Merge master into staging-next
This commit is contained in:
commit
ec28e32c9e
|
@ -1242,6 +1242,12 @@
|
|||
githubId = 32319131;
|
||||
name = "Brett L";
|
||||
};
|
||||
buckley310 = {
|
||||
email = "sean.bck@gmail.com";
|
||||
github = "buckley310";
|
||||
githubId = 2379774;
|
||||
name = "Sean Buckley";
|
||||
};
|
||||
buffet = {
|
||||
email = "niclas@countingsort.com";
|
||||
github = "buffet";
|
||||
|
@ -4251,7 +4257,7 @@
|
|||
name = "Julien Dehos";
|
||||
};
|
||||
julm = {
|
||||
email = "julm+nixpkgs@sourcephile.fr";
|
||||
email = "julm+nix@sourcephile.fr";
|
||||
github = "ju1m";
|
||||
githubId = 21160136;
|
||||
name = "Julien Moutinho";
|
||||
|
@ -6567,6 +6573,12 @@
|
|||
githubId = 8641;
|
||||
name = "Pierre Carrier";
|
||||
};
|
||||
penguwin = {
|
||||
email = "penguwin@penguwin.eu";
|
||||
github = "penguwin";
|
||||
githubId = 13225611;
|
||||
name = "Nicolas Martin";
|
||||
};
|
||||
periklis = {
|
||||
email = "theopompos@gmail.com";
|
||||
github = "periklis";
|
||||
|
@ -9744,4 +9756,10 @@
|
|||
fingerprint = "8597 4506 EC69 5392 0443 0805 9D98 CDAC FF04 FD78";
|
||||
}];
|
||||
};
|
||||
hloeffler = {
|
||||
name = "Hauke Löffler";
|
||||
email = "nix@hauke-loeffler.de";
|
||||
github = "hloeffler";
|
||||
githubId = 6627191;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -226,7 +226,29 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION;
|
|||
<filename>testing-python.nix</filename> respectively.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
The Mediatomb service declares new options. It also adapts existing
|
||||
options to make the configuration generation lazy. The existing option
|
||||
<literal>customCfg</literal> (defaults to false), when enabled, stops
|
||||
the service configuration generation completely. It then expects the
|
||||
users to provide their own correct configuration at the right location
|
||||
(whereas the configuration was generated and not used at all before).
|
||||
The new option <literal>transcodingOption</literal> (defaults to no)
|
||||
allows a generated configuration. It makes the mediatomb service pulls
|
||||
the necessary runtime dependencies in the nix store (whereas it was
|
||||
generated with hardcoded values before). The new option
|
||||
<literal>mediaDirectories</literal> allows the users to declare autoscan
|
||||
media directories from their nixos configuration:
|
||||
<programlisting>
|
||||
services.mediatomb.mediaDirectories = [
|
||||
{ path = "/var/lib/mediatomb/pictures"; recursive = false; hidden-files = false; }
|
||||
{ path = "/var/lib/mediatomb/audio"; recursive = true; hidden-files = false; }
|
||||
];
|
||||
</programlisting>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
|
@ -864,6 +886,23 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
|||
</itemizedlist>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The mediatomb service is now using the new and maintained <literal>gerbera</literal>
|
||||
<literal>gerbera</literal> fork instead of the unmaintained
|
||||
<literal>mediatomb</literal> package. If you want to keep the old
|
||||
behavior, you must declare it with:
|
||||
<programlisting>
|
||||
services.mediatomb.package = pkgs.mediatomb;
|
||||
</programlisting>
|
||||
One new option <literal>openFirewall</literal> has been introduced which
|
||||
defaults to false. If you relied on the service declaration to add the
|
||||
firewall rules itself before, you should now declare it with:
|
||||
<programlisting>
|
||||
services.mediatomb.openFirewall = true;
|
||||
</programlisting>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
|
@ -1009,24 +1048,6 @@ services.transmission.settings.rpc-bind-address = "0.0.0.0";
|
|||
to get the previous behavior of listening on all network interfaces.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>security.apparmor</literal> module,
|
||||
for the <link xlink:href="https://gitlab.com/apparmor/apparmor/-/wikis/Documentation">AppArmor</link>
|
||||
Mandatory Access Control system,
|
||||
has been substantialy improved along with related tools,
|
||||
so that module maintainers can now more easily write AppArmor profiles for NixOS.
|
||||
The most notable change on the user-side is the new option <xref linkend="opt-security.apparmor.policies"/>,
|
||||
replacing the previous <literal>profiles</literal> option
|
||||
to provide a way to disable a profile
|
||||
and to select whether to confine in enforce mode (default)
|
||||
or in complain mode (see <literal>journalctl -b --grep apparmor</literal>).
|
||||
Before enabling this module, either directly
|
||||
or by importing <literal><nixpkgs/nixos/modules/profiles/hardened.nix></literal>,
|
||||
please be sure to read the documentation of <link linkend="opt-security.apparmor.enable">security.apparmor.enable</link>,
|
||||
and especially the part about <xref linkend="opt-security.apparmor.killUnconfinedConfinables"/>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
With this release <literal>systemd-networkd</literal> (when enabled through <xref linkend="opt-networking.useNetworkd"/>)
|
||||
|
|
|
@ -94,7 +94,16 @@
|
|||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para />
|
||||
<para>
|
||||
The default-version of <literal>nextcloud</literal> is <package>nextcloud20</package>.
|
||||
Please note that it's <emphasis>not</emphasis> possible to upgrade <literal>nextcloud</literal>
|
||||
across multiple major versions! This means that it's e.g. not possible to upgrade
|
||||
from <package>nextcloud18</package> to <package>nextcloud20</package> in a single deploy.
|
||||
</para>
|
||||
<para>
|
||||
The package can be manually upgraded by setting <xref linkend="opt-services.nextcloud.package" />
|
||||
to <package>nextcloud20</package>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
|
|
@ -448,40 +448,6 @@ in
|
|||
(mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.fontconfig ];
|
||||
environment.etc.fonts.source = "${fontconfigEtc}/etc/fonts/";
|
||||
security.apparmor.includes."abstractions/fonts" = ''
|
||||
# fonts.conf
|
||||
r ${pkg.out}/etc/fonts/fonts.conf,
|
||||
|
||||
# fontconfig default config files
|
||||
r ${pkg.out}/etc/fonts/conf.d/*.conf,
|
||||
|
||||
# 00-nixos-cache.conf
|
||||
r ${cacheConf},
|
||||
|
||||
# 10-nixos-rendering.conf
|
||||
r ${renderConf},
|
||||
|
||||
# 50-user.conf
|
||||
${optionalString cfg.includeUserConf ''
|
||||
r ${pkg.out}/etc/fonts/conf.d.bak/50-user.conf,
|
||||
''}
|
||||
|
||||
# local.conf (indirect priority 51)
|
||||
${optionalString (cfg.localConf != "") ''
|
||||
r ${localConf},
|
||||
''}
|
||||
|
||||
# 52-nixos-default-fonts.conf
|
||||
r ${defaultFontsConf},
|
||||
|
||||
# 53-no-bitmaps.conf
|
||||
r ${rejectBitmaps},
|
||||
|
||||
${optionalString (!cfg.allowType1) ''
|
||||
# 53-nixos-reject-type1.conf
|
||||
r ${rejectType1},
|
||||
''}
|
||||
'';
|
||||
})
|
||||
(mkIf cfg.enable {
|
||||
fonts.fontconfig.confPackages = [ confPkg ];
|
||||
|
|
|
@ -87,12 +87,5 @@ in
|
|||
environment.etc."ld-nix.so.preload".text = ''
|
||||
${providerLibPath}
|
||||
'';
|
||||
security.apparmor.includes = {
|
||||
"abstractions/base" = ''
|
||||
r /etc/ld-nix.so.preload,
|
||||
r ${config.environment.etc."ld-nix.so.preload".source},
|
||||
mr ${providerLibPath},
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -186,6 +186,7 @@
|
|||
./rename.nix
|
||||
./security/acme.nix
|
||||
./security/apparmor.nix
|
||||
./security/apparmor-suid.nix
|
||||
./security/audit.nix
|
||||
./security/auditd.nix
|
||||
./security/ca.nix
|
||||
|
@ -331,6 +332,7 @@
|
|||
./services/desktops/tumbler.nix
|
||||
./services/desktops/zeitgeist.nix
|
||||
./services/development/bloop.nix
|
||||
./services/development/blackfire.nix
|
||||
./services/development/hoogle.nix
|
||||
./services/development/jupyter/default.nix
|
||||
./services/development/jupyterhub/default.nix
|
||||
|
|
|
@ -110,6 +110,7 @@ let
|
|||
protocolOpts = if useDns then (
|
||||
[ "--dns" data.dnsProvider ]
|
||||
++ optionals (!data.dnsPropagationCheck) [ "--dns.disable-cp" ]
|
||||
++ optionals (data.dnsResolver != null) [ "--dns.resolvers" data.dnsResolver ]
|
||||
) else (
|
||||
[ "--http" "--http.webroot" data.webroot ]
|
||||
);
|
||||
|
@ -207,7 +208,7 @@ let
|
|||
|
||||
renewService = {
|
||||
description = "Renew ACME certificate for ${cert}";
|
||||
after = [ "network.target" "network-online.target" "acme-fixperms.service" ] ++ selfsignedDeps;
|
||||
after = [ "network.target" "network-online.target" "acme-fixperms.service" "nss-lookup.target" ] ++ selfsignedDeps;
|
||||
wants = [ "network-online.target" "acme-fixperms.service" ] ++ selfsignedDeps;
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/pull/81371#issuecomment-605526099
|
||||
|
@ -403,6 +404,17 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
dnsResolver = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "1.1.1.1:53";
|
||||
description = ''
|
||||
Set the resolver to use for performing recursive DNS queries. Supported:
|
||||
host:port. The default is to use the system resolvers, or Google's DNS
|
||||
resolvers if the system's cannot be determined.
|
||||
'';
|
||||
};
|
||||
|
||||
credentialsFile = mkOption {
|
||||
type = types.path;
|
||||
description = ''
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.security.apparmor;
|
||||
in
|
||||
with lib;
|
||||
{
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "security" "virtualization" "flushL1DataCache" ] [ "security" "virtualisation" "flushL1DataCache" ])
|
||||
];
|
||||
|
||||
options.security.apparmor.confineSUIDApplications = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Install AppArmor profiles for commonly-used SUID application
|
||||
to mitigate potential privilege escalation attacks due to bugs
|
||||
in such applications.
|
||||
|
||||
Currently available profiles: ping
|
||||
'';
|
||||
};
|
||||
|
||||
config = mkIf (cfg.confineSUIDApplications) {
|
||||
security.apparmor.profiles = [ (pkgs.writeText "ping" ''
|
||||
#include <tunables/global>
|
||||
/run/wrappers/bin/ping {
|
||||
#include <abstractions/base>
|
||||
#include <abstractions/consoles>
|
||||
#include <abstractions/nameservice>
|
||||
|
||||
capability net_raw,
|
||||
capability setuid,
|
||||
network inet raw,
|
||||
|
||||
${pkgs.stdenv.cc.libc.out}/lib/*.so mr,
|
||||
${pkgs.libcap.lib}/lib/libcap.so* mr,
|
||||
${pkgs.attr.out}/lib/libattr.so* mr,
|
||||
|
||||
${pkgs.iputils}/bin/ping mixr,
|
||||
|
||||
#/etc/modules.conf r,
|
||||
|
||||
## Site-specific additions and overrides. See local/README for details.
|
||||
##include <local/bin.ping>
|
||||
}
|
||||
'') ];
|
||||
};
|
||||
|
||||
}
|
|
@ -1,198 +1,59 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (builtins) attrNames head map match readFile;
|
||||
inherit (lib) types;
|
||||
inherit (config.environment) etc;
|
||||
inherit (lib) mkIf mkOption types concatMapStrings;
|
||||
cfg = config.security.apparmor;
|
||||
mkDisableOption = name: lib.mkEnableOption name // {
|
||||
default = true;
|
||||
example = false;
|
||||
};
|
||||
enabledPolicies = lib.filterAttrs (n: p: p.enable) cfg.policies;
|
||||
in
|
||||
|
||||
{
|
||||
imports = [
|
||||
(lib.mkRenamedOptionModule [ "security" "virtualization" "flushL1DataCache" ] [ "security" "virtualisation" "flushL1DataCache" ])
|
||||
(lib.mkRemovedOptionModule [ "security" "apparmor" "confineSUIDApplications" ] "Please use the new options: `security.apparmor.policies.<policy>.enable'.")
|
||||
(lib.mkRemovedOptionModule [ "security" "apparmor" "profiles" ] "Please use the new option: `security.apparmor.policies'.")
|
||||
apparmor/includes.nix
|
||||
apparmor/profiles.nix
|
||||
];
|
||||
options = {
|
||||
security.apparmor = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enable the AppArmor Mandatory Access Control system.";
|
||||
};
|
||||
profiles = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [];
|
||||
description = "List of files containing AppArmor profiles.";
|
||||
};
|
||||
packages = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [];
|
||||
description = "List of packages to be added to apparmor's include path";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
options = {
|
||||
security.apparmor = {
|
||||
enable = lib.mkEnableOption ''the AppArmor Mandatory Access Control system.
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.apparmor-utils ];
|
||||
|
||||
If you're enabling this module on a running system,
|
||||
note that a reboot will be required to activate AppArmor in the kernel.
|
||||
boot.kernelParams = [ "apparmor=1" "security=apparmor" ];
|
||||
|
||||
Also, beware that enabling this module will by default
|
||||
try to kill unconfined but confinable running processes,
|
||||
in order to obtain a confinement matching what is declared in the NixOS configuration.
|
||||
This will happen when upgrading to a NixOS revision
|
||||
introducing an AppArmor profile for the executable of a running process.
|
||||
This is because enabling an AppArmor profile for an executable
|
||||
can only confine new or already confined processes of that executable,
|
||||
but leaves already running processes unconfined.
|
||||
Set <link linkend="opt-security.apparmor.killUnconfinedConfinables">killUnconfinedConfinables</link>
|
||||
to <literal>false</literal> if you prefer to leave those processes running'';
|
||||
policies = lib.mkOption {
|
||||
description = ''
|
||||
AppArmor policies.
|
||||
'';
|
||||
type = types.attrsOf (types.submodule ({ name, config, ... }: {
|
||||
options = {
|
||||
enable = mkDisableOption "loading of the profile into the kernel";
|
||||
enforce = mkDisableOption "enforcing of the policy or only complain in the logs";
|
||||
profile = lib.mkOption {
|
||||
description = "The policy of the profile.";
|
||||
type = types.lines;
|
||||
apply = pkgs.writeText name;
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = {};
|
||||
};
|
||||
includes = lib.mkOption {
|
||||
type = types.attrsOf types.lines;
|
||||
default = {};
|
||||
description = ''
|
||||
List of paths to be added to AppArmor's searched paths
|
||||
when resolving <literal>include</literal> directives.
|
||||
'';
|
||||
apply = lib.mapAttrs pkgs.writeText;
|
||||
};
|
||||
packages = lib.mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [];
|
||||
description = "List of packages to be added to AppArmor's include path";
|
||||
};
|
||||
enableCache = lib.mkEnableOption ''caching of AppArmor policies
|
||||
in <literal>/var/cache/apparmor/</literal>.
|
||||
|
||||
Beware that AppArmor policies almost always contain Nix store paths,
|
||||
and thus produce at each change of these paths
|
||||
a new cached version accumulating in the cache'';
|
||||
killUnconfinedConfinables = mkDisableOption ''killing of processes
|
||||
which have an AppArmor profile enabled
|
||||
(in <link linkend="opt-security.apparmor.policies">policies</link>)
|
||||
but are not confined (because AppArmor can only confine new processes).
|
||||
Beware that due to a current limitation of AppArmor,
|
||||
only profiles with exact paths (and no name) can enable such kills'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
assertions = map (policy:
|
||||
{ assertion = match ".*/.*" policy == null;
|
||||
message = "`security.apparmor.policies.\"${policy}\"' must not contain a slash.";
|
||||
# Because, for instance, aa-remove-unknown uses profiles_names_list() in rc.apparmor.functions
|
||||
# which does not recurse into sub-directories.
|
||||
}
|
||||
) (attrNames cfg.policies);
|
||||
|
||||
environment.systemPackages = [ pkgs.apparmor-utils ];
|
||||
environment.etc."apparmor.d".source = pkgs.linkFarm "apparmor.d" (
|
||||
# It's important to put only enabledPolicies here and not all cfg.policies
|
||||
# because aa-remove-unknown reads profiles from all /etc/apparmor.d/*
|
||||
lib.mapAttrsToList (name: p: {inherit name; path=p.profile;}) enabledPolicies ++
|
||||
lib.mapAttrsToList (name: path: {inherit name path;}) cfg.includes
|
||||
);
|
||||
environment.etc."apparmor/parser.conf".text = ''
|
||||
${if cfg.enableCache then "write-cache" else "skip-cache"}
|
||||
cache-loc /var/cache/apparmor
|
||||
Include /etc/apparmor.d
|
||||
'' +
|
||||
lib.concatMapStrings (p: "Include ${p}/etc/apparmor.d\n") cfg.packages;
|
||||
# For aa-logprof
|
||||
environment.etc."apparmor/apparmor.conf".text = ''
|
||||
'';
|
||||
# For aa-logprof
|
||||
environment.etc."apparmor/severity.db".source = pkgs.apparmor-utils + "/etc/apparmor/severity.db";
|
||||
environment.etc."apparmor/logprof.conf".text = ''
|
||||
[settings]
|
||||
# /etc/apparmor.d/ is read-only on NixOS
|
||||
profiledir = /var/cache/apparmor/logprof
|
||||
inactive_profiledir = /etc/apparmor.d/disable
|
||||
# Use: journalctl -b --since today --grep audit: | aa-logprof
|
||||
logfiles = /dev/stdin
|
||||
|
||||
parser = ${pkgs.apparmor-parser}/bin/apparmor_parser
|
||||
ldd = ${pkgs.glibc.bin}/bin/ldd
|
||||
logger = ${pkgs.utillinux}/bin/logger
|
||||
|
||||
# customize how file ownership permissions are presented
|
||||
# 0 - off
|
||||
# 1 - default of what ever mode the log reported
|
||||
# 2 - force the new permissions to be user
|
||||
# 3 - force all perms on the rule to be user
|
||||
default_owner_prompt = 1
|
||||
|
||||
custom_includes = /etc/apparmor.d ${lib.concatMapStringsSep " " (p: "${p}/etc/apparmor.d") cfg.packages}
|
||||
|
||||
[qualifiers]
|
||||
${pkgs.runtimeShell} = icnu
|
||||
${pkgs.bashInteractive}/bin/sh = icnu
|
||||
${pkgs.bashInteractive}/bin/bash = icnu
|
||||
'' + head (match "^.*\\[qualifiers](.*)" # Drop the original [settings] section.
|
||||
(readFile "${pkgs.apparmor-utils}/etc/apparmor/logprof.conf"));
|
||||
|
||||
boot.kernelParams = [ "apparmor=1" "security=apparmor" ];
|
||||
|
||||
systemd.services.apparmor = {
|
||||
after = [
|
||||
"local-fs.target"
|
||||
"systemd-journald-audit.socket"
|
||||
];
|
||||
before = [ "sysinit.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
unitConfig = {
|
||||
Description="Load AppArmor policies";
|
||||
DefaultDependencies = "no";
|
||||
ConditionSecurity = "apparmor";
|
||||
};
|
||||
# Reloading instead of restarting enables to load new AppArmor profiles
|
||||
# without necessarily restarting all services which have Requires=apparmor.service
|
||||
reloadIfChanged = true;
|
||||
restartTriggers = [
|
||||
etc."apparmor/parser.conf".source
|
||||
etc."apparmor.d".source
|
||||
];
|
||||
serviceConfig = let
|
||||
killUnconfinedConfinables = pkgs.writeShellScript "apparmor-kill" ''
|
||||
set -eu
|
||||
${pkgs.apparmor-utils}/bin/aa-status --json |
|
||||
${pkgs.jq}/bin/jq --raw-output '.processes | .[] | .[] | select (.status == "unconfined") | .pid' |
|
||||
xargs --verbose --no-run-if-empty --delimiter='\n' \
|
||||
kill
|
||||
'';
|
||||
commonOpts = p: "--verbose --show-cache ${lib.optionalString (!p.enforce) "--complain "}${p.profile}";
|
||||
in {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = "yes";
|
||||
ExecStartPre = "${pkgs.apparmor-utils}/bin/aa-teardown";
|
||||
ExecStart = lib.mapAttrsToList (n: p: "${pkgs.apparmor-parser}/bin/apparmor_parser --add ${commonOpts p}") enabledPolicies;
|
||||
ExecStartPost = lib.optional cfg.killUnconfinedConfinables killUnconfinedConfinables;
|
||||
ExecReload =
|
||||
# Add or replace into the kernel profiles in enabledPolicies
|
||||
# (because AppArmor can do that without stopping the processes already confined).
|
||||
lib.mapAttrsToList (n: p: "${pkgs.apparmor-parser}/bin/apparmor_parser --replace ${commonOpts p}") enabledPolicies ++
|
||||
# Remove from the kernel any profile whose name is not
|
||||
# one of the names within the content of the profiles in enabledPolicies
|
||||
# (indirectly read from /etc/apparmor.d/*, without recursing into sub-directory).
|
||||
# Note that this does not remove profiles dynamically generated by libvirt.
|
||||
[ "${pkgs.apparmor-utils}/bin/aa-remove-unknown" ] ++
|
||||
# Optionaly kill the processes which are unconfined but now have a profile loaded
|
||||
# (because AppArmor can only start to confine new processes).
|
||||
lib.optional cfg.killUnconfinedConfinables killUnconfinedConfinables;
|
||||
ExecStop = "${pkgs.apparmor-utils}/bin/aa-teardown";
|
||||
CacheDirectory = [ "apparmor" "apparmor/logprof" ];
|
||||
CacheDirectoryMode = "0700";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ julm ];
|
||||
systemd.services.apparmor = let
|
||||
paths = concatMapStrings (s: " -I ${s}/etc/apparmor.d")
|
||||
([ pkgs.apparmor-profiles ] ++ cfg.packages);
|
||||
in {
|
||||
after = [ "local-fs.target" ];
|
||||
before = [ "sysinit.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
unitConfig = {
|
||||
DefaultDependencies = "no";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = "yes";
|
||||
ExecStart = map (p:
|
||||
''${pkgs.apparmor-parser}/bin/apparmor_parser -rKv ${paths} "${p}"''
|
||||
) cfg.profiles;
|
||||
ExecStop = map (p:
|
||||
''${pkgs.apparmor-parser}/bin/apparmor_parser -Rv "${p}"''
|
||||
) cfg.profiles;
|
||||
ExecReload = map (p:
|
||||
''${pkgs.apparmor-parser}/bin/apparmor_parser --reload ${paths} "${p}"''
|
||||
) cfg.profiles;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,301 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (builtins) attrNames hasAttr isAttrs;
|
||||
inherit (lib) getLib;
|
||||
inherit (config.environment) etc;
|
||||
etcRule = arg:
|
||||
let go = {path ? null, mode ? "r", trail ? ""}:
|
||||
lib.optionalString (hasAttr path etc)
|
||||
"${mode} ${config.environment.etc.${path}.source}${trail},";
|
||||
in if isAttrs arg
|
||||
then go arg
|
||||
else go {path=arg;};
|
||||
in
|
||||
{
|
||||
# FIXME: most of the etcRule calls below have been
|
||||
# written systematically by converting from apparmor-profiles's profiles
|
||||
# without testing nor deep understanding of their uses,
|
||||
# and thus may need more rules or can have less rules;
|
||||
# this remains to be determined case by case,
|
||||
# some may even be completely useless.
|
||||
config.security.apparmor.includes = {
|
||||
# This one is included by <tunables/global>
|
||||
# which is usualy included before any profile.
|
||||
"abstractions/tunables/alias" = ''
|
||||
alias /bin -> /run/current-system/sw/bin,
|
||||
alias /lib/modules -> /run/current-system/kernel/lib/modules,
|
||||
alias /sbin -> /run/current-system/sw/sbin,
|
||||
alias /usr -> /run/current-system/sw,
|
||||
'';
|
||||
"abstractions/audio" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/audio"
|
||||
${etcRule "asound.conf"}
|
||||
${etcRule "esound/esd.conf"}
|
||||
${etcRule "libao.conf"}
|
||||
${etcRule {path="pulse"; trail="/";}}
|
||||
${etcRule {path="pulse"; trail="/**";}}
|
||||
${etcRule {path="sound"; trail="/";}}
|
||||
${etcRule {path="sound"; trail="/**";}}
|
||||
${etcRule {path="alsa/conf.d"; trail="/";}}
|
||||
${etcRule {path="alsa/conf.d"; trail="/*";}}
|
||||
${etcRule "openal/alsoft.conf"}
|
||||
${etcRule "wildmidi/wildmidi.conf"}
|
||||
'';
|
||||
"abstractions/authentication" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/authentication"
|
||||
# Defined in security.pam
|
||||
include <abstractions/pam>
|
||||
${etcRule "nologin"}
|
||||
${etcRule "securetty"}
|
||||
${etcRule {path="security"; trail="/*";}}
|
||||
${etcRule "shadow"}
|
||||
${etcRule "gshadow"}
|
||||
${etcRule "pwdb.conf"}
|
||||
${etcRule "default/passwd"}
|
||||
${etcRule "login.defs"}
|
||||
'';
|
||||
"abstractions/base" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/base"
|
||||
r ${pkgs.stdenv.cc.libc}/share/locale/**,
|
||||
r ${pkgs.stdenv.cc.libc}/share/locale.alias,
|
||||
${lib.optionalString (pkgs.glibcLocales != null) "r ${pkgs.glibcLocales}/lib/locale/locale-archive,"}
|
||||
${etcRule "localtime"}
|
||||
r ${pkgs.tzdata}/share/zoneinfo/**,
|
||||
r ${pkgs.stdenv.cc.libc}/share/i18n/**,
|
||||
'';
|
||||
"abstractions/bash" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/bash"
|
||||
# system-wide bash configuration
|
||||
${etcRule "profile.dos"}
|
||||
${etcRule "profile"}
|
||||
${etcRule "profile.d"}
|
||||
${etcRule {path="profile.d"; trail="/*";}}
|
||||
${etcRule "bashrc"}
|
||||
${etcRule "bash.bashrc"}
|
||||
${etcRule "bash.bashrc.local"}
|
||||
${etcRule "bash_completion"}
|
||||
${etcRule "bash_completion.d"}
|
||||
${etcRule {path="bash_completion.d"; trail="/*";}}
|
||||
# bash relies on system-wide readline configuration
|
||||
${etcRule "inputrc"}
|
||||
# bash inspects filesystems at startup
|
||||
# and /etc/mtab is linked to /proc/mounts
|
||||
@{PROC}/mounts
|
||||
|
||||
# run out of /etc/bash.bashrc
|
||||
${etcRule "DIR_COLORS"}
|
||||
'';
|
||||
"abstractions/cups-client" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/cpus-client"
|
||||
${etcRule "cups/cups-client.conf"}
|
||||
'';
|
||||
"abstractions/consoles" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/consoles"
|
||||
'';
|
||||
"abstractions/dbus-session-strict" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/dbus-session-strict"
|
||||
${etcRule "machine-id"}
|
||||
'';
|
||||
"abstractions/dconf" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/dconf"
|
||||
${etcRule {path="dconf"; trail="/**";}}
|
||||
'';
|
||||
"abstractions/dri-common" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/dri-common"
|
||||
${etcRule "drirc"}
|
||||
'';
|
||||
# The config.fonts.fontconfig NixOS module adds many files to /etc/fonts/
|
||||
# by symlinking them but without exporting them outside of its NixOS module,
|
||||
# those are therefore added there to this "abstractions/fonts".
|
||||
"abstractions/fonts" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/fonts"
|
||||
${etcRule {path="fonts"; trail="/**";}}
|
||||
'';
|
||||
"abstractions/gnome" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/gnome"
|
||||
${etcRule {path="gnome"; trail="/gtkrc*";}}
|
||||
${etcRule {path="gtk"; trail="/*";}}
|
||||
${etcRule {path="gtk-2.0"; trail="/*";}}
|
||||
${etcRule {path="gtk-3.0"; trail="/*";}}
|
||||
${etcRule "orbitrc"}
|
||||
include <abstractions/fonts>
|
||||
${etcRule {path="pango"; trail="/*";}}
|
||||
${etcRule {path="/etc/gnome-vfs-2.0"; trail="/modules/";}}
|
||||
${etcRule {path="/etc/gnome-vfs-2.0"; trail="/modules/*";}}
|
||||
${etcRule "papersize"}
|
||||
${etcRule {path="cups"; trail="/lpoptions";}}
|
||||
${etcRule {path="gnome"; trail="/defaults.list";}}
|
||||
${etcRule {path="xdg"; trail="/{,*-}mimeapps.list";}}
|
||||
${etcRule "xdg/mimeapps.list"}
|
||||
'';
|
||||
"abstractions/kde" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/kde"
|
||||
${etcRule {path="qt3"; trail="/kstylerc";}}
|
||||
${etcRule {path="qt3"; trail="/qt_plugins_3.3rc";}}
|
||||
${etcRule {path="qt3"; trail="/qtrc";}}
|
||||
${etcRule "kderc"}
|
||||
${etcRule {path="kde3"; trail="/*";}}
|
||||
${etcRule "kde4rc"}
|
||||
${etcRule {path="xdg"; trail="/kdeglobals";}}
|
||||
${etcRule {path="xdg"; trail="/Trolltech.conf";}}
|
||||
'';
|
||||
"abstractions/kerberosclient" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/kerberosclient"
|
||||
${etcRule {path="krb5.keytab"; mode="rk";}}
|
||||
${etcRule "krb5.conf"}
|
||||
${etcRule "krb5.conf.d"}
|
||||
${etcRule {path="krb5.conf.d"; trail="/*";}}
|
||||
|
||||
# config files found via strings on libs
|
||||
${etcRule "krb.conf"}
|
||||
${etcRule "krb.realms"}
|
||||
${etcRule "srvtab"}
|
||||
'';
|
||||
"abstractions/ldapclient" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/ldapclient"
|
||||
${etcRule "ldap.conf"}
|
||||
${etcRule "ldap.secret"}
|
||||
${etcRule {path="openldap"; trail="/*";}}
|
||||
${etcRule {path="openldap"; trail="/cacerts/*";}}
|
||||
${etcRule {path="sasl2"; trail="/*";}}
|
||||
'';
|
||||
"abstractions/likewise" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/likewise"
|
||||
'';
|
||||
"abstractions/mdns" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/mdns"
|
||||
${etcRule "nss_mdns.conf"}
|
||||
'';
|
||||
"abstractions/nameservice" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/nameservice"
|
||||
|
||||
# Many programs wish to perform nameservice-like operations, such as
|
||||
# looking up users by name or id, groups by name or id, hosts by name
|
||||
# or IP, etc. These operations may be performed through files, dns,
|
||||
# NIS, NIS+, LDAP, hesiod, wins, etc. Allow them all here.
|
||||
${etcRule "group"}
|
||||
${etcRule "host.conf"}
|
||||
${etcRule "hosts"}
|
||||
${etcRule "nsswitch.conf"}
|
||||
${etcRule "gai.conf"}
|
||||
${etcRule "passwd"}
|
||||
${etcRule "protocols"}
|
||||
|
||||
# libtirpc (used for NIS/YP login) needs this
|
||||
${etcRule "netconfig"}
|
||||
|
||||
${etcRule "resolv.conf"}
|
||||
|
||||
${etcRule {path="samba"; trail="/lmhosts";}}
|
||||
${etcRule "services"}
|
||||
|
||||
${etcRule "default/nss"}
|
||||
|
||||
# libnl-3-200 via libnss-gw-name
|
||||
${etcRule {path="libnl"; trail="/classid";}}
|
||||
${etcRule {path="libnl-3"; trail="/classid";}}
|
||||
|
||||
mr ${getLib pkgs.nss}/lib/libnss_*.so*,
|
||||
mr ${getLib pkgs.nss}/lib64/libnss_*.so*,
|
||||
'';
|
||||
"abstractions/nis" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/nis"
|
||||
'';
|
||||
"abstractions/nvidia" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/nvidia"
|
||||
${etcRule "vdpau_wrapper.cfg"}
|
||||
'';
|
||||
"abstractions/opencl-common" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/opencl-common"
|
||||
${etcRule {path="OpenCL"; trail="/**";}}
|
||||
'';
|
||||
"abstractions/opencl-mesa" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/opencl-mesa"
|
||||
${etcRule "default/drirc"}
|
||||
'';
|
||||
"abstractions/openssl" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/openssl"
|
||||
${etcRule {path="ssl"; trail="/openssl.cnf";}}
|
||||
'';
|
||||
"abstractions/p11-kit" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/p11-kit"
|
||||
${etcRule {path="pkcs11"; trail="/";}}
|
||||
${etcRule {path="pkcs11"; trail="/pkcs11.conf";}}
|
||||
${etcRule {path="pkcs11"; trail="/modules/";}}
|
||||
${etcRule {path="pkcs11"; trail="/modules/*";}}
|
||||
'';
|
||||
"abstractions/perl" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/perl"
|
||||
${etcRule {path="perl"; trail="/**";}}
|
||||
'';
|
||||
"abstractions/php" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/php"
|
||||
${etcRule {path="php"; trail="/**/";}}
|
||||
${etcRule {path="php5"; trail="/**/";}}
|
||||
${etcRule {path="php7"; trail="/**/";}}
|
||||
${etcRule {path="php"; trail="/**.ini";}}
|
||||
${etcRule {path="php5"; trail="/**.ini";}}
|
||||
${etcRule {path="php7"; trail="/**.ini";}}
|
||||
'';
|
||||
"abstractions/postfix-common" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/postfix-common"
|
||||
${etcRule "mailname"}
|
||||
${etcRule {path="postfix"; trail="/*.cf";}}
|
||||
${etcRule "postfix/main.cf"}
|
||||
${etcRule "postfix/master.cf"}
|
||||
'';
|
||||
"abstractions/python" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/python"
|
||||
'';
|
||||
"abstractions/qt5" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/qt5"
|
||||
${etcRule {path="xdg"; trail="/QtProject/qtlogging.ini";}}
|
||||
${etcRule {path="xdg/QtProject"; trail="/qtlogging.ini";}}
|
||||
${etcRule "xdg/QtProject/qtlogging.ini"}
|
||||
'';
|
||||
"abstractions/samba" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/samba"
|
||||
${etcRule {path="samba"; trail="/*";}}
|
||||
'';
|
||||
"abstractions/ssl_certs" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/ssl_certs"
|
||||
${etcRule "ssl/certs/ca-certificates.crt"}
|
||||
${etcRule "ssl/certs/ca-bundle.crt"}
|
||||
${etcRule "pki/tls/certs/ca-bundle.crt"}
|
||||
|
||||
${etcRule {path="ssl/trust"; trail="/";}}
|
||||
${etcRule {path="ssl/trust"; trail="/*";}}
|
||||
${etcRule {path="ssl/trust/anchors"; trail="/";}}
|
||||
${etcRule {path="ssl/trust/anchors"; trail="/**";}}
|
||||
${etcRule {path="pki/trust"; trail="/";}}
|
||||
${etcRule {path="pki/trust"; trail="/*";}}
|
||||
${etcRule {path="pki/trust/anchors"; trail="/";}}
|
||||
${etcRule {path="pki/trust/anchors"; trail="/**";}}
|
||||
|
||||
# security.acme NixOS module
|
||||
r /var/lib/acme/*/cert.pem,
|
||||
r /var/lib/acme/*/chain.pem,
|
||||
r /var/lib/acme/*/fullchain.pem,
|
||||
'';
|
||||
"abstractions/ssl_keys" = ''
|
||||
# security.acme NixOS module
|
||||
r /var/lib/acme/*/full.pem,
|
||||
r /var/lib/acme/*/key.pem,
|
||||
'';
|
||||
"abstractions/vulkan" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/vulkan"
|
||||
${etcRule {path="vulkan/icd.d"; trail="/";}}
|
||||
${etcRule {path="vulkan/icd.d"; trail="/*.json";}}
|
||||
'';
|
||||
"abstractions/winbind" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/winbind"
|
||||
${etcRule {path="samba"; trail="/smb.conf";}}
|
||||
${etcRule {path="samba"; trail="/dhcp.conf";}}
|
||||
'';
|
||||
"abstractions/X" = ''
|
||||
include "${pkgs.apparmor-profiles}/etc/apparmor.d/abstractions/X"
|
||||
${etcRule {path="X11/cursors"; trail="/";}}
|
||||
${etcRule {path="X11/cursors"; trail="/**";}}
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,11 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let apparmor = config.security.apparmor; in
|
||||
{
|
||||
config.security.apparmor.packages = [ pkgs.apparmor-profiles ];
|
||||
config.security.apparmor.policies."bin.ping".profile = lib.mkIf apparmor.policies."bin.ping".enable ''
|
||||
include "${pkgs.iputils.apparmor}/bin.ping"
|
||||
include "${pkgs.inetutils.apparmor}/bin.ping"
|
||||
# Note that including those two profiles in the same profile
|
||||
# would not work if the second one were to re-include <tunables/global>.
|
||||
'';
|
||||
}
|
|
@ -366,7 +366,7 @@ let
|
|||
${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth
|
||||
"auth ${p11.control} ${pkgs.pam_p11}/lib/security/pam_p11.so ${pkgs.opensc}/lib/opensc-pkcs11.so"}
|
||||
${let u2f = config.security.pam.u2f; in optionalString cfg.u2fAuth
|
||||
"auth ${u2f.control} ${pkgs.pam_u2f}/lib/security/pam_u2f.so ${optionalString u2f.debug "debug"} ${optionalString (u2f.authFile != null) "authfile=${u2f.authFile}"} ${optionalString u2f.interactive "interactive"} ${optionalString u2f.cue "cue"}"}
|
||||
"auth ${u2f.control} ${pkgs.pam_u2f}/lib/security/pam_u2f.so ${optionalString u2f.debug "debug"} ${optionalString (u2f.authFile != null) "authfile=${u2f.authFile}"} ${optionalString u2f.interactive "interactive"} ${optionalString u2f.cue "cue"} ${optionalString (u2f.appId != null) "appid=${u2f.appId}"}"}
|
||||
${optionalString cfg.usbAuth
|
||||
"auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"}
|
||||
${let oath = config.security.pam.oath; in optionalString cfg.oathAuth
|
||||
|
@ -653,6 +653,22 @@ in
|
|||
xlink:href="https://developers.yubico.com/pam-u2f/">here</link>.
|
||||
'';
|
||||
};
|
||||
|
||||
appId = mkOption {
|
||||
default = null;
|
||||
type = with types; nullOr str;
|
||||
description = ''
|
||||
By default <literal>pam-u2f</literal> module sets the application
|
||||
ID to <literal>pam://$HOSTNAME</literal>.
|
||||
|
||||
When using <command>pamu2fcfg</command>, you can specify your
|
||||
application ID with the <literal>-i</literal> flag.
|
||||
|
||||
More information can be found <link
|
||||
xlink:href="https://developers.yubico.com/pam-u2f/Manuals/pam_u2f.8.html">
|
||||
here</link>
|
||||
'';
|
||||
};
|
||||
|
||||
control = mkOption {
|
||||
default = "sufficient";
|
||||
|
@ -834,61 +850,6 @@ in
|
|||
runuser-l = { rootOK = true; unixAuth = false; };
|
||||
};
|
||||
|
||||
security.apparmor.includes."abstractions/pam" = let
|
||||
isEnabled = test: fold or false (map test (attrValues config.security.pam.services));
|
||||
in ''
|
||||
${lib.concatMapStringsSep "\n"
|
||||
(name: "r ${config.environment.etc."pam.d/${name}".source},")
|
||||
(attrNames config.security.pam.services)}
|
||||
mr ${getLib pkgs.pam}/lib/security/pam_filter/*,
|
||||
mr ${getLib pkgs.pam}/lib/security/pam_*.so,
|
||||
r ${getLib pkgs.pam}/lib/security/,
|
||||
${optionalString use_ldap
|
||||
"mr ${pam_ldap}/lib/security/pam_ldap.so,"}
|
||||
${optionalString config.services.sssd.enable
|
||||
"mr ${pkgs.sssd}/lib/security/pam_sss.so,"}
|
||||
${optionalString config.krb5.enable ''
|
||||
mr ${pam_krb5}/lib/security/pam_krb5.so,
|
||||
mr ${pam_ccreds}/lib/security/pam_ccreds.so,
|
||||
''}
|
||||
${optionalString (isEnabled (cfg: cfg.googleOsLoginAccountVerification)) ''
|
||||
mr ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_login.so,
|
||||
mr ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_admin.so,
|
||||
''}
|
||||
${optionalString (isEnabled (cfg: cfg.googleOsLoginAuthentication))
|
||||
"mr ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_login.so,"}
|
||||
${optionalString (config.security.pam.enableSSHAgentAuth && isEnabled (cfg: cfg.sshAgentAuth))
|
||||
"mr ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so,"}
|
||||
${optionalString (isEnabled (cfg: cfg.fprintAuth))
|
||||
"mr ${pkgs.fprintd}/lib/security/pam_fprintd.so,"}
|
||||
${optionalString (isEnabled (cfg: cfg.u2fAuth))
|
||||
"mr ${pkgs.pam_u2f}/lib/security/pam_u2f.so,"}
|
||||
${optionalString (isEnabled (cfg: cfg.usbAuth))
|
||||
"mr ${pkgs.pam_usb}/lib/security/pam_usb.so,"}
|
||||
${optionalString (isEnabled (cfg: cfg.oathAuth))
|
||||
"mr ${pkgs.oathToolkit}/lib/security/pam_oath.so,"}
|
||||
${optionalString (isEnabled (cfg: cfg.yubicoAuth))
|
||||
"mr ${pkgs.yubico-pam}/lib/security/pam_yubico.so,"}
|
||||
${optionalString (isEnabled (cfg: cfg.duoSecurity.enable))
|
||||
"mr ${pkgs.duo-unix}/lib/security/pam_duo.so,"}
|
||||
${optionalString (isEnabled (cfg: cfg.otpwAuth))
|
||||
"mr ${pkgs.otpw}/lib/security/pam_otpw.so,"}
|
||||
${optionalString config.security.pam.enableEcryptfs
|
||||
"mr ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so,"}
|
||||
${optionalString (isEnabled (cfg: cfg.pamMount))
|
||||
"mr ${pkgs.pam_mount}/lib/security/pam_mount.so,"}
|
||||
${optionalString (isEnabled (cfg: cfg.enableGnomeKeyring))
|
||||
"mr ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so,"}
|
||||
${optionalString (isEnabled (cfg: cfg.startSession))
|
||||
"mr ${pkgs.systemd}/lib/security/pam_systemd.so,"}
|
||||
${optionalString (isEnabled (cfg: cfg.enableAppArmor) && config.security.apparmor.enable)
|
||||
"mr ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so,"}
|
||||
${optionalString (isEnabled (cfg: cfg.enableKwallet))
|
||||
"mr ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so,"}
|
||||
${optionalString config.virtualisation.lxc.lxcfs.enable
|
||||
"mr ${pkgs.lxc}/lib/security/pam_cgfs.so"}
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -179,14 +179,6 @@ in
|
|||
export PATH="${wrapperDir}:$PATH"
|
||||
'';
|
||||
|
||||
security.apparmor.includes."nixos/security.wrappers" = ''
|
||||
include "${pkgs.apparmorRulesFromClosure {} [
|
||||
securityWrapper
|
||||
pkgs.stdenv.cc.cc
|
||||
pkgs.stdenv.cc.libc
|
||||
]}"
|
||||
'';
|
||||
|
||||
###### setcap activation script
|
||||
system.activationScripts.wrappers =
|
||||
lib.stringAfter [ "specialfs" "users" ]
|
||||
|
|
|
@ -38,13 +38,18 @@ let
|
|||
cassandraYaml = builtins.toJSON cassandraConfigWithAddresses;
|
||||
cassandraEnvPkg = "${cfg.package}/conf/cassandra-env.sh";
|
||||
cassandraLogbackConfig = pkgs.writeText "logback.xml" cfg.logbackConfig;
|
||||
passAsFile = [ "extraEnvSh" ];
|
||||
inherit (cfg) extraEnvSh;
|
||||
buildCommand = ''
|
||||
mkdir -p "$out"
|
||||
|
||||
echo "$cassandraYaml" > "$out/cassandra.yaml"
|
||||
ln -s "$cassandraLogbackConfig" "$out/logback.xml"
|
||||
|
||||
cp "$cassandraEnvPkg" "$out/cassandra-env.sh"
|
||||
( cat "$cassandraEnvPkg"
|
||||
echo "# lines from services.cassandra.extraEnvSh: "
|
||||
cat "$extraEnvShPath"
|
||||
) > "$out/cassandra-env.sh"
|
||||
|
||||
# Delete default JMX Port, otherwise we can't set it using env variable
|
||||
sed -i '/JMX_PORT="7199"/d' "$out/cassandra-env.sh"
|
||||
|
@ -224,6 +229,14 @@ in {
|
|||
Extra options to be merged into cassandra.yaml as nix attribute set.
|
||||
'';
|
||||
};
|
||||
extraEnvSh = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
example = "CLASSPATH=$CLASSPATH:\${extraJar}";
|
||||
description = ''
|
||||
Extra shell lines to be appended onto cassandra-env.sh.
|
||||
'';
|
||||
};
|
||||
fullRepairInterval = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = "3w";
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.blackfire-agent;
|
||||
|
||||
agentConfigFile = lib.generators.toINI {} {
|
||||
blackfire = cfg.settings;
|
||||
};
|
||||
|
||||
agentSock = "blackfire/agent.sock";
|
||||
in {
|
||||
meta = {
|
||||
maintainers = pkgs.blackfire.meta.maintainers;
|
||||
doc = ./blackfire.xml;
|
||||
};
|
||||
|
||||
options = {
|
||||
services.blackfire-agent = {
|
||||
enable = lib.mkEnableOption "Blackfire profiler agent";
|
||||
settings = lib.mkOption {
|
||||
description = ''
|
||||
See https://blackfire.io/docs/configuration/agent
|
||||
'';
|
||||
type = lib.types.submodule {
|
||||
freeformType = with lib.types; attrsOf str;
|
||||
|
||||
options = {
|
||||
server-id = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
Sets the server id used to authenticate with Blackfire
|
||||
|
||||
You can find your personal server-id at https://blackfire.io/my/settings/credentials
|
||||
'';
|
||||
};
|
||||
|
||||
server-token = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
Sets the server token used to authenticate with Blackfire
|
||||
|
||||
You can find your personal server-token at https://blackfire.io/my/settings/credentials
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.etc."blackfire/agent".text = agentConfigFile;
|
||||
|
||||
services.blackfire-agent.settings.socket = "unix:///run/${agentSock}";
|
||||
|
||||
systemd.services.blackfire-agent = {
|
||||
description = "Blackfire agent";
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.blackfire}/bin/blackfire-agent";
|
||||
RuntimeDirectory = "blackfire";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,45 @@
|
|||
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="module-services-blackfire">
|
||||
<title>Blackfire profiler</title>
|
||||
<para>
|
||||
<emphasis>Source:</emphasis>
|
||||
<filename>modules/services/development/blackfire.nix</filename>
|
||||
</para>
|
||||
<para>
|
||||
<emphasis>Upstream documentation:</emphasis>
|
||||
<link xlink:href="https://blackfire.io/docs/introduction"/>
|
||||
</para>
|
||||
<para>
|
||||
<link xlink:href="https://blackfire.io">Blackfire</link> is a proprietary tool for profiling applications. There are several languages supported by the product but currently only PHP support is packaged in Nixpkgs. The back-end consists of a module that is loaded into the language runtime (called <firstterm>probe</firstterm>) and a service (<firstterm>agent</firstterm>) that the probe connects to and that sends the profiles to the server.
|
||||
</para>
|
||||
<para>
|
||||
To use it, you will need to enable the agent and the probe on your server. The exact method will depend on the way you use PHP but here is an example of NixOS configuration for PHP-FPM:
|
||||
<programlisting>let
|
||||
php = pkgs.php.withExtensions ({ enabled, all }: enabled ++ (with all; [
|
||||
blackfire
|
||||
]));
|
||||
in {
|
||||
# Enable the probe extension for PHP-FPM.
|
||||
services.phpfpm = {
|
||||
phpPackage = php;
|
||||
};
|
||||
|
||||
# Enable and configure the agent.
|
||||
services.blackfire-agent = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# You will need to get credentials at https://blackfire.io/my/settings/credentials
|
||||
# You can also use other options described in https://blackfire.io/docs/configuration/agent
|
||||
server-id = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX";
|
||||
server-token = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
|
||||
};
|
||||
};
|
||||
|
||||
# Make the agent run on start-up.
|
||||
# Alternately, you can start it manually with `systemctl start blackfire-agent`.
|
||||
systemd.services.blackfire-agent.wantedBy = [ "phpfpm-foo.service" ];
|
||||
}</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
On your developer machine, you will also want to install <link xlink:href="https://blackfire.io/docs/up-and-running/installation#install-a-profiling-client">the client</link> (see <package>blackfire</package> package) or the browser extension to actually trigger the profiling.
|
||||
</para>
|
||||
</chapter>
|
|
@ -6,37 +6,97 @@ let
|
|||
|
||||
gid = config.ids.gids.mediatomb;
|
||||
cfg = config.services.mediatomb;
|
||||
name = cfg.package.pname;
|
||||
pkg = cfg.package;
|
||||
optionYesNo = option: if option then "yes" else "no";
|
||||
# configuration on media directory
|
||||
mediaDirectory = {
|
||||
options = {
|
||||
path = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Absolute directory path to the media directory to index.
|
||||
'';
|
||||
};
|
||||
recursive = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether the indexation must take place recursively or not.";
|
||||
};
|
||||
hidden-files = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether to index the hidden files or not.";
|
||||
};
|
||||
};
|
||||
};
|
||||
toMediaDirectory = d: "<directory location=\"${d.path}\" mode=\"inotify\" recursive=\"${optionYesNo d.recursive}\" hidden-files=\"${optionYesNo d.hidden-files}\" />\n";
|
||||
|
||||
mtConf = pkgs.writeText "config.xml" ''
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<config version="2" xmlns="http://mediatomb.cc/config/2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://mediatomb.cc/config/2 http://mediatomb.cc/config/2.xsd">
|
||||
transcodingConfig = if cfg.transcoding then with pkgs; ''
|
||||
<transcoding enabled="yes">
|
||||
<mimetype-profile-mappings>
|
||||
<transcode mimetype="video/x-flv" using="vlcmpeg" />
|
||||
<transcode mimetype="application/ogg" using="vlcmpeg" />
|
||||
<transcode mimetype="audio/ogg" using="ogg2mp3" />
|
||||
<transcode mimetype="audio/x-flac" using="oggflac2raw"/>
|
||||
</mimetype-profile-mappings>
|
||||
<profiles>
|
||||
<profile name="ogg2mp3" enabled="no" type="external">
|
||||
<mimetype>audio/mpeg</mimetype>
|
||||
<accept-url>no</accept-url>
|
||||
<first-resource>yes</first-resource>
|
||||
<accept-ogg-theora>no</accept-ogg-theora>
|
||||
<agent command="${ffmpeg}/bin/ffmpeg" arguments="-y -i %in -f mp3 %out" />
|
||||
<buffer size="1048576" chunk-size="131072" fill-size="262144" />
|
||||
</profile>
|
||||
<profile name="vlcmpeg" enabled="no" type="external">
|
||||
<mimetype>video/mpeg</mimetype>
|
||||
<accept-url>yes</accept-url>
|
||||
<first-resource>yes</first-resource>
|
||||
<accept-ogg-theora>yes</accept-ogg-theora>
|
||||
<agent command="${libsForQt5.vlc}/bin/vlc"
|
||||
arguments="-I dummy %in --sout #transcode{venc=ffmpeg,vcodec=mp2v,vb=4096,fps=25,aenc=ffmpeg,acodec=mpga,ab=192,samplerate=44100,channels=2}:standard{access=file,mux=ps,dst=%out} vlc:quit" />
|
||||
<buffer size="14400000" chunk-size="512000" fill-size="120000" />
|
||||
</profile>
|
||||
</profiles>
|
||||
</transcoding>
|
||||
'' else ''
|
||||
<transcoding enabled="no">
|
||||
</transcoding>
|
||||
'';
|
||||
|
||||
configText = optionalString (! cfg.customCfg) ''
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<config version="2" xmlns="http://mediatomb.cc/config/2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://mediatomb.cc/config/2 http://mediatomb.cc/config/2.xsd">
|
||||
<server>
|
||||
<ui enabled="yes" show-tooltips="yes">
|
||||
<accounts enabled="no" session-timeout="30">
|
||||
<account user="mediatomb" password="mediatomb"/>
|
||||
<account user="${name}" password="${name}"/>
|
||||
</accounts>
|
||||
</ui>
|
||||
<name>${cfg.serverName}</name>
|
||||
<udn>uuid:${cfg.uuid}</udn>
|
||||
<home>${cfg.dataDir}</home>
|
||||
<webroot>${pkgs.mediatomb}/share/mediatomb/web</webroot>
|
||||
<interface>${cfg.interface}</interface>
|
||||
<webroot>${pkg}/share/${name}/web</webroot>
|
||||
<pc-directory upnp-hide="${optionYesNo cfg.pcDirectoryHide}"/>
|
||||
<storage>
|
||||
<sqlite3 enabled="yes">
|
||||
<database-file>mediatomb.db</database-file>
|
||||
<database-file>${name}.db</database-file>
|
||||
</sqlite3>
|
||||
</storage>
|
||||
<protocolInfo extend="${if cfg.ps3Support then "yes" else "no"}"/>
|
||||
${if cfg.dsmSupport then ''
|
||||
<protocolInfo extend="${optionYesNo cfg.ps3Support}"/>
|
||||
${optionalString cfg.dsmSupport ''
|
||||
<custom-http-headers>
|
||||
<add header="X-User-Agent: redsonic"/>
|
||||
</custom-http-headers>
|
||||
|
||||
<manufacturerURL>redsonic.com</manufacturerURL>
|
||||
<modelNumber>105</modelNumber>
|
||||
'' else ""}
|
||||
${if cfg.tg100Support then ''
|
||||
''}
|
||||
${optionalString cfg.tg100Support ''
|
||||
<upnp-string-limit>101</upnp-string-limit>
|
||||
'' else ""}
|
||||
''}
|
||||
<extended-runtime-options>
|
||||
<mark-played-items enabled="yes" suppress-cds-updates="yes">
|
||||
<string mode="prepend">*</string>
|
||||
|
@ -47,11 +107,14 @@ let
|
|||
</extended-runtime-options>
|
||||
</server>
|
||||
<import hidden-files="no">
|
||||
<autoscan use-inotify="auto">
|
||||
${concatMapStrings toMediaDirectory cfg.mediaDirectories}
|
||||
</autoscan>
|
||||
<scripting script-charset="UTF-8">
|
||||
<common-script>${pkgs.mediatomb}/share/mediatomb/js/common.js</common-script>
|
||||
<playlist-script>${pkgs.mediatomb}/share/mediatomb/js/playlists.js</playlist-script>
|
||||
<common-script>${pkg}/share/${name}/js/common.js</common-script>
|
||||
<playlist-script>${pkg}/share/${name}/js/playlists.js</playlist-script>
|
||||
<virtual-layout type="builtin">
|
||||
<import-script>${pkgs.mediatomb}/share/mediatomb/js/import.js</import-script>
|
||||
<import-script>${pkg}/share/${name}/js/import.js</import-script>
|
||||
</virtual-layout>
|
||||
</scripting>
|
||||
<mappings>
|
||||
|
@ -75,12 +138,12 @@ let
|
|||
<map from="flv" to="video/x-flv"/>
|
||||
<map from="mkv" to="video/x-matroska"/>
|
||||
<map from="mka" to="audio/x-matroska"/>
|
||||
${if cfg.ps3Support then ''
|
||||
${optionalString cfg.ps3Support ''
|
||||
<map from="avi" to="video/divx"/>
|
||||
'' else ""}
|
||||
${if cfg.dsmSupport then ''
|
||||
''}
|
||||
${optionalString cfg.dsmSupport ''
|
||||
<map from="avi" to="video/avi"/>
|
||||
'' else ""}
|
||||
''}
|
||||
</extension-mimetype>
|
||||
<mimetype-upnpclass>
|
||||
<map from="audio/*" to="object.item.audioItem.musicTrack"/>
|
||||
|
@ -108,46 +171,27 @@ let
|
|||
</mappings>
|
||||
<online-content>
|
||||
<YouTube enabled="no" refresh="28800" update-at-start="no" purge-after="604800" racy-content="exclude" format="mp4" hd="no">
|
||||
<favorites user="mediatomb"/>
|
||||
<favorites user="${name}"/>
|
||||
<standardfeed feed="most_viewed" time-range="today"/>
|
||||
<playlists user="mediatomb"/>
|
||||
<uploads user="mediatomb"/>
|
||||
<playlists user="${name}"/>
|
||||
<uploads user="${name}"/>
|
||||
<standardfeed feed="recently_featured" time-range="today"/>
|
||||
</YouTube>
|
||||
</online-content>
|
||||
</import>
|
||||
<transcoding enabled="${if cfg.transcoding then "yes" else "no"}">
|
||||
<mimetype-profile-mappings>
|
||||
<transcode mimetype="video/x-flv" using="vlcmpeg"/>
|
||||
<transcode mimetype="application/ogg" using="vlcmpeg"/>
|
||||
<transcode mimetype="application/ogg" using="oggflac2raw"/>
|
||||
<transcode mimetype="audio/x-flac" using="oggflac2raw"/>
|
||||
</mimetype-profile-mappings>
|
||||
<profiles>
|
||||
<profile name="oggflac2raw" enabled="no" type="external">
|
||||
<mimetype>audio/L16</mimetype>
|
||||
<accept-url>no</accept-url>
|
||||
<first-resource>yes</first-resource>
|
||||
<accept-ogg-theora>no</accept-ogg-theora>
|
||||
<agent command="ogg123" arguments="-d raw -o byteorder:big -f %out %in"/>
|
||||
<buffer size="1048576" chunk-size="131072" fill-size="262144"/>
|
||||
</profile>
|
||||
<profile name="vlcmpeg" enabled="no" type="external">
|
||||
<mimetype>video/mpeg</mimetype>
|
||||
<accept-url>yes</accept-url>
|
||||
<first-resource>yes</first-resource>
|
||||
<accept-ogg-theora>yes</accept-ogg-theora>
|
||||
<agent command="vlc" arguments="-I dummy %in --sout #transcode{venc=ffmpeg,vcodec=mp2v,vb=4096,fps=25,aenc=ffmpeg,acodec=mpga,ab=192,samplerate=44100,channels=2}:standard{access=file,mux=ps,dst=%out} vlc:quit"/>
|
||||
<buffer size="14400000" chunk-size="512000" fill-size="120000"/>
|
||||
</profile>
|
||||
</profiles>
|
||||
</transcoding>
|
||||
${transcodingConfig}
|
||||
</config>
|
||||
'';
|
||||
'';
|
||||
defaultFirewallRules = {
|
||||
# udp 1900 port needs to be opened for SSDP (not configurable within
|
||||
# mediatomb/gerbera) cf.
|
||||
# http://docs.gerbera.io/en/latest/run.html?highlight=udp%20port#network-setup
|
||||
allowedUDPPorts = [ 1900 cfg.port ];
|
||||
allowedTCPPorts = [ cfg.port ];
|
||||
};
|
||||
|
||||
in {
|
||||
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
@ -158,18 +202,27 @@ in {
|
|||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable the mediatomb DLNA server.
|
||||
Whether to enable the Gerbera/Mediatomb DLNA server.
|
||||
'';
|
||||
};
|
||||
|
||||
serverName = mkOption {
|
||||
type = types.str;
|
||||
default = "mediatomb";
|
||||
default = "Gerbera (Mediatomb)";
|
||||
description = ''
|
||||
How to identify the server on the network.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
example = literalExample "pkgs.mediatomb";
|
||||
default = pkgs.gerbera;
|
||||
description = ''
|
||||
Underlying package to be used with the module (default: pkgs.gerbera).
|
||||
'';
|
||||
};
|
||||
|
||||
ps3Support = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
|
@ -206,23 +259,34 @@ in {
|
|||
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/mediatomb";
|
||||
default = "/var/lib/${name}";
|
||||
description = ''
|
||||
The directory where mediatomb stores its state, data, etc.
|
||||
The directory where Gerbera/Mediatomb stores its state, data, etc.
|
||||
'';
|
||||
};
|
||||
|
||||
pcDirectoryHide = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to list the top-level directory or not (from upnp client standpoint).
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "mediatomb";
|
||||
description = "User account under which mediatomb runs.";
|
||||
description = "User account under which ${name} runs.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "mediatomb";
|
||||
description = "Group account under which mediatomb runs.";
|
||||
description = "Group account under which ${name} runs.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 49152;
|
||||
description = ''
|
||||
The network port to listen on.
|
||||
|
@ -230,40 +294,76 @@ in {
|
|||
};
|
||||
|
||||
interface = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
A specific interface to bind to.
|
||||
'';
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
If false (the default), this is up to the user to declare the firewall rules.
|
||||
If true, this opens port 1900 (tcp and udp) and the port specified by
|
||||
<option>sercvices.mediatomb.port</option>.
|
||||
|
||||
If the option <option>services.mediatomb.interface</option> is set,
|
||||
the firewall rules opened are dedicated to that interface. Otherwise,
|
||||
those rules are opened globally.
|
||||
'';
|
||||
};
|
||||
|
||||
uuid = mkOption {
|
||||
type = types.str;
|
||||
default = "fdfc8a4e-a3ad-4c1d-b43d-a2eedb03a687";
|
||||
description = ''
|
||||
A unique (on your network) to identify the server by.
|
||||
'';
|
||||
};
|
||||
|
||||
mediaDirectories = mkOption {
|
||||
type = with types; listOf (submodule mediaDirectory);
|
||||
default = {};
|
||||
description = ''
|
||||
Declare media directories to index.
|
||||
'';
|
||||
example = [
|
||||
{ path = "/data/pictures"; recursive = false; hidden-files = false; }
|
||||
{ path = "/data/audio"; recursive = true; hidden-files = false; }
|
||||
];
|
||||
};
|
||||
|
||||
customCfg = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Allow mediatomb to create and use its own config file inside ${cfg.dataDir}.
|
||||
Allow ${name} to create and use its own config file inside the <literal>dataDir</literal> as
|
||||
configured by <option>services.mediatomb.dataDir</option>.
|
||||
Deactivated by default, the service then runs with the configuration generated from this module.
|
||||
Otherwise, when enabled, no service configuration is generated. Gerbera/Mediatomb then starts using
|
||||
config.xml within the configured <literal>dataDir</literal>. It's up to the user to make a correct
|
||||
configuration file.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = let binaryCommand = "${pkg}/bin/${name}";
|
||||
interfaceFlag = optionalString ( cfg.interface != "") "--interface ${cfg.interface}";
|
||||
configFlag = optionalString (! cfg.customCfg) "--config ${pkgs.writeText "config.xml" configText}";
|
||||
in mkIf cfg.enable {
|
||||
systemd.services.mediatomb = {
|
||||
description = "MediaTomb media Server";
|
||||
description = "${cfg.serverName} media Server";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.mediatomb ];
|
||||
serviceConfig.ExecStart = "${pkgs.mediatomb}/bin/mediatomb -p ${toString cfg.port} ${if cfg.interface!="" then "-e ${cfg.interface}" else ""} ${if cfg.customCfg then "" else "-c ${mtConf}"} -m ${cfg.dataDir}";
|
||||
serviceConfig.User = "${cfg.user}";
|
||||
serviceConfig.ExecStart = "${binaryCommand} --port ${toString cfg.port} ${interfaceFlag} ${configFlag} --home ${cfg.dataDir}";
|
||||
serviceConfig.User = cfg.user;
|
||||
};
|
||||
|
||||
users.groups = optionalAttrs (cfg.group == "mediatomb") {
|
||||
|
@ -274,15 +374,18 @@ in {
|
|||
mediatomb = {
|
||||
isSystemUser = true;
|
||||
group = cfg.group;
|
||||
home = "${cfg.dataDir}";
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
description = "Mediatomb DLNA Server User";
|
||||
description = "${name} DLNA Server User";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 1900 cfg.port ];
|
||||
allowedTCPPorts = [ cfg.port ];
|
||||
};
|
||||
# Open firewall only if users enable it
|
||||
networking.firewall = mkMerge [
|
||||
(mkIf (cfg.openFirewall && cfg.interface != "") {
|
||||
interfaces."${cfg.interface}" = defaultFirewallRules;
|
||||
})
|
||||
(mkIf (cfg.openFirewall && cfg.interface == "") defaultFirewallRules)
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -241,6 +241,34 @@ in
|
|||
default = "";
|
||||
description = "Extra configuration to put into murmur.ini.";
|
||||
};
|
||||
|
||||
environmentFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/var/lib/murmur/murmurd.env";
|
||||
description = ''
|
||||
Environment file as defined in <citerefentry>
|
||||
<refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry>.
|
||||
|
||||
Secrets may be passed to the service without adding them to the world-readable
|
||||
Nix store, by specifying placeholder variables as the option value in Nix and
|
||||
setting these variables accordingly in the environment file.
|
||||
|
||||
<programlisting>
|
||||
# snippet of murmur-related config
|
||||
services.murmur.password = "$MURMURD_PASSWORD";
|
||||
</programlisting>
|
||||
|
||||
<programlisting>
|
||||
# content of the environment file
|
||||
MURMURD_PASSWORD=verysecretpassword
|
||||
</programlisting>
|
||||
|
||||
Note that this file needs to be available on the host on which
|
||||
<literal>murmur</literal> is running.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -256,14 +284,22 @@ in
|
|||
description = "Murmur Chat Service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target "];
|
||||
preStart = ''
|
||||
${pkgs.envsubst}/bin/envsubst \
|
||||
-o /run/murmur/murmurd.ini \
|
||||
-i ${configFile}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
# murmurd doesn't fork when logging to the console.
|
||||
Type = if forking then "forking" else "simple";
|
||||
PIDFile = mkIf forking "/run/murmur/murmurd.pid";
|
||||
RuntimeDirectory = mkIf forking "murmur";
|
||||
User = "murmur";
|
||||
ExecStart = "${pkgs.murmur}/bin/murmurd -ini ${configFile}";
|
||||
Type = if forking then "forking" else "simple";
|
||||
PIDFile = mkIf forking "/run/murmur/murmurd.pid";
|
||||
EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile;
|
||||
ExecStart = "${pkgs.murmur}/bin/murmurd -ini /run/murmur/murmurd.ini";
|
||||
Restart = "always";
|
||||
RuntimeDirectory = "murmur";
|
||||
RuntimeDirectoryMode = "0700";
|
||||
User = "murmur";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -5,7 +5,7 @@ with lib;
|
|||
let
|
||||
cfg = config.services.transmission;
|
||||
inherit (config.environment) etc;
|
||||
apparmor = config.security.apparmor;
|
||||
apparmor = config.security.apparmor.enable;
|
||||
rootDir = "/run/transmission";
|
||||
homeDir = "/var/lib/transmission";
|
||||
settingsDir = ".config/transmission-daemon";
|
||||
|
@ -184,8 +184,8 @@ in
|
|||
|
||||
systemd.services.transmission = {
|
||||
description = "Transmission BitTorrent Service";
|
||||
after = [ "network.target" ] ++ optional apparmor.enable "apparmor.service";
|
||||
requires = optional apparmor.enable "apparmor.service";
|
||||
after = [ "network.target" ] ++ optional apparmor "apparmor.service";
|
||||
requires = optional apparmor "apparmor.service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment.CURL_CA_BUNDLE = etc."ssl/certs/ca-certificates.crt".source;
|
||||
|
||||
|
@ -357,21 +357,61 @@ in
|
|||
})
|
||||
];
|
||||
|
||||
security.apparmor.policies."bin.transmission-daemon".profile = ''
|
||||
security.apparmor.profiles = mkIf apparmor [
|
||||
(pkgs.writeText "apparmor-transmission-daemon" ''
|
||||
include <tunables/global>
|
||||
|
||||
${pkgs.transmission}/bin/transmission-daemon {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice>
|
||||
include <abstractions/ssl_certs>
|
||||
include "${pkgs.apparmorRulesFromClosure {} [pkgs.transmission]}"
|
||||
include <local/bin.transmission-daemon>
|
||||
|
||||
# NOTE: https://github.com/NixOS/nixpkgs/pull/93457
|
||||
# will remove the need for these by fixing <abstractions/base>
|
||||
r ${etc."hosts".source},
|
||||
r /etc/ld-nix.so.preload,
|
||||
${lib.optionalString (builtins.hasAttr "ld-nix.so.preload" etc) ''
|
||||
r ${etc."ld-nix.so.preload".source},
|
||||
${concatMapStrings (p: optionalString (p != "") ("mr ${p},\n"))
|
||||
(splitString "\n" config.environment.etc."ld-nix.so.preload".text)}
|
||||
''}
|
||||
r ${etc."ssl/certs/ca-certificates.crt".source},
|
||||
r ${pkgs.tzdata}/share/zoneinfo/**,
|
||||
r ${pkgs.stdenv.cc.libc}/share/i18n/**,
|
||||
r ${pkgs.stdenv.cc.libc}/share/locale/**,
|
||||
|
||||
mr ${getLib pkgs.stdenv.cc.cc}/lib/*.so*,
|
||||
mr ${getLib pkgs.stdenv.cc.libc}/lib/*.so*,
|
||||
mr ${getLib pkgs.attr}/lib/libattr*.so*,
|
||||
mr ${getLib pkgs.c-ares}/lib/libcares*.so*,
|
||||
mr ${getLib pkgs.curl}/lib/libcurl*.so*,
|
||||
mr ${getLib pkgs.keyutils}/lib/libkeyutils*.so*,
|
||||
mr ${getLib pkgs.libcap}/lib/libcap*.so*,
|
||||
mr ${getLib pkgs.libevent}/lib/libevent*.so*,
|
||||
mr ${getLib pkgs.libgcrypt}/lib/libgcrypt*.so*,
|
||||
mr ${getLib pkgs.libgpgerror}/lib/libgpg-error*.so*,
|
||||
mr ${getLib pkgs.libkrb5}/lib/lib*.so*,
|
||||
mr ${getLib pkgs.libssh2}/lib/libssh2*.so*,
|
||||
mr ${getLib pkgs.lz4}/lib/liblz4*.so*,
|
||||
mr ${getLib pkgs.nghttp2}/lib/libnghttp2*.so*,
|
||||
mr ${getLib pkgs.openssl}/lib/libcrypto*.so*,
|
||||
mr ${getLib pkgs.openssl}/lib/libssl*.so*,
|
||||
mr ${getLib pkgs.systemd}/lib/libsystemd*.so*,
|
||||
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so*,
|
||||
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so*,
|
||||
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so*,
|
||||
mr ${getLib pkgs.xz}/lib/liblzma*.so*,
|
||||
mr ${getLib pkgs.zlib}/lib/libz*.so*,
|
||||
|
||||
r @{PROC}/sys/kernel/random/uuid,
|
||||
r @{PROC}/sys/vm/overcommit_memory,
|
||||
r @{PROC}/@{pid}/environ,
|
||||
# @{pid} is not a kernel variable yet but a regexp
|
||||
#r @{PROC}/@{pid}/environ,
|
||||
r @{PROC}/@{pid}/mounts,
|
||||
rwk /tmp/tr_session_id_*,
|
||||
|
||||
r ${pkgs.openssl.out}/etc/**,
|
||||
r ${config.systemd.services.transmission.environment.CURL_CA_BUNDLE},
|
||||
r ${pkgs.transmission}/share/transmission/**,
|
||||
|
||||
owner rw ${cfg.home}/${settingsDir}/**,
|
||||
rw ${cfg.settings.download-dir}/**,
|
||||
|
@ -399,9 +439,12 @@ in
|
|||
# https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorStacking#seccomp-and-no_new_privs
|
||||
px ${cfg.settings.script-torrent-done-filename} -> &@{dirs},
|
||||
''}
|
||||
|
||||
# FIXME: enable customizing using https://github.com/NixOS/nixpkgs/pull/93457
|
||||
# include <local/transmission-daemon>
|
||||
}
|
||||
'';
|
||||
security.apparmor.includes."local/bin.transmission-daemon" = "";
|
||||
'')
|
||||
];
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ julm ];
|
||||
|
|
|
@ -85,7 +85,7 @@ in {
|
|||
package = mkOption {
|
||||
type = types.package;
|
||||
description = "Which package to use for the Nextcloud instance.";
|
||||
relatedPackages = [ "nextcloud18" "nextcloud19" ];
|
||||
relatedPackages = [ "nextcloud18" "nextcloud19" "nextcloud20" ];
|
||||
};
|
||||
|
||||
maxUploadSize = mkOption {
|
||||
|
@ -330,37 +330,28 @@ in {
|
|||
}
|
||||
];
|
||||
|
||||
warnings = []
|
||||
++ (optional (cfg.poolConfig != null) ''
|
||||
warnings = let
|
||||
latest = 20;
|
||||
upgradeWarning = major: nixos:
|
||||
''
|
||||
A legacy Nextcloud install (from before NixOS ${nixos}) may be installed.
|
||||
|
||||
After nextcloud${toString major} is installed successfully, you can safely upgrade
|
||||
to ${toString (major + 1)}. The latest version available is nextcloud${toString latest}.
|
||||
|
||||
Please note that Nextcloud doesn't support upgrades across multiple major versions
|
||||
(i.e. an upgrade from 16 is possible to 17, but not 16 to 18).
|
||||
|
||||
The package can be upgraded by explicitly declaring the service-option
|
||||
`services.nextcloud.package`.
|
||||
'';
|
||||
in (optional (cfg.poolConfig != null) ''
|
||||
Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release.
|
||||
Please migrate your configuration to config.services.nextcloud.poolSettings.
|
||||
'')
|
||||
++ (optional (versionOlder cfg.package.version "18") ''
|
||||
A legacy Nextcloud install (from before NixOS 20.03) may be installed.
|
||||
|
||||
You're currently deploying an older version of Nextcloud. This may be needed
|
||||
since Nextcloud doesn't allow major version upgrades that skip multiple
|
||||
versions (i.e. an upgrade from 16 is possible to 17, but not 16 to 18).
|
||||
|
||||
It is assumed that Nextcloud will be upgraded from version 16 to 17.
|
||||
|
||||
* If this is a fresh install, there will be no upgrade to do now.
|
||||
|
||||
* If this server already had Nextcloud installed, first deploy this to your
|
||||
server, and wait until the upgrade to 17 is finished.
|
||||
|
||||
Then, set `services.nextcloud.package` to `pkgs.nextcloud18` to upgrade to
|
||||
Nextcloud version 18. Please note that Nextcloud 19 is already out and it's
|
||||
recommended to upgrade to nextcloud19 after that.
|
||||
'')
|
||||
++ (optional (versionOlder cfg.package.version "19") ''
|
||||
A legacy Nextcloud install (from before NixOS 20.09) may be installed.
|
||||
|
||||
If/After nextcloud18 is installed successfully, you can safely upgrade to
|
||||
nextcloud19. If not, please upgrade to nextcloud18 first since Nextcloud doesn't
|
||||
support upgrades that skip multiple versions (i.e. an upgrade from 17 to 19 isn't
|
||||
possible, but an upgrade from 18 to 19).
|
||||
'');
|
||||
++ (optional (versionOlder cfg.package.version "18") (upgradeWarning 17 "20.03"))
|
||||
++ (optional (versionOlder cfg.package.version "19") (upgradeWarning 18 "20.09"))
|
||||
++ (optional (versionOlder cfg.package.version "20") (upgradeWarning 19 "21.03"));
|
||||
|
||||
services.nextcloud.package = with pkgs;
|
||||
mkDefault (
|
||||
|
@ -372,7 +363,8 @@ in {
|
|||
''
|
||||
else if versionOlder stateVersion "20.03" then nextcloud17
|
||||
else if versionOlder stateVersion "20.09" then nextcloud18
|
||||
else nextcloud19
|
||||
else if versionOlder stateVersion "21.03" then nextcloud19
|
||||
else nextcloud20
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -435,7 +427,7 @@ in {
|
|||
then ''"$(<"${toString c.dbpassFile}")"''
|
||||
else if c.dbpass != null
|
||||
then ''"${toString c.dbpass}"''
|
||||
else null;
|
||||
else ''""'';
|
||||
adminpass = if c.adminpassFile != null
|
||||
then ''"$(<"${toString c.adminpassFile}")"''
|
||||
else ''"${toString c.adminpass}"'';
|
||||
|
@ -449,8 +441,7 @@ in {
|
|||
${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"'';
|
||||
${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"'';
|
||||
${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"'';
|
||||
${if (any (x: x != null) [c.dbpass c.dbpassFile])
|
||||
then "--database-pass" else null} = dbpass;
|
||||
"--database-pass" = dbpass;
|
||||
${if c.dbtableprefix != null
|
||||
then "--database-table-prefix" else null} = ''"${toString c.dbtableprefix}"'';
|
||||
"--admin-user" = ''"${c.adminuser}"'';
|
||||
|
@ -543,9 +534,9 @@ in {
|
|||
|
||||
services.nginx.enable = mkDefault true;
|
||||
|
||||
# FIXME(ma27) make sure that the config works fine with Nextcloud 19
|
||||
# *and* Nextcloud 20 as soon as it gets released.
|
||||
services.nginx.virtualHosts.${cfg.hostName} = {
|
||||
services.nginx.virtualHosts.${cfg.hostName} = let
|
||||
major = toInt (versions.major cfg.package.version);
|
||||
in {
|
||||
root = cfg.package;
|
||||
locations = {
|
||||
"= /robots.txt" = {
|
||||
|
@ -558,7 +549,9 @@ in {
|
|||
};
|
||||
"/" = {
|
||||
priority = 900;
|
||||
extraConfig = "rewrite ^ /index.php;";
|
||||
extraConfig = if major < 20
|
||||
then "rewrite ^ /index.php;"
|
||||
else "try_files $uri $uri/ /index.php$request_uri;";
|
||||
};
|
||||
"~ ^/store-apps" = {
|
||||
priority = 201;
|
||||
|
@ -582,7 +575,7 @@ in {
|
|||
"~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)".extraConfig = ''
|
||||
return 404;
|
||||
'';
|
||||
"~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[ms]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)" = {
|
||||
${if major < 20 then "~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[ms]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)" else "~ \\.php(?:$|/)"} = {
|
||||
priority = 500;
|
||||
extraConfig = ''
|
||||
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
||||
|
@ -600,20 +593,19 @@ in {
|
|||
fastcgi_read_timeout 120s;
|
||||
'';
|
||||
};
|
||||
"~ \\.(?:css|js|svg|gif|map)$".extraConfig = ''
|
||||
"~ \\.(?:css|js|woff2?|svg|gif|map)$".extraConfig = ''
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 6M;
|
||||
access_log off;
|
||||
'';
|
||||
"~ \\.woff2?$".extraConfig = ''
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 7d;
|
||||
access_log off;
|
||||
'';
|
||||
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
'';
|
||||
"~ \\.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$".extraConfig = ''
|
||||
try_files $uri /index.php$request_uri;
|
||||
access_log off;
|
||||
'';
|
||||
};
|
||||
extraConfig = ''
|
||||
index index.php index.html /index.php$request_uri;
|
||||
|
|
|
@ -53,6 +53,8 @@ let
|
|||
|
||||
flashbackEnabled = cfg.flashback.enableMetacity || length cfg.flashback.customSessions > 0;
|
||||
|
||||
notExcluded = pkg: mkDefault (!(lib.elem pkg config.environment.gnome3.excludePackages));
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -68,6 +70,38 @@ in
|
|||
core-shell.enable = mkEnableOption "GNOME Shell services";
|
||||
core-utilities.enable = mkEnableOption "GNOME core utilities";
|
||||
games.enable = mkEnableOption "GNOME games";
|
||||
|
||||
experimental-features = {
|
||||
realtime-scheduling = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Makes mutter (which propagates to gnome-shell) request a low priority real-time
|
||||
scheduling which is only available on the wayland session.
|
||||
To enable this experimental feature it requires a restart of the compositor.
|
||||
Note that enabling this option only enables the <emphasis>capability</emphasis>
|
||||
for realtime-scheduling to be used. It doesn't automatically set the gsetting
|
||||
so that mutter actually uses realtime-scheduling. This would require adding <literal>
|
||||
rt-scheduler</literal> to <literal>/org/gnome/mutter/experimental-features</literal>
|
||||
with dconf-editor. You cannot use extraGSettingsOverrides because that will only
|
||||
change the default value of the setting.
|
||||
|
||||
Please be aware of these known issues with the feature in nixos:
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/90201">NixOS/nixpkgs#90201</link>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/86730">NixOS/nixpkgs#86730</link>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.xserver.desktopManager.gnome3 = {
|
||||
|
@ -289,26 +323,6 @@ in
|
|||
source-sans-pro
|
||||
];
|
||||
|
||||
## Enable soft realtime scheduling, only supported on wayland ##
|
||||
|
||||
security.wrappers.".gnome-shell-wrapped" = {
|
||||
source = "${pkgs.gnome3.gnome-shell}/bin/.gnome-shell-wrapped";
|
||||
capabilities = "cap_sys_nice=ep";
|
||||
};
|
||||
|
||||
systemd.user.services.gnome-shell-wayland = let
|
||||
gnomeShellRT = with pkgs.gnome3; pkgs.runCommand "gnome-shell-rt" {} ''
|
||||
mkdir -p $out/bin/
|
||||
cp ${gnome-shell}/bin/gnome-shell $out/bin
|
||||
sed -i "s@${gnome-shell}/bin/@${config.security.wrapperDir}/@" $out/bin/gnome-shell
|
||||
'';
|
||||
in {
|
||||
# Note we need to clear ExecStart before overriding it
|
||||
serviceConfig.ExecStart = ["" "${gnomeShellRT}/bin/gnome-shell"];
|
||||
# Do not use the default environment, it provides a broken PATH
|
||||
environment = mkForce {};
|
||||
};
|
||||
|
||||
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-36/elements/core/meta-gnome-core-shell.bst
|
||||
environment.systemPackages = with pkgs.gnome3; [
|
||||
adwaita-icon-theme
|
||||
|
@ -333,6 +347,27 @@ in
|
|||
];
|
||||
})
|
||||
|
||||
# Enable soft realtime scheduling, only supported on wayland
|
||||
(mkIf serviceCfg.experimental-features.realtime-scheduling {
|
||||
security.wrappers.".gnome-shell-wrapped" = {
|
||||
source = "${pkgs.gnome3.gnome-shell}/bin/.gnome-shell-wrapped";
|
||||
capabilities = "cap_sys_nice=ep";
|
||||
};
|
||||
|
||||
systemd.user.services.gnome-shell-wayland = let
|
||||
gnomeShellRT = with pkgs.gnome3; pkgs.runCommand "gnome-shell-rt" {} ''
|
||||
mkdir -p $out/bin/
|
||||
cp ${gnome-shell}/bin/gnome-shell $out/bin
|
||||
sed -i "s@${gnome-shell}/bin/@${config.security.wrapperDir}/@" $out/bin/gnome-shell
|
||||
'';
|
||||
in {
|
||||
# Note we need to clear ExecStart before overriding it
|
||||
serviceConfig.ExecStart = ["" "${gnomeShellRT}/bin/gnome-shell"];
|
||||
# Do not use the default environment, it provides a broken PATH
|
||||
environment = mkForce {};
|
||||
};
|
||||
})
|
||||
|
||||
# Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/gnome-3-36/elements/core/meta-gnome-core-utilities.bst
|
||||
(mkIf serviceCfg.core-utilities.enable {
|
||||
environment.systemPackages = (with pkgs.gnome3; removePackagesByName [
|
||||
|
@ -363,6 +398,18 @@ in
|
|||
/* gnome-boxes */
|
||||
] config.environment.gnome3.excludePackages);
|
||||
|
||||
# Enable default program modules
|
||||
# Since some of these have a corresponding package, we only
|
||||
# enable that program module if the package hasn't been excluded
|
||||
# through `environment.gnome3.excludePackages`
|
||||
programs.evince.enable = notExcluded pkgs.gnome3.evince;
|
||||
programs.file-roller.enable = notExcluded pkgs.gnome3.file-roller;
|
||||
programs.geary.enable = notExcluded pkgs.gnome3.geary;
|
||||
programs.gnome-disks.enable = notExcluded pkgs.gnome3.gnome-disk-utility;
|
||||
programs.gnome-terminal.enable = notExcluded pkgs.gnome3.gnome-terminal;
|
||||
programs.seahorse.enable = notExcluded pkgs.gnome3.seahorse;
|
||||
services.gnome3.sushi.enable = notExcluded pkgs.gnome3.sushi;
|
||||
|
||||
# Let nautilus find extensions
|
||||
# TODO: Create nautilus-with-extensions package
|
||||
environment.sessionVariables.NAUTILUS_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-3.0";
|
||||
|
@ -375,25 +422,6 @@ in
|
|||
];
|
||||
})
|
||||
|
||||
# Enable default program modules
|
||||
# Since some of these have a corresponding package, we only
|
||||
# enable that program module if the package hasn't been excluded
|
||||
# through `environment.gnome3.excludePackages`
|
||||
(
|
||||
let
|
||||
notExcluded = pkg: mkDefault (!(lib.elem pkg config.environment.gnome3.excludePackages));
|
||||
in
|
||||
with pkgs.gnome3;
|
||||
{
|
||||
programs.evince.enable = notExcluded evince;
|
||||
programs.file-roller.enable = notExcluded file-roller;
|
||||
programs.geary.enable = notExcluded geary;
|
||||
programs.gnome-disks.enable = notExcluded gnome-disk-utility;
|
||||
programs.gnome-terminal.enable = notExcluded gnome-terminal;
|
||||
programs.seahorse.enable = notExcluded seahorse;
|
||||
services.gnome3.sushi.enable = notExcluded sushi;
|
||||
})
|
||||
|
||||
(mkIf serviceCfg.games.enable {
|
||||
environment.systemPackages = (with pkgs.gnome3; removePackagesByName [
|
||||
aisleriot atomix five-or-more four-in-a-row gnome-chess gnome-klotski
|
||||
|
|
|
@ -274,6 +274,7 @@ in
|
|||
plasma-browser-integration
|
||||
plasma-integration
|
||||
polkit-kde-agent
|
||||
spectacle
|
||||
systemsettings
|
||||
|
||||
plasma-desktop
|
||||
|
|
|
@ -1090,21 +1090,6 @@ in
|
|||
} else {
|
||||
ping.source = "${pkgs.iputils.out}/bin/ping";
|
||||
};
|
||||
security.apparmor.policies."bin.ping".profile = lib.mkIf config.security.apparmor.policies."bin.ping".enable (lib.mkAfter ''
|
||||
/run/wrappers/bin/ping {
|
||||
include <abstractions/base>
|
||||
include <nixos/security.wrappers>
|
||||
rpx /run/wrappers/wrappers.*/ping,
|
||||
}
|
||||
/run/wrappers/wrappers.*/ping {
|
||||
include <abstractions/base>
|
||||
include <nixos/security.wrappers>
|
||||
r /run/wrappers/wrappers.*/ping.real,
|
||||
mrpx ${config.security.wrappers.ping.source},
|
||||
capability net_raw,
|
||||
capability setpcap,
|
||||
}
|
||||
'');
|
||||
|
||||
# Set the host and domain names in the activation script. Don't
|
||||
# clear it if it's not configured in the NixOS configuration,
|
||||
|
|
|
@ -74,13 +74,9 @@ in
|
|||
systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];
|
||||
|
||||
security.apparmor.packages = [ pkgs.lxc ];
|
||||
security.apparmor.policies = {
|
||||
"bin.lxc-start".profile = ''
|
||||
include ${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start
|
||||
'';
|
||||
"lxc-containers".profile = ''
|
||||
include ${pkgs.lxc}/etc/apparmor.d/lxc-containers
|
||||
'';
|
||||
};
|
||||
security.apparmor.profiles = [
|
||||
"${pkgs.lxc}/etc/apparmor.d/lxc-containers"
|
||||
"${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -93,15 +93,11 @@ in
|
|||
|
||||
security.apparmor = {
|
||||
enable = true;
|
||||
profiles = [
|
||||
"${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start"
|
||||
"${cfg.lxcPackage}/etc/apparmor.d/lxc-containers"
|
||||
];
|
||||
packages = [ cfg.lxcPackage ];
|
||||
policies = {
|
||||
"bin.lxc-start".profile = ''
|
||||
include ${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start
|
||||
'';
|
||||
"lxc-containers".profile = ''
|
||||
include ${cfg.lxcPackage}/etc/apparmor.d/lxc-containers
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.lxd = {
|
||||
|
|
|
@ -44,6 +44,7 @@ in
|
|||
caddy = handleTest ./caddy.nix {};
|
||||
cadvisor = handleTestOn ["x86_64-linux"] ./cadvisor.nix {};
|
||||
cage = handleTest ./cage.nix {};
|
||||
cagebreak = handleTest ./cagebreak.nix {};
|
||||
cassandra = handleTest ./cassandra.nix {};
|
||||
ceph-single-node = handleTestOn ["x86_64-linux"] ./ceph-single-node.nix {};
|
||||
ceph-multi-node = handleTestOn ["x86_64-linux"] ./ceph-multi-node.nix {};
|
||||
|
|
|
@ -0,0 +1,98 @@
|
|||
import ./make-test-python.nix ({ pkgs, lib, ...} :
|
||||
|
||||
let
|
||||
cagebreakConfigfile = pkgs.writeText "config" ''
|
||||
workspaces 1
|
||||
escape C-t
|
||||
bind t exec env DISPLAY=:0 ${pkgs.xterm}/bin/xterm -cm -pc
|
||||
bind a exec ${pkgs.alacritty}/bin/alacritty
|
||||
'';
|
||||
in
|
||||
{
|
||||
name = "cagebreak";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ berbiche ];
|
||||
};
|
||||
|
||||
machine = { config, ... }:
|
||||
let
|
||||
alice = config.users.users.alice;
|
||||
in {
|
||||
imports = [ ./common/user-account.nix ];
|
||||
|
||||
environment.systemPackages = [ pkgs.cagebreak ];
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
displayManager.autoLogin = {
|
||||
enable = true;
|
||||
user = alice.name;
|
||||
};
|
||||
};
|
||||
services.xserver.windowManager.session = lib.singleton {
|
||||
manage = "desktop";
|
||||
name = "cagebreak";
|
||||
start = ''
|
||||
export XDG_RUNTIME_DIR=/run/user/${toString alice.uid}
|
||||
${pkgs.cagebreak}/bin/cagebreak &
|
||||
waitPID=$!
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.setupCagebreakConfig = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "multi-user.target" ];
|
||||
environment = {
|
||||
HOME = alice.home;
|
||||
};
|
||||
unitConfig = {
|
||||
type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
user = alice.name;
|
||||
};
|
||||
script = ''
|
||||
cd $HOME
|
||||
CONFFILE=$HOME/.config/cagebreak/config
|
||||
mkdir -p $(dirname $CONFFILE)
|
||||
cp ${cagebreakConfigfile} $CONFFILE
|
||||
'';
|
||||
};
|
||||
|
||||
# Copied from cage:
|
||||
# this needs a fairly recent kernel, otherwise:
|
||||
# [backend/drm/util.c:215] Unable to add DRM framebuffer: No such file or directory
|
||||
# [backend/drm/legacy.c:15] Virtual-1: Failed to set CRTC: No such file or directory
|
||||
# [backend/drm/util.c:215] Unable to add DRM framebuffer: No such file or directory
|
||||
# [backend/drm/legacy.c:15] Virtual-1: Failed to set CRTC: No such file or directory
|
||||
# [backend/drm/drm.c:618] Failed to initialize renderer on connector 'Virtual-1': initial page-flip failed
|
||||
# [backend/drm/drm.c:701] Failed to initialize renderer for plane
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
virtualisation.memorySize = 1024;
|
||||
};
|
||||
|
||||
enableOCR = true;
|
||||
|
||||
testScript = { nodes, ... }: let
|
||||
user = nodes.machine.config.users.users.alice;
|
||||
in ''
|
||||
start_all()
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
machine.wait_for_file("/run/user/${toString user.uid}/wayland-0")
|
||||
|
||||
with subtest("ensure wayland works with alacritty"):
|
||||
machine.send_key("ctrl-t")
|
||||
machine.send_key("a")
|
||||
machine.wait_until_succeeds("pgrep alacritty")
|
||||
machine.wait_for_text("alice@machine")
|
||||
machine.screenshot("screen")
|
||||
machine.send_key("ctrl-d")
|
||||
|
||||
with subtest("ensure xwayland works with xterm"):
|
||||
machine.send_key("ctrl-t")
|
||||
machine.send_key("t")
|
||||
machine.wait_until_succeeds("pgrep xterm")
|
||||
machine.wait_for_text("alice@machine")
|
||||
machine.screenshot("screen")
|
||||
machine.send_key("ctrl-d")
|
||||
'';
|
||||
})
|
|
@ -0,0 +1,81 @@
|
|||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
|
||||
{
|
||||
name = "mediatomb";
|
||||
|
||||
nodes = {
|
||||
serverGerbera =
|
||||
{ ... }:
|
||||
let port = 49152;
|
||||
in {
|
||||
imports = [ ../modules/profiles/minimal.nix ];
|
||||
services.mediatomb = {
|
||||
enable = true;
|
||||
serverName = "Gerbera";
|
||||
package = pkgs.gerbera;
|
||||
interface = "eth1"; # accessible from test
|
||||
openFirewall = true;
|
||||
mediaDirectories = [
|
||||
{ path = "/var/lib/gerbera/pictures"; recursive = false; hidden-files = false; }
|
||||
{ path = "/var/lib/gerbera/audio"; recursive = true; hidden-files = false; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
serverMediatomb =
|
||||
{ ... }:
|
||||
let port = 49151;
|
||||
in {
|
||||
imports = [ ../modules/profiles/minimal.nix ];
|
||||
services.mediatomb = {
|
||||
enable = true;
|
||||
serverName = "Mediatomb";
|
||||
package = pkgs.mediatomb;
|
||||
interface = "eth1";
|
||||
inherit port;
|
||||
mediaDirectories = [
|
||||
{ path = "/var/lib/mediatomb/pictures"; recursive = false; hidden-files = false; }
|
||||
{ path = "/var/lib/mediatomb/audio"; recursive = true; hidden-files = false; }
|
||||
];
|
||||
};
|
||||
networking.firewall.interfaces.eth1 = {
|
||||
allowedUDPPorts = [ 1900 port ];
|
||||
allowedTCPPorts = [ port ];
|
||||
};
|
||||
};
|
||||
|
||||
client = { ... }: { };
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
start_all()
|
||||
|
||||
port = 49151
|
||||
serverMediatomb.succeed("mkdir -p /var/lib/mediatomb/{pictures,audio}")
|
||||
serverMediatomb.succeed("chown -R mediatomb:mediatomb /var/lib/mediatomb")
|
||||
serverMediatomb.wait_for_unit("mediatomb")
|
||||
serverMediatomb.wait_for_open_port(port)
|
||||
serverMediatomb.succeed(f"curl --fail http://serverMediatomb:{port}/")
|
||||
page = client.succeed(f"curl --fail http://serverMediatomb:{port}/")
|
||||
assert "MediaTomb" in page and "Gerbera" not in page
|
||||
serverMediatomb.shutdown()
|
||||
|
||||
port = 49152
|
||||
serverGerbera.succeed("mkdir -p /var/lib/mediatomb/{pictures,audio}")
|
||||
serverGerbera.succeed("chown -R mediatomb:mediatomb /var/lib/mediatomb")
|
||||
# service running gerbera fails the first time claiming something is already bound
|
||||
# gerbera[715]: 2020-07-18 23:52:14 info: Please check if another instance of Gerbera or
|
||||
# gerbera[715]: 2020-07-18 23:52:14 info: another application is running on port TCP 49152 or UDP 1900.
|
||||
# I did not find anything so here I work around this
|
||||
serverGerbera.succeed("sleep 2")
|
||||
serverGerbera.wait_until_succeeds("systemctl restart mediatomb")
|
||||
serverGerbera.wait_for_unit("mediatomb")
|
||||
serverGerbera.succeed(f"curl --fail http://serverGerbera:{port}/")
|
||||
page = client.succeed(f"curl --fail http://serverGerbera:{port}/")
|
||||
assert "Gerbera" in page and "MediaTomb" not in page
|
||||
|
||||
serverGerbera.shutdown()
|
||||
client.shutdown()
|
||||
'';
|
||||
})
|
|
@ -5,6 +5,12 @@ let
|
|||
imports = [ ./common/x11.nix ];
|
||||
environment.systemPackages = [ pkgs.mumble ];
|
||||
};
|
||||
|
||||
# outside of tests, this file should obviously not come from the nix store
|
||||
envFile = pkgs.writeText "nixos-test-mumble-murmurd.env" ''
|
||||
MURMURD_PASSWORD=testpassword
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
name = "mumble";
|
||||
|
@ -14,8 +20,10 @@ in
|
|||
|
||||
nodes = {
|
||||
server = { config, ... }: {
|
||||
services.murmur.enable = true;
|
||||
services.murmur.enable = true;
|
||||
services.murmur.registerName = "NixOS tests";
|
||||
services.murmur.password = "$MURMURD_PASSWORD";
|
||||
services.murmur.environmentFile = envFile;
|
||||
networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
|
||||
};
|
||||
|
||||
|
@ -30,8 +38,8 @@ in
|
|||
client1.wait_for_x()
|
||||
client2.wait_for_x()
|
||||
|
||||
client1.execute("mumble mumble://client1\@server/test &")
|
||||
client2.execute("mumble mumble://client2\@server/test &")
|
||||
client1.execute("mumble mumble://client1:testpassword\@server/test &")
|
||||
client2.execute("mumble mumble://client2:testpassword\@server/test &")
|
||||
|
||||
# cancel client audio configuration
|
||||
client1.wait_for_window(r"Audio Tuning Wizard")
|
||||
|
@ -63,8 +71,12 @@ in
|
|||
client2.send_chars("y")
|
||||
|
||||
# Find clients in logs
|
||||
server.wait_until_succeeds("journalctl -eu murmur -o cat | grep -q client1")
|
||||
server.wait_until_succeeds("journalctl -eu murmur -o cat | grep -q client2")
|
||||
server.wait_until_succeeds(
|
||||
"journalctl -eu murmur -o cat | grep -q 'client1.\+Authenticated'"
|
||||
)
|
||||
server.wait_until_succeeds(
|
||||
"journalctl -eu murmur -o cat | grep -q 'client2.\+Authenticated'"
|
||||
)
|
||||
|
||||
server.sleep(5) # wait to get screenshot
|
||||
client1.screenshot("screen1")
|
||||
|
|
|
@ -14,13 +14,13 @@
|
|||
|
||||
mkDerivation rec {
|
||||
pname = "MellowPlayer";
|
||||
version = "3.6.5";
|
||||
version = "3.6.6";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
owner = "ColinDuquesnoy";
|
||||
repo = "MellowPlayer";
|
||||
rev = version;
|
||||
sha256 = "1fnfqyy52hnh9vwq4rcndcqwh0zsm1sd3vi4h5gzaj4zbniq5v2f";
|
||||
sha256 = "14y175fl6wg04fz0fhx553r8z3nwqrs2lr3rdls70bhwx5x6lavw";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkgconfig ];
|
||||
|
|
|
@ -58,7 +58,7 @@ in pythonPackages.buildPythonApplication rec {
|
|||
homepage = "https://picard.musicbrainz.org/";
|
||||
description = "The official MusicBrainz tagger";
|
||||
maintainers = with maintainers; [ ehmry ];
|
||||
license = licenses.gpl2;
|
||||
license = licenses.gpl2Plus;
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,17 +2,17 @@
|
|||
|
||||
buildGoModule rec {
|
||||
pname = "go-ethereum";
|
||||
version = "1.9.21";
|
||||
version = "1.9.22";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ethereum";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0mr5pw08jka11lzgl28555nb90cqxx9vlqd1plfmyic6rb5z11df";
|
||||
sha256 = "08i31xil2lygfcn2igsvn4hpg8xnf8l6g914f78hgl4wj6v1dja9";
|
||||
};
|
||||
|
||||
runVend = true;
|
||||
vendorSha256 = "155hmny3543h02ryn1nnlpmvs0qvhd0lb66vmkhw5351m6gkbx7x";
|
||||
vendorSha256 = "1qbg44cryiv9kvcak6qjrbmkc9bxyk5fybj62vdkskqfjvv86068";
|
||||
|
||||
doCheck = false;
|
||||
|
||||
|
|
|
@ -1,62 +1,87 @@
|
|||
{ stdenv, wrapQtAppsHook, makeDesktopItem
|
||||
, fetchFromGitHub, qmake, qttools, pkgconfig
|
||||
, fetchFromGitHub
|
||||
, cmake, qttools, pkgconfig
|
||||
, qtbase, qtdeclarative, qtgraphicaleffects
|
||||
, qtmultimedia, qtxmlpatterns
|
||||
, qtquickcontrols, qtquickcontrols2
|
||||
, monero, unbound, readline, boost, libunwind
|
||||
, libsodium, pcsclite, zeromq, libgcrypt, libgpgerror
|
||||
, hidapi, libusb-compat-0_1, protobuf, randomx
|
||||
, monero, miniupnpc, unbound, readline
|
||||
, boost, libunwind, libsodium, pcsclite
|
||||
, randomx, zeromq, libgcrypt, libgpgerror
|
||||
, hidapi, rapidjson
|
||||
, trezorSupport ? true
|
||||
, libusb1 ? null
|
||||
, protobuf ? null
|
||||
, python3 ? null
|
||||
}:
|
||||
|
||||
with stdenv.lib;
|
||||
|
||||
assert trezorSupport -> all (x: x!=null) [ libusb1 protobuf python3 ];
|
||||
|
||||
let
|
||||
arch = if stdenv.isx86_64 then "x86-64"
|
||||
else if stdenv.isi686 then "i686"
|
||||
else if stdenv.isAarch64 then "armv8-a"
|
||||
else throw "unsupported architecture";
|
||||
in
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "monero-gui";
|
||||
version = "0.16.0.3";
|
||||
version = "0.17.0.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "monero-project";
|
||||
repo = "monero-gui";
|
||||
rev = "v${version}";
|
||||
sha256 = "0iwjp8x5swy8i8pzrlm5v55awhm54cf48pm1vz98lcq361lhfzk6";
|
||||
sha256 = "1i9a3ampppyzsl4sllbqlr3w43sjpb3fdfxhb1j4n49p8g0jzmf3";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ qmake pkgconfig wrapQtAppsHook ];
|
||||
nativeBuildInputs = [
|
||||
cmake pkgconfig wrapQtAppsHook
|
||||
(getDev qttools)
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
qtbase qtdeclarative qtgraphicaleffects
|
||||
qtmultimedia qtquickcontrols qtquickcontrols2
|
||||
qtxmlpatterns
|
||||
monero unbound readline libgcrypt libgpgerror
|
||||
boost libunwind libsodium pcsclite zeromq
|
||||
hidapi libusb-compat-0_1 protobuf randomx
|
||||
];
|
||||
monero miniupnpc unbound readline
|
||||
randomx libgcrypt libgpgerror
|
||||
boost libunwind libsodium pcsclite
|
||||
zeromq hidapi rapidjson
|
||||
] ++ optionals trezorSupport [ libusb1 protobuf python3 ];
|
||||
|
||||
NIX_CFLAGS_COMPILE = [ "-Wno-error=format-security" ];
|
||||
postUnpack = ''
|
||||
# copy monero sources here
|
||||
# (needs to be writable)
|
||||
cp -r ${monero.source}/* source/monero
|
||||
chmod -R +w source/monero
|
||||
'';
|
||||
|
||||
patches = [ ./move-log-file.patch ];
|
||||
|
||||
postPatch = ''
|
||||
echo '
|
||||
var GUI_VERSION = "${version}";
|
||||
var GUI_MONERO_VERSION = "${getVersion monero}";
|
||||
' > version.js
|
||||
substituteInPlace monero-wallet-gui.pro \
|
||||
--replace '$$[QT_INSTALL_BINS]/lrelease' '${getDev qttools}/bin/lrelease'
|
||||
# set monero-gui version
|
||||
substituteInPlace src/version.js.in \
|
||||
--replace '@VERSION_TAG_GUI@' '${version}'
|
||||
|
||||
# remove this line on the next release
|
||||
rm cmake/Version.cmake
|
||||
|
||||
# use monerod from the monero package
|
||||
substituteInPlace src/daemon/DaemonManager.cpp \
|
||||
--replace 'QApplication::applicationDirPath() + "' '"${monero}/bin'
|
||||
|
||||
# only build external deps, *not* the full monero
|
||||
substituteInPlace CMakeLists.txt \
|
||||
--replace 'add_subdirectory(monero)' \
|
||||
'add_subdirectory(monero EXCLUDE_FROM_ALL)'
|
||||
'';
|
||||
|
||||
makeFlags = [ "INSTALL_ROOT=$(out)" ];
|
||||
|
||||
preBuild = ''
|
||||
sed -i s#/opt/monero-wallet-gui##g Makefile
|
||||
make -C src/zxcvbn-c
|
||||
|
||||
# use nixpkgs monero sources
|
||||
rmdir monero
|
||||
ln -s "${monero.src}" monero
|
||||
'';
|
||||
cmakeFlags = [
|
||||
"-DCMAKE_INSTALL_PREFIX=$out/bin"
|
||||
"-DARCH=${arch}"
|
||||
];
|
||||
|
||||
desktopItem = makeDesktopItem {
|
||||
name = "monero-wallet-gui";
|
||||
|
@ -69,15 +94,15 @@ stdenv.mkDerivation rec {
|
|||
|
||||
postInstall = ''
|
||||
# install desktop entry
|
||||
mkdir -p $out/share/applications
|
||||
cp ${desktopItem}/share/applications/* $out/share/applications
|
||||
install -Dm644 -t $out/share/applications \
|
||||
${desktopItem}/share/applications/*
|
||||
|
||||
# install icons
|
||||
for n in 16 24 32 48 64 96 128 256; do
|
||||
size=$n"x"$n
|
||||
mkdir -p $out/share/icons/hicolor/$size/apps
|
||||
cp $src/images/appicons/$size.png \
|
||||
$out/share/icons/hicolor/$size/apps/monero.png
|
||||
install -Dm644 \
|
||||
-t $out/share/icons/hicolor/$size/apps/monero.png \
|
||||
$src/images/appicons/$size.png
|
||||
done;
|
||||
'';
|
||||
|
||||
|
|
|
@ -1,40 +1,69 @@
|
|||
{ stdenv, fetchFromGitHub
|
||||
{ stdenv, fetchFromGitHub, fetchpatch
|
||||
, cmake, pkgconfig
|
||||
, boost, miniupnpc, openssl, unbound
|
||||
, zeromq, pcsclite, readline, libsodium, hidapi
|
||||
, protobuf, randomx, rapidjson, libusb-compat-0_1
|
||||
, randomx, rapidjson
|
||||
, CoreData, IOKit, PCSC
|
||||
, trezorSupport ? true
|
||||
, libusb1 ? null
|
||||
, protobuf ? null
|
||||
, python3 ? null
|
||||
}:
|
||||
|
||||
with stdenv.lib;
|
||||
|
||||
assert stdenv.isDarwin -> IOKit != null;
|
||||
assert trezorSupport -> all (x: x!=null) [ libusb1 protobuf python3 ];
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "monero";
|
||||
version = "0.16.0.3";
|
||||
version = "0.17.0.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "monero-project";
|
||||
repo = "monero";
|
||||
rev = "v${version}";
|
||||
sha256 = "1r9x3712vhb24dxxirfiwj5f9x0h4m7x0ngiiavf5983dfdlgz33";
|
||||
sha256 = "1v0phvg5ralli4dr09a60nq032xqlci5d6v4zfq8304vgrn1ffgp";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
patches = [
|
||||
./use-system-libraries.patch
|
||||
|
||||
# This fixes a bug in the monero-gui build system,
|
||||
# remove it once the PR has been merged
|
||||
(fetchpatch {
|
||||
url = "https://github.com/monero-project/monero/pull/6867.patch";
|
||||
sha256 = "0nxa6861df1fadrm9bmhqf2g6mljgr4jndsbxqp7g501hv9z51j3";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# remove vendored libraries
|
||||
rm -r external/{miniupnp,randomx,rapidjson,unbound}
|
||||
# export patched source for monero-gui
|
||||
cp -r . $source
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ cmake pkgconfig ];
|
||||
|
||||
buildInputs = [
|
||||
boost miniupnpc openssl unbound
|
||||
zeromq pcsclite readline
|
||||
libsodium hidapi randomx rapidjson
|
||||
protobuf libusb-compat-0_1
|
||||
] ++ stdenv.lib.optionals stdenv.isDarwin [ IOKit CoreData PCSC ];
|
||||
protobuf
|
||||
] ++ optionals stdenv.isDarwin [ IOKit CoreData PCSC ]
|
||||
++ optionals trezorSupport [ libusb1 protobuf python3 ];
|
||||
|
||||
cmakeFlags = [
|
||||
"-DCMAKE_BUILD_TYPE=Release"
|
||||
"-DUSE_DEVICE_TREZOR=ON"
|
||||
"-DBUILD_GUI_DEPS=ON"
|
||||
"-DReadline_ROOT_DIR=${readline.dev}"
|
||||
] ++ stdenv.lib.optional stdenv.isDarwin "-DBoost_USE_MULTITHREADED=OFF";
|
||||
"-DRandomX_ROOT_DIR=${randomx}"
|
||||
] ++ optional stdenv.isDarwin "-DBoost_USE_MULTITHREADED=OFF";
|
||||
|
||||
outputs = [ "out" "source" ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Private, secure, untraceable currency";
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
diff --git a/external/CMakeLists.txt b/external/CMakeLists.txt
|
||||
index a8916a7d0..39ec7747b 100644
|
||||
--- a/external/CMakeLists.txt
|
||||
+++ b/external/CMakeLists.txt
|
||||
@@ -37,34 +37,16 @@
|
||||
|
||||
find_package(Miniupnpc REQUIRED)
|
||||
|
||||
-message(STATUS "Using in-tree miniupnpc")
|
||||
-add_subdirectory(miniupnp/miniupnpc)
|
||||
-set_property(TARGET libminiupnpc-static PROPERTY FOLDER "external")
|
||||
-if(MSVC)
|
||||
- set_property(TARGET libminiupnpc-static APPEND_STRING PROPERTY COMPILE_FLAGS " -wd4244 -wd4267")
|
||||
-elseif(NOT MSVC)
|
||||
- set_property(TARGET libminiupnpc-static APPEND_STRING PROPERTY COMPILE_FLAGS " -Wno-undef -Wno-unused-result -Wno-unused-value")
|
||||
-endif()
|
||||
-if(CMAKE_SYSTEM_NAME MATCHES "NetBSD")
|
||||
- set_property(TARGET libminiupnpc-static APPEND_STRING PROPERTY COMPILE_FLAGS " -D_NETBSD_SOURCE")
|
||||
-endif()
|
||||
-
|
||||
-set(UPNP_LIBRARIES "libminiupnpc-static" PARENT_SCOPE)
|
||||
+set(UPNP_STATIC false PARENT_SCOPE)
|
||||
+set(UPNP_INCLUDE ${MINIUPNP_INCLUDE_DIR} PARENT_SCOPE)
|
||||
+set(UPNP_LIBRARIES ${MINIUPNP_LIBRARY} PARENT_SCOPE)
|
||||
|
||||
find_package(Unbound)
|
||||
|
||||
if(NOT UNBOUND_INCLUDE_DIR OR STATIC)
|
||||
- # NOTE: If STATIC is true, CMAKE_FIND_LIBRARY_SUFFIXES has been reordered.
|
||||
- # unbound has config tests which used OpenSSL libraries, so -ldl may need to
|
||||
- # be set in this case.
|
||||
- # The unbound CMakeLists.txt can set it, since it's also needed for the
|
||||
- # static OpenSSL libraries set up there after with target_link_libraries.
|
||||
- add_subdirectory(unbound)
|
||||
-
|
||||
- set(UNBOUND_STATIC true PARENT_SCOPE)
|
||||
- set(UNBOUND_INCLUDE "${CMAKE_CURRENT_SOURCE_DIR}/unbound/libunbound" PARENT_SCOPE)
|
||||
- set(UNBOUND_LIBRARY "unbound" PARENT_SCOPE)
|
||||
- set(UNBOUND_LIBRARY_DIRS "${LIBEVENT2_LIBDIR}" PARENT_SCOPE)
|
||||
+ set(UNBOUND_STATIC false PARENT_SCOPE)
|
||||
+ set(UPNP_INCLUDE ${MINIUPNP_INCLUDE_DIR} PARENT_SCOPE)
|
||||
+ set(UPNP_LIBRARIES ${MINIUPNP_LIBRARY} PARENT_SCOPE)
|
||||
else()
|
||||
message(STATUS "Found libunbound include (unbound.h) in ${UNBOUND_INCLUDE_DIR}")
|
||||
if(UNBOUND_LIBRARIES)
|
||||
@@ -81,4 +63,5 @@ endif()
|
||||
add_subdirectory(db_drivers)
|
||||
add_subdirectory(easylogging++)
|
||||
add_subdirectory(qrcodegen)
|
||||
-add_subdirectory(randomx EXCLUDE_FROM_ALL)
|
||||
+
|
||||
+find_library(RANDOMX_LIBRARIES NAMES RandomX)
|
||||
diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl
|
||||
index 175741146..088b582f7 100644
|
||||
--- a/src/p2p/net_node.inl
|
||||
+++ b/src/p2p/net_node.inl
|
||||
@@ -60,9 +60,9 @@
|
||||
#include "cryptonote_core/cryptonote_core.h"
|
||||
#include "net/parse.h"
|
||||
|
||||
-#include <miniupnp/miniupnpc/miniupnpc.h>
|
||||
-#include <miniupnp/miniupnpc/upnpcommands.h>
|
||||
-#include <miniupnp/miniupnpc/upnperrors.h>
|
||||
+#include <miniupnpc/miniupnpc.h>
|
||||
+#include <miniupnpc/upnpcommands.h>
|
||||
+#include <miniupnpc/upnperrors.h>
|
||||
|
||||
#undef MONERO_DEFAULT_LOG_CATEGORY
|
||||
#define MONERO_DEFAULT_LOG_CATEGORY "net.p2p"
|
|
@ -85,7 +85,7 @@ let
|
|||
description = "A hackable text editor for the 21st Century";
|
||||
homepage = "https://atom.io/";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ offline nequissimus ysndr ];
|
||||
maintainers = with maintainers; [ offline ysndr ];
|
||||
platforms = platforms.x86_64;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -2,25 +2,25 @@
|
|||
|
||||
buildGoModule rec {
|
||||
pname = "glow";
|
||||
version = "0.2.0";
|
||||
version = "1.0.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "charmbracelet";
|
||||
repo = "glow";
|
||||
rev = "v${version}";
|
||||
sha256 = "0vhl8d7xxqqyl916nh8sgm1xdaf7xlc3r18464bd2av22q9yz68n";
|
||||
sha256 = "05scgdivb0hf0lfznikn20b6pgb479jhs24hgf5f5i60v37v930y";
|
||||
};
|
||||
|
||||
vendorSha256 = "1c16s5xiqr36azh2w90wg14jlw67ca2flbgjijpz7qd0ypxyfqlk";
|
||||
vendorSha256 = "180g6d9w3lfmxj4843kqvq4ikg8lwmwprgfxdgz1lzvjmbfjj3g9";
|
||||
|
||||
doCheck = false;
|
||||
|
||||
buildFlagsArray = [ "-ldflags=" "-X=main.Version=${version}" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Render markdown on the CLI";
|
||||
description = "Render markdown on the CLI, with pizzazz!";
|
||||
homepage = "https://github.com/charmbracelet/glow";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ ehmry filalex77 ];
|
||||
maintainers = with maintainers; [ ehmry filalex77 penguwin ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -20,11 +20,11 @@ let
|
|||
|
||||
in stdenv.mkDerivation rec {
|
||||
pname = "nano";
|
||||
version = "5.2";
|
||||
version = "5.3";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnu/nano/${pname}-${version}.tar.xz";
|
||||
sha256 = "1qd7pn9g5dgzbfg4fb3nqxqgi2iqq0g6x33x8d1mx6mfw51xmhij";
|
||||
sha256 = "0lj3fcfzprmv9raydx8yq25lw81bs6g40rhd0fv9d6idcb7wphf5";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ texinfo ] ++ optional enableNls gettext;
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
stdenv.mkDerivation {
|
||||
pname = "nanorc";
|
||||
version = "2018-09-05";
|
||||
version = "2020-01-25";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "scopatz";
|
||||
repo = "nanorc";
|
||||
rev = "1e589cb729d24fba470228d429e6dde07973d597";
|
||||
sha256 = "136yxr38lzrfv8bar0c6c56rh54q9s94zpwa19f425crh44drppl";
|
||||
rev = "2020.1.25";
|
||||
sha256 = "1y8jk3jsl4bd6r4hzmxzcf77hv8bwm0318yv7y2npkkd3a060z8d";
|
||||
};
|
||||
|
||||
dontBuild = true;
|
||||
|
|
|
@ -52,13 +52,13 @@ let
|
|||
python = python2.withPackages (pp: [ pp.pygtk ]);
|
||||
in stdenv.mkDerivation rec {
|
||||
pname = "gimp";
|
||||
version = "2.10.20";
|
||||
version = "2.10.22";
|
||||
|
||||
outputs = [ "out" "dev" ];
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://download.gimp.org/pub/gimp/v${lib.versions.majorMinor version}/${pname}-${version}.tar.bz2";
|
||||
sha256 = "4S+fh0saAHxCd7YKqB4LZzML5+YVPldJ6tg5uQL8ezw=";
|
||||
sha256 = "1fqqyshakvdarf1jipk2n33ibqr23ni22z3d8srq13bpydblpf1d";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ArchiSteamFarm";
|
||||
version = "4.2.4.0";
|
||||
version = "4.3.0.6";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/JustArchiNET/ArchiSteamFarm/releases/download/${version}/ASF-generic.zip";
|
||||
sha256 = "1nkbyy9gnp8nkr04bbiapwvv2nspnl36fvnzjwaq4a13mj49m5zq";
|
||||
sha256 = "1i8cb9j1dk2ikrdr11gah48wrsmw52gj70pv7yml1pzb435madm8";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ unzip makeWrapper jq ];
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
{ lib, buildGoModule, fetchFromGitHub }:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "charm";
|
||||
version = "0.8.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "charmbracelet";
|
||||
repo = "charm";
|
||||
rev = "v${version}";
|
||||
sha256 = "1nbix7fi6g9jadak5zyx7fdz7d6367aly6fnrs0v98zsl1kxyvx3";
|
||||
};
|
||||
|
||||
vendorSha256 = "0lhml6m0j9ksn09j7z4d9pix5aszhndpyqajycwj3apvi3ic90il";
|
||||
|
||||
doCheck = false;
|
||||
|
||||
buildFlagsArray = [ "-ldflags=" "-X=main.Version=${version}" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Manage your charm account on the CLI";
|
||||
homepage = "https://github.com/charmbracelet/charm";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ penguwin ];
|
||||
};
|
||||
}
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "dbeaver-ce";
|
||||
version = "7.2.1";
|
||||
version = "7.2.2";
|
||||
|
||||
desktopItem = makeDesktopItem {
|
||||
name = "dbeaver";
|
||||
|
@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
src = fetchurl {
|
||||
url = "https://dbeaver.io/files/${version}/dbeaver-ce-${version}-linux.gtk.x86_64.tar.gz";
|
||||
sha256 = "0vdwbgff55aq5l67fczdvw7kn7kf0dsz183x5lz2v1sb2blsjvjj";
|
||||
sha256 = "08dm10smmzrpsc4vc5p3p6fbkg6a5r1sgmbdgr2ihkbk28gylfh0";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
|
|
|
@ -21,14 +21,14 @@
|
|||
with python3Packages;
|
||||
buildPythonApplication rec {
|
||||
pname = "kitty";
|
||||
version = "0.19.0";
|
||||
version = "0.19.1";
|
||||
format = "other";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "kovidgoyal";
|
||||
repo = "kitty";
|
||||
rev = "v${version}";
|
||||
sha256 = "0j2ci6acfl21mm111iis0aa5jp1hl1fnlvlhhfps9j5w4ba8sy7z";
|
||||
sha256 = "145fx4nnn0gszawllfwqf1h65ak0ij6ffargs7y0cgaxsc991s6m";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
{ stdenv, fetchFromGitHub, prevo-tools }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "prevo-data";
|
||||
version = "2020-03-08";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "bpeel";
|
||||
repo = "revo";
|
||||
rev = "1e8d7197c0bc831e2127909e77e64dfc26906bdd";
|
||||
sha256 = "1ldhzpi3d5cbssv8r7acsn7qwxcl8qpqi8ywpsp7cbgx3w7hhkyz";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ prevo-tools ];
|
||||
|
||||
dontUnpack = true;
|
||||
|
||||
buildPhase = ''
|
||||
prevodb -s -i $src -o prevo.db
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/share/prevo
|
||||
cp prevo.db $out/share/prevo/
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description =
|
||||
"data for offline version of the Esperanto dictionary Reta Vortaro";
|
||||
longDescription = ''
|
||||
PReVo is the "portable" ReVo, i.e., the offline version
|
||||
of the Esperanto dictionary Reta Vortaro.
|
||||
|
||||
This package provides the ReVo database for the prevo command line application.
|
||||
'';
|
||||
homepage = "https://github.com/bpeel/revo";
|
||||
license = licenses.gpl2Only;
|
||||
maintainers = [ maintainers.das-g ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
|
@ -0,0 +1,27 @@
|
|||
{ stdenv, symlinkJoin, prevo-tools, prevo-data, makeWrapper }:
|
||||
|
||||
symlinkJoin rec {
|
||||
name = "prevo-${version}";
|
||||
inherit (prevo-tools) version;
|
||||
|
||||
paths = [ prevo-tools ];
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
postBuild = ''
|
||||
wrapProgram $out/bin/prevo \
|
||||
--prefix XDG_DATA_DIRS : "${prevo-data}/share"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "offline version of the Esperanto dictionary Reta Vortaro";
|
||||
longDescription = ''
|
||||
PReVo is the "portable" ReVo, i.e., the offline version
|
||||
of the Esperanto dictionary Reta Vortaro.
|
||||
'';
|
||||
homepage = "https://github.com/bpeel/prevodb";
|
||||
license = licenses.gpl2Only;
|
||||
maintainers = [ maintainers.das-g ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
{ stdenv, fetchFromGitHub, autoreconfHook, pkg-config, glib, expat
|
||||
, installShellFiles }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "prevo-tools";
|
||||
version = "0.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "bpeel";
|
||||
repo = "prevodb";
|
||||
rev = version;
|
||||
sha256 = "1fyrc4g9qdq04nxs4g8x0krxfani5xady6v9m0qfqpbh4xk2ry2d";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook pkg-config installShellFiles ];
|
||||
buildInputs = [ glib expat ];
|
||||
|
||||
postInstall = ''
|
||||
installShellCompletion --bash $out/etc/bash_completion.d/prevo-completion
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description =
|
||||
"CLI tools for the offline version of the Esperanto dictionary Reta Vortaro";
|
||||
longDescription = ''
|
||||
PReVo is the "portable" ReVo, i.e., the offline version
|
||||
of the Esperanto dictionary Reta Vortaro.
|
||||
|
||||
This package provides the command line application prevo to query a local
|
||||
ReVo database, as well as the command line tool revodb to create such a
|
||||
database for this application or for the Android app of the same name.
|
||||
'';
|
||||
homepage = "https://github.com/bpeel/prevodb";
|
||||
license = licenses.gpl2Only;
|
||||
maintainers = [ maintainers.das-g ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
|
@ -3,20 +3,21 @@
|
|||
, lib
|
||||
, makeWrapper
|
||||
, ncurses
|
||||
, stdenv
|
||||
}:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "wtf";
|
||||
version = "0.31.0";
|
||||
version = "0.32.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "wtfutil";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "07ngk83p753w9qxm8bvw6n5vk0zldn14yv08d900sxny8cg2h0rb";
|
||||
sha256 = "1055shnf716ga46wwcaffdpgc1glr8vrqrbs2sqbkr3wjan6n0nw";
|
||||
};
|
||||
|
||||
vendorSha256 = "09iy148pnbdrzjj2j50lbd8s9mkv7vggrx77mj88p1gnqclz3lip";
|
||||
vendorSha256 = "0l1q29mdb13ir7n1x65jfnrmy1lamlsa6hm2jagf6yjbm6wf1kw4";
|
||||
|
||||
doCheck = false;
|
||||
|
||||
|
@ -37,5 +38,6 @@ buildGoModule rec {
|
|||
license = licenses.mpl20;
|
||||
maintainers = with maintainers; [ kalbasit ];
|
||||
platforms = platforms.linux ++ platforms.darwin;
|
||||
broken = stdenv.isDarwin;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,16 +2,16 @@
|
|||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "zola";
|
||||
version = "0.12.1";
|
||||
version = "0.12.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "getzola";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "00fkcrr40v93z23h3q2wqlfx0120g59j6j9szk8nx9x85i40j3if";
|
||||
sha256 = "sha256:0fb227kgani32ljnw73a0h5zn5361z5lraf79y34a0chcby2qv35";
|
||||
};
|
||||
|
||||
cargoSha256 = "1wdypyy787dzdq5q64a9mjfygg0kli49yjzw7xh66sjd7263w9fs";
|
||||
cargoSha256 = "sha256:0ilfr32zcajag05qcpwi5ixz250s427i4xrjf4wrk7qy32bblnr5";
|
||||
|
||||
nativeBuildInputs = [ cmake pkg-config ];
|
||||
buildInputs = [ openssl oniguruma ]
|
||||
|
@ -32,6 +32,6 @@ rustPlatform.buildRustPackage rec {
|
|||
description = "A fast static site generator with everything built-in";
|
||||
homepage = "https://www.getzola.org/";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ dywedir ];
|
||||
maintainers = with maintainers; [ dywedir _0x4A6F ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -21,8 +21,9 @@
|
|||
, pulseaudioSupport ? stdenv.isLinux, libpulseaudio
|
||||
, ffmpegSupport ? true
|
||||
, gtk3Support ? true, gtk2, gtk3, wrapGAppsHook
|
||||
, waylandSupport ? true, libxkbcommon, pipewire
|
||||
, waylandSupport ? true, libxkbcommon
|
||||
, gssSupport ? true, kerberos
|
||||
, pipewireSupport ? waylandSupport && webrtcSupport, pipewire
|
||||
|
||||
## privacy-related options
|
||||
|
||||
|
@ -69,6 +70,7 @@
|
|||
}:
|
||||
|
||||
assert stdenv.cc.libc or null != null;
|
||||
assert pipewireSupport -> !waylandSupport || !webrtcSupport -> throw "pipewireSupport requires both wayland and webrtc support.";
|
||||
|
||||
let
|
||||
flag = tf: x: [(if tf then "--enable-${x}" else "--disable-${x}")];
|
||||
|
@ -84,6 +86,7 @@ let
|
|||
execdir = if stdenv.isDarwin
|
||||
then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS"
|
||||
else "/bin";
|
||||
|
||||
in
|
||||
|
||||
stdenv.mkDerivation ({
|
||||
|
@ -94,12 +97,12 @@ stdenv.mkDerivation ({
|
|||
|
||||
patches = [
|
||||
./env_var_for_system_dir.patch
|
||||
] ++ lib.optional pipewireSupport
|
||||
(fetchpatch {
|
||||
# https://src.fedoraproject.org/rpms/firefox/blob/master/f/firefox-pipewire-0-3.patch
|
||||
url = "https://src.fedoraproject.org/rpms/firefox/raw/e99b683a352cf5b2c9ff198756859bae408b5d9d/f/firefox-pipewire-0-3.patch";
|
||||
sha256 = "0qc62di5823r7ly2lxkclzj9rhg2z7ms81igz44nv0fzv3dszdab";
|
||||
})
|
||||
]
|
||||
++ patches;
|
||||
|
||||
|
||||
|
@ -128,7 +131,8 @@ stdenv.mkDerivation ({
|
|||
++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed
|
||||
++ lib.optional gtk3Support gtk3
|
||||
++ lib.optional gssSupport kerberos
|
||||
++ lib.optionals waylandSupport [ libxkbcommon pipewire ]
|
||||
++ lib.optionals waylandSupport [ libxkbcommon ]
|
||||
++ lib.optionals pipewireSupport [ pipewire ]
|
||||
++ lib.optionals stdenv.isDarwin [ CoreMedia ExceptionHandling Kerberos
|
||||
AVFoundation MediaToolbox CoreLocation
|
||||
Foundation libobjc AddressBook cups ];
|
||||
|
@ -142,8 +146,10 @@ stdenv.mkDerivation ({
|
|||
|
||||
postPatch = ''
|
||||
rm -rf obj-x86_64-pc-linux-gnu
|
||||
|
||||
# needed for enabling webrtc+pipewire
|
||||
'' + lib.optionalString pipewireSupport ''
|
||||
# substitute the /usr/include/ lines for the libraries that pipewire provides.
|
||||
# The patch we pick from fedora only contains the generated moz.build files
|
||||
# which hardcode the dependency paths instead of running pkg_config.
|
||||
substituteInPlace \
|
||||
media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build \
|
||||
--replace /usr/include ${pipewire.dev}/include
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
, pkgconfig, autoconf213, alsaLib, bzip2, cairo
|
||||
, dbus, dbus-glib, ffmpeg_3, file, fontconfig, freetype
|
||||
, gnome2, gnum4, gtk2, hunspell, libevent, libjpeg
|
||||
, libnotify, libstartup_notification, makeWrapper
|
||||
, libnotify, libstartup_notification, wrapGAppsHook
|
||||
, libGLU, libGL, perl, python2, libpulseaudio
|
||||
, unzip, xorg, wget, which, yasm, zip, zlib
|
||||
|
||||
|
@ -16,13 +16,13 @@ let
|
|||
|
||||
in stdenv.mkDerivation rec {
|
||||
pname = "palemoon";
|
||||
version = "28.13.0";
|
||||
version = "28.14.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "MoonchildProductions";
|
||||
repo = "Pale-Moon";
|
||||
rev = "${version}_Release";
|
||||
sha256 = "1lza6239kb32wnwd9cwddn11npg1qx7p69l7qy63h9c59w29iypa";
|
||||
sha256 = "1qz2sqc8rcg5z5kncabgmpl6v4i6wrs9dlgmna69255qrmsshwgm";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
@ -42,7 +42,7 @@ in stdenv.mkDerivation rec {
|
|||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
desktop-file-utils file gnum4 makeWrapper perl pkgconfig python2 wget which
|
||||
desktop-file-utils file gnum4 perl pkgconfig python2 wget which wrapGAppsHook
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
|
@ -126,9 +126,15 @@ in stdenv.mkDerivation rec {
|
|||
size=$n"x"$n
|
||||
install -Dm644 $src/palemoon/branding/official/$iconname.png $out/share/icons/hicolor/$size/apps/palemoon.png
|
||||
done
|
||||
'';
|
||||
|
||||
wrapProgram $out/lib/palemoon-${version}/palemoon \
|
||||
dontWrapGApps = true;
|
||||
|
||||
preFixup = ''
|
||||
gappsWrapperArgs+=(
|
||||
--prefix LD_LIBRARY_PATH : "${libPath}"
|
||||
)
|
||||
wrapGApp $out/lib/palemoon-${version}/palemoon
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
|
|
|
@ -90,7 +90,7 @@ in stdenv.mkDerivation rec {
|
|||
description = "A Browser for our Friends, powerful and personal";
|
||||
homepage = "https://vivaldi.com";
|
||||
license = licenses.unfree;
|
||||
maintainers = with maintainers; [ otwieracz nequissimus badmutex ];
|
||||
maintainers = with maintainers; [ otwieracz badmutex ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pidgin-skypeweb";
|
||||
version = "1.6";
|
||||
version = "1.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "EionRobb";
|
||||
repo = "skype4pidgin";
|
||||
rev = version;
|
||||
sha256 = "1q3m8hyr77mxm4y0zify2xhjp9d8y4pgwvqyfly4zcpmyd2argi1";
|
||||
sha256 = "11snyrjhm58gjvdmr5h5ajii3ah4a7c8zw3cavjv9xnnwrpfm5rb";
|
||||
};
|
||||
|
||||
setSourceRoot = ''
|
||||
|
|
|
@ -22,13 +22,13 @@ let
|
|||
pname = "wire-desktop";
|
||||
|
||||
version = {
|
||||
x86_64-darwin = "3.19.3799";
|
||||
x86_64-linux = "3.19.2928";
|
||||
x86_64-darwin = "3.20.3912";
|
||||
x86_64-linux = "3.20.2934";
|
||||
}.${system} or throwSystem;
|
||||
|
||||
sha256 = {
|
||||
x86_64-darwin = "1sv8n4g1pd4nwpwsg0m61zhrfjlh7sj29rnh46xjw1qg332g6cw9";
|
||||
x86_64-linux = "038h1j59qfj5ckaxk823qpfflxay47v0jrqc0hmrdmnd2y59dpx7";
|
||||
x86_64-darwin = "1crkdqzq3iccxbrqlrar4ai43qzjsgd4hvcajgzmz2y33f30xgqr";
|
||||
x86_64-linux = "0z6vrhzrhrrnl3swjbxrbl1dhk2fx86s45n2z2in2shdlv08dcx7";
|
||||
}.${system} or throwSystem;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -5,12 +5,12 @@
|
|||
|
||||
let
|
||||
pname = "zulip";
|
||||
version = "5.4.0";
|
||||
version = "5.4.3";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/zulip/zulip-desktop/releases/download/v${version}/Zulip-${version}-x86_64.AppImage";
|
||||
sha256 = "14p0nly144rivd9yk273asfjza5p9qncpbmh4qxnd4gq01f98igh";
|
||||
sha256 = "0yd4g87kcwiy1arx3y2nyb7lq1nlh4cn87762k2sd8n4s9i52c7r";
|
||||
name="${pname}-${version}.AppImage";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,36 +1,30 @@
|
|||
{ stdenv, lib, fetchFromGitHub, fetchpatch, libiconv, ruby ? null }:
|
||||
{ stdenv, lib, fetchFromGitHub, installShellFiles, libiconv, ruby ? null }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "mblaze";
|
||||
version = "0.5.1";
|
||||
version = "1.0";
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
buildInputs = [ ruby ] ++ lib.optionals stdenv.isDarwin [ libiconv ];
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "chneukirchen";
|
||||
owner = "leahneukirchen";
|
||||
repo = "mblaze";
|
||||
rev = "v${version}";
|
||||
sha256 = "11x548dl2jy9cmgsakqrzfdq166whhk4ja7zkiaxrapkjmkf6pbh";
|
||||
sha256 = "0hxy3mjjv4hg856sl1r15fdmqaw4s9c26b3lidsd5x0kpqy601ai";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
url = "https://github.com/leahneukirchen/mblaze/commit/53151f4f890f302291eb8d3375dec4f8ecb66ed7.patch";
|
||||
sha256 = "1mcyrh053iiyzdhgm09g5h3a77np496whnc7jr4agpk1nkbcpfxc";
|
||||
})
|
||||
];
|
||||
|
||||
makeFlags = [ "PREFIX=$(out)" ];
|
||||
|
||||
postInstall = ''
|
||||
install -Dm644 -t $out/share/zsh/site-functions contrib/_mblaze
|
||||
installShellCompletion contrib/_mblaze
|
||||
'' + lib.optionalString (ruby != null) ''
|
||||
install -Dt $out/bin contrib/msuck contrib/mblow
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/chneukirchen/mblaze";
|
||||
description = "Unix utilities to deal with Maildir";
|
||||
homepage = "https://github.com/leahneukirchen/mblaze";
|
||||
description = "Unix utilities for processing and interacting with mail messages which are stored in maildir folders";
|
||||
license = licenses.cc0;
|
||||
platforms = platforms.all;
|
||||
maintainers = [ maintainers.ajgrf ];
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
with stdenv.lib;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "0.30.1c80020";
|
||||
version = "0.31";
|
||||
pname = "notmuch";
|
||||
|
||||
passthru = {
|
||||
|
@ -22,8 +22,8 @@ stdenv.mkDerivation rec {
|
|||
|
||||
src = fetchgit {
|
||||
url = "https://git.notmuchmail.org/git/notmuch";
|
||||
sha256 = "0xj944c4ayps1bg21pksjih3y9v6lb34dd582df14i14q0yzji51";
|
||||
rev = "1c80020e701c7323de137c0616fc8864443d7bd3";
|
||||
sha256 = "0f9d9k9avb46yh2r8fvijvw7bryqwckvyzc68f9phax2g4c99x4x";
|
||||
rev = version;
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -0,0 +1,80 @@
|
|||
{ stdenv, buildFHSUserEnv, fetchurl, makeWrapper, makeDesktopItem, libxslt, atk
|
||||
, fontconfig, freetype, gdk-pixbuf, glib, gtk2, libudev0-shim, libxml2
|
||||
, pango, pixman, libX11, libXext, libXinerama, libXrandr , libXrender
|
||||
, libXtst, libXcursor, libXi, libxkbfile , libXScrnSaver, zlib, liberation_ttf
|
||||
, libtiff, dbus, at-spi2-atk, harfbuzz, gtk3-x11, libuuid, pcsclite
|
||||
}:
|
||||
|
||||
let
|
||||
version = "2006";
|
||||
|
||||
sysArch =
|
||||
if stdenv.hostPlatform.system == "x86_64-linux" then "x64"
|
||||
else throw "Unsupported system: ${stdenv.hostPlatform.system}";
|
||||
# The downloaded archive also contains i386 and ARM binaries, but these have not been tested.
|
||||
|
||||
vmwareHorizonClientFiles = stdenv.mkDerivation {
|
||||
name = "vmwareHorizonClientFiles";
|
||||
inherit version;
|
||||
src = fetchurl {
|
||||
url = https://download3.vmware.com/software/view/viewclients/CART21FQ2/vmware-view-client-linux-2006-8.0.0-16522670.tar.gz;
|
||||
sha256 = "8c46d49fea42f8c1f7cf32a5f038f5a47d2b304743b1e4f4c68c658621b0e79c";
|
||||
};
|
||||
buildInputs = [ makeWrapper ];
|
||||
installPhase = ''
|
||||
mkdir ext $out
|
||||
find ${sysArch} -type f -print0 | xargs -0n1 tar -Cext --strip-components=1 -xf
|
||||
mv ext/bin ext/lib ext/share "$out"/
|
||||
|
||||
# Horizon includes a copy of libstdc++ which is loaded via $LD_LIBRARY_PATH
|
||||
# when it cannot detect a new enough version already present on the system.
|
||||
# The checks are distribution-specific and do not function correctly on NixOS.
|
||||
# Deleting the bundled library is the simplest way to force it to use our version.
|
||||
rm -f "$out/lib/vmware/gcc/libstdc++.so.6"
|
||||
|
||||
# Force the default GTK theme (Adwaita) because Horizon is prone to
|
||||
# UI usability issues when using non-default themes, such as Adwaita-dark.
|
||||
makeWrapper "$out/bin/vmware-view" "$out/bin/vmware-view_wrapper" \
|
||||
--set GTK_THEME Adwaita \
|
||||
--suffix LD_LIBRARY_PATH : "$out/lib/vmware/view/crtbora:$out/lib/vmware"
|
||||
'';
|
||||
};
|
||||
|
||||
vmwareFHSUserEnv = buildFHSUserEnv {
|
||||
name = "vmware-view";
|
||||
|
||||
runScript = "${vmwareHorizonClientFiles}/bin/vmware-view_wrapper";
|
||||
|
||||
targetPkgs = pkgs: [
|
||||
pcsclite dbus vmwareHorizonClientFiles atk fontconfig freetype gdk-pixbuf glib gtk2
|
||||
libudev0-shim libxml2 pango pixman liberation_ttf libX11 libXext libXinerama
|
||||
libXrandr libXrender libXtst libXcursor libXi libxkbfile at-spi2-atk libXScrnSaver
|
||||
zlib libtiff harfbuzz gtk3-x11 libuuid
|
||||
];
|
||||
};
|
||||
|
||||
desktopItem = makeDesktopItem {
|
||||
name = "vmware-view";
|
||||
desktopName = "VMware Horizon Client";
|
||||
icon = "${vmwareHorizonClientFiles}/share/icons/vmware-view.png";
|
||||
exec = "${vmwareFHSUserEnv}/bin/vmware-view %u";
|
||||
mimeType = "x-scheme-handler/vmware-view";
|
||||
};
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
name = "vmware-view";
|
||||
dontUnpack = true;
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin $out/share/applications
|
||||
cp "${desktopItem}"/share/applications/* $out/share/applications/
|
||||
ln -s "${vmwareFHSUserEnv}/bin/vmware-view" "$out/bin/"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Allows you to connect to your VMware Horizon virtual desktop";
|
||||
homepage = "https://www.vmware.com/go/viewclients";
|
||||
license = licenses.unfree;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ buckley310 ];
|
||||
};
|
||||
}
|
|
@ -3,17 +3,17 @@
|
|||
let
|
||||
common = { stname, target, postInstall ? "" }:
|
||||
buildGoModule rec {
|
||||
version = "1.9.0";
|
||||
version = "1.10.0";
|
||||
name = "${stname}-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "syncthing";
|
||||
repo = "syncthing";
|
||||
rev = "v${version}";
|
||||
sha256 = "1p5wmcmv72hbd3dap9hqv4ryarsj8ljn833x9mcfgh8ff4k25qwr";
|
||||
sha256 = "0wi8k248qr80vscb5qwh2ygiyy2am9hh6a8c1il1h2702ch2cd45";
|
||||
};
|
||||
|
||||
vendorSha256 = "1mwjfv0l2n21srxsh8w18my2j8diim91jlg00ailiq9fwnvxxn8c";
|
||||
vendorSha256 = "0as1kn7bpgp5b82pf1bgr23az1qq8x85zr2zwgqsx57yjbc18658";
|
||||
|
||||
doCheck = false;
|
||||
|
||||
|
@ -45,6 +45,7 @@ let
|
|||
meta = with lib; {
|
||||
homepage = "https://syncthing.net/";
|
||||
description = "Open Source Continuous File Synchronization";
|
||||
changelog = "https://github.com/syncthing/syncthing/releases/tag/v${version}";
|
||||
license = licenses.mpl20;
|
||||
maintainers = with maintainers; [ pshendry joko peterhoeg andrew-d ];
|
||||
platforms = platforms.unix;
|
||||
|
|
|
@ -13,11 +13,11 @@ with stdenv.lib;
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "znc";
|
||||
version = "1.8.1";
|
||||
version = "1.8.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://znc.in/releases/archive/${pname}-${version}.tar.gz";
|
||||
sha256 = "0hb1v167aa6gv5bcwz352l6b8gnd74ymjw92y4x882l099hzg59i";
|
||||
sha256 = "03fyi0j44zcanj1rsdx93hkdskwfvhbywjiwd17f9q1a7yp8l8zz";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
|
|
|
@ -1,20 +1,25 @@
|
|||
{ stdenv, fetchFromGitHub, xen_4_10 }:
|
||||
{ stdenv
|
||||
, fetchFromGitHub
|
||||
, xen_4_10
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "qubes-core-vchan-xen";
|
||||
version = "4.1.2";
|
||||
version = "4.1.4";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "QubesOS";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "1wj4vv8nkzzig52r2nzkd4jy0cwznfkyddx379hfsdl4pzsp55mj";
|
||||
sha256 = "sha256:02l1vs5c2jfw22gxvl2fb66m0d99n8ya1i7rphsb5cxsljvxary0";
|
||||
};
|
||||
|
||||
buildInputs = [ xen_4_10 ];
|
||||
|
||||
buildPhase = ''
|
||||
make all PREFIX=/
|
||||
make all PREFIX=/ LIBDIR="$out/lib" INCLUDEDIR="$out/include"
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
make install DESTDIR=$out PREFIX=/
|
||||
'';
|
||||
|
@ -26,4 +31,5 @@ stdenv.mkDerivation rec {
|
|||
maintainers = with maintainers; [ _0x4A6F ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ stdenv, fetchFromGitHub, qt4, qmake4Hook, libpulseaudio }:
|
||||
let
|
||||
version = "1.1.8";
|
||||
version = "1.1.9";
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
pname = "multimon-ng";
|
||||
|
@ -10,7 +10,7 @@ stdenv.mkDerivation {
|
|||
owner = "EliasOenal";
|
||||
repo = "multimon-ng";
|
||||
rev = version;
|
||||
sha256 = "1973xfyvzl1viz19zr83cgqlx5laxbjrca35rqabn6dlb6xb5xk8";
|
||||
sha256 = "01716cfhxfzsab9zjply9giaa4nn4b7rm3p3vizrwi7n253yiwm2";
|
||||
};
|
||||
|
||||
buildInputs = [ qt4 libpulseaudio ];
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "EZminc";
|
||||
name = "${pname}-unstable-2019-03-12";
|
||||
version = "unstable-2019-03-12";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "BIC-MNI";
|
||||
|
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
|
|||
nativeBuildInputs = [ cmake pkgconfig ];
|
||||
buildInputs = [ itk4 libminc bicpl fftwFloat gsl ];
|
||||
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/"
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/cmake"
|
||||
"-DEZMINC_BUILD_TOOLS=TRUE"
|
||||
"-DEZMINC_BUILD_MRFSEG=TRUE"
|
||||
"-DEZMINC_BUILD_DD=TRUE" ];
|
||||
|
|
|
@ -4,20 +4,20 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "N3";
|
||||
name = "${pname}-2017-09-18";
|
||||
version = "unstable-2018-08-09";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "BIC-MNI";
|
||||
repo = pname;
|
||||
rev = "2fdd939f0f2b24a4039bc6a8ade4a190a1d8e75d";
|
||||
sha256 = "13z21c4r09hna3q1csvcn4i7ws5ixbdaja6ch421xv6nydjh2w5g";
|
||||
rev = "010fc2ac58ce1d67b8e6a863fac0809d3203cb9b";
|
||||
sha256 = "06hci7gzhy8p34ggvx7gah2k9yxpwhgmq1cgw8pcd1r82g4rg6kd";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake makeWrapper ];
|
||||
buildInputs = [ libminc EBTKS ];
|
||||
propagatedBuildInputs = with perlPackages; [ perl MNI-Perllib GetoptTabular ];
|
||||
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/" "-DEBTKS_DIR=${EBTKS}/lib/" ];
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/cmake" "-DEBTKS_DIR=${EBTKS}/lib/" ];
|
||||
|
||||
postFixup = ''
|
||||
for p in $out/bin/*; do
|
||||
|
@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
|
|||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://github.com/BIC-MNI/${pname}";
|
||||
homepage = "https://github.com/BIC-MNI/N3";
|
||||
description = "MRI non-uniformity correction for MINC files";
|
||||
maintainers = with maintainers; [ bcdarwin ];
|
||||
platforms = platforms.unix;
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "conglomerate";
|
||||
name = "${pname}-2017-09-10";
|
||||
version = "unstable-2017-09-10";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "BIC-MNI";
|
||||
|
@ -16,7 +16,10 @@ stdenv.mkDerivation rec {
|
|||
buildInputs = [ libminc zlib bicpl ];
|
||||
propagatedBuildInputs = [ coreutils minc_tools ] ++ (with perlPackages; [ perl GetoptTabular MNI-Perllib ]);
|
||||
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/" "-DBICPL_DIR=${bicpl}/lib/" ];
|
||||
cmakeFlags = [
|
||||
"-DLIBMINC_DIR=${libminc}/lib/cmake"
|
||||
"-DBICPL_DIR=${bicpl}/lib"
|
||||
];
|
||||
|
||||
postFixup = ''
|
||||
for p in $out/bin/*; do
|
||||
|
|
|
@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
|
|||
buildInputs = [ libminc EBTKS ];
|
||||
propagatedBuildInputs = with perlPackages; [ perl GetoptTabular MNI-Perllib ];
|
||||
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/" "-DEBTKS_DIR=${EBTKS}/lib/" ];
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/cmake" "-DEBTKS_DIR=${EBTKS}/lib/" ];
|
||||
|
||||
postFixup = ''
|
||||
for p in $out/bin/*; do
|
||||
|
|
|
@ -3,28 +3,20 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "minc-tools";
|
||||
version = "unstable-2019-12-04";
|
||||
version = "unstable-2020-07-25";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "BIC-MNI";
|
||||
repo = pname;
|
||||
rev = "d4dddfdb4e4fa0cea389b8fdce51cfc076565d94";
|
||||
sha256 = "1wwdss59qq4hz1jp35qylfswzzv0d37if23al0srnxkkgc5f8zng";
|
||||
rev = "fb0a68a07d281e4e099c5d54df29925240de14c1";
|
||||
sha256 = "0zcv2sdj3k6k0xjqdq8j5bxq8smm48dzai90vwsmz8znmbbm6kvw";
|
||||
};
|
||||
|
||||
patches = [ ./fix-netcdf-header.patch ];
|
||||
|
||||
# add missing CMake module to build NIFTI support
|
||||
# (the maintainers normally build libminc and minc-tools in a meta-project)
|
||||
postPatch = ''
|
||||
cp ${libminc.src}/cmake-modules/FindNIFTI.cmake cmake-modules
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ cmake flex bison makeWrapper ];
|
||||
buildInputs = [ libminc libjpeg nifticlib zlib ];
|
||||
propagatedBuildInputs = [ perl TextFormat ];
|
||||
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/"
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/cmake"
|
||||
"-DZNZ_INCLUDE_DIR=${nifticlib}/include/nifti"
|
||||
"-DNIFTI_INCLUDE_DIR=${nifticlib}/include/nifti" ];
|
||||
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
diff --git a/progs/mincdump/mincdump.h b/progs/mincdump/mincdump.h
|
||||
index 14c95cd..117ab26 100644
|
||||
--- a/progs/mincdump/mincdump.h
|
||||
+++ b/progs/mincdump/mincdump.h
|
||||
@@ -3,6 +3,7 @@
|
||||
* See netcdf/COPYRIGHT file for copying and redistribution conditions.
|
||||
* $Header: /private-cvsroot/minc/progs/mincdump/mincdump.h,v 1.1 2004-04-27 15:35:15 bert Exp $
|
||||
*********************************************************************/
|
||||
+#include <netcdf_meta.h>
|
||||
|
||||
|
||||
/* error checking macro */
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "mni_autoreg";
|
||||
name = "${pname}-2017-09-22";
|
||||
version = "unstable-2017-09-22";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "BIC-MNI";
|
||||
|
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
|
|||
buildInputs = [ libminc ];
|
||||
propagatedBuildInputs = with perlPackages; [ perl GetoptTabular MNI-Perllib ];
|
||||
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/" ];
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/cmake" ];
|
||||
# testing broken: './minc_wrapper: Permission denied' from Testing/ellipse0.mnc
|
||||
|
||||
postFixup = ''
|
||||
|
|
|
@ -2,16 +2,16 @@
|
|||
|
||||
buildGoModule rec {
|
||||
pname = "gh";
|
||||
version = "1.0.0";
|
||||
version = "1.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "cli";
|
||||
repo = "cli";
|
||||
rev = "v${version}";
|
||||
sha256 = "10ixjrb56ddqxla7mfxqnf74zissjx66akcyvgl9xfmww0bvg64x";
|
||||
sha256 = "1jf1y6135p30dlr42fnl0w7782fczizq8yya4bsd6xf66bcq0zzn";
|
||||
};
|
||||
|
||||
vendorSha256 = "079zbm57xfcskwhsfj1x0c0lg6ip6c6dbk8hfwrzkpy8gfs2ysmr";
|
||||
vendorSha256 = "12ka5x5m4h8dfpcdhfjc5lz6bm8pzfqkbhs9j3a8w08xsi93dvdz";
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
||||
|
|
|
@ -189,7 +189,7 @@ rec {
|
|||
homepage = "https://www.docker.com/";
|
||||
description = "An open source project to pack, ship and run any application as a lightweight container";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ nequissimus offline tailhook vdemeester periklis ];
|
||||
maintainers = with maintainers; [ offline tailhook vdemeester periklis ];
|
||||
platforms = with platforms; linux ++ darwin;
|
||||
};
|
||||
});
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
{ stdenv, fetchFromGitHub
|
||||
, meson, ninja, pkg-config, wayland, scdoc, makeWrapper
|
||||
, wlroots, wayland-protocols, pixman, libxkbcommon
|
||||
, cairo , pango, fontconfig, pandoc, systemd
|
||||
, withXwayland ? true, xwayland
|
||||
, nixosTests
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "cagebreak";
|
||||
version = "1.4.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "project-repo";
|
||||
repo = "cagebreak";
|
||||
rev = version;
|
||||
hash = "sha256-+Ww1rsUR7qe/BixLPR8GiRc3C6QmpLzWpT2wym8b4/M=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ meson ninja pkg-config wayland scdoc makeWrapper ];
|
||||
|
||||
buildInputs = [
|
||||
wlroots wayland wayland-protocols pixman libxkbcommon cairo
|
||||
pango fontconfig pandoc systemd
|
||||
];
|
||||
|
||||
outputs = [ "out" "contrib" ];
|
||||
|
||||
mesonFlags = [
|
||||
"-Dxwayland=${stdenv.lib.boolToString withXwayland}"
|
||||
"-Dversion_override=${version}"
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
mkdir -p $contrib/share/cagebreak
|
||||
cp $src/examples/config $contrib/share/cagebreak/config
|
||||
'';
|
||||
|
||||
postFixup = stdenv.lib.optionalString withXwayland ''
|
||||
wrapProgram $out/bin/cagebreak --prefix PATH : "${xwayland}/bin"
|
||||
'';
|
||||
|
||||
passthru.tests.basic = nixosTests.cagebreak;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A Wayland tiling compositor inspired by ratpoison";
|
||||
homepage = "https://github.com/project-repo/cagebreak";
|
||||
license = licenses.mit;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ berbiche ];
|
||||
};
|
||||
}
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "flat-remix-icon-theme";
|
||||
version = "20200116";
|
||||
version = "20200710";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "daniruiz";
|
||||
repo = "flat-remix";
|
||||
rev = version;
|
||||
sha256 = "14n5wydhd5ifmsbj770s2qg2ksd3xa3m61qxydid6jq39k0lxbd8";
|
||||
sha256 = "0rlrmgimvs9rrj64g5jn04jgyi7wmn2dnsk7ckmxk6p8cdfjd0hx";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, lib, fetchFromGitHub, gnome3 }:
|
||||
{ stdenv, lib, fetchFromGitHub, gnome3, fetchpatch }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gnome-shell-extension-material-shell";
|
||||
|
@ -11,6 +11,15 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "076cv1l5qr5x71przjwvbzx0m91n4z0byc2gc3r48l8vsr2d0hwf";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Fix for https://github.com/material-shell/material-shell/issues/284
|
||||
# (Remove this patch when updating to version >= 8)
|
||||
(fetchpatch {
|
||||
url = "https://github.com/material-shell/material-shell/commit/fc27489a1ec503a4a5c7cb2f4e1eefa84a7ea2f1.patch";
|
||||
sha256 = "0x2skg955c4jqgwbkfhk7plm8bh1qnk66cdds796bzkp3hb5syw8";
|
||||
})
|
||||
];
|
||||
|
||||
# This package has a Makefile, but it's used for building a zip for
|
||||
# publication to extensions.gnome.org. Disable the build phase so
|
||||
# installing doesn't build an unnecessary release.
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,53 +1,107 @@
|
|||
{ stdenv, fetchurl, makeWrapper
|
||||
{ stdenv, lib, fetchurl, makeWrapper, writeText
|
||||
, fpc, gtk2, glib, pango, atk, gdk-pixbuf
|
||||
, libXi, xorgproto, libX11, libXext
|
||||
, gdb, gnumake, binutils
|
||||
, withQt ? false, qtbase ? null, libqt5pas ? null, wrapQtAppsHook ? null
|
||||
}:
|
||||
|
||||
# TODO:
|
||||
# 1. the build date is embedded in the binary through `$I %DATE%` - we should dump that
|
||||
|
||||
let
|
||||
version = "2.0.10-2";
|
||||
|
||||
# as of 2.0.10 a suffix is being added. That may or may not disappear and then
|
||||
# come back, so just leave this here.
|
||||
majorMinorPatch = v:
|
||||
builtins.concatStringsSep "." (lib.take 3 (lib.splitVersion v));
|
||||
|
||||
overrides = writeText "revision.inc" (lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v:
|
||||
"const ${k} = '${v}';") {
|
||||
# this is technically the SVN revision but as we don't have that replace
|
||||
# it with the version instead of showing "Unknown"
|
||||
RevisionStr = version;
|
||||
}));
|
||||
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "lazarus";
|
||||
version = "2.0.8";
|
||||
pname = "lazarus-${LCL_PLATFORM}";
|
||||
inherit version;
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/lazarus/Lazarus%20Zip%20_%20GZip/Lazarus%20${version}/lazarus-${version}.tar.gz";
|
||||
sha256 = "1iciqydb0miqdrh89aj59gy7kfcwikkycqssq9djcqsw1ql3gc4h";
|
||||
url = "mirror://sourceforge/lazarus/Lazarus%20Zip%20_%20GZip/Lazarus%20${majorMinorPatch version}/lazarus-${version}.tar.gz";
|
||||
sha256 = "sha256-ZNViZGjdJKMzKyBfOr0KWBq33hsGCi1X4hhkBmz9Q7c=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
cp ${overrides} ide/${overrides.name}
|
||||
'';
|
||||
|
||||
buildInputs = [
|
||||
# we need gtk2 unconditionally as that is the default target when building applications with lazarus
|
||||
fpc gtk2 glib libXi xorgproto
|
||||
libX11 libXext pango atk
|
||||
stdenv.cc makeWrapper gdk-pixbuf
|
||||
];
|
||||
stdenv.cc gdk-pixbuf
|
||||
]
|
||||
++ lib.optionals withQt [ libqt5pas qtbase ];
|
||||
|
||||
nativeBuildInputs = [
|
||||
makeWrapper
|
||||
] ++ lib.optional withQt wrapQtAppsHook;
|
||||
|
||||
makeFlags = [
|
||||
"FPC=fpc"
|
||||
"PP=fpc"
|
||||
"LAZARUS_INSTALL_DIR=${placeholder "out"}/share/lazarus/"
|
||||
"INSTALL_PREFIX=${placeholder "out"}/"
|
||||
"REQUIRE_PACKAGES+=tachartlazaruspkg"
|
||||
"bigide"
|
||||
];
|
||||
|
||||
LCL_PLATFORM = if withQt then "qt5" else "gtk2";
|
||||
|
||||
NIX_LDFLAGS = lib.concatStringsSep " " ([
|
||||
"-L${stdenv.cc.cc.lib}/lib"
|
||||
"-lX11"
|
||||
"-lXext"
|
||||
"-lXi"
|
||||
"-latk-1.0"
|
||||
"-lc"
|
||||
"-lcairo"
|
||||
"-lgcc_s"
|
||||
"-lgdk-x11-2.0"
|
||||
"-lgdk_pixbuf-2.0"
|
||||
"-lglib-2.0"
|
||||
"-lgtk-x11-2.0"
|
||||
"-lpango-1.0"
|
||||
]
|
||||
++ lib.optionals withQt [
|
||||
"-L${lib.getLib libqt5pas}/lib"
|
||||
"-lQt5Pas"
|
||||
]);
|
||||
|
||||
preBuild = ''
|
||||
export makeFlags="$makeFlags LAZARUS_INSTALL_DIR=$out/share/lazarus/ INSTALL_PREFIX=$out/"
|
||||
export NIX_LDFLAGS="$NIX_LDFLAGS -L${stdenv.cc.cc.lib}/lib -lXi -lX11 -lglib-2.0 -lgtk-x11-2.0 -lgdk-x11-2.0 -lc -lXext -lpango-1.0 -latk-1.0 -lgdk_pixbuf-2.0 -lcairo -lgcc_s"
|
||||
export LCL_PLATFORM=gtk2
|
||||
mkdir -p $out/share "$out/lazarus"
|
||||
tar xf ${fpc.src} --strip-components=1 -C $out/share -m
|
||||
sed -e 's@/usr/fpcsrc@'"$out/share/fpcsrc@" -i ide/include/unix/lazbaseconf.inc
|
||||
substituteInPlace ide/include/unix/lazbaseconf.inc \
|
||||
--replace '/usr/fpcsrc' "$out/share/fpcsrc"
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
wrapProgram $out/bin/startlazarus --prefix NIX_LDFLAGS ' ' \
|
||||
"$(echo "$NIX_LDFLAGS" | sed -re 's/-rpath [^ ]+//g')" \
|
||||
--prefix NIX_LDFLAGS_${binutils.suffixSalt} ' ' \
|
||||
"$(echo "$NIX_LDFLAGS" | sed -re 's/-rpath [^ ]+//g')" \
|
||||
postInstall = let
|
||||
ldFlags = ''$(echo "$NIX_LDFLAGS" | sed -re 's/-rpath [^ ]+//g')'';
|
||||
in ''
|
||||
wrapProgram $out/bin/startlazarus \
|
||||
--prefix NIX_LDFLAGS ' ' "${ldFlags}" \
|
||||
--prefix NIX_LDFLAGS_${binutils.suffixSalt} ' ' "${ldFlags}" \
|
||||
--prefix LCL_PLATFORM ' ' "$LCL_PLATFORM" \
|
||||
--prefix PATH ':' "${fpc}/bin:${gdb}/bin:${gnumake}/bin:${binutils}/bin"
|
||||
--prefix PATH ':' "${lib.makeBinPath [ fpc gdb gnumake binutils ]}"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Lazarus graphical IDE for FreePascal language";
|
||||
homepage = "http://www.lazarus.freepascal.org";
|
||||
description = "Lazarus graphical IDE for the FreePascal language";
|
||||
homepage = "https://www.lazarus.freepascal.org";
|
||||
license = licenses.gpl2Plus ;
|
||||
maintainers = with maintainers; [ raskin ];
|
||||
platforms = platforms.linux;
|
||||
maintainers = [ maintainers.raskin ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ stdenv, lazarus, qt5 }:
|
||||
{ mkDerivation, lib, lazarus, qmake, qtbase, qtx11extras }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
mkDerivation {
|
||||
pname = "libqt5pas";
|
||||
inherit (lazarus) version src;
|
||||
|
||||
|
@ -8,14 +8,14 @@ stdenv.mkDerivation {
|
|||
|
||||
postPatch = ''
|
||||
substituteInPlace Qt5Pas.pro \
|
||||
--replace "target.path = \$\$[QT_INSTALL_LIBS]" "target.path = $out/lib"
|
||||
--replace 'target.path = $$[QT_INSTALL_LIBS]' "target.path = $out/lib"
|
||||
'';
|
||||
|
||||
nativeBuildInputs = with qt5; [ qmake ];
|
||||
nativeBuildInputs = [ qmake ];
|
||||
|
||||
buildInputs = with qt5; [ qtbase qtx11extras ];
|
||||
buildInputs = [ qtbase qtx11extras ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
meta = with lib; {
|
||||
description = "Free Pascal Qt5 binding library";
|
||||
homepage = "https://wiki.freepascal.org/Qt5_Interface#libqt5pas";
|
||||
maintainers = with maintainers; [ sikmir ];
|
||||
|
|
|
@ -40,7 +40,7 @@ in stdenv.mkDerivation {
|
|||
homepage = "https://kotlinlang.org/";
|
||||
license = stdenv.lib.licenses.asl20;
|
||||
maintainers = with stdenv.lib.maintainers;
|
||||
[ nequissimus ];
|
||||
[ ];
|
||||
platforms = stdenv.lib.platforms.all;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -260,7 +260,7 @@ let
|
|||
homepage = "http://openjdk.java.net/";
|
||||
license = licenses.gpl2;
|
||||
description = "The open-source Java Development Kit";
|
||||
maintainers = with maintainers; [ edwtjo nequissimus ];
|
||||
maintainers = with maintainers; [ edwtjo ];
|
||||
platforms = [ "i686-linux" "x86_64-linux" "aarch64-linux" ];
|
||||
};
|
||||
|
||||
|
|
|
@ -76,7 +76,7 @@ in stdenv.mkDerivation {
|
|||
Certified builds of OpenJDK that can be deployed across multiple
|
||||
operating systems, containers, hypervisors and Cloud platforms.
|
||||
'';
|
||||
maintainers = with maintainers; [ nequissimus fpletz ];
|
||||
maintainers = with maintainers; [ fpletz ];
|
||||
platforms = [ "x86_64-linux" "x86_64-darwin" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -73,7 +73,7 @@ in stdenv.mkDerivation {
|
|||
Certified builds of OpenJDK that can be deployed across multiple
|
||||
operating systems, containers, hypervisors and Cloud platforms.
|
||||
'';
|
||||
maintainers = with maintainers; [ nequissimus fpletz ];
|
||||
maintainers = with maintainers; [ fpletz ];
|
||||
platforms = [ "x86_64-linux" "x86_64-darwin" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
{ self, callPackage, lib }:
|
||||
callPackage ./default.nix {
|
||||
inherit self;
|
||||
version = "2.0.5-2020-08-09";
|
||||
rev = "e296f56";
|
||||
version = "2.0.5-2020-09-27";
|
||||
rev = "e8ec6fe";
|
||||
isStable = true;
|
||||
sha256 = "0g4wvpmmrxj8ir6yi86gg93khy8ri7x4w091jihpxsmn670da21f";
|
||||
sha256 = "0v7g216j0zrjp32nfjqqxzgxgvgbdx89h3x0djbqg3avsgxjwnbk";
|
||||
extraMeta = { # this isn't precise but it at least stops the useless Hydra build
|
||||
platforms = with lib; filter (p: p != "aarch64-linux")
|
||||
(platforms.linux ++ platforms.darwin);
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{ self, callPackage }:
|
||||
callPackage ./default.nix {
|
||||
inherit self;
|
||||
version = "2.1.0-2020-08-27";
|
||||
rev = "ff1e72a";
|
||||
version = "2.1.0-2020-09-30";
|
||||
rev = "e9af1ab";
|
||||
isStable = false;
|
||||
sha256 = "0rlh5y48jbxnamr3a5i3szzh7y9ycvq052rw6m82gdhrb1jlamdz";
|
||||
sha256 = "081vrr4snr1c38cscbq1a8barv7abc9czqqlm4qlbdksa8g32bbj";
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
, enableFFI ? true
|
||||
, enableJIT ? true
|
||||
, enableJITDebugModule ? enableJIT
|
||||
, enableGC64 ? stdenv.hostPlatform.isAarch64
|
||||
, enableGC64 ? true
|
||||
, enable52Compat ? false
|
||||
, enableValgrindSupport ? false
|
||||
, valgrind ? null
|
||||
|
|
|
@ -106,7 +106,7 @@ let
|
|||
name = "php-with-extensions-${version}";
|
||||
inherit (php) version;
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
passthru = {
|
||||
passthru = php.passthru // {
|
||||
buildEnv = mkBuildEnv allArgs allExtensionFunctions;
|
||||
withExtensions = mkWithExtensions allArgs allExtensionFunctions;
|
||||
phpIni = "${phpWithExtensions}/lib/php.ini";
|
||||
|
@ -259,6 +259,7 @@ let
|
|||
passthru = {
|
||||
buildEnv = mkBuildEnv {} [];
|
||||
withExtensions = mkWithExtensions {} [];
|
||||
inherit ztsSupport;
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -2,17 +2,17 @@
|
|||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "wasmtime";
|
||||
version = "0.19.0";
|
||||
version = "0.20.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "bytecodealliance";
|
||||
repo = "${pname}";
|
||||
rev = "v${version}";
|
||||
sha256 = "0gb8xk27ych553b7knflbbks9q64m39v40sdirycm6prqfnfrnm8";
|
||||
sha256 = "01k1fpk2qp4kv0xr4f0xmrjkr98j5ws48r1aks8l80mffs4ynqfr";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
cargoSha256 = "1dqaxpwfm234yjwrhglzvsqhh2fr5nsx7bpk7bmycyk6lml8vxy7";
|
||||
cargoSha256 = "0vghcs1nbxlkmw9wfikzb1ndscx7fkmgv5q8dnfcisl05zpkj7si";
|
||||
|
||||
nativeBuildInputs = [ python cmake clang ];
|
||||
buildInputs = [ llvmPackages.libclang ] ++
|
||||
|
@ -23,7 +23,7 @@ rustPlatform.buildRustPackage rec {
|
|||
|
||||
meta = with lib; {
|
||||
description = "Standalone JIT-style runtime for WebAssembly, using Cranelift";
|
||||
homepage = "https://github.com/CraneStation/wasmtime";
|
||||
homepage = "https://github.com/bytecodealliance/wasmtime";
|
||||
license = licenses.asl20;
|
||||
maintainers = [ maintainers.matthewbauer ];
|
||||
platforms = platforms.unix;
|
||||
|
|
|
@ -29,7 +29,7 @@ in stdenv.mkDerivation rec {
|
|||
|
||||
meta = with stdenv.lib; {
|
||||
description = "An interface to banking tasks, file formats and country information";
|
||||
homepage = "http://www2.aquamaniac.de/sites/download/packages.php?package=03&showall=1";
|
||||
homepage = "https://www.aquamaniac.de/";
|
||||
hydraPlatforms = [];
|
||||
license = licenses.gpl2Plus;
|
||||
maintainers = with maintainers; [ goibhniu ];
|
||||
|
|
|
@ -10,13 +10,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "babl";
|
||||
version = "0.1.80";
|
||||
version = "0.1.82";
|
||||
|
||||
outputs = [ "out" "dev" ];
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://download.gimp.org/pub/babl/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
|
||||
sha256 = "13jgq2i1xkbqw9ijy8sy5iabf5jkviqi0wxlpjcm0n22mwwwqp7p";
|
||||
sha256 = "1iddkwdfw1bmfl6n8y1d4kkm3rb15rzvrfri6a7cnx37mpa96bf6";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
{ stdenv, fetchFromGitHub, cmake, pkgconfig, ispc, tbb, glfw,
|
||||
openimageio, libjpeg, libpng, libpthreadstubs, libX11 }:
|
||||
{ stdenv, lib, fetchFromGitHub, cmake, pkgconfig, ispc, tbb, glfw,
|
||||
openimageio, libjpeg, libpng, libpthreadstubs, libX11, glib }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "embree";
|
||||
version = "3.11.0";
|
||||
version = "3.12.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "embree";
|
||||
repo = "embree";
|
||||
rev = "v${version}";
|
||||
sha256 = "0v5gqi8jp09xxcbyyknji83412bq4l0w35b6hnrqxycgdrnf7hkr";
|
||||
sha256 = "1q06fkfww8z8pcnhaqc4d2zi8hn620i9h9dmpnrfy3azalvizhkq";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
@ -17,6 +17,8 @@ stdenv.mkDerivation rec {
|
|||
sed -i "s|SET(EMBREE_ROOT_DIR .*)|set(EMBREE_ROOT_DIR $out)|" \
|
||||
common/cmake/embree-config.cmake
|
||||
sed -i "s|$""{EMBREE_ROOT_DIR}/||" common/cmake/embree-config.cmake
|
||||
substituteInPlace common/math/math.h --replace 'defined(__MACOSX__) && !defined(__INTEL_COMPILER)' 0
|
||||
substituteInPlace common/math/math.h --replace 'defined(__WIN32__) || defined(__FreeBSD__)' 'defined(__WIN32__) || defined(__FreeBSD__) || defined(__MACOSX__)'
|
||||
'';
|
||||
|
||||
cmakeFlags = [
|
||||
|
@ -24,8 +26,10 @@ stdenv.mkDerivation rec {
|
|||
"-DEMBREE_RAY_MASK=ON"
|
||||
];
|
||||
|
||||
|
||||
nativeBuildInputs = [ ispc pkgconfig cmake ];
|
||||
buildInputs = [ tbb glfw openimageio libjpeg libpng libX11 libpthreadstubs ];
|
||||
buildInputs = [ tbb glfw openimageio libjpeg libpng libX11 libpthreadstubs ]
|
||||
++ lib.optionals stdenv.isDarwin [ glib ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "High performance ray tracing kernels from Intel";
|
||||
|
|
|
@ -4,13 +4,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "libfsm";
|
||||
version = "0.1pre1905_${builtins.substring 0 8 src.rev}";
|
||||
version = "0.1pre2442_${builtins.substring 0 8 src.rev}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "katef";
|
||||
repo = pname;
|
||||
rev = "bd5937fad42b26a86bac1fe3ec49eff73581bd1d";
|
||||
sha256 = "1q3grbmvjnnvc2sshswbd40cc2j2hnwibmljcqx9jqgda0wd6pgv";
|
||||
rev = "9c5095f7364fa464efff6c81fad9b60b19dfcc99";
|
||||
sha256 = "1bs51agvrrwqid0slq2svj2yj7kkjdsnv3xsrk8zmf1jbgza6jrm";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
|
|
@ -2,15 +2,15 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "libminc";
|
||||
version = "2.4.03";
|
||||
version = "unstable-2020-07-17";
|
||||
|
||||
owner = "BIC-MNI";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
inherit owner;
|
||||
repo = pname;
|
||||
rev = "release-${version}";
|
||||
sha256 = "0kpmqs9df836ywsqj749qbsfavf5bnldblxrmnmxqq9pywc8yfrm";
|
||||
rev = "ffb5fb234a852ea7e8da8bb2b3b49f67acbe56ca";
|
||||
sha256 = "0yr4ksghpvxh9zg0a4p7hvln3qirsi08plvjp5kxx2qiyj96zsdm";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
@ -18,7 +18,8 @@ stdenv.mkDerivation rec {
|
|||
'';
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
buildInputs = [ zlib netcdf nifticlib hdf5 ];
|
||||
buildInputs = [ zlib nifticlib ];
|
||||
propagatedBuildInputs = [ netcdf hdf5 ];
|
||||
|
||||
cmakeFlags = [
|
||||
"-DLIBMINC_MINC1_SUPPORT=ON"
|
||||
|
@ -29,17 +30,16 @@ stdenv.mkDerivation rec {
|
|||
doCheck = !stdenv.isDarwin;
|
||||
checkPhase = ''
|
||||
export LD_LIBRARY_PATH="$(pwd)" # see #22060
|
||||
ctest -E 'ezminc_rw_test|minc_conversion' --output-on-failure
|
||||
# ezminc_rw_test can't find libminc_io.so.5.2.0; minc_conversion hits netcdf compilation issue
|
||||
ctest -j1 -E 'ezminc_rw_test' --output-on-failure
|
||||
# -j1: see https://github.com/BIC-MNI/libminc/issues/110
|
||||
# ezminc_rw_test: can't find libminc_io.so.5.2.0
|
||||
'';
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://github.com/${owner}/${pname}";
|
||||
homepage = "https://github.com/BIC-MNI/libminc";
|
||||
description = "Medical imaging library based on HDF5";
|
||||
maintainers = with maintainers; [ bcdarwin ];
|
||||
platforms = platforms.unix;
|
||||
license = licenses.free;
|
||||
license = licenses.free;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -69,7 +69,7 @@ in {
|
|||
};
|
||||
|
||||
libressl_3_1 = generic {
|
||||
version = "3.1.3";
|
||||
sha256 = "184znscbkww65aavy2p4v4xncalp1ni19c2w5yvfq4pnmhb06sy7";
|
||||
version = "3.1.4";
|
||||
sha256 = "1dnbbnr43jashxivnafmh9gnn57c7ayva788ba03z633k6f18k21";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,41 +1,24 @@
|
|||
{ stdenv, fetchurl, autoconf, automake, libtool, libX11, xorgproto
|
||||
, libXi, libXaw, libXmu, libXt }:
|
||||
|
||||
let
|
||||
majorVersion = "1";
|
||||
minorVersion = "3";
|
||||
in
|
||||
{ stdenv, lib, fetchFromGitHub, cmake, libX11, Cocoa, IOKit, Kernel }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "ois";
|
||||
version = "${majorVersion}.${minorVersion}";
|
||||
version = "1.5";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/project/wgois/Source%20Release/${version}/ois_v${majorVersion}-${minorVersion}.tar.gz";
|
||||
sha256 = "18gs6xxhbqb91x2gm95hh1pmakimqim1k9c65h7ah6g14zc7dyjh";
|
||||
src = fetchFromGitHub {
|
||||
owner = "wgois";
|
||||
repo = "OIS";
|
||||
rev = "v${version}";
|
||||
sha256 = "0g8krgq5bdx2rw7ig0xva4kqv4x815672i7z6lljp3n8847wmypa";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchurl {
|
||||
url = "http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-games/ois/files/ois-1.3-gcc47.patch";
|
||||
sha256 = "026jw06n42bcrmg0sbdhzc4cqxsnf7fw30a2z9cigd9x282zhii8";
|
||||
name = "gcc47.patch";
|
||||
})
|
||||
];
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
||||
patchFlags = [ "-p0" ];
|
||||
|
||||
buildInputs = [
|
||||
autoconf automake libtool libX11 xorgproto libXi libXaw
|
||||
libXmu libXt
|
||||
];
|
||||
|
||||
preConfigure = "sh bootstrap";
|
||||
buildInputs = [ libX11 ] ++ lib.optionals stdenv.isDarwin [ Cocoa IOKit Kernel ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Object-oriented C++ input system";
|
||||
maintainers = [ maintainers.raskin ];
|
||||
platforms = platforms.linux;
|
||||
platforms = platforms.unix;
|
||||
license = licenses.zlib;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "libupnp";
|
||||
version = "1.12.0";
|
||||
version = "1.14.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "mrjimenez";
|
||||
repo = "pupnp";
|
||||
rev = "release-${version}";
|
||||
sha256 = "17jhbzx8khz5vbl0lhcipjzgg897p1k2lp5wcc3hiddcfyh05pdj";
|
||||
sha256 = "1wp9sz2ld4g6ak9v59i3s5mbsraxsphi9k91vw9xgrbzfmg8w0a6";
|
||||
};
|
||||
outputs = [ "dev" "out" ];
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
|
|||
nativeBuildInputs = [ cmake ];
|
||||
buildInputs = [ libminc ];
|
||||
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/" ];
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/cmake" ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://github.com/BIC-MNI/${pname}";
|
||||
|
|
|
@ -2,21 +2,24 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bicgl";
|
||||
name = "${pname}-2017-09-10";
|
||||
version = "unstable-2018-04-06";
|
||||
|
||||
owner = "BIC-MNI";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
inherit owner;
|
||||
repo = pname;
|
||||
rev = "b7f7e52d1039d6202a93d9055f516186033656cc";
|
||||
rev = "61a035751c9244fcca1edf94d6566fa2a709ce90";
|
||||
sha256 = "0lzirdi1mf4yl8srq7vjn746sbydz7h0wjh7wy8gycy6hq04qrg4";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
buildInputs = [ libminc bicpl freeglut mesa_glu ];
|
||||
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib" "-DBICPL_DIR=${bicpl}/lib" ];
|
||||
cmakeFlags = [
|
||||
"-DLIBMINC_DIR=${libminc}/lib/cmake"
|
||||
"-DBICPL_DIR=${bicpl}/lib"
|
||||
];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://github.com/${owner}/${pname}";
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bicpl";
|
||||
name = "${pname}-2017-09-10";
|
||||
version = "unstable-2017-09-10";
|
||||
|
||||
owner = "BIC-MNI";
|
||||
|
||||
|
@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
|
|||
nativeBuildInputs = [ cmake ];
|
||||
buildInputs = [ libminc netpbm ];
|
||||
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib" ];
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/cmake" ];
|
||||
|
||||
doCheck = false;
|
||||
# internal_volume_io.h: No such file or directory
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "oobicpl";
|
||||
name = "${pname}-2016-03-02";
|
||||
version = "unstable-2016-03-02";
|
||||
|
||||
owner = "BIC-MNI";
|
||||
|
||||
|
@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
|
|||
nativeBuildInputs = [ cmake ];
|
||||
buildInputs = [ libminc bicpl arguments pcre-cpp ];
|
||||
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib"
|
||||
cmakeFlags = [ "-DLIBMINC_DIR=${libminc}/lib/cmake"
|
||||
"-DBICPL_DIR=${bicpl}/lib"
|
||||
"-DARGUMENTS_DIR=${arguments}/lib"
|
||||
"-DOOBICPL_BUILD_SHARED_LIBS=TRUE" ];
|
||||
|
|
|
@ -1,15 +1,19 @@
|
|||
{ gnustep, lib, fetchFromGitHub , libxml2, openssl_1_1
|
||||
, openldap, mysql, libmysqlclient, postgresql }: with lib; gnustep.stdenv.mkDerivation rec {
|
||||
, openldap, mysql, libmysqlclient, postgresql }:
|
||||
with lib;
|
||||
|
||||
gnustep.stdenv.mkDerivation rec {
|
||||
pname = "sope";
|
||||
version = "5.0.0";
|
||||
version = "5.0.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "inverse-inc";
|
||||
repo = pname;
|
||||
rev = "SOPE-${version}";
|
||||
sha256 = "sha256-7NM9wcyHDSVmjjqu489Ff3iJgl9VM+UBF3XYWoiHHTg=";
|
||||
sha256 = "031m8ydr4jhh29332mfbsw0i5d0cjfqfyfs55jm832dlmv4447gb";
|
||||
};
|
||||
|
||||
hardeningDisable = [ "format" ];
|
||||
nativeBuildInputs = [ gnustep.make ];
|
||||
buildInputs = flatten ([ gnustep.base libxml2 openssl_1_1 ]
|
||||
++ optional (openldap != null) openldap
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
lib.fix (self:
|
||||
let
|
||||
version = "1.2.28";
|
||||
version = "1.2.30";
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
pname = "xmlsec";
|
||||
|
@ -11,7 +11,7 @@ stdenv.mkDerivation {
|
|||
|
||||
src = fetchurl {
|
||||
url = "https://www.aleksey.com/xmlsec/download/xmlsec1-${version}.tar.gz";
|
||||
sha256 = "1m12caglhyx08g8lh2sl3nkldlpryzdx2d572q73y3m33s0w9vhk";
|
||||
sha256 = "1j5bf7ni45jghyrbf7a14wx2pvfara557zyry7g7h8840c5kd11d";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -29,6 +29,7 @@ stdenv.mkDerivation {
|
|||
|
||||
enableParallelBuilding = true;
|
||||
doCheck = true;
|
||||
checkInputs = [ nss.tools ];
|
||||
|
||||
# enable deprecated soap headers required by lasso
|
||||
# https://dev.entrouvert.org/issues/18771
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue