JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into add-sphinx-search

Browse Source
This commit is contained in:
Matthew Brown 2014-08-24 11:21:41 +01:00
commit 5ef459fe2d
3561 changed files with 44899 additions and 22313 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -9,3 +9,5 @@ result-*
/doc/manual.html
/doc/manual.pdf
.version-suffix
.DS_Store

41
doc/Makefile
View File

@ -1,41 +0,0 @@
# You may need to override this.
docbookxsl = $(HOME)/.nix-profile/xml/xsl/docbook
dblatex = dblatex
XMLLINT = xmllint --catalogs
XSLTPROC = xsltproc --catalogs \
--param section.autolabel 1 \
--param section.label.includes.component.label 1 \
--param html.stylesheet \'style.css\' \
--param xref.with.number.and.title 1 \
--param toc.section.depth 3 \
--param admon.style \'\' \
--param callout.graphics.extension \'.gif\'
NEWS_OPTS = \
--stringparam generate.toc "article nop" \
--stringparam section.autolabel.max.depth 0 \
--stringparam header.rule 0
all: NEWS.html NEWS.txt manual.html manual.pdf
NEWS.html: release-notes.xml
$(XSLTPROC) --nonet --xinclude --output $@ $(NEWS_OPTS) \
$(docbookxsl)/xhtml/docbook.xsl release-notes.xml
NEWS.txt: release-notes.xml
$(XSLTPROC) --nonet --xinclude quote-literals.xsl release-notes.xml | \
$(XSLTPROC) --nonet --output $@.tmp.html $(NEWS_OPTS) \
$(docbookxsl)/xhtml/docbook.xsl -
LANG=en_US w3m -dump $@.tmp.html > $@
rm $@.tmp.html
manual.html: *.xml
$(XSLTPROC) --nonet --xinclude --output manual.html \
$(docbookxsl)/xhtml/docbook.xsl manual.xml
manual.pdf: *.xml
$(dblatex) \
-P doc.collab.show=0 \
-P latex.output.revhistory=0 \
manual.xml

21
doc/contributing.xml Normal file
View File

@ -0,0 +1,21 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-contributing">
<title>Contributing</title>
<para>If you make modifications to the manual, it's important to build the manual before contributing:</para>
<orderedlist>
<listitem><para><command>$ git clone git://github.com/NixOS/nixpkgs.git</command></para></listitem>
<listitem><para><command>$ cd nixpkgs/pkgs/top-level</command></para></listitem>
<listitem><para><command>$ nix-build -A tarball release.nix</command></para></listitem>
<listitem><para>Inside the built derivation you shall see <literal>manual/index.html</literal> file.</para></listitem>
</orderedlist>
</chapter>

42
doc/default.nix Normal file
View File

@ -0,0 +1,42 @@
with import ./.. { };
with lib;
stdenv.mkDerivation {
name = "nixpkgs-manual";
sources = sourceFilesBySuffices ./. [".xml"];
buildInputs = [ libxml2 libxslt ];
xsltFlags = ''
--param section.autolabel 1
--param section.label.includes.component.label 1
--param html.stylesheet 'style.css'
--param xref.with.number.and.title 1
--param toc.section.depth 3
--param admon.style '''
--param callout.graphics.extension '.gif'
'';
buildCommand = ''
ln -s $sources/*.xml . # */
echo ${nixpkgsVersion} > .version
xmllint --noout --nonet --xinclude --noxincludenode \
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
manual.xml
dst=$out/share/doc/nixpkgs
mkdir -p $dst
xsltproc $xsltFlags --nonet --xinclude \
--output $dst/manual.html \
${docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
./manual.xml
cp ${./style.css} $dst/style.css
mkdir -p $out/nix-support
echo "doc manual $dst manual.html" >> $out/nix-support/hydra-build-products
'';
}

24
doc/manual.xml
View File

@ -3,25 +3,9 @@
<info>
<title>Nixpkgs Manual</title>
<title>Nixpkgs Contributors Guide</title>
<subtitle>Draft (Version <xi:include href="../.version"
parse="text" />)</subtitle>
<author>
<personname>
<firstname>Eelco</firstname>
<surname>Dolstra</surname>
</personname>
<affiliation>
<orgname>LogicBlox</orgname>
</affiliation>
</author>
<copyright>
<year>2008-2012</year>
<holder>Eelco Dolstra</holder>
</copyright>
<subtitle>Version <xi:include href=".version" parse="text" /></subtitle>
</info>
@ -32,6 +16,6 @@
<xi:include href="language-support.xml" />
<xi:include href="package-notes.xml" />
<xi:include href="coding-conventions.xml" />
<xi:include href="contributing.xml" />
</book>

164
doc/meta.xml
View File

@ -17,7 +17,9 @@ meta = {
It is fully customizable.
'';
homepage = http://www.gnu.org/software/hello/manual/;
license = "GPLv3+";
license = stdenv.lib.licenses.gpl3Plus;
maintainers = [ stdenv.lib.maintainers.eelco ];
platforms = stdenv.lib.platforms.all;
};
</programlisting>
@ -31,16 +33,42 @@ the package. The value of a meta-attribute must a string.</para>
command-line using <command>nix-env</command>:
<screen>
$ nix-env -qa hello --meta --xml
&lt;?xml version='1.0' encoding='utf-8'?>
&lt;items>
&lt;item attrPath="hello" name="hello-2.3" system="i686-linux">
&lt;meta name="description" value="A program that produces a familiar, friendly greeting" />
&lt;meta name="homepage" value="http://www.gnu.org/software/hello/manual/" />
&lt;meta name="license" value="GPLv3+" />
&lt;meta name="longDescription" value="GNU Hello is a program that prints &amp;quot;Hello, world!&amp;quot; when you run it.&amp;#xA;It is fully customizable.&amp;#xA;" />
&lt;/item>
&lt;/items>
$ nix-env -qa hello --meta --json
{
"hello": {
"meta": {
"description": "A program that produces a familiar, friendly greeting",
"homepage": "http://www.gnu.org/software/hello/manual/",
"license": {
"fullName": "GNU General Public License version 3 or later",
"shortName": "GPLv3+",
"url": "http://www.fsf.org/licensing/licenses/gpl.html"
},
"longDescription": "GNU Hello is a program that prints \"Hello, world!\" when you run it.\nIt is fully customizable.\n",
"maintainers": [
"Ludovic Court\u00e8s &lt;ludo@gnu.org>"
],
"platforms": [
"i686-linux",
"x86_64-linux",
"armv5tel-linux",
"armv7l-linux",
"mips64el-linux",
"x86_64-darwin",
"i686-cygwin",
"i686-freebsd",
"x86_64-freebsd",
"i686-openbsd",
"x86_64-openbsd"
],
"position": "/home/user/dev/nixpkgs/pkgs/applications/misc/hello/ex-2/default.nix:14"
},
"name": "hello-2.9",
"system": "x86_64-linux"
}
}
</screen>
<command>nix-env</command> knows about the
@ -92,20 +120,23 @@ interpretation:</para>
<varlistentry>
<term><varname>license</varname></term>
<listitem><para>The license for the package. See below for the
allowed values.</para></listitem>
<listitem><para>The license for the package. One from the
attribute set defined in <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix">
<filename>nixpkgs/lib/licenses.nix</filename></link>. Example:
<literal>stdenv.lib.licenses.gpl3</literal>. For details, see
<xref linkend='sec-meta-license'/>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>maintainers</varname></term>
<listitem><para>A list of names and e-mail addresses of the
maintainers of this Nix expression, e.g. <literal>["Alice
&lt;alice@example.org>" "Bob &lt;bob@example.com>"]</literal>. If
you are the maintainer of multiple packages, you may want to add
maintainers of this Nix expression. If
you would like to be a maintainer of a package, you may want to add
yourself to <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/lib/maintainers.nix"><filename>pkgs/lib/maintainers.nix</filename></link>
and write something like <literal>[stdenv.lib.maintainers.alice
stdenv.lib.maintainers.bob]</literal>.</para></listitem>
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/maintainers.nix"><filename>nixpkgs/lib/maintainers.nix</filename></link>
and write something like <literal>[ stdenv.lib.maintainers.alice
stdenv.lib.maintainers.bob ]</literal>.</para></listitem>
</varlistentry>
<varlistentry>
@ -121,29 +152,25 @@ interpretation:</para>
<varlistentry>
<term><varname>platforms</varname></term>
<listitem><para>The list of Nix platform types on which the
package is supported. If this attribute is set, the package will
refuse to build, and wont show up in <literal>nix-env
-qa</literal> output, on any platform not listed
here. An example is:
package is supported. Hydra builds packages according to the
platform specified. If no platform is specified, the package does
not have prebuilt binaries. An example is:
<programlisting>
meta.platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" ];
</programlisting>
The set <varname>lib.platforms</varname> defines various common
lists of platforms types, so its more typical to write:
<programlisting>
meta.platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
meta.platforms = stdenv.lib.platforms.linux;
</programlisting>
Attribute Set <varname>stdenv.lib.platforms</varname> in
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/platforms.nix">
<filename>nixpkgs/lib/platforms.nix</filename></link> defines various common
lists of platforms types.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>hydraPlatforms</varname></term>
<listitem><para>The list of Nix platform types for which the Hydra
instance at <literal>hydra.nixos.org</literal> should build the
instance at <literal>hydra.nixos.org</literal> will build the
package. (Hydra is the Nix-based continuous build system.) It
defaults to the value of <varname>meta.platforms</varname>. Thus,
the only reason to set <varname>meta.hydraPlatforms</varname> is
@ -176,80 +203,23 @@ meta.hydraPlatforms = [];
<section xml:id="sec-meta-license"><title>Licenses</title>
<note><para>This is just a first attempt at standardising the license
attribute.</para></note>
<para>The <varname>meta.license</varname> attribute must be one of the
following:
<para>The <varname>meta.license</varname> attribute should preferrably contain
a value from <varname>stdenv.lib.licenses</varname> defined in
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix">
<filename>nixpkgs/lib/licenses.nix</filename></link>,
or in-place license description of the same format if the license is
unlikely to be useful in another expression.
A few generic options are available, although it's typically better
to indicate the specific license:
<variablelist>
<varlistentry>
<term><varname>GPL</varname></term>
<listitem><para>GNU General Public License; version not
specified.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>GPLv2</varname></term>
<listitem><para>GNU General Public License, version
2.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>GPLv2+</varname></term>
<listitem><para>GNU General Public License, version
2 or higher.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>GPLv3</varname></term>
<listitem><para>GNU General Public License, version
3.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>GPLv3+</varname></term>
<listitem><para>GNU General Public License, version
3 or higher.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>bsd</varname></term>
<listitem><para>Catch-all for licenses that are essentially
similar to <link
xlink:href="http://www.gnu.org/licenses/license-list.html#ModifiedBSD">the
original BSD license with the advertising clause removed</link>,
i.e. permissive non-copyleft free software licenses. This
includes the <link
xlink:href="http://www.gnu.org/licenses/license-list.html#X11License">X11
(“MIT”) License</link>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>perl5</varname></term>
<listitem><para>The Perl 5 license (Artistic License, version 1
and GPL, version 1 or later).</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>free</varname></term>
<listitem><para>Catch-all for free software licenses not listed
above.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>free-copyleft</varname></term>
<listitem><para>Catch-all for free, copyleft software licenses not
listed above.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>free-non-copyleft</varname></term>
<listitem><para>Catch-all for free, non-copyleft software licenses
not listed above.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>unfree-redistributable</varname></term>
<listitem><para>Unfree package that can be redistributed in binary

14
doc/quick-start.xml
View File

@ -155,9 +155,10 @@ $ git add pkgs/development/libraries/libfoo/default.nix</screen>
</listitem>
<listitem>
<para>You can use <command>nix-prefetch-url</command>
<para>You can use <command>nix-prefetch-url</command> (or similar nix-prefetch-git, etc)
<replaceable>url</replaceable> to get the SHA-256 hash of
source distributions.</para>
source distributions. There are similar commands as <command>nix-prefetch-git</command> and
<command>nix-prefetch-hg</command> available in <literal>nix-prefetch-scripts</literal> package.</para>
</listitem>
<listitem>
@ -221,17 +222,10 @@ $ nix-env -f . -iA libfoo</screen>
</listitem>
<listitem>
<para>Optionally commit the new package, or send a patch to
<para>Optionally commit the new package and open a pull request, or send a patch to
<literal>nix-dev@cs.uu.nl</literal>.</para>
</listitem>
<listitem>
<para>If you want the TU Delft build farm to build binaries of the
package and make them available in the <link
xlink:href="http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/"><literal>nixpkgs</literal>
channel</link>, add it to <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/release.nix"><filename>pkgs/top-level/release.nix</filename></link>.</para>
</listitem>
</orderedlist>

328
lib/licenses.nix
View File

@ -1,25 +1,24 @@
{
/* License identifiers loosely based on: http://fedoraproject.org/wiki/Licensing
let
spdx = lic: lic // {
url = "http://spdx.org/licenses/${lic.shortName}";
};
in
rec {
/* License identifiers from spdx.org where possible.
* If you cannot find your license here, then look for a similar license or
* add it to this list. The URL mentioned above is a good source for inspiration.
*/
artistic2 = {
shortName = "Artistic 2.0";
fullName = "Artistic 2.0";
url = "http://opensource.org/licenses/artistic-license-2.0.php";
};
agpl3 = {
shortName = "AGPLv3";
fullName = "GNU Affero General Public License version 3 only";
url = https://www.gnu.org/licenses/agpl.html;
agpl3 = spdx {
shortName = "AGPL-3.0";
fullName = "GNU Affero General Public License v3.0";
};
agpl3Plus = {
shortName = "AGPLv3+";
fullName = "GNU Affero General Public License version 3 or later";
url = https://www.gnu.org/licenses/agpl.html;
shortName = "AGPL-3.0+";
fullName = "GNU Affero General Public License v3.0 or later";
inherit (agpl3) url;
};
amd = {
@ -28,126 +27,149 @@
url = http://developer.amd.com/amd-license-agreement/;
};#
apsl20 = {
shortName = "APSL 2.0";
apsl20 = spdx {
shortName = "APSL-2.0";
fullName = "Apple Public Source License 2.0";
url = http://opensource.org/licenses/APSL-2.0;
};
asl20 = {
shortName = "ASL2.0";
fullName = "Apache Software License 2.0";
url = http://www.apache.org/licenses/LICENSE-2.0;
artistic2 = spdx {
shortName = "Artistic-2.0";
fullName = "Artistic License 2.0";
};
boost = {
shortName = "boost";
fullName = "Boost Software License";
url = http://www.boost.org/LICENSE_1_0.txt;
asl20 = spdx {
shortName = "Apache-2.0";
fullName = "Apache License 2.0";
};
bsd2 = {
shortName = "BSD-2";
fullName = "BSD license (2 clause)";
url = http://opensource.org/licenses/BSD-2-Clause;
boost = spdx {
shortName = "BSL-1.0";
fullName = "Boost Software License 1.0";
};
bsd3 = {
shortName = "BSD-3";
fullName = "BSD license (3 clause)";
url = http://opensource.org/licenses/BSD-3-Clause;
bsd2 = spdx {
shortName = "BSD-2-Clause";
fullName = ''BSD 2-clause "Simplified" License'';
};
bsdOriginal = {
shortName = "BSD-original";
fullName = "Original BSD license with advertising clause";
url = https://fedoraproject.org/wiki/Licensing/BSD;
bsd3 = spdx {
shortName = "BSD-3-Clause";
fullName = ''BSD 3-clause "New" or "Revised" License'';
};
cc-by-30 = {
shortName = "CC BY 3.0";
bsdOriginal = spdx {
shortName = "BSD-4-Clause";
fullName = ''BSD 4-clause "Original" or "Old" License'';
};
cc-by-30 = spdx {
shortName = "CC-BY-3.0";
fullName = "Creative Commons Attribution 3.0";
url = http://creativecommons.org/licenses/by/3.0;
};
cddl = {
shortName = "CDDL";
fullName = "Common Development Distribution License ";
url = http://www.opensolaris.org/os/licensing/cddllicense.txt;
cddl = spdx {
shortName = "CDDL-1.0";
fullName = "Common Development and Distribution License 1.0";
};
cpl10 = {
shortName = "CPL 1.0";
fullName = "Common Public License version 1.0";
url = http://www.eclipse.org/legal/cpl-v10.html;
cecill-c = spdx {
shortName = "CECILL-C";
fullName = "CeCILL-C Free Software License Agreement";
};
epl10 = {
shortName = "EPL 1.0";
fullName = "Eclipse Public License version 1.0";
url = http://www.eclipse.org/legal/epl-v10.html;
cpl10 = spdx {
shortName = "CPL-1.0";
fullName = "Common Public License 1.0";
};
epl10 = spdx {
shortName = "EPL-1.0";
fullName = "Eclipse Public License 1.0";
};
free = "free";
gpl2 = {
shortName = "GPLv2";
fullName = "GNU General Public License version 2";
url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
gpl2 = spdx {
shortName = "GPL-2.0";
fullName = "GNU General Public License v2.0 only";
};
gpl2Oss = {
shortName = "GPLv2+OSS";
shortName = "GPL-2.0-with-OSS";
fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)";
url = http://www.mysql.com/about/legal/licensing/foss-exception;
};
gpl2Plus = {
shortName = "GPLv2+";
fullName = "GNU General Public License version 2 or later";
url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
gpl2Plus = spdx {
shortName = "GPL-2.0+";
fullName = "GNU General Public License v2.0 or later";
};
gpl3 = {
shortName = "GPLv3";
fullName = "GNU General Public License version 3 only";
url = http://www.fsf.org/licensing/licenses/gpl.html;
gpl3 = spdx {
shortName = "GPL-3.0";
fullName = "GNU General Public License v3.0 only";
};
gpl3Plus = {
shortName = "GPLv3+";
fullName = "GNU General Public License version 3 or later";
url = http://www.fsf.org/licensing/licenses/gpl.html;
gpl3Plus = spdx {
shortName = "GPL-3.0+";
fullName = "GNU General Public License v3.0 or later";
};
gpl3ClasspathPlus = {
shortName = "GPLv3+classpath+";
fullName = "GNU General Public License version 3 or later (with Classpath exception)";
shortName = "GPL-3.0+-with-classpath-exception";
fullName = "GNU General Public License v3.0 or later (with Classpath exception)";
url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
};
isc = {
inria = {
shortName = "INRIA-NCLA";
fullName = "INRIA Non-Commercial License Agreement";
url = "http://compcert.inria.fr/doc/LICENSE";
};
ipa = spdx {
shortName = "IPA";
fullName = "IPA Font License";
};
ipl10 = spdx {
shortName = "IPL-1.0";
fullName = "IBM Public License v1.0";
};
isc = spdx {
shortName = "ISC";
fullName = "Internet Systems Consortium License";
url = http://www.opensource.org/licenses/ISC;
fullName = "ISC License";
};
ipa = {
shortName = "IPA 1.0";
fullName = "IPA Font License v1.0";
url = http://ipafont.ipa.go.jp/ipafont/;
lgpl2 = spdx {
shortName = "LGPL-2.0";
fullName = "GNU Library General Public License v2 only";
};
ipl10 = {
shortName = "IPL 1.0";
fullName = "IBM Public License Version 1.0";
url = http://www.ibm.com/developerworks/opensource/library/os-i18n2/os-ipl.html;
lgpl2Plus = spdx {
shortName = "LGPL-2.0+";
fullName = "GNU Library General Public License v2 or later";
};
ijg = {
shortName = "IJG";
fullName = "Independent JPEG Group License";
url = https://fedoraproject.org/wiki/Licensing/IJG;
lgpl21 = spdx {
shortName = "LGPL-2.1";
fullName = "GNU Library General Public License v2.1 only";
};
lgpl21Plus = spdx {
shortName = "LGPL-2.1+";
fullName = "GNU Library General Public License v2.1 or later";
};
lgpl3 = spdx {
shortName = "LGPL-3.0";
fullName = "GNU Lesser General Public License v3.0 only";
};
lgpl3Plus = spdx {
shortName = "LGPL-3.0+";
fullName = "GNU Lesser General Public License v3.0 or later";
};
libtiff = {
@ -156,76 +178,52 @@
url = https://fedoraproject.org/wiki/Licensing/libtiff;
};
lgpl2 = {
shortName = "LGPLv2";
fullName = "GNU Library General Public License version 2";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
};
lgpl2Plus = {
shortName = "LGPLv2+";
fullName = "GNU Library General Public License version 2 or later";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
};
lgpl21 = {
shortName = "LGPLv2.1";
fullName = "GNU Lesser General Public License version 2.1";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html;
};
lgpl21Plus = {
shortName = "LGPLv2.1+";
fullName = "GNU Lesser General Public License version 2.1 or later";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html;
};
llgpl21 = {
shortName = "LLGPLv2.1";
shortName = "LLGPL-2.1";
fullName = "Lisp LGPL; GNU Lesser General Public License version 2.1 with Franz Inc. preamble for clarification of LGPL terms in context of Lisp";
url = http://opensource.franz.com/preamble.html;
};
lgpl3 = {
shortName = "LGPLv3";
fullName = "GNU Lesser General Public License version 3 only";
url = http://www.fsf.org/licensing/licenses/lgpl.html;
lpl-102 = spdx {
shortName = "LPL-1.02";
fullName = "Lucent Public License v1.02";
};
lgpl3Plus = {
shortName = "LGPLv3+";
fullName = "GNU Lesser General Public License version 3 or later";
url = http://www.fsf.org/licensing/licenses/lgpl.html;
};
mit = {
mit = spdx {
shortName = "MIT";
fullName = "MIT/X11 license";
url = http://www.opensource.org/licenses/mit-license.php;
fullName = "MIT License";
};
mpl11 = {
shortName = "MPL1.1";
fullName = "Mozilla Public License version 1.1";
url = http://www.mozilla.org/MPL/MPL-1.1.html;
mpl11 = spdx {
shortName = "MPL-1.1";
fullName = "Mozilla Public License 1.1";
};
mpl20 = {
shortName = "MPL2.0";
fullName = "Mozilla Public License version 2.0";
url = https://www.mozilla.org/MPL/2.0;
mpl20 = spdx {
shortName = "MPL-2.0";
fullName = "Mozilla Public License 2.0";
};
ofl = {
shortName = "OFL";
fullName = "SIL Open Font License";
url = "http://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&id=OFL_web";
msrla = {
shortName = "MSR-LA";
fullName = "Microsoft Research License Agreement";
url = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
};
openssl = {
shortName = "openssl";
fullName = "OpenSSL license";
url = http://www.openssl.org/source/license.html;
ofl = spdx {
shortName = "OFL-1.1";
fullName = "SIL Open Font License 1.1";
};
openssl = spdx {
shortName = "OpenSSL";
fullName = "OpenSSL License";
};
psfl = spdx {
shortName = "Python-2.0";
fullName = "Python Software Foundation License version 2";
#url = http://docs.python.org/license.html;
};
publicDomain = {
@ -233,10 +231,9 @@
fullname = "Public Domain";
};
psfl = {
shortName = "PSFL";
fullName = "Python Software Foundation License";
url = http://docs.python.org/license.html;
sleepycat = spdx {
shortName = "Sleepycat";
fullName = "Sleepycat License";
};
tcltk = {
@ -257,45 +254,20 @@
url = https://fedoraproject.org/wiki/Licensing:Wadalab?rd=Licensing/Wadalab;
};
zlib = {
shortName = "zlib";
fullName = "zlib license";
url = http://www.gzip.org/zlib/zlib_license.html;
zlib = spdx {
shortName = "Zlib";
fullName = "zlib License";
};
zpt20 = {
shortName = "ZPT2.0";
zpt20 = spdx { # FIXME: why zpt* instead of zpl*
shortName = "ZPL-2.0";
fullName = "Zope Public License 2.0";
url = "http://old.zope.org/Resources/License/ZPL-2.0";
};
zpt21 = {
shortName = "ZPT2.1";
zpt21 = spdx {
shortName = "ZPL-2.1";
fullName = "Zope Public License 2.1";
url = "http://old.zope.org/Resources/License/ZPL-2.1";
};
sleepycat = {
shortName = "Sleepycat";
fullName = "Sleepycat Public License";
url = "https://en.wikipedia.org/wiki/Sleepycat_License";
};
cecill-c = {
shortName = "CeCILL-C";
fullName = "CEA CNRS INRIA Logiciel Libre";
url = "http://www.cecill.info/licences.en.html";
};
msrla = {
shortName = "MSR-LA";
fullName = "Microsoft Research License Agreement";
url = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
};
inria = {
shortName = "INRIA-NCLA";
fullName = "INRIA Non-Commercial License Agreement";
url = "http://compcert.inria.fr/doc/LICENSE";
};
}

16
lib/maintainers.nix
View File

@ -19,19 +19,23 @@
astsmtl = "Alexander Tsamutali <astsmtl@yandex.ru>";
aszlig = "aszlig <aszlig@redmoonstudios.org>";
auntie = "Jonathan Glines <auntieNeo@gmail.com>";
aycanirican = "Aycan iRiCAN <iricanaycan@gmail.com>";
bbenoist = "Baptist BENOIST <return_0@live.com>";
bennofs = "Benno Fünfstück <benno.fuenfstueck@gmail.com>";
berdario = "Dario Bertini <berdario@gmail.com>";
bergey = "Daniel Bergey <bergey@teallabs.org>";
bjg = "Brian Gough <bjg@gnu.org>";
bjornfor = "Bjørn Forsman <bjorn.forsman@gmail.com>";
bluescreen303 = "Mathijs Kwik <mathijs@bluescreen303.nl>";
bodil = "Bodil Stokke <nix@bodil.org>";
bosu = "Boris Sukholitko <boriss@gmail.com>";
calrama = "Moritz Maxeiner <moritz@ucworks.org>";
cfouche = "Chaddaï Fouché <chaddai.fouche@gmail.com>";
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
DamienCassou = "Damien Cassou <damien.cassou@gmail.com>";
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
@ -44,6 +48,7 @@
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
guibert = "David Guibert <david.guibert@gmail.com>";
hinton = "Tom Hinton <t@larkery.com>";
hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
iElectric = "Domen Kozar <domen@dev.si>";
iyzsong = "Song Wenwu <iyzsong@gmail.com>";
@ -55,15 +60,20 @@
kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
lethalman = "Luca Bruno <lucabru@src.gnome.org>";
lhvwb = "Nathaniel Baxter <nathaniel.baxter@gmail.com>";
linquize = "Linquize <linquize@yahoo.com.hk>";
lovek323 = "Jason O'Conal <jason@oconal.id.au>";
ludo = "Ludovic Courtès <ludo@gnu.org>";
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
marcweber = "Marc Weber <marco-oweber@gmx.de>";
matejc = "Matej Cotman <cotman.matej@gmail.com>";
meisternu = "Matt Miemiec <meister@krutt.org>";
modulistic = "Pablo Costa <modulistic@gmail.com>";
mornfall = "Petr Ročkai <me@mornfall.net>";
msackman = "Matthew Sackman <matthew@wellquite.org>";
nathan-gs = "Nathan Bijnens <nathan@nathan.gs>";
MP2E = "Cray Elliott <MP2E@archlinux.us>";
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
@ -77,6 +87,7 @@
qknight = "Joachim Schiele <js@lastlog.de>";
raskin = "Michael Raskin <7c6f434c@mail.ru>";
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
refnil = "Martin Lavoie <broemartino@gmail.com>";
relrod = "Ricky Elrod <ricky@elrod.me>";
rickynils = "Rickard Nilsson <rickynils@gmail.com>";
rob = "Rob Vermaas <rob.vermaas@gmail.com>";
@ -87,13 +98,16 @@
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
shlevy = "Shea Levy <shea@shealevy.com>";
simons = "Peter Simons <simons@cryp.to>";
skeidel = "Sven Keidel <svenkeidel@gmail.com>";
smironov = "Sergey Mironov <ierton@gmail.com>";
sprock = "Roger Mason <rmason@mun.ca>";
tailhook = "Paul Colomiets <paul@colomiets.name>";
thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
tv = "Tomislav Viljetić <tv@shackspace.de>";
urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
vbmithr = "Vincent Bernardoff <vb@luminar.eu.org>";
vcunat = "Vladimír Čunát <vcunat@gmail.com>";
@ -102,6 +116,8 @@
vlstill = "Vladimír Štill <xstill@fi.muni.cz>";
winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
wizeman = "Ricardo M. Correia <rcorreia@wizy.org>";
wjlroe = "William Roe <willroe@gmail.com>";
wkennington = "William A. Kennington III <william@wkennington.com>";
wmertens = "Wout Mertens <Wout.Mertens@gmail.com>";
z77z = "Marco Maggesi <maggesi@math.unifi.it>";
zef = "Zef Hemel <zef@zef.me>";

2
lib/platforms.nix
View File

@ -11,6 +11,6 @@ rec {
unix = linux ++ darwin ++ freebsd ++ openbsd;
all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd;
none = [];
allBut = platform: lists.filter (x: platform != x) all;
allBut = platforms: lists.filter (x: !(builtins.elem x platforms)) all;
mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux"];
}

6
lib/types.nix
View File

@ -200,6 +200,12 @@ rec {
merge = mergeOneOption;
};
either = t1: t2: mkOptionType {
name = "${t1.name} or ${t2.name}";
check = x: t1.check x || t2.check x;
merge = mergeOneOption;
};
# Obsolete alternative to configOf. It takes its option
# declarations from the options attribute of containing option
# declaration.

146
maintainers/scripts/sort-attrs.str
View File

@ -1,146 +0,0 @@
/* Tool to sort attribute sets. Primarily useful for keeping
all-packages.nix tidy.
To compile:
$ strc -i ../../maintainers/scripts/sort-attrs.str -la stratego-lib
Typical invocation:
$ sglr -m -p ~/Dev/nix/src/libexpr/nix.tbl -i all-packages.nix \
| implode-asfix --lex \
| ../../maintainers/scripts/sort-attrs \
| asfix-yield
*/
module sort-attrs
imports
libstratego-lib
libstratego-sglr
strategies
no-wsp = !appl(prod([], cf(opt(layout())), no-attrs()), [])
rules
list-sep(s): [] -> []
list-sep(s): [x | xs] -> [[x | before] | <list-sep(s)> [split | after]]
where
<split-fetch-keep(s)> xs => (before, split, after)
list-sep(s): [x | xs] -> [[x | xs]]
where
<not(split-fetch-keep(s))> xs
list-sep-end(s): xs -> [<conc> (before, [split]) | <list-sep-end(s)> after]
where
<split-fetch-keep(s)> xs => (before, split, after)
list-sep-end(s): xs -> [xs]
where
<not(split-fetch-keep(s))> xs
sort-attrs:
appl(p@prod(_, _, attrs([term(cons("Attrs"))])),
[ lit("{")
, ws1
, appl(p2@list(cf(iter-star(sort("Bind")))), attrs)
, ws2
, lit("}")
]
) ->
appl(p, [lit("{"), <no-wsp>, appl(p2, <concat> attrs'), ws2, lit("}")])
where
<debug> "found it";
<attach-wsp> [ws1 | attrs] => withWSP;
<list-sep(starts-section)> withWSP => groups;
<length; debug> groups;
<map({x', x'', x''', xs', starts, starts': \[x | xs] -> [x''' | xs']
where
<remove-section-start> x => (x', starts);
<map(regularise-empty-lines); if !starts; debug; sortable-section; debug then qsort(compare-attrs) else id end> [x' | xs] => [x'' | xs'];
<[] <+ \x -> ["\n\n\n" | x]\ > starts => starts';
<prepend-layout> (starts', x'') => x'''
\ })> groups => attrs';
<debug> "did it"
attach-wsp: [a, b | cs] -> [(a, b) | <attach-wsp> cs]
attach-wsp: [] -> []
strategies
starts-section =
?x@(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr);
<implode-string; is-substring(!"###")> cs;
!x
rules
sortable-section = ?[s]; !s; explode-string; not(fetch({x: ?x; !(x, 97); geq}))
remove-section-start:
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr) ->
((appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs'), attr), starts)
where
!cs;
list-sep-end(?10); // separate into lines, keeping the \n
map(implode-string);
partition(where(is-substring(!"###"))) => (starts, rest);
<map(explode-string); concat> rest => cs'
regularise-empty-lines:
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr) ->
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs''), attr)
where
// separate into lines, keeping the \n
// last whitespace is significant, keep
<list-sep-end(?10); split-init-last> cs => (init, last);
<regularise-empty-lines'> init => cs'; // remove whitespace-only lines
<concat> [<explode-string> "\n\n", <concat> cs', last] => cs'' // add one empty line
/* Dirty hack: *do* keep the first empty line following a non-empty line. !!! order matters */
regularise-empty-lines': [] -> []
regularise-empty-lines': [x, y | xs] -> [x, y | <regularise-empty-lines'> xs]
where
<fetch-elem(not(?10 <+ ?32))> x;
<not(fetch-elem(not(?10 <+ ?32)))> y
regularise-empty-lines': [x | xs] -> [x | <regularise-empty-lines'> xs]
where <fetch-elem(not(?10 <+ ?32))> x
regularise-empty-lines': [x | xs] -> <regularise-empty-lines'> xs
where <not(fetch-elem(not(?10 <+ ?32)))> x
prepend-layout:
(text, (appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr)) ->
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs''), attr)
where
<implode-string> cs => cs';
<conc-strings; explode-string> (<concat-strings> text, cs') => cs''
compare-attrs:
x@
( (_, appl(p1@prod(_, _, attrs([term(cons("Bind"))])), [id1 | xs1]))
, (_, appl(p2@prod(_, _, attrs([term(cons("Bind"))])), [id2 | xs2]))
)
-> x
where
<string-lt> (id1, id2)
strategies
main = io-wrap(
oncetd(sort-attrs)
)

12
nixos/doc/manual/README Normal file
View File

@ -0,0 +1,12 @@
To build the manual, you need Nix installed on your system (no need
for NixOS). To install Nix, follow the instructions at
https://nixos.org/nix/download.html
When you have Nix on your system, in the root directory of the project
(i.e., `nixpkgs`), run:
nix-build nixos/release.nix -A manual.x86_64-linux
When this command successfully finishes, it will tell you where the
manual got generated.

61
nixos/doc/manual/configuration.xml
View File

@ -1036,21 +1036,28 @@ users.extraUsers.alice =
{ createHome = true;
home = "/home/alice";
description = "Alice Foobar";
extraGroups = [ "wheel" ];
extraGroups = [ "wheel" "networkmanager" ];
useDefaultShell = true;
openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
};
</programlisting>
Note that <literal>alice</literal> is a member of the
<literal>wheel</literal> group, which allows her to use
<command>sudo</command> to execute commands as
<literal>root</literal>. Also note the SSH public key that allows
remote logins with the corresponding private key. Users created in
this way do not have a password by default, so they cannot log in via
mechanisms that require a password. However, you can use the
<command>passwd</command> program to set a password, which is retained
across invocations of <command>nixos-rebuild</command>.</para>
<literal>wheel</literal> and <literal>networkmanager</literal> groups,
which allows her to use <command>sudo</command> to execute commands as
<literal>root</literal> and to configure the network, respectively.
Also note the SSH public key that allows remote logins with the
corresponding private key. Users created in this way do not have a
password by default, so they cannot log in via mechanisms that require
a password. However, you can use the <command>passwd</command> program
to set a password, which is retained across invocations of
<command>nixos-rebuild</command>.</para>
<para>If you set users.mutableUsers to false, then the contents of /etc/passwd
and /etc/group will be congruent to your NixOS configuration. For instance,
if you remove a user from users.extraUsers and run nixos-rebuild, the user
account will cease to exist. Also, imperative commands for managing users
and groups, such as useradd, are no longer available.</para>
<para>A user ID (uid) is assigned automatically. You can also specify
a uid manually by adding
@ -1277,6 +1284,28 @@ services.xserver.synaptics.twoFingerScroll = true;
<section xml:id="sec-networking"><title>Networking</title>
<section xml:id="sec-networkmanager"><title>NetworkManager</title>
<para>To facilitate network configuration, some desktop environments
use NetworkManager. You can enable NetworkManager by setting:
<programlisting>
services.networkmanager.enable = true;
</programlisting>
Some desktop managers (e.g., GNOME) enable NetworkManager
automatically for you.</para>
<para>All users that should have permission to change network settings
must belong to the <code>networkmanager</code> group.</para>
<note><para><code>services.networkmanager</code> and
<code>services.wireless</code> can not be enabled at the same time:
you can still connect to the wireless networks using
NetworkManager.</para></note>
</section>
<section xml:id="sec-ssh"><title>Secure shell access</title>
<para>Secure shell (SSH) access to your machine can be enabled by
@ -1399,6 +1428,11 @@ always allowed.)</para>
<section xml:id="sec-wireless"><title>Wireless networks</title>
<para>For a desktop installation using NetworkManager (e.g., GNOME),
you just have to make sure the user is in the
<code>networkmanager</code> group and you can skip the rest of this
section on wireless networks.</para>
<para>
NixOS will start wpa_supplicant for you if you enable this setting:
@ -1471,10 +1505,11 @@ are specific to the kernel version, such as the NVIDIA video drivers.
This ensures that driver packages are consistent with the
kernel.</para>
<para>The default Linux kernel configuration should be fine for most
users. You can see the configuration of your current kernel in
<filename>/run/booted-system/kernel-modules/config</filename>. If you
want to change the kernel configuration, you can use the
<para>The default Linux kernel configuration should be fine for most users. You can see the configuration of your current kernel with the following command:
<programlisting>
cat /proc/config.gz | gunzip
</programlisting>
If you want to change the kernel configuration, you can use the
<option>packageOverrides</option> feature (see <xref
linkend="sec-customising-packages" />). For instance, to enable
support for the kernel debugger KGDB:

51
nixos/doc/manual/default.nix
View File

@ -1,5 +1,6 @@
{ pkgs, options, version, revision }:
with pkgs;
with pkgs.lib;
let
@ -22,7 +23,7 @@ let
optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML options''));
optionsDocBook = pkgs.runCommand "options-db.xml" {} ''
optionsDocBook = runCommand "options-db.xml" {} ''
if grep /nixpkgs/nixos/modules ${optionsXML}; then
echo "The manual appears to depend on the location of Nixpkgs, which is bad"
echo "since this prevents sharing via the NixOS channel. This is typically"
@ -30,7 +31,7 @@ let
echo "for hints about the offending path)."
exit 1
fi
${pkgs.libxslt}/bin/xsltproc \
${libxslt}/bin/xsltproc \
--stringparam revision '${revision}' \
-o $out ${./options-to-docbook.xsl} ${optionsXML}
'';
@ -38,12 +39,12 @@ let
in rec {
# Generate the NixOS manual.
manual = pkgs.stdenv.mkDerivation {
manual = stdenv.mkDerivation {
name = "nixos-manual";
sources = sourceFilesBySuffices ./. [".xml"];
buildInputs = [ pkgs.libxml2 pkgs.libxslt ];
buildInputs = [ libxml2 libxslt ];
xsltFlags = ''
--param section.autolabel 1
@ -62,19 +63,19 @@ in rec {
# Check the validity of the manual sources.
xmllint --noout --nonet --xinclude --noxincludenode \
--relaxng ${pkgs.docbook5}/xml/rng/docbook/docbook.rng \
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
manual.xml
# Generate the HTML manual.
dst=$out/share/doc/nixos
ensureDir $dst
mkdir -p $dst
xsltproc $xsltFlags --nonet --xinclude \
--output $dst/manual.html \
${pkgs.docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
${docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
./manual.xml
mkdir -p $dst/images/callouts
cp ${pkgs.docbook5_xsl}/xml/xsl/docbook/images/callouts/*.gif $dst/images/callouts/
cp ${docbook5_xsl}/xml/xsl/docbook/images/callouts/*.gif $dst/images/callouts/
cp ${./style.css} $dst/style.css
@ -86,13 +87,39 @@ in rec {
meta.description = "The NixOS manual in HTML format";
};
manualPDF = stdenv.mkDerivation {
name = "nixos-manual-pdf";
sources = sourceFilesBySuffices ./. [".xml"];
buildInputs = [ libxml2 libxslt dblatex tetex ];
buildCommand = ''
# TeX needs a writable font cache.
export VARTEXFONTS=$TMPDIR/texfonts
ln -s $sources/*.xml . # */
ln -s ${optionsDocBook} options-db.xml
echo "${version}" > version
dst=$out/share/doc/nixos
mkdir -p $dst
xmllint --xinclude manual.xml | dblatex -o $dst/manual.pdf - \
-P doc.collab.show=0 \
-P latex.output.revhistory=0
mkdir -p $out/nix-support
echo "doc-pdf manual $dst/manual.pdf" >> $out/nix-support/hydra-build-products
''; # */
};
# Generate the NixOS manpages.
manpages = pkgs.stdenv.mkDerivation {
manpages = stdenv.mkDerivation {
name = "nixos-manpages";
sources = sourceFilesBySuffices ./. [".xml"];
buildInputs = [ pkgs.libxml2 pkgs.libxslt ];
buildInputs = [ libxml2 libxslt ];
buildCommand = ''
ln -s $sources/*.xml . # */
@ -100,7 +127,7 @@ in rec {
# Check the validity of the manual sources.
xmllint --noout --nonet --xinclude --noxincludenode \
--relaxng ${pkgs.docbook5}/xml/rng/docbook/docbook.rng \
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
./man-pages.xml
# Generate manpages.
@ -109,7 +136,7 @@ in rec {
--param man.output.in.separate.dir 1 \
--param man.output.base.dir "'$out/share/man/'" \
--param man.endnotes.are.numbered 0 \
${pkgs.docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
./man-pages.xml
'';
};

10
nixos/doc/manual/installation.xml
View File

@ -320,7 +320,10 @@ changes:
<itemizedlist>
<listitem>
<para>You should boot the live CD in UEFI mode (consult your
specific hardware's documentation for instructions).</para>
specific hardware's documentation for instructions). You may find
the <link
xlink:href="http://www.rodsbooks.com/refind">rEFInd
boot manager</link> useful.</para>
</listitem>
<listitem>
<para>Instead of <command>fdisk</command>, you should use
@ -335,6 +338,11 @@ changes:
should do this automatically for new configurations when booted in
UEFI mode.</para>
</listitem>
<listitem>
<para>After having mounted your installation partition to
<code>/mnt</code>, you must mount the <code>boot</code> partition
to <code>/mnt/boot</code>.</para>
</listitem>
<listitem>
<para>You may want to look at the options starting with
<option>boot.loader.efi</option> and <option>boot.loader.gummiboot</option>

19
nixos/doc/manual/manual.xml
View File

@ -7,25 +7,6 @@
<title>NixOS Manual</title>
<subtitle>Version <xi:include href="version" parse="text" /></subtitle>
<author>
<personname>
<firstname>Eelco</firstname>
<surname>Dolstra</surname>
</personname>
</author>
<author>
<personname>
<firstname>Nicolas</firstname>
<surname>Pierron</surname>
</personname>
</author>
<copyright>
<year>2007-2013</year>
<holder>Eelco Dolstra</holder>
</copyright>
</info>

6
nixos/doc/manual/options-to-docbook.xsl
View File

@ -202,4 +202,10 @@
</simplelist>
</xsl:template>
<xsl:template match="function">
<xsl:text>λ</xsl:text>
</xsl:template>
</xsl:stylesheet>

4
nixos/lib/make-iso9660-image.sh
View File

@ -78,7 +78,7 @@ done
cat pathlist | sed -e 's/=\(.*\)=\(.*\)=/\\=\1=\2\\=/' | tee pathlist.safer
ensureDir $out/iso
mkdir -p $out/iso
genCommand="genisoimage -iso-level 4 -r -J $bootFlags -hide-rr-moved -graft-points -path-list pathlist.safer ${volumeID:+-V $volumeID}"
if test -z "$compressImage"; then
$genCommand -o $out/iso/$isoName
@ -87,5 +87,5 @@ else
fi
ensureDir $out/nix-support
mkdir -p $out/nix-support
echo $system > $out/nix-support/system

4
nixos/lib/make-system-tarball.sh
View File

@ -48,11 +48,11 @@ for ((n = 0; n < ${#objects[*]}; n++)); do
fi
done
ensureDir $out/tarball
mkdir -p $out/tarball
tar cvJf $out/tarball/$fileName.tar.xz *
ensureDir $out/nix-support
mkdir -p $out/nix-support
echo $system > $out/nix-support/system
echo "file system-tarball $out/tarball/$fileName.tar.xz" > $out/nix-support/hydra-build-products

2
nixos/lib/testing.nix
View File

@ -117,7 +117,7 @@ rec {
report = releaseTools.gcovReport { coverageRuns = [ test ]; };
in (if makeCoverageReport then report else test) // { inherit driver test; };
in (if makeCoverageReport then report else test) // { inherit nodes driver test; };
runInMachine =

4
nixos/modules/config/ldap.nix
View File

@ -217,9 +217,7 @@ in
systemd.services = mkIf cfg.daemon.enable {
nslcd = {
wantedBy = [ "nss-user-lookup.target" ];
before = [ "nss-user-lookup.target" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p /run/nslcd

10
nixos/modules/config/pulseaudio.nix
View File

@ -80,12 +80,12 @@ in {
package = mkOption {
type = types.package;
default = pulseaudio;
example = literalExample "pulseaudio.override { jackaudioSupport = true; }";
default = pulseaudioFull;
example = literalExample "pulseaudioFull";
description = ''
The PulseAudio derivation to use. This can be used to enable
features (such as JACK support) that are not enabled in the
default PulseAudio in Nixpkgs.
The PulseAudio derivation to use. This can be used to disable
features (such as JACK support, Bluetooth) that are enabled in the
pulseaudioFull package in Nixpkgs.
'';
};

1
nixos/modules/config/system-path.nix
View File

@ -110,6 +110,7 @@ in
"/man"
"/sbin"
"/share/emacs"
"/share/vim-plugins"
"/share/org"
"/share/info"
"/share/terminfo"

2
nixos/modules/config/users-groups.nix
View File

@ -404,7 +404,7 @@ in {
uid = ids.uids.root;
description = "System administrator";
home = "/root";
shell = cfg.defaultUserShell;
shell = mkDefault cfg.defaultUserShell;
group = "root";
extraGroups = [ "grsecurity" ];
hashedPassword = mkDefault config.security.initialRootPassword;

22
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -179,7 +179,6 @@ in
fileSystems."/" =
{ fsType = "tmpfs";
device = "none";
options = "mode=0755";
};
@ -192,6 +191,8 @@ in
noCheck = true;
};
# In stage 1, mount a tmpfs on top of /nix/store (the squashfs
# image) to make this a live CD.
fileSystems."/nix/.ro-store" =
{ fsType = "squashfs";
device = "/iso/nix-store.squashfs";
@ -201,23 +202,20 @@ in
fileSystems."/nix/.rw-store" =
{ fsType = "tmpfs";
device = "none";
options = "mode=0755";
neededForBoot = true;
};
fileSystems."/nix/store" =
{ fsType = "unionfs-fuse";
device = "unionfs";
options = "allow_other,cow,nonempty,chroot=/mnt-root,max_files=32768,hide_meta_files,dirs=/nix/.rw-store=rw:/nix/.ro-store=ro";
};
boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ];
boot.initrd.kernelModules = [ "loop" ];
# In stage 1, mount a tmpfs on top of /nix/store (the squashfs
# image) to make this a live CD.
boot.initrd.postMountCommands =
''
mkdir -p $targetRoot/nix/store
unionfs -o allow_other,cow,nonempty,chroot=$targetRoot,max_files=32768 /nix/.rw-store=RW:/nix/.ro-store=RO $targetRoot/nix/store
'';
# Closures to be copied to the Nix store on the CD, namely the init
# script and the top-level system configuration directory.
isoImage.storeContents =
@ -313,8 +311,8 @@ in
'';
# Add vfat support to the initrd to enable people to copy the
# contents of the CD to a bootable USB stick. Need unionfs-fuse for union mounts
boot.initrd.supportedFilesystems = [ "vfat" "unionfs-fuse" ];
# contents of the CD to a bootable USB stick.
boot.initrd.supportedFilesystems = [ "vfat" ];
};

2
nixos/modules/installer/tools/nixos-install.sh
View File

@ -81,7 +81,7 @@ mount -t tmpfs -o "mode=0755" none $mountPoint/var/setuid-wrappers
rm -rf $mountPoint/var/run
ln -s /run $mountPoint/var/run
rm -f $mountPoint/etc/{resolv.conf,hosts}
cp -f /etc/resolv.conf /etc/hosts $mountPoint/etc/
cp -Lf /etc/resolv.conf /etc/hosts $mountPoint/etc/
if [ -n "$runChroot" ]; then

5
nixos/modules/installer/tools/nixos-rebuild.sh
View File

@ -225,7 +225,10 @@ fi
# If we're not just building, then make the new configuration the boot
# default and/or activate it now.
if [ "$action" = switch -o "$action" = boot -o "$action" = test ]; then
$pathToConfig/bin/switch-to-configuration "$action"
if ! $pathToConfig/bin/switch-to-configuration "$action"; then
echo "warning: there were error switching to the new configuration" >&2
exit 1
fi
fi

21
nixos/modules/misc/ids.nix
View File

@ -136,6 +136,17 @@
nsd = 126;
gitolite = 127;
znc = 128;
polipo = 129;
mopidy = 130;
unifi = 131;
gdm = 132;
dhcpd = 133;
siproxd = 134;
mlmmj = 135;
neo4j = 136;
riemann = 137;
riemanndash = 138;
radvd = 139;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -244,7 +255,17 @@
teamspeak = 124;
influxdb = 125;
nsd = 126;
firebird = 127;
znc = 128;
polipo = 129;
mopidy = 130;
docker = 131;
gdm = 132;
tss = 133;
siproxd = 134;
mlmmj = 135;
riemann = 137;
riemanndash = 138;
# When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399!

39
nixos/modules/misc/locate.nix
View File

@ -3,12 +3,8 @@
with lib;
let
locatedb = "/var/cache/locatedb";
in
{
cfg = config.services.locate;
in {
###### interface
@ -35,6 +31,31 @@ in
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
Extra flags to append to <command>updatedb</command>.
'';
};
output = mkOption {
type = types.path;
default = /var/cache/locatedb;
description = ''
The database file to build.
'';
};
localuser = mkOption {
type = types.str;
default = "nobody";
description = ''
The user to search non-network directories as, using
<command>su</command>.
'';
};
};
};
@ -48,8 +69,10 @@ in
path = [ pkgs.su ];
script =
''
mkdir -m 0755 -p $(dirname ${locatedb})
exec updatedb --localuser=nobody --output=${locatedb} --prunepaths='/tmp /var/tmp /media /run'
mkdir -m 0755 -p $(dirname ${toString cfg.output})
exec updatedb \
--localuser=${cfg.localuser} \
--output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
'';
serviceConfig.Nice = 19;
serviceConfig.IOSchedulingClass = "idle";

67
nixos/modules/module-list.nix
View File

@ -14,17 +14,17 @@
./config/power-management.nix
./config/pulseaudio.nix
./config/shells-environment.nix
./config/system-environment.nix
./config/swap.nix
./config/sysctl.nix
./config/system-environment.nix
./config/system-path.nix
./config/timezone.nix
./config/unix-odbc-drivers.nix
./config/users-groups.nix
./config/zram.nix
./hardware/all-firmware.nix
./hardware/cpu/intel-microcode.nix
./hardware/cpu/amd-microcode.nix
./hardware/cpu/intel-microcode.nix
./hardware/network/b43.nix
./hardware/network/intel-2100bg.nix
./hardware/network/intel-2200bg.nix
@ -50,8 +50,11 @@
./programs/bash/bash.nix
./programs/bash/command-not-found.nix
./programs/blcr.nix
./programs/dconf.nix
./programs/environment.nix
./programs/info.nix
./programs/nano.nix
./programs/screen.nix
./programs/shadow.nix
./programs/shell.nix
./programs/ssh.nix
@ -59,7 +62,6 @@
./programs/venus.nix
./programs/wvdial.nix
./programs/zsh/zsh.nix
./programs/screen.nix
./rename.nix
./security/apparmor.nix
./security/apparmor-suid.nix
@ -79,6 +81,7 @@
./services/audio/alsa.nix
./services/audio/fuppes.nix
./services/audio/mpd.nix
./services/audio/mopidy.nix
./services/backup/almir.nix
./services/backup/bacula.nix
./services/backup/mysql-backup.nix
@ -92,15 +95,16 @@
./services/databases/4store.nix
./services/databases/couchdb.nix
./services/databases/firebird.nix
./services/databases/influxdb.nix
./services/databases/memcached.nix
./services/databases/monetdb.nix
./services/databases/mongodb.nix
./services/databases/redis.nix
./services/databases/mysql.nix
./services/databases/neo4j.nix
./services/databases/openldap.nix
./services/databases/postgresql.nix
./services/databases/redis.nix
./services/databases/virtuoso.nix
./services/databases/monetdb.nix
./services/databases/influxdb.nix
./services/desktops/accountsservice.nix
./services/desktops/geoclue2.nix
./services/desktops/gnome3/at-spi2-core.nix
@ -124,19 +128,22 @@
./services/hardware/pcscd.nix
./services/hardware/pommed.nix
./services/hardware/sane.nix
./services/hardware/tcsd.nix
./services/hardware/thinkfan.nix
./services/hardware/udev.nix
./services/hardware/udisks2.nix
./services/hardware/upower.nix
./services/hardware/thinkfan.nix
./services/logging/klogd.nix
./services/logging/logcheck.nix
./services/logging/logrotate.nix
./services/logging/logstash.nix
./services/logging/syslogd.nix
./services/logging/rsyslogd.nix
./services/logging/syslogd.nix
./services/logging/syslog-ng.nix
./services/mail/dovecot.nix
./services/mail/freepops.nix
./services/mail/mail.nix
./services/mail/mlmmj.nix
./services/mail/opensmtpd.nix
./services/mail/postfix.nix
./services/mail/spamassassin.nix
@ -146,14 +153,15 @@
./services/misc/disnix.nix
./services/misc/felix.nix
./services/misc/folding-at-home.nix
./services/misc/gpsd.nix
./services/misc/gitolite.nix
./services/misc/gpsd.nix
./services/misc/nix-daemon.nix
./services/misc/nix-gc.nix
./services/misc/nix-ssh-serve.nix
./services/misc/nixos-manual.nix
./services/misc/nix-ssh-serve.nix
./services/misc/rippled.nix
./services/misc/rogue.nix
./services/misc/siproxd.nix
./services/misc/svnserve.nix
./services/misc/synergy.nix
./services/monitoring/apcupsd.nix
@ -162,6 +170,8 @@
./services/monitoring/monit.nix
./services/monitoring/munin.nix
./services/monitoring/nagios.nix
./services/monitoring/riemann.nix
./services/monitoring/riemann-dash.nix
./services/monitoring/smartd.nix
./services/monitoring/statsd.nix
./services/monitoring/systemhealth.nix
@ -179,24 +189,23 @@
./services/networking/bind.nix
./services/networking/bitlbee.nix
./services/networking/btsync.nix
./services/networking/cjdns.nix
./services/networking/connman.nix
./services/networking/cntlm.nix
./services/networking/chrony.nix
./services/networking/cjdns.nix
./services/networking/cntlm.nix
./services/networking/connman.nix
./services/networking/ddclient.nix
./services/networking/dhcpcd.nix
./services/networking/dhcpd.nix
./services/networking/dnsmasq.nix
./services/networking/ejabberd.nix
./services/networking/firewall.nix
./services/networking/haproxy.nix
./services/networking/tcpcrypt.nix
./services/networking/flashpolicyd.nix
./services/networking/freenet.nix
./services/networking/git-daemon.nix
./services/networking/gnunet.nix
./services/networking/gogoclient.nix
./services/networking/gvpe.nix
./services/networking/haproxy.nix
./services/networking/hostapd.nix
./services/networking/ifplugd.nix
./services/networking/iodined.nix
@ -214,6 +223,7 @@
./services/networking/oidentd.nix
./services/networking/openfire.nix
./services/networking/openvpn.nix
./services/networking/polipo.nix
./services/networking/prayer.nix
./services/networking/privoxy.nix
./services/networking/quassel.nix
@ -224,13 +234,15 @@
./services/networking/sabnzbd.nix
./services/networking/searx.nix
./services/networking/spiped.nix
./services/networking/supybot.nix
./services/networking/syncthing.nix
./services/networking/ssh/lshd.nix
./services/networking/ssh/sshd.nix
./services/networking/supybot.nix
./services/networking/syncthing.nix
./services/networking/tcpcrypt.nix
./services/networking/teamspeak3.nix
./services/networking/tftpd.nix
./services/networking/unbound.nix
./services/networking/unifi.nix
./services/networking/vsftpd.nix
./services/networking/wakeonlan.nix
./services/networking/websockify.nix
@ -245,11 +257,11 @@
./services/search/elasticsearch.nix
./services/search/solr.nix
./services/security/clamav.nix
./services/security/haveged.nix
./services/security/fprot.nix
./services/security/frandom.nix
./services/security/tor.nix
./services/security/haveged.nix
./services/security/torify.nix
./services/security/tor.nix
./services/security/torsocks.nix
./services/system/dbus.nix
./services/system/kerberos.nix
@ -257,14 +269,14 @@
./services/system/uptimed.nix
./services/torrent/deluge.nix
./services/torrent/transmission.nix
./services/ttys/gpm.nix
./services/ttys/agetty.nix
./services/ttys/gpm.nix
./services/ttys/kmscon.nix
./services/web-servers/apache-httpd/default.nix
./services/web-servers/fcgiwrap.nix
./services/web-servers/jboss/default.nix
./services/web-servers/lighttpd/default.nix
./services/web-servers/lighttpd/cgit.nix
./services/web-servers/lighttpd/default.nix
./services/web-servers/lighttpd/gitweb.nix
./services/web-servers/nginx/default.nix
./services/web-servers/phpfpm.nix
@ -275,26 +287,30 @@
./services/x11/desktop-managers/default.nix
./services/x11/display-managers/auto.nix
./services/x11/display-managers/default.nix
./services/x11/display-managers/gdm.nix
./services/x11/display-managers/kdm.nix
./services/x11/display-managers/slim.nix
./services/x11/display-managers/lightdm.nix
./services/x11/display-managers/slim.nix
./services/x11/hardware/multitouch.nix
./services/x11/hardware/synaptics.nix
./services/x11/hardware/wacom.nix
./services/x11/redshift.nix
./services/x11/window-managers/awesome.nix
#./services/x11/window-managers/compiz.nix
./services/x11/window-managers/default.nix
./services/x11/window-managers/fluxbox.nix
./services/x11/window-managers/icewm.nix
./services/x11/window-managers/bspwm.nix
./services/x11/window-managers/metacity.nix
./services/x11/window-managers/none.nix
./services/x11/window-managers/twm.nix
./services/x11/window-managers/wmii.nix
./services/x11/window-managers/xmonad.nix
./services/x11/redshift.nix
./services/x11/xfs.nix
./services/x11/xserver.nix
./system/activation/activation-script.nix
./system/activation/top-level.nix
./system/boot/emergency-mode.nix
./system/boot/kernel.nix
./system/boot/kexec.nix
./system/boot/loader/efi.nix
@ -310,11 +326,14 @@
./system/boot/stage-1.nix
./system/boot/stage-2.nix
./system/boot/systemd.nix
./system/boot/tmp.nix
./system/etc/etc.nix
./system/upstart/upstart.nix
./tasks/cpu-freq.nix
./tasks/encrypted-devices.nix
./tasks/filesystems.nix
./tasks/filesystems/btrfs.nix
./tasks/filesystems/cifs.nix
./tasks/filesystems/ext.nix
./tasks/filesystems/f2fs.nix
./tasks/filesystems/nfs.nix
@ -323,7 +342,6 @@
./tasks/filesystems/vfat.nix
./tasks/filesystems/xfs.nix
./tasks/filesystems/zfs.nix
./tasks/encrypted-devices.nix
./tasks/kbd.nix
./tasks/lvm.nix
./tasks/network-interfaces.nix
@ -333,6 +351,7 @@
./testing/service-runner.nix
./virtualisation/container-config.nix
./virtualisation/containers.nix
./virtualisation/docker.nix
./virtualisation/libvirtd.nix
#./virtualisation/nova.nix
./virtualisation/virtualbox-guest.nix

4
nixos/modules/profiles/all-hardware.nix
View File

@ -8,7 +8,7 @@
{
# The initrd has to contain any module that might be necessary for
# mounting the CD/DVD.
# supporting the most important parts of HW like drives.
boot.initrd.availableKernelModules =
[ # SATA/PATA support.
"ahci"
@ -43,7 +43,7 @@
"virtio_net" "virtio_pci" "virtio_blk" "virtio_balloon" "virtio_console"
# Keyboards
"hid_apple"
"usbhid" "hid_apple" "hid_logitech_dj" "hid_lenovo_tpkbd" "hid_roccat"
];
# Include lots of firmware.

1
nixos/modules/profiles/base.nix
View File

@ -7,7 +7,6 @@
# Include some utilities that are useful for installing or repairing
# the system.
environment.systemPackages = [
pkgs.subversion # for nixos-checkout
pkgs.w3m # needed for the manual anyway
pkgs.testdisk # useful for repairing boot problems
pkgs.mssys # for writing Microsoft boot sectors / MBRs

34
nixos/modules/programs/dconf.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, lib, ... }:
let
inherit (lib) mkOption mkIf types mapAttrsToList;
cfg = config.programs.dconf;
mkDconfProfile = name: path:
{ source = path; target = "dconf/profile/${name}"; };
in
{
###### interface
options = {
programs.dconf = {
profiles = mkOption {
type = types.attrsOf types.path;
default = {};
description = "Set of dconf profile files.";
internal = true;
};
};
};
###### implementation
config = mkIf (cfg.profiles != {}) {
environment.etc =
(mapAttrsToList mkDconfProfile cfg.profiles);
};
}

8
nixos/modules/programs/info.nix
View File

@ -2,6 +2,8 @@
let
texinfo = pkgs.texinfoInteractive;
# Quick hack to make the `info' command work properly. `info' needs
# a "dir" file containing all the installed Info files, which we
# don't have (it would be impure to have a package installation
@ -22,15 +24,15 @@ let
for i in $(IFS=:; echo $INFOPATH); do
for j in $i/*.info; do
${pkgs.texinfo}/bin/install-info --quiet $j $dir/dir
${texinfo}/bin/install-info --quiet $j $dir/dir
done
done
INFOPATH=$dir:$INFOPATH ${pkgs.texinfo}/bin/info "$@"
INFOPATH=$dir:$INFOPATH ${texinfo}/bin/info "$@"
''; # */
in
{
environment.systemPackages = [ infoWrapper pkgs.texinfo ];
environment.systemPackages = [ infoWrapper texinfo ];
}

35
nixos/modules/programs/nano.nix Normal file
View File

@ -0,0 +1,35 @@
{ config, lib, ... }:
let
cfg = config.programs.nano;
in
{
###### interface
options = {
programs.nano = {
nanorc = lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
The system-wide nano configuration.
See <citerefentry><refentrytitle>nanorc</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
'';
example = ''
set nowrap
set tabstospaces
set tabsize 4
'';
};
};
};
###### implementation
config = lib.mkIf (cfg.nanorc != "") {
environment.etc."nanorc".text = cfg.nanorc;
};
}

5
nixos/modules/security/ca.nix
View File

@ -13,8 +13,9 @@ with lib;
];
environment.sessionVariables =
{ OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt";
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
# FIXME: unneeded - remove eventually.
OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt";
};

6
nixos/modules/security/grsecurity.nix
View File

@ -50,7 +50,7 @@ in
description = ''
grsecurity configuration mode. This specifies whether
grsecurity is auto-configured or otherwise completely
manually configured. Can either by
manually configured. Can either be
<literal>custom</literal> or <literal>auto</literal>.
<literal>auto</literal> is recommended.
@ -64,7 +64,7 @@ in
description = ''
grsecurity configuration priority. This specifies whether
the kernel configuration should emphasize speed or
security. Can either by <literal>security</literal> or
security. Can either be <literal>security</literal> or
<literal>performance</literal>.
'';
};
@ -76,7 +76,7 @@ in
description = ''
grsecurity system configuration. This specifies whether
the kernel configuration should be suitable for a Desktop
or a Server. Can either by <literal>server</literal> or
or a Server. Can either be <literal>server</literal> or
<literal>desktop</literal>.
'';
};

3
nixos/modules/security/rngd.nix
View File

@ -30,7 +30,8 @@ with lib;
description = "Hardware RNG Entropy Gatherer Daemon";
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f";
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f -v" +
(if config.services.tcsd.enable then " --no-tpm=1" else "");
restartTriggers = [ pkgs.rng_tools ];
};

3
nixos/modules/security/setuid-wrappers.nix
View File

@ -97,8 +97,7 @@ in
}:
''
source=${if source != "" then source else "$(PATH=$SETUID_PATH type -tP ${program})"}
if test -z "$source"; then
if ! source=${if source != "" then source else "$(PATH=$SETUID_PATH type -tP ${program})"}; then
# If we can't find the program, fall back to the
# system profile.
source=/nix/var/nix/profiles/default/bin/${program}

2
nixos/modules/services/amqp/activemq/default.nix
View File

@ -12,7 +12,7 @@ let
phases = [ "installPhase" ];
buildInputs = [ jdk ];
installPhase = ''
ensureDir $out/lib
mkdir -p $out/lib
source ${activemq}/lib/classpath.env
export CLASSPATH
ln -s "${./ActiveMQBroker.java}" ActiveMQBroker.java

41
nixos/modules/services/amqp/rabbitmq.nix
View File

@ -4,6 +4,8 @@ with lib;
let
cfg = config.services.rabbitmq;
config_file = pkgs.writeText "rabbitmq.config" cfg.config;
config_file_wo_suffix = builtins.substring 0 ((builtins.stringLength config_file) - 7) config_file;
in {
###### interface
@ -31,7 +33,6 @@ in {
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/rabbitmq";
@ -40,6 +41,30 @@ in {
'';
};
cookie = mkOption {
default = "";
type = types.str;
description = ''
Erlang cookie is a string of arbitrary length which must
be the same for several nodes to be allowed to communicate.
Leave empty to generate automatically.
'';
};
config = mkOption {
default = "";
type = types.str;
description = ''
Verbatim configuration file contents.
See http://www.rabbitmq.com/configure.htm
'';
};
plugins = mkOption {
default = [];
type = types.listOf types.str;
description = "The names of plugins to enable";
};
};
};
@ -69,7 +94,10 @@ in {
RABBITMQ_NODE_IP_ADDRESS = cfg.listenAddress;
RABBITMQ_SERVER_START_ARGS = "-rabbit error_logger tty -rabbit sasl_error_logger false";
SYS_PREFIX = "";
};
RABBITMQ_ENABLED_PLUGINS_FILE = pkgs.writeText "enabled_plugins" ''
[ ${concatStringsSep "," cfg.plugins} ].
'';
} // optionalAttrs (cfg.config != "") { RABBITMQ_CONFIG_FILE = config_file_wo_suffix; };
serviceConfig = {
ExecStart = "${pkgs.rabbitmq_server}/sbin/rabbitmq-server";
@ -81,6 +109,15 @@ in {
preStart = ''
mkdir -p ${cfg.dataDir} && chmod 0700 ${cfg.dataDir}
if [ "$(id -u)" = 0 ]; then chown rabbitmq:rabbitmq ${cfg.dataDir}; fi
${optionalString (cfg.cookie != "") ''
echo -n ${cfg.cookie} > ${cfg.dataDir}/.erlang.cookie
chmod 400 ${cfg.dataDir}/.erlang.cookie
chown rabbitmq:rabbitmq ${cfg.dataDir}/.erlang.cookie
''}
mkdir -p /var/log/rabbitmq && chmod 0700 /var/log/rabbitmq
chown rabbitmq:rabbitmq /var/log/rabbitmq
'';
};

118
nixos/modules/services/audio/mopidy.nix Normal file
View File

@ -0,0 +1,118 @@
{ config, lib, pkgs, ... }:
with pkgs;
with lib;
let
uid = config.ids.uids.mopidy;
gid = config.ids.gids.mopidy;
cfg = config.services.mopidy;
mopidyConf = writeText "mopidy.conf" cfg.configuration;
mopidyLauncher = stdenv.mkDerivation {
name = "mopidy-launcher";
phases = [ "installPhase" ];
buildInputs = [ makeWrapper python ];
installPhase = ''
mkdir -p $out/bin
ln -s ${mopidy}/bin/mopidy $out/bin/mopidy
wrapProgram $out/bin/mopidy \
--prefix PYTHONPATH : \
"${concatStringsSep ":" (map (p: "$(toPythonPath ${p})") cfg.extensionPackages)}"
'';
};
in {
options = {
services.mopidy = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable Mopidy, a music player daemon.
'';
};
dataDir = mkOption {
default = "/var/lib/mopidy";
type = types.str;
description = ''
The directory where Mopidy stores its state.
'';
};
extensionPackages = mkOption {
default = [];
type = types.listOf types.package;
example = [ mopidy-spotify ];
description = ''
Mopidy extensions that should be loaded by the service.
'';
};
configuration = mkOption {
type = types.lines;
description = ''
The configuration that Mopidy should use.
'';
};
extraConfigFiles = mkOption {
default = [];
type = types.listOf types.str;
description = ''
Extra config file read by Mopidy when the service starts.
Later files in the list overrides earlier configuration.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.mopidy = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "sound.target" ];
description = "mopidy music player daemon";
preStart = "mkdir -p ${cfg.dataDir} && chown -R mopidy:mopidy ${cfg.dataDir}";
serviceConfig = {
ExecStart = "${mopidyLauncher}/bin/mopidy --config ${concatStringsSep ":" ([mopidyConf] ++ cfg.extraConfigFiles)}";
User = "mopidy";
PermissionsStartOnly = true;
};
};
systemd.services.mopidy-scan = {
description = "mopidy local files scanner";
preStart = "mkdir -p ${cfg.dataDir} && chown -R mopidy:mopidy ${cfg.dataDir}";
serviceConfig = {
ExecStart = "${mopidyLauncher}/bin/mopidy --config ${concatStringsSep ":" ([mopidyConf] ++ cfg.extraConfigFiles)} local scan";
User = "mopidy";
PermissionsStartOnly = true;
Type = "oneshot";
};
};
users.extraUsers.mopidy = {
inherit uid;
group = "mopidy";
extraGroups = [ "audio" ];
description = "Mopidy daemon user";
home = "${cfg.dataDir}";
};
users.extraGroups.mopidy.gid = gid;
};
}

2
nixos/modules/services/databases/firebird.nix
View File

@ -159,5 +159,7 @@ in
uid = config.ids.uids.firebird;
};
users.extraGroups.firebird.gid = config.ids.gids.firebird;
};
}

143
nixos/modules/services/databases/neo4j.nix Normal file
View File

@ -0,0 +1,143 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.neo4j;
serverConfig = pkgs.writeText "neo4j-server.properties" ''
org.neo4j.server.database.location=${cfg.dataDir}/data/graph.db
org.neo4j.server.webserver.address=${cfg.host}
org.neo4j.server.webserver.port=${toString cfg.port}
${optionalString cfg.enableHttps ''
org.neo4j.server.webserver.https.enabled=true
org.neo4j.server.webserver.https.port=${toString cfg.httpsPort}
org.neo4j.server.webserver.https.cert.location=${cfg.cert}
org.neo4j.server.webserver.https.key.location=${cfg.key}
org.neo4j.server.webserver.https.keystore.location=${cfg.dataDir}/data/keystore
''}
org.neo4j.server.webadmin.rrdb.location=${cfg.dataDir}/data/rrd
org.neo4j.server.webadmin.data.uri=/db/data/
org.neo4j.server.webadmin.management.uri=/db/manage/
org.neo4j.server.db.tuning.properties=${pkgs.neo4j}/share/neo4j/conf/neo4j.properties
org.neo4j.server.manage.console_engines=shell
${cfg.extraServerConfig}
'';
loggingConfig = pkgs.writeText "logging.properties" cfg.loggingConfig;
wrapperConfig = pkgs.writeText "neo4j-wrapper.conf" ''
wrapper.java.additional=-Dorg.neo4j.server.properties=${serverConfig}
wrapper.java.additional=-Djava.util.logging.config.file=${loggingConfig}
wrapper.java.additional=-XX:+UseConcMarkSweepGC
wrapper.java.additional=-XX:+CMSClassUnloadingEnabled
wrapper.pidfile=${cfg.dataDir}/neo4j-server.pid
wrapper.name=neo4j
'';
in {
###### interface
options.services.neo4j = {
enable = mkOption {
description = "Whether to enable neo4j.";
default = false;
type = types.uniq types.bool;
};
host = mkOption {
description = "Neo4j listen address.";
default = "127.0.0.1";
type = types.str;
};
port = mkOption {
description = "Neo4j port to listen for HTTP traffic.";
default = 7474;
type = types.int;
};
enableHttps = mkOption {
description = "Enable https for Neo4j.";
default = false;
type = types.bool;
};
httpsPort = mkOption {
description = "Neo4j port to listen for HTTPS traffic.";
default = 7473;
type = types.int;
};
cert = mkOption {
description = "Neo4j https certificate.";
default = "${cfg.dataDir}/conf/ssl/neo4j.cert";
type = types.path;
};
key = mkOption {
description = "Neo4j https certificate key.";
default = "${cfg.dataDir}/conf/ssl/neo4j.key";
type = types.path;
};
dataDir = mkOption {
description = "Neo4j data directory.";
default = "/var/lib/neo4j";
type = types.path;
};
loggingConfig = mkOption {
description = "Neo4j logging configuration.";
default = ''
handlers=java.util.logging.ConsoleHandler
.level=INFO
org.neo4j.server.level=INFO
java.util.logging.ConsoleHandler.level=INFO
java.util.logging.ConsoleHandler.formatter=org.neo4j.server.logging.SimpleConsoleFormatter
java.util.logging.ConsoleHandler.filter=org.neo4j.server.logging.NeoLogFilter
'';
type = types.lines;
};
extraServerConfig = mkOption {
description = "Extra configuration for neo4j server.";
default = "";
type = types.lines;
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.neo4j = {
description = "Neo4j Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
environment = { NEO4J_INSTANCE = cfg.dataDir; };
serviceConfig = {
ExecStart = "${pkgs.neo4j}/bin/neo4j console";
User = "neo4j";
PermissionsStartOnly = true;
};
preStart = ''
mkdir -m 0700 -p ${cfg.dataDir}/{data/graph.db,conf}
ln -fs ${wrapperConfig} ${cfg.dataDir}/conf/neo4j-wrapper.conf
if [ "$(id -u)" = 0 ]; then chown -R neo4j ${cfg.dataDir}; fi
'';
};
environment.systemPackages = [ pkgs.neo4j ];
users.extraUsers = singleton {
name = "neo4j";
uid = config.ids.uids.neo4j;
description = "Neo4j daemon user";
home = cfg.dataDir;
};
};
}

35
nixos/modules/services/databases/redis.nix
View File

@ -38,86 +38,92 @@ in
services.redis = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the Redis server.";
};
package = mkOption {
type = types.package;
default = pkgs.redis;
description = "Which Redis derivation to use.";
type = types.package;
};
user = mkOption {
type = types.str;
default = "redis";
description = "User account under which Redis runs.";
};
pidFile = mkOption {
type = types.path;
default = "/var/lib/redis/redis.pid";
description = "";
};
port = mkOption {
type = types.int;
default = 6379;
description = "The port for Redis to listen to.";
type = with types; int;
};
bind = mkOption {
type = with types; nullOr str;
default = null; # All interfaces
description = "The IP interface to bind to.";
example = "127.0.0.1";
};
unixSocket = mkOption {
type = with types; nullOr path;
default = null;
description = "The path to the socket to bind to.";
example = "/var/run/redis.sock";
};
logLevel = mkOption {
type = types.str;
default = "notice"; # debug, verbose, notice, warning
example = "debug";
description = "Specify the server verbosity level, options: debug, verbose, notice, warning.";
type = with types; string;
};
logfile = mkOption {
type = types.str;
default = "/dev/null";
description = "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.";
example = "/var/log/redis.log";
type = with types; string;
};
syslog = mkOption {
type = types.bool;
default = true;
description = "Enable logging to the system logger.";
type = with types; bool;
};
databases = mkOption {
type = types.int;
default = 16;
description = "Set the number of databases.";
type = with types; int;
};
save = mkOption {
type = with types; listOf (listOf int);
default = [ [900 1] [300 10] [60 10000] ];
description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.";
example = [ [900 1] [300 10] [60 10000] ];
};
dbFilename = mkOption {
type = types.str;
default = "dump.rdb";
description = "The filename where to dump the DB.";
type = with types; string;
};
dbpath = mkOption {
type = types.path;
default = "/var/lib/redis";
description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration.";
type = with types; string;
};
slaveOf = mkOption {
@ -135,46 +141,47 @@ in
};
requirePass = mkOption {
type = with types; nullOr str;
default = null;
description = "Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)";
example = "letmein!";
};
appendOnly = mkOption {
type = types.bool;
default = false;
description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
type = with types; bool;
};
appendOnlyFilename = mkOption {
type = types.str;
default = "appendonly.aof";
description = "Filename for the append-only file (stored inside of dbpath)";
type = with types; string;
};
appendFsync = mkOption {
type = types.str;
default = "everysec"; # no, always, everysec
description = "How often to fsync the append-only log, options: no, always, everysec.";
type = with types; string;
};
slowLogLogSlowerThan = mkOption {
type = types.int;
default = 10000;
description = "Log queries whose execution take longer than X in milliseconds.";
example = 1000;
type = with types; int;
};
slowLogMaxLen = mkOption {
type = types.int;
default = 128;
description = "Maximum number of items to keep in slow log.";
type = with types; int;
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra configuration options for redis.conf.";
type = with types; string;
};
};

7
nixos/modules/services/desktops/gnome3/at-spi2-core.nix
View File

@ -4,9 +4,6 @@
with lib;
let
gnome3 = config.environment.gnome3.packageSet;
in
{
###### interface
@ -33,9 +30,9 @@ in
config = mkIf config.services.gnome3.at-spi2-core.enable {
environment.systemPackages = [ gnome3.at_spi2_core ];
environment.systemPackages = [ pkgs.at_spi2_core ];
services.dbus.packages = [ gnome3.at_spi2_core ];
services.dbus.packages = [ pkgs.at_spi2_core ];
};

2
nixos/modules/services/hardware/acpid.nix
View File

@ -6,7 +6,7 @@ let
acpiConfDir = pkgs.runCommand "acpi-events" {}
''
ensureDir $out
mkdir -p $out
${
# Generate a configuration file for each event. (You can't have
# multiple events in one config file...)

139
nixos/modules/services/hardware/tcsd.nix Normal file
View File

@ -0,0 +1,139 @@
# tcsd daemon.
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.tcsd;
tcsdConf = pkgs.writeText "tcsd.conf" ''
port = 30003
num_threads = 10
system_ps_file = ${cfg.stateDir}/system.data
# This is the log of each individual measurement done by the system.
# By re-calculating the PCR registers based on this information, even
# finer details about the measured environment can be inferred than
# what is available directly from the PCR registers.
firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements
#firmware_pcrs = 0,1,2,3,4,5,6,7
#kernel_pcrs = 10,11
platform_cred = ${cfg.platformCred}
conformance_cred = ${cfg.conformanceCred}
endorsement_cred = ${cfg.endorsementCred}
#remote_ops = create_key,random
#host_platform_class = server_12
#all_platform_classes = pc_11,pc_12,mobile_12
'';
in
{
###### interface
options = {
services.tcsd = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable tcsd, a Trusted Computing management service
that provides TCG Software Stack (TSS). The tcsd daemon is
the only portal to the Trusted Platform Module (TPM), a hardware
chip on the motherboard.
'';
};
user = mkOption {
default = "tss";
type = types.string;
description = "User account under which tcsd runs.";
};
group = mkOption {
default = "tss";
type = types.string;
description = "Group account under which tcsd runs.";
};
stateDir = mkOption {
default = "/var/lib/tpm";
type = types.path;
description = ''
The location of the system persistent storage file.
The system persistent storage file holds keys and data across
restarts of the TCSD and system reboots.
'';
};
platformCred = mkOption {
default = "${cfg.stateDir}/platform.cert";
type = types.path;
description = ''
Path to the platform credential for your TPM. Your TPM
manufacturer may have provided you with a set of credentials
(certificates) that should be used when creating identities
using your TPM. When a user of your TPM makes an identity,
this credential will be encrypted as part of that process.
See the 1.1b TPM Main specification section 9.3 for information
on this process. '';
};
conformanceCred = mkOption {
default = "${cfg.stateDir}/conformance.cert";
type = types.path;
description = ''
Path to the conformance credential for your TPM.
See also the platformCred option'';
};
endorsementCred = mkOption {
default = "${cfg.stateDir}/endorsement.cert";
type = types.path;
description = ''
Path to the endorsement credential for your TPM.
See also the platformCred option'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.trousers ];
# system.activationScripts.tcsd =
# ''
# chown ${cfg.user}:${cfg.group} ${tcsdConf}
# '';
systemd.services.tcsd = {
description = "TCSD";
after = [ "systemd-udev-settle.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.trousers ];
preStart =
''
mkdir -m 0700 -p ${cfg.stateDir}
chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir}
'';
serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";
};
users.extraUsers = optionalAttrs (cfg.user == "tss") (singleton
{ name = "tss";
group = "tss";
uid = config.ids.uids.nginx;
});
users.extraGroups = optionalAttrs (cfg.group == "tss") (singleton
{ name = "tss";
gid = config.ids.gids.nginx;
});
};
}

28
nixos/modules/services/hardware/thermald.nix Normal file
View File

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.thermald;
in {
###### interface
options = {
services.thermald = {
enable = mkOption {
default = false;
description = ''
Whether to enable thermald, the temperature management daemon.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.thermald = {
description = "Thermal Daemon Service";
wantedBy = [ "multi-user.target" ];
script = "exec ${pkgs.thermald}/sbin/thermald --no-daemon --dbus-enable";
};
};
}

16
nixos/modules/services/logging/logrotate.nix
View File

@ -8,10 +8,6 @@ let
configFile = pkgs.writeText "logrotate.conf"
cfg.config;
cronJob = ''
5 * * * * root ${pkgs.logrotate}/sbin/logrotate ${configFile}
'';
in
{
options = {
@ -33,6 +29,16 @@ in
};
config = mkIf cfg.enable {
services.cron.systemCronJobs = [ cronJob ];
systemd.services.logrotate = {
description = "Logrotate Service";
wantedBy = [ "multi-user.target" ];
startAt = "*-*-* *:05:00";
serviceConfig.Restart = "no";
serviceConfig.User = "root";
script = ''
exec ${pkgs.logrotate}/sbin/logrotate ${configFile}
'';
};
};
}

4
nixos/modules/services/logging/logstash.nix
View File

@ -69,9 +69,9 @@ in
systemd.services.logstash = with pkgs; {
description = "Logstash Daemon";
wantedBy = [ "multi-user.target" ];
environment = { JAVA_HOME = jre; };
serviceConfig = {
ExecStart = "${jre}/bin/java -jar ${logstash} agent -f ${writeText "logstash.conf" ''
ExecStart = "${logstash}/bin/logstash agent -f ${writeText "logstash.conf" ''
input {
${cfg.inputConfig}
}

83
nixos/modules/services/logging/syslog-ng.nix Normal file
View File

@ -0,0 +1,83 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.syslog-ng;
syslogngConfig = pkgs.writeText "syslog-ng.conf" ''
@version: 3.5
@include "scl.conf"
${cfg.extraConfig}
'';
ctrlSocket = "/run/syslog-ng/syslog-ng.ctl";
pidFile = "/run/syslog-ng/syslog-ng.pid";
persistFile = "/var/syslog-ng/syslog-ng.persist";
syslogngOptions = [
"--foreground"
"--module-path=${concatStringsSep ":" (["${pkgs.syslogng}/lib/syslog-ng"] ++ cfg.extraModulePaths)}"
"--cfgfile=${syslogngConfig}"
"--control=${ctrlSocket}"
"--persist-file=${persistFile}"
"--pidfile=${pidFile}"
];
in {
options = {
services.syslog-ng = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the syslog-ng daemon.
'';
};
serviceName = mkOption {
type = types.str;
default = "syslog-ng";
description = ''
The name of the systemd service that runs syslog-ng. Set this to
<literal>syslog</literal> if you want journald to automatically
forward all logs to syslog-ng.
'';
};
extraModulePaths = mkOption {
type = types.listOf types.str;
default = [];
example = [ "${pkgs.syslogng_incubator}/lib/syslog-ng" ];
description = ''
A list of paths that should be included in syslog-ng's
<literal>--module-path</literal> option. They should usually
end in <literal>/lib/syslog-ng</literal>
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Configuration added to the end of <literal>syslog-ng.conf</literal>.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services."${cfg.serviceName}" = {
wantedBy = [ "multi-user.target" ];
preStart = "mkdir -p /{var,run}/syslog-ng";
serviceConfig = {
Type = "notify";
Sockets = "syslog.socket";
StandardOutput = "null";
Restart = "on-failure";
ExecStart = "${pkgs.syslogng}/sbin/syslog-ng ${concatStringsSep " " syslogngOptions}";
};
};
};
}

128
nixos/modules/services/mail/mlmmj.nix Normal file
View File

@ -0,0 +1,128 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.mlmmj;
stateDir = "/var/lib/mlmmj";
spoolDir = "/var/spool/mlmmj";
listDir = domain: list: "${spoolDir}/${domain}/${list}";
listCtl = domain: list: "${listDir domain list}/control";
transport = domain: list: "${domain}--${list}@local.list.mlmmj mlmmj:${domain}/${list}";
virtual = domain: list: "${list}@${domain} ${domain}--${list}@local.list.mlmmj";
alias = domain: list: "${list}: \"|${pkgs.mlmmj}/mlmmj-receive -L ${listDir domain list}/\"";
subjectPrefix = list: "[${list}]";
listAddress = domain: list: "${list}@${domain}";
customHeaders = list: domain: [ "List-Id: ${list}" "Reply-To: ${list}@${domain}" ];
footer = domain: list: "To unsubscribe send a mail to ${list}+unsubscribe@${domain}";
createList = d: l: ''
${pkgs.coreutils}/bin/mkdir -p ${listCtl d l}
echo ${listAddress d l} > ${listCtl d l}/listadress
echo "${lib.concatStringsSep "\n" (customHeaders d l)}" > ${listCtl d l}/customheaders
echo ${footer d l} > ${listCtl d l}/footer
echo ${subjectPrefix l} > ${listCtl d l}/prefix
'';
in
{
###### interface
options = {
services.mlmmj = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable mlmmj";
};
user = mkOption {
type = types.str;
default = "mlmmj";
description = "mailinglist local user";
};
group = mkOption {
type = types.str;
default = "mlmmj";
description = "mailinglist local group";
};
listDomain = mkOption {
type = types.str;
default = "localhost";
description = "Set the mailing list domain";
};
mailLists = mkOption {
type = types.listOf types.str;
default = [];
description = "The collection of hosted maillists";
};
};
};
###### implementation
config = mkIf cfg.enable {
users.extraUsers = singleton {
name = cfg.user;
description = "mlmmj user";
home = stateDir;
createHome = true;
uid = config.ids.uids.mlmmj;
group = cfg.group;
useDefaultShell = true;
};
users.extraGroups = singleton {
name = cfg.group;
gid = config.ids.gids.mlmmj;
};
services.postfix = {
enable = true;
recipientDelimiter= "+";
extraMasterConf = ''
mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-recieve -F -L ${spoolDir}/$nextHop
'';
extraAliases = concatMapStrings (alias cfg.listDomain) cfg.mailLists;
extraConfig = ''
transport = hash:${stateDir}/transports
virtual = hash:${stateDir}/virtuals
'';
};
environment.systemPackages = [ pkgs.mlmmj ];
system.activationScripts.mlmmj = ''
${pkgs.coreutils}/bin/mkdir -p ${stateDir} ${spoolDir}/${cfg.listDomain}
${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${spoolDir}
${lib.concatMapStrings (createList cfg.listDomain) cfg.mailLists}
echo ${lib.concatMapStrings (virtual cfg.listDomain) cfg.mailLists} > ${stateDir}/virtuals
echo ${cfg.listDomain} mailman: > ${stateDir}/transports
echo ${lib.concatMapStrings (transport cfg.listDomain) cfg.mailLists} >> ${stateDir}/transports
'';
systemd.services."mlmmj-maintd" = {
description = "mlmmj maintenance daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = "${pkgs.mlmmj}/bin/mlmmj-maintd -F -d ${spoolDir}/${cfg.listDomain}";
};
};
};
}

17
nixos/modules/services/misc/nix-daemon.nix
View File

@ -22,14 +22,11 @@ let
nixConf =
let
# Tricky: if we're using a chroot for builds, then we need
# /bin/sh in the chroot (our own compromise to purity).
# However, since /bin/sh is a symlink to some path in the
# Nix store, which furthermore has runtime dependencies on
# other paths in the store, we need the closure of /bin/sh
# in `build-chroot-dirs' - otherwise any builder that uses
# /bin/sh won't work.
binshDeps = pkgs.writeReferencesToFile config.system.build.binsh;
# If we're using a chroot for builds, then provide /bin/sh in
# the chroot as a bind-mount to bash. This means we also need to
# include the entire closure of bash.
sh = pkgs.stdenv.shell;
binshDeps = pkgs.writeReferencesToFile sh;
in
pkgs.runCommand "nix.conf" {extraOptions = cfg.extraOptions; } ''
extraPaths=$(for i in $(cat ${binshDeps}); do if test -d $i; then echo $i; fi; done)
@ -40,7 +37,7 @@ let
build-users-group = nixbld
build-max-jobs = ${toString (cfg.maxJobs)}
build-use-chroot = ${if cfg.useChroot then "true" else "false"}
build-chroot-dirs = ${toString cfg.chrootDirs} $(echo $extraPaths)
build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
binary-caches = ${toString cfg.binaryCaches}
trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
$extraOptions
@ -253,8 +250,6 @@ in
config = {
nix.chrootDirs = [ "/bin" ];
environment.etc."nix/nix.conf".source = nixConf;
# List of machines for distributed Nix builds in the format

38
nixos/modules/services/misc/nix-ssh-serve.nix
View File

@ -1,32 +1,35 @@
{ config, lib, pkgs, ... }:
let
serveOnly = pkgs.writeScript "nix-store-serve" ''
#!${pkgs.stdenv.shell}
if [ "$SSH_ORIGINAL_COMMAND" != "nix-store --serve" ]; then
echo 'Error: You are only allowed to run `nix-store --serve'\'''!' >&2
exit 1
fi
exec /run/current-system/sw/bin/nix-store --serve
'';
with lib;
inherit (lib) mkIf mkOption types;
in {
{
options = {
nix.sshServe = {
enable = mkOption {
description = "Whether to enable serving the nix store over ssh.";
default = false;
type = types.bool;
default = false;
description = "Whether to enable serving the Nix store as a binary cache via SSH.";
};
keys = mkOption {
type = types.listOf types.str;
default = [];
example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ];
description = "A list of SSH public keys allowed to access the binary cache via SSH.";
};
};
};
config = mkIf config.nix.sshServe.enable {
users.extraUsers.nix-ssh = {
description = "User for running nix-store --serve.";
description = "Nix SSH substituter user";
uid = config.ids.uids.nix-ssh;
shell = pkgs.stdenv.shell;
useDefaultShell = true;
};
services.openssh.enable = true;
@ -38,8 +41,11 @@ in {
PermitTTY no
PermitTunnel no
X11Forwarding no
ForceCommand ${serveOnly}
ForceCommand ${config.nix.package}/bin/nix-store --serve
Match All
'';
users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys;
};
}

180
nixos/modules/services/misc/siproxd.nix Normal file
View File

@ -0,0 +1,180 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.siproxd;
conf = ''
daemonize = 0
rtp_proxy_enable = 1
user = siproxd
if_inbound = ${cfg.ifInbound}
if_outbound = ${cfg.ifOutbound}
sip_listen_port = ${toString cfg.sipListenPort}
rtp_port_low = ${toString cfg.rtpPortLow}
rtp_port_high = ${toString cfg.rtpPortHigh}
rtp_dscp = ${toString cfg.rtpDscp}
sip_dscp = ${toString cfg.sipDscp}
${optionalString (cfg.hostsAllowReg != []) "hosts_allow_reg = ${concatStringsSep "," cfg.hostsAllowReg}"}
${optionalString (cfg.hostsAllowSip != []) "hosts_allow_sip = ${concatStringsSep "," cfg.hostsAllowSip}"}
${optionalString (cfg.hostsDenySip != []) "hosts_deny_sip = ${concatStringsSep "," cfg.hostsDenySip}"}
${if (cfg.passwordFile != "") then "proxy_auth_pwfile = ${cfg.passwordFile}" else ""}
${cfg.extraConfig}
'';
confFile = builtins.toFile "siproxd.conf" conf;
in
{
##### interface
options = {
services.siproxd = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the Siproxd SIP
proxy/masquerading daemon.
'';
};
ifInbound = mkOption {
type = types.str;
example = "eth0";
description = "Local network interface";
};
ifOutbound = mkOption {
type = types.str;
example = "ppp0";
description = "Public network interface";
};
hostsAllowReg = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "192.168.1.0/24" "192.168.2.0/24" ];
description = ''
Acess control list for incoming SIP registrations.
'';
};
hostsAllowSip = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "123.45.0.0/16" "123.46.0.0/16" ];
description = ''
Acess control list for incoming SIP traffic.
'';
};
hostsDenySip = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "10.0.0.0/8" "11.0.0.0/8" ];
description = ''
Acess control list for denying incoming
SIP registrations and traffic.
'';
};
sipListenPort = mkOption {
type = types.int;
default = 5060;
description = ''
Port to listen for incoming SIP messages.
'';
};
rtpPortLow = mkOption {
type = types.int;
default = 7070;
description = ''
Bottom of UDP port range for incoming and outgoing RTP traffic
'';
};
rtpPortHigh = mkOption {
type = types.int;
default = 7089;
description = ''
Top of UDP port range for incoming and outgoing RTP traffic
'';
};
rtpTimeout = mkOption {
type = types.int;
default = 300;
description = ''
Timeout for an RTP stream. If for the specified
number of seconds no data is relayed on an active
stream, it is considered dead and will be killed.
'';
};
rtpDscp = mkOption {
type = types.int;
default = 46;
description = ''
DSCP (differentiated services) value to be assigned
to RTP packets. Allows QOS aware routers to handle
different types traffic with different priorities.
'';
};
sipDscp = mkOption {
type = types.int;
default = 0;
description = ''
DSCP (differentiated services) value to be assigned
to SIP packets. Allows QOS aware routers to handle
different types traffic with different priorities.
'';
};
passwordFile = mkOption {
type = types.str;
default = "";
description = ''
Path to per-user password file.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Extra configuration to add to siproxd configuration.
'';
};
};
};
##### implementation
config = mkIf cfg.enable {
users.extraUsers = singleton {
name = "siproxyd";
uid = config.ids.uids.siproxd;
};
systemd.services.siproxd = {
description = "SIP proxy/masquerading daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.siproxd}/sbin/siproxd -c ${confFile}";
};
};
};
}

15
nixos/modules/services/monitoring/munin.nix
View File

@ -189,19 +189,18 @@ in
wantedBy = [ "multi-user.target" ];
path = [ pkgs.munin ];
environment.MUNIN_PLUGSTATE = "/var/run/munin";
preStart = ''
echo "updating munin plugins..."
mkdir -p /etc/munin/plugins
rm -rf /etc/munin/plugins/*
PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
'';
serviceConfig = {
ExecStart = "${pkgs.munin}/sbin/munin-node --config ${nodeConf} --servicedir /etc/munin/plugins/";
};
};
system.activationScripts.munin-node = ''
echo "updating munin plugins..."
mkdir -p /etc/munin/plugins
rm -rf /etc/munin/plugins/*
PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
'';
}) (mkIf cronCfg.enable {
services.cron.systemCronJobs = [

2
nixos/modules/services/monitoring/nagios.nix
View File

@ -12,7 +12,7 @@ let
nagiosObjectDefs = cfg.objectDefs;
nagiosObjectDefsDir = pkgs.runCommand "nagios-objects" {inherit nagiosObjectDefs;}
"ensureDir $out; ln -s $nagiosObjectDefs $out/";
"mkdir -p $out; ln -s $nagiosObjectDefs $out/";
nagiosCfgFile = pkgs.writeText "nagios.cfg"
''

79
nixos/modules/services/monitoring/riemann-dash.nix Normal file
View File

@ -0,0 +1,79 @@
{ config, pkgs, ... }:
with pkgs;
with pkgs.lib;
let
cfg = config.services.riemann-dash;
conf = writeText "config.rb" ''
riemann_base = "${cfg.dataDir}"
config.store[:ws_config] = "#{riemann_base}/config/config.json"
${cfg.config}
'';
launcher = writeScriptBin "riemann-dash" ''
#!/bin/sh
exec ${rubyLibs.riemann_dash}/bin/riemann-dash ${conf}
'';
in {
options = {
services.riemann-dash = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable the riemann-dash dashboard daemon.
'';
};
config = mkOption {
type = types.lines;
description = ''
Contents added to the end of the riemann-dash configuration file.
'';
};
dataDir = mkOption {
type = types.str;
default = "/var/riemann-dash";
description = ''
Location of the riemann-base dir. The dashboard configuration file is
is stored to this directory. The directory is created automatically on
service start, and owner is set to the riemanndash user.
'';
};
};
};
config = mkIf cfg.enable {
users.extraGroups.riemanndash.gid = config.ids.gids.riemanndash;
users.extraUsers.riemanndash = {
description = "riemann-dash daemon user";
uid = config.ids.uids.riemanndash;
group = "riemanndash";
};
systemd.services.riemann-dash = {
wantedBy = [ "multi-user.target" ];
wants = [ "riemann.service" ];
after = [ "riemann.service" ];
preStart = ''
mkdir -p ${cfg.dataDir}/config
chown -R riemanndash:riemanndash ${cfg.dataDir}
'';
serviceConfig = {
User = "riemanndash";
ExecStart = "${launcher}/bin/riemann-dash";
PermissionsStartOnly = true;
};
};
};
}

77
nixos/modules/services/monitoring/riemann.nix Normal file
View File

@ -0,0 +1,77 @@
{ config, pkgs, ... }:
with pkgs;
with pkgs.lib;
let
cfg = config.services.riemann;
classpath = concatStringsSep ":" (
cfg.extraClasspathEntries ++ [ "${riemann}/share/java/riemann.jar" ]
);
launcher = writeScriptBin "riemann" ''
#!/bin/sh
exec ${openjdk}/bin/java ${concatStringsSep "\n" cfg.extraJavaOpts} \
-cp ${classpath} \
riemann.bin ${writeText "riemann.config" cfg.config}
'';
in {
options = {
services.riemann = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable the Riemann network monitoring daemon.
'';
};
config = mkOption {
type = types.lines;
description = ''
Contents of the Riemann configuration file.
'';
};
extraClasspathEntries = mkOption {
type = with types; listOf str;
default = [];
description = ''
Extra entries added to the Java classpath when running Riemann.
'';
};
extraJavaOpts = mkOption {
type = with types; listOf str;
default = [];
description = ''
Extra Java options used when launching Riemann.
'';
};
};
};
config = mkIf cfg.enable {
users.extraGroups.riemann.gid = config.ids.gids.riemann;
users.extraUsers.riemann = {
description = "riemann daemon user";
uid = config.ids.uids.riemann;
group = "riemann";
};
systemd.services.riemann = {
wantedBy = [ "multi-user.target" ];
path = [ inetutils ];
serviceConfig = {
User = "riemann";
ExecStart = "${launcher}/bin/riemann";
};
};
};
}

2
nixos/modules/services/monitoring/systemhealth.nix
View File

@ -13,7 +13,7 @@ let
};
buildInputs = [ python ];
installPhase = ''
ensureDir $out/bin
mkdir -p $out/bin
# Make it work for kernels 3.x, not so different than 2.6
sed -i 's/2\.6/4.0/' system_health.py
cp system_health.py $out/bin

2
nixos/modules/services/network-filesystems/openafs-client/default.nix
View File

@ -11,7 +11,7 @@ let
};
afsConfig = pkgs.runCommand "afsconfig" {} ''
ensureDir $out
mkdir -p $out
echo ${cfg.cellName} > $out/ThisCell
cp ${cellServDB} $out/CellServDB
echo "/afs:${cfg.cacheDirectory}:${cfg.cacheSize}" > $out/cacheinfo

5
nixos/modules/services/networking/dhcpcd.nix
View File

@ -7,9 +7,10 @@ let
dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd.override { udev = null; };
# Don't start dhcpcd on explicitly configured interfaces or on
# interfaces that are part of a bridge.
# interfaces that are part of a bridge, bond or sit device.
ignoredInterfaces =
map (i: i.name) (filter (i: i.ipAddress != null) (attrValues config.networking.interfaces))
++ mapAttrsToList (i: _: i) config.networking.sits
++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges))
++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bonds))
++ config.networking.dhcpcd.denyInterfaces;
@ -35,7 +36,7 @@ let
# Ignore peth* devices; on Xen, they're renamed physical
# Ethernet cards used for bridging. Likewise for vif* and tap*
# (Xen) and virbr* and vnet* (libvirt).
denyinterfaces ${toString ignoredInterfaces} lo peth* vif* tap* tun* virbr* vnet* vboxnet*
denyinterfaces ${toString ignoredInterfaces} lo peth* vif* tap* tun* virbr* vnet* vboxnet* sit*
${config.networking.dhcpcd.extraConfig}
'';

35
nixos/modules/services/networking/dhcpd.nix
View File

@ -13,7 +13,7 @@ let
default-lease-time 600;
max-lease-time 7200;
authoritative;
ddns-update-style ad-hoc;
ddns-update-style interim;
log-facility local1; # see dhcpd.nix
${cfg.extraConfig}
@ -108,22 +108,41 @@ in
config = mkIf config.services.dhcpd.enable {
jobs.dhcpd =
users = {
extraUsers.dhcpd = {
uid = config.ids.uids.dhcpd;
description = "DHCP daemon user";
};
};
systemd.services.dhcpd =
{ description = "DHCP server";
startOn = "started network-interfaces";
stopOn = "stopping network-interfaces";
wantedBy = [ "multi-user.target" ];
script =
after = [ "network.target" ];
path = [ pkgs.dhcp ];
preStart =
''
mkdir -m 755 -p ${stateDir}
touch ${stateDir}/dhcpd.leases
exec ${pkgs.dhcp}/sbin/dhcpd -f -cf ${configFile} \
-lf ${stateDir}/dhcpd.leases \
${toString cfg.interfaces}
mkdir -m 755 -p /run/dhcpd
chown dhcpd /run/dhcpd
'';
serviceConfig =
{ ExecStart = "@${pkgs.dhcp}/sbin/dhcpd dhcpd"
+ " -pf /run/dhcpd/dhcpd.pid -cf ${configFile}"
+ " -lf ${stateDir}/dhcpd.leases -user dhcpd -group nogroup"
+ " ${toString cfg.interfaces}";
Restart = "always";
Type = "forking";
PIDFile = "/run/dhcpd/dhcpd.pid";
};
};
};

4
nixos/modules/services/networking/ircd-hybrid/builder.sh
View File

@ -3,7 +3,7 @@ source $stdenv/setup
doSub() {
local src=$1
local dst=$2
ensureDir $(dirname $dst)
mkdir -p $(dirname $dst)
substituteAll $src $dst
}
@ -28,4 +28,4 @@ for i in $substFiles; do
fi
done
ensureDir $out/bin
mkdir -p $out/bin

118
nixos/modules/services/networking/polipo.nix Normal file
View File

@ -0,0 +1,118 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.polipo;
polipoConfig = pkgs.writeText "polipo.conf" ''
proxyAddress = ${cfg.proxyAddress}
proxyPort = ${toString cfg.proxyPort}
allowedClients = ${concatStringsSep ", " cfg.allowedClients}
${optionalString (cfg.parentProxy != "") "parentProxy = ${cfg.parentProxy}" }
${optionalString (cfg.socksParentProxy != "") "socksParentProxy = ${cfg.socksParentProxy}" }
${config.services.polipo.extraConfig}
'';
in
{
options = {
services.polipo = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to run the polipo caching web proxy.";
};
proxyAddress = mkOption {
type = types.string;
default = "127.0.0.1";
description = "IP address on which Polipo will listen.";
};
proxyPort = mkOption {
type = types.int;
default = 8123;
description = "TCP port on which Polipo will listen.";
};
allowedClients = mkOption {
type = types.listOf types.string;
default = [ "127.0.0.1" "::1" ];
example = [ "127.0.0.1" "::1" "134.157.168.0/24" "2001:660:116::/48" ];
description = ''
List of IP addresses or network addresses that may connect to Polipo.
'';
};
parentProxy = mkOption {
type = types.string;
default = "";
example = "localhost:8124";
description = ''
Hostname and port number of an HTTP parent proxy;
it should have the form host:port.
'';
};
socksParentProxy = mkOption {
type = types.string;
default = "";
example = "localhost:9050";
description = ''
Hostname and port number of an SOCKS parent proxy;
it should have the form host:port.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Polio configuration. Contents will be added
verbatim to the configuration file.
'';
};
};
};
config = mkIf cfg.enable {
users.extraUsers = singleton
{ name = "polipo";
uid = config.ids.uids.polipo;
description = "Polipo caching proxy user";
home = "/var/cache/polipo";
createHome = true;
};
users.extraGroups = singleton
{ name = "polipo";
gid = config.ids.gids.polipo;
members = [ "polipo" ];
};
systemd.services.polipo = {
description = "caching web proxy";
after = [ "network.target" "nss-lookup.target" ];
wantedBy = [ "multi-user.target"];
preStart = ''
${pkgs.coreutils}/bin/chown polipo:polipo /var/cache/polipo -R
'';
serviceConfig = {
ExecStart = "${pkgs.polipo}/bin/polipo -c ${polipoConfig}";
ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
User = "polipo";
};
};
};
}

32
nixos/modules/services/networking/radvd.nix
View File

@ -52,24 +52,32 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.radvd ];
users.extraUsers.radvd =
{ uid = config.ids.uids.radvd;
description = "Router Advertisement Daemon User";
};
jobs.radvd =
systemd.services.radvd =
{ description = "IPv6 Router Advertisement Daemon";
startOn = "started network-interfaces";
wantedBy = [ "multi-user.target" ];
preStart =
''
# !!! Radvd only works if IPv6 forwarding is enabled. But
# this should probably be done somewhere else (and not
# necessarily for all interfaces).
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
'';
after = [ "network.target" ];
exec = "${pkgs.radvd}/sbin/radvd -m syslog -s -C ${confFile}";
path = [ pkgs.radvd ];
daemonType = "fork";
preStart = ''
mkdir -m 755 -p /run/radvd
chown radvd /run/radvd
'';
serviceConfig =
{ ExecStart = "@${pkgs.radvd}/sbin/radvd radvd"
+ " -p /run/radvd/radvd.pid -m syslog -u radvd -C ${confFile}";
Restart = "always";
Type = "forking";
PIDFile = "/run/radvd/radvd.pid";
};
};
};

3
nixos/modules/services/networking/ssh/lshd.nix
View File

@ -99,7 +99,6 @@ in
};
subsystems = mkOption {
default = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ];
description = ''
List of subsystem-path pairs, where the head of the pair
denotes the subsystem name, and the tail denotes the path to
@ -116,6 +115,8 @@ in
config = mkIf cfg.enable {
services.lshd.subsystems = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ];
jobs.lshd =
{ description = "GNU lshd SSH2 daemon";

88
nixos/modules/services/networking/unifi.nix Normal file
View File

@ -0,0 +1,88 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.unifi;
stateDir = "/var/lib/unifi";
cmd = "@${pkgs.icedtea7_jre}/bin/java java -jar ${stateDir}/lib/ace.jar";
in
{
options = {
services.unifi.enable = mkOption {
type = types.uniq types.bool;
default = false;
description = ''
Whether or not to enable the unifi controller service.
'';
};
};
config = mkIf cfg.enable {
users.extraUsers.unifi = {
uid = config.ids.uids.unifi;
description = "UniFi controller daemon user";
home = "${stateDir}";
};
# We must create the binary directories as bind mounts instead of symlinks
# This is because the controller resolves all symlinks to absolute paths
# to be used as the working directory.
systemd.mounts = map ({ what, where }: {
bindsTo = [ "unifi.service" ];
requiredBy = [ "unifi.service" ];
before = [ "unifi.service" ];
options = "bind";
what = what;
where = where;
}) [
{
what = "${pkgs.unifi}/dl";
where = "${stateDir}/dl";
}
{
what = "${pkgs.unifi}/lib";
where = "${stateDir}/lib";
}
{
what = "${pkgs.mongodb}/bin";
where = "${stateDir}/bin";
}
];
systemd.services.unifi = {
description = "UniFi controller daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
# Ensure privacy of state
chown unifi "${stateDir}"
chmod 0700 "${stateDir}"
# Create the volatile webapps
mkdir -p "${stateDir}/webapps"
chown unifi "${stateDir}/webapps"
ln -s "${pkgs.unifi}/webapps/ROOT.war" "${stateDir}/webapps/ROOT.war"
'';
postStop = ''
rm "${stateDir}/webapps/ROOT.war"
'';
serviceConfig = {
Type = "simple";
ExecStart = "${cmd} start";
ExecStop = "${cmd} stop";
User = "unifi";
PermissionsStartOnly = true;
UMask = "0077";
WorkingDirectory = "${stateDir}";
};
};
};
}

76
nixos/modules/services/networking/znc.nix
View File

@ -20,6 +20,11 @@ let
</Pass>
";
modules = pkgs.buildEnv {
name = "znc-modules";
paths = cfg.modulePackages;
};
confOptions = { ... }: {
options = {
modules = mkOption {
@ -31,6 +36,15 @@ let
'';
};
userModules = mkOption {
type = types.listOf types.string;
default = [ ];
example = [ "fish" "push" ];
description = ''
A list of user modules to include in the `znc.conf` file.
'';
};
userName = mkOption {
default = defaultUserName;
example = "johntron";
@ -63,9 +77,9 @@ let
};
port = mkOption {
default = "5000";
example = "5000";
type = types.string;
default = 5000;
example = 5000;
type = types.int;
description = ''
Specifies the port on which to listen.
'';
@ -80,6 +94,13 @@ let
'';
};
extraZncConf = mkOption {
default = "";
type = types.lines;
description = ''
Extra config to `znc.conf` file
'';
};
};
};
@ -104,7 +125,7 @@ let
AllowWeb = true
IPv4 = true
IPv6 = false
Port = ${if confOpts.useSSL then "+" else ""}${confOpts.port}
Port = ${if confOpts.useSSL then "+" else ""}${toString confOpts.port}
SSL = ${if confOpts.useSSL then "true" else "false"}
</Listener>
@ -128,9 +149,11 @@ let
QuitMsg = Quit
RealName = ${confOpts.nick}
TimestampFormat = [%H:%M:%S]
${concatMapStrings (n: "LoadModule = ${n}\n") confOpts.userModules}
${confOpts.passBlock}
</User>
${confOpts.extraZncConf}
'';
zncConfFile = pkgs.writeTextFile {
@ -168,9 +191,9 @@ in
};
dataDir = mkOption {
default = "/home/${cfg.user}/.znc";
example = "/home/john/.znc";
type = types.string;
default = "/var/lib/znc/";
example = "/home/john/.znc/";
type = types.path;
description = ''
The data directory. Used for configuration files and modules.
'';
@ -179,7 +202,7 @@ in
zncConf = mkOption {
default = "";
example = "See: http://wiki.znc.in/Configuration";
type = types.string;
type = types.lines;
description = ''
The contents of the `znc.conf` file to use when creating it.
If specified, `confOptions` will be ignored, and this value, as-is, will be used.
@ -201,6 +224,15 @@ in
'';
options = confOptions;
};
modulePackages = mkOption {
type = types.listOf types.package;
default = [ ];
example = [ pkgs.zncModules.fish pkgs.zncModules.push ];
description = ''
A list of global znc module packages to add to znc.
'';
};
mutable = mkOption {
default = false;
@ -218,9 +250,9 @@ in
};
extraFlags = mkOption {
default = "";
example = "--debug";
type = types.string;
default = [ ];
example = [ "--debug" ];
type = types.listOf types.str;
description = ''
Extra flags to use when executing znc command.
'';
@ -233,25 +265,22 @@ in
config = mkIf cfg.enable {
systemd.services."znc-${cfg.user}" = {
description = "ZNC Server of ${cfg.user}.";
systemd.services.znc = {
description = "ZNC Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.service" ];
path = [ pkgs.znc ];
serviceConfig = {
User = "${cfg.user}";
User = cfg.user;
Restart = "always";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID";
};
preStart = ''
${pkgs.coreutils}/bin/mkdir -p ${cfg.dataDir}
${pkgs.coreutils}/bin/chown ${cfg.user} ${cfg.dataDir} -R
${pkgs.coreutils}/bin/mkdir -p ${cfg.dataDir}/configs
# If mutable, regenerate conf file every time.
${optionalString (!cfg.mutable) ''
${pkgs.coreutils}/echo "znc-${cfg.user} is set to be system-managed. Now deleting old znc.conf file to be regenerated."
${pkgs.coreutils}/echo "znc is set to be system-managed. Now deleting old znc.conf file to be regenerated."
${pkgs.coreutils}/rm -f ${cfg.dataDir}/configs/znc.conf
''}
@ -259,7 +288,7 @@ in
if [[ ! -f ${cfg.dataDir}/configs/znc.conf ]]; then
${pkgs.coreutils}/bin/echo "No znc.conf file found in ${cfg.dataDir}. Creating one now."
${if (!cfg.mutable)
then "${pkgs.coreutils}/bin/ln --force -s ${zncConfFile} ${cfg.dataDir}/configs/znc.conf"
then "${pkgs.coreutils}/bin/ln --force -s ${zncConfFile} ${cfg.dataDir}/.znc/configs/znc.conf"
else ''
${pkgs.coreutils}/bin/cp --no-clobber ${zncConfFile} ${cfg.dataDir}/configs/znc.conf
${pkgs.coreutils}/bin/chmod u+rw ${cfg.dataDir}/configs/znc.conf
@ -269,10 +298,14 @@ in
if [[ ! -f ${cfg.dataDir}/znc.pem ]]; then
${pkgs.coreutils}/bin/echo "No znc.pem file found in ${cfg.dataDir}. Creating one now."
${pkgs.znc}/bin/znc --makepem
${pkgs.znc}/bin/znc --makepem --datadir ${cfg.dataDir}
fi
# Symlink modules
rm ${cfg.dataDir}/modules || true
ln -fs ${modules}/lib/znc ${cfg.dataDir}/modules
'';
script = "${pkgs.znc}/bin/znc --foreground --datadir ${cfg.dataDir} ${cfg.extraFlags}";
script = "${pkgs.znc}/bin/znc --foreground --datadir ${cfg.dataDir} ${toString cfg.extraFlags}";
};
users.extraUsers = optional (cfg.user == defaultUser)
@ -280,6 +313,7 @@ in
description = "ZNC server daemon owner";
group = defaultUser;
uid = config.ids.uids.znc;
home = cfg.dataDir;
createHome = true;
createUser = true;
};

15
nixos/modules/services/search/elasticsearch.nix
View File

@ -21,6 +21,11 @@ let
];
};
esPlugins = pkgs.buildEnv {
name = "elasticsearch-plugins";
paths = cfg.plugins;
};
in {
###### interface
@ -101,6 +106,12 @@ in {
example = [ "-Djava.net.preferIPv4Stack=true" ];
};
plugins = mkOption {
description = "Extra elasticsearch plugins";
default = [];
type = types.listOf types.package;
};
};
###### implementation
@ -119,6 +130,10 @@ in {
preStart = ''
mkdir -m 0700 -p ${cfg.dataDir}
if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi
# Install plugins
rm ${cfg.dataDir}/plugins || true
ln -s ${esPlugins}/plugins ${cfg.dataDir}/plugins
'';
};

17
nixos/modules/services/security/fail2ban.nix
View File

@ -25,12 +25,17 @@ in
options = {
services.fail2ban = {
enable = mkOption {
default = false;
type = types.bool;
description = "Whether to enable the fail2ban service.";
};
daemonConfig = mkOption {
default =
''
[Definition]
loglevel = 3
loglevel = INFO
logtarget = SYSLOG
socket = /run/fail2ban/fail2ban.sock
pidfile = /run/fail2ban/fail2ban.pid
@ -80,7 +85,7 @@ in
###### implementation
config = {
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.fail2ban ];
@ -101,12 +106,13 @@ in
preStart =
''
mkdir -p /run/fail2ban -m 0755
mkdir -p /var/lib/fail2ban
'';
serviceConfig =
{ ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
ReadOnlyDirectories = "/";
ReadWriteDirectories = "/run /var/tmp";
ReadWriteDirectories = "/run /var/tmp /var/lib";
CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW";
};
@ -131,15 +137,14 @@ in
bantime = 600
findtime = 600
maxretry = 3
backend = auto
'';
backend = systemd
'';
# Block SSH if there are too many failing connection attempts.
services.fail2ban.jails.ssh-iptables =
''
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/warn
maxretry = 5
'';

2
nixos/modules/services/system/dbus.nix
View File

@ -14,7 +14,7 @@ let
name = "dbus-conf";
preferLocalBuild = true;
buildCommand = ''
ensureDir $out
mkdir -p $out
cp -v ${pkgs.dbus.daemon}/etc/dbus-1/system.conf $out/system.conf

18
nixos/modules/services/web-servers/apache-httpd/default.nix
View File

@ -80,7 +80,7 @@ let
# !!! should be in lib
writeTextInDir = name: text:
pkgs.runCommand name {inherit text;} "ensureDir $out; echo -n \"$text\" > $out/$name";
pkgs.runCommand name {inherit text;} "mkdir -p $out; echo -n \"$text\" > $out/$name";
enableSSL = any (vhost: vhost.enableSSL) allHosts;
@ -130,7 +130,7 @@ let
'';
loggingConf = ''
loggingConf = (if mainCfg.logFormat != "none" then ''
ErrorLog ${mainCfg.logDir}/error_log
LogLevel notice
@ -141,7 +141,9 @@ let
LogFormat "%{User-agent}i" agent
CustomLog ${mainCfg.logDir}/access_log ${mainCfg.logFormat}
'';
'' else ''
ErrorLog /dev/null
'');
browserHacks = ''
@ -194,7 +196,7 @@ let
) null ([ cfg ] ++ subservices);
documentRoot = if maybeDocumentRoot != null then maybeDocumentRoot else
pkgs.runCommand "empty" {} "ensureDir $out";
pkgs.runCommand "empty" {} "mkdir -p $out";
documentRootConf = ''
DocumentRoot "${documentRoot}"
@ -387,7 +389,7 @@ let
'';
enablePHP = any (svc: svc.enablePHP) allSubservices;
enablePHP = mainCfg.enablePHP || any (svc: svc.enablePHP) allSubservices;
# Generate the PHP configuration file. Should probably be factored
@ -531,6 +533,12 @@ in
'';
};
enablePHP = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the PHP module.";
};
phpOptions = mkOption {
type = types.lines;
default = "";

22
nixos/modules/services/web-servers/apache-httpd/mediawiki-postgresql-fixes.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/includes/specials/SpecialActiveusers.php b/includes/specials/SpecialActiveusers.php
index f739d3b..fdd8db3 100644
--- a/includes/specials/SpecialActiveusers.php
+++ b/includes/specials/SpecialActiveusers.php
@@ -112,7 +112,7 @@ class ActiveUsersPager extends UsersPager {
return array(
'tables' => array( 'querycachetwo', 'user', 'recentchanges' ),
'fields' => array( 'user_name', 'user_id', 'recentedits' => 'COUNT(*)', 'qcc_title' ),
- 'options' => array( 'GROUP BY' => array( 'qcc_title' ) ),
+ 'options' => array( 'GROUP BY' => array( 'qcc_title', 'user_name', 'user_id' ) ),
'conds' => $conds
);
}
@@ -349,7 +349,7 @@ class SpecialActiveUsers extends SpecialPage {
__METHOD__,
array(
'GROUP BY' => array( 'rc_user_text' ),
- 'ORDER BY' => 'NULL' // avoid filesort
+ 'ORDER BY' => 'lastedittime DESC'
)
);
$names = array();

6
nixos/modules/services/web-servers/apache-httpd/mediawiki.nix
View File

@ -79,6 +79,8 @@ let
sha256 = "07z5j8d988cdg4ml4n0vs9fwmj0p594ibbqdid16faxwqm52dkhl";
};
patches = [ ./mediawiki-postgresql-fixes.patch ];
skins = config.skins;
buildPhase =
@ -90,7 +92,7 @@ let
installPhase =
''
ensureDir $out
mkdir -p $out
cp -r * $out
cp ${mediawikiConfig} $out/LocalSettings.php
sed -i \
@ -104,7 +106,7 @@ let
mediawikiScripts = pkgs.runCommand "mediawiki-${config.id}-scripts"
{ buildInputs = [ pkgs.makeWrapper ]; }
''
ensureDir $out/bin
mkdir -p $out/bin
for i in changePassword.php createAndPromote.php userOptions.php edit.php nukePage.php update.php; do
makeWrapper ${php}/bin/php $out/bin/mediawiki-${config.id}-$(basename $i .php) \
--add-flags ${mediawikiRoot}/maintenance/$i

2
nixos/modules/services/web-servers/apache-httpd/mercurial.nix
View File

@ -9,7 +9,7 @@ let
cgi = pkgs.stdenv.mkDerivation {
name = "mercurial-cgi";
buildCommand = ''
ensureDir $out
mkdir -p $out
cp -v ${mercurial}/share/cgi-bin/hgweb.cgi $out
sed -i "s|/path/to/repo/or/config|$out/hgweb.config|" $out/hgweb.cgi
echo "

8
nixos/modules/services/web-servers/apache-httpd/tomcat-connector.nix
View File

@ -29,6 +29,14 @@ ${extraWorkersProperties}
'';
in
{
options = {
extraWorkersProperties = lib.mkOption {
default = "";
description = "Additional configuration for the workers.properties file.";
};
};
extraModules = [
{ name = "jk"; path = "${pkgs.tomcat_connectors}/modules/mod_jk.so"; }
];

2
nixos/modules/services/web-servers/lighttpd/cgit.nix
View File

@ -29,7 +29,7 @@ in
cache-size=1000
scan-path=/srv/git
'';
type = types.string;
type = types.lines;
description = ''
Verbatim contents of the cgit runtime configuration file. Documentation
(with cgitrc example file) is available in "man cgitrc". Or online:

12
nixos/modules/services/web-servers/lighttpd/default.nix
View File

@ -9,9 +9,9 @@ let
cfg = config.services.lighttpd;
needModRedirect = cfg.gitweb.enable;
needModAlias = cfg.cgit.enable or cfg.gitweb.enable;
needModSetenv = cfg.cgit.enable or cfg.gitweb.enable;
needModCgi = cfg.cgit.enable or cfg.gitweb.enable;
needModAlias = cfg.cgit.enable || cfg.gitweb.enable;
needModSetenv = cfg.cgit.enable || cfg.gitweb.enable;
needModCgi = cfg.cgit.enable || cfg.gitweb.enable;
needModStatus = cfg.mod_status;
needModUserdir = cfg.mod_userdir;
@ -102,7 +102,7 @@ in
document-root = mkOption {
default = "/srv/www";
type = types.str;
type = types.path;
description = ''
Document-root of the web server. Must be readable by the "lighttpd" user.
'';
@ -128,7 +128,7 @@ in
configText = mkOption {
default = "";
type = types.string;
type = types.lines;
example = ''...verbatim config file contents...'';
description = ''
Overridable config file contents to use for lighttpd. By default, use
@ -138,7 +138,7 @@ in
extraConfig = mkOption {
default = "";
type = types.string;
type = types.lines;
description = ''
These configuration lines will be appended to the generated lighttpd
config file. Note that this mechanism does not work when the manual

4
nixos/modules/services/web-servers/lighttpd/gitweb.nix
View File

@ -25,7 +25,7 @@ in
projectroot = mkOption {
default = "/srv/git";
type = types.str;
type = types.path;
description = ''
Path to git projects (bare repositories) that should be served by
gitweb. Must not end with a slash.
@ -34,7 +34,7 @@ in
extraConfig = mkOption {
default = "";
type = types.str;
type = types.lines;
description = ''
Verbatim configuration text appended to the generated gitweb.conf file.
'';

9
nixos/modules/services/web-servers/tomcat.nix
View File

@ -77,6 +77,11 @@ in
description = "Whether to enable logging per virtual host.";
};
jdk = mkOption {
default = pkgs.jdk;
description = "Which JDK to use.";
};
axis2 = {
enable = mkOption {
@ -332,13 +337,13 @@ in
'';
script = ''
${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${tomcat}/bin/startup.sh'
${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${cfg.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${tomcat}/bin/startup.sh'
'';
postStop =
''
echo "Stopping tomcat..."
CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c ${tomcat}/bin/shutdown.sh
CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${cfg.jdk} ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c ${tomcat}/bin/shutdown.sh
'';
};

5
nixos/modules/services/x11/desktop-managers/default.nix
View File

@ -17,7 +17,10 @@ in
# Note: the order in which desktop manager modules are imported here
# determines the default: later modules (if enabled) are preferred.
# E.g., if KDE is enabled, it supersedes xterm.
imports = [ ./none.nix ./xterm.nix ./xfce.nix ./kde4.nix ./e17.nix ./gnome3.nix ./xbmc.nix ];
imports = [
./none.nix ./xterm.nix ./xfce.nix ./kde4.nix
./e17.nix ./e18.nix ./gnome3.nix ./xbmc.nix
];
options = {

43
nixos/modules/services/x11/desktop-managers/e18.nix Normal file
View File

@ -0,0 +1,43 @@
{ config, pkgs, lib, ... }:
with lib;
let
xcfg = config.services.xserver;
cfg = xcfg.desktopManager.e18;
e18_enlightenment = pkgs.e18.enlightenment.override { set_freqset_setuid = true; };
in
{
options = {
services.xserver.desktopManager.e18.enable = mkOption {
default = false;
example = true;
description = "Enable the E18 desktop environment.";
};
};
config = mkIf (xcfg.enable && cfg.enable) {
environment.systemPackages = [
pkgs.e18.efl pkgs.e18.evas pkgs.e18.emotion pkgs.e18.elementary e18_enlightenment
pkgs.e18.terminology pkgs.e18.econnman
];
services.xserver.desktopManager.session = [
{ name = "E18";
start = ''
${e18_enlightenment}/bin/enlightenment_start
waitPID=$!
'';
}];
security.setuidPrograms = [ "e18_freqset" ];
};
}

25
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -35,6 +35,14 @@ in {
description = "Enable Gnome 3 desktop manager.";
};
services.xserver.desktopManager.gnome3.sessionPath = mkOption {
default = [];
example = "[ pkgs.gnome3.gpaste ]";
description = "Additional list of packages to be added to the session search path.
Useful for gnome shell extensions or gsettings-conditionated autostart.";
apply = list: list ++ [ gnome3.gnome_shell ];
};
environment.gnome3.packageSet = mkOption {
default = pkgs.gnome3;
example = literalExample "pkgs.gnome3_12";
@ -86,10 +94,19 @@ in {
export XDG_MENU_PREFIX=gnome
# Don't let epiphany depend upon gnome-shell
# Don't let gnome-session depend upon vino (for .desktop autostart condition)
${concatMapStrings (p: ''
if [ -d "${p}/share/gsettings-schemas/${p.name}" ]; then
export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}${p}/share/gsettings-schemas/${p.name}
fi
if [ -d "${p}/lib/girepository-1.0" ]; then
export GI_TYPELIB_PATH=$GI_TYPELIB_PATH''${GI_TYPELIB_PATH:+:}${p}/lib/girepository-1.0
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}${p}/lib
fi
'') cfg.sessionPath}
# Override default mimeapps
export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}${gnome3.gnome_shell}/share/gsettings-schemas/${gnome3.gnome_shell.name}:${gnome3.vino}/share/gsettings-schemas/${gnome3.vino.name}:${mimeAppsList}/share
export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}${mimeAppsList}/share
# Let gnome-control-center find gnome-shell search providers
export GNOME_SEARCH_PROVIDERS_DIR=${config.system.path}/share/gnome-shell/search-providers/
@ -123,7 +140,7 @@ in {
gnome3.gnome_settings_daemon
gnome3.gnome_shell
gnome3.gnome_themes_standard
] ++ (removePackagesByName [
] ++ cfg.sessionPath ++ (removePackagesByName [
gnome3.baobab
gnome3.empathy
gnome3.eog

151
nixos/modules/services/x11/display-managers/gdm.nix Normal file
View File

@ -0,0 +1,151 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.displayManager;
gdm = pkgs.gnome3_12.gdm; # gdm 3.10 not supported
gnome3 = config.environment.gnome3.packageSet;
in
{
###### interface
options = {
services.xserver.displayManager.gdm = {
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether to enable GDM as the display manager.
<emphasis>GDM is very experimental and may render system unusable.</emphasis>
'';
};
};
};
###### implementation
config = mkIf cfg.gdm.enable {
services.xserver.displayManager.slim.enable = false;
users.extraUsers.gdm =
{ name = "gdm";
uid = config.ids.uids.gdm;
group = "gdm";
home = "/run/gdm";
description = "GDM user";
};
users.extraGroups.gdm.gid = config.ids.gids.gdm;
services.xserver.displayManager.job =
{
environment = {
GDM_X_SERVER = "${cfg.xserverBin} ${cfg.xserverArgs}";
GDM_SESSIONS_DIR = "${cfg.session.desktops}";
XDG_CONFIG_DIRS = "${gnome3.gnome_settings_daemon}/etc/xdg";
};
execCmd = "exec ${gdm}/sbin/gdm";
};
# Because sd_login_monitor_new requires /run/systemd/machines
systemd.services.display-manager.wants = [ "systemd-machined.service" ];
systemd.services.display-manager.after = [ "systemd-machined.service" ];
systemd.services.display-manager.path = [ gnome3.gnome_shell gnome3.caribou ];
services.dbus.packages = [ gdm ];
programs.dconf.profiles.gdm = "${gdm}/share/dconf/profile/gdm";
# GDM LFS PAM modules, adapted somehow to NixOS
security.pam.services = {
gdm-launch-environment.text = ''
auth required pam_succeed_if.so audit quiet_success user = gdm
auth optional pam_permit.so
account required pam_succeed_if.so audit quiet_success user = gdm
account sufficient pam_unix.so
password required pam_deny.so
session required pam_succeed_if.so audit quiet_success user = gdm
session required pam_env.so envfile=${config.system.build.pamEnvironment}
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional pam_keyinit.so force revoke
session optional pam_permit.so
'';
gdm.text = ''
auth requisite pam_nologin.so
auth required pam_env.so
auth required pam_succeed_if.so uid >= 1000 quiet
auth optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so
auth sufficient pam_unix.so nullok likeauth
auth required pam_deny.so
account sufficient pam_unix.so
password requisite pam_unix.so nullok sha512
session required pam_env.so envfile=${config.system.build.pamEnvironment}
session required pam_unix.so
session required pam_loginuid.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
gdm-password.text = ''
auth requisite pam_nologin.so
auth required pam_env.so envfile=${config.system.build.pamEnvironment}
auth required pam_succeed_if.so uid >= 1000 quiet
auth optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so
auth sufficient pam_unix.so nullok likeauth
auth required pam_deny.so
account sufficient pam_unix.so
password requisite pam_unix.so nullok sha512
session required pam_env.so envfile=${config.system.build.pamEnvironment}
session required pam_unix.so
session required pam_loginuid.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional ${gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
gdm-autologin.text = ''
auth requisite pam_nologin.so
auth required pam_succeed_if.so uid >= 1000 quiet
auth required pam_permit.so
account sufficient pam_unix.so
password requisite pam_unix.so nullok sha512
session optional pam_keyinit.so revoke
session required pam_env.so envfile=${config.system.build.pamEnvironment}
session required pam_unix.so
session required pam_loginuid.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
'';
};
};
}

2
nixos/modules/services/x11/display-managers/lightdm.nix
View File

@ -26,7 +26,7 @@ let
buildInputs = [ pkgs.makeWrapper ];
buildCommand = ''
ensureDir $out/gtk-3.0/
mkdir -p $out/gtk-3.0/
# This wrapper ensures that we actually get fonts
makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \

2
nixos/modules/services/x11/display-managers/slim.nix
View File

@ -27,7 +27,7 @@ let
unpackedTheme = pkgs.stdenv.mkDerivation {
name = "slim-theme";
buildCommand = ''
ensureDir $out
mkdir -p $out
cd $out
unpackFile ${cfg.theme}
ln -s * default

9
nixos/modules/services/x11/hardware/synaptics.nix
View File

@ -41,16 +41,19 @@ in {
};
accelFactor = mkOption {
type = types.nullOr types.string;
default = "0.001";
description = "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).";
};
minSpeed = mkOption {
type = types.nullOr types.string;
default = "0.6";
description = "Cursor speed factor for precision finger motion.";
};
maxSpeed = mkOption {
type = types.nullOr types.string;
default = "1.0";
description = "Cursor speed factor for highest-speed finger motion.";
};
@ -120,9 +123,9 @@ in {
MatchIsTouchpad "on"
${optionalString (cfg.dev != null) ''MatchDevicePath "${cfg.dev}"''}
Driver "synaptics"
Option "MinSpeed" "${cfg.minSpeed}"
Option "MaxSpeed" "${cfg.maxSpeed}"
Option "AccelFactor" "${cfg.accelFactor}"
${optionalString (cfg.minSpeed != null) ''Option "MinSpeed" "${cfg.minSpeed}"''}
${optionalString (cfg.maxSpeed != null) ''Option "MaxSpeed" "${cfg.maxSpeed}"''}
${optionalString (cfg.accelFactor != null) ''Option "AccelFactor" "${cfg.accelFactor}"''}
${optionalString cfg.tapButtons tapConfig}
Option "ClickFinger1" "${builtins.elemAt cfg.buttonsMap 0}"
Option "ClickFinger2" "${builtins.elemAt cfg.buttonsMap 1}"

29
nixos/modules/services/x11/window-managers/bspwm.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.windowManager.bspwm;
in
{
options = {
services.xserver.windowManager.bspwm.enable = mkOption {
type = types.bool;
default = false;
example = true;
description = "Enable the bspwm window manager.";
};
};
config = mkIf cfg.enable {
services.xserver.windowManager.session = singleton {
name = "bspwm";
start = "
${pkgs.sxhkd}/bin/sxhkd &
${pkgs.bspwm}/bin/bspwm
";
};
environment.systemPackages = [ pkgs.bspwm ];
};
}

1
nixos/modules/services/x11/window-managers/default.nix
View File

@ -17,6 +17,7 @@ in
./xmonad.nix
./i3.nix
./herbstluftwm.nix
./bspwm.nix
];
options = {

28
nixos/modules/services/x11/window-managers/fluxbox.nix Normal file
View File

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.windowManager.fluxbox;
in
{
###### interface
options = {
services.xserver.windowManager.fluxbox.enable = mkOption {
default = false;
description = "Enable the Fluxbox window manager.";
};
};
###### implementation
config = mkIf cfg.enable {
services.xserver.windowManager.session = singleton {
name = "fluxbox";
start = ''
${pkgs.fluxbox}/bin/startfluxbox &
waitPID=$!
'';
};
environment.systemPackages = [ pkgs.fluxbox ];
};
}

5
nixos/modules/system/activation/activation-script.nix
View File

@ -66,6 +66,9 @@ in
PATH=$PATH:$i/bin:$i/sbin
done
_status=0
trap "_status=1" ERR
# Ensure a consistent umask.
umask 0022
@ -84,6 +87,8 @@ in
# Prevent the current configuration from being garbage-collected.
ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
exit $_status
'';
};

37
nixos/modules/system/boot/emergency-mode.nix Normal file
View File

@ -0,0 +1,37 @@
{ config, lib, ... }:
with lib;
{
###### interface
options = {
systemd.enableEmergencyMode = mkOption {
default = true;
type = types.bool;
description = ''
Whether to enable emergency mode, which is an
<command>sulogin</command> shell started on the console if
mounting a filesystem fails. Since some machines (like EC2
instances) have no console of any kind, emergency mode doesn't
make sense, and it's better to continue with the boot insofar
as possible.
'';
};
};
###### implementation
config = {
systemd.additionalUpstreamSystemUnits = optionals
config.systemd.enableEmergencyMode [
"emergency.target" "emergency.service"
];
};
}

1
nixos/modules/system/boot/kernel.nix
View File

@ -195,6 +195,7 @@ in
"xhci_hcd"
"usbhid"
"hid_generic"
"hid_apple" "hid_logitech_dj" "hid_lenovo_tpkbd" "hid_roccat"
# Unix domain sockets (needed by udev).
"unix"

23
nixos/modules/system/boot/modprobe.nix
View File

@ -68,20 +68,15 @@ with lib;
config = mkIf (!config.boot.isContainer) {
environment.etc = [
{ source = "${pkgs.kmod-blacklist-ubuntu}/modprobe.conf";
target = "modprobe.d/ubuntu.conf";
}
{ source = pkgs.writeText "modprobe.conf"
''
${flip concatMapStrings config.boot.blacklistedKernelModules (name: ''
blacklist ${name}
'')}
${config.boot.extraModprobeConfig}
'';
target = "modprobe.d/nixos.conf";
}
];
environment.etc."modprobe.d/ubuntu.conf".source = "${pkgs.kmod-blacklist-ubuntu}/modprobe.conf";
environment.etc."modprobe.d/nixos.conf".text =
''
${flip concatMapStrings config.boot.blacklistedKernelModules (name: ''
blacklist ${name}
'')}
${config.boot.extraModprobeConfig}
'';
environment.systemPackages = [ config.system.sbin.modprobe pkgs.kmod ];

13
nixos/modules/system/boot/stage-1-init.sh
View File

@ -4,7 +4,8 @@ targetRoot=/mnt-root
console=tty1
export LD_LIBRARY_PATH=@extraUtils@/lib
export PATH=@extraUtils@/bin:@extraUtils@/sbin
export PATH=@extraUtils@/bin
ln -s @extraUtils@/bin /bin
fail() {
@ -193,6 +194,9 @@ checkFS() {
# Don't check ROM filesystems.
if [ "$fsType" = iso9660 -o "$fsType" = udf ]; then return 0; fi
# Don't check resilient COWs as they validate the fs structures at mount time
if [ "$fsType" = btrfs -o "$fsType" = zfs ]; then return 0; fi
# If we couldn't figure out the FS type, then skip fsck.
if [ "$fsType" = auto ]; then
echo 'cannot check filesystem with type "auto"!'
@ -262,6 +266,13 @@ mountFS() {
checkFS "$device" "$fsType"
# Create backing directories for unionfs-fuse.
if [ "$fsType" = unionfs-fuse ]; then
for i in $(IFS=:; echo ${options##*,dirs=}); do
mkdir -m 0700 -p /mnt-root"${i%=*}"
done
fi
echo "mounting $device on $mountPoint..."
mkdir -p "/mnt-root$mountPoint" || true

55
nixos/modules/system/boot/stage-1.nix
View File

@ -23,22 +23,6 @@ let
};
needsCifsUtils = kernelPackages.kernel ? features
&& kernelPackages.kernel.features ? needsCifsUtils
&& kernelPackages.kernel.features.needsCifsUtils
&& any (fs: fs.fsType == "cifs") fileSystems;
busybox =
if needsCifsUtils
then pkgs.busybox.override {
extraConfig = ''
CONFIG_FEATURE_MOUNT_CIFS n
CONFIG_FEATURE_MOUNT_HELPERS y
'';
}
else pkgs.busybox;
# Some additional utilities needed in stage 1, like mount, lvm, fsck
# etc. We don't want to bring in all of those packages, so we just
# copy what we need. Instead of using statically linked binaries,
@ -51,6 +35,7 @@ let
}
''
mkdir -p $out/bin $out/lib
ln -s $out/bin $out/sbin
# Copy what we need from Glibc.
cp -pv ${pkgs.glibc}/lib/ld*.so.? $out/lib
@ -62,11 +47,10 @@ let
cp -pv ${pkgs.gcc.gcc}/lib*/libgcc_s.so.* $out/lib
# Copy BusyBox.
cp -rvd ${busybox}/{bin,sbin} $out/
chmod -R u+w $out
cp -pvd ${pkgs.busybox}/bin/* ${pkgs.busybox}/sbin/* $out/bin/
# Copy some utillinux stuff.
cp -v ${pkgs.utillinux}/sbin/blkid $out/bin
cp -vf ${pkgs.utillinux}/sbin/blkid $out/bin
cp -pdv ${pkgs.utillinux}/lib/libblkid*.so.* $out/lib
cp -pdv ${pkgs.utillinux}/lib/libuuid*.so.* $out/lib
@ -89,12 +73,7 @@ let
# Copy modprobe.
cp -v ${pkgs.kmod}/bin/kmod $out/bin/
ln -s kmod $out/bin/modprobe
# Maybe copy cifs utils
${optionalString needsCifsUtils ''
cp -v ${pkgs.cifs_utils}/sbin/mount.cifs $out/bin
''}
ln -sf kmod $out/bin/modprobe
${config.boot.initrd.extraUtilsCommands}
@ -140,7 +119,7 @@ let
udevRules = pkgs.stdenv.mkDerivation {
name = "udev-rules";
buildCommand = ''
ensureDir $out
mkdir -p $out
echo 'ENV{LD_LIBRARY_PATH}="${extraUtils}/lib"' > $out/00-env.rules
@ -220,6 +199,21 @@ let
{ object = pkgs.writeText "mdadm.conf" config.boot.initrd.mdadmConf;
symlink = "/etc/mdadm.conf";
}
{ object = config.environment.etc."modprobe.d/nixos.conf".source;
symlink = "/etc/modprobe.d/nixos.conf";
}
{ object = pkgs.stdenv.mkDerivation {
name = "initrd-kmod-blacklist-ubuntu";
builder = pkgs.writeText "builder.sh" ''
source $stdenv/setup
target=$out
${pkgs.perl}/bin/perl -0pe 's/## file: iwlwifi.conf(.+?)##/##/s;' $src > $out
'';
src = "${pkgs.kmod-blacklist-ubuntu}/modprobe.conf";
};
symlink = "/etc/modprobe.d/ubuntu.conf";
}
];
};
@ -313,6 +307,13 @@ in
example = "xz";
};
boot.initrd.supportedFilesystems = mkOption {
default = [ ];
example = [ "btrfs" ];
type = types.listOf types.string;
description = "Names of supported filesystem types in the initial ramdisk.";
};
fileSystems = mkOption {
options.neededForBoot = mkOption {
default = false;
@ -347,5 +348,7 @@ in
# Prevent systemd from waiting for the /dev/root symlink.
systemd.units."dev-root.device".text = "";
boot.initrd.supportedFilesystems = map (fs: fs.fsType) fileSystems;
};
}

12
nixos/modules/system/boot/stage-2-init.sh
View File

@ -29,7 +29,9 @@ setPath "@path@"
# Normally, stage 1 mounts the root filesystem read/writable.
# However, in some environments, stage 2 is executed directly, and the
# root is read-only. So make it writable here.
mount -n -o remount,rw /
if [ "$container" != systemd-nspawn ]; then
mount -n -o remount,rw none /
fi
# Likewise, stage 1 mounts /proc, /dev and /sys, so if we don't have a
@ -98,12 +100,6 @@ mkdir -m 0755 -p /etc/nixos
rm -rf /var/run /var/lock
rm -f /etc/{group,passwd,shadow}.lock
if test -n "@cleanTmpDir@"; then
echo -n "cleaning \`/tmp'..."
find /tmp -maxdepth 1 -mindepth 1 -print0 | xargs -0r rm -rf --one-file-system
echo " done"
fi
# Also get rid of temporary GC roots.
rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots
@ -186,4 +182,4 @@ echo "starting systemd..."
PATH=/run/current-system/systemd/lib/systemd \
MODULE_DIR=/run/booted-system/kernel-modules/lib/modules \
LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive \
exec systemd --log-target=journal # --log-level=debug --log-target=console --crash-shell
exec systemd

Some files were not shown because too many files have changed in this diff Show More