public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into staging

This commit is contained in:
Jan Tojnar 2019-04-05 11:37:15 +02:00
parent 79b3d1b33d 9fa17c5957
commit cb1a20499a
No known key found for this signature in database
GPG Key ID: 7FAB2A15F7A607A4
513 changed files with 10098 additions and 5499 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/CODEOWNERS vendored
View File

@ -58,11 +58,11 @@
/doc/languages-frameworks/python.section.md @FRidh
# Haskell
/pkgs/development/compilers/ghc @peti @basvandijk
/pkgs/development/haskell-modules @peti @basvandijk
/pkgs/development/haskell-modules/default.nix @peti @basvandijk
/pkgs/development/haskell-modules/generic-builder.nix @peti @basvandijk
/pkgs/development/haskell-modules/hoogle.nix @peti @basvandijk
/pkgs/development/compilers/ghc @basvandijk
/pkgs/development/haskell-modules @basvandijk
/pkgs/development/haskell-modules/default.nix @basvandijk
/pkgs/development/haskell-modules/generic-builder.nix @basvandijk
/pkgs/development/haskell-modules/hoogle.nix @basvandijk
# Perl
/pkgs/development/interpreters/perl @volth

1
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -1,3 +1,4 @@
<!-- Nixpkgs has a lot of new incoming Pull Requests, but not enough people to review this constant stream. Even if you aren't a committer, we would appreciate reviews of other PRs, especially simple ones like package updates. Just testing the relevant package/service and leaving a comment saying what you tested, how you tested it and whether it worked would be great. List of open PRs: <https://github.com/NixOS/nixpkgs/pulls>, for more about reviewing contributions: <https://hydra.nixos.org/job/nixpkgs/trunk/manual/latest/download/1/nixpkgs/manual.html#sec-reviewing-contributions>. Reviewing isn't mandatory, but it would help out a lot and reduce the average time-to-merge for all of us. Thanks a lot if you do! -->
###### Motivation for this change

23
doc/functions/dockertools.xml
View File

@ -417,10 +417,11 @@ pkgs.dockerTools.buildLayeredImage {
pullImage {
imageName = "nixos/nix"; <co xml:id='ex-dockerTools-pullImage-1' />
imageDigest = "sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b"; <co xml:id='ex-dockerTools-pullImage-2' />
finalImageTag = "1.11"; <co xml:id='ex-dockerTools-pullImage-3' />
sha256 = "0mqjy3zq2v6rrhizgb9nvhczl87lcfphq9601wcprdika2jz7qh8"; <co xml:id='ex-dockerTools-pullImage-4' />
os = "linux"; <co xml:id='ex-dockerTools-pullImage-5' />
arch = "x86_64"; <co xml:id='ex-dockerTools-pullImage-6' />
finalImageName = "nix"; <co xml:id='ex-dockerTools-pullImage-3' />
finalImageTag = "1.11"; <co xml:id='ex-dockerTools-pullImage-4' />
sha256 = "0mqjy3zq2v6rrhizgb9nvhczl87lcfphq9601wcprdika2jz7qh8"; <co xml:id='ex-dockerTools-pullImage-5' />
os = "linux"; <co xml:id='ex-dockerTools-pullImage-6' />
arch = "x86_64"; <co xml:id='ex-dockerTools-pullImage-7' />
}
</programlisting>
</example>
@ -451,6 +452,14 @@ sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b
</para>
</callout>
<callout arearefs='ex-dockerTools-pullImage-3'>
<para>
<varname>finalImageName</varname>, if specified, this is the name of the
image to be created. Note it is never used to fetch the image since we
prefer to rely on the immutable digest ID. By default it's equal to
<varname>imageName</varname>.
</para>
</callout>
<callout arearefs='ex-dockerTools-pullImage-4'>
<para>
<varname>finalImageTag</varname>, if specified, this is the tag of the
image to be created. Note it is never used to fetch the image since we
@ -458,19 +467,19 @@ sha256:20d9485b25ecfd89204e843a962c1bd70e9cc6858d65d7f5fadc340246e2116b
<literal>latest</literal>.
</para>
</callout>
<callout arearefs='ex-dockerTools-pullImage-4'>
<callout arearefs='ex-dockerTools-pullImage-5'>
<para>
<varname>sha256</varname> is the checksum of the whole fetched image. This
argument is required.
</para>
</callout>
<callout arearefs='ex-dockerTools-pullImage-5'>
<callout arearefs='ex-dockerTools-pullImage-6'>
<para>
<varname>os</varname>, if specified, is the operating system of the
fetched image. By default it's <literal>linux</literal>.
</para>
</callout>
<callout arearefs='ex-dockerTools-pullImage-6'>
<callout arearefs='ex-dockerTools-pullImage-7'>
<para>
<varname>arch</varname>, if specified, is the cpu architecture of the
fetched image. By default it's <literal>x86_64</literal>.

7
doc/multiple-output.xml
View File

@ -101,6 +101,13 @@
contain <varname>$outputBin</varname> and <varname>$outputLib</varname> are
also added. (See <xref linkend="multiple-output-file-type-groups" />.)
</para>
<para>
In some cases it may be desirable to combine different outputs under a
single store path. A function <literal>symlinkJoin</literal> can be used to
do this. (Note that it may negate some closure size benefits of using a
multiple-output package.)
</para>
</section>
<section xml:id="sec-multiple-outputs-">
<title>Writing a split derivation</title>

27
doc/package-notes.xml
View File

@ -883,6 +883,33 @@ citrix_receiver.override {
On NixOS it can be installed using the following expression:
<programlisting>{ pkgs, ... }: {
fonts.fonts = with pkgs; [ noto-fonts-emoji ];
}</programlisting>
</para>
</section>
</section>
<section xml:id="dlib">
<title>DLib</title>
<para>
<link xlink:href="http://dlib.net/">DLib</link> is a modern, C++-based toolkit which
provides several machine learning algorithms.
</para>
<section xml:id="compiling-without-avx-support">
<title>Compiling without AVX support</title>
<para>
Especially older CPUs don't support
<link xlink:href="https://en.wikipedia.org/wiki/Advanced_Vector_Extensions">AVX</link>
(<abbrev>Advanced Vector Extensions</abbrev>) instructions that are used by DLib to
optimize their algorithms.
</para>
<para>
On the affected hardware errors like <literal>Illegal instruction</literal> will occur.
In those cases AVX support needs to be disabled:
<programlisting>self: super: {
dlib = super.dlib.override { avxSupport = false; };
}</programlisting>
</para>
</section>

2
lib/lists.nix
View File

@ -7,7 +7,7 @@ let
in
rec {
inherit (builtins) head tail length isList elemAt concatLists filter elem genList;
inherit (builtins) head tail length isList elemAt concatLists filter elem genList map;
/* Create a list consisting of a single element. `singleton x` is
sometimes more convenient with respect to indentation than `[x]`

1
lib/systems/default.nix
View File

@ -34,6 +34,7 @@ rec {
else if final.isUClibc then "uclibc"
else if final.isAndroid then "bionic"
else if final.isLinux /* default */ then "glibc"
else if final.isMsp430 then "newlib"
else if final.isAvr then "avrlibc"
else if final.isNetBSD then "nblibc"
# TODO(@Ericson2314) think more about other operating systems

5
lib/systems/examples.nix
View File

@ -102,6 +102,11 @@ rec {
riscv64 = riscv "64";
riscv32 = riscv "32";
msp430 = {
config = "msp430-elf";
libc = "newlib";
};
avr = {
config = "avr";
};

1
lib/systems/inspect.nix
View File

@ -20,6 +20,7 @@ rec {
isRiscV = { cpu = { family = "riscv"; }; };
isSparc = { cpu = { family = "sparc"; }; };
isWasm = { cpu = { family = "wasm"; }; };
isMsp430 = { cpu = { family = "msp430"; }; };
isAvr = { cpu = { family = "avr"; }; };
isAlpha = { cpu = { family = "alpha"; }; };

1
lib/systems/parse.nix
View File

@ -109,6 +109,7 @@ rec {
alpha = { bits = 64; significantByte = littleEndian; family = "alpha"; };
msp430 = { bits = 16; significantByte = littleEndian; family = "msp430"; };
avr = { bits = 8; family = "avr"; };
};

15
maintainers/maintainer-list.nix
View File

@ -147,6 +147,11 @@
github = "aepsil0n";
name = "Eduard Bopp";
};
aerialx = {
email = "aaron+nixos@aaronlindsay.com";
github = "AerialX";
name = "Aaron Lindsay";
};
aespinosa = {
email = "allan.espinosa@outlook.com";
github = "aespinosa";
@ -335,6 +340,11 @@
github = "andrew-d";
name = "Andrew Dunham";
};
andrewchambers = {
email = "ac@acha.ninja";
github = "andrewchambers";
name = "Andrew Chambers";
};
andrewrk = {
email = "superjoe30@gmail.com";
github = "andrewrk";
@ -5391,4 +5401,9 @@
github = "minijackson";
name = "Rémi Nicole";
};
shazow = {
email = "andrey.petrov@shazow.net";
github = "shazow";
name = "Andrey Petrov";
};
}

9
maintainers/scripts/fetch-kde-qt.sh
View File

@ -14,12 +14,13 @@ fi
tmp=$(mktemp -d)
pushd $tmp >/dev/null
wget -nH -r -c --no-parent "${WGET_ARGS[@]}" >/dev/null
wget -nH -r -c --no-parent "${WGET_ARGS[@]}" -A '*.tar.xz.sha256' -A '*.mirrorlist' >/dev/null
find -type f -name '*.mirrorlist' -delete
csv=$(mktemp)
find . -type f | while read src; do
# Sanitize file name
filename=$(basename "$src" | tr '@' '_')
filename=$(gawk '{ print $2 }' "$src" | tr '@' '_')
nameVersion="${filename%.tar.*}"
name=$(echo "$nameVersion" | sed -e 's,-[[:digit:]].*,,' | sed -e 's,-opensource-src$,,' | sed -e 's,-everywhere-src$,,')
version=$(echo "$nameVersion" | sed -e 's,^\([[:alpha:]][[:alnum:]]*-\)\+,,')
@ -38,8 +39,8 @@ gawk -F , "{ print \$1 }" $csv | sort | uniq | while read name; do
latestVersion=$(echo "$versions" | sort -rV | head -n 1)
src=$(gawk -F , "/^$name,$latestVersion,/ { print \$3 }" $csv)
filename=$(gawk -F , "/^$name,$latestVersion,/ { print \$4 }" $csv)
url="${src:2}"
sha256=$(nix-hash --type sha256 --base32 --flat "$src")
url="$(dirname "${src:2}")/$filename"
sha256=$(gawk '{ print $1 }' "$src")
cat >>"$SRCS" <<EOF
$name = {
version = "$latestVersion";

18
nixos/doc/manual/release-notes/rl-1903.xml
View File

@ -68,6 +68,17 @@
<xref linkend="sec-kubernetes"/> for details.
</para>
</listitem>
<listitem>
<para>
There is now a set of <option>confinement</option> options for
<option>systemd.services</option>, which allows to restrict services
into a <citerefentry>
<refentrytitle>chroot</refentrytitle>
<manvolnum>2</manvolnum>
</citerefentry>ed environment that only contains the store paths from
the runtime closure of the service.
</para>
</listitem>
</itemizedlist>
</section>
@ -516,6 +527,13 @@
Graylog</link> for details.
</para>
</listitem>
<listitem>
<para>
The option <literal>users.ldap.bind.password</literal> was renamed to <literal>users.ldap.bind.passwordFile</literal>,
and needs to be readable by the <literal>nslcd</literal> user.
Same applies to the new <literal>users.ldap.daemon.rootpwmodpwFile</literal> option.
</para>
</listitem>
</itemizedlist>
</section>

10
nixos/doc/manual/release-notes/rl-1909.xml
View File

@ -106,6 +106,16 @@
and fix all the bugs it uncovers.
</para>
</listitem>
<listitem>
<para>
The <literal>vlc</literal> package gained support for Chromecast
streaming, enabled by default. TCP port 8010 must be open for it to work,
so something like <literal>networking.firewall.allowedTCPPorts = [ 8010
];</literal> may be required in your configuration. Also consider enabling
<link xlink:href="https://nixos.wiki/wiki/Accelerated_Video_Playback">
Accelerated Video Playback</link> for better transcoding performance.
</para>
</listitem>
</itemizedlist>
</section>
</section>

63
nixos/modules/config/ldap.nix
View File

@ -27,9 +27,7 @@ let
'';
};
nslcdConfig = {
target = "nslcd.conf";
source = writeText "nslcd.conf" ''
nslcdConfig = writeText "nslcd.conf" ''
uid nslcd
gid nslcd
uri ${cfg.server}
@ -42,10 +40,16 @@ let
"rootpwmoddn ${cfg.daemon.rootpwmoddn}" }
${optionalString (cfg.daemon.extraConfig != "") cfg.daemon.extraConfig }
'';
};
insertLdapPassword = !config.users.ldap.daemon.enable &&
config.users.ldap.bind.distinguishedName != "";
# nslcd normally reads configuration from /etc/nslcd.conf.
# this file might contain secrets. We append those at runtime,
# so redirect its location to something more temporary.
nslcdWrapped = runCommandNoCC "nslcd-wrapped" { nativeBuildInputs = [ makeWrapper ]; } ''
mkdir -p $out/bin
makeWrapper ${nss_pam_ldapd}/sbin/nslcd $out/bin/nslcd \
--set LD_PRELOAD "${pkgs.libredirect}/lib/libredirect.so" \
--set NIX_REDIRECTS "/etc/nslcd.conf=/run/nslcd/nslcd.conf"
'';
in
@ -139,13 +143,13 @@ in
'';
};
rootpwmodpw = mkOption {
rootpwmodpwFile = mkOption {
default = "";
example = "/run/keys/nslcd.rootpwmodpw";
type = types.str;
description = ''
The path to a file containing the credentials with which
to bind to the LDAP server if the root user tries to change a user's password
The path to a file containing the credentials with which to bind to
the LDAP server if the root user tries to change a user's password.
'';
};
};
@ -161,7 +165,7 @@ in
'';
};
password = mkOption {
passwordFile = mkOption {
default = "/etc/ldap/bind.password";
type = types.str;
description = ''
@ -220,14 +224,14 @@ in
config = mkIf cfg.enable {
environment.etc = if cfg.daemon.enable then [nslcdConfig] else [ldapConfig];
environment.etc = optional (!cfg.daemon.enable) ldapConfig;
system.activationScripts = mkIf insertLdapPassword {
system.activationScripts = mkIf (!cfg.daemon.enable) {
ldap = stringAfter [ "etc" "groups" "users" ] ''
if test -f "${cfg.bind.password}" ; then
if test -f "${cfg.bind.passwordFile}" ; then
umask 0077
conf="$(mktemp)"
printf 'bindpw %s\n' "$(cat ${cfg.bind.password})" |
printf 'bindpw %s\n' "$(cat ${cfg.bind.passwordFile})" |
cat ${ldapConfig.source} - >"$conf"
mv -fT "$conf" /etc/ldap.conf
fi
@ -251,7 +255,6 @@ in
};
systemd.services = mkIf cfg.daemon.enable {
nslcd = {
wantedBy = [ "multi-user.target" ];
@ -259,32 +262,32 @@ in
umask 0077
conf="$(mktemp)"
{
cat ${nslcdConfig.source}
test -z '${cfg.bind.distinguishedName}' -o ! -f '${cfg.bind.password}' ||
printf 'bindpw %s\n' "$(cat '${cfg.bind.password}')"
test -z '${cfg.daemon.rootpwmoddn}' -o ! -f '${cfg.daemon.rootpwmodpw}' ||
printf 'rootpwmodpw %s\n' "$(cat '${cfg.daemon.rootpwmodpw}')"
cat ${nslcdConfig}
test -z '${cfg.bind.distinguishedName}' -o ! -f '${cfg.bind.passwordFile}' ||
printf 'bindpw %s\n' "$(cat '${cfg.bind.passwordFile}')"
test -z '${cfg.daemon.rootpwmoddn}' -o ! -f '${cfg.daemon.rootpwmodpwFile}' ||
printf 'rootpwmodpw %s\n' "$(cat '${cfg.daemon.rootpwmodpwFile}')"
} >"$conf"
mv -fT "$conf" /etc/nslcd.conf
mv -fT "$conf" /run/nslcd/nslcd.conf
'';
# NOTE: because one cannot pass a custom config path to `nslcd`
# (which is only able to use `/etc/nslcd.conf`)
# changes in `nslcdConfig` won't change `serviceConfig`,
# and thus won't restart `nslcd`.
# Therefore `restartTriggers` is used on `/etc/nslcd.conf`.
restartTriggers = [ nslcdConfig.source ];
restartTriggers = [ "/run/nslcd/nslcd.conf" ];
serviceConfig = {
ExecStart = "${nss_pam_ldapd}/sbin/nslcd";
ExecStart = "${nslcdWrapped}/bin/nslcd";
Type = "forking";
PIDFile = "/run/nslcd/nslcd.pid";
Restart = "always";
User = "nslcd";
Group = "nslcd";
RuntimeDirectory = [ "nslcd" ];
PIDFile = "/run/nslcd/nslcd.pid";
};
};
};
};
imports =
[ (mkRenamedOptionModule [ "users" "ldap" "bind" "password"] [ "users" "ldap" "bind" "passwordFile"])
];
}

10
nixos/modules/hardware/all-firmware.nix
View File

@ -38,6 +38,12 @@ in {
firmwareLinuxNonfree
intel2200BGFirmware
rtl8192su-firmware
rt5677-firmware
rtl8723bs-firmware
rtlwifi_new-firmware
zd1211fw
alsa-firmware
openelec-dvb-firmware
] ++ optional (pkgs.stdenv.hostPlatform.isAarch32 || pkgs.stdenv.hostPlatform.isAarch64) raspberrypiWirelessFirmware
++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [
rtl8723bs-firmware
@ -54,6 +60,10 @@ in {
}];
hardware.firmware = with pkgs; [
broadcom-bt-firmware
b43Firmware_5_1_138
b43Firmware_6_30_163_46
b43FirmwareCutter
facetimehd-firmware
];
})
];

28
nixos/modules/hardware/logitech.nix Normal file
View File

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.logitech;
in {
options.hardware.logitech = {
enable = mkEnableOption "Logitech Devices";
enableGraphical = mkOption {
type = types.bool;
default = false;
description = "Enable graphical support applications.";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [
pkgs.ltunify
] ++ lib.optional cfg.enableGraphical pkgs.solaar;
# ltunifi and solaar both provide udev rules but the most up-to-date have been split
# out into a dedicated derivation
services.udev.packages = with pkgs; [ logitech-udev-rules ];
};
}

2
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -88,7 +88,7 @@ let
# result in incorrect boot entries.
baseIsolinuxCfg = ''
SERIAL 0 38400
SERIAL 0 115200
TIMEOUT ${builtins.toString syslinuxTimeout}
UI vesamenu.c32
MENU TITLE NixOS

4
nixos/modules/module-list.nix
View File

@ -46,6 +46,7 @@
./hardware/sensor/iio.nix
./hardware/ksm.nix
./hardware/ledger.nix
./hardware/logitech.nix
./hardware/mcelog.nix
./hardware/network/b43.nix
./hardware/nitrokey.nix
@ -172,6 +173,7 @@
./security/rtkit.nix
./security/wrappers/default.nix
./security/sudo.nix
./security/systemd-confinement.nix
./services/admin/oxidized.nix
./services/admin/salt/master.nix
./services/admin/salt/minion.nix
@ -349,6 +351,7 @@
./services/mail/exim.nix
./services/mail/freepops.nix
./services/mail/mail.nix
./services/mail/mailcatcher.nix
./services/mail/mailhog.nix
./services/mail/mlmmj.nix
./services/mail/offlineimap.nix
@ -630,6 +633,7 @@
./services/networking/prosody.nix
./services/networking/quagga.nix
./services/networking/quassel.nix
./services/networking/quicktun.nix
./services/networking/racoon.nix
./services/networking/radicale.nix
./services/networking/radvd.nix

33
nixos/modules/programs/browserpass.nix
View File

@ -4,15 +4,34 @@ with lib;
{
###### interface
options = {
programs.browserpass.enable = mkEnableOption "the NativeMessaging configuration for Chromium, Chrome, and Vivaldi.";
};
options.programs.browserpass.enable = mkEnableOption "Browserpass native messaging host";
###### implementation
config = mkIf config.programs.browserpass.enable {
environment.systemPackages = [ pkgs.browserpass ];
environment.etc = {
environment.etc = let
appId = "com.github.browserpass.native.json";
source = part: "${pkgs.browserpass}/lib/browserpass/${part}/${appId}";
in {
# chromium
"chromium/native-messaging-hosts/${appId}".source = source "hosts/chromium";
"chromium/policies/managed/${appId}".source = source "policies/chromium";
# chrome
"opt/chrome/native-messaging-hosts/${appId}".source = source "hosts/chromium";
"opt/chrome/policies/managed/${appId}".source = source "policies/chromium";
# vivaldi
"opt/vivaldi/native-messaging-hosts/${appId}".source = source "hosts/chromium";
"opt/vivaldi/policies/managed/${appId}".source = source "policies/chromium";
# brave
"opt/brave/native-messaging-hosts/${appId}".source = source "hosts/chromium";
"opt/brave/policies/managed/${appId}".source = source "policies/chromium";
}
# As with the v2 backwards compatibility in the pkgs.browserpass
# declaration, this part can be removed once the browser extension
# auto-updates to v3 (planned 2019-04-13, see
# https://github.com/browserpass/browserpass-native/issues/31)
// {
"chromium/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json";
"chromium/policies/managed/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-policy.json";
"opt/chrome/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json";

74
nixos/modules/rename.nix
View File

@ -4,26 +4,12 @@ with lib;
{
imports = [
# !!! These were renamed the other way, but got reverted later.
# !!! Drop these before 18.09 is released.
(mkRenamedOptionModule [ "system" "nixos" "stateVersion" ] [ "system" "stateVersion" ])
(mkRenamedOptionModule [ "system" "nixos" "defaultChannel" ] [ "system" "defaultChannel" ])
(mkRenamedOptionModule [ "environment" "x11Packages" ] [ "environment" "systemPackages" ])
(mkRenamedOptionModule [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ])
(mkRenamedOptionModule [ "environment" "nix" ] [ "nix" "package" ])
(mkRenamedOptionModule [ "fonts" "enableFontConfig" ] [ "fonts" "fontconfig" "enable" ])
(mkRenamedOptionModule [ "fonts" "extraFonts" ] [ "fonts" "fonts" ])
(mkRenamedOptionModule [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ])
(mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel3945ABGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel2100BGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ])
(mkRenamedOptionModule [ "services" "cadvisor" "host" ] [ "services" "cadvisor" "listenAddress" ])
(mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ]
(config:
let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config;
@ -33,11 +19,7 @@ with lib;
let value = getAttrFromPath [ "services" "ddclient" "domain" ] config;
in if value != "" then [ value ] else []))
(mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "")
(mkRenamedOptionModule [ "services" "elasticsearch" "host" ] [ "services" "elasticsearch" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "api" "host" ] [ "services" "graphite" "api" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "web" "host" ] [ "services" "graphite" "web" "listenAddress" ])
(mkRenamedOptionModule [ "services" "i2pd" "extIp" ] [ "services" "i2pd" "address" ])
(mkRenamedOptionModule [ "services" "kibana" "host" ] [ "services" "kibana" "listenAddress" ])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "admissionControl" ] [ "services" "kubernetes" "apiserver" "enableAdmissionPlugins" ])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "address" ] ["services" "kubernetes" "apiserver" "bindAddress"])
(mkRenamedOptionModule [ "services" "kubernetes" "apiserver" "port" ] ["services" "kubernetes" "apiserver" "insecurePort"])
@ -54,7 +36,6 @@ with lib;
(mkRenamedOptionModule [ "services" "kubernetes" "proxy" "address" ] ["services" "kubernetes" "proxy" "bindAddress"])
(mkRemovedOptionModule [ "services" "kubernetes" "verbose" ] "")
(mkRenamedOptionModule [ "services" "logstash" "address" ] [ "services" "logstash" "listenAddress" ])
(mkRenamedOptionModule [ "services" "mpd" "network" "host" ] [ "services" "mpd" "network" "listenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "listenAddress" ] [ "services" "neo4j" "defaultListenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "enableBolt" ] [ "services" "neo4j" "bolt" "enable" ])
@ -64,10 +45,6 @@ with lib;
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
(mkRenamedOptionModule [ "services" "shout" "host" ] [ "services" "shout" "listenAddress" ])
(mkRenamedOptionModule [ "services" "sslh" "host" ] [ "services" "sslh" "listenAddress" ])
(mkRenamedOptionModule [ "services" "statsd" "host" ] [ "services" "statsd" "listenAddress" ])
(mkRenamedOptionModule [ "services" "subsonic" "host" ] [ "services" "subsonic" "listenAddress" ])
(mkRenamedOptionModule [ "services" "tor" "relay" "portSpec" ] [ "services" "tor" "relay" "port" ])
(mkRenamedOptionModule [ "services" "vmwareGuest" ] [ "virtualisation" "vmware" "guest" ])
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
@ -91,82 +68,31 @@ with lib;
(mkRenamedOptionModule [ "services" "xserver" "displayManager" "logToJournal" ] [ "services" "xserver" "displayManager" "job" "logToJournal" ])
# Old Grub-related options.
(mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ])
(mkRenamedOptionModule [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ])
(mkRenamedOptionModule [ "boot" "loader" "grub" "timeout" ] [ "boot" "loader" "timeout" ])
(mkRenamedOptionModule [ "boot" "loader" "gummiboot" "timeout" ] [ "boot" "loader" "timeout" ])
# smartd
(mkRenamedOptionModule [ "services" "smartd" "deviceOpts" ] [ "services" "smartd" "defaults" "monitored" ])
# OpenSSH
(mkRenamedOptionModule [ "services" "sshd" "ports" ] [ "services" "openssh" "ports" ])
(mkAliasOptionModule [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ])
(mkRenamedOptionModule [ "services" "sshd" "allowSFTP" ] [ "services" "openssh" "allowSFTP" ])
(mkRenamedOptionModule [ "services" "sshd" "forwardX11" ] [ "services" "openssh" "forwardX11" ])
(mkRenamedOptionModule [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ])
(mkRenamedOptionModule [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ])
(mkRenamedOptionModule [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ])
(mkRenamedOptionModule [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ])
(mkAliasOptionModule [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ])
# VirtualBox
(mkRenamedOptionModule [ "services" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ])
(mkRenamedOptionModule [ "services" "virtualboxGuest" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ])
(mkRenamedOptionModule [ "programs" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "host" "enable" ])
(mkRenamedOptionModule [ "programs" "virtualbox" "addNetworkInterface" ] [ "virtualisation" "virtualbox" "host" "addNetworkInterface" ])
(mkRenamedOptionModule [ "programs" "virtualbox" "enableHardening" ] [ "virtualisation" "virtualbox" "host" "enableHardening" ])
(mkRenamedOptionModule [ "services" "virtualboxHost" "enable" ] [ "virtualisation" "virtualbox" "host" "enable" ])
(mkRenamedOptionModule [ "services" "virtualboxHost" "addNetworkInterface" ] [ "virtualisation" "virtualbox" "host" "addNetworkInterface" ])
(mkRenamedOptionModule [ "services" "virtualboxHost" "enableHardening" ] [ "virtualisation" "virtualbox" "host" "enableHardening" ])
# libvirtd
(mkRemovedOptionModule [ "virtualisation" "libvirtd" "enableKVM" ]
"Set the option `virtualisation.libvirtd.qemuPackage' instead.")
# Tarsnap
(mkRenamedOptionModule [ "services" "tarsnap" "config" ] [ "services" "tarsnap" "archives" ])
# ibus
(mkRenamedOptionModule [ "programs" "ibus" "plugins" ] [ "i18n" "inputMethod" "ibus" "engines" ])
# proxy
(mkRenamedOptionModule [ "nix" "proxy" ] [ "networking" "proxy" "default" ])
# sandboxing
(mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ])
(mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ])
# KDE
(mkRenamedOptionModule [ "kde" "extraPackages" ] [ "environment" "systemPackages" ])
(mkRenamedOptionModule [ "environment" "kdePackages" ] [ "environment" "systemPackages" ])
# Multiple efi bootloaders now
(mkRenamedOptionModule [ "boot" "loader" "efi" "efibootmgr" "enable" ] [ "boot" "loader" "efi" "canTouchEfiVariables" ])
# NixOS environment changes
# !!! this hardcodes bash, could we detect from config which shell is actually used?
(mkRenamedOptionModule [ "environment" "promptInit" ] [ "programs" "bash" "promptInit" ])
(mkRenamedOptionModule [ "services" "xserver" "driSupport" ] [ "hardware" "opengl" "driSupport" ])
(mkRenamedOptionModule [ "services" "xserver" "driSupport32Bit" ] [ "hardware" "opengl" "driSupport32Bit" ])
(mkRenamedOptionModule [ "services" "xserver" "s3tcSupport" ] [ "hardware" "opengl" "s3tcSupport" ])
(mkRenamedOptionModule [ "hardware" "opengl" "videoDrivers" ] [ "services" "xserver" "videoDrivers" ])
(mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
(mkRenamedOptionModule [ "services" "mysql55" ] [ "services" "mysql" ])
(mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
# opendkim
(mkRenamedOptionModule [ "services" "opendkim" "keyFile" ] [ "services" "opendkim" "keyPath" ])
# XBMC
(mkRenamedOptionModule [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
(mkRenamedOptionModule [ "services" "hostapd" "extraCfg" ] [ "services" "hostapd" "extraConfig" ])
# Enlightenment
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "e19" "enable" ] [ "services" "xserver" "desktopManager" "enlightenment" "enable" ])

60
nixos/modules/security/pam.nix
View File

@ -48,6 +48,16 @@ let
'';
};
yubicoAuth = mkOption {
default = config.security.pam.yubico.enable;
type = types.bool;
description = ''
If set, users listed in
<filename>~/.yubico/authorized_yubikeys</filename>
are able to log in with the asociated Yubikey tokens.
'';
};
googleAuthenticator = {
enable = mkOption {
default = false;
@ -340,6 +350,8 @@ let
"auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"}
${let oath = config.security.pam.oath; in optionalString cfg.oathAuth
"auth requisite ${pkgs.oathToolkit}/lib/security/pam_oath.so window=${toString oath.window} usersfile=${toString oath.usersFile} digits=${toString oath.digits}"}
${let yubi = config.security.pam.yubico; in optionalString cfg.yubicoAuth
"auth ${yubi.control} ${pkgs.yubico-pam}/lib/security/pam_yubico.so id=${toString yubi.id} ${optionalString yubi.debug "debug"}"}
'' +
# Modules in this block require having the password set in PAM_AUTHTOK.
# pam_unix is marked as 'sufficient' on NixOS which means nothing will run
@ -636,6 +648,54 @@ in
};
};
security.pam.yubico = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Enables Yubico PAM (<literal>yubico-pam</literal>) module.
If set, users listed in
<filename>~/.yubico/authorized_yubikeys</filename>
are able to log in with the associated Yubikey tokens.
The file must have only one line:
<literal>username:yubikey_token_id1:yubikey_token_id2</literal>
More information can be found <link
xlink:href="https://developers.yubico.com/yubico-pam/">here</link>.
'';
};
control = mkOption {
default = "sufficient";
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
description = ''
This option sets pam "control".
If you want to have multi factor authentication, use "required".
If you want to use Yubikey instead of regular password, use "sufficient".
Read
<citerefentry>
<refentrytitle>pam.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
for better understanding of this option.
'';
};
id = mkOption {
example = "42";
type = types.string;
description = "client id";
};
debug = mkOption {
default = false;
type = types.bool;
description = ''
Debug output to stderr.
'';
};
};
security.pam.enableEcryptfs = mkOption {
default = false;
description = ''

199
nixos/modules/security/systemd-confinement.nix Normal file
View File

@ -0,0 +1,199 @@
{ config, pkgs, lib, ... }:
let
toplevelConfig = config;
inherit (lib) types;
inherit (import ../system/boot/systemd-lib.nix {
inherit config pkgs lib;
}) mkPathSafeName;
in {
options.systemd.services = lib.mkOption {
type = types.attrsOf (types.submodule ({ name, config, ... }: {
options.confinement.enable = lib.mkOption {
type = types.bool;
default = false;
description = ''
If set, all the required runtime store paths for this service are
bind-mounted into a <literal>tmpfs</literal>-based <citerefentry>
<refentrytitle>chroot</refentrytitle>
<manvolnum>2</manvolnum>
</citerefentry>.
'';
};
options.confinement.fullUnit = lib.mkOption {
type = types.bool;
default = false;
description = ''
Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
<warning><para>While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate. It's better
to use <option>confinement.packages</option> to <emphasis
role="strong">explicitly</emphasis> add additional store paths to the
chroot.</para></warning>
'';
};
options.confinement.packages = lib.mkOption {
type = types.listOf (types.either types.str types.package);
default = [];
description = let
mkScOption = optName: "<option>serviceConfig.${optName}</option>";
in ''
Additional packages or strings with context to add to the closure of
the chroot. By default, this includes all the packages from the
${lib.concatMapStringsSep ", " mkScOption [
"ExecReload" "ExecStartPost" "ExecStartPre" "ExecStop"
"ExecStopPost"
]} and ${mkScOption "ExecStart"} options. If you want to have all the
dependencies of this systemd unit, you can use
<option>confinement.fullUnit</option>.
<note><para>The store paths listed in <option>path</option> are
<emphasis role="strong">not</emphasis> included in the closure as
well as paths from other options except those listed
above.</para></note>
'';
};
options.confinement.binSh = lib.mkOption {
type = types.nullOr types.path;
default = toplevelConfig.environment.binsh;
defaultText = "config.environment.binsh";
example = lib.literalExample "\${pkgs.dash}/bin/dash";
description = ''
The program to make available as <filename>/bin/sh</filename> inside
the chroot. If this is set to <literal>null</literal>, no
<filename>/bin/sh</filename> is provided at all.
This is useful for some applications, which for example use the
<citerefentry>
<refentrytitle>system</refentrytitle>
<manvolnum>3</manvolnum>
</citerefentry> library function to execute commands.
'';
};
options.confinement.mode = lib.mkOption {
type = types.enum [ "full-apivfs" "chroot-only" ];
default = "full-apivfs";
description = ''
The value <literal>full-apivfs</literal> (the default) sets up
private <filename class="directory">/dev</filename>, <filename
class="directory">/proc</filename>, <filename
class="directory">/sys</filename> and <filename
class="directory">/tmp</filename> file systems in a separate user
name space.
If this is set to <literal>chroot-only</literal>, only the file
system name space is set up along with the call to <citerefentry>
<refentrytitle>chroot</refentrytitle>
<manvolnum>2</manvolnum>
</citerefentry>.
<note><para>This doesn't cover network namespaces and is solely for
file system level isolation.</para></note>
'';
};
config = let
rootName = "${mkPathSafeName name}-chroot";
inherit (config.confinement) binSh fullUnit;
wantsAPIVFS = lib.mkDefault (config.confinement.mode == "full-apivfs");
in lib.mkIf config.confinement.enable {
serviceConfig = {
RootDirectory = pkgs.runCommand rootName {} "mkdir \"$out\"";
TemporaryFileSystem = "/";
PrivateMounts = lib.mkDefault true;
# https://github.com/NixOS/nixpkgs/issues/14645 is a future attempt
# to change some of these to default to true.
#
# If we run in chroot-only mode, having something like PrivateDevices
# set to true by default will mount /dev within the chroot, whereas
# with "chroot-only" it's expected that there are no /dev, /proc and
# /sys file systems available.
#
# However, if this suddenly becomes true, the attack surface will
# increase, so let's explicitly set these options to true/false
# depending on the mode.
MountAPIVFS = wantsAPIVFS;
PrivateDevices = wantsAPIVFS;
PrivateTmp = wantsAPIVFS;
PrivateUsers = wantsAPIVFS;
ProtectControlGroups = wantsAPIVFS;
ProtectKernelModules = wantsAPIVFS;
ProtectKernelTunables = wantsAPIVFS;
};
confinement.packages = let
execOpts = [
"ExecReload" "ExecStart" "ExecStartPost" "ExecStartPre" "ExecStop"
"ExecStopPost"
];
execPkgs = lib.concatMap (opt: let
isSet = config.serviceConfig ? ${opt};
in lib.optional isSet config.serviceConfig.${opt}) execOpts;
unitAttrs = toplevelConfig.systemd.units."${name}.service";
allPkgs = lib.singleton (builtins.toJSON unitAttrs);
unitPkgs = if fullUnit then allPkgs else execPkgs;
in unitPkgs ++ lib.optional (binSh != null) binSh;
};
}));
};
config.assertions = lib.concatLists (lib.mapAttrsToList (name: cfg: let
whatOpt = optName: "The 'serviceConfig' option '${optName}' for"
+ " service '${name}' is enabled in conjunction with"
+ " 'confinement.enable'";
in lib.optionals cfg.confinement.enable [
{ assertion = !cfg.serviceConfig.RootDirectoryStartOnly or false;
message = "${whatOpt "RootDirectoryStartOnly"}, but right now systemd"
+ " doesn't support restricting bind-mounts to 'ExecStart'."
+ " Please either define a separate service or find a way to run"
+ " commands other than ExecStart within the chroot.";
}
{ assertion = !cfg.serviceConfig.DynamicUser or false;
message = "${whatOpt "DynamicUser"}. Please create a dedicated user via"
+ " the 'users.users' option instead as this combination is"
+ " currently not supported.";
}
]) config.systemd.services);
config.systemd.packages = lib.concatLists (lib.mapAttrsToList (name: cfg: let
rootPaths = let
contents = lib.concatStringsSep "\n" cfg.confinement.packages;
in pkgs.writeText "${mkPathSafeName name}-string-contexts.txt" contents;
chrootPaths = pkgs.runCommand "${mkPathSafeName name}-chroot-paths" {
closureInfo = pkgs.closureInfo { inherit rootPaths; };
serviceName = "${name}.service";
excludedPath = rootPaths;
} ''
mkdir -p "$out/lib/systemd/system"
serviceFile="$out/lib/systemd/system/$serviceName"
echo '[Service]' > "$serviceFile"
# /bin/sh is special here, because the option value could contain a
# symlink and we need to properly resolve it.
${lib.optionalString (cfg.confinement.binSh != null) ''
binsh=${lib.escapeShellArg cfg.confinement.binSh}
realprog="$(readlink -e "$binsh")"
echo "BindReadOnlyPaths=$realprog:/bin/sh" >> "$serviceFile"
''}
while read storePath; do
if [ -L "$storePath" ]; then
# Currently, systemd can't cope with symlinks in Bind(ReadOnly)Paths,
# so let's just bind-mount the target to that location.
echo "BindReadOnlyPaths=$(readlink -e "$storePath"):$storePath"
elif [ "$storePath" != "$excludedPath" ]; then
echo "BindReadOnlyPaths=$storePath"
fi
done < "$closureInfo/store-paths" >> "$serviceFile"
'';
in lib.optional cfg.confinement.enable chrootPaths) config.systemd.services);
}

58
nixos/modules/services/databases/mysql.nix
View File

@ -103,6 +103,24 @@ in
};
initialDatabases = mkOption {
type = types.listOf (types.submodule {
options = {
name = mkOption {
type = types.str;
description = ''
The name of the database to create.
'';
};
schema = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
The initial schema of the database; if null (the default),
an empty database is created.
'';
};
};
});
default = [];
description = ''
List of database names and their initial schemas that should be used to create databases on the first startup
@ -115,11 +133,13 @@ in
};
initialScript = mkOption {
type = types.nullOr types.lines;
default = null;
description = "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database";
};
ensureDatabases = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Ensures that the specified databases exist.
@ -134,6 +154,38 @@ in
};
ensureUsers = mkOption {
type = types.listOf (types.submodule {
options = {
name = mkOption {
type = types.str;
description = ''
Name of the user to ensure.
'';
};
ensurePermissions = mkOption {
type = types.attrsOf types.str;
default = {};
description = ''
Permissions to ensure for the user, specified as attribute set.
The attribute names specify the database and tables to grant the permissions for,
separated by a dot. You may use wildcards here.
The attribute values specfiy the permissions to grant.
You may specify one or multiple comma-separated SQL privileges here.
For more information on how to specify the target
and on which privileges exist, see the
<link xlink:href="https://mariadb.com/kb/en/library/grant/">GRANT syntax</link>.
The attributes are used as <code>GRANT ''${attrName} ON ''${attrValue}</code>.
'';
example = literalExample ''
{
"database.*" = "ALL PRIVILEGES";
"*.*" = "SELECT, LOCK TABLES";
}
'';
};
};
});
default = [];
description = ''
Ensures that the specified users exist and have at least the ensured permissions.
@ -143,7 +195,8 @@ in
option is changed. This means that users created and permissions assigned once through this option or
otherwise have to be removed manually.
'';
example = literalExample ''[
example = literalExample ''
[
{
name = "nextcloud";
ensurePermissions = {
@ -156,7 +209,8 @@ in
"*.*" = "SELECT, LOCK TABLES";
};
}
]'';
]
'';
};
# FIXME: remove this option; it's a really bad idea.

94
nixos/modules/services/databases/openldap.nix
View File

@ -8,7 +8,20 @@ let
openldap = pkgs.openldap;
dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents;
configFile = pkgs.writeText "slapd.conf" cfg.extraConfig;
configFile = pkgs.writeText "slapd.conf" ((optionalString cfg.defaultSchemas ''
include ${pkgs.openldap.out}/etc/schema/core.schema
include ${pkgs.openldap.out}/etc/schema/cosine.schema
include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema
include ${pkgs.openldap.out}/etc/schema/nis.schema
'') + ''
${cfg.extraConfig}
database ${cfg.database}
suffix ${cfg.suffix}
rootdn ${cfg.rootdn}
rootpw ${cfg.rootpw}
directory ${cfg.dataDir}
${cfg.extraDatabaseConfig}
'');
configOpts = if cfg.configDir == null then "-f ${configFile}"
else "-F ${cfg.configDir}";
in
@ -54,6 +67,52 @@ in
description = "The database directory.";
};
defaultSchemas = mkOption {
type = types.bool;
default = true;
description = ''
Include the default schemas core, cosine, inetorgperson and nis.
This setting will be ignored if configDir is set.
'';
};
database = mkOption {
type = types.str;
default = "mdb";
description = ''
Database type to use for the LDAP.
This setting will be ignored if configDir is set.
'';
};
suffix = mkOption {
type = types.str;
example = "dc=example,dc=org";
description = ''
Specify the DN suffix of queries that will be passed to this backend
database.
This setting will be ignored if configDir is set.
'';
};
rootdn = mkOption {
type = types.str;
example = "cn=admin,dc=example,dc=org";
description = ''
Specify the distinguished name that is not subject to access control
or administrative limit restrictions for operations on this database.
This setting will be ignored if configDir is set.
'';
};
rootpw = mkOption {
type = types.str;
description = ''
Password for the root user.
This setting will be ignored if configDir is set.
'';
};
logLevel = mkOption {
type = types.str;
default = "0";
@ -118,6 +177,39 @@ in
# ...
'';
};
extraDatabaseConfig = mkOption {
type = types.lines;
default = "";
description = ''
slapd.conf configuration after the database option.
This setting will be ignored if configDir is set.
'';
example = ''
# Indices to maintain for this directory
# unique id so equality match only
index uid eq
# allows general searching on commonname, givenname and email
index cn,gn,mail eq,sub
# allows multiple variants on surname searching
index sn eq,sub
# sub above includes subintial,subany,subfinal
# optimise department searches
index ou eq
# if searches will include objectClass uncomment following
# index objectClass eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber
# other database parameters
# read more in slapd.conf reference section
cachesize 10000
checkpoint 128 15
'';
};
};
};

60
nixos/modules/services/mail/mailcatcher.nix Normal file
View File

@ -0,0 +1,60 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.mailcatcher;
inherit (lib) mkEnableOption mkIf mkOption types;
in
{
# interface
options = {
services.mailcatcher = {
enable = mkEnableOption "Enable MailCatcher.";
http.ip = mkOption {
type = types.str;
default = "127.0.0.1";
description = "The ip address of the http server.";
};
http.port = mkOption {
type = types.port;
default = 1080;
description = "The port address of the http server.";
};
smtp.ip = mkOption {
type = types.str;
default = "127.0.0.1";
description = "The ip address of the smtp server.";
};
smtp.port = mkOption {
type = types.port;
default = 1025;
description = "The port address of the smtp server.";
};
};
};
# implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.mailcatcher ];
systemd.services.mailcatcher = {
description = "MailCatcher Service";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
Restart = "always";
ExecStart = "${pkgs.mailcatcher}/bin/mailcatcher --foreground --no-quit --http-ip ${cfg.http.ip} --http-port ${toString cfg.http.port} --smtp-ip ${cfg.smtp.ip} --smtp-port ${toString cfg.smtp.port}";
};
};
};
}

17
nixos/modules/services/misc/gitlab.nix
View File

@ -160,6 +160,20 @@ let
'';
};
gitlab-rails = pkgs.stdenv.mkDerivation rec {
name = "gitlab-rails";
buildInputs = [ pkgs.makeWrapper ];
dontBuild = true;
unpackPhase = ":";
installPhase = ''
mkdir -p $out/bin
makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rails $out/bin/gitlab-rails \
${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \
--run 'cd ${cfg.packages.gitlab}/share/gitlab'
'';
};
extraGitlabRb = pkgs.writeText "extra-gitlab.rb" cfg.extraGitlabRb;
smtpSettings = pkgs.writeText "gitlab-smtp-settings.rb" ''
@ -461,7 +475,7 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.git gitlab-rake cfg.packages.gitlab-shell ];
environment.systemPackages = [ pkgs.git gitlab-rake gitlab-rails cfg.packages.gitlab-shell ];
# Redis is required for the sidekiq queue runner.
services.redis.enable = mkDefault true;
@ -534,6 +548,7 @@ in {
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
openssh
procps # See https://gitlab.com/gitlab-org/gitaly/issues/1562
gitAndTools.git
cfg.packages.gitaly.rubyEnv
cfg.packages.gitaly.rubyEnv.wrappedRuby

118
nixos/modules/services/networking/quicktun.nix Normal file
View File

@ -0,0 +1,118 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.quicktun;
in
with lib;
{
options = {
services.quicktun = mkOption {
default = { };
description = "QuickTun tunnels";
type = types.attrsOf (types.submodule {
options = {
tunMode = mkOption {
type = types.int;
default = 0;
example = 1;
description = "";
};
remoteAddress = mkOption {
type = types.str;
example = "tunnel.example.com";
description = "";
};
localAddress = mkOption {
type = types.str;
example = "0.0.0.0";
description = "";
};
localPort = mkOption {
type = types.int;
default = 2998;
description = "";
};
remotePort = mkOption {
type = types.int;
default = 2998;
description = "";
};
remoteFloat = mkOption {
type = types.int;
default = 0;
description = "";
};
protocol = mkOption {
type = types.str;
default = "nacltai";
description = "";
};
privateKey = mkOption {
type = types.str;
description = "";
};
publicKey = mkOption {
type = types.str;
description = "";
};
timeWindow = mkOption {
type = types.int;
default = 5;
description = "";
};
upScript = mkOption {
type = types.lines;
default = "";
description = "";
};
};
});
};
};
config = mkIf (cfg != []) {
systemd.services = fold (a: b: a // b) {} (
mapAttrsToList (name: qtcfg: {
"quicktun-${name}" = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = {
"INTERFACE" = name;
"TUN_MODE" = toString qtcfg.tunMode;
"REMOTE_ADDRESS" = qtcfg.remoteAddress;
"LOCAL_ADDRESS" = qtcfg.localAddress;
"LOCAL_PORT" = toString qtcfg.localPort;
"REMOTE_PORT" = toString qtcfg.remotePort;
"REMOTE_FLOAT" = toString qtcfg.remoteFloat;
"PRIVATE_KEY" = qtcfg.privateKey;
"PUBLIC_KEY" = qtcfg.publicKey;
"TIME_WINDOW" = toString qtcfg.timeWindow;
"TUN_UP_SCRIPT" = pkgs.writeScript "quicktun-${name}-up.sh" qtcfg.upScript;
"SUID" = "nobody";
};
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.quicktun}/bin/quicktun.${qtcfg.protocol}";
};
};
}) cfg
);
};
}

4
nixos/modules/services/scheduling/cron.nix
View File

@ -64,8 +64,8 @@ in
sendmail. See <option>security.wrappers</option>
If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root
will is allowed to have its own crontab file. The /var/cron/cron.deny file
is created automatically for you. So every user can use a crontab.
is allowed to have its own crontab file. The /var/cron/cron.deny file
is created automatically for you, so every user can use a crontab.
Many nixos modules set systemCronJobs, so if you decide to disable vixie cron
and enable another cron daemon, you may want it to get its system crontab

571
nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix
View File

@ -3,112 +3,18 @@
poolName = "icingaweb2";
phpfpmSocketName = "/var/run/phpfpm/${poolName}.sock";
formatBool = b: if b then "1" else "0";
configIni = let
config = cfg.generalConfig;
in ''
[global]
show_stacktraces = "${formatBool config.showStacktraces}"
show_application_state_messages = "${formatBool config.showApplicationStateMessages}"
module_path = "${pkgs.icingaweb2}/modules${optionalString (builtins.length config.modulePath > 0) ":${concatStringsSep ":" config.modulePath}"}"
config_backend = "${config.configBackend}"
${optionalString (config.configBackend == "db") ''config_resource = "${config.configResource}"''}
[logging]
log = "${config.log}"
${optionalString (config.log != "none") ''level = "${config.logLevel}"''}
${optionalString (config.log == "php" || config.log == "syslog") ''application = "${config.logApplication}"''}
${optionalString (config.log == "syslog") ''facility = "${config.logFacility}"''}
${optionalString (config.log == "file") ''file = "${config.logFile}"''}
[themes]
default = "${config.themeDefault}"
disabled = "${formatBool config.themeDisabled}"
[authentication]
${optionalString (config.authDefaultDomain != null) ''default_domain = "${config.authDefaultDomain}"''}
'';
resourcesIni = concatStringsSep "\n" (mapAttrsToList (name: config: ''
[${name}]
type = "${config.type}"
${optionalString (config.type == "db") ''
db = "${config.db}"
host = "${config.host}"
${optionalString (config.port != null) ''port = "${toString config.port}"''}
username = "${config.username}"
password = "${config.password}"
dbname = "${config.dbname}"
${optionalString (config.charset != null) ''charset = "${config.charset}"''}
use_ssl = "${formatBool config.useSSL}"
${optionalString (config.sslCert != null) ''ssl_cert = "${config.sslCert}"''}
${optionalString (config.sslKey != null) ''ssl_cert = "${config.sslKey}"''}
${optionalString (config.sslCA != null) ''ssl_cert = "${config.sslCA}"''}
${optionalString (config.sslCApath != null) ''ssl_cert = "${config.sslCApath}"''}
${optionalString (config.sslCipher != null) ''ssl_cert = "${config.sslCipher}"''}
''}
${optionalString (config.type == "ldap") ''
hostname = "${config.host}"
${optionalString (config.port != null) ''port = "${toString config.port}"''}
root_dn = "${config.rootDN}"
bind_dn = "${config.username}"
bind_pw = "${config.password}"
encryption = "${config.ldapEncryption}"
timeout = "${toString config.ldapTimeout}"
''}
${optionalString (config.type == "ssh") ''
user = "${config.username}"
private_key = "${config.sshPrivateKey}"
''}
'') cfg.resources);
authenticationIni = concatStringsSep "\n" (mapAttrsToList (name: config: ''
[${name}]
backend = "${config.backend}"
${optionalString (config.domain != null) ''domain = "${config.domain}"''}
${optionalString (config.backend == "external" && config.externalStripRegex != null) ''strip_username_regexp = "${config.externalStripRegex}"''}
${optionalString (config.backend != "external") ''resource = "${config.resource}"''}
${optionalString (config.backend == "ldap" || config.backend == "msldap") ''
${optionalString (config.ldapUserClass != null) ''user_class = "${config.ldapUserClass}"''}
${optionalString (config.ldapUserNameAttr != null) ''user_name_attribute = "${config.ldapUserNameAttr}"''}
${optionalString (config.ldapFilter != null) ''filter = "${config.ldapFilter}"''}
''}
'') cfg.authentications);
groupsIni = concatStringsSep "\n" (mapAttrsToList (name: config: ''
[${name}]
backend = "${config.backend}"
resource = "${config.resource}"
${optionalString (config.backend != "db") ''
${optionalString (config.ldapUserClass != null) ''user_class = "${config.ldapUserClass}"''}
${optionalString (config.ldapUserNameAttr != null) ''user_name_attribute = "${config.ldapUserNameAttr}"''}
${optionalString (config.ldapGroupClass != null) ''group_class = "${config.ldapGroupClass}"''}
${optionalString (config.ldapGroupNameAttr != null) ''group_name_attribute = "${config.ldapGroupNameAttr}"''}
${optionalString (config.ldapGroupFilter != null) ''group_filter = "${config.ldapGroupFilter}"''}
''}
${optionalString (config.backend == "msldap" && config.ldapNestedSearch) ''nested_group_search = "1"''}
'') cfg.groupBackends);
rolesIni = let
optionalList = var: attribute: optionalString (builtins.length var > 0) ''${attribute} = "${concatStringsSep "," var}"'';
in concatStringsSep "\n" (mapAttrsToList (name: config: ''
[${name}]
${optionalList config.users "users"}
${optionalList config.groups "groups"}
${optionalList config.permissions "permissions"}
${optionalList config.permissions "permissions"}
${concatStringsSep "\n" (mapAttrsToList (key: value: optionalList value key) config.extraAssignments)}
'') cfg.roles);
defaultConfig = {
global = {
module_path = "${pkgs.icingaweb2}/modules${optionalString (builtins.length config.modulePath > 0) ":${concatStringsSep ":" config.modulePath}"}";
};
};
in {
options.services.icingaweb2 = with types; {
enable = mkEnableOption "the icingaweb2 web interface";
pool = mkOption {
type = str;
default = "${poolName}";
default = poolName;
description = ''
Name of existing PHP-FPM pool that is used to run Icingaweb2.
If not specified, a pool will automatically created with default values.
@ -143,7 +49,7 @@ in {
default = {};
example = literalExample ''
{
"snow" = pkgs.icingaweb2Modules.theme-snow;
"snow" = icingaweb2Modules.theme-snow;
}
'';
description = ''
@ -153,406 +59,112 @@ in {
'';
};
generalConfig = {
mutable = mkOption {
type = bool;
default = false;
generalConfig = mkOption {
type = nullOr attrs;
default = null;
example = {
general = {
showStacktraces = 1;
config_resource = "icingaweb_db";
};
logging = {
log = "syslog";
level = "CRITICAL";
};
};
description = ''
Make config.ini mutable (e.g. via the web interface).
Not that you need to update module_path manually.
config.ini contents.
Will automatically be converted to a .ini file.
If you don't set global.module_path, the module will take care of it.
If the value is null, no config.ini is created and you can
modify it manually (e.g. via the web interface).
Note that you need to update module_path manually.
'';
};
showStacktraces = mkOption {
type = bool;
default = true;
description = "Enable stack traces in the Web UI";
};
showApplicationStateMessages = mkOption {
type = bool;
default = true;
description = "Enable application state messages in the Web UI";
};
modulePath = mkOption {
type = listOf str;
default = [];
description = "List of additional module search paths";
};
configBackend = mkOption {
type = enum [ "ini" "db" "none" ];
default = "db";
description = "Where to store user preferences";
};
configResource = mkOption {
type = nullOr str;
default = null;
description = "Database resource where user preferences are stored (if they are stored in a database)";
};
log = mkOption {
type = enum [ "syslog" "php" "file" "none" ];
default = "syslog";
description = "Logging target";
};
logLevel = mkOption {
type = enum [ "ERROR" "WARNING" "INFO" "DEBUG" ];
default = "ERROR";
description = "Maximum logging level to emit";
};
logApplication = mkOption {
type = str;
default = "icingaweb2";
description = "Application name to log under (syslog and php log)";
};
logFacility = mkOption {
type = enum [ "user" "local0" "local1" "local2" "local3" "local4" "local5" "local6" "local7" ];
default = "user";
description = "Syslog facility to log to";
};
logFile = mkOption {
type = str;
default = "/var/log/icingaweb2/icingaweb2.log";
description = "File to log to";
};
themeDefault = mkOption {
type = str;
default = "Icinga";
description = "Name of the default theme";
};
themeDisabled = mkOption {
type = bool;
default = false;
description = "Disallow users to change the theme";
};
authDefaultDomain = mkOption {
type = nullOr str;
default = null;
description = "Domain for users logging in without a qualified domain";
};
};
mutableResources = mkOption {
type = bool;
default = false;
description = "Make resources.ini mutable (e.g. via the web interface)";
};
resources = mkOption {
default = {};
description = "Icingaweb 2 resources to define";
type = attrsOf (submodule ({ name, ... }: {
options = {
name = mkOption {
visible = false;
default = name;
type = str;
description = "Name of this resource";
};
type = mkOption {
type = enum [ "db" "ldap" "ssh" ];
default = "db";
description = "Type of this resouce";
};
db = mkOption {
type = enum [ "mysql" "pgsql" ];
default = "mysql";
description = "Type of this database resource";
};
host = mkOption {
type = str;
description = "Host to connect to";
};
port = mkOption {
type = nullOr port;
type = nullOr attrs;
default = null;
description = "Port to connect on";
example = {
icingaweb_db = {
type = "db";
db = "mysql";
host = "localhost";
username = "icingaweb2";
password = "icingaweb2";
dbname = "icingaweb2";
};
};
description = ''
resources.ini contents.
Will automatically be converted to a .ini file.
username = mkOption {
type = str;
description = "Database or SSH user or LDAP bind DN to connect with";
};
password = mkOption {
type = str;
description = "Password for the database user or LDAP bind DN";
};
dbname = mkOption {
type = str;
description = "Name of the database to connect to";
};
charset = mkOption {
type = nullOr str;
default = null;
example = "utf8";
description = "Database character set to connect with";
};
useSSL = mkOption {
type = nullOr bool;
default = false;
description = "Whether to connect to the database using SSL";
};
sslCert = mkOption {
type = nullOr str;
default = null;
description = "The file path to the SSL certificate. Only available for the mysql database.";
};
sslKey = mkOption {
type = nullOr str;
default = null;
description = "The file path to the SSL key. Only available for the mysql database.";
};
sslCA = mkOption {
type = nullOr str;
default = null;
description = "The file path to the SSL certificate authority. Only available for the mysql database.";
};
sslCApath = mkOption {
type = nullOr str;
default = null;
description = "The file path to the directory that contains the trusted SSL CA certificates in PEM format. Only available for the mysql database.";
};
sslCipher = mkOption {
type = nullOr str;
default = null;
description = "A list of one or more permissible ciphers to use for SSL encryption, in a format understood by OpenSSL. Only available for the mysql database.";
};
rootDN = mkOption {
type = str;
description = "Root object of the LDAP tree";
};
ldapEncryption = mkOption {
type = enum [ "none" "starttls" "ldaps" ];
default = "none";
description = "LDAP encryption to use";
};
ldapTimeout = mkOption {
type = ints.positive;
default = 5;
description = "Connection timeout for every LDAP connection";
};
sshPrivateKey = mkOption {
type = str;
description = "The path to the private key of the user";
};
};
}));
};
mutableAuthConfig = mkOption {
type = bool;
default = true;
description = "Make authentication.ini mutable (e.g. via the web interface)";
If the value is null, no resources.ini is created and you can
modify it manually (e.g. via the web interface).
Note that if you set passwords here, they will go into the nix store.
'';
};
authentications = mkOption {
default = {};
description = "Icingaweb 2 authentications to define";
type = attrsOf (submodule ({ name, ... }: {
options = {
name = mkOption {
visible = false;
default = name;
type = str;
description = "Name of this authentication";
};
backend = mkOption {
type = enum [ "external" "ldap" "msldap" "db" ];
default = "db";
description = "The type of this authentication backend";
};
domain = mkOption {
type = nullOr str;
type = nullOr attrs;
default = null;
description = "Domain for domain-aware authentication";
example = {
icingaweb = {
backend = "db";
resource = "icingaweb_db";
};
};
description = ''
authentication.ini contents.
Will automatically be converted to a .ini file.
externalStripRegex = mkOption {
type = nullOr str;
default = null;
description = "Regular expression to strip off specific user name parts";
};
resource = mkOption {
type = str;
description = "Name of the database/LDAP resource";
};
ldapUserClass = mkOption {
type = nullOr str;
default = null;
description = "LDAP user class";
};
ldapUserNameAttr = mkOption {
type = nullOr str;
default = null;
description = "LDAP attribute which contains the username";
};
ldapFilter = mkOption {
type = nullOr str;
default = null;
description = "LDAP search filter";
};
};
}));
};
mutableGroupsConfig = mkOption {
type = bool;
default = true;
description = "Make groups.ini mutable (e.g. via the web interface)";
If the value is null, no authentication.ini is created and you can
modify it manually (e.g. via the web interface).
'';
};
groupBackends = mkOption {
default = {};
description = "Icingaweb 2 group backends to define";
type = attrsOf (submodule ({ name, ... }: {
options = {
name = mkOption {
visible = false;
default = name;
type = str;
description = "Name of this group backend";
};
backend = mkOption {
type = enum [ "ldap" "msldap" "db" ];
default = "db";
description = "The type of this group backend";
};
resource = mkOption {
type = str;
description = "Name of the database/LDAP resource";
};
ldapUserClass = mkOption {
type = nullOr str;
type = nullOr attrs;
default = null;
description = "LDAP user class";
example = {
icingaweb = {
backend = "db";
resource = "icingaweb_db";
};
};
description = ''
groups.ini contents.
Will automatically be converted to a .ini file.
ldapUserNameAttr = mkOption {
type = nullOr str;
default = null;
description = "LDAP attribute which contains the username";
};
ldapGroupClass = mkOption {
type = nullOr str;
default = null;
description = "LDAP group class";
};
ldapGroupNameAttr = mkOption {
type = nullOr str;
default = null;
description = "LDAP attribute which contains the groupname";
};
ldapGroupFilter = mkOption {
type = nullOr str;
default = null;
description = "LDAP group search filter";
};
ldapNestedSearch = mkOption {
type = bool;
default = false;
description = "Enable nested group search in Active Directory based on the user";
};
};
}));
};
mutableRolesConfig = mkOption {
type = bool;
default = true;
description = "Make roles.ini mutable (e.g. via the web interface)";
If the value is null, no groups.ini is created and you can
modify it manually (e.g. via the web interface).
'';
};
roles = mkOption {
default = {};
description = "Icingaweb 2 roles to define";
type = attrsOf (submodule ({ name, ... }: {
options = {
name = mkOption {
visible = false;
default = name;
type = str;
description = "Name of this role";
type = nullOr attrs;
default = null;
example = {
Administrators = {
users = "admin";
permissions = "*";
};
};
description = ''
roles.ini contents.
Will automatically be converted to a .ini file.
users = mkOption {
type = listOf str;
default = [];
description = "List of users that are assigned to the role";
};
groups = mkOption {
type = listOf str;
default = [];
description = "List of groups that are assigned to the role";
};
permissions = mkOption {
type = listOf str;
default = [];
example = [ "application/share/navigation" "config/*" ];
description = "The permissions to grant";
};
extraAssignments = mkOption {
type = attrsOf (listOf str);
default = {};
example = { "monitoring/blacklist/properties" = [ "sla" "customer"]; };
description = "Additional assignments of this role";
};
};
}));
If the value is null, no roles.ini is created and you can
modify it manually (e.g. via the web interface).
'';
};
};
config = mkIf cfg.enable {
services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") {
"${poolName}" = {
listen = phpfpmSocketName;
phpOptions = ''
extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
date.timezone = "${cfg.timezone}"
'';
extraConfig = ''
"${poolName}" = ''
listen = "${phpfpmSocketName}"
listen.owner = nginx
listen.group = nginx
listen.mode = 0600
@ -564,7 +176,12 @@ in {
pm.max_spare_servers = 10
'';
};
};
services.phpfpm.phpOptions = mkIf (cfg.pool == "${poolName}")
''
extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
date.timezone = "${cfg.timezone}"
'';
systemd.services."phpfpm-${poolName}".serviceConfig.ReadWritePaths = [ "/etc/icingaweb2" ];
@ -609,11 +226,11 @@ in {
// doModule "test"
// doModule "translation"
# Configs
// optionalAttrs (!cfg.generalConfig.mutable) { "icingaweb2/config.ini".text = configIni; }
// optionalAttrs (!cfg.mutableResources) { "icingaweb2/resources.ini".text = resourcesIni; }
// optionalAttrs (!cfg.mutableAuthConfig) { "icingaweb2/authentication.ini".text = authenticationIni; }
// optionalAttrs (!cfg.mutableGroupsConfig) { "icingaweb2/groups.ini".text = groupsIni; }
// optionalAttrs (!cfg.mutableRolesConfig) { "icingaweb2/roles.ini".text = rolesIni; };
// optionalAttrs (cfg.generalConfig != null) { "icingaweb2/config.ini".text = generators.toINI {} (defaultConfig // cfg.generalConfig); }
// optionalAttrs (cfg.resources != null) { "icingaweb2/resources.ini".text = generators.toINI {} cfg.resources; }
// optionalAttrs (cfg.authentications != null) { "icingaweb2/authentication.ini".text = generators.toINI {} cfg.authentications; }
// optionalAttrs (cfg.groupBackends != null) { "icingaweb2/groups.ini".text = generators.toINI {} cfg.groupBackends; }
// optionalAttrs (cfg.roles != null) { "icingaweb2/roles.ini".text = generators.toINI {} cfg.roles; };
# User and group
users.groups.icingaweb2 = {};

14
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -44,19 +44,7 @@ let
}
''));
awkFormat = builtins.toFile "awkFormat-nginx.awk" ''
awk -f
{sub(/^[ \t]+/,"");idx=0}
/\{/{ctx++;idx=1}
/\}/{ctx--}
{id="";for(i=idx;i<ctx;i++)id=sprintf("%s%s", id, "\t");printf "%s%s\n", id, $0}
'';
configFile = pkgs.runCommand "nginx.conf" {} (''
awk -f ${awkFormat} ${pre-configFile} | sed '/^\s*$/d' > $out
'');
pre-configFile = pkgs.writeText "pre-nginx.conf" ''
configFile = pkgs.writers.writeNginxConfig "nginx.conf" ''
user ${cfg.user} ${cfg.group};
error_log ${cfg.logError};
daemon off;

19
nixos/modules/services/x11/colord.nix
View File

@ -18,22 +18,23 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.colord ];
services.dbus.packages = [ pkgs.colord ];
services.udev.packages = [ pkgs.colord ];
environment.systemPackages = [ pkgs.colord ];
systemd.packages = [ pkgs.colord ];
systemd.services.colord = {
description = "Manage, Install and Generate Color Profiles";
serviceConfig = {
Type = "dbus";
BusName = "org.freedesktop.ColorManager";
ExecStart = "${pkgs.colord}/libexec/colord";
PrivateTmp = true;
};
environment.etc."tmpfiles.d/colord.conf".source = "${pkgs.colord}/lib/tmpfiles.d/colord.conf";
users.users.colord = {
home = "/var/lib/colord";
group = "colord";
};
users.groups.colord = {};
};
}

9
nixos/modules/system/boot/systemd-lib.nix
View File

@ -9,12 +9,11 @@ in rec {
shellEscape = s: (replaceChars [ "\\" ] [ "\\\\" ] s);
mkPathSafeName = lib.replaceChars ["@" ":" "\\" "[" "]"] ["-" "-" "-" "" ""];
makeUnit = name: unit:
let
pathSafeName = lib.replaceChars ["@" ":" "\\" "[" "]"] ["-" "-" "-" "" ""] name;
in
if unit.enable then
pkgs.runCommand "unit-${pathSafeName}"
pkgs.runCommand "unit-${mkPathSafeName name}"
{ preferLocalBuild = true;
allowSubstitutes = false;
inherit (unit) text;
@ -24,7 +23,7 @@ in rec {
echo -n "$text" > $out/${shellEscape name}
''
else
pkgs.runCommand "unit-${pathSafeName}-disabled"
pkgs.runCommand "unit-${mkPathSafeName name}-disabled"
{ preferLocalBuild = true;
allowSubstitutes = false;
}

7
nixos/tests/all-tests.nix
View File

@ -114,10 +114,11 @@ in
ipv6 = handleTest ./ipv6.nix {};
jackett = handleTest ./jackett.nix {};
jenkins = handleTest ./jenkins.nix {};
#kafka = handleTest ./kafka.nix {}; # broken since openjdk: 8u181 -> 8u192
kafka = handleTest ./kafka.nix {};
kerberos = handleTest ./kerberos/default.nix {};
kernel-latest = handleTest ./kernel-latest.nix {};
kernel-lts = handleTest ./kernel-lts.nix {};
kernel-testing = handleTest ./kernel-testing.nix {};
keymap = handleTest ./keymap.nix {};
knot = handleTest ./knot.nix {};
kubernetes.dns = handleTestOn ["x86_64-linux"] ./kubernetes/dns.nix {};
@ -131,6 +132,7 @@ in
#lightdm = handleTest ./lightdm.nix {};
login = handleTest ./login.nix {};
#logstash = handleTest ./logstash.nix {};
mailcatcher = handleTest ./mailcatcher.nix {};
mathics = handleTest ./mathics.nix {};
matrix-synapse = handleTest ./matrix-synapse.nix {};
memcached = handleTest ./memcached.nix {};
@ -220,6 +222,8 @@ in
switchTest = handleTest ./switch-test.nix {};
syncthing-relay = handleTest ./syncthing-relay.nix {};
systemd = handleTest ./systemd.nix {};
systemd-confinement = handleTest ./systemd-confinement.nix {};
pdns-recursor = handleTest ./pdns-recursor.nix {};
taskserver = handleTest ./taskserver.nix {};
telegraf = handleTest ./telegraf.nix {};
tomcat = handleTest ./tomcat.nix {};
@ -229,6 +233,7 @@ in
upnp = handleTest ./upnp.nix {};
vault = handleTest ./vault.nix {};
virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};
wireguard = handleTest ./wireguard {};
wordpress = handleTest ./wordpress.nix {};
xautolock = handleTest ./xautolock.nix {};
xdg-desktop-portal = handleTest ./xdg-desktop-portal.nix {};

4
nixos/tests/docker-tools.nix
View File

@ -34,8 +34,8 @@ import ./make-test.nix ({ pkgs, ... }: {
# To test the pullImage tool
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.nixFromDockerHub}'");
$docker->succeed("docker run --rm nixos/nix:2.2.1 nix-store --version");
$docker->succeed("docker rmi nixos/nix:2.2.1");
$docker->succeed("docker run --rm nix:2.2.1 nix-store --version");
$docker->succeed("docker rmi nix:2.2.1");
# To test runAsRoot and entry point
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.nginx}'");

1
nixos/tests/kafka.nix
View File

@ -72,4 +72,5 @@ in with pkgs; {
kafka_1_1 = makeKafkaTest "kafka_1_1" apacheKafka_1_1;
kafka_2_0 = makeKafkaTest "kafka_2_0" apacheKafka_2_0;
kafka_2_1 = makeKafkaTest "kafka_2_1" apacheKafka_2_1;
kafka_2_2 = makeKafkaTest "kafka_2_2" apacheKafka_2_2;
}

17
nixos/tests/kernel-testing.nix Normal file
View File

@ -0,0 +1,17 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "kernel-testing";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ nequissimus ];
};
machine = { pkgs, ... }:
{
boot.kernelPackages = pkgs.linuxPackages_testing;
};
testScript =
''
$machine->succeed("uname -s | grep 'Linux'");
$machine->succeed("uname -a | grep '${pkgs.linuxPackages_testing.kernel.modDirVersion}'");
'';
})

9
nixos/tests/ldap.nix
View File

@ -28,20 +28,19 @@ let
users.ldap.daemon = {
enable = useDaemon;
rootpwmoddn = "cn=admin,${dbSuffix}";
rootpwmodpw = "/etc/nslcd.rootpwmodpw";
rootpwmodpwFile = "/etc/nslcd.rootpwmodpw";
};
# NOTE: password stored in clear in Nix's store, but this is a test.
environment.etc."nslcd.rootpwmodpw".source = pkgs.writeText "rootpwmodpw" dbAdminPwd;
users.ldap.loginPam = true;
users.ldap.nsswitch = true;
users.ldap.server = "ldap://server";
users.ldap.base = "ou=posix,${dbSuffix}";
users.ldap.bind = {
distinguishedName = "cn=admin,${dbSuffix}";
password = "/etc/ldap/bind.password";
passwordFile = "/etc/ldap/bind.password";
};
# NOTE: password stored in clear in Nix's store, but this is a test.
# NOTE: passwords stored in clear in Nix's store, but this is a test.
environment.etc."ldap/bind.password".source = pkgs.writeText "password" dbAdminPwd;
environment.etc."nslcd.rootpwmodpw".source = pkgs.writeText "rootpwmodpw" dbAdminPwd;
};
in

26
nixos/tests/mailcatcher.nix Normal file
View File

@ -0,0 +1,26 @@
import ./make-test.nix ({ lib, ... }:
{
name = "mailcatcher";
meta.maintainers = [ lib.maintainers.aanderse ];
machine =
{ pkgs, ... }:
{
services.mailcatcher.enable = true;
networking.defaultMailServer.directDelivery = true;
networking.defaultMailServer.hostName = "localhost:1025";
environment.systemPackages = [ pkgs.mailutils ];
};
testScript = ''
startAll;
$machine->waitForUnit('mailcatcher.service');
$machine->waitForOpenPort('1025');
$machine->succeed('echo "this is the body of the email" | mail -s "subject" root@example.org');
$machine->succeed('curl http://localhost:1080/messages/1.source') =~ /this is the body of the email/ or die;
'';
})

29
nixos/tests/minio.nix
View File

@ -1,4 +1,24 @@
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test.nix ({ pkgs, ...} :
let
accessKey = "BKIKJAA5BMMU2RHO6IBB";
secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12";
minioPythonScript = pkgs.writeScript "minio-test.py" ''
#! ${pkgs.python3.withPackages(ps: [ ps.minio ])}/bin/python
import io
import os
from minio import Minio
minioClient = Minio('localhost:9000',
access_key='${accessKey}',
secret_key='${secretKey}',
secure=False)
sio = io.BytesIO()
sio.write(b'Test from Python')
sio.seek(0, os.SEEK_END)
sio_len = sio.tell()
sio.seek(0)
minioClient.put_object('test-bucket', 'test.txt', sio, sio_len, content_type='text/plain')
'';
in {
name = "minio";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ bachp ];
@ -8,8 +28,7 @@ import ./make-test.nix ({ pkgs, ...} : {
machine = { pkgs, ... }: {
services.minio = {
enable = true;
accessKey = "BKIKJAA5BMMU2RHO6IBB";
secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12";
inherit accessKey secretKey;
};
environment.systemPackages = [ pkgs.minio-client ];
@ -25,9 +44,11 @@ import ./make-test.nix ({ pkgs, ...} : {
$machine->waitForOpenPort(9000);
# Create a test bucket on the server
$machine->succeed("mc config host add minio http://localhost:9000 BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 S3v4");
$machine->succeed("mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} S3v4");
$machine->succeed("mc mb minio/test-bucket");
$machine->succeed("${minioPythonScript}");
$machine->succeed("mc ls minio") =~ /test-bucket/ or die;
$machine->succeed("mc cat minio/test-bucket/test.txt") =~ /Test from Python/ or die;
$machine->shutdown;
'';

28
nixos/tests/mysql.nix
View File

@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ...} : {
};
nodes = {
master =
mysql =
{ pkgs, ... }:
{
@ -13,12 +13,34 @@ import ./make-test.nix ({ pkgs, ...} : {
services.mysql.initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ];
services.mysql.package = pkgs.mysql;
};
mariadb =
{ pkgs, ... }:
{
users.users.testuser = { };
services.mysql.enable = true;
services.mysql.ensureDatabases = [ "testdb" ];
services.mysql.ensureUsers = [{
name = "testuser";
ensurePermissions = {
"testdb.*" = "ALL PRIVILEGES";
};
}];
services.mysql.package = pkgs.mariadb;
};
};
testScript = ''
startAll;
$master->waitForUnit("mysql");
$master->succeed("echo 'use testdb; select * from tests' | mysql -u root -N | grep 4");
$mysql->waitForUnit("mysql");
$mysql->succeed("echo 'use testdb; select * from tests' | mysql -u root -N | grep 4");
$mariadb->waitForUnit("mysql");
$mariadb->succeed("echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser");
$mariadb->succeed("echo 'use testdb; insert into tests values (42);' | sudo -u testuser mysql -u testuser");
$mariadb->succeed("echo 'use testdb; select test_id from tests' | sudo -u testuser mysql -u testuser -N | grep 42");
'';
})

14
nixos/tests/openldap.nix
View File

@ -4,16 +4,12 @@ import ./make-test.nix {
machine = { pkgs, ... }: {
services.openldap = {
enable = true;
extraConfig = ''
include ${pkgs.openldap}/etc/schema/core.schema
include ${pkgs.openldap}/etc/schema/cosine.schema
include ${pkgs.openldap}/etc/schema/inetorgperson.schema
include ${pkgs.openldap}/etc/schema/nis.schema
database bdb
suffix dc=example
suffix = "dc=example";
rootdn = "cn=root,dc=example";
rootpw = "notapassword";
database = "bdb";
extraDatabaseConfig = ''
directory /var/db/openldap
rootdn cn=root,dc=example
rootpw notapassword
'';
declarativeContents = ''
dn: dc=example

12
nixos/tests/pdns-recursor.nix Normal file
View File

@ -0,0 +1,12 @@
import ./make-test.nix ({ pkgs, ... }: {
name = "powerdns";
nodes.server = { ... }: {
services.pdns-recursor.enable = true;
};
testScript = ''
$server->waitForUnit("pdns-recursor");
$server->waitForOpenPort("53");
'';
})

168
nixos/tests/systemd-confinement.nix Normal file
View File

@ -0,0 +1,168 @@
import ./make-test.nix {
name = "systemd-confinement";
machine = { pkgs, lib, ... }: let
testServer = pkgs.writeScript "testserver.sh" ''
#!${pkgs.stdenv.shell}
export PATH=${lib.escapeShellArg "${pkgs.coreutils}/bin"}
${lib.escapeShellArg pkgs.stdenv.shell} 2>&1
echo "exit-status:$?"
'';
testClient = pkgs.writeScriptBin "chroot-exec" ''
#!${pkgs.stdenv.shell} -e
output="$(echo "$@" | nc -NU "/run/test$(< /teststep).sock")"
ret="$(echo "$output" | sed -nre '$s/^exit-status:([0-9]+)$/\1/p')"
echo "$output" | head -n -1
exit "''${ret:-1}"
'';
mkTestStep = num: { description, config ? {}, testScript }: {
systemd.sockets."test${toString num}" = {
description = "Socket for Test Service ${toString num}";
wantedBy = [ "sockets.target" ];
socketConfig.ListenStream = "/run/test${toString num}.sock";
socketConfig.Accept = true;
};
systemd.services."test${toString num}@" = {
description = "Confined Test Service ${toString num}";
confinement = (config.confinement or {}) // { enable = true; };
serviceConfig = (config.serviceConfig or {}) // {
ExecStart = testServer;
StandardInput = "socket";
};
} // removeAttrs config [ "confinement" "serviceConfig" ];
__testSteps = lib.mkOrder num ''
subtest '${lib.escape ["\\" "'"] description}', sub {
$machine->succeed('echo ${toString num} > /teststep');
${testScript}
};
'';
};
in {
imports = lib.imap1 mkTestStep [
{ description = "chroot-only confinement";
config.confinement.mode = "chroot-only";
testScript = ''
$machine->succeed(
'test "$(chroot-exec ls -1 / | paste -sd,)" = bin,nix',
'test "$(chroot-exec id -u)" = 0',
'chroot-exec chown 65534 /bin',
);
'';
}
{ description = "full confinement with APIVFS";
testScript = ''
$machine->fail(
'chroot-exec ls -l /etc',
'chroot-exec ls -l /run',
'chroot-exec chown 65534 /bin',
);
$machine->succeed(
'test "$(chroot-exec id -u)" = 0',
'chroot-exec chown 0 /bin',
);
'';
}
{ description = "check existence of bind-mounted /etc";
config.serviceConfig.BindReadOnlyPaths = [ "/etc" ];
testScript = ''
$machine->succeed('test -n "$(chroot-exec cat /etc/passwd)"');
'';
}
{ description = "check if User/Group really runs as non-root";
config.serviceConfig.User = "chroot-testuser";
config.serviceConfig.Group = "chroot-testgroup";
testScript = ''
$machine->succeed('chroot-exec ls -l /dev');
$machine->succeed('test "$(chroot-exec id -u)" != 0');
$machine->fail('chroot-exec touch /bin/test');
'';
}
(let
symlink = pkgs.runCommand "symlink" {
target = pkgs.writeText "symlink-target" "got me\n";
} "ln -s \"$target\" \"$out\"";
in {
description = "check if symlinks are properly bind-mounted";
config.confinement.packages = lib.singleton symlink;
testScript = ''
$machine->fail('chroot-exec test -e /etc');
$machine->succeed('chroot-exec cat ${symlink} >&2');
$machine->succeed('test "$(chroot-exec cat ${symlink})" = "got me"');
'';
})
{ description = "check if StateDirectory works";
config.serviceConfig.User = "chroot-testuser";
config.serviceConfig.Group = "chroot-testgroup";
config.serviceConfig.StateDirectory = "testme";
testScript = ''
$machine->succeed('chroot-exec touch /tmp/canary');
$machine->succeed('chroot-exec "echo works > /var/lib/testme/foo"');
$machine->succeed('test "$(< /var/lib/testme/foo)" = works');
$machine->succeed('test ! -e /tmp/canary');
'';
}
{ description = "check if /bin/sh works";
testScript = ''
$machine->succeed(
'chroot-exec test -e /bin/sh',
'test "$(chroot-exec \'/bin/sh -c "echo bar"\')" = bar',
);
'';
}
{ description = "check if suppressing /bin/sh works";
config.confinement.binSh = null;
testScript = ''
$machine->succeed(
'chroot-exec test ! -e /bin/sh',
'test "$(chroot-exec \'/bin/sh -c "echo foo"\')" != foo',
);
'';
}
{ description = "check if we can set /bin/sh to something different";
config.confinement.binSh = "${pkgs.hello}/bin/hello";
testScript = ''
$machine->succeed(
'chroot-exec test -e /bin/sh',
'test "$(chroot-exec /bin/sh -g foo)" = foo',
);
'';
}
{ description = "check if only Exec* dependencies are included";
config.environment.FOOBAR = pkgs.writeText "foobar" "eek\n";
testScript = ''
$machine->succeed('test "$(chroot-exec \'cat "$FOOBAR"\')" != eek');
'';
}
{ description = "check if all unit dependencies are included";
config.environment.FOOBAR = pkgs.writeText "foobar" "eek\n";
config.confinement.fullUnit = true;
testScript = ''
$machine->succeed('test "$(chroot-exec \'cat "$FOOBAR"\')" = eek');
'';
}
];
options.__testSteps = lib.mkOption {
type = lib.types.lines;
description = "All of the test steps combined as a single script.";
};
config.environment.systemPackages = lib.singleton testClient;
config.users.groups.chroot-testgroup = {};
config.users.users.chroot-testuser = {
description = "Chroot Test User";
group = "chroot-testgroup";
};
};
testScript = { nodes, ... }: ''
$machine->waitForUnit('multi-user.target');
${nodes.machine.config.__testSteps}
'';
}

97
nixos/tests/wireguard/default.nix Normal file
View File

@ -0,0 +1,97 @@
let
wg-snakeoil-keys = import ./snakeoil-keys.nix;
in
import ../make-test.nix ({ pkgs, ...} : {
name = "wireguard";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ma27 ];
};
nodes = {
peer0 = { lib, ... }: {
boot.kernel.sysctl = {
"net.ipv6.conf.all.forwarding" = "1";
"net.ipv6.conf.default.forwarding" = "1";
"net.ipv4.ip_forward" = "1";
};
networking.useDHCP = false;
networking.interfaces.eth1 = {
ipv4.addresses = lib.singleton {
address = "192.168.0.1";
prefixLength = 24;
};
ipv6.addresses = lib.singleton {
address = "fd00::1";
prefixLength = 64;
};
};
networking.firewall.allowedUDPPorts = [ 23542 ];
networking.wireguard.interfaces.wg0 = {
ips = [ "10.23.42.1/32" "fc00::1/128" ];
listenPort = 23542;
inherit (wg-snakeoil-keys.peer0) privateKey;
peers = lib.singleton {
allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ];
inherit (wg-snakeoil-keys.peer1) publicKey;
};
};
};
peer1 = { pkgs, lib, ... }: {
boot.kernel.sysctl = {
"net.ipv6.conf.all.forwarding" = "1";
"net.ipv6.conf.default.forwarding" = "1";
"net.ipv4.ip_forward" = "1";
};
networking.useDHCP = false;
networking.interfaces.eth1 = {
ipv4.addresses = lib.singleton {
address = "192.168.0.2";
prefixLength = 24;
};
ipv6.addresses = lib.singleton {
address = "fd00::2";
prefixLength = 64;
};
};
networking.wireguard.interfaces.wg0 = {
ips = [ "10.23.42.2/32" "fc00::2/128" ];
listenPort = 23542;
allowedIPsAsRoutes = false;
inherit (wg-snakeoil-keys.peer1) privateKey;
peers = lib.singleton {
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "192.168.0.1:23542";
persistentKeepalive = 25;
inherit (wg-snakeoil-keys.peer0) publicKey;
};
postSetup = let inherit (pkgs) iproute; in ''
${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0
${iproute}/bin/ip route replace fc00::1/128 dev wg0
'';
};
};
};
testScript = ''
startAll;
$peer0->waitForUnit("wireguard-wg0.service");
$peer1->waitForUnit("wireguard-wg0.service");
$peer1->succeed("ping -c5 fc00::1");
$peer1->succeed("ping -c5 10.23.42.1")
'';
})

11
nixos/tests/wireguard/snakeoil-keys.nix Normal file
View File

@ -0,0 +1,11 @@
{
peer0 = {
privateKey = "OPuVRS2T0/AtHDp3PXkNuLQYDiqJaBEEnYe42BSnJnQ=";
publicKey = "IujkG119YPr2cVQzJkSLYCdjpHIDjvr/qH1w1tdKswY=";
};
peer1 = {
privateKey = "uO8JVo/sanx2DOM0L9GUEtzKZ82RGkRnYgpaYc7iXmg=";
publicKey = "Ks9yRJIi/0vYgRmn14mIOQRwkcUGBujYINbMpik2SBI=";
};
}

24
pkgs/applications/altcoins/monero-gui/default.nix
View File

@ -2,8 +2,8 @@
, makeWrapper, makeDesktopItem
, qtbase, qmake, qtmultimedia, qttools
, qtgraphicaleffects, qtdeclarative
, qtlocation, qtquickcontrols2, qtwebchannel
, qtwebengine, qtx11extras, qtxmlpatterns
, qtlocation, qtquickcontrols, qtquickcontrols2
, qtwebchannel, qtwebengine, qtx11extras, qtxmlpatterns
, monero, unbound, readline, boost, libunwind
, libsodium, pcsclite, zeromq, cppzmq, pkgconfig
, hidapi
@ -11,6 +11,18 @@
with stdenv.lib;
let
qmlPath = qmlLib: "${qmlLib}/${qtbase.qtQmlPrefix}";
qml2ImportPath = concatMapStringsSep ":" qmlPath [
qtbase.bin qtmultimedia.bin qtgraphicaleffects
qtdeclarative.bin qtlocation.bin
qtquickcontrols qtquickcontrols2.bin
qtwebchannel.bin qtwebengine.bin qtxmlpatterns
];
in
stdenv.mkDerivation rec {
name = "monero-gui-${version}";
version = "0.14.0.0";
@ -26,7 +38,8 @@ stdenv.mkDerivation rec {
buildInputs = [
qtbase qtmultimedia qtgraphicaleffects
qtdeclarative qtlocation qtquickcontrols2
qtdeclarative qtlocation
qtquickcontrols qtquickcontrols2
qtwebchannel qtwebengine qtx11extras
qtxmlpatterns monero unbound readline
boost libunwind libsodium pcsclite zeromq
@ -81,6 +94,11 @@ stdenv.mkDerivation rec {
cp $src/images/appicons/$size.png \
$out/share/icons/hicolor/$size/apps/monero.png
done;
# wrap runtime dependencies
wrapProgram $out/bin/monero-wallet-gui \
--set QML2_IMPORT_PATH "${qml2ImportPath}" \
--set QT_PLUGIN_PATH "${qtbase.bin}/${qtbase.qtPluginPrefix}"
'';
meta = {

3
pkgs/applications/audio/clementine/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, fetchpatch, boost, cmake, chromaprint, gettext, gst_all_1, liblastfm
, qt4, taglib, fftw, glew, qjson, sqlite, libgpod, libplist, usbmuxd, libmtp
, taglib, fftw, glew, qjson, sqlite, libgpod, libplist, usbmuxd, libmtp
, libpulseaudio, gvfs, libcdio, libechonest, libspotify, pcre, projectm, protobuf
, qca2, pkgconfig, sparsehash, config, makeWrapper, gst_plugins }:
@ -49,7 +49,6 @@ let
protobuf
qca2
qjson
qt4
sqlite
taglib
]

4
pkgs/applications/audio/lollypop/default.nix
View File

@ -5,7 +5,7 @@
python3.pkgs.buildPythonApplication rec {
pname = "lollypop";
version = "1.0";
version = "1.0.3";
format = "other";
doCheck = false;
@ -14,7 +14,7 @@ python3.pkgs.buildPythonApplication rec {
url = "https://gitlab.gnome.org/World/lollypop";
rev = "refs/tags/${version}";
fetchSubmodules = true;
sha256 = "00hjxpgmhzhyjjdpm92cbbxwnc17xdhhk8svk5ih3n18yk5655fs";
sha256 = "1gjxcwl467h7011j9v4zy1j0fjlz480ibvk4akr6xwjg894jykbx";
};
nativeBuildInputs = [

14
pkgs/applications/audio/meters_lv2/default.nix
View File

@ -1,24 +1,24 @@
{ stdenv, fetchurl, pkgconfig
, lv2, libGLU_combined, gtk2, cairo, pango, fftw }:
, lv2, libGLU_combined, gtk2, cairo, pango, fftwFloat, libjack2 }:
let
version = "0.8.1";
version = "0.9.10";
name = "meters.lv2-${version}";
# robtk submodule is pegged to this version
robtkVersion = "0.3.0";
robtkVersion = "0.6.2";
robtkName = "robtk-${robtkVersion}";
src = fetchurl {
name = "${name}.tar.gz";
url = "https://github.com/x42/meters.lv2/archive/v${version}.tar.gz";
sha256 = "142dg0j34mv5b0agajj2x1n9kgsmkfh08n1cjzk0j8n4xk2wb6ri";
sha256 = "0yfyn7j8g50w671b1z7ph4ppjx8ddj5c6nx53syp5y5mfr1b94nx";
};
robtkSrc = fetchurl {
name = "${robtkName}.tar.gz";
url = "https://github.com/x42/robtk/archive/v${robtkVersion}.tar.gz";
sha256 = "1ny89i2sgga56k7fxskp9y8sb7pfhp6wgw5mni842p19z6q7h8rq";
sha256 = "1v79xys1k2923wpivdjd44vand6c4agwvnrqi4c8kdv9r07b559v";
};
in
@ -26,15 +26,13 @@ stdenv.mkDerivation {
inherit name;
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ lv2 libGLU_combined gtk2 cairo pango fftw ];
buildInputs = [ lv2 libGLU_combined gtk2 cairo pango fftwFloat libjack2 ];
srcs = [ src robtkSrc ];
sourceRoot = name;
postUnpack = "mv ${robtkName}/* ${name}/robtk"; # */
postPatch = "sed -i 's/fftw3f/fftw3/' Makefile";
preConfigure = "makeFlagsArray=( PREFIX=$out )";
meter_VERSION = version;

4
pkgs/applications/audio/padthv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "padthv1-${version}";
version = "0.9.4";
version = "0.9.5";
src = fetchurl {
url = "mirror://sourceforge/padthv1/${name}.tar.gz";
sha256 = "0k4vlg3clsn2i4k12imvcjiwlp9nx1mikwyrnarg9shxzzdzcf4y";
sha256 = "0cd1jfb3ynfrsbz8jwfsbvs5liyddxg4zghrvz931qkkqi117hbh";
};
buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools fftw ];

4
pkgs/applications/audio/paprefs/default.nix
View File

@ -1,11 +1,11 @@
{ fetchurl, stdenv, meson, ninja, gettext, pkgconfig, pulseaudioFull, gtkmm3, dbus-glib, wrapGAppsHook }:
stdenv.mkDerivation rec {
name = "paprefs-1.0";
name = "paprefs-1.1";
src = fetchurl {
url = "https://freedesktop.org/software/pulseaudio/paprefs/${name}.tar.xz";
sha256 = "0y77i9gaaassvvjrpwb4xbgqcmr51zmj5rh4z8zm687i5izf84md";
sha256 = "189z5p20hk0xv9vwvym293503j4pwl03xqk9hl7cl6dwgv0l7wkf";
};
nativeBuildInputs = [ meson ninja gettext pkgconfig wrapGAppsHook ];

16
pkgs/applications/audio/qsynth/default.nix
View File

@ -1,23 +1,17 @@
{ stdenv, fetchurl, alsaLib, fluidsynth, libjack2, qtbase, qttools, qtx11extras, cmake, pkgconfig }:
{ stdenv, fetchurl, alsaLib, fluidsynth, libjack2, qt5, autoconf, pkgconfig }:
stdenv.mkDerivation rec {
name = "qsynth-${version}";
version = "0.5.2";
version = "0.5.5";
src = fetchurl {
url = "mirror://sourceforge/qsynth/${name}.tar.gz";
sha256 = "1rfkaxq1pyc4hv3l0i6wicianbcbm1wp53kh9i5d4jsljgisd1dv";
sha256 = "08x7znvbwi9miavcarymi7dsv8njmxzwzma20dbmz8j2aswm53w5";
};
# cmake is looking for qsynth.desktop.in and fails if it doesn't find it
# seems like a bug and can presumable go in the next version after 0.5.2
postPatch = ''
mv src/qsynth.desktop src/qsynth.desktop.in
'';
nativeBuildInputs = [ autoconf pkgconfig ];
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs = [ alsaLib fluidsynth libjack2 qtbase qttools qtx11extras ];
buildInputs = [ alsaLib fluidsynth libjack2 qt5.qtbase qt5.qttools qt5.qtx11extras ];
enableParallelBuilding = true;

4
pkgs/applications/audio/samplv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "samplv1-${version}";
version = "0.9.4";
version = "0.9.5";
src = fetchurl {
url = "mirror://sourceforge/samplv1/${name}.tar.gz";
sha256 = "17a61lliplhs14b3x83qz3kv7ww4dn3a02jfdlcx2z903hwn5sld";
sha256 = "0402rdr46za21w34m7ajzbwiiqcd1h0da3b0ldsr2z5g2mrkzxv8";
};
buildInputs = [ libjack2 alsaLib liblo libsndfile lv2 qt5.qtbase qt5.qttools];

4
pkgs/applications/audio/synthv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "synthv1-${version}";
version = "0.9.4";
version = "0.9.5";
src = fetchurl {
url = "mirror://sourceforge/synthv1/${name}.tar.gz";
sha256 = "18xjj14g8gnnbwyrf39bdxc5aswb620w9i323skdf6rnaq229jyv";
sha256 = "1b9w4cml3cmcg09kh852cahas6l9ks8wl3gzp1az8rzxz4229yg1";
};
buildInputs = [ qt5.qtbase qt5.qttools libjack2 alsaLib liblo lv2 ];

4
pkgs/applications/audio/yoshimi/default.nix
View File

@ -6,11 +6,11 @@ assert stdenv ? glibc;
stdenv.mkDerivation rec {
name = "yoshimi-${version}";
version = "1.5.10.1";
version = "1.5.10.2";
src = fetchurl {
url = "mirror://sourceforge/yoshimi/${name}.tar.bz2";
sha256 = "02mmy17sa3dlwmjjahn8rfd6h67c5s0q3fvkf6ljrc2mbbpwc375";
sha256 = "1rr99qkq80s8l2iv3x4ccxan07m15dvmd5s9b10386bfjbwbya01";
};
buildInputs = [

4
pkgs/applications/audio/zynaddsubfx/default.nix
View File

@ -4,11 +4,11 @@
stdenv.mkDerivation rec {
name = "zynaddsubfx-${version}";
version = "3.0.3";
version = "3.0.4";
src = fetchurl {
url = "mirror://sourceforge/zynaddsubfx/zynaddsubfx-${version}.tar.bz2";
sha256 = "1hfpiqdm337gl4ynkmmp2qss2m5z8mzqzjrbiyg6w1v4js7l9phi";
sha256 = "18m4ax0x06y1hx4g2g3gf02v0bldkrrb5m7fsr5jlfp1kvjd2j1x";
};
buildInputs = [ alsaLib cairo libjack2 fftw fltk13 lash libjpeg libXpm minixml ntk zlib liblo ];

6
pkgs/applications/editors/android-studio/common.nix
View File

@ -39,11 +39,12 @@
let
drvName = "android-studio-${channel}-${version}";
archiveFormat = if builtins.elem channel [ "dev" "canary" ] then "tar.gz" else "zip";
androidStudio = stdenv.mkDerivation {
name = drvName;
src = fetchurl {
url = "https://dl.google.com/dl/android/studio/ide-zips/${version}/android-studio-ide-${build}-linux.zip";
url = "https://dl.google.com/dl/android/studio/ide-zips/${version}/android-studio-ide-${build}-linux.${archiveFormat}";
sha256 = sha256Hash;
};
@ -141,6 +142,9 @@ in runCommand
'';
preferLocalBuild = true;
allowSubstitutes = false;
passthru = {
unwrapped = androidStudio;
};
meta = with stdenv.lib; {
description = "The Official IDE for Android (${channel} channel)";
longDescription = ''

12
pkgs/applications/editors/android-studio/default.nix
View File

@ -13,14 +13,14 @@ let
sha256Hash = "0smh3d3v8n0isxg7fkls20622gp52f58i2b6wa4a0g8wnvmd6mw2";
};
betaVersion = {
version = "3.4.0.16"; # "Android Studio 3.4 RC 2"
build = "183.5370308";
sha256Hash = "0d7d6n7n1zzhxpdykbwwbrw139mqxkp20d4l0570pk7975p1s2q9";
version = "3.4.0.17"; # "Android Studio 3.4 RC 3"
build = "183.5400832";
sha256Hash = "1v4apc73jdhavhzj8j46mzh15rw08w1hd9y9ykarj3b5q7i2vyq1";
};
latestVersion = { # canary & dev
version = "3.5.0.7"; # "Android Studio 3.5 Canary 8"
build = "191.5375575";
sha256Hash = "0vssynvj0j4xbin9h95lciilc3j9mkm53vwzxxr3kqxwl74qx4mj";
version = "3.5.0.8"; # "Android Studio 3.5 Canary 9"
build = "191.5409101";
sha256Hash = "06fc5l40nxm0hyn8c34wsckxxyh1i2q5a53zd4nbhwxi8wsrda7i";
};
in rec {
# Old alias (TODO @primeos: Remove after 19.03 is branched off):

13
pkgs/applications/editors/emacs/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, lib, fetchurl, ncurses, xlibsWrapper, libXaw, libXpm, Xaw3d, libXcursor
, pkgconfig, gettext, libXft, dbus, libpng, libjpeg, libungif
{ stdenv, lib, fetchpatch, fetchurl, ncurses, xlibsWrapper, libXaw, libXpm
, Xaw3d, libXcursor, pkgconfig, gettext, libXft, dbus, libpng, libjpeg, libungif
, libtiff, librsvg, gconf, libxml2, imagemagick, gnutls, libselinux
, alsaLib, cairo, acl, gpm, cf-private, AppKit, GSS, ImageIO, m17n_lib, libotf
, systemd ? null
@ -44,6 +44,13 @@ stdenv.mkDerivation rec {
patches = [
./clean-env.patch
./tramp-detect-wrapped-gvfsd.patch
# should drop this at next package update
(fetchpatch {
name = "support-hunspell-1.7.0-in-ispell.el.patch";
url = "https://git.savannah.gnu.org/cgit/emacs.git/patch/?id=2925ce5a7ec1424cfaea9f2f86bd3cab27832584";
sha256 = "0w7cgw6zgr7phbivb98innps1rlqf5q2lhwkrwdmai8sbca5bd11";
})
];
postPatch = lib.optionalString srcRepo ''
@ -123,7 +130,7 @@ stdenv.mkDerivation rec {
let libPath = lib.makeLibraryPath [
libXcursor
];
in lib.optionalString (withX && toolkit == "lucid") ''
in lib.optionalString (stdenv.isLinux && withX && toolkit == "lucid") ''
patchelf --set-rpath \
"$(patchelf --print-rpath "$out/bin/emacs"):${libPath}" \
"$out/bin/emacs"

46
pkgs/applications/editors/jetbrains/default.nix
View File

@ -250,12 +250,12 @@ in
clion = buildClion rec {
name = "clion-${version}";
version = "2018.3.4"; /* updated by script */
version = "2019.1"; /* updated by script */
description = "C/C++ IDE. New. Intelligent. Cross-platform";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/cpp/CLion-${version}.tar.gz";
sha256 = "1zglpw9vc3ybdmwymi0c2m6anhcmx9jcqi69gnn06n9f4x1v6gwn"; /* updated by script */
sha256 = "1rlqnnv6b7lg18si31zd97ixnslwp8j6imkkjq0j5n9sydsr8xzj"; /* updated by script */
};
wmClass = "jetbrains-clion";
update-channel = "CLion RELEASE"; # channel's id as in http://www.jetbrains.com/updates/updates.xml
@ -263,12 +263,12 @@ in
datagrip = buildDataGrip rec {
name = "datagrip-${version}";
version = "2018.3.2"; /* updated by script */
version = "2018.3.4"; /* updated by script */
description = "Your Swiss Army Knife for Databases and SQL";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/datagrip/${name}.tar.gz";
sha256 = "0vj1cgmg33626i38x9wmh5hqr1lf0x3m23gzq30rp4q4cbi38806"; /* updated by script */
sha256 = "10sw41kkf2k60xjpwgc73i182y7px3dmqz2awnrl4gffdb9jgzmy"; /* updated by script */
};
wmClass = "jetbrains-datagrip";
update-channel = "DataGrip RELEASE";
@ -276,12 +276,12 @@ in
goland = buildGoland rec {
name = "goland-${version}";
version = "2018.3.3"; /* updated by script */
version = "2019.1"; /* updated by script */
description = "Up and Coming Go IDE";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/go/${name}.tar.gz";
sha256 = "065z8084xkv6w8m7pq98rgls1avzrqm23mrxdq5172rs5p1c5r9f"; /* updated by script */
sha256 = "0aq3x5aixh86h1zvvwrbr2f1nnqdpfvlsadd2ckmf5s5kghvg5r9"; /* updated by script */
};
wmClass = "jetbrains-goland";
update-channel = "GoLand RELEASE";
@ -289,12 +289,12 @@ in
idea-community = buildIdea rec {
name = "idea-community-${version}";
version = "2018.3.4"; /* updated by script */
version = "2019.1"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "0j5yc7n04jlyyghmwllpfvcd2g6k1syjp07xb1ljyx7rm4jcf8q6"; /* updated by script */
sha256 = "0zyw88dd2v4igp080l99cyq6h0bmyri8a50fjp69ripiz9qaawx1"; /* updated by script */
};
wmClass = "jetbrains-idea-ce";
update-channel = "IntelliJ IDEA RELEASE";
@ -302,12 +302,12 @@ in
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
version = "2018.3.4"; /* updated by script */
version = "2019.1"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jdk.tar.gz";
sha256 = "0s3r3h1zcwkfqhsfb224fgy62fdhnd4gjgk2h6pyhq1frnh3x5bg"; /* updated by script */
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jbr.tar.gz";
sha256 = "0fsdf090cwwrsq3azknc9rpwwsl71cvsx4flivnqwfakb6rh4f1j"; /* updated by script */
};
wmClass = "jetbrains-idea";
update-channel = "IntelliJ IDEA RELEASE";
@ -315,12 +315,12 @@ in
phpstorm = buildPhpStorm rec {
name = "phpstorm-${version}";
version = "2018.3.3"; /* updated by script */
version = "2019.1"; /* updated by script */
description = "Professional IDE for Web and PHP developers";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz";
sha256 = "0znhw83h46a3haspwcin5xjf3ask8ijxla778p9vdbi9xs0zqx39"; /* updated by script */
sha256 = "1bv2a16wsc9j82w14qfrfjgszwkihk0jwp8bp8z9618q04c8vmgf"; /* updated by script */
};
wmClass = "jetbrains-phpstorm";
update-channel = "PhpStorm RELEASE";
@ -328,12 +328,12 @@ in
pycharm-community = buildPycharm rec {
name = "pycharm-community-${version}";
version = "2018.3.4"; /* updated by script */
version = "2019.1"; /* updated by script */
description = "PyCharm Community Edition";
license = stdenv.lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "11kzzwkp206l466ii6vm6iqmhpx0s594vh37x2lwwsgmg6qzz6vq"; /* updated by script */
sha256 = "173qm2g6pjga2jlw8sa59bxw543b56r56ikqwv2wp0jq5z61v26f"; /* updated by script */
};
wmClass = "jetbrains-pycharm-ce";
update-channel = "PyCharm RELEASE";
@ -341,12 +341,12 @@ in
pycharm-professional = buildPycharm rec {
name = "pycharm-professional-${version}";
version = "2018.3.4"; /* updated by script */
version = "2019.1"; /* updated by script */
description = "PyCharm Professional Edition";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/python/${name}.tar.gz";
sha256 = "1m8lzghs6g57fwcv6bpmnf21d4w2k10gsmi0i2wv2j8ff4hcy7ij"; /* updated by script */
sha256 = "0gjphdzdxgvflkzaakf3c1wnig86lxhxyx6xk6rg40yj6f2hzi47"; /* updated by script */
};
wmClass = "jetbrains-pycharm";
update-channel = "PyCharm RELEASE";
@ -354,12 +354,12 @@ in
rider = buildRider rec {
name = "rider-${version}";
version = "2018.3.2"; /* updated by script */
version = "2018.3.4"; /* updated by script */
description = "A cross-platform .NET IDE based on the IntelliJ platform and ReSharper";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/rider/JetBrains.Rider-${version}.tar.gz";
sha256 = "1ffzbp2xca2z8g0wlkvmqr0j2f2dnqafpnvzk9zd5asfhhbyrhg5"; /* updated by script */
sha256 = "1klmg8wgj3shp4s0n2nn7n39zsk1mch6g9ifhwn5cgywpbzgam4p"; /* updated by script */
};
wmClass = "jetbrains-rider";
update-channel = "Rider RELEASE";
@ -367,12 +367,12 @@ in
ruby-mine = buildRubyMine rec {
name = "ruby-mine-${version}";
version = "2018.3.3"; /* updated by script */
version = "2018.3.5"; /* updated by script */
description = "The Most Intelligent Ruby and Rails IDE";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/ruby/RubyMine-${version}.tar.gz";
sha256 = "1zjcdsr91y07dhqmhqy2yq6c0rhsxg2m52fz14hhmphddlwvhzny"; /* updated by script */
sha256 = "1gykag8fsfqxv0d6fipn18hhpdvn4qxva2kkb0v330vp73wm2i2w"; /* updated by script */
};
wmClass = "jetbrains-rubymine";
update-channel = "RubyMine RELEASE";
@ -380,12 +380,12 @@ in
webstorm = buildWebStorm rec {
name = "webstorm-${version}";
version = "2018.3.4"; /* updated by script */
version = "2019.1"; /* updated by script */
description = "Professional IDE for Web and JavaScript development";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "11l39yy8qdrr89y9x3i9acp0am4xb86z6v7wg1kc9fd5p13jr2xs"; /* updated by script */
sha256 = "0r6a9g8ydnxf805gn2wajnwkcyfn0xksbsrs8wq6j4ghipkhscxj"; /* updated by script */
};
wmClass = "jetbrains-webstorm";
update-channel = "WebStorm RELEASE";

4
pkgs/applications/editors/neovim/neovim-remote.nix
View File

@ -4,14 +4,14 @@ with stdenv.lib;
pythonPackages.buildPythonApplication rec {
pname = "neovim-remote";
version = "2.1.4";
version = "2.1.5";
disabled = !pythonPackages.isPy3k;
src = fetchFromGitHub {
owner = "mhinz";
repo = "neovim-remote";
rev = "v${version}";
sha256 = "1s438cbyyzgg96b6639wk1ny6d6p2ywcba41l3r027wzyl7wrn8v";
sha256 = "1h05b68ka1ka217f6svq8yxvnscwf9sl5cx46c0b6ygcbz1vr3ba";
};
propagatedBuildInputs = with pythonPackages; [ pynvim psutil ];

4
pkgs/applications/editors/okteta/default.nix
View File

@ -4,11 +4,11 @@
stdenv.mkDerivation rec {
name = "okteta-${version}";
version = "0.25.5";
version = "0.26.0";
src = fetchurl {
url = "mirror://kde/stable/okteta/${version}/src/${name}.tar.xz";
sha256 = "1680hx4n36msz86gyjsdr5v7nf8rpybvzrvfw8y98l95hfq3l6g9";
sha256 = "0rxvbllisz4zl687zgpb9jj2nbxgfhhf2bj8bnsfaab5jb6jpi2y";
};
nativeBuildInputs = [ qtscript extra-cmake-modules kdoctools ];

3
pkgs/applications/editors/sublime/3/common.nix
View File

@ -1,6 +1,6 @@
{buildVersion, x32sha256, x64sha256, dev ? false}:
{ fetchurl, stdenv, glib, xorg, cairo, gtk2, gtk3, pango, makeWrapper, wrapGAppsHook, openssl, bzip2, runtimeShell,
{ fetchurl, stdenv, glib, glibcLocales, xorg, cairo, gtk2, gtk3, pango, makeWrapper, wrapGAppsHook, openssl, bzip2, runtimeShell,
pkexecPath ? "/run/wrappers/bin/pkexec", libredirect,
gksuSupport ? false, gksu, unzip, zip, bash,
writeScript, common-updater-scripts, curl, gnugrep}:
@ -99,6 +99,7 @@ in let
wrapProgram $out/sublime_text \
--set LD_PRELOAD "${libredirect}/lib/libredirect.so" \
--set NIX_REDIRECTS ${builtins.concatStringsSep ":" redirects} \
--set LOCALE_ARCHIVE "${glibcLocales.out}/lib/locale/locale-archive" \
${stdenv.lib.optionalString (!legacy) ''"''${gappsWrapperArgs[@]}"''}
# Without this, plugin_host crashes, even though it has the rpath

6
pkgs/applications/editors/sublime/3/packages.nix
View File

@ -5,10 +5,10 @@ let
in
rec {
sublime3-dev = common {
buildVersion = "3184";
buildVersion = "3203";
dev = true;
x32sha256 = "1b6f1fid75g5z247dbnyyj276lrlv99scrdk1vvfcr6vyws77vzr";
x64sha256 = "03127jhfjr17ai96p3axh5b5940fds8jcw6vkid8y6dmvd2dpylz";
x32sha256 = "004hnlm2dvcfagf3bkbfqxlnkgqk46jrm8w9yagpjwkpdy76mgyx";
x64sha256 = "0dp4vi39s2gq5a7snz0byrf44i0csbzwq6hn7i2zqa6rpvfywa1d";
} {};
sublime3 = common {

34
pkgs/applications/editors/typora/default.nix
View File

@ -1,32 +1,44 @@
{ stdenv, fetchurl, makeWrapper, electron_3, dpkg, gtk3, glib, gnome3, wrapGAppsHook }:
{ stdenv, fetchurl, makeWrapper, electron_3, dpkg, gtk3, glib, gsettings-desktop-schemas, wrapGAppsHook }:
stdenv.mkDerivation rec {
pname = "typora";
version = "0.9.64";
version = "0.9.68";
src = fetchurl {
url = "https://www.typora.io/linux/typora_${version}_amd64.deb";
sha256 = "0dffydc11ys2i38gdy8080ph1xlbbzhcdcc06hyfv0dr0nf58a09";
sha256 = "09hkmnh9avzb7nc8i67vhbv6nc1v90kk88aq01mpmyibpdqp03zp";
};
nativeBuildInputs = [ dpkg makeWrapper wrapGAppsHook ];
nativeBuildInputs = [
dpkg
makeWrapper
wrapGAppsHook
];
buildInputs = [ gtk3 glib gnome3.gsettings-desktop-schemas ];
buildInputs = [
glib
gsettings-desktop-schemas
gtk3
];
unpackPhase = "dpkg-deb -x $src .";
dontWrapGApps = true;
installPhase = ''
mkdir -p $out/bin $out/share/typora
runHook preInstall
mkdir -p $out/bin $out/share
{
cd usr
mv share/typora/resources/app/* $out/share/typora
mv share/applications $out/share
mv share/icons $out/share
mv share/doc $out/share
mv share/typora/resources/app $out/share/typora
mv share/{applications,icons,doc} $out/share/
}
runHook postInstall
'';
postFixup = ''
makeWrapper ${electron_3}/bin/electron $out/bin/typora \
--add-flags $out/share/typora \
"''${gappsWrapperArgs[@]}" \
@ -37,7 +49,7 @@ stdenv.mkDerivation rec {
description = "A minimal Markdown reading & writing app";
homepage = https://typora.io;
license = licenses.unfree;
maintainers = with maintainers; [ jensbin ];
maintainers = with maintainers; [ jensbin worldofpeace ];
inherit (electron_3.meta) platforms;
};
}

1
pkgs/applications/graphics/ImageMagick/7.0.nix
View File

@ -84,7 +84,6 @@ stdenv.mkDerivation rec {
description = "A software suite to create, edit, compose, or convert bitmap images";
platforms = platforms.linux ++ platforms.darwin;
license = licenses.asl20;
broken = ghostscript != null; # https://github.com/NixOS/nixpkgs/issues/55118
maintainers = with maintainers; [ the-kenny ];
};
}

2
pkgs/applications/graphics/ktikz/default.nix
View File

@ -46,7 +46,7 @@ stdenv.mkDerivation rec {
# lrelease command:
LRELEASECOMMAND = lrelease
# qcollectiongenerator command:
#QCOLLECTIONGENERATORCOMMAND = qcollectiongenerator
QCOLLECTIONGENERATORCOMMAND = qhelpgenerator
# TikZ documentation default file path:
TIKZ_DOCUMENTATION_DEFAULT = @out@/share/doc/texmf/pgf/pgfmanual.pdf.gz

4
pkgs/applications/graphics/renderdoc/default.nix
View File

@ -1,7 +1,7 @@
{ stdenv, fetchFromGitHub, cmake, pkgconfig
, qtbase, qtx11extras, qtsvg, makeWrapper
, vulkan-loader, xorg
, python36, bison, pcre, automake, autoconf
, python3, bison, pcre, automake, autoconf
}:
let
custom_swig = fetchFromGitHub {
@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
};
buildInputs = [
qtbase qtsvg xorg.libpthreadstubs xorg.libXdmcp qtx11extras vulkan-loader python36
qtbase qtsvg xorg.libpthreadstubs xorg.libXdmcp qtx11extras vulkan-loader python3
];
nativeBuildInputs = [ cmake makeWrapper pkgconfig bison pcre automake autoconf ];

4
pkgs/applications/graphics/yed/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "yEd-${version}";
version = "3.18.2";
version = "3.19";
src = fetchzip {
url = "https://www.yworks.com/resources/yed/demo/${name}.zip";
sha256 = "1csj19j9mfx4jfc949sz672h8lnfj217nn32d54cxj8llks82ycy";
sha256 = "0l70pc7wl2ghfkjab9w2mbx7crwha7xwkrpmspsi5c6q56dw7s33";
};
nativeBuildInputs = [ makeWrapper unzip ];

36
pkgs/applications/kde/akonadi/akonadi-paths.patch
View File

@ -31,10 +31,10 @@ index be1cc4afb..6d0c1d7e5 100644
}
return true;
diff --git a/src/server/storage/dbconfigmysql.cpp b/src/server/storage/dbconfigmysql.cpp
index 8b057b459..3fa4548ad 100644
index dfff6fc29..419e54a5b 100644
--- a/src/server/storage/dbconfigmysql.cpp
+++ b/src/server/storage/dbconfigmysql.cpp
@@ -63,7 +63,6 @@ bool DbConfigMysql::init(QSettings &settings)
@@ -82,7 +82,6 @@ bool DbConfigMysql::init(QSettings &settings)
// determine default settings depending on the driver
QString defaultHostName;
QString defaultOptions;
@ -42,7 +42,7 @@ index 8b057b459..3fa4548ad 100644
QString defaultCleanShutdownCommand;
#ifndef Q_OS_WIN
@@ -71,25 +70,7 @@ bool DbConfigMysql::init(QSettings &settings)
@@ -90,16 +89,7 @@ bool DbConfigMysql::init(QSettings &settings)
#endif
const bool defaultInternalServer = true;
@ -51,38 +51,29 @@ index 8b057b459..3fa4548ad 100644
- defaultServerPath = QStringLiteral(MYSQLD_EXECUTABLE);
- }
-#endif
- const QStringList mysqldSearchPath = QStringList()
- << QStringLiteral("/usr/bin")
- << QStringLiteral("/usr/sbin")
- << QStringLiteral("/usr/local/sbin")
- << QStringLiteral("/usr/local/libexec")
- << QStringLiteral("/usr/libexec")
- << QStringLiteral("/opt/mysql/libexec")
- << QStringLiteral("/opt/local/lib/mysql5/bin")
- << QStringLiteral("/opt/mysql/sbin");
- if (defaultServerPath.isEmpty()) {
- defaultServerPath = QStandardPaths::findExecutable(QStringLiteral("mysqld"), mysqldSearchPath);
- defaultServerPath = findExecutable(QStringLiteral("mysqld"));
- }
-
- const QString mysqladminPath = QStandardPaths::findExecutable(QStringLiteral("mysqladmin"), mysqldSearchPath);
- const QString mysqladminPath = findExecutable(QStringLiteral("mysqladmin"));
+ const QString mysqladminPath = QLatin1String(NIXPKGS_MYSQL_MYSQLADMIN);
if (!mysqladminPath.isEmpty()) {
#ifndef Q_OS_WIN
defaultCleanShutdownCommand = QStringLiteral("%1 --defaults-file=%2/mysql.conf --socket=%3/mysql.socket shutdown")
@@ -99,10 +80,10 @@ bool DbConfigMysql::init(QSettings &settings)
@@ -109,10 +99,10 @@ bool DbConfigMysql::init(QSettings &settings)
#endif
}
- mMysqlInstallDbPath = QStandardPaths::findExecutable(QStringLiteral("mysql_install_db"), mysqldSearchPath);
- mMysqlInstallDbPath = findExecutable(QStringLiteral("mysql_install_db"));
+ mMysqlInstallDbPath = QLatin1String(NIXPKGS_MYSQL_MYSQL_INSTALL_DB);
qCDebug(AKONADISERVER_LOG) << "Found mysql_install_db: " << mMysqlInstallDbPath;
- mMysqlCheckPath = QStandardPaths::findExecutable(QStringLiteral("mysqlcheck"), mysqldSearchPath);
- mMysqlCheckPath = findExecutable(QStringLiteral("mysqlcheck"));
+ mMysqlCheckPath = QLatin1String(NIXPKGS_MYSQL_MYSQLCHECK);
qCDebug(AKONADISERVER_LOG) << "Found mysqlcheck: " << mMysqlCheckPath;
mInternalServer = settings.value(QStringLiteral("QMYSQL/StartServer"), defaultInternalServer).toBool();
@@ -119,7 +100,7 @@ bool DbConfigMysql::init(QSettings &settings)
@@ -129,7 +119,7 @@ bool DbConfigMysql::init(QSettings &settings)
mUserName = settings.value(QStringLiteral("User")).toString();
mPassword = settings.value(QStringLiteral("Password")).toString();
mConnectionOptions = settings.value(QStringLiteral("Options"), defaultOptions).toString();
@ -91,7 +82,7 @@ index 8b057b459..3fa4548ad 100644
mCleanServerShutdownCommand = settings.value(QStringLiteral("CleanServerShutdownCommand"), defaultCleanShutdownCommand).toString();
settings.endGroup();
@@ -129,9 +110,6 @@ bool DbConfigMysql::init(QSettings &settings)
@@ -139,9 +129,6 @@ bool DbConfigMysql::init(QSettings &settings)
// intentionally not namespaced as we are the only one in this db instance when using internal mode
mDatabaseName = QStringLiteral("akonadi");
}
@ -101,7 +92,7 @@ index 8b057b459..3fa4548ad 100644
qCDebug(AKONADISERVER_LOG) << "Using mysqld:" << mMysqldPath;
@@ -140,9 +118,6 @@ bool DbConfigMysql::init(QSettings &settings)
@@ -150,9 +137,6 @@ bool DbConfigMysql::init(QSettings &settings)
settings.setValue(QStringLiteral("Name"), mDatabaseName);
settings.setValue(QStringLiteral("Host"), mHostName);
settings.setValue(QStringLiteral("Options"), mConnectionOptions);
@ -111,7 +102,7 @@ index 8b057b459..3fa4548ad 100644
settings.setValue(QStringLiteral("StartServer"), mInternalServer);
settings.endGroup();
settings.sync();
@@ -196,7 +171,7 @@ bool DbConfigMysql::startInternalServer()
@@ -206,7 +190,7 @@ bool DbConfigMysql::startInternalServer()
#endif
// generate config file
@ -189,3 +180,6 @@ index 6b50ae50e..f94a8c5eb 100644
settings.setValue(QStringLiteral("InitDbPath"), mInitDbPath);
settings.setValue(QStringLiteral("StartServer"), mInternalServer);
settings.endGroup();
--
2.18.1

2
pkgs/applications/kde/fetch.sh
View File

@ -1 +1 @@
WGET_ARGS=( https://download.kde.org/stable/applications/18.12.1/ -A '*.tar.xz' )
WGET_ARGS=( https://download.kde.org/stable/applications/18.12.3/ )

1720
pkgs/applications/kde/srcs.nix
View File

File diff suppressed because it is too large Load Diff

16
pkgs/applications/misc/gollum/Gemfile.lock
View File

@ -29,15 +29,15 @@ GEM
sanitize (~> 2.1.1, >= 2.1.1)
stringex (~> 2.6)
twitter-text (= 1.14.7)
json (2.1.0)
json (2.2.0)
kramdown (1.9.0)
mime-types (3.2.2)
mime-types-data (~> 3.2015)
mime-types-data (3.2018.0812)
mini_portile2 (2.3.0)
mime-types-data (3.2019.0331)
mini_portile2 (2.4.0)
mustache (0.99.8)
nokogiri (1.8.4)
mini_portile2 (~> 2.3.0)
nokogiri (1.10.2)
mini_portile2 (~> 2.4.0)
posix-spawn (0.3.13)
rack (1.6.11)
rack-protection (1.5.5)
@ -49,8 +49,8 @@ GEM
rack (~> 1.5)
rack-protection (~> 1.4)
tilt (>= 1.3, < 3)
stringex (2.8.4)
tilt (2.0.8)
stringex (2.8.5)
tilt (2.0.9)
twitter-text (1.14.7)
unf (~> 0.1.0)
unf (0.1.4)
@ -65,4 +65,4 @@ DEPENDENCIES
gollum
BUNDLED WITH
1.16.4
1.17.2

78
pkgs/applications/misc/gollum/gemset.nix
View File

@ -1,5 +1,7 @@
{
charlock_holmes = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1nf1l31n10yaark2rrg5qzyzcx9w80681449s3j09qmnipsl8rl5";
@ -8,6 +10,8 @@
version = "0.7.6";
};
diff-lcs = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "18w22bjz424gzafv6nzv98h0aqkwz3d9xhm7cbr1wfbyas8zayza";
@ -17,6 +21,8 @@
};
gemojione = {
dependencies = ["json"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0ayk8r147k1s38nj18pwk76npx1p7jhi86silk800nj913pjvrhj";
@ -25,6 +31,8 @@
version = "3.3.0";
};
github-markup = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "17g6g18gdjg63k75sfwiskjzl9i0hfcnrkcpb4fwrnb20v3jgswp";
@ -34,6 +42,8 @@
};
gitlab-grit = {
dependencies = ["charlock_holmes" "diff-lcs" "mime-types" "posix-spawn"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0xgs3l81ghlc5nm75n0pz7b2cj3hpscfq5iy27c483nnjn2v5mc4";
@ -43,6 +53,8 @@
};
gollum = {
dependencies = ["gemojione" "gollum-lib" "kramdown" "mustache" "sinatra" "useragent"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0ik1b0f73lcxfwfml1h84dp6br79g0z9v6x54wvl46n9d1ndrhl7";
@ -52,6 +64,8 @@
};
gollum-grit_adapter = {
dependencies = ["gitlab-grit"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0fcibm63v1afc0fj5rki0mm51m7nndil4cjcjjvkh3yigfn4nr4b";
@ -61,6 +75,8 @@
};
gollum-lib = {
dependencies = ["gemojione" "github-markup" "gollum-grit_adapter" "nokogiri" "rouge" "sanitize" "stringex" "twitter-text"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1699wiir6f2a8yawk3qg0xn3zdc10mz783v53ri1ivfnzdrm3dvf";
@ -69,14 +85,18 @@
version = "4.2.10";
};
json = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "01v6jjpvh3gnq6sgllpfqahlgxzj50ailwhj9b3cd20hi2dx0vxp";
sha256 = "0sx97bm9by389rbzv8r1f43h06xcz8vwi3h5jv074gvparql7lcx";
type = "gem";
};
version = "2.1.0";
version = "2.2.0";
};
kramdown = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "12sral2xli39mnr4b9m2sxdlgam4ni0a1mkxawc5311z107zj3p0";
@ -86,6 +106,8 @@
};
mime-types = {
dependencies = ["mime-types-data"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0fjxy1jm52ixpnv3vg9ld9pr9f35gy0jp66i1njhqjvmnvq0iwwk";
@ -94,22 +116,28 @@
version = "3.2.2";
};
mime-types-data = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "07wvp0aw2gjm4njibb70as6rh5hi1zzri5vky1q6jx95h8l56idc";
sha256 = "1m00pg19cm47n1qlcxgl91ajh2yq0fszvn1vy8fy0s1jkrp9fw4a";
type = "gem";
};
version = "3.2018.0812";
version = "3.2019.0331";
};
mini_portile2 = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "13d32jjadpjj6d2wdhkfpsmy68zjx90p49bgf8f7nkpz86r1fr11";
sha256 = "15zplpfw3knqifj9bpf604rb3wc1vhq6363pd6lvhayng8wql5vy";
type = "gem";
};
version = "2.3.0";
version = "2.4.0";
};
mustache = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1g5hplm0k06vwxwqzwn1mq5bd02yp0h3rym4zwzw26aqi7drcsl2";
@ -119,14 +147,18 @@
};
nokogiri = {
dependencies = ["mini_portile2"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1h9nml9h3m0mpvmh8jfnqvblnz5n5y3mmhgfc38avfmfzdrq9bgc";
sha256 = "0sy96cc8i5y4p67fhf4d9c6sg8ymrrva21zyvzw55l0pa1582wx2";
type = "gem";
};
version = "1.8.4";
version = "1.10.2";
};
posix-spawn = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1pmxmpins57qrbr31bs3bm7gidhaacmrp4md6i962gvpq4gyfcjw";
@ -135,6 +167,8 @@
version = "0.3.13";
};
rack = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1g9926ln2lw12lfxm4ylq1h6nl0rafl10za3xvjzc87qvnqic87f";
@ -144,6 +178,8 @@
};
rack-protection = {
dependencies = ["rack"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0my0wlw4a5l3hs79jkx2xzv7djhajgf8d28k8ai1ddlnxxb0v7ss";
@ -152,6 +188,8 @@
version = "1.5.5";
};
rouge = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "02kpahk5nkc33yxnn75649kzxaz073wvazr2zyg491nndykgnvcs";
@ -161,6 +199,8 @@
};
sanitize = {
dependencies = ["nokogiri"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "12ip1d80r0dgc621qn7c32bk12xxgkkg3w6q21s1ckxivcd7r898";
@ -170,6 +210,8 @@
};
sinatra = {
dependencies = ["rack" "rack-protection" "tilt"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0byxzl7rx3ki0xd7aiv1x8mbah7hzd8f81l65nq8857kmgzj1jqq";
@ -178,23 +220,29 @@
version = "1.4.8";
};
stringex = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0c5dfrjzkskzfsdvwsviq4111rwwpbk9022nxwdidz014mky5vi1";
sha256 = "15ns7j5smw04w6w7bqd5mm2qcl7w9lhwykyb974i4isgg9yc23ys";
type = "gem";
};
version = "2.8.4";
version = "2.8.5";
};
tilt = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0020mrgdf11q23hm1ddd6fv691l51vi10af00f137ilcdb2ycfra";
sha256 = "0ca4k0clwf0rkvy7726x4nxpjxkpv67w043i39saxgldxd97zmwz";
type = "gem";
};
version = "2.0.8";
version = "2.0.9";
};
twitter-text = {
dependencies = ["unf"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1732h7hy1k152w8wfvjsx7b79alk45i5imwd37ia4qcx8hfm3gvg";
@ -204,6 +252,8 @@
};
unf = {
dependencies = ["unf_ext"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0bh2cf73i2ffh4fcpdn9ir4mhq8zi50ik0zqa1braahzadx536a9";
@ -212,6 +262,8 @@
version = "0.1.4";
};
unf_ext = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "06p1i6qhy34bpb8q8ms88y6f2kz86azwm098yvcc0nyqk9y729j1";
@ -220,6 +272,8 @@
version = "0.0.7.5";
};
useragent = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1fv5kvq494swy0p17h9qya9r50w15xsi9zmvhzb8gh55kq6ki50p";

4
pkgs/applications/misc/googler/default.nix
View File

@ -1,14 +1,14 @@
{stdenv, fetchFromGitHub, python}:
stdenv.mkDerivation rec {
version = "3.7.1";
version = "3.8";
name = "googler-${version}";
src = fetchFromGitHub {
owner = "jarun";
repo = "googler";
rev = "v${version}";
sha256 = "0dcszpz85h3yjnr55ixf8mzsdv46w3g27frhgcsl5zlsgk6vl8kw";
sha256 = "0f15rivjdj8r7wwrckcsaxxx129yh41fj4rhz4cbvbsb5f0f2daj";
};
propagatedBuildInputs = [ python ];

4
pkgs/applications/misc/gphoto2/default.nix
View File

@ -3,11 +3,11 @@
}:
stdenv.mkDerivation rec {
name = "gphoto2-2.5.17";
name = "gphoto2-2.5.20";
src = fetchurl {
url = "mirror://sourceforge/gphoto/${name}.tar.bz2";
sha256 = "0kslwclyyzvnxjw3gdzhlagj7l5f8lba833ipr9s0s0c4hwi0mxa";
sha256 = "1xj80abkzvqrd6g1j1q946lhbp03gyapyxdwbhc0y14g1ash6vx3";
};
nativeBuildInputs = [ pkgconfig gettext libtool ];

1
pkgs/applications/misc/iterm2/default.nix
View File

@ -15,6 +15,7 @@ stdenv.mkDerivation rec {
postPatch = ''
sed -i -e 's/CODE_SIGN_IDENTITY = "Developer ID Application"/CODE_SIGN_IDENTITY = ""/g' ./iTerm2.xcodeproj/project.pbxproj
'';
preConfigure = "LD=$CC";
makeFlagsArray = ["Deployment"];
installPhase = ''
mkdir -p "$out/Applications"

6
pkgs/applications/misc/josm/default.nix
View File

@ -1,4 +1,4 @@
{ fetchurl, stdenv, makeDesktopItem, makeWrapper, unzip, jdk11 }:
{ fetchurl, stdenv, makeDesktopItem, makeWrapper, unzip, jdk11, libXxf86vm }:
stdenv.mkDerivation rec {
name = "josm-${version}";
@ -21,12 +21,14 @@ stdenv.mkDerivation rec {
categories = "Education;Geoscience;Maps;";
};
# Add libXxf86vm to path because it is needed by at least Kendzi3D plugin
buildCommand = ''
mkdir -p $out/bin $out/share/java
cp -v $src $out/share/java/josm.jar
makeWrapper ${jdk11}/bin/java $out/bin/josm \
--add-flags "-jar $out/share/java/josm.jar"
--add-flags "-jar $out/share/java/josm.jar" \
--prefix LD_LIBRARY_PATH ":" '${libXxf86vm}/lib'
mkdir -p $out/share/applications
cp $desktopItem/share/applications"/"* $out/share/applications

12
pkgs/applications/misc/khal/default.nix
View File

@ -2,18 +2,17 @@
with python3.pkgs; buildPythonApplication rec {
pname = "khal";
version = "0.9.10";
version = "0.10.1";
src = fetchPypi {
inherit pname version;
sha256 = "03h0j0d3xyqh98x5v2gv63wv3g91hip3vsaxvybsn5iz331d23h4";
sha256 = "1r8bkgjwkh7i8ygvsv51h1cnax50sb183vafg66x5snxf3dgjl6l";
};
LC_ALL = "en_US.UTF-8";
propagatedBuildInputs = [
atomicwrites
click
click-log
configobj
dateutil
icalendar
@ -27,15 +26,14 @@ with python3.pkgs; buildPythonApplication rec {
pkginfo
freezegun
];
nativeBuildInputs = [ setuptools_scm pkgs.glibcLocales ];
nativeBuildInputs = [ setuptools_scm ];
checkInputs = [ pytest ];
postInstall = ''
install -D misc/__khal $out/share/zsh/site-functions/__khal
'';
# One test fails as of 0.9.10 due to the upgrade to icalendar 4.0.3
doCheck = false;
doCheck = !stdenv.isAarch64;
checkPhase = ''
py.test

64
pkgs/applications/misc/kitty/default.nix
View File

@ -2,7 +2,20 @@
harfbuzz, fontconfig, pkgconfig, ncurses, imagemagick, xsel,
libstartup_notification, libX11, libXrandr, libXinerama, libXcursor,
libxkbcommon, libXi, libXext, wayland-protocols, wayland,
which, dbus
which, dbus,
Cocoa,
CoreGraphics,
Foundation,
IOKit,
Kernel,
OpenGL,
cf-private,
libicns,
libpng,
librsvg,
optipng,
python3,
zlib,
}:
with python3Packages;
@ -19,12 +32,32 @@ buildPythonApplication rec {
};
buildInputs = [
fontconfig glfw ncurses libunistring harfbuzz libX11
ncurses harfbuzz
] ++ stdenv.lib.optionals stdenv.isDarwin [
Cocoa
CoreGraphics
Foundation
IOKit
Kernel
OpenGL
cf-private
libpng
python3
zlib
] ++ stdenv.lib.optionals stdenv.isLinux [
fontconfig glfw libunistring libX11
libXrandr libXinerama libXcursor libxkbcommon libXi libXext
wayland-protocols wayland dbus
];
nativeBuildInputs = [ pkgconfig which sphinx ncurses ];
nativeBuildInputs = [
pkgconfig which sphinx ncurses
] ++ stdenv.lib.optionals stdenv.isDarwin [
imagemagick
libicns # For the png2icns tool.
librsvg
optipng
];
outputs = [ "out" "terminfo" ];
@ -33,16 +66,30 @@ buildPythonApplication rec {
src = ./fix-paths.patch;
libstartup_notification = "${libstartup_notification}/lib/libstartup-notification-1.so";
})
] ++ stdenv.lib.optionals stdenv.isDarwin [
./macos-10.11.patch
./no-lto.patch
./no-werror.patch
./png2icns.patch
];
buildPhase = ''
buildPhase = if stdenv.isDarwin then ''
make app
'' else ''
${python.interpreter} setup.py linux-package
'';
installPhase = ''
runHook preInstall
mkdir -p $out
${if stdenv.isDarwin then ''
mkdir "$out/bin"
ln -s ../Applications/kitty.app/Contents/MacOS/kitty "$out/bin/kitty"
mkdir "$out/Applications"
cp -r kitty.app "$out/Applications/kitty.app"
'' else ''
cp -r linux-package/{bin,share,lib} $out
''}
wrapProgram "$out/bin/kitty" --prefix PATH : "$out/bin:${stdenv.lib.makeBinPath [ imagemagick xsel ]}"
runHook postInstall
@ -54,8 +101,13 @@ buildPythonApplication rec {
'';
postInstall = ''
terminfo_src=${if stdenv.isDarwin then
''"$out/Applications/kitty.app/Contents/Resources/terminfo"''
else
"$out/share/terminfo"}
mkdir -p $terminfo/share
mv $out/share/terminfo $terminfo/share/terminfo
mv "$terminfo_src" $terminfo/share/terminfo
mkdir -p $out/nix-support
echo "$terminfo" >> $out/nix-support/propagated-user-env-packages
@ -65,7 +117,7 @@ buildPythonApplication rec {
homepage = https://github.com/kovidgoyal/kitty;
description = "A modern, hackable, featureful, OpenGL based terminal emulator";
license = licenses.gpl3;
platforms = platforms.linux;
platforms = platforms.darwin ++ platforms.linux;
maintainers = with maintainers; [ tex rvolosatovs ];
};
}

116
pkgs/applications/misc/kitty/macos-10.11.patch Normal file
View File

@ -0,0 +1,116 @@
commit 749772b8b8179eb3b71e542fd9ed5621feb578f5
Author: Matthew Glazar <strager.nds@gmail.com>
Date: Thu Feb 28 22:01:32 2019 -0800
Support macOS 10.11
Allow Kitty to run on macOS 10.11 El Capitan.
diff --git a/glfw/cocoa_init.m b/glfw/cocoa_init.m
index 1e719d2e..05a680e4 100644
--- a/glfw/cocoa_init.m
+++ b/glfw/cocoa_init.m
@@ -30,6 +30,10 @@
#define NSEventMaskKeyUp NSKeyUpMask
#define NSEventMaskKeyDown NSKeyDownMask
#define NSEventModifierFlagCommand NSCommandKeyMask
+ #define NSEventModifierFlagControl NSControlKeyMask
+ #define NSEventModifierFlagDeviceIndependentFlagsMask NSDeviceIndependentModifierFlagsMask
+ #define NSEventModifierFlagShift NSShiftKeyMask
+ #define NSEventTypeApplicationDefined NSApplicationDefined
#endif
// Change to our application bundle's resources directory, if present
diff --git a/glfw/cocoa_window.m b/glfw/cocoa_window.m
index 1ce79b56..fd2255fc 100644
--- a/glfw/cocoa_window.m
+++ b/glfw/cocoa_window.m
@@ -41,6 +41,7 @@
#define NSWindowStyleMaskTitled NSTitledWindowMask
#define NSEventModifierFlagCommand NSCommandKeyMask
#define NSEventModifierFlagControl NSControlKeyMask
+ #define NSEventModifierFlagNumericPad NSNumericPadKeyMask
#define NSEventModifierFlagOption NSAlternateKeyMask
#define NSEventModifierFlagShift NSShiftKeyMask
#define NSEventModifierFlagCapsLock NSAlphaShiftKeyMask
diff --git a/kitty/cocoa_window.m b/kitty/cocoa_window.m
index 5e9252ba..99eb3352 100644
--- a/kitty/cocoa_window.m
+++ b/kitty/cocoa_window.m
@@ -15,6 +15,9 @@
#include <objc/runtime.h>
#if (MAC_OS_X_VERSION_MAX_ALLOWED < 101200)
+typedef NSUInteger NSWindowStyleMask;
+#define NSWindowStyleMaskBorderless NSBorderlessWindowMask
+#define NSWindowStyleMaskFullScreen NSFullScreenWindowMask
#define NSWindowStyleMaskResizable NSResizableWindowMask
#define NSEventModifierFlagOption NSAlternateKeyMask
#define NSEventModifierFlagCommand NSCommandKeyMask
diff --git a/kitty/logging.c b/kitty/logging.c
index 45c88174..1ec9f1b0 100644
--- a/kitty/logging.c
+++ b/kitty/logging.c
@@ -5,12 +5,21 @@
* Distributed under terms of the GPL3 license.
*/
+#ifdef __APPLE__
+#include <AvailabilityMacros.h>
+#endif
+#if defined(__APPLE__) && defined(MAC_OS_X_VERSION_10_12) && MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_12
+#define USE_APPLE_OS_LOG 1
+#else
+#define USE_APPLE_OS_LOG 0
+#endif
+
#include "data-types.h"
#include <stdlib.h>
#include <stdarg.h>
#include <time.h>
#include <sys/time.h>
-#ifdef __APPLE__
+#if USE_APPLE_OS_LOG
#include <os/log.h>
#endif
@@ -21,7 +30,7 @@ void
log_error(const char *fmt, ...) {
va_list ar;
struct timeval tv;
-#ifdef __APPLE__
+#if USE_APPLE_OS_LOG
// Apple does not provide a varargs style os_logv
char logbuf[16 * 1024] = {0};
#else
@@ -44,7 +53,7 @@ log_error(const char *fmt, ...) {
if (use_os_log) { bufprint(vsnprintf, fmt, ar); }
else vfprintf(stderr, fmt, ar);
va_end(ar);
-#ifdef __APPLE__
+#if USE_APPLE_OS_LOG
if (use_os_log) os_log(OS_LOG_DEFAULT, "%{public}s", logbuf);
#endif
if (!use_os_log) fprintf(stderr, "\n");
@@ -66,7 +75,7 @@ static PyMethodDef module_methods[] = {
bool
init_logging(PyObject *module) {
if (PyModule_AddFunctions(module, module_methods) != 0) return false;
-#ifdef __APPLE__
+#if USE_APPLE_OS_LOG
if (getenv("KITTY_LAUNCHED_BY_LAUNCH_SERVICES") != NULL) use_os_log = true;
#endif
return true;
diff --git a/setup.py b/setup.py
index f8643fce..55a96e73 100755
--- a/setup.py
+++ b/setup.py
@@ -711,7 +711,7 @@ Categories=System;TerminalEmulator;
CFBundlePackageType='APPL',
CFBundleSignature='????',
CFBundleExecutable=appname,
- LSMinimumSystemVersion='10.12.0',
+ LSMinimumSystemVersion='10.11.0',
LSRequiresNativeExecution=True,
NSAppleScriptEnabled=False,
# Needed for dark mode in Mojave when linking against older SDKs

12
pkgs/applications/misc/kitty/no-lto.patch Normal file
View File

@ -0,0 +1,12 @@
--- a/setup.py
+++ b/setup.py
@@ -223,9 +223,6 @@ def init_env(
cppflags += shlex.split(os.environ.get('CPPFLAGS', ''))
cflags += shlex.split(os.environ.get('CFLAGS', ''))
ldflags += shlex.split(os.environ.get('LDFLAGS', ''))
- if not debug and not sanitize:
- # See https://github.com/google/sanitizers/issues/647
- cflags.append('-flto'), ldflags.append('-flto')
if profile:
cppflags.append('-DWITH_PROFILER')

11
pkgs/applications/misc/kitty/no-werror.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/setup.py
+++ b/setup.py
@@ -202,7 +202,7 @@ def init_env(
cflags = os.environ.get(
'OVERRIDE_CFLAGS', (
'-Wextra -Wno-missing-field-initializers -Wall -std=c11'
- ' -pedantic-errors -Werror {} {} -fwrapv {} {} -pipe {} -fvisibility=hidden'
+ ' {} {} -fwrapv {} {} -pipe {} -fvisibility=hidden'
).format(
optimize,
' '.join(sanitize_args),

19
pkgs/applications/misc/kitty/png2icns.patch Normal file
View File

@ -0,0 +1,19 @@
--- a/setup.py
+++ b/setup.py
@@ -744,9 +744,15 @@ Categories=System;TerminalEmulator;
if not os.path.exists(logo_dir):
raise SystemExit('The kitty logo has not been generated, you need to run logo/make.py')
subprocess.check_call([
- 'iconutil', '-c', 'icns', logo_dir, '-o',
+ 'png2icns',
os.path.join('Resources', os.path.basename(logo_dir).partition('.')[0] + '.icns')
- ])
+ ] + [os.path.join(logo_dir, logo) for logo in (
+ 'icon_128x128.png',
+ 'icon_16x16.png',
+ 'icon_256x256.png',
+ 'icon_32x32.png',
+ 'icon_512x512.png',
+ )])
# }}}
# }}}

3
pkgs/applications/misc/octoprint/default.nix
View File

@ -19,6 +19,9 @@ let
(mkOverride "pylru" "1.0.9" "0b0pq0l7xv83dfsajsc49jcxzc99kb9jfx1a1dlx22hzcy962dvi")
(mkOverride "sarge" "0.1.4" "08s8896973bz1gg0pkr592w6g4p6v47bkfvws5i91p9xf8b35yar")
(mkOverride "tornado" "4.5.3" "02jzd23l4r6fswmwxaica9ldlyc2p6q8dk6dyff7j58fmdzf853d")
# https://github.com/NixOS/nixpkgs/pull/58179#issuecomment-478605134
(mkOverride "werkzeug" "0.14.1" "c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c")
]);
};

4
pkgs/applications/misc/polar-bookshelf/default.nix
View File

@ -10,12 +10,12 @@
stdenv.mkDerivation rec {
name = "polar-bookshelf-${version}";
version = "1.12.0";
version = "1.13.10";
# fetching a .deb because there's no easy way to package this Electron app
src = fetchurl {
url = "https://github.com/burtonator/polar-bookshelf/releases/download/v${version}/polar-bookshelf-${version}-amd64.deb";
sha256 = "058pl54mkbvcjyjmdz81r0ibk1qkc3798pkkdw1kp2cbg16qkfyh";
sha256 = "1bxcyf6n2m5x1z8ic6kzskinyyc6lh6nj0bycbwc524n6ms5j99p";
};
buildInputs = [

4
pkgs/applications/misc/safeeyes/default.nix
View File

@ -6,12 +6,12 @@ let inherit (python3Packages) python buildPythonApplication fetchPypi;
in buildPythonApplication rec {
name = "${pname}-${version}";
pname = "safeeyes";
version = "2.0.8.1";
version = "2.0.9";
namePrefix = "";
src = fetchPypi {
inherit pname version;
sha256 = "1x52ym8n4r6h38n4mcydxkvz71hhrd9wbiq4gzvwrai0xzl6qqsq";
sha256 = "13q06jv8hm0dynmr3g5pf1m4j3w9iabrpz1nhpl02f7x0d90whg2";
};
buildInputs = [

19
pkgs/applications/misc/solaar/default.nix
View File

@ -1,5 +1,9 @@
{fetchFromGitHub, stdenv, gtk3, pythonPackages, gobject-introspection}:
pythonPackages.buildPythonApplication rec {
{ fetchFromGitHub, lib, gobject-introspection, gtk3, python3Packages }:
# Although we copy in the udev rules here, you probably just want to use logitech-udev-rules instead of
# adding this to services.udev.packages on NixOS
python3Packages.buildPythonApplication rec {
pname = "solaar-unstable";
version = "2019-01-30";
@ -10,7 +14,8 @@ pythonPackages.buildPythonApplication rec {
sha256 = "0xg181xcwzzs8pdqvjrkjyaaga7ir93hzjvd17j9g3ns8xfj2mvr";
};
propagatedBuildInputs = [pythonPackages.pygobject3 pythonPackages.pyudev gobject-introspection gtk3];
propagatedBuildInputs = with python3Packages; [ gobject-introspection gtk3 pygobject3 pyudev ];
postInstall = ''
wrapProgram "$out/bin/solaar" \
--prefix PYTHONPATH : "$PYTHONPATH" \
@ -19,12 +24,12 @@ pythonPackages.buildPythonApplication rec {
--prefix PYTHONPATH : "$PYTHONPATH" \
--prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH"
mkdir -p $out/lib/udev/rules.d
cp rules.d/*.rules $out/lib/udev/rules.d/
install -Dm644 -t $out/etc/udev/rules.d rules.d/*.rules
'';
enableParallelBuilding = true;
meta = with stdenv.lib; {
meta = with lib; {
description = "Linux devices manager for the Logitech Unifying Receiver";
longDescription = ''
Solaar is a Linux device manager for Logitechs Unifying Receiver
@ -40,6 +45,6 @@ pythonPackages.buildPythonApplication rec {
license = licenses.gpl2;
homepage = https://pwr.github.io/Solaar/;
platforms = platforms.linux;
maintainers = [maintainers.spinus maintainers.ysndr];
maintainers = with maintainers; [ spinus ysndr ];
};
}

17
pkgs/applications/misc/stupidterm/default.nix
View File

@ -1,7 +1,8 @@
{ stdenv, fetchFromGitHub, pkgconfig, vte, gtk }:
stdenv.mkDerivation rec {
name = "stupidterm-2018-09-25";
pname = "stupidterm";
version = "2019-03-26";
nativeBuildInputs = [ pkgconfig ];
@ -10,17 +11,19 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub {
owner = "esmil";
repo = "stupidterm";
rev = "d1bc020797330df83d427e361d3620e346a4e792";
sha256 = "1yh2vhq3d0qbh0dh2h9yc7s9gkffgkb987vvwz2bdnvlskrjmmdj";
rev = "f824e41c2ca9016db73556c5d2f5a2861e235c8e";
sha256 = "1f73wvqqvj5pr3fvb7jjc4bi1iwgkkknz24k8n69mdb75jnfjipp";
};
makeFlags = "PKGCONFIG=${pkgconfig}/bin/pkg-config binary=stupidterm";
installPhase = ''
mkdir -p $out/bin $out/share/applications $out/share/stupidterm
cp stupidterm $out/bin
substituteAll ${./stupidterm.desktop} $out/share/applications/stupidterm.desktop
substituteAll stupidterm.ini $out/share/stupidterm/stupidterm.ini
install -D stupidterm $out/bin/stupidterm
install -D -m 644 stupidterm.desktop $out/share/applications/stupidterm.desktop
install -D -m 644 stupidterm.ini $out/share/stupidterm/stupidterm.ini
substituteInPlace $out/share/applications/stupidterm.desktop \
--replace "Exec=st" "Exec=$out/bin/stupidterm"
'';
meta = with stdenv.lib; {

9
pkgs/applications/misc/stupidterm/stupidterm.desktop
View File

@ -1,9 +0,0 @@
[Desktop Entry]
Version=20170315
Name=stupidterm
Comment=VTE based terminal emulator
Exec=stupidterm
Icon=utilities-terminal
Terminal=false
Type=Application
Categories=System;TerminalEmulator;

6
pkgs/applications/misc/sweethome3d/default.nix
View File

@ -74,15 +74,15 @@ let
in rec {
application = mkSweetHome3D rec {
version = "6.0";
version = "6.1.2";
module = "SweetHome3D";
name = stdenv.lib.toLower module + "-application-" + version;
description = "Design and visualize your future home";
license = stdenv.lib.licenses.gpl2Plus;
src = fetchsvn {
url = "https://svn.code.sf.net/p/sweethome3d/code/tags/V_" + d2u version + "/SweetHome3D/";
sha256 = "1l4kc1c2iwkggmcdb2wksb4vrh97ll804vc51yawhdlq9g567ky9";
rev = "6647";
sha256 = "14svi112kml175dblzcdjzhlfwbp1cy6rki49mqb3632hwmif6ya";
rev = "6750";
};
desktopName = "Sweet Home 3D";
icons = {

4
pkgs/applications/misc/terminator/default.nix
View File

@ -12,7 +12,9 @@ python2.pkgs.buildPythonApplication rec {
};
nativeBuildInputs = [ file intltool wrapGAppsHook gobject-introspection ];
buildInputs = [ gtk3 vte libnotify keybinder3 ];
buildInputs = [ gtk3 vte libnotify keybinder3
gobject-introspection # Temporary fix, see https://github.com/NixOS/nixpkgs/issues/56943
];
propagatedBuildInputs = with python2.pkgs; [ pygobject3 psutil pycairo ];
postPatch = ''

10
pkgs/applications/misc/tilix/default.nix
View File

@ -4,19 +4,20 @@
stdenv.mkDerivation rec {
pname = "tilix";
version = "1.8.9";
version = "1.9.0";
src = fetchFromGitHub {
owner = "gnunn1";
repo = "tilix";
rev = version;
sha256 = "1l1ib3g01mxiywbwjxc2522qgjy3ymjzy8bxl42k0hprpp95rw9d";
sha256 = "1k8hqpq6bzmn06b4s8c257n37ghgp3fl7l9g6fy0giwk1x0ix735";
};
nativeBuildInputs = [
autoreconfHook dmd desktop-file-utils perlPackages.Po4a pkgconfig xdg_utils
wrapGAppsHook
];
buildInputs = [ gnome3.dconf gettext gsettings-desktop-schemas gtkd dbus libsecret ];
preBuild = ''
@ -34,7 +35,10 @@ stdenv.mkDerivation rec {
substituteInPlace $out/share/applications/com.gexperts.Tilix.desktop \
--replace "Exec=tilix" "Exec=$out/bin/tilix"
sed -i '/^DBusActivatable=/d' $out/share/applications/com.gexperts.Tilix.desktop
# TODO: Won't be needed after the switch to Meson
substituteInPlace $out/share/dbus-1/services/com.gexperts.Tilix.service \
--replace "/usr/bin/tilix" "$out/bin/tilix"
'';
meta = with stdenv.lib; {

4
pkgs/applications/misc/xmrig/default.nix
View File

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
name = "xmrig-${version}";
version = "2.13.1";
version = "2.14.1";
src = fetchFromGitHub {
owner = "xmrig";
repo = "xmrig";
rev = "v${version}";
sha256 = "1s6hz9r0079r9sd1wgd1nm6wn1dmix4smz7174g9a29z2zcqr160";
sha256 = "0pc3ssmnn36xs3jgznx36q4z3qh06fkbz8md3p3rk6rpvly929pn";
};
nativeBuildInputs = [ cmake ];

4
pkgs/applications/misc/xmrig/proxy.nix
View File

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
name = "xmrig-proxy-${version}";
version = "2.11.0";
version = "2.14.0";
src = fetchFromGitHub {
owner = "xmrig";
repo = "xmrig-proxy";
rev = "v${version}";
sha256 = "1jjcgnpkxdafsdsxndsvzd84i6mwk7ix4vvgs3k1dla9ll9nwq5j";
sha256 = "0yw9g18blrwncy1ya9iwbfx8l7bs0v6nmnkk71bxz4zj9d8dkal3";
};
nativeBuildInputs = [ cmake ];

4
pkgs/applications/misc/xtermcontrol/default.nix
View File

@ -1,12 +1,12 @@
{ stdenv, fetchurl }:
stdenv.mkDerivation rec {
version = "3.6";
version = "3.7";
name = "xtermcontrol-${version}";
src = fetchurl {
url = "https://thrysoee.dk/xtermcontrol/xtermcontrol-${version}.tar.gz";
sha256 = "01bwgxya6qh4br2lx3v98p7j1b99skgr6c1frw5kdkxy57qlpgkz";
sha256 = "04m12ddaps5sdbqvkwkp6lh81i8vh5ya5gzcxkrkilsga3m6qff2";
};
meta = {

2
pkgs/applications/networking/brig/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, buildGoPackage, fetchFromGitHub, fetchgx }:
{ stdenv, buildGoPackage, fetchFromGitHub }:
buildGoPackage rec {
name = "brig-${version}";

2
pkgs/applications/networking/browsers/chromium/common.nix
View File

@ -25,7 +25,7 @@
# package customization
, enableNaCl ? false
, enableWideVine ? false
, useVaapi ? true
, useVaapi ? false
, gnomeSupport ? false, gnome ? null
, gnomeKeyringSupport ? false, libgnome-keyring3 ? null
, proprietaryCodecs ? true

2
pkgs/applications/networking/browsers/chromium/default.nix
View File

@ -11,7 +11,7 @@
, proprietaryCodecs ? true
, enablePepperFlash ? false
, enableWideVine ? false
, useVaapi ? true
, useVaapi ? false # test video on radeon, before enabling this
, cupsSupport ? true
, pulseSupport ? config.pulseaudio or stdenv.isLinux
, commandLineArgs ? ""

Some files were not shown because too many files have changed in this diff Show More