JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into clickhouse

Browse Source
This commit is contained in:
Michael Raskin 2017-05-01 07:33:31 +02:00 committed by GitHub
commit 90ce1aa28a
262 changed files with 6465 additions and 2887 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/customisation.nix
View File

@ -167,7 +167,7 @@ rec {
/* Make a set of packages with a common scope. All packages called
with the provided `callPackage' will be evaluated with the same
arguments. Any package in the set may depend on any other. The
`override' function allows subsequent modification of the package
`overrideScope' function allows subsequent modification of the package
set in a consistent way, i.e. all packages in the set will be
called with the overridden packages. The package sets may be
hierarchical: the packages in the set are called with the scope
@ -177,7 +177,7 @@ rec {
let self = f self // {
newScope = scope: newScope (self // scope);
callPackage = self.newScope {};
override = g:
overrideScope = g:
makeScope newScope
(self_: let super = f self_; in super // g super self_);
packages = f;

5
lib/licenses.nix
View File

@ -531,6 +531,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
fullName = "Do What The F*ck You Want To Public License";
};
wxWindows = spdx {
spdxId = "WXwindows";
fullName = "wxWindows Library Licence, Version 3.1";
};
zlib = spdx {
spdxId = "Zlib";
fullName = "zlib License";

2
lib/maintainers.nix
View File

@ -468,6 +468,7 @@
s1lvester = "Markus Silvester <s1lvester@bockhacker.me>";
samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
sargon = "Daniel Ehlers <danielehlers@mindeye.net>";
schmitthenner = "Fabian Schmitthenner <development@schmitthenner.eu>";
schneefux = "schneefux <schneefux+nixos_pkg@schneefux.xyz>";
schristo = "Scott Christopher <schristopher@konputa.com>";
@ -502,6 +503,7 @@
sternenseemann = "Lukas Epple <post@lukasepple.de>";
stesie = "Stefan Siegl <stesie@brokenpipe.de>";
steveej = "Stefan Junker <mail@stefanjunker.de>";
SuprDewd = "Bjarki Ágúst Guðmundsson <suprdewd@gmail.com>";
swarren83 = "Shawn Warren <shawn.w.warren@gmail.com>";
swistak35 = "Rafał Łasocha <me@swistak35.com>";
szczyp = "Szczyp <qb@szczyp.com>";

2
lib/systems/doubles.nix
View File

@ -30,7 +30,7 @@ in rec {
mips = filterDoubles (matchAttrs { cpu = { family = "mips"; }; });
x86_64 = filterDoubles parse.isx86_64;
cygwin = filterDoubles (matchAttrs { kernel = parse.kernels.cygwin; });
cygwin = filterDoubles parse.isCygwin;
darwin = filterDoubles parse.isDarwin;
freebsd = filterDoubles (matchAttrs { kernel = parse.kernels.freebsd; });
gnu = filterDoubles (matchAttrs { kernel = parse.kernels.linux; abi = parse.abis.gnu; }); # Should be better

58
lib/systems/parse.nix
View File

@ -1,5 +1,9 @@
# Define the list of system with their properties. Only systems tested for
# Nixpkgs are listed below
# Define the list of system with their properties.
#
# See https://clang.llvm.org/docs/CrossCompilation.html and
# http://llvm.org/docs/doxygen/html/Triple_8cpp_source.html especially
# Triple::normalize. Parsing should essentially act as a more conservative
# version of that last function.
with import ../lists.nix;
with import ../types.nix;
@ -9,7 +13,7 @@ let
lib = import ../default.nix;
setTypesAssert = type: pred:
mapAttrs (name: value:
#assert pred value;
assert pred value;
setType type ({ inherit name; } // value));
setTypes = type: setTypesAssert type (_: true);
@ -23,7 +27,6 @@ rec {
littleEndian = {};
};
isCpuType = isType "cpu-type";
cpuTypes = with significantBytes; setTypesAssert "cpu-type"
(x: elem x.bits [8 16 32 64 128]
@ -47,6 +50,7 @@ rec {
vendors = setTypes "vendor" {
apple = {};
pc = {};
unknown = {};
};
@ -56,6 +60,7 @@ rec {
elf = {};
macho = {};
pe = {};
unknown = {};
};
@ -63,15 +68,12 @@ rec {
kernelFamilies = setTypes "kernel-family" {
bsd = {};
unix = {};
windows-nt = {};
dos = {};
};
isKernel = x: isType "kernel" x;
kernels = with execFormats; with kernelFamilies; setTypesAssert "kernel"
(x: isExecFormat x.execFormat && all isKernelFamily (attrValues x.families))
{
cygwin = { execFormat = pe; families = { inherit /*unix*/ windows-nt; }; };
darwin = { execFormat = macho; families = { inherit unix; }; };
freebsd = { execFormat = elf; families = { inherit unix bsd; }; };
linux = { execFormat = elf; families = { inherit unix; }; };
@ -79,18 +81,21 @@ rec {
none = { execFormat = unknown; families = { inherit unix; }; };
openbsd = { execFormat = elf; families = { inherit unix bsd; }; };
solaris = { execFormat = elf; families = { inherit unix; }; };
win32 = { execFormat = pe; families = { inherit dos; }; };
windows = { execFormat = pe; families = { }; };
} // { # aliases
win32 = kernels.windows;
};
isAbi = isType "abi";
abis = setTypes "abi" {
cygnus = {};
gnu = {};
msvc = {};
eabi = {};
androideabi = {};
gnueabi = {};
gnueabihf = {};
unknown = {};
};
@ -109,19 +114,25 @@ rec {
isDarwin = matchAttrs { kernel = kernels.darwin; };
isLinux = matchAttrs { kernel = kernels.linux; };
isUnix = matchAttrs { kernel = { families = { inherit (kernelFamilies) unix; }; }; };
isWindows = s: matchAttrs { kernel = { families = { inherit (kernelFamilies) windows-nt; }; }; } s
|| matchAttrs { kernel = { families = { inherit (kernelFamilies) dos; }; }; } s;
isWindows = matchAttrs { kernel = kernels.windows; };
isCygwin = matchAttrs { kernel = kernels.windows; abi = abis.cygnus; };
isMinGW = matchAttrs { kernel = kernels.windows; abi = abis.gnu; };
mkSkeletonFromList = l: {
"2" = { cpu = elemAt l 0; kernel = elemAt l 1; };
"4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
"2" = # We only do 2-part hacks for things Nix already supports
if elemAt l 1 == "cygwin"
then { cpu = elemAt l 0; kernel = "windows"; abi = "cygnus"; }
else { cpu = elemAt l 0; kernel = elemAt l 1; };
"3" = # Awkwards hacks, beware!
if elemAt l 1 == "apple"
then { cpu = elemAt l 0; vendor = "apple"; kernel = elemAt l 2; }
else if (elemAt l 1 == "linux") || (elemAt l 2 == "gnu")
then { cpu = elemAt l 0; kernel = elemAt l 1; abi = elemAt l 2; }
else if (elemAt l 2 == "mingw32") # autotools breaks on -gnu for window
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "windows"; abi = "gnu"; }
else throw "Target specification with 3 components is ambiguous";
"4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
}.${toString (length l)}
or (throw "system string has invalid number of hyphen-separated components");
@ -134,18 +145,10 @@ rec {
, # Also inferred below
abi ? assert false; null
} @ args: let
getCpu = name:
attrByPath [name] (throw "Unknown CPU type: ${name}")
cpuTypes;
getVendor = name:
attrByPath [name] (throw "Unknown vendor: ${name}")
vendors;
getKernel = name:
attrByPath [name] (throw "Unknown kernel: ${name}")
kernels;
getAbi = name:
attrByPath [name] (throw "Unknown ABI: ${name}")
abis;
getCpu = name: cpuTypes.${name} or (throw "Unknown CPU type: ${name}");
getVendor = name: vendors.${name} or (throw "Unknown vendor: ${name}");
getKernel = name: kernels.${name} or (throw "Unknown kernel: ${name}");
getAbi = name: abis.${name} or (throw "Unknown ABI: ${name}");
system = rec {
cpu = getCpu args.cpu;
@ -166,7 +169,10 @@ rec {
mkSystemFromString = s: mkSystemFromSkeleton (mkSkeletonFromList (lib.splitString "-" s));
doubleFromSystem = { cpu, vendor, kernel, abi, ... }: "${cpu.name}-${kernel.name}";
doubleFromSystem = { cpu, vendor, kernel, abi, ... }:
if vendor == kernels.windows && abi == abis.cygnus
then "${cpu.name}-cygwin"
else "${cpu.name}-${kernel.name}";
tripleFromSystem = { cpu, vendor, kernel, abi, ... } @ sys: assert isSystem sys; let
optAbi = lib.optionalString (abi != abis.unknown) "-${abi.name}";

6
nixos/doc/manual/configuration/file-systems.xml
View File

@ -35,6 +35,12 @@ or <literal>ext4</literal>, then its best to specify
<option>fsType</option> to ensure that the kernel module is
available.</para>
<note><para>System startup will fail if any of the filesystems fails to mount,
dropping you to the emergency shell.
You can make a mount asynchronous and non-critical by adding
<literal>options = [ "nofail" ];</literal>.
</para></note>
<xi:include href="luks-file-systems.xml" />
</chapter>

5
nixos/doc/manual/installation/installing-usb.xml
View File

@ -34,6 +34,11 @@ ISO, copy its contents verbatim to your drive, then either:
in <link xlink:href="https://www.kernel.org/doc/Documentation/kernel-parameters.txt">
the kernel documentation</link> for more details).</para>
</listitem>
<listitem>
<para>If you want to load the contents of the ISO to ram after bootin
(So you can remove the stick after bootup) you can append the parameter
<literal>copytoram</literal>to the <literal>options</literal> field.</para>
</listitem>
</itemizedlist>
</para>

28
nixos/modules/config/i18n.nix
View File

@ -2,21 +2,27 @@
with lib;
let
glibcLocales = pkgs.glibcLocales.override {
allLocales = any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales;
};
in
{
###### interface
options = {
i18n = {
glibcLocales = mkOption {
type = types.path;
default = pkgs.glibcLocales.override {
allLocales = any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales;
};
example = literalExample "pkgs.glibcLocales";
description = ''
Customized pkg.glibcLocales package.
Changing this option can disable handling of i18n.defaultLocale
and supportedLocale.
'';
};
defaultLocale = mkOption {
type = types.str;
default = "en_US.UTF-8";
@ -118,7 +124,7 @@ in
'');
environment.systemPackages =
optional (config.i18n.supportedLocales != []) glibcLocales;
optional (config.i18n.supportedLocales != []) config.i18n.glibcLocales;
environment.sessionVariables =
{ LANG = config.i18n.defaultLocale;
@ -126,7 +132,7 @@ in
};
systemd.globalEnvironment = mkIf (config.i18n.supportedLocales != []) {
LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
LOCALE_ARCHIVE = "${config.i18n.glibcLocales}/lib/locale/locale-archive";
};
# /etc/locale.conf is used by systemd.

6
nixos/modules/misc/ids.nix
View File

@ -292,7 +292,8 @@
sonarr = 274;
radarr = 275;
jackett = 276;
clickhouse = 277;
aria2 = 277;
clickhouse = 278;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -554,7 +555,8 @@
sonarr = 274;
radarr = 275;
jackett = 276;
clickhouse = 277;
aria2 = 277;
clickhouse = 278;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

6
nixos/modules/module-list.nix
View File

@ -88,6 +88,7 @@
./programs/mtr.nix
./programs/nano.nix
./programs/oblogout.nix
./programs/qt5ct.nix
./programs/screen.nix
./programs/slock.nix
./programs/shadow.nix
@ -116,6 +117,7 @@
./security/duosec.nix
./security/grsecurity.nix
./security/hidepid.nix
./security/lock-kernel-modules.nix
./security/oath.nix
./security/pam.nix
./security/pam_usb.nix
@ -505,6 +507,7 @@
./services/networking/wpa_supplicant.nix
./services/networking/xinetd.nix
./services/networking/xl2tpd.nix
./services/networking/xrdp.nix
./services/networking/zerobin.nix
./services/networking/zerotierone.nix
./services/networking/znc.nix
@ -530,8 +533,9 @@
./services/security/munge.nix
./services/security/oauth2_proxy.nix
./services/security/physlock.nix
./services/security/torify.nix
./services/security/sshguard.nix
./services/security/tor.nix
./services/security/torify.nix
./services/security/torsocks.nix
./services/system/cgmanager.nix
./services/system/cloud-init.nix

27
nixos/modules/profiles/hardened.nix
View File

@ -6,10 +6,25 @@
with lib;
{
boot.kernelPackages = mkDefault pkgs.linuxPackages_hardened;
security.hideProcessInformation = mkDefault true;
security.lockKernelModules = mkDefault true;
security.apparmor.enable = mkDefault true;
boot.kernelParams = [
# Overwrite free'd memory
"page_poison=1"
# Disable legacy virtual syscalls
"vsyscall=none"
# Disable hibernation (allows replacing the running kernel)
"nohibernate"
];
# Restrict ptrace() usage to processes with a pre-defined relationship
# (e.g., parent/child)
boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;
@ -32,4 +47,16 @@ with lib;
# ... or at least apply some hardening to it
boot.kernel.sysctl."net.core.bpf_jit_harden" = mkDefault true;
# A recurring problem with user namespaces is that there are
# still code paths where the kernel's permission checking logic
# fails to account for namespacing, instead permitting a
# namespaced process to act outside the namespace with the
# same privileges as it would have inside it. This is particularly
# bad in the common case of running as root within the namespace.
#
# Setting the number of allowed userns to 0 effectively disables
# the feature at runtime. Attempting to create a user namespace
# with unshare will then fail with "no space left on device".
boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0;
}

4
nixos/modules/programs/command-not-found/command-not-found.nix
View File

@ -44,7 +44,7 @@ in
''
# This function is called whenever a command is not found.
command_not_found_handle() {
local p=${commandNotFound}
local p=${commandNotFound}/bin/command-not-found
if [ -x $p -a -f ${cfg.dbPath} ]; then
# Run the helper program.
$p "$@"
@ -65,7 +65,7 @@ in
''
# This function is called whenever a command is not found.
command_not_found_handler() {
local p=${commandNotFound}
local p=${commandNotFound}/bin/command-not-found
if [ -x $p -a -f ${cfg.dbPath} ]; then
# Run the helper program.
$p "$@"

2
nixos/modules/programs/environment.nix
View File

@ -20,6 +20,7 @@ in
{ NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix";
PAGER = mkDefault "less -R";
EDITOR = mkDefault "nano";
XCURSOR_PATH = "$HOME/.icons";
};
environment.profiles =
@ -42,6 +43,7 @@ in
GTK_PATH = [ "/lib/gtk-2.0" "/lib/gtk-3.0" ];
XDG_CONFIG_DIRS = [ "/etc/xdg" ];
XDG_DATA_DIRS = [ "/share" ];
XCURSOR_PATH = [ "/share/icons" ];
MOZ_PLUGIN_PATH = [ "/lib/mozilla/plugins" ];
LIBEXEC_PATH = [ "/lib/libexec" ];
};

31
nixos/modules/programs/qt5ct.nix Normal file
View File

@ -0,0 +1,31 @@
{ config, lib, pkgs, ... }:
with lib;
{
meta.maintainers = [ maintainers.romildo ];
###### interface
options = {
programs.qt5ct = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable the Qt5 Configuration Tool (qt5ct), a
program that allows users to configure Qt5 settings (theme,
font, icons, etc.) under desktop environments or window
manager without Qt integration.
Official home page: <link xlink:href="https://sourceforge.net/projects/qt5ct/">https://sourceforge.net/projects/qt5ct/</link>
'';
};
};
};
###### implementation
config = mkIf config.programs.qt5ct.enable {
environment.variables.QT_QPA_PLATFORMTHEME = "qt5ct";
environment.systemPackages = [ pkgs.qt5ct ];
};
}

12
nixos/modules/programs/zsh/zsh-syntax-highlighting.nix
View File

@ -18,7 +18,17 @@ in
highlighters = mkOption {
default = [ "main" ];
type = types.listOf(types.str);
# https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md
type = types.listOf(types.enum([
"main"
"brackets"
"pattern"
"cursor"
"root"
"line"
]));
description = ''
Specifies the highlighters to be used by zsh-syntax-highlighting.

2
nixos/modules/security/grsecurity.nix
View File

@ -13,7 +13,7 @@ in
{
meta = {
maintainers = with maintainers; [ joachifm ];
maintainers = with maintainers; [ ];
doc = ./grsecurity.xml;
};

8
nixos/modules/security/grsecurity.xml
View File

@ -26,9 +26,11 @@
<link xlink:href="https://wiki.archlinux.org/index.php/Grsecurity">Arch
Linux wiki page on grsecurity</link>.
<note><para>grsecurity/PaX is only available for the latest linux -stable
kernel; patches against older kernels are available from upstream only for
a fee.</para></note>
<warning><para>Upstream has ceased free support for grsecurity/PaX. See
<link xlink:href="https://grsecurity.net/passing_the_baton.php">
the announcement</link> for more information. Consequently, NixOS
support for grsecurity/PaX also must cease. Enabling this module will
result in a build error.</para></warning>
<note><para>We standardise on a desktop oriented configuration primarily due
to lack of resources. The grsecurity/PaX configuration state space is huge
and each configuration requires quite a bit of testing to ensure that the

36
nixos/modules/security/lock-kernel-modules.nix Normal file
View File

@ -0,0 +1,36 @@
{ config, lib, ... }:
with lib;
{
options = {
security.lockKernelModules = mkOption {
type = types.bool;
default = false;
description = ''
Disable kernel module loading once the system is fully initialised.
Module loading is disabled until the next reboot. Problems caused
by delayed module loading can be fixed by adding the module(s) in
question to <option>boot.kernelModules</option>.
'';
};
};
config = mkIf config.security.lockKernelModules {
systemd.services.disable-kernel-module-loading = rec {
description = "Disable kernel module loading";
wantedBy = [ config.systemd.defaultUnit ];
after = [ "systemd-udev-settle.service" "firewall.service" "systemd-modules-load.service" ] ++ wantedBy;
script = "echo -n 1 > /proc/sys/kernel/modules_disabled";
unitConfig.ConditionPathIsReadWrite = "/proc/sys/kernel";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
};
};
}

1
nixos/modules/services/continuous-integration/hydra/default.nix
View File

@ -233,6 +233,7 @@ in
hydra_logo ${cfg.logo}
''}
gc_roots_dir ${cfg.gcRootsDir}
use-substitutes = ${if cfg.useSubstitutes then "1" else "0"}
'';
environment.systemPackages = [ cfg.package ];

15
nixos/modules/services/hardware/amd-hybrid-graphics.nix
View File

@ -25,15 +25,22 @@
path = [ pkgs.bash ];
description = "Disable AMD Card";
after = [ "sys-kernel-debug.mount" ];
requires = [ "sys-kernel-debug.mount" ];
wantedBy = [ "multi-user.target" ];
before = [ "systemd-vconsole-setup.service" "display-manager.service" ];
requires = [ "sys-kernel-debug.mount" "vgaswitcheroo.path" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.bash}/bin/sh -c 'echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch; exit 0'";
ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch; exit 0'";
ExecStart = "${pkgs.bash}/bin/sh -c 'echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch'";
ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch'";
};
};
systemd.paths."vgaswitcheroo" = {
pathConfig = {
PathExists = "/sys/kernel/debug/vgaswitcheroo/switch";
Unit = "amd-hybrid-graphics.service";
};
wantedBy = ["multi-user.target"];
};
};
}

2
nixos/modules/services/misc/plex.nix
View File

@ -91,7 +91,7 @@ in
# Copy the database skeleton files to /var/lib/plex/.skeleton
# See the the Nix expression for Plex's package for more information on
# why this is done.
test -d "${cfg.dataDir}/.skeleton" || mkdir "${cfg.dataDir}/.skeleton"
install --owner ${cfg.user} --group ${cfg.group} -d "${cfg.dataDir}/.skeleton"
for db in "com.plexapp.plugins.library.db"; do
if [ ! -e "${cfg.dataDir}/.skeleton/$db" ]; then
cp "${cfg.package}/usr/lib/plexmediaserver/Resources/base_$db" "${cfg.dataDir}/.skeleton/$db"

87
nixos/modules/services/monitoring/cadvisor.nix
View File

@ -54,7 +54,29 @@ in {
storageDriverPassword = mkOption {
default = "root";
type = types.str;
description = "Cadvisor storage driver password.";
description = ''
Cadvisor storage driver password.
Warning: this password is stored in the world-readable Nix store. It's
recommended to use the <option>storageDriverPasswordFile</option> option
since that gives you control over the security of the password.
<option>storageDriverPasswordFile</option> also takes precedence over <option>storageDriverPassword</option>.
'';
};
storageDriverPasswordFile = mkOption {
type = types.str;
description = ''
File that contains the cadvisor storage driver password.
<option>storageDriverPasswordFile</option> takes precedence over <option>storageDriverPassword</option>
Warning: when <option>storageDriverPassword</option> is non-empty this defaults to a file in the
world-readable Nix store that contains the value of <option>storageDriverPassword</option>.
It's recommended to override this with a path not in the Nix store.
Tip: use <link xlink:href='https://nixos.org/nixops/manual/#idm140737318306400'>nixops key management</link>
'';
};
storageDriverSecure = mkOption {
@ -65,35 +87,44 @@ in {
};
};
config = mkIf cfg.enable {
systemd.services.cadvisor = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "docker.service" "influxdb.service" ];
config = mkMerge [
{ services.cadvisor.storageDriverPasswordFile = mkIf (cfg.storageDriverPassword != "") (
mkDefault (toString (pkgs.writeTextFile {
name = "cadvisor-storage-driver-password";
text = cfg.storageDriverPassword;
}))
);
}
postStart = mkBefore ''
until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
sleep 1;
done
'';
(mkIf cfg.enable {
systemd.services.cadvisor = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "docker.service" "influxdb.service" ];
serviceConfig = {
ExecStart = ''${pkgs.cadvisor}/bin/cadvisor \
-logtostderr=true \
-listen_ip=${cfg.listenAddress} \
-port=${toString cfg.port} \
${optionalString (cfg.storageDriver != null) ''
-storage_driver ${cfg.storageDriver} \
-storage_driver_user ${cfg.storageDriverHost} \
-storage_driver_db ${cfg.storageDriverDb} \
-storage_driver_user ${cfg.storageDriverUser} \
-storage_driver_password ${cfg.storageDriverPassword} \
${optionalString cfg.storageDriverSecure "-storage_driver_secure"}
''}
postStart = mkBefore ''
until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
sleep 1;
done
'';
TimeoutStartSec=300;
};
};
virtualisation.docker.enable = mkDefault true;
};
script = ''
exec ${pkgs.cadvisor}/bin/cadvisor \
-logtostderr=true \
-listen_ip="${cfg.listenAddress}" \
-port="${toString cfg.port}" \
${optionalString (cfg.storageDriver != null) ''
-storage_driver "${cfg.storageDriver}" \
-storage_driver_user "${cfg.storageDriverHost}" \
-storage_driver_db "${cfg.storageDriverDb}" \
-storage_driver_user "${cfg.storageDriverUser}" \
-storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \
${optionalString cfg.storageDriverSecure "-storage_driver_secure"}
''}
'';
serviceConfig.TimeoutStartSec=300;
};
virtualisation.docker.enable = mkDefault true;
})
];
}

16
nixos/modules/services/monitoring/graphite.nix
View File

@ -400,7 +400,8 @@ in {
mkdir -p ${cfg.dataDir}/whisper
chmod 0700 ${cfg.dataDir}/whisper
chown -R graphite:graphite ${cfg.dataDir}
chown graphite:graphite ${cfg.dataDir}
chown graphite:graphite ${cfg.dataDir}/whisper
'';
};
})
@ -487,9 +488,11 @@ in {
# create index
${pkgs.python27Packages.graphite_web}/bin/build-index.sh
touch ${dataDir}/db-created
chown graphite:graphite ${cfg.dataDir}
chown graphite:graphite ${cfg.dataDir}/whisper
chown -R graphite:graphite ${cfg.dataDir}/log
chown -R graphite:graphite ${cfg.dataDir}
touch ${dataDir}/db-created
fi
'';
};
@ -526,9 +529,10 @@ in {
mkdir -p ${dataDir}/cache/
chmod 0700 ${dataDir}/cache/
touch ${dataDir}/db-created
chown graphite:graphite ${cfg.dataDir}
chown -R graphite:graphite ${cfg.dataDir}/cache
chown -R graphite:graphite ${cfg.dataDir}
touch ${dataDir}/db-created
fi
'';
};
@ -549,7 +553,7 @@ in {
preStart = ''
if ! test -e ${dataDir}/db-created; then
mkdir -p ${dataDir}
chown -R graphite:graphite ${dataDir}
chown graphite:graphite ${dataDir}
fi
'';
};

4
nixos/modules/services/monitoring/munin.nix
View File

@ -34,7 +34,7 @@ let
cap=$(sed -nr 's/.*#%#\s+capabilities\s*=\s*(.+)/\1/p' $file)
wrapProgram $file \
--set PATH "/run/wrappers/bin:/run/current-system/sw/bin:/run/current-system/sw/bin" \
--set PATH "/run/wrappers/bin:/run/current-system/sw/bin" \
--set MUNIN_LIBDIR "${pkgs.munin}/lib" \
--set MUNIN_PLUGSTATE "/var/run/munin"
@ -184,7 +184,7 @@ in
mkdir -p /etc/munin/plugins
rm -rf /etc/munin/plugins/*
PATH="/run/wrappers/bin:/run/current-system/sw/bin:/run/current-system/sw/bin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
PATH="/run/wrappers/bin:/run/current-system/sw/bin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
'';
serviceConfig = {
ExecStart = "${pkgs.munin}/sbin/munin-node --config ${nodeConf} --servicedir /etc/munin/plugins/";

135
nixos/modules/services/networking/aria2.nix Normal file
View File

@ -0,0 +1,135 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.aria2;
homeDir = "/var/lib/aria2";
settingsDir = "${homeDir}";
sessionFile = "${homeDir}/aria2.session";
downloadDir = "${homeDir}/Downloads";
rangesToStringList = map (x: builtins.toString x.from +"-"+ builtins.toString x.to);
settingsFile = pkgs.writeText "aria2.conf"
''
dir=${cfg.downloadDir}
listen-port=${concatStringsSep "," (rangesToStringList cfg.listenPortRange)}
rpc-listen-port=${toString cfg.rpcListenPort}
rpc-secret=${cfg.rpcSecret}
'';
in
{
options = {
services.aria2 = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether or not to enable the headless Aria2 daemon service.
Aria2 daemon can be controlled via the RPC interface using
one of many WebUI (http://localhost:6800/ by default).
Targets are downloaded to ${downloadDir} by default and are
accessible to users in the "aria2" group.
'';
};
openPorts = mkOption {
type = types.bool;
default = false;
description = ''
Open listen and RPC ports found in listenPortRange and rpcListenPort
options in the firewall.
'';
};
downloadDir = mkOption {
type = types.string;
default = "${downloadDir}";
description = ''
Directory to store downloaded files.
'';
};
listenPortRange = mkOption {
type = types.listOf types.attrs;
default = [ { from = 6881; to = 6999; } ];
description = ''
Set UDP listening port range used by DHT(IPv4, IPv6) and UDP tracker.
'';
};
rpcListenPort = mkOption {
type = types.int;
default = 6800;
description = "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535";
};
rpcSecret = mkOption {
type = types.string;
default = "aria2rpc";
description = ''
Set RPC secret authorization token.
Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used.
'';
};
extraArguments = mkOption {
type = types.string;
example = "--rpc-listen-all --remote-time=true";
default = "";
description = ''
Additional arguments to be passed to Aria2.
'';
};
};
};
config = mkIf cfg.enable {
# Need to open ports for proper functioning
networking.firewall = mkIf cfg.openPorts {
allowedUDPPortRanges = config.services.aria2.listenPortRange;
allowedTCPPorts = [ config.services.aria2.rpcListenPort ];
};
users.extraUsers.aria2 = {
group = "aria2";
uid = config.ids.uids.aria2;
description = "aria2 user";
home = homeDir;
createHome = false;
};
users.extraGroups.aria2.gid = config.ids.gids.aria2;
systemd.services.aria2 = {
description = "aria2 Service";
after = [ "local-fs.target" "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -m 0770 -p "${homeDir}"
chown aria2:aria2 "${homeDir}"
if [[ ! -d "${config.services.aria2.downloadDir}" ]]
then
mkdir -m 0770 -p "${config.services.aria2.downloadDir}"
chown aria2:aria2 "${config.services.aria2.downloadDir}"
fi
if [[ ! -e "${sessionFile}" ]]
then
touch "${sessionFile}"
chown aria2:aria2 "${sessionFile}"
fi
cp -f "${settingsFile}" "${settingsDir}/aria2.conf"
'';
serviceConfig = {
Restart = "on-abort";
ExecStart = "${pkgs.aria2}/bin/aria2c --enable-rpc --conf-path=${settingsDir}/aria2.conf ${config.services.aria2.extraArguments} --save-session=${sessionFile}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "aria2";
Group = "aria2";
PermissionsStartOnly = true;
};
};
};
}

12
nixos/modules/services/networking/networkmanager.nix
View File

@ -12,6 +12,7 @@ let
configFile = writeText "NetworkManager.conf" ''
[main]
plugins=keyfile
dns=${if cfg.useDnsmasq then "dnsmasq" else "default"}
[keyfile]
${optionalString (config.networking.hostName != "")
@ -158,6 +159,17 @@ in {
ethernet.macAddress = macAddressOpt;
wifi.macAddress = macAddressOpt;
useDnsmasq = mkOption {
type = types.bool;
default = false;
description = ''
Enable NetworkManager's dnsmasq integration. NetworkManager will run
dnsmasq as a local caching nameserver, using a "split DNS"
configuration if you are connected to a VPN, and then update
resolv.conf to point to the local nameserver.
'';
};
dispatcherScripts = mkOption {
type = types.listOf (types.submodule {
options = {

2
nixos/modules/services/networking/radicale.nix
View File

@ -57,4 +57,6 @@ in
serviceConfig.Group = "radicale";
};
};
meta.maintainers = with lib.maintainers; [ aneeshusa ];
}

153
nixos/modules/services/networking/xrdp.nix Normal file
View File

@ -0,0 +1,153 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xrdp;
confDir = pkgs.runCommand "xrdp.conf" { } ''
mkdir $out
cp ${cfg.package}/etc/xrdp/{km-*,xrdp,sesman,xrdp_keyboard}.ini $out
cat > $out/startwm.sh <<EOF
#!/bin/sh
. /etc/profile
${cfg.defaultWindowManager}
EOF
chmod +x $out/startwm.sh
substituteInPlace $out/xrdp.ini \
--replace "#rsakeys_ini=" "rsakeys_ini=/var/run/xrdp/rsakeys.ini" \
--replace "certificate=" "certificate=${cfg.sslCert}" \
--replace "key_file=" "key_file=${cfg.sslKey}" \
--replace LogFile=xrdp.log LogFile=/dev/null \
--replace EnableSyslog=true EnableSyslog=false
substituteInPlace $out/sesman.ini \
--replace LogFile=xrdp-sesman.log LogFile=/dev/null \
--replace EnableSyslog=1 EnableSyslog=0
'';
in
{
###### interface
options = {
services.xrdp = {
enable = mkEnableOption "Whether xrdp should be run on startup.";
package = mkOption {
type = types.package;
default = pkgs.xrdp;
defaultText = "pkgs.xrdp";
description = ''
The package to use for the xrdp daemon's binary.
'';
};
port = mkOption {
type = types.int;
default = 3389;
description = ''
Specifies on which port the xrdp daemon listens.
'';
};
sslKey = mkOption {
type = types.str;
default = "/etc/xrdp/key.pem";
example = "/path/to/your/key.pem";
description = ''
ssl private key path
A self-signed certificate will be generated if file not exists.
'';
};
sslCert = mkOption {
type = types.str;
default = "/etc/xrdp/cert.pem";
example = "/path/to/your/cert.pem";
description = ''
ssl certificate path
A self-signed certificate will be generated if file not exists.
'';
};
defaultWindowManager = mkOption {
type = types.str;
default = "xterm";
example = "xfce4-session";
description = ''
The script to run when user log in, usually a window manager, e.g. "icewm", "xfce4-session"
This is per-user overridable, if file ~/startwm.sh exists it will be used instead.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd = {
services.xrdp = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "xrdp daemon";
requires = [ "xrdp-sesman.service" ];
preStart = ''
# prepare directory for unix sockets (the sockets will be owned by loggedinuser:xrdp)
mkdir -p /tmp/.xrdp || true
chown xrdp:xrdp /tmp/.xrdp
chmod 3777 /tmp/.xrdp
# generate a self-signed certificate
if [ ! -s ${cfg.sslCert} -o ! -s ${cfg.sslKey} ]; then
mkdir -p $(dirname ${cfg.sslCert}) || true
mkdir -p $(dirname ${cfg.sslKey}) || true
${pkgs.openssl.bin}/bin/openssl req -x509 -newkey rsa:2048 -sha256 -nodes -days 365 \
-subj /C=US/ST=CA/L=Sunnyvale/O=xrdp/CN=www.xrdp.org \
-config ${cfg.package}/share/xrdp/openssl.conf \
-keyout ${cfg.sslKey} -out ${cfg.sslCert}
chown root:xrdp ${cfg.sslKey} ${cfg.sslCert}
chmod 440 ${cfg.sslKey} ${cfg.sslCert}
fi
if [ ! -s /var/run/xrdp/rsakeys.ini ]; then
mkdir -p /var/run/xrdp
${cfg.package}/bin/xrdp-keygen xrdp /var/run/xrdp/rsakeys.ini
fi
'';
serviceConfig = {
User = "xrdp";
Group = "xrdp";
PermissionsStartOnly = true;
ExecStart = "${cfg.package}/bin/xrdp --nodaemon --port ${toString cfg.port} --config ${confDir}/xrdp.ini";
};
};
services.xrdp-sesman = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "xrdp session manager";
serviceConfig = {
ExecStart = "${cfg.package}/bin/xrdp-sesman --nodaemon --config ${confDir}/sesman.ini";
};
};
};
users.users.xrdp = {
description = "xrdp daemon user";
isSystemUser = true;
group = "xrdp";
};
users.groups.xrdp = {};
security.pam.services.xrdp-sesman = { allowNullPassword = true; startSession = true; };
};
}

140
nixos/modules/services/security/sshguard.nix Normal file
View File

@ -0,0 +1,140 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.sshguard;
in {
###### interface
options = {
services.sshguard = {
enable = mkOption {
default = false;
type = types.bool;
description = "Whether to enable the sshguard service.";
};
attack_threshold = mkOption {
default = 30;
type = types.int;
description = ''
Block attackers when their cumulative attack score exceeds threshold. Most attacks have a score of 10.
'';
};
blacklist_threshold = mkOption {
default = null;
example = 120;
type = types.nullOr types.int;
description = ''
Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
'';
};
blacklist_file = mkOption {
default = "/var/lib/sshguard/blacklist.db";
type = types.path;
description = ''
Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
'';
};
blocktime = mkOption {
default = 120;
type = types.int;
description = ''
Block attackers for initially blocktime seconds after exceeding threshold. Subsequent blocks increase by a factor of 1.5.
sshguard unblocks attacks at random intervals, so actual block times will be longer.
'';
};
detection_time = mkOption {
default = 1800;
type = types.int;
description = ''
Remember potential attackers for up to detection_time seconds before resetting their score.
'';
};
whitelist = mkOption {
default = [ ];
example = [ "198.51.100.56" "198.51.100.2" ];
type = types.listOf types.str;
description = ''
Whitelist a list of addresses, hostnames, or address blocks.
'';
};
services = mkOption {
default = [ "sshd" ];
example = [ "sshd" "exim" ];
type = types.listOf types.str;
description = ''
Systemd services sshguard should receive logs of.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.sshguard pkgs.iptables pkgs.ipset ];
environment.etc."sshguard.conf".text = let
list_services = ( name: "-t ${name} ");
in ''
BACKEND="${pkgs.sshguard}/libexec/sshg-fw-ipset"
LOGREADER="LANG=C ${pkgs.systemd}/bin/journalctl -afb -p info -n1 ${toString (map list_services cfg.services)} -o cat"
'';
systemd.services.sshguard =
{ description = "SSHGuard brute-force attacks protection system";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
partOf = optional config.networking.firewall.enable "firewall.service";
path = [ pkgs.iptables pkgs.ipset pkgs.iproute pkgs.systemd ];
postStart = ''
mkdir -p /var/lib/sshguard
${pkgs.ipset}/bin/ipset -quiet create -exist sshguard4 hash:ip family inet
${pkgs.ipset}/bin/ipset -quiet create -exist sshguard6 hash:ip family inet6
${pkgs.iptables}/bin/iptables -I INPUT -m set --match-set sshguard4 src -j DROP
${pkgs.iptables}/bin/ip6tables -I INPUT -m set --match-set sshguard6 src -j DROP
'';
preStop = ''
${pkgs.iptables}/bin/iptables -D INPUT -m set --match-set sshguard4 src -j DROP
${pkgs.iptables}/bin/ip6tables -D INPUT -m set --match-set sshguard6 src -j DROP
'';
unitConfig.Documentation = "man:sshguard(8)";
serviceConfig = {
Type = "simple";
ExecStart = let
list_whitelist = ( name: "-w ${name} ");
in ''
${pkgs.sshguard}/bin/sshguard -a ${toString cfg.attack_threshold} ${optionalString (cfg.blacklist_threshold != null) "-b ${toString cfg.blacklist_threshold}:${cfg.blacklist_file} "}-i /run/sshguard/sshguard.pid -p ${toString cfg.blocktime} -s ${toString cfg.detection_time} ${toString (map list_whitelist cfg.whitelist)}
'';
PIDFile = "/run/sshguard/sshguard.pid";
Restart = "always";
ReadOnlyDirectories = "/";
ReadWriteDirectories = "/run/sshguard /var/lib/sshguard";
RuntimeDirectory = "sshguard";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
};
};
};
}

2
nixos/modules/services/web-apps/atlassian/confluence.nix
View File

@ -103,7 +103,7 @@ in
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
path = [ cfg.jrePackage ];
path = [ cfg.jrePackage pkgs.bash ];
environment = {
CONF_USER = cfg.user;

9
nixos/modules/services/x11/desktop-managers/default.nix
View File

@ -8,7 +8,7 @@ let
cfg = xcfg.desktopManager;
# If desktop manager `d' isn't capable of setting a background and
# the xserver is enabled, the `feh' program is used as a fallback.
# the xserver is enabled, `feh' or `xsetroot' are used as a fallback.
needBGCond = d: ! (d ? bgSupport && d.bgSupport) && xcfg.enable;
in
@ -44,8 +44,11 @@ in
manage = "desktop";
start = d.start
+ optionalString (needBGCond d) ''
if test -e $HOME/.background-image; then
if [ -e $HOME/.background-image ]; then
${pkgs.feh}/bin/feh --bg-scale $HOME/.background-image
else
# Use a solid black background as fallback
${pkgs.xorg.xsetroot}/bin/xsetroot -solid black
fi
'';
}) list;
@ -80,6 +83,6 @@ in
config = {
services.xserver.displayManager.session = cfg.session.list;
environment.systemPackages =
mkIf cfg.session.needBGPackages [ pkgs.feh ];
mkIf cfg.session.needBGPackages [ pkgs.feh ]; # xsetroot via xserver.enable
};
}

1
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -183,6 +183,7 @@ in
environment.variables = {
# Enable GTK applications to load SVG icons
GDK_PIXBUF_MODULE_FILE = "${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache";
QT_PLUGIN_PATH = "/run/current-system/sw/lib/qt5/plugins";
};
fonts.fonts = with pkgs; [ noto-fonts hack-font ];

48
nixos/modules/services/x11/display-managers/default.nix
View File

@ -32,8 +32,32 @@ let
''
#! ${pkgs.bash}/bin/bash
# Handle being called by SDDM.
if test "''${1:0:1}" = / ; then eval exec $1 $2 ; fi
# Expected parameters:
# $1 = <desktop-manager>+<window-manager>
# Actual parameters (FIXME):
# SDDM is calling this script like the following:
# $1 = /nix/store/xxx-xsession (= $0)
# $2 = <desktop-manager>+<window-manager>
# SLiM is using the following parameter:
# $1 = /nix/store/xxx-xsession <desktop-manager>+<window-manager>
# LightDM keeps the double quotes:
# $1 = /nix/store/xxx-xsession "<desktop-manager>+<window-manager>"
# The fake/auto display manager doesn't use any parameters and GDM is
# broken.
# If you want to "debug" this script don't print the parameters to stdout
# or stderr because this script will be executed multiple times and the
# output won't be visible in the log when the script is executed for the
# first time (e.g. append them to a file instead)!
# All of the above cases are handled by the following hack (FIXME).
# Since this line is *very important* for *all display managers* it is
# very important to test changes to the following line with all display
# managers:
if [ "''${1:0:1}" = "/" ]; then eval exec "$1" "$2" ; fi
# Now it should be safe to assume that the script was called with the
# expected parameters.
${optionalString cfg.displayManager.logToJournal ''
if [ -z "$_DID_SYSTEMD_CAT" ]; then
@ -107,15 +131,16 @@ let
fi
fi
# The session type is "<desktop-manager> + <window-manager>", so
# extract those.
windowManager="''${sessionType##* + }"
# The session type is "<desktop-manager>+<window-manager>", so
# extract those (see:
# http://wiki.bash-hackers.org/syntax/pe#substring_removal).
windowManager="''${sessionType##*+}"
: ''${windowManager:=${cfg.windowManager.default}}
desktopManager="''${sessionType% + *}"
desktopManager="''${sessionType%%+*}"
: ''${desktopManager:=${cfg.desktopManager.default}}
# Start the window manager.
case $windowManager in
case "$windowManager" in
${concatMapStrings (s: ''
(${s.name})
${s.start}
@ -125,7 +150,7 @@ let
esac
# Start the desktop manager.
case $desktopManager in
case "$desktopManager" in
${concatMapStrings (s: ''
(${s.name})
${s.start}
@ -142,6 +167,9 @@ let
exit 0
'';
# Desktop Entry Specification:
# - https://standards.freedesktop.org/desktop-entry-spec/latest/
# - https://standards.freedesktop.org/desktop-entry-spec/latest/ar01s06.html
mkDesktops = names: pkgs.runCommand "desktops"
{ # trivial derivation
preferLocalBuild = true;
@ -155,7 +183,7 @@ let
Version=1.0
Type=XSession
TryExec=${cfg.displayManager.session.script}
Exec=${cfg.displayManager.session.script} '${n}'
Exec=${cfg.displayManager.session.script} "${n}"
X-GDM-BypassXsession=true
Name=${n}
Comment=
@ -238,7 +266,7 @@ in
wm = filter (s: s.manage == "window") list;
dm = filter (s: s.manage == "desktop") list;
names = flip concatMap dm
(d: map (w: d.name + optionalString (w.name != "none") (" + " + w.name))
(d: map (w: d.name + optionalString (w.name != "none") ("+" + w.name))
(filter (w: d.name != "none" || w.name != "none") wm));
desktops = mkDesktops names;
script = xsession wm dm;

2
nixos/modules/services/x11/display-managers/lightdm.nix
View File

@ -61,7 +61,7 @@ let
let
dm = xcfg.desktopManager.default;
wm = xcfg.windowManager.default;
in dm + optionalString (wm != "none") (" + " + wm);
in dm + optionalString (wm != "none") ("+" + wm);
in
{
# Note: the order in which lightdm greeter modules are imported

2
nixos/modules/services/x11/display-managers/sddm.nix
View File

@ -69,7 +69,7 @@ let
let
dm = xcfg.desktopManager.default;
wm = xcfg.windowManager.default;
in dm + optionalString (wm != "none") (" + " + wm);
in dm + optionalString (wm != "none") ("+" + wm);
in
{

19
nixos/modules/system/boot/stage-1-init.sh
View File

@ -154,6 +154,9 @@ for o in $(cat /proc/cmdline); do
fi
ln -s "$root" /dev/root
;;
copytoram)
copytoram=1
;;
esac
done
@ -474,6 +477,22 @@ while read -u 3 mountPoint; do
# doing something with $device right now.
udevadm settle
# If copytoram is enabled: skip mounting the ISO and copy its content to a tmpfs.
if [ -n "$copytoram" ] && [ "$device" = /dev/root ] && [ "$mountPoint" = /iso ]; then
fsType=$(blkid -o value -s TYPE "$device")
fsSize=$(blockdev --getsize64 "$device")
mkdir -p /tmp-iso
mount -t "$fsType" /dev/root /tmp-iso
mountFS tmpfs /iso size="$fsSize" tmpfs
cp -r /tmp-iso/* /mnt-root/iso/
umount /tmp-iso
rmdir /tmp-iso
continue
fi
mountFS "$device" "$mountPoint" "$options" "$fsType"
done

2
nixos/modules/tasks/trackpoint.nix
View File

@ -81,7 +81,7 @@ with lib;
services.xserver.inputClassSections =
[''
Identifier "Trackpoint Wheel Emulation"
MatchProduct "${if cfg.fakeButtons then "PS/2 Generic Mouse" else "Elantech PS/2 TrackPoint|TPPS/2 IBM TrackPoint|DualPoint Stick|Synaptics Inc. Composite TouchPad / TrackPoint|ThinkPad USB Keyboard with TrackPoint|USB Trackpoint pointing device|Composite TouchPad / TrackPoint"}"
MatchProduct "${if cfg.fakeButtons then "PS/2 Generic Mouse" else "ETPS/2 Elantech TrackPoint|Elantech PS/2 TrackPoint|TPPS/2 IBM TrackPoint|DualPoint Stick|Synaptics Inc. Composite TouchPad / TrackPoint|ThinkPad USB Keyboard with TrackPoint|USB Trackpoint pointing device|Composite TouchPad / TrackPoint"}"
MatchDevicePath "/dev/input/event*"
Option "EmulateWheel" "true"
Option "EmulateWheelButton" "2"

2
nixos/release.nix
View File

@ -248,7 +248,7 @@ in rec {
tests.gocd-server = callTest tests/gocd-server.nix {};
tests.gnome3 = callTest tests/gnome3.nix {};
tests.gnome3-gdm = callTest tests/gnome3-gdm.nix {};
tests.grsecurity = callTest tests/grsecurity.nix {};
tests.hardened = callTest tests/hardened.nix { };
tests.hibernate = callTest tests/hibernate.nix {};
tests.hound = callTest tests/hound.nix {};
tests.i3wm = callTest tests/i3wm.nix {};

46
nixos/tests/grsecurity.nix
View File

@ -1,46 +0,0 @@
# Basic test to make sure grsecurity works
import ./make-test.nix ({ pkgs, ...} : {
name = "grsecurity";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ copumpkin joachifm ];
};
machine = { config, pkgs, ... }:
{ security.grsecurity.enable = true;
boot.kernel.sysctl."kernel.grsecurity.audit_mount" = 0;
boot.kernel.sysctl."kernel.grsecurity.deter_bruteforce" = 0;
networking.useDHCP = false;
};
testScript = ''
subtest "grsec-lock", sub {
$machine->succeed("systemctl is-active grsec-lock");
$machine->succeed("grep -Fq 1 /proc/sys/kernel/grsecurity/grsec_lock");
$machine->fail("echo -n 0 >/proc/sys/kernel/grsecurity/grsec_lock");
};
subtest "paxtest", sub {
# TODO: running paxtest blackhat hangs the vm
my @pax_mustkill = (
"anonmap", "execbss", "execdata", "execheap", "execstack",
"mprotanon", "mprotbss", "mprotdata", "mprotheap", "mprotstack",
);
foreach my $name (@pax_mustkill) {
my $paxtest = "${pkgs.paxtest}/lib/paxtest/" . $name;
$machine->succeed($paxtest) =~ /Killed/ or die
}
};
# tcc -run executes run-time generated code and so allows us to test whether
# paxmark actually works (otherwise, the process should be terminated)
subtest "tcc", sub {
$machine->execute("echo -e '#include <stdio.h>\nint main(void) { puts(\"hello\"); return 0; }' >main.c");
$machine->succeed("${pkgs.tinycc}/bin/tcc -run main.c");
};
subtest "RBAC", sub {
$machine->succeed("[ -c /dev/grsec ]");
};
'';
})

36
nixos/tests/hardened.nix Normal file
View File

@ -0,0 +1,36 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "hardened";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ joachifm ];
};
machine =
{ config, lib, pkgs, ... }:
with lib;
{ users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
users.users.sybil = { isNormalUser = true; group = "wheel"; };
imports = [ ../modules/profiles/hardened.nix ];
};
testScript =
''
# Test hidepid
subtest "hidepid", sub {
$machine->succeed("grep -Fq hidepid=2 /proc/mounts");
$machine->succeed("[ `su - sybil -c 'pgrep -c -u root'` = 0 ]");
$machine->succeed("[ `su - alice -c 'pgrep -c -u root'` != 0 ]");
};
# Test kernel module hardening
subtest "lock-modules", sub {
$machine->waitForUnit("multi-user.target");
# note: this better a be module we normally wouldn't load ...
$machine->fail("modprobe dccp");
};
# Test userns
subtest "userns", sub {
$machine->fail("unshare --user");
};
'';
})

9
nixos/tests/misc.nix
View File

@ -25,8 +25,6 @@ import ./make-test.nix ({ pkgs, ...} : {
};
users.users.sybil = { isNormalUser = true; group = "wheel"; };
security.sudo = { enable = true; wheelNeedsPassword = false; };
security.hideProcessInformation = true;
users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
};
testScript =
@ -119,12 +117,5 @@ import ./make-test.nix ({ pkgs, ...} : {
subtest "sudo", sub {
$machine->succeed("su - sybil -c 'sudo true'");
};
# Test hidepid
subtest "hidepid", sub {
$machine->succeed("grep -Fq hidepid=2 /proc/mounts");
$machine->succeed("[ `su - sybil -c 'pgrep -c -u root'` = 0 ]");
$machine->succeed("[ `su - alice -c 'pgrep -c -u root'` != 0 ]");
};
'';
})

80
nixos/tests/radicale.nix Normal file
View File

@ -0,0 +1,80 @@
let
port = 5232;
radicaleOverlay = self: super: {
radicale = super.radicale.overrideAttrs (oldAttrs: {
propagatedBuildInputs = with self.pythonPackages;
(oldAttrs.propagatedBuildInputs or []) ++ [
passlib
];
});
};
common = { config, pkgs, ...}: {
services.radicale = {
enable = true;
config = let home = config.users.extraUsers.radicale.home; in ''
[server]
hosts = 127.0.0.1:${builtins.toString port}
daemon = False
[encoding]
[well-known]
[auth]
type = htpasswd
htpasswd_filename = /etc/radicale/htpasswd
htpasswd_encryption = bcrypt
[git]
[rights]
[storage]
type = filesystem
filesystem_folder = ${home}/collections
[logging]
[headers]
'';
};
# WARNING: DON'T DO THIS IN PRODUCTION!
# This puts secrets (albeit hashed) directly into the Nix store for ease of testing.
environment.etc."radicale/htpasswd".source = with pkgs; let
py = python.withPackages(ps: with ps; [ passlib ]);
in runCommand "htpasswd" {} ''
${py}/bin/python -c "
from passlib.apache import HtpasswdFile
ht = HtpasswdFile(
'$out',
new=True,
default_scheme='bcrypt'
)
ht.set_password('someuser', 'really_secret_password')
ht.save()
"
'';
};
in import ./make-test.nix ({ lib, ... }: {
name = "radicale";
meta.maintainers = with lib.maintainers; [ aneeshusa ];
# Test radicale with bcrypt-based htpasswd authentication
nodes = {
py2 = { config, pkgs, ... }@args: (common args) // {
nixpkgs.overlays = [
radicaleOverlay
];
};
py3 = { config, pkgs, ... }@args: (common args) // {
nixpkgs.overlays = [
(self: super: {
python = self.python3;
pythonPackages = self.python3.pkgs;
})
radicaleOverlay
];
};
};
testScript = ''
for my $machine ($py2, $py3) {
$machine->waitForUnit('radicale.service');
$machine->waitForOpenPort(${builtins.toString port});
$machine->succeed('curl -s http://someuser:really_secret_password@127.0.0.1:${builtins.toString port}/someuser/calendar.ics/');
}
'';
})

45
nixos/tests/xrdp.nix Normal file
View File

@ -0,0 +1,45 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "xrdp";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ volth ];
};
nodes = {
server = { lib, pkgs, ... }: {
imports = [ ./common/user-account.nix ];
services.xrdp.enable = true;
services.xrdp.defaultWindowManager = "${pkgs.xterm}/bin/xterm";
networking.firewall.allowedTCPPorts = [ 3389 ];
};
client = { lib, pkgs, ... }: {
imports = [ ./common/x11.nix ./common/user-account.nix ];
services.xserver.displayManager.auto.user = "alice";
environment.systemPackages = [ pkgs.freerdp ];
services.xrdp.enable = true;
services.xrdp.defaultWindowManager = "${pkgs.icewm}/bin/icewm";
};
};
testScript = { nodes, ... }: ''
startAll;
$client->waitForX;
$client->waitForFile("/home/alice/.Xauthority");
$client->succeed("xauth merge ~alice/.Xauthority");
$client->sleep(5);
$client->execute("xterm &");
$client->sleep(1);
$client->sendChars("xfreerdp /cert-tofu /w:640 /h:480 /v:127.0.0.1 /u:alice /p:foobar\n");
$client->sleep(5);
$client->screenshot("localrdp");
$client->execute("xterm &");
$client->sleep(1);
$client->sendChars("xfreerdp /cert-tofu /w:640 /h:480 /v:server /u:alice /p:foobar\n");
$client->sleep(5);
$client->screenshot("remoterdp");
'';
})

6
pkgs/applications/altcoins/bitcoin-unlimited.nix
View File

@ -7,13 +7,13 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-unlimited-" + version;
version = "1.0.1.3";
version = "1.0.1.4";
src = fetchFromGitHub {
owner = "bitcoinunlimited";
repo = "bitcoinunlimited";
rev = "${version}";
sha256 = "177l2jf2yqxh3sgf80dhgyk3wgjdnqszy3hb83clk8q1wyjkfz7y";
rev = "v${version}";
sha256 = "1awsgkgqvb57grrsq6k99009rzhpfaplh2lbf5sy36v3bh7p5mw5";
};
nativeBuildInputs = [ pkgconfig autoreconfHook ];

79
pkgs/applications/audio/google-play-music-desktop-player/default.nix Normal file
View File

@ -0,0 +1,79 @@
{ stdenv, alsaLib, atk, cairo, cups, dbus, dpkg, expat, fontconfig, freetype
, fetchurl, GConf, gdk_pixbuf, glib, gtk2, libpulseaudio, makeWrapper, nspr
, nss, pango, udev, xorg
}:
let
version = "4.2.0";
deps = [
alsaLib
atk
cairo
cups
dbus
expat
fontconfig
freetype
GConf
gdk_pixbuf
glib
gtk2
libpulseaudio
nspr
nss
pango
stdenv.cc.cc
udev
xorg.libX11
xorg.libxcb
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXScrnSaver
xorg.libXtst
];
in
stdenv.mkDerivation {
name = "google-play-music-desktop-player-${version}";
src = fetchurl {
url = "https://github.com/MarshallOfSound/Google-Play-Music-Desktop-Player-UNOFFICIAL-/releases/download/v${version}/google-play-music-desktop-player_${version}_amd64.deb";
sha256 = "0n59b73jc6b86p5063xz7n0z48wy9mzqcx0l34av2hqkx6wcb2h8";
};
dontBuild = true;
buildInputs = [ dpkg makeWrapper ];
unpackPhase = ''
dpkg -x $src .
'';
installPhase = ''
mkdir -p $out
cp -r ./usr/share $out
cp -r ./usr/bin $out
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
"$out/share/google-play-music-desktop-player/Google Play Music Desktop Player"
wrapProgram $out/bin/google-play-music-desktop-player \
--prefix LD_LIBRARY_PATH : "$out/share/google-play-music-desktop-player" \
--prefix LD_LIBRARY_PATH : "${stdenv.lib.makeLibraryPath deps}"
'';
meta = {
homepage = https://www.googleplaymusicdesktopplayer.com/;
description = "A beautiful cross platform Desktop Player for Google Play Music";
license = stdenv.lib.licenses.mit;
platforms = [ "x86_64-linux" ];
maintainers = stdenv.lib.maintainers.SuprDewd;
};
}

6
pkgs/applications/display-managers/sddm/default.nix
View File

@ -25,6 +25,12 @@ let
})
];
postPatch =
# Module Qt5::Test must be included in `find_package` before it is used.
''
sed -i CMakeLists.txt -e '/find_package(Qt5/ s|)| Test)|'
'';
nativeBuildInputs = [ cmake extra-cmake-modules pkgconfig qttools ];
buildInputs = [

28
pkgs/applications/editors/emacs/default.nix
View File

@ -26,35 +26,15 @@ let
in
stdenv.mkDerivation rec {
name = "emacs-${version}${versionModifier}";
version = "25.1";
version = "25.2";
versionModifier = "";
src = fetchurl {
url = "mirror://gnu//emacs/${name}.tar.xz";
sha256 = "0cwgyiyymnx4xdg99dm2drfxcyhy2jmyf0rkr9fwj9mwwf77kwhr";
url = "mirror://gnu/emacs/${name}.tar.xz";
sha256 = "1ykkq0xl28ljdg61bm6gzy04ww86ajms98gix72qg6cpr6a53dar";
};
patches = (lib.optional stdenv.isDarwin ./at-fdcwd.patch) ++ [
## Fixes a segfault in emacs 25.1
## http://lists.gnu.org/archive/html/emacs-devel/2016-10/msg00917.html
## https://debbugs.gnu.org/cgi/bugreport.cgi?bug=24358
(fetchurl {
url = http://git.savannah.gnu.org/cgit/emacs.git/patch/?id=9afea93ed536fb9110ac62b413604cf4c4302199;
sha256 = "0pshhq8wlh98m9hm8xd3g7gy3ms0l44dq6vgzkg67ydlccziqz40"; })
(fetchurl {
url = http://git.savannah.gnu.org/cgit/emacs.git/patch/?id=71ca4f6a43bad06192cbc4bb8c7a2d69c179b7b0;
sha256 = "0h76wrrqyrky441immprskx5x7200zl7ajf7hyg4da22q7sr09qa"; })
(fetchurl {
url = http://git.savannah.gnu.org/cgit/emacs.git/patch/?id=1047496722a58ef5b736dae64d32adeb58c5055c;
sha256 = "0hk9pi3f2zj266qj8armzpl0z8rfjg0m9ss4k09mgg1hyz80wdvv"; })
(fetchurl {
url = http://git.savannah.gnu.org/cgit/emacs.git/patch/?id=96ac0c3ebce825e60595794f99e703ec8302e240;
sha256 = "1q2hqkjvj9z46b5ik56lv9wiibz09mvg2q3pn8fnpa04ki3zbh4x"; })
(fetchurl {
url = http://git.savannah.gnu.org/cgit/emacs.git/patch/?id=43986d16fb6ad78a627250e14570ea70bdb1f23a;
sha256 = "1wlyy04qahvls7bdrcxaazh9k27gksk7if1q58h83f7h6g9xxkzj";
})
];
patches = (lib.optional stdenv.isDarwin ./at-fdcwd.patch);
nativeBuildInputs = [ pkgconfig ]
++ lib.optionals srcRepo [ autoconf automake texinfo ]

15
pkgs/applications/editors/emacs/macport.nix
View File

@ -4,21 +4,21 @@
}:
stdenv.mkDerivation rec {
emacsVersion = "25.1";
emacsVersion = "25.2";
emacsName = "emacs-${emacsVersion}";
macportVersion = "6.1";
macportVersion = "6.3";
name = "emacs-mac-${emacsVersion}-${macportVersion}";
builder = ./builder.sh;
src = fetchurl {
url = "ftp://ftp.gnu.org/gnu/emacs/${emacsName}.tar.xz";
sha256 = "19f2798ee3bc26c95dca3303e7ab141e7ad65d6ea2b6945eeba4dbea7df48f33";
url = "mirror:///gnu/emacs/${emacsName}.tar.xz";
sha256 = "1ykkq0xl28ljdg61bm6gzy04ww86ajms98gix72qg6cpr6a53dar";
};
macportSrc = fetchurl {
url = "ftp://ftp.math.s.chiba-u.ac.jp/emacs/${emacsName}-mac-${macportVersion}.tar.gz";
sha256 = "1zwxh7zsvwcg221mpjh0dhpdas3j9mc5q92pprf8yljl7clqvg62";
sha256 = "1dz11frk3ya3842lb89ixzpns9bz5f9njxdkyvjy75gfymqfhhzv";
};
hiresSrc = fetchurl {
@ -28,7 +28,9 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
buildInputs = [ ncurses libxml2 gnutls pkgconfig texinfo gettext autoconf automake];
nativeBuildInputs = [ pkgconfig autoconf automake ];
buildInputs = [ ncurses libxml2 gnutls texinfo gettext ];
propagatedBuildInputs = [
AppKit Carbon Cocoa IOKit OSAKit Quartz QuartzCore WebKit
@ -58,6 +60,7 @@ stdenv.mkDerivation rec {
"--with-xml2=yes"
"--with-gnutls=yes"
"--with-mac"
"--with-modules"
"--enable-mac-app=$$out/Applications"
];

53
pkgs/applications/editors/rstudio/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, makeDesktopItem, cmake, boost155, zlib, openssl,
R, qt4, libuuid, hunspellDicts, unzip, ant, jdk, gnumake, makeWrapper,
{ stdenv, fetchurl, makeDesktopItem, cmake, boost163, zlib, openssl,
R, qt5, libuuid, hunspellDicts, unzip, ant, jdk, gnumake, makeWrapper, pandoc,
# If you have set up an R wrapper with other packages by following
# something like https://nixos.org/nixpkgs/manual/#r-packages, RStudio
# by default not be able to access any of those R packages. In order
@ -11,18 +11,18 @@ useRPackages ? false
}:
let
version = "0.98.110";
version = "1.1.216";
ginVer = "1.5";
gwtVer = "2.5.1";
gwtVer = "2.7.0";
in
stdenv.mkDerivation rec {
name = "RStudio-${version}";
buildInputs = [ cmake boost155 zlib openssl R qt4 libuuid unzip ant jdk makeWrapper ];
buildInputs = [ cmake boost163 zlib openssl R qt5.full qt5.qtwebkit qt5.qmakeHook libuuid unzip ant jdk makeWrapper pandoc ];
src = fetchurl {
url = "https://github.com/rstudio/rstudio/archive/v${version}.tar.gz";
sha256 = "0wybbvl5libki8z2ywgcd0hg0py1az484r95lhwh3jbrwfx7ri2z";
sha256 = "07lp2ybvj7ippdrp7fv7j54dp0mm6k19j1vqdvjdk95acg3xgcjf";
};
# Hack RStudio to only use the input R.
@ -38,14 +38,34 @@ stdenv.mkDerivation rec {
inherit gwtVer;
gwtSrc = fetchurl {
url = "https://s3.amazonaws.com/rstudio-buildtools/gwt-${gwtVer}.zip";
sha256 = "0fjr2rcr8lnywj54mzhg9i4xz1b6fh8yv12p5i2q5mgfld2xymy4";
sha256 = "1cs78z9a1jg698j2n35wsy07cy4fxcia9gi00x0r0qc3fcdhcrda";
};
hunspellDictionaries = builtins.attrValues hunspellDicts;
mathJaxSrc = fetchurl {
url = https://s3.amazonaws.com/rstudio-buildtools/mathjax-20.zip;
sha256 = "1ikg3fhharsfrh2fv8c53fdawqajj24nif89400l3klw1hyq4zal";
url = https://s3.amazonaws.com/rstudio-buildtools/mathjax-26.zip;
sha256 = "0wbcqb9rbfqqvvhqr1pbqax75wp8ydqdyhp91fbqfqp26xzjv6lk";
};
rmarkdownSrc = fetchurl {
url = "https://github.com/rstudio/rmarkdown/archive/95b8b1fa64f78ca99f225a67fff9817103be56.zip";
sha256 = "12fa65qr04rwsprkmyl651mkaqcbn1znwsmcjg4qsk9n5nxg0fah";
};
rsconnectSrc = fetchurl {
url = "https://github.com/rstudio/rsconnect/archive/425f3767b3142bc6b81c9eb62c4722f1eedc9781.zip";
sha256 = "1sgf9dj9wfk4c6n5p1jc45386pf0nj2alg2j9qx09av3can1dy9p";
};
rstudiolibclang = fetchurl {
url = https://s3.amazonaws.com/rstudio-buildtools/libclang-3.5.zip;
sha256 = "1sl5vb8misipwbbbykdymw172w9qrh8xv3p29g0bf3nzbnv6zc7c";
};
rstudiolibclangheaders = fetchurl {
url = https://s3.amazonaws.com/rstudio-buildtools/libclang-builtin-headers.zip;
sha256 = "0x4ax186bm3kf098izwmsplckgx1kqzg9iiyzg95rpbqsb4593qb";
};
preConfigure =
@ -66,10 +86,19 @@ stdenv.mkDerivation rec {
done
done
unzip $mathJaxSrc -d dependencies/common/mathjax
unzip $mathJaxSrc -d dependencies/common/mathjax-26
unzip $rmarkdownSrc -d dependencies/common/rmarkdown
unzip $rsconnectSrc -d dependencies/common/rsconnect
mkdir -p dependencies/common/libclang/3.5
unzip $rstudiolibclang -d dependencies/common/libclang/3.5
mkdir -p dependencies/common/libclang/builtin-headers
unzip $rstudiolibclangheaders -d dependencies/common/libclang/builtin-headers
mkdir -p dependencies/common/pandoc
cp ${pandoc}/bin/pandoc dependencies/common/pandoc/
'';
cmakeFlags = [ "-DRSTUDIO_TARGET=Desktop" ];
cmakeFlags = [ "-DRSTUDIO_TARGET=Desktop" "-DQT_QMAKE_EXECUTABLE=${qt5.qmakeHook}/bin/qmake" ];
desktopItem = makeDesktopItem {
name = name;
@ -100,7 +129,7 @@ stdenv.mkDerivation rec {
{ description = "Set of integrated tools for the R language";
homepage = http://www.rstudio.com/;
license = licenses.agpl3;
maintainers = [ maintainers.ehmry ];
maintainers = [ maintainers.ehmry maintainers.changlinli ];
platforms = platforms.linux;
};
}

13
pkgs/applications/editors/rstudio/r-location.patch
View File

@ -1,18 +1,19 @@
diff -ur rstudio-0.98.110-old/src/cpp/core/CMakeLists.txt rstudio-0.98.110-new/src/cpp/core/CMakeLists.txt
--- rstudio-0.98.110-old/src/cpp/core/r_util/REnvironmentPosix.cpp 2013-04-28 10:02:14.000000000 -0400
+++ rstudio-0.98.110-new/src/cpp/core/r_util/REnvironmentPosix.cpp 2015-03-23 15:06:35.533400807 -0400
@@ -84,9 +84,7 @@
diff -ur rstudio-1.1.216-old/src/cpp/core/CMakeLists.txt rstudio-1.1.216-new/src/cpp/core/CMakeLists.txt
--- rstudio-1.1.216-old/src/cpp/core/r_util/REnvironmentPosix.cpp 2017-04-30 03:37:26.669418665 -0400
+++ rstudio-1.1.216-new/src/cpp/core/r_util/REnvironmentPosix.cpp 2017-04-30 03:36:33.590726185 -0400
@@ -87,10 +87,7 @@
{
// define potential paths
std::vector<std::string> rScriptPaths;
- rScriptPaths.push_back("/usr/bin/R");
- rScriptPaths.push_back("/usr/local/bin/R");
- rScriptPaths.push_back("/opt/local/bin/R");
- rScriptPaths.push_back("/Library/Frameworks/R.framework/Resources/bin/R");
+ rScriptPaths.push_back("@R@/bin/R");
return scanForRScript(rScriptPaths, pErrMsg);
}
@@ -220,8 +218,7 @@
@@ -226,8 +223,7 @@
// scan in standard locations as a fallback
std::string scanErrMsg;
std::vector<std::string> rScriptPaths;

6
pkgs/applications/graphics/apitrace/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "apitrace-${version}";
version = "7.1";
version = "7.1-363-ge3509be1";
src = fetchFromGitHub {
sha256 = "1n2gmsjnpyam7isg7n1ksggyh6y1l8drvx0a93bnvbcskr7jiz9a";
rev = version;
sha256 = "1xbz6gwl7kqjm7jjy5gxkdxzrg93vj1a3l19ara7rni6dii0q136";
rev = "e3509be175eda77749abffe051ed0d3eb5d14e72";
repo = "apitrace";
owner = "apitrace";
};

57
pkgs/applications/graphics/displaycal/default.nix Normal file
View File

@ -0,0 +1,57 @@
{buildPythonPackage, stdenv, fetchurl, pkgconfig
, libXext, libXxf86vm, libX11, libXrandr, libXinerama
, argyllcms, wxPython, numpy
}:
buildPythonPackage {
name = "displaycal-3.2.4.0";
enableParallelBuilding = true;
src = fetchurl {
url = mirror://sourceforge/project/dispcalgui/release/3.2.4.0/DisplayCAL-3.2.4.0.tar.gz;
sha256 = "0swkhv338d1kmfxyf30zzdjs5xpbha40pg2zysiipcbasc0xhlb8";
};
propagatedBuildInputs = [
libXext
libXxf86vm
libX11
libXrandr
libXinerama
argyllcms
wxPython
numpy
];
nativeBuildInputs = [
pkgconfig
];
preConfigure = ''
mkdir dist
cp {misc,dist}/DisplayCAL.appdata.xml
mkdir -p $out
ln -s $out/share/DisplayCAL $out/Resources
'';
# no idea why it looks there - symlink .json lang (everything)
postInstall = ''
for x in $out/share/DisplayCAL/*; do
ln -s $x $out/lib/python2.7/site-packages/DisplayCAL
done
for prog in "$out/bin/"*; do
wrapProgram "$prog" \
--prefix PYTHONPATH : "$PYTHONPATH" \
--prefix PATH : ${argyllcms}/bin
done
'';
meta = {
description = "Display Calibration and Characterization powered by Argyll CMS";
homepage = http://displaycal.net/;
license = stdenv.lib.licenses.gpl3;
maintainers = [stdenv.lib.maintainers.marcweber];
platforms = stdenv.lib.platforms.linux;
};
}

6
pkgs/applications/graphics/gimp/plugins/default.nix
View File

@ -105,7 +105,7 @@ rec {
Filters/Enhance/Smart remove selection
*/
name = "resynthesizer-0.16";
buildInputs = [ gimp pkgs.fftw ] ++ gimp.nativeBuildInputs;
buildInputs = [ gimp pkgs.fftw pkgs.pkgconfig pkgs.gtk2 ] ++ gimp.nativeBuildInputs;
src = fetchurl {
url = http://www.logarithmic.net/pfh-files/resynthesizer/resynthesizer-0.16.tar.gz;
sha256 = "1k90a1jzswxmajn56rdxa4r60v9v34fmqsiwfdxqcvx3yf4yq96x";
@ -125,7 +125,9 @@ rec {
Filters/Enhance/Smart remove selection
*/
name = "resynthesizer-2.0.1";
buildInputs = [ gimp pkgs.fftw pkgs.autoreconfHook ]
buildInputs = [ gimp pkgs.fftw pkgs.autoreconfHook pkgs.pkgconfig pkgs.gtk2
pkgs.intltool
]
++ gimp.nativeBuildInputs;
makeFlags = "GIMP_LIBDIR=$out/lib/gimp/2.0/";
src = fetchFromGitHub {

8
pkgs/applications/graphics/krita/default.nix
View File

@ -8,12 +8,12 @@
stdenv.mkDerivation rec {
name = "krita-${version}";
ver_min = "3.1.2";
version = "${ver_min}.1";
ver_min = "3.1.3";
version = "${ver_min}";
src = fetchurl {
url = "http://download.kde.org/stable/krita/${ver_min}/${name}.tar.gz";
sha256 = "934ed82c3f4e55e7819b327c838ea2f307d3bf3d040722501378b01d76a3992d";
sha256 = "125js6c8aw4bqhs28pwnl3rbgqx5yx4zsklw7bfdhy3vf6lrysw1";
};
nativeBuildInputs = [ cmake extra-cmake-modules makeQtWrapper ];
@ -40,6 +40,6 @@ stdenv.mkDerivation rec {
homepage = "https://krita.org/";
maintainers = with maintainers; [ abbradar ];
platforms = platforms.linux;
licenses = licenses.gpl2;
license = licenses.gpl2;
};
}

2
pkgs/applications/kde/kdelibs/default.nix
View File

@ -43,7 +43,7 @@ kdeApp {
meta = {
platforms = lib.platforms.linux;
homepage = "http://www.kde.org";
licenses = with lib.licenses; [ gpl2 fdl12 lgpl21 ];
license = with lib.licenses; [ gpl2 fdl12 lgpl21 ];
maintainers = [ lib.maintainers.ttuegel ];
};
}

2
pkgs/applications/misc/calibre/default.nix
View File

@ -55,7 +55,7 @@ stdenv.mkDerivation rec {
poppler_utils libpng imagemagick libjpeg
fontconfig podofo qtbase chmlib icu sqlite libusb1 libmtp xdg_utils
] ++ (with python2Packages; [
apsw beautifulsoup cssselect cssutils dateutil lxml mechanize netifaces pillow
apsw cssselect cssutils dateutil lxml mechanize netifaces pillow
python pyqt5 sip
# the following are distributed with calibre, but we use upstream instead
chardet cherrypy html5lib_0_9999999 odfpy routes

38
pkgs/applications/misc/dockbarx/default.nix Normal file
View File

@ -0,0 +1,38 @@
{ stdenv, fetchFromGitHub, pythonPackages, gnome2, keybinder }:
pythonPackages.buildPythonApplication rec {
ver = "0.92";
name = "dockbarx-${ver}";
src = fetchFromGitHub {
owner = "M7S";
repo = "dockbarx";
rev = ver;
sha256 = "17n7jc3bk3f2i0i1ddpp05bakifc8y5xppads7ihpkj3qw9g35vl";
};
postPatch = ''
substituteInPlace setup.py --replace /usr/ ""
substituteInPlace setup.py --replace '"/", "usr", "share",' '"share",'
substituteInPlace dockbarx/applets.py --replace /usr/share/ $out/share/
substituteInPlace dockbarx/dockbar.py --replace /usr/share/ $out/share/
substituteInPlace dockbarx/iconfactory.py --replace /usr/share/ $out/share/
substituteInPlace dockbarx/theme.py --replace /usr/share/ $out/share/
substituteInPlace dockx_applets/battery_status.py --replace /usr/share/ $out/share/
substituteInPlace dockx_applets/namebar.py --replace /usr/share/ $out/share/
substituteInPlace dockx_applets/namebar_window_buttons.py --replace /usr/share/ $out/share/
substituteInPlace dockx_applets/volume-control.py --replace /usr/share/ $out/share/
'';
propagatedBuildInputs = (with pythonPackages; [ pygtk pyxdg dbus-python pillow xlib ])
++ (with gnome2; [ gnome_python gnome_python_desktop ])
++ [ keybinder ];
meta = with stdenv.lib; {
homepage = http://launchpad.net/dockbar/;
description = "DockBarX is a lightweight taskbar / panel replacement for Linux which works as a stand-alone dock";
license = licenses.gpl3;
platforms = platforms.linux;
maintainers = [ maintainers.volth ];
};
}

2
pkgs/applications/misc/jekyll/Gemfile
View File

@ -1,5 +1,7 @@
source 'https://rubygems.org'
gem 'jekyll'
gem 'jekyll-feed'
gem 'jekyll-paginate'
gem 'rdiscount'
gem 'RedCloth'
gem 'minima'

55
pkgs/applications/misc/jekyll/Gemfile.lock
View File

@ -1,36 +1,48 @@
GEM
remote: https://rubygems.org/
specs:
RedCloth (4.2.9)
colorator (0.1)
ffi (1.9.10)
jekyll (3.0.1)
colorator (~> 0.1)
RedCloth (4.3.2)
addressable (2.5.0)
public_suffix (~> 2.0, >= 2.0.2)
colorator (1.1.0)
ffi (1.9.18)
forwardable-extended (2.6.0)
jekyll (3.4.1)
addressable (~> 2.4)
colorator (~> 1.0)
jekyll-sass-converter (~> 1.0)
jekyll-watch (~> 1.1)
kramdown (~> 1.3)
liquid (~> 3.0)
mercenary (~> 0.3.3)
pathutil (~> 0.9)
rouge (~> 1.7)
safe_yaml (~> 1.0)
jekyll-sass-converter (1.4.0)
sass (~> 3.4)
jekyll-watch (1.3.0)
listen (~> 3.0)
jekyll-feed (0.9.1)
jekyll (~> 3.3)
jekyll-paginate (1.1.0)
kramdown (1.9.0)
jekyll-sass-converter (1.5.0)
sass (~> 3.4)
jekyll-watch (1.5.0)
listen (~> 3.0, < 3.1)
kramdown (1.13.2)
liquid (3.0.6)
listen (3.0.5)
rb-fsevent (>= 0.9.3)
rb-inotify (>= 0.9)
mercenary (0.3.5)
rb-fsevent (0.9.7)
rb-inotify (0.9.5)
listen (3.0.8)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
mercenary (0.3.6)
minima (2.1.0)
jekyll (~> 3.3)
pathutil (0.14.0)
forwardable-extended (~> 2.6)
public_suffix (2.0.5)
rb-fsevent (0.9.8)
rb-inotify (0.9.8)
ffi (>= 0.5.0)
rdiscount (2.1.8)
rouge (1.10.1)
rdiscount (2.2.0.1)
rouge (1.11.1)
safe_yaml (1.0.4)
sass (3.4.20)
sass (3.4.23)
PLATFORMS
ruby
@ -38,7 +50,10 @@ PLATFORMS
DEPENDENCIES
RedCloth
jekyll
jekyll-feed
jekyll-paginate
minima
rdiscount
BUNDLED WITH
1.10.6
1.14.4

10
pkgs/applications/misc/jekyll/default.nix
View File

@ -1,11 +1,13 @@
{ stdenv, lib, bundlerEnv, ruby_2_2, curl }:
{ stdenv, lib, bundlerEnv, ruby }:
bundlerEnv rec {
name = "jekyll-${version}";
version = "3.0.1";
ruby = ruby_2_2;
gemdir = ./.;
version = (import gemset).jekyll.version;
inherit ruby;
gemfile = ./Gemfile;
lockfile = ./Gemfile.lock;
gemset = ./gemset.nix;
meta = with lib; {
description = "Simple, blog aware, static site generator";

234
pkgs/applications/misc/jekyll/gemset.nix
View File

@ -1,145 +1,183 @@
{
"RedCloth" = {
version = "4.2.9";
addressable = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "1j5r0anj8m4qlf2psnldip4b8ha2bsscv11lpdgnfh4nnchzjnxw";
type = "gem";
sha256 = "06pahxyrckhgb7alsxwhhlx1ib2xsx33793finj01jk8i054bkxl";
};
version = "2.5.0";
};
"colorator" = {
version = "0.1";
colorator = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "0f7wvpam948cglrciyqd798gdc6z3cfijciavd0dfixgaypmvy72";
type = "gem";
sha256 = "09zp15hyd9wlbgf1kmrf4rnry8cpvh1h9fj7afarlqcy4hrfdpvs";
};
};
"ffi" = {
version = "1.9.10";
source = {
type = "gem";
sha256 = "1m5mprppw0xcrv2mkim5zsk70v089ajzqiq5hpyb0xg96fcyzyxj";
};
};
"jekyll" = {
version = "3.0.1";
source = {
type = "gem";
sha256 = "107svn6r7pvkg9wwfi4r44d2rqppysjf9zf09h7z1ajsy8k2s65a";
};
dependencies = [
"colorator"
"jekyll-sass-converter"
"jekyll-watch"
"jekyll-paginate"
"kramdown"
"liquid"
"mercenary"
"rouge"
"safe_yaml"
];
};
"jekyll-sass-converter" = {
version = "1.4.0";
source = {
type = "gem";
sha256 = "095757w0pg6qh3wlfg1j1mw4fsz7s89ia4zai5f2rhx9yxsvk1d8";
};
dependencies = [
"sass"
];
};
"jekyll-watch" = {
version = "1.3.0";
source = {
type = "gem";
sha256 = "1mqwvrd2hm6ah5zsxqsv2xdp31wl94pl8ybb1q324j79z8pvyarg";
};
dependencies = [
"listen"
];
};
"jekyll-paginate" = {
version = "1.1.0";
};
ffi = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "034f52xf7zcqgbvwbl20jwdyjwznvqnwpbaps9nk18v9lgb1dpx0";
type = "gem";
};
version = "1.9.18";
};
forwardable-extended = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "15zcqfxfvsnprwm8agia85x64vjzr2w0xn9vxfnxzgcv8s699v0v";
type = "gem";
};
version = "2.6.0";
};
jekyll = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "0qbnjx7bpshbcam6p9ss2g6gpd3gxz6h4w9yszphj3ip335yhawb";
type = "gem";
};
version = "3.4.1";
};
jekyll-feed = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "1dj62gy1jskkn703mi5h0bkg1psbpkdm2qqdw3bhjfid9358qvay";
type = "gem";
};
version = "0.9.1";
};
jekyll-paginate = {
source = {
sha256 = "0r7bcs8fq98zldih4787zk5i9w24nz5wa26m84ssja95n3sas2l8";
};
};
"kramdown" = {
version = "1.9.0";
source = {
type = "gem";
sha256 = "12sral2xli39mnr4b9m2sxdlgam4ni0a1mkxawc5311z107zj3p0";
};
version = "1.1.0";
};
"liquid" = {
version = "3.0.6";
jekyll-sass-converter = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "01m921763yfgx1gc33k5ixqz623f4c4azgnpqhgsc2q61fyfk3q1";
type = "gem";
};
version = "1.5.0";
};
jekyll-watch = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "02rg3wi95w2l0bg1igl5k6pza723vn2b2gj975gycz1cpmhdjn6z";
type = "gem";
};
version = "1.5.0";
};
kramdown = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "1isiqc40q44zg57bd6cfnw1a2l0s2j5skw2awn2cz3gcm7wsf49d";
type = "gem";
};
version = "1.13.2";
};
liquid = {
source = {
sha256 = "033png37ym4jrjz5bi7zb4ic4yxacwvnllm1xxmrnr4swgyyygc2";
};
};
"listen" = {
version = "3.0.5";
source = {
type = "gem";
sha256 = "182wd2pkf690ll19lx6zbk01a3rqkk5lwsyin6kwydl7lqxj5z3g";
};
dependencies = [
"rb-fsevent"
"rb-inotify"
];
version = "3.0.6";
};
"mercenary" = {
version = "0.3.5";
listen = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "1l0y7hbyfiwpvk172r28hsdqsifq1ls39hsfmzi1vy4ll0smd14i";
type = "gem";
sha256 = "0ls7z086v4xl02g4ia5jhl9s76d22crgmplpmj0c383liwbqi9pb";
};
version = "3.0.8";
};
"rb-fsevent" = {
version = "0.9.7";
mercenary = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "10la0xw82dh5mqab8bl0dk21zld63cqxb1g16fk8cb39ylc4n21a";
type = "gem";
sha256 = "1xlkflgxngwkd4nyybccgd1japrba4v3kwnp00alikj404clqx4v";
};
version = "0.3.6";
};
"rb-inotify" = {
version = "0.9.5";
minima = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "1s7ks9fqfvqx7qicnkrg76wavg9mjas52f7iyhr89lz9mqiy7p39";
type = "gem";
sha256 = "0kddx2ia0qylw3r52nhg83irkaclvrncgy2m1ywpbhlhsz1rymb9";
};
dependencies = [
"ffi"
];
version = "2.1.0";
};
"rdiscount" = {
version = "2.1.8";
pathutil = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "0f444wx6vjd30lkkb2zn1k5a6g33lidrpyy7lmgy66n1gsiipzn7";
type = "gem";
sha256 = "0vcyy90r6wfg0b0y5wqp3d25bdyqjbwjhkm1xy9jkz9a7j72n70v";
};
version = "0.14.0";
};
"rouge" = {
version = "1.10.1";
public_suffix = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "040jf98jpp6w140ghkhw2hvc1qx41zvywx5gj7r2ylr1148qnj7q";
type = "gem";
sha256 = "0wp8as9ypdy18kdj9h70kny1rdfq71mr8cj2bpahr9vxjjvjasqz";
};
version = "2.0.5";
};
"safe_yaml" = {
version = "1.0.4";
rb-fsevent = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "1pdiasp9zlr306yld19szapi6kdjk38rpv1hih9x0ry40x6mb63n";
type = "gem";
};
version = "0.9.8";
};
rb-inotify = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "0bq14f3md5nm00kgxgf0r9lcbn0vgbwljgajif0slxcwv622fjg9";
type = "gem";
};
version = "0.9.8";
};
rdiscount = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "1arvk3k06prxasq1djbj065ixar4zl171340g7wr1ww4gj9makx3";
type = "gem";
};
version = "2.2.0.1";
};
RedCloth = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "0m9dv7ya9q93r8x1pg2gi15rxlbck8m178j1fz7r5v6wr1avrrqy";
type = "gem";
};
version = "4.3.2";
};
rouge = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "13amckbdknnc5491ag28y8pqbyfpbzx5n4rlmadxhd3wkrhp92c8";
type = "gem";
};
version = "1.11.1";
};
safe_yaml = {
source = {
sha256 = "1hly915584hyi9q9vgd968x2nsi5yag9jyf5kq60lwzi5scr7094";
};
};
"sass" = {
version = "3.4.20";
source = {
type = "gem";
sha256 = "04rpdcp258arh2wgdk9shbqnzd6cbbbpi3wpi9a0wby8awgpxmyf";
};
version = "1.0.4";
};
}
sass = {
source = {
remotes = ["https://rubygems.org"];
sha256 = "0da4mn3n60cm1ss1pw1rrpa7fxagglxiwcgvz1asf1qgf4mvcwyr";
type = "gem";
};
version = "3.4.23";
};
}

27
pkgs/applications/misc/termdown/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ stdenv, fetchFromGitHub, buildPythonApplication,
click, pyfiglet, dateutil}:
with stdenv.lib;
buildPythonApplication rec {
name = "termdown-${version}";
version = "1.11.0";
src = fetchFromGitHub {
rev = "d1e3504e02ad49013595112cb03fbf175822e58d";
sha256 = "1i6fxymg52q95n0cbm4imdxh6yvpj3q57yf7w9z5d9pr35cf1iq5";
repo = "termdown";
owner = "trehn";
};
propagatedBuildInputs = [ dateutil click pyfiglet ];
meta = with stdenv.lib; {
description = "Starts a countdown to or from TIMESPEC";
longDescription = "Countdown timer and stopwatch in your terminal";
homepage = https://github.com/trehn/termdown;
license = licenses.gpl3;
platforms = platforms.all;
};
}

4
pkgs/applications/misc/udiskie/default.nix
View File

@ -4,13 +4,13 @@
pythonPackages.buildPythonApplication rec {
name = "udiskie-${version}";
version = "1.5.1";
version = "1.7.0";
src = fetchFromGitHub {
owner = "coldfix";
repo = "udiskie";
rev = version;
sha256 = "01x5fvllb262x6r3547l23z7p6hr7ddz034bkhmj2cqmf83sxwxd";
sha256 = "1dvfhf0d79al0vnrwdknfiy2297m3f7fgn7syr85p29hd6260jnv";
};
buildInputs = [

4
pkgs/applications/misc/xca/default.nix
View File

@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
sha256 = "1r2w9gpahjv221j963bd4vn0gj4cxmb9j42f3cd9qdn890hizw84";
};
enableParallelBuilding = false;
enableParallelBuilding = true;
buildInputs = [ libtool openssl qtbase qttools ];
@ -37,6 +37,6 @@ stdenv.mkDerivation rec {
platforms = platforms.all;
license = licenses.bsd3;
maintainers = with maintainers; [ offline peterhoeg ];
broken = builtins.compareVersions qtbase.version "5.7.0" >= 0;
broken = builtins.compareVersions qtbase.version "5.7.0" == 0;
};
}

205
pkgs/applications/networking/browsers/firefox/common.nix Normal file
View File

@ -0,0 +1,205 @@
{ pname, version, updateScript ? null
, src, patches ? [], overrides ? {}, meta
, isTorBrowserLike ? false }:
{ lib, stdenv, pkgconfig, pango, perl, python, zip, libIDL
, libjpeg, zlib, dbus, dbus_glib, bzip2, xorg
, freetype, fontconfig, file, nspr, nss, libnotify
, yasm, mesa, sqlite, unzip, makeWrapper
, hunspell, libevent, libstartup_notification, libvpx
, cairo, icu, libpng, jemalloc
, autoconf213, which, gnused, cargo, rustc
, debugBuild ? false
### optionals
## optional libraries
, alsaSupport ? true, alsaLib
, pulseaudioSupport ? true, libpulseaudio
, ffmpegSupport ? true, gstreamer, gst-plugins-base
, gtk3Support ? true, gtk2, gtk3, wrapGAppsHook
## privacy-related options
, privacySupport ? isTorBrowserLike
# WARNING: NEVER set any of the options below to `true` by default.
# Set to `privacySupport` or `false`.
, webrtcSupport ? !privacySupport
, loopSupport ? !privacySupport || !isTorBrowserLike
, geolocationSupport ? !privacySupport
, googleAPISupport ? geolocationSupport
, crashreporterSupport ? false
, safeBrowsingSupport ? false
, drmSupport ? false
## other
# If you want the resulting program to call itself
# "Firefox"/"Torbrowser" instead of "Nightly" or whatever, enable this
# option. However, in Firefox's case, those binaries may not be
# distributed without permission from the Mozilla Foundation, see
# http://www.mozilla.org/foundation/trademarks/.
, enableOfficialBranding ? false
}:
assert stdenv.cc ? libc && stdenv.cc.libc != null;
assert !isTorBrowserLike -> loopSupport; # can't be disabled on firefox :(
let
flag = tf: x: [(if tf then "--enable-${x}" else "--disable-${x}")];
in
stdenv.mkDerivation (rec {
name = "${pname}-unwrapped-${version}";
inherit src patches meta;
buildInputs = [
gtk2 perl zip libIDL libjpeg zlib bzip2
dbus dbus_glib pango freetype fontconfig xorg.libXi
xorg.libX11 xorg.libXrender xorg.libXft xorg.libXt file
nspr libnotify xorg.pixman yasm mesa
xorg.libXScrnSaver xorg.scrnsaverproto
xorg.libXext xorg.xextproto sqlite unzip makeWrapper
hunspell libevent libstartup_notification libvpx /* cairo */
icu libpng jemalloc
]
++ lib.optionals (!isTorBrowserLike) [ nss ]
++ lib.optional alsaSupport alsaLib
++ lib.optional pulseaudioSupport libpulseaudio # only headers are needed
++ lib.optionals ffmpegSupport [ gstreamer gst-plugins-base ]
++ lib.optional gtk3Support gtk3;
nativeBuildInputs =
[ autoconf213 which gnused pkgconfig perl python cargo rustc ]
++ lib.optional gtk3Support wrapGAppsHook;
preConfigure = ''
# remove distributed configuration files
rm -f configure
rm -f js/src/configure
rm -f .mozconfig*
# this will run autoconf213
make -f client.mk configure-files
configureScript="$(realpath ./configure)"
cd obj-*
'' + lib.optionalString googleAPISupport ''
# Google API key used by Chromium and Firefox.
# Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
# please get your own set of keys.
echo "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI" >ga
'';
configureFlags = [
"--enable-application=browser"
"--with-system-jpeg"
"--with-system-zlib"
"--with-system-bz2"
"--with-system-libevent"
"--with-system-libvpx"
"--with-system-png" # needs APNG support
"--with-system-icu"
"--enable-system-ffi"
"--enable-system-hunspell"
"--enable-system-pixman"
"--enable-system-sqlite"
#"--enable-system-cairo"
"--enable-startup-notification"
"--enable-content-sandbox" # available since 26.0, but not much info available
"--disable-tests"
"--disable-necko-wifi" # maybe we want to enable this at some point
"--disable-updater"
"--enable-jemalloc"
"--disable-maintenance-service"
"--disable-gconf"
"--enable-default-toolkit=cairo-gtk${if gtk3Support then "3" else "2"}"
]
# TorBrowser patches these
++ lib.optionals (!isTorBrowserLike) [
"--with-system-nss"
"--with-system-nspr"
]
# and wants these
++ lib.optionals isTorBrowserLike [
"--with-tor-browser-version=${version}"
"--enable-signmar"
"--enable-verify-mar"
# We opt out of TorBrowser's nspr because that patch is useless on
# anything but Windows and produces zero fingerprinting
# possibilities on other platforms.
# Lets save some space instead.
"--with-system-nspr"
]
++ flag alsaSupport "alsa"
++ flag pulseaudioSupport "pulseaudio"
++ flag ffmpegSupport "ffmpeg"
++ lib.optional (!ffmpegSupport) "--disable-gstreamer"
++ flag webrtcSupport "webrtc"
++ lib.optionals isTorBrowserLike
(flag loopSupport "loop")
++ flag geolocationSupport "mozril-geoloc"
++ lib.optional googleAPISupport "--with-google-api-keyfile=ga"
++ flag crashreporterSupport "crashreporter"
++ flag safeBrowsingSupport "safe-browsing"
++ flag drmSupport "eme"
++ (if debugBuild then [ "--enable-debug" "--enable-profiling" ]
else [ "--disable-debug" "--enable-release"
"--enable-optimize"
"--enable-strip" ])
++ lib.optional enableOfficialBranding "--enable-official-branding";
enableParallelBuilding = true;
preInstall = ''
# The following is needed for startup cache creation on grsecurity kernels.
paxmark m dist/bin/xpcshell
'';
postInstall = ''
# For grsecurity kernels
paxmark m $out/lib/firefox-[0-9]*/{firefox,firefox-bin,plugin-container}
# Remove SDK cruft. FIXME: move to a separate output?
rm -rf $out/share/idl $out/include $out/lib/firefox-devel-*
# Needed to find Mozilla runtime
gappsWrapperArgs+=(--argv0 "$out/bin/.firefox-wrapped")
'';
postFixup = ''
# Fix notifications. LibXUL uses dlopen for this, unfortunately; see #18712.
patchelf --set-rpath "${lib.getLib libnotify
}/lib:$(patchelf --print-rpath "$out"/lib/firefox-*/libxul.so)" \
"$out"/lib/firefox-*/libxul.so
'';
doInstallCheck = true;
installCheckPhase = ''
# Some basic testing
"$out/bin/firefox" --version
'';
passthru = {
browserName = "firefox";
inherit version updateScript;
isFirefox3Like = true;
inherit isTorBrowserLike;
gtk = gtk2;
inherit nspr;
inherit ffmpegSupport;
};
} // overrides)

175
pkgs/applications/networking/browsers/firefox/default.nix
View File

@ -1,175 +0,0 @@
{ lib, stdenv, fetchurl, pkgconfig, gtk2, pango, perl, python, zip, libIDL
, libjpeg, zlib, dbus, dbus_glib, bzip2, xorg
, freetype, fontconfig, file, alsaLib, nspr, nss, libnotify
, yasm, mesa, sqlite, unzip, makeWrapper
, hunspell, libevent, libstartup_notification, libvpx
, cairo, gstreamer, gst-plugins-base, icu, libpng, jemalloc, libpulseaudio
, autoconf213, which, cargo, rustc
, writeScript, xidel, common-updater-scripts, coreutils, gnused, gnugrep, curl
, enableGTK3 ? false, gtk3, wrapGAppsHook
, debugBuild ? false
, # If you want the resulting program to call itself "Firefox" instead
# of "Nightly" or whatever, enable this option. However, those
# binaries may not be distributed without permission from the
# Mozilla Foundation, see
# http://www.mozilla.org/foundation/trademarks/.
enableOfficialBranding ? false
}:
assert stdenv.cc ? libc && stdenv.cc.libc != null;
let
common = { pname, version, sha512, updateScript }: stdenv.mkDerivation rec {
name = "${pname}-unwrapped-${version}";
src = fetchurl {
url =
let ext = if lib.versionAtLeast version "41.0" then "xz" else "bz2";
in "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.${ext}";
inherit sha512;
};
# this patch should no longer be needed in 53
# from https://bugzilla.mozilla.org/show_bug.cgi?id=1013882
patches = lib.optional debugBuild ./fix-debug.patch;
buildInputs =
[ gtk2 zip libIDL libjpeg zlib bzip2
dbus dbus_glib pango freetype fontconfig xorg.libXi
xorg.libX11 xorg.libXrender xorg.libXft xorg.libXt file
alsaLib nspr nss libnotify xorg.pixman yasm mesa
xorg.libXScrnSaver xorg.scrnsaverproto
xorg.libXext xorg.xextproto sqlite unzip
hunspell libevent libstartup_notification libvpx /* cairo */
icu libpng jemalloc
libpulseaudio # only headers are needed
]
++ lib.optional enableGTK3 gtk3
++ lib.optionals (!passthru.ffmpegSupport) [ gstreamer gst-plugins-base ];
nativeBuildInputs =
[ autoconf213 which gnused pkgconfig perl python cargo rustc ]
++ lib.optional enableGTK3 wrapGAppsHook;
configureFlags =
[ "--enable-application=browser"
"--with-system-jpeg"
"--with-system-zlib"
"--with-system-bz2"
"--with-system-nspr"
"--with-system-nss"
"--with-system-libevent"
"--with-system-libvpx"
"--with-system-png" # needs APNG support
"--with-system-icu"
"--enable-alsa"
"--enable-system-ffi"
"--enable-system-hunspell"
"--enable-system-pixman"
"--enable-system-sqlite"
#"--enable-system-cairo"
"--enable-startup-notification"
"--enable-content-sandbox" # available since 26.0, but not much info available
"--disable-crashreporter"
"--disable-tests"
"--disable-necko-wifi" # maybe we want to enable this at some point
"--disable-updater"
"--enable-jemalloc"
"--disable-gconf"
"--enable-default-toolkit=cairo-gtk${if enableGTK3 then "3" else "2"}"
"--with-google-api-keyfile=ga"
]
++ (if debugBuild then [ "--enable-debug" "--enable-profiling" ]
else [ "--disable-debug" "--enable-release"
"--enable-optimize"
"--enable-strip" ])
++ lib.optional enableOfficialBranding "--enable-official-branding";
enableParallelBuilding = true;
preConfigure =
''
configureScript="$(realpath ./configure)"
mkdir ../objdir
cd ../objdir
# Google API key used by Chromium and Firefox.
# Note: These are for NixOS/nixpkgs use ONLY. For your own distribution,
# please get your own set of keys.
echo "AIzaSyDGi15Zwl11UNe6Y-5XW_upsfyw31qwZPI" >ga
'';
preInstall =
''
# The following is needed for startup cache creation on grsecurity kernels.
paxmark m ../objdir/dist/bin/xpcshell
'';
postInstall =
''
# For grsecurity kernels
paxmark m $out/lib/firefox-[0-9]*/{firefox,firefox-bin,plugin-container}
# Remove SDK cruft. FIXME: move to a separate output?
rm -rf $out/share/idl $out/include $out/lib/firefox-devel-*
# Needed to find Mozilla runtime
gappsWrapperArgs+=(--argv0 "$out/bin/.firefox-wrapped")
'';
postFixup =
# Fix notifications. LibXUL uses dlopen for this, unfortunately; see #18712.
''
patchelf --set-rpath "${lib.getLib libnotify
}/lib:$(patchelf --print-rpath "$out"/lib/firefox-*/libxul.so)" \
"$out"/lib/firefox-*/libxul.so
'';
doInstallCheck = true;
installCheckPhase =
''
# Some basic testing
"$out/bin/firefox" --version
'';
meta = {
description = "A web browser" + lib.optionalString (pname == "firefox-esr") " (Extended Support Release)";
homepage = http://www.mozilla.com/en-US/firefox/;
maintainers = with lib.maintainers; [ eelco ];
platforms = lib.platforms.linux;
};
passthru = {
inherit nspr version updateScript;
gtk = gtk2;
isFirefox3Like = true;
browserName = "firefox";
ffmpegSupport = lib.versionAtLeast version "46.0";
};
};
in {
firefox-unwrapped = common {
pname = "firefox";
version = "53.0";
sha512 = "36ec810bab58e3d99478455a38427a5efbc74d6dd7d4bb93b700fd7429b9b89250efd0abe4609091483991802090c6373c8434dfc9ba64c79a778e51fd2a2886";
updateScript = import ./update.nix {
attrPath = "firefox-unwrapped";
inherit writeScript lib common-updater-scripts xidel coreutils gnused gnugrep curl;
};
};
firefox-esr-unwrapped = common {
pname = "firefox-esr";
version = "52.1.0esr";
sha512 = "ba833904654eda347f83df77e04c8e81572772e8555f187b796ecc30e498b93fb729b6f60935731d9584169adc9d61329155364fddf635cbd11abebe4a600247";
updateScript = import ./update.nix {
attrPath = "firefox-esr-unwrapped";
versionSuffix = "esr";
inherit writeScript lib common-updater-scripts xidel coreutils gnused gnugrep curl;
};
};
}

103
pkgs/applications/networking/browsers/firefox/packages.nix Normal file
View File

@ -0,0 +1,103 @@
{ lib, callPackage, fetchurl, fetchFromGitHub }:
let common = opts: callPackage (import ./common.nix opts); in
rec {
firefox = common rec {
pname = "firefox";
version = "53.0";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "36ec810bab58e3d99478455a38427a5efbc74d6dd7d4bb93b700fd7429b9b89250efd0abe4609091483991802090c6373c8434dfc9ba64c79a778e51fd2a2886";
};
meta = {
description = "A web browser built from Firefox source tree";
homepage = http://www.mozilla.com/en-US/firefox/;
maintainers = with lib.maintainers; [ eelco ];
platforms = lib.platforms.linux;
};
updateScript = callPackage ./update.nix {
attrPath = "firefox-unwrapped";
};
} {};
firefox-esr = common rec {
pname = "firefox-esr";
version = "52.1.0esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "ba833904654eda347f83df77e04c8e81572772e8555f187b796ecc30e498b93fb729b6f60935731d9584169adc9d61329155364fddf635cbd11abebe4a600247";
};
meta = firefox.meta // {
description = "A web browser built from Firefox Extended Support Release source tree";
};
updateScript = callPackage ./update.nix {
attrPath = "firefox-esr-unwrapped";
versionSuffix = "esr";
};
} {};
tor-browser = common rec {
pname = "tor-browser";
version = "6.5.2";
isTorBrowserLike = true;
# FIXME: fetchFromGitHub is not ideal, unpacked source is >900Mb
src = fetchFromGitHub {
owner = "SLNOS";
repo = "tor-browser";
rev = "tor-browser-45.8.0esr-6.5-2";
sha256 = "0vbcp1qlxjlph0dqibylsyvb8iah3lnzdxc56hllpvbn51vrp39j";
};
overrides = {
unpackPhase = ''
# fetchFromGitHub produces ro sources, root dir gets a name that
# is too long for shebangs. fixing
cp -a $src .
mv *-src tor-browser
chmod -R +w tor-browser
cd tor-browser
# set times for xpi archives
find . -exec touch -d'2010-01-01 00:00' {} \;
'';
};
meta = {
description = "A web browser built from TorBrowser source tree";
longDescription = ''
This is a version of TorBrowser with bundle-related patches
reverted.
I.e. it's a variant of Firefox with less fingerprinting and
some isolation features you can't get with any extensions.
Or, alternatively, a variant of TorBrowser that works like any
other UNIX program and doesn't expect you to run it from a
bundle.
It will use your default Firefox profile if you're not careful
even! Be careful!
It will clash with firefox binary if you install both. But its
not a problem since you should run browsers in separate
users/VMs anyway.
Create new profile by starting it as
$ firefox -ProfileManager
and then configure it to use your tor instance.
'';
homepage = https://www.torproject.org/projects/torbrowser.html;
platforms = lib.platforms.linux;
};
} {
ffmpegSupport = false;
};
}

2
pkgs/applications/networking/browsers/torbrowser/default.nix → pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
View File

@ -99,7 +99,7 @@ let
in
stdenv.mkDerivation rec {
name = "tor-browser-${version}";
name = "tor-browser-bundle-bin-${version}";
inherit version;
src = srcs."${stdenv.system}" or (throw "unsupported system: ${stdenv.system}");

4
pkgs/applications/networking/cluster/mesos/default.nix
View File

@ -22,7 +22,7 @@ let
});
in stdenv.mkDerivation rec {
version = "1.1.0";
version = "1.1.1";
name = "mesos-${version}";
enableParallelBuilding = true;
@ -30,7 +30,7 @@ in stdenv.mkDerivation rec {
src = fetchurl {
url = "mirror://apache/mesos/${version}/${name}.tar.gz";
sha256 = "1hdjd4syyp88l0bnh88bhzvn9466ad2ysfp9pq3kwj3qzwg5jv8g";
sha256 = "0f46ebb130d2d4a9732f95d0a71d80c8c5967f3c172b110f2ece316e05922115";
};
patches = [

11
pkgs/applications/networking/cluster/terraform/default.nix
View File

@ -37,7 +37,6 @@ let
maintainers = with maintainers; [ jgeerds zimbatm peterhoeg ];
};
} // attrs');
in {
terraform_0_8_5 = generic {
version = "0.8.5";
@ -49,15 +48,13 @@ in {
sha256 = "0ibgpcpvz0bmn3cw60nzsabsrxrbmmym1hv7fx6zmjxiwd68w5gb";
};
terraform_0_9_3 = generic {
version = "0.9.3";
sha256 = "00z72lwv0cprz1jjy0cr8dicl00zwc1zwsxzjssqnq0187sswkxw";
terraform_0_9_4 = generic {
version = "0.9.4";
sha256 = "07vcmjyl0y48hm5lqqzdd51hmrxapvywzbdkg5f3rcqd7dn9c2xs";
postPatch = ''
rm builtin/providers/dns/data_dns_cname_record_set_test.go
rm builtin/providers/vsphere/resource_vsphere_file_test.go
'';
doCheck = true;
doCheck = true;
};
}

6
pkgs/applications/networking/dropbox/default.nix
View File

@ -23,11 +23,11 @@
let
# NOTE: When updating, please also update in current stable,
# as older versions stop working
version = "24.4.16";
version = "24.4.17";
sha256 =
{
"x86_64-linux" = "01hnx52ag7wfclxnqzs9m09pnmisz9lczxgg3wm47qmwhagnb8la";
"i686-linux" = "1cr0vfjwn60xdv2kh6kmmgf6g0s2y9mqklbfah59pm7k2yr2pvnf";
"x86_64-linux" = "1wjr92vrbxyjbwyqf134h8fp1zi4d5wyyirii545wqadbgg9grh9";
"i686-linux" = "1qsdidpy251irzkv0hx0ch0xnrwq6wq6b22g0n8b9d0a7xi08k7h";
}."${stdenv.system}" or (throw "system ${stdenv.system} not supported");
arch =

2
pkgs/applications/networking/instant-messengers/salut-a-toi/default.nix
View File

@ -15,7 +15,7 @@ in
buildInputs = with python27Packages;
[
python twisted urwid beautifulsoup wxPython pygobject2
python twisted urwid wxPython pygobject2
wokkel dbus-python pyfeed wrapPython setuptools file
pycrypto pyxdg
];

8
pkgs/applications/networking/owncloud-client/default.nix
View File

@ -1,16 +1,16 @@
{ stdenv, fetchurl, cmake, qt5, pkgconfig, qtkeychain, sqlite }:
{ stdenv, fetchurl, cmake, pkgconfig, qtbase, qtwebkit, qtkeychain, sqlite }:
stdenv.mkDerivation rec {
name = "owncloud-client-${version}";
version = "2.3.0";
version = "2.3.1";
src = fetchurl {
url = "https://download.owncloud.com/desktop/stable/owncloudclient-${version}.tar.xz";
sha256 = "10ah4zmnv4hfi50k59qwk990h1a4g95d3yvxqqrv4x1dv8p2sscf";
sha256 = "051rky4rpm73flxxkhfdxqq23ncnk4ixhscbg74w82sa4d93f54k";
};
nativeBuildInputs = [ pkgconfig cmake ];
buildInputs = [ qt5.qtbase qt5.qtwebkit qtkeychain sqlite ];
buildInputs = [ qtbase qtwebkit qtkeychain sqlite ];
cmakeFlags = [
"-UCMAKE_INSTALL_LIBDIR"

8
pkgs/applications/networking/remote/citrix-receiver/default.nix
View File

@ -22,7 +22,7 @@
, alsaLib
}:
let versionRec = { major = "13"; minor = "4"; patch = "0"; };
let versionRec = { major = "13"; minor = "5"; patch = "0"; };
in stdenv.mkDerivation rec {
name = "citrix-receiver-${version}";
version = with versionRec; "${major}.${minor}.${patch}";
@ -31,11 +31,11 @@ in stdenv.mkDerivation rec {
prefixWithBitness = if stdenv.is64bit then "linuxx64" else "linuxx86";
src = with versionRec; requireFile rec {
name = "${prefixWithBitness}-${version}.10109380.tar.gz";
name = "${prefixWithBitness}-${version}.10185126.tar.gz";
sha256 =
if stdenv.is64bit
then "133brs0sq6d0mgr19rc6ig1n9ahm3ryi23v5nrgqfh0hgxqcrrjb"
else "0r7jfl5yqv1s2npy8l9gsn0gbb82f6raa092ppkc8xy5pni5sh7l";
then "1r24mhkpcc0z95n597p07fz92pd1b8qqzp2z6w07rmb9wb8mpd4x"
else "0pwxshlryzhkl86cj9ryybm54alhzjx0gpp67fnvdn5r64wy1nd1";
message = ''
In order to use Citrix Receiver, you need to comply with the Citrix EULA and download
the ${if stdenv.is64bit then "64-bit" else "32-bit"} binaries, .tar.gz from:

4
pkgs/applications/networking/remote/teamviewer/default.nix
View File

@ -16,13 +16,13 @@ in
stdenv.mkDerivation rec {
name = "teamviewer-${version}";
version = "12.0.71510";
version = "12.0.76279";
src = fetchurl {
# There is a 64-bit package, but it has no differences apart from Debian dependencies.
# Generic versioned packages (teamviewer_${version}_i386.tar.xz) are not available for some reason.
url = "http://download.teamviewer.com/download/teamviewer_${version}_i386.deb";
sha256 = "0f2qc2rpxk7zsyfxlsfr5gwbs9vhnzc3z7ib677pnr99bz06hbqp";
sha256 = "15yhx66zxbjk0x3dpfg39gb1f2ajcp9kbp4zi58bfnvby277jl00";
};
unpackPhase = ''

106
pkgs/applications/networking/remote/xrdp/default.nix Normal file
View File

@ -0,0 +1,106 @@
{ stdenv, fetchFromGitHub, fetchpatch, pkgconfig, which, perl, autoconf, automake, libtool, openssl, systemd, pam, fuse, libjpeg, libopus, nasm, xorg }:
let
xorgxrdp = stdenv.mkDerivation rec {
name = "xorgxrdp-${version}";
version = "0.2.1";
src = fetchFromGitHub {
owner = "neutrinolabs";
repo = "xorgxrdp";
rev = "v${version}";
sha256 = "13713qs1v79xa02iw6vaj9b2q62ix770a32z56ql05d6yvfdsfhi";
};
nativeBuildInputs = [ pkgconfig autoconf automake which libtool nasm ];
buildInputs = [ xorg.xorgserver ];
postPatch = ''
# patch from Debian, allows to run xrdp daemon under unprivileged user
substituteInPlace module/rdpClientCon.c \
--replace 'g_sck_listen(dev->listen_sck);' 'g_sck_listen(dev->listen_sck); g_chmod_hex(dev->uds_data, 0x0660);'
substituteInPlace configure.ac \
--replace 'moduledir=`pkg-config xorg-server --variable=moduledir`' "moduledir=$out/lib/xorg/modules" \
--replace 'sysconfdir="/etc"' "sysconfdir=$out/etc"
'';
preConfigure = "./bootstrap";
configureFlags = [ "XRDP_CFLAGS=-I${xrdp.src}/common" ];
enableParallelBuilding = true;
};
xrdp = stdenv.mkDerivation rec {
version = "0.9.2";
rev = "48c26a3"; # Fixes https://github.com/neutrinolabs/xrdp/issues/609; not a patch on top of the official repo because "xorgxrdp.configureFlags" above includes "xrdp.src" which must be fixed already
name = "xrdp-${version}.${rev}";
src = fetchFromGitHub {
owner = "volth";
repo = "xrdp";
rev = rev;
fetchSubmodules = true;
sha256 = "0zs03amshmvy65d26vsv31n9jflkjf43vsjhg4crzifka3vz9p16";
};
nativeBuildInputs = [ pkgconfig autoconf automake which libtool nasm ];
buildInputs = [ openssl systemd pam fuse libjpeg libopus xorg.libX11 xorg.libXfixes xorg.libXrandr ];
postPatch = ''
substituteInPlace sesman/xauth.c --replace "xauth -q" "${xorg.xauth}/bin/xauth -q"
'';
preConfigure = ''
(cd librfxcodec && ./bootstrap && ./configure --prefix=$out --enable-static --disable-shared)
./bootstrap
'';
dontDisableStatic = true;
configureFlags = [ "--with-systemdsystemunitdir=./do-not-install" "--enable-ipv6" "--enable-jpeg" "--enable-fuse" "--enable-rfxcodec" "--enable-opus" ];
installFlags = [ "DESTDIR=$(out)" "prefix=" ];
postInstall = ''
# remove generated keys (as non-determenistic) and upstart script
rm $out/etc/xrdp/{rsakeys.ini,key.pem,cert.pem,xrdp.sh}
cp $src/keygen/openssl.conf $out/share/xrdp/openssl.conf
substituteInPlace $out/etc/xrdp/sesman.ini --replace /etc/xrdp/pulse $out/etc/xrdp/pulse
# remove all session types except Xorg (they are not supported by this setup)
${perl}/bin/perl -i -ne 'print unless /\[(X11rdp|Xvnc|console|vnc-any|sesman-any|rdp-any|neutrinordp-any)\]/ .. /^$/' $out/etc/xrdp/xrdp.ini
# remove all session types and then add Xorg
${perl}/bin/perl -i -ne 'print unless /\[(X11rdp|Xvnc|Xorg)\]/ .. /^$/' $out/etc/xrdp/sesman.ini
cat >> $out/etc/xrdp/sesman.ini <<EOF
[Xorg]
param=${xorg.xorgserver}/bin/Xorg
param=-modulepath
param=${xorgxrdp}/lib/xorg/modules,${xorg.xorgserver}/lib/xorg/modules
param=-config
param=${xorgxrdp}/etc/X11/xrdp/xorg.conf
param=-noreset
param=-nolisten
param=tcp
param=-logfile
param=.xorgxrdp.%s.log
EOF
'';
enableParallelBuilding = true;
meta = with stdenv.lib; {
description = "An open source RDP server";
homepage = https://github.com/neutrinolabs/xrdp;
license = licenses.asl20;
maintainers = [ maintainers.volth ];
platforms = platforms.linux;
};
};
in xrdp

10
pkgs/applications/science/biology/ants/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, cmake, itk, vtk }:
{ stdenv, fetchFromGitHub, cmake, makeWrapper, itk, vtk }:
stdenv.mkDerivation rec {
_name = "ANTs";
@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
sha256 = "0gyys1lf69bl3569cskxc8r5llwcr0dsyzvlby5skhfpsyw0dh8r";
};
nativeBuildInputs = [ cmake ];
nativeBuildInputs = [ cmake makeWrapper ];
buildInputs = [ itk vtk ];
cmakeFlags = [ "-DANTS_SUPERBUILD=FALSE" "-DUSE_VTK=TRUE" ];
@ -20,6 +20,12 @@ stdenv.mkDerivation rec {
checkPhase = "ctest";
doCheck = false;
postInstall = ''
for file in $out/bin/*; do
wrapProgram $file --set ANTSPATH "$out/bin"
done
'';
meta = with stdenv.lib; {
homepage = https://github.com/stnava/ANTs;
description = "Advanced normalization toolkit for medical image registration and other processing";

21
pkgs/applications/science/logic/coq/HEAD.nix
View File

@ -1,31 +1,34 @@
# - coqide compilation can be disabled by setting lablgtk to null;
# - coqide compilation can be disabled by setting buildIde to false;
# - The csdp program used for the Micromega tactic is statically referenced.
# However, coq can build without csdp by setting it to null.
# In this case some Micromega tactics will search the user's path for the csdp program and will fail if it is not found.
{stdenv, fetchgit, writeText, pkgconfig, ocaml, findlib, camlp5, ncurses, lablgtk ? null, csdp ? null}:
{stdenv, fetchgit, writeText, pkgconfig, ocamlPackages_4_02, ncurses, buildIde ? true, csdp ? null}:
let
version = "8.6pre-0c999f02";
version = "2017-02-03";
coq-version = "8.6";
buildIde = lablgtk != null;
ideFlags = if buildIde then "-lablgtkdir ${lablgtk}/lib/ocaml/*/site-lib/lablgtk2 -coqide opt" else "";
ideFlags = if buildIde then "-lablgtkdir ${ocamlPackages_4_02.lablgtk}/lib/ocaml/*/site-lib/lablgtk2 -coqide opt" else "";
csdpPatch = if csdp != null then ''
substituteInPlace plugins/micromega/sos.ml --replace "; csdp" "; ${csdp}/bin/csdp"
substituteInPlace plugins/micromega/coq_micromega.ml --replace "System.is_in_system_path \"csdp\"" "true"
'' else "";
ocaml = ocamlPackages_4_02.ocaml;
findlib = ocamlPackages_4_02.findlib;
lablgtk = ocamlPackages_4_02.lablgtk;
camlp5 = ocamlPackages_4_02.camlp5_transitional;
in
stdenv.mkDerivation {
name = "coq-${version}";
name = "coq-unstable-${version}";
inherit coq-version;
inherit ocaml camlp5;
inherit ocaml camlp5 findlib;
src = fetchgit {
url = git://scm.gforge.inria.fr/coq/coq.git;
rev = "ad768e435a736ca51ac79a575967b388b34918c7";
sha256 = "05s7sk1l3mvdjag3idnhkpj707y4bv56da7kpffw862f2qgfr77j";
rev = "078598d029792a3d9a54fae9b9ac189b75bc3b06";
sha256 = "0sflrpp6x0ada0bjh67q1x65g88d179n3cawpwkp1pm4kw76g8x7";
};
buildInputs = [ pkgconfig ocaml findlib camlp5 ncurses lablgtk ];

2
pkgs/applications/science/math/csdp/default.nix
View File

@ -8,7 +8,7 @@ stdenv.mkDerivation {
sha256 = "1f9ql6cjy2gwiyc51ylfan24v1ca9sjajxkbhszlds1lqmma8n05";
};
buildInputs = [ blas gfortran liblapack ];
buildInputs = [ blas gfortran.cc.lib liblapack ];
postPatch = ''
substituteInPlace Makefile --replace /usr/local/bin $out/bin

4
pkgs/applications/science/math/geogebra/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
name = "geogebra-${version}";
version = "5-0-350-0";
version = "5-0-355-0";
preferLocalBuild = true;
src = fetchurl {
url = "http://download.geogebra.org/installers/5.0/GeoGebra-Linux-Portable-${version}.tar.bz2";
sha256 = "0lr2calglad5d17p5sl1jbjdfsdsmn4dxgy8s89lyh0d4aihy54d";
sha256 = "0gm6jqlc3kgnbwnqlz6i9rahdy802jq7xc9gw1q5ynk63smm3ngk";
};
srcIcon = fetchurl {

15
pkgs/applications/science/math/speedcrunch/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchgit, cmake, qtbase, qttools }:
{ stdenv, fetchgit, cmake, makeQtWrapper, qtbase, qttools }:
stdenv.mkDerivation rec {
name = "speedcrunch-${version}";
@ -11,14 +11,20 @@ stdenv.mkDerivation rec {
sha256 = "0vh7cd1915bjqzkdp3sk25ngy8cq624mkh8c53c5bnzk357kb0fk";
};
enableParallelBuilding = true;
buildInputs = [ qtbase qttools ];
nativeBuildInputs = [ cmake ];
nativeBuildInputs = [ cmake makeQtWrapper ];
preConfigure = ''
cd src
'';
postFixup = ''
wrapQtProgram $out/bin/speedcrunch
'';
meta = with stdenv.lib; {
homepage = http://speedcrunch.org;
license = licenses.gpl2Plus;
@ -30,7 +36,8 @@ stdenv.mkDerivation rec {
full keyboard-friendly and more than 15 built-in math function.
'';
maintainers = with maintainers; [ gebner ];
platforms = platforms.all;
broken = builtins.compareVersions qtbase.version "5.8.0" >= 0;
inherit (qtbase.meta) platforms;
# works with qt 5.6 and qt 5.8
broken = builtins.compareVersions qtbase.version "5.7.0" == 0;
};
}

2
pkgs/applications/version-management/git-and-tools/qgit/default.nix
View File

@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
license = licenses.gpl2;
homepage = http://libre.tibirna.org/projects/qgit/wiki/QGit;
description = "Graphical front-end to Git";
maintainer = with maintainers; [ peterhoeg ];
maintainers = with maintainers; [ peterhoeg ];
inherit (qtbase.meta) platforms;
};
}

4
pkgs/applications/video/mpv/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, fetchFromGitHub, makeWrapper
, docutils, perl, pkgconfig, python3, which, ffmpeg_3_2
, docutils, perl, pkgconfig, python3, which, ffmpeg
, freefont_ttf, freetype, libass, libpthreadstubs
, lua, lua5_sockets, libuchardet, libiconv ? null, darwin
@ -112,7 +112,7 @@ in stdenv.mkDerivation rec {
nativeBuildInputs = [ docutils makeWrapper perl pkgconfig python3 which ];
buildInputs = [
ffmpeg_3_2 freetype libass libpthreadstubs
ffmpeg freetype libass libpthreadstubs
lua lua5_sockets libuchardet
] ++ optionals stdenv.isDarwin (with darwin.apple_sdk.frameworks; [
libiconv Cocoa CoreAudio ])

8
pkgs/applications/virtualization/xen/generic.nix
View File

@ -107,7 +107,8 @@ stdenv.mkDerivation (rec {
# We want to do this before getting prefetched stuff to speed things up
# (prefetched stuff has lots of files)
find . -type f | xargs sed -i 's@/usr/bin/\(python\|perl\)@/usr/bin/env \1@g'
find . -type f | xargs sed -i 's@/bin/bash@/bin/sh@g'
find . -type f -not -path "./tools/hotplug/Linux/xendomains.in" \
| xargs sed -i 's@/bin/bash@/bin/sh@g'
# Get prefetched stuff
${withXenfiles (name: x: ''
@ -171,6 +172,11 @@ stdenv.mkDerivation (rec {
${config.postPatch or ""}
'';
postConfigure = ''
substituteInPlace tools/hotplug/Linux/xendomains \
--replace /bin/ls ls
'';
# TODO: Flask needs more testing before enabling it by default.
#makeFlags = "XSM_ENABLE=y FLASK_ENABLE=y PREFIX=$(out) CONFIG_DIR=/etc XEN_EXTFILES_URL=\\$(XEN_ROOT)/xen_ext_files ";
makeFlags = [ "PREFIX=$(out) CONFIG_DIR=/etc" "XEN_SCRIPT_DIR=/etc/xen/scripts" ]

2
pkgs/build-support/docker/default.nix
View File

@ -82,7 +82,7 @@ rec {
export PATH=${shadow}/bin:$PATH
mkdir -p /etc/pam.d
if [[ ! -f /etc/passwd ]]; then
echo "root:x:0:0::/root:/bin/sh" > /etc/passwd
echo "root:x:0:0::/root:${stdenv.shell}" > /etc/passwd
echo "root:!x:::::::" > /etc/shadow
fi
if [[ ! -f /etc/group ]]; then

37
pkgs/build-support/grsecurity/default.nix
View File

@ -1,37 +0,0 @@
{ stdenv
, lib
, overrideDerivation
# required for gcc plugins
, gmp, libmpc, mpfr
# the base kernel
, kernel
, grsecPatch
, kernelPatches ? []
, localver ? "-grsec"
, modDirVersion ? "${kernel.version}${localver}"
, extraConfig ? ""
, ...
} @ args:
assert (kernel.version == grsecPatch.kver);
overrideDerivation (kernel.override {
inherit modDirVersion;
kernelPatches = lib.unique ([ grsecPatch ] ++ kernelPatches ++ (kernel.kernelPatches or []));
extraConfig = ''
GRKERNSEC y
PAX y
${extraConfig}
'';
ignoreConfigErrors = true;
}) (attrs: {
nativeBuildInputs = (lib.chooseDevOutputs [ gmp libmpc mpfr ]) ++ (attrs.nativeBuildInputs or []);
preConfigure = ''
echo ${localver} >localversion-grsec
${attrs.preConfigure or ""}
'';
})

6
pkgs/build-support/kde/wrapper.nix
View File

@ -48,9 +48,9 @@ stdenv.mkDerivation {
--suffix PATH : "$env/bin" \
--prefix XDG_CONFIG_DIRS : "$env/etc/xdg" \
--prefix XDG_DATA_DIRS : "$env/share:${gtk3}/share/gsettings-schemas/${gtk3.name}" \
--set QML_IMPORT_PATH "$env/lib/qt5/imports" \
--set QML2_IMPORT_PATH "$env/lib/qt5/qml" \
--set QT_PLUGIN_PATH "$env/lib/qt5/plugins" \
--prefix QML_IMPORT_PATH : "$env/lib/qt5/imports" \
--prefix QML2_IMPORT_PATH : "$env/lib/qt5/qml" \
--prefix QT_PLUGIN_PATH : "$env/lib/qt5/plugins" \
--prefix GIO_EXTRA_MODULES : "${dconf.lib}/lib/gio/modules"
good="1"
break

2
pkgs/build-support/release/ant-build.nix
View File

@ -69,7 +69,7 @@ stdenv.mkDerivation (
mkdir -p $out/bin
cat >> $out/bin/${w.name} <<EOF
#! /bin/sh
#!${stdenv.shell}
export JAVA_HOME=$jre
$jre/bin/java ${cp w} ${if w ? mainClass then w.mainClass else "-jar ${w.jar}"} \$@
EOF

14
pkgs/build-support/setup-hooks/wrap-gapps-hook.sh
View File

@ -35,10 +35,16 @@ wrapGAppsHook() {
gappsWrapperArgs+=(--prefix $v : "$dummy")
done
if [ -z "$dontWrapGApps" ]; then
for i in $prefix/bin/* $prefix/libexec/*; do
echo "Wrapping app $i"
wrapProgram "$i" "${gappsWrapperArgs[@]}"
if [[ -z "$dontWrapGApps" ]]; then
targetDirs=( "${prefix}/bin" "${prefix}/libexec" )
for targetDir in "${targetDirs[@]}"; do
if [[ -d "${targetDir}" ]]; then
find "${targetDir}" -type f -executable -print0 \
| while IFS= read -r -d '' file; do
echo "Wrapping program ${file}"
wrapProgram "${file}" "${gappsWrapperArgs[@]}"
done
fi
done
fi
}

1
pkgs/build-support/vm/windows/default.nix
View File

@ -1,3 +1,4 @@
#note: the hardcoded /bin/sh is required for the VM's cygwin shell
pkgs:
let

43
pkgs/desktops/enlightenment/efl.nix
View File

@ -1,12 +1,18 @@
{ stdenv, fetchurl, pkgconfig, openssl, libjpeg, zlib, lz4, freetype, fontconfig, fribidi, SDL2, SDL, mesa, giflib, libpng, libtiff, glib, gst_all_1, libpulseaudio, libsndfile, xorg, libdrm, libxkbcommon, udev, utillinux, dbus, bullet, luajit, python27Packages, openjpeg, doxygen, expat, harfbuzz, jbig2dec, librsvg, dbus_libs, alsaLib, poppler, ghostscript, libraw, libspectre, xineLib, libwebp, curl, libinput, systemd }:
{ stdenv, fetchurl, pkgconfig, openssl, libjpeg, zlib, lz4, freetype, fontconfig
, fribidi, SDL2, SDL, mesa, giflib, libpng, libtiff, glib, gst_all_1, libpulseaudio
, libsndfile, xorg, libdrm, libxkbcommon, udev, utillinux, dbus, bullet, luajit
, python27Packages, openjpeg, doxygen, expat, harfbuzz, jbig2dec, librsvg
, dbus_libs, alsaLib, poppler, ghostscript, libraw, libspectre, xineLib, libwebp
, curl, libinput, systemd, writeText
}:
stdenv.mkDerivation rec {
name = "efl-${version}";
version = "1.18.4";
version = "1.19.0";
src = fetchurl {
url = "http://download.enlightenment.org/rel/libs/efl/${name}.tar.xz";
sha256 = "09c0ajszjarcs6d62zlgnf1aha2f921mfr0gxg6nwza36xzc1srr";
sha256 = "1pza8lacqh3bgsvcm4h2hyc577bvnzix932g87dhg03ph4839q54";
};
nativeBuildInputs = [ pkgconfig ];
@ -24,16 +30,35 @@ stdenv.mkDerivation rec {
libinput ];
# ac_ct_CXX must be set to random value, because then it skips some magic which does alternative searching for g++
configureFlags = [ "--enable-sdl" "--enable-drm" "--enable-elput" "--with-opengl=full"
"--enable-image-loader-jp2k" "--enable-xinput22" "--enable-multisense" "--enable-liblz4" "--enable-systemd"
"--enable-image-loader-webp" "--enable-harfbuzz" "--enable-xine" "--enable-fb"
"--disable-tslib" "--with-systemdunitdir=$out/systemd/user"
"ac_ct_CXX=foo" ];
configureFlags = [
"--enable-sdl"
"--enable-drm"
"--enable-elput"
"--with-opengl=full"
"--enable-image-loader-jp2k"
"--enable-xinput22"
"--enable-multisense"
"--enable-liblz4"
"--enable-systemd"
"--enable-image-loader-webp"
"--enable-harfbuzz"
"--enable-xine"
"--enable-fb"
"--disable-tslib"
"--with-systemdunitdir=$out/systemd/user"
"ac_ct_CXX=foo"
];
patches = [ ./efl-elua.patch ];
# bin/edje_cc creates $HOME/.run, which would break build of reverse dependencies.
setupHook = writeText "setupHook.sh" ''
export HOME="$TEMPDIR"
'';
preConfigure = ''
export LD_LIBRARY_PATH="$(pwd)/src/lib/eina/.libs:$LD_LIBRARY_PATH"
source "$setupHook"
'';
postInstall = ''
@ -48,8 +73,8 @@ stdenv.mkDerivation rec {
meta = {
description = "Enlightenment foundation libraries";
homepage = http://enlightenment.org/;
maintainers = with stdenv.lib.maintainers; [ matejc tstrobel ftrvxmtrx ];
platforms = stdenv.lib.platforms.linux;
license = stdenv.lib.licenses.lgpl3;
maintainers = with stdenv.lib.maintainers; [ matejc tstrobel ftrvxmtrx ];
};
}

2
pkgs/desktops/gnome-2/bindings/gnome-python/default.nix
View File

@ -27,7 +27,7 @@ in stdenv.mkDerivation rec {
homepage = "http://pygtk.org/";
description = "Python wrapper for GNOME libraries";
platforms = platforms.linux;
licenses = licenses.lgpl2;
license = licenses.lgpl2;
maintainers = with maintainers; [ qknight ];
};
}

31
pkgs/desktops/gnome-3/extensions/chrome-gnome-shell/default.nix Normal file
View File

@ -0,0 +1,31 @@
{stdenv, lib, python, dbus, fetchgit, cmake, coreutils, jq, gobjectIntrospection, python27Packages, makeWrapper, gnome3, wrapGAppsHook}:
stdenv.mkDerivation rec {
name="chrome-gnome-shell";
src = fetchgit {
url = "git://git.gnome.org/chrome-gnome-shell";
rev = "7d99523e90805cb65027cc2f5f1191a957dcf276";
sha256 = "0qc34dbhsz5yf4z5bx6py08h561rcxw9928drgk9256g3vnygnbc";
};
buildInputs = [ gnome3.gnome_shell makeWrapper jq dbus gobjectIntrospection
python python27Packages.requests python27Packages.pygobject3 wrapGAppsHook];
preConfigure = ''
mkdir build usr etc
cd build
${cmake}/bin/cmake -DCMAKE_INSTALL_PREFIX=$out/usr -DBUILD_EXTENSION=OFF ../
substituteInPlace cmake_install.cmake --replace "/etc" "$out/etc"
'';
postInstall = ''
rm $out/etc/opt/chrome/policies/managed/chrome-gnome-shell.json
rm $out/etc/chromium/policies/managed/chrome-gnome-shell.json
wrapProgram $out/usr/bin/chrome-gnome-shell \
--prefix PATH '"${dbus}/bin/dbus:$PATH"' \
--prefix PATH '"${gnome3.gnome_shell}:$PATH"' \
--prefix PYTHONPATH : "$PYTHONPATH"
'';
}

9
pkgs/desktops/kde-4.14/kde-package/4.14.3.nix
View File

@ -10,7 +10,6 @@ hashes=builtins.listToAttrs[
{name="libkexiv2";value="1z8fmxfphx7szf4a17fs7zfjyxj6wncbvsphfvf6i5rlqy60g1y4";}
{name="marble";value="1w603miykq0s84jk6j17b7pg44rd4az0dhzgq7j7d6dfcz7nfrjd";}
{name="okular";value="0ijw71vkk1lj873hqczc23vllhkc9s0miipsbllxblx57rgi5qp6";}
{name="pykde4";value="1z40gnkyjlv6ds3cmpzvv99394rhmydr6rxx7qj33m83xnsxgfbz";}
{name="svgpart";value="1bj9gaaj6nqdgchmqnn381288aqw09ky0kbm1naddqa82pk196f6";}
];
versions=builtins.listToAttrs[
@ -26,7 +25,6 @@ versions=builtins.listToAttrs[
{name="libkexiv2";value="4.14.3";}
{name="marble";value="4.14.3";}
{name="okular";value="4.14.3";}
{name="pykde4";value="4.14.3";}
{name="svgpart";value="4.14.3";}
];
modules=[
@ -62,13 +60,6 @@ modules=[
{ name="marble"; }
];
}
{
module="kdebindings";
split=true;
pkgs=[
{ name="pykde4"; }
];
}
{
module="kde-baseapps";
sane="kde_baseapps"; split=true;

27
pkgs/desktops/kde-4.14/kdebindings/pykde4-gcc-5.patch
View File

@ -1,27 +0,0 @@
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fb0ed8c85dd15fb18a902b22a7555ba4f7cf01cb
Patch created by: Erik Zeek
See also: https://bugs.gentoo.org/show_bug.cgi?id=567022
--- a/CMakeLists.txt
+++ a/CMakeLists.txt
@@ -166,7 +166,7 @@ add_sip_python_module(PyKDE4.kdeui sip/kdeui/kdeuimod.sip ${KDE4_KDEUI_LIBS} ${Q
file(GLOB kio_files_sip sip/kio/*.sip)
set(SIP_EXTRA_FILES_DEPEND ${kio_files_sip})
-add_sip_python_module(PyKDE4.kio sip/kio/kiomod.sip ${KDE4_KIO_LIBS} ${KDE4_KFILE_LIBS})
+add_sip_python_module(PyKDE4.kio sip/kio/kiomod.sip ${KDE4_SOLID_LIBS} ${KDE4_KIO_LIBS} ${KDE4_KFILE_LIBS})
file(GLOB kutils_files_sip sip/kutils/*.sip)
set(SIP_EXTRA_FILES_DEPEND ${kutils_files_sip})
@@ -190,7 +190,7 @@ add_sip_python_module(PyKDE4.knewstuff sip/knewstuff/knewstuffmod.sip ${KDE4_KNE
file(GLOB dnssd_files_sip sip/dnssd/*.sip)
set(SIP_EXTRA_FILES_DEPEND ${dnssd_files_sip})
-add_sip_python_module(PyKDE4.dnssd sip/dnssd/dnssdmod.sip ${KDE4_KDNSSD_LIBS} ${QT_QTCORE_LIBRARY})
+add_sip_python_module(PyKDE4.dnssd sip/dnssd/dnssdmod.sip ${KDE4_KDNSSD_LIBS} ${QT_QTCORE_LIBRARY} ${QT_QTNETWORK_LIBRARY})
file(GLOB phonon_files_sip sip/phonon/*.sip)
set(SIP_EXTRA_FILES_DEPEND ${phonon_files_sip})

35
pkgs/desktops/kde-4.14/kdebindings/pykde4.nix
View File

@ -1,35 +0,0 @@
{ kde, kdelibs, pythonPackages, kdepimlibs, shared_desktop_ontologies,
polkit_qt4, boost, lndir, pkgconfig }:
let
inherit (pythonPackages) python pyqt4;
pydir = "lib/python${python.majorVersion}";
in kde {
patches = [ ./pykde4-gcc-5.patch ];
# todo: polkit isn't found by the build system
buildInputs = [
python kdepimlibs shared_desktop_ontologies
boost polkit_qt4
];
nativeBuildInputs = [ pkgconfig ];
propagatedBuildInputs = [ pyqt4 ];
preConfigure =
''
# Symlink PyQt into PyKDE. This is necessary because PyQt looks
# in its PyQt4/uic/widget-plugins directory for plugins, and KDE
# needs to install a plugin.
mkdir -pv $out/${pydir}
${lndir}/bin/lndir ${pyqt4}/${pydir} $out/${pydir}
cmakeFlagsArray=( "-DSIP_DEFAULT_SIP_DIR=$prefix/share/sip" )
'';
meta = {
description = "Python bindings for KDE";
};
}

2
pkgs/desktops/plasma-5/default.nix
View File

@ -62,7 +62,7 @@ let
kwayland-integration = callPackage ./kwayland-integration.nix {};
kwin = callPackage ./kwin {};
kwrited = callPackage ./kwrited.nix {};
libkscreen = callPackage ./libkscreen.nix {};
libkscreen = callPackage ./libkscreen {};
libksysguard = callPackage ./libksysguard {};
milou = callPackage ./milou.nix {};
oxygen = callPackage ./oxygen.nix {};

2
pkgs/desktops/plasma-5/fetch.sh
View File

@ -1 +1 @@
WGET_ARGS=( http://download.kde.org/stable/plasma/5.9.4/ -A '*.tar.xz' )
WGET_ARGS=( http://download.kde.org/stable/plasma/5.9.5/ -A '*.tar.xz' )

8
pkgs/desktops/plasma-5/kwin/default.nix
View File

@ -30,4 +30,12 @@ plasmaPackage {
--subst-var-by xwayland ${lib.getBin xwayland}/bin/Xwayland
'';
cmakeFlags = [ "-DCMAKE_SKIP_BUILD_RPATH=OFF" ];
postInstall = ''
# Some package(s) refer to these service types by the wrong name.
# I would prefer to patch those packages, but I cannot find them!
ln -s $out/share/kservicetypes5/kwineffect.desktop \
$out/share/kservicetypes5/kwin-effect.desktop
ln -s $out/share/kservicetypes5/kwinscript.desktop \
$out/share/kservicetypes5/kwin-script.desktop
'';
}

15
pkgs/desktops/plasma-5/libkscreen.nix
View File

@ -1,15 +0,0 @@
{ plasmaPackage
, extra-cmake-modules
, kwayland, libXrandr
, qtx11extras
}:
plasmaPackage {
name = "libkscreen";
nativeBuildInputs = [
extra-cmake-modules
];
propagatedBuildInputs = [
kwayland libXrandr qtx11extras
];
}

Some files were not shown because too many files have changed in this diff Show More