Merge master into staging

This commit is contained in:
Vladimír Čunát 2015-12-17 08:53:35 +01:00
commit 1c268e0b8c
752 changed files with 36914 additions and 13297 deletions

5
.mention-bot Normal file
View File

@ -0,0 +1,5 @@
{
"userBlacklist": [
"civodul"
]
}

109
doc/configuration.xml Normal file
View File

@ -0,0 +1,109 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-packageconfig">
<title><filename>~/.nixpkgs/config.nix</filename>: global configuration</title>
<para>Nix packages can be configured to allow or deny certain options.</para>
<para>To apply the configuration edit
<filename>~/.nixpkgs/config.nix</filename> and set it like
<programlisting>
{
allowUnfree = true;
}
</programlisting>
and will allow the Nix package manager to install unfree licensed packages.</para>
<para>The configuration as listed also applies to NixOS under
<option>nixpkgs.config</option> set.</para>
<itemizedlist>
<listitem>
<para>Allow installing of packages that are distributed under
unfree license by setting <programlisting>allowUnfree =
true;</programlisting> or deny them by setting it to
<literal>false</literal>.</para>
<para>Same can be achieved by setting the environment variable:
<programlisting>
$ export NIXPKGS_ALLOW_UNFREE=1
</programlisting>
</para>
</listitem>
<listitem>
<para>Whenever unfree packages are not allowed, single packages
can still be allowed by a predicate function that accepts package
as an argument and should return a boolean:
<programlisting>
allowUnfreePredicate = (pkg: ...);
</programlisting>
Example to allow flash player only:
<programlisting>
allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "flashplayer-" pkg.name);
</programlisting>
</para>
</listitem>
<listitem>
<para>Whenever unfree packages are not allowed, packages can still
be whitelisted by their license:
<programlisting>
whitelistedLicenses = with stdenv.lib.licenses; [ amd wtfpl ];
</programlisting>
</para>
</listitem>
<listitem>
<para>In addition to whitelisting licenses which are denied by the
<literal>allowUnfree</literal> setting, you can also explicitely
deny installation of packages which have a certain license:
<programlisting>
blacklistedLicenses = with stdenv.lib.licenses; [ agpl3 gpl3 ];
</programlisting>
</para>
</listitem>
</itemizedlist>
<para>A complete list of licenses can be found in the file
<filename>lib/licenses.nix</filename> of the nix package tree.</para>
<!--============================================================-->
<section xml:id="sec-modify-via-packageOverrides"><title>Modify
packages via <literal>packageOverrides</literal></title>
<para>You can define a function called
<varname>packageOverrides</varname> in your local
<filename>~/.nixpkgs/config</filename> to overide nix packages. It
must be a function that takes pkgs as an argument and return modified
set of packages.
<programlisting>
{
packageOverrides = pkgs: rec {
foo = pkgs.foo.override { ... };
};
}
</programlisting>
</para>
</section>
</chapter>

View File

@ -1,4 +1,3 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-language-support">

View File

@ -1,88 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-packageconfig">
<title><filename>~/.nixpkgs/config.nix</filename>: global configuration</title>
<para>
Nix packages can be configured to allow or deny certain options.
</para>
<para>
To apply the configuration edit <filename>~/.nixpkgs/config.nix</filename>
and set it like
<programlisting>{
allowUnfree = true;
}</programlisting>
and will allow the Nix package manager to install unfree licensed packages.
The configuration as listed also applies to NixOS under <option>nixpkgs.config</option> set.
</para>
<itemizedlist>
<listitem>
<para>
Allow installing of packages that are distributed under unfree license by setting
<programlisting>allowUnfree = true;</programlisting>
or deny them by setting it to <literal>false</literal>.
</para>
<para>
Same can be achieved by setting the environment variable:
<programlisting>$ export NIXPKGS_ALLOW_UNFREE=1</programlisting>
</para>
</listitem>
<listitem>
<para>
Whenever unfree packages are not allowed, single packages can
still be allowed by a predicate function that accepts package
as an argument and should return a boolean:
<programlisting>allowUnfreePredicate = (pkg: ...);</programlisting>
Example to allow flash player only:
<programlisting>allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "flashplayer-" pkg.name);</programlisting>
</para>
</listitem>
<listitem>
<para>
Whenever unfree packages are not allowed, packages can still be
whitelisted by their license:
<programlisting>whitelistedLicenses = with stdenv.lib.licenses; [ amd wtfpl ];</programlisting>
</para>
</listitem>
<listitem>
<para>
In addition to whitelisting licenses which are denied by the
<literal>allowUnfree</literal> setting, you can also explicitely
deny installation of packages which have a certain license:
<programlisting>blacklistedLicenses = with stdenv.lib.licenses; [ agpl3 gpl3 ];</programlisting>
</para>
</listitem>
</itemizedlist>
<para>
A complete list of licenses can be found in the file
<filename>lib/licenses.nix</filename> of the nix package tree.
</para>
<section xml:id="sec-modify-via-packageOverrides"><title>Modify
packages via <literal>packageOverrides</literal></title>
<para>
You can define a function called <varname>packageOverrides</varname>
in your local <filename>~/.nixpkgs/config</filename> to overide nix
packages. It must be a function that takes pkgs as an argument and
return modified set of packages.
<programlisting>{
packageOverrides = pkgs: rec {
foo = pkgs.foo.override { ... };
};
}</programlisting>
</para>
</section>
</chapter>

View File

@ -270,7 +270,7 @@ Additional information.
</listitem>
<listitem>
<para>If staging is already in a broken state, please refrain from adding extra new breakages. Stabilize it for a few days, merge into master, then resume development on staging. <link xlink:href="http://hydra.nixos.org/jobset/nixpkgs/staging#tabs-evaluations">Keep an eye on the staging evaluations here</link>.</para>
<para>If staging is already in a broken state, please refrain from adding extra new breakages. Stabilize it for a few days, merge into master, then resume development on staging. <link xlink:href="http://hydra.nixos.org/jobset/nixpkgs/staging#tabs-evaluations">Keep an eye on the staging evaluations here</link>. If any fixes for staging happen to be already in master, then master can be merged into staging.</para>
</listitem>
<listitem>

View File

@ -23,6 +23,17 @@ rec {
then attrByPath (tail attrPath) default e.${attr}
else default;
/* Return if an attribute from nested attribute set exists.
For instance ["x" "y"] applied to some set e returns true, if e.x.y exists. False
is returned otherwise. */
hasAttrByPath = attrPath: e:
let attr = head attrPath;
in
if attrPath == [] then true
else if e ? ${attr}
then hasAttrByPath (tail attrPath) e.${attr}
else false;
/* Return nested attribute set in which an attribute is set. For instance
["x" "y"] applied with some value v returns `x.y = v;' */

View File

@ -92,8 +92,7 @@
eikek = "Eike Kettner <eike.kettner@posteo.de>";
elasticdog = "Aaron Bull Schaefer <aaron@elasticdog.com>";
ellis = "Ellis Whitehead <nixos@ellisw.net>";
emery = "Emery Hemingway <emery@vfemail.net>";
enolan = "Echo Nolan <echo@echonolan.net>";
ehmry = "Emery Hemingway <emery@vfemail.net>";
epitrochoid = "Mabry Cervin <mpcervin@uncg.edu>";
ericbmerritt = "Eric Merritt <eric@afiniate.com>";
ericsagnes = "Eric Sagnes <eric.sagnes@gmail.com>";
@ -119,6 +118,7 @@
gebner = "Gabriel Ebner <gebner@gebner.org>";
gfxmonk = "Tim Cuthbertson <tim@gfxmonk.net>";
giogadi = "Luis G. Torres <lgtorres42@gmail.com>";
gleber = "Gleb Peregud <gleber.p@gmail.com>";
globin = "Robin Gloster <robin@glob.in>";
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
gridaphobe = "Eric Seidel <eric@seidel.io>";
@ -142,6 +142,7 @@
jefdaj = "Jeffrey David Johnson <jefdaj@gmail.com>";
jfb = "James Felix Black <james@yamtime.com>";
jgeerds = "Jascha Geerds <jg@ekby.de>";
jgillich = "Jakob Gillich <jakob@gillich.me>";
jirkamarsik = "Jirka Marsik <jiri.marsik89@gmail.com>";
joachifm = "Joachim Fasting <joachifm@fastmail.fm>";
joamaki = "Jussi Maki <joamaki@gmail.com>";
@ -174,6 +175,7 @@
lsix = "Lancelot SIX <lsix@lancelotsix.com>";
ludo = "Ludovic Courtès <ludo@gnu.org>";
lukego = "Luke Gorrie <luke@snabb.co>";
luispedro = "Luis Pedro Coelho <luis@luispedro.org>";
lw = "Sergey Sofeychuk <lw@fmap.me>";
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
magnetophon = "Bart Brouns <bart@magnetophon.nl>";
@ -182,7 +184,7 @@
malyn = "Michael Alyn Miller <malyn@strangeGizmo.com>";
manveru = "Michael Fellinger <m.fellinger@gmail.com>";
marcweber = "Marc Weber <marco-oweber@gmx.de>";
markWot = "Markus Wotringer <markus@wotringer.de";
markWot = "Markus Wotringer <markus@wotringer.de>";
maurer = "Matthew Maurer <matthew.r.maurer+nix@gmail.com>";
matejc = "Matej Cotman <cotman.matej@gmail.com>";
mathnerd314 = "Mathnerd314 <mathnerd314.gph+hs@gmail.com>";
@ -207,6 +209,7 @@
muflax = "Stefan Dorn <mail@muflax.com>";
nathan-gs = "Nathan Bijnens <nathan@nathan.gs>";
nckx = "Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>";
nequissimus = "Tim Steinbach <tim@nequissimus.com>";
nico202 = "Nicolò Balzarotti <anothersms@gmail.com>";
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
np = "Nicolas Pouillard <np.nix@nicolaspouillard.fr>";
@ -218,6 +221,7 @@
olcai = "Erik Timan <dev@timan.info>";
orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
osener = "Ozan Sener <ozan@ozansener.com>";
oxij = "Jan Malakhovski <oxij@oxij.org>";
page = "Carles Pagès <page@cubata.homelinux.net>";
paholg = "Paho Lurie-Gregg <paho@paholg.com>";
pakhfn = "Fedor Pakhomov <pakhfn@gmail.com>";
@ -237,6 +241,7 @@
pmahoney = "Patrick Mahoney <pat@polycrystal.org>";
pmiddend = "Philipp Middendorf <pmidden@secure.mailbox.org>";
prikhi = "Pavan Rikhi <pavan.rikhi@gmail.com>";
profpatsch = "Profpatsch <mail@profpatsch.de>";
psibi = "Sibi <sibi@psibi.in>";
pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
puffnfresh = "Brian McKenna <brian@brianmckenna.org>";
@ -287,6 +292,7 @@
tailhook = "Paul Colomiets <paul@colomiets.name>";
taktoa = "Remy Goldschmidt <taktoa@gmail.com>";
telotortium = "Robert Irelan <rirelan@gmail.com>";
thall = "Niclas Thall <niclas.thall@gmail.com>";
thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
theuni = "Christian Theune <ct@flyingcircus.io>";

View File

@ -52,6 +52,10 @@ rec {
# libraries for a set of packages, e.g. "${pkg1}/lib:${pkg2}/lib:...".
makeLibraryPath = makeSearchPath "lib";
# Construct a binary search path (such as $PATH) containing the
# binaries for a set of packages, e.g. "${pkg1}/bin:${pkg2}/bin:...".
makeBinPath = makeSearchPath "bin";
# Idem for Perl search paths.
makePerlPath = makeSearchPath "lib/perl5/site_perl";
@ -231,4 +235,19 @@ rec {
then may_be_int
else throw "Could not convert ${str} to int.";
# Read a list of paths from `file', relative to the `rootPath'. Lines
# beginning with `#' are treated as comments and ignored. Whitespace
# is significant.
readPathsFromFile = rootPath: file:
let
root = toString rootPath;
lines =
builtins.map (lib.removeSuffix "\n")
(lib.splitString "\n" (builtins.readFile file));
removeComments = lib.filter (line: !(lib.hasPrefix "#" line));
relativePaths = removeComments lines;
absolutePaths = builtins.map (path: builtins.toPath (root + "/" + path)) relativePaths;
in
absolutePaths;
}

View File

@ -120,4 +120,14 @@ runTests {
expected = { success = false; value = false; };
};
testHasAttrByPathTrue = {
expr = hasAttrByPath ["a" "b"] { a = { b = "yey"; }; };
expected = true;
};
testHasAttrByPathFalse = {
expr = hasAttrByPath ["a" "b"] { a = { c = "yey"; }; };
expected = false;
};
}

View File

@ -0,0 +1,18 @@
/* Helper expression for copy-tarballs. This returns (nearly) all
tarballs used the free packages in Nixpkgs.
Typical usage:
$ copy-tarballs.pl --expr 'import <nixpkgs/maintainers/scripts/all-tarballs.nix>'
*/
removeAttrs (import ../../pkgs/top-level/release.nix
{ # Don't apply hydraJob to jobs, because then we can't get to the
# dependency graph.
scrubJobs = false;
# No need to evaluate on i686.
supportedSystems = [ "x86_64-linux" ];
})
[ # Remove jobs whose evaluation depends on a writable Nix store.
"tarball" "unstable"
]

View File

@ -1,73 +1,153 @@
#! /run/current-system/sw/bin/perl -w
#! /usr/bin/env nix-shell
#! nix-shell -i perl -p perl perlPackages.NetAmazonS3 perlPackages.FileSlurp nixUnstable
# This command uploads tarballs to tarballs.nixos.org, the
# content-addressed cache used by fetchurl as a fallback for when
# upstream tarballs disappear or change. Usage:
#
# 1) To upload a single file:
#
# $ copy-tarballs.pl --file /path/to/tarball.tar.gz
#
# 2) To upload all files obtained via calls to fetchurl in a Nix derivation:
#
# $ copy-tarballs.pl --expr '(import <nixpkgs> {}).hello'
use strict;
use XML::Simple;
use warnings;
use File::Basename;
use File::Path;
use File::Copy 'cp';
use IPC::Open2;
use File::Slurp;
use JSON;
use Net::Amazon::S3;
use Nix::Store;
my $myDir = dirname($0);
# S3 setup.
my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die;
my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die;
my $tarballsCache = $ENV{'NIX_TARBALLS_CACHE'} // "/tarballs";
my $s3 = Net::Amazon::S3->new(
{ aws_access_key_id => $aws_access_key_id,
aws_secret_access_key => $aws_secret_access_key,
retry => 1,
});
my $xml = `nix-instantiate --eval-only --xml --strict '<nixpkgs/maintainers/scripts/find-tarballs.nix>'`;
die "$0: evaluation failed\n" if $? != 0;
my $bucket = $s3->bucket("nixpkgs-tarballs") or die;
my $data = XMLin($xml) or die;
my $cacheFile = "/tmp/copy-tarballs-cache";
my %cache;
$cache{$_} = 1 foreach read_file($cacheFile, err_mode => 'quiet', chomp => 1);
mkpath($tarballsCache);
mkpath("$tarballsCache/md5");
mkpath("$tarballsCache/sha1");
mkpath("$tarballsCache/sha256");
END() {
write_file($cacheFile, map { "$_\n" } keys %cache);
}
foreach my $file (@{$data->{list}->{attrs}}) {
my $url = $file->{attr}->{url}->{string}->{value};
my $algo = $file->{attr}->{type}->{string}->{value};
my $hash = $file->{attr}->{hash}->{string}->{value};
sub alreadyMirrored {
my ($algo, $hash) = @_;
my $key = "$algo/$hash";
return 1 if defined $cache{$key};
my $res = defined $bucket->get_key($key);
$cache{$key} = 1 if $res;
return $res;
}
sub uploadFile {
my ($fn, $name) = @_;
my $md5_16 = hashFile("md5", 0, $fn) or die;
my $sha1_16 = hashFile("sha1", 0, $fn) or die;
my $sha256_32 = hashFile("sha256", 1, $fn) or die;
my $sha256_16 = hashFile("sha256", 0, $fn) or die;
my $sha512_32 = hashFile("sha512", 1, $fn) or die;
my $sha512_16 = hashFile("sha512", 0, $fn) or die;
my $mainKey = "sha512/$sha512_16";
# Create redirects from the other hash types.
sub redirect {
my ($name, $dest) = @_;
#print STDERR "linking $name to $dest...\n";
$bucket->add_key($name, "", { 'x-amz-website-redirect-location' => "/" . $dest })
or die "failed to create redirect from $name to $dest\n";
$cache{$name} = 1;
}
redirect "md5/$md5_16", $mainKey;
redirect "sha1/$sha1_16", $mainKey;
redirect "sha256/$sha256_32", $mainKey;
redirect "sha256/$sha256_16", $mainKey;
redirect "sha512/$sha512_32", $mainKey;
# Upload the file as sha512/<hash-in-base-16>.
print STDERR "uploading $fn to $mainKey...\n";
$bucket->add_key_filename($mainKey, $fn, { 'x-amz-meta-original-name' => $name })
or die "failed to upload $fn to $mainKey\n";
$cache{$mainKey} = 1;
}
my $op = shift @ARGV;
if ($op eq "--file") {
my $res = 0;
foreach my $fn (@ARGV) {
eval {
if (alreadyMirrored("sha512", hashFile("sha512", 0, $fn))) {
print STDERR "$fn is already mirrored\n";
} else {
uploadFile($fn, basename $fn);
}
};
if ($@) {
warn "$@\n";
$res = 1;
}
}
exit $res;
}
elsif ($op eq "--expr") {
# Evaluate find-tarballs.nix.
my $expr = $ARGV[0] // die "$0: --expr requires a Nix expression\n";
my $pid = open(JSON, "-|", "nix-instantiate", "--eval", "--json", "--strict",
"<nixpkgs/maintainers/scripts/find-tarballs.nix>",
"--arg", "expr", $expr);
my $stdout = <JSON>;
waitpid($pid, 0);
die "$0: evaluation failed\n" if $?;
close JSON;
my $fetches = decode_json($stdout);
print STDERR "evaluation returned ", scalar(@{$fetches}), " tarballs\n";
# Check every fetchurl call discovered by find-tarballs.nix.
my $mirrored = 0;
my $have = 0;
foreach my $fetch (@{$fetches}) {
my $url = $fetch->{url};
my $algo = $fetch->{type};
my $hash = $fetch->{hash};
if (defined $ENV{DEBUG}) {
print "$url $algo $hash\n";
next;
}
if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) {
print STDERR "skipping $url (unsupported scheme)\n";
next;
}
$url =~ /([^\/]+)$/;
my $fn = $1;
if (!defined $fn) {
print STDERR "skipping $url (no file name)\n";
if (alreadyMirrored($algo, $hash)) {
$have++;
next;
}
if ($fn =~ /[&?=%]/ || $fn =~ /^\./) {
print STDERR "skipping $url (bad character in file name)\n";
next;
}
if ($fn !~ /[a-zA-Z]/) {
print STDERR "skipping $url (no letter in file name)\n";
next;
}
if ($fn !~ /[0-9]/) {
print STDERR "skipping $url (no digit in file name)\n";
next;
}
if ($fn !~ /[-_\.]/) {
print STDERR "skipping $url (no dash/dot/underscore in file name)\n";
next;
}
my $dstPath = "$tarballsCache/$fn";
next if -e $dstPath;
print "downloading $url to $dstPath...\n";
print STDERR "mirroring $url...\n";
next if $ENV{DRY_RUN};
# Download the file using nix-prefetch-url.
$ENV{QUIET} = 1;
$ENV{PRINT_PATH} = 1;
my $fh;
@ -79,19 +159,13 @@ foreach my $file (@{$data->{list}->{attrs}}) {
}
<$fh>; my $storePath = <$fh>; chomp $storePath;
die unless -e $storePath;
cp($storePath, $dstPath) or die;
my $md5 = hashFile("md5", 0, $storePath) or die;
symlink("../$fn", "$tarballsCache/md5/$md5");
my $sha1 = hashFile("sha1", 0, $storePath) or die;
symlink("../$fn", "$tarballsCache/sha1/$sha1");
my $sha256 = hashFile("sha256", 0, $storePath) or die;
symlink("../$fn", "$tarballsCache/sha256/$sha256");
$sha256 = hashFile("sha256", 1, $storePath) or die;
symlink("../$fn", "$tarballsCache/sha256/$sha256");
uploadFile($storePath, $url);
$mirrored++;
}
print STDERR "mirrored $mirrored files, already have $have files\n";
}
else {
die "Syntax: $0 --file FILENAMES... | --expr EXPR\n";
}

View File

@ -1,12 +1,13 @@
# This expression returns a list of all fetchurl calls used by all
# packages reachable from release.nix.
# This expression returns a list of all fetchurl calls used by expr.
with import ../.. { };
with lib;
{ expr }:
let
root = removeAttrs (import ../../pkgs/top-level/release.nix { }) [ "tarball" "unstable" ];
root = expr;
uniqueUrls = map (x: x.file) (genericClosure {
startSet = map (file: { key = file.url; inherit file; }) urls;
@ -15,7 +16,10 @@ let
urls = map (drv: { url = head drv.urls; hash = drv.outputHash; type = drv.outputHashAlgo; }) fetchurlDependencies;
fetchurlDependencies = filter (drv: drv.outputHash or "" != "" && drv ? urls) dependencies;
fetchurlDependencies =
filter
(drv: drv.outputHash or "" != "" && drv.outputHashMode == "flat" && drv.postFetch or "" == "" && drv ? urls)
dependencies;
dependencies = map (x: x.value) (genericClosure {
startSet = map keyDrv (derivationsIn' root);

View File

@ -12,7 +12,7 @@ git_data="$(echo "$raw_git_log" | grep 'Author:' |
# Also there are a few manual entries
maintainers="$(cat "$(dirname "$0")/../../lib/maintainers.nix" |
grep '=' | sed -re 's/\\"/''/g;
s/ *([^ =]*) *= *" *(.*[^ ]) *[<](.*)[>] *".*/\1\t\2\t\3/')"
s/[ ]*([^ =]*)[ ]*=[ ]*" *(.*[^ ]) *[<](.*)[>] *".*/\1\t\2\t\3/')"
git_lines="$( ( echo "$git_data";
cat "$(dirname "$0")/vanity-manual-equalities.txt") | sort |uniq)"

View File

@ -22,8 +22,10 @@ containers.database =
</programlisting>
If you run <literal>nixos-rebuild switch</literal>, the container will
be built and started. If the container was already running, it will be
updated in place, without rebooting.</para>
be built. If the container was already running, it will be
updated in place, without rebooting. The container can be configured to
start automatically by setting <literal>containers.database.autoStart = true</literal>
in its configuration.</para>
<para>By default, declarative containers share the network namespace
of the host, meaning that they can listen on (privileged)
@ -47,7 +49,9 @@ on container networking.)</para>
<para>To disable the container, just remove it from
<filename>configuration.nix</filename> and run <literal>nixos-rebuild
switch</literal>. Note that this will not delete the root directory of
the container in <literal>/var/lib/containers</literal>.</para>
the container in <literal>/var/lib/containers</literal>. Containers can be
destroyed using the imperative method: <literal>nixos-container destroy
foo</literal>.</para>
<para>Declarative containers can be started and stopped using the
corresponding systemd service, e.g. <literal>systemctl start

View File

@ -26,6 +26,7 @@ effect after you run <command>nixos-rebuild</command>.</para>
<!-- FIXME: auto-include NixOS module docs -->
<xi:include href="postgresql.xml" />
<xi:include href="acme.xml" />
<xi:include href="nixos.xml" />
<!-- Apache; libvirtd virtualisation -->

View File

@ -55,6 +55,7 @@ let
cp -prd $sources/* . # */
chmod -R u+w .
cp ${../../modules/services/databases/postgresql.xml} configuration/postgresql.xml
cp ${../../modules/security/acme.xml} configuration/acme.xml
cp ${../../modules/misc/nixos.xml} configuration/nixos.xml
ln -s ${optionsDocBook} options-db.xml
echo "${version}" > version

View File

@ -104,6 +104,15 @@ nginx.override {
You can (still) use the <literal>html-tidy</literal> package, which got updated
to a stable release from this new upstream.</para>
</listitem>
<listitem>
<para><literal>extraDeviceOptions</literal> argument is removed
from <literal>bumblebee</literal> package. Instead there are
now two separate arguments: <literal>extraNvidiaDeviceOptions</literal>
and <literal>extraNouveauDeviceOptions</literal> for setting
extra X11 options for nvidia and nouveau drivers, respectively.
</para>
</listitem>
</itemizedlist>
</section>

View File

@ -96,6 +96,15 @@ in
example = "http://127.0.0.1:3128";
};
allProxy = lib.mkOption {
type = types.nullOr types.str;
default = cfg.proxy.default;
description = ''
This option specifies the all_proxy environment variable.
'';
example = "http://127.0.0.1:3128";
};
noProxy = lib.mkOption {
type = types.nullOr types.str;
default = null;
@ -183,6 +192,8 @@ in
rsync_proxy = cfg.proxy.rsyncProxy;
} // optionalAttrs (cfg.proxy.ftpProxy != null) {
ftp_proxy = cfg.proxy.ftpProxy;
} // optionalAttrs (cfg.proxy.allProxy != null) {
all_proxy = cfg.proxy.allProxy;
} // optionalAttrs (cfg.proxy.noProxy != null) {
no_proxy = cfg.proxy.noProxy;
};

View File

@ -237,6 +237,7 @@
calibre-server = 213;
heapster = 214;
bepasty = 215;
pumpio = 216;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -451,6 +452,7 @@
xtreemfs = 212;
calibre-server = 213;
bepasty = 215;
pumpio = 216;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

View File

@ -80,6 +80,7 @@
./programs/xfs_quota.nix
./programs/zsh/zsh.nix
./rename.nix
./security/acme.nix
./security/apparmor.nix
./security/apparmor-suid.nix
./security/ca.nix
@ -312,6 +313,7 @@
./services/networking/lambdabot.nix
./services/networking/mailpile.nix
./services/networking/minidlna.nix
./services/networking/miniupnpd.nix
./services/networking/mstpd.nix
./services/networking/murmur.nix
./services/networking/namecoind.nix
@ -342,6 +344,7 @@
./services/networking/searx.nix
./services/networking/seeks.nix
./services/networking/skydns.nix
./services/networking/shairport-sync.nix
./services/networking/shout.nix
./services/networking/softether.nix
./services/networking/spiped.nix
@ -401,6 +404,7 @@
./services/ttys/agetty.nix
./services/ttys/gpm.nix
./services/ttys/kmscon.nix
./services/web-apps/pump.io.nix
./services/web-servers/apache-httpd/default.nix
./services/web-servers/fcgiwrap.nix
./services/web-servers/jboss/default.nix
@ -506,6 +510,7 @@
./virtualisation/amazon-options.nix
./virtualisation/openvswitch.nix
./virtualisation/parallels-guest.nix
./virtualisation/rkt.nix
./virtualisation/virtualbox-guest.nix
./virtualisation/virtualbox-host.nix
./virtualisation/vmware-guest.nix

View File

@ -0,0 +1,202 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.security.acme;
certOpts = { ... }: {
options = {
webroot = mkOption {
type = types.str;
description = ''
Where the webroot of the HTTP vhost is located.
<filename>.well-known/acme-challenge/</filename> directory
will be created automatically if it doesn't exist.
<literal>http://example.org/.well-known/acme-challenge/</literal> must also
be available (notice unencrypted HTTP).
'';
};
email = mkOption {
type = types.nullOr types.str;
default = null;
description = "Contact email address for the CA to be able to reach you.";
};
user = mkOption {
type = types.str;
default = "root";
description = "User running the ACME client.";
};
group = mkOption {
type = types.str;
default = "root";
description = "Group running the ACME client.";
};
postRun = mkOption {
type = types.lines;
default = "";
example = "systemctl reload nginx.service";
description = ''
Commands to run after certificates are re-issued. Typically
the web server and other servers using certificates need to
be reloaded.
'';
};
plugins = mkOption {
type = types.listOf (types.enum [
"cert.der" "cert.pem" "chain.der" "chain.pem" "external_pem.sh"
"fullchain.der" "fullchain.pem" "key.der" "key.pem" "account_key.json"
]);
default = [ "fullchain.pem" "key.pem" "account_key.json" ];
description = ''
Plugins to enable. With default settings simp_le will
store public certificate bundle in <filename>fullchain.pem</filename>
and private key in <filename>key.pem</filename> in its state directory.
'';
};
extraDomains = mkOption {
type = types.attrsOf (types.nullOr types.str);
default = {};
example = {
"example.org" = "/srv/http/nginx";
"mydomain.org" = null;
};
description = ''
Extra domain names for which certificates are to be issued, with their
own server roots if needed.
'';
};
};
};
in
{
###### interface
options = {
security.acme = {
directory = mkOption {
default = "/var/lib/acme";
type = types.str;
description = ''
Directory where certs and other state will be stored by default.
'';
};
validMin = mkOption {
type = types.int;
default = 30 * 24 * 3600;
description = "Minimum remaining validity before renewal in seconds.";
};
renewInterval = mkOption {
type = types.str;
default = "weekly";
description = ''
Systemd calendar expression when to check for renewal. See
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>.
'';
};
certs = mkOption {
default = { };
type = types.loaOf types.optionSet;
description = ''
Attribute set of certificates to get signed and renewed.
'';
options = [ certOpts ];
example = {
"example.com" = {
webroot = "/var/www/challenges/";
email = "foo@example.com";
extraDomains = { "www.example.com" = null; "foo.example.com" = "/var/www/foo/"; };
};
"bar.example.com" = {
webroot = "/var/www/challenges/";
email = "bar@example.com";
};
};
};
};
};
###### implementation
config = mkMerge [
(mkIf (cfg.certs != { }) {
systemd.services = flip mapAttrs' cfg.certs (cert: data:
let
cpath = "${cfg.directory}/${cert}";
cmdline = [ "-v" "-d" cert "--default_root" data.webroot "--valid_min" cfg.validMin ]
++ optionals (data.email != null) [ "--email" data.email ]
++ concatMap (p: [ "-f" p ]) data.plugins
++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains);
in nameValuePair
("acme-${cert}")
({
description = "ACME cert renewal for ${cert} using simp_le";
after = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
SuccessExitStatus = [ "0" "1" ];
PermissionsStartOnly = true;
User = data.user;
Group = data.group;
PrivateTmp = true;
};
path = [ pkgs.simp_le ];
preStart = ''
mkdir -p '${cfg.directory}'
if [ ! -d '${cpath}' ]; then
mkdir -m 700 '${cpath}'
chown '${data.user}:${data.group}' '${cpath}'
fi
'';
script = ''
cd '${cpath}'
set +e
simp_le ${concatMapStringsSep " " (arg: escapeShellArg (toString arg)) cmdline}
EXITCODE=$?
set -e
echo "$EXITCODE" > /tmp/lastExitCode
exit "$EXITCODE"
'';
postStop = ''
if [ -e /tmp/lastExitCode ] && [ "$(cat /tmp/lastExitCode)" = "0" ]; then
echo "Executing postRun hook..."
${data.postRun}
fi
'';
})
);
systemd.timers = flip mapAttrs' cfg.certs (cert: data: nameValuePair
("acme-${cert}")
({
description = "timer for ACME cert renewal of ${cert}";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = cfg.renewInterval;
Unit = "acme-${cert}.service";
};
})
);
})
{ meta.maintainers = with lib.maintainers; [ abbradar fpletz globin ];
meta.doc = ./acme.xml;
}
];
}

View File

@ -0,0 +1,69 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-security-acme">
<title>SSL/TLS Certificates with ACME</title>
<para>NixOS supports automatic domain validation &amp; certificate
retrieval and renewal using the ACME protocol. This is currently only
implemented by and for Let's Encrypt. The alternative ACME client
<literal>simp_le</literal> is used under the hood.</para>
<section><title>Prerequisites</title>
<para>You need to have a running HTTP server for verification. The server must
have a webroot defined that can serve
<filename>.well-known/acme-challenge</filename>. This directory must be
writeable by the user that will run the ACME client.</para>
<para>For instance, this generic snippet could be used for Nginx:
<programlisting>
http {
server {
server_name _;
listen 80;
listen [::]:80;
location /.well-known/acme-challenge {
root /var/www/challenges;
}
location / {
return 301 https://$host$request_uri;
}
}
}
</programlisting>
</para>
</section>
<section><title>Configuring</title>
<para>To enable ACME certificate retrieval &amp; renewal for a certificate for
<literal>foo.example.com</literal>, add the following in your
<filename>configuration.nix</filename>:
<programlisting>
security.acme.certs."foo.example.com" = {
webroot = "/var/www/challenges";
email = "foo@example.com";
};
</programlisting>
</para>
<para>The private key <filename>key.pem</filename> and certificate
<filename>fullchain.pem</filename> will be put into
<filename>/var/lib/acme/foo.example.com</filename>. The target directory can
be configured with the option <literal>security.acme.directory</literal>.
</para>
<para>Refer to <xref linkend="ch-options" /> for all available configuration
options for the <literal>security.acme</literal> module.</para>
</section>
</chapter>

View File

@ -65,7 +65,7 @@ in {
type = types.str;
description = ''
Verbatim configuration file contents.
See http://www.rabbitmq.com/configure.htm
See http://www.rabbitmq.com/configure.html
'';
};

View File

@ -124,7 +124,7 @@ in {
assertions = [
{ assertion = cfg.databasePassword != "";
message = "databasePassword must be set";
message = "services.redmine.databasePassword must be set";
}
];

View File

@ -73,28 +73,27 @@ in
###### implementation
config = mkIf config.services.cntlm.enable {
services.cntlm.netbios_hostname = mkDefault config.networking.hostName;
users.extraUsers = singleton {
name = "cntlm";
description = "cntlm system-wide daemon";
home = "/var/empty";
};
jobs.cntlm =
{ description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy";
startOn = "started network-interfaces";
daemonType = "fork";
exec =
''
systemd.services.cntlm = {
description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "forking";
User = "cntlm";
ExecStart = ''
${pkgs.cntlm}/bin/cntlm -U cntlm \
-c ${pkgs.writeText "cntlm_config" cfg.extraConfig}
'';
};
};
services.cntlm.netbios_hostname = mkDefault config.networking.hostName;
users.extraUsers.cntlm = {
name = "cntlm";
description = "cntlm system-wide daemon";
home = "/var/empty";
};
services.cntlm.extraConfig =
''
@ -109,7 +108,6 @@ in
Listen ${toString port}
'') cfg.port}
'';
};
}

View File

@ -18,7 +18,7 @@ let
password=${config.services.ddclient.password}
protocol=${config.services.ddclient.protocol}
server=${config.services.ddclient.server}
ssl=${if config.services.ddclient.ssl then "yes" else "yes"}
ssl=${if config.services.ddclient.ssl then "yes" else "no"}
wildcard=YES
${config.services.ddclient.domain}
${config.services.ddclient.extraConfig}

View File

@ -53,11 +53,13 @@ in
default = false;
description = ''
Enable putting a wireless interface into infrastructure mode,
allowing other wireless devices to associate with the wireless interface and do
wireless networking. A simple access point will enable hostapd.wpa, and
hostapd.wpa_passphrase, hostapd.ssid, dhcpd on the wireless interface to
provide IP addresses to the associated stations, and nat (from the wireless
interface to an upstream interface).
allowing other wireless devices to associate with the wireless
interface and do wireless networking. A simple access point will
<option>enable hostapd.wpa</option>,
<option>hostapd.wpaPassphrase</option>, and
<option>hostapd.ssid</option>, as well as DHCP on the wireless
interface to provide IP addresses to the associated stations, and
NAT (from the wireless interface to an upstream interface).
'';
};
@ -73,7 +75,10 @@ in
default = "nl80211";
example = "hostapd";
type = types.string;
description = "Which driver hostapd will use. Most things will probably use the default.";
description = ''
Which driver <command>hostapd</command> will use.
Most applications will probably use the default.
'';
};
ssid = mkOption {
@ -87,7 +92,10 @@ in
default = "b";
example = "g";
type = types.string;
description = "Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g";
description = ''
Operation mode.
(a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g).
'';
};
channel = mkOption {
@ -97,8 +105,9 @@ in
description =
''
Channel number (IEEE 802.11)
Please note that some drivers do not use this value from hostapd and the
channel will need to be configured separately with iwconfig.
Please note that some drivers do not use this value from
<command>hostapd</command> and the channel will need to be configured
separately with <command>iwconfig</command>.
'';
};
@ -106,12 +115,16 @@ in
default = "wheel";
example = "network";
type = types.string;
description = "members of this group can control hostapd";
description = ''
Members of this group can control <command>hostapd</command>.
'';
};
wpa = mkOption {
default = true;
description = "enable WPA (IEEE 802.11i/D3.0) to authenticate to the access point";
description = ''
Enable WPA (IEEE 802.11i/D3.0) to authenticate with the access point.
'';
};
wpaPassphrase = mkOption {
@ -121,8 +134,9 @@ in
description =
''
WPA-PSK (pre-shared-key) passphrase. Clients will need this
passphrase to associate with this access point. Warning: This passphrase will
get put into a world-readable file in the nix store.
passphrase to associate with this access point.
Warning: This passphrase will get put into a world-readable file in
the Nix store!
'';
};
@ -134,7 +148,7 @@ in
ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40]
'';
type = types.string;
description = "Extra configuration options to put in the hostapd.conf";
description = "Extra configuration options to put in hostapd.conf.";
};
};
};

View File

@ -0,0 +1,99 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.miniupnpd;
configFile = pkgs.writeText "miniupnpd.conf" ''
ext_ifname=${cfg.externalInterface}
enable_natpmp=${if cfg.natpmp then "yes" else "no"}
enable_upnp=${if cfg.upnp then "yes" else "no"}
${concatMapStrings (range: ''
listening_ip=${range}
'') cfg.internalIPs}
${cfg.appendConfig}
'';
in
{
options = {
services.miniupnpd = {
enable = mkEnableOption "MiniUPnP daemon";
externalInterface = mkOption {
type = types.str;
description = ''
Name of the external interface.
'';
};
internalIPs = mkOption {
type = types.listOf types.str;
example = [ "192.168.1.1/24" "enp1s0" ];
description = ''
The IP address ranges to listen on.
'';
};
natpmp = mkEnableOption "NAT-PMP support";
upnp = mkOption {
default = true;
type = types.bool;
description = ''
Whether to enable UPNP support.
'';
};
appendConfig = mkOption {
type = types.lines;
default = "";
description = ''
Configuration lines appended to the MiniUPnP config.
'';
};
};
};
config = mkIf cfg.enable {
# from miniupnpd/netfilter/iptables_init.sh
networking.firewall.extraCommands = ''
iptables -t nat -N MINIUPNPD
iptables -t nat -A PREROUTING -i ${cfg.externalInterface} -j MINIUPNPD
iptables -t mangle -N MINIUPNPD
iptables -t mangle -A PREROUTING -i ${cfg.externalInterface} -j MINIUPNPD
iptables -t filter -N MINIUPNPD
iptables -t filter -A FORWARD -i ${cfg.externalInterface} ! -o ${cfg.externalInterface} -j MINIUPNPD
iptables -t nat -N MINIUPNPD-PCP-PEER
iptables -t nat -A POSTROUTING -o ${cfg.externalInterface} -j MINIUPNPD-PCP-PEER
'';
# from miniupnpd/netfilter/iptables_removeall.sh
networking.firewall.extraStopCommands = ''
iptables -t nat -F MINIUPNPD
iptables -t nat -D PREROUTING -i ${cfg.externalInterface} -j MINIUPNPD
iptables -t nat -X MINIUPNPD
iptables -t mangle -F MINIUPNPD
iptables -t mangle -D PREROUTING -i ${cfg.externalInterface} -j MINIUPNPD
iptables -t mangle -X MINIUPNPD
iptables -t filter -F MINIUPNPD
iptables -t filter -D FORWARD -i ${cfg.externalInterface} ! -o ${cfg.externalInterface} -j MINIUPNPD
iptables -t filter -X MINIUPNPD
iptables -t nat -F MINIUPNPD-PCP-PEER
iptables -t nat -D POSTROUTING -o ${cfg.externalInterface} -j MINIUPNPD-PCP-PEER
iptables -t nat -X MINIUPNPD-PCP-PEER
'';
systemd.services.miniupnpd = {
description = "MiniUPnP daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.miniupnpd}/bin/miniupnpd -f ${configFile}";
PIDFile = "/var/run/miniupnpd.pid";
Type = "forking";
};
};
};
}

View File

@ -0,0 +1,80 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.shairport-sync;
in
{
###### interface
options = {
services.shairport-sync = {
enable = mkOption {
default = false;
description = ''
Enable the shairport-sync daemon.
Running with a local system-wide or remote pulseaudio server
is recommended.
'';
};
arguments = mkOption {
default = "-v -o pulse";
description = ''
Arguments to pass to the daemon. Defaults to a local pulseaudio
server.
'';
};
user = mkOption {
default = "shairport";
description = ''
User account name under which to run shairport-sync. The account
will be created.
'';
};
};
};
###### implementation
config = mkIf config.services.shairport-sync.enable {
services.avahi.enable = true;
users.extraUsers = singleton
{ name = cfg.user;
description = "Shairport user";
isSystemUser = true;
createHome = true;
home = "/var/lib/shairport-sync";
extraGroups = [ "audio" ] ++ optional config.hardware.pulseaudio.enable "pulse";
};
systemd.services.shairport-sync =
{
description = "shairport-sync";
after = [ "network.target" "avahi-daemon.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.user;
ExecStart = "${pkgs.shairport-sync}/bin/shairport-sync ${cfg.arguments}";
};
};
environment.systemPackages = [ pkgs.shairport-sync ];
};
}

View File

@ -57,7 +57,7 @@ in {
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
preStart = if isNull cfg.configFile then null
preStart = if isNull cfg.configFile then ""
else ''
ln -sf ${pkgs.writeText "config.js" cfg.configFile} \
${shoutHome}/config.js

View File

@ -3,22 +3,37 @@ with lib;
let
clamavUser = "clamav";
stateDir = "/var/lib/clamav";
runDir = "/var/run/clamav";
logDir = "/var/log/clamav";
clamavGroup = clamavUser;
cfg = config.services.clamav;
clamdConfigFile = pkgs.writeText "clamd.conf" ''
DatabaseDirectory ${stateDir}
LocalSocket ${runDir}/clamd.ctl
LogFile ${logDir}/clamav.log
PidFile ${runDir}/clamd.pid
User clamav
${cfg.daemon.extraConfig}
'';
in
{
###### interface
options = {
services.clamav = {
updater = {
enable = mkOption {
default = false;
daemon = {
enable = mkEnableOption "clamd daemon";
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Whether to enable automatic ClamAV virus definitions database updates.
Extra configuration for clamd. Contents will be added verbatim to the
configuration file.
'';
};
};
updater = {
enable = mkEnableOption "freshclam updater";
frequency = mkOption {
default = 12;
@ -38,43 +53,65 @@ in
};
};
###### implementation
config = mkIf cfg.updater.enable {
config = mkIf cfg.updater.enable or cfg.daemon.enable {
environment.systemPackages = [ pkgs.clamav ];
users.extraUsers = singleton
{ name = clamavUser;
users.extraUsers = singleton {
name = clamavUser;
uid = config.ids.uids.clamav;
description = "ClamAV daemon user";
home = stateDir;
};
users.extraGroups = singleton
{ name = clamavGroup;
users.extraGroups = singleton {
name = clamavGroup;
gid = config.ids.gids.clamav;
};
services.clamav.updater.config = ''
services.clamav.updater.config = mkIf cfg.updater.enable ''
DatabaseDirectory ${stateDir}
Foreground yes
Checks ${toString cfg.updater.frequency}
DatabaseMirror database.clamav.net
'';
jobs = {
clamav_updater = {
name = "clamav-updater";
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
systemd.services.clamd = mkIf cfg.daemon.enable {
description = "ClamAV daemon (clamd)";
path = [ pkgs.clamav ];
after = [ "network.target" "freshclam.service" ];
requires = [ "freshclam.service" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -m 0755 -p ${logDir}
mkdir -m 0755 -p ${runDir}
chown ${clamavUser}:${clamavGroup} ${logDir}
chown ${clamavUser}:${clamavGroup} ${runDir}
'';
serviceConfig = {
ExecStart = "${pkgs.clamav}/bin/clamd --config-file=${clamdConfigFile}";
Type = "forking";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "on-failure";
RestartSec = "10s";
StartLimitInterval = "1min";
};
};
systemd.services.freshclam = mkIf cfg.updater.enable {
description = "ClamAV updater (freshclam)";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.clamav ];
preStart = ''
mkdir -m 0755 -p ${stateDir}
chown ${clamavUser}:${clamavGroup} ${stateDir}
'';
exec = "${pkgs.clamav}/bin/freshclam --daemon --config-file=${pkgs.writeText "freshclam.conf" cfg.updater.config}";
serviceConfig = {
ExecStart = "${pkgs.clamav}/bin/freshclam --daemon --config-file=${pkgs.writeText "freshclam.conf" cfg.updater.config}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "on-failure";
RestartSec = "10s";
StartLimitInterval = "1min";
};
};
};
}

View File

@ -124,10 +124,15 @@ in
${pkgs.xz}/lib/liblzma*.so* mr,
${pkgs.libgcrypt}/lib/libgcrypt*.so* mr,
${pkgs.libgpgerror}/lib/libgpg-error*.so* mr,
${pkgs.libnghttp2}/lib/libnghttp2*.so* mr,
${pkgs.c-ares}/lib/libcares*.so* mr,
${pkgs.libcap}/lib/libcap*.so* mr,
${pkgs.attr}/lib/libattr*.so* mr,
@{PROC}/sys/kernel/random/uuid r,
@{PROC}/sys/vm/overcommit_memory r,
${pkgs.openssl}/etc/** r,
${pkgs.transmission}/share/transmission/** r,
owner ${settingsDir}/** rw,

View File

@ -0,0 +1,364 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.pumpio;
dataDir = "/var/lib/pump.io";
user = "pumpio";
configOptions = {
driver = if cfg.driver == "disk" then null else cfg.driver;
params = ({ } //
(if cfg.driver == "disk" then {
dir = dataDir;
} else { }) //
(if cfg.driver == "mongodb" || cfg.driver == "redis" then {
host = cfg.dbHost;
port = cfg.dbPort;
dbname = cfg.dbName;
dbuser = cfg.dbUser;
dbpass = cfg.dbPassword;
} else { }) //
(if cfg.driver == "memcached" then {
host = cfg.dbHost;
port = cfg.dbPort;
} else { }) //
cfg.driverParams);
secret = cfg.secret;
address = cfg.address;
port = cfg.port;
noweb = false;
urlPort = cfg.urlPort;
hostname = cfg.hostname;
favicon = cfg.favicon;
site = cfg.site;
owner = cfg.owner;
ownerURL = cfg.ownerURL;
key = cfg.sslKey;
cert = cfg.sslCert;
bounce = false;
spamhost = cfg.spamHost;
spamclientid = cfg.spamClientId;
spamclientsecret = cfg.spamClientSecret;
requireEmail = cfg.requireEmail;
smtpserver = cfg.smtpHost;
smtpport = cfg.smtpPort;
smtpuser = cfg.smtpUser;
smtppass = cfg.smtpPassword;
smtpusessl = cfg.smtpUseSSL;
smtpfrom = cfg.smtpFrom;
nologger = false;
uploaddir = "${dataDir}/uploads";
debugClient = false;
firehose = cfg.firehose;
disableRegistration = cfg.disableRegistration;
} //
(if cfg.port < 1024 then {
serverUser = user; # have pump.io listen then drop privileges
} else { }) //
cfg.extraConfig;
in
{
options = {
services.pumpio = {
enable = mkEnableOption "Pump.io social streams server";
secret = mkOption {
type = types.str;
example = "my dog has fleas";
description = ''
A session-generating secret, server-wide password. Warning:
this is stored in cleartext in the Nix store!
'';
};
site = mkOption {
type = types.str;
example = "Awesome Sauce";
description = "Name of the server";
};
owner = mkOption {
type = types.str;
default = "";
example = "Awesome Inc.";
description = "Name of owning entity, if you want to link to it.";
};
ownerURL = mkOption {
type = types.str;
default = "";
example = "https://pump.io";
description = "URL of owning entity, if you want to link to it.";
};
address = mkOption {
type = types.str;
default = "localhost";
description = ''
Web server listen address.
'';
};
port = mkOption {
type = types.int;
default = 31337;
description = ''
Port to listen on. Defaults to 31337, which is suitable for
running behind a reverse proxy. For a standalone server,
use 443.
'';
};
hostname = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The hostname of the server, used for generating
URLs. Defaults to "localhost" which doesn't do much for you.
'';
};
urlPort = mkOption {
type = types.int;
default = 443;
description = ''
Port to use for generating URLs. This basically has to be
either 80 or 443 because the host-meta and Webfinger
protocols don't make any provision for HTTP/HTTPS servers
running on other ports.
'';
};
favicon = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Local filesystem path to the favicon.ico file to use. This
will be served as "/favicon.ico" by the server.
'';
};
sslKey = mkOption {
type = types.path;
example = "${dataDir}/myserver.key";
default = "";
description = ''
The path to the server certificate private key. The
certificate is required, but it can be self-signed.
'';
};
sslCert = mkOption {
type = types.path;
example = "${dataDir}/myserver.crt";
default = "";
description = ''
The path to the server certificate. The certificate is
required, but it can be self-signed.
'';
};
firehose = mkOption {
type = types.str;
default = "ofirehose.com";
description = ''
Firehose host running the ofirehose software. Defaults to
"ofirehose.com". Public notices will be ping this firehose
server and from there go out to search engines and the
world. If you want to disconnect from the public web, set
this to something falsy.
'';
};
disableRegistration = mkOption {
type = types.bool;
default = false;
description = ''
Disables registering new users on the site through the Web
or the API.
'';
};
requireEmail = mkOption {
type = types.bool;
default = false;
description = "Require an e-mail address to register.";
};
extraConfig = mkOption {
default = { };
description = ''
Extra configuration options which are serialized to json and added
to the pump.io.json config file.
'';
};
driver = mkOption {
type = types.enum [ "mongodb" "disk" "lrucache" "memcached" "redis" ];
default = "mongodb";
description = "Type of database. Corresponds to a nodejs databank driver.";
};
driverParams = mkOption {
default = { };
description = "Extra parameters for the driver.";
};
dbHost = mkOption {
type = types.str;
default = "localhost";
description = "The database host to connect to.";
};
dbPort = mkOption {
type = types.int;
default = 27017;
description = "The port that the database is listening on.";
};
dbName = mkOption {
type = types.str;
default = "pumpio";
description = "The name of the database to use.";
};
dbUser = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The username. Defaults to null, meaning no authentication.
'';
};
dbPassword = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The password corresponding to dbUser. Warning: this is
stored in cleartext in the Nix store!
'';
};
smtpHost = mkOption {
type = types.nullOr types.str;
default = null;
example = "localhost";
description = ''
Server to use for sending transactional email. If it's not
set up, no email is sent and features like password recovery
and email notification won't work.
'';
};
smtpPort = mkOption {
type = types.int;
default = 25;
description = ''
Port to connect to on SMTP server.
'';
};
smtpUser = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Username to use to connect to SMTP server. Might not be
necessary for some servers.
'';
};
smtpPassword = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Password to use to connect to SMTP server. Might not be
necessary for some servers. Warning: this is stored in
cleartext in the Nix store!
'';
};
smtpUseSSL = mkOption {
type = types.bool;
default = false;
description = ''
Only use SSL with the SMTP server. By default, a SSL
connection is negotiated using TLS. You may need to change
the smtpPort value if you set this.
'';
};
smtpFrom = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Email address to use in the "From:" header of outgoing
notifications. Defaults to 'no-reply@' plus the site
hostname.
'';
};
spamHost = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Host running activityspam software to use to test updates
for spam.
'';
};
spamClientId = mkOption {
type = types.nullOr types.str;
default = null;
description = "OAuth pair for spam server.";
};
spamClientSecret = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
OAuth pair for spam server. Warning: this is
stored in cleartext in the Nix store!
'';
};
};
};
config = mkIf cfg.enable {
systemd.services."pump.io" =
{ description = "pump.io social network stream server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.pumpio}/bin/pump -c /etc/pump.io.json";
serviceConfig.User = if cfg.port < 1024 then "root" else user;
serviceConfig.Group = user;
};
environment.etc."pump.io.json" = {
mode = "0440";
gid = config.ids.gids.pumpio;
text = builtins.toJSON configOptions;
};
users.extraGroups.pumpio.gid = config.ids.gids.pumpio;
users.extraUsers.pumpio = {
group = "pumpio";
uid = config.ids.uids.pumpio;
description = "Pump.io user";
home = dataDir;
createHome = true;
};
};
}

View File

@ -8,9 +8,7 @@ let
cfg = xcfg.desktopManager.kde5;
xorg = pkgs.xorg;
kf5 = pkgs.kf5_stable;
plasma5 = pkgs.plasma5_stable;
kdeApps = pkgs.kdeApps_stable;
kde5 = pkgs.kde5;
in
@ -57,12 +55,12 @@ in
services.xserver.desktopManager.session = singleton {
name = "kde5";
bgSupport = true;
start = ''exec ${plasma5.plasma-workspace}/bin/startkde;'';
start = ''exec ${kde5.plasma-workspace}/bin/startkde;'';
};
security.setuidOwners = singleton {
program = "kcheckpass";
source = "${plasma5.plasma-workspace}/lib/libexec/kcheckpass";
source = "${kde5.plasma-workspace}/lib/libexec/kcheckpass";
owner = "root";
group = "root";
setuid = true;
@ -72,52 +70,62 @@ in
[
pkgs.qt4 # qtconfig is the only way to set Qt 4 theme
kf5.frameworkintegration
kf5.kinit
kde5.frameworkintegration
kde5.kinit
plasma5.breeze
plasma5.kde-cli-tools
plasma5.kdeplasma-addons
plasma5.kgamma5
plasma5.khelpcenter
plasma5.khotkeys
plasma5.kinfocenter
plasma5.kmenuedit
plasma5.kscreen
plasma5.ksysguard
plasma5.kwayland
plasma5.kwin
plasma5.kwrited
plasma5.milou
plasma5.oxygen
plasma5.polkit-kde-agent
plasma5.systemsettings
kde5.breeze
kde5.kde-cli-tools
kde5.kdeplasma-addons
kde5.kgamma5
kde5.khelpcenter
kde5.khotkeys
kde5.kinfocenter
kde5.kmenuedit
kde5.kscreen
kde5.ksysguard
kde5.kwayland
kde5.kwin
kde5.kwrited
kde5.milou
kde5.oxygen
kde5.polkit-kde-agent
kde5.systemsettings
plasma5.plasma-desktop
plasma5.plasma-workspace
plasma5.plasma-workspace-wallpapers
kde5.plasma-desktop
kde5.plasma-workspace
kde5.plasma-workspace-wallpapers
kdeApps.ark
kdeApps.dolphin
kdeApps.dolphin-plugins
kdeApps.ffmpegthumbs
kdeApps.gwenview
kdeApps.kate
kdeApps.kdegraphics-thumbnailers
kdeApps.konsole
kdeApps.okular
kdeApps.print-manager
kde5.ark
kde5.dolphin
kde5.dolphin-plugins
kde5.ffmpegthumbs
kde5.gwenview
kde5.kate
kde5.kdegraphics-thumbnailers
kde5.konsole
kde5.okular
kde5.print-manager
(kdeApps.oxygen-icons or kf5.oxygen-icons5)
# Oxygen icons moved to KDE Frameworks 5.16 and later.
(kde5.oxygen-icons or kde5.oxygen-icons5)
pkgs.hicolor_icon_theme
plasma5.kde-gtk-config
pkgs.orion # GTK theme, nearly identical to Breeze
kde5.kde-gtk-config
]
++ lib.optional config.hardware.bluetooth.enable plasma5.bluedevil
++ lib.optional config.networking.networkmanager.enable plasma5.plasma-nm
++ lib.optional config.hardware.pulseaudio.enable plasma5.plasma-pa
++ lib.optional config.powerManagement.enable plasma5.powerdevil
# Plasma 5.5 and later has a Breeze GTK theme.
# If it is not available, Orion is very similar to Breeze.
++ lib.optional (!(lib.hasAttr "breeze-gtk" kde5)) pkgs.orion
# Install Breeze icons if available
++ lib.optional (lib.hasAttr "breeze-icons" kde5) kde5.breeze-icons
# Optional hardware support features
++ lib.optional config.hardware.bluetooth.enable kde5.bluedevil
++ lib.optional config.networking.networkmanager.enable kde5.plasma-nm
++ lib.optional config.hardware.pulseaudio.enable kde5.plasma-pa
++ lib.optional config.powerManagement.enable kde5.powerdevil
++ lib.optionals cfg.phonon.gstreamer.enable
[
pkgs.phonon_backend_gstreamer
@ -135,6 +143,7 @@ in
pkgs.gst_all_1.gst-plugins-bad
pkgs.gst_all_1.gst-libav # for mp3 playback
]
++ lib.optionals cfg.phonon.vlc.enable
[
pkgs.phonon_qt5_backend_vlc
@ -155,9 +164,14 @@ in
GST_PLUGIN_SYSTEM_PATH_1_0 = [ "/lib/gstreamer-1.0" ];
};
fonts.fonts = [ (plasma5.oxygen-fonts or pkgs.noto-fonts) ];
# Enable GTK applications to load SVG icons
environment.variables = mkIf (lib.hasAttr "breeze-icons" kde5) {
GDK_PIXBUF_MODULE_FILE = "${pkgs.librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache";
};
programs.ssh.askPassword = "${plasma5.ksshaskpass}/bin/ksshaskpass";
fonts.fonts = [ (kde5.oxygen-fonts or pkgs.noto-fonts) ];
programs.ssh.askPassword = "${kde5.ksshaskpass}/bin/ksshaskpass";
# Enable helpful DBus services.
services.udisks2.enable = true;
@ -166,6 +180,14 @@ in
# Extra UDEV rules used by Solid
services.udev.packages = [ pkgs.media-player-info ];
services.xserver.displayManager.sddm = {
theme = "breeze";
themes = [
kde5.plasma-workspace
(kde5.oxygen-icons or kde5.oxygen-icons5)
];
};
security.pam.services.kde = { allowNullPassword = true; };
};

View File

@ -37,7 +37,7 @@ let
# file provided by services.xserver.displayManager.session.script
xsession = wm: dm: pkgs.writeScript "xsession"
''
#! /bin/sh
#! ${pkgs.bash}/bin/bash
. /etc/profile
cd "$HOME"

View File

@ -13,9 +13,16 @@ let
# lightdm runs with clearenv(), but we need a few things in the enviornment for X to startup
xserverWrapper = writeScript "xserver-wrapper"
''
#! /bin/sh
#! ${pkgs.bash}/bin/bash
${concatMapStrings (n: "export ${n}=\"${getAttr n xEnv}\"\n") (attrNames xEnv)}
exec ${dmcfg.xserverBin} ${dmcfg.xserverArgs}
display=$(echo "$@" | xargs -n 1 | grep -P ^:\\d\$ | head -n 1 | sed s/^://)
if [ -z "$display" ]
then additionalArgs=":0 -logfile /var/log/X.0.log"
else additionalArgs="-logfile /var/log/X.$display.log"
fi
exec ${dmcfg.xserverBin} ${dmcfg.xserverArgs} $additionalArgs "$@"
'';
usersConf = writeText "users.conf"
@ -39,7 +46,6 @@ let
greeter-session = ${cfg.greeter.name}
${cfg.extraSeatDefaults}
'';
in
{
# Note: the order in which lightdm greeter modules are imported
@ -98,7 +104,6 @@ in
};
config = mkIf cfg.enable {
services.xserver.displayManager.slim.enable = false;
services.xserver.displayManager.job = {
@ -149,5 +154,7 @@ in
services.xserver.displayManager.lightdm.background = mkDefault "${pkgs.nixos-artwork}/share/artwork/gnome/Gnome_Dark.png";
services.xserver.tty = null; # We might start multiple X servers so let the tty increment themselves..
services.xserver.display = null; # We specify our own display (and logfile) in xserver-wrapper up there
};
}

View File

@ -9,12 +9,24 @@ let
cfg = dmcfg.sddm;
xEnv = config.systemd.services."display-manager".environment;
sddm = pkgs.sddm.override { inherit (cfg) themes; };
xserverWrapper = pkgs.writeScript "xserver-wrapper" ''
#!/bin/sh
${concatMapStrings (n: "export ${n}=\"${getAttr n xEnv}\"\n") (attrNames xEnv)}
exec ${dmcfg.xserverBin} ${dmcfg.xserverArgs} "$@"
'';
Xsetup = pkgs.writeScript "Xsetup" ''
#!/bin/sh
${cfg.setupScript}
'';
Xstop = pkgs.writeScript "Xstop" ''
#!/bin/sh
${cfg.stopScript}
'';
cfgFile = pkgs.writeText "sddm.conf" ''
[General]
HaltCommand=${pkgs.systemd}/bin/systemctl poweroff
@ -22,6 +34,8 @@ let
[Theme]
Current=${cfg.theme}
ThemeDir=${sddm}/share/sddm/themes
FacesDir=${sddm}/share/sddm/faces
[Users]
MaximumUid=${toString config.ids.uids.nixbld}
@ -35,6 +49,8 @@ let
SessionCommand=${dmcfg.session.script}
SessionDir=${dmcfg.session.desktops}
XauthPath=${pkgs.xorg.xauth}/bin/xauth
DisplayCommand=${Xsetup}
DisplayStopCommand=${Xstop}
${optionalString cfg.autoLogin.enable ''
[Autologin]
@ -86,6 +102,35 @@ in
'';
};
themes = mkOption {
type = types.listOf types.package;
default = [];
description = ''
Extra packages providing themes.
'';
};
setupScript = mkOption {
type = types.str;
default = "";
example = ''
# workaround for using NVIDIA Optimus without Bumblebee
xrandr --setprovideroutputsource modesetting NVIDIA-0
xrandr --auto
'';
description = ''
A script to execute when starting the display server.
'';
};
stopScript = mkOption {
type = types.str;
default = "";
description = ''
A script to execute when stopping the display server.
'';
};
autoLogin = mkOption {
default = {};
description = ''
@ -130,7 +175,9 @@ in
assertions = [
{ assertion = cfg.autoLogin.enable -> cfg.autoLogin.user != null;
message = "SDDM auto-login requires services.xserver.displayManager.sddm.autoLogin.user to be set";
message = ''
SDDM auto-login requires services.xserver.displayManager.sddm.autoLogin.user to be set
'';
}
{ assertion = cfg.autoLogin.enable -> elem defaultSessionName dmcfg.session.names;
message = ''
@ -146,8 +193,7 @@ in
services.xserver.displayManager.job = {
logsXsession = true;
#execCmd = "${pkgs.sddm}/bin/sddm";
execCmd = "exec ${pkgs.sddm}/bin/sddm";
execCmd = "exec ${sddm}/bin/sddm";
};
security.pam.services = {

View File

@ -12,6 +12,7 @@ in
./bspwm.nix
./clfswm.nix
./compiz.nix
./dwm.nix
./fluxbox.nix
./herbstluftwm.nix
./i3.nix

View File

@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.windowManager.dwm;
in
{
###### interface
options = {
services.xserver.windowManager.dwm.enable = mkEnableOption "dwm";
};
###### implementation
config = mkIf cfg.enable {
services.xserver.windowManager.session = singleton
{ name = "dwm";
start =
''
${pkgs.dwm}/bin/dwm &
waitPID=$!
'';
};
environment.systemPackages = [ pkgs.dwm ];
};
}

View File

@ -381,13 +381,13 @@ in
};
tty = mkOption {
type = types.int;
type = types.nullOr types.int;
default = 7;
description = "Virtual console for the X server.";
};
display = mkOption {
type = types.int;
type = types.nullOr types.int;
default = 0;
description = "Display number for the X server.";
};
@ -517,11 +517,12 @@ in
services.xserver.displayManager.xserverArgs =
[ "-ac"
"-terminate"
"-logfile" "/var/log/X.${toString cfg.display}.log"
"-config ${configFile}"
":${toString cfg.display}" "vt${toString cfg.tty}"
"-xkbdir" "${pkgs.xkeyboard_config}/etc/X11/xkb"
] ++ optional (!cfg.enableTCP) "-nolisten tcp";
] ++ optional (cfg.display != null) ":${toString cfg.display}"
++ optional (cfg.tty != null) "vt${toString cfg.tty}"
++ optionals (cfg.display != null) [ "-logfile" "/var/log/X.${toString cfg.display}.log" ]
++ optional (!cfg.enableTCP) "-nolisten tcp";
services.xserver.modules =
concatLists (catAttrs "modules" cfg.drivers) ++

View File

@ -470,7 +470,7 @@ in
] ++ flip concatMap cfg.mirroredBoots (args: [
{
assertion = args.devices != [ ];
message = "A boot path cannot have an empty devices string in ${arg.path}";
message = "A boot path cannot have an empty devices string in ${args.path}";
}
{
assertion = hasPrefix "/" args.path;

View File

@ -148,6 +148,12 @@ let
# Misc.
"systemd-sysctl.service"
"dbus-org.freedesktop.timedate1.service"
"dbus-org.freedesktop.locale1.service"
"dbus-org.freedesktop.hostname1.service"
"systemd-timedated.service"
"systemd-localed.service"
"systemd-hostnamed.service"
]
++ cfg.additionalUpstreamSystemUnits;

View File

@ -0,0 +1,170 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.virtualisation.azure.agent;
waagent = with pkgs; stdenv.mkDerivation rec {
name = "waagent-2.0";
src = pkgs.fetchgit {
url = https://github.com/Phreedom/WALinuxAgent.git;
rev = "9dba81c7b1239c7971ec96e405e403c7cd224e6b";
sha256 = "0khxk3ns3z37v26f2qj6m3m698a0vqpc9bxg5p7fyr3xza5gzwhs";
};
buildInputs = [ makeWrapper python pythonPackages.wrapPython ];
runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh
nettools # for hostname
procps # for pidof
shadow # for useradd, usermod
utillinux # for (u)mount, fdisk, sfdisk, mkswap
parted
];
pythonPath = [ pythonPackages.pyasn1 ];
configurePhase = false;
buildPhase = false;
installPhase = ''
substituteInPlace config/99-azure-product-uuid.rules \
--replace /bin/chmod "${coreutils}/bin/chmod"
mkdir -p $out/lib/udev/rules.d
cp config/*.rules $out/lib/udev/rules.d
mkdir -p $out/bin
cp waagent $out/bin/
chmod +x $out/bin/waagent
wrapProgram "$out/bin/waagent" \
--prefix PYTHONPATH : $PYTHONPATH \
--prefix PATH : "${makeSearchPath "bin" runtimeDeps}"
'';
};
provisionedHook = pkgs.writeScript "provisioned-hook" ''
#!${pkgs.stdenv.shell}
${config.systemd.package}/bin/systemctl start provisioned.target
'';
in
{
###### interface
options.virtualisation.azure.agent.enable = mkOption {
default = false;
description = "Whether to enable the Windows Azure Linux Agent.";
};
###### implementation
config = mkIf cfg.enable {
assertions = [ {
assertion = pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64;
message = "Azure not currently supported on ${pkgs.stdenv.system}";
} {
assertion = config.networking.networkmanager.enable == false;
message = "Windows Azure Linux Agent is not compatible with NetworkManager";
} ];
boot.initrd.kernelModules = [ "ata_piix" ];
networking.firewall.allowedUDPPorts = [ 68 ];
environment.etc."waagent.conf".text = ''
#
# Windows Azure Linux Agent Configuration
#
Role.StateConsumer=${provisionedHook}
# Enable instance creation
Provisioning.Enabled=y
# Password authentication for root account will be unavailable.
Provisioning.DeleteRootPassword=n
# Generate fresh host key pair.
Provisioning.RegenerateSshHostKeyPair=y
# Supported values are "rsa", "dsa" and "ecdsa".
Provisioning.SshHostKeyPairType=ed25519
# Monitor host name changes and publish changes via DHCP requests.
Provisioning.MonitorHostName=y
# Decode CustomData from Base64.
Provisioning.DecodeCustomData=n
# Execute CustomData after provisioning.
Provisioning.ExecuteCustomData=n
# Format if unformatted. If 'n', resource disk will not be mounted.
ResourceDisk.Format=y
# File system on the resource disk
# Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.
ResourceDisk.Filesystem=ext4
# Mount point for the resource disk
ResourceDisk.MountPoint=/mnt/resource
# Respond to load balancer probes if requested by Windows Azure.
LBProbeResponder=y
# Enable logging to serial console (y|n)
# When stdout is not enough...
# 'y' if not set
Logs.Console=y
# Enable verbose logging (y|n)
Logs.Verbose=n
# Root device timeout in seconds.
OS.RootDeviceScsiTimeout=300
'';
services.udev.packages = [ waagent ];
networking.dhcpcd.persistent = true;
services.logrotate = {
enable = true;
config = ''
/var/log/waagent.log {
compress
monthly
rotate 6
notifempty
missingok
}
'';
};
systemd.targets.provisioned = {
description = "Services Requiring Azure VM provisioning to have finished";
wantedBy = [ "sshd.service" ];
before = [ "sshd.service" ];
};
systemd.services.waagent = {
wantedBy = [ "sshd.service" ];
before = [ "sshd.service" ];
after = [ "ip-up.target" ];
wants = [ "ip-up.target" ];
path = [ pkgs.e2fsprogs ];
description = "Windows Azure Agent Service";
unitConfig.ConditionPathExists = "/etc/waagent.conf";
serviceConfig = {
ExecStart = "${waagent}/bin/waagent -daemon";
Type = "simple";
};
};
};
}

View File

@ -4,6 +4,9 @@ with lib;
{
imports = [ ../profiles/headless.nix ];
require = [ ./azure-agent.nix ];
virtualisation.azure.agent.enable = true;
boot.kernelParams = [ "console=ttyS0" "earlyprintk=ttyS0" "rootdelay=300" "panic=1" "boot.panic_on_fail" ];
boot.initrd.kernelModules = [ "hv_vmbus" "hv_netvsc" "hv_utils" "hv_storvsc" ];

View File

@ -98,8 +98,8 @@ in
systemd.services.fetch-ssh-keys =
{ description = "Fetch host keys and authorized_keys for root user";
wantedBy = [ "sshd.service" ];
before = [ "sshd.service" ];
wantedBy = [ "sshd.service" "waagent.service" ];
before = [ "sshd.service" "waagent.service" ];
after = [ "local-fs.target" ];
path = [ pkgs.coreutils ];
@ -108,14 +108,14 @@ in
eval "$(base64 --decode /metadata/CustomData.bin)"
if ! [ -z "$ssh_host_ecdsa_key" ]; then
echo "downloaded ssh_host_ecdsa_key"
echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
echo "$ssh_host_ecdsa_key" > /etc/ssh/ssh_host_ed25519_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
fi
if ! [ -z "$ssh_host_ecdsa_key_pub" ]; then
echo "downloaded ssh_host_ecdsa_key_pub"
echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ecdsa_key.pub
chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub
echo "$ssh_host_ecdsa_key_pub" > /etc/ssh/ssh_host_ed25519_key.pub
chmod 644 /etc/ssh/ssh_host_ed25519_key.pub
fi
if ! [ -z "$ssh_root_auth_key" ]; then

View File

@ -76,14 +76,14 @@ let
-virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \
-virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \
${if cfg.useBootLoader then ''
-drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=${cfg.qemu.diskInterface},cache=writeback,werror=report \
-drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=${cfg.qemu.diskInterface},cache=none,werror=report \
-drive index=1,id=drive2,file=$TMPDIR/disk.img,media=disk \
${if cfg.useEFIBoot then ''
-pflash $TMPDIR/bios.bin \
'' else ''
''}
'' else ''
-drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=${cfg.qemu.diskInterface},cache=writeback,werror=report \
-drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=${cfg.qemu.diskInterface},cache=none,werror=report \
-kernel ${config.system.build.toplevel}/kernel \
-initrd ${config.system.build.toplevel}/initrd \
-append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \
@ -297,6 +297,7 @@ in
virtualisation.qemu = {
options =
mkOption {
type = types.listOf types.unspecified;
default = [];
example = [ "-vga std" ];
description = "Options passed to QEMU.";
@ -425,19 +426,19 @@ in
${if cfg.writableStore then "/nix/.ro-store" else "/nix/store"} =
{ device = "store";
fsType = "9p";
options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
options = "trans=virtio,version=9p2000.L,cache=loose";
neededForBoot = true;
};
"/tmp/xchg" =
{ device = "xchg";
fsType = "9p";
options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
options = "trans=virtio,version=9p2000.L,cache=loose";
neededForBoot = true;
};
"/tmp/shared" =
{ device = "shared";
fsType = "9p";
options = "trans=virtio,version=9p2000.L,msize=1048576";
options = "trans=virtio,version=9p2000.L";
neededForBoot = true;
};
} // optionalAttrs cfg.writableStore

View File

@ -0,0 +1,62 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.virtualisation.rkt;
in
{
options.virtualisation.rkt = {
enable = mkEnableOption "rkt metadata service";
gc = {
automatic = mkOption {
default = true;
type = types.bool;
description = "Automatically run the garbage collector at a specific time.";
};
dates = mkOption {
default = "03:15";
type = types.str;
description = ''
Specification (in the format described by
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>) of the time at
which the garbage collector will run.
'';
};
options = mkOption {
default = "--grace-period=24h";
type = types.str;
description = ''
Options given to <filename>rkt gc</filename> when the
garbage collector is run automatically.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.rkt ];
systemd.services.rkt = {
description = "rkt metadata service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.rkt}/bin/rkt metadata-service";
};
};
systemd.services.rkt-gc = {
description = "rkt garbage collection";
startAt = optionalString cfg.gc.automatic cfg.gc.dates;
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.rkt}/bin/rkt gc ${cfg.gc.options}";
};
};
};
}

View File

@ -83,6 +83,7 @@ in rec {
(all nixos.tests.openssh)
(all nixos.tests.printing)
(all nixos.tests.proxy)
(all nixos.tests.sddm)
(all nixos.tests.simple)
(all nixos.tests.udisks2)
(all nixos.tests.xfce)

View File

@ -283,9 +283,11 @@ in rec {
tests.peerflix = callTest tests/peerflix.nix {};
tests.printing = callTest tests/printing.nix {};
tests.proxy = callTest tests/proxy.nix {};
tests.pumpio = callTest tests/pump.io.nix {};
tests.quake3 = callTest tests/quake3.nix {};
tests.runInMachine = callTest tests/run-in-machine.nix {};
tests.sddm = callTest tests/sddm.nix {};
tests.sddm-kde5 = callTest tests/sddm-kde5.nix {};
tests.simple = callTest tests/simple.nix {};
tests.tomcat = callTest tests/tomcat.nix {};
tests.udisks2 = callTest tests/udisks2.nix {};

View File

@ -25,7 +25,7 @@ in
import ./make-test.nix ({ pkgs, ...} : {
name = "cjdns";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ emery ];
maintainers = [ ehmry ];
};
nodes = rec

94
nixos/tests/pump.io.nix Normal file
View File

@ -0,0 +1,94 @@
# This test runs pump.io with mongodb, listing on port 443.
import ./make-test.nix ({ pkgs, ...} : let
snakeOilKey = ''
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqVemio78R41Tz
MnR2zFD/wFT0iScOpFkuytNmuPf28FLaa9wSBWmuAGbEi7wBIfw8/bUqFBTQp2G1
m1cmcCKxhmvvOkGs89eM131s1lW/bXU3zYso4e7724kHwU65jRlQs6cFWIlmW7V5
3HQobP05dy+zPpujPPSlOQ0qYViR1s+RgZI8r0wS2ZDsliNtQwBLJSIvX6XVnXLo
F/HmF4/ySJ9pL2AxQXCwZE8SfCzHpArs9COIqTaAuwB79kxWSFQJewmab74BXiM6
9FMCtHON24Pl7OR9sRJHH8rMEzUumppmUeCNEzABjzQQ7svR18cmbzRWetp0tT9Y
7rj6URHHAgMBAAECggEAGmbCldDnlrAzxJY3cwpsK5f2EwkHIr/aiuQpLCzTUlUh
onVBYRGxtaSeSSyXcV2BKTrxz5nZOBYZkPqI4Y5T8kwxgpz2/QW2jUABUtNN6yPe
HU4gma+bSTJX5PnTZ/M0z0tpQezdLx5b3I2M+48ZGMUegZvcp8qU6N8U6VK5VbFD
DMTGL4b+Kc9HScRkCJjU3FfQcqf9Ml5w9jzHSeHImYEDrG0nX8N8EImRCBXbgxCl
5XT1h6LFUGdr+N6n2w56+6l8OZZVmwj1NdF6NJybUQl4Y7b0niA+5czzjRt/YUjZ
HW0fXmx3XlbYGWYdMdS+VaIW6pkUpm8kZkqjngqLwQKBgQDfhbFQmg9lsJQ8/dQZ
WzRNsozHKWkQiZbW5sXBWygJbAB3Hc8gvQkuZe9TVyF99cznRj6ro6pGZjP0rTdY
3ACTL+ygRArcIR6VsJCIr6nPvBLpOoNb8TQeKPmHC2gnSP9zaT/K2lldYISKNaYQ
0seB2gvZhIgMgWtZtmb3jdgl9wKBgQDDFdknXgvFgB+y96//9wTu2WWuE5yQ5yB7
utAcHNO9rx5X1tJqxymYh+iE8HUN25By+96SpNMQFI+0wNGVB00YWNBKtyepimWN
EUCojTy+MIXIjrLcvviEePsI4TPWYf8XtZeiYtcczYrt/wPQUYaDb8LBRfpIfmhr
rCGW93s+sQKBgEDOKTeeQyKPjJsWWL01RTfVsZ04s155FcOeyu0heb0plAT1Ho12
YUgTg8zc8Tfs4QiYxCjNXdvlW+Dvq6FWv8/s0CUzNRbXf1+U/oKys4AoHi+CqH0q
tJqd9KKjuwHQ10dl13n/znMVPbg4j7pG8lMCnfblxvAhQbeT+8yAUo/HAoGBAL3t
/n4KXNGK3NHDvXEp0H6t3wWsiEi3DPQJO+Wy1x8caCFCv5c/kaqz3tfWt0+njSm1
N8tzdx13tzVWaHV8Jz3l8dxcFtxEJnxB6L5wy0urOAS7kT3DG3b1xgmuH2a//7fY
jumE60NahcER/2eIh7pdS7IZbAO6NfVmH0m4Zh/xAoGAbquh60sAfLC/1O2/4Xom
PHS7z2+TNpwu4ou3nspxfigNQcTWzzzTVFLnaTPg+HKbLRXSWysjssmmj5u3lCyc
S2M9xuhApa9CrN/udz4gEojRVsTla/gyLifIZ3CtTn2QEQiIJEMxM+59KAlkgUBo
9BeZ03xTaEZfhVZ9bEN30Ak=
-----END PRIVATE KEY-----
'';
snakeOilCert = ''
-----BEGIN CERTIFICATE-----
MIICvjCCAaagAwIBAgIJANhA6+PPhomZMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV
BAMMDGIwOTM0YWMwYWZkNTAeFw0xNTExMzAxNzQ3MzVaFw0yNTExMjcxNzQ3MzVa
MBcxFTATBgNVBAMMDGIwOTM0YWMwYWZkNTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKpV6aKjvxHjVPMydHbMUP/AVPSJJw6kWS7K02a49/bwUtpr3BIF
aa4AZsSLvAEh/Dz9tSoUFNCnYbWbVyZwIrGGa+86Qazz14zXfWzWVb9tdTfNiyjh
7vvbiQfBTrmNGVCzpwVYiWZbtXncdChs/Tl3L7M+m6M89KU5DSphWJHWz5GBkjyv
TBLZkOyWI21DAEslIi9fpdWdcugX8eYXj/JIn2kvYDFBcLBkTxJ8LMekCuz0I4ip
NoC7AHv2TFZIVAl7CZpvvgFeIzr0UwK0c43bg+Xs5H2xEkcfyswTNS6ammZR4I0T
MAGPNBDuy9HXxyZvNFZ62nS1P1juuPpREccCAwEAAaMNMAswCQYDVR0TBAIwADAN
BgkqhkiG9w0BAQsFAAOCAQEAd2w9rxi6qF9WV8L3rHnTE7uu0ldtdgJlCASx6ouj
TleOnjfEg+kH8r8UbmRV5vsTDn1Qp5JGDYxfytRUQwLb1zTLde0xotx37E3LY8Wr
sD6Al4t8sHywB/hc5dy29TgG0iyG8LKZrkwytLvDZ814W3OwpN2rpEz6pdizdHNn
jsoDEngZiDHvLjIyE0cDkFXkeYMGXOnBUeOcu4nfu4C5eKs3nXGGAcNDbDRIuLoE
BZExUBY+YSs6JBvh5tvRqLVW0Dz0akEcjb/jhwS2LmDip8Pdoxx4Q1jPKEu38zrr
Vd5WD2HJhLb9u0UxVp9vfWIUDgydopV5ZmWCQ5YvNepb1w==
-----END CERTIFICATE-----
'';
makePump = { opts ? { } }:
{
enable = true;
sslCert = pkgs.writeText "snakeoil.cert" snakeOilCert;
sslKey = pkgs.writeText "snakeoil.pem" snakeOilKey;
secret = "test";
site = "test";
} // opts;
in {
name = "pumpio";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ rvl ];
};
nodes = {
one =
{ config, pkgs, ... }:
{
services = {
pumpio = makePump { opts = {
port = 443;
}; };
mongodb.enable = true;
mongodb.extraConfig = ''
nojournal = true
'';
};
systemd.services.mongodb.unitConfig.Before = "pump.io.service";
systemd.services.mongodb.unitConfig.RequiredBy = "pump.io.service";
};
};
testScript = ''
startAll;
$one->waitForUnit("pump.io.service");
$one->waitUntilSucceeds("curl -k https://localhost");
'';
})

29
nixos/tests/sddm-kde5.nix Normal file
View File

@ -0,0 +1,29 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "sddm";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ttuegel ];
};
machine = { lib, ... }: {
imports = [ ./common/user-account.nix ];
services.xserver.enable = true;
services.xserver.displayManager.sddm = {
enable = true;
autoLogin = {
enable = true;
user = "alice";
};
};
services.xserver.windowManager.default = "icewm";
services.xserver.windowManager.icewm.enable = true;
services.xserver.desktopManager.default = "none";
services.xserver.desktopManager.kde5.enable = true;
};
enableOCR = true;
testScript = { nodes, ... }: ''
startAll;
$machine->waitForWindow("^IceWM ");
'';
})

View File

@ -1,13 +1,13 @@
{ stdenv, fetchurl, db4, boost, openssl, miniupnpc, unzip }:
{ stdenv, fetchzip, db4, boost, openssl, miniupnpc, unzip }:
with stdenv.lib;
stdenv.mkDerivation rec {
version = "0.3.80";
name = "namecoind-${version}";
src = fetchurl {
src = fetchzip {
url = "https://github.com/namecoin/namecoin/archive/nc${version}.tar.gz";
sha256 = "1755mqxpg91wg9hf0ibpj59sdzfmhh73yrpi7hfi2ipabkwmlpiz";
sha256 = "0mbkhj7y3f4vbqp5q3zk27bzqlk2kq71rcgivvj06w29fzd64mw6";
};
buildInputs = [ db4 boost openssl unzip miniupnpc ];

View File

@ -1,22 +1,120 @@
{ stdenv, fetchgit, ncurses, pkgconfig, alsaLib, flac, libmad, ffmpeg, libvorbis, libmpc, mp4v2, libcue, libpulseaudio}:
{ stdenv, fetchFromGitHub, ncurses, pkgconfig
, alsaSupport ? stdenv.isLinux, alsaLib ? null
# simple fallback for everyone else
, aoSupport ? !stdenv.isLinux, libao ? null
, jackSupport ? false, libjack ? null
, samplerateSupport ? jackSupport, libsamplerate ? null
, ossSupport ? false, alsaOss ? null
, pulseaudioSupport ? false, libpulseaudio ? null
# TODO: add these
#, artsSupport
#, roarSupport
#, sndioSupport
#, sunSupport
#, waveoutSupport
, cddbSupport ? true, libcddb ? null
, cdioSupport ? true, libcdio ? null
, cueSupport ? true, libcue ? null
, discidSupport ? true, libdiscid ? null
, ffmpegSupport ? true, ffmpeg ? null
, flacSupport ? true, flac ? null
, madSupport ? true, libmad ? null
, mikmodSupport ? true, libmikmod ? null
, modplugSupport ? true, libmodplug ? null
, mpcSupport ? true, libmpcdec ? null
, tremorSupport ? false, tremor ? null
, vorbisSupport ? true, libvorbis ? null
, wavpackSupport ? true, wavpack ? null
# can't make these work, something is broken
#, aacSupport ? true, faac ? null
#, mp4Support ? true, mp4v2 ? null
#, opusSupport ? true, opusfile ? null
# not in nixpkgs
#, vtxSupport ? true, libayemu ? null
}:
with stdenv.lib;
assert samplerateSupport -> jackSupport;
# vorbis and tremor are mutually exclusive
assert vorbisSupport -> !tremorSupport;
assert tremorSupport -> !vorbisSupport;
let
mkFlag = b: f: dep: if b
then { flags = [ f ]; deps = [ dep ]; }
else { flags = []; deps = []; };
opts = [
# Audio output
(mkFlag alsaSupport "CONFIG_ALSA=y" alsaLib)
(mkFlag aoSupport "CONFIG_AO=y" libao)
(mkFlag jackSupport "CONFIG_JACK=y" libjack)
(mkFlag samplerateSupport "CONFIG_SAMPLERATE=y" libsamplerate)
(mkFlag ossSupport "CONFIG_OSS=y" alsaOss)
(mkFlag pulseaudioSupport "CONFIG_PULSE=y" libpulseaudio)
#(mkFlag artsSupport "CONFIG_ARTS=y")
#(mkFlag roarSupport "CONFIG_ROAR=y")
#(mkFlag sndioSupport "CONFIG_SNDIO=y")
#(mkFlag sunSupport "CONFIG_SUN=y")
#(mkFlag waveoutSupport "CONFIG_WAVEOUT=y")
# Input file formats
(mkFlag cddbSupport "CONFIG_CDDB=y" libcddb)
(mkFlag cdioSupport "CONFIG_CDIO=y" libcdio)
(mkFlag cueSupport "CONFIG_CUE=y" libcue)
(mkFlag discidSupport "CONFIG_DISCID=y" libdiscid)
(mkFlag ffmpegSupport "CONFIG_FFMPEG=y" ffmpeg)
(mkFlag flacSupport "CONFIG_FLAC=y" flac)
(mkFlag madSupport "CONFIG_MAD=y" libmad)
(mkFlag mikmodSupport "CONFIG_MIKMOD=y" libmikmod)
(mkFlag modplugSupport "CONFIG_MODPLUG=y" libmodplug)
(mkFlag mpcSupport "CONFIG_MPC=y" libmpcdec)
(mkFlag tremorSupport "CONFIG_TREMOR=y" tremor)
(mkFlag vorbisSupport "CONFIG_VORBIS=y" libvorbis)
(mkFlag wavpackSupport "CONFIG_WAVPACK=y" wavpack)
#(mkFlag opusSupport "CONFIG_OPUS=y" opusfile)
#(mkFlag mp4Support "CONFIG_MP4=y" mp4v2)
#(mkFlag aacSupport "CONFIG_AAC=y" faac)
#(mkFlag vtxSupport "CONFIG_VTX=y" libayemu)
];
in
stdenv.mkDerivation rec {
name = "cmus-${version}";
version = "2.6.0";
version = "2.7.0";
src = fetchgit {
url = https://github.com/cmus/cmus.git;
rev = "46b71032da827d22d4fae5bf2afcc4c9afef568c";
sha256 = "1hkqifll5ryf3ljp3w1dxz1p8m6rk34fpazc6vwavis6ga310hka";
src = fetchFromGitHub {
owner = "cmus";
repo = "cmus";
rev = "0306cc74c5073a85cf8619c61da5b94a3f863eaa";
sha256 = "18w9mznb843nzkrcqvshfha51mlpdl92zlvb5wfc5dpgrbf37728";
};
configurePhase = "./configure prefix=$out";
patches = [ ./option-debugging.patch ];
buildInputs = [ ncurses pkgconfig alsaLib flac libmad ffmpeg libvorbis libmpc mp4v2 libcue libpulseaudio ];
configurePhase = "./configure " + concatStringsSep " " ([
"prefix=$out"
"CONFIG_WAV=y"
] ++ concatMap (a: a.flags) opts);
buildInputs = [ ncurses pkgconfig ] ++ concatMap (a: a.deps) opts;
meta = {
description = "Small, fast and powerful console music player for Linux and *BSD";
homepage = https://cmus.github.io/;
license = stdenv.lib.licenses.gpl2;
maintainers = [ stdenv.lib.maintainers.oxij ];
};
}

View File

@ -0,0 +1,42 @@
Shows build and link errors in configure for ease of debugging which
options require what.
diff --git a/scripts/checks.sh b/scripts/checks.sh
index 64cbbf3..fab4d9b 100644
--- a/scripts/checks.sh
+++ b/scripts/checks.sh
@@ -425,7 +425,7 @@ try_compile()
echo "$1" > $__src || exit 1
shift
__cmd="$CC -c $CFLAGS $@ $__src -o $__obj"
- $CC -c $CFLAGS "$@" $__src -o $__obj 2>/dev/null
+ $CC -c $CFLAGS "$@" $__src -o $__obj
;;
cxx)
__src=`tmp_file prog.cc`
@@ -433,7 +433,7 @@ try_compile()
echo "$1" > $__src || exit 1
shift
__cmd="$CXX -c $CXXFLAGS $@ $__src -o $__obj"
- $CXX -c $CXXFLAGS "$@" $__src -o $__obj 2>/dev/null
+ $CXX -c $CXXFLAGS "$@" $__src -o $__obj
;;
esac
return $?
@@ -451,7 +451,7 @@ try_compile_link()
echo "$1" > $__src || exit 1
shift
__cmd="$CC $__src -o $__exe $CFLAGS $LDFLAGS $@"
- $CC $__src -o $__exe $CFLAGS $LDFLAGS "$@" 2>/dev/null
+ $CC $__src -o $__exe $CFLAGS $LDFLAGS "$@"
;;
cxx)
__src=`tmp_file prog.cc`
@@ -459,7 +459,7 @@ try_compile_link()
echo "$1" > $__src || exit 1
shift
__cmd="$CXX $__src -o $__exe $CXXFLAGS $CXXLDFLAGS $@"
- $CXX $__src -o $__exe $CXXFLAGS $CXXLDFLAGS "$@" 2>/dev/null
+ $CXX $__src -o $__exe $CXXFLAGS $CXXLDFLAGS "$@"
;;
esac
return $?

View File

@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
{ description = "Auditory binaural-beat generator";
homepage = http://gnaural.sourceforge.net/;
license = licenses.gpl2;
maintainers = [ maintainers.emery ];
maintainers = [ maintainers.ehmry ];
platforms = platforms.linux;
};
}

View File

@ -6,23 +6,24 @@ let
archUrl = name: arch: "http://dl.google.com/linux/musicmanager/deb/pool/main/g/google-musicmanager-beta/${name}_${arch}.deb";
in
stdenv.mkDerivation rec {
version = "beta_1.0.221.5230-r0"; # friendly to nix-env version sorting algo
version = "beta_1.0.243.1116-r0"; # friendly to nix-env version sorting algo
product = "google-musicmanager";
name = "${product}-${version}";
# When looking for newer versions, since google doesn't let you list their repo dirs,
# curl http://dl.google.com/linux/musicmanager/deb/dists/stable/Release
# fetch an appropriate packages file eg main/binary-amd64/Packages
# fetch an appropriate packages file such as main/binary-amd64/Packages:
# curl http://dl.google.com/linux/musicmanager/deb/dists/stable/main/binary-amd64/Packages
# which will contain the links to all available *.debs for the arch.
src = if stdenv.system == "x86_64-linux"
then fetchurl {
url = archUrl name "amd64";
sha256 = "1h0ssbz6y9xi2szalgb5wcxi8m1ylg4qf2za6zgvi908hpan7q37";
sha256 = "54f97f449136e173492d36084f2c01244b84f02d6e223fb8a40661093e0bec7c";
}
else fetchurl {
url = archUrl name "i386";
sha256 = "0q8cnzx7s25bpqlbp40d43mwd6m8kvhvdifkqlgc9phpydnqpd1i";
sha256 = "121a7939015e2270afa3f1c73554102e2b4f2e6a31482ff7be5e7c28dd101d3c";
};
unpackPhase = ''

View File

@ -40,7 +40,7 @@ stdenv.mkDerivation {
meta = with stdenv.lib;
{ description = "Collection of audio level meters with GUI in LV2 plugin format";
homepage = http://x42.github.io/meters.lv2/;
maintainers = with maintainers; [ emery ];
maintainers = with maintainers; [ ehmry ];
license = licenses.gpl2;
platforms = platforms.linux;
};

View File

@ -0,0 +1,23 @@
{ stdenv, fetchurl, pythonPackages, mopidy }:
pythonPackages.buildPythonPackage rec {
name = "mopidy-gmusic-${version}";
version = "1.0.0";
src = fetchurl {
url = "https://github.com/mopidy/mopidy-gmusic/archive/v${version}.tar.gz";
sha256 = "0yfilzfamy1bxnmgb1xk56jrk4sz0i7vcnc0a8klrm9sc7agnm9i";
};
propagatedBuildInputs = [ mopidy pythonPackages.requests2 pythonPackages.gmusicapi ];
doCheck = false;
meta = with stdenv.lib; {
homepage = http://www.mopidy.com/;
description = "Mopidy extension for playing music from Google Play Music";
license = licenses.asl20;
maintainers = [ maintainers.jgillich ];
hydraPlatforms = [];
};
}

View File

@ -5,15 +5,15 @@
pythonPackages.buildPythonPackage rec {
name = "mopidy-${version}";
version = "1.0.5";
version = "1.1.1";
src = fetchurl {
url = "https://github.com/mopidy/mopidy/archive/v${version}.tar.gz";
sha256 = "0lhmm2w2djf6mb3acw1yq1k4j74v1lf4kgx24dsdnpkgsycrv5q6";
sha256 = "1xfyg8xqgnrb98wx7a4fzr4vlzkffjhkc1s36ka63rwmx86vqhyw";
};
propagatedBuildInputs = with pythonPackages; [
gst_python pygobject pykka tornado gst_plugins_base gst_plugins_good
gst_python pygobject pykka tornado requests2 gst_plugins_base gst_plugins_good
];
# There are no tests

View File

@ -35,7 +35,7 @@ buildPythonPackage {
meta = with stdenv.lib; {
homepage = "http://musicbrainz.org/doc/MusicBrainz_Picard";
description = "The official MusicBrainz tagger";
maintainers = with maintainers; [ emery ];
maintainers = with maintainers; [ ehmry ];
license = licenses.gpl2;
platforms = platforms.all;
};

View File

@ -1,12 +1,12 @@
{ stdenv, fetchurl, alsaLib, gtk, pkgconfig }:
let version = "5417"; in
stdenv.mkDerivation {
stdenv.mkDerivation rec {
name = "praat-${version}";
version = "5.4.17";
src = fetchurl {
url = "http://www.fon.hum.uva.nl/praat/praat${version}_sources.tar.gz";
sha256 = "1bspl963pb1s6k3cd9p3g5j518pxg6hkrann945lqsrvbzaa20kl";
url = "https://github.com/praat/praat/archive/v${version}.tar.gz";
sha256 = "0s2hrksghg686059vc90h3ywhd2702pqcvy99icw27q5mdk6dqsx";
};
configurePhase = ''

View File

@ -1,20 +1,20 @@
{ stdenv, fetchurl, alsaLib, boost, cairo, cmake, fftwSinglePrec, fltk
, libjack2, libsndfile, lv2, mesa, minixml, pkgconfig, zlib, xorg
, libjack2, libsndfile, readline, lv2, mesa, minixml, pkgconfig, zlib, xorg
}:
assert stdenv ? glibc;
stdenv.mkDerivation rec {
name = "yoshimi-${version}";
version = "1.3.6";
version = "1.3.7.1";
src = fetchurl {
url = "mirror://sourceforge/yoshimi/${name}.tar.bz2";
sha256 = "0c2y59m945rrspnwdxmixk92z9nfiayxdxh582gf15nj8bvkh1l6";
sha256 = "13xc1x8jrr2rn26jx4dini692ww3771d5j5xf7f56ixqr7mmdhvz";
};
buildInputs = [
alsaLib boost cairo fftwSinglePrec fltk libjack2 libsndfile lv2 mesa
alsaLib boost cairo fftwSinglePrec fltk libjack2 libsndfile readline lv2 mesa
minixml zlib xorg.libpthreadstubs
];
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
preConfigure = "cd src";
cmakeFlags = [ "-DFLTK_MATH_LIBRARY=${stdenv.glibc}/lib/libm.so" ];
cmakeFlags = [ "-DFLTK_MATH_LIBRARY=${stdenv.glibc}/lib/libm.so -DCMAKE_INSTALL_DATAROOTDIR=$out" ];
meta = with stdenv.lib; {
description = "high quality software synthesizer based on ZynAddSubFX";

View File

@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
url = "https://github.com/zamaudio/zam-plugins.git";
deepClone = true;
rev = "91fe56931a3e57b80f18c740d2dde6b44f962aee";
sha256 = "17slpywjs04xbcylyqjg6kqbpqwqbigf843y437yfvj1ar6ir1jp";
sha256 = "0n29zxg4l2m3jsnfw6q2alyzaw7ibbv9nvk57k07sv3lh2yy3f30";
};
buildInputs = [ boost libX11 mesa liblo libjack2 ladspaH lv2 pkgconfig rubberband libsndfile ];

View File

@ -1,11 +1,14 @@
{ stdenv, fetchpatch, makeQtWrapper, fetchFromGitHub, cmake, pkgconfig, libxcb, libpthreadstubs
, libXdmcp, libXau, qtbase, qtdeclarative, qttools, pam, systemd }:
{ stdenv, makeQtWrapper, fetchFromGitHub
, cmake, pkgconfig, libxcb, libpthreadstubs, lndir
, libXdmcp, libXau, qtbase, qtdeclarative, qttools, pam, systemd
, themes
}:
let
version = "0.13.0";
in
stdenv.mkDerivation rec {
name = "sddm-${version}";
unwrapped = stdenv.mkDerivation rec {
name = "sddm-unwrapped-${version}";
src = fetchFromGitHub {
owner = "sddm";
@ -19,9 +22,11 @@ stdenv.mkDerivation rec {
./0002-fix-ConfigReader-QStringList-corruption.patch
];
nativeBuildInputs = [ cmake makeQtWrapper pkgconfig qttools ];
nativeBuildInputs = [ cmake pkgconfig qttools ];
buildInputs = [ libxcb libpthreadstubs libXdmcp libXau qtbase qtdeclarative pam systemd ];
buildInputs = [
libxcb libpthreadstubs libXdmcp libXau qtbase qtdeclarative pam systemd
];
cmakeFlags = [
"-DCONFIG_FILE=/etc/sddm.conf"
@ -38,17 +43,43 @@ stdenv.mkDerivation rec {
export cmakeFlags="$cmakeFlags -DQT_IMPORTS_DIR=$out/lib/qt5/qml -DCMAKE_INSTALL_SYSCONFDIR=$out/etc -DSYSTEMD_SYSTEM_UNIT_DIR=$out/lib/systemd/system"
'';
postInstall = ''
wrapQtProgram $out/bin/sddm
wrapQtProgram $out/bin/sddm-greeter
'';
enableParallelBuilding = true;
postInstall = ''
# remove empty scripts
rm "$out/share/sddm/scripts/Xsetup" "$out/share/sddm/scripts/Xstop"
'';
meta = with stdenv.lib; {
description = "QML based X11 display manager";
homepage = https://github.com/sddm/sddm;
platforms = platforms.linux;
maintainers = with maintainers; [ abbradar ];
maintainers = with maintainers; [ abbradar ttuegel ];
};
};
in
stdenv.mkDerivation {
name = "sddm-${version}";
phases = "installPhase";
nativeBuildInputs = [ lndir makeQtWrapper ];
buildInputs = [ unwrapped ] ++ themes;
inherit themes;
inherit unwrapped;
installPhase = ''
makeQtWrapper "$unwrapped/bin/sddm" "$out/bin/sddm"
mkdir -p "$out/share/sddm"
for pkg in $unwrapped $themes; do
local sddmDir="$pkg/share/sddm"
if [[ -d "$sddmDir" ]]; then
lndir -silent "$sddmDir" "$out/share/sddm"
fi
done
'';
inherit (unwrapped) meta;
}

View File

@ -16,11 +16,11 @@ let
};
in stdenv.mkDerivation rec {
name = "atom-${version}";
version = "1.2.0";
version = "1.3.1";
src = fetchurl {
url = "https://github.com/atom/atom/releases/download/v${version}/atom-amd64.deb";
sha256 = "05s3kvsz6pzh4gm22aaps1nccp76skfshdzlqwg0qn0ljz58sdqh";
sha256 = "17q5vrvjsyxcd8favp0sldfvhcwr0ba6ws32df6iv2iyla5h94y1";
name = "${name}.deb";
};

View File

@ -335,16 +335,16 @@ rec {
testng = buildEclipsePlugin rec {
name = "testng-${version}";
version = "6.9.10.201511281504";
version = "6.9.10.201512020421";
srcFeature = fetchurl {
url = "http://beust.com/eclipse/features/org.testng.eclipse_${version}.jar";
sha256 = "1kjaifa1fc16yh82bzp5xa5pn3kgrpgc5jq55lyvgz29vjj6ss97";
url = "http://beust.com/eclipse-old/eclipse_${version}/features/org.testng.eclipse_${version}.jar";
sha256 = "17y0cb1xprldjav14iy2sinv7lcw4xnjs2fwz9gl41m9m1c0hajk";
};
srcPlugin = fetchurl {
url = "http://beust.com/eclipse/plugins/org.testng.eclipse_${version}.jar";
sha256 = "1njz4ynjwnhjjbsszfgqyjn2ixxzjv8qvnc7dqz8jldrz3jrjf07";
url = "http://beust.com/eclipse-old/eclipse_${version}/plugins/org.testng.eclipse_${version}.jar";
sha256 = "1iwq0ifk9l56z11vhy5yscvl8l1xk6igkp103v9vwvcx6nlmkfgc";
};
meta = with stdenv.lib; {

View File

@ -0,0 +1,13 @@
diff --git a/lib/careadlinkat.h b/lib/careadlinkat.h
index 5cdb813..7a272e8 100644
--- a/lib/careadlinkat.h
+++ b/lib/careadlinkat.h
@@ -23,6 +23,8 @@
#include <fcntl.h>
#include <unistd.h>
+#define AT_FDCWD -2
+
struct allocator;
/* Assuming the current directory is FD, get the symbolic link value

View File

@ -0,0 +1,38 @@
source $stdenv/setup
# This hook is supposed to be run on Linux. It patches the proper locations of
# the crt{1,i,n}.o files into the build to ensure that Emacs is linked with
# *our* versions, not the ones found in the system, as it would do by default.
# On other platforms, this appears to be unnecessary.
preConfigure() {
for i in Makefile.in ./src/Makefile.in ./lib-src/Makefile.in ./leim/Makefile.in; do
substituteInPlace $i --replace /bin/pwd pwd
done
case "${system}" in
x86_64-linux) glibclibdir=lib64 ;;
i686-linux) glibclibdir=lib ;;
*) return;
esac
libc=$(cat ${NIX_CC}/nix-support/orig-libc)
echo "libc: $libc"
for i in src/s/*.h src/m/*.h; do
substituteInPlace $i \
--replace /usr/${glibclibdir}/crt1.o $libc/${glibclibdir}/crt1.o \
--replace /usr/${glibclibdir}/crti.o $libc/${glibclibdir}/crti.o \
--replace /usr/${glibclibdir}/crtn.o $libc/${glibclibdir}/crtn.o \
--replace /usr/lib/crt1.o $libc/${glibclibdir}/crt1.o \
--replace /usr/lib/crti.o $libc/${glibclibdir}/crti.o \
--replace /usr/lib/crtn.o $libc/${glibclibdir}/crtn.o
done
}
preInstall () {
for i in Makefile.in ./src/Makefile.in ./lib-src/Makefile.in ./leim/Makefile.in; do
substituteInPlace $i --replace /bin/pwd pwd
done
}
genericBuild

View File

@ -0,0 +1,113 @@
{ stdenv, fetchgit, ncurses, xlibsWrapper, libXaw, libXpm, Xaw3d
, pkgconfig, gettext, libXft, dbus, libpng, libjpeg, libungif
, libtiff, librsvg, texinfo, gconf, libxml2, imagemagick, gnutls
, alsaLib, cairo, acl, gpm, AppKit, Foundation, libobjc
, autoconf, automake
, withX ? !stdenv.isDarwin
, withGTK3 ? false, gtk3 ? null
, withGTK2 ? true, gtk2
}:
assert (libXft != null) -> libpng != null; # probably a bug
assert stdenv.isDarwin -> libXaw != null; # fails to link otherwise
assert withGTK2 -> withX || stdenv.isDarwin;
assert withGTK3 -> withX || stdenv.isDarwin;
assert withGTK2 -> !withGTK3 && gtk2 != null;
assert withGTK3 -> !withGTK2 && gtk3 != null;
let
toolkit =
if withGTK3 then "gtk3"
else if withGTK2 then "gtk2"
else "lucid";
in
stdenv.mkDerivation rec {
name = "emacs-25.0.50-1b5630e";
builder = ./builder.sh;
src = fetchgit {
url = "git://git.savannah.gnu.org/emacs.git";
rev = "1b5630eb47d3f4bade09708c958ab006b83b3fc0";
sha256 = "0n3qbri84akmy7ad1pbv89j4jn4x9pnkz0p4nbhh6m1c37cbz58l";
};
patches = stdenv.lib.optionals stdenv.isDarwin [
./at-fdcwd.patch
];
postPatch = ''
sed -i 's|/usr/share/locale|${gettext}/share/locale|g' lisp/international/mule-cmds.el
'';
buildInputs =
[ ncurses gconf libxml2 gnutls alsaLib pkgconfig texinfo acl gpm gettext
autoconf automake ]
++ stdenv.lib.optional stdenv.isLinux dbus
++ stdenv.lib.optionals withX
[ xlibsWrapper libXaw Xaw3d libXpm libpng libjpeg libungif libtiff librsvg libXft
imagemagick gconf ]
++ stdenv.lib.optional (withX && withGTK2) gtk2
++ stdenv.lib.optional (withX && withGTK3) gtk3
++ stdenv.lib.optional (stdenv.isDarwin && withX) cairo;
propagatedBuildInputs = stdenv.lib.optionals stdenv.isDarwin [ AppKit Foundation libobjc
];
NIX_LDFLAGS = stdenv.lib.optional stdenv.isDarwin
"/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation";
configureFlags =
if stdenv.isDarwin
then [ "--with-ns" "--disable-ns-self-contained" ]
else if withX
then [ "--with-x-toolkit=${toolkit}" "--with-xft" ]
else [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no"
"--with-gif=no" "--with-tiff=no" ];
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (stdenv.isDarwin && withX)
"-I${cairo}/include/cairo";
preBuild = ''
find . -name '*.elc' -delete
'';
postInstall = ''
mkdir -p $out/share/emacs/site-lisp/
cp ${./site-start.el} $out/share/emacs/site-lisp/site-start.el
'' + stdenv.lib.optionalString stdenv.isDarwin ''
mkdir -p $out/Applications
mv nextstep/Emacs.app $out/Applications
'';
doCheck = !stdenv.isDarwin;
meta = with stdenv.lib; {
description = "GNU Emacs 25 (pre), the extensible, customizable text editor";
homepage = http://www.gnu.org/software/emacs/;
license = licenses.gpl3Plus;
maintainers = with maintainers; [ chaoflow lovek323 simons the-kenny ];
platforms = platforms.all;
# So that Exuberant ctags is preferred
priority = 1;
longDescription = ''
GNU Emacs is an extensible, customizable text editorand more. At its
core is an interpreter for Emacs Lisp, a dialect of the Lisp
programming language with extensions to support text editing.
The features of GNU Emacs include: content-sensitive editing modes,
including syntax coloring, for a wide variety of file types including
plain text, source code, and HTML; complete built-in documentation,
including a tutorial for new users; full Unicode support for nearly all
human languages and their scripts; highly customizable, using Emacs
Lisp code or a graphical interface; a large number of extensions that
add other functionality, including a project planner, mail and news
reader, debugger interface, calendar, and more. Many of these
extensions are distributed with GNU Emacs; others are available
separately.
'';
};
}

View File

@ -0,0 +1,17 @@
;; NixOS specific load-path
(setq load-path
(append (reverse (mapcar (lambda (x) (concat x "/share/emacs/site-lisp/"))
(split-string (or (getenv "NIX_PROFILES") ""))))
load-path))
;;; Make `woman' find the man pages
(eval-after-load 'woman
'(setq woman-manpath
(append (reverse (mapcar (lambda (x) (concat x "/share/man/"))
(split-string (or (getenv "NIX_PROFILES") ""))))
woman-manpath)))
;; Make tramp work for remote NixOS machines
;;; NOTE: You might want to add
(eval-after-load 'tramp
'(add-to-list 'tramp-remote-path "/run/current-system/sw/bin"))

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,42 @@
pkgs: with pkgs;
let
inherit (stdenv.lib) makeScope mapAttrs;
json = builtins.readFile ./elpa-packages.json;
manifest = builtins.fromJSON json;
mkPackage = self: name: recipe:
let drv =
{ elpaBuild, stdenv, fetchurl }:
let fetch = { inherit fetchurl; }."${recipe.fetch.tag}"
or (abort "emacs-${name}: unknown fetcher '${recipe.fetch.tag}'");
args = builtins.removeAttrs recipe.fetch [ "tag" ];
src = fetch args;
in elpaBuild {
pname = name;
inherit (recipe) version;
inherit src;
deps =
let lookupDep = d:
self."${d}" or (abort "emacs-${name}: missing dependency ${d}");
in map lookupDep recipe.deps;
meta = {
homepage = "http://elpa.gnu.org/packages/${name}.html";
license = stdenv.lib.licenses.free;
};
};
in self.callPackage drv {};
packages = self:
let
elpaPackages = mapAttrs (mkPackage self) manifest;
elpaBuild = import ../../../build-support/emacs/melpa.nix {
inherit (pkgs) lib stdenv fetchurl texinfo;
inherit (self) emacs;
};
in elpaPackages // { inherit elpaBuild elpaPackages; };
in makeScope pkgs.newScope packages

View File

@ -297,13 +297,13 @@ in
phpstorm = buildPhpStorm rec {
name = "phpstorm-${version}";
version = "9.0";
build = "PS-141.1912";
version = "10.0.1";
build = "PS-143.382";
description = "Professional IDE for Web and PHP developers";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz";
sha256 = "1n6p8xiv0nrs6yf0250mpga291msnrfamv573dva9f17cc3df2pp";
sha256 = "12bqil8pxzmbv8a7pxn2529ph2x7szr3wvkvgxaisydm463kpdk8";
};
};
@ -311,7 +311,7 @@ in
name = "webstorm-${version}";
version = "10.0.4";
build = "141.1550";
description = "Professional IDE for Web and JavaScript devlopment";
description = "Professional IDE for Web and JavaScript development";
license = stdenv.lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";

View File

@ -15,15 +15,15 @@ with stdenv.lib;
let
version = "0.1.0";
version = "0.1.1";
# Note: this is NOT the libvterm already in nixpkgs, but some NIH silliness:
neovimLibvterm = let version = "2015-02-23"; in stdenv.mkDerivation {
neovimLibvterm = let version = "2015-11-06"; in stdenv.mkDerivation {
name = "neovim-libvterm-${version}";
src = fetchFromGitHub {
sha256 = "0i2h74jrx4fy90sv57xj8g4lbjjg4nhrq2rv6rz576fmqfpllcc5";
rev = "20ad1396c178c72873aeeb2870bd726f847acb70";
sha256 = "0f9r0wnr9ajcdd6as24igmch0n8s1annycb9f4k0vg6fngwaypy9";
rev = "04781d37ce5af3f580376dc721bd3b89c434966b";
repo = "libvterm";
owner = "neovim";
};
@ -63,7 +63,7 @@ let
name = "neovim-${version}";
src = fetchFromGitHub {
sha256 = "1704f3dqf5p6hicpzf0pi21n6ymylra9prsm4azvqp86allmvnfx";
sha256 = "0crswjslp687yp1cpn7nmm0j2sccqhcxryzxv1s81cgpai0fzf60";
rev = "v${version}";
repo = "neovim";
owner = "neovim";

View File

@ -69,7 +69,7 @@ stdenv.mkDerivation {
{ description = "Set of integrated tools for the R language";
homepage = http://www.rstudio.com/;
license = licenses.agpl3;
maintainers = [ maintainers.emery ];
maintainers = [ maintainers.ehmry ];
platforms = platforms.linux;
};
}

View File

@ -49,6 +49,6 @@ stdenv.mkDerivation rec {
maintainers = with maintainers; [ pSub ];
platforms = platforms.linux;
platforms = platforms.unix;
};
}

View File

@ -0,0 +1,39 @@
{ lib, stdenv, fetchurl, qt5, makeWrapper }:
stdenv.mkDerivation {
name = "awesomebump-4.0";
src = fetchurl {
url = https://github.com/kmkolasinski/AwesomeBump/archive/Linuxv4.0.tar.gz;
sha256 = "1rp4m4y2ld49hibzwqwy214cbiin80i882d9l0y1znknkdcclxf2";
};
setSourceRoot = "sourceRoot=$(echo */Sources)";
buildInputs = [ qt5.base makeWrapper ];
preBuild = "qmake";
enableParallelBuilding = true;
installPhase =
''
d=$out/libexec/AwesomeBump
mkdir -p $d $out/bin
cp AwesomeBump $d/
cp -prd ../Bin/Configs ../Bin/Core $d/
# AwesomeBump expects to find Core and Configs in its current
# directory.
makeWrapper $d/AwesomeBump $out/bin/AwesomeBump \
--run "cd $d"
'';
meta = {
homepage = https://github.com/kmkolasinski/AwesomeBump;
description = "A program to generate normal, height, specular or ambient occlusion textures from a single image";
license = lib.licenses.gpl3Plus;
maintainers = [ lib.maintainers.eelco ];
platforms = lib.platforms.linux;
};
}

View File

@ -0,0 +1,19 @@
{ stdenv, fetchurl, cmake, qt4 }:
stdenv.mkDerivation rec {
name = "fontmatrix-0.6.0";
src = fetchurl {
url = "http://fontmatrix.be/archives/${name}-Source.tar.gz";
sha256 = "bcc5e929d95d2a0c9481d185144095c4e660255220a7ae6640298163ee77042c";
};
buildInputs = [ qt4 ];
nativeBuildInputs = [ cmake ];
meta = {
description = "Fontmatrix is a free/libre font explorer for Linux, Windows and Mac";
homepage = http://fontmatrix.be/;
license = stdenv.lib.licenses.gpl2;
};
}

View File

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
name = "imv-${version}";
version = "1.0.0";
version = "1.1.0";
src = fetchFromGitHub {
owner = "eXeC64";
repo = "imv";
rev = "f2ce793d628e88825eff3364b293104cb0bdb582";
sha256 = "1xqaqbfjgksbjmy1yy7q4sv5bak7w8va60xa426jzscy9cib2sgh";
rev = "4d1a6d581b70b25d9533c5c788aab6900ebf82bb";
sha256 = "1c5r4pqqypir8ymicxyn2k7mhq8nl88b3x6giaafd77ssjn0vz9r";
};
buildInputs = [ SDL2 freeimage ];
@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "A command line image viewer for tiling window managers";
homepage = https://github.com/eXeC64/imv;
license = licenses.mit;
license = licenses.gpl2;
maintainers = with maintainers; [ rnhmjoj ];
platforms = platforms.unix;
};

View File

@ -1,13 +1,14 @@
{ stdenv, fetchurl, pkgconfig, zlib, qt4, freetype, cairo, lua5, texLive, ghostscriptX
, libjpeg
, makeWrapper }:
let ghostscript = ghostscriptX; in
{ stdenv, fetchurl, pkgconfig, zlib, freetype, cairo, lua5, texlive, ghostscript
, libjpeg, qtbase
, makeQtWrapper
}:
stdenv.mkDerivation rec {
name = "ipe-7.1.8";
name = "ipe-7.1.10";
src = fetchurl {
url = "http://github.com/otfried/ipe/raw/master/releases/7.1/${name}-src.tar.gz";
sha256 = "1zx6dyr1rb6m6rvawagg9f8bc2li9nbighv2dglzjbh11bxqsyva";
url = "https://dl.bintray.com/otfried/generic/ipe/7.1/${name}-src.tar.gz";
sha256 = "0kwk8l2jasb4fdixaca08g661d0sdmx2jkk3ch7pxh0f4xkdxkkz";
};
# changes taken from Gentoo portage
@ -21,16 +22,18 @@ stdenv.mkDerivation rec {
'';
IPEPREFIX="$$out";
URWFONTDIR="${texLive}/texmf-dist/fonts/type1/urw/";
URWFONTDIR="${texlive}/texmf-dist/fonts/type1/urw/";
LUA_PACKAGE = "lua";
buildInputs = [
libjpeg pkgconfig zlib qt4 freetype cairo lua5 texLive ghostscript makeWrapper
libjpeg pkgconfig zlib qtbase freetype cairo lua5 texlive ghostscript
];
postInstall = ''
nativeBuildInputs = [ makeQtWrapper ];
postFixup = ''
for prog in $out/bin/*; do
wrapProgram "$prog" --prefix PATH : "${texLive}/bin"
wrapQtProgram "$prog" --prefix PATH : "${texlive}/bin"
done
'';

View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, buildPythonPackage, pygtk, pil, python27Packages }:
{ stdenv, fetchurl, buildPythonPackage, python27Packages }:
buildPythonPackage rec {
namePrefix = "";
@ -9,7 +9,7 @@ buildPythonPackage rec {
sha256 = "0k3pqbvk08kb1nr0qldaj9bc7ca6rvcycgfi2n7gqmsirq5kscys";
};
pythonPath = [ pygtk pil python27Packages.sqlite3 ];
propagatedBuildInputs = with python27Packages; [ pygtk pillow sqlite3 ];
meta = {
description = "Image viewer designed to handle comic books";

View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, buildPythonPackage, python, pygtk, pil, libX11, gettext }:
{ stdenv, fetchurl, buildPythonPackage, python, pygtk, pillow, libX11, gettext }:
buildPythonPackage rec {
namePrefix = "";
@ -17,7 +17,7 @@ buildPythonPackage rec {
sed -i "s@/usr/local/share/locale@$out/share/locale@" mirage.py
'';
pythonPath = [ pygtk pil ];
propagatedBuildInputs = [ pygtk pillow ];
meta = {
description = "Simple image viewer written in PyGTK";

View File

@ -1,13 +1,12 @@
{ stdenv, fetchurl, makeWrapper, xulrunner }:
stdenv.mkDerivation rec {
version = "2.0.14";
version = "2.0.15";
name = "pencil-${version}";
src = fetchurl {
url = "https://github.com/prikhi/pencil/releases/download/v${version}/Pencil-${version}-linux-pkg.tar.gz";
sha256 = "59f46db863e6d95ee6987e600d658ad4b58b03b0744c5c6d17ce04f5ae92d260";
sha256 = "be338558b613f51506337a2c7c80f209e8644656c2925f41c294e2872feabc3b";
};
buildPhase = "";

View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "potrace-${version}";
version = "1.12";
version = "1.13";
src = fetchurl {
url = "http://potrace.sourceforge.net/download/${version}/potrace-${version}.tar.gz";
sha256 = "0fqpfq5wwqz8j6pfh4p2pbflf6r86s4h63r8jawzrsyvpbbz3fxh";
sha256 = "115p2vgyq7p2mf4nidk2x3aa341nvv2v8ml056vbji36df5l6lk2";
};
configureFlags = [ "--with-libpotrace" ];

View File

@ -7,12 +7,12 @@ in
assert hotplugSupport -> (stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux");
stdenv.mkDerivation {
name = "sane-backends-1.0.24.73-g6c4f6bc";
name = "sane-backends-1.0.25-180-g6d8b8d5";
src = fetchgit {
url = "git://alioth.debian.org/git/sane/sane-backends.git";
rev = "6c4f6bc58615755dc734281703b594cea3ebf848";
sha256 = "0f7lbv1rnr53n4rpihcd8dkfm01xvwfnx9i1nqaadrzbpvgkjrfa";
rev = "6d8b8d5aa6e8da2b24e1caa42b9ea75e9624b45d";
sha256 = "b5b2786eef835550e4a4522db05c8c81075b1a7aff5a66f1d4a498f6efe0ef03";
};
udevSupport = hotplugSupport;
@ -38,12 +38,19 @@ stdenv.mkDerivation {
"echo epson2 > \${out}/etc/sane.d/dll.conf"
else "";
meta = {
meta = with stdenv.lib; {
homepage = "http://www.sane-project.org/";
description = "Scanner Access Now Easy";
license = stdenv.lib.licenses.gpl2Plus;
description = "SANE (Scanner Access Now Easy) backends";
longDescription = ''
Collection of open-source SANE backends (device drivers).
SANE is a universal scanner interface providing standardized access to
any raster image scanner hardware: flatbed scanners, hand-held scanners,
video- and still-cameras, frame-grabbers, etc. For a list of supported
scanners, see http://www.sane-project.org/sane-backends.html.
'';
license = licenses.gpl2Plus;
maintainers = [ stdenv.lib.maintainers.simons ];
platforms = stdenv.lib.platforms.linux;
maintainers = with maintainers; [ nckx simons ];
platforms = platforms.linux;
};
}

View File

@ -8,16 +8,16 @@ let
firmware = gt68xxFirmware { inherit fetchurl; };
in
stdenv.mkDerivation rec {
version = "1.0.24";
version = "1.0.25";
name = "sane-backends-${version}";
src = fetchurl {
urls = [
"http://pkgs.fedoraproject.org/repo/pkgs/sane-backends/sane-backends-1.0.24.tar.gz/1ca68e536cd7c1852322822f5f6ac3a4/${name}.tar.gz"
"https://alioth.debian.org/frs/download.php/file/3958/${name}.tar.gz"
"http://pkgs.fedoraproject.org/repo/pkgs/sane-backends/sane-backends-1.0.25.tar.gz/f9ed5405b3c12f07c6ca51ee60225fe7/${name}.tar.gz"
"https://alioth.debian.org/frs/download.php/file/4146/${name}.tar.gz"
];
curlOpts = "--insecure";
sha256 = "0ba68m6bzni54axjk15i51rya7hfsdliwvqyan5msl7iaid0iir7";
sha256 = "0b3fvhrxl4l82bf3v0j47ypjv6a0k5lqbgknrq1agpmjca6vmmx4";
};
outputs = [ "out" "doc" "man" ];
@ -49,12 +49,19 @@ stdenv.mkDerivation rec {
" \${out}/share/sane/snapscan/your-firmwarefile.bin"
else "";
meta = {
meta = with stdenv.lib; {
homepage = "http://www.sane-project.org/";
description = "Scanner Access Now Easy";
license = stdenv.lib.licenses.gpl2Plus;
description = "SANE (Scanner Access Now Easy) backends";
longDescription = ''
Collection of open-source SANE backends (device drivers).
SANE is a universal scanner interface providing standardized access to
any raster image scanner hardware: flatbed scanners, hand-held scanners,
video- and still-cameras, frame-grabbers, etc. For a list of supported
scanners, see http://www.sane-project.org/sane-backends.html.
'';
license = licenses.gpl2Plus;
maintainers = [ stdenv.lib.maintainers.simons ];
platforms = stdenv.lib.platforms.linux;
maintainers = with maintainers; [ nckx simons ];
platforms = platforms.linux;
};
}

View File

@ -1,18 +1,18 @@
{ stdenv, fetchurl, cairo, colord, glib, gtk3, gusb, intltool, itstool, libusb
, libxml2, makeWrapper, pkgconfig, saneBackends, systemd, vala }:
{ stdenv, fetchurl, cairo, colord, glib, gtk3, gusb, intltool, itstool
, libusb, libxml2, pkgconfig, saneBackends, vala, wrapGAppsHook }:
let version = "3.19.2"; in
let version = "3.19.3"; in
stdenv.mkDerivation rec {
name = "simple-scan-${version}";
src = fetchurl {
sha256 = "08454ky855iaiq5wn9rdbfal3i4fjss5fn5mg6cmags50wy9spsg";
sha256 = "0il7ikd5hj9mgzrivm01g572g9101w8la58h3hjyakwcfw3jp976";
url = "https://launchpad.net/simple-scan/3.19/${version}/+download/${name}.tar.xz";
};
buildInputs = [ cairo colord glib gusb gtk3 libusb libxml2 saneBackends
systemd vala ];
nativeBuildInputs = [ intltool itstool makeWrapper pkgconfig ];
vala ];
nativeBuildInputs = [ intltool itstool pkgconfig wrapGAppsHook ];
configureFlags = [ "--disable-packagekit" ];
@ -25,11 +25,6 @@ stdenv.mkDerivation rec {
doCheck = true;
preFixup = ''
wrapProgram "$out/bin/simple-scan" \
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
'';
meta = with stdenv.lib; {
inherit version;
description = "Simple scanning utility";

View File

@ -0,0 +1,63 @@
{ stdenv, fetchurl, makeDesktopItem, unzip, jre }:
let version = "0.2"; in
stdenv.mkDerivation rec {
name = "swingsane-${version}";
src = fetchurl {
sha256 = "15pgqgyw46yd2i367ax9940pfyvinyw2m8apmwhrn0ix5nywa7ni";
url = "mirror://sourceforge/swingsane/swingsane-${version}-bin.zip";
};
nativeBuildInputs = [ unzip ];
phases = [ "unpackPhase" "installPhase" ];
installPhase = let
execWrapper = ''
#!/bin/sh
exec ${jre}/bin/java -jar $out/share/java/swingsane/swingsane-${version}.jar "$@"
'';
desktopItem = makeDesktopItem {
name = "swingsane";
exec = "swingsane";
icon = "swingsane";
desktopName = "SwingSane";
genericName = "Scan from local or remote SANE servers";
comment = meta.description;
categories = "Office;Application;";
};
in ''
install -v -m 755 -d $out/share/java/swingsane/
install -v -m 644 *.jar $out/share/java/swingsane/
echo "${execWrapper}" > swingsane
install -v -D -m 755 swingsane $out/bin/swingsane
unzip -j swingsane-${version}.jar "com/swingsane/images/*.png"
install -v -D -m 644 swingsane_512x512.png $out/share/pixmaps/swingsane.png
cp -v -r ${desktopItem}/share/applications $out/share
'';
meta = with stdenv.lib; {
inherit version;
description = "Java GUI for SANE scanner servers (saned)";
longDescription = ''
SwingSane is a powerful, cross platform, open source Java front-end for
using both local and remote Scanner Access Now Easy (SANE) servers.
The most powerful feature is its ability to query back-ends for scanner
specific options which can be set by the user as a scanner profile.
It also has support for authentication, mutlicast DNS discovery,
simultaneous scan jobs, image transformation jobs (deskew, binarize,
crop, etc), PDF and PNG output.
'';
homepage = http://swingsane.com/;
license = licenses.asl20;
platforms = platforms.all;
maintainers = with maintainers; [ nckx ];
};
}

View File

@ -1,58 +0,0 @@
{ kdeApp
, lib
, extra-cmake-modules
, kdoctools
, karchive
, kconfig
, kcrash
, kdbusaddons
, ki18n
, kiconthemes
, khtml
, kio
, kservice
, kpty
, kwidgetsaddons
, libarchive
, p7zip
, unrar
, unzipNLS
, zip
}:
let PATH = lib.makeSearchPath "bin" [
p7zip unrar unzipNLS zip
];
in
kdeApp {
name = "ark";
nativeBuildInputs = [
extra-cmake-modules
kdoctools
];
buildInputs = [
karchive
kconfig
kcrash
kdbusaddons
kiconthemes
kservice
kpty
kwidgetsaddons
libarchive
];
propagatedBuildInputs = [
khtml
ki18n
kio
];
postInstall = ''
wrapQtProgram "$out/bin/ark" \
--prefix PATH : "${PATH}"
'';
meta = {
license = with lib.licenses; [ gpl2 lgpl3 ];
maintainers = [ lib.maintainers.ttuegel ];
};
}

View File

@ -1,35 +0,0 @@
{ kdeApp
, lib
, extra-cmake-modules
, kdoctools
, kconfig
, kio
, ki18n
, kservice
, kfilemetadata
, baloo
, kdelibs4support
}:
kdeApp {
name = "baloo-widgets";
nativeBuildInputs = [
extra-cmake-modules
kdoctools
];
buildInputs = [
kconfig
kservice
];
propagatedBuildInputs = [
baloo
kdelibs4support
kfilemetadata
ki18n
kio
];
meta = {
license = [ lib.licenses.lgpl21 ];
maintainers = [ lib.maintainers.ttuegel ];
};
}

View File

@ -1,56 +0,0 @@
# Maintainer's Notes:
#
# Minor updates:
# 1. Edit ./manifest.sh to point to the updated URL. Upstream sometimes
# releases updates that include only the changed packages; in this case,
# multiple URLs can be provided and the results will be merged.
# 2. Run ./manifest.sh and ./dependencies.sh.
# 3. Build and enjoy.
#
# Major updates:
# We prefer not to immediately overwrite older versions with major updates, so
# make a copy of this directory first. After copying, be sure to delete ./tmp
# if it exists. Then follow the minor update instructions.
{ pkgs, debug ? false }:
let
inherit (pkgs) lib stdenv;
srcs = import ./srcs.nix { inherit (pkgs) fetchurl; inherit mirror; };
mirror = "mirror://kde";
kdeApp = import ./kde-app.nix {
inherit stdenv lib;
inherit debug srcs;
};
packages = self: with self; {
kdelibs = callPackage ./kdelibs { inherit (pkgs) attica phonon; };
ark = callPackage ./ark.nix {};
baloo-widgets = callPackage ./baloo-widgets.nix {};
dolphin = callPackage ./dolphin.nix {};
dolphin-plugins = callPackage ./dolphin-plugins.nix {};
ffmpegthumbs = callPackage ./ffmpegthumbs.nix {};
gpgmepp = callPackage ./gpgmepp.nix {};
gwenview = callPackage ./gwenview.nix {};
kate = callPackage ./kate.nix {};
kdegraphics-thumbnailers = callPackage ./kdegraphics-thumbnailers.nix {};
kgpg = callPackage ./kgpg.nix { inherit (pkgs.kde4) kdepimlibs; };
konsole = callPackage ./konsole.nix {};
ksnapshot = callPackage ./ksnapshot.nix {};
libkdcraw = callPackage ./libkdcraw.nix {};
libkexiv2 = callPackage ./libkexiv2.nix {};
libkipi = callPackage ./libkipi.nix {};
okular = callPackage ./okular.nix {};
oxygen-icons = callPackage ./oxygen-icons.nix {};
print-manager = callPackage ./print-manager.nix {};
l10n = pkgs.recurseIntoAttrs (import ./l10n.nix { inherit callPackage lib pkgs; });
};
newScope = scope: pkgs.kf515.newScope ({ inherit kdeApp; } // scope);
in lib.makeScope newScope packages

View File

@ -1,31 +0,0 @@
{ kdeApp
, lib
, extra-cmake-modules
, kdoctools
, kxmlgui
, ki18n
, kio
, kdelibs4support
, dolphin
}:
kdeApp {
name = "dolphin-plugins";
nativeBuildInputs = [
extra-cmake-modules
kdoctools
];
buildInputs = [
kxmlgui
dolphin
];
propagatedBuildInputs = [
kdelibs4support
ki18n
kio
];
meta = {
license = [ lib.licenses.gpl2 ];
maintainers = [ lib.maintainers.ttuegel ];
};
}

View File

@ -1,70 +0,0 @@
{ kdeApp
, lib
, extra-cmake-modules
, kdoctools
, makeQtWrapper
, kinit
, kcmutils
, kcoreaddons
, knewstuff
, ki18n
, kdbusaddons
, kbookmarks
, kconfig
, kio
, kparts
, solid
, kiconthemes
, kcompletion
, ktexteditor
, kwindowsystem
, knotifications
, kactivities
, phonon
, baloo
, baloo-widgets
, kfilemetadata
, kdelibs4support
}:
kdeApp {
name = "dolphin";
nativeBuildInputs = [
extra-cmake-modules
kdoctools
makeQtWrapper
];
buildInputs = [
kinit
kcmutils
kcoreaddons
knewstuff
kdbusaddons
kbookmarks
kconfig
kparts
solid
kiconthemes
kcompletion
knotifications
phonon
baloo-widgets
];
propagatedBuildInputs = [
baloo
kactivities
kdelibs4support
kfilemetadata
ki18n
kio
ktexteditor
kwindowsystem
];
postInstall = ''
wrapQtProgram "$out/bin/dolphin"
'';
meta = {
license = with lib.licenses; [ gpl2 fdl12 ];
maintainers = [ lib.maintainers.ttuegel ];
};
}

View File

@ -1,56 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p coreutils findutils gnused nix wget
set -x
# The trailing slash at the end is necessary!
WGET_ARGS='http://download.kde.org/stable/applications/15.08.3/ http://download.kde.org/stable/applications/15.04.3/src/oxygen-icons-15.04.3.tar.xz -A *.tar.xz'
mkdir tmp; cd tmp
rm -f ../srcs.csv
wget -nH -r -c --no-parent $WGET_ARGS
find . | while read src; do
if [[ -f "${src}" ]]; then
# Sanitize file name
filename=$(basename "$src" | tr '@' '_')
nameVersion="${filename%.tar.*}"
name=$(echo "$nameVersion" | sed -e 's,-[[:digit:]].*,,' | sed -e 's,-opensource-src$,,')
version=$(echo "$nameVersion" | sed -e 's,^\([[:alpha:]][[:alnum:]]*-\)\+,,')
echo "$name,$version,$src,$filename" >>../srcs.csv
fi
done
cat >../srcs.nix <<EOF
# DO NOT EDIT! This file is generated automatically by fetchsrcs.sh
{ fetchurl, mirror }:
{
EOF
gawk -F , "{ print \$1 }" ../srcs.csv | sort | uniq | while read name; do
versions=$(gawk -F , "/^$name,/ { print \$2 }" ../srcs.csv)
latestVersion=$(echo "$versions" | sort -rV | head -n 1)
src=$(gawk -F , "/^$name,$latestVersion,/ { print \$3 }" ../srcs.csv)
filename=$(gawk -F , "/^$name,$latestVersion,/ { print \$4 }" ../srcs.csv)
url="${src:2}"
sha256=$(nix-hash --type sha256 --base32 --flat "$src")
cat >>../srcs.nix <<EOF
$name = {
version = "$latestVersion";
src = fetchurl {
url = "\${mirror}/$url";
sha256 = "$sha256";
name = "$filename";
};
};
EOF
done
echo "}" >>../srcs.nix
rm -f ../srcs.csv
cd ..

View File

@ -1,27 +0,0 @@
{ kdeApp
, lib
, automoc4
, cmake
, perl
, pkgconfig
, kdelibs
, ffmpeg
}:
kdeApp {
name = "ffmpegthumbs";
nativeBuildInputs = [
automoc4
cmake
perl
pkgconfig
];
buildInputs = [
kdelibs
ffmpeg
];
meta = {
license = with lib.licenses; [ gpl2 bsd3 ];
maintainers = [ lib.maintainers.ttuegel ];
};
}

View File

@ -1,21 +0,0 @@
{ kdeApp
, lib
, extra-cmake-modules
, boost
, gpgme
}:
kdeApp {
name = "gpgmepp";
nativeBuildInputs = [
extra-cmake-modules
];
buildInputs = [
boost
gpgme
];
meta = {
license = with lib.licenses; [ lgpl21 bsd3 ];
maintainers = [ lib.maintainers.ttuegel ];
};
}

View File

@ -1,44 +0,0 @@
{ kdeApp
, lib
, extra-cmake-modules
, kdoctools
, makeQtWrapper
, baloo
, exiv2
, kactivities
, kdelibs4support
, kio
, lcms2
, phonon
, qtsvg
, qtx11extras
}:
kdeApp {
name = "gwenview";
nativeBuildInputs = [
extra-cmake-modules
kdoctools
makeQtWrapper
];
buildInputs = [
exiv2
lcms2
phonon
qtsvg
];
propagatedBuildInputs = [
baloo
kactivities
kdelibs4support
kio
qtx11extras
];
postInstall = ''
wrapQtProgram "$out/bin/gwenview"
'';
meta = {
license = with lib.licenses; [ gpl2 fdl12 ];
maintainers = [ lib.maintainers.ttuegel ];
};
}

View File

@ -1,69 +0,0 @@
{ kdeApp
, lib
, extra-cmake-modules
, kdoctools
, qtscript
, kactivities
, kconfig
, kcrash
, kguiaddons
, kiconthemes
, ki18n
, kinit
, kjobwidgets
, kio
, kparts
, ktexteditor
, kwindowsystem
, kxmlgui
, kdbusaddons
, kwallet
, plasma-framework
, kitemmodels
, knotifications
, threadweaver
, knewstuff
, libgit2
}:
kdeApp {
name = "kate";
nativeBuildInputs = [
extra-cmake-modules
kdoctools
];
buildInputs = [
qtscript
kconfig
kcrash
kguiaddons
kiconthemes
kinit
kjobwidgets
kparts
kxmlgui
kdbusaddons
kwallet
kitemmodels
knotifications
threadweaver
knewstuff
libgit2
];
propagatedBuildInputs = [
kactivities
ki18n
kio
ktexteditor
kwindowsystem
plasma-framework
];
postInstall = ''
wrapQtProgram "$out/bin/kate"
wrapQtProgram "$out/bin/kwrite"
'';
meta = {
license = with lib.licenses; [ gpl3 lgpl3 lgpl2 ];
maintainers = [ lib.maintainers.ttuegel ];
};
}

View File

@ -1,23 +0,0 @@
{ stdenv, lib, debug, srcs }:
args:
let
inherit (args) name;
sname = args.sname or name;
inherit (srcs."${sname}") src version;
in
stdenv.mkDerivation (args // {
name = "${name}-${version}";
inherit src;
cmakeFlags =
(args.cmakeFlags or [])
++ [ "-DBUILD_TESTING=OFF" ]
++ lib.optional debug "-DCMAKE_BUILD_TYPE=Debug";
meta = {
platforms = lib.platforms.linux;
homepage = "http://www.kde.org";
} // (args.meta or {});
})

Some files were not shown because too many files have changed in this diff Show More