JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/nixos/nixpkgs

Browse Source
This commit is contained in:
Alexander Krupenkin 2018-04-18 15:13:25 +03:00
commit 03d1b72523
No known key found for this signature in database
GPG Key ID: 0D0A7FA67911873E
1353 changed files with 23356 additions and 15592 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/CODEOWNERS vendored
View File

@ -64,6 +64,9 @@
/pkgs/development/interpreters/ruby @zimbatm
/pkgs/development/ruby-modules @zimbatm
# Rust
/pkgs/development/compilers/rust @Mic92 @LnL7
# Darwin-related
/pkgs/stdenv/darwin @NixOS/darwin-maintainers
/pkgs/os-specific/darwin @NixOS/darwin-maintainers

40
doc/configuration.xml
View File

@ -14,6 +14,8 @@ true:</para>
its <literal>meta.broken</literal> set to
<literal>true</literal>.</para></listitem>
<listitem><para>The package isn't intended to run on the given system, as none of its <literal>meta.platforms</literal> match the given system.</para></listitem>
<listitem><para>The package's <literal>meta.license</literal> is set
to a license which is considered to be unfree.</para></listitem>
@ -88,6 +90,42 @@ distributing the software.</para>
</itemizedlist>
</section>
<section xml:id="sec-allow-unsupported-system">
<title>Installing packages on unsupported systems</title>
<para>
There are also two ways to try compiling a package which has been marked as unsuported for the given system.
</para>
<itemizedlist>
<listitem><para>
For allowing the build of a broken package once, you can use an environment variable for a single invocation of the nix tools:
<programlisting>$ export NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1</programlisting>
</para></listitem>
<listitem>
<para>
For permanently allowing broken packages to be built, you may add <literal>allowUnsupportedSystem = true;</literal> to your user's configuration file, like this:
<programlisting>
{
allowUnsupportedSystem = true;
}
</programlisting>
</para>
</listitem>
</itemizedlist>
<para>
The difference between an a package being unsupported on some system and being broken is admittedly a bit fuzzy.
If a program <emphasis>ought</emphasis> to work on a certain platform, but doesn't, the platform should be included in <literal>meta.platforms</literal>, but marked as broken with e.g. <literal>meta.broken = !hostPlatform.isWindows</literal>.
Of course, this begs the question of what "ought" means exactly.
That is left to the package maintainer.
</para>
</section>
<section xml:id="sec-allow-unfree">
<title>Installing unfree packages</title>
@ -397,7 +435,7 @@ fi
</para>
</section>
<section xml:id="sec-gnu-info-setup">
<title>GNU info setup</title>

3
doc/overrides.css
View File

@ -1,4 +1,5 @@
.docbook .xref img[src^=images\/callouts\/],
.screen img,
.programlisting img {
width: 1em;
}

2
doc/reviewing-contributions.xml
View File

@ -112,7 +112,7 @@ $ git rebase --onto nixos-unstable BASEBRANCH FETCH_HEAD <co
<varname>BASEBRANCH</varname> the base branch of the
pull-request.</para>
</callout>
<callout arearefs='reviewing-rebase-3'>
<callout arearefs='reviewing-rebase-4'>
<para>Rebasing the pull-request changes to the nixos-unstable
branch.</para>
</callout>

2
lib/default.nix
View File

@ -74,7 +74,7 @@ let
inherit (lists) singleton foldr fold foldl foldl' imap0 imap1
concatMap flatten remove findSingle findFirst any all count
optional optionals toList range partition zipListsWith zipLists
reverseList listDfs toposort sort compareLists take drop sublist
reverseList listDfs toposort sort naturalSort compareLists take drop sublist
last init crossLists unique intersectLists subtractLists
mutuallyExclusive;
inherit (strings) concatStrings concatMapStrings concatImapStrings

23
lib/lists.nix
View File

@ -1,7 +1,9 @@
# General list operations.
{ lib }:
with lib.trivial;
let
inherit (lib.strings) toInt;
in
rec {
inherit (builtins) head tail length isList elemAt concatLists filter elem genList;
@ -409,6 +411,25 @@ rec {
then compareLists cmp (tail a) (tail b)
else rel;
/* Sort list using "Natural sorting".
Numeric portions of strings are sorted in numeric order.
Example:
naturalSort ["disk11" "disk8" "disk100" "disk9"]
=> ["disk8" "disk9" "disk11" "disk100"]
naturalSort ["10.46.133.149" "10.5.16.62" "10.54.16.25"]
=> ["10.5.16.62" "10.46.133.149" "10.54.16.25"]
naturalSort ["v0.2" "v0.15" "v0.0.9"]
=> [ "v0.0.9" "v0.2" "v0.15" ]
*/
naturalSort = lst:
let
vectorise = s: map (x: if isList x then toInt (head x) else x) (builtins.split "(0|[1-9][0-9]*)" s);
prepared = map (x: [ (vectorise x) x ]) lst; # remember vectorised version for O(n) regex splits
less = a: b: (compareLists compare (head a) (head b)) < 0;
in
map (x: elemAt x 1) (sort less prepared);
/* Return the first (at most) N elements of a list.
Example:

4
lib/systems/parse.nix
View File

@ -34,7 +34,7 @@ rec {
################################################################################
types.openSignifiantByte = mkOptionType {
types.openSignificantByte = mkOptionType {
name = "significant-byte";
description = "Endianness";
merge = mergeOneOption;
@ -42,7 +42,7 @@ rec {
types.significantByte = enum (attrValues significantBytes);
significantBytes = setTypes types.openSignifiantByte {
significantBytes = setTypes types.openSignificantByte {
bigEndian = {};
littleEndian = {};
};

70
maintainers/maintainer-list.nix
View File

@ -305,6 +305,11 @@
github = "akru";
name = "Alexander Krupenkin ";
};
alexchapman = {
name = "Alex Chapman";
email = "alex@farfromthere.net";
github = "AJChapman";
};
alexvorobiev = {
email = "alexander.vorobiev@gmail.com";
github = "alexvorobiev";
@ -1196,6 +1201,11 @@
github = "ElvishJerricco";
name = "Will Fancher";
};
endgame = {
email = "jack@jackkelly.name";
github = "endgame";
name = "Jack Kelly";
};
enzime = {
email = "enzime@users.noreply.github.com";
github = "enzime";
@ -1892,6 +1902,11 @@
email = "info+nix@chmist.com";
name = "karolchmist";
};
kazcw = {
email = "kaz@lambdaverse.org";
github = "kazcw";
name = "Kaz Wesley";
};
kentjames = {
email = "jameschristopherkent@gmail.com";
github = "kentjames";
@ -2495,6 +2510,11 @@
github = "mschristiansen";
name = "Mikkel Christiansen";
};
msiedlarek = {
email = "mikolaj@siedlarek.pl";
github = "msiedlarek";
name = "Mikołaj Siedlarek";
};
mstarzyk = {
email = "mstarzyk@gmail.com";
github = "mstarzyk";
@ -2510,6 +2530,11 @@
github = "mt-caret";
name = "Masayuki Takeda";
};
MtP = {
email = "marko.nixos@poikonen.de";
github = "MtP76";
name = "Marko Poikonen";
};
mtreskin = {
email = "zerthurd@gmail.com";
github = "Zert";
@ -2605,6 +2630,11 @@
github = "ninjatrappeur";
name = "Félix Baylac-Jacqué";
};
nioncode = {
email = "nioncode+github@gmail.com";
github = "nioncode";
name = "Nicolas Schneider";
};
nipav = {
email = "niko.pavlinek@gmail.com";
github = "nipav";
@ -2644,6 +2674,11 @@
github = "nthorne";
name = "Niklas Thörne";
};
nyanloutre = {
email = "paul@nyanlout.re";
github = "nyanloutre";
name = "Paul Trehiou";
};
nyarly = {
email = "nyarly@gmail.com";
github = "nyarly";
@ -3054,6 +3089,11 @@
github = "risicle";
name = "Robert Scott";
};
rittelle = {
email = "rittelle@posteo.de";
github = "rittelle";
name = "Lennart Rittel";
};
rlupton20 = {
email = "richard.lupton@gmail.com";
github = "rlupton20";
@ -3114,6 +3154,11 @@
github = "rongcuid";
name = "Rongcui Dong";
};
rprospero = {
email = "rprospero+nix@gmail.com";
github = "rprospero";
name = "Adam Washington";
};
rszibele = {
email = "richard@szibele.com";
github = "rszibele";
@ -3258,6 +3303,11 @@
github = "sengaya";
name = "Thilo Uttendorfer";
};
sephalon = {
email = "me@sephalon.net";
github = "sephalon";
name = "Stefan Wiehler";
};
sepi = {
email = "raffael@mancini.lu";
github = "sepi";
@ -3361,6 +3411,11 @@
github = "grwlf";
name = "Sergey Mironov";
};
sna = {
email = "abouzahra.9@wright.edu";
github = "s-na";
name = "S. Nordin Abouzahra";
};
snyh = {
email = "snyh@snyh.org";
github = "snyh";
@ -3471,6 +3526,11 @@
github = "symphorien";
name = "Guillaume Girol";
};
synthetica = {
email = "nix@hilhorst.be";
github = "Synthetica9";
name = "Patrick Hilhorst";
};
szczyp = {
email = "qb@szczyp.com";
github = "szczyp";
@ -3710,6 +3770,11 @@
github = "twey";
name = "James Twey Kay";
};
typetetris = {
email = "ericwolf42@mail.com";
github = "typetetris";
name = "Eric Wolf";
};
unode = {
email = "alves.rjc@gmail.com";
github = "unode";
@ -4080,4 +4145,9 @@
github = "zzamboni";
name = "Diego Zamboni";
};
srghma = {
email = "srghma@gmail.com";
github = "srghma";
name = "Sergei Khoma";
};
}

2
nixos/doc/manual/installation/installing-usb.xml
View File

@ -51,7 +51,7 @@ ISO, copy its contents verbatim to your drive, then either:
<listitem>
<para>If you want to load the contents of the ISO to ram after bootin
(So you can remove the stick after bootup) you can append the parameter
<literal>copytoram</literal>to the <literal>options</literal> field.</para>
<literal>copytoram</literal> to the <literal>options</literal> field.</para>
</listitem>
</itemizedlist>
</para>

18
nixos/doc/manual/installation/installing.xml
View File

@ -115,23 +115,17 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif
<varlistentry><term>UEFI systems</term>
<listitem><para>For creating boot partitions:
<command>mkfs.fat</command>. Again its recommended to assign a
label to the boot partition: <option>-L
label to the boot partition: <option>-n
<replaceable>label</replaceable></option>. For example:
<screen>
# mkfs.fat -F 32 -L boot /dev/sda3</screen>
# mkfs.fat -F 32 -n boot /dev/sda3</screen>
</para></listitem></varlistentry></variablelist></listitem>
<listitem><para>For creating LVM volumes, the LVM commands, e.g.,
<screen>
# pvcreate /dev/sda1 /dev/sdb1
# vgcreate MyVolGroup /dev/sda1 /dev/sdb1
# lvcreate --size 2G --name bigdisk MyVolGroup
# lvcreate --size 1G --name smalldisk MyVolGroup</screen>
</para></listitem>
<command>pvcreate</command>, <command>vgcreate</command>, and
<command>lvcreate</command>.</para></listitem>
<listitem><para>For creating software RAID devices, use
<command>mdadm</command>.</para></listitem>
@ -155,6 +149,7 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif
<listitem><para>Mount the boot file system on <filename>/mnt/boot</filename>, e.g.
<screen>
# mkdir -p /mnt/boot
# mount /dev/disk/by-label/boot /mnt/boot
</screen>
@ -366,8 +361,9 @@ drive (here <filename>/dev/sda</filename>). <xref linkend="ex-config"
# mkfs.ext4 -L nixos /dev/sda1
# mkswap -L swap /dev/sda2
# swapon /dev/sda2
# mkfs.fat -F 32 -L boot /dev/sda3 # <lineannotation>(for UEFI systems only)</lineannotation>
# mkfs.fat -F 32 -n boot /dev/sda3 # <lineannotation>(for UEFI systems only)</lineannotation>
# mount /dev/disk/by-label/nixos /mnt
# mkdir -p /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation>
# mount /dev/disk/by-label/boot /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation>
# nixos-generate-config --root /mnt
# nano /mnt/etc/nixos/configuration.nix

3
nixos/doc/manual/release-notes/rl-1809.xml
View File

@ -58,6 +58,9 @@ following incompatible changes:</para>
<itemizedlist>
<listitem>
<para>
The <literal>clementine</literal> package points now to the free derivation.
<literal>clementineFree</literal> is removed now and <literal>clementineUnfree</literal>
points to the package which is bundled with the unfree <literal>libspotify</literal> package.
</para>
</listitem>
</itemizedlist>

15
nixos/lib/make-ext4-fs.nix
View File

@ -7,23 +7,22 @@
, volumeLabel
}:
let
sdClosureInfo = pkgs.closureInfo { rootPaths = storePaths; };
in
pkgs.stdenv.mkDerivation {
name = "ext4-fs.img";
nativeBuildInputs = with pkgs; [e2fsprogs libfaketime perl];
# For obtaining the closure of `storePaths'.
exportReferencesGraph =
map (x: [("closure-" + baseNameOf x) x]) storePaths;
buildCommand =
''
# Add the closures of the top-level store objects.
storePaths=$(perl ${pkgs.pathsFromGraph} closure-*)
storePaths=$(cat ${sdClosureInfo}/store-paths)
# Also include a manifest of the closures in a format suitable
# for nix-store --load-db.
printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > nix-path-registration
# Also include a manifest of the closures in a format suitable for nix-store --load-db.
cp ${sdClosureInfo}/registration nix-path-registration
# Make a crude approximation of the size of the target image.
# If the script starts failing, increase the fudge factors here.

2
nixos/lib/test-driver/Machine.pm
View File

@ -612,7 +612,7 @@ sub waitForX {
my ($self, $regexp) = @_;
$self->nest("waiting for the X11 server", sub {
retry sub {
my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'session opened'");
my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'Reached target Current graphical'");
return 0 if $status != 0;
($status, $out) = $self->execute("[ -e /tmp/.X11-unix/X0 ]");
return 1 if $status == 0;

4
nixos/lib/testing.nix
View File

@ -111,6 +111,8 @@ in rec {
ocrProg = tesseract_4.override { enableLanguages = [ "eng" ]; };
imagemagick_tiff = imagemagick_light.override { inherit libtiff; };
# Generate onvenience wrappers for running the test driver
# interactively with the specified network, and for starting the
# VMs from the command line.
@ -128,7 +130,7 @@ in rec {
wrapProgram $out/bin/nixos-test-driver \
--add-flags "''${vms[*]}" \
${lib.optionalString enableOCR
"--prefix PATH : '${ocrProg}/bin:${imagemagick}/bin'"} \
"--prefix PATH : '${ocrProg}/bin:${imagemagick_tiff}/bin'"} \
--run "export testScript=\"\$(cat $out/test-script)\"" \
--set VLANS '${toString vlans}'
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms

2
nixos/modules/config/pulseaudio.nix
View File

@ -214,6 +214,8 @@ in {
(mkIf cfg.enable {
environment.systemPackages = [ overriddenPackage ];
sound.enable = true;
environment.etc = [
{ target = "asound.conf";
source = alsaConf; }

2
nixos/modules/config/users-groups.nix
View File

@ -92,7 +92,7 @@ let
group = mkOption {
type = types.str;
apply = x: assert (builtins.stringLength x < 17 || abort "Group name '${x}' is longer than 16 characters which is not allowed!"); x;
apply = x: assert (builtins.stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x;
default = "nogroup";
description = "The user's primary group.";
};

33
nixos/modules/hardware/onlykey.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, lib, ... }:
with lib;
{
####### interface
options = {
hardware.onlykey = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable OnlyKey device (https://crp.to/p/) support.
'';
};
};
};
## As per OnlyKey's documentation piece (hhttps://docs.google.com/document/d/1Go_Rs218fKUx-j_JKhddbSVTqY6P0vQO831t2MKCJC8),
## it is important to add udev rule for OnlyKey for it to work on Linux
####### implementation
config = mkIf config.hardware.onlykey.enable {
services.udev.extraRules = builtin.readFile ./onlykey.udev;
};
}

4
nixos/modules/hardware/onlykey.udev Normal file
View File

@ -0,0 +1,4 @@
ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"
ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", GROUP+="plugdev"
KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", GROUP+="plugdev"

154
nixos/modules/hardware/opengl.nix
View File

@ -14,7 +14,6 @@ let
name = "mesa-drivers+txc-${p.mesa_drivers.version}";
paths =
[ p.mesa_drivers
p.mesa_drivers.out # mainly for libGL
(if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc)
];
};
@ -33,89 +32,92 @@ in
{
options = {
hardware.opengl.enable = mkOption {
description = ''
Whether to enable OpenGL drivers. This is needed to enable
OpenGL support in X11 systems, as well as for Wayland compositors
like sway, way-cooler and Weston. It is enabled by default
by the corresponding modules, so you do not usually have to
set it yourself, only if there is no module for your wayland
compositor of choice. See services.xserver.enable,
programs.sway.enable, and programs.way-cooler.enable.
'';
type = types.bool;
default = false;
};
hardware.opengl.driSupport = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable accelerated OpenGL rendering through the
Direct Rendering Interface (DRI).
'';
};
hardware.opengl = {
enable = mkOption {
description = ''
Whether to enable OpenGL drivers. This is needed to enable
OpenGL support in X11 systems, as well as for Wayland compositors
like sway, way-cooler and Weston. It is enabled by default
by the corresponding modules, so you do not usually have to
set it yourself, only if there is no module for your wayland
compositor of choice. See services.xserver.enable,
programs.sway.enable, and programs.way-cooler.enable.
'';
type = types.bool;
default = false;
};
hardware.opengl.driSupport32Bit = mkOption {
type = types.bool;
default = false;
description = ''
On 64-bit systems, whether to support Direct Rendering for
32-bit applications (such as Wine). This is currently only
supported for the <literal>nvidia</literal> and
<literal>ati_unfree</literal> drivers, as well as
<literal>Mesa</literal>.
'';
};
driSupport = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable accelerated OpenGL rendering through the
Direct Rendering Interface (DRI).
'';
};
hardware.opengl.s3tcSupport = mkOption {
type = types.bool;
default = false;
description = ''
Make S3TC(S3 Texture Compression) via libtxc_dxtn available
to OpenGL drivers instead of the patent-free S2TC replacement.
driSupport32Bit = mkOption {
type = types.bool;
default = false;
description = ''
On 64-bit systems, whether to support Direct Rendering for
32-bit applications (such as Wine). This is currently only
supported for the <literal>nvidia</literal> and
<literal>ati_unfree</literal> drivers, as well as
<literal>Mesa</literal>.
'';
};
Using this library may require a patent license depending on your location.
'';
};
s3tcSupport = mkOption {
type = types.bool;
default = false;
description = ''
Make S3TC(S3 Texture Compression) via libtxc_dxtn available
to OpenGL drivers instead of the patent-free S2TC replacement.
hardware.opengl.package = mkOption {
type = types.package;
internal = true;
description = ''
The package that provides the OpenGL implementation.
'';
};
Using this library may require a patent license depending on your location.
'';
};
hardware.opengl.package32 = mkOption {
type = types.package;
internal = true;
description = ''
The package that provides the 32-bit OpenGL implementation on
64-bit systems. Used when <option>driSupport32Bit</option> is
set.
'';
};
package = mkOption {
type = types.package;
internal = true;
description = ''
The package that provides the OpenGL implementation.
'';
};
hardware.opengl.extraPackages = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]";
description = ''
Additional packages to add to OpenGL drivers. This can be used
to add OpenCL drivers, VA-API/VDPAU drivers etc.
'';
};
package32 = mkOption {
type = types.package;
internal = true;
description = ''
The package that provides the 32-bit OpenGL implementation on
64-bit systems. Used when <option>driSupport32Bit</option> is
set.
'';
};
hardware.opengl.extraPackages32 = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
description = ''
Additional packages to add to 32-bit OpenGL drivers on
64-bit systems. Used when <option>driSupport32Bit</option> is
set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
'';
extraPackages = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]";
description = ''
Additional packages to add to OpenGL drivers. This can be used
to add OpenCL drivers, VA-API/VDPAU drivers etc.
'';
};
extraPackages32 = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
description = ''
Additional packages to add to 32-bit OpenGL drivers on
64-bit systems. Used when <option>driSupport32Bit</option> is
set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
'';
};
};
};

11
nixos/modules/hardware/video/nvidia.nix
View File

@ -25,13 +25,6 @@ let
nvidia_x11 = nvidiaForKernel config.boot.kernelPackages;
nvidia_libs32 = (nvidiaForKernel pkgs_i686.linuxPackages).override { libsOnly = true; kernel = null; };
nvidiaPackage = nvidia: pkgs:
if !nvidia.useGLVND then nvidia.out
else pkgs.buildEnv {
name = "nvidia-libs";
paths = [ pkgs.libglvnd nvidia.out ];
};
enabled = nvidia_x11 != null;
in
@ -57,8 +50,8 @@ in
source = "${nvidia_x11.bin}/share/nvidia/nvidia-application-profiles-rc";
};
hardware.opengl.package = nvidiaPackage nvidia_x11 pkgs;
hardware.opengl.package32 = nvidiaPackage nvidia_libs32 pkgs_i686;
hardware.opengl.package = nvidia_x11.out;
hardware.opengl.package32 = nvidia_libs32.out;
environment.systemPackages = [ nvidia_x11.bin nvidia_x11.settings ]
++ lib.filter (p: p != null) [ nvidia_x11.persistenced ];

2
nixos/modules/installer/cd-dvd/channel.nix
View File

@ -21,7 +21,9 @@ let
if [ ! -e $out/nixos/nixpkgs ]; then
ln -s . $out/nixos/nixpkgs
fi
echo -n ${config.system.nixos.revision} > $out/nixos/.git-revision
echo -n ${config.system.nixos.versionSuffix} > $out/nixos/.version-suffix
echo ${config.system.nixos.versionSuffix} | sed -e s/pre// > $out/nixos/svn-revision
'';
in

1
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -585,7 +585,6 @@ $bootLoaderConfig
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.bash.enableCompletion = true;
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

2
nixos/modules/misc/ids.nix
View File

@ -305,6 +305,7 @@
hass = 286;
monero = 287;
ceph = 288;
duplicati = 289;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -578,6 +579,7 @@
hass = 286;
monero = 287;
ceph = 288;
duplicati = 289;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

17
nixos/modules/misc/locate.nix
View File

@ -97,7 +97,7 @@ in {
Whether not to index bind mounts
'';
};
};
config = mkIf cfg.enable {
@ -133,13 +133,26 @@ in {
systemd.services.update-locatedb =
{ description = "Update Locate Database";
path = mkIf (!isMLocate) [ pkgs.su ];
# mlocate's updatedb takes flags via a configuration file or
# on the command line, but not by environment variable.
script =
if isMLocate
then let toFlags = x: optional (cfg.${x} != [])
"--${lib.toLower x} '${concatStringsSep " " cfg.${x}}'";
args = concatLists (map toFlags ["pruneFS" "pruneNames" "prunePaths"]);
in ''
exec ${cfg.locate}/bin/updatedb \
--output ${toString cfg.output} ${concatStringsSep " " args} \
--prune-bind-mounts ${if cfg.pruneBindMounts then "yes" else "no"} \
${concatStringsSep " " cfg.extraFlags}
''
else ''
exec ${cfg.locate}/bin/updatedb \
${optionalString (cfg.localuser != null && ! isMLocate) ''--localuser=${cfg.localuser}''} \
--output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
'';
environment = {
environment = optionalAttrs (!isMLocate) {
PRUNEFS = concatStringsSep " " cfg.pruneFS;
PRUNEPATHS = concatStringsSep " " cfg.prunePaths;
PRUNENAMES = concatStringsSep " " cfg.pruneNames;

7
nixos/modules/module-list.nix
View File

@ -41,6 +41,7 @@
./hardware/pcmcia.nix
./hardware/raid/hpsa.nix
./hardware/usb-wwan.nix
./hardware/onlykey.nix
./hardware/video/amdgpu.nix
./hardware/video/amdgpu-pro.nix
./hardware/video/ati.nix
@ -86,6 +87,7 @@
./programs/freetds.nix
./programs/gnupg.nix
./programs/gphoto2.nix
./programs/iftop.nix
./programs/java.nix
./programs/kbdlight.nix
./programs/less.nix
@ -159,6 +161,7 @@
./services/audio/ympd.nix
./services/backup/bacula.nix
./services/backup/borgbackup.nix
./services/backup/duplicati.nix
./services/backup/crashplan.nix
./services/backup/crashplan-small-business.nix
./services/backup/mysql-backup.nix
@ -363,6 +366,7 @@
./services/misc/ripple-data-api.nix
./services/misc/rogue.nix
./services/misc/serviio.nix
./services/misc/safeeyes.nix
./services/misc/siproxd.nix
./services/misc/snapper.nix
./services/misc/sonarr.nix
@ -529,7 +533,7 @@
./services/networking/prayer.nix
./services/networking/privoxy.nix
./services/networking/prosody.nix
# ./services/networking/quagga.nix
./services/networking/quagga.nix
./services/networking/quassel.nix
./services/networking/racoon.nix
./services/networking/radicale.nix
@ -543,6 +547,7 @@
./services/networking/searx.nix
./services/networking/seeks.nix
./services/networking/skydns.nix
./services/networking/shadowsocks.nix
./services/networking/shairport-sync.nix
./services/networking/shout.nix
./services/networking/sniproxy.nix

2
nixos/modules/programs/bash/bash.nix
View File

@ -110,7 +110,7 @@ in
};
enableCompletion = mkOption {
default = false;
default = true;
description = ''
Enable Bash completion for all interactive bash shells.
'';

18
nixos/modules/programs/iftop.nix Normal file
View File

@ -0,0 +1,18 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.iftop;
in {
options = {
programs.iftop.enable = mkEnableOption "iftop + setcap wrapper";
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.iftop ];
security.wrappers.iftop = {
source = "${pkgs.iftop}/bin/iftop";
capabilities = "cap_net_raw+p";
};
};
}

17
nixos/modules/programs/less.nix
View File

@ -6,7 +6,7 @@ let
cfg = config.programs.less;
configFile = ''
configText = if (cfg.configFile != null) then (builtins.readFile cfg.configFile) else ''
#command
${concatStringsSep "\n"
(mapAttrsToList (command: action: "${command} ${action}") cfg.commands)
@ -25,7 +25,7 @@ let
'';
lessKey = pkgs.runCommand "lesskey"
{ src = pkgs.writeText "lessconfig" configFile; }
{ src = pkgs.writeText "lessconfig" configText; }
"${pkgs.less}/bin/lesskey -o $out $src";
in
@ -37,6 +37,19 @@ in
enable = mkEnableOption "less";
configFile = mkOption {
type = types.nullOr types.path;
default = null;
example = literalExample "$${pkgs.my-configs}/lesskey";
description = ''
Path to lesskey configuration file.
<option>configFile</option> takes precedence over <option>commands</option>,
<option>clearDefaultCommands</option>, <option>lineEditingKeys</option>, and
<option>envVariables</option>.
'';
};
commands = mkOption {
type = types.attrsOf types.str;
default = {};

47
nixos/modules/security/acme.nix
View File

@ -240,6 +240,7 @@ in
};
selfsignedService = {
description = "Create preliminary self-signed certificate for ${cert}";
path = [ pkgs.openssl ];
preStart = ''
if [ ! -d '${cpath}' ]
then
@ -250,37 +251,41 @@ in
'';
script =
''
# Create self-signed key
workdir="/run/acme-selfsigned-${cert}"
${pkgs.openssl.bin}/bin/openssl genrsa -des3 -passout pass:x -out $workdir/server.pass.key 2048
${pkgs.openssl.bin}/bin/openssl rsa -passin pass:x -in $workdir/server.pass.key -out $workdir/server.key
${pkgs.openssl.bin}/bin/openssl req -new -key $workdir/server.key -out $workdir/server.csr \
workdir="$(mktemp -d)"
# Create CA
openssl genrsa -des3 -passout pass:x -out $workdir/ca.pass.key 2048
openssl rsa -passin pass:x -in $workdir/ca.pass.key -out $workdir/ca.key
openssl req -new -key $workdir/ca.key -out $workdir/ca.csr \
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=Security Department/CN=example.com"
openssl x509 -req -days 1 -in $workdir/ca.csr -signkey $workdir/ca.key -out $workdir/ca.crt
# Create key
openssl genrsa -des3 -passout pass:x -out $workdir/server.pass.key 2048
openssl rsa -passin pass:x -in $workdir/server.pass.key -out $workdir/server.key
openssl req -new -key $workdir/server.key -out $workdir/server.csr \
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com"
${pkgs.openssl.bin}/bin/openssl x509 -req -days 1 -in $workdir/server.csr -signkey $workdir/server.key -out $workdir/server.crt
openssl x509 -req -days 1 -in $workdir/server.csr -CA $workdir/ca.crt \
-CAkey $workdir/ca.key -CAserial $workdir/ca.srl -CAcreateserial \
-out $workdir/server.crt
# Move key to destination
mv $workdir/server.key ${cpath}/key.pem
mv $workdir/server.crt ${cpath}/fullchain.pem
# Copy key to destination
cp $workdir/server.key ${cpath}/key.pem
# Create full.pem for e.g. lighttpd (same format as "simp_le ... -f full.pem" creates)
cat "${cpath}/key.pem" "${cpath}/fullchain.pem" > "${cpath}/full.pem"
# Create fullchain.pem (same format as "simp_le ... -f fullchain.pem" creates)
cat $workdir/{server.crt,ca.crt} > "${cpath}/fullchain.pem"
# Clean up working directory
rm $workdir/server.csr
rm $workdir/server.pass.key
# Create full.pem for e.g. lighttpd
cat $workdir/{server.key,server.crt,ca.crt} > "${cpath}/full.pem"
# Give key acme permissions
chmod ${rights} '${cpath}/key.pem'
chown '${data.user}:${data.group}' '${cpath}/key.pem'
chmod ${rights} '${cpath}/fullchain.pem'
chown '${data.user}:${data.group}' '${cpath}/fullchain.pem'
chmod ${rights} '${cpath}/full.pem'
chown '${data.user}:${data.group}' '${cpath}/full.pem'
chown '${data.user}:${data.group}' "${cpath}/"{key,fullchain,full}.pem
chmod ${rights} "${cpath}/"{key,fullchain,full}.pem
'';
serviceConfig = {
Type = "oneshot";
RuntimeDirectory = "acme-selfsigned-${cert}";
PermissionsStartOnly = true;
PrivateTmp = true;
User = data.user;
Group = data.group;
};

2
nixos/modules/security/pam.nix
View File

@ -386,7 +386,7 @@ let
${optionalString (cfg.enableGnomeKeyring)
"session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start"}
${optionalString (config.virtualisation.lxc.lxcfs.enable)
"session optional ${pkgs.lxcfs}/lib/security/pam_cgfs.so -c freezer,memory,name=systemd,unified,cpuset"}
"session optional ${pkgs.lxc}/lib/security/pam_cgfs.so -c all"}
'');
};

2
nixos/modules/security/wrappers/wrapper.c
View File

@ -10,8 +10,8 @@
#include <errno.h>
#include <linux/capability.h>
#include <sys/capability.h>
#include <linux/prctl.h>
#include <sys/prctl.h>
#include <limits.h>
#include <cap-ng.h>
// Make sure assertions are not compiled out, we use them to codify

40
nixos/modules/services/backup/duplicati.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.duplicati;
in
{
options = {
services.duplicati = {
enable = mkEnableOption "Duplicati";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.duplicati ];
systemd.services.duplicati = {
description = "Duplicati backup";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "duplicati";
Group = "duplicati";
ExecStart = "${pkgs.duplicati}/bin/duplicati-server --webservice-interface=any --webservice-port=8200 --server-datafolder=/var/lib/duplicati";
Restart = "on-failure";
};
};
users.extraUsers.duplicati = {
uid = config.ids.uids.duplicati;
home = "/var/lib/duplicati";
createHome = true;
group = "duplicati";
};
users.extraGroups.duplicati.gid = config.ids.gids.duplicati;
};
}

6
nixos/modules/services/databases/pgmanage.nix
View File

@ -22,7 +22,7 @@ let
web_root = ${cfg.package}/etc/pgmanage/web_root
data_root = ${cfg.dataRoot}
sql_root = ${cfg.sqlRoot}
${optionalString (!isNull cfg.tls) ''
tls_cert = ${cfg.tls.cert}
@ -130,7 +130,7 @@ let
'';
};
dataRoot = mkOption {
sqlRoot = mkOption {
type = types.str;
default = "/var/lib/pgmanage";
description = ''
@ -210,7 +210,7 @@ in {
users."${pgmanage}" = {
name = pgmanage;
group = pgmanage;
home = cfg.dataRoot;
home = cfg.sqlRoot;
createHome = true;
};
groups."${pgmanage}" = {

5
nixos/modules/services/databases/postgresql.nix
View File

@ -36,9 +36,6 @@ let
${cfg.extraConfig}
'';
pre84 = versionOlder (builtins.parseDrvName postgresql.name).version "8.4";
in
{
@ -182,7 +179,7 @@ in
services.postgresql.authentication = mkAfter
''
# Generated file; do not edit!
local all all ident ${optionalString pre84 "sameuser"}
local all all ident
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
'';

21
nixos/modules/services/editors/emacs.nix
View File

@ -15,6 +15,25 @@ let
fi
'';
desktopApplicationFile = pkgs.writeTextFile {
name = "emacsclient.desktop";
destination = "/share/applications/emacsclient.desktop";
text = ''
[Desktop Entry]
Name=Emacsclient
GenericName=Text Editor
Comment=Edit text
MimeType=text/english;text/plain;text/x-makefile;text/x-c++hdr;text/x-c++src;text/x-chdr;text/x-csrc;text/x-java;text/x-moc;text/x-pascal;text/x-tcl;text/x-tex;application/x-shellscript;text/x-c;text/x-c++;
Exec=emacseditor %F
Icon=emacs
Type=Application
Terminal=false
Categories=Development;TextEditor;
StartupWMClass=Emacs
Keywords=Text;Editor;
'';
};
in {
options.services.emacs = {
@ -74,7 +93,7 @@ in {
};
} // optionalAttrs cfg.enable { wantedBy = [ "default.target" ]; };
environment.systemPackages = [ cfg.package editorScript ];
environment.systemPackages = [ cfg.package editorScript desktopApplicationFile ];
environment.variables = {
# This is required so that GTK applications launched from Emacs

12
nixos/modules/services/hardware/bluetooth.nix
View File

@ -3,8 +3,8 @@
with lib;
let
bluez-bluetooth = pkgs.bluez;
cfg = config.hardware.bluetooth;
bluez-bluetooth = cfg.package;
in {
@ -21,6 +21,16 @@ in {
description = "Whether to power up the default Bluetooth controller on boot.";
};
package = mkOption {
type = types.package;
default = pkgs.bluez;
defaultText = "pkgs.bluez";
example = "pkgs.bluez.override { enableMidi = true; }";
description = ''
Which BlueZ package to use.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";

2
nixos/modules/services/hardware/trezord.nix
View File

@ -38,7 +38,7 @@ in {
path = [];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.trezord}/bin/trezord -f";
ExecStart = "${pkgs.trezord}/bin/trezord-go";
User = "trezord";
};
};

2
nixos/modules/services/misc/mesos-slave.nix
View File

@ -213,7 +213,7 @@ in {
PermissionsStartOnly = true;
};
preStart = ''
mkdir -m 0700 -p ${cfg.workDir}
mkdir -m 0701 -p ${cfg.workDir}
'';
};
};

50
nixos/modules/services/misc/safeeyes.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.safeeyes;
in
{
###### interface
options = {
services.safeeyes = {
enable = mkOption {
default = false;
description = "Whether to enable the safeeyes OSGi service";
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd.user.services.safeeyes = {
description = "Safeeyes";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.safeeyes}/bin/safeeyes
'';
Restart = "on-failure";
RestartSec = 3;
StartLimitInterval = 350;
StartLimitBurst = 10;
};
};
};
}

2
nixos/modules/services/monitoring/grafana.nix
View File

@ -50,7 +50,7 @@ in {
protocol = mkOption {
description = "Which protocol to listen.";
default = "http";
type = types.enum ["http" "https"];
type = types.enum ["http" "https" "socket"];
};
addr = mkOption {

31
nixos/modules/services/networking/dnscache.nix
View File

@ -9,12 +9,12 @@ let
mkdir -p $out/{servers,ip}
${concatMapStrings (ip: ''
echo > "$out/ip/"${lib.escapeShellArg ip}
touch "$out/ip/"${lib.escapeShellArg ip}
'') cfg.clientIps}
${concatStrings (mapAttrsToList (host: ips: ''
${concatMapStrings (ip: ''
echo ${lib.escapeShellArg ip} > "$out/servers/"${lib.escapeShellArg host}
echo ${lib.escapeShellArg ip} >> "$out/servers/"${lib.escapeShellArg host}
'') ips}
'') cfg.domainServers)}
@ -34,33 +34,49 @@ in {
options = {
services.dnscache = {
enable = mkOption {
default = false;
type = types.bool;
description = "Whether to run the dnscache caching dns server";
description = "Whether to run the dnscache caching dns server.";
};
ip = mkOption {
default = "0.0.0.0";
type = types.str;
description = "IP address on which to listen for connections";
description = "IP address on which to listen for connections.";
};
clientIps = mkOption {
default = [ "127.0.0.1" ];
type = types.listOf types.str;
description = "client IP addresses (or prefixes) from which to accept connections";
description = "Client IP addresses (or prefixes) from which to accept connections.";
example = ["192.168" "172.23.75.82"];
};
domainServers = mkOption {
default = { };
type = types.attrsOf (types.listOf types.str);
description = "table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts)";
description = ''
Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts).
If entry for @ is not specified predefined list of root servers is used.
'';
example = {
"example.com" = ["8.8.8.8" "8.8.4.4"];
"@" = ["8.8.8.8" "8.8.4.4"];
"example.com" = ["192.168.100.100"];
};
};
forwardOnly = mkOption {
default = false;
type = types.bool;
description = ''
Whether to treat root servers (for @) as caching
servers, requesting addresses the same way a client does. This is
needed if you want to use e.g. Google DNS as your upstream DNS.
'';
};
};
};
@ -82,6 +98,7 @@ in {
'';
script = ''
cd /var/lib/dnscache/
${optionalString cfg.forwardOnly "export FORWARDONLY=1"}
exec ./run
'';
};

2
nixos/modules/services/networking/iwd.nix
View File

@ -26,7 +26,7 @@ in {
wants = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.iwd}/bin/iwd";
serviceConfig.ExecStart = "${pkgs.iwd}/libexec/iwd";
};
};

36
nixos/modules/services/networking/prosody.nix
View File

@ -295,6 +295,24 @@ in
'';
};
dataDir = mkOption {
type = types.string;
description = "Directory where Prosody stores its data";
default = "/var/lib/prosody";
};
user = mkOption {
type = types.str;
default = "prosody";
description = "User account under which prosody runs.";
};
group = mkOption {
type = types.str;
default = "prosody";
description = "Group account under which prosody runs.";
};
allowRegistration = mkOption {
type = types.bool;
default = false;
@ -421,11 +439,11 @@ in
environment.etc."prosody/prosody.cfg.lua".text = ''
pidfile = "/var/lib/prosody/prosody.pid"
pidfile = "/run/prosody/prosody.pid"
log = "*syslog"
data_path = "/var/lib/prosody"
data_path = "${cfg.dataDir}"
plugin_paths = {
${lib.concatStringsSep ", " (map (n: "\"${n}\"") cfg.extraPluginPaths) }
}
@ -469,15 +487,15 @@ in
'') cfg.virtualHosts) }
'';
users.extraUsers.prosody = {
users.extraUsers.prosody = mkIf (cfg.user == "prosody") {
uid = config.ids.uids.prosody;
description = "Prosody user";
createHome = true;
group = "prosody";
home = "/var/lib/prosody";
inherit (cfg) group;
home = "${cfg.dataDir}";
};
users.extraGroups.prosody = {
users.extraGroups.prosody = mkIf (cfg.group == "prosody") {
gid = config.ids.gids.prosody;
};
@ -488,9 +506,11 @@ in
wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."prosody/prosody.cfg.lua".source ];
serviceConfig = {
User = "prosody";
User = cfg.user;
Group = cfg.group;
Type = "forking";
PIDFile = "/var/lib/prosody/prosody.pid";
RuntimeDirectory = [ "prosody" ];
PIDFile = "/run/prosody/prosody.pid";
ExecStart = "${cfg.package}/bin/prosodyctl start";
};
};

2
nixos/modules/services/networking/quagga.nix
View File

@ -133,7 +133,7 @@ in
users.groups = {
quagga = {};
# Members of the quaggavty group can use vtysh to inspect the Quagga daemons
quaggavty = {};
quaggavty = { members = [ "quagga" ]; };
};
systemd.services =

112
nixos/modules/services/networking/shadowsocks.nix Normal file
View File

@ -0,0 +1,112 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.shadowsocks;
opts = {
server = cfg.localAddress;
server_port = cfg.port;
method = cfg.encryptionMethod;
mode = cfg.mode;
user = "nobody";
fast_open = true;
} // optionalAttrs (cfg.password != null) { password = cfg.password; };
configFile = pkgs.writeText "shadowsocks.json" (builtins.toJSON opts);
in
{
###### interface
options = {
services.shadowsocks = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to run shadowsocks-libev shadowsocks server.
'';
};
localAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
Local address to which the server binds.
'';
};
port = mkOption {
type = types.int;
default = 8388;
description = ''
Port which the server uses.
'';
};
password = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Password for connecting clients.
'';
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Password file with a password for connecting clients.
'';
};
mode = mkOption {
type = types.enum [ "tcp_only" "tcp_and_udp" "udp_only" ];
default = "tcp_and_udp";
description = ''
Relay protocols.
'';
};
encryptionMethod = mkOption {
type = types.str;
default = "chacha20-ietf-poly1305";
description = ''
Encryption method. See <link xlink:href="https://github.com/shadowsocks/shadowsocks-org/wiki/AEAD-Ciphers"/>.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
assertions = singleton
{ assertion = cfg.password == null || cfg.passwordFile == null;
message = "Cannot use both password and passwordFile for shadowsocks-libev";
};
systemd.services.shadowsocks-libev = {
description = "shadowsocks-libev Daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.shadowsocks-libev ] ++ optional (cfg.passwordFile != null) pkgs.jq;
serviceConfig.PrivateTmp = true;
script = ''
${optionalString (cfg.passwordFile != null) ''
cat ${configFile} | jq --arg password "$(cat "${cfg.passwordFile}")" '. + { password: $password }' > /tmp/shadowsocks.json
''}
exec ss-server -c ${if cfg.passwordFile != null then "/tmp/shadowsocks.json" else configFile}
'';
};
};
}

7
nixos/modules/services/search/elasticsearch.nix
View File

@ -32,8 +32,11 @@ let
(if es5 then (pkgs.writeTextDir "log4j2.properties" cfg.logging)
else (pkgs.writeTextDir "logging.yml" cfg.logging))
];
# Elasticsearch 5.x won't start when the scripts directory does not exist
postBuild = if es5 then "${pkgs.coreutils}/bin/mkdir -p $out/scripts" else "";
postBuild = concatStringsSep "\n" (concatLists [
# Elasticsearch 5.x won't start when the scripts directory does not exist
(optional es5 "${pkgs.coreutils}/bin/mkdir -p $out/scripts")
(optional es6 "ln -s ${cfg.package}/config/jvm.options $out/jvm.options")
]);
};
esPlugins = pkgs.buildEnv {

10
nixos/modules/services/security/tor.nix
View File

@ -703,14 +703,10 @@ in
after = [ "network.target" ];
restartTriggers = [ torRcFile ];
# Translated from the upstream contrib/dist/tor.service.in
preStart = ''
install -o tor -g tor -d ${torDirectory}/onion ${torRunDirectory}
${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config
'';
serviceConfig =
{ Type = "simple";
# Translated from the upstream contrib/dist/tor.service.in
ExecStartPre = "${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config";
ExecStart = "${pkgs.tor}/bin/tor -f ${torRcFile} --RunAsDaemon 0";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
KillSignal = "SIGINT";
@ -725,6 +721,8 @@ in
# DeviceAllow /dev/urandom r
# .. but we can't specify DeviceAllow multiple times. 'closed'
# is close enough.
RuntimeDirectory = "tor";
StateDirectory = [ "tor" "tor/onion" ];
PrivateTmp = "yes";
DevicePolicy = "closed";
InaccessibleDirectories = "/home";

1
nixos/modules/services/torrent/transmission.nix
View File

@ -147,6 +147,7 @@ in
${getLib pkgs.libcap}/lib/libcap*.so* mr,
${getLib pkgs.attr}/lib/libattr*.so* mr,
${getLib pkgs.lz4}/lib/liblz4*.so* mr,
${getLib pkgs.libkrb5}/lib/lib*.so* mr,
@{PROC}/sys/kernel/random/uuid r,
@{PROC}/sys/vm/overcommit_memory r,

2
nixos/modules/services/web-apps/atlassian/jira.nix
View File

@ -155,7 +155,7 @@ in
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
path = [ cfg.jrePackage ];
path = [ cfg.jrePackage pkgs.bash ];
environment = {
JIRA_USER = cfg.user;

6
nixos/modules/services/web-apps/tt-rss.nix
View File

@ -466,10 +466,10 @@ let
'';
};
services.nginx = {
# NOTE: No configuration is done if not using virtual host
services.nginx = mkIf (cfg.virtualHost != null) {
enable = true;
# NOTE: No configuration is done if not using virtual host
virtualHosts = mkIf (cfg.virtualHost != null) {
virtualHosts = {
"${cfg.virtualHost}" = {
root = "${cfg.root}";

9
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -9,15 +9,16 @@ let
serverName = if vhostConfig.serverName != null
then vhostConfig.serverName
else vhostName;
acmeDirectory = config.security.acme.directory;
in
vhostConfig // {
inherit serverName;
} // (optionalAttrs vhostConfig.enableACME {
sslCertificate = "/var/lib/acme/${serverName}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${serverName}/key.pem";
sslCertificate = "${acmeDirectory}/${serverName}/fullchain.pem";
sslCertificateKey = "${acmeDirectory}/${serverName}/key.pem";
}) // (optionalAttrs (vhostConfig.useACMEHost != null) {
sslCertificate = "/var/lib/acme/${vhostConfig.useACMEHost}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${vhostConfig.useACMEHost}/key.pem";
sslCertificate = "${acmeDirectory}/${vhostConfig.useACMEHost}/fullchain.pem";
sslCertificateKey = "${acmeDirectory}/${vhostConfig.useACMEHost}/key.pem";
})
) cfg.virtualHosts;
enableIPv6 = config.networking.enableIPv6;

4
nixos/modules/services/x11/xserver.nix
View File

@ -626,9 +626,7 @@ in
environment =
{
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${xorg.libX11.out}/lib" "${xorg.libXext.out}/lib" "/run/opengl-driver/lib" ]
LD_LIBRARY_PATH = concatStringsSep ":" ([ "/run/opengl-driver/lib" ]
++ concatLists (catAttrs "libPath" cfg.drivers));
} // cfg.displayManager.job.environment;

4
nixos/modules/system/boot/kernel.nix
View File

@ -77,8 +77,8 @@ in
type = types.int;
default = 4;
description = ''
The kernel console log level. Log messages with a priority
numerically less than this will not appear on the console.
The kernel console <literal>loglevel</literal>. All Kernel Messages with a log level smaller
than this setting will be printed to the console.
'';
};

4
nixos/modules/system/boot/systemd.nix
View File

@ -137,7 +137,6 @@ let
# Slices / containers.
"slices.target"
"system.slice"
"user.slice"
"machine.slice"
"machines.target"
@ -836,7 +835,8 @@ in
system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled
[ "DEVTMPFS" "CGROUPS" "INOTIFY_USER" "SIGNALFD" "TIMERFD" "EPOLL" "NET"
"SYSFS" "PROC_FS" "FHANDLE" "DMIID" "AUTOFS4_FS" "TMPFS_POSIX_ACL"
"SYSFS" "PROC_FS" "FHANDLE" "CRYPTO_USER_API_HASH" "CRYPTO_HMAC"
"CRYPTO_SHA256" "DMIID" "AUTOFS4_FS" "TMPFS_POSIX_ACL"
"TMPFS_XATTR" "SECCOMP"
];

2
nixos/modules/tasks/filesystems/exfat.nix
View File

@ -5,7 +5,7 @@ with lib;
{
config = mkIf (any (fs: fs == "exfat") config.boot.supportedFilesystems) {
system.fsPackages = [ pkgs.exfat-utils pkgs.fuse_exfat ];
system.fsPackages = [ pkgs.exfat ];
};
}

4
nixos/modules/tasks/filesystems/zfs.nix
View File

@ -305,6 +305,8 @@ in
}
];
virtualisation.lxd.zfsSupport = true;
boot = {
kernelModules = [ "spl" "zfs" ] ;
extraModulePackages = with packages; [ spl zfs ];
@ -452,7 +454,7 @@ in
}) snapshotNames);
systemd.timers = let
timer = name: if name == "frequent" then "*:15,30,45" else name;
timer = name: if name == "frequent" then "*:0,15,30,45" else name;
in builtins.listToAttrs (map (snapName:
{
name = "zfs-snapshot-${snapName}";

4
nixos/modules/tasks/network-interfaces-scripted.nix
View File

@ -191,7 +191,7 @@ let
if out=$(ip addr add "${cidr}" dev "${i.name}" 2>&1); then
echo "done"
elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then
echo "failed"
echo "'ip addr add "${cidr}" dev "${i.name}"' failed: $out"
exit 1
fi
''
@ -212,7 +212,7 @@ let
if out=$(ip route add "${cidr}" ${options} ${via} dev "${i.name}" 2>&1); then
echo "done"
elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then
echo "failed"
echo "'ip route add "${cidr}" ${options} ${via} dev "${i.name}"' failed: $out"
exit 1
fi
''

8
nixos/modules/virtualisation/azure-agent.nix
View File

@ -66,6 +66,10 @@ in
default = false;
description = "Whether to enable verbose logging.";
};
mountResourceDisk = mkOption {
default = true;
description = "Whether the agent should format (ext4) and mount the resource disk to /mnt/resource.";
};
};
###### implementation
@ -112,7 +116,7 @@ in
Provisioning.ExecuteCustomData=n
# Format if unformatted. If 'n', resource disk will not be mounted.
ResourceDisk.Format=y
ResourceDisk.Format=${if cfg.mountResourceDisk then "y" else "n"}
# File system on the resource disk
# Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.
@ -181,7 +185,7 @@ in
after = [ "network-online.target" "sshd.service" ];
wants = [ "network-online.target" ];
path = [ pkgs.e2fsprogs ];
path = [ pkgs.e2fsprogs pkgs.bash ];
description = "Windows Azure Agent Service";
unitConfig.ConditionPathExists = "/etc/waagent.conf";
serviceConfig = {

3
nixos/modules/virtualisation/google-compute-image.nix
View File

@ -75,6 +75,9 @@ in
networking.usePredictableInterfaceNames = false;
# GC has 1460 MTU
networking.interfaces.eth0.mtu = 1460;
# allow the google-accounts-daemon to manage users
users.mutableUsers = true;
# and allow users to sudo without password

5
nixos/modules/virtualisation/lxc.nix
View File

@ -74,6 +74,9 @@ in
systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];
security.apparmor.packages = [ pkgs.lxc ];
security.apparmor.profiles = [ "${pkgs.lxc}/etc/apparmor.d/lxc-containers" ];
security.apparmor.profiles = [
"${pkgs.lxc}/etc/apparmor.d/lxc-containers"
"${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
];
};
}

60
nixos/modules/virtualisation/lxd.nix
View File

@ -15,28 +15,34 @@ in
options = {
virtualisation.lxd.enable =
mkOption {
virtualisation.lxd = {
enable = mkOption {
type = types.bool;
default = false;
description =
''
This option enables lxd, a daemon that manages
containers. Users in the "lxd" group can interact with
the daemon (e.g. to start or stop containers) using the
<command>lxc</command> command line tool, among others.
'';
description = ''
This option enables lxd, a daemon that manages
containers. Users in the "lxd" group can interact with
the daemon (e.g. to start or stop containers) using the
<command>lxc</command> command line tool, among others.
'';
};
zfsSupport = mkOption {
type = types.bool;
default = false;
description = ''
enables lxd to use zfs as a storage for containers.
This option is enabled by default if a zfs pool is configured
with nixos.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages =
[ pkgs.lxd ];
environment.systemPackages = [ pkgs.lxd ];
security.apparmor = {
enable = true;
@ -47,31 +53,31 @@ in
packages = [ pkgs.lxc ];
};
systemd.services.lxd =
{ description = "LXD Container Management Daemon";
systemd.services.lxd = {
description = "LXD Container Management Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "systemd-udev-settle.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "systemd-udev-settle.service" ];
# TODO(wkennington): Add lvm2 and thin-provisioning-tools
path = with pkgs; [ acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ];
path = lib.optional cfg.zfsSupport pkgs.zfs;
preStart = ''
mkdir -m 0755 -p /var/lib/lxc/rootfs
'';
preStart = ''
mkdir -m 0755 -p /var/lib/lxc/rootfs
'';
serviceConfig.ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --syslog --group lxd";
serviceConfig.Type = "simple";
serviceConfig.KillMode = "process"; # when stopping, leave the containers alone
serviceConfig = {
ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --group lxd";
Type = "simple";
KillMode = "process"; # when stopping, leave the containers alone
};
};
users.extraGroups.lxd.gid = config.ids.gids.lxd;
users.extraUsers.root = {
subUidRanges = [ { startUid = 1000000; count = 65536; } ];
subGidRanges = [ { startGid = 1000000; count = 65536; } ];
};
};
}

2
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -98,7 +98,7 @@ let
${qemuGraphics} \
${toString config.virtualisation.qemu.options} \
$QEMU_OPTS \
$@
"$@"
'';

12
nixos/release.nix
View File

@ -166,8 +166,12 @@ in rec {
inherit system;
});
sd_image = forMatchingSystems [ "aarch64-linux" ] (system: makeSdImage {
module = ./modules/installer/cd-dvd/sd-image-aarch64.nix;
sd_image = forMatchingSystems [ "armv6l-linux" "armv7l-linux" "aarch64-linux" ] (system: makeSdImage {
module = {
armv6l-linux = ./modules/installer/cd-dvd/sd-image-raspberrypi.nix;
armv7l-linux = ./modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix;
aarch64-linux = ./modules/installer/cd-dvd/sd-image-aarch64.nix;
}.${system};
inherit system;
});
@ -266,6 +270,7 @@ in rec {
tests.couchdb = callTest tests/couchdb.nix {};
tests.docker = callTestOnMatchingSystems ["x86_64-linux"] tests/docker.nix {};
tests.docker-tools = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools.nix {};
tests.docker-tools-overlay = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools-overlay.nix {};
tests.docker-edge = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-edge.nix {};
tests.dovecot = callTest tests/dovecot.nix {};
tests.dnscrypt-proxy = callTestOnMatchingSystems ["x86_64-linux"] tests/dnscrypt-proxy.nix {};
@ -295,6 +300,7 @@ in rec {
tests.hound = callTest tests/hound.nix {};
tests.hocker-fetchdocker = callTest tests/hocker-fetchdocker {};
tests.i3wm = callTest tests/i3wm.nix {};
tests.iftop = callTest tests/iftop.nix {};
tests.initrd-network-ssh = callTest tests/initrd-network-ssh {};
tests.installer = callSubTests tests/installer.nix {};
tests.influxdb = callTest tests/influxdb.nix {};
@ -364,7 +370,7 @@ in rec {
tests.prometheus = callTest tests/prometheus.nix {};
tests.prosody = callTest tests/prosody.nix {};
tests.proxy = callTest tests/proxy.nix {};
# tests.quagga = callTest tests/quagga.nix {};
tests.quagga = callTest tests/quagga.nix {};
tests.quake3 = callTest tests/quake3.nix {};
tests.rabbitmq = callTest tests/rabbitmq.nix {};
tests.radicale = callTest tests/radicale.nix {};

24
nixos/tests/chromium.nix
View File

@ -151,11 +151,11 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
$machine->screenshot("sandbox_info");
$machine->succeed(ru "${xdo "submit-url" ''
$machine->succeed(ru "${xdo "find-window" ''
search --sync --onlyvisible --name "sandbox status"
windowfocus --sync
''}");
$machine->succeed(ru "${xdo "submit-url" ''
$machine->succeed(ru "${xdo "copy-sandbox-info" ''
key --delay 1000 Ctrl+a Ctrl+c
''}");
@ -166,6 +166,26 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
&& $clipboard =~ /network namespaces.*yes/mi
&& $clipboard =~ /seccomp.*sandbox.*yes/mi
&& $clipboard =~ /you are adequately sandboxed/mi;
$machine->sleep(1);
$machine->succeed(ru "${xdo "find-window-after-copy" ''
search --onlyvisible --name "sandbox status"
''}");
my $clipboard = $machine->succeed(ru "echo void | ${pkgs.xclip}/bin/xclip -i");
$machine->succeed(ru "${xdo "copy-sandbox-info" ''
key --delay 1000 Ctrl+a Ctrl+c
''}");
my $clipboard = $machine->succeed(ru "${pkgs.xclip}/bin/xclip -o");
die "copying twice in a row does not work properly: $clipboard"
unless $clipboard =~ /namespace sandbox.*yes/mi
&& $clipboard =~ /pid namespaces.*yes/mi
&& $clipboard =~ /network namespaces.*yes/mi
&& $clipboard =~ /seccomp.*sandbox.*yes/mi
&& $clipboard =~ /you are adequately sandboxed/mi;
$machine->screenshot("afer_copy_from_chromium");
};
$machine->shutdown;

32
nixos/tests/docker-tools-overlay.nix Normal file
View File

@ -0,0 +1,32 @@
# this test creates a simple GNU image with docker tools and sees if it executes
import ./make-test.nix ({ pkgs, ... }:
{
name = "docker-tools-overlay";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lnl7 ];
};
nodes = {
docker =
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
virtualisation.docker.storageDriver = "overlay"; # defaults to overlay2
};
};
testScript =
''
$docker->waitForUnit("sockets.target");
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version");
# Check if the nix store has correct user permissions depending on what
# storage driver is used, incorrectly built images can show up as readonly.
# drw------- 3 0 0 3 Apr 14 11:36 /nix
# drw------- 99 0 0 100 Apr 14 11:36 /nix/store
$docker->succeed("docker run --rm -u 1000:1000 ${pkgs.dockerTools.examples.bash.imageName} bash --version");
'';
})

6
nixos/tests/docker-tools.nix
View File

@ -3,7 +3,7 @@
import ./make-test.nix ({ pkgs, ... }: {
name = "docker-tools";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ];
maintainers = [ lnl7 ];
};
nodes = {
@ -21,12 +21,12 @@ import ./make-test.nix ({ pkgs, ... }: {
$docker->waitForUnit("sockets.target");
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} /bin/bash --version");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version");
$docker->succeed("docker rmi ${pkgs.dockerTools.examples.bash.imageName}");
# Check if the nix store is correctly initialized by listing dependencies of the installed Nix binary
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.nix}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.nix.imageName} /bin/nix-store -qR ${pkgs.nix}");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.nix.imageName} nix-store -qR ${pkgs.nix}");
$docker->succeed("docker rmi ${pkgs.dockerTools.examples.nix.imageName}");
# To test the pullImage tool

30
nixos/tests/iftop.nix Normal file
View File

@ -0,0 +1,30 @@
import ./make-test.nix ({ pkgs, lib, ... }:
with lib;
{
name = "iftop";
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ];
nodes = {
withIftop = {
imports = [ ./common/user-account.nix ];
programs.iftop.enable = true;
};
withoutIftop = {
imports = [ ./common/user-account.nix ];
};
};
testScript = ''
subtest "machine with iftop enabled", sub {
$withIftop->start;
$withIftop->succeed("su -l alice -c 'iftop -t -s 1'");
};
subtest "machine without iftop", sub {
$withoutIftop->start;
$withoutIftop->mustFail("su -l alice -c 'iftop -t -s 1'");
};
'';
})

4
nixos/tests/kernel-copperhead.nix
View File

@ -6,14 +6,14 @@ import ./make-test.nix ({ pkgs, ...} : {
machine = { config, lib, pkgs, ... }:
{
boot.kernelPackages = pkgs.linuxPackages_hardened_copperhead;
boot.kernelPackages = pkgs.linuxPackages_copperhead_hardened;
};
testScript =
''
$machine->succeed("uname -a");
$machine->succeed("uname -s | grep 'Linux'");
$machine->succeed("uname -a | grep '${pkgs.linuxPackages_hardened_copperhead.kernel.modDirVersion}'");
$machine->succeed("uname -a | grep '${pkgs.linuxPackages_copperhead_hardened.kernel.modDirVersion}'");
$machine->succeed("uname -a | grep 'hardened'");
'';
})

1
pkgs/applications/altcoins/dcrd.nix
View File

@ -29,5 +29,6 @@ buildGoPackage rec {
homepage = "https://decred.org";
description = "Decred daemon in Go (golang)";
license = with lib.licenses; [ isc ];
broken = stdenv.isLinux; # 2018-04-10
};
}

1
pkgs/applications/altcoins/dcrwallet.nix
View File

@ -38,5 +38,6 @@ buildGoPackage rec {
homepage = "https://decred.org";
description = "Decred daemon in Go (golang)";
license = with lib.licenses; [ isc ];
broken = stdenv.isLinux; # 2018-04-10
};
}

1
pkgs/applications/altcoins/hevm.nix
View File

@ -55,6 +55,7 @@ lib.overrideDerivation (mkDerivation rec {
description = "Ethereum virtual machine evaluator";
license = stdenv.lib.licenses.agpl3;
maintainers = [stdenv.lib.maintainers.dbrock];
broken = true; # 2018-04-10
}) (attrs: {
buildInputs = attrs.buildInputs ++ [solc];
nativeBuildInputs = attrs.nativeBuildInputs ++ [makeWrapper];

4
pkgs/applications/audio/asunder/default.nix
View File

@ -12,11 +12,11 @@
with stdenv.lib;
stdenv.mkDerivation rec {
version = "2.9.2";
version = "2.9.3";
name = "asunder-${version}";
src = fetchurl {
url = "http://littlesvr.ca/asunder/releases/${name}.tar.bz2";
sha256 = "0vjbxrrjih4c673sc39wj5whp81xp9kmnwqxwzfnmhkky970rg5r";
sha256 = "1630i1df06y840v3fgdf75jxw1s8kwbfn5bhi0686viah0scccw5";
};
nativeBuildInputs = [ pkgconfig ];

4
pkgs/applications/audio/bitwig-studio/bitwig-studio2.nix
View File

@ -3,11 +3,11 @@
bitwig-studio1.overrideAttrs (oldAttrs: rec {
name = "bitwig-studio-${version}";
version = "2.2.2";
version = "2.3.1";
src = fetchurl {
url = "https://downloads.bitwig.com/stable/${version}/bitwig-studio-${version}.deb";
sha256 = "1x4wka32xlygmhdh9rb15s37zh5qjrgap2qk35y34c52lf5aak22";
sha256 = "18gghx0ygwh01cidj8mkf82l9qhq2dy1b3yc4ajksvj762yg6cf2";
};
buildInputs = bitwig-studio1.buildInputs ++ [ ffmpeg ];

6
pkgs/applications/audio/caps/default.nix
View File

@ -9,9 +9,13 @@ stdenv.mkDerivation rec {
patches = [
(fetchurl {
url = "https://anonscm.debian.org/cgit/pkg-multimedia/caps.git/plain/debian/patches/0001-Avoid-ambiguity-in-div-invocation.patch";
url = "https://salsa.debian.org/multimedia-team/caps/raw/9a99c225/debian/patches/0001-Avoid-ambiguity-in-div-invocation.patch";
sha256 = "1b1pb5yfskiw8zi1lkj572l2ajpirh4amq538vggwvlpv1fqfway";
})
(fetchurl {
url = "https://salsa.debian.org/multimedia-team/caps/raw/a411203d/debian/patches/0002-Use-standard-exp10f-instead-of-pow10f.patch";
sha256 = "18ciklnscabr77l8b89xmbagkk79w4iqfpzr2yhn2ywv2jp8akx9";
})
];
configurePhase = ''

58
pkgs/applications/audio/chuck/clang.patch Normal file
View File

@ -0,0 +1,58 @@
diff --git a/src/ugen_osc.cpp b/src/ugen_osc.cpp
index 6b93c6b..dbefe4f 100644
--- a/src/ugen_osc.cpp
+++ b/src/ugen_osc.cpp
@@ -1232,7 +1232,7 @@ CK_DLL_CTRL( gen5_coeffs )
Chuck_Array8 * in_args = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen10coeffs, %d\n", weights);
- if(in_args<0) return;
+ if(in_args!=0) return;
size = in_args->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1287,7 +1287,7 @@ CK_DLL_CTRL( gen7_coeffs )
Chuck_Array8 * in_args = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen10coeffs, %d\n", weights);
- if(in_args<0) return;
+ if(in_args!=0) return;
size = in_args->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1340,7 +1340,7 @@ CK_DLL_CTRL( gen9_coeffs )
Chuck_Array8 * weights = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen10coeffs, %d\n", weights);
- if(weights<0) return;
+ if(weights!=0) return;
size = weights->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1390,7 +1390,7 @@ CK_DLL_CTRL( gen10_coeffs )
Chuck_Array8 * weights = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen10coeffs, %d\n", weights);
- if(weights<0) return;
+ if(weights!=0) return;
size = weights->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1441,7 +1441,7 @@ CK_DLL_CTRL( gen17_coeffs )
Chuck_Array8 * weights = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen17coeffs, %d\n", weights);
- if(weights<0) return;
+ if(weights!=0) return;
size = weights->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1502,7 +1502,7 @@ CK_DLL_CTRL( curve_coeffs )
Chuck_Array8 * weights = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen17coeffs, %d\n", weights);
- if(weights<0) goto done;
+ if(weights!=0) goto done;
nargs = weights->size();
if (nargs < 5 || (nargs % 3) != 2) { // check number of args

19
pkgs/applications/audio/chuck/default.nix
View File

@ -1,4 +1,6 @@
{ stdenv, fetchurl, alsaLib, bison, flex, libsndfile, which }:
{ stdenv, fetchurl, alsaLib, bison, flex, libsndfile, which
, AppKit, Carbon, CoreAudio, CoreMIDI, CoreServices, Kernel
}:
stdenv.mkDerivation rec {
version = "1.3.5.2";
@ -10,19 +12,24 @@ stdenv.mkDerivation rec {
};
buildInputs = [ bison flex libsndfile which ]
++ stdenv.lib.optional (!stdenv.isDarwin) alsaLib;
++ stdenv.lib.optional (!stdenv.isDarwin) alsaLib
++ stdenv.lib.optional stdenv.isDarwin [ AppKit Carbon CoreAudio CoreMIDI CoreServices Kernel ];
patches = [ ./darwin-limits.patch ];
patches = [ ./clang.patch ./darwin-limits.patch ];
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.isDarwin "-Wno-missing-sysroot";
NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isDarwin "-framework MultitouchSupport";
postPatch = ''
substituteInPlace src/makefile --replace "/usr/bin" "$out/bin"
substituteInPlace src/makefile.osx --replace "xcodebuild" "/usr/bin/xcodebuild"
substituteInPlace src/makefile.osx --replace "weak_framework" "framework"
substituteInPlace src/makefile.osx --replace "MACOSX_DEPLOYMENT_TARGET=10.5" "MACOSX_DEPLOYMENT_TARGET=$MACOSX_DEPLOYMENT_TARGET"
'';
buildPhase =
stdenv.lib.optionals stdenv.isLinux ["make -C src linux-alsa"] ++
stdenv.lib.optionals stdenv.isDarwin ["make -C src osx"];
buildPhase = ''
make -C src ${if stdenv.isDarwin then "osx" else "linux-alsa"}
'';
installPhase = ''
install -Dm755 ./src/chuck $out/bin/chuck

49
pkgs/applications/audio/clementine/default.nix
View File

@ -76,6 +76,8 @@ let
enableParallelBuilding = true;
passthru.unfree = unfree;
meta = with stdenv.lib; {
homepage = http://www.clementine-player.org;
description = "A multiplatform music player";
@ -85,8 +87,8 @@ let
};
};
# Spotify blob for Clementine
blob = stdenv.mkDerivation {
# Unfree Spotify blob for Clementine
unfree = stdenv.mkDerivation {
name = "clementine-blob-${version}";
# Use the same patches and sources as Clementine
inherit src nativeBuildInputs postPatch;
@ -95,7 +97,7 @@ let
./clementine-spotify-blob.patch
];
buildInputs = buildInputs ++ [ libspotify ];
buildInputs = buildInputs ++ [ libspotify makeWrapper gst_plugins ];
# Only build and install the Spotify blob
preBuild = ''
cd ext/clementine-spotifyblob
@ -104,6 +106,15 @@ let
mkdir -p $out/libexec/clementine
mv $out/bin/clementine-spotifyblob $out/libexec/clementine
rmdir $out/bin
makeWrapper ${free}/bin/clementine $out/bin/clementine \
--set CLEMENTINE_SPOTIFYBLOB $out/libexec/clementine \
--prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0"
mkdir -p $out/share
for dir in applications icons kde4; do
ln -s "$free/share/$dir" "$out/share/$dir"
done
'';
enableParallelBuilding = true;
meta = with stdenv.lib; {
@ -116,34 +127,4 @@ let
};
};
in
with stdenv.lib;
runCommand "clementine-${version}"
{
inherit blob free;
buildInputs = [ makeWrapper ] ++ gst_plugins; # for the setup-hooks
dontPatchELF = true;
dontStrip = true;
meta = {
description = "A multiplatform music player"
+ " (" + (optionalString withSpotify "with Spotify, ")
+ "with gstreamer plugins: "
+ concatStrings (intersperse ", " (map (x: x.name) gst_plugins))
+ ")";
license = licenses.gpl3Plus;
inherit (free.meta) homepage platforms maintainers;
};
}
''
mkdir -p $out/bin
makeWrapper "$free/bin/${exeName}" "$out/bin/${exeName}" \
${optionalString withSpotify "--set CLEMENTINE_SPOTIFYBLOB \"$blob/libexec/clementine\""} \
--prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0"
mkdir -p $out/share
for dir in applications icons kde4; do
ln -s "$free/share/$dir" "$out/share/$dir"
done
''
in free

68
pkgs/applications/audio/crip/default.nix Normal file
View File

@ -0,0 +1,68 @@
{ stdenv
, fetchurl
, makeWrapper
, perl
, perlPackages
, cdparanoia
, coreutils
, eject
, flac
, gnugrep
, nano
, sox
, vorbis-tools
, vorbisgain
, which
}:
with stdenv.lib;
stdenv.mkDerivation rec {
name = "crip-3.9";
src = fetchurl {
url = "http://bach.dynet.com/crip/src/${name}.tar.gz";
sha256 = "0pk9152wll6fmkj1pki3fz3ijlf06jyk32v31yarwvdkwrk7s9xz";
};
buildInputs = [ perl perlPackages.CDDB_get ];
nativeBuildInputs = [ makeWrapper ];
toolDeps = makeBinPath [
cdparanoia
coreutils
eject
flac
gnugrep
sox
vorbis-tools
vorbisgain
which
];
scripts = [ "crip" "editcomment" "editfilenames" ];
installPhase = ''
mkdir -p $out/bin/
for script in ${escapeShellArgs scripts}; do
cp $script $out/bin/
substituteInPlace $out/bin/$script \
--replace '$editor = "vim";' '$editor = "${nano}/bin/nano";'
wrapProgram $out/bin/$script \
--set PERL5LIB "${makePerlPath [ perlPackages.CDDB_get ]}" \
--set PATH "${toolDeps}"
done
'';
meta = {
homepage = http://bach.dynet.com/crip/;
description = "Terminal-based ripper/encoder/tagger tool for creating Ogg Vorbis/FLAC files";
license = stdenv.lib.licenses.gpl1;
platforms = stdenv.lib.platforms.linux;
maintainers = [ maintainers.endgame ];
};
}

11
pkgs/applications/audio/eq10q/default.nix
View File

@ -1,4 +1,5 @@
{ stdenv, fetchurl, cmake, fftw, gtkmm2, libxcb, lv2, pkgconfig, xorg }:
{ stdenv, fetchurl, fetchpatch, cmake, fftw, gtkmm2, libxcb, lv2, pkgconfig
, xorg }:
stdenv.mkDerivation rec {
name = "eq10q-${version}";
version = "2.2";
@ -10,6 +11,14 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ cmake fftw gtkmm2 libxcb lv2 xorg.libpthreadstubs xorg.libXdmcp xorg.libxshmfence ];
patches = [
(fetchpatch {
# glibc 2.27 compatibility
url = https://sources.debian.org/data/main/e/eq10q/2.2~repack0-2.1/debian/patches/05-pow10.patch;
sha256 = "07b0wf6k4xqgigv4h095bzfaw8r218wa36r9w1817jcys13r6c5r";
})
];
installFlags = ''
DESTDIR=$(out)
'';

4
pkgs/applications/audio/fluidsynth/default.nix
View File

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
name = "fluidsynth-${version}";
version = "1.1.9";
version = "1.1.10";
src = fetchFromGitHub {
owner = "FluidSynth";
repo = "fluidsynth";
rev = "v${version}";
sha256 = "0krvmb1idnf95l2ydzfcb08ayyx3n4m71hf9fgwv3srzaikvpf3q";
sha256 = "04jlgq1d1hd8r9cnmkl3lgf1fgm7kgy4hh9nfddap41fm1wp121p";
};
nativeBuildInputs = [ pkgconfig cmake ];

4
pkgs/applications/audio/freewheeling/default.nix
View File

@ -8,13 +8,13 @@ in
stdenv.mkDerivation rec {
name = "freewheeling-${version}";
version = "0.6.2";
version = "0.6.4";
src = fetchFromGitHub {
owner = "free-wheeling";
repo = "freewheeling";
rev = "v${version}";
sha256 = "01hmp0jxzxpb5sl0x91hdlwmbw9n4yffrpra4f89s4n8cixrz3d9";
sha256 = "1xflbbnjdibjmyxb1zq8liylaw5k03nnl1z3272jh204pqh17ri9";
};
nativeBuildInputs = [ pkgconfig autoreconfHook libtool ];

1
pkgs/applications/audio/mi2ly/default.nix
View File

@ -36,5 +36,6 @@ stdenv.mkDerivation {
license = stdenv.lib.licenses.gpl2Plus ;
maintainers = [stdenv.lib.maintainers.raskin];
platforms = stdenv.lib.platforms.linux;
broken = true; # 2018-04-11
};
}

0
pkgs/applications/audio/mopidy-gmusic/default.nix → pkgs/applications/audio/mopidy/gmusic.nix
View File

7
pkgs/applications/audio/mopidy-iris/default.nix → pkgs/applications/audio/mopidy/iris.nix
View File

@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris";
version = "3.14.2";
version = "3.16.3";
src = pythonPackages.fetchPypi {
inherit pname version;
sha256 = "19affzk45wby50gwxwzqgwa7h7618lcs48ngdsa06sd66s8x2fza";
sha256 = "1zdlvrqlj1hapaxnskrbp9idziy3rcxhpqhw3x4q25cjbl8m0b0d";
};
propagatedBuildInputs = [
@ -17,8 +17,11 @@ pythonPackages.buildPythonApplication rec {
pylast
spotipy
raven
tornado
]);
postPatch = "sed -i /tornado/d setup.py";
# no tests implemented
doCheck = false;

0
pkgs/applications/audio/mopidy-local-images/default.nix → pkgs/applications/audio/mopidy/local-images.nix
View File

0
pkgs/applications/audio/mopidy-local-sqlite/default.nix → pkgs/applications/audio/mopidy/local-sqlite.nix
View File

0
pkgs/applications/audio/mopidy-moped/default.nix → pkgs/applications/audio/mopidy/moped.nix
View File

0
pkgs/applications/audio/mopidy-mopify/default.nix → pkgs/applications/audio/mopidy/mopify.nix
View File

0
pkgs/applications/audio/mopidy-musicbox-webclient/default.nix → pkgs/applications/audio/mopidy/musicbox-webclient.nix
View File

0
pkgs/applications/audio/mopidy-soundcloud/default.nix → pkgs/applications/audio/mopidy/soundcloud.nix
View File

0
pkgs/applications/audio/mopidy-spotify-tunigo/default.nix → pkgs/applications/audio/mopidy/spotify-tunigo.nix
View File

0
pkgs/applications/audio/mopidy-spotify/default.nix → pkgs/applications/audio/mopidy/spotify.nix
View File

0
pkgs/applications/audio/mopidy-youtube/default.nix → pkgs/applications/audio/mopidy/youtube.nix
View File

6
pkgs/applications/audio/ncmpc/default.nix
View File

@ -3,20 +3,18 @@
stdenv.mkDerivation rec {
name = "ncmpc-${version}";
version = "0.29";
version = "0.30";
src = fetchFromGitHub {
owner = "MusicPlayerDaemon";
repo = "ncmpc";
rev = "v${version}";
sha256 = "1b2kbx2phbf4s2qpy7mx72c87xranljr0yam6z9m1i1kvcnp8q1q";
sha256 = "0s2bynm5szrk8bjhg200mvsm2ny0wz9s10nx7r69y9y4jsxr8624";
};
buildInputs = [ glib ncurses mpd_clientlib ];
nativeBuildInputs = [ meson ninja pkgconfig gettext ];
NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isDarwin "-lintl";
meta = with stdenv.lib; {
description = "Curses-based interface for MPD (music player daemon)";
homepage = https://www.musicpd.org/clients/ncmpc/;

4
pkgs/applications/audio/ncmpcpp/default.nix
View File

@ -12,11 +12,11 @@ assert taglibSupport -> (taglib != null);
with stdenv.lib;
stdenv.mkDerivation rec {
name = "ncmpcpp-${version}";
version = "0.8.1";
version = "0.8.2";
src = fetchurl {
url = "https://ncmpcpp.rybczak.net/stable/${name}.tar.bz2";
sha256 = "1zw8d07b2bkssbsybg6jnmpq001w525viajrnz4jvfml3l55gyad";
sha256 = "0m0mjb049sl62vx13h9waavysa30mk0rphacksnvf94n13la62v5";
};
configureFlags = [ "BOOST_LIB_SUFFIX=" ]

41
pkgs/applications/audio/quodlibet/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, python2Packages, wrapGAppsHook, gettext, intltool, libsoup, gnome3,
tag ? "",
{ stdenv, fetchurl, python3, wrapGAppsHook, gettext, intltool, libsoup, gnome3, gtk3, gdk_pixbuf,
tag ? "", xvfb_run, dbus, glibcLocales, glib, gobjectIntrospection,
gst_all_1, withGstPlugins ? true,
xineBackend ? false, xineLib,
withDbusPython ? false, withPyInotify ? false, withMusicBrainzNgs ? false, withPahoMqtt ? false,
@ -7,38 +7,53 @@
keybinder3 ? null, gtksourceview ? null, libmodplug ? null, kakasi ? null, libappindicator-gtk3 ? null }:
let optionals = stdenv.lib.optionals; in
python2Packages.buildPythonApplication rec {
python3.pkgs.buildPythonApplication rec {
name = "quodlibet${tag}-${version}";
version = "3.9.1";
version = "4.0.2";
# XXX, tests fail
# https://github.com/quodlibet/quodlibet/issues/2820
doCheck = false;
src = fetchurl {
url = "https://github.com/quodlibet/quodlibet/releases/download/release-${version}/quodlibet-${version}.tar.gz";
sha256 = "d2b42df5d439213973dc97149fddc779a6c90cec389c24baf1c0bdcc39ffe591";
sha256 = "072s983p3n84yl807pbdxsy5vrgs8jzzfl648gsri6kpwsp6w5fz";
};
nativeBuildInputs = [ wrapGAppsHook gettext intltool ];
# ++ (with python2Packages; [ pytest pyflakes pycodestyle polib ]); # test deps
buildInputs = [ gnome3.defaultIconTheme libsoup webkitgtk keybinder3 gtksourceview libmodplug libappindicator-gtk3 kakasi ]
checkInputs = with python3.pkgs; [ pytest pytest_xdist pyflakes pycodestyle polib xvfb_run dbus.daemon glibcLocales ];
buildInputs = [ gnome3.defaultIconTheme libsoup glib gtk3 webkitgtk gdk_pixbuf keybinder3 gtksourceview libmodplug libappindicator-gtk3 kakasi gobjectIntrospection ]
++ (if xineBackend then [ xineLib ] else with gst_all_1;
[ gstreamer gst-plugins-base ] ++ optionals withGstPlugins [ gst-plugins-good gst-plugins-ugly gst-plugins-bad ]);
propagatedBuildInputs = with python2Packages;
[ pygobject3 pycairo mutagen pygtk gst-python feedparser faulthandler futures ]
propagatedBuildInputs = with python3.pkgs; [ pygobject3 pycairo mutagen gst-python feedparser ]
++ optionals withDbusPython [ dbus-python ]
++ optionals withPyInotify [ pyinotify ]
++ optionals withMusicBrainzNgs [ musicbrainzngs ]
++ optionals stdenv.isDarwin [ pyobjc ]
++ optionals withPahoMqtt [ paho-mqtt ];
makeWrapperArgs = optionals (kakasi != null) [ "--prefix PATH : ${kakasi}/bin" ];
LC_ALL = "en_US.UTF-8";
meta = {
checkPhase = ''
runHook preCheck
checkHomeDir=$(mktemp -d)
mkdir -p $checkHomeDir/.cache/thumbnails/normal # Required by TThumb.test_recreate_broken_cache_file
env XDG_DATA_DIRS="$out/share:${gtk3}/share/gsettings-schemas/${gtk3.name}:$XDG_DATA_DIRS" \
HOME=$checkHomeDir \
xvfb-run -s '-screen 0 800x600x24' dbus-run-session \
--config-file=${dbus.daemon}/share/dbus-1/session.conf \
py.test
runHook postCheck
'';
preFixup = stdenv.lib.optionalString (kakasi != null) "gappsWrapperArgs+=(--prefix PATH : ${kakasi}/bin)";
meta = with stdenv.lib; {
description = "GTK+-based audio player written in Python, using the Mutagen tagging library";
license = stdenv.lib.licenses.gpl2;
license = licenses.gpl2Plus;
longDescription = ''
Quod Libet is a GTK+-based audio player written in Python, using
@ -54,7 +69,7 @@ python2Packages.buildPythonApplication rec {
& internet radio, and all major audio formats.
'';
maintainers = with stdenv.lib.maintainers; [ coroa sauyon ];
maintainers = with maintainers; [ coroa sauyon ];
homepage = https://quodlibet.readthedocs.io/en/latest/;
};
}

4
pkgs/applications/audio/spotify/default.nix
View File

@ -9,7 +9,7 @@ let
# Latest version number can be found at:
# http://repository-origin.spotify.com/pool/non-free/s/spotify-client/
# Be careful not to pick the testing version.
version = "1.0.72.117.g6bd7cc73-35";
version = "1.0.77.338.g758ebd78-41";
deps = [
alsaLib
@ -54,7 +54,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "https://repository-origin.spotify.com/pool/non-free/s/spotify-client/spotify-client_${version}_amd64.deb";
sha256 = "0yicwvg6jx8r657ff53326akq3g4ayiinlracjw5jrcs8x9whjap";
sha256 = "1971jc0431pl8yixpl37ryl2l0pqdf0xjvkg59nqdwj3vbdx5606";
};
buildInputs = [ dpkg makeWrapper ];

0
pkgs/applications/display-managers/lightdm-gtk-greeter/default.nix → pkgs/applications/display-managers/lightdm/gtk-greeter.nix
View File

4
pkgs/applications/display-managers/sddm/default.nix
View File

@ -22,6 +22,10 @@ in mkDerivation rec {
# Module Qt5::Test must be included in `find_package` before it is used.
''
sed -i CMakeLists.txt -e '/find_package(Qt5/ s|)| Test)|'
''
# Fix missing include for gettimeofday()
+ ''
sed -e '1i#include <sys/time.h>' -i src/helper/HelperApp.cpp
'';
nativeBuildInputs = [ cmake extra-cmake-modules pkgconfig qttools ];

6
pkgs/applications/editors/android-studio/common.nix
View File

@ -5,10 +5,13 @@
, fetchurl
, findutils
, file
, fontsConf
, git
, glxinfo
, gnugrep
, gnused
, gnutar
, gtk2, gnome_vfs, glib, GConf
, gzip
, fontconfig
, freetype
@ -29,8 +32,6 @@
, writeTextFile
, xkeyboard_config
, zlib
, gtk2, gnome_vfs, glib, GConf
, fontsConf
}:
let
@ -57,6 +58,7 @@ let
findutils
gnugrep
which
gnused
# For Android emulator
file

Some files were not shown because too many files have changed in this diff Show More