public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into aj-rust-custom-target

Browse Source
This commit is contained in:
John Ericson 2020-11-28 17:09:12 +00:00
commit c6617d28ef
2115 changed files with 36561 additions and 25124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.editorconfig
View File

@ -65,9 +65,7 @@ trim_trailing_whitespace = unset
[gemset.nix] [gemset.nix]
insert_final_newline = unset insert_final_newline = unset
[node-{composition,packages}.nix] [node-{composition,packages,packages-generated}.nix]
insert_final_newline = unset
[node-packages-generated.nix]
insert_final_newline = unset insert_final_newline = unset
[nixos/modules/services/networking/ircd-hybrid/*.{conf,in}] [nixos/modules/services/networking/ircd-hybrid/*.{conf,in}]
@ -76,9 +74,6 @@ trim_trailing_whitespace = unset
[nixos/tests/systemd-networkd-vrf.nix] [nixos/tests/systemd-networkd-vrf.nix]
trim_trailing_whitespace = unset trim_trailing_whitespace = unset
[pkgs/applications/editors/emacs-modes/recipes-archive-melpa.json]
indent_size = unset
[pkgs/build-support/dotnetenv/Wrapper/**] [pkgs/build-support/dotnetenv/Wrapper/**]
end_of_line = unset end_of_line = unset
insert_final_newline = unset insert_final_newline = unset
@ -91,12 +86,8 @@ trim_trailing_whitespace = unset
end_of_line = unset end_of_line = unset
insert_final_newline = unset insert_final_newline = unset
[pkgs/development/lisp-modules/quicklisp-to-nix.nix]
indent_size = unset
[pkgs/development/haskell-modules/hackage-packages.nix] [pkgs/development/haskell-modules/hackage-packages.nix]
indent_style = unset indent_style = unset
indent_size = unset
trim_trailing_whitespace = unset trim_trailing_whitespace = unset
[pkgs/development/mobile/androidenv/generated/{addons,packages}.nix] [pkgs/development/mobile/androidenv/generated/{addons,packages}.nix]
@ -106,7 +97,6 @@ trim_trailing_whitespace = unset
insert_final_newline = unset insert_final_newline = unset
[pkgs/servers/dict/wordnet_structures.py] [pkgs/servers/dict/wordnet_structures.py]
indent_size = unset
trim_trailing_whitespace = unset trim_trailing_whitespace = unset
[pkgs/tools/misc/timidity/timidity.cfg] [pkgs/tools/misc/timidity/timidity.cfg]
@ -118,6 +108,3 @@ trim_trailing_whitespace = unset
[pkgs/top-level/emscripten-packages.nix] [pkgs/top-level/emscripten-packages.nix]
trim_trailing_whitespace = unset trim_trailing_whitespace = unset
[pkgs/top-level/perl-packages.nix]
indent_size = unset

5
.github/CODEOWNERS vendored
View File

@ -96,8 +96,8 @@
/pkgs/development/ruby-modules @alyssais /pkgs/development/ruby-modules @alyssais
# Rust # Rust
/pkgs/development/compilers/rust @Mic92 @LnL7 /pkgs/development/compilers/rust @Mic92 @LnL7 @zowoq
/pkgs/build-support/rust @andir /pkgs/build-support/rust @andir @zowoq
# Darwin-related # Darwin-related
/pkgs/stdenv/darwin @NixOS/darwin-maintainers /pkgs/stdenv/darwin @NixOS/darwin-maintainers
@ -192,6 +192,7 @@
/nixos/tests/php @NixOS/php /nixos/tests/php @NixOS/php
/pkgs/build-support/build-pecl.nix @NixOS/php /pkgs/build-support/build-pecl.nix @NixOS/php
/pkgs/development/interpreters/php @NixOS/php /pkgs/development/interpreters/php @NixOS/php
/pkgs/development/php-packages @NixOS/php
/pkgs/top-level/php-packages.nix @NixOS/php /pkgs/top-level/php-packages.nix @NixOS/php
# Podman, CRI-O modules and related # Podman, CRI-O modules and related

4
.github/CONTRIBUTING.md vendored
View File

@ -53,10 +53,10 @@ For package version upgrades and such a one-line commit message is usually suffi
Follow these steps to backport a change into a release branch in compliance with the [commit policy](https://nixos.org/nixpkgs/manual/#submitting-changes-stable-release-branches). Follow these steps to backport a change into a release branch in compliance with the [commit policy](https://nixos.org/nixpkgs/manual/#submitting-changes-stable-release-branches).
1. Take note of the commits in which the change was introduced into `master` branch. 1. Take note of the commits in which the change was introduced into `master` branch.
2. Check out the target _release branch_, e.g. `release-20.03`. Do not use a _channel branch_ like `nixos-20.03` or `nixpkgs-20.03`. 2. Check out the target _release branch_, e.g. `release-20.09`. Do not use a _channel branch_ like `nixos-20.09` or `nixpkgs-20.09`.
3. Create a branch for your change, e.g. `git checkout -b backport`. 3. Create a branch for your change, e.g. `git checkout -b backport`.
4. When the reason to backport is not obvious from the original commit message, use `git cherry-pick -xe <original commit>` and add a reason. Otherwise use `git cherry-pick -x <original commit>`. That's fine for minor version updates that only include security and bug fixes, commits that fixes an otherwise broken package or similar. Please also ensure the commits exists on the master branch; in the case of squashed or rebased merges, the commit hash will change and the new commits can be found in the merge message at the bottom of the master pull request. 4. When the reason to backport is not obvious from the original commit message, use `git cherry-pick -xe <original commit>` and add a reason. Otherwise use `git cherry-pick -x <original commit>`. That's fine for minor version updates that only include security and bug fixes, commits that fixes an otherwise broken package or similar. Please also ensure the commits exists on the master branch; in the case of squashed or rebased merges, the commit hash will change and the new commits can be found in the merge message at the bottom of the master pull request.
5. Push to GitHub and open a backport pull request. Make sure to select the release branch (e.g. `release-20.03`) as the target branch of the pull request, and link to the pull request in which the original change was comitted to `master`. The pull request title should be the commit title with the release version as prefix, e.g. `[20.03]`. 5. Push to GitHub and open a backport pull request. Make sure to select the release branch (e.g. `release-20.09`) as the target branch of the pull request, and link to the pull request in which the original change was comitted to `master`. The pull request title should be the commit title with the release version as prefix, e.g. `[20.09]`.
## Reviewing contributions ## Reviewing contributions

34
.github/STALE-BOT.md vendored Normal file
View File

@ -0,0 +1,34 @@
# Stale bot information
- Thanks for your contribution!
- To remove the stale label, just leave a new comment.
- _How to find the right people to ping?_ &rarr; [`git blame`](https://git-scm.com/docs/git-blame) to the rescue! (or GitHub's history and blame buttons.)
- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/) or on the [#nixos IRC channel](https://webchat.freenode.net/#nixos).
## Suggestions for PRs
1. If it is unfinished but you plan to finish it, please mark it as a draft.
2. If you don't expect to work on it any time soon, closing it with a short comment may encourage someone else to pick up your work.
3. To get things rolling again, rebase the PR against the target branch and address valid comments.
4. If you need a review to move forward, ask in [the Discourse thread for PRs that need help](https://discourse.nixos.org/t/prs-in-distress/3604).
5. If all you need is a merge, check the git history to find and [request reviews](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/requesting-a-pull-request-review) from people who usually merge related contributions.
## Suggestions for issues
1. If it is resolved (either for you personally, or in general), please consider closing it.
2. If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough.
3. If you still have interest in resolving it, try to ping somebody who you believe might have an interest in the topic. Consider discussing the problem in [our Discourse Forum](https://discourse.nixos.org/).
4. As with all open source projects, your best option is to submit a Pull Request that addresses this issue. We :heart: this attitude!
**Memorandum on closing issues**
Don't be afraid to close an issue that holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen--nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.
## Useful GitHub search queries
- [Open PRs with any stale-bot interaction](https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+commenter%3Aapp%2Fstale+)
- [Open PRs with any stale-bot interaction and `2.status: stale`](https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+commenter%3Aapp%2Fstale+label%3A%222.status%3A+stale%22)
- [Open PRs with any stale-bot interaction and NOT `2.status: stale`](https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+commenter%3Aapp%2Fstale+-label%3A%222.status%3A+stale%22+)
- [Open Issues with any stale-bot interaction](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+commenter%3Aapp%2Fstale+)
- [Open Issues with any stale-bot interaction and `2.status: stale`](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+commenter%3Aapp%2Fstale+label%3A%222.status%3A+stale%22+)
- [Open Issues with any stale-bot interaction and NOT `2.status: stale`](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+commenter%3Aapp%2Fstale+-label%3A%222.status%3A+stale%22+)

35
.github/stale.yml vendored
View File

@ -1,41 +1,10 @@
# Configuration for probot-stale - https://github.com/probot/stale # Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 180 daysUntilStale: 180
# Number of days of inactivity before a stale issue is closed
daysUntilClose: false daysUntilClose: false
# Issues with these labels will never be considered stale
exemptLabels: exemptLabels:
- "1.severity: security" - "1.severity: security"
# Label to use when marking an issue as stale - "2.status: never-stale"
staleLabel: "2.status: stale" staleLabel: "2.status: stale"
# Comment to post when marking an issue as stale. Set to `false` to disable
pulls:
markComment: | markComment: |
Hello, I'm a bot and I thank you in the name of the community for your contributions. I marked this as stale due to inactivity. &rarr; [More info](https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md)
Nixpkgs is a busy repository, and unfortunately sometimes PRs get left behind for too long. Nevertheless, we'd like to help committers reach the PRs that are still important. This PR has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human.
If this is still important to you and you'd like to remove the stale label, we ask that you leave a comment. Your comment can be as simple as "still important to me". But there's a bit more you can do:
If you received an approval by an unprivileged maintainer and you are just waiting for a merge, you can @ mention someone with merge permissions and ask them to help. You might be able to find someone relevant by using [Git blame](https://git-scm.com/docs/git-blame) on the relevant files, or via [GitHub's web interface](https://docs.github.com/en/github/managing-files-in-a-repository/tracking-changes-in-a-file). You can see if someone's a member of the [nixpkgs-committers](https://github.com/orgs/NixOS/teams/nixpkgs-committers) team, by hovering with the mouse over their username on the web interface, or by searching them directly on [the list](https://github.com/orgs/NixOS/teams/nixpkgs-committers).
If your PR wasn't reviewed at all, it might help to find someone who's perhaps a user of the package or module you are changing, or alternatively, ask once more for a review by the maintainer of the package/module this is about. If you don't know any, you can use [Git blame](https://git-scm.com/docs/git-blame) on the relevant files, or [GitHub's web interface](https://docs.github.com/en/github/managing-files-in-a-repository/tracking-changes-in-a-file) to find someone who touched the relevant files in the past.
If your PR has had reviews and nevertheless got stale, make sure you've responded to all of the reviewer's requests / questions. Usually when PR authors show responsibility and dedication, reviewers (privileged or not) show dedication as well. If you've pushed a change, it's possible the reviewer wasn't notified about your push via email, so you can always [officially request them for a review](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/requesting-a-pull-request-review), or just @ mention them and say you've addressed their comments.
Lastly, you can always ask for help at [our Discourse Forum](https://discourse.nixos.org/), or more specifically, [at this thread](https://discourse.nixos.org/t/prs-in-distress/3604) or at [#nixos' IRC channel](https://webchat.freenode.net/#nixos).
issues:
markComment: |
Hello, I'm a bot and I thank you in the name of the community for opening this issue.
To help our human contributors focus on the most-relevant reports, I check up on old issues to see if they're still relevant. This issue has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human.
The community would appreciate your effort in checking if the issue is still valid. If it isn't, please close it.
If the issue persists, and you'd like to remove the stale label, you simply need to leave a comment. Your comment can be as simple as "still important to me". If you'd like it to get more attention, you can ask for help by searching for maintainers and people that previously touched related code and @ mention them in a comment. You can use [Git blame](https://git-scm.com/docs/git-blame) or [GitHub's web interface](https://docs.github.com/en/github/managing-files-in-a-repository/tracking-changes-in-a-file) on the relevant files to find them.
Lastly, you can always ask for help at [our Discourse Forum](https://discourse.nixos.org/) or at [#nixos' IRC channel](https://webchat.freenode.net/#nixos).
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: false closeComment: false

2
.github/workflows/editorconfig.yml vendored
View File

@ -14,7 +14,7 @@ jobs:
- name: Fetch editorconfig-checker - name: Fetch editorconfig-checker
if: env.GIT_DIFF if: env.GIT_DIFF
env: env:
ECC_VERSION: "2.1.0" ECC_VERSION: "2.2.0"
ECC_URL: "https://github.com/editorconfig-checker/editorconfig-checker/releases/download" ECC_URL: "https://github.com/editorconfig-checker/editorconfig-checker/releases/download"
run: | run: |
curl -sSf -O -L -C - "$ECC_URL/$ECC_VERSION/ec-linux-amd64.tar.gz" && \ curl -sSf -O -L -C - "$ECC_URL/$ECC_VERSION/ec-linux-amd64.tar.gz" && \

4
README.md
View File

@ -46,9 +46,9 @@ Nixpkgs and NixOS are built and tested by our continuous integration
system, [Hydra](https://hydra.nixos.org/). system, [Hydra](https://hydra.nixos.org/).
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined) * [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for the NixOS 20.03 release](https://hydra.nixos.org/jobset/nixos/release-20.03) * [Continuous package builds for the NixOS 20.09 release](https://hydra.nixos.org/jobset/nixos/release-20.09)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents) * [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for the NixOS 20.03 release](https://hydra.nixos.org/job/nixos/release-20.03/tested#tabs-constituents) * [Tests for the NixOS 20.09 release](https://hydra.nixos.org/job/nixos/release-20.09/tested#tabs-constituents)
Artifacts successfully built with Hydra are published to cache at Artifacts successfully built with Hydra are published to cache at
https://cache.nixos.org/. When successful build and test criteria are https://cache.nixos.org/. When successful build and test criteria are

2
doc/builders/packages/opengl.xml
View File

@ -4,6 +4,6 @@
<title>OpenGL</title> <title>OpenGL</title>
<para> <para>
Packages that use OpenGL have NixOS desktop as their primary target. The current solution for loading the GPU-specific drivers is based on <literal>libglvnd</literal> and looks for the driver implementation in <literal>LD_LIBRARY_PATH</literal>. If you are using a non-NixOS GNU/Linux/X11 desktop with free software video drivers, consider launching OpenGL-dependent programs from Nixpkgs with Nixpkgs versions of <literal>libglvnd</literal> and <literal>mesa_drivers</literal> in <literal>LD_LIBRARY_PATH</literal>. For proprietary video drivers you might have luck with also adding the corresponding video driver package. Packages that use OpenGL have NixOS desktop as their primary target. The current solution for loading the GPU-specific drivers is based on <literal>libglvnd</literal> and looks for the driver implementation in <literal>LD_LIBRARY_PATH</literal>. If you are using a non-NixOS GNU/Linux/X11 desktop with free software video drivers, consider launching OpenGL-dependent programs from Nixpkgs with Nixpkgs versions of <literal>libglvnd</literal> and <literal>mesa.drivers</literal> in <literal>LD_LIBRARY_PATH</literal>. For proprietary video drivers you might have luck with also adding the corresponding video driver package.
</para> </para>
</section> </section>

10
doc/contributing/coding-conventions.xml
View File

@ -522,6 +522,16 @@ args.stdenv.mkDerivation (args // {
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>
If its a <emphasis>terminal emulator</emphasis>:
</term>
<listitem>
<para>
<filename>applications/terminal-emulators</filename> (e.g. <filename>alacritty</filename> or <filename>rxvt</filename> or <filename>termite</filename>)
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term> <term>
If its for <emphasis>video playback / editing</emphasis>: If its for <emphasis>video playback / editing</emphasis>:

1093
doc/languages-frameworks/haskell.section.md
View File

File diff suppressed because it is too large Load Diff

14
doc/languages-frameworks/vim.section.md
View File

@ -265,6 +265,20 @@ To add a new plugin, run `./update.py --add "[owner]/[name]"`. **NOTE**: This sc
Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of Language Server Protocol integration with vim/neovim. Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of Language Server Protocol integration with vim/neovim.
## Updating plugins in nixpkgs
Run the update script with a GitHub API token that has at least `public_repo` access. Running the script without the token is likely to result in rate-limiting (429 errors). For steps on creating an API token, please refer to [GitHub's token documentation](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token).
```sh
GITHUB_API_TOKEN=my_token ./pkgs/misc/vim-plugins/update.py
```
Alternatively, set the number of processes to a lower count to avoid rate-limiting.
```sh
./pkgs/misc/vim-plugins/update.py --proc 1
```
## Important repositories ## Important repositories
- [vim-pi](https://bitbucket.org/vimcommunity/vim-pi) is a plugin repository - [vim-pi](https://bitbucket.org/vimcommunity/vim-pi) is a plugin repository

13
doc/stdenv/stdenv.xml
View File

@ -1833,6 +1833,19 @@ addEnvHooks "$hostOffset" myBashFunction
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>
<literal>move-systemd-user-units.sh</literal>
</term>
<listitem>
<para>
This setup hook moves any systemd user units installed in the lib
subdirectory into share. In addition, a link is provided from share to
lib for compatibility. This is needed for systemd to find user services
when installed into the user profile.
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term> <term>
<literal>set-source-date-epoch-to-latest.sh</literal> <literal>set-source-date-epoch-to-latest.sh</literal>

32
lib/debug.nix
View File

@ -14,9 +14,25 @@
*/ */
{ lib }: { lib }:
let let
inherit (builtins) trace isAttrs isList isInt inherit (lib)
head substring attrNames; isInt
inherit (lib) id elem isFunction; attrNames
isList
isAttrs
substring
addErrorContext
attrValues
concatLists
concatStringsSep
const
elem
generators
head
id
isDerivation
isFunction
mapAttrs
trace;
in in
rec { rec {
@ -94,7 +110,7 @@ rec {
trace: { a = { b = {}; }; } trace: { a = { b = {}; }; }
=> null => null
*/ */
traceSeqN = depth: x: y: with lib; traceSeqN = depth: x: y:
let snip = v: if isList v then noQuotes "[]" v let snip = v: if isList v then noQuotes "[]" v
else if isAttrs v then noQuotes "{}" v else if isAttrs v then noQuotes "{}" v
else v; else v;
@ -149,7 +165,7 @@ rec {
*/ */
runTests = runTests =
# Tests to run # Tests to run
tests: lib.concatLists (lib.attrValues (lib.mapAttrs (name: test: tests: concatLists (attrValues (mapAttrs (name: test:
let testsToRun = if tests ? tests then tests.tests else []; let testsToRun = if tests ? tests then tests.tests else [];
in if (substring 0 4 name == "test" || elem name testsToRun) in if (substring 0 4 name == "test" || elem name testsToRun)
&& ((testsToRun == []) || elem name tests.tests) && ((testsToRun == []) || elem name tests.tests)
@ -176,9 +192,9 @@ rec {
+ "and will be removed in the next release. " + "and will be removed in the next release. "
+ "Please use more specific concatenation " + "Please use more specific concatenation "
+ "for your uses (`lib.concat(Map)StringsSep`)." ) + "for your uses (`lib.concat(Map)StringsSep`)." )
(lib.concatStringsSep "; " (map (x: "${x}=") (attrNames a))); (concatStringsSep "; " (map (x: "${x}=") (attrNames a)));
showVal = with lib; showVal =
trace ( "Warning: `showVal` is deprecated " trace ( "Warning: `showVal` is deprecated "
+ "and will be removed in the next release, " + "and will be removed in the next release, "
+ "please use `traceSeqN`" ) + "please use `traceSeqN`" )
@ -226,7 +242,7 @@ rec {
trace ( "Warning: `addErrorContextToAttrs` is deprecated " trace ( "Warning: `addErrorContextToAttrs` is deprecated "
+ "and will be removed in the next release. " + "and will be removed in the next release. "
+ "Please use `builtins.addErrorContext` directly." ) + "Please use `builtins.addErrorContext` directly." )
(lib.mapAttrs (a: v: lib.addErrorContext "while evaluating ${a}" v) attrs); (mapAttrs (a: v: addErrorContext "while evaluating ${a}" v) attrs);
# example: (traceCallXml "myfun" id 3) will output something like # example: (traceCallXml "myfun" id 3) will output something like
# calling myfun arg 1: 3 result: 3 # calling myfun arg 1: 3 result: 3

40
lib/default.nix
View File

@ -9,7 +9,7 @@ let
lib = makeExtensible (self: let lib = makeExtensible (self: let
callLibs = file: import file { lib = self; }; callLibs = file: import file { lib = self; };
in with self; { in {
# often used, or depending on very little # often used, or depending on very little
trivial = callLibs ./trivial.nix; trivial = callLibs ./trivial.nix;
@ -54,7 +54,7 @@ let
filesystem = callLibs ./filesystem.nix; filesystem = callLibs ./filesystem.nix;
# back-compat aliases # back-compat aliases
platforms = systems.doubles; platforms = self.systems.doubles;
# linux kernel configuration # linux kernel configuration
kernel = callLibs ./kernel.nix; kernel = callLibs ./kernel.nix;
@ -63,14 +63,14 @@ let
deepSeq elem elemAt filter genericClosure genList getAttr deepSeq elem elemAt filter genericClosure genList getAttr
hasAttr head isAttrs isBool isInt isList isString length hasAttr head isAttrs isBool isInt isList isString length
lessThan listToAttrs pathExists readFile replaceStrings seq lessThan listToAttrs pathExists readFile replaceStrings seq
stringLength sub substring tail; stringLength sub substring tail trace;
inherit (trivial) id const pipe concat or and bitAnd bitOr bitXor inherit (self.trivial) id const pipe concat or and bitAnd bitOr bitXor
bitNot boolToString mergeAttrs flip mapNullable inNixShell min max bitNot boolToString mergeAttrs flip mapNullable inNixShell isFloat min max
importJSON importTOML warn info showWarnings nixpkgsVersion version mod compare importJSON importTOML warn info showWarnings nixpkgsVersion version mod compare
splitByAndCompare functionArgs setFunctionArgs isFunction toHexString toBaseDigits; splitByAndCompare functionArgs setFunctionArgs isFunction toHexString toBaseDigits;
inherit (fixedPoints) fix fix' converge extends composeExtensions inherit (self.fixedPoints) fix fix' converge extends composeExtensions
makeExtensible makeExtensibleWithCustomName; makeExtensible makeExtensibleWithCustomName;
inherit (attrsets) attrByPath hasAttrByPath setAttrByPath inherit (self.attrsets) attrByPath hasAttrByPath setAttrByPath
getAttrFromPath attrVals attrValues getAttrs catAttrs filterAttrs getAttrFromPath attrVals attrValues getAttrs catAttrs filterAttrs
filterAttrsRecursive foldAttrs collect nameValuePair mapAttrs filterAttrsRecursive foldAttrs collect nameValuePair mapAttrs
mapAttrs' mapAttrsToList mapAttrsRecursive mapAttrsRecursiveCond mapAttrs' mapAttrsToList mapAttrsRecursive mapAttrsRecursiveCond
@ -79,13 +79,13 @@ let
recursiveUpdate matchAttrs overrideExisting getOutput getBin recursiveUpdate matchAttrs overrideExisting getOutput getBin
getLib getDev getMan chooseDevOutputs zipWithNames zip getLib getDev getMan chooseDevOutputs zipWithNames zip
recurseIntoAttrs dontRecurseIntoAttrs; recurseIntoAttrs dontRecurseIntoAttrs;
inherit (lists) singleton forEach foldr fold foldl foldl' imap0 imap1 inherit (self.lists) singleton forEach foldr fold foldl foldl' imap0 imap1
concatMap flatten remove findSingle findFirst any all count concatMap flatten remove findSingle findFirst any all count
optional optionals toList range partition zipListsWith zipLists optional optionals toList range partition zipListsWith zipLists
reverseList listDfs toposort sort naturalSort compareLists take reverseList listDfs toposort sort naturalSort compareLists take
drop sublist last init crossLists unique intersectLists drop sublist last init crossLists unique intersectLists
subtractLists mutuallyExclusive groupBy groupBy'; subtractLists mutuallyExclusive groupBy groupBy';
inherit (strings) concatStrings concatMapStrings concatImapStrings inherit (self.strings) concatStrings concatMapStrings concatImapStrings
intersperse concatStringsSep concatMapStringsSep intersperse concatStringsSep concatMapStringsSep
concatImapStringsSep makeSearchPath makeSearchPathOutput concatImapStringsSep makeSearchPath makeSearchPathOutput
makeLibraryPath makeBinPath optionalString makeLibraryPath makeBinPath optionalString
@ -97,19 +97,19 @@ let
nameFromURL enableFeature enableFeatureAs withFeature nameFromURL enableFeature enableFeatureAs withFeature
withFeatureAs fixedWidthString fixedWidthNumber isStorePath withFeatureAs fixedWidthString fixedWidthNumber isStorePath
toInt readPathsFromFile fileContents; toInt readPathsFromFile fileContents;
inherit (stringsWithDeps) textClosureList textClosureMap inherit (self.stringsWithDeps) textClosureList textClosureMap
noDepEntry fullDepEntry packEntry stringAfter; noDepEntry fullDepEntry packEntry stringAfter;
inherit (customisation) overrideDerivation makeOverridable inherit (self.customisation) overrideDerivation makeOverridable
callPackageWith callPackagesWith extendDerivation hydraJob callPackageWith callPackagesWith extendDerivation hydraJob
makeScope; makeScope;
inherit (meta) addMetaAttrs dontDistribute setName updateName inherit (self.meta) addMetaAttrs dontDistribute setName updateName
appendToName mapDerivationAttrset setPrio lowPrio lowPrioSet hiPrio appendToName mapDerivationAttrset setPrio lowPrio lowPrioSet hiPrio
hiPrioSet; hiPrioSet;
inherit (sources) pathType pathIsDirectory cleanSourceFilter inherit (self.sources) pathType pathIsDirectory cleanSourceFilter
cleanSource sourceByRegex sourceFilesBySuffices cleanSource sourceByRegex sourceFilesBySuffices
commitIdFromGitRepo cleanSourceWith pathHasContext commitIdFromGitRepo cleanSourceWith pathHasContext
canCleanSource pathIsRegularFile pathIsGitRepo; canCleanSource pathIsRegularFile pathIsGitRepo;
inherit (modules) evalModules unifyModuleSyntax inherit (self.modules) evalModules unifyModuleSyntax
applyIfFunction mergeModules applyIfFunction mergeModules
mergeModules' mergeOptionDecls evalOptionValue mergeDefinitions mergeModules' mergeOptionDecls evalOptionValue mergeDefinitions
pushDownProperties dischargeProperties filterOverrides pushDownProperties dischargeProperties filterOverrides
@ -119,21 +119,21 @@ let
mkAliasAndWrapDefinitions fixMergeModules mkRemovedOptionModule mkAliasAndWrapDefinitions fixMergeModules mkRemovedOptionModule
mkRenamedOptionModule mkMergedOptionModule mkChangedOptionModule mkRenamedOptionModule mkMergedOptionModule mkChangedOptionModule
mkAliasOptionModule doRename; mkAliasOptionModule doRename;
inherit (options) isOption mkEnableOption mkSinkUndeclaredOptions inherit (self.options) isOption mkEnableOption mkSinkUndeclaredOptions
mergeDefaultOption mergeOneOption mergeEqualOption getValues mergeDefaultOption mergeOneOption mergeEqualOption getValues
getFiles optionAttrSetToDocList optionAttrSetToDocList' getFiles optionAttrSetToDocList optionAttrSetToDocList'
scrubOptionValue literalExample showOption showFiles scrubOptionValue literalExample showOption showFiles
unknownModule mkOption; unknownModule mkOption;
inherit (types) isType setType defaultTypeMerge defaultFunctor inherit (self.types) isType setType defaultTypeMerge defaultFunctor
isOptionType mkOptionType; isOptionType mkOptionType;
inherit (asserts) inherit (self.asserts)
assertMsg assertOneOf; assertMsg assertOneOf;
inherit (debug) addErrorContextToAttrs traceIf traceVal traceValFn inherit (self.debug) addErrorContextToAttrs traceIf traceVal traceValFn
traceXMLVal traceXMLValMarked traceSeq traceSeqN traceValSeq traceXMLVal traceXMLValMarked traceSeq traceSeqN traceValSeq
traceValSeqFn traceValSeqN traceValSeqNFn traceShowVal traceValSeqFn traceValSeqN traceValSeqNFn traceShowVal
traceShowValMarked showVal traceCall traceCall2 traceCall3 traceShowValMarked showVal traceCall traceCall2 traceCall3
traceValIfNot runTests testAllTrue traceCallXml attrNamesToStr; traceValIfNot runTests testAllTrue traceCallXml attrNamesToStr;
inherit (misc) maybeEnv defaultMergeArg defaultMerge foldArgs inherit (self.misc) maybeEnv defaultMergeArg defaultMerge foldArgs
maybeAttrNullable maybeAttr ifEnable checkFlag getValue maybeAttrNullable maybeAttr ifEnable checkFlag getValue
checkReqs uniqList uniqListExt condConcat lazyGenericClosure checkReqs uniqList uniqListExt condConcat lazyGenericClosure
innerModifySumArgs modifySumArgs innerClosePropagation innerModifySumArgs modifySumArgs innerClosePropagation
@ -143,7 +143,7 @@ let
mergeAttrsByFuncDefaultsClean mergeAttrBy mergeAttrsByFuncDefaultsClean mergeAttrBy
fakeHash fakeSha256 fakeSha512 fakeHash fakeSha256 fakeSha512
nixType imap; nixType imap;
inherit (versions) inherit (self.versions)
splitVersion; splitVersion;
}); });
in lib in lib

12
lib/filesystem.nix
View File

@ -42,4 +42,16 @@
type = (builtins.readDir parent).${base} or null; type = (builtins.readDir parent).${base} or null;
in file == /. || type == "directory"; in file == /. || type == "directory";
in go (if isDir then file else parent); in go (if isDir then file else parent);
# listFilesRecursive: Path -> [ Path ]
#
# Given a directory, return a flattened list of all files within it recursively.
listFilesRecursive = dir: lib.flatten (lib.mapAttrsToList (name: type:
if type == "directory" then
lib.filesystem.listFilesRecursive (dir + "/${name}")
else
dir + "/${name}"
) (builtins.readDir dir));
} }

2
lib/lists.nix
View File

@ -1,9 +1,9 @@
# General list operations. # General list operations.
{ lib }: { lib }:
with lib.trivial;
let let
inherit (lib.strings) toInt; inherit (lib.strings) toInt;
inherit (lib.trivial) compare min;
in in
rec { rec {

59
lib/modules.nix
View File

@ -1,12 +1,53 @@
{ lib }: { lib }:
with lib.lists; let
with lib.strings; inherit (lib)
with lib.trivial; all
with lib.attrsets; any
with lib.options; attrByPath
with lib.debug; attrNames
with lib.types; catAttrs
concatLists
concatMap
count
elem
filter
findFirst
flip
foldl
foldl'
getAttrFromPath
head
id
imap1
isAttrs
isBool
isFunction
isString
length
mapAttrs
mapAttrsToList
mapAttrsRecursiveCond
min
optional
optionalAttrs
optionalString
recursiveUpdate
reverseList sort
setAttrByPath
toList
types
warn
;
inherit (lib.options)
isOption
mkOption
showDefs
showFiles
showOption
unknownModule
;
in
rec { rec {
@ -616,7 +657,7 @@ rec {
fixupOptionType = loc: opt: fixupOptionType = loc: opt:
let let
options = opt.options or options = opt.options or
(throw "Option `${showOption loc'}' has type optionSet but has no option attribute, in ${showFiles opt.declarations}."); (throw "Option `${showOption loc}' has type optionSet but has no option attribute, in ${showFiles opt.declarations}.");
f = tp: f = tp:
let optionSetIn = type: (tp.name == type) && (tp.functor.wrapped.name == "optionSet"); let optionSetIn = type: (tp.name == type) && (tp.functor.wrapped.name == "optionSet");
in in
@ -719,7 +760,7 @@ rec {
mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ] "<replacement instructions>" mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ] "<replacement instructions>"
causes a warning if the user defines boot.loader.grub.bootDevice. causes a assertion if the user defines boot.loader.grub.bootDevice.
replacementInstructions is a string that provides instructions on replacementInstructions is a string that provides instructions on
how to achieve the same functionality without the removed option, how to achieve the same functionality without the removed option,

41
lib/options.nix
View File

@ -1,11 +1,40 @@
# Nixpkgs/NixOS option handling. # Nixpkgs/NixOS option handling.
{ lib }: { lib }:
with lib.trivial; let
with lib.lists; inherit (lib)
with lib.attrsets; all
with lib.strings; collect
concatLists
concatMap
elemAt
filter
foldl'
head
isAttrs
isBool
isDerivation
isFunction
isInt
isList
isString
length
mapAttrs
optional
optionals
take
;
inherit (lib.attrsets)
optionalAttrs
;
inherit (lib.strings)
concatMapStrings
concatStringsSep
;
inherit (lib.types)
mkOptionType
;
in
rec { rec {
/* Returns true when the given argument is an option /* Returns true when the given argument is an option
@ -110,7 +139,7 @@ rec {
# Return early if we only have one element # Return early if we only have one element
# This also makes it work for functions, because the foldl' below would try # This also makes it work for functions, because the foldl' below would try
# to compare the first element with itself, which is false for functions # to compare the first element with itself, which is false for functions
else if length defs == 1 then (elemAt defs 0).value else if length defs == 1 then (head defs).value
else (foldl' (first: def: else (foldl' (first: def:
if def.value != first.value then if def.value != first.value then
throw "The option `${showOption loc}' has conflicting definition values:${showDefs [ first def ]}" throw "The option `${showOption loc}' has conflicting definition values:${showDefs [ first def ]}"

40
lib/sources.nix
View File

@ -1,16 +1,33 @@
# Functions for copying sources to the Nix store. # Functions for copying sources to the Nix store.
{ lib }: { lib }:
let
inherit (builtins)
hasContext
match
readDir
storeDir
tryEval
;
inherit (lib)
filter
getAttr
isString
pathExists
readFile
split
;
in
rec { rec {
# Returns the type of a path: regular (for file), symlink, or directory # Returns the type of a path: regular (for file), symlink, or directory
pathType = p: with builtins; getAttr (baseNameOf p) (readDir (dirOf p)); pathType = p: getAttr (baseNameOf p) (readDir (dirOf p));
# Returns true if the path exists and is a directory, false otherwise # Returns true if the path exists and is a directory, false otherwise
pathIsDirectory = p: if builtins.pathExists p then (pathType p) == "directory" else false; pathIsDirectory = p: if pathExists p then (pathType p) == "directory" else false;
# Returns true if the path exists and is a regular file, false otherwise # Returns true if the path exists and is a regular file, false otherwise
pathIsRegularFile = p: if builtins.pathExists p then (pathType p) == "regular" else false; pathIsRegularFile = p: if pathExists p then (pathType p) == "regular" else false;
# Bring in a path as a source, filtering out all Subversion and CVS # Bring in a path as a source, filtering out all Subversion and CVS
# directories, as well as backup files (*~). # directories, as well as backup files (*~).
@ -19,8 +36,8 @@ rec {
(baseName == ".git" || type == "directory" && (baseName == ".svn" || baseName == "CVS" || baseName == ".hg")) || (baseName == ".git" || type == "directory" && (baseName == ".svn" || baseName == "CVS" || baseName == ".hg")) ||
# Filter out editor backup / swap files. # Filter out editor backup / swap files.
lib.hasSuffix "~" baseName || lib.hasSuffix "~" baseName ||
builtins.match "^\\.sw[a-z]$" baseName != null || match "^\\.sw[a-z]$" baseName != null ||
builtins.match "^\\..*\\.sw[a-z]$" baseName != null || match "^\\..*\\.sw[a-z]$" baseName != null ||
# Filter out generates files. # Filter out generates files.
lib.hasSuffix ".o" baseName || lib.hasSuffix ".o" baseName ||
@ -89,7 +106,7 @@ rec {
in lib.cleanSourceWith { in lib.cleanSourceWith {
filter = (path: type: filter = (path: type:
let relPath = lib.removePrefix (toString origSrc + "/") (toString path); let relPath = lib.removePrefix (toString origSrc + "/") (toString path);
in lib.any (re: builtins.match re relPath != null) regexes); in lib.any (re: match re relPath != null) regexes);
inherit src; inherit src;
}; };
@ -102,13 +119,12 @@ rec {
in type == "directory" || lib.any (ext: lib.hasSuffix ext base) exts; in type == "directory" || lib.any (ext: lib.hasSuffix ext base) exts;
in cleanSourceWith { inherit filter; src = path; }; in cleanSourceWith { inherit filter; src = path; };
pathIsGitRepo = path: (builtins.tryEval (commitIdFromGitRepo path)).success; pathIsGitRepo = path: (tryEval (commitIdFromGitRepo path)).success;
# Get the commit id of a git repo # Get the commit id of a git repo
# Example: commitIdFromGitRepo <nixpkgs/.git> # Example: commitIdFromGitRepo <nixpkgs/.git>
commitIdFromGitRepo = commitIdFromGitRepo =
let readCommitFromFile = file: path: let readCommitFromFile = file: path:
with builtins;
let fileName = toString path + "/" + file; let fileName = toString path + "/" + file;
packedRefsName = toString path + "/packed-refs"; packedRefsName = toString path + "/packed-refs";
absolutePath = base: path: absolutePath = base: path:
@ -145,11 +161,11 @@ rec {
# packed-refs file, so we have to grep through it: # packed-refs file, so we have to grep through it:
then then
let fileContent = readFile packedRefsName; let fileContent = readFile packedRefsName;
matchRef = builtins.match "([a-z0-9]+) ${file}"; matchRef = match "([a-z0-9]+) ${file}";
isRef = s: builtins.isString s && (matchRef s) != null; isRef = s: isString s && (matchRef s) != null;
# there is a bug in libstdc++ leading to stackoverflow for long strings: # there is a bug in libstdc++ leading to stackoverflow for long strings:
# https://github.com/NixOS/nix/issues/2147#issuecomment-659868795 # https://github.com/NixOS/nix/issues/2147#issuecomment-659868795
refs = builtins.filter isRef (builtins.split "\n" fileContent); refs = filter isRef (split "\n" fileContent);
in if refs == [] in if refs == []
then throw ("Could not find " + file + " in " + packedRefsName) then throw ("Could not find " + file + " in " + packedRefsName)
else lib.head (matchRef (lib.head refs)) else lib.head (matchRef (lib.head refs))
@ -157,7 +173,7 @@ rec {
else throw ("Not a .git directory: " + path); else throw ("Not a .git directory: " + path);
in readCommitFromFile "HEAD"; in readCommitFromFile "HEAD";
pathHasContext = builtins.hasContext or (lib.hasPrefix builtins.storeDir); pathHasContext = builtins.hasContext or (lib.hasPrefix storeDir);
canCleanSource = src: src ? _isLibCleanSourceWith || !(pathHasContext (toString src)); canCleanSource = src: src ? _isLibCleanSourceWith || !(pathHasContext (toString src));
} }

13
lib/strings-with-deps.nix
View File

@ -41,10 +41,15 @@ Usage:
[1] maybe this behaviour should be removed to keep things simple (?) [1] maybe this behaviour should be removed to keep things simple (?)
*/ */
with lib.lists; let
with lib.attrsets; inherit (lib)
with lib.strings; concatStringsSep
head
isAttrs
listToAttrs
tail
;
in
rec { rec {
/* !!! The interface of this function is kind of messed up, since /* !!! The interface of this function is kind of messed up, since

99
lib/strings.nix
View File

@ -8,7 +8,29 @@ in
rec { rec {
inherit (builtins) stringLength substring head tail isString replaceStrings; inherit (builtins)
compareVersions
elem
elemAt
filter
fromJSON
head
isInt
isList
isString
match
parseDrvName
readFile
replaceStrings
split
storeDir
stringLength
substring
tail
toJSON
typeOf
unsafeDiscardStringContext
;
/* Concatenate a list of strings. /* Concatenate a list of strings.
@ -120,7 +142,7 @@ rec {
subDir: subDir:
# List of base paths # List of base paths
paths: paths:
concatStringsSep ":" (map (path: path + "/" + subDir) (builtins.filter (x: x != null) paths)); concatStringsSep ":" (map (path: path + "/" + subDir) (filter (x: x != null) paths));
/* Construct a Unix-style search path by appending the given /* Construct a Unix-style search path by appending the given
`subDir` to the specified `output` of each of the packages. If no `subDir` to the specified `output` of each of the packages. If no
@ -313,7 +335,17 @@ rec {
escapeNixString "hello\${}\n" escapeNixString "hello\${}\n"
=> "\"hello\\\${}\\n\"" => "\"hello\\\${}\\n\""
*/ */
escapeNixString = s: escape ["$"] (builtins.toJSON s); escapeNixString = s: escape ["$"] (toJSON s);
/* Turn a string into an exact regular expression
Type: string -> string
Example:
escapeRegex "[^a-z]*"
=> "\\[\\^a-z]\\*"
*/
escapeRegex = escape (stringToCharacters "\\[{()^$?*+|.");
/* Quotes a string if it can't be used as an identifier directly. /* Quotes a string if it can't be used as an identifier directly.
@ -327,7 +359,7 @@ rec {
*/ */
escapeNixIdentifier = s: escapeNixIdentifier = s:
# Regex from https://github.com/NixOS/nix/blob/d048577909e383439c2549e849c5c2f2016c997e/src/libexpr/lexer.l#L91 # Regex from https://github.com/NixOS/nix/blob/d048577909e383439c2549e849c5c2f2016c997e/src/libexpr/lexer.l#L91
if builtins.match "[a-zA-Z_][a-zA-Z0-9_'-]*" s != null if match "[a-zA-Z_][a-zA-Z0-9_'-]*" s != null
then s else escapeNixString s; then s else escapeNixString s;
# Obsolete - use replaceStrings instead. # Obsolete - use replaceStrings instead.
@ -386,8 +418,6 @@ rec {
/* Cut a string with a separator and produces a list of strings which /* Cut a string with a separator and produces a list of strings which
were separated by this separator. were separated by this separator.
NOTE: this function is not performant and should never be used.
Example: Example:
splitString "." "foo.bar.baz" splitString "." "foo.bar.baz"
=> [ "foo" "bar" "baz" ] => [ "foo" "bar" "baz" ]
@ -396,26 +426,11 @@ rec {
*/ */
splitString = _sep: _s: splitString = _sep: _s:
let let
sep = addContextFrom _s _sep; sep = builtins.unsafeDiscardStringContext _sep;
s = addContextFrom _sep _s; s = builtins.unsafeDiscardStringContext _s;
sepLen = stringLength sep; splits = builtins.filter builtins.isString (builtins.split (escapeRegex sep) s);
sLen = stringLength s;
lastSearch = sLen - sepLen;
startWithSep = startAt:
substring startAt sepLen s == sep;
recurse = index: startAt:
let cutUntil = i: [(substring startAt (i - startAt) s)]; in
if index <= lastSearch then
if startWithSep index then
let restartAt = index + sepLen; in
cutUntil index ++ recurse restartAt restartAt
else
recurse (index + 1) startAt
else
cutUntil sLen;
in in
recurse 0 0; map (v: addContextFrom _sep (addContextFrom _s v)) splits;
/* Return a string without the specified prefix, if the prefix matches. /* Return a string without the specified prefix, if the prefix matches.
@ -473,7 +488,7 @@ rec {
versionOlder "1.1" "1.1" versionOlder "1.1" "1.1"
=> false => false
*/ */
versionOlder = v1: v2: builtins.compareVersions v2 v1 == 1; versionOlder = v1: v2: compareVersions v2 v1 == 1;
/* Return true if string v1 denotes a version equal to or newer than v2. /* Return true if string v1 denotes a version equal to or newer than v2.
@ -499,7 +514,7 @@ rec {
*/ */
getName = x: getName = x:
let let
parse = drv: (builtins.parseDrvName drv).name; parse = drv: (parseDrvName drv).name;
in if isString x in if isString x
then parse x then parse x
else x.pname or (parse x.name); else x.pname or (parse x.name);
@ -516,7 +531,7 @@ rec {
*/ */
getVersion = x: getVersion = x:
let let
parse = drv: (builtins.parseDrvName drv).version; parse = drv: (parseDrvName drv).version;
in if isString x in if isString x
then parse x then parse x
else x.version or (parse x.name); else x.version or (parse x.name);
@ -534,7 +549,7 @@ rec {
let let
components = splitString "/" url; components = splitString "/" url;
filename = lib.last components; filename = lib.last components;
name = builtins.head (splitString sep filename); name = head (splitString sep filename);
in assert name != filename; name; in assert name != filename; name;
/* Create an --{enable,disable}-<feat> string that can be passed to /* Create an --{enable,disable}-<feat> string that can be passed to
@ -624,14 +639,14 @@ rec {
*/ */
floatToString = float: let floatToString = float: let
result = toString float; result = toString float;
precise = float == builtins.fromJSON result; precise = float == fromJSON result;
in if precise then result in if precise then result
else lib.warn "Imprecise conversion from float to string ${result}" result; else lib.warn "Imprecise conversion from float to string ${result}" result;
/* Check whether a value can be coerced to a string */ /* Check whether a value can be coerced to a string */
isCoercibleToString = x: isCoercibleToString = x:
builtins.elem (builtins.typeOf x) [ "path" "string" "null" "int" "float" "bool" ] || elem (typeOf x) [ "path" "string" "null" "int" "float" "bool" ] ||
(builtins.isList x && lib.all isCoercibleToString x) || (isList x && lib.all isCoercibleToString x) ||
x ? outPath || x ? outPath ||
x ? __toString; x ? __toString;
@ -650,8 +665,8 @@ rec {
isStorePath = x: isStorePath = x:
if isCoercibleToString x then if isCoercibleToString x then
let str = toString x; in let str = toString x; in
builtins.substring 0 1 str == "/" substring 0 1 str == "/"
&& dirOf str == builtins.storeDir && dirOf str == storeDir
else else
false; false;
@ -669,8 +684,8 @@ rec {
*/ */
# Obviously, it is a bit hacky to use fromJSON this way. # Obviously, it is a bit hacky to use fromJSON this way.
toInt = str: toInt = str:
let may_be_int = builtins.fromJSON str; in let may_be_int = fromJSON str; in
if builtins.isInt may_be_int if isInt may_be_int
then may_be_int then may_be_int
else throw "Could not convert ${str} to int."; else throw "Could not convert ${str} to int.";
@ -692,10 +707,10 @@ rec {
readPathsFromFile = lib.warn "lib.readPathsFromFile is deprecated, use a list instead" readPathsFromFile = lib.warn "lib.readPathsFromFile is deprecated, use a list instead"
(rootPath: file: (rootPath: file:
let let
lines = lib.splitString "\n" (builtins.readFile file); lines = lib.splitString "\n" (readFile file);
removeComments = lib.filter (line: line != "" && !(lib.hasPrefix "#" line)); removeComments = lib.filter (line: line != "" && !(lib.hasPrefix "#" line));
relativePaths = removeComments lines; relativePaths = removeComments lines;
absolutePaths = builtins.map (path: rootPath + "/${path}") relativePaths; absolutePaths = map (path: rootPath + "/${path}") relativePaths;
in in
absolutePaths); absolutePaths);
@ -709,7 +724,7 @@ rec {
fileContents ./version fileContents ./version
=> "1.0" => "1.0"
*/ */
fileContents = file: removeSuffix "\n" (builtins.readFile file); fileContents = file: removeSuffix "\n" (readFile file);
/* Creates a valid derivation name from a potentially invalid one. /* Creates a valid derivation name from a potentially invalid one.
@ -727,13 +742,13 @@ rec {
sanitizeDerivationName = string: lib.pipe string [ sanitizeDerivationName = string: lib.pipe string [
# Get rid of string context. This is safe under the assumption that the # Get rid of string context. This is safe under the assumption that the
# resulting string is only used as a derivation name # resulting string is only used as a derivation name
builtins.unsafeDiscardStringContext unsafeDiscardStringContext
# Strip all leading "." # Strip all leading "."
(x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) (x: elemAt (match "\\.*(.*)" x) 0)
# Split out all invalid characters # Split out all invalid characters
# https://github.com/NixOS/nix/blob/2.3.2/src/libstore/store-api.cc#L85-L112 # https://github.com/NixOS/nix/blob/2.3.2/src/libstore/store-api.cc#L85-L112
# https://github.com/NixOS/nix/blob/2242be83c61788b9c0736a92bb0b5c7bbfc40803/nix-rust/src/store/path.rs#L100-L125 # https://github.com/NixOS/nix/blob/2242be83c61788b9c0736a92bb0b5c7bbfc40803/nix-rust/src/store/path.rs#L100-L125
(builtins.split "[^[:alnum:]+._?=-]+") (split "[^[:alnum:]+._?=-]+")
# Replace invalid character ranges with a "-" # Replace invalid character ranges with a "-"
(concatMapStrings (s: if lib.isList s then "-" else s)) (concatMapStrings (s: if lib.isList s then "-" else s))
# Limit to 211 characters (minus 4 chars for ".drv") # Limit to 211 characters (minus 4 chars for ".drv")

16
lib/systems/examples.nix
View File

@ -179,8 +179,8 @@ rec {
iphone64 = { iphone64 = {
config = "aarch64-apple-ios"; config = "aarch64-apple-ios";
# config = "aarch64-apple-darwin14"; # config = "aarch64-apple-darwin14";
sdkVer = "12.4"; sdkVer = "13.2";
xcodeVer = "10.3"; xcodeVer = "11.3.1";
xcodePlatform = "iPhoneOS"; xcodePlatform = "iPhoneOS";
useiOSPrebuilt = true; useiOSPrebuilt = true;
platform = {}; platform = {};
@ -189,8 +189,8 @@ rec {
iphone32 = { iphone32 = {
config = "armv7a-apple-ios"; config = "armv7a-apple-ios";
# config = "arm-apple-darwin10"; # config = "arm-apple-darwin10";
sdkVer = "12.4"; sdkVer = "13.2";
xcodeVer = "10.3"; xcodeVer = "11.3.1";
xcodePlatform = "iPhoneOS"; xcodePlatform = "iPhoneOS";
useiOSPrebuilt = true; useiOSPrebuilt = true;
platform = {}; platform = {};
@ -199,8 +199,8 @@ rec {
iphone64-simulator = { iphone64-simulator = {
config = "x86_64-apple-ios"; config = "x86_64-apple-ios";
# config = "x86_64-apple-darwin14"; # config = "x86_64-apple-darwin14";
sdkVer = "12.4"; sdkVer = "13.2";
xcodeVer = "10.3"; xcodeVer = "11.3.1";
xcodePlatform = "iPhoneSimulator"; xcodePlatform = "iPhoneSimulator";
useiOSPrebuilt = true; useiOSPrebuilt = true;
platform = {}; platform = {};
@ -209,8 +209,8 @@ rec {
iphone32-simulator = { iphone32-simulator = {
config = "i686-apple-ios"; config = "i686-apple-ios";
# config = "i386-apple-darwin11"; # config = "i386-apple-darwin11";
sdkVer = "12.4"; sdkVer = "13.2";
xcodeVer = "10.3"; xcodeVer = "11.3.1";
xcodePlatform = "iPhoneSimulator"; xcodePlatform = "iPhoneSimulator";
useiOSPrebuilt = true; useiOSPrebuilt = true;
platform = {}; platform = {};

14
lib/tests/misc.nix
View File

@ -154,6 +154,20 @@ runTests {
expected = [ "2001" "db8" "0" "0042" "" "8a2e" "370" "" ]; expected = [ "2001" "db8" "0" "0042" "" "8a2e" "370" "" ];
}; };
testSplitStringsRegex = {
expr = strings.splitString "\\[{}]()^$?*+|." "A\\[{}]()^$?*+|.B";
expected = [ "A" "B" ];
};
testSplitStringsDerivation = {
expr = take 3 (strings.splitString "/" (derivation {
name = "name";
builder = "builder";
system = "system";
}));
expected = ["" "nix" "store"];
};
testSplitVersionSingle = { testSplitVersionSingle = {
expr = versions.splitVersion "1"; expr = versions.splitVersion "1";
expected = [ "1" ]; expected = [ "1" ];

67
lib/types.nix
View File

@ -1,12 +1,65 @@
# Definitions related to run-time type checking. Used in particular # Definitions related to run-time type checking. Used in particular
# to type-check NixOS configurations. # to type-check NixOS configurations.
{ lib }: { lib }:
with lib.lists;
with lib.attrsets;
with lib.options;
with lib.trivial;
with lib.strings;
let let
inherit (lib)
elem
flip
functionArgs
isAttrs
isBool
isDerivation
isFloat
isFunction
isInt
isList
isString
isStorePath
setFunctionArgs
toDerivation
toList
;
inherit (lib.lists)
all
concatLists
count
elemAt
filter
foldl'
head
imap1
last
length
tail
unique
;
inherit (lib.attrsets)
attrNames
filterAttrs
hasAttr
mapAttrs
optionalAttrs
zipAttrsWith
;
inherit (lib.options)
getFiles
getValues
mergeDefaultOption
mergeEqualOption
mergeOneOption
showFiles
showOption
;
inherit (lib.strings)
concatMapStringsSep
concatStringsSep
escapeNixString
isCoercibleToString
;
inherit (lib.trivial)
boolToString
;
inherit (lib.modules) mergeDefinitions; inherit (lib.modules) mergeDefinitions;
outer_types = outer_types =
@ -270,7 +323,7 @@ rec {
name = "attrs"; name = "attrs";
description = "attribute set"; description = "attribute set";
check = isAttrs; check = isAttrs;
merge = loc: foldl' (res: def: mergeAttrs res def.value) {}; merge = loc: foldl' (res: def: res // def.value) {};
emptyValue = { value = {}; }; emptyValue = { value = {}; };
}; };
@ -499,7 +552,7 @@ rec {
show = v: show = v:
if builtins.isString v then ''"${v}"'' if builtins.isString v then ''"${v}"''
else if builtins.isInt v then builtins.toString v else if builtins.isInt v then builtins.toString v
else if builtins.isBool v then if v then "true" else "false" else if builtins.isBool v then boolToString v
else ''<${builtins.typeOf v}>''; else ''<${builtins.typeOf v}>'';
in in
mkOptionType rec { mkOptionType rec {

114
maintainers/maintainer-list.nix
View File

@ -520,6 +520,12 @@
githubId = 293191; githubId = 293191;
name = "Andres Loeh"; name = "Andres Loeh";
}; };
andresilva = {
email = "andre.beat@gmail.com";
github = "andresilva";
githubId = 123550;
name = "André Silva";
};
andrestylianos = { andrestylianos = {
email = "andre.stylianos@gmail.com"; email = "andre.stylianos@gmail.com";
github = "andrestylianos"; github = "andrestylianos";
@ -1297,10 +1303,12 @@
name = "Vladimir Serov"; name = "Vladimir Serov";
keys = [ keys = [
# compare with https://keybase.io/cab404 # compare with https://keybase.io/cab404
{ longkeyid = "1BB96810926F4E715DEF567E6BA7C26C3FDF7BB3"; {
longkeyid = "1BB96810926F4E715DEF567E6BA7C26C3FDF7BB3";
fingerprint = "rsa3072/0xCBDECF658C38079E"; fingerprint = "rsa3072/0xCBDECF658C38079E";
} }
{ longkeyid = "1EBC648C64D6045463013B3EB7EFFC271D55DB8A"; {
longkeyid = "1EBC648C64D6045463013B3EB7EFFC271D55DB8A";
fingerprint = "ed25519/0xB7EFFC271D55DB8A"; fingerprint = "ed25519/0xB7EFFC271D55DB8A";
} }
]; ];
@ -1425,10 +1433,12 @@
githubId = 2054509; githubId = 2054509;
name = "Constantine Evans"; name = "Constantine Evans";
keys = [ keys = [
{ longkeyid = "rsa4096/0xB67DB1D20A93A9F9"; {
longkeyid = "rsa4096/0xB67DB1D20A93A9F9";
fingerprint = "32B1 6EE7 DBA5 16DE 526E 4C5A B67D B1D2 0A93 A9F9"; fingerprint = "32B1 6EE7 DBA5 16DE 526E 4C5A B67D B1D2 0A93 A9F9";
} }
{ longkeyid = "rsa4096/0x1A1D58B86AE2AABD"; {
longkeyid = "rsa4096/0x1A1D58B86AE2AABD";
fingerprint = "669C 1D24 5A87 DB34 6BE4 3216 1A1D 58B8 6AE2 AABD"; fingerprint = "669C 1D24 5A87 DB34 6BE4 3216 1A1D 58B8 6AE2 AABD";
} }
]; ];
@ -2163,6 +2173,12 @@
githubId = 8852888; githubId = 8852888;
name = "David Izquierdo"; name = "David Izquierdo";
}; };
djanatyn = {
email = "djanatyn@gmail.com";
github = "djanatyn";
githubId = 523628;
name = "Jonathan Strickland";
};
Dje4321 = { Dje4321 = {
email = "dje4321@gmail.com"; email = "dje4321@gmail.com";
github = "dje4321"; github = "dje4321";
@ -2729,6 +2745,12 @@
githubId = 1847524; githubId = 1847524;
name = "Evan Stoll"; name = "Evan Stoll";
}; };
evax = {
email = "nixos@evax.fr";
github = "evax";
githubId = 599997;
name = "evax";
};
evck = { evck = {
email = "eric@evenchick.com"; email = "eric@evenchick.com";
github = "ericevenchick"; github = "ericevenchick";
@ -3425,6 +3447,12 @@
githubId = 2405974; githubId = 2405974;
name = "Sébastian Méric de Bellefon"; name = "Sébastian Méric de Bellefon";
}; };
henrikolsson = {
email = "henrik@fixme.se";
github = "henrikolsson";
githubId = 982322;
name = "Henrik Olsson";
};
henrytill = { henrytill = {
email = "henrytill@gmail.com"; email = "henrytill@gmail.com";
github = "henrytill"; github = "henrytill";
@ -3933,6 +3961,16 @@
githubId = 2736480; githubId = 2736480;
name = "Johannes Frankenau"; name = "Johannes Frankenau";
}; };
jfroche = {
name = "Jean-François Roche";
email = "jfroche@pyxel.be";
github = "jfroche";
githubId = 207369;
keys = [{
longkeyid = "dsa1024/0xD1D09DE169EA19A0";
fingerprint = "7EB1 C02A B62B B464 6D7C E4AE D1D0 9DE1 69EA 19A0";
}];
};
jgeerds = { jgeerds = {
email = "jascha@geerds.org"; email = "jascha@geerds.org";
github = "jgeerds"; github = "jgeerds";
@ -4234,6 +4272,12 @@
githubId = 1786438; githubId = 1786438;
name = "Jonas Schievink"; name = "Jonas Schievink";
}; };
jshcmpbll = {
email = "me@joshuadcampbell.com";
github = "jshcmpbll";
githubId = 16374374;
name = "Joshua Campbell";
};
jtcoolen = { jtcoolen = {
email = "jtcoolen@pm.me"; email = "jtcoolen@pm.me";
name = "Julien Coolen"; name = "Julien Coolen";
@ -5645,12 +5689,6 @@
githubId = 1387206; githubId = 1387206;
name = "Mike Sperber"; name = "Mike Sperber";
}; };
mildlyincompetent = {
email = "nix@kch.dev";
github = "mildlyincompetent";
githubId = 19479662;
name = "Kajetan Champlewski";
};
millerjason = { millerjason = {
email = "mailings-github@millerjason.com"; email = "mailings-github@millerjason.com";
github = "millerjason"; github = "millerjason";
@ -5985,6 +6023,12 @@
githubId = 788953; githubId = 788953;
name = "Matthijs Steen"; name = "Matthijs Steen";
}; };
mstrangfeld = {
email = "marvin@strangfeld.io";
github = "mstrangfeld";
githubId = 36842980;
name = "Marvin Strangfeld";
};
mt-caret = { mt-caret = {
email = "mtakeda.enigsol@gmail.com"; email = "mtakeda.enigsol@gmail.com";
github = "mt-caret"; github = "mt-caret";
@ -6389,6 +6433,12 @@
githubId = 4728903; githubId = 4728903;
name = "Owen Lynch"; name = "Owen Lynch";
}; };
omasanori = {
email = "167209+omasanori@users.noreply.github.com";
github = "omasanori";
githubId = 167209;
name = "Masanori Ogino";
};
omnipotententity = { omnipotententity = {
email = "omnipotententity@gmail.com"; email = "omnipotententity@gmail.com";
github = "omnipotententity"; github = "omnipotententity";
@ -7223,10 +7273,12 @@
github = "rissson"; github = "rissson";
githubId = 18313093; githubId = 18313093;
keys = [ keys = [
{ longkeyid = "rsa4096/0xF6FD87B15C263EC9"; {
longkeyid = "rsa4096/0xF6FD87B15C263EC9";
fingerprint = "8A0E 6A7C 08AB B9DE 67DE 2A13 F6FD 87B1 5C26 3EC9"; fingerprint = "8A0E 6A7C 08AB B9DE 67DE 2A13 F6FD 87B1 5C26 3EC9";
} }
{ longkeyid = "ed25519/0xBBB7A6801DF1E03F"; {
longkeyid = "ed25519/0xBBB7A6801DF1E03F";
fingerprint = "C0A7 A9BB 115B C857 4D75 EA99 BBB7 A680 1DF1 E03F"; fingerprint = "C0A7 A9BB 115B C857 4D75 EA99 BBB7 A680 1DF1 E03F";
} }
]; ];
@ -7401,6 +7453,12 @@
githubId = 1387224; githubId = 1387224;
name = "Richard Szibele"; name = "Richard Szibele";
}; };
rtburns-jpl = {
email = "rtburns@jpl.nasa.gov";
github = "rtburns-jpl";
githubId = 47790121;
name = "Ryan Burns";
};
rtreffer = { rtreffer = {
email = "treffer+nixos@measite.de"; email = "treffer+nixos@measite.de";
github = "rtreffer"; github = "rtreffer";
@ -8300,7 +8358,7 @@
name = "Szczyp"; name = "Szczyp";
}; };
szlend = { szlend = {
email = "pub+nix@zlender.si"; email = "pub.nix@zlender.si";
github = "szlend"; github = "szlend";
githubId = 7301807; githubId = 7301807;
name = "Simon Žlender"; name = "Simon Žlender";
@ -9186,6 +9244,12 @@
email = "kirill.wedens@gmail.com"; email = "kirill.wedens@gmail.com";
name = "wedens"; name = "wedens";
}; };
wheelsandmetal = {
email = "jakob@schmutz.co.uk";
github = "wheelsandmetal";
githubId = 13031455;
name = "Jakob Schmutz";
};
WhittlesJr = { WhittlesJr = {
email = "alex.joseph.whitt@gmail.com"; email = "alex.joseph.whitt@gmail.com";
github = "WhittlesJr"; github = "WhittlesJr";
@ -9254,6 +9318,12 @@
githubId = 1322287; githubId = 1322287;
name = "William O'Hanley"; name = "William O'Hanley";
}; };
wolfangaukang = {
email = "liquid.query960@4wrd.cc";
github = "wolfangaukang";
githubId = 8378365;
name = "P. R. d. O.";
};
womfoo = { womfoo = {
email = "kranium@gikos.net"; email = "kranium@gikos.net";
github = "womfoo"; github = "womfoo";
@ -9496,6 +9566,12 @@
githubId = 568532; githubId = 568532;
name = "Christian Zagrodnick"; name = "Christian Zagrodnick";
}; };
zakame = {
email = "zakame@zakame.net";
github = "zakame";
githubId = 110625;
name = "Zak B. Elep";
};
zalakain = { zalakain = {
email = "ping@umazalakain.info"; email = "ping@umazalakain.info";
github = "umazalakain"; github = "umazalakain";
@ -9582,6 +9658,12 @@
githubId = 1069303; githubId = 1069303;
name = "Kim Simmons"; name = "Kim Simmons";
}; };
zopieux = {
email = "zopieux@gmail.com";
github = "zopieux";
githubId = 81353;
name = "Alexandre Macabies";
};
zowoq = { zowoq = {
email = "59103226+zowoq@users.noreply.github.com"; email = "59103226+zowoq@users.noreply.github.com";
github = "zowoq"; github = "zowoq";
@ -9798,4 +9880,10 @@
github = "hloeffler"; github = "hloeffler";
githubId = 6627191; githubId = 6627191;
}; };
wilsonehusin = {
name = "Wilson E. Husin";
email = "wilsonehusin@gmail.com";
github = "wilsonehusin";
githubId = 14004487;
};
} }

2
maintainers/scripts/hydra-eval-failures.py
View File

@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#!nix-shell -i python3 -p 'python3.withPackages(ps: with ps; [ requests pyquery click ])' #!nix-shell -i python3 -p "python3.withPackages(ps: with ps; [ requests pyquery click ])"
# To use, just execute this script with --help to display help. # To use, just execute this script with --help to display help.

13
nixos/doc/manual/README
View File

@ -1,12 +1,3 @@
To build the manual, you need Nix installed on your system (no need Moved to: ./contributing-to-this-manual.xml. Link:
for NixOS). To install Nix, follow the instructions at
https://nixos.org/nix/download.html https://nixos.org/manual/nixos/unstable/#chap-contributing
When you have Nix on your system, in the root directory of the project
(i.e., `nixpkgs`), run:
nix-build nixos/release.nix -A manual.x86_64-linux
When this command successfully finishes, it will tell you where the
manual got generated.

2
nixos/doc/manual/configuration/user-mgmt.xml
View File

@ -38,7 +38,7 @@
assigned by setting the user's assigned by setting the user's
<link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link> <link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link>
option. A hashed password can be generated using <command>mkpasswd -m option. A hashed password can be generated using <command>mkpasswd -m
sha-512</command> after installing the <literal>mkpasswd</literal> package. sha-512</command>.
</para> </para>
<para> <para>
A user ID (uid) is assigned automatically. You can also specify a uid A user ID (uid) is assigned automatically. You can also specify a uid

22
nixos/doc/manual/contributing-to-this-manual.xml Normal file
View File

@ -0,0 +1,22 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-contributing">
<title>Contributing to this documentation</title>
<para>
The DocBook sources of NixOS' manual are in the <filename
xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual">
nixos/doc/manual</filename> subdirectory of the <link
xlink:href="https://github.com/NixOS/nixpkgs">Nixpkgs</link> repository.
</para>
<para>
You can quickly check your edits with the following:
</para>
<screen>
<prompt>$ </prompt>cd /path/to/nixpkgs/nixos/doc/manual
<prompt>$ </prompt>nix-build nixos/release.nix -A manual.x86_64-linux
</screen>
<para>
If the build succeeds, the manual will be in
<filename>./result/share/doc/nixos/index.html</filename>.
</para>
</chapter>

2
nixos/doc/manual/development/meta-attributes.xml
View File

@ -57,7 +57,7 @@
linkend="ch-configuration"/>. Changes to a module documentation linkend="ch-configuration"/>. Changes to a module documentation
have to be checked to not break building the NixOS manual: have to be checked to not break building the NixOS manual:
</para> </para>
<screen><prompt>$ </prompt>nix-build nixos/release.nix -A manual</screen> <screen><prompt>$ </prompt>nix-build nixos/release.nix -A manual.x86_64-linux</screen>
</callout> </callout>
</calloutlist> </calloutlist>
</section> </section>

4
nixos/doc/manual/development/running-nixos-tests-interactively.xml
View File

@ -9,7 +9,7 @@
The test itself can be run interactively. This is particularly useful when The test itself can be run interactively. This is particularly useful when
developing or debugging a test: developing or debugging a test:
<screen> <screen>
<prompt>$ </prompt>nix-build nixos/tests/login.nix -A driver <prompt>$ </prompt>nix-build nixos/tests/login.nix -A driverInteractive
<prompt>$ </prompt>./result/bin/nixos-test-driver <prompt>$ </prompt>./result/bin/nixos-test-driver
starting VDE switch for network 1 starting VDE switch for network 1
<prompt>&gt;</prompt> <prompt>&gt;</prompt>
@ -30,7 +30,7 @@ starting VDE switch for network 1
<para> <para>
To just start and experiment with the VMs, run: To just start and experiment with the VMs, run:
<screen> <screen>
<prompt>$ </prompt>nix-build nixos/tests/login.nix -A driver <prompt>$ </prompt>nix-build nixos/tests/login.nix -A driverInteractive
<prompt>$ </prompt>./result/bin/nixos-run-vms <prompt>$ </prompt>./result/bin/nixos-run-vms
</screen> </screen>
The script <command>nixos-run-vms</command> starts the virtual machines The script <command>nixos-run-vms</command> starts the virtual machines

16
nixos/doc/manual/installation/upgrading.xml
View File

@ -14,7 +14,7 @@
<para> <para>
<emphasis>Stable channels</emphasis>, such as <emphasis>Stable channels</emphasis>, such as
<literal <literal
xlink:href="https://nixos.org/channels/nixos-20.03">nixos-20.03</literal>. xlink:href="https://nixos.org/channels/nixos-20.09">nixos-20.09</literal>.
These only get conservative bug fixes and package upgrades. For instance, These only get conservative bug fixes and package upgrades. For instance,
a channel update may cause the Linux kernel on your system to be upgraded a channel update may cause the Linux kernel on your system to be upgraded
from 4.19.34 to 4.19.38 (a minor bug fix), but not from from 4.19.34 to 4.19.38 (a minor bug fix), but not from
@ -38,7 +38,7 @@
<para> <para>
<emphasis>Small channels</emphasis>, such as <emphasis>Small channels</emphasis>, such as
<literal <literal
xlink:href="https://nixos.org/channels/nixos-20.03-small">nixos-20.03-small</literal> xlink:href="https://nixos.org/channels/nixos-20.09-small">nixos-20.09-small</literal>
or or
<literal <literal
xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>. xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>.
@ -63,8 +63,8 @@
<para> <para>
When you first install NixOS, youre automatically subscribed to the NixOS When you first install NixOS, youre automatically subscribed to the NixOS
channel that corresponds to your installation source. For instance, if you channel that corresponds to your installation source. For instance, if you
installed from a 20.03 ISO, you will be subscribed to the installed from a 20.09 ISO, you will be subscribed to the
<literal>nixos-20.03</literal> channel. To see which NixOS channel youre <literal>nixos-20.09</literal> channel. To see which NixOS channel youre
subscribed to, run the following as root: subscribed to, run the following as root:
<screen> <screen>
<prompt># </prompt>nix-channel --list | grep nixos <prompt># </prompt>nix-channel --list | grep nixos
@ -75,13 +75,13 @@ nixos https://nixos.org/channels/nixos-unstable
<prompt># </prompt>nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos <prompt># </prompt>nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
</screen> </screen>
(Be sure to include the <literal>nixos</literal> parameter at the end.) For (Be sure to include the <literal>nixos</literal> parameter at the end.) For
instance, to use the NixOS 20.03 stable channel: instance, to use the NixOS 20.09 stable channel:
<screen> <screen>
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.03 nixos <prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09 nixos
</screen> </screen>
If you have a server, you may want to use the “small” channel instead: If you have a server, you may want to use the “small” channel instead:
<screen> <screen>
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.03-small nixos <prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09-small nixos
</screen> </screen>
And if you want to live on the bleeding edge: And if you want to live on the bleeding edge:
<screen> <screen>
@ -132,7 +132,7 @@ nixos https://nixos.org/channels/nixos-unstable
kernel, initrd or kernel modules. kernel, initrd or kernel modules.
You can also specify a channel explicitly, e.g. You can also specify a channel explicitly, e.g.
<programlisting> <programlisting>
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-20.03; <xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-20.09;
</programlisting> </programlisting>
</para> </para>
</section> </section>

1
nixos/doc/manual/manual.xml
View File

@ -19,5 +19,6 @@
<xi:include href="./generated/options-db.xml" <xi:include href="./generated/options-db.xml"
xpointer="configuration-variable-list" /> xpointer="configuration-variable-list" />
</appendix> </appendix>
<xi:include href="contributing-to-this-manual.xml" />
<xi:include href="release-notes/release-notes.xml" /> <xi:include href="release-notes/release-notes.xml" />
</book> </book>

830
nixos/doc/manual/release-notes/rl-2009.xml
View File

@ -3,8 +3,11 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="sec-release-20.09"> xml:id="sec-release-20.09">
<title>Release 20.09 (“Nightingale”, 2020.09/??)</title> <title>Release 20.09 (“Nightingale”, 2020.10/27)</title>
<para>
Support is planned until the end of April 2021, handing over to 21.03.
</para>
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
@ -13,63 +16,135 @@
<title>Highlights</title> <title>Highlights</title>
<para> <para>
In addition to numerous new and upgraded packages, this release has the In addition to 7349 new, 14442 updated, and 8181 removed packages, this release has the
following highlights: following highlights:
</para> </para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
Support is planned until the end of April 2021, handing over to 21.03. Core version changes:
</para> </para>
</listitem> <itemizedlist>
<listitem> <listitem>
<para>GNOME desktop environment was upgraded to 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link>.</para> <para>
gcc: 9.2.0 -> 9.3.0
</para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The Cinnamon desktop environment (v4.6) has been added. <varname>services.xserver.desktopManager.cinnamon.enable = true;</varname> to try it out! glibc: 2.30 -> 2.31
Remember that, with any new feature it's possible you could run into issues, so please send all support requests to <link xlink:href="https://github.com/NixOS/nixpkgs/issues">github.com/NixOS/nixpkgs</link> to notify the maintainers.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
linux: still defaults to 5.4.x, all supported kernels available
</para>
</listitem>
<listitem>
<para>
mesa: 19.3.5 -> 20.1.7
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Desktop Environments:
</para>
<itemizedlist>
<listitem>
<para>
plasma5: 5.17.5 -> 5.18.5
</para>
</listitem>
<listitem>
<para>
kdeApplications: 19.12.3 -> 20.08.1
</para>
</listitem>
<listitem>
<para>
gnome3: 3.34 -> 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link>
</para>
</listitem>
<listitem>
<para>
cinnamon: added at 4.6
</para>
</listitem>
<listitem>
<para>
NixOS now distributes an official <link xlink:href="https://nixos.org/download.html#nixos-iso">GNOME ISO</link>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Programming Languages and Frameworks:
</para>
<itemizedlist>
<listitem>
<para>
Agda ecosystem was heavily reworked (see more details below)
</para>
</listitem>
<listitem>
<para>
PHP now defaults to PHP 7.4, updated from 7.3
</para>
</listitem>
<listitem>
<para>
PHP 7.2 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 20.09 release
</para>
</listitem>
<listitem>
<para>
Python 3 now defaults to Python 3.8 instead of 3.7
</para>
</listitem>
<listitem>
<para>
Python 3.5 reached its upstream EOL at the end of September 2020: it
has been removed from the list of available packages
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Databases and Service Monitoring:
</para>
<itemizedlist>
<listitem>
<para>
MariaDB has been updated to 10.4, MariaDB Galera to 26.4. Please read the related upgrade instructions under <link linkend="sec-release-20.09-incompatibilities">backwards incompatibilities</link> before upgrading.
</para>
</listitem>
<listitem>
<para>
Zabbix now defaults to 5.0, updated from 4.4. Please read related sections under <link linkend="sec-release-20.09-incompatibilities">backwards compatibilities</link> before upgrading.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Major module changes:
</para>
<itemizedlist>
<listitem> <listitem>
<para> <para>
Quickly configure a complete, private, self-hosted video Quickly configure a complete, private, self-hosted video
conferencing solution with the new Jitsi Meet module. conferencing solution with the new Jitsi Meet module.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<package>maxx</package> package removed along with <varname>services.xserver.desktopManager.maxx</varname> module.
Please migrate to <package>cdesktopenv</package> and <varname>services.xserver.desktopManager.cde</varname> module.
</para>
</listitem>
<listitem>
<para>
We now distribute a GNOME ISO.
</para>
</listitem>
<listitem>
<para>
PHP now defaults to PHP 7.4, updated from 7.3.
</para>
</listitem>
<listitem>
<para>
PHP 7.2 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 20.09 release.
</para>
</listitem>
<listitem>
<para>
Python 3 now defaults to Python 3.8 instead of 3.7.
</para>
</listitem>
<listitem>
<para>
Python 3.5 has reached its upstream EOL at the end of September 2020: it
has been removed from the list of available packages.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Two new options, <link linkend="opt-services.openssh.authorizedKeysCommand">authorizedKeysCommand</link> Two new options, <link linkend="opt-services.openssh.authorizedKeysCommand">authorizedKeysCommand</link>
@ -95,6 +170,447 @@
This is to make it possible to use <literal>podman</literal> instead of <literal>docker</literal>. This is to make it possible to use <literal>podman</literal> instead of <literal>docker</literal>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The new option <link linkend="opt-documentation.man.generateCaches">documentation.man.generateCaches</link>
has been added to automatically generate the <literal>man-db</literal> caches, which are needed by utilities
like <command>whatis</command> and <command>apropos</command>. The caches are generated during the build of
the NixOS configuration: since this can be expensive when a large number of packages are installed, the
feature is disabled by default.
</para>
</listitem>
<listitem>
<para>
<varname>services.postfix.sslCACert</varname> was replaced by <varname>services.postfix.tlsTrustedAuthorities</varname> which now defaults to system certificate authorities.
</para>
</listitem>
<listitem>
<para>
The various documented workarounds to use steam have been converted to a module. <varname>programs.steam.enable</varname> enables steam, controller support and the workarounds.
</para>
</listitem>
<listitem>
<para>
Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the <link xlink:href="https://sourceforge.net/projects/g15daemon/">g15daemon project</link>.
</para>
</listitem>
<listitem>
<para>
The GRUB module gained support for basic password protection, which
allows to restrict non-default entries in the boot menu to one or more
users. The users and passwords are defined via the option
<option>boot.loader.grub.users</option>.
Note: Password support is only available in GRUB version 2.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
NixOS module changes:
</para>
<itemizedlist>
<listitem>
<para>
The NixOS module system now supports freeform modules as a mix between <literal>types.attrsOf</literal> and <literal>types.submodule</literal>. These allow you to explicitly declare a subset of options while still permitting definitions without an associated option. See <xref linkend='sec-freeform-modules'/> for how to use them.
</para>
</listitem>
<listitem>
<para>
Following its deprecation in 20.03, the Perl NixOS test driver has been removed.
All remaining tests have been ported to the Python test framework.
Code outside nixpkgs using <filename>make-test.nix</filename> or
<filename>testing.nix</filename> needs to be ported to
<filename>make-test-python.nix</filename> and
<filename>testing-python.nix</filename> respectively.
</para>
</listitem>
<listitem>
<para>
Subordinate GID and UID mappings are now set up automatically for all normal users.
This will make container tools like Podman work as non-root users out of the box.
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-new-services">
<title>New Services</title>
<para>
In addition to 1119 new, 118 updated, and 476 removed options; 61 new modules were added since the last release:
</para>
<itemizedlist>
<listitem>
<para>
Hardware:
</para>
<itemizedlist>
<listitem>
<para>
<xref linkend="opt-hardware.system76.firmware-daemon.enable" /> adds easy support of system76 firmware
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-hardware.uinput.enable" /> loads uinput kernel module
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-hardware.video.hidpi.enable" /> enable good defaults for HiDPI displays
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-hardware.wooting.enable" /> support for Wooting keyboards
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-hardware.xpadneo.enable" /> xpadneo driver for Xbox One wireless controllers
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Programs:
</para>
<itemizedlist>
<listitem>
<para>
<xref linkend="opt-programs.hamster.enable" /> enable hamster time tracking
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-programs.steam.enable" /> adds easy enablement of steam and related system configuration
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Security:
</para>
<itemizedlist>
<listitem>
<para>
<xref linkend="opt-security.doas.enable" /> alternative to sudo, allows non-root users to execute commands as root
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-security.tpm2.enable" /> add Trusted Platform Module 2 support
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
System:
</para>
<itemizedlist>
<listitem>
<para>
<xref linkend="opt-boot.initrd.network.openvpn.enable" /> start an OpenVPN client during initrd boot
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Virtualization:
</para>
<itemizedlist>
<listitem>
<para>
<xref linkend="opt-boot.enableContainers" /> use nixos-containers
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-virtualisation.oci-containers.containers" /> run OCI (Docker) containers
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-virtualisation.podman.enable" /> daemonless container engine
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Services:
</para>
<itemizedlist>
<listitem>
<para>
<xref linkend="opt-services.ankisyncd.enable" /> Anki sync server
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.bazarr.enable" /> Subtitle manager for Sonarr and Radarr
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.biboumi.enable" /> Biboumi XMPP gateway to IRC
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.blockbook-frontend" /> Blockbook-frontend, a service for the Trezor wallet
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.cage.enable" /> Wayland cage service
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.convos.enable" /> IRC daemon, which can be accessed throught the browser
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.engelsystem.enable" /> Tool for coordinating volunteers and shifts on large events
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.espanso.enable" /> text-expander written in rust
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.foldingathome.enable" /> Folding@home client
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.gerrit.enable" /> Web-based team code collaboration tool
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.go-neb.enable" /> Matrix bot
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.hardware.xow.enable" /> xow as a systemd service
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.hercules-ci-agent.enable" /> Hercules CI build agent
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.jicofo.enable" /> Jitsi Conference Focus, component of Jitsi Meet
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.jirafeau.enable" /> A web file repository
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.jitsi-meet.enable" /> Secure, simple and scalable video conferences
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.jitsi-videobridge.enable" /> Jitsi Videobridge, a WebRTC compatible router
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.jupyterhub.enable" /> Jupyterhub development server
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.k3s.enable" /> Lightweight Kubernetes distribution
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.magic-wormhole-mailbox-server.enable" /> Magic Wormhole Mailbox Server
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.malcontent.enable" /> Parental Control support
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.matrix-appservice-discord.enable" /> Matrix and Discord bridge
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.mautrix-telegram.enable" /> Matrix-Telegram puppeting/relaybot bridge
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.mirakurun.enable" /> Japanese DTV Tuner Server Service
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.molly-brown.enable" /> Molly-Brown Gemini server
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.mullvad-vpn.enable" /> Mullvad VPN daemon
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.ncdns.enable" /> Namecoin to DNS bridge
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.nextdns.enable" /> NextDNS to DoH Proxy service
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.nix-store-gcs-proxy" /> Google storage bucket to be used as a nix store
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.onedrive.enable" /> OneDrive sync service
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.pinnwand.enable" /> Pastebin-like service
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.pixiecore.enable" /> Manage network booting of machines
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.privacyidea.enable" /> Privacy authentication server
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.quorum.enable" /> Quorum blockchain daemon
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.robustirc-bridge.enable" /> RobustIRC bridge
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.rss-bridge.enable" /> Generate RSS and Atom feeds
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.rtorrent.enable" /> rTorrent service
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.smartdns.enable" /> SmartDNS DNS server
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.sogo.enable" /> SOGo groupware
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.teeworlds.enable" /> Teeworlds game server
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.torque.mom.enable" /> torque computing node
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.torque.server.enable" /> torque server
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.tuptime.enable" /> A total uptime service
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.urserver.enable" /> X11 remote server
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.wasabibackend.enable" /> Wasabi backend service
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.yubikey-agent.enable" /> Yubikey agent
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-services.zigbee2mqtt.enable" /> Zigbee to MQTT bridge
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the following
incompatible changes:
</para>
<itemizedlist>
<listitem> <listitem>
<para> <para>
MariaDB has been updated to 10.4, MariaDB Galera to 26.4. MariaDB has been updated to 10.4, MariaDB Galera to 26.4.
@ -144,36 +660,7 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION;
from the default of <literal>mysql</literal> to a different user please change <literal>'mysql'@'localhost'</literal> to the corresponding user instead. from the default of <literal>mysql</literal> to a different user please change <literal>'mysql'@'localhost'</literal> to the corresponding user instead.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The new option <link linkend="opt-documentation.man.generateCaches">documentation.man.generateCaches</link>
has been added to automatically generate the <literal>man-db</literal> caches, which are needed by utilities
like <command>whatis</command> and <command>apropos</command>. The caches are generated during the build of
the NixOS configuration: since this can be expensive when a large number of packages are installed, the
feature is disabled by default.
</para>
</listitem>
<listitem>
<para>
<varname>services.postfix.sslCACert</varname> was replaced by <varname>services.postfix.tlsTrustedAuthorities</varname> which now defaults to system certificate authorities.
</para>
</listitem>
<listitem>
<para>
Subordinate GID and UID mappings are now set up automatically for all normal users.
This will make container tools like Podman work as non-root users out of the box.
</para>
</listitem>
<listitem>
<para>
The various documented workarounds to use steam have been converted to a module. <varname>programs.steam.enable</varname> enables steam, controller support and the workarounds.
</para>
</listitem>
<listitem>
<para>
Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the g15daemon project.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Zabbix now defaults to 5.0, updated from 4.4. Please carefully read through Zabbix now defaults to 5.0, updated from 4.4. Please carefully read through
@ -208,72 +695,13 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION;
</programlisting> </programlisting>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
The NixOS module system now supports freeform modules as a mix between <literal>types.attrsOf</literal> and <literal>types.submodule</literal>. These allow you to explicitly declare a subset of options while still permitting definitions without an associated option. See <xref linkend='sec-freeform-modules'/> for how to use them. <package>maxx</package> package removed along with <varname>services.xserver.desktopManager.maxx</varname> module.
Please migrate to <package>cdesktopenv</package> and <varname>services.xserver.desktopManager.cde</varname> module.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The GRUB module gained support for basic password protection, which
allows to restrict non-default entries in the boot menu to one or more
users. The users and passwords are defined via the option
<option>boot.loader.grub.users</option>.
Note: Password support is only avaiable in GRUB version 2.
</para>
</listitem>
<listitem>
<para>
Following its deprecation in 20.03, the Perl NixOS test driver has been removed.
All remaining tests have been ported to the Python test framework.
Code outside nixpkgs using <filename>make-test.nix</filename> or
<filename>testing.nix</filename> needs to be ported to
<filename>make-test-python.nix</filename> and
<filename>testing-python.nix</filename> respectively.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-new-services">
<title>New Services</title>
<para>
The following new services were added since the last release:
</para>
<itemizedlist>
<listitem>
<para>
There is a new <xref linkend="opt-security.doas.enable"/> module that provides <command>doas</command>, a lighter alternative to <command>sudo</command> with many of the same features.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://hercules-ci.com">Hercules CI</link> Agent is a specialized build agent for projects built with Nix. See the <link xlink:href="https://nixos.org/nixos/options.html#services.hercules-ci-agent">options</link> and <link xlink:href="https://docs.hercules-ci.com/hercules-ci/getting-started/#deploy-agent">setup</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the following
incompatible changes:
</para>
<itemizedlist>
<listitem> <listitem>
<para> <para>
The <link linkend="opt-services.matrix-synapse.enable">matrix-synapse</link> module no longer includes optional dependencies by default, they have to be added through the <link linkend="opt-services.matrix-synapse.plugins">plugins</link> option. The <link linkend="opt-services.matrix-synapse.enable">matrix-synapse</link> module no longer includes optional dependencies by default, they have to be added through the <link linkend="opt-services.matrix-synapse.plugins">plugins</link> option.
@ -300,7 +728,7 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION;
It can still be enabled by providing <literal>phantomJsSupport = true</literal> to the package instantiation: It can still be enabled by providing <literal>phantomJsSupport = true</literal> to the package instantiation:
<programlisting>{ <programlisting>{
services.grafana.package = pkgs.grafana.overrideAttrs (oldAttrs: rec { services.grafana.package = pkgs.grafana.overrideAttrs (oldAttrs: rec {
phantomJsSupport = false; phantomJsSupport = true;
}); });
}</programlisting> }</programlisting>
</para> </para>
@ -642,6 +1070,13 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
<para> <para>
In the <literal>resilio</literal> module, <xref linkend="opt-services.resilio.httpListenAddr"/> has been changed to listen to <literal>[::1]</literal> instead of <literal>0.0.0.0</literal>. In the <literal>resilio</literal> module, <xref linkend="opt-services.resilio.httpListenAddr"/> has been changed to listen to <literal>[::1]</literal> instead of <literal>0.0.0.0</literal>.
</para> </para>
</listitem>
<listitem>
<para>
<literal>sslh</literal> has been updated to version
<literal>1.21</literal>. The <literal>ssl</literal> probe must be
renamed to <literal>tls</literal> in <xref linkend="opt-services.sslh.appendConfig"/>.
</para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
@ -1102,6 +1537,8 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0";
<package>nextcloud18</package> before upgrading to <package>nextcloud19</package> <package>nextcloud18</package> before upgrading to <package>nextcloud19</package>
since Nextcloud doesn't support upgrades across multiple major versions. since Nextcloud doesn't support upgrades across multiple major versions.
</para> </para>
</listitem>
<listitem>
<para> <para>
The <literal>nixos-run-vms</literal> script now deletes the The <literal>nixos-run-vms</literal> script now deletes the
previous run machines states on test startup. You can use the previous run machines states on test startup. You can use the
@ -1181,7 +1618,7 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0";
nixpkgs. It was a work in progress to package the nixpkgs. It was a work in progress to package the
<link xlink:href="https://www.deepin.org/en/dde/">Deepin Desktop Environment (DDE)</link>, <link xlink:href="https://www.deepin.org/en/dde/">Deepin Desktop Environment (DDE)</link>,
including libraries, tools and applications, and it was still including libraries, tools and applications, and it was still
missing a service to lauch the desktop environment. It has shown missing a service to launch the desktop environment. It has shown
to no longer be a feasible goal due to reasons discussed in to no longer be a feasible goal due to reasons discussed in
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/94870">issue #94870</link>. <link xlink:href="https://github.com/NixOS/nixpkgs/issues/94870">issue #94870</link>.
The package <literal>netease-cloud-music</literal> has also been The package <literal>netease-cloud-music</literal> has also been
@ -1226,4 +1663,131 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0";
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.09-contributions">
<title>Contributions</title>
<para>
I, Jonathan Ringer, would like to thank the following individuals for their work on nixpkgs. This release could not be done without the hard work of the NixOS community. There were 31282 contributions across 1313 contributors.
</para>
<orderedlist>
<para>
Top contributors to NixOS/Nixpkgs from the 20.03 release to the 20.09 release:
</para>
<listitem>
<para>
2288 Mario Rodas
</para>
</listitem>
<listitem>
<para>
1837 Frederik Rietdijk
</para>
</listitem>
<listitem>
<para>
946 Jörg Thalheim
</para>
</listitem>
<listitem>
<para>
925 Maximilian Bosch
</para>
</listitem>
<listitem>
<para>
687 Jonathan Ringer
</para>
</listitem>
<listitem>
<para>
651 Jan Tojnar
</para>
</listitem>
<listitem>
<para>
622 Daniël de Kok
</para>
</listitem>
<listitem>
<para>
605 WORLDofPEACE
</para>
</listitem>
<listitem>
<para>
597 Florian Klink
</para>
</listitem>
<listitem>
<para>
528 José Romildo Malaquias
</para>
</listitem>
</orderedlist>
<orderedlist>
<para>
Top contributors to stabilizing this release (Zero Hydra Failures period):
</para>
<listitem>
<para>
281 volth
</para>
</listitem>
<listitem>
<para>
101 Robert Scott
</para>
</listitem>
<listitem>
<para>
86 Tim Steinbach
</para>
</listitem>
<listitem>
<para>
76 WORLDofPEACE
</para>
</listitem>
<listitem>
<para>
49 Maximilian Bosch
</para>
</listitem>
<listitem>
<para>
42 Thomas Tuegel
</para>
</listitem>
<listitem>
<para>
37 Doron Behar
</para>
</listitem>
<listitem>
<para>
36 Vladimír Čunát
</para>
</listitem>
<listitem>
<para>
27 Jonathan Ringer
</para>
</listitem>
<listitem>
<para>
27 Maciej Krüger
</para>
</listitem>
</orderedlist>
<para>
I, Jonathan Ringer, would also like to personally thank @WORLDofPEACE for their help in mentoring me on the release process. Special thanks also goes to Thomas Tuegel for helping immensely with stabilizing Qt, KDE, and Plasma5; I would also like to thank Robert Scott for his numerous fixes and pull request reviews.
</para>
</section>
</section> </section>

27
nixos/doc/manual/release-notes/rl-2103.xml
View File

@ -63,6 +63,17 @@
<literal>systemd-journal2gelf</literal> no longer parses json and expects the receiving system to handle it. How to achieve this with Graylog is described in this <link xlink:href="https://github.com/parse-nl/SystemdJournal2Gelf/issues/10">GitHub issue</link>. <literal>systemd-journal2gelf</literal> no longer parses json and expects the receiving system to handle it. How to achieve this with Graylog is described in this <link xlink:href="https://github.com/parse-nl/SystemdJournal2Gelf/issues/10">GitHub issue</link>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
If the <varname>services.dbus</varname> module is enabled, then
the user D-Bus session is now always socket activated. The
associated options <varname>services.dbus.socketActivated</varname>
and <varname>services.xserver.startDbusSession</varname> have
therefore been removed and you will receive a warning if
they are present in your configuration. This change makes the
user D-Bus session available also for non-graphical logins.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
The option <option>fonts.enableFontDir</option> has been renamed to The option <option>fonts.enableFontDir</option> has been renamed to
@ -82,6 +93,22 @@
<literal>kicad/default.nix</literal>. <literal>kicad/default.nix</literal>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The socket for the <literal>pdns-recursor</literal> module was moved from <literal>/var/lib/pdns-recursor</literal>
to <literal>/run/pdns-recursor</literal> to match upstream.
</para>
</listitem>
<listitem>
<para>
PowerDNS has been updated from <literal>4.2.x</literal> to <literal>4.3.x</literal>. Please
be sure to review the <link xlink:href="https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-3-0">Upgrade Notes</link>
provided by upstream before upgrading. Worth specifically noting is that the service now runs
entirely as a dedicated <literal>pdns</literal> user, instead of starting as <literal>root</literal>
and dropping privileges, as well as the default <literal>socket-dir</literal> location changing from
<literal>/var/lib/powerdns</literal> to <literal>/run/pdns</literal>.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>

4
nixos/lib/build-vms.nix
View File

@ -18,9 +18,6 @@ rec {
inherit pkgs; inherit pkgs;
qemu = pkgs.qemu_test;
# Build a virtual network from an attribute set `{ machine1 = # Build a virtual network from an attribute set `{ machine1 =
# config1; ... machineN = configN; }', where `machineX' is the # config1; ... machineN = configN; }', where `machineX' is the
# hostname and `configX' is a NixOS system configuration. Each # hostname and `configX' is a NixOS system configuration. Each
@ -39,7 +36,6 @@ rec {
[ ../modules/virtualisation/qemu-vm.nix [ ../modules/virtualisation/qemu-vm.nix
../modules/testing/test-instrumentation.nix # !!! should only get added for automated test runs ../modules/testing/test-instrumentation.nix # !!! should only get added for automated test runs
{ key = "no-manual"; documentation.nixos.enable = false; } { key = "no-manual"; documentation.nixos.enable = false; }
{ key = "qemu"; system.build.qemu = qemu; }
{ key = "nodes"; _module.args.nodes = nodes; } { key = "nodes"; _module.args.nodes = nodes; }
] ++ optional minimal ../modules/testing/minimal-kernel.nix; ] ++ optional minimal ../modules/testing/minimal-kernel.nix;
}; };

2
nixos/lib/test-driver/test-driver.py
View File

@ -110,7 +110,6 @@ def create_vlan(vlan_nr: str) -> Tuple[str, str, "subprocess.Popen[bytes]", Any]
pty_master, pty_slave = pty.openpty() pty_master, pty_slave = pty.openpty()
vde_process = subprocess.Popen( vde_process = subprocess.Popen(
["vde_switch", "-s", vde_socket, "--dirmode", "0700"], ["vde_switch", "-s", vde_socket, "--dirmode", "0700"],
bufsize=1,
stdin=pty_slave, stdin=pty_slave,
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, stderr=subprocess.PIPE,
@ -748,7 +747,6 @@ class Machine:
self.process = subprocess.Popen( self.process = subprocess.Popen(
self.script, self.script,
bufsize=1,
stdin=subprocess.DEVNULL, stdin=subprocess.DEVNULL,
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.STDOUT, stderr=subprocess.STDOUT,

102
nixos/lib/testing-python.nix
View File

@ -7,9 +7,9 @@
# !!! See comment about args in lib/modules.nix # !!! See comment about args in lib/modules.nix
, specialArgs ? { } , specialArgs ? { }
# Modules to add to each VM # Modules to add to each VM
, extraConfigurations ? [] }: , extraConfigurations ? [ ]
}:
with import ./build-vms.nix { inherit system pkgs minimal specialArgs extraConfigurations; };
with pkgs; with pkgs;
rec { rec {
@ -17,9 +17,11 @@ rec {
inherit pkgs; inherit pkgs;
testDriver = let mkTestDriver =
let
testDriverScript = ./test-driver/test-driver.py; testDriverScript = ./test-driver/test-driver.py;
in stdenv.mkDerivation { in
qemu_pkg: stdenv.mkDerivation {
name = "nixos-test-driver"; name = "nixos-test-driver";
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
@ -47,11 +49,10 @@ rec {
# TODO: copy user script part into this file (append) # TODO: copy user script part into this file (append)
wrapProgram $out/bin/nixos-test-driver \ wrapProgram $out/bin/nixos-test-driver \
--prefix PATH : "${lib.makeBinPath [ qemu_test vde2 netpbm coreutils ]}" \ --prefix PATH : "${lib.makeBinPath [ qemu_pkg vde2 netpbm coreutils ]}" \
''; '';
}; };
# Run an automated test suite in the given virtual network. # Run an automated test suite in the given virtual network.
# `driver' is the script that runs the network. # `driver' is the script that runs the network.
runTests = driver: runTests = driver:
@ -77,7 +78,6 @@ rec {
, skipLint ? false , skipLint ? false
, ... , ...
} @ t: } @ t:
let let
# A standard store path to the vm monitor is built like this: # A standard store path to the vm monitor is built like this:
# /tmp/nix-build-vm-test-run-$name.drv-0/vm-state-machine/monitor # /tmp/nix-build-vm-test-run-$name.drv-0/vm-state-machine/monitor
@ -86,25 +86,7 @@ rec {
maxTestNameLen = 50; maxTestNameLen = 50;
testNameLen = builtins.stringLength name; testNameLen = builtins.stringLength name;
testDriverName = with builtins;
if testNameLen > maxTestNameLen then
abort ("The name of the test '${name}' must not be longer than ${toString maxTestNameLen} " +
"it's currently ${toString testNameLen} characters long.")
else
"nixos-test-driver-${name}";
nodes = buildVirtualNetwork (
t.nodes or (if t ? machine then { machine = t.machine; } else { }));
testScript' =
# Call the test script with the computed nodes.
if lib.isFunction testScript
then testScript { inherit nodes; }
else testScript;
vlans = map (m: m.config.virtualisation.vlans) (lib.attrValues nodes);
vms = map (m: m.config.system.build.vm) (lib.attrValues nodes);
ocrProg = tesseract4.override { enableLanguages = [ "eng" ]; }; ocrProg = tesseract4.override { enableLanguages = [ "eng" ]; };
@ -113,11 +95,51 @@ rec {
# Generate convenience wrappers for running the test driver # Generate convenience wrappers for running the test driver
# interactively with the specified network, and for starting the # interactively with the specified network, and for starting the
# VMs from the command line. # VMs from the command line.
driver = let warn = if skipLint then lib.warn "Linting is disabled!" else lib.id; in warn (runCommand testDriverName mkDriver = qemu_pkg:
{ buildInputs = [ makeWrapper]; let
build-vms = import ./build-vms.nix {
inherit system pkgs minimal specialArgs;
extraConfigurations = extraConfigurations ++ (pkgs.lib.optional (qemu_pkg != null)
{
virtualisation.qemu.package = qemu_pkg;
}
);
};
# FIXME: get this pkg from the module system
testDriver = mkTestDriver (if qemu_pkg == null then pkgs.qemu_test else qemu_pkg);
nodes = build-vms.buildVirtualNetwork (
t.nodes or (if t ? machine then { machine = t.machine; } else { })
);
vlans = map (m: m.config.virtualisation.vlans) (lib.attrValues nodes);
vms = map (m: m.config.system.build.vm) (lib.attrValues nodes);
testScript' =
# Call the test script with the computed nodes.
if lib.isFunction testScript
then testScript { inherit nodes; }
else testScript;
testDriverName = with builtins;
if testNameLen > maxTestNameLen then
abort
("The name of the test '${name}' must not be longer than ${toString maxTestNameLen} " +
"it's currently ${toString testNameLen} characters long.")
else
"nixos-test-driver-${name}";
warn = if skipLint then lib.warn "Linting is disabled!" else lib.id;
in
warn (runCommand testDriverName
{
buildInputs = [ makeWrapper ];
testScript = testScript'; testScript = testScript';
preferLocalBuild = true; preferLocalBuild = true;
testName = name; testName = name;
passthru = {
inherit nodes;
};
} }
'' ''
mkdir -p $out/bin mkdir -p $out/bin
@ -148,11 +170,15 @@ rec {
meta = (drv.meta or { }) // t.meta; meta = (drv.meta or { }) // t.meta;
}; };
driver = mkDriver null;
driverInteractive = mkDriver pkgs.qemu;
test = passMeta (runTests driver); test = passMeta (runTests driver);
nodeNames = builtins.attrNames nodes; nodeNames = builtins.attrNames driver.nodes;
invalidNodeNames = lib.filter invalidNodeNames = lib.filter
(node: builtins.match "^[A-z_]([A-z0-9_]+)?$" node == null) nodeNames; (node: builtins.match "^[A-z_]([A-z0-9_]+)?$" node == null)
nodeNames;
in in
if lib.length invalidNodeNames > 0 then if lib.length invalidNodeNames > 0 then
@ -165,7 +191,8 @@ rec {
'' ''
else else
test // { test // {
inherit nodes driver test; inherit test driver driverInteractive;
inherit (driver) nodes;
}; };
runInMachine = runInMachine =
@ -173,12 +200,19 @@ rec {
, machine , machine
, preBuild ? "" , preBuild ? ""
, postBuild ? "" , postBuild ? ""
, qemu ? pkgs.qemu_test
, ... # ??? , ... # ???
}: }:
let let
vm = buildVM { } build-vms = import ./build-vms.nix {
[ machine inherit system pkgs minimal specialArgs extraConfigurations;
{ key = "run-in-machine"; };
vm = build-vms.buildVM { }
[
machine
{
key = "run-in-machine";
networking.hostName = "client"; networking.hostName = "client";
nix.readOnlyStore = false; nix.readOnlyStore = false;
virtualisation.writableStore = false; virtualisation.writableStore = false;
@ -221,7 +255,7 @@ rec {
unset xchg unset xchg
export tests='${testScript}' export tests='${testScript}'
${testDriver}/bin/nixos-test-driver ${vm.config.system.build.vm}/bin/run-*-vm ${mkTestDriver qemu}/bin/nixos-test-driver --keep-vm-state ${vm.config.system.build.vm}/bin/run-*-vm
''; # */ ''; # */
in in

2
nixos/modules/config/fonts/fontdir.nix
View File

@ -8,7 +8,7 @@ let
x11Fonts = pkgs.runCommand "X11-fonts" { preferLocalBuild = true; } '' x11Fonts = pkgs.runCommand "X11-fonts" { preferLocalBuild = true; } ''
mkdir -p "$out/share/X11/fonts" mkdir -p "$out/share/X11/fonts"
font_regexp='.*\.\(ttf\|otf\|pcf\|pfa\|pfb\|bdf\)\(\.gz\)?' font_regexp='.*\.\(ttf\|ttc\|otf\|pcf\|pfa\|pfb\|bdf\)\(\.gz\)?'
find ${toString config.fonts.fonts} -regex "$font_regexp" \ find ${toString config.fonts.fonts} -regex "$font_regexp" \
-exec ln -sf -t "$out/share/X11/fonts" '{}' \; -exec ln -sf -t "$out/share/X11/fonts" '{}' \;
cd "$out/share/X11/fonts" cd "$out/share/X11/fonts"

3
nixos/modules/config/no-x-libs.nix
View File

@ -30,11 +30,12 @@ with lib;
cairo = super.cairo.override { x11Support = false; }; cairo = super.cairo.override { x11Support = false; };
dbus = super.dbus.override { x11Support = false; }; dbus = super.dbus.override { x11Support = false; };
networkmanager-fortisslvpn = super.networkmanager-fortisslvpn.override { withGnome = false; }; networkmanager-fortisslvpn = super.networkmanager-fortisslvpn.override { withGnome = false; };
networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; };
networkmanager-l2tp = super.networkmanager-l2tp.override { withGnome = false; }; networkmanager-l2tp = super.networkmanager-l2tp.override { withGnome = false; };
networkmanager-openconnect = super.networkmanager-openconnect.override { withGnome = false; }; networkmanager-openconnect = super.networkmanager-openconnect.override { withGnome = false; };
networkmanager-openvpn = super.networkmanager-openvpn.override { withGnome = false; }; networkmanager-openvpn = super.networkmanager-openvpn.override { withGnome = false; };
networkmanager-sstp = super.networkmanager-vpnc.override { withGnome = false; };
networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; }; networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; };
networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; };
gobject-introspection = super.gobject-introspection.override { x11Support = false; }; gobject-introspection = super.gobject-introspection.override { x11Support = false; };
qemu = super.qemu.override { gtkSupport = false; spiceSupport = false; sdlSupport = false; }; qemu = super.qemu.override { gtkSupport = false; spiceSupport = false; sdlSupport = false; };
})); }));

2
nixos/modules/config/system-path.nix
View File

@ -33,6 +33,7 @@ let
pkgs.ncurses pkgs.ncurses
pkgs.netcat pkgs.netcat
config.programs.ssh.package config.programs.ssh.package
pkgs.mkpasswd
pkgs.procps pkgs.procps
pkgs.su pkgs.su
pkgs.time pkgs.time
@ -142,6 +143,7 @@ in
"/share/kservices5" "/share/kservices5"
"/share/kservicetypes5" "/share/kservicetypes5"
"/share/kxmlgui5" "/share/kxmlgui5"
"/share/systemd"
]; ];
system.path = pkgs.buildEnv { system.path = pkgs.buildEnv {

17
nixos/modules/config/users-groups.nix
View File

@ -35,8 +35,7 @@ let
''; '';
hashedPasswordDescription = '' hashedPasswordDescription = ''
To generate a hashed password install the <literal>mkpasswd</literal> To generate a hashed password run <literal>mkpasswd -m sha-512</literal>.
package and run <literal>mkpasswd -m sha-512</literal>.
If set to an empty string (<literal>""</literal>), this user will If set to an empty string (<literal>""</literal>), this user will
be able to log in without being asked for a password (but not via remote be able to log in without being asked for a password (but not via remote
@ -139,6 +138,20 @@ let
''; '';
}; };
pamMount = mkOption {
type = with types; attrsOf str;
default = {};
description = ''
Attributes for user's entry in
<filename>pam_mount.conf.xml</filename>.
Useful attributes might include <code>path</code>,
<code>options</code>, <code>fstype</code>, and <code>server</code>.
See <link
xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html" />
for more information.
'';
};
shell = mkOption { shell = mkOption {
type = types.either types.shellPackage types.path; type = types.either types.shellPackage types.path;
default = pkgs.shadow; default = pkgs.shadow;

20
nixos/modules/hardware/rtl-sdr.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
let
cfg = config.hardware.rtl-sdr;
in {
options.hardware.rtl-sdr = {
enable = lib.mkEnableOption ''
Enables rtl-sdr udev rules and ensures 'plugdev' group exists.
This is a prerequisite to using devices supported by rtl-sdr without
being root, since rtl-sdr USB descriptors will be owned by plugdev
through udev.
'';
};
config = lib.mkIf cfg.enable {
services.udev.packages = [ pkgs.rtl-sdr ];
users.groups.plugdev = {};
};
}

2
nixos/modules/hardware/video/nvidia.nix
View File

@ -235,7 +235,7 @@ in
hardware.opengl.extraPackages32 = optional offloadCfg.enable nvidia_libs32; hardware.opengl.extraPackages32 = optional offloadCfg.enable nvidia_libs32;
environment.systemPackages = [ nvidia_x11.bin nvidia_x11.settings ] environment.systemPackages = [ nvidia_x11.bin nvidia_x11.settings ]
++ filter (p: p != null) [ nvidia_x11.persistenced ]; ++ optionals nvidiaPersistencedEnabled [ nvidia_x11.persistenced ];
systemd.packages = optional cfg.powerManagement.enable nvidia_x11.out; systemd.packages = optional cfg.powerManagement.enable nvidia_x11.out;

4
nixos/modules/i18n/input-method/default.xml
View File

@ -252,8 +252,8 @@ i18n.inputMethod = {
<para> <para>
Hime is an extremely easy-to-use input method framework. It is lightweight, Hime is an extremely easy-to-use input method framework. It is lightweight,
stable, powerful and supports many commonly used input methods, including stable, powerful and supports many commonly used input methods, including
Cangjie, Zhuyin, Dayi, Rank, Shrimp, Greek, Japanese Anthy, Korean Pinyin, Cangjie, Zhuyin, Dayi, Rank, Shrimp, Greek, Korean Pinyin, Latin Alphabet,
Latin Alphabet, Rancang hunting birds, cool music, etc... etc...
</para> </para>
<para> <para>

18
nixos/modules/i18n/input-method/hime.nix
View File

@ -1,23 +1,9 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
with lib; with lib;
{ {
options = {
i18n.inputMethod.hime = {
enableChewing = mkOption {
type = with types; nullOr bool;
default = null;
description = "enable chewing input method";
};
enableAnthy = mkOption {
type = with types; nullOr bool;
default = null;
description = "enable anthy input method";
};
};
};
config = mkIf (config.i18n.inputMethod.enabled == "hime") { config = mkIf (config.i18n.inputMethod.enabled == "hime") {
i18n.inputMethod.package = pkgs.hime;
environment.variables = { environment.variables = {
GTK_IM_MODULE = "hime"; GTK_IM_MODULE = "hime";
QT_IM_MODULE = "hime"; QT_IM_MODULE = "hime";

9
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix
View File

@ -9,7 +9,14 @@ with lib;
isoImage.edition = "gnome"; isoImage.edition = "gnome";
services.xserver.desktopManager.gnome3.enable = true; services.xserver.desktopManager.gnome3 = {
# Add firefox to favorite-apps
favoriteAppsOverride = ''
[org.gnome.shell]
favorite-apps=[ 'firefox.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Calendar.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop' ]
'';
enable = true;
};
services.xserver.displayManager = { services.xserver.displayManager = {
gdm = { gdm = {

8
nixos/modules/installer/tools/nix-fallback-paths.nix
View File

@ -1,6 +1,6 @@
{ {
x86_64-linux = "/nix/store/4vz8sh9ngx34ivi0bw5hlycxdhvy5hvz-nix-2.3.7"; x86_64-linux = "/nix/store/qxayqjmlpqnmwg5yfsjjayw220ls8i2r-nix-2.3.8";
i686-linux = "/nix/store/dzxkg9lpp60bjmzvagns42vqlz3yq5kx-nix-2.3.7"; i686-linux = "/nix/store/5834psaay75048jp6d07liqh4j0v1swd-nix-2.3.8";
aarch64-linux = "/nix/store/cfvf8nl8mwyw817by5y8zd3s8pnf5m9f-nix-2.3.7"; aarch64-linux = "/nix/store/pic90a5fxvifz05jzkd0zak21f9mjin6-nix-2.3.8";
x86_64-darwin = "/nix/store/5ira7xgs92inqz1x8l0n1wci4r79hnd0-nix-2.3.7"; x86_64-darwin = "/nix/store/cjx3f8z12wlayp5983kli2a52ipi8jz2-nix-2.3.8";
} }

2
nixos/modules/installer/tools/nixos-build-vms/build-vms.nix
View File

@ -15,4 +15,4 @@ with import ../../../../lib/testing-python.nix {
pkgs = import ../../../../.. { inherit system config; }; pkgs = import ../../../../.. { inherit system config; };
}; };
(makeTest { inherit nodes; testScript = ""; }).driver (makeTest { inherit nodes; testScript = ""; }).driverInteractive

4
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -625,6 +625,10 @@ EOF
my $networkingDhcpConfig = generateNetworkingDhcpConfig(); my $networkingDhcpConfig = generateNetworkingDhcpConfig();
(my $desktopConfiguration = <<EOF)=~s/^/ /gm;
@desktopConfiguration@
EOF
write_file($fn, <<EOF); write_file($fn, <<EOF);
@configuration@ @configuration@
EOF EOF

76
nixos/modules/installer/tools/tools.nix
View File

@ -45,7 +45,7 @@ let
src = ./nixos-generate-config.pl; src = ./nixos-generate-config.pl;
path = lib.optionals (lib.elem "btrfs" config.boot.supportedFilesystems) [ pkgs.btrfs-progs ]; path = lib.optionals (lib.elem "btrfs" config.boot.supportedFilesystems) [ pkgs.btrfs-progs ];
perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/${pkgs.perl.libPrefix}"; perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/${pkgs.perl.libPrefix}";
inherit (config.system.nixos-generate-config) configuration; inherit (config.system.nixos-generate-config) configuration desktopConfiguration;
}; };
nixos-option = nixos-option =
@ -78,7 +78,8 @@ in
{ {
options.system.nixos-generate-config.configuration = mkOption { options.system.nixos-generate-config = {
configuration = mkOption {
internal = true; internal = true;
type = types.str; type = types.str;
description = '' description = ''
@ -94,8 +95,25 @@ in
''; '';
}; };
config = { desktopConfiguration = mkOption {
internal = true;
type = types.str;
default = "";
description = ''
Text to preseed the desktop configuration that <literal>nixos-generate-config</literal>
saves to <literal>/etc/nixos/configuration.nix</literal>.
This is an internal option. No backward compatibility is guaranteed.
Use at your own risk!
Note that this string gets spliced into a Perl script. The perl
variable <literal>$bootLoaderConfig</literal> can be used to
splice in the boot loader configuration.
'';
};
};
config = {
system.nixos-generate-config.configuration = mkDefault '' system.nixos-generate-config.configuration = mkDefault ''
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
@ -113,6 +131,9 @@ in
# networking.hostName = "nixos"; # Define your hostname. # networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
$networkingDhcpConfig $networkingDhcpConfig
# Configure network proxy if necessary # Configure network proxy if necessary
# networking.proxy.default = "http://user:password\@proxy:port/"; # networking.proxy.default = "http://user:password\@proxy:port/";
@ -125,13 +146,32 @@ in
# keyMap = "us"; # keyMap = "us";
# }; # };
# Set your time zone. $desktopConfiguration
# time.timeZone = "Europe/Amsterdam"; # Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# \$ nix search wget # \$ nix search wget
# environment.systemPackages = with pkgs; [ # environment.systemPackages = with pkgs; [
# wget vim # wget vim
# firefox
# ]; # ];
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
@ -140,7 +180,6 @@ in
# programs.gnupg.agent = { # programs.gnupg.agent = {
# enable = true; # enable = true;
# enableSSHSupport = true; # enableSSHSupport = true;
# pinentryFlavor = "gnome3";
# }; # };
# List services that you want to enable: # List services that you want to enable:
@ -154,31 +193,6 @@ in
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

4
nixos/modules/misc/ids.nix
View File

@ -297,7 +297,7 @@ in
headphones = 266; headphones = 266;
couchpotato = 267; couchpotato = 267;
gogs = 268; gogs = 268;
pdns-recursor = 269; #pdns-recursor = 269; # dynamically allocated as of 2020-20-18
#kresd = 270; # switched to "knot-resolver" with dynamic ID #kresd = 270; # switched to "knot-resolver" with dynamic ID
rpc = 271; rpc = 271;
geoip = 272; geoip = 272;
@ -468,7 +468,7 @@ in
#minecraft = 114; # unused #minecraft = 114; # unused
vault = 115; vault = 115;
#ripped = 116; # unused #ripped = 116; # unused
#murmur = 117; # unused murmur = 117;
foundationdb = 118; foundationdb = 118;
newrelic = 119; newrelic = 119;
starbound = 120; starbound = 120;

3
nixos/modules/module-list.nix
View File

@ -59,6 +59,7 @@
./hardware/pcmcia.nix ./hardware/pcmcia.nix
./hardware/printers.nix ./hardware/printers.nix
./hardware/raid/hpsa.nix ./hardware/raid/hpsa.nix
./hardware/rtl-sdr.nix
./hardware/steam-hardware.nix ./hardware/steam-hardware.nix
./hardware/system-76.nix ./hardware/system-76.nix
./hardware/tuxedo-keyboard.nix ./hardware/tuxedo-keyboard.nix
@ -79,6 +80,7 @@
./hardware/xpadneo.nix ./hardware/xpadneo.nix
./i18n/input-method/default.nix ./i18n/input-method/default.nix
./i18n/input-method/fcitx.nix ./i18n/input-method/fcitx.nix
./i18n/input-method/hime.nix
./i18n/input-method/ibus.nix ./i18n/input-method/ibus.nix
./i18n/input-method/nabi.nix ./i18n/input-method/nabi.nix
./i18n/input-method/uim.nix ./i18n/input-method/uim.nix
@ -171,6 +173,7 @@
./programs/wavemon.nix ./programs/wavemon.nix
./programs/waybar.nix ./programs/waybar.nix
./programs/wireshark.nix ./programs/wireshark.nix
./programs/wshowkeys.nix
./programs/x2goserver.nix ./programs/x2goserver.nix
./programs/xfs_quota.nix ./programs/xfs_quota.nix
./programs/xonsh.nix ./programs/xonsh.nix

2
nixos/modules/programs/chromium.nix
View File

@ -29,7 +29,7 @@ in
page. To install a chromium extension not included in the chrome web page. To install a chromium extension not included in the chrome web
store, append to the extension id a semicolon ";" followed by a URL store, append to the extension id a semicolon ";" followed by a URL
pointing to an Update Manifest XML file. See pointing to an Update Manifest XML file. See
<link xlink:href="https://www.chromium.org/administrators/policy-list-3#ExtensionInstallForcelist">ExtensionInstallForcelist</link> <link xlink:href="https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallForcelist">ExtensionInstallForcelist</link>
for additional details. for additional details.
''; '';
default = []; default = [];

2
nixos/modules/programs/ssmtp.nix
View File

@ -1,6 +1,6 @@
# Configuration for `ssmtp', a trivial mail transfer agent that can # Configuration for `ssmtp', a trivial mail transfer agent that can
# replace sendmail/postfix on simple systems. It delivers email # replace sendmail/postfix on simple systems. It delivers email
# directly to an SMTP server defined in its configuration file, wihout # directly to an SMTP server defined in its configuration file, without
# queueing mail locally. # queueing mail locally.
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:

12
nixos/modules/programs/vim.nix
View File

@ -14,10 +14,20 @@ in {
using the EDITOR environment variable. using the EDITOR environment variable.
''; '';
}; };
package = mkOption {
type = types.package;
default = pkgs.vim;
defaultText = "pkgs.vim";
example = "pkgs.vimHugeX";
description = ''
vim package to use.
'';
};
}; };
config = mkIf cfg.defaultEditor { config = mkIf cfg.defaultEditor {
environment.systemPackages = [ pkgs.vim ]; environment.systemPackages = [ cfg.package ];
environment.variables = { EDITOR = mkOverride 900 "vim"; }; environment.variables = { EDITOR = mkOverride 900 "vim"; };
}; };
} }

22
nixos/modules/programs/wshowkeys.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.wshowkeys;
in {
meta.maintainers = with maintainers; [ primeos ];
options = {
programs.wshowkeys = {
enable = mkEnableOption ''
wshowkeys (displays keypresses on screen on supported Wayland
compositors). It requires root permissions to read input events, but
these permissions are dropped after startup'';
};
};
config = mkIf cfg.enable {
security.wrappers.wshowkeys.source = "${pkgs.wshowkeys}/bin/wshowkeys";
};
}

4
nixos/modules/security/acme.nix
View File

@ -63,7 +63,7 @@ let
script = with builtins; concatStringsSep "\n" (mapAttrsToList (cert: data: '' script = with builtins; concatStringsSep "\n" (mapAttrsToList (cert: data: ''
for fixpath in /var/lib/acme/${escapeShellArg cert} /var/lib/acme/.lego/${escapeShellArg cert}; do for fixpath in /var/lib/acme/${escapeShellArg cert} /var/lib/acme/.lego/${escapeShellArg cert}; do
if [ -d "$fixpath" ]; then if [ -d "$fixpath" ]; then
chmod -R 750 "$fixpath" chmod -R u=rwX,g=rX,o= "$fixpath"
chown -R acme:${data.group} "$fixpath" chown -R acme:${data.group} "$fixpath"
fi fi
done done
@ -271,7 +271,7 @@ let
mv domainhash.txt certificates/ mv domainhash.txt certificates/
chmod 640 certificates/* chmod 640 certificates/*
chmod -R 700 accounts/* chmod -R u=rwX,g=,o= accounts/*
# Group might change between runs, re-apply it # Group might change between runs, re-apply it
chown 'acme:${data.group}' certificates/* chown 'acme:${data.group}' certificates/*

45
nixos/modules/security/pam.nix
View File

@ -318,6 +318,42 @@ let
''; '';
}; };
gnupg = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, pam_gnupg will attempt to automatically unlock the
user's GPG keys with the login password via
<command>gpg-agent</command>. The keygrips of all keys to be
unlocked should be written to <filename>~/.pam-gnupg</filename>,
and can be queried with <command>gpg -K --with-keygrip</command>.
Presetting passphrases must be enabled by adding
<literal>allow-preset-passphrase</literal> in
<filename>~/.gnupg/gpg-agent.conf</filename>.
'';
};
noAutostart = mkOption {
type = types.bool;
default = false;
description = ''
Don't start <command>gpg-agent</command> if it is not running.
Useful in conjunction with starting <command>gpg-agent</command> as
a systemd user service.
'';
};
storeOnly = mkOption {
type = types.bool;
default = false;
description = ''
Don't send the password immediately after login, but store for PAM
<literal>session</literal>.
'';
};
};
text = mkOption { text = mkOption {
type = types.nullOr types.lines; type = types.nullOr types.lines;
description = "Contents of the PAM service file."; description = "Contents of the PAM service file.";
@ -386,6 +422,7 @@ let
|| cfg.enableKwallet || cfg.enableKwallet
|| cfg.enableGnomeKeyring || cfg.enableGnomeKeyring
|| cfg.googleAuthenticator.enable || cfg.googleAuthenticator.enable
|| cfg.gnupg.enable
|| cfg.duoSecurity.enable)) '' || cfg.duoSecurity.enable)) ''
auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth auth required pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} ${optionalString cfg.nodelay "nodelay"} likeauth
${optionalString config.security.pam.enableEcryptfs ${optionalString config.security.pam.enableEcryptfs
@ -397,6 +434,10 @@ let
" kwalletd=${pkgs.kdeFrameworks.kwallet.bin}/bin/kwalletd5")} " kwalletd=${pkgs.kdeFrameworks.kwallet.bin}/bin/kwalletd5")}
${optionalString cfg.enableGnomeKeyring ${optionalString cfg.enableGnomeKeyring
"auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so"} "auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so"}
${optionalString cfg.gnupg.enable
"auth optional ${pkgs.pam_gnupg}/lib/security/pam_gnupg.so"
+ optionalString cfg.gnupg.storeOnly " store-only"
}
${optionalString cfg.googleAuthenticator.enable ${optionalString cfg.googleAuthenticator.enable
"auth required ${pkgs.googleAuthenticator}/lib/security/pam_google_authenticator.so no_increment_hotp"} "auth required ${pkgs.googleAuthenticator}/lib/security/pam_google_authenticator.so no_increment_hotp"}
${optionalString cfg.duoSecurity.enable ${optionalString cfg.duoSecurity.enable
@ -472,6 +513,10 @@ let
" kwalletd=${pkgs.kdeFrameworks.kwallet.bin}/bin/kwalletd5")} " kwalletd=${pkgs.kdeFrameworks.kwallet.bin}/bin/kwalletd5")}
${optionalString (cfg.enableGnomeKeyring) ${optionalString (cfg.enableGnomeKeyring)
"session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start"} "session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start"}
${optionalString cfg.gnupg.enable
"session optional ${pkgs.pam_gnupg}/lib/security/pam_gnupg.so"
+ optionalString cfg.gnupg.noAutostart " no-autostart"
}
${optionalString (config.virtualisation.lxc.lxcfs.enable) ${optionalString (config.virtualisation.lxc.lxcfs.enable)
"session optional ${pkgs.lxc}/lib/security/pam_cgfs.so -c all"} "session optional ${pkgs.lxc}/lib/security/pam_cgfs.so -c all"}
''); '');

12
nixos/modules/security/pam_mount.nix
View File

@ -39,8 +39,16 @@ in
environment.etc."security/pam_mount.conf.xml" = { environment.etc."security/pam_mount.conf.xml" = {
source = source =
let let
extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users; extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null || u.pamMount != {}) config.users.users;
userVolumeEntry = user: "<volume user=\"${user.name}\" path=\"${user.cryptHomeLuks}\" mountpoint=\"${user.home}\" />\n"; mkAttr = k: v: ''${k}="${v}"'';
userVolumeEntry = user: let
attrs = {
user = user.name;
path = user.cryptHomeLuks;
mountpoint = user.home;
} // user.pamMount;
in
"<volume ${concatStringsSep " " (mapAttrsToList mkAttr attrs)} />\n";
in in
pkgs.writeText "pam_mount.conf.xml" '' pkgs.writeText "pam_mount.conf.xml" ''
<?xml version="1.0" encoding="utf-8" ?> <?xml version="1.0" encoding="utf-8" ?>

2
nixos/modules/security/systemd-confinement.nix
View File

@ -160,7 +160,7 @@ in {
+ " the 'users.users' option instead as this combination is" + " the 'users.users' option instead as this combination is"
+ " currently not supported."; + " currently not supported.";
} }
{ assertion = !cfg.serviceConfig.ProtectSystem or false; { assertion = cfg.serviceConfig ? ProtectSystem -> cfg.serviceConfig.ProtectSystem == false;
message = "${whatOpt "ProtectSystem"}. ProtectSystem is not compatible" message = "${whatOpt "ProtectSystem"}. ProtectSystem is not compatible"
+ " with service confinement as it fails to remount /usr within" + " with service confinement as it fails to remount /usr within"
+ " our chroot. Please disable the option."; + " our chroot. Please disable the option.";

2
nixos/modules/services/admin/salt/master.nix
View File

@ -59,5 +59,5 @@ in
}; };
}; };
meta.maintainers = with lib.maintainers; [ aneeshusa ]; meta.maintainers = with lib.maintainers; [ Flakebi ];
} }

52
nixos/modules/services/backup/syncoid.nix
View File

@ -4,6 +4,15 @@ with lib;
let let
cfg = config.services.syncoid; cfg = config.services.syncoid;
# Extract pool names of local datasets (ones that don't contain "@") that
# have the specified type (either "source" or "target")
getPools = type: unique (map (d: head (builtins.match "([^/]+).*" d)) (
# Filter local datasets
filter (d: !hasInfix "@" d)
# Get datasets of the specified type
(catAttrs type (attrValues cfg.commands))
));
in { in {
# Interface # Interface
@ -26,14 +35,25 @@ in {
user = mkOption { user = mkOption {
type = types.str; type = types.str;
default = "root"; default = "syncoid";
example = "backup"; example = "backup";
description = '' description = ''
The user for the service. Sudo or ZFS privilege delegation must be The user for the service. ZFS privilege delegation will be
configured to use a user other than root. automatically configured for any local pools used by syncoid if this
option is set to a user other than root. The user will be given the
"hold" and "send" privileges on any pool that has datasets being sent
and the "create", "mount", "receive", and "rollback" privileges on
any pool that has datasets being received.
''; '';
}; };
group = mkOption {
type = types.str;
default = "syncoid";
example = "backup";
description = "The group for the service.";
};
sshKey = mkOption { sshKey = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
# Prevent key from being copied to store # Prevent key from being copied to store
@ -150,6 +170,18 @@ in {
# Implementation # Implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
users = {
users = mkIf (cfg.user == "syncoid") {
syncoid = {
group = cfg.group;
isSystemUser = true;
};
};
groups = mkIf (cfg.group == "syncoid") {
syncoid = {};
};
};
systemd.services.syncoid = { systemd.services.syncoid = {
description = "Syncoid ZFS synchronization service"; description = "Syncoid ZFS synchronization service";
script = concatMapStringsSep "\n" (c: lib.escapeShellArgs script = concatMapStringsSep "\n" (c: lib.escapeShellArgs
@ -160,10 +192,22 @@ in {
++ c.extraArgs ++ c.extraArgs
++ [ "--sendoptions" c.sendOptions ++ [ "--sendoptions" c.sendOptions
"--recvoptions" c.recvOptions "--recvoptions" c.recvOptions
"--no-privilege-elevation"
c.source c.target c.source c.target
])) (attrValues cfg.commands); ])) (attrValues cfg.commands);
after = [ "zfs.target" ]; after = [ "zfs.target" ];
serviceConfig.User = cfg.user; serviceConfig = {
ExecStartPre = (map (pool: lib.escapeShellArgs [
"+/run/booted-system/sw/bin/zfs" "allow"
cfg.user "hold,send" pool
]) (getPools "source")) ++
(map (pool: lib.escapeShellArgs [
"+/run/booted-system/sw/bin/zfs" "allow"
cfg.user "create,mount,receive,rollback" pool
]) (getPools "target"));
User = cfg.user;
Group = cfg.group;
};
startAt = cfg.interval; startAt = cfg.interval;
}; };
}; };

33
nixos/modules/services/continuous-integration/hydra/default.nix
View File

@ -37,8 +37,6 @@ let
haveLocalDB = cfg.dbi == localDB; haveLocalDB = cfg.dbi == localDB;
inherit (config.system) stateVersion;
hydra-package = hydra-package =
let let
makeWrapperArgs = concatStringsSep " " (mapAttrsToList (key: value: "--set \"${key}\" \"${value}\"") hydraEnv); makeWrapperArgs = concatStringsSep " " (mapAttrsToList (key: value: "--set \"${key}\" \"${value}\"") hydraEnv);
@ -96,7 +94,8 @@ in
package = mkOption { package = mkOption {
type = types.package; type = types.package;
defaultText = "pkgs.hydra"; default = pkgs.hydra-unstable;
defaultText = "pkgs.hydra-unstable";
description = "The Hydra package."; description = "The Hydra package.";
}; };
@ -225,34 +224,6 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
warnings = optional (cfg.package.migration or false) ''
You're currently deploying an older version of Hydra which is needed to
make some required database changes[1]. As soon as this is done, it's recommended
to run `hydra-backfill-ids` and set `services.hydra.package` to `pkgs.hydra-unstable`
after that.
[1] https://github.com/NixOS/hydra/pull/711
'';
services.hydra.package = with pkgs;
mkDefault (
if pkgs ? hydra
then throw ''
The Hydra package doesn't exist anymore in `nixpkgs`! It probably exists
due to an overlay. To upgrade Hydra, you need to take two steps as some
bigger changes in the database schema were implemented recently[1]. You first
need to deploy `pkgs.hydra-migration`, run `hydra-backfill-ids` on the server
and then deploy `pkgs.hydra-unstable`.
If you want to use `pkgs.hydra` from your overlay, please set `services.hydra.package`
explicitly to `pkgs.hydra` and make sure you know what you're doing.
[1] https://github.com/NixOS/hydra/pull/711
''
else if versionOlder stateVersion "20.03" then hydra-migration
else hydra-unstable
);
users.groups.hydra = { users.groups.hydra = {
gid = config.ids.gids.hydra; gid = config.ids.gids.hydra;
}; };

6
nixos/modules/services/continuous-integration/jenkins/default.nix
View File

@ -86,8 +86,8 @@ in {
}; };
packages = mkOption { packages = mkOption {
default = [ pkgs.stdenv pkgs.git pkgs.jdk config.programs.ssh.package pkgs.nix ]; default = [ pkgs.stdenv pkgs.git pkgs.jdk11 config.programs.ssh.package pkgs.nix ];
defaultText = "[ pkgs.stdenv pkgs.git pkgs.jdk config.programs.ssh.package pkgs.nix ]"; defaultText = "[ pkgs.stdenv pkgs.git pkgs.jdk11 config.programs.ssh.package pkgs.nix ]";
type = types.listOf types.package; type = types.listOf types.package;
description = '' description = ''
Packages to add to PATH for the jenkins process. Packages to add to PATH for the jenkins process.
@ -207,7 +207,7 @@ in {
# For reference: https://wiki.jenkins.io/display/JENKINS/JenkinsLinuxStartupScript # For reference: https://wiki.jenkins.io/display/JENKINS/JenkinsLinuxStartupScript
script = '' script = ''
${pkgs.jdk}/bin/java ${concatStringsSep " " cfg.extraJavaOptions} -jar ${cfg.package}/webapps/jenkins.war --httpListenAddress=${cfg.listenAddress} \ ${pkgs.jdk11}/bin/java ${concatStringsSep " " cfg.extraJavaOptions} -jar ${cfg.package}/webapps/jenkins.war --httpListenAddress=${cfg.listenAddress} \
--httpPort=${toString cfg.port} \ --httpPort=${toString cfg.port} \
--prefix=${cfg.prefix} \ --prefix=${cfg.prefix} \
-Djava.awt.headless=true \ -Djava.awt.headless=true \

14
nixos/modules/services/desktops/flatpak.nix
View File

@ -15,6 +15,18 @@ in {
options = { options = {
services.flatpak = { services.flatpak = {
enable = mkEnableOption "flatpak"; enable = mkEnableOption "flatpak";
guiPackages = mkOption {
internal = true;
type = types.listOf types.package;
default = [];
example = literalExample "[ pkgs.gnome3.gnome-software ]";
description = ''
Packages that provide an interface for flatpak
(like gnome-software) that will be automatically available
to all users when flatpak is enabled.
'';
};
}; };
}; };
@ -28,7 +40,7 @@ in {
} }
]; ];
environment.systemPackages = [ pkgs.flatpak ]; environment.systemPackages = [ pkgs.flatpak ] ++ cfg.guiPackages;
services.dbus.packages = [ pkgs.flatpak ]; services.dbus.packages = [ pkgs.flatpak ];

80
nixos/modules/services/desktops/pipewire.nix
View File

@ -5,8 +5,22 @@ with lib;
let let
cfg = config.services.pipewire; cfg = config.services.pipewire;
packages = with pkgs; [ pipewire ]; enable32BitAlsaPlugins = cfg.alsa.support32Bit
&& pkgs.stdenv.isx86_64
&& pkgs.pkgsi686Linux.pipewire != null;
# The package doesn't output to $out/lib/pipewire directly so that the
# overlays can use the outputs to replace the originals in FHS environments.
#
# This doesn't work in general because of missing development information.
jack-libs = pkgs.runCommand "jack-libs" {} ''
mkdir -p "$out/lib"
ln -s "${pkgs.pipewire.jack}/lib" "$out/lib/pipewire"
'';
pulse-libs = pkgs.runCommand "pulse-libs" {} ''
mkdir -p "$out/lib"
ln -s "${pkgs.pipewire.pulse}/lib" "$out/lib/pipewire"
'';
in { in {
meta = { meta = {
@ -25,17 +39,67 @@ in {
Automatically run pipewire when connections are made to the pipewire socket. Automatically run pipewire when connections are made to the pipewire socket.
''; '';
}; };
alsa = {
enable = mkEnableOption "ALSA support";
support32Bit = mkEnableOption "32-bit ALSA support on 64-bit systems";
};
jack = {
enable = mkEnableOption "JACK audio emulation";
};
pulse = {
enable = mkEnableOption "PulseAudio emulation";
};
}; };
}; };
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = packages; assertions = [
{
systemd.packages = packages; assertion = cfg.pulse.enable -> !config.hardware.pulseaudio.enable;
message = "PipeWire based PulseAudio emulation doesn't use the PulseAudio service";
systemd.user.sockets.pipewire.wantedBy = lib.mkIf cfg.socketActivation [ "sockets.target" ]; }
}; {
assertion = cfg.jack.enable -> !config.services.jack.jackd.enable;
message = "PIpeWire based JACK emulation doesn't use the JACK service";
}
];
environment.systemPackages = [ pkgs.pipewire ]
++ lib.optional cfg.jack.enable jack-libs
++ lib.optional cfg.pulse.enable pulse-libs;
systemd.packages = [ pkgs.pipewire ];
# PipeWire depends on DBUS but doesn't list it. Without this booting
# into a terminal results in the service crashing with an error.
systemd.user.sockets.pipewire.wantedBy = lib.mkIf cfg.socketActivation [ "sockets.target" ];
systemd.user.services.pipewire.bindsTo = [ "dbus.service" ];
services.udev.packages = [ pkgs.pipewire ];
# If any paths are updated here they must also be updated in the package test.
sound.extraConfig = mkIf cfg.alsa.enable ''
pcm_type.pipewire {
libs.native = ${pkgs.pipewire.lib}/lib/alsa-lib/libasound_module_pcm_pipewire.so ;
${optionalString enable32BitAlsaPlugins
"libs.32Bit = ${pkgs.pkgsi686Linux.pipewire.lib}/lib/alsa-lib/libasound_module_pcm_pipewire.so ;"}
}
pcm.!default {
@func getenv
vars [ PCM ]
default "plug:pipewire"
playback_mode "-1"
capture_mode "-1"
}
'';
environment.etc."alsa/conf.d/50-pipewire.conf" = mkIf cfg.alsa.enable {
source = "${pkgs.pipewire}/share/alsa/alsa.conf.d/50-pipewire.conf";
};
environment.sessionVariables.LD_LIBRARY_PATH =
lib.optional (cfg.jack.enable || cfg.pulse.enable) "/run/current-system/sw/lib/pipewire";
};
} }

46
nixos/modules/services/hardware/undervolt.nix
View File

@ -3,7 +3,12 @@
with lib; with lib;
let let
cfg = config.services.undervolt; cfg = config.services.undervolt;
cliArgs = lib.cli.toGNUCommandLineShell {} {
mkPLimit = limit: window:
if (isNull limit && isNull window) then null
else assert asserts.assertMsg (!isNull limit && !isNull window) "Both power limit and window must be set";
"${toString limit} ${toString window}";
cliArgs = lib.cli.toGNUCommandLine {} {
inherit (cfg) inherit (cfg)
verbose verbose
temp temp
@ -21,6 +26,9 @@ let
temp-bat = cfg.tempBat; temp-bat = cfg.tempBat;
temp-ac = cfg.tempAc; temp-ac = cfg.tempAc;
power-limit-long = mkPLimit cfg.p1.limit cfg.p1.window;
power-limit-short = mkPLimit cfg.p2.limit cfg.p2.window;
}; };
in in
{ {
@ -104,6 +112,40 @@ in
''; '';
}; };
p1.limit = mkOption {
type = with types; nullOr int;
default = null;
description = ''
The P1 Power Limit in Watts.
Both limit and window must be set.
'';
};
p1.window = mkOption {
type = with types; nullOr (oneOf [ float int ]);
default = null;
description = ''
The P1 Time Window in seconds.
Both limit and window must be set.
'';
};
p2.limit = mkOption {
type = with types; nullOr int;
default = null;
description = ''
The P2 Power Limit in Watts.
Both limit and window must be set.
'';
};
p2.window = mkOption {
type = with types; nullOr (oneOf [ float int ]);
default = null;
description = ''
The P2 Time Window in seconds.
Both limit and window must be set.
'';
};
useTimer = mkOption { useTimer = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -133,7 +175,7 @@ in
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
Restart = "no"; Restart = "no";
ExecStart = "${pkgs.undervolt}/bin/undervolt ${cliArgs}"; ExecStart = "${pkgs.undervolt}/bin/undervolt ${toString cliArgs}";
}; };
}; };

2
nixos/modules/services/mail/rspamd.nix
View File

@ -153,7 +153,7 @@ let
${concatStringsSep "\n" (mapAttrsToList (name: value: let ${concatStringsSep "\n" (mapAttrsToList (name: value: let
includeName = if name == "rspamd_proxy" then "proxy" else name; includeName = if name == "rspamd_proxy" then "proxy" else name;
tryOverride = if value.extraConfig == "" then "true" else "false"; tryOverride = boolToString (value.extraConfig == "");
in '' in ''
worker "${value.type}" { worker "${value.type}" {
type = "${value.type}"; type = "${value.type}";

40
nixos/modules/services/misc/jellyfin.nix
View File

@ -45,6 +45,46 @@ in
CacheDirectory = "jellyfin"; CacheDirectory = "jellyfin";
ExecStart = "${cfg.package}/bin/jellyfin --datadir '/var/lib/${StateDirectory}' --cachedir '/var/cache/${CacheDirectory}'"; ExecStart = "${cfg.package}/bin/jellyfin --datadir '/var/lib/${StateDirectory}' --cachedir '/var/cache/${CacheDirectory}'";
Restart = "on-failure"; Restart = "on-failure";
# Security options:
NoNewPrivileges = true;
AmbientCapabilities = "";
CapabilityBoundingSet = "";
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
LockPersonality = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RemoveIPC = true;
RestrictNamespaces = true;
# AF_NETLINK needed because Jellyfin monitors the network connection
RestrictAddressFamilies = [ "AF_NETLINK" "AF_INET" "AF_INET6" ];
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [
"@system-service"
"~@chown" "~@cpu-emulation" "~@debug" "~@keyring" "~@memlock" "~@module"
"~@obsolete" "~@privileged" "~@setuid"
];
}; };
}; };

2
nixos/modules/services/misc/nix-daemon.nix
View File

@ -45,7 +45,7 @@ let
trusted-substituters = ${toString cfg.trustedBinaryCaches} trusted-substituters = ${toString cfg.trustedBinaryCaches}
trusted-public-keys = ${toString cfg.binaryCachePublicKeys} trusted-public-keys = ${toString cfg.binaryCachePublicKeys}
auto-optimise-store = ${boolToString cfg.autoOptimiseStore} auto-optimise-store = ${boolToString cfg.autoOptimiseStore}
require-sigs = ${if cfg.requireSignedBinaryCaches then "true" else "false"} require-sigs = ${boolToString cfg.requireSignedBinaryCaches}
trusted-users = ${toString cfg.trustedUsers} trusted-users = ${toString cfg.trustedUsers}
allowed-users = ${toString cfg.allowedUsers} allowed-users = ${toString cfg.allowedUsers}
${optionalString (!cfg.distributedBuilds) '' ${optionalString (!cfg.distributedBuilds) ''

3
nixos/modules/services/monitoring/prometheus/exporters.nix
View File

@ -43,6 +43,7 @@ let
"postgres" "postgres"
"redis" "redis"
"rspamd" "rspamd"
"rtl_433"
"snmp" "snmp"
"surfboard" "surfboard"
"tor" "tor"
@ -224,6 +225,8 @@ in
services.prometheus.exporters.minio.minioAccessSecret = mkDefault config.services.minio.secretKey; services.prometheus.exporters.minio.minioAccessSecret = mkDefault config.services.minio.secretKey;
})] ++ [(mkIf config.services.rspamd.enable { })] ++ [(mkIf config.services.rspamd.enable {
services.prometheus.exporters.rspamd.url = mkDefault "http://localhost:11334/stat"; services.prometheus.exporters.rspamd.url = mkDefault "http://localhost:11334/stat";
})] ++ [(mkIf config.services.prometheus.exporters.rtl_433.enable {
hardware.rtl-sdr.enable = mkDefault true;
})] ++ [(mkIf config.services.nginx.enable { })] ++ [(mkIf config.services.nginx.enable {
systemd.services.prometheus-nginx-exporter.after = [ "nginx.service" ]; systemd.services.prometheus-nginx-exporter.after = [ "nginx.service" ];
systemd.services.prometheus-nginx-exporter.requires = [ "nginx.service" ]; systemd.services.prometheus-nginx-exporter.requires = [ "nginx.service" ];

78
nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix Normal file
View File

@ -0,0 +1,78 @@
{ config, lib, pkgs, options }:
let
cfg = config.services.prometheus.exporters.rtl_433;
in
{
port = 9550;
extraOpts = let
mkMatcherOptionType = field: description: with lib.types;
listOf (submodule {
options = {
name = lib.mkOption {
type = str;
description = "Name to match.";
};
"${field}" = lib.mkOption {
type = int;
inherit description;
};
location = lib.mkOption {
type = str;
description = "Location to match.";
};
};
});
in
{
rtl433Flags = lib.mkOption {
type = lib.types.str;
default = "-C si";
example = "-C si -R 19";
description = ''
Flags passed verbatim to rtl_433 binary.
Having <literal>-C si</literal> (the default) is recommended since only Celsius temperatures are parsed.
'';
};
channels = lib.mkOption {
type = mkMatcherOptionType "channel" "Channel to match.";
default = [];
example = [
{ name = "Acurite"; channel = 6543; location = "Kitchen"; }
];
description = ''
List of channel matchers to export.
'';
};
ids = lib.mkOption {
type = mkMatcherOptionType "id" "ID to match.";
default = [];
example = [
{ name = "Nexus"; id = 1; location = "Bedroom"; }
];
description = ''
List of ID matchers to export.
'';
};
};
serviceOpts = {
serviceConfig = {
# rtl-sdr udev rules make supported USB devices +rw by plugdev.
SupplementaryGroups = "plugdev";
ExecStart = let
matchers = (map (m:
"--channel_matcher '${m.name},${toString m.channel},${m.location}'"
) cfg.channels) ++ (map (m:
"--id_matcher '${m.name},${toString m.id},${m.location}'"
) cfg.ids); in ''
${pkgs.prometheus-rtl_433-exporter}/bin/rtl_433_prometheus \
-listen ${cfg.listenAddress}:${toString cfg.port} \
-subprocess "${pkgs.rtl_433}/bin/rtl_433 -F json ${cfg.rtl433Flags}" \
${lib.concatStringsSep " \\\n " matchers} \
${lib.concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

3
nixos/modules/services/networking/avahi-daemon.nix
View File

@ -86,7 +86,8 @@ in
ipv6 = mkOption { ipv6 = mkOption {
type = types.bool; type = types.bool;
default = false; default = config.networking.enableIPv6;
defaultText = "config.networking.enableIPv6";
description = "Whether to use IPv6."; description = "Whether to use IPv6.";
}; };

34
nixos/modules/services/networking/babeld.nix
View File

@ -87,9 +87,37 @@ in
description = "Babel routing daemon"; description = "Babel routing daemon";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.babeld}/bin/babeld -c ${configFile}"; serviceConfig = {
ExecStart = "${pkgs.babeld}/bin/babeld -c ${configFile} -I /run/babeld/babeld.pid -S /var/lib/babeld/state";
CapabilityBoundingSet = [ "CAP_NET_ADMIN" ];
IPAddressAllow = [ "fe80::/64" "ff00::/8" "::1/128" "127.0.0.0/8" ];
IPAddressDeny = "any";
LockPersonality = true;
NoNewPrivileges = true;
MemoryDenyWriteExecute = true;
ProtectSystem = "strict";
ProtectClock = true;
ProtectKernelTunables = false; # Couldn't write sysctl: Read-only file system
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_NETLINK" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
ProtectHome = true;
ProtectHostname = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = false; # kernel_route(ADD): Operation not permitted
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" ];
UMask = "0177";
RuntimeDirectory = "babeld";
StateDirectory = "babeld";
};
}; };
}; };
} }

24
nixos/modules/services/networking/blockbook-frontend.nix
View File

@ -158,15 +158,21 @@ let
type = types.attrs; type = types.attrs;
default = {}; default = {};
example = literalExample '' { example = literalExample '' {
alternative_estimate_fee = "whatthefee-disabled"; "alternative_estimate_fee" = "whatthefee-disabled";
alternative_estimate_fee_params = "{\"url\": \"https://whatthefee.io/data.json\", \"periodSeconds\": 60}"; "alternative_estimate_fee_params" = "{\"url\": \"https://whatthefee.io/data.json\", \"periodSeconds\": 60}";
fiat_rates = "coingecko"; "fiat_rates" = "coingecko";
fiat_rates_params = "{\"url\": \"https://api.coingecko.com/api/v3\", \"coin\": \"bitcoin\", \"periodSeconds\": 60}"; "fiat_rates_params" = "{\"url\": \"https://api.coingecko.com/api/v3\", \"coin\": \"bitcoin\", \"periodSeconds\": 60}";
coin_shortcut = "BTC"; "coin_shortcut" = "BTC";
coin_label = "Bitcoin"; "coin_label" = "Bitcoin";
xpub_magic = 76067358; "parse" = true;
xpub_magic_segwit_p2sh = 77429938; "subversion" = "";
xpub_magic_segwit_native = 78792518; "address_format" = "";
"xpub_magic" = 76067358;
"xpub_magic_segwit_p2sh" = 77429938;
"xpub_magic_segwit_native" = 78792518;
"mempool_workers" = 8;
"mempool_sub_workers" = 2;
"block_addresses_to_keep" = 300;
}''; }'';
description = '' description = ''
Additional configurations to be appended to <filename>coin.conf</filename>. Additional configurations to be appended to <filename>coin.conf</filename>.

5
nixos/modules/services/networking/dnscrypt-wrapper.nix
View File

@ -55,7 +55,10 @@ let
rotateKeys = '' rotateKeys = ''
# check if keys are not expired # check if keys are not expired
keyValid() { keyValid() {
fingerprint=$(dnscrypt-wrapper --show-provider-publickey | awk '{print $(NF)}') fingerprint=$(dnscrypt-wrapper \
--show-provider-publickey \
--provider-publickey-file=${publicKey} \
| awk '{print $(NF)}')
dnscrypt-proxy --test=${toString (cfg.keys.checkInterval + 1)} \ dnscrypt-proxy --test=${toString (cfg.keys.checkInterval + 1)} \
--resolver-address=127.0.0.1:${toString cfg.port} \ --resolver-address=127.0.0.1:${toString cfg.port} \
--provider-name=${cfg.providerName} \ --provider-name=${cfg.providerName} \

36
nixos/modules/services/networking/mosquitto.nix
View File

@ -123,12 +123,33 @@ in
''; '';
}; };
passwordFile = mkOption {
type = with types; uniq (nullOr str);
example = "/path/to/file";
default = null;
description = ''
Specifies the path to a file containing the
clear text password for the MQTT user.
'';
};
hashedPassword = mkOption { hashedPassword = mkOption {
type = with types; uniq (nullOr str); type = with types; uniq (nullOr str);
default = null; default = null;
description = '' description = ''
Specifies the hashed password for the MQTT User. Specifies the hashed password for the MQTT User.
<option>hashedPassword</option> overrides <option>password</option>. To generate hashed password install <literal>mosquitto</literal>
package and use <literal>mosquitto_passwd</literal>.
'';
};
hashedPasswordFile = mkOption {
type = with types; uniq (nullOr str);
example = "/path/to/file";
default = null;
description = ''
Specifies the path to a file containing the
hashed password for the MQTT user.
To generate hashed password install <literal>mosquitto</literal> To generate hashed password install <literal>mosquitto</literal>
package and use <literal>mosquitto_passwd</literal>. package and use <literal>mosquitto_passwd</literal>.
''; '';
@ -190,6 +211,13 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = mapAttrsToList (name: cfg: {
assertion = length (filter (s: s != null) (with cfg; [
password passwordFile hashedPassword hashedPasswordFile
])) <= 1;
message = "Cannot set more than one password option";
}) cfg.users;
systemd.services.mosquitto = { systemd.services.mosquitto = {
description = "Mosquitto MQTT Broker Daemon"; description = "Mosquitto MQTT Broker Daemon";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -210,7 +238,11 @@ in
touch ${cfg.dataDir}/passwd touch ${cfg.dataDir}/passwd
'' + concatStringsSep "\n" ( '' + concatStringsSep "\n" (
mapAttrsToList (n: c: mapAttrsToList (n: c:
if c.hashedPassword != null then if c.hashedPasswordFile != null then
"echo '${n}:'$(cat '${c.hashedPasswordFile}') >> ${cfg.dataDir}/passwd"
else if c.passwordFile != null then
"${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} $(cat '${c.passwordFile}')"
else if c.hashedPassword != null then
"echo '${n}:${c.hashedPassword}' >> ${cfg.dataDir}/passwd" "echo '${n}:${c.hashedPassword}' >> ${cfg.dataDir}/passwd"
else optionalString (c.password != null) else optionalString (c.password != null)
"${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} '${c.password}'" "${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} '${c.password}'"

5
nixos/modules/services/networking/murmur.nix
View File

@ -278,6 +278,10 @@ in
home = "/var/lib/murmur"; home = "/var/lib/murmur";
createHome = true; createHome = true;
uid = config.ids.uids.murmur; uid = config.ids.uids.murmur;
group = "murmur";
};
users.groups.murmur = {
gid = config.ids.gids.murmur;
}; };
systemd.services.murmur = { systemd.services.murmur = {
@ -300,6 +304,7 @@ in
RuntimeDirectory = "murmur"; RuntimeDirectory = "murmur";
RuntimeDirectoryMode = "0700"; RuntimeDirectoryMode = "0700";
User = "murmur"; User = "murmur";
Group = "murmur";
}; };
}; };
}; };

4
nixos/modules/services/networking/networkmanager.nix
View File

@ -15,6 +15,7 @@ let
networkmanager-openconnect networkmanager-openconnect
networkmanager-openvpn networkmanager-openvpn
networkmanager-vpnc networkmanager-vpnc
networkmanager-sstp
] ++ optional (!delegateWireless && !enableIwd) wpa_supplicant; ] ++ optional (!delegateWireless && !enableIwd) wpa_supplicant;
delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != []; delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != [];
@ -386,6 +387,9 @@ in {
"NetworkManager/VPN/nm-iodine-service.name".source = "NetworkManager/VPN/nm-iodine-service.name".source =
"${networkmanager-iodine}/lib/NetworkManager/VPN/nm-iodine-service.name"; "${networkmanager-iodine}/lib/NetworkManager/VPN/nm-iodine-service.name";
"NetworkManager/VPN/nm-sstp-service.name".source =
"${networkmanager-sstp}/lib/NetworkManager/VPN/nm-sstp-service.name";
} }
// optionalAttrs (cfg.appendNameservers != [] || cfg.insertNameservers != []) // optionalAttrs (cfg.appendNameservers != [] || cfg.insertNameservers != [])
{ {

52
nixos/modules/services/networking/pdns-recursor.nix
View File

@ -3,9 +3,6 @@
with lib; with lib;
let let
dataDir = "/var/lib/pdns-recursor";
username = "pdns-recursor";
cfg = config.services.pdns-recursor; cfg = config.services.pdns-recursor;
oneOrMore = type: with types; either type (listOf type); oneOrMore = type: with types; either type (listOf type);
@ -21,7 +18,7 @@ let
else if builtins.isList val then (concatMapStringsSep "," serialize val) else if builtins.isList val then (concatMapStringsSep "," serialize val)
else ""; else "";
configFile = pkgs.writeText "recursor.conf" configDir = pkgs.writeTextDir "recursor.conf"
(concatStringsSep "\n" (concatStringsSep "\n"
(flip mapAttrsToList cfg.settings (flip mapAttrsToList cfg.settings
(name: val: "${name}=${serialize val}"))); (name: val: "${name}=${serialize val}")));
@ -173,45 +170,30 @@ in {
serve-rfc1918 = cfg.serveRFC1918; serve-rfc1918 = cfg.serveRFC1918;
lua-config-file = pkgs.writeText "recursor.lua" cfg.luaConfig; lua-config-file = pkgs.writeText "recursor.lua" cfg.luaConfig;
daemon = false;
write-pid = false;
log-timestamp = false; log-timestamp = false;
disable-syslog = true; disable-syslog = true;
}; };
users.users.${username} = { systemd.packages = [ pkgs.pdns-recursor ];
home = dataDir;
createHome = true; systemd.services.pdns-recursor = {
uid = config.ids.uids.pdns-recursor; wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = [ "" "${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=${configDir}" ];
};
};
users.users.pdns-recursor = {
isSystemUser = true;
group = "pdns-recursor";
description = "PowerDNS Recursor daemon user"; description = "PowerDNS Recursor daemon user";
}; };
systemd.services.pdns-recursor = { users.groups.pdns-recursor = {};
unitConfig.Documentation = "man:pdns_recursor(1) man:rec_control(1)";
description = "PowerDNS recursive server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = username;
Restart ="on-failure";
RestartSec = "5";
PrivateTmp = true;
PrivateDevices = true;
AmbientCapabilities = "cap_net_bind_service";
ExecStart = ''${pkgs.pdns-recursor}/bin/pdns_recursor \
--config-dir=${dataDir} \
--socket-dir=${dataDir}
'';
};
preStart = ''
# Link configuration file into recursor home directory
configPath=${dataDir}/recursor.conf
if [ "$(realpath $configPath)" != "${configFile}" ]; then
rm -f $configPath
ln -s ${configFile} $configPath
fi
'';
};
}; };
imports = [ imports = [

38
nixos/modules/services/networking/powerdns.nix
View File

@ -8,42 +8,40 @@ let
in { in {
options = { options = {
services.powerdns = { services.powerdns = {
enable = mkEnableOption "Powerdns domain name server"; enable = mkEnableOption "PowerDNS domain name server";
extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;
default = "launch=bind"; default = "launch=bind";
description = '' description = ''
Extra lines to be added verbatim to pdns.conf. PowerDNS configuration. Refer to
Powerdns will chroot to /var/lib/powerdns. <link xlink:href="https://doc.powerdns.com/authoritative/settings.html"/>
So any file, powerdns is supposed to be read, for details on supported values.
should be in /var/lib/powerdns and needs to specified
relative to the chroot.
''; '';
}; };
}; };
}; };
config = mkIf config.services.powerdns.enable { config = mkIf cfg.enable {
systemd.packages = [ pkgs.powerdns ];
systemd.services.pdns = { systemd.services.pdns = {
unitConfig.Documentation = "man:pdns_server(1) man:pdns_control(1)";
description = "Powerdns name server";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" "mysql.service" "postgresql.service" "openldap.service" ]; after = [ "network.target" "mysql.service" "postgresql.service" "openldap.service" ];
serviceConfig = { serviceConfig = {
Restart="on-failure"; ExecStart = [ "" "${pkgs.powerdns}/bin/pdns_server --config-dir=${configDir} --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no" ];
RestartSec="1";
StartLimitInterval="0";
PrivateDevices=true;
CapabilityBoundingSet="CAP_CHOWN CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT";
NoNewPrivileges=true;
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/powerdns";
ExecStart = "${pkgs.powerdns}/bin/pdns_server --setuid=nobody --setgid=nogroup --chroot=/var/lib/powerdns --socket-dir=/ --daemon=no --guardian=no --disable-syslog --write-pid=no --config-dir=${configDir}";
ProtectSystem="full";
ProtectHome=true;
RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
}; };
}; };
users.users.pdns = {
isSystemUser = true;
group = "pdns";
description = "PowerDNS";
};
users.groups.pdns = {};
}; };
} }

2
nixos/modules/services/networking/prosody.nix
View File

@ -261,7 +261,7 @@ let
toLua = x: toLua = x:
if builtins.isString x then ''"${x}"'' if builtins.isString x then ''"${x}"''
else if builtins.isBool x then (if x == true then "true" else "false") else if builtins.isBool x then boolToString x
else if builtins.isInt x then toString x else if builtins.isInt x then toString x
else if builtins.isList x then ''{ ${lib.concatStringsSep ", " (map (n: toLua n) x) } }'' else if builtins.isList x then ''{ ${lib.concatStringsSep ", " (map (n: toLua n) x) } }''
else throw "Invalid Lua value"; else throw "Invalid Lua value";

7
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -269,6 +269,7 @@ in
kexAlgorithms = mkOption { kexAlgorithms = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ default = [
"curve25519-sha256"
"curve25519-sha256@libssh.org" "curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256" "diffie-hellman-group-exchange-sha256"
]; ];
@ -279,7 +280,7 @@ in
Defaults to recommended settings from both Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" /> <link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" /> <link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
''; '';
}; };
@ -300,7 +301,7 @@ in
Defaults to recommended settings from both Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" /> <link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" /> <link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
''; '';
}; };
@ -321,7 +322,7 @@ in
Defaults to recommended settings from both Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" /> <link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" /> <link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" />
''; '';
}; };

2
nixos/modules/services/networking/sslh.nix
View File

@ -31,7 +31,7 @@ let
{ name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; }, { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
{ name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; }, { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
{ name: "http"; host: "localhost"; port: "80"; probe: "builtin"; }, { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
{ name: "ssl"; host: "localhost"; port: "443"; probe: "builtin"; }, { name: "tls"; host: "localhost"; port: "443"; probe: "builtin"; },
{ name: "anyprot"; host: "localhost"; port: "443"; probe: "builtin"; } { name: "anyprot"; host: "localhost"; port: "443"; probe: "builtin"; }
); );
''; '';

4
nixos/modules/services/security/fail2ban.nix
View File

@ -282,12 +282,12 @@ in
services.fail2ban.jails.DEFAULT = '' services.fail2ban.jails.DEFAULT = ''
${optionalString cfg.bantime-increment.enable '' ${optionalString cfg.bantime-increment.enable ''
# Bantime incremental # Bantime incremental
bantime.increment = ${if cfg.bantime-increment.enable then "true" else "false"} bantime.increment = ${boolToString cfg.bantime-increment.enable}
bantime.maxtime = ${cfg.bantime-increment.maxtime} bantime.maxtime = ${cfg.bantime-increment.maxtime}
bantime.factor = ${cfg.bantime-increment.factor} bantime.factor = ${cfg.bantime-increment.factor}
bantime.formula = ${cfg.bantime-increment.formula} bantime.formula = ${cfg.bantime-increment.formula}
bantime.multipliers = ${cfg.bantime-increment.multipliers} bantime.multipliers = ${cfg.bantime-increment.multipliers}
bantime.overalljails = ${if cfg.bantime-increment.overalljails then "true" else "false"} bantime.overalljails = ${boolToString cfg.bantime-increment.overalljails}
''} ''}
# Miscellaneous options # Miscellaneous options
ignoreip = 127.0.0.1/8 ${optionalString config.networking.enableIPv6 "::1"} ${concatStringsSep " " cfg.ignoreIP} ignoreip = 127.0.0.1/8 ${optionalString config.networking.enableIPv6 "::1"} ${concatStringsSep " " cfg.ignoreIP}

4
nixos/modules/services/security/usbguard.nix
View File

@ -19,13 +19,13 @@ let
PresentDevicePolicy=${cfg.presentDevicePolicy} PresentDevicePolicy=${cfg.presentDevicePolicy}
PresentControllerPolicy=${cfg.presentControllerPolicy} PresentControllerPolicy=${cfg.presentControllerPolicy}
InsertedDevicePolicy=${cfg.insertedDevicePolicy} InsertedDevicePolicy=${cfg.insertedDevicePolicy}
RestoreControllerDeviceState=${if cfg.restoreControllerDeviceState then "true" else "false"} RestoreControllerDeviceState=${boolToString cfg.restoreControllerDeviceState}
# this does not seem useful for endusers to change # this does not seem useful for endusers to change
DeviceManagerBackend=uevent DeviceManagerBackend=uevent
IPCAllowedUsers=${concatStringsSep " " cfg.IPCAllowedUsers} IPCAllowedUsers=${concatStringsSep " " cfg.IPCAllowedUsers}
IPCAllowedGroups=${concatStringsSep " " cfg.IPCAllowedGroups} IPCAllowedGroups=${concatStringsSep " " cfg.IPCAllowedGroups}
IPCAccessControlFiles=/var/lib/usbguard/IPCAccessControl.d/ IPCAccessControlFiles=/var/lib/usbguard/IPCAccessControl.d/
DeviceRulesWithPort=${if cfg.deviceRulesWithPort then "true" else "false"} DeviceRulesWithPort=${boolToString cfg.deviceRulesWithPort}
# HACK: that way audit logs still land in the journal # HACK: that way audit logs still land in the journal
AuditFilePath=/dev/null AuditFilePath=/dev/null
''; '';

20
nixos/modules/services/system/dbus.nix
View File

@ -1,6 +1,6 @@
# D-Bus configuration and system bus daemon. # D-Bus configuration and system bus daemon.
{ config, lib, pkgs, ... }: { config, lib, options, pkgs, ... }:
with lib; with lib;
@ -18,7 +18,6 @@ let
in in
{ {
###### interface ###### interface
options = { options = {
@ -53,10 +52,11 @@ in
}; };
socketActivated = mkOption { socketActivated = mkOption {
type = types.bool; type = types.nullOr types.bool;
default = false; default = null;
visible = false;
description = '' description = ''
Make the user instance socket activated. Removed option, do not use.
''; '';
}; };
}; };
@ -65,6 +65,14 @@ in
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
warnings = optional (cfg.socketActivated != null) (
let
files = showFiles options.services.dbus.socketActivated.files;
in
"The option 'services.dbus.socketActivated' in ${files} no longer has"
+ " any effect and can be safely removed: the user D-Bus session is"
+ " now always socket activated."
);
environment.systemPackages = [ pkgs.dbus.daemon pkgs.dbus ]; environment.systemPackages = [ pkgs.dbus.daemon pkgs.dbus ];
@ -108,7 +116,7 @@ in
reloadIfChanged = true; reloadIfChanged = true;
restartTriggers = [ configDir ]; restartTriggers = [ configDir ];
}; };
sockets.dbus.wantedBy = mkIf cfg.socketActivated [ "sockets.target" ]; sockets.dbus.wantedBy = [ "sockets.target" ];
}; };
environment.pathsToLink = [ "/etc/dbus-1" "/share/dbus-1" ]; environment.pathsToLink = [ "/etc/dbus-1" "/share/dbus-1" ];

2
nixos/modules/services/web-apps/engelsystem.nix
View File

@ -10,7 +10,7 @@ in {
default = false; default = false;
example = true; example = true;
description = '' description = ''
Whether to enable engelsystem, an online tool for coordinating helpers Whether to enable engelsystem, an online tool for coordinating volunteers
and shifts on large events. and shifts on large events.
''; '';
type = lib.types.bool; type = lib.types.bool;

2
nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix
View File

@ -167,8 +167,8 @@ in {
services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") { services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") {
${poolName} = { ${poolName} = {
user = "icingaweb2"; user = "icingaweb2";
phpPackage = pkgs.php.withExtensions ({ enabled, all }: [ all.imagick ] ++ enabled);
phpOptions = '' phpOptions = ''
extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
date.timezone = "${cfg.timezone}" date.timezone = "${cfg.timezone}"
''; '';
settings = mapAttrs (name: mkDefault) { settings = mapAttrs (name: mkDefault) {

51
nixos/modules/services/web-apps/shiori.nix
View File

@ -37,11 +37,60 @@ in {
description = "Shiori simple bookmarks manager"; description = "Shiori simple bookmarks manager";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment.SHIORI_DIR = "/var/lib/shiori";
serviceConfig = { serviceConfig = {
ExecStart = "${package}/bin/shiori serve --address '${address}' --port '${toString port}'"; ExecStart = "${package}/bin/shiori serve --address '${address}' --port '${toString port}'";
DynamicUser = true; DynamicUser = true;
Environment = "SHIORI_DIR=/var/lib/shiori";
StateDirectory = "shiori"; StateDirectory = "shiori";
# As the RootDirectory
RuntimeDirectory = "shiori";
# Security options
BindReadOnlyPaths = [
"/nix/store"
# For SSL certificates, and the resolv.conf
"/etc"
];
CapabilityBoundingSet = "";
DeviceAllow = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictNamespaces = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictRealtime = true;
RestrictSUIDSGID = true;
RootDirectory = "/run/shiori";
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [
"@system-service"
"~@chown" "~@cpu-emulation" "~@debug" "~@ipc" "~@keyring" "~@memlock"
"~@module" "~@obsolete" "~@privileged" "~@process" "~@raw-io"
"~@resources" "~@setuid"
];
}; };
}; };
}; };

5
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -34,7 +34,6 @@ let
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Server $host;
proxy_set_header Accept-Encoding "";
''; '';
upstreamConfig = toString (flip mapAttrsToList cfg.upstreams (name: upstream: '' upstreamConfig = toString (flip mapAttrsToList cfg.upstreams (name: upstream: ''
@ -87,7 +86,7 @@ let
''} ''}
ssl_protocols ${cfg.sslProtocols}; ssl_protocols ${cfg.sslProtocols};
ssl_ciphers ${cfg.sslCiphers}; ${optionalString (cfg.sslCiphers != null) "ssl_ciphers ${cfg.sslCiphers};"}
${optionalString (cfg.sslDhparam != null) "ssl_dhparam ${cfg.sslDhparam};"} ${optionalString (cfg.sslDhparam != null) "ssl_dhparam ${cfg.sslDhparam};"}
${optionalString (cfg.recommendedTlsSettings) '' ${optionalString (cfg.recommendedTlsSettings) ''
@ -488,7 +487,7 @@ in
}; };
sslCiphers = mkOption { sslCiphers = mkOption {
type = types.str; type = types.nullOr types.str;
# Keep in sync with https://ssl-config.mozilla.org/#server=nginx&config=intermediate # Keep in sync with https://ssl-config.mozilla.org/#server=nginx&config=intermediate
default = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; default = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
description = "Ciphers to choose from when negotiating TLS handshakes."; description = "Ciphers to choose from when negotiating TLS handshakes.";

33
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -17,6 +17,11 @@ let
''; '';
}; };
defaultFavoriteAppsOverride = ''
[org.gnome.shell]
favorite-apps=[ 'org.gnome.Geary.desktop', 'org.gnome.Calendar.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop' ]
'';
nixos-gsettings-desktop-schemas = let nixos-gsettings-desktop-schemas = let
defaultPackages = with pkgs; [ gsettings-desktop-schemas gnome3.gnome-shell ]; defaultPackages = with pkgs; [ gsettings-desktop-schemas gnome3.gnome-shell ];
in in
@ -42,8 +47,7 @@ let
[org.gnome.desktop.screensaver] [org.gnome.desktop.screensaver]
picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath}' picture-uri='file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath}'
[org.gnome.shell] ${cfg.favoriteAppsOverride}
favorite-apps=[ 'org.gnome.Epiphany.desktop', 'org.gnome.Geary.desktop', 'org.gnome.Music.desktop', 'org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Software.desktop' ]
${cfg.extraGSettingsOverrides} ${cfg.extraGSettingsOverrides}
EOF EOF
@ -123,6 +127,17 @@ in
apply = list: list ++ [ pkgs.gnome3.gnome-shell pkgs.gnome3.gnome-shell-extensions ]; apply = list: list ++ [ pkgs.gnome3.gnome-shell pkgs.gnome3.gnome-shell-extensions ];
}; };
favoriteAppsOverride = mkOption {
internal = true; # this is messy
default = defaultFavoriteAppsOverride;
type = types.lines;
example = literalExample ''
[org.gnome.shell]
favorite-apps=[ 'firefox.desktop', 'org.gnome.Calendar.desktop' ]
'';
description = "List of desktop files to put as favorite apps into gnome-shell. These need to be installed somehow globally.";
};
extraGSettingsOverrides = mkOption { extraGSettingsOverrides = mkOption {
default = ""; default = "";
type = types.lines; type = types.lines;
@ -179,6 +194,14 @@ in
config = mkMerge [ config = mkMerge [
(mkIf (cfg.enable || flashbackEnabled) { (mkIf (cfg.enable || flashbackEnabled) {
# Seed our configuration into nixos-generate-config
system.nixos-generate-config.desktopConfiguration = ''
# Enable the GNOME 3 Desktop Environment.
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome3.enable = true;
'';
services.gnome3.core-os-services.enable = true; services.gnome3.core-os-services.enable = true;
services.gnome3.core-shell.enable = true; services.gnome3.core-shell.enable = true;
services.gnome3.core-utilities.enable = mkDefault true; services.gnome3.core-utilities.enable = mkDefault true;
@ -207,6 +230,11 @@ in
# If gnome3 is installed, build vim for gtk3 too. # If gnome3 is installed, build vim for gtk3 too.
nixpkgs.config.vim.gui = "gtk3"; nixpkgs.config.vim.gui = "gtk3";
# Install gnome-software if flatpak is enabled
services.flatpak.guiPackages = [
pkgs.gnome3.gnome-software
];
}) })
(mkIf flashbackEnabled { (mkIf flashbackEnabled {
@ -389,7 +417,6 @@ in
gnome-music gnome-music
gnome-photos gnome-photos
gnome-screenshot gnome-screenshot
gnome-software
gnome-system-monitor gnome-system-monitor
gnome-weather gnome-weather
nautilus nautilus

1
nixos/modules/services/x11/desktop-managers/pantheon.nix
View File

@ -180,7 +180,6 @@ in
gtk3.out gtk3.out
hicolor-icon-theme hicolor-icon-theme
lightlocker lightlocker
nixos-artwork.wallpapers.simple-dark-gray
onboard onboard
qgnomeplatform qgnomeplatform
shared-mime-info shared-mime-info

8
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -184,6 +184,14 @@ in
config = mkMerge [ config = mkMerge [
(mkIf cfg.enable { (mkIf cfg.enable {
# Seed our configuration into nixos-generate-config
system.nixos-generate-config.desktopConfiguration = ''
# Enable the Plasma 5 Desktop Environment.
services.xserver.enable = true;
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
'';
services.xserver.desktopManager.session = singleton { services.xserver.desktopManager.session = singleton {
name = "plasma5"; name = "plasma5";
bgSupport = true; bgSupport = true;

16
nixos/modules/services/x11/display-managers/default.nix
View File

@ -37,13 +37,6 @@ let
. /etc/profile . /etc/profile
cd "$HOME" cd "$HOME"
${optionalString cfg.startDbusSession ''
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
/run/current-system/systemd/bin/systemctl --user start dbus.socket
export `/run/current-system/systemd/bin/systemctl --user show-environment | grep '^DBUS_SESSION_BUS_ADDRESS'`
fi
''}
${optionalString cfg.displayManager.job.logToJournal '' ${optionalString cfg.displayManager.job.logToJournal ''
if [ -z "$_DID_SYSTEMD_CAT" ]; then if [ -z "$_DID_SYSTEMD_CAT" ]; then
export _DID_SYSTEMD_CAT=1 export _DID_SYSTEMD_CAT=1
@ -482,11 +475,10 @@ in
[dms wms] [dms wms]
); );
# Make xsessions and wayland sessions installed at # Make xsessions and wayland sessions available in XDG_DATA_DIRS
# /run/current-system/sw/share as some programs # as some programs have behavior that depends on them being present
# have behavior that depends on them being installed environment.sessionVariables.XDG_DATA_DIRS = [
environment.systemPackages = [ "${cfg.displayManager.sessionData.desktops}/share"
cfg.displayManager.sessionData.desktops
]; ];
}; };

2
nixos/modules/services/x11/display-managers/gdm.nix
View File

@ -264,7 +264,7 @@ in
# presented and there's a little delay. # presented and there's a little delay.
environment.etc."gdm/custom.conf".text = '' environment.etc."gdm/custom.conf".text = ''
[daemon] [daemon]
WaylandEnable=${if cfg.gdm.wayland then "true" else "false"} WaylandEnable=${boolToString cfg.gdm.wayland}
${optionalString cfg.autoLogin.enable ( ${optionalString cfg.autoLogin.enable (
if cfg.gdm.autoLogin.delay > 0 then '' if cfg.gdm.autoLogin.delay > 0 then ''
TimedLoginEnable=true TimedLoginEnable=true

1
nixos/modules/services/x11/display-managers/lightdm.nix
View File

@ -308,6 +308,7 @@ in
home = "/var/lib/lightdm"; home = "/var/lib/lightdm";
group = "lightdm"; group = "lightdm";
uid = config.ids.uids.lightdm; uid = config.ids.uids.lightdm;
shell = pkgs.bash;
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

4
nixos/modules/services/x11/display-managers/sddm.nix
View File

@ -55,10 +55,10 @@ let
XauthPath=${pkgs.xorg.xauth}/bin/xauth XauthPath=${pkgs.xorg.xauth}/bin/xauth
DisplayCommand=${Xsetup} DisplayCommand=${Xsetup}
DisplayStopCommand=${Xstop} DisplayStopCommand=${Xstop}
EnableHidpi=${if cfg.enableHidpi then "true" else "false"} EnableHidpi=${boolToString cfg.enableHidpi}
[Wayland] [Wayland]
EnableHidpi=${if cfg.enableHidpi then "true" else "false"} EnableHidpi=${boolToString cfg.enableHidpi}
SessionDir=${dmcfg.sessionData.desktops}/share/wayland-sessions SessionDir=${dmcfg.sessionData.desktops}/share/wayland-sessions
${optionalString dmcfg.autoLogin.enable '' ${optionalString dmcfg.autoLogin.enable ''

11
nixos/modules/services/x11/xserver.nix
View File

@ -152,6 +152,9 @@ in
./desktop-managers/default.nix ./desktop-managers/default.nix
(mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ] (mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ]
"See the 16.09 release notes for more information.") "See the 16.09 release notes for more information.")
(mkRemovedOptionModule
[ "services" "xserver" "startDbusSession" ]
"The user D-Bus session is now always socket activated and this option can safely be removed.")
(mkRemovedOptionModule ["services" "xserver" "useXFS" ] (mkRemovedOptionModule ["services" "xserver" "useXFS" ]
"Use services.xserver.fontPath instead of useXFS") "Use services.xserver.fontPath instead of useXFS")
]; ];
@ -299,14 +302,6 @@ in
description = "DPI resolution to use for X server."; description = "DPI resolution to use for X server.";
}; };
startDbusSession = mkOption {
type = types.bool;
default = true;
description = ''
Whether to start a new DBus session when you log in with dbus-launch.
'';
};
updateDbusEnvironment = mkOption { updateDbusEnvironment = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;

Some files were not shown because too many files have changed in this diff Show More