JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge master into test-1515

Browse Source 
To get rid of 2k aborted builds. ?compare=1095725
This commit is contained in:
Vladimír Čunát 2014-04-12 10:38:40 +02:00
commit 7be0e37ca2
342 changed files with 5371 additions and 1823 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/lists.nix
View File

@ -226,4 +226,7 @@ in rec {
deepSeqList = xs: y: if any (x: deepSeq x false) xs then y else y;
crossLists = f: foldl (fs: args: concatMap (f: map f args) fs) [f];
# List difference, xs - ys. Removes elements of ys from xs.
difference = xs: ys: filter (y: !(builtins.elem y ys)) xs;
}

1
lib/maintainers.nix
View File

@ -28,6 +28,7 @@
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
emery = "Emery Hemingawy <emery@vfemail.net>";
ertes = "Ertugrul Söylemez <es@ertes.de>";
falsifian = "James Cook <james.cook@utoronto.ca>";
garbas = "Rok Garbas <rok@garbas.si>";

3
maintainers/scripts/nixpkgs-lint.pl
View File

@ -31,8 +31,7 @@ GetOptions("package|p=s" => \$filter,
"maintainer|m=s" => \$maintainer,
"file|f=s" => \$path,
"help" => sub { showHelp() }
)
or die("syntax: $0 ...\n");
) or exit 1;
# Evaluate Nixpkgs into an XML representation.
my $xml = `nix-env -f '$path' -qa '$filter' --xml --meta --drv-path`;

242
nixos/doc/manual/containers.xml Normal file
View File

@ -0,0 +1,242 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="ch-containers">
<title>Containers</title>
<para>NixOS allows you to easily run other NixOS instances as
<emphasis>containers</emphasis>. Containers are a light-weight
approach to virtualisation that runs software in the container at the
same speed as in the host system. NixOS containers share the Nix store
of the host, making container creation very efficient.</para>
<warning><para>Currently, NixOS containers are not perfectly isolated
from the host system. This means that a user with root access to the
container can do things that affect the host. So you should not give
container root access to untrusted users.</para></warning>
<para>NixOS containers can be created in two ways: imperatively, using
the command <command>nixos-container</command>, and declaratively, by
specifying them in your <filename>configuration.nix</filename>. The
declarative approach implies that containers get upgraded along with
your host system when you run <command>nixos-rebuild</command>, which
is often not what you want. By contrast, in the imperative approach,
containers are configured and updated independently from the host
system.</para>
<section><title>Imperative container management</title>
<para>Well cover imperative container management using
<command>nixos-container</command> first. You create a container with
identifier <literal>foo</literal> as follows:
<screen>
$ nixos-container create foo
</screen>
This creates the containers root directory in
<filename>/var/lib/containers/foo</filename> and a small configuration
file in <filename>/etc/containers/foo.conf</filename>. It also builds
the containers initial system configuration and stores it in
<filename>/nix/var/nix/profiles/per-container/foo/system</filename>. You
can modify the initial configuration of the container on the command
line. For instance, to create a container that has
<command>sshd</command> running, with the given public key for
<literal>root</literal>:
<screen>
$ nixos-container create foo --config 'services.openssh.enable = true; \
users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"];'
</screen>
</para>
<para>Creating a container does not start it. To start the container,
run:
<screen>
$ nixos-container start foo
</screen>
This command will return as soon as the container has booted and has
reached <literal>multi-user.target</literal>. On the host, the
container runs within a systemd unit called
<literal>container@<replaceable>container-name</replaceable>.service</literal>.
Thus, if something went wrong, you can get status info using
<command>systemctl</command>:
<screen>
$ systemctl status container@foo
</screen>
</para>
<para>If the container has started succesfully, you can log in as
root using the <command>root-login</command> operation:
<screen>
$ nixos-container root-login foo
[root@foo:~]#
</screen>
Note that only root on the host can do this (since there is no
authentication). You can also get a regular login prompt using the
<command>login</command> operation, which is available to all users on
the host:
<screen>
$ nixos-container login foo
foo login: alice
Password: ***
</screen>
With <command>nixos-container run</command>, you can execute arbitrary
commands in the container:
<screen>
$ nixos-container run foo -- uname -a
Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
</screen>
</para>
<para>There are several ways to change the configuration of the
container. First, on the host, you can edit
<literal>/var/lib/container/<replaceable>name</replaceable>/etc/nixos/configuration.nix</literal>,
and run
<screen>
$ nixos-container update foo
</screen>
This will build and activate the new configuration. You can also
specify a new configuration on the command line:
<screen>
$ nixos-container update foo --config 'services.httpd.enable = true; \
services.httpd.adminAddr = "foo@example.org";'
$ curl http://$(nixos-container show-ip foo)/
&lt;!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">…
</screen>
However, note that this will overwrite the containers
<filename>/etc/nixos/configuration.nix</filename>.</para>
<para>Alternatively, you can change the configuration from within the
container itself by running <command>nixos-rebuild switch</command>
inside the container. Note that the container by default does not have
a copy of the NixOS channel, so you should run <command>nix-channel
--update</command> first.</para>
<para>Containers can be stopped and started using
<literal>nixos-container stop</literal> and <literal>nixos-container
start</literal>, respectively, or by using
<command>systemctl</command> on the containers service unit. To
destroy a container, including its file system, do
<screen>
$ nixos-container destroy foo
</screen>
</para>
</section>
<section><title>Declarative container specification</title>
<para>You can also specify containers and their configuration in the
hosts <filename>configuration.nix</filename>. For example, the
following specifies that there shall be a container named
<literal>database</literal> running PostgreSQL:
<programlisting>
containers.database =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql92;
};
};
</programlisting>
If you run <literal>nixos-rebuild switch</literal>, the container will
be built and started. If the container was already running, it will be
updated in place, without rebooting.</para>
<para>By default, declarative containers share the network namespace
of the host, meaning that they can listen on (privileged)
ports. However, they cannot change the network configuration. You can
give a container its own network as follows:
<programlisting>
containers.database =
{ privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
};
</programlisting>
This gives the container a private virtual Ethernet interface with IP
address <literal>192.168.100.11</literal>, which is hooked up to a
virtual Ethernet interface on the host with IP address
<literal>192.168.100.10</literal>. (See the next section for details
on container networking.)</para>
<para>To disable the container, just remove it from
<filename>configuration.nix</filename> and run <literal>nixos-rebuild
switch</literal>. Note that this will not delete the root directory of
the container in <literal>/var/lib/containers</literal>.</para>
</section>
<section><title>Networking</title>
<para>When you create a container using <literal>nixos-container
create</literal>, it gets it own private IPv4 address in the range
<literal>10.233.0.0/16</literal>. You can get the containers IPv4
address as follows:
<screen>
$ nixos-container show-ip foo
10.233.4.2
$ ping -c1 10.233.4.2
64 bytes from 10.233.4.2: icmp_seq=1 ttl=64 time=0.106 ms
</screen>
</para>
<para>Networking is implemented using a pair of virtual Ethernet
devices. The network interface in the container is called
<literal>eth0</literal>, while the matching interface in the host is
called <literal>c-<replaceable>container-name</replaceable></literal>
(e.g., <literal>c-foo</literal>). The container has its own network
namespace and the <literal>CAP_NET_ADMIN</literal> capability, so it
can perform arbitrary network configuration such as setting up
firewall rules, without affecting or having access to the hosts
network.</para>
<para>By default, containers cannot talk to the outside network. If
you want that, you should set up Network Address Translation (NAT)
rules on the host to rewrite container traffic to use your external
IP address. This can be accomplished using the following configuration
on the host:
<programlisting>
networking.nat.enable = true;
networking.nat.internalInterfaces = ["c-+"];
networking.nat.externalInterface = "eth0";
</programlisting>
where <literal>eth0</literal> should be replaced with the desired
external interface. Note that <literal>c-+</literal> is a wildcard
that matches all container interfaces.</para>
</section>
</chapter>

1
nixos/doc/manual/manual.xml
View File

@ -54,6 +54,7 @@
<xi:include href="running.xml" />
<!-- <xi:include href="userconfiguration.xml" /> -->
<xi:include href="troubleshooting.xml" />
<xi:include href="containers.xml" />
<xi:include href="development.xml" />
<xi:include href="release-notes.xml" />

39
nixos/doc/manual/release-notes.xml
View File

@ -7,7 +7,7 @@
<section xml:id="sec-release-14.02">
<title>Release 14.02 (“Baboon”, 2014/02/??)</title>
<title>Release 14.04 (“Baboon”, 2014/04/??)</title>
<para>This is the second stable release branch of NixOS. The main
enhancements are the following:
@ -18,13 +18,9 @@ enhancements are the following:
<xref linkend="sec-uefi-installation"/> for
details.</para></listitem>
<listitem><para>NixOS is now based on Glibc 2.18 and GCC
<listitem><para>NixOS is now based on Glibc 2.19 and GCC
4.8.</para></listitem>
<listitem><para>The mysql55 service has been merged into the
mysql service, which no longer sets a default for the 'package
option.</para></listitem>
</itemizedlist>
</para>
@ -34,10 +30,41 @@ following incompatible changes:
<itemizedlist>
<listitem><para>Nixpkgs no longer exposes unfree packages by
default. If your NixOS configuration requires unfree packages from
Nixpkgs, you need to enable support for them explicitly by setting:
<programlisting>
nixpkgs.config.allowUnfree = true;
</programlisting>
Otherwise, you get an error message such as:
<screen>
error: package nvidia-x11-331.49-3.12.17 in ‘…/nvidia-x11/default.nix:56
has an unfree license, refusing to evaluate
</screen>
</para></listitem>
<listitem><para>The firewall is now enabled by default. If you dont
want this, you need to disable it explicitly:
<programlisting>
networking.firewall.enable = false;
</programlisting>
</para></listitem>
<listitem><para>The option
<option>boot.loader.grub.memtest86</option> has been renamed to
<option>boot.loader.grub.memtest86.enable</option>.</para></listitem>
<listitem><para>The <literal>mysql55</literal> service has been
merged into the <literal>mysql</literal> service, which no longer
sets a default for the option
<option>services.mysql.package</option>.</para></listitem>
</itemizedlist>
</para>

7
nixos/lib/eval-config.nix
View File

@ -26,10 +26,15 @@ rec {
# These are the extra arguments passed to every module. In
# particular, Nixpkgs is passed through the "pkgs" argument.
# FIXME: we enable config.allowUnfree to make packages like
# nvidia-x11 available. This isn't a problem because if the user has
# nixpkgs.config.allowUnfree = false, then evaluation will fail on
# the 64-bit package anyway. However, it would be cleaner to respect
# nixpkgs.config here.
extraArgs = extraArgs_ // {
inherit pkgs modules baseModules;
modulesPath = ../modules;
pkgs_i686 = import ./nixpkgs.nix { system = "i686-linux"; };
pkgs_i686 = import ./nixpkgs.nix { system = "i686-linux"; config.allowUnfree = true; };
utils = import ./utils.nix pkgs;
};

2
nixos/lib/test-driver/test-driver.pl
View File

@ -147,7 +147,7 @@ sub runTests {
$log->nest("syncing", sub {
foreach my $vm (values %vms) {
next unless $vm->isUp();
$vm->execute("sync /tmp/xchg");
$vm->execute("sync");
}
});

1
nixos/modules/config/system-path.nix
View File

@ -46,6 +46,7 @@ let
pkgs.rsync
pkgs.strace
pkgs.sysvtools
pkgs.su
pkgs.time
pkgs.usbutils
pkgs.utillinux

96
nixos/modules/config/users-groups.nix
View File

@ -7,6 +7,9 @@ let
ids = config.ids;
cfg = config.users;
nonUidUsers = filterAttrs (n: u: u.createUser && u.uid == null) cfg.extraUsers;
nonGidGroups = filterAttrs (n: g: g.gid == null) cfg.extraGroups;
passwordDescription = ''
The options <literal>hashedPassword</literal>,
<literal>password</literal> and <literal>passwordFile</literal>
@ -31,7 +34,10 @@ let
name = mkOption {
type = types.str;
description = "The name of the user account. If undefined, the name of the attribute set will be used.";
description = ''
The name of the user account. If undefined, the name of the
attribute set will be used.
'';
};
description = mkOption {
@ -46,8 +52,14 @@ let
};
uid = mkOption {
type = with types; uniq int;
description = "The account UID.";
type = with types; nullOr int;
default = null;
description = ''
The account UID. If the <literal>mutableUsers</literal> option
is false, the UID cannot be null. Otherwise, the UID might be
null, in which case a free UID is picked on activation (by the
useradd command).
'';
};
group = mkOption {
@ -151,12 +163,21 @@ let
name = mkOption {
type = types.str;
description = "The name of the group. If undefined, the name of the attribute set will be used.";
description = ''
The name of the group. If undefined, the name of the attribute set
will be used.
'';
};
gid = mkOption {
type = with types; uniq int;
description = "The GID of the group.";
type = with types; nullOr int;
default = null;
description = ''
The group GID. If the <literal>mutableUsers</literal> option
is false, the GID cannot be null. Otherwise, the GID might be
null, in which case a free GID is picked on activation (by the
groupadd command).
'';
};
members = mkOption {
@ -218,13 +239,15 @@ let
groupFile = pkgs.writeText "group" (
concatStringsSep "\n" (map (g: mkGroupEntry g.name) (
sortOn "gid" (attrValues cfg.extraGroups)
let f = g: g.gid != null; in
sortOn "gid" (filter f (attrValues cfg.extraGroups))
))
);
passwdFile = pkgs.writeText "passwd" (
concatStringsSep "\n" (map (u: mkPasswdEntry u.name) (
sortOn "uid" (filter (u: u.createUser) (attrValues cfg.extraUsers))
let f = u: u.createUser && (u.uid != null); in
sortOn "uid" (filter f (attrValues cfg.extraUsers))
))
);
@ -261,11 +284,11 @@ let
then builtins.trace "Duplicate ${idAttr} ${id}" { dup = true; acc = null; }
else { dup = false; acc = newAcc; }
) { dup = false; acc = {}; } (builtins.attrNames set)).dup;
uidsAreUnique = idsAreUnique cfg.extraUsers "uid";
gidsAreUnique = idsAreUnique cfg.extraGroups "gid";
in
{
uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.extraUsers) "uid";
gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.extraGroups) "gid";
in {
###### interface
@ -424,16 +447,31 @@ in
}
fi
'';
mkhome = n: u:
let
uid = toString u.uid;
gid = toString ((getGroup u.group).gid);
h = u.home;
in ''
test -a "${h}" || mkdir -p "${h}" || true
test "$(stat -c %u "${h}")" = ${uid} || chown ${uid} "${h}" || true
test "$(stat -c %g "${h}")" = ${gid} || chgrp ${gid} "${h}" || true
'';
mkhome = n: u: ''
uid="$(id -u ${u.name})"
gid="$(id -g ${u.name})"
h="${u.home}"
test -a "$h" || mkdir -p "$h" || true
test "$(stat -c %u "$h")" = $uid || chown $uid "$h" || true
test "$(stat -c %g "$h")" = $gid || chgrp $gid "$h" || true
'';
groupadd = n: g: ''
if [ -z "$(getent group "${g.name}")" ]; then
echo "Adding group ${g.name}"
${pkgs.shadow}/sbin/groupadd "${g.name}"
fi
'';
useradd = n: u: ''
if ! id "${u.name}" &>/dev/null; then
echo "Adding user ${u.name}"
${pkgs.shadow}/sbin/useradd \
-g "${u.group}" \
-s "${u.shell}" \
-d "${u.home}" \
"${u.name}"
echo "${u.name}:x" | ${pkgs.shadow}/sbin/chpasswd -e
fi
'';
in stringAfter [ "etc" ] ''
touch /etc/group
touch /etc/passwd
@ -441,6 +479,8 @@ in
VISUAL=${merger passwdFile} ${pkgs.shadow}/sbin/vipw &>/dev/null
${pkgs.shadow}/sbin/grpconv
${pkgs.shadow}/sbin/pwconv
${concatStrings (mapAttrsToList groupadd nonGidGroups)}
${concatStrings (mapAttrsToList useradd nonUidUsers)}
${concatStrings (mapAttrsToList mkhome mkhomeUsers)}
${concatStrings (mapAttrsToList setpw setpwUsers)}
'';
@ -448,7 +488,17 @@ in
# for backwards compatibility
system.activationScripts.groups = stringAfter [ "users" ] "";
assertions = [ { assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique); message = "uids and gids must be unique!"; } ];
assertions = [
{ assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
message = "uids and gids must be unique!";
}
{ assertion = cfg.mutableUsers || (nonUidUsers == {});
message = "When mutableUsers is false, no uid can be null";
}
{ assertion = cfg.mutableUsers || (nonGidGroups == {});
message = "When mutableUsers is false, no gid can be null";
}
];
};

2
nixos/modules/installer/cd-dvd/channel.nix
View File

@ -28,7 +28,7 @@ in
{
# Provide the NixOS/Nixpkgs sources in /etc/nixos. This is required
# for nixos-install.
boot.postBootCommands =
boot.postBootCommands = mkAfter
''
if ! [ -e /var/lib/nixos/did-channel-init ]; then
echo "unpacking the NixOS/Nixpkgs sources..."

5
nixos/modules/installer/cd-dvd/installation-cd-base.nix
View File

@ -29,8 +29,9 @@ with pkgs.lib;
boot.kernel.sysctl."vm.overcommit_memory" = "1";
# To speed up installation a little bit, include the complete stdenv
# in the Nix store on the CD.
isoImage.storeContents = [ pkgs.stdenv pkgs.busybox ];
# in the Nix store on the CD. Archive::Cpio is needed for the
# initrd builder.
isoImage.storeContents = [ pkgs.stdenv pkgs.busybox pkgs.perlPackages.ArchiveCpio ];
# EFI booting
isoImage.makeEfiBootable = true;

14
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -96,9 +96,9 @@ my $videoDriver;
sub pciCheck {
my $path = shift;
my $vendor = read_file "$path/vendor";
my $device = read_file "$path/device";
my $class = read_file "$path/class";
my $vendor = read_file "$path/vendor"; chomp $vendor;
my $device = read_file "$path/device"; chomp $device;
my $class = read_file "$path/class"; chomp $class;
my $module;
if (-e "$path/driver/module") {
@ -130,6 +130,7 @@ sub pciCheck {
# broadcom STA driver (wl.ko)
# list taken from http://www.broadcom.com/docs/linux_sta/README.txt
# FIXME: still needed?
if ($vendor eq "0x14e4" &&
($device eq "0x4311" || $device eq "0x4312" || $device eq "0x4313" ||
$device eq "0x4315" || $device eq "0x4327" || $device eq "0x4328" ||
@ -156,6 +157,7 @@ sub pciCheck {
# Assume that all NVIDIA cards are supported by the NVIDIA driver.
# There may be exceptions (e.g. old cards).
# FIXME: do we want to enable an unfree driver here?
$videoDriver = "nvidia" if $vendor eq "0x10de" && $class =~ /^0x03/;
}
@ -170,9 +172,9 @@ push @attrs, "hardware.opengl.videoDrivers = [ \"$videoDriver\" ];" if $videoDri
sub usbCheck {
my $path = shift;
my $class = read_file "$path/bInterfaceClass";
my $subclass = read_file "$path/bInterfaceSubClass";
my $protocol = read_file "$path/bInterfaceProtocol";
my $class = read_file "$path/bInterfaceClass"; chomp $class;
my $subclass = read_file "$path/bInterfaceSubClass"; chomp $subclass;
my $protocol = read_file "$path/bInterfaceProtocol"; chomp $protocol;
my $module;
if (-e "$path/driver/module") {

8
nixos/modules/misc/ids.nix
View File

@ -124,6 +124,11 @@
btsync = 113;
minecraft = 114;
monetdb = 115;
rippled = 116;
murmur = 117;
foundationdb = 118;
newrelic = 119;
starbound = 120;
# When adding a uid, make sure it doesn't match an existing gid.
@ -223,6 +228,9 @@
systemd-journal-gateway = 110;
notbit = 111;
monetdb = 115;
foundationdb = 118;
newrelic = 119;
starbound = 120;
# When adding a gid, make sure it doesn't match an existing uid.

9
nixos/modules/module-list.nix
View File

@ -96,6 +96,11 @@
./services/databases/postgresql.nix
./services/databases/virtuoso.nix
./services/databases/monetdb.nix
./services/desktops/accountservice.nix
./services/desktops/gnome3/at-spi2-core.nix
./services/desktops/gnome3/evolution-data-server.nix
./services/desktops/gnome3/sushi.nix
./services/desktops/telepathy.nix
./services/games/ghost-one.nix
./services/games/minecraft-server.nix
./services/hardware/acpid.nix
@ -133,6 +138,7 @@
./services/misc/nix-gc.nix
./services/misc/nix-ssh-serve.nix
./services/misc/nixos-manual.nix
./services/misc/rippled.nix
./services/misc/rogue.nix
./services/misc/svnserve.nix
./services/misc/synergy.nix
@ -158,6 +164,7 @@
./services/networking/bind.nix
./services/networking/bitlbee.nix
./services/networking/btsync.nix
./services/networking/cjdns.nix
./services/networking/connman.nix
./services/networking/cntlm.nix
./services/networking/chrony.nix
@ -181,6 +188,7 @@
./services/networking/ircd-hybrid/default.nix
./services/networking/kippo.nix
./services/networking/minidlna.nix
./services/networking/murmur.nix
./services/networking/nat.nix
./services/networking/networkmanager.nix
./services/networking/ngircd.nix
@ -299,6 +307,7 @@
./tasks/scsi-link-power-management.nix
./tasks/swraid.nix
./testing/service-runner.nix
./virtualisation/container-config.nix
./virtualisation/containers.nix
./virtualisation/libvirtd.nix
#./virtualisation/nova.nix

1
nixos/modules/profiles/installation-device.nix
View File

@ -45,7 +45,6 @@ with pkgs.lib;
# Enable wpa_supplicant, but don't start it by default.
networking.wireless.enable = true;
networking.wireless.userControlled.enable = true;
jobs.wpa_supplicant.startOn = pkgs.lib.mkOverride 50 "";
# Tell the Nix evaluator to garbage collect more aggressively.

2
nixos/modules/programs/ssh.nix
View File

@ -31,7 +31,7 @@ in
setXAuthLocation = mkOption {
type = types.bool;
default = true;
default = config.services.xserver.enable;
description = ''
Whether to set the path to <command>xauth</command> for X11-forwarded connections.
This causes a dependency on X11 packages.

5
nixos/modules/services/continuous-integration/jenkins/default.nix
View File

@ -25,7 +25,8 @@ in {
default = "jenkins";
type = with types; string;
description = ''
User the jenkins server should execute under.
If the default user "jenkins" is configured then this is the primary
group of that user.
'';
};
@ -42,7 +43,7 @@ in {
default = 8080;
type = types.uniq types.int;
description = ''
Specifies port number on which the jenkins HTTP interface listens. The default is 8080
Specifies port number on which the jenkins HTTP interface listens. The default is 8080.
'';
};

3
nixos/modules/services/continuous-integration/jenkins/slave.nix
View File

@ -33,7 +33,8 @@ in {
default = "jenkins";
type = with types; string;
description = ''
User the jenkins slave agent should execute under.
If the default slave agent user "jenkins" is configured then this is
the primary group of that user.
'';
};

8
nixos/modules/services/databases/postgresql.nix
View File

@ -197,6 +197,7 @@ in
fi
rm -f ${cfg.dataDir}/*.conf
touch "${cfg.dataDir}/.first_startup"
touch "${cfg.dataDir}/postgresql-user-created"
fi
ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf"
@ -225,11 +226,16 @@ in
# Wait for PostgreSQL to be ready to accept connections.
postStart =
''
while ! su -s ${pkgs.stdenv.shell} postgres -c 'psql postgres -c ""' 2> /dev/null; do
while ! ${pkgs.postgresql93}/bin/pg_isready > /dev/null; do
if ! kill -0 "$MAINPID"; then exit 1; fi
sleep 0.1
done
if ! [ -e ${cfg.dataDir}/postgresql-user-created ]; then
createuser --superuser postgres
touch ${cfg.dataDir}/postgresql-user-created
fi
if test -e "${cfg.dataDir}/.first_startup"; then
${optionalString (cfg.initialScript != null) ''
cat "${cfg.initialScript}" | su -s ${pkgs.stdenv.shell} postgres -c 'psql postgres'

40
nixos/modules/services/desktops/accountservice.nix Normal file
View File

@ -0,0 +1,40 @@
# AccountsService daemon.
{ config, pkgs, ... }:
with pkgs.lib;
{
###### interface
options = {
services.accounts-daemon = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable AccountsService, a DBus service for accessing
the list of user accounts and information attached to those accounts.
'';
};
};
};
###### implementation
config = mkIf config.services.accounts-daemon.enable {
environment.systemPackages = [ pkgs.accountservice ];
services.dbus.packages = [ pkgs.accountservice ];
systemd.packages = [ pkgs.accountservice ];
};
}

39
nixos/modules/services/desktops/gnome3/at-spi2-core.nix Normal file
View File

@ -0,0 +1,39 @@
# at-spi2-core daemon.
{ config, pkgs, ... }:
with pkgs.lib;
{
###### interface
options = {
services.gnome3.at-spi2-core = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable at-spi2-core, a service for the Assistive Technologies
available on the GNOME platform.
'';
};
};
};
###### implementation
config = mkIf config.services.gnome3.at-spi2-core.enable {
environment.systemPackages = [ pkgs.gnome3.at_spi2_core ];
services.dbus.packages = [ pkgs.gnome3.at_spi2_core ];
};
}

39
nixos/modules/services/desktops/gnome3/evolution-data-server.nix Normal file
View File

@ -0,0 +1,39 @@
# Evolution Data Server daemon.
{ config, pkgs, ... }:
with pkgs.lib;
{
###### interface
options = {
services.gnome3.evolution-data-server = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Evolution Data Server, a collection of services for
storing addressbooks and calendars.
'';
};
};
};
###### implementation
config = mkIf config.services.gnome3.evolution-data-server.enable {
environment.systemPackages = [ pkgs.evolution_data_server ];
services.dbus.packages = [ pkgs.evolution_data_server ];
};
}

38
nixos/modules/services/desktops/gnome3/sushi.nix Normal file
View File

@ -0,0 +1,38 @@
# GNOME Sushi daemon.
{ config, pkgs, ... }:
with pkgs.lib;
{
###### interface
options = {
services.gnome3.sushi = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Sushi, a quick previewer for nautilus.
'';
};
};
};
###### implementation
config = mkIf config.services.gnome3.sushi.enable {
environment.systemPackages = [ pkgs.gnome3.sushi ];
services.dbus.packages = [ pkgs.gnome3.sushi ];
};
}

39
nixos/modules/services/desktops/telepathy.nix Normal file
View File

@ -0,0 +1,39 @@
# Telepathy daemon.
{ config, pkgs, ... }:
with pkgs.lib;
{
###### interface
options = {
services.telepathy = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Telepathy service, a communications framework
that enables real-time communication via pluggable protocol backends.
'';
};
};
};
###### implementation
config = mkIf config.services.telepathy.enable {
environment.systemPackages = [ pkgs.telepathy_mission_control ];
services.dbus.packages = [ pkgs.telepathy_mission_control ];
};
}

2
nixos/modules/services/hardware/udisks.nix
View File

@ -40,8 +40,6 @@ with pkgs.lib;
'';
services.udev.packages = [ pkgs.udisks ];
systemd.packages = [ pkgs.udisks ];
};
}

2
nixos/modules/services/misc/nix-daemon.nix
View File

@ -253,7 +253,7 @@ in
config = {
nix.chrootDirs = [ "/dev" "/dev/pts" "/proc" "/bin" ];
nix.chrootDirs = [ "/bin" ];
environment.etc."nix/nix.conf".source = nixConf;

314
nixos/modules/services/misc/rippled.nix Normal file
View File

@ -0,0 +1,314 @@
# configuration building is commented out until better tested.
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.rippled;
rippledStateCfgFile = "/var/lib/rippled/rippled.cfg";
rippledCfg = ''
[node_db]
type=HyperLevelDB
path=/var/lib/rippled/db/hyperldb
[debug_logfile]
/var/log/rippled/debug.log
''
+ optionalString (cfg.peerIp != null) ''
[peer_ip]
${cfg.peerIp}
[peer_port]
${toString cfg.peerPort}
''
+ cfg.extraConfig;
rippledCfgFile = pkgs.writeText "rippled.cfg" rippledCfg;
in
{
###### interface
options = {
services.rippled = {
enable = mkOption {
default = false;
description = "Whether to enable rippled";
};
#
# Rippled has a simple configuration file layout that is easy to
# build with nix. Many of the options are defined here but are
# commented out until the code to append them to the config above
# is written and they are tested.
#
# If you find a yourself implementing more options, please submit a
# pull request.
#
/*
ips = mkOption {
default = [ "r.ripple.com 51235" ];
example = [ "192.168.0.1" "192.168.0.1 3939" "r.ripple.com 51235" ];
description = ''
List of hostnames or ips where the Ripple protocol is served.
For a starter list, you can either copy entries from:
https://ripple.com/ripple.txt or if you prefer you can let it
default to r.ripple.com 51235
A port may optionally be specified after adding a space to the
address. By convention, if known, IPs are listed in from most
to least trusted.
'';
};
ipsFixed = mkOption {
default = null;
example = [ "192.168.0.1" "192.168.0.1 3939" "r.ripple.com 51235" ];
description = ''
List of IP addresses or hostnames to which rippled should always
attempt to maintain peer connections with. This is useful for
manually forming private networks, for example to configure a
validation server that connects to the Ripple network through a
public-facing server, or for building a set of cluster peers.
A port may optionally be specified after adding a space to the address
'';
};
*/
peerIp = mkOption {
default = null;
example = "0.0.0.0";
description = ''
IP address or domain to bind to allow external connections from peers.
Defaults to not binding, which disallows external connections from peers.
'';
};
peerPort = mkOption {
default = 51235;
description = ''
If peerIp is supplied, corresponding port to bind to for peer connections.
'';
};
/*
peerPortProxy = mkOption {
type = types.int;
example = 51236;
description = ''
An optional, additional listening port number for peers. Incoming
connections on this port will be required to provide a PROXY Protocol
handshake, described in this document (external link):
http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
The PROXY Protocol is a popular method used by elastic load balancing
service providers such as Amazon, to identify the true IP address and
port number of external incoming connections.
In addition to enabling this setting, it will also be required to
use your provider-specific control panel or administrative web page
to configure your server instance to receive PROXY Protocol handshakes,
and also to restrict access to your instance to the Elastic Load Balancer.
'';
};
peerPrivate = mkOption {
default = null;
example = 0;
description = ''
0: Request peers to broadcast your address. Normal outbound peer connections [default]
1: Request peers not broadcast your address. Only connect to configured peers.
'';
};
peerSslCipherList = mkOption {
default = null;
example = "ALL:!LOW:!EXP:!MD5:@STRENGTH";
description = ''
A colon delimited string with the allowed SSL cipher modes for peer. The
choices for for ciphers are defined by the OpenSSL API function
SSL_CTX_set_cipher_list, documented here (external link):
http://pic.dhe.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=%2Fcom.ibm.ztpf-ztpfdf.doc_put.cur%2Fgtpc2%2Fcpp_ssl_ctx_set_cipher_list.html
The default setting of "ALL:!LOW:!EXP:!MD5:@STRENGTH", which allows
non-authenticated peer connections (they are, however, secure).
'';
};
nodeSeed = mkOption {
default = null;
example = "RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE";
description = ''
This is used for clustering. To force a particular node seed or key, the
key can be set here. The format is the same as the validation_seed field.
To obtain a validation seed, use the rippled validation_create command.
'';
};
clusterNodes = mkOption {
default = null;
example = [ "n9KorY8QtTdRx7TVDpwnG9NvyxsDwHUKUEeDLY3AkiGncVaSXZi5" ];
description = ''
To extend full trust to other nodes, place their node public keys here.
Generally, you should only do this for nodes under common administration.
Node public keys start with an 'n'. To give a node a name for identification
place a space after the public key and then the name.
'';
};
sntpServers = mkOption {
default = null;
example = [ "time.nist.gov" "pool.ntp.org" ];
description = ''
IP address or domain of NTP servers to use for time synchronization.
'';
};
# TODO: websocket options
rpcAllowRemote = mkOption {
default = false;
description = ''
false: Allow RPC connections only from 127.0.0.1. [default]
true: Allow RPC connections from any IP.
'';
};
rpcAdminAllow = mkOption {
example = [ "10.0.0.4" ];
description = ''
List of IP addresses allowed to have admin access.
'';
};
rpcAdminUser = mkOption {
type = types.str;
description = ''
As a server, require this as the admin user to be specified. Also, require
rpc_admin_user and rpc_admin_password to be checked for RPC admin functions.
The request must specify these as the admin_user and admin_password in the
request object.
'';
};
rpcAdminPassword = mkOption {
type = types.str;
description = ''
As a server, require this as the admin pasword to be specified. Also,
require rpc_admin_user and rpc_admin_password to be checked for RPC admin
functions. The request must specify these as the admin_user and
admin_password in the request object.
'';
};
rpcIp = mkOption {
type = types.str;
description = ''
IP address or domain to bind to allow insecure RPC connections.
Defaults to not binding, which disallows RPC connections.
'';
};
rpcPort = mkOption {
type = types.int;
description = ''
If rpcIp is supplied, corresponding port to bind to for peer connections.
'';
};
rpcUser = mkOption {
type = types.str;
description = ''
Require a this user to specified and require rpcPassword to
be checked for RPC access via the rpcIp and rpcPort. The user and password
must be specified via HTTP's basic authentication method.
As a client, supply this to the server via HTTP's basic authentication
method.
'';
};
rpcPassword = mkOption {
type = types.str;
description = ''
Require a this password to specified and require rpc_user to
be checked for RPC access via the rpcIp and rpcPort. The user and password
must be specified via HTTP's basic authentication method.
As a client, supply this to the server via HTTP's basic authentication
method.
'';
};
rpcStartup = mkOption {
example = [ ''"command" : "log_level"'' ''"partition" : "ripplecalc"'' ''"severity" : "trace"'' ];
description = "List of RPC commands to run at startup.";
};
rpcSecure = mkOption {
default = false;
description = ''
false: Server certificates are not provided for RPC clients using SSL [default]
true: Client RPC connections wil be provided with SSL certificates.
Note that if rpc_secure is enabled, it will also be necessasry to configure the
certificate file settings located in rpcSslCert, rpcSslChain, and rpcSslKey
'';
};
*/
extraConfig = mkOption {
default = "";
description = ''
Extra lines to be added verbatim to the rippled.cfg configuration file.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
users.extraUsers = singleton
{ name = "rippled";
description = "Ripple server user";
uid = config.ids.uids.rippled;
home = "/var/lib/rippled";
};
systemd.services.rippled = {
path = [ pkgs.rippled ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.rippled}/bin/rippled --fg -q --conf ${rippledStateCfgFile}";
WorkingDirectory = "/var/lib/rippled";
};
};
networking.firewall.allowedTCPPorts = mkIf (cfg.peerIp != null) [ cfg.peerPort ];
system.activationScripts.rippled = ''
mkdir -p /var/{lib,log}/rippled
chown -R rippled /var/{lib,log}/rippled
ln -sf ${rippledCfgFile} ${rippledStateCfgFile}
'';
};
}

4
nixos/modules/services/networking/avahi-daemon.nix
View File

@ -142,6 +142,10 @@ in
services.dbus.enable = true;
services.dbus.packages = [avahi];
# Enabling Avahi without exposing it in the firewall doesn't make
# sense.
networking.firewall.allowedUDPPorts = [ 5353 ];
};
}

207
nixos/modules/services/networking/cjdns.nix Normal file
View File

@ -0,0 +1,207 @@
# You may notice the commented out sections in this file,
# it would be great to configure cjdns from nix, but cjdns
# reads its configuration from stdin, including the private
# key and admin password, all nested in a JSON structure.
#
# Until a good method of storing the keys outside the nix
# store and mixing them back into a string is devised
# (without too much shell hackery), a skeleton of the
# configuration building lies commented out.
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.cjdns;
/*
# can't keep keys and passwords in the nix store,
# but don't want to deal with this stdin quagmire.
cjdrouteConf = '' {
"admin": {"bind": "${cfg.admin.bind}", "password": "\${CJDNS_ADMIN}" },
"privateKey": "\${CJDNS_KEY}",
"interfaces": {
''
+ optionalString (cfg.interfaces.udp.bind.address != null) ''
"UDPInterface": [ {
"bind": "${cfg.interfaces.udp.bind.address}:"''
${if cfg.interfaces.upd.bind.port != null
then ${toString cfg.interfaces.udp.bind.port}
else ${RANDOM}
fi)
+ '' } ]''
+ (if cfg.interfaces.eth.bind != null then ''
"ETHInterface": [ {
"bind": "${cfg.interfaces.eth.bind}",
"beacon": ${toString cfg.interfaces.eth.beacon}
} ]
'' fi )
+ ''
},
"router": { "interface": { "type": "TUNInterface" }, },
"security": [ { "setuser": "nobody" } ]
}
'';
cjdrouteConfFile = pkgs.writeText "cjdroute.conf" cjdrouteConf
*/
in
{
options = {
services.cjdns = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable this option to start a instance of the
cjdns network encryption and and routing engine.
Configuration will be read from <literal>confFile</literal>.
'';
};
confFile = mkOption {
default = "/etc/cjdroute.conf";
description = ''
Configuration file to pipe to cjdroute.
'';
};
/*
admin = {
bind = mkOption {
default = "127.0.0.1:11234";
description = ''
Bind the administration port to this address and port.
'';
};
passwordFile = mkOption {
example = "/root/cjdns.adminPassword";
description = ''
File containing a password to the administration port.
'';
};
};
keyFile = mkOption {
type = types.str;
example = "/root/cjdns.key";
description = ''
Path to a file containing a cjdns private key on a single line.
'';
};
passwordsFile = mkOption {
type = types.str;
default = null;
example = "/root/cjdns.authorizedPasswords";
description = ''
A file containing a list of json dictionaries with passwords.
For example:
{"password": "s8xf5z7znl4jt05g922n3wpk75wkypk"},
{ "name": "nice guy",
"password": "xhthk1mglz8tpjrbbvdlhyc092rhpx5"},
{"password": "3qfxyhmrht7uwzq29pmhbdm9w4bnc8w"}
'';
};
interfaces = {
udp = {
bind = {
address = mkOption {
default = "0.0.0.0";
description = ''
Address to bind UDP tunnels to; disable by setting to null;
'';
};
port = mkOption {
type = types.int;
default = null;
description = ''
Port to bind UDP tunnels to.
A port will be choosen at random if this is not set.
This option is required to act as the server end of
a tunnel.
'';
};
};
};
eth = {
bind = mkOption {
default = null;
example = "eth0";
description = ''
Bind to this device and operate with native wire format.
'';
};
beacon = mkOption {
default = 2;
description = ''
Auto-connect to other cjdns nodes on the same network.
Options:
0 -- Disabled.
1 -- Accept beacons, this will cause cjdns to accept incoming
beacon messages and try connecting to the sender.
2 -- Accept and send beacons, this will cause cjdns to broadcast
messages on the local network which contain a randomly
generated per-session password, other nodes which have this
set to 1 or 2 will hear the beacon messages and connect
automatically.
'';
};
connectTo = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Credentials for connecting look similar to UDP credientials
except they begin with the mac address, for example:
"01:02:03:04:05:06":{"password":"a","publicKey":"b"}
'';
};
};
};
*/
};
};
config = mkIf config.services.cjdns.enable {
boot.kernelModules = [ "tun" ];
/*
networking.firewall.allowedUDPPorts = mkIf (cfg.udp.bind.port != null) [
cfg.udp.bind.port
];
*/
systemd.services.cjdns = {
description = "encrypted networking for everybody";
wantedBy = [ "multi-user.target" ];
wants = [ "network.target" ];
before = [ "network.target" ];
path = [ pkgs.cjdns ];
serviceConfig = {
Type = "forking";
ExecStart = ''
${pkgs.stdenv.shell} -c "${pkgs.cjdns}/sbin/cjdroute < ${cfg.confFile}"
'';
Restart = "on-failure";
};
};
};
}

5
nixos/modules/services/networking/dhcpcd.nix
View File

@ -34,8 +34,9 @@ let
# Ignore peth* devices; on Xen, they're renamed physical
# Ethernet cards used for bridging. Likewise for vif* and tap*
# (Xen) and virbr* and vnet* (libvirt).
denyinterfaces ${toString ignoredInterfaces} peth* vif* tap* tun* virbr* vnet* vboxnet*
# (Xen) and virbr* and vnet* (libvirt) and c-* and ctmp-* (NixOS
# containers).
denyinterfaces ${toString ignoredInterfaces} peth* vif* tap* tun* virbr* vnet* vboxnet* c-* ctmp-*
${config.networking.dhcpcd.extraConfig}
'';

8
nixos/modules/services/networking/firewall.nix
View File

@ -32,9 +32,9 @@ let
''
# Helper command to manipulate both the IPv4 and IPv6 tables.
ip46tables() {
iptables "$@"
iptables -w "$@"
${optionalString config.networking.enableIPv6 ''
ip6tables "$@"
ip6tables -w "$@"
''}
}
'';
@ -54,7 +54,7 @@ in
networking.firewall.enable = mkOption {
type = types.bool;
default = false;
default = true;
description =
''
Whether to enable the firewall. This is a simple stateful
@ -386,7 +386,7 @@ in
# Optionally respond to ICMPv4 pings.
${optionalString cfg.allowPing ''
iptables -A nixos-fw -p icmp --icmp-type echo-request ${optionalString (cfg.pingLimit != null)
iptables -w -A nixos-fw -p icmp --icmp-type echo-request ${optionalString (cfg.pingLimit != null)
"-m limit ${cfg.pingLimit} "
}-j nixos-fw-accept
''}

253
nixos/modules/services/networking/murmur.nix Normal file
View File

@ -0,0 +1,253 @@
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.murmur;
configFile = pkgs.writeText "murmurd.ini" ''
database=/var/lib/murmur/murmur.sqlite
dbDriver=QSQLITE
autobanAttempts=${toString cfg.autobanAttempts}
autobanTimeframe=${toString cfg.autobanTimeframe}
autobanTime=${toString cfg.autobanTime}
logfile=/var/log/murmur/murmurd.log
pidfile=${cfg.pidfile}
welcome="${cfg.welcome}"
port=${toString cfg.port}
${if cfg.hostName == "" then "" else "host="+cfg.hostName}
${if cfg.password == "" then "" else "serverpassword="+cfg.password}
bandwidth=${toString cfg.bandwidth}
users=${toString cfg.users}
textmessagelength=${toString cfg.textMsgLength}
imagemessagelength=${toString cfg.imgMsgLength}
allowhtml=${if cfg.allowHtml then "true" else "false"}
logdays=${toString cfg.logDays}
bonjour=${if cfg.bonjour then "true" else "false"}
sendversion=${if cfg.sendVersion then "true" else "false"}
${if cfg.registerName == "" then "" else "registerName="+cfg.registerName}
${if cfg.registerPassword == "" then "" else "registerPassword="+cfg.registerPassword}
${if cfg.registerUrl == "" then "" else "registerUrl="+cfg.registerUrl}
${if cfg.registerHostname == "" then "" else "registerHostname="+cfg.registerHostname}
certrequired=${if cfg.clientCertRequired then "true" else "false"}
${if cfg.sslCert == "" then "" else "sslCert="+cfg.sslCert}
${if cfg.sslKey == "" then "" else "sslKey="+cfg.sslKey}
'';
in
{
options = {
services.murmur = {
enable = mkOption {
type = types.bool;
default = false;
description = "If enabled, start the Murmur Service.";
};
autobanAttempts = mkOption {
type = types.int;
default = 10;
description = ''
Number of attempts a client is allowed to make in
<literal>autobanTimeframe</literal> seconds, before being
banned for <literal>autobanTime</literal>.
'';
};
autobanTimeframe = mkOption {
type = types.int;
default = 120;
description = ''
Timeframe in which a client can connect without being banned
for repeated attempts (in seconds).
'';
};
autobanTime = mkOption {
type = types.int;
default = 300;
description = "The amount of time an IP ban lasts (in seconds).";
};
pidfile = mkOption {
type = types.path;
default = "/tmp/murmurd.pid";
description = "Path to PID file for Murmur daemon.";
};
welcome = mkOption {
type = types.str;
default = "";
description = "Welcome message for connected clients.";
};
port = mkOption {
type = types.int;
default = 64738;
description = "Ports to bind to (UDP and TCP).";
};
hostName = mkOption {
type = types.str;
default = "";
description = "Host to bind to. Defaults binding on all addresses.";
};
password = mkOption {
type = types.str;
default = "";
description = "Required password to join server, if specified.";
};
bandwidth = mkOption {
type = types.int;
default = 72000;
description = ''
Maximum bandwidth (in bits per second) that clients may send
speech at.
'';
};
users = mkOption {
type = types.int;
default = 100;
description = "Maximum number of concurrent clients allowed.";
};
textMsgLength = mkOption {
type = types.int;
default = 5000;
description = "Max length of text messages. Set 0 for no limit.";
};
imgMsgLength = mkOption {
type = types.int;
default = 131072;
description = "Max length of image messages. Set 0 for no limit.";
};
allowHtml = mkOption {
type = types.bool;
default = true;
description = ''
Allow HTML in client messages, comments, and channel
descriptions.
'';
};
logDays = mkOption {
type = types.int;
default = 31;
description = ''
How long to store RPC logs for in the database. Set 0 to
keep logs forever, or -1 to disable DB logging.
'';
};
bonjour = mkOption {
type = types.bool;
default = false;
description = ''
Enable Bonjour auto-discovery, which allows clients over
your LAN to automatically discover Murmur servers.
'';
};
sendVersion = mkOption {
type = types.bool;
default = true;
description = "Send Murmur version in UDP response.";
};
registerName = mkOption {
type = types.str;
default = "";
description = ''
Public server registration name, and also the name of the
Root channel. Even if you don't publicly register your
server, you probably still want to set this.
'';
};
registerPassword = mkOption {
type = types.str;
default = "";
description = ''
Public server registry password, used authenticate your
server to the registry to prevent impersonation; required for
subsequent registry updates.
'';
};
registerUrl = mkOption {
type = types.str;
default = "";
description = "URL website for your server.";
};
registerHostname = mkOption {
type = types.str;
default = "";
description = ''
DNS hostname where your server can be reached. This is only
needed if you want your server to be accessed by its
hostname and not IP - but the name *must* resolve on the
internet properly.
'';
};
clientCertRequired = mkOption {
type = types.bool;
default = false;
description = "Require clients to authenticate via certificates.";
};
sslCert = mkOption {
type = types.str;
default = "";
description = "Path to your SSL certificate.";
};
sslKey = mkOption {
type = types.str;
default = "";
description = "Path to your SSL key.";
};
};
};
config = mkIf cfg.enable {
users.extraUsers.murmur = {
description = "Murmur Service user";
home = "/var/lib/murmur";
createHome = true;
uid = config.ids.uids.murmur;
};
systemd.services.murmur = {
description = "Murmur Chat Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target "];
serviceConfig = {
Type = "forking";
PIDFile = cfg.pidfile;
Restart = "always";
User = "murmur";
ExecStart = "${pkgs.murmur}/bin/murmurd -ini ${configFile}";
PermissionsStartOnly = true;
};
preStart = ''
mkdir -p /var/log/murmur
chown -R murmur /var/log/murmur
'';
};
};
}

61
nixos/modules/services/networking/nat.nix
View File

@ -10,6 +10,8 @@ let
cfg = config.networking.nat;
dest = if cfg.externalIP == null then "-j MASQUERADE" else "-j SNAT --to-source ${cfg.externalIP}";
in
{
@ -27,14 +29,27 @@ in
'';
};
networking.nat.internalInterfaces = mkOption {
type = types.listOf types.str;
default = [];
example = [ "eth0" ];
description =
''
The interfaces for which to perform NAT. Packets coming from
these interface and destined for the external interface will
be rewritten.
'';
};
networking.nat.internalIPs = mkOption {
type = types.listOf types.str;
example = [ "192.168.1.0/24" ] ;
default = [];
example = [ "192.168.1.0/24" ];
description =
''
The IP address ranges for which to perform NAT. Packets
coming from these networks and destined for the external
interface will be rewritten.
coming from these addresses (on any interface) and destined
for the external interface will be rewritten.
'';
};
@ -80,25 +95,37 @@ in
preStart =
''
iptables -t nat -F POSTROUTING
iptables -t nat -X
''
+ (concatMapStrings (network:
''
iptables -t nat -A POSTROUTING \
-s ${network} -o ${cfg.externalInterface} \
${if cfg.externalIP == null
then "-j MASQUERADE"
else "-j SNAT --to-source ${cfg.externalIP}"}
''
) cfg.internalIPs) +
''
iptables -w -t nat -F PREROUTING
iptables -w -t nat -F POSTROUTING
iptables -w -t nat -X
# We can't match on incoming interface in POSTROUTING, so
# mark packets coming from the external interfaces.
${concatMapStrings (iface: ''
iptables -w -t nat -A PREROUTING \
-i '${iface}' -j MARK --set-mark 1
'') cfg.internalInterfaces}
# NAT the marked packets.
${optionalString (cfg.internalInterfaces != []) ''
iptables -w -t nat -A POSTROUTING -m mark --mark 1 \
-o ${cfg.externalInterface} ${dest}
''}
# NAT packets coming from the internal IPs.
${concatMapStrings (range: ''
iptables -w -t nat -A POSTROUTING \
-s '${range}' -o ${cfg.externalInterface} ${dest}
'') cfg.internalIPs}
echo 1 > /proc/sys/net/ipv4/ip_forward
'';
postStop =
''
iptables -t nat -F POSTROUTING
iptables -w -t nat -F PREROUTING
iptables -w -t nat -F POSTROUTING
iptables -w -t nat -X
'';
};
};

2
nixos/modules/services/networking/ntpd.nix
View File

@ -36,7 +36,7 @@ in
services.ntp = {
enable = mkOption {
default = true;
default = !config.boot.isContainer;
description = ''
Whether to synchronise your machine's time using the NTP
protocol.

68
nixos/modules/services/security/fprot.nix
View File

@ -10,33 +10,31 @@ in {
services.fprot = {
updater = {
enable = mkOption {
default = false;
description = ''
Whether to enable automatic F-Prot virus definitions database updates.
'';
};
enable = mkOption {
default = false;
description = ''
Whether to enable automatic F-Prot virus definitions database updates.
'';
};
productData = mkOption {
default = "${pkgs.fprot}/opt/f-prot/product.data";
description = ''
product.data file. Defaults to the one supplied with installation package.
'';
};
productData = mkOption {
description = ''
product.data file. Defaults to the one supplied with installation package.
'';
};
frequency = mkOption {
default = 30;
description = ''
Update virus definitions every X minutes.
'';
};
frequency = mkOption {
default = 30;
description = ''
Update virus definitions every X minutes.
'';
};
licenseKeyfile = mkOption {
default = "${pkgs.fprot}/opt/f-prot/license.key";
description = ''
License keyfile. Defaults to the one supplied with installation package.
'';
};
licenseKeyfile = mkOption {
description = ''
License keyfile. Defaults to the one supplied with installation package.
'';
};
};
};
@ -45,6 +43,10 @@ in {
###### implementation
config = mkIf cfg.updater.enable {
services.fprot.updater.productData = mkDefault "${pkgs.fprot}/opt/f-prot/product.data";
services.fprot.updater.licenseKeyfile = mkDefault "${pkgs.fprot}/opt/f-prot/license.key";
environment.systemPackages = [ pkgs.fprot ];
environment.etc = singleton {
source = "${pkgs.fprot}/opt/f-prot/f-prot.conf";
@ -67,22 +69,22 @@ in {
jobs = {
fprot_updater = {
name = "fprot-updater";
task = true;
name = "fprot-updater";
task = true;
# have to copy fpupdate executable because it insists on storing the virus database in the same dir
# have to copy fpupdate executable because it insists on storing the virus database in the same dir
preStart = ''
mkdir -m 0755 -p ${stateDir}
chown ${fprotUser}:${fprotGroup} ${stateDir}
cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir}
ln -sf ${cfg.updater.productData} ${stateDir}/product.data
cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir}
ln -sf ${cfg.updater.productData} ${stateDir}/product.data
'';
#setuid = fprotUser;
#setgid = fprotGroup;
#setuid = fprotUser;
#setgid = fprotGroup;
exec = "/var/lib/fprot/fpupdate --keyfile ${cfg.updater.licenseKeyfile}";
};
};
};
};
}
}

2
nixos/modules/services/web-servers/apache-httpd/default.nix
View File

@ -621,7 +621,7 @@ in
{ description = "Apache HTTPD";
wantedBy = [ "multi-user.target" ];
requires = [ "keys.target" ];
wants = [ "keys.target" ];
after = [ "network.target" "fs.target" "postgresql.service" "keys.target" ];
path =

9
nixos/modules/services/web-servers/phpfpm.nix
View File

@ -35,6 +35,13 @@ in {
'';
};
phpPackage = mkOption {
default = pkgs.php54;
description = ''
The PHP package to use for running the FPM service.
'';
};
poolConfigs = mkOption {
type = types.attrsOf types.lines;
default = {};
@ -68,7 +75,7 @@ in {
mkdir -p "${stateDir}"
'';
serviceConfig = {
ExecStart = "${pkgs.php54}/sbin/php-fpm -y ${cfgFile}";
ExecStart = "${cfg.phpPackage}/sbin/php-fpm -y ${cfgFile}";
PIDFile = pidFile;
};
};

53
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -15,6 +15,13 @@ in {
description = "Enable Gnome 3 desktop manager.";
};
environment.gnome3.excludePackages = mkOption {
default = [];
example = "[ pkgs.gnome3.totem ]";
type = types.listOf types.package;
description = "Which packages gnome should exclude from the default environment";
};
};
config = mkIf cfg.enable {
@ -22,6 +29,11 @@ in {
# Enable helpful DBus services.
security.polkit.enable = true;
services.udisks2.enable = true;
services.accounts-daemon.enable = true;
services.gnome3.at-spi2-core.enable = true;
services.gnome3.evolution-data-server.enable = true;
services.gnome3.sushi.enable = true;
services.telepathy.enable = true;
networking.networkmanager.enable = true;
services.upower.enable = config.powerManagement.enable;
@ -46,24 +58,35 @@ in {
environment.variables.GIO_EXTRA_MODULES = [ "${gnome3.dconf}/lib/gio/modules"
"${pkgs.glib_networking}/lib/gio/modules" ];
environment.systemPackages =
[ gnome3.evince
gnome3.eog
gnome3.dconf
gnome3.vino
gnome3.epiphany
gnome3.baobab
gnome3.gucharmap
gnome3.nautilus
gnome3.yelp
[ gnome3.dconf
pkgs.glib_networking
pkgs.ibus
gnome3.gnome_shell
gnome3.gnome_settings_daemon
gnome3.gnome_terminal
gnome3.gnome_icon_theme
gnome3.gnome_themes_standard
gnome3.gnome-backgrounds
gnome3.gnome_control_center
];
gnome3.gnome_icon_theme
gnome3.gnome_settings_daemon
gnome3.gnome_shell
gnome3.gnome_themes_standard
] ++ (lists.difference [
gnome3.baobab
gnome3.eog
gnome3.epiphany
gnome3.evince
gnome3.gucharmap
gnome3.nautilus
gnome3.totem
gnome3.vino
gnome3.yelp
gnome3.gnome-calculator
gnome3.gnome-contacts
gnome3.gnome-font-viewer
gnome3.gnome-screenshot
gnome3.gnome-system-log
gnome3.gnome-system-monitor
gnome3.gnome_terminal
gnome3.file-roller
] config.environment.gnome3.excludePackages);
};

12
nixos/modules/system/activation/switch-to-configuration.pl
View File

@ -26,7 +26,10 @@ EOF
exit 1;
}
die "This is not a NixOS installation (/etc/NIXOS is missing)!\n" unless -f "/etc/NIXOS";
# This is a NixOS installation if it has /etc/NIXOS or a proper
# /etc/os-release.
die "This is not a NixOS installation!\n" unless
-f "/etc/NIXOS" || (read_file("/etc/os-release", err_mode => 'quiet') // "") =~ /ID=nixos/s;
openlog("nixos", "", LOG_USER);
@ -173,7 +176,10 @@ while (my ($unit, $state) = each %{$activePrev}) {
# FIXME: do something?
} else {
my $unitInfo = parseUnit($newUnitFile);
if (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes")) {
if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) {
write_file($reloadListFile, { append => 1 }, "$unit\n");
}
elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes")) {
push @unitsToSkip, $unit;
} else {
# If this unit is socket-activated, then stop the
@ -321,7 +327,7 @@ if (scalar @restart > 0) {
# that are symlinks to other units. We shouldn't start both at the
# same time because we'll get a "Failed to add path to set" error from
# systemd.
my @start = unique("default.target", "timers.target", split('\n', read_file($startListFile, err_mode => 'quiet') // ""));
my @start = unique("default.target", "timers.target", "sockets.target", split('\n', read_file($startListFile, err_mode => 'quiet') // ""));
print STDERR "starting the following units: ", join(", ", sort(@start)), "\n";
system("@systemd@/bin/systemctl", "start", "--", @start) == 0 or $res = 4;
unlink($startListFile);

11
nixos/modules/system/boot/systemd-unit-options.nix
View File

@ -243,6 +243,17 @@ in rec {
'';
};
reloadIfChanged = mkOption {
type = types.bool;
default = false;
description = ''
Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed. If
enabled, the value of <option>restartIfChanged</option> is
ignored.
'';
};
stopIfChanged = mkOption {
type = types.bool;
default = true;

6
nixos/modules/system/boot/systemd.nix
View File

@ -279,7 +279,11 @@ let
[Service]
${let env = cfg.globalEnvironment // def.environment;
in concatMapStrings (n: "Environment=\"${n}=${getAttr n env}\"\n") (attrNames env)}
${optionalString (!def.restartIfChanged) "X-RestartIfChanged=false"}
${if def.reloadIfChanged then ''
X-ReloadIfChanged=true
'' else if !def.restartIfChanged then ''
X-RestartIfChanged=false
'' else ""}
${optionalString (!def.stopIfChanged) "X-StopIfChanged=false"}
${attrsToSection def.serviceConfig}
'';

103
nixos/modules/virtualisation/container-config.nix Normal file
View File

@ -0,0 +1,103 @@
{ config, pkgs, lib, ... }:
with lib;
{
config = mkIf config.boot.isContainer {
# Provide a login prompt on /var/lib/login.socket. On the host,
# you can connect to it by running socat
# unix:<path-to-container>/var/lib/login.socket -,echo=0,raw.
systemd.sockets.login =
{ description = "Login Socket";
wantedBy = [ "sockets.target" ];
socketConfig =
{ ListenStream = "/var/lib/login.socket";
SocketMode = "0666";
Accept = true;
};
};
systemd.services."login@" =
{ description = "Login %i";
environment.TERM = "linux";
serviceConfig =
{ Type = "simple";
StandardInput = "socket";
ExecStart = "${pkgs.socat}/bin/socat -t0 - exec:${pkgs.shadow}/bin/login,pty,setsid,setpgid,stderr,ctty";
TimeoutStopSec = 1; # FIXME
};
};
# Also provide a root login prompt on /var/lib/root-login.socket
# that doesn't ask for a password. This socket can only be used by
# root on the host.
systemd.sockets.root-login =
{ description = "Root Login Socket";
wantedBy = [ "sockets.target" ];
socketConfig =
{ ListenStream = "/var/lib/root-login.socket";
SocketMode = "0600";
Accept = true;
};
};
systemd.services."root-login@" =
{ description = "Root Login %i";
environment.TERM = "linux";
serviceConfig =
{ Type = "simple";
StandardInput = "socket";
ExecStart = "${pkgs.socat}/bin/socat -t0 - \"exec:${pkgs.shadow}/bin/login -f root,pty,setsid,setpgid,stderr,ctty\"";
TimeoutStopSec = 1; # FIXME
};
};
# Provide a daemon on /var/lib/run-command.socket that reads a
# command from stdin and executes it.
systemd.sockets.run-command =
{ description = "Run Command Socket";
wantedBy = [ "sockets.target" ];
socketConfig =
{ ListenStream = "/var/lib/run-command.socket";
SocketMode = "0600"; # only root can connect
Accept = true;
};
};
systemd.services."run-command@" =
{ description = "Run Command %i";
environment.TERM = "linux";
serviceConfig =
{ Type = "simple";
StandardInput = "socket";
TimeoutStopSec = 1; # FIXME
};
script =
''
#! ${pkgs.stdenv.shell} -e
source /etc/bashrc
read c
eval "command=($c)"
exec "''${command[@]}"
'';
};
systemd.services.container-startup-done =
{ description = "Container Startup Notification";
wantedBy = [ "multi-user.target" ];
after = [ "multi-user.target" ];
script =
''
if [ -p /var/lib/startup-done ]; then
echo done > /var/lib/startup-done
fi
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
};
};
}

214
nixos/modules/virtualisation/containers.nix
View File

@ -2,6 +2,29 @@
with pkgs.lib;
let
runInNetns = pkgs.stdenv.mkDerivation {
name = "run-in-netns";
unpackPhase = "true";
buildPhase = ''
mkdir -p $out/bin
gcc ${./run-in-netns.c} -o $out/bin/run-in-netns
'';
installPhase = "true";
};
nixos-container = pkgs.substituteAll {
name = "nixos-container";
dir = "bin";
isExecutable = true;
src = ./nixos-container.pl;
perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl";
inherit (pkgs) socat;
};
in
{
options = {
@ -14,19 +37,12 @@ with pkgs.lib;
'';
};
systemd.containers = mkOption {
containers = mkOption {
type = types.attrsOf (types.submodule (
{ config, options, name, ... }:
{
options = {
root = mkOption {
type = types.path;
description = ''
The root directory of the container.
'';
};
config = mkOption {
description = ''
A specification of the desired configuration of this
@ -45,21 +61,53 @@ with pkgs.lib;
'';
};
privateNetwork = mkOption {
type = types.bool;
default = false;
description = ''
Whether to give the container its own private virtual
Ethernet interface. The interface is called
<literal>eth0</literal>, and is hooked up to the interface
<literal>c-<replaceable>container-name</replaceable></literal>
on the host. If this option is not set, then the
container shares the network interfaces of the host,
and can bind to any port on any interface.
'';
};
hostAddress = mkOption {
type = types.nullOr types.string;
default = null;
example = "10.231.136.1";
description = ''
The IPv4 address assigned to the host interface.
'';
};
localAddress = mkOption {
type = types.nullOr types.string;
default = null;
example = "10.231.136.2";
description = ''
The IPv4 address assigned to <literal>eth0</literal>
in the container.
'';
};
};
config = mkMerge
[ { root = mkDefault "/var/lib/containers/${name}";
}
(mkIf options.config.isDefined {
[ (mkIf options.config.isDefined {
path = (import ../../lib/eval-config.nix {
modules =
let extraConfig =
{ boot.isContainer = true;
security.initialRootPassword = mkDefault "!";
networking.hostName = mkDefault name;
networking.useDHCP = false;
};
in [ extraConfig config.config ];
prefix = [ "systemd" "containers" name ];
prefix = [ "containers" name ];
}).config.system.build.toplevel;
})
];
@ -69,12 +117,10 @@ with pkgs.lib;
example = literalExample
''
{ webserver =
{ root = "/containers/webserver";
path = "/nix/var/nix/profiles/webserver";
{ path = "/nix/var/nix/profiles/webserver";
};
database =
{ root = "/containers/database";
config =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql92;
@ -94,29 +140,96 @@ with pkgs.lib;
};
config = {
config = mkIf (!config.boot.isContainer) {
systemd.services = mapAttrs' (name: container: nameValuePair "container-${name}"
{ description = "Container '${name}'";
systemd.services."container@" =
{ description = "Container '%i'";
wantedBy = [ "multi-user.target" ];
unitConfig.RequiresMountsFor = [ "/var/lib/containers/%i" ];
unitConfig.RequiresMountsFor = [ container.root ];
path = [ pkgs.iproute ];
environment.INSTANCE = "%i";
environment.root = "/var/lib/containers/%i";
preStart =
''
mkdir -p -m 0755 ${container.root}/etc
if ! [ -e ${container.root}/etc/os-release ]; then
touch ${container.root}/etc/os-release
mkdir -p -m 0755 $root/var/lib
# Create a named pipe to get a signal when the container
# has finished booting.
rm -f $root/var/lib/startup-done
mkfifo -m 0600 $root/var/lib/startup-done
'';
script =
''
mkdir -p -m 0755 "$root/etc" "$root/var/lib"
if ! [ -e "$root/etc/os-release" ]; then
touch "$root/etc/os-release"
fi
mkdir -p -m 0755 \
"/nix/var/nix/profiles/per-container/$INSTANCE" \
"/nix/var/nix/gcroots/per-container/$INSTANCE"
SYSTEM_PATH=/nix/var/nix/profiles/system
if [ -f "/etc/containers/$INSTANCE.conf" ]; then
. "/etc/containers/$INSTANCE.conf"
fi
# Cleanup from last time.
ifaceHost=c-$INSTANCE
ifaceCont=ctmp-$INSTANCE
ns=net-$INSTANCE
ip netns del $ns 2> /dev/null || true
ip link del $ifaceHost 2> /dev/null || true
ip link del $ifaceCont 2> /dev/null || true
if [ "$PRIVATE_NETWORK" = 1 ]; then
# Create a pair of virtual ethernet devices. On the host,
# we get c-<container-name, and on the guest, we get
# eth0.
ip link add $ifaceHost type veth peer name $ifaceCont
ip netns add $ns
ip link set $ifaceCont netns $ns
ip netns exec $ns ip link set $ifaceCont name eth0
ip netns exec $ns ip link set dev eth0 up
ip link set dev $ifaceHost up
if [ -n "$HOST_ADDRESS" ]; then
ip addr add $HOST_ADDRESS dev $ifaceHost
ip netns exec $ns ip route add $HOST_ADDRESS dev eth0
ip netns exec $ns ip route add default via $HOST_ADDRESS
fi
if [ -n "$LOCAL_ADDRESS" ]; then
ip netns exec $ns ip addr add $LOCAL_ADDRESS dev eth0
ip route add $LOCAL_ADDRESS dev $ifaceHost
fi
runInNetNs="${runInNetns}/bin/run-in-netns $ns"
extraFlags="--capability=CAP_NET_ADMIN"
fi
exec $runInNetNs ${config.systemd.package}/bin/systemd-nspawn \
-M "$INSTANCE" -D "/var/lib/containers/$INSTANCE" $extraFlags \
--bind-ro=/nix/store \
--bind-ro=/nix/var/nix/db \
--bind-ro=/nix/var/nix/daemon-socket \
--bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
--bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
"$SYSTEM_PATH/init"
'';
serviceConfig.ExecStart =
"${config.systemd.package}/bin/systemd-nspawn -M ${name} -D ${container.root} --bind-ro=/nix ${container.path}/init";
postStart =
''
# This blocks until the container-startup-done service
# writes something to this pipe. FIXME: it also hangs
# until the start timeout expires if systemd-nspawn exits.
read x < $root/var/lib/startup-done
'';
preStop =
''
pid="$(cat /sys/fs/cgroup/systemd/machine/${name}.nspawn/system/tasks 2> /dev/null)"
pid="$(cat /sys/fs/cgroup/systemd/machine/$INSTANCE.nspawn/system/tasks 2> /dev/null)"
if [ -n "$pid" ]; then
# Send the RTMIN+3 signal, which causes the container
# systemd to start halt.target.
@ -131,7 +244,52 @@ with pkgs.lib;
done
fi
'';
}) config.systemd.containers;
restartIfChanged = false;
#reloadIfChanged = true; # FIXME
serviceConfig.ExecReload = pkgs.writeScript "reload-container"
''
#! ${pkgs.stdenv.shell} -e
SYSTEM_PATH=/nix/var/nix/profiles/system
if [ -f "/etc/containers/$INSTANCE.conf" ]; then
. "/etc/containers/$INSTANCE.conf"
fi
echo $SYSTEM_PATH/bin/switch-to-configuration test | \
${pkgs.socat}/bin/socat unix:$root/var/lib/run-command.socket -
'';
serviceConfig.SyslogIdentifier = "container %i";
};
# Generate a configuration file in /etc/containers for each
# container so that container@.target can get the container
# configuration.
environment.etc = mapAttrs' (name: cfg: nameValuePair "containers/${name}.conf"
{ text =
''
SYSTEM_PATH=${cfg.path}
${optionalString cfg.privateNetwork ''
PRIVATE_NETWORK=1
${optionalString (cfg.hostAddress != null) ''
HOST_ADDRESS=${cfg.hostAddress}
''}
${optionalString (cfg.localAddress != null) ''
LOCAL_ADDRESS=${cfg.localAddress}
''}
''}
'';
}) config.containers;
# FIXME: auto-start containers.
# Generate /etc/hosts entries for the containers.
networking.extraHosts = concatStrings (mapAttrsToList (name: cfg: optionalString (cfg.localAddress != null)
''
${cfg.localAddress} ${name}.containers
'') config.containers);
environment.systemPackages = [ nixos-container ];
};
}

3
nixos/modules/virtualisation/libvirtd.nix
View File

@ -24,6 +24,7 @@ in
virtualisation.libvirtd.enable =
mkOption {
type = types.bool;
default = false;
description =
''
@ -36,6 +37,7 @@ in
virtualisation.libvirtd.enableKVM =
mkOption {
type = types.bool;
default = true;
description =
''
@ -45,6 +47,7 @@ in
virtualisation.libvirtd.extraConfig =
mkOption {
type = types.lines;
default = "";
description =
''

238
nixos/modules/virtualisation/nixos-container.pl Normal file
View File

@ -0,0 +1,238 @@
#! @perl@
use strict;
use POSIX;
use File::Path;
use File::Slurp;
use Fcntl ':flock';
use Getopt::Long qw(:config gnu_getopt);
my $socat = '@socat@/bin/socat';
# Parse the command line.
sub showHelp {
print <<EOF;
Usage: nixos-container list
nixos-container create <container-name> [--config <string>] [--ensure-unique-name]
nixos-container destroy <container-name>
nixos-container start <container-name>
nixos-container stop <container-name>
nixos-container login <container-name>
nixos-container root-login <container-name>
nixos-container run <container-name> -- args...
nixos-container set-root-password <container-name> <password>
nixos-container show-ip <container-name>
EOF
exit 0;
}
my $ensureUniqueName = 0;
my $extraConfig = "";
GetOptions(
"help" => sub { showHelp() },
"ensure-unique-name" => \$ensureUniqueName,
"config=s" => \$extraConfig
) or exit 1;
my $action = $ARGV[0] or die "$0: no action specified\n";
# Execute the selected action.
mkpath("/etc/containers", 0, 0755);
mkpath("/var/lib/containers", 0, 0700);
if ($action eq "list") {
foreach my $confFile (glob "/etc/containers/*.conf") {
$confFile =~ /\/([^\/]+).conf$/ or next;
print "$1\n";
}
exit 0;
}
my $containerName = $ARGV[1] or die "$0: no container name specified\n";
$containerName =~ /^[a-zA-Z0-9\-]+$/ or die "$0: invalid container name\n";
sub writeNixOSConfig {
my ($nixosConfigFile) = @_;
my $nixosConfig = <<EOF;
{ config, pkgs, ... }:
with pkgs.lib;
{ boot.isContainer = true;
security.initialRootPassword = mkDefault "!";
networking.hostName = mkDefault "$containerName";
networking.useDHCP = false;
$extraConfig
}
EOF
write_file($nixosConfigFile, $nixosConfig);
}
if ($action eq "create") {
# Acquire an exclusive lock to prevent races with other
# invocations of nixos-container create.
my $lockFN = "/run/lock/nixos-container";
open(my $lock, '>>', $lockFN) or die "$0: opening $lockFN: $!";
flock($lock, LOCK_EX) or die "$0: could not lock $lockFN: $!";
my $confFile = "/etc/containers/$containerName.conf";
my $root = "/var/lib/containers/$containerName";
# Maybe generate a unique name.
if ($ensureUniqueName) {
my $base = $containerName;
for (my $nr = 0; ; $nr++) {
$containerName = "$base-$nr";
$confFile = "/etc/containers/$containerName.conf";
$root = "/var/lib/containers/$containerName";
last unless -e $confFile || -e $root;
}
}
die "$0: container $containerName already exists\n" if -e $confFile;
# Get an unused IP address.
my %usedIPs;
foreach my $confFile2 (glob "/etc/containers/*.conf") {
my $s = read_file($confFile2) or die;
$usedIPs{$1} = 1 if $s =~ /^HOST_ADDRESS=([0-9\.]+)$/m;
$usedIPs{$1} = 1 if $s =~ /^LOCAL_ADDRESS=([0-9\.]+)$/m;
}
my ($ipPrefix, $hostAddress, $localAddress);
for (my $nr = 1; $nr < 255; $nr++) {
$ipPrefix = "10.233.$nr";
$hostAddress = "$ipPrefix.1";
$localAddress = "$ipPrefix.2";
last unless $usedIPs{$hostAddress} || $usedIPs{$localAddress};
$ipPrefix = undef;
}
die "$0: out of IP addresses\n" unless defined $ipPrefix;
my @conf;
push @conf, "PRIVATE_NETWORK=1\n";
push @conf, "HOST_ADDRESS=$hostAddress\n";
push @conf, "LOCAL_ADDRESS=$localAddress\n";
write_file($confFile, \@conf);
close($lock);
print STDERR "host IP is $hostAddress, container IP is $localAddress\n";
mkpath("$root/etc/nixos", 0, 0755);
my $nixosConfigFile = "$root/etc/nixos/configuration.nix";
writeNixOSConfig $nixosConfigFile;
# The per-container directory is restricted to prevent users on
# the host from messing with guest users who happen to have the
# same uid.
my $profileDir = "/nix/var/nix/profiles/per-container";
mkpath($profileDir, 0, 0700);
$profileDir = "$profileDir/$containerName";
mkpath($profileDir, 0, 0755);
system("nix-env", "-p", "$profileDir/system",
"-I", "nixos-config=$nixosConfigFile", "-f", "<nixpkgs/nixos>",
"--set", "-A", "system") == 0
or die "$0: failed to build initial container configuration\n";
print "$containerName\n" if $ensureUniqueName;
exit 0;
}
my $root = "/var/lib/containers/$containerName";
my $profileDir = "/nix/var/nix/profiles/per-container/$containerName";
my $confFile = "/etc/containers/$containerName.conf";
die "$0: container $containerName does not exist\n" if !-e $confFile;
sub isContainerRunning {
my $status = `systemctl show 'container\@$containerName'`;
return $status =~ /ActiveState=active/;
}
sub stopContainer {
system("systemctl", "stop", "container\@$containerName") == 0
or die "$0: failed to stop container\n";
}
if ($action eq "destroy") {
die "$0: cannot destroy declarative container (remove it from your configuration.nix instead)\n"
unless POSIX::access($confFile, &POSIX::W_OK);
stopContainer if isContainerRunning;
rmtree($profileDir) if -e $profileDir;
rmtree($root) if -e $root;
unlink($confFile) or die;
}
elsif ($action eq "start") {
system("systemctl", "start", "container\@$containerName") == 0
or die "$0: failed to start container\n";
}
elsif ($action eq "stop") {
stopContainer;
}
elsif ($action eq "update") {
my $nixosConfigFile = "$root/etc/nixos/configuration.nix";
# FIXME: may want to be more careful about clobbering the existing
# configuration.nix.
writeNixOSConfig $nixosConfigFile if defined $extraConfig;
system("nix-env", "-p", "$profileDir/system",
"-I", "nixos-config=$nixosConfigFile", "-f", "<nixpkgs/nixos>",
"--set", "-A", "system") == 0
or die "$0: failed to build container configuration\n";
if (isContainerRunning) {
print STDERR "reloading container...\n";
system("systemctl", "reload", "container\@$containerName") == 0
or die "$0: failed to reload container\n";
}
}
elsif ($action eq "login") {
exec($socat, "unix:$root/var/lib/login.socket", "-,echo=0,raw");
}
elsif ($action eq "root-login") {
exec($socat, "unix:$root/var/lib/root-login.socket", "-,echo=0,raw");
}
elsif ($action eq "run") {
shift @ARGV; shift @ARGV;
open(SOCAT, "|-", $socat, "unix:$root/var/lib/run-command.socket", "-");
print SOCAT join(' ', map { "'$_'" } @ARGV), "\n";
close(SOCAT);
}
elsif ($action eq "set-root-password") {
# FIXME: don't get password from the command line.
my $password = $ARGV[2] or die "$0: no password given\n";
open(SOCAT, "|-", $socat, "unix:$root/var/lib/run-command.socket", "-");
print SOCAT "passwd\n";
print SOCAT "$password\n";
print SOCAT "$password\n";
close(SOCAT);
}
elsif ($action eq "show-ip") {
my $s = read_file($confFile) or die;
$s =~ /^LOCAL_ADDRESS=([0-9\.]+)$/m or die "$0: cannot get IP address\n";
print "$1\n";
}
else {
die "$0: unknown action $action\n";
}

50
nixos/modules/virtualisation/run-in-netns.c Normal file
View File

@ -0,0 +1,50 @@
#define _GNU_SOURCE
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <sched.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mount.h>
#include <fcntl.h>
#include <linux/limits.h>
int main(int argc, char * * argv)
{
if (argc < 3) {
fprintf(stderr, "%s: missing arguments\n", argv[0]);
return 1;
}
char nsPath[PATH_MAX];
sprintf(nsPath, "/run/netns/%s", argv[1]);
int fd = open(nsPath, O_RDONLY);
if (fd == -1) {
fprintf(stderr, "%s: opening network namespace: %s\n", argv[0], strerror(errno));
return 1;
}
if (setns(fd, CLONE_NEWNET) == -1) {
fprintf(stderr, "%s: setting network namespace: %s\n", argv[0], strerror(errno));
return 1;
}
umount2(nsPath, MNT_DETACH);
if (unlink(nsPath) == -1) {
fprintf(stderr, "%s: unlinking network namespace: %s\n", argv[0], strerror(errno));
return 1;
}
/* FIXME: Remount /sys so that /sys/class/net reflects the
interfaces visible in the network namespace. This requires
bind-mounting /sys/fs/cgroups etc. */
execv(argv[2], argv + 2);
fprintf(stderr, "%s: running command: %s\n", argv[0], strerror(errno));
return 1;
}

2
nixos/release-combined.nix
View File

@ -60,8 +60,8 @@ in rec {
(all nixos.tests.openssh)
(all nixos.tests.printing)
(all nixos.tests.proxy)
(all nixos.tests.udisks)
(all nixos.tests.xfce)
(all nixos.tests.gnome3)
nixpkgs.tarball
(all nixpkgs.emacs)

8
nixos/tests/bittorrent.nix
View File

@ -33,6 +33,8 @@ in
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
services.httpd.documentRoot = "/tmp";
networking.firewall.enable = false; # FIXME: figure out what ports we actually need
};
router =
@ -50,11 +52,13 @@ in
virtualisation.vlans = [ 2 ];
networking.defaultGateway =
nodes.router.config.networking.interfaces.eth2.ipAddress;
networking.firewall.enable = false;
};
client2 =
{ config, pkgs, ... }:
{ environment.systemPackages = [ pkgs.transmission ];
networking.firewall.enable = false;
};
};
@ -66,8 +70,8 @@ in
# Enable NAT on the router and start miniupnpd.
$router->waitForUnit("nat");
$router->succeed(
"iptables -t nat -N MINIUPNPD",
"iptables -t nat -A PREROUTING -i eth1 -j MINIUPNPD",
"iptables -w -t nat -N MINIUPNPD",
"iptables -w -t nat -A PREROUTING -i eth1 -j MINIUPNPD",
"echo 1 > /proc/sys/net/ipv4/ip_forward",
"miniupnpd -f ${miniupnpdConf nodes}"
);

81
nixos/tests/containers.nix Normal file
View File

@ -0,0 +1,81 @@
# Test for NixOS' container support.
{ pkgs, ... }:
{
machine =
{ config, pkgs, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;
virtualisation.memorySize = 768;
containers.webserver =
{ privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.2";
config =
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowPing = true;
};
};
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
};
testScript =
''
$machine->succeed("nixos-container list") =~ /webserver/;
# Start the webserver container.
$machine->succeed("nixos-container start webserver");
# Since "start" returns after the container has reached
# multi-user.target, we should now be able to access it.
my $ip = $machine->succeed("nixos-container show-ip webserver");
chomp $ip;
$machine->succeed("ping -c1 $ip");
$machine->succeed("curl --fail http://$ip/ > /dev/null");
# Stop the container.
$machine->succeed("nixos-container stop webserver");
$machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
# Make sure we have a NixOS tree (required by nixos-container create).
$machine->succeed("nix-env -qa -A nixos.pkgs.hello >&2");
# Create some containers imperatively.
my $id1 = $machine->succeed("nixos-container create foo --ensure-unique-name");
chomp $id1;
$machine->log("created container $id1");
my $id2 = $machine->succeed("nixos-container create foo --ensure-unique-name");
chomp $id2;
$machine->log("created container $id2");
die if $id1 eq $id2;
my $ip1 = $machine->succeed("nixos-container show-ip $id1");
chomp $ip1;
my $ip2 = $machine->succeed("nixos-container show-ip $id2");
chomp $ip2;
die if $ip1 eq $ip2;
# Start one of them.
$machine->succeed("nixos-container start $id1");
# Execute commands via the root shell.
$machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/;
$machine->succeed("nixos-container set-root-password $id1 foobar");
# Destroy the containers.
$machine->succeed("nixos-container destroy $id1");
$machine->succeed("nixos-container destroy $id2");
# Destroying a declarative container should fail.
$machine->fail("nixos-container destroy webserver");
'';
}

3
nixos/tests/default.nix
View File

@ -8,6 +8,7 @@ with import ../lib/testing.nix { inherit system minimal; };
{
avahi = makeTest (import ./avahi.nix);
bittorrent = makeTest (import ./bittorrent.nix);
containers = makeTest (import ./containers.nix);
firefox = makeTest (import ./firefox.nix);
firewall = makeTest (import ./firewall.nix);
installer = makeTests (import ./installer.nix);
@ -25,6 +26,7 @@ with import ../lib/testing.nix { inherit system minimal; };
mysql = makeTest (import ./mysql.nix);
mysql_replication = makeTest (import ./mysql-replication.nix);
munin = makeTest (import ./munin.nix);
mumble = makeTest (import ./mumble.nix);
nat = makeTest (import ./nat.nix);
nfs3 = makeTest (import ./nfs.nix { version = 3; });
#nfs4 = makeTest (import ./nfs.nix { version = 4; });
@ -37,6 +39,7 @@ with import ../lib/testing.nix { inherit system minimal; };
simple = makeTest (import ./simple.nix);
#subversion = makeTest (import ./subversion.nix);
tomcat = makeTest (import ./tomcat.nix);
udisks = makeTest (import ./udisks.nix);
#trac = makeTest (import ./trac.nix);
xfce = makeTest (import ./xfce.nix);
runInMachine.test = import ./run-in-machine.nix { inherit system; };

3
nixos/tests/firewall.nix
View File

@ -17,6 +17,7 @@
{ config, pkgs, ... }:
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.enable = false;
};
};
@ -33,7 +34,7 @@
$walled->succeed("curl -v http://localhost/ >&2");
# Connections to the firewalled machine should fail.
$attacker->fail("curl -v http://walled/ >&2");
$attacker->fail("curl --fail --connect-timeout 2 http://walled/ >&2");
$attacker->fail("ping -c 1 walled >&2");
# Outgoing connections/pings should still work.

2
nixos/tests/installer.nix
View File

@ -79,6 +79,8 @@ let
virtualisation.writableStore = true;
virtualisation.pathsInNixDB = channelContents ++ [ pkgs.hello.src ];
virtualisation.memorySize = 768;
networking.firewall.allowedTCPPorts = [ 80 ];
};
channelContents = [ pkgs.rlwrap ];

1
nixos/tests/ipv6.nix
View File

@ -12,6 +12,7 @@
{ config, pkgs, ... }:
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
};
router =

14
nixos/tests/jenkins.nix
View File

@ -3,21 +3,27 @@
# 2. jenkins user can be extended on both master and slave
# 3. jenkins service not started on slave node
{ pkgs, ... }:
{
nodes = {
master = { pkgs, config, ... }: {
services.jenkins.enable = true;
master =
{ config, pkgs, ... }:
{ services.jenkins.enable = true;
# should have no effect
services.jenkinsSlave.enable = true;
users.extraUsers.jenkins.extraGroups = [ "users" ];
};
slave = { pkgs, config, ... }: {
services.jenkinsSlave.enable = true;
slave =
{ config, pkgs, ... }:
{ services.jenkinsSlave.enable = true;
users.extraUsers.jenkins.extraGroups = [ "users" ];
};
};
testScript = ''

55
nixos/tests/mumble.nix Normal file
View File

@ -0,0 +1,55 @@
{ pkgs, ... }:
let
client = { config, pkgs, ... }: {
imports = [ ./common/x11.nix ];
environment.systemPackages = [ pkgs.mumble ];
};
in
{
nodes = {
server = { config, pkgs, ... }: {
services.murmur.enable = true;
services.murmur.registerName = "NixOS tests";
networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
};
client1 = client;
client2 = client;
};
testScript = ''
startAll;
$server->waitForUnit("murmur.service");
$client1->waitForX;
$client2->waitForX;
$client1->execute("mumble mumble://client1\@server/test &");
$client2->execute("mumble mumble://client2\@server/test &");
$server->sleep(10); # Wait for Mumble UI to pop up
# cancel client audio configuration
$client1->sendKeys("esc");
$client2->sendKeys("esc");
$server->sleep(1);
# cancel client cert configuration
$client1->sendKeys("esc");
$client2->sendKeys("esc");
$server->sleep(1);
# accept server certificate
$client1->sendChars("y");
$client2->sendChars("y");
# Find clients in logs
$server->waitUntilSucceeds("grep -q 'client1' /var/log/murmur/murmurd.log");
$server->waitUntilSucceeds("grep -q 'client2' /var/log/murmur/murmurd.log");
$server->sleep(5); # wait to get screenshot
$client1->screenshot("screen1");
$client2->screenshot("screen2");
'';
}

9
nixos/tests/mysql-replication.nix
View File

@ -15,10 +15,11 @@ in
services.mysql.replication.role = "master";
services.mysql.initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ];
services.mysql.initialScript = pkgs.writeText "initmysql"
''
create user '${replicateUser}'@'%' identified by '${replicatePassword}';
grant replication slave on *.* to '${replicateUser}'@'%';
'';
''
create user '${replicateUser}'@'%' identified by '${replicatePassword}';
grant replication slave on *.* to '${replicateUser}'@'%';
'';
networking.firewall.allowedTCPPorts = [ 3306 ];
};
slave1 =

3
nixos/tests/nat.nix
View File

@ -12,6 +12,7 @@
{ client =
{ config, pkgs, nodes, ... }:
{ virtualisation.vlans = [ 1 ];
networking.firewall.allowPing = true;
networking.defaultGateway =
nodes.router.config.networking.interfaces.eth2.ipAddress;
};
@ -19,6 +20,7 @@
router =
{ config, pkgs, ... }:
{ virtualisation.vlans = [ 2 1 ];
networking.firewall.allowPing = true;
networking.nat.enable = true;
networking.nat.internalIPs = [ "192.168.1.0/24" ];
networking.nat.externalInterface = "eth1";
@ -27,6 +29,7 @@
server =
{ config, pkgs, ... }:
{ virtualisation.vlans = [ 2 ];
networking.firewall.enable = false;
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
services.vsftpd.enable = true;

2
nixos/tests/nfs.nix
View File

@ -13,6 +13,7 @@ let
options = "vers=${toString version}";
}
];
networking.firewall.enable = false; # FIXME: only open statd
};
in
@ -31,6 +32,7 @@ in
/data 192.168.1.0/255.255.255.0(rw,no_root_squash,no_subtree_check,fsid=0)
'';
services.nfs.server.createMountPoints = true;
networking.firewall.enable = false; # FIXME: figure out what ports need to be allowed
};
};

3
nixos/tests/printing.nix
View File

@ -17,6 +17,7 @@
Allow from all
</Location>
'';
networking.firewall.allowedTCPPorts = [ 631 ];
};
client =
@ -37,7 +38,7 @@
$client->succeed("lpstat -H") =~ "/var/run/cups/cups.sock" or die;
$client->succeed("curl --fail http://localhost:631/");
$client->succeed("curl --fail http://server:631/");
$server->fail("curl --fail http://client:631/");
$server->fail("curl --fail --connect-timeout 2 http://client:631/");
# Add a HP Deskjet printer connected via USB to the server.
$server->succeed("lpadmin -p DeskjetLocal -v usb://HP/Deskjet%205400%20series?serial=TH93I152S123XY -m 'drv:///sample.drv/deskjet.ppd' -E");

11
nixos/tests/proxy.nix
View File

@ -5,12 +5,10 @@ let
backend =
{ config, pkgs, ... }:
{
services.openssh.enable = true;
services.httpd.enable = true;
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
services.httpd.documentRoot = "${pkgs.valgrind}/share/doc/valgrind/html";
networking.firewall.allowedTCPPorts = [ 80 ];
};
in
@ -21,8 +19,7 @@ in
{ proxy =
{ config, pkgs, nodes, ... }:
{
services.httpd.enable = true;
{ services.httpd.enable = true;
services.httpd.adminAddr = "bar@example.org";
services.httpd.extraModules = ["proxy_balancer"];
@ -50,6 +47,8 @@ in
# For testing; don't want to wait forever for dead backend servers.
ProxyTimeout 5
'';
networking.firewall.allowedTCPPorts = [ 80 ];
};
backend1 = backend;

1
nixos/tests/quake3.nix
View File

@ -37,6 +37,7 @@ rec {
"'+map q3dm7' '+addbot grunt' '+addbot daemia' 2> /tmp/log";
};
nixpkgs.config.packageOverrides = overrides;
networking.firewall.allowedUDPPorts = [ 27960 ];
};
client1 = client;

9
nixos/tests/tomcat.nix
View File

@ -5,13 +5,12 @@
server =
{ pkgs, config, ... }:
{
services.tomcat.enable = true;
{ services.tomcat.enable = true;
services.httpd.enable = true;
services.httpd.adminAddr = "foo@bar.com";
services.httpd.extraSubservices = [
{ serviceType = "tomcat-connector"; }
];
services.httpd.extraSubservices =
[ { serviceType = "tomcat-connector"; } ];
networking.firewall.allowedTCPPorts = [ 80 ];
};
client = { };

56
nixos/tests/udisks.nix Normal file
View File

@ -0,0 +1,56 @@
{ pkgs, ... }:
let
stick = pkgs.fetchurl {
url = http://nixos.org/~eelco/nix/udisks-test.img.xz;
sha256 = "0was1xgjkjad91nipzclaz5biv3m4b2nk029ga6nk7iklwi19l8b";
};
in
{
machine =
{ config, pkgs, ... }:
{ services.udisks.enable = true;
imports = [ ./common/user-account.nix ];
security.polkit.extraConfig =
''
polkit.addRule(function(action, subject) {
if (subject.user == "alice") return "yes";
});
'';
};
testScript =
''
my $stick = $machine->stateDir . "/usbstick.img";
system("xz -d < ${stick} > $stick") == 0 or die;
$machine->succeed("udisks --enumerate | grep /org/freedesktop/UDisks/devices/vda");
$machine->fail("udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1");
# Attach a USB stick and wait for it to show up.
$machine->sendMonitorCommand("usb_add disk:$stick");
$machine->waitUntilSucceeds("udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1");
$machine->succeed("udisks --show-info /dev/sda1 | grep 'label:.*USBSTICK'");
# Mount the stick as a non-root user and do some stuff with it.
$machine->succeed("su - alice -c 'udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1'");
$machine->succeed("su - alice -c 'udisks --mount /dev/sda1'");
$machine->succeed("su - alice -c 'cat /media/USBSTICK/test.txt'") =~ /Hello World/;
$machine->succeed("su - alice -c 'echo foo > /media/USBSTICK/bar.txt'");
# Unmounting the stick should make the mountpoint disappear.
$machine->succeed("su - alice -c 'udisks --unmount /dev/sda1'");
$machine->fail("[ -d /media/USBSTICK ]");
# Remove the USB stick.
$machine->sendMonitorCommand("usb_del 0.3"); # FIXME
$machine->waitUntilFails("udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1");
$machine->fail("[ -e /dev/sda ]");
'';
}

4
pkgs/applications/editors/emacs-modes/flymake-cursor/default.nix
View File

@ -5,7 +5,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "http://www.emacswiki.org/emacs/download/flymake-cursor.el";
sha256 = "1qqppd1786w8pl1avjb01n23lwihb7m0hr23abjklsxz03gmp4qz";
sha256 = "10cpzrd588ya52blghxss5zkn6x8hc7bx1h0qbcdlybbmkjgpkxr";
};
phases = [ "buildPhase" "installPhase"];
@ -26,7 +26,5 @@ stdenv.mkDerivation rec {
description = "Displays flymake error msg in minibuffer after delay";
homepage = http://www.emacswiki.org/emacs/flymake-cursor.el;
license = stdenv.lib.licenses.publicDomain;
platforms = stdenv.lib.platforms.all;
};
}

6
pkgs/applications/editors/emacs-modes/idris/default.nix
View File

@ -1,12 +1,12 @@
{ stdenv, fetchgit, emacs }:
stdenv.mkDerivation rec {
name = "idris-mode-20140223";
name = "idris-mode-20140405";
src = fetchgit {
url = https://github.com/idris-hackers/idris-mode.git;
rev = "486470533e74c55192e92a1afa050475915ee1e7";
sha256 = "ff2e6bd8fbf421e8f2db0789d2ff56c5103775b911b99bab64e4652d332bad43";
rev = "2e2d18fb757da4b42940ebe2a57d7a117175489f";
sha256 = "d4b52c6c43c038c94a7464cd9c849cd40c01696c440da8b057c00a9be22f9ac0";
};
buildInputs = [ emacs ];

10
pkgs/applications/graphics/shotwell/default.nix
View File

@ -33,11 +33,17 @@ in stdenv.mkDerivation rec {
preConfigure = ''
patchShebangs .
'';
postInstall = ''
mkdir -p $out/share/gsettings-schemas/$name
mv $out/share/glib-2.0 $out/share/gsettings-schemas/$name/
'';
preFixup = ''
wrapProgram "$out/bin/shotwell" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome3.gsettings_desktop_schemas}/share:${gtk3}/share:$out/share"
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gtk3}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
rm $out/share/icons/hicolor/icon-theme.cache
'';

4
pkgs/applications/misc/calibre/default.nix
View File

@ -4,11 +4,11 @@
}:
stdenv.mkDerivation rec {
name = "calibre-1.25.0";
name = "calibre-1.31.0";
src = fetchurl {
url = "mirror://sourceforge/calibre/${name}.tar.xz";
sha256 = "1y221r5vgq426ldqjrx3qvgf3j3v2wncwzra747psvhwf95zd5fd";
sha256 = "1fl42y8ppw8s51v66dqsrg1ib28yi6z5779r9wfvdbl9v1clilfc";
};
inherit python;

4
pkgs/applications/misc/ikiwiki/default.nix
View File

@ -23,7 +23,7 @@ assert mercurialSupport -> (mercurial != null);
let
name = "ikiwiki";
version = "3.20140125";
version = "3.20140227";
lib = stdenv.lib;
in
@ -32,7 +32,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "http://ftp.de.debian.org/debian/pool/main/i/ikiwiki/${name}_${version}.tar.gz";
sha256 = "06r95xhm8pnvswgmkf3j7h4n6b1nmk0v0znmnzblkdx7xh12m0hd";
sha256 = "1bbpqs4c1la1yqcxcxj3xip3wadjnjq0wawv19j6d6baymm66cr3";
};
buildInputs = [ perl TextMarkdown URI HTMLParser HTMLScrubber HTMLTemplate

7
pkgs/applications/misc/surf/default.nix
View File

@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
sha256 = "01b8hq8z2wd7ssym5bypx2b15mrs1lhgkrcgxf700kswxvxcrhgx";
};
buildInputs = [ gtk makeWrapper webkit pkgconfig glib libsoup ];
buildInputs = [ gtk makeWrapper webkit gsettings_desktop_schemas pkgconfig glib libsoup ];
# Allow users set their own list of patches
inherit patches;
@ -21,9 +21,12 @@ stdenv.mkDerivation rec {
preConfigure = [ ''sed -i "s@PREFIX = /usr/local@PREFIX = $out@g" config.mk'' ];
installPhase = ''
make PREFIX=/ DESTDIR=$out install
'';
preFixup = ''
wrapProgram "$out/bin/surf" \
--prefix GIO_EXTRA_MODULES : ${glib_networking}/lib/gio/modules \
--prefix XDG_DATA_DIRS : "${gsettings_desktop_schemas}/share"
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
'';
meta = {

51
pkgs/applications/misc/synergy/cryptopp.patch
View File

@ -1,32 +1,30 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3b61fc0..2206646 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -133,6 +133,9 @@ if (UNIX)
diff -urN synergy-1.4.17-Source/CMakeLists.txt synergy-1.4.17-Source-fix/CMakeLists.txt
--- synergy-1.4.17-Source/CMakeLists.txt 2014-03-14 21:34:19.000000000 +0100
+++ synergy-1.4.17-Source-fix/CMakeLists.txt 2014-04-11 13:37:18.839338710 +0200
@@ -145,6 +145,9 @@
check_type_size(long SIZEOF_LONG)
check_type_size(short SIZEOF_SHORT)
+ # let's just assume cryptopp exists (provided by the Nix expression)
+ list(APPEND libs cryptopp)
+ # let's just assume cryptopp exists (provided by the Nix expression)
+ list(APPEND libs cryptopp)
+
# pthread is used on both Linux and Mac
check_library_exists("pthread" pthread_create "" HAVE_PTHREAD)
if (HAVE_PTHREAD)
@@ -303,7 +306,6 @@ if (VNC_SUPPORT)
@@ -317,7 +320,6 @@
endif()
add_subdirectory(src)
-add_subdirectory(tools)
-add_subdirectory(ext)
if (WIN32)
# add /analyze in order to unconver potential bugs in the source code
diff --git a/src/lib/io/CCryptoMode.h b/src/lib/io/CCryptoMode.h
index 9b7e8ad..0d659ac 100644
--- a/src/lib/io/CCryptoMode.h
+++ b/src/lib/io/CCryptoMode.h
@@ -17,9 +17,9 @@
#pragma once
# TODO: consider using /analyze to uncover potential bugs in the source code.
diff -urN synergy-1.4.17-Source/src/lib/io/CryptoMode_cryptopp.h synergy-1.4.17-Source-fix/src/lib/io/CryptoMode_cryptopp.h
--- synergy-1.4.17-Source/src/lib/io/CryptoMode_cryptopp.h 2014-02-28 13:36:45.000000000 +0100
+++ synergy-1.4.17-Source-fix/src/lib/io/CryptoMode_cryptopp.h 2014-04-11 13:36:01.111985556 +0200
@@ -25,6 +25,6 @@
# pragma GCC system_header
#endif
-#include <cryptopp562/gcm.h>
-#include <cryptopp562/modes.h>
@ -34,21 +32,14 @@ index 9b7e8ad..0d659ac 100644
+#include <cryptopp/gcm.h>
+#include <cryptopp/modes.h>
+#include <cryptopp/aes.h>
#include "ECryptoMode.h"
#include "CString.h"
diff -urN synergy-1.4.17-Source/src/lib/io/CryptoStream_cryptopp.h synergy-1.4.17-Source-fix/src/lib/io/CryptoStream_cryptopp.h
--- synergy-1.4.17-Source/src/lib/io/CryptoStream_cryptopp.h 2014-02-28 13:36:45.000000000 +0100
+++ synergy-1.4.17-Source-fix/src/lib/io/CryptoStream_cryptopp.h 2014-04-11 13:36:07.173013005 +0200
@@ -25,5 +25,5 @@
# pragma GCC system_header
#endif
diff --git a/src/lib/io/CCryptoStream.h b/src/lib/io/CCryptoStream.h
index 104b1f6..09c4dc4 100644
--- a/src/lib/io/CCryptoStream.h
+++ b/src/lib/io/CCryptoStream.h
@@ -20,8 +20,8 @@
#include "BasicTypes.h"
#include "CStreamFilter.h"
#include "CCryptoMode.h"
-#include <cryptopp562/osrng.h>
-#include <cryptopp562/sha.h>
+#include <cryptopp/osrng.h>
+#include <cryptopp/sha.h>
class CCryptoOptions;

20
pkgs/applications/misc/synergy/default.nix
View File

@ -1,29 +1,31 @@
{ stdenv, fetchurl, cmake, x11, libX11, libXi, libXtst, libXrandr, xinput
, cryptopp ? null, unzip ? null }:
{ stdenv, fetchurl, cmake, x11, libX11, libXi, libXtst, libXrandr, xinput, curl
, cryptopp ? null, unzip }:
assert stdenv.isLinux -> cryptopp != null;
assert !stdenv.isLinux -> unzip != null;
with stdenv.lib;
stdenv.mkDerivation rec {
name = "synergy-1.4.15";
name = "synergy-1.4.17";
src = fetchurl {
url = "http://synergy.googlecode.com/files/${name}-Source.tar.gz";
sha256 = "0l1mxxky9hacyva0npzkgkwg4wkmihzq3abdrds0w5f6is44adv4";
url = "http://fossfiles.com/synergy/${name}-r2055-Source.tar.gz";
sha256 = "1mwaapvq9vsm0rdpq99fyzcw6wbp83rg6cylcqcgjjd21c6y9iwm";
};
patches = optional stdenv.isLinux ./cryptopp.patch;
postPatch = if stdenv.isLinux then ''
postPatch = (if stdenv.isLinux then ''
sed -i -e '/HAVE_X11_EXTENSIONS_XRANDR_H/c \
set(HAVE_X11_EXTENSIONS_XRANDR_H true)' CMakeLists.txt
'' else ''
${unzip}/bin/unzip -d tools/cryptopp562 tools/cryptopp562.zip
${unzip}/bin/unzip -d ext/cryptopp562 ext/cryptopp562.zip
'') + ''
${unzip}/bin/unzip -d ext/gmock-1.6.0 ext/gmock-1.6.0.zip
${unzip}/bin/unzip -d ext/gtest-1.6.0 ext/gtest-1.6.0.zip
'';
buildInputs = [ cmake x11 libX11 libXi libXtst libXrandr xinput ]
buildInputs = [ cmake x11 libX11 libXi libXtst libXrandr xinput curl ]
++ optional stdenv.isLinux cryptopp;
# At this moment make install doesn't work for synergy

6
pkgs/applications/networking/browsers/chromium/sources.nix
View File

@ -11,8 +11,8 @@
sha256 = "1na5d6z4a0wkabn7cj62vyiv3mmvcb6qdvrkyy6fj79h7gk2hb7k";
};
stable = {
version = "33.0.1750.152";
url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-33.0.1750.152.tar.xz";
sha256 = "0byc23vwn9alsva0jqvwvgnbx2bm7x48m3jln02y4fpf1f265m4z";
version = "34.0.1847.116";
url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-34.0.1847.116.tar.xz";
sha256 = "04cpfav5rqa117igvzmrw0045r2ljxg5fqb46qgqvkgff30pjrfx";
};
}

6
pkgs/applications/networking/browsers/dwb/default.nix
View File

@ -10,17 +10,17 @@ stdenv.mkDerivation {
sha256 = "145sq2wv0s0n32cwpwgy59ff6ppcv80ialak7nnj1rpqicfqb72h";
};
buildInputs = [ pkgconfig makeWrapper libsoup webkit gtk3 gnutls json_c m4 ];
buildInputs = [ pkgconfig makeWrapper gsettings_desktop_schemas libsoup webkit gtk3 gnutls json_c m4 ];
# There are Xlib and gtk warnings therefore I have set Wno-error
preBuild=''
makeFlagsArray=(CPPFLAGS="-Wno-error" GTK=3 PREFIX=$out);
'';
postInstall=''
preFixup=''
wrapProgram "$out/bin/dwb" \
--prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" \
--prefix XDG_DATA_DIRS : "${gsettings_desktop_schemas}/share:$out/share"
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH:$out/share"
wrapProgram "$out/bin/dwbem" \
--prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules"
'';

6
pkgs/applications/networking/browsers/mozilla-plugins/flashplayer-11/default.nix
View File

@ -36,7 +36,7 @@
let
# -> http://get.adobe.com/flashplayer/
version = "11.2.202.346";
version = "11.2.202.350";
src =
if stdenv.system == "x86_64-linux" then
@ -47,7 +47,7 @@ let
else rec {
inherit version;
url = "http://fpdownload.macromedia.com/get/flashplayer/pdc/${version}/install_flash_player_11_linux.x86_64.tar.gz";
sha256 = "19jgiw5f0ksxqgi6jkla4qq7gx9gnn9jmpjgqanb7mhl5fdl0v55";
sha256 = "0f5y05c0acvdzd7a7qi93kd17byazf9swm6gml5rph5bc25aw77l";
}
else if stdenv.system == "i686-linux" then
if debug then {
@ -58,7 +58,7 @@ let
} else rec {
inherit version;
url = "http://fpdownload.macromedia.com/get/flashplayer/pdc/${version}/install_flash_player_11_linux.i386.tar.gz";
sha256 = "01f4zady0r0n5rfqq2285svc13wiypmfrm8fnirmr5lpwl5d89ra";
sha256 = "0nsrj56xbpn8r4365zby8qbc38cl2anb5ky0h7jwyh7xyrs9xmml";
}
else throw "Flash Player is not supported on this platform";

6
pkgs/applications/networking/browsers/vimb/default.nix
View File

@ -16,14 +16,14 @@ stdenv.mkDerivation rec {
sed -i s,/etc/ssl/certs/ca-certificates.crt,/etc/ssl/certs/ca-bundle.crt, src/default.h
'';
buildInputs = [ makeWrapper gtk libsoup pkgconfig webkit ];
buildInputs = [ makeWrapper gtk libsoup pkgconfig webkit gsettings_desktop_schemas ];
makeFlags = [ "PREFIX=$(out)" ];
postInstall = ''
preFixup = ''
wrapProgram "$out/bin/vimb" \
--prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" \
--prefix XDG_DATA_DIRS : "${gsettings_desktop_schemas}/share"
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
'';
meta = {

7
pkgs/applications/networking/browsers/vimprobable2/default.nix
View File

@ -14,13 +14,16 @@ stdenv.mkDerivation rec {
sed -i s,/etc/ssl/certs/ca-certificates.crt,/etc/ssl/certs/ca-bundle.crt, config.h
'';
buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit ];
buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit gsettings_desktop_schemas ];
installPhase = ''
make PREFIX=/ DESTDIR=$out install
'';
preFixup = ''
wrapProgram "$out/bin/vimprobable2" \
--prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" \
--prefix XDG_DATA_DIRS : "${gsettings_desktop_schemas}/share"
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
'';
meta = {

2
pkgs/applications/networking/instant-messengers/telepathy/logger/default.nix
View File

@ -19,8 +19,6 @@ stdenv.mkDerivation rec {
configureFlags = "--enable-call";
installFlags = "gsettingsschemadir=\${out}/share/telepathy/logger/glib-2.0/schemas/";
meta = {
description = "Logger service for Telepathy framework";
homepage = http://telepathy.freedesktop.org/wiki/Logger ;

9
pkgs/applications/networking/instant-messengers/telepathy/mission-control/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, pkgconfig, telepathy_glib, libxslt }:
{ stdenv, fetchurl, pkgconfig, telepathy_glib, libxslt, makeWrapper }:
stdenv.mkDerivation rec {
name = "${pname}-5.16.0";
@ -9,7 +9,12 @@ stdenv.mkDerivation rec {
sha256 = "1l61w6j04mbrjsbcfrlc0safh9nlsjnj0z6lszal64r9bhkcghzd";
};
buildInputs = [ telepathy_glib ];
buildInputs = [ telepathy_glib makeWrapper ];
nativeBuildInputs = [ pkgconfig libxslt ];
preFixup = ''
wrapProgram "$out/libexec/mission-control-5" \
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
'';
}

5
pkgs/applications/networking/newsreaders/liferea/default.nix
View File

@ -28,16 +28,15 @@ stdenv.mkDerivation rec {
];
preFixup = ''
rm $out/share/icons/hicolor/icon-theme.cache'';
rm $out/share/icons/hicolor/icon-theme.cache
postInstall = ''
for f in "$out"/bin/*; do
wrapProgram "$f" \
--prefix PYTHONPATH : "$(toPythonPath $out):$(toPythonPath ${pygobject3})" \
--prefix LD_LIBRARY_PATH : "${gnome3.libgnome_keyring}/lib" \
--prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \
--prefix GIO_EXTRA_MODULES : "${gnome3.dconf}/lib/gio/modules:${glib_networking}/lib/gio/modules" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome3.gnome_icon_theme}/share:${gnome3.gsettings_desktop_schemas}/share:${gnome3.gtk}/share:$out/share"
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome3.gnome_icon_theme}/share:${gnome3.gtk}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
done
'';

2
pkgs/applications/networking/p2p/ncdc/default.nix
View File

@ -15,5 +15,7 @@ stdenv.mkDerivation rec {
description = "modern and lightweight direct connect client with a friendly ncurses interface";
homepage = http://dev.yorhel.nl/ncdc;
license = stdenv.lib.licenses.mit;
platforms = stdenv.lib.platforms.linux; # arbitrary
maintainers = [ stdenv.lib.maintainers.emery ];
};
}

9
pkgs/applications/networking/remote/teamviewer/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, libX11, libXtst, libXext, libXdamage, libXfixes, wine, makeWrapper
, bash }:
, bash, findutils, coreutils }:
assert stdenv.system == "i686-linux";
let
@ -31,6 +31,13 @@ stdenv.mkDerivation {
cat > $out/bin/teamviewer << EOF
#!${bash}/bin/sh
# Teamviewer puts symlinks to nix store paths in ~/.teamviewer. When those
# paths become garbage collected, teamviewer crashes upon start because of
# those broken symlinks. An easy workaround to this behaviour is simply to
# delete all symlinks before we start teamviewer. Teamviewer will fixup the
# symlinks, just like it did the first time the user ran it.
${findutils}/bin/find "\$HOME"/.teamviewer/*/*/"Program Files/TeamViewer/" -type l -print0 | ${findutils}/bin/xargs -0 ${coreutils}/bin/rm
export LD_LIBRARY_PATH=${toldpath}\''${LD_LIBRARY_PATH:+:\$LD_LIBRARY_PATH}
export PATH=${topath}\''${PATH:+:\$PATH}
$out/share/teamviewer/wrapper wine "c:\Program Files\TeamViewer\Version7\TeamViewer.exe" "\$@"

4
pkgs/applications/networking/sniffers/wireshark/default.nix
View File

@ -17,6 +17,10 @@ stdenv.mkDerivation {
geoip libnl c-ares gtk python
];
preConfigure = ''
sed -re 's/g_memmove/memmove/' -i $(grep -rl g_memmove .)
'';
configureFlags = "--disable-usr-local --disable-silent-rules --with-gtk2 --without-gtk3 --without-qt --with-ssl";
desktopItem = makeDesktopItem {

47
pkgs/applications/science/logic/boolector/default.nix Normal file
View File

@ -0,0 +1,47 @@
{ stdenv, fetchurl, zlib, useV16 ? false }:
let
v15 = rec {
name = "boolector-${version}";
version = "1.5.118";
src = fetchurl {
url = "http://fmv.jku.at/boolector/${name}-with-sat-solvers.tar.gz";
sha256 = "17j7q02rryvfwgvglxnhx0kv8hxwy8wbhzawn48lw05i98vxlmk9";
};
};
v16 = rec {
name = "boolector-${version}";
version = "1.6.0";
src = fetchurl {
url = "http://fmv.jku.at/boolector/${name}-with-sat-solvers.tar.gz";
sha256 = "0jka4r6bc3i24axgdp6qbq6gjadwz9kvi11s2c5sbwmdnjd7cp85";
};
};
boolectorPkg = if useV16 then v16 else v15;
license = with stdenv.lib.licenses; if useV16 then unfreeRedistributable else gpl3;
in
stdenv.mkDerivation (boolectorPkg // {
buildInputs = [ zlib ];
enableParallelBuilding = false;
buildPhase = "./build.sh";
installPhase = ''
mkdir -p $out/bin $out/lib $out/include
cp boolector/boolector $out/bin
cp boolector/deltabtor $out/bin
cp boolector/synthebtor $out/bin
cp boolector/libboolector.a $out/lib
cp boolector/boolector.h $out/include
'';
meta = {
inherit license;
description = "An extremely fast SMT solver for bit-vectors and arrays";
homepage = "http://fmv.jku.at/boolector";
platforms = stdenv.lib.platforms.linux;
maintainers = [ stdenv.lib.maintainers.thoughtpolice ];
};
})

4
pkgs/applications/science/math/R/default.nix
View File

@ -5,11 +5,11 @@
}:
stdenv.mkDerivation rec {
name = "R-3.0.3";
name = "R-3.1.0";
src = fetchurl {
url = "http://cran.r-project.org/src/base/R-3/${name}.tar.gz";
sha256 = "1mp6zp25nycn8bxnnq97gq6n21c6vprm6qc4drwap57j82azsz5r";
sha256 = "1qjzbw341bvi1h4jwbvdkvq8j0z9l3m85mpgrlfw0n2cz2806s4a";
};
buildInputs = [ blas bzip2 gfortran liblapack libX11 libXmu libXt

16
pkgs/applications/version-management/git-and-tools/git-annex/default.nix
View File

@ -1,9 +1,9 @@
{ cabal, aeson, async, blazeBuilder, bloomfilter, bup, byteable
, caseInsensitive, clientsession, cryptoApi, cryptohash, curl
, dataDefault, dataenc, DAV, dbus, dlist, dns, editDistance
, extensibleExceptions, feed, filepath, git, gnupg1, gnutls, hamlet
, hinotify, hS3, hslogger, HTTP, httpClient, httpConduit, httpTypes
, IfElse, json, liftedBase, lsof, MissingH
, extensibleExceptions, fdoNotify, feed, filepath, git, gnupg1
, gnutls, hamlet, hinotify, hS3, hslogger, HTTP, httpClient
, httpConduit, httpTypes, IfElse, json, liftedBase, lsof, MissingH
, MonadCatchIOTransformers, monadControl, mtl, network
, networkConduit, networkInfo, networkMulticast
, networkProtocolXmpp, openssh, optparseApplicative, perl
@ -16,16 +16,16 @@
cabal.mkDerivation (self: {
pname = "git-annex";
version = "5.20140320";
sha256 = "0jhg5nbvdsiaprpj4h57fpfskhx0nqva4yx6krfd90i9gwgkm8l5";
version = "5.20140405";
sha256 = "0nbfnv9z2jhx2jr2nma0y1znvbaa09rv1drl6wk27j6xsbiq3p3k";
isLibrary = false;
isExecutable = true;
buildDepends = [
aeson async blazeBuilder bloomfilter byteable caseInsensitive
clientsession cryptoApi cryptohash dataDefault dataenc DAV dbus
dlist dns editDistance extensibleExceptions feed filepath gnutls
hamlet hinotify hS3 hslogger HTTP httpClient httpConduit httpTypes
IfElse json liftedBase MissingH MonadCatchIOTransformers
dlist dns editDistance extensibleExceptions fdoNotify feed filepath
gnutls hamlet hinotify hS3 hslogger HTTP httpClient httpConduit
httpTypes IfElse json liftedBase MissingH MonadCatchIOTransformers
monadControl mtl network networkConduit networkInfo
networkMulticast networkProtocolXmpp optparseApplicative QuickCheck
random regexTdfa SafeSemaphore securemem SHA stm tasty tastyHunit

14
pkgs/applications/version-management/git-and-tools/git/default.nix
View File

@ -10,7 +10,7 @@
let
version = "1.9.1";
version = "1.9.2";
svn = subversionClient.override { perlBindings = true; };
@ -21,7 +21,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz";
sha256 = "0yx7qf9hqgfvrliqvk775pw3zh982nx5r16iw7n997q4ik7gnqpr";
sha256 = "1x4rb06vw4ckdflmn01r5l9spvn7cng4i5mm3sbd0n8cz0n6xz13";
};
patches = [ ./docbook2texi.patch ./symlinks-in-bin.patch ];
@ -47,8 +47,7 @@ stdenv.mkDerivation {
postInstall =
''
notSupported() {
echo -e "#\!/bin/sh\necho '`basename $1` not supported, $2'\nexit 1" > "$1"
chmod +x $1
unlink $1 || true
}
# Install git-subtree.
@ -94,7 +93,7 @@ stdenv.mkDerivation {
--set GITPERLLIB "$gitperllib" \
--prefix PATH : "${svn}/bin" ''
else '' # replace git-svn by notification script
notSupported $out/libexec/git-core/git-svn "reinstall with config git = { svnSupport = true } set"
notSupported $out/libexec/git-core/git-svn
'')
+ (if sendEmailSupport then
@ -106,7 +105,7 @@ stdenv.mkDerivation {
wrapProgram $out/libexec/git-core/git-send-email \
--set GITPERLLIB "$gitperllib" ''
else '' # replace git-send-email by notification script
notSupported $out/libexec/git-core/git-send-email "reinstall with config git = { sendEmailSupport = true } set"
notSupported $out/libexec/git-core/git-send-email
'')
+ stdenv.lib.optionalString withManual ''# Install man pages and Info manual
@ -123,8 +122,7 @@ stdenv.mkDerivation {
'' else ''
# Don't wrap Tcl/Tk, replace them by notification scripts
for prog in bin/gitk libexec/git-core/git-gui; do
notSupported "$out/$prog" \
"reinstall with config git = { guiSupport = true; } set"
notSupported "$out/$prog"
done
'');

4
pkgs/applications/version-management/git-and-tools/stgit/default.nix
View File

@ -1,14 +1,14 @@
{ stdenv, fetchurl, python, git }:
let
name = "stgit-0.16";
name = "stgit-0.17.1";
in
stdenv.mkDerivation {
inherit name;
src = fetchurl {
url = "http://download.gna.org/stgit/${name}.tar.gz";
sha256 = "0hla6401g2kicaakz4awk67yf8fhqbw1shn1p9ma5x6ca29s3w82";
sha256 = "1pka0ns9x0kabn036zsf0mwmwiynckhnva51kgxsch9fqah6acyl";
};
buildInputs = [ python git ];

4
pkgs/applications/version-management/git-and-tools/svn2git/default.nix
View File

@ -1,14 +1,14 @@
{ stdenv, fetchurl, ruby, makeWrapper, git }:
let
version = "2.2.2";
version = "2.2.5";
in
stdenv.mkDerivation {
name = "svn2git-${version}";
src = fetchurl {
url = "https://github.com/nirvdrum/svn2git/archive/v${version}.tar.gz";
sha256 = "14zinkpgybz15jvbfw0sb432w6f5w4sa5pdqycjwva8v8lxqn9mh";
sha256 = "1afmrr80357pg3kawyghhc55z1pszaq8fyrrjmxa6nr9dcrqjwwh";
};
buildInputs = [ ruby makeWrapper ];

15
pkgs/applications/video/avidemux/default.nix
View File

@ -1,20 +1,23 @@
{stdenv, fetchurl, cmake, pkgconfig, libxml2, qt4, gtk, gettext, SDL,
libXv, pixman, libpthreadstubs, libXau, libXdmcp, libxslt, x264,
alsaLib, lame, faac, faad2, libvorbis, yasm, libvpx, xvidcore, libva }:
alsaLib, lame, faad2, libvorbis, yasm, libvpx, xvidcore, libva,
faac ? null, faacSupport ? false }:
assert stdenv ? glibc;
assert faacSupport -> faac != null;
stdenv.mkDerivation {
name = "avidemux-2.5.6";
src = fetchurl {
url = mirror://sourceforge/avidemux/avidemux_2.5.6.tar.gz;
sha256 = "12wvxz0n2g85f079d8mdkkp2zm279d34m9v7qgcqndh48cn7znnn";
};
buildInputs = [ cmake pkgconfig libxml2 qt4 gtk gettext SDL libXv
pixman libpthreadstubs libXau libXdmcp libxslt x264 alsaLib
lame faac faad2 libvorbis yasm libvpx xvidcore libva ];
pixman libpthreadstubs libXau libXdmcp libxslt x264 alsaLib
lame faad2 libvorbis yasm libvpx xvidcore libva
] ++ stdenv.lib.optional faacSupport faac;
cmakeFlags = "-DPTHREAD_INCLUDE_DIR=${stdenv.glibc}/include" +
" -DGETTEXT_INCLUDE_DIR=${gettext}/include" +
@ -34,7 +37,7 @@ stdenv.mkDerivation {
make install
'';
meta = {
meta = {
homepage = http://fixounet.free.fr/avidemux/;
description = "Free video editor designed for simple video editing tasks";
maintainers = with stdenv.lib.maintainers; [viric];

21
pkgs/applications/virtualization/docker/default.nix
View File

@ -1,36 +1,33 @@
{ stdenv, fetchurl, makeWrapper, go, lxc, sqlite, iproute, iptables, lvm2
, bash}:
{ stdenv, fetchurl, makeWrapper, go, lxc, sqlite, iproute, bridge_utils, devicemapper,
btrfsProgs, iptables, bash}:
stdenv.mkDerivation rec {
name = "docker-${version}";
version = "0.7.6";
version = "0.9.1";
src = fetchurl {
url = "https://github.com/dotcloud/docker/archive/v${version}.tar.gz";
sha256 = "0anlzba2vm1fs5nf0dl2svrgj3ddsbl5iyhsm8vfbi3f23vppkfv";
sha256 = "0m4s21dxd1bj08xrmi7iw77djj3cpxvjsin12p6v6v1qnigm18ww";
};
phases = ["unpackPhase" "preBuild" "buildPhase" "installPhase"];
buildInputs = [ makeWrapper go sqlite lxc iproute lvm2 iptables ];
buildInputs = [ makeWrapper go sqlite lxc iproute bridge_utils devicemapper btrfsProgs iptables ];
preBuild = ''
patchShebangs ./hack
'';
buildPhase = ''
mkdir -p src/github.com/dotcloud
ln -sn "../../../" "src/github.com/dotcloud/docker"
export GOPATH="$(pwd):$(pwd)/vendor"
export DOCKER_GITCOMMIT="bc3b2ec0622f50879ae96f042056b6bd2e0b4fba"
export DOCKER_INITPATH="$out/libexec/docker/dockerinit"
export AUTO_GOPATH=1
export DOCKER_GITCOMMIT="867b2a90c228f62cdcd44907ceef279a2d8f1ac5"
./hack/make.sh dynbinary
'';
installPhase = ''
install -Dm755 ./bundles/${version}/dynbinary/docker-${version} $out/bin/docker
install -Dm755 ./bundles/${version}/dynbinary/dockerinit-${version} $out/libexec/docker/dockerinit
wrapProgram $out/bin/docker --prefix PATH : "${iproute}/sbin:${lvm2}:sbin:${lxc}/bin:${iptables}/sbin"
install -Dm755 ./bundles/${version}/dynbinary/dockerinit-${version} $out/bin/dockerinit
wrapProgram $out/bin/docker --prefix PATH : "${iproute}/sbin:sbin:${lxc}/bin:${iptables}/sbin"
# systemd
install -Dm644 ./contrib/init/systemd/docker.service $out/etc/systemd/system/docker.service

20
pkgs/build-support/kernel/cpio-clean.pl Normal file
View File

@ -0,0 +1,20 @@
use strict;
# Make inode number, link info and mtime consistent in order to get a consistent hash.
#
# Author: Alexander Kjeldaas <ak@formalprivacy.com>
use Archive::Cpio;
my $cpio = Archive::Cpio->new;
my $IN = \*STDIN;
my $ino = 1;
$cpio->read_with_handler($IN, sub {
my ($e) = @_;
$e->{inode} = $ino;
$ino++;
$e->{nlink} = 1;
$e->{mtime} = 1;
$cpio->write_one(\*STDOUT, $e);
});
$cpio->write_trailer(\*STDOUT);

5
pkgs/build-support/kernel/make-initrd.nix
View File

@ -12,10 +12,10 @@
# `contents = {object = ...; symlink = /init;}' is a typical
# argument.
{stdenv, perl, cpio, contents, ubootChooser, compressor}:
{stdenv, perl, perlArchiveCpio, cpio, contents, ubootChooser, compressor}:
let
inputsFun = ubootName : [perl cpio]
inputsFun = ubootName : [perl cpio perlArchiveCpio ]
++ stdenv.lib.optional (ubootName != null) [ (ubootChooser ubootName) ];
makeUInitrdFun = ubootName : (ubootName != null);
in
@ -35,6 +35,7 @@ stdenv.mkDerivation {
exportReferencesGraph =
map (x: [("closure-" + baseNameOf x.symlink) x.object]) contents;
pathsFromGraph = ./paths-from-graph.pl;
cpioClean = ./cpio-clean.pl;
crossAttrs = {
nativeBuildInputs = inputsFun stdenv.cross.platform.uboot;

2
pkgs/build-support/kernel/make-initrd.sh
View File

@ -36,7 +36,7 @@ storePaths=$(perl $pathsFromGraph closure-*)
# Put the closure in a gzipped cpio archive.
mkdir -p $out
(cd root && find * -print0 | cpio -o -H newc --null | $compressor > $out/initrd)
(cd root && find * -print0 | cpio -o -H newc --null | perl $cpioClean | $compressor > $out/initrd)
if [ -n "$makeUInitrd" ]; then
mv $out/initrd $out/initrd.gz

4
pkgs/data/sgml+xml/stylesheets/xslt/docbook-xsl-ns/default.nix
View File

@ -1,11 +1,11 @@
{stdenv, fetchurl}:
stdenv.mkDerivation rec {
name = "docbook-xsl-ns-1.75.2";
name = "docbook-xsl-ns-1.78.1";
src = fetchurl {
url = "mirror://sourceforge/docbook/${name}.tar.bz2";
sha256 = "1pr7m0hmqilk25hjx33kq2vqn2xf6cx6zhxqm35fdvnjccazlxg2";
sha256 = "1x3sc0axk9z3i6n0jhlsmzlmb723a4sjgslm9g12by6phirdx3ng";
};
buildPhase = "true";

4
pkgs/desktops/cinnamon/cinnamon-desktop.nix
View File

@ -22,10 +22,6 @@ stdenv.mkDerivation {
xkeyboard_config libxkbfile libX11 libXrandr libXext
];
postInstall = ''
${glib}/bin/glib-compile-schemas $out/share/glib-2.0/schemas/
'';
meta = {
homepage = "http://cinnamon.linuxmint.com";
description = "Library and data for various Cinnamon modules";

8
pkgs/desktops/cinnamon/cinnamon-session.nix
View File

@ -13,7 +13,7 @@ stdenv.mkDerivation {
};
configureFlags = "--disable-schemas-compile --enable-systemd --disable-gconf" ;
configureFlags = "--enable-systemd --disable-gconf" ;
patches = [ ./remove-sessionmigration.patch ./timeout.patch];
@ -23,17 +23,17 @@ stdenv.mkDerivation {
gtk3 dbus_glib upower json_glib
intltool systemd xorg.xtrans
makeWrapper
cinnamon-desktop/*gschemas*/
];
preBuild = "patchShebangs ./scripts";
postInstall = ''
${glib}/bin/glib-compile-schemas $out/share/glib-2.0/schemas/
postFixup = ''
rm $out/share/icons/hicolor/icon-theme.cache
for f in "$out"/bin/*; do
wrapProgram "$f" --prefix XDG_DATA_DIRS : "$out/share:${cinnamon-desktop}/share"
wrapProgram "$f" --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
done
'';

2
pkgs/desktops/gnome-3/core/baobab/default.nix
View File

@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
rm $out/share/icons/HighContrast/icon-theme.cache
wrapProgram "$out/bin/baobab" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "${gtk3}/share:${gnome3.gnome_themes_standard}/share:${gnome3.gsettings_desktop_schemas}/share:$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH"
--prefix XDG_DATA_DIRS : "${gtk3}/share:${gnome3.gnome_themes_standard}/share:$out/share:$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH"
'';
meta = with stdenv.lib; {

12
pkgs/desktops/gnome-3/core/dconf/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, vala, libxslt, pkgconfig, glib, dbus_glib, gnome3
, libxml2, intltool, docbook_xsl_ns, docbook_xsl }:
, libxml2, intltool, docbook_xsl_ns, docbook_xsl, makeWrapper }:
stdenv.mkDerivation rec {
name = "dconf-${version}";
@ -11,7 +11,15 @@ stdenv.mkDerivation rec {
};
buildInputs = [ vala libxslt pkgconfig glib dbus_glib gnome3.gtk libxml2
intltool docbook_xsl docbook_xsl_ns ];
intltool docbook_xsl docbook_xsl_ns makeWrapper ];
preFixup = ''
wrapProgram "$out/bin/dconf-editor" \
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
rm $out/lib/gio/modules/giomodule.cache
rm $out/share/icons/hicolor/icon-theme.cache
'';
meta = with stdenv.lib; {
platforms = platforms.linux;

8
pkgs/desktops/gnome-3/core/empathy/default.nix
View File

@ -39,12 +39,12 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
installFlags = "gsettingsschemadir=\${out}/share/empathy/glib-2.0/schemas/";
postInstall = ''
preFixup = ''
wrapProgram "$out/bin/empathy" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gtk3}/share:${gnome3.gnome_themes_standard}/:${gnome3.gnome_themes_standard}/share:${hicolor_icon_theme}/share:${gnome3.gsettings_desktop_schemas}/share:$out/share:$out/share/empathy:${telepathy_logger}/share/telepathy/logger:${folks}/share/folks:${evolution_data_server}/share/evolution-data-server"
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gtk3}/share:${gnome3.gnome_themes_standard}/:${gnome3.gnome_themes_standard}/share:${hicolor_icon_theme}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
rm $out/share/icons/hicolor/icon-theme.cache
'';
meta = with stdenv.lib; {

Some files were not shown because too many files have changed in this diff Show More