JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into napalm

Browse Source
This commit is contained in:
ehmry 2022-02-20 09:37:08 -06:00 committed by GitHub
commit 55f35ec331
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4415 changed files with 84753 additions and 57617 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.editorconfig
View File

@ -67,10 +67,6 @@ indent_style = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
[pkgs/build-support/upstream-updater/**]
indent_style = unset
trim_trailing_whitespace = unset
[pkgs/development/compilers/elm/registry.dat]
end_of_line = unset
insert_final_newline = unset
@ -84,10 +80,3 @@ trim_trailing_whitespace = unset
[pkgs/tools/misc/timidity/timidity.cfg]
trim_trailing_whitespace = unset
[pkgs/tools/security/enpass/data.json]
insert_final_newline = unset
trim_trailing_whitespace = unset
[pkgs/top-level/emscripten-packages.nix]
trim_trailing_whitespace = unset

7
.github/CODEOWNERS vendored
View File

@ -119,6 +119,7 @@
# Rust
/pkgs/development/compilers/rust @Mic92 @LnL7 @zowoq
/pkgs/build-support/rust @zowoq
/doc/languages-frameworks/rust.section.md @zowoq
# Darwin-related
/pkgs/stdenv/darwin @NixOS/darwin-maintainers
@ -217,9 +218,9 @@
/nixos/modules/services/mail/rspamd.nix @peti
# Emacs
/pkgs/applications/editors/emacs-modes @adisbladis
/pkgs/applications/editors/emacs @adisbladis
/pkgs/top-level/emacs-packages.nix @adisbladis
/pkgs/applications/editors/emacs/elisp-packages @adisbladis
/pkgs/applications/editors/emacs @adisbladis
/pkgs/top-level/emacs-packages.nix @adisbladis
# Neovim
/pkgs/applications/editors/neovim @jonringer @teto

6
.github/ISSUE_TEMPLATE/out_of_date_package_report.md vendored
View File

@ -13,10 +13,10 @@ assignees: ''
<!-- Note that these are hard requirements -->
<!--
You can use the "Go to file" functionality on github to find the package
You can use the "Go to file" functionality on GitHub to find the package
Then you can go to the history for this package
Find the latest "package_name: old_version -> new_version" commit
The "new_version" is the the current version of the package
The "new_version" is the current version of the package
-->
- [ ] Checked the [nixpkgs master branch](https://github.com/NixOS/nixpkgs)
<!--
@ -29,7 +29,7 @@ There's a high chance that you'll have the new version right away while helping
###### Project name
`nix search` name:
<!--
The current version can be found easily with the same process than above for checking the master branch
The current version can be found easily with the same process as above for checking the master branch
If an open PR is present for the package, take this version as the current one and link to the PR
-->
current version:

2
.github/labeler.yml vendored
View File

@ -16,7 +16,7 @@
- nixos/modules/services/editors/emacs.nix
- nixos/modules/services/editors/emacs.xml
- nixos/tests/emacs-daemon.nix
- pkgs/applications/editors/emacs-modes/**/*
- pkgs/applications/editors/emacs/elisp-packages/**/*
- pkgs/applications/editors/emacs/**/*
- pkgs/build-support/emacs/**/*
- pkgs/top-level/emacs-packages.nix

2
.github/workflows/update-terraform-providers.yml vendored
View File

@ -21,7 +21,7 @@ jobs:
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config user.name "github-actions[bot]"
pushd pkgs/applications/networking/cluster/terraform-providers
./update-all-providers
./update-all-providers --no-build
git commit -m "${{ steps.setup.outputs.title }}" providers.json
popd
- name: create PR

4
README.md
View File

@ -3,8 +3,8 @@
</p>
<p align="center">
<a href="https://www.codetriage.com/nixos/nixpkgs"><img src="https://www.codetriage.com/nixos/nixpkgs/badges/users.svg" alt="Code Triagers badge" /></a>
<a href="https://opencollective.com/nixos"><img src="https://opencollective.com/nixos/tiers/supporter/badge.svg?label=Supporter&color=brightgreen" alt="Open Collective supporters" /></a>
<a href="https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md"><img src="https://img.shields.io/github/contributors-anon/NixOS/nixpkgs" alt="Contributors badge" /></a>
<a href="https://opencollective.com/nixos"><img src="https://opencollective.com/nixos/tiers/supporter/badge.svg?label=supporters&color=brightgreen" alt="Open Collective supporters" /></a>
</p>
[Nixpkgs](https://github.com/nixos/nixpkgs) is a collection of over

18
doc/builders/fetchers.chapter.md
View File

@ -40,6 +40,24 @@ Used with Git. Expects `url` to a Git repo, `rev`, and `sha256`. `rev` in this c
Additionally the following optional arguments can be given: `fetchSubmodules = true` makes `fetchgit` also fetch the submodules of a repository. If `deepClone` is set to true, the entire repository is cloned as opposing to just creating a shallow clone. `deepClone = true` also implies `leaveDotGit = true` which means that the `.git` directory of the clone won't be removed after checkout.
If only parts of the repository are needed, `sparseCheckout` can be used. This will prevent git from fetching unnecessary blobs from server, see [git sparse-checkout](https://git-scm.com/docs/git-sparse-checkout) and [git clone --filter](https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---filterltfilter-specgt) for more infomation:
```nix
{ stdenv, fetchgit }:
stdenv.mkDerivation {
name = "hello";
src = fetchgit {
url = "https://...";
sparseCheckout = ''
path/to/be/included
another/path
'';
sha256 = "0000000000000000000000000000000000000000000000000000";
};
}
```
## `fetchfossil` {#fetchfossil}
Used with Fossil. Expects `url` to a Fossil archive, `rev`, and `sha256`.

2
doc/contributing/coding-conventions.chapter.md
View File

@ -224,7 +224,7 @@ There are a few naming guidelines:
- Dashes in the package name _should_ be preserved in new variable names, rather than converted to underscores or camel cased — e.g., `http-parser` instead of `http_parser` or `httpParser`. The hyphenated style is preferred in all three package names.
- If there are multiple versions of a package, this _should_ be reflected in the variable names in `all-packages.nix`, e.g. `json-c-0-9` and `json-c-0-11`. If there is an obvious “default” version, make an attribute like `json-c = json-c-0-9;`. See also [](#sec-versioning)
- If there are multiple versions of a package, this _should_ be reflected in the variable names in `all-packages.nix`, e.g. `json-c_0_9` and `json-c_0_11`. If there is an obvious “default” version, make an attribute like `json-c = json-c_0_9;`. See also [](#sec-versioning)
## File naming and organisation {#sec-organisation}

3
doc/contributing/reviewing-contributions.chapter.md
View File

@ -103,7 +103,8 @@ Sample template for a new package review is provided below.
- [ ] `meta.maintainers` is set
- [ ] build time only dependencies are declared in `nativeBuildInputs`
- [ ] source is fetched using the appropriate function
- [ ] phases are respected
- [ ] the list of `phases` is not overridden
- [ ] when a phase (like `installPhase`) is overridden it starts with `runHook preInstall` and ends with `runHook postInstall`.
- [ ] patches that are remotely available are fetched with `fetchpatch`
##### Possible improvements

14
doc/languages-frameworks/ocaml.section.md
View File

@ -32,9 +32,9 @@ Given that most of the OCaml ecosystem is now built with dune, nixpkgs includes
Here is a simple package example.
- It defines an (optional) attribute `minimalOCamlVersion` that will be used to
throw a descriptive evaluation error if building with an older OCaml is
attempted.
- It defines an (optional) attribute `minimalOCamlVersion` (see note below)
that will be used to throw a descriptive evaluation error if building with
an older OCaml is attempted.
- It uses the `fetchFromGitHub` fetcher to get its source.
@ -117,3 +117,11 @@ buildDunePackage rec {
};
}
```
Note about `minimalOCamlVersion`. A deprecated version of this argument was
spelled `minimumOCamlVersion`; setting the old attribute wrongly modifies the
derivation hash and is therefore inappropriate. As a technical dept, currently
packaged libraries may still use the old spelling: maintainers are invited to
fix this when updating packages. Massive renaming is strongly discouraged as it
would be challenging to review, difficult to test, and will cause unnecessary
rebuild.

4
doc/stdenv/meta.chapter.md
View File

@ -192,10 +192,6 @@ meta.hydraPlatforms = [];
If set to `true`, the package is marked as "broken", meaning that it wont show up in `nix-env -qa`, and cannot be built or installed. Such packages should be removed from Nixpkgs eventually unless they are fixed.
### `updateWalker` {#var-meta-updateWalker}
If set to `true`, the package is tested to be updated correctly by the `update-walker.sh` script without additional settings. Such packages have `meta.version` set and their homepage (or the page specified by `meta.downloadPage`) contains a direct link to the package tarball.
## Licenses {#sec-meta-license}
The `meta.license` attribute should preferably contain a value from `lib.licenses` defined in [`nixpkgs/lib/licenses.nix`](https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix), or in-place license description of the same format if the license is unlikely to be useful in another expression.

26
doc/stdenv/stdenv.chapter.md
View File

@ -319,10 +319,16 @@ For information about how to run the updates, execute `nix-shell maintainers/scr
## Phases {#sec-stdenv-phases}
The generic builder has a number of *phases*. Package builds are split into phases to make it easier to override specific parts of the build (e.g., unpacking the sources or installing the binaries). Furthermore, it allows a nicer presentation of build logs in the Nix build farm.
`stdenv.mkDerivation` sets the Nix [derivation](https://nixos.org/manual/nix/stable/expressions/derivations.html#derivations)'s builder to a script that loads the stdenv `setup.sh` bash library and calls `genericBuild`. Most packaging functions rely on this default builder.
This generic command invokes a number of *phases*. Package builds are split into phases to make it easier to override specific parts of the build (e.g., unpacking the sources or installing the binaries).
Each phase can be overridden in its entirety either by setting the environment variable `namePhase` to a string containing some shell commands to be executed, or by redefining the shell function `namePhase`. The former is convenient to override a phase from the derivation, while the latter is convenient from a build script. However, typically one only wants to *add* some commands to a phase, e.g. by defining `postInstall` or `preFixup`, as skipping some of the default actions may have unexpected consequences. The default script for each phase is defined in the file `pkgs/stdenv/generic/setup.sh`.
When overriding a phase, for example `installPhase`, it is important to start with `runHook preInstall` and end it with `runHook postInstall`, otherwise `preInstall` and `postInstall` will not be run. Even if you don't use them directly, it is good practice to do so anyways for downstream users who would want to add a `postInstall` by overriding your derivation.
While inside an interactive `nix-shell`, if you wanted to run all phases in the order they would be run in an actual build, you can invoke `genericBuild` yourself.
### Controlling phases {#ssec-controlling-phases}
There are a number of variables that control what phases are executed and in what order:
@ -333,7 +339,8 @@ There are a number of variables that control what phases are executed and in wha
Specifies the phases. You can change the order in which phases are executed, or add new phases, by setting this variable. If its not set, the default value is used, which is `$prePhases unpackPhase patchPhase $preConfigurePhases configurePhase $preBuildPhases buildPhase checkPhase $preInstallPhases installPhase fixupPhase installCheckPhase $preDistPhases distPhase $postPhases`.
Usually, if you just want to add a few phases, its more convenient to set one of the variables below (such as `preInstallPhases`), as you then dont specify all the normal phases.
It is discouraged to set this variable, as it is easy to miss some important functionality hidden in some of the less obviously needed phases (like `fixupPhase` which patches the shebang of scripts).
Usually, if you just want to add a few phases, its more convenient to set one of the variables below (such as `preInstallPhases`).
##### `prePhases` {#var-stdenv-prePhases}
@ -790,7 +797,7 @@ Hook executed at the start of the distribution phase.
Hook executed at the end of the distribution phase.
## Shell functions {#ssec-stdenv-functions}
## Shell functions and utilities {#ssec-stdenv-functions}
The standard environment provides a number of useful functions.
@ -814,6 +821,19 @@ Theres many more kinds of arguments, they are documented in `nixpkgs/pkgs/bui
Using the `makeBinaryWrapper` implementation is usually preferred, as it creates a tiny _compiled_ wrapper executable, that can be used as a shebang interpreter. This is needed mostly on Darwin, where shebangs cannot point to scripts, [due to a limitation with the `execve`-syscall](https://stackoverflow.com/questions/67100831/macos-shebang-with-absolute-path-not-working). Compiled wrappers generated by `makeBinaryWrapper` can be inspected with `less <path-to-wrapper>` - by scrolling past the binary data you should be able to see the shell command that generated the executable and there see the environment variables that were injected into the wrapper.
### `remove-references-to -t` \<storepath\> [ `-t` \<storepath\> ... ] \<file\> ... {#fun-remove-references-to}
Removes the references of the specified files to the specified store files. This is done without changing the size of the file by replacing the hash by `eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee`, and should work on compiled executables. This is meant to be used to remove the dependency of the output on inputs that are known to be unnecessary at runtime. Of course, reckless usage will break the patched programs.
To use this, add `removeReferencesTo` to `nativeBuildInputs`.
As `remove-references-to` is an actual executable and not a shell function, it can be used with `find`.
Example removing all references to the compiler in the output:
```nix
postInstall = ''
find "$out" -type f -exec remove-references-to -t ${stdenv.cc} '{}' +
'';
```
### `substitute` \<infile\> \<outfile\> \<subs\> {#fun-substitute}
Performs string substitution on the contents of \<infile\>, writing the result to \<outfile\>. The substitutions in \<subs\> are of the following form:

40
flake.nix
View File

@ -21,39 +21,13 @@
nixos = import ./nixos/lib { lib = final; };
nixosSystem = { modules, ... } @ args:
nixosSystem = args:
import ./nixos/lib/eval-config.nix (args // {
modules =
let
moduleDeclarationFile =
let
# Even though `modules` is a mandatory argument for `nixosSystem`, it doesn't
# mean that the evaluator always keeps track of its position. If there
# are too many levels of indirection, the position gets lost at some point.
intermediatePos = builtins.unsafeGetAttrPos "modules" args;
in
if intermediatePos == null then null else intermediatePos.file;
# Add the invoking file as error message location for modules
# that don't have their own locations; presumably inline modules.
addModuleDeclarationFile =
m: if moduleDeclarationFile == null then m else {
_file = moduleDeclarationFile;
imports = [ m ];
};
in
map addModuleDeclarationFile modules ++ [
{
system.nixos.versionSuffix =
".${final.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}.${self.shortRev or "dirty"}";
system.nixos.revision = final.mkIf (self ? rev) self.rev;
# NOTE: This assumes that `nixpkgs.config` is _not_ used when
# nixpkgs.pkgs is set OR _module.args.pkgs is set.
nixpkgs.config.path = self.outPath;
}
];
modules = args.modules ++ [ {
system.nixos.versionSuffix =
".${final.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}.${self.shortRev or "dirty"}";
system.nixos.revision = final.mkIf (self ? rev) self.rev;
} ];
});
});
@ -66,7 +40,7 @@
}).nixos.manual.x86_64-linux;
};
legacyPackages = forAllSystems (system: import ./. { inherit system; config.path = self.outPath; });
legacyPackages = forAllSystems (system: import ./. { inherit system; });
nixosModules = {
notDetected = import ./nixos/modules/installer/scan/not-detected.nix;

2
lib/attrsets.nix
View File

@ -276,7 +276,7 @@ rec {
/* Like `mapAttrsRecursive', but it takes an additional predicate
function that tells it whether to recursive into an attribute
function that tells it whether to recurse into an attribute
set. If it returns false, `mapAttrsRecursiveCond' does not
recurse, but does apply the map function. If it returns true, it
does recurse, and does not apply the map function.

9
lib/default.nix
View File

@ -111,8 +111,8 @@ let
cleanSource sourceByRegex sourceFilesBySuffices
commitIdFromGitRepo cleanSourceWith pathHasContext
canCleanSource pathIsRegularFile pathIsGitRepo;
inherit (self.modules) evalModules unifyModuleSyntax
applyIfFunction mergeModules
inherit (self.modules) evalModules setDefaultModuleLocation
unifyModuleSyntax applyIfFunction mergeModules
mergeModules' mergeOptionDecls evalOptionValue mergeDefinitions
pushDownProperties dischargeProperties filterOverrides
sortProperties fixupOptionType mkIf mkAssert mkMerge mkOverride
@ -122,8 +122,9 @@ let
mkRenamedOptionModule mkMergedOptionModule mkChangedOptionModule
mkAliasOptionModule mkDerivedConfig doRename;
inherit (self.options) isOption mkEnableOption mkSinkUndeclaredOptions
mergeDefaultOption mergeOneOption mergeEqualOption getValues
getFiles optionAttrSetToDocList optionAttrSetToDocList'
mergeDefaultOption mergeOneOption mergeEqualOption mergeUniqueOption
getValues getFiles
optionAttrSetToDocList optionAttrSetToDocList'
scrubOptionValue literalExpression literalExample literalDocBook
showOption showFiles unknownModule mkOption;
inherit (self.types) isType setType defaultTypeMerge defaultFunctor

15
lib/licenses.nix
View File

@ -465,6 +465,11 @@ in mkLicense lset) ({
spdxId = "imagemagick";
};
imlib2 = {
spdxId = "Imlib2";
fullName = "Imlib2 License";
};
inria-compcert = {
fullName = "INRIA Non-Commercial License Agreement for the CompCert verified compiler";
url = "https://compcert.org/doc/LICENSE.txt";
@ -591,6 +596,16 @@ in mkLicense lset) ({
spdxId = "MIT";
fullName = "MIT License";
};
# https://spdx.org/licenses/MIT-feh.html
mit-feh = {
spdxId = "MIT-feh";
fullName = "feh License";
};
mitAdvertising = {
spdxId = "MIT-advertising";
fullName = "Enlightenment License (e16)";
};
mpl10 = {
spdxId = "MPL-1.0";

12
lib/modules.nix
View File

@ -334,6 +334,10 @@ rec {
in modulesPath: initialModules: args:
filterModules modulesPath (collectStructuredModules unknownModule "" initialModules args);
/* Wrap a module with a default location for reporting errors. */
setDefaultModuleLocation = file: m:
{ _file = file; imports = [ m ]; };
/* Massage a module into canonical form, that is, a set consisting
of options, config and imports attributes. */
unifyModuleSyntax = file: key: m:
@ -534,11 +538,9 @@ rec {
correspond to the definition of 'loc' in 'opt.file'. */
mergeOptionDecls =
let
packSubmodule = file: m:
{ _file = file; imports = [ m ]; };
coerceOption = file: opt:
if isFunction opt then packSubmodule file opt
else packSubmodule file { options = opt; };
if isFunction opt then setDefaultModuleLocation file opt
else setDefaultModuleLocation file { options = opt; };
in loc: opts:
foldl' (res: opt:
let t = res.type;
@ -568,7 +570,7 @@ rec {
getSubModules = opt.options.type.getSubModules or null;
submodules =
if getSubModules != null then map (packSubmodule opt._file) getSubModules ++ res.options
if getSubModules != null then map (setDefaultModuleLocation opt._file) getSubModules ++ res.options
else if opt.options ? options then map (coerceOption opt._file) options' ++ res.options
else res.options;
in opt.options // res //

12
lib/options.nix
View File

@ -172,11 +172,13 @@ rec {
else if all isInt list && all (x: x == head list) list then head list
else throw "Cannot merge definitions of `${showOption loc}'. Definition values:${showDefs defs}";
mergeOneOption = loc: defs:
if defs == [] then abort "This case should never happen."
else if length defs != 1 then
throw "The unique option `${showOption loc}' is defined multiple times. Definition values:${showDefs defs}"
else (head defs).value;
mergeOneOption = mergeUniqueOption { message = ""; };
mergeUniqueOption = { message }: loc: defs:
if length defs == 1
then (head defs).value
else assert length defs > 1;
throw "The option `${showOption loc}' is defined multiple times.\n${message}\nDefinition values:${showDefs defs}";
/* "Merge" option definitions by checking that they all have the same value. */
mergeEqualOption = loc: defs:

115
lib/sources.nix
View File

@ -20,17 +20,26 @@ let
readFile
;
# Returns the type of a path: regular (for file), symlink, or directory
pathType = p: getAttr (baseNameOf p) (readDir (dirOf p));
/*
Returns the type of a path: regular (for file), symlink, or directory.
*/
pathType = path: getAttr (baseNameOf path) (readDir (dirOf path));
# Returns true if the path exists and is a directory, false otherwise
pathIsDirectory = p: if pathExists p then (pathType p) == "directory" else false;
/*
Returns true if the path exists and is a directory, false otherwise.
*/
pathIsDirectory = path: if pathExists path then (pathType path) == "directory" else false;
# Returns true if the path exists and is a regular file, false otherwise
pathIsRegularFile = p: if pathExists p then (pathType p) == "regular" else false;
/*
Returns true if the path exists and is a regular file, false otherwise.
*/
pathIsRegularFile = path: if pathExists path then (pathType path) == "regular" else false;
# Bring in a path as a source, filtering out all Subversion and CVS
# directories, as well as backup files (*~).
/*
A basic filter for `cleanSourceWith` that removes
directories of version control system, backup files (*~)
and some generated files.
*/
cleanSourceFilter = name: type: let baseName = baseNameOf (toString name); in ! (
# Filter out version control software files/directories
(baseName == ".git" || type == "directory" && (baseName == ".svn" || baseName == "CVS" || baseName == ".hg")) ||
@ -48,43 +57,48 @@ let
(type == "unknown")
);
# Filters a source tree removing version control files and directories using cleanSourceWith
#
# Example:
# cleanSource ./.
/*
Filters a source tree removing version control files and directories using cleanSourceFilter.
Example:
cleanSource ./.
*/
cleanSource = src: cleanSourceWith { filter = cleanSourceFilter; inherit src; };
# Like `builtins.filterSource`, except it will compose with itself,
# allowing you to chain multiple calls together without any
# intermediate copies being put in the nix store.
#
# lib.cleanSourceWith {
# filter = f;
# src = lib.cleanSourceWith {
# filter = g;
# src = ./.;
# };
# }
# # Succeeds!
#
# builtins.filterSource f (builtins.filterSource g ./.)
# # Fails!
#
# Parameters:
#
# src: A path or cleanSourceWith result to filter and/or rename.
#
# filter: A function (path -> type -> bool)
# Optional with default value: constant true (include everything)
# The function will be combined with the && operator such
# that src.filter is called lazily.
# For implementing a filter, see
# https://nixos.org/nix/manual/#builtin-filterSource
#
# name: Optional name to use as part of the store path.
# This defaults to `src.name` or otherwise `"source"`.
#
cleanSourceWith = { filter ? _path: _type: true, src, name ? null }:
/*
Like `builtins.filterSource`, except it will compose with itself,
allowing you to chain multiple calls together without any
intermediate copies being put in the nix store.
Example:
lib.cleanSourceWith {
filter = f;
src = lib.cleanSourceWith {
filter = g;
src = ./.;
};
}
# Succeeds!
builtins.filterSource f (builtins.filterSource g ./.)
# Fails!
*/
cleanSourceWith =
{
# A path or cleanSourceWith result to filter and/or rename.
src,
# Optional with default value: constant true (include everything)
# The function will be combined with the && operator such
# that src.filter is called lazily.
# For implementing a filter, see
# https://nixos.org/nix/manual/#builtin-filterSource
# Type: A function (path -> type -> bool)
filter ? _path: _type: true,
# Optional name to use as part of the store path.
# This defaults to `src.name` or otherwise `"source"`.
name ? null
}:
let
orig = toSourceAttributes src;
in fromSourceAttributes {
@ -116,9 +130,11 @@ let
satisfiesSubpathInvariant = src ? satisfiesSubpathInvariant && src.satisfiesSubpathInvariant;
};
# Filter sources by a list of regular expressions.
#
# E.g. `src = sourceByRegex ./my-subproject [".*\.py$" "^database.sql$"]`
/*
Filter sources by a list of regular expressions.
Example: src = sourceByRegex ./my-subproject [".*\.py$" "^database.sql$"]
*/
sourceByRegex = src: regexes:
let
isFiltered = src ? _isLibCleanSourceWith;
@ -153,8 +169,11 @@ let
pathIsGitRepo = path: (tryEval (commitIdFromGitRepo path)).success;
# Get the commit id of a git repo
# Example: commitIdFromGitRepo <nixpkgs/.git>
/*
Get the commit id of a git repo.
Example: commitIdFromGitRepo <nixpkgs/.git>
*/
commitIdFromGitRepo =
let readCommitFromFile = file: path:
let fileName = toString path + "/" + file;

10
lib/trivial.nix
View File

@ -61,11 +61,11 @@ rec {
pipe = val: functions:
let reverseApply = x: f: f x;
in builtins.foldl' reverseApply val functions;
/* note please dont add a function like `compose = flip pipe`.
This would confuse users, because the order of the functions
in the list is not clear. With pipe, its obvious that it
goes first-to-last. With `compose`, not so much.
*/
# note please dont add a function like `compose = flip pipe`.
# This would confuse users, because the order of the functions
# in the list is not clear. With pipe, its obvious that it
# goes first-to-last. With `compose`, not so much.
## Named versions corresponding to some builtin operators.

15
lib/types.nix
View File

@ -32,7 +32,6 @@ let
last
length
tail
unique
;
inherit (lib.attrsets)
attrNames
@ -48,6 +47,7 @@ let
mergeDefaultOption
mergeEqualOption
mergeOneOption
mergeUniqueOption
showFiles
showOption
;
@ -470,6 +470,18 @@ rec {
nestedTypes.elemType = elemType;
};
unique = { message }: type: mkOptionType rec {
name = "unique";
inherit (type) description check;
merge = mergeUniqueOption { inherit message; };
emptyValue = type.emptyValue;
getSubOptions = type.getSubOptions;
getSubModules = type.getSubModules;
substSubModules = m: uniq (type.substSubModules m);
functor = (defaultFunctor name) // { wrapped = type; };
nestedTypes.elemType = type;
};
# Null or value of ...
nullOr = elemType: mkOptionType rec {
name = "nullOr";
@ -599,6 +611,7 @@ rec {
# A value from a set of allowed ones.
enum = values:
let
inherit (lib.lists) unique;
show = v:
if builtins.isString v then ''"${v}"''
else if builtins.isInt v then builtins.toString v

316
maintainers/maintainer-list.nix
View File

@ -145,6 +145,12 @@
githubId = 16829510;
name = "Aaron Janse";
};
aaronjheng = {
email = "wentworth@outlook.com";
github = "aaronjheng";
githubId = 806876;
name = "Aaron Jheng";
};
aaronschif = {
email = "aaronschif@gmail.com";
github = "aaronschif";
@ -513,10 +519,6 @@
githubId = 38869148;
name = "Alex Eyre";
};
algorith = {
email = "dries_van_daele@telenet.be";
name = "Dries Van Daele";
};
alibabzo = {
email = "alistair.bill@gmail.com";
github = "alibabzo";
@ -599,6 +601,12 @@
githubId = 15623522;
name = "Amar Paul";
};
amarshall = {
email = "andrew@johnandrewmarshall.com";
github = "amarshall";
githubId = 153175;
name = "Andrew Marshall";
};
ambroisie = {
email = "bruno.nixpkgs@belanyi.fr";
github = "ambroisie";
@ -763,13 +771,6 @@
githubId = 11699655;
name = "Stanislas Lange";
};
angustrau = {
name = "Angus Trau";
email = "nix@angus.ws";
matrix = "@angustrau:matrix.org";
github = "angustrau";
githubId = 13267947;
};
anhdle14 = {
name = "Le Anh Duc";
email = "anhdle14@icloud.com";
@ -1081,6 +1082,12 @@
githubId = 55833;
name = "Troels Henriksen";
};
atila = {
name = "Átila Saraiva";
email = "atilasaraiva@gmail.com";
github = "AtilaSaraiva";
githubId = 29521461;
};
atkinschang = {
email = "atkinschang+nixpkgs@gmail.com";
github = "AtkinsChang";
@ -1183,14 +1190,14 @@
name = "Artturi N";
};
azahi = {
email = "azahi@teknik.io";
matrix = "@azahi:matrix.org";
name = "Azat Bahawi";
email = "azat@bahawi.net";
matrix = "@azahi:azahi.cc";
github = "azahi";
githubId = 22211000;
name = "Azat Bahawi";
keys = [{
longkeyid = "rsa2048/0xB40FCB6608BBE3B6";
fingerprint = "E9F3 483F 31C7 29B4 4CA2 7C38 B40F CB66 08BB E3B6";
longkeyid = "rsa4096/0xC8C6BDDB3847F72B";
fingerprint = "2688 0377 C31D 9E81 9BDF 83A8 C8C6 BDDB 3847 F72B";
}];
};
ayazhafiz = {
@ -1199,6 +1206,12 @@
githubId = 262763;
name = "Ayaz Hafiz";
};
azuwis = {
email = "azuwis@gmail.com";
github = "azuwis";
githubId = 9315;
name = "Zhong Jianxin";
};
b4dm4n = {
email = "fabianm88@gmail.com";
github = "B4dM4n";
@ -1918,12 +1931,10 @@
github = "cburstedde";
githubId = 109908;
name = "Carsten Burstedde";
keys = [
{
longkeyid = "rsa2048/0x0704CD9E550A6BCD";
fingerprint = "1127 A432 6524 BF02 737B 544E 0704 CD9E 550A 6BCD";
}
];
keys = [{
longkeyid = "rsa2048/0x0704CD9E550A6BCD";
fingerprint = "1127 A432 6524 BF02 737B 544E 0704 CD9E 550A 6BCD";
}];
};
cdepillabout = {
email = "cdep.illabout@gmail.com";
@ -2309,6 +2320,13 @@
githubId = 5561189;
name = "Cody Opel";
};
Cogitri = {
email = "oss@cogitri.dev";
github = "Cogitri";
githubId = 8766773;
matrix = "@cogitri:cogitri.dev";
name = "Rasmus Thomsen";
};
cohei = {
email = "a.d.xvii.kal.mai@gmail.com";
github = "cohei";
@ -2381,6 +2399,13 @@
githubId = 11145016;
name = "J.C.";
};
congee = {
email = "changshengwu@pm.me";
matrix = "@congeec:matrix.org";
github = "congee";
name = "Changsheng Wu";
githubId = 2083950;
};
contrun = {
email = "uuuuuu@protonmail.com";
github = "contrun";
@ -3380,6 +3405,12 @@
githubId = 18535642;
name = "Emily";
};
emilytrau = {
name = "Emily Trau";
email = "nix@angus.ws";
github = "emilytrau";
githubId = 13267947;
};
enderger = {
email = "endergeryt@gmail.com";
github = "enderger";
@ -3545,7 +3576,7 @@
name = "Leo Maroni";
};
emmanuelrosa = {
email = "emmanuel_rosa@aol.com";
email = "emmanuelrosa@protonmail.com";
matrix = "@emmanuelrosa:matrix.org";
github = "emmanuelrosa";
githubId = 13485450;
@ -3735,6 +3766,12 @@
githubId = 222467;
name = "Dmitry Ivanov";
};
Etjean = {
email = "et.jean@outlook.fr";
github = "Etjean";
githubId = 32169529;
name = "Etienne Jean";
};
etu = {
email = "elis@hirwing.se";
matrix = "@etu:semi.social";
@ -3917,6 +3954,12 @@
githubId = 1276854;
name = "Florian Peter";
};
fbeffa = {
email = "beffa@fbengineering.ch";
github = "fedeinthemix";
githubId = 7670450;
name = "Federico Beffa";
};
fbrs = {
email = "yuuki@protonmail.com";
github = "cideM";
@ -4009,6 +4052,12 @@
github = "fitzgibbon";
githubId = 617048;
};
fkautz = {
name = "Frederick F. Kautz IV";
email = "fkautz@alumni.cmu.edu";
github = "fkautz";
githubId = 135706;
};
Flakebi = {
email = "flakebi@t-online.de";
github = "Flakebi";
@ -4395,6 +4444,12 @@
githubId = 27668;
name = "Tobias Pflug";
};
gin66 = {
email = "jochen@kiemes.de";
github = "gin66";
githubId = 5549373;
name = "Jochen Kiemes";
};
giogadi = {
email = "lgtorres42@gmail.com";
github = "giogadi";
@ -4474,7 +4529,7 @@
gordias = {
name = "Gordias";
email = "gordias@disroot.org";
github = "NotGordias";
github = "gordiasdot";
githubId = 94724133;
keys = [{
longkeyid = "ed25519/0x5D47284830FAA4FA";
@ -5455,6 +5510,12 @@
githubId = 221929;
name = "Jean-Baptiste Giraudeau";
};
jc = {
name = "Josh Cooper";
email = "josh@cooper.is";
github = "joshua-cooper";
githubId = 35612334;
};
jceb = {
name = "jceb";
email = "jceb@e-jc.de";
@ -5583,6 +5644,16 @@
githubId = 143075;
name = "James Felix Black";
};
jfchevrette = {
email = "jfchevrette@gmail.com";
github = "jfchevrette";
githubId = 3001;
name = "Jean-Francois Chevrette";
keys = [{
longkeyid = "rsa4096/0x67A0585801290DC6";
fingerprint = "B612 96A9 498E EECD D5E9 C0F0 67A0 5858 0129 0DC6";
}];
};
jflanglois = {
email = "yourstruly@julienlanglois.me";
github = "jflanglois";
@ -5965,6 +6036,12 @@
githubId = 4611077;
name = "Raymond Gauthier";
};
jrpotter = {
email = "jrpotter2112@gmail.com";
github = "jrpotter";
githubId = 3267697;
name = "Joshua Potter";
};
jschievink = {
email = "jonasschievink@gmail.com";
matrix = "@jschievink:matrix.org";
@ -5984,6 +6061,13 @@
githubId = 107689;
name = "Josh Holland";
};
jsierles = {
email = "joshua@hey.com";
matrix = "@jsierles:matrix.org";
name = "Joshua Sierles";
github = "jsierles";
githubId = 82;
};
jtcoolen = {
email = "jtcoolen@pm.me";
name = "Julien Coolen";
@ -6013,6 +6097,12 @@
githubId = 810075;
name = "Juan Rodal";
};
juboba = {
email = "juboba@gmail.com";
github = "juboba";
githubId = 1189739;
name = "Julio Borja Barra";
};
juliendehos = {
email = "dehos@lisic.univ-littoral.fr";
github = "juliendehos";
@ -6061,6 +6151,16 @@
githubId = 2396926;
name = "Justin Woo";
};
jvanbruegge = {
email = "supermanitu@gmail.com";
github = "jvanbruegge";
githubId = 1529052;
name = "Jan van Brügge";
keys = [{
longkeyid = "rsa4096/0x366572BE7D6C78A2";
fingerprint = "3513 5CE5 77AD 711F 3825 9A99 3665 72BE 7D6C 78A2";
}];
};
jwatt = {
email = "jwatt@broken.watch";
github = "jjwatt";
@ -6256,6 +6356,12 @@
githubId = 209729;
name = "Kevin Griffin";
};
kevink = {
email = "kevin@kevink.dev";
github = "Unkn0wnCat";
githubId = 8211181;
name = "Kevin Kandlbinder";
};
kfollesdal = {
email = "kfollesdal@gmail.com";
github = "kfollesdal";
@ -6371,7 +6477,7 @@
keys = [{
longkeyid = "rsa4096/0x7248991EFA8EFBEE";
fingerprint = "01F5 0A29 D4AA 9117 5A11 BDB1 7248 991E FA8E FBEE";
}];
}];
};
kiwi = {
email = "envy1988@gmail.com";
@ -6519,6 +6625,12 @@
githubId = 787421;
name = "Kevin Quick";
};
kradalby = {
name = "Kristoffer Dalby";
email = "kristoffer@dalby.cc";
github = "kradalby";
githubId = 98431;
};
kraem = {
email = "me@kraem.xyz";
github = "kraem";
@ -7026,7 +7138,13 @@
email = "nullarequest@vivlaid.net";
github = "Lunarequest";
githubId = 30698906;
name = "Advaith Madhukar"; #this is my legal name, I prefer Luna; please keep that in mind!
name = "Luna D Dragon";
};
LunNova = {
email = "nixpkgs-maintainer@lunnova.dev";
github = "LunNova";
githubId = 782440;
name = "Luna Nova";
};
lionello = {
email = "lio@lunesu.com";
@ -7499,16 +7617,6 @@
githubId = 29855073;
name = "Michael Colicchia";
};
matdsoupe = {
github = "matdsoupe";
githubId = 44469426;
name = "Matheus de Souza Pessanha";
email = "matheus_pessanha2001@outlook.com";
keys = [{
longkeyid = "rsa4096/0x2671964AB1E06A08";
fingerprint = "2F32 CFEF E11A D73B A740 FA47 2671 964A B1E0 6A08";
}];
};
matejc = {
email = "cotman.matej@gmail.com";
github = "matejc";
@ -7909,6 +8017,12 @@
fingerprint = "FEF0 AE2D 5449 3482 5F06 40AA 186A 1EDA C5C6 3F83";
}];
};
mihnea-s = {
email = "mihn.stn@gmail.com";
github = "mihnea-s";
githubId = 43088426;
name = "Mihnea Stoian";
};
mikefaille = {
email = "michael@faille.io";
github = "mikefaille";
@ -8023,13 +8137,6 @@
githubId = 1001112;
name = "Marcin Janczyk";
};
mjlbach = {
email = "m.j.lbach@gmail.com";
matrix = "@atrius:matrix.org";
github = "mjlbach";
githubId = 13316262;
name = "Michael Lingelbach";
};
mjp = {
email = "mike@mythik.co.uk";
github = "MikePlayle";
@ -8535,6 +8642,12 @@
githubId = 3747396;
name = "Nathan Isom";
};
nelsonjeppesen = {
email = "nix@jeppesen.io";
github = "NelsonJeppesen";
githubId = 50854675;
name = "Nelson Jeppesen";
};
neonfuz = {
email = "neonfuz@gmail.com";
github = "neonfuz";
@ -8588,6 +8701,12 @@
githubId = 7845120;
name = "Alex Martens";
};
nialov = {
email = "nikolasovaskainen@gmail.com";
github = "nialov";
githubId = 47318483;
name = "Nikolas Ovaskainen";
};
nikitavoloboev = {
email = "nikita.voloboev@gmail.com";
github = "nikitavoloboev";
@ -8826,9 +8945,9 @@
githubId = 2946283;
name = "Brian Cohen";
};
novoxudonoser = {
novoxd = {
email = "radnovox@gmail.com";
github = "novoxudonoser";
github = "novoxd";
githubId = 6052922;
name = "Kirill Struokov";
};
@ -9773,6 +9892,12 @@
githubId = 20524473;
name = "Psyanticy";
};
psydvl = {
email = "psydvl@fea.st";
github = "psydvl";
githubId = 43755002;
name = "Dmitriy P";
};
ptival = {
email = "valentin.robert.42@gmail.com";
github = "Ptival";
@ -10007,6 +10132,20 @@
githubId = 16624;
name = "Maxim Ivanov";
};
reckenrode = {
name = "Randy Eckenrode";
email = "randy@largeandhighquality.com";
matrix = "@reckenrode:matrix.org";
github = "reckenrode";
githubId = 7413633;
keys = [
# compare with https://keybase.io/reckenrode
{
longkeyid = "ed25519/0xFBF19A982CCE0048";
fingerprint = "01D7 5486 3A6D 64EA AC77 0D26 FBF1 9A98 2CCE 0048";
}
];
};
redfish64 = {
email = "engler@gmail.com";
github = "redfish64";
@ -10624,14 +10763,20 @@
name = "Samuel Dionne-Riel";
};
samuelgrf = {
email = "git@samuelgrf.com";
email = "s@muel.gr";
github = "samuelgrf";
githubId = 67663538;
name = "Samuel Gräfenstein";
keys = [{
longkeyid = "rsa4096/0xEF76A063F15C63C8";
fingerprint = "FF24 5832 8FAF 4660 18C6 186E EF76 A063 F15C 63C8";
}];
keys = [
{
longkeyid = "rsa4096/0xDE75F92E318123F0";
fingerprint = "6F2E 2A90 423C 8111 BFF2 895E DE75 F92E 3181 23F0";
}
{
longkeyid = "rsa4096/0xEF76A063F15C63C8";
fingerprint = "FF24 5832 8FAF 4660 18C6 186E EF76 A063 F15C 63C8";
}
];
};
samuelrivas = {
email = "samuelrivas@gmail.com";
@ -10969,6 +11114,16 @@
github = "shikanime";
githubId = 22115108;
};
shiryel = {
email = "contact@shiryel.com";
name = "Shiryel";
github = "shiryel";
githubId = 35617139;
keys = [{
longkeyid = "ed25519/0xC4041EA6B32633DE";
fingerprint = "AB63 4CD9 3322 BD42 6231 F764 C404 1EA6 B326 33DE";
}];
};
shlevy = {
email = "shea@shealevy.com";
github = "shlevy";
@ -11512,10 +11667,10 @@
name = "Justus K";
};
SubhrajyotiSen = {
email = "subhrajyoti12@gmail.com";
github = "SubhrajyotiSen";
githubId = 12984845;
name = "Subhrajyoti Sen";
email = "subhrajyoti12@gmail.com";
github = "SubhrajyotiSen";
githubId = 12984845;
name = "Subhrajyoti Sen";
};
suhr = {
email = "suhr@i2pmail.org";
@ -11535,6 +11690,13 @@
githubId = 2666479;
name = "Y Nguyen";
};
superherointj = {
name = "Sérgio G.";
email = "5861043+superherointj@users.noreply.github.com";
matrix = "@superherointj:matrix.org";
github = "superherointj";
githubId = 5861043;
};
SuperSandro2000 = {
email = "sandro.jaeckel@gmail.com";
matrix = "@sandro:supersandro.de";
@ -11775,6 +11937,13 @@
githubId = 863327;
name = "Tyler Benster";
};
tboerger = {
email = "thomas@webhippie.de";
matrix = "@tboerger:matrix.org";
github = "tboerger";
githubId = 156964;
name = "Thomas Boerger";
};
tcbravo = {
email = "tomas.bravo@protonmail.ch";
github = "tcbravo";
@ -12037,7 +12206,7 @@
name = "Tiago Castro";
};
tilcreator = {
name = "Tilman Jackel";
name = "TilCreator";
email = "contact.nixos@tc-j.de";
matrix = "@tilcreator:matrix.org";
github = "TilCreator";
@ -12134,6 +12303,7 @@
};
toastal = {
email = "toastal+nix@posteo.net";
matrix = "@toastal:matrix.org";
github = "toastal";
githubId = 561087;
name = "toastal";
@ -13073,6 +13243,12 @@
githubId = 1297598;
name = "Konrad Borowski";
};
xgroleau = {
email = "xgroleau@gmail.com";
github = "xgroleau";
githubId = 31734358;
name = "Xavier Groleau";
};
xiorcale = {
email = "quentin.vaucher@pm.me";
github = "xiorcale";
@ -13129,7 +13305,7 @@
};
yana = {
email = "yana@riseup.net";
github = "alpakido";
github = "sowelisuwi";
githubId = 1643293;
name = "Yana Timoshenko";
};
@ -13583,10 +13759,10 @@
github = "nagisa";
githubId = 679122;
};
yevhenshymotiuk = {
yshym = {
name = "Yevhen Shymotiuk";
email = "yevhenshymotiuk@gmail.com";
github = "yevhenshymotiuk";
email = "yshym@pm.me";
github = "yshym";
githubId = 44244245;
};
hmenke = {
@ -13710,6 +13886,16 @@
github = "zeri42";
githubId = 68825133;
};
zoedsoupe = {
github = "zoedsoupe";
githubId = 44469426;
name = "Zoey de Souza Pessanha";
email = "zoey.spessanha@outlook.com";
keys = [{
longkeyid = "rsa4096/0x1E1E889CDBD6A315";
fingerprint = "EAA1 51DB 472B 0122 109A CB17 1E1E 889C DBD6 A315";
}];
};
zombiezen = {
name = "Ross Light";
email = "ross@zombiezen.com";
@ -13773,4 +13959,16 @@
fingerprint = "3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE";
}];
};
ameer = {
name = "Ameer Taweel";
email = "ameertaweel2002@gmail.com";
github = "AmeerTaweel";
githubId = 20538273;
};
nigelgbanks = {
name = "Nigel Banks";
email = "nigel.g.banks@gmail.com";
github = "nigelgbanks";
githubId = 487373;
};
}

10
maintainers/team-list.nix
View File

@ -214,7 +214,6 @@ with lib.maintainers; {
mguentner
ekleog
ralith
mjlbach
dandellion
sumnerevans
];
@ -223,7 +222,7 @@ with lib.maintainers; {
openstack = {
members = [
angustrau
emilytrau
SuperSandro2000
];
scope = "Maintain the ecosystem around OpenStack";
@ -278,6 +277,13 @@ with lib.maintainers; {
scope = "Maintain SageMath and the dependencies that are likely to break it.";
};
sphinx = {
members = [
SuperSandro2000
];
scope = "Maintain Sphinx related packages.";
};
serokell = {
# Verify additions by approval of an already existing member of the team.
members = [

72
nixos/doc/manual/development/activation-script.section.md Normal file
View File

@ -0,0 +1,72 @@
# Activation script {#sec-activation-script}
The activation script is a bash script called to activate the new
configuration which resides in a NixOS system in `$out/activate`. Since its
contents depend on your system configuration, the contents may differ.
This chapter explains how the script works in general and some common NixOS
snippets. Please be aware that the script is executed on every boot and system
switch, so tasks that can be performed in other places should be performed
there (for example letting a directory of a service be created by systemd using
mechanisms like `StateDirectory`, `CacheDirectory`, ... or if that's not
possible using `preStart` of the service).
Activation scripts are defined as snippets using
[](#opt-system.activationScripts). They can either be a simple multiline string
or an attribute set that can depend on other snippets. The builder for the
activation script will take these dependencies into account and order the
snippets accordingly. As a simple example:
```nix
system.activationScripts.my-activation-script = {
deps = [ "etc" ];
# supportsDryActivation = true;
text = ''
echo "Hallo i bims"
'';
};
```
This example creates an activation script snippet that is run after the `etc`
snippet. The special variable `supportsDryActivation` can be set so the snippet
is also run when `nixos-rebuild dry-activate` is run. To differentiate between
real and dry activation, the `$NIXOS_ACTION` environment variable can be
read which is set to `dry-activate` when a dry activation is done.
An activation script can write to special files instructing
`switch-to-configuration` to restart/reload units. The script will take these
requests into account and will incorperate the unit configuration as described
above. This means that the activation script will "fake" a modified unit file
and `switch-to-configuration` will act accordingly. By doing so, configuration
like [systemd.services.\<name\>.restartIfChanged](#opt-systemd.services) is
respected. Since the activation script is run **after** services are already
stopped, [systemd.services.\<name\>.stopIfChanged](#opt-systemd.services)
cannot be taken into account anymore and the unit is always restarted instead
of being stopped and started afterwards.
The files that can be written to are `/run/nixos/activation-restart-list` and
`/run/nixos/activation-reload-list` with their respective counterparts for
dry activation being `/run/nixos/dry-activation-restart-list` and
`/run/nixos/dry-activation-reload-list`. Those files can contain
newline-separated lists of unit names where duplicates are being ignored. These
files are not create automatically and activation scripts must take the
possiblility into account that they have to create them first.
## NixOS snippets {#sec-activation-script-nixos-snippets}
There are some snippets NixOS enables by default because disabling them would
most likely break you system. This section lists a few of them and what they
do:
- `binsh` creates `/bin/sh` which points to the runtime shell
- `etc` sets up the contents of `/etc`, this includes systemd units and
excludes `/etc/passwd`, `/etc/group`, and `/etc/shadow` (which are managed by
the `users` snippet)
- `hostname` sets the system's hostname in the kernel (not in `/etc`)
- `modprobe` sets the path to the `modprobe` binary for module auto-loading
- `nix` prepares the nix store and adds a default initial channel
- `specialfs` is responsible for mounting filesystems like `/proc` and `sys`
- `users` creates and removes users and groups by managing `/etc/passwd`,
`/etc/group` and `/etc/shadow`. This also creates home directories
- `usrbinenv` creates `/usr/bin/env`
- `var` creates some directories in `/var` that are not service-specific
- `wrappers` creates setuid wrappers like `ping` and `sudo`

1
nixos/doc/manual/development/development.xml
View File

@ -12,6 +12,7 @@
<xi:include href="../from_md/development/sources.chapter.xml" />
<xi:include href="../from_md/development/writing-modules.chapter.xml" />
<xi:include href="../from_md/development/building-parts.chapter.xml" />
<xi:include href="../from_md/development/what-happens-during-a-system-switch.chapter.xml" />
<xi:include href="../from_md/development/writing-documentation.chapter.xml" />
<xi:include href="../from_md/development/building-nixos.chapter.xml" />
<xi:include href="../from_md/development/nixos-tests.chapter.xml" />

6
nixos/doc/manual/development/option-types.section.md
View File

@ -250,6 +250,12 @@ Composed types are types that take a type as parameter. `listOf
: Ensures that type *`t`* cannot be merged. It is used to ensure option
definitions are declared only once.
`types.unique` `{ message = m }` *`t`*
: Ensures that type *`t`* cannot be merged. Prints the message *`m`*, after
the line `The option <option path> is defined multiple times.` and before
a list of definition locations.
`types.either` *`t1 t2`*
: Type *`t1`* or type *`t2`*, e.g. `with types; either int str`.

4
nixos/doc/manual/development/running-nixos-tests-interactively.section.md
View File

@ -5,7 +5,7 @@ when developing or debugging a test:
```ShellSession
$ nix-build . -A nixosTests.login.driverInteractive
$ ./result/bin/nixos-test-driver --interactive
$ ./result/bin/nixos-test-driver
[...]
>>>
```
@ -28,7 +28,7 @@ You can re-use the VM states coming from a previous run by setting the
`--keep-vm-state` flag.
```ShellSession
$ ./result/bin/nixos-test-driver --interactive --keep-vm-state
$ ./result/bin/nixos-test-driver --keep-vm-state
```
The machine state is stored in the `$TMPDIR/vm-state-machinename`

4
nixos/doc/manual/development/running-nixos-tests.section.md
View File

@ -24,8 +24,8 @@ After building/downloading all required dependencies, this will perform
a build that starts a QEMU/KVM virtual machine containing a NixOS
system. The virtual machine mounts the Nix store of the host; this makes
VM creation very fast, as no disk image needs to be created. Afterwards,
you can view a pretty-printed log of the test:
you can view a log of the test:
```ShellSession
$ firefox result/log.html
$ nix-store --read-log result
```

57
nixos/doc/manual/development/unit-handling.section.md Normal file
View File

@ -0,0 +1,57 @@
# Unit handling {#sec-unit-handling}
To figure out what units need to be started/stopped/restarted/reloaded, the
script first checks the current state of the system, similar to what `systemctl
list-units` shows. For each of the units, the script goes through the following
checks:
- Is the unit file still in the new system? If not, **stop** the service unless
it sets `X-StopOnRemoval` in the `[Unit]` section to `false`.
- Is it a `.target` unit? If so, **start** it unless it sets
`RefuseManualStart` in the `[Unit]` section to `true` or `X-OnlyManualStart`
in the `[Unit]` section to `true`. Also **stop** the unit again unless it
sets `X-StopOnReconfiguration` to `false`.
- Are the contents of the unit files different? They are compared by parsing
them and comparing their contents. If they are different but only
`X-Reload-Triggers` in the `[Unit]` section is changed, **reload** the unit.
The NixOS module system allows setting these triggers with the option
[systemd.services.\<name\>.reloadTriggers](#opt-systemd.services). If the
unit files differ in any way, the following actions are performed:
- `.path` and `.slice` units are ignored. There is no need to restart them
since changes in their values are applied by systemd when systemd is
reloaded.
- `.mount` units are **reload**ed. These mostly come from the `/etc/fstab`
parser.
- `.socket` units are currently ignored. This is to be fixed at a later
point.
- The rest of the units (mostly `.service` units) are then **reload**ed if
`X-ReloadIfChanged` in the `[Service]` section is set to `true` (exposed
via [systemd.services.\<name\>.reloadIfChanged](#opt-systemd.services)).
- If the reload flag is not set, some more flags decide if the unit is
skipped. These flags are `X-RestartIfChanged` in the `[Service]` section
(exposed via
[systemd.services.\<name\>.restartIfChanged](#opt-systemd.services)),
`RefuseManualStop` in the `[Unit]` section, and `X-OnlyManualStart` in the
`[Unit]` section.
- The rest of the behavior is decided whether the unit has `X-StopIfChanged`
in the `[Service]` section set (exposed via
[systemd.services.\<name\>.stopIfChanged](#opt-systemd.services)). This is
set to `true` by default and must be explicitly turned off if not wanted.
If the flag is enabled, the unit is **stop**ped and then **start**ed. If
not, the unit is **restart**ed. The goal of the flag is to make sure that
the new unit never runs in the old environment which is still in place
before the activation script is run.
- The last thing that is taken into account is whether the unit is a service
and socket-activated. Due to a bug, this is currently only done when
`X-StopIfChanged` is set. If the unit is socket-activated, the socket is
stopped and started, and the service is stopped and to be started by socket
activation.

53
nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md Normal file
View File

@ -0,0 +1,53 @@
# What happens during a system switch? {#sec-switching-systems}
Running `nixos-rebuild switch` is one of the more common tasks under NixOS.
This chapter explains some of the internals of this command to make it simpler
for new module developers to configure their units correctly and to make it
easier to understand what is happening and why for curious administrators.
`nixos-rebuild`, like many deployment solutions, calls `switch-to-configuration`
which resides in a NixOS system at `$out/bin/switch-to-configuration`. The
script is called with the action that is to be performed like `switch`, `test`,
`boot`. There is also the `dry-activate` action which does not really perform
the actions but rather prints what it would do if you called it with `test`.
This feature can be used to check what service states would be changed if the
configuration was switched to.
If the action is `switch` or `boot`, the bootloader is updated first so the
configuration will be the next one to boot. Unless `NIXOS_NO_SYNC` is set to
`1`, `/nix/store` is synced to disk.
If the action is `switch` or `test`, the currently running system is inspected
and the actions to switch to the new system are calculated. This process takes
two data sources into account: `/etc/fstab` and the current systemd status.
Mounts and swaps are read from `/etc/fstab` and the corresponding actions are
generated. If a new mount is added, for example, the proper `.mount` unit is
marked to be started. The current systemd state is inspected, the difference
between the current system and the desired configuration is calculated and
actions are generated to get to this state. There are a lot of nuances that can
be controlled by the units which are explained here.
After calculating what should be done, the actions are carried out. The order
of actions is always the same:
- Stop units (`systemctl stop`)
- Run activation script (`$out/activate`)
- See if the activation script requested more units to restart
- Restart systemd if needed (`systemd daemon-reexec`)
- Forget about the failed state of units (`systemctl reset-failed`)
- Reload systemd (`systemctl daemon-reload`)
- Reload systemd user instances (`systemctl --user daemon-reload`)
- Set up tmpfiles (`systemd-tmpfiles --create`)
- Reload units (`systemctl reload`)
- Restart units (`systemctl restart`)
- Start units (`systemctl start`)
- Inspect what changed during these actions and print units that failed and
that were newly started
Most of these actions are either self-explaining but some of them have to do
with our units or the activation script. For this reason, these topics are
explained in the next sections.
```{=docbook}
<xi:include href="unit-handling.section.xml" />
<xi:include href="activation-script.section.xml" />
```

150
nixos/doc/manual/from_md/development/activation-script.section.xml Normal file
View File

@ -0,0 +1,150 @@
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-activation-script">
<title>Activation script</title>
<para>
The activation script is a bash script called to activate the new
configuration which resides in a NixOS system in
<literal>$out/activate</literal>. Since its contents depend on your
system configuration, the contents may differ. This chapter explains
how the script works in general and some common NixOS snippets.
Please be aware that the script is executed on every boot and system
switch, so tasks that can be performed in other places should be
performed there (for example letting a directory of a service be
created by systemd using mechanisms like
<literal>StateDirectory</literal>,
<literal>CacheDirectory</literal>, … or if thats not possible using
<literal>preStart</literal> of the service).
</para>
<para>
Activation scripts are defined as snippets using
<xref linkend="opt-system.activationScripts" />. They can either be
a simple multiline string or an attribute set that can depend on
other snippets. The builder for the activation script will take
these dependencies into account and order the snippets accordingly.
As a simple example:
</para>
<programlisting language="bash">
system.activationScripts.my-activation-script = {
deps = [ &quot;etc&quot; ];
# supportsDryActivation = true;
text = ''
echo &quot;Hallo i bims&quot;
'';
};
</programlisting>
<para>
This example creates an activation script snippet that is run after
the <literal>etc</literal> snippet. The special variable
<literal>supportsDryActivation</literal> can be set so the snippet
is also run when <literal>nixos-rebuild dry-activate</literal> is
run. To differentiate between real and dry activation, the
<literal>$NIXOS_ACTION</literal> environment variable can be read
which is set to <literal>dry-activate</literal> when a dry
activation is done.
</para>
<para>
An activation script can write to special files instructing
<literal>switch-to-configuration</literal> to restart/reload units.
The script will take these requests into account and will
incorperate the unit configuration as described above. This means
that the activation script will <quote>fake</quote> a modified unit
file and <literal>switch-to-configuration</literal> will act
accordingly. By doing so, configuration like
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.restartIfChanged</link>
is respected. Since the activation script is run
<emphasis role="strong">after</emphasis> services are already
stopped,
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.stopIfChanged</link>
cannot be taken into account anymore and the unit is always
restarted instead of being stopped and started afterwards.
</para>
<para>
The files that can be written to are
<literal>/run/nixos/activation-restart-list</literal> and
<literal>/run/nixos/activation-reload-list</literal> with their
respective counterparts for dry activation being
<literal>/run/nixos/dry-activation-restart-list</literal> and
<literal>/run/nixos/dry-activation-reload-list</literal>. Those
files can contain newline-separated lists of unit names where
duplicates are being ignored. These files are not create
automatically and activation scripts must take the possiblility into
account that they have to create them first.
</para>
<section xml:id="sec-activation-script-nixos-snippets">
<title>NixOS snippets</title>
<para>
There are some snippets NixOS enables by default because disabling
them would most likely break you system. This section lists a few
of them and what they do:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>binsh</literal> creates <literal>/bin/sh</literal>
which points to the runtime shell
</para>
</listitem>
<listitem>
<para>
<literal>etc</literal> sets up the contents of
<literal>/etc</literal>, this includes systemd units and
excludes <literal>/etc/passwd</literal>,
<literal>/etc/group</literal>, and
<literal>/etc/shadow</literal> (which are managed by the
<literal>users</literal> snippet)
</para>
</listitem>
<listitem>
<para>
<literal>hostname</literal> sets the systems hostname in the
kernel (not in <literal>/etc</literal>)
</para>
</listitem>
<listitem>
<para>
<literal>modprobe</literal> sets the path to the
<literal>modprobe</literal> binary for module auto-loading
</para>
</listitem>
<listitem>
<para>
<literal>nix</literal> prepares the nix store and adds a
default initial channel
</para>
</listitem>
<listitem>
<para>
<literal>specialfs</literal> is responsible for mounting
filesystems like <literal>/proc</literal> and
<literal>sys</literal>
</para>
</listitem>
<listitem>
<para>
<literal>users</literal> creates and removes users and groups
by managing <literal>/etc/passwd</literal>,
<literal>/etc/group</literal> and
<literal>/etc/shadow</literal>. This also creates home
directories
</para>
</listitem>
<listitem>
<para>
<literal>usrbinenv</literal> creates
<literal>/usr/bin/env</literal>
</para>
</listitem>
<listitem>
<para>
<literal>var</literal> creates some directories in
<literal>/var</literal> that are not service-specific
</para>
</listitem>
<listitem>
<para>
<literal>wrappers</literal> creates setuid wrappers like
<literal>ping</literal> and <literal>sudo</literal>
</para>
</listitem>
</itemizedlist>
</section>
</section>

16
nixos/doc/manual/from_md/development/option-types.section.xml
View File

@ -496,6 +496,22 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>types.unique</literal>
<literal>{ message = m }</literal>
<emphasis><literal>t</literal></emphasis>
</term>
<listitem>
<para>
Ensures that type <emphasis><literal>t</literal></emphasis>
cannot be merged. Prints the message
<emphasis><literal>m</literal></emphasis>, after the line
<literal>The option &lt;option path&gt; is defined multiple times.</literal>
and before a list of definition locations.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>types.either</literal>

4
nixos/doc/manual/from_md/development/running-nixos-tests-interactively.section.xml
View File

@ -6,7 +6,7 @@
</para>
<programlisting>
$ nix-build . -A nixosTests.login.driverInteractive
$ ./result/bin/nixos-test-driver --interactive
$ ./result/bin/nixos-test-driver
[...]
&gt;&gt;&gt;
</programlisting>
@ -30,7 +30,7 @@ $ ./result/bin/nixos-test-driver --interactive
the <literal>--keep-vm-state</literal> flag.
</para>
<programlisting>
$ ./result/bin/nixos-test-driver --interactive --keep-vm-state
$ ./result/bin/nixos-test-driver --keep-vm-state
</programlisting>
<para>
The machine state is stored in the

4
nixos/doc/manual/from_md/development/running-nixos-tests.section.xml
View File

@ -26,9 +26,9 @@ machine: QEMU running (pid 8841)
perform a build that starts a QEMU/KVM virtual machine containing a
NixOS system. The virtual machine mounts the Nix store of the host;
this makes VM creation very fast, as no disk image needs to be
created. Afterwards, you can view a pretty-printed log of the test:
created. Afterwards, you can view a log of the test:
</para>
<programlisting>
$ firefox result/log.html
$ nix-store --read-log result
</programlisting>
</section>

119
nixos/doc/manual/from_md/development/unit-handling.section.xml Normal file
View File

@ -0,0 +1,119 @@
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-unit-handling">
<title>Unit handling</title>
<para>
To figure out what units need to be
started/stopped/restarted/reloaded, the script first checks the
current state of the system, similar to what
<literal>systemctl list-units</literal> shows. For each of the
units, the script goes through the following checks:
</para>
<itemizedlist>
<listitem>
<para>
Is the unit file still in the new system? If not,
<emphasis role="strong">stop</emphasis> the service unless it
sets <literal>X-StopOnRemoval</literal> in the
<literal>[Unit]</literal> section to <literal>false</literal>.
</para>
</listitem>
<listitem>
<para>
Is it a <literal>.target</literal> unit? If so,
<emphasis role="strong">start</emphasis> it unless it sets
<literal>RefuseManualStart</literal> in the
<literal>[Unit]</literal> section to <literal>true</literal> or
<literal>X-OnlyManualStart</literal> in the
<literal>[Unit]</literal> section to <literal>true</literal>.
Also <emphasis role="strong">stop</emphasis> the unit again
unless it sets <literal>X-StopOnReconfiguration</literal> to
<literal>false</literal>.
</para>
</listitem>
<listitem>
<para>
Are the contents of the unit files different? They are compared
by parsing them and comparing their contents. If they are
different but only <literal>X-Reload-Triggers</literal> in the
<literal>[Unit]</literal> section is changed,
<emphasis role="strong">reload</emphasis> the unit. The NixOS
module system allows setting these triggers with the option
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.reloadTriggers</link>.
If the unit files differ in any way, the following actions are
performed:
</para>
<itemizedlist>
<listitem>
<para>
<literal>.path</literal> and <literal>.slice</literal> units
are ignored. There is no need to restart them since changes
in their values are applied by systemd when systemd is
reloaded.
</para>
</listitem>
<listitem>
<para>
<literal>.mount</literal> units are
<emphasis role="strong">reload</emphasis>ed. These mostly
come from the <literal>/etc/fstab</literal> parser.
</para>
</listitem>
<listitem>
<para>
<literal>.socket</literal> units are currently ignored. This
is to be fixed at a later point.
</para>
</listitem>
<listitem>
<para>
The rest of the units (mostly <literal>.service</literal>
units) are then <emphasis role="strong">reload</emphasis>ed
if <literal>X-ReloadIfChanged</literal> in the
<literal>[Service]</literal> section is set to
<literal>true</literal> (exposed via
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.reloadIfChanged</link>).
</para>
</listitem>
<listitem>
<para>
If the reload flag is not set, some more flags decide if the
unit is skipped. These flags are
<literal>X-RestartIfChanged</literal> in the
<literal>[Service]</literal> section (exposed via
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.restartIfChanged</link>),
<literal>RefuseManualStop</literal> in the
<literal>[Unit]</literal> section, and
<literal>X-OnlyManualStart</literal> in the
<literal>[Unit]</literal> section.
</para>
</listitem>
<listitem>
<para>
The rest of the behavior is decided whether the unit has
<literal>X-StopIfChanged</literal> in the
<literal>[Service]</literal> section set (exposed via
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.stopIfChanged</link>).
This is set to <literal>true</literal> by default and must
be explicitly turned off if not wanted. If the flag is
enabled, the unit is
<emphasis role="strong">stop</emphasis>ped and then
<emphasis role="strong">start</emphasis>ed. If not, the unit
is <emphasis role="strong">restart</emphasis>ed. The goal of
the flag is to make sure that the new unit never runs in the
old environment which is still in place before the
activation script is run.
</para>
</listitem>
<listitem>
<para>
The last thing that is taken into account is whether the
unit is a service and socket-activated. Due to a bug, this
is currently only done when
<literal>X-StopIfChanged</literal> is set. If the unit is
socket-activated, the socket is stopped and started, and the
service is stopped and to be started by socket activation.
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>

122
nixos/doc/manual/from_md/development/what-happens-during-a-system-switch.chapter.xml Normal file
View File

@ -0,0 +1,122 @@
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" xml:id="sec-switching-systems">
<title>What happens during a system switch?</title>
<para>
Running <literal>nixos-rebuild switch</literal> is one of the more
common tasks under NixOS. This chapter explains some of the
internals of this command to make it simpler for new module
developers to configure their units correctly and to make it easier
to understand what is happening and why for curious administrators.
</para>
<para>
<literal>nixos-rebuild</literal>, like many deployment solutions,
calls <literal>switch-to-configuration</literal> which resides in a
NixOS system at <literal>$out/bin/switch-to-configuration</literal>.
The script is called with the action that is to be performed like
<literal>switch</literal>, <literal>test</literal>,
<literal>boot</literal>. There is also the
<literal>dry-activate</literal> action which does not really perform
the actions but rather prints what it would do if you called it with
<literal>test</literal>. This feature can be used to check what
service states would be changed if the configuration was switched
to.
</para>
<para>
If the action is <literal>switch</literal> or
<literal>boot</literal>, the bootloader is updated first so the
configuration will be the next one to boot. Unless
<literal>NIXOS_NO_SYNC</literal> is set to <literal>1</literal>,
<literal>/nix/store</literal> is synced to disk.
</para>
<para>
If the action is <literal>switch</literal> or
<literal>test</literal>, the currently running system is inspected
and the actions to switch to the new system are calculated. This
process takes two data sources into account:
<literal>/etc/fstab</literal> and the current systemd status. Mounts
and swaps are read from <literal>/etc/fstab</literal> and the
corresponding actions are generated. If a new mount is added, for
example, the proper <literal>.mount</literal> unit is marked to be
started. The current systemd state is inspected, the difference
between the current system and the desired configuration is
calculated and actions are generated to get to this state. There are
a lot of nuances that can be controlled by the units which are
explained here.
</para>
<para>
After calculating what should be done, the actions are carried out.
The order of actions is always the same:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Stop units (<literal>systemctl stop</literal>)
</para>
</listitem>
<listitem>
<para>
Run activation script (<literal>$out/activate</literal>)
</para>
</listitem>
<listitem>
<para>
See if the activation script requested more units to restart
</para>
</listitem>
<listitem>
<para>
Restart systemd if needed
(<literal>systemd daemon-reexec</literal>)
</para>
</listitem>
<listitem>
<para>
Forget about the failed state of units
(<literal>systemctl reset-failed</literal>)
</para>
</listitem>
<listitem>
<para>
Reload systemd (<literal>systemctl daemon-reload</literal>)
</para>
</listitem>
<listitem>
<para>
Reload systemd user instances
(<literal>systemctl --user daemon-reload</literal>)
</para>
</listitem>
<listitem>
<para>
Set up tmpfiles (<literal>systemd-tmpfiles --create</literal>)
</para>
</listitem>
<listitem>
<para>
Reload units (<literal>systemctl reload</literal>)
</para>
</listitem>
<listitem>
<para>
Restart units (<literal>systemctl restart</literal>)
</para>
</listitem>
<listitem>
<para>
Start units (<literal>systemctl start</literal>)
</para>
</listitem>
<listitem>
<para>
Inspect what changed during these actions and print units that
failed and that were newly started
</para>
</listitem>
</itemizedlist>
<para>
Most of these actions are either self-explaining but some of them
have to do with our units or the activation script. For this reason,
these topics are explained in the next sections.
</para>
<xi:include href="unit-handling.section.xml" />
<xi:include href="activation-script.section.xml" />
</chapter>

4
nixos/doc/manual/from_md/installation/installing-pxe.section.xml
View File

@ -7,11 +7,11 @@
<para>
These instructions assume that you have an existing PXE or iPXE
infrastructure and simply want to add the NixOS installer as another
option. To build the necessary files from a recent version of
option. To build the necessary files from your current version of
nixpkgs, you can run:
</para>
<programlisting>
nix-build -A netboot.x86_64-linux nixos/release.nix
nix-build -A netboot.x86_64-linux '&lt;nixpkgs/nixos/release.nix&gt;'
</programlisting>
<para>
This will create a <literal>result</literal> directory containing: *

331
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
View File

@ -42,6 +42,14 @@
upgrade notes</link>.
</para>
</listitem>
<listitem>
<para>
systemd services can now set
<link linkend="opt-systemd.services">systemd.services.&lt;name&gt;.reloadTriggers</link>
instead of <literal>reloadIfChanged</literal> for a more
granular distinction between reloads and restarts.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-new-services">
@ -79,6 +87,12 @@
<link linkend="opt-services.filebeat.enable">services.filebeat</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/linux-apfs/linux-apfs-rw">apfs</link>,
a kernel module for mounting the Apple File System (APFS).
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://frrouting.org/">FRRouting</link>, a
@ -108,6 +122,14 @@
<link xlink:href="options.html#opt-services.powerdns-admin.enable">services.powerdns-admin</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/sezanzeb/input-remapper">input-remapper</link>,
an easy to use tool to change the mapping of your input device
buttons. Available at
<link xlink:href="options.html#opt-services.input-remapper.enable">services.input-remapper</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://invoiceplane.com">InvoicePlane</link>,
@ -138,6 +160,14 @@
<link linkend="opt-services.tetrd.enable">services.tetrd</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/mbrubeck/agate">agate</link>,
a very simple server for the Gemini hypertext protocol.
Available as
<link xlink:href="options.html#opt-services.agate.enable">services.agate</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm">ArchiSteamFarm</link>,
@ -162,6 +192,13 @@
<link linkend="opt-services.baget.enable">services.baget</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://moosefs.com">moosefs</link>, fault
tolerant petabyte distributed file system. Available as
<link linkend="opt-services.moosefs">moosefs</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/ThomasLeister/prosody-filer">prosody-filer</link>,
@ -169,6 +206,13 @@
<link linkend="opt-services.prosody-filer.enable">services.prosody-filer</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/audreyt/ethercalc">ethercalc</link>,
an online collaborative spreadsheet. Available as
<link xlink:href="options.html#opt-services.ethercalc.enable">services.ethercalc</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://timetagger.app">timetagger</link>,
@ -185,6 +229,22 @@
<link xlink:href="options.html#opt-services.rstudio-server.enable">services.rstudio-server</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/juanfont/headscale">headscale</link>,
an Open Source implementation of the
<link xlink:href="https://tailscale.io">Tailscale</link>
Control Server. Available as
<link xlink:href="options.html#opt-services.headscale.enable">services.headscale</link>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://0xerr0r.github.io/blocky/">blocky</link>,
fast and lightweight DNS proxy as ad-blocker for local network
with many features.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">
@ -211,6 +271,36 @@
<literal>haskellPackages.callPackage</literal>).
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.ghc.withPackages</literal> as well as
<literal>haskellPackages.ghcWithPackages</literal> etc. now
needs be overridden directly, as opposed to overriding the
result of calling it. Additionally, the
<literal>withLLVM</literal> parameter has been renamed to
<literal>useLLVM</literal>. So instead of
<literal>(ghc.withPackages (p: [])).override { withLLVM = true; }</literal>,
one needs to use
<literal>(ghc.withPackages.override { useLLVM = true; }) (p: [])</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>home-assistant</literal> module now requires
users that dont want their configuration to be managed
declaratively to set
<literal>services.home-assistant.config = null;</literal>.
This is required due to the way default settings are handled
with the new settings style.
</para>
<para>
Additionally the default list of
<literal>extraComponents</literal> now includes the minimal
dependencies to successfully complete the
<link xlink:href="https://www.home-assistant.io/getting-started/onboarding/">onboarding</link>
procedure.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.emacsPackages.orgPackages</literal> is removed
@ -228,6 +318,34 @@
removed due to it being an outdated version.
</para>
</listitem>
<listitem>
<para>
<literal>services.kubernetes.scheduler.{port,address}</literal>
now set <literal>--secure-port</literal> and
<literal>--bind-address</literal> instead of
<literal>--port</literal> and <literal>--address</literal>,
since the former have been deprecated and are no longer
functional in kubernetes&gt;=1.23. Ensure that you are not
relying on the insecure behaviour before upgrading.
</para>
</listitem>
<listitem>
<para>
The DHCP server (<literal>services.dhcpd4</literal>,
<literal>services.dhcpd6</literal>) has been hardened. The
service is now using the systemds
<literal>DynamicUser</literal> mechanism to run as an
unprivileged dynamically-allocated user with limited
capabilities. The dhcpd state files are now always stored in
<literal>/var/lib/dhcpd{4,6}</literal> and the
<literal>services.dhcpd4.stateDir</literal> and
<literal>service.dhcpd6.stateDir</literal> options have been
removed. If you were depending on root privileges or
set{uid,gid,cap} binaries in dhcpd shell hooks, you may give
dhcpd more capabilities with e.g.
<literal>systemd.services.dhcpd6.serviceConfig.AmbientCapabilities</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>mailpile</literal> email webclient
@ -271,6 +389,22 @@
<literal>writers.writePyPy2</literal> needs to be used.
</para>
</listitem>
<listitem>
<para>
<literal>buildGoModule</literal> was updated to use
<literal>go_1_17</literal>, third party derivations that
specify &gt;= go 1.17 in the main <literal>go.mod</literal>
will need to regenerate their <literal>vendorSha256</literal>
hash.
</para>
</listitem>
<listitem>
<para>
The <literal>gnome-passwordsafe</literal> package updated to
<link xlink:href="https://gitlab.gnome.org/World/secrets/-/tags/6.0">version
6.x</link> and renamed to <literal>gnome-secrets</literal>.
</para>
</listitem>
<listitem>
<para>
If you previously used
@ -279,6 +413,15 @@
<literal>virtualisation.docker.daemon.settings</literal>.
</para>
</listitem>
<listitem>
<para>
Ntopng (<literal>services.ntopng</literal>) is updated to
5.2.1 and uses a separate Redis instance if
<literal>system.stateVersion</literal> is at least
<literal>22.05</literal>. Existing setups shouldnt be
affected.
</para>
</listitem>
<listitem>
<para>
The backward compatibility in
@ -356,6 +499,19 @@
loaded.
</para>
</listitem>
<listitem>
<para>
The iputils package, which is installed by default, no longer
provides the legacy tools <literal>tftpd</literal> and
<literal>traceroute6</literal>. More tools
(<literal>ninfod</literal>, <literal>rarpd</literal>, and
<literal>rdisc</literal>) are going to be removed in the next
release. See
<link xlink:href="https://github.com/iputils/iputils/releases/tag/20211215">upstreams
release notes</link> for more details and available
replacements.
</para>
</listitem>
<listitem>
<para>
<literal>services.thelounge.private</literal> was removed in
@ -369,6 +525,11 @@
unmaintained
</para>
</listitem>
<listitem>
<para>
<literal>tilp2</literal> was removed together with its module
</para>
</listitem>
<listitem>
<para>
The options
@ -415,6 +576,20 @@
directly.
</para>
</listitem>
<listitem>
<para>
The existing <literal>pkgs.opentelemetry-collector</literal>
has been moved to
<literal>pkgs.opentelemetry-collector-contrib</literal> to
match the actual source being the <quote>contrib</quote>
edition. <literal>pkgs.opentelemetry-collector</literal> is
now the actual core release of opentelemetry-collector. If you
use the community contributions you should change the package
you refer to. If you dont need them update your commands from
<literal>otelcontribcol</literal> to
<literal>otelcorecol</literal> and enjoy a 7x smaller binary.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.noto-fonts-cjk</literal> is now deprecated in
@ -429,13 +604,58 @@
</listitem>
<listitem>
<para>
The interface that allows activation scripts to restart units
has been reworked. Restarting and reloading is now done by a
single file
<literal>/run/nixos/activation-restart-list</literal> that
honors <literal>restartIfChanged</literal> and
<literal>reloadIfChanged</literal> of the units.
<literal>switch-to-configuration</literal> (the script that is
run when running <literal>nixos-rebuild switch</literal> for
example) has been reworked
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
The interface that allows activation scripts to restart
units has been streamlined. Restarting and reloading is
now done by a single file
<literal>/run/nixos/activation-restart-list</literal> that
honors <literal>restartIfChanged</literal> and
<literal>reloadIfChanged</literal> of the units.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Preferring to reload instead of restarting can still
be achieved using
<literal>/run/nixos/activation-reload-list</literal>.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The script now uses a proper ini-file parser to parse
systemd units. Some values are now only searched in one
section instead of in the entire unit. This is only
relevant for units that dont use the NixOS systemd moule.
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>RefuseManualStop</literal>,
<literal>X-OnlyManualStart</literal>,
<literal>X-StopOnRemoval</literal>,
<literal>X-StopOnReconfiguration</literal> are only
searched in the <literal>[Unit]</literal> section
</para>
</listitem>
<listitem>
<para>
<literal>X-ReloadIfChanged</literal>,
<literal>X-RestartIfChanged</literal>,
<literal>X-StopIfChanged</literal> are only searched
in the <literal>[Service]</literal> section
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
@ -466,6 +686,20 @@
wrapper for <literal>assert</literal> conditions.
</para>
</listitem>
<listitem>
<para>
The <literal>vpnc</literal> package has been changed to use
GnuTLS instead of OpenSSL by default for licensing reasons.
</para>
</listitem>
<listitem>
<para>
<literal>pkgs.vimPlugins.onedark-nvim</literal> now refers to
<link xlink:href="https://github.com/navarasu/onedark.nvim">navarasu/onedark.nvim</link>
(formerly refers to
<link xlink:href="https://github.com/olimorris/onedarkpro.nvim">olimorris/onedarkpro.nvim</link>).
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-notable-changes">
@ -518,6 +752,29 @@
was added.
</para>
</listitem>
<listitem>
<para>
The configuration portion of the <literal>nix-daemon</literal>
module has been reworked and exposed as
<link xlink:href="options.html#opt-nix-settings">nix.settings</link>:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Legacy options have been mapped to the corresponding
options under under
<link xlink:href="options.html#opt-nix.settings">nix.settings</link>
but may be deprecated in the future.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="options.html#opt-nix.buildMachines.publicHostKey">nix.buildMachines.publicHostKey</link>
has been added.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The
@ -528,6 +785,19 @@
using the PyPy interpreter were added.
</para>
</listitem>
<listitem>
<para>
If you are using Wayland you can choose to use the Ozone
Wayland support in Chrome and several Electron apps by setting
the environment variable <literal>NIXOS_OZONE_WL=1</literal>
(for example via
<literal>environment.sessionVariables.NIXOS_OZONE_WL = &quot;1&quot;</literal>).
This is not enabled by default because Ozone Wayland is still
under heavy development and behavior is not always flawless.
Furthermore, not all Electron apps use the latest Electron
versions.
</para>
</listitem>
<listitem>
<para>
The <literal>influxdb2</literal> package was split into
@ -607,6 +877,21 @@
files.
</para>
</listitem>
<listitem>
<para>
A new option
<literal>boot.initrd.extraModprobeConfig</literal> has been
added which can be used to configure kernel modules that are
loaded in the initrd.
</para>
</listitem>
<listitem>
<para>
<literal>nixos-generate-config</literal> now puts the dhcp
configuration in <literal>hardware-configuration.nix</literal>
instead of <literal>configuration.nix</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>fetchFromSourcehut</literal> now allows fetching
@ -639,6 +924,14 @@
0042</link> configuration.
</para>
</listitem>
<listitem>
<para>
The default value for
<literal>programs.spacefm.settings.graphical_su</literal> got
unset. It previously pointed to <literal>gksu</literal> which
has been removed.
</para>
</listitem>
<listitem>
<para>
A new module was added for the
@ -648,6 +941,12 @@
<literal>programs.starship.settings</literal>.
</para>
</listitem>
<listitem>
<para>
The <link xlink:href="https://dino.im">Dino</link> XMPP client
was updated to 0.3, adding support for audio and video calls.
</para>
</listitem>
<listitem>
<para>
<literal>services.mattermost.plugins</literal> has been added
@ -691,6 +990,26 @@
warning.
</para>
</listitem>
<listitem>
<para>
The option
<link linkend="opt-services.networking.networkmanager.enableFccUnlock">services.networking.networkmanager.enableFccUnlock</link>
was added to support FCC unlock procedures. Since release
1.18.4, the ModemManager daemon no longer automatically
performs the FCC unlock procedure by default. See
<link xlink:href="https://modemmanager.org/docs/modemmanager/fcc-unlock/">the
docs</link> for more details.
</para>
</listitem>
<listitem>
<para>
<literal>programs.tmux</literal> has a new option
<literal>plugins</literal> that accepts a list of packages
from the <literal>tmuxPlugins</literal> group. The specified
packages are added to the system and loaded by
<literal>tmux</literal>.
</para>
</listitem>
</itemizedlist>
</section>
</section>

4
nixos/doc/manual/installation/installing-pxe.section.md
View File

@ -5,11 +5,11 @@ setup.
These instructions assume that you have an existing PXE or iPXE
infrastructure and simply want to add the NixOS installer as another
option. To build the necessary files from a recent version of nixpkgs,
option. To build the necessary files from your current version of nixpkgs,
you can run:
```ShellSession
nix-build -A netboot.x86_64-linux nixos/release.nix
nix-build -A netboot.x86_64-linux '<nixpkgs/nixos/release.nix>'
```
This will create a `result` directory containing: \* `bzImage` -- the

2
nixos/doc/manual/man-nixos-rebuild.xml
View File

@ -453,7 +453,7 @@
Allow ad-hoc remote builders for building the new system. This requires
the user executing <command>nixos-rebuild</command> (usually root) to be
configured as a trusted user in the Nix daemon. This can be achieved by
using the <literal>nix.trustedUsers</literal> NixOS option. Examples
using the <literal>nix.settings.trusted-users</literal> NixOS option. Examples
values for that option are described in the <literal>Remote builds
chapter</literal> in the Nix manual, (i.e. <command>--builders
"ssh://bigbrother x86_64-linux"</command>). By specifying an empty string

112
nixos/doc/manual/release-notes/rl-2205.section.md
View File

@ -17,6 +17,8 @@ In addition to numerous new and upgraded packages, this release has the followin
Migrations may take a while, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release)
and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html).
- systemd services can now set [systemd.services.\<name\>.reloadTriggers](#opt-systemd.services) instead of `reloadIfChanged` for a more granular distinction between reloads and restarts.
## New Services {#sec-release-22.05-new-services}
- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
@ -27,6 +29,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable).
- [apfs](https://github.com/linux-apfs/linux-apfs-rw), a kernel module for mounting the Apple File System (APFS).
- [FRRouting](https://frrouting.org/), a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VVRP and others). Available as [services.frr](#opt-services.ffr.babel.enable)
- [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](options.html#opt-services.heisenbridge.enable).
@ -35,6 +39,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
- [input-remapper](https://github.com/sezanzeb/input-remapper), an easy to use tool to change the mapping of your input device buttons. Available at [services.input-remapper](options.html#opt-services.input-remapper.enable).
- [InvoicePlane](https://invoiceplane.com), web application for managing and creating invoices. Available at [services.invoiceplane](options.html#opt-services.invoiceplane.enable).
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
@ -43,24 +49,36 @@ In addition to numerous new and upgraded packages, this release has the followin
- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable).
- [agate](https://github.com/mbrubeck/agate), a very simple server for the Gemini hypertext protocol. Available as [services.agate](options.html#opt-services.agate.enable).
- [ArchiSteamFarm](https://github.com/JustArchiNET/ArchiSteamFarm), a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Available as [services.archisteamfarm](options.html#opt-services.archisteamfarm.enable).
- [teleport](https://goteleport.com), allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. Available at [services.teleport](#opt-services.teleport.enable).
- [BaGet](https://loic-sharma.github.io/BaGet/), a lightweight NuGet and symbol server. Available at [services.baget](#opt-services.baget.enable).
- [moosefs](https://moosefs.com), fault tolerant petabyte distributed file system.
Available as [moosefs](#opt-services.moosefs).
- [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable).
- [ethercalc](https://github.com/audreyt/ethercalc), an online collaborative
spreadsheet. Available as [services.ethercalc](options.html#opt-services.ethercalc.enable).
- [timetagger](https://timetagger.app), an open source time-tracker with an intuitive user experience and powerful reporting. [services.timetagger](options.html#opt-services.timetagger.enable).
- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](options.html#opt-services.rstudio-server.enable).
- [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](options.html#opt-services.headscale.enable)
- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
This *only* makes a difference if you are cross-compiling and will
This _only_ makes a difference if you are cross-compiling and will
ensure that `pkgs.ghc` always runs on the host platform and compiles
for the target platform (similar to `pkgs.gcc` for example).
`haskellPackages.ghc` still behaves as before, running on the build
@ -71,6 +89,21 @@ In addition to numerous new and upgraded packages, this release has the followin
instead to ensure cross compilation keeps working (or switch to
`haskellPackages.callPackage`).
- `pkgs.ghc.withPackages` as well as `haskellPackages.ghcWithPackages` etc.
now needs be overridden directly, as opposed to overriding the result of
calling it. Additionally, the `withLLVM` parameter has been renamed to
`useLLVM`. So instead of `(ghc.withPackages (p: [])).override { withLLVM = true; }`,
one needs to use `(ghc.withPackages.override { useLLVM = true; }) (p: [])`.
- The `home-assistant` module now requires users that don't want their
configuration to be managed declaratively to set
`services.home-assistant.config = null;`. This is required
due to the way default settings are handled with the new settings style.
Additionally the default list of `extraComponents` now includes the minimal
dependencies to successfully complete the [onboarding](https://www.home-assistant.io/getting-started/onboarding/)
procedure.
- `pkgs.emacsPackages.orgPackages` is removed because org elpa is deprecated.
The packages in the top level of `pkgs.emacsPackages`, such as org and
org-contrib, refer to the ones in `pkgs.emacsPackages.elpaPackages` and
@ -78,6 +111,13 @@ In addition to numerous new and upgraded packages, this release has the followin
- `services.kubernetes.addons.dashboard` was removed due to it being an outdated version.
- `services.kubernetes.scheduler.{port,address}` now set `--secure-port` and `--bind-address` instead of `--port` and `--address`, since the former have been deprecated and are no longer functional in kubernetes>=1.23. Ensure that you are not relying on the insecure behaviour before upgrading.
- The DHCP server (`services.dhcpd4`, `services.dhcpd6`) has been hardened.
The service is now using the systemd's `DynamicUser` mechanism to run as an unprivileged dynamically-allocated user with limited capabilities.
The dhcpd state files are now always stored in `/var/lib/dhcpd{4,6}` and the `services.dhcpd4.stateDir` and `service.dhcpd6.stateDir` options have been removed.
If you were depending on root privileges or set{uid,gid,cap} binaries in dhcpd shell hooks, you may give dhcpd more capabilities with e.g. `systemd.services.dhcpd6.serviceConfig.AmbientCapabilities`.
- The `mailpile` email webclient (`services.mailpile`) has been removed due to its reliance on python2.
- The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs.
@ -90,8 +130,14 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `writers.writePython2` and corresponding `writers.writePython2Bin` convenience functions to create executable Python 2 scripts in the store were removed in preparation of removal of the Python 2 interpreter.
Scripts have to be converted to Python 3 for use with `writers.writePython3` or `writers.writePyPy2` needs to be used.
- `buildGoModule` was updated to use `go_1_17`, third party derivations that specify >= go 1.17 in the main `go.mod` will need to regenerate their `vendorSha256` hash.
- The `gnome-passwordsafe` package updated to [version 6.x](https://gitlab.gnome.org/World/secrets/-/tags/6.0) and renamed to `gnome-secrets`.
- If you previously used `/etc/docker/daemon.json`, you need to incorporate the changes into the new option `virtualisation.docker.daemon.settings`.
- Ntopng (`services.ntopng`) is updated to 5.2.1 and uses a separate Redis instance if `system.stateVersion` is at least `22.05`. Existing setups shouldn't be affected.
- The backward compatibility in `services.wordpress` to configure sites with
the old interface has been removed. Please use `services.wordpress.sites`
instead.
@ -116,26 +162,48 @@ In addition to numerous new and upgraded packages, this release has the followin
- `idris2` now requires `--package` when using packages `contrib` and `network`, while previously these idris2 packages were automatically loaded.
- The iputils package, which is installed by default, no longer provides the
legacy tools `tftpd` and `traceroute6`. More tools (`ninfod`, `rarpd`, and
`rdisc`) are going to be removed in the next release. See
[upstream's release notes](https://github.com/iputils/iputils/releases/tag/20211215)
for more details and available replacements.
- `services.thelounge.private` was removed in favor of `services.thelounge.public`, to follow with upstream changes.
- `pkgs.docbookrx` was removed since it's unmaintained
- `tilp2` was removed together with its module
- The options `networking.interfaces.<name>.ipv4.routes` and `networking.interfaces.<name>.ipv6.routes` are no longer ignored when using networkd instead of the default scripted network backend by setting `networking.useNetworkd` to `true`.
- MultiMC has been replaced with the fork PolyMC due to upstream developers being hostile to 3rd party package maintainers. PolyMC removes all MultiMC branding and is aimed at providing proper 3rd party packages like the one contained in Nixpkgs. This change affects the data folder where game instances and other save and configuration files are stored. Users with existing installations should rename `~/.local/share/multimc` to `~/.local/share/polymc`. The main config file's path has also moved from `~/.local/share/multimc/multimc.cfg` to `~/.local/share/polymc/polymc.cfg`.
- The terraform 0.12 compatibility has been removed and the `terraform.withPlugins` and `terraform-providers.mkProvider` implementations simplified. Providers now need to be stored under
`$out/libexec/terraform-providers/<registry>/<owner>/<name>/<version>/<os>_<arch>/terraform-provider-<name>_v<version>` (which mkProvider does).
This breaks back-compat so it's not possible to mix-and-match with previous versions of nixpkgs. In exchange, it now becomes possible to use the providers from [nixpkgs-terraform-providers-bin](https://github.com/numtide/nixpkgs-terraform-providers-bin) directly.
- The existing `pkgs.opentelemetry-collector` has been moved to
`pkgs.opentelemetry-collector-contrib` to match the actual source being the
"contrib" edition. `pkgs.opentelemetry-collector` is now the actual core
release of opentelemetry-collector. If you use the community contributions
you should change the package you refer to. If you don't need them update your
commands from `otelcontribcol` to `otelcorecol` and enjoy a 7x smaller binary.
- `pkgs.noto-fonts-cjk` is now deprecated in favor of `pkgs.noto-fonts-cjk-sans`
and `pkgs.noto-fonts-cjk-serif` because they each have different release
schedules. To maintain compatibility with prior releases of Nixpkgs,
`pkgs.noto-fonts-cjk` is currently an alias of `pkgs.noto-fonts-cjk-sans` and
doesn't include serif fonts.
- The interface that allows activation scripts to restart units has been reworked. Restarting and reloading is now done by a single file `/run/nixos/activation-restart-list` that honors `restartIfChanged` and `reloadIfChanged` of the units.
- `switch-to-configuration` (the script that is run when running `nixos-rebuild switch` for example) has been reworked
* The interface that allows activation scripts to restart units has been streamlined. Restarting and reloading is now done by a single file `/run/nixos/activation-restart-list` that honors `restartIfChanged` and `reloadIfChanged` of the units.
* Preferring to reload instead of restarting can still be achieved using `/run/nixos/activation-reload-list`.
* The script now uses a proper ini-file parser to parse systemd units. Some values are now only searched in one section instead of in the entire unit. This is only relevant for units that don't use the NixOS systemd moule.
* `RefuseManualStop`, `X-OnlyManualStart`, `X-StopOnRemoval`, `X-StopOnReconfiguration` are only searched in the `[Unit]` section
* `X-ReloadIfChanged`, `X-RestartIfChanged`, `X-StopIfChanged` are only searched in the `[Service]` section
- The `services.bookstack.cacheDir` option has been removed, since the
cache directory is now handled by systemd.
@ -147,6 +215,11 @@ In addition to numerous new and upgraded packages, this release has the followin
- `lib.assertMsg` and `lib.assertOneOf` no longer return `false` if the passed condition is `false`, `throw`ing the given error message instead (which makes the resulting error message less cluttered). This will not impact the behaviour of code using these functions as intended, namely as top-level wrapper for `assert` conditions.
- The `vpnc` package has been changed to use GnuTLS instead of OpenSSL by default for licensing reasons.
- `pkgs.vimPlugins.onedark-nvim` now refers to [navarasu/onedark.nvim](https://github.com/navarasu/onedark.nvim)
(formerly refers to [olimorris/onedarkpro.nvim](https://github.com/olimorris/onedarkpro.nvim)).
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Other Notable Changes {#sec-release-22.05-notable-changes}
@ -171,14 +244,26 @@ In addition to numerous new and upgraded packages, this release has the followin
to allow users to make changes to the `nixos-rebuild build-vm` configuration
that do not apply to their normal system.
The `config.system.build.vm` attribute now always exists and defaults to the
The `config.system.build.vm` attribute now always exists and defaults to the
value from `vmVariant`. Configurations that import the `virtualisation/qemu-vm.nix`
module themselves will override this value, such that `vmVariant` is not used.
Similarly [virtualisation.vmVariantWithBootloader](#opt-virtualisation.vmVariantWithBootLoader) was added.
- The configuration portion of the `nix-daemon` module has been reworked and exposed as [nix.settings](options.html#opt-nix-settings):
* Legacy options have been mapped to the corresponding options under under [nix.settings](options.html#opt-nix.settings) but may be deprecated in the future.
* [nix.buildMachines.publicHostKey](options.html#opt-nix.buildMachines.publicHostKey) has been added.
- The `writers.writePyPy2`/`writers.writePyPy3` and corresponding `writers.writePyPy2Bin`/`writers.writePyPy3Bin` convenience functions to create executable Python 2/3 scripts using the PyPy interpreter were added.
- If you are using Wayland you can choose to use the Ozone Wayland support
in Chrome and several Electron apps by setting the environment variable
`NIXOS_OZONE_WL=1` (for example via
`environment.sessionVariables.NIXOS_OZONE_WL = "1"`).
This is not enabled by default because Ozone Wayland is
still under heavy development and behavior is not always flawless.
Furthermore, not all Electron apps use the latest Electron versions.
- The `influxdb2` package was split into `influxdb2-server` and
`influxdb2-cli`, matching the split that took place upstream. A
combined `influxdb2` package is still provided in this release for
@ -211,6 +296,10 @@ In addition to numerous new and upgraded packages, this release has the followin
- The option `services.duplicati.dataDir` has been added to allow changing the location of duplicati's files.
- A new option `boot.initrd.extraModprobeConfig` has been added which can be used to configure kernel modules that are loaded in the initrd.
- `nixos-generate-config` now puts the dhcp configuration in `hardware-configuration.nix` instead of `configuration.nix`.
- `fetchFromSourcehut` now allows fetching repositories recursively
using `fetchgit` or `fetchhg` if the argument `fetchSubmodules`
is set to `true`.
@ -221,18 +310,31 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `services.mbpfan` module was converted to a [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) configuration.
- The default value for `programs.spacefm.settings.graphical_su` got unset. It previously pointed to `gksu` which has been removed.
- A new module was added for the [Starship](https://starship.rs/) shell prompt,
providing the options `programs.starship.enable` and `programs.starship.settings`.
- The [Dino](https://dino.im) XMPP client was updated to 0.3, adding support for audio and video calls.
- `services.mattermost.plugins` has been added to allow the declarative installation of Mattermost plugins.
Plugins are automatically repackaged using autoPatchelf.
- The `zrepl` package has been updated from 0.4.0 to 0.5:
* The RPC protocol version was bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume.
* A bug involving encrypt-on-receive has been fixed. Read the [zrepl documentation](https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder) and check the output of `zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS` on the receiver.
- The RPC protocol version was bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume.
- A bug involving encrypt-on-receive has been fixed. Read the [zrepl documentation](https://zrepl.github.io/configuration/sendrecvoptions.html#job-recv-options-placeholder) and check the output of `zfs get -r encryption,zrepl:placeholder PATH_TO_ROOTFS` on the receiver.
- Renamed option `services.openssh.challengeResponseAuthentication` to `services.openssh.kbdInteractiveAuthentication`.
Reason is that the old name has been deprecated upstream.
Using the old option name will still work, but produce a warning.
- The option
[services.networking.networkmanager.enableFccUnlock](#opt-services.networking.networkmanager.enableFccUnlock)
was added to support FCC unlock procedures. Since release 1.18.4, the ModemManager
daemon no longer automatically performs the FCC unlock procedure by default. See
[the docs](https://modemmanager.org/docs/modemmanager/fcc-unlock/) for more details.
- `programs.tmux` has a new option `plugins` that accepts a list of packages from the `tmuxPlugins` group. The specified packages are added to the system and loaded by `tmux`.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

14
nixos/lib/eval-config.nix
View File

@ -21,6 +21,7 @@ evalConfigArgs@
, # !!! See comment about args in lib/modules.nix
specialArgs ? {}
, modules
, modulesLocation ? (builtins.unsafeGetAttrPos "modules" evalConfigArgs).file or null
, # !!! See comment about check in lib/modules.nix
check ? true
, prefix ? []
@ -74,7 +75,18 @@ let
_module.check = lib.mkDefault check;
};
};
allUserModules = modules ++ legacyModules;
allUserModules =
let
# Add the invoking file (or specified modulesLocation) as error message location
# for modules that don't have their own locations; presumably inline modules.
locatedModules =
if modulesLocation == null then
modules
else
map (lib.setDefaultModuleLocation modulesLocation) modules;
in
locatedModules ++ legacyModules;
noUserModules = evalModulesMinimal ({
inherit prefix specialArgs;

2
nixos/lib/qemu-common.nix
View File

@ -22,7 +22,7 @@ rec {
else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'";
qemuBinary = qemuPkg: {
x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu qemu64";
x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu max";
armv7l-linux = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host";
aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host";
powerpc64le-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv";

3
nixos/lib/systemd-lib.nix
View File

@ -11,6 +11,9 @@ in rec {
mkPathSafeName = lib.replaceChars ["@" ":" "\\" "[" "]"] ["-" "-" "-" "" ""];
# a type for options that take a unit name
unitNameType = types.strMatching "[a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)";
makeUnit = name: unit:
if unit.enable then
pkgs.runCommand "unit-${mkPathSafeName name}"

42
nixos/lib/systemd-unit-options.nix
View File

@ -45,7 +45,7 @@ in rec {
requiredBy = mkOption {
default = [];
type = types.listOf types.str;
type = types.listOf unitNameType;
description = ''
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under <literal>wantedBy</literal>
@ -56,7 +56,7 @@ in rec {
wantedBy = mkOption {
default = [];
type = types.listOf types.str;
type = types.listOf unitNameType;
description = ''
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
@ -73,7 +73,7 @@ in rec {
aliases = mkOption {
default = [];
type = types.listOf types.str;
type = types.listOf unitNameType;
description = "Aliases of that unit.";
};
@ -98,7 +98,7 @@ in rec {
description = mkOption {
default = "";
type = types.str;
type = types.singleLineStr;
description = "Description of this unit used in systemd messages and progress indicators.";
};
@ -110,7 +110,7 @@ in rec {
requires = mkOption {
default = [];
type = types.listOf types.str;
type = types.listOf unitNameType;
description = ''
Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
@ -119,7 +119,7 @@ in rec {
wants = mkOption {
default = [];
type = types.listOf types.str;
type = types.listOf unitNameType;
description = ''
Start the specified units when this unit is started.
'';
@ -127,7 +127,7 @@ in rec {
after = mkOption {
default = [];
type = types.listOf types.str;
type = types.listOf unitNameType;
description = ''
If the specified units are started at the same time as
this unit, delay this unit until they have started.
@ -136,7 +136,7 @@ in rec {
before = mkOption {
default = [];
type = types.listOf types.str;
type = types.listOf unitNameType;
description = ''
If the specified units are started at the same time as
this unit, delay them until this unit has started.
@ -145,7 +145,7 @@ in rec {
bindsTo = mkOption {
default = [];
type = types.listOf types.str;
type = types.listOf unitNameType;
description = ''
Like requires, but in addition, if the specified units
unexpectedly disappear, this unit will be stopped as well.
@ -154,7 +154,7 @@ in rec {
partOf = mkOption {
default = [];
type = types.listOf types.str;
type = types.listOf unitNameType;
description = ''
If the specified units are stopped or restarted, then this
unit is stopped or restarted as well.
@ -163,7 +163,7 @@ in rec {
conflicts = mkOption {
default = [];
type = types.listOf types.str;
type = types.listOf unitNameType;
description = ''
If the specified units are started, then this unit is stopped
and vice versa.
@ -172,7 +172,7 @@ in rec {
requisite = mkOption {
default = [];
type = types.listOf types.str;
type = types.listOf unitNameType;
description = ''
Similar to requires. However if the units listed are not started,
they will not be started and the transaction will fail.
@ -201,9 +201,20 @@ in rec {
'';
};
reloadTriggers = mkOption {
default = [];
type = types.listOf unitOption;
description = ''
An arbitrary list of items such as derivations. If any item
in the list changes between reconfigurations, the service will
be reloaded. If anything but a reload trigger changes in the
unit file, the unit will be restarted instead.
'';
};
onFailure = mkOption {
default = [];
type = types.listOf types.str;
type = types.listOf unitNameType;
description = ''
A list of one or more units that are activated when
this unit enters the "failed" state.
@ -338,6 +349,11 @@ in rec {
configuration switch if its definition has changed. If
enabled, the value of <option>restartIfChanged</option> is
ignored.
This option should not be used anymore in favor of
<option>reloadTriggers</option> which allows more granular
control of when a service is reloaded and when a service
is restarted.
'';
};

34
nixos/lib/test-driver/test_driver/__init__.py
View File

@ -33,6 +33,22 @@ class EnvDefault(argparse.Action):
setattr(namespace, self.dest, values)
def writeable_dir(arg: str) -> Path:
"""Raises an ArgumentTypeError if the given argument isn't a writeable directory
Note: We want to fail as early as possible if a directory isn't writeable,
since an executed nixos-test could fail (very late) because of the test-driver
writing in a directory without proper permissions.
"""
path = Path(arg)
if not path.is_dir():
raise argparse.ArgumentTypeError("{0} is not a directory".format(path))
if not os.access(path, os.W_OK):
raise argparse.ArgumentTypeError(
"{0} is not a writeable directory".format(path)
)
return path
def main() -> None:
arg_parser = argparse.ArgumentParser(prog="nixos-test-driver")
arg_parser.add_argument(
@ -45,7 +61,7 @@ def main() -> None:
"-I",
"--interactive",
help="drop into a python repl and run the tests interactively",
action="store_true",
action=argparse.BooleanOptionalAction,
)
arg_parser.add_argument(
"--start-scripts",
@ -63,6 +79,14 @@ def main() -> None:
nargs="*",
help="vlans to span by the driver",
)
arg_parser.add_argument(
"-o",
"--output_directory",
help="""The path to the directory where outputs copied from the VM will be placed.
By e.g. Machine.copy_from_vm or Machine.screenshot""",
default=Path.cwd(),
type=writeable_dir,
)
arg_parser.add_argument(
"testscript",
action=EnvDefault,
@ -77,7 +101,11 @@ def main() -> None:
rootlog.info("Machine state will be reset. To keep it, pass --keep-vm-state")
with Driver(
args.start_scripts, args.vlans, args.testscript.read_text(), args.keep_vm_state
args.start_scripts,
args.vlans,
args.testscript.read_text(),
args.output_directory.resolve(),
args.keep_vm_state,
) as driver:
if args.interactive:
ptpython.repl.embed(driver.test_symbols(), {})
@ -94,7 +122,7 @@ def generate_driver_symbols() -> None:
in user's test scripts. That list is then used by pyflakes to lint those
scripts.
"""
d = Driver([], [], "")
d = Driver([], [], "", Path())
test_symbols = d.test_symbols()
with open("driver-symbols", "w") as fp:
fp.write(",".join(test_symbols.keys()))

33
nixos/lib/test-driver/test_driver/driver.py
View File

@ -10,6 +10,28 @@ from test_driver.vlan import VLan
from test_driver.polling_condition import PollingCondition
def get_tmp_dir() -> Path:
"""Returns a temporary directory that is defined by TMPDIR, TEMP, TMP or CWD
Raises an exception in case the retrieved temporary directory is not writeable
See https://docs.python.org/3/library/tempfile.html#tempfile.gettempdir
"""
tmp_dir = Path(tempfile.gettempdir())
tmp_dir.mkdir(mode=0o700, exist_ok=True)
if not tmp_dir.is_dir():
raise NotADirectoryError(
"The directory defined by TMPDIR, TEMP, TMP or CWD: {0} is not a directory".format(
tmp_dir
)
)
if not os.access(tmp_dir, os.W_OK):
raise PermissionError(
"The directory defined by TMPDIR, TEMP, TMP, or CWD: {0} is not writeable".format(
tmp_dir
)
)
return tmp_dir
class Driver:
"""A handle to the driver that sets up the environment
and runs the tests"""
@ -24,12 +46,13 @@ class Driver:
start_scripts: List[str],
vlans: List[int],
tests: str,
out_dir: Path,
keep_vm_state: bool = False,
):
self.tests = tests
self.out_dir = out_dir
tmp_dir = Path(os.environ.get("TMPDIR", tempfile.gettempdir()))
tmp_dir.mkdir(mode=0o700, exist_ok=True)
tmp_dir = get_tmp_dir()
with rootlog.nested("start all VLans"):
self.vlans = [VLan(nr, tmp_dir) for nr in vlans]
@ -47,6 +70,7 @@ class Driver:
name=cmd.machine_name,
tmp_dir=tmp_dir,
callbacks=[self.check_polling_conditions],
out_dir=self.out_dir,
)
for cmd in cmd(start_scripts)
]
@ -141,8 +165,8 @@ class Driver:
"Using legacy create_machine(), please instantiate the"
"Machine class directly, instead"
)
tmp_dir = Path(os.environ.get("TMPDIR", tempfile.gettempdir()))
tmp_dir.mkdir(mode=0o700, exist_ok=True)
tmp_dir = get_tmp_dir()
if args.get("startCommand"):
start_command: str = args.get("startCommand", "")
@ -154,6 +178,7 @@ class Driver:
return Machine(
tmp_dir=tmp_dir,
out_dir=self.out_dir,
start_command=cmd,
name=name,
keep_vm_state=args.get("keep_vm_state", False),

22
nixos/lib/test-driver/test_driver/machine.py
View File

@ -241,9 +241,15 @@ class LegacyStartCommand(StartCommand):
cdrom: Optional[str] = None,
usb: Optional[str] = None,
bios: Optional[str] = None,
qemuBinary: Optional[str] = None,
qemuFlags: Optional[str] = None,
):
self._cmd = "qemu-kvm -m 384"
if qemuBinary is not None:
self._cmd = qemuBinary
else:
self._cmd = "qemu-kvm"
self._cmd += " -m 384"
# networking
net_backend = "-netdev user,id=net0"
@ -297,6 +303,7 @@ class Machine:
the machine lifecycle with the help of a start script / command."""
name: str
out_dir: Path
tmp_dir: Path
shared_dir: Path
state_dir: Path
@ -325,6 +332,7 @@ class Machine:
def __init__(
self,
out_dir: Path,
tmp_dir: Path,
start_command: StartCommand,
name: str = "machine",
@ -332,6 +340,7 @@ class Machine:
allow_reboot: bool = False,
callbacks: Optional[List[Callable]] = None,
) -> None:
self.out_dir = out_dir
self.tmp_dir = tmp_dir
self.keep_vm_state = keep_vm_state
self.allow_reboot = allow_reboot
@ -378,6 +387,7 @@ class Machine:
cdrom=args.get("cdrom"),
usb=args.get("usb"),
bios=args.get("bios"),
qemuBinary=args.get("qemuBinary"),
qemuFlags=args.get("qemuFlags"),
)
@ -540,11 +550,11 @@ class Machine:
Should only be used during test development, not in the production test."""
self.connect()
self.log("Terminal is ready (there is no prompt):")
self.log("Terminal is ready (there is no initial prompt):")
assert self.shell
subprocess.run(
["socat", "READLINE", f"FD:{self.shell.fileno()}"],
["socat", "READLINE,prompt=$ ", f"FD:{self.shell.fileno()}"],
pass_fds=[self.shell.fileno()],
)
@ -702,10 +712,9 @@ class Machine:
self.connected = True
def screenshot(self, filename: str) -> None:
out_dir = os.environ.get("out", os.getcwd())
word_pattern = re.compile(r"^\w+$")
if word_pattern.match(filename):
filename = os.path.join(out_dir, "{}.png".format(filename))
filename = os.path.join(self.out_dir, "{}.png".format(filename))
tmp = "{}.ppm".format(filename)
with self.nested(
@ -756,7 +765,6 @@ class Machine:
all the VMs (using a temporary directory).
"""
# Compute the source, target, and intermediate shared file names
out_dir = Path(os.environ.get("out", os.getcwd()))
vm_src = Path(source)
with tempfile.TemporaryDirectory(dir=self.shared_dir) as shared_td:
shared_temp = Path(shared_td)
@ -766,7 +774,7 @@ class Machine:
# Copy the file to the shared directory inside VM
self.succeed(make_command(["mkdir", "-p", vm_shared_temp]))
self.succeed(make_command(["cp", "-r", vm_src, vm_intermediate]))
abs_target = out_dir / target_dir / vm_src.name
abs_target = self.out_dir / target_dir / vm_src.name
abs_target.parent.mkdir(exist_ok=True, parents=True)
# Copy the file from the shared directory outside VM
if intermediate.is_dir():

7
nixos/lib/testing-python.nix
View File

@ -30,7 +30,7 @@ rec {
# effectively mute the XMLLogger
export LOGFILE=/dev/null
${driver}/bin/nixos-test-driver
${driver}/bin/nixos-test-driver -o $out
'';
passthru = driver.passthru // {
@ -51,6 +51,7 @@ rec {
, enableOCR ? false
, skipLint ? false
, passthru ? {}
, interactive ? false
}:
let
# Reifies and correctly wraps the python test driver for
@ -139,7 +140,8 @@ rec {
wrapProgram $out/bin/nixos-test-driver \
--set startScripts "''${vmStartScripts[*]}" \
--set testScript "$out/test-script" \
--set vlans '${toString vlans}'
--set vlans '${toString vlans}' \
${lib.optionalString (interactive) "--add-flags --interactive"}
'');
# Make a full-blown test
@ -217,6 +219,7 @@ rec {
testName = name;
qemu_pkg = pkgs.qemu;
nodes = nodes pkgs.qemu;
interactive = true;
};
test =

9
nixos/lib/utils.nix
View File

@ -149,10 +149,16 @@ rec {
if [[ -h '${output}' ]]; then
rm '${output}'
fi
inherit_errexit_restore=$(shopt -p inherit_errexit)
shopt -s inherit_errexit
''
+ concatStringsSep
"\n"
(imap1 (index: name: "export secret${toString index}=$(<'${secrets.${name}}')")
(imap1 (index: name: ''
secret${toString index}=$(<'${secrets.${name}}')
export secret${toString index}
'')
(attrNames secrets))
+ "\n"
+ "${pkgs.jq}/bin/jq >'${output}' '"
@ -164,6 +170,7 @@ rec {
' <<'EOF'
${builtins.toJSON set}
EOF
$inherit_errexit_restore
'';
systemdUtils = {

2
nixos/maintainers/scripts/azure-new/examples/basic/system.nix
View File

@ -17,7 +17,7 @@ in
description = "Azure NixOS Test User";
openssh.authorizedKeys.keys = [ (builtins.readFile ~/.ssh/id_ed25519.pub) ];
};
nix.trustedUsers = [ username ];
nix.settings.trusted-users = [ username ];
virtualisation.azureImage.diskSize = 2500;

36
nixos/modules/config/users-groups.nix
View File

@ -449,16 +449,10 @@ in {
imports = [
(mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ])
(mkAliasOptionModule [ "users" "extraGroups" ] [ "users" "groups" ])
(mkChangedOptionModule
[ "security" "initialRootPassword" ]
[ "users" "users" "root" "initialHashedPassword" ]
(cfg: if cfg.security.initialRootPassword == "!"
then null
else cfg.security.initialRootPassword))
(mkRenamedOptionModule ["security" "initialRootPassword"] ["users" "users" "root" "initialHashedPassword"])
];
###### interface
options = {
users.mutableUsers = mkOption {
@ -526,6 +520,17 @@ in {
'';
};
users.allowNoPasswordLogin = mkOption {
type = types.bool;
default = false;
description = ''
Disable checking that at least the <literal>root</literal> user or a user in the <literal>wheel</literal> group can log in using
a password or an SSH key.
WARNING: enabling this can lock you out of your system. Enable this only if you know what are you doing.
'';
};
};
@ -540,6 +545,7 @@ in {
home = "/root";
shell = mkDefault cfg.defaultUserShell;
group = "root";
initialHashedPassword = mkDefault "!";
};
nobody = {
uid = ids.uids.nobody;
@ -616,9 +622,11 @@ in {
# there is at least one "privileged" account that has a
# password or an SSH authorized key. Privileged accounts are
# root and users in the wheel group.
assertion = !cfg.mutableUsers ->
any id ((mapAttrsToList (_: cfg:
(cfg.name == "root"
# The check does not apply when users.disableLoginPossibilityAssertion
# The check does not apply when users.mutableUsers
assertion = !cfg.mutableUsers -> !cfg.allowNoPasswordLogin ->
any id (mapAttrsToList (name: cfg:
(name == "root"
|| cfg.group == "wheel"
|| elem "wheel" cfg.extraGroups)
&&
@ -627,12 +635,16 @@ in {
|| cfg.passwordFile != null
|| cfg.openssh.authorizedKeys.keys != []
|| cfg.openssh.authorizedKeys.keyFiles != [])
) cfg.users) ++ [
) cfg.users ++ [
config.security.googleOsLogin.enable
]);
message = ''
Neither the root account nor any wheel user has a password or SSH authorized key.
You must set one to prevent being locked out of your system.'';
You must set one to prevent being locked out of your system.
If you really want to be locked out of your system, set users.allowNoPasswordLogin = true;
However you are most probably better off by setting users.mutableUsers = true; and
manually running passwd root to set the root password.
'';
}
] ++ flatten (flip mapAttrsToList cfg.users (name: user:
[

35
nixos/modules/config/xdg/portal.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs ,lib ,... }:
{ config, pkgs, lib, ... }:
with lib;
@ -13,13 +13,13 @@ with lib;
options.xdg.portal = {
enable =
mkEnableOption "<link xlink:href='https://github.com/flatpak/xdg-desktop-portal'>xdg desktop integration</link>"//{
mkEnableOption "<link xlink:href='https://github.com/flatpak/xdg-desktop-portal'>xdg desktop integration</link>" // {
default = false;
};
extraPortals = mkOption {
type = types.listOf types.package;
default = [];
default = [ ];
description = ''
List of additional portals to add to path. Portals allow interaction
with system, like choosing files or taking screenshots. At minimum,
@ -46,25 +46,36 @@ with lib;
let
cfg = config.xdg.portal;
packages = [ pkgs.xdg-desktop-portal ] ++ cfg.extraPortals;
joinedPortals = pkgs.symlinkJoin {
joinedPortals = pkgs.buildEnv {
name = "xdg-portals";
paths = cfg.extraPortals;
paths = packages;
pathsToLink = [ "/share/xdg-desktop-portal/portals" "/share/applications" ];
};
in mkIf cfg.enable {
in
mkIf cfg.enable {
assertions = [
{ assertion = (cfg.gtkUsePortal -> cfg.extraPortals != []);
message = "Setting xdg.portal.gtkUsePortal to true requires a portal implementation in xdg.portal.extraPortals such as xdg-desktop-portal-gtk or xdg-desktop-portal-kde.";
{
assertion = cfg.extraPortals != [ ];
message = "Setting xdg.portal.enable to true requires a portal implementation in xdg.portal.extraPortals such as xdg-desktop-portal-gtk or xdg-desktop-portal-kde.";
}
];
services.dbus.packages = packages;
services.dbus.packages = packages;
systemd.packages = packages;
environment.sessionVariables = {
GTK_USE_PORTAL = mkIf cfg.gtkUsePortal "1";
XDG_DESKTOP_PORTAL_DIR = "${joinedPortals}/share/xdg-desktop-portal/portals";
environment = {
# fixes screen sharing on plasmawayland on non-chromium apps by linking
# share/applications/*.desktop files
# see https://github.com/NixOS/nixpkgs/issues/145174
systemPackages = [ joinedPortals ];
pathsToLink = [ "/share/applications" ];
sessionVariables = {
GTK_USE_PORTAL = mkIf cfg.gtkUsePortal "1";
XDG_DESKTOP_PORTAL_DIR = "${joinedPortals}/share/xdg-desktop-portal/portals";
};
};
};
}

3
nixos/modules/hardware/all-firmware.nix
View File

@ -57,7 +57,6 @@ in {
rtl8723bs-firmware
rtl8761b-firmware
rtw88-firmware
rtw89-firmware
zd1211fw
alsa-firmware
sof-firmware
@ -65,6 +64,8 @@ in {
] ++ optional (pkgs.stdenv.hostPlatform.isAarch32 || pkgs.stdenv.hostPlatform.isAarch64) raspberrypiWirelessFirmware
++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [
rtl8723bs-firmware
] ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "5.16") [
rtw89-firmware
];
hardware.wirelessRegulatoryDatabase = true;
})

4
nixos/modules/hardware/network/b43.nix
View File

@ -24,10 +24,6 @@ let kernelVersion = config.boot.kernelPackages.kernel.version; in
###### implementation
config = mkIf config.networking.enableB43Firmware {
assertions = singleton
{ assertion = lessThan 0 (builtins.compareVersions kernelVersion "3.2");
message = "b43 firmware for kernels older than 3.2 not packaged yet!";
};
hardware.firmware = [ pkgs.b43Firmware_5_1_138 ];
};

5
nixos/modules/hardware/video/capture/mwprocapture.nix
View File

@ -16,11 +16,6 @@ in
config = mkIf cfg.enable {
assertions = singleton {
assertion = versionAtLeast kernelPackages.kernel.version "3.2";
message = "Magewell Pro Capture family module is not supported for kernels older than 3.2";
};
boot.kernelModules = [ "ProCapture" ];
environment.systemPackages = [ kernelPackages.mwprocapture ];

5
nixos/modules/hardware/video/nvidia.nix
View File

@ -178,11 +178,6 @@ in
igpuBusId = if pCfg.intelBusId != "" then pCfg.intelBusId else pCfg.amdgpuBusId;
in mkIf enabled {
assertions = [
{
assertion = with config.services.xserver.displayManager; (gdm.enable && gdm.nvidiaWayland) -> cfg.modesetting.enable;
message = "You cannot use wayland with GDM without modesetting enabled for NVIDIA drivers, set `hardware.nvidia.modesetting.enable = true`";
}
{
assertion = primeEnabled -> pCfg.intelBusId == "" || pCfg.amdgpuBusId == "";
message = ''

10
nixos/modules/installer/tools/nix-fallback-paths.nix
View File

@ -1,7 +1,7 @@
{
x86_64-linux = "/nix/store/hapw7q1fkjxvprnkcgw9ppczavg4daj2-nix-2.4";
i686-linux = "/nix/store/8qlvh8pp5j8wgrzj3is2jlbhgrwgsiy9-nix-2.4";
aarch64-linux = "/nix/store/h48lkygcqj4hdibbdnpl67q7ks6vkrd6-nix-2.4";
x86_64-darwin = "/nix/store/c3mvzszvyzakvcp9spnjvsb8m2bpjk7m-nix-2.4";
aarch64-darwin = "/nix/store/hbfqs62r0hga2yr4zi5kc7fzhf71bq9n-nix-2.4";
x86_64-linux = "/nix/store/67amfijcvhqfgz4bwf2izsvbnklwjbvk-nix-2.6.0";
i686-linux = "/nix/store/kinl99f619b2xsma4qnzhidbp65axyzm-nix-2.6.0";
aarch64-linux = "/nix/store/8zpm63nn7k4n1alp9a0fcilpgc8j014z-nix-2.6.0";
x86_64-darwin = "/nix/store/hw5v03wnc0k1pwgiyhblwlxb1fx5zyx8-nix-2.6.0";
aarch64-darwin = "/nix/store/669p1vjnzi56fib98qczwlaglcwcnip4-nix-2.6.0";
}

3
nixos/modules/installer/tools/nixos-build-vms/build-vms.nix
View File

@ -25,4 +25,7 @@ pkgs.runCommand "nixos-build-vms" { nativeBuildInputs = [ pkgs.makeWrapper ]; }
ln -s ${interactiveDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms
wrapProgram $out/bin/nixos-test-driver \
--add-flags "--interactive"
wrapProgram $out/bin/nixos-run-vms \
--set testScript "${pkgs.writeText "start-all" "start_all(); join_all();"}" \
--add-flags "--no-interactive"
''

13
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -279,7 +279,7 @@ if (`lsblk -o TYPE` =~ "lvm") {
push @initrdKernelModules, "dm-snapshot";
}
my $virt = `systemd-detect-virt`;
my $virt = `@detectvirt@`;
chomp $virt;
@ -398,7 +398,7 @@ foreach my $fs (read_file("/proc/self/mountinfo")) {
# Maybe this is a bind-mount of a filesystem we saw earlier?
if (defined $fsByDev{$fields[2]}) {
# Make sure this isn't a btrfs subvolume.
my $msg = `btrfs subvol show $rootDir$mountPoint`;
my $msg = `@btrfs@ subvol show $rootDir$mountPoint`;
if ($? != 0 || $msg =~ /ERROR:/s) {
my $path = $fields[3]; $path = "" if $path eq "/";
my $base = $fsByDev{$fields[2]};
@ -436,7 +436,7 @@ EOF
# Is this a btrfs filesystem?
if ($fsType eq "btrfs") {
my ($status, @info) = runCommand("btrfs subvol show $rootDir$mountPoint");
my ($status, @info) = runCommand("@btrfs@ subvol show $rootDir$mountPoint");
if ($status != 0 || join("", @info) =~ /ERROR:/) {
die "Failed to retrieve subvolume info for $mountPoint\n";
}
@ -558,6 +558,8 @@ if (!$noFilesystems) {
$fsAndSwap .= "swapDevices =" . multiLineList(" ", @swapDevices) . ";\n";
}
my $networkingDhcpConfig = generateNetworkingDhcpConfig();
my $hwConfig = <<EOF;
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
@ -572,6 +574,7 @@ my $hwConfig = <<EOF;
boot.kernelModules = [$kernelModules ];
boot.extraModulePackages = [$modulePackages ];
$fsAndSwap
$networkingDhcpConfig
${\join "", (map { " $_\n" } (uniq @attrs))}}
EOF
@ -580,13 +583,13 @@ sub generateNetworkingDhcpConfig {
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.useDHCP = lib.mkDefault false;
EOF
foreach my $path (glob "/sys/class/net/*") {
my $dev = basename($path);
if ($dev ne "lo") {
$config .= " networking.interfaces.$dev.useDHCP = true;\n";
$config .= " networking.interfaces.$dev.useDHCP = lib.mkDefault true;\n";
}
}

12
nixos/modules/installer/tools/tools.nix
View File

@ -33,8 +33,9 @@ let
nixos-generate-config = makeProg {
name = "nixos-generate-config";
src = ./nixos-generate-config.pl;
path = lib.optionals (lib.elem "btrfs" config.boot.supportedFilesystems) [ pkgs.btrfs-progs ];
perl = "${pkgs.perl.withPackages (p: [ p.FileSlurp ])}/bin/perl";
detectvirt = "${pkgs.systemd}/bin/systemd-detect-virt";
btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
inherit (config.system.nixos-generate-config) configuration desktopConfiguration;
xserverEnabled = config.services.xserver.enable;
};
@ -133,12 +134,13 @@ in
$bootLoaderConfig
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
$networkingDhcpConfig
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password\@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@ -148,6 +150,7 @@ in
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
$xserverConfig
@ -155,7 +158,10 @@ in
$desktopConfiguration
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
# services.printing.enable = true;

2
nixos/modules/installer/virtualbox-demo.nix
View File

@ -25,7 +25,7 @@ with lib;
installer.cloneConfigExtra = ''
# Let demo build as a trusted user.
# nix.trustedUsers = [ "demo" ];
# nix.settings.trusted-users = [ "demo" ];
# Mount a VirtualBox shared folder.
# This is configurable in the VirtualBox menu at

76
nixos/modules/misc/documentation.nix
View File

@ -61,85 +61,17 @@ let
in scrubbedEval.options;
baseOptionsJSON =
let
filterIntoStore =
filter =
builtins.filterSource
(n: t:
(t == "directory" -> baseNameOf n != "tests")
&& (t == "file" -> hasSuffix ".nix" n)
);
# Figure out if Nix runs in pure evaluation mode. May return true in
# impure mode, but this is highly unlikely.
# We need to know because of https://github.com/NixOS/nix/issues/1888
# and https://github.com/NixOS/nix/issues/5868
isPureEval = builtins.getEnv "PATH" == "" && builtins.getEnv "_" == "";
# Return a nixpkgs subpath with minimal copying.
#
# The sources for the base options json derivation can come in one of
# two forms:
# - single source: a store path with all of nixpkgs, postfix with
# subpaths to access various directories. This has the benefit of
# not creating copies of these subtrees in the Nix store, but
# can cause unnecessary rebuilds if you update the Nixpkgs `pkgs`
# tree often.
# - split sources: multiple store paths with subdirectories of
# nixpkgs that exclude the bulk of the pkgs directory.
# This requires more copying and hashing during evaluation but
# requires fewer files to be copied. This method produces fewer
# unnecessary rebuilds of the base options json.
#
# Flake
#
# Flakes always put a copy of the full nixpkgs sources in the store,
# so we can use the "single source" method. This method is ideal
# for using nixpkgs as a dependency, as the base options json will be
# substitutable from cache.nixos.org.
#
# This requires that the `self.outPath` is wired into `pkgs` correctly,
# which is done for you if `pkgs` comes from the `lib.nixosSystem` or
# `legacyPackages` flake attributes.
#
# Other Nixpkgs invocation
#
# If you do not use the known-correct flake attributes, but rather
# invoke Nixpkgs yourself, set `config.path` to the correct path value,
# e.g. `import nixpkgs { config.path = nixpkgs; }`.
#
# Choosing between single or split source paths
#
# We make assumptions based on the type and contents of `pkgs.path`.
# By passing a different `config.path` to Nixpkgs, you can influence
# how your documentation cache is evaluated and rebuilt.
#
# Single source
# - If pkgs.path is a string containing a store path, the code has no
# choice but to create this store path, if it hasn't already been.
# We assume that the "single source" method is most efficient.
# - If pkgs.path is a path value containing that is a store path,
# we try to convert it to a string with context without copying.
# This occurs for example when nixpkgs was fetched and using its
# default `config.path`, which is `./.`.
# Nix currently does not allow this conversion when evaluating in
# pure mode. If the conversion is not possible, we use the
# "split source" method.
#
# Split source
# - If pkgs.path is a path value that is not a store path, we assume
# that it's unlikely for all of nixpkgs to end up in the store for
# other reasons and try to keep both the copying and rebuilds low.
pull =
if builtins.typeOf pkgs.path == "string" && isStorePath pkgs.path then
dir: "${pkgs.path}/${dir}"
else if !isPureEval && isStorePath pkgs.path then
dir: "${builtins.storePath pkgs.path}/${dir}"
else
dir: filterIntoStore "${toString pkgs.path}/${dir}";
in
pkgs.runCommand "lazy-options.json" {
libPath = pull "lib";
pkgsLibPath = pull "pkgs/pkgs-lib";
nixosPath = pull "nixos";
libPath = filter "${toString pkgs.path}/lib";
pkgsLibPath = filter "${toString pkgs.path}/pkgs/pkgs-lib";
nixosPath = filter "${toString pkgs.path}/nixos";
modules = map (p: ''"${removePrefix "${modulesPath}/" (toString p)}"'') docModules.lazy;
} ''
export NIX_STORE_DIR=$TMPDIR/store

2
nixos/modules/misc/nixpkgs.nix
View File

@ -59,8 +59,6 @@ let
inherit (cfg) config overlays localSystem crossSystem;
};
# NOTE: flake.nix assumes that nixpkgs.config is only used with ../../..
# as nixpkgs.config.path should be equivalent to ../../..
finalPkgs = if opt.pkgs.isDefined then cfg.pkgs.appendOverlays cfg.overlays else defaultPkgs;
in

18
nixos/modules/module-list.nix
View File

@ -203,7 +203,6 @@
./programs/sway.nix
./programs/system-config-printer.nix
./programs/thefuck.nix
./programs/tilp2.nix
./programs/tmux.nix
./programs/traceroute.nix
./programs/tsm-client.nix
@ -357,7 +356,6 @@
./services/desktops/cpupower-gui.nix
./services/desktops/dleyna-renderer.nix
./services/desktops/dleyna-server.nix
./services/desktops/pantheon/files.nix
./services/desktops/espanso.nix
./services/desktops/flatpak.nix
./services/desktops/geoclue2.nix
@ -452,6 +450,7 @@
./services/hardware/undervolt.nix
./services/hardware/vdr.nix
./services/hardware/xow.nix
./services/home-automation/home-assistant.nix
./services/logging/SystemdJournal2Gelf.nix
./services/logging/awstats.nix
./services/logging/filebeat.nix
@ -547,8 +546,8 @@
./services/misc/headphones.nix
./services/misc/heisenbridge.nix
./services/misc/greenclip.nix
./services/misc/home-assistant.nix
./services/misc/ihaskell.nix
./services/misc/input-remapper.nix
./services/misc/irkerd.nix
./services/misc/jackett.nix
./services/misc/jellyfin.nix
@ -597,6 +596,7 @@
./services/misc/redmine.nix
./services/misc/rippled.nix
./services/misc/ripple-data-api.nix
./services/misc/rmfakecloud.nix
./services/misc/serviio.nix
./services/misc/safeeyes.nix
./services/misc/sdrplay.nix
@ -684,6 +684,7 @@
./services/network-filesystems/litestream/default.nix
./services/network-filesystems/netatalk.nix
./services/network-filesystems/nfsd.nix
./services/network-filesystems/moosefs.nix
./services/network-filesystems/openafs/client.nix
./services/network-filesystems/openafs/server.nix
./services/network-filesystems/orangefs/server.nix
@ -717,6 +718,7 @@
./services/networking/bird.nix
./services/networking/bitlbee.nix
./services/networking/blockbook-frontend.nix
./services/networking/blocky.nix
./services/networking/charybdis.nix
./services/networking/cjdns.nix
./services/networking/cntlm.nix
@ -760,10 +762,10 @@
./services/networking/go-neb.nix
./services/networking/go-shadowsocks2.nix
./services/networking/gobgpd.nix
./services/networking/gogoclient.nix
./services/networking/gvpe.nix
./services/networking/hans.nix
./services/networking/haproxy.nix
./services/networking/headscale.nix
./services/networking/hostapd.nix
./services/networking/htpdate.nix
./services/networking/hylafax/default.nix
@ -852,7 +854,6 @@
./services/networking/quassel.nix
./services/networking/quorum.nix
./services/networking/quicktun.nix
./services/networking/racoon.nix
./services/networking/radicale.nix
./services/networking/radvd.nix
./services/networking/rdnssd.nix
@ -915,6 +916,7 @@
./services/networking/vsftpd.nix
./services/networking/wasabibackend.nix
./services/networking/websockify.nix
./services/networking/wg-netmanager.nix
./services/networking/wg-quick.nix
./services/networking/wireguard.nix
./services/networking/wpa_supplicant.nix
@ -1006,6 +1008,7 @@
./services/web-apps/documize.nix
./services/web-apps/dokuwiki.nix
./services/web-apps/engelsystem.nix
./services/web-apps/ethercalc.nix
./services/web-apps/fluidd.nix
./services/web-apps/galene.nix
./services/web-apps/gerrit.nix
@ -1055,6 +1058,7 @@
./services/web-apps/wordpress.nix
./services/web-apps/youtrack.nix
./services/web-apps/zabbix.nix
./services/web-servers/agate.nix
./services/web-servers/apache-httpd/default.nix
./services/web-servers/caddy/default.nix
./services/web-servers/darkhttpd.nix
@ -1074,7 +1078,6 @@
./services/web-servers/phpfpm/default.nix
./services/web-servers/pomerium.nix
./services/web-servers/unit/default.nix
./services/web-servers/shellinabox.nix
./services/web-servers/tomcat.nix
./services/web-servers/traefik.nix
./services/web-servers/trafficserver/default.nix
@ -1157,12 +1160,13 @@
./system/boot/systemd-nspawn.nix
./system/boot/timesyncd.nix
./system/boot/tmp.nix
./system/etc/etc.nix
./system/etc/etc-activation.nix
./tasks/auto-upgrade.nix
./tasks/bcache.nix
./tasks/cpu-freq.nix
./tasks/encrypted-devices.nix
./tasks/filesystems.nix
./tasks/filesystems/apfs.nix
./tasks/filesystems/bcachefs.nix
./tasks/filesystems/btrfs.nix
./tasks/filesystems/cifs.nix

2
nixos/modules/profiles/hardened.nix
View File

@ -17,7 +17,7 @@ with lib;
boot.kernelPackages = mkDefault pkgs.linuxPackages_hardened;
nix.allowedUsers = mkDefault [ "@users" ];
nix.settings.allowed-users = mkDefault [ "@users" ];
environment.memoryAllocator.provider = mkDefault "scudo";
environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";

2
nixos/modules/programs/calls.nix
View File

@ -14,6 +14,8 @@ in {
};
config = mkIf cfg.enable {
programs.dconf.enable = true;
environment.systemPackages = [
pkgs.calls
];

40
nixos/modules/programs/command-not-found/command-not-found.pl
View File

@ -21,11 +21,24 @@ my $res = $dbh->selectall_arrayref(
"select package from Programs where system = ? and name = ?",
{ Slice => {} }, $system, $program);
if (!defined $res || scalar @$res == 0) {
my $len = !defined $res ? 0 : scalar @$res;
if ($len == 0) {
print STDERR "$program: command not found\n";
} elsif (scalar @$res == 1) {
} elsif ($len == 1) {
my $package = @$res[0]->{package};
if ($ENV{"NIX_AUTO_RUN"} // "") {
if ($ENV{"NIX_AUTO_RUN_INTERACTIVE"} // "") {
while (1) {
print STDERR "'$program' from package '$package' will be run, confirm? [yn]: ";
chomp(my $comfirm = <STDIN>);
if (lc $comfirm eq "n") {
exit 0;
} elsif (lc $comfirm eq "y") {
last;
}
}
}
exec("nix-shell", "-p", $package, "--run", shell_quote("exec", @ARGV));
} else {
print STDERR <<EOF;
@ -35,11 +48,30 @@ ephemeral shell by typing:
EOF
}
} else {
print STDERR <<EOF;
if ($ENV{"NIX_AUTO_RUN"} // "") {
print STDERR "Select a package that provides '$program':\n";
for my $i (0 .. $len - 1) {
print STDERR " [", $i + 1, "]: @$res[$i]->{package}\n";
}
my $choice = 0;
while (1) { # exec will break this loop
no warnings "numeric";
print STDERR "Your choice [1-${len}]: ";
# 0 can be invalid user input like non-number string
# so we start from 1
$choice = <STDIN> + 0;
if (1 <= $choice && $choice <= $len) {
exec("nix-shell", "-p", @$res[$choice - 1]->{package},
"--run", shell_quote("exec", @ARGV));
}
}
} else {
print STDERR <<EOF;
The program '$program' is not in your PATH. It is provided by several packages.
You can make it available in an ephemeral shell by typing one of the following:
EOF
print STDERR " nix-shell -p $_->{package}\n" foreach @$res;
print STDERR " nix-shell -p $_->{package}\n" foreach @$res;
}
}
exit 127;

2
nixos/modules/programs/dconf.nix
View File

@ -60,7 +60,7 @@ in
environment.systemPackages = [ pkgs.dconf ];
# Needed for unwrapped applications
environment.variables.GIO_EXTRA_MODULES = mkIf cfg.enable [ "${pkgs.dconf.lib}/lib/gio/modules" ];
environment.sessionVariables.GIO_EXTRA_MODULES = mkIf cfg.enable [ "${pkgs.dconf.lib}/lib/gio/modules" ];
};
}

2
nixos/modules/programs/spacefm.nix
View File

@ -27,13 +27,11 @@ in
default = {
tmp_dir = "/tmp";
terminal_su = "${pkgs.sudo}/bin/sudo";
graphical_su = "${pkgs.gksu}/bin/gksu";
};
defaultText = literalExpression ''
{
tmp_dir = "/tmp";
terminal_su = "''${pkgs.sudo}/bin/sudo";
graphical_su = "''${pkgs.gksu}/bin/gksu";
}
'';
description = ''

28
nixos/modules/programs/tilp2.nix
View File

@ -1,28 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.tilp2;
in {
options.programs.tilp2 = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable tilp2 and udev rules for supported calculators.
'';
};
};
config = mkIf cfg.enable {
services.udev.packages = [
pkgs.libticables2
];
environment.systemPackages = [
pkgs.tilp2
];
};
}

15
nixos/modules/programs/tmux.nix
View File

@ -52,6 +52,12 @@ let
set -s escape-time ${toString cfg.escapeTime}
set -g history-limit ${toString cfg.historyLimit}
${lib.optionalString (cfg.plugins != []) ''
# Run plugins
${lib.concatMapStringsSep "\n" (x: "run-shell ${x.rtp}") cfg.plugins}
''}
${cfg.extraConfig}
'';
@ -165,6 +171,13 @@ in {
downside it doesn't survive user logout.
'';
};
plugins = mkOption {
default = [];
type = types.listOf types.package;
description = "List of plugins to install.";
example = lib.literalExpression "[ pkgs.tmuxPlugins.nord ]";
};
};
};
@ -174,7 +187,7 @@ in {
environment = {
etc."tmux.conf".text = tmuxConf;
systemPackages = [ pkgs.tmux ];
systemPackages = [ pkgs.tmux ] ++ cfg.plugins;
variables = {
TMUX_TMPDIR = lib.optional cfg.secureSocket ''''${XDG_RUNTIME_DIR:-"/run/user/$(id -u)"}'';

11
nixos/modules/rename.nix
View File

@ -32,6 +32,7 @@ with lib;
'')
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
(mkRemovedOptionModule [ "networking" "wicd" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "programs" "tilp2" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "programs" "way-cooler" ] ("way-cooler is abandoned by its author: " +
"https://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html"))
(mkRemovedOptionModule [ "security" "hideProcessInformation" ] ''
@ -59,6 +60,9 @@ with lib;
(mkRemovedOptionModule [ "services" "moinmoin" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mwlib" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "osquery" ] "The osquery module has been removed")
(mkRemovedOptionModule [ "services" "pantheon" "files" ] ''
This module was removed, please add pkgs.pantheon.elementary-files to environment.systemPackages directly.
'')
(mkRemovedOptionModule [ "services" "prey" ] ''
prey-bash-client is deprecated upstream
'')
@ -80,6 +84,13 @@ with lib;
libinput and synaptics.
'')
(mkRemovedOptionModule [ "virtualisation" "rkt" ] "The rkt module has been removed, it was archived by upstream")
(mkRemovedOptionModule [ "services" "racoon" ] ''
The racoon module has been removed, because the software project was abandoned upstream.
'')
(mkRemovedOptionModule [ "services" "shellinabox" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "gogoclient" ] "The corresponding package was removed from nixpkgs.")
# Do NOT add any option renames here, see top of the file
];

9
nixos/modules/security/google_oslogin.nix
View File

@ -5,7 +5,7 @@ with lib;
let
cfg = config.security.googleOsLogin;
package = pkgs.google-compute-engine-oslogin;
package = pkgs.google-guest-oslogin;
in
@ -17,7 +17,7 @@ in
type = types.bool;
default = false;
description = ''
Whether to enable Google OS Login
Whether to enable Google OS Login.
The OS Login package enables the following components:
AuthorizedKeysCommand to query valid SSH keys from the user's OS Login
@ -36,7 +36,7 @@ in
security.pam.services.sshd = {
makeHomeDir = true;
googleOsLoginAccountVerification = true;
# disabled for now: googleOsLoginAuthentication = true;
googleOsLoginAuthentication = true;
};
security.sudo.extraConfig = ''
@ -47,6 +47,9 @@ in
"d /var/google-users.d 750 root root -"
];
systemd.packages = [ package ];
systemd.timers.google-oslogin-cache.wantedBy = [ "timers.target" ];
# enable the nss module, so user lookups etc. work
system.nssModules = [ package ];
system.nssDatabases.passwd = [ "cache_oslogin" "oslogin" ];

4
nixos/modules/security/misc.nix
View File

@ -123,8 +123,8 @@ with lib;
boot.kernel.sysctl."user.max_user_namespaces" = 0;
assertions = [
{ assertion = config.nix.useSandbox -> config.security.allowUserNamespaces;
message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`.";
{ assertion = config.nix.settings.sandbox -> config.security.allowUserNamespaces;
message = "`nix.settings.sandbox = true` conflicts with `!security.allowUserNamespaces`.";
}
];
})

14
nixos/modules/security/pam.nix
View File

@ -444,15 +444,15 @@ let
account sufficient ${pam_krb5}/lib/security/pam_krb5.so
'' +
optionalString cfg.googleOsLoginAccountVerification ''
account [success=ok ignore=ignore default=die] ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_login.so
account [success=ok default=ignore] ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_admin.so
account [success=ok ignore=ignore default=die] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_login.so
account [success=ok default=ignore] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_admin.so
'' +
''
# Authentication management.
'' +
optionalString cfg.googleOsLoginAuthentication ''
auth [success=done perm_denied=bad default=ignore] ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_login.so
auth [success=done perm_denied=die default=ignore] ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_login.so
'' +
optionalString cfg.rootOK ''
auth sufficient pam_rootok.so
@ -1035,7 +1035,7 @@ in
setuid = true;
owner = "root";
group = "root";
source = "${pkgs.pam}/sbin/unix_chkpwd.orig";
source = "${pkgs.pam}/bin/unix_chkpwd";
};
};
@ -1091,11 +1091,11 @@ in
mr ${pam_ccreds}/lib/security/pam_ccreds.so,
'' +
optionalString (isEnabled (cfg: cfg.googleOsLoginAccountVerification)) ''
mr ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_login.so,
mr ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_admin.so,
mr ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_login.so,
mr ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_admin.so,
'' +
optionalString (isEnabled (cfg: cfg.googleOsLoginAuthentication)) ''
mr ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_login.so,
mr ${pkgs.google-guest-oslogin}/lib/security/pam_oslogin_login.so,
'' +
optionalString (config.security.pam.enableSSHAgentAuth
&& isEnabled (cfg: cfg.sshAgentAuth)) ''

1
nixos/modules/security/wrappers/default.nix
View File

@ -92,7 +92,6 @@ let
, permissions
, ...
}:
assert (lib.versionAtLeast (lib.getVersion config.boot.kernelPackages.kernel) "4.3");
''
cp ${securityWrapper}/bin/security-wrapper "$wrapperDir/${program}"
echo -n "${source}" > "$wrapperDir/${program}.real"

9
nixos/modules/services/audio/jmusicbot.nix
View File

@ -9,6 +9,13 @@ in
services.jmusicbot = {
enable = mkEnableOption "jmusicbot, a Discord music bot that's easy to set up and run yourself";
package = mkOption {
type = types.package;
default = pkgs.jmusicbot;
defaultText = literalExpression "pkgs.jmusicbot";
description = "JMusicBot package to use";
};
stateDir = mkOption {
type = types.path;
description = ''
@ -27,7 +34,7 @@ in
after = [ "network-online.target" ];
description = "Discord music bot that's easy to set up and run yourself!";
serviceConfig = mkMerge [{
ExecStart = "${pkgs.jmusicbot}/bin/JMusicBot";
ExecStart = "${cfg.package}/bin/JMusicBot";
WorkingDirectory = cfg.stateDir;
Restart = "always";
RestartSec = 20;

3
nixos/modules/services/backup/mysql-backup.nix
View File

@ -113,9 +113,10 @@ in
};
};
services.mysql-backup = {
description = "Mysql backup service";
description = "MySQL backup service";
enable = true;
serviceConfig = {
Type = "oneshot";
User = cfg.user;
};
script = backupScript;

4
nixos/modules/services/cluster/kubernetes/scheduler.nix
View File

@ -66,12 +66,12 @@ in
serviceConfig = {
Slice = "kubernetes.slice";
ExecStart = ''${top.package}/bin/kube-scheduler \
--address=${cfg.address} \
--bind-address=${cfg.address} \
${optionalString (cfg.featureGates != [])
"--feature-gates=${concatMapStringsSep "," (feature: "${feature}=true") cfg.featureGates}"} \
--kubeconfig=${top.lib.mkKubeConfig "kube-scheduler" cfg.kubeconfig} \
--leader-elect=${boolToString cfg.leaderElect} \
--port=${toString cfg.port} \
--secure-port=${toString cfg.port} \
${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
${cfg.extraOpts}
'';

9
nixos/modules/services/computing/slurm/slurm.nix
View File

@ -362,6 +362,7 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "systemd-tmpfiles-clean.service" ];
requires = [ "network.target" ];
serviceConfig = {
Type = "forking";
@ -371,12 +372,12 @@ in
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
LimitMEMLOCK = "infinity";
};
preStart = ''
mkdir -p /var/spool
'';
};
systemd.tmpfiles.rules = mkIf cfg.client.enable [
"d /var/spool/slurmd 755 root root -"
];
services.openssh.forwardX11 = mkIf cfg.client.enable (mkDefault true);
systemd.services.slurmctld = mkIf (cfg.server.enable) {

1
nixos/modules/services/continuous-integration/github-runner.nix
View File

@ -208,6 +208,7 @@ in
token=$(< "$STATE_DIRECTORY"/${newConfigTokenFilename})
RUNNER_ROOT="$STATE_DIRECTORY" ${cfg.package}/bin/config.sh \
--unattended \
--disableupdate \
--work "$RUNTIME_DIRECTORY" \
--url ${escapeShellArg cfg.url} \
--token "$token" \

2
nixos/modules/services/continuous-integration/gitlab-runner.nix
View File

@ -147,7 +147,7 @@ in
concurrent = mkOption {
type = types.int;
default = 1;
example = literalExpression "config.nix.maxJobs";
example = literalExpression "config.nix.settings.max-jobs";
description = ''
Limits how many jobs globally can be run concurrently.
The most upper limit of jobs using all defined runners.

2
nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix
View File

@ -67,7 +67,7 @@ in
# Trusted user allows simplified configuration and better performance
# when operating in a cluster.
nix.trustedUsers = [ config.systemd.services.hercules-ci-agent.serviceConfig.User ];
nix.settings.trusted-users = [ config.systemd.services.hercules-ci-agent.serviceConfig.User ];
services.hercules-ci-agent = {
settings = {
nixUserIsTrusted = true;

25
nixos/modules/services/continuous-integration/hydra/default.nix
View File

@ -258,8 +258,6 @@ in
uid = config.ids.uids.hydra-www;
};
nix.trustedUsers = [ "hydra-queue-runner" ];
services.hydra.extraConfig =
''
using_frontend_proxy = 1
@ -277,16 +275,21 @@ in
environment.variables = hydraEnv;
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
nix.settings = mkMerge [
{
keep-outputs = true;
keep-derivations = true;
trusted-users = [ "hydra-queue-runner" ];
}
'' + optionalString (versionOlder (getVersion config.nix.package.out) "2.4pre") ''
# The default (`true') slows Nix down a lot since the build farm
# has so many GC roots.
gc-check-reachability = false
'';
(mkIf (versionOlder (getVersion config.nix.package.out) "2.4pre")
{
# The default (`true') slows Nix down a lot since the build farm
# has so many GC roots.
gc-check-reachability = false;
}
)
];
systemd.services.hydra-init =
{ wantedBy = [ "multi-user.target" ];

2
nixos/modules/services/desktops/gnome/glib-networking.nix
View File

@ -38,7 +38,7 @@ with lib;
systemd.packages = [ pkgs.glib-networking ];
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.glib-networking.out}/lib/gio/modules" ];
environment.sessionVariables.GIO_EXTRA_MODULES = [ "${pkgs.glib-networking.out}/lib/gio/modules" ];
};

2
nixos/modules/services/desktops/gvfs.nix
View File

@ -57,7 +57,7 @@ in
services.udev.packages = [ pkgs.libmtp.out ];
# Needed for unwrapped applications
environment.variables.GIO_EXTRA_MODULES = [ "${cfg.package}/lib/gio/modules" ];
environment.sessionVariables.GIO_EXTRA_MODULES = [ "${cfg.package}/lib/gio/modules" ];
};

13
nixos/modules/services/desktops/pantheon/files.nix
View File

@ -1,13 +0,0 @@
# pantheon files daemon.
{ config, pkgs, lib, ... }:
with lib;
{
imports = [
(mkRemovedOptionModule [ "services" "pantheon" "files" "enable" ] "Use `environment.systemPackages [ pkgs.pantheon.elementary-files ];`")
];
}

3
nixos/modules/services/hardware/ddccontrol.nix
View File

@ -20,6 +20,9 @@ in
###### implementation
config = lib.mkIf cfg.enable {
# Load the i2c-dev module
boot.kernelModules = [ "i2c_dev" ];
# Give users access to the "gddccontrol" tool
environment.systemPackages = [
pkgs.ddccontrol

2
nixos/modules/services/hardware/triggerhappy.nix
View File

@ -70,7 +70,7 @@ in
type = types.listOf (types.submodule bindingCfg);
default = [];
example = lib.literalExpression ''
[ { keys = ["PLAYPAUSE"]; cmd = "''${pkgs.mpc_cli}/bin/mpc -q toggle"; } ]
[ { keys = ["PLAYPAUSE"]; cmd = "''${pkgs.mpc-cli}/bin/mpc -q toggle"; } ]
'';
description = ''
Key bindings for <command>triggerhappy</command>.

3
nixos/modules/services/hardware/udev.nix
View File

@ -317,7 +317,8 @@ in
(isYes "NET")
];
boot.extraModprobeConfig = "options firmware_class path=${config.hardware.firmware}/lib/firmware";
# We don't place this into `extraModprobeConfig` so that stage-1 ramdisk doesn't bloat.
environment.etc."modprobe.d/firmware.conf".text = "options firmware_class path=${config.hardware.firmware}/lib/firmware";
system.activationScripts.udevd =
''

4
nixos/modules/services/hardware/undervolt.nix
View File

@ -164,8 +164,6 @@ in
environment.systemPackages = [ cfg.package ];
systemd.services.undervolt = {
path = [ pkgs.undervolt ];
description = "Intel Undervolting Service";
# Apply undervolt on boot, nixos generation switch and resume
@ -175,7 +173,7 @@ in
serviceConfig = {
Type = "oneshot";
Restart = "no";
ExecStart = "${pkgs.undervolt}/bin/undervolt ${toString cliArgs}";
ExecStart = "${cfg.package}/bin/undervolt ${toString cliArgs}";
};
};

12
nixos/modules/services/hardware/upower.nix
View File

@ -155,8 +155,8 @@ in
default = 1200;
description = ''
When <literal>usePercentageForPolicy</literal> is
<literal>false</literal>, the time remaining at which UPower will
consider the battery low.
<literal>false</literal>, the time remaining in seconds at which
UPower will consider the battery low.
If any value (of <literal>timeLow</literal>,
<literal>timeCritical</literal> and <literal>timeAction</literal>) is
@ -169,8 +169,8 @@ in
default = 300;
description = ''
When <literal>usePercentageForPolicy</literal> is
<literal>false</literal>, the time remaining at which UPower will
consider the battery critical.
<literal>false</literal>, the time remaining in seconds at which
UPower will consider the battery critical.
If any value (of <literal>timeLow</literal>,
<literal>timeCritical</literal> and <literal>timeAction</literal>) is
@ -183,8 +183,8 @@ in
default = 120;
description = ''
When <literal>usePercentageForPolicy</literal> is
<literal>false</literal>, the time remaining at which UPower will
take action for the critical battery level.
<literal>false</literal>, the time remaining in seconds at which
UPower will take action for the critical battery level.
If any value (of <literal>timeLow</literal>,
<literal>timeCritical</literal> and <literal>timeAction</literal>) is

361
nixos/modules/services/misc/home-assistant.nix → nixos/modules/services/home-automation/home-assistant.nix
View File

@ -4,35 +4,27 @@ with lib;
let
cfg = config.services.home-assistant;
format = pkgs.formats.yaml {};
# cfg.config != null can be assumed here
configJSON = pkgs.writeText "configuration.json"
(builtins.toJSON (if cfg.applyDefaultConfig then
(recursiveUpdate defaultConfig cfg.config) else cfg.config));
# Render config attribute sets to YAML
# Values that are null will be filtered from the output, so this is one way to have optional
# options shown in settings.
# We post-process the result to add support for YAML functions, like secrets or includes, see e.g.
# https://www.home-assistant.io/docs/configuration/secrets/
filteredConfig = lib.converge (lib.filterAttrsRecursive (_: v: ! elem v [ null ])) cfg.config or {};
configFile = pkgs.runCommand "configuration.yaml" { preferLocalBuild = true; } ''
${pkgs.remarshal}/bin/json2yaml -i ${configJSON} -o $out
# Hack to support custom yaml objects,
# i.e. secrets: https://www.home-assistant.io/docs/configuration/secrets/
cp ${format.generate "configuration.yaml" filteredConfig} $out
sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out
'';
lovelaceConfig = cfg.lovelaceConfig or {};
lovelaceConfigFile = format.generate "ui-lovelace.yaml" lovelaceConfig;
lovelaceConfigJSON = pkgs.writeText "ui-lovelace.json"
(builtins.toJSON cfg.lovelaceConfig);
lovelaceConfigFile = pkgs.runCommand "ui-lovelace.yaml" { preferLocalBuild = true; } ''
${pkgs.remarshal}/bin/json2yaml -i ${lovelaceConfigJSON} -o $out
'';
# Components advertised by the home-assistant package
availableComponents = cfg.package.availableComponents;
# Components that were added by overriding the package
explicitComponents = cfg.package.extraComponents;
usedPlatforms = config:
if isAttrs config then
optional (config ? platform) config.platform
++ concatMap usedPlatforms (attrValues config)
else if isList config then
concatMap usedPlatforms config
else [ ];
useExplicitComponent = component: elem component explicitComponents;
# Given a component "platform", looks up whether it is used in the config
# as `platform = "platform";`.
@ -42,33 +34,45 @@ let
# platform = "mqtt";
# ...
# } ];
usedPlatforms = config:
if isAttrs config then
optional (config ? platform) config.platform
++ concatMap usedPlatforms (attrValues config)
else if isList config then
concatMap usedPlatforms config
else [ ];
useComponentPlatform = component: elem component (usedPlatforms cfg.config);
useExplicitComponent = component: elem component explicitComponents;
# Returns whether component is used in config or explicitly passed into package
# Returns whether component is used in config, explicitly passed into package or
# configured in the module.
useComponent = component:
hasAttrByPath (splitString "." component) cfg.config
|| useComponentPlatform component
|| useExplicitComponent component;
|| useExplicitComponent component
|| builtins.elem component cfg.extraComponents;
# List of components used in config
# Final list of components passed into the package to include required dependencies
extraComponents = filter useComponent availableComponents;
package = if (cfg.autoExtraComponents && cfg.config != null)
then (cfg.package.override { inherit extraComponents; })
else cfg.package;
# If you are changing this, please update the description in applyDefaultConfig
defaultConfig = {
homeassistant.time_zone = config.time.timeZone;
http.server_port = cfg.port;
} // optionalAttrs (cfg.lovelaceConfig != null) {
lovelace.mode = "yaml";
};
package = (cfg.package.override (oldArgs: {
# Respect overrides that already exist in the passed package and
# concat it with values passed via the module.
extraComponents = oldArgs.extraComponents or [] ++ extraComponents;
extraPackages = ps: (oldArgs.extraPackages or (_: []) ps) ++ (cfg.extraPackages ps);
}));
in {
meta.maintainers = teams.home-assistant.members;
imports = [
# Migrations in NixOS 22.05
(mkRemovedOptionModule [ "services" "home-assistant" "applyDefaultConfig" ] "The default config was migrated into services.home-assistant.config")
(mkRemovedOptionModule [ "services" "home-assistant" "autoExtraComponents" ] "Components are now parsed from services.home-assistant.config unconditionally")
(mkRenamedOptionModule [ "services" "home-assistant" "port" ] [ "services" "home-assistant" "config" "http" "server_port" ])
];
meta = {
buildDocsInSandbox = false;
maintainers = teams.home-assistant.members;
};
options.services.home-assistant = {
# Running home-assistant on NixOS is considered an installation method that is unsupported by the upstream project.
@ -81,42 +85,166 @@ in {
description = "The config directory, where your <filename>configuration.yaml</filename> is located.";
};
port = mkOption {
default = 8123;
type = types.port;
description = "The port on which to listen.";
extraComponents = mkOption {
type = types.listOf (types.enum availableComponents);
default = [
# List of components required to complete the onboarding
"default_config"
"met"
"esphome"
] ++ optionals (pkgs.stdenv.hostPlatform.isAarch32 || pkgs.stdenv.hostPlatform.isAarch64) [
# Use the platform as an indicator that we might be running on a RaspberryPi and include
# relevant components
"rpi_power"
];
example = literalExpression ''
[
"analytics"
"default_config"
"esphome"
"my"
"shopping_list"
"wled"
]
'';
description = ''
List of <link xlink:href="https://www.home-assistant.io/integrations/">components</link> that have their dependencies included in the package.
The component name can be found in the URL, for example <literal>https://www.home-assistant.io/integrations/ffmpeg/</literal> would map to <literal>ffmpeg</literal>.
'';
};
applyDefaultConfig = mkOption {
default = true;
type = types.bool;
extraPackages = mkOption {
type = types.functionTo (types.listOf types.package);
default = _: [];
defaultText = literalExpression ''
python3Packages: with python3Packages; [];
'';
example = literalExpression ''
python3Packages: with python3Packages; [
# postgresql support
psycopg2
];
'';
description = ''
Setting this option enables a few configuration options for HA based on NixOS configuration (such as time zone) to avoid having to manually specify configuration we already have.
</para>
<para>
Currently one side effect of enabling this is that the <literal>http</literal> component will be enabled.
</para>
<para>
This only takes effect if <literal>config != null</literal> in order to ensure that a manually managed <filename>configuration.yaml</filename> is not overwritten.
List of packages to add to propagatedBuildInputs.
A popular example is <package>python3Packages.psycopg2</package>
for PostgreSQL support in the recorder component.
'';
};
config = mkOption {
default = null;
# Migrate to new option types later: https://github.com/NixOS/nixpkgs/pull/75584
type = with lib.types; let
valueType = nullOr (oneOf [
bool
int
float
str
(lazyAttrsOf valueType)
(listOf valueType)
]) // {
description = "Yaml value";
emptyValue.value = {};
type = types.submodule {
freeformType = format.type;
options = {
# This is a partial selection of the most common options, so new users can quickly
# pick up how to match home-assistants config structure to ours. It also lets us preset
# config values intelligently.
homeassistant = {
# https://www.home-assistant.io/docs/configuration/basic/
name = mkOption {
type = types.nullOr types.str;
default = null;
example = "Home";
description = ''
Name of the location where Home Assistant is running.
'';
};
latitude = mkOption {
type = types.nullOr (types.either types.float types.str);
default = null;
example = 52.3;
description = ''
Latitude of your location required to calculate the time the sun rises and sets.
'';
};
longitude = mkOption {
type = types.nullOr (types.either types.float types.str);
default = null;
example = 4.9;
description = ''
Longitude of your location required to calculate the time the sun rises and sets.
'';
};
unit_system = mkOption {
type = types.nullOr (types.enum [ "metric" "imperial" ]);
default = null;
example = "metric";
description = ''
The unit system to use. This also sets temperature_unit, Celsius for Metric and Fahrenheit for Imperial.
'';
};
temperature_unit = mkOption {
type = types.nullOr (types.enum [ "C" "F" ]);
default = null;
example = "C";
description = ''
Override temperature unit set by unit_system. <literal>C</literal> for Celsius, <literal>F</literal> for Fahrenheit.
'';
};
time_zone = mkOption {
type = types.nullOr types.str;
default = config.time.timeZone or null;
defaultText = literalExpression ''
config.time.timeZone or null
'';
example = "Europe/Amsterdam";
description = ''
Pick your time zone from the column TZ of Wikipedias <link xlink:href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones">list of tz database time zones</link>.
'';
};
};
in valueType;
http = {
# https://www.home-assistant.io/integrations/http/
server_host = mkOption {
type = types.either types.str (types.listOf types.str);
default = [
"0.0.0.0"
"::"
];
example = "::1";
description = ''
Only listen to incoming requests on specific IP/host. The default listed assumes support for IPv4 and IPv6.
'';
};
server_port = mkOption {
default = 8123;
type = types.port;
description = ''
The port on which to listen.
'';
};
};
lovelace = {
# https://www.home-assistant.io/lovelace/dashboards/
mode = mkOption {
type = types.enum [ "yaml" "storage" ];
default = if cfg.lovelaceConfig != null
then "yaml"
else "storage";
defaultText = literalExpression ''
if cfg.lovelaceConfig != null
then "yaml"
else "storage";
'';
example = "yaml";
description = ''
In what mode should the main Lovelace panel be, <literal>yaml</literal> or <literal>storage</literal> (UI managed).
'';
};
};
};
};
example = literalExpression ''
{
homeassistant = {
@ -130,15 +258,19 @@ in {
frontend = {
themes = "!include_dir_merge_named themes";
};
http = { };
http = {};
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
}
'';
description = ''
Your <filename>configuration.yaml</filename> as a Nix attribute set.
Beware that setting this option will delete your previous <filename>configuration.yaml</filename>.
<link xlink:href="https://www.home-assistant.io/docs/configuration/secrets/">Secrets</link>
are encoded as strings as shown in the example.
YAML functions like <link xlink:href="https://www.home-assistant.io/docs/configuration/secrets/">secrets</link>
can be passed as a string and will be unquoted automatically.
Unless this option is explicitly set to <literal>null</literal>
we assume your <filename>configuration.yaml</filename> is
managed through this module and thereby overwritten on startup.
'';
};
@ -147,16 +279,18 @@ in {
type = types.bool;
description = ''
Whether to make <filename>configuration.yaml</filename> writable.
This only has an effect if <option>config</option> is set.
This will allow you to edit it from Home Assistant's web interface.
This only has an effect if <option>config</option> is set.
However, bear in mind that it will be overwritten at every start of the service.
'';
};
lovelaceConfig = mkOption {
default = null;
type = with types; nullOr attrs;
# from https://www.home-assistant.io/lovelace/yaml-mode/
type = types.nullOr format.type;
# from https://www.home-assistant.io/lovelace/dashboards/
example = literalExpression ''
{
title = "My Awesome Home";
@ -172,8 +306,8 @@ in {
'';
description = ''
Your <filename>ui-lovelace.yaml</filename> as a Nix attribute set.
Setting this option will automatically add
<literal>lovelace.mode = "yaml";</literal> to your <option>config</option>.
Setting this option will automatically set <literal>lovelace.mode</literal> to <literal>yaml</literal>.
Beware that setting this option will delete your previous <filename>ui-lovelace.yaml</filename>
'';
};
@ -183,8 +317,10 @@ in {
type = types.bool;
description = ''
Whether to make <filename>ui-lovelace.yaml</filename> writable.
This only has an effect if <option>lovelaceConfig</option> is set.
This will allow you to edit it from Home Assistant's web interface.
This only has an effect if <option>lovelaceConfig</option> is set.
However, bear in mind that it will be overwritten at every start of the service.
'';
};
@ -201,11 +337,18 @@ in {
type = types.package;
example = literalExpression ''
pkgs.home-assistant.override {
extraPackages = ps: with ps; [ colorlog ];
extraPackages = python3Packages: with python3Packages; [
psycopg2
];
extraComponents = [
"default_config"
"esphome"
"met"
];
}
'';
description = ''
Home Assistant package to use. By default the tests are disabled, as they take a considerable amout of time to complete.
The Home Assistant package to use.
Override <literal>extraPackages</literal> or <literal>extraComponents</literal> in order to add additional dependencies.
If you specify <option>config</option> and do not set <option>autoExtraComponents</option>
to <literal>false</literal>, overriding <literal>extraComponents</literal> will have no effect.
@ -213,21 +356,6 @@ in {
'';
};
autoExtraComponents = mkOption {
default = true;
type = types.bool;
description = ''
If set to <literal>true</literal>, the components used in <literal>config</literal>
are set as the specified package's <literal>extraComponents</literal>.
This in turn adds all packaged dependencies to the derivation.
You might still see import errors in your log.
In this case, you will need to package the necessary dependencies yourself
or ask for someone else to package them.
If a dependency is packaged but not automatically added to this list,
you might need to specify it in <literal>extraPackages</literal>.
'';
};
openFirewall = mkOption {
default = false;
type = types.bool;
@ -240,18 +368,30 @@ in {
systemd.services.home-assistant = {
description = "Home Assistant";
after = [ "network.target" ];
preStart = optionalString (cfg.config != null) (if cfg.configWritable then ''
cp --no-preserve=mode ${configFile} "${cfg.configDir}/configuration.yaml"
'' else ''
rm -f "${cfg.configDir}/configuration.yaml"
ln -s ${configFile} "${cfg.configDir}/configuration.yaml"
'') + optionalString (cfg.lovelaceConfig != null) (if cfg.lovelaceConfigWritable then ''
cp --no-preserve=mode ${lovelaceConfigFile} "${cfg.configDir}/ui-lovelace.yaml"
'' else ''
rm -f "${cfg.configDir}/ui-lovelace.yaml"
ln -s ${lovelaceConfigFile} "${cfg.configDir}/ui-lovelace.yaml"
'');
after = [
"network-online.target"
# prevent races with database creation
"mysql.service"
"postgresql.service"
];
preStart = let
copyConfig = if cfg.configWritable then ''
cp --no-preserve=mode ${configFile} "${cfg.configDir}/configuration.yaml"
'' else ''
rm -f "${cfg.configDir}/configuration.yaml"
ln -s ${configFile} "${cfg.configDir}/configuration.yaml"
'';
copyLovelaceConfig = if cfg.lovelaceConfigWritable then ''
cp --no-preserve=mode ${lovelaceConfigFile} "${cfg.configDir}/ui-lovelace.yaml"
'' else ''
rm -f "${cfg.configDir}/ui-lovelace.yaml"
ln -s ${lovelaceConfigFile} "${cfg.configDir}/ui-lovelace.yaml"
'';
in
(optionalString (cfg.config != null) copyConfig) +
(optionalString (cfg.lovelaceConfig != null) copyLovelaceConfig)
;
serviceConfig = let
# List of capabilities to equip home-assistant with, depending on configured components
capabilities = [
@ -278,6 +418,11 @@ in {
"bluetooth_tracker"
"bluetooth_le_tracker"
];
componentsUsingPing = [
# Components that require the capset syscall for the ping wrapper
"ping"
"wake_on_lan"
];
componentsUsingSerialDevices = [
# Components that require access to serial devices (/dev/tty*)
# List generated from home-assistant documentation:
@ -324,7 +469,7 @@ in {
"zwave_js"
];
in {
ExecStart = "${package}/bin/hass --runner --config '${cfg.configDir}'";
ExecStart = "${package}/bin/hass --config '${cfg.configDir}'";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "hass";
Group = "hass";
@ -382,6 +527,8 @@ in {
SystemCallFilter = [
"@system-service"
"~@privileged"
] ++ optionals (any useComponent componentsUsingPing) [
"capset"
];
UMask = "0077";
};

2
nixos/modules/services/logging/promtail.nix
View File

@ -45,7 +45,7 @@ in {
Restart = "on-failure";
TimeoutStopSec = 10;
ExecStart = "${pkgs.grafana-loki}/bin/promtail -config.file=${prettyJSON cfg.configuration} ${escapeShellArgs cfg.extraFlags}";
ExecStart = "${pkgs.promtail}/bin/promtail -config.file=${prettyJSON cfg.configuration} ${escapeShellArgs cfg.extraFlags}";
ProtectSystem = "strict";
ProtectHome = true;

2
nixos/modules/services/mail/postfixadmin.nix
View File

@ -114,7 +114,7 @@ in
location ~* \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${fpm.socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${config.services.nginx.package}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
}
'';

2
nixos/modules/services/mail/roundcube.nix
View File

@ -153,7 +153,7 @@ in
location ~* \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${fpm.socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${config.services.nginx.package}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
}
'';

4
nixos/modules/services/matrix/mjolnir.xml
View File

@ -98,7 +98,7 @@
</para>
<para>
To use the Antispam Module, add <package>matrix-synapse-plugins.matrix-synapse-mjolnir-antispam</package>
to the Synapse plugin list and enable the <literal>mjolnir.AntiSpam</literal> module.
to the Synapse plugin list and enable the <literal>mjolnir.Module</literal> module.
</para>
<programlisting>
{
@ -108,7 +108,7 @@
];
extraConfig = ''
modules:
- module: mjolnir.AntiSpam
- module: mjolnir.Module
config:
# Prevent servers/users in the ban lists from inviting users on this
# server to rooms. Default true.

8
nixos/modules/services/misc/airsonic.nix
View File

@ -39,9 +39,11 @@ in {
default = "127.0.0.1";
description = ''
The host name or IP address on which to bind Airsonic.
Only relevant if you have multiple network interfaces and want
to make Airsonic available on only one of them. The default value
will bind Airsonic to all available network interfaces.
The default value is appropriate for first launch, when the
default credentials are easy to guess. It is also appropriate
if you intend to use the virtualhost option in the service
module. In other cases, you may want to change this to a
specific IP or 0.0.0.0 to listen on all interfaces.
'';
};

1
nixos/modules/services/misc/autorandr.nix
View File

@ -43,6 +43,7 @@ in {
ExecStart = "${pkgs.autorandr}/bin/autorandr --batch --change --default ${cfg.defaultTarget}";
Type = "oneshot";
RemainAfterExit = false;
KillMode = "process";
};
};

Some files were not shown because too many files have changed in this diff Show More