public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into wrapprogram-for-phpdbg

Browse Source
This commit is contained in:
Alex Good 2020-11-16 16:38:21 +00:00
commit aaa7af13dc
1404 changed files with 19688 additions and 13726 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.editorconfig
View File

@ -76,10 +76,12 @@ trim_trailing_whitespace = unset
[pkgs/build-support/dotnetenv/Wrapper/**]
end_of_line = unset
indent_style = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
[pkgs/build-support/upstream-updater/**]
indent_style = unset
trim_trailing_whitespace = unset
[pkgs/development/compilers/elm/registry.dat]
@ -96,6 +98,9 @@ trim_trailing_whitespace = unset
[pkgs/development/node-packages/composition.nix]
insert_final_newline = unset
[pkgs/development/{perl-modules,ocaml-modules,tools/ocaml}/**]
indent_style = unset
[pkgs/servers/dict/wordnet_structures.py]
trim_trailing_whitespace = unset

2
.github/CODEOWNERS vendored
View File

@ -207,7 +207,7 @@
/nixos/tests/podman.nix @NixOS/podman @zowoq
# Docker tools
/pkgs/build-support/docker @roberth
/pkgs/build-support/docker @roberth @utdemir
/nixos/tests/docker-tools-overlay.nix @roberth
/nixos/tests/docker-tools.nix @roberth
/doc/builders/images/dockertools.xml @roberth

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -5,7 +5,7 @@ comment describing what you have tested in the relevant package/service.
Reviewing helps to reduce the average time-to-merge for everyone.
Thanks a lot if you do!
List of open PRs: https://github.com/NixOS/nixpkgs/pulls
Reviewing guidelines: https://hydra.nixos.org/job/nixpkgs/trunk/manual/latest/download/1/nixpkgs/manual.html#chap-reviewing-contributions
Reviewing guidelines: https://nixos.org/manual/nixpkgs/unstable/#chap-reviewing-contributions
-->
###### Motivation for this change

4
.github/workflows/editorconfig.yml vendored
View File

@ -2,6 +2,8 @@ name: "Checking EditorConfig"
on:
pull_request:
branches-ignore:
- 'release-**'
jobs:
tests:
@ -23,5 +25,5 @@ jobs:
- name: Checking EditorConfig
if: env.GIT_DIFF
run: |
./bin/editorconfig-checker -disable-indentation \
./bin/editorconfig-checker -disable-indent-size \
${{ env.GIT_DIFF }}

2
README.md
View File

@ -8,7 +8,7 @@
</p>
[Nixpkgs](https://github.com/nixos/nixpkgs) is a collection of over
40,000 software packages that can be installed with the
60,000 software packages that can be installed with the
[Nix](https://nixos.org/nix/) package manager. It also implements
[NixOS](https://nixos.org/nixos/), a purely-functional Linux distribution.

52
doc/contributing/reviewing-contributions.xml
View File

@ -7,8 +7,8 @@
<warning>
<para>
The following section is a draft, and the policy for reviewing is still being discussed in issues such as <link
xlink:href="https://github.com/NixOS/nixpkgs/issues/11166">#11166 </link> and <link
xlink:href="https://github.com/NixOS/nixpkgs/issues/20836">#20836 </link>.
xlink:href="https://github.com/NixOS/nixpkgs/issues/11166">#11166 </link> and <link
xlink:href="https://github.com/NixOS/nixpkgs/issues/20836">#20836 </link>.
</para>
</warning>
<para>
@ -47,18 +47,6 @@
</para>
<itemizedlist>
<listitem>
<para>
Add labels to the pull request. (Requires commit rights)
</para>
<itemizedlist>
<listitem>
<para>
<literal>8.has: package (update)</literal> and any topic label that fit the updated package.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Ensure that the package versioning fits the guidelines.
@ -186,18 +174,6 @@
</para>
<itemizedlist>
<listitem>
<para>
Add labels to the pull request. (Requires commit rights)
</para>
<itemizedlist>
<listitem>
<para>
<literal>8.has: package (new)</literal> and any topic label that fit the new package.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Ensure that the package versioning is fitting the guidelines.
@ -302,18 +278,6 @@
</para>
<itemizedlist>
<listitem>
<para>
Add labels to the pull request. (Requires commit rights)
</para>
<itemizedlist>
<listitem>
<para>
<literal>8.has: module (update)</literal> and any topic label that fit the module.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Ensure that the module maintainers are notified.
@ -406,18 +370,6 @@
</para>
<itemizedlist>
<listitem>
<para>
Add labels to the pull request. (Requires commit rights)
</para>
<itemizedlist>
<listitem>
<para>
<literal>8.has: module (new)</literal> and any topic label that fit the module.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Ensure that the module tests, if any, are succeeding.

4
doc/languages-frameworks/dotnet.section.md
View File

@ -64,9 +64,9 @@ $ dotnet --info
The `dotnetCorePackages.sdk_X_Y` is preferred over the old dotnet-sdk as both major and minor version are very important for a dotnet environment. If a given minor version isn't present (or was changed), then this will likely break your ability to build a project.
## dotnetCorePackages.sdk vs dotnetCorePackages.netcore vs dotnetCorePackages.aspnetcore
## dotnetCorePackages.sdk vs vs dotnetCorePackages.net vs dotnetCorePackages.netcore vs dotnetCorePackages.aspnetcore
The `dotnetCorePackages.sdk` contains both a runtime and the full sdk of a given version. The `netcore` and `aspnetcore` packages are meant to serve as minimal runtimes to deploy alongside already built applications.
The `dotnetCorePackages.sdk` contains both a runtime and the full sdk of a given version. The `net`, `netcore` and `aspnetcore` packages are meant to serve as minimal runtimes to deploy alongside already built applications. For runtime versions >= .NET 5 `net` is used while `netcore` is used for older .NET Core runtime version.
## Packaging a Dotnet Application

3
doc/stdenv/meta.xml
View File

@ -189,8 +189,7 @@ hello-2.3 A program that produces a familiar, friendly greeting
</term>
<listitem>
<para>
A list of names and e-mail addresses of the maintainers of this Nix expression. If you would like to be a maintainer of a package, you may want to add yourself to <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/maintainers/maintainer-list.nix"><filename>nixpkgs/maintainers/maintainer-list.nix</filename></link> and write something like <literal>[ stdenv.lib.maintainers.alice stdenv.lib.maintainers.bob ]</literal>.
A list of the maintainers of this Nix expression. Maintainers are defined in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/maintainers/maintainer-list.nix"><filename>nixpkgs/maintainers/maintainer-list.nix</filename></link>. There is no restriction to becoming a maintainer, just add yourself to that list in a separate commit titled 'maintainers: add alice', and reference maintainers with <literal>maintainers = with lib.maintainers; [ alice bob ]</literal>.
</para>
</listitem>
</varlistentry>

4
lib/default.nix
View File

@ -5,7 +5,7 @@
*/
let
inherit (import ./fixed-points.nix {}) makeExtensible;
inherit (import ./fixed-points.nix { inherit lib; }) makeExtensible;
lib = makeExtensible (self: let
callLibs = file: import file { lib = self; };
@ -69,7 +69,7 @@ let
importJSON importTOML warn info showWarnings nixpkgsVersion version mod compare
splitByAndCompare functionArgs setFunctionArgs isFunction toHexString toBaseDigits;
inherit (self.fixedPoints) fix fix' converge extends composeExtensions
makeExtensible makeExtensibleWithCustomName;
composeManyExtensions makeExtensible makeExtensibleWithCustomName;
inherit (self.attrsets) attrByPath hasAttrByPath setAttrByPath
getAttrFromPath attrVals attrValues getAttrs catAttrs filterAttrs
filterAttrsRecursive foldAttrs collect nameValuePair mapAttrs

11
lib/fixed-points.nix
View File

@ -1,4 +1,4 @@
{ ... }:
{ lib, ... }:
rec {
# Compute the fixed point of the given function `f`, which is usually an
# attribute set that expects its final, non-recursive representation as an
@ -77,6 +77,15 @@ rec {
super' = super // fApplied;
in fApplied // g self super';
# Compose several extending functions of the type expected by 'extends' into
# one where changes made in preceding functions are made available to
# subsequent ones.
#
# composeManyExtensions : [packageSet -> packageSet -> packageSet] -> packageSet -> packageSet -> packageSet
# ^final ^prev ^overrides ^final ^prev ^overrides
composeManyExtensions =
lib.foldr (x: y: composeExtensions x y) (self: super: {});
# Create an overridable, recursive attribute set. For example:
#
# nix-repl> obj = makeExtensible (self: { })

8
lib/strings.nix
View File

@ -561,7 +561,9 @@ rec {
enableFeature false "shared"
=> "--disable-shared"
*/
enableFeature = enable: feat: "--${if enable then "enable" else "disable"}-${feat}";
enableFeature = enable: feat:
assert isString feat; # e.g. passing openssl instead of "openssl"
"--${if enable then "enable" else "disable"}-${feat}";
/* Create an --{enable-<feat>=<value>,disable-<feat>} string that can be passed to
standard GNU Autoconf scripts.
@ -583,7 +585,9 @@ rec {
withFeature false "shared"
=> "--without-shared"
*/
withFeature = with_: feat: "--${if with_ then "with" else "without"}-${feat}";
withFeature = with_: feat:
assert isString feat; # e.g. passing openssl instead of "openssl"
"--${if with_ then "with" else "without"}-${feat}";
/* Create an --{with-<feat>=<value>,without-<feat>} string that can be passed to
standard GNU Autoconf scripts.

5
lib/systems/doubles.nix
View File

@ -35,6 +35,9 @@ let
"msp430-none"
"riscv64-none" "riscv32-none"
"vc4-none"
"or1k-none"
"mmix-mmixware"
"js-ghcjs"
@ -56,8 +59,10 @@ in {
i686 = filterDoubles predicates.isi686;
x86_64 = filterDoubles predicates.isx86_64;
mips = filterDoubles predicates.isMips;
mmix = filterDoubles predicates.isMmix;
riscv = filterDoubles predicates.isRiscV;
vc4 = filterDoubles predicates.isVc4;
or1k = filterDoubles predicates.isOr1k;
js = filterDoubles predicates.isJavaScript;
bigEndian = filterDoubles predicates.isBigEndian;

11
lib/systems/examples.nix
View File

@ -109,6 +109,11 @@ rec {
platform = platforms.riscv-multiplatform "32";
};
mmix = {
config = "mmix-unknown-mmixware";
libc = "newlib";
};
msp430 = {
config = "msp430-elf";
libc = "newlib";
@ -124,6 +129,12 @@ rec {
platform = {};
};
or1k = {
config = "or1k-elf";
libc = "newlib";
platform = {};
};
arm-embedded = {
config = "arm-none-eabi";
libc = "newlib";

2
lib/systems/inspect.nix
View File

@ -17,6 +17,7 @@ rec {
isAarch32 = { cpu = { family = "arm"; bits = 32; }; };
isAarch64 = { cpu = { family = "arm"; bits = 64; }; };
isMips = { cpu = { family = "mips"; }; };
isMmix = { cpu = { family = "mmix"; }; };
isRiscV = { cpu = { family = "riscv"; }; };
isSparc = { cpu = { family = "sparc"; }; };
isWasm = { cpu = { family = "wasm"; }; };
@ -24,6 +25,7 @@ rec {
isVc4 = { cpu = { family = "vc4"; }; };
isAvr = { cpu = { family = "avr"; }; };
isAlpha = { cpu = { family = "alpha"; }; };
isOr1k = { cpu = { family = "or1k"; }; };
isJavaScript = { cpu = cpuTypes.js; };
is32bit = { cpu = { bits = 32; }; };

35
lib/systems/parse.nix
View File

@ -93,6 +93,8 @@ rec {
mips64 = { bits = 64; significantByte = bigEndian; family = "mips"; };
mips64el = { bits = 64; significantByte = littleEndian; family = "mips"; };
mmix = { bits = 64; significantByte = bigEndian; family = "mmix"; };
powerpc = { bits = 32; significantByte = bigEndian; family = "power"; };
powerpc64 = { bits = 64; significantByte = bigEndian; family = "power"; };
powerpc64le = { bits = 64; significantByte = littleEndian; family = "power"; };
@ -114,6 +116,8 @@ rec {
vc4 = { bits = 32; significantByte = littleEndian; family = "vc4"; };
or1k = { bits = 32; significantByte = bigEndian; family = "or1k"; };
js = { bits = 32; significantByte = littleEndian; family = "js"; };
};
@ -268,19 +272,20 @@ rec {
kernels = with execFormats; with kernelFamilies; setTypes types.openKernel {
# TODO(@Ericson2314): Don't want to mass-rebuild yet to keeping 'darwin' as
# the nnormalized name for macOS.
macos = { execFormat = macho; families = { inherit darwin; }; name = "darwin"; };
ios = { execFormat = macho; families = { inherit darwin; }; };
freebsd = { execFormat = elf; families = { inherit bsd; }; };
linux = { execFormat = elf; families = { }; };
netbsd = { execFormat = elf; families = { inherit bsd; }; };
none = { execFormat = unknown; families = { }; };
openbsd = { execFormat = elf; families = { inherit bsd; }; };
solaris = { execFormat = elf; families = { }; };
wasi = { execFormat = wasm; families = { }; };
redox = { execFormat = elf; families = { }; };
windows = { execFormat = pe; families = { }; };
ghcjs = { execFormat = unknown; families = { }; };
genode = { execFormat = elf; families = { }; };
macos = { execFormat = macho; families = { inherit darwin; }; name = "darwin"; };
ios = { execFormat = macho; families = { inherit darwin; }; };
freebsd = { execFormat = elf; families = { inherit bsd; }; };
linux = { execFormat = elf; families = { }; };
netbsd = { execFormat = elf; families = { inherit bsd; }; };
none = { execFormat = unknown; families = { }; };
openbsd = { execFormat = elf; families = { inherit bsd; }; };
solaris = { execFormat = elf; families = { }; };
wasi = { execFormat = wasm; families = { }; };
redox = { execFormat = elf; families = { }; };
windows = { execFormat = pe; families = { }; };
ghcjs = { execFormat = unknown; families = { }; };
genode = { execFormat = elf; families = { }; };
mmixware = { execFormat = unknown; families = { }; };
} // { # aliases
# 'darwin' is the kernel for all of them. We choose macOS by default.
darwin = kernels.macos;
@ -382,7 +387,7 @@ rec {
else if (elemAt l 1) == "elf"
then { cpu = elemAt l 0; vendor = "unknown"; kernel = "none"; abi = elemAt l 1; }
else { cpu = elemAt l 0; kernel = elemAt l 1; };
"3" = # Awkwards hacks, beware!
"3" = # Awkward hacks, beware!
if elemAt l 1 == "apple"
then { cpu = elemAt l 0; vendor = "apple"; kernel = elemAt l 2; }
else if (elemAt l 1 == "linux") || (elemAt l 2 == "gnu")
@ -393,6 +398,8 @@ rec {
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "wasi"; }
else if (elemAt l 2 == "redox")
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "redox"; }
else if (elemAt l 2 == "mmixware")
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "mmixware"; }
else if hasPrefix "netbsd" (elemAt l 2)
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; }
else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"])

20
lib/tests/misc.nix
View File

@ -87,6 +87,26 @@ runTests {
expected = true;
};
testComposeManyExtensions0 = {
expr = let obj = makeExtensible (self: { foo = true; });
emptyComposition = composeManyExtensions [];
composed = obj.extend emptyComposition;
in composed.foo;
expected = true;
};
testComposeManyExtensions =
let f = self: super: { bar = false; baz = true; };
g = self: super: { bar = super.baz or false; };
h = self: super: { qux = super.bar or false; };
obj = makeExtensible (self: { foo = self.qux; });
in {
expr = let composition = composeManyExtensions [f g h];
composed = obj.extend composition;
in composed.foo;
expected = (obj.extend (composeExtensions f (composeExtensions g h))).foo;
};
testBitAnd = {
expr = (bitAnd 3 10);
expected = 2;

6
lib/tests/systems.nix
View File

@ -11,12 +11,14 @@ let
expr = lib.sort lib.lessThan x;
expected = lib.sort lib.lessThan y;
};
in with lib.systems.doubles; lib.runTests {
testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ js ++ genode ++ redox);
in
with lib.systems.doubles; lib.runTests {
testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ mmix ++ js ++ genode ++ redox);
testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv6l-none" "armv7a-linux" "armv7l-linux" "arm-none" "armv7a-darwin" ];
testi686 = mseteq i686 [ "i686-linux" "i686-freebsd" "i686-genode" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-windows" "i686-none" "i686-darwin" ];
testmips = mseteq mips [ "mipsel-linux" ];
testmmix = mseteq mmix [ "mmix-mmixware" ];
testx86_64 = mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-genode" "x86_64-redox" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" "x86_64-windows" "x86_64-none" ];
testcygwin = mseteq cygwin [ "i686-cygwin" "x86_64-cygwin" ];

66
maintainers/maintainer-list.nix
View File

@ -514,6 +514,12 @@
githubId = 69135;
name = "Andrea Bedini";
};
andreasfelix = {
email = "fandreas@physik.hu-berlin.de";
github = "andreasfelix";
githubId = 24651767;
name = "Felix Andreas";
};
andres = {
email = "ksnixos@andres-loeh.de";
github = "kosmikus";
@ -1266,6 +1272,12 @@
githubId = 7214361;
name = "Roman Gerasimenko";
};
bburdette = {
email = "bburdette@protonmail.com";
github = "bburdette";
githubId = 157330;
name = "Ben Burdette";
};
bzizou = {
email = "Bruno@bzizou.net";
github = "bzizou";
@ -2011,6 +2023,16 @@
githubId = 49904992;
name = "Dawid Sowa";
};
dbirks = {
email = "david@birks.dev";
github = "dbirks";
githubId = 7545665;
name = "David Birks";
keys = [{
longkeyid = "ed25519/0xBB999F83D9A19A36";
fingerprint = "B26F 9AD8 DA20 3392 EF87 C61A BB99 9F83 D9A1 9A36";
}];
};
dbohdan = {
email = "dbohdan@dbohdan.com";
github = "dbohdan";
@ -2827,6 +2849,12 @@
fingerprint = "50B7 11F4 3DFD 2018 DCE6 E8D0 8A52 A140 BEBF 7D2C";
}];
};
fabianhjr = {
email = "fabianhjr@protonmail.com";
github = "fabianhjr";
githubId = 303897;
name = "Fabián Heredia Montiel";
};
fadenb = {
email = "tristan.helmich+nixos@gmail.com";
github = "fadenb";
@ -3487,6 +3515,12 @@
email = "t@larkery.com";
name = "Tom Hinton";
};
hjones2199 = {
email = "hjones2199@gmail.com";
github = "hjones2199";
githubId = 5525217;
name = "Hunter Jones";
};
hkjn = {
email = "me@hkjn.me";
name = "Henrik Jonsson";
@ -3859,6 +3893,8 @@
};
jcumming = {
email = "jack@mudshark.org";
github = "jcumming";
githubId = 1982341;
name = "Jack Cummings";
};
jD91mZM2 = {
@ -4284,6 +4320,12 @@
githubId = 16374374;
name = "Joshua Campbell";
};
jshholland = {
email = "josh@inv.alid.pw";
github = "jshholland";
githubId = 107689;
name = "Josh Holland";
};
jtcoolen = {
email = "jtcoolen@pm.me";
name = "Julien Coolen";
@ -5280,6 +5322,12 @@
githubId = 1238350;
name = "Matthias Herrmann";
};
majesticmullet = {
email = "hoccthomas@gmail.com.au";
github = "MajesticMullet";
githubId = 31056089;
name = "Tom Ho";
};
makefu = {
email = "makefu@syntax-fehler.de";
github = "makefu";
@ -5532,6 +5580,12 @@
fingerprint = "D709 03C8 0BE9 ACDC 14F0 3BFB 77BF E531 397E DE94";
}];
};
meatcar = {
email = "nixpkgs@denys.me";
github = "meatcar";
githubId = 191622;
name = "Denys Pavlov";
};
meditans = {
email = "meditans@gmail.com";
github = "meditans";
@ -7083,6 +7137,12 @@
fingerprint = "7573 56D7 79BB B888 773E 415E 736C CDF9 EF51 BD97";
}];
};
r-burns = {
email = "rtburns@protonmail.com";
github = "r-burns";
githubId = 52847440;
name = "Ryan Burns";
};
raboof = {
email = "arnout@bzzt.net";
github = "raboof";
@ -9922,4 +9982,10 @@
githubId = 19290397;
name = "Tunc Uzlu";
};
pulsation = {
name = "Philippe Sam-Long";
email = "1838397+pulsation@users.noreply.github.com";
github = "pulsation";
githubId = 1838397;
};
}

1
nixos/doc/manual/configuration/configuration.xml
View File

@ -18,6 +18,7 @@
<xi:include href="user-mgmt.xml" />
<xi:include href="file-systems.xml" />
<xi:include href="x-windows.xml" />
<xi:include href="wayland.xml" />
<xi:include href="gpu-accel.xml" />
<xi:include href="xfce.xml" />
<xi:include href="networking.xml" />

68
nixos/doc/manual/configuration/gpu-accel.xml
View File

@ -65,16 +65,16 @@ Platform Vendor Advanced Micro Devices, Inc.</screen>
<title>AMD</title>
<para>
Modern AMD <link
xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics
Core Next</link> (GCN) GPUs are supported through the
<package>rocm-opencl-icd</package> package. Adding this package to
<xref linkend="opt-hardware.opengl.extraPackages"/> enables OpenCL
support:
Modern AMD <link
xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics
Core Next</link> (GCN) GPUs are supported through the
<package>rocm-opencl-icd</package> package. Adding this package to
<xref linkend="opt-hardware.opengl.extraPackages"/> enables OpenCL
support:
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
rocm-opencl-icd
];</programlisting>
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
rocm-opencl-icd
];</programlisting>
</para>
</section>
@ -100,9 +100,9 @@ Platform Vendor Advanced Micro Devices, Inc.</screen>
support. For example, for Gen8 and later GPUs, the following
configuration can be used:
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
intel-compute-runtime
];</programlisting>
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
intel-compute-runtime
];</programlisting>
</para>
</section>
@ -173,31 +173,31 @@ GPU1:
<title>AMD</title>
<para>
Modern AMD <link
xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics
Core Next</link> (GCN) GPUs are supported through either radv, which is
part of <package>mesa</package>, or the <package>amdvlk</package> package.
Adding the <package>amdvlk</package> package to
<xref linkend="opt-hardware.opengl.extraPackages"/> makes both drivers
available for applications and lets them choose. A specific driver can
be forced as follows:
Modern AMD <link
xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics
Core Next</link> (GCN) GPUs are supported through either radv, which is
part of <package>mesa</package>, or the <package>amdvlk</package> package.
Adding the <package>amdvlk</package> package to
<xref linkend="opt-hardware.opengl.extraPackages"/> makes both drivers
available for applications and lets them choose. A specific driver can
be forced as follows:
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
pkgs.<package>amdvlk</package>
];
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
pkgs.<package>amdvlk</package>
];
# To enable Vulkan support for 32-bit applications, also add:
<xref linkend="opt-hardware.opengl.extraPackages32"/> = [
pkgs.driversi686Linux.<package>amdvlk</package>
];
# To enable Vulkan support for 32-bit applications, also add:
<xref linkend="opt-hardware.opengl.extraPackages32"/> = [
pkgs.driversi686Linux.<package>amdvlk</package>
];
# For amdvlk
<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES =
"/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
# For radv
<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES =
"/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
</programlisting>
# For amdvlk
<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES =
"/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
# For radv
<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES =
"/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
</programlisting>
</para>
</section>
</section>

23
nixos/doc/manual/configuration/wayland.xml Normal file
View File

@ -0,0 +1,23 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-wayland">
<title>Wayland</title>
<para>
While X11 (see <xref linkend="sec-x11"/>) is still the primary display
technology on NixOS, Wayland support is steadily improving.
Where X11 separates the X Server and the window manager, on Wayland those
are combined: a Wayland Compositor is like an X11 window manager, but also
embeds the Wayland 'Server' functionality. This means it is sufficient to
install a Wayland Compositor such as <package>sway</package> without
separately enabling a Wayland server:
<programlisting>
<xref linkend="opt-programs.sway.enable"/> = true;
</programlisting>
This installs the <package>sway</package> compositor along with some
essential utilities. Now you can start <package>sway</package> from the TTY
console.
</para>
</chapter>

2
nixos/doc/manual/contributing-to-this-manual.xml
View File

@ -12,7 +12,7 @@ xlink:href="https://github.com/NixOS/nixpkgs">Nixpkgs</link> repository.
You can quickly check your edits with the following:
</para>
<screen>
<prompt>$ </prompt>cd /path/to/nixpkgs/nixos/doc/manual
<prompt>$ </prompt>cd /path/to/nixpkgs
<prompt>$ </prompt>nix-build nixos/release.nix -A manual.x86_64-linux
</screen>
<para>

7
nixos/doc/manual/installation/installing-from-other-distro.xml
View File

@ -161,6 +161,13 @@ nixpkgs https://nixos.org/channels/nixpkgs-unstable</screen>
existing systems without the help of a rescue USB drive or similar.
</para>
</warning>
<note>
<para>
On some distributions there are separate PATHS for programs intended only for root.
In order for the installation to succeed, you might have to use <literal>PATH="$PATH:/usr/sbin:/sbin"</literal>
in the following command.
</para>
</note>
<screen><prompt>$ </prompt>sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt</screen>
<para>
Again, please refer to the <literal>nixos-install</literal> step in

73
nixos/doc/manual/release-notes/rl-2009.xml
View File

@ -234,7 +234,17 @@
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Starting with this release, the hydra-build-result
<literal>nixos-<replaceable>YY.MM</replaceable></literal>
branches no longer exist in the <link
xlink:href="https://github.com/nixos/nixpkgs-channels">deprecated
nixpkgs-channels repository</link>. These branches are now in
<link xlink:href="https://github.com/nixos/nixpkgs">the main nixpkgs
repository</link>.
</para>
</listitem>
</itemizedlist>
</section>
@ -879,12 +889,23 @@ php.override {
<listitem>
<para>
Nginx web server now starting with additional sandbox/hardening options. By default, write access
to <literal>services.nginx.stateDir</literal> is allowed. To allow writing to other folders,
to <literal>/var/log/nginx</literal> and <literal>/var/cache/nginx</literal> is allowed. To allow writing to other folders,
use <literal>systemd.services.nginx.serviceConfig.ReadWritePaths</literal>
<programlisting>
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
</programlisting>
</para>
<para>
Nginx is also started with the systemd option <literal>ProtectHome = mkDefault true;</literal>
which forbids it to read anything from <literal>/home</literal>, <literal>/root</literal>
and <literal>/run/user</literal> (see
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome=">ProtectHome docs</link>
for details).
If you require serving files from home directories, you may choose to set e.g.
<programlisting>
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
</programlisting>
</para>
</listitem>
<listitem>
<para>
@ -1582,30 +1603,30 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0";
<para>
Agda has been heavily reworked.
<itemizedlist>
<listitem>
<para>
<literal>agda.mkDerivation</literal> has been heavily changed and
is now located at <package>agdaPackages.mkDerivation</package>.
</para>
</listitem>
<listitem>
<para>
New top-level packages <package>agda</package> and
<literal>agda.withPackages</literal> have been added, the second
of which sets up agda with access to chosen libraries.
</para>
</listitem>
<listitem>
<para>
All agda libraries now live under
<literal>agdaPackages</literal>.
</para>
</listitem>
<listitem>
<para>
Many broken libraries have been removed.
</para>
</listitem>
<listitem>
<para>
<literal>agda.mkDerivation</literal> has been heavily changed and
is now located at <package>agdaPackages.mkDerivation</package>.
</para>
</listitem>
<listitem>
<para>
New top-level packages <package>agda</package> and
<literal>agda.withPackages</literal> have been added, the second
of which sets up agda with access to chosen libraries.
</para>
</listitem>
<listitem>
<para>
All agda libraries now live under
<literal>agdaPackages</literal>.
</para>
</listitem>
<listitem>
<para>
Many broken libraries have been removed.
</para>
</listitem>
</itemizedlist>
See the <link
xlink:href="https://nixos.org/nixpkgs/manual/#agda">new

97
nixos/doc/manual/release-notes/rl-2103.xml
View File

@ -23,6 +23,9 @@
Support is planned until the end of October 2021, handing over to 21.09.
</para>
</listitem>
<listitem>
<para>GNOME desktop environment was upgraded to 3.38, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">release notes</link>.</para>
</listitem>
</itemizedlist>
</section>
@ -86,6 +89,18 @@
user D-Bus session available also for non-graphical logins.
</para>
</listitem>
<listitem>
<para>
<literal>rubyMinimal</literal> was removed due to being unused and
unusable. The default ruby interpreter includes JIT support, which makes
it reference it's compiler. Since JIT support is probably needed by some
Gems, it was decided to enable this feature with all cc references by
default, and allow to build a Ruby derivation without references to cc,
by setting <literal>jitSupport = false;</literal> in an overlay. See
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/90151">#90151</link>
for more info.
</para>
</listitem>
<listitem>
<para>
The option <option>fonts.enableFontDir</option> has been renamed to
@ -136,6 +151,27 @@
<package>stanchion</package> package removed along with <varname>services.stanchion</varname> module.
</para>
</listitem>
<listitem>
<para>
<package>mutt</package> has been updated to a new major version (2.x), which comes with
some backward incompatible changes that are described in the
<link xlink:href="http://www.mutt.org/relnotes/2.0/">release notes for Mutt 2.0</link>.
</para>
</listitem>
<listitem>
<para>
<literal>vim</literal> switched to Python 3, dropping all Python 2 support.
</para>
</listitem>
<listitem>
<para>
<link linkend="opt-boot.zfs.forceImportAll">boot.zfs.forceImportAll</link>
previously did nothing, but has been fixed. However its default has been
changed to <literal>false</literal> to preserve the existing default
behaviour. If you have this explicitly set to <literal>true</literal>,
please note that your non-root pools will now be forcibly imported.
</para>
</listitem>
</itemizedlist>
</section>
@ -159,6 +195,11 @@
to <package>nextcloud20</package>.
</para>
</listitem>
<listitem>
<para>
The setting <xref linkend="opt-services.redis.bind" /> defaults to <literal>127.0.0.1</literal> now, making Redis listen on the loopback interface only, and not all public network interfaces.
</para>
</listitem>
<listitem>
<para>
NixOS now emits a deprecation warning if systemd's <literal>StartLimitInterval</literal> setting is used in a <literal>serviceConfig</literal> section instead of in a <literal>unitConfig</literal>; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See <link xlink:href="https://github.com/NixOS/nixpkgs/issues/45785">#45785</link> for details.
@ -167,6 +208,62 @@
All services should use <xref linkend="opt-systemd.services._name_.startLimitIntervalSec" /> or <literal>StartLimitIntervalSec</literal> in <xref linkend="opt-systemd.services._name_.unitConfig" /> instead.
</para>
</listitem>
<listitem>
<para>
The Unbound DNS resolver service (<literal>services.unbound</literal>) has been refactored to allow reloading, control sockets and to fix startup ordering issues.
</para>
<para>
It is now possible to enable a local UNIX control socket for unbound by setting the <xref linkend="opt-services.unbound.localControlSocketPath" />
option.
</para>
<para>
Previously we just applied a very minimal set of restrictions and
trusted unbound to properly drop root privs and capabilities.
</para>
<para>
As of this we are (for the most part) just using the upstream
example unit file for unbound. The main difference is that we start
unbound as <literal>unbound</literal> user with the required capabilities instead of
letting unbound do the chroot &amp; uid/gid changes.
</para>
<para>
The upstream unit configuration this is based on is a lot stricter with
all kinds of permissions then our previous variant. It also came with
the default of having the <literal>Type</literal> set to <literal>notify</literal>, therefore we are now also
using the <literal>unbound-with-systemd</literal> package here. Unbound will start up,
read the configuration files and start listening on the configured ports
before systemd will declare the unit <literal>active (running)</literal>.
This will likely help with startup order and the occasional race condition during system
activation where the DNS service is started but not yet ready to answer
queries. Services depending on <literal>nss-lookup.target</literal> or <literal>unbound.service</literal>
are now be able to use unbound when those targets have been reached.
</para>
<para>
Aditionally to the much stricter runtime environmet the
<literal>/dev/urandom</literal> mount lines we previously had in the code (that would
randomly failed during the stop-phase) have been removed as systemd will take care of those for us.
</para>
<para>
The <literal>preStart</literal> script is now only required if we enabled the trust
anchor updates (which are still enabled by default).
</para>
<para>
Another benefit of the refactoring is that we can now issue reloads via
either <literal>pkill -HUP unbound</literal> and <literal>systemctl reload unbound</literal> to reload the
running configuration without taking the daemon offline. A prerequisite
of this was that unbound configuration is available on a well known path
on the file system. We are using the path <literal>/etc/unbound/unbound.conf</literal> as that is the
default in the CLI tooling which in turn enables us to use
<literal>unbound-control</literal> without passing a custom configuration location.
</para>
</listitem>
</itemizedlist>
</section>
</section>

74
nixos/doc/varlistentry-fixer.rb
View File

@ -15,8 +15,8 @@ require "rexml/document"
include REXML
if ARGV.length < 1 then
$stderr.puts "Needs a filename."
exit 1
$stderr.puts "Needs a filename."
exit 1
end
filename = ARGV.shift
@ -51,17 +51,17 @@ $touched = false
# Generates: --optionnamevalue
# ^^ ^^
doc.elements.each("//varlistentry/term") do |term|
["varname", "function", "option", "replaceable"].each do |prev_name|
term.elements.each(prev_name) do |el|
if el.next_element and
el.next_element.name == "replaceable" and
el.next_sibling_node.class == Element
then
$touched = true
term.insert_after(el, Text.new(" "))
end
end
end
["varname", "function", "option", "replaceable"].each do |prev_name|
term.elements.each(prev_name) do |el|
if el.next_element and
el.next_element.name == "replaceable" and
el.next_sibling_node.class == Element
then
$touched = true
term.insert_after(el, Text.new(" "))
end
end
end
end
@ -75,17 +75,17 @@ end
# Generates: -Ipath
# ^^
doc.elements.each("//cmdsynopsis/arg") do |term|
["option", "replaceable"].each do |prev_name|
term.elements.each(prev_name) do |el|
if el.next_element and
el.next_element.name == "replaceable" and
el.next_sibling_node.class == Element
then
$touched = true
term.insert_after(el, Text.new(" "))
end
end
end
["option", "replaceable"].each do |prev_name|
term.elements.each(prev_name) do |el|
if el.next_element and
el.next_element.name == "replaceable" and
el.next_sibling_node.class == Element
then
$touched = true
term.insert_after(el, Text.new(" "))
end
end
end
end
# <cmdsynopsis>
@ -104,21 +104,21 @@ end
# Generates: [{--profile-name | -p }name]
# ^^^^
doc.elements.each("//cmdsynopsis/arg") do |term|
["group"].each do |prev_name|
term.elements.each(prev_name) do |el|
if el.next_element and
el.next_element.name == "replaceable" and
el.next_sibling_node.class == Element
then
$touched = true
term.insert_after(el, Text.new(" "))
end
end
end
["group"].each do |prev_name|
term.elements.each(prev_name) do |el|
if el.next_element and
el.next_element.name == "replaceable" and
el.next_sibling_node.class == Element
then
$touched = true
term.insert_after(el, Text.new(" "))
end
end
end
end
if $touched then
doc.context[:attribute_quote] = :quote
doc.write(output: File.open(filename, "w"))
doc.context[:attribute_quote] = :quote
doc.write(output: File.open(filename, "w"))
end

10
nixos/modules/config/pulseaudio.nix
View File

@ -36,6 +36,8 @@ let
${addModuleIf cfg.zeroconf.discovery.enable "module-zeroconf-discover"}
${addModuleIf cfg.tcp.enable (concatStringsSep " "
([ "module-native-protocol-tcp" ] ++ allAnon ++ ipAnon))}
${addModuleIf config.services.jack.jackd.enable "module-jack-sink"}
${addModuleIf config.services.jack.jackd.enable "module-jack-source"}
${cfg.extraConfig}
'';
};
@ -144,7 +146,9 @@ in {
package = mkOption {
type = types.package;
default = pkgs.pulseaudio;
default = if config.services.jack.jackd.enable
then pkgs.pulseaudioFull
else pkgs.pulseaudio;
defaultText = "pkgs.pulseaudio";
example = literalExample "pkgs.pulseaudioFull";
description = ''
@ -259,7 +263,7 @@ in {
(drv: drv.override { pulseaudio = overriddenPackage; })
cfg.extraModules;
modulePaths = builtins.map
(drv: "${drv}/lib/pulse-${overriddenPackage.version}/modules")
(drv: "${drv}/${overriddenPackage.pulseDir}/modules")
# User-provided extra modules take precedence
(overriddenModules ++ [ overriddenPackage ]);
in lib.concatStringsSep ":" modulePaths;
@ -284,6 +288,8 @@ in {
RestartSec = "500ms";
PassEnvironment = "DISPLAY";
};
} // optionalAttrs config.services.jack.jackd.enable {
environment.JACK_PROMISCUOUS_SERVER = "jackaudio";
};
sockets.pulseaudio = {
wantedBy = [ "sockets.target" ];

1
nixos/modules/hardware/acpilight.nix
View File

@ -19,6 +19,7 @@ in
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ acpilight ];
services.udev.packages = with pkgs; [ acpilight ];
};
}

34
nixos/modules/misc/documentation.nix
View File

@ -40,9 +40,9 @@ let
in scrubbedEval.options;
};
helpScript = pkgs.writeScriptBin "nixos-help"
''
#! ${pkgs.runtimeShell} -e
nixos-help = let
helpScript = pkgs.writeShellScriptBin "nixos-help" ''
# Finds first executable browser in a colon-separated list.
# (see how xdg-open defines BROWSER)
browser="$(
@ -59,14 +59,22 @@ let
exec "$browser" ${manual.manualHTMLIndex}
'';
desktopItem = pkgs.makeDesktopItem {
name = "nixos-manual";
desktopName = "NixOS Manual";
genericName = "View NixOS documentation in a web browser";
icon = "nix-snowflake";
exec = "${helpScript}/bin/nixos-help";
categories = "System";
};
desktopItem = pkgs.makeDesktopItem {
name = "nixos-manual";
desktopName = "NixOS Manual";
genericName = "View NixOS documentation in a web browser";
icon = "nix-snowflake";
exec = "nixos-help";
categories = "System";
};
in pkgs.symlinkJoin {
name = "nixos-help";
paths = [
helpScript
desktopItem
];
};
in
@ -250,8 +258,8 @@ in
environment.systemPackages = []
++ optional cfg.man.enable manual.manpages
++ optionals cfg.doc.enable ([ manual.manualHTML helpScript ]
++ optionals config.services.xserver.enable [ desktopItem pkgs.nixos-icons ]);
++ optionals cfg.doc.enable ([ manual.manualHTML nixos-help ]
++ optionals config.services.xserver.enable [ pkgs.nixos-icons ]);
services.mingetty.helpLine = mkIf cfg.doc.enable (
"\nRun 'nixos-help' for the NixOS manual."

2
nixos/modules/module-list.nix
View File

@ -542,6 +542,7 @@
./services/monitoring/kapacitor.nix
./services/monitoring/loki.nix
./services/monitoring/longview.nix
./services/monitoring/mackerel-agent.nix
./services/monitoring/monit.nix
./services/monitoring/munin.nix
./services/monitoring/nagios.nix
@ -680,6 +681,7 @@
./services/networking/murmur.nix
./services/networking/mxisd.nix
./services/networking/namecoind.nix
./services/networking/nar-serve.nix
./services/networking/nat.nix
./services/networking/ndppd.nix
./services/networking/networkmanager.nix

7
nixos/modules/programs/ssmtp.nix
View File

@ -142,6 +142,13 @@ in
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.useSTARTTLS -> cfg.useTLS;
message = "services.ssmtp.useSTARTTLS has no effect without services.ssmtp.useTLS";
}
];
services.ssmtp.settings = mkMerge [
({
MailHub = cfg.hostName;

3
nixos/modules/services/audio/jack.nix
View File

@ -246,6 +246,9 @@ in {
description = "JACK Audio Connection Kit";
serviceConfig = {
User = "jackaudio";
SupplementaryGroups = lib.optional
(config.hardware.pulseaudio.enable
&& !config.hardware.pulseaudio.systemWide) "users";
ExecStart = "${cfg.jackd.package}/bin/jackd ${lib.escapeShellArgs cfg.jackd.extraOptions}";
LimitRTPRIO = 99;
LimitMEMLOCK = "infinity";

9
nixos/modules/services/databases/redis.nix
View File

@ -87,9 +87,12 @@ in
bind = mkOption {
type = with types; nullOr str;
default = null; # All interfaces
description = "The IP interface to bind to.";
example = "127.0.0.1";
default = "127.0.0.1";
description = ''
The IP interface to bind to.
<literal>null</literal> means "all interfaces".
'';
example = "192.0.2.1";
};
unixSocket = mkOption {

5
nixos/modules/services/desktops/telepathy.nix
View File

@ -38,6 +38,11 @@ with lib;
services.dbus.packages = [ pkgs.telepathy-mission-control ];
# Enable runtime optional telepathy in gnome-shell
services.xserver.desktopManager.gnome3.sessionPath = with pkgs; [
telepathy-glib
telepathy-logger
];
};
}

32
nixos/modules/services/hardware/bluetooth.nix
View File

@ -15,6 +15,8 @@ in {
hardware.bluetooth = {
enable = mkEnableOption "support for Bluetooth";
hsphfpd.enable = mkEnableOption "support for hsphfpd[-prototype] implementation";
powerOnBoot = mkOption {
type = types.bool;
default = true;
@ -72,7 +74,8 @@ in {
};
};
environment.systemPackages = [ bluez-bluetooth ];
environment.systemPackages = [ bluez-bluetooth ]
++ optionals cfg.hsphfpd.enable [ pkgs.hsphfpd ];
environment.etc."bluetooth/main.conf"= {
source = pkgs.writeText "main.conf"
@ -80,7 +83,8 @@ in {
};
services.udev.packages = [ bluez-bluetooth ];
services.dbus.packages = [ bluez-bluetooth ];
services.dbus.packages = [ bluez-bluetooth ]
++ optionals cfg.hsphfpd.enable [ pkgs.hsphfpd ];
systemd.packages = [ bluez-bluetooth ];
systemd.services = {
@ -90,11 +94,31 @@ in {
# restarting can leave people without a mouse/keyboard
unitConfig.X-RestartIfChanged = false;
};
};
}
// (optionalAttrs cfg.hsphfpd.enable {
hsphfpd = {
after = [ "bluetooth.service" ];
requires = [ "bluetooth.service" ];
wantedBy = [ "multi-user.target" ];
description = "A prototype implementation used for connecting HSP/HFP Bluetooth devices";
serviceConfig.ExecStart = "${pkgs.hsphfpd}/bin/hsphfpd.pl";
};
})
;
systemd.user.services = {
obex.aliases = [ "dbus-org.bluez.obex.service" ];
};
}
// (optionalAttrs cfg.hsphfpd.enable {
telephony_client = {
wantedBy = [ "default.target"];
description = "telephony_client for hsphfpd";
serviceConfig.ExecStart = "${pkgs.hsphfpd}/bin/telephony_client.pl";
};
})
;
};

18
nixos/modules/services/hardware/fwupd.nix
View File

@ -11,8 +11,8 @@ let
"fwupd/daemon.conf" = {
source = pkgs.writeText "daemon.conf" ''
[fwupd]
BlacklistDevices=${lib.concatStringsSep ";" cfg.blacklistDevices}
BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins}
DisabledDevices=${lib.concatStringsSep ";" cfg.disabledDevices}
DisabledPlugins=${lib.concatStringsSep ";" cfg.disabledPlugins}
'';
};
"fwupd/uefi.conf" = {
@ -59,21 +59,21 @@ in {
'';
};
blacklistDevices = mkOption {
disabledDevices = mkOption {
type = types.listOf types.str;
default = [];
example = [ "2082b5e0-7a64-478a-b1b2-e3404fab6dad" ];
description = ''
Allow blacklisting specific devices by their GUID
Allow disabling specific devices by their GUID
'';
};
blacklistPlugins = mkOption {
disabledPlugins = mkOption {
type = types.listOf types.str;
default = [];
example = [ "udev" ];
description = ''
Allow blacklisting specific plugins
Allow disabling specific plugins
'';
};
@ -105,11 +105,15 @@ in {
};
};
imports = [
(mkRenamedOptionModule [ "services" "fwupd" "blacklistDevices"] [ "services" "fwupd" "disabledDevices" ])
(mkRenamedOptionModule [ "services" "fwupd" "blacklistPlugins"] [ "services" "fwupd" "disabledPlugins" ])
];
###### implementation
config = mkIf cfg.enable {
# Disable test related plug-ins implicitly so that users do not have to care about them.
services.fwupd.blacklistPlugins = cfg.package.defaultBlacklistedPlugins;
services.fwupd.disabledPlugins = cfg.package.defaultDisabledPlugins;
environment.systemPackages = [ cfg.package ];

19
nixos/modules/services/logging/promtail.nix
View File

@ -6,25 +6,14 @@ let
echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
'';
allowSystemdJournal = cfg.configuration ? scrape_configs && lib.any (v: v ? journal) cfg.configuration.scrape_configs;
in {
options.services.promtail = with types; {
enable = mkEnableOption "the Promtail ingresser";
configuration = mkOption {
type = with lib.types; let
valueType = nullOr (oneOf [
bool
int
float
str
(lazyAttrsOf valueType)
(listOf valueType)
]) // {
description = "JSON value";
emptyValue.value = {};
deprecationMessage = null;
};
in valueType;
type = (pkgs.formats.json {}).type;
description = ''
Specify the configuration for Promtail in Nix.
'';
@ -80,6 +69,8 @@ in {
RestrictRealtime = true;
MemoryDenyWriteExecute = true;
PrivateUsers = true;
SupplementaryGroups = lib.optional (allowSystemdJournal) "systemd-journal";
} // (optionalAttrs (!pkgs.stdenv.isAarch64) { # FIXME: figure out why this breaks on aarch64
SystemCallFilter = "@system-service";
});

5
nixos/modules/services/mail/roundcube.nix
View File

@ -204,6 +204,11 @@ in
};
systemd.services.phpfpm-roundcube.after = [ "roundcube-setup.service" ];
# Restart on config changes.
systemd.services.phpfpm-roundcube.restartTriggers = [
config.environment.etc."roundcube/config.inc.php".source
];
systemd.services.roundcube-setup = mkMerge [
(mkIf (cfg.database.host == "localhost") {
requires = [ "postgresql.service" ];

22
nixos/modules/services/misc/cfdyndns.nix
View File

@ -6,6 +6,12 @@ let
cfg = config.services.cfdyndns;
in
{
imports = [
(mkRemovedOptionModule
[ "services" "cfdyndns" "apikey" ]
"Use services.cfdyndns.apikeyFile instead.")
];
options = {
services.cfdyndns = {
enable = mkEnableOption "Cloudflare Dynamic DNS Client";
@ -17,10 +23,12 @@ in
'';
};
apikey = mkOption {
type = types.str;
apikeyFile = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
The API Key to use to authenticate to CloudFlare.
The path to a file containing the API Key
used to authenticate with CloudFlare.
'';
};
@ -45,13 +53,17 @@ in
Type = "simple";
User = config.ids.uids.cfdyndns;
Group = config.ids.gids.cfdyndns;
ExecStart = "/bin/sh -c '${pkgs.cfdyndns}/bin/cfdyndns'";
};
environment = {
CLOUDFLARE_EMAIL="${cfg.email}";
CLOUDFLARE_APIKEY="${cfg.apikey}";
CLOUDFLARE_RECORDS="${concatStringsSep "," cfg.records}";
};
script = ''
${optionalString (cfg.apikeyFile != null) ''
export CLOUDFLARE_APIKEY="$(cat ${escapeShellArg cfg.apikeyFile})"
''}
${pkgs.cfdyndns}/bin/cfdyndns
'';
};
users.users = {

2
nixos/modules/services/misc/octoprint.nix
View File

@ -68,7 +68,7 @@ in
plugins = mkOption {
default = plugins: [];
defaultText = "plugins: []";
example = literalExample "plugins: with plugins; [ m33-fio stlviewer ]";
example = literalExample "plugins: with plugins; [ themeify stlviewer ]";
description = "Additional plugins to be used. Available plugins are passed through the plugins input.";
};

4
nixos/modules/services/monitoring/loki.nix
View File

@ -39,7 +39,7 @@ in {
};
configuration = mkOption {
type = types.attrs;
type = (pkgs.formats.json {}).type;
default = {};
description = ''
Specify the configuration for Loki in Nix.
@ -78,6 +78,8 @@ in {
'';
}];
environment.systemPackages = [ pkgs.grafana-loki ]; # logcli
users.groups.${cfg.group} = { };
users.users.${cfg.user} = {
description = "Loki Service User";

111
nixos/modules/services/monitoring/mackerel-agent.nix Normal file
View File

@ -0,0 +1,111 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.mackerel-agent;
settingsFmt = pkgs.formats.toml {};
in {
options.services.mackerel-agent = {
enable = mkEnableOption "mackerel.io agent";
# the upstream package runs as root, but doesn't seem to be strictly
# necessary for basic functionality
runAsRoot = mkEnableOption "Whether to run as root.";
autoRetirement = mkEnableOption ''
Whether to automatically retire the host upon OS shutdown.
'';
apiKeyFile = mkOption {
type = types.path;
default = "";
example = "/run/keys/mackerel-api-key";
description = ''
Path to file containing the Mackerel API key. The file should contain a
single line of the following form:
<literallayout>apikey = "EXAMPLE_API_KEY"</literallayout>
'';
};
settings = mkOption {
description = ''
Options for mackerel-agent.conf.
Documentation:
<link xlink:href="https://mackerel.io/docs/entry/spec/agent"/>
'';
default = {};
example = {
verbose = false;
silent = false;
};
type = types.submodule {
freeformType = settingsFmt.type;
options.host_status = {
on_start = mkOption {
type = types.enum [ "working" "standby" "maintenance" "poweroff" ];
description = "Host status after agent startup.";
default = "working";
};
on_stop = mkOption {
type = types.enum [ "working" "standby" "maintenance" "poweroff" ];
description = "Host status after agent shutdown.";
default = "poweroff";
};
};
options.diagnostic =
mkEnableOption "Collect memory usage for the agent itself";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ mackerel-agent ];
environment.etc = {
"mackerel-agent/mackerel-agent.conf".source =
settingsFmt.generate "mackerel-agent.conf" cfg.settings;
"mackerel-agent/conf.d/api-key.conf".source = cfg.apiKeyFile;
};
services.mackerel-agent.settings = {
root = mkDefault "/var/lib/mackerel-agent";
pidfile = mkDefault "/run/mackerel-agent/mackerel-agent.pid";
# conf.d stores the symlink to cfg.apiKeyFile
include = mkDefault "/etc/mackerel-agent/conf.d/*.conf";
};
# upstream service file in https://git.io/JUt4Q
systemd.services.mackerel-agent = {
description = "mackerel.io agent";
after = [ "network-online.target" "nss-lookup.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
MACKEREL_PLUGIN_WORKDIR = mkDefault "%C/mackerel-agent";
};
serviceConfig = {
DynamicUser = !cfg.runAsRoot;
PrivateTmp = mkDefault true;
CacheDirectory = "mackerel-agent";
ConfigurationDirectory = "mackerel-agent";
RuntimeDirectory = "mackerel-agent";
StateDirectory = "mackerel-agent";
ExecStart = "${pkgs.mackerel-agent}/bin/mackerel-agent supervise";
ExecStopPost = mkIf cfg.autoRetirement "${pkg.mackerel-agent}/bin/mackerel-agent retire -force";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
LimitNOFILE = mkDefault 65536;
LimitNPROC = mkDefault 65536;
};
restartTriggers = [
config.environment.etc."mackerel-agent/mackerel-agent.conf".source
];
};
};
}

9
nixos/modules/services/monitoring/prometheus/exporters.nix
View File

@ -45,6 +45,7 @@ let
"rspamd"
"rtl_433"
"snmp"
"sql"
"surfboard"
"tor"
"unifi"
@ -218,6 +219,14 @@ in
Please specify either 'services.prometheus.exporters.mail.configuration'
or 'services.prometheus.exporters.mail.configFile'.
'';
} {
assertion = cfg.sql.enable -> (
(cfg.sql.configFile == null) != (cfg.sql.configuration == null)
);
message = ''
Please specify either 'services.prometheus.exporters.sql.configuration' or
'services.prometheus.exporters.sql.configFile'
'';
} ];
}] ++ [(mkIf config.services.minio.enable {
services.prometheus.exporters.minio.minioAddress = mkDefault "http://localhost:9000";

104
nixos/modules/services/monitoring/prometheus/exporters/sql.nix Normal file
View File

@ -0,0 +1,104 @@
{ config, lib, pkgs, options }:
with lib;
let
cfg = config.services.prometheus.exporters.sql;
cfgOptions = {
options = with types; {
jobs = mkOption {
type = attrsOf (submodule jobOptions);
default = { };
description = "An attrset of metrics scraping jobs to run.";
};
};
};
jobOptions = {
options = with types; {
interval = mkOption {
type = str;
description = ''
How often to run this job, specified in
<link xlink:href="https://golang.org/pkg/time/#ParseDuration">Go duration</link> format.
'';
};
connections = mkOption {
type = listOf str;
description = "A list of connection strings of the SQL servers to scrape metrics from";
};
startupSql = mkOption {
type = listOf str;
default = [];
description = "A list of SQL statements to execute once after making a connection.";
};
queries = mkOption {
type = attrsOf (submodule queryOptions);
description = "SQL queries to run.";
};
};
};
queryOptions = {
options = with types; {
help = mkOption {
type = nullOr str;
default = null;
description = "A human-readable description of this metric.";
};
labels = mkOption {
type = listOf str;
default = [ ];
description = "A set of columns that will be used as Prometheus labels.";
};
query = mkOption {
type = str;
description = "The SQL query to run.";
};
values = mkOption {
type = listOf str;
description = "A set of columns that will be used as values of this metric.";
};
};
};
configFile =
if cfg.configFile != null
then cfg.configFile
else
let
nameInline = mapAttrsToList (k: v: v // { name = k; });
renameStartupSql = j: removeAttrs (j // { startup_sql = j.startupSql; }) [ "startupSql" ];
configuration = {
jobs = map renameStartupSql
(nameInline (mapAttrs (k: v: (v // { queries = nameInline v.queries; })) cfg.configuration.jobs));
};
in
builtins.toFile "config.yaml" (builtins.toJSON configuration);
in
{
extraOpts = {
configFile = mkOption {
type = with types; nullOr path;
default = null;
description = ''
Path to configuration file.
'';
};
configuration = mkOption {
type = with types; nullOr (submodule cfgOptions);
default = null;
description = ''
Exporter configuration as nix attribute set. Mutually exclusive with 'configFile' option.
'';
};
};
port = 9237;
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-sql-exporter}/bin/sql_exporter \
-web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
-config.file ${configFile} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

42
nixos/modules/services/monitoring/telegraf.nix
View File

@ -5,14 +5,8 @@ with lib;
let
cfg = config.services.telegraf;
configFile = pkgs.runCommand "config.toml" {
buildInputs = [ pkgs.remarshal ];
preferLocalBuild = true;
} ''
remarshal -if json -of toml \
< ${pkgs.writeText "config.json" (builtins.toJSON cfg.extraConfig)} \
> $out
'';
settingsFormat = pkgs.formats.toml {};
configFile = settingsFormat.generate "config.toml" cfg.extraConfig;
in {
###### interface
options = {
@ -26,10 +20,23 @@ in {
type = types.package;
};
environmentFiles = mkOption {
type = types.nullOr (types.listOf types.path);
default = [];
example = "/run/keys/telegraf.env";
description = ''
File to load as environment file. Environment variables
from this file will be interpolated into the config file
using envsubst with this syntax:
<literal>$ENVIRONMENT ''${VARIABLE}</literal>
This is useful to avoid putting secrets into the nix store.
'';
};
extraConfig = mkOption {
default = {};
description = "Extra configuration options for telegraf";
type = types.attrs;
type = settingsFormat.type;
example = {
outputs = {
influxdb = {
@ -51,15 +58,28 @@ in {
###### implementation
config = mkIf config.services.telegraf.enable {
systemd.services.telegraf = {
systemd.services.telegraf = let
finalConfigFile = if config.services.telegraf.environmentFiles == []
then configFile
else "/var/run/telegraf/config.toml";
in {
description = "Telegraf Agent";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
ExecStart=''${cfg.package}/bin/telegraf -config "${configFile}"'';
EnvironmentFile = config.services.telegraf.environmentFiles;
ExecStartPre = lib.optional (config.services.telegraf.environmentFiles != [])
(pkgs.writeShellScript "pre-start" ''
umask 077
${pkgs.envsubst}/bin/envsubst -i "${configFile}" > /var/run/telegraf/config.toml
'');
ExecStart=''${cfg.package}/bin/telegraf -config ${finalConfigFile}'';
ExecReload="${pkgs.coreutils}/bin/kill -HUP $MAINPID";
RuntimeDirectory = "telegraf";
User = "telegraf";
Restart = "on-failure";
# for ping probes
AmbientCapabilities = [ "CAP_NET_RAW" ];
};
};

55
nixos/modules/services/networking/nar-serve.nix Normal file
View File

@ -0,0 +1,55 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.nar-serve;
in
{
meta = {
maintainers = [ maintainers.rizary ];
};
options = {
services.nar-serve = {
enable = mkEnableOption "Serve NAR file contents via HTTP";
port = mkOption {
type = types.int;
default = 8383;
description = ''
Port number where nar-serve will listen on.
'';
};
cacheURL = mkOption {
type = types.str;
default = "https://cache.nixos.org/";
description = ''
Binary cache URL to connect to.
The URL format is compatible with the nix remote url style, such as:
- http://, https:// for binary caches via HTTP or HTTPS
- s3:// for binary caches stored in Amazon S3
- gs:// for binary caches stored in Google Cloud Storage
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.nar-serve = {
description = "NAR server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment.PORT = toString cfg.port;
environment.NAR_CACHE_URL = cfg.cacheURL;
serviceConfig = {
Restart = "always";
RestartSec = "5s";
ExecStart = "${pkgs.nar-serve}/bin/nar-serve";
DynamicUser = true;
};
};
};
}

139
nixos/modules/services/networking/unbound.nix
View File

@ -1,9 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.unbound;
stateDir = "/var/lib/unbound";
@ -17,12 +15,12 @@ let
forward =
optionalString (any isLocalAddress cfg.forwardAddresses) ''
do-not-query-localhost: no
'' +
optionalString (cfg.forwardAddresses != []) ''
''
+ optionalString (cfg.forwardAddresses != []) ''
forward-zone:
name: .
'' +
concatMapStringsSep "\n" (x: " forward-addr: ${x}") cfg.forwardAddresses;
''
+ concatMapStringsSep "\n" (x: " forward-addr: ${x}") cfg.forwardAddresses;
rootTrustAnchorFile = "${stateDir}/root.key";
@ -31,19 +29,25 @@ let
confFile = pkgs.writeText "unbound.conf" ''
server:
ip-freebind: yes
directory: "${stateDir}"
username: unbound
chroot: "${stateDir}"
chroot: ""
pidfile: ""
# when running under systemd there is no need to daemonize
do-daemonize: no
${interfaces}
${access}
${trustAnchor}
${lib.optionalString (cfg.localControlSocketPath != null) ''
remote-control:
control-enable: yes
control-interface: ${cfg.localControlSocketPath}
''}
${cfg.extraConfig}
${forward}
'';
in
{
###### interface
@ -55,8 +59,8 @@ in
package = mkOption {
type = types.package;
default = pkgs.unbound;
defaultText = "pkgs.unbound";
default = pkgs.unbound-with-systemd;
defaultText = "pkgs.unbound-with-systemd";
description = "The unbound package to use";
};
@ -69,11 +73,14 @@ in
interfaces = mkOption {
default = [ "127.0.0.1" ] ++ optional config.networking.enableIPv6 "::1";
type = types.listOf types.str;
description = "What addresses the server should listen on.";
description = ''
What addresses the server should listen on. This supports the interface syntax documented in
<citerefentry><refentrytitle>unbound.conf</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
'';
};
forwardAddresses = mkOption {
default = [ ];
default = [];
type = types.listOf types.str;
description = "What servers to forward queries to.";
};
@ -84,6 +91,28 @@ in
description = "Use and update root trust anchor for DNSSEC validation.";
};
localControlSocketPath = mkOption {
default = null;
# FIXME: What is the proper type here so users can specify strings,
# paths and null?
# My guess would be `types.nullOr (types.either types.str types.path)`
# but I haven't verified yet.
type = types.nullOr types.str;
example = "/run/unbound/unbound.ctl";
description = ''
When not set to <literal>null</literal> this option defines the path
at which the unbound remote control socket should be created at. The
socket will be owned by the unbound user (<literal>unbound</literal>)
and group will be <literal>nogroup</literal>.
Users that should be permitted to access the socket must be in the
<literal>unbound</literal> group.
If this option is <literal>null</literal> remote control will not be
configured at all. Unbounds default values apply.
'';
};
extraConfig = mkOption {
default = "";
type = types.lines;
@ -106,43 +135,85 @@ in
users.users.unbound = {
description = "unbound daemon user";
isSystemUser = true;
group = lib.mkIf (cfg.localControlSocketPath != null) (lib.mkDefault "unbound");
};
# We need a group so that we can give users access to the configured
# control socket. Unbound allows access to the socket only to the unbound
# user and the primary group.
users.groups = lib.mkIf (cfg.localControlSocketPath != null) {
unbound = {};
};
networking.resolvconf.useLocalResolver = mkDefault true;
environment.etc."unbound/unbound.conf".source = confFile;
systemd.services.unbound = {
description = "Unbound recursive Domain Name Server";
after = [ "network.target" ];
before = [ "nss-lookup.target" ];
wants = [ "nss-lookup.target" ];
wantedBy = [ "multi-user.target" ];
wantedBy = [ "multi-user.target" "nss-lookup.target" ];
preStart = ''
mkdir -m 0755 -p ${stateDir}/dev/
cp ${confFile} ${stateDir}/unbound.conf
${optionalString cfg.enableRootTrustAnchor ''
${cfg.package}/bin/unbound-anchor -a ${rootTrustAnchorFile} || echo "Root anchor updated!"
chown unbound ${stateDir} ${rootTrustAnchorFile}
''}
touch ${stateDir}/dev/random
${pkgs.utillinux}/bin/mount --bind -n /dev/urandom ${stateDir}/dev/random
preStart = lib.mkIf cfg.enableRootTrustAnchor ''
${cfg.package}/bin/unbound-anchor -a ${rootTrustAnchorFile} || echo "Root anchor updated!"
'';
serviceConfig = {
ExecStart = "${cfg.package}/bin/unbound -d -c ${stateDir}/unbound.conf";
ExecStopPost="${pkgs.utillinux}/bin/umount ${stateDir}/dev/random";
restartTriggers = [
confFile
];
ProtectSystem = true;
ProtectHome = true;
serviceConfig = {
ExecStart = "${cfg.package}/bin/unbound -p -d -c /etc/unbound/unbound.conf";
ExecReload = "+/run/current-system/sw/bin/kill -HUP $MAINPID";
NotifyAccess = "main";
Type = "notify";
# FIXME: Which of these do we actualy need, can we drop the chroot flag?
AmbientCapabilities = [
"CAP_NET_BIND_SERVICE"
"CAP_NET_RAW"
"CAP_SETGID"
"CAP_SETUID"
"CAP_SYS_CHROOT"
"CAP_SYS_RESOURCE"
];
User = "unbound";
Group = lib.mkIf (cfg.localControlSocketPath != null) (lib.mkDefault "unbound");
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
Restart = "always";
RestartSec = "5s";
PrivateTmp = true;
ProtectHome = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
ProtectSystem = "strict";
RuntimeDirectory = "unbound";
ConfigurationDirectory = "unbound";
StateDirectory = "unbound";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"~@clock"
"@cpu-emulation"
"@debug"
"@keyring"
"@module"
"mount"
"@obsolete"
"@resources"
];
RestrictNamespaces = true;
LockPersonality = true;
RestrictSUIDSGID = true;
};
};
# If networkmanager is enabled, ask it to interface with unbound.
networking.networkmanager.dns = "unbound";
};
}

2
nixos/modules/services/torrent/transmission.nix
View File

@ -236,6 +236,7 @@ in
# an AppArmor profile is provided to get a confinement based upon paths and rights.
builtins.storeDir
"/etc"
"/run"
] ++
optional (cfg.settings.script-torrent-done-enabled &&
cfg.settings.script-torrent-done-filename != "")
@ -408,6 +409,7 @@ in
#r @{PROC}/@{pid}/environ,
r @{PROC}/@{pid}/mounts,
rwk /tmp/tr_session_id_*,
r /run/systemd/resolve/stub-resolv.conf,
r ${pkgs.openssl.out}/etc/**,
r ${config.systemd.services.transmission.environment.CURL_CA_BUNDLE},

17
nixos/modules/services/web-apps/codimd.nix
View File

@ -6,8 +6,10 @@ let
cfg = config.services.codimd;
prettyJSON = conf:
pkgs.runCommand "codimd-config.json" { preferLocalBuild = true; } ''
echo '${builtins.toJSON conf}' | ${pkgs.jq}/bin/jq \
pkgs.runCommandLocal "codimd-config.json" {
nativeBuildInputs = [ pkgs.jq ];
} ''
echo '${builtins.toJSON conf}' | jq \
'{production:del(.[]|nulls)|del(.[][]?|nulls)}' > $out
'';
in
@ -878,7 +880,6 @@ in
};
};
environmentFile = mkOption {
type = with types; nullOr path;
default = null;
@ -908,6 +909,14 @@ in
<literal>CodiMD</literal> is running.
'';
};
package = mkOption {
type = types.package;
default = pkgs.codimd;
description = ''
Package that provides CodiMD.
'';
};
};
config = mkIf cfg.enable {
@ -938,7 +947,7 @@ in
'';
serviceConfig = {
WorkingDirectory = cfg.workDir;
ExecStart = "${pkgs.codimd}/bin/codimd";
ExecStart = "${cfg.package}/bin/codimd";
EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
Environment = [
"CMD_CONFIG_FILE=${cfg.workDir}/config.json"

55
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -73,6 +73,7 @@ in
core-os-services.enable = mkEnableOption "essential services for GNOME3";
core-shell.enable = mkEnableOption "GNOME Shell services";
core-utilities.enable = mkEnableOption "GNOME core utilities";
core-developer-tools.enable = mkEnableOption "GNOME core developer tools";
games.enable = mkEnableOption "GNOME games";
experimental-features = {
@ -322,6 +323,12 @@ in
gnome-shell
];
services.udev.packages = with pkgs.gnome3; [
# Force enable KMS modifiers for devices that require them.
# https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1443
mutter
];
services.avahi.enable = mkDefault true;
xdg.portal.extraPortals = [
@ -351,7 +358,7 @@ in
source-sans-pro
];
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-36/elements/core/meta-gnome-core-shell.bst
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-38/elements/core/meta-gnome-core-shell.bst
environment.systemPackages = with pkgs.gnome3; [
adwaita-icon-theme
gnome-backgrounds
@ -396,7 +403,7 @@ in
};
})
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-36/elements/core/meta-gnome-core-utilities.bst
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-38/elements/core/meta-gnome-core-utilities.bst
(mkIf serviceCfg.core-utilities.enable {
environment.systemPackages = (with pkgs.gnome3; removePackagesByName [
baobab
@ -415,16 +422,15 @@ in
gnome-logs
gnome-maps
gnome-music
gnome-photos
pkgs.gnome-photos
gnome-screenshot
gnome-system-monitor
gnome-weather
nautilus
pkgs.gnome-connections
simple-scan
totem
yelp
# Unsure if sensible for NixOS
/* gnome-boxes */
] config.environment.gnome3.excludePackages);
# Enable default program modules
@ -453,12 +459,43 @@ in
(mkIf serviceCfg.games.enable {
environment.systemPackages = (with pkgs.gnome3; removePackagesByName [
aisleriot atomix five-or-more four-in-a-row gnome-chess gnome-klotski
gnome-mahjongg gnome-mines gnome-nibbles gnome-robots gnome-sudoku
gnome-taquin gnome-tetravex hitori iagno lightsoff quadrapassel
swell-foop tali
aisleriot
atomix
five-or-more
four-in-a-row
gnome-chess
gnome-klotski
gnome-mahjongg
gnome-mines
gnome-nibbles
gnome-robots
gnome-sudoku
gnome-taquin
gnome-tetravex
hitori
iagno
lightsoff
quadrapassel
swell-foop
tali
] config.environment.gnome3.excludePackages);
})
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/-/blob/3.38.0/elements/core/meta-gnome-core-developer-tools.bst
(mkIf serviceCfg.core-developer-tools.enable {
environment.systemPackages = (with pkgs.gnome3; removePackagesByName [
dconf-editor
devhelp
pkgs.gnome-builder
# boxes would make sense in this option, however
# it doesn't function well enough to be included
# in default configurations.
# https://github.com/NixOS/nixpkgs/issues/60908
/* gnome-boxes */
] config.environment.gnome3.excludePackages);
services.sysprof.enable = true;
})
];
}

2
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -367,7 +367,7 @@ in
security.pam.services.sddm.enableKwallet = true;
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
xdg.portal.extraPortals = [ plasma5.xdg-desktop-portal-kde ];
# Update the start menu for each user that is currently logged in
system.userActivationScripts.plasmaSetup = activationScript;

2
nixos/modules/services/x11/display-managers/gdm.nix
View File

@ -160,7 +160,7 @@ in
];
# Otherwise GDM will not be able to start correctly and display Wayland sessions
systemd.packages = with pkgs.gnome3; [ gnome-session gnome-shell ];
systemd.packages = with pkgs.gnome3; [ gdm gnome-session gnome-shell ];
environment.systemPackages = [ pkgs.gnome3.adwaita-icon-theme ];
systemd.services.display-manager.wants = [

36
nixos/modules/system/activation/activation-script.nix
View File

@ -28,6 +28,20 @@ let
utillinux # needed for mount and mountpoint
];
scriptType = with types;
let scriptOptions =
{ deps = mkOption
{ type = types.listOf types.str;
default = [ ];
description = "List of dependencies. The script will run after these.";
};
text = mkOption
{ type = types.lines;
description = "The content of the script.";
};
};
in either str (submodule { options = scriptOptions; });
in
{
@ -40,16 +54,14 @@ in
default = {};
example = literalExample ''
{ stdio = {
text = '''
# Needed by some programs.
ln -sfn /proc/self/fd /dev/fd
ln -sfn /proc/self/fd/0 /dev/stdin
ln -sfn /proc/self/fd/1 /dev/stdout
ln -sfn /proc/self/fd/2 /dev/stderr
''';
deps = [];
};
{ stdio.text =
'''
# Needed by some programs.
ln -sfn /proc/self/fd /dev/fd
ln -sfn /proc/self/fd/0 /dev/stdin
ln -sfn /proc/self/fd/1 /dev/stdout
ln -sfn /proc/self/fd/2 /dev/stderr
''';
}
'';
@ -62,7 +74,7 @@ in
idempotent and fast.
'';
type = types.attrsOf types.unspecified; # FIXME
type = types.attrsOf scriptType;
apply = set: {
script =
@ -125,7 +137,7 @@ in
idempotent and fast.
'';
type = types.attrsOf types.unspecified;
type = with types; attrsOf scriptType;
apply = set: {
script = ''

2
nixos/modules/system/boot/luksroot.nix
View File

@ -404,7 +404,7 @@ let
echo "Please move your mouse to create needed randomness."
''}
echo "Waiting for your FIDO2 device..."
fido2luks -i open ${device} ${name} ${fido2.credential} --await-dev ${toString fido2.gracePeriod} --salt string:$passphrase
fido2luks open ${device} ${name} ${fido2.credential} --await-dev ${toString fido2.gracePeriod} --salt string:$passphrase
if [ $? -ne 0 ]; then
echo "No FIDO2 key found, falling back to normal open procedure"
open_normally

2
nixos/modules/system/boot/pbkdf2-sha512.c
View File

@ -35,4 +35,4 @@ int main(int argc, char** argv)
fwrite(key, 1, key_length, stdout);
return 0;
}
}

2
nixos/modules/system/boot/plymouth.nix
View File

@ -9,7 +9,7 @@ let
cfg = config.boot.plymouth;
nixosBreezePlymouth = pkgs.breeze-plymouth.override {
nixosBreezePlymouth = pkgs.plasma5.breeze-plymouth.override {
logoFile = cfg.logo;
logoName = "nixos";
osName = "NixOS";

7
nixos/modules/tasks/filesystems/zfs.nix
View File

@ -175,14 +175,10 @@ in
forceImportAll = mkOption {
type = types.bool;
default = true;
default = false;
description = ''
Forcibly import all ZFS pool(s).
This is enabled by default for backwards compatibility purposes, but it is highly
recommended to disable this option, as it bypasses some of the safeguards ZFS uses
to protect your ZFS pools.
If you set this option to <literal>false</literal> and NixOS subsequently fails to
import your non-root ZFS pool(s), you should manually import each pool with
"zpool import -f &lt;pool-name&gt;", and then reboot. You should only need to do
@ -507,6 +503,7 @@ in
Type = "oneshot";
RemainAfterExit = true;
};
environment.ZFS_FORCE = optionalString cfgZfs.forceImportAll "-f";
script = (importLib {
# See comments at importLib definition.
zpoolCmd="${packages.zfsUser}/sbin/zpool";

1
nixos/modules/tasks/network-interfaces.nix
View File

@ -1062,7 +1062,6 @@ in
];
boot.kernelModules = [ ]
++ optional cfg.enableIPv6 "ipv6"
++ optional hasVirtuals "tun"
++ optional hasSits "sit"
++ optional hasBonds "bonding";

36
nixos/modules/virtualisation/ec2-amis.nix
View File

@ -329,24 +329,24 @@ let self = {
"20.03".ap-east-1.hvm-ebs = "ami-0d18fdd309cdefa86";
"20.03".sa-east-1.hvm-ebs = "ami-09859378158ae971d";
# 20.09.1465.9a0b14b097d
"20.09".eu-west-1.hvm-ebs = "ami-0d90f16418e3c364c";
"20.09".eu-west-2.hvm-ebs = "ami-0635ec0780ea57cfe";
"20.09".eu-west-3.hvm-ebs = "ami-0714e94352f2eabb9";
"20.09".eu-central-1.hvm-ebs = "ami-0979d39762a4d2a02";
"20.09".eu-north-1.hvm-ebs = "ami-0b14e273185c66e9b";
"20.09".us-east-1.hvm-ebs = "ami-0f8b063ac3f2d9645";
"20.09".us-east-2.hvm-ebs = "ami-0959202a0393fdd0c";
"20.09".us-west-1.hvm-ebs = "ami-096d50833b785478b";
"20.09".us-west-2.hvm-ebs = "ami-0fc31031df0df6104";
"20.09".ca-central-1.hvm-ebs = "ami-0787786a38cde3905";
"20.09".ap-southeast-1.hvm-ebs = "ami-0b3f693d3a2a0b9ae";
"20.09".ap-southeast-2.hvm-ebs = "ami-02471872bc876b610";
"20.09".ap-northeast-1.hvm-ebs = "ami-06505fd2bf44a59a7";
"20.09".ap-northeast-2.hvm-ebs = "ami-0754b4c014eea1e8a";
"20.09".ap-south-1.hvm-ebs = "ami-05100e32242ae65a6";
"20.09".ap-east-1.hvm-ebs = "ami-045288859a39de009";
"20.09".sa-east-1.hvm-ebs = "ami-0a937748db48fb00d";
# 20.09.1632.a6a3a368dda
"20.09".eu-west-1.hvm-ebs = "ami-01a79d5ce435f4db3";
"20.09".eu-west-2.hvm-ebs = "ami-0cbe14f32904e6331";
"20.09".eu-west-3.hvm-ebs = "ami-07f493412d6213de6";
"20.09".eu-central-1.hvm-ebs = "ami-01d4a0c2248cbfe38";
"20.09".eu-north-1.hvm-ebs = "ami-0003f54dd99d68e0f";
"20.09".us-east-1.hvm-ebs = "ami-068a62d478710462d";
"20.09".us-east-2.hvm-ebs = "ami-01ac677ff61399caa";
"20.09".us-west-1.hvm-ebs = "ami-04befdb203b4b17f6";
"20.09".us-west-2.hvm-ebs = "ami-0fb7bd4a43261c6b2";
"20.09".ca-central-1.hvm-ebs = "ami-06d5ee429f153f856";
"20.09".ap-southeast-1.hvm-ebs = "ami-0db0304e23c535b2a";
"20.09".ap-southeast-2.hvm-ebs = "ami-045983c4db7e36447";
"20.09".ap-northeast-1.hvm-ebs = "ami-0beb18d632cf64e5a";
"20.09".ap-northeast-2.hvm-ebs = "ami-0dd0316af578862db";
"20.09".ap-south-1.hvm-ebs = "ami-008d15ced81c88aed";
"20.09".ap-east-1.hvm-ebs = "ami-071f49713f86ea965";
"20.09".sa-east-1.hvm-ebs = "ami-05ded1ae35209b5a8";
latest = self."20.09";
}; in self

7
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -744,16 +744,19 @@ in
(isEnabled "VIRTIO_PCI")
(isEnabled "VIRTIO_NET")
(isEnabled "EXT4_FS")
(isEnabled "NET_9P_VIRTIO")
(isEnabled "9P_FS")
(isYes "BLK_DEV")
(isYes "PCI")
(isYes "EXPERIMENTAL")
(isYes "NETDEVICES")
(isYes "NET_CORE")
(isYes "INET")
(isYes "NETWORK_FILESYSTEMS")
] ++ optional (!cfg.graphics) [
] ++ optionals (!cfg.graphics) [
(isYes "SERIAL_8250_CONSOLE")
(isYes "SERIAL_8250")
] ++ optionals (cfg.writableStore) [
(isEnabled "OVERLAY_FS")
];
};

2
nixos/release-combined.nix
View File

@ -71,7 +71,6 @@ in rec {
(onFullSupported "nixos.tests.fontconfig-default-fonts")
(onFullSupported "nixos.tests.gnome3")
(onFullSupported "nixos.tests.gnome3-xorg")
(onFullSupported "nixos.tests.hardened")
(onSystems ["x86_64-linux"] "nixos.tests.hibernate")
(onFullSupported "nixos.tests.i3wm")
(onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSimple")
@ -93,7 +92,6 @@ in rec {
(onFullSupported "nixos.tests.keymap.dvp")
(onFullSupported "nixos.tests.keymap.neo")
(onFullSupported "nixos.tests.keymap.qwertz")
(onFullSupported "nixos.tests.latestKernel.hardened")
(onFullSupported "nixos.tests.latestKernel.login")
(onFullSupported "nixos.tests.lightdm")
(onFullSupported "nixos.tests.login")

4
nixos/tests/all-tests.nix
View File

@ -225,6 +225,7 @@ in
mysql-backup = handleTest ./mysql/mysql-backup.nix {};
mysql-replication = handleTest ./mysql/mysql-replication.nix {};
nagios = handleTest ./nagios.nix {};
nar-serve = handleTest ./nar-serve.nix {};
nat.firewall = handleTest ./nat.nix { withFirewall = true; };
nat.firewall-conntrack = handleTest ./nat.nix { withFirewall = true; withConntrackHelpers = true; };
nat.standalone = handleTest ./nat.nix { withFirewall = false; };
@ -314,6 +315,7 @@ in
samba = handleTest ./samba.nix {};
sanoid = handleTest ./sanoid.nix {};
sbt = handleTest ./sbt.nix {};
sbt-extras = handleTest ./sbt-extras.nix {};
scala = handleTest ./scala.nix {};
sddm = handleTest ./sddm.nix {};
service-runner = handleTest ./service-runner.nix {};
@ -346,6 +348,7 @@ in
systemd-binfmt = handleTestOn ["x86_64-linux"] ./systemd-binfmt.nix {};
systemd-boot = handleTest ./systemd-boot.nix {};
systemd-confinement = handleTest ./systemd-confinement.nix {};
systemd-journal = handleTest ./systemd-journal.nix {};
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {};
systemd-networkd = handleTest ./systemd-networkd.nix {};
@ -367,6 +370,7 @@ in
trezord = handleTest ./trezord.nix {};
trickster = handleTest ./trickster.nix {};
tuptime = handleTest ./tuptime.nix {};
unbound = handleTest ./unbound.nix {};
udisks2 = handleTest ./udisks2.nix {};
unit-php = handleTest ./web-servers/unit-php.nix {};
upnp = handleTest ./upnp.nix {};

1
nixos/tests/installed-tests/default.nix
View File

@ -94,6 +94,7 @@ in
glib-networking = callInstalledTest ./glib-networking.nix {};
gnome-photos = callInstalledTest ./gnome-photos.nix {};
graphene = callInstalledTest ./graphene.nix {};
gsconnect = callInstalledTest ./gsconnect.nix {};
ibus = callInstalledTest ./ibus.nix {};
libgdata = callInstalledTest ./libgdata.nix {};
glib-testing = callInstalledTest ./glib-testing.nix {};

2
nixos/tests/installed-tests/fwupd.nix
View File

@ -5,7 +5,7 @@ makeInstalledTest {
testConfig = {
services.fwupd.enable = true;
services.fwupd.blacklistPlugins = lib.mkForce []; # don't blacklist test plugin
services.fwupd.disabledPlugins = lib.mkForce []; # don't disable test plugin
services.fwupd.enableTestRemote = true;
virtualisation.memorySize = 768;
};

7
nixos/tests/installed-tests/gsconnect.nix Normal file
View File

@ -0,0 +1,7 @@
{ pkgs, makeInstalledTest, ... }:
makeInstalledTest {
tested = pkgs.gnomeExtensions.gsconnect;
withX11 = true;
}

2
nixos/tests/loki.nix
View File

@ -45,6 +45,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
machine.wait_for_open_port(3100)
machine.wait_for_open_port(9080)
machine.succeed("echo 'Loki Ingestion Test' > /var/log/testlog")
# should not have access to journal unless specified
machine.fail("systemctl show --property=SupplementaryGroups promtail | grep -q systemd-journal")
machine.wait_until_succeeds(
"${pkgs.grafana-loki}/bin/logcli --addr='http://localhost:3100' query --no-labels '{job=\"varlogs\",filename=\"/var/log/testlog\"}' | grep -q 'Loki Ingestion Test'"
)

48
nixos/tests/nar-serve.nix Normal file
View File

@ -0,0 +1,48 @@
import ./make-test-python.nix (
{ pkgs, lib, ... }:
{
name = "nar-serve";
meta.maintainers = [ lib.maintainers.rizary ];
nodes =
{
server = { pkgs, ... }: {
services.nginx = {
enable = true;
virtualHosts.default.root = "/var/www";
};
services.nar-serve = {
enable = true;
# Connect to the localhost nginx instead of the default
# https://cache.nixos.org
cacheURL = "http://localhost/";
};
environment.systemPackages = [
pkgs.hello
pkgs.curl
];
networking.firewall.allowedTCPPorts = [ 8383 ];
# virtualisation.diskSize = 2 * 1024;
};
};
testScript = ''
start_all()
# Create a fake cache with Nginx service the static files
server.succeed(
"nix copy --to file:///var/www ${pkgs.hello}"
)
server.wait_for_unit("nginx.service")
server.wait_for_open_port(80)
# Check that nar-serve can return the content of the derivation
drvName = os.path.basename("${pkgs.hello}")
drvHash = drvName.split("-")[0]
server.wait_for_unit("nar-serve.service")
server.succeed(
"curl -o hello -f http://localhost:8383/nix/store/{}/bin/hello".format(drvHash)
)
'';
}
)

6
nixos/tests/postfix.nix
View File

@ -11,9 +11,9 @@ import ./make-test-python.nix {
enable = true;
enableSubmission = true;
enableSubmissions = true;
sslCACert = certs.ca.cert;
sslCert = certs.${domain}.cert;
sslKey = certs.${domain}.key;
tlsTrustedAuthorities = "${certs.ca.cert}";
sslCert = "${certs.${domain}.cert}";
sslKey = "${certs.${domain}.key}";
submissionsOptions = {
smtpd_sasl_auth_enable = "yes";
smtpd_client_restrictions = "permit";

44
nixos/tests/prometheus-exporters.nix
View File

@ -609,6 +609,50 @@ let
'';
};
sql = {
exporterConfig = {
configuration.jobs.points = {
interval = "1m";
connections = [
"postgres://prometheus-sql-exporter@/data?host=/run/postgresql&sslmode=disable"
];
queries = {
points = {
labels = [ "name" ];
help = "Amount of points accumulated per person";
values = [ "amount" ];
query = "SELECT SUM(amount) as amount, name FROM points GROUP BY name";
};
};
};
enable = true;
user = "prometheus-sql-exporter";
};
metricProvider = {
services.postgresql = {
enable = true;
initialScript = builtins.toFile "init.sql" ''
CREATE DATABASE data;
\c data;
CREATE TABLE points (amount INT, name TEXT);
INSERT INTO points(amount, name) VALUES (1, 'jack');
INSERT INTO points(amount, name) VALUES (2, 'jill');
INSERT INTO points(amount, name) VALUES (3, 'jack');
CREATE USER "prometheus-sql-exporter";
GRANT ALL PRIVILEGES ON DATABASE data TO "prometheus-sql-exporter";
GRANT SELECT ON points TO "prometheus-sql-exporter";
'';
};
systemd.services.prometheus-sql-exporter.after = [ "postgresql.service" ];
};
exporterTest = ''
wait_for_unit("prometheus-sql-exporter.service")
wait_for_open_port(9237)
succeed("curl http://localhost:9237/metrics | grep -c 'sql_points{' | grep -q 2")
'';
};
surfboard = {
exporterConfig = {
enable = true;

16
nixos/tests/sbt-extras.nix Normal file
View File

@ -0,0 +1,16 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "sbt-extras";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ nequissimus ];
};
machine = { pkgs, ... }:
{
environment.systemPackages = [ pkgs.sbt-extras ];
};
testScript =
''
machine.succeed("(sbt -h)")
'';
})

20
nixos/tests/systemd-journal.nix Normal file
View File

@ -0,0 +1,20 @@
import ./make-test-python.nix ({ pkgs, ... }:
{
name = "systemd-journal";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lewo ];
};
machine = { pkgs, lib, ... }: {
services.journald.enableHttpGateway = true;
};
testScript = ''
machine.wait_for_unit("multi-user.target")
machine.succeed(
"${pkgs.curl}/bin/curl -s localhost:19531/machine | ${pkgs.jq}/bin/jq -e '.hostname == \"machine\"'"
)
'';
})

5
nixos/tests/telegraf.nix
View File

@ -6,12 +6,15 @@ import ./make-test-python.nix ({ pkgs, ...} : {
machine = { ... }: {
services.telegraf.enable = true;
services.telegraf.environmentFiles = [pkgs.writeText "secrets" ''
SECRET=example
''];
services.telegraf.extraConfig = {
agent.interval = "1s";
agent.flush_interval = "1s";
inputs.exec = {
commands = [
"${pkgs.runtimeShell} -c 'echo example,tag=a i=42i'"
"${pkgs.runtimeShell} -c 'echo $SECRET,tag=a i=42i'"
];
timeout = "5s";
data_format = "influx";

278
nixos/tests/unbound.nix Normal file
View File

@ -0,0 +1,278 @@
/*
Test that our unbound module indeed works as most users would expect.
There are a few settings that we must consider when modifying the test. The
ususal use-cases for unbound are
* running a recursive DNS resolver on the local machine
* running a recursive DNS resolver on the local machine, forwarding to a local DNS server via UDP/53 & TCP/53
* running a recursive DNS resolver on the local machine, forwarding to a local DNS server via TCP/853 (DoT)
* running a recursive DNS resolver on a machine in the network awaiting input from clients over TCP/53 & UDP/53
* running a recursive DNS resolver on a machine in the network awaiting input from clients over TCP/853 (DoT)
In the below test setup we are trying to implement all of those use cases.
Another aspect that we cover is access to the local control UNIX socket. It
can optionally be enabled and users can optionally be in a group to gain
access. Users that are not in the group (except for root) should not have
access to that socket. Also, when there is no socket configured, users
shouldn't be able to access the control socket at all. Not even root.
*/
import ./make-test-python.nix ({ pkgs, lib, ... }:
let
# common client configuration that we can just use for the multitude of
# clients we are constructing
common = { lib, pkgs, ... }: {
config = {
environment.systemPackages = [ pkgs.knot-dns ];
# disable the root anchor update as we do not have internet access during
# the test execution
services.unbound.enableRootTrustAnchor = false;
};
};
cert = pkgs.runCommandNoCC "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=dns.example.local'
mkdir -p $out
cp key.pem cert.pem $out
'';
in
{
name = "unbound";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ andir ];
};
nodes = {
# The server that actually serves our zones, this tests unbounds authoriative mode
authoritative = { lib, pkgs, config, ... }: {
imports = [ common ];
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{ address = "192.168.0.1"; prefixLength = 24; }
];
networking.interfaces.eth1.ipv6.addresses = lib.mkForce [
{ address = "fd21::1"; prefixLength = 64; }
];
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
services.unbound = {
enable = true;
interfaces = [ "192.168.0.1" "fd21::1" "::1" "127.0.0.1" ];
allowedAccess = [ "192.168.0.0/24" "fd21::/64" "::1" "127.0.0.0/8" ];
extraConfig = ''
server:
local-data: "example.local. IN A 1.2.3.4"
local-data: "example.local. IN AAAA abcd::eeff"
'';
};
};
# The resolver that knows that fowards (only) to the authoritative server
# and listens on UDP/53, TCP/53 & TCP/853.
resolver = { lib, nodes, ... }: {
imports = [ common ];
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{ address = "192.168.0.2"; prefixLength = 24; }
];
networking.interfaces.eth1.ipv6.addresses = lib.mkForce [
{ address = "fd21::2"; prefixLength = 64; }
];
networking.firewall.allowedTCPPorts = [
53 # regular DNS
853 # DNS over TLS
];
networking.firewall.allowedUDPPorts = [ 53 ];
services.unbound = {
enable = true;
allowedAccess = [ "192.168.0.0/24" "fd21::/64" "::1" "127.0.0.0/8" ];
interfaces = [ "::1" "127.0.0.1" "192.168.0.2" "fd21::2" "192.168.0.2@853" "fd21::2@853" "::1@853" "127.0.0.1@853" ];
forwardAddresses = [
(lib.head nodes.authoritative.config.networking.interfaces.eth1.ipv6.addresses).address
(lib.head nodes.authoritative.config.networking.interfaces.eth1.ipv4.addresses).address
];
extraConfig = ''
server:
tls-service-pem: ${cert}/cert.pem
tls-service-key: ${cert}/key.pem
'';
};
};
# machine that runs a local unbound that will be reconfigured during test execution
local_resolver = { lib, nodes, config, ... }: {
imports = [ common ];
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{ address = "192.168.0.3"; prefixLength = 24; }
];
networking.interfaces.eth1.ipv6.addresses = lib.mkForce [
{ address = "fd21::3"; prefixLength = 64; }
];
networking.firewall.allowedTCPPorts = [
53 # regular DNS
];
networking.firewall.allowedUDPPorts = [ 53 ];
services.unbound = {
enable = true;
allowedAccess = [ "::1" "127.0.0.0/8" ];
interfaces = [ "::1" "127.0.0.1" ];
localControlSocketPath = "/run/unbound/unbound.ctl";
extraConfig = ''
include: "/etc/unbound/extra*.conf"
'';
};
users.users = {
# user that is permitted to access the unix socket
someuser.extraGroups = [
config.users.users.unbound.group
];
# user that is not permitted to access the unix socket
unauthorizeduser = {};
};
environment.etc = {
"unbound-extra1.conf".text = ''
forward-zone:
name: "example.local."
forward-addr: ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address}
forward-addr: ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address}
'';
"unbound-extra2.conf".text = ''
auth-zone:
name: something.local.
zonefile: ${pkgs.writeText "zone" ''
something.local. IN A 3.4.5.6
''}
'';
};
};
# plain node that only has network access and doesn't run any part of the
# resolver software locally
client = { lib, nodes, ... }: {
imports = [ common ];
networking.nameservers = [
(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address
(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address
];
networking.interfaces.eth1.ipv4.addresses = [
{ address = "192.168.0.10"; prefixLength = 24; }
];
networking.interfaces.eth1.ipv6.addresses = [
{ address = "fd21::10"; prefixLength = 64; }
];
};
};
testScript = { nodes, ... }: ''
import typing
import json
zone = "example.local."
records = [("AAAA", "abcd::eeff"), ("A", "1.2.3.4")]
def query(
machine,
host: str,
query_type: str,
query: str,
expected: typing.Optional[str] = None,
args: typing.Optional[typing.List[str]] = None,
):
"""
Execute a single query and compare the result with expectation
"""
text_args = ""
if args:
text_args = " ".join(args)
out = machine.succeed(
f"kdig {text_args} {query} {query_type} @{host} +short"
).strip()
machine.log(f"{host} replied with {out}")
if expected:
assert expected == out, f"Expected `{expected}` but got `{out}`"
def test(machine, remotes, /, doh=False, zone=zone, records=records, args=[]):
"""
Run queries for the given remotes on the given machine.
"""
for query_type, expected in records:
for remote in remotes:
query(machine, remote, query_type, zone, expected, args)
query(machine, remote, query_type, zone, expected, ["+tcp"] + args)
if doh:
query(
machine,
remote,
query_type,
zone,
expected,
["+tcp", "+tls"] + args,
)
client.start()
authoritative.wait_for_unit("unbound.service")
# verify that we can resolve locally
with subtest("test the authoritative servers local responses"):
test(authoritative, ["::1", "127.0.0.1"])
resolver.wait_for_unit("unbound.service")
with subtest("root is unable to use unbounc-control when the socket is not configured"):
resolver.succeed("which unbound-control") # the binary must exist
resolver.fail("unbound-control list_forwards") # the invocation must fail
# verify that the resolver is able to resolve on all the local protocols
with subtest("test that the resolver resolves on all protocols and transports"):
test(resolver, ["::1", "127.0.0.1"], doh=True)
resolver.wait_for_unit("multi-user.target")
with subtest("client should be able to query the resolver"):
test(client, ["${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address}", "${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address}"], doh=True)
# discard the client we do not need anymore
client.shutdown()
local_resolver.wait_for_unit("multi-user.target")
# link a new config file to /etc/unbound/extra.conf
local_resolver.succeed("ln -s /etc/unbound-extra1.conf /etc/unbound/extra1.conf")
# reload the server & ensure the forwarding works
with subtest("test that the local resolver resolves on all protocols and transports"):
local_resolver.succeed("systemctl reload unbound")
print(local_resolver.succeed("journalctl -u unbound -n 1000"))
test(local_resolver, ["::1", "127.0.0.1"], args=["+timeout=60"])
with subtest("test that we can use the unbound control socket"):
out = local_resolver.succeed(
"sudo -u someuser -- unbound-control list_forwards"
).strip()
# Thank you black! Can't really break this line into a readable version.
expected = "example.local. IN forward ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address} ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address}"
assert out == expected, f"Expected `{expected}` but got `{out}` instead."
local_resolver.fail("sudo -u unauthorizeduser -- unbound-control list_forwards")
# link a new config file to /etc/unbound/extra.conf
local_resolver.succeed("ln -sf /etc/unbound-extra2.conf /etc/unbound/extra2.conf")
# reload the server & ensure the new local zone works
with subtest("test that we can query the new local zone"):
local_resolver.succeed("unbound-control reload")
r = [("A", "3.4.5.6")]
test(local_resolver, ["::1", "127.0.0.1"], zone="something.local.", records=r)
'';
})

35
nixos/tests/zfs.nix
View File

@ -18,7 +18,7 @@ let
maintainers = [ adisbladis ];
};
machine = { pkgs, ... }: {
machine = { pkgs, lib, ... }: {
virtualisation.emptyDiskImages = [ 4096 ];
networking.hostId = "deadbeef";
boot.kernelPackages = kernelPackage;
@ -26,6 +26,24 @@ let
boot.zfs.enableUnstable = enableUnstable;
environment.systemPackages = [ pkgs.parted ];
# Setup regular fileSystems machinery to ensure forceImportAll can be
# tested via the regular service units.
fileSystems = lib.mkVMOverride {
"/forcepool" = {
device = "forcepool";
fsType = "zfs";
options = [ "noauto" ];
};
};
# forcepool doesn't exist at first boot, and we need to manually test
# the import after tweaking the hostId.
systemd.services.zfs-import-forcepool.wantedBy = lib.mkVMOverride [];
systemd.targets.zfs.wantedBy = lib.mkVMOverride [];
boot.zfs.forceImportAll = true;
# /dev/disk/by-id doesn't get populated in the NixOS test framework
boot.zfs.devNodes = "/dev/disk/by-uuid";
};
testScript = ''
@ -57,6 +75,21 @@ let
"zpool destroy rpool",
"udevadm settle",
)
with subtest("boot.zfs.forceImportAll works"):
machine.succeed(
"rm /etc/hostid",
"zgenhostid deadcafe",
"zpool create forcepool /dev/vdb1 -O mountpoint=legacy",
)
machine.shutdown()
machine.start()
machine.succeed("udevadm settle")
machine.fail("zpool import forcepool")
machine.succeed(
"systemctl start zfs-import-forcepool.service",
"mount -t zfs forcepool /tmp/mnt",
)
'' + extraTest;
};

4
pkgs/applications/accessibility/contrast/default.nix
View File

@ -6,7 +6,7 @@
, gettext
, glib
, gtk3
, libhandy
, libhandy_0
, meson
, ninja
, pango
@ -48,7 +48,7 @@ rustPlatform.buildRustPackage rec {
dbus
glib
gtk3
libhandy
libhandy_0
pango
];

7
pkgs/applications/audio/bambootracker/default.nix
View File

@ -3,7 +3,6 @@
, fetchFromGitHub
, qmake
, qtbase
, qtmultimedia
, qttools
, alsaSupport ? stdenv.hostPlatform.isLinux
, alsaLib
@ -19,20 +18,20 @@ let
in
mkDerivation rec {
pname = "bambootracker";
version = "0.4.4";
version = "0.4.5";
src = fetchFromGitHub {
owner = "rerrahkr";
repo = "BambooTracker";
rev = "v${version}";
sha256 = "0d0f4jqzknsiq725pvfndarfjg183f92rb0lim3wzshnsixr5vdc";
sha256 = "0ibi0sykxf6cp5la2c4pgxf5gvy56yv259fbmdwdrdyv6vlddf42";
};
sourceRoot = "source/BambooTracker";
nativeBuildInputs = [ qmake qttools ];
buildInputs = [ qtbase qtmultimedia ]
buildInputs = [ qtbase ]
++ optional alsaSupport alsaLib
++ optional pulseSupport libpulseaudio
++ optional jackSupport libjack2;

4
pkgs/applications/audio/ft2-clone/default.nix
View File

@ -9,13 +9,13 @@
stdenv.mkDerivation rec {
pname = "ft2-clone";
version = "1.37";
version = "1.40";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "ft2-clone";
rev = "v${version}";
sha256 = "1lhpzd46mpr3bq13qhd0bq724db5fhc8jplfb684c2q7sc4v92nk";
sha256 = "0qc3hai6fhn4amk5ixmxx3yswsi25qpax0r9nvvnyhbcb6crqcs1";
};
nativeBuildInputs = [ cmake ];

4
pkgs/applications/audio/gnome-podcasts/default.nix
View File

@ -10,7 +10,7 @@
, python3
, pkgconfig
, glib
, libhandy
, libhandy_0
, gtk3
, dbus
, openssl
@ -48,7 +48,7 @@ rustPlatform.buildRustPackage rec {
buildInputs = [
glib
gtk3
libhandy
libhandy_0
dbus
openssl
sqlite

6
pkgs/applications/audio/lollypop/default.nix
View File

@ -7,6 +7,7 @@
, python3
, gtk3
, gst_all_1
, libhandy
, libsecret
, libsoup
, appstream-glib
@ -24,7 +25,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "lollypop";
version = "1.3.2";
version = "1.4.5";
format = "other";
doCheck = false;
@ -33,7 +34,7 @@ python3.pkgs.buildPythonApplication rec {
url = "https://gitlab.gnome.org/World/lollypop";
rev = "refs/tags/${version}";
fetchSubmodules = true;
sha256 = "14854j1dhq67s1vzs0lqy345vbl6f5w8nb36n4i33fmpva2flsk3";
sha256 = "1i5qcpp3fpkda08g6nkiiff8lsjmv5xsvpa0512kigq5z0lsagrx";
};
nativeBuildInputs = [
@ -57,6 +58,7 @@ python3.pkgs.buildPythonApplication rec {
gst-plugins-ugly
gstreamer
gtk3
libhandy
libsoup
pango
totem-pl-parser

3
pkgs/applications/audio/musescore/darwin.nix
View File

@ -11,6 +11,9 @@ stdenv.mkDerivation rec {
pname = "musescore-darwin";
version = concatStringsSep "." versionComponents;
# The disk image contains the .app and a symlink to /Applications.
sourceRoot = "${appName}.app";
src = fetchurl {
url = "ftp://ftp.osuosl.org/pub/musescore/releases/MuseScore-${concatStringsSep "." (take 3 versionComponents)}/MuseScore-${version}.dmg";
sha256 = "19xkaxlkbrhvfip6n3iw6q7463ngr6y5gfisrpjqg2xl2igyl795";

4
pkgs/applications/audio/musikcube/default.nix
View File

@ -17,13 +17,13 @@
stdenv.mkDerivation rec {
pname = "musikcube";
version = "0.93.1";
version = "0.95.0";
src = fetchFromGitHub {
owner = "clangen";
repo = pname;
rev = version;
sha256 = "05qsxyr7x8l0vlmn4yjg4gglxvcw9raf6vfzvblsl2ngsdsrnizy";
sha256 = "16ksr4yjkg88bpij1i49dzi07ffhqq8b36r090y4fq5czrc420rc";
};
nativeBuildInputs = [

4
pkgs/applications/audio/ocenaudio/default.nix
View File

@ -11,11 +11,11 @@
stdenv.mkDerivation rec {
pname = "ocenaudio";
version = "3.9.2";
version = "3.9.5";
src = fetchurl {
url = "https://www.ocenaudio.com/downloads/index.php/ocenaudio_debian9_64.deb?version=${version}";
sha256 = "1fvpba3dnzb7sm6gp0znbrima02ckfiy2zwb66x1gr05y9a56inv";
sha256 = "13hvdfydlgp2qf49ddhdzghz5jkyx1rhnsj8sf8khfxf9k8phkjd";
};

4
pkgs/applications/audio/plexamp/default.nix
View File

@ -2,13 +2,13 @@
let
pname = "plexamp";
version = "3.2.0";
version = "3.3.1";
name = "${pname}-${version}";
src = fetchurl {
url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage";
sha256 = "R1BhobnwoU7oJ7bNes8kH2neXqHlMPbRCNjcHyzUPqo=";
name="${pname}-${version}.AppImage";
sha256 = "6/asP8VR+rJ52lKKds46gSw1or9suUEmyR75pjdWHIQ=";
};
appimageContents = appimageTools.extractType2 {

4
pkgs/applications/audio/ptcollab/default.nix
View File

@ -9,13 +9,13 @@
mkDerivation rec {
pname = "ptcollab";
version = "0.3.4.1";
version = "0.3.5";
src = fetchFromGitHub {
owner = "yuxshao";
repo = "ptcollab";
rev = "v${version}";
sha256 = "0rjyhxfad864w84n0bxyhc1jjxhzwwdx26r6psba2582g90cv024";
sha256 = "0mgn7lkpgj72hsybnnj0kpfyls4aha1qvv4nhdyclqdfbb6mldxg";
};
nativeBuildInputs = [ qmake ];

12
pkgs/applications/audio/pulseaudio-modules-bt/default.nix
View File

@ -18,8 +18,12 @@
let
pulseSources = runCommand "pulseaudio-sources" {} ''
mkdir $out
tar -xf ${pulseaudio.src}
mv pulseaudio*/* $out/
if [ -d ${pulseaudio.src} ]; then
ln -s ${pulseaudio.src}/* $out/
else
tar -xf ${pulseaudio.src}
mv pulseaudio*/* $out/
fi
'';
in stdenv.mkDerivation rec {
@ -61,7 +65,7 @@ in stdenv.mkDerivation rec {
# Pulseaudio version is detected with a -rebootstrapped suffix which build system assumptions
substituteInPlace config.h.in --replace PulseAudio_VERSION ${pulseaudio.version}
substituteInPlace CMakeLists.txt --replace '${"\${PulseAudio_VERSION}"}' ${pulseaudio.version}
substituteInPlace CMakeLists.txt --replace '${"\${PULSE_DIR}"}' ${pulseaudio.pulseDir}
# Fraunhofer recommends to enable afterburner but upstream has it set to false by default
substituteInPlace src/modules/bluetooth/a2dp/a2dp_aac.c \
@ -72,7 +76,7 @@ in stdenv.mkDerivation rec {
for so in $out/lib/pulse-${pulseaudio.version}/modules/*.so; do
orig_rpath=$(patchelf --print-rpath "$so")
patchelf \
--set-rpath "${ldacbt}/lib:${lib.getLib ffmpeg}/lib:$out/lib/pulse-${pulseaudio.version}/modules:$orig_rpath" \
--set-rpath "${ldacbt}/lib:${lib.getLib ffmpeg}/lib:$out/${pulseaudio.pulseDir}/modules:$orig_rpath" \
"$so"
done
'';

2
pkgs/applications/audio/pulseaudio-modules-bt/fix-install-path.patch
View File

@ -8,4 +8,4 @@ index 8d20dbf..63fe7ba 100644
module-bluetooth-policy
- LIBRARY DESTINATION ${PulseAudio_modlibexecdir})
-
+ LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/lib/pulse-${PulseAudio_VERSION}/modules/)
+ LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/${PULSE_DIR}/modules/)

4
pkgs/applications/audio/qmmp/default.nix
View File

@ -29,11 +29,11 @@
# handle that.
mkDerivation rec {
name = "qmmp-1.4.1";
name = "qmmp-1.4.2";
src = fetchurl {
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
sha256 = "0p18r2ri75vbyjzfa7bcl1dm372m6jvn9zj2p5ia2rh1g77fbm9a";
sha256 = "1kvzw0n90crg3dgy8834qrjv0zb3ia5cny7virax9ax73y653jfa";
};
nativeBuildInputs = [ cmake pkgconfig ];

4
pkgs/applications/audio/qtractor/default.nix
View File

@ -5,11 +5,11 @@
stdenv.mkDerivation rec {
pname = "qtractor";
version = "0.9.15";
version = "0.9.18";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz";
sha256 = "0k7a6llwrzs07flr9mvzvay9ygc2x64syg8npyabsw5a4d85fwsx";
sha256 = "121vmygdzp37p6f93f8dbbg2m2r55j7amyiapzkqgypgn4vfdbwr";
};
nativeBuildInputs = [

4
pkgs/applications/audio/shortwave/default.nix
View File

@ -8,7 +8,7 @@
, glib
, gst_all_1
, gtk3
, libhandy
, libhandy_0
, meson
, ninja
, openssl
@ -53,7 +53,7 @@ rustPlatform.buildRustPackage rec {
gdk-pixbuf
glib
gtk3
libhandy
libhandy_0
openssl
sqlite
] ++ (with gst_all_1; [

17
pkgs/applications/audio/vmpk/default.nix
View File

@ -1,19 +1,22 @@
{ stdenv, fetchurl, cmake, pkgconfig, alsaLib, libjack2, qt4 }:
{ mkDerivation, lib, fetchurl, cmake, pkg-config
, qttools, qtx11extras, drumstick
, docbook-xsl-nons
}:
stdenv.mkDerivation rec {
mkDerivation rec {
pname = "vmpk";
version = "0.5.1";
version = "0.7.2";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${version}/${pname}-${version}.tar.bz2";
sha256 = "11fqnxgs9hr9255d93n7lazxzjwn8jpmn23nywdksh0pb1ffvfrc";
sha256 = "5oLrjQADg59Mxpb0CNLQAE574IOSYLDLJNaQ/9q2cMQ=";
};
nativeBuildInputs = [ cmake pkgconfig ];
nativeBuildInputs = [ cmake pkg-config qttools docbook-xsl-nons ];
buildInputs = [ alsaLib libjack2 qt4 ];
buildInputs = [ qtx11extras drumstick ];
meta = with stdenv.lib; {
meta = with lib; {
description = "Virtual MIDI Piano Keyboard";
homepage = "http://vmpk.sourceforge.net/";
license = licenses.gpl3Plus;

4
pkgs/applications/backup/deja-dup/default.nix
View File

@ -12,7 +12,7 @@
, coreutils
, libsoup
, libsecret
, libhandy
, libhandy_0
, wrapGAppsHook
, libgpgerror
, json-glib
@ -53,7 +53,7 @@ stdenv.mkDerivation rec {
glib
gtk3
libsecret
libhandy
libhandy_0
libgpgerror
json-glib
];

4
pkgs/applications/blockchains/ergo/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "ergo";
version = "3.3.5";
version = "3.3.6";
src = fetchurl {
url = "https://github.com/ergoplatform/ergo/releases/download/v${version}/ergo-${version}.jar";
sha256 = "0bxzpwwb42bppqli3zggx3lah7g6kwmy6k6k6dinypj6x0bafqcg";
sha256 = "1zi559ixjxxsrpvvjbxa1d0g96px3h9amjvy149sfhp7b8w5hhk3";
};
nativeBuildInputs = [ makeWrapper ];

4
pkgs/applications/blockchains/exodus/default.nix
View File

@ -4,11 +4,11 @@ cups, vivaldi-ffmpeg-codecs, libpulseaudio, at-spi2-core }:
stdenv.mkDerivation rec {
pname = "exodus";
version = "20.10.23";
version = "20.11.10";
src = fetchurl {
url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip";
sha256 = "083hcxljqg36ilpy6xa4j455ngpc775qgam0dbj26kg7sh33dz2c";
sha256 = "1a7qrh5mdkqpz5cpk5jdq0s2cfrvn7ja76r5cmhs70ba1xnzd8rq";
};
sourceRoot = ".";

41
pkgs/applications/blockchains/freicoin.nix
View File

@ -1,41 +0,0 @@
{ fetchFromGitHub, stdenv, db, boost, gmp, mpfr, qt4, qmake4Hook }:
stdenv.mkDerivation rec {
version = "0.8.6-2";
pname = "freicoin";
src = fetchFromGitHub {
owner = "freicoin";
repo = "freicoin";
rev = "v${version}";
sha256 = "1v1qwv4x5agjba82s1vknmdgq67y26wzdwbmwwqavv7f7y3y860h";
};
enableParallelBuilding = false;
qmakeFlags = ["USE_UPNP=-"];
# I think that openssl and zlib are required, but come through other
# packages
preBuild = "unset AR";
installPhase = ''
mkdir -p $out/bin
cp freicoin-qt $out/bin
'';
nativeBuildInputs = [ qmake4Hook ];
buildInputs = [ db boost gmp mpfr qt4 ];
meta = with stdenv.lib; {
description = "Peer-to-peer currency with demurrage fee";
homepage = "http://freicoi.in/";
license = licenses.mit;
maintainers = [ maintainers.viric ];
platforms = platforms.linux;
# upstream doesn't support newer openssl versions, use 1.0.1 for testing
broken = true;
};
}

4
pkgs/applications/blockchains/go-ethereum.nix
View File

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "go-ethereum";
version = "1.9.23";
version = "1.9.24";
src = fetchFromGitHub {
owner = "ethereum";
repo = pname;
rev = "v${version}";
sha256 = "0w65sln5l3sxwzxwjvyaial0m1kxhivhw8xwl5faxxxlk50rs4wm";
sha256 = "0nrx5fwfij9wajd3lj76hh1yv4zg4q3jc76a76m22djn1njl0n5j";
};
runVend = true;

14
pkgs/applications/blockchains/monero-gui/default.nix
View File

@ -1,5 +1,6 @@
{ stdenv, wrapQtAppsHook, makeDesktopItem
, fetchFromGitHub
, fetchpatch
, cmake, qttools, pkgconfig
, qtbase, qtdeclarative, qtgraphicaleffects
, qtmultimedia, qtxmlpatterns
@ -27,13 +28,13 @@ in
stdenv.mkDerivation rec {
pname = "monero-gui";
version = "0.17.1.1";
version = "0.17.1.4";
src = fetchFromGitHub {
owner = "monero-project";
repo = "monero-gui";
rev = "v${version}";
sha256 = "0aqhp4rmqsgwjb875kgh6qwz0wyyiag1fksyic9cnhgg5j5y95nx";
sha256 = "1ixjfdlvwr2an2s9jaql240bk7jpq5hhm5c4hww0bicyy3fp12ng";
};
nativeBuildInputs = [
@ -58,7 +59,14 @@ stdenv.mkDerivation rec {
chmod -R +w source/monero
'';
patches = [ ./move-log-file.patch ];
patches = [
./move-log-file.patch
# fix build failure due to invalid use of CMAKE_PREFIX_PATH
(fetchpatch {
url = "https://github.com/monero-project/monero-gui/commit/ef2be82c21b0934522ad8e110805b66f5948da1f.patch";
sha256 = "1rhazk2xwa5dv1cmkrkq8yr08qxslg4k929cvlliabrx20kbr5z5";
})
];
postPatch = ''
# set monero-gui version

4
pkgs/applications/blockchains/monero/default.nix
View File

@ -17,13 +17,13 @@ assert trezorSupport -> all (x: x!=null) [ libusb1 protobuf python3 ];
stdenv.mkDerivation rec {
pname = "monero";
version = "0.17.1.1";
version = "0.17.1.3";
src = fetchFromGitHub {
owner = "monero-project";
repo = "monero";
rev = "v${version}";
sha256 = "18x27dm24k04vx0yz57zi02rk0wrmbn4wr8alqf48dq6z9wr0fhp";
sha256 = "1ddkdfd8i5q509qziwcx1f6nm8axs4a1ppzv2y5lgsqpq375if6j";
fetchSubmodules = true;
};

2
pkgs/applications/blockchains/namecoin.nix
View File

@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
description = "Decentralized open source information registration and transfer system based on the Bitcoin cryptocurrency";
homepage = "https://namecoin.org";
license = licenses.mit;
maintainers = with maintainers; [ doublec infinisil ];
maintainers = with maintainers; [ infinisil ];
platforms = platforms.linux;
};
}

16
pkgs/applications/blockchains/openethereum/default.nix
View File

@ -5,23 +5,23 @@
, llvmPackages
, openssl
, pkg-config
, stdenv
, systemd
, darwin
}:
rustPlatform.buildRustPackage rec {
pname = "openethereum";
version = "3.0.1";
version = "3.1.0";
src = fetchFromGitHub {
owner = "openethereum";
repo = "openethereum";
rev = "v${version}";
sha256 = "08dkcrga1x18csh6pw6f54x5xwijppyjhg46cf4p452xc1l3a6ir";
sha256 = "cs84Zz0nhagGDu5sDFTaFZF3SPEgJU8F4vGX7KLihOM=";
};
cargoSha256 = "1xliragihwjfc5qmfm0ng519bw8a28m1w1yqcl9mpk8zywiybaah";
cargoPatches = [ ./lock.patch ];
cargoSha256 = "6suNkHw1BbISb0MkYkUaD+mpUal+kn3y1SFVqzJFqJc=";
LIBCLANG_PATH = "${llvmPackages.libclang}/lib";
nativeBuildInputs = [
@ -31,7 +31,9 @@ rustPlatform.buildRustPackage rec {
pkg-config
];
buildInputs = [ openssl systemd ];
buildInputs = [ openssl ]
++ stdenv.lib.optionals stdenv.isLinux [ systemd ]
++ stdenv.lib.optionals stdenv.isDarwin [ darwin.Security ];
cargoBuildFlags = [ "--features final" ];
@ -43,6 +45,6 @@ rustPlatform.buildRustPackage rec {
homepage = "http://parity.io/ethereum";
license = licenses.gpl3;
maintainers = with maintainers; [ akru xrelkd ];
platforms = platforms.linux;
platforms = stdenv.lib.platforms.unix;
};
}

20
pkgs/applications/blockchains/openethereum/lock.patch
View File

@ -1,20 +0,0 @@
--- /nix/store/hv764a65zmfzw5scjhz5839agv10da6x-source/Cargo.lock 1969-12-31 16:00:01.000000000 -0800
+++ ./Cargo.lock 2020-07-31 21:30:31.146750066 -0700
@@ -3113,7 +3113,7 @@
[[package]]
name = "openethereum"
-version = "3.0.0"
+version = "3.0.1"
dependencies = [
"ansi_term",
"atty",
@@ -3562,7 +3562,7 @@
[[package]]
name = "parity-version"
-version = "3.0.0"
+version = "3.0.1"
dependencies = [
"parity-bytes",
"rlp",

Some files were not shown because too many files have changed in this diff Show More