Merge branch 'staging-next' into staging

This commit is contained in:
Jan Tojnar 2019-10-12 00:51:55 +02:00
commit e2e3861d6b
No known key found for this signature in database
GPG Key ID: 7FAB2A15F7A607A4
772 changed files with 26971 additions and 13572 deletions

View File

@ -44,9 +44,9 @@ Nixpkgs and NixOS are built and tested by our continuous integration
system, [Hydra](https://hydra.nixos.org/).
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for the NixOS 19.03 release](https://hydra.nixos.org/jobset/nixos/release-19.03)
* [Continuous package builds for the NixOS 19.09 release](https://hydra.nixos.org/jobset/nixos/release-19.09)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for the NixOS 19.03 release](https://hydra.nixos.org/job/nixos/release-19.03/tested#tabs-constituents)
* [Tests for the NixOS 19.09 release](https://hydra.nixos.org/job/nixos/release-19.09/tested#tabs-constituents)
Artifacts successfully built with Hydra are published to cache at
https://cache.nixos.org/. When successful build and test criteria are

View File

@ -55,20 +55,7 @@
<title>Rebar3</title>
<para>
By default, Rebar3 wants to manage its own dependencies. This is perfectly acceptable in the normal, non-Nix setup, but in the Nix world, it is not. To rectify this, we provide two versions of Rebar3:
<itemizedlist>
<listitem>
<para>
<literal>rebar3</literal>: patched to remove the ability to download anything. When not running it via <literal>nix-shell</literal> or <literal>nix-build</literal>, it's probably not going to work as desired.
</para>
</listitem>
<listitem>
<para>
<literal>rebar3-open</literal>: the normal, unmodified Rebar3. It should work exactly as would any other version of Rebar3. Any Erlang package should rely on <literal>rebar3</literal> instead. See <xref
linkend="rebar3-packages"/>.
</para>
</listitem>
</itemizedlist>
We provide a version of Rebar3, which is the normal, unmodified Rebar3, under <literal>rebar3</literal>. We also provide a helper to fetch Rebar3 dependencies from a lockfile under <literal>fetchRebar3Deps</literal>.
</para>
</section>

View File

@ -356,6 +356,16 @@
github = "alunduil";
name = "Alex Brandt";
};
alva = {
email = "alva@skogen.is";
github = "fjallarefur";
githubId = 42881386;
name = "Alva";
keys = [{
longkeyid = "ed25519/0xF53E323342F7A6D3";
fingerprint = "B422 CFB1 C9EF 73F7 E1E2 698D F53E 3233 42F7 A6D3A";
}];
};
amar1729 = {
email = "amar.paul16@gmail.com";
github = "amar1729";
@ -2272,7 +2282,7 @@
name = "Frede Emil";
};
freepotion = {
email = "free.potion@yandex.ru";
email = "42352817+freepotion@users.noreply.github.com";
github = "freepotion";
githubId = 42352817;
name = "Free Potion";
@ -3551,6 +3561,12 @@
github = "Lassulus";
name = "Lassulus";
};
lattfein = {
email = "lattfein@gmail.com";
github = "lattfein";
githubId = 53550838;
name = "Koki Yasuno";
};
layus = {
email = "layus.on@gmail.com";
github = "layus";
@ -3645,6 +3661,12 @@
githubId = 307589;
name = "Nathaniel Baxter";
};
liff = {
email = "liff@iki.fi";
github = "liff";
githubId = 124475;
name = "Olli Helenius";
};
lightbulbjim = {
email = "chris@killred.net";
github = "lightbulbjim";
@ -4256,6 +4278,15 @@
githubId = 5698461;
name = "Maciej Kazulak";
};
mkf = {
email = "m@mikf.pl";
github = "mkf";
name = "Michał Krzysztof Feiler";
keys = [{
longkeyid = "rsa4096/0xE35C2D7C2C6AC724";
fingerprint = "1E36 9940 CC7E 01C4 CFE8 F20A E35C 2D7C 2C6A C724";
}];
};
mkg = {
email = "mkg@vt.edu";
github = "mkgvt";
@ -5892,6 +5923,12 @@
githubId = 819413;
name = "Benedict Aas";
};
shyim = {
email = "s.sayakci@gmail.com";
github = "shyim";
githubId = 6224096;
name = "Soner Sayakci";
};
siddharthist = {
email = "langston.barrett@gmail.com";
github = "langston-barrett";
@ -6485,6 +6522,12 @@
githubId = 224674;
name = "Thomas Pham";
};
Thra11 = {
email = "tahall256@protonmail.ch";
github = "Thra11";
githubId = 1391883;
name = "Tom Hall";
};
tilpner = {
email = "till@hoeppner.ws";
github = "tilpner";
@ -7028,6 +7071,12 @@
githubId = 36407913;
name = "Uli Baum";
};
xfix = {
email = "konrad@borowski.pw";
github = "xfix";
githubId = 1297598;
name = "Konrad Borowski";
};
xnaveira = {
email = "xnaveira@gmail.com";
github = "xnaveira";

View File

@ -68,3 +68,4 @@ say,,,,,
std__debug,std._debug,,,,
std_normalize,std.normalize,,,,
stdlib,,,,,vyp
pulseaudio,,,,,doronbehar

1 # nix name luarocks name server version luaversion maintainers
68 std__debug std._debug
69 std_normalize std.normalize
70 stdlib vyp
71 pulseaudio doronbehar

View File

@ -1,37 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
version="5.0"
xml:id="sec-installing-nspawn-container">
<title>Installing into a nspawn container</title>
<para>
For installing a NixOS into a systemd nspawn container the NixOS installation tools are needed.
If you run another distribution than NixOS on your host,
please follow <xref linkend="sec-installing-from-other-distro"/> steps 1, 2, and 3.
</para>
<para>
Create a NixOS configuration file <filename>/var/lib/machines/my-container/etc/nixos/configuration.nix</filename>.
It is important that the container root file system is under <filename>/var/lib/machines</filename>.
This is the standard location where <command>machinectl</command> will look for containers.
If you choose place the root into another location you need to start the container directly with <command>systemd-nspawn</command>.
The file needs to have at least following options enabled:
<programlisting>
<xref linkend="opt-boot.isContainer"/> = true;
<xref linkend="opt-boot.loader.initScript.enable"/> = true;
</programlisting>
If your host uses <command>systemd-networkd</command> to configure the network,
you can also enable <xref linkend="opt-networking.useNetworkd"/> to use networkd default network configuration for your host and container.
</para>
<para>
Install the container by running following command:
<screen>nixos-install --root /var/lib/machines/my-container \
--no-channel-copy --no-root-passwd --no-bootloader</screen>
</para>
<para>
Start the container by running following command:
<screen>machinectl start my-container</screen>
</para>
</section>

View File

@ -68,7 +68,7 @@
If you would like to continue the installation from a different machine you
need to activate the SSH daemon via <command>systemctl start
sshd</command>. You then must set a password for either <literal>root</literal> or
<literal>nixos</literal> with <command>passwd></command> to be able to login.
<literal>nixos</literal> with <command>passwd</command> to be able to login.
</para>
</section>
</section>
@ -563,8 +563,5 @@ Retype new UNIX password: ***</screen>
<xi:include href="installing-from-other-distro.xml" />
<xi:include href="installing-behind-a-proxy.xml" />
<xi:include href="installing-nspawn-container.xml" />
</section>
</chapter>

View File

@ -14,7 +14,7 @@
<para>
<emphasis>Stable channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-19.03">nixos-19.03</literal>.
xlink:href="https://nixos.org/channels/nixos-19.09">nixos-19.09</literal>.
These only get conservative bug fixes and package upgrades. For instance,
a channel update may cause the Linux kernel on your system to be upgraded
from 4.19.34 to 4.19.38 (a minor bug fix), but not from
@ -38,7 +38,7 @@
<para>
<emphasis>Small channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-19.03-small">nixos-19.03-small</literal>
xlink:href="https://nixos.org/channels/nixos-19.09-small">nixos-19.09-small</literal>
or
<literal
xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>.
@ -63,8 +63,8 @@
<para>
When you first install NixOS, youre automatically subscribed to the NixOS
channel that corresponds to your installation source. For instance, if you
installed from a 19.03 ISO, you will be subscribed to the
<literal>nixos-19.03</literal> channel. To see which NixOS channel youre
installed from a 19.09 ISO, you will be subscribed to the
<literal>nixos-19.09</literal> channel. To see which NixOS channel youre
subscribed to, run the following as root:
<screen>
# nix-channel --list | grep nixos
@ -75,13 +75,13 @@ nixos https://nixos.org/channels/nixos-unstable
# nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
</screen>
(Be sure to include the <literal>nixos</literal> parameter at the end.) For
instance, to use the NixOS 19.03 stable channel:
instance, to use the NixOS 19.09 stable channel:
<screen>
# nix-channel --add https://nixos.org/channels/nixos-19.03 nixos
# nix-channel --add https://nixos.org/channels/nixos-19.09 nixos
</screen>
If you have a server, you may want to use the “small” channel instead:
<screen>
# nix-channel --add https://nixos.org/channels/nixos-19.03-small nixos
# nix-channel --add https://nixos.org/channels/nixos-19.09-small nixos
</screen>
And if you want to live on the bleeding edge:
<screen>
@ -127,7 +127,7 @@ nixos https://nixos.org/channels/nixos-unstable
current channel. (To see when the service runs, see <command>systemctl
list-timers</command>.) You can also specify a channel explicitly, e.g.
<programlisting>
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-19.03;
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-19.09;
</programlisting>
</para>
</section>

View File

@ -8,8 +8,8 @@
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><filename>configuration.nix</filename>
</refname><refpurpose>NixOS system configuration specification</refpurpose>
<refname><filename>configuration.nix</filename></refname>
<refpurpose>NixOS system configuration specification</refpurpose>
</refnamediv>
<refsection>
<title>Description</title>

View File

@ -8,8 +8,8 @@
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><command>nixos-build-vms</command>
</refname><refpurpose>build a network of virtual machines from a network of NixOS configurations</refpurpose>
<refname><command>nixos-build-vms</command></refname>
<refpurpose>build a network of virtual machines from a network of NixOS configurations</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>

View File

@ -8,8 +8,8 @@
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><command>nixos-enter</command>
</refname><refpurpose>run a command in a NixOS chroot environment</refpurpose>
<refname><command>nixos-enter</command></refname>
<refpurpose>run a command in a NixOS chroot environment</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>

View File

@ -8,8 +8,8 @@
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><command>nixos-generate-config</command>
</refname><refpurpose>generate NixOS configuration modules</refpurpose>
<refname><command>nixos-generate-config</command></refname>
<refpurpose>generate NixOS configuration modules</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>

View File

@ -8,8 +8,8 @@
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><command>nixos-install</command>
</refname><refpurpose>install bootloader and NixOS</refpurpose>
<refname><command>nixos-install</command></refname>
<refpurpose>install bootloader and NixOS</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>

View File

@ -8,8 +8,8 @@
<!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
</refmeta>
<refnamediv>
<refname><command>nixos-option</command>
</refname><refpurpose>inspect a NixOS configuration</refpurpose>
<refname><command>nixos-option</command></refname>
<refpurpose>inspect a NixOS configuration</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>

View File

@ -9,8 +9,8 @@
</refmeta>
<refnamediv>
<refname><command>nixos-rebuild</command>
</refname><refpurpose>reconfigure a NixOS machine</refpurpose>
<refname><command>nixos-rebuild</command></refname>
<refpurpose>reconfigure a NixOS machine</refpurpose>
</refnamediv>
<refsynopsisdiv>

View File

@ -7,8 +7,8 @@
<refmiscinfo class="source">NixOS</refmiscinfo>
</refmeta>
<refnamediv>
<refname><command>nixos-version</command>
</refname><refpurpose>show the NixOS version</refpurpose>
<refname><command>nixos-version</command></refname>
<refpurpose>show the NixOS version</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>

View File

@ -3,7 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-19.09">
<title>Release 19.09 (“Loris”, 2019/09/??)</title>
<title>Release 19.09 (“Loris”, 2019/10/09)</title>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
@ -23,6 +23,26 @@
End of support is planned for end of April 2020, handing over to 20.03.
</para>
</listitem>
<listitem>
<para>
Nix has been updated to 2.3; see its
<link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.3">release
notes</link>.
</para>
</listitem>
<listitem>
<para>Core version changes:</para>
<para>systemd: 239 -&gt; 243</para>
<para>gcc: 7 -&gt; 8</para>
<para>glibc: 2.27 (unchanged)</para>
<para>linux: 4.19 LTS (unchanged)</para>
<para>openssl: 1.0 -&gt; 1.1</para>
</listitem>
<listitem>
<para>Desktop version changes:</para>
<para>plasma5: 5.14 -&gt; 5.16</para>
<para>gnome3: 3.30 -&gt; 3.32</para>
</listitem>
<listitem>
<para>
PHP now defaults to PHP 7.3, updated from 7.2.
@ -512,6 +532,12 @@
is set to <literal>/var/lib/gitlab/state</literal>, <literal>gitlab</literal> and all parent directories
must be owned by either <literal>root</literal> or the user specified in <option>services.gitlab.user</option>.
</para>
<para>
The <option>networking.useDHCP</option> option is unsupported in combination with
<option>networking.useNetworkd</option> in anticipation of defaulting to it by default.
It has to be set to <literal>false</literal> and enabled per
interface with <option>networking.interfaces.&lt;name&gt;.useDHCP = true;</option>
</para>
</listitem>
<listitem>
<para>
@ -519,6 +545,22 @@
Please use the fork <literal>cawbird</literal> instead which has been adapted to the API changes and is still maintained.
</para>
</listitem>
<listitem>
<para>
The <literal>nodejs-11_x</literal> package has been removed as it's EOLed by upstream.
</para>
</listitem>
<listitem>
<para>
Because of the systemd upgrade,
<application>systemd-timesyncd</application> will no longer work if
<option>system.stateVersion</option> is not set correctly. When
upgrading from NixOS 19.03, please make sure that
<option>system.stateVersion</option> is set to
<literal>"19.03"</literal>, or lower if the installation dates back to an
earlier version of NixOS.
</para>
</listitem>
</itemizedlist>
</section>
@ -717,7 +759,7 @@
</para>
</listitem>
</itemizedlist>
This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>,
This also configures the kernel to pass core dumps to <literal>systemd-coredump</literal>,
and restricts the SysRq key combinations to the sync command only.
These sysctl snippets can be found in <literal>/etc/sysctl.d/50-*.conf</literal>,
and overridden via <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link>
@ -726,12 +768,15 @@
</listitem>
<listitem>
<para>
Coredumps are now acquired by <literal>systemd-coredump</literal> by default.
<literal>systemd-coredump</literal> behaviour can still be modified via
<option>systemd.coredump.extraConfig</option>.
To stick to the old behaviour (having the kernel dump to a file called <literal>core</literal>
in the working directory), without piping it through <literal>systemd-coredump</literal>, set
<option>boot.kernel.sysctl."kernel.core_pattern"</option> to <literal>"core"</literal>.
Core dumps are now processed by <literal>systemd-coredump</literal>
by default. <literal>systemd-coredump</literal> behaviour can
still be modified via
<option>systemd.coredump.extraConfig</option>. To stick to the
old behaviour (having the kernel dump to a file called
<literal>core</literal> in the working directory), without piping
it through <literal>systemd-coredump</literal>, set
<option>systemd.coredump.enable</option> to
<literal>false</literal>.
</para>
</listitem>
<listitem>

View File

@ -28,6 +28,14 @@
Postgresql for NixOS service now defaults to v11.
</para>
</listitem>
<listitem>
<para>
The graphical installer image starts the graphical session automatically.
Before you'd be greeted by a tty and asked to enter <command>systemctl start display-manager</command>.
It is now possible to disable the display-manager from running by selecting the <literal>Disable display-manager</literal>
quirk in the boot menu.
</para>
</listitem>
</itemizedlist>
</section>

View File

@ -78,9 +78,7 @@ in
# We're trying to use the same syntax for PAM variables and env variables.
# That means we need to map the env variables that people might use to their
# equivalent PAM variable.
# Note: PAM_USER is a PAM_ITEM, HOME is an environment variable, they have
# different syntax.
replaceEnvVars = replaceStrings ["$HOME" "$USER"] ["\${HOME}" "@{PAM_USER}"];
replaceEnvVars = replaceStrings ["$HOME" "$USER"] ["@{HOME}" "@{PAM_USER}"];
pamVariable = n: v:
''${n} DEFAULT="${concatStringsSep ":" (map replaceEnvVars (toList v))}"'';

View File

@ -24,7 +24,7 @@ in {
Specifies Unix ODBC drivers to be registered in
<filename>/etc/odbcinst.ini</filename>. You may also want to
add <literal>pkgs.unixODBC</literal> to the system path to get
a command line client to connnect to ODBC databases.
a command line client to connect to ODBC databases.
'';
};
};

View File

@ -25,9 +25,6 @@ with lib;
services.xserver = {
enable = true;
# Don't start the X server by default.
autorun = mkForce false;
# Automatically login as nixos.
displayManager.slim = {
enable = true;

View File

@ -24,7 +24,7 @@ let
# Name appended to menuentry defaults to params if no specific name given.
option.name or (if option ? params then "(${option.params})" else "")
}' ${if option ? class then " --class ${option.class}" else ""} {
linux ${defaults.image} ${defaults.params} ${
linux ${defaults.image} \''${isoboot} ${defaults.params} ${
option.params or ""
}
initrd ${defaults.initrd}
@ -268,6 +268,12 @@ let
set timeout=10
${grubMenuCfg}
# If the parameter iso_path is set, append the findiso parameter to the kernel
# line. We need this to allow the nixos iso to be booted from grub directly.
if [ \''${iso_path} ] ; then
set isoboot="findiso=\''${iso_path}"
fi
#
# Menu entries
#
@ -284,6 +290,14 @@ let
${buildMenuAdditionalParamsGrub2 config "video=1920x1080@60"}
}
# If we boot into a graphical environment where X is autoran
# and always crashes, it makes the media unusable. Allow the user
# to disable this.
submenu "Disable display-manager" --class quirk-disable-displaymanager {
${grubMenuCfg}
${buildMenuAdditionalParamsGrub2 config "systemd.mask=display-manager.service"}
}
# Some laptop and convertibles have the panel installed in an
# inconvenient way, rotated away from the keyboard.
# Those entries makes it easier to use the installer.
@ -616,6 +630,9 @@ in
{ source = "${efiDir}/EFI";
target = "/EFI";
}
{ source = pkgs.writeText "loopback.cfg" "source /EFI/boot/grub.cfg";
target = "/boot/grub/loopback.cfg";
}
] ++ optionals (config.boot.loader.grub.memtest86.enable && canx86BiosBoot) [
{ source = "${pkgs.memtest86plus}/memtest.bin";
target = "/boot/memtest.bin";

View File

@ -1,6 +1,6 @@
{
x86_64-linux = "/nix/store/3ds3cgji9vjxdbgp10av6smyym1126d1-nix-2.3";
i686-linux = "/nix/store/ln1ndqvfpc9cdl03vqxi6kvlxm9wfv9g-nix-2.3";
aarch64-linux = "/nix/store/n8a1rwzrp20qcr2c4hvyn6c5q9zx8csw-nix-2.3";
x86_64-darwin = "/nix/store/jq6npmpld02sz4rgniz0qrsdfnm6j17a-nix-2.3";
x86_64-linux = "/nix/store/6chjfy4j6hjwj5f8zcbbdg02i21x1qsi-nix-2.3.1";
i686-linux = "/nix/store/xa8z7fwszjjm4kiwrxfc8xv9c1pzzm7a-nix-2.3.1";
aarch64-linux = "/nix/store/8cac1ivcnchlpzmdjby2f71l1fwpnymr-nix-2.3.1";
x86_64-darwin = "/nix/store/6639l9815ggdnb4aka22qcjy7p8w4hb9-nix-2.3.1";
}

View File

@ -563,6 +563,24 @@ $fsAndSwap
${\join "", (map { " $_\n" } (uniq @attrs))}}
EOF
sub generateNetworkingDhcpConfig {
my $config = <<EOF;
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
EOF
foreach my $path (glob "/sys/class/net/*") {
my $dev = basename($path);
if ($dev ne "lo") {
$config .= " networking.interfaces.$dev.useDHCP = true;\n";
}
}
return $config;
}
if ($showHardwareConfig) {
print STDOUT $hwConfig;
@ -606,6 +624,8 @@ EOF
EOF
}
my $networkingDhcpConfig = generateNetworkingDhcpConfig();
write_file($fn, <<EOF);
@configuration@
EOF

View File

@ -132,9 +132,8 @@ if [[ -z $noBootLoader ]]; then
echo "installing the boot loader..."
# Grub needs an mtab.
ln -sfn /proc/mounts $mountPoint/etc/mtab
export NIXOS_INSTALL_BOOTLOADER=1
NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot
fi
nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot
# Ask the user to set a root password, but only if the passwd command
# exists (i.e. when mutable user accounts are enabled).

View File

@ -111,7 +111,7 @@ buildHostCmd() {
if [ -z "$buildHost" ]; then
"$@"
elif [ -n "$remoteNix" ]; then
ssh $SSHOPTS "$buildHost" PATH="$remoteNix:$PATH" "$@"
ssh $SSHOPTS "$buildHost" env PATH="$remoteNix:$PATH" "$@"
else
ssh $SSHOPTS "$buildHost" "$@"
fi

View File

@ -96,6 +96,7 @@ in
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
$networkingDhcpConfig
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password\@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

View File

@ -328,7 +328,7 @@
qemu-libvirtd = 301;
# kvm = 302; # unused
# render = 303; # unused
zeronet = 304;
# zeronet = 304; # removed 2019-01-03
lirc = 305;
lidarr = 306;
slurm = 307;
@ -629,7 +629,7 @@
qemu-libvirtd = 301;
kvm = 302; # default udev rules from systemd requires these
render = 303; # default udev rules from systemd requires these
zeronet = 304;
# zeronet = 304; # removed 2019-01-03
lirc = 305;
lidarr = 306;
slurm = 307;

View File

@ -128,7 +128,10 @@ in {
# directory creation needs to be separated from main service
# because ReadWritePaths fails when the directory doesn't already exist
systemd.tmpfiles.rules = [ "d ${dirOf cfg.output} 0755 root root -" ];
systemd.tmpfiles.rules =
let dir = dirOf cfg.output; in
mkIf (dir != "/var/cache")
[ "d ${dir} 0755 root root -" ];
systemd.services.update-locatedb =
{ description = "Update Locate Database";

View File

@ -98,7 +98,6 @@
./programs/autojump.nix
./programs/bash/bash.nix
./programs/bcc.nix
./programs/blcr.nix
./programs/browserpass.nix
./programs/captive-browser.nix
./programs/ccache.nix
@ -143,7 +142,6 @@
./programs/seahorse.nix
./programs/slock.nix
./programs/shadow.nix
./programs/shell.nix
./programs/spacefm.nix
./programs/singularity.nix
./programs/ssh.nix

View File

@ -1,27 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkOption mkIf;
cfg = config.environment.blcr;
blcrPkg = config.boot.kernelPackages.blcr;
in
{
###### interface
options = {
environment.blcr.enable = mkOption {
default = false;
description =
"Whether to enable support for the BLCR checkpointing tool.";
};
};
###### implementation
config = mkIf cfg.enable {
boot.kernelModules = [ "blcr" "blcr_imports" ];
boot.extraModulePackages = [ blcrPkg ];
environment.systemPackages = [ blcrPkg ];
};
}

View File

@ -1,54 +0,0 @@
# This module defines a standard configuration for NixOS shells.
{ config, lib, ... }:
with lib;
{
config = {
environment.shellInit =
''
# Set up the per-user profile.
mkdir -m 0755 -p "$NIX_USER_PROFILE_DIR"
if [ "$(stat -c '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)" ]; then
echo "WARNING: the per-user profile dir $NIX_USER_PROFILE_DIR should belong to user id $(id -u)" >&2
fi
if [ -w "$HOME" ]; then
if ! [ -L "$HOME/.nix-profile" ]; then
if [ "$USER" != root ]; then
ln -s "$NIX_USER_PROFILE_DIR/profile" "$HOME/.nix-profile"
else
# Root installs in the system-wide profile by default.
ln -s /nix/var/nix/profiles/default "$HOME/.nix-profile"
fi
fi
# Subscribe the root user to the NixOS channel by default.
if [ "$USER" = root -a ! -e "$HOME/.nix-channels" ]; then
echo "${config.system.defaultChannel} nixos" > "$HOME/.nix-channels"
fi
# Create the per-user garbage collector roots directory.
NIX_USER_GCROOTS_DIR="/nix/var/nix/gcroots/per-user/$USER"
mkdir -m 0755 -p "$NIX_USER_GCROOTS_DIR"
if [ "$(stat -c '%u' "$NIX_USER_GCROOTS_DIR")" != "$(id -u)" ]; then
echo "WARNING: the per-user gcroots dir $NIX_USER_GCROOTS_DIR should belong to user id $(id -u)" >&2
fi
# Set up a default Nix expression from which to install stuff.
if [ ! -e "$HOME/.nix-defexpr" -o -L "$HOME/.nix-defexpr" ]; then
rm -f "$HOME/.nix-defexpr"
mkdir -p "$HOME/.nix-defexpr"
if [ "$USER" != root ]; then
ln -s /nix/var/nix/profiles/per-user/root/channels "$HOME/.nix-defexpr/channels_root"
fi
fi
fi
'';
};
}

View File

@ -233,7 +233,6 @@ with lib;
(mkRemovedOptionModule [ "services" "mysql" "rootPassword" ] "Use socket authentication or set the password outside of the nix store.")
(mkRemovedOptionModule [ "services" "zabbixServer" "dbPassword" ] "Use services.zabbixServer.database.passwordFile instead.")
(mkRemovedOptionModule [ "systemd" "generator-packages" ] "Use systemd.packages instead.")
(mkRemovedOptionModule [ "systemd" "coredump" "enable" ] "Enabled by default. Set boot.kernel.sysctl.\"kernel.core_pattern\" = \"core\"; to disable.")
# ZSH
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
@ -275,6 +274,9 @@ with lib;
(mkRenamedOptionModule [ "networking" "extraResolvconfConf" ] [ "networking" "resolvconf" "extraConfig" ])
(mkRenamedOptionModule [ "networking" "resolvconfOptions" ] [ "networking" "resolvconf" "extraOptions" ])
# BLCR
(mkRemovedOptionModule [ "environment.blcr.enable" ] "The BLCR module has been removed")
# Redis
(mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
(mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")

View File

@ -67,6 +67,7 @@ in
users.users = optional (cfg.user == "memcached") {
name = "memcached";
description = "Memcached server user";
isSystemUser = true;
};
environment.systemPackages = [ memcached ];

View File

@ -12,6 +12,12 @@ in
{
imports = [
(mkRemovedOptionModule
["services" "gnome3" "gnome-settings-daemon" "package"]
"")
];
###### interface
options = {
@ -20,13 +26,6 @@ in
enable = mkEnableOption "GNOME Settings Daemon";
# There are many forks of gnome-settings-daemon
package = mkOption {
type = types.package;
default = pkgs.gnome3.gnome-settings-daemon;
description = "Which gnome-settings-daemon package to use.";
};
};
};
@ -36,9 +35,39 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
environment.systemPackages = [
pkgs.gnome3.gnome-settings-daemon
];
services.udev.packages = [ cfg.package ];
services.udev.packages = [
pkgs.gnome3.gnome-settings-daemon
];
systemd.packages = [
pkgs.gnome3.gnome-settings-daemon
];
systemd.user.targets."gnome-session-initialized".wants = [
"gsd-color.target"
"gsd-datetime.target"
"gsd-keyboard.target"
"gsd-media-keys.target"
"gsd-print-notifications.target"
"gsd-rfkill.target"
"gsd-screensaver-proxy.target"
"gsd-sharing.target"
"gsd-smartcard.target"
"gsd-sound.target"
"gsd-wacom.target"
"gsd-wwan.target"
"gsd-a11y-settings.target"
"gsd-housekeeping.target"
"gsd-power.target"
];
systemd.user.targets."gnome-session-x11-services".wants = [
"gsd-xsettings.target"
];
};

View File

@ -181,7 +181,7 @@ in
};
configFile = mkOption {
type = types.nullOr types.str;
type = types.nullOr types.path;
default = null;
description = "Config file used for the whole dovecot configuration.";
apply = v: if v != null then v else pkgs.writeText "dovecot.conf" dovecotConf;

View File

@ -7,6 +7,11 @@ let
ruby = cfg.packages.gitlab.ruby;
postgresqlPackage = if config.services.postgresql.enable then
config.services.postgresql.package
else
pkgs.postgresql;
gitlabSocket = "${cfg.statePath}/tmp/sockets/gitlab.socket";
gitalySocket = "${cfg.statePath}/tmp/sockets/gitaly.socket";
pathUrlQuote = url: replaceStrings ["/"] ["%2F"] url;
@ -22,6 +27,9 @@ let
} // cfg.extraDatabaseConfig;
};
# We only want to create a database if we're actually going to connect to it.
databaseActuallyCreateLocally = cfg.databaseCreateLocally && cfg.databaseHost == "";
gitalyToml = pkgs.writeText "gitaly.toml" ''
socket_path = "${lib.escape ["\""] gitalySocket}"
bin_dir = "${cfg.packages.gitaly}/bin"
@ -138,7 +146,7 @@ let
mkdir -p $out/bin
makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \
${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar postgresqlPackage pkgs.coreutils pkgs.procps ]}:$PATH' \
--set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \
--run 'cd ${cfg.packages.gitlab}/share/gitlab'
'';
@ -153,7 +161,7 @@ let
mkdir -p $out/bin
makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rails $out/bin/gitlab-rails \
${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar postgresqlPackage pkgs.coreutils pkgs.procps ]}:$PATH' \
--run 'cd ${cfg.packages.gitlab}/share/gitlab'
'';
};
@ -266,8 +274,8 @@ in {
description = ''
Whether a database should be automatically created on the
local host. Set this to <literal>false</literal> if you plan
on provisioning a local database yourself or use an external
one.
on provisioning a local database yourself. This has no effect
if <option>services.gitlab.databaseHost</option> is customized.
'';
};
@ -557,8 +565,8 @@ in {
assertions = [
{
assertion = cfg.databaseCreateLocally -> (cfg.user == cfg.databaseUsername);
message = "For local automatic database provisioning services.gitlab.user and services.gitlab.databaseUsername should be identical.";
assertion = databaseActuallyCreateLocally -> (cfg.user == cfg.databaseUsername);
message = ''For local automatic database provisioning (services.gitlab.databaseCreateLocally == true) with peer authentication (services.gitlab.databaseHost == "") to work services.gitlab.user and services.gitlab.databaseUsername must be identical.'';
}
{
assertion = (cfg.databaseHost != "") -> (cfg.databasePasswordFile != null);
@ -592,14 +600,14 @@ in {
services.redis.enable = mkDefault true;
# We use postgres as the main data store.
services.postgresql = optionalAttrs cfg.databaseCreateLocally {
services.postgresql = optionalAttrs databaseActuallyCreateLocally {
enable = true;
ensureUsers = singleton { name = cfg.databaseUsername; };
};
# The postgresql module doesn't currently support concepts like
# objects owners and extensions; for now we tack on what's needed
# here.
systemd.services.postgresql.postStart = mkAfter (optionalString cfg.databaseCreateLocally ''
systemd.services.postgresql.postStart = mkAfter (optionalString databaseActuallyCreateLocally ''
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then
@ -675,7 +683,7 @@ in {
wantedBy = [ "multi-user.target" ];
environment = gitlabEnv;
path = with pkgs; [
config.services.postgresql.package
postgresqlPackage
gitAndTools.git
ruby
openssh
@ -756,81 +764,13 @@ in {
wantedBy = [ "multi-user.target" ];
environment = gitlabEnv;
path = with pkgs; [
config.services.postgresql.package
postgresqlPackage
gitAndTools.git
openssh
nodejs
procps
gnupg
];
preStart = ''
cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
rm -rf ${cfg.statePath}/db/*
cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db
${cfg.packages.gitlab-shell}/bin/install
${optionalString cfg.smtp.enable ''
install -m u=rw ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb
${optionalString (cfg.smtp.passwordFile != null) ''
smtp_password=$(<'${cfg.smtp.passwordFile}')
${pkgs.replace}/bin/replace-literal -e '@smtpPassword@' "$smtp_password" '${cfg.statePath}/config/initializers/smtp_settings.rb'
''}
''}
(
umask u=rwx,g=,o=
${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/gitlab_shell_secret
${if cfg.databasePasswordFile != null then ''
export db_password="$(<'${cfg.databasePasswordFile}')"
if [[ -z "$db_password" ]]; then
>&2 echo "Database password was an empty string!"
exit 1
fi
${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \
'.production.password = $ENV.db_password' \
>'${cfg.statePath}/config/database.yml'
''
else ''
${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \
>'${cfg.statePath}/config/database.yml'
''
}
${utils.genJqSecretsReplacementSnippet
gitlabConfig
"${cfg.statePath}/config/gitlab.yml"
}
if [[ -h '${cfg.statePath}/config/secrets.yml' ]]; then
rm '${cfg.statePath}/config/secrets.yml'
fi
export secret="$(<'${cfg.secrets.secretFile}')"
export db="$(<'${cfg.secrets.dbFile}')"
export otp="$(<'${cfg.secrets.otpFile}')"
export jws="$(<'${cfg.secrets.jwsFile}')"
${pkgs.jq}/bin/jq -n '{production: {secret_key_base: $ENV.secret,
otp_key_base: $ENV.otp,
db_key_base: $ENV.db,
openid_connect_signing_key: $ENV.jws}}' \
> '${cfg.statePath}/config/secrets.yml'
)
initial_root_password="$(<'${cfg.initialRootPasswordFile}')"
${gitlab-rake}/bin/gitlab-rake gitlab:db:configure GITLAB_ROOT_PASSWORD="$initial_root_password" \
GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}'
# We remove potentially broken links to old gitlab-shell versions
rm -Rf ${cfg.statePath}/repositories/**/*.git/hooks
${pkgs.git}/bin/git config --global core.autocrlf "input"
'';
serviceConfig = {
Type = "simple";
@ -839,6 +779,89 @@ in {
TimeoutSec = "infinity";
Restart = "on-failure";
WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
ExecStartPre = let
preStartFullPrivileges = ''
shopt -s dotglob nullglob
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/*
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/*
'';
preStart = ''
cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
rm -rf ${cfg.statePath}/db/*
rm -rf ${cfg.statePath}/config/initializers/*
cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db
${cfg.packages.gitlab-shell}/bin/install
${optionalString cfg.smtp.enable ''
install -m u=rw ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb
${optionalString (cfg.smtp.passwordFile != null) ''
smtp_password=$(<'${cfg.smtp.passwordFile}')
${pkgs.replace}/bin/replace-literal -e '@smtpPassword@' "$smtp_password" '${cfg.statePath}/config/initializers/smtp_settings.rb'
''}
''}
(
umask u=rwx,g=,o=
${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/gitlab_shell_secret
if [[ -h '${cfg.statePath}/config/database.yml' ]]; then
rm '${cfg.statePath}/config/database.yml'
fi
${if cfg.databasePasswordFile != null then ''
export db_password="$(<'${cfg.databasePasswordFile}')"
if [[ -z "$db_password" ]]; then
>&2 echo "Database password was an empty string!"
exit 1
fi
${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \
'.production.password = $ENV.db_password' \
>'${cfg.statePath}/config/database.yml'
''
else ''
${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \
>'${cfg.statePath}/config/database.yml'
''
}
${utils.genJqSecretsReplacementSnippet
gitlabConfig
"${cfg.statePath}/config/gitlab.yml"
}
if [[ -h '${cfg.statePath}/config/secrets.yml' ]]; then
rm '${cfg.statePath}/config/secrets.yml'
fi
export secret="$(<'${cfg.secrets.secretFile}')"
export db="$(<'${cfg.secrets.dbFile}')"
export otp="$(<'${cfg.secrets.otpFile}')"
export jws="$(<'${cfg.secrets.jwsFile}')"
${pkgs.jq}/bin/jq -n '{production: {secret_key_base: $ENV.secret,
otp_key_base: $ENV.otp,
db_key_base: $ENV.db,
openid_connect_signing_key: $ENV.jws}}' \
> '${cfg.statePath}/config/secrets.yml'
)
initial_root_password="$(<'${cfg.initialRootPasswordFile}')"
${gitlab-rake}/bin/gitlab-rake gitlab:db:configure GITLAB_ROOT_PASSWORD="$initial_root_password" \
GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}' > /dev/null
# We remove potentially broken links to old gitlab-shell versions
rm -Rf ${cfg.statePath}/repositories/**/*.git/hooks
${pkgs.git}/bin/git config --global core.autocrlf "input"
'';
in [
"+${pkgs.writeShellScript "gitlab-pre-start-full-privileges" preStartFullPrivileges}"
"${pkgs.writeShellScript "gitlab-pre-start" preStart}"
];
ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/unicorn -c ${cfg.statePath}/config/unicorn.rb -E production";
};

View File

@ -10,7 +10,6 @@ let
nixVersion = getVersion nix;
isNix20 = versionAtLeast nixVersion "2.0pre";
isNix23 = versionAtLeast nixVersion "2.3pre";
makeNixBuildUser = nr:
@ -28,39 +27,26 @@ let
nixbldUsers = map makeNixBuildUser (range 1 cfg.nrBuildUsers);
nixConf =
let
# In Nix < 2.0, If we're using sandbox for builds, then provide
# /bin/sh in the sandbox as a bind-mount to bash. This means we
# also need to include the entire closure of bash. Nix >= 2.0
# provides a /bin/sh by default.
sh = pkgs.runtimeShell;
binshDeps = pkgs.writeReferencesToFile sh;
in
pkgs.runCommand "nix.conf" { preferLocalBuild = true; extraOptions = cfg.extraOptions; } (''
${optionalString (!isNix20) ''
extraPaths=$(for i in $(cat ${binshDeps}); do if test -d $i; then echo $i; fi; done)
''}
assert versionAtLeast nixVersion "2.2";
pkgs.runCommand "nix.conf" { preferLocalBuild = true; extraOptions = cfg.extraOptions; } (
''
cat > $out <<END
# WARNING: this file is generated from the nix.* options in
# your NixOS configuration, typically
# /etc/nixos/configuration.nix. Do not edit it!
build-users-group = nixbld
${if isNix20 then "max-jobs" else "build-max-jobs"} = ${toString (cfg.maxJobs)}
${if isNix20 then "cores" else "build-cores"} = ${toString (cfg.buildCores)}
${if isNix20 then "sandbox" else "build-use-sandbox"} = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox}
${if isNix20 then "extra-sandbox-paths" else "build-sandbox-paths"} = ${toString cfg.sandboxPaths} ${optionalString (!isNix20) "/bin/sh=${sh} $(echo $extraPaths)"}
${if isNix20 then "substituters" else "binary-caches"} = ${toString cfg.binaryCaches}
${if isNix20 then "trusted-substituters" else "trusted-binary-caches"} = ${toString cfg.trustedBinaryCaches}
${if isNix20 then "trusted-public-keys" else "binary-cache-public-keys"} = ${toString cfg.binaryCachePublicKeys}
max-jobs = ${toString (cfg.maxJobs)}
cores = ${toString (cfg.buildCores)}
sandbox = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox}
extra-sandbox-paths = ${toString cfg.sandboxPaths}
substituters = ${toString cfg.binaryCaches}
trusted-substituters = ${toString cfg.trustedBinaryCaches}
trusted-public-keys = ${toString cfg.binaryCachePublicKeys}
auto-optimise-store = ${boolToString cfg.autoOptimiseStore}
${if isNix20 then ''
require-sigs = ${if cfg.requireSignedBinaryCaches then "true" else "false"}
'' else ''
signed-binary-caches = ${if cfg.requireSignedBinaryCaches then "*" else ""}
''}
require-sigs = ${if cfg.requireSignedBinaryCaches then "true" else "false"}
trusted-users = ${toString cfg.trustedUsers}
allowed-users = ${toString cfg.allowedUsers}
${optionalString (isNix20 && !cfg.distributedBuilds) ''
${optionalString (!cfg.distributedBuilds) ''
builders =
''}
system-features = ${toString cfg.systemFeatures}
@ -422,8 +408,7 @@ in
systemd.services.nix-daemon =
{ path = [ nix pkgs.utillinux config.programs.ssh.package ]
++ optionals cfg.distributedBuilds [ pkgs.gzip ]
++ optionals (!isNix20) [ pkgs.openssl.bin ];
++ optionals cfg.distributedBuilds [ pkgs.gzip ];
environment = cfg.envVars
// { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt"; }
@ -440,34 +425,13 @@ in
restartTriggers = [ nixConf ];
};
nix.envVars =
optionalAttrs (!isNix20) {
NIX_CONF_DIR = "/etc/nix";
# Enable the copy-from-other-stores substituter, which allows
# builds to be sped up by copying build results from remote
# Nix stores. To do this, mount the remote file system on a
# subdirectory of /run/nix/remote-stores.
NIX_OTHER_STORES = "/run/nix/remote-stores/*/nix";
}
// optionalAttrs (cfg.distributedBuilds && !isNix20) {
NIX_BUILD_HOOK = "${nix}/libexec/nix/build-remote.pl";
};
# Set up the environment variables for running Nix.
environment.sessionVariables = cfg.envVars //
{ NIX_PATH = cfg.nixPath;
};
environment.extraInit = optionalString (!isNix20)
environment.extraInit =
''
# Set up secure multi-user builds: non-root users build through the
# Nix daemon.
if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then
export NIX_REMOTE=daemon
fi
'' + ''
if [ -e "$HOME/.nix-defexpr/channels" ]; then
export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}"
fi
@ -479,21 +443,15 @@ in
services.xserver.displayManager.hiddenUsers = map ({ name, ... }: name) nixbldUsers;
# FIXME: use systemd-tmpfiles to create Nix directories.
system.activationScripts.nix = stringAfter [ "etc" "users" ]
''
# Nix initialisation.
install -m 0755 -d \
/nix/var/nix/gcroots \
/nix/var/nix/temproots \
/nix/var/nix/userpool \
/nix/var/nix/profiles \
/nix/var/nix/db \
/nix/var/log/nix/drvs
install -m 1777 -d \
/nix/var/nix/gcroots/per-user \
/nix/var/nix/profiles/per-user \
/nix/var/nix/gcroots/tmp
# Create directories in /nix.
${nix}/bin/nix ping-store --no-net
# Subscribe the root user to the NixOS channel by default.
if [ ! -e "/root/.nix-channels" ]; then
echo "${config.system.defaultChannel} nixos" > "/root/.nix-channels"
fi
'';
nix.systemFeatures = mkDefault (

View File

@ -126,6 +126,8 @@ let
'';
description = ''
Path to YAML file that contains tracing configuration.
See format details: <link xlink:href="https://thanos.io/tracing.md/#configuration"/>
'';
};
};
@ -141,6 +143,8 @@ let
<option>tracing.config-file</option> will default to its path.
If <option>tracing.config-file</option> is set this option has no effect.
See format details: <link xlink:href="https://thanos.io/tracing.md/#configuration"/>
'';
};
};
@ -187,6 +191,8 @@ let
'';
description = ''
Path to YAML file that contains object store configuration.
See format details: <link xlink:href="https://thanos.io/storage.md/#configuration"/>
'';
};
};
@ -202,6 +208,8 @@ let
<option>objstore.config-file</option> will default to its path.
If <option>objstore.config-file</option> is set this option has no effect.
See format details: <link xlink:href="https://thanos.io/storage.md/#configuration"/>
'';
};
};
@ -276,6 +284,24 @@ let
block-sync-concurrency = mkParamDef types.int 20 ''
Number of goroutines to use when syncing blocks from object storage.
'';
min-time = mkParamDef types.str "0000-01-01T00:00:00Z" ''
Start of time range limit to serve.
Thanos Store serves only metrics, which happened later than this
value. Option can be a constant time in RFC3339 format or time duration
relative to current time, such as -1d or 2h45m. Valid duration units are
ms, s, m, h, d, w, y.
'';
max-time = mkParamDef types.str "9999-12-31T23:59:59Z" ''
End of time range limit to serve.
Thanos Store serves only blocks, which happened eariler than this
value. Option can be a constant time in RFC3339 format or time duration
relative to current time, such as -1d or 2h45m. Valid duration units are
ms, s, m, h, d, w, y.
'';
};
query = params.common cfg.query // {
@ -560,6 +586,14 @@ let
'';
};
downsampling.disable = mkFlagParam ''
Disables downsampling.
This is not recommended as querying long time ranges without
non-downsampled data is not efficient and useful e.g it is not possible
to render all samples for a human eye anyway
'';
block-sync-concurrency = mkParamDef types.int 20 ''
Number of goroutines to use when syncing block metadata from object storage.
'';

View File

@ -3,6 +3,15 @@
with lib;
let
isMa1sd =
package:
lib.hasPrefix "ma1sd" package.name;
isMxisd =
package:
lib.hasPrefix "mxisd" package.name;
cfg = config.services.mxisd;
server = optionalAttrs (cfg.server.name != null) { inherit (cfg.server) name; }
@ -12,37 +21,41 @@ let
matrix.domain = cfg.matrix.domain;
key.path = "${cfg.dataDir}/signing.key";
storage = {
provider.sqlite.database = "${cfg.dataDir}/mxisd.db";
provider.sqlite.database = if isMa1sd cfg.package
then "${cfg.dataDir}/ma1sd.db"
else "${cfg.dataDir}/mxisd.db";
};
} // optionalAttrs (server != {}) { inherit server; };
# merges baseConfig and extraConfig into a single file
fullConfig = recursiveUpdate baseConfig cfg.extraConfig;
configFile = pkgs.writeText "mxisd-config.yaml" (builtins.toJSON fullConfig);
configFile = if isMa1sd cfg.package
then pkgs.writeText "ma1sd-config.yaml" (builtins.toJSON fullConfig)
else pkgs.writeText "mxisd-config.yaml" (builtins.toJSON fullConfig);
in {
options = {
services.mxisd = {
enable = mkEnableOption "mxisd matrix federated identity server";
enable = mkEnableOption "matrix federated identity server";
package = mkOption {
type = types.package;
default = pkgs.mxisd;
defaultText = "pkgs.mxisd";
description = "The mxisd package to use";
description = "The mxisd/ma1sd package to use";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/mxisd";
description = "Where data mxisd uses resides";
description = "Where data mxisd/ma1sd uses resides";
};
extraConfig = mkOption {
type = types.attrs;
default = {};
description = "Extra options merged into the mxisd configuration";
description = "Extra options merged into the mxisd/ma1sd configuration";
};
matrix = {
@ -62,7 +75,7 @@ in {
type = types.nullOr types.str;
default = null;
description = ''
Public hostname of mxisd, if different from the Matrix domain.
Public hostname of mxisd/ma1sd, if different from the Matrix domain.
'';
};
@ -103,11 +116,13 @@ in {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
serviceConfig = let
executable = if isMa1sd cfg.package then "ma1sd" else "mxisd";
in {
Type = "simple";
User = "mxisd";
Group = "mxisd";
ExecStart = "${cfg.package}/bin/mxisd -c ${configFile}";
ExecStart = "${cfg.package}/bin/${executable} -c ${configFile}";
WorkingDirectory = cfg.dataDir;
Restart = "on-failure";
};

View File

@ -5,11 +5,25 @@ with lib;
let
cfg = config.networking.networkmanager;
basePackages = with pkgs; [
crda
modemmanager
networkmanager
networkmanager-fortisslvpn
networkmanager-iodine
networkmanager-l2tp
networkmanager-openconnect
networkmanager-openvpn
networkmanager-vpnc
] ++ optional (!delegateWireless && !enableIwd) wpa_supplicant;
dynamicHostsEnabled =
cfg.dynamicHosts.enable && cfg.dynamicHosts.hostsDirs != {};
delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != [];
enableIwd = cfg.wifi.backend == "iwd";
# /var/lib/misc is for dnsmasq.leases.
stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc";
@ -38,6 +52,7 @@ let
[device]
wifi.scan-rand-mac-address=${if cfg.wifi.scanRandMacAddress then "yes" else "no"}
wifi.backend=${cfg.wifi.backend}
${cfg.extraConfig}
'';
@ -176,25 +191,13 @@ in {
'';
};
# Ugly hack for using the correct gnome3 packageSet
basePackages = mkOption {
type = types.attrsOf types.package;
default = { inherit (pkgs)
networkmanager modemmanager crda
networkmanager-openvpn networkmanager-vpnc
networkmanager-openconnect networkmanager-fortisslvpn
networkmanager-l2tp networkmanager-iodine; }
// optionalAttrs (!delegateWireless) { inherit (pkgs) wpa_supplicant; };
internal = true;
};
packages = mkOption {
type = types.listOf types.path;
type = types.listOf types.package;
default = [ ];
description = ''
Extra packages that provide NetworkManager plugins.
'';
apply = list: (attrValues cfg.basePackages) ++ list;
apply = list: basePackages ++ list;
};
dhcp = mkOption {
@ -236,6 +239,15 @@ in {
wifi = {
macAddress = macAddressOpt;
backend = mkOption {
type = types.enum [ "wpa_supplicant" "iwd" ];
default = "wpa_supplicant";
description = ''
Specify the Wi-Fi backend used for the device.
Currently supported are <option>wpa_supplicant</option> or <option>iwd</option> (experimental).
'';
};
powersave = mkOption {
type = types.nullOr types.bool;
default = null;
@ -390,12 +402,12 @@ in {
{ assertion = !dynamicHostsEnabled || (dynamicHostsEnabled && cfg.dns == "dnsmasq");
message = ''
To use networking.networkmanager.dynamicHosts you also need to set
networking.networkmanager.dns = "dnsmasq"
`networking.networkmanager.dns = "dnsmasq"`
'';
}
];
environment.etc = with cfg.basePackages; [
environment.etc = with pkgs; [
{ source = configFile;
target = "NetworkManager/NetworkManager.conf";
}
@ -510,6 +522,8 @@ in {
wireless.enable = mkDefault false;
}) // (mkIf cfg.enableStrongSwan {
networkmanager.packages = [ pkgs.networkmanager_strongswan ];
}) // (mkIf enableIwd {
wireless.iwd.enable = true;
});
security.polkit.extraConfig = polkitConf;

View File

@ -1,44 +1,39 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) generators literalExample mkEnableOption mkIf mkOption recursiveUpdate types;
cfg = config.services.zeronet;
dataDir = "/var/lib/zeronet";
configFile = pkgs.writeText "zeronet.conf" (generators.toINI {} (recursiveUpdate defaultSettings cfg.settings));
zConfFile = pkgs.writeTextFile {
name = "zeronet.conf";
text = ''
[global]
data_dir = ${cfg.dataDir}
log_dir = ${cfg.logDir}
'' + lib.optionalString (cfg.port != null) ''
ui_port = ${toString cfg.port}
'' + lib.optionalString (cfg.fileserverPort != null) ''
fileserver_port = ${toString cfg.fileserverPort}
'' + lib.optionalString (cfg.torAlways) ''
tor = always
'' + cfg.extraConfig;
defaultSettings = {
global = {
data_dir = dataDir;
log_dir = dataDir;
ui_port = cfg.port;
fileserver_port = cfg.fileserverPort;
tor = if !cfg.tor then "disable" else if cfg.torAlways then "always" else "enable";
};
};
in with lib; {
options.services.zeronet = {
enable = mkEnableOption "zeronet";
dataDir = mkOption {
type = types.path;
default = "/var/lib/zeronet";
example = "/home/okina/zeronet";
description = "Path to the zeronet data directory.";
};
settings = mkOption {
type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);
default = {};
example = literalExample "global.tor = enable;";
logDir = mkOption {
type = types.path;
default = "/var/log/zeronet";
example = "/home/okina/zeronet/log";
description = "Path to the zeronet log directory.";
description = ''
<filename>zeronet.conf</filename> configuration. Refer to
<link xlink:href="https://zeronet.readthedocs.io/en/latest/faq/#is-it-possible-to-use-a-configuration-file"/>
for details on supported values;
'';
};
port = mkOption {
type = types.nullOr types.int;
default = null;
type = types.int;
default = 43110;
example = 43110;
description = "Optional zeronet web UI port.";
};
@ -63,22 +58,13 @@ in with lib; {
default = false;
description = "Use TOR for all zeronet traffic.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Extra configuration. Contents will be added verbatim to the
configuration file at the end.
'';
};
};
config = mkIf cfg.enable {
services.tor = mkIf cfg.tor {
enable = true;
controlPort = 9051;
extraConfig = ''
CacheDirectoryGroupReadable 1
CookieAuthentication 1
@ -86,37 +72,25 @@ in with lib; {
'';
};
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 750 zeronet zeronet - -"
"d '${cfg.logDir}' 750 zeronet zeronet - -"
];
systemd.services.zeronet = {
description = "zeronet";
after = [ "network.target" (optionalString cfg.tor "tor.service") ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
PrivateTmp = "yes";
User = "zeronet";
Group = "zeronet";
ExecStart = "${pkgs.zeronet}/bin/zeronet --config_file ${zConfFile}";
};
};
users = {
groups.zeronet.gid = config.ids.gids.zeronet;
users.zeronet = {
description = "zeronet service user";
home = cfg.dataDir;
createHome = true;
group = "zeronet";
extraGroups = mkIf cfg.tor [ "tor" ];
uid = config.ids.uids.zeronet;
DynamicUser = true;
StateDirectory = "zeronet";
SupplementaryGroups = mkIf cfg.tor [ "tor" ];
ExecStart = "${pkgs.zeronet}/bin/zeronet --config_file ${configFile}";
};
};
};
imports = [
(mkRemovedOptionModule [ "services" "zeronet" "dataDir" ] "Zeronet will store data by default in /var/lib/zeronet")
(mkRemovedOptionModule [ "services" "zeronet" "logDir" ] "Zeronet will log by default in /var/lib/zeronet")
];
meta.maintainers = with maintainers; [ chiiruno ];
}

View File

@ -14,6 +14,15 @@ in {
options.services.documize = {
enable = mkEnableOption "Documize Wiki";
stateDirectoryName = mkOption {
type = types.str;
default = "documize";
description = ''
The name of the directory below <filename>/var/lib/private</filename>
where documize runs in and stores, for example, backups.
'';
};
package = mkOption {
type = types.package;
default = pkgs.documize-community;
@ -132,6 +141,8 @@ in {
];
Restart = "always";
DynamicUser = "yes";
StateDirectory = cfg.stateDirectoryName;
WorkingDirectory = "/var/lib/${cfg.stateDirectoryName}";
};
};
};

View File

@ -61,7 +61,10 @@ let
${optionalString (cfg.httpConfig == "" && cfg.config == "") ''
http {
include ${cfg.package}/conf/mime.types;
# The mime type definitions included with nginx are very incomplete, so
# we use a list of mime types from the mailcap package, which is also
# used by most other Linux distributions by default.
include ${pkgs.mailcap}/etc/nginx/mime.types;
include ${cfg.package}/conf/fastcgi.conf;
include ${cfg.package}/conf/uwsgi_params;
@ -119,6 +122,14 @@ let
include ${recommendedProxyConfig};
''}
${optionalString (cfg.mapHashBucketSize != null) ''
map_hash_bucket_size ${toString cfg.mapHashBucketSize};
''}
${optionalString (cfg.mapHashMaxSize != null) ''
map_hash_max_size ${toString cfg.mapHashMaxSize};
''}
# $connection_upgrade is used for websocket proxying
map $http_upgrade $connection_upgrade {
default upgrade;
@ -507,6 +518,23 @@ in
'';
};
mapHashBucketSize = mkOption {
type = types.nullOr (types.enum [ 32 64 128 ]);
default = null;
description = ''
Sets the bucket size for the map variables hash tables. Default
value depends on the processors cache line size.
'';
};
mapHashMaxSize = mkOption {
type = types.nullOr types.ints.positive;
default = null;
description = ''
Sets the maximum size of the map variables hash tables.
'';
};
resolver = mkOption {
type = types.submodule {
options = {

View File

@ -28,6 +28,8 @@ let
(pkg: "cp -rf ${pkg}/share/gsettings-schemas/*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas\n")
(defaultPackages ++ cfg.extraGSettingsOverridePackages)}
cp -f ${pkgs.gnome3.gnome-shell}/share/gsettings-schemas/*/glib-2.0/schemas/*.gschema.override $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
chmod -R a+w $out/share/gsettings-schemas/nixos-gsettings-overrides
cat - > $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas/nixos-defaults.gschema.override <<- EOF
[org.gnome.desktop.background]
@ -209,14 +211,6 @@ in
networking.networkmanager.enable = mkDefault true;
# Use the correct gnome3 packageSet
networking.networkmanager.basePackages = {
inherit (pkgs) networkmanager modemmanager wpa_supplicant crda;
inherit (pkgs.gnome3) networkmanager-openvpn networkmanager-vpnc
networkmanager-openconnect networkmanager-fortisslvpn
networkmanager-iodine networkmanager-l2tp;
};
services.xserver.updateDbusEnvironment = true;
# Needed for themes and backgrounds
@ -238,22 +232,7 @@ in
services.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true));
services.telepathy.enable = mkDefault true;
systemd.packages = with pkgs.gnome3; [ vino gnome-session gnome-settings-daemon ];
# gnome-settings-daemon.nix is shared between several desktop
# environments (eg. mate and pantheon) so specify these gnome-shell specific
# service dependencies here instead.
systemd.user.targets."gnome-session-initialized".wants = [
"gsd-a11y-settings.target" "gsd-housekeeping.target" "gsd-power.target"
"gsd-color.target" "gsd-keyboard.target" "gsd-print-notifications.target"
"gsd-datetime.target" "gsd-media-keys.target" "gsd-rfkill.target"
"gsd-screensaver-proxy.target" "gsd-sound.target" "gsd-smartcard.target"
"gsd-sharing.target" "gsd-wacom.target" "gsd-wwan.target"
];
systemd.user.targets."gnome-session-x11-services".wants = [
"gsd-xsettings.target"
];
systemd.packages = with pkgs.gnome3; [ vino gnome-session ];
services.avahi.enable = mkDefault true;

View File

@ -85,6 +85,7 @@ in
pkgs.gtk3.out
pkgs.shared-mime-info
pkgs.xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/
pkgs.mate.mate-settings-daemon
];
programs.dconf.enable = true;
@ -98,7 +99,7 @@ in
services.gnome3.at-spi2-core.enable = true;
services.gnome3.gnome-keyring.enable = true;
services.gnome3.gnome-settings-daemon.enable = true;
services.gnome3.gnome-settings-daemon.package = pkgs.mate.mate-settings-daemon;
services.udev.packages = [ pkgs.mate.mate-settings-daemon ];
services.gvfs.enable = true;
services.upower.enable = config.powerManagement.enable;

View File

@ -109,8 +109,9 @@ in
services.pantheon.files.enable = mkDefault true;
services.tumbler.enable = mkDefault true;
services.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true));
services.dbus.packages = [
pkgs.pantheon.switchboard-plug-power
services.dbus.packages = with pkgs.pantheon; [
switchboard-plug-power
elementary-default-settings
];
services.pantheon.contractor.enable = mkDefault true;
services.gnome3.at-spi2-core.enable = true;
@ -119,7 +120,7 @@ in
# TODO: gnome-keyring's xdg autostarts will still be in the environment (from elementary-session-settings) if disabled forcefully
services.gnome3.gnome-keyring.enable = true;
services.gnome3.gnome-settings-daemon.enable = true;
services.gnome3.gnome-settings-daemon.package = pkgs.pantheon.elementary-settings-daemon;
services.udev.packages = [ pkgs.pantheon.elementary-settings-daemon ];
services.gvfs.enable = true;
services.gnome3.rygel.enable = mkDefault true;
services.gsignond.enable = mkDefault true;
@ -154,11 +155,6 @@ in
qt5.style = "adwaita";
networking.networkmanager.enable = mkDefault true;
networking.networkmanager.basePackages =
{ inherit (pkgs) networkmanager modemmanager wpa_supplicant crda;
inherit (pkgs.gnome3) networkmanager-openvpn networkmanager-vpnc
networkmanager-openconnect networkmanager-fortisslvpn
networkmanager-iodine networkmanager-l2tp; };
# Override GSettings schemas
environment.sessionVariables.NIX_GSETTINGS_OVERRIDES_DIR = "${nixos-gsettings-desktop-schemas}/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas";

View File

@ -183,7 +183,8 @@ in
++ lib.optional config.hardware.pulseaudio.enable plasma-pa
++ lib.optional config.powerManagement.enable powerdevil
++ lib.optional config.services.colord.enable colord-kde
++ lib.optionals config.services.samba.enable [ kdenetwork-filesharing pkgs.samba ];
++ lib.optionals config.services.samba.enable [ kdenetwork-filesharing pkgs.samba ]
++ lib.optional config.services.xserver.wacom.enable wacomtablet;
environment.pathsToLink = [
# FIXME: modules should link subdirs of `/share` rather than relying on this

View File

@ -91,7 +91,11 @@ in
++ optional config.powerManagement.enable xfce4-power-manager
++ optionals config.hardware.pulseaudio.enable [
pavucontrol
xfce4-pulseaudio-plugin
# volume up/down keys support:
# xfce4-pulseaudio-plugin includes all the functionalities of xfce4-volumed-pulse
# but can only be used with xfce4-panel, so for no-desktop usage we still include
# xfce4-volumed-pulse
(if cfg.noDesktop then xfce4-volumed-pulse else xfce4-pulseaudio-plugin)
] ++ optionals cfg.enableXfwm [
xfwm4
xfwm4-themes
@ -108,14 +112,6 @@ in
"/share/gtksourceview-4.0"
];
# Use the correct gnome3 packageSet
networking.networkmanager.basePackages = mkIf config.networking.networkmanager.enable {
inherit (pkgs) networkmanager modemmanager wpa_supplicant crda;
inherit (pkgs.gnome3) networkmanager-openvpn networkmanager-vpnc
networkmanager-openconnect networkmanager-fortisslvpn
networkmanager-iodine networkmanager-l2tp;
};
services.xserver.desktopManager.session = [{
name = "xfce4-14";
bgSupport = true;

View File

@ -152,6 +152,7 @@ in
chown -R gdm:gdm /run/gdm/.config
'' + optionalString config.services.gnome3.gnome-initial-setup.enable ''
# Create stamp file for gnome-initial-setup to prevent run.
mkdir -p /run/gdm/.config
cat - > /run/gdm/.config/gnome-initial-setup-done <<- EOF
yes
EOF
@ -164,10 +165,16 @@ in
"rc-local.service"
"systemd-machined.service"
"systemd-user-sessions.service"
"getty@tty1.service"
"getty@tty${gdm.initialVT}.service"
"plymouth-quit.service"
"plymouth-start.service"
];
systemd.services.display-manager.conflicts = [
"getty@tty1.service"
"getty@tty${gdm.initialVT}.service"
"plymouth-quit.service"
];
systemd.services.display-manager.onFailure = [
"plymouth-quit.service"
];
systemd.services.display-manager.serviceConfig = {
@ -177,6 +184,9 @@ in
BusName = "org.gnome.DisplayManager";
StandardOutput = "syslog";
StandardError = "inherit";
ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID";
KeyringMode = "shared";
EnvironmentFile = "-/etc/locale.conf";
};
systemd.services.display-manager.path = [ pkgs.gnome3.gnome-session ];

View File

@ -220,6 +220,42 @@ in
exec ${lightdm}/sbin/lightdm
'';
# Replaces getty and plymouth quit since it quits plymouth on it's own.
systemd.services.display-manager.conflicts = [
"getty@tty7.service"
"plymouth-quit.service"
];
# Pull in dependencies of services we replace.
systemd.services.display-manager.after = [
"rc-local.service"
"systemd-machined.service"
"systemd-user-sessions.service"
"getty@tty7.service"
"user.slice"
];
# user.slice needs to be present
systemd.services.display-manager.requires = [
"user.slice"
];
# lightdm stops plymouth so when it fails make sure plymouth stops.
systemd.services.display-manager.onFailure = [
"plymouth-quit.service"
];
systemd.services.display-manager.serviceConfig = {
BusName = "org.freedesktop.DisplayManager";
IgnoreSIGPIPE = "no";
# This allows lightdm to pass the LUKS password through to PAM.
# login keyring is unlocked automatic when autologin is used.
KeyringMode = "shared";
KillMode = "mixed";
StandardError = "inherit";
StandardOutput = "syslog";
};
environment.etc."lightdm/lightdm.conf".source = lightdmConf;
environment.etc."lightdm/users.conf".source = usersConf;

View File

@ -0,0 +1,23 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.windowManager.cwm;
in
{
options = {
services.xserver.windowManager.cwm.enable = mkEnableOption "cwm";
};
config = mkIf cfg.enable {
services.xserver.windowManager.session = singleton
{ name = "cwm";
start =
''
cwm &
waitPID=$!
'';
};
environment.systemPackages = [ pkgs.cwm ];
};
}

View File

@ -11,6 +11,7 @@ in
./2bwm.nix
./afterstep.nix
./bspwm.nix
./cwm.nix
./dwm.nix
./evilwm.nix
./exwm.nix

View File

@ -184,14 +184,7 @@ in
find /var/empty -mindepth 1 -delete
chmod 0555 /var/empty
chown root:root /var/empty
${ # reasons for not setting immutable flag:
# 1. flag is not changeable inside a container
# 2. systemd-nspawn can not perform chown in case of --private-users-chown
# then the owner is nobody and ssh will not start
optionalString (!config.boot.isContainer) ''
${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
''}
'';
system.activationScripts.usrbinenv = if config.environment.usrbinenv != null

View File

@ -5,17 +5,20 @@ with lib;
let
inherit (pkgs) plymouth;
inherit (pkgs) nixos-icons;
cfg = config.boot.plymouth;
breezePlymouth = pkgs.breeze-plymouth.override {
nixosBranding = true;
nixosVersion = config.system.nixos.release;
nixosBreezePlymouth = pkgs.breeze-plymouth.override {
logoFile = cfg.logo;
logoName = "nixos";
osName = "NixOS";
osVersion = config.system.nixos.release;
};
themesEnv = pkgs.buildEnv {
name = "plymouth-themes";
paths = [ plymouth breezePlymouth ] ++ cfg.themePackages;
paths = [ plymouth ] ++ cfg.themePackages;
};
configFile = pkgs.writeText "plymouthd.conf" ''
@ -35,7 +38,7 @@ in
enable = mkEnableOption "Plymouth boot splash screen";
themePackages = mkOption {
default = [];
default = [ nixosBreezePlymouth ];
type = types.listOf types.package;
description = ''
Extra theme packages for plymouth.
@ -52,10 +55,7 @@ in
logo = mkOption {
type = types.path;
default = pkgs.fetchurl {
url = "https://nixos.org/logo/nixos-hires.png";
sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
};
default = "${nixos-icons}/share/icons/hicolor/128x128/apps/nix-snowflake.png";
defaultText = ''pkgs.fetchurl {
url = "https://nixos.org/logo/nixos-hires.png";
sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";

View File

@ -183,6 +183,12 @@ for o in $(cat /proc/cmdline); do
copytoram)
copytoram=1
;;
findiso=*)
# if an iso name is supplied, try to find the device where
# the iso resides on
set -- $(IFS==; echo $o)
isoPath=$2
;;
esac
done
@ -442,6 +448,27 @@ if test -e /sys/power/resume -a -e /sys/power/disk; then
fi
fi
# If we have a path to an iso file, find the iso and link it to /dev/root
if [ -n "$isoPath" ]; then
mkdir -p /findiso
for delay in 5 10; do
blkid | while read -r line; do
device=$(echo "$line" | sed 's/:.*//')
type=$(echo "$line" | sed 's/.*TYPE="\([^"]*\)".*/\1/')
mount -t "$type" "$device" /findiso
if [ -e "/findiso$isoPath" ]; then
ln -sf "/findiso$isoPath" /dev/root
break 2
else
umount /findiso
fi
done
sleep "$delay"
done
fi
# Try to find and mount the root device.
mkdir -p $targetRoot

View File

@ -142,7 +142,7 @@ fi
# Record the boot configuration.
ln -sfn "$systemConfig" /run/booted-system
# Prevent the booted system form being garbage-collected If it weren't
# Prevent the booted system from being garbage-collected. If it weren't
# a gcroot, if we were running a different kernel, switched system,
# and garbage collected all, we could not load kernel modules anymore.
ln -sfn /run/booted-system /nix/var/nix/gcroots/booted-system

View File

@ -546,6 +546,16 @@ in
'';
};
systemd.coredump.enable = mkOption {
default = true;
type = types.bool;
description = ''
Whether core dumps should be processed by
<command>systemd-coredump</command>. If disabled, core dumps
appear in the current directory of the crashing process.
'';
};
systemd.coredump.extraConfig = mkOption {
default = "";
type = types.lines;
@ -861,8 +871,8 @@ in
"tmpfiles.d/journal-nocow.conf".source = "${systemd}/example/tmpfiles.d/journal-nocow.conf";
"tmpfiles.d/static-nodes-permissions.conf".source = "${systemd}/example/tmpfiles.d/static-nodes-permissions.conf";
"tmpfiles.d/systemd.conf".source = "${systemd}/example/tmpfiles.d/systemd.conf";
"tmpfiles.d/systemd-nspawn.conf".source = "${systemd}/example/tmpfiles.d/system-nspawn.conf";
"tmpfiles.d/systemd-tmp.conf".source = "${systemd}/example/tmpfiles.d/system-tmp.conf";
"tmpfiles.d/systemd-nspawn.conf".source = "${systemd}/example/tmpfiles.d/systemd-nspawn.conf";
"tmpfiles.d/systemd-tmp.conf".source = "${systemd}/example/tmpfiles.d/systemd-tmp.conf";
"tmpfiles.d/var.conf".source = "${systemd}/example/tmpfiles.d/var.conf";
"tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf";
@ -983,6 +993,10 @@ in
# Don't bother with certain units in containers.
systemd.services.systemd-remount-fs.unitConfig.ConditionVirtualization = "!container";
systemd.services.systemd-random-seed.unitConfig.ConditionVirtualization = "!container";
boot.kernel.sysctl = mkIf (!cfg.coredump.enable) {
"kernel.core_pattern" = "core";
};
};
# FIXME: Remove these eventually.

View File

@ -38,6 +38,12 @@ in
} {
assertion = cfg.defaultGateway6 == null || cfg.defaultGateway6.interface == null;
message = "networking.defaultGateway6.interface is not supported by networkd.";
} {
assertion = cfg.useDHCP == false;
message = ''
networking.useDHCP is not supported by networkd.
Please use per interface configuration and set the global option to false.
'';
} ] ++ flip mapAttrsToList cfg.bridges (n: { rstp, ... }: {
assertion = !rstp;
message = "networking.bridges.${n}.rstp is not supported by networkd.";
@ -56,9 +62,7 @@ in
genericNetwork = override:
let gateway = optional (cfg.defaultGateway != null) cfg.defaultGateway.address
++ optional (cfg.defaultGateway6 != null) cfg.defaultGateway6.address;
in {
DHCP = override (dhcpStr cfg.useDHCP);
} // optionalAttrs (gateway != [ ]) {
in optionalAttrs (gateway != [ ]) {
routes = override [
{
routeConfig = {
@ -97,7 +101,7 @@ in
networks."40-${i.name}" = mkMerge [ (genericNetwork mkDefault) {
name = mkDefault i.name;
DHCP = mkForce (dhcpStr
(if i.useDHCP != null then i.useDHCP else cfg.useDHCP && interfaceIps i == [ ]));
(if i.useDHCP != null then i.useDHCP else false));
address = forEach (interfaceIps i)
(ip: "${ip.address}/${toString ip.prefixLength}");
networkConfig.IPv6PrivacyExtensions = "kernel";

View File

@ -903,6 +903,11 @@ in
Whether to use DHCP to obtain an IP address and other
configuration for all network interfaces that are not manually
configured.
Using this option is highly discouraged and also incompatible with
<option>networking.useNetworkd</option>. Please use
<option>networking.interfaces.&lt;name&gt;.useDHCP</option> instead
and set this to false.
'';
};

View File

@ -11,7 +11,7 @@ with lib;
services.udisks2.enable = mkDefault false;
powerManagement.enable = mkDefault false;
networking.useHostResolvConf = mkDefault (!config.services.resolved.enable);
networking.useHostResolvConf = mkDefault true;
# Containers should be light-weight, so start sshd on demand.
services.openssh.startWhenNeeded = mkDefault true;

View File

@ -824,5 +824,12 @@ in
'';
environment.systemPackages = [ pkgs.nixos-container ];
boot.kernelModules = [
"bridge"
"macvlan"
"tap"
"tun"
];
});
}

View File

@ -35,6 +35,7 @@ in
boot-stage1 = handleTest ./boot-stage1.nix {};
borgbackup = handleTest ./borgbackup.nix {};
buildbot = handleTest ./buildbot.nix {};
caddy = handleTest ./caddy.nix {};
cadvisor = handleTestOn ["x86_64-linux"] ./cadvisor.nix {};
cassandra = handleTest ./cassandra.nix {};
ceph = handleTestOn ["x86_64-linux"] ./ceph.nix {};
@ -262,7 +263,6 @@ in
syncthing-relay = handleTest ./syncthing-relay.nix {};
systemd = handleTest ./systemd.nix {};
systemd-confinement = handleTest ./systemd-confinement.nix {};
systemd-machinectl = handleTest ./systemd-machinectl.nix {};
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
systemd-networkd-wireguard = handleTest ./systemd-networkd-wireguard.nix {};
pdns-recursor = handleTest ./pdns-recursor.nix {};

82
nixos/tests/caddy.nix Normal file
View File

@ -0,0 +1,82 @@
import ./make-test.nix ({ pkgs, ... }: {
name = "caddy";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ xfix ];
};
nodes = {
webserver = { pkgs, lib, ... }: {
services.caddy.enable = true;
services.caddy.config = ''
http://localhost {
gzip
root ${
pkgs.runCommand "testdir" {} ''
mkdir "$out"
echo hello world > "$out/example.html"
''
}
}
'';
nesting.clone = [
{
services.caddy.config = lib.mkForce ''
http://localhost {
gzip
root ${
pkgs.runCommand "testdir2" {} ''
mkdir "$out"
echo changed > "$out/example.html"
''
}
}
'';
}
{
services.caddy.config = ''
http://localhost:8080 {
}
'';
}
];
};
};
testScript = { nodes, ... }: let
etagSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-1";
justReloadSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-2";
in ''
my $url = 'http://localhost/example.html';
$webserver->waitForUnit("caddy");
$webserver->waitForOpenPort("80");
sub checkEtag {
my $etag = $webserver->succeed(
'curl -v '.$url.' 2>&1 | sed -n -e "s/^< [Ee][Tt][Aa][Gg]: *//p"'
);
$etag =~ s/\r?\n$//;
my $httpCode = $webserver->succeed(
'curl -w "%{http_code}" -X HEAD -H \'If-None-Match: '.$etag.'\' '.$url
);
die "HTTP code is not 304" unless $httpCode == 304;
return $etag;
}
subtest "check ETag if serving Nix store paths", sub {
my $oldEtag = checkEtag;
$webserver->succeed("${etagSystem}/bin/switch-to-configuration test >&2");
$webserver->sleep(1); # race condition
my $newEtag = checkEtag;
die "Old ETag $oldEtag is the same as $newEtag" if $oldEtag eq $newEtag;
};
subtest "config is reloaded on nixos-rebuild switch", sub {
$webserver->succeed("${justReloadSystem}/bin/switch-to-configuration test >&2");
$webserver->waitForOpenPort("8080");
};
'';
})

View File

@ -23,6 +23,7 @@ import ./make-test.nix ({ pkgs, ...} : {
networking = {
dhcpcd.enable = false;
useNetworkd = true;
useDHCP = false;
interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::1"; prefixLength = 64; } ];
interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ];
};

View File

@ -10,12 +10,22 @@ import ./make-test.nix ({ pkgs, ... } : {
services.mxisd.enable = true;
services.mxisd.matrix.domain = "example.org";
};
server_ma1sd = args : {
services.mxisd.enable = true;
services.mxisd.matrix.domain = "example.org";
services.mxisd.package = pkgs.ma1sd;
};
};
testScript = ''
startAll;
$server_mxisd->waitForUnit("mxisd.service");
$server_mxisd->waitForOpenPort(8090);
$server_mxisd->succeed("curl -Ssf \"http://127.0.0.1:8090/_matrix/identity/api/v1\"")
$server_mxisd->succeed("curl -Ssf \"http://127.0.0.1:8090/_matrix/identity/api/v1\"");
$server_ma1sd->waitForUnit("mxisd.service");
$server_ma1sd->waitForOpenPort(8090);
$server_ma1sd->succeed("curl -Ssf \"http://127.0.0.1:8090/_matrix/identity/api/v1\"")
'';
})

View File

@ -72,6 +72,7 @@ let
testCases = {
loopback = {
name = "Loopback";
machine.networking.useDHCP = false;
machine.networking.useNetworkd = networkd;
testScript = ''
startAll;
@ -139,14 +140,16 @@ let
virtualisation.vlans = [ 1 2 ];
networking = {
useNetworkd = networkd;
useDHCP = true;
useDHCP = false;
interfaces.eth1 = {
ipv4.addresses = mkOverride 0 [ ];
ipv6.addresses = mkOverride 0 [ ];
useDHCP = true;
};
interfaces.eth2 = {
ipv4.addresses = mkOverride 0 [ ];
ipv6.addresses = mkOverride 0 [ ];
useDHCP = true;
};
};
};
@ -320,13 +323,19 @@ let
virtualisation.vlans = [ 1 ];
networking = {
useNetworkd = networkd;
useDHCP = false;
firewall.logReversePathDrops = true; # to debug firewall rules
# reverse path filtering rules for the macvlan interface seem
# to be incorrect, causing the test to fail. Disable temporarily.
firewall.checkReversePath = false;
useDHCP = true;
macvlans.macvlan.interface = "eth1";
interfaces.eth1.ipv4.addresses = mkOverride 0 [ ];
interfaces.eth1 = {
ipv4.addresses = mkOverride 0 [ ];
useDHCP = true;
};
interfaces.macvlan = {
useDHCP = true;
};
};
};
testScript = { ... }:
@ -440,6 +449,8 @@ let
virtual = {
name = "Virtual";
machine = {
networking.useNetworkd = networkd;
networking.useDHCP = false;
networking.interfaces.tap0 = {
ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ];
ipv6.addresses = [ { address = "2001:1470:fffd:2096::"; prefixLength = 64; } ];
@ -489,6 +500,7 @@ let
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true;
networking = {
useNetworkd = networkd;
useDHCP = false;
interfaces.eth1.ipv6.addresses = singleton {
address = "fd00:1234:5678:1::1";
prefixLength = 64;
@ -514,11 +526,12 @@ let
virtualisation.vlans = [ 1 ];
networking = {
useNetworkd = networkd;
useDHCP = true;
useDHCP = false;
interfaces.eth1 = {
preferTempAddress = true;
ipv4.addresses = mkOverride 0 [ ];
ipv6.addresses = mkOverride 0 [ ];
useDHCP = true;
};
};
};
@ -526,11 +539,12 @@ let
virtualisation.vlans = [ 1 ];
networking = {
useNetworkd = networkd;
useDHCP = true;
useDHCP = false;
interfaces.eth1 = {
preferTempAddress = false;
ipv4.addresses = mkOverride 0 [ ];
ipv6.addresses = mkOverride 0 [ ];
useDHCP = true;
};
};
};

View File

@ -16,6 +16,7 @@ in pkgs.lib.listToAttrs (pkgs.lib.crossLists (predictable: withNetworkd: {
networking.usePredictableInterfaceNames = lib.mkForce predictable;
networking.useNetworkd = withNetworkd;
networking.dhcpcd.enable = !withNetworkd;
networking.useDHCP = !withNetworkd;
};
testScript = ''

View File

@ -1,52 +0,0 @@
import ./make-test.nix (let
container = { ... }: {
boot.isContainer = true;
# use networkd to obtain systemd network setup
networking.useNetworkd = true;
# systemd-nspawn expects /sbin/init
boot.loader.initScript.enable = true;
imports = [ ../modules/profiles/minimal.nix ];
};
containerSystem = (import ../lib/eval-config.nix {
modules = [ container ];
}).config.system.build.toplevel;
containerName = "container";
containerRoot = "/var/lib/machines/${containerName}";
in {
name = "systemd-machinectl";
machine = { lib, ... }: {
# use networkd to obtain systemd network setup
networking.useNetworkd = true;
# open DHCP server on interface to container
networking.firewall.trustedInterfaces = [ "ve-+" ];
# do not try to access cache.nixos.org
nix.binaryCaches = lib.mkForce [];
virtualisation.pathsInNixDB = [ containerSystem ];
};
testScript = ''
startAll;
$machine->waitForUnit("default.target");
$machine->succeed("mkdir -p ${containerRoot}");
$machine->succeed("nixos-install --root ${containerRoot} --system ${containerSystem} --no-channel-copy --no-root-passwd --no-bootloader");
$machine->succeed("machinectl start ${containerName}");
$machine->waitUntilSucceeds("systemctl -M ${containerName} is-active default.target");
$machine->succeed("ping -n -c 1 ${containerName}");
$machine->succeed("test `stat ${containerRoot}/var/empty -c %u%g` != 00");
$machine->succeed("machinectl stop ${containerName}");
'';
})

View File

@ -2,6 +2,7 @@ let generateNodeConf = { lib, pkgs, config, privkpath, pubk, peerId, nodeId, ...
imports = [ common/user-account.nix ];
systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
networking.useNetworkd = true;
networking.useDHCP = false;
networking.firewall.enable = false;
virtualisation.vlans = [ 1 ];
environment.systemPackages = with pkgs; [ wireguard-tools ];

View File

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
pname = "flacon";
version = "5.4.0";
version = "5.5.1";
src = fetchFromGitHub {
owner = "flacon";
repo = "flacon";
rev = "v${version}";
sha256 = "1j8gzk92kn10yb7rmvrnyq0ipda2swnkmsavqsk5ws0z600p3k93";
sha256 = "05pvg5xhc2azwzld08m81r4b2krqdbcbm5lmdvg2zkk67xq9pqyd";
};
nativeBuildInputs = [ cmake pkgconfig makeWrapper ];

View File

@ -0,0 +1,44 @@
{ lib, fetchFromGitHub, python3Packages, wrapQtAppsHook }:
let
py = python3Packages;
in py.buildPythonApplication rec {
pname = "friture";
version = "0.36";
src = fetchFromGitHub {
owner = "tlecomte";
repo = "friture";
rev = "v${version}";
sha256 = "1pz8v0qbzqq3ig9w33cp027s6c8rj316x5sy8pqs5nsiny9ddnk6";
};
# module imports scipy.misc.factorial, but it has been removed since scipy
# 1.3.0; use scipy.special.factorial instead
patches = [ ./factorial.patch ];
nativeBuildInputs = (with py; [ numpy cython scipy ]) ++
[ wrapQtAppsHook ];
propagatedBuildInputs = with py; [
sounddevice
pyopengl
docutils
numpy
pyqt5
appdirs
pyrr
];
postFixup = ''
wrapQtApp $out/bin/friture
wrapQtApp $out/bin/.friture-wrapped
'';
meta = with lib; {
description = "A real-time audio analyzer";
homepage = http://friture.org/;
license = licenses.gpl3;
maintainers = [ maintainers.laikq ];
};
}

View File

@ -0,0 +1,13 @@
diff --git a/friture/filter_design.py b/friture/filter_design.py
index 9876c43..1cc749a 100644
--- a/friture/filter_design.py
+++ b/friture/filter_design.py
@@ -2,7 +2,7 @@
from numpy import pi, exp, arange, cos, sin, sqrt, zeros, ones, log, arange, set_printoptions
# the three following lines are a workaround for a bug with scipy and py2exe
# together. See http://www.pyinstaller.org/ticket/83 for reference.
-from scipy.misc import factorial
+from scipy.special import factorial
import scipy
scipy.factorial = factorial

View File

@ -9,11 +9,11 @@
stdenv.mkDerivation rec {
pname = "kid3";
version = "3.7.1";
version = "3.8.0";
src = fetchurl {
url = "mirror://sourceforge/project/kid3/kid3/${version}/${pname}-${version}.tar.gz";
sha256 = "0xkrsjrbr3z8cn8hjf623l28r3b755gr11i0clv8d8i3s10vhbd8";
sha256 = "1a6ixkkdp1fl3arylx06w73mwf26i0ibyplwwcn2kw5xsfxmbjp6";
};
nativeBuildInputs = [ wrapQtAppsHook ];

View File

@ -1,13 +1,13 @@
{ stdenv, fetchurl, unzip }:
{ stdenv, fetchurl, unzip, mpg123 }:
stdenv.mkDerivation {
name = "mp3gain-1.5.2";
name = "mp3gain-1.6.2";
src = fetchurl {
url = "mirror://sourceforge/mp3gain/mp3gain-1_5_2-src.zip";
sha256 = "1jkgry59m8cnnfq05b9y1h4x4wpy3iq8j68slb9qffwa3ajcgbfv";
url = "mirror://sourceforge/mp3gain/mp3gain-1_6_2-src.zip";
sha256 = "0varr6y7k8zarr56b42r0ad9g3brhn5vv3xjg1c0v19jxwr4gh2w";
};
buildInputs = [ unzip ];
buildInputs = [ unzip mpg123 ];
sourceRoot = ".";

View File

@ -2,11 +2,11 @@
mkDerivation rec {
pname = "padthv1";
version = "0.9.9";
version = "0.9.10";
src = fetchurl {
url = "mirror://sourceforge/padthv1/${pname}-${version}.tar.gz";
sha256 = "0axansxwa3vfc1n6a7jbaqyz6wmsffi37i4ggsl08gmqywz255xb";
sha256 = "07gpq31a9iwk79yzndqzmw7snap7s4ifnsc4mfwkdga2zx13z0rx";
};
buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools fftw ];

View File

@ -1,6 +1,8 @@
{ stdenv, fetchurl, alsaLib, fluidsynth, libjack2, qt5, autoconf, pkgconfig }:
{ stdenv, fetchurl, alsaLib, fluidsynth, libjack2, autoconf, pkgconfig
, mkDerivation, qtbase, qttools, qtx11extras
}:
stdenv.mkDerivation rec {
mkDerivation rec {
pname = "qsynth";
version = "0.5.7";
@ -11,7 +13,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ autoconf pkgconfig ];
buildInputs = [ alsaLib fluidsynth libjack2 qt5.qtbase qt5.qttools qt5.qtx11extras ];
buildInputs = [ alsaLib fluidsynth libjack2 qtbase qttools qtx11extras ];
enableParallelBuilding = true;

View File

@ -65,5 +65,6 @@ python3.pkgs.buildPythonApplication rec {
maintainers = with maintainers; [ coroa sauyon ];
homepage = https://quodlibet.readthedocs.io/en/latest/;
broken = true;
};
}

View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "samplv1";
version = "0.9.9";
version = "0.9.10";
src = fetchurl {
url = "mirror://sourceforge/samplv1/${pname}-${version}.tar.gz";
sha256 = "1y61wb0bzm1cz7y8xxv6hp8mrkfb9zm9irg6zs4g6aanw539r6l8";
sha256 = "04p5jkighmc8rf7fzzy8ch6knqbxv03vhjzdfh9dva2mlzw9rvjj";
};
buildInputs = [ libjack2 alsaLib liblo libsndfile lv2 qt5.qtbase qt5.qttools];

View File

@ -4,11 +4,11 @@
}:
stdenv.mkDerivation rec {
name = "snd-19.6";
name = "snd-19.7";
src = fetchurl {
url = "mirror://sourceforge/snd/${name}.tar.gz";
sha256 = "0s2qv8sznvw6559bi39qj9p072azh9qcb2b86w6w8clz2azjaa76";
sha256 = "1pr3l9iadvwinmxfl9a2lsm67yi7w3rhxglidpd41m2ni8jf2rlm";
};
nativeBuildInputs = [ pkgconfig ];

View File

@ -100,5 +100,6 @@ mkDerivation rec {
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ Phlogistique kamilchm ];
platforms = lib.platforms.linux;
broken = true;
};
}

View File

@ -6,16 +6,16 @@
rustPlatform.buildRustPackage rec {
pname = "spotifyd";
version = "0.2.16";
version = "0.2.19";
src = fetchFromGitHub {
owner = "Spotifyd";
repo = "spotifyd";
rev = "v${version}";
sha256 = "097hg18h7gya2w0wl5jkav79nb3qzcc4ycsryq7nhxa0h1agvinc";
sha256 = "063b28ysj224m6ngns9i574i7vnp1x4g07cqjw908ch04yngcg1c";
};
cargoSha256 = "0ar4bfwn3qxa6wsz2hd7nv1wr824h74jy3xqba2qsy0rsfwy1bmm";
cargoSha256 = "0pqxqd5dyw9mjclrqkxzfnzsz74xl4bg0b86v5q6kc0a91zd49b9";
cargoBuildFlags = [
"--no-default-features"
@ -36,7 +36,7 @@ rustPlatform.buildRustPackage rec {
description = "An open source Spotify client running as a UNIX daemon";
homepage = "https://github.com/Spotifyd/spotifyd";
license = with licenses; [ gpl3 ];
maintainers = [ maintainers.anderslundstedt ];
maintainers = [ maintainers.anderslundstedt maintainers.marsam ];
platforms = platforms.unix;
};
}

View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "synthv1";
version = "0.9.9";
version = "0.9.10";
src = fetchurl {
url = "mirror://sourceforge/synthv1/${pname}-${version}.tar.gz";
sha256 = "0cvamqzg74qfr7kzk3skimskmv0j3d1rmmpbpsmfcrg8srvyx9r2";
sha256 = "1ssdm7aiaz908ydqwdx9khxnnd0yfacjgvbxg5p9s9xhkbqqc2f2";
};
buildInputs = [ qt5.qtbase qt5.qttools libjack2 alsaLib liblo lv2 ];

View File

@ -2,6 +2,7 @@
, fetchFromGitHub
, cmake
, ninja
, vala
, pkgconfig
, pantheon
, gtk3
@ -34,7 +35,7 @@ stdenv.mkDerivation rec {
cmake
libxml2
ninja
pantheon.vala
vala
pkgconfig
wrapGAppsHook
];

View File

@ -3,12 +3,12 @@
, libGLU, lv2, gtk2, cairo, pango, fftwFloat, zita-convolver }:
stdenv.mkDerivation rec {
version = "20190714";
version = "20190820";
pname = "x42-plugins";
src = fetchurl {
url = "https://gareus.org/misc/x42-plugins/${pname}-${version}.tar.xz";
sha256 = "1mifmdy9pi1lg0h4nsvyjjnnni41vhgg34lks94mrx46wq90bgx4";
sha256 = "0dqsa5yxm3nx50j9k28iillj4sx2mjndzyspymxx0ghir1qmi4vh";
};
nativeBuildInputs = [ pkgconfig ];

View File

@ -10,16 +10,16 @@
rustPlatform.buildRustPackage rec {
pname = "jormungandr";
version = "0.5.5";
version = "0.5.6";
src = fetchgit {
url = "https://github.com/input-output-hk/${pname}";
rev = "v${version}";
sha256 = "1fzhmkx60b5fnx4x81g5ls93iixd3126m4q1smrpq8ksidw5xifa";
rev = "v${version}+lock";
sha256 = "0l6rxr1xjp5hfkf0qfx8qsa1slxn0ly28akci1rwgdhlzjn43zqr";
fetchSubmodules = true;
};
cargoSha256 = "1hkbzxp6ic1655cq45zv6dcyrk9rbmvscdl8wm8fbidabz4x8vqd";
cargoSha256 = "0590gsghr25bzfmxfyrpg58a0l77y88jwnrkgjxf06x3d66kkn3l";
nativeBuildInputs = [ pkgconfig protobuf ];
buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security ];

View File

@ -26,5 +26,6 @@ rustPlatform.buildRustPackage rec {
license = licenses.gpl3;
maintainers = [ maintainers.akru ];
platforms = platforms.linux;
broken = true;
};
}

View File

@ -1,8 +1,11 @@
{ channel, pname, version, build, sha256Hash }:
{ bash
{ alsaLib
, bash
, buildFHSUserEnv
, coreutils
, dbus
, expat
, fetchurl
, findutils
, file
@ -19,16 +22,24 @@
, libpulseaudio
, libGL
, libX11
, libxcb
, libXcomposite
, libXcursor
, libXdamage
, libXext
, libXfixes
, libXi
, libXrandr
, libXrender
, libXtst
, makeWrapper
, nspr
, nss
, pciutils
, pkgsi686Linux
, setxkbmap
, stdenv
, systemd
, unzip
, which
, runCommand
@ -99,9 +110,20 @@ let
libXrandr
# For Android emulator
alsaLib
dbus
expat
libpulseaudio
libX11
libxcb
libXcomposite
libXcursor
libXdamage
libXfixes
libGL
nspr
nss
systemd
# For GTKLookAndFeel
gtk2

View File

@ -8,15 +8,15 @@ let
inherit (gnome2) GConf gnome_vfs;
};
stableVersion = {
version = "3.5.0.21"; # "Android Studio 3.5"
build = "191.5791312";
sha256Hash = "0vvk2vhklxg9wfi4lv4sahs5ahhb1mki1msy3yixmr56vipgv52p";
version = "3.5.1.0"; # "Android Studio 3.5.1"
build = "191.5900203";
sha256Hash = "0afxlif8pkrl6m1lhiqri1qv4vf5mfm1yg6qk5rad0442hm3kz4l";
};
betaVersion = stableVersion;
betaVersion = latestVersion;
latestVersion = { # canary & dev
version = "3.6.0.12"; # "Android Studio 3.6 Canary 12"
build = "192.5871855";
sha256Hash = "0pxvpxqdxv37sl72p7gml70k6kl717k6avw9p0l00cys0zbvb3zq";
version = "3.6.0.13"; # "Android Studio 3.6 Beta 1"
build = "192.5916306";
sha256Hash = "0kvz3mgpfb3wqr1pw9847d5syswlzls3b4nilzgk6w127k2zmkfy";
};
in {
# Attributes are named by their corresponding release channels

View File

@ -13,10 +13,10 @@ assert stdenv ? glibc;
let
platform_major = "4";
platform_minor = "12";
platform_minor = "13";
year = "2019";
month = "06";
timestamp = "201906051800";
month = "09";
timestamp = "201909161045";
in rec {
@ -34,7 +34,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-cpp-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "3mfljabrwbwq256vvsp9qjb96hzlbpwgnb3wz806pbyh0ibfq6s1hn8kh5aaa2da5821v0ykcxa12jagj7naqp4g91jqxp1wb1ygz2q";
sha512 = "0s9wvxd1bahlcdw7l6cyfi59p78j6gym3a3mn1z6dm6swxgyb2wjjl7hx8bkg0zs8x31bwllpdq22y2vcm6j57h40v53l3xkhy73m8v";
};
};
@ -46,7 +46,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-modeling-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "18p6xz6rq4w6j39b2k9kjpz8s1nljfq44g2cmvxqjgjfkq8lk4ij73ssyv1raly4wkm7r22ixacswdjmyj942k5vpv9y11i91hp1scv";
sha512 = "09nc7ipv67h0gr7lkxsbxrgj9gn48348asn03ylcvflyrcxghqs8n11a75rwvdj98igdzpw922saicx5lqq5g2flfqiga97lwwhfiz5";
};
};
@ -58,7 +58,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-platform-${platform_major}.${platform_minor}-linux-gtk-x86_64.tar.gz";
sha512 = "0qiyk95qhdqcfgg5hgc7pcpbpjy9jnx7l3vb7s4cgijdz2xz0n5psh11lpj3whk2amh4iwkyx7kn8fxdq7lm03rlgx67cbk7p8my16m";
sha512 = "2c40wwrc2ip32n0m5cs8ds0g7cs7018acw8gjkd23msa4pr9x9511c3dj6rbnn1hwzf9yjq6vnjmib5qarxd3vly76jwxhf867l1f7v";
};
};
@ -88,7 +88,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-SDK-${platform_major}.${platform_minor}-linux-gtk-x86_64.tar.gz";
sha512 = "3bbc8d66ms7nhg6f8gb0bnzjqz26wixpipn4n9qf0azcplrv2j91z8hjw1fx39dx4pqnsf442bkgab4qqhkpks7qq54110l01q6gvy9";
sha512 = "2vm646d1crzzzysll3p5pjfljfjzxx4qd37dqcp6xjm91zg8iskli688h0lgla0rmbwz5kj509jp22m4rxkp3cbgd006dd0jr3icdls";
};
};
@ -100,7 +100,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-java-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "20qs1aagh4drsycvar3x42zy422zl34yg1p3vhxbqfbf7v3z1d3cxs9ah61x4bdxx9bkfwchasqp1wr15nflch9g0i50bdki3cgng1d";
sha512 = "3zyxqd8iwrfgjjg91dfi4bda61rd2717hy53swmbygi48zaaam70swx997yp5qzxwjp3macdslfk6sqhq2qlcdwcdl6dmkry018jh7b";
};
};

View File

@ -254,12 +254,12 @@ rec {
cdt = buildEclipseUpdateSite rec {
name = "cdt-${version}";
version = "9.8.1";
version = "9.9.0";
src = fetchzip {
stripRoot = false;
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/tools/cdt/releases/9.8/${name}/${name}.zip";
sha256 = "0kxmwz75i8mv4wics9n0hspxhzl3glf5ry2v5mnl5j9gcf73b0nv";
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/tools/cdt/releases/9.9/${name}/${name}.zip";
sha256 = "1vgx7ggilfwmx0bjrhk7mwlwg1c8lb141ilj3vzwxivlffihy054";
};
meta = with stdenv.lib; {
@ -474,12 +474,12 @@ rec {
jdt = buildEclipseUpdateSite rec {
name = "jdt-${version}";
version = "4.12";
version = "4.13";
src = fetchzip {
stripRoot = false;
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.12-201906051800/org.eclipse.jdt-4.12.zip;
sha256 = "0qscvqg69z4554n1yhl0xg1xz8ln3qsbgfzi7cg3xnnwnxfqz9cb";
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.13-201909161045/org.eclipse.jdt-4.13.zip;
sha256 = "0sfpxph0cszcx1cihzzjn60qid8sxgl2xyr9x46fld4ian5a7vbr";
};
meta = with stdenv.lib; {

View File

@ -3,7 +3,7 @@
with stdenv.lib;
let
version = "1.35";
version = "1.36";
in
stdenv.mkDerivation rec {
@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://download.geany.org/${pname}-${version}.tar.bz2";
sha256 = "179xfnvhcxsv54v2mlrhykqv2j7klniln5sffvqqpjmdvwyivvim";
sha256 = "0gnm17cr4rf3pmkf0axz4a0fxwnvp55ji0q0lzy88yqbshyxv14i";
};
nativeBuildInputs = [ pkgconfig intltool libintl ];

View File

@ -38,11 +38,11 @@
stdenv.mkDerivation rec {
pname = "gnome-builder";
version = "3.34.0";
version = "3.34.1";
src = fetchurl {
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "19i2ipgw48fpd50wacwyhj35hajlg7qcyxpj8rsqk4g21ijfykrg";
sha256 = "19018pq94cxf6fywd7fsmy98x56by5zfmh140pl530gaaw84cvhb";
};
nativeBuildInputs = [

View File

@ -2,7 +2,7 @@
python3Packages.buildPythonApplication rec {
pname = "manuskript";
version = "0.9.0";
version = "0.10.0";
format = "other";
@ -10,7 +10,7 @@ python3Packages.buildPythonApplication rec {
repo = pname;
owner = "olivierkes";
rev = version;
sha256 = "13y1s0kba1ib6g977n7h920kyr7abdw03kpal512m7iwa9g2kdw8";
sha256 = "0q413vym7hzjpyg3krj5y63hwpncdifjkyswqmr76zg5yqnklnh3";
};
nativeBuildInputs = [ wrapQtAppsHook ];

View File

@ -20,11 +20,11 @@ let
in stdenv.mkDerivation rec {
pname = "nano";
version = "4.4";
version = "4.5";
src = fetchurl {
url = "mirror://gnu/nano/${pname}-${version}.tar.xz";
sha256 = "1iw2ypq34g1gfqyhgka2fz5yj5vrlz85q6zk7amgyj286ph25wia";
sha256 = "0czmz1yq8s5qcxcmfjdxzg9nkhbmlc9q1nz04jvf57fdbs7w7mfy";
};
nativeBuildInputs = [ texinfo ] ++ optional enableNls gettext;

View File

@ -26,7 +26,8 @@ stdenv.mkDerivation rec {
'';
meta = with stdenv.lib; {
homepage = https://sourceforge.net/projects/nedit;
homepage = "https://sourceforge.net/projects/nedit";
description = "A fast, compact Motif/X11 plain text editor";
platforms = with platforms; linux ++ darwin;
license = licenses.gpl2;
};

View File

@ -79,9 +79,11 @@ in
cmakeFlags = [
"-DGPERF_PRG=${gperf}/bin/gperf"
"-DLIBLUV_LIBRARY=${lua.pkgs.luv}/lib/lua/${lua.luaversion}/luv.so"
"-DLUA_PRG=${neovimLuaEnv.interpreter}"
]
# FIXME: this is verry messy and strange.
++ optional (!stdenv.isDarwin) "-DLIBLUV_LIBRARY=${lua.pkgs.luv}/lib/lua/${lua.luaversion}/luv.so"
++ optional (stdenv.isDarwin) "-DLIBLUV_LIBRARY=${lua.pkgs.luv.libluv}/lib/lua/${lua.luaversion}/libluv.dylib"
++ optional doCheck "-DBUSTED_PRG=${neovimLuaEnv}/bin/busted"
++ optional (!lua.pkgs.isLuaJIT) "-DPREFER_LUA=ON"
;

View File

@ -28,6 +28,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
license = licenses.gpl2;
description = "A hex editor";
maintainers = with maintainers; [ peterhoeg bkchr ];
platforms = platforms.linux;
};

View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, pkgconfig, meson, ninja, python3
{ stdenv, fetchFromGitHub, pkgconfig, meson, ninja, python3, vala
, gtk3, desktop-file-utils, gtksourceview, webkitgtk, gtkspell3, pantheon
, libgee, discount, wrapGAppsHook }:
@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
desktop-file-utils
meson
ninja
pantheon.vala
vala
pkgconfig
python3
wrapGAppsHook

View File

@ -5,15 +5,15 @@ let
in
{
sublime3-dev = common {
buildVersion = "3208";
buildVersion = "3210";
dev = true;
x32sha256 = "09k04fjryc0dc6173i6nwhi5xaan89n4lp0n083crvkqwp0qlf2i";
x64sha256 = "12pn3yfm452m75dlyl0lyf82956j8raz2dglv328m81hbafflrj8";
x32sha256 = "1ngr4c8h2mafy96mi8dd3g8mg5r9ha1cpcd8p3gz7jwpbypvkkbv";
x64sha256 = "0j65a4ylgga1qzc74wf3k5craghahma8hwqg3zs1rgzz601nl693";
} {};
sublime3 = common {
buildVersion = "3207";
x32sha256 = "14hfb8x8zb49zjq0pd8s73xk333gmf38h5b7g979czcmbhdxiyqy";
x64sha256 = "1i1q9592sc8idvlpygksdkclh7h506hsz5l0i02g1814w0flzdmc";
buildVersion = "3211";
x32sha256 = "0w9hba1nl2hv1mri418n7v0m321b6wqphb1knll23ldv5fb0j1j8";
x64sha256 = "1vkldmimyjhbgplcd6r27gvk64rr7cparfd44hy6qdyzwsjqqg0b";
} {};
}

View File

@ -136,6 +136,15 @@ stdenv.mkDerivation {
find $out/share/man \( -name eVim.1 -or -name xxd.1 \) -delete
'';
# We rely on the user's Xcode install to build. It may be located in an arbitrary place, and
# it's not clear what system-level components it may require, so for now we'll just allow full
# filesystem access. This way the package still can't access the network.
sandboxProfile = ''
(allow file-read* file-write* process-exec mach-lookup)
; block homebrew dependencies
(deny file-read* file-write* process-exec mach-lookup (subpath "/usr/local") (with no-log))
'';
meta = with stdenv.lib; {
description = "Vim - the text editor - for macOS";
homepage = https://github.com/macvim-dev/macvim;

Some files were not shown because too many files have changed in this diff Show More