JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
Frederik Rietdijk 2020-08-07 23:01:57 +02:00
commit 6a201763b4
193 changed files with 4273 additions and 2231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/editorconfig.yml vendored
View File

@ -11,7 +11,7 @@ jobs:
with:
fetch-depth: 0
- uses: technote-space/get-diff-action@v2.0.3
- name: fetch editorconfig-checker
- name: Fetch editorconfig-checker
env:
VERSION: "2.1.0"
OS: "linux"

5
.github/workflows/wait-ofborg.yml vendored
View File

@ -7,8 +7,9 @@ jobs:
steps:
- name: Wait for ofborg CI
run: |
# Wait for ofborg ...
# eval sometimes takes a bit longer on staging.
if [[ "$BASE_BRANCH" == "refs/heads/staging" ]]; then
if [[ "$BASE_BRANCH" == "staging" ]]; then
COUNTDOWN=$((COUNTDOWN*2))
fi
# ..in future a better fix would be to make ofborg mark CI as pending right away.
@ -30,7 +31,7 @@ jobs:
if: github.repository_owner == 'NixOS'
env:
BASE_BRANCH: ${{ github.base_ref }}
COUNTDOWN: 360 # wait for ~30min...
COUNTDOWN: 540 # wait for ~45min...
GITHUB_TOKEN: ${{ github.token }}
COMMIT: ${{ github.event.pull_request.head.sha }}
OFBORG_APP_ID: 20500

31
nixos/doc/manual/release-notes/rl-2009.xml
View File

@ -721,6 +721,37 @@ services.postgresql.dataDir = "/var/db/postgresql";
was removed, as udev gained native support to handle FIDO security tokens.
</para>
</listitem>
<listitem>
<para>
The <literal>services.transmission</literal> module
was enhanced with the new options:
<xref linkend="opt-services.transmission.credentialsFile"/>,
<xref linkend="opt-services.transmission.openFirewall"/>,
and <xref linkend="opt-services.transmission.performanceNetParameters"/>.
</para>
<para>
<literal>transmission-daemon</literal> is now started with additional systemd sandbox/hardening options for better security.
Please <link xlink:href="https://github.com/NixOS/nixpkgs/issues">report</link>
any use case where this is not working well.
In particular, the <literal>RootDirectory</literal> option newly set
forbids uploading or downloading a torrent outside of the default directory
configured at <link linkend="opt-services.transmission.settings">settings.download-dir</link>.
If you really need Transmission to access other directories,
you must include those directories into the <literal>BindPaths</literal> of the service:
<programlisting>
systemd.services.transmission.serviceConfig.BindPaths = [ "/path/to/alternative/download-dir" ];
</programlisting>
</para>
<para>
Also, connection to the RPC (Remote Procedure Call) of <literal>transmission-daemon</literal>
is now only available on the local network interface by default.
Use:
<programlisting>
services.transmission.settings.rpc-bind-address = "0.0.0.0";
</programlisting>
to get the previous behavior of listening on all network interfaces.
</para>
</listitem>
<listitem>
<para>
With this release <literal>systemd-networkd</literal> (when enabled through <xref linkend="opt-networking.useNetworkd"/>)

8
nixos/modules/config/appstream.nix
View File

@ -7,18 +7,18 @@ with lib;
type = types.bool;
default = true;
description = ''
Whether to install files to support the
Whether to install files to support the
<link xlink:href="https://www.freedesktop.org/software/appstream/docs/index.html">AppStream metadata specification</link>.
'';
};
};
config = mkIf config.appstream.enable {
environment.pathsToLink = [
environment.pathsToLink = [
# per component metadata
"/share/metainfo"
"/share/metainfo"
# legacy path for above
"/share/appdata"
"/share/appdata"
];
};

4
nixos/modules/hardware/tuxedo-keyboard.nix
View File

@ -2,7 +2,7 @@
with lib;
let
let
cfg = config.hardware.tuxedo-keyboard;
tuxedo-keyboard = config.boot.kernelPackages.tuxedo-keyboard;
in
@ -27,7 +27,7 @@ in
'';
};
config = mkIf cfg.enable
config = mkIf cfg.enable
{
boot.kernelModules = ["tuxedo_keyboard"];
boot.extraModulePackages = [ tuxedo-keyboard ];

2
nixos/modules/i18n/input-method/uim.nix
View File

@ -2,7 +2,7 @@
with lib;
let
let
cfg = config.i18n.inputMethod.uim;
in
{

4
nixos/modules/programs/autojump.nix
View File

@ -18,7 +18,7 @@ in
'';
};
};
};
};
###### implementation
@ -26,7 +26,7 @@ in
environment.pathsToLink = [ "/share/autojump" ];
environment.systemPackages = [ pkgs.autojump ];
programs.bash.interactiveShellInit = "source ${pkgs.autojump}/share/autojump/autojump.bash";
programs.bash.interactiveShellInit = "source ${pkgs.autojump}/share/autojump/autojump.bash";
programs.zsh.interactiveShellInit = mkIf prg.zsh.enable "source ${pkgs.autojump}/share/autojump/autojump.zsh";
programs.fish.interactiveShellInit = mkIf prg.fish.enable "source ${pkgs.autojump}/share/autojump/autojump.fish";
};

4
nixos/modules/programs/freetds.nix
View File

@ -25,7 +25,7 @@ in
''';
}
'';
description =
description =
''
Configure freetds database entries. Each attribute denotes
a section within freetds.conf, and the value (a string) is the config
@ -47,7 +47,7 @@ in
environment.variables.FREETDS = "/etc/freetds.conf";
environment.variables.SYBASE = "${pkgs.freetds}";
environment.etc."freetds.conf" = { text =
environment.etc."freetds.conf" = { text =
(concatStrings (mapAttrsToList (name: value:
''
[${name}]

4
nixos/modules/services/audio/icecast.nix
View File

@ -23,7 +23,7 @@ let
<listen-socket>
<port>${toString cfg.listen.port}</port>
<bind-address>${cfg.listen.address}</bind-address>
</listen-socket>
</listen-socket>
<security>
<chroot>0</chroot>
@ -70,7 +70,7 @@ in {
description = "Base directory used for logging.";
default = "/var/log/icecast";
};
listen = {
port = mkOption {
type = types.int;

36
nixos/modules/services/backup/bacula.nix
View File

@ -18,7 +18,7 @@ let
Pid Directory = "/run";
${fd_cfg.extraClientConfig}
}
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
Director {
Name = "${name}";
@ -26,7 +26,7 @@ let
Monitor = "${value.monitor}";
}
'') fd_cfg.director)}
Messages {
Name = Standard;
syslog = all, !skipped, !restored
@ -35,7 +35,7 @@ let
'';
sd_cfg = config.services.bacula-sd;
sd_conf = pkgs.writeText "bacula-sd.conf"
sd_conf = pkgs.writeText "bacula-sd.conf"
''
Storage {
Name = "${sd_cfg.name}";
@ -80,7 +80,7 @@ let
'';
dir_cfg = config.services.bacula-dir;
dir_conf = pkgs.writeText "bacula-dir.conf"
dir_conf = pkgs.writeText "bacula-dir.conf"
''
Director {
Name = "${dir_cfg.name}";
@ -125,10 +125,10 @@ let
The password is plain text. It is not generated through any special
process but as noted above, it is better to use random text for
security reasons.
security reasons.
'';
};
monitor = mkOption {
default = "no";
example = "yes";
@ -140,7 +140,7 @@ let
Please note that if this director is being used by a Monitor, we
highly recommend to set this directive to yes to avoid serious
security problems.
security problems.
'';
};
};
@ -163,7 +163,7 @@ let
type of autochanger, what you specify here can vary. This directive
is optional. See the Using AutochangersAutochangersChapter chapter of
this manual for more details of using this and the following
autochanger directives.
autochanger directives.
'';
};
@ -200,7 +200,7 @@ let
Extra configuration to be passed in Autochanger directive.
'';
example = ''
'';
};
};
@ -222,7 +222,7 @@ let
if you are archiving to disk storage. In this case, you must supply
the full absolute path to the directory. When specifying a tape
device, it is preferable that the "non-rewind" variant of the device
file name be given.
file name be given.
'';
};
@ -290,7 +290,7 @@ in {
Whether to enable the Bacula File Daemon.
'';
};
name = mkOption {
default = "${config.networking.hostName}-fd";
description = ''
@ -300,7 +300,7 @@ in {
Clients. This directive is required.
'';
};
port = mkOption {
default = 9102;
type = types.int;
@ -310,7 +310,7 @@ in {
the Client resource of the Director's configuration file.
'';
};
director = mkOption {
default = {};
description = ''
@ -349,14 +349,14 @@ in {
Whether to enable Bacula Storage Daemon.
'';
};
name = mkOption {
default = "${config.networking.hostName}-sd";
description = ''
Specifies the Name of the Storage daemon.
'';
};
port = mkOption {
default = 9103;
type = types.int;
@ -410,7 +410,7 @@ in {
console = all
'';
};
};
services.bacula-dir = {
@ -429,7 +429,7 @@ in {
required.
'';
};
port = mkOption {
default = 9101;
type = types.int;
@ -442,7 +442,7 @@ in {
specify DirAddresses (N.B plural) directive.
'';
};
password = mkOption {
# TODO: required?
description = ''

2
nixos/modules/services/backup/restic.nix
View File

@ -55,7 +55,7 @@ in
Configuration for the rclone remote being used for backup.
See the remote's specific options under rclone's docs at
<link xlink:href="https://rclone.org/docs/"/>. When specifying
option names, use the "config" name specified in the docs.
option names, use the "config" name specified in the docs.
For example, to set <literal>--b2-hard-delete</literal> for a B2
remote, use <literal>hard_delete = true</literal> in the
attribute set.

2
nixos/modules/services/computing/torque/mom.nix
View File

@ -60,4 +60,4 @@ in
};
};
}
}

2
nixos/modules/services/computing/torque/server.nix
View File

@ -93,4 +93,4 @@ in
};
};
}
}

4
nixos/modules/services/databases/postgresql.nix
View File

@ -333,7 +333,7 @@ in
# Wait for PostgreSQL to be ready to accept connections.
ExecStartPost =
let
setupScript = pkgs.writeScript "postgresql-setup" ''
setupScript = pkgs.writeScript "postgresql-setup" (''
#!${pkgs.runtimeShell} -e
PSQL="${pkgs.utillinux}/bin/runuser -u ${cfg.superUser} -- psql --port=${toString cfg.port}"
@ -360,7 +360,7 @@ in
$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"'
'') user.ensurePermissions)}
'') cfg.ensureUsers}
'';
'');
in
"+${setupScript}";
}

2
nixos/modules/services/databases/riak-cs.nix
View File

@ -35,7 +35,7 @@ in
Name of the Erlang node.
'';
};
anonymousUserCreation = mkOption {
type = types.bool;
default = false;

16
nixos/modules/services/games/minetest-server.nix
View File

@ -5,12 +5,12 @@ with lib;
let
cfg = config.services.minetest-server;
flag = val: name: if val != null then "--${name} ${val} " else "";
flags = [
(flag cfg.gameId "gameid")
(flag cfg.world "world")
(flag cfg.configPath "config")
(flag cfg.logPath "logfile")
(flag cfg.port "port")
flags = [
(flag cfg.gameId "gameid")
(flag cfg.world "world")
(flag cfg.configPath "config")
(flag cfg.logPath "logfile")
(flag cfg.port "port")
];
in
{
@ -26,7 +26,7 @@ in
type = types.nullOr types.str;
default = null;
description = ''
Id of the game to use. To list available games run
Id of the game to use. To list available games run
`minetestserver --gameid list`.
If only one game exists, this option can be null.
@ -59,7 +59,7 @@ in
type = types.nullOr types.path;
default = null;
description = ''
Path to logfile for logging.
Path to logfile for logging.
If set to null, logging will be output to stdout which means
all output will be catched by systemd.

2
nixos/modules/services/games/terraria.nix
View File

@ -7,7 +7,7 @@ let
worldSizeMap = { small = 1; medium = 2; large = 3; };
valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\"";
boolFlag = name: val: optionalString val "-${name}";
flags = [
flags = [
(valFlag "port" cfg.port)
(valFlag "maxPlayers" cfg.maxPlayers)
(valFlag "password" cfg.password)

2
nixos/modules/services/hardware/thinkfan.nix
View File

@ -67,7 +67,7 @@ in {
type = types.bool;
default = false;
description = ''
Whether to build thinkfan with SMART support to read temperatures
Whether to build thinkfan with SMART support to read temperatures
directly from hard disks.
'';
};

4
nixos/modules/services/hardware/trezord.nix
View File

@ -10,7 +10,7 @@ in {
meta = {
doc = ./trezord.xml;
};
### interface
options = {
@ -40,7 +40,7 @@ in {
};
};
};
### implementation
config = mkIf cfg.enable {

46
nixos/modules/services/misc/gitlab.nix
View File

@ -618,26 +618,38 @@ in {
enable = true;
ensureUsers = singleton { name = cfg.databaseUsername; };
};
# The postgresql module doesn't currently support concepts like
# objects owners and extensions; for now we tack on what's needed
# here.
systemd.services.postgresql.postStart = mkAfter (optionalString databaseActuallyCreateLocally ''
set -eu
systemd.services.gitlab-postgresql = let pgsql = config.services.postgresql; in mkIf databaseActuallyCreateLocally {
after = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pgsql.package ];
script = ''
set -eu
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then
$PSQL -tAc 'ALTER DATABASE "${cfg.databaseName}" OWNER TO "${cfg.databaseUsername}"'
if [[ -e "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}" ]]; then
echo "Reassigning ownership of database ${cfg.databaseName} to user ${cfg.databaseUsername} failed on last boot. Failing..."
exit 1
fi
touch "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"
$PSQL "${cfg.databaseName}" -tAc "REASSIGN OWNED BY \"$current_owner\" TO \"${cfg.databaseUsername}\""
rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"
fi
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm"
'');
PSQL="${pkgs.utillinux}/bin/runuser -u ${pgsql.superUser} -- psql --port=${toString pgsql.port}"
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then
$PSQL -tAc 'ALTER DATABASE "${cfg.databaseName}" OWNER TO "${cfg.databaseUsername}"'
if [[ -e "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}" ]]; then
echo "Reassigning ownership of database ${cfg.databaseName} to user ${cfg.databaseUsername} failed on last boot. Failing..."
exit 1
fi
touch "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"
$PSQL "${cfg.databaseName}" -tAc "REASSIGN OWNED BY \"$current_owner\" TO \"${cfg.databaseUsername}\""
rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"
fi
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm"
'';
serviceConfig = {
Type = "oneshot";
};
};
# Use postfix to send out mails.
services.postfix.enable = mkDefault true;
@ -767,7 +779,7 @@ in {
};
systemd.services.gitlab = {
after = [ "gitlab-workhorse.service" "gitaly.service" "network.target" "postgresql.service" "redis.service" ];
after = [ "gitlab-workhorse.service" "gitaly.service" "network.target" "gitlab-postgresql.service" "redis.service" ];
requires = [ "gitlab-sidekiq.service" ];
wantedBy = [ "multi-user.target" ];
environment = gitlabEnv;

2
nixos/modules/services/misc/matrix-synapse.nix
View File

@ -675,7 +675,7 @@ in {
}
];
users.users.matrix-synapse = {
users.users.matrix-synapse = {
group = "matrix-synapse";
home = cfg.dataDir;
createHome = true;

8
nixos/modules/services/misc/siproxd.nix
View File

@ -38,7 +38,7 @@ in
type = types.bool;
default = false;
description = ''
Whether to enable the Siproxd SIP
Whether to enable the Siproxd SIP
proxy/masquerading daemon.
'';
};
@ -111,7 +111,7 @@ in
type = types.int;
default = 300;
description = ''
Timeout for an RTP stream. If for the specified
Timeout for an RTP stream. If for the specified
number of seconds no data is relayed on an active
stream, it is considered dead and will be killed.
'';
@ -122,7 +122,7 @@ in
default = 46;
description = ''
DSCP (differentiated services) value to be assigned
to RTP packets. Allows QOS aware routers to handle
to RTP packets. Allows QOS aware routers to handle
different types traffic with different priorities.
'';
};
@ -132,7 +132,7 @@ in
default = 0;
description = ''
DSCP (differentiated services) value to be assigned
to SIP packets. Allows QOS aware routers to handle
to SIP packets. Allows QOS aware routers to handle
different types traffic with different priorities.
'';
};

4
nixos/modules/services/misc/tzupdate.nix
View File

@ -11,7 +11,7 @@ in {
default = false;
description = ''
Enable the tzupdate timezone updating service. This provides
a one-shot service which can be activated with systemctl to
a one-shot service which can be activated with systemctl to
update the timezone.
'';
};
@ -21,7 +21,7 @@ in {
# We need to have imperative time zone management for this to work.
# This will give users an error if they have set an explicit time
# zone, which is better than silently overriding it.
time.timeZone = null;
time.timeZone = null;
# We provide a one-shot service which can be manually run. We could
# provide a service that runs on startup, but it's tricky to get

2
nixos/modules/services/monitoring/cadvisor.nix
View File

@ -90,7 +90,7 @@ in {
default = [];
description = ''
Additional cadvisor options.
See <link xlink:href='https://github.com/google/cadvisor/blob/master/docs/runtime_options.md'/> for available options.
'';
};

4
nixos/modules/services/monitoring/dd-agent/dd-agent.nix
View File

@ -97,11 +97,11 @@ let
"dd-agent/conf.d/nginx.yaml".source = nginxConfig;
}) //
(optionalAttrs (cfg.mongoConfig != null)
{
{
"dd-agent/conf.d/mongo.yaml".source = mongoConfig;
}) //
(optionalAttrs (cfg.processConfig != null)
{
{
"dd-agent/conf.d/process.yaml".source = processConfig;
}) //
(optionalAttrs (cfg.jmxConfig != null)

2
nixos/modules/services/monitoring/teamviewer.nix
View File

@ -15,7 +15,7 @@ in
options = {
services.teamviewer.enable = mkEnableOption "TeamViewer daemon";
};
###### implementation

4
nixos/modules/services/networking/bitcoind.nix
View File

@ -183,8 +183,8 @@ in
}
]) eachBitcoind);
environment.systemPackages = flatten (mapAttrsToList (bitcoindName: cfg: [
cfg.package
environment.systemPackages = flatten (mapAttrsToList (bitcoindName: cfg: [
cfg.package
]) eachBitcoind);
systemd.services = mapAttrs' (bitcoindName: cfg: (

2
nixos/modules/services/networking/gateone.nix
View File

@ -56,4 +56,4 @@ config = mkIf cfg.enable {
};
};
}

2
nixos/modules/services/networking/mstpd.nix
View File

@ -5,7 +5,7 @@ in
with lib;
{
options.services.mstpd = {
enable = mkOption {
default = false;
type = types.bool;

6
nixos/modules/services/networking/nghttpx/default.nix
View File

@ -60,7 +60,7 @@ let
# NB: nghttpx doesn't accept "tls", you must omit "no-tls" for
# the default behavior of turning on TLS.
params1 = lib.remove "tls" params0;
sections = [ host] ++ params1;
formattedSections = lib.concatStringsSep ";" sections;
in
@ -90,7 +90,7 @@ in
{ imports = [
./nghttpx-options.nix
];
config = lib.mkIf cfg.enable {
users.groups.nghttpx = { };
@ -98,7 +98,7 @@ in
group = config.users.groups.nghttpx.name;
isSystemUser = true;
};
systemd.services = {
nghttpx = {

2
nixos/modules/services/networking/onedrive.nix
View File

@ -23,7 +23,7 @@ in {
### Documentation
# meta.doc = ./onedrive.xml;
### Interface
### Interface
options.services.onedrive = {
enable = lib.mkOption {

2
nixos/modules/services/networking/prosody.nix
View File

@ -772,7 +772,7 @@ in
};
disco_items = {
${ lib.concatStringsSep "\n" (builtins.map (x: ''{ "${x.url}", "${x.description}"};'') discoItems)}
${ lib.concatStringsSep "\n" (builtins.map (x: ''{ "${x.url}", "${x.description}"};'') discoItems)}
};
allow_registration = ${toLua cfg.allowRegistration}

26
nixos/modules/services/networking/supplicant.nix
View File

@ -76,9 +76,9 @@ in
networking.supplicant = mkOption {
type = with types; attrsOf (submodule {
options = {
configFile = {
path = mkOption {
type = types.nullOr types.path;
default = null;
@ -89,7 +89,7 @@ in
precedence over options defined in <literal>configFile</literal>.
'';
};
writable = mkOption {
type = types.bool;
default = false;
@ -98,9 +98,9 @@ in
<literal>wpa_supplicant</literal>.
'';
};
};
extraConf = mkOption {
type = types.lines;
default = "";
@ -126,7 +126,7 @@ in
use the <literal>configFile</literal> instead.
'';
};
extraCmdArgs = mkOption {
type = types.str;
default = "";
@ -134,21 +134,21 @@ in
description =
"Command line arguments to add when executing <literal>wpa_supplicant</literal>.";
};
driver = mkOption {
type = types.nullOr types.str;
default = "nl80211,wext";
description = "Force a specific wpa_supplicant driver.";
};
bridge = mkOption {
type = types.str;
default = "";
description = "Name of the bridge interface that wpa_supplicant should listen at.";
};
userControlled = {
enable = mkOption {
type = types.bool;
default = false;
@ -159,20 +159,20 @@ in
access points.
'';
};
socketDir = mkOption {
type = types.str;
default = "/run/wpa_supplicant";
description = "Directory of sockets for controlling wpa_supplicant.";
};
group = mkOption {
type = types.str;
default = "wheel";
example = "network";
description = "Members of this group can control wpa_supplicant.";
};
};
};
});

2
nixos/modules/services/networking/trickster.nix
View File

@ -106,7 +106,7 @@ in
Restart = "always";
};
};
};
};
meta.maintainers = with maintainers; [ maintainers."1000101" ];

6
nixos/modules/services/networking/websockify.nix
View File

@ -5,12 +5,12 @@ with lib;
let cfg = config.services.networking.websockify; in {
options = {
services.networking.websockify = {
enable = mkOption {
enable = mkOption {
description = "Whether to enable websockify to forward websocket connections to TCP connections.";
default = false;
default = false;
type = types.bool;
type = types.bool;
};
sslCert = mkOption {

18
nixos/modules/services/security/haveged.nix
View File

@ -21,11 +21,11 @@ in
type = types.bool;
default = false;
description = ''
Whether to enable to haveged entropy daemon, which refills
Whether to enable to haveged entropy daemon, which refills
/dev/random when low.
'';
};
refill_threshold = mkOption {
type = types.int;
default = 1024;
@ -34,16 +34,16 @@ in
haveged should refill the entropy pool.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.haveged =
{ description = "Entropy Harvesting Daemon";
unitConfig.Documentation = "man:haveged(8)";
@ -63,5 +63,5 @@ in
};
};
}

435
nixos/modules/services/torrent/transmission.nix
View File

@ -1,52 +1,51 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, options, ... }:
with lib;
let
cfg = config.services.transmission;
inherit (config.environment) etc;
apparmor = config.security.apparmor.enable;
homeDir = cfg.home;
downloadDirPermissions = cfg.downloadDirPermissions;
downloadDir = "${homeDir}/Downloads";
incompleteDir = "${homeDir}/.incomplete";
settingsDir = "${homeDir}/config";
settingsFile = pkgs.writeText "settings.json" (builtins.toJSON fullSettings);
# for users in group "transmission" to have access to torrents
fullSettings = { umask = 2; download-dir = downloadDir; incomplete-dir = incompleteDir; } // cfg.settings;
preStart = pkgs.writeScript "transmission-pre-start" ''
#!${pkgs.runtimeShell}
set -ex
cp -f ${settingsFile} ${settingsDir}/settings.json
'';
rootDir = "/run/transmission";
homeDir = "/var/lib/transmission";
settingsDir = ".config/transmission-daemon";
downloadsDir = "Downloads";
incompleteDir = ".incomplete";
# TODO: switch to configGen.json once RFC0042 is implemented
settingsFile = pkgs.writeText "settings.json" (builtins.toJSON cfg.settings);
in
{
options = {
services.transmission = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether or not to enable the headless Transmission BitTorrent daemon.
enable = mkEnableOption ''the headless Transmission BitTorrent daemon.
Transmission daemon can be controlled via the RPC interface using
transmission-remote or the WebUI (http://localhost:9091/ by default).
Transmission daemon can be controlled via the RPC interface using
transmission-remote, the WebUI (http://127.0.0.1:9091/ by default),
or other clients like stig or tremc.
Torrents are downloaded to ${downloadDir} by default and are
accessible to users in the "transmission" group.
'';
};
Torrents are downloaded to ${homeDir}/${downloadsDir} by default and are
accessible to users in the "transmission" group'';
settings = mkOption {
settings = mkOption rec {
# TODO: switch to types.config.json as prescribed by RFC0042 once it's implemented
type = types.attrs;
apply = recursiveUpdate default;
default =
{
download-dir = downloadDir;
incomplete-dir = incompleteDir;
download-dir = "${cfg.home}/${downloadsDir}";
incomplete-dir = "${cfg.home}/${incompleteDir}";
incomplete-dir-enabled = true;
message-level = 1;
peer-port = 51413;
peer-port-random-high = 65535;
peer-port-random-low = 49152;
peer-port-random-on-start = false;
rpc-bind-address = "127.0.0.1";
rpc-port = 9091;
script-torrent-done-enabled = false;
script-torrent-done-filename = "";
umask = 2; # 0o002 in decimal as expected by Transmission
utp-enabled = true;
};
example =
{
@ -56,11 +55,12 @@ in
rpc-whitelist = "127.0.0.1,192.168.*.*";
};
description = ''
Attribute set whos fields overwrites fields in settings.json (each
time the service starts). String values must be quoted, integer and
Attribute set whose fields overwrites fields in
<literal>.config/transmission-daemon/settings.json</literal>
(each time the service starts). String values must be quoted, integer and
boolean values must not.
See https://github.com/transmission/transmission/wiki/Editing-Configuration-Files
See <link xlink:href="https://github.com/transmission/transmission/wiki/Editing-Configuration-Files">Transmission's Wiki</link>
for documentation.
'';
};
@ -70,22 +70,32 @@ in
default = "770";
example = "775";
description = ''
The permissions to set for download-dir and incomplete-dir.
They will be applied on every service start.
The permissions set by <literal>systemd.activationScripts.transmission-daemon</literal>
on the directories <link linkend="opt-services.transmission.settings">settings.download-dir</link>
and <link linkend="opt-services.transmission.settings">settings.incomplete-dir</link>.
Note that you may also want to change
<link linkend="opt-services.transmission.settings">settings.umask</link>.
'';
};
port = mkOption {
type = types.int;
default = 9091;
description = "TCP port number to run the RPC/web interface.";
type = types.port;
description = ''
TCP port number to run the RPC/web interface.
If instead you want to change the peer port,
use <link linkend="opt-services.transmission.settings">settings.peer-port</link>
or <link linkend="opt-services.transmission.settings">settings.peer-port-random-on-start</link>.
'';
};
home = mkOption {
type = types.path;
default = "/var/lib/transmission";
default = homeDir;
description = ''
The directory where transmission will create files.
The directory where Transmission will create <literal>${settingsDir}</literal>.
as well as <literal>${downloadsDir}/</literal> unless <link linkend="opt-services.transmission.settings">settings.download-dir</link> is changed,
and <literal>${incompleteDir}/</literal> unless <link linkend="opt-services.transmission.settings">settings.incomplete-dir</link> is changed.
'';
};
@ -100,32 +110,174 @@ in
default = "transmission";
description = "Group account under which Transmission runs.";
};
credentialsFile = mkOption {
type = types.path;
description = ''
Path to a JSON file to be merged with the settings.
Useful to merge a file which is better kept out of the Nix store
because it contains sensible data like <link linkend="opt-services.transmission.settings">settings.rpc-password</link>.
'';
default = "/dev/null";
example = "/var/lib/secrets/transmission/settings.json";
};
openFirewall = mkEnableOption "opening of the peer port(s) in the firewall";
performanceNetParameters = mkEnableOption ''tweaking of kernel parameters
to open many more connections at the same time.
Note that you may also want to increase
<link linkend="opt-services.transmission.settings">settings.peer-limit-global</link>.
And be aware that these settings are quite aggressive
and might not suite your regular desktop use.
For instance, SSH sessions may time out more easily'';
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d '${homeDir}' 0770 '${cfg.user}' '${cfg.group}' - -"
"d '${settingsDir}' 0700 '${cfg.user}' '${cfg.group}' - -"
"d '${fullSettings.download-dir}' '${downloadDirPermissions}' '${cfg.user}' '${cfg.group}' - -"
"d '${fullSettings.incomplete-dir}' '${downloadDirPermissions}' '${cfg.user}' '${cfg.group}' - -"
# Note that using systemd.tmpfiles would not work here
# because it would fail when creating a directory
# with a different owner than its parent directory, by saying:
# Detected unsafe path transition /home/foo → /home/foo/Downloads during canonicalization of /home/foo/Downloads
# when /home/foo is not owned by cfg.user.
# Note also that using an ExecStartPre= wouldn't work either
# because BindPaths= needs these directories before.
system.activationScripts.transmission-daemon = ''
install -d -m 700 '${cfg.home}/${settingsDir}'
chown -R '${cfg.user}:${cfg.group}' ${cfg.home}/${settingsDir}
install -d -m '${cfg.downloadDirPermissions}' -o '${cfg.user}' -g '${cfg.group}' '${cfg.settings.download-dir}'
'' + optionalString cfg.settings.incomplete-dir-enabled ''
install -d -m '${cfg.downloadDirPermissions}' -o '${cfg.user}' -g '${cfg.group}' '${cfg.settings.incomplete-dir}'
'';
assertions = [
{ assertion = builtins.match "^/.*" cfg.home != null;
message = "`services.transmission.home' must be an absolute path.";
}
{ assertion = types.path.check cfg.settings.download-dir;
message = "`services.transmission.settings.download-dir' must be an absolute path.";
}
{ assertion = types.path.check cfg.settings.incomplete-dir;
message = "`services.transmission.settings.incomplete-dir' must be an absolute path.";
}
{ assertion = cfg.settings.script-torrent-done-filename == "" || types.path.check cfg.settings.script-torrent-done-filename;
message = "`services.transmission.settings.script-torrent-done-filename' must be an absolute path.";
}
{ assertion = types.port.check cfg.settings.rpc-port;
message = "${toString cfg.settings.rpc-port} is not a valid port number for `services.transmission.settings.rpc-port`.";
}
# In case both port and settings.rpc-port are explicitely defined: they must be the same.
{ assertion = !options.services.transmission.port.isDefined || cfg.port == cfg.settings.rpc-port;
message = "`services.transmission.port' is not equal to `services.transmission.settings.rpc-port'";
}
];
services.transmission.settings =
optionalAttrs options.services.transmission.port.isDefined { rpc-port = cfg.port; };
systemd.services.transmission = {
description = "Transmission BitTorrent Service";
after = [ "network.target" ] ++ optional apparmor "apparmor.service";
requires = mkIf apparmor [ "apparmor.service" ];
requires = optional apparmor "apparmor.service";
wantedBy = [ "multi-user.target" ];
environment.CURL_CA_BUNDLE = etc."ssl/certs/ca-certificates.crt".source;
# 1) Only the "transmission" user and group have access to torrents.
# 2) Optionally update/force specific fields into the configuration file.
serviceConfig.ExecStartPre = preStart;
serviceConfig.ExecStart = "${pkgs.transmission}/bin/transmission-daemon -f --port ${toString config.services.transmission.port} --config-dir ${settingsDir}";
serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
serviceConfig.User = cfg.user;
serviceConfig.Group = cfg.group;
# NOTE: transmission has an internal umask that also must be set (in settings.json)
serviceConfig.UMask = "0002";
serviceConfig = {
# Use "+" because credentialsFile may not be accessible to User= or Group=.
ExecStartPre = [("+" + pkgs.writeShellScript "transmission-prestart" ''
set -eu${lib.optionalString (cfg.settings.message-level >= 3) "x"}
${pkgs.jq}/bin/jq --slurp add ${settingsFile} '${cfg.credentialsFile}' |
install -D -m 600 -o '${cfg.user}' -g '${cfg.group}' /dev/stdin \
'${cfg.home}/${settingsDir}/settings.json'
'')];
ExecStart="${pkgs.transmission}/bin/transmission-daemon -f";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = cfg.user;
Group = cfg.group;
# Create rootDir in the host's mount namespace.
RuntimeDirectory = [(baseNameOf rootDir)];
RuntimeDirectoryMode = "755";
# Avoid mounting rootDir in the own rootDir of ExecStart='s mount namespace.
InaccessiblePaths = ["-+${rootDir}"];
# This is for BindPaths= and BindReadOnlyPaths=
# to allow traversal of directories they create in RootDirectory=.
UMask = "0066";
# Using RootDirectory= makes it possible
# to use the same paths download-dir/incomplete-dir
# (which appear in user's interfaces) without requiring cfg.user
# to have access to their parent directories,
# by using BindPaths=/BindReadOnlyPaths=.
# Note that TemporaryFileSystem= could have been used instead
# but not without adding some BindPaths=/BindReadOnlyPaths=
# that would only be needed for ExecStartPre=,
# because RootDirectoryStartOnly=true would not help.
RootDirectory = rootDir;
RootDirectoryStartOnly = true;
MountAPIVFS = true;
BindPaths =
[ "${cfg.home}/${settingsDir}"
cfg.settings.download-dir
] ++
optional cfg.settings.incomplete-dir-enabled
cfg.settings.incomplete-dir;
BindReadOnlyPaths = [
# No confinement done of /nix/store here like in systemd-confinement.nix,
# an AppArmor profile is provided to get a confinement based upon paths and rights.
builtins.storeDir
"-/etc/hosts"
"-/etc/ld-nix.so.preload"
"-/etc/localtime"
] ++
optional (cfg.settings.script-torrent-done-enabled &&
cfg.settings.script-torrent-done-filename != "")
cfg.settings.script-torrent-done-filename;
# The following options are only for optimizing:
# systemd-analyze security transmission
AmbientCapabilities = "";
CapabilityBoundingSet = "";
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateNetwork = mkDefault false;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
# ProtectHome=true would not allow BindPaths= to work accross /home,
# and ProtectHome=tmpfs would break statfs(),
# preventing transmission-daemon to report the available free space.
# However, RootDirectory= is used, so this is not a security concern
# since there would be nothing in /home but any BindPaths= wanted by the user.
ProtectHome = "read-only";
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RemoveIPC = true;
# AF_UNIX may become usable one day:
# https://github.com/transmission/transmission/issues/441
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallFilter = [
"@system-service"
# Groups in @system-service which do not contain a syscall
# listed by perf stat -e 'syscalls:sys_enter_*' transmission-daemon -f
# in tests, and seem likely not necessary for transmission-daemon.
"~@aio" "~@chown" "~@keyring" "~@memlock" "~@resources" "~@setuid" "~@timer"
# In the @privileged group, but reached when querying infos through RPC (eg. with stig).
"quotactl"
];
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
};
};
# It's useful to have transmission in path, e.g. for remote control
@ -133,70 +285,153 @@ in
users.users = optionalAttrs (cfg.user == "transmission") ({
transmission = {
name = "transmission";
group = cfg.group;
uid = config.ids.uids.transmission;
description = "Transmission BitTorrent user";
home = homeDir;
createHome = true;
home = cfg.home;
};
});
users.groups = optionalAttrs (cfg.group == "transmission") ({
transmission = {
name = "transmission";
gid = config.ids.gids.transmission;
};
});
# AppArmor profile
networking.firewall = mkIf cfg.openFirewall (
if cfg.settings.peer-port-random-on-start
then
{ allowedTCPPortRanges =
[ { from = cfg.settings.peer-port-random-low;
to = cfg.settings.peer-port-random-high;
}
];
allowedUDPPortRanges =
[ { from = cfg.settings.peer-port-random-low;
to = cfg.settings.peer-port-random-high;
}
];
}
else
{ allowedTCPPorts = [ cfg.settings.peer-port ];
allowedUDPPorts = [ cfg.settings.peer-port ];
}
);
boot.kernel.sysctl = mkMerge [
# Transmission uses a single UDP socket in order to implement multiple uTP sockets,
# and thus expects large kernel buffers for the UDP socket,
# https://trac.transmissionbt.com/browser/trunk/libtransmission/tr-udp.c?rev=11956.
# at least up to the values hardcoded here:
(mkIf cfg.settings.utp-enabled {
"net.core.rmem_max" = mkDefault "4194304"; # 4MB
"net.core.wmem_max" = mkDefault "1048576"; # 1MB
})
(mkIf cfg.performanceNetParameters {
# Increase the number of available source (local) TCP and UDP ports to 49151.
# Usual default is 32768 60999, ie. 28231 ports.
# Find out your current usage with: ss -s
"net.ipv4.ip_local_port_range" = "16384 65535";
# Timeout faster generic TCP states.
# Usual default is 600.
# Find out your current usage with: watch -n 1 netstat -nptuo
"net.netfilter.nf_conntrack_generic_timeout" = 60;
# Timeout faster established but inactive connections.
# Usual default is 432000.
"net.netfilter.nf_conntrack_tcp_timeout_established" = 600;
# Clear immediately TCP states after timeout.
# Usual default is 120.
"net.netfilter.nf_conntrack_tcp_timeout_time_wait" = 1;
# Increase the number of trackable connections.
# Usual default is 262144.
# Find out your current usage with: conntrack -C
"net.netfilter.nf_conntrack_max" = 1048576;
})
];
security.apparmor.profiles = mkIf apparmor [
(pkgs.writeText "apparmor-transmission-daemon" ''
#include <tunables/global>
include <tunables/global>
${pkgs.transmission}/bin/transmission-daemon {
#include <abstractions/base>
#include <abstractions/nameservice>
include <abstractions/base>
include <abstractions/nameservice>
${getLib pkgs.glibc}/lib/*.so mr,
${getLib pkgs.libevent}/lib/libevent*.so* mr,
${getLib pkgs.curl}/lib/libcurl*.so* mr,
${getLib pkgs.openssl}/lib/libssl*.so* mr,
${getLib pkgs.openssl}/lib/libcrypto*.so* mr,
${getLib pkgs.zlib}/lib/libz*.so* mr,
${getLib pkgs.libssh2}/lib/libssh2*.so* mr,
${getLib pkgs.systemd}/lib/libsystemd*.so* mr,
${getLib pkgs.xz}/lib/liblzma*.so* mr,
${getLib pkgs.libgcrypt}/lib/libgcrypt*.so* mr,
${getLib pkgs.libgpgerror}/lib/libgpg-error*.so* mr,
${getLib pkgs.nghttp2}/lib/libnghttp2*.so* mr,
${getLib pkgs.c-ares}/lib/libcares*.so* mr,
${getLib pkgs.libcap}/lib/libcap*.so* mr,
${getLib pkgs.attr}/lib/libattr*.so* mr,
${getLib pkgs.lz4}/lib/liblz4*.so* mr,
${getLib pkgs.libkrb5}/lib/lib*.so* mr,
${getLib pkgs.keyutils}/lib/libkeyutils*.so* mr,
${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so.* mr,
${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so.* mr,
${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so.* mr,
${getLib pkgs.gcc.cc.lib}/lib/libstdc++.so.* mr,
${getLib pkgs.gcc.cc.lib}/lib/libgcc_s.so.* mr,
@{PROC}/sys/kernel/random/uuid r,
@{PROC}/sys/vm/overcommit_memory r,
${pkgs.openssl.out}/etc/** r,
${pkgs.transmission}/share/transmission/** r,
owner ${settingsDir}/** rw,
${fullSettings.download-dir}/** rw,
${optionalString fullSettings.incomplete-dir-enabled ''
${fullSettings.incomplete-dir}/** rw,
# NOTE: https://github.com/NixOS/nixpkgs/pull/93457
# will remove the need for these by fixing <abstractions/base>
r ${etc."hosts".source},
r /etc/ld-nix.so.preload,
${lib.optionalString (builtins.hasAttr "ld-nix.so.preload" etc) ''
r ${etc."ld-nix.so.preload".source},
${concatMapStrings (p: optionalString (p != "") ("mr ${p},\n"))
(splitString "\n" config.environment.etc."ld-nix.so.preload".text)}
''}
r ${etc."ssl/certs/ca-certificates.crt".source},
r ${pkgs.tzdata}/share/zoneinfo/**,
r ${pkgs.stdenv.cc.libc}/share/i18n/**,
r ${pkgs.stdenv.cc.libc}/share/locale/**,
mr ${getLib pkgs.stdenv.cc.cc}/lib/*.so*,
mr ${getLib pkgs.stdenv.cc.libc}/lib/*.so*,
mr ${getLib pkgs.attr}/lib/libattr*.so*,
mr ${getLib pkgs.c-ares}/lib/libcares*.so*,
mr ${getLib pkgs.curl}/lib/libcurl*.so*,
mr ${getLib pkgs.keyutils}/lib/libkeyutils*.so*,
mr ${getLib pkgs.libcap}/lib/libcap*.so*,
mr ${getLib pkgs.libevent}/lib/libevent*.so*,
mr ${getLib pkgs.libgcrypt}/lib/libgcrypt*.so*,
mr ${getLib pkgs.libgpgerror}/lib/libgpg-error*.so*,
mr ${getLib pkgs.libkrb5}/lib/lib*.so*,
mr ${getLib pkgs.libssh2}/lib/libssh2*.so*,
mr ${getLib pkgs.lz4}/lib/liblz4*.so*,
mr ${getLib pkgs.nghttp2}/lib/libnghttp2*.so*,
mr ${getLib pkgs.openssl}/lib/libcrypto*.so*,
mr ${getLib pkgs.openssl}/lib/libssl*.so*,
mr ${getLib pkgs.systemd}/lib/libsystemd*.so*,
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so*,
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so*,
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so*,
mr ${getLib pkgs.xz}/lib/liblzma*.so*,
mr ${getLib pkgs.zlib}/lib/libz*.so*,
r @{PROC}/sys/kernel/random/uuid,
r @{PROC}/sys/vm/overcommit_memory,
# @{pid} is not a kernel variable yet but a regexp
#r @{PROC}/@{pid}/environ,
r @{PROC}/@{pid}/mounts,
rwk /tmp/tr_session_id_*,
r ${pkgs.openssl.out}/etc/**,
r ${config.systemd.services.transmission.environment.CURL_CA_BUNDLE},
r ${pkgs.transmission}/share/transmission/**,
owner rw ${cfg.home}/${settingsDir}/**,
rw ${cfg.settings.download-dir}/**,
${optionalString cfg.settings.incomplete-dir-enabled ''
rw ${cfg.settings.incomplete-dir}/**,
''}
profile dirs {
rw ${cfg.settings.download-dir}/**,
${optionalString cfg.settings.incomplete-dir-enabled ''
rw ${cfg.settings.incomplete-dir}/**,
''}
}
${optionalString (cfg.settings.script-torrent-done-enabled &&
cfg.settings.script-torrent-done-filename != "") ''
# Stack transmission_directories profile on top of
# any existing profile for script-torrent-done-filename
# FIXME: to be tested as I'm not sure it works well with NoNewPrivileges=
# https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorStacking#seccomp-and-no_new_privs
px ${cfg.settings.script-torrent-done-filename} -> &@{dirs},
''}
# FIXME: enable customizing using https://github.com/NixOS/nixpkgs/pull/93457
# include <local/transmission-daemon>
}
'')
];
};
meta.maintainers = with lib.maintainers; [ julm ];
}

222
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -45,6 +45,12 @@ let
inherit (config.system) stateVersion;
in {
imports = [
( mkRemovedOptionModule [ "services" "nextcloud" "nginx" "enable" ]
"The nextcloud module dropped support for other webservers than nginx.")
];
options.services.nextcloud = {
enable = mkEnableOption "nextcloud";
hostName = mkOption {
@ -91,16 +97,6 @@ in {
'';
};
nginx.enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable nginx virtual host management.
Further nginx configuration can be done by adapting <literal>services.nginx.virtualHosts.&lt;name&gt;</literal>.
See <xref linkend="opt-services.nginx.virtualHosts"/> for further information.
'';
};
webfinger = mkOption {
type = types.bool;
default = false;
@ -468,10 +464,18 @@ in {
script = ''
chmod og+x ${cfg.home}
ln -sf ${cfg.package}/apps ${cfg.home}/
mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php
chown -R nextcloud:nginx ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
# create nextcloud directories.
# if the directories exist already with wrong permissions, we fix that
for dir in ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps; do
if [ ! -e $dir ]; then
install -o nextcloud -g nextcloud -d $dir
elif [ $(stat -c "%G" $dir) != "nextcloud" ]; then
chgrp -R nextcloud $dir
fi
done
ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php
# Do not install if already installed
if [[ ! -e ${cfg.home}/config/config.php ]]; then
@ -484,6 +488,7 @@ in {
${occSetTrustedDomainsCmd}
'';
serviceConfig.Type = "oneshot";
serviceConfig.User = "nextcloud";
};
nextcloud-cron = {
environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
@ -502,7 +507,7 @@ in {
services.phpfpm = {
pools.nextcloud = {
user = "nextcloud";
group = "nginx";
group = "nextcloud";
phpOptions = phpOptionsStr;
phpPackage = phpPackage;
phpEnv = {
@ -510,99 +515,82 @@ in {
PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";
};
settings = mapAttrs (name: mkDefault) {
"listen.owner" = "nginx";
"listen.group" = "nginx";
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
} // cfg.poolSettings;
extraConfig = cfg.poolConfig;
};
};
users.extraUsers.nextcloud = {
users.users.nextcloud = {
home = "${cfg.home}";
group = "nginx";
group = "nextcloud";
createHome = true;
};
users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ];
environment.systemPackages = [ occ ];
}
(mkIf cfg.nginx.enable {
services.nginx = {
services.nginx = mkDefault {
enable = true;
virtualHosts = {
${cfg.hostName} = {
root = cfg.package;
locations = {
"= /robots.txt" = {
priority = 100;
extraConfig = ''
allow all;
log_not_found off;
access_log off;
'';
};
"/" = {
priority = 200;
extraConfig = "rewrite ^ /index.php;";
};
"~ ^/store-apps" = {
priority = 201;
extraConfig = "root ${cfg.home};";
};
"= /.well-known/carddav" = {
priority = 210;
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
};
"= /.well-known/caldav" = {
priority = 210;
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
};
"~ ^\\/(?:build|tests|config|lib|3rdparty|templates|data)\\/" = {
priority = 300;
extraConfig = "deny all;";
};
"~ ^\\/(?:\\.|autotest|occ|issue|indie|db_|console)" = {
priority = 300;
extraConfig = "deny all;";
};
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = {
priority = 500;
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(\\/.*)$;
try_files $fastcgi_script_name =404;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS ${if cfg.https then "on" else "off"};
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:${fpm.socket};
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 120s;
'';
};
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
try_files $uri/ =404;
index index.php;
'';
"~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = ''
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options sameorigin;
add_header Referrer-Policy no-referrer;
access_log off;
'';
"~ \\.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$".extraConfig = ''
try_files $uri /index.php$request_uri;
virtualHosts.${cfg.hostName} = {
root = cfg.package;
locations = {
"= /robots.txt" = {
priority = 100;
extraConfig = ''
allow all;
log_not_found off;
access_log off;
'';
};
extraConfig = ''
"/" = {
priority = 200;
extraConfig = "rewrite ^ /index.php;";
};
"~ ^/store-apps" = {
priority = 201;
extraConfig = "root ${cfg.home};";
};
"= /.well-known/carddav" = {
priority = 210;
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
};
"= /.well-known/caldav" = {
priority = 210;
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
};
"~ ^\\/(?:build|tests|config|lib|3rdparty|templates|data)\\/" = {
priority = 300;
extraConfig = "deny all;";
};
"~ ^\\/(?:\\.|autotest|occ|issue|indie|db_|console)" = {
priority = 300;
extraConfig = "deny all;";
};
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = {
priority = 500;
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(\\/.*)$;
try_files $fastcgi_script_name =404;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS ${if cfg.https then "on" else "off"};
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:${fpm.socket};
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 120s;
'';
};
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
try_files $uri/ =404;
index index.php;
'';
"~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = ''
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
@ -610,28 +598,42 @@ in {
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options sameorigin;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
client_max_body_size ${cfg.maxUploadSize};
fastcgi_buffers 64 4K;
fastcgi_hide_header X-Powered-By;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
${optionalString cfg.webfinger ''
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
''}
access_log off;
'';
"~ \\.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$".extraConfig = ''
try_files $uri /index.php$request_uri;
access_log off;
'';
};
extraConfig = ''
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options sameorigin;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
client_max_body_size ${cfg.maxUploadSize};
fastcgi_buffers 64 4K;
fastcgi_hide_header X-Powered-By;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
${optionalString cfg.webfinger ''
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
''}
'';
};
};
})
}
]);
meta.doc = ./nextcloud.xml;

6
nixos/modules/services/web-apps/nextcloud.xml
View File

@ -29,7 +29,6 @@
services.nextcloud = {
<link linkend="opt-services.nextcloud.enable">enable</link> = true;
<link linkend="opt-services.nextcloud.hostName">hostName</link> = "nextcloud.tld";
<link linkend="opt-services.nextcloud.nginx.enable">nginx.enable</link> = true;
config = {
<link linkend="opt-services.nextcloud.config.dbtype">dbtype</link> = "pgsql";
<link linkend="opt-services.nextcloud.config.dbuser">dbuser</link> = "nextcloud";
@ -61,9 +60,8 @@
</para>
<para>
The options <literal>hostName</literal> and <literal>nginx.enable</literal>
are used internally to configure an HTTP server using
<literal><link xlink:href="https://php-fpm.org/">PHP-FPM</link></literal>
The <literal>hostName</literal> option is used internally to configure an HTTP
server using <literal><link xlink:href="https://php-fpm.org/">PHP-FPM</link></literal>
and <literal>nginx</literal>. The <literal>config</literal> attribute set is
used by the imperative installer and all values are written to an additional file
to ensure that changes can be applied by changing the module's options.

2
nixos/modules/services/web-apps/pgpkeyserver-lite.nix
View File

@ -33,7 +33,7 @@ in
description = "
Which hostname to set the vHost to that is proxying to sks.
";
};
};
hkpAddress = mkOption {
default = builtins.head sksCfg.hkpAddress;

2
nixos/modules/services/web-apps/trilium.nix
View File

@ -83,7 +83,7 @@ in
};
};
config = lib.mkIf cfg.enable (lib.mkMerge [
config = lib.mkIf cfg.enable (lib.mkMerge [
{
meta.maintainers = with lib.maintainers; [ kampka ];

2
nixos/modules/services/web-servers/shellinabox.nix
View File

@ -51,7 +51,7 @@ in
Whether or not to enable SSL (https) support.
'';
};
certDirectory = mkOption {
type = types.nullOr types.path;
default = null;

2
nixos/modules/services/x11/display-managers/default.nix
View File

@ -353,7 +353,7 @@ in
};
};
};
default = {};
description = ''
Auto login configuration attrset.

2
nixos/modules/services/x11/window-managers/qtile.nix
View File

@ -19,7 +19,7 @@ in
waitPID=$!
'';
}];
environment.systemPackages = [ pkgs.qtile ];
};
}

18
nixos/modules/system/boot/initrd-openvpn.nix
View File

@ -5,7 +5,7 @@ with lib;
let
cfg = config.boot.initrd.network.openvpn;
in
{
@ -16,17 +16,17 @@ in
type = types.bool;
default = false;
description = ''
Starts an OpenVPN client during initrd boot. It can be used to e.g.
remotely accessing the SSH service controlled by
<option>boot.initrd.network.ssh</option> or other network services
Starts an OpenVPN client during initrd boot. It can be used to e.g.
remotely accessing the SSH service controlled by
<option>boot.initrd.network.ssh</option> or other network services
included. Service is killed when stage-1 boot is finished.
'';
};
boot.initrd.network.openvpn.configuration = mkOption {
type = types.path; # Same type as boot.initrd.secrets
description = ''
The configuration file for OpenVPN.
The configuration file for OpenVPN.
<warning>
<para>
@ -47,7 +47,7 @@ in
message = "You should specify a configuration for initrd OpenVPN";
}
];
# Add kernel modules needed for OpenVPN
boot.initrd.kernelModules = [ "tun" "tap" ];
@ -60,11 +60,11 @@ in
cp -pv ${pkgs.glibc}/lib/libresolv.so.2 $out/lib
cp -pv ${pkgs.glibc}/lib/libnss_dns.so.2 $out/lib
'';
boot.initrd.secrets = {
"/etc/initrd.ovpn" = cfg.configuration;
};
# openvpn --version would exit with 1 instead of 0
boot.initrd.extraUtilsCommandsTest = ''
$out/bin/openvpn --show-gateway

4
nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
View File

@ -64,10 +64,10 @@ in {
example = 120;
type = types.nullOr types.int;
description = ''
Maximum number of latest generations in the boot menu.
Maximum number of latest generations in the boot menu.
Useful to prevent boot partition running out of disk space.
<literal>null</literal> means no limit i.e. all generations
<literal>null</literal> means no limit i.e. all generations
that were not garbage collected yet.
'';
};

1542
nixos/modules/system/boot/networkd.nix
View File

File diff suppressed because it is too large Load Diff

6
nixos/modules/system/boot/systemd-nspawn.nix
View File

@ -113,9 +113,9 @@ in {
config =
let
units = mapAttrs' (n: v: let nspawnFile = "${n}.nspawn"; in nameValuePair nspawnFile (instanceToUnit nspawnFile v)) cfg;
in
in
mkMerge [
(mkIf (cfg != {}) {
(mkIf (cfg != {}) {
environment.etc."systemd/nspawn".source = mkIf (cfg != {}) (generateUnits' false "nspawn" units [] []);
})
{
@ -123,7 +123,7 @@ in {
# Workaround for https://github.com/NixOS/nixpkgs/pull/67232#issuecomment-531315437 and https://github.com/systemd/systemd/issues/13622
# Once systemd fixes this upstream, we can re-enable -U
systemd.services."systemd-nspawn@".serviceConfig.ExecStart = [
systemd.services."systemd-nspawn@".serviceConfig.ExecStart = [
"" # deliberately empty. signals systemd to override the ExecStart
# Only difference between upstream is that we do not pass the -U flag
"${config.systemd.package}/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth --settings=override --machine=%i"

98
nixos/modules/tasks/auto-upgrade.nix
View File

@ -2,9 +2,9 @@
with lib;
let cfg = config.system.autoUpgrade; in
let cfg = config.system.autoUpgrade;
{
in {
options = {
@ -21,6 +21,16 @@ let cfg = config.system.autoUpgrade; in
'';
};
flake = mkOption {
type = types.nullOr types.str;
default = null;
example = "github:kloenk/nix";
description = ''
The Flake URI of the NixOS configuration to build.
Disables the option <option>system.autoUpgrade.channel</option>.
'';
};
channel = mkOption {
type = types.nullOr types.str;
default = null;
@ -35,10 +45,20 @@ let cfg = config.system.autoUpgrade; in
flags = mkOption {
type = types.listOf types.str;
default = [];
example = [ "-I" "stuff=/home/alice/nixos-stuff" "--option" "extra-binary-caches" "http://my-cache.example.org/" ];
default = [ ];
example = [
"-I"
"stuff=/home/alice/nixos-stuff"
"--option"
"extra-binary-caches"
"http://my-cache.example.org/"
];
description = ''
Any additional flags passed to <command>nixos-rebuild</command>.
If you are using flakes and use a local repo you can add
<command>[ "--update-input" "nixpkgs" "--commit-lock-file" ]</command>
to update nixpkgs.
'';
};
@ -82,11 +102,23 @@ let cfg = config.system.autoUpgrade; in
config = lib.mkIf cfg.enable {
system.autoUpgrade.flags =
[ "--no-build-output" ]
++ (if cfg.channel == null
then [ "--upgrade" ]
else [ "-I" "nixpkgs=${cfg.channel}/nixexprs.tar.xz" ]);
assertions = [{
assertion = !((cfg.channel != null) && (cfg.flake != null));
message = ''
The options 'system.autoUpgrade.channels' and 'system.autoUpgrade.flake' cannot both be set.
'';
}];
system.autoUpgrade.flags = [ "--no-build-output" ]
++ (if cfg.flake == null then
(if cfg.channel == null then
[ "--upgrade" ]
else [
"-I"
"nixpkgs=${cfg.channel}/nixexprs.tar.xz"
])
else
[ "--flake ${cfg.flake}" ]);
systemd.services.nixos-upgrade = {
description = "NixOS Upgrade";
@ -96,33 +128,41 @@ let cfg = config.system.autoUpgrade; in
serviceConfig.Type = "oneshot";
environment = config.nix.envVars //
{ inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root";
} // config.networking.proxy.envVars;
environment = config.nix.envVars // {
inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root";
} // config.networking.proxy.envVars;
path = with pkgs; [ coreutils gnutar xz.bin gzip gitMinimal config.nix.package.out ];
path = with pkgs; [
coreutils
gnutar
xz.bin
gzip
gitMinimal
config.nix.package.out
];
script = let
nixos-rebuild = "${config.system.build.nixos-rebuild}/bin/nixos-rebuild";
in
if cfg.allowReboot then ''
${nixos-rebuild} boot ${toString cfg.flags}
booted="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"
built="$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"
if [ "$booted" = "$built" ]; then
${nixos-rebuild} switch ${toString cfg.flags}
else
/run/current-system/sw/bin/shutdown -r +1
fi
'' else ''
${nixos-rebuild} switch ${toString cfg.flags}
'';
nixos-rebuild =
"${config.system.build.nixos-rebuild}/bin/nixos-rebuild";
in if cfg.allowReboot then ''
${nixos-rebuild} boot ${toString cfg.flags}
booted="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"
built="$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"
if [ "$booted" = "$built" ]; then
${nixos-rebuild} switch ${toString cfg.flags}
else
/run/current-system/sw/bin/shutdown -r +1
fi
'' else ''
${nixos-rebuild} switch ${toString cfg.flags}
'';
startAt = cfg.dates;
};
systemd.timers.nixos-upgrade.timerConfig.RandomizedDelaySec = cfg.randomizedDelaySec;
systemd.timers.nixos-upgrade.timerConfig.RandomizedDelaySec =
cfg.randomizedDelaySec;
};

2
nixos/modules/tasks/bcache.nix
View File

@ -8,6 +8,6 @@
boot.initrd.extraUdevRulesCommands = ''
cp -v ${pkgs.bcache-tools}/lib/udev/rules.d/*.rules $out/
'';
'';
}

2
nixos/modules/virtualisation/azure-image.nix
View File

@ -6,7 +6,7 @@ let
in
{
imports = [ ./azure-common.nix ];
options = {
virtualisation.azureImage.diskSize = mkOption {
type = with types; int;

12
nixos/modules/virtualisation/railcar.nix
View File

@ -29,9 +29,9 @@ let
default = "none";
description = ''
The type of the filesystem to be mounted.
Linux: filesystem types supported by the kernel as listed in
`/proc/filesystems` (e.g., "minix", "ext2", "ext3", "jfs", "xfs",
"reiserfs", "msdos", "proc", "nfs", "iso9660"). For bind mounts
Linux: filesystem types supported by the kernel as listed in
`/proc/filesystems` (e.g., "minix", "ext2", "ext3", "jfs", "xfs",
"reiserfs", "msdos", "proc", "nfs", "iso9660"). For bind mounts
(when options include either bind or rbind), the type is a dummy,
often "none" (not listed in /proc/filesystems).
'';
@ -45,9 +45,9 @@ let
default = [ "bind" ];
description = ''
Mount options of the filesystem to be used.
Support optoions are listed in the mount(8) man page. Note that
both filesystem-independent and filesystem-specific options
Support options are listed in the mount(8) man page. Note that
both filesystem-independent and filesystem-specific options
are listed.
'';
};

24
nixos/tests/bittorrent.nix
View File

@ -19,6 +19,7 @@ let
externalClient2Address = "80.100.100.2";
externalTrackerAddress = "80.100.100.3";
download-dir = "/var/lib/transmission/Downloads";
transmissionConfig = { ... }: {
environment.systemPackages = [ pkgs.transmission ];
services.transmission = {
@ -26,6 +27,7 @@ let
settings = {
dht-enabled = false;
message-level = 3;
inherit download-dir;
};
};
};
@ -117,12 +119,12 @@ in
router.wait_for_unit("miniupnpd")
# Create the torrent.
tracker.succeed("mkdir /tmp/data")
tracker.succeed("mkdir ${download-dir}/data")
tracker.succeed(
"cp ${file} /tmp/data/test.tar.bz2"
"cp ${file} ${download-dir}/data/test.tar.bz2"
)
tracker.succeed(
"transmission-create /tmp/data/test.tar.bz2 --private --tracker http://${externalTrackerAddress}:6969/announce --outfile /tmp/test.torrent"
"transmission-create ${download-dir}/data/test.tar.bz2 --private --tracker http://${externalTrackerAddress}:6969/announce --outfile /tmp/test.torrent"
)
tracker.succeed("chmod 644 /tmp/test.torrent")
@ -133,18 +135,16 @@ in
# Start the initial seeder.
tracker.succeed(
"transmission-remote --add /tmp/test.torrent --no-portmap --no-dht --download-dir /tmp/data"
"transmission-remote --add /tmp/test.torrent --no-portmap --no-dht --download-dir ${download-dir}/data"
)
# Now we should be able to download from the client behind the NAT.
tracker.wait_for_unit("httpd")
client1.wait_for_unit("network-online.target")
client1.succeed("transmission-remote --add http://${externalTrackerAddress}/test.torrent >&2 &")
client1.wait_for_file("${download-dir}/test.tar.bz2")
client1.succeed(
"transmission-remote --add http://${externalTrackerAddress}/test.torrent --download-dir /tmp >&2 &"
)
client1.wait_for_file("/tmp/test.tar.bz2")
client1.succeed(
"cmp /tmp/test.tar.bz2 ${file}"
"cmp ${download-dir}/test.tar.bz2 ${file}"
)
# Bring down the initial seeder.
@ -154,11 +154,11 @@ in
# the first client created a NAT hole in the router.
client2.wait_for_unit("network-online.target")
client2.succeed(
"transmission-remote --add http://${externalTrackerAddress}/test.torrent --no-portmap --no-dht --download-dir /tmp >&2 &"
"transmission-remote --add http://${externalTrackerAddress}/test.torrent --no-portmap --no-dht >&2 &"
)
client2.wait_for_file("/tmp/test.tar.bz2")
client2.wait_for_file("${download-dir}/test.tar.bz2")
client2.succeed(
"cmp /tmp/test.tar.bz2 ${file}"
"cmp ${download-dir}/test.tar.bz2 ${file}"
)
'';
})

1
nixos/tests/nextcloud/basic.nix
View File

@ -33,7 +33,6 @@ in {
services.nextcloud = {
enable = true;
nginx.enable = true;
hostName = "nextcloud";
config = {
# Don't inherit adminuser since "root" is supposed to be the default

1
nixos/tests/nextcloud/with-mysql-and-memcached.nix
View File

@ -17,7 +17,6 @@ in {
services.nextcloud = {
enable = true;
hostName = "nextcloud";
nginx.enable = true;
https = true;
caching = {
apcu = true;

1
nixos/tests/nextcloud/with-postgresql-and-redis.nix
View File

@ -17,7 +17,6 @@ in {
services.nextcloud = {
enable = true;
hostName = "nextcloud";
nginx.enable = true;
caching = {
apcu = false;
redis = true;

12
pkgs/applications/audio/a2jmidid/default.nix
View File

@ -9,7 +9,7 @@ in stdenv.mkDerivation {
version = "8";
src = fetchurl {
url = "https://repo.or.cz/a2jmidid.git/snapshot/7383d268c4bfe85df9f10df6351677659211d1ca.tar.gz";
url = "https://github.com/linuxaudio/a2jmidid/archive/7383d268c4bfe85df9f10df6351677659211d1ca.tar.gz";
sha256 = "06dgf5655znbvrd7fhrv8msv6zw8vk0hjqglcqkh90960mnnmwz7";
};
@ -18,13 +18,17 @@ in stdenv.mkDerivation {
patches = [
(fetchpatch {
url = "https://repo.or.cz/a2jmidid.git/patch/24e3b8e543256ae8fdfb4b75eb9fd775f07c46e2";
url = "https://github.com/linuxaudio/a2jmidid/commit/24e3b8e543256ae8fdfb4b75eb9fd775f07c46e2.diff";
sha256 = "1nxrvnhxlgqc9wbxnp1gnpw4wjyzxvymwcg1gh2nqzmssgfykfkc";
})
(fetchpatch {
url = "https://repo.or.cz/a2jmidid.git/patch/7f82da7eb2f540a94db23331be98d42a58ddc269";
url = "https://github.com/linuxaudio/a2jmidid/commit/7f82da7eb2f540a94db23331be98d42a58ddc269.diff";
sha256 = "1nab9zf0agbcj5pvhl90pz0cx1d204d4janqflc5ymjhy8jyrsdv";
})
(fetchpatch {
url = "https://github.com/linuxaudio/a2jmidid/commit/c07775d021a71cb91bf64ce1391cf525415cb060.diff";
sha256 = "172v9hri03qdqi8a3zsg227k5qxldd8v5bj4jk7fyk5jf50fcxga";
})
];
postInstall = ''
@ -35,6 +39,6 @@ in stdenv.mkDerivation {
description = "Daemon for exposing legacy ALSA sequencer applications in JACK MIDI system";
license = licenses.gpl2;
maintainers = [ maintainers.goibhniu ];
platforms = [ "i686-linux" "x86_64-linux" ];
platforms = [ "i686-linux" "x86_64-linux" "aarch64-linux" ];
};
}

10
pkgs/applications/audio/adlplug/default.nix
View File

@ -1,18 +1,18 @@
{ stdenv, fetchFromGitHub, cmake, pkgconfig, libjack2, alsaLib
, freetype, libX11, libXrandr, libXinerama, libXext, libXcursor
, fetchpatch
, fetchpatch, fmt
, adlplugChip ? "-DADLplug_CHIP=OPL3"
, pname ? "ADLplug" }:
stdenv.mkDerivation rec {
inherit pname;
version = "1.0.1";
version = "1.0.2";
src = fetchFromGitHub {
owner = "jpcima";
repo = "ADLplug";
rev = "v${version}";
sha256 = "0n9srdlgl1j528ap5xmllrqs1w6ibc5yf9sphvl1q9kjnizxrs2c";
sha256 = "0mqx4bzri8s880v7jwd24nb93m5i3aklqld0b3h0hjnz0lh2qz0f";
fetchSubmodules = true;
};
@ -25,13 +25,13 @@ stdenv.mkDerivation rec {
})
];
cmakeFlags = [ adlplugChip ];
cmakeFlags = [ adlplugChip "-DADLplug_USE_SYSTEM_FMT=ON" ];
buildInputs = [
libjack2 alsaLib freetype libX11 libXrandr libXinerama libXext
libXcursor
];
nativeBuildInputs = [ cmake pkgconfig ];
nativeBuildInputs = [ cmake pkgconfig fmt ];
meta = with stdenv.lib; {
description = "OPL3 and OPN2 FM Chip Synthesizer";

4
pkgs/applications/audio/giada/default.nix
View File

@ -18,13 +18,13 @@
stdenv.mkDerivation rec {
pname = "giada";
version = "0.16.3";
version = "0.16.3.1";
src = fetchFromGitHub {
owner = "monocasual";
repo = pname;
rev = "v${version}";
sha256 = "1sysv5d0wq6ib47bqsn3wdzkqzjpzjrgzg15bkllbm67hiz9abhh";
sha256 = "0z1jrkggdn630i3j59j30apaa9s242y1wiawqp4g1n9dkg3r9a1j";
};
configureFlags = [

4
pkgs/applications/audio/musikcube/default.nix
View File

@ -17,13 +17,13 @@
stdenv.mkDerivation rec {
pname = "musikcube";
version = "0.92.1";
version = "0.93.1";
src = fetchFromGitHub {
owner = "clangen";
repo = pname;
rev = version;
sha256 = "0l4ncxqxvp5m014j7vlglhzxhhrxl0c2m71xn0i0a27hn4nc72mr";
sha256 = "05qsxyr7x8l0vlmn4yjg4gglxvcw9raf6vfzvblsl2ngsdsrnizy";
};
nativeBuildInputs = [

0
pkgs/applications/audio/yasr/10_fix_openpty_forkpty_declarations → pkgs/applications/audio/yasr/10_fix_openpty_forkpty_declarations.patch
View File

0
pkgs/applications/audio/yasr/20_maxpathlen → pkgs/applications/audio/yasr/20_maxpathlen.patch
View File

0
pkgs/applications/audio/yasr/30_conf → pkgs/applications/audio/yasr/30_conf.patch
View File

0
pkgs/applications/audio/yasr/40_dectalk_extended_chars → pkgs/applications/audio/yasr/40_dectalk_extended_chars.patch
View File

8
pkgs/applications/audio/yasr/default.nix
View File

@ -11,10 +11,10 @@ stdenv.mkDerivation rec {
};
patches = [
./10_fix_openpty_forkpty_declarations
./20_maxpathlen
./30_conf
./40_dectalk_extended_chars
./10_fix_openpty_forkpty_declarations.patch
./20_maxpathlen.patch
./30_conf.patch
./40_dectalk_extended_chars.patch
]; # taken from the debian yasr package
meta = {

4
pkgs/applications/blockchains/bitcoin-abc.nix
View File

@ -7,13 +7,13 @@ with stdenv.lib;
mkDerivation rec {
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-abc-" + version;
version = "0.21.10";
version = "0.21.12";
src = fetchFromGitHub {
owner = "bitcoin-ABC";
repo = "bitcoin-abc";
rev = "v${version}";
sha256 = "1m210g6db8f09m66v75ia1fdd1dlvs1srgk2jhd3wqbvnmjqa77f";
sha256 = "1mad3aqfwrxi06135nf8hv13d67nilmxpx4dw5vjcy1zi3lljj1j";
};
patches = [ ./fix-bitcoin-qt-build.patch ];

3
pkgs/applications/editors/jetbrains/default.nix
View File

@ -224,7 +224,8 @@ let
interpreter=$(echo ${stdenv.glibc.out}/lib/ld-linux*.so.2)
patchelf --set-interpreter "$interpreter" lib/ReSharperHost/linux-x64/mono/bin/mono-sgen
rm -rf lib/ReSharperHost/linux-x64/dotnet
ln -s ${dotnet-sdk_3} lib/ReSharperHost/linux-x64/dotnet
mkdir -p lib/ReSharperHost/linux-x64/dotnet/
ln -s ${dotnet-sdk_3}/bin/dotnet lib/ReSharperHost/linux-x64/dotnet/dotnet
'');
});

4
pkgs/applications/editors/okteta/default.nix
View File

@ -4,11 +4,11 @@
mkDerivation rec {
pname = "okteta";
version = "0.26.3";
version = "0.26.4";
src = fetchurl {
url = "mirror://kde/stable/okteta/${version}/src/${pname}-${version}.tar.xz";
sha256 = "1454844s76skk18gpcf56y9pkmffs7p4z09ggmy37ifzf7yk1p19";
sha256 = "00qgzm5mqx0j8f0fznhnw76l9pjyw3lxirvy8ssq59nqqjbb08pg";
};
nativeBuildInputs = [ qtscript extra-cmake-modules kdoctools ];

4
pkgs/applications/kde/marble.nix
View File

@ -1,6 +1,6 @@
{ mkDerivation, lib
, extra-cmake-modules, kdoctools
, qtscript, qtsvg, qtquickcontrols, qtwebkit
, qtscript, qtsvg, qtquickcontrols, qtwebengine
, krunner, shared-mime-info, kparts, knewstuff
, gpsd, perl
}:
@ -11,7 +11,7 @@ mkDerivation {
outputs = [ "out" "dev" ];
nativeBuildInputs = [ extra-cmake-modules kdoctools perl ];
propagatedBuildInputs = [
qtscript qtsvg qtquickcontrols qtwebkit shared-mime-info krunner kparts
qtscript qtsvg qtquickcontrols qtwebengine shared-mime-info krunner kparts
knewstuff gpsd
];
preConfigure = ''

6
pkgs/applications/misc/ArchiSteamFarm/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "ArchiSteamFarm";
version = "4.2.3.3";
version = "4.2.3.6";
src = fetchurl {
url = "https://github.com/JustArchiNET/ArchiSteamFarm/releases/download/${version}/ASF-generic.zip";
sha256 = "0v69rrs5fr1n5llfx42xkiish52al7kb36fjy3ng0j9qfp3g8pj7";
sha256 = "1a8baxrb8czndxxi16md1nyl2snfx215yvrygdpcblgngkp2z2y9";
};
nativeBuildInputs = [ unzip makeWrapper jq ];
@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
--run "[ -d config ] || cp --no-preserve=mode -r $dist/config ." \
--run "[ -d logs ] || cp --no-preserve=mode -r $dist/logs ." \
--run "[ -d plugins ] || cp --no-preserve=mode -r $dist/plugins ." \
--run "[ -d www ] || ln -sf $dist/www ."
--run "ln -sf $dist/www ."
'';
meta = with stdenv.lib; {

4
pkgs/applications/misc/calibre/default.nix
View File

@ -30,11 +30,11 @@ let
in
mkDerivation rec {
pname = "calibre";
version = "4.19.0";
version = "4.22.0";
src = fetchurl {
url = "https://download.calibre-ebook.com/${version}/${pname}-${version}.tar.xz";
sha256 = "1kpj65spwr9m88vshsljpdrw5jy7bbpqgqcrvqb17abh7fnnrb4x";
sha256 = "0d0wmd3ijk8px1d662igal4lfmpyzynfzs6ms1bb9nf42mq2pxai";
};
patches = [

39
pkgs/applications/misc/redshift/default.nix
View File

@ -1,4 +1,5 @@
{ stdenv, fetchFromGitHub, autoconf, automake, gettext, intltool
{ stdenv, fetchFromGitHub, fetchFromGitLab
, autoconf, automake, gettext, intltool
, libtool, pkgconfig, wrapGAppsHook, wrapPython, gobject-introspection
, gtk3, python, pygobject3, pyxdg
@ -18,11 +19,16 @@ let
stdenv.mkDerivation rec {
inherit pname version src meta;
patches = [
patches = stdenv.lib.optionals (pname != "gammastep") [
# https://github.com/jonls/redshift/pull/575
./575.patch
];
postPatch = stdenv.lib.optionalString (pname == "gammastep") ''
substituteInPlace configure.ac \
--replace "[gammastep], [2.0]" "[gammastep], [${version}]"
'';
nativeBuildInputs = [
autoconf
automake
@ -62,10 +68,15 @@ let
# the geoclue agent may inspect these paths and expect them to be
# valid without having the correct $PATH set
postInstall = ''
postInstall = if (pname == "gammastep") then ''
substituteInPlace $out/share/applications/gammastep.desktop \
--replace 'Exec=gammastep' "Exec=$out/bin/gammastep"
substituteInPlace $out/share/applications/gammastep-indicator.desktop \
--replace 'Exec=gammastep-indicator' "Exec=$out/bin/gammastep-indicator"
'' else ''
substituteInPlace $out/share/applications/redshift.desktop \
--replace 'Exec=redshift' "Exec=$out/bin/redshift"
substituteInPlace $out/share/applications/redshift.desktop \
substituteInPlace $out/share/applications/redshift-gtk.desktop \
--replace 'Exec=redshift-gtk' "Exec=$out/bin/redshift-gtk"
'';
@ -118,4 +129,24 @@ rec {
homepage = "https://github.com/minus7/redshift";
};
};
gammastep = mkRedshift rec {
pname = "gammastep";
version = "2.0.1";
src = fetchFromGitLab {
owner = "chinstrap";
repo = pname;
rev = "v${version}";
sha256 = "1ky4h892sg2mfbwwq5xv0vnjflsl2x3nsy5q456r1kyk1gwkj0rg";
};
meta = redshift.meta // {
name = "${pname}-${version}";
longDescription = "Gammastep"
+ stdenv.lib.removePrefix "Redshift" redshift.meta.longDescription;
homepage = "https://gitlab.com/chinstrap/gammastep";
maintainers = [ stdenv.lib.maintainers.primeos ] ++ redshift.meta.maintainers;
};
};
}

8
pkgs/applications/misc/waybar/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, meson, pkgconfig, ninja, wrapGAppsHook
, wayland, wlroots, gtkmm3, libinput, libsigcxx, jsoncpp, fmt, scdoc, spdlog, gtk-layer-shell
, wayland, wlroots, gtkmm3, libsigcxx, jsoncpp, fmt, scdoc, spdlog, gtk-layer-shell
, howard-hinnant-date, cmake
, traySupport ? true, libdbusmenu-gtk3
, pulseSupport ? false, libpulseaudio
@ -11,13 +11,13 @@
}:
stdenv.mkDerivation rec {
pname = "waybar";
version = "0.9.2";
version = "0.9.3";
src = fetchFromGitHub {
owner = "Alexays";
repo = "Waybar";
rev = version;
sha256 = "1gfxyjzwfqznyrpyr3322z3w844i1lh77kly4hcpy9y5gsfmlafy";
sha256 = "0ks719khhg2zwpyiwa2079i6962qcxpapm28hmr4ckpsp2n659ck";
};
nativeBuildInputs = [
@ -32,7 +32,7 @@
strictDeps = false;
buildInputs = with stdenv.lib;
[ wayland wlroots gtkmm3 libinput libsigcxx jsoncpp fmt spdlog gtk-layer-shell howard-hinnant-date ]
[ wayland wlroots gtkmm3 libsigcxx jsoncpp fmt spdlog gtk-layer-shell howard-hinnant-date ]
++ optional traySupport libdbusmenu-gtk3
++ optional pulseSupport libpulseaudio
++ optional nlSupport libnl

4
pkgs/applications/networking/cluster/argo/default.nix
View File

@ -19,13 +19,13 @@ let
in
buildGoModule rec {
pname = "argo";
version = "2.9.4";
version = "2.9.5";
src = fetchFromGitHub {
owner = "argoproj";
repo = "argo";
rev = "v${version}";
sha256 = "156102xqwmsq3g9jammfib0ri22a0nzk96zrv5774gidjvy2xb55";
sha256 = "1x44mgvnbn47a33xnhnh9bxxvj1vsr32lvh9bq6w5hpmxb7qbq4f";
};
vendorSha256 = "1vqmzz76lcwwnw89n4lyg4jjf7wbdgn9sdzwsgrjwkj8ax7d48cv";

6
pkgs/applications/networking/cluster/minikube/default.nix
View File

@ -11,15 +11,15 @@
buildGoModule rec {
pname = "minikube";
version = "1.12.1";
version = "1.12.2";
vendorSha256 = "0v2lnzdv5nmg4jf10hqyvrsyz5yg7brm4p3gil7n88w6n100phfn";
vendorSha256 = "0smjj2sq09k1ai79lk74gi056hfls7qy8x08wkq2g24fxi06cr94";
src = fetchFromGitHub {
owner = "kubernetes";
repo = "minikube";
rev = "v${version}";
sha256 = "0ya6mp081vs48c0nh4nys9z04kz79mjfpm4gs0hlmh2kpa5kmc9h";
sha256 = "1x28s6d2nibm76qd3kjsa7wkyhqvnwdy9rfwk9xf45hzrx9700sm";
};
nativeBuildInputs = [ go-bindata installShellFiles pkg-config which ];

12
pkgs/applications/networking/instant-messengers/discord/default.nix
View File

@ -7,30 +7,30 @@ in {
pname = "discord";
binaryName = "Discord";
desktopName = "Discord";
version = "0.0.10";
version = "0.0.11";
src = fetchurl {
url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz";
sha256 = "0kx92i8naqr3algmyy3wyzbh8146z7gigxwf1nbpg1gl16wlplaq";
sha256 = "1saqwigi1gjgy4q8rgnwyni57aaszi0w9vqssgyvfgzff8fpcx54";
};
};
ptb = callPackage ./base.nix rec {
pname = "discord-ptb";
binaryName = "DiscordPTB";
desktopName = "Discord PTB";
version = "0.0.20";
version = "0.0.21";
src = fetchurl {
url = "https://dl-ptb.discordapp.net/apps/linux/${version}/discord-ptb-${version}.tar.gz";
sha256 = "0wn2qdv0a4n59xl451y7fcq11klp2g63qwx40qkshllvnf5lzzsx";
sha256 = "1i164wpi07d45w19i7l5hs47crc29k3plg4y9kc97x75rhh4xym1";
};
};
canary = callPackage ./base.nix rec {
pname = "discord-canary";
binaryName = "DiscordCanary";
desktopName = "Discord Canary";
version = "0.0.105";
version = "0.0.106";
src = fetchurl {
url = "https://dl-canary.discordapp.net/apps/linux/${version}/discord-canary-${version}.tar.gz";
sha256 = "1jc2zr8q33ras5mkifg19kcxpb84vsqx01rj66w62hsjw1nsbidg";
sha256 = "1bqlf7iixdy6c7lhbva4lizvhd6w0xqn69izxcy26wk35xcqgfh8";
};
};
}.${branch}

4
pkgs/applications/networking/instant-messengers/skypeforlinux/default.nix
View File

@ -7,7 +7,7 @@ let
# Please keep the version x.y.0.z and do not update to x.y.76.z because the
# source of the latter disappears much faster.
version = "8.62.0.85";
version = "8.63.0.76";
rpath = stdenv.lib.makeLibraryPath [
alsaLib
@ -65,7 +65,7 @@ let
"https://mirror.cs.uchicago.edu/skype/pool/main/s/skypeforlinux/skypeforlinux_${version}_amd64.deb"
"https://web.archive.org/web/https://repo.skype.com/deb/pool/main/s/skypeforlinux/skypeforlinux_${version}_amd64.deb"
];
sha256 = "0qlm2hbshxgycczv227bbj2fbiw3b76rp24mh8amhq4xbscazl38";
sha256 = "0gmrk1giabr53imiwdflf6ykwpcj2q5zn3bynvrncnhivsbvaavy";
}
else
throw "Skype for linux is not supported on ${stdenv.hostPlatform.system}";

8
pkgs/applications/networking/instant-messengers/wire-desktop/default.nix
View File

@ -20,13 +20,13 @@ let
pname = "wire-desktop";
version = {
x86_64-darwin = "3.18.3728";
x86_64-linux = "3.18.2925";
x86_64-darwin = "3.19.3799";
x86_64-linux = "3.19.2928";
}.${system} or throwSystem;
sha256 = {
x86_64-darwin = "0xi3k95yw59xsfavncc1giwxlwjz26z34qm3i604ksjjalvpzy5l";
x86_64-linux = "01g39hncj1w0zyfrzv4mgv8npwvx0g0lw99azyai99877b30bm8j";
x86_64-darwin = "1sv8n4g1pd4nwpwsg0m61zhrfjlh7sj29rnh46xjw1qg332g6cw9";
x86_64-linux = "038h1j59qfj5ckaxk823qpfflxay47v0jrqc0hmrdmnd2y59dpx7";
}.${system} or throwSystem;
meta = with stdenv.lib; {

4
pkgs/applications/science/chemistry/octopus/default.nix
View File

@ -6,13 +6,13 @@ assert (!blas.isILP64) && (!lapack.isILP64);
stdenv.mkDerivation rec {
pname = "octopus";
version = "9.2";
version = "10.0";
src = fetchFromGitLab {
owner = "octopus-code";
repo = "octopus";
rev = version;
sha256 = "083z51sjv70asr04rv53wb9gf4396nblq1zl22qw7jdr28hji4is";
sha256 = "1c6q20y0x9aacwa7vp6gj3yvfzain7hnk6skxmvg3wazp02l91kn";
};
nativeBuildInputs = [ perl procps autoreconfHook ];

4
pkgs/applications/science/electronics/fritzing/default.nix
View File

@ -1,8 +1,8 @@
{ stdenv, fetchpatch, fetchFromGitHub, qmake, pkgconfig
{ mkDerivation, stdenv, fetchpatch, fetchFromGitHub, qmake, pkgconfig
, qtbase, qtsvg, qtserialport, boost, libgit2
}:
stdenv.mkDerivation rec {
mkDerivation rec {
pname = "fritzing";
version = "0.9.3b";

53
pkgs/applications/science/electronics/hyp2mat/default.nix Normal file
View File

@ -0,0 +1,53 @@
{ stdenv
, fetchFromGitHub
, bison
, flex
, gengetopt
, help2man
, groff
, libharu
, autoreconfHook
, pkgconfig
, libpng
, zlib
}:
stdenv.mkDerivation rec {
pname = "hyp2mat";
version = "0.0.17";
src = fetchFromGitHub {
owner = "koendv";
repo = "hyp2mat";
rev = "v${version}";
sha256 = "04bd2vrn8y1izir7pwl34a60cg2v05baqcrmpfdx5fvf33bbflaj";
};
nativeBuildInputs = [
autoreconfHook
pkgconfig
];
buildInputs = [
libharu
libpng
zlib
bison
flex
gengetopt
help2man
groff
];
configureFlags = [ "--enable-library" ];
enableParallelBuilding = true;
meta = with stdenv.lib; {
description = "Import Hyperlynx Boardsim files to openEMS, an open source 3D full-wave electromagnetic field solver";
homepage = https://github.com/koendv/hyp2mat;
license = licenses.gpl3Plus;
maintainers = with maintainers; [ matthuszagh ];
platforms = platforms.linux;
};
}

6
pkgs/applications/version-management/git-and-tools/ghq/default.nix
View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "ghq";
version = "1.1.2";
version = "1.1.5";
src = fetchFromGitHub {
owner = "x-motemen";
repo = "ghq";
rev = "v${version}";
sha256 = "1qzrycmd26f4q36z3rblfxp7jngqgmspb9385vpfwv9laiw3sqrg";
sha256 = "098fik155viylq07az7crzbgswcvhpx0hr68xpvyx0rpri792jbq";
};
vendorSha256 = "0x347ljj9q3zi0zf8x13dhvsydv9vg4qc5l1kc2y56v0w8hlb4p7";
vendorSha256 = "0gll132g111vn1hdmdjpkha9rbyppz0qj1ld89gwlk2mqd57jxkd";
buildFlagsArray = ''
-ldflags=

6
pkgs/applications/video/obs-studio/wlrobs.nix
View File

@ -13,12 +13,12 @@ assert dmabufSupport -> libdrm != null && libGL != null;
stdenv.mkDerivation {
pname = "obs-wlrobs";
version = "20200111";
version = "20200622";
src = fetchhg {
url = "https://hg.sr.ht/~scoopta/wlrobs";
rev = "8345bf985e390896d89e35e2feae1fa37722f4be";
sha256 = "0j01wkhwhhla4qx8mwyrq2qj9cfhxksxaq2k8rskmy2qbdkvvdpb";
rev = "1d3acaaf64049da3da9721aa8b9b47582fe0081b";
sha256 = "0qrcf8024r4ynfjw0zx8vn59ygx9q5rb196s6nyxmy3gkv2lfxlq";
};
buildInputs = [ libX11 libGL libdrm meson ninja pkgconfig wayland obs-studio ];

12
pkgs/desktops/enlightenment/default.nix
View File

@ -1,14 +1,14 @@
{ callPackage, pkgs }:
{
#### CORE EFL
efl = callPackage ./efl.nix { };
efl = callPackage ./efl { };
#### WINDOW MANAGER
enlightenment = callPackage ./enlightenment.nix { };
enlightenment = callPackage ./enlightenment { };
#### APPLICATIONS
econnman = callPackage ./econnman.nix { };
terminology = callPackage ./terminology.nix { };
rage = callPackage ./rage.nix { };
ephoto = callPackage ./ephoto.nix { };
econnman = callPackage ./econnman { };
terminology = callPackage ./terminology { };
rage = callPackage ./rage { };
ephoto = callPackage ./ephoto { };
}

0
pkgs/desktops/enlightenment/econnman.nix → pkgs/desktops/enlightenment/econnman/default.nix
View File

0
pkgs/desktops/enlightenment/0002-efreet-more-stat-info-changes.patch → pkgs/desktops/enlightenment/efl/0002-efreet-more-stat-info-changes.patch
View File

0
pkgs/desktops/enlightenment/efl.nix → pkgs/desktops/enlightenment/efl/default.nix
View File

0
pkgs/desktops/enlightenment/efl-elua.patch → pkgs/desktops/enlightenment/efl/efl-elua.patch
View File

0
pkgs/desktops/enlightenment/0001-wrapped-setuid-executables.patch → pkgs/desktops/enlightenment/enlightenment/0001-wrapped-setuid-executables.patch
View File

0
pkgs/desktops/enlightenment/0003-setuid-missing-path.patch → pkgs/desktops/enlightenment/enlightenment/0003-setuid-missing-path.patch
View File

0
pkgs/desktops/enlightenment/enlightenment.nix → pkgs/desktops/enlightenment/enlightenment/default.nix
View File

0
pkgs/desktops/enlightenment/ephoto.nix → pkgs/desktops/enlightenment/ephoto/default.nix
View File

0
pkgs/desktops/enlightenment/rage.nix → pkgs/desktops/enlightenment/rage/default.nix
View File

0
pkgs/desktops/enlightenment/terminology.nix → pkgs/desktops/enlightenment/terminology/default.nix
View File

4
pkgs/development/compilers/ghc/8.10.1.nix
View File

@ -24,7 +24,7 @@
enableRelocatedStaticLibs ? stdenv.targetPlatform != stdenv.hostPlatform
# aarch64 outputs otherwise exceed 2GB limit
, enableProfiliedLibs ? !stdenv.targetPlatform.isAarch64
, enableProfiledLibs ? !stdenv.targetPlatform.isAarch64
, # Whether to build dynamic libs for the standard library (on the target
# platform). Static libs are always built.
@ -68,7 +68,7 @@ let
HADDOCK_DOCS = NO
BUILD_SPHINX_HTML = NO
BUILD_SPHINX_PDF = NO
'' + stdenv.lib.optionalString (!enableProfiliedLibs) ''
'' + stdenv.lib.optionalString (!enableProfiledLibs) ''
GhcLibWays = "v dyn"
'' + stdenv.lib.optionalString enableRelocatedStaticLibs ''
GhcLibHcOpts += -fPIC

8
pkgs/development/compilers/ghc/8.8.3.nix
View File

@ -23,6 +23,9 @@
, # If enabled, use -fPIC when compiling static libs.
enableRelocatedStaticLibs ? stdenv.targetPlatform != stdenv.hostPlatform
# aarch64 outputs otherwise exceed 2GB limit
, enableProfiledLibs ? !stdenv.targetPlatform.isAarch64
, # Whether to build dynamic libs for the standard library (on the target
# platform). Static libs are always built.
enableShared ? !stdenv.targetPlatform.isWindows && !stdenv.targetPlatform.useiOSPrebuilt
@ -30,9 +33,6 @@
, # Whether to build terminfo.
enableTerminfo ? !stdenv.targetPlatform.isWindows
# aarch64 outputs otherwise exceed 2GB limit
, enableProfiliedLibs ? !stdenv.targetPlatform.isAarch64
, # What flavour to build. An empty string indicates no
# specific flavour and falls back to ghc default values.
ghcFlavour ? stdenv.lib.optionalString (stdenv.targetPlatform != stdenv.hostPlatform)
@ -68,7 +68,7 @@ let
HADDOCK_DOCS = NO
BUILD_SPHINX_HTML = NO
BUILD_SPHINX_PDF = NO
'' + stdenv.lib.optionalString (!enableProfiliedLibs) ''
'' + stdenv.lib.optionalString (!enableProfiledLibs) ''
GhcLibWays = "v dyn"
'' + stdenv.lib.optionalString enableRelocatedStaticLibs ''
GhcLibHcOpts += -fPIC

4
pkgs/development/compilers/ghc/8.8.4.nix
View File

@ -24,7 +24,7 @@
enableRelocatedStaticLibs ? stdenv.targetPlatform != stdenv.hostPlatform
# aarch64 outputs otherwise exceed 2GB limit
, enableProfiliedLibs ? !stdenv.targetPlatform.isAarch64
, enableProfiledLibs ? !stdenv.targetPlatform.isAarch64
, # Whether to build dynamic libs for the standard library (on the target
# platform). Static libs are always built.
@ -68,7 +68,7 @@ let
HADDOCK_DOCS = NO
BUILD_SPHINX_HTML = NO
BUILD_SPHINX_PDF = NO
'' + stdenv.lib.optionalString (!enableProfiliedLibs) ''
'' + stdenv.lib.optionalString (!enableProfiledLibs) ''
GhcLibWays = "v dyn"
'' + stdenv.lib.optionalString enableRelocatedStaticLibs ''
GhcLibHcOpts += -fPIC

20
pkgs/development/compilers/ghc/head.nix
View File

@ -20,9 +20,9 @@
# build-time dependency too.
buildLlvmPackages, llvmPackages
, # If enabled, GHC will be built with the GPL-free but slower integer-simple
# library instead of the faster but GPLed integer-gmp library.
enableIntegerSimple ? !(stdenv.lib.any (stdenv.lib.meta.platformMatch stdenv.hostPlatform) gmp.meta.platforms)
, # If enabled, GHC will be built with the GPL-free but slightly slower native
# bignum backend instead of the faster but GPLed gmp backend.
enableNativeBignum ? !(stdenv.lib.any (stdenv.lib.meta.platformMatch stdenv.hostPlatform) gmp.meta.platforms)
, gmp
, # If enabled, use -fPIC when compiling static libs.
@ -35,7 +35,7 @@
, # Whether to build terminfo.
enableTerminfo ? !stdenv.targetPlatform.isWindows
, version ? "8.11.20200505"
, version ? "8.11.20200731"
, # What flavour to build. An empty string indicates no
# specific flavour and falls back to ghc default values.
ghcFlavour ? stdenv.lib.optionalString (stdenv.targetPlatform != stdenv.hostPlatform)
@ -46,7 +46,7 @@
disableLargeAddressSpace ? stdenv.targetPlatform.isDarwin && stdenv.targetPlatform.isAarch64
}:
assert !enableIntegerSimple -> gmp != null;
assert !enableNativeBignum -> gmp != null;
let
inherit (stdenv) buildPlatform hostPlatform targetPlatform;
@ -64,7 +64,7 @@ let
include mk/flavours/\$(BuildFlavour).mk
endif
DYNAMIC_GHC_PROGRAMS = ${if enableShared then "YES" else "NO"}
INTEGER_LIBRARY = ${if enableIntegerSimple then "integer-simple" else "integer-gmp"}
BIGNUM_BACKEND = ${if enableNativeBignum then "native" else "gmp"}
'' + stdenv.lib.optionalString (targetPlatform != hostPlatform) ''
Stage1Only = ${if targetPlatform.system == hostPlatform.system then "NO" else "YES"}
CrossCompilePrefix = ${targetPrefix}
@ -81,7 +81,7 @@ let
# Splicer will pull out correct variations
libDeps = platform: stdenv.lib.optional enableTerminfo ncurses
++ [libffi]
++ stdenv.lib.optional (!enableIntegerSimple) gmp
++ stdenv.lib.optional (!enableNativeBignum) gmp
++ stdenv.lib.optional (platform.libc != "glibc" && !targetPlatform.isWindows) libiconv
++ stdenv.lib.optional enableDwarf elfutils;
@ -103,8 +103,8 @@ stdenv.mkDerivation (rec {
src = fetchgit {
url = "https://gitlab.haskell.org/ghc/ghc.git/";
rev = "40c71c2cf38b4e134d81b7184a4d5e02949ae70c";
sha256 = "04h9rcyzm9w3an1z00hjs062dp7dl19b8pkyxjsypr7a2i9dmvkb";
rev = "380638a33691ba43fdcd2e18bca636750e5f66f1";
sha256 = "029cgiyhddvwnx5zx31i0vgj13zsvzb8fna99zr6ifscz6x7rid1";
};
enableParallelBuilding = true;
@ -173,7 +173,7 @@ stdenv.mkDerivation (rec {
"--with-system-libffi"
"--with-ffi-includes=${targetPackages.libffi.dev}/include"
"--with-ffi-libraries=${targetPackages.libffi.out}/lib"
] ++ stdenv.lib.optionals (targetPlatform == hostPlatform && !enableIntegerSimple) [
] ++ stdenv.lib.optionals (targetPlatform == hostPlatform && !enableNativeBignum) [
"--with-gmp-includes=${targetPackages.gmp.dev}/include"
"--with-gmp-libraries=${targetPackages.gmp.out}/lib"
] ++ stdenv.lib.optionals (targetPlatform == hostPlatform && hostPlatform.libc != "glibc" && !targetPlatform.isWindows) [

4
pkgs/development/compilers/go/1.13.nix
View File

@ -30,11 +30,11 @@ in
stdenv.mkDerivation rec {
pname = "go";
version = "1.13.14";
version = "1.13.15";
src = fetchurl {
url = "https://dl.google.com/go/go${version}.src.tar.gz";
sha256 = "01mbqzn1hj8idbyn2f9gghvirfnw348dcf7pjs3ymschfblk6wqr";
sha256 = "0pfgixca3a0svblzivkia11q79l8bzai6yg64m1piy3c0iqk3d2z";
};
# perl is used for testing go vet

4
pkgs/development/compilers/nim/default.nix
View File

@ -5,11 +5,11 @@
stdenv.mkDerivation rec {
pname = "nim";
version = "1.2.4";
version = "1.2.6";
src = fetchurl {
url = "https://nim-lang.org/download/${pname}-${version}.tar.xz";
sha256 = "0dnn60slvp3ynlx3zhv3cjkanv8zglljxws0db8g0rdyz8r8zwgf";
sha256 = "0zk5qzxayqjw7kq6p92j4008g9bbyilyymhdc5xq9sln5rqym26z";
};
enableParallelBuilding = true;

Some files were not shown because too many files have changed in this diff Show More