JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into ocaml-utop

Browse Source
This commit is contained in:
Michael Raskin 2017-05-01 14:38:18 +02:00 committed by GitHub
commit 9ae5487b19
579 changed files with 18588 additions and 12037 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/cross-compilation.xml
View File

@ -167,6 +167,11 @@
Because of this, a best-of-both-worlds solution is in the works with no splicing or explicit access of <varname>buildPackages</varname> needed.
For now, feel free to use either method.
</para>
<note><para>
There is also a "backlink" <varname>__targetPackages</varname>, yielding a package set whose <varname>buildPackages</varname> is the current package set.
This is a hack, though, to accommodate compilers with lousy build systems.
Please do not use this unless you are absolutely sure you are packaging such a compiler and there is no other way.
</para></note>
</section>
</section>

3
doc/languages-frameworks/ruby.xml
View File

@ -16,8 +16,7 @@ $ cd sensu
$ cat > Gemfile
source 'https://rubygems.org'
gem 'sensu'
$ nix-shell -p bundler --command "bundler package --path /tmp/vendor/bundle"
$ $(nix-build '<nixpkgs>' -A bundix)/bin/bundix
$ $(nix-build '<nixpkgs>' -A bundix)/bin/bundix --magic
$ cat > default.nix
{ lib, bundlerEnv, ruby }:

1
doc/multiple-output.xml
View File

@ -16,7 +16,6 @@
<section><title>Installing a split package</title>
<para>When installing a package via <varname>systemPackages</varname> or <command>nix-env</command> you have several options:</para>
<warning><para>Currently <command>nix-env</command> almost always installs all outputs until https://github.com/NixOS/nix/pull/815 gets merged.</para></warning>
<itemizedlist>
<listitem><para>You can install particular outputs explicitly, as each is available in the Nix language as an attribute of the package. The <varname>outputs</varname> attribute contains a list of output names.</para></listitem>
<listitem><para>You can let it use the default outputs. These are handled by <varname>meta.outputsToInstall</varname> attribute that contains a list of output names.</para>

4
lib/customisation.nix
View File

@ -167,7 +167,7 @@ rec {
/* Make a set of packages with a common scope. All packages called
with the provided `callPackage' will be evaluated with the same
arguments. Any package in the set may depend on any other. The
`override' function allows subsequent modification of the package
`overrideScope' function allows subsequent modification of the package
set in a consistent way, i.e. all packages in the set will be
called with the overridden packages. The package sets may be
hierarchical: the packages in the set are called with the scope
@ -177,7 +177,7 @@ rec {
let self = f self // {
newScope = scope: newScope (self // scope);
callPackage = self.newScope {};
override = g:
overrideScope = g:
makeScope newScope
(self_: let super = f self_; in super // g super self_);
packages = f;

5
lib/licenses.nix
View File

@ -531,6 +531,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
fullName = "Do What The F*ck You Want To Public License";
};
wxWindows = spdx {
spdxId = "WXwindows";
fullName = "wxWindows Library Licence, Version 3.1";
};
zlib = spdx {
spdxId = "Zlib";
fullName = "zlib License";

8
lib/maintainers.nix
View File

@ -215,6 +215,7 @@
heel = "Sergii Paryzhskyi <parizhskiy@gmail.com>";
henrytill = "Henry Till <henrytill@gmail.com>";
hinton = "Tom Hinton <t@larkery.com>";
hodapp = "Chris Hodapp <hodapp87@gmail.com>";
hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";
iand675 = "Ian Duncan <ian@iankduncan.com>";
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
@ -388,6 +389,7 @@
paholg = "Paho Lurie-Gregg <paho@paholg.com>";
pakhfn = "Fedor Pakhomov <pakhfn@gmail.com>";
palo = "Ingolf Wanger <palipalo9@googlemail.com>";
panaeon = "Vitalii Voloshyn <vitalii.voloshyn@gmail.com";
paperdigits = "Mica Semrick <mica@silentumbrella.com>";
pashev = "Igor Pashev <pashev.igor@gmail.com>";
patternspandemic = "Brad Christensen <patternspandemic@live.com>";
@ -452,7 +454,7 @@
romildo = "José Romildo Malaquias <malaquias@gmail.com>";
rongcuid = "Rongcui Dong <rongcuid@outlook.com>";
ronny = "Ronny Pfannschmidt <nixos@ronnypfannschmidt.de>";
rszibele = "Richard Szibele <richard_szibele@hotmail.com>";
rszibele = "Richard Szibele <richard@szibele.com>";
rtreffer = "Rene Treffer <treffer+nixos@measite.de>";
rushmorem = "Rushmore Mushambi <rushmore@webenchanter.com>";
rvl = "Rodney Lorrimar <dev+nix@rodney.id.au>";
@ -466,6 +468,7 @@
s1lvester = "Markus Silvester <s1lvester@bockhacker.me>";
samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
sargon = "Daniel Ehlers <danielehlers@mindeye.net>";
schmitthenner = "Fabian Schmitthenner <development@schmitthenner.eu>";
schneefux = "schneefux <schneefux+nixos_pkg@schneefux.xyz>";
schristo = "Scott Christopher <schristopher@konputa.com>";
@ -488,6 +491,7 @@
skrzyp = "Jakub Skrzypnik <jot.skrzyp@gmail.com>";
sleexyz = "Sean Lee <freshdried@gmail.com>";
smironov = "Sergey Mironov <grrwlf@gmail.com>";
snyh = "Xia Bin <snyh@snyh.org>";
solson = "Scott Olson <scott@solson.me>";
spacefrogg = "Michael Raitza <spacefrogg-nixos@meterriblecrew.net>";
spencerjanssen = "Spencer Janssen <spencerjanssen@gmail.com>";
@ -500,6 +504,7 @@
sternenseemann = "Lukas Epple <post@lukasepple.de>";
stesie = "Stefan Siegl <stesie@brokenpipe.de>";
steveej = "Stefan Junker <mail@stefanjunker.de>";
SuprDewd = "Bjarki Ágúst Guðmundsson <suprdewd@gmail.com>";
swarren83 = "Shawn Warren <shawn.w.warren@gmail.com>";
swistak35 = "Rafał Łasocha <me@swistak35.com>";
szczyp = "Szczyp <qb@szczyp.com>";
@ -509,6 +514,7 @@
takikawa = "Asumu Takikawa <asumu@igalia.com>";
taktoa = "Remy Goldschmidt <taktoa@gmail.com>";
taku0 = "Takuo Yonezawa <mxxouy6x3m_github@tatapa.org>";
tari = "Peter Marheine <peter@taricorp.net>";
tavyc = "Octavian Cerna <octavian.cerna@gmail.com>";
teh = "Tom Hunger <tehunger@gmail.com>";
telotortium = "Robert Irelan <rirelan@gmail.com>";

2
lib/systems/doubles.nix
View File

@ -30,7 +30,7 @@ in rec {
mips = filterDoubles (matchAttrs { cpu = { family = "mips"; }; });
x86_64 = filterDoubles parse.isx86_64;
cygwin = filterDoubles (matchAttrs { kernel = parse.kernels.cygwin; });
cygwin = filterDoubles parse.isCygwin;
darwin = filterDoubles parse.isDarwin;
freebsd = filterDoubles (matchAttrs { kernel = parse.kernels.freebsd; });
gnu = filterDoubles (matchAttrs { kernel = parse.kernels.linux; abi = parse.abis.gnu; }); # Should be better

60
lib/systems/parse.nix
View File

@ -1,5 +1,9 @@
# Define the list of system with their properties. Only systems tested for
# Nixpkgs are listed below
# Define the list of system with their properties.
#
# See https://clang.llvm.org/docs/CrossCompilation.html and
# http://llvm.org/docs/doxygen/html/Triple_8cpp_source.html especially
# Triple::normalize. Parsing should essentially act as a more conservative
# version of that last function.
with import ../lists.nix;
with import ../types.nix;
@ -9,7 +13,7 @@ let
lib = import ../default.nix;
setTypesAssert = type: pred:
mapAttrs (name: value:
#assert pred value;
assert pred value;
setType type ({ inherit name; } // value));
setTypes = type: setTypesAssert type (_: true);
@ -23,7 +27,6 @@ rec {
littleEndian = {};
};
isCpuType = isType "cpu-type";
cpuTypes = with significantBytes; setTypesAssert "cpu-type"
(x: elem x.bits [8 16 32 64 128]
@ -47,6 +50,7 @@ rec {
vendors = setTypes "vendor" {
apple = {};
pc = {};
unknown = {};
};
@ -56,6 +60,7 @@ rec {
elf = {};
macho = {};
pe = {};
unknown = {};
};
@ -63,15 +68,12 @@ rec {
kernelFamilies = setTypes "kernel-family" {
bsd = {};
unix = {};
windows-nt = {};
dos = {};
};
isKernel = x: isType "kernel" x;
kernels = with execFormats; with kernelFamilies; setTypesAssert "kernel"
(x: isExecFormat x.execFormat && all isKernelFamily (attrValues x.families))
{
cygwin = { execFormat = pe; families = { inherit /*unix*/ windows-nt; }; };
darwin = { execFormat = macho; families = { inherit unix; }; };
freebsd = { execFormat = elf; families = { inherit unix bsd; }; };
linux = { execFormat = elf; families = { inherit unix; }; };
@ -79,16 +81,21 @@ rec {
none = { execFormat = unknown; families = { inherit unix; }; };
openbsd = { execFormat = elf; families = { inherit unix bsd; }; };
solaris = { execFormat = elf; families = { inherit unix; }; };
win32 = { execFormat = pe; families = { inherit dos; }; };
windows = { execFormat = pe; families = { }; };
} // { # aliases
win32 = kernels.windows;
};
isAbi = isType "abi";
abis = setTypes "abi" {
cygnus = {};
gnu = {};
msvc = {};
eabi = {};
androideabi = {};
gnueabi = {};
gnueabihf = {};
unknown = {};
};
@ -107,19 +114,25 @@ rec {
isDarwin = matchAttrs { kernel = kernels.darwin; };
isLinux = matchAttrs { kernel = kernels.linux; };
isUnix = matchAttrs { kernel = { families = { inherit (kernelFamilies) unix; }; }; };
isWindows = s: matchAttrs { kernel = { families = { inherit (kernelFamilies) windows-nt; }; }; } s
|| matchAttrs { kernel = { families = { inherit (kernelFamilies) dos; }; }; } s;
isWindows = matchAttrs { kernel = kernels.windows; };
isCygwin = matchAttrs { kernel = kernels.windows; abi = abis.cygnus; };
isMinGW = matchAttrs { kernel = kernels.windows; abi = abis.gnu; };
mkSkeletonFromList = l: {
"2" = { cpu = elemAt l 0; kernel = elemAt l 1; };
"4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
"2" = # We only do 2-part hacks for things Nix already supports
if elemAt l 1 == "cygwin"
then { cpu = elemAt l 0; kernel = "windows"; abi = "cygnus"; }
else { cpu = elemAt l 0; kernel = elemAt l 1; };
"3" = # Awkwards hacks, beware!
if elemAt l 1 == "apple"
then { cpu = elemAt l 0; vendor = "apple"; kernel = elemAt l 2; }
else if (elemAt l 1 == "linux") || (elemAt l 2 == "gnu")
then { cpu = elemAt l 0; kernel = elemAt l 1; abi = elemAt l 2; }
else if (elemAt l 2 == "mingw32") # autotools breaks on -gnu for window
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "windows"; abi = "gnu"; }
else throw "Target specification with 3 components is ambiguous";
"4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
}.${toString (length l)}
or (throw "system string has invalid number of hyphen-separated components");
@ -132,18 +145,10 @@ rec {
, # Also inferred below
abi ? assert false; null
} @ args: let
getCpu = name:
attrByPath [name] (throw "Unknown CPU type: ${name}")
cpuTypes;
getVendor = name:
attrByPath [name] (throw "Unknown vendor: ${name}")
vendors;
getKernel = name:
attrByPath [name] (throw "Unknown kernel: ${name}")
kernels;
getAbi = name:
attrByPath [name] (throw "Unknown ABI: ${name}")
abis;
getCpu = name: cpuTypes.${name} or (throw "Unknown CPU type: ${name}");
getVendor = name: vendors.${name} or (throw "Unknown vendor: ${name}");
getKernel = name: kernels.${name} or (throw "Unknown kernel: ${name}");
getAbi = name: abis.${name} or (throw "Unknown ABI: ${name}");
system = rec {
cpu = getCpu args.cpu;
@ -164,7 +169,10 @@ rec {
mkSystemFromString = s: mkSystemFromSkeleton (mkSkeletonFromList (lib.splitString "-" s));
doubleFromSystem = { cpu, vendor, kernel, abi, ... }: "${cpu.name}-${kernel.name}";
doubleFromSystem = { cpu, vendor, kernel, abi, ... }:
if vendor == kernels.windows && abi == abis.cygnus
then "${cpu.name}-cygwin"
else "${cpu.name}-${kernel.name}";
tripleFromSystem = { cpu, vendor, kernel, abi, ... } @ sys: assert isSystem sys; let
optAbi = lib.optionalString (abi != abis.unknown) "-${abi.name}";

70
lib/systems/platforms.nix
View File

@ -21,6 +21,39 @@ rec {
kernelAutoModules = false;
};
pogoplug4 = {
name = "pogoplug4";
gcc = {
arch = "armv5te";
float = "soft";
};
kernelMajor = "2.6";
kernelHeadersBaseConfig = "multi_v5_defconfig";
kernelBaseConfig = "multi_v5_defconfig";
kernelArch = "arm";
kernelAutoModules = false;
kernelExtraConfig =
''
# Ubi for the mtd
MTD_UBI y
UBIFS_FS y
UBIFS_FS_XATTR y
UBIFS_FS_ADVANCED_COMPR y
UBIFS_FS_LZO y
UBIFS_FS_ZLIB y
UBIFS_FS_DEBUG n
'';
kernelMakeFlags = [ "LOADADDR=0x8000" ];
kernelTarget = "uImage";
# TODO reenable once manual-config's config actually builds a .dtb and this is checked to be working
#kernelDTB = true;
# XXX can be anything non-null, pkgs actually only cares if it is set or not
uboot = "pogoplug4";
};
sheevaplug = {
name = "sheevaplug";
kernelMajor = "2.6";
@ -307,6 +340,43 @@ rec {
uboot = null;
};
scaleway-c1 = armv7l-hf-multiplatform // {
gcc = {
cpu = "cortex-a9";
fpu = "vfpv3";
float = "hard";
};
};
utilite = {
name = "utilite";
kernelMajor = "2.6";
kernelHeadersBaseConfig = "multi_v7_defconfig";
kernelBaseConfig = "multi_v7_defconfig";
kernelArch = "arm";
kernelAutoModules = false;
kernelExtraConfig =
''
# Ubi for the mtd
MTD_UBI y
UBIFS_FS y
UBIFS_FS_XATTR y
UBIFS_FS_ADVANCED_COMPR y
UBIFS_FS_LZO y
UBIFS_FS_ZLIB y
UBIFS_FS_DEBUG n
'';
kernelMakeFlags = [ "LOADADDR=0x10800000" ];
kernelTarget = "uImage";
kernelDTB = true;
uboot = true; #XXX: any non-null value here is needed so that mkimage is present to build kernelTarget uImage
gcc = {
cpu = "cortex-a9";
fpu = "neon";
float = "hard";
};
};
guruplug = sheevaplug // {
# Define `CONFIG_MACH_GURUPLUG' (see
# <http://kerneltrap.org/mailarchive/git-commits-head/2010/5/19/33618>)

2
lib/trivial.nix
View File

@ -38,7 +38,7 @@ rec {
/* Merge two attribute sets shallowly, right side trumps left
Example:
mergeAttrs { a = 1; b = 2; } // { b = 3; c = 4; }
mergeAttrs { a = 1; b = 2; } { b = 3; c = 4; }
=> { a = 1; b = 3; c = 4; }
*/
mergeAttrs = x: y: x // y;

13
nixos/doc/manual/administration/imperative-containers.xml
View File

@ -29,8 +29,10 @@ line. For instance, to create a container that has
<literal>root</literal>:
<screen>
# nixos-container create foo --config 'services.openssh.enable = true; \
users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"];'
# nixos-container create foo --config '
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"];
'
</screen>
</para>
@ -97,8 +99,11 @@ This will build and activate the new configuration. You can also
specify a new configuration on the command line:
<screen>
# nixos-container update foo --config 'services.httpd.enable = true; \
services.httpd.adminAddr = "foo@example.org";'
# nixos-container update foo --config '
services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
'
# curl http://$(nixos-container show-ip foo)/
&lt;!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">…

6
nixos/doc/manual/configuration/file-systems.xml
View File

@ -35,6 +35,12 @@ or <literal>ext4</literal>, then its best to specify
<option>fsType</option> to ensure that the kernel module is
available.</para>
<note><para>System startup will fail if any of the filesystems fails to mount,
dropping you to the emergency shell.
You can make a mount asynchronous and non-critical by adding
<literal>options = [ "nofail" ];</literal>.
</para></note>
<xi:include href="luks-file-systems.xml" />
</chapter>

5
nixos/doc/manual/installation/installing-usb.xml
View File

@ -34,6 +34,11 @@ ISO, copy its contents verbatim to your drive, then either:
in <link xlink:href="https://www.kernel.org/doc/Documentation/kernel-parameters.txt">
the kernel documentation</link> for more details).</para>
</listitem>
<listitem>
<para>If you want to load the contents of the ISO to ram after bootin
(So you can remove the stick after bootup) you can append the parameter
<literal>copytoram</literal>to the <literal>options</literal> field.</para>
</listitem>
</itemizedlist>
</para>

7
nixos/doc/manual/release-notes/rl-1709.xml
View File

@ -39,6 +39,13 @@ following incompatible changes:</para>
All JetBrains IDEs are now at <literal>jetbrains</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>flexget</literal>'s state database cannot be upgraded to its
new internal format, requiring removal of any existing
<literal>db-config.sqlite</literal> which will be automatically recreated.
</para>
</listitem>
</itemizedlist>

204
nixos/lib/make-disk-image.nix
View File

@ -33,42 +33,124 @@
, name ? "nixos-disk-image"
# This prevents errors while checking nix-store validity, see
# https://github.com/NixOS/nix/issues/1134
, fixValidity ? true
, format ? "raw"
}:
with lib;
pkgs.vmTools.runInLinuxVM (
let
# Copied from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/cd-dvd/channel.nix
# TODO: factor out more cleanly
# Do not include these things:
# - The '.git' directory
# - Result symlinks from nix-build ('result', 'result-2', 'result-bin', ...)
# - VIM/Emacs swap/backup files ('.swp', '.swo', '.foo.swp', 'foo~', ...)
filterFn = path: type: let basename = baseNameOf (toString path); in
if type == "directory" then basename != ".git"
else if type == "symlink" then builtins.match "^result(|-.*)$" basename == null
else builtins.match "^((|\..*)\.sw[a-z]|.*~)$" basename == null;
nixpkgs = builtins.filterSource filterFn pkgs.path;
channelSources = pkgs.runCommand "nixos-${config.system.nixosVersion}" {} ''
mkdir -p $out
cp -prd ${nixpkgs} $out/nixos
chmod -R u+w $out/nixos
if [ ! -e $out/nixos/nixpkgs ]; then
ln -s . $out/nixos/nixpkgs
fi
rm -rf $out/nixos/.git
echo -n ${config.system.nixosVersionSuffix} > $out/nixos/.version-suffix
'';
metaClosure = pkgs.writeText "meta" ''
${config.system.build.toplevel}
${config.nix.package.out}
${channelSources}
'';
prepareImageInputs = with pkgs; [ rsync utillinux parted e2fsprogs lkl fakeroot config.system.build.nixos-prepare-root ] ++ stdenv.initialPath;
# I'm preserving the line below because I'm going to search for it across nixpkgs to consolidate
# image building logic. The comment right below this now appears in 4 different places in nixpkgs :)
# !!! should use XML.
sources = map (x: x.source) contents;
targets = map (x: x.target) contents;
prepareImage = ''
export PATH=${pkgs.lib.makeSearchPathOutput "bin" "bin" prepareImageInputs}
mkdir $out
diskImage=nixos.raw
truncate -s ${toString diskSize}M $diskImage
${if partitioned then ''
parted $diskImage -- mklabel msdos mkpart primary ext4 1M -1s
offset=$((2048*512))
'' else ''
offset=0
''}
mkfs.${fsType} -F -L nixos -E offset=$offset $diskImage
root="$PWD/root"
mkdir -p $root
# Copy arbitrary other files into the image
# Semi-shamelessly copied from make-etc.sh. I (@copumpkin) shall factor this stuff out as part of
# https://github.com/NixOS/nixpkgs/issues/23052.
set -f
sources_=(${concatStringsSep " " sources})
targets_=(${concatStringsSep " " targets})
set +f
for ((i = 0; i < ''${#targets_[@]}; i++)); do
source="''${sources_[$i]}"
target="''${targets_[$i]}"
if [[ "$source" =~ '*' ]]; then
# If the source name contains '*', perform globbing.
mkdir -p $root/$target
for fn in $source; do
rsync -a --no-o --no-g "$fn" $root/$target/
done
else
mkdir -p $root/$(dirname $target)
if ! [ -e $root/$target ]; then
rsync -a --no-o --no-g $source $root/$target
else
echo "duplicate entry $target -> $source"
exit 1
fi
fi
done
# TODO: Nix really likes to chown things it creates to its current user...
fakeroot nixos-prepare-root $root ${channelSources} ${config.system.build.toplevel} closure
echo "copying staging root to image..."
cptofs ${pkgs.lib.optionalString partitioned "-P 1"} -t ${fsType} -i $diskImage $root/* /
'';
in pkgs.vmTools.runInLinuxVM (
pkgs.runCommand name
{ preVM =
''
mkdir $out
diskImage=$out/nixos.${if format == "qcow2" then "qcow2" else "img"}
${pkgs.vmTools.qemu}/bin/qemu-img create -f ${format} $diskImage "${toString diskSize}M"
mv closure xchg/
'';
buildInputs = with pkgs; [ utillinux perl e2fsprogs parted rsync ];
# I'm preserving the line below because I'm going to search for it across nixpkgs to consolidate
# image building logic. The comment right below this now appears in 4 different places in nixpkgs :)
# !!! should use XML.
sources = map (x: x.source) contents;
targets = map (x: x.target) contents;
exportReferencesGraph =
[ "closure" config.system.build.toplevel ];
inherit postVM;
{ preVM = prepareImage;
buildInputs = with pkgs; [ utillinux e2fsprogs ];
exportReferencesGraph = [ "closure" metaClosure ];
postVM = ''
${if format == "raw" then ''
mv $diskImage $out/nixos.img
diskImage=$out/nixos.img
'' else ''
${pkgs.qemu}/bin/qemu-img convert -f raw -O qcow2 $diskImage $out/nixos.qcow2
diskImage=$out/nixos.qcow2
''}
${postVM}
'';
memSize = 1024;
}
''
${if partitioned then ''
# Create a single / partition.
parted /dev/vda mklabel msdos
parted /dev/vda -- mkpart primary ext2 1M -1s
. /sys/class/block/vda1/uevent
mknod /dev/vda1 b $MAJOR $MINOR
rootDisk=/dev/vda1
@ -76,74 +158,34 @@ pkgs.vmTools.runInLinuxVM (
rootDisk=/dev/vda
''}
# Create an empty filesystem and mount it.
mkfs.${fsType} -L nixos $rootDisk
mkdir /mnt
mount $rootDisk /mnt
# Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
${if fixValidity then ''
# Add missing size/hash fields to the database. FIXME:
# exportReferencesGraph should provide these directly.
${config.nix.package.out}/bin/nix-store --verify --check-contents --option build-users-group ""
'' else ""}
# In case the bootloader tries to write to /dev/sda…
# Some tools assume these exist
ln -s vda /dev/xvda
ln -s vda /dev/sda
# Install the closure onto the image
USER=root ${config.system.build.nixos-install}/bin/nixos-install \
--closure ${config.system.build.toplevel} \
--no-channel-copy \
--no-root-passwd \
${optionalString (!installBootLoader) "--no-bootloader"}
mountPoint=/mnt
mkdir $mountPoint
mount $rootDisk $mountPoint
# Install a configuration.nix.
# Install a configuration.nix
mkdir -p /mnt/etc/nixos
${optionalString (configFile != null) ''
cp ${configFile} /mnt/etc/nixos/configuration.nix
''}
# Remove /etc/machine-id so that each machine cloning this image will get its own id
rm -f /mnt/etc/machine-id
mount --rbind /dev $mountPoint/dev
mount --rbind /proc $mountPoint/proc
mount --rbind /sys $mountPoint/sys
# Copy arbitrary other files into the image
# Semi-shamelessly copied from make-etc.sh. I (@copumpkin) shall factor this stuff out as part of
# https://github.com/NixOS/nixpkgs/issues/23052.
set -f
sources_=($sources)
targets_=($targets)
set +f
# Set up core system link, GRUB, etc.
NIXOS_INSTALL_BOOTLOADER=1 chroot $mountPoint /nix/var/nix/profiles/system/bin/switch-to-configuration boot
for ((i = 0; i < ''${#targets_[@]}; i++)); do
source="''${sources_[$i]}"
target="''${targets_[$i]}"
# TODO: figure out if I should activate, but for now I won't
# chroot $mountPoint /nix/var/nix/profiles/system/activate
if [[ "$source" =~ '*' ]]; then
# The above scripts will generate a random machine-id and we don't want to bake a single ID into all our images
rm -f $mountPoint/etc/machine-id
# If the source name contains '*', perform globbing.
mkdir -p /mnt/$target
for fn in $source; do
rsync -a --no-o --no-g "$fn" /mnt/$target/
done
else
mkdir -p /mnt/$(dirname $target)
if ! [ -e /mnt/$target ]; then
rsync -a --no-o --no-g $source /mnt/$target
else
echo "duplicate entry $target -> $source"
exit 1
fi
fi
done
umount /mnt
umount -R /mnt
# Make sure resize2fs works. Note that resize2fs has stricter criteria for resizing than a normal
# mount, so the `-c 0` and `-i 0` don't affect it. Setting it to `now` doesn't produce deterministic

5
nixos/maintainers/scripts/ec2/amazon-image.nix
View File

@ -6,10 +6,7 @@ let
cfg = config.amazonImage;
in {
imports =
[ ../../../modules/installer/cd-dvd/channel.nix
../../../modules/virtualisation/amazon-image.nix
];
imports = [ ../../../modules/virtualisation/amazon-image.nix ];
options.amazonImage = {
contents = mkOption {

28
nixos/modules/config/i18n.nix
View File

@ -2,21 +2,27 @@
with lib;
let
glibcLocales = pkgs.glibcLocales.override {
allLocales = any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales;
};
in
{
###### interface
options = {
i18n = {
glibcLocales = mkOption {
type = types.path;
default = pkgs.glibcLocales.override {
allLocales = any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales;
};
example = literalExample "pkgs.glibcLocales";
description = ''
Customized pkg.glibcLocales package.
Changing this option can disable handling of i18n.defaultLocale
and supportedLocale.
'';
};
defaultLocale = mkOption {
type = types.str;
default = "en_US.UTF-8";
@ -118,7 +124,7 @@ in
'');
environment.systemPackages =
optional (config.i18n.supportedLocales != []) glibcLocales;
optional (config.i18n.supportedLocales != []) config.i18n.glibcLocales;
environment.sessionVariables =
{ LANG = config.i18n.defaultLocale;
@ -126,7 +132,7 @@ in
};
systemd.globalEnvironment = mkIf (config.i18n.supportedLocales != []) {
LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
LOCALE_ARCHIVE = "${config.i18n.glibcLocales}/lib/locale/locale-archive";
};
# /etc/locale.conf is used by systemd.

6
nixos/modules/installer/tools/nix-fallback-paths.nix
View File

@ -1,5 +1,5 @@
{
x86_64-linux = "/nix/store/j6q3pb75q1sbk0xsa5x6a629ph98ycdl-nix-1.11.8";
i686-linux = "/nix/store/4m6ps568l988bbr1p2k3w9raq3rblppi-nix-1.11.8";
x86_64-darwin = "/nix/store/cc5q944yn3j2hrs8k0kxx9r2mk9mni8a-nix-1.11.8";
x86_64-linux = "/nix/store/71im965h634iy99zsmlncw6qhx5jcclx-nix-1.11.9";
i686-linux = "/nix/store/cgvavixkayc36l6kl92i8mxr6k0p2yhy-nix-1.11.9";
x86_64-darwin = "/nix/store/w1c96v5yxvdmq4nvqlxjvg6kp7xa2lag-nix-1.11.9";
}

2
nixos/modules/installer/tools/nixos-prepare-root.sh
View File

@ -70,7 +70,7 @@ for i in $closures; do
rsync -a $j $mountPoint/nix/store/
done
nix-store --register-validity < $i
nix-store --option build-users-group root --register-validity < $i
fi
done

10
nixos/modules/misc/extra-arguments.nix
View File

@ -2,16 +2,6 @@
{
_module.args = {
pkgs_i686 = import ../../.. {
system = "i686-linux";
# FIXME: we enable config.allowUnfree to make packages like
# nvidia-x11 available. This isn't a problem because if the user has
# nixpkgs.config.allowUnfree = false, then evaluation will fail on
# the 64-bit package anyway. However, it would be cleaner to respect
# nixpkgs.config here.
config.allowUnfree = true;
};
utils = import ../../lib/utils.nix pkgs;
};
}

10
nixos/modules/misc/ids.nix
View File

@ -289,6 +289,11 @@
rpc = 271;
geoip = 272;
fcron = 273;
sonarr = 274;
radarr = 275;
jackett = 276;
aria2 = 277;
clickhouse = 278;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -547,6 +552,11 @@
#rpc = 271; # unused
#geoip = 272; # unused
fcron = 273;
sonarr = 274;
radarr = 275;
jackett = 276;
aria2 = 277;
clickhouse = 278;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

7
nixos/modules/misc/nixpkgs.nix
View File

@ -42,6 +42,8 @@ let
merge = lib.mergeOneOption;
};
_pkgs = import ../../.. config.nixpkgs;
in
{
@ -97,6 +99,9 @@ in
};
config = {
_module.args.pkgs = import ../../.. config.nixpkgs;
_module.args = {
pkgs = _pkgs;
pkgs_i686 = _pkgs.pkgsi686Linux;
};
};
}

10
nixos/modules/module-list.nix
View File

@ -71,6 +71,7 @@
./programs/atop.nix
./programs/bash/bash.nix
./programs/blcr.nix
./programs/browserpass.nix
./programs/cdemu.nix
./programs/chromium.nix
./programs/command-not-found/command-not-found.nix
@ -88,6 +89,7 @@
./programs/mtr.nix
./programs/nano.nix
./programs/oblogout.nix
./programs/qt5ct.nix
./programs/screen.nix
./programs/slock.nix
./programs/shadow.nix
@ -102,7 +104,9 @@
./programs/wvdial.nix
./programs/xfs_quota.nix
./programs/xonsh.nix
./programs/zsh/oh-my-zsh.nix
./programs/zsh/zsh.nix
./programs/zsh/zsh-syntax-highlighting.nix
./rename.nix
./security/acme.nix
./security/apparmor.nix
@ -114,6 +118,7 @@
./security/duosec.nix
./security/grsecurity.nix
./security/hidepid.nix
./security/lock-kernel-modules.nix
./security/oath.nix
./security/pam.nix
./security/pam_usb.nix
@ -161,6 +166,7 @@
./services/continuous-integration/jenkins/slave.nix
./services/databases/4store-endpoint.nix
./services/databases/4store.nix
./services/databases/clickhouse.nix
./services/databases/couchdb.nix
./services/databases/firebird.nix
./services/databases/hbase.nix
@ -502,6 +508,7 @@
./services/networking/wpa_supplicant.nix
./services/networking/xinetd.nix
./services/networking/xl2tpd.nix
./services/networking/xrdp.nix
./services/networking/zerobin.nix
./services/networking/zerotierone.nix
./services/networking/znc.nix
@ -527,8 +534,9 @@
./services/security/munge.nix
./services/security/oauth2_proxy.nix
./services/security/physlock.nix
./services/security/torify.nix
./services/security/sshguard.nix
./services/security/tor.nix
./services/security/torify.nix
./services/security/torsocks.nix
./services/system/cgmanager.nix
./services/system/cloud-init.nix

62
nixos/modules/profiles/hardened.nix Normal file
View File

@ -0,0 +1,62 @@
# A profile with most (vanilla) hardening options enabled by default,
# potentially at the cost of features and performance.
{ config, lib, pkgs, ... }:
with lib;
{
boot.kernelPackages = mkDefault pkgs.linuxPackages_hardened;
security.hideProcessInformation = mkDefault true;
security.lockKernelModules = mkDefault true;
security.apparmor.enable = mkDefault true;
boot.kernelParams = [
# Overwrite free'd memory
"page_poison=1"
# Disable legacy virtual syscalls
"vsyscall=none"
# Disable hibernation (allows replacing the running kernel)
"nohibernate"
];
# Restrict ptrace() usage to processes with a pre-defined relationship
# (e.g., parent/child)
boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;
# Prevent replacing the running kernel image w/o reboot
boot.kernel.sysctl."kernel.kexec_load_disabled" = mkDefault true;
# Restrict access to kernel ring buffer (information leaks)
boot.kernel.sysctl."kernel.dmesg_restrict" = mkDefault true;
# Hide kptrs even for processes with CAP_SYSLOG
boot.kernel.sysctl."kernel.kptr_restrict" = mkOverride 500 2;
# Unprivileged access to bpf() has been used for privilege escalation in
# the past
boot.kernel.sysctl."kernel.unprivileged_bpf_disabled" = mkDefault true;
# Disable bpf() JIT (to eliminate spray attacks)
boot.kernel.sysctl."net.core.bpf_jit_enable" = mkDefault false;
# ... or at least apply some hardening to it
boot.kernel.sysctl."net.core.bpf_jit_harden" = mkDefault true;
# A recurring problem with user namespaces is that there are
# still code paths where the kernel's permission checking logic
# fails to account for namespacing, instead permitting a
# namespaced process to act outside the namespace with the
# same privileges as it would have inside it. This is particularly
# bad in the common case of running as root within the namespace.
#
# Setting the number of allowed userns to 0 effectively disables
# the feature at runtime. Attempting to create a user namespace
# with unshare will then fail with "no space left on device".
boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0;
}

26
nixos/modules/programs/browserpass.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
with lib;
{
###### interface
options = {
programs.browserpass = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to install the NativeMessaging configuration for installed browsers.
'';
};
};
};
###### implementation
config = mkIf config.programs.browserpass.enable {
environment.systemPackages = [ pkgs.browserpass ];
environment.etc."chromium/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json";
environment.etc."opt/chrome/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json";
};
}

4
nixos/modules/programs/command-not-found/command-not-found.nix
View File

@ -44,7 +44,7 @@ in
''
# This function is called whenever a command is not found.
command_not_found_handle() {
local p=${commandNotFound}
local p=${commandNotFound}/bin/command-not-found
if [ -x $p -a -f ${cfg.dbPath} ]; then
# Run the helper program.
$p "$@"
@ -65,7 +65,7 @@ in
''
# This function is called whenever a command is not found.
command_not_found_handler() {
local p=${commandNotFound}
local p=${commandNotFound}/bin/command-not-found
if [ -x $p -a -f ${cfg.dbPath} ]; then
# Run the helper program.
$p "$@"

2
nixos/modules/programs/environment.nix
View File

@ -20,6 +20,7 @@ in
{ NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix";
PAGER = mkDefault "less -R";
EDITOR = mkDefault "nano";
XCURSOR_PATH = "$HOME/.icons";
};
environment.profiles =
@ -42,6 +43,7 @@ in
GTK_PATH = [ "/lib/gtk-2.0" "/lib/gtk-3.0" ];
XDG_CONFIG_DIRS = [ "/etc/xdg" ];
XDG_DATA_DIRS = [ "/share" ];
XCURSOR_PATH = [ "/share/icons" ];
MOZ_PLUGIN_PATH = [ "/lib/mozilla/plugins" ];
LIBEXEC_PATH = [ "/lib/libexec" ];
};

31
nixos/modules/programs/qt5ct.nix Normal file
View File

@ -0,0 +1,31 @@
{ config, lib, pkgs, ... }:
with lib;
{
meta.maintainers = [ maintainers.romildo ];
###### interface
options = {
programs.qt5ct = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable the Qt5 Configuration Tool (qt5ct), a
program that allows users to configure Qt5 settings (theme,
font, icons, etc.) under desktop environments or window
manager without Qt integration.
Official home page: <link xlink:href="https://sourceforge.net/projects/qt5ct/">https://sourceforge.net/projects/qt5ct/</link>
'';
};
};
};
###### implementation
config = mkIf config.programs.qt5ct.enable {
environment.variables.QT_QPA_PLATFORMTHEME = "qt5ct";
environment.systemPackages = [ pkgs.qt5ct ];
};
}

66
nixos/modules/programs/zsh/oh-my-zsh.nix Normal file
View File

@ -0,0 +1,66 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.zsh.oh-my-zsh;
in
{
options = {
programs.zsh.oh-my-zsh = {
enable = mkOption {
default = false;
description = ''
Enable oh-my-zsh.
'';
};
plugins = mkOption {
default = [];
type = types.listOf(types.str);
description = ''
List of oh-my-zsh plugins
'';
};
custom = mkOption {
default = "";
type = types.str;
description = ''
Path to a custom oh-my-zsh package to override config of oh-my-zsh.
'';
};
theme = mkOption {
default = "";
type = types.str;
description = ''
Name of the theme to be used by oh-my-zsh.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ oh-my-zsh ];
programs.zsh.interactiveShellInit = with pkgs; with builtins; ''
# oh-my-zsh configuration generated by NixOS
export ZSH=${oh-my-zsh}/share/oh-my-zsh
${optionalString (length(cfg.plugins) > 0)
"plugins=(${concatStringsSep " " cfg.plugins})"
}
${optionalString (stringLength(cfg.custom) > 0)
"ZSH_CUSTOM=\"${cfg.custom}\""
}
${optionalString (stringLength(cfg.theme) > 0)
"ZSH_THEME=\"${cfg.theme}\""
}
source $ZSH/oh-my-zsh.sh
'';
};
}

53
nixos/modules/programs/zsh/zsh-syntax-highlighting.nix Normal file
View File

@ -0,0 +1,53 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.zsh.syntax-highlighting;
in
{
options = {
programs.zsh.syntax-highlighting = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Enable zsh-syntax-highlighting.
'';
};
highlighters = mkOption {
default = [ "main" ];
# https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md
type = types.listOf(types.enum([
"main"
"brackets"
"pattern"
"cursor"
"root"
"line"
]));
description = ''
Specifies the highlighters to be used by zsh-syntax-highlighting.
The following defined options can be found here:
https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ zsh-syntax-highlighting ];
programs.zsh.interactiveShellInit = with pkgs; with builtins; ''
source ${zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
${optionalString (length(cfg.highlighters) > 0)
"ZSH_HIGHLIGHT_HIGHLIGHTERS=(${concatStringsSep " " cfg.highlighters})"
}
'';
};
}

16
nixos/modules/programs/zsh/zsh.nix
View File

@ -84,14 +84,6 @@ in
type = types.bool;
};
enableSyntaxHighlighting = mkOption {
default = false;
description = ''
Enable zsh-syntax-highlighting
'';
type = types.bool;
};
enableAutosuggestions = mkOption {
default = false;
description = ''
@ -130,10 +122,6 @@ in
${if cfg.enableCompletion then "autoload -U compinit && compinit" else ""}
${optionalString (cfg.enableSyntaxHighlighting)
"source ${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh"
}
${optionalString (cfg.enableAutosuggestions)
"source ${pkgs.zsh-autosuggestions}/share/zsh-autosuggestions/zsh-autosuggestions.zsh"
}
@ -143,7 +131,6 @@ in
${cfge.interactiveShellInit}
HELPDIR="${pkgs.zsh}/share/zsh/$ZSH_VERSION/help"
'';
@ -206,8 +193,7 @@ in
environment.etc."zinputrc".source = ./zinputrc;
environment.systemPackages = [ pkgs.zsh ]
++ optional cfg.enableCompletion pkgs.nix-zsh-completions
++ optional cfg.enableSyntaxHighlighting pkgs.zsh-syntax-highlighting;
++ optional cfg.enableCompletion pkgs.nix-zsh-completions;
environment.pathsToLink = optional cfg.enableCompletion "/share/zsh";

3
nixos/modules/rename.nix
View File

@ -204,5 +204,8 @@ with lib;
"Set the option `services.xserver.displayManager.sddm.package' instead.")
(mkRemovedOptionModule [ "fonts" "fontconfig" "forceAutohint" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ] "")
# ZSH
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntax-highlighting" "enable" ])
];
}

2
nixos/modules/security/grsecurity.nix
View File

@ -13,7 +13,7 @@ in
{
meta = {
maintainers = with maintainers; [ joachifm ];
maintainers = with maintainers; [ ];
doc = ./grsecurity.xml;
};

8
nixos/modules/security/grsecurity.xml
View File

@ -26,9 +26,11 @@
<link xlink:href="https://wiki.archlinux.org/index.php/Grsecurity">Arch
Linux wiki page on grsecurity</link>.
<note><para>grsecurity/PaX is only available for the latest linux -stable
kernel; patches against older kernels are available from upstream only for
a fee.</para></note>
<warning><para>Upstream has ceased free support for grsecurity/PaX. See
<link xlink:href="https://grsecurity.net/passing_the_baton.php">
the announcement</link> for more information. Consequently, NixOS
support for grsecurity/PaX also must cease. Enabling this module will
result in a build error.</para></warning>
<note><para>We standardise on a desktop oriented configuration primarily due
to lack of resources. The grsecurity/PaX configuration state space is huge
and each configuration requires quite a bit of testing to ensure that the

36
nixos/modules/security/lock-kernel-modules.nix Normal file
View File

@ -0,0 +1,36 @@
{ config, lib, ... }:
with lib;
{
options = {
security.lockKernelModules = mkOption {
type = types.bool;
default = false;
description = ''
Disable kernel module loading once the system is fully initialised.
Module loading is disabled until the next reboot. Problems caused
by delayed module loading can be fixed by adding the module(s) in
question to <option>boot.kernelModules</option>.
'';
};
};
config = mkIf config.security.lockKernelModules {
systemd.services.disable-kernel-module-loading = rec {
description = "Disable kernel module loading";
wantedBy = [ config.systemd.defaultUnit ];
after = [ "systemd-udev-settle.service" "firewall.service" "systemd-modules-load.service" ] ++ wantedBy;
script = "echo -n 1 > /proc/sys/kernel/modules_disabled";
unitConfig.ConditionPathIsReadWrite = "/proc/sys/kernel";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
};
};
}

13
nixos/modules/services/backup/znapzend.nix
View File

@ -20,15 +20,12 @@ in
description = "ZnapZend - ZFS Backup System";
after = [ "zfs.target" ];
path = with pkgs; [ znapzend zfs mbuffer openssh ];
path = with pkgs; [ zfs mbuffer openssh ];
script = ''
znapzend
'';
reload = ''
/bin/kill -HUP $MAINPID
'';
serviceConfig = {
ExecStart = "${pkgs.znapzend}/bin/znapzend";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
};
};
};

1
nixos/modules/services/continuous-integration/hydra/default.nix
View File

@ -233,6 +233,7 @@ in
hydra_logo ${cfg.logo}
''}
gc_roots_dir ${cfg.gcRootsDir}
use-substitutes = ${if cfg.useSubstitutes then "1" else "0"}
'';
environment.systemPackages = [ cfg.package ];

75
nixos/modules/services/databases/clickhouse.nix Normal file
View File

@ -0,0 +1,75 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.clickhouse;
confDir = "/etc/clickhouse-server";
stateDir = "/var/lib/clickhouse";
in
with lib;
{
###### interface
options = {
services.clickhouse = {
enable = mkOption {
default = false;
description = "Whether to enable ClickHouse database server.";
};
};
};
###### implementation
config = mkIf cfg.enable {
users.extraUsers.clickhouse = {
name = "clickhouse";
uid = config.ids.uids.clickhouse;
group = "clickhouse";
description = "ClickHouse server user";
};
users.extraGroups.clickhouse.gid = config.ids.gids.clickhouse;
systemd.services.clickhouse = {
description = "ClickHouse server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -p ${stateDir}
chown clickhouse:clickhouse ${confDir} ${stateDir}
'';
script = ''
cd "${confDir}"
exec ${pkgs.clickhouse}/bin/clickhouse-server
'';
serviceConfig = {
User = "clickhouse";
Group = "clickhouse";
PermissionsStartOnly = true;
};
};
environment.etc = {
"clickhouse-server/config.xml" = {
source = "${pkgs.clickhouse}/etc/clickhouse-server/config.xml";
};
"clickhouse-server/users.xml" = {
source = "${pkgs.clickhouse}/etc/clickhouse-server/users.xml";
};
};
};
}

15
nixos/modules/services/hardware/amd-hybrid-graphics.nix
View File

@ -25,15 +25,22 @@
path = [ pkgs.bash ];
description = "Disable AMD Card";
after = [ "sys-kernel-debug.mount" ];
requires = [ "sys-kernel-debug.mount" ];
wantedBy = [ "multi-user.target" ];
before = [ "systemd-vconsole-setup.service" "display-manager.service" ];
requires = [ "sys-kernel-debug.mount" "vgaswitcheroo.path" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.bash}/bin/sh -c 'echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch; exit 0'";
ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch; exit 0'";
ExecStart = "${pkgs.bash}/bin/sh -c 'echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch'";
ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch'";
};
};
systemd.paths."vgaswitcheroo" = {
pathConfig = {
PathExists = "/sys/kernel/debug/vgaswitcheroo/switch";
Unit = "amd-hybrid-graphics.service";
};
wantedBy = ["multi-user.target"];
};
};
}

62
nixos/modules/services/misc/gogs.nix
View File

@ -14,7 +14,7 @@ let
HOST = ${cfg.database.host}:${toString cfg.database.port}
NAME = ${cfg.database.name}
USER = ${cfg.database.user}
PASSWD = ${cfg.database.password}
PASSWD = #dbpass#
PATH = ${cfg.database.path}
[repository]
@ -26,6 +26,10 @@ let
HTTP_PORT = ${toString cfg.httpPort}
ROOT_URL = ${cfg.rootUrl}
[session]
COOKIE_NAME = session
COOKIE_SECURE = ${boolToString cfg.cookieSecure}
[security]
SECRET_KEY = #secretkey#
INSTALL_LOCK = true
@ -102,7 +106,21 @@ in
password = mkOption {
type = types.str;
default = "";
description = "Database password.";
description = ''
The password corresponding to <option>database.user</option>.
Warning: this is stored in cleartext in the Nix store!
Use <option>database.passwordFile</option> instead.
'';
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/gogs-dbpassword";
description = ''
A file containing the password corresponding to
<option>database.user</option>.
'';
};
path = mkOption {
@ -148,6 +166,15 @@ in
description = "HTTP listen port.";
};
cookieSecure = mkOption {
type = types.bool;
default = false;
description = ''
Marks session cookies as "secure" as a hint for browsers to only send
them via HTTPS. This option is recommend, if Gogs is being served over HTTPS.
'';
};
extraConfig = mkOption {
type = types.str;
default = "";
@ -164,13 +191,25 @@ in
wantedBy = [ "multi-user.target" ];
path = [ pkgs.gogs.bin ];
preStart = ''
preStart = let
runConfig = "${cfg.stateDir}/custom/conf/app.ini";
secretKey = "${cfg.stateDir}/custom/conf/secret_key";
in ''
# copy custom configuration and generate a random secret key if needed
${optionalString (cfg.useWizard == false) ''
mkdir -p ${cfg.stateDir}/custom/conf
cp -f ${configFile} ${cfg.stateDir}/custom/conf/app.ini
KEY=$(head -c 16 /dev/urandom | tr -dc A-Za-z0-9)
sed -i "s,#secretkey#,$KEY,g" ${cfg.stateDir}/custom/conf/app.ini
cp -f ${configFile} ${runConfig}
if [ ! -e ${secretKey} ]; then
head -c 16 /dev/urandom | base64 > ${secretKey}
fi
KEY=$(head -n1 ${secretKey})
DBPASS=$(head -n1 ${cfg.database.passwordFile})
sed -e "s,#secretkey#,$KEY,g" \
-e "s,#dbpass#,$DBPASS,g" \
-i ${runConfig}
chmod 440 ${runConfig} ${secretKey}
''}
mkdir -p ${cfg.repositoryRoot}
@ -212,5 +251,16 @@ in
};
extraGroups.gogs.gid = config.ids.gids.gogs;
};
warnings = optional (cfg.database.password != "")
''config.services.gogs.database.password will be stored as plaintext
in the Nix store. Use database.passwordFile instead.'';
# Create database passwordFile default when password is configured.
services.gogs.database.passwordFile = mkIf (cfg.database.password != "")
(mkDefault (toString (pkgs.writeTextFile {
name = "gogs-database-password";
text = cfg.database.password;
})));
};
}

7
nixos/modules/services/misc/jackett.nix
View File

@ -22,14 +22,14 @@ in
echo "Creating jackett data directory in /var/lib/jackett/"
mkdir -p /var/lib/jackett/
}
chown -R jackett /var/lib/jackett/
chown -R jackett:jackett /var/lib/jackett/
chmod 0700 /var/lib/jackett/
'';
serviceConfig = {
Type = "simple";
User = "jackett";
Group = "nogroup";
Group = "jackett";
PermissionsStartOnly = "true";
ExecStart = "${pkgs.jackett}/bin/Jackett";
Restart = "on-failure";
@ -37,8 +37,11 @@ in
};
users.extraUsers.jackett = {
uid = config.ids.uids.jackett;
home = "/var/lib/jackett";
group = "jackett";
};
users.extraGroups.jackett.gid = config.ids.gids.jackett;
};
}

2
nixos/modules/services/misc/plex.nix
View File

@ -91,7 +91,7 @@ in
# Copy the database skeleton files to /var/lib/plex/.skeleton
# See the the Nix expression for Plex's package for more information on
# why this is done.
test -d "${cfg.dataDir}/.skeleton" || mkdir "${cfg.dataDir}/.skeleton"
install --owner ${cfg.user} --group ${cfg.group} -d "${cfg.dataDir}/.skeleton"
for db in "com.plexapp.plugins.library.db"; do
if [ ! -e "${cfg.dataDir}/.skeleton/$db" ]; then
cp "${cfg.package}/usr/lib/plexmediaserver/Resources/base_$db" "${cfg.dataDir}/.skeleton/$db"

7
nixos/modules/services/misc/radarr.nix
View File

@ -22,14 +22,14 @@ in
echo "Creating radarr data directory in /var/lib/radarr/"
mkdir -p /var/lib/radarr/
}
chown -R radarr /var/lib/radarr/
chown -R radarr:radarr /var/lib/radarr/
chmod 0700 /var/lib/radarr/
'';
serviceConfig = {
Type = "simple";
User = "radarr";
Group = "nogroup";
Group = "radarr";
PermissionsStartOnly = "true";
ExecStart = "${pkgs.radarr}/bin/Radarr";
Restart = "on-failure";
@ -37,8 +37,11 @@ in
};
users.extraUsers.radarr = {
uid = config.ids.uids.radarr;
home = "/var/lib/radarr";
group = "radarr";
};
users.extraGroups.radarr.gid = config.ids.gids.radarr;
};
}

7
nixos/modules/services/misc/sonarr.nix
View File

@ -22,14 +22,14 @@ in
echo "Creating sonarr data directory in /var/lib/sonarr/"
mkdir -p /var/lib/sonarr/
}
chown -R sonarr /var/lib/sonarr/
chown -R sonarr:sonarr /var/lib/sonarr/
chmod 0700 /var/lib/sonarr/
'';
serviceConfig = {
Type = "simple";
User = "sonarr";
Group = "nogroup";
Group = "sonarr";
PermissionsStartOnly = "true";
ExecStart = "${pkgs.sonarr}/bin/NzbDrone --no-browser";
Restart = "on-failure";
@ -37,8 +37,11 @@ in
};
users.extraUsers.sonarr = {
uid = config.ids.uids.sonarr;
home = "/var/lib/sonarr";
group = "sonarr";
};
users.extraGroups.sonarr.gid = config.ids.gids.sonarr;
};
}

87
nixos/modules/services/monitoring/cadvisor.nix
View File

@ -54,7 +54,29 @@ in {
storageDriverPassword = mkOption {
default = "root";
type = types.str;
description = "Cadvisor storage driver password.";
description = ''
Cadvisor storage driver password.
Warning: this password is stored in the world-readable Nix store. It's
recommended to use the <option>storageDriverPasswordFile</option> option
since that gives you control over the security of the password.
<option>storageDriverPasswordFile</option> also takes precedence over <option>storageDriverPassword</option>.
'';
};
storageDriverPasswordFile = mkOption {
type = types.str;
description = ''
File that contains the cadvisor storage driver password.
<option>storageDriverPasswordFile</option> takes precedence over <option>storageDriverPassword</option>
Warning: when <option>storageDriverPassword</option> is non-empty this defaults to a file in the
world-readable Nix store that contains the value of <option>storageDriverPassword</option>.
It's recommended to override this with a path not in the Nix store.
Tip: use <link xlink:href='https://nixos.org/nixops/manual/#idm140737318306400'>nixops key management</link>
'';
};
storageDriverSecure = mkOption {
@ -65,35 +87,44 @@ in {
};
};
config = mkIf cfg.enable {
systemd.services.cadvisor = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "docker.service" "influxdb.service" ];
config = mkMerge [
{ services.cadvisor.storageDriverPasswordFile = mkIf (cfg.storageDriverPassword != "") (
mkDefault (toString (pkgs.writeTextFile {
name = "cadvisor-storage-driver-password";
text = cfg.storageDriverPassword;
}))
);
}
postStart = mkBefore ''
until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
sleep 1;
done
'';
(mkIf cfg.enable {
systemd.services.cadvisor = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "docker.service" "influxdb.service" ];
serviceConfig = {
ExecStart = ''${pkgs.cadvisor}/bin/cadvisor \
-logtostderr=true \
-listen_ip=${cfg.listenAddress} \
-port=${toString cfg.port} \
${optionalString (cfg.storageDriver != null) ''
-storage_driver ${cfg.storageDriver} \
-storage_driver_user ${cfg.storageDriverHost} \
-storage_driver_db ${cfg.storageDriverDb} \
-storage_driver_user ${cfg.storageDriverUser} \
-storage_driver_password ${cfg.storageDriverPassword} \
${optionalString cfg.storageDriverSecure "-storage_driver_secure"}
''}
postStart = mkBefore ''
until ${pkgs.curl.bin}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/containers/'; do
sleep 1;
done
'';
TimeoutStartSec=300;
};
};
virtualisation.docker.enable = mkDefault true;
};
script = ''
exec ${pkgs.cadvisor}/bin/cadvisor \
-logtostderr=true \
-listen_ip="${cfg.listenAddress}" \
-port="${toString cfg.port}" \
${optionalString (cfg.storageDriver != null) ''
-storage_driver "${cfg.storageDriver}" \
-storage_driver_user "${cfg.storageDriverHost}" \
-storage_driver_db "${cfg.storageDriverDb}" \
-storage_driver_user "${cfg.storageDriverUser}" \
-storage_driver_password "$(cat "${cfg.storageDriverPasswordFile}")" \
${optionalString cfg.storageDriverSecure "-storage_driver_secure"}
''}
'';
serviceConfig.TimeoutStartSec=300;
};
virtualisation.docker.enable = mkDefault true;
})
];
}

16
nixos/modules/services/monitoring/graphite.nix
View File

@ -400,7 +400,8 @@ in {
mkdir -p ${cfg.dataDir}/whisper
chmod 0700 ${cfg.dataDir}/whisper
chown -R graphite:graphite ${cfg.dataDir}
chown graphite:graphite ${cfg.dataDir}
chown graphite:graphite ${cfg.dataDir}/whisper
'';
};
})
@ -487,9 +488,11 @@ in {
# create index
${pkgs.python27Packages.graphite_web}/bin/build-index.sh
touch ${dataDir}/db-created
chown graphite:graphite ${cfg.dataDir}
chown graphite:graphite ${cfg.dataDir}/whisper
chown -R graphite:graphite ${cfg.dataDir}/log
chown -R graphite:graphite ${cfg.dataDir}
touch ${dataDir}/db-created
fi
'';
};
@ -526,9 +529,10 @@ in {
mkdir -p ${dataDir}/cache/
chmod 0700 ${dataDir}/cache/
touch ${dataDir}/db-created
chown graphite:graphite ${cfg.dataDir}
chown -R graphite:graphite ${cfg.dataDir}/cache
chown -R graphite:graphite ${cfg.dataDir}
touch ${dataDir}/db-created
fi
'';
};
@ -549,7 +553,7 @@ in {
preStart = ''
if ! test -e ${dataDir}/db-created; then
mkdir -p ${dataDir}
chown -R graphite:graphite ${dataDir}
chown graphite:graphite ${dataDir}
fi
'';
};

110
nixos/modules/services/monitoring/longview.nix
View File

@ -5,22 +5,10 @@ with lib;
let
cfg = config.services.longview;
pidFile = "/run/longview.pid";
runDir = "/run/longview";
configsDir = "${runDir}/longview.d";
apacheConf = optionalString (cfg.apacheStatusUrl != "") ''
location ${cfg.apacheStatusUrl}?auto
'';
mysqlConf = optionalString (cfg.mysqlUser != "") ''
username ${cfg.mysqlUser}
password ${cfg.mysqlPassword}
'';
nginxConf = optionalString (cfg.nginxStatusUrl != "") ''
location ${cfg.nginxStatusUrl}
'';
in
{
in {
options = {
services.longview = {
@ -35,10 +23,27 @@ in
apiKey = mkOption {
type = types.str;
default = "";
example = "01234567-89AB-CDEF-0123456789ABCDEF";
description = ''
Longview API key. To get this, look in Longview settings which
are found at https://manager.linode.com/longview/.
Warning: this secret is stored in the world-readable Nix store!
Use <option>apiKeyFile</option> instead.
'';
};
apiKeyFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/longview-api-key";
description = ''
A file containing the Longview API key.
To get this, look in Longview settings which
are found at https://manager.linode.com/longview/.
<option>apiKeyFile</option> takes precedence over <option>apiKey</option>.
'';
};
@ -77,11 +82,23 @@ in
mysqlPassword = mkOption {
type = types.str;
default = "";
description = ''
The password corresponding to mysqlUser. Warning: this is
stored in cleartext in the Nix store!
The password corresponding to <option>mysqlUser</option>.
Warning: this is stored in cleartext in the Nix store!
Use <option>mysqlPasswordFile</option> instead.
'';
};
mysqlPasswordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/dbpassword";
description = ''
A file containing the password corresponding to <option>mysqlUser</option>.
'';
};
};
};
@ -94,25 +111,50 @@ in
serviceConfig.Type = "forking";
serviceConfig.ExecStop = "-${pkgs.coreutils}/bin/kill -TERM $MAINPID";
serviceConfig.ExecReload = "-${pkgs.coreutils}/bin/kill -HUP $MAINPID";
serviceConfig.PIDFile = pidFile;
serviceConfig.PIDFile = "${runDir}/longview.pid";
serviceConfig.ExecStart = "${pkgs.longview}/bin/longview";
preStart = ''
umask 077
mkdir -p ${configsDir}
'' + (optionalString (cfg.apiKeyFile != null) ''
cp --no-preserve=all "${cfg.apiKeyFile}" ${runDir}/longview.key
'') + (optionalString (cfg.apacheStatusUrl != "") ''
cat > ${configsDir}/Apache.conf <<EOF
location ${cfg.apacheStatusUrl}?auto
EOF
'') + (optionalString (cfg.mysqlUser != "" && cfg.mysqlPasswordFile != null) ''
cat > ${configsDir}/MySQL.conf <<EOF
username ${cfg.mysqlUser}
password `head -n1 "${cfg.mysqlPasswordFile}"`
EOF
'') + (optionalString (cfg.nginxStatusUrl != "") ''
cat > ${configsDir}/Nginx.conf <<EOF
location ${cfg.nginxStatusUrl}
EOF
'');
};
environment.etc."linode/longview.key" = {
mode = "0400";
text = cfg.apiKey;
};
environment.etc."linode/longview.d/Apache.conf" = {
mode = "0400";
text = apacheConf;
};
environment.etc."linode/longview.d/MySQL.conf" = {
mode = "0400";
text = mysqlConf;
};
environment.etc."linode/longview.d/Nginx.conf" = {
mode = "0400";
text = nginxConf;
};
warnings = let warn = k: optional (cfg.${k} != "")
"config.services.longview.${k} is insecure. Use ${k}File instead.";
in concatMap warn [ "apiKey" "mysqlPassword" ];
assertions = [
{ assertion = cfg.apiKeyFile != null;
message = "Longview needs an API key configured";
}
];
# Create API key file if not configured.
services.longview.apiKeyFile = mkIf (cfg.apiKey != "")
(mkDefault (toString (pkgs.writeTextFile {
name = "longview.key";
text = cfg.apiKey;
})));
# Create MySQL password file if not configured.
services.longview.mysqlPasswordFile = mkDefault (toString (pkgs.writeTextFile {
name = "mysql-password-file";
text = cfg.mysqlPassword;
}));
};
}

4
nixos/modules/services/monitoring/munin.nix
View File

@ -34,7 +34,7 @@ let
cap=$(sed -nr 's/.*#%#\s+capabilities\s*=\s*(.+)/\1/p' $file)
wrapProgram $file \
--set PATH "/run/wrappers/bin:/run/current-system/sw/bin:/run/current-system/sw/bin" \
--set PATH "/run/wrappers/bin:/run/current-system/sw/bin" \
--set MUNIN_LIBDIR "${pkgs.munin}/lib" \
--set MUNIN_PLUGSTATE "/var/run/munin"
@ -184,7 +184,7 @@ in
mkdir -p /etc/munin/plugins
rm -rf /etc/munin/plugins/*
PATH="/run/wrappers/bin:/run/current-system/sw/bin:/run/current-system/sw/bin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
PATH="/run/wrappers/bin:/run/current-system/sw/bin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
'';
serviceConfig = {
ExecStart = "${pkgs.munin}/sbin/munin-node --config ${nodeConf} --servicedir /etc/munin/plugins/";

135
nixos/modules/services/networking/aria2.nix Normal file
View File

@ -0,0 +1,135 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.aria2;
homeDir = "/var/lib/aria2";
settingsDir = "${homeDir}";
sessionFile = "${homeDir}/aria2.session";
downloadDir = "${homeDir}/Downloads";
rangesToStringList = map (x: builtins.toString x.from +"-"+ builtins.toString x.to);
settingsFile = pkgs.writeText "aria2.conf"
''
dir=${cfg.downloadDir}
listen-port=${concatStringsSep "," (rangesToStringList cfg.listenPortRange)}
rpc-listen-port=${toString cfg.rpcListenPort}
rpc-secret=${cfg.rpcSecret}
'';
in
{
options = {
services.aria2 = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether or not to enable the headless Aria2 daemon service.
Aria2 daemon can be controlled via the RPC interface using
one of many WebUI (http://localhost:6800/ by default).
Targets are downloaded to ${downloadDir} by default and are
accessible to users in the "aria2" group.
'';
};
openPorts = mkOption {
type = types.bool;
default = false;
description = ''
Open listen and RPC ports found in listenPortRange and rpcListenPort
options in the firewall.
'';
};
downloadDir = mkOption {
type = types.string;
default = "${downloadDir}";
description = ''
Directory to store downloaded files.
'';
};
listenPortRange = mkOption {
type = types.listOf types.attrs;
default = [ { from = 6881; to = 6999; } ];
description = ''
Set UDP listening port range used by DHT(IPv4, IPv6) and UDP tracker.
'';
};
rpcListenPort = mkOption {
type = types.int;
default = 6800;
description = "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535";
};
rpcSecret = mkOption {
type = types.string;
default = "aria2rpc";
description = ''
Set RPC secret authorization token.
Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used.
'';
};
extraArguments = mkOption {
type = types.string;
example = "--rpc-listen-all --remote-time=true";
default = "";
description = ''
Additional arguments to be passed to Aria2.
'';
};
};
};
config = mkIf cfg.enable {
# Need to open ports for proper functioning
networking.firewall = mkIf cfg.openPorts {
allowedUDPPortRanges = config.services.aria2.listenPortRange;
allowedTCPPorts = [ config.services.aria2.rpcListenPort ];
};
users.extraUsers.aria2 = {
group = "aria2";
uid = config.ids.uids.aria2;
description = "aria2 user";
home = homeDir;
createHome = false;
};
users.extraGroups.aria2.gid = config.ids.gids.aria2;
systemd.services.aria2 = {
description = "aria2 Service";
after = [ "local-fs.target" "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -m 0770 -p "${homeDir}"
chown aria2:aria2 "${homeDir}"
if [[ ! -d "${config.services.aria2.downloadDir}" ]]
then
mkdir -m 0770 -p "${config.services.aria2.downloadDir}"
chown aria2:aria2 "${config.services.aria2.downloadDir}"
fi
if [[ ! -e "${sessionFile}" ]]
then
touch "${sessionFile}"
chown aria2:aria2 "${sessionFile}"
fi
cp -f "${settingsFile}" "${settingsDir}/aria2.conf"
'';
serviceConfig = {
Restart = "on-abort";
ExecStart = "${pkgs.aria2}/bin/aria2c --enable-rpc --conf-path=${settingsDir}/aria2.conf ${config.services.aria2.extraArguments} --save-session=${sessionFile}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "aria2";
Group = "aria2";
PermissionsStartOnly = true;
};
};
};
}

8
nixos/modules/services/networking/avahi-daemon.nix
View File

@ -33,6 +33,9 @@ let
publish-hinfo=${yesNo publish.hinfo}
publish-workstation=${yesNo publish.workstation}
publish-domain=${yesNo publish.domain}
[reflector]
enable-reflector=${yesNo reflector}
'';
in
@ -113,6 +116,11 @@ in
description = ''Whether to enable wide-area service discovery.'';
};
reflector = mkOption {
default = false;
description = ''Reflect incoming mDNS requests to all allowed network interfaces.'';
};
publish = {
enable = mkOption {
default = false;

5
nixos/modules/services/networking/i2pd.nix
View File

@ -8,8 +8,6 @@ let
homeDir = "/var/lib/i2pd";
extip = "EXTIP=\$(${pkgs.curl.bin}/bin/curl -sLf \"http://jsonip.com\" | ${pkgs.gawk}/bin/awk -F'\"' '{print $4}')";
mkEndpointOpt = name: addr: port: {
enable = mkEnableOption name;
name = mkOption {
@ -152,9 +150,8 @@ let
i2pdSh = pkgs.writeScriptBin "i2pd" ''
#!/bin/sh
${if isNull cfg.extIp then extip else ""}
${pkgs.i2pd}/bin/i2pd \
--host=${if isNull cfg.extIp then "$EXTIP" else cfg.extIp} \
${if isNull cfg.extIp then "" else "--host="+cfg.extIp} \
--conf=${i2pdConf} \
--tunconf=${i2pdTunnelConf}
'';

12
nixos/modules/services/networking/networkmanager.nix
View File

@ -12,6 +12,7 @@ let
configFile = writeText "NetworkManager.conf" ''
[main]
plugins=keyfile
dns=${if cfg.useDnsmasq then "dnsmasq" else "default"}
[keyfile]
${optionalString (config.networking.hostName != "")
@ -158,6 +159,17 @@ in {
ethernet.macAddress = macAddressOpt;
wifi.macAddress = macAddressOpt;
useDnsmasq = mkOption {
type = types.bool;
default = false;
description = ''
Enable NetworkManager's dnsmasq integration. NetworkManager will run
dnsmasq as a local caching nameserver, using a "split DNS"
configuration if you are connected to a VPN, and then update
resolv.conf to point to the local nameserver.
'';
};
dispatcherScripts = mkOption {
type = types.listOf (types.submodule {
options = {

2
nixos/modules/services/networking/radicale.nix
View File

@ -57,4 +57,6 @@ in
serviceConfig.Group = "radicale";
};
};
meta.maintainers = with lib.maintainers; [ aneeshusa ];
}

153
nixos/modules/services/networking/xrdp.nix Normal file
View File

@ -0,0 +1,153 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xrdp;
confDir = pkgs.runCommand "xrdp.conf" { } ''
mkdir $out
cp ${cfg.package}/etc/xrdp/{km-*,xrdp,sesman,xrdp_keyboard}.ini $out
cat > $out/startwm.sh <<EOF
#!/bin/sh
. /etc/profile
${cfg.defaultWindowManager}
EOF
chmod +x $out/startwm.sh
substituteInPlace $out/xrdp.ini \
--replace "#rsakeys_ini=" "rsakeys_ini=/var/run/xrdp/rsakeys.ini" \
--replace "certificate=" "certificate=${cfg.sslCert}" \
--replace "key_file=" "key_file=${cfg.sslKey}" \
--replace LogFile=xrdp.log LogFile=/dev/null \
--replace EnableSyslog=true EnableSyslog=false
substituteInPlace $out/sesman.ini \
--replace LogFile=xrdp-sesman.log LogFile=/dev/null \
--replace EnableSyslog=1 EnableSyslog=0
'';
in
{
###### interface
options = {
services.xrdp = {
enable = mkEnableOption "Whether xrdp should be run on startup.";
package = mkOption {
type = types.package;
default = pkgs.xrdp;
defaultText = "pkgs.xrdp";
description = ''
The package to use for the xrdp daemon's binary.
'';
};
port = mkOption {
type = types.int;
default = 3389;
description = ''
Specifies on which port the xrdp daemon listens.
'';
};
sslKey = mkOption {
type = types.str;
default = "/etc/xrdp/key.pem";
example = "/path/to/your/key.pem";
description = ''
ssl private key path
A self-signed certificate will be generated if file not exists.
'';
};
sslCert = mkOption {
type = types.str;
default = "/etc/xrdp/cert.pem";
example = "/path/to/your/cert.pem";
description = ''
ssl certificate path
A self-signed certificate will be generated if file not exists.
'';
};
defaultWindowManager = mkOption {
type = types.str;
default = "xterm";
example = "xfce4-session";
description = ''
The script to run when user log in, usually a window manager, e.g. "icewm", "xfce4-session"
This is per-user overridable, if file ~/startwm.sh exists it will be used instead.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd = {
services.xrdp = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "xrdp daemon";
requires = [ "xrdp-sesman.service" ];
preStart = ''
# prepare directory for unix sockets (the sockets will be owned by loggedinuser:xrdp)
mkdir -p /tmp/.xrdp || true
chown xrdp:xrdp /tmp/.xrdp
chmod 3777 /tmp/.xrdp
# generate a self-signed certificate
if [ ! -s ${cfg.sslCert} -o ! -s ${cfg.sslKey} ]; then
mkdir -p $(dirname ${cfg.sslCert}) || true
mkdir -p $(dirname ${cfg.sslKey}) || true
${pkgs.openssl.bin}/bin/openssl req -x509 -newkey rsa:2048 -sha256 -nodes -days 365 \
-subj /C=US/ST=CA/L=Sunnyvale/O=xrdp/CN=www.xrdp.org \
-config ${cfg.package}/share/xrdp/openssl.conf \
-keyout ${cfg.sslKey} -out ${cfg.sslCert}
chown root:xrdp ${cfg.sslKey} ${cfg.sslCert}
chmod 440 ${cfg.sslKey} ${cfg.sslCert}
fi
if [ ! -s /var/run/xrdp/rsakeys.ini ]; then
mkdir -p /var/run/xrdp
${cfg.package}/bin/xrdp-keygen xrdp /var/run/xrdp/rsakeys.ini
fi
'';
serviceConfig = {
User = "xrdp";
Group = "xrdp";
PermissionsStartOnly = true;
ExecStart = "${cfg.package}/bin/xrdp --nodaemon --port ${toString cfg.port} --config ${confDir}/xrdp.ini";
};
};
services.xrdp-sesman = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "xrdp session manager";
serviceConfig = {
ExecStart = "${cfg.package}/bin/xrdp-sesman --nodaemon --config ${confDir}/sesman.ini";
};
};
};
users.users.xrdp = {
description = "xrdp daemon user";
isSystemUser = true;
group = "xrdp";
};
users.groups.xrdp = {};
security.pam.services.xrdp-sesman = { allowNullPassword = true; startSession = true; };
};
}

2
nixos/modules/services/scheduling/fcron.nix
View File

@ -149,7 +149,7 @@ in
--group fcron \
--directory /var/spool/fcron
# load system crontab file
#${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab}
/run/wrappers/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab}
'';
serviceConfig = {

140
nixos/modules/services/security/sshguard.nix Normal file
View File

@ -0,0 +1,140 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.sshguard;
in {
###### interface
options = {
services.sshguard = {
enable = mkOption {
default = false;
type = types.bool;
description = "Whether to enable the sshguard service.";
};
attack_threshold = mkOption {
default = 30;
type = types.int;
description = ''
Block attackers when their cumulative attack score exceeds threshold. Most attacks have a score of 10.
'';
};
blacklist_threshold = mkOption {
default = null;
example = 120;
type = types.nullOr types.int;
description = ''
Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
'';
};
blacklist_file = mkOption {
default = "/var/lib/sshguard/blacklist.db";
type = types.path;
description = ''
Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
'';
};
blocktime = mkOption {
default = 120;
type = types.int;
description = ''
Block attackers for initially blocktime seconds after exceeding threshold. Subsequent blocks increase by a factor of 1.5.
sshguard unblocks attacks at random intervals, so actual block times will be longer.
'';
};
detection_time = mkOption {
default = 1800;
type = types.int;
description = ''
Remember potential attackers for up to detection_time seconds before resetting their score.
'';
};
whitelist = mkOption {
default = [ ];
example = [ "198.51.100.56" "198.51.100.2" ];
type = types.listOf types.str;
description = ''
Whitelist a list of addresses, hostnames, or address blocks.
'';
};
services = mkOption {
default = [ "sshd" ];
example = [ "sshd" "exim" ];
type = types.listOf types.str;
description = ''
Systemd services sshguard should receive logs of.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.sshguard pkgs.iptables pkgs.ipset ];
environment.etc."sshguard.conf".text = let
list_services = ( name: "-t ${name} ");
in ''
BACKEND="${pkgs.sshguard}/libexec/sshg-fw-ipset"
LOGREADER="LANG=C ${pkgs.systemd}/bin/journalctl -afb -p info -n1 ${toString (map list_services cfg.services)} -o cat"
'';
systemd.services.sshguard =
{ description = "SSHGuard brute-force attacks protection system";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
partOf = optional config.networking.firewall.enable "firewall.service";
path = [ pkgs.iptables pkgs.ipset pkgs.iproute pkgs.systemd ];
postStart = ''
mkdir -p /var/lib/sshguard
${pkgs.ipset}/bin/ipset -quiet create -exist sshguard4 hash:ip family inet
${pkgs.ipset}/bin/ipset -quiet create -exist sshguard6 hash:ip family inet6
${pkgs.iptables}/bin/iptables -I INPUT -m set --match-set sshguard4 src -j DROP
${pkgs.iptables}/bin/ip6tables -I INPUT -m set --match-set sshguard6 src -j DROP
'';
preStop = ''
${pkgs.iptables}/bin/iptables -D INPUT -m set --match-set sshguard4 src -j DROP
${pkgs.iptables}/bin/ip6tables -D INPUT -m set --match-set sshguard6 src -j DROP
'';
unitConfig.Documentation = "man:sshguard(8)";
serviceConfig = {
Type = "simple";
ExecStart = let
list_whitelist = ( name: "-w ${name} ");
in ''
${pkgs.sshguard}/bin/sshguard -a ${toString cfg.attack_threshold} ${optionalString (cfg.blacklist_threshold != null) "-b ${toString cfg.blacklist_threshold}:${cfg.blacklist_file} "}-i /run/sshguard/sshguard.pid -p ${toString cfg.blocktime} -s ${toString cfg.detection_time} ${toString (map list_whitelist cfg.whitelist)}
'';
PIDFile = "/run/sshguard/sshguard.pid";
Restart = "always";
ReadOnlyDirectories = "/";
ReadWriteDirectories = "/run/sshguard /var/lib/sshguard";
RuntimeDirectory = "sshguard";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
};
};
};
}

2
nixos/modules/services/web-apps/atlassian/confluence.nix
View File

@ -103,7 +103,7 @@ in
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
path = [ cfg.jrePackage ];
path = [ cfg.jrePackage pkgs.bash ];
environment = {
CONF_USER = cfg.user;

9
nixos/modules/services/x11/desktop-managers/default.nix
View File

@ -8,7 +8,7 @@ let
cfg = xcfg.desktopManager;
# If desktop manager `d' isn't capable of setting a background and
# the xserver is enabled, the `feh' program is used as a fallback.
# the xserver is enabled, `feh' or `xsetroot' are used as a fallback.
needBGCond = d: ! (d ? bgSupport && d.bgSupport) && xcfg.enable;
in
@ -44,8 +44,11 @@ in
manage = "desktop";
start = d.start
+ optionalString (needBGCond d) ''
if test -e $HOME/.background-image; then
if [ -e $HOME/.background-image ]; then
${pkgs.feh}/bin/feh --bg-scale $HOME/.background-image
else
# Use a solid black background as fallback
${pkgs.xorg.xsetroot}/bin/xsetroot -solid black
fi
'';
}) list;
@ -80,6 +83,6 @@ in
config = {
services.xserver.displayManager.session = cfg.session.list;
environment.systemPackages =
mkIf cfg.session.needBGPackages [ pkgs.feh ];
mkIf cfg.session.needBGPackages [ pkgs.feh ]; # xsetroot via xserver.enable
};
}

1
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -183,6 +183,7 @@ in
environment.variables = {
# Enable GTK applications to load SVG icons
GDK_PIXBUF_MODULE_FILE = "${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache";
QT_PLUGIN_PATH = "/run/current-system/sw/lib/qt5/plugins";
};
fonts.fonts = with pkgs; [ noto-fonts hack-font ];

54
nixos/modules/services/x11/display-managers/default.nix
View File

@ -32,14 +32,32 @@ let
''
#! ${pkgs.bash}/bin/bash
# SDDM splits "Exec" line in .desktop file by whitespace and pass script path as $1
if [[ "$0" = "$1" ]]; then
# remove superfluous $1 again
shift
# join arguments again and evaluate them in a shell context
# to interpret shell quoting
eval exec "$0" "$@"
fi
# Expected parameters:
# $1 = <desktop-manager>+<window-manager>
# Actual parameters (FIXME):
# SDDM is calling this script like the following:
# $1 = /nix/store/xxx-xsession (= $0)
# $2 = <desktop-manager>+<window-manager>
# SLiM is using the following parameter:
# $1 = /nix/store/xxx-xsession <desktop-manager>+<window-manager>
# LightDM keeps the double quotes:
# $1 = /nix/store/xxx-xsession "<desktop-manager>+<window-manager>"
# The fake/auto display manager doesn't use any parameters and GDM is
# broken.
# If you want to "debug" this script don't print the parameters to stdout
# or stderr because this script will be executed multiple times and the
# output won't be visible in the log when the script is executed for the
# first time (e.g. append them to a file instead)!
# All of the above cases are handled by the following hack (FIXME).
# Since this line is *very important* for *all display managers* it is
# very important to test changes to the following line with all display
# managers:
if [ "''${1:0:1}" = "/" ]; then eval exec "$1" "$2" ; fi
# Now it should be safe to assume that the script was called with the
# expected parameters.
${optionalString cfg.displayManager.logToJournal ''
if [ -z "$_DID_SYSTEMD_CAT" ]; then
@ -113,15 +131,16 @@ let
fi
fi
# The session type is "<desktop-manager> + <window-manager>", so
# extract those.
windowManager="''${sessionType##* + }"
# The session type is "<desktop-manager>+<window-manager>", so
# extract those (see:
# http://wiki.bash-hackers.org/syntax/pe#substring_removal).
windowManager="''${sessionType##*+}"
: ''${windowManager:=${cfg.windowManager.default}}
desktopManager="''${sessionType% + *}"
desktopManager="''${sessionType%%+*}"
: ''${desktopManager:=${cfg.desktopManager.default}}
# Start the window manager.
case $windowManager in
case "$windowManager" in
${concatMapStrings (s: ''
(${s.name})
${s.start}
@ -131,7 +150,7 @@ let
esac
# Start the desktop manager.
case $desktopManager in
case "$desktopManager" in
${concatMapStrings (s: ''
(${s.name})
${s.start}
@ -148,6 +167,9 @@ let
exit 0
'';
# Desktop Entry Specification:
# - https://standards.freedesktop.org/desktop-entry-spec/latest/
# - https://standards.freedesktop.org/desktop-entry-spec/latest/ar01s06.html
mkDesktops = names: pkgs.runCommand "desktops"
{ # trivial derivation
preferLocalBuild = true;
@ -161,7 +183,7 @@ let
Version=1.0
Type=XSession
TryExec=${cfg.displayManager.session.script}
Exec=${cfg.displayManager.session.script} '${n}'
Exec=${cfg.displayManager.session.script} "${n}"
X-GDM-BypassXsession=true
Name=${n}
Comment=
@ -244,7 +266,7 @@ in
wm = filter (s: s.manage == "window") list;
dm = filter (s: s.manage == "desktop") list;
names = flip concatMap dm
(d: map (w: d.name + optionalString (w.name != "none") (" + " + w.name))
(d: map (w: d.name + optionalString (w.name != "none") ("+" + w.name))
(filter (w: d.name != "none" || w.name != "none") wm));
desktops = mkDesktops names;
script = xsession wm dm;

2
nixos/modules/services/x11/display-managers/lightdm.nix
View File

@ -61,7 +61,7 @@ let
let
dm = xcfg.desktopManager.default;
wm = xcfg.windowManager.default;
in dm + optionalString (wm != "none") (" + " + wm);
in dm + optionalString (wm != "none") ("+" + wm);
in
{
# Note: the order in which lightdm greeter modules are imported

2
nixos/modules/services/x11/display-managers/sddm.nix
View File

@ -69,7 +69,7 @@ let
let
dm = xcfg.desktopManager.default;
wm = xcfg.windowManager.default;
in dm + optionalString (wm != "none") (" + " + wm);
in dm + optionalString (wm != "none") ("+" + wm);
in
{

7
nixos/modules/services/x11/display-managers/slim.nix
View File

@ -17,6 +17,7 @@ let
login_cmd exec ${pkgs.stdenv.shell} ${dmcfg.session.script} "%session"
halt_cmd ${config.systemd.package}/sbin/shutdown -h now
reboot_cmd ${config.systemd.package}/sbin/shutdown -r now
logfile /dev/stderr
${optionalString (cfg.defaultUser != null) ("default_user " + cfg.defaultUser)}
${optionalString (cfg.defaultUser != null) ("focus_password yes")}
${optionalString cfg.autoLogin "auto_login yes"}
@ -128,11 +129,7 @@ in
config = mkIf cfg.enable {
services.xserver.displayManager.job =
{ preStart =
''
rm -f /var/log/slim.log
'';
environment =
{ environment =
{ SLIM_CFGFILE = slimConfig;
SLIM_THEMESDIR = slimThemesDir;
};

31
nixos/modules/services/x11/xserver.nix
View File

@ -258,7 +258,7 @@ in
type = types.str;
default = "us";
description = ''
Keyboard layout.
Keyboard layout, or multiple keyboard layouts separated by commas.
'';
};
@ -578,6 +578,35 @@ in
services.xserver.xkbDir = mkDefault "${pkgs.xkeyboard_config}/etc/X11/xkb";
system.extraDependencies = [
(pkgs.runCommand "xkb-layouts-exist" {
layouts=cfg.layout;
} ''
missing=()
while read -d , layout
do
[[ -f "${cfg.xkbDir}/symbols/$layout" ]] || missing+=($layout)
done <<< "$layouts,"
if [[ ''${#missing[@]} -eq 0 ]]
then
touch $out
exit 0
fi
cat >&2 <<EOF
Some of the selected keyboard layouts do not exist:
''${missing[@]}
Set services.xserver.layout to the name of an existing keyboard
layout (check ${cfg.xkbDir}/symbols for options).
EOF
exit -1
'')
];
services.xserver.config =
''
Section "ServerFlags"

6
nixos/modules/system/boot/loader/grub/grub.nix
View File

@ -239,6 +239,12 @@ in
menuentry "Windows 7" {
chainloader (hd0,4)+1
}
# GRUB 2 with UEFI example, chainloading another distro
menuentry "Fedora" {
set root=(hd1,1)
chainloader /efi/fedora/grubx64.efi
}
'';
description = ''
Any additional entries you want added to the GRUB boot menu.

19
nixos/modules/system/boot/stage-1-init.sh
View File

@ -154,6 +154,9 @@ for o in $(cat /proc/cmdline); do
fi
ln -s "$root" /dev/root
;;
copytoram)
copytoram=1
;;
esac
done
@ -474,6 +477,22 @@ while read -u 3 mountPoint; do
# doing something with $device right now.
udevadm settle
# If copytoram is enabled: skip mounting the ISO and copy its content to a tmpfs.
if [ -n "$copytoram" ] && [ "$device" = /dev/root ] && [ "$mountPoint" = /iso ]; then
fsType=$(blkid -o value -s TYPE "$device")
fsSize=$(blockdev --getsize64 "$device")
mkdir -p /tmp-iso
mount -t "$fsType" /dev/root /tmp-iso
mountFS tmpfs /iso size="$fsSize" tmpfs
cp -r /tmp-iso/* /mnt-root/iso/
umount /tmp-iso
rmdir /tmp-iso
continue
fi
mountFS "$device" "$mountPoint" "$options" "$fsType"
done

2
nixos/modules/tasks/trackpoint.nix
View File

@ -81,7 +81,7 @@ with lib;
services.xserver.inputClassSections =
[''
Identifier "Trackpoint Wheel Emulation"
MatchProduct "${if cfg.fakeButtons then "PS/2 Generic Mouse" else "Elantech PS/2 TrackPoint|TPPS/2 IBM TrackPoint|DualPoint Stick|Synaptics Inc. Composite TouchPad / TrackPoint|ThinkPad USB Keyboard with TrackPoint|USB Trackpoint pointing device|Composite TouchPad / TrackPoint"}"
MatchProduct "${if cfg.fakeButtons then "PS/2 Generic Mouse" else "ETPS/2 Elantech TrackPoint|Elantech PS/2 TrackPoint|TPPS/2 IBM TrackPoint|DualPoint Stick|Synaptics Inc. Composite TouchPad / TrackPoint|ThinkPad USB Keyboard with TrackPoint|USB Trackpoint pointing device|Composite TouchPad / TrackPoint"}"
MatchDevicePath "/dev/input/event*"
Option "EmulateWheel" "true"
Option "EmulateWheelButton" "2"

96
nixos/modules/virtualisation/azure-image.nix
View File

@ -2,93 +2,19 @@
with lib;
let
diskSize = "30720";
diskSize = 30720;
in
{
system.build.azureImage =
pkgs.vmTools.runInLinuxVM (
pkgs.runCommand "azure-image"
{ preVM =
''
mkdir $out
diskImage=$out/$diskImageBase
cyl=$(((${diskSize}*1024*1024)/(512*63*255)))
size=$(($cyl*255*63*512))
roundedsize=$((($size/(1024*1024)+1)*(1024*1024)))
${pkgs.vmTools.qemu-220}/bin/qemu-img create -f raw $diskImage $roundedsize
mv closure xchg/
'';
postVM =
''
mkdir -p $out
${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -o subformat=fixed -O vpc $diskImage $out/disk.vhd
rm $diskImage
'';
diskImageBase = "nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.raw";
buildInputs = [ pkgs.utillinux pkgs.perl ];
exportReferencesGraph =
[ "closure" config.system.build.toplevel ];
}
''
# Create partition table
${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted /dev/vda mkpart primary ext4 1 ${diskSize}M
${pkgs.parted}/sbin/parted /dev/vda print
. /sys/class/block/vda1/uevent
mknod /dev/vda1 b $MAJOR $MINOR
# Create an empty filesystem and mount it.
${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1
${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
mkdir /mnt
mount /dev/vda1 /mnt
# The initrd expects these directories to exist.
mkdir /mnt/dev /mnt/proc /mnt/sys
mount --bind /proc /mnt/proc
mount --bind /dev /mnt/dev
mount --bind /sys /mnt/sys
# Copy all paths in the closure to the filesystem.
storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
mkdir -p /mnt/nix/store
echo "copying everything (will take a while)..."
cp -prd $storePaths /mnt/nix/store/
echo Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
echo Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package.out}/bin/nix-env \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} --option build-users-group ""
echo nixos-rebuild requires an /etc/NIXOS.
mkdir -p /mnt/etc
touch /mnt/etc/NIXOS
echo switch-to-configuration requires a /bin/sh
mkdir -p /mnt/bin
ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
echo Install a configuration.nix.
mkdir -p /mnt/etc/nixos /mnt/boot/grub
cp ${./azure-config-user.nix} /mnt/etc/nixos/configuration.nix
echo Generate the GRUB menu.
ln -s vda /dev/sda
chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
echo Almost done
umount /mnt/proc /mnt/dev /mnt/sys
umount /mnt
''
);
system.build.azureImage = import ../../lib/make-disk-image.nix {
name = "azure-image";
postVM = ''
${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -o subformat=fixed -O vpc $diskImage $out/disk.vhd
'';
configFile = ./azure-config-user.nix;
format = "raw";
inherit diskSize;
inherit config lib pkgs;
};
imports = [ ./azure-common.nix ];

6
nixos/modules/virtualisation/docker.nix
View File

@ -7,8 +7,7 @@ with lib;
let
cfg = config.virtualisation.docker;
pro = config.networking.proxy.default;
proxy_env = optionalAttrs (pro != null) { Environment = "\"http_proxy=${pro}\""; };
proxy_env = config.networking.proxy.envVars;
in
@ -106,6 +105,7 @@ in
systemd.services.docker = {
wantedBy = optional cfg.enableOnBoot "multi-user.target";
environment = proxy_env;
serviceConfig = {
ExecStart = [
""
@ -122,7 +122,7 @@ in
""
"${pkgs.procps}/bin/kill -s HUP $MAINPID"
];
} // proxy_env;
};
path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs);
};

100
nixos/modules/virtualisation/google-compute-image.nix
View File

@ -2,7 +2,7 @@
with lib;
let
diskSize = "1G";
diskSize = 1024; # MB
in
{
imports = [ ../profiles/headless.nix ../profiles/qemu-guest.nix ./grow-partition.nix ];
@ -10,89 +10,21 @@ in
# https://cloud.google.com/compute/docs/tutorials/building-images
networking.firewall.enable = mkDefault false;
system.build.googleComputeImage =
pkgs.vmTools.runInLinuxVM (
pkgs.runCommand "google-compute-image"
{ preVM =
''
mkdir $out
diskImage=$out/$diskImageBase
truncate $diskImage --size ${diskSize}
mv closure xchg/
'';
postVM =
''
PATH=$PATH:${pkgs.stdenv.lib.makeBinPath [ pkgs.gnutar pkgs.gzip ]}
pushd $out
mv $diskImageBase disk.raw
tar -Szcf $diskImageBase.tar.gz disk.raw
rm $out/disk.raw
popd
'';
diskImageBase = "nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.raw";
buildInputs = [ pkgs.utillinux pkgs.perl ];
exportReferencesGraph =
[ "closure" config.system.build.toplevel ];
}
''
# Create partition table
${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted /dev/vda mkpart primary ext4 1 ${diskSize}
${pkgs.parted}/sbin/parted /dev/vda print
. /sys/class/block/vda1/uevent
mknod /dev/vda1 b $MAJOR $MINOR
# Create an empty filesystem and mount it.
${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1
${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
mkdir /mnt
mount /dev/vda1 /mnt
# The initrd expects these directories to exist.
mkdir /mnt/dev /mnt/proc /mnt/sys
mount --bind /proc /mnt/proc
mount --bind /dev /mnt/dev
mount --bind /sys /mnt/sys
# Copy all paths in the closure to the filesystem.
storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
mkdir -p /mnt/nix/store
echo "copying everything (will take a while)..."
${pkgs.rsync}/bin/rsync -a $storePaths /mnt/nix/store/
# Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
# Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package.out}/bin/nix-env \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \
--option build-users-group ""
# `nixos-rebuild' requires an /etc/NIXOS.
mkdir -p /mnt/etc
touch /mnt/etc/NIXOS
# `switch-to-configuration' requires a /bin/sh
mkdir -p /mnt/bin
ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
# Install a configuration.nix.
mkdir -p /mnt/etc/nixos /mnt/boot/grub
cp ${./google-compute-config.nix} /mnt/etc/nixos/configuration.nix
# Generate the GRUB menu.
ln -s vda /dev/sda
chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
umount /mnt/proc /mnt/dev /mnt/sys
umount /mnt
''
);
system.build.googleComputeImage = import ../../lib/make-disk-image.nix {
name = "google-compute-image";
postVM = ''
PATH=$PATH:${pkgs.stdenv.lib.makeBinPath [ pkgs.gnutar pkgs.gzip ]}
pushd $out
mv $diskImage disk.raw
tar -Szcf nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.raw.tar.gz disk.raw
rm $out/disk.raw
popd
'';
configFile = ./google-compute-config.nix;
format = "raw";
inherit diskSize;
inherit config lib pkgs;
};
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";

13
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -75,6 +75,7 @@ let
exec ${qemu}/bin/qemu-kvm \
-name ${vmName} \
-m ${toString config.virtualisation.memorySize} \
-smp ${toString config.virtualisation.cores} \
${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"} \
${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \
-virtfs local,path=/nix/store,security_model=none,mount_tag=store \
@ -244,6 +245,18 @@ in
'';
};
virtualisation.cores =
mkOption {
default = 1;
type = types.int;
description =
''
Specify the number of cores the guest is permitted to use.
The number can be higher than the available cores on the
host system.
'';
};
virtualisation.pathsInNixDB =
mkOption {
default = [];

1
nixos/release-combined.nix
View File

@ -94,6 +94,7 @@ in rec {
(all nixos.tests.proxy)
(all nixos.tests.sddm.default)
(all nixos.tests.simple)
(all nixos.tests.slim)
(all nixos.tests.udisks2)
(all nixos.tests.xfce)

3
nixos/release.nix
View File

@ -248,7 +248,7 @@ in rec {
tests.gocd-server = callTest tests/gocd-server.nix {};
tests.gnome3 = callTest tests/gnome3.nix {};
tests.gnome3-gdm = callTest tests/gnome3-gdm.nix {};
tests.grsecurity = callTest tests/grsecurity.nix {};
tests.hardened = callTest tests/hardened.nix { };
tests.hibernate = callTest tests/hibernate.nix {};
tests.hound = callTest tests/hound.nix {};
tests.i3wm = callTest tests/i3wm.nix {};
@ -299,6 +299,7 @@ in rec {
tests.samba = callTest tests/samba.nix {};
tests.sddm = callSubTests tests/sddm.nix {};
tests.simple = callTest tests/simple.nix {};
tests.slim = callTest tests/slim.nix {};
tests.smokeping = callTest tests/smokeping.nix {};
tests.taskserver = callTest tests/taskserver.nix {};
tests.tomcat = callTest tests/tomcat.nix {};

46
nixos/tests/grsecurity.nix
View File

@ -1,46 +0,0 @@
# Basic test to make sure grsecurity works
import ./make-test.nix ({ pkgs, ...} : {
name = "grsecurity";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ copumpkin joachifm ];
};
machine = { config, pkgs, ... }:
{ security.grsecurity.enable = true;
boot.kernel.sysctl."kernel.grsecurity.audit_mount" = 0;
boot.kernel.sysctl."kernel.grsecurity.deter_bruteforce" = 0;
networking.useDHCP = false;
};
testScript = ''
subtest "grsec-lock", sub {
$machine->succeed("systemctl is-active grsec-lock");
$machine->succeed("grep -Fq 1 /proc/sys/kernel/grsecurity/grsec_lock");
$machine->fail("echo -n 0 >/proc/sys/kernel/grsecurity/grsec_lock");
};
subtest "paxtest", sub {
# TODO: running paxtest blackhat hangs the vm
my @pax_mustkill = (
"anonmap", "execbss", "execdata", "execheap", "execstack",
"mprotanon", "mprotbss", "mprotdata", "mprotheap", "mprotstack",
);
foreach my $name (@pax_mustkill) {
my $paxtest = "${pkgs.paxtest}/lib/paxtest/" . $name;
$machine->succeed($paxtest) =~ /Killed/ or die
}
};
# tcc -run executes run-time generated code and so allows us to test whether
# paxmark actually works (otherwise, the process should be terminated)
subtest "tcc", sub {
$machine->execute("echo -e '#include <stdio.h>\nint main(void) { puts(\"hello\"); return 0; }' >main.c");
$machine->succeed("${pkgs.tinycc}/bin/tcc -run main.c");
};
subtest "RBAC", sub {
$machine->succeed("[ -c /dev/grsec ]");
};
'';
})

36
nixos/tests/hardened.nix Normal file
View File

@ -0,0 +1,36 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "hardened";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ joachifm ];
};
machine =
{ config, lib, pkgs, ... }:
with lib;
{ users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
users.users.sybil = { isNormalUser = true; group = "wheel"; };
imports = [ ../modules/profiles/hardened.nix ];
};
testScript =
''
# Test hidepid
subtest "hidepid", sub {
$machine->succeed("grep -Fq hidepid=2 /proc/mounts");
$machine->succeed("[ `su - sybil -c 'pgrep -c -u root'` = 0 ]");
$machine->succeed("[ `su - alice -c 'pgrep -c -u root'` != 0 ]");
};
# Test kernel module hardening
subtest "lock-modules", sub {
$machine->waitForUnit("multi-user.target");
# note: this better a be module we normally wouldn't load ...
$machine->fail("modprobe dccp");
};
# Test userns
subtest "userns", sub {
$machine->fail("unshare --user");
};
'';
})

9
nixos/tests/misc.nix
View File

@ -25,8 +25,6 @@ import ./make-test.nix ({ pkgs, ...} : {
};
users.users.sybil = { isNormalUser = true; group = "wheel"; };
security.sudo = { enable = true; wheelNeedsPassword = false; };
security.hideProcessInformation = true;
users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
};
testScript =
@ -119,12 +117,5 @@ import ./make-test.nix ({ pkgs, ...} : {
subtest "sudo", sub {
$machine->succeed("su - sybil -c 'sudo true'");
};
# Test hidepid
subtest "hidepid", sub {
$machine->succeed("grep -Fq hidepid=2 /etc/mtab");
$machine->succeed("[ `su - sybil -c 'pgrep -c -u root'` = 0 ]");
$machine->succeed("[ `su - alice -c 'pgrep -c -u root'` != 0 ]");
};
'';
})

10
nixos/tests/mysql-replication.nix
View File

@ -56,11 +56,19 @@ in
testScript = ''
$master->start;
$master->waitForUnit("mysql");
$master->waitForOpenPort(3306);
$slave1->start;
$slave2->start;
$slave1->waitForUnit("mysql");
$slave1->waitForOpenPort(3306);
$slave2->waitForUnit("mysql");
$slave2->sleep(100); # Hopefully this is long enough!!
$slave2->waitForOpenPort(3306);
$slave2->succeed("echo 'use testdb; select * from tests' | mysql -u root -N | grep 4");
$slave2->succeed("systemctl stop mysql");
$master->succeed("echo 'insert into testdb.tests values (123, 456);' | mysql -u root -N");
$slave2->succeed("systemctl start mysql");
$slave2->waitForUnit("mysql");
$slave2->waitForOpenPort(3306);
$slave2->succeed("echo 'select * from testdb.tests where Id = 123;' | mysql -u root -N | grep 456");
'';
})

80
nixos/tests/radicale.nix Normal file
View File

@ -0,0 +1,80 @@
let
port = 5232;
radicaleOverlay = self: super: {
radicale = super.radicale.overrideAttrs (oldAttrs: {
propagatedBuildInputs = with self.pythonPackages;
(oldAttrs.propagatedBuildInputs or []) ++ [
passlib
];
});
};
common = { config, pkgs, ...}: {
services.radicale = {
enable = true;
config = let home = config.users.extraUsers.radicale.home; in ''
[server]
hosts = 127.0.0.1:${builtins.toString port}
daemon = False
[encoding]
[well-known]
[auth]
type = htpasswd
htpasswd_filename = /etc/radicale/htpasswd
htpasswd_encryption = bcrypt
[git]
[rights]
[storage]
type = filesystem
filesystem_folder = ${home}/collections
[logging]
[headers]
'';
};
# WARNING: DON'T DO THIS IN PRODUCTION!
# This puts secrets (albeit hashed) directly into the Nix store for ease of testing.
environment.etc."radicale/htpasswd".source = with pkgs; let
py = python.withPackages(ps: with ps; [ passlib ]);
in runCommand "htpasswd" {} ''
${py}/bin/python -c "
from passlib.apache import HtpasswdFile
ht = HtpasswdFile(
'$out',
new=True,
default_scheme='bcrypt'
)
ht.set_password('someuser', 'really_secret_password')
ht.save()
"
'';
};
in import ./make-test.nix ({ lib, ... }: {
name = "radicale";
meta.maintainers = with lib.maintainers; [ aneeshusa ];
# Test radicale with bcrypt-based htpasswd authentication
nodes = {
py2 = { config, pkgs, ... }@args: (common args) // {
nixpkgs.overlays = [
radicaleOverlay
];
};
py3 = { config, pkgs, ... }@args: (common args) // {
nixpkgs.overlays = [
(self: super: {
python = self.python3;
pythonPackages = self.python3.pkgs;
})
radicaleOverlay
];
};
};
testScript = ''
for my $machine ($py2, $py3) {
$machine->waitForUnit('radicale.service');
$machine->waitForOpenPort(${builtins.toString port});
$machine->succeed('curl -s http://someuser:really_secret_password@127.0.0.1:${builtins.toString port}/someuser/calendar.ics/');
}
'';
})

66
nixos/tests/slim.nix Normal file
View File

@ -0,0 +1,66 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "slim";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ aszlig ];
};
machine = { pkgs, lib, ... }: {
imports = [ ./common/user-account.nix ];
services.xserver.enable = true;
services.xserver.windowManager.default = "icewm";
services.xserver.windowManager.icewm.enable = true;
services.xserver.desktopManager.default = "none";
services.xserver.displayManager.slim = {
enable = true;
# Use a custom theme in order to get best OCR results
theme = pkgs.runCommand "slim-theme-ocr" {
nativeBuildInputs = [ pkgs.imagemagick ];
} ''
mkdir "$out"
convert -size 1x1 xc:white "$out/background.jpg"
convert -size 200x100 xc:white "$out/panel.jpg"
cat > "$out/slim.theme" <<EOF
background_color #ffffff
background_style tile
input_fgcolor #000000
msg_color #000000
session_color #000000
session_font Verdana:size=16:bold
username_msg Username:
username_font Verdana:size=16:bold
username_color #000000
username_x 50%
username_y 40%
password_msg Password:
password_x 50%
password_y 40%
EOF
'';
};
};
enableOCR = true;
testScript = { nodes, ... }: let
user = nodes.machine.config.users.extraUsers.alice;
in ''
startAll;
$machine->waitForText(qr/Username:/);
$machine->sendChars("${user.name}\n");
$machine->waitForText(qr/Password:/);
$machine->sendChars("${user.password}\n");
$machine->waitForFile('${user.home}/.Xauthority');
$machine->succeed('xauth merge ${user.home}/.Xauthority');
$machine->waitForWindow('^IceWM ');
# Make sure SLiM doesn't create a log file
$machine->fail('test -e /var/log/slim.log');
'';
})

45
nixos/tests/xrdp.nix Normal file
View File

@ -0,0 +1,45 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "xrdp";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ volth ];
};
nodes = {
server = { lib, pkgs, ... }: {
imports = [ ./common/user-account.nix ];
services.xrdp.enable = true;
services.xrdp.defaultWindowManager = "${pkgs.xterm}/bin/xterm";
networking.firewall.allowedTCPPorts = [ 3389 ];
};
client = { lib, pkgs, ... }: {
imports = [ ./common/x11.nix ./common/user-account.nix ];
services.xserver.displayManager.auto.user = "alice";
environment.systemPackages = [ pkgs.freerdp ];
services.xrdp.enable = true;
services.xrdp.defaultWindowManager = "${pkgs.icewm}/bin/icewm";
};
};
testScript = { nodes, ... }: ''
startAll;
$client->waitForX;
$client->waitForFile("/home/alice/.Xauthority");
$client->succeed("xauth merge ~alice/.Xauthority");
$client->sleep(5);
$client->execute("xterm &");
$client->sleep(1);
$client->sendChars("xfreerdp /cert-tofu /w:640 /h:480 /v:127.0.0.1 /u:alice /p:foobar\n");
$client->sleep(5);
$client->screenshot("localrdp");
$client->execute("xterm &");
$client->sleep(1);
$client->sendChars("xfreerdp /cert-tofu /w:640 /h:480 /v:server /u:alice /p:foobar\n");
$client->sleep(5);
$client->screenshot("remoterdp");
'';
})

6
pkgs/applications/altcoins/bitcoin-unlimited.nix
View File

@ -7,13 +7,13 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-unlimited-" + version;
version = "1.0.1.3";
version = "1.0.1.4";
src = fetchFromGitHub {
owner = "bitcoinunlimited";
repo = "bitcoinunlimited";
rev = "${version}";
sha256 = "177l2jf2yqxh3sgf80dhgyk3wgjdnqszy3hb83clk8q1wyjkfz7y";
rev = "v${version}";
sha256 = "1awsgkgqvb57grrsq6k99009rzhpfaplh2lbf5sy36v3bh7p5mw5";
};
nativeBuildInputs = [ pkgconfig autoreconfHook ];

79
pkgs/applications/audio/google-play-music-desktop-player/default.nix Normal file
View File

@ -0,0 +1,79 @@
{ stdenv, alsaLib, atk, cairo, cups, dbus, dpkg, expat, fontconfig, freetype
, fetchurl, GConf, gdk_pixbuf, glib, gtk2, libpulseaudio, makeWrapper, nspr
, nss, pango, udev, xorg
}:
let
version = "4.2.0";
deps = [
alsaLib
atk
cairo
cups
dbus
expat
fontconfig
freetype
GConf
gdk_pixbuf
glib
gtk2
libpulseaudio
nspr
nss
pango
stdenv.cc.cc
udev
xorg.libX11
xorg.libxcb
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXScrnSaver
xorg.libXtst
];
in
stdenv.mkDerivation {
name = "google-play-music-desktop-player-${version}";
src = fetchurl {
url = "https://github.com/MarshallOfSound/Google-Play-Music-Desktop-Player-UNOFFICIAL-/releases/download/v${version}/google-play-music-desktop-player_${version}_amd64.deb";
sha256 = "0n59b73jc6b86p5063xz7n0z48wy9mzqcx0l34av2hqkx6wcb2h8";
};
dontBuild = true;
buildInputs = [ dpkg makeWrapper ];
unpackPhase = ''
dpkg -x $src .
'';
installPhase = ''
mkdir -p $out
cp -r ./usr/share $out
cp -r ./usr/bin $out
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
"$out/share/google-play-music-desktop-player/Google Play Music Desktop Player"
wrapProgram $out/bin/google-play-music-desktop-player \
--prefix LD_LIBRARY_PATH : "$out/share/google-play-music-desktop-player" \
--prefix LD_LIBRARY_PATH : "${stdenv.lib.makeLibraryPath deps}"
'';
meta = {
homepage = https://www.googleplaymusicdesktopplayer.com/;
description = "A beautiful cross platform Desktop Player for Google Play Music";
license = stdenv.lib.licenses.mit;
platforms = [ "x86_64-linux" ];
maintainers = stdenv.lib.maintainers.SuprDewd;
};
}

6
pkgs/applications/display-managers/sddm/default.nix
View File

@ -25,6 +25,12 @@ let
})
];
postPatch =
# Module Qt5::Test must be included in `find_package` before it is used.
''
sed -i CMakeLists.txt -e '/find_package(Qt5/ s|)| Test)|'
'';
nativeBuildInputs = [ cmake extra-cmake-modules pkgconfig qttools ];
buildInputs = [

4
pkgs/applications/display-managers/slim/default.nix
View File

@ -22,6 +22,10 @@ stdenv.mkDerivation rec {
# Ensure that sessions appear in sort order, rather than in
# directory order.
./sort-sessions.patch
# Allow to set logfile to a special "/dev/stderr" in order to continue
# logging to stderr and thus to the journal.
./no-logfile.patch
];
preConfigure = "substituteInPlace CMakeLists.txt --replace /lib $out/lib";

80
pkgs/applications/display-managers/slim/no-logfile.patch Normal file
View File

@ -0,0 +1,80 @@
diff --git a/log.cpp b/log.cpp
index b44677a..7c89dda 100644
--- a/log.cpp
+++ b/log.cpp
@@ -1,23 +1,31 @@
#include "log.h"
#include <iostream>
+#include <cstring>
bool
LogUnit::openLog(const char * filename)
{
- if (logFile.is_open()) {
+ if (isFile && logFile.is_open()) {
cerr << APPNAME
<< ": opening a new Log file, while another is already open"
<< endl;
- logFile.close();
+ closeLog();
}
- logFile.open(filename, ios_base::app);
- return !(logFile.fail());
+ if (strcmp(filename, "/dev/stderr") == 0) {
+ isFile = false;
+ return true;
+ } else {
+ logFile.open(filename, ios_base::app);
+ isFile = true;
+ return !(logFile.fail());
+ }
}
void
LogUnit::closeLog()
{
+ if (!isFile) return;
if (logFile.is_open())
logFile.close();
}
diff --git a/log.h b/log.h
index b7810be..ad548a2 100644
--- a/log.h
+++ b/log.h
@@ -9,11 +9,14 @@
#endif
#include "const.h"
#include <fstream>
+#include <iostream>
using namespace std;
static class LogUnit {
ofstream logFile;
+ bool isFile;
+ inline ostream &getStream() { return isFile ? logFile : cerr; }
public:
bool openLog(const char * filename);
void closeLog();
@@ -22,17 +25,17 @@ public:
template<typename Type>
LogUnit & operator<<(const Type & text) {
- logFile << text; logFile.flush();
+ getStream() << text; getStream().flush();
return *this;
}
LogUnit & operator<<(ostream & (*fp)(ostream&)) {
- logFile << fp; logFile.flush();
+ getStream() << fp; getStream().flush();
return *this;
}
LogUnit & operator<<(ios_base & (*fp)(ios_base&)) {
- logFile << fp; logFile.flush();
+ getStream() << fp; getStream().flush();
return *this;
}
} logStream;

18
pkgs/applications/editors/emacs-modes/elpa-generated.nix
View File

@ -175,10 +175,10 @@
}) {};
auctex = callPackage ({ elpaBuild, fetchurl, lib }: elpaBuild {
pname = "auctex";
version = "11.90.1";
version = "11.90.2";
src = fetchurl {
url = "https://elpa.gnu.org/packages/auctex-11.90.1.tar";
sha256 = "0bn5pg6v7zgqxs080bzrsx6789nzdx4622m3020ymzl66017nf0r";
url = "https://elpa.gnu.org/packages/auctex-11.90.2.tar";
sha256 = "1hid8srj64nwbxcjvdma1xy07bh0v8ndhhsi3nmx9vdi3167khz6";
};
packageRequires = [];
meta = {
@ -644,10 +644,10 @@
el-search = callPackage ({ elpaBuild, emacs, fetchurl, lib, stream }:
elpaBuild {
pname = "el-search";
version = "1.3.1";
version = "1.3.2";
src = fetchurl {
url = "https://elpa.gnu.org/packages/el-search-1.3.1.tar";
sha256 = "01f5pyalw60dr36w007mvvxry548zrhixzmba1sad19531bry7fc";
url = "https://elpa.gnu.org/packages/el-search-1.3.2.tar";
sha256 = "0lf0hk2pvy9yrb02sa3bg0hipshbgl9m4hx7db46jvmz5bf15nfq";
};
packageRequires = [ emacs stream ];
meta = {
@ -1769,10 +1769,10 @@
}) {};
stream = callPackage ({ elpaBuild, emacs, fetchurl, lib }: elpaBuild {
pname = "stream";
version = "2.2.3";
version = "2.2.4";
src = fetchurl {
url = "https://elpa.gnu.org/packages/stream-2.2.3.el";
sha256 = "1y9nh5473p0dd149g675nybsdnzp8c4mq3wdql066nir7scz6rhy";
url = "https://elpa.gnu.org/packages/stream-2.2.4.tar";
sha256 = "1fdjjxfnpzfv5jsy0wmmnrsk821bg8d3magsng609fb2pkwvk1ij";
};
packageRequires = [ emacs ];
meta = {

1456
pkgs/applications/editors/emacs-modes/melpa-generated.nix
View File

File diff suppressed because it is too large Load Diff

490
pkgs/applications/editors/emacs-modes/melpa-stable-generated.nix
View File

@ -1157,12 +1157,12 @@
all-the-icons = callPackage ({ emacs, fetchFromGitHub, fetchurl, font-lock-plus, lib, melpaBuild }:
melpaBuild {
pname = "all-the-icons";
version = "2.4.0";
version = "2.5.0";
src = fetchFromGitHub {
owner = "domtronn";
repo = "all-the-icons.el";
rev = "4f7c556167e42c02d2f840aec345b8f60b71c477";
sha256 = "0vhmw6z6q5a3abxphxxq5yd37hz5x9hs61vgx4wfyk2853701ks0";
rev = "2169d831731d206902114de3fc1b075b9e6b4ed4";
sha256 = "125qw96rzbkv39skxk5511jrcx9hxm0fqcmny6213wzswgdn37z3";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/604c01aa15927bd122260529ff0f4bb6a8168b7e/recipes/all-the-icons";
@ -1564,12 +1564,12 @@
anything-tramp = callPackage ({ anything, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "anything-tramp";
version = "0.3.3";
version = "0.4.3";
src = fetchFromGitHub {
owner = "masasam";
repo = "emacs-anything-tramp";
rev = "08bf0752e5b885a0492fbd0d7790668683c87797";
sha256 = "13026l259vbbgi7q0lb6jb7d54z6jgapv0d2qlprh9mlqjf32xic";
rev = "c4629201a63047f9094be0d9150f201dd5be18ad";
sha256 = "0fr4brysc7sk89jp1ggl68r3r6ikrhipb2h5kc1b2a8vz7i05bq9";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/855ea20024b606314f8590129259747cac0bcc97/recipes/anything-tramp";
@ -2680,6 +2680,27 @@
license = lib.licenses.free;
};
}) {};
binclock = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "binclock";
version = "1.10";
src = fetchFromGitHub {
owner = "davep";
repo = "binclock.el";
rev = "2e529ace67a04e6872a2328769782ef33b0e463a";
sha256 = "0ldyx90lrhfn7qypxsmaf2yhpamjiqzvsk0b0jlgg09ars1fvhns";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/95dfa38d795172dca6a09cd02e21630747723949/recipes/binclock";
sha256 = "1s0072kcd1xp8355j8aph94gb3a1wqmzx1hhfp9d6bzqf6cij8gk";
name = "binclock";
};
packageRequires = [ cl-lib ];
meta = {
homepage = "https://melpa.org/#/binclock";
license = lib.licenses.free;
};
}) {};
bind-key = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "bind-key";
@ -2893,12 +2914,12 @@
boxquote = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "boxquote";
version = "2.0";
version = "2.1";
src = fetchFromGitHub {
owner = "davep";
repo = "boxquote.el";
rev = "b0239fb7b7a9d75d4ac3c66f9b96abd911dbf4e0";
sha256 = "0agnsghxf35b6g49radxigw81bmvw1ggljzzmy771nmwl44q2dbb";
rev = "b6a4ad3ee5b327bd3b1bf65f8733bd301fe59883";
sha256 = "1f61k3sw9zvn6jq60ygi6p66blr52497fadimzcaspa79k9y1cfm";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/d2148f8f17b16154bfc337df69a5ad31e25a9b05/recipes/boxquote";
@ -5028,6 +5049,27 @@
license = lib.licenses.free;
};
}) {};
company-shell = callPackage ({ cl-lib ? null, company, dash, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "company-shell";
version = "1.0";
src = fetchFromGitHub {
owner = "Alexander-Miller";
repo = "company-shell";
rev = "40599df46a7e4b7b1ef5ad6e23764dda8510bbf4";
sha256 = "1qnlqwifrlbzcsi1lf1s7c32v6szpi5n6ngmj2lmdyic2b3pv1id";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/bbaa05d158f3806b9f79a2c826763166dbee56ca/recipes/company-shell";
sha256 = "0my9jghf3s4idkgrpki8mj1lm5ichfvznb09lfwf07fjhg0q1apz";
name = "company-shell";
};
packageRequires = [ cl-lib company dash ];
meta = {
homepage = "https://melpa.org/#/company-shell";
license = lib.licenses.free;
};
}) {};
company-sourcekit = callPackage ({ company, dash, dash-functional, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild, sourcekit }:
melpaBuild {
pname = "company-sourcekit";
@ -7890,11 +7932,11 @@
}) {};
eide = callPackage ({ fetchgit, fetchurl, lib, melpaBuild }: melpaBuild {
pname = "eide";
version = "2.1.1";
version = "2.1.2";
src = fetchgit {
url = "git://git.tuxfamily.org/gitroot/eide/emacs-ide.git";
rev = "524494fd2b23217c6807b30b43bb95b5724f809e";
sha256 = "0w9j5q5pzw55nwsw5wic7dl7psvg75vk1cxhrz2isgra6gissh9z";
rev = "5f046ea74eee7af9afbd815c2bfd11fa9c72e6b3";
sha256 = "1bd9vqqzhbkpfr80r91r65gv6mqnjqfnyclylivg79sfkkahil9n";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/855ea20024b606314f8590129259747cac0bcc97/recipes/eide";
@ -8390,22 +8432,22 @@
license = lib.licenses.free;
};
}) {};
elpa-clone = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
elpa-clone = callPackage ({ cl-lib ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "elpa-clone";
version = "0.0.4";
version = "0.0.5";
src = fetchFromGitHub {
owner = "dochang";
repo = "elpa-clone";
rev = "8d0827b03b08eb4844e2b8465c27d5aa0e12101d";
sha256 = "1ik2k6ngzg3znfp4a36f7m5ca6p3iivfb7w280w3gm5x1ja8as2a";
rev = "144bee09445b30cbf4f60b371a289f0d75a387aa";
sha256 = "1k80y3wcqvhdbc0w5ybicn2hqjldp7b4jwraca2b99676c0yiq25";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/11861edd9c7f9deebd44fd1f8ef648e7a04caf2b/recipes/elpa-clone";
sha256 = "172gpmpwf75y41n3v05l47w34x83vy63bqk97fd8a6b4dkj91lqa";
name = "elpa-clone";
};
packageRequires = [ cl-lib ];
packageRequires = [ cl-lib emacs ];
meta = {
homepage = "https://melpa.org/#/elpa-clone";
license = lib.licenses.free;
@ -9014,22 +9056,22 @@
license = lib.licenses.free;
};
}) {};
enh-ruby-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
enh-ruby-mode = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "enh-ruby-mode";
version = "20150711";
version = "20170417";
src = fetchFromGitHub {
owner = "zenspider";
repo = "enhanced-ruby-mode";
rev = "f945cff5e784e23e0028bf0a5221f4f47a822fac";
sha256 = "1f6zyz5jmbrvv37mbzsvwb3ycmq105p4ryz8p65b76jz3ps8yq5w";
rev = "2e483fe316ff993c80eafcf4ce4defd87d97776d";
sha256 = "1xzhgmbc9iplxmqm7gc4hqk6nfdhqcrxz8g9kkf5ww3dx1czhiv7";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/cd1ac1ce69b77b11f34c4175611a852e7ec0806c/recipes/enh-ruby-mode";
sha256 = "0r486yajjf7vsaz92ypxpfmz2nsvw9giffpxb9szj7fcry3nfdns";
name = "enh-ruby-mode";
};
packageRequires = [];
packageRequires = [ emacs ];
meta = {
homepage = "https://melpa.org/#/enh-ruby-mode";
license = lib.licenses.free;
@ -9381,12 +9423,12 @@
erlang = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "erlang";
version = "19.3.1";
version = "19.3.2";
src = fetchFromGitHub {
owner = "erlang";
repo = "otp";
rev = "d25ad84195ca42969fbfb017a52aab8c8effc246";
sha256 = "06jxpypw8i13gjiq006p0ahy0mlkxhmpq8fhn4pp7hi2n4ycnfj1";
rev = "6acb7d6fb8d23c0b0b78d30a618d2636ad463e6e";
sha256 = "1a3yk18sr3y524jl8icp8qh5j143ykxs51xdwz2bzxac2y78k0xk";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/d9cd526f43981e0826af59cdc4bb702f644781d9/recipes/erlang";
@ -9965,22 +10007,22 @@
license = lib.licenses.free;
};
}) {};
evil-colemak-basics = callPackage ({ emacs, evil, fetchFromGitHub, fetchurl, lib, melpaBuild }:
evil-colemak-basics = callPackage ({ emacs, evil, evil-snipe, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "evil-colemak-basics";
version = "2.0.0";
version = "2.1.0";
src = fetchFromGitHub {
owner = "wbolster";
repo = "evil-colemak-basics";
rev = "f976bda20098c43be1418c36520a57467c8c6c13";
sha256 = "18f1k4z7lkh237sz4p1xz4sxzs41ywmvd6dj7k9b6d9dscv3yxws";
rev = "7844079b47f47bb1dc24c885b0ac2e67524fa960";
sha256 = "0phspmd31pcxana2lp6mqywmghhdpj6ydsrl1bjn4b1gcp1fqsy2";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/945417d19faf492fb678aee3ba692d14e7518d85/recipes/evil-colemak-basics";
sha256 = "1sbbli0hdmpc23f3g5n95svqfdg3rlvf71plyvpv1a6va9jhi83k";
name = "evil-colemak-basics";
};
packageRequires = [ emacs evil ];
packageRequires = [ emacs evil evil-snipe ];
meta = {
homepage = "https://melpa.org/#/evil-colemak-basics";
license = lib.licenses.free;
@ -10699,6 +10741,27 @@
license = lib.licenses.free;
};
}) {};
exsqlaim-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild, s }:
melpaBuild {
pname = "exsqlaim-mode";
version = "0.0.1";
src = fetchFromGitHub {
owner = "ahmadnazir";
repo = "exsqlaim-mode";
rev = "e77d2a07addffd7df4393019d9c3dad1ab1925d9";
sha256 = "19v5sf3nf6dciakvs7ksbg66b5z1hybc4ivs24hm6k3fziblfzzs";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/7f660d7629bc27144c99ebcba45f1b06b14c5745/recipes/exsqlaim-mode";
sha256 = "0ssn48wcn3x066nsl8y78y57ndasqv5x6ifxbifdxl3f5vjhyvg7";
name = "exsqlaim-mode";
};
packageRequires = [ s ];
meta = {
homepage = "https://melpa.org/#/exsqlaim-mode";
license = lib.licenses.free;
};
}) {};
extend-dnd = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "extend-dnd";
@ -10720,6 +10783,27 @@
license = lib.licenses.free;
};
}) {};
exwm-x = callPackage ({ cl-lib ? null, exwm, fetchFromGitHub, fetchurl, lib, melpaBuild, swiper, switch-window }:
melpaBuild {
pname = "exwm-x";
version = "0.6";
src = fetchFromGitHub {
owner = "tumashu";
repo = "exwm-x";
rev = "87715a6891b31bc19954ea9fe1c1a9bf57bdbbce";
sha256 = "0x9gg3fy5xw3vf8gyfa5j5k08gnnfpsyjh4dk80sbbnf0z7cwycw";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/a0e6e23bcffdcd1e17c70599c563609050e5de40/recipes/exwm-x";
sha256 = "1d9q57vz63sk3h1g5gvp9xnmqkpa73wppmiy2bv8mxk11whl6xa3";
name = "exwm-x";
};
packageRequires = [ cl-lib exwm swiper switch-window ];
meta = {
homepage = "https://melpa.org/#/exwm-x";
license = lib.licenses.free;
};
}) {};
eyebrowse = callPackage ({ dash, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "eyebrowse";
@ -10993,22 +11077,22 @@
license = lib.licenses.free;
};
}) {};
finalize = callPackage ({ cl-lib ? null, eieio ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
finalize = callPackage ({ cl-generic, cl-lib ? null, eieio ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "finalize";
version = "1.0.0";
version = "2.0.0";
src = fetchFromGitHub {
owner = "skeeto";
repo = "elisp-finalize";
rev = "72c8eaab3deb150ee2cf7f1473114cecffb5204a";
sha256 = "1r9y9zschavi28c5ysrlh56vxszjfyhh5r36fhn74i0b5iiy15rx";
rev = "0f7d47c4d50f1c76fc3b43bfc2d4886dd3e8ca27";
sha256 = "1gvlm4i62af5jscwz0jccc8ra0grprxpg2rlq91d5nn8dn5lpy79";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/1b55869b5183644de02687d2e56f9b68854ccda3/recipes/finalize";
sha256 = "1n0w4kdzc4hv4pprv13lr88gh46slpxdvsc162nqm5mrqp9giqqq";
name = "finalize";
};
packageRequires = [ cl-lib eieio emacs ];
packageRequires = [ cl-generic cl-lib eieio emacs ];
meta = {
homepage = "https://melpa.org/#/finalize";
license = lib.licenses.free;
@ -11273,6 +11357,27 @@
license = lib.licenses.free;
};
}) {};
flatui-dark-theme = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "flatui-dark-theme";
version = "0.3.0";
src = fetchFromGitHub {
owner = "theasp";
repo = "flatui-dark-theme";
rev = "af5c84e2a2810748cc71a68ec7ba333097cc1f63";
sha256 = "0c0pm67d8w9jdraap0sswvx7ywly9ifimij2c5w9p4hiph8gisr9";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/5f9dc5abeb37422c63cac74f9a006d54c4a7c5a5/recipes/flatui-dark-theme";
sha256 = "1mswmkhi43fm0cmdgf0ywpy9lmapy0syl65kqh68sa3jqbznhm6y";
name = "flatui-dark-theme";
};
packageRequires = [ emacs ];
meta = {
homepage = "https://melpa.org/#/flatui-dark-theme";
license = lib.licenses.free;
};
}) {};
floobits = callPackage ({ fetchFromGitHub, fetchurl, highlight, json ? null, lib, melpaBuild }:
melpaBuild {
pname = "floobits";
@ -11294,24 +11399,24 @@
license = lib.licenses.free;
};
}) {};
flow-mode = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild, web-mode }:
flow-minor-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "flow-mode";
pname = "flow-minor-mode";
version = "0.1";
src = fetchFromGitHub {
owner = "an-sh";
repo = "flow-mode";
repo = "flow-minor-mode";
rev = "eb2372b0acf740ed3c5f9c048addbb8048e04458";
sha256 = "0ajdzpjghm7iscv2c6nwwx4v1639map104ldsi978iw8hy7m1mmp";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/3eca3f0c0a4dda79d00cbd0045eb0925bb3ce2e4/recipes/flow-mode";
sha256 = "0hq1lkn4mn6r8ih74d52hba1a6gb6pg4qcv60sfsiga4b737yla8";
name = "flow-mode";
url = "https://raw.githubusercontent.com/milkypostman/melpa/66504f789069922ea56f268f4da90fac52b601ff/recipes/flow-minor-mode";
sha256 = "190dv225sb37jawzrasd7qkbznrmkrdnb90l44il63vrlmjv3r1s";
name = "flow-minor-mode";
};
packageRequires = [ emacs web-mode ];
packageRequires = [];
meta = {
homepage = "https://melpa.org/#/flow-mode";
homepage = "https://melpa.org/#/flow-minor-mode";
license = lib.licenses.free;
};
}) {};
@ -11696,12 +11801,12 @@
flycheck-objc-clang = callPackage ({ emacs, fetchFromGitHub, fetchurl, flycheck, lib, melpaBuild }:
melpaBuild {
pname = "flycheck-objc-clang";
version = "1.0.6";
version = "1.1.0";
src = fetchFromGitHub {
owner = "GyazSquare";
repo = "flycheck-objc-clang";
rev = "11805f1d420e297db0346a6657f144b08e2ca556";
sha256 = "1s9bk3k7ys79m2iww4yf1abfy01d08z9x9pfq8l045q0snsh64il";
rev = "b16b77f95e4e53a8951ebee6209a5de311748447";
sha256 = "0lda99wscj89vhzg9wq7akm3dx1zlf90m91ifr627vcw2mzj4wkh";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/4ff4412f507371b93cfb85fc744e54110cd87338/recipes/flycheck-objc-clang";
@ -12725,12 +12830,12 @@
fountain-mode = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "fountain-mode";
version = "2.2.2";
version = "2.3.0";
src = fetchFromGitHub {
owner = "rnkn";
repo = "fountain-mode";
rev = "4e88b7525c2f39c3d25f689b394b0ece7c6eed6d";
sha256 = "1vcc8sdm0b3kss3g47wggc6mv28pr474559d3786fhncp5mxl1qq";
rev = "37289bb68f01dd49b1192032ade6b0741d024a54";
sha256 = "06bqnyx2h0ypyxy5vxrh3v75qqfcmfgx31xkip7w6sj6pbfc8dq5";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/913386ac8d5049d37154da3ab32bde408a226511/recipes/fountain-mode";
@ -12835,6 +12940,25 @@
license = lib.licenses.free;
};
}) {};
fuel = callPackage ({ fetchgit, fetchurl, lib, melpaBuild }: melpaBuild {
pname = "fuel";
version = "0.96";
src = fetchgit {
url = "git://factorcode.org/git/factor.git";
rev = "905ec06d864537fb6be9c46ad98f1b6d101dfbf0";
sha256 = "0ip7azxi5nvp8vvi15ds46mgs0fmi7gq97f2iz1c7m67ml5wi2g7";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/0c3633c23baa472560a489fc663a0302f082bcef/recipes/fuel";
sha256 = "0m24p2788r4xzm56hm9kmpzcskwh82vgbs3hqfb9xygpl4isp756";
name = "fuel";
};
packageRequires = [];
meta = {
homepage = "https://melpa.org/#/fuel";
license = lib.licenses.free;
};
}) {};
full-ack = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "full-ack";
@ -13423,6 +13547,27 @@
license = lib.licenses.free;
};
}) {};
git-commit-insert-issue = callPackage ({ bitbucket, fetchFromGitLab, fetchurl, github-issues, gitlab, helm, lib, melpaBuild, projectile, s }:
melpaBuild {
pname = "git-commit-insert-issue";
version = "0.3";
src = fetchFromGitLab {
owner = "emacs-stuff";
repo = "git-commit-insert-issue";
rev = "7ee9dc88acc1e766700a6170a2ba6b0b853220db";
sha256 = "1fi0gy0093dwdcsl7ikzdjxklqrf1p6f99bpxi4xzk2waca70klf";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/855ea20024b606314f8590129259747cac0bcc97/recipes/git-commit-insert-issue";
sha256 = "0xhlchr7dbm0hp4cjba3x1fdf7lnfc97id327i2fqgkdc4yn9fax";
name = "git-commit-insert-issue";
};
packageRequires = [ bitbucket github-issues gitlab helm projectile s ];
meta = {
homepage = "https://melpa.org/#/git-commit-insert-issue";
license = lib.licenses.free;
};
}) {};
git-gutter = callPackage ({ cl-lib ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "git-gutter";
@ -16311,12 +16456,12 @@
helm-org-rifle = callPackage ({ dash, emacs, f, fetchFromGitHub, fetchurl, helm, lib, melpaBuild, s }:
melpaBuild {
pname = "helm-org-rifle";
version = "1.3.0";
version = "1.4.0";
src = fetchFromGitHub {
owner = "alphapapa";
repo = "helm-org-rifle";
rev = "c8ad1d86dd375f1be433b95e2bc40876f663663f";
sha256 = "1ia960sqkbc5bqljjb0arw54q90x36lhp0230s75xcg6m47bxpw3";
rev = "6d467b82d8c7584b7ab839bbaaac701af393209b";
sha256 = "1mmwms4s52537sq17zhm8sakyq1mkf4nqcxgydsg4zlmvzzxpz8l";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/f39cc94dde5aaf0d6cfea5c98dd52cdb0bcb1615/recipes/helm-org-rifle";
@ -16773,12 +16918,12 @@
helm-tramp = callPackage ({ emacs, fetchFromGitHub, fetchurl, helm, lib, melpaBuild }:
melpaBuild {
pname = "helm-tramp";
version = "0.3.3";
version = "0.4.3";
src = fetchFromGitHub {
owner = "masasam";
repo = "emacs-helm-tramp";
rev = "68d4c614830970e9eaf929882e1d395a61872bea";
sha256 = "0zfhdlzpy6w7prdh60nd98cwgzfqfsn87xh2kb5hi40dh8gsccfb";
rev = "0885339369b65bc5d06829d82af734560dc45555";
sha256 = "088bpikbnsaxsjfq896fcg7y9qgvfbq7iwxsh391yc6h46zgarkk";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/855ea20024b606314f8590129259747cac0bcc97/recipes/helm-tramp";
@ -16941,12 +17086,12 @@
hierarchy = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "hierarchy";
version = "0.2.0";
version = "0.4.0";
src = fetchFromGitHub {
owner = "DamienCassou";
repo = "hierarchy";
rev = "d44d60d85cbeaf81d5e02ba154f4fcdca9faf7fd";
sha256 = "14zww0174vwf08fl9fv23faqn2byapb80rn72z4iv54p6pqykc2f";
rev = "ca919a4c71c187e1fbbad7e814aac1cf662ec51a";
sha256 = "0rrrj44ml2ymvxmg8igpn2irdhihv3djy5dfm6p6499cm64mawai";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/7aea238a2d14e9f58c0474251984b6c617b6854d/recipes/hierarchy";
@ -19539,6 +19684,27 @@
license = lib.licenses.free;
};
}) {};
kaolin-theme = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "kaolin-theme";
version = "0.6";
src = fetchFromGitHub {
owner = "0rdy";
repo = "kaolin-theme";
rev = "041cc6637a58a3a24086d1c2b8c3eb113434127e";
sha256 = "1qx6568s8wj6ha8wfy8hih1qwwcdiybdb83w3fr9lqwh0lyhjp0f";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/d2abf9d914cdc210bbd47ea92d0dac76683e21f0/recipes/kaolin-theme";
sha256 = "1316sn1xpli9aqbhn8sldyvsc2fwk1ql9aw4l0rgkfbivvcklp7c";
name = "kaolin-theme";
};
packageRequires = [ emacs ];
meta = {
homepage = "https://melpa.org/#/kaolin-theme";
license = lib.licenses.free;
};
}) {};
karma = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "karma";
@ -19899,12 +20065,12 @@
kubernetes = callPackage ({ dash, emacs, fetchFromGitHub, fetchurl, lib, magit, melpaBuild }:
melpaBuild {
pname = "kubernetes";
version = "0.6.0";
version = "0.9.0";
src = fetchFromGitHub {
owner = "chrisbarrett";
repo = "kubernetes-el";
rev = "494dae923b96a10853ba26f405059e8c04e72d22";
sha256 = "03lnflyyqags7im9gp7cq3q6fnfr9a65s62m333aydbg7dzk5pzh";
rev = "68dd3c2184e72b7a669e5706d1a3d95a220276d1";
sha256 = "163kx407jj08ifbpvvw1cp24qb4rm6l89ikgzqha01lc0bjglax5";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/16850227ea48f6f38102b9cdf80e0758766a24d2/recipes/kubernetes";
@ -19920,12 +20086,12 @@
kubernetes-evil = callPackage ({ evil, fetchFromGitHub, fetchurl, kubernetes, lib, melpaBuild }:
melpaBuild {
pname = "kubernetes-evil";
version = "0.6.0";
version = "0.9.0";
src = fetchFromGitHub {
owner = "chrisbarrett";
repo = "kubernetes-el";
rev = "494dae923b96a10853ba26f405059e8c04e72d22";
sha256 = "03lnflyyqags7im9gp7cq3q6fnfr9a65s62m333aydbg7dzk5pzh";
rev = "68dd3c2184e72b7a669e5706d1a3d95a220276d1";
sha256 = "163kx407jj08ifbpvvw1cp24qb4rm6l89ikgzqha01lc0bjglax5";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/16850227ea48f6f38102b9cdf80e0758766a24d2/recipes/kubernetes-evil";
@ -20096,8 +20262,8 @@
sha256 = "12q6wblwnb6y5c1882jz14742fqbm6p5jpzlvz7p90ylqfl7h989";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/851eca11911b337f809d030785dc2608c8a47424/recipes/ledger-mode";
sha256 = "19vljgprgfpb9bkbdvkqnwc5pjn1rl0rniwav08a2c6kd2g59xaf";
url = "https://raw.githubusercontent.com/milkypostman/melpa/1549048b6f57fbe9d1f7fcda74b78a7294327b7b/recipes/ledger-mode";
sha256 = "10asbcb5syv3b75bngsab3c84dp2xmc0q7s29im6kf4mzv5zcfcf";
name = "ledger-mode";
};
packageRequires = [];
@ -20494,12 +20660,12 @@
live-py-mode = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "live-py-mode";
version = "2.14.0";
version = "2.15.0";
src = fetchFromGitHub {
owner = "donkirkby";
repo = "live-py-plugin";
rev = "51b1e177f115ab527cc47baf98abe09d43d9a95f";
sha256 = "0rcxrq3r4vbr9zb844andy1zj246gs8s1ksqp1f092fiiyqpllnx";
rev = "f5603fb6bcfbae1e6950da7f91c3a15cf5250bb1";
sha256 = "1zzk3rc86xrkys3rcqiz61mnp00jkvb05f8p21av52h19axm4nn8";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/c7615237e80b46b5c50cb51a3ed5b07d92566fb7/recipes/live-py-mode";
@ -20921,12 +21087,12 @@
magit-gitflow = callPackage ({ fetchFromGitHub, fetchurl, lib, magit, magit-popup, melpaBuild }:
melpaBuild {
pname = "magit-gitflow";
version = "2.2.1";
version = "2.2.2";
src = fetchFromGitHub {
owner = "jtatarik";
repo = "magit-gitflow";
rev = "a2b7b85134784317445faee13d647fb62401ea23";
sha256 = "1m6hnds12gpj66hcpaxgncapvslh0dml99r1vhg0r8rlmnmf0b9p";
rev = "5bdcfe0a7bf4f5bb9a927baa4880233bf11a4a6b";
sha256 = "12pi6aw44lnzzcw0zgz5rxvcf4p700fkz4q2skbapwmds8gw3fg9";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/dfaeb33dec2c75d21733b6e51d063664c6544e4d/recipes/magit-gitflow";
@ -21324,6 +21490,27 @@
license = lib.licenses.free;
};
}) {};
markup = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "markup";
version = "2.0.1";
src = fetchFromGitHub {
owner = "leoc";
repo = "markup.el";
rev = "876da2d3f23473475bb0fd0a1480ae11d2671291";
sha256 = "0rggadka5aqgrik3qky6s75s5yb5bfj6fcpxjz1iyrwi0fka0akd";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/a75c955ad6b2f68b8933329e545625d948f6f8f4/recipes/markup";
sha256 = "0yw4b42nc2n7nanqvj596hwjf0p4qc7x6g2d9g5cwi7975iak8pf";
name = "markup";
};
packageRequires = [ cl-lib ];
meta = {
homepage = "https://melpa.org/#/markup";
license = lib.licenses.free;
};
}) {};
markup-faces = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "markup-faces";
@ -21366,6 +21553,27 @@
license = lib.licenses.free;
};
}) {};
mastodon = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "mastodon";
version = "0.6.0";
src = fetchFromGitHub {
owner = "jdenen";
repo = "mastodon.el";
rev = "9b9e0bb7c4d414ffc26a0547d1e76cd106cc58b6";
sha256 = "1cjx022zrn7jbcq1x7x61xayhlpik2bm6vs37hh382ad7bnqgcyb";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/809d963b69b154325faaf61e54ca87b94c1c9a90/recipes/mastodon";
sha256 = "1bsyf4j6zs9gin0k7p22yv5gaqd6m3vdc2fiagfbs7gxsmhb6p4i";
name = "mastodon";
};
packageRequires = [ emacs ];
meta = {
homepage = "https://melpa.org/#/mastodon";
license = lib.licenses.free;
};
}) {};
material-theme = callPackage ({ emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "material-theme";
@ -21600,12 +21808,12 @@
merlin = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "merlin";
version = "2.5.3";
version = "2.5.4";
src = fetchFromGitHub {
owner = "the-lambda-church";
repo = "merlin";
rev = "89f9643c08211a770454919551a7fd8605d1fca8";
sha256 = "13x0zjd297ssqmbvba32zk2p588kznd5ag4wh3nqb6fdgyzy4d63";
rev = "420416f182d2ea2a2285ab4bd22e5898dfb20a83";
sha256 = "101vk16c5wayd51s8w0mvy99bk7q3gm2gz8i8616wa1lmyszjknh";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/b1b9bfd3164e62758dc0a3362d85c6627ed7cbf8/recipes/merlin";
@ -23317,12 +23525,12 @@
nyan-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "nyan-mode";
version = "1.1.1";
version = "1.1.2";
src = fetchFromGitHub {
owner = "TeMPOraL";
repo = "nyan-mode";
rev = "b5db3a612bba35c8f54f44c300ebc879db6b3288";
sha256 = "199ii1658k4sp5krha77n9l5jblyvnvvvr28g2nbc74lfybckjwq";
rev = "4195cd368aca8f05a71cbff4e60cfa9dde10319a";
sha256 = "1bnfxw6cnhsqill3n32j9bc6adl437ia9ivbwvwjpz1ay928yxm7";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/4d8c3000df5f2ee2493a54dee6f9b65008add753/recipes/nyan-mode";
@ -23653,12 +23861,12 @@
omni-log = callPackage ({ dash, emacs, fetchFromGitHub, fetchurl, ht, lib, melpaBuild, s }:
melpaBuild {
pname = "omni-log";
version = "0.1.2";
version = "0.3.3";
src = fetchFromGitHub {
owner = "AdrieanKhisbe";
repo = "omni-log.el";
rev = "7eb30e42cc89064abb7acbec63cb9644c2ad7c9b";
sha256 = "030f983n19n64f8irif102nncvam04xpx020vfgja9886wlj40pk";
rev = "e86c80065030306645e28badcb0c25c549560106";
sha256 = "10nsl45z3a1mvagffcsqj501x8wk3avmsncyn9laq3k4z1hjgdz5";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/47bb19bb7b4713c3fd82c1035a2fe66588c069e3/recipes/omni-log";
@ -23674,12 +23882,12 @@
omni-quotes = callPackage ({ dash, f, fetchFromGitHub, fetchurl, ht, lib, melpaBuild, omni-log, s }:
melpaBuild {
pname = "omni-quotes";
version = "0.3.0";
version = "0.4.22";
src = fetchFromGitHub {
owner = "AdrieanKhisbe";
repo = "omni-quotes.el";
rev = "be1e719c046ca468275ed844989320f48358f2cd";
sha256 = "0sc4mhvxj91rs4h1vg3x759fq77cmlzkqyn5wv456w3w3g2narxw";
rev = "a10eca089dd87389c99f5c5ef8e3f8779f2652d2";
sha256 = "0i2xnpa6jickpp2i47c5l7c6djxz2lli8lcx402sijzmn1lx44sj";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/3402524f79381c99fdeb81a6a5a9241c918811be/recipes/omni-quotes";
@ -24910,12 +25118,12 @@
orgit = callPackage ({ dash, emacs, fetchFromGitHub, fetchurl, lib, magit, melpaBuild, org }:
melpaBuild {
pname = "orgit";
version = "1.3.0";
version = "1.4.0";
src = fetchFromGitHub {
owner = "magit";
repo = "orgit";
rev = "cbce5871fe267fef725631b0b7365952c35ae401";
sha256 = "00iwp3bajr9hxs55rj3ka5bymhp5icsq8m44z514sb8h54fwapb7";
rev = "c91e662ace7e3ce992269cbf755f378bc6742511";
sha256 = "0x7d8wjfg61gzi6ghq4cfkizzjcpiz56j797h6kmbri73yb7xf16";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/73b5f7c44c90540e4cbdc003d9881f0ac22cc7bc/recipes/orgit";
@ -25330,12 +25538,12 @@
package-lint = callPackage ({ cl-lib ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "package-lint";
version = "0.4";
version = "0.5";
src = fetchFromGitHub {
owner = "purcell";
repo = "package-lint";
rev = "de08b846b3a031838b79445bb7a254c9de4a80f6";
sha256 = "0mvs4afjp5ab89vdz3bd9pca55brn57lxvjqjjyc6cyqxpclh06j";
rev = "1cee5135bd9a12e1b28e515a28093a751b4f7dd1";
sha256 = "1qvvdr5wx37x5jrw4hkx5vl4jmi3l1bjn97nnvwlsmzi6sgkcwsr";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/9744d8521b4ac5aeb1f28229c0897af7260c6f78/recipes/package-lint";
@ -26397,12 +26605,12 @@
pinyinlib = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "pinyinlib";
version = "0.1.0";
version = "0.1.1";
src = fetchFromGitHub {
owner = "cute-jumper";
repo = "pinyinlib.el";
rev = "f1e6c86f47e16c2bd48436630286bae8d6f8cb8c";
sha256 = "13q95z0j1mpk2yrrq0amc2jjhajaz4884bfliy2h8adh109j4q1d";
rev = "39943d226c2a42a9013421a0b4b6d5d3696bf234";
sha256 = "1nwj4c3y0kdlkf3jqd2dnibaiazrq6qcj533xk2qw4wmx072yij0";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/f4aa27985dcfaf24f1863667b89e13df4710546f/recipes/pinyinlib";
@ -27297,12 +27505,12 @@
protobuf-mode = callPackage ({ fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "protobuf-mode";
version = "3.2.1";
version = "3.3.0pre1";
src = fetchFromGitHub {
owner = "google";
repo = "protobuf";
rev = "b50c9ec1223895973d0e2fa6b6cb74ec3c8f3ce8";
sha256 = "17drjxry365als0drs56gzdpdjhkhjwg9jwvrhmq5dp9ly0rb2f4";
rev = "fba2acd72e8cbf138912295df227ee2c914158c3";
sha256 = "1862lp6br6ngfd13gz8m1x2glkz02qxbp6vj261ricbvc7fgkyd7";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/b4e7f5f641251e17add561991d3bcf1fde23467b/recipes/protobuf-mode";
@ -28830,12 +29038,12 @@
rjsx-mode = callPackage ({ emacs, fetchFromGitHub, fetchurl, js2-mode, lib, melpaBuild }:
melpaBuild {
pname = "rjsx-mode";
version = "0.1.0";
version = "0.1.2";
src = fetchFromGitHub {
owner = "felipeochoa";
repo = "rjsx-mode";
rev = "20c7bd0e704dfc1c391edf78765c8b0ec4f5b3c0";
sha256 = "142zihjqgdq4bfy1hp0pz6k109ngii4kyc8xrdvd9yvzc0y5vp8a";
rev = "b41de6c1b2f6668b674f8e5bf880f697c9ffb749";
sha256 = "1irc26kg5f22x3g48pmb1mwchivwyn41khphpgwqfjnvasz1idw9";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/b83be7efdef2457e1320fe3dec46484fbd20263c/recipes/rjsx-mode";
@ -30529,12 +30737,12 @@
smartparens = callPackage ({ cl-lib ? null, dash, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "smartparens";
version = "1.9.0";
version = "1.10.1";
src = fetchFromGitHub {
owner = "Fuco1";
repo = "smartparens";
rev = "253afc49ff30a19ea1a7af10e1e8abdb46546ac1";
sha256 = "0ml0fdvgx60vqansh4j17ihkrnyjdndkijysqhqx1q78d97vnhi4";
rev = "7841b2f02a1a99e1cb166d595f24f16a514ccbb5";
sha256 = "062g6y8an4kvfym2w56qy2iqd4ngxdxba38136ph0ckkzl0yrl7l";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/bd98f85461ef7134502d4f2aa8ce1bc764f3bda3/recipes/smartparens";
@ -30967,6 +31175,27 @@
license = lib.licenses.free;
};
}) {};
spaceline-all-the-icons = callPackage ({ all-the-icons, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild, spaceline }:
melpaBuild {
pname = "spaceline-all-the-icons";
version = "1.0.5";
src = fetchFromGitHub {
owner = "domtronn";
repo = "spaceline-all-the-icons.el";
rev = "be53e5bde0e855c012bc99602830984a7008604a";
sha256 = "19xwy2dqlp585vi2ihr85rhf609lc57l133gc3bcz09aii24lfkb";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/d039e057c1d441592da8f54e6d524b395b030375/recipes/spaceline-all-the-icons";
sha256 = "1h6clkr2f29k2vw0jcrmnfbjpphaxm7s3zai6pn6qag32bgm3jq6";
name = "spaceline-all-the-icons";
};
packageRequires = [ all-the-icons emacs spaceline ];
meta = {
homepage = "https://melpa.org/#/spaceline-all-the-icons";
license = lib.licenses.free;
};
}) {};
sparkline = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "sparkline";
@ -30991,12 +31220,12 @@
sparql-mode = callPackage ({ cl-lib ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "sparql-mode";
version = "2.0.0";
version = "2.0.1";
src = fetchFromGitHub {
owner = "ljos";
repo = "sparql-mode";
rev = "33da09b3895e03e64959005678d448ab82e527b6";
sha256 = "17fpfc0hc39y9h12mj62fwfga4mhk0c9fm2qnbnzf4i3ajhp7r2w";
rev = "a51d4e57974e8d06f7d49ada0fdca656b7470642";
sha256 = "0ywhqk6n5k0l85zjwbnrivnvxjzqipqrggv06lify6yv18qmyl6s";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/c3d729130a41903bb01465d0f01c34fbc508b56e/recipes/sparql-mode";
@ -32664,15 +32893,36 @@
license = lib.licenses.free;
};
}) {};
theme-looper = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "theme-looper";
version = "1.0.0";
src = fetchFromGitHub {
owner = "myTerminal";
repo = "theme-looper";
rev = "5e3a3ea7ad31d4b38efa2cc08f0063b230736da9";
sha256 = "06khrrjlhnzckr2zisdbx4pj6r8kmv7dbdzvzh74qz79x337lvzn";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/855ea20024b606314f8590129259747cac0bcc97/recipes/theme-looper";
sha256 = "018bixcbzri3zsasy1pp2qfvgd679ylpi9gq26qv9iwlfhlrpwgf";
name = "theme-looper";
};
packageRequires = [ cl-lib ];
meta = {
homepage = "https://melpa.org/#/theme-looper";
license = lib.licenses.free;
};
}) {};
thinks = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "thinks";
version = "1.10";
version = "1.11";
src = fetchFromGitHub {
owner = "davep";
repo = "thinks.el";
rev = "370d399703d232010599d24a242b5f91e25a1b9d";
sha256 = "1kac32mgk2gcchh9lvnny81xq03h4656v05xyd3fpkpr30sisyrq";
rev = "f5a339b21cd5044f7b66beafab7c2d822c36f9e5";
sha256 = "1qjwzr9q98da25rf8hjgancb0k2kgr8xllhb4lhnqc8jsc4qnn5v";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/439957cabf379651dc243219a83c3c96bae6f8cf/recipes/thinks";
@ -33428,12 +33678,12 @@
uptimes = callPackage ({ cl-lib ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "uptimes";
version = "3.3";
version = "3.5";
src = fetchFromGitHub {
owner = "davep";
repo = "uptimes.el";
rev = "2be31db3508513478d3f27f4eff2ff1094786b4e";
sha256 = "177d1h84w9rr6x3hsq9z7sbr8s8pippgy0l99gpdhycbff6a7cwg";
rev = "07bcd6517243c9c9f61172202d33718bd9b2a850";
sha256 = "0n416p47j4cl84lq8wcgmkagkws7a9n4g9307v1s91s2gqmfia3n";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/72099e35ce3e34ec6afc6a3f87a4da07ec91499a/recipes/uptimes";
@ -33659,12 +33909,12 @@
vhdl-tools = callPackage ({ emacs, fetchFromGitHub, fetchurl, ggtags, helm, lib, melpaBuild, outshine }:
melpaBuild {
pname = "vhdl-tools";
version = "5.4";
version = "5.5";
src = fetchFromGitHub {
owner = "csantosb";
repo = "vhdl-tools";
rev = "6f3f8ba58432dfdac59122164c732ccc0dfc475b";
sha256 = "076v5zafalv1r14ms90zs1p7yq11fzff4vywrda6dh63i0yk2vxs";
rev = "af4ff24ae4489e0a3bfbbddf6bc934f66b0af527";
sha256 = "1z88wy7m6rj028dqxzyyyf67gw4jqd72dgsvlr8inwimds2iplbv";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/69fe2f8fb98ac1af1d3185f62ae1c89e646cfebf/recipes/vhdl-tools";
@ -34121,12 +34371,12 @@
webpaste = callPackage ({ cl-lib ? null, emacs, fetchFromGitHub, fetchurl, lib, melpaBuild, request }:
melpaBuild {
pname = "webpaste";
version = "1.1.0";
version = "1.2.1";
src = fetchFromGitHub {
owner = "etu";
repo = "webpaste.el";
rev = "f6583397a4f8c9cde6b556175a6e05303d6238de";
sha256 = "0z7pkqfli1lqvfjjaf8p1sbbwf0f7xgz87k3rqqav9xyc9iqh0ni";
rev = "69f94520035282c3eb838e6f240a6db93e54b99c";
sha256 = "0qxcx2pns77s4mgr1cfzvlhxmfvzckx52phq63b2wmxkijkbwpba";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/13847d91c1780783e516943adee8a3530c757e17/recipes/webpaste";
@ -34541,12 +34791,12 @@
winum = callPackage ({ cl-lib ? null, fetchFromGitHub, fetchurl, lib, melpaBuild }:
melpaBuild {
pname = "winum";
version = "1.0.0";
version = "1.0.2";
src = fetchFromGitHub {
owner = "deb0ch";
repo = "emacs-winum";
rev = "e89791b90e45f588f9e8c11884ea1daf3dc98518";
sha256 = "1gd0byijl5cyn6gkf5pkadzqvczshgizfrr3ddg6czvgblf1vgl9";
rev = "8e886302c7e1d8fd521a95e0f00d6efab295a883";
sha256 = "19rf806v3yv6qy6p8mf54g1whdrh7vc107z31kqaqdwq681fhi37";
};
recipeFile = fetchurl {
url = "https://raw.githubusercontent.com/milkypostman/melpa/c1caa7a54a910a44322fdee300e8cce6ddcde071/recipes/winum";

28
pkgs/applications/editors/emacs/default.nix
View File

@ -26,35 +26,15 @@ let
in
stdenv.mkDerivation rec {
name = "emacs-${version}${versionModifier}";
version = "25.1";
version = "25.2";
versionModifier = "";
src = fetchurl {
url = "mirror://gnu//emacs/${name}.tar.xz";
sha256 = "0cwgyiyymnx4xdg99dm2drfxcyhy2jmyf0rkr9fwj9mwwf77kwhr";
url = "mirror://gnu/emacs/${name}.tar.xz";
sha256 = "1ykkq0xl28ljdg61bm6gzy04ww86ajms98gix72qg6cpr6a53dar";
};
patches = (lib.optional stdenv.isDarwin ./at-fdcwd.patch) ++ [
## Fixes a segfault in emacs 25.1
## http://lists.gnu.org/archive/html/emacs-devel/2016-10/msg00917.html
## https://debbugs.gnu.org/cgi/bugreport.cgi?bug=24358
(fetchurl {
url = http://git.savannah.gnu.org/cgit/emacs.git/patch/?id=9afea93ed536fb9110ac62b413604cf4c4302199;
sha256 = "0pshhq8wlh98m9hm8xd3g7gy3ms0l44dq6vgzkg67ydlccziqz40"; })
(fetchurl {
url = http://git.savannah.gnu.org/cgit/emacs.git/patch/?id=71ca4f6a43bad06192cbc4bb8c7a2d69c179b7b0;
sha256 = "0h76wrrqyrky441immprskx5x7200zl7ajf7hyg4da22q7sr09qa"; })
(fetchurl {
url = http://git.savannah.gnu.org/cgit/emacs.git/patch/?id=1047496722a58ef5b736dae64d32adeb58c5055c;
sha256 = "0hk9pi3f2zj266qj8armzpl0z8rfjg0m9ss4k09mgg1hyz80wdvv"; })
(fetchurl {
url = http://git.savannah.gnu.org/cgit/emacs.git/patch/?id=96ac0c3ebce825e60595794f99e703ec8302e240;
sha256 = "1q2hqkjvj9z46b5ik56lv9wiibz09mvg2q3pn8fnpa04ki3zbh4x"; })
(fetchurl {
url = http://git.savannah.gnu.org/cgit/emacs.git/patch/?id=43986d16fb6ad78a627250e14570ea70bdb1f23a;
sha256 = "1wlyy04qahvls7bdrcxaazh9k27gksk7if1q58h83f7h6g9xxkzj";
})
];
patches = (lib.optional stdenv.isDarwin ./at-fdcwd.patch);
nativeBuildInputs = [ pkgconfig ]
++ lib.optionals srcRepo [ autoconf automake texinfo ]

15
pkgs/applications/editors/emacs/macport.nix
View File

@ -4,21 +4,21 @@
}:
stdenv.mkDerivation rec {
emacsVersion = "25.1";
emacsVersion = "25.2";
emacsName = "emacs-${emacsVersion}";
macportVersion = "6.1";
macportVersion = "6.3";
name = "emacs-mac-${emacsVersion}-${macportVersion}";
builder = ./builder.sh;
src = fetchurl {
url = "ftp://ftp.gnu.org/gnu/emacs/${emacsName}.tar.xz";
sha256 = "19f2798ee3bc26c95dca3303e7ab141e7ad65d6ea2b6945eeba4dbea7df48f33";
url = "mirror:///gnu/emacs/${emacsName}.tar.xz";
sha256 = "1ykkq0xl28ljdg61bm6gzy04ww86ajms98gix72qg6cpr6a53dar";
};
macportSrc = fetchurl {
url = "ftp://ftp.math.s.chiba-u.ac.jp/emacs/${emacsName}-mac-${macportVersion}.tar.gz";
sha256 = "1zwxh7zsvwcg221mpjh0dhpdas3j9mc5q92pprf8yljl7clqvg62";
sha256 = "1dz11frk3ya3842lb89ixzpns9bz5f9njxdkyvjy75gfymqfhhzv";
};
hiresSrc = fetchurl {
@ -28,7 +28,9 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
buildInputs = [ ncurses libxml2 gnutls pkgconfig texinfo gettext autoconf automake];
nativeBuildInputs = [ pkgconfig autoconf automake ];
buildInputs = [ ncurses libxml2 gnutls texinfo gettext ];
propagatedBuildInputs = [
AppKit Carbon Cocoa IOKit OSAKit Quartz QuartzCore WebKit
@ -58,6 +60,7 @@ stdenv.mkDerivation rec {
"--with-xml2=yes"
"--with-gnutls=yes"
"--with-mac"
"--with-modules"
"--enable-mac-app=$$out/Applications"
];

4
pkgs/applications/editors/kile/default.nix
View File

@ -17,6 +17,7 @@
, kparts
, ktexteditor
, kwindowsystem
, okular
, poppler
}:
@ -48,6 +49,7 @@ let
kparts
ktexteditor
kwindowsystem
okular.unwrapped
poppler
qtscript
];
@ -64,5 +66,5 @@ kdeWrapper
{
inherit unwrapped;
targets = [ "bin/kile" ];
paths = [ konsole.unwrapped ];
paths = [ konsole.unwrapped okular.unwrapped ];
}

53
pkgs/applications/editors/rstudio/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, makeDesktopItem, cmake, boost155, zlib, openssl,
R, qt4, libuuid, hunspellDicts, unzip, ant, jdk, gnumake, makeWrapper,
{ stdenv, fetchurl, makeDesktopItem, cmake, boost163, zlib, openssl,
R, qt5, libuuid, hunspellDicts, unzip, ant, jdk, gnumake, makeWrapper, pandoc,
# If you have set up an R wrapper with other packages by following
# something like https://nixos.org/nixpkgs/manual/#r-packages, RStudio
# by default not be able to access any of those R packages. In order
@ -11,18 +11,18 @@ useRPackages ? false
}:
let
version = "0.98.110";
version = "1.1.216";
ginVer = "1.5";
gwtVer = "2.5.1";
gwtVer = "2.7.0";
in
stdenv.mkDerivation rec {
name = "RStudio-${version}";
buildInputs = [ cmake boost155 zlib openssl R qt4 libuuid unzip ant jdk makeWrapper ];
buildInputs = [ cmake boost163 zlib openssl R qt5.full qt5.qtwebkit qt5.qmakeHook libuuid unzip ant jdk makeWrapper pandoc ];
src = fetchurl {
url = "https://github.com/rstudio/rstudio/archive/v${version}.tar.gz";
sha256 = "0wybbvl5libki8z2ywgcd0hg0py1az484r95lhwh3jbrwfx7ri2z";
sha256 = "07lp2ybvj7ippdrp7fv7j54dp0mm6k19j1vqdvjdk95acg3xgcjf";
};
# Hack RStudio to only use the input R.
@ -38,14 +38,34 @@ stdenv.mkDerivation rec {
inherit gwtVer;
gwtSrc = fetchurl {
url = "https://s3.amazonaws.com/rstudio-buildtools/gwt-${gwtVer}.zip";
sha256 = "0fjr2rcr8lnywj54mzhg9i4xz1b6fh8yv12p5i2q5mgfld2xymy4";
sha256 = "1cs78z9a1jg698j2n35wsy07cy4fxcia9gi00x0r0qc3fcdhcrda";
};
hunspellDictionaries = builtins.attrValues hunspellDicts;
mathJaxSrc = fetchurl {
url = https://s3.amazonaws.com/rstudio-buildtools/mathjax-20.zip;
sha256 = "1ikg3fhharsfrh2fv8c53fdawqajj24nif89400l3klw1hyq4zal";
url = https://s3.amazonaws.com/rstudio-buildtools/mathjax-26.zip;
sha256 = "0wbcqb9rbfqqvvhqr1pbqax75wp8ydqdyhp91fbqfqp26xzjv6lk";
};
rmarkdownSrc = fetchurl {
url = "https://github.com/rstudio/rmarkdown/archive/95b8b1fa64f78ca99f225a67fff9817103be56.zip";
sha256 = "12fa65qr04rwsprkmyl651mkaqcbn1znwsmcjg4qsk9n5nxg0fah";
};
rsconnectSrc = fetchurl {
url = "https://github.com/rstudio/rsconnect/archive/425f3767b3142bc6b81c9eb62c4722f1eedc9781.zip";
sha256 = "1sgf9dj9wfk4c6n5p1jc45386pf0nj2alg2j9qx09av3can1dy9p";
};
rstudiolibclang = fetchurl {
url = https://s3.amazonaws.com/rstudio-buildtools/libclang-3.5.zip;
sha256 = "1sl5vb8misipwbbbykdymw172w9qrh8xv3p29g0bf3nzbnv6zc7c";
};
rstudiolibclangheaders = fetchurl {
url = https://s3.amazonaws.com/rstudio-buildtools/libclang-builtin-headers.zip;
sha256 = "0x4ax186bm3kf098izwmsplckgx1kqzg9iiyzg95rpbqsb4593qb";
};
preConfigure =
@ -66,10 +86,19 @@ stdenv.mkDerivation rec {
done
done
unzip $mathJaxSrc -d dependencies/common/mathjax
unzip $mathJaxSrc -d dependencies/common/mathjax-26
unzip $rmarkdownSrc -d dependencies/common/rmarkdown
unzip $rsconnectSrc -d dependencies/common/rsconnect
mkdir -p dependencies/common/libclang/3.5
unzip $rstudiolibclang -d dependencies/common/libclang/3.5
mkdir -p dependencies/common/libclang/builtin-headers
unzip $rstudiolibclangheaders -d dependencies/common/libclang/builtin-headers
mkdir -p dependencies/common/pandoc
cp ${pandoc}/bin/pandoc dependencies/common/pandoc/
'';
cmakeFlags = [ "-DRSTUDIO_TARGET=Desktop" ];
cmakeFlags = [ "-DRSTUDIO_TARGET=Desktop" "-DQT_QMAKE_EXECUTABLE=${qt5.qmakeHook}/bin/qmake" ];
desktopItem = makeDesktopItem {
name = name;
@ -100,7 +129,7 @@ stdenv.mkDerivation rec {
{ description = "Set of integrated tools for the R language";
homepage = http://www.rstudio.com/;
license = licenses.agpl3;
maintainers = [ maintainers.ehmry ];
maintainers = [ maintainers.ehmry maintainers.changlinli ];
platforms = platforms.linux;
};
}

13
pkgs/applications/editors/rstudio/r-location.patch
View File

@ -1,18 +1,19 @@
diff -ur rstudio-0.98.110-old/src/cpp/core/CMakeLists.txt rstudio-0.98.110-new/src/cpp/core/CMakeLists.txt
--- rstudio-0.98.110-old/src/cpp/core/r_util/REnvironmentPosix.cpp 2013-04-28 10:02:14.000000000 -0400
+++ rstudio-0.98.110-new/src/cpp/core/r_util/REnvironmentPosix.cpp 2015-03-23 15:06:35.533400807 -0400
@@ -84,9 +84,7 @@
diff -ur rstudio-1.1.216-old/src/cpp/core/CMakeLists.txt rstudio-1.1.216-new/src/cpp/core/CMakeLists.txt
--- rstudio-1.1.216-old/src/cpp/core/r_util/REnvironmentPosix.cpp 2017-04-30 03:37:26.669418665 -0400
+++ rstudio-1.1.216-new/src/cpp/core/r_util/REnvironmentPosix.cpp 2017-04-30 03:36:33.590726185 -0400
@@ -87,10 +87,7 @@
{
// define potential paths
std::vector<std::string> rScriptPaths;
- rScriptPaths.push_back("/usr/bin/R");
- rScriptPaths.push_back("/usr/local/bin/R");
- rScriptPaths.push_back("/opt/local/bin/R");
- rScriptPaths.push_back("/Library/Frameworks/R.framework/Resources/bin/R");
+ rScriptPaths.push_back("@R@/bin/R");
return scanForRScript(rScriptPaths, pErrMsg);
}
@@ -220,8 +218,7 @@
@@ -226,8 +223,7 @@
// scan in standard locations as a fallback
std::string scanErrMsg;
std::vector<std::string> rScriptPaths;

6
pkgs/applications/graphics/apitrace/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "apitrace-${version}";
version = "7.1";
version = "7.1-363-ge3509be1";
src = fetchFromGitHub {
sha256 = "1n2gmsjnpyam7isg7n1ksggyh6y1l8drvx0a93bnvbcskr7jiz9a";
rev = version;
sha256 = "1xbz6gwl7kqjm7jjy5gxkdxzrg93vj1a3l19ara7rni6dii0q136";
rev = "e3509be175eda77749abffe051ed0d3eb5d14e72";
repo = "apitrace";
owner = "apitrace";
};

57
pkgs/applications/graphics/displaycal/default.nix Normal file
View File

@ -0,0 +1,57 @@
{buildPythonPackage, stdenv, fetchurl, pkgconfig
, libXext, libXxf86vm, libX11, libXrandr, libXinerama
, argyllcms, wxPython, numpy
}:
buildPythonPackage {
name = "displaycal-3.2.4.0";
enableParallelBuilding = true;
src = fetchurl {
url = mirror://sourceforge/project/dispcalgui/release/3.2.4.0/DisplayCAL-3.2.4.0.tar.gz;
sha256 = "0swkhv338d1kmfxyf30zzdjs5xpbha40pg2zysiipcbasc0xhlb8";
};
propagatedBuildInputs = [
libXext
libXxf86vm
libX11
libXrandr
libXinerama
argyllcms
wxPython
numpy
];
nativeBuildInputs = [
pkgconfig
];
preConfigure = ''
mkdir dist
cp {misc,dist}/DisplayCAL.appdata.xml
mkdir -p $out
ln -s $out/share/DisplayCAL $out/Resources
'';
# no idea why it looks there - symlink .json lang (everything)
postInstall = ''
for x in $out/share/DisplayCAL/*; do
ln -s $x $out/lib/python2.7/site-packages/DisplayCAL
done
for prog in "$out/bin/"*; do
wrapProgram "$prog" \
--prefix PYTHONPATH : "$PYTHONPATH" \
--prefix PATH : ${argyllcms}/bin
done
'';
meta = {
description = "Display Calibration and Characterization powered by Argyll CMS";
homepage = http://displaycal.net/;
license = stdenv.lib.licenses.gpl3;
maintainers = [stdenv.lib.maintainers.marcweber];
platforms = stdenv.lib.platforms.linux;
};
}

6
pkgs/applications/graphics/gimp/plugins/default.nix
View File

@ -105,7 +105,7 @@ rec {
Filters/Enhance/Smart remove selection
*/
name = "resynthesizer-0.16";
buildInputs = [ gimp pkgs.fftw ] ++ gimp.nativeBuildInputs;
buildInputs = [ gimp pkgs.fftw pkgs.pkgconfig pkgs.gtk2 ] ++ gimp.nativeBuildInputs;
src = fetchurl {
url = http://www.logarithmic.net/pfh-files/resynthesizer/resynthesizer-0.16.tar.gz;
sha256 = "1k90a1jzswxmajn56rdxa4r60v9v34fmqsiwfdxqcvx3yf4yq96x";
@ -125,7 +125,9 @@ rec {
Filters/Enhance/Smart remove selection
*/
name = "resynthesizer-2.0.1";
buildInputs = [ gimp pkgs.fftw pkgs.autoreconfHook ]
buildInputs = [ gimp pkgs.fftw pkgs.autoreconfHook pkgs.pkgconfig pkgs.gtk2
pkgs.intltool
]
++ gimp.nativeBuildInputs;
makeFlags = "GIMP_LIBDIR=$out/lib/gimp/2.0/";
src = fetchFromGitHub {

8
pkgs/applications/graphics/krita/default.nix
View File

@ -8,12 +8,12 @@
stdenv.mkDerivation rec {
name = "krita-${version}";
ver_min = "3.1.2";
version = "${ver_min}.1";
ver_min = "3.1.3";
version = "${ver_min}";
src = fetchurl {
url = "http://download.kde.org/stable/krita/${ver_min}/${name}.tar.gz";
sha256 = "934ed82c3f4e55e7819b327c838ea2f307d3bf3d040722501378b01d76a3992d";
sha256 = "125js6c8aw4bqhs28pwnl3rbgqx5yx4zsklw7bfdhy3vf6lrysw1";
};
nativeBuildInputs = [ cmake extra-cmake-modules makeQtWrapper ];
@ -40,6 +40,6 @@ stdenv.mkDerivation rec {
homepage = "https://krita.org/";
maintainers = with maintainers; [ abbradar ];
platforms = platforms.linux;
licenses = licenses.gpl2;
license = licenses.gpl2;
};
}

4
pkgs/applications/graphics/ocrad/default.nix
View File

@ -1,11 +1,11 @@
{ fetchurl, stdenv, lzip, texinfo }:
stdenv.mkDerivation rec {
name = "ocrad-0.25";
name = "ocrad-0.26";
src = fetchurl {
url = "mirror://gnu/ocrad/${name}.tar.lz";
sha256 = "1m2dblgvvjs48rsglfdwq0ib9zk8h9n34xsh67ibrg0g0ffbw477";
sha256 = "0g4fq7maybdnd1471kd05a3f5sb7spa3d26k706rk85sd5wd70y3";
};
buildInputs = [ lzip texinfo ];

2
pkgs/applications/graphics/tesseract/default.nix
View File

@ -58,6 +58,6 @@ stdenv.mkDerivation rec {
homepage = http://code.google.com/p/tesseract-ocr/;
license = stdenv.lib.licenses.asl20;
maintainers = with stdenv.lib.maintainers; [viric];
platforms = with stdenv.lib.platforms; linux;
platforms = with stdenv.lib.platforms; linux ++ darwin;
};
}

4
pkgs/applications/kde/ark/default.nix
View File

@ -4,7 +4,7 @@
extra-cmake-modules, kdoctools, makeWrapper,
karchive, kconfig, kcrash, kdbusaddons, ki18n, kiconthemes, khtml, kio,
kservice, kpty, kwidgetsaddons, libarchive,
kservice, kpty, kwidgetsaddons, libarchive, kitemmodels,
# Archive tools
p7zip, unzipNLS, zip,
@ -22,7 +22,7 @@ let
];
propagatedBuildInputs = [
khtml ki18n kio karchive kconfig kcrash kdbusaddons kiconthemes kservice
kpty kwidgetsaddons libarchive
kpty kwidgetsaddons libarchive kitemmodels
];
postInstall =
let

Some files were not shown because too many files have changed in this diff Show More