ/9q2cMQ=";
sha256 = "1kv256j13adk4ib7r464gsl4vjhih820bq37ddhqfyfd07wh53a2";
};
nativeBuildInputs = [ cmake pkg-config qttools docbook-xsl-nons ];
buildInputs = [ qtx11extras drumstick ];
buildInputs = [ drumstick qtx11extras ];
postInstall = ''
# vmpk drumstickLocales looks here:
ln -s ${drumstick}/share/drumstick $out/share/
'';
meta = with lib; {
description = "Virtual MIDI Piano Keyboard";

3
pkgs/applications/editors/atom/env.nix
View File

@ -1,7 +1,7 @@
{ stdenv, lib, zlib, glib, alsaLib, dbus, gtk3, atk, pango, freetype, fontconfig
, libgnome-keyring3, gdk-pixbuf, cairo, cups, expat, libgpgerror, nspr
, gconf, nss, xorg, libcap, systemd, libnotify, libsecret, libuuid, at-spi2-atk
, at-spi2-core, libdbusmenu
, at-spi2-core, libdbusmenu, mesa
}:
let
@ -12,6 +12,7 @@ let
xorg.libXcomposite xorg.libXi xorg.libXfixes xorg.libXrandr
xorg.libXcursor xorg.libxkbfile xorg.libXScrnSaver libcap systemd libnotify
xorg.libxcb libsecret libuuid at-spi2-atk at-spi2-core libdbusmenu
mesa # required for libgbm
];
libPathNative = lib.makeLibraryPath packages;

48
pkgs/applications/editors/eclipse/default.nix
View File

@ -12,14 +12,14 @@ assert stdenv ? glibc;
# find the downloads needed for new versions
#
# to test:
# $ for e in cpp modeling platform sdk java committers rcp rust; do nix build -f default.nix pkgs.eclipses.eclipse-${e} -o eclipse-${e}; done
# $ for e in cpp modeling platform sdk java jee committers rcp; do nix build -f default.nix pkgs.eclipses.eclipse-${e} -o eclipse-${e}; done
let
platform_major = "4";
platform_minor = "18";
year = "2020";
month = "12";
timestamp = "${year}${month}021800";
platform_minor = "19";
year = "2021";
month = "03";
timestamp = "${year}${month}031800";
gtk = gtk3;
in rec {
@ -37,7 +37,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-cpp-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "MR6ddNmBKyXCyVGlGPfq6K2zJRywy4I5QDXji3rh81eJQ6zkEguo+VvD75i/szg/+FbCVA09vDVV06JgL4SHwQ==";
sha512 = "3j0lmll0glcr9p0hf49jiaq9xr8hadsy0y58wbbkdpldj3rclxr056dkswmiw2bkypfiwrjygbli5qxyp6mz380562hc2kjwijqq476";
};
};
@ -49,7 +49,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-modeling-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "hSi3IL+fWhlUfEJYv4LFO7WNbZpiofAgNGZbEOIBS0VpeHfJ5Y6UKMKMLfQlG3hlkAL5jg/cEJKb/ad4DxHbjQ==";
sha512 = "0iqz9a3ixcbmaci6lnspdnzwd2h1fcygi54hmsl89pq3d1k5scyhcl123ixi24csi782w847bn0lq00n0zwras9akmnhsflra4mw5pz";
};
};
@ -61,7 +61,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-platform-${platform_major}.${platform_minor}-linux-gtk-x86_64.tar.gz";
sha512 = "cPRa7ICogpcuwzOlzSSCEcWpwpUhQuIv6lGBKuAu9mOwj7Nz0TPaWVWNqN1541uVRXVTzcWX+mwc2UBPzWUPxg==";
sha512 = "03v1ly7j9d9qnl3d9rl5a9kp483dz8i8v3cfnh55ksm9fk8iy2fzg6wq178ggnx2z5x9k88a4wk6n647yilh2hgc2l7926imkh2j1ly";
};
};
@ -86,7 +86,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-SDK-${platform_major}.${platform_minor}-linux-gtk-x86_64.tar.gz";
sha512 = "iN6z5iSJ2bhE1IH3uJj7aiaF/nSIgIAqadvaTBpE4gkgLAXgtfraFAzgcw0zJr5m2u5mULfW45hLkmIXselniQ==";
sha512 = "37m91my121pch12bwpwk5svfqkm7vl07wjx4fkhpy947v5kjf36hm6x0i45swdg7f0hk72y2qz5ka15ki5jv890qy5psj6z7ax9sys7";
};
};
@ -98,7 +98,19 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-java-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "HVqsWUVNNRdcaziGdNI96R9F2VMUE4nYK1VX1G3pK+srFDlkJ7+rj2sZjtWL7WcJR1XSbT03nJJzPyp01RsCvQ==";
sha512 = "3qrnj6krhrqc9rfwlim3v7kshwfhsi050pszw6xdfbj56mzr9whr7l76isbpxd5j0zipgfw3qrzrx379pdp899d35fv284ilvllzl4k";
};
};
### Eclipse Java EE
eclipse-jee = buildEclipse {
name = "eclipse-jee-${platform_major}.${platform_minor}";
description = "Eclipse IDE for Enterprise Java and Web Developers";
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-jee-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "04k4x9imabxddqlrgajn33ak8i58wcap40ll09xz23d1sxn9a8prh01s06ymgwg6ldg939srphvbz4112p8p0b1hl7m25a02qll91zv";
};
};
@ -110,7 +122,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-committers-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "UtI4piLNRM3TsM9PzbGgsPqTkiurJ+7Q7jVra45an4YJHtfWcGTxxwUNnRzay6cHT49AjrWtVf1bovWSDXMiQA==";
sha512 = "2yksl3w7yr1a3h4zdpa9zf394r5c185zqxhigdv858ldg46kmr9h0l2c7shbgb16kkybcnrk4x44dhjvh60x8xw6ma05klp4lp9v5va";
};
};
@ -122,19 +134,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-rcp-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "9DqNjSx1Ypdzpt1jIOJ9KFx8y+cG55K6bqkWTqnGjjDr4h4mWSzvGjHGUtFrKl92WRzQZKjNPxzVreDMcUkc/g==";
};
};
### Eclipse IDE for Rust Developers
eclipse-rust = buildEclipse {
name = "eclipse-rust-${platform_major}.${platform_minor}";
description = "Eclipse IDE for Rust Developers";
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-rust-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "QbaG1knCMFnVQkPeApcIamJMXPyL8zUQa0ZsTJOuTgU/fD1RiHN7/WS6ax5azzIJhpjEtj2LMU4XV+MwkzResw==";
sha512 = "3fhrhwbyqcys56c93s1vl9rbvn269nn5y3cb9f3n1qwgw6i97mim2zy98jl3r8cksf97jwsmqmsqclsgz9v799wcckv81dj1l628382";
};
};

24
pkgs/applications/editors/eclipse/plugins.nix
View File

@ -248,12 +248,12 @@ rec {
cdt = buildEclipseUpdateSite rec {
name = "cdt-${version}";
# find current version at https://www.eclipse.org/cdt/downloads.php
version = "10.1.0";
version = "10.2.0";
src = fetchzip {
stripRoot = false;
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/tools/cdt/releases/10.1/${name}/${name}.zip";
sha256 = "1hbswcar3a5cw20mwrj82w9pvpkvvj6jrvqqf1lincva0r5sl7h8";
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/tools/cdt/releases/10.2/${name}/${name}.zip";
sha256 = "1r30cbpbzw3dfcsn54p6sqip86dqhydhsppjgaz60b6z138vzx49";
};
meta = with lib; {
@ -474,24 +474,6 @@ rec {
};
};
jdt = buildEclipseUpdateSite rec {
name = "jdt-${version}";
version = "4.18";
src = fetchzip {
stripRoot = false;
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-${version}-202012021800/org.eclipse.jdt-${version}.zip";
sha256 = "q0O6OE2u0bdz1+nOkzXDrrOOzoEbVaXnejx4lX7uZgk=";
};
meta = with lib; {
homepage = "https://www.eclipse.org/jdt/";
description = "Eclipse Java development tools";
license = licenses.epl10;
platforms = platforms.all;
};
};
jdt-codemining = buildEclipsePlugin rec {
name = "jdt-codemining-${version}";
version = "1.0.0.201806221018";

1
pkgs/applications/editors/gophernotes/default.nix
View File

@ -21,6 +21,5 @@ buildGoModule rec {
homepage = "https://github.com/gopherdata/gophernotes";
license = licenses.mit;
maintainers = [ maintainers.costrouc ];
platforms = platforms.all;
};
}

7
pkgs/applications/editors/jetbrains/default.nix
View File

@ -1,8 +1,7 @@
{ lib, stdenv, callPackage, fetchurl
, jdk, cmake, libxml2, zlib, python3, ncurses5
, dotnet-sdk_3
, jdk, cmake, zlib, python3
, dotnet-sdk_5
, autoPatchelfHook
, glib
, libdbusmenu
, vmopts ? null
}:
@ -197,7 +196,7 @@ let
patchPhase = lib.optionalString (!stdenv.isDarwin) (attrs.patchPhase + ''
rm -rf lib/ReSharperHost/linux-x64/dotnet
mkdir -p lib/ReSharperHost/linux-x64/dotnet/
ln -s ${dotnet-sdk_3}/bin/dotnet lib/ReSharperHost/linux-x64/dotnet/dotnet
ln -s ${dotnet-sdk_5}/bin/dotnet lib/ReSharperHost/linux-x64/dotnet/dotnet
'');
});

1
pkgs/applications/editors/neovim/wrapper.nix
View File

@ -113,6 +113,7 @@ let
hydraPlatforms = [];
# prefer wrapper over the package
priority = (neovim.meta.priority or 0) - 1;
mainProgram = "nvim";
};
};
in

4
pkgs/applications/graphics/ImageMagick/6.x.nix
View File

@ -16,13 +16,13 @@ in
stdenv.mkDerivation rec {
pname = "imagemagick";
version = "6.9.12-3";
version = "6.9.12-8";
src = fetchFromGitHub {
owner = "ImageMagick";
repo = "ImageMagick6";
rev = version;
sha256 = "sha256-h9c0N9AcFVpNYpKl+95q1RVJWuacN4N4kbAJIKJp8Jc=";
sha256 = "sha256-ZFCmoZOdZ3jbM5S90zBNiMGJKFylMLO0r3DB25wu3MM=";
};
outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big

4
pkgs/applications/graphics/ImageMagick/7.0.nix
View File

@ -16,13 +16,13 @@ in
stdenv.mkDerivation rec {
pname = "imagemagick";
version = "7.0.11-6";
version = "7.0.11-8";
src = fetchFromGitHub {
owner = "ImageMagick";
repo = "ImageMagick";
rev = version;
sha256 = "sha256-QClOS58l17KHeQXya+IKNx6nIkd6jCKp8uupRH7Fwnk=";
sha256 = "sha256-h9hoFXnxuLVQRVtEh83P7efz2KFLLqOXKD6nVJEhqiM=";
};
outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big

4
pkgs/applications/graphics/drawing/default.nix
View File

@ -17,7 +17,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "drawing";
version = "0.4.13";
version = "0.8.0";
format = "other";
@ -25,7 +25,7 @@ python3.pkgs.buildPythonApplication rec {
owner = "maoschanz";
repo = pname;
rev = version;
sha256 = "0mj2nmfrckv89srgkn16fnbrb35f5a655ak8bb3rd9na3hd5bq53";
sha256 = "03cx6acb0ph7b3difshjfddi8ld79wp8d12bdp7dp1q1820j5mz0";
};
nativeBuildInputs = [

3
pkgs/applications/graphics/drawio/default.nix
View File

@ -4,7 +4,7 @@
, alsaLib, atk, at-spi2-atk, at-spi2-core, cairo, dbus, cups, expat
, gdk-pixbuf, glib, gtk3, libX11, libXScrnSaver, libXcomposite, libXcursor
, libXdamage, libXext, libXfixes, libXi, libXrandr, libXrender, libXtst
, libxcb, libuuid, libxshmfence, nspr, nss, pango
, libxcb, libuuid, libxshmfence, nspr, nss, pango, mesa
, systemd
}:
@ -50,6 +50,7 @@ stdenv.mkDerivation rec {
libXtst
libxcb
libuuid
mesa # for libgbm
nspr
nss
pango

5
pkgs/applications/graphics/hydrus/default.nix
View File

@ -1,7 +1,6 @@
{ lib
, fetchFromGitHub
, xz
, qt5
, wrapQtAppsHook
, miniupnpc_2
, swftools
@ -10,14 +9,14 @@
pythonPackages.buildPythonPackage rec {
pname = "hydrus";
version = "434";
version = "436";
format = "other";
src = fetchFromGitHub {
owner = "hydrusnetwork";
repo = "hydrus";
rev = "v${version}";
sha256 = "sha256-7Allc9zawja8DO2idv+MAYZ/cBRTCMd0mbgBLfEVii8=";
sha256 = "sha256-FXm8VUEY0OZ6/dc/qNwOXekhv5H2C9jjg/eNDoMvMn0==";
};
nativeBuildInputs = [

16
pkgs/applications/graphics/kodelife/default.nix
View File

@ -9,22 +9,20 @@
stdenv.mkDerivation rec {
pname = "kodelife";
version = "0.9.0.129";
version = "0.9.8.143";
suffix = {
aarch64-linux = "linux-arm64";
armv7l-linux = "linux-armhf";
x86_64-darwin = "macos";
x86_64-linux = "linux-x86_64";
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
src = fetchzip {
url = "https://hexler.net/pub/${pname}/${pname}-${version}-${suffix}.zip";
sha256 = {
aarch64-linux = "0z2fqlf156348ha3zhv16kvqdx68fbwbzch2gzjm9x1na9n5k1ra";
armv7l-linux = "1ppwgrmgl1j2ws9mhrscvvkamd69a6xw7x35df6d30cyj97r0mzy";
x86_64-darwin = "0f8vn6m3xzsiyxm2ka5wkbp63wvzrix6g1xrbpvcm3v2llmychkl";
x86_64-linux = "035c1nlw0nim057sz3axpkcgkafqbm6gpr8hwr097vlrqll6w3dv";
aarch64-linux = "0ryjmpzpfqdqrvqpq851vvrjd8ld5g91gcigpv9rxp3z1b7qdand";
armv7l-linux = "08nlwn8ixndqil4m7j6c8gjxmwx8zi3in86arnwf13shk6cds5nb";
x86_64-linux = "0kbz7pvh4i4a3pj1vzbzzslha825i888isvsigcqsqvipjr4798q";
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
};
@ -35,8 +33,10 @@ stdenv.mkDerivation rec {
preferLocalBuild = true;
installPhase = ''
runHook preInstall
mkdir -p $out/bin
mv KodeLife $out/bin
runHook postInstall
'';
preFixup = let
@ -49,7 +49,7 @@ stdenv.mkDerivation rec {
libGLU libGL
xorg.libX11
];
in lib.optionalString (!stdenv.isDarwin) ''
in ''
patchelf \
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath "${libPath}" \
@ -61,6 +61,6 @@ stdenv.mkDerivation rec {
description = "Real-time GPU shader editor";
license = licenses.unfree;
maintainers = with maintainers; [ prusnak ];
platforms = [ "aarch64-linux" "armv7l-linux" "x86_64-darwin" "x86_64-linux" ];
platforms = [ "aarch64-linux" "armv7l-linux" "x86_64-linux" ];
};
}

8
pkgs/applications/graphics/krita/default.nix
View File

@ -10,11 +10,11 @@
mkDerivation rec {
pname = "krita";
version = "4.4.2";
version = "4.4.3";
src = fetchurl {
url = "https://download.kde.org/stable/${pname}/${version}/${pname}-${version}.tar.xz";
sha256 = "121fjdv5phx1aqk21vx9k9vsc5k1w8s86gp6pamy2y31r2ph7r8y";
url = "https://download.kde.org/stable/${pname}/${version}/${pname}-${version}.tar.gz";
sha256 = "0rwghzci2wn2jmisvnzs23yxc2z3d4dcx2qbbhcvjyi3q8ij61nl";
};
nativeBuildInputs = [ cmake extra-cmake-modules python3Packages.sip makeWrapper ];
@ -48,6 +48,6 @@ mkDerivation rec {
homepage = "https://krita.org/";
maintainers = with maintainers; [ abbradar ];
platforms = platforms.linux;
license = licenses.gpl2;
license = licenses.gpl3Only;
};
}

6
pkgs/applications/graphics/mcomix3/default.nix
View File

@ -17,13 +17,13 @@
python3.pkgs.buildPythonApplication rec {
pname = "mcomix3";
version = "unstable-2020-11-23";
version = "unstable-2021-04-23";
# no official release on pypi/github and no build system
src = fetchFromGitHub {
repo = "${pname}";
owner = "multiSnow";
rev = "cdcb27533dc7ee2ebf7b0a8ab5ba10e61c0b8ff8";
rev = "139344e23898c28484328fc29fd0c6659affb12d";
sha256 = "0q9xgl60ryf7qmy5vgzgfry4rvw5j9rb4d1ilxmpjmvm7dd3fm2k";
};
@ -46,6 +46,8 @@ python3.pkgs.buildPythonApplication rec {
installPhase = ''
runHook preInstall
substituteInPlace mime/*.desktop \
--replace "Exec=mcomix" "Exec=mcomix3"
${python3.executable} installer.py --srcdir=mcomix --target=$libdir
mv $libdir/mcomix/mcomixstarter.py $out/bin/${pname}
mv $libdir/mcomix/comicthumb.py $out/bin/comicthumb

115
pkgs/applications/graphics/openboard/default.nix Normal file
View File

@ -0,0 +1,115 @@
{ mkDerivation, lib, fetchFromGitHub, copyDesktopItems, makeDesktopItem, qmake
, qtbase, qtxmlpatterns, qttools, qtwebkit, libGL, fontconfig, openssl, poppler
, ffmpeg, libva, alsaLib, SDL, x264, libvpx, libvorbis, libtheora, libogg
, libopus, lame, fdk_aac, libass, quazip, libXext, libXfixes }:
let
importer = mkDerivation rec {
pname = "openboard-importer";
version = "unstable-2016-10-08";
src = fetchFromGitHub {
owner = "OpenBoard-org";
repo = "OpenBoard-Importer";
rev = "47927bda021b4f7f1540b794825fb0d601875e79";
sha256 = "19zhgsimy0f070caikc4vrrqyc8kv2h6rl37sy3iggks8z0g98gf";
};
nativeBuildInputs = [ qmake ];
installPhase = ''
install -Dm755 OpenBoardImporter $out/bin/OpenBoardImporter
'';
};
in mkDerivation rec {
pname = "openboard";
version = "1.6.1";
src = fetchFromGitHub {
owner = "OpenBoard-org";
repo = "OpenBoard";
rev = "v${version}";
sha256 = "sha256-OlGXGIMghil/GG6eso20+CWo/hCjarXGs6edXX9pc/M=";
};
postPatch = ''
substituteInPlace OpenBoard.pro \
--replace '/usr/include/quazip' '${quazip}/include/quazip5' \
--replace '/usr/include/poppler' '${poppler.dev}/include/poppler'
'';
nativeBuildInputs = [ qmake copyDesktopItems ];
buildInputs = [
qtbase
qtxmlpatterns
qttools
qtwebkit
libGL
fontconfig
openssl
poppler
ffmpeg
libva
alsaLib
SDL
x264
libvpx
libvorbis
libtheora
libogg
libopus
lame
fdk_aac
libass
quazip
libXext
libXfixes
];
propagatedBuildInputs = [ importer ];
makeFlags = [ "release-install" ];
desktopItems = [
(makeDesktopItem {
name = "OpenBoard";
exec = "OpenBoard %f";
icon = "OpenBoard";
comment = "OpenBoard, an interactive white board application";
desktopName = "OpenBoard";
mimeType = "application/ubz";
categories = "Education;";
startupNotify = true;
})
];
installPhase = ''
runHook preInstall
lrelease OpenBoard.pro
# Replicated release_scripts/linux/package.sh
mkdir -p $out/opt/openboard/i18n
cp -R resources/customizations build/linux/release/product/* $out/opt/openboard/
cp resources/i18n/*.qm $out/opt/openboard/i18n/
install -m644 resources/linux/openboard-ubz.xml $out/opt/openboard/etc/
install -Dm644 resources/images/OpenBoard.png $out/share/icons/hicolor/64x64/apps/OpenBoard.png
runHook postInstall
'';
dontWrapQtApps = true;
postFixup = ''
makeWrapper $out/opt/openboard/OpenBoard $out/bin/OpenBoard \
"''${qtWrapperArgs[@]}"
'';
meta = with lib; {
description = "Interactive whiteboard application";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ fufexan ];
platforms = platforms.linux;
};
}

29
pkgs/applications/graphics/pixelnuke/default.nix Normal file
View File

@ -0,0 +1,29 @@
{ lib, stdenv, fetchFromGitHub, libevent, glew, glfw }:
stdenv.mkDerivation {
pname = "pixelnuke";
version = "unstable-2019-05-19";
src = fetchFromGitHub {
owner = "defnull";
repo = "pixelflut";
rev = "3458157a242ba1789de7ce308480f4e1cbacc916";
sha256 = "03dp0p00chy00njl4w02ahxqiwqpjsrvwg8j4yi4dgckkc3gbh40";
};
sourceRoot = "source/pixelnuke";
buildInputs = [ libevent glew glfw ];
installPhase = ''
install -Dm755 ./pixelnuke $out/bin/pixelnuke
'';
meta = with lib; {
description = "Multiplayer canvas (C implementation)";
homepage = "https://cccgoe.de/wiki/Pixelflut";
license = licenses.unlicense;
platforms = platforms.linux;
maintainers = with maintainers; [ mrVanDalo ];
};
}

2
pkgs/applications/kde/fetch.sh
View File

@ -1 +1 @@
WGET_ARGS=( http://download.kde.org/stable/release-service/20.12.2/src -A '*.tar.xz' )
WGET_ARGS=( http://download.kde.org/stable/release-service/20.12.3/src -A '*.tar.xz' )

1792
pkgs/applications/kde/srcs.nix
View File

File diff suppressed because it is too large Load Diff

4
pkgs/applications/logging/humioctl/default.nix
View File

@ -1,8 +1,8 @@
{ buildGoModule, fetchFromGitHub, installShellFiles, lib }:
let
humioCtlVersion = "0.28.2";
sha256 = "sha256-mCYxgBiuKylL2Qx4RCnD4ZoMFUm2J6VIL/Erc0u3BMA=";
humioCtlVersion = "0.28.3";
sha256 = "sha256-GUn5hg4gPGjQ6U2dboGE22u8XuZ578+EnkmHLASXd3Q=";
vendorSha256 = "sha256-867x33Aq27D2m14NqqsdByC39pjjyJZbfX3jmwVU2yo=";
in buildGoModule {
name = "humioctl-${humioCtlVersion}";

1
pkgs/applications/misc/bleachbit/default.nix
View File

@ -7,6 +7,7 @@
, glib
, gtk3
, libnotify
, scandir ? null
}:
python3Packages.buildPythonApplication rec {

11
pkgs/applications/misc/bottles/default.nix
View File

@ -1,6 +1,6 @@
{ lib, fetchFromGitHub
, meson, ninja, pkg-config, wrapGAppsHook
, desktop-file-utils, gsettings-desktop-schemas, libnotify
, desktop-file-utils, gsettings-desktop-schemas, libnotify, libhandy
, python3Packages, gettext
, appstream-glib, gdk-pixbuf, glib, gobject-introspection, gspell, gtk3
, steam-run-native
@ -8,13 +8,13 @@
python3Packages.buildPythonApplication rec {
pname = "bottles";
version = "2.1.1";
version = "3.1.6";
src = fetchFromGitHub {
owner = "bottlesdevs";
repo = pname;
rev = version;
sha256 = "1hbjnd06h0h47gcwb1s1b9py5nwmia1m35da6zydbl70vs75imhn";
sha256 = "1izks01010akjf83xvi70dr4yzgk6yr84kd0slzz22yq204pdh5m";
};
postPatch = ''
@ -39,6 +39,7 @@ python3Packages.buildPythonApplication rec {
gsettings-desktop-schemas
gspell
gtk3
libhandy
libnotify
];
@ -69,9 +70,9 @@ python3Packages.buildPythonApplication rec {
meta = with lib; {
description = "An easy-to-use wineprefix manager";
homepage = "https://github.com/bottlesdevs/Bottles";
homepage = "https://usebottles.com/";
license = licenses.gpl3Only;
maintainers = with maintainers; [ bloomvdomino ];
maintainers = with maintainers; [ bloomvdomino shamilton ];
platforms = platforms.linux;
};
}

4
pkgs/applications/misc/calcurse/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "calcurse";
version = "4.7.0";
version = "4.7.1";
src = fetchurl {
url = "https://calcurse.org/files/${pname}-${version}.tar.gz";
sha256 = "0dc4bka2l9z03bnlygsnl06l1zi2wbn29rkc02b13x2kdab7arpg";
sha256 = "sha256-CnxV0HZ0Vp0WbAsOdYeyly09qBYM231gsdvSiVgDr7A=";
};
buildInputs = [ ncurses gettext python3 python3Packages.wrapPython ];

4
pkgs/applications/misc/coolreader/default.nix
View File

@ -3,13 +3,13 @@
mkDerivation rec {
pname = "coolreader";
version = "3.2.55";
version = "3.2.57";
src = fetchFromGitHub {
owner = "buggins";
repo = pname;
rev = "cr${version}";
sha256 = "sha256-gYAaYGEjw7p6y4h5j6j/4Ld+b37Nv+kt04Wp+qb8gzY=";
sha256 = "sha256-ZfgaLCLvBU6xP7nx7YJTsJSpvpdQgLpSMWH+BsG8E1g=";
};
nativeBuildInputs = [ cmake pkg-config ];

6
pkgs/applications/misc/cura/default.nix
View File

@ -3,13 +3,13 @@
mkDerivation rec {
pname = "cura";
version = "4.8.0";
version = "4.9.0";
src = fetchFromGitHub {
owner = "Ultimaker";
repo = "Cura";
rev = version;
sha256 = "060fqzspipm93ks0inrj7yrj5wmvkdfv8xaxrv22590yb9f95s9m";
sha256 = "1q515qwrzla3ikbsjmk91y0nrbwih11jycgmd50lkrmnkh7qj0r2";
};
materials = fetchFromGitHub {
@ -22,7 +22,7 @@ mkDerivation rec {
buildInputs = [ qtbase qtquickcontrols2 qtgraphicaleffects ];
propagatedBuildInputs = with python3.pkgs; [
libsavitar numpy-stl pyserial requests uranium zeroconf pynest2d
sentry-sdk trimesh
sentry-sdk trimesh keyring
] ++ plugins;
nativeBuildInputs = [ cmake python3.pkgs.wrapPython ];

20
pkgs/applications/misc/cura/plugins.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, fetchpatch, python3Packages, libspnav }:
{ lib, stdenv, fetchFromGitHub, fetchpatch, python3Packages, libspnav, jq }:
let
@ -34,18 +34,28 @@ let
rawmouse = stdenv.mkDerivation rec {
pname = "RawMouse";
version = "1.0.13";
version = "1.1.0";
src = fetchFromGitHub {
owner = "smartavionics";
repo = pname;
rev = version;
sha256 = "1cj40pgsfcwliz47mkiqjbslkwcm34qb1pajc2mcljgflcnickly";
sha256 = "0hvi7qwd4xfnqnhbj9dgfjmvv9df7s42asf3fdfxv43n6nx74scw";
};
nativeBuildInputs = [ jq ];
propagatedBuildInputs = with python3Packages; [
hidapi
];
buildPhase = ''
substituteInPlace RawMouse/config.json --replace \
/usr/local/lib/libspnav.so ${libspnav}/lib/libspnav.so
jq 'del(.devices) | .libspnav="${libspnav}/lib/libspnav.so"' \
<RawMouse/config.json >RawMouse/config.json.new
mv RawMouse/config.json.new RawMouse/config.json
# remove prebuilt binaries
rm -r RawMouse/hidapi
'';
installPhase = ''

6
pkgs/applications/misc/curaengine/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "curaengine";
version = "4.8.0";
version = "4.9.0";
src = fetchFromGitHub {
owner = "Ultimaker";
repo = "CuraEngine";
rev = version;
sha256 = "083l327ry6hv3yaa1p8dx1hx7fm12b0lh5nlbshxjyym0vi15rw2";
sha256 = "0b82hwn7pb73h1azaandq93bkzlzskhgk71pwf4yws0j9bm6z084";
};
nativeBuildInputs = [ cmake ];
@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "A powerful, fast and robust engine for processing 3D models into 3D printing instruction";
homepage = "https://github.com/Ultimaker/CuraEngine";
license = licenses.agpl3;
license = licenses.agpl3Only;
platforms = platforms.linux;
maintainers = with maintainers; [ abbradar gebner ];
};

9
pkgs/applications/misc/electrum/default.nix
View File

@ -20,7 +20,7 @@
}:
let
version = "4.1.1";
version = "4.1.2";
libsecp256k1_name =
if stdenv.isLinux then "libsecp256k1.so.0"
@ -51,7 +51,7 @@ python3.pkgs.buildPythonApplication {
src = fetchurl {
url = "https://download.electrum.org/${version}/Electrum-${version}.tar.gz";
sha256 = "0yg6ld92a4xgn7y8i51hmr3kmgmrbrjwniikkmyq9q141h2drb80";
sha256 = "05m6vbd4sfjk536kwa5wa3kv21jxxqnglx0ddvnmxfhf98371bhk";
};
postUnpack = ''
@ -59,6 +59,11 @@ python3.pkgs.buildPythonApplication {
cp -ar ${tests} $sourceRoot/electrum/tests
'';
prePatch = ''
substituteInPlace contrib/requirements/requirements.txt \
--replace "dnspython>=2.0,<2.1" "dnspython>=2.0"
'';
nativeBuildInputs = lib.optionals enableQt [ wrapQtAppsHook ];
propagatedBuildInputs = with python3.pkgs; [

47
pkgs/applications/misc/fme/default.nix
View File

@ -1,33 +1,56 @@
{ lib, stdenv, fetchurl, pkg-config, autoconf, automake, gettext
, fluxbox, bc, gtkmm2, glibmm, libglademm, libsigcxx }:
{ lib
, stdenv
, fetchurl
, autoconf
, automake
, bc
, fluxbox
, gettext
, glibmm
, gtkmm2
, libglademm
, libsigcxx
, pkg-config
}:
stdenv.mkDerivation rec {
pname = "fme";
version = "1.1.3";
src = fetchurl {
url = "https://github.com/rdehouss/fme/archive/v${version}.tar.gz";
sha256 = "d1c81a6a38c0faad02943ad65d6d0314bd205c6de841669a2efe43e4c503e63d";
hash = "sha256-0cgaajjA+q0ClDrWXW0DFL0gXG3oQWaaLv5D5MUD5j0=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ autoconf automake gettext fluxbox bc gtkmm2 glibmm libglademm libsigcxx ];
nativeBuildInputs = [
autoconf
automake
gettext
pkg-config
];
buildInputs = [
bc
fluxbox
glibmm
gtkmm2
libglademm
libsigcxx
];
preConfigure = ''
./autogen.sh
'';
meta = with lib; {
homepage = "https://github.com/rdehouss/fme/";
description = "Editor for Fluxbox menus";
longDescription = ''
Fluxbox Menu Editor is a menu editor for the Window Manager Fluxbox written in C++
with the libraries Gtkmm, Glibmm, libglademm and gettext for internationalization.
Its user-friendly interface will help you to edit, delete, move (Drag and Drop)
a row, a submenu, etc very easily.
Fluxbox Menu Editor is a menu editor for the Window Manager Fluxbox
written in C++ with the libraries Gtkmm, Glibmm, libglademm and gettext
for internationalization. Its user-friendly interface will help you to
edit, delete, move (Drag and Drop) a row, a submenu, etc very easily.
'';
homepage = "https://github.com/rdehouss/fme/";
license = licenses.gpl2;
license = licenses.gpl2Plus;
maintainers = [ maintainers.AndersonTorres ];
platforms = platforms.linux;
};

Some files were not shown because too many files have changed in this diff Show More