Merge master into PR
Conflicts: pkgs/top-level/all-packages.nix
This commit is contained in:
commit
0cc668bc1a
2
.gitignore
vendored
2
.gitignore
vendored
@ -9,3 +9,5 @@ result-*
|
||||
/doc/manual.html
|
||||
/doc/manual.pdf
|
||||
.version-suffix
|
||||
|
||||
.DS_Store
|
@ -21,18 +21,18 @@ all: NEWS.html NEWS.txt manual.html manual.pdf
|
||||
|
||||
NEWS.html: release-notes.xml
|
||||
$(XSLTPROC) --nonet --xinclude --output $@ $(NEWS_OPTS) \
|
||||
$(docbookxsl)/html/docbook.xsl release-notes.xml
|
||||
$(docbookxsl)/xhtml/docbook.xsl release-notes.xml
|
||||
|
||||
NEWS.txt: release-notes.xml
|
||||
$(XSLTPROC) --nonet --xinclude quote-literals.xsl release-notes.xml | \
|
||||
$(XSLTPROC) --nonet --output $@.tmp.html $(NEWS_OPTS) \
|
||||
$(docbookxsl)/html/docbook.xsl -
|
||||
$(docbookxsl)/xhtml/docbook.xsl -
|
||||
LANG=en_US w3m -dump $@.tmp.html > $@
|
||||
rm $@.tmp.html
|
||||
|
||||
manual.html: *.xml
|
||||
$(XSLTPROC) --nonet --xinclude --output manual.html \
|
||||
$(docbookxsl)/html/docbook.xsl manual.xml
|
||||
$(docbookxsl)/xhtml/docbook.xsl manual.xml
|
||||
|
||||
manual.pdf: *.xml
|
||||
$(dblatex) \
|
||||
|
21
doc/contributing.xml
Normal file
21
doc/contributing.xml
Normal file
@ -0,0 +1,21 @@
|
||||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xml:id="chap-contributing">
|
||||
|
||||
<title>Contributing</title>
|
||||
|
||||
<para>If you make modifications to the manual, it's important to build the manual before contributing:</para>
|
||||
|
||||
<orderedlist>
|
||||
|
||||
<listitem><para><command>$ git clone git://github.com/NixOS/nixpkgs.git</command></para></listitem>
|
||||
|
||||
<listitem><para><command>$ cd nixpkgs/pkgs/top-level</command></para></listitem>
|
||||
|
||||
<listitem><para><command>$ nix-build -A tarball release.nix</command></para></listitem>
|
||||
|
||||
<listitem><para>Inside the built derivation you shall see <literal>manual/index.html</literal> file.</para></listitem>
|
||||
|
||||
</orderedlist>
|
||||
|
||||
</chapter>
|
@ -32,6 +32,7 @@
|
||||
<xi:include href="language-support.xml" />
|
||||
<xi:include href="package-notes.xml" />
|
||||
<xi:include href="coding-conventions.xml" />
|
||||
<xi:include href="contributing.xml" />
|
||||
|
||||
|
||||
</book>
|
||||
|
164
doc/meta.xml
164
doc/meta.xml
@ -17,7 +17,9 @@ meta = {
|
||||
It is fully customizable.
|
||||
'';
|
||||
homepage = http://www.gnu.org/software/hello/manual/;
|
||||
license = "GPLv3+";
|
||||
license = stdenv.lib.licenses.gpl3Plus;
|
||||
maintainers = [ stdenv.lib.maintainers.eelco ];
|
||||
platforms = stdenv.lib.platforms.all;
|
||||
};
|
||||
</programlisting>
|
||||
|
||||
@ -31,16 +33,42 @@ the package. The value of a meta-attribute must a string.</para>
|
||||
command-line using <command>nix-env</command>:
|
||||
|
||||
<screen>
|
||||
$ nix-env -qa hello --meta --xml
|
||||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<items>
|
||||
<item attrPath="hello" name="hello-2.3" system="i686-linux">
|
||||
<meta name="description" value="A program that produces a familiar, friendly greeting" />
|
||||
<meta name="homepage" value="http://www.gnu.org/software/hello/manual/" />
|
||||
<meta name="license" value="GPLv3+" />
|
||||
<meta name="longDescription" value="GNU Hello is a program that prints &quot;Hello, world!&quot; when you run it.&#xA;It is fully customizable.&#xA;" />
|
||||
</item>
|
||||
</items>
|
||||
$ nix-env -qa hello --meta --json
|
||||
{
|
||||
"hello": {
|
||||
"meta": {
|
||||
"description": "A program that produces a familiar, friendly greeting",
|
||||
"homepage": "http://www.gnu.org/software/hello/manual/",
|
||||
"license": {
|
||||
"fullName": "GNU General Public License version 3 or later",
|
||||
"shortName": "GPLv3+",
|
||||
"url": "http://www.fsf.org/licensing/licenses/gpl.html"
|
||||
},
|
||||
"longDescription": "GNU Hello is a program that prints \"Hello, world!\" when you run it.\nIt is fully customizable.\n",
|
||||
"maintainers": [
|
||||
"Ludovic Court\u00e8s <ludo@gnu.org>"
|
||||
],
|
||||
"platforms": [
|
||||
"i686-linux",
|
||||
"x86_64-linux",
|
||||
"armv5tel-linux",
|
||||
"armv7l-linux",
|
||||
"mips64el-linux",
|
||||
"x86_64-darwin",
|
||||
"i686-cygwin",
|
||||
"i686-freebsd",
|
||||
"x86_64-freebsd",
|
||||
"i686-openbsd",
|
||||
"x86_64-openbsd"
|
||||
],
|
||||
"position": "/home/user/dev/nixpkgs/pkgs/applications/misc/hello/ex-2/default.nix:14"
|
||||
},
|
||||
"name": "hello-2.9",
|
||||
"system": "x86_64-linux"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
</screen>
|
||||
|
||||
<command>nix-env</command> knows about the
|
||||
@ -92,20 +120,23 @@ interpretation:</para>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>license</varname></term>
|
||||
<listitem><para>The license for the package. See below for the
|
||||
allowed values.</para></listitem>
|
||||
<listitem><para>The license for the package. One from attribute set defined in
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix">
|
||||
<filename>nixpkgs/lib/licenses.nix</filename></link>.
|
||||
Example:
|
||||
<literal>stdenv.lib.licenses.gpl3</literal>.</para></listitem>
|
||||
See details in <xref linkend='sec-meta-license'/>,
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>maintainers</varname></term>
|
||||
<listitem><para>A list of names and e-mail addresses of the
|
||||
maintainers of this Nix expression, e.g. <literal>["Alice
|
||||
<alice@example.org>" "Bob <bob@example.com>"]</literal>. If
|
||||
you are the maintainer of multiple packages, you may want to add
|
||||
maintainers of this Nix expression. If
|
||||
you would like to be a maintainer of a package, you may want to add
|
||||
yourself to <link
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/lib/maintainers.nix"><filename>pkgs/lib/maintainers.nix</filename></link>
|
||||
and write something like <literal>[stdenv.lib.maintainers.alice
|
||||
stdenv.lib.maintainers.bob]</literal>.</para></listitem>
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/maintainers.nix"><filename>nixpkgs/lib/maintainers.nix</filename></link>
|
||||
and write something like <literal>[ stdenv.lib.maintainers.alice
|
||||
stdenv.lib.maintainers.bob ]</literal>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -121,29 +152,25 @@ interpretation:</para>
|
||||
<varlistentry>
|
||||
<term><varname>platforms</varname></term>
|
||||
<listitem><para>The list of Nix platform types on which the
|
||||
package is supported. If this attribute is set, the package will
|
||||
refuse to build, and won’t show up in <literal>nix-env
|
||||
-qa</literal> output, on any platform not listed
|
||||
here. An example is:
|
||||
package is supported. Hydra builds packages according to the
|
||||
platform specified. If no platform is specified, the package does
|
||||
not have prebuilt binaries. An example is:
|
||||
|
||||
<programlisting>
|
||||
meta.platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" ];
|
||||
</programlisting>
|
||||
|
||||
The set <varname>lib.platforms</varname> defines various common
|
||||
lists of platforms types, so it’s more typical to write:
|
||||
|
||||
<programlisting>
|
||||
meta.platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
|
||||
meta.platforms = stdenv.lib.platforms.linux;
|
||||
</programlisting>
|
||||
|
||||
Attribute Set <varname>stdenv.lib.platforms</varname> in
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/platforms.nix">
|
||||
<filename>nixpkgs/lib/platforms.nix</filename></link> defines various common
|
||||
lists of platforms types.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>hydraPlatforms</varname></term>
|
||||
<listitem><para>The list of Nix platform types for which the Hydra
|
||||
instance at <literal>hydra.nixos.org</literal> should build the
|
||||
instance at <literal>hydra.nixos.org</literal> will build the
|
||||
package. (Hydra is the Nix-based continuous build system.) It
|
||||
defaults to the value of <varname>meta.platforms</varname>. Thus,
|
||||
the only reason to set <varname>meta.hydraPlatforms</varname> is
|
||||
@ -176,80 +203,23 @@ meta.hydraPlatforms = [];
|
||||
|
||||
<section xml:id="sec-meta-license"><title>Licenses</title>
|
||||
|
||||
<note><para>This is just a first attempt at standardising the license
|
||||
attribute.</para></note>
|
||||
|
||||
<para>The <varname>meta.license</varname> attribute must be one of the
|
||||
following:
|
||||
<para>The <varname>meta.license</varname> attribute should preferrably contain
|
||||
a value from <varname>stdenv.lib.licenses</varname> defined in
|
||||
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix">
|
||||
<filename>nixpkgs/lib/licenses.nix</filename></link>,
|
||||
or in-place license description of the same format if the license is
|
||||
unlikely to be useful in another expression.
|
||||
|
||||
A few generic options are available, although it's typically better
|
||||
to indicate the specific license:
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>GPL</varname></term>
|
||||
<listitem><para>GNU General Public License; version not
|
||||
specified.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>GPLv2</varname></term>
|
||||
<listitem><para>GNU General Public License, version
|
||||
2.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>GPLv2+</varname></term>
|
||||
<listitem><para>GNU General Public License, version
|
||||
2 or higher.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>GPLv3</varname></term>
|
||||
<listitem><para>GNU General Public License, version
|
||||
3.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>GPLv3+</varname></term>
|
||||
<listitem><para>GNU General Public License, version
|
||||
3 or higher.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>bsd</varname></term>
|
||||
<listitem><para>Catch-all for licenses that are essentially
|
||||
similar to <link
|
||||
xlink:href="http://www.gnu.org/licenses/license-list.html#ModifiedBSD">the
|
||||
original BSD license with the advertising clause removed</link>,
|
||||
i.e. permissive non-copyleft free software licenses. This
|
||||
includes the <link
|
||||
xlink:href="http://www.gnu.org/licenses/license-list.html#X11License">X11
|
||||
(“MIT”) License</link>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>perl5</varname></term>
|
||||
<listitem><para>The Perl 5 license (Artistic License, version 1
|
||||
and GPL, version 1 or later).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>free</varname></term>
|
||||
<listitem><para>Catch-all for free software licenses not listed
|
||||
above.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>free-copyleft</varname></term>
|
||||
<listitem><para>Catch-all for free, copyleft software licenses not
|
||||
listed above.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>free-non-copyleft</varname></term>
|
||||
<listitem><para>Catch-all for free, non-copyleft software licenses
|
||||
not listed above.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>unfree-redistributable</varname></term>
|
||||
<listitem><para>Unfree package that can be redistributed in binary
|
||||
|
@ -155,9 +155,10 @@ $ git add pkgs/development/libraries/libfoo/default.nix</screen>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>You can use <command>nix-prefetch-url</command>
|
||||
<para>You can use <command>nix-prefetch-url</command> (or similar nix-prefetch-git, etc)
|
||||
<replaceable>url</replaceable> to get the SHA-256 hash of
|
||||
source distributions.</para>
|
||||
source distributions. There are similar commands as <command>nix-prefetch-git</command> and
|
||||
<command>nix-prefetch-hg</command> available in <literal>nix-prefetch-scripts</literal> package.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
@ -221,17 +222,10 @@ $ nix-env -f . -iA libfoo</screen>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Optionally commit the new package, or send a patch to
|
||||
<para>Optionally commit the new package and open a pull request, or send a patch to
|
||||
<literal>nix-dev@cs.uu.nl</literal>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>If you want the TU Delft build farm to build binaries of the
|
||||
package and make them available in the <link
|
||||
xlink:href="http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/"><literal>nixpkgs</literal>
|
||||
channel</link>, add it to <link
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/release.nix"><filename>pkgs/top-level/release.nix</filename></link>.</para>
|
||||
</listitem>
|
||||
|
||||
</orderedlist>
|
||||
|
||||
|
333
lib/licenses.nix
333
lib/licenses.nix
@ -1,25 +1,24 @@
|
||||
{
|
||||
/* License identifiers loosely based on: http://fedoraproject.org/wiki/Licensing
|
||||
let
|
||||
spdx = lic: lic // {
|
||||
url = "http://spdx.org/licenses/${lic.shortName}";
|
||||
};
|
||||
in
|
||||
|
||||
rec {
|
||||
/* License identifiers from spdx.org where possible.
|
||||
* If you cannot find your license here, then look for a similar license or
|
||||
* add it to this list. The URL mentioned above is a good source for inspiration.
|
||||
*/
|
||||
|
||||
artistic2 = {
|
||||
shortName = "Artistic 2.0";
|
||||
fullName = "Artistic 2.0";
|
||||
url = "http://opensource.org/licenses/artistic-license-2.0.php";
|
||||
};
|
||||
|
||||
agpl3 = {
|
||||
shortName = "AGPLv3";
|
||||
fullName = "GNU Affero General Public License version 3 only";
|
||||
url = https://www.gnu.org/licenses/agpl.html;
|
||||
agpl3 = spdx {
|
||||
shortName = "AGPL-3.0";
|
||||
fullName = "GNU Affero General Public License v3.0";
|
||||
};
|
||||
|
||||
agpl3Plus = {
|
||||
shortName = "AGPLv3+";
|
||||
fullName = "GNU Affero General Public License version 3 or later";
|
||||
url = https://www.gnu.org/licenses/agpl.html;
|
||||
shortName = "AGPL-3.0+";
|
||||
fullName = "GNU Affero General Public License v3.0 or later";
|
||||
inherit (agpl3) url;
|
||||
};
|
||||
|
||||
amd = {
|
||||
@ -28,118 +27,149 @@
|
||||
url = http://developer.amd.com/amd-license-agreement/;
|
||||
};#
|
||||
|
||||
apsl20 = {
|
||||
shortName = "APSL 2.0";
|
||||
apsl20 = spdx {
|
||||
shortName = "APSL-2.0";
|
||||
fullName = "Apple Public Source License 2.0";
|
||||
url = http://opensource.org/licenses/APSL-2.0;
|
||||
};
|
||||
|
||||
asl20 = {
|
||||
shortName = "ASL2.0";
|
||||
fullName = "Apache Software License 2.0";
|
||||
url = http://www.apache.org/licenses/LICENSE-2.0;
|
||||
artistic2 = spdx {
|
||||
shortName = "Artistic-2.0";
|
||||
fullName = "Artistic License 2.0";
|
||||
};
|
||||
|
||||
boost = {
|
||||
shortName = "boost";
|
||||
fullName = "Boost Software License";
|
||||
url = http://www.boost.org/LICENSE_1_0.txt;
|
||||
asl20 = spdx {
|
||||
shortName = "Apache-2.0";
|
||||
fullName = "Apache License 2.0";
|
||||
};
|
||||
|
||||
bsd2 = {
|
||||
shortName = "BSD-2";
|
||||
fullName = "BSD license (2 clause)";
|
||||
url = http://opensource.org/licenses/BSD-2-Clause;
|
||||
boost = spdx {
|
||||
shortName = "BSL-1.0";
|
||||
fullName = "Boost Software License 1.0";
|
||||
};
|
||||
|
||||
bsd3 = {
|
||||
shortName = "BSD-3";
|
||||
fullName = "BSD license (3 clause)";
|
||||
url = http://opensource.org/licenses/BSD-3-Clause;
|
||||
bsd2 = spdx {
|
||||
shortName = "BSD-2-Clause";
|
||||
fullName = ''BSD 2-clause "Simplified" License'';
|
||||
};
|
||||
|
||||
bsdOriginal = {
|
||||
shortName = "BSD-original";
|
||||
fullName = "Original BSD license with advertising clause";
|
||||
url = https://fedoraproject.org/wiki/Licensing/BSD;
|
||||
bsd3 = spdx {
|
||||
shortName = "BSD-3-Clause";
|
||||
fullName = ''BSD 3-clause "New" or "Revised" License'';
|
||||
};
|
||||
|
||||
cc-by-30 = {
|
||||
shortName = "CC BY 3.0";
|
||||
bsdOriginal = spdx {
|
||||
shortName = "BSD-4-Clause";
|
||||
fullName = ''BSD 4-clause "Original" or "Old" License'';
|
||||
};
|
||||
|
||||
cc-by-30 = spdx {
|
||||
shortName = "CC-BY-3.0";
|
||||
fullName = "Creative Commons Attribution 3.0";
|
||||
url = http://creativecommons.org/licenses/by/3.0;
|
||||
};
|
||||
|
||||
cddl = {
|
||||
shortName = "CDDL";
|
||||
fullName = "Common Development Distribution License ";
|
||||
url = http://www.opensolaris.org/os/licensing/cddllicense.txt;
|
||||
cddl = spdx {
|
||||
shortName = "CDDL-1.0";
|
||||
fullName = "Common Development and Distribution License 1.0";
|
||||
};
|
||||
|
||||
cpl10 = {
|
||||
shortName = "CPL 1.0";
|
||||
fullName = "Common Public License version 1.0";
|
||||
url = http://www.eclipse.org/legal/cpl-v10.html;
|
||||
cecill-c = spdx {
|
||||
shortName = "CECILL-C";
|
||||
fullName = "CeCILL-C Free Software License Agreement";
|
||||
};
|
||||
|
||||
epl10 = {
|
||||
shortName = "EPL 1.0";
|
||||
fullName = "Eclipse Public License version 1.0";
|
||||
url = http://www.eclipse.org/legal/epl-v10.html;
|
||||
cpl10 = spdx {
|
||||
shortName = "CPL-1.0";
|
||||
fullName = "Common Public License 1.0";
|
||||
};
|
||||
|
||||
gpl2 = {
|
||||
shortName = "GPLv2";
|
||||
fullName = "GNU General Public License version 2";
|
||||
url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
|
||||
epl10 = spdx {
|
||||
shortName = "EPL-1.0";
|
||||
fullName = "Eclipse Public License 1.0";
|
||||
};
|
||||
|
||||
free = "free";
|
||||
|
||||
gpl2 = spdx {
|
||||
shortName = "GPL-2.0";
|
||||
fullName = "GNU General Public License v2.0 only";
|
||||
};
|
||||
|
||||
gpl2Oss = {
|
||||
shortName = "GPLv2+OSS";
|
||||
shortName = "GPL-2.0-with-OSS";
|
||||
fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)";
|
||||
url = http://www.mysql.com/about/legal/licensing/foss-exception;
|
||||
};
|
||||
|
||||
gpl2Plus = {
|
||||
shortName = "GPLv2+";
|
||||
fullName = "GNU General Public License version 2 or later";
|
||||
url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
|
||||
gpl2Plus = spdx {
|
||||
shortName = "GPL-2.0+";
|
||||
fullName = "GNU General Public License v2.0 or later";
|
||||
};
|
||||
|
||||
gpl3 = {
|
||||
shortName = "GPLv3";
|
||||
fullName = "GNU General Public License version 3 only";
|
||||
url = http://www.fsf.org/licensing/licenses/gpl.html;
|
||||
gpl3 = spdx {
|
||||
shortName = "GPL-3.0";
|
||||
fullName = "GNU General Public License v3.0 only";
|
||||
};
|
||||
|
||||
gpl3Plus = {
|
||||
shortName = "GPLv3+";
|
||||
fullName = "GNU General Public License version 3 or later";
|
||||
url = http://www.fsf.org/licensing/licenses/gpl.html;
|
||||
gpl3Plus = spdx {
|
||||
shortName = "GPL-3.0+";
|
||||
fullName = "GNU General Public License v3.0 or later";
|
||||
};
|
||||
|
||||
gpl3ClasspathPlus = {
|
||||
shortName = "GPLv3+classpath+";
|
||||
fullName = "GNU General Public License version 3 or later (with Classpath exception)";
|
||||
shortName = "GPL-3.0+-with-classpath-exception";
|
||||
fullName = "GNU General Public License v3.0 or later (with Classpath exception)";
|
||||
url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
|
||||
};
|
||||
|
||||
isc = {
|
||||
inria = {
|
||||
shortName = "INRIA-NCLA";
|
||||
fullName = "INRIA Non-Commercial License Agreement";
|
||||
url = "http://compcert.inria.fr/doc/LICENSE";
|
||||
};
|
||||
|
||||
ipa = spdx {
|
||||
shortName = "IPA";
|
||||
fullName = "IPA Font License";
|
||||
};
|
||||
|
||||
ipl10 = spdx {
|
||||
shortName = "IPL-1.0";
|
||||
fullName = "IBM Public License v1.0";
|
||||
};
|
||||
|
||||
isc = spdx {
|
||||
shortName = "ISC";
|
||||
fullName = "Internet Systems Consortium License";
|
||||
url = http://www.opensource.org/licenses/ISC;
|
||||
fullName = "ISC License";
|
||||
};
|
||||
|
||||
ipl10 = {
|
||||
shortName = "IPL 1.0";
|
||||
fullName = "IBM Public License Version 1.0";
|
||||
url = http://www.ibm.com/developerworks/opensource/library/os-i18n2/os-ipl.html;
|
||||
lgpl2 = spdx {
|
||||
shortName = "LGPL-2.0";
|
||||
fullName = "GNU Library General Public License v2 only";
|
||||
};
|
||||
|
||||
ijg = {
|
||||
shortName = "IJG";
|
||||
fullName = "Independent JPEG Group License";
|
||||
url = https://fedoraproject.org/wiki/Licensing/IJG;
|
||||
lgpl2Plus = spdx {
|
||||
shortName = "LGPL-2.0+";
|
||||
fullName = "GNU Library General Public License v2 or later";
|
||||
};
|
||||
|
||||
lgpl21 = spdx {
|
||||
shortName = "LGPL-2.1";
|
||||
fullName = "GNU Library General Public License v2.1 only";
|
||||
};
|
||||
|
||||
lgpl21Plus = spdx {
|
||||
shortName = "LGPL-2.1+";
|
||||
fullName = "GNU Library General Public License v2.1 or later";
|
||||
};
|
||||
|
||||
lgpl3 = spdx {
|
||||
shortName = "LGPL-3.0";
|
||||
fullName = "GNU Lesser General Public License v3.0 only";
|
||||
};
|
||||
|
||||
lgpl3Plus = spdx {
|
||||
shortName = "LGPL-3.0+";
|
||||
fullName = "GNU Lesser General Public License v3.0 or later";
|
||||
};
|
||||
|
||||
libtiff = {
|
||||
@ -148,76 +178,47 @@
|
||||
url = https://fedoraproject.org/wiki/Licensing/libtiff;
|
||||
};
|
||||
|
||||
lgpl2 = {
|
||||
shortName = "LGPLv2";
|
||||
fullName = "GNU Library General Public License version 2";
|
||||
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
|
||||
};
|
||||
|
||||
lgpl2Plus = {
|
||||
shortName = "LGPLv2+";
|
||||
fullName = "GNU Library General Public License version 2 or later";
|
||||
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
|
||||
};
|
||||
|
||||
lgpl21 = {
|
||||
shortName = "LGPLv2.1";
|
||||
fullName = "GNU Lesser General Public License version 2.1";
|
||||
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html;
|
||||
};
|
||||
|
||||
lgpl21Plus = {
|
||||
shortName = "LGPLv2.1+";
|
||||
fullName = "GNU Lesser General Public License version 2.1 or later";
|
||||
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html;
|
||||
};
|
||||
|
||||
llgpl21 = {
|
||||
shortName = "LLGPLv2.1";
|
||||
shortName = "LLGPL-2.1";
|
||||
fullName = "Lisp LGPL; GNU Lesser General Public License version 2.1 with Franz Inc. preamble for clarification of LGPL terms in context of Lisp";
|
||||
url = http://opensource.franz.com/preamble.html;
|
||||
};
|
||||
|
||||
lgpl3 = {
|
||||
shortName = "LGPLv3";
|
||||
fullName = "GNU Lesser General Public License version 3 only";
|
||||
url = http://www.fsf.org/licensing/licenses/lgpl.html;
|
||||
};
|
||||
|
||||
lgpl3Plus = {
|
||||
shortName = "LGPLv3+";
|
||||
fullName = "GNU Lesser General Public License version 3 or later";
|
||||
url = http://www.fsf.org/licensing/licenses/lgpl.html;
|
||||
};
|
||||
|
||||
mit = {
|
||||
mit = spdx {
|
||||
shortName = "MIT";
|
||||
fullName = "MIT/X11 license";
|
||||
url = http://www.opensource.org/licenses/mit-license.php;
|
||||
fullName = "MIT License";
|
||||
};
|
||||
|
||||
mpl11 = {
|
||||
shortName = "MPL1.1";
|
||||
fullName = "Mozilla Public License version 1.1";
|
||||
url = http://www.mozilla.org/MPL/MPL-1.1.html;
|
||||
mpl11 = spdx {
|
||||
shortName = "MPL-1.1";
|
||||
fullName = "Mozilla Public License 1.1";
|
||||
};
|
||||
|
||||
mpl20 = {
|
||||
shortName = "MPL2.0";
|
||||
fullName = "Mozilla Public License version 2.0";
|
||||
url = https://www.mozilla.org/MPL/2.0;
|
||||
mpl20 = spdx {
|
||||
shortName = "MPL-2.0";
|
||||
fullName = "Mozilla Public License 2.0";
|
||||
};
|
||||
|
||||
ofl = {
|
||||
shortName = "OFL";
|
||||
fullName = "SIL Open Font License";
|
||||
url = "http://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&id=OFL_web";
|
||||
msrla = {
|
||||
shortName = "MSR-LA";
|
||||
fullName = "Microsoft Research License Agreement";
|
||||
url = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
|
||||
};
|
||||
|
||||
openssl = {
|
||||
shortName = "openssl";
|
||||
fullName = "OpenSSL license";
|
||||
url = http://www.openssl.org/source/license.html;
|
||||
ofl = spdx {
|
||||
shortName = "OFL-1.1";
|
||||
fullName = "SIL Open Font License 1.1";
|
||||
};
|
||||
|
||||
openssl = spdx {
|
||||
shortName = "OpenSSL";
|
||||
fullName = "OpenSSL License";
|
||||
};
|
||||
|
||||
psfl = spdx {
|
||||
shortName = "Python-2.0";
|
||||
fullName = "Python Software Foundation License version 2";
|
||||
#url = http://docs.python.org/license.html;
|
||||
};
|
||||
|
||||
publicDomain = {
|
||||
@ -225,10 +226,9 @@
|
||||
fullname = "Public Domain";
|
||||
};
|
||||
|
||||
psfl = {
|
||||
shortName = "PSFL";
|
||||
fullName = "Python Software Foundation License";
|
||||
url = http://docs.python.org/license.html;
|
||||
sleepycat = spdx {
|
||||
shortName = "Sleepycat";
|
||||
fullName = "Sleepycat License";
|
||||
};
|
||||
|
||||
tcltk = {
|
||||
@ -243,45 +243,26 @@
|
||||
|
||||
unfreeRedistributableFirmware = "unfree-redistributable-firmware";
|
||||
|
||||
zlib = {
|
||||
shortName = "zlib";
|
||||
fullName = "zlib license";
|
||||
url = http://www.gzip.org/zlib/zlib_license.html;
|
||||
wadalab = {
|
||||
shortName = "wadalab";
|
||||
fullName = "Wadalab Font License";
|
||||
url = https://fedoraproject.org/wiki/Licensing:Wadalab?rd=Licensing/Wadalab;
|
||||
};
|
||||
|
||||
zpt20 = {
|
||||
shortName = "ZPT2.0";
|
||||
zlib = spdx {
|
||||
shortName = "Zlib";
|
||||
fullName = "zlib License";
|
||||
};
|
||||
|
||||
zpt20 = spdx { # FIXME: why zpt* instead of zpl*
|
||||
shortName = "ZPL-2.0";
|
||||
fullName = "Zope Public License 2.0";
|
||||
url = "http://old.zope.org/Resources/License/ZPL-2.0";
|
||||
};
|
||||
|
||||
zpt21 = {
|
||||
shortName = "ZPT2.1";
|
||||
zpt21 = spdx {
|
||||
shortName = "ZPL-2.1";
|
||||
fullName = "Zope Public License 2.1";
|
||||
url = "http://old.zope.org/Resources/License/ZPL-2.1";
|
||||
};
|
||||
|
||||
sleepycat = {
|
||||
shortName = "Sleepycat";
|
||||
fullName = "Sleepycat Public License";
|
||||
url = "https://en.wikipedia.org/wiki/Sleepycat_License";
|
||||
};
|
||||
|
||||
cecill-c = {
|
||||
shortName = "CeCILL-C";
|
||||
fullName = "CEA CNRS INRIA Logiciel Libre";
|
||||
url = "http://www.cecill.info/licences.en.html";
|
||||
};
|
||||
|
||||
msrla = {
|
||||
shortName = "MSR-LA";
|
||||
fullName = "Microsoft Research License Agreement";
|
||||
url = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
|
||||
};
|
||||
|
||||
inria = {
|
||||
shortName = "INRIA-NCLA";
|
||||
fullName = "INRIA Non-Commercial License Agreement";
|
||||
url = "http://compcert.inria.fr/doc/LICENSE";
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -6,6 +6,7 @@
|
||||
|
||||
_1126 = "Christian Lask <mail@elfsechsundzwanzig.de>";
|
||||
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
|
||||
ak = "Alexander Kjeldaas <ak@formalprivacy.com>";
|
||||
akc = "Anders Claesson <akc@akc.is>";
|
||||
algorith = "Dries Van Daele <dries_van_daele@telenet.be>";
|
||||
all = "Nix Committers <nix-commits@lists.science.uu.nl>";
|
||||
@ -25,27 +26,32 @@
|
||||
bjornfor = "Bjørn Forsman <bjorn.forsman@gmail.com>";
|
||||
bluescreen303 = "Mathijs Kwik <mathijs@bluescreen303.nl>";
|
||||
bodil = "Bodil Stokke <nix@bodil.org>";
|
||||
bosu = "Boris Sukholitko <boriss@gmail.com>";
|
||||
calrama = "Moritz Maxeiner <moritz@ucworks.org>";
|
||||
cfouche = "Chaddaï Fouché <chaddai.fouche@gmail.com>";
|
||||
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
|
||||
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
|
||||
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
|
||||
cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
|
||||
DamienCassou = "Damien Cassou <damien.cassou@gmail.com>";
|
||||
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
|
||||
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
|
||||
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
|
||||
emery = "Emery Hemingway <emery@vfemail.net>";
|
||||
ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
|
||||
falsifian = "James Cook <james.cook@utoronto.ca>";
|
||||
flosse = "Markus Kohlhase <mail@markus-kohlhase.de>";
|
||||
fuuzetsu = "Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>";
|
||||
garbas = "Rok Garbas <rok@garbas.si>";
|
||||
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
|
||||
guibert = "David Guibert <david.guibert@gmail.com>";
|
||||
hinton = "Tom Hinton <t@larkery.com>";
|
||||
hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";
|
||||
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
|
||||
iElectric = "Domen Kozar <domen@dev.si>";
|
||||
iyzsong = "Song Wenwu <iyzsong@gmail.com>";
|
||||
jcumming = "Jack Cummings <jack@mudshark.org>";
|
||||
jgeerds = "Jascha Geerds <jg@ekby.de>";
|
||||
joamaki = "Jussi Maki <joamaki@gmail.com>";
|
||||
joelteon = "Joel Taylor <me@joelt.io>";
|
||||
jwiegley = "John Wiegley <johnw@newartisans.com>";
|
||||
@ -58,9 +64,11 @@
|
||||
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
|
||||
marcweber = "Marc Weber <marco-oweber@gmx.de>";
|
||||
matejc = "Matej Cotman <cotman.matej@gmail.com>";
|
||||
meisternu = "Matt Miemiec <meister@krutt.org>";
|
||||
modulistic = "Pablo Costa <modulistic@gmail.com>";
|
||||
mornfall = "Petr Ročkai <me@mornfall.net>";
|
||||
msackman = "Matthew Sackman <matthew@wellquite.org>";
|
||||
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
|
||||
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
|
||||
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
|
||||
orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
|
||||
@ -74,6 +82,7 @@
|
||||
qknight = "Joachim Schiele <js@lastlog.de>";
|
||||
raskin = "Michael Raskin <7c6f434c@mail.ru>";
|
||||
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
|
||||
refnil = "Martin Lavoie <broemartino@gmail.com>";
|
||||
relrod = "Ricky Elrod <ricky@elrod.me>";
|
||||
rickynils = "Rickard Nilsson <rickynils@gmail.com>";
|
||||
rob = "Rob Vermaas <rob.vermaas@gmail.com>";
|
||||
@ -84,13 +93,16 @@
|
||||
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
|
||||
shlevy = "Shea Levy <shea@shealevy.com>";
|
||||
simons = "Peter Simons <simons@cryp.to>";
|
||||
skeidel = "Sven Keidel <svenkeidel@gmail.com>";
|
||||
smironov = "Sergey Mironov <ierton@gmail.com>";
|
||||
sprock = "Roger Mason <rmason@mun.ca>";
|
||||
tailhook = "Paul Colomiets <paul@colomiets.name>";
|
||||
thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
|
||||
the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
|
||||
thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
|
||||
tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
|
||||
ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
|
||||
tv = "Tomislav Viljetić <tv@shackspace.de>";
|
||||
urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
|
||||
vbmithr = "Vincent Bernardoff <vb@luminar.eu.org>";
|
||||
vcunat = "Vladimír Čunát <vcunat@gmail.com>";
|
||||
@ -99,6 +111,8 @@
|
||||
vlstill = "Vladimír Štill <xstill@fi.muni.cz>";
|
||||
winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
|
||||
wizeman = "Ricardo M. Correia <rcorreia@wizy.org>";
|
||||
wjlroe = "William Roe <willroe@gmail.com>";
|
||||
wkennington = "William A. Kennington III <william@wkennington.com>";
|
||||
wmertens = "Wout Mertens <Wout.Mertens@gmail.com>";
|
||||
z77z = "Marco Maggesi <maggesi@math.unifi.it>";
|
||||
zef = "Zef Hemel <zef@zef.me>";
|
||||
|
@ -194,7 +194,7 @@ rec {
|
||||
|
||||
is transformed into
|
||||
|
||||
[ { boot = set1; } { boot = mkIf cond set2; services mkIf cond set3; } ].
|
||||
[ { boot = set1; } { boot = mkIf cond set2; services = mkIf cond set3; } ].
|
||||
|
||||
This transform is the critical step that allows mkIf conditions
|
||||
to refer to the full configuration without creating an infinite
|
||||
|
@ -11,6 +11,6 @@ rec {
|
||||
unix = linux ++ darwin ++ freebsd ++ openbsd;
|
||||
all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd;
|
||||
none = [];
|
||||
allBut = platform: lists.filter (x: platform != x) all;
|
||||
allBut = platforms: lists.filter (x: !(builtins.elem x platforms)) all;
|
||||
mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux"];
|
||||
}
|
||||
|
@ -1,146 +0,0 @@
|
||||
/* Tool to sort attribute sets. Primarily useful for keeping
|
||||
all-packages.nix tidy.
|
||||
|
||||
To compile:
|
||||
|
||||
$ strc -i ../../maintainers/scripts/sort-attrs.str -la stratego-lib
|
||||
|
||||
Typical invocation:
|
||||
|
||||
$ sglr -m -p ~/Dev/nix/src/libexpr/nix.tbl -i all-packages.nix \
|
||||
| implode-asfix --lex \
|
||||
| ../../maintainers/scripts/sort-attrs \
|
||||
| asfix-yield
|
||||
*/
|
||||
|
||||
module sort-attrs
|
||||
|
||||
imports
|
||||
libstratego-lib
|
||||
libstratego-sglr
|
||||
|
||||
|
||||
strategies
|
||||
|
||||
no-wsp = !appl(prod([], cf(opt(layout())), no-attrs()), [])
|
||||
|
||||
|
||||
rules
|
||||
|
||||
list-sep(s): [] -> []
|
||||
list-sep(s): [x | xs] -> [[x | before] | <list-sep(s)> [split | after]]
|
||||
where
|
||||
<split-fetch-keep(s)> xs => (before, split, after)
|
||||
list-sep(s): [x | xs] -> [[x | xs]]
|
||||
where
|
||||
<not(split-fetch-keep(s))> xs
|
||||
|
||||
list-sep-end(s): xs -> [<conc> (before, [split]) | <list-sep-end(s)> after]
|
||||
where
|
||||
<split-fetch-keep(s)> xs => (before, split, after)
|
||||
list-sep-end(s): xs -> [xs]
|
||||
where
|
||||
<not(split-fetch-keep(s))> xs
|
||||
|
||||
|
||||
sort-attrs:
|
||||
appl(p@prod(_, _, attrs([term(cons("Attrs"))])),
|
||||
[ lit("{")
|
||||
, ws1
|
||||
, appl(p2@list(cf(iter-star(sort("Bind")))), attrs)
|
||||
, ws2
|
||||
, lit("}")
|
||||
]
|
||||
) ->
|
||||
appl(p, [lit("{"), <no-wsp>, appl(p2, <concat> attrs'), ws2, lit("}")])
|
||||
where
|
||||
<debug> "found it";
|
||||
<attach-wsp> [ws1 | attrs] => withWSP;
|
||||
<list-sep(starts-section)> withWSP => groups;
|
||||
<length; debug> groups;
|
||||
<map({x', x'', x''', xs', starts, starts': \[x | xs] -> [x''' | xs']
|
||||
where
|
||||
<remove-section-start> x => (x', starts);
|
||||
<map(regularise-empty-lines); if !starts; debug; sortable-section; debug then qsort(compare-attrs) else id end> [x' | xs] => [x'' | xs'];
|
||||
<[] <+ \x -> ["\n\n\n" | x]\ > starts => starts';
|
||||
<prepend-layout> (starts', x'') => x'''
|
||||
\ })> groups => attrs';
|
||||
<debug> "did it"
|
||||
|
||||
|
||||
attach-wsp: [a, b | cs] -> [(a, b) | <attach-wsp> cs]
|
||||
attach-wsp: [] -> []
|
||||
|
||||
|
||||
strategies
|
||||
|
||||
starts-section =
|
||||
?x@(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr);
|
||||
<implode-string; is-substring(!"###")> cs;
|
||||
!x
|
||||
|
||||
rules
|
||||
|
||||
|
||||
sortable-section = ?[s]; !s; explode-string; not(fetch({x: ?x; !(x, 97); geq}))
|
||||
|
||||
|
||||
remove-section-start:
|
||||
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr) ->
|
||||
((appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs'), attr), starts)
|
||||
where
|
||||
!cs;
|
||||
list-sep-end(?10); // separate into lines, keeping the \n
|
||||
map(implode-string);
|
||||
partition(where(is-substring(!"###"))) => (starts, rest);
|
||||
<map(explode-string); concat> rest => cs'
|
||||
|
||||
|
||||
regularise-empty-lines:
|
||||
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr) ->
|
||||
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs''), attr)
|
||||
where
|
||||
// separate into lines, keeping the \n
|
||||
// last whitespace is significant, keep
|
||||
<list-sep-end(?10); split-init-last> cs => (init, last);
|
||||
<regularise-empty-lines'> init => cs'; // remove whitespace-only lines
|
||||
<concat> [<explode-string> "\n\n", <concat> cs', last] => cs'' // add one empty line
|
||||
|
||||
/* Dirty hack: *do* keep the first empty line following a non-empty line. !!! order matters */
|
||||
regularise-empty-lines': [] -> []
|
||||
|
||||
regularise-empty-lines': [x, y | xs] -> [x, y | <regularise-empty-lines'> xs]
|
||||
where
|
||||
<fetch-elem(not(?10 <+ ?32))> x;
|
||||
<not(fetch-elem(not(?10 <+ ?32)))> y
|
||||
|
||||
regularise-empty-lines': [x | xs] -> [x | <regularise-empty-lines'> xs]
|
||||
where <fetch-elem(not(?10 <+ ?32))> x
|
||||
|
||||
regularise-empty-lines': [x | xs] -> <regularise-empty-lines'> xs
|
||||
where <not(fetch-elem(not(?10 <+ ?32)))> x
|
||||
|
||||
|
||||
prepend-layout:
|
||||
(text, (appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr)) ->
|
||||
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs''), attr)
|
||||
where
|
||||
<implode-string> cs => cs';
|
||||
<conc-strings; explode-string> (<concat-strings> text, cs') => cs''
|
||||
|
||||
|
||||
compare-attrs:
|
||||
x@
|
||||
( (_, appl(p1@prod(_, _, attrs([term(cons("Bind"))])), [id1 | xs1]))
|
||||
, (_, appl(p2@prod(_, _, attrs([term(cons("Bind"))])), [id2 | xs2]))
|
||||
)
|
||||
-> x
|
||||
where
|
||||
<string-lt> (id1, id2)
|
||||
|
||||
|
||||
strategies
|
||||
|
||||
main = io-wrap(
|
||||
oncetd(sort-attrs)
|
||||
)
|
12
nixos/doc/manual/README
Normal file
12
nixos/doc/manual/README
Normal file
@ -0,0 +1,12 @@
|
||||
To build the manual, you need Nix installed on your system (no need
|
||||
for NixOS). To install Nix, follow the instructions at
|
||||
|
||||
https://nixos.org/nix/download.html
|
||||
|
||||
When you have Nix on your system, in the root directory of the project
|
||||
(i.e., `nixpkgs`), run:
|
||||
|
||||
nix-build nixos/release.nix -A manual.x86_64-linux
|
||||
|
||||
When this command successfully finishes, it will tell you where the
|
||||
manual got generated.
|
@ -1036,21 +1036,22 @@ users.extraUsers.alice =
|
||||
{ createHome = true;
|
||||
home = "/home/alice";
|
||||
description = "Alice Foobar";
|
||||
extraGroups = [ "wheel" ];
|
||||
extraGroups = [ "wheel" "networkmanager" ];
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
|
||||
};
|
||||
</programlisting>
|
||||
|
||||
Note that <literal>alice</literal> is a member of the
|
||||
<literal>wheel</literal> group, which allows her to use
|
||||
<command>sudo</command> to execute commands as
|
||||
<literal>root</literal>. Also note the SSH public key that allows
|
||||
remote logins with the corresponding private key. Users created in
|
||||
this way do not have a password by default, so they cannot log in via
|
||||
mechanisms that require a password. However, you can use the
|
||||
<command>passwd</command> program to set a password, which is retained
|
||||
across invocations of <command>nixos-rebuild</command>.</para>
|
||||
<literal>wheel</literal> and <literal>networkmanager</literal> groups,
|
||||
which allows her to use <command>sudo</command> to execute commands as
|
||||
<literal>root</literal> and to configure the network, respectively.
|
||||
Also note the SSH public key that allows remote logins with the
|
||||
corresponding private key. Users created in this way do not have a
|
||||
password by default, so they cannot log in via mechanisms that require
|
||||
a password. However, you can use the <command>passwd</command> program
|
||||
to set a password, which is retained across invocations of
|
||||
<command>nixos-rebuild</command>.</para>
|
||||
|
||||
<para>A user ID (uid) is assigned automatically. You can also specify
|
||||
a uid manually by adding
|
||||
@ -1277,6 +1278,28 @@ services.xserver.synaptics.twoFingerScroll = true;
|
||||
|
||||
<section xml:id="sec-networking"><title>Networking</title>
|
||||
|
||||
<section xml:id="sec-networkmanager"><title>NetworkManager</title>
|
||||
|
||||
<para>To facilitate network configuration, some desktop environments
|
||||
use NetworkManager. You can enable NetworkManager by setting:
|
||||
|
||||
<programlisting>
|
||||
services.networkmanager.enable = true;
|
||||
</programlisting>
|
||||
|
||||
Some desktop managers (e.g., GNOME) enable NetworkManager
|
||||
automatically for you.</para>
|
||||
|
||||
<para>All users that should have permission to change network settings
|
||||
must belong to the <code>networkmanager</code> group.</para>
|
||||
|
||||
<note><para><code>services.networkmanager</code> and
|
||||
<code>services.wireless</code> can not be enabled at the same time:
|
||||
you can still connect to the wireless networks using
|
||||
NetworkManager.</para></note>
|
||||
|
||||
</section>
|
||||
|
||||
<section xml:id="sec-ssh"><title>Secure shell access</title>
|
||||
|
||||
<para>Secure shell (SSH) access to your machine can be enabled by
|
||||
@ -1399,6 +1422,11 @@ always allowed.)</para>
|
||||
|
||||
<section xml:id="sec-wireless"><title>Wireless networks</title>
|
||||
|
||||
<para>For a desktop installation using NetworkManager (e.g., GNOME),
|
||||
you just have to make sure the user is in the
|
||||
<code>networkmanager</code> group and you can skip the rest of this
|
||||
section on wireless networks.</para>
|
||||
|
||||
<para>
|
||||
NixOS will start wpa_supplicant for you if you enable this setting:
|
||||
|
||||
|
@ -1,5 +1,6 @@
|
||||
{ pkgs, options, version, revision }:
|
||||
|
||||
with pkgs;
|
||||
with pkgs.lib;
|
||||
|
||||
let
|
||||
@ -22,7 +23,7 @@ let
|
||||
|
||||
optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML options''));
|
||||
|
||||
optionsDocBook = pkgs.runCommand "options-db.xml" {} ''
|
||||
optionsDocBook = runCommand "options-db.xml" {} ''
|
||||
if grep /nixpkgs/nixos/modules ${optionsXML}; then
|
||||
echo "The manual appears to depend on the location of Nixpkgs, which is bad"
|
||||
echo "since this prevents sharing via the NixOS channel. This is typically"
|
||||
@ -30,7 +31,7 @@ let
|
||||
echo "for hints about the offending path)."
|
||||
exit 1
|
||||
fi
|
||||
${pkgs.libxslt}/bin/xsltproc \
|
||||
${libxslt}/bin/xsltproc \
|
||||
--stringparam revision '${revision}' \
|
||||
-o $out ${./options-to-docbook.xsl} ${optionsXML}
|
||||
'';
|
||||
@ -38,12 +39,12 @@ let
|
||||
in rec {
|
||||
|
||||
# Generate the NixOS manual.
|
||||
manual = pkgs.stdenv.mkDerivation {
|
||||
manual = stdenv.mkDerivation {
|
||||
name = "nixos-manual";
|
||||
|
||||
sources = sourceFilesBySuffices ./. [".xml"];
|
||||
|
||||
buildInputs = [ pkgs.libxml2 pkgs.libxslt ];
|
||||
buildInputs = [ libxml2 libxslt ];
|
||||
|
||||
xsltFlags = ''
|
||||
--param section.autolabel 1
|
||||
@ -62,19 +63,19 @@ in rec {
|
||||
|
||||
# Check the validity of the manual sources.
|
||||
xmllint --noout --nonet --xinclude --noxincludenode \
|
||||
--relaxng ${pkgs.docbook5}/xml/rng/docbook/docbook.rng \
|
||||
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
|
||||
manual.xml
|
||||
|
||||
# Generate the HTML manual.
|
||||
dst=$out/share/doc/nixos
|
||||
ensureDir $dst
|
||||
mkdir -p $dst
|
||||
xsltproc $xsltFlags --nonet --xinclude \
|
||||
--output $dst/manual.html \
|
||||
${pkgs.docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
|
||||
${docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
|
||||
./manual.xml
|
||||
|
||||
mkdir -p $dst/images/callouts
|
||||
cp ${pkgs.docbook5_xsl}/xml/xsl/docbook/images/callouts/*.gif $dst/images/callouts/
|
||||
cp ${docbook5_xsl}/xml/xsl/docbook/images/callouts/*.gif $dst/images/callouts/
|
||||
|
||||
cp ${./style.css} $dst/style.css
|
||||
|
||||
@ -86,13 +87,39 @@ in rec {
|
||||
meta.description = "The NixOS manual in HTML format";
|
||||
};
|
||||
|
||||
manualPDF = stdenv.mkDerivation {
|
||||
name = "nixos-manual-pdf";
|
||||
|
||||
sources = sourceFilesBySuffices ./. [".xml"];
|
||||
|
||||
buildInputs = [ libxml2 libxslt dblatex tetex ];
|
||||
|
||||
buildCommand = ''
|
||||
# TeX needs a writable font cache.
|
||||
export VARTEXFONTS=$TMPDIR/texfonts
|
||||
|
||||
ln -s $sources/*.xml . # */
|
||||
ln -s ${optionsDocBook} options-db.xml
|
||||
echo "${version}" > version
|
||||
|
||||
dst=$out/share/doc/nixos
|
||||
mkdir -p $dst
|
||||
xmllint --xinclude manual.xml | dblatex -o $dst/manual.pdf - \
|
||||
-P doc.collab.show=0 \
|
||||
-P latex.output.revhistory=0
|
||||
|
||||
mkdir -p $out/nix-support
|
||||
echo "doc-pdf manual $dst/manual.pdf" >> $out/nix-support/hydra-build-products
|
||||
''; # */
|
||||
};
|
||||
|
||||
# Generate the NixOS manpages.
|
||||
manpages = pkgs.stdenv.mkDerivation {
|
||||
manpages = stdenv.mkDerivation {
|
||||
name = "nixos-manpages";
|
||||
|
||||
sources = sourceFilesBySuffices ./. [".xml"];
|
||||
|
||||
buildInputs = [ pkgs.libxml2 pkgs.libxslt ];
|
||||
buildInputs = [ libxml2 libxslt ];
|
||||
|
||||
buildCommand = ''
|
||||
ln -s $sources/*.xml . # */
|
||||
@ -100,7 +127,7 @@ in rec {
|
||||
|
||||
# Check the validity of the manual sources.
|
||||
xmllint --noout --nonet --xinclude --noxincludenode \
|
||||
--relaxng ${pkgs.docbook5}/xml/rng/docbook/docbook.rng \
|
||||
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
|
||||
./man-pages.xml
|
||||
|
||||
# Generate manpages.
|
||||
@ -109,7 +136,7 @@ in rec {
|
||||
--param man.output.in.separate.dir 1 \
|
||||
--param man.output.base.dir "'$out/share/man/'" \
|
||||
--param man.endnotes.are.numbered 0 \
|
||||
${pkgs.docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
|
||||
${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
|
||||
./man-pages.xml
|
||||
'';
|
||||
};
|
||||
|
@ -320,7 +320,10 @@ changes:
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>You should boot the live CD in UEFI mode (consult your
|
||||
specific hardware's documentation for instructions).</para>
|
||||
specific hardware's documentation for instructions). You may find
|
||||
the <link
|
||||
xlink:href="http://www.rodsbooks.com/refind">rEFInd
|
||||
boot manager</link> useful.</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>Instead of <command>fdisk</command>, you should use
|
||||
@ -335,6 +338,11 @@ changes:
|
||||
should do this automatically for new configurations when booted in
|
||||
UEFI mode.</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>After having mounted your installation partition to
|
||||
<code>/mnt</code>, you must mount the <code>boot</code> partition
|
||||
to <code>/mnt/boot</code>.</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>You may want to look at the options starting with
|
||||
<option>boot.loader.efi</option> and <option>boot.loader.gummiboot</option>
|
||||
|
@ -7,25 +7,6 @@
|
||||
<title>NixOS Manual</title>
|
||||
<subtitle>Version <xi:include href="version" parse="text" /></subtitle>
|
||||
|
||||
<author>
|
||||
<personname>
|
||||
<firstname>Eelco</firstname>
|
||||
<surname>Dolstra</surname>
|
||||
</personname>
|
||||
</author>
|
||||
|
||||
<author>
|
||||
<personname>
|
||||
<firstname>Nicolas</firstname>
|
||||
<surname>Pierron</surname>
|
||||
</personname>
|
||||
</author>
|
||||
|
||||
<copyright>
|
||||
<year>2007-2013</year>
|
||||
<holder>Eelco Dolstra</holder>
|
||||
</copyright>
|
||||
|
||||
</info>
|
||||
|
||||
|
||||
|
@ -202,4 +202,10 @@
|
||||
</simplelist>
|
||||
</xsl:template>
|
||||
|
||||
|
||||
<xsl:template match="function">
|
||||
<xsl:text>λ</xsl:text>
|
||||
</xsl:template>
|
||||
|
||||
|
||||
</xsl:stylesheet>
|
||||
|
@ -78,7 +78,7 @@ done
|
||||
cat pathlist | sed -e 's/=\(.*\)=\(.*\)=/\\=\1=\2\\=/' | tee pathlist.safer
|
||||
|
||||
|
||||
ensureDir $out/iso
|
||||
mkdir -p $out/iso
|
||||
genCommand="genisoimage -iso-level 4 -r -J $bootFlags -hide-rr-moved -graft-points -path-list pathlist.safer ${volumeID:+-V $volumeID}"
|
||||
if test -z "$compressImage"; then
|
||||
$genCommand -o $out/iso/$isoName
|
||||
@ -87,5 +87,5 @@ else
|
||||
fi
|
||||
|
||||
|
||||
ensureDir $out/nix-support
|
||||
mkdir -p $out/nix-support
|
||||
echo $system > $out/nix-support/system
|
||||
|
@ -48,11 +48,11 @@ for ((n = 0; n < ${#objects[*]}; n++)); do
|
||||
fi
|
||||
done
|
||||
|
||||
ensureDir $out/tarball
|
||||
mkdir -p $out/tarball
|
||||
|
||||
tar cvJf $out/tarball/$fileName.tar.xz *
|
||||
|
||||
ensureDir $out/nix-support
|
||||
mkdir -p $out/nix-support
|
||||
echo $system > $out/nix-support/system
|
||||
echo "file system-tarball $out/tarball/$fileName.tar.xz" > $out/nix-support/hydra-build-products
|
||||
|
||||
|
@ -9,8 +9,8 @@
|
||||
<xsl:template match="logfile">
|
||||
<html>
|
||||
<head>
|
||||
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
|
||||
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js"></script>
|
||||
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
|
||||
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js"></script>
|
||||
<script type="text/javascript" src="treebits.js" />
|
||||
<link rel="stylesheet" href="logfile.css" type="text/css" />
|
||||
<title>Log File</title>
|
||||
|
@ -37,7 +37,7 @@ rec {
|
||||
# `driver' is the script that runs the network.
|
||||
runTests = driver:
|
||||
stdenv.mkDerivation {
|
||||
name = "vm-test-run";
|
||||
name = "vm-test-run-${driver.testName}";
|
||||
|
||||
requiredSystemFeatures = [ "kvm" "nixos-test" ];
|
||||
|
||||
@ -68,9 +68,10 @@ rec {
|
||||
|
||||
|
||||
makeTest =
|
||||
{ testScript, makeCoverageReport ? false, ... } @ t:
|
||||
{ testScript, makeCoverageReport ? false, name ? "unnamed", ... } @ t:
|
||||
|
||||
let
|
||||
testDriverName = "nixos-test-driver-${name}";
|
||||
|
||||
nodes = buildVirtualNetwork (
|
||||
t.nodes or (if t ? machine then { machine = t.machine; } else { }));
|
||||
@ -88,10 +89,11 @@ rec {
|
||||
# Generate onvenience wrappers for running the test driver
|
||||
# interactively with the specified network, and for starting the
|
||||
# VMs from the command line.
|
||||
driver = runCommand "nixos-test-driver"
|
||||
driver = runCommand testDriverName
|
||||
{ buildInputs = [ makeWrapper];
|
||||
testScript = testScript';
|
||||
preferLocalBuild = true;
|
||||
testName = name;
|
||||
}
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
@ -115,7 +117,7 @@ rec {
|
||||
|
||||
report = releaseTools.gcovReport { coverageRuns = [ test ]; };
|
||||
|
||||
in (if makeCoverageReport then report else test) // { inherit driver test; };
|
||||
in (if makeCoverageReport then report else test) // { inherit nodes driver test; };
|
||||
|
||||
|
||||
runInMachine =
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
with pkgs;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
@ -217,9 +217,7 @@ in
|
||||
systemd.services = mkIf cfg.daemon.enable {
|
||||
|
||||
nslcd = {
|
||||
wantedBy = [ "nss-user-lookup.target" ];
|
||||
before = [ "nss-user-lookup.target" ];
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
preStart = ''
|
||||
mkdir -p /run/nslcd
|
||||
|
@ -14,7 +14,7 @@ in
|
||||
|
||||
options = {
|
||||
|
||||
networking.extraHosts = pkgs.lib.mkOption {
|
||||
networking.extraHosts = lib.mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
example = "192.168.0.1 lanlocalhost";
|
||||
@ -23,7 +23,7 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
networking.dnsSingleRequest = pkgs.lib.mkOption {
|
||||
networking.dnsSingleRequest = lib.mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
with pkgs;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
@ -80,12 +80,12 @@ in {
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pulseaudio;
|
||||
example = literalExample "pulseaudio.override { jackaudioSupport = true; }";
|
||||
default = pulseaudioFull;
|
||||
example = literalExample "pulseaudioFull";
|
||||
description = ''
|
||||
The PulseAudio derivation to use. This can be used to enable
|
||||
features (such as JACK support) that are not enabled in the
|
||||
default PulseAudio in Nixpkgs.
|
||||
The PulseAudio derivation to use. This can be used to disable
|
||||
features (such as JACK support, Bluetooth) that are enabled in the
|
||||
pulseaudioFull package in Nixpkgs.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ config, lib, pkgs, utils, ... }:
|
||||
|
||||
with lib;
|
||||
with utils;
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
|
@ -6,8 +6,12 @@ let
|
||||
|
||||
sysctlOption = mkOptionType {
|
||||
name = "sysctl option value";
|
||||
check = x: isBool x || isString x || isInt x || isNull x;
|
||||
merge = args: defs: (last defs).value; # FIXME: hacky way to allow overriding in configuration.nix.
|
||||
check = val:
|
||||
let
|
||||
checkType = x: isBool x || isString x || isInt x || isNull x;
|
||||
in
|
||||
checkType val || (val._type or "" == "override" && checkType val.content);
|
||||
merge = loc: defs: mergeOneOption loc (filterOverrides defs);
|
||||
};
|
||||
|
||||
in
|
||||
|
@ -110,6 +110,7 @@ in
|
||||
"/man"
|
||||
"/sbin"
|
||||
"/share/emacs"
|
||||
"/share/vim-plugins"
|
||||
"/share/org"
|
||||
"/share/info"
|
||||
"/share/terminfo"
|
||||
|
@ -27,7 +27,7 @@ with lib;
|
||||
|
||||
environment.etc."odbcinst.ini".text =
|
||||
let inis = config.environment.unixODBCDrivers;
|
||||
in pkgs.lib.concatStringsSep "\n" inis;
|
||||
in lib.concatStringsSep "\n" inis;
|
||||
|
||||
};
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
@ -6,9 +6,9 @@
|
||||
|
||||
options = {
|
||||
|
||||
networking.enableIntel2100BGFirmware = pkgs.lib.mkOption {
|
||||
networking.enableIntel2100BGFirmware = lib.mkOption {
|
||||
default = false;
|
||||
type = pkgs.lib.types.bool;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Turn on this option if you want firmware for the Intel
|
||||
PRO/Wireless 2100BG to be loaded automatically. This is
|
||||
@ -21,7 +21,7 @@
|
||||
|
||||
###### implementation
|
||||
|
||||
config = pkgs.lib.mkIf config.networking.enableIntel2100BGFirmware {
|
||||
config = lib.mkIf config.networking.enableIntel2100BGFirmware {
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
@ -6,9 +6,9 @@
|
||||
|
||||
options = {
|
||||
|
||||
networking.enableIntel2200BGFirmware = pkgs.lib.mkOption {
|
||||
networking.enableIntel2200BGFirmware = lib.mkOption {
|
||||
default = false;
|
||||
type = pkgs.lib.types.bool;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Turn on this option if you want firmware for the Intel
|
||||
PRO/Wireless 2200BG to be loaded automatically. This is
|
||||
@ -21,7 +21,7 @@
|
||||
|
||||
###### implementation
|
||||
|
||||
config = pkgs.lib.mkIf config.networking.enableIntel2200BGFirmware {
|
||||
config = lib.mkIf config.networking.enableIntel2200BGFirmware {
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
@ -6,9 +6,9 @@
|
||||
|
||||
options = {
|
||||
|
||||
networking.enableIntel3945ABGFirmware = pkgs.lib.mkOption {
|
||||
networking.enableIntel3945ABGFirmware = lib.mkOption {
|
||||
default = false;
|
||||
type = pkgs.lib.types.bool;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
This option enables automatic loading of the firmware for the Intel
|
||||
PRO/Wireless 3945ABG.
|
||||
@ -20,7 +20,7 @@
|
||||
|
||||
###### implementation
|
||||
|
||||
config = pkgs.lib.mkIf config.networking.enableIntel3945ABGFirmware {
|
||||
config = lib.mkIf config.networking.enableIntel3945ABGFirmware {
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{pkgs, config, ...}:
|
||||
{pkgs, config, lib, ...}:
|
||||
|
||||
{
|
||||
|
||||
@ -6,9 +6,9 @@
|
||||
|
||||
options = {
|
||||
|
||||
networking.enableRalinkFirmware = pkgs.lib.mkOption {
|
||||
networking.enableRalinkFirmware = lib.mkOption {
|
||||
default = false;
|
||||
type = pkgs.lib.types.bool;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Turn on this option if you want firmware for the RT73 NIC.
|
||||
'';
|
||||
@ -19,7 +19,7 @@
|
||||
|
||||
###### implementation
|
||||
|
||||
config = pkgs.lib.mkIf config.networking.enableRalinkFirmware {
|
||||
config = lib.mkIf config.networking.enableRalinkFirmware {
|
||||
hardware.enableAllFirmware = true;
|
||||
};
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{pkgs, config, ...}:
|
||||
{pkgs, config, lib, ...}:
|
||||
|
||||
{
|
||||
|
||||
@ -6,9 +6,9 @@
|
||||
|
||||
options = {
|
||||
|
||||
networking.enableRTL8192cFirmware = pkgs.lib.mkOption {
|
||||
networking.enableRTL8192cFirmware = lib.mkOption {
|
||||
default = false;
|
||||
type = pkgs.lib.types.bool;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Turn on this option if you want firmware for the RTL8192c (and related) NICs.
|
||||
'';
|
||||
@ -19,7 +19,7 @@
|
||||
|
||||
###### implementation
|
||||
|
||||
config = pkgs.lib.mkIf config.networking.enableRTL8192cFirmware {
|
||||
config = lib.mkIf config.networking.enableRTL8192cFirmware {
|
||||
hardware.enableAllFirmware = true;
|
||||
};
|
||||
|
||||
|
@ -1,9 +1,9 @@
|
||||
{pkgs, config, ...}:
|
||||
{lib, config, ...}:
|
||||
|
||||
{
|
||||
hardware = {
|
||||
pcmcia = {
|
||||
firmware = [ (pkgs.lib.cleanSource ./firmware) ];
|
||||
firmware = [ (lib.cleanSource ./firmware) ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -84,7 +84,7 @@ in
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = pkgs.lib.singleton {
|
||||
assertions = lib.singleton {
|
||||
assertion = cfg.driSupport32Bit -> pkgs.stdenv.isx86_64;
|
||||
message = "Option driSupport32Bit only makes sense on a 64-bit system.";
|
||||
};
|
||||
|
@ -179,7 +179,6 @@ in
|
||||
|
||||
fileSystems."/" =
|
||||
{ fsType = "tmpfs";
|
||||
device = "none";
|
||||
options = "mode=0755";
|
||||
};
|
||||
|
||||
@ -192,6 +191,8 @@ in
|
||||
noCheck = true;
|
||||
};
|
||||
|
||||
# In stage 1, mount a tmpfs on top of /nix/store (the squashfs
|
||||
# image) to make this a live CD.
|
||||
fileSystems."/nix/.ro-store" =
|
||||
{ fsType = "squashfs";
|
||||
device = "/iso/nix-store.squashfs";
|
||||
@ -201,23 +202,20 @@ in
|
||||
|
||||
fileSystems."/nix/.rw-store" =
|
||||
{ fsType = "tmpfs";
|
||||
device = "none";
|
||||
options = "mode=0755";
|
||||
neededForBoot = true;
|
||||
};
|
||||
|
||||
fileSystems."/nix/store" =
|
||||
{ fsType = "unionfs-fuse";
|
||||
device = "unionfs";
|
||||
options = "allow_other,cow,nonempty,chroot=/mnt-root,max_files=32768,hide_meta_files,dirs=/nix/.rw-store=rw:/nix/.ro-store=ro";
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ];
|
||||
|
||||
boot.initrd.kernelModules = [ "loop" ];
|
||||
|
||||
# In stage 1, mount a tmpfs on top of /nix/store (the squashfs
|
||||
# image) to make this a live CD.
|
||||
boot.initrd.postMountCommands =
|
||||
''
|
||||
mkdir -p $targetRoot/nix/store
|
||||
unionfs -o allow_other,cow,nonempty,chroot=$targetRoot,max_files=32768 /nix/.rw-store=RW:/nix/.ro-store=RO $targetRoot/nix/store
|
||||
'';
|
||||
|
||||
# Closures to be copied to the Nix store on the CD, namely the init
|
||||
# script and the top-level system configuration directory.
|
||||
isoImage.storeContents =
|
||||
@ -313,8 +311,8 @@ in
|
||||
'';
|
||||
|
||||
# Add vfat support to the initrd to enable people to copy the
|
||||
# contents of the CD to a bootable USB stick. Need unionfs-fuse for union mounts
|
||||
boot.initrd.supportedFilesystems = [ "vfat" "unionfs-fuse" ];
|
||||
# contents of the CD to a bootable USB stick.
|
||||
boot.initrd.supportedFilesystems = [ "vfat" ];
|
||||
|
||||
};
|
||||
|
||||
|
@ -152,7 +152,7 @@ in
|
||||
# default root password is empty.
|
||||
services.openssh.enable = true;
|
||||
|
||||
jobs.openssh.startOn = pkgs.lib.mkOverride 50 "";
|
||||
jobs.openssh.startOn = lib.mkOverride 50 "";
|
||||
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generationsDir.enable = false;
|
||||
|
@ -109,7 +109,7 @@ in
|
||||
# not be started by default on the installation CD because the
|
||||
# default root password is empty.
|
||||
services.openssh.enable = true;
|
||||
jobs.openssh.startOn = pkgs.lib.mkOverride 50 "";
|
||||
jobs.openssh.startOn = lib.mkOverride 50 "";
|
||||
|
||||
# To be able to use the systemTarball to catch troubles.
|
||||
boot.crashDump = {
|
||||
|
@ -165,7 +165,7 @@ in
|
||||
# not be started by default on the installation CD because the
|
||||
# default root password is empty.
|
||||
services.openssh.enable = true;
|
||||
jobs.openssh.startOn = pkgs.lib.mkOverride 50 "";
|
||||
jobs.openssh.startOn = lib.mkOverride 50 "";
|
||||
|
||||
# cpufrequtils fails to build on non-pc
|
||||
powerManagement.enable = false;
|
||||
|
@ -97,6 +97,16 @@ if [ -n "$upgrade" -a -z "$_NIXOS_REBUILD_REEXEC" ]; then
|
||||
nix-channel --update nixos
|
||||
fi
|
||||
|
||||
# Make sure that we use the Nix package we depend on, not something
|
||||
# else from the PATH for nix-{env,instantiate,build}. This is
|
||||
# important, because NixOS defaults the architecture of the rebuilt
|
||||
# system to the architecture of the nix-* binaries used. So if on an
|
||||
# amd64 system the user has an i686 Nix package in her PATH, then we
|
||||
# would silently downgrade the whole system to be i686 NixOS on the
|
||||
# next reboot.
|
||||
if [ -z "$_NIXOS_REBUILD_REEXEC" ]; then
|
||||
export PATH=@nix@/bin:$PATH
|
||||
fi
|
||||
|
||||
# Re-execute nixos-rebuild from the Nixpkgs tree.
|
||||
if [ -z "$_NIXOS_REBUILD_REEXEC" -a -n "$canRun" ]; then
|
||||
|
@ -1,7 +1,7 @@
|
||||
# This module generates nixos-install, nixos-rebuild,
|
||||
# nixos-generate-config, etc.
|
||||
|
||||
{ config, pkgs, modulesPath, ... }:
|
||||
{ config, pkgs, modulesPath, lib, ... }:
|
||||
|
||||
let
|
||||
|
||||
@ -32,6 +32,7 @@ let
|
||||
nixos-rebuild = makeProg {
|
||||
name = "nixos-rebuild";
|
||||
src = ./nixos-rebuild.sh;
|
||||
nix = config.nix.package;
|
||||
};
|
||||
|
||||
nixos-generate-config = makeProg {
|
||||
@ -64,7 +65,7 @@ let
|
||||
test -e "$out/chrome/content/jquery-1.5.2.js" ||
|
||||
cp -f "$jquery" "$out/chrome/content/jquery-1.5.2.js"
|
||||
'';
|
||||
gui = pkgs.lib.cleanSource "${modulesPath}/../gui";
|
||||
gui = lib.cleanSource "${modulesPath}/../gui";
|
||||
jquery = pkgs.fetchurl {
|
||||
url = http://code.jquery.com/jquery-1.5.2.min.js;
|
||||
sha256 = "8f0a19ee8c606b35a10904951e0a27da1896eafe33c6e88cb7bcbe455f05a24a";
|
||||
|
@ -1,19 +1,19 @@
|
||||
# This module defines the global list of uids and gids. We keep a
|
||||
# central list to prevent id collisions.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
options = {
|
||||
|
||||
ids.uids = pkgs.lib.mkOption {
|
||||
ids.uids = lib.mkOption {
|
||||
internal = true;
|
||||
description = ''
|
||||
The user IDs used in NixOS.
|
||||
'';
|
||||
};
|
||||
|
||||
ids.gids = pkgs.lib.mkOption {
|
||||
ids.gids = lib.mkOption {
|
||||
internal = true;
|
||||
description = ''
|
||||
The group IDs used in NixOS.
|
||||
@ -134,6 +134,12 @@
|
||||
teamspeak = 124;
|
||||
influxdb = 125;
|
||||
nsd = 126;
|
||||
gitolite = 127;
|
||||
znc = 128;
|
||||
polipo = 129;
|
||||
mopidy = 130;
|
||||
unifi = 131;
|
||||
gdm = 132;
|
||||
|
||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||
|
||||
@ -242,6 +248,13 @@
|
||||
teamspeak = 124;
|
||||
influxdb = 125;
|
||||
nsd = 126;
|
||||
firebird = 127;
|
||||
znc = 128;
|
||||
polipo = 129;
|
||||
mopidy = 130;
|
||||
docker = 131;
|
||||
gdm = 132;
|
||||
tss = 133;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399!
|
||||
|
||||
|
@ -1,11 +1,11 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, ... }:
|
||||
|
||||
{
|
||||
options = {
|
||||
lib = pkgs.lib.mkOption {
|
||||
lib = lib.mkOption {
|
||||
default = {};
|
||||
|
||||
type = pkgs.lib.types.attrsOf pkgs.lib.types.attrs;
|
||||
type = lib.types.attrsOf lib.types.attrs;
|
||||
|
||||
description = ''
|
||||
This option allows modules to define helper functions, constants, etc.
|
||||
|
@ -3,12 +3,8 @@
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
locatedb = "/var/cache/locatedb";
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
cfg = config.services.locate;
|
||||
in {
|
||||
|
||||
###### interface
|
||||
|
||||
@ -35,6 +31,31 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
extraFlags = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
description = ''
|
||||
Extra flags to append to <command>updatedb</command>.
|
||||
'';
|
||||
};
|
||||
|
||||
output = mkOption {
|
||||
type = types.path;
|
||||
default = /var/cache/locatedb;
|
||||
description = ''
|
||||
The database file to build.
|
||||
'';
|
||||
};
|
||||
|
||||
localuser = mkOption {
|
||||
type = types.str;
|
||||
default = "nobody";
|
||||
description = ''
|
||||
The user to search non-network directories as, using
|
||||
<command>su</command>.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
@ -48,8 +69,10 @@ in
|
||||
path = [ pkgs.su ];
|
||||
script =
|
||||
''
|
||||
mkdir -m 0755 -p $(dirname ${locatedb})
|
||||
exec updatedb --localuser=nobody --output=${locatedb} --prunepaths='/tmp /var/tmp /media /run'
|
||||
mkdir -m 0755 -p $(dirname ${toString cfg.output})
|
||||
exec updatedb \
|
||||
--localuser=${cfg.localuser} \
|
||||
--output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
|
||||
'';
|
||||
serviceConfig.Nice = 19;
|
||||
serviceConfig.IOSchedulingClass = "idle";
|
||||
|
@ -1,11 +1,11 @@
|
||||
# This module allows you to export something from configuration
|
||||
# Use case: export kernel source expression for ease of configuring
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, ... }:
|
||||
|
||||
{
|
||||
options = {
|
||||
passthru = pkgs.lib.mkOption {
|
||||
passthru = lib.mkOption {
|
||||
visible = false;
|
||||
description = ''
|
||||
This attribute set will be exported as a system attribute.
|
||||
|
@ -14,17 +14,17 @@
|
||||
./config/power-management.nix
|
||||
./config/pulseaudio.nix
|
||||
./config/shells-environment.nix
|
||||
./config/system-environment.nix
|
||||
./config/swap.nix
|
||||
./config/sysctl.nix
|
||||
./config/system-environment.nix
|
||||
./config/system-path.nix
|
||||
./config/timezone.nix
|
||||
./config/unix-odbc-drivers.nix
|
||||
./config/users-groups.nix
|
||||
./config/zram.nix
|
||||
./hardware/all-firmware.nix
|
||||
./hardware/cpu/intel-microcode.nix
|
||||
./hardware/cpu/amd-microcode.nix
|
||||
./hardware/cpu/intel-microcode.nix
|
||||
./hardware/network/b43.nix
|
||||
./hardware/network/intel-2100bg.nix
|
||||
./hardware/network/intel-2200bg.nix
|
||||
@ -50,8 +50,10 @@
|
||||
./programs/bash/bash.nix
|
||||
./programs/bash/command-not-found.nix
|
||||
./programs/blcr.nix
|
||||
./programs/dconf.nix
|
||||
./programs/environment.nix
|
||||
./programs/info.nix
|
||||
./programs/screen.nix
|
||||
./programs/shadow.nix
|
||||
./programs/shell.nix
|
||||
./programs/ssh.nix
|
||||
@ -59,7 +61,6 @@
|
||||
./programs/venus.nix
|
||||
./programs/wvdial.nix
|
||||
./programs/zsh/zsh.nix
|
||||
./programs/screen.nix
|
||||
./rename.nix
|
||||
./security/apparmor.nix
|
||||
./security/apparmor-suid.nix
|
||||
@ -79,6 +80,7 @@
|
||||
./services/audio/alsa.nix
|
||||
./services/audio/fuppes.nix
|
||||
./services/audio/mpd.nix
|
||||
./services/audio/mopidy.nix
|
||||
./services/backup/almir.nix
|
||||
./services/backup/bacula.nix
|
||||
./services/backup/mysql-backup.nix
|
||||
@ -92,15 +94,15 @@
|
||||
./services/databases/4store.nix
|
||||
./services/databases/couchdb.nix
|
||||
./services/databases/firebird.nix
|
||||
./services/databases/influxdb.nix
|
||||
./services/databases/memcached.nix
|
||||
./services/databases/monetdb.nix
|
||||
./services/databases/mongodb.nix
|
||||
./services/databases/redis.nix
|
||||
./services/databases/mysql.nix
|
||||
./services/databases/openldap.nix
|
||||
./services/databases/postgresql.nix
|
||||
./services/databases/redis.nix
|
||||
./services/databases/virtuoso.nix
|
||||
./services/databases/monetdb.nix
|
||||
./services/databases/influxdb.nix
|
||||
./services/desktops/accountsservice.nix
|
||||
./services/desktops/geoclue2.nix
|
||||
./services/desktops/gnome3/at-spi2-core.nix
|
||||
@ -124,16 +126,18 @@
|
||||
./services/hardware/pcscd.nix
|
||||
./services/hardware/pommed.nix
|
||||
./services/hardware/sane.nix
|
||||
./services/hardware/tcsd.nix
|
||||
./services/hardware/thinkfan.nix
|
||||
./services/hardware/udev.nix
|
||||
./services/hardware/udisks2.nix
|
||||
./services/hardware/upower.nix
|
||||
./services/hardware/thinkfan.nix
|
||||
./services/logging/klogd.nix
|
||||
./services/logging/logcheck.nix
|
||||
./services/logging/logrotate.nix
|
||||
./services/logging/logstash.nix
|
||||
./services/logging/syslogd.nix
|
||||
./services/logging/rsyslogd.nix
|
||||
./services/logging/syslogd.nix
|
||||
./services/logging/syslog-ng.nix
|
||||
./services/mail/dovecot.nix
|
||||
./services/mail/freepops.nix
|
||||
./services/mail/mail.nix
|
||||
@ -146,11 +150,12 @@
|
||||
./services/misc/disnix.nix
|
||||
./services/misc/felix.nix
|
||||
./services/misc/folding-at-home.nix
|
||||
./services/misc/gitolite.nix
|
||||
./services/misc/gpsd.nix
|
||||
./services/misc/nix-daemon.nix
|
||||
./services/misc/nix-gc.nix
|
||||
./services/misc/nix-ssh-serve.nix
|
||||
./services/misc/nixos-manual.nix
|
||||
./services/misc/nix-ssh-serve.nix
|
||||
./services/misc/rippled.nix
|
||||
./services/misc/rogue.nix
|
||||
./services/misc/svnserve.nix
|
||||
@ -178,24 +183,23 @@
|
||||
./services/networking/bind.nix
|
||||
./services/networking/bitlbee.nix
|
||||
./services/networking/btsync.nix
|
||||
./services/networking/cjdns.nix
|
||||
./services/networking/connman.nix
|
||||
./services/networking/cntlm.nix
|
||||
./services/networking/chrony.nix
|
||||
./services/networking/cjdns.nix
|
||||
./services/networking/cntlm.nix
|
||||
./services/networking/connman.nix
|
||||
./services/networking/ddclient.nix
|
||||
./services/networking/dhcpcd.nix
|
||||
./services/networking/dhcpd.nix
|
||||
./services/networking/dnsmasq.nix
|
||||
./services/networking/ejabberd.nix
|
||||
./services/networking/firewall.nix
|
||||
./services/networking/haproxy.nix
|
||||
./services/networking/tcpcrypt.nix
|
||||
./services/networking/flashpolicyd.nix
|
||||
./services/networking/freenet.nix
|
||||
./services/networking/git-daemon.nix
|
||||
./services/networking/gnunet.nix
|
||||
./services/networking/gogoclient.nix
|
||||
./services/networking/gvpe.nix
|
||||
./services/networking/haproxy.nix
|
||||
./services/networking/hostapd.nix
|
||||
./services/networking/ifplugd.nix
|
||||
./services/networking/iodined.nix
|
||||
@ -213,28 +217,33 @@
|
||||
./services/networking/oidentd.nix
|
||||
./services/networking/openfire.nix
|
||||
./services/networking/openvpn.nix
|
||||
./services/networking/polipo.nix
|
||||
./services/networking/prayer.nix
|
||||
./services/networking/privoxy.nix
|
||||
./services/networking/quassel.nix
|
||||
./services/networking/radicale.nix
|
||||
./services/networking/radvd.nix
|
||||
./services/networking/rdnssd.nix
|
||||
./services/networking/rpcbind.nix
|
||||
./services/networking/sabnzbd.nix
|
||||
./services/networking/searx.nix
|
||||
./services/networking/spiped.nix
|
||||
./services/networking/supybot.nix
|
||||
./services/networking/syncthing.nix
|
||||
./services/networking/ssh/lshd.nix
|
||||
./services/networking/ssh/sshd.nix
|
||||
./services/networking/supybot.nix
|
||||
./services/networking/syncthing.nix
|
||||
./services/networking/tcpcrypt.nix
|
||||
./services/networking/teamspeak3.nix
|
||||
./services/networking/tftpd.nix
|
||||
./services/networking/unbound.nix
|
||||
./services/networking/unifi.nix
|
||||
./services/networking/vsftpd.nix
|
||||
./services/networking/wakeonlan.nix
|
||||
./services/networking/websockify.nix
|
||||
./services/networking/wicd.nix
|
||||
./services/networking/wpa_supplicant.nix
|
||||
./services/networking/xinetd.nix
|
||||
./services/networking/znc.nix
|
||||
./services/printing/cupsd.nix
|
||||
./services/scheduling/atd.nix
|
||||
./services/scheduling/cron.nix
|
||||
@ -242,11 +251,11 @@
|
||||
./services/search/elasticsearch.nix
|
||||
./services/search/solr.nix
|
||||
./services/security/clamav.nix
|
||||
./services/security/haveged.nix
|
||||
./services/security/fprot.nix
|
||||
./services/security/frandom.nix
|
||||
./services/security/tor.nix
|
||||
./services/security/haveged.nix
|
||||
./services/security/torify.nix
|
||||
./services/security/tor.nix
|
||||
./services/security/torsocks.nix
|
||||
./services/system/dbus.nix
|
||||
./services/system/kerberos.nix
|
||||
@ -254,14 +263,14 @@
|
||||
./services/system/uptimed.nix
|
||||
./services/torrent/deluge.nix
|
||||
./services/torrent/transmission.nix
|
||||
./services/ttys/gpm.nix
|
||||
./services/ttys/agetty.nix
|
||||
./services/ttys/gpm.nix
|
||||
./services/ttys/kmscon.nix
|
||||
./services/web-servers/apache-httpd/default.nix
|
||||
./services/web-servers/fcgiwrap.nix
|
||||
./services/web-servers/jboss/default.nix
|
||||
./services/web-servers/lighttpd/default.nix
|
||||
./services/web-servers/lighttpd/cgit.nix
|
||||
./services/web-servers/lighttpd/default.nix
|
||||
./services/web-servers/lighttpd/gitweb.nix
|
||||
./services/web-servers/nginx/default.nix
|
||||
./services/web-servers/phpfpm.nix
|
||||
@ -272,26 +281,29 @@
|
||||
./services/x11/desktop-managers/default.nix
|
||||
./services/x11/display-managers/auto.nix
|
||||
./services/x11/display-managers/default.nix
|
||||
./services/x11/display-managers/gdm.nix
|
||||
./services/x11/display-managers/kdm.nix
|
||||
./services/x11/display-managers/slim.nix
|
||||
./services/x11/display-managers/lightdm.nix
|
||||
./services/x11/display-managers/slim.nix
|
||||
./services/x11/hardware/multitouch.nix
|
||||
./services/x11/hardware/synaptics.nix
|
||||
./services/x11/hardware/wacom.nix
|
||||
./services/x11/redshift.nix
|
||||
./services/x11/window-managers/awesome.nix
|
||||
#./services/x11/window-managers/compiz.nix
|
||||
./services/x11/window-managers/default.nix
|
||||
./services/x11/window-managers/icewm.nix
|
||||
./services/x11/window-managers/bspwm.nix
|
||||
./services/x11/window-managers/metacity.nix
|
||||
./services/x11/window-managers/none.nix
|
||||
./services/x11/window-managers/twm.nix
|
||||
./services/x11/window-managers/wmii.nix
|
||||
./services/x11/window-managers/xmonad.nix
|
||||
./services/x11/redshift.nix
|
||||
./services/x11/xfs.nix
|
||||
./services/x11/xserver.nix
|
||||
./system/activation/activation-script.nix
|
||||
./system/activation/top-level.nix
|
||||
./system/boot/emergency-mode.nix
|
||||
./system/boot/kernel.nix
|
||||
./system/boot/kexec.nix
|
||||
./system/boot/loader/efi.nix
|
||||
@ -307,11 +319,14 @@
|
||||
./system/boot/stage-1.nix
|
||||
./system/boot/stage-2.nix
|
||||
./system/boot/systemd.nix
|
||||
./system/boot/tmp.nix
|
||||
./system/etc/etc.nix
|
||||
./system/upstart/upstart.nix
|
||||
./tasks/cpu-freq.nix
|
||||
./tasks/encrypted-devices.nix
|
||||
./tasks/filesystems.nix
|
||||
./tasks/filesystems/btrfs.nix
|
||||
./tasks/filesystems/cifs.nix
|
||||
./tasks/filesystems/ext.nix
|
||||
./tasks/filesystems/f2fs.nix
|
||||
./tasks/filesystems/nfs.nix
|
||||
@ -320,7 +335,6 @@
|
||||
./tasks/filesystems/vfat.nix
|
||||
./tasks/filesystems/xfs.nix
|
||||
./tasks/filesystems/zfs.nix
|
||||
./tasks/encrypted-devices.nix
|
||||
./tasks/kbd.nix
|
||||
./tasks/lvm.nix
|
||||
./tasks/network-interfaces.nix
|
||||
@ -330,6 +344,7 @@
|
||||
./testing/service-runner.nix
|
||||
./virtualisation/container-config.nix
|
||||
./virtualisation/containers.nix
|
||||
./virtualisation/docker.nix
|
||||
./virtualisation/libvirtd.nix
|
||||
#./virtualisation/nova.nix
|
||||
./virtualisation/virtualbox-guest.nix
|
||||
|
@ -7,7 +7,6 @@
|
||||
# Include some utilities that are useful for installing or repairing
|
||||
# the system.
|
||||
environment.systemPackages = [
|
||||
pkgs.subversion # for nixos-checkout
|
||||
pkgs.w3m # needed for the manual anyway
|
||||
pkgs.testdisk # useful for repairing boot problems
|
||||
pkgs.mssys # for writing Microsoft boot sectors / MBRs
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
inherit (pkgs.lib) mkOption mkIf;
|
||||
inherit (lib) mkOption mkIf;
|
||||
cfg = config.environment.blcr;
|
||||
blcrPkg = config.boot.kernelPackages.blcr;
|
||||
in
|
||||
|
34
nixos/modules/programs/dconf.nix
Normal file
34
nixos/modules/programs/dconf.nix
Normal file
@ -0,0 +1,34 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkOption mkIf types mapAttrsToList;
|
||||
cfg = config.programs.dconf;
|
||||
|
||||
mkDconfProfile = name: path:
|
||||
{ source = path; target = "dconf/profile/${name}"; };
|
||||
|
||||
in
|
||||
{
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
programs.dconf = {
|
||||
|
||||
profiles = mkOption {
|
||||
type = types.attrsOf types.path;
|
||||
default = {};
|
||||
description = "Set of dconf profile files.";
|
||||
internal = true;
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf (cfg.profiles != {}) {
|
||||
environment.etc =
|
||||
(mapAttrsToList mkDconfProfile cfg.profiles);
|
||||
};
|
||||
|
||||
}
|
@ -2,6 +2,8 @@
|
||||
|
||||
let
|
||||
|
||||
texinfo = pkgs.texinfoInteractive;
|
||||
|
||||
# Quick hack to make the `info' command work properly. `info' needs
|
||||
# a "dir" file containing all the installed Info files, which we
|
||||
# don't have (it would be impure to have a package installation
|
||||
@ -22,15 +24,15 @@ let
|
||||
|
||||
for i in $(IFS=:; echo $INFOPATH); do
|
||||
for j in $i/*.info; do
|
||||
${pkgs.texinfo}/bin/install-info --quiet $j $dir/dir
|
||||
${texinfo}/bin/install-info --quiet $j $dir/dir
|
||||
done
|
||||
done
|
||||
|
||||
INFOPATH=$dir:$INFOPATH ${pkgs.texinfo}/bin/info "$@"
|
||||
INFOPATH=$dir:$INFOPATH ${texinfo}/bin/info "$@"
|
||||
''; # */
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
environment.systemPackages = [ infoWrapper pkgs.texinfo ];
|
||||
environment.systemPackages = [ infoWrapper texinfo ];
|
||||
}
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
inherit (pkgs.lib) mkOption mkIf types;
|
||||
inherit (lib) mkOption mkIf types;
|
||||
cfg = config.programs.screen;
|
||||
in
|
||||
|
||||
|
@ -40,7 +40,7 @@ in
|
||||
|
||||
options = {
|
||||
|
||||
users.defaultUserShell = pkgs.lib.mkOption {
|
||||
users.defaultUserShell = lib.mkOption {
|
||||
description = ''
|
||||
This option defines the default shell assigned to user
|
||||
accounts. This must not be a store path, since the path is
|
||||
@ -60,7 +60,7 @@ in
|
||||
config = {
|
||||
|
||||
environment.systemPackages =
|
||||
pkgs.lib.optional config.users.mutableUsers pkgs.shadow;
|
||||
lib.optional config.users.mutableUsers pkgs.shadow;
|
||||
|
||||
environment.etc =
|
||||
[ { # /etc/login.defs: global configuration for pwdutils. You
|
||||
|
@ -14,6 +14,7 @@ let virtualbox = config.boot.kernelPackages.virtualbox; in
|
||||
services.udev.extraRules =
|
||||
''
|
||||
KERNEL=="vboxdrv", OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"
|
||||
KERNEL=="vboxdrvu", OWNER="root", GROUP="root", MODE="0666", TAG+="systemd"
|
||||
KERNEL=="vboxnetctl", OWNER="root", GROUP="root", MODE="0600", TAG+="systemd"
|
||||
SUBSYSTEM=="usb_device", ACTION=="add", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
|
||||
SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
|
||||
|
@ -13,8 +13,9 @@ with lib;
|
||||
];
|
||||
|
||||
environment.sessionVariables =
|
||||
{ OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
||||
CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt";
|
||||
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
||||
# FIXME: unneeded - remove eventually.
|
||||
OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
||||
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt";
|
||||
};
|
||||
|
||||
|
@ -50,7 +50,7 @@ in
|
||||
description = ''
|
||||
grsecurity configuration mode. This specifies whether
|
||||
grsecurity is auto-configured or otherwise completely
|
||||
manually configured. Can either by
|
||||
manually configured. Can either be
|
||||
<literal>custom</literal> or <literal>auto</literal>.
|
||||
|
||||
<literal>auto</literal> is recommended.
|
||||
@ -64,7 +64,7 @@ in
|
||||
description = ''
|
||||
grsecurity configuration priority. This specifies whether
|
||||
the kernel configuration should emphasize speed or
|
||||
security. Can either by <literal>security</literal> or
|
||||
security. Can either be <literal>security</literal> or
|
||||
<literal>performance</literal>.
|
||||
'';
|
||||
};
|
||||
@ -76,7 +76,7 @@ in
|
||||
description = ''
|
||||
grsecurity system configuration. This specifies whether
|
||||
the kernel configuration should be suitable for a Desktop
|
||||
or a Server. Can either by <literal>server</literal> or
|
||||
or a Server. Can either be <literal>server</literal> or
|
||||
<literal>desktop</literal>.
|
||||
'';
|
||||
};
|
||||
|
@ -189,7 +189,9 @@ let
|
||||
session required pam_env.so envfile=${config.system.build.pamEnvironment}
|
||||
session required pam_unix.so
|
||||
${optionalString cfg.setLoginUid
|
||||
"session required pam_loginuid.so"}
|
||||
"session ${
|
||||
if config.boot.isContainer then "optional" else "required"
|
||||
} pam_loginuid.so"}
|
||||
${optionalString cfg.updateWtmp
|
||||
"session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
|
||||
${optionalString config.users.ldap.enable
|
||||
|
@ -30,7 +30,8 @@ with lib;
|
||||
|
||||
description = "Hardware RNG Entropy Gatherer Daemon";
|
||||
|
||||
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f";
|
||||
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f -v" +
|
||||
(if config.services.tcsd.enable then " --no-tpm=1" else "");
|
||||
|
||||
restartTriggers = [ pkgs.rng_tools ];
|
||||
};
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
with pkgs;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
@ -12,7 +12,7 @@ let
|
||||
phases = [ "installPhase" ];
|
||||
buildInputs = [ jdk ];
|
||||
installPhase = ''
|
||||
ensureDir $out/lib
|
||||
mkdir -p $out/lib
|
||||
source ${activemq}/lib/classpath.env
|
||||
export CLASSPATH
|
||||
ln -s "${./ActiveMQBroker.java}" ActiveMQBroker.java
|
||||
|
@ -4,6 +4,8 @@ with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.rabbitmq;
|
||||
config_file = pkgs.writeText "rabbitmq.config" cfg.config;
|
||||
config_file_wo_suffix = builtins.substring 0 ((builtins.stringLength config_file) - 7) config_file;
|
||||
|
||||
in {
|
||||
###### interface
|
||||
@ -31,7 +33,6 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/rabbitmq";
|
||||
@ -40,6 +41,30 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
cookie = mkOption {
|
||||
default = "";
|
||||
type = types.str;
|
||||
description = ''
|
||||
Erlang cookie is a string of arbitrary length which must
|
||||
be the same for several nodes to be allowed to communicate.
|
||||
Leave empty to generate automatically.
|
||||
'';
|
||||
};
|
||||
|
||||
config = mkOption {
|
||||
default = "";
|
||||
type = types.str;
|
||||
description = ''
|
||||
Verbatim configuration file contents.
|
||||
See http://www.rabbitmq.com/configure.htm
|
||||
'';
|
||||
};
|
||||
|
||||
plugins = mkOption {
|
||||
default = [];
|
||||
type = types.listOf types.str;
|
||||
description = "The names of plugins to enable";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -69,7 +94,10 @@ in {
|
||||
RABBITMQ_NODE_IP_ADDRESS = cfg.listenAddress;
|
||||
RABBITMQ_SERVER_START_ARGS = "-rabbit error_logger tty -rabbit sasl_error_logger false";
|
||||
SYS_PREFIX = "";
|
||||
};
|
||||
RABBITMQ_ENABLED_PLUGINS_FILE = pkgs.writeText "enabled_plugins" ''
|
||||
[ ${concatStringsSep "," cfg.plugins} ].
|
||||
'';
|
||||
} // optionalAttrs (cfg.config != "") { RABBITMQ_CONFIG_FILE = config_file_wo_suffix; };
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.rabbitmq_server}/sbin/rabbitmq-server";
|
||||
@ -81,6 +109,15 @@ in {
|
||||
preStart = ''
|
||||
mkdir -p ${cfg.dataDir} && chmod 0700 ${cfg.dataDir}
|
||||
if [ "$(id -u)" = 0 ]; then chown rabbitmq:rabbitmq ${cfg.dataDir}; fi
|
||||
|
||||
${optionalString (cfg.cookie != "") ''
|
||||
echo -n ${cfg.cookie} > ${cfg.dataDir}/.erlang.cookie
|
||||
chmod 400 ${cfg.dataDir}/.erlang.cookie
|
||||
chown rabbitmq:rabbitmq ${cfg.dataDir}/.erlang.cookie
|
||||
''}
|
||||
|
||||
mkdir -p /var/log/rabbitmq && chmod 0700 /var/log/rabbitmq
|
||||
chown rabbitmq:rabbitmq /var/log/rabbitmq
|
||||
'';
|
||||
};
|
||||
|
||||
|
118
nixos/modules/services/audio/mopidy.nix
Normal file
118
nixos/modules/services/audio/mopidy.nix
Normal file
@ -0,0 +1,118 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
uid = config.ids.uids.mopidy;
|
||||
gid = config.ids.gids.mopidy;
|
||||
cfg = config.services.mopidy;
|
||||
|
||||
mopidyConf = writeText "mopidy.conf" cfg.configuration;
|
||||
|
||||
mopidyLauncher = stdenv.mkDerivation {
|
||||
name = "mopidy-launcher";
|
||||
phases = [ "installPhase" ];
|
||||
buildInputs = [ makeWrapper python ];
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
ln -s ${mopidy}/bin/mopidy $out/bin/mopidy
|
||||
wrapProgram $out/bin/mopidy \
|
||||
--prefix PYTHONPATH : \
|
||||
"${concatStringsSep ":" (map (p: "$(toPythonPath ${p})") cfg.extensionPackages)}"
|
||||
'';
|
||||
};
|
||||
|
||||
in {
|
||||
|
||||
options = {
|
||||
|
||||
services.mopidy = {
|
||||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to enable Mopidy, a music player daemon.
|
||||
'';
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
default = "/var/lib/mopidy";
|
||||
type = types.str;
|
||||
description = ''
|
||||
The directory where Mopidy stores its state.
|
||||
'';
|
||||
};
|
||||
|
||||
extensionPackages = mkOption {
|
||||
default = [];
|
||||
type = types.listOf types.package;
|
||||
example = [ mopidy-spotify ];
|
||||
description = ''
|
||||
Mopidy extensions that should be loaded by the service.
|
||||
'';
|
||||
};
|
||||
|
||||
configuration = mkOption {
|
||||
type = types.lines;
|
||||
description = ''
|
||||
The configuration that Mopidy should use.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfigFiles = mkOption {
|
||||
default = [];
|
||||
type = types.listOf types.str;
|
||||
description = ''
|
||||
Extra config file read by Mopidy when the service starts.
|
||||
Later files in the list overrides earlier configuration.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
systemd.services.mopidy = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" "sound.target" ];
|
||||
description = "mopidy music player daemon";
|
||||
preStart = "mkdir -p ${cfg.dataDir} && chown -R mopidy:mopidy ${cfg.dataDir}";
|
||||
serviceConfig = {
|
||||
ExecStart = "${mopidyLauncher}/bin/mopidy --config ${concatStringsSep ":" ([mopidyConf] ++ cfg.extraConfigFiles)}";
|
||||
User = "mopidy";
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.mopidy-scan = {
|
||||
description = "mopidy local files scanner";
|
||||
preStart = "mkdir -p ${cfg.dataDir} && chown -R mopidy:mopidy ${cfg.dataDir}";
|
||||
serviceConfig = {
|
||||
ExecStart = "${mopidyLauncher}/bin/mopidy --config ${concatStringsSep ":" ([mopidyConf] ++ cfg.extraConfigFiles)} local scan";
|
||||
User = "mopidy";
|
||||
PermissionsStartOnly = true;
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers.mopidy = {
|
||||
inherit uid;
|
||||
group = "mopidy";
|
||||
extraGroups = [ "audio" ];
|
||||
description = "Mopidy daemon user";
|
||||
home = "${cfg.dataDir}";
|
||||
};
|
||||
|
||||
users.extraGroups.mopidy.gid = gid;
|
||||
|
||||
};
|
||||
|
||||
}
|
@ -73,7 +73,7 @@ in
|
||||
touch ${stateDir}/sitecopy.secrets
|
||||
chown root ${stateDir}/sitecopy.secrets
|
||||
|
||||
${pkgs.lib.concatStrings (map ( b: ''
|
||||
${lib.concatStrings (map ( b: ''
|
||||
unset secrets
|
||||
unset secret
|
||||
secrets=`grep '^${b.server}' ${stateDir}/sitecopy.secrets | head -1`
|
||||
|
@ -159,5 +159,7 @@ in
|
||||
uid = config.ids.uids.firebird;
|
||||
};
|
||||
|
||||
users.extraGroups.firebird.gid = config.ids.gids.firebird;
|
||||
|
||||
};
|
||||
}
|
||||
|
@ -68,7 +68,7 @@ in
|
||||
|
||||
users.extraUsers = optionalAttrs (cfg.user == "openldap") (singleton
|
||||
{ name = "openldap";
|
||||
group = "openldap";
|
||||
group = cfg.group;
|
||||
uid = config.ids.uids.openldap;
|
||||
});
|
||||
|
||||
|
@ -85,7 +85,7 @@ in
|
||||
Defines how users authenticate themselves to the server. By
|
||||
default, "trust" access to local users will always be granted
|
||||
along with any other custom options. If you do not want this,
|
||||
set this option using "pkgs.lib.mkForce" to override this
|
||||
set this option using "lib.mkForce" to override this
|
||||
behaviour.
|
||||
'';
|
||||
};
|
||||
|
@ -38,86 +38,92 @@ in
|
||||
services.redis = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable the Redis server.";
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.redis;
|
||||
description = "Which Redis derivation to use.";
|
||||
type = types.package;
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "redis";
|
||||
description = "User account under which Redis runs.";
|
||||
};
|
||||
|
||||
pidFile = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/redis/redis.pid";
|
||||
description = "";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 6379;
|
||||
description = "The port for Redis to listen to.";
|
||||
type = with types; int;
|
||||
};
|
||||
|
||||
bind = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null; # All interfaces
|
||||
description = "The IP interface to bind to.";
|
||||
example = "127.0.0.1";
|
||||
};
|
||||
|
||||
unixSocket = mkOption {
|
||||
type = with types; nullOr path;
|
||||
default = null;
|
||||
description = "The path to the socket to bind to.";
|
||||
example = "/var/run/redis.sock";
|
||||
};
|
||||
|
||||
logLevel = mkOption {
|
||||
type = types.str;
|
||||
default = "notice"; # debug, verbose, notice, warning
|
||||
example = "debug";
|
||||
description = "Specify the server verbosity level, options: debug, verbose, notice, warning.";
|
||||
type = with types; string;
|
||||
};
|
||||
|
||||
logfile = mkOption {
|
||||
type = types.str;
|
||||
default = "/dev/null";
|
||||
description = "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.";
|
||||
example = "/var/log/redis.log";
|
||||
type = with types; string;
|
||||
};
|
||||
|
||||
syslog = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Enable logging to the system logger.";
|
||||
type = with types; bool;
|
||||
};
|
||||
|
||||
databases = mkOption {
|
||||
type = types.int;
|
||||
default = 16;
|
||||
description = "Set the number of databases.";
|
||||
type = with types; int;
|
||||
};
|
||||
|
||||
save = mkOption {
|
||||
type = with types; listOf (listOf int);
|
||||
default = [ [900 1] [300 10] [60 10000] ];
|
||||
description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.";
|
||||
example = [ [900 1] [300 10] [60 10000] ];
|
||||
};
|
||||
|
||||
dbFilename = mkOption {
|
||||
type = types.str;
|
||||
default = "dump.rdb";
|
||||
description = "The filename where to dump the DB.";
|
||||
type = with types; string;
|
||||
};
|
||||
|
||||
dbpath = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/redis";
|
||||
description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration.";
|
||||
type = with types; string;
|
||||
};
|
||||
|
||||
slaveOf = mkOption {
|
||||
@ -135,46 +141,47 @@ in
|
||||
};
|
||||
|
||||
requirePass = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = "Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)";
|
||||
example = "letmein!";
|
||||
};
|
||||
|
||||
appendOnly = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
|
||||
type = with types; bool;
|
||||
};
|
||||
|
||||
appendOnlyFilename = mkOption {
|
||||
type = types.str;
|
||||
default = "appendonly.aof";
|
||||
description = "Filename for the append-only file (stored inside of dbpath)";
|
||||
type = with types; string;
|
||||
};
|
||||
|
||||
appendFsync = mkOption {
|
||||
type = types.str;
|
||||
default = "everysec"; # no, always, everysec
|
||||
description = "How often to fsync the append-only log, options: no, always, everysec.";
|
||||
type = with types; string;
|
||||
};
|
||||
|
||||
slowLogLogSlowerThan = mkOption {
|
||||
type = types.int;
|
||||
default = 10000;
|
||||
description = "Log queries whose execution take longer than X in milliseconds.";
|
||||
example = 1000;
|
||||
type = with types; int;
|
||||
};
|
||||
|
||||
slowLogMaxLen = mkOption {
|
||||
type = types.int;
|
||||
default = 128;
|
||||
description = "Maximum number of items to keep in slow log.";
|
||||
type = with types; int;
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = "Extra configuration options for redis.conf.";
|
||||
type = with types; string;
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -4,9 +4,6 @@
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
gnome3 = config.environment.gnome3.packageSet;
|
||||
in
|
||||
{
|
||||
|
||||
###### interface
|
||||
@ -33,9 +30,9 @@ in
|
||||
|
||||
config = mkIf config.services.gnome3.at-spi2-core.enable {
|
||||
|
||||
environment.systemPackages = [ gnome3.at_spi2_core ];
|
||||
environment.systemPackages = [ pkgs.at_spi2_core ];
|
||||
|
||||
services.dbus.packages = [ gnome3.at_spi2_core ];
|
||||
services.dbus.packages = [ pkgs.at_spi2_core ];
|
||||
|
||||
};
|
||||
|
||||
|
@ -1,8 +1,8 @@
|
||||
# GNOME Documents daemon.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
gnome3 = config.environment.gnome3.packageSet;
|
||||
|
@ -1,8 +1,8 @@
|
||||
# GNOME Keyring daemon.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
gnome3 = config.environment.gnome3.packageSet;
|
||||
|
@ -1,8 +1,8 @@
|
||||
# GNOME Online Accounts daemon.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
gnome3 = config.environment.gnome3.packageSet;
|
||||
|
@ -1,8 +1,8 @@
|
||||
# GNOME Online Miners daemon.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
gnome3 = config.environment.gnome3.packageSet;
|
||||
|
@ -1,8 +1,8 @@
|
||||
# GNOME User Share daemon.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
gnome3 = config.environment.gnome3.packageSet;
|
||||
|
@ -1,8 +1,8 @@
|
||||
# gvfs backends
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
gnome3 = config.environment.gnome3.packageSet;
|
||||
|
@ -1,8 +1,8 @@
|
||||
# Seahorse daemon.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
gnome3 = config.environment.gnome3.packageSet;
|
||||
|
@ -1,8 +1,8 @@
|
||||
# Tracker daemon.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
gnome3 = config.environment.gnome3.packageSet;
|
||||
|
@ -6,7 +6,7 @@ let
|
||||
|
||||
acpiConfDir = pkgs.runCommand "acpi-events" {}
|
||||
''
|
||||
ensureDir $out
|
||||
mkdir -p $out
|
||||
${
|
||||
# Generate a configuration file for each event. (You can't have
|
||||
# multiple events in one config file...)
|
||||
@ -16,7 +16,7 @@ let
|
||||
echo "event=${event.event}" > $fn
|
||||
echo "action=${pkgs.writeScript "${event.name}.sh" event.action}" >> $fn
|
||||
'';
|
||||
in pkgs.lib.concatMapStrings f events
|
||||
in lib.concatMapStrings f events
|
||||
}
|
||||
'';
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
@ -6,9 +6,9 @@
|
||||
|
||||
options = {
|
||||
|
||||
hardware.amdHybridGraphics.disable = pkgs.lib.mkOption {
|
||||
hardware.amdHybridGraphics.disable = lib.mkOption {
|
||||
default = false;
|
||||
type = pkgs.lib.types.bool;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Completely disable the AMD graphics card and use the
|
||||
integrated graphics processor instead.
|
||||
@ -20,7 +20,7 @@
|
||||
|
||||
###### implementation
|
||||
|
||||
config = pkgs.lib.mkIf config.hardware.amdHybridGraphics.disable {
|
||||
config = lib.mkIf config.hardware.amdHybridGraphics.disable {
|
||||
systemd.services."amd-hybrid-graphics" = {
|
||||
path = [ pkgs.bash ];
|
||||
description = "Disable AMD Card";
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let kernel = config.boot.kernelPackages; in
|
||||
|
||||
@ -8,9 +8,9 @@ let kernel = config.boot.kernelPackages; in
|
||||
|
||||
options = {
|
||||
|
||||
hardware.nvidiaOptimus.disable = pkgs.lib.mkOption {
|
||||
hardware.nvidiaOptimus.disable = lib.mkOption {
|
||||
default = false;
|
||||
type = pkgs.lib.types.bool;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Completely disable the NVIDIA graphics card and use the
|
||||
integrated graphics processor instead.
|
||||
@ -22,7 +22,7 @@ let kernel = config.boot.kernelPackages; in
|
||||
|
||||
###### implementation
|
||||
|
||||
config = pkgs.lib.mkIf config.hardware.nvidiaOptimus.disable {
|
||||
config = lib.mkIf config.hardware.nvidiaOptimus.disable {
|
||||
boot.blacklistedKernelModules = ["nouveau" "nvidia" "nvidiafb"];
|
||||
boot.kernelModules = [ "bbswitch" ];
|
||||
boot.extraModulePackages = [ kernel.bbswitch ];
|
||||
|
139
nixos/modules/services/hardware/tcsd.nix
Normal file
139
nixos/modules/services/hardware/tcsd.nix
Normal file
@ -0,0 +1,139 @@
|
||||
# tcsd daemon.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
let
|
||||
|
||||
cfg = config.services.tcsd;
|
||||
|
||||
tcsdConf = pkgs.writeText "tcsd.conf" ''
|
||||
port = 30003
|
||||
num_threads = 10
|
||||
system_ps_file = ${cfg.stateDir}/system.data
|
||||
# This is the log of each individual measurement done by the system.
|
||||
# By re-calculating the PCR registers based on this information, even
|
||||
# finer details about the measured environment can be inferred than
|
||||
# what is available directly from the PCR registers.
|
||||
firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
|
||||
kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements
|
||||
#firmware_pcrs = 0,1,2,3,4,5,6,7
|
||||
#kernel_pcrs = 10,11
|
||||
platform_cred = ${cfg.platformCred}
|
||||
conformance_cred = ${cfg.conformanceCred}
|
||||
endorsement_cred = ${cfg.endorsementCred}
|
||||
#remote_ops = create_key,random
|
||||
#host_platform_class = server_12
|
||||
#all_platform_classes = pc_11,pc_12,mobile_12
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.tcsd = {
|
||||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to enable tcsd, a Trusted Computing management service
|
||||
that provides TCG Software Stack (TSS). The tcsd daemon is
|
||||
the only portal to the Trusted Platform Module (TPM), a hardware
|
||||
chip on the motherboard.
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
default = "tss";
|
||||
type = types.string;
|
||||
description = "User account under which tcsd runs.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
default = "tss";
|
||||
type = types.string;
|
||||
description = "Group account under which tcsd runs.";
|
||||
};
|
||||
|
||||
stateDir = mkOption {
|
||||
default = "/var/lib/tpm";
|
||||
type = types.path;
|
||||
description = ''
|
||||
The location of the system persistent storage file.
|
||||
The system persistent storage file holds keys and data across
|
||||
restarts of the TCSD and system reboots.
|
||||
'';
|
||||
};
|
||||
|
||||
platformCred = mkOption {
|
||||
default = "${cfg.stateDir}/platform.cert";
|
||||
type = types.path;
|
||||
description = ''
|
||||
Path to the platform credential for your TPM. Your TPM
|
||||
manufacturer may have provided you with a set of credentials
|
||||
(certificates) that should be used when creating identities
|
||||
using your TPM. When a user of your TPM makes an identity,
|
||||
this credential will be encrypted as part of that process.
|
||||
See the 1.1b TPM Main specification section 9.3 for information
|
||||
on this process. '';
|
||||
};
|
||||
|
||||
conformanceCred = mkOption {
|
||||
default = "${cfg.stateDir}/conformance.cert";
|
||||
type = types.path;
|
||||
description = ''
|
||||
Path to the conformance credential for your TPM.
|
||||
See also the platformCred option'';
|
||||
};
|
||||
|
||||
endorsementCred = mkOption {
|
||||
default = "${cfg.stateDir}/endorsement.cert";
|
||||
type = types.path;
|
||||
description = ''
|
||||
Path to the endorsement credential for your TPM.
|
||||
See also the platformCred option'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
environment.systemPackages = [ pkgs.trousers ];
|
||||
|
||||
# system.activationScripts.tcsd =
|
||||
# ''
|
||||
# chown ${cfg.user}:${cfg.group} ${tcsdConf}
|
||||
# '';
|
||||
|
||||
systemd.services.tcsd = {
|
||||
description = "TCSD";
|
||||
after = [ "systemd-udev-settle.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.trousers ];
|
||||
preStart =
|
||||
''
|
||||
mkdir -m 0700 -p ${cfg.stateDir}
|
||||
chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir}
|
||||
'';
|
||||
serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";
|
||||
};
|
||||
|
||||
users.extraUsers = optionalAttrs (cfg.user == "tss") (singleton
|
||||
{ name = "tss";
|
||||
group = "tss";
|
||||
uid = config.ids.uids.nginx;
|
||||
});
|
||||
|
||||
users.extraGroups = optionalAttrs (cfg.group == "tss") (singleton
|
||||
{ name = "tss";
|
||||
gid = config.ids.gids.nginx;
|
||||
});
|
||||
};
|
||||
}
|
@ -8,10 +8,6 @@ let
|
||||
configFile = pkgs.writeText "logrotate.conf"
|
||||
cfg.config;
|
||||
|
||||
cronJob = ''
|
||||
5 * * * * root ${pkgs.logrotate}/sbin/logrotate ${configFile}
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
@ -33,6 +29,16 @@ in
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.cron.systemCronJobs = [ cronJob ];
|
||||
systemd.services.logrotate = {
|
||||
description = "Logrotate Service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
startAt = "*-*-* *:05:00";
|
||||
|
||||
serviceConfig.Restart = "no";
|
||||
serviceConfig.User = "root";
|
||||
script = ''
|
||||
exec ${pkgs.logrotate}/sbin/logrotate ${configFile}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -69,9 +69,9 @@ in
|
||||
systemd.services.logstash = with pkgs; {
|
||||
description = "Logstash Daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
environment = { JAVA_HOME = jre; };
|
||||
serviceConfig = {
|
||||
ExecStart = "${jre}/bin/java -jar ${logstash} agent -f ${writeText "logstash.conf" ''
|
||||
ExecStart = "${logstash}/bin/logstash agent -f ${writeText "logstash.conf" ''
|
||||
input {
|
||||
${cfg.inputConfig}
|
||||
}
|
||||
|
83
nixos/modules/services/logging/syslog-ng.nix
Normal file
83
nixos/modules/services/logging/syslog-ng.nix
Normal file
@ -0,0 +1,83 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.syslog-ng;
|
||||
|
||||
syslogngConfig = pkgs.writeText "syslog-ng.conf" ''
|
||||
@version: 3.5
|
||||
@include "scl.conf"
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
ctrlSocket = "/run/syslog-ng/syslog-ng.ctl";
|
||||
pidFile = "/run/syslog-ng/syslog-ng.pid";
|
||||
persistFile = "/var/syslog-ng/syslog-ng.persist";
|
||||
|
||||
syslogngOptions = [
|
||||
"--foreground"
|
||||
"--module-path=${concatStringsSep ":" (["${pkgs.syslogng}/lib/syslog-ng"] ++ cfg.extraModulePaths)}"
|
||||
"--cfgfile=${syslogngConfig}"
|
||||
"--control=${ctrlSocket}"
|
||||
"--persist-file=${persistFile}"
|
||||
"--pidfile=${pidFile}"
|
||||
];
|
||||
|
||||
in {
|
||||
|
||||
options = {
|
||||
|
||||
services.syslog-ng = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable the syslog-ng daemon.
|
||||
'';
|
||||
};
|
||||
serviceName = mkOption {
|
||||
type = types.str;
|
||||
default = "syslog-ng";
|
||||
description = ''
|
||||
The name of the systemd service that runs syslog-ng. Set this to
|
||||
<literal>syslog</literal> if you want journald to automatically
|
||||
forward all logs to syslog-ng.
|
||||
'';
|
||||
};
|
||||
extraModulePaths = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [ "${pkgs.syslogng_incubator}/lib/syslog-ng" ];
|
||||
description = ''
|
||||
A list of paths that should be included in syslog-ng's
|
||||
<literal>--module-path</literal> option. They should usually
|
||||
end in <literal>/lib/syslog-ng</literal>
|
||||
'';
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Configuration added to the end of <literal>syslog-ng.conf</literal>.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services."${cfg.serviceName}" = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = "mkdir -p /{var,run}/syslog-ng";
|
||||
serviceConfig = {
|
||||
Type = "notify";
|
||||
Sockets = "syslog.socket";
|
||||
StandardOutput = "null";
|
||||
Restart = "on-failure";
|
||||
ExecStart = "${pkgs.syslogng}/sbin/syslog-ng ${concatStringsSep " " syslogngOptions}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
66
nixos/modules/services/misc/gitolite.nix
Normal file
66
nixos/modules/services/misc/gitolite.nix
Normal file
@ -0,0 +1,66 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.gitolite;
|
||||
pubkeyFile = pkgs.writeText "gitolite-admin.pub" cfg.adminPubkey;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.gitolite = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable gitolite management under the
|
||||
<literal>gitolite</literal> user. The Gitolite home
|
||||
directory is <literal>/var/lib/gitolite</literal>. After
|
||||
switching to a configuration with Gitolite enabled, you can
|
||||
then run <literal>git clone
|
||||
gitolite@host:gitolite-admin.git</literal> to manage it further.
|
||||
'';
|
||||
};
|
||||
|
||||
adminPubkey = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Initial administrative public key for Gitolite. This should
|
||||
be an SSH Public Key. Note that this key will only be used
|
||||
once, upon the first initialization of the Gitolite user.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.extraUsers.gitolite = {
|
||||
description = "Gitolite user";
|
||||
home = "/var/lib/gitolite";
|
||||
createHome = true;
|
||||
uid = config.ids.uids.gitolite;
|
||||
useDefaultShell = true;
|
||||
};
|
||||
|
||||
systemd.services."gitolite-init" = {
|
||||
description = "Gitolite initialization";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig.User = "gitolite";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.RemainAfterExit = true;
|
||||
|
||||
path = [ pkgs.gitolite pkgs.git pkgs.perl pkgs.bash pkgs.openssh ];
|
||||
script = ''
|
||||
cd /var/lib/gitolite
|
||||
mkdir -p .gitolite/logs
|
||||
if [ ! -d repositories ]; then
|
||||
gitolite setup -pk ${pubkeyFile}
|
||||
fi
|
||||
gitolite setup # Upgrade if needed
|
||||
'';
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.gitolite pkgs.git ];
|
||||
};
|
||||
}
|
@ -22,14 +22,11 @@ let
|
||||
|
||||
nixConf =
|
||||
let
|
||||
# Tricky: if we're using a chroot for builds, then we need
|
||||
# /bin/sh in the chroot (our own compromise to purity).
|
||||
# However, since /bin/sh is a symlink to some path in the
|
||||
# Nix store, which furthermore has runtime dependencies on
|
||||
# other paths in the store, we need the closure of /bin/sh
|
||||
# in `build-chroot-dirs' - otherwise any builder that uses
|
||||
# /bin/sh won't work.
|
||||
binshDeps = pkgs.writeReferencesToFile config.system.build.binsh;
|
||||
# If we're using a chroot for builds, then provide /bin/sh in
|
||||
# the chroot as a bind-mount to bash. This means we also need to
|
||||
# include the entire closure of bash.
|
||||
sh = pkgs.stdenv.shell;
|
||||
binshDeps = pkgs.writeReferencesToFile sh;
|
||||
in
|
||||
pkgs.runCommand "nix.conf" {extraOptions = cfg.extraOptions; } ''
|
||||
extraPaths=$(for i in $(cat ${binshDeps}); do if test -d $i; then echo $i; fi; done)
|
||||
@ -40,7 +37,7 @@ let
|
||||
build-users-group = nixbld
|
||||
build-max-jobs = ${toString (cfg.maxJobs)}
|
||||
build-use-chroot = ${if cfg.useChroot then "true" else "false"}
|
||||
build-chroot-dirs = ${toString cfg.chrootDirs} $(echo $extraPaths)
|
||||
build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
|
||||
binary-caches = ${toString cfg.binaryCaches}
|
||||
trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
|
||||
$extraOptions
|
||||
@ -253,8 +250,6 @@ in
|
||||
|
||||
config = {
|
||||
|
||||
nix.chrootDirs = [ "/bin" ];
|
||||
|
||||
environment.etc."nix/nix.conf".source = nixConf;
|
||||
|
||||
# List of machines for distributed Nix builds in the format
|
||||
|
@ -1,32 +1,35 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
serveOnly = pkgs.writeScript "nix-store-serve" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
if [ "$SSH_ORIGINAL_COMMAND" != "nix-store --serve" ]; then
|
||||
echo 'Error: You are only allowed to run `nix-store --serve'\'''!' >&2
|
||||
exit 1
|
||||
fi
|
||||
exec /run/current-system/sw/bin/nix-store --serve
|
||||
'';
|
||||
with lib;
|
||||
|
||||
inherit (lib) mkIf mkOption types;
|
||||
in {
|
||||
{
|
||||
options = {
|
||||
|
||||
nix.sshServe = {
|
||||
|
||||
enable = mkOption {
|
||||
description = "Whether to enable serving the nix store over ssh.";
|
||||
default = false;
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable serving the Nix store as a binary cache via SSH.";
|
||||
};
|
||||
|
||||
keys = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ];
|
||||
description = "A list of SSH public keys allowed to access the binary cache via SSH.";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf config.nix.sshServe.enable {
|
||||
|
||||
users.extraUsers.nix-ssh = {
|
||||
description = "User for running nix-store --serve.";
|
||||
description = "Nix SSH substituter user";
|
||||
uid = config.ids.uids.nix-ssh;
|
||||
shell = pkgs.stdenv.shell;
|
||||
useDefaultShell = true;
|
||||
};
|
||||
|
||||
services.openssh.enable = true;
|
||||
@ -38,8 +41,11 @@ in {
|
||||
PermitTTY no
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
ForceCommand ${serveOnly}
|
||||
ForceCommand ${config.nix.package}/bin/nix-store --serve
|
||||
Match All
|
||||
'';
|
||||
|
||||
users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys;
|
||||
|
||||
};
|
||||
}
|
||||
|
@ -1,9 +1,9 @@
|
||||
# Monit system watcher
|
||||
# http://mmonit.org/monit/
|
||||
|
||||
{config, pkgs, ...}:
|
||||
{config, pkgs, lib, ...}:
|
||||
|
||||
let inherit (pkgs.lib) mkOption mkIf;
|
||||
let inherit (lib) mkOption mkIf;
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -189,19 +189,18 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.munin ];
|
||||
environment.MUNIN_PLUGSTATE = "/var/run/munin";
|
||||
preStart = ''
|
||||
echo "updating munin plugins..."
|
||||
|
||||
mkdir -p /etc/munin/plugins
|
||||
rm -rf /etc/munin/plugins/*
|
||||
PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
|
||||
'';
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.munin}/sbin/munin-node --config ${nodeConf} --servicedir /etc/munin/plugins/";
|
||||
};
|
||||
};
|
||||
|
||||
system.activationScripts.munin-node = ''
|
||||
echo "updating munin plugins..."
|
||||
|
||||
mkdir -p /etc/munin/plugins
|
||||
rm -rf /etc/munin/plugins/*
|
||||
PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
|
||||
'';
|
||||
|
||||
}) (mkIf cronCfg.enable {
|
||||
|
||||
services.cron.systemCronJobs = [
|
||||
|
@ -12,7 +12,7 @@ let
|
||||
nagiosObjectDefs = cfg.objectDefs;
|
||||
|
||||
nagiosObjectDefsDir = pkgs.runCommand "nagios-objects" {inherit nagiosObjectDefs;}
|
||||
"ensureDir $out; ln -s $nagiosObjectDefs $out/";
|
||||
"mkdir -p $out; ln -s $nagiosObjectDefs $out/";
|
||||
|
||||
nagiosCfgFile = pkgs.writeText "nagios.cfg"
|
||||
''
|
||||
|
@ -13,7 +13,7 @@ let
|
||||
};
|
||||
buildInputs = [ python ];
|
||||
installPhase = ''
|
||||
ensureDir $out/bin
|
||||
mkdir -p $out/bin
|
||||
# Make it work for kernels 3.x, not so different than 2.6
|
||||
sed -i 's/2\.6/4.0/' system_health.py
|
||||
cp system_health.py $out/bin
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
inherit (pkgs.lib) mkOption mkEnableOption mkIf mkMerge types optionalAttrs optional;
|
||||
inherit (lib) mkOption mkEnableOption mkIf mkMerge types optionalAttrs optional;
|
||||
|
||||
cfg = config.services.uptime;
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
inherit (pkgs.lib) mkOption mkIf;
|
||||
inherit (lib) mkOption mkIf;
|
||||
|
||||
cfg = config.services.openafsClient;
|
||||
|
||||
@ -11,7 +11,7 @@ let
|
||||
};
|
||||
|
||||
afsConfig = pkgs.runCommand "afsconfig" {} ''
|
||||
ensureDir $out
|
||||
mkdir -p $out
|
||||
echo ${cfg.cellName} > $out/ThisCell
|
||||
cp ${cellServDB} $out/CellServDB
|
||||
echo "/afs:${cfg.cacheDirectory}:${cfg.cacheSize}" > $out/cacheinfo
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
@ -136,4 +136,4 @@ in
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ cfg.port ];
|
||||
};
|
||||
}
|
||||
}
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
with pkgs;
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.networking.connman;
|
||||
|
@ -1,8 +1,8 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
|
||||
inherit (pkgs.lib) mkOption mkIf singleton;
|
||||
inherit (lib) mkOption mkIf singleton;
|
||||
|
||||
inherit (pkgs) ddclient;
|
||||
|
||||
|
@ -18,7 +18,7 @@ let
|
||||
|
||||
${cfg.extraConfig}
|
||||
|
||||
${pkgs.lib.concatMapStrings
|
||||
${lib.concatMapStrings
|
||||
(machine: ''
|
||||
host ${machine.hostName} {
|
||||
hardware ethernet ${machine.ethernetAddress};
|
||||
|
@ -1,9 +1,9 @@
|
||||
# GNU Virtual Private Ethernet
|
||||
|
||||
{config, pkgs, ...}:
|
||||
{config, pkgs, lib, ...}:
|
||||
|
||||
let
|
||||
inherit (pkgs.lib) mkOption mkIf;
|
||||
inherit (lib) mkOption mkIf;
|
||||
|
||||
cfg = config.services.gvpe;
|
||||
|
||||
|
@ -3,7 +3,7 @@ source $stdenv/setup
|
||||
doSub() {
|
||||
local src=$1
|
||||
local dst=$2
|
||||
ensureDir $(dirname $dst)
|
||||
mkdir -p $(dirname $dst)
|
||||
substituteAll $src $dst
|
||||
}
|
||||
|
||||
@ -28,4 +28,4 @@ for i in $substFiles; do
|
||||
fi
|
||||
done
|
||||
|
||||
ensureDir $out/bin
|
||||
mkdir -p $out/bin
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
with pkgs;
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.networking.networkmanager;
|
||||
@ -151,7 +151,7 @@ in {
|
||||
{ source = "${networkmanager_pptp}/etc/NetworkManager/VPN/nm-pptp-service.name";
|
||||
target = "NetworkManager/VPN/nm-pptp-service.name";
|
||||
}
|
||||
] ++ pkgs.lib.optional (cfg.appendNameservers == [] || cfg.insertNameservers == [])
|
||||
] ++ optional (cfg.appendNameservers == [] || cfg.insertNameservers == [])
|
||||
{ source = overrideNameserversScript;
|
||||
target = "NetworkManager/dispatcher.d/02overridedns";
|
||||
};
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.notbit;
|
||||
varDir = "/var/lib/notbit";
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.nsd;
|
||||
|
118
nixos/modules/services/networking/polipo.nix
Normal file
118
nixos/modules/services/networking/polipo.nix
Normal file
@ -0,0 +1,118 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.polipo;
|
||||
|
||||
polipoConfig = pkgs.writeText "polipo.conf" ''
|
||||
proxyAddress = ${cfg.proxyAddress}
|
||||
proxyPort = ${toString cfg.proxyPort}
|
||||
allowedClients = ${concatStringsSep ", " cfg.allowedClients}
|
||||
${optionalString (cfg.parentProxy != "") "parentProxy = ${cfg.parentProxy}" }
|
||||
${optionalString (cfg.socksParentProxy != "") "socksParentProxy = ${cfg.socksParentProxy}" }
|
||||
${config.services.polipo.extraConfig}
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
options = {
|
||||
|
||||
services.polipo = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to run the polipo caching web proxy.";
|
||||
};
|
||||
|
||||
proxyAddress = mkOption {
|
||||
type = types.string;
|
||||
default = "127.0.0.1";
|
||||
description = "IP address on which Polipo will listen.";
|
||||
};
|
||||
|
||||
proxyPort = mkOption {
|
||||
type = types.int;
|
||||
default = 8123;
|
||||
description = "TCP port on which Polipo will listen.";
|
||||
};
|
||||
|
||||
allowedClients = mkOption {
|
||||
type = types.listOf types.string;
|
||||
default = [ "127.0.0.1" "::1" ];
|
||||
example = [ "127.0.0.1" "::1" "134.157.168.0/24" "2001:660:116::/48" ];
|
||||
description = ''
|
||||
List of IP addresses or network addresses that may connect to Polipo.
|
||||
'';
|
||||
};
|
||||
|
||||
parentProxy = mkOption {
|
||||
type = types.string;
|
||||
default = "";
|
||||
example = "localhost:8124";
|
||||
description = ''
|
||||
Hostname and port number of an HTTP parent proxy;
|
||||
it should have the form ‘host:port’.
|
||||
'';
|
||||
};
|
||||
|
||||
socksParentProxy = mkOption {
|
||||
type = types.string;
|
||||
default = "";
|
||||
example = "localhost:9050";
|
||||
description = ''
|
||||
Hostname and port number of an SOCKS parent proxy;
|
||||
it should have the form ‘host:port’.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Polio configuration. Contents will be added
|
||||
verbatim to the configuration file.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
users.extraUsers = singleton
|
||||
{ name = "polipo";
|
||||
uid = config.ids.uids.polipo;
|
||||
description = "Polipo caching proxy user";
|
||||
home = "/var/cache/polipo";
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
users.extraGroups = singleton
|
||||
{ name = "polipo";
|
||||
gid = config.ids.gids.polipo;
|
||||
members = [ "polipo" ];
|
||||
};
|
||||
|
||||
systemd.services.polipo = {
|
||||
description = "caching web proxy";
|
||||
after = [ "network.target" "nss-lookup.target" ];
|
||||
wantedBy = [ "multi-user.target"];
|
||||
preStart = ''
|
||||
${pkgs.coreutils}/bin/chown polipo:polipo /var/cache/polipo -R
|
||||
'';
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.polipo}/bin/polipo -c ${polipoConfig}";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
|
||||
User = "polipo";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user