Merge branch 'master' into wrapprogram-for-phpdbg
This commit is contained in:
commit
aaa7af13dc
@ -76,10 +76,12 @@ trim_trailing_whitespace = unset
|
||||
|
||||
[pkgs/build-support/dotnetenv/Wrapper/**]
|
||||
end_of_line = unset
|
||||
indent_style = unset
|
||||
insert_final_newline = unset
|
||||
trim_trailing_whitespace = unset
|
||||
|
||||
[pkgs/build-support/upstream-updater/**]
|
||||
indent_style = unset
|
||||
trim_trailing_whitespace = unset
|
||||
|
||||
[pkgs/development/compilers/elm/registry.dat]
|
||||
@ -96,6 +98,9 @@ trim_trailing_whitespace = unset
|
||||
[pkgs/development/node-packages/composition.nix]
|
||||
insert_final_newline = unset
|
||||
|
||||
[pkgs/development/{perl-modules,ocaml-modules,tools/ocaml}/**]
|
||||
indent_style = unset
|
||||
|
||||
[pkgs/servers/dict/wordnet_structures.py]
|
||||
trim_trailing_whitespace = unset
|
||||
|
||||
|
2
.github/CODEOWNERS
vendored
2
.github/CODEOWNERS
vendored
@ -207,7 +207,7 @@
|
||||
/nixos/tests/podman.nix @NixOS/podman @zowoq
|
||||
|
||||
# Docker tools
|
||||
/pkgs/build-support/docker @roberth
|
||||
/pkgs/build-support/docker @roberth @utdemir
|
||||
/nixos/tests/docker-tools-overlay.nix @roberth
|
||||
/nixos/tests/docker-tools.nix @roberth
|
||||
/doc/builders/images/dockertools.xml @roberth
|
||||
|
2
.github/PULL_REQUEST_TEMPLATE.md
vendored
2
.github/PULL_REQUEST_TEMPLATE.md
vendored
@ -5,7 +5,7 @@ comment describing what you have tested in the relevant package/service.
|
||||
Reviewing helps to reduce the average time-to-merge for everyone.
|
||||
Thanks a lot if you do!
|
||||
List of open PRs: https://github.com/NixOS/nixpkgs/pulls
|
||||
Reviewing guidelines: https://hydra.nixos.org/job/nixpkgs/trunk/manual/latest/download/1/nixpkgs/manual.html#chap-reviewing-contributions
|
||||
Reviewing guidelines: https://nixos.org/manual/nixpkgs/unstable/#chap-reviewing-contributions
|
||||
-->
|
||||
|
||||
###### Motivation for this change
|
||||
|
4
.github/workflows/editorconfig.yml
vendored
4
.github/workflows/editorconfig.yml
vendored
@ -2,6 +2,8 @@ name: "Checking EditorConfig"
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches-ignore:
|
||||
- 'release-**'
|
||||
|
||||
jobs:
|
||||
tests:
|
||||
@ -23,5 +25,5 @@ jobs:
|
||||
- name: Checking EditorConfig
|
||||
if: env.GIT_DIFF
|
||||
run: |
|
||||
./bin/editorconfig-checker -disable-indentation \
|
||||
./bin/editorconfig-checker -disable-indent-size \
|
||||
${{ env.GIT_DIFF }}
|
||||
|
@ -8,7 +8,7 @@
|
||||
</p>
|
||||
|
||||
[Nixpkgs](https://github.com/nixos/nixpkgs) is a collection of over
|
||||
40,000 software packages that can be installed with the
|
||||
60,000 software packages that can be installed with the
|
||||
[Nix](https://nixos.org/nix/) package manager. It also implements
|
||||
[NixOS](https://nixos.org/nixos/), a purely-functional Linux distribution.
|
||||
|
||||
|
@ -7,8 +7,8 @@
|
||||
<warning>
|
||||
<para>
|
||||
The following section is a draft, and the policy for reviewing is still being discussed in issues such as <link
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/issues/11166">#11166 </link> and <link
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/issues/20836">#20836 </link>.
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/issues/11166">#11166 </link> and <link
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/issues/20836">#20836 </link>.
|
||||
</para>
|
||||
</warning>
|
||||
<para>
|
||||
@ -47,18 +47,6 @@
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
Add labels to the pull request. (Requires commit rights)
|
||||
</para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>8.has: package (update)</literal> and any topic label that fit the updated package.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Ensure that the package versioning fits the guidelines.
|
||||
@ -186,18 +174,6 @@
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
Add labels to the pull request. (Requires commit rights)
|
||||
</para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>8.has: package (new)</literal> and any topic label that fit the new package.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Ensure that the package versioning is fitting the guidelines.
|
||||
@ -302,18 +278,6 @@
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
Add labels to the pull request. (Requires commit rights)
|
||||
</para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>8.has: module (update)</literal> and any topic label that fit the module.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Ensure that the module maintainers are notified.
|
||||
@ -406,18 +370,6 @@
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
Add labels to the pull request. (Requires commit rights)
|
||||
</para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>8.has: module (new)</literal> and any topic label that fit the module.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Ensure that the module tests, if any, are succeeding.
|
||||
|
@ -64,9 +64,9 @@ $ dotnet --info
|
||||
|
||||
The `dotnetCorePackages.sdk_X_Y` is preferred over the old dotnet-sdk as both major and minor version are very important for a dotnet environment. If a given minor version isn't present (or was changed), then this will likely break your ability to build a project.
|
||||
|
||||
## dotnetCorePackages.sdk vs dotnetCorePackages.netcore vs dotnetCorePackages.aspnetcore
|
||||
## dotnetCorePackages.sdk vs vs dotnetCorePackages.net vs dotnetCorePackages.netcore vs dotnetCorePackages.aspnetcore
|
||||
|
||||
The `dotnetCorePackages.sdk` contains both a runtime and the full sdk of a given version. The `netcore` and `aspnetcore` packages are meant to serve as minimal runtimes to deploy alongside already built applications.
|
||||
The `dotnetCorePackages.sdk` contains both a runtime and the full sdk of a given version. The `net`, `netcore` and `aspnetcore` packages are meant to serve as minimal runtimes to deploy alongside already built applications. For runtime versions >= .NET 5 `net` is used while `netcore` is used for older .NET Core runtime version.
|
||||
|
||||
## Packaging a Dotnet Application
|
||||
|
||||
|
@ -189,8 +189,7 @@ hello-2.3 A program that produces a familiar, friendly greeting
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
A list of names and e-mail addresses of the maintainers of this Nix expression. If you would like to be a maintainer of a package, you may want to add yourself to <link
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/maintainers/maintainer-list.nix"><filename>nixpkgs/maintainers/maintainer-list.nix</filename></link> and write something like <literal>[ stdenv.lib.maintainers.alice stdenv.lib.maintainers.bob ]</literal>.
|
||||
A list of the maintainers of this Nix expression. Maintainers are defined in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/maintainers/maintainer-list.nix"><filename>nixpkgs/maintainers/maintainer-list.nix</filename></link>. There is no restriction to becoming a maintainer, just add yourself to that list in a separate commit titled 'maintainers: add alice', and reference maintainers with <literal>maintainers = with lib.maintainers; [ alice bob ]</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -5,7 +5,7 @@
|
||||
*/
|
||||
let
|
||||
|
||||
inherit (import ./fixed-points.nix {}) makeExtensible;
|
||||
inherit (import ./fixed-points.nix { inherit lib; }) makeExtensible;
|
||||
|
||||
lib = makeExtensible (self: let
|
||||
callLibs = file: import file { lib = self; };
|
||||
@ -69,7 +69,7 @@ let
|
||||
importJSON importTOML warn info showWarnings nixpkgsVersion version mod compare
|
||||
splitByAndCompare functionArgs setFunctionArgs isFunction toHexString toBaseDigits;
|
||||
inherit (self.fixedPoints) fix fix' converge extends composeExtensions
|
||||
makeExtensible makeExtensibleWithCustomName;
|
||||
composeManyExtensions makeExtensible makeExtensibleWithCustomName;
|
||||
inherit (self.attrsets) attrByPath hasAttrByPath setAttrByPath
|
||||
getAttrFromPath attrVals attrValues getAttrs catAttrs filterAttrs
|
||||
filterAttrsRecursive foldAttrs collect nameValuePair mapAttrs
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ ... }:
|
||||
{ lib, ... }:
|
||||
rec {
|
||||
# Compute the fixed point of the given function `f`, which is usually an
|
||||
# attribute set that expects its final, non-recursive representation as an
|
||||
@ -77,6 +77,15 @@ rec {
|
||||
super' = super // fApplied;
|
||||
in fApplied // g self super';
|
||||
|
||||
# Compose several extending functions of the type expected by 'extends' into
|
||||
# one where changes made in preceding functions are made available to
|
||||
# subsequent ones.
|
||||
#
|
||||
# composeManyExtensions : [packageSet -> packageSet -> packageSet] -> packageSet -> packageSet -> packageSet
|
||||
# ^final ^prev ^overrides ^final ^prev ^overrides
|
||||
composeManyExtensions =
|
||||
lib.foldr (x: y: composeExtensions x y) (self: super: {});
|
||||
|
||||
# Create an overridable, recursive attribute set. For example:
|
||||
#
|
||||
# nix-repl> obj = makeExtensible (self: { })
|
||||
|
@ -561,7 +561,9 @@ rec {
|
||||
enableFeature false "shared"
|
||||
=> "--disable-shared"
|
||||
*/
|
||||
enableFeature = enable: feat: "--${if enable then "enable" else "disable"}-${feat}";
|
||||
enableFeature = enable: feat:
|
||||
assert isString feat; # e.g. passing openssl instead of "openssl"
|
||||
"--${if enable then "enable" else "disable"}-${feat}";
|
||||
|
||||
/* Create an --{enable-<feat>=<value>,disable-<feat>} string that can be passed to
|
||||
standard GNU Autoconf scripts.
|
||||
@ -583,7 +585,9 @@ rec {
|
||||
withFeature false "shared"
|
||||
=> "--without-shared"
|
||||
*/
|
||||
withFeature = with_: feat: "--${if with_ then "with" else "without"}-${feat}";
|
||||
withFeature = with_: feat:
|
||||
assert isString feat; # e.g. passing openssl instead of "openssl"
|
||||
"--${if with_ then "with" else "without"}-${feat}";
|
||||
|
||||
/* Create an --{with-<feat>=<value>,without-<feat>} string that can be passed to
|
||||
standard GNU Autoconf scripts.
|
||||
|
@ -35,6 +35,9 @@ let
|
||||
"msp430-none"
|
||||
"riscv64-none" "riscv32-none"
|
||||
"vc4-none"
|
||||
"or1k-none"
|
||||
|
||||
"mmix-mmixware"
|
||||
|
||||
"js-ghcjs"
|
||||
|
||||
@ -56,8 +59,10 @@ in {
|
||||
i686 = filterDoubles predicates.isi686;
|
||||
x86_64 = filterDoubles predicates.isx86_64;
|
||||
mips = filterDoubles predicates.isMips;
|
||||
mmix = filterDoubles predicates.isMmix;
|
||||
riscv = filterDoubles predicates.isRiscV;
|
||||
vc4 = filterDoubles predicates.isVc4;
|
||||
or1k = filterDoubles predicates.isOr1k;
|
||||
js = filterDoubles predicates.isJavaScript;
|
||||
|
||||
bigEndian = filterDoubles predicates.isBigEndian;
|
||||
|
@ -109,6 +109,11 @@ rec {
|
||||
platform = platforms.riscv-multiplatform "32";
|
||||
};
|
||||
|
||||
mmix = {
|
||||
config = "mmix-unknown-mmixware";
|
||||
libc = "newlib";
|
||||
};
|
||||
|
||||
msp430 = {
|
||||
config = "msp430-elf";
|
||||
libc = "newlib";
|
||||
@ -124,6 +129,12 @@ rec {
|
||||
platform = {};
|
||||
};
|
||||
|
||||
or1k = {
|
||||
config = "or1k-elf";
|
||||
libc = "newlib";
|
||||
platform = {};
|
||||
};
|
||||
|
||||
arm-embedded = {
|
||||
config = "arm-none-eabi";
|
||||
libc = "newlib";
|
||||
|
@ -17,6 +17,7 @@ rec {
|
||||
isAarch32 = { cpu = { family = "arm"; bits = 32; }; };
|
||||
isAarch64 = { cpu = { family = "arm"; bits = 64; }; };
|
||||
isMips = { cpu = { family = "mips"; }; };
|
||||
isMmix = { cpu = { family = "mmix"; }; };
|
||||
isRiscV = { cpu = { family = "riscv"; }; };
|
||||
isSparc = { cpu = { family = "sparc"; }; };
|
||||
isWasm = { cpu = { family = "wasm"; }; };
|
||||
@ -24,6 +25,7 @@ rec {
|
||||
isVc4 = { cpu = { family = "vc4"; }; };
|
||||
isAvr = { cpu = { family = "avr"; }; };
|
||||
isAlpha = { cpu = { family = "alpha"; }; };
|
||||
isOr1k = { cpu = { family = "or1k"; }; };
|
||||
isJavaScript = { cpu = cpuTypes.js; };
|
||||
|
||||
is32bit = { cpu = { bits = 32; }; };
|
||||
|
@ -93,6 +93,8 @@ rec {
|
||||
mips64 = { bits = 64; significantByte = bigEndian; family = "mips"; };
|
||||
mips64el = { bits = 64; significantByte = littleEndian; family = "mips"; };
|
||||
|
||||
mmix = { bits = 64; significantByte = bigEndian; family = "mmix"; };
|
||||
|
||||
powerpc = { bits = 32; significantByte = bigEndian; family = "power"; };
|
||||
powerpc64 = { bits = 64; significantByte = bigEndian; family = "power"; };
|
||||
powerpc64le = { bits = 64; significantByte = littleEndian; family = "power"; };
|
||||
@ -114,6 +116,8 @@ rec {
|
||||
|
||||
vc4 = { bits = 32; significantByte = littleEndian; family = "vc4"; };
|
||||
|
||||
or1k = { bits = 32; significantByte = bigEndian; family = "or1k"; };
|
||||
|
||||
js = { bits = 32; significantByte = littleEndian; family = "js"; };
|
||||
};
|
||||
|
||||
@ -268,19 +272,20 @@ rec {
|
||||
kernels = with execFormats; with kernelFamilies; setTypes types.openKernel {
|
||||
# TODO(@Ericson2314): Don't want to mass-rebuild yet to keeping 'darwin' as
|
||||
# the nnormalized name for macOS.
|
||||
macos = { execFormat = macho; families = { inherit darwin; }; name = "darwin"; };
|
||||
ios = { execFormat = macho; families = { inherit darwin; }; };
|
||||
freebsd = { execFormat = elf; families = { inherit bsd; }; };
|
||||
linux = { execFormat = elf; families = { }; };
|
||||
netbsd = { execFormat = elf; families = { inherit bsd; }; };
|
||||
none = { execFormat = unknown; families = { }; };
|
||||
openbsd = { execFormat = elf; families = { inherit bsd; }; };
|
||||
solaris = { execFormat = elf; families = { }; };
|
||||
wasi = { execFormat = wasm; families = { }; };
|
||||
redox = { execFormat = elf; families = { }; };
|
||||
windows = { execFormat = pe; families = { }; };
|
||||
ghcjs = { execFormat = unknown; families = { }; };
|
||||
genode = { execFormat = elf; families = { }; };
|
||||
macos = { execFormat = macho; families = { inherit darwin; }; name = "darwin"; };
|
||||
ios = { execFormat = macho; families = { inherit darwin; }; };
|
||||
freebsd = { execFormat = elf; families = { inherit bsd; }; };
|
||||
linux = { execFormat = elf; families = { }; };
|
||||
netbsd = { execFormat = elf; families = { inherit bsd; }; };
|
||||
none = { execFormat = unknown; families = { }; };
|
||||
openbsd = { execFormat = elf; families = { inherit bsd; }; };
|
||||
solaris = { execFormat = elf; families = { }; };
|
||||
wasi = { execFormat = wasm; families = { }; };
|
||||
redox = { execFormat = elf; families = { }; };
|
||||
windows = { execFormat = pe; families = { }; };
|
||||
ghcjs = { execFormat = unknown; families = { }; };
|
||||
genode = { execFormat = elf; families = { }; };
|
||||
mmixware = { execFormat = unknown; families = { }; };
|
||||
} // { # aliases
|
||||
# 'darwin' is the kernel for all of them. We choose macOS by default.
|
||||
darwin = kernels.macos;
|
||||
@ -382,7 +387,7 @@ rec {
|
||||
else if (elemAt l 1) == "elf"
|
||||
then { cpu = elemAt l 0; vendor = "unknown"; kernel = "none"; abi = elemAt l 1; }
|
||||
else { cpu = elemAt l 0; kernel = elemAt l 1; };
|
||||
"3" = # Awkwards hacks, beware!
|
||||
"3" = # Awkward hacks, beware!
|
||||
if elemAt l 1 == "apple"
|
||||
then { cpu = elemAt l 0; vendor = "apple"; kernel = elemAt l 2; }
|
||||
else if (elemAt l 1 == "linux") || (elemAt l 2 == "gnu")
|
||||
@ -393,6 +398,8 @@ rec {
|
||||
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "wasi"; }
|
||||
else if (elemAt l 2 == "redox")
|
||||
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "redox"; }
|
||||
else if (elemAt l 2 == "mmixware")
|
||||
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "mmixware"; }
|
||||
else if hasPrefix "netbsd" (elemAt l 2)
|
||||
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; }
|
||||
else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"])
|
||||
|
@ -87,6 +87,26 @@ runTests {
|
||||
expected = true;
|
||||
};
|
||||
|
||||
testComposeManyExtensions0 = {
|
||||
expr = let obj = makeExtensible (self: { foo = true; });
|
||||
emptyComposition = composeManyExtensions [];
|
||||
composed = obj.extend emptyComposition;
|
||||
in composed.foo;
|
||||
expected = true;
|
||||
};
|
||||
|
||||
testComposeManyExtensions =
|
||||
let f = self: super: { bar = false; baz = true; };
|
||||
g = self: super: { bar = super.baz or false; };
|
||||
h = self: super: { qux = super.bar or false; };
|
||||
obj = makeExtensible (self: { foo = self.qux; });
|
||||
in {
|
||||
expr = let composition = composeManyExtensions [f g h];
|
||||
composed = obj.extend composition;
|
||||
in composed.foo;
|
||||
expected = (obj.extend (composeExtensions f (composeExtensions g h))).foo;
|
||||
};
|
||||
|
||||
testBitAnd = {
|
||||
expr = (bitAnd 3 10);
|
||||
expected = 2;
|
||||
|
@ -11,12 +11,14 @@ let
|
||||
expr = lib.sort lib.lessThan x;
|
||||
expected = lib.sort lib.lessThan y;
|
||||
};
|
||||
in with lib.systems.doubles; lib.runTests {
|
||||
testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ js ++ genode ++ redox);
|
||||
in
|
||||
with lib.systems.doubles; lib.runTests {
|
||||
testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ mmix ++ js ++ genode ++ redox);
|
||||
|
||||
testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv6l-none" "armv7a-linux" "armv7l-linux" "arm-none" "armv7a-darwin" ];
|
||||
testi686 = mseteq i686 [ "i686-linux" "i686-freebsd" "i686-genode" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-windows" "i686-none" "i686-darwin" ];
|
||||
testmips = mseteq mips [ "mipsel-linux" ];
|
||||
testmmix = mseteq mmix [ "mmix-mmixware" ];
|
||||
testx86_64 = mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-genode" "x86_64-redox" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" "x86_64-windows" "x86_64-none" ];
|
||||
|
||||
testcygwin = mseteq cygwin [ "i686-cygwin" "x86_64-cygwin" ];
|
||||
|
@ -514,6 +514,12 @@
|
||||
githubId = 69135;
|
||||
name = "Andrea Bedini";
|
||||
};
|
||||
andreasfelix = {
|
||||
email = "fandreas@physik.hu-berlin.de";
|
||||
github = "andreasfelix";
|
||||
githubId = 24651767;
|
||||
name = "Felix Andreas";
|
||||
};
|
||||
andres = {
|
||||
email = "ksnixos@andres-loeh.de";
|
||||
github = "kosmikus";
|
||||
@ -1266,6 +1272,12 @@
|
||||
githubId = 7214361;
|
||||
name = "Roman Gerasimenko";
|
||||
};
|
||||
bburdette = {
|
||||
email = "bburdette@protonmail.com";
|
||||
github = "bburdette";
|
||||
githubId = 157330;
|
||||
name = "Ben Burdette";
|
||||
};
|
||||
bzizou = {
|
||||
email = "Bruno@bzizou.net";
|
||||
github = "bzizou";
|
||||
@ -2011,6 +2023,16 @@
|
||||
githubId = 49904992;
|
||||
name = "Dawid Sowa";
|
||||
};
|
||||
dbirks = {
|
||||
email = "david@birks.dev";
|
||||
github = "dbirks";
|
||||
githubId = 7545665;
|
||||
name = "David Birks";
|
||||
keys = [{
|
||||
longkeyid = "ed25519/0xBB999F83D9A19A36";
|
||||
fingerprint = "B26F 9AD8 DA20 3392 EF87 C61A BB99 9F83 D9A1 9A36";
|
||||
}];
|
||||
};
|
||||
dbohdan = {
|
||||
email = "dbohdan@dbohdan.com";
|
||||
github = "dbohdan";
|
||||
@ -2827,6 +2849,12 @@
|
||||
fingerprint = "50B7 11F4 3DFD 2018 DCE6 E8D0 8A52 A140 BEBF 7D2C";
|
||||
}];
|
||||
};
|
||||
fabianhjr = {
|
||||
email = "fabianhjr@protonmail.com";
|
||||
github = "fabianhjr";
|
||||
githubId = 303897;
|
||||
name = "Fabián Heredia Montiel";
|
||||
};
|
||||
fadenb = {
|
||||
email = "tristan.helmich+nixos@gmail.com";
|
||||
github = "fadenb";
|
||||
@ -3487,6 +3515,12 @@
|
||||
email = "t@larkery.com";
|
||||
name = "Tom Hinton";
|
||||
};
|
||||
hjones2199 = {
|
||||
email = "hjones2199@gmail.com";
|
||||
github = "hjones2199";
|
||||
githubId = 5525217;
|
||||
name = "Hunter Jones";
|
||||
};
|
||||
hkjn = {
|
||||
email = "me@hkjn.me";
|
||||
name = "Henrik Jonsson";
|
||||
@ -3859,6 +3893,8 @@
|
||||
};
|
||||
jcumming = {
|
||||
email = "jack@mudshark.org";
|
||||
github = "jcumming";
|
||||
githubId = 1982341;
|
||||
name = "Jack Cummings";
|
||||
};
|
||||
jD91mZM2 = {
|
||||
@ -4284,6 +4320,12 @@
|
||||
githubId = 16374374;
|
||||
name = "Joshua Campbell";
|
||||
};
|
||||
jshholland = {
|
||||
email = "josh@inv.alid.pw";
|
||||
github = "jshholland";
|
||||
githubId = 107689;
|
||||
name = "Josh Holland";
|
||||
};
|
||||
jtcoolen = {
|
||||
email = "jtcoolen@pm.me";
|
||||
name = "Julien Coolen";
|
||||
@ -5280,6 +5322,12 @@
|
||||
githubId = 1238350;
|
||||
name = "Matthias Herrmann";
|
||||
};
|
||||
majesticmullet = {
|
||||
email = "hoccthomas@gmail.com.au";
|
||||
github = "MajesticMullet";
|
||||
githubId = 31056089;
|
||||
name = "Tom Ho";
|
||||
};
|
||||
makefu = {
|
||||
email = "makefu@syntax-fehler.de";
|
||||
github = "makefu";
|
||||
@ -5532,6 +5580,12 @@
|
||||
fingerprint = "D709 03C8 0BE9 ACDC 14F0 3BFB 77BF E531 397E DE94";
|
||||
}];
|
||||
};
|
||||
meatcar = {
|
||||
email = "nixpkgs@denys.me";
|
||||
github = "meatcar";
|
||||
githubId = 191622;
|
||||
name = "Denys Pavlov";
|
||||
};
|
||||
meditans = {
|
||||
email = "meditans@gmail.com";
|
||||
github = "meditans";
|
||||
@ -7083,6 +7137,12 @@
|
||||
fingerprint = "7573 56D7 79BB B888 773E 415E 736C CDF9 EF51 BD97";
|
||||
}];
|
||||
};
|
||||
r-burns = {
|
||||
email = "rtburns@protonmail.com";
|
||||
github = "r-burns";
|
||||
githubId = 52847440;
|
||||
name = "Ryan Burns";
|
||||
};
|
||||
raboof = {
|
||||
email = "arnout@bzzt.net";
|
||||
github = "raboof";
|
||||
@ -9922,4 +9982,10 @@
|
||||
githubId = 19290397;
|
||||
name = "Tunc Uzlu";
|
||||
};
|
||||
pulsation = {
|
||||
name = "Philippe Sam-Long";
|
||||
email = "1838397+pulsation@users.noreply.github.com";
|
||||
github = "pulsation";
|
||||
githubId = 1838397;
|
||||
};
|
||||
}
|
||||
|
@ -18,6 +18,7 @@
|
||||
<xi:include href="user-mgmt.xml" />
|
||||
<xi:include href="file-systems.xml" />
|
||||
<xi:include href="x-windows.xml" />
|
||||
<xi:include href="wayland.xml" />
|
||||
<xi:include href="gpu-accel.xml" />
|
||||
<xi:include href="xfce.xml" />
|
||||
<xi:include href="networking.xml" />
|
||||
|
@ -65,16 +65,16 @@ Platform Vendor Advanced Micro Devices, Inc.</screen>
|
||||
<title>AMD</title>
|
||||
|
||||
<para>
|
||||
Modern AMD <link
|
||||
xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics
|
||||
Core Next</link> (GCN) GPUs are supported through the
|
||||
<package>rocm-opencl-icd</package> package. Adding this package to
|
||||
<xref linkend="opt-hardware.opengl.extraPackages"/> enables OpenCL
|
||||
support:
|
||||
Modern AMD <link
|
||||
xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics
|
||||
Core Next</link> (GCN) GPUs are supported through the
|
||||
<package>rocm-opencl-icd</package> package. Adding this package to
|
||||
<xref linkend="opt-hardware.opengl.extraPackages"/> enables OpenCL
|
||||
support:
|
||||
|
||||
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
|
||||
rocm-opencl-icd
|
||||
];</programlisting>
|
||||
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
|
||||
rocm-opencl-icd
|
||||
];</programlisting>
|
||||
</para>
|
||||
</section>
|
||||
|
||||
@ -100,9 +100,9 @@ Platform Vendor Advanced Micro Devices, Inc.</screen>
|
||||
support. For example, for Gen8 and later GPUs, the following
|
||||
configuration can be used:
|
||||
|
||||
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
|
||||
intel-compute-runtime
|
||||
];</programlisting>
|
||||
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
|
||||
intel-compute-runtime
|
||||
];</programlisting>
|
||||
|
||||
</para>
|
||||
</section>
|
||||
@ -173,31 +173,31 @@ GPU1:
|
||||
<title>AMD</title>
|
||||
|
||||
<para>
|
||||
Modern AMD <link
|
||||
xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics
|
||||
Core Next</link> (GCN) GPUs are supported through either radv, which is
|
||||
part of <package>mesa</package>, or the <package>amdvlk</package> package.
|
||||
Adding the <package>amdvlk</package> package to
|
||||
<xref linkend="opt-hardware.opengl.extraPackages"/> makes both drivers
|
||||
available for applications and lets them choose. A specific driver can
|
||||
be forced as follows:
|
||||
Modern AMD <link
|
||||
xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics
|
||||
Core Next</link> (GCN) GPUs are supported through either radv, which is
|
||||
part of <package>mesa</package>, or the <package>amdvlk</package> package.
|
||||
Adding the <package>amdvlk</package> package to
|
||||
<xref linkend="opt-hardware.opengl.extraPackages"/> makes both drivers
|
||||
available for applications and lets them choose. A specific driver can
|
||||
be forced as follows:
|
||||
|
||||
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
|
||||
pkgs.<package>amdvlk</package>
|
||||
];
|
||||
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
|
||||
pkgs.<package>amdvlk</package>
|
||||
];
|
||||
|
||||
# To enable Vulkan support for 32-bit applications, also add:
|
||||
<xref linkend="opt-hardware.opengl.extraPackages32"/> = [
|
||||
pkgs.driversi686Linux.<package>amdvlk</package>
|
||||
];
|
||||
# To enable Vulkan support for 32-bit applications, also add:
|
||||
<xref linkend="opt-hardware.opengl.extraPackages32"/> = [
|
||||
pkgs.driversi686Linux.<package>amdvlk</package>
|
||||
];
|
||||
|
||||
# For amdvlk
|
||||
<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES =
|
||||
"/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
|
||||
# For radv
|
||||
<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES =
|
||||
"/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
|
||||
</programlisting>
|
||||
# For amdvlk
|
||||
<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES =
|
||||
"/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
|
||||
# For radv
|
||||
<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES =
|
||||
"/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
|
||||
</programlisting>
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
|
23
nixos/doc/manual/configuration/wayland.xml
Normal file
23
nixos/doc/manual/configuration/wayland.xml
Normal file
@ -0,0 +1,23 @@
|
||||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-wayland">
|
||||
<title>Wayland</title>
|
||||
|
||||
<para>
|
||||
While X11 (see <xref linkend="sec-x11"/>) is still the primary display
|
||||
technology on NixOS, Wayland support is steadily improving.
|
||||
Where X11 separates the X Server and the window manager, on Wayland those
|
||||
are combined: a Wayland Compositor is like an X11 window manager, but also
|
||||
embeds the Wayland 'Server' functionality. This means it is sufficient to
|
||||
install a Wayland Compositor such as <package>sway</package> without
|
||||
separately enabling a Wayland server:
|
||||
<programlisting>
|
||||
<xref linkend="opt-programs.sway.enable"/> = true;
|
||||
</programlisting>
|
||||
This installs the <package>sway</package> compositor along with some
|
||||
essential utilities. Now you can start <package>sway</package> from the TTY
|
||||
console.
|
||||
</para>
|
||||
</chapter>
|
@ -12,7 +12,7 @@ xlink:href="https://github.com/NixOS/nixpkgs">Nixpkgs</link> repository.
|
||||
You can quickly check your edits with the following:
|
||||
</para>
|
||||
<screen>
|
||||
<prompt>$ </prompt>cd /path/to/nixpkgs/nixos/doc/manual
|
||||
<prompt>$ </prompt>cd /path/to/nixpkgs
|
||||
<prompt>$ </prompt>nix-build nixos/release.nix -A manual.x86_64-linux
|
||||
</screen>
|
||||
<para>
|
||||
|
@ -161,6 +161,13 @@ nixpkgs https://nixos.org/channels/nixpkgs-unstable</screen>
|
||||
existing systems without the help of a rescue USB drive or similar.
|
||||
</para>
|
||||
</warning>
|
||||
<note>
|
||||
<para>
|
||||
On some distributions there are separate PATHS for programs intended only for root.
|
||||
In order for the installation to succeed, you might have to use <literal>PATH="$PATH:/usr/sbin:/sbin"</literal>
|
||||
in the following command.
|
||||
</para>
|
||||
</note>
|
||||
<screen><prompt>$ </prompt>sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt</screen>
|
||||
<para>
|
||||
Again, please refer to the <literal>nixos-install</literal> step in
|
||||
|
@ -234,7 +234,17 @@
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Starting with this release, the hydra-build-result
|
||||
<literal>nixos-<replaceable>YY.MM</replaceable></literal>
|
||||
branches no longer exist in the <link
|
||||
xlink:href="https://github.com/nixos/nixpkgs-channels">deprecated
|
||||
nixpkgs-channels repository</link>. These branches are now in
|
||||
<link xlink:href="https://github.com/nixos/nixpkgs">the main nixpkgs
|
||||
repository</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
@ -879,12 +889,23 @@ php.override {
|
||||
<listitem>
|
||||
<para>
|
||||
Nginx web server now starting with additional sandbox/hardening options. By default, write access
|
||||
to <literal>services.nginx.stateDir</literal> is allowed. To allow writing to other folders,
|
||||
to <literal>/var/log/nginx</literal> and <literal>/var/cache/nginx</literal> is allowed. To allow writing to other folders,
|
||||
use <literal>systemd.services.nginx.serviceConfig.ReadWritePaths</literal>
|
||||
<programlisting>
|
||||
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
Nginx is also started with the systemd option <literal>ProtectHome = mkDefault true;</literal>
|
||||
which forbids it to read anything from <literal>/home</literal>, <literal>/root</literal>
|
||||
and <literal>/run/user</literal> (see
|
||||
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome=">ProtectHome docs</link>
|
||||
for details).
|
||||
If you require serving files from home directories, you may choose to set e.g.
|
||||
<programlisting>
|
||||
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
|
||||
</programlisting>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
@ -1582,30 +1603,30 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0";
|
||||
<para>
|
||||
Agda has been heavily reworked.
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>agda.mkDerivation</literal> has been heavily changed and
|
||||
is now located at <package>agdaPackages.mkDerivation</package>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
New top-level packages <package>agda</package> and
|
||||
<literal>agda.withPackages</literal> have been added, the second
|
||||
of which sets up agda with access to chosen libraries.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
All agda libraries now live under
|
||||
<literal>agdaPackages</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Many broken libraries have been removed.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>agda.mkDerivation</literal> has been heavily changed and
|
||||
is now located at <package>agdaPackages.mkDerivation</package>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
New top-level packages <package>agda</package> and
|
||||
<literal>agda.withPackages</literal> have been added, the second
|
||||
of which sets up agda with access to chosen libraries.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
All agda libraries now live under
|
||||
<literal>agdaPackages</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Many broken libraries have been removed.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
See the <link
|
||||
xlink:href="https://nixos.org/nixpkgs/manual/#agda">new
|
||||
|
@ -23,6 +23,9 @@
|
||||
Support is planned until the end of October 2021, handing over to 21.09.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>GNOME desktop environment was upgraded to 3.38, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">release notes</link>.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
@ -86,6 +89,18 @@
|
||||
user D-Bus session available also for non-graphical logins.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>rubyMinimal</literal> was removed due to being unused and
|
||||
unusable. The default ruby interpreter includes JIT support, which makes
|
||||
it reference it's compiler. Since JIT support is probably needed by some
|
||||
Gems, it was decided to enable this feature with all cc references by
|
||||
default, and allow to build a Ruby derivation without references to cc,
|
||||
by setting <literal>jitSupport = false;</literal> in an overlay. See
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/90151">#90151</link>
|
||||
for more info.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The option <option>fonts.enableFontDir</option> has been renamed to
|
||||
@ -136,6 +151,27 @@
|
||||
<package>stanchion</package> package removed along with <varname>services.stanchion</varname> module.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<package>mutt</package> has been updated to a new major version (2.x), which comes with
|
||||
some backward incompatible changes that are described in the
|
||||
<link xlink:href="http://www.mutt.org/relnotes/2.0/">release notes for Mutt 2.0</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>vim</literal> switched to Python 3, dropping all Python 2 support.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link linkend="opt-boot.zfs.forceImportAll">boot.zfs.forceImportAll</link>
|
||||
previously did nothing, but has been fixed. However its default has been
|
||||
changed to <literal>false</literal> to preserve the existing default
|
||||
behaviour. If you have this explicitly set to <literal>true</literal>,
|
||||
please note that your non-root pools will now be forcibly imported.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
@ -159,6 +195,11 @@
|
||||
to <package>nextcloud20</package>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The setting <xref linkend="opt-services.redis.bind" /> defaults to <literal>127.0.0.1</literal> now, making Redis listen on the loopback interface only, and not all public network interfaces.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
NixOS now emits a deprecation warning if systemd's <literal>StartLimitInterval</literal> setting is used in a <literal>serviceConfig</literal> section instead of in a <literal>unitConfig</literal>; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See <link xlink:href="https://github.com/NixOS/nixpkgs/issues/45785">#45785</link> for details.
|
||||
@ -167,6 +208,62 @@
|
||||
All services should use <xref linkend="opt-systemd.services._name_.startLimitIntervalSec" /> or <literal>StartLimitIntervalSec</literal> in <xref linkend="opt-systemd.services._name_.unitConfig" /> instead.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The Unbound DNS resolver service (<literal>services.unbound</literal>) has been refactored to allow reloading, control sockets and to fix startup ordering issues.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It is now possible to enable a local UNIX control socket for unbound by setting the <xref linkend="opt-services.unbound.localControlSocketPath" />
|
||||
option.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Previously we just applied a very minimal set of restrictions and
|
||||
trusted unbound to properly drop root privs and capabilities.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
As of this we are (for the most part) just using the upstream
|
||||
example unit file for unbound. The main difference is that we start
|
||||
unbound as <literal>unbound</literal> user with the required capabilities instead of
|
||||
letting unbound do the chroot & uid/gid changes.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The upstream unit configuration this is based on is a lot stricter with
|
||||
all kinds of permissions then our previous variant. It also came with
|
||||
the default of having the <literal>Type</literal> set to <literal>notify</literal>, therefore we are now also
|
||||
using the <literal>unbound-with-systemd</literal> package here. Unbound will start up,
|
||||
read the configuration files and start listening on the configured ports
|
||||
before systemd will declare the unit <literal>active (running)</literal>.
|
||||
This will likely help with startup order and the occasional race condition during system
|
||||
activation where the DNS service is started but not yet ready to answer
|
||||
queries. Services depending on <literal>nss-lookup.target</literal> or <literal>unbound.service</literal>
|
||||
are now be able to use unbound when those targets have been reached.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Aditionally to the much stricter runtime environmet the
|
||||
<literal>/dev/urandom</literal> mount lines we previously had in the code (that would
|
||||
randomly failed during the stop-phase) have been removed as systemd will take care of those for us.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The <literal>preStart</literal> script is now only required if we enabled the trust
|
||||
anchor updates (which are still enabled by default).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Another benefit of the refactoring is that we can now issue reloads via
|
||||
either <literal>pkill -HUP unbound</literal> and <literal>systemctl reload unbound</literal> to reload the
|
||||
running configuration without taking the daemon offline. A prerequisite
|
||||
of this was that unbound configuration is available on a well known path
|
||||
on the file system. We are using the path <literal>/etc/unbound/unbound.conf</literal> as that is the
|
||||
default in the CLI tooling which in turn enables us to use
|
||||
<literal>unbound-control</literal> without passing a custom configuration location.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
@ -15,8 +15,8 @@ require "rexml/document"
|
||||
include REXML
|
||||
|
||||
if ARGV.length < 1 then
|
||||
$stderr.puts "Needs a filename."
|
||||
exit 1
|
||||
$stderr.puts "Needs a filename."
|
||||
exit 1
|
||||
end
|
||||
|
||||
filename = ARGV.shift
|
||||
@ -51,17 +51,17 @@ $touched = false
|
||||
# Generates: --optionnamevalue
|
||||
# ^^ ^^
|
||||
doc.elements.each("//varlistentry/term") do |term|
|
||||
["varname", "function", "option", "replaceable"].each do |prev_name|
|
||||
term.elements.each(prev_name) do |el|
|
||||
if el.next_element and
|
||||
el.next_element.name == "replaceable" and
|
||||
el.next_sibling_node.class == Element
|
||||
then
|
||||
$touched = true
|
||||
term.insert_after(el, Text.new(" "))
|
||||
end
|
||||
end
|
||||
end
|
||||
["varname", "function", "option", "replaceable"].each do |prev_name|
|
||||
term.elements.each(prev_name) do |el|
|
||||
if el.next_element and
|
||||
el.next_element.name == "replaceable" and
|
||||
el.next_sibling_node.class == Element
|
||||
then
|
||||
$touched = true
|
||||
term.insert_after(el, Text.new(" "))
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@ -75,17 +75,17 @@ end
|
||||
# Generates: -Ipath
|
||||
# ^^
|
||||
doc.elements.each("//cmdsynopsis/arg") do |term|
|
||||
["option", "replaceable"].each do |prev_name|
|
||||
term.elements.each(prev_name) do |el|
|
||||
if el.next_element and
|
||||
el.next_element.name == "replaceable" and
|
||||
el.next_sibling_node.class == Element
|
||||
then
|
||||
$touched = true
|
||||
term.insert_after(el, Text.new(" "))
|
||||
end
|
||||
end
|
||||
end
|
||||
["option", "replaceable"].each do |prev_name|
|
||||
term.elements.each(prev_name) do |el|
|
||||
if el.next_element and
|
||||
el.next_element.name == "replaceable" and
|
||||
el.next_sibling_node.class == Element
|
||||
then
|
||||
$touched = true
|
||||
term.insert_after(el, Text.new(" "))
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# <cmdsynopsis>
|
||||
@ -104,21 +104,21 @@ end
|
||||
# Generates: [{--profile-name | -p }name]
|
||||
# ^^^^
|
||||
doc.elements.each("//cmdsynopsis/arg") do |term|
|
||||
["group"].each do |prev_name|
|
||||
term.elements.each(prev_name) do |el|
|
||||
if el.next_element and
|
||||
el.next_element.name == "replaceable" and
|
||||
el.next_sibling_node.class == Element
|
||||
then
|
||||
$touched = true
|
||||
term.insert_after(el, Text.new(" "))
|
||||
end
|
||||
end
|
||||
end
|
||||
["group"].each do |prev_name|
|
||||
term.elements.each(prev_name) do |el|
|
||||
if el.next_element and
|
||||
el.next_element.name == "replaceable" and
|
||||
el.next_sibling_node.class == Element
|
||||
then
|
||||
$touched = true
|
||||
term.insert_after(el, Text.new(" "))
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
if $touched then
|
||||
doc.context[:attribute_quote] = :quote
|
||||
doc.write(output: File.open(filename, "w"))
|
||||
doc.context[:attribute_quote] = :quote
|
||||
doc.write(output: File.open(filename, "w"))
|
||||
end
|
||||
|
@ -36,6 +36,8 @@ let
|
||||
${addModuleIf cfg.zeroconf.discovery.enable "module-zeroconf-discover"}
|
||||
${addModuleIf cfg.tcp.enable (concatStringsSep " "
|
||||
([ "module-native-protocol-tcp" ] ++ allAnon ++ ipAnon))}
|
||||
${addModuleIf config.services.jack.jackd.enable "module-jack-sink"}
|
||||
${addModuleIf config.services.jack.jackd.enable "module-jack-source"}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
};
|
||||
@ -144,7 +146,9 @@ in {
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.pulseaudio;
|
||||
default = if config.services.jack.jackd.enable
|
||||
then pkgs.pulseaudioFull
|
||||
else pkgs.pulseaudio;
|
||||
defaultText = "pkgs.pulseaudio";
|
||||
example = literalExample "pkgs.pulseaudioFull";
|
||||
description = ''
|
||||
@ -259,7 +263,7 @@ in {
|
||||
(drv: drv.override { pulseaudio = overriddenPackage; })
|
||||
cfg.extraModules;
|
||||
modulePaths = builtins.map
|
||||
(drv: "${drv}/lib/pulse-${overriddenPackage.version}/modules")
|
||||
(drv: "${drv}/${overriddenPackage.pulseDir}/modules")
|
||||
# User-provided extra modules take precedence
|
||||
(overriddenModules ++ [ overriddenPackage ]);
|
||||
in lib.concatStringsSep ":" modulePaths;
|
||||
@ -284,6 +288,8 @@ in {
|
||||
RestartSec = "500ms";
|
||||
PassEnvironment = "DISPLAY";
|
||||
};
|
||||
} // optionalAttrs config.services.jack.jackd.enable {
|
||||
environment.JACK_PROMISCUOUS_SERVER = "jackaudio";
|
||||
};
|
||||
sockets.pulseaudio = {
|
||||
wantedBy = [ "sockets.target" ];
|
||||
|
@ -19,6 +19,7 @@ in
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [ acpilight ];
|
||||
services.udev.packages = with pkgs; [ acpilight ];
|
||||
};
|
||||
}
|
||||
|
@ -40,9 +40,9 @@ let
|
||||
in scrubbedEval.options;
|
||||
};
|
||||
|
||||
helpScript = pkgs.writeScriptBin "nixos-help"
|
||||
''
|
||||
#! ${pkgs.runtimeShell} -e
|
||||
|
||||
nixos-help = let
|
||||
helpScript = pkgs.writeShellScriptBin "nixos-help" ''
|
||||
# Finds first executable browser in a colon-separated list.
|
||||
# (see how xdg-open defines BROWSER)
|
||||
browser="$(
|
||||
@ -59,14 +59,22 @@ let
|
||||
exec "$browser" ${manual.manualHTMLIndex}
|
||||
'';
|
||||
|
||||
desktopItem = pkgs.makeDesktopItem {
|
||||
name = "nixos-manual";
|
||||
desktopName = "NixOS Manual";
|
||||
genericName = "View NixOS documentation in a web browser";
|
||||
icon = "nix-snowflake";
|
||||
exec = "${helpScript}/bin/nixos-help";
|
||||
categories = "System";
|
||||
};
|
||||
desktopItem = pkgs.makeDesktopItem {
|
||||
name = "nixos-manual";
|
||||
desktopName = "NixOS Manual";
|
||||
genericName = "View NixOS documentation in a web browser";
|
||||
icon = "nix-snowflake";
|
||||
exec = "nixos-help";
|
||||
categories = "System";
|
||||
};
|
||||
|
||||
in pkgs.symlinkJoin {
|
||||
name = "nixos-help";
|
||||
paths = [
|
||||
helpScript
|
||||
desktopItem
|
||||
];
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
@ -250,8 +258,8 @@ in
|
||||
|
||||
environment.systemPackages = []
|
||||
++ optional cfg.man.enable manual.manpages
|
||||
++ optionals cfg.doc.enable ([ manual.manualHTML helpScript ]
|
||||
++ optionals config.services.xserver.enable [ desktopItem pkgs.nixos-icons ]);
|
||||
++ optionals cfg.doc.enable ([ manual.manualHTML nixos-help ]
|
||||
++ optionals config.services.xserver.enable [ pkgs.nixos-icons ]);
|
||||
|
||||
services.mingetty.helpLine = mkIf cfg.doc.enable (
|
||||
"\nRun 'nixos-help' for the NixOS manual."
|
||||
|
@ -542,6 +542,7 @@
|
||||
./services/monitoring/kapacitor.nix
|
||||
./services/monitoring/loki.nix
|
||||
./services/monitoring/longview.nix
|
||||
./services/monitoring/mackerel-agent.nix
|
||||
./services/monitoring/monit.nix
|
||||
./services/monitoring/munin.nix
|
||||
./services/monitoring/nagios.nix
|
||||
@ -680,6 +681,7 @@
|
||||
./services/networking/murmur.nix
|
||||
./services/networking/mxisd.nix
|
||||
./services/networking/namecoind.nix
|
||||
./services/networking/nar-serve.nix
|
||||
./services/networking/nat.nix
|
||||
./services/networking/ndppd.nix
|
||||
./services/networking/networkmanager.nix
|
||||
|
@ -142,6 +142,13 @@ in
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.useSTARTTLS -> cfg.useTLS;
|
||||
message = "services.ssmtp.useSTARTTLS has no effect without services.ssmtp.useTLS";
|
||||
}
|
||||
];
|
||||
|
||||
services.ssmtp.settings = mkMerge [
|
||||
({
|
||||
MailHub = cfg.hostName;
|
||||
|
@ -246,6 +246,9 @@ in {
|
||||
description = "JACK Audio Connection Kit";
|
||||
serviceConfig = {
|
||||
User = "jackaudio";
|
||||
SupplementaryGroups = lib.optional
|
||||
(config.hardware.pulseaudio.enable
|
||||
&& !config.hardware.pulseaudio.systemWide) "users";
|
||||
ExecStart = "${cfg.jackd.package}/bin/jackd ${lib.escapeShellArgs cfg.jackd.extraOptions}";
|
||||
LimitRTPRIO = 99;
|
||||
LimitMEMLOCK = "infinity";
|
||||
|
@ -87,9 +87,12 @@ in
|
||||
|
||||
bind = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null; # All interfaces
|
||||
description = "The IP interface to bind to.";
|
||||
example = "127.0.0.1";
|
||||
default = "127.0.0.1";
|
||||
description = ''
|
||||
The IP interface to bind to.
|
||||
<literal>null</literal> means "all interfaces".
|
||||
'';
|
||||
example = "192.0.2.1";
|
||||
};
|
||||
|
||||
unixSocket = mkOption {
|
||||
|
@ -38,6 +38,11 @@ with lib;
|
||||
|
||||
services.dbus.packages = [ pkgs.telepathy-mission-control ];
|
||||
|
||||
# Enable runtime optional telepathy in gnome-shell
|
||||
services.xserver.desktopManager.gnome3.sessionPath = with pkgs; [
|
||||
telepathy-glib
|
||||
telepathy-logger
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -15,6 +15,8 @@ in {
|
||||
hardware.bluetooth = {
|
||||
enable = mkEnableOption "support for Bluetooth";
|
||||
|
||||
hsphfpd.enable = mkEnableOption "support for hsphfpd[-prototype] implementation";
|
||||
|
||||
powerOnBoot = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
@ -72,7 +74,8 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ bluez-bluetooth ];
|
||||
environment.systemPackages = [ bluez-bluetooth ]
|
||||
++ optionals cfg.hsphfpd.enable [ pkgs.hsphfpd ];
|
||||
|
||||
environment.etc."bluetooth/main.conf"= {
|
||||
source = pkgs.writeText "main.conf"
|
||||
@ -80,7 +83,8 @@ in {
|
||||
};
|
||||
|
||||
services.udev.packages = [ bluez-bluetooth ];
|
||||
services.dbus.packages = [ bluez-bluetooth ];
|
||||
services.dbus.packages = [ bluez-bluetooth ]
|
||||
++ optionals cfg.hsphfpd.enable [ pkgs.hsphfpd ];
|
||||
systemd.packages = [ bluez-bluetooth ];
|
||||
|
||||
systemd.services = {
|
||||
@ -90,11 +94,31 @@ in {
|
||||
# restarting can leave people without a mouse/keyboard
|
||||
unitConfig.X-RestartIfChanged = false;
|
||||
};
|
||||
};
|
||||
}
|
||||
// (optionalAttrs cfg.hsphfpd.enable {
|
||||
hsphfpd = {
|
||||
after = [ "bluetooth.service" ];
|
||||
requires = [ "bluetooth.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
description = "A prototype implementation used for connecting HSP/HFP Bluetooth devices";
|
||||
serviceConfig.ExecStart = "${pkgs.hsphfpd}/bin/hsphfpd.pl";
|
||||
};
|
||||
})
|
||||
;
|
||||
|
||||
systemd.user.services = {
|
||||
obex.aliases = [ "dbus-org.bluez.obex.service" ];
|
||||
};
|
||||
}
|
||||
// (optionalAttrs cfg.hsphfpd.enable {
|
||||
telephony_client = {
|
||||
wantedBy = [ "default.target"];
|
||||
|
||||
description = "telephony_client for hsphfpd";
|
||||
serviceConfig.ExecStart = "${pkgs.hsphfpd}/bin/telephony_client.pl";
|
||||
};
|
||||
})
|
||||
;
|
||||
|
||||
};
|
||||
|
||||
|
@ -11,8 +11,8 @@ let
|
||||
"fwupd/daemon.conf" = {
|
||||
source = pkgs.writeText "daemon.conf" ''
|
||||
[fwupd]
|
||||
BlacklistDevices=${lib.concatStringsSep ";" cfg.blacklistDevices}
|
||||
BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins}
|
||||
DisabledDevices=${lib.concatStringsSep ";" cfg.disabledDevices}
|
||||
DisabledPlugins=${lib.concatStringsSep ";" cfg.disabledPlugins}
|
||||
'';
|
||||
};
|
||||
"fwupd/uefi.conf" = {
|
||||
@ -59,21 +59,21 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
blacklistDevices = mkOption {
|
||||
disabledDevices = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [ "2082b5e0-7a64-478a-b1b2-e3404fab6dad" ];
|
||||
description = ''
|
||||
Allow blacklisting specific devices by their GUID
|
||||
Allow disabling specific devices by their GUID
|
||||
'';
|
||||
};
|
||||
|
||||
blacklistPlugins = mkOption {
|
||||
disabledPlugins = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [ "udev" ];
|
||||
description = ''
|
||||
Allow blacklisting specific plugins
|
||||
Allow disabling specific plugins
|
||||
'';
|
||||
};
|
||||
|
||||
@ -105,11 +105,15 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "services" "fwupd" "blacklistDevices"] [ "services" "fwupd" "disabledDevices" ])
|
||||
(mkRenamedOptionModule [ "services" "fwupd" "blacklistPlugins"] [ "services" "fwupd" "disabledPlugins" ])
|
||||
];
|
||||
|
||||
###### implementation
|
||||
config = mkIf cfg.enable {
|
||||
# Disable test related plug-ins implicitly so that users do not have to care about them.
|
||||
services.fwupd.blacklistPlugins = cfg.package.defaultBlacklistedPlugins;
|
||||
services.fwupd.disabledPlugins = cfg.package.defaultDisabledPlugins;
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
|
@ -6,25 +6,14 @@ let
|
||||
echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out
|
||||
'';
|
||||
|
||||
allowSystemdJournal = cfg.configuration ? scrape_configs && lib.any (v: v ? journal) cfg.configuration.scrape_configs;
|
||||
in {
|
||||
options.services.promtail = with types; {
|
||||
enable = mkEnableOption "the Promtail ingresser";
|
||||
|
||||
|
||||
configuration = mkOption {
|
||||
type = with lib.types; let
|
||||
valueType = nullOr (oneOf [
|
||||
bool
|
||||
int
|
||||
float
|
||||
str
|
||||
(lazyAttrsOf valueType)
|
||||
(listOf valueType)
|
||||
]) // {
|
||||
description = "JSON value";
|
||||
emptyValue.value = {};
|
||||
deprecationMessage = null;
|
||||
};
|
||||
in valueType;
|
||||
type = (pkgs.formats.json {}).type;
|
||||
description = ''
|
||||
Specify the configuration for Promtail in Nix.
|
||||
'';
|
||||
@ -80,6 +69,8 @@ in {
|
||||
RestrictRealtime = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
PrivateUsers = true;
|
||||
|
||||
SupplementaryGroups = lib.optional (allowSystemdJournal) "systemd-journal";
|
||||
} // (optionalAttrs (!pkgs.stdenv.isAarch64) { # FIXME: figure out why this breaks on aarch64
|
||||
SystemCallFilter = "@system-service";
|
||||
});
|
||||
|
@ -204,6 +204,11 @@ in
|
||||
};
|
||||
systemd.services.phpfpm-roundcube.after = [ "roundcube-setup.service" ];
|
||||
|
||||
# Restart on config changes.
|
||||
systemd.services.phpfpm-roundcube.restartTriggers = [
|
||||
config.environment.etc."roundcube/config.inc.php".source
|
||||
];
|
||||
|
||||
systemd.services.roundcube-setup = mkMerge [
|
||||
(mkIf (cfg.database.host == "localhost") {
|
||||
requires = [ "postgresql.service" ];
|
||||
|
@ -6,6 +6,12 @@ let
|
||||
cfg = config.services.cfdyndns;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(mkRemovedOptionModule
|
||||
[ "services" "cfdyndns" "apikey" ]
|
||||
"Use services.cfdyndns.apikeyFile instead.")
|
||||
];
|
||||
|
||||
options = {
|
||||
services.cfdyndns = {
|
||||
enable = mkEnableOption "Cloudflare Dynamic DNS Client";
|
||||
@ -17,10 +23,12 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
apikey = mkOption {
|
||||
type = types.str;
|
||||
apikeyFile = mkOption {
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
description = ''
|
||||
The API Key to use to authenticate to CloudFlare.
|
||||
The path to a file containing the API Key
|
||||
used to authenticate with CloudFlare.
|
||||
'';
|
||||
};
|
||||
|
||||
@ -45,13 +53,17 @@ in
|
||||
Type = "simple";
|
||||
User = config.ids.uids.cfdyndns;
|
||||
Group = config.ids.gids.cfdyndns;
|
||||
ExecStart = "/bin/sh -c '${pkgs.cfdyndns}/bin/cfdyndns'";
|
||||
};
|
||||
environment = {
|
||||
CLOUDFLARE_EMAIL="${cfg.email}";
|
||||
CLOUDFLARE_APIKEY="${cfg.apikey}";
|
||||
CLOUDFLARE_RECORDS="${concatStringsSep "," cfg.records}";
|
||||
};
|
||||
script = ''
|
||||
${optionalString (cfg.apikeyFile != null) ''
|
||||
export CLOUDFLARE_APIKEY="$(cat ${escapeShellArg cfg.apikeyFile})"
|
||||
''}
|
||||
${pkgs.cfdyndns}/bin/cfdyndns
|
||||
'';
|
||||
};
|
||||
|
||||
users.users = {
|
||||
|
@ -68,7 +68,7 @@ in
|
||||
plugins = mkOption {
|
||||
default = plugins: [];
|
||||
defaultText = "plugins: []";
|
||||
example = literalExample "plugins: with plugins; [ m33-fio stlviewer ]";
|
||||
example = literalExample "plugins: with plugins; [ themeify stlviewer ]";
|
||||
description = "Additional plugins to be used. Available plugins are passed through the plugins input.";
|
||||
};
|
||||
|
||||
|
@ -39,7 +39,7 @@ in {
|
||||
};
|
||||
|
||||
configuration = mkOption {
|
||||
type = types.attrs;
|
||||
type = (pkgs.formats.json {}).type;
|
||||
default = {};
|
||||
description = ''
|
||||
Specify the configuration for Loki in Nix.
|
||||
@ -78,6 +78,8 @@ in {
|
||||
'';
|
||||
}];
|
||||
|
||||
environment.systemPackages = [ pkgs.grafana-loki ]; # logcli
|
||||
|
||||
users.groups.${cfg.group} = { };
|
||||
users.users.${cfg.user} = {
|
||||
description = "Loki Service User";
|
||||
|
111
nixos/modules/services/monitoring/mackerel-agent.nix
Normal file
111
nixos/modules/services/monitoring/mackerel-agent.nix
Normal file
@ -0,0 +1,111 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.mackerel-agent;
|
||||
settingsFmt = pkgs.formats.toml {};
|
||||
in {
|
||||
options.services.mackerel-agent = {
|
||||
enable = mkEnableOption "mackerel.io agent";
|
||||
|
||||
# the upstream package runs as root, but doesn't seem to be strictly
|
||||
# necessary for basic functionality
|
||||
runAsRoot = mkEnableOption "Whether to run as root.";
|
||||
|
||||
autoRetirement = mkEnableOption ''
|
||||
Whether to automatically retire the host upon OS shutdown.
|
||||
'';
|
||||
|
||||
apiKeyFile = mkOption {
|
||||
type = types.path;
|
||||
default = "";
|
||||
example = "/run/keys/mackerel-api-key";
|
||||
description = ''
|
||||
Path to file containing the Mackerel API key. The file should contain a
|
||||
single line of the following form:
|
||||
|
||||
<literallayout>apikey = "EXAMPLE_API_KEY"</literallayout>
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Options for mackerel-agent.conf.
|
||||
|
||||
Documentation:
|
||||
<link xlink:href="https://mackerel.io/docs/entry/spec/agent"/>
|
||||
'';
|
||||
|
||||
default = {};
|
||||
example = {
|
||||
verbose = false;
|
||||
silent = false;
|
||||
};
|
||||
|
||||
type = types.submodule {
|
||||
freeformType = settingsFmt.type;
|
||||
|
||||
options.host_status = {
|
||||
on_start = mkOption {
|
||||
type = types.enum [ "working" "standby" "maintenance" "poweroff" ];
|
||||
description = "Host status after agent startup.";
|
||||
default = "working";
|
||||
};
|
||||
on_stop = mkOption {
|
||||
type = types.enum [ "working" "standby" "maintenance" "poweroff" ];
|
||||
description = "Host status after agent shutdown.";
|
||||
default = "poweroff";
|
||||
};
|
||||
};
|
||||
|
||||
options.diagnostic =
|
||||
mkEnableOption "Collect memory usage for the agent itself";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [ mackerel-agent ];
|
||||
|
||||
environment.etc = {
|
||||
"mackerel-agent/mackerel-agent.conf".source =
|
||||
settingsFmt.generate "mackerel-agent.conf" cfg.settings;
|
||||
"mackerel-agent/conf.d/api-key.conf".source = cfg.apiKeyFile;
|
||||
};
|
||||
|
||||
services.mackerel-agent.settings = {
|
||||
root = mkDefault "/var/lib/mackerel-agent";
|
||||
pidfile = mkDefault "/run/mackerel-agent/mackerel-agent.pid";
|
||||
|
||||
# conf.d stores the symlink to cfg.apiKeyFile
|
||||
include = mkDefault "/etc/mackerel-agent/conf.d/*.conf";
|
||||
};
|
||||
|
||||
# upstream service file in https://git.io/JUt4Q
|
||||
systemd.services.mackerel-agent = {
|
||||
description = "mackerel.io agent";
|
||||
after = [ "network-online.target" "nss-lookup.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
MACKEREL_PLUGIN_WORKDIR = mkDefault "%C/mackerel-agent";
|
||||
};
|
||||
serviceConfig = {
|
||||
DynamicUser = !cfg.runAsRoot;
|
||||
PrivateTmp = mkDefault true;
|
||||
CacheDirectory = "mackerel-agent";
|
||||
ConfigurationDirectory = "mackerel-agent";
|
||||
RuntimeDirectory = "mackerel-agent";
|
||||
StateDirectory = "mackerel-agent";
|
||||
ExecStart = "${pkgs.mackerel-agent}/bin/mackerel-agent supervise";
|
||||
ExecStopPost = mkIf cfg.autoRetirement "${pkg.mackerel-agent}/bin/mackerel-agent retire -force";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
LimitNOFILE = mkDefault 65536;
|
||||
LimitNPROC = mkDefault 65536;
|
||||
};
|
||||
restartTriggers = [
|
||||
config.environment.etc."mackerel-agent/mackerel-agent.conf".source
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
@ -45,6 +45,7 @@ let
|
||||
"rspamd"
|
||||
"rtl_433"
|
||||
"snmp"
|
||||
"sql"
|
||||
"surfboard"
|
||||
"tor"
|
||||
"unifi"
|
||||
@ -218,6 +219,14 @@ in
|
||||
Please specify either 'services.prometheus.exporters.mail.configuration'
|
||||
or 'services.prometheus.exporters.mail.configFile'.
|
||||
'';
|
||||
} {
|
||||
assertion = cfg.sql.enable -> (
|
||||
(cfg.sql.configFile == null) != (cfg.sql.configuration == null)
|
||||
);
|
||||
message = ''
|
||||
Please specify either 'services.prometheus.exporters.sql.configuration' or
|
||||
'services.prometheus.exporters.sql.configFile'
|
||||
'';
|
||||
} ];
|
||||
}] ++ [(mkIf config.services.minio.enable {
|
||||
services.prometheus.exporters.minio.minioAddress = mkDefault "http://localhost:9000";
|
||||
|
104
nixos/modules/services/monitoring/prometheus/exporters/sql.nix
Normal file
104
nixos/modules/services/monitoring/prometheus/exporters/sql.nix
Normal file
@ -0,0 +1,104 @@
|
||||
{ config, lib, pkgs, options }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.prometheus.exporters.sql;
|
||||
cfgOptions = {
|
||||
options = with types; {
|
||||
jobs = mkOption {
|
||||
type = attrsOf (submodule jobOptions);
|
||||
default = { };
|
||||
description = "An attrset of metrics scraping jobs to run.";
|
||||
};
|
||||
};
|
||||
};
|
||||
jobOptions = {
|
||||
options = with types; {
|
||||
interval = mkOption {
|
||||
type = str;
|
||||
description = ''
|
||||
How often to run this job, specified in
|
||||
<link xlink:href="https://golang.org/pkg/time/#ParseDuration">Go duration</link> format.
|
||||
'';
|
||||
};
|
||||
connections = mkOption {
|
||||
type = listOf str;
|
||||
description = "A list of connection strings of the SQL servers to scrape metrics from";
|
||||
};
|
||||
startupSql = mkOption {
|
||||
type = listOf str;
|
||||
default = [];
|
||||
description = "A list of SQL statements to execute once after making a connection.";
|
||||
};
|
||||
queries = mkOption {
|
||||
type = attrsOf (submodule queryOptions);
|
||||
description = "SQL queries to run.";
|
||||
};
|
||||
};
|
||||
};
|
||||
queryOptions = {
|
||||
options = with types; {
|
||||
help = mkOption {
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = "A human-readable description of this metric.";
|
||||
};
|
||||
labels = mkOption {
|
||||
type = listOf str;
|
||||
default = [ ];
|
||||
description = "A set of columns that will be used as Prometheus labels.";
|
||||
};
|
||||
query = mkOption {
|
||||
type = str;
|
||||
description = "The SQL query to run.";
|
||||
};
|
||||
values = mkOption {
|
||||
type = listOf str;
|
||||
description = "A set of columns that will be used as values of this metric.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
configFile =
|
||||
if cfg.configFile != null
|
||||
then cfg.configFile
|
||||
else
|
||||
let
|
||||
nameInline = mapAttrsToList (k: v: v // { name = k; });
|
||||
renameStartupSql = j: removeAttrs (j // { startup_sql = j.startupSql; }) [ "startupSql" ];
|
||||
configuration = {
|
||||
jobs = map renameStartupSql
|
||||
(nameInline (mapAttrs (k: v: (v // { queries = nameInline v.queries; })) cfg.configuration.jobs));
|
||||
};
|
||||
in
|
||||
builtins.toFile "config.yaml" (builtins.toJSON configuration);
|
||||
in
|
||||
{
|
||||
extraOpts = {
|
||||
configFile = mkOption {
|
||||
type = with types; nullOr path;
|
||||
default = null;
|
||||
description = ''
|
||||
Path to configuration file.
|
||||
'';
|
||||
};
|
||||
configuration = mkOption {
|
||||
type = with types; nullOr (submodule cfgOptions);
|
||||
default = null;
|
||||
description = ''
|
||||
Exporter configuration as nix attribute set. Mutually exclusive with 'configFile' option.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
port = 9237;
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-sql-exporter}/bin/sql_exporter \
|
||||
-web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
-config.file ${configFile} \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -5,14 +5,8 @@ with lib;
|
||||
let
|
||||
cfg = config.services.telegraf;
|
||||
|
||||
configFile = pkgs.runCommand "config.toml" {
|
||||
buildInputs = [ pkgs.remarshal ];
|
||||
preferLocalBuild = true;
|
||||
} ''
|
||||
remarshal -if json -of toml \
|
||||
< ${pkgs.writeText "config.json" (builtins.toJSON cfg.extraConfig)} \
|
||||
> $out
|
||||
'';
|
||||
settingsFormat = pkgs.formats.toml {};
|
||||
configFile = settingsFormat.generate "config.toml" cfg.extraConfig;
|
||||
in {
|
||||
###### interface
|
||||
options = {
|
||||
@ -26,10 +20,23 @@ in {
|
||||
type = types.package;
|
||||
};
|
||||
|
||||
environmentFiles = mkOption {
|
||||
type = types.nullOr (types.listOf types.path);
|
||||
default = [];
|
||||
example = "/run/keys/telegraf.env";
|
||||
description = ''
|
||||
File to load as environment file. Environment variables
|
||||
from this file will be interpolated into the config file
|
||||
using envsubst with this syntax:
|
||||
<literal>$ENVIRONMENT ''${VARIABLE}</literal>
|
||||
This is useful to avoid putting secrets into the nix store.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
default = {};
|
||||
description = "Extra configuration options for telegraf";
|
||||
type = types.attrs;
|
||||
type = settingsFormat.type;
|
||||
example = {
|
||||
outputs = {
|
||||
influxdb = {
|
||||
@ -51,15 +58,28 @@ in {
|
||||
|
||||
###### implementation
|
||||
config = mkIf config.services.telegraf.enable {
|
||||
systemd.services.telegraf = {
|
||||
systemd.services.telegraf = let
|
||||
finalConfigFile = if config.services.telegraf.environmentFiles == []
|
||||
then configFile
|
||||
else "/var/run/telegraf/config.toml";
|
||||
in {
|
||||
description = "Telegraf Agent";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart=''${cfg.package}/bin/telegraf -config "${configFile}"'';
|
||||
EnvironmentFile = config.services.telegraf.environmentFiles;
|
||||
ExecStartPre = lib.optional (config.services.telegraf.environmentFiles != [])
|
||||
(pkgs.writeShellScript "pre-start" ''
|
||||
umask 077
|
||||
${pkgs.envsubst}/bin/envsubst -i "${configFile}" > /var/run/telegraf/config.toml
|
||||
'');
|
||||
ExecStart=''${cfg.package}/bin/telegraf -config ${finalConfigFile}'';
|
||||
ExecReload="${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
RuntimeDirectory = "telegraf";
|
||||
User = "telegraf";
|
||||
Restart = "on-failure";
|
||||
# for ping probes
|
||||
AmbientCapabilities = [ "CAP_NET_RAW" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
55
nixos/modules/services/networking/nar-serve.nix
Normal file
55
nixos/modules/services/networking/nar-serve.nix
Normal file
@ -0,0 +1,55 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.nar-serve;
|
||||
in
|
||||
{
|
||||
meta = {
|
||||
maintainers = [ maintainers.rizary ];
|
||||
};
|
||||
options = {
|
||||
services.nar-serve = {
|
||||
enable = mkEnableOption "Serve NAR file contents via HTTP";
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 8383;
|
||||
description = ''
|
||||
Port number where nar-serve will listen on.
|
||||
'';
|
||||
};
|
||||
|
||||
cacheURL = mkOption {
|
||||
type = types.str;
|
||||
default = "https://cache.nixos.org/";
|
||||
description = ''
|
||||
Binary cache URL to connect to.
|
||||
|
||||
The URL format is compatible with the nix remote url style, such as:
|
||||
- http://, https:// for binary caches via HTTP or HTTPS
|
||||
- s3:// for binary caches stored in Amazon S3
|
||||
- gs:// for binary caches stored in Google Cloud Storage
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.nar-serve = {
|
||||
description = "NAR server";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
environment.PORT = toString cfg.port;
|
||||
environment.NAR_CACHE_URL = cfg.cacheURL;
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = "5s";
|
||||
ExecStart = "${pkgs.nar-serve}/bin/nar-serve";
|
||||
DynamicUser = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,9 +1,7 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.unbound;
|
||||
|
||||
stateDir = "/var/lib/unbound";
|
||||
@ -17,12 +15,12 @@ let
|
||||
forward =
|
||||
optionalString (any isLocalAddress cfg.forwardAddresses) ''
|
||||
do-not-query-localhost: no
|
||||
'' +
|
||||
optionalString (cfg.forwardAddresses != []) ''
|
||||
''
|
||||
+ optionalString (cfg.forwardAddresses != []) ''
|
||||
forward-zone:
|
||||
name: .
|
||||
'' +
|
||||
concatMapStringsSep "\n" (x: " forward-addr: ${x}") cfg.forwardAddresses;
|
||||
''
|
||||
+ concatMapStringsSep "\n" (x: " forward-addr: ${x}") cfg.forwardAddresses;
|
||||
|
||||
rootTrustAnchorFile = "${stateDir}/root.key";
|
||||
|
||||
@ -31,19 +29,25 @@ let
|
||||
|
||||
confFile = pkgs.writeText "unbound.conf" ''
|
||||
server:
|
||||
ip-freebind: yes
|
||||
directory: "${stateDir}"
|
||||
username: unbound
|
||||
chroot: "${stateDir}"
|
||||
chroot: ""
|
||||
pidfile: ""
|
||||
# when running under systemd there is no need to daemonize
|
||||
do-daemonize: no
|
||||
${interfaces}
|
||||
${access}
|
||||
${trustAnchor}
|
||||
${lib.optionalString (cfg.localControlSocketPath != null) ''
|
||||
remote-control:
|
||||
control-enable: yes
|
||||
control-interface: ${cfg.localControlSocketPath}
|
||||
''}
|
||||
${cfg.extraConfig}
|
||||
${forward}
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
@ -55,8 +59,8 @@ in
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.unbound;
|
||||
defaultText = "pkgs.unbound";
|
||||
default = pkgs.unbound-with-systemd;
|
||||
defaultText = "pkgs.unbound-with-systemd";
|
||||
description = "The unbound package to use";
|
||||
};
|
||||
|
||||
@ -69,11 +73,14 @@ in
|
||||
interfaces = mkOption {
|
||||
default = [ "127.0.0.1" ] ++ optional config.networking.enableIPv6 "::1";
|
||||
type = types.listOf types.str;
|
||||
description = "What addresses the server should listen on.";
|
||||
description = ''
|
||||
What addresses the server should listen on. This supports the interface syntax documented in
|
||||
<citerefentry><refentrytitle>unbound.conf</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
||||
'';
|
||||
};
|
||||
|
||||
forwardAddresses = mkOption {
|
||||
default = [ ];
|
||||
default = [];
|
||||
type = types.listOf types.str;
|
||||
description = "What servers to forward queries to.";
|
||||
};
|
||||
@ -84,6 +91,28 @@ in
|
||||
description = "Use and update root trust anchor for DNSSEC validation.";
|
||||
};
|
||||
|
||||
localControlSocketPath = mkOption {
|
||||
default = null;
|
||||
# FIXME: What is the proper type here so users can specify strings,
|
||||
# paths and null?
|
||||
# My guess would be `types.nullOr (types.either types.str types.path)`
|
||||
# but I haven't verified yet.
|
||||
type = types.nullOr types.str;
|
||||
example = "/run/unbound/unbound.ctl";
|
||||
description = ''
|
||||
When not set to <literal>null</literal> this option defines the path
|
||||
at which the unbound remote control socket should be created at. The
|
||||
socket will be owned by the unbound user (<literal>unbound</literal>)
|
||||
and group will be <literal>nogroup</literal>.
|
||||
|
||||
Users that should be permitted to access the socket must be in the
|
||||
<literal>unbound</literal> group.
|
||||
|
||||
If this option is <literal>null</literal> remote control will not be
|
||||
configured at all. Unbounds default values apply.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
default = "";
|
||||
type = types.lines;
|
||||
@ -106,43 +135,85 @@ in
|
||||
users.users.unbound = {
|
||||
description = "unbound daemon user";
|
||||
isSystemUser = true;
|
||||
group = lib.mkIf (cfg.localControlSocketPath != null) (lib.mkDefault "unbound");
|
||||
};
|
||||
|
||||
# We need a group so that we can give users access to the configured
|
||||
# control socket. Unbound allows access to the socket only to the unbound
|
||||
# user and the primary group.
|
||||
users.groups = lib.mkIf (cfg.localControlSocketPath != null) {
|
||||
unbound = {};
|
||||
};
|
||||
|
||||
networking.resolvconf.useLocalResolver = mkDefault true;
|
||||
|
||||
|
||||
environment.etc."unbound/unbound.conf".source = confFile;
|
||||
|
||||
systemd.services.unbound = {
|
||||
description = "Unbound recursive Domain Name Server";
|
||||
after = [ "network.target" ];
|
||||
before = [ "nss-lookup.target" ];
|
||||
wants = [ "nss-lookup.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wantedBy = [ "multi-user.target" "nss-lookup.target" ];
|
||||
|
||||
preStart = ''
|
||||
mkdir -m 0755 -p ${stateDir}/dev/
|
||||
cp ${confFile} ${stateDir}/unbound.conf
|
||||
${optionalString cfg.enableRootTrustAnchor ''
|
||||
${cfg.package}/bin/unbound-anchor -a ${rootTrustAnchorFile} || echo "Root anchor updated!"
|
||||
chown unbound ${stateDir} ${rootTrustAnchorFile}
|
||||
''}
|
||||
touch ${stateDir}/dev/random
|
||||
${pkgs.utillinux}/bin/mount --bind -n /dev/urandom ${stateDir}/dev/random
|
||||
preStart = lib.mkIf cfg.enableRootTrustAnchor ''
|
||||
${cfg.package}/bin/unbound-anchor -a ${rootTrustAnchorFile} || echo "Root anchor updated!"
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/unbound -d -c ${stateDir}/unbound.conf";
|
||||
ExecStopPost="${pkgs.utillinux}/bin/umount ${stateDir}/dev/random";
|
||||
restartTriggers = [
|
||||
confFile
|
||||
];
|
||||
|
||||
ProtectSystem = true;
|
||||
ProtectHome = true;
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/unbound -p -d -c /etc/unbound/unbound.conf";
|
||||
ExecReload = "+/run/current-system/sw/bin/kill -HUP $MAINPID";
|
||||
|
||||
NotifyAccess = "main";
|
||||
Type = "notify";
|
||||
|
||||
# FIXME: Which of these do we actualy need, can we drop the chroot flag?
|
||||
AmbientCapabilities = [
|
||||
"CAP_NET_BIND_SERVICE"
|
||||
"CAP_NET_RAW"
|
||||
"CAP_SETGID"
|
||||
"CAP_SETUID"
|
||||
"CAP_SYS_CHROOT"
|
||||
"CAP_SYS_RESOURCE"
|
||||
];
|
||||
|
||||
User = "unbound";
|
||||
Group = lib.mkIf (cfg.localControlSocketPath != null) (lib.mkDefault "unbound");
|
||||
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
Restart = "always";
|
||||
RestartSec = "5s";
|
||||
PrivateTmp = true;
|
||||
ProtectHome = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectSystem = "strict";
|
||||
RuntimeDirectory = "unbound";
|
||||
ConfigurationDirectory = "unbound";
|
||||
StateDirectory = "unbound";
|
||||
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
|
||||
RestrictRealtime = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"~@clock"
|
||||
"@cpu-emulation"
|
||||
"@debug"
|
||||
"@keyring"
|
||||
"@module"
|
||||
"mount"
|
||||
"@obsolete"
|
||||
"@resources"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
LockPersonality = true;
|
||||
RestrictSUIDSGID = true;
|
||||
};
|
||||
};
|
||||
|
||||
# If networkmanager is enabled, ask it to interface with unbound.
|
||||
networking.networkmanager.dns = "unbound";
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -236,6 +236,7 @@ in
|
||||
# an AppArmor profile is provided to get a confinement based upon paths and rights.
|
||||
builtins.storeDir
|
||||
"/etc"
|
||||
"/run"
|
||||
] ++
|
||||
optional (cfg.settings.script-torrent-done-enabled &&
|
||||
cfg.settings.script-torrent-done-filename != "")
|
||||
@ -408,6 +409,7 @@ in
|
||||
#r @{PROC}/@{pid}/environ,
|
||||
r @{PROC}/@{pid}/mounts,
|
||||
rwk /tmp/tr_session_id_*,
|
||||
r /run/systemd/resolve/stub-resolv.conf,
|
||||
|
||||
r ${pkgs.openssl.out}/etc/**,
|
||||
r ${config.systemd.services.transmission.environment.CURL_CA_BUNDLE},
|
||||
|
@ -6,8 +6,10 @@ let
|
||||
cfg = config.services.codimd;
|
||||
|
||||
prettyJSON = conf:
|
||||
pkgs.runCommand "codimd-config.json" { preferLocalBuild = true; } ''
|
||||
echo '${builtins.toJSON conf}' | ${pkgs.jq}/bin/jq \
|
||||
pkgs.runCommandLocal "codimd-config.json" {
|
||||
nativeBuildInputs = [ pkgs.jq ];
|
||||
} ''
|
||||
echo '${builtins.toJSON conf}' | jq \
|
||||
'{production:del(.[]|nulls)|del(.[][]?|nulls)}' > $out
|
||||
'';
|
||||
in
|
||||
@ -878,7 +880,6 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
environmentFile = mkOption {
|
||||
type = with types; nullOr path;
|
||||
default = null;
|
||||
@ -908,6 +909,14 @@ in
|
||||
<literal>CodiMD</literal> is running.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.codimd;
|
||||
description = ''
|
||||
Package that provides CodiMD.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
@ -938,7 +947,7 @@ in
|
||||
'';
|
||||
serviceConfig = {
|
||||
WorkingDirectory = cfg.workDir;
|
||||
ExecStart = "${pkgs.codimd}/bin/codimd";
|
||||
ExecStart = "${cfg.package}/bin/codimd";
|
||||
EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
|
||||
Environment = [
|
||||
"CMD_CONFIG_FILE=${cfg.workDir}/config.json"
|
||||
|
@ -73,6 +73,7 @@ in
|
||||
core-os-services.enable = mkEnableOption "essential services for GNOME3";
|
||||
core-shell.enable = mkEnableOption "GNOME Shell services";
|
||||
core-utilities.enable = mkEnableOption "GNOME core utilities";
|
||||
core-developer-tools.enable = mkEnableOption "GNOME core developer tools";
|
||||
games.enable = mkEnableOption "GNOME games";
|
||||
|
||||
experimental-features = {
|
||||
@ -322,6 +323,12 @@ in
|
||||
gnome-shell
|
||||
];
|
||||
|
||||
services.udev.packages = with pkgs.gnome3; [
|
||||
# Force enable KMS modifiers for devices that require them.
|
||||
# https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1443
|
||||
mutter
|
||||
];
|
||||
|
||||
services.avahi.enable = mkDefault true;
|
||||
|
||||
xdg.portal.extraPortals = [
|
||||
@ -351,7 +358,7 @@ in
|
||||
source-sans-pro
|
||||
];
|
||||
|
||||
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-36/elements/core/meta-gnome-core-shell.bst
|
||||
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-38/elements/core/meta-gnome-core-shell.bst
|
||||
environment.systemPackages = with pkgs.gnome3; [
|
||||
adwaita-icon-theme
|
||||
gnome-backgrounds
|
||||
@ -396,7 +403,7 @@ in
|
||||
};
|
||||
})
|
||||
|
||||
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-36/elements/core/meta-gnome-core-utilities.bst
|
||||
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-38/elements/core/meta-gnome-core-utilities.bst
|
||||
(mkIf serviceCfg.core-utilities.enable {
|
||||
environment.systemPackages = (with pkgs.gnome3; removePackagesByName [
|
||||
baobab
|
||||
@ -415,16 +422,15 @@ in
|
||||
gnome-logs
|
||||
gnome-maps
|
||||
gnome-music
|
||||
gnome-photos
|
||||
pkgs.gnome-photos
|
||||
gnome-screenshot
|
||||
gnome-system-monitor
|
||||
gnome-weather
|
||||
nautilus
|
||||
pkgs.gnome-connections
|
||||
simple-scan
|
||||
totem
|
||||
yelp
|
||||
# Unsure if sensible for NixOS
|
||||
/* gnome-boxes */
|
||||
] config.environment.gnome3.excludePackages);
|
||||
|
||||
# Enable default program modules
|
||||
@ -453,12 +459,43 @@ in
|
||||
|
||||
(mkIf serviceCfg.games.enable {
|
||||
environment.systemPackages = (with pkgs.gnome3; removePackagesByName [
|
||||
aisleriot atomix five-or-more four-in-a-row gnome-chess gnome-klotski
|
||||
gnome-mahjongg gnome-mines gnome-nibbles gnome-robots gnome-sudoku
|
||||
gnome-taquin gnome-tetravex hitori iagno lightsoff quadrapassel
|
||||
swell-foop tali
|
||||
aisleriot
|
||||
atomix
|
||||
five-or-more
|
||||
four-in-a-row
|
||||
gnome-chess
|
||||
gnome-klotski
|
||||
gnome-mahjongg
|
||||
gnome-mines
|
||||
gnome-nibbles
|
||||
gnome-robots
|
||||
gnome-sudoku
|
||||
gnome-taquin
|
||||
gnome-tetravex
|
||||
hitori
|
||||
iagno
|
||||
lightsoff
|
||||
quadrapassel
|
||||
swell-foop
|
||||
tali
|
||||
] config.environment.gnome3.excludePackages);
|
||||
})
|
||||
|
||||
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/-/blob/3.38.0/elements/core/meta-gnome-core-developer-tools.bst
|
||||
(mkIf serviceCfg.core-developer-tools.enable {
|
||||
environment.systemPackages = (with pkgs.gnome3; removePackagesByName [
|
||||
dconf-editor
|
||||
devhelp
|
||||
pkgs.gnome-builder
|
||||
# boxes would make sense in this option, however
|
||||
# it doesn't function well enough to be included
|
||||
# in default configurations.
|
||||
# https://github.com/NixOS/nixpkgs/issues/60908
|
||||
/* gnome-boxes */
|
||||
] config.environment.gnome3.excludePackages);
|
||||
|
||||
services.sysprof.enable = true;
|
||||
})
|
||||
];
|
||||
|
||||
}
|
||||
|
@ -367,7 +367,7 @@ in
|
||||
security.pam.services.sddm.enableKwallet = true;
|
||||
|
||||
xdg.portal.enable = true;
|
||||
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
|
||||
xdg.portal.extraPortals = [ plasma5.xdg-desktop-portal-kde ];
|
||||
|
||||
# Update the start menu for each user that is currently logged in
|
||||
system.userActivationScripts.plasmaSetup = activationScript;
|
||||
|
@ -160,7 +160,7 @@ in
|
||||
];
|
||||
|
||||
# Otherwise GDM will not be able to start correctly and display Wayland sessions
|
||||
systemd.packages = with pkgs.gnome3; [ gnome-session gnome-shell ];
|
||||
systemd.packages = with pkgs.gnome3; [ gdm gnome-session gnome-shell ];
|
||||
environment.systemPackages = [ pkgs.gnome3.adwaita-icon-theme ];
|
||||
|
||||
systemd.services.display-manager.wants = [
|
||||
|
@ -28,6 +28,20 @@ let
|
||||
utillinux # needed for mount and mountpoint
|
||||
];
|
||||
|
||||
scriptType = with types;
|
||||
let scriptOptions =
|
||||
{ deps = mkOption
|
||||
{ type = types.listOf types.str;
|
||||
default = [ ];
|
||||
description = "List of dependencies. The script will run after these.";
|
||||
};
|
||||
text = mkOption
|
||||
{ type = types.lines;
|
||||
description = "The content of the script.";
|
||||
};
|
||||
};
|
||||
in either str (submodule { options = scriptOptions; });
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
@ -40,16 +54,14 @@ in
|
||||
default = {};
|
||||
|
||||
example = literalExample ''
|
||||
{ stdio = {
|
||||
text = '''
|
||||
# Needed by some programs.
|
||||
ln -sfn /proc/self/fd /dev/fd
|
||||
ln -sfn /proc/self/fd/0 /dev/stdin
|
||||
ln -sfn /proc/self/fd/1 /dev/stdout
|
||||
ln -sfn /proc/self/fd/2 /dev/stderr
|
||||
''';
|
||||
deps = [];
|
||||
};
|
||||
{ stdio.text =
|
||||
'''
|
||||
# Needed by some programs.
|
||||
ln -sfn /proc/self/fd /dev/fd
|
||||
ln -sfn /proc/self/fd/0 /dev/stdin
|
||||
ln -sfn /proc/self/fd/1 /dev/stdout
|
||||
ln -sfn /proc/self/fd/2 /dev/stderr
|
||||
''';
|
||||
}
|
||||
'';
|
||||
|
||||
@ -62,7 +74,7 @@ in
|
||||
idempotent and fast.
|
||||
'';
|
||||
|
||||
type = types.attrsOf types.unspecified; # FIXME
|
||||
type = types.attrsOf scriptType;
|
||||
|
||||
apply = set: {
|
||||
script =
|
||||
@ -125,7 +137,7 @@ in
|
||||
idempotent and fast.
|
||||
'';
|
||||
|
||||
type = types.attrsOf types.unspecified;
|
||||
type = with types; attrsOf scriptType;
|
||||
|
||||
apply = set: {
|
||||
script = ''
|
||||
|
@ -404,7 +404,7 @@ let
|
||||
echo "Please move your mouse to create needed randomness."
|
||||
''}
|
||||
echo "Waiting for your FIDO2 device..."
|
||||
fido2luks -i open ${device} ${name} ${fido2.credential} --await-dev ${toString fido2.gracePeriod} --salt string:$passphrase
|
||||
fido2luks open ${device} ${name} ${fido2.credential} --await-dev ${toString fido2.gracePeriod} --salt string:$passphrase
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "No FIDO2 key found, falling back to normal open procedure"
|
||||
open_normally
|
||||
|
@ -35,4 +35,4 @@ int main(int argc, char** argv)
|
||||
fwrite(key, 1, key_length, stdout);
|
||||
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
@ -9,7 +9,7 @@ let
|
||||
|
||||
cfg = config.boot.plymouth;
|
||||
|
||||
nixosBreezePlymouth = pkgs.breeze-plymouth.override {
|
||||
nixosBreezePlymouth = pkgs.plasma5.breeze-plymouth.override {
|
||||
logoFile = cfg.logo;
|
||||
logoName = "nixos";
|
||||
osName = "NixOS";
|
||||
|
@ -175,14 +175,10 @@ in
|
||||
|
||||
forceImportAll = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
default = false;
|
||||
description = ''
|
||||
Forcibly import all ZFS pool(s).
|
||||
|
||||
This is enabled by default for backwards compatibility purposes, but it is highly
|
||||
recommended to disable this option, as it bypasses some of the safeguards ZFS uses
|
||||
to protect your ZFS pools.
|
||||
|
||||
If you set this option to <literal>false</literal> and NixOS subsequently fails to
|
||||
import your non-root ZFS pool(s), you should manually import each pool with
|
||||
"zpool import -f <pool-name>", and then reboot. You should only need to do
|
||||
@ -507,6 +503,7 @@ in
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
environment.ZFS_FORCE = optionalString cfgZfs.forceImportAll "-f";
|
||||
script = (importLib {
|
||||
# See comments at importLib definition.
|
||||
zpoolCmd="${packages.zfsUser}/sbin/zpool";
|
||||
|
@ -1062,7 +1062,6 @@ in
|
||||
];
|
||||
|
||||
boot.kernelModules = [ ]
|
||||
++ optional cfg.enableIPv6 "ipv6"
|
||||
++ optional hasVirtuals "tun"
|
||||
++ optional hasSits "sit"
|
||||
++ optional hasBonds "bonding";
|
||||
|
@ -329,24 +329,24 @@ let self = {
|
||||
"20.03".ap-east-1.hvm-ebs = "ami-0d18fdd309cdefa86";
|
||||
"20.03".sa-east-1.hvm-ebs = "ami-09859378158ae971d";
|
||||
|
||||
# 20.09.1465.9a0b14b097d
|
||||
"20.09".eu-west-1.hvm-ebs = "ami-0d90f16418e3c364c";
|
||||
"20.09".eu-west-2.hvm-ebs = "ami-0635ec0780ea57cfe";
|
||||
"20.09".eu-west-3.hvm-ebs = "ami-0714e94352f2eabb9";
|
||||
"20.09".eu-central-1.hvm-ebs = "ami-0979d39762a4d2a02";
|
||||
"20.09".eu-north-1.hvm-ebs = "ami-0b14e273185c66e9b";
|
||||
"20.09".us-east-1.hvm-ebs = "ami-0f8b063ac3f2d9645";
|
||||
"20.09".us-east-2.hvm-ebs = "ami-0959202a0393fdd0c";
|
||||
"20.09".us-west-1.hvm-ebs = "ami-096d50833b785478b";
|
||||
"20.09".us-west-2.hvm-ebs = "ami-0fc31031df0df6104";
|
||||
"20.09".ca-central-1.hvm-ebs = "ami-0787786a38cde3905";
|
||||
"20.09".ap-southeast-1.hvm-ebs = "ami-0b3f693d3a2a0b9ae";
|
||||
"20.09".ap-southeast-2.hvm-ebs = "ami-02471872bc876b610";
|
||||
"20.09".ap-northeast-1.hvm-ebs = "ami-06505fd2bf44a59a7";
|
||||
"20.09".ap-northeast-2.hvm-ebs = "ami-0754b4c014eea1e8a";
|
||||
"20.09".ap-south-1.hvm-ebs = "ami-05100e32242ae65a6";
|
||||
"20.09".ap-east-1.hvm-ebs = "ami-045288859a39de009";
|
||||
"20.09".sa-east-1.hvm-ebs = "ami-0a937748db48fb00d";
|
||||
# 20.09.1632.a6a3a368dda
|
||||
"20.09".eu-west-1.hvm-ebs = "ami-01a79d5ce435f4db3";
|
||||
"20.09".eu-west-2.hvm-ebs = "ami-0cbe14f32904e6331";
|
||||
"20.09".eu-west-3.hvm-ebs = "ami-07f493412d6213de6";
|
||||
"20.09".eu-central-1.hvm-ebs = "ami-01d4a0c2248cbfe38";
|
||||
"20.09".eu-north-1.hvm-ebs = "ami-0003f54dd99d68e0f";
|
||||
"20.09".us-east-1.hvm-ebs = "ami-068a62d478710462d";
|
||||
"20.09".us-east-2.hvm-ebs = "ami-01ac677ff61399caa";
|
||||
"20.09".us-west-1.hvm-ebs = "ami-04befdb203b4b17f6";
|
||||
"20.09".us-west-2.hvm-ebs = "ami-0fb7bd4a43261c6b2";
|
||||
"20.09".ca-central-1.hvm-ebs = "ami-06d5ee429f153f856";
|
||||
"20.09".ap-southeast-1.hvm-ebs = "ami-0db0304e23c535b2a";
|
||||
"20.09".ap-southeast-2.hvm-ebs = "ami-045983c4db7e36447";
|
||||
"20.09".ap-northeast-1.hvm-ebs = "ami-0beb18d632cf64e5a";
|
||||
"20.09".ap-northeast-2.hvm-ebs = "ami-0dd0316af578862db";
|
||||
"20.09".ap-south-1.hvm-ebs = "ami-008d15ced81c88aed";
|
||||
"20.09".ap-east-1.hvm-ebs = "ami-071f49713f86ea965";
|
||||
"20.09".sa-east-1.hvm-ebs = "ami-05ded1ae35209b5a8";
|
||||
|
||||
latest = self."20.09";
|
||||
}; in self
|
||||
|
@ -744,16 +744,19 @@ in
|
||||
(isEnabled "VIRTIO_PCI")
|
||||
(isEnabled "VIRTIO_NET")
|
||||
(isEnabled "EXT4_FS")
|
||||
(isEnabled "NET_9P_VIRTIO")
|
||||
(isEnabled "9P_FS")
|
||||
(isYes "BLK_DEV")
|
||||
(isYes "PCI")
|
||||
(isYes "EXPERIMENTAL")
|
||||
(isYes "NETDEVICES")
|
||||
(isYes "NET_CORE")
|
||||
(isYes "INET")
|
||||
(isYes "NETWORK_FILESYSTEMS")
|
||||
] ++ optional (!cfg.graphics) [
|
||||
] ++ optionals (!cfg.graphics) [
|
||||
(isYes "SERIAL_8250_CONSOLE")
|
||||
(isYes "SERIAL_8250")
|
||||
] ++ optionals (cfg.writableStore) [
|
||||
(isEnabled "OVERLAY_FS")
|
||||
];
|
||||
|
||||
};
|
||||
|
@ -71,7 +71,6 @@ in rec {
|
||||
(onFullSupported "nixos.tests.fontconfig-default-fonts")
|
||||
(onFullSupported "nixos.tests.gnome3")
|
||||
(onFullSupported "nixos.tests.gnome3-xorg")
|
||||
(onFullSupported "nixos.tests.hardened")
|
||||
(onSystems ["x86_64-linux"] "nixos.tests.hibernate")
|
||||
(onFullSupported "nixos.tests.i3wm")
|
||||
(onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSimple")
|
||||
@ -93,7 +92,6 @@ in rec {
|
||||
(onFullSupported "nixos.tests.keymap.dvp")
|
||||
(onFullSupported "nixos.tests.keymap.neo")
|
||||
(onFullSupported "nixos.tests.keymap.qwertz")
|
||||
(onFullSupported "nixos.tests.latestKernel.hardened")
|
||||
(onFullSupported "nixos.tests.latestKernel.login")
|
||||
(onFullSupported "nixos.tests.lightdm")
|
||||
(onFullSupported "nixos.tests.login")
|
||||
|
@ -225,6 +225,7 @@ in
|
||||
mysql-backup = handleTest ./mysql/mysql-backup.nix {};
|
||||
mysql-replication = handleTest ./mysql/mysql-replication.nix {};
|
||||
nagios = handleTest ./nagios.nix {};
|
||||
nar-serve = handleTest ./nar-serve.nix {};
|
||||
nat.firewall = handleTest ./nat.nix { withFirewall = true; };
|
||||
nat.firewall-conntrack = handleTest ./nat.nix { withFirewall = true; withConntrackHelpers = true; };
|
||||
nat.standalone = handleTest ./nat.nix { withFirewall = false; };
|
||||
@ -314,6 +315,7 @@ in
|
||||
samba = handleTest ./samba.nix {};
|
||||
sanoid = handleTest ./sanoid.nix {};
|
||||
sbt = handleTest ./sbt.nix {};
|
||||
sbt-extras = handleTest ./sbt-extras.nix {};
|
||||
scala = handleTest ./scala.nix {};
|
||||
sddm = handleTest ./sddm.nix {};
|
||||
service-runner = handleTest ./service-runner.nix {};
|
||||
@ -346,6 +348,7 @@ in
|
||||
systemd-binfmt = handleTestOn ["x86_64-linux"] ./systemd-binfmt.nix {};
|
||||
systemd-boot = handleTest ./systemd-boot.nix {};
|
||||
systemd-confinement = handleTest ./systemd-confinement.nix {};
|
||||
systemd-journal = handleTest ./systemd-journal.nix {};
|
||||
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
|
||||
systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {};
|
||||
systemd-networkd = handleTest ./systemd-networkd.nix {};
|
||||
@ -367,6 +370,7 @@ in
|
||||
trezord = handleTest ./trezord.nix {};
|
||||
trickster = handleTest ./trickster.nix {};
|
||||
tuptime = handleTest ./tuptime.nix {};
|
||||
unbound = handleTest ./unbound.nix {};
|
||||
udisks2 = handleTest ./udisks2.nix {};
|
||||
unit-php = handleTest ./web-servers/unit-php.nix {};
|
||||
upnp = handleTest ./upnp.nix {};
|
||||
|
@ -94,6 +94,7 @@ in
|
||||
glib-networking = callInstalledTest ./glib-networking.nix {};
|
||||
gnome-photos = callInstalledTest ./gnome-photos.nix {};
|
||||
graphene = callInstalledTest ./graphene.nix {};
|
||||
gsconnect = callInstalledTest ./gsconnect.nix {};
|
||||
ibus = callInstalledTest ./ibus.nix {};
|
||||
libgdata = callInstalledTest ./libgdata.nix {};
|
||||
glib-testing = callInstalledTest ./glib-testing.nix {};
|
||||
|
@ -5,7 +5,7 @@ makeInstalledTest {
|
||||
|
||||
testConfig = {
|
||||
services.fwupd.enable = true;
|
||||
services.fwupd.blacklistPlugins = lib.mkForce []; # don't blacklist test plugin
|
||||
services.fwupd.disabledPlugins = lib.mkForce []; # don't disable test plugin
|
||||
services.fwupd.enableTestRemote = true;
|
||||
virtualisation.memorySize = 768;
|
||||
};
|
||||
|
7
nixos/tests/installed-tests/gsconnect.nix
Normal file
7
nixos/tests/installed-tests/gsconnect.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ pkgs, makeInstalledTest, ... }:
|
||||
|
||||
makeInstalledTest {
|
||||
tested = pkgs.gnomeExtensions.gsconnect;
|
||||
|
||||
withX11 = true;
|
||||
}
|
@ -45,6 +45,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
|
||||
machine.wait_for_open_port(3100)
|
||||
machine.wait_for_open_port(9080)
|
||||
machine.succeed("echo 'Loki Ingestion Test' > /var/log/testlog")
|
||||
# should not have access to journal unless specified
|
||||
machine.fail("systemctl show --property=SupplementaryGroups promtail | grep -q systemd-journal")
|
||||
machine.wait_until_succeeds(
|
||||
"${pkgs.grafana-loki}/bin/logcli --addr='http://localhost:3100' query --no-labels '{job=\"varlogs\",filename=\"/var/log/testlog\"}' | grep -q 'Loki Ingestion Test'"
|
||||
)
|
||||
|
48
nixos/tests/nar-serve.nix
Normal file
48
nixos/tests/nar-serve.nix
Normal file
@ -0,0 +1,48 @@
|
||||
import ./make-test-python.nix (
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
name = "nar-serve";
|
||||
meta.maintainers = [ lib.maintainers.rizary ];
|
||||
nodes =
|
||||
{
|
||||
server = { pkgs, ... }: {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts.default.root = "/var/www";
|
||||
};
|
||||
services.nar-serve = {
|
||||
enable = true;
|
||||
# Connect to the localhost nginx instead of the default
|
||||
# https://cache.nixos.org
|
||||
cacheURL = "http://localhost/";
|
||||
};
|
||||
environment.systemPackages = [
|
||||
pkgs.hello
|
||||
pkgs.curl
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8383 ];
|
||||
|
||||
# virtualisation.diskSize = 2 * 1024;
|
||||
};
|
||||
};
|
||||
testScript = ''
|
||||
start_all()
|
||||
|
||||
# Create a fake cache with Nginx service the static files
|
||||
server.succeed(
|
||||
"nix copy --to file:///var/www ${pkgs.hello}"
|
||||
)
|
||||
server.wait_for_unit("nginx.service")
|
||||
server.wait_for_open_port(80)
|
||||
|
||||
# Check that nar-serve can return the content of the derivation
|
||||
drvName = os.path.basename("${pkgs.hello}")
|
||||
drvHash = drvName.split("-")[0]
|
||||
server.wait_for_unit("nar-serve.service")
|
||||
server.succeed(
|
||||
"curl -o hello -f http://localhost:8383/nix/store/{}/bin/hello".format(drvHash)
|
||||
)
|
||||
'';
|
||||
}
|
||||
)
|
@ -11,9 +11,9 @@ import ./make-test-python.nix {
|
||||
enable = true;
|
||||
enableSubmission = true;
|
||||
enableSubmissions = true;
|
||||
sslCACert = certs.ca.cert;
|
||||
sslCert = certs.${domain}.cert;
|
||||
sslKey = certs.${domain}.key;
|
||||
tlsTrustedAuthorities = "${certs.ca.cert}";
|
||||
sslCert = "${certs.${domain}.cert}";
|
||||
sslKey = "${certs.${domain}.key}";
|
||||
submissionsOptions = {
|
||||
smtpd_sasl_auth_enable = "yes";
|
||||
smtpd_client_restrictions = "permit";
|
||||
|
@ -609,6 +609,50 @@ let
|
||||
'';
|
||||
};
|
||||
|
||||
sql = {
|
||||
exporterConfig = {
|
||||
configuration.jobs.points = {
|
||||
interval = "1m";
|
||||
connections = [
|
||||
"postgres://prometheus-sql-exporter@/data?host=/run/postgresql&sslmode=disable"
|
||||
];
|
||||
queries = {
|
||||
points = {
|
||||
labels = [ "name" ];
|
||||
help = "Amount of points accumulated per person";
|
||||
values = [ "amount" ];
|
||||
query = "SELECT SUM(amount) as amount, name FROM points GROUP BY name";
|
||||
};
|
||||
};
|
||||
};
|
||||
enable = true;
|
||||
user = "prometheus-sql-exporter";
|
||||
};
|
||||
metricProvider = {
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
initialScript = builtins.toFile "init.sql" ''
|
||||
CREATE DATABASE data;
|
||||
\c data;
|
||||
CREATE TABLE points (amount INT, name TEXT);
|
||||
INSERT INTO points(amount, name) VALUES (1, 'jack');
|
||||
INSERT INTO points(amount, name) VALUES (2, 'jill');
|
||||
INSERT INTO points(amount, name) VALUES (3, 'jack');
|
||||
|
||||
CREATE USER "prometheus-sql-exporter";
|
||||
GRANT ALL PRIVILEGES ON DATABASE data TO "prometheus-sql-exporter";
|
||||
GRANT SELECT ON points TO "prometheus-sql-exporter";
|
||||
'';
|
||||
};
|
||||
systemd.services.prometheus-sql-exporter.after = [ "postgresql.service" ];
|
||||
};
|
||||
exporterTest = ''
|
||||
wait_for_unit("prometheus-sql-exporter.service")
|
||||
wait_for_open_port(9237)
|
||||
succeed("curl http://localhost:9237/metrics | grep -c 'sql_points{' | grep -q 2")
|
||||
'';
|
||||
};
|
||||
|
||||
surfboard = {
|
||||
exporterConfig = {
|
||||
enable = true;
|
||||
|
16
nixos/tests/sbt-extras.nix
Normal file
16
nixos/tests/sbt-extras.nix
Normal file
@ -0,0 +1,16 @@
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
name = "sbt-extras";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ nequissimus ];
|
||||
};
|
||||
|
||||
machine = { pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = [ pkgs.sbt-extras ];
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
machine.succeed("(sbt -h)")
|
||||
'';
|
||||
})
|
20
nixos/tests/systemd-journal.nix
Normal file
20
nixos/tests/systemd-journal.nix
Normal file
@ -0,0 +1,20 @@
|
||||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
|
||||
{
|
||||
name = "systemd-journal";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ lewo ];
|
||||
};
|
||||
|
||||
machine = { pkgs, lib, ... }: {
|
||||
services.journald.enableHttpGateway = true;
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
|
||||
machine.succeed(
|
||||
"${pkgs.curl}/bin/curl -s localhost:19531/machine | ${pkgs.jq}/bin/jq -e '.hostname == \"machine\"'"
|
||||
)
|
||||
'';
|
||||
})
|
@ -6,12 +6,15 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
|
||||
machine = { ... }: {
|
||||
services.telegraf.enable = true;
|
||||
services.telegraf.environmentFiles = [pkgs.writeText "secrets" ''
|
||||
SECRET=example
|
||||
''];
|
||||
services.telegraf.extraConfig = {
|
||||
agent.interval = "1s";
|
||||
agent.flush_interval = "1s";
|
||||
inputs.exec = {
|
||||
commands = [
|
||||
"${pkgs.runtimeShell} -c 'echo example,tag=a i=42i'"
|
||||
"${pkgs.runtimeShell} -c 'echo $SECRET,tag=a i=42i'"
|
||||
];
|
||||
timeout = "5s";
|
||||
data_format = "influx";
|
||||
|
278
nixos/tests/unbound.nix
Normal file
278
nixos/tests/unbound.nix
Normal file
@ -0,0 +1,278 @@
|
||||
/*
|
||||
Test that our unbound module indeed works as most users would expect.
|
||||
There are a few settings that we must consider when modifying the test. The
|
||||
ususal use-cases for unbound are
|
||||
* running a recursive DNS resolver on the local machine
|
||||
* running a recursive DNS resolver on the local machine, forwarding to a local DNS server via UDP/53 & TCP/53
|
||||
* running a recursive DNS resolver on the local machine, forwarding to a local DNS server via TCP/853 (DoT)
|
||||
* running a recursive DNS resolver on a machine in the network awaiting input from clients over TCP/53 & UDP/53
|
||||
* running a recursive DNS resolver on a machine in the network awaiting input from clients over TCP/853 (DoT)
|
||||
|
||||
In the below test setup we are trying to implement all of those use cases.
|
||||
|
||||
Another aspect that we cover is access to the local control UNIX socket. It
|
||||
can optionally be enabled and users can optionally be in a group to gain
|
||||
access. Users that are not in the group (except for root) should not have
|
||||
access to that socket. Also, when there is no socket configured, users
|
||||
shouldn't be able to access the control socket at all. Not even root.
|
||||
*/
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }:
|
||||
let
|
||||
# common client configuration that we can just use for the multitude of
|
||||
# clients we are constructing
|
||||
common = { lib, pkgs, ... }: {
|
||||
config = {
|
||||
environment.systemPackages = [ pkgs.knot-dns ];
|
||||
|
||||
# disable the root anchor update as we do not have internet access during
|
||||
# the test execution
|
||||
services.unbound.enableRootTrustAnchor = false;
|
||||
};
|
||||
};
|
||||
|
||||
cert = pkgs.runCommandNoCC "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
|
||||
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=dns.example.local'
|
||||
mkdir -p $out
|
||||
cp key.pem cert.pem $out
|
||||
'';
|
||||
in
|
||||
{
|
||||
name = "unbound";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ andir ];
|
||||
};
|
||||
|
||||
nodes = {
|
||||
|
||||
# The server that actually serves our zones, this tests unbounds authoriative mode
|
||||
authoritative = { lib, pkgs, config, ... }: {
|
||||
imports = [ common ];
|
||||
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
|
||||
{ address = "192.168.0.1"; prefixLength = 24; }
|
||||
];
|
||||
networking.interfaces.eth1.ipv6.addresses = lib.mkForce [
|
||||
{ address = "fd21::1"; prefixLength = 64; }
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [ 53 ];
|
||||
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||
|
||||
services.unbound = {
|
||||
enable = true;
|
||||
interfaces = [ "192.168.0.1" "fd21::1" "::1" "127.0.0.1" ];
|
||||
allowedAccess = [ "192.168.0.0/24" "fd21::/64" "::1" "127.0.0.0/8" ];
|
||||
extraConfig = ''
|
||||
server:
|
||||
local-data: "example.local. IN A 1.2.3.4"
|
||||
local-data: "example.local. IN AAAA abcd::eeff"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# The resolver that knows that fowards (only) to the authoritative server
|
||||
# and listens on UDP/53, TCP/53 & TCP/853.
|
||||
resolver = { lib, nodes, ... }: {
|
||||
imports = [ common ];
|
||||
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
|
||||
{ address = "192.168.0.2"; prefixLength = 24; }
|
||||
];
|
||||
networking.interfaces.eth1.ipv6.addresses = lib.mkForce [
|
||||
{ address = "fd21::2"; prefixLength = 64; }
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
53 # regular DNS
|
||||
853 # DNS over TLS
|
||||
];
|
||||
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||
|
||||
services.unbound = {
|
||||
enable = true;
|
||||
allowedAccess = [ "192.168.0.0/24" "fd21::/64" "::1" "127.0.0.0/8" ];
|
||||
interfaces = [ "::1" "127.0.0.1" "192.168.0.2" "fd21::2" "192.168.0.2@853" "fd21::2@853" "::1@853" "127.0.0.1@853" ];
|
||||
forwardAddresses = [
|
||||
(lib.head nodes.authoritative.config.networking.interfaces.eth1.ipv6.addresses).address
|
||||
(lib.head nodes.authoritative.config.networking.interfaces.eth1.ipv4.addresses).address
|
||||
];
|
||||
extraConfig = ''
|
||||
server:
|
||||
tls-service-pem: ${cert}/cert.pem
|
||||
tls-service-key: ${cert}/key.pem
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# machine that runs a local unbound that will be reconfigured during test execution
|
||||
local_resolver = { lib, nodes, config, ... }: {
|
||||
imports = [ common ];
|
||||
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
|
||||
{ address = "192.168.0.3"; prefixLength = 24; }
|
||||
];
|
||||
networking.interfaces.eth1.ipv6.addresses = lib.mkForce [
|
||||
{ address = "fd21::3"; prefixLength = 64; }
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
53 # regular DNS
|
||||
];
|
||||
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||
|
||||
services.unbound = {
|
||||
enable = true;
|
||||
allowedAccess = [ "::1" "127.0.0.0/8" ];
|
||||
interfaces = [ "::1" "127.0.0.1" ];
|
||||
localControlSocketPath = "/run/unbound/unbound.ctl";
|
||||
extraConfig = ''
|
||||
include: "/etc/unbound/extra*.conf"
|
||||
'';
|
||||
};
|
||||
|
||||
users.users = {
|
||||
# user that is permitted to access the unix socket
|
||||
someuser.extraGroups = [
|
||||
config.users.users.unbound.group
|
||||
];
|
||||
|
||||
# user that is not permitted to access the unix socket
|
||||
unauthorizeduser = {};
|
||||
};
|
||||
|
||||
environment.etc = {
|
||||
"unbound-extra1.conf".text = ''
|
||||
forward-zone:
|
||||
name: "example.local."
|
||||
forward-addr: ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address}
|
||||
forward-addr: ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address}
|
||||
'';
|
||||
"unbound-extra2.conf".text = ''
|
||||
auth-zone:
|
||||
name: something.local.
|
||||
zonefile: ${pkgs.writeText "zone" ''
|
||||
something.local. IN A 3.4.5.6
|
||||
''}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
# plain node that only has network access and doesn't run any part of the
|
||||
# resolver software locally
|
||||
client = { lib, nodes, ... }: {
|
||||
imports = [ common ];
|
||||
networking.nameservers = [
|
||||
(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address
|
||||
(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address
|
||||
];
|
||||
networking.interfaces.eth1.ipv4.addresses = [
|
||||
{ address = "192.168.0.10"; prefixLength = 24; }
|
||||
];
|
||||
networking.interfaces.eth1.ipv6.addresses = [
|
||||
{ address = "fd21::10"; prefixLength = 64; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
testScript = { nodes, ... }: ''
|
||||
import typing
|
||||
import json
|
||||
|
||||
zone = "example.local."
|
||||
records = [("AAAA", "abcd::eeff"), ("A", "1.2.3.4")]
|
||||
|
||||
|
||||
def query(
|
||||
machine,
|
||||
host: str,
|
||||
query_type: str,
|
||||
query: str,
|
||||
expected: typing.Optional[str] = None,
|
||||
args: typing.Optional[typing.List[str]] = None,
|
||||
):
|
||||
"""
|
||||
Execute a single query and compare the result with expectation
|
||||
"""
|
||||
text_args = ""
|
||||
if args:
|
||||
text_args = " ".join(args)
|
||||
|
||||
out = machine.succeed(
|
||||
f"kdig {text_args} {query} {query_type} @{host} +short"
|
||||
).strip()
|
||||
machine.log(f"{host} replied with {out}")
|
||||
if expected:
|
||||
assert expected == out, f"Expected `{expected}` but got `{out}`"
|
||||
|
||||
|
||||
def test(machine, remotes, /, doh=False, zone=zone, records=records, args=[]):
|
||||
"""
|
||||
Run queries for the given remotes on the given machine.
|
||||
"""
|
||||
for query_type, expected in records:
|
||||
for remote in remotes:
|
||||
query(machine, remote, query_type, zone, expected, args)
|
||||
query(machine, remote, query_type, zone, expected, ["+tcp"] + args)
|
||||
if doh:
|
||||
query(
|
||||
machine,
|
||||
remote,
|
||||
query_type,
|
||||
zone,
|
||||
expected,
|
||||
["+tcp", "+tls"] + args,
|
||||
)
|
||||
|
||||
|
||||
client.start()
|
||||
authoritative.wait_for_unit("unbound.service")
|
||||
|
||||
# verify that we can resolve locally
|
||||
with subtest("test the authoritative servers local responses"):
|
||||
test(authoritative, ["::1", "127.0.0.1"])
|
||||
|
||||
resolver.wait_for_unit("unbound.service")
|
||||
|
||||
with subtest("root is unable to use unbounc-control when the socket is not configured"):
|
||||
resolver.succeed("which unbound-control") # the binary must exist
|
||||
resolver.fail("unbound-control list_forwards") # the invocation must fail
|
||||
|
||||
# verify that the resolver is able to resolve on all the local protocols
|
||||
with subtest("test that the resolver resolves on all protocols and transports"):
|
||||
test(resolver, ["::1", "127.0.0.1"], doh=True)
|
||||
|
||||
resolver.wait_for_unit("multi-user.target")
|
||||
|
||||
with subtest("client should be able to query the resolver"):
|
||||
test(client, ["${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address}", "${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address}"], doh=True)
|
||||
|
||||
# discard the client we do not need anymore
|
||||
client.shutdown()
|
||||
|
||||
local_resolver.wait_for_unit("multi-user.target")
|
||||
|
||||
# link a new config file to /etc/unbound/extra.conf
|
||||
local_resolver.succeed("ln -s /etc/unbound-extra1.conf /etc/unbound/extra1.conf")
|
||||
|
||||
# reload the server & ensure the forwarding works
|
||||
with subtest("test that the local resolver resolves on all protocols and transports"):
|
||||
local_resolver.succeed("systemctl reload unbound")
|
||||
print(local_resolver.succeed("journalctl -u unbound -n 1000"))
|
||||
test(local_resolver, ["::1", "127.0.0.1"], args=["+timeout=60"])
|
||||
|
||||
with subtest("test that we can use the unbound control socket"):
|
||||
out = local_resolver.succeed(
|
||||
"sudo -u someuser -- unbound-control list_forwards"
|
||||
).strip()
|
||||
|
||||
# Thank you black! Can't really break this line into a readable version.
|
||||
expected = "example.local. IN forward ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address} ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address}"
|
||||
assert out == expected, f"Expected `{expected}` but got `{out}` instead."
|
||||
local_resolver.fail("sudo -u unauthorizeduser -- unbound-control list_forwards")
|
||||
|
||||
|
||||
# link a new config file to /etc/unbound/extra.conf
|
||||
local_resolver.succeed("ln -sf /etc/unbound-extra2.conf /etc/unbound/extra2.conf")
|
||||
|
||||
# reload the server & ensure the new local zone works
|
||||
with subtest("test that we can query the new local zone"):
|
||||
local_resolver.succeed("unbound-control reload")
|
||||
r = [("A", "3.4.5.6")]
|
||||
test(local_resolver, ["::1", "127.0.0.1"], zone="something.local.", records=r)
|
||||
'';
|
||||
})
|
@ -18,7 +18,7 @@ let
|
||||
maintainers = [ adisbladis ];
|
||||
};
|
||||
|
||||
machine = { pkgs, ... }: {
|
||||
machine = { pkgs, lib, ... }: {
|
||||
virtualisation.emptyDiskImages = [ 4096 ];
|
||||
networking.hostId = "deadbeef";
|
||||
boot.kernelPackages = kernelPackage;
|
||||
@ -26,6 +26,24 @@ let
|
||||
boot.zfs.enableUnstable = enableUnstable;
|
||||
|
||||
environment.systemPackages = [ pkgs.parted ];
|
||||
|
||||
# Setup regular fileSystems machinery to ensure forceImportAll can be
|
||||
# tested via the regular service units.
|
||||
fileSystems = lib.mkVMOverride {
|
||||
"/forcepool" = {
|
||||
device = "forcepool";
|
||||
fsType = "zfs";
|
||||
options = [ "noauto" ];
|
||||
};
|
||||
};
|
||||
|
||||
# forcepool doesn't exist at first boot, and we need to manually test
|
||||
# the import after tweaking the hostId.
|
||||
systemd.services.zfs-import-forcepool.wantedBy = lib.mkVMOverride [];
|
||||
systemd.targets.zfs.wantedBy = lib.mkVMOverride [];
|
||||
boot.zfs.forceImportAll = true;
|
||||
# /dev/disk/by-id doesn't get populated in the NixOS test framework
|
||||
boot.zfs.devNodes = "/dev/disk/by-uuid";
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
@ -57,6 +75,21 @@ let
|
||||
"zpool destroy rpool",
|
||||
"udevadm settle",
|
||||
)
|
||||
|
||||
with subtest("boot.zfs.forceImportAll works"):
|
||||
machine.succeed(
|
||||
"rm /etc/hostid",
|
||||
"zgenhostid deadcafe",
|
||||
"zpool create forcepool /dev/vdb1 -O mountpoint=legacy",
|
||||
)
|
||||
machine.shutdown()
|
||||
machine.start()
|
||||
machine.succeed("udevadm settle")
|
||||
machine.fail("zpool import forcepool")
|
||||
machine.succeed(
|
||||
"systemctl start zfs-import-forcepool.service",
|
||||
"mount -t zfs forcepool /tmp/mnt",
|
||||
)
|
||||
'' + extraTest;
|
||||
|
||||
};
|
||||
|
@ -6,7 +6,7 @@
|
||||
, gettext
|
||||
, glib
|
||||
, gtk3
|
||||
, libhandy
|
||||
, libhandy_0
|
||||
, meson
|
||||
, ninja
|
||||
, pango
|
||||
@ -48,7 +48,7 @@ rustPlatform.buildRustPackage rec {
|
||||
dbus
|
||||
glib
|
||||
gtk3
|
||||
libhandy
|
||||
libhandy_0
|
||||
pango
|
||||
];
|
||||
|
||||
|
@ -3,7 +3,6 @@
|
||||
, fetchFromGitHub
|
||||
, qmake
|
||||
, qtbase
|
||||
, qtmultimedia
|
||||
, qttools
|
||||
, alsaSupport ? stdenv.hostPlatform.isLinux
|
||||
, alsaLib
|
||||
@ -19,20 +18,20 @@ let
|
||||
in
|
||||
mkDerivation rec {
|
||||
pname = "bambootracker";
|
||||
version = "0.4.4";
|
||||
version = "0.4.5";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "rerrahkr";
|
||||
repo = "BambooTracker";
|
||||
rev = "v${version}";
|
||||
sha256 = "0d0f4jqzknsiq725pvfndarfjg183f92rb0lim3wzshnsixr5vdc";
|
||||
sha256 = "0ibi0sykxf6cp5la2c4pgxf5gvy56yv259fbmdwdrdyv6vlddf42";
|
||||
};
|
||||
|
||||
sourceRoot = "source/BambooTracker";
|
||||
|
||||
nativeBuildInputs = [ qmake qttools ];
|
||||
|
||||
buildInputs = [ qtbase qtmultimedia ]
|
||||
buildInputs = [ qtbase ]
|
||||
++ optional alsaSupport alsaLib
|
||||
++ optional pulseSupport libpulseaudio
|
||||
++ optional jackSupport libjack2;
|
||||
|
@ -9,13 +9,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ft2-clone";
|
||||
version = "1.37";
|
||||
version = "1.40";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "8bitbubsy";
|
||||
repo = "ft2-clone";
|
||||
rev = "v${version}";
|
||||
sha256 = "1lhpzd46mpr3bq13qhd0bq724db5fhc8jplfb684c2q7sc4v92nk";
|
||||
sha256 = "0qc3hai6fhn4amk5ixmxx3yswsi25qpax0r9nvvnyhbcb6crqcs1";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
@ -10,7 +10,7 @@
|
||||
, python3
|
||||
, pkgconfig
|
||||
, glib
|
||||
, libhandy
|
||||
, libhandy_0
|
||||
, gtk3
|
||||
, dbus
|
||||
, openssl
|
||||
@ -48,7 +48,7 @@ rustPlatform.buildRustPackage rec {
|
||||
buildInputs = [
|
||||
glib
|
||||
gtk3
|
||||
libhandy
|
||||
libhandy_0
|
||||
dbus
|
||||
openssl
|
||||
sqlite
|
||||
|
@ -7,6 +7,7 @@
|
||||
, python3
|
||||
, gtk3
|
||||
, gst_all_1
|
||||
, libhandy
|
||||
, libsecret
|
||||
, libsoup
|
||||
, appstream-glib
|
||||
@ -24,7 +25,7 @@
|
||||
|
||||
python3.pkgs.buildPythonApplication rec {
|
||||
pname = "lollypop";
|
||||
version = "1.3.2";
|
||||
version = "1.4.5";
|
||||
|
||||
format = "other";
|
||||
doCheck = false;
|
||||
@ -33,7 +34,7 @@ python3.pkgs.buildPythonApplication rec {
|
||||
url = "https://gitlab.gnome.org/World/lollypop";
|
||||
rev = "refs/tags/${version}";
|
||||
fetchSubmodules = true;
|
||||
sha256 = "14854j1dhq67s1vzs0lqy345vbl6f5w8nb36n4i33fmpva2flsk3";
|
||||
sha256 = "1i5qcpp3fpkda08g6nkiiff8lsjmv5xsvpa0512kigq5z0lsagrx";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
@ -57,6 +58,7 @@ python3.pkgs.buildPythonApplication rec {
|
||||
gst-plugins-ugly
|
||||
gstreamer
|
||||
gtk3
|
||||
libhandy
|
||||
libsoup
|
||||
pango
|
||||
totem-pl-parser
|
||||
|
@ -11,6 +11,9 @@ stdenv.mkDerivation rec {
|
||||
pname = "musescore-darwin";
|
||||
version = concatStringsSep "." versionComponents;
|
||||
|
||||
# The disk image contains the .app and a symlink to /Applications.
|
||||
sourceRoot = "${appName}.app";
|
||||
|
||||
src = fetchurl {
|
||||
url = "ftp://ftp.osuosl.org/pub/musescore/releases/MuseScore-${concatStringsSep "." (take 3 versionComponents)}/MuseScore-${version}.dmg";
|
||||
sha256 = "19xkaxlkbrhvfip6n3iw6q7463ngr6y5gfisrpjqg2xl2igyl795";
|
||||
|
@ -17,13 +17,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "musikcube";
|
||||
version = "0.93.1";
|
||||
version = "0.95.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "clangen";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "05qsxyr7x8l0vlmn4yjg4gglxvcw9raf6vfzvblsl2ngsdsrnizy";
|
||||
sha256 = "16ksr4yjkg88bpij1i49dzi07ffhqq8b36r090y4fq5czrc420rc";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -11,11 +11,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ocenaudio";
|
||||
version = "3.9.2";
|
||||
version = "3.9.5";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://www.ocenaudio.com/downloads/index.php/ocenaudio_debian9_64.deb?version=${version}";
|
||||
sha256 = "1fvpba3dnzb7sm6gp0znbrima02ckfiy2zwb66x1gr05y9a56inv";
|
||||
sha256 = "13hvdfydlgp2qf49ddhdzghz5jkyx1rhnsj8sf8khfxf9k8phkjd";
|
||||
};
|
||||
|
||||
|
||||
|
@ -2,13 +2,13 @@
|
||||
|
||||
let
|
||||
pname = "plexamp";
|
||||
version = "3.2.0";
|
||||
version = "3.3.1";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://plexamp.plex.tv/plexamp.plex.tv/desktop/Plexamp-${version}.AppImage";
|
||||
sha256 = "R1BhobnwoU7oJ7bNes8kH2neXqHlMPbRCNjcHyzUPqo=";
|
||||
name="${pname}-${version}.AppImage";
|
||||
sha256 = "6/asP8VR+rJ52lKKds46gSw1or9suUEmyR75pjdWHIQ=";
|
||||
};
|
||||
|
||||
appimageContents = appimageTools.extractType2 {
|
||||
|
@ -9,13 +9,13 @@
|
||||
|
||||
mkDerivation rec {
|
||||
pname = "ptcollab";
|
||||
version = "0.3.4.1";
|
||||
version = "0.3.5";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "yuxshao";
|
||||
repo = "ptcollab";
|
||||
rev = "v${version}";
|
||||
sha256 = "0rjyhxfad864w84n0bxyhc1jjxhzwwdx26r6psba2582g90cv024";
|
||||
sha256 = "0mgn7lkpgj72hsybnnj0kpfyls4aha1qvv4nhdyclqdfbb6mldxg";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ qmake ];
|
||||
|
@ -18,8 +18,12 @@
|
||||
let
|
||||
pulseSources = runCommand "pulseaudio-sources" {} ''
|
||||
mkdir $out
|
||||
tar -xf ${pulseaudio.src}
|
||||
mv pulseaudio*/* $out/
|
||||
if [ -d ${pulseaudio.src} ]; then
|
||||
ln -s ${pulseaudio.src}/* $out/
|
||||
else
|
||||
tar -xf ${pulseaudio.src}
|
||||
mv pulseaudio*/* $out/
|
||||
fi
|
||||
'';
|
||||
|
||||
in stdenv.mkDerivation rec {
|
||||
@ -61,7 +65,7 @@ in stdenv.mkDerivation rec {
|
||||
|
||||
# Pulseaudio version is detected with a -rebootstrapped suffix which build system assumptions
|
||||
substituteInPlace config.h.in --replace PulseAudio_VERSION ${pulseaudio.version}
|
||||
substituteInPlace CMakeLists.txt --replace '${"\${PulseAudio_VERSION}"}' ${pulseaudio.version}
|
||||
substituteInPlace CMakeLists.txt --replace '${"\${PULSE_DIR}"}' ${pulseaudio.pulseDir}
|
||||
|
||||
# Fraunhofer recommends to enable afterburner but upstream has it set to false by default
|
||||
substituteInPlace src/modules/bluetooth/a2dp/a2dp_aac.c \
|
||||
@ -72,7 +76,7 @@ in stdenv.mkDerivation rec {
|
||||
for so in $out/lib/pulse-${pulseaudio.version}/modules/*.so; do
|
||||
orig_rpath=$(patchelf --print-rpath "$so")
|
||||
patchelf \
|
||||
--set-rpath "${ldacbt}/lib:${lib.getLib ffmpeg}/lib:$out/lib/pulse-${pulseaudio.version}/modules:$orig_rpath" \
|
||||
--set-rpath "${ldacbt}/lib:${lib.getLib ffmpeg}/lib:$out/${pulseaudio.pulseDir}/modules:$orig_rpath" \
|
||||
"$so"
|
||||
done
|
||||
'';
|
||||
|
@ -8,4 +8,4 @@ index 8d20dbf..63fe7ba 100644
|
||||
module-bluetooth-policy
|
||||
- LIBRARY DESTINATION ${PulseAudio_modlibexecdir})
|
||||
-
|
||||
+ LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/lib/pulse-${PulseAudio_VERSION}/modules/)
|
||||
+ LIBRARY DESTINATION ${CMAKE_INSTALL_PREFIX}/${PULSE_DIR}/modules/)
|
||||
|
@ -29,11 +29,11 @@
|
||||
# handle that.
|
||||
|
||||
mkDerivation rec {
|
||||
name = "qmmp-1.4.1";
|
||||
name = "qmmp-1.4.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
|
||||
sha256 = "0p18r2ri75vbyjzfa7bcl1dm372m6jvn9zj2p5ia2rh1g77fbm9a";
|
||||
sha256 = "1kvzw0n90crg3dgy8834qrjv0zb3ia5cny7virax9ax73y653jfa";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkgconfig ];
|
||||
|
@ -5,11 +5,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "qtractor";
|
||||
version = "0.9.15";
|
||||
version = "0.9.18";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz";
|
||||
sha256 = "0k7a6llwrzs07flr9mvzvay9ygc2x64syg8npyabsw5a4d85fwsx";
|
||||
sha256 = "121vmygdzp37p6f93f8dbbg2m2r55j7amyiapzkqgypgn4vfdbwr";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -8,7 +8,7 @@
|
||||
, glib
|
||||
, gst_all_1
|
||||
, gtk3
|
||||
, libhandy
|
||||
, libhandy_0
|
||||
, meson
|
||||
, ninja
|
||||
, openssl
|
||||
@ -53,7 +53,7 @@ rustPlatform.buildRustPackage rec {
|
||||
gdk-pixbuf
|
||||
glib
|
||||
gtk3
|
||||
libhandy
|
||||
libhandy_0
|
||||
openssl
|
||||
sqlite
|
||||
] ++ (with gst_all_1; [
|
||||
|
@ -1,19 +1,22 @@
|
||||
{ stdenv, fetchurl, cmake, pkgconfig, alsaLib, libjack2, qt4 }:
|
||||
{ mkDerivation, lib, fetchurl, cmake, pkg-config
|
||||
, qttools, qtx11extras, drumstick
|
||||
, docbook-xsl-nons
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
mkDerivation rec {
|
||||
pname = "vmpk";
|
||||
version = "0.5.1";
|
||||
version = "0.7.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/${pname}/${version}/${pname}-${version}.tar.bz2";
|
||||
sha256 = "11fqnxgs9hr9255d93n7lazxzjwn8jpmn23nywdksh0pb1ffvfrc";
|
||||
sha256 = "5oLrjQADg59Mxpb0CNLQAE574IOSYLDLJNaQ/9q2cMQ=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkgconfig ];
|
||||
nativeBuildInputs = [ cmake pkg-config qttools docbook-xsl-nons ];
|
||||
|
||||
buildInputs = [ alsaLib libjack2 qt4 ];
|
||||
buildInputs = [ qtx11extras drumstick ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
meta = with lib; {
|
||||
description = "Virtual MIDI Piano Keyboard";
|
||||
homepage = "http://vmpk.sourceforge.net/";
|
||||
license = licenses.gpl3Plus;
|
||||
|
@ -12,7 +12,7 @@
|
||||
, coreutils
|
||||
, libsoup
|
||||
, libsecret
|
||||
, libhandy
|
||||
, libhandy_0
|
||||
, wrapGAppsHook
|
||||
, libgpgerror
|
||||
, json-glib
|
||||
@ -53,7 +53,7 @@ stdenv.mkDerivation rec {
|
||||
glib
|
||||
gtk3
|
||||
libsecret
|
||||
libhandy
|
||||
libhandy_0
|
||||
libgpgerror
|
||||
json-glib
|
||||
];
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ergo";
|
||||
version = "3.3.5";
|
||||
version = "3.3.6";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/ergoplatform/ergo/releases/download/v${version}/ergo-${version}.jar";
|
||||
sha256 = "0bxzpwwb42bppqli3zggx3lah7g6kwmy6k6k6dinypj6x0bafqcg";
|
||||
sha256 = "1zi559ixjxxsrpvvjbxa1d0g96px3h9amjvy149sfhp7b8w5hhk3";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
@ -4,11 +4,11 @@ cups, vivaldi-ffmpeg-codecs, libpulseaudio, at-spi2-core }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "exodus";
|
||||
version = "20.10.23";
|
||||
version = "20.11.10";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://downloads.exodus.io/releases/${pname}-linux-x64-${version}.zip";
|
||||
sha256 = "083hcxljqg36ilpy6xa4j455ngpc775qgam0dbj26kg7sh33dz2c";
|
||||
sha256 = "1a7qrh5mdkqpz5cpk5jdq0s2cfrvn7ja76r5cmhs70ba1xnzd8rq";
|
||||
};
|
||||
|
||||
sourceRoot = ".";
|
||||
|
@ -1,41 +0,0 @@
|
||||
{ fetchFromGitHub, stdenv, db, boost, gmp, mpfr, qt4, qmake4Hook }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "0.8.6-2";
|
||||
pname = "freicoin";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "freicoin";
|
||||
repo = "freicoin";
|
||||
rev = "v${version}";
|
||||
sha256 = "1v1qwv4x5agjba82s1vknmdgq67y26wzdwbmwwqavv7f7y3y860h";
|
||||
};
|
||||
|
||||
enableParallelBuilding = false;
|
||||
|
||||
qmakeFlags = ["USE_UPNP=-"];
|
||||
|
||||
# I think that openssl and zlib are required, but come through other
|
||||
# packages
|
||||
|
||||
preBuild = "unset AR";
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cp freicoin-qt $out/bin
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ qmake4Hook ];
|
||||
buildInputs = [ db boost gmp mpfr qt4 ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Peer-to-peer currency with demurrage fee";
|
||||
homepage = "http://freicoi.in/";
|
||||
license = licenses.mit;
|
||||
maintainers = [ maintainers.viric ];
|
||||
platforms = platforms.linux;
|
||||
|
||||
# upstream doesn't support newer openssl versions, use 1.0.1 for testing
|
||||
broken = true;
|
||||
};
|
||||
}
|
@ -2,13 +2,13 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "go-ethereum";
|
||||
version = "1.9.23";
|
||||
version = "1.9.24";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ethereum";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0w65sln5l3sxwzxwjvyaial0m1kxhivhw8xwl5faxxxlk50rs4wm";
|
||||
sha256 = "0nrx5fwfij9wajd3lj76hh1yv4zg4q3jc76a76m22djn1njl0n5j";
|
||||
};
|
||||
|
||||
runVend = true;
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ stdenv, wrapQtAppsHook, makeDesktopItem
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, cmake, qttools, pkgconfig
|
||||
, qtbase, qtdeclarative, qtgraphicaleffects
|
||||
, qtmultimedia, qtxmlpatterns
|
||||
@ -27,13 +28,13 @@ in
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "monero-gui";
|
||||
version = "0.17.1.1";
|
||||
version = "0.17.1.4";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "monero-project";
|
||||
repo = "monero-gui";
|
||||
rev = "v${version}";
|
||||
sha256 = "0aqhp4rmqsgwjb875kgh6qwz0wyyiag1fksyic9cnhgg5j5y95nx";
|
||||
sha256 = "1ixjfdlvwr2an2s9jaql240bk7jpq5hhm5c4hww0bicyy3fp12ng";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
@ -58,7 +59,14 @@ stdenv.mkDerivation rec {
|
||||
chmod -R +w source/monero
|
||||
'';
|
||||
|
||||
patches = [ ./move-log-file.patch ];
|
||||
patches = [
|
||||
./move-log-file.patch
|
||||
# fix build failure due to invalid use of CMAKE_PREFIX_PATH
|
||||
(fetchpatch {
|
||||
url = "https://github.com/monero-project/monero-gui/commit/ef2be82c21b0934522ad8e110805b66f5948da1f.patch";
|
||||
sha256 = "1rhazk2xwa5dv1cmkrkq8yr08qxslg4k929cvlliabrx20kbr5z5";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# set monero-gui version
|
||||
|
@ -17,13 +17,13 @@ assert trezorSupport -> all (x: x!=null) [ libusb1 protobuf python3 ];
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "monero";
|
||||
version = "0.17.1.1";
|
||||
version = "0.17.1.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "monero-project";
|
||||
repo = "monero";
|
||||
rev = "v${version}";
|
||||
sha256 = "18x27dm24k04vx0yz57zi02rk0wrmbn4wr8alqf48dq6z9wr0fhp";
|
||||
sha256 = "1ddkdfd8i5q509qziwcx1f6nm8axs4a1ppzv2y5lgsqpq375if6j";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
|
||||
description = "Decentralized open source information registration and transfer system based on the Bitcoin cryptocurrency";
|
||||
homepage = "https://namecoin.org";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ doublec infinisil ];
|
||||
maintainers = with maintainers; [ infinisil ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
|
@ -5,23 +5,23 @@
|
||||
, llvmPackages
|
||||
, openssl
|
||||
, pkg-config
|
||||
, stdenv
|
||||
, systemd
|
||||
, darwin
|
||||
}:
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "openethereum";
|
||||
version = "3.0.1";
|
||||
version = "3.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "openethereum";
|
||||
repo = "openethereum";
|
||||
rev = "v${version}";
|
||||
sha256 = "08dkcrga1x18csh6pw6f54x5xwijppyjhg46cf4p452xc1l3a6ir";
|
||||
sha256 = "cs84Zz0nhagGDu5sDFTaFZF3SPEgJU8F4vGX7KLihOM=";
|
||||
};
|
||||
|
||||
cargoSha256 = "1xliragihwjfc5qmfm0ng519bw8a28m1w1yqcl9mpk8zywiybaah";
|
||||
|
||||
cargoPatches = [ ./lock.patch ];
|
||||
cargoSha256 = "6suNkHw1BbISb0MkYkUaD+mpUal+kn3y1SFVqzJFqJc=";
|
||||
|
||||
LIBCLANG_PATH = "${llvmPackages.libclang}/lib";
|
||||
nativeBuildInputs = [
|
||||
@ -31,7 +31,9 @@ rustPlatform.buildRustPackage rec {
|
||||
pkg-config
|
||||
];
|
||||
|
||||
buildInputs = [ openssl systemd ];
|
||||
buildInputs = [ openssl ]
|
||||
++ stdenv.lib.optionals stdenv.isLinux [ systemd ]
|
||||
++ stdenv.lib.optionals stdenv.isDarwin [ darwin.Security ];
|
||||
|
||||
cargoBuildFlags = [ "--features final" ];
|
||||
|
||||
@ -43,6 +45,6 @@ rustPlatform.buildRustPackage rec {
|
||||
homepage = "http://parity.io/ethereum";
|
||||
license = licenses.gpl3;
|
||||
maintainers = with maintainers; [ akru xrelkd ];
|
||||
platforms = platforms.linux;
|
||||
platforms = stdenv.lib.platforms.unix;
|
||||
};
|
||||
}
|
||||
|
@ -1,20 +0,0 @@
|
||||
--- /nix/store/hv764a65zmfzw5scjhz5839agv10da6x-source/Cargo.lock 1969-12-31 16:00:01.000000000 -0800
|
||||
+++ ./Cargo.lock 2020-07-31 21:30:31.146750066 -0700
|
||||
@@ -3113,7 +3113,7 @@
|
||||
|
||||
[[package]]
|
||||
name = "openethereum"
|
||||
-version = "3.0.0"
|
||||
+version = "3.0.1"
|
||||
dependencies = [
|
||||
"ansi_term",
|
||||
"atty",
|
||||
@@ -3562,7 +3562,7 @@
|
||||
|
||||
[[package]]
|
||||
name = "parity-version"
|
||||
-version = "3.0.0"
|
||||
+version = "3.0.1"
|
||||
dependencies = [
|
||||
"parity-bytes",
|
||||
"rlp",
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user