JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge master into PR

Browse Source 
Conflicts:
	pkgs/development/compilers/ocaml/4.01.0.nix
This commit is contained in:
Vladimír Čunát 2014-08-12 21:52:20 +02:00
commit 141b5d961f
2684 changed files with 18685 additions and 11522 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -9,3 +9,5 @@ result-*
/doc/manual.html
/doc/manual.pdf
.version-suffix
.DS_Store

21
doc/contributing.xml Normal file
View File

@ -0,0 +1,21 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-contributing">
<title>Contributing</title>
<para>If you make modifications to the manual, it's important to build the manual before contributing:</para>
<orderedlist>
<listitem><para><command>$ git clone git://github.com/NixOS/nixpkgs.git</command></para></listitem>
<listitem><para><command>$ cd nixpkgs/pkgs/top-level</command></para></listitem>
<listitem><para><command>$ nix-build -A tarball release.nix</command></para></listitem>
<listitem><para>Inside the built derivation you shall see <literal>manual/index.html</literal> file.</para></listitem>
</orderedlist>
</chapter>

1
doc/manual.xml
View File

@ -32,6 +32,7 @@
<xi:include href="language-support.xml" />
<xi:include href="package-notes.xml" />
<xi:include href="coding-conventions.xml" />
<xi:include href="contributing.xml" />
</book>

164
doc/meta.xml
View File

@ -17,7 +17,9 @@ meta = {
It is fully customizable.
'';
homepage = http://www.gnu.org/software/hello/manual/;
license = "GPLv3+";
license = stdenv.lib.licenses.gpl3Plus;
maintainers = [ stdenv.lib.maintainers.eelco ];
platforms = stdenv.lib.platforms.all;
};
</programlisting>
@ -31,16 +33,42 @@ the package. The value of a meta-attribute must a string.</para>
command-line using <command>nix-env</command>:
<screen>
$ nix-env -qa hello --meta --xml
&lt;?xml version='1.0' encoding='utf-8'?>
&lt;items>
&lt;item attrPath="hello" name="hello-2.3" system="i686-linux">
&lt;meta name="description" value="A program that produces a familiar, friendly greeting" />
&lt;meta name="homepage" value="http://www.gnu.org/software/hello/manual/" />
&lt;meta name="license" value="GPLv3+" />
&lt;meta name="longDescription" value="GNU Hello is a program that prints &amp;quot;Hello, world!&amp;quot; when you run it.&amp;#xA;It is fully customizable.&amp;#xA;" />
&lt;/item>
&lt;/items>
$ nix-env -qa hello --meta --json
{
"hello": {
"meta": {
"description": "A program that produces a familiar, friendly greeting",
"homepage": "http://www.gnu.org/software/hello/manual/",
"license": {
"fullName": "GNU General Public License version 3 or later",
"shortName": "GPLv3+",
"url": "http://www.fsf.org/licensing/licenses/gpl.html"
},
"longDescription": "GNU Hello is a program that prints \"Hello, world!\" when you run it.\nIt is fully customizable.\n",
"maintainers": [
"Ludovic Court\u00e8s &lt;ludo@gnu.org>"
],
"platforms": [
"i686-linux",
"x86_64-linux",
"armv5tel-linux",
"armv7l-linux",
"mips64el-linux",
"x86_64-darwin",
"i686-cygwin",
"i686-freebsd",
"x86_64-freebsd",
"i686-openbsd",
"x86_64-openbsd"
],
"position": "/home/user/dev/nixpkgs/pkgs/applications/misc/hello/ex-2/default.nix:14"
},
"name": "hello-2.9",
"system": "x86_64-linux"
}
}
</screen>
<command>nix-env</command> knows about the
@ -92,20 +120,23 @@ interpretation:</para>
<varlistentry>
<term><varname>license</varname></term>
<listitem><para>The license for the package. See below for the
allowed values.</para></listitem>
<listitem><para>The license for the package. One from attribute set defined in
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix">
<filename>nixpkgs/lib/licenses.nix</filename></link>.
Example:
<literal>stdenv.lib.licenses.gpl3</literal>.</para></listitem>
See details in <xref linkend='sec-meta-license'/>,
</varlistentry>
<varlistentry>
<term><varname>maintainers</varname></term>
<listitem><para>A list of names and e-mail addresses of the
maintainers of this Nix expression, e.g. <literal>["Alice
&lt;alice@example.org>" "Bob &lt;bob@example.com>"]</literal>. If
you are the maintainer of multiple packages, you may want to add
maintainers of this Nix expression. If
you would like to be a maintainer of a package, you may want to add
yourself to <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/lib/maintainers.nix"><filename>pkgs/lib/maintainers.nix</filename></link>
and write something like <literal>[stdenv.lib.maintainers.alice
stdenv.lib.maintainers.bob]</literal>.</para></listitem>
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/maintainers.nix"><filename>nixpkgs/lib/maintainers.nix</filename></link>
and write something like <literal>[ stdenv.lib.maintainers.alice
stdenv.lib.maintainers.bob ]</literal>.</para></listitem>
</varlistentry>
<varlistentry>
@ -121,29 +152,25 @@ interpretation:</para>
<varlistentry>
<term><varname>platforms</varname></term>
<listitem><para>The list of Nix platform types on which the
package is supported. If this attribute is set, the package will
refuse to build, and wont show up in <literal>nix-env
-qa</literal> output, on any platform not listed
here. An example is:
package is supported. Hydra builds packages according to the
platform specified. If no platform is specified, the package does
not have prebuilt binaries. An example is:
<programlisting>
meta.platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" ];
</programlisting>
The set <varname>lib.platforms</varname> defines various common
lists of platforms types, so its more typical to write:
<programlisting>
meta.platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
meta.platforms = stdenv.lib.platforms.linux;
</programlisting>
Attribute Set <varname>stdenv.lib.platforms</varname> in
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/platforms.nix">
<filename>nixpkgs/lib/platforms.nix</filename></link> defines various common
lists of platforms types.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>hydraPlatforms</varname></term>
<listitem><para>The list of Nix platform types for which the Hydra
instance at <literal>hydra.nixos.org</literal> should build the
instance at <literal>hydra.nixos.org</literal> will build the
package. (Hydra is the Nix-based continuous build system.) It
defaults to the value of <varname>meta.platforms</varname>. Thus,
the only reason to set <varname>meta.hydraPlatforms</varname> is
@ -176,80 +203,23 @@ meta.hydraPlatforms = [];
<section xml:id="sec-meta-license"><title>Licenses</title>
<note><para>This is just a first attempt at standardising the license
attribute.</para></note>
<para>The <varname>meta.license</varname> attribute must be one of the
following:
<para>The <varname>meta.license</varname> attribute should preferrably contain
a value from <varname>stdenv.lib.licenses</varname> defined in
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix">
<filename>nixpkgs/lib/licenses.nix</filename></link>,
or in-place license description of the same format if the license is
unlikely to be useful in another expression.
A few generic options are available, although it's typically better
to indicate the specific license:
<variablelist>
<varlistentry>
<term><varname>GPL</varname></term>
<listitem><para>GNU General Public License; version not
specified.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>GPLv2</varname></term>
<listitem><para>GNU General Public License, version
2.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>GPLv2+</varname></term>
<listitem><para>GNU General Public License, version
2 or higher.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>GPLv3</varname></term>
<listitem><para>GNU General Public License, version
3.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>GPLv3+</varname></term>
<listitem><para>GNU General Public License, version
3 or higher.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>bsd</varname></term>
<listitem><para>Catch-all for licenses that are essentially
similar to <link
xlink:href="http://www.gnu.org/licenses/license-list.html#ModifiedBSD">the
original BSD license with the advertising clause removed</link>,
i.e. permissive non-copyleft free software licenses. This
includes the <link
xlink:href="http://www.gnu.org/licenses/license-list.html#X11License">X11
(“MIT”) License</link>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>perl5</varname></term>
<listitem><para>The Perl 5 license (Artistic License, version 1
and GPL, version 1 or later).</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>free</varname></term>
<listitem><para>Catch-all for free software licenses not listed
above.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>free-copyleft</varname></term>
<listitem><para>Catch-all for free, copyleft software licenses not
listed above.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>free-non-copyleft</varname></term>
<listitem><para>Catch-all for free, non-copyleft software licenses
not listed above.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>unfree-redistributable</varname></term>
<listitem><para>Unfree package that can be redistributed in binary

14
doc/quick-start.xml
View File

@ -155,9 +155,10 @@ $ git add pkgs/development/libraries/libfoo/default.nix</screen>
</listitem>
<listitem>
<para>You can use <command>nix-prefetch-url</command>
<para>You can use <command>nix-prefetch-url</command> (or similar nix-prefetch-git, etc)
<replaceable>url</replaceable> to get the SHA-256 hash of
source distributions.</para>
source distributions. There are similar commands as <command>nix-prefetch-git</command> and
<command>nix-prefetch-hg</command> available in <literal>nix-prefetch-scripts</literal> package.</para>
</listitem>
<listitem>
@ -221,17 +222,10 @@ $ nix-env -f . -iA libfoo</screen>
</listitem>
<listitem>
<para>Optionally commit the new package, or send a patch to
<para>Optionally commit the new package and open a pull request, or send a patch to
<literal>nix-dev@cs.uu.nl</literal>.</para>
</listitem>
<listitem>
<para>If you want the TU Delft build farm to build binaries of the
package and make them available in the <link
xlink:href="http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/"><literal>nixpkgs</literal>
channel</link>, add it to <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/release.nix"><filename>pkgs/top-level/release.nix</filename></link>.</para>
</listitem>
</orderedlist>

327
lib/licenses.nix
View File

@ -1,25 +1,24 @@
{
/* License identifiers loosely based on: http://fedoraproject.org/wiki/Licensing
let
spdx = lic: lic // {
url = "http://spdx.org/licenses/${lic.shortName}";
};
in
rec {
/* License identifiers from spdx.org where possible.
* If you cannot find your license here, then look for a similar license or
* add it to this list. The URL mentioned above is a good source for inspiration.
*/
artistic2 = {
shortName = "Artistic 2.0";
fullName = "Artistic 2.0";
url = "http://opensource.org/licenses/artistic-license-2.0.php";
};
agpl3 = {
shortName = "AGPLv3";
fullName = "GNU Affero General Public License version 3 only";
url = https://www.gnu.org/licenses/agpl.html;
agpl3 = spdx {
shortName = "AGPL-3.0";
fullName = "GNU Affero General Public License v3.0";
};
agpl3Plus = {
shortName = "AGPLv3+";
fullName = "GNU Affero General Public License version 3 or later";
url = https://www.gnu.org/licenses/agpl.html;
shortName = "AGPL-3.0+";
fullName = "GNU Affero General Public License v3.0 or later";
inherit (agpl3) url;
};
amd = {
@ -28,126 +27,149 @@
url = http://developer.amd.com/amd-license-agreement/;
};#
apsl20 = {
shortName = "APSL 2.0";
apsl20 = spdx {
shortName = "APSL-2.0";
fullName = "Apple Public Source License 2.0";
url = http://opensource.org/licenses/APSL-2.0;
};
asl20 = {
shortName = "ASL2.0";
fullName = "Apache Software License 2.0";
url = http://www.apache.org/licenses/LICENSE-2.0;
artistic2 = spdx {
shortName = "Artistic-2.0";
fullName = "Artistic License 2.0";
};
boost = {
shortName = "boost";
fullName = "Boost Software License";
url = http://www.boost.org/LICENSE_1_0.txt;
asl20 = spdx {
shortName = "Apache-2.0";
fullName = "Apache License 2.0";
};
bsd2 = {
shortName = "BSD-2";
fullName = "BSD license (2 clause)";
url = http://opensource.org/licenses/BSD-2-Clause;
boost = spdx {
shortName = "BSL-1.0";
fullName = "Boost Software License 1.0";
};
bsd3 = {
shortName = "BSD-3";
fullName = "BSD license (3 clause)";
url = http://opensource.org/licenses/BSD-3-Clause;
bsd2 = spdx {
shortName = "BSD-2-Clause";
fullName = ''BSD 2-clause "Simplified" License'';
};
bsdOriginal = {
shortName = "BSD-original";
fullName = "Original BSD license with advertising clause";
url = https://fedoraproject.org/wiki/Licensing/BSD;
bsd3 = spdx {
shortName = "BSD-3-Clause";
fullName = ''BSD 3-clause "New" or "Revised" License'';
};
cc-by-30 = {
shortName = "CC BY 3.0";
bsdOriginal = spdx {
shortName = "BSD-4-Clause";
fullName = ''BSD 4-clause "Original" or "Old" License'';
};
cc-by-30 = spdx {
shortName = "CC-BY-3.0";
fullName = "Creative Commons Attribution 3.0";
url = http://creativecommons.org/licenses/by/3.0;
};
cddl = {
shortName = "CDDL";
fullName = "Common Development Distribution License ";
url = http://www.opensolaris.org/os/licensing/cddllicense.txt;
cddl = spdx {
shortName = "CDDL-1.0";
fullName = "Common Development and Distribution License 1.0";
};
cpl10 = {
shortName = "CPL 1.0";
fullName = "Common Public License version 1.0";
url = http://www.eclipse.org/legal/cpl-v10.html;
cecill-c = spdx {
shortName = "CECILL-C";
fullName = "CeCILL-C Free Software License Agreement";
};
epl10 = {
shortName = "EPL 1.0";
fullName = "Eclipse Public License version 1.0";
url = http://www.eclipse.org/legal/epl-v10.html;
cpl10 = spdx {
shortName = "CPL-1.0";
fullName = "Common Public License 1.0";
};
epl10 = spdx {
shortName = "EPL-1.0";
fullName = "Eclipse Public License 1.0";
};
free = "free";
gpl2 = {
shortName = "GPLv2";
fullName = "GNU General Public License version 2";
url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
gpl2 = spdx {
shortName = "GPL-2.0";
fullName = "GNU General Public License v2.0 only";
};
gpl2Oss = {
shortName = "GPLv2+OSS";
shortName = "GPL-2.0-with-OSS";
fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)";
url = http://www.mysql.com/about/legal/licensing/foss-exception;
};
gpl2Plus = {
shortName = "GPLv2+";
fullName = "GNU General Public License version 2 or later";
url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
gpl2Plus = spdx {
shortName = "GPL-2.0+";
fullName = "GNU General Public License v2.0 or later";
};
gpl3 = {
shortName = "GPLv3";
fullName = "GNU General Public License version 3 only";
url = http://www.fsf.org/licensing/licenses/gpl.html;
gpl3 = spdx {
shortName = "GPL-3.0";
fullName = "GNU General Public License v3.0 only";
};
gpl3Plus = {
shortName = "GPLv3+";
fullName = "GNU General Public License version 3 or later";
url = http://www.fsf.org/licensing/licenses/gpl.html;
gpl3Plus = spdx {
shortName = "GPL-3.0+";
fullName = "GNU General Public License v3.0 or later";
};
gpl3ClasspathPlus = {
shortName = "GPLv3+classpath+";
fullName = "GNU General Public License version 3 or later (with Classpath exception)";
shortName = "GPL-3.0+-with-classpath-exception";
fullName = "GNU General Public License v3.0 or later (with Classpath exception)";
url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
};
isc = {
inria = {
shortName = "INRIA-NCLA";
fullName = "INRIA Non-Commercial License Agreement";
url = "http://compcert.inria.fr/doc/LICENSE";
};
ipa = spdx {
shortName = "IPA";
fullName = "IPA Font License";
};
ipl10 = spdx {
shortName = "IPL-1.0";
fullName = "IBM Public License v1.0";
};
isc = spdx {
shortName = "ISC";
fullName = "Internet Systems Consortium License";
url = http://www.opensource.org/licenses/ISC;
fullName = "ISC License";
};
ipa = {
shortName = "IPA 1.0";
fullName = "IPA Font License v1.0";
url = http://ipafont.ipa.go.jp/ipafont/;
lgpl2 = spdx {
shortName = "LGPL-2.0";
fullName = "GNU Library General Public License v2 only";
};
ipl10 = {
shortName = "IPL 1.0";
fullName = "IBM Public License Version 1.0";
url = http://www.ibm.com/developerworks/opensource/library/os-i18n2/os-ipl.html;
lgpl2Plus = spdx {
shortName = "LGPL-2.0+";
fullName = "GNU Library General Public License v2 or later";
};
ijg = {
shortName = "IJG";
fullName = "Independent JPEG Group License";
url = https://fedoraproject.org/wiki/Licensing/IJG;
lgpl21 = spdx {
shortName = "LGPL-2.1";
fullName = "GNU Library General Public License v2.1 only";
};
lgpl21Plus = spdx {
shortName = "LGPL-2.1+";
fullName = "GNU Library General Public License v2.1 or later";
};
lgpl3 = spdx {
shortName = "LGPL-3.0";
fullName = "GNU Lesser General Public License v3.0 only";
};
lgpl3Plus = spdx {
shortName = "LGPL-3.0+";
fullName = "GNU Lesser General Public License v3.0 or later";
};
libtiff = {
@ -156,76 +178,47 @@
url = https://fedoraproject.org/wiki/Licensing/libtiff;
};
lgpl2 = {
shortName = "LGPLv2";
fullName = "GNU Library General Public License version 2";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
};
lgpl2Plus = {
shortName = "LGPLv2+";
fullName = "GNU Library General Public License version 2 or later";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
};
lgpl21 = {
shortName = "LGPLv2.1";
fullName = "GNU Lesser General Public License version 2.1";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html;
};
lgpl21Plus = {
shortName = "LGPLv2.1+";
fullName = "GNU Lesser General Public License version 2.1 or later";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html;
};
llgpl21 = {
shortName = "LLGPLv2.1";
shortName = "LLGPL-2.1";
fullName = "Lisp LGPL; GNU Lesser General Public License version 2.1 with Franz Inc. preamble for clarification of LGPL terms in context of Lisp";
url = http://opensource.franz.com/preamble.html;
};
lgpl3 = {
shortName = "LGPLv3";
fullName = "GNU Lesser General Public License version 3 only";
url = http://www.fsf.org/licensing/licenses/lgpl.html;
};
lgpl3Plus = {
shortName = "LGPLv3+";
fullName = "GNU Lesser General Public License version 3 or later";
url = http://www.fsf.org/licensing/licenses/lgpl.html;
};
mit = {
mit = spdx {
shortName = "MIT";
fullName = "MIT/X11 license";
url = http://www.opensource.org/licenses/mit-license.php;
fullName = "MIT License";
};
mpl11 = {
shortName = "MPL1.1";
fullName = "Mozilla Public License version 1.1";
url = http://www.mozilla.org/MPL/MPL-1.1.html;
mpl11 = spdx {
shortName = "MPL-1.1";
fullName = "Mozilla Public License 1.1";
};
mpl20 = {
shortName = "MPL2.0";
fullName = "Mozilla Public License version 2.0";
url = https://www.mozilla.org/MPL/2.0;
mpl20 = spdx {
shortName = "MPL-2.0";
fullName = "Mozilla Public License 2.0";
};
ofl = {
shortName = "OFL";
fullName = "SIL Open Font License";
url = "http://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&id=OFL_web";
msrla = {
shortName = "MSR-LA";
fullName = "Microsoft Research License Agreement";
url = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
};
openssl = {
shortName = "openssl";
fullName = "OpenSSL license";
url = http://www.openssl.org/source/license.html;
ofl = spdx {
shortName = "OFL-1.1";
fullName = "SIL Open Font License 1.1";
};
openssl = spdx {
shortName = "OpenSSL";
fullName = "OpenSSL License";
};
psfl = spdx {
shortName = "Python-2.0";
fullName = "Python Software Foundation License version 2";
#url = http://docs.python.org/license.html;
};
publicDomain = {
@ -233,10 +226,9 @@
fullname = "Public Domain";
};
psfl = {
shortName = "PSFL";
fullName = "Python Software Foundation License";
url = http://docs.python.org/license.html;
sleepycat = spdx {
shortName = "Sleepycat";
fullName = "Sleepycat License";
};
tcltk = {
@ -257,45 +249,20 @@
url = https://fedoraproject.org/wiki/Licensing:Wadalab?rd=Licensing/Wadalab;
};
zlib = {
shortName = "zlib";
fullName = "zlib license";
url = http://www.gzip.org/zlib/zlib_license.html;
zlib = spdx {
shortName = "Zlib";
fullName = "zlib License";
};
zpt20 = {
shortName = "ZPT2.0";
zpt20 = spdx { # FIXME: why zpt* instead of zpl*
shortName = "ZPL-2.0";
fullName = "Zope Public License 2.0";
url = "http://old.zope.org/Resources/License/ZPL-2.0";
};
zpt21 = {
shortName = "ZPT2.1";
zpt21 = spdx {
shortName = "ZPL-2.1";
fullName = "Zope Public License 2.1";
url = "http://old.zope.org/Resources/License/ZPL-2.1";
};
sleepycat = {
shortName = "Sleepycat";
fullName = "Sleepycat Public License";
url = "https://en.wikipedia.org/wiki/Sleepycat_License";
};
cecill-c = {
shortName = "CeCILL-C";
fullName = "CEA CNRS INRIA Logiciel Libre";
url = "http://www.cecill.info/licences.en.html";
};
msrla = {
shortName = "MSR-LA";
fullName = "Microsoft Research License Agreement";
url = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
};
inria = {
shortName = "INRIA-NCLA";
fullName = "INRIA Non-Commercial License Agreement";
url = "http://compcert.inria.fr/doc/LICENSE";
};
}

7
lib/maintainers.nix
View File

@ -33,6 +33,7 @@
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
DamienCassou = "Damien Cassou <damien.cassou@gmail.com>";
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
@ -45,6 +46,7 @@
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
guibert = "David Guibert <david.guibert@gmail.com>";
hinton = "Tom Hinton <t@larkery.com>";
hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
iElectric = "Domen Kozar <domen@dev.si>";
iyzsong = "Song Wenwu <iyzsong@gmail.com>";
@ -62,9 +64,11 @@
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
marcweber = "Marc Weber <marco-oweber@gmx.de>";
matejc = "Matej Cotman <cotman.matej@gmail.com>";
meisternu = "Matt Miemiec <meister@krutt.org>";
modulistic = "Pablo Costa <modulistic@gmail.com>";
mornfall = "Petr Ročkai <me@mornfall.net>";
msackman = "Matthew Sackman <matthew@wellquite.org>";
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
@ -89,8 +93,10 @@
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
shlevy = "Shea Levy <shea@shealevy.com>";
simons = "Peter Simons <simons@cryp.to>";
skeidel = "Sven Keidel <svenkeidel@gmail.com>";
smironov = "Sergey Mironov <ierton@gmail.com>";
sprock = "Roger Mason <rmason@mun.ca>";
tailhook = "Paul Colomiets <paul@colomiets.name>";
thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
@ -106,6 +112,7 @@
winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
wizeman = "Ricardo M. Correia <rcorreia@wizy.org>";
wjlroe = "William Roe <willroe@gmail.com>";
wkennington = "William A. Kennington III <william@wkennington.com>";
wmertens = "Wout Mertens <Wout.Mertens@gmail.com>";
z77z = "Marco Maggesi <maggesi@math.unifi.it>";
zef = "Zef Hemel <zef@zef.me>";

2
lib/platforms.nix
View File

@ -11,6 +11,6 @@ rec {
unix = linux ++ darwin ++ freebsd ++ openbsd;
all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd;
none = [];
allBut = platform: lists.filter (x: platform != x) all;
allBut = platforms: lists.filter (x: !(builtins.elem x platforms)) all;
mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux"];
}

146
maintainers/scripts/sort-attrs.str
View File

@ -1,146 +0,0 @@
/* Tool to sort attribute sets. Primarily useful for keeping
all-packages.nix tidy.
To compile:
$ strc -i ../../maintainers/scripts/sort-attrs.str -la stratego-lib
Typical invocation:
$ sglr -m -p ~/Dev/nix/src/libexpr/nix.tbl -i all-packages.nix \
| implode-asfix --lex \
| ../../maintainers/scripts/sort-attrs \
| asfix-yield
*/
module sort-attrs
imports
libstratego-lib
libstratego-sglr
strategies
no-wsp = !appl(prod([], cf(opt(layout())), no-attrs()), [])
rules
list-sep(s): [] -> []
list-sep(s): [x | xs] -> [[x | before] | <list-sep(s)> [split | after]]
where
<split-fetch-keep(s)> xs => (before, split, after)
list-sep(s): [x | xs] -> [[x | xs]]
where
<not(split-fetch-keep(s))> xs
list-sep-end(s): xs -> [<conc> (before, [split]) | <list-sep-end(s)> after]
where
<split-fetch-keep(s)> xs => (before, split, after)
list-sep-end(s): xs -> [xs]
where
<not(split-fetch-keep(s))> xs
sort-attrs:
appl(p@prod(_, _, attrs([term(cons("Attrs"))])),
[ lit("{")
, ws1
, appl(p2@list(cf(iter-star(sort("Bind")))), attrs)
, ws2
, lit("}")
]
) ->
appl(p, [lit("{"), <no-wsp>, appl(p2, <concat> attrs'), ws2, lit("}")])
where
<debug> "found it";
<attach-wsp> [ws1 | attrs] => withWSP;
<list-sep(starts-section)> withWSP => groups;
<length; debug> groups;
<map({x', x'', x''', xs', starts, starts': \[x | xs] -> [x''' | xs']
where
<remove-section-start> x => (x', starts);
<map(regularise-empty-lines); if !starts; debug; sortable-section; debug then qsort(compare-attrs) else id end> [x' | xs] => [x'' | xs'];
<[] <+ \x -> ["\n\n\n" | x]\ > starts => starts';
<prepend-layout> (starts', x'') => x'''
\ })> groups => attrs';
<debug> "did it"
attach-wsp: [a, b | cs] -> [(a, b) | <attach-wsp> cs]
attach-wsp: [] -> []
strategies
starts-section =
?x@(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr);
<implode-string; is-substring(!"###")> cs;
!x
rules
sortable-section = ?[s]; !s; explode-string; not(fetch({x: ?x; !(x, 97); geq}))
remove-section-start:
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr) ->
((appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs'), attr), starts)
where
!cs;
list-sep-end(?10); // separate into lines, keeping the \n
map(implode-string);
partition(where(is-substring(!"###"))) => (starts, rest);
<map(explode-string); concat> rest => cs'
regularise-empty-lines:
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr) ->
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs''), attr)
where
// separate into lines, keeping the \n
// last whitespace is significant, keep
<list-sep-end(?10); split-init-last> cs => (init, last);
<regularise-empty-lines'> init => cs'; // remove whitespace-only lines
<concat> [<explode-string> "\n\n", <concat> cs', last] => cs'' // add one empty line
/* Dirty hack: *do* keep the first empty line following a non-empty line. !!! order matters */
regularise-empty-lines': [] -> []
regularise-empty-lines': [x, y | xs] -> [x, y | <regularise-empty-lines'> xs]
where
<fetch-elem(not(?10 <+ ?32))> x;
<not(fetch-elem(not(?10 <+ ?32)))> y
regularise-empty-lines': [x | xs] -> [x | <regularise-empty-lines'> xs]
where <fetch-elem(not(?10 <+ ?32))> x
regularise-empty-lines': [x | xs] -> <regularise-empty-lines'> xs
where <not(fetch-elem(not(?10 <+ ?32)))> x
prepend-layout:
(text, (appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr)) ->
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs''), attr)
where
<implode-string> cs => cs';
<conc-strings; explode-string> (<concat-strings> text, cs') => cs''
compare-attrs:
x@
( (_, appl(p1@prod(_, _, attrs([term(cons("Bind"))])), [id1 | xs1]))
, (_, appl(p2@prod(_, _, attrs([term(cons("Bind"))])), [id2 | xs2]))
)
-> x
where
<string-lt> (id1, id2)
strategies
main = io-wrap(
oncetd(sort-attrs)
)

12
nixos/doc/manual/README Normal file
View File

@ -0,0 +1,12 @@
To build the manual, you need Nix installed on your system (no need
for NixOS). To install Nix, follow the instructions at
https://nixos.org/nix/download.html
When you have Nix on your system, in the root directory of the project
(i.e., `nixpkgs`), run:
nix-build nixos/release.nix -A manual.x86_64-linux
When this command successfully finishes, it will tell you where the
manual got generated.

46
nixos/doc/manual/configuration.xml
View File

@ -1036,21 +1036,22 @@ users.extraUsers.alice =
{ createHome = true;
home = "/home/alice";
description = "Alice Foobar";
extraGroups = [ "wheel" ];
extraGroups = [ "wheel" "networkmanager" ];
useDefaultShell = true;
openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
};
</programlisting>
Note that <literal>alice</literal> is a member of the
<literal>wheel</literal> group, which allows her to use
<command>sudo</command> to execute commands as
<literal>root</literal>. Also note the SSH public key that allows
remote logins with the corresponding private key. Users created in
this way do not have a password by default, so they cannot log in via
mechanisms that require a password. However, you can use the
<command>passwd</command> program to set a password, which is retained
across invocations of <command>nixos-rebuild</command>.</para>
<literal>wheel</literal> and <literal>networkmanager</literal> groups,
which allows her to use <command>sudo</command> to execute commands as
<literal>root</literal> and to configure the network, respectively.
Also note the SSH public key that allows remote logins with the
corresponding private key. Users created in this way do not have a
password by default, so they cannot log in via mechanisms that require
a password. However, you can use the <command>passwd</command> program
to set a password, which is retained across invocations of
<command>nixos-rebuild</command>.</para>
<para>A user ID (uid) is assigned automatically. You can also specify
a uid manually by adding
@ -1277,6 +1278,28 @@ services.xserver.synaptics.twoFingerScroll = true;
<section xml:id="sec-networking"><title>Networking</title>
<section xml:id="sec-networkmanager"><title>NetworkManager</title>
<para>To facilitate network configuration, some desktop environments
use NetworkManager. You can enable NetworkManager by setting:
<programlisting>
services.networkmanager.enable = true;
</programlisting>
Some desktop managers (e.g., GNOME) enable NetworkManager
automatically for you.</para>
<para>All users that should have permission to change network settings
must belong to the <code>networkmanager</code> group.</para>
<note><para><code>services.networkmanager</code> and
<code>services.wireless</code> can not be enabled at the same time:
you can still connect to the wireless networks using
NetworkManager.</para></note>
</section>
<section xml:id="sec-ssh"><title>Secure shell access</title>
<para>Secure shell (SSH) access to your machine can be enabled by
@ -1399,6 +1422,11 @@ always allowed.)</para>
<section xml:id="sec-wireless"><title>Wireless networks</title>
<para>For a desktop installation using NetworkManager (e.g., GNOME),
you just have to make sure the user is in the
<code>networkmanager</code> group and you can skip the rest of this
section on wireless networks.</para>
<para>
NixOS will start wpa_supplicant for you if you enable this setting:

51
nixos/doc/manual/default.nix
View File

@ -1,5 +1,6 @@
{ pkgs, options, version, revision }:
with pkgs;
with pkgs.lib;
let
@ -22,7 +23,7 @@ let
optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML options''));
optionsDocBook = pkgs.runCommand "options-db.xml" {} ''
optionsDocBook = runCommand "options-db.xml" {} ''
if grep /nixpkgs/nixos/modules ${optionsXML}; then
echo "The manual appears to depend on the location of Nixpkgs, which is bad"
echo "since this prevents sharing via the NixOS channel. This is typically"
@ -30,7 +31,7 @@ let
echo "for hints about the offending path)."
exit 1
fi
${pkgs.libxslt}/bin/xsltproc \
${libxslt}/bin/xsltproc \
--stringparam revision '${revision}' \
-o $out ${./options-to-docbook.xsl} ${optionsXML}
'';
@ -38,12 +39,12 @@ let
in rec {
# Generate the NixOS manual.
manual = pkgs.stdenv.mkDerivation {
manual = stdenv.mkDerivation {
name = "nixos-manual";
sources = sourceFilesBySuffices ./. [".xml"];
buildInputs = [ pkgs.libxml2 pkgs.libxslt ];
buildInputs = [ libxml2 libxslt ];
xsltFlags = ''
--param section.autolabel 1
@ -62,19 +63,19 @@ in rec {
# Check the validity of the manual sources.
xmllint --noout --nonet --xinclude --noxincludenode \
--relaxng ${pkgs.docbook5}/xml/rng/docbook/docbook.rng \
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
manual.xml
# Generate the HTML manual.
dst=$out/share/doc/nixos
ensureDir $dst
mkdir -p $dst
xsltproc $xsltFlags --nonet --xinclude \
--output $dst/manual.html \
${pkgs.docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
${docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
./manual.xml
mkdir -p $dst/images/callouts
cp ${pkgs.docbook5_xsl}/xml/xsl/docbook/images/callouts/*.gif $dst/images/callouts/
cp ${docbook5_xsl}/xml/xsl/docbook/images/callouts/*.gif $dst/images/callouts/
cp ${./style.css} $dst/style.css
@ -86,13 +87,39 @@ in rec {
meta.description = "The NixOS manual in HTML format";
};
manualPDF = stdenv.mkDerivation {
name = "nixos-manual-pdf";
sources = sourceFilesBySuffices ./. [".xml"];
buildInputs = [ libxml2 libxslt dblatex tetex ];
buildCommand = ''
# TeX needs a writable font cache.
export VARTEXFONTS=$TMPDIR/texfonts
ln -s $sources/*.xml . # */
ln -s ${optionsDocBook} options-db.xml
echo "${version}" > version
dst=$out/share/doc/nixos
mkdir -p $dst
xmllint --xinclude manual.xml | dblatex -o $dst/manual.pdf - \
-P doc.collab.show=0 \
-P latex.output.revhistory=0
mkdir -p $out/nix-support
echo "doc-pdf manual $dst/manual.pdf" >> $out/nix-support/hydra-build-products
''; # */
};
# Generate the NixOS manpages.
manpages = pkgs.stdenv.mkDerivation {
manpages = stdenv.mkDerivation {
name = "nixos-manpages";
sources = sourceFilesBySuffices ./. [".xml"];
buildInputs = [ pkgs.libxml2 pkgs.libxslt ];
buildInputs = [ libxml2 libxslt ];
buildCommand = ''
ln -s $sources/*.xml . # */
@ -100,7 +127,7 @@ in rec {
# Check the validity of the manual sources.
xmllint --noout --nonet --xinclude --noxincludenode \
--relaxng ${pkgs.docbook5}/xml/rng/docbook/docbook.rng \
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
./man-pages.xml
# Generate manpages.
@ -109,7 +136,7 @@ in rec {
--param man.output.in.separate.dir 1 \
--param man.output.base.dir "'$out/share/man/'" \
--param man.endnotes.are.numbered 0 \
${pkgs.docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
./man-pages.xml
'';
};

10
nixos/doc/manual/installation.xml
View File

@ -320,7 +320,10 @@ changes:
<itemizedlist>
<listitem>
<para>You should boot the live CD in UEFI mode (consult your
specific hardware's documentation for instructions).</para>
specific hardware's documentation for instructions). You may find
the <link
xlink:href="http://www.rodsbooks.com/refind">rEFInd
boot manager</link> useful.</para>
</listitem>
<listitem>
<para>Instead of <command>fdisk</command>, you should use
@ -335,6 +338,11 @@ changes:
should do this automatically for new configurations when booted in
UEFI mode.</para>
</listitem>
<listitem>
<para>After having mounted your installation partition to
<code>/mnt</code>, you must mount the <code>boot</code> partition
to <code>/mnt/boot</code>.</para>
</listitem>
<listitem>
<para>You may want to look at the options starting with
<option>boot.loader.efi</option> and <option>boot.loader.gummiboot</option>

19
nixos/doc/manual/manual.xml
View File

@ -7,25 +7,6 @@
<title>NixOS Manual</title>
<subtitle>Version <xi:include href="version" parse="text" /></subtitle>
<author>
<personname>
<firstname>Eelco</firstname>
<surname>Dolstra</surname>
</personname>
</author>
<author>
<personname>
<firstname>Nicolas</firstname>
<surname>Pierron</surname>
</personname>
</author>
<copyright>
<year>2007-2013</year>
<holder>Eelco Dolstra</holder>
</copyright>
</info>

6
nixos/doc/manual/options-to-docbook.xsl
View File

@ -202,4 +202,10 @@
</simplelist>
</xsl:template>
<xsl:template match="function">
<xsl:text>λ</xsl:text>
</xsl:template>
</xsl:stylesheet>

4
nixos/lib/make-iso9660-image.sh
View File

@ -78,7 +78,7 @@ done
cat pathlist | sed -e 's/=\(.*\)=\(.*\)=/\\=\1=\2\\=/' | tee pathlist.safer
ensureDir $out/iso
mkdir -p $out/iso
genCommand="genisoimage -iso-level 4 -r -J $bootFlags -hide-rr-moved -graft-points -path-list pathlist.safer ${volumeID:+-V $volumeID}"
if test -z "$compressImage"; then
$genCommand -o $out/iso/$isoName
@ -87,5 +87,5 @@ else
fi
ensureDir $out/nix-support
mkdir -p $out/nix-support
echo $system > $out/nix-support/system

4
nixos/lib/make-system-tarball.sh
View File

@ -48,11 +48,11 @@ for ((n = 0; n < ${#objects[*]}; n++)); do
fi
done
ensureDir $out/tarball
mkdir -p $out/tarball
tar cvJf $out/tarball/$fileName.tar.xz *
ensureDir $out/nix-support
mkdir -p $out/nix-support
echo $system > $out/nix-support/system
echo "file system-tarball $out/tarball/$fileName.tar.xz" > $out/nix-support/hydra-build-products

2
nixos/lib/testing.nix
View File

@ -117,7 +117,7 @@ rec {
report = releaseTools.gcovReport { coverageRuns = [ test ]; };
in (if makeCoverageReport then report else test) // { inherit driver test; };
in (if makeCoverageReport then report else test) // { inherit nodes driver test; };
runInMachine =

4
nixos/modules/config/ldap.nix
View File

@ -217,9 +217,7 @@ in
systemd.services = mkIf cfg.daemon.enable {
nslcd = {
wantedBy = [ "nss-user-lookup.target" ];
before = [ "nss-user-lookup.target" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p /run/nslcd

10
nixos/modules/config/pulseaudio.nix
View File

@ -80,12 +80,12 @@ in {
package = mkOption {
type = types.package;
default = pulseaudio;
example = literalExample "pulseaudio.override { jackaudioSupport = true; }";
default = pulseaudioFull;
example = literalExample "pulseaudioFull";
description = ''
The PulseAudio derivation to use. This can be used to enable
features (such as JACK support) that are not enabled in the
default PulseAudio in Nixpkgs.
The PulseAudio derivation to use. This can be used to disable
features (such as JACK support, Bluetooth) that are enabled in the
pulseaudioFull package in Nixpkgs.
'';
};

22
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -179,7 +179,6 @@ in
fileSystems."/" =
{ fsType = "tmpfs";
device = "none";
options = "mode=0755";
};
@ -192,6 +191,8 @@ in
noCheck = true;
};
# In stage 1, mount a tmpfs on top of /nix/store (the squashfs
# image) to make this a live CD.
fileSystems."/nix/.ro-store" =
{ fsType = "squashfs";
device = "/iso/nix-store.squashfs";
@ -201,23 +202,20 @@ in
fileSystems."/nix/.rw-store" =
{ fsType = "tmpfs";
device = "none";
options = "mode=0755";
neededForBoot = true;
};
fileSystems."/nix/store" =
{ fsType = "unionfs-fuse";
device = "unionfs";
options = "allow_other,cow,nonempty,chroot=/mnt-root,max_files=32768,hide_meta_files,dirs=/nix/.rw-store=rw:/nix/.ro-store=ro";
};
boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ];
boot.initrd.kernelModules = [ "loop" ];
# In stage 1, mount a tmpfs on top of /nix/store (the squashfs
# image) to make this a live CD.
boot.initrd.postMountCommands =
''
mkdir -p $targetRoot/nix/store
unionfs -o allow_other,cow,nonempty,chroot=$targetRoot,max_files=32768 /nix/.rw-store=RW:/nix/.ro-store=RO $targetRoot/nix/store
'';
# Closures to be copied to the Nix store on the CD, namely the init
# script and the top-level system configuration directory.
isoImage.storeContents =
@ -313,8 +311,8 @@ in
'';
# Add vfat support to the initrd to enable people to copy the
# contents of the CD to a bootable USB stick. Need unionfs-fuse for union mounts
boot.initrd.supportedFilesystems = [ "vfat" "unionfs-fuse" ];
# contents of the CD to a bootable USB stick.
boot.initrd.supportedFilesystems = [ "vfat" ];
};

7
nixos/modules/misc/ids.nix
View File

@ -137,6 +137,9 @@
gitolite = 127;
znc = 128;
polipo = 129;
mopidy = 130;
unifi = 131;
gdm = 132;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -248,6 +251,10 @@
firebird = 127;
znc = 128;
polipo = 129;
mopidy = 130;
docker = 131;
gdm = 132;
tss = 133;
# When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399!

13
nixos/modules/module-list.nix
View File

@ -50,6 +50,7 @@
./programs/bash/bash.nix
./programs/bash/command-not-found.nix
./programs/blcr.nix
./programs/dconf.nix
./programs/environment.nix
./programs/info.nix
./programs/screen.nix
@ -79,6 +80,7 @@
./services/audio/alsa.nix
./services/audio/fuppes.nix
./services/audio/mpd.nix
./services/audio/mopidy.nix
./services/backup/almir.nix
./services/backup/bacula.nix
./services/backup/mysql-backup.nix
@ -124,6 +126,7 @@
./services/hardware/pcscd.nix
./services/hardware/pommed.nix
./services/hardware/sane.nix
./services/hardware/tcsd.nix
./services/hardware/thinkfan.nix
./services/hardware/udev.nix
./services/hardware/udisks2.nix
@ -134,6 +137,7 @@
./services/logging/logstash.nix
./services/logging/rsyslogd.nix
./services/logging/syslogd.nix
./services/logging/syslog-ng.nix
./services/mail/dovecot.nix
./services/mail/freepops.nix
./services/mail/mail.nix
@ -232,6 +236,7 @@
./services/networking/teamspeak3.nix
./services/networking/tftpd.nix
./services/networking/unbound.nix
./services/networking/unifi.nix
./services/networking/vsftpd.nix
./services/networking/wakeonlan.nix
./services/networking/websockify.nix
@ -276,6 +281,7 @@
./services/x11/desktop-managers/default.nix
./services/x11/display-managers/auto.nix
./services/x11/display-managers/default.nix
./services/x11/display-managers/gdm.nix
./services/x11/display-managers/kdm.nix
./services/x11/display-managers/lightdm.nix
./services/x11/display-managers/slim.nix
@ -287,6 +293,7 @@
#./services/x11/window-managers/compiz.nix
./services/x11/window-managers/default.nix
./services/x11/window-managers/icewm.nix
./services/x11/window-managers/bspwm.nix
./services/x11/window-managers/metacity.nix
./services/x11/window-managers/none.nix
./services/x11/window-managers/twm.nix
@ -296,6 +303,7 @@
./services/x11/xserver.nix
./system/activation/activation-script.nix
./system/activation/top-level.nix
./system/boot/emergency-mode.nix
./system/boot/kernel.nix
./system/boot/kexec.nix
./system/boot/loader/efi.nix
@ -311,15 +319,17 @@
./system/boot/stage-1.nix
./system/boot/stage-2.nix
./system/boot/systemd.nix
./system/boot/tmp.nix
./system/etc/etc.nix
./system/upstart/upstart.nix
./tasks/cpu-freq.nix
./tasks/encrypted-devices.nix
./tasks/filesystems.nix
./tasks/filesystems/btrfs.nix
./tasks/filesystems/cifs.nix
./tasks/filesystems/ext.nix
./tasks/filesystems/f2fs.nix
./tasks/filesystems/nfs.nix
./tasks/filesystems.nix
./tasks/filesystems/reiserfs.nix
./tasks/filesystems/unionfs-fuse.nix
./tasks/filesystems/vfat.nix
@ -334,6 +344,7 @@
./testing/service-runner.nix
./virtualisation/container-config.nix
./virtualisation/containers.nix
./virtualisation/docker.nix
./virtualisation/libvirtd.nix
#./virtualisation/nova.nix
./virtualisation/virtualbox-guest.nix

1
nixos/modules/profiles/base.nix
View File

@ -7,7 +7,6 @@
# Include some utilities that are useful for installing or repairing
# the system.
environment.systemPackages = [
pkgs.subversion # for nixos-checkout
pkgs.w3m # needed for the manual anyway
pkgs.testdisk # useful for repairing boot problems
pkgs.mssys # for writing Microsoft boot sectors / MBRs

34
nixos/modules/programs/dconf.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, lib, ... }:
let
inherit (lib) mkOption mkIf types mapAttrsToList;
cfg = config.programs.dconf;
mkDconfProfile = name: path:
{ source = path; target = "dconf/profile/${name}"; };
in
{
###### interface
options = {
programs.dconf = {
profiles = mkOption {
type = types.attrsOf types.path;
default = {};
description = "Set of dconf profile files.";
internal = true;
};
};
};
###### implementation
config = mkIf (cfg.profiles != {}) {
environment.etc =
(mapAttrsToList mkDconfProfile cfg.profiles);
};
}

5
nixos/modules/security/ca.nix
View File

@ -13,8 +13,9 @@ with lib;
];
environment.sessionVariables =
{ OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt";
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
# FIXME: unneeded - remove eventually.
OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt";
};

3
nixos/modules/security/rngd.nix
View File

@ -30,7 +30,8 @@ with lib;
description = "Hardware RNG Entropy Gatherer Daemon";
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f";
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f -v" +
(if config.services.tcsd.enable then " --no-tpm=1" else "");
restartTriggers = [ pkgs.rng_tools ];
};

2
nixos/modules/services/amqp/activemq/default.nix
View File

@ -12,7 +12,7 @@ let
phases = [ "installPhase" ];
buildInputs = [ jdk ];
installPhase = ''
ensureDir $out/lib
mkdir -p $out/lib
source ${activemq}/lib/classpath.env
export CLASSPATH
ln -s "${./ActiveMQBroker.java}" ActiveMQBroker.java

41
nixos/modules/services/amqp/rabbitmq.nix
View File

@ -4,6 +4,8 @@ with lib;
let
cfg = config.services.rabbitmq;
config_file = pkgs.writeText "rabbitmq.config" cfg.config;
config_file_wo_suffix = builtins.substring 0 ((builtins.stringLength config_file) - 7) config_file;
in {
###### interface
@ -31,7 +33,6 @@ in {
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/rabbitmq";
@ -40,6 +41,30 @@ in {
'';
};
cookie = mkOption {
default = "";
type = types.str;
description = ''
Erlang cookie is a string of arbitrary length which must
be the same for several nodes to be allowed to communicate.
Leave empty to generate automatically.
'';
};
config = mkOption {
default = "";
type = types.str;
description = ''
Verbatim configuration file contents.
See http://www.rabbitmq.com/configure.htm
'';
};
plugins = mkOption {
default = [];
type = types.listOf types.str;
description = "The names of plugins to enable";
};
};
};
@ -69,7 +94,10 @@ in {
RABBITMQ_NODE_IP_ADDRESS = cfg.listenAddress;
RABBITMQ_SERVER_START_ARGS = "-rabbit error_logger tty -rabbit sasl_error_logger false";
SYS_PREFIX = "";
};
RABBITMQ_ENABLED_PLUGINS_FILE = pkgs.writeText "enabled_plugins" ''
[ ${concatStringsSep "," cfg.plugins} ].
'';
} // optionalAttrs (cfg.config != "") { RABBITMQ_CONFIG_FILE = config_file_wo_suffix; };
serviceConfig = {
ExecStart = "${pkgs.rabbitmq_server}/sbin/rabbitmq-server";
@ -81,6 +109,15 @@ in {
preStart = ''
mkdir -p ${cfg.dataDir} && chmod 0700 ${cfg.dataDir}
if [ "$(id -u)" = 0 ]; then chown rabbitmq:rabbitmq ${cfg.dataDir}; fi
${optionalString (cfg.cookie != "") ''
echo -n ${cfg.cookie} > ${cfg.dataDir}/.erlang.cookie
chmod 400 ${cfg.dataDir}/.erlang.cookie
chown rabbitmq:rabbitmq ${cfg.dataDir}/.erlang.cookie
''}
mkdir -p /var/log/rabbitmq && chmod 0700 /var/log/rabbitmq
chown rabbitmq:rabbitmq /var/log/rabbitmq
'';
};

118
nixos/modules/services/audio/mopidy.nix Normal file
View File

@ -0,0 +1,118 @@
{ config, lib, pkgs, ... }:
with pkgs;
with lib;
let
uid = config.ids.uids.mopidy;
gid = config.ids.gids.mopidy;
cfg = config.services.mopidy;
mopidyConf = writeText "mopidy.conf" cfg.configuration;
mopidyLauncher = stdenv.mkDerivation {
name = "mopidy-launcher";
phases = [ "installPhase" ];
buildInputs = [ makeWrapper python ];
installPhase = ''
mkdir -p $out/bin
ln -s ${mopidy}/bin/mopidy $out/bin/mopidy
wrapProgram $out/bin/mopidy \
--prefix PYTHONPATH : \
"${concatStringsSep ":" (map (p: "$(toPythonPath ${p})") cfg.extensionPackages)}"
'';
};
in {
options = {
services.mopidy = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable Mopidy, a music player daemon.
'';
};
dataDir = mkOption {
default = "/var/lib/mopidy";
type = types.str;
description = ''
The directory where Mopidy stores its state.
'';
};
extensionPackages = mkOption {
default = [];
type = types.listOf types.package;
example = [ mopidy-spotify ];
description = ''
Mopidy extensions that should be loaded by the service.
'';
};
configuration = mkOption {
type = types.lines;
description = ''
The configuration that Mopidy should use.
'';
};
extraConfigFiles = mkOption {
default = [];
type = types.listOf types.str;
description = ''
Extra config file read by Mopidy when the service starts.
Later files in the list overrides earlier configuration.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.mopidy = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "sound.target" ];
description = "mopidy music player daemon";
preStart = "mkdir -p ${cfg.dataDir} && chown -R mopidy:mopidy ${cfg.dataDir}";
serviceConfig = {
ExecStart = "${mopidyLauncher}/bin/mopidy --config ${concatStringsSep ":" ([mopidyConf] ++ cfg.extraConfigFiles)}";
User = "mopidy";
PermissionsStartOnly = true;
};
};
systemd.services.mopidy-scan = {
description = "mopidy local files scanner";
preStart = "mkdir -p ${cfg.dataDir} && chown -R mopidy:mopidy ${cfg.dataDir}";
serviceConfig = {
ExecStart = "${mopidyLauncher}/bin/mopidy --config ${concatStringsSep ":" ([mopidyConf] ++ cfg.extraConfigFiles)} local scan";
User = "mopidy";
PermissionsStartOnly = true;
Type = "oneshot";
};
};
users.extraUsers.mopidy = {
inherit uid;
group = "mopidy";
extraGroups = [ "audio" ];
description = "Mopidy daemon user";
home = "${cfg.dataDir}";
};
users.extraGroups.mopidy.gid = gid;
};
}

7
nixos/modules/services/desktops/gnome3/at-spi2-core.nix
View File

@ -4,9 +4,6 @@
with lib;
let
gnome3 = config.environment.gnome3.packageSet;
in
{
###### interface
@ -33,9 +30,9 @@ in
config = mkIf config.services.gnome3.at-spi2-core.enable {
environment.systemPackages = [ gnome3.at_spi2_core ];
environment.systemPackages = [ pkgs.at_spi2_core ];
services.dbus.packages = [ gnome3.at_spi2_core ];
services.dbus.packages = [ pkgs.at_spi2_core ];
};

2
nixos/modules/services/hardware/acpid.nix
View File

@ -6,7 +6,7 @@ let
acpiConfDir = pkgs.runCommand "acpi-events" {}
''
ensureDir $out
mkdir -p $out
${
# Generate a configuration file for each event. (You can't have
# multiple events in one config file...)

139
nixos/modules/services/hardware/tcsd.nix Normal file
View File

@ -0,0 +1,139 @@
# tcsd daemon.
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.tcsd;
tcsdConf = pkgs.writeText "tcsd.conf" ''
port = 30003
num_threads = 10
system_ps_file = ${cfg.stateDir}/system.data
# This is the log of each individual measurement done by the system.
# By re-calculating the PCR registers based on this information, even
# finer details about the measured environment can be inferred than
# what is available directly from the PCR registers.
firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements
#firmware_pcrs = 0,1,2,3,4,5,6,7
#kernel_pcrs = 10,11
platform_cred = ${cfg.platformCred}
conformance_cred = ${cfg.conformanceCred}
endorsement_cred = ${cfg.endorsementCred}
#remote_ops = create_key,random
#host_platform_class = server_12
#all_platform_classes = pc_11,pc_12,mobile_12
'';
in
{
###### interface
options = {
services.tcsd = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable tcsd, a Trusted Computing management service
that provides TCG Software Stack (TSS). The tcsd daemon is
the only portal to the Trusted Platform Module (TPM), a hardware
chip on the motherboard.
'';
};
user = mkOption {
default = "tss";
type = types.string;
description = "User account under which tcsd runs.";
};
group = mkOption {
default = "tss";
type = types.string;
description = "Group account under which tcsd runs.";
};
stateDir = mkOption {
default = "/var/lib/tpm";
type = types.path;
description = ''
The location of the system persistent storage file.
The system persistent storage file holds keys and data across
restarts of the TCSD and system reboots.
'';
};
platformCred = mkOption {
default = "${cfg.stateDir}/platform.cert";
type = types.path;
description = ''
Path to the platform credential for your TPM. Your TPM
manufacturer may have provided you with a set of credentials
(certificates) that should be used when creating identities
using your TPM. When a user of your TPM makes an identity,
this credential will be encrypted as part of that process.
See the 1.1b TPM Main specification section 9.3 for information
on this process. '';
};
conformanceCred = mkOption {
default = "${cfg.stateDir}/conformance.cert";
type = types.path;
description = ''
Path to the conformance credential for your TPM.
See also the platformCred option'';
};
endorsementCred = mkOption {
default = "${cfg.stateDir}/endorsement.cert";
type = types.path;
description = ''
Path to the endorsement credential for your TPM.
See also the platformCred option'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.trousers ];
# system.activationScripts.tcsd =
# ''
# chown ${cfg.user}:${cfg.group} ${tcsdConf}
# '';
systemd.services.tcsd = {
description = "TCSD";
after = [ "systemd-udev-settle.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.trousers ];
preStart =
''
mkdir -m 0700 -p ${cfg.stateDir}
chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir}
'';
serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";
};
users.extraUsers = optionalAttrs (cfg.user == "tss") (singleton
{ name = "tss";
group = "tss";
uid = config.ids.uids.nginx;
});
users.extraGroups = optionalAttrs (cfg.group == "tss") (singleton
{ name = "tss";
gid = config.ids.gids.nginx;
});
};
}

16
nixos/modules/services/logging/logrotate.nix
View File

@ -8,10 +8,6 @@ let
configFile = pkgs.writeText "logrotate.conf"
cfg.config;
cronJob = ''
5 * * * * root ${pkgs.logrotate}/sbin/logrotate ${configFile}
'';
in
{
options = {
@ -33,6 +29,16 @@ in
};
config = mkIf cfg.enable {
services.cron.systemCronJobs = [ cronJob ];
systemd.services.logrotate = {
description = "Logrotate Service";
wantedBy = [ "multi-user.target" ];
startAt = "*-*-* *:05:00";
serviceConfig.Restart = "no";
serviceConfig.User = "root";
script = ''
exec ${pkgs.logrotate}/sbin/logrotate ${configFile}
'';
};
};
}

4
nixos/modules/services/logging/logstash.nix
View File

@ -69,9 +69,9 @@ in
systemd.services.logstash = with pkgs; {
description = "Logstash Daemon";
wantedBy = [ "multi-user.target" ];
environment = { JAVA_HOME = jre; };
serviceConfig = {
ExecStart = "${jre}/bin/java -jar ${logstash} agent -f ${writeText "logstash.conf" ''
ExecStart = "${logstash}/bin/logstash agent -f ${writeText "logstash.conf" ''
input {
${cfg.inputConfig}
}

83
nixos/modules/services/logging/syslog-ng.nix Normal file
View File

@ -0,0 +1,83 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.syslog-ng;
syslogngConfig = pkgs.writeText "syslog-ng.conf" ''
@version: 3.5
@include "scl.conf"
${cfg.extraConfig}
'';
ctrlSocket = "/run/syslog-ng/syslog-ng.ctl";
pidFile = "/run/syslog-ng/syslog-ng.pid";
persistFile = "/var/syslog-ng/syslog-ng.persist";
syslogngOptions = [
"--foreground"
"--module-path=${concatStringsSep ":" (["${pkgs.syslogng}/lib/syslog-ng"] ++ cfg.extraModulePaths)}"
"--cfgfile=${syslogngConfig}"
"--control=${ctrlSocket}"
"--persist-file=${persistFile}"
"--pidfile=${pidFile}"
];
in {
options = {
services.syslog-ng = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the syslog-ng daemon.
'';
};
serviceName = mkOption {
type = types.str;
default = "syslog-ng";
description = ''
The name of the systemd service that runs syslog-ng. Set this to
<literal>syslog</literal> if you want journald to automatically
forward all logs to syslog-ng.
'';
};
extraModulePaths = mkOption {
type = types.listOf types.str;
default = [];
example = [ "${pkgs.syslogng_incubator}/lib/syslog-ng" ];
description = ''
A list of paths that should be included in syslog-ng's
<literal>--module-path</literal> option. They should usually
end in <literal>/lib/syslog-ng</literal>
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Configuration added to the end of <literal>syslog-ng.conf</literal>.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services."${cfg.serviceName}" = {
wantedBy = [ "multi-user.target" ];
preStart = "mkdir -p /{var,run}/syslog-ng";
serviceConfig = {
Type = "notify";
Sockets = "syslog.socket";
StandardOutput = "null";
Restart = "on-failure";
ExecStart = "${pkgs.syslogng}/sbin/syslog-ng ${concatStringsSep " " syslogngOptions}";
};
};
};
}

17
nixos/modules/services/misc/nix-daemon.nix
View File

@ -22,14 +22,11 @@ let
nixConf =
let
# Tricky: if we're using a chroot for builds, then we need
# /bin/sh in the chroot (our own compromise to purity).
# However, since /bin/sh is a symlink to some path in the
# Nix store, which furthermore has runtime dependencies on
# other paths in the store, we need the closure of /bin/sh
# in `build-chroot-dirs' - otherwise any builder that uses
# /bin/sh won't work.
binshDeps = pkgs.writeReferencesToFile config.system.build.binsh;
# If we're using a chroot for builds, then provide /bin/sh in
# the chroot as a bind-mount to bash. This means we also need to
# include the entire closure of bash.
sh = pkgs.stdenv.shell;
binshDeps = pkgs.writeReferencesToFile sh;
in
pkgs.runCommand "nix.conf" {extraOptions = cfg.extraOptions; } ''
extraPaths=$(for i in $(cat ${binshDeps}); do if test -d $i; then echo $i; fi; done)
@ -40,7 +37,7 @@ let
build-users-group = nixbld
build-max-jobs = ${toString (cfg.maxJobs)}
build-use-chroot = ${if cfg.useChroot then "true" else "false"}
build-chroot-dirs = ${toString cfg.chrootDirs} $(echo $extraPaths)
build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
binary-caches = ${toString cfg.binaryCaches}
trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
$extraOptions
@ -253,8 +250,6 @@ in
config = {
nix.chrootDirs = [ "/bin" ];
environment.etc."nix/nix.conf".source = nixConf;
# List of machines for distributed Nix builds in the format

38
nixos/modules/services/misc/nix-ssh-serve.nix
View File

@ -1,32 +1,35 @@
{ config, lib, pkgs, ... }:
let
serveOnly = pkgs.writeScript "nix-store-serve" ''
#!${pkgs.stdenv.shell}
if [ "$SSH_ORIGINAL_COMMAND" != "nix-store --serve" ]; then
echo 'Error: You are only allowed to run `nix-store --serve'\'''!' >&2
exit 1
fi
exec /run/current-system/sw/bin/nix-store --serve
'';
with lib;
inherit (lib) mkIf mkOption types;
in {
{
options = {
nix.sshServe = {
enable = mkOption {
description = "Whether to enable serving the nix store over ssh.";
default = false;
type = types.bool;
default = false;
description = "Whether to enable serving the Nix store as a binary cache via SSH.";
};
keys = mkOption {
type = types.listOf types.str;
default = [];
example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ];
description = "A list of SSH public keys allowed to access the binary cache via SSH.";
};
};
};
config = mkIf config.nix.sshServe.enable {
users.extraUsers.nix-ssh = {
description = "User for running nix-store --serve.";
description = "Nix SSH substituter user";
uid = config.ids.uids.nix-ssh;
shell = pkgs.stdenv.shell;
useDefaultShell = true;
};
services.openssh.enable = true;
@ -38,8 +41,11 @@ in {
PermitTTY no
PermitTunnel no
X11Forwarding no
ForceCommand ${serveOnly}
ForceCommand ${config.nix.package}/bin/nix-store --serve
Match All
'';
users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys;
};
}

15
nixos/modules/services/monitoring/munin.nix
View File

@ -189,19 +189,18 @@ in
wantedBy = [ "multi-user.target" ];
path = [ pkgs.munin ];
environment.MUNIN_PLUGSTATE = "/var/run/munin";
preStart = ''
echo "updating munin plugins..."
mkdir -p /etc/munin/plugins
rm -rf /etc/munin/plugins/*
PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
'';
serviceConfig = {
ExecStart = "${pkgs.munin}/sbin/munin-node --config ${nodeConf} --servicedir /etc/munin/plugins/";
};
};
system.activationScripts.munin-node = ''
echo "updating munin plugins..."
mkdir -p /etc/munin/plugins
rm -rf /etc/munin/plugins/*
PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
'';
}) (mkIf cronCfg.enable {
services.cron.systemCronJobs = [

2
nixos/modules/services/monitoring/nagios.nix
View File

@ -12,7 +12,7 @@ let
nagiosObjectDefs = cfg.objectDefs;
nagiosObjectDefsDir = pkgs.runCommand "nagios-objects" {inherit nagiosObjectDefs;}
"ensureDir $out; ln -s $nagiosObjectDefs $out/";
"mkdir -p $out; ln -s $nagiosObjectDefs $out/";
nagiosCfgFile = pkgs.writeText "nagios.cfg"
''

2
nixos/modules/services/monitoring/systemhealth.nix
View File

@ -13,7 +13,7 @@ let
};
buildInputs = [ python ];
installPhase = ''
ensureDir $out/bin
mkdir -p $out/bin
# Make it work for kernels 3.x, not so different than 2.6
sed -i 's/2\.6/4.0/' system_health.py
cp system_health.py $out/bin

2
nixos/modules/services/network-filesystems/openafs-client/default.nix
View File

@ -11,7 +11,7 @@ let
};
afsConfig = pkgs.runCommand "afsconfig" {} ''
ensureDir $out
mkdir -p $out
echo ${cfg.cellName} > $out/ThisCell
cp ${cellServDB} $out/CellServDB
echo "/afs:${cfg.cacheDirectory}:${cfg.cacheSize}" > $out/cacheinfo

4
nixos/modules/services/networking/ircd-hybrid/builder.sh
View File

@ -3,7 +3,7 @@ source $stdenv/setup
doSub() {
local src=$1
local dst=$2
ensureDir $(dirname $dst)
mkdir -p $(dirname $dst)
substituteAll $src $dst
}
@ -28,4 +28,4 @@ for i in $substFiles; do
fi
done
ensureDir $out/bin
mkdir -p $out/bin

3
nixos/modules/services/networking/ssh/lshd.nix
View File

@ -99,7 +99,6 @@ in
};
subsystems = mkOption {
default = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ];
description = ''
List of subsystem-path pairs, where the head of the pair
denotes the subsystem name, and the tail denotes the path to
@ -116,6 +115,8 @@ in
config = mkIf cfg.enable {
services.lshd.subsystems = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ];
jobs.lshd =
{ description = "GNU lshd SSH2 daemon";

88
nixos/modules/services/networking/unifi.nix Normal file
View File

@ -0,0 +1,88 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.unifi;
stateDir = "/var/lib/unifi";
cmd = "@${pkgs.icedtea7_jre}/bin/java java -jar ${stateDir}/lib/ace.jar";
in
{
options = {
services.unifi.enable = mkOption {
type = types.uniq types.bool;
default = false;
description = ''
Whether or not to enable the unifi controller service.
'';
};
};
config = mkIf cfg.enable {
users.extraUsers.unifi = {
uid = config.ids.uids.unifi;
description = "UniFi controller daemon user";
home = "${stateDir}";
};
# We must create the binary directories as bind mounts instead of symlinks
# This is because the controller resolves all symlinks to absolute paths
# to be used as the working directory.
systemd.mounts = map ({ what, where }: {
bindsTo = [ "unifi.service" ];
requiredBy = [ "unifi.service" ];
before = [ "unifi.service" ];
options = "bind";
what = what;
where = where;
}) [
{
what = "${pkgs.unifi}/dl";
where = "${stateDir}/dl";
}
{
what = "${pkgs.unifi}/lib";
where = "${stateDir}/lib";
}
{
what = "${pkgs.mongodb}/bin";
where = "${stateDir}/bin";
}
];
systemd.services.unifi = {
description = "UniFi controller daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
# Ensure privacy of state
chown unifi "${stateDir}"
chmod 0700 "${stateDir}"
# Create the volatile webapps
mkdir -p "${stateDir}/webapps"
chown unifi "${stateDir}/webapps"
ln -s "${pkgs.unifi}/webapps/ROOT.war" "${stateDir}/webapps/ROOT.war"
'';
postStop = ''
rm "${stateDir}/webapps/ROOT.war"
'';
serviceConfig = {
Type = "simple";
ExecStart = "${cmd} start";
ExecStop = "${cmd} stop";
User = "unifi";
PermissionsStartOnly = true;
UMask = "0077";
WorkingDirectory = "${stateDir}";
};
};
};
}

76
nixos/modules/services/networking/znc.nix
View File

@ -20,6 +20,11 @@ let
</Pass>
";
modules = pkgs.buildEnv {
name = "znc-modules";
paths = cfg.modulePackages;
};
confOptions = { ... }: {
options = {
modules = mkOption {
@ -31,6 +36,15 @@ let
'';
};
userModules = mkOption {
type = types.listOf types.string;
default = [ ];
example = [ "fish" "push" ];
description = ''
A list of user modules to include in the `znc.conf` file.
'';
};
userName = mkOption {
default = defaultUserName;
example = "johntron";
@ -63,9 +77,9 @@ let
};
port = mkOption {
default = "5000";
example = "5000";
type = types.string;
default = 5000;
example = 5000;
type = types.int;
description = ''
Specifies the port on which to listen.
'';
@ -80,6 +94,13 @@ let
'';
};
extraZncConf = mkOption {
default = "";
type = types.lines;
description = ''
Extra config to `znc.conf` file
'';
};
};
};
@ -104,7 +125,7 @@ let
AllowWeb = true
IPv4 = true
IPv6 = false
Port = ${if confOpts.useSSL then "+" else ""}${confOpts.port}
Port = ${if confOpts.useSSL then "+" else ""}${toString confOpts.port}
SSL = ${if confOpts.useSSL then "true" else "false"}
</Listener>
@ -128,9 +149,11 @@ let
QuitMsg = Quit
RealName = ${confOpts.nick}
TimestampFormat = [%H:%M:%S]
${concatMapStrings (n: "LoadModule = ${n}\n") confOpts.userModules}
${confOpts.passBlock}
</User>
${confOpts.extraZncConf}
'';
zncConfFile = pkgs.writeTextFile {
@ -168,9 +191,9 @@ in
};
dataDir = mkOption {
default = "/home/${cfg.user}/.znc";
example = "/home/john/.znc";
type = types.string;
default = "/var/lib/znc/";
example = "/home/john/.znc/";
type = types.path;
description = ''
The data directory. Used for configuration files and modules.
'';
@ -179,7 +202,7 @@ in
zncConf = mkOption {
default = "";
example = "See: http://wiki.znc.in/Configuration";
type = types.string;
type = types.lines;
description = ''
The contents of the `znc.conf` file to use when creating it.
If specified, `confOptions` will be ignored, and this value, as-is, will be used.
@ -201,6 +224,15 @@ in
'';
options = confOptions;
};
modulePackages = mkOption {
type = types.listOf types.package;
default = [ ];
example = [ pkgs.zncModules.fish pkgs.zncModules.push ];
description = ''
A list of global znc module packages to add to znc.
'';
};
mutable = mkOption {
default = false;
@ -218,9 +250,9 @@ in
};
extraFlags = mkOption {
default = "";
example = "--debug";
type = types.string;
default = [ ];
example = [ "--debug" ];
type = types.listOf types.str;
description = ''
Extra flags to use when executing znc command.
'';
@ -233,25 +265,22 @@ in
config = mkIf cfg.enable {
systemd.services."znc-${cfg.user}" = {
description = "ZNC Server of ${cfg.user}.";
systemd.services.znc = {
description = "ZNC Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.service" ];
path = [ pkgs.znc ];
serviceConfig = {
User = "${cfg.user}";
User = cfg.user;
Restart = "always";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID";
};
preStart = ''
${pkgs.coreutils}/bin/mkdir -p ${cfg.dataDir}
${pkgs.coreutils}/bin/chown ${cfg.user} ${cfg.dataDir} -R
${pkgs.coreutils}/bin/mkdir -p ${cfg.dataDir}/configs
# If mutable, regenerate conf file every time.
${optionalString (!cfg.mutable) ''
${pkgs.coreutils}/echo "znc-${cfg.user} is set to be system-managed. Now deleting old znc.conf file to be regenerated."
${pkgs.coreutils}/echo "znc is set to be system-managed. Now deleting old znc.conf file to be regenerated."
${pkgs.coreutils}/rm -f ${cfg.dataDir}/configs/znc.conf
''}
@ -259,7 +288,7 @@ in
if [[ ! -f ${cfg.dataDir}/configs/znc.conf ]]; then
${pkgs.coreutils}/bin/echo "No znc.conf file found in ${cfg.dataDir}. Creating one now."
${if (!cfg.mutable)
then "${pkgs.coreutils}/bin/ln --force -s ${zncConfFile} ${cfg.dataDir}/configs/znc.conf"
then "${pkgs.coreutils}/bin/ln --force -s ${zncConfFile} ${cfg.dataDir}/.znc/configs/znc.conf"
else ''
${pkgs.coreutils}/bin/cp --no-clobber ${zncConfFile} ${cfg.dataDir}/configs/znc.conf
${pkgs.coreutils}/bin/chmod u+rw ${cfg.dataDir}/configs/znc.conf
@ -269,10 +298,14 @@ in
if [[ ! -f ${cfg.dataDir}/znc.pem ]]; then
${pkgs.coreutils}/bin/echo "No znc.pem file found in ${cfg.dataDir}. Creating one now."
${pkgs.znc}/bin/znc --makepem
${pkgs.znc}/bin/znc --makepem --datadir ${cfg.dataDir}
fi
# Symlink modules
rm ${cfg.dataDir}/modules || true
ln -fs ${modules}/lib/znc ${cfg.dataDir}/modules
'';
script = "${pkgs.znc}/bin/znc --foreground --datadir ${cfg.dataDir} ${cfg.extraFlags}";
script = "${pkgs.znc}/bin/znc --foreground --datadir ${cfg.dataDir} ${toString cfg.extraFlags}";
};
users.extraUsers = optional (cfg.user == defaultUser)
@ -280,6 +313,7 @@ in
description = "ZNC server daemon owner";
group = defaultUser;
uid = config.ids.uids.znc;
home = cfg.dataDir;
createHome = true;
createUser = true;
};

15
nixos/modules/services/search/elasticsearch.nix
View File

@ -21,6 +21,11 @@ let
];
};
esPlugins = pkgs.buildEnv {
name = "elasticsearch-plugins";
paths = cfg.plugins;
};
in {
###### interface
@ -101,6 +106,12 @@ in {
example = [ "-Djava.net.preferIPv4Stack=true" ];
};
plugins = mkOption {
description = "Extra elasticsearch plugins";
default = [];
type = types.listOf types.package;
};
};
###### implementation
@ -119,6 +130,10 @@ in {
preStart = ''
mkdir -m 0700 -p ${cfg.dataDir}
if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi
# Install plugins
rm ${cfg.dataDir}/plugins || true
ln -s ${esPlugins}/plugins ${cfg.dataDir}/plugins
'';
};

17
nixos/modules/services/security/fail2ban.nix
View File

@ -25,12 +25,17 @@ in
options = {
services.fail2ban = {
enable = mkOption {
default = false;
type = types.bool;
description = "Whether to enable the fail2ban service.";
};
daemonConfig = mkOption {
default =
''
[Definition]
loglevel = 3
loglevel = INFO
logtarget = SYSLOG
socket = /run/fail2ban/fail2ban.sock
pidfile = /run/fail2ban/fail2ban.pid
@ -80,7 +85,7 @@ in
###### implementation
config = {
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.fail2ban ];
@ -101,12 +106,13 @@ in
preStart =
''
mkdir -p /run/fail2ban -m 0755
mkdir -p /var/lib/fail2ban
'';
serviceConfig =
{ ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
ReadOnlyDirectories = "/";
ReadWriteDirectories = "/run /var/tmp";
ReadWriteDirectories = "/run /var/tmp /var/lib";
CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW";
};
@ -131,15 +137,14 @@ in
bantime = 600
findtime = 600
maxretry = 3
backend = auto
'';
backend = systemd
'';
# Block SSH if there are too many failing connection attempts.
services.fail2ban.jails.ssh-iptables =
''
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/warn
maxretry = 5
'';

2
nixos/modules/services/system/dbus.nix
View File

@ -14,7 +14,7 @@ let
name = "dbus-conf";
preferLocalBuild = true;
buildCommand = ''
ensureDir $out
mkdir -p $out
cp -v ${pkgs.dbus.daemon}/etc/dbus-1/system.conf $out/system.conf

12
nixos/modules/services/web-servers/apache-httpd/default.nix
View File

@ -80,7 +80,7 @@ let
# !!! should be in lib
writeTextInDir = name: text:
pkgs.runCommand name {inherit text;} "ensureDir $out; echo -n \"$text\" > $out/$name";
pkgs.runCommand name {inherit text;} "mkdir -p $out; echo -n \"$text\" > $out/$name";
enableSSL = any (vhost: vhost.enableSSL) allHosts;
@ -194,7 +194,7 @@ let
) null ([ cfg ] ++ subservices);
documentRoot = if maybeDocumentRoot != null then maybeDocumentRoot else
pkgs.runCommand "empty" {} "ensureDir $out";
pkgs.runCommand "empty" {} "mkdir -p $out";
documentRootConf = ''
DocumentRoot "${documentRoot}"
@ -387,7 +387,7 @@ let
'';
enablePHP = any (svc: svc.enablePHP) allSubservices;
enablePHP = mainCfg.enablePHP || any (svc: svc.enablePHP) allSubservices;
# Generate the PHP configuration file. Should probably be factored
@ -531,6 +531,12 @@ in
'';
};
enablePHP = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the PHP module.";
};
phpOptions = mkOption {
type = types.lines;
default = "";

4
nixos/modules/services/web-servers/apache-httpd/mediawiki.nix
View File

@ -92,7 +92,7 @@ let
installPhase =
''
ensureDir $out
mkdir -p $out
cp -r * $out
cp ${mediawikiConfig} $out/LocalSettings.php
sed -i \
@ -106,7 +106,7 @@ let
mediawikiScripts = pkgs.runCommand "mediawiki-${config.id}-scripts"
{ buildInputs = [ pkgs.makeWrapper ]; }
''
ensureDir $out/bin
mkdir -p $out/bin
for i in changePassword.php createAndPromote.php userOptions.php edit.php nukePage.php update.php; do
makeWrapper ${php}/bin/php $out/bin/mediawiki-${config.id}-$(basename $i .php) \
--add-flags ${mediawikiRoot}/maintenance/$i

2
nixos/modules/services/web-servers/apache-httpd/mercurial.nix
View File

@ -9,7 +9,7 @@ let
cgi = pkgs.stdenv.mkDerivation {
name = "mercurial-cgi";
buildCommand = ''
ensureDir $out
mkdir -p $out
cp -v ${mercurial}/share/cgi-bin/hgweb.cgi $out
sed -i "s|/path/to/repo/or/config|$out/hgweb.config|" $out/hgweb.cgi
echo "

8
nixos/modules/services/web-servers/apache-httpd/tomcat-connector.nix
View File

@ -29,6 +29,14 @@ ${extraWorkersProperties}
'';
in
{
options = {
extraWorkersProperties = lib.mkOption {
default = "";
description = "Additional configuration for the workers.properties file.";
};
};
extraModules = [
{ name = "jk"; path = "${pkgs.tomcat_connectors}/modules/mod_jk.so"; }
];

2
nixos/modules/services/web-servers/lighttpd/cgit.nix
View File

@ -29,7 +29,7 @@ in
cache-size=1000
scan-path=/srv/git
'';
type = types.string;
type = types.lines;
description = ''
Verbatim contents of the cgit runtime configuration file. Documentation
(with cgitrc example file) is available in "man cgitrc". Or online:

12
nixos/modules/services/web-servers/lighttpd/default.nix
View File

@ -9,9 +9,9 @@ let
cfg = config.services.lighttpd;
needModRedirect = cfg.gitweb.enable;
needModAlias = cfg.cgit.enable or cfg.gitweb.enable;
needModSetenv = cfg.cgit.enable or cfg.gitweb.enable;
needModCgi = cfg.cgit.enable or cfg.gitweb.enable;
needModAlias = cfg.cgit.enable || cfg.gitweb.enable;
needModSetenv = cfg.cgit.enable || cfg.gitweb.enable;
needModCgi = cfg.cgit.enable || cfg.gitweb.enable;
needModStatus = cfg.mod_status;
needModUserdir = cfg.mod_userdir;
@ -102,7 +102,7 @@ in
document-root = mkOption {
default = "/srv/www";
type = types.str;
type = types.path;
description = ''
Document-root of the web server. Must be readable by the "lighttpd" user.
'';
@ -128,7 +128,7 @@ in
configText = mkOption {
default = "";
type = types.string;
type = types.lines;
example = ''...verbatim config file contents...'';
description = ''
Overridable config file contents to use for lighttpd. By default, use
@ -138,7 +138,7 @@ in
extraConfig = mkOption {
default = "";
type = types.string;
type = types.lines;
description = ''
These configuration lines will be appended to the generated lighttpd
config file. Note that this mechanism does not work when the manual

4
nixos/modules/services/web-servers/lighttpd/gitweb.nix
View File

@ -25,7 +25,7 @@ in
projectroot = mkOption {
default = "/srv/git";
type = types.str;
type = types.path;
description = ''
Path to git projects (bare repositories) that should be served by
gitweb. Must not end with a slash.
@ -34,7 +34,7 @@ in
extraConfig = mkOption {
default = "";
type = types.str;
type = types.lines;
description = ''
Verbatim configuration text appended to the generated gitweb.conf file.
'';

9
nixos/modules/services/web-servers/tomcat.nix
View File

@ -77,6 +77,11 @@ in
description = "Whether to enable logging per virtual host.";
};
jdk = mkOption {
default = pkgs.jdk;
description = "Which JDK to use.";
};
axis2 = {
enable = mkOption {
@ -332,13 +337,13 @@ in
'';
script = ''
${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${tomcat}/bin/startup.sh'
${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${cfg.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${tomcat}/bin/startup.sh'
'';
postStop =
''
echo "Stopping tomcat..."
CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c ${tomcat}/bin/shutdown.sh
CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${cfg.jdk} ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c ${tomcat}/bin/shutdown.sh
'';
};

5
nixos/modules/services/x11/desktop-managers/default.nix
View File

@ -17,7 +17,10 @@ in
# Note: the order in which desktop manager modules are imported here
# determines the default: later modules (if enabled) are preferred.
# E.g., if KDE is enabled, it supersedes xterm.
imports = [ ./none.nix ./xterm.nix ./xfce.nix ./kde4.nix ./e17.nix ./e18.nix ./gnome3.nix ./xbmc.nix ];
imports = [
./none.nix ./xterm.nix ./xfce.nix ./kde4.nix
./e17.nix ./e18.nix ./gnome3.nix ./xbmc.nix
];
options = {

11
nixos/modules/services/x11/desktop-managers/e18.nix
View File

@ -1,11 +1,12 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
with pkgs.lib;
with lib;
let
xcfg = config.services.xserver;
cfg = xcfg.desktopManager.e18;
e18_enlightenment = pkgs.e18.enlightenment.override { set_freqset_setuid = true; };
in
@ -23,18 +24,20 @@ in
config = mkIf (xcfg.enable && cfg.enable) {
environment.systemPackages = [
pkgs.e18.efl pkgs.e18.evas pkgs.e18.emotion pkgs.e18.elementary pkgs.e18.enlightenment
pkgs.e18.efl pkgs.e18.evas pkgs.e18.emotion pkgs.e18.elementary e18_enlightenment
pkgs.e18.terminology pkgs.e18.econnman
];
services.xserver.desktopManager.session = [
{ name = "E18";
start = ''
${pkgs.e18.enlightenment}/bin/enlightenment_start
${e18_enlightenment}/bin/enlightenment_start
waitPID=$!
'';
}];
security.setuidPrograms = [ "e18_freqset" ];
};
}

151
nixos/modules/services/x11/display-managers/gdm.nix Normal file
View File

@ -0,0 +1,151 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.displayManager;
gdm = pkgs.gnome3_12.gdm; # gdm 3.10 not supported
gnome3 = config.environment.gnome3.packageSet;
in
{
###### interface
options = {
services.xserver.displayManager.gdm = {
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether to enable GDM as the display manager.
<emphasis>GDM is very experimental and may render system unusable.</emphasis>
'';
};
};
};
###### implementation
config = mkIf cfg.gdm.enable {
services.xserver.displayManager.slim.enable = false;
users.extraUsers.gdm =
{ name = "gdm";
uid = config.ids.uids.gdm;
group = "gdm";
home = "/run/gdm";
description = "GDM user";
};
users.extraGroups.gdm.gid = config.ids.gids.gdm;
services.xserver.displayManager.job =
{
environment = {
GDM_X_SERVER = "${cfg.xserverBin} ${cfg.xserverArgs}";
GDM_SESSIONS_DIR = "${cfg.session.desktops}";
XDG_CONFIG_DIRS = "${gnome3.gnome_settings_daemon}/etc/xdg";
};
execCmd = "exec ${gdm}/sbin/gdm";
};
# Because sd_login_monitor_new requires /run/systemd/machines
systemd.services.display-manager.wants = [ "systemd-machined.service" ];
systemd.services.display-manager.after = [ "systemd-machined.service" ];
systemd.services.display-manager.path = [ gnome3.gnome_shell gnome3.caribou ];
services.dbus.packages = [ gdm ];
programs.dconf.profiles.gdm = "${gdm}/share/dconf/profile/gdm";
# GDM LFS PAM modules, adapted somehow to NixOS
security.pam.services = {
gdm-launch-environment.text = ''
auth required pam_succeed_if.so audit quiet_success user = gdm
auth optional pam_permit.so
account required pam_succeed_if.so audit quiet_success user = gdm
account sufficient pam_unix.so
password required pam_deny.so
session required pam_succeed_if.so audit quiet_success user = gdm
session required pam_env.so envfile=${config.system.build.pamEnvironment}
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional pam_keyinit.so force revoke
session optional pam_permit.so
'';
gdm.text = ''
auth requisite pam_nologin.so
auth required pam_env.so
auth required pam_succeed_if.so uid >= 1000 quiet
auth optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so
auth sufficient pam_unix.so nullok likeauth
auth required pam_deny.so
account sufficient pam_unix.so
password requisite pam_unix.so nullok sha512
session required pam_env.so envfile=${config.system.build.pamEnvironment}
session required pam_unix.so
session required pam_loginuid.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
gdm-password.text = ''
auth requisite pam_nologin.so
auth required pam_env.so envfile=${config.system.build.pamEnvironment}
auth required pam_succeed_if.so uid >= 1000 quiet
auth optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so
auth sufficient pam_unix.so nullok likeauth
auth required pam_deny.so
account sufficient pam_unix.so
password requisite pam_unix.so nullok sha512
session required pam_env.so envfile=${config.system.build.pamEnvironment}
session required pam_unix.so
session required pam_loginuid.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
gdm-autologin.text = ''
auth requisite pam_nologin.so
auth required pam_succeed_if.so uid >= 1000 quiet
auth required pam_permit.so
account sufficient pam_unix.so
password requisite pam_unix.so nullok sha512
session optional pam_keyinit.so revoke
session required pam_env.so envfile=${config.system.build.pamEnvironment}
session required pam_unix.so
session required pam_loginuid.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
'';
};
};
}

2
nixos/modules/services/x11/display-managers/lightdm.nix
View File

@ -26,7 +26,7 @@ let
buildInputs = [ pkgs.makeWrapper ];
buildCommand = ''
ensureDir $out/gtk-3.0/
mkdir -p $out/gtk-3.0/
# This wrapper ensures that we actually get fonts
makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \

2
nixos/modules/services/x11/display-managers/slim.nix
View File

@ -27,7 +27,7 @@ let
unpackedTheme = pkgs.stdenv.mkDerivation {
name = "slim-theme";
buildCommand = ''
ensureDir $out
mkdir -p $out
cd $out
unpackFile ${cfg.theme}
ln -s * default

9
nixos/modules/services/x11/hardware/synaptics.nix
View File

@ -41,16 +41,19 @@ in {
};
accelFactor = mkOption {
type = types.nullOr types.string;
default = "0.001";
description = "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).";
};
minSpeed = mkOption {
type = types.nullOr types.string;
default = "0.6";
description = "Cursor speed factor for precision finger motion.";
};
maxSpeed = mkOption {
type = types.nullOr types.string;
default = "1.0";
description = "Cursor speed factor for highest-speed finger motion.";
};
@ -120,9 +123,9 @@ in {
MatchIsTouchpad "on"
${optionalString (cfg.dev != null) ''MatchDevicePath "${cfg.dev}"''}
Driver "synaptics"
Option "MinSpeed" "${cfg.minSpeed}"
Option "MaxSpeed" "${cfg.maxSpeed}"
Option "AccelFactor" "${cfg.accelFactor}"
${optionalString (cfg.minSpeed != null) ''Option "MinSpeed" "${cfg.minSpeed}"''}
${optionalString (cfg.maxSpeed != null) ''Option "MaxSpeed" "${cfg.maxSpeed}"''}
${optionalString (cfg.accelFactor != null) ''Option "AccelFactor" "${cfg.accelFactor}"''}
${optionalString cfg.tapButtons tapConfig}
Option "ClickFinger1" "${builtins.elemAt cfg.buttonsMap 0}"
Option "ClickFinger2" "${builtins.elemAt cfg.buttonsMap 1}"

29
nixos/modules/services/x11/window-managers/bspwm.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.windowManager.bspwm;
in
{
options = {
services.xserver.windowManager.bspwm.enable = mkOption {
type = types.bool;
default = false;
example = true;
description = "Enable the bspwm window manager.";
};
};
config = mkIf cfg.enable {
services.xserver.windowManager.session = singleton {
name = "bspwm";
start = "
${pkgs.sxhkd}/bin/sxhkd &
${pkgs.bspwm}/bin/bspwm
";
};
environment.systemPackages = [ pkgs.bspwm ];
};
}

1
nixos/modules/services/x11/window-managers/default.nix
View File

@ -17,6 +17,7 @@ in
./xmonad.nix
./i3.nix
./herbstluftwm.nix
./bspwm.nix
];
options = {

37
nixos/modules/system/boot/emergency-mode.nix Normal file
View File

@ -0,0 +1,37 @@
{ config, lib, ... }:
with lib;
{
###### interface
options = {
systemd.enableEmergencyMode = mkOption {
default = true;
type = types.bool;
description = ''
Whether to enable emergency mode, which is an
<command>sulogin</command> shell started on the console if
mounting a filesystem fails. Since some machines (like EC2
instances) have no console of any kind, emergency mode doesn't
make sense, and it's better to continue with the boot insofar
as possible.
'';
};
};
###### implementation
config = {
systemd.additionalUpstreamSystemUnits = optionals
config.systemd.enableEmergencyMode [
"emergency.target" "emergency.service"
];
};
}

23
nixos/modules/system/boot/modprobe.nix
View File

@ -68,20 +68,15 @@ with lib;
config = mkIf (!config.boot.isContainer) {
environment.etc = [
{ source = "${pkgs.kmod-blacklist-ubuntu}/modprobe.conf";
target = "modprobe.d/ubuntu.conf";
}
{ source = pkgs.writeText "modprobe.conf"
''
${flip concatMapStrings config.boot.blacklistedKernelModules (name: ''
blacklist ${name}
'')}
${config.boot.extraModprobeConfig}
'';
target = "modprobe.d/nixos.conf";
}
];
environment.etc."modprobe.d/ubuntu.conf".source = "${pkgs.kmod-blacklist-ubuntu}/modprobe.conf";
environment.etc."modprobe.d/nixos.conf".text =
''
${flip concatMapStrings config.boot.blacklistedKernelModules (name: ''
blacklist ${name}
'')}
${config.boot.extraModprobeConfig}
'';
environment.systemPackages = [ config.system.sbin.modprobe pkgs.kmod ];

13
nixos/modules/system/boot/stage-1-init.sh
View File

@ -4,7 +4,8 @@ targetRoot=/mnt-root
console=tty1
export LD_LIBRARY_PATH=@extraUtils@/lib
export PATH=@extraUtils@/bin:@extraUtils@/sbin
export PATH=@extraUtils@/bin
ln -s @extraUtils@/bin /bin
fail() {
@ -193,6 +194,9 @@ checkFS() {
# Don't check ROM filesystems.
if [ "$fsType" = iso9660 -o "$fsType" = udf ]; then return 0; fi
# Don't check resilient COWs as they validate the fs structures at mount time
if [ "$fsType" = btrfs -o "$fsType" = zfs ]; then return 0; fi
# If we couldn't figure out the FS type, then skip fsck.
if [ "$fsType" = auto ]; then
echo 'cannot check filesystem with type "auto"!'
@ -262,6 +266,13 @@ mountFS() {
checkFS "$device" "$fsType"
# Create backing directories for unionfs-fuse.
if [ "$fsType" = unionfs-fuse ]; then
for i in $(IFS=:; echo ${options##*,dirs=}); do
mkdir -m 0700 -p /mnt-root"${i%=*}"
done
fi
echo "mounting $device on $mountPoint..."
mkdir -p "/mnt-root$mountPoint" || true

40
nixos/modules/system/boot/stage-1.nix
View File

@ -23,22 +23,6 @@ let
};
needsCifsUtils = kernelPackages.kernel ? features
&& kernelPackages.kernel.features ? needsCifsUtils
&& kernelPackages.kernel.features.needsCifsUtils
&& any (fs: fs.fsType == "cifs") fileSystems;
busybox =
if needsCifsUtils
then pkgs.busybox.override {
extraConfig = ''
CONFIG_FEATURE_MOUNT_CIFS n
CONFIG_FEATURE_MOUNT_HELPERS y
'';
}
else pkgs.busybox;
# Some additional utilities needed in stage 1, like mount, lvm, fsck
# etc. We don't want to bring in all of those packages, so we just
# copy what we need. Instead of using statically linked binaries,
@ -51,6 +35,7 @@ let
}
''
mkdir -p $out/bin $out/lib
ln -s $out/bin $out/sbin
# Copy what we need from Glibc.
cp -pv ${pkgs.glibc}/lib/ld*.so.? $out/lib
@ -62,11 +47,10 @@ let
cp -pv ${pkgs.gcc.gcc}/lib*/libgcc_s.so.* $out/lib
# Copy BusyBox.
cp -rvd ${busybox}/{bin,sbin} $out/
chmod -R u+w $out
cp -pvd ${pkgs.busybox}/bin/* ${pkgs.busybox}/sbin/* $out/bin/
# Copy some utillinux stuff.
cp -v ${pkgs.utillinux}/sbin/blkid $out/bin
cp -vf ${pkgs.utillinux}/sbin/blkid $out/bin
cp -pdv ${pkgs.utillinux}/lib/libblkid*.so.* $out/lib
cp -pdv ${pkgs.utillinux}/lib/libuuid*.so.* $out/lib
@ -89,12 +73,7 @@ let
# Copy modprobe.
cp -v ${pkgs.kmod}/bin/kmod $out/bin/
ln -s kmod $out/bin/modprobe
# Maybe copy cifs utils
${optionalString needsCifsUtils ''
cp -v ${pkgs.cifs_utils}/sbin/mount.cifs $out/bin
''}
ln -sf kmod $out/bin/modprobe
${config.boot.initrd.extraUtilsCommands}
@ -140,7 +119,7 @@ let
udevRules = pkgs.stdenv.mkDerivation {
name = "udev-rules";
buildCommand = ''
ensureDir $out
mkdir -p $out
echo 'ENV{LD_LIBRARY_PATH}="${extraUtils}/lib"' > $out/00-env.rules
@ -313,6 +292,13 @@ in
example = "xz";
};
boot.initrd.supportedFilesystems = mkOption {
default = [ ];
example = [ "btrfs" ];
type = types.listOf types.string;
description = "Names of supported filesystem types in the initial ramdisk.";
};
fileSystems = mkOption {
options.neededForBoot = mkOption {
default = false;
@ -347,5 +333,7 @@ in
# Prevent systemd from waiting for the /dev/root symlink.
systemd.units."dev-root.device".text = "";
boot.initrd.supportedFilesystems = map (fs: fs.fsType) fileSystems;
};
}

10
nixos/modules/system/boot/stage-2-init.sh
View File

@ -29,7 +29,7 @@ setPath "@path@"
# Normally, stage 1 mounts the root filesystem read/writable.
# However, in some environments, stage 2 is executed directly, and the
# root is read-only. So make it writable here.
mount -n -o remount,rw /
mount -n -o remount,rw none /
# Likewise, stage 1 mounts /proc, /dev and /sys, so if we don't have a
@ -98,12 +98,6 @@ mkdir -m 0755 -p /etc/nixos
rm -rf /var/run /var/lock
rm -f /etc/{group,passwd,shadow}.lock
if test -n "@cleanTmpDir@"; then
echo -n "cleaning \`/tmp'..."
find /tmp -maxdepth 1 -mindepth 1 -print0 | xargs -0r rm -rf --one-file-system
echo " done"
fi
# Also get rid of temporary GC roots.
rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots
@ -186,4 +180,4 @@ echo "starting systemd..."
PATH=/run/current-system/systemd/lib/systemd \
MODULE_DIR=/run/booted-system/kernel-modules/lib/modules \
LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive \
exec systemd --log-target=journal # --log-level=debug --log-target=console --crash-shell
exec systemd

14
nixos/modules/system/boot/stage-2.nix
View File

@ -17,7 +17,7 @@ let
src = ./stage-2-init.sh;
shellDebug = "${pkgs.bashInteractive}/bin/bash";
isExecutable = true;
inherit (config.boot) devShmSize runSize cleanTmpDir;
inherit (config.boot) devShmSize runSize;
inherit (config.nix) readOnlyStore;
inherit (config.networking) useHostResolvConf;
ttyGid = config.ids.gids.tty;
@ -26,8 +26,7 @@ let
pkgs.utillinux
pkgs.sysvtools
pkgs.openresolv
] ++ (optional config.boot.cleanTmpDir pkgs.findutils)
++ optional config.nix.readOnlyStore readonlyMountpoint;
] ++ optional config.nix.readOnlyStore readonlyMountpoint;
postBootCommands = pkgs.writeText "local-cmds"
''
${config.boot.postBootCommands}
@ -81,15 +80,6 @@ in
'';
};
# FIXME: should replace this with something that uses systemd-tmpfiles.
cleanTmpDir = mkOption {
type = types.bool;
default = false;
description = ''
Whether to delete all files in <filename>/tmp</filename> during boot.
'';
};
};
};

31
nixos/modules/system/boot/systemd.nix
View File

@ -162,10 +162,7 @@ let
"systemd-sysctl.service"
]
++ optionals cfg.enableEmergencyMode [
"emergency.target"
"emergency.service"
];
++ cfg.additionalUpstreamSystemUnits;
upstreamSystemWants =
[ #"basic.target.wants"
@ -317,7 +314,9 @@ let
''
[Service]
${let env = cfg.globalEnvironment // def.environment;
in concatMapStrings (n: "Environment=\"${n}=${getAttr n env}\"\n") (attrNames env)}
in concatMapStrings (n:
let s = "Environment=\"${n}=${getAttr n env}\"\n";
in if stringLength s >= 2048 then throw "The value of the environment variable ${n} in systemd service ${name}.service is too long." else s) (attrNames env)}
${if def.reloadIfChanged then ''
X-ReloadIfChanged=true
'' else if !def.restartIfChanged then ''
@ -635,19 +634,6 @@ in
'';
};
systemd.enableEmergencyMode = mkOption {
default = true;
type = types.bool;
description = ''
Whether to enable emergency mode, which is an
<command>sulogin</command> shell started on the console if
mounting a filesystem fails. Since some machines (like EC2
instances) have no console of any kind, emergency mode doesn't
make sense, and it's better to continue with the boot insofar
as possible.
'';
};
systemd.tmpfiles.rules = mkOption {
type = types.listOf types.str;
default = [];
@ -690,6 +676,15 @@ in
description = "Definition of systemd per-user socket units.";
};
systemd.additionalUpstreamSystemUnits = mkOption {
default = [ ];
type = types.listOf types.str;
example = [ "debug-shell.service" "systemd-quotacheck.service" ];
description = ''
Additional units shipped with systemd that shall be enabled.
'';
};
};

39
nixos/modules/system/boot/tmp.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, lib, ... }:
with lib;
{
###### interface
options = {
boot.cleanTmpDir = mkOption {
type = types.bool;
default = false;
description = ''
Whether to delete all files in <filename>/tmp</filename> during boot.
'';
};
boot.tmpOnTmpfs = mkOption {
type = types.bool;
default = false;
description = ''
Whether to mount a tmpfs on <filename>/tmp</filename> during boot.
'';
};
};
###### implementation
config = {
systemd.additionalUpstreamSystemUnits = optional config.boot.tmpOnTmpfs "tmp.mount";
systemd.tmpfiles.rules = optional config.boot.cleanTmpDir "D! /tmp 1777 root root";
};
}

2
nixos/modules/system/etc/etc.nix
View File

@ -132,7 +132,7 @@ in
''
# Set up the statically computed bits of /etc.
echo "setting up /etc..."
${pkgs.perl}/bin/perl ${./setup-etc.pl} ${etc}/etc
${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl ${./setup-etc.pl} ${etc}/etc
'';
};

41
nixos/modules/system/etc/setup-etc.pl
View File

@ -3,6 +3,7 @@ use File::Find;
use File::Copy;
use File::Path;
use File::Basename;
use File::Slurp;
my $etc = $ARGV[0] or die;
my $static = "/etc/static";
@ -46,35 +47,55 @@ sub cleanup {
find(\&cleanup, "/etc");
# Use /etc/.clean to keep track of copied files.
my @oldCopied = read_file("/etc/.clean", chomp => 1, err_mode => 'quiet');
open CLEAN, ">>/etc/.clean";
# For every file in the etc tree, create a corresponding symlink in
# /etc to /etc/static. The indirection through /etc/static is to make
# switching to a new configuration somewhat more atomic.
my %created;
my @copied;
sub link {
my $fn = substr $File::Find::name, length($etc) + 1 or next;
my $target = "/etc/$fn";
File::Path::make_path(dirname $target);
$created{$fn} = 1;
if (-e "$_.mode") {
open MODE, "<$_.mode";
my $mode = <MODE>; chomp $mode;
close MODE;
my $mode = read_file("$_.mode"); chomp $mode;
if ($mode eq "direct-symlink") {
atomicSymlink readlink("$static/$fn"), $target or warn;
} else {
open UID, "<$_.uid";
my $uid = <UID>; chomp $uid;
close UID;
open GID, "<$_.gid";
my $gid = <GID>; chomp $gid;
close GID;
my $uid = read_file("$_.uid"); chomp $uid;
my $gid = read_file("$_.gid"); chomp $gid;
copy "$static/$fn", "$target.tmp" or warn;
chown int($uid), int($gid), "$target.tmp" or warn;
chmod oct($mode), "$target.tmp" or warn;
rename "$target.tmp", $target or warn;
}
push @copied, $fn;
print CLEAN "$fn\n";
} elsif (-l "$_") {
atomicSymlink "$static/$fn", $target or warn;
}
}
find(\&link, $etc);
# Delete files that were copied in a previous version but not in the
# current.
foreach my $fn (@oldCopied) {
if (!defined $created{$fn}) {
$fn = "/etc/$fn";
print STDERR "removing obsolete file $fn...\n";
unlink "$fn";
}
}
# Rewrite /etc/.clean.
close CLEAN;
write_file("/etc/.clean", map { "$_\n" } @copied);

20
nixos/modules/tasks/filesystems.nix
View File

@ -9,7 +9,7 @@ let
prioOption = prio: optionalString (prio !=null) " pri=${toString prio}";
fileSystemOpts = { name, ... }: {
fileSystemOpts = { name, config, ... }: {
options = {
@ -68,6 +68,7 @@ let
config = {
mountPoint = mkDefault name;
device = mkIf (config.fsType == "tmpfs") (mkDefault config.fsType);
};
};
@ -124,13 +125,6 @@ in
description = "Names of supported filesystem types.";
};
boot.initrd.supportedFilesystems = mkOption {
default = [ ];
example = [ "btrfs" ];
type = types.listOf types.string;
description = "Names of supported filesystem types in the initial ramdisk.";
};
};
@ -140,15 +134,11 @@ in
boot.supportedFilesystems = map (fs: fs.fsType) fileSystems;
boot.initrd.supportedFilesystems =
map (fs: fs.fsType)
(filter (fs: fs.mountPoint == "/" || fs.neededForBoot) fileSystems);
# Add the mount helpers to the system path so that `mount' can find them.
system.fsPackages = [ pkgs.dosfstools ];
environment.systemPackages =
[ pkgs.ntfs3g pkgs.cifs_utils pkgs.fuse ]
[ pkgs.ntfs3g pkgs.fuse ]
++ config.system.fsPackages;
environment.etc.fstab.text =
@ -157,7 +147,9 @@ in
# Filesystems.
${flip concatMapStrings fileSystems (fs:
(if fs.device != null then fs.device else "/dev/disk/by-label/${fs.label}")
(if fs.device != null then fs.device
else if fs.label != null then "/dev/disk/by-label/${fs.label}"
else throw "No device specified for mount point ${fs.mountPoint}.")
+ " " + fs.mountPoint
+ " " + fs.fsType
+ " " + fs.options

25
nixos/modules/tasks/filesystems/cifs.nix Normal file
View File

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
with lib;
let
inInitrd = any (fs: fs == "cifs") config.boot.initrd.supportedFilesystems;
in
{
config = {
system.fsPackages = [ pkgs.cifs_utils ];
boot.initrd.availableKernelModules = mkIf inInitrd
[ "cifs" "nls_utf8" "hmac" "md4" "ecb" "des_generic" "sha256" ];
boot.initrd.extraUtilsCommands = mkIf inInitrd
''
cp -v ${pkgs.cifs_utils}/sbin/mount.cifs $out/bin
'';
};
}

13
nixos/modules/tasks/filesystems/unionfs-fuse.nix
View File

@ -2,14 +2,21 @@
{
config = lib.mkMerge [
(lib.mkIf (lib.any (fs: fs == "unionfs-fuse") config.boot.initrd.supportedFilesystems) {
boot.initrd.kernelModules = [ "fuse" ];
boot.initrd.extraUtilsCommands = ''
cp -v ${pkgs.fuse}/lib/libfuse* $out/lib
cp -v ${pkgs.fuse}/sbin/mount.fuse $out/bin
cp -v ${pkgs.unionfs-fuse}/bin/unionfs $out/bin
substitute ${pkgs.unionfs-fuse}/sbin/mount.unionfs-fuse $out/bin/mount.unionfs-fuse \
--replace '${pkgs.bash}/bin/bash' /bin/sh \
--replace '${pkgs.fuse}/sbin' /bin \
--replace '${pkgs.unionfs-fuse}/bin' /bin
chmod +x $out/bin/mount.unionfs-fuse
'';
boot.initrd.postDeviceCommands = ''
# Hacky!!! fuse hard-codes the path to mount
mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}/bin
@ -17,8 +24,10 @@
ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}/bin
'';
})
(lib.mkIf (lib.any (fs: fs == "unionfs-fuse") config.boot.supportedFilesystems) {
system.fsPackages = [ pkgs.unionfs-fuse ];
})
];
}

22
nixos/modules/tasks/trackpoint.nix
View File

@ -46,21 +46,15 @@ with lib;
config = mkIf config.hardware.trackpoint.enable {
jobs.trackpoint =
{ description = "Initialize trackpoint";
services.udev.extraRules =
''
ACTION=="add|change", SUBSYSTEM=="input", ATTR{name}=="TPPS/2 IBM TrackPoint", ATTR{device/speed}="${toString config.hardware.trackpoint.speed}", ATTR{device/sensitivity}="${toString config.hardware.trackpoint.sensitivity}"
'';
startOn = "started udev";
task = true;
script = ''
echo -n ${toString config.hardware.trackpoint.sensitivity} \
> /sys/devices/platform/i8042/serio1/sensitivity
echo -n ${toString config.hardware.trackpoint.speed} \
> /sys/devices/platform/i8042/serio1/speed
'';
};
system.activationScripts.trackpoint =
''
${config.systemd.package}/bin/udevadm trigger --attr-match=name="TPPS/2 IBM TrackPoint"
'';
};
}

2
nixos/modules/tasks/tty-backgrounds-combine.sh
View File

@ -3,7 +3,7 @@ source $stdenv/setup
ttys=($ttys)
themes=($themes)
ensureDir $out
mkdir -p $out
defaultName=$(cd $default && ls | grep -v default)
echo $defaultName

16
nixos/modules/testing/test-instrumentation.nix
View File

@ -66,13 +66,22 @@ let kernel = config.boot.kernelPackages.kernel; in
# Panic if an error occurs in stage 1 (rather than waiting for
# user intervention).
boot.kernelParams =
[ "console=tty1" "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
[ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
# `xwininfo' is used by the test driver to query open windows.
environment.systemPackages = [ pkgs.xorg.xwininfo ];
# Log everything to the serial console.
services.journald.console = "/dev/console";
services.journald.extraConfig =
''
ForwardToConsole=yes
MaxLevelConsole=debug
'';
# Don't clobber the console with duplicate systemd messages.
systemd.extraConfig = "ShowStatus=no";
boot.consoleLogLevel = 7;
# Prevent tests from accessing the Internet.
networking.defaultGateway = mkOverride 150 "";
@ -88,6 +97,9 @@ let kernel = config.boot.kernelPackages.kernel; in
networking.usePredictableInterfaceNames = false;
# Make it easy to log in as root when running the test interactively.
security.initialRootPassword = mkDefault "";
};
}

2
nixos/modules/virtualisation/amazon-image.nix
View File

@ -172,7 +172,7 @@ in
boot.initrd.extraUtilsCommands =
''
# We need swapon in the initrd.
cp ${pkgs.utillinux}/sbin/swapon $out/bin
cp --remove-destination ${pkgs.utillinux}/sbin/swapon $out/bin
'';
# Don't put old configurations in the GRUB menu. The user has no

109
nixos/modules/virtualisation/docker.nix Normal file
View File

@ -0,0 +1,109 @@
# Systemd services for docker.
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.virtualisation.docker;
in
{
###### interface
options.virtualisation.docker = {
enable =
mkOption {
type = types.bool;
default = false;
description =
''
This option enables docker, a daemon that manages
linux containers. Users in the "docker" group can interact with
the daemon (e.g. to start or stop containers) using the
<command>docker</command> command line tool.
'';
};
socketActivation =
mkOption {
type = types.bool;
default = false;
description =
''
This option enables docker with socket activation. I.e. docker will
start when first called by client.
Note: This is false by default because systemd lower than 214 that
nixos uses so far, doesn't support SocketGroup option, so socket
created by docker has root group now. This will likely be changed
in future. So set this option explicitly to false if you wish.
'';
};
extraOptions =
mkOption {
type = types.str;
default = "";
description =
''
The extra command-line options to pass to
<command>docker</command> daemon.
'';
};
};
###### implementation
config = mkIf cfg.enable (mkMerge [
{ environment.systemPackages = [ pkgs.docker ];
}
(mkIf cfg.socketActivation {
systemd.services.docker = {
description = "Docker Application Container Engine";
after = [ "network.target" "docker.socket" ];
requires = [ "docker.socket" ];
serviceConfig = {
ExecStart = "${pkgs.docker}/bin/docker --daemon=true --host=fd:// --group=docker ${cfg.extraOptions}";
# I'm not sure if that limits aren't too high, but it's what
# goes in config bundled with docker itself
LimitNOFILE = 1048576;
LimitNPROC = 1048576;
};
};
systemd.sockets.docker = {
description = "Docker Socket for the API";
wantedBy = [ "sockets.target" ];
socketConfig = {
ListenStream = "/var/run/docker.sock";
SocketMode = "0660";
SocketUser = "root";
SocketGroup = "docker";
};
};
})
(mkIf (!cfg.socketActivation) {
systemd.services.docker = {
description = "Docker Application Container Engine";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.docker}/bin/docker --daemon=true --group=docker ${cfg.extraOptions}";
# I'm not sure if that limits aren't too high, but it's what
# goes in config bundled with docker itself
LimitNOFILE = 1048576;
LimitNPROC = 1048576;
};
# Presumably some containers are running we don't want to interrupt
restartIfChanged = false;
};
})
]);
}

15
nixos/modules/virtualisation/ec2-data.nix
View File

@ -22,21 +22,22 @@ with lib;
systemd.services."fetch-ec2-data" =
{ description = "Fetch EC2 Data";
wantedBy = [ "multi-user.target" ];
wantedBy = [ "multi-user.target" "sshd.service" ];
before = [ "sshd.service" ];
after = [ "network.target" ];
wants = [ "ip-up.target" ];
after = [ "ip-up.target" ];
path = [ pkgs.curl pkgs.iproute ];
path = [ pkgs.wget pkgs.iproute ];
script =
''
ip route del blackhole 169.254.169.254/32 || true
curl="curl --retry 3 --retry-delay 0 --fail"
wget="wget -q --retry-connrefused -O -"
echo "setting host name..."
${optionalString (config.networking.hostName == "") ''
${pkgs.nettools}/bin/hostname $($curl http://169.254.169.254/1.0/meta-data/hostname)
${pkgs.nettools}/bin/hostname $($wget http://169.254.169.254/1.0/meta-data/hostname)
''}
# Don't download the SSH key if it has already been injected
@ -44,7 +45,7 @@ with lib;
if ! [ -e /root/.ssh/authorized_keys ]; then
echo "obtaining SSH key..."
mkdir -p /root/.ssh
$curl -o /root/key.pub http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
$wget http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key > /root/key.pub
if [ $? -eq 0 -a -e /root/key.pub ]; then
if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
cat /root/key.pub >> /root/.ssh/authorized_keys
@ -58,7 +59,7 @@ with lib;
# Extract the intended SSH host key for this machine from
# the supplied user data, if available. Otherwise sshd will
# generate one normally.
$curl http://169.254.169.254/2011-01-01/user-data > /root/user-data || true
$wget http://169.254.169.254/2011-01-01/user-data > /root/user-data || true
key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)"
key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)"
if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then

26
nixos/modules/virtualisation/google-compute-image.nix
View File

@ -121,19 +121,6 @@ in
networking.usePredictableInterfaceNames = false;
systemd.services.wait-metadata-online = {
description = "Wait for GCE metadata server to become reachable";
wantedBy = [ "network-online.target" ];
before = [ "network-online.target" ];
path = [ pkgs.netcat ];
script = ''
# wait for the metadata server to become available for up to 60 seconds
for counter in {1..30}; do sleep 2 && nc -vzw 2 metadata 80 && break; done
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
};
systemd.services.fetch-ssh-keys =
{ description = "Fetch host keys and authorized_keys for root user";
@ -142,14 +129,15 @@ in
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
path = [ pkgs.curl ];
path = [ pkgs.wget ];
script =
''
wget="wget --retry-connrefused -t 6 --waitretry=10"
# Don't download the SSH key if it has already been downloaded
if ! [ -e /root/.ssh/authorized_keys ]; then
echo "obtaining SSH key..."
mkdir -p /root/.ssh
curl -o /root/authorized-keys-metadata http://metadata/0.1/meta-data/authorized-keys
$wget -O /root/authorized-keys-metadata http://metadata/0.1/meta-data/authorized-keys
if [ $? -eq 0 -a -e /root/authorized-keys-metadata ]; then
cat /root/authorized-keys-metadata | cut -d: -f2- > /root/key.pub
if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
@ -162,7 +150,7 @@ in
fi
echo "obtaining SSH private host key..."
curl -o /root/ssh_host_ecdsa_key --retry-max-time 60 http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key
$wget -O /root/ssh_host_ecdsa_key http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key
if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key ]; then
mv -f /root/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key
echo "downloaded ssh_host_ecdsa_key"
@ -170,7 +158,7 @@ in
fi
echo "obtaining SSH public host key..."
curl -o /root/ssh_host_ecdsa_key.pub --retry-max-time 60 http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub
$wget -O /root/ssh_host_ecdsa_key.pub http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub
if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key.pub ]; then
mv -f /root/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
echo "downloaded ssh_host_ecdsa_key.pub"
@ -179,7 +167,7 @@ in
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.StandardError = "journal+console";
serviceConfig.StandardOutput = "journal+console";
};
}

39
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -275,12 +275,10 @@ in
boot.loader.grub.device = mkVMOverride "/dev/vda";
boot.initrd.supportedFilesystems = optional cfg.writableStore "unionfs-fuse";
boot.initrd.extraUtilsCommands =
''
# We need mke2fs in the initrd.
cp ${pkgs.e2fsprogs}/sbin/mke2fs $out/bin
cp -f ${pkgs.e2fsprogs}/sbin/mke2fs $out/bin
'';
boot.initrd.postDeviceCommands =
@ -303,20 +301,6 @@ in
chmod 1777 $targetRoot/tmp
mkdir -p $targetRoot/boot
${optionalString cfg.writableStore ''
mkdir -p /unionfs-chroot/ro-store
mount --rbind $targetRoot/nix/store /unionfs-chroot/ro-store
mkdir /unionfs-chroot/rw-store
${if cfg.writableStoreUseTmpfs then ''
mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store
'' else ''
mkdir $targetRoot/.nix-rw-store
mount --bind $targetRoot/.nix-rw-store /unionfs-chroot/rw-store
''}
unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768,hide_meta_files /rw-store=RW:/ro-store=RO $targetRoot/nix/store
''}
'';
# After booting, register the closure of the paths in
@ -343,12 +327,13 @@ in
# configuration, where the regular value for the `fileSystems'
# attribute should be disregarded for the purpose of building a VM
# test image (since those filesystems don't exist in the VM).
fileSystems = mkVMOverride
fileSystems = mkVMOverride (
{ "/".device = "/dev/vda";
"/nix/store" =
${if cfg.writableStore then "/nix/.ro-store" else "/nix/store"} =
{ device = "store";
fsType = "9p";
options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
neededForBoot = true;
};
"/tmp/xchg" =
{ device = "xchg";
@ -362,6 +347,18 @@ in
options = "trans=virtio,version=9p2000.L,msize=1048576";
neededForBoot = true;
};
} // optionalAttrs cfg.writableStore
{ "/nix/store" =
{ fsType = "unionfs-fuse";
device = "unionfs";
options = "allow_other,cow,nonempty,chroot=/mnt-root,max_files=32768,hide_meta_files,dirs=/nix/.rw-store=rw:/nix/.ro-store=ro";
};
} // optionalAttrs (cfg.writableStore && cfg.writableStoreUseTmpfs)
{ "/nix/.rw-store" =
{ fsType = "tmpfs";
options = "mode=0755";
neededForBoot = true;
};
} // optionalAttrs cfg.useBootLoader
{ "/boot" =
{ device = "/dev/disk/by-label/boot";
@ -369,7 +366,7 @@ in
options = "ro";
noCheck = true; # fsck fails on a r/o filesystem
};
};
});
swapDevices = mkVMOverride [ ];
boot.initrd.luks.devices = mkVMOverride [];
@ -379,7 +376,7 @@ in
system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; }
''
ensureDir $out/bin
mkdir -p $out/bin
ln -s ${config.system.build.toplevel} $out/system
ln -s ${pkgs.writeScript "run-nixos-vm" startVM} $out/bin/run-${vmName}-vm
'';

228
nixos/modules/virtualisation/virtualbox-image.nix
View File

@ -2,112 +2,132 @@
with lib;
{
system.build.virtualBoxImage =
pkgs.vmTools.runInLinuxVM (
pkgs.runCommand "virtualbox-image"
{ memSize = 768;
preVM =
''
mkdir $out
diskImage=$out/image
${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "10G"
mv closure xchg/
'';
postVM =
''
echo "creating VirtualBox disk image..."
${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage $out/disk.vdi
rm $diskImage
'';
buildInputs = [ pkgs.utillinux pkgs.perl ];
exportReferencesGraph =
[ "closure" config.system.build.toplevel ];
}
''
# Create a single / partition.
${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
. /sys/class/block/vda1/uevent
mknod /dev/vda1 b $MAJOR $MINOR
let
# Create an empty filesystem and mount it.
${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1
${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
mkdir /mnt
mount /dev/vda1 /mnt
cfg = config.virtualbox;
# The initrd expects these directories to exist.
mkdir /mnt/dev /mnt/proc /mnt/sys
mount --bind /proc /mnt/proc
mount --bind /dev /mnt/dev
mount --bind /sys /mnt/sys
in {
# Copy all paths in the closure to the filesystem.
storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
options = {
virtualbox = {
baseImageSize = mkOption {
type = types.str;
default = "10G";
description = ''
The size of the VirtualBox base image. The size string should be on
a format the qemu-img command accepts.
'';
};
};
};
echo "filling Nix store..."
mkdir -p /mnt/nix/store
set -f
cp -prd $storePaths /mnt/nix/store/
mkdir -p /mnt/etc/nix
echo 'build-users-group = ' > /mnt/etc/nix/nix.conf
# Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package}/bin/nix-store --load-db
# Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package}/bin/nix-env \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
# `nixos-rebuild' requires an /etc/NIXOS.
mkdir -p /mnt/etc/nixos
touch /mnt/etc/NIXOS
# `switch-to-configuration' requires a /bin/sh
mkdir -p /mnt/bin
ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
# Generate the GRUB menu.
ln -s vda /dev/sda
chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
umount /mnt/proc /mnt/dev /mnt/sys
umount /mnt
''
);
system.build.virtualBoxOVA = pkgs.runCommand "virtualbox-ova"
{ buildInputs = [ pkgs.linuxPackages.virtualbox ];
vmName = "NixOS ${config.system.nixosVersion} (${pkgs.stdenv.system})";
fileName = "nixos-${config.system.nixosVersion}-${pkgs.stdenv.system}.ova";
}
''
echo "creating VirtualBox VM..."
export HOME=$PWD
VBoxManage createvm --name "$vmName" --register \
--ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
VBoxManage modifyvm "$vmName" \
--memory 1536 --acpi on --vram 10 \
--nictype1 virtio --nic1 nat \
--audiocontroller ac97 --audio alsa \
--rtcuseutc on \
--usb on --mouse usbtablet
VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on
VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \
--medium ${config.system.build.virtualBoxImage}/disk.vdi
echo "exporting VirtualBox VM..."
mkdir -p $out
VBoxManage export "$vmName" --output "$out/$fileName"
'';
fileSystems."/".device = "/dev/disk/by-label/nixos";
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
services.virtualbox.enable = true;
config = {
system.build.virtualBoxImage =
pkgs.vmTools.runInLinuxVM (
pkgs.runCommand "virtualbox-image"
{ memSize = 768;
preVM =
''
mkdir $out
diskImage=$out/image
${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "${cfg.baseImageSize}"
mv closure xchg/
'';
postVM =
''
echo "creating VirtualBox disk image..."
${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage $out/disk.vdi
rm $diskImage
'';
buildInputs = [ pkgs.utillinux pkgs.perl ];
exportReferencesGraph =
[ "closure" config.system.build.toplevel ];
}
''
# Create a single / partition.
${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
. /sys/class/block/vda1/uevent
mknod /dev/vda1 b $MAJOR $MINOR
# Create an empty filesystem and mount it.
${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1
${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
mkdir /mnt
mount /dev/vda1 /mnt
# The initrd expects these directories to exist.
mkdir /mnt/dev /mnt/proc /mnt/sys
mount --bind /proc /mnt/proc
mount --bind /dev /mnt/dev
mount --bind /sys /mnt/sys
# Copy all paths in the closure to the filesystem.
storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
echo "filling Nix store..."
mkdir -p /mnt/nix/store
set -f
cp -prd $storePaths /mnt/nix/store/
mkdir -p /mnt/etc/nix
echo 'build-users-group = ' > /mnt/etc/nix/nix.conf
# Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package}/bin/nix-store --load-db
# Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package}/bin/nix-env \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
# `nixos-rebuild' requires an /etc/NIXOS.
mkdir -p /mnt/etc/nixos
touch /mnt/etc/NIXOS
# `switch-to-configuration' requires a /bin/sh
mkdir -p /mnt/bin
ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
# Generate the GRUB menu.
ln -s vda /dev/sda
chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
umount /mnt/proc /mnt/dev /mnt/sys
umount /mnt
''
);
system.build.virtualBoxOVA = pkgs.runCommand "virtualbox-ova"
{ buildInputs = [ pkgs.linuxPackages.virtualbox ];
vmName = "NixOS ${config.system.nixosVersion} (${pkgs.stdenv.system})";
fileName = "nixos-${config.system.nixosVersion}-${pkgs.stdenv.system}.ova";
}
''
echo "creating VirtualBox VM..."
export HOME=$PWD
VBoxManage createvm --name "$vmName" --register \
--ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
VBoxManage modifyvm "$vmName" \
--memory 1536 --acpi on --vram 10 \
--nictype1 virtio --nic1 nat \
--audiocontroller ac97 --audio alsa \
--rtcuseutc on \
--usb on --mouse usbtablet
VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on
VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \
--medium ${config.system.build.virtualBoxImage}/disk.vdi
echo "exporting VirtualBox VM..."
mkdir -p $out
VBoxManage export "$vmName" --output "$out/$fileName"
'';
fileSystems."/".device = "/dev/disk/by-label/nixos";
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
services.virtualbox.enable = true;
};
}

4
nixos/release-combined.nix
View File

@ -42,8 +42,8 @@ in rec {
(all nixos.iso_graphical)
(all nixos.ova)
# (all nixos.tests.efi-installer.simple)
(all nixos.tests.containers)
#(all nixos.tests.efi-installer.simple)
#(all nixos.tests.containers)
(all nixos.tests.firefox)
(all nixos.tests.firewall)
(all nixos.tests.gnome3)

1
nixos/release.nix
View File

@ -113,6 +113,7 @@ in rec {
manual = forAllSystems (system: (builtins.getAttr system iso_minimal).config.system.build.manual.manual);
manualPDF = iso_minimal.x86_64-linux.config.system.build.manual.manualPDF;
manpages = forAllSystems (system: (builtins.getAttr system iso_minimal).config.system.build.manual.manpages);

2
nixos/tests/containers.nix
View File

@ -35,7 +35,7 @@ import ./make-test.nix {
# multi-user.target, we should now be able to access it.
my $ip = $machine->succeed("nixos-container show-ip webserver");
chomp $ip;
$machine->succeed("ping -c1 $ip");
#$machine->succeed("ping -c1 $ip"); # FIXME
$machine->succeed("curl --fail http://$ip/ > /dev/null");
# Stop the container.

1
nixos/tests/ipv6.nix
View File

@ -37,6 +37,7 @@ import ./make-test.nix {
$client->waitForUnit("network.target");
$server->waitForUnit("network.target");
$server->waitForUnit("httpd.service");
# Wait until the given interface has a non-tentative address of
# the desired scope (i.e. has completed Duplicate Address

3
nixos/tests/misc.nix
View File

@ -12,8 +12,7 @@ import ./make-test.nix {
services.nixosManual.enable = mkOverride 0 true;
systemd.tmpfiles.rules = [ "d /tmp 1777 root root 10d" ];
fileSystems = mkVMOverride { "/tmp2" =
{ device = "none";
fsType = "tmpfs";
{ fsType = "tmpfs";
options = "mode=1777,noauto";
};
};

4
pkgs/applications/audio/a2jmidid/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, alsaLib, dbus, jackaudio, pkgconfig, python }:
{ stdenv, fetchurl, alsaLib, dbus, jack2, pkgconfig, python }:
stdenv.mkDerivation rec {
name = "a2jmidid-${version}";
@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
sha256 = "0pzm0qk5ilqhwz74pydg1jwrds27vm47185dakdrxidb5bv3b5ia";
};
buildInputs = [ alsaLib dbus jackaudio pkgconfig python ];
buildInputs = [ alsaLib dbus jack2 pkgconfig python ];
configurePhase = "python waf configure --prefix=$out";

2
pkgs/applications/audio/abcde/default.nix
View File

@ -61,7 +61,7 @@ in
meta = {
homepage = "http://lly.org/~rcw/abcde/page/";
license = "GPLv2+";
license = stdenv.lib.licenses.gpl2Plus;
description = "Command-line audio CD ripper";
longDescription = ''

19
pkgs/applications/audio/ardour/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchgit, alsaLib, aubio, boost, cairomm, curl, fftw
, fftwSinglePrec, flac, glibc, glibmm, gtk, gtkmm, jackaudio
, fftwSinglePrec, flac, glibc, glibmm, gtk, gtkmm, jack2
, libgnomecanvas, libgnomecanvasmm, liblo, libmad, libogg, librdf
, librdf_raptor, librdf_rasqal, libsamplerate, libsigcxx, libsndfile
, libusb, libuuid, libxml2, libxslt, lilv, lv2, makeWrapper, pango
@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
buildInputs =
[ alsaLib aubio boost cairomm curl fftw fftwSinglePrec flac glibc
glibmm gtk gtkmm jackaudio libgnomecanvas libgnomecanvasmm liblo
glibmm gtk gtkmm jack2 libgnomecanvas libgnomecanvasmm liblo
libmad libogg librdf librdf_raptor librdf_rasqal libsamplerate
libsigcxx libsndfile libusb libuuid libxml2 libxslt lilv lv2
makeWrapper pango perl pkgconfig python serd sord sratom suil
@ -47,6 +47,21 @@ stdenv.mkDerivation rec {
mkdir -pv $out/gtk2/engines
cp build/libs/clearlooks-newer/libclearlooks.so $out/gtk2/engines/
wrapProgram $out/bin/ardour3 --prefix GTK_PATH : $out/gtk2
# Install desktop file
mkdir -p "$out/share/applications"
cat > "$out/share/applications/ardour.desktop" << EOF
[Desktop Entry]
Name=Ardour 3
GenericName=Digital Audio Workstation
Comment=Multitrack harddisk recorder
Exec=$out/bin/ardour3
Icon=$out/share/ardour3/icons/ardour_icon_256px.png
Terminal=false
Type=Application
X-MultipleArgs=false
Categories=GTK;Audio;AudioVideoEditing;AudioVideo;Video;
EOF
'';
meta = with stdenv.lib; {

2
pkgs/applications/audio/audacity/default.nix
View File

@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
meta = {
description = "Sound editor with graphical UI";
homepage = http://audacity.sourceforge.net;
license = "GPLv2+";
license = stdenv.lib.licenses.gpl2Plus;
platforms = with stdenv.lib.platforms; linux;
maintainers = with stdenv.lib.maintainers; [ the-kenny ];
};

2
pkgs/applications/audio/aumix/default.nix
View File

@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
the command line or a script.
'';
homepage = http://www.jpj.net/~trevor/aumix.html;
license = "GPLv2+";
license = stdenv.lib.licenses.gpl2Plus;
maintainers = [ stdenv.lib.maintainers.ludo ];
platforms = stdenv.lib.platforms.linux;

4
pkgs/applications/audio/bristol/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, alsaLib, jackaudio, pkgconfig, pulseaudio, xlibs }:
{ stdenv, fetchurl, alsaLib, jack2, pkgconfig, pulseaudio, xlibs }:
stdenv.mkDerivation rec {
name = "bristol-${version}";
@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
};
buildInputs = [
alsaLib jackaudio pkgconfig pulseaudio xlibs.libX11 xlibs.libXext
alsaLib jack2 pkgconfig pulseaudio xlibs.libX11 xlibs.libXext
xlibs.xproto
];

4
pkgs/applications/audio/calf/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, cairo, expat, fftwSinglePrec, fluidsynth, glib
, gtk, jackaudio, ladspaH , libglade, lv2, pkgconfig }:
, gtk, jack2, ladspaH , libglade, lv2, pkgconfig }:
stdenv.mkDerivation rec {
name = "calf-${version}";
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
};
buildInputs = [
cairo expat fftwSinglePrec fluidsynth glib gtk jackaudio ladspaH
cairo expat fftwSinglePrec fluidsynth glib gtk jack2 ladspaH
libglade lv2 pkgconfig
];

2
pkgs/applications/audio/cd-discid/default.nix
View File

@ -19,7 +19,7 @@ in
meta = {
homepage = http://lly.org/~rcw/cd-discid/;
license = "GPLv2+";
license = stdenv.lib.licenses.gpl2Plus;
description = "cd-discid, a command-line utility to retrieve a disc's CDDB ID";
longDescription = ''

Some files were not shown because too many files have changed in this diff Show More