public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into minc_ecosystem

Browse Source
This commit is contained in:
Jörg Thalheim 2018-04-21 20:18:27 +01:00 committed by GitHub
commit f7785dd61c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1387 changed files with 23744 additions and 15838 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
doc/configuration.xml
View File

@ -14,6 +14,8 @@ true:</para>
its <literal>meta.broken</literal> set to its <literal>meta.broken</literal> set to
<literal>true</literal>.</para></listitem> <literal>true</literal>.</para></listitem>
<listitem><para>The package isn't intended to run on the given system, as none of its <literal>meta.platforms</literal> match the given system.</para></listitem>
<listitem><para>The package's <literal>meta.license</literal> is set <listitem><para>The package's <literal>meta.license</literal> is set
to a license which is considered to be unfree.</para></listitem> to a license which is considered to be unfree.</para></listitem>
@ -88,6 +90,42 @@ distributing the software.</para>
</itemizedlist> </itemizedlist>
</section> </section>
<section xml:id="sec-allow-unsupported-system">
<title>Installing packages on unsupported systems</title>
<para>
There are also two ways to try compiling a package which has been marked as unsuported for the given system.
</para>
<itemizedlist>
<listitem><para>
For allowing the build of a broken package once, you can use an environment variable for a single invocation of the nix tools:
<programlisting>$ export NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1</programlisting>
</para></listitem>
<listitem>
<para>
For permanently allowing broken packages to be built, you may add <literal>allowUnsupportedSystem = true;</literal> to your user's configuration file, like this:
<programlisting>
{
allowUnsupportedSystem = true;
}
</programlisting>
</para>
</listitem>
</itemizedlist>
<para>
The difference between an a package being unsupported on some system and being broken is admittedly a bit fuzzy.
If a program <emphasis>ought</emphasis> to work on a certain platform, but doesn't, the platform should be included in <literal>meta.platforms</literal>, but marked as broken with e.g. <literal>meta.broken = !hostPlatform.isWindows</literal>.
Of course, this begs the question of what "ought" means exactly.
That is left to the package maintainer.
</para>
</section>
<section xml:id="sec-allow-unfree"> <section xml:id="sec-allow-unfree">
<title>Installing unfree packages</title> <title>Installing unfree packages</title>

2
doc/languages-frameworks/python.section.md
View File

@ -374,7 +374,7 @@ and `CFLAGS`.
description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms"; description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
homepage = http://hgomersall.github.com/pyFFTW/; homepage = http://hgomersall.github.com/pyFFTW/;
license = with licenses; [ bsd2 bsd3 ]; license = with licenses; [ bsd2 bsd3 ];
maintainer = with maintainers; [ fridh ]; maintainers = with maintainers; [ fridh ];
}; };
}; };
} }

2
lib/systems/default.nix
View File

@ -44,6 +44,8 @@ rec {
}; };
# Misc boolean options # Misc boolean options
useAndroidPrebuilt = false; useAndroidPrebuilt = false;
useiOSPrebuilt = false;
isiPhoneSimulator = false;
} // mapAttrs (n: v: v final.parsed) inspect.predicates } // mapAttrs (n: v: v final.parsed) inspect.predicates
// args; // args;
in assert final.useAndroidPrebuilt -> final.isAndroid; in assert final.useAndroidPrebuilt -> final.isAndroid;

8
lib/systems/parse.nix
View File

@ -34,7 +34,7 @@ rec {
################################################################################ ################################################################################
types.openSignifiantByte = mkOptionType { types.openSignificantByte = mkOptionType {
name = "significant-byte"; name = "significant-byte";
description = "Endianness"; description = "Endianness";
merge = mergeOneOption; merge = mergeOneOption;
@ -42,7 +42,7 @@ rec {
types.significantByte = enum (attrValues significantBytes); types.significantByte = enum (attrValues significantBytes);
significantBytes = setTypes types.openSignifiantByte { significantBytes = setTypes types.openSignificantByte {
bigEndian = {}; bigEndian = {};
littleEndian = {}; littleEndian = {};
}; };
@ -201,7 +201,7 @@ rec {
################################################################################ ################################################################################
types.system = mkOptionType { types.parsedPlatform = mkOptionType {
name = "system"; name = "system";
description = "fully parsed representation of llvm- or nix-style platform tuple"; description = "fully parsed representation of llvm- or nix-style platform tuple";
merge = mergeOneOption; merge = mergeOneOption;
@ -215,7 +215,7 @@ rec {
isSystem = isType "system"; isSystem = isType "system";
mkSystem = components: mkSystem = components:
assert types.system.check components; assert types.parsedPlatform.check components;
setType "system" components; setType "system" components;
mkSkeletonFromList = l: { mkSkeletonFromList = l: {

35
maintainers/maintainer-list.nix
View File

@ -305,6 +305,11 @@
github = "akru"; github = "akru";
name = "Alexander Krupenkin "; name = "Alexander Krupenkin ";
}; };
alexchapman = {
name = "Alex Chapman";
email = "alex@farfromthere.net";
github = "AJChapman";
};
alexvorobiev = { alexvorobiev = {
email = "alexander.vorobiev@gmail.com"; email = "alexander.vorobiev@gmail.com";
github = "alexvorobiev"; github = "alexvorobiev";
@ -582,6 +587,11 @@
github = "bergey"; github = "bergey";
name = "Daniel Bergey"; name = "Daniel Bergey";
}; };
bfortz = {
email = "bernard.fortz@gmail.com";
github = "bfortz";
name = "Bernard Fortz";
};
bgamari = { bgamari = {
email = "ben@smart-cactus.org"; email = "ben@smart-cactus.org";
github = "bgamari"; github = "bgamari";
@ -1897,6 +1907,11 @@
email = "info+nix@chmist.com"; email = "info+nix@chmist.com";
name = "karolchmist"; name = "karolchmist";
}; };
kazcw = {
email = "kaz@lambdaverse.org";
github = "kazcw";
name = "Kaz Wesley";
};
kentjames = { kentjames = {
email = "jameschristopherkent@gmail.com"; email = "jameschristopherkent@gmail.com";
github = "kentjames"; github = "kentjames";
@ -1961,6 +1976,11 @@
github = "kragniz"; github = "kragniz";
name = "Louis Taylor"; name = "Louis Taylor";
}; };
krav = {
email = "kristoffer@microdisko.no";
github = "krav";
name = "Kristoffer Thømt Ravneberg";
};
kristoff3r = { kristoff3r = {
email = "k.soeholm@gmail.com"; email = "k.soeholm@gmail.com";
github = "kristoff3r"; github = "kristoff3r";
@ -3401,6 +3421,11 @@
github = "grwlf"; github = "grwlf";
name = "Sergey Mironov"; name = "Sergey Mironov";
}; };
sna = {
email = "abouzahra.9@wright.edu";
github = "s-na";
name = "S. Nordin Abouzahra";
};
snyh = { snyh = {
email = "snyh@snyh.org"; email = "snyh@snyh.org";
github = "snyh"; github = "snyh";
@ -3446,6 +3471,11 @@
github = "spwhitt"; github = "spwhitt";
name = "Spencer Whitt"; name = "Spencer Whitt";
}; };
srghma = {
email = "srghma@gmail.com";
github = "srghma";
name = "Sergei Khoma";
};
srhb = { srhb = {
email = "sbrofeldt@gmail.com"; email = "sbrofeldt@gmail.com";
github = "srhb"; github = "srhb";
@ -3755,6 +3785,11 @@
github = "twey"; github = "twey";
name = "James Twey Kay"; name = "James Twey Kay";
}; };
typetetris = {
email = "ericwolf42@mail.com";
github = "typetetris";
name = "Eric Wolf";
};
unode = { unode = {
email = "alves.rjc@gmail.com"; email = "alves.rjc@gmail.com";
github = "unode"; github = "unode";

18
nixos/doc/manual/installation/installing.xml
View File

@ -115,23 +115,17 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif
<varlistentry><term>UEFI systems</term> <varlistentry><term>UEFI systems</term>
<listitem><para>For creating boot partitions: <listitem><para>For creating boot partitions:
<command>mkfs.fat</command>. Again its recommended to assign a <command>mkfs.fat</command>. Again its recommended to assign a
label to the boot partition: <option>-L label to the boot partition: <option>-n
<replaceable>label</replaceable></option>. For example: <replaceable>label</replaceable></option>. For example:
<screen> <screen>
# mkfs.fat -F 32 -L boot /dev/sda3</screen> # mkfs.fat -F 32 -n boot /dev/sda3</screen>
</para></listitem></varlistentry></variablelist></listitem> </para></listitem></varlistentry></variablelist></listitem>
<listitem><para>For creating LVM volumes, the LVM commands, e.g., <listitem><para>For creating LVM volumes, the LVM commands, e.g.,
<command>pvcreate</command>, <command>vgcreate</command>, and
<screen> <command>lvcreate</command>.</para></listitem>
# pvcreate /dev/sda1 /dev/sdb1
# vgcreate MyVolGroup /dev/sda1 /dev/sdb1
# lvcreate --size 2G --name bigdisk MyVolGroup
# lvcreate --size 1G --name smalldisk MyVolGroup</screen>
</para></listitem>
<listitem><para>For creating software RAID devices, use <listitem><para>For creating software RAID devices, use
<command>mdadm</command>.</para></listitem> <command>mdadm</command>.</para></listitem>
@ -155,6 +149,7 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif
<listitem><para>Mount the boot file system on <filename>/mnt/boot</filename>, e.g. <listitem><para>Mount the boot file system on <filename>/mnt/boot</filename>, e.g.
<screen> <screen>
# mkdir -p /mnt/boot
# mount /dev/disk/by-label/boot /mnt/boot # mount /dev/disk/by-label/boot /mnt/boot
</screen> </screen>
@ -366,8 +361,9 @@ drive (here <filename>/dev/sda</filename>). <xref linkend="ex-config"
# mkfs.ext4 -L nixos /dev/sda1 # mkfs.ext4 -L nixos /dev/sda1
# mkswap -L swap /dev/sda2 # mkswap -L swap /dev/sda2
# swapon /dev/sda2 # swapon /dev/sda2
# mkfs.fat -F 32 -L boot /dev/sda3 # <lineannotation>(for UEFI systems only)</lineannotation> # mkfs.fat -F 32 -n boot /dev/sda3 # <lineannotation>(for UEFI systems only)</lineannotation>
# mount /dev/disk/by-label/nixos /mnt # mount /dev/disk/by-label/nixos /mnt
# mkdir -p /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation>
# mount /dev/disk/by-label/boot /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation> # mount /dev/disk/by-label/boot /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation>
# nixos-generate-config --root /mnt # nixos-generate-config --root /mnt
# nano /mnt/etc/nixos/configuration.nix # nano /mnt/etc/nixos/configuration.nix

6
nixos/doc/manual/man-nixos-build-vms.xml
View File

@ -40,7 +40,7 @@ points to the generated virtual network.
test1 = {pkgs, config, ...}: test1 = {pkgs, config, ...}:
{ {
services.openssh.enable = true; services.openssh.enable = true;
nixpkgs.system = "i686-linux"; nixpkgs.localSystem.system = "i686-linux";
deployment.targetHost = "test1.example.net"; deployment.targetHost = "test1.example.net";
# Other NixOS options # Other NixOS options
@ -51,7 +51,7 @@ points to the generated virtual network.
services.openssh.enable = true; services.openssh.enable = true;
services.httpd.enable = true; services.httpd.enable = true;
environment.systemPackages = [ pkgs.lynx ]; environment.systemPackages = [ pkgs.lynx ];
nixpkgs.system = "x86_64-linux"; nixpkgs.localSystem.system = "x86_64-linux";
deployment.targetHost = "test2.example.net"; deployment.targetHost = "test2.example.net";
# Other NixOS options # Other NixOS options
@ -66,7 +66,7 @@ In each NixOS configuration, two attributes have a special meaning.
The <varname>deployment.targetHost</varname> specifies the address The <varname>deployment.targetHost</varname> specifies the address
(domain name or IP address) (domain name or IP address)
of the system which is used by <command>ssh</command> to perform of the system which is used by <command>ssh</command> to perform
remote deployment operations. The <varname>nixpkgs.system</varname> remote deployment operations. The <varname>nixpkgs.localSystem.system</varname>
attribute can be used to specify an architecture for the target machine, attribute can be used to specify an architecture for the target machine,
such as <varname>i686-linux</varname> which builds a 32-bit NixOS such as <varname>i686-linux</varname> which builds a 32-bit NixOS
configuration. Omitting this property will build the configuration configuration. Omitting this property will build the configuration

4
nixos/lib/eval-config.nix
View File

@ -26,7 +26,7 @@
, lib ? import ../../lib , lib ? import ../../lib
}: }:
let extraArgs_ = extraArgs; pkgs_ = pkgs; system_ = system; let extraArgs_ = extraArgs; pkgs_ = pkgs;
extraModules = let e = builtins.getEnv "NIXOS_EXTRA_MODULE_PATH"; extraModules = let e = builtins.getEnv "NIXOS_EXTRA_MODULE_PATH";
in if e == "" then [] else [(import (builtins.toPath e))]; in if e == "" then [] else [(import (builtins.toPath e))];
in in
@ -36,7 +36,7 @@ let
_file = ./eval-config.nix; _file = ./eval-config.nix;
key = _file; key = _file;
config = { config = {
nixpkgs.system = lib.mkDefault system_; nixpkgs.localSystem = lib.mkDefault { inherit system; };
_module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_); _module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_);
}; };
}; };

15
nixos/lib/make-ext4-fs.nix
View File

@ -7,23 +7,22 @@
, volumeLabel , volumeLabel
}: }:
let
sdClosureInfo = pkgs.closureInfo { rootPaths = storePaths; };
in
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
name = "ext4-fs.img"; name = "ext4-fs.img";
nativeBuildInputs = with pkgs; [e2fsprogs libfaketime perl]; nativeBuildInputs = with pkgs; [e2fsprogs libfaketime perl];
# For obtaining the closure of `storePaths'.
exportReferencesGraph =
map (x: [("closure-" + baseNameOf x) x]) storePaths;
buildCommand = buildCommand =
'' ''
# Add the closures of the top-level store objects. # Add the closures of the top-level store objects.
storePaths=$(perl ${pkgs.pathsFromGraph} closure-*) storePaths=$(cat ${sdClosureInfo}/store-paths)
# Also include a manifest of the closures in a format suitable # Also include a manifest of the closures in a format suitable for nix-store --load-db.
# for nix-store --load-db. cp ${sdClosureInfo}/registration nix-path-registration
printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > nix-path-registration
# Make a crude approximation of the size of the target image. # Make a crude approximation of the size of the target image.
# If the script starts failing, increase the fudge factors here. # If the script starts failing, increase the fudge factors here.

2
nixos/lib/test-driver/Machine.pm
View File

@ -612,7 +612,7 @@ sub waitForX {
my ($self, $regexp) = @_; my ($self, $regexp) = @_;
$self->nest("waiting for the X11 server", sub { $self->nest("waiting for the X11 server", sub {
retry sub { retry sub {
my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'session opened'"); my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'Reached target Current graphical'");
return 0 if $status != 0; return 0 if $status != 0;
($status, $out) = $self->execute("[ -e /tmp/.X11-unix/X0 ]"); ($status, $out) = $self->execute("[ -e /tmp/.X11-unix/X0 ]");
return 1 if $status == 0; return 1 if $status == 0;

4
nixos/lib/testing.nix
View File

@ -111,6 +111,8 @@ in rec {
ocrProg = tesseract_4.override { enableLanguages = [ "eng" ]; }; ocrProg = tesseract_4.override { enableLanguages = [ "eng" ]; };
imagemagick_tiff = imagemagick_light.override { inherit libtiff; };
# Generate onvenience wrappers for running the test driver # Generate onvenience wrappers for running the test driver
# interactively with the specified network, and for starting the # interactively with the specified network, and for starting the
# VMs from the command line. # VMs from the command line.
@ -128,7 +130,7 @@ in rec {
wrapProgram $out/bin/nixos-test-driver \ wrapProgram $out/bin/nixos-test-driver \
--add-flags "''${vms[*]}" \ --add-flags "''${vms[*]}" \
${lib.optionalString enableOCR ${lib.optionalString enableOCR
"--prefix PATH : '${ocrProg}/bin:${imagemagick}/bin'"} \ "--prefix PATH : '${ocrProg}/bin:${imagemagick_tiff}/bin'"} \
--run "export testScript=\"\$(cat $out/test-script)\"" \ --run "export testScript=\"\$(cat $out/test-script)\"" \
--set VLANS '${toString vlans}' --set VLANS '${toString vlans}'
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms

2
nixos/modules/config/pulseaudio.nix
View File

@ -214,6 +214,8 @@ in {
(mkIf cfg.enable { (mkIf cfg.enable {
environment.systemPackages = [ overriddenPackage ]; environment.systemPackages = [ overriddenPackage ];
sound.enable = true;
environment.etc = [ environment.etc = [
{ target = "asound.conf"; { target = "asound.conf";
source = alsaConf; } source = alsaConf; }

2
nixos/modules/config/users-groups.nix
View File

@ -92,7 +92,7 @@ let
group = mkOption { group = mkOption {
type = types.str; type = types.str;
apply = x: assert (builtins.stringLength x < 17 || abort "Group name '${x}' is longer than 16 characters which is not allowed!"); x; apply = x: assert (builtins.stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x;
default = "nogroup"; default = "nogroup";
description = "The user's primary group."; description = "The user's primary group.";
}; };

20
nixos/modules/hardware/opengl.nix
View File

@ -14,7 +14,6 @@ let
name = "mesa-drivers+txc-${p.mesa_drivers.version}"; name = "mesa-drivers+txc-${p.mesa_drivers.version}";
paths = paths =
[ p.mesa_drivers [ p.mesa_drivers
p.mesa_drivers.out # mainly for libGL
(if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc) (if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc)
]; ];
}; };
@ -33,7 +32,9 @@ in
{ {
options = { options = {
hardware.opengl.enable = mkOption {
hardware.opengl = {
enable = mkOption {
description = '' description = ''
Whether to enable OpenGL drivers. This is needed to enable Whether to enable OpenGL drivers. This is needed to enable
OpenGL support in X11 systems, as well as for Wayland compositors OpenGL support in X11 systems, as well as for Wayland compositors
@ -47,7 +48,7 @@ in
default = false; default = false;
}; };
hardware.opengl.driSupport = mkOption { driSupport = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = ''
@ -56,7 +57,7 @@ in
''; '';
}; };
hardware.opengl.driSupport32Bit = mkOption { driSupport32Bit = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
@ -68,7 +69,7 @@ in
''; '';
}; };
hardware.opengl.s3tcSupport = mkOption { s3tcSupport = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
@ -79,7 +80,7 @@ in
''; '';
}; };
hardware.opengl.package = mkOption { package = mkOption {
type = types.package; type = types.package;
internal = true; internal = true;
description = '' description = ''
@ -87,7 +88,7 @@ in
''; '';
}; };
hardware.opengl.package32 = mkOption { package32 = mkOption {
type = types.package; type = types.package;
internal = true; internal = true;
description = '' description = ''
@ -97,7 +98,7 @@ in
''; '';
}; };
hardware.opengl.extraPackages = mkOption { extraPackages = mkOption {
type = types.listOf types.package; type = types.listOf types.package;
default = []; default = [];
example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]"; example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]";
@ -107,7 +108,7 @@ in
''; '';
}; };
hardware.opengl.extraPackages32 = mkOption { extraPackages32 = mkOption {
type = types.listOf types.package; type = types.listOf types.package;
default = []; default = [];
example = literalExample "with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]"; example = literalExample "with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
@ -117,6 +118,7 @@ in
set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc. set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
''; '';
}; };
};
}; };

11
nixos/modules/hardware/video/nvidia.nix
View File

@ -25,13 +25,6 @@ let
nvidia_x11 = nvidiaForKernel config.boot.kernelPackages; nvidia_x11 = nvidiaForKernel config.boot.kernelPackages;
nvidia_libs32 = (nvidiaForKernel pkgs_i686.linuxPackages).override { libsOnly = true; kernel = null; }; nvidia_libs32 = (nvidiaForKernel pkgs_i686.linuxPackages).override { libsOnly = true; kernel = null; };
nvidiaPackage = nvidia: pkgs:
if !nvidia.useGLVND then nvidia.out
else pkgs.buildEnv {
name = "nvidia-libs";
paths = [ pkgs.libglvnd nvidia.out ];
};
enabled = nvidia_x11 != null; enabled = nvidia_x11 != null;
in in
@ -57,8 +50,8 @@ in
source = "${nvidia_x11.bin}/share/nvidia/nvidia-application-profiles-rc"; source = "${nvidia_x11.bin}/share/nvidia/nvidia-application-profiles-rc";
}; };
hardware.opengl.package = nvidiaPackage nvidia_x11 pkgs; hardware.opengl.package = nvidia_x11.out;
hardware.opengl.package32 = nvidiaPackage nvidia_libs32 pkgs_i686; hardware.opengl.package32 = nvidia_libs32.out;
environment.systemPackages = [ nvidia_x11.bin nvidia_x11.settings ] environment.systemPackages = [ nvidia_x11.bin nvidia_x11.settings ]
++ lib.filter (p: p != null) [ nvidia_x11.persistenced ]; ++ lib.filter (p: p != null) [ nvidia_x11.persistenced ];

2
nixos/modules/installer/cd-dvd/channel.nix
View File

@ -21,7 +21,9 @@ let
if [ ! -e $out/nixos/nixpkgs ]; then if [ ! -e $out/nixos/nixpkgs ]; then
ln -s . $out/nixos/nixpkgs ln -s . $out/nixos/nixpkgs
fi fi
echo -n ${config.system.nixos.revision} > $out/nixos/.git-revision
echo -n ${config.system.nixos.versionSuffix} > $out/nixos/.version-suffix echo -n ${config.system.nixos.versionSuffix} > $out/nixos/.version-suffix
echo ${config.system.nixos.versionSuffix} | sed -e s/pre// > $out/nixos/svn-revision
''; '';
in in

8
nixos/modules/installer/tools/nix-fallback-paths.nix
View File

@ -1,6 +1,6 @@
{ {
x86_64-linux = "/nix/store/6p2gambjac7xdkd2a7w1dsxdk1q5cq4d-nix-2.0"; x86_64-linux = "/nix/store/2gk7rk2sx2dkmsjr59gignrfdmya8f6s-nix-2.0.1";
i686-linux = "/nix/store/zznnaijjk3nwx0cmpczxsvngmqzhl7r4-nix-2.0"; i686-linux = "/nix/store/5160glkphiv13qggnivyidg8r0491pbl-nix-2.0.1";
aarch64-linux = "/nix/store/ci96w9kxfkmlc7x2vwqiz4da0r6abxnq-nix-2.0"; aarch64-linux = "/nix/store/jk29zz3ns9vdkkclcyzzkpzp8dhv1x3i-nix-2.0.1";
x86_64-darwin = "/nix/store/xmi4fylvx4qc79ji9v5q3zfy9vfdy4sv-nix-2.0"; x86_64-darwin = "/nix/store/4a9czmrpd4hf3r80zcmga2c2lm3hbbvv-nix-2.0.1";
} }

1
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -585,7 +585,6 @@ $bootLoaderConfig
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
# programs.bash.enableCompletion = true;
# programs.mtr.enable = true; # programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

4
nixos/modules/misc/ids.nix
View File

@ -56,7 +56,7 @@
#dialout = 27; # unused #dialout = 27; # unused
polkituser = 28; polkituser = 28;
#utmp = 29; # unused #utmp = 29; # unused
ddclient = 30; # ddclient = 30; # converted to DynamicUser = true
davfs2 = 31; davfs2 = 31;
#disnix = 33; # unused #disnix = 33; # unused
osgi = 34; osgi = 34;
@ -344,7 +344,7 @@
dialout = 27; dialout = 27;
#polkituser = 28; # currently unused, polkitd doesn't need a group #polkituser = 28; # currently unused, polkitd doesn't need a group
utmp = 29; utmp = 29;
ddclient = 30; # ddclient = 30; # converted to DynamicUser = true
davfs2 = 31; davfs2 = 31;
disnix = 33; disnix = 33;
osgi = 34; osgi = 34;

15
nixos/modules/misc/locate.nix
View File

@ -133,13 +133,26 @@ in {
systemd.services.update-locatedb = systemd.services.update-locatedb =
{ description = "Update Locate Database"; { description = "Update Locate Database";
path = mkIf (!isMLocate) [ pkgs.su ]; path = mkIf (!isMLocate) [ pkgs.su ];
# mlocate's updatedb takes flags via a configuration file or
# on the command line, but not by environment variable.
script = script =
if isMLocate
then let toFlags = x: optional (cfg.${x} != [])
"--${lib.toLower x} '${concatStringsSep " " cfg.${x}}'";
args = concatLists (map toFlags ["pruneFS" "pruneNames" "prunePaths"]);
in ''
exec ${cfg.locate}/bin/updatedb \
--output ${toString cfg.output} ${concatStringsSep " " args} \
--prune-bind-mounts ${if cfg.pruneBindMounts then "yes" else "no"} \
${concatStringsSep " " cfg.extraFlags}
'' ''
else ''
exec ${cfg.locate}/bin/updatedb \ exec ${cfg.locate}/bin/updatedb \
${optionalString (cfg.localuser != null && ! isMLocate) ''--localuser=${cfg.localuser}''} \ ${optionalString (cfg.localuser != null && ! isMLocate) ''--localuser=${cfg.localuser}''} \
--output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags} --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
''; '';
environment = { environment = optionalAttrs (!isMLocate) {
PRUNEFS = concatStringsSep " " cfg.pruneFS; PRUNEFS = concatStringsSep " " cfg.pruneFS;
PRUNEPATHS = concatStringsSep " " cfg.prunePaths; PRUNEPATHS = concatStringsSep " " cfg.prunePaths;
PRUNENAMES = concatStringsSep " " cfg.pruneNames; PRUNENAMES = concatStringsSep " " cfg.pruneNames;

69
nixos/modules/misc/nixpkgs.nix
View File

@ -58,10 +58,13 @@ in
pkgs = mkOption { pkgs = mkOption {
defaultText = literalExample defaultText = literalExample
''import "''${nixos}/.." { ''import "''${nixos}/.." {
inherit (config.nixpkgs) config overlays system; inherit (config.nixpkgs) config overlays localSystem crossSystem;
} }
''; '';
default = import ../../.. { inherit (cfg) config overlays system crossSystem; }; default = import ../../.. {
localSystem = { inherit (cfg) system; } // cfg.localSystem;
inherit (cfg) config overlays crossSystem;
};
type = pkgsType; type = pkgsType;
example = literalExample ''import <nixpkgs> {}''; example = literalExample ''import <nixpkgs> {}'';
description = '' description = ''
@ -73,8 +76,9 @@ in
relative to the location of this NixOS module, because relative to the location of this NixOS module, because
NixOS and Nixpkgs are distributed together for consistency, NixOS and Nixpkgs are distributed together for consistency,
so the <code>nixos</code> in the default value is in fact a so the <code>nixos</code> in the default value is in fact a
relative path. The <code>config</code>, <code>overlays</code> relative path. The <code>config</code>, <code>overlays</code>,
and <code>system</code> come from this option's siblings. <code>localSystem</code>, and <code>crossSystem</code> come
from this option's siblings.
This option can be used by applications like NixOps to increase This option can be used by applications like NixOps to increase
the performance of evaluation, or to create packages that depend the performance of evaluation, or to create packages that depend
@ -130,13 +134,40 @@ in
''; '';
}; };
crossSystem = mkOption { localSystem = mkOption {
type = types.nullOr types.attrs; type = types.attrs; # TODO utilize lib.systems.parsedPlatform
default = null; default = { system = builtins.currentSystem; };
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
defaultText = literalExample
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
description = '' description = ''
The description of the system we're cross-compiling to, or null Specifies the platform on which NixOS should be built. When
if this isn't a cross-compile. See the description of the <code>nixpkgs.crossSystem</code> is unset, it also specifies
crossSystem argument in the nixpkgs manual. the platform <emphasis>for</emphasis> which NixOS should be
built. If this option is unset, it defaults to the platform
type of the machine where evaluation happens. Specifying this
option is useful when doing distributed multi-platform
deployment, or when building virtual machines. See its
description in the Nixpkgs manual for more details.
Ignored when <code>nixpkgs.pkgs</code> is set.
'';
};
crossSystem = mkOption {
type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform
default = null;
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
defaultText = literalExample
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
description = ''
Specifies the platform for which NixOS should be
built. Specify this only if it is different from
<code>nixpkgs.localSystem</code>, the platform
<emphasis>on</emphasis> which NixOS should be built. In other
words, specify this to cross-compile NixOS. Otherwise it
should be set as null, the default. See its description in the
Nixpkgs manual for more details.
Ignored when <code>nixpkgs.pkgs</code> is set. Ignored when <code>nixpkgs.pkgs</code> is set.
''; '';
@ -146,10 +177,20 @@ in
type = types.str; type = types.str;
example = "i686-linux"; example = "i686-linux";
description = '' description = ''
Specifies the Nix platform type for which NixOS should be built. Specifies the Nix platform type on which NixOS should be built.
If unset, it defaults to the platform type of your host system. It is better to specify <code>nixpkgs.localSystem</code> instead.
Specifying this option is useful when doing distributed <programlisting>
multi-platform deployment, or when building virtual machines. {
nixpkgs.system = ..;
}
</programlisting>
is the same as
<programlisting>
{
nixpkgs.localSystem.system = ..;
}
</programlisting>
See <code>nixpkgs.localSystem</code> for more information.
Ignored when <code>nixpkgs.pkgs</code> is set. Ignored when <code>nixpkgs.pkgs</code> is set.
''; '';

5
nixos/modules/module-list.nix
View File

@ -166,6 +166,7 @@
./services/backup/crashplan-small-business.nix ./services/backup/crashplan-small-business.nix
./services/backup/mysql-backup.nix ./services/backup/mysql-backup.nix
./services/backup/postgresql-backup.nix ./services/backup/postgresql-backup.nix
./services/backup/restic.nix
./services/backup/rsnapshot.nix ./services/backup/rsnapshot.nix
./services/backup/tarsnap.nix ./services/backup/tarsnap.nix
./services/backup/znapzend.nix ./services/backup/znapzend.nix
@ -366,6 +367,7 @@
./services/misc/ripple-data-api.nix ./services/misc/ripple-data-api.nix
./services/misc/rogue.nix ./services/misc/rogue.nix
./services/misc/serviio.nix ./services/misc/serviio.nix
./services/misc/safeeyes.nix
./services/misc/siproxd.nix ./services/misc/siproxd.nix
./services/misc/snapper.nix ./services/misc/snapper.nix
./services/misc/sonarr.nix ./services/misc/sonarr.nix
@ -532,7 +534,7 @@
./services/networking/prayer.nix ./services/networking/prayer.nix
./services/networking/privoxy.nix ./services/networking/privoxy.nix
./services/networking/prosody.nix ./services/networking/prosody.nix
# ./services/networking/quagga.nix ./services/networking/quagga.nix
./services/networking/quassel.nix ./services/networking/quassel.nix
./services/networking/racoon.nix ./services/networking/racoon.nix
./services/networking/radicale.nix ./services/networking/radicale.nix
@ -546,6 +548,7 @@
./services/networking/searx.nix ./services/networking/searx.nix
./services/networking/seeks.nix ./services/networking/seeks.nix
./services/networking/skydns.nix ./services/networking/skydns.nix
./services/networking/shadowsocks.nix
./services/networking/shairport-sync.nix ./services/networking/shairport-sync.nix
./services/networking/shout.nix ./services/networking/shout.nix
./services/networking/sniproxy.nix ./services/networking/sniproxy.nix

2
nixos/modules/programs/bash/bash.nix
View File

@ -110,7 +110,7 @@ in
}; };
enableCompletion = mkOption { enableCompletion = mkOption {
default = false; default = true;
description = '' description = ''
Enable Bash completion for all interactive bash shells. Enable Bash completion for all interactive bash shells.
''; '';

2
nixos/modules/rename.nix
View File

@ -23,6 +23,8 @@ with lib;
(config: (config:
let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config; let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config;
in if enabled then [ pkgs.gutenprint ] else [ ])) in if enabled then [ pkgs.gutenprint ] else [ ]))
(mkRenamedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ])
(mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "")
(mkRenamedOptionModule [ "services" "elasticsearch" "host" ] [ "services" "elasticsearch" "listenAddress" ]) (mkRenamedOptionModule [ "services" "elasticsearch" "host" ] [ "services" "elasticsearch" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "api" "host" ] [ "services" "graphite" "api" "listenAddress" ]) (mkRenamedOptionModule [ "services" "graphite" "api" "host" ] [ "services" "graphite" "api" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "web" "host" ] [ "services" "graphite" "web" "listenAddress" ]) (mkRenamedOptionModule [ "services" "graphite" "web" "host" ] [ "services" "graphite" "web" "listenAddress" ])

47
nixos/modules/security/acme.nix
View File

@ -240,6 +240,7 @@ in
}; };
selfsignedService = { selfsignedService = {
description = "Create preliminary self-signed certificate for ${cert}"; description = "Create preliminary self-signed certificate for ${cert}";
path = [ pkgs.openssl ];
preStart = '' preStart = ''
if [ ! -d '${cpath}' ] if [ ! -d '${cpath}' ]
then then
@ -250,37 +251,41 @@ in
''; '';
script = script =
'' ''
# Create self-signed key workdir="$(mktemp -d)"
workdir="/run/acme-selfsigned-${cert}"
${pkgs.openssl.bin}/bin/openssl genrsa -des3 -passout pass:x -out $workdir/server.pass.key 2048 # Create CA
${pkgs.openssl.bin}/bin/openssl rsa -passin pass:x -in $workdir/server.pass.key -out $workdir/server.key openssl genrsa -des3 -passout pass:x -out $workdir/ca.pass.key 2048
${pkgs.openssl.bin}/bin/openssl req -new -key $workdir/server.key -out $workdir/server.csr \ openssl rsa -passin pass:x -in $workdir/ca.pass.key -out $workdir/ca.key
openssl req -new -key $workdir/ca.key -out $workdir/ca.csr \
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=Security Department/CN=example.com"
openssl x509 -req -days 1 -in $workdir/ca.csr -signkey $workdir/ca.key -out $workdir/ca.crt
# Create key
openssl genrsa -des3 -passout pass:x -out $workdir/server.pass.key 2048
openssl rsa -passin pass:x -in $workdir/server.pass.key -out $workdir/server.key
openssl req -new -key $workdir/server.key -out $workdir/server.csr \
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com" -subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com"
${pkgs.openssl.bin}/bin/openssl x509 -req -days 1 -in $workdir/server.csr -signkey $workdir/server.key -out $workdir/server.crt openssl x509 -req -days 1 -in $workdir/server.csr -CA $workdir/ca.crt \
-CAkey $workdir/ca.key -CAserial $workdir/ca.srl -CAcreateserial \
-out $workdir/server.crt
# Move key to destination # Copy key to destination
mv $workdir/server.key ${cpath}/key.pem cp $workdir/server.key ${cpath}/key.pem
mv $workdir/server.crt ${cpath}/fullchain.pem
# Create full.pem for e.g. lighttpd (same format as "simp_le ... -f full.pem" creates) # Create fullchain.pem (same format as "simp_le ... -f fullchain.pem" creates)
cat "${cpath}/key.pem" "${cpath}/fullchain.pem" > "${cpath}/full.pem" cat $workdir/{server.crt,ca.crt} > "${cpath}/fullchain.pem"
# Clean up working directory # Create full.pem for e.g. lighttpd
rm $workdir/server.csr cat $workdir/{server.key,server.crt,ca.crt} > "${cpath}/full.pem"
rm $workdir/server.pass.key
# Give key acme permissions # Give key acme permissions
chmod ${rights} '${cpath}/key.pem' chown '${data.user}:${data.group}' "${cpath}/"{key,fullchain,full}.pem
chown '${data.user}:${data.group}' '${cpath}/key.pem' chmod ${rights} "${cpath}/"{key,fullchain,full}.pem
chmod ${rights} '${cpath}/fullchain.pem'
chown '${data.user}:${data.group}' '${cpath}/fullchain.pem'
chmod ${rights} '${cpath}/full.pem'
chown '${data.user}:${data.group}' '${cpath}/full.pem'
''; '';
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RuntimeDirectory = "acme-selfsigned-${cert}";
PermissionsStartOnly = true; PermissionsStartOnly = true;
PrivateTmp = true;
User = data.user; User = data.user;
Group = data.group; Group = data.group;
}; };

2
nixos/modules/security/wrappers/wrapper.c
View File

@ -10,8 +10,8 @@
#include <errno.h> #include <errno.h>
#include <linux/capability.h> #include <linux/capability.h>
#include <sys/capability.h> #include <sys/capability.h>
#include <linux/prctl.h>
#include <sys/prctl.h> #include <sys/prctl.h>
#include <limits.h>
#include <cap-ng.h> #include <cap-ng.h>
// Make sure assertions are not compiled out, we use them to codify // Make sure assertions are not compiled out, we use them to codify

150
nixos/modules/services/backup/restic.nix Normal file
View File

@ -0,0 +1,150 @@
{ config, lib, pkgs, ... }:
with lib;
{
options.services.restic.backups = mkOption {
description = ''
Periodic backups to create with Restic.
'';
type = types.attrsOf (types.submodule ({ name, config, ... }: {
options = {
passwordFile = mkOption {
type = types.str;
description = ''
Read the repository password from a file.
'';
example = "/etc/nixos/restic-password";
};
repository = mkOption {
type = types.str;
description = ''
repository to backup to.
'';
example = "sftp:backup@192.168.1.100:/backups/${name}";
};
paths = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Which paths to backup.
'';
example = [
"/var/lib/postgresql"
"/home/user/backup"
];
};
timerConfig = mkOption {
type = types.attrsOf types.str;
default = {
OnCalendar = "daily";
};
description = ''
When to run the backup. See man systemd.timer for details.
'';
example = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
};
user = mkOption {
type = types.str;
default = "root";
description = ''
As which user the backup should run.
'';
example = "postgresql";
};
extraBackupArgs = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra arguments passed to restic backup.
'';
example = [
"--exclude-file=/etc/nixos/restic-ignore"
];
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra extended options to be passed to the restic --option flag.
'';
example = [
"sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp'"
];
};
initialize = mkOption {
type = types.bool;
default = false;
description = ''
Create the repository if it doesn't exist.
'';
};
};
}));
default = {};
example = {
localbackup = {
paths = [ "/home" ];
repository = "/mnt/backup-hdd";
passwordFile = "/etc/nixos/secrets/restic-password";
initialize = true;
};
remotebackup = {
paths = [ "/home" ];
repository = "sftp:backup@host:/backups/home";
passwordFile = "/etc/nixos/secrets/restic-password";
extraOptions = [
"sftp.command='ssh backup@host -i /etc/nixos/secrets/backup-private-key -s sftp'"
];
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
};
};
};
config = {
systemd.services =
mapAttrs' (name: backup:
let
extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions;
connectTo = elemAt (splitString ":" backup.repository) 1;
resticCmd = "${pkgs.restic}/bin/restic${extraOptions}";
in nameValuePair "restic-backups-${name}" ({
environment = {
RESTIC_PASSWORD_FILE = backup.passwordFile;
RESTIC_REPOSITORY = backup.repository;
};
path = with pkgs; [
openssh
];
restartIfChanged = false;
serviceConfig = {
Type = "oneshot";
ExecStart = "${resticCmd} backup ${concatStringsSep " " backup.extraBackupArgs} ${concatStringsSep " " backup.paths}";
User = backup.user;
};
} // optionalAttrs backup.initialize {
preStart = ''
${resticCmd} snapshots || ${resticCmd} init
'';
})
) config.services.restic.backups;
systemd.timers =
mapAttrs' (name: backup: nameValuePair "restic-backups-${name}" {
wantedBy = [ "timers.target" ];
timerConfig = backup.timerConfig;
}) config.services.restic.backups;
};
}

6
nixos/modules/services/databases/pgmanage.nix
View File

@ -22,7 +22,7 @@ let
web_root = ${cfg.package}/etc/pgmanage/web_root web_root = ${cfg.package}/etc/pgmanage/web_root
data_root = ${cfg.dataRoot} sql_root = ${cfg.sqlRoot}
${optionalString (!isNull cfg.tls) '' ${optionalString (!isNull cfg.tls) ''
tls_cert = ${cfg.tls.cert} tls_cert = ${cfg.tls.cert}
@ -130,7 +130,7 @@ let
''; '';
}; };
dataRoot = mkOption { sqlRoot = mkOption {
type = types.str; type = types.str;
default = "/var/lib/pgmanage"; default = "/var/lib/pgmanage";
description = '' description = ''
@ -210,7 +210,7 @@ in {
users."${pgmanage}" = { users."${pgmanage}" = {
name = pgmanage; name = pgmanage;
group = pgmanage; group = pgmanage;
home = cfg.dataRoot; home = cfg.sqlRoot;
createHome = true; createHome = true;
}; };
groups."${pgmanage}" = { groups."${pgmanage}" = {

5
nixos/modules/services/databases/postgresql.nix
View File

@ -36,9 +36,6 @@ let
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
pre84 = versionOlder (builtins.parseDrvName postgresql.name).version "8.4";
in in
{ {
@ -182,7 +179,7 @@ in
services.postgresql.authentication = mkAfter services.postgresql.authentication = mkAfter
'' ''
# Generated file; do not edit! # Generated file; do not edit!
local all all ident ${optionalString pre84 "sameuser"} local all all ident
host all all 127.0.0.1/32 md5 host all all 127.0.0.1/32 md5
host all all ::1/128 md5 host all all ::1/128 md5
''; '';

21
nixos/modules/services/editors/emacs.nix
View File

@ -15,6 +15,25 @@ let
fi fi
''; '';
desktopApplicationFile = pkgs.writeTextFile {
name = "emacsclient.desktop";
destination = "/share/applications/emacsclient.desktop";
text = ''
[Desktop Entry]
Name=Emacsclient
GenericName=Text Editor
Comment=Edit text
MimeType=text/english;text/plain;text/x-makefile;text/x-c++hdr;text/x-c++src;text/x-chdr;text/x-csrc;text/x-java;text/x-moc;text/x-pascal;text/x-tcl;text/x-tex;application/x-shellscript;text/x-c;text/x-c++;
Exec=emacseditor %F
Icon=emacs
Type=Application
Terminal=false
Categories=Development;TextEditor;
StartupWMClass=Emacs
Keywords=Text;Editor;
'';
};
in { in {
options.services.emacs = { options.services.emacs = {
@ -74,7 +93,7 @@ in {
}; };
} // optionalAttrs cfg.enable { wantedBy = [ "default.target" ]; }; } // optionalAttrs cfg.enable { wantedBy = [ "default.target" ]; };
environment.systemPackages = [ cfg.package editorScript ]; environment.systemPackages = [ cfg.package editorScript desktopApplicationFile ];
environment.variables = { environment.variables = {
# This is required so that GTK applications launched from Emacs # This is required so that GTK applications launched from Emacs

12
nixos/modules/services/hardware/bluetooth.nix
View File

@ -3,8 +3,8 @@
with lib; with lib;
let let
bluez-bluetooth = pkgs.bluez;
cfg = config.hardware.bluetooth; cfg = config.hardware.bluetooth;
bluez-bluetooth = cfg.package;
in { in {
@ -21,6 +21,16 @@ in {
description = "Whether to power up the default Bluetooth controller on boot."; description = "Whether to power up the default Bluetooth controller on boot.";
}; };
package = mkOption {
type = types.package;
default = pkgs.bluez;
defaultText = "pkgs.bluez";
example = "pkgs.bluez.override { enableMidi = true; }";
description = ''
Which BlueZ package to use.
'';
};
extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";

2
nixos/modules/services/hardware/trezord.nix
View File

@ -38,7 +38,7 @@ in {
path = []; path = [];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.trezord}/bin/trezord -f"; ExecStart = "${pkgs.trezord}/bin/trezord-go";
User = "trezord"; User = "trezord";
}; };
}; };

2
nixos/modules/services/misc/dysnomia.nix
View File

@ -158,7 +158,7 @@ in
services.dysnomia.properties = { services.dysnomia.properties = {
hostname = config.networking.hostName; hostname = config.networking.hostName;
system = if config.nixpkgs.system == "" then builtins.currentSystem else config.nixpkgs.system; inherit (config.nixpkgs.localSystem) system;
supportedTypes = (import "${pkgs.stdenv.mkDerivation { supportedTypes = (import "${pkgs.stdenv.mkDerivation {
name = "supportedtypes"; name = "supportedtypes";

8
nixos/modules/services/misc/gitweb.nix
View File

@ -32,6 +32,14 @@ in
''; '';
}; };
gitwebTheme = mkOption {
default = false;
type = types.bool;
description = ''
Use an alternative theme for gitweb, strongly inspired by GitHub.
'';
};
gitwebConfigFile = mkOption { gitwebConfigFile = mkOption {
default = pkgs.writeText "gitweb.conf" '' default = pkgs.writeText "gitweb.conf" ''
# path to git projects (<project>.git) # path to git projects (<project>.git)

2
nixos/modules/services/misc/mesos-slave.nix
View File

@ -213,7 +213,7 @@ in {
PermissionsStartOnly = true; PermissionsStartOnly = true;
}; };
preStart = '' preStart = ''
mkdir -m 0700 -p ${cfg.workDir} mkdir -m 0701 -p ${cfg.workDir}
''; '';
}; };
}; };

2
nixos/modules/services/misc/nixos-manual.nix
View File

@ -23,7 +23,7 @@ let
options = options =
let let
scrubbedEval = evalModules { scrubbedEval = evalModules {
modules = [ { nixpkgs.system = config.nixpkgs.system; } ] ++ baseModules; modules = [ { nixpkgs.localSystem = config.nixpkgs.localSystem; } ] ++ baseModules;
args = (config._module.args) // { modules = [ ]; }; args = (config._module.args) // { modules = [ ]; };
specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; }; specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; };
}; };

50
nixos/modules/services/misc/safeeyes.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.safeeyes;
in
{
###### interface
options = {
services.safeeyes = {
enable = mkOption {
default = false;
description = "Whether to enable the safeeyes OSGi service";
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd.user.services.safeeyes = {
description = "Safeeyes";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.safeeyes}/bin/safeeyes
'';
Restart = "on-failure";
RestartSec = 3;
StartLimitInterval = 350;
StartLimitBurst = 10;
};
};
};
}

2
nixos/modules/services/monitoring/grafana.nix
View File

@ -50,7 +50,7 @@ in {
protocol = mkOption { protocol = mkOption {
description = "Which protocol to listen."; description = "Which protocol to listen.";
default = "http"; default = "http";
type = types.enum ["http" "https"]; type = types.enum ["http" "https" "socket"];
}; };
addr = mkOption { addr = mkOption {

1
nixos/modules/services/monitoring/prometheus/exporters.nix
View File

@ -20,6 +20,7 @@ let
exporterOpts = { exporterOpts = {
blackbox = import ./exporters/blackbox.nix { inherit config lib pkgs; }; blackbox = import ./exporters/blackbox.nix { inherit config lib pkgs; };
collectd = import ./exporters/collectd.nix { inherit config lib pkgs; }; collectd = import ./exporters/collectd.nix { inherit config lib pkgs; };
dovecot = import ./exporters/dovecot.nix { inherit config lib pkgs; };
fritzbox = import ./exporters/fritzbox.nix { inherit config lib pkgs; }; fritzbox = import ./exporters/fritzbox.nix { inherit config lib pkgs; };
json = import ./exporters/json.nix { inherit config lib pkgs; }; json = import ./exporters/json.nix { inherit config lib pkgs; };
minio = import ./exporters/minio.nix { inherit config lib pkgs; }; minio = import ./exporters/minio.nix { inherit config lib pkgs; };

50
nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.dovecot;
in
{
port = 9166;
extraOpts = {
telemetryPath = mkOption {
type = types.str;
default = "/metrics";
description = ''
Path under which to expose metrics.
'';
};
socketPath = mkOption {
type = types.path;
default = "/var/run/dovecot/stats";
example = "/var/run/dovecot2/stats";
description = ''
Path under which the stats socket is placed.
The user/group under which the exporter runs,
should be able to access the socket in order
to scrape the metrics successfully.
'';
};
scopes = mkOption {
type = types.listOf types.str;
default = [ "user" ];
example = [ "user" "global" ];
description = ''
Stats scopes to query.
'';
};
};
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-dovecot-exporter}/bin/dovecot_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--web.telemetry-path ${cfg.telemetryPath} \
--dovecot.socket-path ${cfg.socketPath} \
--dovecot.scopes ${concatStringsSep "," cfg.scopes} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

37
nixos/modules/services/monitoring/prometheus/exporters/postfix.nix
View File

@ -32,6 +32,33 @@ in
Path where Postfix places it's showq socket. Path where Postfix places it's showq socket.
''; '';
}; };
systemd = {
enable = mkEnableOption ''
reading metrics from the systemd-journal instead of from a logfile
'';
unit = mkOption {
type = types.str;
default = "postfix.service";
description = ''
Name of the postfix systemd unit.
'';
};
slice = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Name of the postfix systemd slice.
This overrides the <option>systemd.unit</option>.
'';
};
journalPath = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to the systemd journal.
'';
};
};
}; };
serviceOpts = { serviceOpts = {
serviceConfig = { serviceConfig = {
@ -39,7 +66,15 @@ in
${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \ ${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--web.telemetry-path ${cfg.telemetryPath} \ --web.telemetry-path ${cfg.telemetryPath} \
${concatStringsSep " \\\n " cfg.extraFlags} --postfix.showq_path ${cfg.showqPath} \
${concatStringsSep " \\\n " (cfg.extraFlags
++ optional cfg.systemd.enable "--systemd.enable"
++ optional cfg.systemd.enable (if cfg.systemd.slice != null
then "--systemd.slice ${cfg.systemd.slice}"
else "--systemd.unit ${cfg.systemd.unit}")
++ optional (cfg.systemd.enable && (cfg.systemd.journalPath != null))
"--systemd.jounal_path ${cfg.systemd.journalPath}"
++ optional (!cfg.systemd.enable) "--postfix.logfile_path ${cfg.logfilePath}")}
''; '';
}; };
}; };

112
nixos/modules/services/networking/ddclient.nix
View File

@ -3,24 +3,24 @@
let let
cfg = config.services.ddclient; cfg = config.services.ddclient;
boolToStr = bool: if bool then "yes" else "no"; boolToStr = bool: if bool then "yes" else "no";
dataDir = "/var/lib/ddclient";
configText = '' configText = ''
# This file can be used as a template for configFile or is automatically generated by Nix options. # This file can be used as a template for configFile or is automatically generated by Nix options.
daemon=${toString cfg.interval} cache=${dataDir}/ddclient.cache
cache=${cfg.homeDir}/ddclient.cache foreground=YES
pid=/run/ddclient/ddclient.pid
foreground=NO
use=${cfg.use} use=${cfg.use}
login=${cfg.username} login=${cfg.username}
password=${cfg.password} password=${cfg.password}
protocol=${cfg.protocol} protocol=${cfg.protocol}
${let server = cfg.server; in ${lib.optionalString (cfg.script != "") "script=${cfg.script}"}
lib.optionalString (server != "") "server=${server}"} ${lib.optionalString (cfg.server != "") "server=${cfg.server}"}
${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"}
ssl=${boolToStr cfg.ssl} ssl=${boolToStr cfg.ssl}
wildcard=YES wildcard=YES
quiet=${boolToStr cfg.quiet} quiet=${boolToStr cfg.quiet}
verbose=${boolToStr cfg.verbose} verbose=${boolToStr cfg.verbose}
${cfg.domain} ${lib.concatStringsSep "," cfg.domains}
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
@ -44,17 +44,11 @@ with lib;
''; '';
}; };
homeDir = mkOption { domains = mkOption {
default = "/var/lib/ddclient"; default = [ "" ];
type = str; type = listOf str;
description = "Home directory for the daemon user.";
};
domain = mkOption {
default = "";
type = str;
description = '' description = ''
Domain name to synchronize. Domain name(s) to synchronize.
''; '';
}; };
@ -75,9 +69,12 @@ with lib;
}; };
interval = mkOption { interval = mkOption {
default = 600; default = "10min";
type = int; type = str;
description = "The interval at which to run the check and update."; description = ''
The interval at which to run the check and update.
See <command>man 7 systemd.time</command> for the format.
'';
}; };
configFile = mkOption { configFile = mkOption {
@ -95,7 +92,7 @@ with lib;
default = "dyndns2"; default = "dyndns2";
type = str; type = str;
description = '' description = ''
Protocol to use with dynamic DNS provider (see http://sourceforge.net/apps/trac/ddclient/wiki/Protocols). Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols).
''; '';
}; };
@ -115,11 +112,20 @@ with lib;
''; '';
}; };
extraConfig = mkOption {
default = ""; quiet = mkOption {
type = lines; default = false;
type = bool;
description = '' description = ''
Extra configuration. Contents will be added verbatim to the configuration file. Print no messages for unnecessary updates.
'';
};
script = mkOption {
default = "";
type = str;
description = ''
script as required by some providers.
''; '';
}; };
@ -139,11 +145,19 @@ with lib;
''; '';
}; };
quiet = mkOption { zone = mkOption {
default = false; default = "";
type = bool; type = str;
description = '' description = ''
Print no messages for unnecessary updates. zone as required by some providers.
'';
};
extraConfig = mkOption {
default = "";
type = lines;
description = ''
Extra configuration. Contents will be added verbatim to the configuration file.
''; '';
}; };
}; };
@ -153,23 +167,8 @@ with lib;
###### implementation ###### implementation
config = mkIf config.services.ddclient.enable { config = mkIf config.services.ddclient.enable {
users = {
extraGroups.ddclient.gid = config.ids.gids.ddclient;
extraUsers.ddclient = {
uid = config.ids.uids.ddclient;
description = "ddclient daemon user";
group = "ddclient";
home = cfg.homeDir;
createHome = true;
};
};
environment.etc."ddclient.conf" = { environment.etc."ddclient.conf" = {
enable = cfg.configFile == "/etc/ddclient.conf"; enable = cfg.configFile == "/etc/ddclient.conf";
uid = config.ids.uids.ddclient;
gid = config.ids.gids.ddclient;
mode = "0600"; mode = "0600";
text = configText; text = configText;
}; };
@ -180,15 +179,22 @@ with lib;
after = [ "network.target" ]; after = [ "network.target" ];
restartTriggers = [ config.environment.etc."ddclient.conf".source ]; restartTriggers = [ config.environment.etc."ddclient.conf".source ];
serviceConfig = { serviceConfig = rec {
RuntimeDirectory = "ddclient"; DynamicUser = true;
# we cannot run in forking mode as it swallows all the program output RuntimeDirectory = StateDirectory;
Type = "simple"; StateDirectory = builtins.baseNameOf dataDir;
User = "ddclient"; Type = "oneshot";
Group = "ddclient"; ExecStartPre = "!${lib.getBin pkgs.coreutils}/bin/install -m666 ${cfg.configFile} /run/${RuntimeDirectory}/ddclient.conf";
ExecStart = "${lib.getBin pkgs.ddclient}/bin/ddclient -foreground -file ${cfg.configFile}"; ExecStart = "${lib.getBin pkgs.ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
ProtectSystem = "full"; };
PrivateTmp = true; };
systemd.timers.ddclient = {
description = "Run ddclient";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = cfg.interval;
OnUnitInactiveSec = cfg.interval;
}; };
}; };
}; };

31
nixos/modules/services/networking/dnscache.nix
View File

@ -9,12 +9,12 @@ let
mkdir -p $out/{servers,ip} mkdir -p $out/{servers,ip}
${concatMapStrings (ip: '' ${concatMapStrings (ip: ''
echo > "$out/ip/"${lib.escapeShellArg ip} touch "$out/ip/"${lib.escapeShellArg ip}
'') cfg.clientIps} '') cfg.clientIps}
${concatStrings (mapAttrsToList (host: ips: '' ${concatStrings (mapAttrsToList (host: ips: ''
${concatMapStrings (ip: '' ${concatMapStrings (ip: ''
echo ${lib.escapeShellArg ip} > "$out/servers/"${lib.escapeShellArg host} echo ${lib.escapeShellArg ip} >> "$out/servers/"${lib.escapeShellArg host}
'') ips} '') ips}
'') cfg.domainServers)} '') cfg.domainServers)}
@ -34,33 +34,49 @@ in {
options = { options = {
services.dnscache = { services.dnscache = {
enable = mkOption { enable = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
description = "Whether to run the dnscache caching dns server"; description = "Whether to run the dnscache caching dns server.";
}; };
ip = mkOption { ip = mkOption {
default = "0.0.0.0"; default = "0.0.0.0";
type = types.str; type = types.str;
description = "IP address on which to listen for connections"; description = "IP address on which to listen for connections.";
}; };
clientIps = mkOption { clientIps = mkOption {
default = [ "127.0.0.1" ]; default = [ "127.0.0.1" ];
type = types.listOf types.str; type = types.listOf types.str;
description = "client IP addresses (or prefixes) from which to accept connections"; description = "Client IP addresses (or prefixes) from which to accept connections.";
example = ["192.168" "172.23.75.82"]; example = ["192.168" "172.23.75.82"];
}; };
domainServers = mkOption { domainServers = mkOption {
default = { }; default = { };
type = types.attrsOf (types.listOf types.str); type = types.attrsOf (types.listOf types.str);
description = "table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts)"; description = ''
Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts).
If entry for @ is not specified predefined list of root servers is used.
'';
example = { example = {
"example.com" = ["8.8.8.8" "8.8.4.4"]; "@" = ["8.8.8.8" "8.8.4.4"];
"example.com" = ["192.168.100.100"];
}; };
}; };
forwardOnly = mkOption {
default = false;
type = types.bool;
description = ''
Whether to treat root servers (for @) as caching
servers, requesting addresses the same way a client does. This is
needed if you want to use e.g. Google DNS as your upstream DNS.
'';
};
}; };
}; };
@ -82,6 +98,7 @@ in {
''; '';
script = '' script = ''
cd /var/lib/dnscache/ cd /var/lib/dnscache/
${optionalString cfg.forwardOnly "export FORWARDONLY=1"}
exec ./run exec ./run
''; '';
}; };

2
nixos/modules/services/networking/iwd.nix
View File

@ -26,7 +26,7 @@ in {
wants = [ "network.target" ]; wants = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.iwd}/bin/iwd"; serviceConfig.ExecStart = "${pkgs.iwd}/libexec/iwd";
}; };
}; };

3
nixos/modules/services/networking/murmur.nix
View File

@ -80,7 +80,7 @@ in
pidfile = mkOption { pidfile = mkOption {
type = types.path; type = types.path;
default = "/tmp/murmurd.pid"; default = "/run/murmur/murmurd.pid";
description = "Path to PID file for Murmur daemon."; description = "Path to PID file for Murmur daemon.";
}; };
@ -252,6 +252,7 @@ in
serviceConfig = { serviceConfig = {
Type = "forking"; Type = "forking";
RuntimeDirectory = "murmur";
PIDFile = cfg.pidfile; PIDFile = cfg.pidfile;
Restart = "always"; Restart = "always";
User = "murmur"; User = "murmur";

2
nixos/modules/services/networking/openvpn.nix
View File

@ -65,7 +65,7 @@ let
path = [ pkgs.iptables pkgs.iproute pkgs.nettools ]; path = [ pkgs.iptables pkgs.iproute pkgs.nettools ];
serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --config ${configFile}"; serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --suppress-timestamps --config ${configFile}";
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
serviceConfig.Type = "notify"; serviceConfig.Type = "notify";
}; };

36
nixos/modules/services/networking/prosody.nix
View File

@ -295,6 +295,24 @@ in
''; '';
}; };
dataDir = mkOption {
type = types.string;
description = "Directory where Prosody stores its data";
default = "/var/lib/prosody";
};
user = mkOption {
type = types.str;
default = "prosody";
description = "User account under which prosody runs.";
};
group = mkOption {
type = types.str;
default = "prosody";
description = "Group account under which prosody runs.";
};
allowRegistration = mkOption { allowRegistration = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -421,11 +439,11 @@ in
environment.etc."prosody/prosody.cfg.lua".text = '' environment.etc."prosody/prosody.cfg.lua".text = ''
pidfile = "/var/lib/prosody/prosody.pid" pidfile = "/run/prosody/prosody.pid"
log = "*syslog" log = "*syslog"
data_path = "/var/lib/prosody" data_path = "${cfg.dataDir}"
plugin_paths = { plugin_paths = {
${lib.concatStringsSep ", " (map (n: "\"${n}\"") cfg.extraPluginPaths) } ${lib.concatStringsSep ", " (map (n: "\"${n}\"") cfg.extraPluginPaths) }
} }
@ -469,15 +487,15 @@ in
'') cfg.virtualHosts) } '') cfg.virtualHosts) }
''; '';
users.extraUsers.prosody = { users.extraUsers.prosody = mkIf (cfg.user == "prosody") {
uid = config.ids.uids.prosody; uid = config.ids.uids.prosody;
description = "Prosody user"; description = "Prosody user";
createHome = true; createHome = true;
group = "prosody"; inherit (cfg) group;
home = "/var/lib/prosody"; home = "${cfg.dataDir}";
}; };
users.extraGroups.prosody = { users.extraGroups.prosody = mkIf (cfg.group == "prosody") {
gid = config.ids.gids.prosody; gid = config.ids.gids.prosody;
}; };
@ -488,9 +506,11 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."prosody/prosody.cfg.lua".source ]; restartTriggers = [ config.environment.etc."prosody/prosody.cfg.lua".source ];
serviceConfig = { serviceConfig = {
User = "prosody"; User = cfg.user;
Group = cfg.group;
Type = "forking"; Type = "forking";
PIDFile = "/var/lib/prosody/prosody.pid"; RuntimeDirectory = [ "prosody" ];
PIDFile = "/run/prosody/prosody.pid";
ExecStart = "${cfg.package}/bin/prosodyctl start"; ExecStart = "${cfg.package}/bin/prosodyctl start";
}; };
}; };

2
nixos/modules/services/networking/quagga.nix
View File

@ -133,7 +133,7 @@ in
users.groups = { users.groups = {
quagga = {}; quagga = {};
# Members of the quaggavty group can use vtysh to inspect the Quagga daemons # Members of the quaggavty group can use vtysh to inspect the Quagga daemons
quaggavty = {}; quaggavty = { members = [ "quagga" ]; };
}; };
systemd.services = systemd.services =

112
nixos/modules/services/networking/shadowsocks.nix Normal file
View File

@ -0,0 +1,112 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.shadowsocks;
opts = {
server = cfg.localAddress;
server_port = cfg.port;
method = cfg.encryptionMethod;
mode = cfg.mode;
user = "nobody";
fast_open = true;
} // optionalAttrs (cfg.password != null) { password = cfg.password; };
configFile = pkgs.writeText "shadowsocks.json" (builtins.toJSON opts);
in
{
###### interface
options = {
services.shadowsocks = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to run shadowsocks-libev shadowsocks server.
'';
};
localAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
Local address to which the server binds.
'';
};
port = mkOption {
type = types.int;
default = 8388;
description = ''
Port which the server uses.
'';
};
password = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Password for connecting clients.
'';
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Password file with a password for connecting clients.
'';
};
mode = mkOption {
type = types.enum [ "tcp_only" "tcp_and_udp" "udp_only" ];
default = "tcp_and_udp";
description = ''
Relay protocols.
'';
};
encryptionMethod = mkOption {
type = types.str;
default = "chacha20-ietf-poly1305";
description = ''
Encryption method. See <link xlink:href="https://github.com/shadowsocks/shadowsocks-org/wiki/AEAD-Ciphers"/>.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
assertions = singleton
{ assertion = cfg.password == null || cfg.passwordFile == null;
message = "Cannot use both password and passwordFile for shadowsocks-libev";
};
systemd.services.shadowsocks-libev = {
description = "shadowsocks-libev Daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.shadowsocks-libev ] ++ optional (cfg.passwordFile != null) pkgs.jq;
serviceConfig.PrivateTmp = true;
script = ''
${optionalString (cfg.passwordFile != null) ''
cat ${configFile} | jq --arg password "$(cat "${cfg.passwordFile}")" '. + { password: $password }' > /tmp/shadowsocks.json
''}
exec ss-server -c ${if cfg.passwordFile != null then "/tmp/shadowsocks.json" else configFile}
'';
};
};
}

70
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -213,6 +213,65 @@ in
description = "Files from which authorized keys are read."; description = "Files from which authorized keys are read.";
}; };
kexAlgorithms = mkOption {
type = types.listOf types.str;
default = [
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
description = ''
Allowed key exchange algorithms
</para>
<para>
Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
'';
};
ciphers = mkOption {
type = types.listOf types.str;
default = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
description = ''
Allowed ciphers
</para>
<para>
Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
'';
};
macs = mkOption {
type = types.listOf types.str;
default = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
description = ''
Allowed MACs
</para>
<para>
Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
'';
};
extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
@ -363,14 +422,9 @@ in
HostKey ${k.path} HostKey ${k.path}
'')} '')}
### Recommended settings from both: KexAlgorithms ${concatStringsSep "," cfg.kexAlgorithms}
# https://stribika.github.io/2015/01/04/secure-secure-shell.html Ciphers ${concatStringsSep "," cfg.ciphers}
# and MACs ${concatStringsSep "," cfg.macs}
# https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
# LogLevel VERBOSE logs user's key fingerprint on login. # LogLevel VERBOSE logs user's key fingerprint on login.
# Needed to have a clear audit track of which key was used to log in. # Needed to have a clear audit track of which key was used to log in.

5
nixos/modules/services/search/elasticsearch.nix
View File

@ -32,8 +32,11 @@ let
(if es5 then (pkgs.writeTextDir "log4j2.properties" cfg.logging) (if es5 then (pkgs.writeTextDir "log4j2.properties" cfg.logging)
else (pkgs.writeTextDir "logging.yml" cfg.logging)) else (pkgs.writeTextDir "logging.yml" cfg.logging))
]; ];
postBuild = concatStringsSep "\n" (concatLists [
# Elasticsearch 5.x won't start when the scripts directory does not exist # Elasticsearch 5.x won't start when the scripts directory does not exist
postBuild = if es5 then "${pkgs.coreutils}/bin/mkdir -p $out/scripts" else ""; (optional es5 "${pkgs.coreutils}/bin/mkdir -p $out/scripts")
(optional es6 "ln -s ${cfg.package}/config/jvm.options $out/jvm.options")
]);
}; };
esPlugins = pkgs.buildEnv { esPlugins = pkgs.buildEnv {

10
nixos/modules/services/security/tor.nix
View File

@ -703,14 +703,10 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
restartTriggers = [ torRcFile ]; restartTriggers = [ torRcFile ];
# Translated from the upstream contrib/dist/tor.service.in
preStart = ''
install -o tor -g tor -d ${torDirectory}/onion ${torRunDirectory}
${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config
'';
serviceConfig = serviceConfig =
{ Type = "simple"; { Type = "simple";
# Translated from the upstream contrib/dist/tor.service.in
ExecStartPre = "${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config";
ExecStart = "${pkgs.tor}/bin/tor -f ${torRcFile} --RunAsDaemon 0"; ExecStart = "${pkgs.tor}/bin/tor -f ${torRcFile} --RunAsDaemon 0";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
KillSignal = "SIGINT"; KillSignal = "SIGINT";
@ -725,6 +721,8 @@ in
# DeviceAllow /dev/urandom r # DeviceAllow /dev/urandom r
# .. but we can't specify DeviceAllow multiple times. 'closed' # .. but we can't specify DeviceAllow multiple times. 'closed'
# is close enough. # is close enough.
RuntimeDirectory = "tor";
StateDirectory = [ "tor" "tor/onion" ];
PrivateTmp = "yes"; PrivateTmp = "yes";
DevicePolicy = "closed"; DevicePolicy = "closed";
InaccessibleDirectories = "/home"; InaccessibleDirectories = "/home";

1
nixos/modules/services/torrent/transmission.nix
View File

@ -147,6 +147,7 @@ in
${getLib pkgs.libcap}/lib/libcap*.so* mr, ${getLib pkgs.libcap}/lib/libcap*.so* mr,
${getLib pkgs.attr}/lib/libattr*.so* mr, ${getLib pkgs.attr}/lib/libattr*.so* mr,
${getLib pkgs.lz4}/lib/liblz4*.so* mr, ${getLib pkgs.lz4}/lib/liblz4*.so* mr,
${getLib pkgs.libkrb5}/lib/lib*.so* mr,
@{PROC}/sys/kernel/random/uuid r, @{PROC}/sys/kernel/random/uuid r,
@{PROC}/sys/vm/overcommit_memory r, @{PROC}/sys/vm/overcommit_memory r,

2
nixos/modules/services/web-apps/atlassian/jira.nix
View File

@ -155,7 +155,7 @@ in
requires = [ "postgresql.service" ]; requires = [ "postgresql.service" ];
after = [ "postgresql.service" ]; after = [ "postgresql.service" ];
path = [ cfg.jrePackage ]; path = [ cfg.jrePackage pkgs.bash ];
environment = { environment = {
JIRA_USER = cfg.user; JIRA_USER = cfg.user;

6
nixos/modules/services/web-apps/tt-rss.nix
View File

@ -466,10 +466,10 @@ let
''; '';
}; };
services.nginx = {
enable = true;
# NOTE: No configuration is done if not using virtual host # NOTE: No configuration is done if not using virtual host
virtualHosts = mkIf (cfg.virtualHost != null) { services.nginx = mkIf (cfg.virtualHost != null) {
enable = true;
virtualHosts = {
"${cfg.virtualHost}" = { "${cfg.virtualHost}" = {
root = "${cfg.root}"; root = "${cfg.root}";

7
nixos/modules/services/web-servers/lighttpd/gitweb.nix
View File

@ -4,6 +4,9 @@ with lib;
let let
cfg = config.services.gitweb; cfg = config.services.gitweb;
package = pkgs.gitweb.override (optionalAttrs cfg.gitwebTheme {
gitwebTheme = true;
});
in in
{ {
@ -34,8 +37,8 @@ in
"^/gitweb$" => "/gitweb/" "^/gitweb$" => "/gitweb/"
) )
alias.url = ( alias.url = (
"/gitweb/static/" => "${pkgs.git}/share/gitweb/static/", "/gitweb/static/" => "${package}/static/",
"/gitweb/" => "${pkgs.git}/share/gitweb/gitweb.cgi" "/gitweb/" => "${package}/gitweb.cgi"
) )
setenv.add-environment = ( setenv.add-environment = (
"GITWEB_CONFIG" => "${cfg.gitwebConfigFile}", "GITWEB_CONFIG" => "${cfg.gitwebConfigFile}",

12
nixos/modules/services/web-servers/nginx/gitweb.nix
View File

@ -4,6 +4,9 @@ with lib;
let let
cfg = config.services.gitweb; cfg = config.services.gitweb;
package = pkgs.gitweb.override (optionalAttrs cfg.gitwebTheme {
gitwebTheme = true;
});
in in
{ {
@ -24,7 +27,7 @@ in
systemd.services.gitweb = { systemd.services.gitweb = {
description = "GitWeb service"; description = "GitWeb service";
script = "${pkgs.git}/share/gitweb/gitweb.cgi --fastcgi --nproc=1"; script = "${package}/gitweb.cgi --fastcgi --nproc=1";
environment = { environment = {
FCGI_SOCKET_PATH = "/run/gitweb/gitweb.sock"; FCGI_SOCKET_PATH = "/run/gitweb/gitweb.sock";
}; };
@ -38,11 +41,10 @@ in
services.nginx = { services.nginx = {
virtualHosts.default = { virtualHosts.default = {
locations."/gitweb/" = { locations."/gitweb/static/" = {
root = "${pkgs.git}/share"; alias = "${package}/static/";
tryFiles = "$uri @gitweb";
}; };
locations."@gitweb" = { locations."/gitweb/" = {
extraConfig = '' extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param GITWEB_CONFIG ${cfg.gitwebConfigFile}; fastcgi_param GITWEB_CONFIG ${cfg.gitwebConfigFile};

4
nixos/modules/services/x11/xserver.nix
View File

@ -626,9 +626,7 @@ in
environment = environment =
{ {
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime. LD_LIBRARY_PATH = concatStringsSep ":" ([ "/run/opengl-driver/lib" ]
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${xorg.libX11.out}/lib" "${xorg.libXext.out}/lib" "/run/opengl-driver/lib" ]
++ concatLists (catAttrs "libPath" cfg.drivers)); ++ concatLists (catAttrs "libPath" cfg.drivers));
} // cfg.displayManager.job.environment; } // cfg.displayManager.job.environment;

11
nixos/modules/system/boot/grow-partition.nix
View File

@ -32,8 +32,15 @@ with lib;
rootDevice="${config.fileSystems."/".device}" rootDevice="${config.fileSystems."/".device}"
if [ -e "$rootDevice" ]; then if [ -e "$rootDevice" ]; then
rootDevice="$(readlink -f "$rootDevice")" rootDevice="$(readlink -f "$rootDevice")"
parentDevice="$(lsblk -npo PKNAME "$rootDevice")" parentDevice="$rootDevice"
TMPDIR=/run sh $(type -P growpart) "$parentDevice" "''${rootDevice#$parentDevice}" while [ "''${parentDevice%[0-9]}" != "''${parentDevice}" ]; do
parentDevice="''${parentDevice%[0-9]}";
done
partNum="''${rootDevice#''${parentDevice}}"
if [ "''${parentDevice%[0-9]p}" != "''${parentDevice}" ] && [ -b "''${parentDevice%p}" ]; then
parentDevice="''${parentDevice%p}"
fi
TMPDIR=/run sh $(type -P growpart) "$parentDevice" "$partNum"
udevadm settle udevadm settle
fi fi
''; '';

4
nixos/modules/system/boot/kernel.nix
View File

@ -77,8 +77,8 @@ in
type = types.int; type = types.int;
default = 4; default = 4;
description = '' description = ''
The kernel console log level. Log messages with a priority The kernel console <literal>loglevel</literal>. All Kernel Messages with a log level smaller
numerically less than this will not appear on the console. than this setting will be printed to the console.
''; '';
}; };

2
nixos/modules/system/boot/systemd-unit-options.nix
View File

@ -217,7 +217,7 @@ in rec {
environment = mkOption { environment = mkOption {
default = {}; default = {};
type = types.attrs; # FIXME type = with types; attrsOf (nullOr (either str package));
example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; }; example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; };
description = "Environment variables passed to the service's processes."; description = "Environment variables passed to the service's processes.";
}; };

6
nixos/modules/system/boot/systemd.nix
View File

@ -137,7 +137,6 @@ let
# Slices / containers. # Slices / containers.
"slices.target" "slices.target"
"system.slice"
"user.slice" "user.slice"
"machine.slice" "machine.slice"
"machines.target" "machines.target"
@ -516,7 +515,7 @@ in
}; };
systemd.globalEnvironment = mkOption { systemd.globalEnvironment = mkOption {
type = types.attrs; type = with types; attrsOf (nullOr (either str package));
default = {}; default = {};
example = { TZ = "CET"; }; example = { TZ = "CET"; };
description = '' description = ''
@ -836,7 +835,8 @@ in
system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled
[ "DEVTMPFS" "CGROUPS" "INOTIFY_USER" "SIGNALFD" "TIMERFD" "EPOLL" "NET" [ "DEVTMPFS" "CGROUPS" "INOTIFY_USER" "SIGNALFD" "TIMERFD" "EPOLL" "NET"
"SYSFS" "PROC_FS" "FHANDLE" "DMIID" "AUTOFS4_FS" "TMPFS_POSIX_ACL" "SYSFS" "PROC_FS" "FHANDLE" "CRYPTO_USER_API_HASH" "CRYPTO_HMAC"
"CRYPTO_SHA256" "DMIID" "AUTOFS4_FS" "TMPFS_POSIX_ACL"
"TMPFS_XATTR" "SECCOMP" "TMPFS_XATTR" "SECCOMP"
]; ];

2
nixos/modules/tasks/filesystems/exfat.nix
View File

@ -5,7 +5,7 @@ with lib;
{ {
config = mkIf (any (fs: fs == "exfat") config.boot.supportedFilesystems) { config = mkIf (any (fs: fs == "exfat") config.boot.supportedFilesystems) {
system.fsPackages = [ pkgs.exfat-utils pkgs.fuse_exfat ]; system.fsPackages = [ pkgs.exfat ];
}; };
} }

4
nixos/modules/tasks/filesystems/zfs.nix
View File

@ -305,6 +305,8 @@ in
} }
]; ];
virtualisation.lxd.zfsSupport = true;
boot = { boot = {
kernelModules = [ "spl" "zfs" ] ; kernelModules = [ "spl" "zfs" ] ;
extraModulePackages = with packages; [ spl zfs ]; extraModulePackages = with packages; [ spl zfs ];
@ -452,7 +454,7 @@ in
}) snapshotNames); }) snapshotNames);
systemd.timers = let systemd.timers = let
timer = name: if name == "frequent" then "*:15,30,45" else name; timer = name: if name == "frequent" then "*:0,15,30,45" else name;
in builtins.listToAttrs (map (snapName: in builtins.listToAttrs (map (snapName:
{ {
name = "zfs-snapshot-${snapName}"; name = "zfs-snapshot-${snapName}";

8
nixos/modules/virtualisation/azure-agent.nix
View File

@ -66,6 +66,10 @@ in
default = false; default = false;
description = "Whether to enable verbose logging."; description = "Whether to enable verbose logging.";
}; };
mountResourceDisk = mkOption {
default = true;
description = "Whether the agent should format (ext4) and mount the resource disk to /mnt/resource.";
};
}; };
###### implementation ###### implementation
@ -112,7 +116,7 @@ in
Provisioning.ExecuteCustomData=n Provisioning.ExecuteCustomData=n
# Format if unformatted. If 'n', resource disk will not be mounted. # Format if unformatted. If 'n', resource disk will not be mounted.
ResourceDisk.Format=y ResourceDisk.Format=${if cfg.mountResourceDisk then "y" else "n"}
# File system on the resource disk # File system on the resource disk
# Typically ext3 or ext4. FreeBSD images should use 'ufs2' here. # Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.
@ -181,7 +185,7 @@ in
after = [ "network-online.target" "sshd.service" ]; after = [ "network-online.target" "sshd.service" ];
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
path = [ pkgs.e2fsprogs ]; path = [ pkgs.e2fsprogs pkgs.bash ];
description = "Windows Azure Agent Service"; description = "Windows Azure Agent Service";
unitConfig.ConditionPathExists = "/etc/waagent.conf"; unitConfig.ConditionPathExists = "/etc/waagent.conf";
serviceConfig = { serviceConfig = {

18
nixos/modules/virtualisation/containers.nix
View File

@ -112,7 +112,7 @@ let
# If the host is 64-bit and the container is 32-bit, add a # If the host is 64-bit and the container is 32-bit, add a
# --personality flag. # --personality flag.
${optionalString (config.nixpkgs.system == "x86_64-linux") '' ${optionalString (config.nixpkgs.localSystem.system == "x86_64-linux") ''
if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
extraFlags+=" --personality=x86" extraFlags+=" --personality=x86"
fi fi
@ -255,7 +255,7 @@ let
}; };
system = config.nixpkgs.system; system = config.nixpkgs.localSystem.system;
bindMountOpts = { name, config, ... }: { bindMountOpts = { name, config, ... }: {
@ -575,6 +575,16 @@ in
''; '';
}; };
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
example = [ "--drop-capability=CAP_SYS_CHROOT" ];
description = ''
Extra flags passed to the systemd-nspawn command.
See systemd-nspawn(1) for details.
'';
};
} // networkOptions; } // networkOptions;
config = mkMerge config = mkMerge
@ -714,7 +724,9 @@ in
${optionalString cfg.autoStart '' ${optionalString cfg.autoStart ''
AUTO_START=1 AUTO_START=1
''} ''}
EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts}" EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts +
optionalString (cfg.extraFlags != [])
(" " + concatStringsSep " " cfg.extraFlags)}"
''; '';
}) config.containers; }) config.containers;

5
nixos/modules/virtualisation/lxc.nix
View File

@ -74,6 +74,9 @@ in
systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ]; systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];
security.apparmor.packages = [ pkgs.lxc ]; security.apparmor.packages = [ pkgs.lxc ];
security.apparmor.profiles = [ "${pkgs.lxc}/etc/apparmor.d/lxc-containers" ]; security.apparmor.profiles = [
"${pkgs.lxc}/etc/apparmor.d/lxc-containers"
"${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
];
}; };
} }

40
nixos/modules/virtualisation/lxd.nix
View File

@ -15,28 +15,34 @@ in
options = { options = {
virtualisation.lxd.enable = virtualisation.lxd = {
mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = description = ''
''
This option enables lxd, a daemon that manages This option enables lxd, a daemon that manages
containers. Users in the "lxd" group can interact with containers. Users in the "lxd" group can interact with
the daemon (e.g. to start or stop containers) using the the daemon (e.g. to start or stop containers) using the
<command>lxc</command> command line tool, among others. <command>lxc</command> command line tool, among others.
''; '';
}; };
zfsSupport = mkOption {
type = types.bool;
default = false;
description = ''
enables lxd to use zfs as a storage for containers.
This option is enabled by default if a zfs pool is configured
with nixos.
'';
};
};
}; };
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = environment.systemPackages = [ pkgs.lxd ];
[ pkgs.lxd ];
security.apparmor = { security.apparmor = {
enable = true; enable = true;
@ -47,22 +53,24 @@ in
packages = [ pkgs.lxc ]; packages = [ pkgs.lxc ];
}; };
systemd.services.lxd = systemd.services.lxd = {
{ description = "LXD Container Management Daemon"; description = "LXD Container Management Daemon";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "systemd-udev-settle.service" ]; after = [ "systemd-udev-settle.service" ];
# TODO(wkennington): Add lvm2 and thin-provisioning-tools path = lib.optional cfg.zfsSupport pkgs.zfs;
path = with pkgs; [ acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ];
preStart = '' preStart = ''
mkdir -m 0755 -p /var/lib/lxc/rootfs mkdir -m 0755 -p /var/lib/lxc/rootfs
''; '';
serviceConfig.ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --syslog --group lxd"; serviceConfig = {
serviceConfig.Type = "simple"; ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --group lxd";
serviceConfig.KillMode = "process"; # when stopping, leave the containers alone Type = "simple";
KillMode = "process"; # when stopping, leave the containers alone
};
}; };
users.extraGroups.lxd.gid = config.ids.gids.lxd; users.extraGroups.lxd.gid = config.ids.gids.lxd;
@ -71,7 +79,5 @@ in
subUidRanges = [ { startUid = 1000000; count = 65536; } ]; subUidRanges = [ { startUid = 1000000; count = 65536; } ];
subGidRanges = [ { startGid = 1000000; count = 65536; } ]; subGidRanges = [ { startGid = 1000000; count = 65536; } ];
}; };
}; };
} }

2
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -98,7 +98,7 @@ let
${qemuGraphics} \ ${qemuGraphics} \
${toString config.virtualisation.qemu.options} \ ${toString config.virtualisation.qemu.options} \
$QEMU_OPTS \ $QEMU_OPTS \
$@ "$@"
''; '';

11
nixos/release.nix
View File

@ -166,8 +166,12 @@ in rec {
inherit system; inherit system;
}); });
sd_image = forMatchingSystems [ "aarch64-linux" ] (system: makeSdImage { sd_image = forMatchingSystems [ "armv6l-linux" "armv7l-linux" "aarch64-linux" ] (system: makeSdImage {
module = ./modules/installer/cd-dvd/sd-image-aarch64.nix; module = {
armv6l-linux = ./modules/installer/cd-dvd/sd-image-raspberrypi.nix;
armv7l-linux = ./modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix;
aarch64-linux = ./modules/installer/cd-dvd/sd-image-aarch64.nix;
}.${system};
inherit system; inherit system;
}); });
@ -266,6 +270,7 @@ in rec {
tests.couchdb = callTest tests/couchdb.nix {}; tests.couchdb = callTest tests/couchdb.nix {};
tests.docker = callTestOnMatchingSystems ["x86_64-linux"] tests/docker.nix {}; tests.docker = callTestOnMatchingSystems ["x86_64-linux"] tests/docker.nix {};
tests.docker-tools = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools.nix {}; tests.docker-tools = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools.nix {};
tests.docker-tools-overlay = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools-overlay.nix {};
tests.docker-edge = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-edge.nix {}; tests.docker-edge = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-edge.nix {};
tests.dovecot = callTest tests/dovecot.nix {}; tests.dovecot = callTest tests/dovecot.nix {};
tests.dnscrypt-proxy = callTestOnMatchingSystems ["x86_64-linux"] tests/dnscrypt-proxy.nix {}; tests.dnscrypt-proxy = callTestOnMatchingSystems ["x86_64-linux"] tests/dnscrypt-proxy.nix {};
@ -365,7 +370,7 @@ in rec {
tests.prometheus = callTest tests/prometheus.nix {}; tests.prometheus = callTest tests/prometheus.nix {};
tests.prosody = callTest tests/prosody.nix {}; tests.prosody = callTest tests/prosody.nix {};
tests.proxy = callTest tests/proxy.nix {}; tests.proxy = callTest tests/proxy.nix {};
# tests.quagga = callTest tests/quagga.nix {}; tests.quagga = callTest tests/quagga.nix {};
tests.quake3 = callTest tests/quake3.nix {}; tests.quake3 = callTest tests/quake3.nix {};
tests.rabbitmq = callTest tests/rabbitmq.nix {}; tests.rabbitmq = callTest tests/rabbitmq.nix {};
tests.radicale = callTest tests/radicale.nix {}; tests.radicale = callTest tests/radicale.nix {};

2
nixos/tests/containers-imperative.nix
View File

@ -15,7 +15,7 @@ import ./make-test.nix ({ pkgs, ...} : {
# container available within the VM, because we don't have network access. # container available within the VM, because we don't have network access.
virtualisation.pathsInNixDB = let virtualisation.pathsInNixDB = let
emptyContainer = import ../lib/eval-config.nix { emptyContainer = import ../lib/eval-config.nix {
inherit (config.nixpkgs) system; inherit (config.nixpkgs.localSystem) system;
modules = lib.singleton { modules = lib.singleton {
containers.foo.config = {}; containers.foo.config = {};
}; };

32
nixos/tests/docker-tools-overlay.nix Normal file
View File

@ -0,0 +1,32 @@
# this test creates a simple GNU image with docker tools and sees if it executes
import ./make-test.nix ({ pkgs, ... }:
{
name = "docker-tools-overlay";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lnl7 ];
};
nodes = {
docker =
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
virtualisation.docker.storageDriver = "overlay"; # defaults to overlay2
};
};
testScript =
''
$docker->waitForUnit("sockets.target");
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version");
# Check if the nix store has correct user permissions depending on what
# storage driver is used, incorrectly built images can show up as readonly.
# drw------- 3 0 0 3 Apr 14 11:36 /nix
# drw------- 99 0 0 100 Apr 14 11:36 /nix/store
$docker->succeed("docker run --rm -u 1000:1000 ${pkgs.dockerTools.examples.bash.imageName} bash --version");
'';
})

6
nixos/tests/docker-tools.nix
View File

@ -3,7 +3,7 @@
import ./make-test.nix ({ pkgs, ... }: { import ./make-test.nix ({ pkgs, ... }: {
name = "docker-tools"; name = "docker-tools";
meta = with pkgs.stdenv.lib.maintainers; { meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ]; maintainers = [ lnl7 ];
}; };
nodes = { nodes = {
@ -21,12 +21,12 @@ import ./make-test.nix ({ pkgs, ... }: {
$docker->waitForUnit("sockets.target"); $docker->waitForUnit("sockets.target");
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'"); $docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} /bin/bash --version"); $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version");
$docker->succeed("docker rmi ${pkgs.dockerTools.examples.bash.imageName}"); $docker->succeed("docker rmi ${pkgs.dockerTools.examples.bash.imageName}");
# Check if the nix store is correctly initialized by listing dependencies of the installed Nix binary # Check if the nix store is correctly initialized by listing dependencies of the installed Nix binary
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.nix}'"); $docker->succeed("docker load --input='${pkgs.dockerTools.examples.nix}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.nix.imageName} /bin/nix-store -qR ${pkgs.nix}"); $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.nix.imageName} nix-store -qR ${pkgs.nix}");
$docker->succeed("docker rmi ${pkgs.dockerTools.examples.nix.imageName}"); $docker->succeed("docker rmi ${pkgs.dockerTools.examples.nix.imageName}");
# To test the pullImage tool # To test the pullImage tool

19
nixos/tests/dovecot.nix
View File

@ -18,6 +18,18 @@ import ./make-test.nix {
MAIL MAIL
''; '';
sendTestMailViaDeliveryAgent = pkgs.writeScriptBin "send-lda" ''
#!${pkgs.stdenv.shell}
exec ${pkgs.dovecot}/libexec/dovecot/deliver -d bob <<MAIL
From: root@localhost
To: bob@localhost
Subject: Something else...
I'm running short of ideas!
MAIL
'';
testImap = pkgs.writeScriptBin "test-imap" '' testImap = pkgs.writeScriptBin "test-imap" ''
#!${pkgs.python3.interpreter} #!${pkgs.python3.interpreter}
import imaplib import imaplib
@ -39,24 +51,25 @@ import ./make-test.nix {
pop = poplib.POP3('localhost') pop = poplib.POP3('localhost')
try: try:
pop.user('alice') pop.user('bob')
pop.pass_('foobar') pop.pass_('foobar')
assert len(pop.list()[1]) == 1 assert len(pop.list()[1]) == 1
status, fullmail, size = pop.retr(1) status, fullmail, size = pop.retr(1)
assert status.startswith(b'+OK ') assert status.startswith(b'+OK ')
body = b"".join(fullmail[fullmail.index(b""):]).strip() body = b"".join(fullmail[fullmail.index(b""):]).strip()
assert body == b'Hello world!' assert body == b"I'm running short of ideas!"
finally: finally:
pop.quit() pop.quit()
''; '';
in [ sendTestMail testImap testPop ]; in [ sendTestMail sendTestMailViaDeliveryAgent testImap testPop ];
}; };
testScript = '' testScript = ''
$machine->waitForUnit('postfix.service'); $machine->waitForUnit('postfix.service');
$machine->waitForUnit('dovecot2.service'); $machine->waitForUnit('dovecot2.service');
$machine->succeed('send-testmail'); $machine->succeed('send-testmail');
$machine->succeed('send-lda');
$machine->waitUntilFails('[ "$(postqueue -p)" != "Mail queue is empty" ]'); $machine->waitUntilFails('[ "$(postqueue -p)" != "Mail queue is empty" ]');
$machine->succeed('test-imap'); $machine->succeed('test-imap');
$machine->succeed('test-pop'); $machine->succeed('test-pop');

13
nixos/tests/gnome3-gdm.nix
View File

@ -26,15 +26,22 @@ import ./make-test.nix ({ pkgs, ...} : {
testScript = testScript =
'' ''
# wait for gdm to start and bring up X
$machine->waitForUnit("display-manager.service");
$machine->waitForX; $machine->waitForX;
$machine->sleep(15);
# wait for alice to be logged in
$machine->waitForUnit("default.target","alice");
# Check that logging in has given the user ownership of devices. # Check that logging in has given the user ownership of devices.
$machine->succeed("getfacl /dev/snd/timer | grep -q alice"); $machine->succeed("getfacl /dev/snd/timer | grep -q alice");
$machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'"); # open a terminal and check it's there
$machine->succeed("xauth merge ~alice/.Xauthority"); $machine->succeed("su - alice -c 'DISPLAY=:0.0 XAUTHORITY=/run/user/\$UID/gdm/Xauthority gnome-terminal'");
$machine->succeed("xauth merge /run/user/1000/gdm/Xauthority");
$machine->waitForWindow(qr/Terminal/); $machine->waitForWindow(qr/Terminal/);
# wait to get a nice screenshot
$machine->sleep(20); $machine->sleep(20);
$machine->screenshot("screen"); $machine->screenshot("screen");
''; '';

4
nixos/tests/kernel-copperhead.nix
View File

@ -6,14 +6,14 @@ import ./make-test.nix ({ pkgs, ...} : {
machine = { config, lib, pkgs, ... }: machine = { config, lib, pkgs, ... }:
{ {
boot.kernelPackages = pkgs.linuxPackages_hardened_copperhead; boot.kernelPackages = pkgs.linuxPackages_copperhead_hardened;
}; };
testScript = testScript =
'' ''
$machine->succeed("uname -a"); $machine->succeed("uname -a");
$machine->succeed("uname -s | grep 'Linux'"); $machine->succeed("uname -s | grep 'Linux'");
$machine->succeed("uname -a | grep '${pkgs.linuxPackages_hardened_copperhead.kernel.modDirVersion}'"); $machine->succeed("uname -a | grep '${pkgs.linuxPackages_copperhead_hardened.kernel.modDirVersion}'");
$machine->succeed("uname -a | grep 'hardened'"); $machine->succeed("uname -a | grep 'hardened'");
''; '';
}) })

2
nixos/tests/systemd.nix
View File

@ -46,6 +46,8 @@ import ./make-test.nix {
testScript = '' testScript = ''
$machine->waitForX; $machine->waitForX;
# wait for user services
$machine->waitForUnit("default.target","alice");
# Regression test for https://github.com/NixOS/nixpkgs/issues/35415 # Regression test for https://github.com/NixOS/nixpkgs/issues/35415
subtest "configuration files are recognized by systemd", sub { subtest "configuration files are recognized by systemd", sub {

4
pkgs/applications/altcoins/bitcoin-abc.nix
View File

@ -7,13 +7,13 @@ with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-abc-" + version; name = "bitcoin" + (toString (optional (!withGui) "d")) + "-abc-" + version;
version = "0.16.2"; version = "0.17.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bitcoin-ABC"; owner = "bitcoin-ABC";
repo = "bitcoin-abc"; repo = "bitcoin-abc";
rev = "v${version}"; rev = "v${version}";
sha256 = "0d5npn4p321jqsbqjxkbv0ncvs2hp9vdp30np6n8n53f896cxl92"; sha256 = "1s2y29h2q4fnbrfg2ig1cd3h7g3kdcdyrfq7znq1ndnh8xj1j489";
}; };
patches = [ ./fix-bitcoin-qt-build.patch ]; patches = [ ./fix-bitcoin-qt-build.patch ];

1
pkgs/applications/altcoins/dcrd.nix
View File

@ -29,5 +29,6 @@ buildGoPackage rec {
homepage = "https://decred.org"; homepage = "https://decred.org";
description = "Decred daemon in Go (golang)"; description = "Decred daemon in Go (golang)";
license = with lib.licenses; [ isc ]; license = with lib.licenses; [ isc ];
broken = stdenv.isLinux; # 2018-04-10
}; };
} }

1
pkgs/applications/altcoins/dcrwallet.nix
View File

@ -38,5 +38,6 @@ buildGoPackage rec {
homepage = "https://decred.org"; homepage = "https://decred.org";
description = "Decred daemon in Go (golang)"; description = "Decred daemon in Go (golang)";
license = with lib.licenses; [ isc ]; license = with lib.licenses; [ isc ];
broken = stdenv.isLinux; # 2018-04-10
}; };
} }

2
pkgs/applications/altcoins/default.nix
View File

@ -51,6 +51,8 @@ rec {
memorycoin = callPackage ./memorycoin.nix { boost = boost165; withGui = true; }; memorycoin = callPackage ./memorycoin.nix { boost = boost165; withGui = true; };
memorycoind = callPackage ./memorycoin.nix { boost = boost165; withGui = false; }; memorycoind = callPackage ./memorycoin.nix { boost = boost165; withGui = false; };
mist = callPackage ./mist.nix { };
namecoin = callPackage ./namecoin.nix { withGui = true; }; namecoin = callPackage ./namecoin.nix { withGui = true; };
namecoind = callPackage ./namecoin.nix { withGui = false; }; namecoind = callPackage ./namecoin.nix { withGui = false; };

1
pkgs/applications/altcoins/hevm.nix
View File

@ -55,6 +55,7 @@ lib.overrideDerivation (mkDerivation rec {
description = "Ethereum virtual machine evaluator"; description = "Ethereum virtual machine evaluator";
license = stdenv.lib.licenses.agpl3; license = stdenv.lib.licenses.agpl3;
maintainers = [stdenv.lib.maintainers.dbrock]; maintainers = [stdenv.lib.maintainers.dbrock];
broken = true; # 2018-04-10
}) (attrs: { }) (attrs: {
buildInputs = attrs.buildInputs ++ [solc]; buildInputs = attrs.buildInputs ++ [solc];
nativeBuildInputs = attrs.nativeBuildInputs ++ [makeWrapper]; nativeBuildInputs = attrs.nativeBuildInputs ++ [makeWrapper];

2
pkgs/applications/altcoins/memorycoin.nix
View File

@ -51,6 +51,6 @@ stdenv.mkDerivation rec{
homepage = http://www.bitcoin.org/; homepage = http://www.bitcoin.org/;
maintainers = with maintainers; [ AndersonTorres ]; maintainers = with maintainers; [ AndersonTorres ];
license = licenses.mit; license = licenses.mit;
platforms = subtractLists [ "aarch64-linux" ] platforms.unix; platforms = [ "x86_64-linux" ];
}; };
} }

71
pkgs/applications/altcoins/mist.nix Normal file
View File

@ -0,0 +1,71 @@
{ stdenv, lib, makeWrapper, fetchurl, unzip, atomEnv, makeDesktopItem, buildFHSUserEnv }:
let
version = "0.10.0";
name = "mist-${version}";
throwSystem = throw "Unsupported system: ${stdenv.system}";
meta = with stdenv.lib; {
description = "Browse and use Ðapps on the Ethereum network";
homepage = https://github.com/ethereum/mist;
license = licenses.gpl3;
maintainers = with maintainers; [];
platforms = [ "x86_64-linux" "i686-linux" ];
};
urlVersion = builtins.replaceStrings ["."] ["-"] version;
desktopItem = makeDesktopItem rec {
name = "Mist";
exec = "mist";
icon = "mist";
desktopName = name;
genericName = "Mist Browser";
categories = "Network;";
};
mist = stdenv.mkDerivation {
inherit name version;
src = {
i686-linux = fetchurl {
url = "https://github.com/ethereum/mist/releases/download/v${version}/Mist-linux32-${urlVersion}.zip";
sha256 = "01hvxlm9w522pwvsjdy18gsrapkfjr7d1jjl4bqjjysxnjaaj2lk";
};
x86_64-linux = fetchurl {
url = "https://github.com/ethereum/mist/releases/download/v${version}/Mist-linux64-${urlVersion}.zip";
sha256 = "01k17j7fdfhxfd26njdsiwap0xnka2536k9ydk32czd8db7ya9zi";
};
}.${stdenv.system} or throwSystem;
buildInputs = [ unzip makeWrapper ];
buildCommand = ''
mkdir -p $out/lib/mist $out/bin
unzip -d $out/lib/mist $src
ln -s $out/lib/mist/mist $out/bin
fixupPhase
mkdir -p $out/share/applications
ln -s ${desktopItem}/share/applications/* $out/share/applications
patchelf \
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath "${atomEnv.libPath}:$out/lib/mist" \
$out/lib/mist/mist
'';
};
in
buildFHSUserEnv {
name = "mist";
targetPkgs = pkgs: with pkgs; [
mist
];
extraInstallCommands = ''
mkdir -p "$out/share/applications"
cp "${desktopItem}/share/applications/"* $out/share/applications
'';
runScript = "mist";
}

4
pkgs/applications/audio/asunder/default.nix
View File

@ -12,11 +12,11 @@
with stdenv.lib; with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "2.9.2"; version = "2.9.3";
name = "asunder-${version}"; name = "asunder-${version}";
src = fetchurl { src = fetchurl {
url = "http://littlesvr.ca/asunder/releases/${name}.tar.bz2"; url = "http://littlesvr.ca/asunder/releases/${name}.tar.bz2";
sha256 = "0vjbxrrjih4c673sc39wj5whp81xp9kmnwqxwzfnmhkky970rg5r"; sha256 = "1630i1df06y840v3fgdf75jxw1s8kwbfn5bhi0686viah0scccw5";
}; };
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];

4
pkgs/applications/audio/bitwig-studio/bitwig-studio2.nix
View File

@ -3,11 +3,11 @@
bitwig-studio1.overrideAttrs (oldAttrs: rec { bitwig-studio1.overrideAttrs (oldAttrs: rec {
name = "bitwig-studio-${version}"; name = "bitwig-studio-${version}";
version = "2.2.2"; version = "2.3.1";
src = fetchurl { src = fetchurl {
url = "https://downloads.bitwig.com/stable/${version}/bitwig-studio-${version}.deb"; url = "https://downloads.bitwig.com/stable/${version}/bitwig-studio-${version}.deb";
sha256 = "1x4wka32xlygmhdh9rb15s37zh5qjrgap2qk35y34c52lf5aak22"; sha256 = "18gghx0ygwh01cidj8mkf82l9qhq2dy1b3yc4ajksvj762yg6cf2";
}; };
buildInputs = bitwig-studio1.buildInputs ++ [ ffmpeg ]; buildInputs = bitwig-studio1.buildInputs ++ [ ffmpeg ];

6
pkgs/applications/audio/caps/default.nix
View File

@ -9,9 +9,13 @@ stdenv.mkDerivation rec {
patches = [ patches = [
(fetchurl { (fetchurl {
url = "https://anonscm.debian.org/cgit/pkg-multimedia/caps.git/plain/debian/patches/0001-Avoid-ambiguity-in-div-invocation.patch"; url = "https://salsa.debian.org/multimedia-team/caps/raw/9a99c225/debian/patches/0001-Avoid-ambiguity-in-div-invocation.patch";
sha256 = "1b1pb5yfskiw8zi1lkj572l2ajpirh4amq538vggwvlpv1fqfway"; sha256 = "1b1pb5yfskiw8zi1lkj572l2ajpirh4amq538vggwvlpv1fqfway";
}) })
(fetchurl {
url = "https://salsa.debian.org/multimedia-team/caps/raw/a411203d/debian/patches/0002-Use-standard-exp10f-instead-of-pow10f.patch";
sha256 = "18ciklnscabr77l8b89xmbagkk79w4iqfpzr2yhn2ywv2jp8akx9";
})
]; ];
configurePhase = '' configurePhase = ''

58
pkgs/applications/audio/chuck/clang.patch Normal file
View File

@ -0,0 +1,58 @@
diff --git a/src/ugen_osc.cpp b/src/ugen_osc.cpp
index 6b93c6b..dbefe4f 100644
--- a/src/ugen_osc.cpp
+++ b/src/ugen_osc.cpp
@@ -1232,7 +1232,7 @@ CK_DLL_CTRL( gen5_coeffs )
Chuck_Array8 * in_args = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen10coeffs, %d\n", weights);
- if(in_args<0) return;
+ if(in_args!=0) return;
size = in_args->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1287,7 +1287,7 @@ CK_DLL_CTRL( gen7_coeffs )
Chuck_Array8 * in_args = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen10coeffs, %d\n", weights);
- if(in_args<0) return;
+ if(in_args!=0) return;
size = in_args->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1340,7 +1340,7 @@ CK_DLL_CTRL( gen9_coeffs )
Chuck_Array8 * weights = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen10coeffs, %d\n", weights);
- if(weights<0) return;
+ if(weights!=0) return;
size = weights->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1390,7 +1390,7 @@ CK_DLL_CTRL( gen10_coeffs )
Chuck_Array8 * weights = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen10coeffs, %d\n", weights);
- if(weights<0) return;
+ if(weights!=0) return;
size = weights->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1441,7 +1441,7 @@ CK_DLL_CTRL( gen17_coeffs )
Chuck_Array8 * weights = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen17coeffs, %d\n", weights);
- if(weights<0) return;
+ if(weights!=0) return;
size = weights->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1502,7 +1502,7 @@ CK_DLL_CTRL( curve_coeffs )
Chuck_Array8 * weights = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen17coeffs, %d\n", weights);
- if(weights<0) goto done;
+ if(weights!=0) goto done;
nargs = weights->size();
if (nargs < 5 || (nargs % 3) != 2) { // check number of args

19
pkgs/applications/audio/chuck/default.nix
View File

@ -1,4 +1,6 @@
{ stdenv, fetchurl, alsaLib, bison, flex, libsndfile, which }: { stdenv, fetchurl, alsaLib, bison, flex, libsndfile, which
, AppKit, Carbon, CoreAudio, CoreMIDI, CoreServices, Kernel
}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "1.3.5.2"; version = "1.3.5.2";
@ -10,19 +12,24 @@ stdenv.mkDerivation rec {
}; };
buildInputs = [ bison flex libsndfile which ] buildInputs = [ bison flex libsndfile which ]
++ stdenv.lib.optional (!stdenv.isDarwin) alsaLib; ++ stdenv.lib.optional (!stdenv.isDarwin) alsaLib
++ stdenv.lib.optional stdenv.isDarwin [ AppKit Carbon CoreAudio CoreMIDI CoreServices Kernel ];
patches = [ ./darwin-limits.patch ]; patches = [ ./clang.patch ./darwin-limits.patch ];
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.isDarwin "-Wno-missing-sysroot";
NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isDarwin "-framework MultitouchSupport";
postPatch = '' postPatch = ''
substituteInPlace src/makefile --replace "/usr/bin" "$out/bin" substituteInPlace src/makefile --replace "/usr/bin" "$out/bin"
substituteInPlace src/makefile.osx --replace "xcodebuild" "/usr/bin/xcodebuild" substituteInPlace src/makefile.osx --replace "xcodebuild" "/usr/bin/xcodebuild"
substituteInPlace src/makefile.osx --replace "weak_framework" "framework" substituteInPlace src/makefile.osx --replace "weak_framework" "framework"
substituteInPlace src/makefile.osx --replace "MACOSX_DEPLOYMENT_TARGET=10.5" "MACOSX_DEPLOYMENT_TARGET=$MACOSX_DEPLOYMENT_TARGET"
''; '';
buildPhase = buildPhase = ''
stdenv.lib.optionals stdenv.isLinux ["make -C src linux-alsa"] ++ make -C src ${if stdenv.isDarwin then "osx" else "linux-alsa"}
stdenv.lib.optionals stdenv.isDarwin ["make -C src osx"]; '';
installPhase = '' installPhase = ''
install -Dm755 ./src/chuck $out/bin/chuck install -Dm755 ./src/chuck $out/bin/chuck

11
pkgs/applications/audio/eq10q/default.nix
View File

@ -1,4 +1,5 @@
{ stdenv, fetchurl, cmake, fftw, gtkmm2, libxcb, lv2, pkgconfig, xorg }: { stdenv, fetchurl, fetchpatch, cmake, fftw, gtkmm2, libxcb, lv2, pkgconfig
, xorg }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "eq10q-${version}"; name = "eq10q-${version}";
version = "2.2"; version = "2.2";
@ -10,6 +11,14 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];
buildInputs = [ cmake fftw gtkmm2 libxcb lv2 xorg.libpthreadstubs xorg.libXdmcp xorg.libxshmfence ]; buildInputs = [ cmake fftw gtkmm2 libxcb lv2 xorg.libpthreadstubs xorg.libXdmcp xorg.libxshmfence ];
patches = [
(fetchpatch {
# glibc 2.27 compatibility
url = https://sources.debian.org/data/main/e/eq10q/2.2~repack0-2.1/debian/patches/05-pow10.patch;
sha256 = "07b0wf6k4xqgigv4h095bzfaw8r218wa36r9w1817jcys13r6c5r";
})
];
installFlags = '' installFlags = ''
DESTDIR=$(out) DESTDIR=$(out)
''; '';

2
pkgs/applications/audio/faust/faust1.nix
View File

@ -49,7 +49,7 @@ let
# faust.wrapWithBuildEnv. # faust.wrapWithBuildEnv.
postInstall = '' postInstall = ''
# syntax error when eval'd directly # syntax error when eval'd directly
pattern="faust2!(svg)" pattern="faust2!(*@(atomsnippets|graph|graphviewer|md|plot|sig|sigviewer|svg))"
(shopt -s extglob; rm "$out"/bin/$pattern) (shopt -s extglob; rm "$out"/bin/$pattern)
''; '';

2
pkgs/applications/audio/faust/faust2.nix
View File

@ -78,7 +78,7 @@ let
# faust.wrapWithBuildEnv. # faust.wrapWithBuildEnv.
postInstall = '' postInstall = ''
# syntax error when eval'd directly # syntax error when eval'd directly
pattern="faust2!(svg)" pattern="faust2!(*@(atomsnippets|graph|graphviewer|md|plot|sig|sigviewer|svg))"
(shopt -s extglob; rm "$out"/bin/$pattern) (shopt -s extglob; rm "$out"/bin/$pattern)
''; '';

4
pkgs/applications/audio/flacon/default.nix
View File

@ -5,13 +5,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "flacon-${version}"; name = "flacon-${version}";
version = "4.0.0"; version = "4.1.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "flacon"; owner = "flacon";
repo = "flacon"; repo = "flacon";
rev = "v${version}"; rev = "v${version}";
sha256 = "0l0xbzpy4nnr08z7gqvb4ngrjwzpspa382cbcrpkya3nd40987kr"; sha256 = "1sw2v2w3s79lbzhkf96m8lwvag824am7rwfzzsi8bz6sa6krmj0m";
}; };
nativeBuildInputs = [ cmake pkgconfig makeWrapper ]; nativeBuildInputs = [ cmake pkgconfig makeWrapper ];

4
pkgs/applications/audio/fluidsynth/default.nix
View File

@ -5,13 +5,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "fluidsynth-${version}"; name = "fluidsynth-${version}";
version = "1.1.9"; version = "1.1.10";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "FluidSynth"; owner = "FluidSynth";
repo = "fluidsynth"; repo = "fluidsynth";
rev = "v${version}"; rev = "v${version}";
sha256 = "0krvmb1idnf95l2ydzfcb08ayyx3n4m71hf9fgwv3srzaikvpf3q"; sha256 = "04jlgq1d1hd8r9cnmkl3lgf1fgm7kgy4hh9nfddap41fm1wp121p";
}; };
nativeBuildInputs = [ pkgconfig cmake ]; nativeBuildInputs = [ pkgconfig cmake ];

1
pkgs/applications/audio/mi2ly/default.nix
View File

@ -36,5 +36,6 @@ stdenv.mkDerivation {
license = stdenv.lib.licenses.gpl2Plus ; license = stdenv.lib.licenses.gpl2Plus ;
maintainers = [stdenv.lib.maintainers.raskin]; maintainers = [stdenv.lib.maintainers.raskin];
platforms = stdenv.lib.platforms.linux; platforms = stdenv.lib.platforms.linux;
broken = true; # 2018-04-11
}; };
} }

0
pkgs/applications/audio/mopidy-gmusic/default.nix → pkgs/applications/audio/mopidy/gmusic.nix
View File

7
pkgs/applications/audio/mopidy-iris/default.nix → pkgs/applications/audio/mopidy/iris.nix
View File

@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec { pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris"; pname = "Mopidy-Iris";
version = "3.14.2"; version = "3.17.1";
src = pythonPackages.fetchPypi { src = pythonPackages.fetchPypi {
inherit pname version; inherit pname version;
sha256 = "19affzk45wby50gwxwzqgwa7h7618lcs48ngdsa06sd66s8x2fza"; sha256 = "02k1br077v9c5x6nn0391vh28pvn1zjbkjv8h508vy7k6ch2xjyq";
}; };
propagatedBuildInputs = [ propagatedBuildInputs = [
@ -17,8 +17,11 @@ pythonPackages.buildPythonApplication rec {
pylast pylast
spotipy spotipy
raven raven
tornado
]); ]);
postPatch = "sed -i /tornado/d setup.py";
# no tests implemented # no tests implemented
doCheck = false; doCheck = false;

0
pkgs/applications/audio/mopidy-local-images/default.nix → pkgs/applications/audio/mopidy/local-images.nix
View File

0
pkgs/applications/audio/mopidy-local-sqlite/default.nix → pkgs/applications/audio/mopidy/local-sqlite.nix
View File

0
pkgs/applications/audio/mopidy-moped/default.nix → pkgs/applications/audio/mopidy/moped.nix
View File

Some files were not shown because too many files have changed in this diff Show More