JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/NixOS/nixpkgs

Browse Source
This commit is contained in:
Dominic Steinitz 2018-03-01 09:14:18 +00:00
commit d1ac8d1e1a
1634 changed files with 23930 additions and 32463 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/meta.xml
View File

@ -53,7 +53,7 @@ $ nix-env -qa hello --json
"x86_64-linux",
"armv5tel-linux",
"armv7l-linux",
"mips64el-linux",
"mips32-linux",
"x86_64-darwin",
"i686-cygwin",
"i686-freebsd",

4
lib/maintainers.nix
View File

@ -373,6 +373,7 @@
lasandell = "Luke Sandell <lasandell@gmail.com>";
lassulus = "Lassulus <lassulus@gmail.com>";
layus = "Guillaume Maudoux <layus.on@gmail.com>";
lblasc = "Luka Blaskovic <lblasc@znode.net>";
ldesgoui = "Lucas Desgouilles <ldesgoui@gmail.com>";
league = "Christopher League <league@contrapunctus.net>";
lebastr = "Alexander Lebedev <lebastr@gmail.com>";
@ -671,6 +672,7 @@
stumoss = "Stuart Moss <samoss@gmail.com>";
SuprDewd = "Bjarki Ágúst Guðmundsson <suprdewd@gmail.com>";
suvash = "Suvash Thapaliya <suvash+nixpkgs@gmail.com>";
svsdep = "Vasyl Solovei <svsdep@gmail.com>";
swarren83 = "Shawn Warren <shawn.w.warren@gmail.com>";
swflint = "Samuel W. Flint <swflint@flintfam.org>";
swistak35 = "Rafał Łasocha <me@swistak35.com>";
@ -689,6 +691,7 @@
TealG = "Teal Gaure <~@Teal.Gr>";
teh = "Tom Hunger <tehunger@gmail.com>";
telotortium = "Robert Irelan <rirelan@gmail.com>";
teozkr = "Teo Klestrup Röijezon <teo@nullable.se>";
teto = "Matthieu Coudron <mcoudron@hotmail.com>";
tex = "Milan Svoboda <milan.svoboda@centrum.cz>";
thall = "Niclas Thall <niclas.thall@gmail.com>";
@ -713,6 +716,7 @@
treemo = "Matthieu Chevrier <matthieu.chevrier@treemo.fr>";
trevorj = "Trevor Joynson <nix@trevor.joynson.io>";
trino = "Hubert Mühlhans <muehlhans.hubert@ekodia.de>";
troydm = "Dmitry Geurkov <d.geurkov@gmail.com>";
tstrobel = "Thomas Strobel <4ZKTUB6TEP74PYJOPWIR013S2AV29YUBW5F9ZH2F4D5UMJUJ6S@hash.domains>";
ttuegel = "Thomas Tuegel <ttuegel@mailbox.org>";
tv = "Tomislav Viljetić <tv@shackspace.de>";

7
lib/systems/default.nix
View File

@ -23,10 +23,12 @@ rec {
config = parse.tripleFromSystem final.parsed;
# Just a guess, based on `system`
platform = platforms.selectBySystem final.system;
# Derived meta-data
libc =
/**/ if final.isDarwin then "libSystem"
else if final.isMinGW then "msvcrt"
else if final.isMusl then "musl"
else if final.isAndroid then "bionic"
else if final.isLinux /* default */ then "glibc"
# TODO(@Ericson2314) think more about other operating systems
else "native/impure";
@ -39,7 +41,10 @@ rec {
/**/ if final.isWindows then ".exe"
else "";
};
# Misc boolean options
useAndroidPrebuilt = false;
} // mapAttrs (n: v: v final.parsed) inspect.predicates
// args;
in final;
in assert final.useAndroidPrebuilt -> final.isAndroid;
final;
}

2
lib/systems/doubles.nix
View File

@ -9,7 +9,7 @@ let
"aarch64-linux"
"armv5tel-linux" "armv6l-linux" "armv7l-linux"
"mips64el-linux"
"mipsel-linux"
"i686-cygwin" "i686-freebsd" "i686-linux" "i686-netbsd" "i686-openbsd"

9
lib/systems/examples.nix
View File

@ -38,6 +38,13 @@ rec {
platform = platforms.aarch64-multiplatform;
};
aarch64-android-prebuilt = rec {
config = "aarch64-unknown-linux-android";
arch = "aarch64";
platform = platforms.aarch64-multiplatform;
useAndroidPrebuilt = true;
};
scaleway-c1 = armv7l-hf-multiplatform // rec {
platform = platforms.scaleway-c1;
inherit (platform.gcc) fpu;
@ -51,7 +58,7 @@ rec {
};
fuloongminipc = rec {
config = "mips64el-unknown-linux-gnu";
config = "mipsel-unknown-linux-gnu";
arch = "mips";
float = "hard";
platform = platforms.fuloong2f_n32;

8
lib/systems/inspect.nix
View File

@ -34,7 +34,15 @@ rec {
Cygwin = { kernel = kernels.windows; abi = abis.cygnus; };
MinGW = { kernel = kernels.windows; abi = abis.gnu; };
Android = [ { abi = abis.android; } { abi = abis.androideabi; } ];
Musl = with abis; map (a: { abi = a; }) [ musl musleabi musleabihf ];
Kexecable = map (family: { kernel = kernels.linux; cpu.family = family; })
[ "x86" "arm" "aarch64" "mips" ];
Efi = map (family: { cpu.family = family; })
[ "x86" "arm" "aarch64" ];
Seccomputable = map (family: { kernel = kernels.linux; cpu.family = family; })
[ "x86" "arm" "aarch64" "mips" ];
};
matchAnyAttrs = patterns:

6
lib/systems/parse.nix
View File

@ -75,7 +75,10 @@ rec {
aarch64 = { bits = 64; significantByte = littleEndian; family = "aarch64"; };
i686 = { bits = 32; significantByte = littleEndian; family = "x86"; };
x86_64 = { bits = 64; significantByte = littleEndian; family = "x86"; };
mips64el = { bits = 32; significantByte = littleEndian; family = "mips"; };
mips = { bits = 32; significantByte = bigEndian; family = "mips"; };
mipsel = { bits = 32; significantByte = littleEndian; family = "mips"; };
mips64 = { bits = 64; significantByte = bigEndian; family = "mips"; };
mips64el = { bits = 64; significantByte = littleEndian; family = "mips"; };
powerpc = { bits = 32; significantByte = bigEndian; family = "power"; };
riscv32 = { bits = 32; significantByte = littleEndian; family = "riscv"; };
riscv64 = { bits = 64; significantByte = littleEndian; family = "riscv"; };
@ -173,6 +176,7 @@ rec {
types.abi = enum (attrValues abis);
abis = setTypes types.openAbi {
android = {};
cygnus = {};
gnu = {};
msvc = {};

2
lib/systems/platforms.nix
View File

@ -561,6 +561,6 @@ rec {
"armv6l-linux" = raspberrypi;
"armv7l-linux" = armv7l-hf-multiplatform;
"aarch64-linux" = aarch64-multiplatform;
"mips64el-linux" = fuloong2f_n32;
"mipsel-linux" = fuloong2f_n32;
}.${system} or pcBase;
}

4
lib/tests/systems.nix
View File

@ -16,7 +16,7 @@ in with lib.systems.doubles; lib.runTests {
arm = assertTrue (mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv7l-linux" ]);
i686 = assertTrue (mseteq i686 [ "i686-linux" "i686-freebsd" "i686-netbsd" "i686-openbsd" "i686-cygwin" ]);
mips = assertTrue (mseteq mips [ "mips64el-linux" ]);
mips = assertTrue (mseteq mips [ "mipsel-linux" ]);
x86_64 = assertTrue (mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" ]);
cygwin = assertTrue (mseteq cygwin [ "i686-cygwin" "x86_64-cygwin" ]);
@ -24,7 +24,7 @@ in with lib.systems.doubles; lib.runTests {
freebsd = assertTrue (mseteq freebsd [ "i686-freebsd" "x86_64-freebsd" ]);
gnu = assertTrue (mseteq gnu (linux /* ++ hurd ++ kfreebsd ++ ... */));
illumos = assertTrue (mseteq illumos [ "x86_64-solaris" ]);
linux = assertTrue (mseteq linux [ "i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "aarch64-linux" "mips64el-linux" ]);
linux = assertTrue (mseteq linux [ "i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "aarch64-linux" "mipsel-linux" ]);
netbsd = assertTrue (mseteq netbsd [ "i686-netbsd" "x86_64-netbsd" ]);
openbsd = assertTrue (mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ]);
unix = assertTrue (mseteq unix (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos));

192
maintainers/scripts/gnome.sh
View File

@ -1,192 +0,0 @@
#!/usr/bin/env bash
set -o pipefail
GNOME_FTP=ftp.gnome.org/pub/GNOME/sources
# projects that don't follow the GNOME major versioning, or that we don't want to
# programmatically update
NO_GNOME_MAJOR="ghex gtkhtml gdm gucharmap"
usage() {
echo "Usage: $0 <show project>|<update project>|<update-all> [major.minor]" >&2
exit 0
}
if [ "$#" -lt 1 ]; then
usage
fi
GNOME_TOP=pkgs/desktops/gnome-3
action=$1
# curl -l ftp://... doesn't work from my office in HSE, and I don't want to have
# any conversations with sysadmin. Somehow lftp works.
if [ "$FTP_CLIENT" = "lftp" ]; then
ls_ftp() {
lftp -c "open $1; cls"
}
else
ls_ftp() {
curl -s -l "$1"/
}
fi
find_project() {
exec find "$GNOME_TOP" -mindepth 2 -maxdepth 2 -type d "$@"
}
show_project() {
local project=$1
local majorVersion=$2
local version=
if [ -z "$majorVersion" ]; then
echo "Looking for available versions..." >&2
local available_baseversions=$(ls_ftp ftp://${GNOME_FTP}/${project} | grep '[0-9]\.[0-9]' | sort -t. -k1,1n -k 2,2n)
if [ "$?" -ne 0 ]; then
echo "Project $project not found" >&2
return 1
fi
echo -e "The following versions are available:\n ${available_baseversions[@]}" >&2
echo -en "Choose one of them: " >&2
read majorVersion
fi
if echo "$majorVersion" | grep -q "[0-9]\+\.[0-9]\+\.[0-9]\+"; then
# not a major version
version=$majorVersion
majorVersion=$(echo "$majorVersion" | cut -d '.' -f 1,2)
fi
local FTPDIR=${GNOME_FTP}/${project}/${majorVersion}
#version=`curl -l ${FTPDIR}/ 2>/dev/null | grep LATEST-IS | sed -e s/LATEST-IS-//`
# gnome's LATEST-IS is broken. Do not trust it.
if [ -z "$version" ]; then
local files=$(ls_ftp "${FTPDIR}")
declare -A versions
for f in $files; do
case $f in
(LATEST-IS-*|*.news|*.changes|*.sha256sum|*.diff*):
;;
($project-*.*.9*.tar.*):
tmp=${f#$project-}
tmp=${tmp%.tar*}
echo "Ignored unstable version ${tmp}" >&2
;;
($project-*.tar.*):
tmp=${f#$project-}
tmp=${tmp%.tar*}
versions[${tmp}]=1
;;
(*):
echo "UNKNOWN FILE $f" >&2
;;
esac
done
echo "Found versions ${!versions[@]}" >&2
version=$(echo ${!versions[@]} | sed -e 's/ /\n/g' | sort -t. -k1,1n -k 2,2n -k 3,3n | tail -n1)
if [ -z "$version" ]; then
echo "No version available for major $majorVersion" >&2
return 1
fi
echo "Latest version is: ${version}" >&2
fi
local name=${project}-${version}
echo "Fetching .sha256 file" >&2
local sha256out=$(curl -s -f http://"${FTPDIR}"/"${name}".sha256sum)
if [ "$?" -ne "0" ]; then
echo "Version not found" >&2
return 1
fi
extensions=( "xz" "bz2" "gz" )
echo "Choosing archive extension (known are ${extensions[@]})..." >&2
for ext in ${extensions[@]}; do
if echo -e "$sha256out" | grep -q "\\.tar\\.${ext}$"; then
ext_pref=$ext
sha256=$(echo -e "$sha256out" | grep "\\.tar\\.${ext}$" | cut -f1 -d\ )
break
fi
done
echo "Chosen ${ext_pref}, hash is ${sha256}" >&2
echo "# Autogenerated by maintainers/scripts/gnome.sh update
fetchurl: {
name = \"${project}-${version}\";
src = fetchurl {
url = mirror://gnome/sources/${project}/${majorVersion}/${project}-${version}.tar.${ext_pref};
sha256 = \"${sha256}\";
};
}"
return 0
}
update_project() {
local project=$1
local majorVersion=$2
# find project in nixpkgs tree
projectPath=$(find_project -name "$project" -print)
if [ -z "$projectPath" ]; then
echo "Project $project not found under $GNOME_TOP"
exit 1
fi
src=$(show_project "$project" "$majorVersion")
if [ "$?" -eq "0" ]; then
echo "Updating $projectPath/src.nix" >&2
echo -e "$src" > "$projectPath"/src.nix
fi
return 0
}
if [ "$action" = "update-all" ]; then
majorVersion=$2
if [ -z "$majorVersion" ]; then
echo "No major version specified" >&2
usage
fi
# find projects
projects=$(find_project -exec basename '{}' \;)
for project in $projects; do
if echo "$NO_GNOME_MAJOR"|grep -q $project; then
echo "Skipping $project"
else
echo "= Updating $project to $majorVersion" >&2
update_project "$project" "$majorVersion"
echo >&2
fi
done
else
project=$2
majorVersion=$3
if [ -z "$project" ]; then
echo "No project specified, exiting" >&2
usage
fi
if [ "$action" = show ]; then
show_project "$project" "$majorVersion"
elif [ "$action" = update ]; then
update_project "$project" "$majorVersion"
else
echo "Unknown action $action" >&2
usage
fi
fi

21
maintainers/scripts/update.nix
View File

@ -1,5 +1,6 @@
{ package ? null
, maintainer ? null
, path ? null
}:
# TODO: add assert statements
@ -9,7 +10,8 @@ let
pkgs = import ./../../default.nix { };
packagesWith = cond: return: set:
pkgs.lib.flatten
pkgs.lib.unique
(pkgs.lib.flatten
(pkgs.lib.mapAttrsToList
(name: pkg:
let
@ -25,6 +27,7 @@ let
else []
)
set
)
);
packagesWithUpdateScriptAndMaintainer = maintainer':
@ -47,6 +50,14 @@ let
(name: pkg: pkg)
pkgs;
packagesWithUpdateScript = path:
let
attrSet = pkgs.lib.attrByPath (pkgs.lib.splitString "." path) null pkgs;
in
packagesWith (name: pkg: builtins.hasAttr "updateScript" pkg)
(name: pkg: pkg)
attrSet;
packageByName = name:
let
package = pkgs.lib.attrByPath (pkgs.lib.splitString "." name) null pkgs;
@ -63,6 +74,8 @@ let
[ (packageByName package) ]
else if maintainer != null then
packagesWithUpdateScriptAndMaintainer maintainer
else if path != null then
packagesWithUpdateScript path
else
builtins.throw "No arguments provided.\n\n${helpText}";
@ -76,7 +89,11 @@ let
% nix-shell maintainers/scripts/update.nix --argstr package garbas
to run update script for specific package.
to run update script for specific package, or
% nix-shell maintainers/scripts/update.nix --argstr path gnome3
to run update script for all package under an attribute path.
'';
runUpdateScript = package: ''

64
nixos/doc/manual/release-notes/rl-1803.xml
View File

@ -80,6 +80,11 @@ has the following highlights: </para>
following incompatible changes:</para>
<itemizedlist>
<listitem>
<para>
<literal>sound.enable</literal> now defaults to false.
</para>
</listitem>
<listitem>
<para>
Dollar signs in options under <option>services.postfix</option> are
@ -239,6 +244,58 @@ following incompatible changes:</para>
<link xlink:href="http://borgbackup.readthedocs.io/en/stable/usage/upgrade.html#attic-and-borg-0-xx-to-borg-1-x">here</link>.
</para>
</listitem>
<listitem>
<para>
The Piwik analytics software was renamed to Matomo:
<itemizedlist>
<listitem>
<para>The package <literal>pkgs.piwik</literal> was renamed to <literal>pkgs.matomo</literal>.</para>
</listitem>
<listitem>
<para>The service <literal>services.piwik</literal> was renamed to <literal>services.matomo</literal>.</para>
</listitem>
<listitem>
<para>
The data directory <filename>/var/lib/piwik</filename> was renamed to <filename>/var/lib/matomo</filename>.
All files will be moved automatically on first startup, but you might need to adjust your backup scripts.
</para>
</listitem>
<listitem>
<para>
The default <option>serverName</option> for the nginx configuration changed from
<literal>piwik.${config.networking.hostName}</literal> to
<literal>matomo.${config.networking.hostName}.${config.networking.domain}</literal>
if <option>config.networking.domain</option> is set,
<literal>matomo.${config.networking.hostName}</literal> if it is not set.
If you change your <option>serverName</option>, remember you'll need to update the
<literal>trustedHosts[]</literal> array in <filename>/var/lib/matomo/config/config.ini.php</filename>
as well.
</para>
</listitem>
<listitem>
<para>
The <literal>piwik</literal> user was renamed to <literal>matomo</literal>.
The service will adjust ownership automatically for files in the data directory.
If you use unix socket authentication, remember to give the new <literal>matomo</literal> user
access to the database and to change the <literal>username</literal> to <literal>matomo</literal>
in the <literal>[database]</literal> section of <filename>/var/lib/matomo/config/config.ini.php</filename>.
</para>
</listitem>
<listitem>
<para>
If you named your database `piwik`, you might want to rename it to `matomo` to keep things clean,
but this is neither enforced nor required.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
<literal>nodejs-4_x</literal> is end-of-life.
<literal>nodejs-4_x</literal>, <literal>nodejs-slim-4_x</literal> and <literal>nodePackages_4_x</literal> are removed.
</para>
</listitem>
</itemizedlist>
</section>
@ -373,6 +430,13 @@ following incompatible changes:</para>
and <literal>stopJob</literal> provide an optional <literal>$user</literal> argument for that purpose.
</para>
</listitem>
<listitem>
<para>
Enabling bash completion on NixOS, <literal>programs.bash.enableCompletion</literal>, will now also enable
completion for the Nix command line tools by installing the
<link xlink:href="https://github.com/hedning/nix-bash-completions">nix-bash-completions</link> package.
</para>
</listitem>
</itemizedlist>
</section>

14
nixos/modules/config/no-x-libs.nix
View File

@ -28,13 +28,13 @@ with lib;
nixpkgs.config.packageOverrides = pkgs: {
dbus = pkgs.dbus.override { x11Support = false; };
networkmanager_fortisslvpn = pkgs.networkmanager_fortisslvpn.override { withGnome = false; };
networkmanager_l2tp = pkgs.networkmanager_l2tp.override { withGnome = false; };
networkmanager_openconnect = pkgs.networkmanager_openconnect.override { withGnome = false; };
networkmanager_openvpn = pkgs.networkmanager_openvpn.override { withGnome = false; };
networkmanager_pptp = pkgs.networkmanager_pptp.override { withGnome = false; };
networkmanager_vpnc = pkgs.networkmanager_vpnc.override { withGnome = false; };
networkmanager_iodine = pkgs.networkmanager_iodine.override { withGnome = false; };
networkmanager-fortisslvpn = pkgs.networkmanager-fortisslvpn.override { withGnome = false; };
networkmanager-l2tp = pkgs.networkmanager-l2tp.override { withGnome = false; };
networkmanager-openconnect = pkgs.networkmanager-openconnect.override { withGnome = false; };
networkmanager-openvpn = pkgs.networkmanager-openvpn.override { withGnome = false; };
networkmanager-pptp = pkgs.networkmanager-pptp.override { withGnome = false; };
networkmanager-vpnc = pkgs.networkmanager-vpnc.override { withGnome = false; };
networkmanager-iodine = pkgs.networkmanager-iodine.override { withGnome = false; };
pinentry = pkgs.pinentry_ncurses;
};
};

3
nixos/modules/hardware/all-firmware.nix
View File

@ -37,8 +37,9 @@ in {
hardware.firmware = with pkgs; [
firmwareLinuxNonfree
intel2200BGFirmware
rtl8723bs-firmware
rtl8192su-firmware
] ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [
rtl8723bs-firmware
];
})
(mkIf cfg.enableAllFirmware {

30
nixos/modules/hardware/digitalbitbox.nix Normal file
View File

@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.digitalbitbox;
in
{
options.hardware.digitalbitbox = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enables udev rules for Digital Bitbox devices.
'';
};
package = mkOption {
type = types.package;
default = pkgs.digitalbitbox;
defaultText = "pkgs.digitalbitbox";
description = "The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.";
};
};
config = mkIf cfg.enable {
services.udev.packages = [ cfg.package ];
};
}

2
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix
View File

@ -69,7 +69,7 @@ with lib;
in ''
mkdir -p /root/Desktop
ln -sfT ${desktopFile} /root/Desktop/nixos-manual.desktop
cp ${pkgs.gnome3.gnome_terminal}/share/applications/gnome-terminal.desktop /root/Desktop/gnome-terminal.desktop
cp ${pkgs.gnome3.gnome-terminal}/share/applications/gnome-terminal.desktop /root/Desktop/gnome-terminal.desktop
chmod a+rx /root/Desktop/gnome-terminal.desktop
cp ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
chmod a+rx /root/Desktop/gparted.desktop

4
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -603,6 +603,10 @@ $bootLoaderConfig
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";

4
nixos/modules/misc/label.nix
View File

@ -65,8 +65,8 @@ in
# This is set here rather than up there so that changing it would
# not rebuild the manual
system.nixos.label = mkDefault (maybeEnv "NIXOS_LABEL"
(concatStringsSep "-" (sort (x: y: x < y) cfg.tags)
+ "-" + maybeEnv "NIXOS_LABEL_VERSION" cfg.version));
(concatStringsSep "-" ((sort (x: y: x < y) cfg.tags)
++ [ (maybeEnv "NIXOS_LABEL_VERSION" cfg.version) ])));
};
}

2
nixos/modules/misc/nixpkgs.nix
View File

@ -93,7 +93,7 @@ in
default = {};
example = literalExample
''
{ firefox.enableGeckoMediaPlayer = true; }
{ allowBroken = true; allowUnfree = true; }
'';
type = configType;
description = ''

5
nixos/modules/module-list.nix
View File

@ -31,6 +31,7 @@
./hardware/ckb.nix
./hardware/cpu/amd-microcode.nix
./hardware/cpu/intel-microcode.nix
./hardware/digitalbitbox.nix
./hardware/sensor/iio.nix
./hardware/ksm.nix
./hardware/mcelog.nix
@ -78,6 +79,7 @@
./programs/command-not-found/command-not-found.nix
./programs/criu.nix
./programs/dconf.nix
./programs/digitalbitbox/default.nix
./programs/environment.nix
./programs/fish.nix
./programs/freetds.nix
@ -109,6 +111,7 @@
./programs/sway.nix
./programs/thefuck.nix
./programs/tmux.nix
./programs/udevil.nix
./programs/venus.nix
./programs/vim.nix
./programs/way-cooler.nix
@ -637,7 +640,7 @@
./services/web-apps/nixbot.nix
./services/web-apps/nexus.nix
./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/piwik.nix
./services/web-apps/matomo.nix
./services/web-apps/pump.io.nix
./services/web-apps/restya-board.nix
./services/web-apps/tt-rss.nix

3
nixos/modules/programs/bash/bash.nix
View File

@ -211,6 +211,9 @@ in
"/share/bash-completion"
];
environment.systemPackages = optional cfg.enableCompletion
pkgs.nix-bash-completions;
environment.shells =
[ "/run/current-system/sw/bin/bash"
"/var/run/current-system/sw/bin/bash"

1
nixos/modules/programs/browserpass.nix
View File

@ -18,5 +18,6 @@ with lib;
"opt/chrome/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json";
"opt/chrome/policies/managed/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-policy.json";
};
nixpkgs.config.firefox.enableBrowserpass = true;
};
}

8
nixos/modules/programs/chromium.nix
View File

@ -36,6 +36,7 @@ in
"chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet
"mbniclmhobmnbdlbpiphghaielnnpgdp" # lightshot
"gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
]
'';
};
@ -52,8 +53,7 @@ in
description = "Chromium default search provider url.";
default = null;
example =
"https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:
searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}";
"https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}";
};
defaultSearchProviderSuggestURL = mkOption {
@ -79,7 +79,11 @@ in
###### implementation
config = lib.mkIf cfg.enable {
# for chromium
environment.etc."chromium/policies/managed/default.json".text = builtins.toJSON defaultProfile;
environment.etc."chromium/policies/managed/extra.json".text = builtins.toJSON cfg.extraOpts;
# for google-chrome https://www.chromium.org/administrators/linux-quick-start
environment.etc."opt/chrome/policies/managed/default.json".text = builtins.toJSON defaultProfile;
environment.etc."opt/chrome/policies/managed/extra.json".text = builtins.toJSON cfg.extraOpts;
};
}

2
nixos/modules/programs/dconf.nix
View File

@ -36,7 +36,7 @@ in
"${pkgs.gnome3.dconf.lib}/lib/gio/modules";
# https://github.com/NixOS/nixpkgs/pull/31891
#environment.variables.XDG_DATA_DIRS = optional cfg.enable
# "$(echo ${pkgs.gnome3.gsettings_desktop_schemas}/share/gsettings-schemas/gsettings-desktop-schemas-*)";
# "$(echo ${pkgs.gnome3.gsettings-desktop-schemas}/share/gsettings-schemas/gsettings-desktop-schemas-*)";
};
}

39
nixos/modules/programs/digitalbitbox/default.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.digitalbitbox;
in
{
options.programs.digitalbitbox = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Installs the Digital Bitbox application and enables the complementary hardware module.
'';
};
package = mkOption {
type = types.package;
default = pkgs.digitalbitbox;
defaultText = "pkgs.digitalbitbox";
description = "The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
hardware.digitalbitbox = {
enable = true;
package = cfg.package;
};
};
meta = {
doc = ./doc.xml;
maintainers = with stdenv.lib.maintainers; [ vidbina ];
};
}

85
nixos/modules/programs/digitalbitbox/doc.xml Normal file
View File

@ -0,0 +1,85 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-programs-digitalbitbox">
<title>Digital Bitbox</title>
<para>
Digital Bitbox is a hardware wallet and second-factor authenticator.
</para>
<para>
The <literal>digitalbitbox</literal> programs module may be
installed by setting <literal>programs.digitalbitbox</literal>
to <literal>true</literal> in a manner similar to
<programlisting>
programs.digitalbitbox.enable = true;
</programlisting>
and bundles the <literal>digitalbitbox</literal> package (see <xref
linkend="sec-digitalbitbox-package" />), which contains the
<literal>dbb-app</literal> and <literal>dbb-cli</literal> binaries,
along with the hardware module (see <xref
linkend="sec-digitalbitbox-hardware-module" />) which sets up the
necessary udev rules to access the device.
</para>
<para>
Enabling the digitalbitbox module is pretty much the easiest way to
get a Digital Bitbox device working on your system.
</para>
<para>
For more information, see
<link xlink:href="https://digitalbitbox.com/start_linux" />.
</para>
<section xml:id="sec-digitalbitbox-package">
<title>Package</title>
<para>
The binaries, <literal>dbb-app</literal> (a GUI tool) and
<literal>dbb-cli</literal> (a CLI tool), are available through the
<literal>digitalbitbox</literal> package which could be installed
as follows:
<programlisting>
environment.systemPackages = [
pkgs.digitalbitbox
];
</programlisting>
</para>
</section>
<section xml:id="sec-digitalbitbox-hardware-module">
<title>Hardware</title>
<para>
The digitalbitbox hardware package enables the udev rules for
Digital Bitbox devices and may be installed as follows:
<programlisting>
hardware.digitalbitbox.enable = true;
</programlisting>
</para>
<para>
In order to alter the udev rules, one may provide different values for
the <literal>udevRule51</literal> and <literal>udevRule52</literal>
attributes by means of overriding as follows:
<programlisting>
programs.digitalbitbox = {
enable = true;
package = pkgs.digitalbitbox.override {
udevRule51 = "something else";
};
};
</programlisting>
</para>
</section>
</chapter>

14
nixos/modules/programs/udevil.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.udevil;
in {
options.programs.udevil.enable = mkEnableOption "udevil";
config = mkIf cfg.enable {
security.wrappers.udevil.source = "${lib.getBin pkgs.udevil}/bin/udevil";
};
}

6
nixos/modules/rename.nix
View File

@ -148,6 +148,12 @@ with lib;
# parsoid
(mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] [ "services" "parsoid" "wikis" ])
# piwik was renamed to matomo
(mkRenamedOptionModule [ "services" "piwik" "enable" ] [ "services" "matomo" "enable" ])
(mkRenamedOptionModule [ "services" "piwik" "webServerUser" ] [ "services" "matomo" "webServerUser" ])
(mkRenamedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] [ "services" "matomo" "phpfpmProcessManagerConfig" ])
(mkRenamedOptionModule [ "services" "piwik" "nginx" ] [ "services" "matomo" "nginx" ])
# tarsnap
(mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives.<name>.cachedir")

4
nixos/modules/security/pam.nix
View File

@ -311,7 +311,7 @@ let
("auth optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" +
" kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")}
${optionalString cfg.enableGnomeKeyring
("auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so")}
("auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so")}
${optionalString cfg.googleAuthenticator.enable
"auth required ${pkgs.googleAuthenticator}/lib/security/pam_google_authenticator.so no_increment_hotp"}
'') + ''
@ -384,7 +384,7 @@ let
("session optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" +
" kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")}
${optionalString (cfg.enableGnomeKeyring)
"session optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start"}
"session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start"}
${optionalString (config.virtualisation.lxc.lxcfs.enable)
"session optional ${pkgs.lxcfs}/lib/security/pam_cgfs.so -c freezer,memory,name=systemd,unified,cpuset"}
'');

2
nixos/modules/services/audio/alsa.nix
View File

@ -21,7 +21,7 @@ in
enable = mkOption {
type = types.bool;
default = true;
default = false;
description = ''
Whether to enable ALSA sound.
'';

29
nixos/modules/services/backup/crashplan-small-business.nix
View File

@ -23,7 +23,7 @@ with lib;
example = "2G";
type = types.str;
description = ''
Maximum amount of that the crashplan engine should use.
Maximum amount of ram that the crashplan engine should use.
'';
};
openPorts = mkOption {
@ -52,28 +52,13 @@ with lib;
after = [ "network.target" "local-fs.target" ];
preStart = ''
ensureDir() {
dir=$1
mode=$2
if ! test -e $dir; then
${pkgs.coreutils}/bin/mkdir -m $mode -p $dir
elif [ "$(${pkgs.coreutils}/bin/stat -c %a $dir)" != "$mode" ]; then
${pkgs.coreutils}/bin/chmod $mode $dir
fi
}
ensureDir ${crashplansb.vardir} 755
ensureDir ${crashplansb.vardir}/conf 700
ensureDir ${crashplansb.manifestdir} 700
ensureDir ${crashplansb.vardir}/cache 700
ensureDir ${crashplansb.vardir}/backupArchives 700
ensureDir ${crashplansb.vardir}/log 777
install -d -m 755 ${crashplansb.vardir}
install -d -m 700 ${crashplansb.vardir}/conf
install -d -m 700 ${crashplansb.manifestdir}
install -d -m 700 ${crashplansb.vardir}/cache
install -d -m 700 ${crashplansb.vardir}/backupArchives
install -d -m 777 ${crashplansb.vardir}/log
cp -avn ${crashplansb}/conf.template/* ${crashplansb.vardir}/conf
#for x in bin install.vars lang lib libc42archive64.so libc42core.so libjniwrap64.so libjtux64.so libleveldb64.so libnetty-tcnative.so share upgrade; do
# rm -f ${crashplansb.vardir}/$x;
# ln -sf ${crashplansb}/$x ${crashplansb.vardir}/$x;
#done
'';
serviceConfig = {

6
nixos/modules/services/databases/mysql.nix
View File

@ -133,7 +133,7 @@ in
'';
example = [
"nextcloud"
"piwik"
"matomo"
];
};
@ -289,10 +289,10 @@ in
# Create initial databases
if ! test -e "${cfg.dataDir}/${database.name}"; then
echo "Creating initial database: ${database.name}"
( echo "create database `${database.name}`;"
( echo 'create database `${database.name}`;'
${optionalString (database ? "schema") ''
echo "use `${database.name}`;"
echo 'use `${database.name}`;'
if [ -f "${database.schema}" ]
then

2
nixos/modules/services/databases/postgresql.nix
View File

@ -122,7 +122,7 @@ in
extraPlugins = mkOption {
type = types.listOf types.path;
default = [];
example = literalExample "[ (pkgs.postgis.override { postgresql = pkgs.postgresql94; }).v_2_1_4 ]";
example = literalExample "[ (pkgs.postgis.override { postgresql = pkgs.postgresql94; }) ]";
description = ''
When this list contains elements a new store path is created.
PostgreSQL and the elements are symlinked into it. Then pg_config,

6
nixos/modules/services/desktops/gnome3/at-spi2-core.nix
View File

@ -30,9 +30,9 @@ with lib;
config = mkMerge [
(mkIf config.services.gnome3.at-spi2-core.enable {
environment.systemPackages = [ pkgs.at_spi2_core ];
services.dbus.packages = [ pkgs.at_spi2_core ];
systemd.packages = [ pkgs.at_spi2_core ];
environment.systemPackages = [ pkgs.at-spi2-core ];
services.dbus.packages = [ pkgs.at-spi2-core ];
systemd.packages = [ pkgs.at-spi2-core ];
})
(mkIf (!config.services.gnome3.at-spi2-core.enable) {

6
nixos/modules/services/desktops/gnome3/evolution-data-server.nix
View File

@ -30,11 +30,11 @@ with lib;
config = mkIf config.services.gnome3.evolution-data-server.enable {
environment.systemPackages = [ pkgs.gnome3.evolution_data_server ];
environment.systemPackages = [ pkgs.gnome3.evolution-data-server ];
services.dbus.packages = [ pkgs.gnome3.evolution_data_server ];
services.dbus.packages = [ pkgs.gnome3.evolution-data-server ];
systemd.packages = [ pkgs.gnome3.evolution_data_server ];
systemd.packages = [ pkgs.gnome3.evolution-data-server ];
};

4
nixos/modules/services/desktops/gnome3/gnome-keyring.nix
View File

@ -31,9 +31,9 @@ with lib;
config = mkIf config.services.gnome3.gnome-keyring.enable {
environment.systemPackages = [ pkgs.gnome3.gnome_keyring ];
environment.systemPackages = [ pkgs.gnome3.gnome-keyring ];
services.dbus.packages = [ pkgs.gnome3.gnome_keyring pkgs.gnome3.gcr ];
services.dbus.packages = [ pkgs.gnome3.gnome-keyring pkgs.gnome3.gcr ];
};

4
nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix
View File

@ -30,9 +30,9 @@ with lib;
config = mkIf config.services.gnome3.gnome-online-accounts.enable {
environment.systemPackages = [ pkgs.gnome3.gnome_online_accounts ];
environment.systemPackages = [ pkgs.gnome3.gnome-online-accounts ];
services.dbus.packages = [ pkgs.gnome3.gnome_online_accounts ];
services.dbus.packages = [ pkgs.gnome3.gnome-online-accounts ];
};

6
nixos/modules/services/desktops/gnome3/gnome-terminal-server.nix
View File

@ -30,11 +30,11 @@ with lib;
config = mkIf config.services.gnome3.gnome-terminal-server.enable {
environment.systemPackages = [ pkgs.gnome3.gnome_terminal ];
environment.systemPackages = [ pkgs.gnome3.gnome-terminal ];
services.dbus.packages = [ pkgs.gnome3.gnome_terminal ];
services.dbus.packages = [ pkgs.gnome3.gnome-terminal ];
systemd.packages = [ pkgs.gnome3.gnome_terminal ];
systemd.packages = [ pkgs.gnome3.gnome-terminal ];
};

4
nixos/modules/services/desktops/telepathy.nix
View File

@ -30,9 +30,9 @@ with lib;
config = mkIf config.services.telepathy.enable {
environment.systemPackages = [ pkgs.telepathy_mission_control ];
environment.systemPackages = [ pkgs.telepathy-mission-control ];
services.dbus.packages = [ pkgs.telepathy_mission_control ];
services.dbus.packages = [ pkgs.telepathy-mission-control ];
};

8
nixos/modules/services/hardware/acpid.nix
View File

@ -53,6 +53,12 @@ in
description = "Whether to enable the ACPI daemon.";
};
logEvents = mkOption {
type = types.bool;
default = false;
description = "Log all event activity.";
};
handlers = mkOption {
type = types.attrsOf (types.submodule {
options = {
@ -142,7 +148,7 @@ in
ConditionPathExists = [ "/proc/acpi" ];
};
script = "acpid --confdir ${acpiConfDir}";
script = "acpid ${optionalString config.services.acpid.logEvents "--logevents"} --confdir ${acpiConfDir}";
};
};

6
nixos/modules/services/hardware/fwupd.nix
View File

@ -8,12 +8,8 @@ let
cfg = config.services.fwupd;
originalEtc =
let
isRegular = v: v == "regular";
listFiles = d: builtins.attrNames (filterAttrs (const isRegular) (builtins.readDir d));
copiedDirs = [ "fwupd/remotes.d" "pki/fwupd" "pki/fwupd-metadata" ];
originalFiles = concatMap (d: map (f: "${d}/${f}") (listFiles "${pkgs.fwupd}/etc/${d}")) copiedDirs;
mkEtcFile = n: nameValuePair n { source = "${pkgs.fwupd}/etc/${n}"; };
in listToAttrs (map mkEtcFile originalFiles);
in listToAttrs (map mkEtcFile pkgs.fwupd.filesInstalledToEtc);
extraTrustedKeys =
let
mkName = p: "pki/fwupd/${baseNameOf (toString p)}";

8
nixos/modules/services/misc/disnix.nix
View File

@ -32,6 +32,12 @@ in
description = "Whether to enable Disnix";
};
enableMultiUser = mkOption {
type = types.bool;
default = true;
description = "Whether to support multi-user mode by enabling the Disnix D-Bus service";
};
useWebServiceInterface = mkOption {
default = false;
description = "Whether to enable the DisnixWebService interface running on Apache Tomcat";
@ -71,7 +77,7 @@ in
};
systemd.services = {
disnix = {
disnix = mkIf cfg.enableMultiUser {
description = "Disnix server";
wants = [ "dysnomia.target" ];
wantedBy = [ "multi-user.target" ];

24
nixos/modules/services/misc/nix-ssh-serve.nix
View File

@ -1,8 +1,12 @@
{ config, lib, pkgs, ... }:
with lib;
{
let cfg = config.nix.sshServe;
command =
if cfg.protocol == "ssh"
then "nix-store --serve"
else "nix-daemon --stdio";
in {
options = {
nix.sshServe = {
@ -10,7 +14,7 @@ with lib;
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable serving the Nix store as a binary cache via SSH.";
description = "Whether to enable serving the Nix store as a remote store via SSH.";
};
keys = mkOption {
@ -20,14 +24,20 @@ with lib;
description = "A list of SSH public keys allowed to access the binary cache via SSH.";
};
protocol = mkOption {
type = types.enum [ "ssh" "ssh-ng" ];
default = "ssh";
description = "The specific Nix-over-SSH protocol to use.";
};
};
config = mkIf config.nix.sshServe.enable {
};
config = mkIf cfg.enable {
users.extraUsers.nix-ssh = {
description = "Nix SSH substituter user";
description = "Nix SSH store user";
uid = config.ids.uids.nix-ssh;
useDefaultShell = true;
};
@ -41,11 +51,11 @@ with lib;
PermitTTY no
PermitTunnel no
X11Forwarding no
ForceCommand ${config.nix.package.out}/bin/nix-store --serve
ForceCommand ${config.nix.package.out}/bin/${command}
Match All
'';
users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys;
users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = cfg.keys;
};
}

22
nixos/modules/services/networking/networkmanager.nix
View File

@ -133,10 +133,10 @@ in {
basePackages = mkOption {
type = types.attrsOf types.package;
default = { inherit networkmanager modemmanager wpa_supplicant
networkmanager_openvpn networkmanager_vpnc
networkmanager_openconnect networkmanager_fortisslvpn
networkmanager_pptp networkmanager_l2tp
networkmanager_iodine; };
networkmanager-openvpn networkmanager-vpnc
networkmanager-openconnect networkmanager-fortisslvpn
networkmanager-pptp networkmanager-l2tp
networkmanager-iodine; };
internal = true;
};
@ -273,28 +273,28 @@ in {
{ source = configFile;
target = "NetworkManager/NetworkManager.conf";
}
{ source = "${networkmanager_openvpn}/etc/NetworkManager/VPN/nm-openvpn-service.name";
{ source = "${networkmanager-openvpn}/etc/NetworkManager/VPN/nm-openvpn-service.name";
target = "NetworkManager/VPN/nm-openvpn-service.name";
}
{ source = "${networkmanager_vpnc}/etc/NetworkManager/VPN/nm-vpnc-service.name";
{ source = "${networkmanager-vpnc}/etc/NetworkManager/VPN/nm-vpnc-service.name";
target = "NetworkManager/VPN/nm-vpnc-service.name";
}
{ source = "${networkmanager_openconnect}/etc/NetworkManager/VPN/nm-openconnect-service.name";
{ source = "${networkmanager-openconnect}/etc/NetworkManager/VPN/nm-openconnect-service.name";
target = "NetworkManager/VPN/nm-openconnect-service.name";
}
{ source = "${networkmanager_fortisslvpn}/etc/NetworkManager/VPN/nm-fortisslvpn-service.name";
{ source = "${networkmanager-fortisslvpn}/etc/NetworkManager/VPN/nm-fortisslvpn-service.name";
target = "NetworkManager/VPN/nm-fortisslvpn-service.name";
}
{ source = "${networkmanager_pptp}/etc/NetworkManager/VPN/nm-pptp-service.name";
{ source = "${networkmanager-pptp}/etc/NetworkManager/VPN/nm-pptp-service.name";
target = "NetworkManager/VPN/nm-pptp-service.name";
}
{ source = "${networkmanager_l2tp}/etc/NetworkManager/VPN/nm-l2tp-service.name";
{ source = "${networkmanager-l2tp}/etc/NetworkManager/VPN/nm-l2tp-service.name";
target = "NetworkManager/VPN/nm-l2tp-service.name";
}
{ source = "${networkmanager_strongswan}/etc/NetworkManager/VPN/nm-strongswan-service.name";
target = "NetworkManager/VPN/nm-strongswan-service.name";
}
{ source = "${networkmanager_iodine}/etc/NetworkManager/VPN/nm-iodine-service.name";
{ source = "${networkmanager-iodine}/etc/NetworkManager/VPN/nm-iodine-service.name";
target = "NetworkManager/VPN/nm-iodine-service.name";
}
] ++ optional (cfg.appendNameservers == [] || cfg.insertNameservers == [])

33
nixos/modules/services/networking/softether.nix
View File

@ -5,6 +5,8 @@ with lib;
let
cfg = config.services.softether;
package = cfg.package.override { dataDir = cfg.dataDir; };
in
{
@ -49,7 +51,7 @@ in
dataDir = mkOption {
type = types.string;
default = "${cfg.package.dataDir}";
default = "/var/lib/softether";
description = ''
Data directory for SoftEther VPN.
'';
@ -64,11 +66,8 @@ in
config = mkIf cfg.enable (
mkMerge [{
environment.systemPackages = [
(pkgs.lib.overrideDerivation cfg.package (attrs: {
dataDir = cfg.dataDir;
}))
];
environment.systemPackages = [ package ];
systemd.services."softether-init" = {
description = "SoftEther VPN services initial task";
wantedBy = [ "network.target" ];
@ -80,11 +79,11 @@ in
for d in vpnserver vpnbridge vpnclient vpncmd; do
if ! test -e ${cfg.dataDir}/$d; then
${pkgs.coreutils}/bin/mkdir -m0700 -p ${cfg.dataDir}/$d
install -m0600 ${cfg.package}${cfg.dataDir}/$d/hamcore.se2 ${cfg.dataDir}/$d/hamcore.se2
install -m0600 ${package}${cfg.dataDir}/$d/hamcore.se2 ${cfg.dataDir}/$d/hamcore.se2
fi
done
rm -rf ${cfg.dataDir}/vpncmd/vpncmd
ln -s ${cfg.package}${cfg.dataDir}/vpncmd/vpncmd ${cfg.dataDir}/vpncmd/vpncmd
ln -s ${package}${cfg.dataDir}/vpncmd/vpncmd ${cfg.dataDir}/vpncmd/vpncmd
'';
};
}
@ -97,12 +96,12 @@ in
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${cfg.package}/bin/vpnserver start";
ExecStop = "${cfg.package}/bin/vpnserver stop";
ExecStart = "${package}/bin/vpnserver start";
ExecStop = "${package}/bin/vpnserver stop";
};
preStart = ''
rm -rf ${cfg.dataDir}/vpnserver/vpnserver
ln -s ${cfg.package}${cfg.dataDir}/vpnserver/vpnserver ${cfg.dataDir}/vpnserver/vpnserver
ln -s ${package}${cfg.dataDir}/vpnserver/vpnserver ${cfg.dataDir}/vpnserver/vpnserver
'';
postStop = ''
rm -rf ${cfg.dataDir}/vpnserver/vpnserver
@ -118,12 +117,12 @@ in
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${cfg.package}/bin/vpnbridge start";
ExecStop = "${cfg.package}/bin/vpnbridge stop";
ExecStart = "${package}/bin/vpnbridge start";
ExecStop = "${package}/bin/vpnbridge stop";
};
preStart = ''
rm -rf ${cfg.dataDir}/vpnbridge/vpnbridge
ln -s ${cfg.package}${cfg.dataDir}/vpnbridge/vpnbridge ${cfg.dataDir}/vpnbridge/vpnbridge
ln -s ${package}${cfg.dataDir}/vpnbridge/vpnbridge ${cfg.dataDir}/vpnbridge/vpnbridge
'';
postStop = ''
rm -rf ${cfg.dataDir}/vpnbridge/vpnbridge
@ -139,12 +138,12 @@ in
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${cfg.package}/bin/vpnclient start";
ExecStop = "${cfg.package}/bin/vpnclient stop";
ExecStart = "${package}/bin/vpnclient start";
ExecStop = "${package}/bin/vpnclient stop";
};
preStart = ''
rm -rf ${cfg.dataDir}/vpnclient/vpnclient
ln -s ${cfg.package}${cfg.dataDir}/vpnclient/vpnclient ${cfg.dataDir}/vpnclient/vpnclient
ln -s ${package}${cfg.dataDir}/vpnclient/vpnclient ${cfg.dataDir}/vpnclient/vpnclient
'';
postStart = ''
sleep 1

30
nixos/modules/services/networking/syncthing.nix
View File

@ -16,12 +16,6 @@ in {
available on http://127.0.0.1:8384/.
'';
useInotify = mkOption {
type = types.bool;
default = false;
description = "Provide syncthing-inotify as a service.";
};
systemService = mkOption {
type = types.bool;
default = true;
@ -90,6 +84,12 @@ in {
};
};
imports = [
(mkRemovedOptionModule ["services" "syncthing" "useInotify"] ''
This option was removed because syncthing now has the inotify functionality included under the name "fswatcher".
It can be enabled on a per-folder basis through the webinterface.
'')
];
###### implementation
@ -100,8 +100,7 @@ in {
allowedUDPPorts = [ 21027 ];
};
systemd.packages = [ pkgs.syncthing ]
++ lib.optional cfg.useInotify pkgs.syncthing-inotify;
systemd.packages = [ pkgs.syncthing ];
users = mkIf (cfg.user == defaultUser) {
extraUsers."${defaultUser}" =
@ -125,7 +124,6 @@ in {
STNOUPGRADE = "yes";
inherit (cfg) all_proxy;
} // config.networking.proxy.envVars;
wants = mkIf cfg.useInotify [ "syncthing-inotify.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Restart = "on-failure";
@ -141,20 +139,6 @@ in {
syncthing-resume = {
wantedBy = [ "suspend.target" ];
};
syncthing-inotify = mkIf (cfg.systemService && cfg.useInotify) {
description = "Syncthing Inotify File Watcher service";
after = [ "network.target" "syncthing.service" ];
requires = [ "syncthing.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
SuccessExitStatus = "2";
RestartForceExitStatus = "3";
Restart = "on-failure";
User = cfg.user;
ExecStart = "${pkgs.syncthing-inotify.bin}/bin/syncthing-inotify -home=${cfg.dataDir} -logflags=0";
};
};
};
};
}

2
nixos/modules/services/networking/tinc.nix
View File

@ -178,6 +178,8 @@ in
preStart = ''
mkdir -p /etc/tinc/${network}/hosts
chown tinc.${network} /etc/tinc/${network}/hosts
mkdir -p /etc/tinc/${network}/invitations
chown tinc.${network} /etc/tinc/${network}/invitations
# Determine how we should generate our keys
if type tinc >/dev/null 2>&1; then

2
nixos/modules/services/networking/tox-bootstrapd.nix
View File

@ -69,7 +69,7 @@ in
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{ ExecStart = "${pkg}/bin/tox-bootstrapd ${cfgFile}";
{ ExecStart = "${pkg}/bin/tox-bootstrapd --config=${cfgFile}";
Type = "forking";
inherit PIDFile;
User = "tox-bootstrapd";

2
nixos/modules/services/security/usbguard.nix
View File

@ -192,7 +192,7 @@ in {
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -d -k -c ${daemonConfFile}'';
ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -d -k -c ${daemonConfFile}'';
Restart = "on-failure";
};
};

42
nixos/modules/services/web-apps/piwik-doc.xml → nixos/modules/services/web-apps/matomo-doc.xml
View File

@ -2,16 +2,16 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-services-piwik">
xml:id="module-services-matomo">
<title>Piwik</title>
<title>Matomo</title>
<para>
Piwik is a real-time web analytics application.
This module configures php-fpm as backend for piwik, optionally configuring an nginx vhost as well.
Matomo is a real-time web analytics application.
This module configures php-fpm as backend for Matomo, optionally configuring an nginx vhost as well.
</para>
<para>
An automatic setup is not suported by piwik, so you need to configure piwik itself in the browser-based piwik setup.
An automatic setup is not suported by Matomo, so you need to configure Matomo itself in the browser-based Matomo setup.
</para>
@ -19,7 +19,7 @@
<title>Database Setup</title>
<para>
You also need to configure a MariaDB or MySQL database and -user for piwik yourself,
You also need to configure a MariaDB or MySQL database and -user for Matomo yourself,
and enter those credentials in your browser.
You can use passwordless database authentication via the UNIX_SOCKET authentication plugin
with the following SQL commands:
@ -27,20 +27,20 @@
<programlisting>
# For MariaDB
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
CREATE DATABASE piwik;
CREATE USER 'piwik'@'localhost' IDENTIFIED WITH unix_socket;
GRANT ALL PRIVILEGES ON piwik.* TO 'piwik'@'localhost';
CREATE DATABASE matomo;
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket;
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
# For MySQL
INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
CREATE DATABASE piwik;
CREATE USER 'piwik'@'localhost' IDENTIFIED WITH auth_socket;
GRANT ALL PRIVILEGES ON piwik.* TO 'piwik'@'localhost';
CREATE DATABASE matomo;
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
</programlisting>
Then fill in <literal>piwik</literal> as database user and database name, and leave the password field blank.
This authentication works by allowing only the <literal>piwik</literal> unix user to authenticate as the
<literal>piwik</literal> database user (without needing a password), but no other users.
Then fill in <literal>matomo</literal> as database user and database name, and leave the password field blank.
This authentication works by allowing only the <literal>matomo</literal> unix user to authenticate as the
<literal>matomo</literal> database user (without needing a password), but no other users.
For more information on passwordless login, see
<link xlink:href="https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/" />.
</para>
@ -55,9 +55,9 @@
<title>Backup</title>
<para>
You only need to take backups of your MySQL database and the
<filename>/var/lib/piwik/config/config.ini.php</filename> file.
Use a user in the <literal>piwik</literal> group or root to access the file.
For more information, see <link xlink:href="https://piwik.org/faq/how-to-install/faq_138/" />.
<filename>/var/lib/matomo/config/config.ini.php</filename> file.
Use a user in the <literal>matomo</literal> group or root to access the file.
For more information, see <link xlink:href="https://matomo.org/faq/how-to-install/faq_138/" />.
</para>
</section>
@ -67,14 +67,14 @@
<itemizedlist>
<listitem>
<para>
Piwik's file integrity check will warn you.
Matomo's file integrity check will warn you.
This is due to the patches necessary for NixOS, you can safely ignore this.
</para>
</listitem>
<listitem>
<para>
Piwik will warn you that the JavaScript tracker is not writable.
Matomo will warn you that the JavaScript tracker is not writable.
This is because it's located in the read-only nix store.
You can safely ignore this, unless you need a plugin that needs JavaScript tracker access.
</para>
@ -88,7 +88,7 @@
<para>
You can use other web servers by forwarding calls for <filename>index.php</filename> and
<filename>piwik.php</filename> to the <literal>/run/phpfpm-piwik.sock</literal> fastcgi unix socket.
<filename>piwik.php</filename> to the <literal>/run/phpfpm-matomo.sock</literal> fastcgi unix socket.
You can use the nginx configuration in the module code as a reference to what else should be configured.
</para>
</section>

75
nixos/modules/services/web-apps/piwik.nix → nixos/modules/services/web-apps/matomo.nix
View File

@ -1,10 +1,11 @@
{ config, lib, pkgs, services, ... }:
with lib;
let
cfg = config.services.piwik;
cfg = config.services.matomo;
user = "piwik";
user = "matomo";
dataDir = "/var/lib/${user}";
deprecatedDataDir = "/var/lib/piwik";
pool = user;
# it's not possible to use /run/phpfpm/${pool}.sock because /run/phpfpm/ is root:root 0770,
@ -13,17 +14,22 @@ let
phpExecutionUnit = "phpfpm-${pool}";
databaseService = "mysql.service";
fqdn =
let
join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
in join config.networking.hostName config.networking.domain;
in {
options = {
services.piwik = {
services.matomo = {
# NixOS PR for database setup: https://github.com/NixOS/nixpkgs/pull/6963
# piwik issue for automatic piwik setup: https://github.com/piwik/piwik/issues/10257
# TODO: find a nice way to do this when more NixOS MySQL and / or piwik automatic setup stuff is implemented.
# matomo issue for automatic matomo setup: https://github.com/matomo-org/matomo/issues/10257
# TODO: find a nice way to do this when more NixOS MySQL and / or matomo automatic setup stuff is implemented.
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable piwik web analytics with php-fpm backend.
Enable matomo web analytics with php-fpm backend.
Either the nginx option or the webServerUser option is mandatory.
'';
};
@ -32,8 +38,9 @@ in {
type = types.nullOr types.str;
default = null;
example = "lighttpd";
# TODO: piwik.php might get renamed to matomo.php in future releases
description = ''
Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for piwik if the nginx
Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for matomo if the nginx
option is not used. Either this option or the nginx option is mandatory.
If you want to use another webserver than nginx, you need to set this to that server's user
and pass fastcgi requests to `index.php` and `piwik.php` to this socket.
@ -55,7 +62,7 @@ in {
catch_workers_output = yes
'';
description = ''
Settings for phpfpm's process manager. You might need to change this depending on the load for piwik.
Settings for phpfpm's process manager. You might need to change this depending on the load for matomo.
'';
};
@ -65,7 +72,7 @@ in {
(import ../web-servers/nginx/vhost-options.nix { inherit config lib; })
{
# enable encryption by default,
# as sensitive login and piwik data should not be transmitted in clear text.
# as sensitive login and matomo data should not be transmitted in clear text.
options.forceSSL.default = true;
options.enableACME.default = true;
}
@ -73,15 +80,19 @@ in {
);
default = null;
example = {
serverName = "stats.$\{config.networking.hostName\}";
serverAliases = [
"matomo.$\{config.networking.domain\}"
"stats.$\{config.networking.domain\}"
];
enableACME = false;
};
description = ''
With this option, you can customize an nginx virtualHost which already has sensible defaults for piwik.
With this option, you can customize an nginx virtualHost which already has sensible defaults for matomo.
Either this option or the webServerUser option is mandatory.
Set this to {} to just enable the virtualHost if you don't need any customization.
If enabled, then by default, the serverName is piwik.$\{config.networking.hostName\}, SSL is active,
and certificates are acquired via ACME.
If enabled, then by default, the <option>serverName</option> is
<literal>${user}.$\{config.networking.hostName\}.$\{config.networking.domain\}</literal>,
SSL is active, and certificates are acquired via ACME.
If this is set to null (the default), no nginx virtualHost will be configured.
'';
};
@ -90,12 +101,12 @@ in {
config = mkIf cfg.enable {
warnings = mkIf (cfg.nginx != null && cfg.webServerUser != null) [
"If services.piwik.nginx is set, services.piwik.nginx.webServerUser is ignored and should be removed."
"If services.matomo.nginx is set, services.matomo.nginx.webServerUser is ignored and should be removed."
];
assertions = [ {
assertion = cfg.nginx != null || cfg.webServerUser != null;
message = "Either services.piwik.nginx or services.piwik.nginx.webServerUser is mandatory";
message = "Either services.matomo.nginx or services.matomo.nginx.webServerUser is mandatory";
}];
users.extraUsers.${user} = {
@ -106,19 +117,20 @@ in {
};
users.extraGroups.${user} = {};
systemd.services.piwik_setup_update = {
# everything needs to set up and up to date before piwik php files are executed
systemd.services.matomo_setup_update = {
# everything needs to set up and up to date before matomo php files are executed
requiredBy = [ "${phpExecutionUnit}.service" ];
before = [ "${phpExecutionUnit}.service" ];
# the update part of the script can only work if the database is already up and running
requires = [ databaseService ];
after = [ databaseService ];
path = [ pkgs.piwik ];
path = [ pkgs.matomo ];
serviceConfig = {
Type = "oneshot";
User = user;
# hide especially config.ini.php from other
UMask = "0007";
# TODO: might get renamed to MATOMO_USER_PATH in future versions
Environment = "PIWIK_USER_PATH=${dataDir}";
# chown + chmod in preStart needs root
PermissionsStartOnly = true;
@ -127,27 +139,32 @@ in {
# e.g. after restoring from backup or moving from another system.
# Note that ${dataDir}/config/config.ini.php might contain the MySQL password.
preStart = ''
# migrate data from piwik to matomo folder
if [ -d ${deprecatedDataDir} ]; then
echo "Migrating from ${deprecatedDataDir} to ${dataDir}"
mv -T ${deprecatedDataDir} ${dataDir}
fi
chown -R ${user}:${user} ${dataDir}
chmod -R ug+rwX,o-rwx ${dataDir}
'';
script = ''
# Use User-Private Group scheme to protect piwik data, but allow administration / backup via piwik group
# Use User-Private Group scheme to protect matomo data, but allow administration / backup via matomo group
# Copy config folder
chmod g+s "${dataDir}"
cp -r "${pkgs.piwik}/config" "${dataDir}/"
cp -r "${pkgs.matomo}/config" "${dataDir}/"
chmod -R u+rwX,g+rwX,o-rwx "${dataDir}"
# check whether user setup has already been done
if test -f "${dataDir}/config/config.ini.php"; then
# then execute possibly pending database upgrade
piwik-console core:update --yes
matomo-console core:update --yes
fi
'';
};
systemd.services.${phpExecutionUnit} = {
# stop phpfpm on package upgrade, do database upgrade via piwik_setup_update, and then restart
restartTriggers = [ pkgs.piwik ];
# stop phpfpm on package upgrade, do database upgrade via matomo_setup_update, and then restart
restartTriggers = [ pkgs.matomo ];
# stop config.ini.php from getting written with read permission for others
serviceConfig.UMask = "0007";
};
@ -175,14 +192,14 @@ in {
# References:
# https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html
# https://github.com/perusio/piwik-nginx
"${user}.${config.networking.hostName}" = mkMerge [ cfg.nginx {
# don't allow to override the root easily, as it will almost certainly break piwik.
"${user}.${fqdn}" = mkMerge [ cfg.nginx {
# don't allow to override the root easily, as it will almost certainly break matomo.
# disadvantage: not shown as default in docs.
root = mkForce "${pkgs.piwik}/share";
root = mkForce "${pkgs.matomo}/share";
# define locations here instead of as the submodule option's default
# so that they can easily be extended with additional locations if required
# without needing to redefine the piwik ones.
# without needing to redefine the matomo ones.
# disadvantage: not shown as default in docs.
locations."/" = {
index = "index.php";
@ -191,6 +208,7 @@ in {
locations."= /index.php".extraConfig = ''
fastcgi_pass unix:${phpSocket};
'';
# TODO: might get renamed to matomo.php in future versions
# allow piwik.php for tracking
locations."= /piwik.php".extraConfig = ''
fastcgi_pass unix:${phpSocket};
@ -212,6 +230,7 @@ in {
locations."= /robots.txt".extraConfig = ''
return 200 "User-agent: *\nDisallow: /\n";
'';
# TODO: might get renamed to matomo.js in future versions
# let browsers cache piwik.js
locations."= /piwik.js".extraConfig = ''
expires 1M;
@ -221,7 +240,7 @@ in {
};
meta = {
doc = ./piwik-doc.xml;
doc = ./matomo-doc.xml;
maintainers = with stdenv.lib.maintainers; [ florianjacob ];
};
}

2
nixos/modules/services/x11/desktop-managers/enlightenment.nix
View File

@ -33,7 +33,7 @@ in
pkgs.xorg.xauth # used by kdesu
pkgs.gtk2 # To get GTK+'s themes.
pkgs.tango-icon-theme
pkgs.shared_mime_info
pkgs.shared-mime-info
pkgs.gnome2.gnomeicontheme
pkgs.xorg.xcursorthemes
];

18
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -27,7 +27,7 @@ let
nixos-gsettings-desktop-schemas = pkgs.runCommand "nixos-gsettings-desktop-schemas" {}
''
mkdir -p $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
cp -rf ${pkgs.gnome3.gsettings_desktop_schemas}/share/gsettings-schemas/gsettings-desktop-schemas*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
cp -rf ${pkgs.gnome3.gsettings-desktop-schemas}/share/gsettings-schemas/gsettings-desktop-schemas*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
${concatMapStrings (pkg: "cp -rf ${pkg}/share/gsettings-schemas/*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas\n") cfg.extraGSettingsOverridePackages}
@ -60,7 +60,7 @@ in {
example = literalExample "[ pkgs.gnome3.gpaste ]";
description = "Additional list of packages to be added to the session search path.
Useful for gnome shell extensions or gsettings-conditionated autostart.";
apply = list: list ++ [ pkgs.gnome3.gnome_shell pkgs.gnome3.gnome-shell-extensions ];
apply = list: list ++ [ pkgs.gnome3.gnome-shell pkgs.gnome3.gnome-shell-extensions ];
};
extraGSettingsOverrides = mkOption {
@ -118,7 +118,7 @@ in {
services.packagekit.enable = mkDefault true;
hardware.bluetooth.enable = mkDefault true;
services.xserver.libinput.enable = mkDefault true; # for controlling touchpad settings via gnome control center
services.udev.packages = [ pkgs.gnome3.gnome_settings_daemon ];
services.udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
systemd.packages = [ pkgs.gnome3.vino ];
# If gnome3 is installed, build vim for gtk3 too.
@ -164,7 +164,7 @@ in {
# Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/
${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update
${pkgs.gnome3.gnome_session}/bin/gnome-session ${optionalString cfg.debug "--debug"} &
${pkgs.gnome3.gnome-session}/bin/gnome-session ${optionalString cfg.debug "--debug"} &
waitPID=$!
'';
};
@ -172,7 +172,7 @@ in {
services.xserver.updateDbusEnvironment = true;
environment.variables.GIO_EXTRA_MODULES = [ "${lib.getLib pkgs.gnome3.dconf}/lib/gio/modules"
"${pkgs.gnome3.glib_networking.out}/lib/gio/modules"
"${pkgs.gnome3.glib-networking.out}/lib/gio/modules"
"${pkgs.gnome3.gvfs}/lib/gio/modules" ];
environment.systemPackages = pkgs.gnome3.corePackages ++ cfg.sessionPath
++ (removePackagesByName pkgs.gnome3.optionalPackages config.environment.gnome3.excludePackages);
@ -180,10 +180,10 @@ in {
# Use the correct gnome3 packageSet
networking.networkmanager.basePackages =
{ inherit (pkgs) networkmanager modemmanager wpa_supplicant;
inherit (pkgs.gnome3) networkmanager_openvpn networkmanager_vpnc
networkmanager_openconnect networkmanager_fortisslvpn
networkmanager_pptp networkmanager_iodine
networkmanager_l2tp; };
inherit (pkgs.gnome3) networkmanager-openvpn networkmanager-vpnc
networkmanager-openconnect networkmanager-fortisslvpn
networkmanager-pptp networkmanager-iodine
networkmanager-l2tp; };
# Needed for themes and backgrounds
environment.pathsToLink = [ "/share" ];

2
nixos/modules/services/x11/desktop-managers/mate.nix
View File

@ -102,7 +102,7 @@ in
services.dbus.packages = [
pkgs.gnome3.dconf
pkgs.at_spi2_core
pkgs.at-spi2-core
];
services.gnome3.gnome-keyring.enable = true;

2
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -154,7 +154,7 @@ in
print-manager
breeze-icons
pkgs.hicolor_icon_theme
pkgs.hicolor-icon-theme
kde-gtk-config breeze-gtk

6
nixos/modules/services/x11/desktop-managers/xfce.nix
View File

@ -61,12 +61,12 @@ in
# utilities-terminal, accessories-text-editor
gnome3.defaultIconTheme
hicolor_icon_theme
hicolor-icon-theme
tango-icon-theme
xfce4-icon-theme
desktop_file_utils
shared_mime_info
desktop-file-utils
shared-mime-info
# Needed by Xfce's xinitrc script
# TODO: replace with command -v

10
nixos/modules/services/x11/display-managers/gdm.nix
View File

@ -133,7 +133,7 @@ in
StandardError = "inherit";
};
systemd.services.display-manager.path = [ pkgs.gnome3.gnome_session ];
systemd.services.display-manager.path = [ pkgs.gnome3.gnome-session ];
services.dbus.packages = [ gdm ];
@ -193,7 +193,7 @@ in
auth required pam_env.so envfile=${config.system.build.pamEnvironment}
auth required pam_succeed_if.so uid >= 1000 quiet
auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so
auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so
auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth
${optionalString config.security.pam.enableEcryptfs
"auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
@ -213,7 +213,7 @@ in
"session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"}
session required pam_loginuid.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start
session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
gdm-password.text = ''
@ -221,7 +221,7 @@ in
auth required pam_env.so envfile=${config.system.build.pamEnvironment}
auth required pam_succeed_if.so uid >= 1000 quiet
auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so
auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so
auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth
${optionalString config.security.pam.enableEcryptfs
"auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
@ -240,7 +240,7 @@ in
"session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"}
session required pam_loginuid.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start
session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
gdm-autologin.text = ''

4
nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix
View File

@ -68,8 +68,8 @@ in
package = mkOption {
type = types.package;
default = pkgs.gnome3.gnome_themes_standard;
defaultText = "pkgs.gnome3.gnome_themes_standard";
default = pkgs.gnome3.gnome-themes-standard;
defaultText = "pkgs.gnome3.gnome-themes-standard";
description = ''
The package path that contains the theme given in the name option.
'';

28
nixos/modules/services/x11/xautolock.nix
View File

@ -26,9 +26,9 @@ in
};
locker = mkOption {
default = "xlock"; # default according to `man xautolock`
example = "i3lock -i /path/to/img";
type = types.string;
default = "${pkgs.xlockmore}/bin/xlock"; # default according to `man xautolock`
example = "${pkgs.i3lock}/bin/i3lock -i /path/to/img";
type = types.str;
description = ''
The script to use when automatically locking the computer.
@ -37,8 +37,8 @@ in
nowlocker = mkOption {
default = null;
example = "i3lock -i /path/to/img";
type = types.nullOr types.string;
example = "${pkgs.i3lock}/bin/i3lock -i /path/to/img";
type = types.nullOr types.str;
description = ''
The script to use when manually locking the computer with <command>xautolock -locknow</command>.
@ -56,10 +56,8 @@ in
notifier = mkOption {
default = null;
example = literalExample ''
"${pkgs.libnotify}/bin/notify-send \"Locking in 10 seconds\""
'';
type = types.nullOr types.string;
example = "${pkgs.libnotify}/bin/notify-send \"Locking in 10 seconds\"";
type = types.nullOr types.str;
description = ''
Notification script to be used to warn about the pending autolock.
@ -68,8 +66,8 @@ in
killer = mkOption {
default = null; # default according to `man xautolock` is none
example = "systemctl suspend";
type = types.nullOr types.string;
example = "${pkgs.systemd}/bin/systemctl suspend";
type = types.nullOr types.str;
description = ''
The script to use when nothing has happend for as long as <option>killtime</option>
@ -131,6 +129,12 @@ in
assertion = cfg.killer != null -> cfg.killtime >= 10;
message = "killtime has to be at least 10 minutes according to `man xautolock`";
}
];
] ++ (lib.flip map [ "locker" "notifier" "nowlocker" "killer" ]
(option:
{
assertion = cfg."${option}" != null -> builtins.substring 0 1 cfg."${option}" == "/";
message = "Please specify a canonical path for `services.xserver.xautolock.${option}`";
})
);
};
}

10
nixos/modules/system/boot/loader/grub/grub.nix
View File

@ -110,7 +110,7 @@ in
device = mkOption {
default = "";
example = "/dev/hda";
example = "/dev/disk/by-id/wwn-0x500001234567890a";
type = types.str;
description = ''
The device on which the GRUB boot loader will be installed.
@ -123,7 +123,7 @@ in
devices = mkOption {
default = [];
example = [ "/dev/hda" ];
example = [ "/dev/disk/by-id/wwn-0x500001234567890a" ];
type = types.listOf types.str;
description = ''
The devices on which the boot loader, GRUB, will be
@ -135,8 +135,8 @@ in
mirroredBoots = mkOption {
default = [ ];
example = [
{ path = "/boot1"; devices = [ "/dev/sda" ]; }
{ path = "/boot2"; devices = [ "/dev/sdb" ]; }
{ path = "/boot1"; devices = [ "/dev/disk/by-id/wwn-0x500001234567890a" ]; }
{ path = "/boot2"; devices = [ "/dev/disk/by-id/wwn-0x500009876543210a" ]; }
];
description = ''
Mirror the boot configuration to multiple partitions and install grub
@ -178,7 +178,7 @@ in
devices = mkOption {
default = [ ];
example = [ "/dev/sda" "/dev/sdb" ];
example = [ "/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a" ];
type = types.listOf types.str;
description = ''
The path to the devices which will have the GRUB MBR written.

9
nixos/modules/system/boot/luksroot.nix
View File

@ -228,10 +228,6 @@ in
[ "aes" "aes_generic" "blowfish" "twofish"
"serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512"
# workaround until https://marc.info/?l=linux-crypto-vger&m=148783562211457&w=4 is merged
# remove once 'modprobe --show-depends xts' shows ecb as a dependency
"ecb"
(if pkgs.stdenv.system == "x86_64-linux" then "aes_x86_64" else "aes_i586")
];
description = ''
@ -441,7 +437,10 @@ in
# Some modules that may be needed for mounting anything ciphered
# Also load input_leds to get caps lock light working (#12456)
boot.initrd.availableKernelModules = [ "dm_mod" "dm_crypt" "cryptd" "input_leds" ]
++ luks.cryptoModules;
++ luks.cryptoModules
# workaround until https://marc.info/?l=linux-crypto-vger&m=148783562211457&w=4 is merged
# remove once 'modprobe --show-depends xts' shows ecb as a dependency
++ (if builtins.elem "xts" luks.cryptoModules then ["ecb"] else []);
# copy the cryptsetup binary and it's dependencies
boot.initrd.extraUtilsCommands = ''

6
nixos/release.nix
View File

@ -228,6 +228,7 @@ in rec {
tests.boot = callSubTests tests/boot.nix {};
tests.boot-stage1 = callTest tests/boot-stage1.nix {};
tests.borgbackup = callTest tests/borgbackup.nix {};
tests.buildbot = callTest tests/buildbot.nix {};
tests.cadvisor = callTestOnTheseSystems ["x86_64-linux"] tests/cadvisor.nix {};
tests.chromium = (callSubTestsOnTheseSystems ["x86_64-linux"] tests/chromium.nix {}).stable;
tests.cjdns = callTest tests/cjdns.nix {};
@ -258,7 +259,7 @@ in rec {
tests.firefox = callTest tests/firefox.nix {};
tests.firewall = callTest tests/firewall.nix {};
tests.fleet = callTestOnTheseSystems ["x86_64-linux"] tests/fleet.nix {};
#tests.fwupd = callTest tests/fwupd.nix {}; # build during evaluation
tests.fwupd = callTest tests/fwupd.nix {};
#tests.gitlab = callTest tests/gitlab.nix {};
tests.gitolite = callTest tests/gitolite.nix {};
tests.gjs = callTest tests/gjs.nix {};
@ -318,6 +319,7 @@ in rec {
tests.nfs4 = callTest tests/nfs.nix { version = 4; };
tests.nginx = callTest tests/nginx.nix { };
tests.nghttpx = callTest tests/nghttpx.nix { };
tests.nix-ssh-serve = callTest tests/nix-ssh-serve.nix { };
tests.novacomd = callTestOnTheseSystems ["x86_64-linux"] tests/novacomd.nix { };
tests.leaps = callTest tests/leaps.nix { };
tests.nsd = callTest tests/nsd.nix {};
@ -339,6 +341,7 @@ in rec {
tests.pumpio = callTest tests/pump.io.nix {};
# tests.quagga = callTest tests/quagga.nix {};
tests.quake3 = callTest tests/quake3.nix {};
tests.rabbitmq = callTest tests/rabbitmq.nix {};
tests.radicale = callTest tests/radicale.nix {};
tests.rspamd = callSubTests tests/rspamd.nix {};
tests.runInMachine = callTest tests/run-in-machine.nix {};
@ -360,6 +363,7 @@ in rec {
tests.wordpress = callTest tests/wordpress.nix {};
tests.xfce = callTest tests/xfce.nix {};
tests.xmonad = callTest tests/xmonad.nix {};
tests.xrdp = callTest tests/xrdp.nix {};
tests.yabar = callTest tests/yabar.nix {};
tests.zookeeper = callTest tests/zookeeper.nix {};

1
nixos/tests/boot-stage1.nix
View File

@ -9,6 +9,7 @@ import ./make-test.nix ({ pkgs, ... }: {
kver = config.boot.kernelPackages.kernel.modDirVersion;
ksrc = "${kdev}/lib/modules/${kver}/build";
hardeningDisable = [ "pic" ];
nativeBuildInputs = kdev.moduleBuildDependencies;
} ''
echo "obj-m += $name.o" > Makefile
echo "$source" > "$name.c"

39
nixos/tests/nix-ssh-serve.nix Normal file
View File

@ -0,0 +1,39 @@
import ./make-test.nix ({ pkgs, lib, ... }:
let inherit (import ./ssh-keys.nix pkgs)
snakeOilPrivateKey snakeOilPublicKey;
ssh-config = builtins.toFile "ssh.conf" ''
UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no
'';
in
{ name = "nix-ssh-serve";
meta.maintainers = [ lib.maintainers.shlevy ];
nodes =
{ server.nix.sshServe =
{ enable = true;
keys = [ snakeOilPublicKey ];
protocol = "ssh-ng";
};
server.nix.package = pkgs.nixUnstable;
client.nix.package = pkgs.nixUnstable;
};
testScript = ''
startAll;
$client->succeed("mkdir -m 700 /root/.ssh");
$client->copyFileFromHost("${ssh-config}", "/root/.ssh/config");
$client->succeed("cat ${snakeOilPrivateKey} > /root/.ssh/id_ecdsa");
$client->succeed("chmod 600 /root/.ssh/id_ecdsa");
$client->succeed("nix-store --add /etc/machine-id > mach-id-path");
$server->waitForUnit("sshd");
$client->fail("diff /root/other-store\$(cat mach-id-path) /etc/machine-id");
# Currently due to shared store this is a noop :(
$client->succeed("nix copy --to ssh-ng://nix-ssh\@server \$(cat mach-id-path)");
$client->succeed("nix-store --realise \$(cat mach-id-path) --store /root/other-store --substituters ssh-ng://nix-ssh\@server");
$client->succeed("diff /root/other-store\$(cat mach-id-path) /etc/machine-id");
'';
}
)

17
nixos/tests/openssh.nix
View File

@ -1,20 +1,7 @@
import ./make-test.nix ({ pkgs, ... }:
let
snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" ''
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
-----END EC PRIVATE KEY-----
'';
snakeOilPublicKey = pkgs.lib.concatStrings [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
"yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
"9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil"
];
let inherit (import ./ssh-keys.nix pkgs)
snakeOilPrivateKey snakeOilPublicKey;
in {
name = "openssh";
meta = with pkgs.stdenv.lib.maintainers; {

2
nixos/tests/postgis.nix
View File

@ -12,7 +12,7 @@ import ./make-test.nix ({ pkgs, ...} : {
services.postgresql = let mypg = pkgs.postgresql100; in {
enable = true;
package = mypg;
extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }).v_2_4_0 ];
extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }) ];
};
};
};

15
nixos/tests/ssh-keys.nix Normal file
View File

@ -0,0 +1,15 @@
pkgs:
{ snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" ''
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
-----END EC PRIVATE KEY-----
'';
snakeOilPublicKey = pkgs.lib.concatStrings [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
"yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
"9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil"
];
}

11
pkgs/applications/altcoins/go-ethereum.nix
View File

@ -12,6 +12,17 @@ buildGoPackage rec {
# Fixes Cgo related build failures (see https://github.com/NixOS/nixpkgs/issues/25959 )
hardeningDisable = [ "fortify" ];
# Only install binaries in $out, source is not interesting and takes ~50M
outputs = [ "out" ];
preFixup = ''
export bin="''${out}"
'';
installPhase = ''
mkdir -p $out/bin $out
dir="$NIX_BUILD_TOP/go/bin"
[ -e "$dir" ] && cp -r $dir $out
'';
src = fetchFromGitHub {
owner = "ethereum";
repo = "go-ethereum";

2
pkgs/applications/audio/a2jmidid/default.nix
View File

@ -28,6 +28,6 @@ in stdenv.mkDerivation rec {
description = "Daemon for exposing legacy ALSA sequencer applications in JACK MIDI system";
license = licenses.gpl2;
maintainers = [ maintainers.goibhniu ];
platforms = platforms.linux;
platforms = [ "i686-linux" "x86_64-linux" ];
};
}

28
pkgs/applications/audio/aacgain/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub }:
{ stdenv, fetchFromGitHub, fetchpatch }:
stdenv.mkDerivation {
name = "aacgain-1.9.0";
@ -12,7 +12,19 @@ stdenv.mkDerivation {
hardeningDisable = [ "format" ];
postPatch = ''
(
cd mp4v2
patch -p0 < ${fetchpatch {
name = "fix_missing_ptr_deref.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/fix_missing_ptr_deref.patch?h=aacgain-cvs&id=e1a19c920f57063e64bab75cb0d8624731f6e3d7";
sha256 = "1cq7r005nvmwdjb25z80grcam7jv6k57jnl2bh349mg3ajmslbq9";
}}
)
'';
configurePhase = ''
runHook preConfigure
cd mp4v2
./configure
@ -21,9 +33,11 @@ stdenv.mkDerivation {
cd ..
./configure
runHook postConfigure
'';
buildPhase = ''
runHook preBuild
cd mp4v2
make libmp4v2.la
@ -32,18 +46,18 @@ stdenv.mkDerivation {
cd ..
make
runHook postBuild
'';
installPhase = ''
strip -s aacgain/aacgain
install -vD aacgain/aacgain "$out/bin/aacgain"
install -D aacgain/aacgain "$out/bin/aacgain"
'';
meta = {
meta = with stdenv.lib; {
description = "ReplayGain for AAC files";
homepage = https://github.com/mulx/aacgain;
license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux;
maintainers = [ stdenv.lib.maintainers.robbinch ];
license = licenses.gpl2;
platforms = platforms.linux;
maintainers = [ maintainers.robbinch ];
};
}

4
pkgs/applications/audio/ario/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, pkgconfig, gettext, gtk2, expat, intltool, libgcrypt,
libunique, gnutls, libxml2, curl, mpd_clientlib, dbus_glib, libnotify,
libunique, gnutls, libxml2, curl, mpd_clientlib, dbus-glib, libnotify,
libsoup, avahi, taglib
}:
@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig ];
buildInputs = [
gettext gtk2 expat intltool libgcrypt libunique gnutls
libxml2 curl mpd_clientlib dbus_glib libnotify libsoup avahi taglib
libxml2 curl mpd_clientlib dbus-glib libnotify libsoup avahi taglib
];
meta = {

4
pkgs/applications/audio/asunder/default.nix
View File

@ -12,11 +12,11 @@
with stdenv.lib;
stdenv.mkDerivation rec {
version = "2.8";
version = "2.9.2";
name = "asunder-${version}";
src = fetchurl {
url = "http://littlesvr.ca/asunder/releases/${name}.tar.bz2";
sha256 = "1nq9kd4rd4k2kibf57gdbm0zw2gxa234vvvdhxkm8g5bhx5h3iyq";
sha256 = "0vjbxrrjih4c673sc39wj5whp81xp9kmnwqxwzfnmhkky970rg5r";
};
nativeBuildInputs = [ pkgconfig ];

8
pkgs/applications/audio/audacious/default.nix
View File

@ -1,7 +1,7 @@
{ stdenv, fetchurl, pkgconfig, wrapGAppsHook, gettext, glib, gtk3
, libmowgli, dbus_glib, libxml2, xorg, gnome3, alsaLib
, libmowgli, dbus-glib, libxml2, xorg, gnome3, alsaLib
, libpulseaudio, libjack2, fluidsynth, libmad, libogg, libvorbis
, libcdio082, libcddb, flac, ffmpeg, mpg123, libcue, libmms, libbs2b
, libcdio, libcddb, flac, ffmpeg, mpg123, libcue, libmms, libbs2b
, libsndfile, libmodplug, libsamplerate, soxr, lirc, curl, wavpack
, neon, faad2, lame, libnotify, libsidplayfp
}:
@ -25,9 +25,9 @@ stdenv.mkDerivation rec {
];
buildInputs = [
gettext glib gtk3 libmowgli dbus_glib libxml2
gettext glib gtk3 libmowgli dbus-glib libxml2
xorg.libXcomposite gnome3.defaultIconTheme alsaLib libjack2
libpulseaudio fluidsynth libmad libogg libvorbis libcdio082
libpulseaudio fluidsynth libmad libogg libvorbis libcdio
libcddb flac ffmpeg mpg123 libcue libmms libbs2b libsndfile
libmodplug libsamplerate soxr lirc curl wavpack neon faad2
lame libnotify libsidplayfp

4
pkgs/applications/audio/audacious/qt-5.nix
View File

@ -3,7 +3,7 @@
gettext, pkgconfig,
qtbase,
alsaLib, curl, faad2, ffmpeg, flac, fluidsynth, gdk_pixbuf, lame, libbs2b,
libcddb, libcdio082, libcue, libjack2, libmad, libmms, libmodplug,
libcddb, libcdio, libcue, libjack2, libmad, libmms, libmodplug,
libmowgli, libnotify, libogg, libpulseaudio, libsamplerate, libsidplayfp,
libsndfile, libvorbis, libxml2, lirc, mpg123, neon, qtmultimedia, soxr,
wavpack
@ -46,7 +46,7 @@ mkDerivation {
# Plugin dependencies
alsaLib curl faad2 ffmpeg flac fluidsynth gdk_pixbuf lame libbs2b libcddb
libcdio082 libcue libjack2 libmad libmms libmodplug libmowgli
libcdio libcue libjack2 libmad libmms libmodplug libmowgli
libnotify libogg libpulseaudio libsamplerate libsidplayfp libsndfile
libvorbis libxml2 lirc mpg123 neon qtmultimedia soxr wavpack
];

4
pkgs/applications/audio/audacity/default.nix
View File

@ -7,12 +7,12 @@
with stdenv.lib;
stdenv.mkDerivation rec {
version = "2.2.1";
version = "2.2.2";
name = "audacity-${version}";
src = fetchurl {
url = "https://github.com/audacity/audacity/archive/Audacity-${version}.tar.gz";
sha256 = "1n05r8b4rnf9fas0py0is8cm97s3h65dgvqkk040aym5d1x6wd7z";
sha256 = "18q7i77ynihx7xp45lz2lv0k0wrh6736pcrivlpwrxjgbvyqx7km";
};
preConfigure = /* we prefer system-wide libs */ ''

6
pkgs/applications/audio/deadbeef/default.nix
View File

@ -1,7 +1,7 @@
{ stdenv, fetchurl, intltool, pkgconfig, fetchpatch, jansson
# deadbeef can use either gtk2 or gtk3
, gtk2Support ? false, gtk2 ? null
, gtk3Support ? true, gtk3 ? null, gsettings_desktop_schemas ? null, wrapGAppsHook ? null
, gtk3Support ? true, gtk3 ? null, gsettings-desktop-schemas ? null, wrapGAppsHook ? null
# input plugins
, vorbisSupport ? true, libvorbis ? null
, mp123Support ? true, libmad ? null
@ -30,7 +30,7 @@
assert gtk2Support || gtk3Support;
assert gtk2Support -> gtk2 != null;
assert gtk3Support -> gtk3 != null && gsettings_desktop_schemas != null && wrapGAppsHook != null;
assert gtk3Support -> gtk3 != null && gsettings-desktop-schemas != null && wrapGAppsHook != null;
assert vorbisSupport -> libvorbis != null;
assert mp123Support -> libmad != null;
assert flacSupport -> flac != null;
@ -62,7 +62,7 @@ stdenv.mkDerivation rec {
buildInputs = with stdenv.lib; [ jansson ]
++ optional gtk2Support gtk2
++ optionals gtk3Support [ gtk3 gsettings_desktop_schemas ]
++ optionals gtk3Support [ gtk3 gsettings-desktop-schemas ]
++ optional vorbisSupport libvorbis
++ optional mp123Support libmad
++ optional flacSupport flac

31
pkgs/applications/audio/deadbeef/plugins/opus.nix Normal file
View File

@ -0,0 +1,31 @@
{ stdenv, fetchFromBitbucket, opusfile, libopus, libogg, openssl, deadbeef }:
stdenv.mkDerivation rec {
name = "deadbeef-opus-plugin-${version}";
version = "0.8";
src = fetchFromBitbucket {
owner = "Lithopsian";
repo = "deadbeef-opus";
rev = "v${version}";
sha256 = "057rgsw4563gs63k05s7zsdc0n4djxwlbyqabf7c88f23z35ryyi";
};
makeFlags = [
"PREFIX=$(out)"
];
NIX_CFLAGS_COMPILE = [
"-I${opusfile}/include/opus"
];
buildInputs = [ deadbeef opusfile libopus libogg openssl ];
meta = with stdenv.lib; {
description = "Ogg Opus decoder plugin for the DeaDBeeF music player";
homepage = https://bitbucket.org/Lithopsian/deadbeef-opus;
license = licenses.gpl2; # There are three files, each licensed under different license: zlib, gpl2Plus and lgpl2
maintainers = [ maintainers.jtojnar ];
platforms = platforms.linux;
};
}

4
pkgs/applications/audio/drumkv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "drumkv1-${version}";
version = "0.8.5";
version = "0.8.6";
src = fetchurl {
url = "mirror://sourceforge/drumkv1/${name}.tar.gz";
sha256 = "06xqqm1ylmpp2s7xk7xav325gc50kxlvh9vf1343b0n3i8xkgjfg";
sha256 = "0fwxrfyp15a4m77mzz4mwj36mhdrj646whlrkvcys33p2w75f8cq";
};
buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools ];

4
pkgs/applications/audio/easytag/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchurl, pkgconfig, intltool, gtk3, glib, libid3tag, id3lib, taglib
, libvorbis, libogg, flac, itstool, libxml2, gsettings_desktop_schemas
, libvorbis, libogg, flac, itstool, libxml2, gsettings-desktop-schemas
, makeWrapper, gnome3
}:
@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ makeWrapper pkgconfig intltool ];
buildInputs = [
gtk3 glib libid3tag id3lib taglib libvorbis libogg flac
itstool libxml2 gsettings_desktop_schemas gnome3.defaultIconTheme (stdenv.lib.getLib gnome3.dconf)
itstool libxml2 gsettings-desktop-schemas gnome3.defaultIconTheme (stdenv.lib.getLib gnome3.dconf)
];
meta = with stdenv.lib; {

4
pkgs/applications/audio/flacon/default.nix
View File

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
name = "flacon-${version}";
version = "2.1.1";
version = "4.0.0";
src = fetchFromGitHub {
owner = "flacon";
repo = "flacon";
rev = "v${version}";
sha256 = "0jazv3d1xaydp2ws1pd5rmga76z5yk74v3a8yqfc8vbb2z6ahimz";
sha256 = "0l0xbzpy4nnr08z7gqvb4ngrjwzpspa382cbcrpkya3nd40987kr";
};
nativeBuildInputs = [ cmake pkgconfig makeWrapper ];

4
pkgs/applications/audio/fluidsynth/default.nix
View File

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
name = "fluidsynth-${version}";
version = "1.1.8";
version = "1.1.9";
src = fetchFromGitHub {
owner = "FluidSynth";
repo = "fluidsynth";
rev = "v${version}";
sha256 = "12q7hv0zvgylsdj1ipssv5zr7ap2y410dxsd63dz22y05fa2hwwd";
sha256 = "0krvmb1idnf95l2ydzfcb08ayyx3n4m71hf9fgwv3srzaikvpf3q";
};
nativeBuildInputs = [ pkgconfig cmake ];

4
pkgs/applications/audio/gjay/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchurl, pkgconfig, mpd_clientlib, dbus_glib, audacious, gtk2, gsl
{ stdenv, fetchurl, pkgconfig, mpd_clientlib, dbus-glib, audacious, gtk2, gsl
, libaudclient }:
stdenv.mkDerivation {
@ -11,7 +11,7 @@ stdenv.mkDerivation {
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ mpd_clientlib dbus_glib audacious gtk2 gsl libaudclient ];
buildInputs = [ mpd_clientlib dbus-glib audacious gtk2 gsl libaudclient ];
hardeningDisable = [ "format" ];

4
pkgs/applications/audio/gmpc/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchurl, libtool, intltool, pkgconfig, glib
, gtk2, curl, mpd_clientlib, libsoup, gob2, vala, libunique
, libSM, libICE, sqlite, hicolor_icon_theme, wrapGAppsHook
, libSM, libICE, sqlite, hicolor-icon-theme, wrapGAppsHook
}:
stdenv.mkDerivation rec {
@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig libtool intltool gob2 vala wrapGAppsHook ];
buildInputs = [
glib gtk2 curl mpd_clientlib libsoup
libunique libmpd libSM libICE sqlite hicolor_icon_theme
libunique libmpd libSM libICE sqlite hicolor-icon-theme
];
meta = with stdenv.lib; {

12
pkgs/applications/audio/gradio/default.nix
View File

@ -1,13 +1,13 @@
{ stdenv, fetchFromGitHub, pkgconfig
, gcc
, python3
, gsettings_desktop_schemas
, desktop_file_utils
, gsettings-desktop-schemas
, desktop-file-utils
, glib
, gtk3
, intltool
, libsoup
, json_glib
, json-glib
, wrapGAppsHook
, meson
, ninja
@ -44,15 +44,15 @@ in stdenv.mkDerivation rec {
glib
intltool
libsoup
json_glib
json-glib
gtk3
gst_all_1.gstreamer
gst_all_1.gst-plugins-base
wrapGAppsHook
desktop_file_utils
gsettings_desktop_schemas
desktop-file-utils
gsettings-desktop-schemas
] ++ gst_plugins;
enableParallelBuilding = true;

8
pkgs/applications/audio/gtkpod/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchurl, pkgconfig, makeWrapper, intltool, libgpod, curl, flac,
gnome, gtk3, glib, gettext, perl, perlXMLParser, flex, libglade, libid3tag,
libvorbis, hicolor_icon_theme, gdk_pixbuf }:
libvorbis, hicolor-icon-theme, gdk_pixbuf }:
stdenv.mkDerivation rec {
version = "2.1.5";
@ -11,13 +11,13 @@ stdenv.mkDerivation rec {
sha256 = "0xisrpx069f7bjkyc8vqxb4k0480jmx1wscqxr6cpq1qj6pchzd5";
};
propagatedUserEnvPkgs = [ gnome.gnome_themes_standard ];
propagatedUserEnvPkgs = [ gnome.gnome-themes-standard ];
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ makeWrapper intltool curl gettext perl perlXMLParser
flex libgpod libid3tag flac libvorbis gtk3 gdk_pixbuf libglade gnome.anjuta
gnome.gdl gnome.defaultIconTheme
hicolor_icon_theme ];
hicolor-icon-theme ];
patchPhase = ''
sed -i 's/which/type -P/' scripts/*.sh
@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
preFixup = ''
wrapProgram "$out/bin/gtkpod" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome.gnome_themes_standard}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome.gnome-themes-standard}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
'';
enableParallelBuilding = true;

8
pkgs/applications/audio/guitarix/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchurl, gettext, intltool, pkgconfig, python2
, avahi, bluez, boost, eigen, fftw, glib, glib_networking
, glibmm, gsettings_desktop_schemas, gtkmm2, libjack2
, avahi, bluez, boost, eigen, fftw, glib, glib-networking
, glibmm, gsettings-desktop-schemas, gtkmm2, libjack2
, ladspaH, libav, librdf, libsndfile, lilv, lv2, serd, sord, sratom
, wrapGAppsHook, zita-convolver, zita-resampler
, optimizationSupport ? false # Enable support for native CPU extensions
@ -22,8 +22,8 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ gettext intltool wrapGAppsHook pkgconfig python2 ];
buildInputs = [
avahi bluez boost eigen fftw glib glibmm glib_networking.out
gsettings_desktop_schemas gtkmm2 libjack2 ladspaH libav librdf
avahi bluez boost eigen fftw glib glibmm glib-networking.out
gsettings-desktop-schemas gtkmm2 libjack2 ladspaH libav librdf
libsndfile lilv lv2 serd sord sratom zita-convolver
zita-resampler
];

4
pkgs/applications/audio/kid3/default.nix
View File

@ -10,11 +10,11 @@
stdenv.mkDerivation rec {
name = "kid3-${version}";
version = "3.4.2";
version = "3.5.1";
src = fetchurl {
url = "mirror://sourceforge/project/kid3/kid3/${version}/${name}.tar.gz";
sha256 = "0gka4na583015jyqva18g85q7vnkjdk0iji2jp88di3kpvqhf1sw";
sha256 = "09iryxnhg8d9q36a4brb25bqkjprkx5kl0x7vyy82gxivqk0ihl8";
};
buildInputs = with stdenv.lib;

4
pkgs/applications/audio/meterbridge/default.nix
View File

@ -2,12 +2,12 @@
}:
stdenv.mkDerivation rec {
version = "0.9.2";
version = "0.9.3";
name = "meterbridge-${version}";
src = fetchurl {
url = "http://plugin.org.uk/meterbridge/${name}.tar.gz";
sha256 = "0jb6g3kbfyr5yf8mvblnciva2bmc01ijpr51m21r27rqmgi8gj5k";
sha256 = "0s7n3czfpil94vsd7iblv4xrck9c7zvsz4r3yfbkqcv85pjz1viz";
};
patches = [ ./buf_rect.patch ./fix_build_with_gcc-5.patch];

23
pkgs/applications/audio/mopidy-iris/default.nix
View File

@ -1,23 +1,26 @@
{ stdenv, pythonPackages, mopidy, mopidy-local-images }:
pythonPackages.buildPythonApplication rec {
name = "mopidy-iris-${version}";
version = "3.12.4";
pname = "Mopidy-Iris";
version = "3.14.0";
src = pythonPackages.fetchPypi {
inherit version;
pname = "Mopidy-Iris";
sha256 = "0k64rfnp5b4rybb396zzx12wnnca43a8l1s6s6dr6cflgk9aws87";
inherit pname version;
sha256 = "2c0ec5138e554e91d299ac72a7049bc00d77770a08c16c17e1a9df7f8ef42feb";
};
propagatedBuildInputs = [
mopidy
mopidy-local-images
pythonPackages.configobj
pythonPackages.pylast
pythonPackages.spotipy
pythonPackages.raven
];
] ++ (with pythonPackages; [
configobj
pylast
spotipy
raven
]);
# no tests implemented
doCheck = false;
meta = with stdenv.lib; {
homepage = https://github.com/jaedb/Iris;

13
pkgs/applications/audio/mopidy-moped/default.nix
View File

@ -1,18 +1,19 @@
{ stdenv, fetchurl, pythonPackages, mopidy, glibcLocales }:
{ stdenv, pythonPackages, mopidy, glibcLocales }:
pythonPackages.buildPythonApplication rec {
name = "mopidy-moped-${version}";
version = "0.6.0";
pname = "Mopidy-Moped";
version = "0.7.1";
src = fetchurl {
url = "https://github.com/martijnboland/moped/archive/v${version}.tar.gz";
sha256 = "0xff8y1kc7rwwsd7ppgbvywf6i8lchjwbxjisfl1kmilwsb166yr";
src = pythonPackages.fetchPypi {
inherit pname version;
sha256 = "15461174037d87af93dd59a236d4275c5abf71cea0670ffff24a7d0399a8a2e4";
};
LC_ALL = "en_US.UTF-8";
buildInputs = [ glibcLocales ];
propagatedBuildInputs = [ mopidy ];
# no tests implemented
doCheck = false;
meta = with stdenv.lib; {

12
pkgs/applications/audio/mopidy-mopify/default.nix
View File

@ -1,17 +1,17 @@
{ stdenv, fetchurl, pythonPackages, mopidy }:
pythonPackages.buildPythonApplication rec {
name = "mopidy-mopify-${version}";
pname = "Mopidy-Mopify";
version = "1.6.1";
version = "1.5.17";
src = fetchurl {
url = "https://github.com/dirkgroenen/mopidy-mopify/archive/${version}.tar.gz";
sha256 = "1qi7f5i87ygn486gxc84njl22y84xrwabpz58y5a1hw7z1lp7l8s";
src = pythonPackages.fetchPypi {
inherit pname version;
sha256 = "93ad2b3d38b1450c8f2698bb908b0b077a96b3f64cdd6486519e518132e23a5c";
};
propagatedBuildInputs = with pythonPackages; [ mopidy configobj ];
# no tests implemented
doCheck = false;
meta = with stdenv.lib; {

4
pkgs/applications/audio/mopidy/default.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, pythonPackages, wrapGAppsHook
, gst_all_1, glib_networking, gobjectIntrospection
, gst_all_1, glib-networking, gobjectIntrospection
}:
pythonPackages.buildPythonApplication rec {
@ -18,7 +18,7 @@ pythonPackages.buildPythonApplication rec {
buildInputs = with gst_all_1; [
gst-plugins-base gst-plugins-good gst-plugins-ugly gst-plugins-bad
glib_networking gobjectIntrospection
glib-networking gobjectIntrospection
];
propagatedBuildInputs = with pythonPackages; [

7
pkgs/applications/audio/mp3blaster/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, ncurses }:
{ stdenv, fetchFromGitHub, ncurses, libvorbis }:
stdenv.mkDerivation rec {
version = "3.2.6";
@ -12,7 +12,10 @@ stdenv.mkDerivation rec {
sha256 = "0pzwml3yhysn8vyffw9q9p9rs8gixqkmg4n715vm23ib6wxbliqs";
};
buildInputs = [ ncurses ];
buildInputs = [
ncurses
libvorbis
];
buildFlags = [ "CXXFLAGS=-Wno-narrowing" ];

4
pkgs/applications/audio/padthv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "padthv1-${version}";
version = "0.8.5";
version = "0.8.6";
src = fetchurl {
url = "mirror://sourceforge/padthv1/${name}.tar.gz";
sha256 = "0dyrllxgd74nknixjcz6n7m4gw70v246s8z1qss7zfl5yllhb712";
sha256 = "1mikab2f9n5q1sfgnp3sbm1rf3v57k4085lsgh0a5gzga2h4hwxq";
};
buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools fftw ];

12
pkgs/applications/audio/pamix/default.nix
View File

@ -1,19 +1,23 @@
{ stdenv, fetchFromGitHub
, autoreconfHook, autoconf-archive, pkgconfig
, pkgconfig, cmake
, libpulseaudio, ncurses }:
stdenv.mkDerivation rec {
name = "pamix-${version}";
version = "1.5";
version = "1.6";
src = fetchFromGitHub {
owner = "patroclos";
repo = "pamix";
rev = version;
sha256 = "1d6b0iv8p73bwq88kdaanm4igvmp9rkq082vyaxpc67mz398yjbp";
sha256 = "1d44ggnwkf2gff62959pj45v3a2k091q8v154wc5pmzamam458wp";
};
nativeBuildInputs = [ autoreconfHook autoconf-archive pkgconfig ];
preConfigure = ''
substituteInPlace CMakeLists.txt --replace "/etc" "$out/etc/xdg"
'';
nativeBuildInputs = [ cmake pkgconfig ];
buildInputs = [ libpulseaudio ncurses ];
meta = with stdenv.lib; {

4
pkgs/applications/audio/pamixer/default.nix
View File

@ -3,11 +3,11 @@
stdenv.mkDerivation rec {
name = "pamixer-${version}";
version = "1.3";
version = "1.3.1";
src = fetchurl {
url = "https://github.com/cdemoulins/pamixer/archive/${version}.tar.gz";
sha256 = "091676ww4jbf4jr728gjfk7fkd5nisy70mr6f3s1p7n05hjpmfjx";
sha256 = "1lsvb4xk1dq762w9c0jn7xvj3v1lzppql9mj1b55fhzdypbrkm6x";
};
buildInputs = [ boost libpulseaudio ];

4
pkgs/applications/audio/paprefs/default.nix
View File

@ -1,5 +1,5 @@
{ fetchurl, stdenv, pkgconfig, pulseaudioFull, gtkmm2, libglademm
, dbus_glib, GConf, gconfmm, intltool }:
, dbus-glib, GConf, gconfmm, intltool }:
stdenv.mkDerivation rec {
name = "paprefs-0.9.10";
@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
sha256 = "1c5b3sb881szavly220q31g7rvpn94wr7ywlk00hqb9zaikml716";
};
buildInputs = [ pulseaudioFull gtkmm2 libglademm dbus_glib gconfmm ];
buildInputs = [ pulseaudioFull gtkmm2 libglademm dbus-glib gconfmm ];
nativeBuildInputs = [ pkgconfig intltool ];

4
pkgs/applications/audio/patchage/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, alsaLib, boost, dbus_glib, fetchsvn, ganv, glibmm
{ stdenv, alsaLib, boost, dbus-glib, fetchsvn, ganv, glibmm
, gtkmm2, libjack2, pkgconfig, python2
}:
@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
};
buildInputs = [
alsaLib boost dbus_glib ganv glibmm gtkmm2 libjack2
alsaLib boost dbus-glib ganv glibmm gtkmm2 libjack2
pkgconfig python2
];

4
pkgs/applications/audio/pavucontrol/default.nix
View File

@ -1,5 +1,5 @@
{ fetchurl, stdenv, pkgconfig, intltool, libpulseaudio, gtkmm3
, libcanberra_gtk3, makeWrapper, gnome3 }:
, libcanberra-gtk3, makeWrapper, gnome3 }:
stdenv.mkDerivation rec {
name = "pavucontrol-3.0";
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS"
'';
buildInputs = [ libpulseaudio gtkmm3 libcanberra_gtk3 makeWrapper
buildInputs = [ libpulseaudio gtkmm3 libcanberra-gtk3 makeWrapper
gnome3.defaultIconTheme ];
nativeBuildInputs = [ pkgconfig intltool ];

4
pkgs/applications/audio/picard/default.nix
View File

@ -1,7 +1,7 @@
{ stdenv, python2Packages, fetchurl, gettext, chromaprint }:
let
version = "1.4";
version = "1.4.2";
pythonPackages = python2Packages;
in pythonPackages.buildPythonApplication {
name = "picard-${version}";
@ -9,7 +9,7 @@ in pythonPackages.buildPythonApplication {
src = fetchurl {
url = "http://ftp.musicbrainz.org/pub/musicbrainz/picard/picard-${version}.tar.gz";
sha256 = "0gi7f1h7jcg7n18cx8iw38sd868viv3w377xmi7cq98f1g76d4h6";
sha256 = "0d12k40d9fbcn801gp5zdsgvjdrh4g97vda3ga16rmmvfwwfxbgh";
};
buildInputs = [ gettext ];

Some files were not shown because too many files have changed in this diff Show More