Merge remote-tracking branch 'upstream/master' into hardened-stdenv
This commit is contained in:
commit
c92bca56f8
|
@ -1,6 +1,9 @@
|
|||
###### Things done
|
||||
|
||||
- [ ] Tested using sandboxing (`nix-build --option build-use-chroot true` or [nix.useChroot](http://nixos.org/nixos/manual/options.html#opt-nix.useChroot) on NixOS)
|
||||
- [ ] Tested using sandboxing
|
||||
([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS,
|
||||
or option `build-use-sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file)
|
||||
on non-NixOS)
|
||||
- Built on platform(s)
|
||||
- [ ] NixOS
|
||||
- [ ] OS X
|
||||
|
|
|
@ -0,0 +1,376 @@
|
|||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xml:id="users-guide-to-the-erlang-infrastructure">
|
||||
|
||||
<title>User's Guide to the Beam Infrastructure</title>
|
||||
<section xml:id="beam-introduction">
|
||||
<title>Beam Languages (Erlang & Elixir) on Nix</title>
|
||||
<para>
|
||||
In this document and related Nix expressions we use the term
|
||||
<emphasis>Beam</emphasis> to describe the environment. Beam is
|
||||
the name of the Erlang Virtial Machine and, as far as we know,
|
||||
from a packaging perspective all languages that run on Beam are
|
||||
interchangable. The things that do change, like the build
|
||||
system, are transperant to the users of the package. So we make
|
||||
no distinction.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="build-tools">
|
||||
<title>Build Tools</title>
|
||||
<section xml:id="build-tools-rebar3">
|
||||
<title>Rebar3</title>
|
||||
<para>
|
||||
By default Rebar3 wants to manage it's own dependencies. In the
|
||||
normal non-Nix, this is perfectly acceptable. In the Nix world it
|
||||
is not. To support this we have created two versions of rebar3,
|
||||
<literal>rebar3</literal> and <literal>rebar3-open</literal>. The
|
||||
<literal>rebar3</literal> version has been patched to remove the
|
||||
ability to download anything from it. If you are not running it a
|
||||
nix-shell or a nix-build then its probably not going to work for
|
||||
you. <literal>rebar3-open</literal> is the normal, un-modified
|
||||
rebar3. It should work exactly as would any other version of
|
||||
rebar3. Any Erlang package should rely on
|
||||
<literal>rebar3</literal> and thats really what you should be
|
||||
using too.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="build-tools-other">
|
||||
<title>Mix & Erlang.mk</title>
|
||||
<para>
|
||||
Both Mix and Erlang.mk work exactly as you would expect. There
|
||||
is a bootstrap process that needs to be run for both of
|
||||
them. However, that is supported by the
|
||||
<literal>buildMix</literal> and <literal>buildErlangMk</literal> derivations.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
</section>
|
||||
|
||||
<section xml:id="how-to-install-beam-packages">
|
||||
<title>How to install Beam packages</title>
|
||||
<para>
|
||||
Beam packages are not registered in the top level simply because
|
||||
they are not relevant to the vast majority of Nix users. They are
|
||||
installable using the <literal>beamPackages</literal> attribute
|
||||
set.
|
||||
|
||||
You can list the avialable packages in the
|
||||
<literal>beamPackages</literal> with the following command:
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
$ nix-env -f "<nixpkgs>" -qaP -A beamPackages
|
||||
beamPackages.esqlite esqlite-0.2.1
|
||||
beamPackages.goldrush goldrush-0.1.7
|
||||
beamPackages.ibrowse ibrowse-4.2.2
|
||||
beamPackages.jiffy jiffy-0.14.5
|
||||
beamPackages.lager lager-3.0.2
|
||||
beamPackages.meck meck-0.8.3
|
||||
beamPackages.rebar3-pc pc-1.1.0
|
||||
</programlisting>
|
||||
<para>
|
||||
To install any of those packages into your profile, refer to them by
|
||||
their attribute path (first column):
|
||||
</para>
|
||||
<programlisting>
|
||||
$ nix-env -f "<nixpkgs>" -iA beamPackages.ibrowse
|
||||
</programlisting>
|
||||
<para>
|
||||
The attribute path of any Beam packages corresponds to the name
|
||||
of that particular package in Hex or its OTP Application/Release name.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="packaging-beam-applications">
|
||||
<title>Packaging Beam Applications</title>
|
||||
<section xml:id="packaging-erlang-applications">
|
||||
<title>Erlang Applications</title>
|
||||
<section xml:id="rebar3-packages">
|
||||
<title>Rebar3 Packages</title>
|
||||
<para>
|
||||
There is a Nix functional called
|
||||
<literal>buildRebar3</literal>. We use this function to make a
|
||||
derivation that understands how to build the rebar3 project. For
|
||||
example, the epression we use to build the <link
|
||||
xlink:href="https://github.com/erlang-nix/hex2nix">hex2nix</link>
|
||||
project follows.
|
||||
</para>
|
||||
<programlisting>
|
||||
{stdenv, fetchFromGitHub, buildRebar3, ibrowse, jsx, erlware_commons }:
|
||||
|
||||
buildRebar3 rec {
|
||||
name = "hex2nix";
|
||||
version = "0.0.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ericbmerritt";
|
||||
repo = "hex2nix";
|
||||
rev = "${version}";
|
||||
sha256 = "1w7xjidz1l5yjmhlplfx7kphmnpvqm67w99hd2m7kdixwdxq0zqg";
|
||||
};
|
||||
|
||||
beamDeps = [ ibrowse jsx erlware_commons ];
|
||||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
The only visible difference between this derivation and
|
||||
something like <literal>stdenv.mkDerivation</literal> is that we
|
||||
have added <literal>erlangDeps</literal> to the derivation. If
|
||||
you add your Beam dependencies here they will be correctly
|
||||
handled by the system.
|
||||
</para>
|
||||
<para>
|
||||
If your package needs to compile native code via Rebar's port
|
||||
compilation mechenism. You should add <literal>compilePort =
|
||||
true;</literal> to the derivation.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="erlang-mk-packages">
|
||||
<title>Erlang.mk Packages</title>
|
||||
<para>
|
||||
Erlang.mk functions almost identically to Rebar. The only real
|
||||
difference is that <literal>buildErlangMk</literal> is called
|
||||
instead of <literal>buildRebar3</literal>
|
||||
</para>
|
||||
<programlisting>
|
||||
{ buildErlangMk, fetchHex, cowlib, ranch }:
|
||||
buildErlangMk {
|
||||
name = "cowboy";
|
||||
version = "1.0.4";
|
||||
src = fetchHex {
|
||||
pkg = "cowboy";
|
||||
version = "1.0.4";
|
||||
sha256 =
|
||||
"6a0edee96885fae3a8dd0ac1f333538a42e807db638a9453064ccfdaa6b9fdac";
|
||||
};
|
||||
beamDeps = [ cowlib ranch ];
|
||||
|
||||
meta = {
|
||||
description = ''Small, fast, modular HTTP server written in
|
||||
Erlang.'';
|
||||
license = stdenv.lib.licenses.isc;
|
||||
homepage = "https://github.com/ninenines/cowboy";
|
||||
};
|
||||
}
|
||||
</programlisting>
|
||||
</section>
|
||||
<section xml:id="mix-packages">
|
||||
<title>Mix Packages</title>
|
||||
<para>
|
||||
Mix functions almost identically to Rebar. The only real
|
||||
difference is that <literal>buildMix</literal> is called
|
||||
instead of <literal>buildRebar3</literal>
|
||||
</para>
|
||||
<programlisting>
|
||||
{ buildMix, fetchHex, plug, absinthe }:
|
||||
buildMix {
|
||||
name = "absinthe_plug";
|
||||
version = "1.0.0";
|
||||
src = fetchHex {
|
||||
pkg = "absinthe_plug";
|
||||
version = "1.0.0";
|
||||
sha256 =
|
||||
"08459823fe1fd4f0325a8bf0c937a4520583a5a26d73b193040ab30a1dfc0b33";
|
||||
};
|
||||
beamDeps = [ plug absinthe];
|
||||
|
||||
meta = {
|
||||
description = ''A plug for Absinthe, an experimental GraphQL
|
||||
toolkit'';
|
||||
license = stdenv.lib.licenses.bsd3;
|
||||
homepage = "https://github.com/CargoSense/absinthe_plug";
|
||||
};
|
||||
}
|
||||
</programlisting>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
<section xml:id="how-to-develop">
|
||||
<title>How to develop</title>
|
||||
<section xml:id="accessing-an-environment">
|
||||
<title>Accessing an Environment</title>
|
||||
<para>
|
||||
Often, all you want to do is be able to access a valid
|
||||
environment that contains a specific package and its
|
||||
dependencies. we can do that with the <literal>env</literal>
|
||||
part of a derivation. For example, lets say we want to access an
|
||||
erlang repl with ibrowse loaded up. We could do the following.
|
||||
</para>
|
||||
<programlisting>
|
||||
~/w/nixpkgs ❯❯❯ nix-shell -A beamPackages.ibrowse.env --run "erl"
|
||||
Erlang/OTP 18 [erts-7.0] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]
|
||||
|
||||
Eshell V7.0 (abort with ^G)
|
||||
1> m(ibrowse).
|
||||
Module: ibrowse
|
||||
MD5: 3b3e0137d0cbb28070146978a3392945
|
||||
Compiled: January 10 2016, 23:34
|
||||
Object file: /nix/store/g1rlf65rdgjs4abbyj4grp37ry7ywivj-ibrowse-4.2.2/lib/erlang/lib/ibrowse-4.2.2/ebin/ibrowse.beam
|
||||
Compiler options: [{outdir,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/ebin"},
|
||||
debug_info,debug_info,nowarn_shadow_vars,
|
||||
warn_unused_import,warn_unused_vars,warnings_as_errors,
|
||||
{i,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/include"}]
|
||||
Exports:
|
||||
add_config/1 send_req_direct/7
|
||||
all_trace_off/0 set_dest/3
|
||||
code_change/3 set_max_attempts/3
|
||||
get_config_value/1 set_max_pipeline_size/3
|
||||
get_config_value/2 set_max_sessions/3
|
||||
get_metrics/0 show_dest_status/0
|
||||
get_metrics/2 show_dest_status/1
|
||||
handle_call/3 show_dest_status/2
|
||||
handle_cast/2 spawn_link_worker_process/1
|
||||
handle_info/2 spawn_link_worker_process/2
|
||||
init/1 spawn_worker_process/1
|
||||
module_info/0 spawn_worker_process/2
|
||||
module_info/1 start/0
|
||||
rescan_config/0 start_link/0
|
||||
rescan_config/1 stop/0
|
||||
send_req/3 stop_worker_process/1
|
||||
send_req/4 stream_close/1
|
||||
send_req/5 stream_next/1
|
||||
send_req/6 terminate/2
|
||||
send_req_direct/4 trace_off/0
|
||||
send_req_direct/5 trace_off/2
|
||||
send_req_direct/6 trace_on/0
|
||||
trace_on/2
|
||||
ok
|
||||
2>
|
||||
</programlisting>
|
||||
<para>
|
||||
Notice the <literal>-A beamPackages.ibrowse.env</literal>.That
|
||||
is the key to this functionality.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="creating-a-shell">
|
||||
<title>Creating a Shell</title>
|
||||
<para>
|
||||
Getting access to an environment often isn't enough to do real
|
||||
development. Many times we need to create a
|
||||
<literal>shell.nix</literal> file and do our development inside
|
||||
of the environment specified by that file. This file looks a lot
|
||||
like the packageing described above. The main difference is that
|
||||
<literal>src</literal> points to project root and we call the
|
||||
package directly.
|
||||
</para>
|
||||
<programlisting>
|
||||
{ pkgs ? import "<nixpkgs"> {} }:
|
||||
|
||||
with pkgs;
|
||||
|
||||
let
|
||||
|
||||
f = { buildRebar3, ibrowse, jsx, erlware_commons }:
|
||||
buildRebar3 {
|
||||
name = "hex2nix";
|
||||
version = "0.1.0";
|
||||
src = ./.;
|
||||
erlangDeps = [ ibrowse jsx erlware_commons ];
|
||||
};
|
||||
drv = beamPackages.callPackage f {};
|
||||
|
||||
in
|
||||
drv
|
||||
</programlisting>
|
||||
<section xml:id="building-in-a-shell">
|
||||
<title>Building in a shell</title>
|
||||
<para>
|
||||
We can leveral the support of the Derivation, regardless of
|
||||
which build Derivation is called by calling the commands themselv.s
|
||||
</para>
|
||||
<programlisting>
|
||||
# =============================================================================
|
||||
# Variables
|
||||
# =============================================================================
|
||||
|
||||
NIX_TEMPLATES := "$(CURDIR)/nix-templates"
|
||||
|
||||
TARGET := "$(PREFIX)"
|
||||
|
||||
PROJECT_NAME := thorndyke
|
||||
|
||||
NIXPKGS=../nixpkgs
|
||||
NIX_PATH=nixpkgs=$(NIXPKGS)
|
||||
NIX_SHELL=nix-shell -I "$(NIX_PATH)" --pure
|
||||
# =============================================================================
|
||||
# Rules
|
||||
# =============================================================================
|
||||
.PHONY= all test clean repl shell build test analyze configure install \
|
||||
test-nix-install publish plt analyze
|
||||
|
||||
all: build
|
||||
|
||||
guard-%:
|
||||
@ if [ "${${*}}" == "" ]; then \
|
||||
echo "Environment variable $* not set"; \
|
||||
exit 1; \
|
||||
fi
|
||||
|
||||
clean:
|
||||
rm -rf _build
|
||||
rm -rf .cache
|
||||
|
||||
repl:
|
||||
$(NIX_SHELL) --run "iex -pa './_build/prod/lib/*/ebin'"
|
||||
|
||||
shell:
|
||||
$(NIX_SHELL)
|
||||
|
||||
configure:
|
||||
$(NIX_SHELL) --command 'eval "$$configurePhase"'
|
||||
|
||||
build: configure
|
||||
$(NIX_SHELL) --command 'eval "$$buildPhase"'
|
||||
|
||||
install:
|
||||
$(NIX_SHELL) --command 'eval "$$installPhase"'
|
||||
|
||||
test:
|
||||
$(NIX_SHELL) --command 'mix test --no-start --no-deps-check'
|
||||
|
||||
plt:
|
||||
$(NIX_SHELL) --run "mix dialyzer.plt --no-deps-check"
|
||||
|
||||
analyze: build plt
|
||||
$(NIX_SHELL) --run "mix dialyzer --no-compile"
|
||||
|
||||
</programlisting>
|
||||
<para>
|
||||
If you add the <literal>shell.nix</literal> as described and
|
||||
user rebar as follows things should simply work. Aside from the
|
||||
<literal>test</literal>, <literal>plt</literal>, and
|
||||
<literal>analyze</literal> the talks work just fine for all of
|
||||
the build Derivations.
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
<section xml:id="generating-packages-from-hex-with-hex2nix">
|
||||
<title>Generating Packages from Hex with Hex2Nix</title>
|
||||
<para>
|
||||
Updating the Hex packages requires the use of the
|
||||
<literal>hex2nix</literal> tool. Given the path to the Erlang
|
||||
modules (usually
|
||||
<literal>pkgs/development/erlang-modules</literal>). It will
|
||||
happily dump a file called
|
||||
<literal>hex-packages.nix</literal>. That file will contain all
|
||||
the packages that use a recognized build system in Hex. However,
|
||||
it can't know whether or not all those packages are buildable.
|
||||
</para>
|
||||
<para>
|
||||
To make life easier for our users, it makes good sense to go
|
||||
ahead and attempt to build all those packages and remove the
|
||||
ones that don't build. To do that, simply run the command (in
|
||||
the root of your <literal>nixpkgs</literal> repository). that follows.
|
||||
</para>
|
||||
<programlisting>
|
||||
$ nix-build -A beamPackages
|
||||
</programlisting>
|
||||
<para>
|
||||
That will build every package in
|
||||
<literal>beamPackages</literal>. Then you can go through and
|
||||
manually remove the ones that fail. Hopefully, someone will
|
||||
improve <literal>hex2nix</literal> in the future to automate
|
||||
that.
|
||||
</para>
|
||||
</section>
|
||||
</chapter>
|
|
@ -1,305 +0,0 @@
|
|||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xml:id="users-guide-to-the-erlang-infrastructure">
|
||||
|
||||
<title>User's Guide to the Erlang Infrastructure</title>
|
||||
<section xml:id="build-tools">
|
||||
<title>Build Tools</title>
|
||||
<para>
|
||||
By default Rebar3 wants to manage it's own dependencies. In the
|
||||
normal non-Nix, this is perfectly acceptable. In the Nix world it
|
||||
is not. To support this we have created two versions of rebar3,
|
||||
<literal>rebar3</literal> and <literal>rebar3-open</literal>. The
|
||||
<literal>rebar3</literal> version has been patched to remove the
|
||||
ability to download anything from it. If you are not running it a
|
||||
nix-shell or a nix-build then its probably not going to work for
|
||||
you. <literal>rebar3-open</literal> is the normal, un-modified
|
||||
rebar3. It should work exactly as would any other version of
|
||||
rebar3. Any Erlang package should rely on
|
||||
<literal>rebar3</literal> and thats really what you should be
|
||||
using too.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section xml:id="how-to-install-erlang-packages">
|
||||
<title>How to install Erlang packages</title>
|
||||
<para>
|
||||
Erlang packages are not registered in the top level simply because
|
||||
they are not relevant to the vast majority of Nix users. They are
|
||||
installable using the <literal>erlangPackages</literal> attribute set.
|
||||
|
||||
You can list the avialable packages in the
|
||||
<literal>erlangPackages</literal> with the following command:
|
||||
</para>
|
||||
|
||||
<programlisting>
|
||||
$ nix-env -f "<nixpkgs>" -qaP -A erlangPackages
|
||||
erlangPackages.esqlite esqlite-0.2.1
|
||||
erlangPackages.goldrush goldrush-0.1.7
|
||||
erlangPackages.ibrowse ibrowse-4.2.2
|
||||
erlangPackages.jiffy jiffy-0.14.5
|
||||
erlangPackages.lager lager-3.0.2
|
||||
erlangPackages.meck meck-0.8.3
|
||||
erlangPackages.rebar3-pc pc-1.1.0
|
||||
</programlisting>
|
||||
<para>
|
||||
To install any of those packages into your profile, refer to them by
|
||||
their attribute path (first column):
|
||||
</para>
|
||||
<programlisting>
|
||||
$ nix-env -f "<nixpkgs>" -iA erlangPackages.ibrowse
|
||||
</programlisting>
|
||||
<para>
|
||||
The attribute path of any Erlang packages corresponds to the name
|
||||
of that particular package in Hex or its OTP Application/Release name.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="packaging-erlang-applications">
|
||||
<title>Packaging Erlang Applications</title>
|
||||
<section xml:id="rebar3-packages">
|
||||
<title>Rebar3 Packages</title>
|
||||
<para>
|
||||
There is a Nix functional called
|
||||
<literal>buildRebar3</literal>. We use this function to make a
|
||||
derivation that understands how to build the rebar3 project. For
|
||||
example, the epression we use to build the <link
|
||||
xlink:href="https://github.com/erlang-nix/hex2nix">hex2nix</link>
|
||||
project follows.
|
||||
</para>
|
||||
<programlisting>
|
||||
{stdenv, fetchFromGitHub, buildRebar3, ibrowse, jsx, erlware_commons }:
|
||||
|
||||
buildRebar3 rec {
|
||||
name = "hex2nix";
|
||||
version = "0.0.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ericbmerritt";
|
||||
repo = "hex2nix";
|
||||
rev = "${version}";
|
||||
sha256 = "1w7xjidz1l5yjmhlplfx7kphmnpvqm67w99hd2m7kdixwdxq0zqg";
|
||||
};
|
||||
|
||||
erlangDeps = [ ibrowse jsx erlware_commons ];
|
||||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
The only visible difference between this derivation and
|
||||
something like <literal>stdenv.mkDerivation</literal> is that we
|
||||
have added <literal>erlangDeps</literal> to the derivation. If
|
||||
you add your Erlang dependencies here they will be correctly
|
||||
handled by the system.
|
||||
</para>
|
||||
<para>
|
||||
If your package needs to compile native code via Rebar's port
|
||||
compilation mechenism. You should add <literal>compilePort =
|
||||
true;</literal> to the derivation.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section xml:id="hex-packages">
|
||||
<title>Hex Packages</title>
|
||||
<para>
|
||||
Hex packages are based on Rebar packages. In fact, at the moment
|
||||
we can only compile Hex packages that are buildable with
|
||||
Rebar3. Packages that use Mix and other build systems are not
|
||||
supported. That being said, we know a lot more about Hex and can
|
||||
do more for you.
|
||||
</para>
|
||||
<programlisting>
|
||||
{ buildHex }:
|
||||
buildHex {
|
||||
name = "esqlite";
|
||||
version = "0.2.1";
|
||||
sha256 = "1296fn1lz4lz4zqzn4dwc3flgkh0i6n4sydg501faabfbv8d3wkr";
|
||||
compilePort = true;
|
||||
}
|
||||
</programlisting>
|
||||
<para>
|
||||
For Hex packages you need to provide the name, the version, and
|
||||
the Sha 256 digest of the package and use
|
||||
<literal>buildHex</literal> to build it. Obviously, the package
|
||||
needs to have already been published to Hex.
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
<section xml:id="how-to-develop">
|
||||
<title>How to develop</title>
|
||||
<section xml:id="accessing-an-environment">
|
||||
<title>Accessing an Environment</title>
|
||||
<para>
|
||||
Often, all you want to do is be able to access a valid
|
||||
environment that contains a specific package and its
|
||||
dependencies. we can do that with the <literal>env</literal>
|
||||
part of a derivation. For example, lets say we want to access an
|
||||
erlang repl with ibrowse loaded up. We could do the following.
|
||||
</para>
|
||||
<programlisting>
|
||||
~/w/nixpkgs ❯❯❯ nix-shell -A erlangPackages.ibrowse.env --run "erl"
|
||||
Erlang/OTP 18 [erts-7.0] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]
|
||||
|
||||
Eshell V7.0 (abort with ^G)
|
||||
1> m(ibrowse).
|
||||
Module: ibrowse
|
||||
MD5: 3b3e0137d0cbb28070146978a3392945
|
||||
Compiled: January 10 2016, 23:34
|
||||
Object file: /nix/store/g1rlf65rdgjs4abbyj4grp37ry7ywivj-ibrowse-4.2.2/lib/erlang/lib/ibrowse-4.2.2/ebin/ibrowse.beam
|
||||
Compiler options: [{outdir,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/ebin"},
|
||||
debug_info,debug_info,nowarn_shadow_vars,
|
||||
warn_unused_import,warn_unused_vars,warnings_as_errors,
|
||||
{i,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/include"}]
|
||||
Exports:
|
||||
add_config/1 send_req_direct/7
|
||||
all_trace_off/0 set_dest/3
|
||||
code_change/3 set_max_attempts/3
|
||||
get_config_value/1 set_max_pipeline_size/3
|
||||
get_config_value/2 set_max_sessions/3
|
||||
get_metrics/0 show_dest_status/0
|
||||
get_metrics/2 show_dest_status/1
|
||||
handle_call/3 show_dest_status/2
|
||||
handle_cast/2 spawn_link_worker_process/1
|
||||
handle_info/2 spawn_link_worker_process/2
|
||||
init/1 spawn_worker_process/1
|
||||
module_info/0 spawn_worker_process/2
|
||||
module_info/1 start/0
|
||||
rescan_config/0 start_link/0
|
||||
rescan_config/1 stop/0
|
||||
send_req/3 stop_worker_process/1
|
||||
send_req/4 stream_close/1
|
||||
send_req/5 stream_next/1
|
||||
send_req/6 terminate/2
|
||||
send_req_direct/4 trace_off/0
|
||||
send_req_direct/5 trace_off/2
|
||||
send_req_direct/6 trace_on/0
|
||||
trace_on/2
|
||||
ok
|
||||
2>
|
||||
</programlisting>
|
||||
<para>
|
||||
Notice the <literal>-A erlangPackages.ibrowse.env</literal>.That
|
||||
is the key to this functionality.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="creating-a-shell">
|
||||
<title>Creating a Shell</title>
|
||||
<para>
|
||||
Getting access to an environment often isn't enough to do real
|
||||
development. Many times we need to create a
|
||||
<literal>shell.nix</literal> file and do our development inside
|
||||
of the environment specified by that file. This file looks a lot
|
||||
like the packageing described above. The main difference is that
|
||||
<literal>src</literal> points to project root and we call the
|
||||
package directly.
|
||||
</para>
|
||||
<programlisting>
|
||||
{ pkgs ? import "<nixpkgs"> {} }:
|
||||
|
||||
with pkgs;
|
||||
|
||||
let
|
||||
|
||||
f = { buildHex, ibrowse, jsx, erlware_commons }:
|
||||
buildHex {
|
||||
name = "hex2nix";
|
||||
version = "0.1.0";
|
||||
src = ./.;
|
||||
erlangDeps = [ ibrowse jsx erlware_commons ];
|
||||
};
|
||||
drv = erlangPackages.callPackage f {};
|
||||
|
||||
in
|
||||
drv
|
||||
</programlisting>
|
||||
<section xml:id="building-in-a-shell">
|
||||
<title>Building in a shell</title>
|
||||
<para>
|
||||
Unfortunatly for us users of Nix, Rebar isn't very cooperative
|
||||
with us from the standpoint of building a hermetic
|
||||
environment. When building the rebar3 support we had to do some
|
||||
sneaky things to get it not to go out and pull packages on its
|
||||
own. Also unfortunately, you have to do some of the same things
|
||||
when building a project inside of a Nix shell.
|
||||
|
||||
<orderedlist numeration="arabic">
|
||||
<listitem>
|
||||
<para>Run <literal>rebar3-nix-bootstrap</literal> every time
|
||||
dependencies change</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>Set Home to the current directory.</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
If you do these two things then Rebar will be happy with you. I
|
||||
codify these into a makefile. Forunately, rebar3-nix-bootstrap
|
||||
is idempotent and fairly quick. so you can run it as often as
|
||||
you like.
|
||||
</para>
|
||||
<programlisting>
|
||||
# =============================================================================
|
||||
# Rules
|
||||
# =============================================================================
|
||||
.PHONY= all test clean repl shell build test analyze bootstrap
|
||||
|
||||
all: test
|
||||
|
||||
clean:
|
||||
rm -rf _build
|
||||
rm -rf .cache
|
||||
|
||||
repl:
|
||||
nix-shell --run "erl"
|
||||
|
||||
shell:
|
||||
nix-shell --run "bash"
|
||||
|
||||
bootstrap:
|
||||
nix-shell --pure --run "rebar3-nix-bootstrap"
|
||||
|
||||
build: bootstrap
|
||||
nix-shell --pure --run "HOME=$(CURDIR) rebar3 compile"
|
||||
|
||||
analyze: bootstrap
|
||||
nix-shell --pure --run "HOME=$(CURDIR) rebar3 do compile,dialyzer"
|
||||
|
||||
test: bootstrap
|
||||
nix-shell --pure --run "HOME=$(CURDIR) rebar3 do compile,dialyzer,eunit"
|
||||
|
||||
</programlisting>
|
||||
<para>
|
||||
If you add the <literal>shell.nix</literal> as described and
|
||||
user rebar as follows things should simply work.
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
<section xml:id="generating-packages-from-hex-with-hex2nix">
|
||||
<title>Generating Packages from Hex with Hex2Nix</title>
|
||||
<para>
|
||||
Updating the Hex packages requires the use of the
|
||||
<literal>hex2nix</literal> tool. Given the path to the Erlang
|
||||
modules (usually
|
||||
<literal>pkgs/development/erlang-modules</literal>). It will
|
||||
happily dump a file called
|
||||
<literal>hex-packages.nix</literal>. That file will contain all
|
||||
the packages that use a recognized build system in Hex. However,
|
||||
it can't know whether or not all those packages are buildable.
|
||||
</para>
|
||||
<para>
|
||||
To make life easier for our users, it makes good sense to go
|
||||
ahead and attempt to build all those packages and remove the
|
||||
ones that don't build. To do that, simply run the command (in
|
||||
the root of your <literal>nixpkgs</literal> repository). that follows.
|
||||
</para>
|
||||
<programlisting>
|
||||
$ nix-build -A erlangPackages
|
||||
</programlisting>
|
||||
<para>
|
||||
That will build every package in
|
||||
<literal>erlangPackages</literal>. Then you can go through and
|
||||
manually remove the ones that fail. Hopefully, someone will
|
||||
improve <literal>hex2nix</literal> in the future to automate
|
||||
that.
|
||||
</para>
|
||||
</section>
|
||||
</chapter>
|
|
@ -119,6 +119,6 @@ done
|
|||
</screen>
|
||||
</para>
|
||||
|
||||
<para>To extract dependency information from a Go package in automated way use <link xlink:href="https://github.com/cstrahan/go2nix">go2nix</link>.</para>
|
||||
<para>To extract dependency information from a Go package in automated way use <link xlink:href="https://github.com/kamilchm/go2nix">go2nix</link>.</para>
|
||||
</section>
|
||||
|
||||
|
|
|
@ -108,7 +108,7 @@ toolz = buildPythonPackage rec{
|
|||
version = "0.7.4";
|
||||
|
||||
src = pkgs.fetchurl{
|
||||
url = "https://pypi.python.org/packages/source/t/toolz/toolz-${version}.tar.gz";
|
||||
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
|
||||
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
|
||||
};
|
||||
|
||||
|
@ -146,7 +146,7 @@ pkgs.python35Packages.buildPythonPackage rec {
|
|||
version = "0.7.4";
|
||||
|
||||
src = pkgs.fetchurl{
|
||||
url = "https://pypi.python.org/packages/source/t/toolz/toolz-${version}.tar.gz";
|
||||
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
|
||||
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
|
||||
};
|
||||
|
||||
|
@ -175,7 +175,7 @@ with import <nixpkgs> {};
|
|||
version = "0.7.4";
|
||||
|
||||
src = pkgs.fetchurl{
|
||||
url = "https://pypi.python.org/packages/source/t/toolz/toolz-${version}.tar.gz";
|
||||
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
|
||||
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
|
||||
};
|
||||
|
||||
|
@ -220,7 +220,7 @@ datashape = buildPythonPackage rec {
|
|||
version = "0.4.7";
|
||||
|
||||
src = pkgs.fetchurl {
|
||||
url = "https://pypi.python.org/packages/source/D/DataShape/${name}.tar.gz";
|
||||
url = "mirror://pypi/D/DataShape/${name}.tar.gz";
|
||||
sha256 = "14b2ef766d4c9652ab813182e866f493475e65e558bed0822e38bf07bba1a278";
|
||||
};
|
||||
|
||||
|
@ -251,7 +251,7 @@ lxml = buildPythonPackage rec {
|
|||
name = "lxml-3.4.4";
|
||||
|
||||
src = pkgs.fetchurl {
|
||||
url = "http://pypi.python.org/packages/source/l/lxml/${name}.tar.gz";
|
||||
url = "mirror://pypi/l/lxml/${name}.tar.gz";
|
||||
sha256 = "16a0fa97hym9ysdk3rmqz32xdjqmy4w34ld3rm3jf5viqjx65lxk";
|
||||
};
|
||||
|
||||
|
@ -282,7 +282,7 @@ pyfftw = buildPythonPackage rec {
|
|||
version = "0.9.2";
|
||||
|
||||
src = pkgs.fetchurl {
|
||||
url = "https://pypi.python.org/packages/source/p/pyFFTW/pyFFTW-${version}.tar.gz";
|
||||
url = "mirror://pypi/p/pyFFTW/pyFFTW-${version}.tar.gz";
|
||||
sha256 = "f6bbb6afa93085409ab24885a1a3cdb8909f095a142f4d49e346f2bd1b789074";
|
||||
};
|
||||
|
||||
|
@ -373,7 +373,7 @@ buildPythonPackage rec {
|
|||
version = "0.7.4";
|
||||
|
||||
src = pkgs.fetchurl{
|
||||
url = "https://pypi.python.org/packages/source/t/toolz/toolz-${version}.tar.gz";
|
||||
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
|
||||
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
|
||||
};
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
<xi:include href="coding-conventions.xml" />
|
||||
<xi:include href="submitting-changes.xml" />
|
||||
<xi:include href="haskell-users-guide.xml" />
|
||||
<xi:include href="erlang-users-guide.xml" />
|
||||
<xi:include href="beam-users-guide.xml" />
|
||||
<xi:include href="contributing.xml" />
|
||||
|
||||
</book>
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
adev = "Adrien Devresse <adev@adev.name>";
|
||||
Adjective-Object = "Maxwell Huang-Hobbs <mhuan13@gmail.com>";
|
||||
aespinosa = "Allan Espinosa <allan.espinosa@outlook.com>";
|
||||
adnelson = "Allen Nelson <ithinkican@gmail.com>";
|
||||
aflatter = "Alexander Flatter <flatter@fastmail.fm>";
|
||||
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
|
||||
afranchuk = "Alex Franchuk <alex.franchuk@gmail.com>";
|
||||
|
@ -72,6 +73,7 @@
|
|||
cfouche = "Chaddaï Fouché <chaddai.fouche@gmail.com>";
|
||||
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
|
||||
chattered = "Phil Scott <me@philscotted.com>";
|
||||
choochootrain = "Hurshal Patel <hurshal@imap.cc>";
|
||||
christopherpoole = "Christopher Mark Poole <mail@christopherpoole.net>";
|
||||
cleverca22 = "Michael Bishop <cleverca22@gmail.com>";
|
||||
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
|
||||
|
@ -101,6 +103,7 @@
|
|||
dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
|
||||
dochang = "Desmond O. Chang <dochang@gmail.com>";
|
||||
doublec = "Chris Double <chris.double@double.co.nz>";
|
||||
drewkett = "Andrew Burkett <burkett.andrew@gmail.com>";
|
||||
ebzzry = "Rommel Martinez <ebzzry@gmail.com>";
|
||||
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
|
||||
eduarrrd = "Eduard Bachmakov <e.bachmakov@gmail.com>";
|
||||
|
@ -140,6 +143,7 @@
|
|||
garrison = "Jim Garrison <jim@garrison.cc>";
|
||||
gavin = "Gavin Rogers <gavin@praxeology.co.uk>";
|
||||
gebner = "Gabriel Ebner <gebner@gebner.org>";
|
||||
gilligan = "Tobias Pflug <tobias.pflug@gmail.com>";
|
||||
giogadi = "Luis G. Torres <lgtorres42@gmail.com>";
|
||||
gleber = "Gleb Peregud <gleber.p@gmail.com>";
|
||||
globin = "Robin Gloster <mail@glob.in>";
|
||||
|
@ -233,6 +237,7 @@
|
|||
mirdhyn = "Merlin Gaillard <mirdhyn@gmail.com>";
|
||||
modulistic = "Pablo Costa <modulistic@gmail.com>";
|
||||
mog = "Matthew O'Gorman <mog-lists@rldn.net>";
|
||||
moosingin3space = "Nathan Moos <moosingin3space@gmail.com>";
|
||||
moretea = "Maarten Hoogendoorn <maarten@moretea.nl>";
|
||||
mornfall = "Petr Ročkai <me@mornfall.net>";
|
||||
MostAwesomeDude = "Corbin Simpson <cds@corbinsimpson.com>";
|
||||
|
@ -252,7 +257,7 @@
|
|||
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
|
||||
np = "Nicolas Pouillard <np.nix@nicolaspouillard.fr>";
|
||||
nslqqq = "Nikita Mikhailov <nslqqq@gmail.com>";
|
||||
obadz = "obadz <dav-nixos@odav.org>";
|
||||
obadz = "obadz <nixos@obadz.com>";
|
||||
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
|
||||
odi = "Oliver Dunkl <oliver.dunkl@gmail.com>";
|
||||
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
|
||||
|
@ -289,11 +294,14 @@
|
|||
pxc = "Patrick Callahan <patrick.callahan@latitudeengineering.com>";
|
||||
qknight = "Joachim Schiele <js@lastlog.de>";
|
||||
ragge = "Ragnar Dahlen <r.dahlen@gmail.com>";
|
||||
rardiol = "Ricardo Ardissone <ricardo.ardissone@gmail.com>";
|
||||
rasendubi = "Alexey Shmalko <rasen.dubi@gmail.com>";
|
||||
raskin = "Michael Raskin <7c6f434c@mail.ru>";
|
||||
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
|
||||
refnil = "Martin Lavoie <broemartino@gmail.com>";
|
||||
relrod = "Ricky Elrod <ricky@elrod.me>";
|
||||
renzo = "Renzo Carbonara <renzocarbonara@gmail.com>";
|
||||
retrry = "Tadas Barzdžius <retrry@gmail.com>";
|
||||
rick68 = "Wei-Ming Yang <rick68@gmail.com>";
|
||||
rickynils = "Rickard Nilsson <rickynils@gmail.com>";
|
||||
rnhmjoj = "Michele Guerini Rocco <micheleguerinirocco@me.com>";
|
||||
|
@ -310,6 +318,7 @@
|
|||
ryanartecona = "Ryan Artecona <ryanartecona@gmail.com>";
|
||||
ryantm = "Ryan Mulligan <ryan@ryantm.com>";
|
||||
rycee = "Robert Helgesson <robert@rycee.net>";
|
||||
ryneeverett = "Ryne Everett <ryneeverett@gmail.com>";
|
||||
samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
|
||||
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
|
||||
schmitthenner = "Fabian Schmitthenner <development@schmitthenner.eu>";
|
||||
|
@ -336,6 +345,7 @@
|
|||
spwhitt = "Spencer Whitt <sw@swhitt.me>";
|
||||
stephenmw = "Stephen Weinberg <stephen@q5comm.com>";
|
||||
steveej = "Stefan Junker <mail@stefanjunker.de>";
|
||||
swistak35 = "Rafał Łasocha <me@swistak35.com>";
|
||||
szczyp = "Szczyp <qb@szczyp.com>";
|
||||
sztupi = "Attila Sztupak <attila.sztupak@gmail.com>";
|
||||
taeer = "Taeer Bar-Yam <taeer@necsi.edu>";
|
||||
|
|
|
@ -22,6 +22,9 @@ use JSON;
|
|||
use Net::Amazon::S3;
|
||||
use Nix::Store;
|
||||
|
||||
isValidPath("/nix/store/foo"); # FIXME: forces Nix::Store initialisation
|
||||
|
||||
|
||||
# S3 setup.
|
||||
my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die;
|
||||
my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die;
|
||||
|
@ -127,6 +130,7 @@ elsif ($op eq "--expr") {
|
|||
my $url = $fetch->{url};
|
||||
my $algo = $fetch->{type};
|
||||
my $hash = $fetch->{hash};
|
||||
my $name = $fetch->{name};
|
||||
|
||||
if (defined $ENV{DEBUG}) {
|
||||
print "$url $algo $hash\n";
|
||||
|
@ -143,21 +147,34 @@ elsif ($op eq "--expr") {
|
|||
next;
|
||||
}
|
||||
|
||||
print STDERR "mirroring $url...\n";
|
||||
my $storePath = makeFixedOutputPath(0, $algo, $hash, $name);
|
||||
|
||||
print STDERR "mirroring $url ($storePath)...\n";
|
||||
|
||||
next if $ENV{DRY_RUN};
|
||||
|
||||
# Download the file using nix-prefetch-url.
|
||||
$ENV{QUIET} = 1;
|
||||
$ENV{PRINT_PATH} = 1;
|
||||
my $fh;
|
||||
my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
|
||||
waitpid($pid, 0) or die;
|
||||
if ($? != 0) {
|
||||
print STDERR "failed to fetch $url: $?\n";
|
||||
next;
|
||||
# Substitute the output.
|
||||
if (!isValidPath($storePath)) {
|
||||
system("nix-store", "-r", $storePath);
|
||||
}
|
||||
|
||||
# Otherwise download the file using nix-prefetch-url.
|
||||
if (!isValidPath($storePath)) {
|
||||
$ENV{QUIET} = 1;
|
||||
$ENV{PRINT_PATH} = 1;
|
||||
my $fh;
|
||||
my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
|
||||
waitpid($pid, 0) or die;
|
||||
if ($? != 0) {
|
||||
print STDERR "failed to fetch $url: $?\n";
|
||||
next;
|
||||
}
|
||||
<$fh>; my $storePath2 = <$fh>; chomp $storePath2;
|
||||
if ($storePath ne $storePath2) {
|
||||
warn "strange: $storePath != $storePath2\n";
|
||||
next;
|
||||
}
|
||||
}
|
||||
<$fh>; my $storePath = <$fh>; chomp $storePath;
|
||||
|
||||
uploadFile($storePath, $url);
|
||||
$mirrored++;
|
||||
|
|
|
@ -14,7 +14,7 @@ let
|
|||
operator = const [ ];
|
||||
});
|
||||
|
||||
urls = map (drv: { url = head (drv.urls or [ drv.url ]); hash = drv.outputHash; type = drv.outputHashAlgo; }) fetchurlDependencies;
|
||||
urls = map (drv: { url = head (drv.urls or [ drv.url ]); hash = drv.outputHash; type = drv.outputHashAlgo; name = drv.name; }) fetchurlDependencies;
|
||||
|
||||
fetchurlDependencies =
|
||||
filter
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
#! /usr/bin/perl -w
|
||||
|
||||
use strict;
|
||||
|
||||
my %map;
|
||||
open LIST1, "<$ARGV[0]" or die;
|
||||
while (<LIST1>) {
|
||||
/^(\S+)\s+(.*)$/;
|
||||
$map{$1} = $2;
|
||||
}
|
||||
|
||||
open LIST1, "<$ARGV[1]" or die;
|
||||
while (<LIST1>) {
|
||||
/^(\S+)\s+(.*)$/;
|
||||
if (!defined $map{$1}) {
|
||||
print STDERR "missing file: $2\n";
|
||||
next;
|
||||
}
|
||||
print "$2\n";
|
||||
print "$map{$1}\n";
|
||||
}
|
||||
|
|
@ -39,5 +39,5 @@ in
|
|||
vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm;
|
||||
|
||||
# The following are used by nixos-rebuild.
|
||||
nixFallback = pkgs.nixUnstable;
|
||||
nixFallback = pkgs.nixUnstable.out;
|
||||
}
|
||||
|
|
|
@ -106,11 +106,15 @@ networking.extraHosts =
|
|||
'';
|
||||
</programlisting>
|
||||
|
||||
The main difference is that preceding whitespace is
|
||||
automatically stripped from each line, and that characters like
|
||||
The main difference is that it strips from each line
|
||||
a number of spaces equal to the minimal indentation of
|
||||
the string as a whole (disregarding the indentation of
|
||||
empty lines), and that characters like
|
||||
<literal>"</literal> and <literal>\</literal> are not special
|
||||
(making it more convenient for including things like shell
|
||||
code).</para>
|
||||
code).
|
||||
See more info about this in the Nix manual <link
|
||||
xlink:href="https://nixos.org/nix/manual/#ssec-values">here</link>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
|
@ -74,6 +74,63 @@ let
|
|||
</toc>
|
||||
'';
|
||||
|
||||
manualXsltprocOptions = toString [
|
||||
"--param section.autolabel 1"
|
||||
"--param section.label.includes.component.label 1"
|
||||
"--stringparam html.stylesheet style.css"
|
||||
"--param xref.with.number.and.title 1"
|
||||
"--param toc.section.depth 3"
|
||||
"--stringparam admon.style ''"
|
||||
"--stringparam callout.graphics.extension .gif"
|
||||
"--stringparam current.docid manual"
|
||||
"--param chunk.section.depth 0"
|
||||
"--param chunk.first.sections 1"
|
||||
"--param use.id.as.filename 1"
|
||||
"--stringparam generate.toc 'book toc appendix toc'"
|
||||
"--stringparam chunk.toc ${toc}"
|
||||
];
|
||||
|
||||
olinkDB = stdenv.mkDerivation {
|
||||
name = "manual-olinkdb";
|
||||
|
||||
inherit sources;
|
||||
|
||||
buildInputs = [ libxml2 libxslt ];
|
||||
|
||||
buildCommand = ''
|
||||
${copySources}
|
||||
|
||||
xsltproc \
|
||||
${manualXsltprocOptions} \
|
||||
--stringparam collect.xref.targets only \
|
||||
--stringparam targets.filename "$out/manual.db" \
|
||||
--nonet --xinclude \
|
||||
${docbook5_xsl}/xml/xsl/docbook/xhtml/chunktoc.xsl \
|
||||
./manual.xml
|
||||
|
||||
# Check the validity of the man pages sources.
|
||||
xmllint --noout --nonet --xinclude --noxincludenode \
|
||||
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
|
||||
./man-pages.xml
|
||||
|
||||
cat > "$out/olinkdb.xml" <<EOF
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE targetset SYSTEM
|
||||
"file://${docbook5_xsl}/xml/xsl/docbook/common/targetdatabase.dtd" [
|
||||
<!ENTITY manualtargets SYSTEM "file://$out/manual.db">
|
||||
]>
|
||||
<targetset>
|
||||
<targetsetinfo>
|
||||
Allows for cross-referencing olinks between the manpages
|
||||
and the HTML/PDF manuals.
|
||||
</targetsetinfo>
|
||||
|
||||
<document targetdoc="manual">&manualtargets;</document>
|
||||
</targetset>
|
||||
EOF
|
||||
'';
|
||||
};
|
||||
|
||||
in rec {
|
||||
|
||||
# The NixOS options in JSON format.
|
||||
|
@ -116,18 +173,8 @@ in rec {
|
|||
dst=$out/share/doc/nixos
|
||||
mkdir -p $dst
|
||||
xsltproc \
|
||||
--param section.autolabel 1 \
|
||||
--param section.label.includes.component.label 1 \
|
||||
--stringparam html.stylesheet style.css \
|
||||
--param xref.with.number.and.title 1 \
|
||||
--param toc.section.depth 3 \
|
||||
--stringparam admon.style "" \
|
||||
--stringparam callout.graphics.extension .gif \
|
||||
--param chunk.section.depth 0 \
|
||||
--param chunk.first.sections 1 \
|
||||
--param use.id.as.filename 1 \
|
||||
--stringparam generate.toc "book toc appendix toc" \
|
||||
--stringparam chunk.toc ${toc} \
|
||||
${manualXsltprocOptions} \
|
||||
--stringparam target.database.document "${olinkDB}/olinkdb.xml" \
|
||||
--nonet --xinclude --output $dst/ \
|
||||
${docbook5_xsl}/xml/xsl/docbook/xhtml/chunktoc.xsl ./manual.xml
|
||||
|
||||
|
@ -159,6 +206,7 @@ in rec {
|
|||
dst=$out/share/doc/nixos
|
||||
mkdir -p $dst
|
||||
xmllint --xinclude manual.xml | dblatex -o $dst/manual.pdf - \
|
||||
-P target.database.document="${olinkDB}/olinkdb.xml" \
|
||||
-P doc.collab.show=0 \
|
||||
-P latex.output.revhistory=0
|
||||
|
||||
|
@ -178,7 +226,7 @@ in rec {
|
|||
buildCommand = ''
|
||||
${copySources}
|
||||
|
||||
# Check the validity of the manual sources.
|
||||
# Check the validity of the man pages sources.
|
||||
xmllint --noout --nonet --xinclude --noxincludenode \
|
||||
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
|
||||
./man-pages.xml
|
||||
|
@ -190,6 +238,7 @@ in rec {
|
|||
--param man.output.base.dir "'$out/share/man/'" \
|
||||
--param man.endnotes.are.numbered 0 \
|
||||
--param man.break.after.slash 1 \
|
||||
--stringparam target.database.document "${olinkDB}/olinkdb.xml" \
|
||||
${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
|
||||
./man-pages.xml
|
||||
'';
|
||||
|
|
|
@ -11,35 +11,25 @@ uses the NixOS and Nixpkgs sources provided by the
|
|||
<literal>nixos-unstable</literal> channel (kept in
|
||||
<filename>/nix/var/nix/profiles/per-user/root/channels/nixos</filename>).
|
||||
To modify NixOS, however, you should check out the latest sources from
|
||||
Git. This is done using the following command:
|
||||
Git. This is as follows:
|
||||
|
||||
<screen>
|
||||
$ nixos-checkout <replaceable>/my/sources</replaceable>
|
||||
</screen>
|
||||
|
||||
or
|
||||
|
||||
<screen>
|
||||
$ mkdir -p <replaceable>/my/sources</replaceable>
|
||||
$ cd <replaceable>/my/sources</replaceable>
|
||||
$ nix-env -i git
|
||||
$ git clone git://github.com/NixOS/nixpkgs.git
|
||||
$ cd nixpkgs
|
||||
$ git remote add channels git://github.com/NixOS/nixpkgs-channels.git
|
||||
$ git remote update channels
|
||||
</screen>
|
||||
|
||||
This will check out the latest NixOS sources to
|
||||
<filename><replaceable>/my/sources</replaceable>/nixpkgs/nixos</filename>
|
||||
and the Nixpkgs sources to
|
||||
<filename><replaceable>/my/sources</replaceable>/nixpkgs</filename>.
|
||||
(The NixOS source tree lives in a subdirectory of the Nixpkgs
|
||||
repository.) The remote <literal>channels</literal> refers to a
|
||||
read-only repository that tracks the Nixpkgs/NixOS channels (see <xref
|
||||
linkend="sec-upgrading"/> for more information about channels). Thus,
|
||||
the Git branch <literal>channels/nixos-14.12</literal> will contain
|
||||
the latest built and tested version available in the
|
||||
<literal>nixos-14.12</literal> channel.</para>
|
||||
This will check out the latest Nixpkgs sources to
|
||||
<filename>./nixpkgs</filename> the NixOS sources to
|
||||
<filename>./nixpkgs/nixos</filename>. (The NixOS source tree lives in
|
||||
a subdirectory of the Nixpkgs repository.) The remote
|
||||
<literal>channels</literal> refers to a read-only repository that
|
||||
tracks the Nixpkgs/NixOS channels (see <xref linkend="sec-upgrading"/>
|
||||
for more information about channels). Thus, the Git branch
|
||||
<literal>channels/nixos-14.12</literal> will contain the latest built
|
||||
and tested version available in the <literal>nixos-14.12</literal>
|
||||
channel.</para>
|
||||
|
||||
<para>It’s often inconvenient to develop directly on the master
|
||||
branch, since if somebody has just committed (say) a change to GCC,
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-booting-from-pxe">
|
||||
|
||||
<title>Booting from the <quote>netboot</quote> media (PXE)</title>
|
||||
<para>
|
||||
Advanced users may wish to install NixOS using an existing PXE or
|
||||
iPXE setup.
|
||||
</para>
|
||||
<para>
|
||||
These instructions assume that you have an existing PXE or iPXE
|
||||
infrastructure and simply want to add the NixOS installer as another
|
||||
option. To build the necessary files from a recent version of
|
||||
nixpkgs, you can run:
|
||||
</para>
|
||||
<programlisting>
|
||||
nix-build -A netboot nixos/release.nix
|
||||
</programlisting>
|
||||
<para>
|
||||
This will create a <literal>result</literal> directory containing: *
|
||||
<literal>bzImage</literal> – the Linux kernel *
|
||||
<literal>initrd</literal> – the initrd file *
|
||||
<literal>netboot.ipxe</literal> – an example ipxe script
|
||||
demonstrating the appropriate kernel command line arguments for this
|
||||
image
|
||||
</para>
|
||||
<para>
|
||||
If you’re using plain PXE, configure your boot loader to use the
|
||||
<literal>bzImage</literal> and <literal>initrd</literal> files and
|
||||
have it provide the same kernel command line arguments found in
|
||||
<literal>netboot.ipxe</literal>.
|
||||
</para>
|
||||
<para>
|
||||
If you’re using iPXE, depending on how your HTTP/FTP/etc. server is
|
||||
configured you may be able to use <literal>netboot.ipxe</literal>
|
||||
unmodified, or you may need to update the paths to the files to
|
||||
match your server’s directory layout
|
||||
</para>
|
||||
<para>
|
||||
In the future we may begin making these files available as build
|
||||
products from hydra at which point we will update this documentation
|
||||
with instructions on how to obtain them either for placing on a
|
||||
dedicated TFTP server or to boot them directly over the internet.
|
||||
</para>
|
||||
|
||||
</section>
|
|
@ -270,5 +270,6 @@ $ reboot</screen>
|
|||
|
||||
<xi:include href="installing-uefi.xml" />
|
||||
<xi:include href="installing-usb.xml" />
|
||||
<xi:include href="installing-pxe.xml" />
|
||||
|
||||
</chapter>
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
<para>This section lists the release notes for each stable version of NixOS
|
||||
and current unstable revision.</para>
|
||||
|
||||
<xi:include href="rl-1609.xml" />
|
||||
<xi:include href="rl-1603.xml" />
|
||||
<xi:include href="rl-1509.xml" />
|
||||
<xi:include href="rl-1412.xml" />
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
version="5.0"
|
||||
xml:id="sec-release-16.09">
|
||||
|
||||
<title>Release 16.09 (“Flounder”, 2016/09/??)</title>
|
||||
|
||||
<para>In addition to numerous new and upgraded packages, this release
|
||||
has the following highlights: </para>
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem>
|
||||
<para>PXE "netboot" media has landed in <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14740" />.
|
||||
See <xref linkend="sec-booting-from-pxe" /> for documentation.</para>
|
||||
</listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
<para>The following new services were added since the last release:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><literal>(this will get automatically generated at release time)</literal></para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
|
||||
<para>When upgrading from a previous release, please be aware of the
|
||||
following incompatible changes:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>todo</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
|
||||
<para>Other notable improvements:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>todo</para>
|
||||
</listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
|
||||
</section>
|
|
@ -81,14 +81,14 @@ pkgs.vmTools.runInLinuxVM (
|
|||
|
||||
# Register the paths in the Nix database.
|
||||
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
|
||||
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
|
||||
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
|
||||
|
||||
# Add missing size/hash fields to the database. FIXME:
|
||||
# exportReferencesGraph should provide these directly.
|
||||
chroot /mnt ${config.nix.package}/bin/nix-store --verify --check-contents
|
||||
chroot /mnt ${config.nix.package.out}/bin/nix-store --verify --check-contents
|
||||
|
||||
# Create the system profile to allow nixos-rebuild to work.
|
||||
chroot /mnt ${config.nix.package}/bin/nix-env --option build-users-group "" \
|
||||
chroot /mnt ${config.nix.package.out}/bin/nix-env --option build-users-group "" \
|
||||
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
|
||||
|
||||
# `nixos-rebuild' requires an /etc/NIXOS.
|
||||
|
|
|
@ -98,9 +98,9 @@ in {
|
|||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pulseaudioLight;
|
||||
defaultText = "pkgs.pulseaudioLight";
|
||||
example = literalExample "pkgs.pulseaudioFull";
|
||||
default = pulseaudioLight.out;
|
||||
defaultText = "pkgs.pulseaudioLight.out";
|
||||
example = literalExample "pkgs.pulseaudioFull.out";
|
||||
description = ''
|
||||
The PulseAudio derivation to use. This can be used to enable
|
||||
features (such as JACK support, Bluetooth) via the
|
||||
|
@ -134,7 +134,7 @@ in {
|
|||
}
|
||||
|
||||
(mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package.out ];
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
environment.etc = singleton {
|
||||
target = "asound.conf";
|
||||
|
@ -158,7 +158,7 @@ in {
|
|||
wantedBy = [ "default.target" ];
|
||||
serviceConfig = {
|
||||
Type = "notify";
|
||||
ExecStart = "${cfg.package}/bin/pulseaudio --daemonize=no";
|
||||
ExecStart = "${cfg.package.out}/bin/pulseaudio --daemonize=no";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -22,7 +22,11 @@ with lib;
|
|||
###### implementation
|
||||
|
||||
config = mkIf config.hardware.enableAllFirmware {
|
||||
hardware.firmware = [ pkgs.firmwareLinuxNonfree pkgs.intel2200BGFirmware ];
|
||||
hardware.firmware = with pkgs; [
|
||||
firmwareLinuxNonfree
|
||||
intel2200BGFirmware
|
||||
rtl8723bs-firmware
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -31,13 +31,13 @@ in
|
|||
|
||||
# unload module during suspend/hibernate as it crashes the whole system
|
||||
powerManagement.powerDownCommands = ''
|
||||
${pkgs.module_init_tools}/bin/rmmod -f facetimehd
|
||||
${pkgs.kmod}/bin/lsmod | ${pkgs.gnugrep}/bin/grep -q "^facetimehd" && ${pkgs.kmod}/bin/rmmod -f -v facetimehd
|
||||
'';
|
||||
|
||||
# and load it back on resume
|
||||
powerManagement.resumeCommands = ''
|
||||
export MODULE_DIR=/run/current-system/kernel-modules/lib/modules
|
||||
${pkgs.module_init_tools}/bin/modprobe -v facetimehd
|
||||
${pkgs.kmod}/bin/modprobe -v facetimehd
|
||||
'';
|
||||
|
||||
};
|
||||
|
|
|
@ -34,7 +34,7 @@ in
|
|||
if ! [ -e /var/lib/nixos/did-channel-init ]; then
|
||||
echo "unpacking the NixOS/Nixpkgs sources..."
|
||||
mkdir -p /nix/var/nix/profiles/per-user/root
|
||||
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels \
|
||||
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels \
|
||||
-i ${channelSources} --quiet --option build-use-substitutes false
|
||||
mkdir -m 0700 -p /root/.nix-defexpr
|
||||
ln -s /nix/var/nix/profiles/per-user/root/channels /root/.nix-defexpr/channels
|
||||
|
|
|
@ -364,12 +364,12 @@ in
|
|||
''
|
||||
# After booting, register the contents of the Nix store on the
|
||||
# CD in the Nix database in the tmpfs.
|
||||
${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration
|
||||
${config.nix.package.out}/bin/nix-store --load-db < /nix/store/nix-path-registration
|
||||
|
||||
# nixos-rebuild also requires a "system" profile and an
|
||||
# /etc/NIXOS tag.
|
||||
touch /etc/NIXOS
|
||||
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
|
||||
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
|
||||
'';
|
||||
|
||||
# Add vfat support to the initrd to enable people to copy the
|
||||
|
|
|
@ -113,11 +113,11 @@ in
|
|||
${pkgs.e2fsprogs}/bin/resize2fs $rootPart
|
||||
|
||||
# Register the contents of the initial Nix store
|
||||
${config.nix.package}/bin/nix-store --load-db < /nix-path-registration
|
||||
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration
|
||||
|
||||
# nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag.
|
||||
touch /etc/NIXOS
|
||||
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
|
||||
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
|
||||
|
||||
# Prevents this from running on later boots.
|
||||
rm -f /nix-path-registration
|
||||
|
|
|
@ -52,8 +52,7 @@ in
|
|||
# Include some utilities that are useful for installing or repairing
|
||||
# the system.
|
||||
environment.systemPackages =
|
||||
[ pkgs.subversion # for nixos-checkout
|
||||
pkgs.w3m # needed for the manual anyway
|
||||
[ pkgs.w3m # needed for the manual anyway
|
||||
pkgs.testdisk # useful for repairing boot problems
|
||||
pkgs.mssys # for writing Microsoft boot sectors / MBRs
|
||||
pkgs.parted
|
||||
|
|
|
@ -49,8 +49,7 @@ in
|
|||
# Include some utilities that are useful for installing or repairing
|
||||
# the system.
|
||||
environment.systemPackages =
|
||||
[ pkgs.subversion # for nixos-checkout
|
||||
pkgs.w3m # needed for the manual anyway
|
||||
[ pkgs.w3m # needed for the manual anyway
|
||||
pkgs.ddrescue
|
||||
pkgs.ccrypt
|
||||
pkgs.cryptsetup # needed for dm-crypt volumes
|
||||
|
|
|
@ -78,14 +78,14 @@ in
|
|||
# After booting, register the contents of the Nix store on the
|
||||
# CD in the Nix database in the tmpfs.
|
||||
if [ -f /nix-path-registration ]; then
|
||||
${config.nix.package}/bin/nix-store --load-db < /nix-path-registration &&
|
||||
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
|
||||
rm /nix-path-registration
|
||||
fi
|
||||
|
||||
# nixos-rebuild also requires a "system" profile and an
|
||||
# /etc/NIXOS tag.
|
||||
touch /etc/NIXOS
|
||||
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
|
||||
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
|
||||
'';
|
||||
|
||||
};
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
# This module contains the basic configuration for building netboot
|
||||
# images
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ./netboot.nix
|
||||
|
||||
# Profiles of this basic netboot media
|
||||
../../profiles/all-hardware.nix
|
||||
../../profiles/base.nix
|
||||
../../profiles/installation-device.nix
|
||||
];
|
||||
|
||||
# Allow the user to log in as root without a password.
|
||||
users.extraUsers.root.initialHashedPassword = "";
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
# This module defines a small netboot environment.
|
||||
|
||||
{ config, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ./netboot-base.nix
|
||||
../../profiles/minimal.nix
|
||||
];
|
||||
}
|
|
@ -0,0 +1,91 @@
|
|||
# This module creates netboot media containing the given NixOS
|
||||
# configuration.
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
options = {
|
||||
|
||||
netboot.storeContents = mkOption {
|
||||
example = literalExample "[ pkgs.stdenv ]";
|
||||
description = ''
|
||||
This option lists additional derivations to be included in the
|
||||
Nix store in the generated netboot image.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
boot.loader.grub.version = 2;
|
||||
|
||||
# Don't build the GRUB menu builder script, since we don't need it
|
||||
# here and it causes a cyclic dependency.
|
||||
boot.loader.grub.enable = false;
|
||||
|
||||
boot.initrd.postMountCommands = ''
|
||||
mkdir -p /mnt-root/nix/store
|
||||
mount -t squashfs /nix-store.squashfs /mnt-root/nix/store
|
||||
'';
|
||||
|
||||
# !!! Hack - attributes expected by other modules.
|
||||
system.boot.loader.kernelFile = "bzImage";
|
||||
environment.systemPackages = [ pkgs.grub2 pkgs.grub2_efi pkgs.syslinux ];
|
||||
|
||||
boot.consoleLogLevel = mkDefault 7;
|
||||
|
||||
fileSystems."/" =
|
||||
{ fsType = "tmpfs";
|
||||
options = [ "mode=0755" ];
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = [ "squashfs" ];
|
||||
|
||||
boot.initrd.kernelModules = [ "loop" ];
|
||||
|
||||
# Closures to be copied to the Nix store, namely the init
|
||||
# script and the top-level system configuration directory.
|
||||
netboot.storeContents =
|
||||
[ config.system.build.toplevel ];
|
||||
|
||||
# Create the squashfs image that contains the Nix store.
|
||||
system.build.squashfsStore = import ../../../lib/make-squashfs.nix {
|
||||
inherit (pkgs) stdenv squashfsTools perl pathsFromGraph;
|
||||
storeContents = config.netboot.storeContents;
|
||||
};
|
||||
|
||||
|
||||
# Create the initrd
|
||||
system.build.netbootRamdisk = pkgs.makeInitrd {
|
||||
inherit (config.boot.initrd) compressor;
|
||||
prepend = [ "${config.system.build.initialRamdisk}/initrd" ];
|
||||
|
||||
contents =
|
||||
[ { object = config.system.build.squashfsStore;
|
||||
symlink = "/nix-store.squashfs";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
system.build.netbootIpxeScript = pkgs.writeTextDir "netboot.ipxe" "#!ipxe\nkernel bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}\ninitrd initrd\nboot";
|
||||
|
||||
boot.loader.timeout = 10;
|
||||
|
||||
boot.postBootCommands =
|
||||
''
|
||||
# After booting, register the contents of the Nix store
|
||||
# in the Nix database in the tmpfs.
|
||||
${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration
|
||||
|
||||
# nixos-rebuild also requires a "system" profile and an
|
||||
# /etc/NIXOS tag.
|
||||
touch /etc/NIXOS
|
||||
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -78,7 +78,7 @@ let cfg = config.system.autoUpgrade; in
|
|||
HOME = "/root";
|
||||
};
|
||||
|
||||
path = [ pkgs.gnutar pkgs.xz.bin config.nix.package ];
|
||||
path = [ pkgs.gnutar pkgs.xz.bin config.nix.package.out ];
|
||||
|
||||
script = ''
|
||||
${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch ${toString cfg.flags}
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
# This module generates the nixos-checkout script, which performs a
|
||||
# checkout of the Nixpkgs Git repository.
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
nixosCheckout = pkgs.substituteAll {
|
||||
name = "nixos-checkout";
|
||||
dir = "bin";
|
||||
isExecutable = true;
|
||||
src = pkgs.writeScript "nixos-checkout"
|
||||
''
|
||||
#! ${pkgs.stdenv.shell} -e
|
||||
|
||||
if [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
|
||||
echo "Usage: `basename $0` [PREFIX]. See NixOS Manual for more info."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
prefix="$1"
|
||||
if [ -z "$prefix" ]; then prefix=/etc/nixos; fi
|
||||
mkdir -p "$prefix"
|
||||
cd "$prefix"
|
||||
|
||||
if [ -z "$(type -P git)" ]; then
|
||||
echo "installing Git..."
|
||||
nix-env -iA nixos.git
|
||||
fi
|
||||
|
||||
# Move any old nixpkgs directories out of the way.
|
||||
backupTimestamp=$(date "+%Y%m%d%H%M%S")
|
||||
|
||||
if [ -e nixpkgs -a ! -e nixpkgs/.git ]; then
|
||||
mv nixpkgs nixpkgs-$backupTimestamp
|
||||
fi
|
||||
|
||||
# Check out the Nixpkgs sources.
|
||||
if ! [ -e nixpkgs/.git ]; then
|
||||
echo "Creating repository in $prefix/nixpkgs..."
|
||||
git init --quiet nixpkgs
|
||||
else
|
||||
echo "Updating repository in $prefix/nixpkgs..."
|
||||
fi
|
||||
cd nixpkgs
|
||||
git remote add origin git://github.com/NixOS/nixpkgs.git || true
|
||||
git remote add channels git://github.com/NixOS/nixpkgs-channels.git || true
|
||||
git remote set-url origin --push git@github.com:NixOS/nixpkgs.git
|
||||
git remote update
|
||||
git checkout master
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
environment.systemPackages = [ nixosCheckout ];
|
||||
}
|
|
@ -271,7 +271,7 @@ remotePATH=
|
|||
if [ -n "$buildNix" ]; then
|
||||
echo "building Nix..." >&2
|
||||
nixDrv=
|
||||
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A config.nix.package "${extraBuildFlags[@]}")"; then
|
||||
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A config.nix.package.out "${extraBuildFlags[@]}")"; then
|
||||
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A nixFallback "${extraBuildFlags[@]}")"; then
|
||||
if ! nixDrv="$(nix-instantiate '<nixpkgs>' --add-root $tmpDir/nix.drv --indirect -A nix "${extraBuildFlags[@]}")"; then
|
||||
nixStorePath="$(prebuiltNix "$(uname -m)")"
|
||||
|
|
|
@ -22,17 +22,17 @@ let
|
|||
src = ./nixos-install.sh;
|
||||
|
||||
inherit (pkgs) perl pathsFromGraph;
|
||||
nix = config.nix.package;
|
||||
nix = config.nix.package.out;
|
||||
|
||||
nixClosure = pkgs.runCommand "closure"
|
||||
{ exportReferencesGraph = ["refs" config.nix.package]; }
|
||||
{ exportReferencesGraph = ["refs" config.nix.package.out]; }
|
||||
"cp refs $out";
|
||||
};
|
||||
|
||||
nixos-rebuild = makeProg {
|
||||
name = "nixos-rebuild";
|
||||
src = ./nixos-rebuild.sh;
|
||||
nix = config.nix.package;
|
||||
nix = config.nix.package.out;
|
||||
};
|
||||
|
||||
nixos-generate-config = makeProg {
|
||||
|
|
|
@ -263,6 +263,8 @@
|
|||
caddy = 239;
|
||||
taskd = 240;
|
||||
factorio = 241;
|
||||
emby = 242;
|
||||
graylog = 243;
|
||||
|
||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||
|
||||
|
@ -497,6 +499,7 @@
|
|||
caddy = 239;
|
||||
taskd = 240;
|
||||
factorio = 241;
|
||||
emby = 242;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing
|
||||
# uid. Users and groups with the same name should have equal
|
||||
|
|
|
@ -47,7 +47,6 @@
|
|||
./i18n/input-method/nabi.nix
|
||||
./i18n/input-method/uim.nix
|
||||
./installer/tools/auto-upgrade.nix
|
||||
./installer/tools/nixos-checkout.nix
|
||||
./installer/tools/tools.nix
|
||||
./misc/assertions.nix
|
||||
./misc/crashdump.nix
|
||||
|
@ -71,6 +70,7 @@
|
|||
./programs/kbdlight.nix
|
||||
./programs/light.nix
|
||||
./programs/man.nix
|
||||
./programs/mosh.nix
|
||||
./programs/nano.nix
|
||||
./programs/screen.nix
|
||||
./programs/shadow.nix
|
||||
|
@ -158,6 +158,7 @@
|
|||
./services/desktops/gnome3/tracker.nix
|
||||
./services/desktops/profile-sync-daemon.nix
|
||||
./services/desktops/telepathy.nix
|
||||
./services/development/hoogle.nix
|
||||
./services/games/factorio.nix
|
||||
./services/games/ghost-one.nix
|
||||
./services/games/minecraft-server.nix
|
||||
|
@ -182,6 +183,7 @@
|
|||
./services/hardware/thermald.nix
|
||||
./services/logging/awstats.nix
|
||||
./services/logging/fluentd.nix
|
||||
./services/logging/graylog.nix
|
||||
./services/logging/klogd.nix
|
||||
./services/logging/logcheck.nix
|
||||
./services/logging/logrotate.nix
|
||||
|
@ -215,6 +217,7 @@
|
|||
./services/misc/dictd.nix
|
||||
./services/misc/disnix.nix
|
||||
./services/misc/docker-registry.nix
|
||||
./services/misc/emby.nix
|
||||
./services/misc/etcd.nix
|
||||
./services/misc/felix.nix
|
||||
./services/misc/folding-at-home.nix
|
||||
|
@ -336,6 +339,7 @@
|
|||
./services/networking/kippo.nix
|
||||
./services/networking/lambdabot.nix
|
||||
./services/networking/libreswan.nix
|
||||
./services/networking/logmein-hamachi.nix
|
||||
./services/networking/mailpile.nix
|
||||
./services/networking/mfi.nix
|
||||
./services/networking/mjpg-streamer.nix
|
||||
|
@ -398,6 +402,7 @@
|
|||
./services/networking/wicd.nix
|
||||
./services/networking/wpa_supplicant.nix
|
||||
./services/networking/xinetd.nix
|
||||
./services/networking/zerobin.nix
|
||||
./services/networking/zerotierone.nix
|
||||
./services/networking/znc.nix
|
||||
./services/printing/cupsd.nix
|
||||
|
|
|
@ -37,12 +37,12 @@ in {
|
|||
# After booting, register the contents of the Nix store in the Nix
|
||||
# database.
|
||||
if [ -f /nix-path-registration ]; then
|
||||
${config.nix.package}/bin/nix-store --load-db < /nix-path-registration &&
|
||||
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
|
||||
rm /nix-path-registration
|
||||
fi
|
||||
|
||||
# nixos-rebuild also requires a "system" profile
|
||||
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
|
||||
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
|
||||
'';
|
||||
|
||||
# Install new init script
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.programs.mosh;
|
||||
|
||||
in
|
||||
{
|
||||
options.programs.mosh = {
|
||||
enable = mkOption {
|
||||
description = ''
|
||||
Whether to enable mosh. Note, this will open ports in your firewall!
|
||||
'';
|
||||
default = false;
|
||||
example = true;
|
||||
type = lib.types.bool;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [ mosh ];
|
||||
networking.firewall.allowedUDPPortRanges = [ { from = 60000; to = 61000; } ];
|
||||
};
|
||||
}
|
|
@ -68,6 +68,10 @@ with lib;
|
|||
# proxy
|
||||
(mkRenamedOptionModule [ "nix" "proxy" ] [ "networking" "proxy" "default" ])
|
||||
|
||||
# sandboxing
|
||||
(mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ])
|
||||
(mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ])
|
||||
|
||||
# KDE
|
||||
(mkRenamedOptionModule [ "kde" "extraPackages" ] [ "environment" "systemPackages" ])
|
||||
(mkRenamedOptionModule [ "environment" "kdePackages" ] [ "environment" "systemPackages" ])
|
||||
|
|
|
@ -234,7 +234,8 @@ in
|
|||
|
||||
systemd.services.grsec-lock = mkIf cfg.config.sysctl {
|
||||
description = "grsecurity sysctl-lock Service";
|
||||
requires = [ "systemd-sysctl.service" ];
|
||||
wants = [ "systemd-sysctl.service" ];
|
||||
after = [ "systemd-sysctl.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.RemainAfterExit = "yes";
|
||||
|
|
|
@ -50,11 +50,8 @@ with lib;
|
|||
ensureDir ${crashplan.vardir}/log 777
|
||||
cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf
|
||||
for x in app.asar bin EULA.txt install.vars lang lib libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libmd564.so libmd5.so share skin upgrade; do
|
||||
if [ -e ${crashplan.vardir}/$x ]; then
|
||||
true;
|
||||
else
|
||||
ln -s ${crashplan}/$x ${crashplan.vardir}/$x;
|
||||
fi;
|
||||
rm -f ${crashplan.vardir}/$x;
|
||||
ln -sf ${crashplan}/$x ${crashplan.vardir}/$x;
|
||||
done
|
||||
'';
|
||||
|
||||
|
|
|
@ -242,7 +242,7 @@ in
|
|||
|
||||
if test -e "${cfg.dataDir}/.first_startup"; then
|
||||
${optionalString (cfg.initialScript != null) ''
|
||||
cat "${cfg.initialScript}" | psql --port=${toString cfg.port} postgres
|
||||
psql -f "${cfg.initialScript}" --port=${toString cfg.port} postgres
|
||||
''}
|
||||
rm -f "${cfg.dataDir}/.first_startup"
|
||||
fi
|
||||
|
|
|
@ -0,0 +1,70 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.hoogle;
|
||||
|
||||
hoogleEnv = pkgs.buildEnv {
|
||||
name = "hoogle";
|
||||
paths = [ (cfg.haskellPackages.ghcWithHoogle cfg.packages) ];
|
||||
};
|
||||
|
||||
in {
|
||||
|
||||
options.services.hoogle = {
|
||||
enable = mkEnableOption "Haskell documentation server";
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 8080;
|
||||
description = ''
|
||||
Port number Hoogle will be listening to.
|
||||
'';
|
||||
};
|
||||
|
||||
packages = mkOption {
|
||||
default = hp: [];
|
||||
defaultText = "hp: []";
|
||||
example = "hp: with hp; [ text lens ]";
|
||||
description = ''
|
||||
The Haskell packages to generate documentation for.
|
||||
|
||||
The option value is a function that takes the package set specified in
|
||||
the <varname>haskellPackages</varname> option as its sole parameter and
|
||||
returns a list of packages.
|
||||
'';
|
||||
};
|
||||
|
||||
haskellPackages = mkOption {
|
||||
description = "Which haskell package set to use.";
|
||||
default = pkgs.haskellPackages;
|
||||
defaultText = "pkgs.haskellPackages";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.hoogle = {
|
||||
description = "Haskell documentation server";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
ExecStart = ''${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port}'';
|
||||
|
||||
User = "nobody";
|
||||
Group = "nogroup";
|
||||
|
||||
PrivateTmp = true;
|
||||
ProtectHome = true;
|
||||
|
||||
RuntimeDirectory = "hoogle";
|
||||
WorkingDirectory = "%t/hoogle";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -0,0 +1,116 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.hardware.sane.brscan4;
|
||||
|
||||
netDeviceList = attrValues cfg.netDevices;
|
||||
|
||||
etcFiles = pkgs.callPackage ./brscan4_etc_files.nix { netDevices = netDeviceList; };
|
||||
|
||||
netDeviceOpts = { name, config, ... }: {
|
||||
|
||||
options = {
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
The friendly name you give to the network device. If undefined,
|
||||
the name of attribute will be used.
|
||||
'';
|
||||
|
||||
example = literalExample "office1";
|
||||
};
|
||||
|
||||
model = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
The model of the network device.
|
||||
'';
|
||||
|
||||
example = literalExample "MFC-7860DW";
|
||||
};
|
||||
|
||||
ip = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
The ip address of the device. If undefined, you will have to
|
||||
provide a nodename.
|
||||
'';
|
||||
|
||||
example = literalExample "192.168.1.2";
|
||||
};
|
||||
|
||||
nodename = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
The node name of the device. If undefined, you will have to
|
||||
provide an ip.
|
||||
'';
|
||||
|
||||
example = literalExample "BRW0080927AFBCE";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
config =
|
||||
{ name = mkDefault name;
|
||||
};
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
options = {
|
||||
|
||||
hardware.sane.brscan4.enable =
|
||||
mkEnableOption "Brother's brscan4 scan backend" // {
|
||||
description = ''
|
||||
When enabled, will automatically register the "brscan4" sane
|
||||
backend and bring configuration files to their expected location.
|
||||
'';
|
||||
};
|
||||
|
||||
hardware.sane.brscan4.netDevices = mkOption {
|
||||
default = {};
|
||||
example =
|
||||
{ office1 = { model = "MFC-7860DW"; ip = "192.168.1.2"; };
|
||||
office2 = { model = "MFC-7860DW"; nodename = "BRW0080927AFBCE"; };
|
||||
};
|
||||
type = types.loaOf types.optionSet;
|
||||
description = ''
|
||||
The list of network devices that will be registered against the brscan4
|
||||
sane backend.
|
||||
'';
|
||||
options = [ netDeviceOpts ];
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf (config.hardware.sane.enable && cfg.enable) {
|
||||
|
||||
hardware.sane.extraBackends = [
|
||||
pkgs.brscan4
|
||||
];
|
||||
|
||||
environment.etc = singleton {
|
||||
target = "opt/brother/scanner/brscan4";
|
||||
source = "${etcFiles}/etc/opt/brother/scanner/brscan4";
|
||||
};
|
||||
|
||||
assertions = [
|
||||
{ assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList;
|
||||
|
||||
message = ''
|
||||
When describing a network device as part of the attribute list
|
||||
`hardware.sane.brscan4.netDevices`, only one of its `ip` or `nodename`
|
||||
attribute should be specified, not both!
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
};
|
||||
}
|
|
@ -0,0 +1,71 @@
|
|||
{ stdenv, lib, brscan4, netDevices ? [] }:
|
||||
|
||||
/*
|
||||
|
||||
Testing
|
||||
-------
|
||||
|
||||
No net devices:
|
||||
|
||||
~~~
|
||||
nix-shell -E 'with import <nixpkgs> { }; brscan4-etc-files'
|
||||
~~~
|
||||
|
||||
Two net devices:
|
||||
|
||||
~~~
|
||||
nix-shell -E 'with import <nixpkgs> { }; brscan4-etc-files.override{netDevices=[{name="a"; model="MFC-7860DW"; nodename="BRW0080927AFBCE";} {name="b"; model="MFC-7860DW"; ip="192.168.1.2";}];}'
|
||||
~~~
|
||||
|
||||
*/
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
addNetDev = nd: ''
|
||||
brsaneconfig4 -a \
|
||||
name="${nd.name}" \
|
||||
model="${nd.model}" \
|
||||
${if (hasAttr "nodename" nd && nd.nodename != null) then
|
||||
''nodename="${nd.nodename}"'' else
|
||||
''ip="${nd.ip}"''}'';
|
||||
addAllNetDev = xs: concatStringsSep "\n" (map addNetDev xs);
|
||||
in
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
|
||||
name = "brscan4-etc-files-0.4.3-3";
|
||||
src = "${brscan4}/opt/brother/scanner/brscan4";
|
||||
|
||||
nativeBuildInputs = [ brscan4 ];
|
||||
|
||||
configurePhase = ":";
|
||||
|
||||
buildPhase = ''
|
||||
TARGET_DIR="$out/etc/opt/brother/scanner/brscan4"
|
||||
mkdir -p "$TARGET_DIR"
|
||||
cp -rp "./models4" "$TARGET_DIR"
|
||||
cp -rp "./Brsane4.ini" "$TARGET_DIR"
|
||||
cp -rp "./brsanenetdevice4.cfg" "$TARGET_DIR"
|
||||
|
||||
export BRSANENETDEVICE4_CFG_FILENAME="$TARGET_DIR/brsanenetdevice4.cfg"
|
||||
|
||||
printf '${addAllNetDev netDevices}\n'
|
||||
|
||||
${addAllNetDev netDevices}
|
||||
'';
|
||||
|
||||
installPhase = ":";
|
||||
|
||||
dontStrip = true;
|
||||
dontPatchELF = true;
|
||||
|
||||
meta = {
|
||||
description = "Brother brscan4 sane backend driver etc files";
|
||||
homepage = http://www.brother.com;
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
license = stdenv.lib.licenses.unfree;
|
||||
maintainers = with stdenv.lib.maintainers; [ jraygauthier ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,161 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.graylog;
|
||||
configBool = b: if b then "true" else "false";
|
||||
|
||||
confFile = pkgs.writeText "graylog.conf" ''
|
||||
is_master = ${configBool cfg.isMaster}
|
||||
node_id_file = ${cfg.nodeIdFile}
|
||||
password_secret = ${cfg.passwordSecret}
|
||||
root_username = ${cfg.rootUsername}
|
||||
root_password_sha2 = ${cfg.rootPasswordSha2}
|
||||
elasticsearch_cluster_name = ${cfg.elasticsearchClusterName}
|
||||
elasticsearch_discovery_zen_ping_multicast_enabled = ${configBool cfg.elasticsearchDiscoveryZenPingMulticastEnabled}
|
||||
elasticsearch_discovery_zen_ping_unicast_hosts = ${cfg.elasticsearchDiscoveryZenPingUnicastHosts}
|
||||
message_journal_dir = ${cfg.messageJournalDir}
|
||||
mongodb_uri = ${cfg.mongodbUri}
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
in
|
||||
|
||||
{
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.graylog = {
|
||||
|
||||
enable = mkEnableOption "Graylog";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.graylog;
|
||||
defaultText = "pkgs.graylog";
|
||||
example = literalExample "pkgs.graylog";
|
||||
description = "Graylog package to use.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "graylog";
|
||||
example = literalExample "graylog";
|
||||
description = "User account under which graylog runs";
|
||||
};
|
||||
|
||||
isMaster = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether this is the master instance of your Graylog cluster";
|
||||
};
|
||||
|
||||
nodeIdFile = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/graylog/server/node-id";
|
||||
description = "Path of the file containing the graylog node-id";
|
||||
};
|
||||
|
||||
passwordSecret = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
|
||||
Generate one by using for example: pwgen -N 1 -s 96
|
||||
'';
|
||||
};
|
||||
|
||||
rootUsername = mkOption {
|
||||
type = types.str;
|
||||
default = "admin";
|
||||
description = "Name of the default administrator user";
|
||||
};
|
||||
|
||||
rootPasswordSha2 = mkOption {
|
||||
type = types.str;
|
||||
example = "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952";
|
||||
description = ''
|
||||
You MUST specify a hash password for the root user (which you only need to initially set up the
|
||||
system and in case you lose connectivity to your authentication backend)
|
||||
This password cannot be changed using the API or via the web interface. If you need to change it,
|
||||
modify it here.
|
||||
Create one by using for example: echo -n yourpassword | shasum -a 256
|
||||
and use the resulting hash value as string for the option
|
||||
'';
|
||||
};
|
||||
|
||||
elasticsearchClusterName = mkOption {
|
||||
type = types.str;
|
||||
example = "graylog";
|
||||
description = "This must be the same as for your Elasticsearch cluster";
|
||||
};
|
||||
|
||||
elasticsearchDiscoveryZenPingMulticastEnabled = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to use elasticsearch multicast discovery";
|
||||
};
|
||||
|
||||
elasticsearchDiscoveryZenPingUnicastHosts = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1:9300";
|
||||
description = "Tells Graylogs Elasticsearch client how to find other cluster members. See Elasticsearch documentation for details";
|
||||
};
|
||||
|
||||
messageJournalDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/graylog/data/journal";
|
||||
description = "The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself";
|
||||
};
|
||||
|
||||
mongodbUri = mkOption {
|
||||
type = types.str;
|
||||
default = "mongodb://localhost/graylog";
|
||||
description = "MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details";
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Any other configuration options you might want to add";
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
users.extraUsers = mkIf (cfg.user == "graylog") {
|
||||
graylog = {
|
||||
uid = config.ids.uids.graylog;
|
||||
description = "Graylog server daemon user";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.graylog = with pkgs; {
|
||||
description = "Graylog Server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
JAVA_HOME = jre;
|
||||
GRAYLOG_CONF = "${confFile}";
|
||||
};
|
||||
path = [ pkgs.openjdk8 pkgs.which pkgs.procps ];
|
||||
preStart = ''
|
||||
mkdir -p /var/lib/graylog -m 755
|
||||
chown -R ${cfg.user} /var/lib/graylog
|
||||
|
||||
mkdir -p ${cfg.messageJournalDir} -m 755
|
||||
chown -R ${cfg.user} ${cfg.messageJournalDir}
|
||||
'';
|
||||
serviceConfig = {
|
||||
User="${cfg.user}";
|
||||
PermissionsStartOnly=true;
|
||||
ExecStart = "${cfg.package}/bin/graylogctl run";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -11,7 +11,10 @@ let
|
|||
rm $out/logcheck.*
|
||||
'';
|
||||
|
||||
rulesDir = pkgs.symlinkJoin "logcheck-rules-dir" ([ defaultRules ] ++ cfg.extraRulesDirs);
|
||||
rulesDir = pkgs.symlinkJoin
|
||||
{ name = "logcheck-rules-dir";
|
||||
paths = ([ defaultRules ] ++ cfg.extraRulesDirs);
|
||||
};
|
||||
|
||||
configFile = pkgs.writeText "logcheck.conf" cfg.config;
|
||||
|
||||
|
|
|
@ -63,8 +63,10 @@ let
|
|||
cfg.extraConfig
|
||||
];
|
||||
|
||||
modulesDir = pkgs.symlinkJoin "dovecot-modules"
|
||||
(map (pkg: "${pkg}/lib/dovecot") ([ dovecotPkg ] ++ map (module: module.override { dovecot = dovecotPkg; }) cfg.modules));
|
||||
modulesDir = pkgs.symlinkJoin {
|
||||
name = "dovecot-modules";
|
||||
paths = map (pkg: "${pkg}/lib/dovecot") ([ dovecotPkg ] ++ map (module: module.override { dovecot = dovecotPkg; }) cfg.modules);
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
|
|
|
@ -7,9 +7,14 @@ let
|
|||
rspamdCfg = config.services.rspamd;
|
||||
cfg = config.services.rmilter;
|
||||
|
||||
inetSockets = map (sock: let s = stringSplit ":" sock; in "inet:${last s}:${head s}") cfg.bindInetSockets;
|
||||
unixSockets = map (sock: "unix:${sock}") cfg.bindUnixSockets;
|
||||
|
||||
allSockets = unixSockets ++ inetSockets;
|
||||
|
||||
rmilterConf = ''
|
||||
pidfile = /run/rmilter/rmilter.pid;
|
||||
bind_socket = ${cfg.bindSocket};
|
||||
bind_socket = ${if cfg.socketActivation then "fd:3" else concatStringsSep ", " allSockets};
|
||||
tempdir = /tmp;
|
||||
|
||||
'' + (with cfg.rspamd; if enable then ''
|
||||
|
@ -68,14 +73,37 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
bindSocket = mkOption {
|
||||
type = types.string;
|
||||
default = "unix:/run/rmilter/rmilter.sock";
|
||||
description = "Socket to listed for MTA requests";
|
||||
bindUnixSockets = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = ["/run/rmilter.sock"];
|
||||
description = ''
|
||||
Unix domain sockets to listen for MTA requests.
|
||||
'';
|
||||
example = ''
|
||||
"unix:/run/rmilter/rmilter.sock" or
|
||||
"inet:11990@127.0.0.1"
|
||||
'';
|
||||
[ "/run/rmilter.sock"]
|
||||
'';
|
||||
};
|
||||
|
||||
bindInetSockets = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Inet addresses to listen (in format accepted by systemd.socket)
|
||||
'';
|
||||
example = ''
|
||||
["127.0.0.1:11990"]
|
||||
'';
|
||||
};
|
||||
|
||||
socketActivation = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Enable systemd socket activation for rmilter.
|
||||
(disabling socket activation not recommended
|
||||
when unix socket used, and follow to wrong
|
||||
permissions on unix domain socket.)
|
||||
'';
|
||||
};
|
||||
|
||||
rspamd = {
|
||||
|
@ -86,7 +114,7 @@ in
|
|||
|
||||
servers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = ["r:0.0.0.0:11333"];
|
||||
default = ["r:/run/rspamd.sock"];
|
||||
description = ''
|
||||
Spamd socket definitions.
|
||||
Is server name is prefixed with r: it is rspamd server.
|
||||
|
@ -129,7 +157,7 @@ in
|
|||
type = types.str;
|
||||
description = "Addon to postfix configuration";
|
||||
default = ''
|
||||
smtpd_milters = ${cfg.bindSocket}
|
||||
smtpd_milters = ${head allSockets}
|
||||
# or for TCP socket
|
||||
# # smtpd_milters = inet:localhost:9900
|
||||
milter_protocol = 6
|
||||
|
@ -169,21 +197,30 @@ milter_default_action = accept
|
|||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}";
|
||||
ExecReload = "/bin/kill -USR1 $MAINPID";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
PermissionsStartOnly = true;
|
||||
Restart = "always";
|
||||
RuntimeDirectory = "rmilter";
|
||||
RuntimeDirectoryPermissions="0755";
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
${pkgs.coreutils}/bin/mkdir -p /run/rmilter
|
||||
${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /run/rmilter
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment;
|
||||
systemd.sockets.rmilter = mkIf cfg.socketActivation {
|
||||
description = "Rmilter service socket";
|
||||
wantedBy = [ "sockets.target" ];
|
||||
socketConfig = {
|
||||
ListenStream = cfg.bindUnixSockets ++ cfg.bindInetSockets;
|
||||
SocketUser = cfg.user;
|
||||
SocketGroup = cfg.group;
|
||||
SocketMode = "0660";
|
||||
};
|
||||
};
|
||||
|
||||
services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment;
|
||||
users.users.postfix.extraGroups = [ cfg.group ];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -6,6 +6,35 @@ let
|
|||
|
||||
cfg = config.services.rspamd;
|
||||
|
||||
mkBindSockets = socks: concatStringsSep "\n" (map (each: " bind_socket = \"${each}\"") socks);
|
||||
|
||||
rspamdConf =
|
||||
''
|
||||
.include "$CONFDIR/common.conf"
|
||||
|
||||
options {
|
||||
pidfile = "$RUNDIR/rspamd.pid";
|
||||
.include "$CONFDIR/options.inc"
|
||||
}
|
||||
|
||||
logging {
|
||||
type = "file";
|
||||
filename = "$LOGDIR/rspamd.log";
|
||||
.include "$CONFDIR/logging.inc"
|
||||
}
|
||||
|
||||
worker {
|
||||
${mkBindSockets cfg.bindSocket}
|
||||
.include "$CONFDIR/worker-normal.inc"
|
||||
}
|
||||
|
||||
worker {
|
||||
${mkBindSockets cfg.bindUISocket}
|
||||
.include "$CONFDIR/worker-controller.inc"
|
||||
}
|
||||
'';
|
||||
rspamdConfFile = pkgs.writeText "rspamd.conf" rspamdConf;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -26,6 +55,32 @@ in
|
|||
description = "Whether to run the rspamd daemon in debug mode.";
|
||||
};
|
||||
|
||||
bindSocket = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"/run/rspamd.sock mode=0666 owner=${cfg.user}"
|
||||
];
|
||||
description = ''
|
||||
List of sockets to listen, in format acceptable by rspamd
|
||||
'';
|
||||
example = ''
|
||||
bindSocket = [
|
||||
"/run/rspamd.sock mode=0666 owner=rspamd"
|
||||
"*:11333"
|
||||
];
|
||||
'';
|
||||
};
|
||||
|
||||
bindUISocket = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"localhost:11334"
|
||||
];
|
||||
description = ''
|
||||
List of sockets for web interface, in format acceptable by rspamd
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.string;
|
||||
default = "rspamd";
|
||||
|
@ -62,7 +117,7 @@ in
|
|||
|
||||
users.extraGroups = singleton {
|
||||
name = cfg.group;
|
||||
gid = config.ids.gids.spamd;
|
||||
gid = config.ids.gids.rspamd;
|
||||
};
|
||||
|
||||
systemd.services.rspamd = {
|
||||
|
@ -72,7 +127,7 @@ in
|
|||
after = [ "network.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -f";
|
||||
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f";
|
||||
RuntimeDirectory = "/var/lib/rspamd";
|
||||
PermissionsStartOnly = true;
|
||||
Restart = "always";
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
{ config, pkgs, lib, mono, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.emby;
|
||||
emby = pkgs.emby;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.emby = {
|
||||
enable = mkEnableOption "Emby Media Server";
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "emby";
|
||||
description = "User account under which Emby runs.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "emby";
|
||||
description = "Group under which emby runs.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.emby = {
|
||||
description = "Emby Media Server";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
test -d /var/lib/emby/ProgramData-Server || {
|
||||
echo "Creating initial Emby data directory in /var/lib/emby/ProgramData-Server"
|
||||
mkdir -p /var/lib/emby/ProgramData-Server
|
||||
chown -R ${cfg.user}:${cfg.group} /var/lib/emby/ProgramData-Server
|
||||
}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
PermissionsStartOnly = "true";
|
||||
ExecStart = "${pkgs.mono}/bin/mono ${pkgs.emby}/bin/MediaBrowser.Server.Mono.exe";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers = mkIf (cfg.user == "emby") {
|
||||
emby = {
|
||||
group = cfg.group;
|
||||
uid = config.ids.uids.emby;
|
||||
};
|
||||
};
|
||||
|
||||
users.extraGroups = mkIf (cfg.group == "emby") {
|
||||
emby = {
|
||||
gid = config.ids.gids.emby;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -6,7 +6,7 @@ let
|
|||
|
||||
cfg = config.nix;
|
||||
|
||||
nix = cfg.package;
|
||||
nix = cfg.package.out;
|
||||
|
||||
makeNixBuildUser = nr:
|
||||
{ name = "nixbld${toString nr}";
|
||||
|
@ -24,8 +24,8 @@ let
|
|||
|
||||
nixConf =
|
||||
let
|
||||
# If we're using a chroot for builds, then provide /bin/sh in
|
||||
# the chroot as a bind-mount to bash. This means we also need to
|
||||
# If we're using sandbox for builds, then provide /bin/sh in
|
||||
# the sandbox as a bind-mount to bash. This means we also need to
|
||||
# include the entire closure of bash.
|
||||
sh = pkgs.stdenv.shell;
|
||||
binshDeps = pkgs.writeReferencesToFile sh;
|
||||
|
@ -39,8 +39,8 @@ let
|
|||
build-users-group = nixbld
|
||||
build-max-jobs = ${toString (cfg.maxJobs)}
|
||||
build-cores = ${toString (cfg.buildCores)}
|
||||
build-use-chroot = ${if (builtins.isBool cfg.useChroot) then (if cfg.useChroot then "true" else "false") else cfg.useChroot}
|
||||
build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
|
||||
build-use-sandbox = ${if (builtins.isBool cfg.useSandbox) then (if cfg.useSandbox then "true" else "false") else cfg.useSandbox}
|
||||
build-sandbox-paths = ${toString cfg.sandboxPaths} /bin/sh=${sh} $(echo $extraPaths)
|
||||
binary-caches = ${toString cfg.binaryCaches}
|
||||
trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
|
||||
binary-cache-public-keys = ${toString cfg.binaryCachePublicKeys}
|
||||
|
@ -98,25 +98,25 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
useChroot = mkOption {
|
||||
useSandbox = mkOption {
|
||||
type = types.either types.bool (types.enum ["relaxed"]);
|
||||
default = false;
|
||||
description = "
|
||||
If set, Nix will perform builds in a chroot-environment that it
|
||||
If set, Nix will perform builds in a sandboxed environment that it
|
||||
will set up automatically for each build. This prevents
|
||||
impurities in builds by disallowing access to dependencies
|
||||
outside of the Nix store.
|
||||
";
|
||||
};
|
||||
|
||||
chrootDirs = mkOption {
|
||||
sandboxPaths = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [ "/dev" "/proc" ];
|
||||
description =
|
||||
''
|
||||
Directories from the host filesystem to be included
|
||||
in the chroot.
|
||||
in the sandbox.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ in
|
|||
|
||||
systemd.services.nix-gc =
|
||||
{ description = "Nix Garbage Collector";
|
||||
script = "exec ${config.nix.package}/bin/nix-collect-garbage ${cfg.options}";
|
||||
script = "exec ${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options}";
|
||||
startAt = optionalString cfg.automatic cfg.dates;
|
||||
};
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ with lib;
|
|||
PermitTTY no
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
ForceCommand ${config.nix.package}/bin/nix-store --serve
|
||||
ForceCommand ${config.nix.package.out}/bin/nix-store --serve
|
||||
Match All
|
||||
'';
|
||||
|
||||
|
|
|
@ -449,7 +449,7 @@ in {
|
|||
};
|
||||
};
|
||||
})
|
||||
(mkIf needToCreateCA {
|
||||
(mkIf (cfg.enable && needToCreateCA) {
|
||||
systemd.services.taskserver-ca = {
|
||||
wantedBy = [ "taskserver.service" ];
|
||||
after = [ "taskserver-init.service" ];
|
||||
|
@ -533,7 +533,7 @@ in {
|
|||
'';
|
||||
};
|
||||
})
|
||||
(mkIf (cfg.listenHost != "localhost") {
|
||||
(mkIf (cfg.enable && cfg.listenHost != "localhost") {
|
||||
networking.firewall.allowedTCPPorts = [ cfg.listenPort ];
|
||||
})
|
||||
{ meta.doc = ./taskserver.xml; }
|
||||
|
|
|
@ -80,7 +80,7 @@ in
|
|||
preStart = ''
|
||||
mkdir -p -m 0755 /afs
|
||||
mkdir -m 0700 -p ${cfg.cacheDirectory}
|
||||
${pkgs.module_init_tools}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true
|
||||
${pkgs.kmod}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true
|
||||
${openafsPkgs}/sbin/afsd -confdir ${afsConfig} -cachedir ${cfg.cacheDirectory} ${if cfg.sparse then "-dynroot-sparse" else "-dynroot"} -fakestat -afsdb
|
||||
${openafsPkgs}/bin/fs setcrypt ${if cfg.crypt then "on" else "off"}
|
||||
'';
|
||||
|
@ -92,7 +92,7 @@ in
|
|||
preStop = ''
|
||||
${pkgs.utillinux}/bin/umount /afs
|
||||
${openafsPkgs}/sbin/afsd -shutdown
|
||||
${pkgs.module_init_tools}/sbin/rmmod libafs
|
||||
${pkgs.kmod}/sbin/rmmod libafs
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,54 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.copy-com;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
options = {
|
||||
|
||||
services.copy-com = {
|
||||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
description = "
|
||||
Enable the Copy.com client.
|
||||
NOTE: before enabling the client for the first time, it must be
|
||||
configured by first running CopyConsole (command line) or CopyAgent
|
||||
(graphical) as the appropriate user.
|
||||
";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
description = "The user for which the Copy.com client should be run.";
|
||||
};
|
||||
|
||||
debug = mkOption {
|
||||
default = false;
|
||||
description = "Output more (debugging) messages to the console.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.postfix ];
|
||||
|
||||
systemd.services."copy-com-${cfg.user}" = {
|
||||
description = "Copy.com client";
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" "local-fs.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.copy-com}/bin/CopyConsole ${if cfg.debug then "-consoleOutput -debugToConsole=dirwatch,path-watch,csm_path,csm -debug -console" else ""}";
|
||||
User = "${cfg.user}";
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.logmein-hamachi;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.logmein-hamachi.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description =
|
||||
''
|
||||
Whether to enable LogMeIn Hamachi, a proprietary
|
||||
(closed source) commercial VPN software.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
systemd.services.logmein-hamachi = {
|
||||
description = "LogMeIn Hamachi Daemon";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" "local-fs.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
ExecStart = "${pkgs.logmein-hamachi}/bin/hamachid";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.logmein-hamachi ];
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -10,6 +10,7 @@ let
|
|||
{ what = "${pkgs.mfi}/dl"; where = "${stateDir}/dl"; }
|
||||
{ what = "${pkgs.mfi}/lib"; where = "${stateDir}/lib"; }
|
||||
{ what = "${pkgs.mongodb248}/bin"; where = "${stateDir}/bin"; }
|
||||
{ what = "${cfg.dataDir}"; where = "${stateDir}/data"; }
|
||||
];
|
||||
systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints;
|
||||
ports = [ 6080 6880 6443 6843 ];
|
||||
|
@ -23,6 +24,15 @@ in
|
|||
default = true;
|
||||
description = "Whether to open TCP ports ${concatMapStrings (a: "${toString a} ") ports}for the services.";
|
||||
};
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "${stateDir}/data";
|
||||
description = ''
|
||||
Where to store the database and other data.
|
||||
|
||||
This directory will be bind-mounted to ${stateDir}/data as part of the service startup.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -50,7 +50,7 @@ in
|
|||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
path = [ config.nix.package pkgs.bzip2.bin ];
|
||||
path = [ config.nix.package.out pkgs.bzip2.bin ];
|
||||
environment.NIX_REMOTE = "daemon";
|
||||
environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile;
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
with lib;
|
||||
|
||||
let
|
||||
quassel = pkgs.quasselDaemon_qt5;
|
||||
quassel = pkgs.kde4.quasselDaemon;
|
||||
cfg = config.services.quassel;
|
||||
user = if cfg.user != null then cfg.user else "quassel";
|
||||
in
|
||||
|
|
|
@ -17,6 +17,10 @@ let
|
|||
what = "${pkgs.mongodb}/bin";
|
||||
where = "${stateDir}/bin";
|
||||
}
|
||||
{
|
||||
what = "${cfg.dataDir}";
|
||||
where = "${stateDir}/data";
|
||||
}
|
||||
];
|
||||
systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints;
|
||||
in
|
||||
|
@ -32,6 +36,16 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
services.unifi.dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "${stateDir}/data";
|
||||
description = ''
|
||||
Where to store the database and other data.
|
||||
|
||||
This directory will be bind-mounted to ${stateDir}/data as part of the service startup.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -62,7 +76,7 @@ in
|
|||
bindsTo = systemdMountPoints;
|
||||
unitConfig.RequiresMountsFor = stateDir;
|
||||
# This a HACK to fix missing dependencies of dynamic libs extracted from jars
|
||||
environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc}/lib";
|
||||
environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc.lib}/lib";
|
||||
|
||||
preStart = ''
|
||||
# Ensure privacy of state
|
||||
|
|
|
@ -0,0 +1,102 @@
|
|||
{ config, pkgs, lib, nodes, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.zerobin;
|
||||
|
||||
zerobin_config = pkgs.writeText "zerobin-config.py" ''
|
||||
PASTE_FILES_ROOT = "${cfg.dataDir}"
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.zerobin = {
|
||||
enable = mkEnableOption "0bin";
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/zerobin";
|
||||
description = ''
|
||||
Path to the 0bin data directory
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "zerobin";
|
||||
description = ''
|
||||
The user 0bin should run as
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "zerobin";
|
||||
description = ''
|
||||
The group 0bin should run as
|
||||
'';
|
||||
};
|
||||
|
||||
listenPort = mkOption {
|
||||
type = types.int;
|
||||
default = 8000;
|
||||
example = 1357;
|
||||
description = ''
|
||||
The port zerobin should listen on
|
||||
'';
|
||||
};
|
||||
|
||||
listenAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
example = "127.0.0.1";
|
||||
description = ''
|
||||
The address zerobin should listen to
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
example = ''
|
||||
MENU = (
|
||||
('Home', '/'),
|
||||
)
|
||||
COMPRESSED_STATIC_FILE = True
|
||||
'';
|
||||
description = ''
|
||||
Extra configuration to be appended to the 0bin config file
|
||||
(see https://0bin.readthedocs.org/en/latest/en/options.html)
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf (cfg.enable) {
|
||||
users.users."${cfg.user}" =
|
||||
if cfg.user == "zerobin" then {
|
||||
isSystemUser = true;
|
||||
group = cfg.group;
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
}
|
||||
else {};
|
||||
users.groups."${cfg.group}" = {};
|
||||
|
||||
systemd.services.zerobin = {
|
||||
enable = true;
|
||||
after = [ "network-interfaces.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.ExecStart = "${pkgs.pythonPackages.zerobin}/bin/zerobin ${cfg.listenAddress} ${toString cfg.listenPort} false ${cfg.user} ${cfg.group} ${zerobin_config}";
|
||||
serviceConfig.PrivateTmp="yes";
|
||||
serviceConfig.User = cfg.user;
|
||||
serviceConfig.Group = cfg.group;
|
||||
preStart = ''
|
||||
mkdir -p ${cfg.dataDir}
|
||||
chown ${cfg.user} ${cfg.dataDir}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -145,6 +145,7 @@ in {
|
|||
# Install plugins
|
||||
ln -sfT ${esPlugins}/plugins ${cfg.dataDir}/plugins
|
||||
ln -sfT ${cfg.package}/lib ${cfg.dataDir}/lib
|
||||
ln -sfT ${cfg.package}/modules ${cfg.dataDir}/modules
|
||||
if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi
|
||||
'';
|
||||
postStart = mkBefore ''
|
||||
|
|
|
@ -99,34 +99,32 @@ in
|
|||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
partOf = optional config.networking.firewall.enable "firewall.service";
|
||||
|
||||
restartTriggers = [ fail2banConf jailConf ];
|
||||
path = [ pkgs.fail2ban pkgs.iptables ];
|
||||
|
||||
preStart =
|
||||
''
|
||||
mkdir -p /run/fail2ban -m 0755
|
||||
mkdir -p /var/lib/fail2ban
|
||||
'';
|
||||
|
||||
unitConfig.Documentation = "man:fail2ban(1)";
|
||||
|
||||
serviceConfig =
|
||||
{ ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
|
||||
{ Type = "forking";
|
||||
ExecStart = "${pkgs.fail2ban}/bin/fail2ban-client -x start";
|
||||
ExecStop = "${pkgs.fail2ban}/bin/fail2ban-client stop";
|
||||
ExecReload = "${pkgs.fail2ban}/bin/fail2ban-client reload";
|
||||
PIDFile = "/run/fail2ban/fail2ban.pid";
|
||||
Restart = "always";
|
||||
|
||||
ReadOnlyDirectories = "/";
|
||||
ReadWriteDirectories = "/run /var/tmp /var/lib";
|
||||
ReadWriteDirectories = "/run/fail2ban /var/tmp /var/lib";
|
||||
PrivateTmp = "true";
|
||||
RuntimeDirectory = "fail2ban";
|
||||
CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW";
|
||||
};
|
||||
|
||||
postStart =
|
||||
''
|
||||
# Wait for the server to start listening.
|
||||
for ((n = 0; n < 20; n++)); do
|
||||
if fail2ban-client ping; then break; fi
|
||||
sleep 0.5
|
||||
done
|
||||
|
||||
# Reload its configuration.
|
||||
fail2ban-client reload
|
||||
'';
|
||||
};
|
||||
|
||||
# Add some reasonable default jails. The special "DEFAULT" jail
|
||||
|
|
|
@ -121,7 +121,7 @@ in
|
|||
|
||||
security.setuidOwners = singleton
|
||||
{ program = "dbus-daemon-launch-helper";
|
||||
source = "${pkgs.dbus_daemon.lib}/libexec/dbus-daemon-launch-helper";
|
||||
source = "${pkgs.dbus_daemon.out}/libexec/dbus-daemon-launch-helper";
|
||||
owner = "root";
|
||||
group = "messagebus";
|
||||
setuid = true;
|
||||
|
|
|
@ -4,7 +4,7 @@ let
|
|||
|
||||
inherit (lib) mkOption mkIf singleton;
|
||||
|
||||
inherit (pkgs) heimdal;
|
||||
inherit (pkgs) heimdalFull;
|
||||
|
||||
stateDir = "/var/heimdal";
|
||||
in
|
||||
|
@ -33,7 +33,7 @@ in
|
|||
|
||||
config = mkIf config.services.kerberos_server.enable {
|
||||
|
||||
environment.systemPackages = [ heimdal ];
|
||||
environment.systemPackages = [ heimdalFull ];
|
||||
|
||||
services.xinetd.enable = true;
|
||||
services.xinetd.services = lib.singleton
|
||||
|
@ -42,7 +42,7 @@ in
|
|||
protocol = "tcp";
|
||||
user = "root";
|
||||
server = "${pkgs.tcp_wrappers}/sbin/tcpd";
|
||||
serverArgs = "${pkgs.heimdal}/sbin/kadmind";
|
||||
serverArgs = "${pkgs.heimdalFull}/sbin/kadmind";
|
||||
};
|
||||
|
||||
systemd.services.kdc = {
|
||||
|
@ -51,13 +51,13 @@ in
|
|||
preStart = ''
|
||||
mkdir -m 0755 -p ${stateDir}
|
||||
'';
|
||||
script = "${heimdal}/sbin/kdc";
|
||||
script = "${heimdalFull}/sbin/kdc";
|
||||
};
|
||||
|
||||
systemd.services.kpasswdd = {
|
||||
description = "Kerberos Password Changing daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
script = "${heimdal}/sbin/kpasswdd";
|
||||
script = "${heimdalFull}/sbin/kpasswdd";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -124,7 +124,7 @@ in
|
|||
${pkgs.xz.out}/lib/liblzma*.so* mr,
|
||||
${pkgs.libgcrypt.out}/lib/libgcrypt*.so* mr,
|
||||
${pkgs.libgpgerror.out}/lib/libgpg-error*.so* mr,
|
||||
${pkgs.libnghttp2.out}/lib/libnghttp2*.so* mr,
|
||||
${pkgs.nghttp2.lib}/lib/libnghttp2*.so* mr,
|
||||
${pkgs.c-ares.out}/lib/libcares*.so* mr,
|
||||
${pkgs.libcap.out}/lib/libcap*.so* mr,
|
||||
${pkgs.attr.out}/lib/libattr*.so* mr,
|
||||
|
|
|
@ -165,6 +165,8 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
services.xserver.updateDbusEnvironment = true;
|
||||
|
||||
environment.variables.GIO_EXTRA_MODULES = [ "${gnome3.dconf}/lib/gio/modules"
|
||||
"${gnome3.glib_networking.out}/lib/gio/modules"
|
||||
"${gnome3.gvfs}/lib/gio/modules" ];
|
||||
|
|
|
@ -62,17 +62,25 @@ in
|
|||
${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1"
|
||||
''}
|
||||
|
||||
exec startkde
|
||||
exec "${kde5.startkde}"
|
||||
|
||||
'';
|
||||
};
|
||||
|
||||
security.setuidOwners = singleton {
|
||||
program = "kcheckpass";
|
||||
source = "${kde5.plasma-workspace.out}/lib/libexec/kcheckpass";
|
||||
owner = "root";
|
||||
group = "root";
|
||||
setuid = true;
|
||||
};
|
||||
security.setuidOwners = [
|
||||
{
|
||||
program = "kcheckpass";
|
||||
source = "${kde5.plasma-workspace}/lib/libexec/kcheckpass";
|
||||
owner = "root";
|
||||
setuid = true;
|
||||
}
|
||||
{
|
||||
program = "start_kdeinit_wrapper";
|
||||
source = "${kde5.plasma-workspace}/lib/libexec/kf5/start_kdeinit_wrapper";
|
||||
owner = "root";
|
||||
setuid = true;
|
||||
}
|
||||
];
|
||||
|
||||
environment.systemPackages =
|
||||
[
|
||||
|
|
|
@ -42,10 +42,13 @@ in
|
|||
# Set GTK_DATA_PREFIX so that GTK+ can find the Xfce themes.
|
||||
export GTK_DATA_PREFIX=${config.system.path}
|
||||
|
||||
exec ${pkgs.stdenv.shell} ${pkgs.xfce.xinitrc}
|
||||
${pkgs.stdenv.shell} ${pkgs.xfce.xinitrc} &
|
||||
waitPID=$!
|
||||
'';
|
||||
};
|
||||
|
||||
services.xserver.updateDbusEnvironment = true;
|
||||
|
||||
environment.systemPackages =
|
||||
[ pkgs.gtk # To get GTK+'s themes.
|
||||
pkgs.hicolor_icon_theme
|
||||
|
|
|
@ -126,6 +126,14 @@ let
|
|||
(*) echo "$0: Desktop manager '$desktopManager' not found.";;
|
||||
esac
|
||||
|
||||
${optionalString (cfg.startDbusSession && cfg.updateDbusEnvironment) ''
|
||||
${pkgs.glib}/bin/gdbus call --session \
|
||||
--dest org.freedesktop.DBus --object-path /org/freedesktop/DBus \
|
||||
--method org.freedesktop.DBus.UpdateActivationEnvironment \
|
||||
"{$(env | ${pkgs.gnused}/bin/sed "s/'/\\\\'/g; s/\([^=]*\)=\(.*\)/'\1':'\2'/" \
|
||||
| ${pkgs.coreutils}/bin/paste -sd,)}"
|
||||
''}
|
||||
|
||||
test -n "$waitPID" && wait "$waitPID"
|
||||
exit 0
|
||||
'';
|
||||
|
|
|
@ -94,11 +94,9 @@ in {
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.redshift = {
|
||||
systemd.user.services.redshift = {
|
||||
description = "Redshift colour temperature adjuster";
|
||||
requires = [ "display-manager.service" ];
|
||||
after = [ "display-manager.service" ];
|
||||
wantedBy = [ "graphical.target" ];
|
||||
wantedBy = [ "default.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/redshift \
|
||||
|
@ -107,10 +105,10 @@ in {
|
|||
-b ${toString cfg.brightness.day}:${toString cfg.brightness.night} \
|
||||
${lib.strings.concatStringsSep " " cfg.extraOptions}
|
||||
'';
|
||||
RestartSec = 3;
|
||||
RestartSec = 3;
|
||||
Restart = "always";
|
||||
};
|
||||
environment = { DISPLAY = ":0"; };
|
||||
serviceConfig.Restart = "always";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -233,6 +233,15 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
updateDbusEnvironment = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to update the DBus activation environment after launching the
|
||||
desktop manager.
|
||||
'';
|
||||
};
|
||||
|
||||
layout = mkOption {
|
||||
type = types.str;
|
||||
default = "us";
|
||||
|
|
|
@ -499,7 +499,7 @@ in
|
|||
}
|
||||
] ++ flip map args.devices (device: {
|
||||
assertion = device == "nodev" || hasPrefix "/" device;
|
||||
message = "GRUB devices must be absolute paths, not ${dev} in ${args.path}";
|
||||
message = "GRUB devices must be absolute paths, not ${device} in ${args.path}";
|
||||
}));
|
||||
})
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ let
|
|||
|
||||
inherit (pkgs) python gummiboot;
|
||||
|
||||
nix = config.nix.package;
|
||||
nix = config.nix.package.out;
|
||||
|
||||
timeout = if cfg.timeout != null then cfg.timeout else "";
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ in
|
|||
type = types.loaOf types.optionSet;
|
||||
default = {};
|
||||
example = literalExample ''
|
||||
{ hosts =
|
||||
{ example-configuration-file =
|
||||
{ source = "/nix/store/.../etc/dir/file.conf.example";
|
||||
mode = "0440";
|
||||
};
|
||||
|
|
|
@ -523,7 +523,7 @@ in
|
|||
|
||||
networking.bonds = mkOption {
|
||||
default = { };
|
||||
example = {
|
||||
example = literalExample {
|
||||
bond0 = {
|
||||
interfaces = [ "eth0" "wlan0" ];
|
||||
miimon = 100;
|
||||
|
@ -598,7 +598,7 @@ in
|
|||
networking.macvlans = mkOption {
|
||||
type = types.attrsOf types.optionSet;
|
||||
default = { };
|
||||
example = {
|
||||
example = literalExample {
|
||||
wan = {
|
||||
interface = "enp2s0";
|
||||
mode = "vepa";
|
||||
|
@ -629,7 +629,7 @@ in
|
|||
networking.sits = mkOption {
|
||||
type = types.attrsOf types.optionSet;
|
||||
default = { };
|
||||
example = {
|
||||
example = literalExample {
|
||||
hurricane = {
|
||||
remote = "10.0.0.1";
|
||||
local = "10.0.0.22";
|
||||
|
@ -688,7 +688,7 @@ in
|
|||
|
||||
networking.vlans = mkOption {
|
||||
default = { };
|
||||
example = {
|
||||
example = literalExample {
|
||||
vlan0 = {
|
||||
id = 3;
|
||||
interface = "enp3s0";
|
||||
|
@ -727,7 +727,7 @@ in
|
|||
|
||||
networking.wlanInterfaces = mkOption {
|
||||
default = { };
|
||||
example = {
|
||||
example = literalExample {
|
||||
"wlan-station0" = {
|
||||
device = "wlp6s0";
|
||||
};
|
||||
|
|
|
@ -8,7 +8,7 @@ let
|
|||
|
||||
echo "attempting to fetch configuration from EC2 user data..."
|
||||
|
||||
export PATH=${config.nix.package}/bin:${pkgs.systemd}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:${config.system.build.nixos-rebuild}/bin:$PATH
|
||||
export PATH=${pkgs.lib.makeBinPath [ config.nix.package pkgs.systemd pkgs.gnugrep pkgs.gnused config.system.build.nixos-rebuild]}:$PATH
|
||||
export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
|
||||
|
||||
userData=/etc/ec2-metadata/user-data
|
||||
|
|
|
@ -62,10 +62,10 @@ in
|
|||
|
||||
echo Register the paths in the Nix database.
|
||||
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
|
||||
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
|
||||
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
|
||||
|
||||
echo Create the system profile to allow nixos-rebuild to work.
|
||||
chroot /mnt ${config.nix.package}/bin/nix-env \
|
||||
chroot /mnt ${config.nix.package.out}/bin/nix-env \
|
||||
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} --option build-users-group ""
|
||||
|
||||
echo nixos-rebuild requires an /etc/NIXOS.
|
||||
|
|
|
@ -62,10 +62,10 @@ in
|
|||
|
||||
# Register the paths in the Nix database.
|
||||
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
|
||||
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
|
||||
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
|
||||
|
||||
# Create the system profile to allow nixos-rebuild to work.
|
||||
chroot /mnt ${config.nix.package}/bin/nix-env \
|
||||
chroot /mnt ${config.nix.package.out}/bin/nix-env \
|
||||
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \
|
||||
--option build-users-group ""
|
||||
|
||||
|
|
|
@ -28,14 +28,23 @@ let
|
|||
|
||||
# Initialise the container side of the veth pair.
|
||||
if [ "$PRIVATE_NETWORK" = 1 ]; then
|
||||
|
||||
ip link set host0 name eth0
|
||||
ip link set dev eth0 up
|
||||
|
||||
if [ -n "$LOCAL_ADDRESS" ]; then
|
||||
ip addr add $LOCAL_ADDRESS dev eth0
|
||||
fi
|
||||
if [ -n "$LOCAL_ADDRESS6" ]; then
|
||||
ip -6 addr add $LOCAL_ADDRESS6 dev eth0
|
||||
fi
|
||||
if [ -n "$HOST_ADDRESS" ]; then
|
||||
ip route add $HOST_ADDRESS dev eth0
|
||||
ip route add default via $HOST_ADDRESS
|
||||
fi
|
||||
if [ -n "$LOCAL_ADDRESS" ]; then
|
||||
ip addr add $LOCAL_ADDRESS dev eth0
|
||||
if [ -n "$HOST_ADDRESS6" ]; then
|
||||
ip -6 route add $HOST_ADDRESS6 dev eth0
|
||||
ip -6 route add default via $HOST_ADDRESS6
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -48,7 +57,7 @@ let
|
|||
system = config.nixpkgs.system;
|
||||
|
||||
bindMountOpts = { name, config, ... }: {
|
||||
|
||||
|
||||
options = {
|
||||
mountPoint = mkOption {
|
||||
example = "/mnt/usb";
|
||||
|
@ -68,13 +77,13 @@ let
|
|||
description = "Determine whether the mounted path will be accessed in read-only mode.";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
config = {
|
||||
mountPoint = mkDefault name;
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
|
||||
|
||||
mkBindFlag = d:
|
||||
let flagPrefix = if d.isReadOnly then " --bind-ro=" else " --bind=";
|
||||
mountstr = if d.hostPath != null then "${d.hostPath}:${d.mountPoint}" else "${d.mountPoint}";
|
||||
|
@ -142,12 +151,33 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
hostBridge = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
default = null;
|
||||
example = "br0";
|
||||
description = ''
|
||||
Put the host-side of the veth-pair into the named bridge.
|
||||
Only one of hostAddress* or hostBridge can be given.
|
||||
'';
|
||||
};
|
||||
|
||||
hostAddress = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "10.231.136.1";
|
||||
description = ''
|
||||
The IPv4 address assigned to the host interface.
|
||||
(Not used when hostBridge is set.)
|
||||
'';
|
||||
};
|
||||
|
||||
hostAddress6 = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
default = null;
|
||||
example = "fc00::1";
|
||||
description = ''
|
||||
The IPv6 address assigned to the host interface.
|
||||
(Not used when hostBridge is set.)
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -161,6 +191,16 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
localAddress6 = mkOption {
|
||||
type = types.nullOr types.string;
|
||||
default = null;
|
||||
example = "fc00::2";
|
||||
description = ''
|
||||
The IPv6 address assigned to <literal>eth0</literal>
|
||||
in the container.
|
||||
'';
|
||||
};
|
||||
|
||||
interfaces = mkOption {
|
||||
type = types.listOf types.string;
|
||||
default = [];
|
||||
|
@ -185,7 +225,7 @@ in
|
|||
example = { "/home" = { hostPath = "/home/alice";
|
||||
isReadOnly = false; };
|
||||
};
|
||||
|
||||
|
||||
description =
|
||||
''
|
||||
An extra list of directories that is bound to the container.
|
||||
|
@ -238,154 +278,180 @@ in
|
|||
};
|
||||
|
||||
|
||||
config = mkIf (config.boot.enableContainers) {
|
||||
config = mkIf (config.boot.enableContainers) (let
|
||||
|
||||
systemd.services."container@" =
|
||||
{ description = "Container '%i'";
|
||||
unit = {
|
||||
description = "Container '%i'";
|
||||
|
||||
unitConfig.RequiresMountsFor = [ "/var/lib/containers/%i" ];
|
||||
unitConfig.RequiresMountsFor = [ "/var/lib/containers/%i" ];
|
||||
|
||||
path = [ pkgs.iproute ];
|
||||
path = [ pkgs.iproute ];
|
||||
|
||||
environment.INSTANCE = "%i";
|
||||
environment.root = "/var/lib/containers/%i";
|
||||
environment.INSTANCE = "%i";
|
||||
environment.root = "/var/lib/containers/%i";
|
||||
|
||||
preStart =
|
||||
''
|
||||
# Clean up existing machined registration and interfaces.
|
||||
machinectl terminate "$INSTANCE" 2> /dev/null || true
|
||||
preStart =
|
||||
''
|
||||
# Clean up existing machined registration and interfaces.
|
||||
machinectl terminate "$INSTANCE" 2> /dev/null || true
|
||||
|
||||
if [ "$PRIVATE_NETWORK" = 1 ]; then
|
||||
ip link del dev "ve-$INSTANCE" 2> /dev/null || true
|
||||
if [ "$PRIVATE_NETWORK" = 1 ]; then
|
||||
ip link del dev "ve-$INSTANCE" 2> /dev/null || true
|
||||
ip link del dev "vb-$INSTANCE" 2> /dev/null || true
|
||||
fi
|
||||
'';
|
||||
|
||||
script =
|
||||
''
|
||||
mkdir -p -m 0755 "$root/etc" "$root/var/lib"
|
||||
mkdir -p -m 0700 "$root/var/lib/private" "$root/root" /run/containers
|
||||
if ! [ -e "$root/etc/os-release" ]; then
|
||||
touch "$root/etc/os-release"
|
||||
fi
|
||||
|
||||
mkdir -p -m 0755 \
|
||||
"/nix/var/nix/profiles/per-container/$INSTANCE" \
|
||||
"/nix/var/nix/gcroots/per-container/$INSTANCE"
|
||||
|
||||
cp --remove-destination /etc/resolv.conf "$root/etc/resolv.conf"
|
||||
|
||||
if [ "$PRIVATE_NETWORK" = 1 ]; then
|
||||
extraFlags+=" --network-veth"
|
||||
if [ -n "$HOST_BRIDGE" ]; then
|
||||
extraFlags+=" --network-bridge=$HOST_BRIDGE"
|
||||
fi
|
||||
fi
|
||||
|
||||
for iface in $INTERFACES; do
|
||||
extraFlags+=" --network-interface=$iface"
|
||||
done
|
||||
|
||||
if [ "$PRIVATE_NETWORK" = 1 ]; then
|
||||
ip link del dev "ve-$INSTANCE" 2> /dev/null || true
|
||||
for iface in $MACVLANS; do
|
||||
extraFlags+=" --network-macvlan=$iface"
|
||||
done
|
||||
|
||||
# If the host is 64-bit and the container is 32-bit, add a
|
||||
# --personality flag.
|
||||
${optionalString (config.nixpkgs.system == "x86_64-linux") ''
|
||||
if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
|
||||
extraFlags+=" --personality=x86"
|
||||
fi
|
||||
'';
|
||||
|
||||
script =
|
||||
''
|
||||
mkdir -p -m 0755 "$root/etc" "$root/var/lib"
|
||||
mkdir -p -m 0700 "$root/var/lib/private" "$root/root" /run/containers
|
||||
if ! [ -e "$root/etc/os-release" ]; then
|
||||
touch "$root/etc/os-release"
|
||||
fi
|
||||
|
||||
mkdir -p -m 0755 \
|
||||
"/nix/var/nix/profiles/per-container/$INSTANCE" \
|
||||
"/nix/var/nix/gcroots/per-container/$INSTANCE"
|
||||
|
||||
cp --remove-destination /etc/resolv.conf "$root/etc/resolv.conf"
|
||||
|
||||
if [ "$PRIVATE_NETWORK" = 1 ]; then
|
||||
extraFlags+=" --network-veth"
|
||||
fi
|
||||
|
||||
for iface in $INTERFACES; do
|
||||
extraFlags+=" --network-interface=$iface"
|
||||
done
|
||||
|
||||
for iface in $MACVLANS; do
|
||||
extraFlags+=" --network-macvlan=$iface"
|
||||
done
|
||||
|
||||
# If the host is 64-bit and the container is 32-bit, add a
|
||||
# --personality flag.
|
||||
${optionalString (config.nixpkgs.system == "x86_64-linux") ''
|
||||
if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
|
||||
extraFlags+=" --personality=x86"
|
||||
fi
|
||||
''}
|
||||
''}
|
||||
|
||||
|
||||
|
||||
# Run systemd-nspawn without startup notification (we'll
|
||||
# wait for the container systemd to signal readiness).
|
||||
EXIT_ON_REBOOT=1 NOTIFY_SOCKET= \
|
||||
exec ${config.systemd.package}/bin/systemd-nspawn \
|
||||
--keep-unit \
|
||||
-M "$INSTANCE" -D "$root" $extraFlags \
|
||||
$EXTRA_NSPAWN_FLAGS \
|
||||
--bind-ro=/nix/store \
|
||||
--bind-ro=/nix/var/nix/db \
|
||||
--bind-ro=/nix/var/nix/daemon-socket \
|
||||
--bind=/run/systemd/notify:/var/lib/private/host-notify \
|
||||
--bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
|
||||
--bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
|
||||
--setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \
|
||||
--setenv HOST_ADDRESS="$HOST_ADDRESS" \
|
||||
--setenv LOCAL_ADDRESS="$LOCAL_ADDRESS" \
|
||||
--setenv PATH="$PATH" \
|
||||
${containerInit} "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init"
|
||||
'';
|
||||
# Run systemd-nspawn without startup notification (we'll
|
||||
# wait for the container systemd to signal readiness).
|
||||
EXIT_ON_REBOOT=1 NOTIFY_SOCKET= \
|
||||
exec ${config.systemd.package}/bin/systemd-nspawn \
|
||||
--keep-unit \
|
||||
-M "$INSTANCE" -D "$root" $extraFlags \
|
||||
$EXTRA_NSPAWN_FLAGS \
|
||||
--bind-ro=/nix/store \
|
||||
--bind-ro=/nix/var/nix/db \
|
||||
--bind-ro=/nix/var/nix/daemon-socket \
|
||||
--bind=/run/systemd/notify:/var/lib/private/host-notify \
|
||||
--bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
|
||||
--bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
|
||||
--setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \
|
||||
--setenv HOST_BRIDGE="$HOST_BRIDGE" \
|
||||
--setenv HOST_ADDRESS="$HOST_ADDRESS" \
|
||||
--setenv LOCAL_ADDRESS="$LOCAL_ADDRESS" \
|
||||
--setenv HOST_ADDRESS6="$HOST_ADDRESS6" \
|
||||
--setenv LOCAL_ADDRESS6="$LOCAL_ADDRESS6" \
|
||||
--setenv PATH="$PATH" \
|
||||
${containerInit} "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init"
|
||||
'';
|
||||
|
||||
postStart =
|
||||
''
|
||||
if [ "$PRIVATE_NETWORK" = 1 ]; then
|
||||
postStart =
|
||||
''
|
||||
if [ "$PRIVATE_NETWORK" = 1 ]; then
|
||||
if [ -z "$HOST_BRIDGE" ]; then
|
||||
ifaceHost=ve-$INSTANCE
|
||||
ip link set dev $ifaceHost up
|
||||
if [ -n "$HOST_ADDRESS" ]; then
|
||||
ip addr add $HOST_ADDRESS dev $ifaceHost
|
||||
fi
|
||||
if [ -n "$HOST_ADDRESS6" ]; then
|
||||
ip -6 addr add $HOST_ADDRESS6 dev $ifaceHost
|
||||
fi
|
||||
if [ -n "$LOCAL_ADDRESS" ]; then
|
||||
ip route add $LOCAL_ADDRESS dev $ifaceHost
|
||||
fi
|
||||
if [ -n "$LOCAL_ADDRESS6" ]; then
|
||||
ip -6 route add $LOCAL_ADDRESS6 dev $ifaceHost
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# Get the leader PID so that we can signal it in
|
||||
# preStop. We can't use machinectl there because D-Bus
|
||||
# might be shutting down. FIXME: in systemd 219 we can
|
||||
# just signal systemd-nspawn to do a clean shutdown.
|
||||
machinectl show "$INSTANCE" | sed 's/Leader=\(.*\)/\1/;t;d' > "/run/containers/$INSTANCE.pid"
|
||||
'';
|
||||
# Get the leader PID so that we can signal it in
|
||||
# preStop. We can't use machinectl there because D-Bus
|
||||
# might be shutting down. FIXME: in systemd 219 we can
|
||||
# just signal systemd-nspawn to do a clean shutdown.
|
||||
machinectl show "$INSTANCE" | sed 's/Leader=\(.*\)/\1/;t;d' > "/run/containers/$INSTANCE.pid"
|
||||
'';
|
||||
|
||||
preStop =
|
||||
preStop =
|
||||
''
|
||||
pid="$(cat /run/containers/$INSTANCE.pid)"
|
||||
if [ -n "$pid" ]; then
|
||||
kill -RTMIN+4 "$pid"
|
||||
fi
|
||||
rm -f "/run/containers/$INSTANCE.pid"
|
||||
'';
|
||||
|
||||
restartIfChanged = false;
|
||||
|
||||
serviceConfig = {
|
||||
ExecReload = pkgs.writeScript "reload-container"
|
||||
''
|
||||
pid="$(cat /run/containers/$INSTANCE.pid)"
|
||||
if [ -n "$pid" ]; then
|
||||
kill -RTMIN+4 "$pid"
|
||||
fi
|
||||
rm -f "/run/containers/$INSTANCE.pid"
|
||||
#! ${pkgs.stdenv.shell} -e
|
||||
${nixos-container}/bin/nixos-container run "$INSTANCE" -- \
|
||||
bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test"
|
||||
'';
|
||||
|
||||
restartIfChanged = false;
|
||||
#reloadIfChanged = true; # FIXME
|
||||
SyslogIdentifier = "container %i";
|
||||
|
||||
serviceConfig = {
|
||||
ExecReload = pkgs.writeScript "reload-container"
|
||||
''
|
||||
#! ${pkgs.stdenv.shell} -e
|
||||
${nixos-container}/bin/nixos-container run "$INSTANCE" -- \
|
||||
bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test"
|
||||
'';
|
||||
EnvironmentFile = "-/etc/containers/%i.conf";
|
||||
|
||||
SyslogIdentifier = "container %i";
|
||||
Type = "notify";
|
||||
|
||||
EnvironmentFile = "-/etc/containers/%i.conf";
|
||||
NotifyAccess = "all";
|
||||
|
||||
Type = "notify";
|
||||
# Note that on reboot, systemd-nspawn returns 133, so this
|
||||
# unit will be restarted. On poweroff, it returns 0, so the
|
||||
# unit won't be restarted.
|
||||
RestartForceExitStatus = "133";
|
||||
SuccessExitStatus = "133";
|
||||
|
||||
NotifyAccess = "all";
|
||||
Restart = "on-failure";
|
||||
|
||||
# Note that on reboot, systemd-nspawn returns 133, so this
|
||||
# unit will be restarted. On poweroff, it returns 0, so the
|
||||
# unit won't be restarted.
|
||||
RestartForceExitStatus = "133";
|
||||
SuccessExitStatus = "133";
|
||||
|
||||
Restart = "on-failure";
|
||||
|
||||
# Hack: we don't want to kill systemd-nspawn, since we call
|
||||
# "machinectl poweroff" in preStop to shut down the
|
||||
# container cleanly. But systemd requires sending a signal
|
||||
# (at least if we want remaining processes to be killed
|
||||
# after the timeout). So send an ignored signal.
|
||||
KillMode = "mixed";
|
||||
KillSignal = "WINCH";
|
||||
};
|
||||
# Hack: we don't want to kill systemd-nspawn, since we call
|
||||
# "machinectl poweroff" in preStop to shut down the
|
||||
# container cleanly. But systemd requires sending a signal
|
||||
# (at least if we want remaining processes to be killed
|
||||
# after the timeout). So send an ignored signal.
|
||||
KillMode = "mixed";
|
||||
KillSignal = "WINCH";
|
||||
};
|
||||
};
|
||||
in {
|
||||
systemd.services = listToAttrs (filter (x: x.value != null) (
|
||||
# The generic container template used by imperative containers
|
||||
[{ name = "container@"; value = unit; }]
|
||||
# declarative containers
|
||||
++ (mapAttrsToList (name: cfg: nameValuePair "container@${name}" (
|
||||
if cfg.autoStart then
|
||||
unit // {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network.target" ];
|
||||
after = [ "network.target" ];
|
||||
restartTriggers = [ cfg.path ];
|
||||
reloadIfChanged = true;
|
||||
}
|
||||
else null
|
||||
)) config.containers)
|
||||
));
|
||||
|
||||
# Generate a configuration file in /etc/containers for each
|
||||
# container so that container@.target can get the container
|
||||
|
@ -396,12 +462,21 @@ in
|
|||
SYSTEM_PATH=${cfg.path}
|
||||
${optionalString cfg.privateNetwork ''
|
||||
PRIVATE_NETWORK=1
|
||||
${optionalString (cfg.hostBridge != null) ''
|
||||
HOST_BRIDGE=${cfg.hostBridge}
|
||||
''}
|
||||
${optionalString (cfg.hostAddress != null) ''
|
||||
HOST_ADDRESS=${cfg.hostAddress}
|
||||
''}
|
||||
${optionalString (cfg.hostAddress6 != null) ''
|
||||
HOST_ADDRESS6=${cfg.hostAddress6}
|
||||
''}
|
||||
${optionalString (cfg.localAddress != null) ''
|
||||
LOCAL_ADDRESS=${cfg.localAddress}
|
||||
''}
|
||||
${optionalString (cfg.localAddress6 != null) ''
|
||||
LOCAL_ADDRESS6=${cfg.localAddress6}
|
||||
''}
|
||||
''}
|
||||
INTERFACES="${toString cfg.interfaces}"
|
||||
${optionalString cfg.autoStart ''
|
||||
|
@ -420,31 +495,5 @@ in
|
|||
networking.dhcpcd.denyInterfaces = [ "ve-*" ];
|
||||
|
||||
environment.systemPackages = [ nixos-container ];
|
||||
|
||||
# Start containers at boot time.
|
||||
systemd.services.all-containers =
|
||||
{ description = "All Containers";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
unitConfig.ConditionDirectoryNotEmpty = "/etc/containers";
|
||||
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
||||
script =
|
||||
''
|
||||
res=0
|
||||
shopt -s nullglob
|
||||
for i in /etc/containers/*.conf; do
|
||||
AUTO_START=
|
||||
source "$i"
|
||||
if [ "$AUTO_START" = 1 ]; then
|
||||
systemctl start "container@$(basename "$i" .conf).service" || res=1
|
||||
fi
|
||||
done
|
||||
exit $res
|
||||
''; # */
|
||||
};
|
||||
|
||||
};
|
||||
});
|
||||
}
|
||||
|
|
|
@ -90,40 +90,40 @@
|
|||
"15.09".us-west-2.pv-ebs = "ami-005fb160";
|
||||
"15.09".us-west-2.pv-s3 = "ami-cd55bbad";
|
||||
|
||||
"16.03".ap-northeast-1.hvm-ebs = "ami-885040e6";
|
||||
"16.03".ap-northeast-1.hvm-s3 = "ami-d15a4abf";
|
||||
"16.03".ap-northeast-1.pv-ebs = "ami-7f455511";
|
||||
"16.03".ap-northeast-1.pv-s3 = "ami-6d7d6d03";
|
||||
"16.03".ap-southeast-1.hvm-ebs = "ami-478a5f24";
|
||||
"16.03".ap-southeast-1.hvm-s3 = "ami-b2885dd1";
|
||||
"16.03".ap-southeast-1.pv-ebs = "ami-55b46136";
|
||||
"16.03".ap-southeast-1.pv-s3 = "ami-92b762f1";
|
||||
"16.03".ap-southeast-2.hvm-ebs = "ami-26b09345";
|
||||
"16.03".ap-southeast-2.hvm-s3 = "ami-52ac8f31";
|
||||
"16.03".ap-southeast-2.pv-ebs = "ami-1fb3907c";
|
||||
"16.03".ap-southeast-2.pv-s3 = "ami-49b1922a";
|
||||
"16.03".eu-central-1.hvm-ebs = "ami-2bd63744";
|
||||
"16.03".eu-central-1.hvm-s3 = "ami-82d435ed";
|
||||
"16.03".eu-central-1.pv-ebs = "ami-b729c8d8";
|
||||
"16.03".eu-central-1.pv-s3 = "ami-a12dccce";
|
||||
"16.03".eu-west-1.hvm-ebs = "ami-87c242f4";
|
||||
"16.03".eu-west-1.hvm-s3 = "ami-b6c343c5";
|
||||
"16.03".eu-west-1.pv-ebs = "ami-6bc94918";
|
||||
"16.03".eu-west-1.pv-s3 = "ami-00cb4b73";
|
||||
"16.03".sa-east-1.hvm-ebs = "ami-845cd3e8";
|
||||
"16.03".sa-east-1.hvm-s3 = "ami-8142cded";
|
||||
"16.03".sa-east-1.pv-ebs = "ami-1643cc7a";
|
||||
"16.03".sa-east-1.pv-s3 = "ami-1646c97a";
|
||||
"16.03".us-east-1.hvm-ebs = "ami-2cc4d046";
|
||||
"16.03".us-east-1.hvm-s3 = "ami-9bc9ddf1";
|
||||
"16.03".us-east-1.pv-ebs = "ami-7df4e017";
|
||||
"16.03".us-east-1.pv-s3 = "ami-90f2e6fa";
|
||||
"16.03".us-west-1.hvm-ebs = "ami-d8116db8";
|
||||
"16.03".us-west-1.hvm-s3 = "ami-a7166ac7";
|
||||
"16.03".us-west-1.pv-ebs = "ami-e90c7089";
|
||||
"16.03".us-west-1.pv-s3 = "ami-5b0c703b";
|
||||
"16.03".us-west-2.hvm-ebs = "ami-b339ccd3";
|
||||
"16.03".us-west-2.hvm-s3 = "ami-2c3bce4c";
|
||||
"16.03".us-west-2.pv-ebs = "ami-0625d066";
|
||||
"16.03".us-west-2.pv-s3 = "ami-7414e114";
|
||||
"16.03".ap-northeast-1.hvm-ebs = "ami-b6edf5d8";
|
||||
"16.03".ap-northeast-1.hvm-s3 = "ami-b1e3fbdf";
|
||||
"16.03".ap-northeast-1.pv-ebs = "ami-6190880f";
|
||||
"16.03".ap-northeast-1.pv-s3 = "ami-908d95fe";
|
||||
"16.03".ap-southeast-1.hvm-ebs = "ami-35b16656";
|
||||
"16.03".ap-southeast-1.hvm-s3 = "ami-41be6922";
|
||||
"16.03".ap-southeast-1.pv-ebs = "ami-4cb96e2f";
|
||||
"16.03".ap-southeast-1.pv-s3 = "ami-3bb96e58";
|
||||
"16.03".ap-southeast-2.hvm-ebs = "ami-debc91bd";
|
||||
"16.03".ap-southeast-2.hvm-s3 = "ami-55bc9136";
|
||||
"16.03".ap-southeast-2.pv-ebs = "ami-b38ba6d0";
|
||||
"16.03".ap-southeast-2.pv-s3 = "ami-9e8ba6fd";
|
||||
"16.03".eu-central-1.hvm-ebs = "ami-7c967413";
|
||||
"16.03".eu-central-1.hvm-s3 = "ami-b29072dd";
|
||||
"16.03".eu-central-1.pv-ebs = "ami-7a947615";
|
||||
"16.03".eu-central-1.pv-s3 = "ami-729b791d";
|
||||
"16.03".eu-west-1.hvm-ebs = "ami-ff27a98c";
|
||||
"16.03".eu-west-1.hvm-s3 = "ami-6c21af1f";
|
||||
"16.03".eu-west-1.pv-ebs = "ami-a33cb2d0";
|
||||
"16.03".eu-west-1.pv-s3 = "ami-ec38b69f";
|
||||
"16.03".sa-east-1.hvm-ebs = "ami-5bef6637";
|
||||
"16.03".sa-east-1.hvm-s3 = "ami-55f87139";
|
||||
"16.03".sa-east-1.pv-ebs = "ami-76e56c1a";
|
||||
"16.03".sa-east-1.pv-s3 = "ami-e1f8718d";
|
||||
"16.03".us-east-1.hvm-ebs = "ami-4bfd1926";
|
||||
"16.03".us-east-1.hvm-s3 = "ami-60c5210d";
|
||||
"16.03".us-east-1.pv-ebs = "ami-c0c92dad";
|
||||
"16.03".us-east-1.pv-s3 = "ami-f9d63294";
|
||||
"16.03".us-west-1.hvm-ebs = "ami-13aad473";
|
||||
"16.03".us-west-1.hvm-s3 = "ami-e1a8d681";
|
||||
"16.03".us-west-1.pv-ebs = "ami-c0a6d8a0";
|
||||
"16.03".us-west-1.pv-s3 = "ami-6aa9d70a";
|
||||
"16.03".us-west-2.hvm-ebs = "ami-265dad46";
|
||||
"16.03".us-west-2.hvm-s3 = "ami-cd40b0ad";
|
||||
"16.03".us-west-2.pv-ebs = "ami-7b4aba1b";
|
||||
"16.03".us-west-2.pv-s3 = "ami-0849b968";
|
||||
}
|
||||
|
|
|
@ -66,10 +66,10 @@ in
|
|||
|
||||
# Register the paths in the Nix database.
|
||||
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
|
||||
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
|
||||
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
|
||||
|
||||
# Create the system profile to allow nixos-rebuild to work.
|
||||
chroot /mnt ${config.nix.package}/bin/nix-env \
|
||||
chroot /mnt ${config.nix.package.out}/bin/nix-env \
|
||||
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \
|
||||
--option build-users-group ""
|
||||
|
||||
|
|
|
@ -149,11 +149,11 @@ let
|
|||
${pkgs.mtools}/bin/mlabel -i /dev/vda2 ::boot
|
||||
|
||||
# Mount /boot; load necessary modules first.
|
||||
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko || true
|
||||
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko || true
|
||||
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko || true
|
||||
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko || true
|
||||
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko || true
|
||||
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko.xz || true
|
||||
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko.xz || true
|
||||
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko.xz || true
|
||||
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko.xz || true
|
||||
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko.xz || true
|
||||
mkdir /boot
|
||||
mount /dev/vda2 /boot
|
||||
|
||||
|
@ -403,7 +403,7 @@ in
|
|||
boot.postBootCommands =
|
||||
''
|
||||
if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then
|
||||
${config.nix.package}/bin/nix-store --load-db < ''${BASH_REMATCH[1]}
|
||||
${config.nix.package.out}/bin/nix-store --load-db < ''${BASH_REMATCH[1]}
|
||||
fi
|
||||
'';
|
||||
|
||||
|
|
|
@ -48,7 +48,7 @@ in rec {
|
|||
nixos.ova.x86_64-linux
|
||||
|
||||
#(all nixos.tests.containers)
|
||||
#(all nixos.tests.chromium.stable)
|
||||
(all nixos.tests.chromium.stable)
|
||||
(all nixos.tests.firefox)
|
||||
(all nixos.tests.firewall)
|
||||
nixos.tests.gnome3.x86_64-linux # FIXME: i686-linux
|
||||
|
@ -64,6 +64,9 @@ in rec {
|
|||
(all nixos.tests.installer.btrfsSubvols)
|
||||
(all nixos.tests.installer.btrfsSubvolDefault)
|
||||
(all nixos.tests.boot.biosCdrom)
|
||||
(all nixos.tests.boot.biosUsb)
|
||||
(all nixos.tests.boot.uefiCdrom)
|
||||
(all nixos.tests.boot.uefiUsb)
|
||||
(all nixos.tests.ipv6)
|
||||
(all nixos.tests.kde4)
|
||||
#(all nixos.tests.lightdm)
|
||||
|
|
|
@ -31,7 +31,8 @@ in rec {
|
|||
inherit (nixos') channel manual iso_minimal dummy;
|
||||
tests = {
|
||||
inherit (nixos'.tests)
|
||||
containers
|
||||
containers-imperative
|
||||
containers-ipv4
|
||||
firewall
|
||||
ipv6
|
||||
login
|
||||
|
|
|
@ -103,6 +103,19 @@ in rec {
|
|||
# Build the initial ramdisk so Hydra can keep track of its size over time.
|
||||
initialRamdisk = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.initialRamdisk);
|
||||
|
||||
netboot.x86_64-linux = let build = (import lib/eval-config.nix {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
./modules/installer/netboot/netboot-minimal.nix
|
||||
versionModule
|
||||
];
|
||||
}).config.system.build;
|
||||
in
|
||||
pkgs.symlinkJoin {name="netboot"; paths=[
|
||||
build.netbootRamdisk
|
||||
build.kernel
|
||||
build.netbootIpxeScript
|
||||
];};
|
||||
|
||||
iso_minimal = forAllSystems (system: makeIso {
|
||||
module = ./modules/installer/cd-dvd/installation-cd-minimal.nix;
|
||||
|
@ -199,7 +212,10 @@ in rec {
|
|||
tests.cadvisor = hydraJob (import tests/cadvisor.nix { system = "x86_64-linux"; });
|
||||
tests.chromium = callSubTests tests/chromium.nix {};
|
||||
tests.cjdns = callTest tests/cjdns.nix {};
|
||||
tests.containers = callTest tests/containers.nix {};
|
||||
tests.containers-ipv4 = callTest tests/containers-ipv4.nix {};
|
||||
tests.containers-ipv6 = callTest tests/containers-ipv6.nix {};
|
||||
tests.containers-bridge = callTest tests/containers-bridge.nix {};
|
||||
tests.containers-imperative = callTest tests/containers-imperative.nix {};
|
||||
tests.docker = hydraJob (import tests/docker.nix { system = "x86_64-linux"; });
|
||||
tests.dockerRegistry = hydraJob (import tests/docker-registry.nix { system = "x86_64-linux"; });
|
||||
tests.dnscrypt-proxy = callTest tests/dnscrypt-proxy.nix { system = "x86_64-linux"; };
|
||||
|
|
|
@ -44,5 +44,41 @@ in {
|
|||
usb => glob("${iso}/iso/*.iso"),
|
||||
bios => '${pkgs.OVMF}/FV/OVMF.fd'
|
||||
'';
|
||||
}
|
||||
|
||||
netboot = let
|
||||
config = (import ../lib/eval-config.nix {
|
||||
inherit system;
|
||||
modules =
|
||||
[ ../modules/installer/netboot/netboot.nix
|
||||
../modules/testing/test-instrumentation.nix
|
||||
{ key = "serial"; }
|
||||
];
|
||||
}).config;
|
||||
ipxeScriptDir = pkgs.writeTextFile {
|
||||
name = "ipxeScriptDir";
|
||||
text = ''
|
||||
#!ipxe
|
||||
dhcp
|
||||
kernel bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} console=ttyS0
|
||||
initrd initrd
|
||||
boot
|
||||
'';
|
||||
destination = "/boot.ipxe";
|
||||
};
|
||||
ipxeBootDir = pkgs.symlinkJoin "ipxeBootDir" [
|
||||
config.system.build.netbootRamdisk
|
||||
config.system.build.kernel
|
||||
ipxeScriptDir
|
||||
];
|
||||
in
|
||||
makeTest {
|
||||
name = "boot-netboot";
|
||||
nodes = { };
|
||||
testScript =
|
||||
''
|
||||
my $machine = createMachine({ qemuFlags => '-boot order=n -net nic,model=e1000 -net user,tftp=${ipxeBootDir}/,bootfile=boot.ipxe -m 2000M' });
|
||||
$machine->start;
|
||||
$machine->waitForUnit("multi-user.target");
|
||||
$machine->shutdown;
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -0,0 +1,81 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
let
|
||||
hostIp = "192.168.0.1";
|
||||
containerIp = "192.168.0.100/24";
|
||||
hostIp6 = "fc00::1";
|
||||
containerIp6 = "fc00::2/7";
|
||||
in
|
||||
|
||||
import ./make-test.nix ({ pkgs, ...} : {
|
||||
name = "containers-bridge";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ aristid aszlig eelco chaoflow ];
|
||||
};
|
||||
|
||||
machine =
|
||||
{ config, pkgs, ... }:
|
||||
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
|
||||
virtualisation.writableStore = true;
|
||||
virtualisation.memorySize = 768;
|
||||
|
||||
networking.bridges = {
|
||||
br0 = {
|
||||
interfaces = [];
|
||||
};
|
||||
};
|
||||
networking.interfaces = {
|
||||
br0 = {
|
||||
ip4 = [{ address = hostIp; prefixLength = 24; }];
|
||||
ip6 = [{ address = hostIp6; prefixLength = 7; }];
|
||||
};
|
||||
};
|
||||
|
||||
containers.webserver =
|
||||
{
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostBridge = "br0";
|
||||
localAddress = containerIp;
|
||||
localAddress6 = containerIp6;
|
||||
config =
|
||||
{ services.httpd.enable = true;
|
||||
services.httpd.adminAddr = "foo@example.org";
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
networking.firewall.allowPing = true;
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
$machine->waitForUnit("default.target");
|
||||
$machine->succeed("nixos-container list") =~ /webserver/ or die;
|
||||
|
||||
# Start the webserver container.
|
||||
$machine->succeed("nixos-container status webserver") =~ /up/ or die;
|
||||
|
||||
"${containerIp}" =~ /([^\/]+)\/([0-9+])/;
|
||||
my $ip = $1;
|
||||
chomp $ip;
|
||||
$machine->succeed("ping -n -c 1 $ip");
|
||||
$machine->succeed("curl --fail http://$ip/ > /dev/null");
|
||||
|
||||
"${containerIp6}" =~ /([^\/]+)\/([0-9+])/;
|
||||
my $ip6 = $1;
|
||||
chomp $ip6;
|
||||
$machine->succeed("ping6 -n -c 1 $ip6");
|
||||
$machine->succeed("curl --fail http://[$ip6]/ > /dev/null");
|
||||
|
||||
# Stop the container.
|
||||
$machine->succeed("nixos-container stop webserver");
|
||||
$machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
|
||||
$machine->fail("curl --fail --connect-timeout 2 http://[$ip6]/ > /dev/null");
|
||||
|
||||
# Destroying a declarative container should fail.
|
||||
$machine->fail("nixos-container destroy webserver");
|
||||
'';
|
||||
|
||||
})
|
|
@ -1,7 +1,7 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
import ./make-test.nix ({ pkgs, ...} : {
|
||||
name = "containers";
|
||||
name = "containers-imperative";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ aristid aszlig eelco chaoflow ];
|
||||
};
|
||||
|
@ -11,40 +11,11 @@ import ./make-test.nix ({ pkgs, ...} : {
|
|||
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
|
||||
virtualisation.writableStore = true;
|
||||
virtualisation.memorySize = 768;
|
||||
|
||||
containers.webserver =
|
||||
{ privateNetwork = true;
|
||||
hostAddress = "10.231.136.1";
|
||||
localAddress = "10.231.136.2";
|
||||
config =
|
||||
{ services.httpd.enable = true;
|
||||
services.httpd.adminAddr = "foo@example.org";
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
networking.firewall.allowPing = true;
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
$machine->succeed("nixos-container list") =~ /webserver/ or die;
|
||||
|
||||
# Start the webserver container.
|
||||
$machine->succeed("nixos-container start webserver");
|
||||
|
||||
# Since "start" returns after the container has reached
|
||||
# multi-user.target, we should now be able to access it.
|
||||
my $ip = $machine->succeed("nixos-container show-ip webserver");
|
||||
chomp $ip;
|
||||
#$machine->succeed("ping -c1 $ip"); # FIXME
|
||||
$machine->succeed("curl --fail http://$ip/ > /dev/null");
|
||||
|
||||
# Stop the container.
|
||||
$machine->succeed("nixos-container stop webserver");
|
||||
$machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
|
||||
|
||||
# Make sure we have a NixOS tree (required by ‘nixos-container create’).
|
||||
$machine->succeed("PAGER=cat nix-env -qa -A nixos.hello >&2");
|
||||
|
||||
|
@ -111,9 +82,6 @@ import ./make-test.nix ({ pkgs, ...} : {
|
|||
# Ensure that the container path is gone
|
||||
"test ! -e /var/lib/containers/$id1"
|
||||
);
|
||||
|
||||
# Destroying a declarative container should fail.
|
||||
$machine->fail("nixos-container destroy webserver");
|
||||
'';
|
||||
|
||||
})
|
|
@ -0,0 +1,55 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
import ./make-test.nix ({ pkgs, ...} : {
|
||||
name = "containers-ipv4";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ aristid aszlig eelco chaoflow ];
|
||||
};
|
||||
|
||||
machine =
|
||||
{ config, pkgs, ... }:
|
||||
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
|
||||
virtualisation.writableStore = true;
|
||||
virtualisation.memorySize = 768;
|
||||
|
||||
containers.webserver =
|
||||
{ privateNetwork = true;
|
||||
hostAddress = "10.231.136.1";
|
||||
localAddress = "10.231.136.2";
|
||||
config =
|
||||
{ services.httpd.enable = true;
|
||||
services.httpd.adminAddr = "foo@example.org";
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
networking.firewall.allowPing = true;
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
$machine->succeed("nixos-container list") =~ /webserver/ or die;
|
||||
|
||||
# Start the webserver container.
|
||||
$machine->succeed("nixos-container start webserver");
|
||||
|
||||
# wait two seconds for the container to start and the network to be up
|
||||
sleep 2;
|
||||
|
||||
# Since "start" returns after the container has reached
|
||||
# multi-user.target, we should now be able to access it.
|
||||
my $ip = $machine->succeed("nixos-container show-ip webserver");
|
||||
chomp $ip;
|
||||
$machine->succeed("ping -n -c1 $ip");
|
||||
$machine->succeed("curl --fail http://$ip/ > /dev/null");
|
||||
|
||||
# Stop the container.
|
||||
$machine->succeed("nixos-container stop webserver");
|
||||
$machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
|
||||
|
||||
# Destroying a declarative container should fail.
|
||||
$machine->fail("nixos-container destroy webserver");
|
||||
'';
|
||||
|
||||
})
|
|
@ -0,0 +1,61 @@
|
|||
# Test for NixOS' container support.
|
||||
|
||||
let
|
||||
hostIp = "fc00::2";
|
||||
localIp = "fc00::1";
|
||||
in
|
||||
|
||||
import ./make-test.nix ({ pkgs, ...} : {
|
||||
name = "containers-ipv6";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ aristid aszlig eelco chaoflow ];
|
||||
};
|
||||
|
||||
machine =
|
||||
{ config, pkgs, ... }:
|
||||
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
|
||||
virtualisation.writableStore = true;
|
||||
virtualisation.memorySize = 768;
|
||||
|
||||
containers.webserver =
|
||||
{ privateNetwork = true;
|
||||
hostAddress6 = hostIp;
|
||||
localAddress6 = localIp;
|
||||
config =
|
||||
{ services.httpd.enable = true;
|
||||
services.httpd.adminAddr = "foo@example.org";
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
networking.firewall.allowPing = true;
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
$machine->waitForUnit("default.target");
|
||||
$machine->succeed("nixos-container list") =~ /webserver/ or die;
|
||||
|
||||
# Start the webserver container.
|
||||
$machine->succeed("nixos-container start webserver");
|
||||
|
||||
# wait two seconds for the container to start and the network to be up
|
||||
sleep 2;
|
||||
|
||||
# Since "start" returns after the container has reached
|
||||
# multi-user.target, we should now be able to access it.
|
||||
my $ip = "${localIp}";
|
||||
chomp $ip;
|
||||
$machine->succeed("ping6 -n -c 1 $ip");
|
||||
$machine->succeed("curl --fail http://[$ip]/ > /dev/null");
|
||||
|
||||
# Stop the container.
|
||||
$machine->succeed("nixos-container stop webserver");
|
||||
$machine->fail("curl --fail --connect-timeout 2 http://[$ip]/ > /dev/null");
|
||||
|
||||
# Destroying a declarative container should fail.
|
||||
$machine->fail("nixos-container destroy webserver");
|
||||
'';
|
||||
|
||||
})
|
|
@ -62,7 +62,7 @@ import ./make-test.nix ({pkgs, ... }: {
|
|||
# Test printing various file types.
|
||||
foreach my $file ("${pkgs.groff.doc}/share/doc/*/examples/mom/penguin.pdf",
|
||||
"${pkgs.groff.doc}/share/doc/*/meref.ps",
|
||||
"${pkgs.cups}/share/doc/cups/images/cups.png",
|
||||
"${pkgs.cups.out}/share/doc/cups/images/cups.png",
|
||||
"${pkgs.pcre.doc}/share/doc/pcre/pcre.txt")
|
||||
{
|
||||
$file =~ /([^\/]*)$/; my $fn = $1;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ stdenv, fetchurl, pkgconfig, openssl, db48, boost
|
||||
, zlib, miniupnpc, qt4, utillinux, protobuf, qrencode
|
||||
, zlib, miniupnpc, qt4, qmake4Hook, utillinux, protobuf, qrencode
|
||||
, withGui }:
|
||||
|
||||
with stdenv.lib;
|
||||
|
@ -15,13 +15,11 @@ stdenv.mkDerivation rec{
|
|||
|
||||
buildInputs = [ pkgconfig openssl db48 boost zlib
|
||||
miniupnpc utillinux protobuf ]
|
||||
++ optionals withGui [ qt4 qrencode ];
|
||||
++ optionals withGui [ qt4 qmake4Hook qrencode ];
|
||||
|
||||
configureFlags = [ "--with-boost-libdir=${boost.lib}/lib" ]
|
||||
++ optionals withGui [ "--with-gui=qt4" ];
|
||||
|
||||
configurePhase = optional withGui "qmake";
|
||||
|
||||
preBuild = optional (!withGui) "cd src; cp makefile.unix Makefile";
|
||||
|
||||
installPhase =
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, db4, boost, openssl, qt4, miniupnpc, unzip, namecoind }:
|
||||
{ stdenv, db4, boost, openssl, qt4, qmake4Hook, miniupnpc, unzip, namecoind }:
|
||||
|
||||
with stdenv.lib;
|
||||
stdenv.mkDerivation rec {
|
||||
|
@ -7,15 +7,9 @@ stdenv.mkDerivation rec {
|
|||
version = namecoind.version;
|
||||
src = namecoind.src;
|
||||
|
||||
buildInputs = [ db4 boost openssl unzip qt4 miniupnpc ];
|
||||
buildInputs = [ db4 boost openssl unzip qt4 qmake4Hook miniupnpc ];
|
||||
|
||||
configurePhase = ''
|
||||
qmake USE_UPNP=-
|
||||
'';
|
||||
|
||||
buildPhase = ''
|
||||
make
|
||||
'';
|
||||
qmakeFlags = [ "USE_UPNP=-" ];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ stdenv, fetchurl, pkgconfig, openssl, db48, boost
|
||||
, zlib, miniupnpc, qt4, utillinux, protobuf, qrencode
|
||||
, zlib, miniupnpc, qt4, qmake4Hook, utillinux, protobuf, qrencode
|
||||
, withGui }:
|
||||
|
||||
with stdenv.lib;
|
||||
|
@ -15,13 +15,11 @@ stdenv.mkDerivation rec{
|
|||
|
||||
buildInputs = [ pkgconfig openssl db48 boost zlib
|
||||
miniupnpc utillinux protobuf ]
|
||||
++ optionals withGui [ qt4 qrencode ];
|
||||
++ optionals withGui [ qt4 qmake4Hook qrencode ];
|
||||
|
||||
configureFlags = [ "--with-boost-libdir=${boost.lib}/lib" ]
|
||||
++ optionals withGui [ "--with-gui=qt4" ];
|
||||
|
||||
configurePhase = optional withGui "qmake";
|
||||
|
||||
preBuild = optional (!withGui) "cd src; cp makefile.unix Makefile";
|
||||
|
||||
installPhase =
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
{ stdenv, fetchurl, makeWrapper, python, alsaUtils, timidity }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "15.12";
|
||||
name = "mma-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://www.mellowood.ca/mma/mma-bin-${version}.tar.gz";
|
||||
sha256 = "0k37kcrfaxmwjb8xb1cbqinrkx3g50dbvwqbvwl3l762j4vr8jgx";
|
||||
};
|
||||
|
||||
buildInputs = [ makeWrapper python alsaUtils timidity ];
|
||||
|
||||
patchPhase = ''
|
||||
sed -i 's@/usr/bin/aplaymidi@/${alsaUtils}/bin/aplaymidi@g' mma-splitrec
|
||||
sed -i 's@/usr/bin/aplaymidi@/${alsaUtils}/bin/aplaymidi@g' util/mma-splitrec.py
|
||||
sed -i 's@/usr/bin/arecord@/${alsaUtils}/bin/arecord@g' mma-splitrec
|
||||
sed -i 's@/usr/bin/arecord@/${alsaUtils}/bin/arecord@g' util/mma-splitrec.py
|
||||
sed -i 's@/usr/bin/timidity@/${timidity}/bin/timidity@g' mma-splitrec
|
||||
sed -i 's@/usr/bin/timidity@/${timidity}/bin/timidity@g' util/mma-splitrec.py
|
||||
find . -type f | xargs sed -i 's@/usr/bin/env python@${python}/bin/python@g'
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/{bin,share/mma,share/man/man1,share/man/man8}
|
||||
mkdir -p $out/etc
|
||||
|
||||
cp mma.py $out/bin/mma
|
||||
cp mma-gb $out/bin/mma-gb
|
||||
cp mma-libdoc $out/bin/mma-libdoc
|
||||
cp mma-renum $out/bin/mma-renum
|
||||
cp mma-splitrec $out/bin/mma-splitrec
|
||||
cp util/mma-mnx.py $out/bin/mma-mnx
|
||||
cp util/mma-rm2std.py $out/bin/mma-rm2std
|
||||
cp util/mmatabs.py $out/bin/mmatabs
|
||||
cp util/mup2mma.py $out/bin/mup2mma
|
||||
cp util/pg2mma.py $out/bin/pg2mma
|
||||
cp util/synthsplit.py $out/bin/mma-synthsplit
|
||||
cp -r {docs,egs,includes,lib,MMA,text} $out/share/mma
|
||||
rmdir $out/share/mma/includes/aria
|
||||
|
||||
cp util/README.* $out/share/mma/docs
|
||||
mv $out/share/mma/docs/man/mma-libdoc.8 $out/share/man/man8
|
||||
mv $out/share/mma/docs/man/mma-renum.1 $out/share/man/man1
|
||||
mv $out/share/mma/docs/man/mma.1 $out/share/man/man1
|
||||
mv $out/share/mma/docs/man/mma-gb.1 $out/share/man/man1
|
||||
rm -rf $out/share/mma/docs/man
|
||||
find $out -type f | xargs sed -i "s@/usr/share/mma@$out/share/mma@g"
|
||||
'';
|
||||
|
||||
preFixup = ''
|
||||
PYTHONPATH=$out/share/mma/:$PYTHONPATH
|
||||
for f in $out/bin/*; do
|
||||
wrapProgram $f \
|
||||
--prefix PYTHONPATH : $PYTHONPATH
|
||||
done
|
||||
cd $out/share/mma/
|
||||
$out/bin/mma -G
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "Creates MIDI tracks for a soloist to perform over from a user supplied file containing chords";
|
||||
homepage = http://www.mellowood.ca/mma/index.html;
|
||||
license = stdenv.lib.licenses.gpl2;
|
||||
maintainers = [ stdenv.lib.maintainers.magnetophon ];
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
};
|
||||
}
|
|
@ -3,13 +3,13 @@
|
|||
, perl, DigestSHA, MusicBrainz, MusicBrainzDiscID
|
||||
, makeWrapper }:
|
||||
|
||||
let version = "2.7";
|
||||
let version = "2.7.2";
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
name = "abcde-${version}";
|
||||
src = fetchurl {
|
||||
url = "http://abcde.einval.com/download/abcde-${version}.tar.gz";
|
||||
sha256 = "0ikpffzvacadh6vj9qlary8126j1zrd2knp9gvivmp7y1656jj01";
|
||||
sha256 = "1pakpi41k8yd780mfp0snhia6mmwjwxk9lcrq6gynimch8b8hfda";
|
||||
};
|
||||
|
||||
# FIXME: This package does not support `distmp3', `eject', etc.
|
||||
|
@ -39,6 +39,8 @@ in
|
|||
|
||||
buildInputs = [ makeWrapper ];
|
||||
|
||||
installFlags = [ "sysconfdir=$(out)/etc" ];
|
||||
|
||||
postInstall = ''
|
||||
# substituteInPlace "$out/bin/cddb-tool" \
|
||||
# --replace '#!/bin/sh' '#!${bash}/bin/sh'
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue