JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:nixos/nixpkgs into pleasant-ruby

Browse Source 
Conflicts:
	pkgs/applications/version-management/git-and-tools/default.nix
	pkgs/applications/version-management/git-and-tools/hub/default.nix
	pkgs/tools/audio/mpdcron/default.nix
This commit is contained in:
Charles Strahan 2015-01-20 20:21:03 -05:00
commit dfc225d143
823 changed files with 154029 additions and 7470 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -1,10 +1,18 @@
Nixpkgs is a collection of packages for [Nix](https://nixos.org/nix/) package
manager. Nixpkgs also includes [NixOS](https://nixos.org/nixos/) linux distribution source code.
manager.
[NixOS](https://nixos.org/nixos/) linux distribution source code is located inside `nixos/` folder.
* [NixOS installation instructions](https://nixos.org/nixos/manual/#ch-installation)
* [Documentation (Nix Expression Language chapter)](https://nixos.org/nix/manual/#ch-expression-language)
* [Manual (How to write packages for Nix)](https://nixos.org/nixpkgs/manual/)
* [Manual (NixOS)](https://nixos.org/nixos/manual/)
* [Continuous build](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Tests](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for 14.12 release](https://hydra.nixos.org/jobset/nixos/release-14.12)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for 14.12 release](https://hydra.nixos.org/job/nixos/release-14.12/tested#tabs-constituents)
Communication:
* [Mailing list](https://lists.science.uu.nl/mailman/listinfo/nix-dev)
* [IRC - #nixos on freenode.net](irc://irc.freenode.net/#nixos)

4
default.nix
View File

@ -1,6 +1,6 @@
if ! builtins ? nixVersion || builtins.compareVersions "1.7" builtins.nixVersion == 1 then
if ! builtins ? nixVersion || builtins.compareVersions "1.8" builtins.nixVersion == 1 then
abort "This version of Nixpkgs requires Nix >= 1.7, please upgrade!"
abort "This version of Nixpkgs requires Nix >= 1.8, please upgrade!"
else

4
doc/stdenv.xml
View File

@ -718,7 +718,7 @@ the Nix store under <envar>out</envar>. The default
install</command>.</para>
<variablelist>
<title>Variables controlling the check phase</title>
<title>Variables controlling the install phase</title>
<varlistentry>
<term><varname>makeFlags</varname> /
@ -797,7 +797,7 @@ following:
</para>
<variablelist>
<title>Variables controlling the check phase</title>
<title>Variables controlling the fixup phase</title>
<varlistentry>
<term><varname>dontStrip</varname></term>

2
lib/attrsets.nix
View File

@ -1,7 +1,7 @@
# Operations on attribute sets.
with {
inherit (builtins) head tail;
inherit (builtins) head tail length;
inherit (import ./trivial.nix) or;
inherit (import ./default.nix) fold;
inherit (import ./strings.nix) concatStringsSep;

7
lib/customisation.nix
View File

@ -65,6 +65,13 @@ rec {
overrideDerivation = fdrv:
makeOverridable (args: overrideDerivation (f args) fdrv) origArgs;
})
else if builtins.isFunction ff then
{ override = newArgs:
makeOverridable f (origArgs // (if builtins.isFunction newArgs then newArgs origArgs else newArgs));
__functor = self: ff;
deepOverride = throw "deepOverride not yet supported for functors";
overrideDerivation = throw "overrideDerivation not yet supported for functors";
}
else ff;
deepOverrider = newArgs: name: x: if builtins.isAttrs x then (

4
lib/maintainers.nix
View File

@ -43,6 +43,7 @@
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
christopherpoole = "Christopher Mark Poole <mail@christopherpoole.net>";
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
cocreature = "Moritz Kiefer <moritz.kiefer@purelyfunctional.org>";
codyopel = "Cody Opel <codyopel@gmail.com>";
copumpkin = "Dan Peebles <pumpkingod@gmail.com>";
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
@ -74,6 +75,7 @@
garbas = "Rok Garbas <rok@garbas.si>";
gavin = "Gavin Rogers <gavin@praxeology.co.uk>";
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
gridaphobe = "Eric Seidel <eric@seidel.io>";
guibert = "David Guibert <david.guibert@gmail.com>";
henrytill = "Henry Till <henrytill@gmail.com>";
hinton = "Tom Hinton <t@larkery.com>";
@ -81,6 +83,7 @@
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
iElectric = "Domen Kozar <domen@dev.si>";
iyzsong = "Song Wenwu <iyzsong@gmail.com>";
j-keck = "Jürgen Keck <jhyphenkeck@gmail.com>";
jagajaga = "Arseniy Seroka <ars.seroka@gmail.com>";
jcumming = "Jack Cummings <jack@mudshark.org>";
jgeerds = "Jascha Geerds <jg@ekby.de>";
@ -106,6 +109,7 @@
manveru = "Michael Fellinger <m.fellinger@gmail.com>";
marcweber = "Marc Weber <marco-oweber@gmx.de>";
matejc = "Matej Cotman <cotman.matej@gmail.com>";
matthiasbeyer = "Matthias Beyer <mail@beyermatthias.de>";
meditans = "Carlo Nucera <meditans@gmail.com>";
meisternu = "Matt Miemiec <meister@krutt.org>";
michelk = "Michel Kuhlmann <michel@kuhlmanns.info>";

25
lib/modules.nix
View File

@ -356,6 +356,31 @@ rec {
mkBefore = mkOrder 500;
mkAfter = mkOrder 1500;
# Convenient property used to transfer all definitions and their
# properties from one option to another. This property is useful for
# renaming options, and also for including properties from another module
# system, including sub-modules.
#
# { config, options, ... }:
#
# {
# # 'bar' might not always be defined in the current module-set.
# config.foo.enable = mkAliasDefinitions (options.bar.enable or {});
#
# # 'barbaz' has to be defined in the current module-set.
# config.foobar.paths = mkAliasDefinitions options.barbaz.paths;
# }
#
# Note, this is different than taking the value of the option and using it
# as a definition, as the new definition will not keep the mkOverride /
# mkDefault properties of the previous option.
#
mkAliasDefinitions = mkAliasAndWrapDefinitions id;
mkAliasAndWrapDefinitions = wrap: option:
mkMerge
(optional (isOption option && option.isDefined)
(wrap (mkMerge option.definitions)));
/* Compatibility. */
fixMergeModules = modules: args: evalModules { inherit modules args; check = false; };

1
lib/options.nix
View File

@ -96,6 +96,7 @@ rec {
declarations = filter (x: x != unknownModule) opt.declarations;
internal = opt.internal or false;
visible = opt.visible or true;
type = opt.type.name or null;
}
// (if opt ? example then { example = scrubOptionValue opt.example; } else {})
// (if opt ? default then { default = scrubOptionValue opt.default; } else {})

5
maintainers/scripts/travis-nox-review-pr.sh
View File

@ -28,12 +28,13 @@ elif [[ $1 == build ]]; then
source $HOME/.nix-profile/etc/profile.d/nix.sh
if [[ $TRAVIS_PULL_REQUEST == false ]]; then
echo "===> Not a pull request, checking evaluation"
nix-build pkgs/top-level/release.nix -A tarball
echo "=== Not a pull request"
else
echo "=== Checking PR"
nox-review pr ${TRAVIS_PULL_REQUEST}
fi
echo "=== Checking tarball creation"
nix-build pkgs/top-level/release.nix -A tarball
else
echo "$0: Unknown option $1" >&2
false

1
maintainers/scripts/vanity-manual-equalities.txt
View File

@ -4,3 +4,4 @@ Pjotr Prins pjotr.public05@thebird.nl
Wouter den Breejen wbreejen
MarcWeber marcweber
Ricardo Correia Ricardo M. Correia
ertesx@gmx.de ertes

4
maintainers/scripts/vanity.sh
View File

@ -47,11 +47,11 @@ fetchGithubName () {
# For RDF
normalize_name () {
sed -e 's/%/%25/g; s/ /%20/g; s/'\''/%27/g; s/"/%22/g; s/`/%60/g'
sed -e 's/%/%25/g; s/ /%20/g; s/'\''/%27/g; s/"/%22/g; s/`/%60/g; s/\^/%5e/g; '
}
denormalize_name () {
sed -e 's/%20/ /g; s/%27/'\''/g; s/%22/"/g; s/%60/`/g; s/%25/%/g;';
sed -e 's/%20/ /g; s/%27/'\''/g; s/%22/"/g; s/%60/`/g; s/%5e/^/g; s/%25/%/g;';
}
n3="$(mktemp --suffix .n3)"

6
nixos/doc/manual/administration/control-groups.xml
View File

@ -58,12 +58,10 @@ controls memory allocation limits; by default, all processes are in
the top-level cgroup, so any service or session can exhaust all
available memory. Per-cgroup memory limits can be specified in
<filename>configuration.nix</filename>; for instance, to limit
<literal>httpd.service</literal> to 512 MiB of RAM (excluding swap)
and 640 MiB of RAM (including swap):
<literal>httpd.service</literal> to 512 MiB of RAM (excluding swap):
<programlisting>
systemd.services.httpd.serviceConfig.MemoryLimit = "512M";
systemd.services.httpd.serviceConfig.ControlGroupAttribute = [ "memory.memsw.limit_in_bytes 640M" ];
</programlisting>
</para>
@ -72,4 +70,4 @@ systemd.services.httpd.serviceConfig.ControlGroupAttribute = [ "memory.memsw.lim
continuously updated list of all cgroups with their CPU and memory
usage.</para>
</chapter>
</chapter>

2
nixos/doc/manual/configuration/summary.xml
View File

@ -60,7 +60,7 @@ manual</link> for the rest.</para>
<entry>A nested set, equivalent to <literal>{ foo = { bar = 1; }; }</literal></entry>
</row>
<row>
<entry><literal>rec { x = "bla"; y = x + "bar"; }</literal></entry>
<entry><literal>rec { x = "foo"; y = x + "bar"; }</literal></entry>
<entry>A recursive set, equivalent to <literal>{ x = "foo"; y = "foobar"; }</literal></entry>
</row>
<row>

3
nixos/doc/manual/default.nix
View File

@ -20,7 +20,8 @@ let
declarations = map (fn: stripPrefix fn) opt.declarations;
}
// optionalAttrs (opt ? example) { example = substFunction opt.example; }
// optionalAttrs (opt ? default) { default = substFunction opt.default; });
// optionalAttrs (opt ? default) { default = substFunction opt.default; }
// optionalAttrs (opt ? type) { type = substFunction opt.type; });
prefix = toString ../../..;

4
nixos/doc/manual/installation/obtaining.xml
View File

@ -8,7 +8,7 @@
<para>NixOS ISO images can be downloaded from the <link
xlink:href="http://nixos.org/nixos/download.html">NixOS
homepage</link>. There are a number of installation options. If
download page</link>. There are a number of installation options. If
you happen to have an optical drive and a spare CD, burning the
image to CD and booting from that is probably the easiest option.
Most people will need to prepare a USB stick to boot from.
@ -27,7 +27,7 @@ running NixOS system through several other means:
<para>Using virtual appliances in Open Virtualization Format (OVF)
that can be imported into VirtualBox. These are available from
the <link xlink:href="http://nixos.org/nixos/download.html">NixOS
homepage</link>.</para>
download page</link>.</para>
</listitem>
<listitem>
<para>Using AMIs for Amazons EC2. To find one for your region

36
nixos/doc/manual/installation/upgrading.xml
View File

@ -14,8 +14,8 @@ been built. These channels are:
<itemizedlist>
<listitem>
<para>Stable channels, such as <literal
xlink:href="https://nixos.org/channels/nixos-14.04">nixos-14.04</literal>.
<para><emphasis>Stable channels</emphasis>, such as <literal
xlink:href="https://nixos.org/channels/nixos-14.12">nixos-14.12</literal>.
These only get conservative bug fixes and package upgrades. For
instance, a channel update may cause the Linux kernel on your
system to be upgraded from 3.4.66 to 3.4.67 (a minor bug fix), but
@ -23,14 +23,28 @@ been built. These channels are:
3.11.<replaceable>x</replaceable> (a major change that has the
potential to break things). Stable channels are generally
maintained until the next stable branch is created.</para>
<para></para>
</listitem>
<listitem>
<para>The unstable channel, <literal
<para>The <emphasis>unstable channel</emphasis>, <literal
xlink:href="https://nixos.org/channels/nixos-unstable">nixos-unstable</literal>.
This corresponds to NixOSs main development branch, and may thus
see radical changes between channel updates. Its not recommended
for production systems.</para>
</listitem>
<listitem>
<para><emphasis>Small channels</emphasis>, such as <literal
xlink:href="https://nixos.org/channels/nixos-14.12-small">nixos-14.12-small</literal>
or <literal
xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>. These
are identical to the stable and unstable channels described above,
except that they contain fewer binary packages. This means they
get updated faster than the regular channels (for instance, when a
critical security patch is committed to NixOSs source tree), but
may require more packages to be built from source than
usual. Theyre mostly intended for server environments and as such
contain few GUI applications.</para>
</listitem>
</itemizedlist>
To see what channels are available, go to <link
@ -41,8 +55,8 @@ appliances.)</para>
<para>When you first install NixOS, youre automatically subscribed to
the NixOS channel that corresponds to your installation source. For
instance, if you installed from a 14.04 ISO, you will be subscribed to
the <literal>nixos-14.04</literal> channel. To see which NixOS
instance, if you installed from a 14.12 ISO, you will be subscribed to
the <literal>nixos-14.12</literal> channel. To see which NixOS
channel youre subscribed to, run the following as root:
<screen>
@ -57,13 +71,19 @@ $ nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replac
</screen>
(Be sure to include the <literal>nixos</literal> parameter at the
end.) For instance, to use the NixOS 14.04 stable channel:
end.) For instance, to use the NixOS 14.12 stable channel:
<screen>
$ nix-channel --add https://nixos.org/channels/nixos-14.04 nixos
$ nix-channel --add https://nixos.org/channels/nixos-14.12 nixos
</screen>
But if you want to live on the bleeding edge:
If you have a server, you may want to use the “small” channel instead:
<screen>
$ nix-channel --add https://nixos.org/channels/nixos-14.12-small nixos
</screen>
And if you want to live on the bleeding edge:
<screen>
$ nix-channel --add https://nixos.org/channels/nixos-unstable nixos

70
nixos/doc/manual/man-nixos-install.xml
View File

@ -11,12 +11,29 @@
<refnamediv>
<refname><command>nixos-install</command></refname>
<refpurpose>install NixOS</refpurpose>
<refpurpose>install bootloader and NixOS</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nixos-install</command>
<arg>
<arg choice='plain'><option>-I</option></arg>
<replaceable>path</replaceable>
</arg>
<arg>
<arg choice='plain'><option>--root</option></arg>
<replaceable>root</replaceable>
</arg>
<arg>
<arg choice='plain'><option>--show-trace</option></arg>
</arg>
<arg>
<arg choice='plain'><option>--chroot</option></arg>
</arg>
<arg>
<arg choice='plain'><option>--help</option></arg>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
@ -55,6 +72,56 @@ it.</para>
</refsection>
<refsection><title>Options</title>
<para>This command accepts the following options:</para>
<variablelist>
<varlistentry>
<term><option>--root</option></term>
<listitem>
<para>Defaults to <filename>/mnt</filename>. If this option is given, treat the directory
<replaceable>root</replaceable> as the root of the NixOS installation.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-I</option></term>
<listitem>
<para>Add a path to the Nix expression search path. This option may be given multiple times.
See the NIX_PATH environment variable for information on the semantics of the Nix search path.
Paths added through <replaceable>-I</replaceable> take precedence over NIX_PATH.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--show-trace</option></term>
<listitem>
<para>Causes Nix to print out a stack trace in case of Nix expression evaluation errors.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--chroot</option></term>
<listitem>
<para>Chroot into given installation. Any additional arguments passed are going to be executed inside the chroot.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--help</option></term>
<listitem>
<para>Synonym for <command>man nixos-install</command>.</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection><title>Examples</title>
@ -72,6 +139,7 @@ $ mount /dev/sda1 /mnt
$ nixos-generate-config --root /mnt
$ # edit /mnt/etc/nixos/configuration.nix
$ nixos-install
$ reboot
</screen>
</para>

2
nixos/doc/manual/man-pages.xml
View File

@ -15,7 +15,7 @@
</author>
<copyright>
<year>2007-2013</year>
<year>2007-2015</year>
<holder>Eelco Dolstra</holder>
</copyright>

8
nixos/doc/manual/options-to-docbook.xsl
View File

@ -34,6 +34,14 @@
select="attr[@name = 'description']/string/@value" />
</para>
<xsl:if test="attr[@name = 'type']">
<para>
<emphasis>Type:</emphasis>
<xsl:text> </xsl:text>
<xsl:apply-templates select="attr[@name = 'type']" mode="top" />
</para>
</xsl:if>
<xsl:if test="attr[@name = 'default']">
<para>
<emphasis>Default:</emphasis>

150
nixos/doc/manual/release-notes/rl-1412.xml
View File

@ -4,15 +4,14 @@
version="5.0"
xml:id="sec-release-14.12">
<title>Release 14.12 (“Caterpillar”, 2014/12/??)</title>
<title>Release 14.12 (“Caterpillar”, 2014/12/30)</title>
<para>In addition to numerous new and upgraded packages, this release has the following highlights:
<itemizedlist>
<listitem><para>Systemd has been updated to version 217, which has numerous
<link xlink:href="http://lists.freedesktop.org/archives/systemd-devel/2014-October/024662.html">improvements
.</link></para></listitem>
<link xlink:href="http://lists.freedesktop.org/archives/systemd-devel/2014-October/024662.html">improvements.</link></para></listitem>
<listitem><para><link xlink:href="http://thread.gmane.org/gmane.linux.distributions.nixos/15165">
Nix has been updated to 1.8.</link></para></listitem>
@ -23,76 +22,81 @@ Nix has been updated to 1.8.</link></para></listitem>
<listitem><para>The default Linux kernel has been updated to 3.14.</para></listitem>
<listitem><para><option>users.mutableUsers</option> set to <literal>true</literal> now respect any changes
made after initial creation of a user or a group.
</para></listitem>
<listitem><para>If <option>users.mutableUsers</option> is enabled (the
default), changes made to the declaration of a user or group will be
correctly realised when running <command>nixos-rebuild</command>. For
instance, removing a user specification from
<filename>configuration.nix</filename> will cause the actual user
account to be deleted. If <option>users.mutableUsers</option> is
disabled, it is no longer necessary to specify UIDs or GIDs; if
omitted, they are allocated dynamically.</para></listitem>
</itemizedlist></para>
<para>Following new services were added since the last release:
<itemizedlist>
<listitem><para>parallels-guest</para></listitem>
<listitem><para>docker</para></listitem>
<listitem><para>lxc</para></listitem>
<listitem><para>openvswitch</para></listitem>
<listitem><para>fluxbox</para></listitem>
<listitem><para>bspwm</para></listitem>
<listitem><para>gdm</para></listitem>
<listitem><para>fcgiwrap</para></listitem>
<listitem><para>peerflix</para></listitem>
<listitem><para>fail2ban</para></listitem>
<listitem><para>chronos</para></listitem>
<listitem><para>znc</para></listitem>
<listitem><para>unifi</para></listitem>
<listitem><para>teamspeak3</para></listitem>
<listitem><para>strongswan</para></listitem>
<listitem><para>seeks</para></listitem>
<listitem><para>radicale</para></listitem>
<listitem><para>prosody</para></listitem>
<listitem><para>polipo</para></listitem>
<listitem><para>openntpd</para></listitem>
<listitem><para>nsd</para></listitem>
<listitem><para>mailpile</para></listitem>
<listitem><para>i2pd</para></listitem>
<listitem><para>dnscrypt-proxy</para></listitem>
<listitem><para>consul</para></listitem>
<listitem><para>atftpd</para></listitem>
<listitem><para>scollector</para></listitem>
<listitem><para>collectd</para></listitem>
<listitem><para>bosun</para></listitem>
<listitem><para>riemann</para></listitem>
<listitem><para>zookeeper</para></listitem>
<listitem><para>uhub</para></listitem>
<listitem><para>siproxd</para></listitem>
<listitem><para>redmine</para></listitem>
<listitem><para>phd</para></listitem>
<listitem><para>mesos</para></listitem>
<listitem><para>gitlab</para></listitem>
<listitem><para>gitolite</para></listitem>
<listitem><para>etcd</para></listitem>
<listitem><para>docker-registry</para></listitem>
<listitem><para>cpuminer-cryptonight</para></listitem>
<listitem><para>thermald</para></listitem>
<listitem><para>mlmmj</para></listitem>
<listitem><para>tcsd</para></listitem>
<listitem><para>gnome3.seahorse</para></listitem>
<listitem><para>gnome3.gvfs</para></listitem>
<listitem><para>gnome3.gnome-online-miners</para></listitem>
<listitem><para>gnome3.gnome-documents</para></listitem>
<listitem><para>geoclue2</para></listitem>
<listitem><para>opentsdb</para></listitem>
<listitem><para>neo4j</para></listitem>
<listitem><para>monetdb</para></listitem>
<listitem><para>influxdb</para></listitem>
<listitem><para>hbase</para></listitem>
<listitem><para>torque/mrom</para></listitem>
<listitem><para>torque/server</para></listitem>
<listitem><para>kubernetes</para></listitem>
<listitem><para>fleet</para></listitem>
<listitem><para>crashplan</para></listitem>
<listitem><para>mopidy</para></listitem>
<listitem><para>liquidsoap</para></listitem>
<listitem><para><literal>atftpd</literal></para></listitem>
<listitem><para><literal>bosun</literal></para></listitem>
<listitem><para><literal>bspwm</literal></para></listitem>
<listitem><para><literal>chronos</literal></para></listitem>
<listitem><para><literal>collectd</literal></para></listitem>
<listitem><para><literal>consul</literal></para></listitem>
<listitem><para><literal>cpuminer-cryptonight</literal></para></listitem>
<listitem><para><literal>crashplan</literal></para></listitem>
<listitem><para><literal>dnscrypt-proxy</literal></para></listitem>
<listitem><para><literal>docker-registry</literal></para></listitem>
<listitem><para><literal>docker</literal></para></listitem>
<listitem><para><literal>etcd</literal></para></listitem>
<listitem><para><literal>fail2ban</literal></para></listitem>
<listitem><para><literal>fcgiwrap</literal></para></listitem>
<listitem><para><literal>fleet</literal></para></listitem>
<listitem><para><literal>fluxbox</literal></para></listitem>
<listitem><para><literal>gdm</literal></para></listitem>
<listitem><para><literal>geoclue2</literal></para></listitem>
<listitem><para><literal>gitlab</literal></para></listitem>
<listitem><para><literal>gitolite</literal></para></listitem>
<listitem><para><literal>gnome3.gnome-documents</literal></para></listitem>
<listitem><para><literal>gnome3.gnome-online-miners</literal></para></listitem>
<listitem><para><literal>gnome3.gvfs</literal></para></listitem>
<listitem><para><literal>gnome3.seahorse</literal></para></listitem>
<listitem><para><literal>hbase</literal></para></listitem>
<listitem><para><literal>i2pd</literal></para></listitem>
<listitem><para><literal>influxdb</literal></para></listitem>
<listitem><para><literal>kubernetes</literal></para></listitem>
<listitem><para><literal>liquidsoap</literal></para></listitem>
<listitem><para><literal>lxc</literal></para></listitem>
<listitem><para><literal>mailpile</literal></para></listitem>
<listitem><para><literal>mesos</literal></para></listitem>
<listitem><para><literal>mlmmj</literal></para></listitem>
<listitem><para><literal>monetdb</literal></para></listitem>
<listitem><para><literal>mopidy</literal></para></listitem>
<listitem><para><literal>neo4j</literal></para></listitem>
<listitem><para><literal>nsd</literal></para></listitem>
<listitem><para><literal>openntpd</literal></para></listitem>
<listitem><para><literal>opentsdb</literal></para></listitem>
<listitem><para><literal>openvswitch</literal></para></listitem>
<listitem><para><literal>parallels-guest</literal></para></listitem>
<listitem><para><literal>peerflix</literal></para></listitem>
<listitem><para><literal>phd</literal></para></listitem>
<listitem><para><literal>polipo</literal></para></listitem>
<listitem><para><literal>prosody</literal></para></listitem>
<listitem><para><literal>radicale</literal></para></listitem>
<listitem><para><literal>redmine</literal></para></listitem>
<listitem><para><literal>riemann</literal></para></listitem>
<listitem><para><literal>scollector</literal></para></listitem>
<listitem><para><literal>seeks</literal></para></listitem>
<listitem><para><literal>siproxd</literal></para></listitem>
<listitem><para><literal>strongswan</literal></para></listitem>
<listitem><para><literal>tcsd</literal></para></listitem>
<listitem><para><literal>teamspeak3</literal></para></listitem>
<listitem><para><literal>thermald</literal></para></listitem>
<listitem><para><literal>torque/mrom</literal></para></listitem>
<listitem><para><literal>torque/server</literal></para></listitem>
<listitem><para><literal>uhub</literal></para></listitem>
<listitem><para><literal>unifi</literal></para></listitem>
<listitem><para><literal>znc</literal></para></listitem>
<listitem><para><literal>zookeeper</literal></para></listitem>
</itemizedlist>
</para>
@ -125,9 +129,11 @@ rather than <literal>c-<replaceable>container-name</replaceable></literal>.</par
<listitem><para>GNOME 3.10 support has been dropped. The default GNOME version is now 3.12.</para></listitem>
<listitem><para>VirtualBox has been upgraded to 4.3.20 release. Users may be required to run
<command>rm -rf /tmp.vbox*</command>. <literal>imports = [ &lt;nixpkgs/nixos/modules/programs/virtualbox.nix&gt; ]</literal>
is no longer necessary, use <literal>services.virtualboxHost.enable = true</literal> instead.
<listitem><para>VirtualBox has been upgraded to 4.3.20 release. Users
may be required to run <command>rm -rf /tmp/.vbox*</command>. The line
<literal>imports = [ &lt;nixpkgs/nixos/modules/programs/virtualbox.nix&gt; ]</literal> is
no longer necessary, use <literal>services.virtualboxHost.enable =
true</literal> instead.
</para>
<para>Also, hardening mode is now enabled by default, which means that unless you want to use
USB support, you no longer need to be a member of the <literal>vboxusers</literal> group.
@ -160,6 +166,10 @@ xlink:href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones"/>.</pa
the ability to connect to sessions created by older versions of
screen.</para></listitem>
<listitem><para>The Intel GPU driver was updated to the 3.x prerelease
version (used by most distributions) and supports DRI3
now.</para></listitem>
</itemizedlist>
</para>

41
nixos/maintainers/scripts/ec2/create-ebs-amis.py
View File

@ -12,7 +12,7 @@ from nixops.statefile import StateFile, get_default_state_file
parser = argparse.ArgumentParser(description='Create an EBS-backed NixOS AMI')
parser.add_argument('--region', dest='region', required=True, help='EC2 region to create the image in')
parser.add_argument('--channel', dest='channel', default="13.10", help='Channel to use')
parser.add_argument('--channel', dest='channel', default="14.12", help='Channel to use')
parser.add_argument('--keep', dest='keep', action='store_true', help='Keep NixOps machine after use')
parser.add_argument('--hvm', dest='hvm', action='store_true', help='Create HVM image')
parser.add_argument('--key', dest='key_name', action='store_true', help='Keypair used for HVM instance creation', default="rob")
@ -34,13 +34,13 @@ ebs_size = 20
# Start a NixOS machine in the given region.
f = open("ebs-creator-config.nix", "w")
f.write('''{{
resources.ec2KeyPairs.keypair.accessKeyId = "logicblox-dev";
resources.ec2KeyPairs.keypair.accessKeyId = "lb-nixos";
resources.ec2KeyPairs.keypair.region = "{0}";
machine =
{{ pkgs, ... }}:
{{
deployment.ec2.accessKeyId = "logicblox-dev";
deployment.ec2.accessKeyId = "lb-nixos";
deployment.ec2.region = "{0}";
deployment.ec2.blockDeviceMapping."/dev/xvdg".size = pkgs.lib.mkOverride 10 {1};
}};
@ -54,7 +54,7 @@ try:
except Exception:
depl = db.create_deployment()
depl.name = "ebs-creator"
depl.auto_response = "y"
depl.logger.set_autoresponse("y")
depl.nix_exprs = [os.path.abspath("./ebs-creator.nix"), os.path.abspath("./ebs-creator-config.nix")]
if not args.keep: depl.destroy_resources()
depl.deploy(allow_reboot=True)
@ -140,6 +140,7 @@ common_args = dict(
)
if not args.hvm:
common_args['kernel_id']=aki.id
ami_id = m._conn.register_image(**common_args)
print >> sys.stderr, "registered AMI {0}".format(ami_id)
@ -161,16 +162,16 @@ f.write(
{{
network.description = "NixOS EBS test";
resources.ec2KeyPairs.keypair.accessKeyId = "logicblox-dev";
resources.ec2KeyPairs.keypair.accessKeyId = "lb-nixos";
resources.ec2KeyPairs.keypair.region = "{0}";
machine = {{ config, pkgs, resources, ... }}: {{
deployment.targetEnv = "ec2";
deployment.ec2.accessKeyId = "logicblox-dev";
deployment.ec2.accessKeyId = "lb-nixos";
deployment.ec2.region = "{0}";
deployment.ec2.instanceType = "{2}";
deployment.ec2.keyPair = resources.ec2KeyPairs.keypair.name;
deployment.ec2.securityGroups = [ "admin" ];
deployment.ec2.securityGroups = [ "public-ssh" ];
deployment.ec2.ami = "{1}";
}};
}}
@ -185,23 +186,31 @@ test_depl.deploy(create_only=True)
test_depl.machines['machine'].run_command("nixos-version")
# Log the AMI ID.
f = open("{0}.{1}.ami-id".format(args.region, image_type), "w")
f.write("{0}".format(ami_id))
f.close()
f = open("ec2-amis.nix".format(args.region, image_type), "w")
f.write("{\n")
for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', 'eu-central-1', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'sa-east-1']:
copy_image = None
if args.region != dest:
print >> sys.stderr, "copying image from region {0} to {1}".format(args.region, dest)
conn = boto.ec2.connect_to_region(dest)
copy_image = conn.copy_image(args.region, ami_id, ami_name, description=None, client_token=None)
try:
print >> sys.stderr, "copying image from region {0} to {1}".format(args.region, dest)
conn = boto.ec2.connect_to_region(dest)
copy_image = conn.copy_image(args.region, ami_id, ami_name, description=None, client_token=None)
except :
print >> sys.stderr, "FAILED!"
# Log the AMI ID.
f = open("{0}.{1}.ami-id".format(dest, image_type), "w")
f.write("{0}".format(copy_image.image_id))
f.close()
if copy_image != None:
f.write(' "{0}"."{1}".{2} = "{3}";\n'.format(args.channel,dest,"hvm" if args.hvm else "ebs",copy_image.image_id))
else:
f.write(' "{0}"."{1}".{2} = "{3}";\n'.format(args.channel,args.region,"hvm" if args.hvm else "ebs",ami_id))
f.write("}\n")
f.close()
if not args.keep:
test_depl.logger.set_autoresponse("y")
test_depl.destroy_resources()
test_depl.delete()

13
nixos/maintainers/scripts/ec2/create-s3-amis.sh
View File

@ -31,17 +31,22 @@ buildAndUploadFor() {
-a "$EC2_ACCESS_KEY" -s "$EC2_SECRET_KEY" --location "$s3location" \
--url http://s3.amazonaws.com
kernel=$(ec2-describe-images -o amazon --filter "manifest-location=*pv-grub-hd0_1.03-$arch*" --region "$region" | cut -f 2)
kernel=$(ec2-describe-images -o amazon --filter "manifest-location=*pv-grub-hd0_1.04-$arch*" --region "$region" | cut -f 2)
echo "using PV-GRUB kernel $kernel"
ami=$(ec2-register "$bucket/nixos.img.manifest.xml" -n "$name" -d "NixOS $system r$revision" \
ami=$(ec2-register "$bucket/nixos.img.manifest.xml" -n "$name" -d "NixOS $system r$revision" -O "$EC2_ACCESS_KEY" -W "$EC2_SECRET_KEY" \
--region "$region" --kernel "$kernel" | cut -f 2)
echo "AMI ID is $ami"
echo $ami >> $region.s3.ami-id
echo " \"14.12\".\"$region\".s3 = \"$ami\";" >> ec2-amis.nix
ec2-modify-image-attribute --region "$region" "$ami" -l -a all
ec2-modify-image-attribute --region "$region" "$ami" -l -a all -O "$EC2_ACCESS_KEY" -W "$EC2_SECRET_KEY"
for cp_region in us-east-1 us-west-1 us-west-2 eu-central-1 ap-southeast-1 ap-southeast-2 ap-northeast-1 sa-east-1; do
new_ami=$(aws ec2 copy-image --source-image-id $ami --source-region $region --region $cp_region --name "$name" | json ImageId)
echo " \"14.12\".\"$cp_region\".s3 = \"$new_ami\";" >> ec2-amis.nix
done
done
}

3
nixos/maintainers/scripts/ec2/ebs-creator.nix
View File

@ -5,10 +5,9 @@
{ config, pkgs, resources, ... }:
{ deployment.targetEnv = "ec2";
deployment.ec2.instanceType = "c3.large";
deployment.ec2.securityGroups = [ "admin" ];
deployment.ec2.securityGroups = [ "public-ssh" ];
deployment.ec2.ebsBoot = false;
deployment.ec2.keyPair = resources.ec2KeyPairs.keypair.name;
deployment.ec2.zone = "us-east-1e";
environment.systemPackages = [ pkgs.parted ];
};
}

2
nixos/maintainers/scripts/gce/create-gce.sh
View File

@ -1,6 +1,6 @@
#! /bin/sh -e
BUCKET_NAME=${BUCKET_NAME:-nixos}
BUCKET_NAME=${BUCKET_NAME:-nixos-images}
export NIX_PATH=nixpkgs=../../../..
export NIXOS_CONFIG=$(dirname $(readlink -f $0))/../../../modules/virtualisation/google-compute-image.nix
export TIMESTAMP=$(date +%Y%m%d%H%M)

27
nixos/modules/config/users-groups.nix
View File

@ -25,6 +25,11 @@ let
options.
'';
hashedPasswordDescription = ''
To generate hashed password install <literal>mkpassword</literal>
package and run <literal>mkpasswd -m sha-512</literal>.
'';
userOpts = { name, config, ... }: {
options = {
@ -165,6 +170,7 @@ let
description = ''
Specifies the hashed password for the user.
${passwordDescription}
${hashedPasswordDescription}
'';
};
@ -202,6 +208,8 @@ let
password can be changed subsequently using the
<command>passwd</command> command. Otherwise, it's
equivalent to setting the <option>password</option> option.
${hashedPasswordDescription}
'';
};
@ -366,21 +374,24 @@ in {
type = types.bool;
default = true;
description = ''
If true, you are free to add new users and groups to the system
If set to <literal>true</literal>, you are free to add new users and groups to the system
with the ordinary <literal>useradd</literal> and
<literal>groupadd</literal> commands. On system activation, the
existing contents of the <literal>/etc/passwd</literal> and
<literal>/etc/group</literal> files will be merged with the
contents generated from the <literal>users.extraUsers</literal> and
<literal>users.extraGroups</literal> options. If
<literal>mutableUsers</literal> is false, the contents of the user and
group files will simply be replaced on system activation. This also
holds for the user passwords; if this option is false, all changed
passwords will be reset according to the
<literal>users.extraUsers</literal> configuration on activation. If
this option is true, the initial password for a user will be set
<literal>users.extraGroups</literal> options.
The initial password for a user will be set
according to <literal>users.extraUsers</literal>, but existing passwords
will not be changed.
<warning><para>
If set to <literal>false</literal>, the contents of the user and
group files will simply be replaced on system activation. This also
holds for the user passwords; all changed
passwords will be reset according to the
<literal>users.extraUsers</literal> configuration on activation.
</para></warning>
'';
};

23
nixos/modules/hardware/video/bumblebee.nix
View File

@ -1,7 +1,13 @@
{ config, lib, pkgs, ... }:
let kernel = config.boot.kernelPackages; in
with lib;
let
kernel = config.boot.kernelPackages;
bumblebee = if config.hardware.bumblebee.connectDisplay
then pkgs.bumblebee_display
else pkgs.bumblebee;
in
{
@ -23,6 +29,17 @@ with lib;
type = types.uniq types.str;
description = ''Group for bumblebee socket'';
};
hardware.bumblebee.connectDisplay = mkOption {
default = false;
type = types.bool;
description = ''
Set to true if you intend to connect your discrete card to a
monitor. This option will set up your Nvidia card for EDID
discovery and to turn on the monitor signal.
Only nvidia driver is supported so far.
'';
};
};
config = mkIf config.hardware.bumblebee.enable {
@ -30,13 +47,13 @@ with lib;
boot.kernelModules = [ "bbswitch" ];
boot.extraModulePackages = [ kernel.bbswitch kernel.nvidia_x11 ];
environment.systemPackages = [ pkgs.bumblebee pkgs.primus ];
environment.systemPackages = [ bumblebee pkgs.primus ];
systemd.services.bumblebeed = {
description = "Bumblebee Hybrid Graphics Switcher";
wantedBy = [ "display-manager.service" ];
script = "bumblebeed --use-syslog -g ${config.hardware.bumblebee.group}";
path = [ kernel.bbswitch pkgs.bumblebee ];
path = [ kernel.bbswitch bumblebee ];
serviceConfig = {
Restart = "always";
RestartSec = 60;

1
nixos/modules/installer/tools/nixos-install.sh
View File

@ -77,6 +77,7 @@ mkdir -m 0755 -p $mountPoint/dev $mountPoint/proc $mountPoint/sys $mountPoint/et
mkdir -m 01777 -p $mountPoint/tmp
mkdir -m 0755 -p $mountPoint/tmp/root
mkdir -m 0755 -p $mountPoint/var/setuid-wrappers
mkdir -m 0700 -p $mountPoint/root
mount --rbind /dev $mountPoint/dev
mount --rbind /proc $mountPoint/proc
mount --rbind /sys $mountPoint/sys

16
nixos/modules/misc/ids.nix
View File

@ -174,6 +174,8 @@
chronos = 164;
gitlab = 165;
tox-bootstrapd = 166;
cadvisor = 167;
nylon = 168;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -273,6 +275,7 @@
jenkins = 109;
systemd-journal-gateway = 110;
notbit = 111;
btsync = 113;
monetdb = 115;
foundationdb = 118;
newrelic = 119;
@ -306,13 +309,16 @@
systemd-resolve = 153;
systemd-timesync = 154;
liquidsoap = 155;
scollector = 156;
bosun = 157;
kubernetes = 158;
fleet = 159;
gitlab = 160;
scollector = 160;
bosun = 161;
kubernetes = 162;
gitlab = 165;
nylon = 166;
# When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399!
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal
# uids and gids. Also, don't use gids above 399!
users = 100;
nixbld = 30000;

7
nixos/modules/module-list.nix
View File

@ -54,8 +54,8 @@
./misc/version.nix
./programs/atop.nix
./programs/bash/bash.nix
./programs/bash/command-not-found.nix
./programs/blcr.nix
./programs/command-not-found/command-not-found.nix
./programs/dconf.nix
./programs/environment.nix
./programs/info.nix
@ -197,6 +197,7 @@
./services/misc/zookeeper.nix
./services/monitoring/apcupsd.nix
./services/monitoring/bosun.nix
./services/monitoring/cadvisor.nix
./services/monitoring/collectd.nix
./services/monitoring/dd-agent.nix
./services/monitoring/graphite.nix
@ -237,6 +238,7 @@
./services/networking/dnscrypt-proxy.nix
./services/networking/dnsmasq.nix
./services/networking/ejabberd.nix
./services/networking/firefox/sync-server.nix
./services/networking/firewall.nix
./services/networking/flashpolicyd.nix
./services/networking/freenet.nix
@ -253,6 +255,7 @@
./services/networking/kippo.nix
./services/networking/mailpile.nix
./services/networking/minidlna.nix
./services/networking/mstpd.nix
./services/networking/murmur.nix
./services/networking/nat.nix
./services/networking/networkmanager.nix
@ -261,6 +264,7 @@
./services/networking/nsd.nix
./services/networking/ntopng.nix
./services/networking/ntpd.nix
./services/networking/nylon.nix
./services/networking/oidentd.nix
./services/networking/openfire.nix
./services/networking/openntpd.nix
@ -305,6 +309,7 @@
./services/search/solr.nix
./services/security/clamav.nix
./services/security/fail2ban.nix
./services/security/fprintd.nix
./services/security/fprot.nix
./services/security/frandom.nix
./services/security/haveged.nix

2
nixos/modules/profiles/base.nix
View File

@ -10,6 +10,8 @@
pkgs.w3m # needed for the manual anyway
pkgs.testdisk # useful for repairing boot problems
pkgs.mssys # for writing Microsoft boot sectors / MBRs
pkgs.efibootmgr
pkgs.efivar
pkgs.parted
pkgs.gptfdisk
pkgs.ddrescue

20
nixos/modules/programs/bash/command-not-found.nix → nixos/modules/programs/command-not-found/command-not-found.nix
View File

@ -44,6 +44,26 @@ in
}
'';
programs.zsh.interactiveShellInit =
''
# This function is called whenever a command is not found.
command_not_found_handler() {
local p=/run/current-system/sw/bin/command-not-found
if [ -x $p -a -f /nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite ]; then
# Run the helper program.
$p "$1"
# Retry the command if we just installed it.
if [ $? = 126 ]; then
"$@"
fi
else
# Indicate than there was an error so ZSH falls back to its default handler
return 127
fi
}
'';
environment.systemPackages = [ commandNotFound ];
# TODO: tab completion for uninstalled commands! :-)

0
nixos/modules/programs/bash/command-not-found.pl → nixos/modules/programs/command-not-found/command-not-found.pl
View File

2
nixos/modules/programs/zsh/zsh.nix
View File

@ -100,7 +100,7 @@ in
export HISTSIZE=2000
export HISTFILE=$HOME/.zsh_history
setopt HIST_IGNORE_DUPS SHARE_HISTORY
setopt HIST_IGNORE_DUPS SHARE_HISTORY HIST_FCNTL_LOCK
'';
};

4
nixos/modules/rename.nix
View File

@ -55,8 +55,8 @@ let
apply = x: use (toOf config);
inherit visible;
});
}
{ config = setTo (mkMerge (if (fromOf options).isDefined then [ (define (mkMerge (fromOf options).definitions)) ] else []));
config = setTo (mkAliasAndWrapDefinitions define (fromOf options));
}
];

4
nixos/modules/security/duosec.nix
View File

@ -110,7 +110,7 @@ in
default = false;
description = ''
Print the contents of <literal>/etc/motd</literal> to screen
after a succesful login.
after a successful login.
'';
};
@ -145,7 +145,7 @@ in
When $DUO_PASSCODE is non-empty, it will override
autopush. The SSH client will need SendEnv DUO_PASSCODE in
its configuration, and the SSH server will similarily need
its configuration, and the SSH server will similarly need
AcceptEnv DUO_PASSCODE.
'';
};

22
nixos/modules/security/grsecurity.nix
View File

@ -38,7 +38,7 @@ in
type = types.bool;
default = false;
description = ''
Enable the testing grsecurity patch, based on Linux 3.17.
Enable the testing grsecurity patch, based on Linux 3.18.
'';
};
@ -156,6 +156,24 @@ in
'';
};
denyUSB = mkOption {
type = types.bool;
default = false;
description = ''
If true, then set <literal>GRKERNSEC_DENYUSB y</literal>.
This enables a sysctl with name
<literal>kernel.grsecurity.deny_new_usb</literal>. Setting
its value to <literal>1</literal> will prevent any new USB
devices from being recognized by the OS. Any attempted
USB device insertion will be logged.
This option is intended to be used against custom USB
devices designed to exploit vulnerabilities in various USB
device drivers.
'';
};
restrictProc = mkOption {
type = types.bool;
default = false;
@ -227,7 +245,7 @@ in
message = ''
If grsecurity is enabled, you must select either the
stable patch (with kernel 3.14), or the testing patch (with
kernel 3.17) to continue.
kernel 3.18) to continue.
'';
}
{ assertion = (cfg.stable -> !cfg.testing) || (cfg.testing -> !cfg.stable);

21
nixos/modules/security/pam.nix
View File

@ -54,6 +54,15 @@ let
'';
};
fprintAuth = mkOption {
default = config.services.fprintd.enable;
type = types.bool;
description = ''
If set, fingerprint reader will be used (if exists and
your fingerprints are enrolled).
'';
};
sshAgentAuth = mkOption {
default = false;
type = types.bool;
@ -113,6 +122,14 @@ let
'';
};
requireWheel = mkOption {
default = false;
type = types.bool;
description = ''
Whether to permit root access only to members of group wheel.
'';
};
limits = mkOption {
description = ''
Attribute set describing resource limits. Defaults to the
@ -175,10 +192,14 @@ let
# Authentication management.
${optionalString cfg.rootOK
"auth sufficient pam_rootok.so"}
${optionalString cfg.requireWheel
"auth required pam_wheel.so use_uid"}
${optionalString cfg.logFailures
"auth required pam_tally.so"}
${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth)
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"}
${optionalString cfg.fprintAuth
"auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"}
${optionalString cfg.usbAuth
"auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"}
${optionalString cfg.unixAuth

4
nixos/modules/security/rngd.nix
View File

@ -20,7 +20,7 @@ with lib;
KERNEL=="random", TAG+="systemd"
SUBSYSTEM=="cpu", ENV{MODALIAS}=="x86cpu:*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
KERNEL=="hw_random", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
KERNEL=="tmp0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
${if config.services.tcsd.enable then "" else ''KERNEL=="tpm0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"''}
'';
systemd.services.rngd = {
@ -32,8 +32,6 @@ with lib;
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f -v" +
(if config.services.tcsd.enable then " --no-tpm=1" else "");
restartTriggers = [ pkgs.rng_tools ];
};
};
}

4
nixos/modules/services/databases/postgresql.xml
View File

@ -24,11 +24,11 @@
<programlisting>
services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql93;
services.postgresql.package = pkgs.postgresql94;
</programlisting>
Note that you are required to specify the desired version of
PostgreSQL (e.g. <literal>pkgs.postgresql93</literal>). Since
PostgreSQL (e.g. <literal>pkgs.postgresql94</literal>). Since
upgrading your PostgreSQL version requires a database dump and reload
(see below), NixOS cannot provide a default value for
<option>services.postgresql.package</option> such as the most recent

21
nixos/modules/services/mail/dovecot.nix
View File

@ -45,8 +45,6 @@ let
pop3_uidl_format = %08Xv%08Xu
'' + cfg.extraConfig;
confFile = pkgs.writeText "dovecot.conf" dovecotConf;
in
{
@ -88,6 +86,12 @@ in
description = "Additional entries to put verbatim into Dovecot's config file.";
};
configFile = mkOption {
default = null;
description = "Config file used for the whole dovecot configuration.";
apply = v: if v != null then v else pkgs.writeText "dovecot.conf" dovecotConf;
};
mailLocation = mkOption {
default = "maildir:/var/spool/mail/%u"; /* Same as inbox, as postfix */
example = "maildir:~/mail:INBOX=/var/spool/mail/%u";
@ -144,10 +148,11 @@ in
gid = config.ids.gids.dovecot2;
};
jobs.dovecot2 =
systemd.services.dovecot2 =
{ description = "Dovecot IMAP/POP3 server";
startOn = "started networking";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart =
''
@ -155,7 +160,13 @@ in
${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} /var/run/dovecot2
'';
exec = "${pkgs.dovecot}/sbin/dovecot -F -c ${confFile}";
serviceConfig = {
ExecStart = "${pkgs.dovecot}/sbin/dovecot -F -c ${cfg.configFile}";
Restart = "on-failure";
RestartSec = "1s";
StartLimitInterval = "1min";
};
};
environment.systemPackages = [ pkgs.dovecot ];

2
nixos/modules/services/mail/mlmmj.nix
View File

@ -90,7 +90,7 @@ in
enable = true;
recipientDelimiter= "+";
extraMasterConf = ''
mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-recieve -F -L ${spoolDir}/$nextHop
mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L ${spoolDir}/$nextHop
'';
extraAliases = concatMapStrings (alias cfg.listDomain) cfg.mailLists;

4
nixos/modules/services/mail/postfix.nix
View File

@ -96,9 +96,9 @@ let
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
pickup fifo n - n 60 1 pickup
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce

7
nixos/modules/services/misc/nix-daemon.nix
View File

@ -82,9 +82,10 @@ in
description = ''
This option defines the maximum number of concurrent tasks during
one build. It affects, e.g., -j option for make. The default is 1.
Some builds may become non-deterministic with this option; use with
care! Packages will only be affected if enableParallelBuilding is
set for them.
The special value 0 means that the builder should use all
available CPU cores in the system. Some builds may become
non-deterministic with this option; use with care! Packages will
only be affected if enableParallelBuilding is set for them.
'';
};

106
nixos/modules/services/monitoring/cadvisor.nix Normal file
View File

@ -0,0 +1,106 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.cadvisor;
in {
options = {
services.cadvisor = {
enable = mkOption {
default = false;
type = types.bool;
description = "Whether to enable cadvisor service.";
};
host = mkOption {
default = "127.0.0.1";
type = types.str;
description = "Cadvisor listening host";
};
port = mkOption {
default = 8080;
type = types.int;
description = "Cadvisor listening port";
};
storageDriver = mkOption {
default = null;
type = types.nullOr types.str;
example = "influxdb";
description = "Cadvisor storage driver.";
};
storageDriverHost = mkOption {
default = "localhost:8086";
type = types.str;
description = "Cadvisor storage driver host.";
};
storageDriverDb = mkOption {
default = "root";
type = types.str;
description = "Cadvisord storage driver database name.";
};
storageDriverUser = mkOption {
default = "root";
type = types.str;
description = "Cadvisor storage driver username.";
};
storageDriverPassword = mkOption {
default = "root";
type = types.str;
description = "Cadvisor storage driver password.";
};
storageDriverSecure = mkOption {
default = false;
type = types.bool;
description = "Cadvisor storage driver, enable secure communication.";
};
};
};
config = mkIf cfg.enable {
systemd.services.cadvisor = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "docker.service" "influxdb.service" ];
postStart = mkBefore ''
until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.host}:${toString cfg.port}/containers/'; do
sleep 1;
done
'';
serviceConfig = {
ExecStart = ''${pkgs.cadvisor}/bin/cadvisor \
-logtostderr=true \
-listen_ip=${cfg.host} \
-port=${toString cfg.port} \
${optionalString (cfg.storageDriver != null) ''
-storage_driver ${cfg.storageDriver} \
-storage_driver_user ${cfg.storageDriverHost} \
-storage_driver_db ${cfg.storageDriverDb} \
-storage_driver_user ${cfg.storageDriverUser} \
-storage_driver_password ${cfg.storageDriverPassword} \
${optionalString cfg.storageDriverSecure "-storage_driver_secure"}
''}
'';
User = "cadvisor";
};
};
virtualisation.docker.enable = true;
users.extraUsers = singleton {
name = "cadvisor";
uid = config.ids.uids.cadvisor;
description = "Cadvisor user";
extraGroups = [ "docker" ];
};
};
}

1
nixos/modules/services/monitoring/dd-agent.nix
View File

@ -140,6 +140,7 @@ in {
Restart = "always";
RestartSec = 2;
};
environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
restartTriggers = [ pkgs.dd-agent ddConf postgresqlConfig nginxConfig ];
};

2
nixos/modules/services/monitoring/riemann.nix
View File

@ -17,7 +17,7 @@ let
launcher = writeScriptBin "riemann" ''
#!/bin/sh
exec ${openjdk}/bin/java ${concatStringsSep "\n" cfg.extraJavaOpts} \
exec ${jdk}/bin/java ${concatStringsSep "\n" cfg.extraJavaOpts} \
-cp ${classpath} \
riemann.bin ${writeText "riemann-config.clj" riemannConfig}
'';

4
nixos/modules/services/monitoring/statsd.nix
View File

@ -53,7 +53,7 @@ in
};
mgmt_address = mkOption {
description = "Address to run managment TCP interface on";
description = "Address to run management TCP interface on";
default = "127.0.0.1";
type = types.str;
};
@ -65,7 +65,7 @@ in
};
backends = mkOption {
description = "List of backends statsd will use for data persistance";
description = "List of backends statsd will use for data persistence";
default = ["graphite"];
example = ["graphite" pkgs.nodePackages."statsd-influxdb-backend"];
type = types.listOf (types.either types.str types.package);

2
nixos/modules/services/network-filesystems/nfsd.nix
View File

@ -61,7 +61,7 @@ in
default = null;
example = 4002;
description = ''
Use fixed port for rpc.mountd, usefull if server is behind firewall.
Use fixed port for rpc.mountd, useful if server is behind firewall.
'';
};

10
nixos/modules/services/network-filesystems/samba.nix
View File

@ -9,7 +9,7 @@ let
logDir = "/var/log/samba";
privateDir = "/var/samba/private";
inherit (pkgs) samba;
samba = cfg.package;
setupScript =
''
@ -90,6 +90,14 @@ in
";
};
package = mkOption {
default = pkgs.samba;
example = pkgs.samba4;
description = ''
Defines which package should be used for the samba server.
'';
};
syncPasswordsByPam = mkOption {
default = false;
description = "

23
nixos/modules/services/networking/btsync.nix
View File

@ -88,7 +88,7 @@ in
use <literal>systemctl start btsync@user</literal> to start
the daemon only for user <literal>user</literal>, using the
configuration file located at
<literal>$HOME/.config/btsync.conf</literal>
<literal>$HOME/.config/btsync.conf</literal>.
'';
};
@ -223,6 +223,21 @@ in
--generate-secret</literal>. Note that this secret will be
put inside the Nix store, so it is realistically not very
secret.
If you would like to be able to modify the contents of this
directories, it is recommended that you make your user a
member of the <literal>btsync</literal> group.
Directories in this list should be in the
<literal>btsync</literal> group, and that group must have
write access to the directory. It is also recommended that
<literal>chmod g+s</literal> is applied to the directory
so that any sub directories created will also belong to
the <literal>btsync</literal> group. Also,
<literal>setfacl -d -m group:btsync:rwx</literal> and
<literal>setfacl -m group:btsync:rwx</literal> should also
be applied so that the sub directories are writable by
the group.
'';
};
};
@ -246,14 +261,20 @@ in
home = "/var/lib/btsync";
createHome = true;
uid = config.ids.uids.btsync;
group = "btsync";
};
users.extraGroups = [
{ name = "btsync";
}];
systemd.services.btsync = with pkgs; {
description = "Bittorrent Sync Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Restart = "on-abort";
UMask = "0002";
User = "btsync";
ExecStart =
"${bittorrentSync}/bin/btsync --nodaemon --config ${configFile}";

142
nixos/modules/services/networking/firefox/sync-server.nix Normal file
View File

@ -0,0 +1,142 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.firefox.syncserver;
syncServerIni = pkgs.writeText "syncserver.ini" ''
[DEFAULT]
overrides = ${cfg.privateConfig}
[server:main]
use = egg:Paste#http
host = ${cfg.listen.address}
port = ${toString cfg.listen.port}
[app:main]
use = egg:syncserver
[syncserver]
public_url = ${cfg.publicUrl}
${optionalString (cfg.sqlUri != "") "sqluri = ${cfg.sqlUri}"}
allow_new_users = ${if cfg.allowNewUsers then "true" else "false"}
[browserid]
backend = tokenserver.verifiers.LocalVerifier
audiences = ${removeSuffix "/" cfg.publicUrl}
'';
in
{
options = {
services.firefox.syncserver = {
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether to enable a Firefox Sync Server, this give the opportunity to
Firefox users to store all synchronized data on their own server. To use this
server, Firefox users should visit the <option>about:config</option>, and
replicate the following change
<screen>
services.sync.tokenServerURI: http://localhost:5000/token/1.0/sync/1.5
</screen>
where <option>http://localhost:5000/</option> corresponds to the
public url of the server.
'';
};
listen.address = mkOption {
type = types.str;
default = "127.0.0.1";
example = "0.0.0.0";
description = ''
Address on which the sync server listen to.
'';
};
listen.port = mkOption {
type = types.int;
default = 5000;
description = ''
Port on which the sync server listen to.
'';
};
publicUrl = mkOption {
type = types.str;
default = "http://localhost:5000/";
example = "http://sync.example.com/";
description = ''
Public URL with which firefox users can use to access the sync server.
'';
};
allowNewUsers = mkOption {
type = types.bool;
default = true;
example = false;
description = ''
Whether to allow new-user signups on the server. Only request by
existing accounts will be honored.
'';
};
sqlUri = mkOption {
type = types.str;
default = "sqlite:////var/db/firefox-sync-server.db";
example = "postgresql://scott:tiger@localhost/test";
description = ''
The location of the database. This URL is composed of
<option>dialect[+driver]://user:password@host/dbname[?key=value..]</option>,
where <option>dialect</option> is a database name such as
<option>mysql</option>, <option>oracle</option>, <option>postgresql</option>,
etc., and <option>driver</option> the name of a DBAPI, such as
<option>psycopg2</option>, <option>pyodbc</option>, <option>cx_oracle</option>,
etc. The <link
xlink:href="http://docs.sqlalchemy.org/en/rel_0_9/core/engines.html#database-urls">
SQLAlchemy documentation</link> provides more examples and describe the syntax of
the expected URL.
'';
};
privateConfig = mkOption {
type = types.str;
default = "/etc/firefox/syncserver-secret.ini";
description = ''
The private config file is used to extend the generated config with confidential
information, such as the <option>syncserver.sqlUri</option> setting if it contains a
password, and the <option>syncserver.secret</option> setting is used by the server to
generate cryptographically-signed authentication tokens.
If this file does not exists, then it is created with a generated
<option>syncserver.secret</option> settings.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.syncserver = {
after = [ "network.target" ];
description = "Firefox Sync Server";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.pythonPackages.pasteScript pkgs.coreutils ];
environment.PYTHONPATH = "${pkgs.pythonPackages.syncserver}/lib/${pkgs.pythonPackages.python.libPrefix}/site-packages";
preStart = ''
if ! test -e ${cfg.privateConfig}; then
umask u=rwx,g=x,o=x
mkdir -p $(dirname ${cfg.privateConfig})
echo > ${cfg.privateConfig} '[syncserver]'
echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')"
fi
'';
serviceConfig.ExecStart = "paster serve ${syncServerIni}";
};
};
}

2
nixos/modules/services/networking/firewall.nix
View File

@ -356,7 +356,7 @@ in
''
If pings are allowed, this allows setting rate limits
on them. If non-null, this option should be in the form
of flags like "-limit 1/minute -limit-burst 5"
of flags like "--limit 1/minute --limit-burst 5"
'';
};

4
nixos/modules/services/networking/i2pd.nix
View File

@ -142,7 +142,7 @@ in
type = types.int;
default = 80;
description = ''
Port to forward incoming trafic to. 80 by default.
Port to forward incoming traffic to. 80 by default.
'';
};
keyFile = mkOption {
@ -195,4 +195,4 @@ in
};
};
}
#
#

33
nixos/modules/services/networking/mstpd.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.mstpd;
in
with lib;
{
options.services.mstpd = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable the multiple spanning tree protocol daemon.
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.mstpd ];
systemd.services.mstpd = {
description = "Multiple Spanning Tree Protocol Daemon";
wantedBy = [ "network.target" ];
unitConfig.ConditionCapability = "CAP_NET_ADMIN";
serviceConfig = {
Type = "forking";
ExecStart = "@${pkgs.mstpd}/bin/mstpd mstpd";
PIDFile = "/run/mstpd.pid";
};
};
};
}

139
nixos/modules/services/networking/nylon.nix Normal file
View File

@ -0,0 +1,139 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.nylon;
homeDir = "/var/lib/nylon";
configFile = pkgs.writeText "nylon.conf" ''
[General]
No-Simultaneous-Conn=${toString cfg.nrConnections}
Log=${if cfg.logging then "1" else "0"}
Verbose=${if cfg.verbosity then "1" else "0"}
[Server]
Binding-Interface=${cfg.acceptInterface}
Connecting-Interface=${cfg.bindInterface}
Port=${toString cfg.port}
Allow-IP=${concatStringsSep " " cfg.allowedIPRanges}
Deny-IP=${concatStringsSep " " cfg.deniedIPRanges}
'';
in
{
###### interface
options = {
services.nylon = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enables nylon as a running service upon activation.
'';
};
nrConnections = mkOption {
type = types.int;
default = 10;
description = ''
The number of allowed simultaneous connections to the daemon, default 10.
'';
};
logging = mkOption {
type = types.bool;
default = false;
description = ''
Enable logging, default is no logging.
'';
};
verbosity = mkOption {
type = types.bool;
default = false;
description = ''
Enable verbose output, default is to not be verbose.
'';
};
acceptInterface = mkOption {
type = types.string;
default = "lo";
description = ''
Tell nylon which interface to listen for client requests on, default is "lo".
'';
};
bindInterface = mkOption {
type = types.string;
default = "enp3s0f0";
description = ''
Tell nylon which interface to use as an uplink, default is "enp3s0f0".
'';
};
port = mkOption {
type = types.int;
default = 1080;
description = ''
What port to listen for client requests, default is 1080.
'';
};
allowedIPRanges = mkOption {
type = with types; listOf string;
default = [ "192.168.0.0/16" "127.0.0.1/8" "172.16.0.1/12" "10.0.0.0/8" ];
description = ''
Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges:
[ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ]
'';
};
deniedIPRanges = mkOption {
type = with types; listOf string;
default = [ "0.0.0.0/0" ];
description = ''
Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses:
[ "0.0.0.0/0" ]
To block all other access than the allowed.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
users.extraUsers.nylon= {
group = "nylon";
description = "Nylon SOCKS Proxy";
home = homeDir;
createHome = true;
uid = config.ids.uids.nylon;
};
users.extraGroups.nylon.gid = config.ids.gids.nylon;
systemd.services.nylon = {
description = "Nylon, a lightweight SOCKS proxy server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{
User = "nylon";
Group = "nylon";
WorkingDirectory = homeDir;
ExecStart = "${pkgs.nylon}/bin/nylon -f -c ${configFile}";
};
};
};
}

14
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -17,13 +17,11 @@ let
knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts);
knownHostsFile = pkgs.runCommand "ssh_known_hosts" {} ''
touch "$out"
${flip concatMapStrings knownHosts (h: ''
pubkeyfile=${builtins.toFile "host.pub" (if h.publicKey == null then readFile h.publicKeyFile else h.publicKey)}
${pkgs.gnused}/bin/sed 's/^/${concatStringsSep "," h.hostNames} /' $pubkeyfile >> "$out"
'')}
'';
knownHostsText = flip (concatMapStringsSep "\n") knownHosts
(h:
concatStringsSep "," h.hostNames + " "
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
);
userOptions = {
@ -301,7 +299,7 @@ in
{ source = "${cfgc.package}/etc/ssh/moduli";
target = "ssh/moduli";
}
{ source = knownHostsFile;
{ text = knownHostsText;
target = "ssh/ssh_known_hosts";
}
];

4
nixos/modules/services/networking/tox-bootstrapd.nix
View File

@ -24,7 +24,7 @@ in
default = false;
description =
''
Whether to enable the Tox DHT boostrap daemon.
Whether to enable the Tox DHT bootstrap daemon.
'';
};
@ -45,7 +45,7 @@ in
default = "";
description =
''
Configuration for boostrap daemon.
Configuration for bootstrap daemon.
See <link xlink:href="https://github.com/irungentoo/toxcore/blob/master/other/bootstrap_daemon/tox-bootstrapd.conf"/>
and <link xlink:href="http://wiki.tox.im/Nodes"/>.
'';

2
nixos/modules/services/networking/unifi.nix
View File

@ -3,7 +3,7 @@ with lib;
let
cfg = config.services.unifi;
stateDir = "/var/lib/unifi";
cmd = "@${pkgs.icedtea7_jre}/bin/java java -jar ${stateDir}/lib/ace.jar";
cmd = "@${pkgs.jre}/bin/java java -jar ${stateDir}/lib/ace.jar";
mountPoints = [
{
what = "${pkgs.unifi}/dl";

32
nixos/modules/services/printing/cupsd.nix
View File

@ -4,7 +4,7 @@ with lib;
let
inherit (pkgs) cups;
inherit (pkgs) cups cups_filters;
cfg = config.services.printing;
@ -123,6 +123,19 @@ in
'';
};
browsedConf = mkOption {
type = types.lines;
default = "";
example =
''
BrowsePoll cups.example.com
'';
description = ''
The contents of the configuration. file of the CUPS Browsed daemon
(<filename>cups-browsed.conf</filename>)
'';
};
drivers = mkOption {
type = types.listOf types.path;
example = literalExample "[ pkgs.splix ]";
@ -161,6 +174,7 @@ in
environment.etc."cups/client.conf".text = cfg.clientConf;
environment.etc."cups/cups-files.conf".text = cfg.cupsFilesConf;
environment.etc."cups/cupsd.conf".text = cfg.cupsdConf;
environment.etc."cups/cups-browsed.conf".text = cfg.browsedConf;
services.dbus.packages = [ cups ];
@ -195,6 +209,22 @@ in
];
};
systemd.services.cups-browsed =
{ description = "Make remote CUPS printers available locally";
wantedBy = [ "multi-user.target" ];
wants = [ "cups.service" "avahi-daemon.service" ];
after = [ "cups.service" "avahi-daemon.service" ];
path = [ cups ];
serviceConfig.ExecStart = "${cups_filters}/bin/cups-browsed";
restartTriggers =
[ config.environment.etc."cups/cups-browsed.conf".source
];
};
services.printing.drivers =
[ cups pkgs.ghostscript pkgs.cups_filters additionalBackends
pkgs.perl pkgs.coreutils pkgs.gnused pkgs.bc pkgs.gawk pkgs.gnugrep

4
nixos/modules/services/search/solr.nix
View File

@ -22,7 +22,7 @@ let
cp common/lib/*.jar $out/lib/
ln -s ${pkgs.ant}/lib/ant/lib/ant.jar $out/lib/
ln -s ${cfg.solrPackage}/lib/ext/* $out/lib/
ln -s ${pkgs.openjdk}/lib/openjdk/lib/tools.jar $out/lib/
ln -s ${pkgs.jdk.home}/lib/tools.jar $out/lib/
'' + optionalString (cfg.extraJars != []) ''
for f in ${concatStringsSep " " cfg.extraJars}; do
cp $f $out/lib
@ -44,7 +44,7 @@ in {
javaPackage = mkOption {
type = types.package;
default = pkgs.openjre;
default = pkgs.jre;
description = ''
Which Java derivation to use for running solr.
'';

53
nixos/modules/services/security/fprintd.nix Normal file
View File

@ -0,0 +1,53 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.fprintd;
in
{
###### interface
options = {
services.fprintd = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable fprintd daemon and PAM module for fingerprint readers handling.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
services.dbus.packages = [ pkgs.fprintd ];
environment.systemPackages = [ pkgs.fprintd ];
systemd.services.fprintd = {
description = "Fingerprint Authentication Daemon";
serviceConfig = {
Type = "dbus";
BusName = "net.reactivated.Fprint";
ExecStart = "${pkgs.fprintd}/libexec/fprintd";
};
};
};
}

2
nixos/modules/services/web-servers/winstone.nix
View File

@ -30,7 +30,7 @@ let
javaPackage = mkOption {
type = types.package;
default = pkgs.openjre;
default = pkgs.jre;
description = ''
Which Java derivation to use for running Winstone.
'';

2
nixos/modules/services/web-servers/zope2.nix
View File

@ -24,7 +24,7 @@ let
http_address = mkOption {
default = "localhost:8080";
type = types.string;
description = "Give a port and adress for the HTTP server.";
description = "Give a port and address for the HTTP server.";
};
user = mkOption {

7
nixos/modules/services/x11/desktop-managers/e19.nix
View File

@ -7,6 +7,11 @@ let
xcfg = config.services.xserver;
cfg = xcfg.desktopManager.e19;
e19_enlightenment = pkgs.e19.enlightenment.override { set_freqset_setuid = true; };
GST_PLUGIN_PATH = lib.makeSearchPath "lib/gstreamer-1.0" [
pkgs.gst_all_1.gst-plugins-base
pkgs.gst_all_1.gst-plugins-good
pkgs.gst_all_1.gst-plugins-bad
pkgs.gst_all_1.gst-libav ];
in
@ -45,6 +50,8 @@ in
export GTK_PATH=${config.system.path}/lib/gtk-3.0:${config.system.path}/lib/gtk-2.0
export XDG_MENU_PREFIX=enlightenment
export GST_PLUGIN_PATH="${GST_PLUGIN_PATH}"
# make available for D-BUS user services
#export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}:${config.system.path}/share:${pkgs.e19.efl}/share

2
nixos/modules/system/activation/switch-to-configuration.pl
View File

@ -323,7 +323,7 @@ system("@systemd@/bin/systemctl", "daemon-reload") == 0 or $res = 3;
# Signal dbus to reload its configuration before starting other units.
# Other units may rely on newly installed policy files under /etc/dbus-1
system("@systemd@/bin/systemctl", "reload", "dbus.service");
system("@systemd@/bin/systemctl", "reload-or-restart", "dbus.service");
# Restart changed services (those that have to be restarted rather
# than stopped and started).

3
nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py
View File

@ -63,7 +63,8 @@ def get_generations(profile):
"@nix@/bin/nix-env",
"--list-generations",
"-p",
"/nix/var/nix/profiles/%s" % (profile)
"/nix/var/nix/profiles/%s" % (profile),
"--option", "build-users-group", ""
])
gen_lines = gen_list.split('\n')
gen_lines.pop()

1
nixos/modules/system/boot/stage-2-init.sh
View File

@ -91,6 +91,7 @@ mkdir -m 01777 -p /tmp
mkdir -m 0755 -p /var /var/log /var/lib /var/db
mkdir -m 0755 -p /nix/var
mkdir -m 0700 -p /root
chmod 0700 /root
mkdir -m 0755 -p /bin # for the /bin/sh symlink
mkdir -m 0755 -p /home
mkdir -m 0755 -p /etc/nixos

2
nixos/modules/system/boot/systemd-unit-options.nix
View File

@ -58,7 +58,7 @@ let
"simple" "forking" "oneshot" "dbus" "notify" "idle"
])
(assertValueOneOf "Restart" [
"no" "on-success" "on-failure" "on-abort" "always"
"no" "on-success" "on-failure" "on-abnormal" "on-abort" "always"
])
];

18
nixos/modules/system/boot/systemd.nix
View File

@ -695,21 +695,21 @@ in
default = {};
type = types.attrsOf types.optionSet;
options = [ linkOptions ];
description = "Definiton of systemd network links.";
description = "Definition of systemd network links.";
};
systemd.network.netdevs = mkOption {
default = {};
type = types.attrsOf types.optionSet;
options = [ netdevOptions ];
description = "Definiton of systemd network devices.";
description = "Definition of systemd network devices.";
};
systemd.network.networks = mkOption {
default = {};
type = types.attrsOf types.optionSet;
options = [ networkOptions networkConfig ];
description = "Definiton of systemd networks.";
description = "Definition of systemd networks.";
};
systemd.network.units = mkOption {
@ -858,6 +858,13 @@ in
description = "Definition of systemd per-user service units.";
};
systemd.user.timers = mkOption {
default = {};
type = types.attrsOf types.optionSet;
options = [ timerOptions unitConfig ];
description = "Definition of systemd per-user timer units.";
};
systemd.user.sockets = mkOption {
default = {};
type = types.attrsOf types.optionSet;
@ -978,8 +985,9 @@ in
// mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.network.networks;
systemd.user.units =
mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.user.services
// mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit n v)) cfg.user.sockets;
mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.user.services
// mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit n v)) cfg.user.sockets
// mapAttrs' (n: v: nameValuePair "${n}.timer" (timerToUnit n v)) cfg.user.timers;
system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled
[ "DEVTMPFS" "CGROUPS" "INOTIFY_USER" "SIGNALFD" "TIMERFD" "EPOLL" "NET"

4
nixos/modules/system/etc/setup-etc.pl
View File

@ -12,8 +12,8 @@ sub atomicSymlink {
my ($source, $target) = @_;
my $tmp = "$target.tmp";
unlink $tmp;
symlink $source, $tmp or return 1;
rename $tmp, $target or return 1;
symlink $source, $tmp or return 0;
rename $tmp, $target or return 0;
return 1;
}

4
nixos/modules/tasks/filesystems/nfs.nix
View File

@ -38,7 +38,7 @@ in
default = null;
example = 4000;
description = ''
Use fixed port for rpc.statd, usefull if NFS server is behind firewall.
Use fixed port for rpc.statd, useful if NFS server is behind firewall.
'';
};
lockdPort = mkOption {
@ -46,7 +46,7 @@ in
example = 4001;
description = ''
Use fixed port for NFS lock manager kernel module (lockd/nlockmgr),
usefull if NFS server is behind firewall.
useful if NFS server is behind firewall.
'';
};
};

10
nixos/modules/tasks/network-interfaces-scripted.nix
View File

@ -185,8 +185,9 @@ in
in
{ description = "Bridge Interface ${n}";
wantedBy = [ "network.target" (subsystemDevice n) ];
bindsTo = deps;
after = [ "network-pre.target" ] ++ deps
bindsTo = deps ++ optional v.rstp "mstpd.service";
partOf = optional v.rstp "mstpd.service";
after = [ "network-pre.target" "mstpd.service" ] ++ deps
++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
before = [ "network-interfaces.target" (subsystemDevice n) ];
serviceConfig.Type = "oneshot";
@ -206,6 +207,11 @@ in
ip link set "${i}" up
'')}
# Enable stp on the interface
${optionalString v.rstp ''
echo 2 >/sys/class/net/${n}/bridge/stp_state
''}
ip link set "${n}" up
'';
postStop = ''

41
nixos/modules/tasks/network-interfaces.nix
View File

@ -16,6 +16,35 @@ let
slaveIfs = map (i: cfg.interfaces.${i}) (filter (i: cfg.interfaces ? ${i}) slaves);
rstpBridges = flip filterAttrs cfg.bridges (_: { rstp, ... }: rstp);
needsMstpd = rstpBridges != { };
bridgeStp = optional needsMstpd (pkgs.writeTextFile {
name = "bridge-stp";
executable = true;
destination = "/bin/bridge-stp";
text = ''
#!${pkgs.stdenv.shell} -e
export PATH="${pkgs.mstpd}/bin"
BRIDGES=(${concatStringsSep " " (attrNames rstpBridges)})
for BRIDGE in $BRIDGES; do
if [ "$BRIDGE" = "$1" ]; then
if [ "$2" = "start" ]; then
mstpctl addbridge "$BRIDGE"
exit 0
elif [ "$2" = "stop" ]; then
mstpctl delbridge "$BRIDGE"
exit 0
fi
exit 1
fi
done
exit 1
'';
});
# We must escape interfaces due to the systemd interpretation
subsystemDevice = interface:
"sys-subsystem-net-devices-${escapeSystemdPath interface}.device";
@ -368,6 +397,13 @@ in
"The physical network interfaces connected by the bridge.";
};
rstp = mkOption {
example = true;
default = false;
type = types.bool;
description = "Whether the bridge interface should enable rstp.";
};
};
};
@ -676,7 +712,7 @@ in
pkgs.iw
pkgs.rfkill
pkgs.openresolv
];
] ++ bridgeStp;
systemd.targets."network-interfaces" =
{ description = "All Network Interfaces";
@ -724,6 +760,9 @@ in
ip link set "${i.name}" mtu "${toString i.mtu}"
'';
})));
services.mstpd = mkIf needsMstpd { enable = true; };
};
}

5
nixos/modules/testing/test-instrumentation.nix
View File

@ -38,6 +38,11 @@ let kernel = config.boot.kernelPackages.kernel; in
systemd.services."serial-getty@ttyS0".enable = false;
systemd.services."serial-getty@hvc0".enable = false;
# Don't use a pager when executing backdoor actions. Because we
# use a tty, commands like systemctl or nix-store get confused
# into thinking they're running interactively.
environment.variables.PAGER = "";
boot.initrd.postDeviceCommands =
''
# Using acpi_pm as a clock source causes the guest clock to

12
nixos/modules/virtualisation/containers.nix
View File

@ -111,6 +111,13 @@ in
'';
};
autoStart = mkOption {
type = types.bool;
default = false;
description = ''
Wether the container is automatically started at boot-time.
'';
};
};
config = mkMerge
@ -187,7 +194,7 @@ in
script =
''
mkdir -p -m 0755 "$root/etc" "$root/var/lib"
mkdir -p -m 0700 "$root/var/lib/private"
mkdir -p -m 0700 "$root/var/lib/private" "$root/root"
if ! [ -e "$root/etc/os-release" ]; then
touch "$root/etc/os-release"
fi
@ -305,6 +312,9 @@ in
LOCAL_ADDRESS=${cfg.localAddress}
''}
''}
${optionalString cfg.autoStart ''
AUTO_START=1
''}
'';
}) config.containers;

2
nixos/modules/virtualisation/ec2-data.nix
View File

@ -44,7 +44,7 @@ with lib;
# into the image (a Nova feature).
if ! [ -e /root/.ssh/authorized_keys ]; then
echo "obtaining SSH key..."
mkdir -p /root/.ssh
mkdir -m 0700 -p /root/.ssh
$wget http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key > /root/key.pub
if [ $? -eq 0 -a -e /root/key.pub ]; then
if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then

51
nixos/modules/virtualisation/google-compute-image.nix
View File

@ -63,11 +63,12 @@ in
# Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package}/bin/nix-store --load-db
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
# Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package}/bin/nix-env \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \
--option build-users-group ""
# `nixos-rebuild' requires an /etc/NIXOS.
mkdir -p /mnt/etc
@ -119,6 +120,8 @@ in
169.254.169.254 metadata.google.internal metadata
'';
services.ntp.servers = [ "metadata.google.internal" ];
networking.usePredictableInterfaceNames = false;
systemd.services.fetch-ssh-keys =
@ -129,15 +132,15 @@ in
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
path = [ pkgs.wget ];
script =
script = let wget = "${pkgs.wget}/bin/wget --retry-connrefused -t 6 --waitretry=10"; in
''
wget="wget --retry-connrefused -t 6 --waitretry=10"
# When dealing with cryptographic keys, we want to keep things private.
umask 077
# Don't download the SSH key if it has already been downloaded
if ! [ -e /root/.ssh/authorized_keys ]; then
echo "obtaining SSH key..."
mkdir -p /root/.ssh
$wget -O /root/authorized-keys-metadata http://metadata/0.1/meta-data/authorized-keys
mkdir -m 0700 -p /root/.ssh
${wget} -O /root/authorized-keys-metadata http://metadata/0.1/meta-data/authorized-keys
if [ $? -eq 0 -a -e /root/authorized-keys-metadata ]; then
cat /root/authorized-keys-metadata | cut -d: -f2- > /root/key.pub
if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
@ -145,24 +148,30 @@ in
echo "new key added to authorized_keys"
fi
chmod 600 /root/.ssh/authorized_keys
rm -f /root/key.pub /root/authorized-keys-metadata
fi
rm -f /root/key.pub /root/authorized-keys-metadata
fi
echo "obtaining SSH private host key..."
$wget -O /root/ssh_host_ecdsa_key http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key
if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key ]; then
mv -f /root/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key
echo "downloaded ssh_host_ecdsa_key"
chmod 600 /etc/ssh/ssh_host_ecdsa_key
fi
countKeys=0
${flip concatMapStrings config.services.openssh.hostKeys (k :
let kName = baseNameOf k.path; in ''
echo "trying to obtain SSH private host key ${kName}"
${wget} -O /root/${kName} http://metadata/0.1/meta-data/attributes/${kName} && :
if [ $? -eq 0 -a -e /root/${kName} ]; then
countKeys=$((countKeys+1))
mv -f /root/${kName} ${k.path}
echo "downloaded ${k.path}"
chmod 600 ${k.path}
${config.programs.ssh.package}/bin/ssh-keygen -y -f ${k.path} > ${k.path}.pub
chmod 644 ${k.path}.pub
fi
rm -f /root/${kName}
''
)}
echo "obtaining SSH public host key..."
$wget -O /root/ssh_host_ecdsa_key.pub http://metadata/0.1/meta-data/attributes/ssh_host_ecdsa_key_pub
if [ $? -eq 0 -a -e /root/ssh_host_ecdsa_key.pub ]; then
mv -f /root/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
echo "downloaded ssh_host_ecdsa_key.pub"
chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub
if [[ $countKeys -le 0 ]]; then
echo "failed to obtain any SSH private host keys."
false
fi
'';
serviceConfig.Type = "oneshot";

2
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -266,7 +266,7 @@ in
Networking-related command-line options that should be passed to qemu.
The default is to use userspace networking (slirp).
If you override this option, be adviced to keep
If you override this option, be advised to keep
''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the default)
to keep the default runtime behaviour.
'';

2
nixos/release-small.nix
View File

@ -61,12 +61,12 @@ in rec {
gettext
git
imagemagick
jdk
linux
mysql51
mysql55
nginx
nodejs
openjdk
openssh
php
postgresql92

1
nixos/release.nix
View File

@ -242,6 +242,7 @@ in rec {
tests.avahi = callTest tests/avahi.nix {};
tests.bittorrent = callTest tests/bittorrent.nix {};
tests.blivet = callTest tests/blivet.nix {};
tests.cadvisor = scrubDrv (import tests/cadvisor.nix { system = "x86_64-linux"; });
tests.chromium = callTest tests/chromium.nix {};
tests.cjdns = callTest tests/cjdns.nix {};
tests.containers = callTest tests/containers.nix {};

30
nixos/tests/cadvisor.nix Normal file
View File

@ -0,0 +1,30 @@
import ./make-test.nix {
name = "cadvisor";
nodes = {
machine = { config, pkgs, ... }: {
services.cadvisor.enable = true;
};
influxdb = { config, pkgs, lib, ... }: with lib; {
services.cadvisor.enable = true;
services.cadvisor.storageDriver = "influxdb";
services.influxdb.enable = true;
systemd.services.influxdb.postStart = mkAfter ''
${pkgs.curl}/bin/curl -X POST 'http://localhost:8086/db?u=root&p=root' \
-d '{"name": "root"}'
'';
};
};
testScript =
''
startAll;
$machine->waitForUnit("cadvisor.service");
$machine->succeed("curl http://localhost:8080/containers/");
$influxdb->waitForUnit("influxdb.service");
$influxdb->waitForUnit("cadvisor.service");
$influxdb->succeed("curl http://localhost:8080/containers/");
'';
}

3
nixos/tests/installer.nix
View File

@ -190,6 +190,9 @@ let
$machine->succeed("test -e /boot/grub");
# Check whether /root has correct permissions.
$machine->succeed("stat -c '%a' /root") =~ /700/ or die;
# Did the swap device get activated?
# uncomment once https://bugs.freedesktop.org/show_bug.cgi?id=86930 is resolved
#$machine->waitForUnit("swap.target");

21
pkgs/applications/audio/ardour/default.nix
View File

@ -6,7 +6,21 @@
, perl, pkgconfig, python, serd, sord, sratom, suil }:
let
# Ardour git repo uses a mix of annotated and lightweight tags. Annotated
# tags are used for MAJOR.MINOR versioning, and lightweight tags are used
# in-between; MAJOR.MINOR.REV where REV is the number of commits since the
# last annotated tag. A slightly different version string format is needed
# for the 'revision' info that is built into the binary; it is the format of
# "git describe" when _not_ on an annotated tag(!): MAJOR.MINOR-REV-HASH.
# Version to build.
tag = "3.5.403";
# Version info that is built into the binary. Keep in sync with 'tag'. The
# last 8 digits is a (fake) commit id.
revision = "3.5-403-00000000";
in
stdenv.mkDerivation rec {
@ -15,7 +29,7 @@ stdenv.mkDerivation rec {
src = fetchgit {
url = git://git.ardour.org/ardour/ardour.git;
rev = "refs/tags/${tag}";
sha256 = "7d7c8e2c7ccccca6c8324fd874509e1b0d89f3f42cb92982c50d212797463f4c";
sha256 = "0k1z8sbjf88dqn12kf9cykrqj38vkr879n2g6b4adk6cghn8wz3x";
};
buildInputs =
@ -27,10 +41,7 @@ stdenv.mkDerivation rec {
];
patchPhase = ''
# The funny revision number is from `git describe rev`
printf '#include "libs/ardour/ardour/revision.h"\nnamespace ARDOUR { const char* revision = \"${tag}-g2f6065b\"; }\n' > libs/ardour/revision.cc
# Note the different version number
sed -i '33i rev = \"3.5-380-g2f6065b\"' wscript
printf '#include "libs/ardour/ardour/revision.h"\nnamespace ARDOUR { const char* revision = \"${revision}\"; }\n' > libs/ardour/revision.cc
sed 's|/usr/include/libintl.h|${glibc}/include/libintl.h|' -i wscript
sed -e 's|^#!/usr/bin/perl.*$|#!${perl}/bin/perl|g' -i tools/fmt-bindings
sed -e 's|^#!/usr/bin/env.*$|#!${perl}/bin/perl|g' -i tools/*.pl

2
pkgs/applications/audio/aumix/default.nix
View File

@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
homepage = http://www.jpj.net/~trevor/aumix.html;
license = stdenv.lib.licenses.gpl2Plus;
maintainers = [ stdenv.lib.maintainers.ludo ];
maintainers = [ ];
platforms = stdenv.lib.platforms.linux;
};
}

19
pkgs/applications/audio/faust-compiler/default.nix
View File

@ -1,14 +1,23 @@
{ fetchurl, stdenv, unzip, pkgconfig, makeWrapper, libsndfile, libmicrohttpd, vim }:
{ fetchgit, stdenv, unzip, pkgconfig, makeWrapper, libsndfile, libmicrohttpd, vim }:
stdenv.mkDerivation rec {
version = "0.9.67";
version = "8-1-2015";
name = "faust-compiler-${version}";
src = fetchurl {
url = "http://downloads.sourceforge.net/project/faudiostream/faust-${version}.zip";
sha256 = "068vl9536zn0j4pknwfcchzi90rx5pk64wbcbd67z32w0csx8xm1";
src = fetchgit {
url = git://git.code.sf.net/p/faudiostream/code;
rev = "4db76fdc02b6aec8d15a5af77fcd5283abe963ce";
sha256 = "f1ac92092ee173e4bcf6b2cb1ac385a7c390fb362a578a403b2b6edd5dc7d5d0";
};
# this version has a bug that manifests when doing faust2jack:
/*version = "0.9.67";*/
/*name = "faust-compiler-${version}";*/
/*src = fetchurl {*/
/*url = "http://downloads.sourceforge.net/project/faudiostream/faust-${version}.zip";*/
/*sha256 = "068vl9536zn0j4pknwfcchzi90rx5pk64wbcbd67z32w0csx8xm1";*/
/*};*/
buildInputs = [ unzip pkgconfig makeWrapper libsndfile libmicrohttpd vim];

47
pkgs/applications/audio/faust/default.nix
View File

@ -1,21 +1,32 @@
{ fetchurl, stdenv, bash, alsaLib, atk, cairo, faust-compiler, fontconfig, freetype
, gcc, gdk_pixbuf, glib, gtk, makeWrapper, pango, pkgconfig, unzip
{ fetchgit, stdenv, bash, alsaLib, atk, cairo, faust-compiler, fontconfig, freetype
, gcc, gdk_pixbuf, glib, gtk, jack2, makeWrapper, opencv, pango, pkgconfig, unzip
, gtkSupport ? true
, jackaudioSupport ? true
}:
stdenv.mkDerivation rec {
version = "0.9.67";
version = "8-1-2015";
name = "faust-${version}";
src = fetchurl {
url = "http://downloads.sourceforge.net/project/faudiostream/faust-${version}.zip";
sha256 = "068vl9536zn0j4pknwfcchzi90rx5pk64wbcbd67z32w0csx8xm1";
src = fetchgit {
url = git://git.code.sf.net/p/faudiostream/code;
rev = "4db76fdc02b6aec8d15a5af77fcd5283abe963ce";
sha256 = "f1ac92092ee173e4bcf6b2cb1ac385a7c390fb362a578a403b2b6edd5dc7d5d0";
};
# this version has a bug that manifests when doing faust2jack:
/*version = "0.9.67";*/
/*name = "faust-${version}";*/
/*src = fetchurl {*/
/*url = "http://downloads.sourceforge.net/project/faudiostream/faust-${version}.zip";*/
/*sha256 = "068vl9536zn0j4pknwfcchzi90rx5pk64wbcbd67z32w0csx8xm1";*/
/*};*/
buildInputs = [ bash unzip faust-compiler gcc makeWrapper pkgconfig ]
++ stdenv.lib.optionals gtkSupport [
alsaLib atk cairo fontconfig freetype gdk_pixbuf glib gtk pango
]
++ stdenv.lib.optional jackaudioSupport jack2
;
makeFlags="PREFIX=$(out)";
@ -24,11 +35,15 @@ stdenv.mkDerivation rec {
phases = [ "unpackPhase installPhase postInstall" ];
installPhase = ''
sed -i 23,24d tools/faust2appls/faust2jack
mkdir $out/bin
install tools/faust2appls/faust2alsaconsole $out/bin
install tools/faust2appls/faustpath $out/bin
install tools/faust2appls/faustoptflags $out/bin
install tools/faust2appls/faust2alsa $out/bin
install tools/faust2appls/faust2jack $out/bin
patchShebangs $out/bin
wrapProgram $out/bin/faust2alsaconsole \
--prefix PKG_CONFIG_PATH : ${alsaLib}/lib/pkgconfig \
@ -41,17 +56,23 @@ stdenv.mkDerivation rec {
--prefix PKG_CONFIG_PATH : ${alsaLib}/lib/pkgconfig:$GTK_PKGCONFIG_PATHS \
--set FAUSTLIB ${faust-compiler}/lib/faust \
--set FAUSTINC ${faust-compiler}/include/ \
'' + stdenv.lib.optionalString (!gtkSupport) "rm $out/bin/faust2alsa"
;
wrapProgram $out/bin/faust2jack \
--prefix PKG_CONFIG_PATH : ${jack2}/lib/pkgconfig:${opencv}/lib/pkgconfig:$GTK_PKGCONFIG_PATHS \
--set FAUSTLIB ${faust-compiler}/lib/faust \
--set FAUSTINC ${faust-compiler}/include/ \
''
+ stdenv.lib.optionalString (!gtkSupport) "rm $out/bin/faust2alsa"
+ stdenv.lib.optionalString (!gtkSupport || !jackaudioSupport) "rm $out/bin/faust2jack"
;
postInstall = ''
find $out/bin/ -name "faust2*" -type f | xargs sed "s@/bin/bash@${bash}/bin/bash@g" -i
sed -i "s@/bin/bash@${bash}/bin/bash@g" $out/bin/faustpath
sed -e "s@\$FAUST_INSTALL /usr/local /usr /opt /opt/local@${faust-compiler}@g" -i $out/bin/faustpath
sed -i "s@/bin/bash@${bash}/bin/bash@g" $out/bin/faustoptflags
find $out/bin/ -name "faust2*" -type f | xargs sed "s@pkg-config@${pkgconfig}/bin/pkg-config@g" -i
find $out/bin/ -name "faust2*" -type f | xargs sed "s@CXX=g++@CXX=${gcc}/bin/g++@g" -i
find $out/bin/ -name "faust2*" -type f | xargs sed "s@faust -i -a @${faust-compiler}/bin/faust -i -a ${faust-compiler}/lib/faust/@g" -i
find $out/bin/ -name "*faust2*" -type f | xargs sed "s@pkg-config@${pkgconfig}/bin/pkg-config@g" -i
find $out/bin/ -name "*faust2*" -type f | xargs sed "s@CXX=g++@CXX=${gcc}/bin/g++@g" -i
find $out/bin/ -name "*faust2*" -type f | xargs sed "s@faust -i -a @${faust-compiler}/bin/faust -i -a ${faust-compiler}/lib/faust/@g" -i
'';
meta = with stdenv.lib; {

28
pkgs/applications/audio/fmit/default.nix Normal file
View File

@ -0,0 +1,28 @@
{ stdenv, fetchurl, alsaLib, cmake, fftw, freeglut, jack2, libXmu, qt4 }:
stdenv.mkDerivation rec {
version = "0.99.5";
name = "fmit-${version}";
src = fetchurl {
url = "http://download.gna.org/fmit/${name}-Source.tar.bz2";
sha256 = "1rc84gi27jmq2smhk0y0p2xyypmsz878vi053iqns21k848g1491";
};
# Also update longDescription when adding/removing sound libraries
buildInputs = [ alsaLib cmake fftw freeglut jack2 libXmu qt4 ];
enableParallelBuilding = true;
meta = with stdenv.lib; {
description = "Free Musical Instrument Tuner";
longDescription = ''
Software for tuning musical instruments. Uses Qt as GUI library and
ALSA or JACK as sound input library.
'';
homepage = http://home.gna.org/fmit/index.html;
license = with licenses; gpl3Plus;
platforms = with platforms; linux;
maintainers = with maintainers; [ nckx ];
};
}

21
pkgs/applications/audio/game-music-emu/default.nix Normal file
View File

@ -0,0 +1,21 @@
{ stdenv, fetchurl, cmake }:
stdenv.mkDerivation rec {
version = "0.6.0";
name = "game-music-emu-${version}";
src = fetchurl {
url = "https://game-music-emu.googlecode.com/files/${name}.tar.bz2";
sha256 = "11s9l938nxbrk7qb2k1ppfgizcz00cakbxgv0gajc6hyqv882vjh";
};
buildInputs = [ cmake ];
meta = with stdenv.lib; {
homepage = https://code.google.com/p/game-music-emu/;
description = "A collection of video game music file emulators";
license = licenses.lgpl21Plus;
platforms = platforms.all;
maintainers = [ ];
};
}

4
pkgs/applications/audio/lmms/default.nix
View File

@ -5,11 +5,11 @@
stdenv.mkDerivation rec {
name = "lmms-${version}";
version = "1.0.3";
version = "1.1.0";
src = fetchurl {
url = "https://github.com/LMMS/lmms/archive/v${version}.tar.gz";
sha256 = "191mfld3gspnxlgwcszp9kls58kdwrplj0rfw4zqsz90zdbsjnx3";
sha256 = "0kck8aapw1m0jbwd20bwwgbs27z518vv09zs1pjm3v8vnkaxlx65";
};
buildInputs = [

3
pkgs/applications/audio/mp3gain/default.nix
View File

@ -14,8 +14,7 @@ stdenv.mkDerivation {
buildFlags = [ "OSTYPE=linux" ];
installPhase = ''
mkdir -p $out/usr/bin
cp mp3gain $out/usr/bin
install -vD mp3gain "$out/bin/mp3gain"
'';
meta = {

2
pkgs/applications/audio/mp3info/default.nix
View File

@ -36,7 +36,7 @@ stdenv.mkDerivation rec {
license = stdenv.lib.licenses.gpl2Plus;
maintainers = [ stdenv.lib.maintainers.ludo ];
maintainers = [ ];
platforms = stdenv.lib.platforms.unix;
};
}

26
pkgs/applications/audio/mpg321/default.nix
View File

@ -1,20 +1,28 @@
{stdenv, fetchurl, libao, libmad, libid3tag, zlib}:
{stdenv, fetchurl, libao, libmad, libid3tag, zlib, alsaLib}:
stdenv.mkDerivation rec {
name = "mpg321-0.2.13-2";
name = "mpg321-${version}";
version = "0.3.2";
src = fetchurl {
url = "mirror://sourceforge/mpg321/0.2.13/${name}.tar.gz";
sha256 = "0zx9xyr97frlyrwyk2msm9h1sn2b84vqaxcy5drbzcd2n585lwlx";
url = "mirror://sourceforge/mpg321/${version}/mpg321_${version}.orig.tar.gz";
sha256 = "0ki8mh76bbmdh77qsiw682dvi8y468yhbdabqwg05igmwc1wqvq5";
};
buildInputs = [libao libid3tag libmad zlib];
configureFlags = [
("--enable-alsa=" + (if stdenv.isLinux then "yes" else "no"))
];
meta = {
buildInputs = [libao libid3tag libmad zlib]
++ stdenv.lib.optional stdenv.isLinux alsaLib;
installTargets = "install install-man";
meta = with stdenv.lib; {
description = "Command-line MP3 player";
homepage = http://mpg321.sourceforge.net/;
license = stdenv.lib.licenses.gpl2;
maintainers = [ ];
platforms = stdenv.lib.platforms.gnu;
license = licenses.gpl2;
maintainers = [ maintainers.rycee ];
platforms = platforms.gnu;
};
}

11
pkgs/applications/audio/pianobar/default.nix
View File

@ -1,15 +1,15 @@
{ fetchurl, stdenv, pkgconfig, libao, faad2, libmad, readline, json_c, libgcrypt, gnutls }:
{ fetchurl, stdenv, pkgconfig, libao, readline, json_c, libgcrypt, gnutls, libav }:
stdenv.mkDerivation rec {
name = "pianobar-2013.05.19";
name = "pianobar-2014.09.28";
src = fetchurl {
url = "http://6xq.net/projects/pianobar/${name}.tar.bz2";
sha256 = "cf88e82663d2b0aa4d73e761506eac4f3e7bc789b57d92377acd994d785e1046";
sha256 = "6bd10218ad5d68c4c761e02c729627d2581b4a6db559190e7e52dc5df177e68f";
};
buildInputs = [
pkgconfig libao faad2 libmad json_c libgcrypt gnutls
pkgconfig libao json_c libgcrypt gnutls libav
];
makeFlags="PREFIX=$(out)";
@ -17,10 +17,13 @@ stdenv.mkDerivation rec {
CC = "gcc";
CFLAGS = "-std=c99";
configurePhase = "export CC=${CC}";
meta = {
description = "A console front-end for Pandora.com";
homepage = "http://6xq.net/projects/pianobar/";
platforms = stdenv.lib.platforms.linux;
license = stdenv.lib.licenses.mit; # expat version
maintainers = stdenv.lib.maintainers.eduarrrd;
};
}

56
pkgs/applications/audio/spotify/default.nix
View File

@ -1,6 +1,6 @@
{ fetchurl, stdenv, dpkg, xlibs, qt4, alsaLib, makeWrapper, openssl, freetype
, glib, pango, cairo, atk, gdk_pixbuf, gtk, cups, nspr, nss, libpng, GConf
, libgcrypt, chromium, sqlite, gst_plugins_base, gstreamer, udev, fontconfig
, libgcrypt, chromium, udev, fontconfig
, dbus, expat }:
assert stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux";
@ -10,20 +10,6 @@ let
then "0.9.4.183.g644e24e.428"
else "0.9.11.27.g2b1a638.81";
qt4webkit =
if stdenv.system == "i686-linux" then
fetchurl {
name = "libqtwebkit4_2.3.2_i386.deb";
url = http://ie.archive.ubuntu.com/ubuntu/pool/main/q/qtwebkit-source/libqtwebkit4_2.3.2-0ubuntu7_i386.deb;
sha256 = "0q4abhczx91ma57fjss0gn8j6nkfbfsbsh6kxhykzj88dih2s8rn";
}
else
fetchurl {
name = "libqtwebkit4_2.3.2_amd64.deb";
url = http://ie.archive.ubuntu.com/ubuntu/pool/main/q/qtwebkit-source/libqtwebkit4_2.3.2-0ubuntu7_amd64.deb;
sha256 = "0sac88avfivwkfhmd6fik7ili8fdznqas6741dbspf9mfnawbwch";
};
deps = [
alsaLib
atk
@ -36,15 +22,12 @@ let
GConf
gdk_pixbuf
glib
gst_plugins_base
gstreamer
gtk
libgcrypt
libpng
nss
pango
qt4
sqlite
stdenv.cc.gcc
xlibs.libX11
xlibs.libXcomposite
@ -56,7 +39,6 @@ let
xlibs.libXrender
xlibs.libXrender
xlibs.libXScrnSaver
#xlibs.libXss
];
in
@ -83,37 +65,37 @@ stdenv.mkDerivation {
installPhase =
''
mkdir -p $out
libdir=$out/lib/spotify
mkdir -p $libdir
dpkg-deb -x $src $out
mv $out/opt/spotify/* $out/
rm -rf $out/usr $out/opt
# Work around Spotify referring to a specific minor version of
# OpenSSL.
mkdir $out/lib
ln -s ${nss}/lib/libnss3.so $out/lib/libnss3.so.1d
ln -s ${nss}/lib/libnssutil3.so $out/lib/libnssutil3.so.1d
ln -s ${nss}/lib/libsmime3.so $out/lib/libsmime3.so.1d
ln -s ${nss}/lib/libnss3.so $libdir/libnss3.so.1d
ln -s ${nss}/lib/libnssutil3.so $libdir/libnssutil3.so.1d
ln -s ${nss}/lib/libsmime3.so $libdir/libsmime3.so.1d
${if stdenv.system == "x86_64-linux" then ''
ln -s ${openssl}/lib/libssl.so $out/lib/libssl.so.1.0.0
ln -s ${openssl}/lib/libcrypto.so $out/lib/libcrypto.so.1.0.0
ln -s ${nspr}/lib/libnspr4.so $out/lib/libnspr4.so
ln -s ${nspr}/lib/libplc4.so $out/lib/libplc4.so
ln -s ${openssl}/lib/libssl.so $libdir/libssl.so.1.0.0
ln -s ${openssl}/lib/libcrypto.so $libdir/libcrypto.so.1.0.0
ln -s ${nspr}/lib/libnspr4.so $libdir/libnspr4.so
ln -s ${nspr}/lib/libplc4.so $libdir/libplc4.so
'' else ''
ln -s ${openssl}/lib/libssl.so $out/lib/libssl.so.0.9.8
ln -s ${openssl}/lib/libcrypto.so $out/lib/libcrypto.so.0.9.8
ln -s ${nspr}/lib/libnspr4.so $out/lib/libnspr4.so.0d
ln -s ${nspr}/lib/libplc4.so $out/lib/libplc4.so.0d
ln -s ${openssl}/lib/libssl.so $libdir/libssl.so.0.9.8
ln -s ${openssl}/lib/libcrypto.so $libdir/libcrypto.so.0.9.8
ln -s ${nspr}/lib/libnspr4.so $libdir/libnspr4.so.0d
ln -s ${nspr}/lib/libplc4.so $libdir/libplc4.so.0d
''}
# Work around Spotify trying to open libudev.so.0 (which we don't have)
ln -s ${udev}/lib/libudev.so.1 $out/lib/libudev.so.0
ln -s ${udev}/lib/libudev.so.1 $libdir/libudev.so.0
mkdir -p $out/bin
rpath="$out/spotify-client/Data:$out/lib:$out/spotify-client:${stdenv.cc.gcc}/lib64"
rpath="$out/spotify-client/Data:$libdir:$out/spotify-client:${stdenv.cc.gcc}/lib64"
ln -s $out/spotify-client/spotify $out/bin/spotify
@ -125,12 +107,8 @@ stdenv.mkDerivation {
--interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath $rpath $out/spotify-client/Data/SpotifyHelper
dpkg-deb -x ${qt4webkit} ./
mkdir -p $out/lib/
cp -v usr/lib/*/* $out/lib/
preload=$out/libexec/spotify/libpreload.so
librarypath="${stdenv.lib.makeLibraryPath deps}:$out/lib"
librarypath="${stdenv.lib.makeLibraryPath deps}:$libdir"
mkdir -p $out/libexec/spotify
gcc -shared ${./preload.c} -o $preload -ldl -DOUT=\"$out\" -fPIC

2
pkgs/applications/audio/transcode/default.nix
View File

@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
meta = with stdenv.lib; {
description = "Suite of command line utilities for transcoding video and audio codecs, and for converting beween different container formats";
description = "Suite of command line utilities for transcoding video and audio codecs, and for converting between different container formats";
homepage = http://www.transcoding.org/;
license = licenses.lgpl2Plus;
platforms = platforms.linux;

4
pkgs/applications/audio/yoshimi/default.nix
View File

@ -6,11 +6,11 @@ assert stdenv ? glibc;
stdenv.mkDerivation rec {
name = "yoshimi-${version}";
version = "1.3.0";
version = "1.3.1";
src = fetchurl {
url = "mirror://sourceforge/yoshimi/${name}.tar.bz2";
sha256 = "1zxblcl6ffwwzxh3d17hw1mp398b73wk5bsagdmx5gph038gdh7y";
sha256 = "1nj71xmjgr0pdqwv6h9kigdvljh8hggy6az9rnd7f64r13nmrphl";
};
buildInputs = [

4
pkgs/applications/editors/atom/default.nix
View File

@ -16,11 +16,11 @@ let
};
in stdenv.mkDerivation rec {
name = "atom-${version}";
version = "0.150.0";
version = "0.171.0";
src = fetchurl {
url = "https://github.com/atom/atom/releases/download/v${version}/atom-amd64.deb";
sha256 = "1vvsxj1pwpcz0hn58k1hsrv994vm61lxkih58ix1rkj32wpvdjxn";
sha256 = "0syl3rljk2k8j6fy8xq59qhf13b8a4awpi5cvn1kka56y0vmhxs5";
name = "${name}.deb";
};

3
pkgs/applications/editors/eclipse/default.nix
View File

@ -1,6 +1,7 @@
{ stdenv, fetchurl, makeDesktopItem, makeWrapper
, freetype, fontconfig, libX11, libXext, libXrender, zlib
, glib, gtk, libXtst, jre
, webkitgtk2 ? null # for internal web browser
}:
assert stdenv ? glibc;
@ -44,7 +45,7 @@ let
makeWrapper $out/eclipse/eclipse $out/bin/eclipse \
--prefix PATH : ${jre}/bin \
--prefix LD_LIBRARY_PATH : ${glib}/lib:${gtk}/lib:${libXtst}/lib \
--prefix LD_LIBRARY_PATH : ${glib}/lib:${gtk}/lib:${libXtst}/lib${stdenv.lib.optionalString (webkitgtk2 != null) ":${webkitgtk2}/lib"} \
--add-flags "-configuration \$HOME/.eclipse/''${productId}_$productVersion/configuration"
# Create desktop item.

13
pkgs/applications/editors/emacs-24/at-fdcwd.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/lib/careadlinkat.h b/lib/careadlinkat.h
index 5cdb813..7a272e8 100644
--- a/lib/careadlinkat.h
+++ b/lib/careadlinkat.h
@@ -23,6 +23,8 @@
#include <fcntl.h>
#include <unistd.h>
+#define AT_FDCWD -2
+
struct allocator;
/* Assuming the current directory is FD, get the symbolic link value

5
pkgs/applications/editors/emacs-24/default.nix
View File

@ -18,7 +18,10 @@ stdenv.mkDerivation rec {
sha256 = "1zflm6ac34s6v166p58ilxrxbxjm0q2wfc25f8y0mjml1lbr3qs7";
};
patches = [ ./darwin-new-sections.patch ];
patches = stdenv.lib.optionals stdenv.isDarwin [
./darwin-new-sections.patch
./at-fdcwd.patch
];
buildInputs =
[ ncurses gconf libxml2 gnutls alsaLib pkgconfig texinfo ]

Some files were not shown because too many files have changed in this diff Show More