public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/nixos/nixpkgs

Browse Source
This commit is contained in:
Alexander Krupenkin 2018-03-27 22:46:46 +03:00
commit b2bc1902b9
No known key found for this signature in database
GPG Key ID: 0D0A7FA67911873E
558 changed files with 13264 additions and 7465 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitattributes vendored
View File

@ -11,3 +11,6 @@ doc/default.nix linguist-documentation=false
nixos/doc/** linguist-documentation
nixos/doc/default.nix linguist-documentation=false
nixos/modules/module-list.nix merge=union
# pkgs/top-level/all-packages.nix merge=union

1
.github/CODEOWNERS vendored
View File

@ -13,6 +13,7 @@
# Libraries
/lib @edolstra @nbp
/lib/systems @nbp @ericson2314
/lib/generators.nix @edolstra @nbp @Profpatsch
# Nixpkgs Internals
/default.nix @nbp

6
doc/.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
*.chapter.xml
*.section.xml
.version
out
manual-full.xml
highlightjs

96
doc/Makefile Normal file
View File

@ -0,0 +1,96 @@
MD_TARGETS=$(addsuffix .xml, $(basename $(wildcard ./*.md ./**/*.md)))
.PHONY: all
all: validate out/html/index.html out/epub/manual.epub
.PHONY: debug
debug:
nix-shell --run "xmloscopy --docbook5 ./manual.xml ./manual-full.xml"
.PHONY: clean
clean:
rm -f ${MD_TARGETS} .version manual-full.xml
rm -rf ./out/ ./highlightjs
.PHONY: validate
validate: manual-full.xml
jing "$$RNG" manual-full.xml
out/html/index.html: manual-full.xml style.css highlightjs
mkdir -p out/html
xsltproc ${xsltFlags} \
--nonet --xinclude \
--output $@ \
"$$XSL/docbook/xhtml/docbook.xsl" \
./manual-full.xml
mkdir -p out/html/highlightjs/
echo "document.onreadystatechange = function () { \
var listings = document.querySelectorAll('.programlisting, .screen'); \
for (i = 0; i < listings.length; ++i) { \
hljs.highlightBlock(listings[i]); \
} \
} " > out/html/highlightjs/loader.js
cp -r highlightjs out/html/
cp ./overrides.css out/html/
cp ./style.css out/html/style.css
mkdir -p out/html/images/callouts
cp "$$XSL/docbook/images/callouts/"*.svg out/html/images/callouts/
chmod u+w -R out/html/
out/epub/manual.epub: manual-full.xml
mkdir -p out/epub/scratch
xsltproc ${xsltFlags} --nonet \
--output out/epub/scratch/ \
"$$XSL/docbook/epub/docbook.xsl" \
./manual-full.xml
cp ./overrides.css out/epub/scratch/OEBPS
cp ./style.css out/epub/scratch/OEBPS
mkdir -p out/epub/scratch/OEBPS/images/callouts/
cp "$$XSL/docbook/images/callouts/"*.svg out/epub/scratch/OEBPS/images/callouts/
echo "application/epub+zip" > mimetype
zip -0Xq "out/epub/manual.epub" mimetype
rm mimetype
cd "out/epub/scratch/" && zip -Xr9D "../manual.epub" *
rm -rf "out/epub/scratch/"
highlightjs:
mkdir -p highlightjs
cp -r "$$HIGHLIGHTJS/highlight.pack.js" highlightjs/
cp -r "$$HIGHLIGHTJS/LICENSE" highlightjs/
cp -r "$$HIGHLIGHTJS/mono-blue.css" highlightjs/
manual-full.xml: ${MD_TARGETS} .version *.xml
xmllint --nonet --xinclude --noxincludenode manual.xml --output manual-full.xml
.version:
nix-instantiate --eval \
-E '(import ../lib).nixpkgsVersion' > .version
%.section.xml: %.section.md
pandoc $^ -w docbook+smart \
-f markdown+smart \
| sed -e 's|<ulink url=|<link xlink:href=|' \
-e 's|</ulink>|</link>|' \
-e 's|<sect. id=|<section xml:id=|' \
-e 's|</sect[0-9]>|</section>|' \
-e '1s| id=| xml:id=|' \
-e '1s|\(<[^ ]* \)|\1xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" |' \
| cat > $@
%.chapter.xml: %.chapter.md
pandoc $^ -w docbook+smart \
--top-level-division=chapter \
-f markdown+smart \
| sed -e 's|<ulink url=|<link xlink:href=|' \
-e 's|</ulink>|</link>|' \
-e 's|<sect. id=|<section xml:id=|' \
-e 's|</sect[0-9]>|</section>|' \
-e '1s| id=| xml:id=|' \
-e '1s|\(<[^ ]* \)|\1|' \
| cat > $@

23
doc/contributing.xml
View File

@ -6,12 +6,27 @@
<para>The DocBook sources of the Nixpkgs manual are in the <filename
xlink:href="https://github.com/NixOS/nixpkgs/tree/master/doc">doc</filename>
subdirectory of the Nixpkgs repository. If you make modifications to
the manual, it's important to build it before committing. You can do that as follows:
subdirectory of the Nixpkgs repository.</para>
<para>You can quickly check your edits with <command>make</command>:</para>
<screen>
$ cd /path/to/nixpkgs
$ nix-build doc
$ cd /path/to/nixpkgs/doc
$ nix-shell
[nix-shell]$ make
</screen>
<para>If you experience problems, run <command>make debug</command>
to help understand the docbook errors.</para>
<para>After making modifications to the manual, it's important to
build it before committing. You can do that as follows:
<screen>
$ cd /path/to/nixpkgs/doc
$ nix-shell
[nix-shell]$ make clean
[nix-shell]$ nix-build .
</screen>
If the build succeeds, the manual will be in

135
doc/default.nix
View File

@ -7,116 +7,41 @@ in
pkgs.stdenv.mkDerivation {
name = "nixpkgs-manual";
buildInputs = with pkgs; [ pandoc libxml2 libxslt zip jing ];
buildInputs = with pkgs; [ pandoc libxml2 libxslt zip ];
src = ./.;
xsltFlags = ''
--param section.autolabel 1
--param section.label.includes.component.label 1
--param html.stylesheet 'style.css'
--param xref.with.number.and.title 1
--param toc.section.depth 3
--param admon.style '''
--param callout.graphics.extension '.gif'
# Hacking on these variables? Make sure to close and open
# nix-shell between each test, maybe even:
# $ nix-shell --run "make clean all"
# otherwise they won't reapply :)
HIGHLIGHTJS = pkgs.documentation-highlighter;
XSL = "${pkgs.docbook5_xsl}/xml/xsl";
RNG = "${pkgs.docbook5}/xml/rng/docbook/docbook.rng";
xsltFlags = lib.concatStringsSep " " [
"--param section.autolabel 1"
"--param section.label.includes.component.label 1"
"--stringparam html.stylesheet 'style.css overrides.css highlightjs/mono-blue.css'"
"--stringparam html.script './highlightjs/highlight.pack.js ./highlightjs/loader.js'"
"--param xref.with.number.and.title 1"
"--param toc.section.depth 3"
"--stringparam admon.style ''"
"--stringparam callout.graphics.extension .svg"
];
postPatch = ''
echo ${lib.nixpkgsVersion} > .version
'';
installPhase = ''
dest="$out/share/doc/nixpkgs"
mkdir -p "$(dirname "$dest")"
mv out/html "$dest"
mv "$dest/index.html" "$dest/manual.html"
buildCommand = let toDocbook = { useChapters ? false, inputFile, outputFile }:
let
extraHeader = lib.optionalString (!useChapters)
''xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" '';
in ''
{
pandoc '${inputFile}' -w docbook+smart ${lib.optionalString useChapters "--top-level-division=chapter"} \
-f markdown+smart \
| sed -e 's|<ulink url=|<link xlink:href=|' \
-e 's|</ulink>|</link>|' \
-e 's|<sect. id=|<section xml:id=|' \
-e 's|</sect[0-9]>|</section>|' \
-e '1s| id=| xml:id=|' \
-e '1s|\(<[^ ]* \)|\1${extraHeader}|'
} > '${outputFile}'
'';
in
mv out/epub/manual.epub "$dest/nixpkgs-manual.epub"
''
ln -s '${sources}/'*.xml .
mkdir ./languages-frameworks
cp -s '${sources-langs}'/* ./languages-frameworks
''
+ toDocbook {
inputFile = ./introduction.md;
outputFile = "introduction.xml";
useChapters = true;
}
+ toDocbook {
inputFile = ./shell.md;
outputFile = "shell.xml";
}
+ toDocbook {
inputFile = ./languages-frameworks/python.md;
outputFile = "./languages-frameworks/python.xml";
}
+ toDocbook {
inputFile = ./languages-frameworks/haskell.md;
outputFile = "./languages-frameworks/haskell.xml";
}
+ toDocbook {
inputFile = ../pkgs/development/idris-modules/README.md;
outputFile = "languages-frameworks/idris.xml";
}
+ toDocbook {
inputFile = ../pkgs/development/node-packages/README.md;
outputFile = "languages-frameworks/node.xml";
}
+ toDocbook {
inputFile = ../pkgs/development/r-modules/README.md;
outputFile = "languages-frameworks/r.xml";
}
+ toDocbook {
inputFile = ./languages-frameworks/rust.md;
outputFile = "./languages-frameworks/rust.xml";
}
+ toDocbook {
inputFile = ./languages-frameworks/vim.md;
outputFile = "./languages-frameworks/vim.xml";
}
+ toDocbook {
inputFile = ./languages-frameworks/emscripten.md;
outputFile = "./languages-frameworks/emscripten.xml";
}
+ ''
echo ${lib.nixpkgsVersion} > .version
# validate against relaxng schema
xmllint --nonet --xinclude --noxincludenode manual.xml --output manual-full.xml
${pkgs.jing}/bin/jing ${pkgs.docbook5}/xml/rng/docbook/docbook.rng manual-full.xml
dst=$out/share/doc/nixpkgs
mkdir -p $dst
xsltproc $xsltFlags --nonet --xinclude \
--output $dst/manual.html \
${pkgs.docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
./manual.xml
cp ${./style.css} $dst/style.css
mkdir -p $dst/images/callouts
cp "${pkgs.docbook5_xsl}/xml/xsl/docbook/images/callouts/"*.gif $dst/images/callouts/
mkdir -p $out/nix-support
echo "doc manual $dst manual.html" >> $out/nix-support/hydra-build-products
xsltproc $xsltFlags --nonet --xinclude \
--output $dst/epub/ \
${pkgs.docbook5_xsl}/xml/xsl/docbook/epub/docbook.xsl \
./manual.xml
cp -r $dst/images $dst/epub/OEBPS
echo "application/epub+zip" > mimetype
manual="$dst/nixpkgs-manual.epub"
zip -0Xq "$manual" mimetype
cd $dst/epub && zip -Xr9D "$manual" *
rm -rf $dst/epub
mkdir -p $out/nix-support/
echo "doc manual $dest manual.html" >> $out/nix-support/hydra-build-products
'';
}

0
doc/introduction.md → doc/introduction.chapter.md
View File

0
doc/languages-frameworks/emscripten.md → doc/languages-frameworks/emscripten.section.md
View File

0
doc/languages-frameworks/haskell.md → doc/languages-frameworks/haskell.section.md
View File

39
doc/languages-frameworks/idris.section.md Normal file
View File

@ -0,0 +1,39 @@
Idris packages
==============
This directory contains build rules for idris packages. In addition,
it contains several functions to build and compose those packages.
Everything is exposed to the user via the `idrisPackages` attribute.
callPackage
------------
This is like the normal nixpkgs callPackage function, specialized to
idris packages.
builtins
---------
This is a list of all of the libraries that come packaged with Idris
itself.
build-idris-package
--------------------
A function to build an idris package. Its sole argument is a set like
you might pass to `stdenv.mkDerivation`, except `build-idris-package`
sets several attributes for you. See `build-idris-package.nix` for
details.
build-builtin-package
----------------------
A version of `build-idris-package` specialized to builtin libraries.
Mostly for internal use.
with-packages
-------------
Bundle idris together with a list of packages. Because idris currently
only supports a single directory in its library path, you must include
all desired libraries here, including `prelude` and `base`.

16
doc/languages-frameworks/index.xml
View File

@ -17,20 +17,20 @@ such as Perl or Haskell. These are described in this chapter.</para>
<xi:include href="bower.xml" />
<xi:include href="coq.xml" />
<xi:include href="go.xml" />
<xi:include href="haskell.xml" />
<xi:include href="idris.xml" /> <!-- generated from ../../pkgs/development/idris-modules/README.md -->
<xi:include href="haskell.section.xml" />
<xi:include href="idris.section.xml" />
<xi:include href="java.xml" />
<xi:include href="lua.xml" />
<xi:include href="node.xml" /> <!-- generated from ../../pkgs/development/node-packages/README.md -->
<xi:include href="node.section.xml" />
<xi:include href="perl.xml" />
<xi:include href="python.xml" />
<xi:include href="python.section.xml" />
<xi:include href="qt.xml" />
<xi:include href="r.xml" /> <!-- generated from ../../pkgs/development/r-modules/README.md -->
<xi:include href="r.section.xml" />
<xi:include href="ruby.xml" />
<xi:include href="rust.xml" />
<xi:include href="rust.section.xml" />
<xi:include href="texlive.xml" />
<xi:include href="vim.xml" />
<xi:include href="emscripten.xml" />
<xi:include href="vim.section.xml" />
<xi:include href="emscripten.section.xml" />
</chapter>

51
doc/languages-frameworks/node.section.md Normal file
View File

@ -0,0 +1,51 @@
Node.js packages
================
The `pkgs/development/node-packages` folder contains a generated collection of
[NPM packages](https://npmjs.com/) that can be installed with the Nix package
manager.
As a rule of thumb, the package set should only provide *end user* software
packages, such as command-line utilities. Libraries should only be added to the
package set if there is a non-NPM package that requires it.
When it is desired to use NPM libraries in a development project, use the
`node2nix` generator directly on the `package.json` configuration file of the
project.
The package set also provides support for multiple Node.js versions. The policy
is that a new package should be added to the collection for the latest stable LTS
release (which is currently 6.x), unless there is an explicit reason to support
a different release.
If your package uses native addons, you need to examine what kind of native
build system it uses. Here are some examples:
* `node-gyp`
* `node-gyp-builder`
* `node-pre-gyp`
After you have identified the correct system, you need to override your package
expression while adding in build system as a build input. For example, `dat`
requires `node-gyp-build`, so we override its expression in `default-v6.nix`:
```nix
dat = nodePackages.dat.override (oldAttrs: {
buildInputs = oldAttrs.buildInputs ++ [ nodePackages.node-gyp-build ];
});
```
To add a package from NPM to nixpkgs:
1. Modify `pkgs/development/node-packages/node-packages-v6.json` to add, update
or remove package entries. (Or `pkgs/development/node-packages/node-packages-v4.json`
for packages depending on Node.js 4.x)
2. Run the script: `(cd pkgs/development/node-packages && ./generate.sh)`.
3. Build your new package to test your changes:
`cd /path/to/nixpkgs && nix-build -A nodePackages.<new-or-updated-package>`.
To build against a specific Node.js version (e.g. 4.x):
`nix-build -A nodePackages_4_x.<new-or-updated-package>`
4. Add and commit all modified and generated files.
For more information about the generation process, consult the
[README.md](https://github.com/svanderburg/node2nix) file of the `node2nix`
tool.

0
doc/languages-frameworks/python.md → doc/languages-frameworks/python.section.md
View File

120
doc/languages-frameworks/r.section.md Normal file
View File

@ -0,0 +1,120 @@
R packages
==========
## Installation
Define an environment for R that contains all the libraries that you'd like to
use by adding the following snippet to your $HOME/.config/nixpkgs/config.nix file:
```nix
{
packageOverrides = super: let self = super.pkgs; in
{
rEnv = super.rWrapper.override {
packages = with self.rPackages; [
devtools
ggplot2
reshape2
yaml
optparse
];
};
};
}
```
Then you can use `nix-env -f "<nixpkgs>" -iA rEnv` to install it into your user
profile. The set of available libraries can be discovered by running the
command `nix-env -f "<nixpkgs>" -qaP -A rPackages`. The first column from that
output is the name that has to be passed to rWrapper in the code snipped above.
However, if you'd like to add a file to your project source to make the
environment available for other contributors, you can create a `default.nix`
file like so:
```nix
let
pkgs = import <nixpkgs> {};
stdenv = pkgs.stdenv;
in with pkgs; {
myProject = stdenv.mkDerivation {
name = "myProject";
version = "1";
src = if pkgs.lib.inNixShell then null else nix;
buildInputs = with rPackages; [
R
ggplot2
knitr
];
};
}
```
and then run `nix-shell .` to be dropped into a shell with those packages
available.
## RStudio
RStudio uses a standard set of packages and ignores any custom R
environments or installed packages you may have. To create a custom
environment, see `rstudioWrapper`, which functions similarly to
`rWrapper`:
```nix
{
packageOverrides = super: let self = super.pkgs; in
{
rstudioEnv = super.rstudioWrapper.override {
packages = with self.rPackages; [
dplyr
ggplot2
reshape2
];
};
};
}
```
Then like above, `nix-env -f "<nixpkgs>" -iA rstudioEnv` will install
this into your user profile.
Alternatively, you can create a self-contained `shell.nix` without the need to
modify any configuration files:
```nix
{ pkgs ? import <nixpkgs> {}
}:
pkgs.rstudioWrapper.override {
packages = with pkgs.rPackages; [ dplyr ggplot2 reshape2 ];
}
```
Executing `nix-shell` will then drop you into an environment equivalent to the
one above. If you need additional packages just add them to the list and
re-enter the shell.
## Updating the package set
```bash
nix-shell generate-shell.nix
Rscript generate-r-packages.R cran > cran-packages.nix.new
mv cran-packages.nix.new cran-packages.nix
Rscript generate-r-packages.R bioc > bioc-packages.nix.new
mv bioc-packages.nix.new bioc-packages.nix
```
`generate-r-packages.R <repo>` reads `<repo>-packages.nix`, therefor the renaming.
## Testing if the Nix-expression could be evaluated
```bash
nix-build test-evaluation.nix --dry-run
```
If this exits fine, the expression is ok. If not, you have to edit `default.nix`

0
doc/languages-frameworks/rust.md → doc/languages-frameworks/rust.section.md
View File

0
doc/languages-frameworks/vim.md → doc/languages-frameworks/vim.section.md
View File

2
doc/manual.xml
View File

@ -9,7 +9,7 @@
</info>
<xi:include href="introduction.xml" />
<xi:include href="introduction.chapter.xml" />
<xi:include href="quick-start.xml" />
<xi:include href="stdenv.xml" />
<xi:include href="multiple-output.xml" />

8
doc/overrides.css Normal file
View File

@ -0,0 +1,8 @@
.programlisting img {
width: 1em;
}
.calloutlist img {
width: 1.5em;
}

4
doc/shell.nix Normal file
View File

@ -0,0 +1,4 @@
{ pkgs ? import ../. {} }:
(import ./default.nix).overrideAttrs (x: {
buildInputs = x.buildInputs ++ [ pkgs.xmloscopy ];
})

2
doc/shell.md → doc/shell.section.md
View File

@ -4,6 +4,8 @@ author: zimbatm
date: 2017-10-30
---
# mkShell
pkgs.mkShell is a special kind of derivation that is only useful when using
it combined with nix-shell. It will in fact fail to instantiate when invoked
with nix-build.

3
doc/style.css
View File

@ -104,7 +104,7 @@ pre.screen, pre.programlisting
padding: 3px 3px;
margin-left: 1.5em;
margin-right: 1.5em;
color: #600000;
background: #f4f4f8;
font-family: monospace;
border-radius: 0.4em;
@ -118,7 +118,6 @@ div.example pre.programlisting
margin: 0 0 0 0;
}
/***************************************************************************
Notes, warnings etc:
***************************************************************************/

2
lib/licenses.nix
View File

@ -284,7 +284,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
gpl2Oss = {
fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)";
url = http://www.mysql.com/about/legal/licensing/foss-exception;
url = https://www.mysql.com/about/legal/licensing/foss-exception;
};
gpl2Plus = spdx {

2
lib/meta.nix
View File

@ -86,4 +86,6 @@ rec {
then { system = elem; }
else { parsed = elem; };
in lib.matchAttrs pattern platform;
enableIfAvailable = p: if p.meta.available or true then [ p ] else [];
}

1
lib/systems/for-meta.nix
View File

@ -13,6 +13,7 @@ in rec {
i686 = [ patterns.isi686 ];
x86_64 = [ patterns.isx86_64 ];
mips = [ patterns.isMips ];
riscv = [ patterns.isRiscV ];
cygwin = [ patterns.isCygwin ];
darwin = [ patterns.isDarwin ];

4
lib/systems/inspect.nix
View File

@ -39,12 +39,8 @@ rec {
isAndroid = [ { abi = abis.android; } { abi = abis.androideabi; } ];
isMusl = with abis; map (a: { abi = a; }) [ musl musleabi musleabihf ];
isKexecable = map (family: { kernel = kernels.linux; cpu.family = family; })
[ "x86" "arm" "aarch64" "mips" ];
isEfi = map (family: { cpu.family = family; })
[ "x86" "arm" "aarch64" ];
isSeccomputable = map (family: { kernel = kernels.linux; cpu.family = family; })
[ "x86" "arm" "aarch64" "mips" ];
};
matchAnyAttrs = patterns:

5
maintainers/maintainer-list.nix
View File

@ -572,6 +572,11 @@
github = "bergey";
name = "Daniel Bergey";
};
bgamari = {
email = "ben@smart-cactus.org";
github = "bgamari";
name = "Ben Gamari";
};
bhipple = {
email = "bhipple@protonmail.com";
github = "bhipple";

37
nixos/doc/manual/release-notes/rl-1803.xml
View File

@ -322,6 +322,43 @@ following incompatible changes:</para>
<link xlink:href="https://github.com/rvl/pump.io-nixos">external module</link>.
</para>
</listitem>
<listitem>
<para>
The Prosody XMPP server has received a major update. The following modules were renamed:
<itemizedlist>
<listitem>
<para>
<option>services.prosody.modules.httpserver</option> is now <option>services.prosody.modules.http_files</option>
</para>
</listitem>
<listitem>
<para>
<option>services.prosody.modules.console</option> is now <option>services.prosody.modules.admin_telnet</option>
</para>
</listitem>
</itemizedlist>
</para>
<para>
Many new modules are now core modules, most notably <option>services.prosody.modules.carbons</option>
and <option>services.prosody.modules.mam</option>.
</para>
<para>
The better-performing <literal>libevent</literal> backend is now enabled by default.
</para>
<para>
<literal>withCommunityModules</literal> now passes through the modules to <option>services.prosody.extraModules</option>.
Use <literal>withOnlyInstalledCommunityModules</literal> for modules that should not be enabled directly, e.g <literal>lib_ldap</literal>.
</para>
</listitem>
<listitem>
<para>
All prometheus exporter modules are now defined as submodules.
The exporters are configured using <literal>services.prometheus.exporters</literal>.
</para>
</listitem>
</itemizedlist>
</section>

1
nixos/modules/config/no-x-libs.nix
View File

@ -32,7 +32,6 @@ with lib;
networkmanager-l2tp = pkgs.networkmanager-l2tp.override { withGnome = false; };
networkmanager-openconnect = pkgs.networkmanager-openconnect.override { withGnome = false; };
networkmanager-openvpn = pkgs.networkmanager-openvpn.override { withGnome = false; };
networkmanager-pptp = pkgs.networkmanager-pptp.override { withGnome = false; };
networkmanager-vpnc = pkgs.networkmanager-vpnc.override { withGnome = false; };
networkmanager-iodine = pkgs.networkmanager-iodine.override { withGnome = false; };
pinentry = pkgs.pinentry_ncurses;

2
nixos/modules/hardware/video/nvidia.nix
View File

@ -16,8 +16,6 @@ let
kernelPackages.nvidia_x11
else if elem "nvidiaBeta" drivers then
kernelPackages.nvidia_x11_beta
else if elem "nvidiaLegacy173" drivers then
kernelPackages.nvidia_x11_legacy173
else if elem "nvidiaLegacy304" drivers then
kernelPackages.nvidia_x11_legacy304
else if elem "nvidiaLegacy340" drivers then

4
nixos/modules/misc/ids.nix
View File

@ -106,7 +106,7 @@
freenet = 79;
ircd = 80;
bacula = 81;
almir = 82;
#almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
deluge = 83;
mysql = 84;
rabbitmq = 85;
@ -393,7 +393,7 @@
freenet = 79;
ircd = 80;
bacula = 81;
almir = 82;
#almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
deluge = 83;
mysql = 84;
rabbitmq = 85;

14
nixos/modules/module-list.nix
View File

@ -158,7 +158,6 @@
./services/audio/slimserver.nix
./services/audio/squeezelite.nix
./services/audio/ympd.nix
./services/backup/almir.nix
./services/backup/bacula.nix
./services/backup/borgbackup.nix
./services/backup/crashplan.nix
@ -363,6 +362,7 @@
./services/misc/rippled.nix
./services/misc/ripple-data-api.nix
./services/misc/rogue.nix
./services/misc/serviio.nix
./services/misc/siproxd.nix
./services/misc/snapper.nix
./services/misc/sonarr.nix
@ -398,16 +398,7 @@
./services/monitoring/osquery.nix
./services/monitoring/prometheus/default.nix
./services/monitoring/prometheus/alertmanager.nix
./services/monitoring/prometheus/blackbox-exporter.nix
./services/monitoring/prometheus/collectd-exporter.nix
./services/monitoring/prometheus/fritzbox-exporter.nix
./services/monitoring/prometheus/json-exporter.nix
./services/monitoring/prometheus/minio-exporter.nix
./services/monitoring/prometheus/nginx-exporter.nix
./services/monitoring/prometheus/node-exporter.nix
./services/monitoring/prometheus/snmp-exporter.nix
./services/monitoring/prometheus/unifi-exporter.nix
./services/monitoring/prometheus/varnish-exporter.nix
./services/monitoring/prometheus/exporters.nix
./services/monitoring/riemann.nix
./services/monitoring/riemann-dash.nix
./services/monitoring/riemann-tools.nix
@ -640,7 +631,6 @@
./services/web-apps/atlassian/jira.nix
./services/web-apps/frab.nix
./services/web-apps/mattermost.nix
./services/web-apps/nixbot.nix
./services/web-apps/nexus.nix
./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/matomo.nix

8
nixos/modules/rename.nix
View File

@ -240,5 +240,11 @@ with lib;
# Xen
(mkRenamedOptionModule [ "virtualisation" "xen" "qemu-package" ] [ "virtualisation" "xen" "package-qemu" ])
];
] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
"snmpExporter" "unifiExporter" "varnishExporter" ]
(opt: mkRemovedOptionModule [ "services" "prometheus" "${opt}" ] ''
The prometheus exporters are now configured using `services.prometheus.exporters'.
See the 18.03 release notes for more information.
'' ));
}

10
nixos/modules/security/acme.nix
View File

@ -140,14 +140,6 @@ in
'';
};
tosHash = mkOption {
type = types.string;
default = "cc88d8d9517f490191401e7b54e9ffd12a2b9082ec7a1d4cec6101f9f1647e7b";
description = ''
SHA256 of the Terms of Services document. This changes once in a while.
'';
};
production = mkOption {
type = types.bool;
default = true;
@ -196,7 +188,7 @@ in
let
cpath = "${cfg.directory}/${cert}";
rights = if data.allowKeysForGroup then "750" else "700";
cmdline = [ "-v" "-d" data.domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ]
cmdline = [ "-v" "-d" data.domain "--default_root" data.webroot "--valid_min" cfg.validMin ]
++ optionals (data.email != null) [ "--email" data.email ]
++ concatMap (p: [ "-f" p ]) data.plugins
++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains)

173
nixos/modules/services/backup/almir.nix
View File

@ -1,173 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.almir;
bconsoleconf = pkgs.writeText "bconsole.conf"
''
Director {
Name = ${cfg.director_name}
DIRport = ${toString cfg.director_port}
address = ${cfg.director_address}
Password = "${cfg.director_password}"
}
'';
productionini = pkgs.writeText "production.ini"
''
[app:main]
use = egg:almir
pyramid.reload_templates = false
pyramid.debug_authorization = false
pyramid.debug_notfound = false
pyramid.debug_routematch = false
pyramid.debug_templates = false
pyramid.default_locale_name = en
pyramid.includes =
pyramid_exclog
exclog.extra_info = true
sqlalchemy.url = ${cfg.sqlalchemy_engine_url}
timezone = ${cfg.timezone}
bconsole_config = ${bconsoleconf}
[server:main]
use = egg:waitress#main
host = 127.0.0.1
port = ${toString cfg.port}
# Begin logging configuration
[loggers]
keys = root, almir, sqlalchemy, exc_logger
[handlers]
keys = console
[formatters]
keys = generic
[logger_root]
level = WARN
handlers = console
[logger_almir]
level = WARN
handlers =
qualname = almir
[logger_exc_logger]
level = ERROR
handlers =
qualname = exc_logger
[logger_sqlalchemy]
level = WARN
handlers =
qualname = sqlalchemy.engine
# "level = INFO" logs SQL queries.
# "level = DEBUG" logs SQL queries and results.
# "level = WARN" logs neither. (Recommended for production systems.)
[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic
[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s
'';
in {
options = {
services.almir = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable Almir web server. Also configures postgresql database and installs bacula.
'';
};
port = mkOption {
default = 35000;
type = types.int;
description = ''
Port for Almir web server to listen on.
'';
};
timezone = mkOption {
description = ''
Timezone as specified in https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
'';
example = "Europe/Ljubljana";
};
sqlalchemy_engine_url = mkOption {
default = "postgresql:///bacula";
example = ''
postgresql://bacula:bacula@localhost:5432/bacula
mysql+mysqlconnector://<user>:<password>@<hostname>/<database>'
sqlite:////var/lib/bacula/bacula.db'
'';
description = ''
Define SQL database connection to bacula catalog as specified in http://docs.sqlalchemy.org/en/latest/core/engines.html#database-urls
'';
};
director_name = mkOption {
description = ''
Name of the Director to connect with bconsole.
'';
};
director_password = mkOption {
description = ''
Password for Director to connect with bconsole.
'';
};
director_port = mkOption {
default = 9101;
type = types.int;
description = ''
Port for Director to connect with bconsole.
'';
};
director_address = mkOption {
default = "127.0.0.1";
description = ''
IP/Hostname for Director to connect with bconsole.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.almir = {
after = [ "network.target" "postgresql.service" ];
description = "Almir web app";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.pythonPackages.almir ];
environment.PYTHONPATH = "${pkgs.pythonPackages.almir}/lib/${pkgs.pythonPackages.python.libPrefix}/site-packages";
serviceConfig.ExecStart = "${pkgs.pythonPackages.pyramid}/bin/pserve ${productionini}";
};
environment.systemPackages = [ pkgs.pythonPackages.almir ];
users.extraUsers.almir = {
group = "almir";
uid = config.ids.uids.almir;
createHome = true;
shell = "${pkgs.bash}/bin/bash";
};
users.extraGroups.almir.gid = config.ids.gids.almir;
};
}

67
nixos/modules/services/backup/tarsnap.nix
View File

@ -238,6 +238,20 @@ in
Whether to produce verbose logging output.
'';
};
explicitSymlinks = mkOption {
type = types.bool;
default = false;
description = ''
Whether to follow symlinks specified as archives.
'';
};
followSymlinks = mkOption {
type = types.bool;
default = false;
description = ''
Whether to follow all symlinks in archive trees.
'';
};
};
}
));
@ -285,12 +299,12 @@ in
}) gcfg.archives);
systemd.services =
mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" {
(mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" {
description = "Tarsnap archive '${name}'";
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
path = [ pkgs.iputils pkgs.tarsnap pkgs.utillinux ];
path = with pkgs; [ iputils tarsnap utillinux ];
# In order for the persistent tarsnap timer to work reliably, we have to
# make sure that the tarsnap server is reachable after systemd starts up
@ -300,10 +314,12 @@ in
while ! ping -q -c 1 v1-0-0-server.tarsnap.com &> /dev/null; do sleep 3; done
'';
script =
let run = ''tarsnap --configfile "/etc/tarsnap/${name}.conf" \
-c -f "${name}-$(date +"%Y%m%d%H%M%S")" \
script = let
tarsnap = ''tarsnap --configfile "/etc/tarsnap/${name}.conf"'';
run = ''${tarsnap} -c -f "${name}-$(date +"%Y%m%d%H%M%S")" \
${optionalString cfg.verbose "-v"} \
${optionalString cfg.explicitSymlinks "-H"} \
${optionalString cfg.followSymlinks "-L"} \
${concatStringsSep " " cfg.directories}'';
in if (cfg.cachedir != null) then ''
mkdir -p ${cfg.cachedir}
@ -313,7 +329,7 @@ in
if [ ! -e ${cfg.cachedir}/firstrun ]; then
( flock 10
flock -u 9
tarsnap --configfile "/etc/tarsnap/${name}.conf" --fsck
${tarsnap} --fsck
flock 9
) 10>${cfg.cachedir}/firstrun
fi
@ -329,7 +345,44 @@ in
CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ];
PermissionsStartOnly = "true";
};
}) gcfg.archives;
}) gcfg.archives) //
(mapAttrs' (name: cfg: nameValuePair "tarsnap-restore-${name}"{
description = "Tarsnap restore '${name}'";
requires = [ "network-online.target" ];
path = with pkgs; [ iputils tarsnap utillinux ];
script = let
tarsnap = ''tarsnap --configfile "/etc/tarsnap/${name}.conf"'';
lastArchive = ''$(${tarsnap} --list-archives | sort | tail -1)'';
run = ''${tarsnap} -x -f "${lastArchive}" ${optionalString cfg.verbose "-v"}'';
in if (cfg.cachedir != null) then ''
mkdir -p ${cfg.cachedir}
chmod 0700 ${cfg.cachedir}
( flock 9
if [ ! -e ${cfg.cachedir}/firstrun ]; then
( flock 10
flock -u 9
${tarsnap} --fsck
flock 9
) 10>${cfg.cachedir}/firstrun
fi
) 9>${cfg.cachedir}/lockf
exec flock ${cfg.cachedir}/firstrun ${run}
'' else "exec ${run}";
serviceConfig = {
Type = "oneshot";
IOSchedulingClass = "idle";
NoNewPrivileges = "true";
CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ];
PermissionsStartOnly = "true";
};
}) gcfg.archives);
# Note: the timer must be Persistent=true, so that systemd will start it even
# if e.g. your laptop was asleep while the latest interval occurred.

2
nixos/modules/services/backup/znapzend.nix
View File

@ -386,7 +386,7 @@ in
echo Resetting znapzend zetups
${pkgs.znapzend}/bin/znapzendzetup list \
| grep -oP '(?<=\*\*\* backup plan: ).*(?= \*\*\*)' \
| xargs ${pkgs.znapzend}/bin/znapzendzetup delete
| xargs -I{} ${pkgs.znapzend}/bin/znapzendzetup delete "{}"
'' + concatStringsSep "\n" (mapAttrsToList (dataset: config: ''
echo Importing znapzend zetup ${config} for dataset ${dataset}
${pkgs.znapzend}/bin/znapzendzetup import --write ${dataset} ${config}

12
nixos/modules/services/cluster/kubernetes/default.nix
View File

@ -279,7 +279,7 @@ in {
tokenAuthFile = mkOption {
description = ''
Kubernetes apiserver token authentication file. See
<link xlink:href="http://kubernetes.io/docs/admin/authentication.html"/>
<link xlink:href="https://kubernetes.io/docs/admin/authentication.html"/>
'';
default = null;
type = types.nullOr types.path;
@ -288,7 +288,7 @@ in {
basicAuthFile = mkOption {
description = ''
Kubernetes apiserver basic authentication file. See
<link xlink:href="http://kubernetes.io/docs/admin/authentication.html"/>
<link xlink:href="https://kubernetes.io/docs/admin/authentication.html"/>
'';
default = pkgs.writeText "users" ''
kubernetes,admin,0
@ -299,7 +299,7 @@ in {
authorizationMode = mkOption {
description = ''
Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/RBAC). See
<link xlink:href="http://kubernetes.io/docs/admin/authorization.html"/>
<link xlink:href="https://kubernetes.io/docs/admin/authorization.html"/>
'';
default = ["RBAC" "Node"];
type = types.listOf (types.enum ["AlwaysAllow" "AlwaysDeny" "ABAC" "RBAC" "Node"]);
@ -308,7 +308,7 @@ in {
authorizationPolicy = mkOption {
description = ''
Kubernetes apiserver authorization policy file. See
<link xlink:href="http://kubernetes.io/docs/admin/authorization.html"/>
<link xlink:href="https://kubernetes.io/docs/admin/authorization.html"/>
'';
default = [];
type = types.listOf types.attrs;
@ -332,7 +332,7 @@ in {
runtimeConfig = mkOption {
description = ''
Api runtime configuration. See
<link xlink:href="http://kubernetes.io/docs/admin/cluster-management.html"/>
<link xlink:href="https://kubernetes.io/docs/admin/cluster-management.html"/>
'';
default = "authentication.k8s.io/v1beta1=true";
example = "api/all=false,api/v1=true";
@ -342,7 +342,7 @@ in {
admissionControl = mkOption {
description = ''
Kubernetes admission control plugins to use. See
<link xlink:href="http://kubernetes.io/docs/admin/admission-controllers/"/>
<link xlink:href="https://kubernetes.io/docs/admin/admission-controllers/"/>
'';
default = ["NamespaceLifecycle" "LimitRanger" "ServiceAccount" "ResourceQuota" "DefaultStorageClass" "DefaultTolerationSeconds" "NodeRestriction"];
example = [

92
nixos/modules/services/misc/serviio.nix Normal file
View File

@ -0,0 +1,92 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.serviio;
serviioStart = pkgs.writeScript "serviio.sh" ''
#!${pkgs.bash}/bin/sh
SERVIIO_HOME=${pkgs.serviio}
# Setup the classpath
SERVIIO_CLASS_PATH="$SERVIIO_HOME/lib/*:$SERVIIO_HOME/config"
# Setup Serviio specific properties
JAVA_OPTS="-Djava.net.preferIPv4Stack=true -Djava.awt.headless=true -Dorg.restlet.engine.loggerFacadeClass=org.restlet.ext.slf4j.Slf4jLoggerFacade
-Dderby.system.home=${cfg.dataDir}/library -Dserviio.home=${cfg.dataDir} -Dffmpeg.location=${pkgs.ffmpeg}/bin/ffmpeg -Ddcraw.location=${pkgs.dcraw}/bin/dcraw"
# Execute the JVM in the foreground
exec ${pkgs.jre}/bin/java -Xmx512M -Xms20M -XX:+UseG1GC -XX:GCTimeRatio=1 -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 $JAVA_OPTS -classpath "$SERVIIO_CLASS_PATH" org.serviio.MediaServer "$@"
'';
in {
###### interface
options = {
services.serviio = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the Serviio Media Server.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/serviio";
description = ''
The directory where serviio stores its state, data, etc.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.serviio = {
description = "Serviio Media Server";
after = [ "local-fs.target" "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.serviio ];
serviceConfig = {
User = "serviio";
Group = "serviio";
ExecStart = "${serviioStart}";
ExecStop = "${serviioStart} -stop";
};
};
users.extraUsers = [
{
name = "serviio";
group = "serviio";
home = cfg.dataDir;
description = "Serviio Media Server User";
createHome = true;
isSystemUser = true;
}
];
users.extraGroups = [
{ name = "serviio";}
];
networking.firewall = {
allowedTCPPorts = [
8895 # serve UPnP responses
23423 # console
23424 # mediabrowser
];
allowedUDPPorts = [
1900 # UPnP service discovey
];
};
};
}

68
nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix
View File

@ -1,68 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.prometheus.blackboxExporter;
in {
options = {
services.prometheus.blackboxExporter = {
enable = mkEnableOption "prometheus blackbox exporter";
configFile = mkOption {
type = types.path;
description = ''
Path to configuration file.
'';
};
port = mkOption {
type = types.int;
default = 9115;
description = ''
Port to listen on.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra commandline options when launching the blackbox exporter.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open port in firewall for incoming connections.
'';
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port;
systemd.services.prometheus-blackbox-exporter = {
description = "Prometheus exporter for blackbox probes";
unitConfig.Documentation = "https://github.com/prometheus/blackbox_exporter";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
Restart = "always";
PrivateTmp = true;
WorkingDirectory = /tmp;
AmbientCapabilities = [ "CAP_NET_RAW" ]; # for ping probes
ExecStart = ''
${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \
--web.listen-address :${toString cfg.port} \
--config.file ${cfg.configFile} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
};
};
};
}

128
nixos/modules/services/monitoring/prometheus/collectd-exporter.nix
View File

@ -1,128 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.prometheus.collectdExporter;
collectSettingsArgs = if (cfg.collectdBinary.enable) then ''
-collectd.listen-address ${optionalString (cfg.collectdBinary.listenAddress != null) cfg.collectdBinary.listenAddress}:${toString cfg.collectdBinary.port} \
-collectd.security-level ${cfg.collectdBinary.securityLevel} \
'' else "";
in {
options = {
services.prometheus.collectdExporter = {
enable = mkEnableOption "prometheus collectd exporter";
port = mkOption {
type = types.int;
default = 9103;
description = ''
Port to listen on.
This is used for scraping as well as the to receive collectd data via the write_http plugin.
'';
};
listenAddress = mkOption {
type = types.nullOr types.str;
default = null;
example = "0.0.0.0";
description = ''
Address to listen on for web interface, telemetry and collectd JSON data.
'';
};
collectdBinary = {
enable = mkEnableOption "collectd binary protocol receiver";
authFile = mkOption {
default = null;
type = types.nullOr types.path;
description = "File mapping user names to pre-shared keys (passwords).";
};
port = mkOption {
type = types.int;
default = 25826;
description = ''Network address on which to accept collectd binary network packets.'';
};
listenAddress = mkOption {
type = types.nullOr types.str;
default = null;
example = "0.0.0.0";
description = ''
Address to listen on for binary network packets.
'';
};
securityLevel = mkOption {
type = types.enum ["None" "Sign" "Encrypt"];
default = "None";
description = ''
Minimum required security level for accepted packets.
'';
};
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra commandline options when launching the collectd exporter.
'';
};
logFormat = mkOption {
type = types.str;
default = "logger:stderr";
example = "logger:syslog?appname=bob&local=7 or logger:stdout?json=true";
description = ''
Set the log target and format.
'';
};
logLevel = mkOption {
type = types.enum ["debug" "info" "warn" "error" "fatal"];
default = "info";
description = ''
Only log messages with the given severity or above.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open port in firewall for incoming connections.
'';
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = (optional cfg.openFirewall cfg.port) ++
(optional (cfg.openFirewall && cfg.collectdBinary.enable) cfg.collectdBinary.port);
systemd.services.prometheus-collectd-exporter = {
description = "Prometheus exporter for Collectd metrics";
unitConfig.Documentation = "https://github.com/prometheus/collectd_exporter";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
Restart = "always";
PrivateTmp = true;
WorkingDirectory = /tmp;
ExecStart = ''
${pkgs.prometheus-collectd-exporter}/bin/collectd_exporter \
-log.format ${cfg.logFormat} \
-log.level ${cfg.logLevel} \
-web.listen-address ${optionalString (cfg.listenAddress != null) cfg.listenAddress}:${toString cfg.port} \
${collectSettingsArgs} \
${concatStringsSep " " cfg.extraFlags}
'';
};
};
};
}

172
nixos/modules/services/monitoring/prometheus/exporters.nix Normal file
View File

@ -0,0 +1,172 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.prometheus.exporters;
# each attribute in `exporterOpts` is expected to have specified:
# - port (types.int): port on which the exporter listens
# - serviceOpts (types.attrs): config that is merged with the
# default definition of the exporter's
# systemd service
# - extraOpts (types.attrs): extra configuration options to
# configure the exporter with, which
# are appended to the default options
#
# Note that `extraOpts` is optional, but a script for the exporter's
# systemd service must be provided by specifying either
# `serviceOpts.script` or `serviceOpts.serviceConfig.ExecStart`
exporterOpts = {
blackbox = import ./exporters/blackbox.nix { inherit config lib pkgs; };
collectd = import ./exporters/collectd.nix { inherit config lib pkgs; };
fritzbox = import ./exporters/fritzbox.nix { inherit config lib pkgs; };
json = import ./exporters/json.nix { inherit config lib pkgs; };
minio = import ./exporters/minio.nix { inherit config lib pkgs; };
nginx = import ./exporters/nginx.nix { inherit config lib pkgs; };
node = import ./exporters/node.nix { inherit config lib pkgs; };
postfix = import ./exporters/postfix.nix { inherit config lib pkgs; };
snmp = import ./exporters/snmp.nix { inherit config lib pkgs; };
unifi = import ./exporters/unifi.nix { inherit config lib pkgs; };
varnish = import ./exporters/varnish.nix { inherit config lib pkgs; };
};
mkExporterOpts = ({ name, port }: {
enable = mkEnableOption "the prometheus ${name} exporter";
port = mkOption {
type = types.int;
default = port;
description = ''
Port to listen on.
'';
};
listenAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
Address to listen on.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra commandline options to pass to the ${name} exporter.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open port in firewall for incoming connections.
'';
};
firewallFilter = mkOption {
type = types.str;
default = "-p tcp -m tcp --dport ${toString port}";
example = literalExample ''
"-i eth0 -p tcp -m tcp --dport ${toString port}"
'';
description = ''
Specify a filter for iptables to use when
<option>services.prometheus.exporters.${name}.openFirewall</option>
is true. It is used as `ip46tables -I INPUT <option>firewallFilter</option> -j ACCEPT`.
'';
};
user = mkOption {
type = types.str;
default = "nobody";
description = ''
User name under which the ${name} exporter shall be run.
Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.
'';
};
group = mkOption {
type = types.str;
default = "nobody";
description = ''
Group under which the ${name} exporter shall be run.
Has no effect when <option>systemd.services.prometheus-${name}-exporter.serviceConfig.DynamicUser</option> is true.
'';
};
});
mkSubModule = { name, port, extraOpts, serviceOpts }: {
${name} = mkOption {
type = types.submodule {
options = (mkExporterOpts {
inherit name port;
} // extraOpts);
};
internal = true;
default = {};
};
};
mkSubModules = (foldl' (a: b: a//b) {}
(mapAttrsToList (name: opts: mkSubModule {
inherit name;
inherit (opts) port serviceOpts;
extraOpts = opts.extraOpts or {};
}) exporterOpts)
);
mkExporterConf = { name, conf, serviceOpts }:
mkIf conf.enable {
networking.firewall.extraCommands = mkIf conf.openFirewall ''
ip46tables -I INPUT ${conf.firewallFilter} -j ACCEPT
'';
systemd.services."prometheus-${name}-exporter" = mkMerge ([{
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Restart = mkDefault "always";
PrivateTmp = mkDefault true;
WorkingDirectory = mkDefault /tmp;
} // mkIf (!(serviceOpts.serviceConfig.DynamicUser or false)) {
User = conf.user;
Group = conf.group;
};
} serviceOpts ]);
};
in
{
options.services.prometheus.exporters = mkOption {
type = types.submodule {
options = (mkSubModules);
};
description = "Prometheus exporter configuration";
default = {};
example = literalExample ''
{
node = {
enable = true;
enabledCollectors = [ "systemd" ];
};
varnish.enable = true;
}
'';
};
config = mkMerge ([{
assertions = [{
assertion = (cfg.snmp.configurationPath == null) != (cfg.snmp.configuration == null);
message = ''
Please ensure you have either `services.prometheus.exporters.snmp.configuration'
or `services.prometheus.exporters.snmp.configurationPath' set!
'';
}];
}] ++ [(mkIf config.services.minio.enable {
services.prometheus.exporters.minio.minioAddress = mkDefault "http://localhost:9000";
services.prometheus.exporters.minio.minioAccessKey = mkDefault config.services.minio.accessKey;
services.prometheus.exporters.minio.minioAccessSecret = mkDefault config.services.minio.secretKey;
})] ++ (mapAttrsToList (name: conf:
mkExporterConf {
inherit name;
inherit (conf) serviceOpts;
conf = cfg.${name};
}) exporterOpts)
);
meta.doc = ./exporters.xml;
}

135
nixos/modules/services/monitoring/prometheus/exporters.xml Normal file
View File

@ -0,0 +1,135 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-services-prometheus-exporters">
<title>Prometheus exporters</title>
<para>Prometheus exporters provide metrics for the <link xlink:href="https://prometheus.io">prometheus monitoring system</link>.</para>
<section><title>Configuration</title>
<para>One of the most common exporters is the <link xlink:href="https://github.com/prometheus/node_exporter">node exporter</link>, it provides hardware and OS metrics from the host it's running on. The exporter could be configured as follows:
<programlisting>
services.promtheus.exporters.node = {
enable = true;
enabledCollectors = [
"logind"
"systemd"
];
disabledCollectors = [
"textfile"
];
openFirewall = true;
firewallFilter = "-i br0 -p tcp -m tcp --dport 9100";
};
</programlisting>
It should now serve all metrics from the collectors
that are explicitly enabled and the ones that are
<link xlink:href="https://github.com/prometheus/node_exporter#enabled-by-default">enabled by default</link>, via http under <literal>/metrics</literal>. In this example the firewall should just
allow incoming connections to the exporter's port on the bridge interface <literal>br0</literal>
(this would have to be configured seperately of course).
For more information about configuration see <literal>man configuration.nix</literal> or
search through the <link xlink:href="https://nixos.org/nixos/options.html#prometheus.exporters">available options</link>.
</para>
</section>
<section><title>Adding a new exporter</title>
<para>To add a new exporter, it has to be packaged first (see <literal>nixpkgs/pkgs/servers/monitoring/prometheus/</literal> for examples), then a module can be added. The postfix exporter is used in this example:</para>
<itemizedlist>
<listitem>
<para>
Some default options for all exporters are provided by
<literal>nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix</literal>:
</para>
</listitem>
<listitem override='none'>
<itemizedlist>
<listitem><para><literal>enable</literal></para></listitem>
<listitem><para><literal>port</literal></para></listitem>
<listitem><para><literal>listenAddress</literal></para></listitem>
<listitem><para><literal>extraFlags</literal></para></listitem>
<listitem><para><literal>openFirewall</literal></para></listitem>
<listitem><para><literal>firewallFilter</literal></para></listitem>
<listitem><para><literal>user</literal></para></listitem>
<listitem><para><literal>group</literal></para></listitem>
</itemizedlist>
</listitem>
<listitem>
<para>As there is already a package available, the module can now be added.
This is accomplished by adding a new file to the
<literal>nixos/modules/services/monitoring/prometheus/exporters/</literal> directory,
which will be called postfix.nix and contains all exporter specific options
and configuration:
<programlisting>
# nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix
{ config, lib, pkgs }:
with lib;
let
# for convenience we define cfg here
cfg = config.services.prometheus.exporters.postfix;
in
{
port = 9154; # The postfix exporter listens on this port by default
# `extraOpts` is an attribute set which contains additional options
# (and optional overrides for default options).
# Note that this attribute is optional.
extraOpts = {
telemetryPath = mkOption {
type = types.str;
default = "/metrics";
description = ''
Path under which to expose metrics.
'';
};
logfilePath = mkOption {
type = types.path;
default = /var/log/postfix_exporter_input.log;
example = /var/log/mail.log;
description = ''
Path where Postfix writes log entries.
This file will be truncated by this exporter!
'';
};
showqPath = mkOption {
type = types.path;
default = /var/spool/postfix/public/showq;
example = /var/lib/postfix/queue/public/showq;
description = ''
Path at which Postfix places its showq socket.
'';
};
};
# `serviceOpts` is an attribute set which contains configuration
# for the exporter's systemd service. One of
# `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart`
# has to be specified here. This will be merged with the default
# service confiuration.
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--web.telemetry-path ${cfg.telemetryPath} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}
</programlisting>
</para>
</listitem>
<listitem>
<para>
This should already be enough for the postfix exporter. Additionally one could
now add assertions and conditional default values. This can be done in the
'meta-module' that combines all exporter definitions and generates the submodules:
<literal>nixpkgs/nixos/modules/services/prometheus/exporters.nix</literal>
</para>
</listitem>
</itemizedlist>
</section>
</chapter>

31
nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix Normal file
View File

@ -0,0 +1,31 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.blackbox;
in
{
port = 9115;
extraOpts = {
configFile = mkOption {
type = types.path;
description = ''
Path to configuration file.
'';
};
};
serviceOpts = {
serviceConfig = {
AmbientCapabilities = [ "CAP_NET_RAW" ]; # for ping probes
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--config.file ${cfg.configFile} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
};
};
}

78
nixos/modules/services/monitoring/prometheus/exporters/collectd.nix Normal file
View File

@ -0,0 +1,78 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.collectd;
in
{
port = 9103;
extraOpts = {
collectdBinary = {
enable = mkEnableOption "collectd binary protocol receiver";
authFile = mkOption {
default = null;
type = types.nullOr types.path;
description = "File mapping user names to pre-shared keys (passwords).";
};
port = mkOption {
type = types.int;
default = 25826;
description = ''Network address on which to accept collectd binary network packets.'';
};
listenAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
Address to listen on for binary network packets.
'';
};
securityLevel = mkOption {
type = types.enum ["None" "Sign" "Encrypt"];
default = "None";
description = ''
Minimum required security level for accepted packets.
'';
};
};
logFormat = mkOption {
type = types.str;
default = "logger:stderr";
example = "logger:syslog?appname=bob&local=7 or logger:stdout?json=true";
description = ''
Set the log target and format.
'';
};
logLevel = mkOption {
type = types.enum ["debug" "info" "warn" "error" "fatal"];
default = "info";
description = ''
Only log messages with the given severity or above.
'';
};
};
serviceOpts = let
collectSettingsArgs = if (cfg.collectdBinary.enable) then ''
-collectd.listen-address ${cfg.collectdBinary.listenAddress}:${toString cfg.collectdBinary.port} \
-collectd.security-level ${cfg.collectdBinary.securityLevel} \
'' else "";
in {
serviceConfig = {
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-collectd-exporter}/bin/collectd_exporter \
-log.format ${cfg.logFormat} \
-log.level ${cfg.logLevel} \
-web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
${collectSettingsArgs} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

39
nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.fritzbox;
in
{
port = 9133;
extraOpts = {
gatewayAddress = mkOption {
type = types.str;
default = "fritz.box";
description = ''
The hostname or IP of the FRITZ!Box.
'';
};
gatewayPort = mkOption {
type = types.int;
default = 49000;
description = ''
The port of the FRITZ!Box UPnP service.
'';
};
};
serviceOpts = {
serviceConfig = {
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-fritzbox-exporter}/bin/fritzbox_exporter \
-listen-address ${cfg.listenAddress}:${toString cfg.port} \
-gateway-address ${cfg.gatewayAddress} \
-gateway-port ${toString cfg.gatewayPort} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

36
nixos/modules/services/monitoring/prometheus/exporters/json.nix Normal file
View File

@ -0,0 +1,36 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.json;
in
{
port = 7979;
extraOpts = {
url = mkOption {
type = types.str;
description = ''
URL to scrape JSON from.
'';
};
configFile = mkOption {
type = types.path;
description = ''
Path to configuration file.
'';
};
listenAddress = {}; # not used
};
serviceOpts = {
serviceConfig = {
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-json-exporter}/bin/prometheus-json-exporter \
--port ${toString cfg.port} \
${cfg.url} ${cfg.configFile} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

65
nixos/modules/services/monitoring/prometheus/exporters/minio.nix Normal file
View File

@ -0,0 +1,65 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.minio;
in
{
port = 9290;
extraOpts = {
minioAddress = mkOption {
type = types.str;
example = "https://10.0.0.1:9000";
description = ''
The URL of the minio server.
Use HTTPS if Minio accepts secure connections only.
By default this connects to the local minio server if enabled.
'';
};
minioAccessKey = mkOption {
type = types.str;
example = "yourMinioAccessKey";
description = ''
The value of the Minio access key.
It is required in order to connect to the server.
By default this uses the one from the local minio server if enabled
and <literal>config.services.minio.accessKey</literal>.
'';
};
minioAccessSecret = mkOption {
type = types.str;
description = ''
The value of the Minio access secret.
It is required in order to connect to the server.
By default this uses the one from the local minio server if enabled
and <literal>config.services.minio.secretKey</literal>.
'';
};
minioBucketStats = mkOption {
type = types.bool;
default = false;
description = ''
Collect statistics about the buckets and files in buckets.
It requires more computation, use it carefully in case of large buckets..
'';
};
};
serviceOpts = {
serviceConfig = {
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-minio-exporter}/bin/minio-exporter \
-web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
-minio.server ${cfg.minioAddress} \
-minio.access-key ${cfg.minioAccessKey} \
-minio.access-secret ${cfg.minioAccessSecret} \
${optionalString cfg.minioBucketStats "-minio.bucket-stats"} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

31
nixos/modules/services/monitoring/prometheus/exporters/nginx.nix Normal file
View File

@ -0,0 +1,31 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.nginx;
in
{
port = 9113;
extraOpts = {
scrapeUri = mkOption {
type = types.string;
default = "http://localhost/nginx_status";
description = ''
Address to access the nginx status page.
Can be enabled with services.nginx.statusPage = true.
'';
};
};
serviceOpts = {
serviceConfig = {
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-nginx-exporter}/bin/nginx_exporter \
-nginx.scrape_uri '${cfg.scrapeUri}' \
-telemetry.address ${cfg.listenAddress}:${toString cfg.port} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

39
nixos/modules/services/monitoring/prometheus/exporters/node.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.node;
in
{
port = 9100;
extraOpts = {
enabledCollectors = mkOption {
type = types.listOf types.string;
default = [];
example = ''[ "systemd" ]'';
description = ''
Collectors to enable. The collectors listed here are enabled in addition to the default ones.
'';
};
disabledCollectors = mkOption {
type = types.listOf types.str;
default = [];
example = ''[ "timex" ]'';
description = ''
Collectors to disable which are enabled by default.
'';
};
};
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-node-exporter}/bin/node_exporter \
${concatMapStringsSep " " (x: "--collector." + x) cfg.enabledCollectors} \
${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

46
nixos/modules/services/monitoring/prometheus/exporters/postfix.nix Normal file
View File

@ -0,0 +1,46 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.postfix;
in
{
port = 9154;
extraOpts = {
telemetryPath = mkOption {
type = types.str;
default = "/metrics";
description = ''
Path under which to expose metrics.
'';
};
logfilePath = mkOption {
type = types.path;
default = "/var/log/postfix_exporter_input.log";
example = "/var/log/mail.log";
description = ''
Path where Postfix writes log entries.
This file will be truncated by this exporter!
'';
};
showqPath = mkOption {
type = types.path;
default = "/var/spool/postfix/public/showq";
example = "/var/lib/postfix/queue/public/showq";
description = ''
Path where Postfix places it's showq socket.
'';
};
};
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--web.telemetry-path ${cfg.telemetryPath} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

71
nixos/modules/services/monitoring/prometheus/exporters/snmp.nix Normal file
View File

@ -0,0 +1,71 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.snmp;
in
{
port = 9116;
extraOpts = {
configurationPath = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to a snmp exporter configuration file. Mutually exclusive with 'configuration' option.
'';
example = "./snmp.yml";
};
configuration = mkOption {
type = types.nullOr types.attrs;
default = {};
description = ''
Snmp exporter configuration as nix attribute set. Mutually exclusive with 'configurationPath' option.
'';
example = ''
{
"default" = {
"version" = 2;
"auth" = {
"community" = "public";
};
};
};
'';
};
logFormat = mkOption {
type = types.str;
default = "logger:stderr";
description = ''
Set the log target and format.
'';
};
logLevel = mkOption {
type = types.enum ["debug" "info" "warn" "error" "fatal"];
default = "info";
description = ''
Only log messages with the given severity or above.
'';
};
};
serviceOpts = let
configFile = if cfg.configurationPath != null
then cfg.configurationPath
else "${pkgs.writeText "snmp-eporter-conf.yml" (builtins.toJSON cfg.configuration)}";
in {
serviceConfig = {
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-snmp-exporter.bin}/bin/snmp_exporter \
-config.file ${configFile} \
-log.format ${cfg.logFormat} \
-log.level ${cfg.logLevel} \
-web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

67
nixos/modules/services/monitoring/prometheus/exporters/unifi.nix Normal file
View File

@ -0,0 +1,67 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.unifi;
in
{
port = 9130;
extraOpts = {
unifiAddress = mkOption {
type = types.str;
example = "https://10.0.0.1:8443";
description = ''
URL of the UniFi Controller API.
'';
};
unifiInsecure = mkOption {
type = types.bool;
default = false;
description = ''
If enabled skip the verification of the TLS certificate of the UniFi Controller API.
Use with caution.
'';
};
unifiUsername = mkOption {
type = types.str;
example = "ReadOnlyUser";
description = ''
username for authentication against UniFi Controller API.
'';
};
unifiPassword = mkOption {
type = types.str;
description = ''
Password for authentication against UniFi Controller API.
'';
};
unifiTimeout = mkOption {
type = types.str;
default = "5s";
example = "2m";
description = ''
Timeout including unit for UniFi Controller API requests.
'';
};
};
serviceOpts = {
serviceConfig = {
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-unifi-exporter}/bin/unifi_exporter \
-telemetry.addr ${cfg.listenAddress}:${toString cfg.port} \
-unifi.addr ${cfg.unifiAddress} \
-unifi.username ${cfg.unifiUsername} \
-unifi.password ${cfg.unifiPassword} \
-unifi.timeout ${cfg.unifiTimeout} \
${optionalString cfg.unifiInsecure "-unifi.insecure" } \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

21
nixos/modules/services/monitoring/prometheus/exporters/varnish.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.varnish;
in
{
port = 9131;
serviceOpts = {
path = [ pkgs.varnish ];
serviceConfig = {
DynamicUser = true;
ExecStart = ''
${pkgs.prometheus-varnish-exporter}/bin/prometheus_varnish_exporter \
-web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

76
nixos/modules/services/monitoring/prometheus/fritzbox-exporter.nix
View File

@ -1,76 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.prometheus.fritzboxExporter;
in {
options = {
services.prometheus.fritzboxExporter = {
enable = mkEnableOption "prometheus fritzbox exporter";
port = mkOption {
type = types.int;
default = 9133;
description = ''
Port to listen on.
'';
};
gatewayAddress = mkOption {
type = types.str;
default = "fritz.box";
description = ''
The hostname or IP of the FRITZ!Box.
'';
};
gatewayPort = mkOption {
type = types.int;
default = 49000;
description = ''
The port of the FRITZ!Box UPnP service.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra commandline options when launching the fritzbox exporter.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open port in firewall for incoming connections.
'';
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port;
systemd.services.prometheus-fritzbox-exporter = {
description = "Prometheus exporter for FRITZ!Box via UPnP";
unitConfig.Documentation = "https://github.com/ndecker/fritzbox_exporter";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
Restart = "always";
PrivateTmp = true;
WorkingDirectory = /tmp;
ExecStart = ''
${pkgs.prometheus-fritzbox-exporter}/bin/fritzbox_exporter \
-listen-address :${toString cfg.port} \
-gateway-address ${cfg.gatewayAddress} \
-gateway-port ${toString cfg.gatewayPort} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
};
}

74
nixos/modules/services/monitoring/prometheus/json-exporter.nix
View File

@ -1,74 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.prometheus.jsonExporter;
in {
options = {
services.prometheus.jsonExporter = {
enable = mkEnableOption "prometheus JSON exporter";
url = mkOption {
type = types.str;
description = ''
URL to scrape JSON from.
'';
};
configFile = mkOption {
type = types.path;
description = ''
Path to configuration file.
'';
};
port = mkOption {
type = types.int;
default = 7979;
description = ''
Port to listen on.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra commandline options when launching the JSON exporter.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open port in firewall for incoming connections.
'';
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port;
systemd.services.prometheus-json-exporter = {
description = "Prometheus exporter for JSON over HTTP";
unitConfig.Documentation = "https://github.com/kawamuray/prometheus-json-exporter";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
Restart = "always";
PrivateTmp = true;
WorkingDirectory = /tmp;
ExecStart = ''
${pkgs.prometheus-json-exporter}/bin/prometheus-json-exporter \
--port ${toString cfg.port} \
${cfg.url} ${cfg.configFile} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
};
};
};
}

117
nixos/modules/services/monitoring/prometheus/minio-exporter.nix
View File

@ -1,117 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.prometheus.minioExporter;
in {
options = {
services.prometheus.minioExporter = {
enable = mkEnableOption "prometheus minio exporter";
port = mkOption {
type = types.int;
default = 9290;
description = ''
Port to listen on.
'';
};
listenAddress = mkOption {
type = types.nullOr types.str;
default = null;
example = "0.0.0.0";
description = ''
Address to listen on for web interface and telemetry.
'';
};
minioAddress = mkOption {
type = types.str;
example = "https://10.0.0.1:9000";
default = if config.services.minio.enable then "http://localhost:9000" else null;
description = ''
The URL of the minio server.
Use HTTPS if Minio accepts secure connections only.
By default this connects to the local minio server if enabled.
'';
};
minioAccessKey = mkOption ({
type = types.str;
example = "BKIKJAA5BMMU2RHO6IBB";
description = ''
The value of the Minio access key.
It is required in order to connect to the server.
By default this uses the one from the local minio server if enabled
and <literal>config.services.minio.accessKey</literal>.
'';
} // optionalAttrs (config.services.minio.enable && config.services.minio.accessKey != "") {
default = config.services.minio.accessKey;
});
minioAccessSecret = mkOption ({
type = types.str;
description = ''
The calue of the Minio access secret.
It is required in order to connect to the server.
By default this uses the one from the local minio server if enabled
and <literal>config.services.minio.secretKey</literal>.
'';
} // optionalAttrs (config.services.minio.enable && config.services.minio.secretKey != "") {
default = config.services.minio.secretKey;
});
minioBucketStats = mkOption {
type = types.bool;
default = false;
description = ''
Collect statistics about the buckets and files in buckets.
It requires more computation, use it carefully in case of large buckets..
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra commandline options when launching the minio exporter.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open port in firewall for incoming connections.
'';
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port;
systemd.services.prometheus-minio-exporter = {
description = "Prometheus exporter for Minio server metrics";
unitConfig.Documentation = "https://github.com/joe-pll/minio-exporter";
wantedBy = [ "multi-user.target" ];
after = optional config.services.minio.enable "minio.service";
serviceConfig = {
DynamicUser = true;
Restart = "always";
PrivateTmp = true;
WorkingDirectory = /tmp;
ExecStart = ''
${pkgs.prometheus-minio-exporter}/bin/minio-exporter \
-web.listen-address ${optionalString (cfg.listenAddress != null) cfg.listenAddress}:${toString cfg.port} \
-minio.server ${cfg.minioAddress} \
-minio.access-key ${cfg.minioAccessKey} \
-minio.access-secret ${cfg.minioAccessSecret} \
${optionalString cfg.minioBucketStats "-minio.bucket-stats"} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
};
}

78
nixos/modules/services/monitoring/prometheus/nginx-exporter.nix
View File

@ -1,78 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.prometheus.nginxExporter;
in {
options = {
services.prometheus.nginxExporter = {
enable = mkEnableOption "prometheus nginx exporter";
port = mkOption {
type = types.int;
default = 9113;
description = ''
Port to listen on.
'';
};
listenAddress = mkOption {
type = types.string;
default = "0.0.0.0";
description = ''
Address to listen on.
'';
};
scrapeUri = mkOption {
type = types.string;
default = "http://localhost/nginx_status";
description = ''
Address to access the nginx status page.
Can be enabled with services.nginx.statusPage = true.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra commandline options when launching the nginx exporter.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open port in firewall for incoming connections.
'';
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port;
systemd.services.prometheus-nginx-exporter = {
after = [ "network.target" "nginx.service" ];
description = "Prometheus exporter for nginx metrics";
unitConfig.Documentation = "https://github.com/discordianfish/nginx_exporter";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
Restart = "always";
PrivateTmp = true;
WorkingDirectory = /tmp;
ExecStart = ''
${pkgs.prometheus-nginx-exporter}/bin/nginx_exporter \
-nginx.scrape_uri '${cfg.scrapeUri}' \
-telemetry.address ${cfg.listenAddress}:${toString cfg.port} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
};
};
};
}

87
nixos/modules/services/monitoring/prometheus/node-exporter.nix
View File

@ -1,87 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.prometheus.nodeExporter;
in {
options = {
services.prometheus.nodeExporter = {
enable = mkEnableOption "prometheus node exporter";
port = mkOption {
type = types.int;
default = 9100;
description = ''
Port to listen on.
'';
};
listenAddress = mkOption {
type = types.string;
default = "0.0.0.0";
description = ''
Address to listen on.
'';
};
enabledCollectors = mkOption {
type = types.listOf types.string;
default = [];
example = ''[ "systemd" ]'';
description = ''
Collectors to enable. The collectors listed here are enabled in addition to the default ones.
'';
};
disabledCollectors = mkOption {
type = types.listOf types.str;
default = [];
example = ''[ "timex" ]'';
description = ''
Collectors to disable which are enabled by default.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra commandline options when launching the node exporter.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open port in firewall for incoming connections.
'';
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port;
systemd.services.prometheus-node-exporter = {
description = "Prometheus exporter for machine metrics";
unitConfig.Documentation = "https://github.com/prometheus/node_exporter";
wantedBy = [ "multi-user.target" ];
script = ''
exec ${pkgs.prometheus-node-exporter}/bin/node_exporter \
${concatMapStringsSep " " (x: "--collector." + x) cfg.enabledCollectors} \
${concatMapStringsSep " " (x: "--no-collector." + x) cfg.disabledCollectors} \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
serviceConfig = {
User = "nobody";
Restart = "always";
PrivateTmp = true;
WorkingDirectory = /tmp;
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
};
};
};
}

127
nixos/modules/services/monitoring/prometheus/snmp-exporter.nix
View File

@ -1,127 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.prometheus.snmpExporter;
mkConfigFile = pkgs.writeText "snmp.yml" (if cfg.configurationPath == null then builtins.toJSON cfg.configuration else builtins.readFile cfg.configurationPath);
in {
options = {
services.prometheus.snmpExporter = {
enable = mkEnableOption "Prometheus snmp exporter";
user = mkOption {
type = types.str;
default = "nobody";
description = ''
User name under which snmp exporter shall be run.
'';
};
group = mkOption {
type = types.str;
default = "nogroup";
description = ''
Group under which snmp exporter shall be run.
'';
};
port = mkOption {
type = types.int;
default = 9116;
description = ''
Port to listen on.
'';
};
listenAddress = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Address to listen on for web interface and telemetry.
'';
};
configurationPath = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to a snmp exporter configuration file. Mutually exclusive with 'configuration' option.
'';
example = "./snmp.yml";
};
configuration = mkOption {
type = types.nullOr types.attrs;
default = {};
description = ''
Snmp exporter configuration as nix attribute set. Mutually exclusive with 'configurationPath' option.
'';
example = ''
{
"default" = {
"version" = 2;
"auth" = {
"community" = "public";
};
};
};
'';
};
logFormat = mkOption {
type = types.str;
default = "logger:stderr";
description = ''
Set the log target and format.
'';
};
logLevel = mkOption {
type = types.enum ["debug" "info" "warn" "error" "fatal"];
default = "info";
description = ''
Only log messages with the given severity or above.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open port in firewall for incoming connections.
'';
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port;
assertions = singleton
{
assertion = (cfg.configurationPath == null) != (cfg.configuration == null);
message = "Please ensure you have either 'configuration' or 'configurationPath' set!";
};
systemd.services.prometheus-snmp-exporter = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
script = ''
${pkgs.prometheus-snmp-exporter.bin}/bin/snmp_exporter \
-config.file ${mkConfigFile} \
-log.format ${cfg.logFormat} \
-log.level ${cfg.logLevel} \
-web.listen-address ${optionalString (cfg.listenAddress != null) cfg.listenAddress}:${toString cfg.port}
'';
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Restart = "always";
PrivateTmp = true;
WorkingDirectory = "/tmp";
};
};
};
}

105
nixos/modules/services/monitoring/prometheus/unifi-exporter.nix
View File

@ -1,105 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.prometheus.unifiExporter;
in {
options = {
services.prometheus.unifiExporter = {
enable = mkEnableOption "prometheus unifi exporter";
port = mkOption {
type = types.int;
default = 9130;
description = ''
Port to listen on.
'';
};
unifiAddress = mkOption {
type = types.str;
example = "https://10.0.0.1:8443";
description = ''
URL of the UniFi Controller API.
'';
};
unifiInsecure = mkOption {
type = types.bool;
default = false;
description = ''
If enabled skip the verification of the TLS certificate of the UniFi Controller API.
Use with caution.
'';
};
unifiUsername = mkOption {
type = types.str;
example = "ReadOnlyUser";
description = ''
username for authentication against UniFi Controller API.
'';
};
unifiPassword = mkOption {
type = types.str;
description = ''
Password for authentication against UniFi Controller API.
'';
};
unifiTimeout = mkOption {
type = types.str;
default = "5s";
example = "2m";
description = ''
Timeout including unit for UniFi Controller API requests.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra commandline options when launching the unifi exporter.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open port in firewall for incoming connections.
'';
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port;
systemd.services.prometheus-unifi-exporter = {
description = "Prometheus exporter for UniFi Controller metrics";
unitConfig.Documentation = "https://github.com/mdlayher/unifi_exporter";
wantedBy = [ "multi-user.target" ];
after = optional config.services.unifi.enable "unifi.service";
serviceConfig = {
User = "nobody";
Restart = "always";
PrivateTmp = true;
WorkingDirectory = /tmp;
ExecStart = ''
${pkgs.prometheus-unifi-exporter}/bin/unifi_exporter \
-telemetry.addr :${toString cfg.port} \
-unifi.addr ${cfg.unifiAddress} \
-unifi.username ${cfg.unifiUsername} \
-unifi.password ${cfg.unifiPassword} \
-unifi.timeout ${cfg.unifiTimeout} \
${optionalString cfg.unifiInsecure "-unifi.insecure" } \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
};
}

61
nixos/modules/services/monitoring/prometheus/varnish-exporter.nix
View File

@ -1,61 +0,0 @@
{ config, pkgs, lib, ... }:
# Shamelessly cribbed from nginx-exporter.nix. ~ C.
with lib;
let
cfg = config.services.prometheus.varnishExporter;
in {
options = {
services.prometheus.varnishExporter = {
enable = mkEnableOption "prometheus Varnish exporter";
port = mkOption {
type = types.int;
default = 9131;
description = ''
Port to listen on.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra commandline options when launching the Varnish exporter.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open port in firewall for incoming connections.
'';
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port;
systemd.services.prometheus-varnish-exporter = {
description = "Prometheus exporter for Varnish metrics";
unitConfig.Documentation = "https://github.com/jonnenauha/prometheus_varnish_exporter";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.varnish ];
script = ''
exec ${pkgs.prometheus-varnish-exporter}/bin/prometheus_varnish_exporter \
-web.listen-address :${toString cfg.port} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
serviceConfig = {
User = "nobody";
Restart = "always";
PrivateTmp = true;
WorkingDirectory = /tmp;
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
};
};
};
}

8
nixos/modules/services/networking/networkmanager.nix
View File

@ -135,8 +135,7 @@ in {
default = { inherit networkmanager modemmanager wpa_supplicant
networkmanager-openvpn networkmanager-vpnc
networkmanager-openconnect networkmanager-fortisslvpn
networkmanager-pptp networkmanager-l2tp
networkmanager-iodine; };
networkmanager-l2tp networkmanager-iodine; };
internal = true;
};
@ -267,8 +266,6 @@ in {
message = "You can not use networking.networkmanager with networking.wireless";
}];
boot.kernelModules = [ "ppp_mppe" ]; # Needed for most (all?) PPTP VPN connections.
environment.etc = with cfg.basePackages; [
{ source = configFile;
target = "NetworkManager/NetworkManager.conf";
@ -285,9 +282,6 @@ in {
{ source = "${networkmanager-fortisslvpn}/etc/NetworkManager/VPN/nm-fortisslvpn-service.name";
target = "NetworkManager/VPN/nm-fortisslvpn-service.name";
}
{ source = "${networkmanager-pptp}/etc/NetworkManager/VPN/nm-pptp-service.name";
target = "NetworkManager/VPN/nm-pptp-service.name";
}
{ source = "${networkmanager-l2tp}/etc/NetworkManager/VPN/nm-l2tp-service.name";
target = "NetworkManager/VPN/nm-l2tp-service.name";
}

226
nixos/modules/services/networking/prosody.nix
View File

@ -15,6 +15,7 @@ let
description = "Path to the key file.";
};
# TODO: rename to certificate to match the prosody config
cert = mkOption {
type = types.path;
description = "Path to the certificate file.";
@ -30,7 +31,7 @@ let
};
moduleOpts = {
# Generally required
roster = mkOption {
type = types.bool;
default = true;
@ -61,12 +62,38 @@ let
description = "Service discovery";
};
legacyauth = mkOption {
# Not essential, but recommended
carbons = mkOption {
type = types.bool;
default = true;
description = "Legacy authentication. Only used by some old clients and bots";
description = "Keep multiple clients in sync";
};
pep = mkOption {
type = types.bool;
default = true;
description = "Enables users to publish their mood, activity, playing music and more";
};
private = mkOption {
type = types.bool;
default = true;
description = "Private XML storage (for room bookmarks, etc.)";
};
blocklist = mkOption {
type = types.bool;
default = true;
description = "Allow users to block communications with other users";
};
vcard = mkOption {
type = types.bool;
default = true;
description = "Allow users to set vCards";
};
# Nice to have
version = mkOption {
type = types.bool;
default = true;
@ -91,36 +118,112 @@ let
description = "Replies to XMPP pings with pongs";
};
console = mkOption {
register = mkOption {
type = types.bool;
default = false;
description = "telnet to port 5582";
default = true;
description = "Allow users to register on this server using a client and change passwords";
};
mam = mkOption {
type = types.bool;
default = false;
description = "Store messages in an archive and allow users to access it";
};
# Admin interfaces
admin_adhoc = mkOption {
type = types.bool;
default = true;
description = "Allows administration via an XMPP client that supports ad-hoc commands";
};
admin_telnet = mkOption {
type = types.bool;
default = false;
description = "Opens telnet console interface on localhost port 5582";
};
# HTTP modules
bosh = mkOption {
type = types.bool;
default = false;
description = "Enable BOSH clients, aka 'Jabber over HTTP'";
};
httpserver = mkOption {
type = types.bool;
default = false;
description = "Serve static files from a directory over HTTP";
};
websocket = mkOption {
type = types.bool;
default = false;
description = "Enable WebSocket support";
};
http_files = mkOption {
type = types.bool;
default = false;
description = "Serve static files from a directory over HTTP";
};
# Other specific functionality
limits = mkOption {
type = types.bool;
default = false;
description = "Enable bandwidth limiting for XMPP connections";
};
groups = mkOption {
type = types.bool;
default = false;
description = "Shared roster support";
};
server_contact_info = mkOption {
type = types.bool;
default = false;
description = "Publish contact information for this service";
};
announce = mkOption {
type = types.bool;
default = false;
description = "Send announcement to all online users";
};
welcome = mkOption {
type = types.bool;
default = false;
description = "Welcome users who register accounts";
};
watchregistrations = mkOption {
type = types.bool;
default = false;
description = "Alert admins of registrations";
};
motd = mkOption {
type = types.bool;
default = false;
description = "Send a message to users when they log in";
};
legacyauth = mkOption {
type = types.bool;
default = false;
description = "Legacy authentication. Only used by some old clients and bots";
};
proxy65 = mkOption {
type = types.bool;
default = false;
description = "Enables a file transfer proxy service which clients behind NAT can use";
};
};
toLua = x:
if builtins.isString x then ''"${x}"''
else if builtins.isBool x then toString x
else if builtins.isBool x then (if x == true then "true" else "false")
else if builtins.isInt x then toString x
else if builtins.isList x then ''{ ${lib.concatStringsSep ", " (map (n: toLua n) x) } }''
else throw "Invalid Lua value";
createSSLOptsStr = o: ''
@ -198,6 +301,59 @@ in
description = "Allow account creation";
};
c2sRequireEncryption = mkOption {
type = types.bool;
default = true;
description = ''
Force clients to use encrypted connections? This option will
prevent clients from authenticating unless they are using encryption.
'';
};
s2sRequireEncryption = mkOption {
type = types.bool;
default = true;
description = ''
Force servers to use encrypted connections? This option will
prevent servers from authenticating unless they are using encryption.
Note that this is different from authentication.
'';
};
s2sSecureAuth = mkOption {
type = types.bool;
default = false;
description = ''
Force certificate authentication for server-to-server connections?
This provides ideal security, but requires servers you communicate
with to support encryption AND present valid, trusted certificates.
For more information see https://prosody.im/doc/s2s#security
'';
};
s2sInsecureDomains = mkOption {
type = types.listOf types.str;
default = [];
example = [ "insecure.example.com" ];
description = ''
Some servers have invalid or self-signed certificates. You can list
remote domains here that will not be required to authenticate using
certificates. They will be authenticated using DNS instead, even
when s2s_secure_auth is enabled.
'';
};
s2sSecureDomains = mkOption {
type = types.listOf types.str;
default = [];
example = [ "jabber.org" ];
description = ''
Even if you leave s2s_secure_auth disabled, you can still require valid
certificates for some domains by specifying a list here.
'';
};
modules = moduleOpts;
extraModules = mkOption {
@ -206,6 +362,12 @@ in
description = "Enable custom modules";
};
extraPluginPaths = mkOption {
type = types.listOf types.path;
default = [];
description = "Addtional path in which to look find plugins/modules";
};
virtualHosts = mkOption {
description = "Define the virtual hosts";
@ -255,38 +417,48 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.prosody ];
environment.systemPackages = [ cfg.package ];
environment.etc."prosody/prosody.cfg.lua".text = ''
pidfile = "/var/lib/prosody/prosody.pid"
log = "*syslog"
data_path = "/var/lib/prosody"
allow_registration = ${boolToString cfg.allowRegistration};
${ optionalString cfg.modules.console "console_enabled = true;" }
plugin_paths = {
${lib.concatStringsSep ", " (map (n: "\"${n}\"") cfg.extraPluginPaths) }
}
${ optionalString (cfg.ssl != null) (createSSLOptsStr cfg.ssl) }
admins = { ${lib.concatStringsSep ", " (map (n: "\"${n}\"") cfg.admins) } };
admins = ${toLua cfg.admins}
-- we already build with libevent, so we can just enable it for a more performant server
use_libevent = true
modules_enabled = {
${ lib.concatStringsSep "\n\ \ " (lib.mapAttrsToList
(name: val: optionalString val ''"${name}";'')
(name: val: optionalString val "${toLua name};")
cfg.modules) }
${ optionalString cfg.allowRegistration "\"register\"\;" }
${ lib.concatStringsSep "\n" (map (x: "\"${x}\";") cfg.extraModules)}
"posix";
${ lib.concatStringsSep "\n" (map (x: "${toLua x};") cfg.package.communityModules)}
${ lib.concatStringsSep "\n" (map (x: "${toLua x};") cfg.extraModules)}
};
allow_registration = ${toLua cfg.allowRegistration}
c2s_require_encryption = ${toLua cfg.c2sRequireEncryption}
s2s_require_encryption = ${toLua cfg.s2sRequireEncryption}
s2s_secure_auth = ${toLua cfg.s2sSecureAuth}
s2s_insecure_domains = ${toLua cfg.s2sInsecureDomains}
s2s_secure_domains = ${toLua cfg.s2sSecureDomains}
${ cfg.extraConfig }
${ lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: ''

17
nixos/modules/services/security/tor.nix
View File

@ -5,6 +5,7 @@ with lib;
let
cfg = config.services.tor;
torDirectory = "/var/lib/tor";
torRunDirectory = "/run/tor";
opt = name: value: optionalString (value != null) "${name} ${value}";
optint = name: value: optionalString (value != null && value != 0) "${name} ${toString value}";
@ -38,6 +39,7 @@ let
''}
${optint "ControlPort" cfg.controlPort}
${optionalString cfg.controlSocket.enable "ControlSocket ${torRunDirectory}/control GroupWritable RelaxDirModeCheck"}
''
# Client connection config
+ optionalString cfg.client.enable ''
@ -140,6 +142,17 @@ in
'';
};
controlSocket = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Wheter to enable Tor control socket. Control socket is created
in <literal>${torRunDirectory}/control</literal>
'';
};
};
client = {
enable = mkOption {
type = types.bool;
@ -692,7 +705,7 @@ in
# Translated from the upstream contrib/dist/tor.service.in
preStart = ''
install -o tor -g tor -d ${torDirectory}/onion
install -o tor -g tor -d ${torDirectory}/onion ${torRunDirectory}
${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config
'';
@ -716,7 +729,7 @@ in
DevicePolicy = "closed";
InaccessibleDirectories = "/home";
ReadOnlyDirectories = "/";
ReadWriteDirectories = torDirectory;
ReadWriteDirectories = [torDirectory torRunDirectory];
NoNewPrivileges = "yes";
};
};

149
nixos/modules/services/web-apps/nixbot.nix
View File

@ -1,149 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.nixbot;
pyramidIni = ''
###
# app configuration
# http://docs.pylonsproject.org/projects/pyramid/en/1.7-branch/narr/environment.html
###
[app:main]
use = egg:nixbot
nixbot.github_token = ${cfg.githubToken}
nixbot.bot_name = ${cfg.botName}
nixbot.repo = ${cfg.repo}
nixbot.pr_repo = ${cfg.prRepo}
nixbot.hydra_jobsets_repo = ${cfg.hydraJobsetsRepo}
nixbot.github_secret = justnotsorandom
nixbot.public_url = ${cfg.publicUrl}
nixbot.repo_dir = ${cfg.repoDir}
pyramid.reload_templates = false
pyramid.debug_authorization = false
pyramid.debug_notfound = false
pyramid.debug_routematch = false
pyramid.default_locale_name = en
# By default, the toolbar only appears for clients from IP addresses
# '127.0.0.1' and '::1'.
# debugtoolbar.hosts = 127.0.0.1 ::1
###
# wsgi server configuration
###
[server:main]
use = egg:waitress#main
host = 0.0.0.0
port = 6543
###
# logging configuration
# http://docs.pylonsproject.org/projects/pyramid/en/1.7-branch/narr/logging.html
###
[loggers]
keys = root, nixbot
[handlers]
keys = console
[formatters]
keys = generic
[logger_root]
level = INFO
handlers = console
[logger_nixbot]
level = INFO
handlers =
qualname = nixbot
[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic
[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s:%(lineno)s][%(threadName)s] %(message)s
'';
in {
options = {
services.nixbot = {
enable = mkEnableOption "nixbot";
botName = mkOption {
type = types.str;
description = "The bot's github user account name.";
default = "nixbot";
};
githubToken = mkOption {
type = types.str;
description = "The bot's github user account token.";
example = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
};
repo = mkOption {
type = types.str;
description = "The github repository to check for PRs.";
example = "nixos/nixpkgs";
};
prRepo = mkOption {
type = types.str;
description = "The github repository to push the testing branches to.";
example = "nixos/nixpkgs-pr";
};
hydraJobsetsRepo = mkOption {
type = types.str;
description = "The github repository to push the hydra jobset definitions to.";
example = "nixos/hydra-jobsets";
};
publicUrl = mkOption {
type = types.str;
description = "The public URL the bot is reachable at (Github hook endpoint).";
example = "https://nixbot.nixos.org";
};
repoDir = mkOption {
type = types.path;
description = "The directory the repositories are stored in.";
default = "/var/lib/nixbot";
};
};
};
config = mkIf cfg.enable {
users.extraUsers.nixbot = {
createHome = true;
home = cfg.repoDir;
};
systemd.services.nixbot = let
env = pkgs.python3.buildEnv.override {
extraLibs = [ pkgs.nixbot ];
};
in {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = ''
${env}/bin/pserve ${pkgs.writeText "production.ini" pyramidIni}
'';
serviceConfig = {
User = "nixbot";
Group = "nogroup";
PermissionsStartOnly = true;
};
};
};
}

3
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -182,8 +182,7 @@ in {
{ inherit (pkgs) networkmanager modemmanager wpa_supplicant;
inherit (pkgs.gnome3) networkmanager-openvpn networkmanager-vpnc
networkmanager-openconnect networkmanager-fortisslvpn
networkmanager-pptp networkmanager-iodine
networkmanager-l2tp; };
networkmanager-iodine networkmanager-l2tp; };
# Needed for themes and backgrounds
environment.pathsToLink = [ "/share" ];

2
nixos/modules/system/boot/kexec.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }:
{
config = lib.mkIf (pkgs.kexectools != null) {
config = lib.mkIf (pkgs.kexectools.meta.available) {
environment.systemPackages = [ pkgs.kexectools ];
systemd.services."prepare-kexec" =

15
nixos/modules/system/boot/systemd.nix
View File

@ -524,6 +524,14 @@ in
'';
};
systemd.enableCgroupAccounting = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable cgroup accounting.
'';
};
systemd.extraConfig = mkOption {
default = "";
type = types.lines;
@ -725,6 +733,13 @@ in
"systemd/system.conf".text = ''
[Manager]
${optionalString config.systemd.enableCgroupAccounting ''
DefaultCPUAccounting=yes
DefaultIOAccounting=yes
DefaultBlockIOAccounting=yes
DefaultMemoryAccounting=yes
DefaultTasksAccounting=yes
''}
${config.systemd.extraConfig}
'';

1
nixos/release.nix
View File

@ -344,6 +344,7 @@ in rec {
tests.predictable-interface-names = callSubTests tests/predictable-interface-names.nix {};
tests.printing = callTest tests/printing.nix {};
tests.prometheus = callTest tests/prometheus.nix {};
tests.prosody = callTest tests/prosody.nix {};
tests.proxy = callTest tests/proxy.nix {};
# tests.quagga = callTest tests/quagga.nix {};
tests.quake3 = callTest tests/quake3.nix {};

5
nixos/tests/installer.nix
View File

@ -80,8 +80,9 @@ let
+ optionalString isEfi (if pkgs.stdenv.isAarch64
then ''bios => "${pkgs.OVMF.fd}/FV/QEMU_EFI.fd", ''
else ''bios => "${pkgs.OVMF.fd}/FV/OVMF.fd", '');
in
''
in if !isEfi && !(pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) then
throw "Non-EFI boot methods are only supported on i686 / x86_64"
else ''
$machine->start;
# Make sure that we get a login prompt etc.

2
nixos/tests/misc.nix
View File

@ -96,7 +96,7 @@ import ./make-test.nix ({ pkgs, ...} : rec {
$machine->succeed("systemctl start systemd-udev-settle.service");
subtest "udev-auto-load", sub {
$machine->waitForUnit('systemd-udev-settle.service');
$machine->succeed('lsmod | grep psmouse');
$machine->succeed('lsmod | grep mousedev');
};
# Test whether systemd-tmpfiles-clean works.

2
nixos/tests/openldap.nix
View File

@ -28,8 +28,8 @@ import ./make-test.nix {
};
testScript = ''
$machine->succeed('systemctl status openldap.service');
$machine->waitForUnit('openldap.service');
$machine->succeed('systemctl status openldap.service');
$machine->succeed('ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"');
'';
}

75
nixos/tests/prosody.nix Normal file
View File

@ -0,0 +1,75 @@
import ./make-test.nix {
name = "prosody";
machine = { config, pkgs, ... }: {
services.prosody = {
enable = true;
# TODO: use a self-signed certificate
c2sRequireEncryption = false;
};
environment.systemPackages = let
sendMessage = pkgs.writeScriptBin "send-message" ''
#!/usr/bin/env python3
# Based on the sleekxmpp send_client example, look there for more details:
# https://github.com/fritzy/SleekXMPP/blob/develop/examples/send_client.py
import sleekxmpp
class SendMsgBot(sleekxmpp.ClientXMPP):
"""
A basic SleekXMPP bot that will log in, send a message,
and then log out.
"""
def __init__(self, jid, password, recipient, message):
sleekxmpp.ClientXMPP.__init__(self, jid, password)
self.recipient = recipient
self.msg = message
self.add_event_handler("session_start", self.start, threaded=True)
def start(self, event):
self.send_presence()
self.get_roster()
self.send_message(mto=self.recipient,
mbody=self.msg,
mtype='chat')
self.disconnect(wait=True)
if __name__ == '__main__':
xmpp = SendMsgBot("test1@localhost", "test1", "test2@localhost", "Hello World!")
xmpp.register_plugin('xep_0030') # Service Discovery
xmpp.register_plugin('xep_0199') # XMPP Ping
# TODO: verify certificate
# If you want to verify the SSL certificates offered by a server:
# xmpp.ca_certs = "path/to/ca/cert"
if xmpp.connect(('localhost', 5222)):
xmpp.process(block=True)
else:
print("Unable to connect.")
sys.exit(1)
'';
in [ (pkgs.python3.withPackages (ps: [ ps.sleekxmpp ])) sendMessage ];
};
testScript = ''
$machine->waitForUnit('prosody.service');
$machine->succeed('prosodyctl status') =~ /Prosody is running/;
# set password to 'test' (it's asked twice)
$machine->succeed('yes test1 | prosodyctl adduser test1@localhost');
# set password to 'y'
$machine->succeed('yes | prosodyctl adduser test2@localhost');
# correct password to 'test2'
$machine->succeed('yes test2 | prosodyctl passwd test2@localhost');
$machine->succeed("send-message");
$machine->succeed('prosodyctl deluser test1@localhost');
$machine->succeed('prosodyctl deluser test2@localhost');
'';
}

2
pkgs/applications/altcoins/ethsign/default.nix
View File

@ -52,7 +52,7 @@ buildGoPackage rec {
];
meta = with stdenv.lib; {
homepage = http://github.com/dapphub/ethsign;
homepage = https://github.com/dapphub/ethsign;
description = "Make raw signed Ethereum transactions";
license = [licenses.gpl3];
};

2
pkgs/applications/audio/audacious/default.nix
View File

@ -60,7 +60,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "Audio player";
homepage = http://audacious-media-player.org/;
homepage = https://audacious-media-player.org/;
maintainers = with maintainers; [ eelco ramkromberg ];
platforms = with platforms; linux;
license = with licenses; [

2
pkgs/applications/audio/audacious/qt-5.nix
View File

@ -81,7 +81,7 @@ mkDerivation {
meta = with lib; {
description = "Audio player";
homepage = http://audacious-media-player.org/;
homepage = https://audacious-media-player.org/;
maintainers = with maintainers; [ ttuegel ];
platforms = with platforms; linux;
license = with licenses; [

4
pkgs/applications/audio/fldigi/default.nix
View File

@ -2,13 +2,13 @@
libsamplerate, libpulseaudio, libXinerama, gettext, pkgconfig, alsaLib }:
stdenv.mkDerivation rec {
version = "3.23.15";
version = "4.0.16";
pname = "fldigi";
name = "${pname}-${version}";
src = fetchurl {
url = "mirror://sourceforge/${pname}/${name}.tar.gz";
sha256 = "1nxafk99fr6yb09cq3vdpzjcd85mnjwwl8rzccx21kla1ysihl5m";
sha256 = "1gcahm1lv3yfscaxanrx6q7dydxjznw98vdc0f8zgdb15na3f0g7";
};
buildInputs = [ libXinerama gettext hamlib fltk13 libjpeg libpng portaudio

23
pkgs/applications/audio/gtkpod/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, pkgconfig, makeWrapper, intltool, libgpod, curl, flac,
gnome, gtk3, glib, gettext, perl, perlXMLParser, flex, libglade, libid3tag,
{ stdenv, fetchurl, pkgconfig, wrapGAppsHook, intltool, libgpod, curl, flac,
gnome3, gtk3, glib, gettext, perl, perlXMLParser, flex, libid3tag,
libvorbis, hicolor-icon-theme, gdk_pixbuf }:
stdenv.mkDerivation rec {
@ -11,24 +11,17 @@ stdenv.mkDerivation rec {
sha256 = "0xisrpx069f7bjkyc8vqxb4k0480jmx1wscqxr6cpq1qj6pchzd5";
};
propagatedUserEnvPkgs = [ gnome.gnome-themes-standard ];
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ makeWrapper intltool curl gettext perl perlXMLParser
flex libgpod libid3tag flac libvorbis gtk3 gdk_pixbuf libglade gnome.anjuta
gnome.gdl gnome.defaultIconTheme
hicolor-icon-theme ];
nativeBuildInputs = [ pkgconfig wrapGAppsHook intltool ];
buildInputs = [
curl gettext perl perlXMLParser
flex libgpod libid3tag flac libvorbis gtk3 gdk_pixbuf
gnome3.gdl gnome3.defaultIconTheme gnome3.anjuta
];
patchPhase = ''
sed -i 's/which/type -P/' scripts/*.sh
'';
preFixup = ''
wrapProgram "$out/bin/gtkpod" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome.gnome-themes-standard}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
'';
enableParallelBuilding = true;
meta = with stdenv.lib; {

4
pkgs/applications/audio/kid3/default.nix
View File

@ -10,11 +10,11 @@
stdenv.mkDerivation rec {
name = "kid3-${version}";
version = "3.5.1";
version = "3.6.0";
src = fetchurl {
url = "mirror://sourceforge/project/kid3/kid3/${version}/${name}.tar.gz";
sha256 = "09iryxnhg8d9q36a4brb25bqkjprkx5kl0x7vyy82gxivqk0ihl8";
sha256 = "1kv795prc4d3f2cbzskvdi73l6nx4cfcd32x255wq1s74zp1k73p";
};
buildInputs = with stdenv.lib;

4
pkgs/applications/audio/lastfmsubmitd/default.nix
View File

@ -6,7 +6,7 @@ pythonPackages.buildPythonApplication rec {
version = "1.0.6";
src = fetchurl {
url = "http://www.red-bean.com/decklin/lastfmsubmitd/lastfmsubmitd-${version}.tar.gz";
url = "https://www.red-bean.com/decklin/lastfmsubmitd/lastfmsubmitd-${version}.tar.gz";
sha256 = "c2636d5095a95167366bacd458624d67b046e060244fa54ba2c2e3efb79f9b0e";
};
@ -15,7 +15,7 @@ pythonPackages.buildPythonApplication rec {
installCommand = "python setup.py install --prefix=$out";
meta = {
homepage = http://www.red-bean.com/decklin/lastfmsubmitd/;
homepage = https://www.red-bean.com/decklin/lastfmsubmitd/;
description = "An last.fm audio scrobbler and daemon";
};
}

2
pkgs/applications/audio/mopidy-gmusic/default.nix
View File

@ -19,7 +19,7 @@ pythonPackages.buildPythonApplication rec {
doCheck = false;
meta = with stdenv.lib; {
homepage = http://www.mopidy.com/;
homepage = https://www.mopidy.com/;
description = "Mopidy extension for playing music from Google Play Music";
license = licenses.asl20;
maintainers = [ maintainers.jgillich ];

4
pkgs/applications/audio/mopidy-iris/default.nix
View File

@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris";
version = "3.14.0";
version = "3.14.2";
src = pythonPackages.fetchPypi {
inherit pname version;
sha256 = "2c0ec5138e554e91d299ac72a7049bc00d77770a08c16c17e1a9df7f8ef42feb";
sha256 = "19affzk45wby50gwxwzqgwa7h7618lcs48ngdsa06sd66s8x2fza";
};
propagatedBuildInputs = [

2
pkgs/applications/audio/mopidy-spotify/default.nix
View File

@ -14,7 +14,7 @@ pythonPackages.buildPythonApplication rec {
doCheck = false;
meta = with stdenv.lib; {
homepage = http://www.mopidy.com/;
homepage = https://www.mopidy.com/;
description = "Mopidy extension for playing music from Spotify";
license = licenses.asl20;
maintainers = [ maintainers.rickynils ];

4
pkgs/applications/audio/mp3blaster/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, ncurses, libvorbis }:
{ stdenv, fetchFromGitHub, ncurses, libvorbis, SDL }:
stdenv.mkDerivation rec {
version = "3.2.6";
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
buildInputs = [
ncurses
libvorbis
];
] ++ stdenv.lib.optional stdenv.isDarwin SDL;
buildFlags = [ "CXXFLAGS=-Wno-narrowing" ];

4
pkgs/applications/audio/padthv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "padthv1-${version}";
version = "0.8.6";
version = "0.9.0";
src = fetchurl {
url = "mirror://sourceforge/padthv1/${name}.tar.gz";
sha256 = "1mikab2f9n5q1sfgnp3sbm1rf3v57k4085lsgh0a5gzga2h4hwxq";
sha256 = "0c519qk2g0dk8gqf9ywqfp7dnr4b25lsnxxbf2l1spnnvf8nysvh";
};
buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools fftw ];

4
pkgs/applications/audio/samplv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "samplv1-${version}";
version = "0.8.6";
version = "0.9.0";
src = fetchurl {
url = "mirror://sourceforge/samplv1/${name}.tar.gz";
sha256 = "035bq7yfg1yirsqk63zwkzjw9dxl52lrzq9y0w7nga0vb11xdfij";
sha256 = "0g67vm9ilmq5nlvk0f3abia9pbinr4ck5v4mll6igni1rxz2n7wk";
};
buildInputs = [ libjack2 alsaLib liblo libsndfile lv2 qt5.qtbase qt5.qttools];

4
pkgs/applications/audio/snd/default.nix
View File

@ -4,11 +4,11 @@
}:
stdenv.mkDerivation rec {
name = "snd-18.1";
name = "snd-18.2";
src = fetchurl {
url = "mirror://sourceforge/snd/${name}.tar.gz";
sha256 = "0wdifvpm54j5fxxp867jnrfdy3jb8iff2mxqvp08plp45zfjv6xh";
sha256 = "0b0ija3cf2c9sqh3cclk5a7i73vagfkyw211aykfd76w7ibirs3r";
};
nativeBuildInputs = [ pkgconfig ];

4
pkgs/applications/audio/sonata/default.nix
View File

@ -19,7 +19,7 @@ in buildPythonApplication rec {
nativeBuildInputs = [ pkgconfig ];
buildInputs = [
intltool wrapGAppsHook
gnome3.gnome-themes-standard gnome3.defaultIconTheme
gnome3.defaultIconTheme
gnome3.gsettings-desktop-schemas
];
@ -28,8 +28,6 @@ in buildPythonApplication rec {
sed -i '/localmpd/d' sonata/consts.py
'';
propagatedUserEnvPkgs = [ gnome3.gnome-themes-standard ];
propagatedBuildInputs = [
gobjectIntrospection gtk3 pygobject3
];

50
pkgs/applications/audio/sound-juicer/default.nix
View File

@ -1,41 +1,33 @@
{ stdenv, fetchurl, pkgconfig, gtk3, intltool, itstool, libxml2, brasero
{ stdenv, fetchurl, pkgconfig, glib, gtk3, intltool, itstool, libxml2, brasero
, libcanberra-gtk3, gnome3, gst_all_1, libmusicbrainz5, libdiscid, isocodes
, makeWrapper }:
, wrapGAppsHook }:
let
major = "3.16";
minor = "1";
in stdenv.mkDerivation rec {
version = "${major}.${minor}";
name = "sound-juicer-${version}";
pname = "sound-juicer";
version = "3.16.1";
in stdenv.mkDerivation rec{
name = "${pname}-${version}";
src = fetchurl {
url = "http://download.gnome.org/sources/sound-juicer/${major}/${name}.tar.xz";
url = "mirror://gnome/sources/${pname}/${gnome3.versionBranch version}/${name}.tar.xz";
sha256 = "0mx6n901vb97hsv0cwaafjffj75s1kcp8jsqay90dy3099849dyz";
};
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ gtk3 intltool itstool libxml2 brasero libcanberra-gtk3
gnome3.gsettings-desktop-schemas libmusicbrainz5 libdiscid isocodes
makeWrapper (stdenv.lib.getLib gnome3.dconf)
gst_all_1.gstreamer gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-good gst_all_1.gst-plugins-bad
gst_all_1.gst-libav
];
nativeBuildInputs = [ pkgconfig intltool itstool libxml2 wrapGAppsHook ];
buildInputs = [
glib gtk3 brasero libcanberra-gtk3 gnome3.defaultIconTheme
gnome3.gsettings-desktop-schemas libmusicbrainz5 libdiscid isocodes
gst_all_1.gstreamer gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-good gst_all_1.gst-plugins-bad
gst_all_1.gst-libav
];
preFixup = ''
for f in $out/bin/* $out/libexec/*; do
wrapProgram "$f" \
--prefix XDG_DATA_DIRS : "${gnome3.gnome-themes-standard}/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH" \
--prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0" \
--prefix GIO_EXTRA_MODULES : "${stdenv.lib.getLib gnome3.dconf}/lib/gio/modules"
done
'';
postInstall = ''
rm $out/share/icons/hicolor/icon-theme.cache
'';
passthru = {
updateScript = gnome3.updateScript {
packageName = pname;
attrPath = "gnome3.${pname}";
};
};
meta = with stdenv.lib; {
description = "A Gnome CD Ripper";

5
pkgs/applications/audio/streamripper/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl , glib, pkgconfig, libogg, libvorbis }:
{ stdenv, fetchurl , glib, pkgconfig, libogg, libvorbis, libmad }:
stdenv.mkDerivation rec {
name = "streamripper-${version}";
@ -10,13 +10,12 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ glib libogg libvorbis ];
buildInputs = [ glib libogg libvorbis libmad ];
meta = with stdenv.lib; {
homepage = http://streamripper.sourceforge.net/;
description = "Application that lets you record streaming mp3 to your hard drive";
license = licenses.gpl2;
platforms = platforms.linux;
maintainers = with maintainers; [ the-kenny ];
};
}

4
pkgs/applications/audio/yoshimi/default.nix
View File

@ -6,11 +6,11 @@ assert stdenv ? glibc;
stdenv.mkDerivation rec {
name = "yoshimi-${version}";
version = "1.5.6";
version = "1.5.7";
src = fetchurl {
url = "mirror://sourceforge/yoshimi/${name}.tar.bz2";
sha256 = "0bjfhfslpa2hjrc9h38m7dlr62953w9n4cvkgvfy495cbym12dak";
sha256 = "1w916mmi6hh547a7icrgx6qr2kwxlxwlm6ampql427rshcz9r61k";
};
buildInputs = [

2
pkgs/applications/backup/deja-dup/default.nix
View File

@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
propagatedUserEnvPkgs = [ duplicity ];
PKG_CONFIG_LIBNAUTILUS_EXTENSION_EXTENSIONDIR = "${placeholder "out"}/lib/nautilus/extensions-3.0";
PKG_CONFIG_LIBNAUTILUS_EXTENSION_EXTENSIONDIR = "lib/nautilus/extensions-3.0";
postInstall = ''
glib-compile-schemas $out/share/glib-2.0/schemas

4
pkgs/applications/display-managers/lightdm-gtk-greeter/default.nix
View File

@ -9,14 +9,14 @@
let
ver_branch = "2.0";
version = "2.0.4";
version = "2.0.5";
in
stdenv.mkDerivation rec {
name = "lightdm-gtk-greeter-${version}";
src = fetchurl {
url = "${meta.homepage}/${ver_branch}/${version}/+download/${name}.tar.gz";
sha256 = "1svbyq2l3l2d72k10nw79jz940rqsskryaim2viy6jfpv9k5jfv1";
sha256 = "1pw70db8320wvkhkrw4i2qprxlrqy3jmb6yrr4bm3lgrizahiijx";
};
nativeBuildInputs = [ pkgconfig ];

6
pkgs/applications/editors/android-studio/default.nix
View File

@ -8,9 +8,9 @@ let
inherit (gnome2) GConf gnome_vfs;
};
latestVersion = {
version = "3.2.0.6"; # "Android Studio 3.2 Canary 7"
build = "173.4658582";
sha256Hash = "0a6ssw5mb9my5kfd5fkfdddkgdi2jdq23jlhd6rrqcs6rhdlpl38";
version = "3.2.0.7"; # "Android Studio 3.2 Canary 8"
build = "173.4670218";
sha256Hash = "0p1lls1pkhji8x0p32clsiq3ng64jhqv2vxkhdkmsbh5p4dc1g21";
};
in rec {
# Old alias

6
pkgs/applications/editors/kakoune/default.nix
View File

@ -4,12 +4,12 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "kakoune-unstable-${version}";
version = "2018-02-15";
version = "2018-03-22";
src = fetchFromGitHub {
repo = "kakoune";
owner = "mawww";
rev = "f5e39972eb525166dc5b1d963067f79990991a75";
sha256 = "160a302xg6nfzx49dkis6ij20kyzr63kxvcv8ld3l07l8k69g80r";
rev = "f8e297acef1be0657b779fea5256f606a6c6a3a3";
sha256 = "14xmw3lkwzppm9bns55nmyb1lfihzhdyisf6xjqlszdj4mcf94jl";
};
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ ncurses asciidoc docbook_xsl libxslt ];

68
pkgs/applications/editors/texmacs/common.nix Normal file
View File

@ -0,0 +1,68 @@
{ stdenv, fetchurl, tex, extraFonts, chineseFonts, japaneseFonts, koreanFonts }:
rec {
extraFontsSrc = fetchurl {
url = "ftp://ftp.texmacs.org/pub/TeXmacs/fonts/TeXmacs-extra-fonts-1.0-noarch.tar.gz";
sha256 = "0hylgjmd95y9yahbblmawkkw0i71vb145xxv2xqrmff81301n6k7";
};
fullFontsSrc = fetchurl {
url = "ftp://ftp.texmacs.org/pub/TeXmacs/fonts/TeXmacs-windows-fonts-1.0-noarch.tar.gz";
sha256 = "1yxzjpqpm7kvx0ly5jmfpzlfhsh41b0ibn1v84qv6xy73r2vis2f";
};
chineseFontsSrc = fetchurl {
url = "ftp://ftp.texmacs.org/pub/TeXmacs/fonts/TeXmacs-chinese-fonts.tar.gz";
sha256 = "0yprqjsx5mfsaxr525mcm3xqwcadzxp14njm38ir1325baada2fp";
};
japaneseFontsSrc = fetchurl {
url = "ftp://ftp.texmacs.org/pub/TeXmacs/fonts/TeXmacs-japanese-fonts.tar.gz";
sha256 = "1dn6zvsa7gk59d61xicwpbapab3rm6kz48rp5w1bhmihxixw21jn";
};
koreanFontsSrc = fetchurl {
url = "ftp://ftp.texmacs.org/pub/TeXmacs/fonts/TeXmacs-korean-fonts.tar.gz";
sha256 = "07axg57mqm3jbnm4lawx0h3r2h56xv9acwzjppryfklw4c27f5hh";
};
postPatch = (if tex == null then ''
gunzip < ${fullFontsSrc} | (cd TeXmacs && tar xvf -)
'' else if extraFonts then ''
gunzip < ${extraFontsSrc} | (cd TeXmacs && tar xvf -)
'' else "") +
(if chineseFonts then ''
gunzip < ${chineseFontsSrc} | (cd TeXmacs && tar xvf -)
'' else "") +
(if japaneseFonts then ''
gunzip < ${japaneseFontsSrc} | (cd TeXmacs && tar xvf -)
'' else "") +
(if koreanFonts then ''
gunzip < ${koreanFontsSrc} | (cd TeXmacs && tar xvf -)
'' else "");
meta = {
description = "WYSIWYW editing platform with special features for scientists";
longDescription =
'' GNU TeXmacs is a free wysiwyw (what you see is what you want)
editing platform with special features for scientists. The software
aims to provide a unified and user friendly framework for editing
structured documents with different types of content (text,
graphics, mathematics, interactive content, etc.). The rendering
engine uses high-quality typesetting algorithms so as to produce
professionally looking documents, which can either be printed out or
presented from a laptop.
The software includes a text editor with support for mathematical
formulas, a small technical picture editor and a tool for making
presentations from a laptop. Moreover, TeXmacs can be used as an
interface for many external systems for computer algebra, numerical
analysis, statistics, etc. New presentation styles can be written
by the user and new features can be added to the editor using the
Scheme extension language. A native spreadsheet and tools for
collaborative authoring are planned for later.
'';
homepage = http://texmacs.org/;
license = stdenv.lib.licenses.gpl2Plus;
};
}

59
pkgs/applications/editors/texmacs/darwin.nix Normal file
View File

@ -0,0 +1,59 @@
{ stdenv, callPackage, fetchurl, makeWrapper,
guile_1_8, qt4, zlib, freetype, CoreFoundation, Cocoa, gettext, libiconv, ghostscript,
tex ? null,
aspell ? null,
netpbm ? null,
imagemagick ? null,
extraFonts ? false,
chineseFonts ? false,
japaneseFonts ? false,
koreanFonts ? false }:
let
version = "1.99.4";
common = callPackage ./common.nix {
inherit tex extraFonts chineseFonts japaneseFonts koreanFonts;
};
in
stdenv.mkDerivation {
name = "TeXmacs-${version}";
src= fetchurl {
url = "http://www.texmacs.org/Download/ftp/tmftp/source/TeXmacs-${version}-src.tar.gz";
sha256 = "1z8sj0xd1ncbl7ipzfsib6lmc7ahgvmiw61ln5zxm2l88jf7qc1a";
};
patches = [ ./darwin.patch ];
buildInputs = [ guile_1_8.dev qt4 freetype CoreFoundation Cocoa gettext libiconv ghostscript ];
GUILE_CPPFLAGS="-D_THREAD_SAFE -I${guile_1_8.dev}/include -I${guile_1_8.dev}/include/guile ";
NIX_LDFLAGS="${zlib}/lib/libz.dylib";
buildPhase = ''
substituteInPlace Makefile \
--replace 'find -d $(MACOS_PACKAGE_TEXMACS)' 'find $(MACOS_PACKAGE_TEXMACS) -depth' \
--replace '$(MACOS_PACKAGE_SRC)/bundle-libs.sh' 'true'
make MACOS_BUNDLE
'';
installPhase = ''
mkdir -p $out/Applications
cp -R ../distr/TeXmacs-${version}.app $out/Applications
'';
inherit (common) postPatch;
postInstall = "wrapProgram $out/Applications/TeXmacs-${version}/Contents/MacOS/TeXmacs --suffix PATH : " +
"${ghostscript}/bin:" +
(if aspell == null then "" else "${aspell}/bin:") +
(if tex == null then "" else "${tex}/bin:") +
(if netpbm == null then "" else "${netpbm}/bin:") +
(if imagemagick == null then "" else "${imagemagick}/bin:");
enableParallelBuilding = true;
meta = common.meta // {
platforms = stdenv.lib.platforms.darwin;
};
}

29
pkgs/applications/editors/texmacs/darwin.patch Normal file
View File

@ -0,0 +1,29 @@
--- a/configure
+++ b/configure
@@ -7461,7 +7461,7 @@ $as_echo "final adjustments for cygwin host" >&6; }
CONFIG_QTPIPES="yes"
CONFIG_CXXFLAGS="-I${prefix}/include"
CONFIG_BSHARED=""
- CONFIG_BFLAGS="-framework Cocoa -framework IOKit"
+ CONFIG_BFLAGS="-framework Cocoa -framework IOKit -framework CoreFoundation"
CONFIG_BPATH=""
CONFIG_SO="dylib"
CONFIG_LIB_PATH="DYLD_LIBRARY_PATH"
@@ -8281,6 +8281,7 @@ _ASEOF
if $QMAKE ${additional_qmake_flags} ; then :; else
as_fn_error $? "Calling $QMAKE failed." "$LINENO" 5
fi
+ echo "QMAKE_MACOSX_DEPLOYMENT_TARGET = 10.10" >> $pro_file
# Try to compile a simple Qt app.
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we can build a simple Qt app" >&5
$as_echo_n "checking whether we can build a simple Qt app... " >&6; }
--- a/src/Plugins/Unix/unix_sys_utils.cpp
+++ b/src/Plugins/Unix/unix_sys_utils.cpp
@@ -17,6 +17,7 @@
#include <spawn.h>
#include <unistd.h>
#include <sys/wait.h>
+#include <pthread.h>
// for thread safe strings
#include <string>

85
pkgs/applications/editors/texmacs/default.nix
View File

@ -1,41 +1,21 @@
{stdenv, fetchurl, guile_1_8, qt4, zlib, xmodmap, which, makeWrapper, freetype,
tex ? null,
aspell ? null,
ghostscriptX ? null,
extraFonts ? false,
chineseFonts ? false,
japaneseFonts ? false,
koreanFonts ? false }:
{ stdenv, callPackage,
fetchurl, guile_1_8, qt4, zlib, xmodmap, which, makeWrapper, freetype,
tex ? null,
aspell ? null,
ghostscriptX ? null,
extraFonts ? false,
chineseFonts ? false,
japaneseFonts ? false,
koreanFonts ? false }:
let
pname = "TeXmacs";
version = "1.99.2";
extraFontsSrc = fetchurl {
url = "ftp://ftp.texmacs.org/pub/TeXmacs/fonts/TeXmacs-extra-fonts-1.0-noarch.tar.gz";
sha256 = "0hylgjmd95y9yahbblmawkkw0i71vb145xxv2xqrmff81301n6k7";
};
fullFontsSrc = fetchurl {
url = "ftp://ftp.texmacs.org/pub/TeXmacs/fonts/TeXmacs-windows-fonts-1.0-noarch.tar.gz";
sha256 = "1yxzjpqpm7kvx0ly5jmfpzlfhsh41b0ibn1v84qv6xy73r2vis2f";
};
chineseFontsSrc = fetchurl {
url = "ftp://ftp.texmacs.org/pub/TeXmacs/fonts/TeXmacs-chinese-fonts.tar.gz";
sha256 = "0yprqjsx5mfsaxr525mcm3xqwcadzxp14njm38ir1325baada2fp";
};
japaneseFontsSrc = fetchurl {
url = "ftp://ftp.texmacs.org/pub/TeXmacs/fonts/TeXmacs-japanese-fonts.tar.gz";
sha256 = "1dn6zvsa7gk59d61xicwpbapab3rm6kz48rp5w1bhmihxixw21jn";
};
koreanFontsSrc = fetchurl {
url = "ftp://ftp.texmacs.org/pub/TeXmacs/fonts/TeXmacs-korean-fonts.tar.gz";
sha256 = "07axg57mqm3jbnm4lawx0h3r2h56xv9acwzjppryfklw4c27f5hh";
common = callPackage ./common.nix {
inherit tex extraFonts chineseFonts japaneseFonts koreanFonts;
};
in
stdenv.mkDerivation rec {
stdenv.mkDerivation {
name = "${pname}-${version}";
src = fetchurl {
@ -45,56 +25,21 @@ stdenv.mkDerivation rec {
buildInputs = [ guile_1_8 qt4 makeWrapper ghostscriptX freetype ];
patchPhase = (if tex == null then ''
gunzip < ${fullFontsSrc} | (cd TeXmacs && tar xvf -)
'' else if extraFonts then ''
gunzip < ${extraFontsSrc} | (cd TeXmacs && tar xvf -)
'' else "") +
(if chineseFonts then ''
gunzip < ${chineseFontsSrc} | (cd TeXmacs && tar xvf -)
'' else "") +
(if japaneseFonts then ''
gunzip < ${japaneseFontsSrc} | (cd TeXmacs && tar xvf -)
'' else "") +
(if koreanFonts then ''
gunzip < ${koreanFontsSrc} | (cd TeXmacs && tar xvf -)
'' else "");
postInstall = "wrapProgram $out/bin/texmacs --suffix PATH : " +
(if ghostscriptX == null then "" else "${ghostscriptX}/bin:") +
(if aspell == null then "" else "${aspell}/bin:") +
(if tex == null then "" else "${tex}/bin:") +
"${xmodmap}/bin:${which}/bin";
inherit (common) postPatch;
postFixup = ''
bin="$out/libexec/TeXmacs/bin/texmacs.bin"
rpath=$(patchelf --print-rpath "$bin")
patchelf --set-rpath "$rpath:${zlib.out}/lib" "$bin"
'';
meta = {
description = "WYSIWYW editing platform with special features for scientists";
longDescription =
'' GNU TeXmacs is a free wysiwyw (what you see is what you want)
editing platform with special features for scientists. The software
aims to provide a unified and user friendly framework for editing
structured documents with different types of content (text,
graphics, mathematics, interactive content, etc.). The rendering
engine uses high-quality typesetting algorithms so as to produce
professionally looking documents, which can either be printed out or
presented from a laptop.
The software includes a text editor with support for mathematical
formulas, a small technical picture editor and a tool for making
presentations from a laptop. Moreover, TeXmacs can be used as an
interface for many external systems for computer algebra, numerical
analysis, statistics, etc. New presentation styles can be written
by the user and new features can be added to the editor using the
Scheme extension language. A native spreadsheet and tools for
collaborative authoring are planned for later.
'';
homepage = http://texmacs.org/;
license = stdenv.lib.licenses.gpl2Plus;
meta = common.meta // {
maintainers = [ stdenv.lib.maintainers.roconnor ];
platforms = stdenv.lib.platforms.gnu; # arbitrary choice
};

8
pkgs/applications/editors/vis/default.nix
View File

@ -5,11 +5,11 @@
stdenv.mkDerivation rec {
name = "vis-${version}";
version = "0.4";
version = "0.5";
src = fetchFromGitHub {
rev = "v${version}";
sha256 = "1crsg3ssqv4xix9z16hwl0zyx7hxk686s52zmrp7yfak3m5igf9k";
sha256 = "1vhq6hprkgj90iwl5vl3pxs3xwc01mx8yhi6c1phzry5agqqp8jb";
repo = "vis";
owner = "martanne";
};
@ -26,6 +26,10 @@ stdenv.mkDerivation rec {
libselinux
];
postPatch = ''
patchShebangs ./configure
'';
LUA_CPATH="${lpeg}/lib/lua/${lua.luaversion}/?.so;";
LUA_PATH="${lpeg}/share/lua/${lua.luaversion}/?.lua";

Some files were not shown because too many files have changed in this diff Show More