JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into haskell-updates

Browse Source
This commit is contained in:
sternenseemann 2021-06-02 17:07:43 +02:00
commit e308370fc8
645 changed files with 34895 additions and 11856 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/CODEOWNERS vendored
View File

@ -72,12 +72,14 @@
/pkgs/common-updater/scripts/update-source-version @jtojnar
# Python-related code and docs
/maintainers/scripts/update-python-libraries @FRidh
/pkgs/top-level/python-packages.nix @FRidh @jonringer
/pkgs/development/interpreters/python @FRidh
/pkgs/development/python-modules @FRidh @jonringer
/doc/languages-frameworks/python.section.md @FRidh
/pkgs/development/tools/poetry2nix @adisbladis
/maintainers/scripts/update-python-libraries @FRidh
/pkgs/top-level/python-packages.nix @FRidh @jonringer
/pkgs/development/interpreters/python @FRidh
/pkgs/development/python-modules @FRidh @jonringer
/doc/languages-frameworks/python.section.md @FRidh
/pkgs/development/tools/poetry2nix @adisbladis
/pkgs/development/interpreters/python/hooks @FRidh @jonringer @DavHau
/pkgs/development/interpreters/python/conda @DavHau
# Haskell
/doc/languages-frameworks/haskell.section.md @cdepillabout @sternenseemann @maralorn

7
.github/workflows/backport.yml vendored
View File

@ -1,10 +1,10 @@
name: Backport
on:
pull_request:
types: [closed]
pull_request_target:
types: [closed, labeled]
jobs:
backport:
name: Create backport PRs
name: Backport Pull Request
if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
@ -12,6 +12,7 @@ jobs:
with:
# required to find all branches
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Create backport PRs
# should be kept in sync with `version`
uses: zeebe-io/backport-action@9b8949dcd4295d364b0939f07d0c7593598d26cd

1
.github/workflows/manual-nixos.yml vendored
View File

@ -12,6 +12,7 @@ on:
jobs:
nixos:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@v2
with:

1
.github/workflows/manual-nixpkgs.yml vendored
View File

@ -12,6 +12,7 @@ on:
jobs:
nixpkgs:
runs-on: ubuntu-latest
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@v2
with:

2
.github/workflows/merge-staging.yml vendored
View File

@ -8,7 +8,7 @@ on:
jobs:
sync-branch:
if: github.repository == 'NixOS/nixpkgs'
if: github.repository_owner == 'NixOS'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2

7
.github/workflows/nixos-manual.yml vendored
View File

@ -1,7 +1,9 @@
name: NixOS manual checks
permissions: read-all
on:
pull_request:
pull_request_target:
branches-ignore:
- 'release-**'
paths:
@ -14,6 +16,9 @@ jobs:
if: github.repository_owner == 'NixOS'
steps:
- uses: actions/checkout@v2
with:
# pull_request_target checks out the base branch by default
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@v12
- name: Check DocBook files generated from Markdown are consistent
run: |

10
doc/contributing/coding-conventions.chapter.md
View File

@ -526,6 +526,16 @@ If you do need to do create this sort of patch file, one way to do so is with gi
$ git diff > nixpkgs/pkgs/the/package/0001-changes.patch
```
If a patch is available online but does not cleanly apply, it can be modified in some fixed ways by using additional optional arguments for `fetchpatch`:
- `stripLen`: Remove the first `stripLen` components of pathnames in the patch.
- `extraPrefix`: Prefix pathnames by this string.
- `excludes`: Exclude files matching this pattern.
- `includes`: Include only files matching this pattern.
- `revert`: Revert the patch.
Note that because the checksum is computed after applying these effects, using or modifying these arguments will have no effect unless the `sha256` argument is changed as well.
## Package tests {#sec-package-tests}
Tests are important to ensure quality and make reviews and automatic updates easy.

79
doc/languages-frameworks/rust.section.md
View File

@ -107,6 +107,54 @@ rustPlatform.buildRustPackage rec {
}
```
### Importing a `Cargo.lock` file
Using `cargoSha256` or `cargoHash` is tedious when using
`buildRustPackage` within a project, since it requires that the hash
is updated after every change to `Cargo.lock`. Therefore,
`buildRustPackage` also supports vendoring dependencies directly from
a `Cargo.lock` file using the `cargoLock` argument. For example:
```nix
rustPlatform.buildRustPackage rec {
pname = "myproject";
version = "1.0.0";
cargoLock = {
lockFile = ./Cargo.lock;
}
# ...
}
```
This will retrieve the dependencies using fixed-output derivations from
the specified lockfile.
The output hash of each dependency that uses a git source must be
specified in the `outputHashes` attribute. For example:
```nix
rustPlatform.buildRustPackage rec {
pname = "myproject";
version = "1.0.0";
cargoLock = {
lockFile = ./Cargo.lock;
outputHashes = {
"finalfusion-0.14.0" = "17f4bsdzpcshwh74w5z119xjy2if6l2wgyjy56v621skr2r8y904";
};
}
# ...
}
```
If you do not specify an output hash for a git dependency, building
the package will fail and inform you of which crate needs to be
added. To find the correct hash, you can first use `lib.fakeSha256` or
`lib.fakeHash` as a stub hash. Building the package (and thus the
vendored dependencies) will then inform you of the correct hash.
### Cross compilation
@ -308,6 +356,37 @@ attributes can also be used:
the `Cargo.lock`/`Cargo.toml` files need to be patched before
vendoring.
If a `Cargo.lock` file is available, you can alternatively use the
`importCargoLock` function. In contrast to `fetchCargoTarball`, this
function does not require a hash (unless git dependencies are used)
and fetches every dependency as a separate fixed-output derivation.
`importCargoLock` can be used as follows:
```
cargoDeps = rustPlatform.importCargoLock {
lockFile = ./Cargo.lock;
};
```
If the `Cargo.lock` file includes git dependencies, then their output
hashes need to be specified since they are not available through the
lock file. For example:
```
cargoDeps = rustPlatform.importCargoLock {
lockFile = ./Cargo.lock;
outputHashes = {
"rand-0.8.3" = "0ya2hia3cn31qa8894s3av2s8j5bjwb6yq92k0jsnlx7jid0jwqa";
};
};
```
If you do not specify an output hash for a git dependency, building
`cargoDeps` will fail and inform you of which crate needs to be
added. To find the correct hash, you can first use `lib.fakeSha256` or
`lib.fakeHash` as a stub hash. Building `cargoDeps` will then inform
you of the correct hash.
### Hooks
`rustPlatform` provides the following hooks to automate Cargo builds:

6
doc/manual.xml
View File

@ -8,9 +8,9 @@
<xi:include href="preface.chapter.xml" />
<part>
<title>Using Nixpkgs</title>
<xi:include href="using/configuration.xml" />
<xi:include href="using/overlays.xml" />
<xi:include href="using/overrides.xml" />
<xi:include href="using/configuration.chapter.xml" />
<xi:include href="using/overlays.chapter.xml" />
<xi:include href="using/overrides.chapter.xml" />
<xi:include href="functions.xml" />
</part>
<part>

356
doc/using/configuration.chapter.md Normal file
View File

@ -0,0 +1,356 @@
# Global configuration {#chap-packageconfig}
Nix comes with certain defaults about what packages can and cannot be installed, based on a package's metadata. By default, Nix will prevent installation if any of the following criteria are true:
- The package is thought to be broken, and has had its `meta.broken` set to `true`.
- The package isn't intended to run on the given system, as none of its `meta.platforms` match the given system.
- The package's `meta.license` is set to a license which is considered to be unfree.
- The package has known security vulnerabilities but has not or can not be updated for some reason, and a list of issues has been entered in to the package's `meta.knownVulnerabilities`.
Note that all this is checked during evaluation already, and the check includes any package that is evaluated. In particular, all build-time dependencies are checked. `nix-env -qa` will (attempt to) hide any packages that would be refused.
Each of these criteria can be altered in the nixpkgs configuration.
The nixpkgs configuration for a NixOS system is set in the `configuration.nix`, as in the following example:
```nix
{
nixpkgs.config = {
allowUnfree = true;
};
}
```
However, this does not allow unfree software for individual users. Their configurations are managed separately.
A user's nixpkgs configuration is stored in a user-specific configuration file located at `~/.config/nixpkgs/config.nix`. For example:
```nix
{
allowUnfree = true;
}
```
Note that we are not able to test or build unfree software on Hydra due to policy. Most unfree licenses prohibit us from either executing or distributing the software.
## Installing broken packages {#sec-allow-broken}
There are two ways to try compiling a package which has been marked as broken.
- For allowing the build of a broken package once, you can use an environment variable for a single invocation of the nix tools:
```ShellSession
$ export NIXPKGS_ALLOW_BROKEN=1
```
- For permanently allowing broken packages to be built, you may add `allowBroken = true;` to your user's configuration file, like this:
```nix
{
allowBroken = true;
}
```
## Installing packages on unsupported systems {#sec-allow-unsupported-system}
There are also two ways to try compiling a package which has been marked as unsupported for the given system.
- For allowing the build of an unsupported package once, you can use an environment variable for a single invocation of the nix tools:
```ShellSession
$ export NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1
```
- For permanently allowing unsupported packages to be built, you may add `allowUnsupportedSystem = true;` to your user's configuration file, like this:
```nix
{
allowUnsupportedSystem = true;
}
```
The difference between a package being unsupported on some system and being broken is admittedly a bit fuzzy. If a program *ought* to work on a certain platform, but doesn't, the platform should be included in `meta.platforms`, but marked as broken with e.g. `meta.broken = !hostPlatform.isWindows`. Of course, this begs the question of what \"ought\" means exactly. That is left to the package maintainer.
## Installing unfree packages {#sec-allow-unfree}
There are several ways to tweak how Nix handles a package which has been marked as unfree.
- To temporarily allow all unfree packages, you can use an environment variable for a single invocation of the nix tools:
```ShellSession
$ export NIXPKGS_ALLOW_UNFREE=1
```
- It is possible to permanently allow individual unfree packages, while still blocking unfree packages by default using the `allowUnfreePredicate` configuration option in the user configuration file.
This option is a function which accepts a package as a parameter, and returns a boolean. The following example configuration accepts a package and always returns false:
```nix
{
allowUnfreePredicate = (pkg: false);
}
```
For a more useful example, try the following. This configuration only allows unfree packages named roon-server and visual studio code:
```nix
{
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"roon-server"
"vscode"
];
}
```
- It is also possible to allow and block licenses that are specifically acceptable or not acceptable, using `allowlistedLicenses` and `blocklistedLicenses`, respectively.
The following example configuration allowlists the licenses `amd` and `wtfpl`:
```nix
{
allowlistedLicenses = with lib.licenses; [ amd wtfpl ];
}
```
The following example configuration blocklists the `gpl3Only` and `agpl3Only` licenses:
```nix
{
blocklistedLicenses = with lib.licenses; [ agpl3Only gpl3Only ];
}
```
Note that `allowlistedLicenses` only applies to unfree licenses unless `allowUnfree` is enabled. It is not a generic allowlist for all types of licenses. `blocklistedLicenses` applies to all licenses.
A complete list of licenses can be found in the file `lib/licenses.nix` of the nixpkgs tree.
## Installing insecure packages {#sec-allow-insecure}
There are several ways to tweak how Nix handles a package which has been marked as insecure.
- To temporarily allow all insecure packages, you can use an environment variable for a single invocation of the nix tools:
```ShellSession
$ export NIXPKGS_ALLOW_INSECURE=1
```
- It is possible to permanently allow individual insecure packages, while still blocking other insecure packages by default using the `permittedInsecurePackages` configuration option in the user configuration file.
The following example configuration permits the installation of the hypothetically insecure package `hello`, version `1.2.3`:
```nix
{
permittedInsecurePackages = [
"hello-1.2.3"
];
}
```
- It is also possible to create a custom policy around which insecure packages to allow and deny, by overriding the `allowInsecurePredicate` configuration option.
The `allowInsecurePredicate` option is a function which accepts a package and returns a boolean, much like `allowUnfreePredicate`.
The following configuration example only allows insecure packages with very short names:
```nix
{
allowInsecurePredicate = pkg: builtins.stringLength (lib.getName pkg) <= 5;
}
```
Note that `permittedInsecurePackages` is only checked if `allowInsecurePredicate` is not specified.
## Modify packages via `packageOverrides` {#sec-modify-via-packageOverrides}
You can define a function called `packageOverrides` in your local `~/.config/nixpkgs/config.nix` to override Nix packages. It must be a function that takes pkgs as an argument and returns a modified set of packages.
```nix
{
packageOverrides = pkgs: rec {
foo = pkgs.foo.override { ... };
};
}
```
## Declarative Package Management {#sec-declarative-package-management}
### Build an environment {#sec-building-environment}
Using `packageOverrides`, it is possible to manage packages declaratively. This means that we can list all of our desired packages within a declarative Nix expression. For example, to have `aspell`, `bc`, `ffmpeg`, `coreutils`, `gdb`, `nixUnstable`, `emscripten`, `jq`, `nox`, and `silver-searcher`, we could use the following in `~/.config/nixpkgs/config.nix`:
```nix
{
packageOverrides = pkgs: with pkgs; {
myPackages = pkgs.buildEnv {
name = "my-packages";
paths = [
aspell
bc
coreutils
gdb
ffmpeg
nixUnstable
emscripten
jq
nox
silver-searcher
];
};
};
}
```
To install it into our environment, you can just run `nix-env -iA nixpkgs.myPackages`. If you want to load the packages to be built from a working copy of `nixpkgs` you just run `nix-env -f. -iA myPackages`. To explore what's been installed, just look through `~/.nix-profile/`. You can see that a lot of stuff has been installed. Some of this stuff is useful some of it isn't. Let's tell Nixpkgs to only link the stuff that we want:
```nix
{
packageOverrides = pkgs: with pkgs; {
myPackages = pkgs.buildEnv {
name = "my-packages";
paths = [
aspell
bc
coreutils
gdb
ffmpeg
nixUnstable
emscripten
jq
nox
silver-searcher
];
pathsToLink = [ "/share" "/bin" ];
};
};
}
```
`pathsToLink` tells Nixpkgs to only link the paths listed which gets rid of the extra stuff in the profile. `/bin` and `/share` are good defaults for a user environment, getting rid of the clutter. If you are running on Nix on MacOS, you may want to add another path as well, `/Applications`, that makes GUI apps available.
### Getting documentation {#sec-getting-documentation}
After building that new environment, look through `~/.nix-profile` to make sure everything is there that we wanted. Discerning readers will note that some files are missing. Look inside `~/.nix-profile/share/man/man1/` to verify this. There are no man pages for any of the Nix tools! This is because some packages like Nix have multiple outputs for things like documentation (see section 4). Let's make Nix install those as well.
```nix
{
packageOverrides = pkgs: with pkgs; {
myPackages = pkgs.buildEnv {
name = "my-packages";
paths = [
aspell
bc
coreutils
ffmpeg
nixUnstable
emscripten
jq
nox
silver-searcher
];
pathsToLink = [ "/share/man" "/share/doc" "/bin" ];
extraOutputsToInstall = [ "man" "doc" ];
};
};
}
```
This provides us with some useful documentation for using our packages. However, if we actually want those manpages to be detected by man, we need to set up our environment. This can also be managed within Nix expressions.
```nix
{
packageOverrides = pkgs: with pkgs; rec {
myProfile = writeText "my-profile" ''
export PATH=$HOME/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/sbin:/bin:/usr/sbin:/usr/bin
export MANPATH=$HOME/.nix-profile/share/man:/nix/var/nix/profiles/default/share/man:/usr/share/man
'';
myPackages = pkgs.buildEnv {
name = "my-packages";
paths = [
(runCommand "profile" {} ''
mkdir -p $out/etc/profile.d
cp ${myProfile} $out/etc/profile.d/my-profile.sh
'')
aspell
bc
coreutils
ffmpeg
man
nixUnstable
emscripten
jq
nox
silver-searcher
];
pathsToLink = [ "/share/man" "/share/doc" "/bin" "/etc" ];
extraOutputsToInstall = [ "man" "doc" ];
};
};
}
```
For this to work fully, you must also have this script sourced when you are logged in. Try adding something like this to your `~/.profile` file:
```ShellSession
#!/bin/sh
if [ -d $HOME/.nix-profile/etc/profile.d ]; then
for i in $HOME/.nix-profile/etc/profile.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
fi
```
Now just run `source $HOME/.profile` and you can starting loading man pages from your environment.
### GNU info setup {#sec-gnu-info-setup}
Configuring GNU info is a little bit trickier than man pages. To work correctly, info needs a database to be generated. This can be done with some small modifications to our environment scripts.
```nix
{
packageOverrides = pkgs: with pkgs; rec {
myProfile = writeText "my-profile" ''
export PATH=$HOME/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/sbin:/bin:/usr/sbin:/usr/bin
export MANPATH=$HOME/.nix-profile/share/man:/nix/var/nix/profiles/default/share/man:/usr/share/man
export INFOPATH=$HOME/.nix-profile/share/info:/nix/var/nix/profiles/default/share/info:/usr/share/info
'';
myPackages = pkgs.buildEnv {
name = "my-packages";
paths = [
(runCommand "profile" {} ''
mkdir -p $out/etc/profile.d
cp ${myProfile} $out/etc/profile.d/my-profile.sh
'')
aspell
bc
coreutils
ffmpeg
man
nixUnstable
emscripten
jq
nox
silver-searcher
texinfoInteractive
];
pathsToLink = [ "/share/man" "/share/doc" "/share/info" "/bin" "/etc" ];
extraOutputsToInstall = [ "man" "doc" "info" ];
postBuild = ''
if [ -x $out/bin/install-info -a -w $out/share/info ]; then
shopt -s nullglob
for i in $out/share/info/*.info $out/share/info/*.info.gz; do
$out/bin/install-info $i $out/share/info/dir
done
fi
'';
};
};
}
```
`postBuild` tells Nixpkgs to run a command after building the environment. In this case, `install-info` adds the installed info pages to `dir` which is GNU info's default root node. Note that `texinfoInteractive` is added to the environment to give the `install-info` command.

451
doc/using/configuration.xml
View File

@ -1,451 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-packageconfig">
<title>Global configuration</title>
<para>
Nix comes with certain defaults about what packages can and cannot be installed, based on a package's metadata. By default, Nix will prevent installation if any of the following criteria are true:
</para>
<itemizedlist>
<listitem>
<para>
The package is thought to be broken, and has had its <literal>meta.broken</literal> set to <literal>true</literal>.
</para>
</listitem>
<listitem>
<para>
The package isn't intended to run on the given system, as none of its <literal>meta.platforms</literal> match the given system.
</para>
</listitem>
<listitem>
<para>
The package's <literal>meta.license</literal> is set to a license which is considered to be unfree.
</para>
</listitem>
<listitem>
<para>
The package has known security vulnerabilities but has not or can not be updated for some reason, and a list of issues has been entered in to the package's <literal>meta.knownVulnerabilities</literal>.
</para>
</listitem>
</itemizedlist>
<para>
Note that all this is checked during evaluation already, and the check includes any package that is evaluated. In particular, all build-time dependencies are checked. <literal>nix-env -qa</literal> will (attempt to) hide any packages that would be refused.
</para>
<para>
Each of these criteria can be altered in the nixpkgs configuration.
</para>
<para>
The nixpkgs configuration for a NixOS system is set in the <literal>configuration.nix</literal>, as in the following example:
<programlisting>
{
nixpkgs.config = {
allowUnfree = true;
};
}
</programlisting>
However, this does not allow unfree software for individual users. Their configurations are managed separately.
</para>
<para>
A user's nixpkgs configuration is stored in a user-specific configuration file located at <filename>~/.config/nixpkgs/config.nix</filename>. For example:
<programlisting>
{
allowUnfree = true;
}
</programlisting>
</para>
<para>
Note that we are not able to test or build unfree software on Hydra due to policy. Most unfree licenses prohibit us from either executing or distributing the software.
</para>
<section xml:id="sec-allow-broken">
<title>Installing broken packages</title>
<para>
There are two ways to try compiling a package which has been marked as broken.
</para>
<itemizedlist>
<listitem>
<para>
For allowing the build of a broken package once, you can use an environment variable for a single invocation of the nix tools:
<screen><prompt>$ </prompt>export NIXPKGS_ALLOW_BROKEN=1</screen>
</para>
</listitem>
<listitem>
<para>
For permanently allowing broken packages to be built, you may add <literal>allowBroken = true;</literal> to your user's configuration file, like this:
<programlisting>
{
allowBroken = true;
}
</programlisting>
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-allow-unsupported-system">
<title>Installing packages on unsupported systems</title>
<para>
There are also two ways to try compiling a package which has been marked as unsupported for the given system.
</para>
<itemizedlist>
<listitem>
<para>
For allowing the build of an unsupported package once, you can use an environment variable for a single invocation of the nix tools:
<screen><prompt>$ </prompt>export NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1</screen>
</para>
</listitem>
<listitem>
<para>
For permanently allowing unsupported packages to be built, you may add <literal>allowUnsupportedSystem = true;</literal> to your user's configuration file, like this:
<programlisting>
{
allowUnsupportedSystem = true;
}
</programlisting>
</para>
</listitem>
</itemizedlist>
<para>
The difference between a package being unsupported on some system and being broken is admittedly a bit fuzzy. If a program <emphasis>ought</emphasis> to work on a certain platform, but doesn't, the platform should be included in <literal>meta.platforms</literal>, but marked as broken with e.g. <literal>meta.broken = !hostPlatform.isWindows</literal>. Of course, this begs the question of what "ought" means exactly. That is left to the package maintainer.
</para>
</section>
<section xml:id="sec-allow-unfree">
<title>Installing unfree packages</title>
<para>
There are several ways to tweak how Nix handles a package which has been marked as unfree.
</para>
<itemizedlist>
<listitem>
<para>
To temporarily allow all unfree packages, you can use an environment variable for a single invocation of the nix tools:
<screen><prompt>$ </prompt>export NIXPKGS_ALLOW_UNFREE=1</screen>
</para>
</listitem>
<listitem>
<para>
It is possible to permanently allow individual unfree packages, while still blocking unfree packages by default using the <literal>allowUnfreePredicate</literal> configuration option in the user configuration file.
</para>
<para>
This option is a function which accepts a package as a parameter, and returns a boolean. The following example configuration accepts a package and always returns false:
<programlisting>
{
allowUnfreePredicate = (pkg: false);
}
</programlisting>
</para>
<para>
For a more useful example, try the following. This configuration only allows unfree packages named roon-server and visual studio code:
<programlisting>
{
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"roon-server"
"vscode"
];
}
</programlisting>
</para>
</listitem>
<listitem>
<para>
It is also possible to allow and block licenses that are specifically acceptable or not acceptable, using <literal>allowlistedLicenses</literal> and <literal>blocklistedLicenses</literal>, respectively.
</para>
<para>
The following example configuration allowlists the licenses <literal>amd</literal> and <literal>wtfpl</literal>:
<programlisting>
{
allowlistedLicenses = with lib.licenses; [ amd wtfpl ];
}
</programlisting>
</para>
<para>
The following example configuration blocklists the <literal>gpl3Only</literal> and <literal>agpl3Only</literal> licenses:
<programlisting>
{
blocklistedLicenses = with lib.licenses; [ agpl3Only gpl3Only ];
}
</programlisting>
</para>
<para>
Note that <literal>allowlistedLicenses</literal> only applies to unfree licenses unless <literal>allowUnfree</literal> is enabled. It is not a generic allowlist for all types of licenses. <literal>blocklistedLicenses</literal> applies to all licenses.
</para>
</listitem>
</itemizedlist>
<para>
A complete list of licenses can be found in the file <filename>lib/licenses.nix</filename> of the nixpkgs tree.
</para>
</section>
<section xml:id="sec-allow-insecure">
<title>Installing insecure packages</title>
<para>
There are several ways to tweak how Nix handles a package which has been marked as insecure.
</para>
<itemizedlist>
<listitem>
<para>
To temporarily allow all insecure packages, you can use an environment variable for a single invocation of the nix tools:
<screen><prompt>$ </prompt>export NIXPKGS_ALLOW_INSECURE=1</screen>
</para>
</listitem>
<listitem>
<para>
It is possible to permanently allow individual insecure packages, while still blocking other insecure packages by default using the <literal>permittedInsecurePackages</literal> configuration option in the user configuration file.
</para>
<para>
The following example configuration permits the installation of the hypothetically insecure package <literal>hello</literal>, version <literal>1.2.3</literal>:
<programlisting>
{
permittedInsecurePackages = [
"hello-1.2.3"
];
}
</programlisting>
</para>
</listitem>
<listitem>
<para>
It is also possible to create a custom policy around which insecure packages to allow and deny, by overriding the <literal>allowInsecurePredicate</literal> configuration option.
</para>
<para>
The <literal>allowInsecurePredicate</literal> option is a function which accepts a package and returns a boolean, much like <literal>allowUnfreePredicate</literal>.
</para>
<para>
The following configuration example only allows insecure packages with very short names:
<programlisting>
{
allowInsecurePredicate = pkg: builtins.stringLength (lib.getName pkg) &lt;= 5;
}
</programlisting>
</para>
<para>
Note that <literal>permittedInsecurePackages</literal> is only checked if <literal>allowInsecurePredicate</literal> is not specified.
</para>
</listitem>
</itemizedlist>
</section>
<!--============================================================-->
<section xml:id="sec-modify-via-packageOverrides">
<title>Modify packages via <literal>packageOverrides</literal></title>
<para>
You can define a function called <varname>packageOverrides</varname> in your local <filename>~/.config/nixpkgs/config.nix</filename> to override Nix packages. It must be a function that takes pkgs as an argument and returns a modified set of packages.
<programlisting>
{
packageOverrides = pkgs: rec {
foo = pkgs.foo.override { ... };
};
}
</programlisting>
</para>
</section>
<section xml:id="sec-declarative-package-management">
<title>Declarative Package Management</title>
<section xml:id="sec-building-environment">
<title>Build an environment</title>
<para>
Using <literal>packageOverrides</literal>, it is possible to manage packages declaratively. This means that we can list all of our desired packages within a declarative Nix expression. For example, to have <literal>aspell</literal>, <literal>bc</literal>, <literal>ffmpeg</literal>, <literal>coreutils</literal>, <literal>gdb</literal>, <literal>nixUnstable</literal>, <literal>emscripten</literal>, <literal>jq</literal>, <literal>nox</literal>, and <literal>silver-searcher</literal>, we could use the following in <filename>~/.config/nixpkgs/config.nix</filename>:
</para>
<screen>
{
packageOverrides = pkgs: with pkgs; {
myPackages = pkgs.buildEnv {
name = "my-packages";
paths = [
aspell
bc
coreutils
gdb
ffmpeg
nixUnstable
emscripten
jq
nox
silver-searcher
];
};
};
}
</screen>
<para>
To install it into our environment, you can just run <literal>nix-env -iA nixpkgs.myPackages</literal>. If you want to load the packages to be built from a working copy of <literal>nixpkgs</literal> you just run <literal>nix-env -f. -iA myPackages</literal>. To explore what's been installed, just look through <filename>~/.nix-profile/</filename>. You can see that a lot of stuff has been installed. Some of this stuff is useful some of it isn't. Let's tell Nixpkgs to only link the stuff that we want:
</para>
<screen>
{
packageOverrides = pkgs: with pkgs; {
myPackages = pkgs.buildEnv {
name = "my-packages";
paths = [
aspell
bc
coreutils
gdb
ffmpeg
nixUnstable
emscripten
jq
nox
silver-searcher
];
pathsToLink = [ "/share" "/bin" ];
};
};
}
</screen>
<para>
<literal>pathsToLink</literal> tells Nixpkgs to only link the paths listed which gets rid of the extra stuff in the profile. <filename>/bin</filename> and <filename>/share</filename> are good defaults for a user environment, getting rid of the clutter. If you are running on Nix on MacOS, you may want to add another path as well, <filename>/Applications</filename>, that makes GUI apps available.
</para>
</section>
<section xml:id="sec-getting-documentation">
<title>Getting documentation</title>
<para>
After building that new environment, look through <filename>~/.nix-profile</filename> to make sure everything is there that we wanted. Discerning readers will note that some files are missing. Look inside <filename>~/.nix-profile/share/man/man1/</filename> to verify this. There are no man pages for any of the Nix tools! This is because some packages like Nix have multiple outputs for things like documentation (see section 4). Let's make Nix install those as well.
</para>
<screen>
{
packageOverrides = pkgs: with pkgs; {
myPackages = pkgs.buildEnv {
name = "my-packages";
paths = [
aspell
bc
coreutils
ffmpeg
nixUnstable
emscripten
jq
nox
silver-searcher
];
pathsToLink = [ "/share/man" "/share/doc" "/bin" ];
extraOutputsToInstall = [ "man" "doc" ];
};
};
}
</screen>
<para>
This provides us with some useful documentation for using our packages. However, if we actually want those manpages to be detected by man, we need to set up our environment. This can also be managed within Nix expressions.
</para>
<screen>
{
packageOverrides = pkgs: with pkgs; rec {
myProfile = writeText "my-profile" ''
export PATH=$HOME/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/sbin:/bin:/usr/sbin:/usr/bin
export MANPATH=$HOME/.nix-profile/share/man:/nix/var/nix/profiles/default/share/man:/usr/share/man
'';
myPackages = pkgs.buildEnv {
name = "my-packages";
paths = [
(runCommand "profile" {} ''
mkdir -p $out/etc/profile.d
cp ${myProfile} $out/etc/profile.d/my-profile.sh
'')
aspell
bc
coreutils
ffmpeg
man
nixUnstable
emscripten
jq
nox
silver-searcher
];
pathsToLink = [ "/share/man" "/share/doc" "/bin" "/etc" ];
extraOutputsToInstall = [ "man" "doc" ];
};
};
}
</screen>
<para>
For this to work fully, you must also have this script sourced when you are logged in. Try adding something like this to your <filename>~/.profile</filename> file:
</para>
<screen>
#!/bin/sh
if [ -d $HOME/.nix-profile/etc/profile.d ]; then
for i in $HOME/.nix-profile/etc/profile.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
fi
</screen>
<para>
Now just run <literal>source $HOME/.profile</literal> and you can starting loading man pages from your environment.
</para>
</section>
<section xml:id="sec-gnu-info-setup">
<title>GNU info setup</title>
<para>
Configuring GNU info is a little bit trickier than man pages. To work correctly, info needs a database to be generated. This can be done with some small modifications to our environment scripts.
</para>
<screen>
{
packageOverrides = pkgs: with pkgs; rec {
myProfile = writeText "my-profile" ''
export PATH=$HOME/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/sbin:/bin:/usr/sbin:/usr/bin
export MANPATH=$HOME/.nix-profile/share/man:/nix/var/nix/profiles/default/share/man:/usr/share/man
export INFOPATH=$HOME/.nix-profile/share/info:/nix/var/nix/profiles/default/share/info:/usr/share/info
'';
myPackages = pkgs.buildEnv {
name = "my-packages";
paths = [
(runCommand "profile" {} ''
mkdir -p $out/etc/profile.d
cp ${myProfile} $out/etc/profile.d/my-profile.sh
'')
aspell
bc
coreutils
ffmpeg
man
nixUnstable
emscripten
jq
nox
silver-searcher
texinfoInteractive
];
pathsToLink = [ "/share/man" "/share/doc" "/share/info" "/bin" "/etc" ];
extraOutputsToInstall = [ "man" "doc" "info" ];
postBuild = ''
if [ -x $out/bin/install-info -a -w $out/share/info ]; then
shopt -s nullglob
for i in $out/share/info/*.info $out/share/info/*.info.gz; do
$out/bin/install-info $i $out/share/info/dir
done
fi
'';
};
};
}
</screen>
<para>
<literal>postBuild</literal> tells Nixpkgs to run a command after building the environment. In this case, <literal>install-info</literal> adds the installed info pages to <literal>dir</literal> which is GNU info's default root node. Note that <literal>texinfoInteractive</literal> is added to the environment to give the <literal>install-info</literal> command.
</para>
</section>
</section>
</chapter>

149
doc/using/overlays.chapter.md Normal file
View File

@ -0,0 +1,149 @@
# Overlays {#chap-overlays}
This chapter describes how to extend and change Nixpkgs using overlays. Overlays are used to add layers in the fixed-point used by Nixpkgs to compose the set of all packages.
Nixpkgs can be configured with a list of overlays, which are applied in order. This means that the order of the overlays can be significant if multiple layers override the same package.
## Installing overlays {#sec-overlays-install}
The list of overlays can be set either explicitly in a Nix expression, or through `<nixpkgs-overlays>` or user configuration files.
### Set overlays in NixOS or Nix expressions {#sec-overlays-argument}
On a NixOS system the value of the `nixpkgs.overlays` option, if present, is passed to the system Nixpkgs directly as an argument. Note that this does not affect the overlays for non-NixOS operations (e.g. `nix-env`), which are [looked up](#sec-overlays-lookup) independently.
The list of overlays can be passed explicitly when importing nixpkgs, for example `import <nixpkgs> { overlays = [ overlay1 overlay2 ]; }`.
NOTE: DO NOT USE THIS in nixpkgs. Further overlays can be added by calling the `pkgs.extend` or `pkgs.appendOverlays`, although it is often preferable to avoid these functions, because they recompute the Nixpkgs fixpoint, which is somewhat expensive to do.
### Install overlays via configuration lookup {#sec-overlays-lookup}
The list of overlays is determined as follows.
1. First, if an [`overlays` argument](#sec-overlays-argument) to the Nixpkgs function itself is given, then that is used and no path lookup will be performed.
2. Otherwise, if the Nix path entry `<nixpkgs-overlays>` exists, we look for overlays at that path, as described below.
See the section on `NIX_PATH` in the Nix manual for more details on how to set a value for `<nixpkgs-overlays>.`
3. If one of `~/.config/nixpkgs/overlays.nix` and `~/.config/nixpkgs/overlays/` exists, then we look for overlays at that path, as described below. It is an error if both exist.
If we are looking for overlays at a path, then there are two cases:
- If the path is a file, then the file is imported as a Nix expression and used as the list of overlays.
- If the path is a directory, then we take the content of the directory, order it lexicographically, and attempt to interpret each as an overlay by:
- Importing the file, if it is a `.nix` file.
- Importing a top-level `default.nix` file, if it is a directory.
Because overlays that are set in NixOS configuration do not affect non-NixOS operations such as `nix-env`, the `overlays.nix` option provides a convenient way to use the same overlays for a NixOS system configuration and user configuration: the same file can be used as `overlays.nix` and imported as the value of `nixpkgs.overlays`.
## Defining overlays {#sec-overlays-definition}
Overlays are Nix functions which accept two arguments, conventionally called `self` and `super`, and return a set of packages. For example, the following is a valid overlay.
```nix
self: super:
{
boost = super.boost.override {
python = self.python3;
};
rr = super.callPackage ./pkgs/rr {
stdenv = self.stdenv_32bit;
};
}
```
The first argument (`self`) corresponds to the final package set. You should use this set for the dependencies of all packages specified in your overlay. For example, all the dependencies of `rr` in the example above come from `self`, as well as the overridden dependencies used in the `boost` override.
The second argument (`super`) corresponds to the result of the evaluation of the previous stages of Nixpkgs. It does not contain any of the packages added by the current overlay, nor any of the following overlays. This set should be used either to refer to packages you wish to override, or to access functions defined in Nixpkgs. For example, the original recipe of `boost` in the above example, comes from `super`, as well as the `callPackage` function.
The value returned by this function should be a set similar to `pkgs/top-level/all-packages.nix`, containing overridden and/or new packages.
Overlays are similar to other methods for customizing Nixpkgs, in particular the `packageOverrides` attribute described in <xref linkend="sec-modify-via-packageOverrides"/>. Indeed, `packageOverrides` acts as an overlay with only the `super` argument. It is therefore appropriate for basic use, but overlays are more powerful and easier to distribute.
## Using overlays to configure alternatives {#sec-overlays-alternatives}
Certain software packages have different implementations of the same interface. Other distributions have functionality to switch between these. For example, Debian provides [DebianAlternatives](https://wiki.debian.org/DebianAlternatives). Nixpkgs has what we call `alternatives`, which are configured through overlays.
### BLAS/LAPACK {#sec-overlays-alternatives-blas-lapack}
In Nixpkgs, we have multiple implementations of the BLAS/LAPACK numerical linear algebra interfaces. They are:
- [OpenBLAS](https://www.openblas.net/)
The Nixpkgs attribute is `openblas` for ILP64 (integer width = 64 bits) and `openblasCompat` for LP64 (integer width = 32 bits). `openblasCompat` is the default.
- [LAPACK reference](http://www.netlib.org/lapack/) (also provides BLAS)
The Nixpkgs attribute is `lapack-reference`.
- [Intel MKL](https://software.intel.com/en-us/mkl) (only works on the x86_64 architecture, unfree)
The Nixpkgs attribute is `mkl`.
- [BLIS](https://github.com/flame/blis)
BLIS, available through the attribute `blis`, is a framework for linear algebra kernels. In addition, it implements the BLAS interface.
- [AMD BLIS/LIBFLAME](https://developer.amd.com/amd-aocl/blas-library/) (optimized for modern AMD x86_64 CPUs)
The AMD fork of the BLIS library, with attribute `amd-blis`, extends BLIS with optimizations for modern AMD CPUs. The changes are usually submitted to the upstream BLIS project after some time. However, AMD BLIS typically provides some performance improvements on AMD Zen CPUs. The complementary AMD LIBFLAME library, with attribute `amd-libflame`, provides a LAPACK implementation.
Introduced in [PR #83888](https://github.com/NixOS/nixpkgs/pull/83888), we are able to override the `blas` and `lapack` packages to use different implementations, through the `blasProvider` and `lapackProvider` argument. This can be used to select a different provider. BLAS providers will have symlinks in `$out/lib/libblas.so.3` and `$out/lib/libcblas.so.3` to their respective BLAS libraries. Likewise, LAPACK providers will have symlinks in `$out/lib/liblapack.so.3` and `$out/lib/liblapacke.so.3` to their respective LAPACK libraries. For example, Intel MKL is both a BLAS and LAPACK provider. An overlay can be created to use Intel MKL that looks like:
```nix
self: super:
{
blas = super.blas.override {
blasProvider = self.mkl;
};
lapack = super.lapack.override {
lapackProvider = self.mkl;
};
}
```
This overlay uses Intel's MKL library for both BLAS and LAPACK interfaces. Note that the same can be accomplished at runtime using `LD_LIBRARY_PATH` of `libblas.so.3` and `liblapack.so.3`. For instance:
```ShellSession
$ LD_LIBRARY_PATH=$(nix-build -A mkl)/lib:$LD_LIBRARY_PATH nix-shell -p octave --run octave
```
Intel MKL requires an `openmp` implementation when running with multiple processors. By default, `mkl` will use Intel's `iomp` implementation if no other is specified, but this is a runtime-only dependency and binary compatible with the LLVM implementation. To use that one instead, Intel recommends users set it with `LD_PRELOAD`. Note that `mkl` is only available on `x86_64-linux` and `x86_64-darwin`. Moreover, Hydra is not building and distributing pre-compiled binaries using it.
For BLAS/LAPACK switching to work correctly, all packages must depend on `blas` or `lapack`. This ensures that only one BLAS/LAPACK library is used at one time. There are two versions of BLAS/LAPACK currently in the wild, `LP64` (integer size = 32 bits) and `ILP64` (integer size = 64 bits). Some software needs special flags or patches to work with `ILP64`. You can check if `ILP64` is used in Nixpkgs with `blas.isILP64` and `lapack.isILP64`. Some software does NOT work with `ILP64`, and derivations need to specify an assertion to prevent this. You can prevent `ILP64` from being used with the following:
```nix
{ stdenv, blas, lapack, ... }:
assert (!blas.isILP64) && (!lapack.isILP64);
stdenv.mkDerivation {
...
}
```
### Switching the MPI implementation {#sec-overlays-alternatives-mpi}
All programs that are built with [MPI](https://en.wikipedia.org/wiki/Message_Passing_Interface) support use the generic attribute `mpi` as an input. At the moment Nixpkgs natively provides two different MPI implementations:
- [Open MPI](https://www.open-mpi.org/) (default), attribute name
`openmpi`
- [MPICH](https://www.mpich.org/), attribute name `mpich`
To provide MPI enabled applications that use `MPICH`, instead of the default `Open MPI`, simply use the following overlay:
```nix
self: super:
{
mpi = self.mpich;
}
```

279
doc/using/overlays.xml
View File

@ -1,279 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-overlays">
<title>Overlays</title>
<para>
This chapter describes how to extend and change Nixpkgs using overlays. Overlays are used to add layers in the fixed-point used by Nixpkgs to compose the set of all packages.
</para>
<para>
Nixpkgs can be configured with a list of overlays, which are applied in order. This means that the order of the overlays can be significant if multiple layers override the same package.
</para>
<!--============================================================-->
<section xml:id="sec-overlays-install">
<title>Installing overlays</title>
<para>
The list of overlays can be set either explicitly in a Nix expression, or through <literal>&lt;nixpkgs-overlays></literal> or user configuration files.
</para>
<section xml:id="sec-overlays-argument">
<title>Set overlays in NixOS or Nix expressions</title>
<para>
On a NixOS system the value of the <literal>nixpkgs.overlays</literal> option, if present, is passed to the system Nixpkgs directly as an argument. Note that this does not affect the overlays for non-NixOS operations (e.g. <literal>nix-env</literal>), which are <link xlink:href="#sec-overlays-lookup">looked</link> up independently.
</para>
<para>
The list of overlays can be passed explicitly when importing nixpkgs, for example <literal>import &lt;nixpkgs> { overlays = [ overlay1 overlay2 ]; }</literal>.
</para>
<para>
NOTE: DO NOT USE THIS in nixpkgs. Further overlays can be added by calling the <literal>pkgs.extend</literal> or <literal>pkgs.appendOverlays</literal>, although it is often preferable to avoid these functions, because they recompute the Nixpkgs fixpoint, which is somewhat expensive to do.
</para>
</section>
<section xml:id="sec-overlays-lookup">
<title>Install overlays via configuration lookup</title>
<para>
The list of overlays is determined as follows.
</para>
<para>
<orderedlist>
<listitem>
<para>
First, if an <link xlink:href="#sec-overlays-argument"><varname>overlays</varname> argument</link> to the Nixpkgs function itself is given, then that is used and no path lookup will be performed.
</para>
</listitem>
<listitem>
<para>
Otherwise, if the Nix path entry <literal>&lt;nixpkgs-overlays></literal> exists, we look for overlays at that path, as described below.
</para>
<para>
See the section on <literal>NIX_PATH</literal> in the Nix manual for more details on how to set a value for <literal>&lt;nixpkgs-overlays>.</literal>
</para>
</listitem>
<listitem>
<para>
If one of <filename>~/.config/nixpkgs/overlays.nix</filename> and <filename>~/.config/nixpkgs/overlays/</filename> exists, then we look for overlays at that path, as described below. It is an error if both exist.
</para>
</listitem>
</orderedlist>
</para>
<para>
If we are looking for overlays at a path, then there are two cases:
<itemizedlist>
<listitem>
<para>
If the path is a file, then the file is imported as a Nix expression and used as the list of overlays.
</para>
</listitem>
<listitem>
<para>
If the path is a directory, then we take the content of the directory, order it lexicographically, and attempt to interpret each as an overlay by:
<itemizedlist>
<listitem>
<para>
Importing the file, if it is a <literal>.nix</literal> file.
</para>
</listitem>
<listitem>
<para>
Importing a top-level <filename>default.nix</filename> file, if it is a directory.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
</itemizedlist>
</para>
<para>
Because overlays that are set in NixOS configuration do not affect non-NixOS operations such as <literal>nix-env</literal>, the <filename>overlays.nix</filename> option provides a convenient way to use the same overlays for a NixOS system configuration and user configuration: the same file can be used as <filename>overlays.nix</filename> and imported as the value of <literal>nixpkgs.overlays</literal>.
</para>
<!-- TODO: Example of sharing overlays between NixOS configuration
and configuration lookup. Also reference the example
from the sec-overlays-argument paragraph about NixOS.
-->
</section>
</section>
<!--============================================================-->
<section xml:id="sec-overlays-definition">
<title>Defining overlays</title>
<para>
Overlays are Nix functions which accept two arguments, conventionally called <varname>self</varname> and <varname>super</varname>, and return a set of packages. For example, the following is a valid overlay.
</para>
<programlisting>
self: super:
{
boost = super.boost.override {
python = self.python3;
};
rr = super.callPackage ./pkgs/rr {
stdenv = self.stdenv_32bit;
};
}
</programlisting>
<para>
The first argument (<varname>self</varname>) corresponds to the final package set. You should use this set for the dependencies of all packages specified in your overlay. For example, all the dependencies of <varname>rr</varname> in the example above come from <varname>self</varname>, as well as the overridden dependencies used in the <varname>boost</varname> override.
</para>
<para>
The second argument (<varname>super</varname>) corresponds to the result of the evaluation of the previous stages of Nixpkgs. It does not contain any of the packages added by the current overlay, nor any of the following overlays. This set should be used either to refer to packages you wish to override, or to access functions defined in Nixpkgs. For example, the original recipe of <varname>boost</varname> in the above example, comes from <varname>super</varname>, as well as the <varname>callPackage</varname> function.
</para>
<para>
The value returned by this function should be a set similar to <filename>pkgs/top-level/all-packages.nix</filename>, containing overridden and/or new packages.
</para>
<para>
Overlays are similar to other methods for customizing Nixpkgs, in particular the <literal>packageOverrides</literal> attribute described in <xref linkend="sec-modify-via-packageOverrides"/>. Indeed, <literal>packageOverrides</literal> acts as an overlay with only the <varname>super</varname> argument. It is therefore appropriate for basic use, but overlays are more powerful and easier to distribute.
</para>
</section>
<section xml:id="sec-overlays-alternatives">
<title>Using overlays to configure alternatives</title>
<para>
Certain software packages have different implementations of the same interface. Other distributions have functionality to switch between these. For example, Debian provides <link
xlink:href="https://wiki.debian.org/DebianAlternatives">DebianAlternatives</link>. Nixpkgs has what we call <literal>alternatives</literal>, which are configured through overlays.
</para>
<section xml:id="sec-overlays-alternatives-blas-lapack">
<title>BLAS/LAPACK</title>
<para>
In Nixpkgs, we have multiple implementations of the BLAS/LAPACK numerical linear algebra interfaces. They are:
</para>
<itemizedlist>
<listitem>
<para>
<link xlink:href="https://www.openblas.net/">OpenBLAS</link>
</para>
<para>
The Nixpkgs attribute is <literal>openblas</literal> for ILP64 (integer width = 64 bits) and <literal>openblasCompat</literal> for LP64 (integer width = 32 bits). <literal>openblasCompat</literal> is the default.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="http://www.netlib.org/lapack/">LAPACK reference</link> (also provides BLAS)
</para>
<para>
The Nixpkgs attribute is <literal>lapack-reference</literal>.
</para>
</listitem>
<listitem>
<para>
<link
xlink:href="https://software.intel.com/en-us/mkl">Intel MKL</link> (only works on the x86_64 architecture, unfree)
</para>
<para>
The Nixpkgs attribute is <literal>mkl</literal>.
</para>
</listitem>
<listitem>
<para>
<link
xlink:href="https://github.com/flame/blis">BLIS</link>
</para>
<para>
BLIS, available through the attribute <literal>blis</literal>, is a framework for linear algebra kernels. In addition, it implements the BLAS interface.
</para>
</listitem>
<listitem>
<para>
<link
xlink:href="https://developer.amd.com/amd-aocl/blas-library/">AMD BLIS/LIBFLAME</link> (optimized for modern AMD x86_64 CPUs)
</para>
<para>
The AMD fork of the BLIS library, with attribute <literal>amd-blis</literal>, extends BLIS with optimizations for modern AMD CPUs. The changes are usually submitted to the upstream BLIS project after some time. However, AMD BLIS typically provides some performance improvements on AMD Zen CPUs. The complementary AMD LIBFLAME library, with attribute <literal>amd-libflame</literal>, provides a LAPACK implementation.
</para>
</listitem>
</itemizedlist>
<para>
Introduced in <link
xlink:href="https://github.com/NixOS/nixpkgs/pull/83888">PR #83888</link>, we are able to override the <literal>blas</literal> and <literal>lapack</literal> packages to use different implementations, through the <literal>blasProvider</literal> and <literal>lapackProvider</literal> argument. This can be used to select a different provider. BLAS providers will have symlinks in <literal>$out/lib/libblas.so.3</literal> and <literal>$out/lib/libcblas.so.3</literal> to their respective BLAS libraries. Likewise, LAPACK providers will have symlinks in <literal>$out/lib/liblapack.so.3</literal> and <literal>$out/lib/liblapacke.so.3</literal> to their respective LAPACK libraries. For example, Intel MKL is both a BLAS and LAPACK provider. An overlay can be created to use Intel MKL that looks like:
</para>
<programlisting>
self: super:
{
blas = super.blas.override {
blasProvider = self.mkl;
};
lapack = super.lapack.override {
lapackProvider = self.mkl;
};
}
</programlisting>
<para>
This overlay uses Intels MKL library for both BLAS and LAPACK interfaces. Note that the same can be accomplished at runtime using <literal>LD_LIBRARY_PATH</literal> of <literal>libblas.so.3</literal> and <literal>liblapack.so.3</literal>. For instance:
</para>
<screen>
<prompt>$ </prompt>LD_LIBRARY_PATH=$(nix-build -A mkl)/lib:$LD_LIBRARY_PATH nix-shell -p octave --run octave
</screen>
<para>
Intel MKL requires an <literal>openmp</literal> implementation when running with multiple processors. By default, <literal>mkl</literal> will use Intels <literal>iomp</literal> implementation if no other is specified, but this is a runtime-only dependency and binary compatible with the LLVM implementation. To use that one instead, Intel recommends users set it with <literal>LD_PRELOAD</literal>. Note that <literal>mkl</literal> is only available on <literal>x86_64-linux</literal> and <literal>x86_64-darwin</literal>. Moreover, Hydra is not building and distributing pre-compiled binaries using it.
</para>
<para>
For BLAS/LAPACK switching to work correctly, all packages must depend on <literal>blas</literal> or <literal>lapack</literal>. This ensures that only one BLAS/LAPACK library is used at one time. There are two versions of BLAS/LAPACK currently in the wild, <literal>LP64</literal> (integer size = 32 bits) and <literal>ILP64</literal> (integer size = 64 bits). Some software needs special flags or patches to work with <literal>ILP64</literal>. You can check if <literal>ILP64</literal> is used in Nixpkgs with <varname>blas.isILP64</varname> and <varname>lapack.isILP64</varname>. Some software does NOT work with <literal>ILP64</literal>, and derivations need to specify an assertion to prevent this. You can prevent <literal>ILP64</literal> from being used with the following:
</para>
<programlisting>
{ stdenv, blas, lapack, ... }:
assert (!blas.isILP64) &amp;&amp; (!lapack.isILP64);
stdenv.mkDerivation {
...
}
</programlisting>
</section>
<section xml:id="sec-overlays-alternatives-mpi">
<title>Switching the MPI implementation</title>
<para>
All programs that are built with <link xlink:href="https://en.wikipedia.org/wiki/Message_Passing_Interface">MPI</link> support use the generic attribute <varname>mpi</varname> as an input. At the moment Nixpkgs natively provides two different MPI implementations:
<itemizedlist>
<listitem>
<para>
<link xlink:href="https://www.open-mpi.org/">Open MPI</link> (default), attribute name <varname>openmpi</varname>
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.mpich.org/">MPICH</link>, attribute name <varname>mpich</varname>
</para>
</listitem>
</itemizedlist>
</para>
<para>
To provide MPI enabled applications that use <literal>MPICH</literal>, instead of the default <literal>Open MPI</literal>, simply use the following overlay:
</para>
<programlisting>
self: super:
{
mpi = self.mpich;
}
</programlisting>
</section>
</section>
</chapter>

104
doc/using/overrides.chapter.md Normal file
View File

@ -0,0 +1,104 @@
# Overriding {#chap-overrides}
Sometimes one wants to override parts of `nixpkgs`, e.g. derivation attributes, the results of derivations.
These functions are used to make changes to packages, returning only single packages. [Overlays](#chap-overlays), on the other hand, can be used to combine the overridden packages across the entire package set of Nixpkgs.
## &lt;pkg&gt;.override {#sec-pkg-override}
The function `override` is usually available for all the derivations in the nixpkgs expression (`pkgs`).
It is used to override the arguments passed to a function.
Example usages:
```nix
pkgs.foo.override { arg1 = val1; arg2 = val2; ... }
```
<!-- TODO: move below programlisting to a new section about extending and overlays and reference it -->
```nix
import pkgs.path { overlays = [ (self: super: {
foo = super.foo.override { barSupport = true ; };
})]};
```
```nix
mypkg = pkgs.callPackage ./mypkg.nix {
mydep = pkgs.mydep.override { ... };
}
```
In the first example, `pkgs.foo` is the result of a function call with some default arguments, usually a derivation. Using `pkgs.foo.override` will call the same function with the given new arguments.
## &lt;pkg&gt;.overrideAttrs {#sec-pkg-overrideAttrs}
The function `overrideAttrs` allows overriding the attribute set passed to a `stdenv.mkDerivation` call, producing a new derivation based on the original one. This function is available on all derivations produced by the `stdenv.mkDerivation` function, which is most packages in the nixpkgs expression `pkgs`.
Example usage:
```nix
helloWithDebug = pkgs.hello.overrideAttrs (oldAttrs: rec {
separateDebugInfo = true;
});
```
In the above example, the `separateDebugInfo` attribute is overridden to be true, thus building debug info for `helloWithDebug`, while all other attributes will be retained from the original `hello` package.
The argument `oldAttrs` is conventionally used to refer to the attr set originally passed to `stdenv.mkDerivation`.
::: note
Note that `separateDebugInfo` is processed only by the `stdenv.mkDerivation` function, not the generated, raw Nix derivation. Thus, using `overrideDerivation` will not work in this case, as it overrides only the attributes of the final derivation. It is for this reason that `overrideAttrs` should be preferred in (almost) all cases to `overrideDerivation`, i.e. to allow using `stdenv.mkDerivation` to process input arguments, as well as the fact that it is easier to use (you can use the same attribute names you see in your Nix code, instead of the ones generated (e.g. `buildInputs` vs `nativeBuildInputs`), and it involves less typing).
:::
## &lt;pkg&gt;.overrideDerivation {#sec-pkg-overrideDerivation}
::: warning
You should prefer `overrideAttrs` in almost all cases, see its documentation for the reasons why. `overrideDerivation` is not deprecated and will continue to work, but is less nice to use and does not have as many abilities as `overrideAttrs`.
:::
::: warning
Do not use this function in Nixpkgs as it evaluates a Derivation before modifying it, which breaks package abstraction and removes error-checking of function arguments. In addition, this evaluation-per-function application incurs a performance penalty, which can become a problem if many overrides are used. It is only intended for ad-hoc customisation, such as in `~/.config/nixpkgs/config.nix`.
:::
The function `overrideDerivation` creates a new derivation based on an existing one by overriding the original's attributes with the attribute set produced by the specified function. This function is available on all derivations defined using the `makeOverridable` function. Most standard derivation-producing functions, such as `stdenv.mkDerivation`, are defined using this function, which means most packages in the nixpkgs expression, `pkgs`, have this function.
Example usage:
```nix
mySed = pkgs.gnused.overrideDerivation (oldAttrs: {
name = "sed-4.2.2-pre";
src = fetchurl {
url = ftp://alpha.gnu.org/gnu/sed/sed-4.2.2-pre.tar.bz2;
sha256 = "11nq06d131y4wmf3drm0yk502d2xc6n5qy82cg88rb9nqd2lj41k";
};
patches = [];
});
```
In the above example, the `name`, `src`, and `patches` of the derivation will be overridden, while all other attributes will be retained from the original derivation.
The argument `oldAttrs` is used to refer to the attribute set of the original derivation.
::: note
A package's attributes are evaluated *before* being modified by the `overrideDerivation` function. For example, the `name` attribute reference in `url = "mirror://gnu/hello/${name}.tar.gz";` is filled-in *before* the `overrideDerivation` function modifies the attribute set. This means that overriding the `name` attribute, in this example, *will not* change the value of the `url` attribute. Instead, we need to override both the `name` *and* `url` attributes.
:::
## lib.makeOverridable {#sec-lib-makeOverridable}
The function `lib.makeOverridable` is used to make the result of a function easily customizable. This utility only makes sense for functions that accept an argument set and return an attribute set.
Example usage:
```nix
f = { a, b }: { result = a+b; };
c = lib.makeOverridable f { a = 1; b = 2; };
```
The variable `c` is the value of the `f` function applied with some default arguments. Hence the value of `c.result` is `3`, in this example.
The variable `c` however also has some additional functions, like
[c.override](#sec-pkg-override) which can be used to override the
default arguments. In this example the value of
`(c.override { a = 4; }).result` is 6.

145
doc/using/overrides.xml
View File

@ -1,145 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xml:id="chap-overrides">
<title>Overriding</title>
<para>
Sometimes one wants to override parts of <literal>nixpkgs</literal>, e.g. derivation attributes, the results of derivations.
</para>
<para>
These functions are used to make changes to packages, returning only single packages. <link xlink:href="#chap-overlays">Overlays</link>, on the other hand, can be used to combine the overridden packages across the entire package set of Nixpkgs.
</para>
<section xml:id="sec-pkg-override">
<title>&lt;pkg&gt;.override</title>
<para>
The function <varname>override</varname> is usually available for all the derivations in the nixpkgs expression (<varname>pkgs</varname>).
</para>
<para>
It is used to override the arguments passed to a function.
</para>
<para>
Example usages:
<programlisting>pkgs.foo.override { arg1 = val1; arg2 = val2; ... }</programlisting>
<!-- TODO: move below programlisting to a new section about extending and overlays
and reference it
-->
<programlisting>
import pkgs.path { overlays = [ (self: super: {
foo = super.foo.override { barSupport = true ; };
})]};
</programlisting>
<programlisting>
mypkg = pkgs.callPackage ./mypkg.nix {
mydep = pkgs.mydep.override { ... };
}
</programlisting>
</para>
<para>
In the first example, <varname>pkgs.foo</varname> is the result of a function call with some default arguments, usually a derivation. Using <varname>pkgs.foo.override</varname> will call the same function with the given new arguments.
</para>
</section>
<section xml:id="sec-pkg-overrideAttrs">
<title>&lt;pkg&gt;.overrideAttrs</title>
<para>
The function <varname>overrideAttrs</varname> allows overriding the attribute set passed to a <varname>stdenv.mkDerivation</varname> call, producing a new derivation based on the original one. This function is available on all derivations produced by the <varname>stdenv.mkDerivation</varname> function, which is most packages in the nixpkgs expression <varname>pkgs</varname>.
</para>
<para>
Example usage:
<programlisting>
helloWithDebug = pkgs.hello.overrideAttrs (oldAttrs: rec {
separateDebugInfo = true;
});
</programlisting>
</para>
<para>
In the above example, the <varname>separateDebugInfo</varname> attribute is overridden to be true, thus building debug info for <varname>helloWithDebug</varname>, while all other attributes will be retained from the original <varname>hello</varname> package.
</para>
<para>
The argument <varname>oldAttrs</varname> is conventionally used to refer to the attr set originally passed to <varname>stdenv.mkDerivation</varname>.
</para>
<note>
<para>
Note that <varname>separateDebugInfo</varname> is processed only by the <varname>stdenv.mkDerivation</varname> function, not the generated, raw Nix derivation. Thus, using <varname>overrideDerivation</varname> will not work in this case, as it overrides only the attributes of the final derivation. It is for this reason that <varname>overrideAttrs</varname> should be preferred in (almost) all cases to <varname>overrideDerivation</varname>, i.e. to allow using <varname>stdenv.mkDerivation</varname> to process input arguments, as well as the fact that it is easier to use (you can use the same attribute names you see in your Nix code, instead of the ones generated (e.g. <varname>buildInputs</varname> vs <varname>nativeBuildInputs</varname>), and it involves less typing).
</para>
</note>
</section>
<section xml:id="sec-pkg-overrideDerivation">
<title>&lt;pkg&gt;.overrideDerivation</title>
<warning>
<para>
You should prefer <varname>overrideAttrs</varname> in almost all cases, see its documentation for the reasons why. <varname>overrideDerivation</varname> is not deprecated and will continue to work, but is less nice to use and does not have as many abilities as <varname>overrideAttrs</varname>.
</para>
</warning>
<warning>
<para>
Do not use this function in Nixpkgs as it evaluates a Derivation before modifying it, which breaks package abstraction and removes error-checking of function arguments. In addition, this evaluation-per-function application incurs a performance penalty, which can become a problem if many overrides are used. It is only intended for ad-hoc customisation, such as in <filename>~/.config/nixpkgs/config.nix</filename>.
</para>
</warning>
<para>
The function <varname>overrideDerivation</varname> creates a new derivation based on an existing one by overriding the original's attributes with the attribute set produced by the specified function. This function is available on all derivations defined using the <varname>makeOverridable</varname> function. Most standard derivation-producing functions, such as <varname>stdenv.mkDerivation</varname>, are defined using this function, which means most packages in the nixpkgs expression, <varname>pkgs</varname>, have this function.
</para>
<para>
Example usage:
<programlisting>
mySed = pkgs.gnused.overrideDerivation (oldAttrs: {
name = "sed-4.2.2-pre";
src = fetchurl {
url = ftp://alpha.gnu.org/gnu/sed/sed-4.2.2-pre.tar.bz2;
sha256 = "11nq06d131y4wmf3drm0yk502d2xc6n5qy82cg88rb9nqd2lj41k";
};
patches = [];
});
</programlisting>
</para>
<para>
In the above example, the <varname>name</varname>, <varname>src</varname>, and <varname>patches</varname> of the derivation will be overridden, while all other attributes will be retained from the original derivation.
</para>
<para>
The argument <varname>oldAttrs</varname> is used to refer to the attribute set of the original derivation.
</para>
<note>
<para>
A package's attributes are evaluated *before* being modified by the <varname>overrideDerivation</varname> function. For example, the <varname>name</varname> attribute reference in <varname>url = "mirror://gnu/hello/${name}.tar.gz";</varname> is filled-in *before* the <varname>overrideDerivation</varname> function modifies the attribute set. This means that overriding the <varname>name</varname> attribute, in this example, *will not* change the value of the <varname>url</varname> attribute. Instead, we need to override both the <varname>name</varname> *and* <varname>url</varname> attributes.
</para>
</note>
</section>
<section xml:id="sec-lib-makeOverridable">
<title>lib.makeOverridable</title>
<para>
The function <varname>lib.makeOverridable</varname> is used to make the result of a function easily customizable. This utility only makes sense for functions that accept an argument set and return an attribute set.
</para>
<para>
Example usage:
<programlisting>
f = { a, b }: { result = a+b; };
c = lib.makeOverridable f { a = 1; b = 2; };
</programlisting>
</para>
<para>
The variable <varname>c</varname> is the value of the <varname>f</varname> function applied with some default arguments. Hence the value of <varname>c.result</varname> is <literal>3</literal>, in this example.
</para>
<para>
The variable <varname>c</varname> however also has some additional functions, like <link linkend="sec-pkg-override">c.override</link> which can be used to override the default arguments. In this example the value of <varname>(c.override { a = 4; }).result</varname> is 6.
</para>
</section>
</chapter>

4
lib/systems/platforms.nix
View File

@ -481,11 +481,11 @@ rec {
riscv-multiplatform = {
linux-kernel = {
name = "riscv-multiplatform";
target = "vmlinux";
target = "Image";
autoModules = true;
baseConfig = "defconfig";
DTB = true;
extraConfig = ''
FTRACE n
SERIAL_OF_PLATFORM y
'';
};

82
maintainers/maintainer-list.nix
View File

@ -1528,6 +1528,12 @@
githubId = 510553;
name = "Jos van Bakel";
};
c4605 = {
email = "bolasblack@gmail.com";
github = "bolasblack";
githubId = 382011;
name = "c4605";
};
caadar = {
email = "v88m@posteo.net";
github = "caadar";
@ -2409,6 +2415,12 @@
githubId = 896182;
name = "devhell";
};
devins2518 = {
email = "drsingh2518@icloud.com";
github = "devins2518";
githubId = 17111639;
name = "Devin Singh";
};
dezgeg = {
email = "tuomas.tynkkynen@iki.fi";
github = "dezgeg";
@ -3019,6 +3031,16 @@
githubId = 147284;
name = "Jason Felice";
};
erdnaxe = {
email = "erdnaxe@crans.org";
github = "erdnaxe";
githubId = 2663216;
name = "Alexandre Iooss";
keys = [{
longkeyid = "rsa4096/0x6C79278F3FCDCC02";
fingerprint = "2D37 1AD2 7E2B BC77 97E1 B759 6C79 278F 3FCD CC02";
}];
};
ericbmerritt = {
email = "eric@afiniate.com";
github = "ericbmerritt";
@ -4109,6 +4131,12 @@
githubId = 362833;
name = "Hongchang Wu";
};
hoppla20 = {
email = "privat@vincentcui.de";
github = "hoppla20";
githubId = 25618740;
name = "Vincent Cui";
};
hoverbear = {
email = "operator+nix@hoverbear.org";
github = "hoverbear";
@ -5166,6 +5194,16 @@
githubId = 37185887;
name = "Calvin Kim";
};
kennyballou = {
email = "kb@devnulllabs.io";
github = "kennyballou";
githubId = 2186188;
name = "Kenny Ballou";
keys = [{
longkeyid = "rsa4096/0xB0CAA28A02958308";
fingerprint = "932F 3E8E 1C0F 4A98 95D7 B8B8 B0CA A28A 0295 8308";
}];
};
kentjames = {
email = "jameschristopherkent@gmail.com";
github = "kentjames";
@ -6252,6 +6290,12 @@
githubId = 11810057;
name = "Matt Snider";
};
mattchrist = {
email = "nixpkgs-matt@christ.systems";
github = "mattchrist";
githubId = 952712;
name = "Matt Christ";
};
matthewbauer = {
email = "mjbauer95@gmail.com";
github = "matthewbauer";
@ -6423,6 +6467,10 @@
githubId = 44469426;
name = "Matheus de Souza Pessanha";
email = "matheus_pessanha2001@outlook.com";
keys = [{
longkeyid = "rsa4096/6DFD656220A3B849";
fingerprint = "2D4D 488F 17FB FF75 664E C016 6DFD 6562 20A3 B849";
}];
};
meatcar = {
email = "nixpkgs@denys.me";
@ -6605,6 +6653,16 @@
githubId = 1387206;
name = "Mike Sperber";
};
mikroskeem = {
email = "mikroskeem@mikroskeem.eu";
github = "mikroskeem";
githubId = 3490861;
name = "Mark Vainomaa";
keys = [{
longkeyid = "rsa4096/0xDA015B05B5A11B22";
fingerprint = "DB43 2895 CF68 F0CE D4B7 EF60 DA01 5B05 B5A1 1B22";
}];
};
milesbreslin = {
email = "milesbreslin@gmail.com";
github = "milesbreslin";
@ -7165,6 +7223,12 @@
githubId = 10180857;
name = "Anmol Sethi";
};
nichtsfrei = {
email = "philipp.eder@posteo.net";
github = "nichtsfrei";
githubId = 1665818;
name = "Philipp Eder";
};
nickhu = {
email = "me@nickhu.co.uk";
github = "nickhu";
@ -7453,6 +7517,12 @@
githubId = 20923;
name = "Erik Timan";
};
olebedev = {
email = "ole6edev@gmail.com";
github = "olebedev";
githubId = 848535;
name = "Oleg Lebedev";
};
olejorgenb = {
email = "olejorgenb@yahoo.no";
github = "olejorgenb";
@ -8763,6 +8833,12 @@
githubId = 506953;
name = "Ruud van Asseldonk";
};
rvarago = {
email = "rafael.varago@gmail.com";
github = "rvarago";
githubId = 7365864;
name = "Rafael Varago";
};
rvl = {
email = "dev+nix@rodney.id.au";
github = "rvl";
@ -9959,6 +10035,12 @@
githubId = 27386;
name = "Milan Svoboda";
};
tfc = {
email = "jacek@galowicz.de";
github = "tfc";
githubId = 29044;
name = "Jacek Galowicz";
};
tg-x = {
email = "*@tg-x.net";
github = "tg-x";

16
nixos/doc/manual/installation/upgrading.xml
View File

@ -14,7 +14,7 @@
<para>
<emphasis>Stable channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-20.09">nixos-20.09</literal>.
xlink:href="https://nixos.org/channels/nixos-21.05">nixos-21.05</literal>.
These only get conservative bug fixes and package upgrades. For instance,
a channel update may cause the Linux kernel on your system to be upgraded
from 4.19.34 to 4.19.38 (a minor bug fix), but not from
@ -38,7 +38,7 @@
<para>
<emphasis>Small channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-20.09-small">nixos-20.09-small</literal>
xlink:href="https://nixos.org/channels/nixos-21.05-small">nixos-21.05-small</literal>
or
<literal
xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>.
@ -63,8 +63,8 @@
<para>
When you first install NixOS, youre automatically subscribed to the NixOS
channel that corresponds to your installation source. For instance, if you
installed from a 20.09 ISO, you will be subscribed to the
<literal>nixos-20.09</literal> channel. To see which NixOS channel youre
installed from a 21.05 ISO, you will be subscribed to the
<literal>nixos-21.05</literal> channel. To see which NixOS channel youre
subscribed to, run the following as root:
<screen>
<prompt># </prompt>nix-channel --list | grep nixos
@ -75,13 +75,13 @@ nixos https://nixos.org/channels/nixos-unstable
<prompt># </prompt>nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
</screen>
(Be sure to include the <literal>nixos</literal> parameter at the end.) For
instance, to use the NixOS 20.09 stable channel:
instance, to use the NixOS 21.05 stable channel:
<screen>
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09 nixos
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-21.05 nixos
</screen>
If you have a server, you may want to use the “small” channel instead:
<screen>
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09-small nixos
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-21.05-small nixos
</screen>
And if you want to live on the bleeding edge:
<screen>
@ -132,7 +132,7 @@ nixos https://nixos.org/channels/nixos-unstable
kernel, initrd or kernel modules.
You can also specify a channel explicitly, e.g.
<programlisting>
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-20.09;
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-21.05;
</programlisting>
</para>
</section>

312
nixos/doc/manual/release-notes/rl-2105.xml
View File

@ -3,8 +3,11 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-21.05">
<title>Release 21.05 (“Okapi”, 2021.05/??)</title>
<title>Release 21.05 (“Okapi”, 2021.05/31)</title>
<para>
Support is planned until the end of December 2021, handing over to 21.11.
</para>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
@ -18,113 +21,81 @@
</para>
<itemizedlist>
<listitem>
<para>
Support is planned until the end of December 2021, handing over to 21.11.
Core version changes:
</para>
</listitem>
<listitem>
<para>The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series.</para>
</listitem>
<listitem>
<para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para>
<itemizedlist>
<listitem>
<para>
gcc: 9.3.0 -> 10.3.0
</para>
</listitem>
<listitem>
<para>
glibc: 2.30 -> 2.32
</para>
</listitem>
<listitem>
<para>
default linux: 5.4 -> 5.10, all supported kernels available
</para>
</listitem>
<listitem>
<para>
mesa: 20.1.7 -> 21.0.1
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 was
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link>
packaged, along with a rewrite to the Nix expressions, allowing users to
override the features upstream supports selecting to compile or not to.
Additionally, the attribute <code>gnuradio</code> and <code>gnuradio3_7</code>
now point to an externally wrapped by default derivations, that allow you to
also add `extraPythonPackages` to the Python interpreter used by GNURadio.
Missing environmental variables needed for operational GUI were also added
(<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>).
Desktop Environments:
</para>
<itemizedlist>
<listitem>
<para>
Gnome: 3.36 -> 3.40, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.40/">release notes</link>
</para>
</listitem>
<listitem>
<para>
Plasma5: 5.18.5 -> 5.21.3
</para>
</listitem>
<listitem>
<para>
kdeApplications: 20.08.1 -> 20.12.3
</para>
</listitem>
<listitem>
<para>
cinnamon: 4.6 -> 4.8.1
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.gnuradio.org/">GNURadio</link> has a
<code>pkgs</code> attribute set, and there's a <code>gnuradio.callPackage</code>
function that extends <code>pkgs</code> with a <code>mkDerivation</code>, and a
<code>mkDerivationWith</code>, like Qt5. Now all <code>gnuradio.pkgs</code> are
defined with <code>gnuradio.callPackage</code> and some packages that depend
on gnuradio are defined with this as well.
Programming Languages and Frameworks:
</para>
<itemizedlist>
<listitem>
<para>
Python optimizations were disabled again. Builds with optimizations enabled
are not reproducible. Optimizations can now be enabled with an option.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated
to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>).
Compared to the previous release, Privoxy has gained support for HTTPS
inspection (still experimental), Brotli decompression, several new filters
and lots of bug fixes, including security ones. In addition, the package
is now built with compression and external filters support, which were
previously disabled.
</para>
<para>
Regarding the NixOS module, new options for HTTPS inspection have been added
and <option>services.privoxy.extraConfig</option> has been replaced by the new
<xref linkend="opt-services.privoxy.settings"/>
(See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link>
for the motivation).
</para>
</listitem>
<listitem>
<para>
Python optimizations were disabled again. Builds with optimizations enabled
are not reproducible. Optimizations can now be enabled with an option.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See
the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for
further details.
</para>
</listitem>
<listitem>
<para>
The <option>services.packagekit.backend</option> option has been removed as
it only supported a single setting which would always be the default.
Instead new <link
xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
0042</link> compliant <xref linkend="opt-services.packagekit.settings"/>
and <xref linkend="opt-services.packagekit.vendorSettings"/> options have
been introduced.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0.
Now nginx uses the zlib-ng library by default.
</para>
</listitem>
<listitem>
<para>
KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its
<link xlink:href="https://kde.org/announcements/gear/21.04/">release
notes</link> for details.
</para>
<para>
The <code>kdeApplications</code> package set is now <code>kdeGear</code>,
in keeping with the new name. The old name remains for compatibility, but
it is deprecated.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://libreswan.org/">Libreswan</link> has been updated
to version 4.4. The package now includes example configurations and manual
pages by default. The NixOS module has been changed to use the upstream
systemd units and write the configuration in the <literal>/etc/ipsec.d/
</literal> directory. In addition, two new options have been added to
specify connection policies
(<xref linkend="opt-services.libreswan.policies"/>)
and disable send/receive redirects
(<xref linkend="opt-services.libreswan.disableRedirects"/>).
</para>
<para>The <package>linux_latest</package> kernel was updated to the 5.12 series. It currently is not officially supported for use with the zfs filesystem. If you use zfs, you should use a different kernel version (either the LTS kernel, or track a specific one). </para>
</listitem>
</itemizedlist>
</section>
@ -140,6 +111,20 @@
</para>
<itemizedlist>
<listitem>
<para>
<link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 was
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link>
packaged, along with a rewrite to the Nix expressions, allowing users to
override the features upstream supports selecting to compile or not to.
Additionally, the attribute <code>gnuradio</code> and <code>gnuradio3_7</code>
now point to an externally wrapped by default derivations, that allow you to
also add `extraPythonPackages` to the Python interpreter used by GNURadio.
Missing environmental variables needed for operational GUI were also added
(<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>).
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.keycloak.org/">Keycloak</link>,
@ -192,6 +177,10 @@
</para>
<itemizedlist>
<listitem>
<para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para>
</listitem>
<listitem>
<para>
If you are using <option>services.udev.extraRules</option> to assign
@ -305,6 +294,24 @@
<literal>/var/lib/powerdns</literal> to <literal>/run/pdns</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>mediatomb</literal> service is
now using by default the new and maintained fork
<literal>gerbera</literal> package instead of the unmaintained
<literal>mediatomb</literal> package. If you want to keep the old
behavior, you must declare it with:
<programlisting>
services.mediatomb.package = pkgs.mediatomb;
</programlisting>
One new option <literal>openFirewall</literal> has been introduced which
defaults to false. If you relied on the service declaration to add the
firewall rules itself before, you should now declare it with:
<programlisting>
services.mediatomb.openFirewall = true;
</programlisting>
</para>
</listitem>
<listitem>
<para>
xfsprogs was update from 4.19 to 5.11. It now enables reflink support by default on filesystem creation.
@ -581,7 +588,7 @@ http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/e
<programlisting>
self: super:
{
mpi = super.mpich;
mpi = super.mpich;
}
</programlisting>
</para>
@ -785,6 +792,16 @@ environment.systemPackages = [
the deprecated <option>services.radicale.config</option> is used.
</para>
</listitem>
<listitem>
<para>
In the <option>security.acme</option> module, use of <literal>--reuse-key</literal>
parameter for Lego has been removed. It was introduced for HKPK, but this security
feature is now deprecated. It is a better security practice to rotate key pairs
instead of always keeping the same. If you need to keep this parameter, you can add
it back using <literal>extraLegoRenewFlags</literal> as an option for the
appropriate certificate.
</para>
</listitem>
</itemizedlist>
</section>
@ -804,6 +821,85 @@ environment.systemPackages = [
for details.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.gnuradio.org/">GNURadio</link> has a
<code>pkgs</code> attribute set, and there's a <code>gnuradio.callPackage</code>
function that extends <code>pkgs</code> with a <code>mkDerivation</code>, and a
<code>mkDerivationWith</code>, like Qt5. Now all <code>gnuradio.pkgs</code> are
defined with <code>gnuradio.callPackage</code> and some packages that depend
on gnuradio are defined with this as well.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated
to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>).
Compared to the previous release, Privoxy has gained support for HTTPS
inspection (still experimental), Brotli decompression, several new filters
and lots of bug fixes, including security ones. In addition, the package
is now built with compression and external filters support, which were
previously disabled.
</para>
<para>
Regarding the NixOS module, new options for HTTPS inspection have been added
and <option>services.privoxy.extraConfig</option> has been replaced by the new
<xref linkend="opt-services.privoxy.settings"/>
(See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link>
for the motivation).
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See
the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for
further details.
</para>
</listitem>
<listitem>
<para>
The <option>services.packagekit.backend</option> option has been removed as
it only supported a single setting which would always be the default.
Instead new <link
xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
0042</link> compliant <xref linkend="opt-services.packagekit.settings"/>
and <xref linkend="opt-services.packagekit.vendorSettings"/> options have
been introduced.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0.
Now nginx uses the zlib-ng library by default.
</para>
</listitem>
<listitem>
<para>
KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its
<link xlink:href="https://kde.org/announcements/gear/21.04/">release
notes</link> for details.
</para>
<para>
The <code>kdeApplications</code> package set is now <code>kdeGear</code>,
in keeping with the new name. The old name remains for compatibility, but
it is deprecated.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://libreswan.org/">Libreswan</link> has been updated
to version 4.4. The package now includes example configurations and manual
pages by default. The NixOS module has been changed to use the upstream
systemd units and write the configuration in the <literal>/etc/ipsec.d/
</literal> directory. In addition, two new options have been added to
specify connection policies
(<xref linkend="opt-services.libreswan.policies"/>)
and disable send/receive redirects
(<xref linkend="opt-services.libreswan.disableRedirects"/>).
</para>
</listitem>
<listitem>
<para>
The Mailman NixOS module (<literal>services.mailman</literal>) has a new
@ -844,6 +940,29 @@ environment.systemPackages = [
All services should use <xref linkend="opt-systemd.services._name_.startLimitIntervalSec" /> or <literal>StartLimitIntervalSec</literal> in <xref linkend="opt-systemd.services._name_.unitConfig" /> instead.
</para>
</listitem>
<listitem>
<para>
The <literal>mediatomb</literal> service
declares new options. It also adapts existing options so the
configuration generation is now lazy. The existing option
<literal>customCfg</literal> (defaults to false), when enabled, stops
the service configuration generation completely. It then expects the
users to provide their own correct configuration at the right location
(whereas the configuration was generated and not used at all before).
The new option <literal>transcodingOption</literal> (defaults to no)
allows a generated configuration. It makes the mediatomb service pulls
the necessary runtime dependencies in the nix store (whereas it was
generated with hardcoded values before). The new option
<literal>mediaDirectories</literal> allows the users to declare autoscan
media directories from their nixos configuration:
<programlisting>
services.mediatomb.mediaDirectories = [
{ path = "/var/lib/mediatomb/pictures"; recursive = false; hidden-files = false; }
{ path = "/var/lib/mediatomb/audio"; recursive = true; hidden-files = false; }
];
</programlisting>
</para>
</listitem>
<listitem>
<para>
The Unbound DNS resolver service (<literal>services.unbound</literal>) has been refactored to allow reloading, control sockets and to fix startup ordering issues.
@ -942,7 +1061,8 @@ environment.systemPackages = [
PulseAudio was upgraded to 14.0, with changes to the handling of default sinks.
See its <link xlink:href="https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/">release notes</link>.
</para>
</listitem>
<listitem>
<para>
GNOME users may wish to delete their <literal>~/.config/pulse</literal> due to the changes to stream routing
logic. See <link xlink:href="https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/832">PulseAudio bug 832</link>

8
nixos/lib/make-ext4-fs.nix
View File

@ -74,11 +74,9 @@ pkgs.stdenv.mkDerivation {
return 1
fi
echo "Resizing to minimum allowed size"
resize2fs -M $img
# And a final fsck, because of the previous truncating.
fsck.ext4 -n -f $img
# We may want to shrink the file system and resize the image to
# get rid of the unnecessary slack here--but see
# https://github.com/NixOS/nixpkgs/issues/125121 for caveats.
if [ ${builtins.toString compressImage} ]; then
echo "Compressing image"

6
nixos/lib/test-driver/test-driver.py
View File

@ -128,18 +128,18 @@ def create_vlan(vlan_nr: str) -> Tuple[str, str, "subprocess.Popen[bytes]", Any]
return (vlan_nr, vde_socket, vde_process, fd)
def retry(fn: Callable) -> None:
def retry(fn: Callable, timeout: int = 900) -> None:
"""Call the given function repeatedly, with 1 second intervals,
until it returns True or a timeout is reached.
"""
for _ in range(900):
for _ in range(timeout):
if fn(False):
return
time.sleep(1)
if not fn(True):
raise Exception("action timed out")
raise Exception(f"action timed out after {timeout} seconds")
class Logger:

4
nixos/modules/module-list.nix
View File

@ -398,6 +398,7 @@
./services/hardware/ratbagd.nix
./services/hardware/sane.nix
./services/hardware/sane_extra_backends/brscan4.nix
./services/hardware/sane_extra_backends/brscan5.nix
./services/hardware/sane_extra_backends/dsseries.nix
./services/hardware/spacenavd.nix
./services/hardware/tcsd.nix
@ -547,6 +548,7 @@
./services/misc/ripple-data-api.nix
./services/misc/serviio.nix
./services/misc/safeeyes.nix
./services/misc/sdrplay.nix
./services/misc/sickbeard.nix
./services/misc/siproxd.nix
./services/misc/snapper.nix
@ -945,6 +947,7 @@
./services/web-apps/nextcloud.nix
./services/web-apps/nexus.nix
./services/web-apps/plantuml-server.nix
./services/web-apps/plausible.nix
./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/matomo.nix
./services/web-apps/moinmoin.nix
@ -1112,6 +1115,7 @@
./virtualisation/openvswitch.nix
./virtualisation/parallels-guest.nix
./virtualisation/podman.nix
./virtualisation/podman-network-socket-ghostunnel.nix
./virtualisation/qemu-guest-agent.nix
./virtualisation/railcar.nix
./virtualisation/spice-usb-redirection.nix

2
nixos/modules/security/acme.nix
View File

@ -152,7 +152,7 @@ let
);
renewOpts = escapeShellArgs (
commonOpts
++ [ "renew" "--reuse-key" ]
++ [ "renew" ]
++ optionals data.ocspMustStaple [ "--must-staple" ]
++ data.extraLegoRenewFlags
);

2
nixos/modules/security/pam.nix
View File

@ -965,7 +965,7 @@ in
mr ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so,
'' +
optionalString (isEnabled (cfg: cfg.enableKwallet)) ''
mr ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so,
mr ${pkgs.plasma5Packages.kwallet-pam}/lib/security/pam_kwallet5.so,
'' +
optionalString config.virtualisation.lxc.lxcfs.enable ''
mr ${pkgs.lxc}/lib/security/pam_cgfs.so

12
nixos/modules/services/backup/duplicati.nix
View File

@ -54,11 +54,13 @@ in
};
};
users.users.duplicati = lib.optionalAttrs (cfg.user == "duplicati") {
uid = config.ids.uids.duplicati;
home = "/var/lib/duplicati";
createHome = true;
group = "duplicati";
users.users = lib.optionalAttrs (cfg.user == "duplicati") {
duplicati = {
uid = config.ids.uids.duplicati;
home = "/var/lib/duplicati";
createHome = true;
group = "duplicati";
};
};
users.groups.duplicati.gid = config.ids.gids.duplicati;

3
nixos/modules/services/cluster/kubernetes/default.nix
View File

@ -48,8 +48,9 @@ let
cluster = "local";
user = name;
};
current-context = "local";
name = "local";
}];
current-context = "local";
});
caCert = secret "ca";

3
nixos/modules/services/continuous-integration/buildkite-agents.nix
View File

@ -238,8 +238,7 @@ in
in
optionalString (cfg.privateSshKeyPath != null) ''
mkdir -m 0700 -p "${sshDir}"
cp -f "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa"
chmod 600 "${sshDir}"/id_rsa
install -m600 "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa"
'' + ''
cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF
token="$(cat ${toString cfg.tokenPath})"

26
nixos/modules/services/databases/firebird.nix
View File

@ -43,17 +43,15 @@ in
enable = mkEnableOption "the Firebird super server";
package = mkOption {
default = pkgs.firebirdSuper;
defaultText = "pkgs.firebirdSuper";
default = pkgs.firebird;
defaultText = "pkgs.firebird";
type = types.package;
/*
Example: <code>package = pkgs.firebirdSuper.override { icu =
pkgs.icu; };</code> which is not recommended for compatibility
reasons. See comments at the firebirdSuper derivation
*/
example = ''
<code>package = pkgs.firebird_3;</code>
'';
description = ''
Which firebird derivation to use.
Which Firebird package to be installed: <code>pkgs.firebird_3</code>
For SuperServer use override: <code>pkgs.firebird_3.override { superServer = true; };</code>
'';
};
@ -74,7 +72,7 @@ in
};
baseDir = mkOption {
default = "/var/db/firebird"; # ubuntu is using /var/lib/firebird/2.1/data/.. ?
default = "/var/lib/firebird";
type = types.str;
description = ''
Location containing data/ and system/ directories.
@ -111,6 +109,14 @@ in
cp ${firebird}/security2.fdb "${systemDir}"
fi
if ! test -e "${systemDir}/security3.fdb"; then
cp ${firebird}/security3.fdb "${systemDir}"
fi
if ! test -e "${systemDir}/security4.fdb"; then
cp ${firebird}/security4.fdb "${systemDir}"
fi
chmod -R 700 "${dataDir}" "${systemDir}" /var/log/firebird
'';

110
nixos/modules/services/hardware/sane_extra_backends/brscan5.nix Normal file
View File

@ -0,0 +1,110 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.sane.brscan5;
netDeviceList = attrValues cfg.netDevices;
etcFiles = pkgs.callPackage ./brscan5_etc_files.nix { netDevices = netDeviceList; };
netDeviceOpts = { name, ... }: {
options = {
name = mkOption {
type = types.str;
description = ''
The friendly name you give to the network device. If undefined,
the name of attribute will be used.
'';
example = literalExample "office1";
};
model = mkOption {
type = types.str;
description = ''
The model of the network device.
'';
example = literalExample "ADS-1200";
};
ip = mkOption {
type = with types; nullOr str;
default = null;
description = ''
The ip address of the device. If undefined, you will have to
provide a nodename.
'';
example = literalExample "192.168.1.2";
};
nodename = mkOption {
type = with types; nullOr str;
default = null;
description = ''
The node name of the device. If undefined, you will have to
provide an ip.
'';
example = literalExample "BRW0080927AFBCE";
};
};
config =
{ name = mkDefault name;
};
};
in
{
options = {
hardware.sane.brscan5.enable =
mkEnableOption "the Brother brscan5 sane backend";
hardware.sane.brscan5.netDevices = mkOption {
default = {};
example =
{ office1 = { model = "MFC-7860DW"; ip = "192.168.1.2"; };
office2 = { model = "MFC-7860DW"; nodename = "BRW0080927AFBCE"; };
};
type = with types; attrsOf (submodule netDeviceOpts);
description = ''
The list of network devices that will be registered against the brscan5
sane backend.
'';
};
};
config = mkIf (config.hardware.sane.enable && cfg.enable) {
hardware.sane.extraBackends = [
pkgs.brscan5
];
environment.etc."opt/brother/scanner/brscan5" =
{ source = "${etcFiles}/etc/opt/brother/scanner/brscan5"; };
environment.etc."opt/brother/scanner/models" =
{ source = "${etcFiles}/etc/opt/brother/scanner/brscan5/models"; };
environment.etc."sane.d/dll.d/brother5.conf".source = "${pkgs.brscan5}/etc/sane.d/dll.d/brother.conf";
assertions = [
{ assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList;
message = ''
When describing a network device as part of the attribute list
`hardware.sane.brscan5.netDevices`, only one of its `ip` or `nodename`
attribute should be specified, not both!
'';
}
];
};
}

77
nixos/modules/services/hardware/sane_extra_backends/brscan5_etc_files.nix Normal file
View File

@ -0,0 +1,77 @@
{ stdenv, lib, brscan5, netDevices ? [] }:
/*
Testing
-------
From nixpkgs repo
No net devices:
~~~
nix-build -E 'let pkgs = import ./. {};
brscan5-etc-files = pkgs.callPackage (import ./nixos/modules/services/hardware/sane_extra_backends/brscan5_etc_files.nix) {};
in brscan5-etc-files'
~~~
Two net devices:
~~~
nix-build -E 'let pkgs = import ./. {};
brscan5-etc-files = pkgs.callPackage (import ./nixos/modules/services/hardware/sane_extra_backends/brscan5_etc_files.nix) {};
in brscan5-etc-files.override {
netDevices = [
{name="a"; model="ADS-1200"; nodename="BRW0080927AFBCE";}
{name="b"; model="ADS-1200"; ip="192.168.1.2";}
];
}'
~~~
*/
let
addNetDev = nd: ''
brsaneconfig5 -a \
name="${nd.name}" \
model="${nd.model}" \
${if (lib.hasAttr "nodename" nd && nd.nodename != null) then
''nodename="${nd.nodename}"'' else
''ip="${nd.ip}"''}'';
addAllNetDev = xs: lib.concatStringsSep "\n" (map addNetDev xs);
in
stdenv.mkDerivation {
name = "brscan5-etc-files";
version = "1.2.6-0";
src = "${brscan5}/opt/brother/scanner/brscan5";
nativeBuildInputs = [ brscan5 ];
dontConfigure = true;
buildPhase = ''
TARGET_DIR="$out/etc/opt/brother/scanner/brscan5"
mkdir -p "$TARGET_DIR"
cp -rp "./models" "$TARGET_DIR"
cp -rp "./brscan5.ini" "$TARGET_DIR"
cp -rp "./brsanenetdevice.cfg" "$TARGET_DIR"
export NIX_REDIRECTS="/etc/opt/brother/scanner/brscan5/=$TARGET_DIR/"
printf '${addAllNetDev netDevices}\n'
${addAllNetDev netDevices}
'';
dontInstall = true;
meta = with lib; {
description = "Brother brscan5 sane backend driver etc files";
homepage = "https://www.brother.com";
platforms = platforms.linux;
license = licenses.unfree;
maintainers = with maintainers; [ mattchrist ];
};
}

35
nixos/modules/services/misc/sdrplay.nix Normal file
View File

@ -0,0 +1,35 @@
{ config, lib, pkgs, ... }:
with lib;
{
options.services.sdrplayApi = {
enable = mkOption {
default = false;
example = true;
description = ''
Whether to enable the SDRplay API service and udev rules.
<note><para>
To enable integration with SoapySDR and GUI applications like gqrx create an overlay containing
<literal>soapysdr-with-plugins = super.soapysdr.override { extraPackages = [ super.soapysdrplay ]; };</literal>
</para></note>
'';
type = lib.types.bool;
};
};
config = mkIf config.services.sdrplayApi.enable {
systemd.services.sdrplayApi = {
description = "SDRplay API Service";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.sdrplay}/bin/sdrplay_apiService";
DynamicUser = true;
Restart = "on-failure";
RestartSec = "1s";
};
};
services.udev.packages = [ pkgs.sdrplay ];
};
}

14
nixos/modules/services/networking/wireguard.nix
View File

@ -244,17 +244,6 @@ let
};
generatePathUnit = name: values:
assert (values.privateKey == null);
assert (values.privateKeyFile != null);
nameValuePair "wireguard-${name}"
{
description = "WireGuard Tunnel - ${name} - Private Key";
requiredBy = [ "wireguard-${name}.service" ];
before = [ "wireguard-${name}.service" ];
pathConfig.PathExists = values.privateKeyFile;
};
generateKeyServiceUnit = name: values:
assert values.generatePrivateKeyFile;
nameValuePair "wireguard-${name}-key"
@ -509,9 +498,6 @@ in
// (mapAttrs' generateKeyServiceUnit
(filterAttrs (name: value: value.generatePrivateKeyFile) cfg.interfaces));
systemd.paths = mapAttrs' generatePathUnit
(filterAttrs (name: value: value.privateKeyFile != null) cfg.interfaces);
});
}

41
nixos/modules/services/web-apps/discourse.nix
View File

@ -5,11 +5,16 @@ let
cfg = config.services.discourse;
# Keep in sync with https://github.com/discourse/discourse_docker/blob/master/image/base/Dockerfile#L5
upstreamPostgresqlVersion = lib.getVersion pkgs.postgresql_13;
postgresqlPackage = if config.services.postgresql.enable then
config.services.postgresql.package
else
pkgs.postgresql;
postgresqlVersion = lib.getVersion postgresqlPackage;
# We only want to create a database if we're actually going to connect to it.
databaseActuallyCreateLocally = cfg.database.createLocally && cfg.database.host == null;
@ -263,6 +268,17 @@ in
Discourse database user.
'';
};
ignorePostgresqlVersion = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to allow other versions of PostgreSQL than the
recommended one. Only effective when
<option>services.discourse.database.createLocally</option>
is enabled.
'';
};
};
redis = {
@ -398,6 +414,14 @@ in
How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
'';
};
forceTLS = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Force implicit TLS as per RFC 8314 3.3.
'';
};
};
incoming = {
@ -497,6 +521,12 @@ in
assertion = cfg.hostname != "";
message = "Could not automatically determine hostname, set service.discourse.hostname manually.";
}
{
assertion = cfg.database.ignorePostgresqlVersion || (databaseActuallyCreateLocally -> upstreamPostgresqlVersion == postgresqlVersion);
message = "The PostgreSQL version recommended for use with Discourse is ${upstreamPostgresqlVersion}, you're using ${postgresqlVersion}. "
+ "Either update your PostgreSQL package to the correct version or set services.discourse.database.ignorePostgresqlVersion. "
+ "See https://nixos.org/manual/nixos/stable/index.html#module-postgresql for details on how to upgrade PostgreSQL.";
}
];
@ -530,6 +560,7 @@ in
smtp_authentication = cfg.mail.outgoing.authentication;
smtp_enable_start_tls = cfg.mail.outgoing.enableStartTLSAuto;
smtp_openssl_verify_mode = cfg.mail.outgoing.opensslVerifyMode;
smtp_force_tls = cfg.mail.outgoing.forceTLS;
load_mini_profiler = true;
mini_profiler_snapshots_period = 0;
@ -542,8 +573,8 @@ in
redis_host = cfg.redis.host;
redis_port = 6379;
redis_slave_host = null;
redis_slave_port = 6379;
redis_replica_host = null;
redis_replica_port = 6379;
redis_db = cfg.redis.dbNumber;
redis_password = cfg.redis.passwordFile;
redis_skip_client_commands = false;
@ -552,8 +583,8 @@ in
message_bus_redis_enabled = false;
message_bus_redis_host = "localhost";
message_bus_redis_port = 6379;
message_bus_redis_slave_host = null;
message_bus_redis_slave_port = 6379;
message_bus_redis_replica_host = null;
message_bus_redis_replica_port = 6379;
message_bus_redis_db = 0;
message_bus_redis_password = null;
message_bus_redis_skip_client_commands = false;
@ -606,6 +637,7 @@ in
allowed_theme_repos = null;
enable_email_sync_demon = false;
max_digests_enqueued_per_30_mins_per_site = 10000;
cluster_name = null;
};
services.redis.enable = lib.mkDefault (cfg.redis.host == "localhost");
@ -667,6 +699,7 @@ in
environment = cfg.package.runtimeEnv // {
UNICORN_TIMEOUT = builtins.toString cfg.unicornTimeout;
UNICORN_SIDEKIQS = builtins.toString cfg.sidekiqProcesses;
MALLOC_ARENA_MAX = "2";
};
preStart =

273
nixos/modules/services/web-apps/plausible.nix Normal file
View File

@ -0,0 +1,273 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.services.plausible;
# FIXME consider using LoadCredential as soon as it actually works.
envSecrets = ''
export ADMIN_USER_PWD="$(<${cfg.adminUser.passwordFile})"
export SECRET_KEY_BASE="$(<${cfg.server.secretKeybaseFile})"
${optionalString (cfg.mail.smtp.passwordFile != null) ''
export SMTP_USER_PWD="$(<${cfg.mail.smtp.passwordFile})"
''}
'';
in {
options.services.plausible = {
enable = mkEnableOption "plausible";
adminUser = {
name = mkOption {
default = "admin";
type = types.str;
description = ''
Name of the admin user that plausible will created on initial startup.
'';
};
email = mkOption {
type = types.str;
example = "admin@localhost";
description = ''
Email-address of the admin-user.
'';
};
passwordFile = mkOption {
type = types.either types.str types.path;
description = ''
Path to the file which contains the password of the admin user.
'';
};
activate = mkEnableOption "activating the freshly created admin-user";
};
database = {
clickhouse = {
setup = mkEnableOption "creating a clickhouse instance" // { default = true; };
url = mkOption {
default = "http://localhost:8123/default";
type = types.str;
description = ''
The URL to be used to connect to <package>clickhouse</package>.
'';
};
};
postgres = {
setup = mkEnableOption "creating a postgresql instance" // { default = true; };
dbname = mkOption {
default = "plausible";
type = types.str;
description = ''
Name of the database to use.
'';
};
socket = mkOption {
default = "/run/postgresql";
type = types.str;
description = ''
Path to the UNIX domain-socket to communicate with <package>postgres</package>.
'';
};
};
};
server = {
disableRegistration = mkOption {
default = true;
type = types.bool;
description = ''
Whether to prohibit creating an account in plausible's UI.
'';
};
secretKeybaseFile = mkOption {
type = types.either types.path types.str;
description = ''
Path to the secret used by the <literal>phoenix</literal>-framework. Instructions
how to generate one are documented in the
<link xlink:href="https://hexdocs.pm/phoenix/Mix.Tasks.Phx.Gen.Secret.html#content">
framework docs</link>.
'';
};
port = mkOption {
default = 8000;
type = types.port;
description = ''
Port where the service should be available.
'';
};
baseUrl = mkOption {
type = types.str;
description = ''
Public URL where plausible is available.
'';
};
};
mail = {
email = mkOption {
default = "hello@plausible.local";
type = types.str;
description = ''
The email id to use for as <emphasis>from</emphasis> address of all communications
from Plausible.
'';
};
smtp = {
hostAddr = mkOption {
default = "localhost";
type = types.str;
description = ''
The host address of your smtp server.
'';
};
hostPort = mkOption {
default = 25;
type = types.port;
description = ''
The port of your smtp server.
'';
};
user = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
The username/email in case SMTP auth is enabled.
'';
};
passwordFile = mkOption {
default = null;
type = with types; nullOr (either str path);
description = ''
The path to the file with the password in case SMTP auth is enabled.
'';
};
enableSSL = mkEnableOption "SSL when connecting to the SMTP server";
retries = mkOption {
type = types.ints.unsigned;
default = 2;
description = ''
Number of retries to make until mailer gives up.
'';
};
};
};
};
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.adminUser.activate -> cfg.database.postgres.setup;
message = ''
Unable to automatically activate the admin-user if no locally managed DB for
postgres (`services.plausible.database.postgres.setup') is enabled!
'';
}
];
services.postgresql = mkIf cfg.database.postgres.setup {
enable = true;
};
services.clickhouse = mkIf cfg.database.clickhouse.setup {
enable = true;
};
systemd.services = mkMerge [
{
plausible = {
inherit (pkgs.plausible.meta) description;
documentation = [ "https://plausible.io/docs/self-hosting" ];
wantedBy = [ "multi-user.target" ];
after = optional cfg.database.postgres.setup "plausible-postgres.service";
requires = optional cfg.database.clickhouse.setup "clickhouse.service"
++ optionals cfg.database.postgres.setup [
"postgresql.service"
"plausible-postgres.service"
];
environment = {
# NixOS specific option to avoid that it's trying to write into its store-path.
# See also https://github.com/lau/tzdata#data-directory-and-releases
TZDATA_DIR = "/var/lib/plausible/elixir_tzdata";
# Configuration options from
# https://plausible.io/docs/self-hosting-configuration
PORT = toString cfg.server.port;
DISABLE_REGISTRATION = boolToString cfg.server.disableRegistration;
RELEASE_TMP = "/var/lib/plausible/tmp";
ADMIN_USER_NAME = cfg.adminUser.name;
ADMIN_USER_EMAIL = cfg.adminUser.email;
DATABASE_SOCKET_DIR = cfg.database.postgres.socket;
DATABASE_NAME = cfg.database.postgres.dbname;
CLICKHOUSE_DATABASE_URL = cfg.database.clickhouse.url;
BASE_URL = cfg.server.baseUrl;
MAILER_EMAIL = cfg.mail.email;
SMTP_HOST_ADDR = cfg.mail.smtp.hostAddr;
SMTP_HOST_PORT = toString cfg.mail.smtp.hostPort;
SMTP_RETRIES = toString cfg.mail.smtp.retries;
SMTP_HOST_SSL_ENABLED = boolToString cfg.mail.smtp.enableSSL;
SELFHOST = "true";
} // (optionalAttrs (cfg.mail.smtp.user != null) {
SMTP_USER_NAME = cfg.mail.smtp.user;
});
path = [ pkgs.plausible ]
++ optional cfg.database.postgres.setup config.services.postgresql.package;
serviceConfig = {
DynamicUser = true;
PrivateTmp = true;
WorkingDirectory = "/var/lib/plausible";
StateDirectory = "plausible";
ExecStartPre = "@${pkgs.writeShellScript "plausible-setup" ''
${envSecrets}
${pkgs.plausible}/createdb.sh
${pkgs.plausible}/migrate.sh
${optionalString cfg.adminUser.activate ''
if ! ${pkgs.plausible}/init-admin.sh | grep 'already exists'; then
psql -d plausible <<< "UPDATE users SET email_verified=true;"
fi
''}
''} plausible-setup";
ExecStart = "@${pkgs.writeShellScript "plausible" ''
${envSecrets}
plausible start
''} plausible";
};
};
}
(mkIf cfg.database.postgres.setup {
# `plausible' requires the `citext'-extension.
plausible-postgres = {
after = [ "postgresql.service" ];
bindsTo = [ "postgresql.service" ];
requiredBy = [ "plausible.service" ];
partOf = [ "plausible.service" ];
serviceConfig.Type = "oneshot";
unitConfig.ConditionPathExists = "!/var/lib/plausible/.db-setup";
script = ''
mkdir -p /var/lib/plausible/
PSQL() {
/run/wrappers/bin/sudo -Hu postgres ${config.services.postgresql.package}/bin/psql --port=5432 "$@"
}
PSQL -tAc "CREATE ROLE plausible WITH LOGIN;"
PSQL -tAc "CREATE DATABASE plausible WITH OWNER plausible;"
PSQL -d plausible -tAc "CREATE EXTENSION IF NOT EXISTS citext;"
touch /var/lib/plausible/.db-setup
'';
};
})
];
};
meta.maintainers = with maintainers; [ ma27 ];
meta.doc = ./plausible.xml;
}

51
nixos/modules/services/web-apps/plausible.xml Normal file
View File

@ -0,0 +1,51 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-services-plausible">
<title>Plausible</title>
<para>
<link xlink:href="https://plausible.io/">Plausible</link> is a privacy-friendly alternative to
Google analytics.
</para>
<section xml:id="module-services-plausible-basic-usage">
<title>Basic Usage</title>
<para>
At first, a secret key is needed to be generated. This can be done with e.g.
<screen><prompt>$ </prompt>openssl rand -base64 64</screen>
</para>
<para>
After that, <package>plausible</package> can be deployed like this:
<programlisting>{
services.plausible = {
<link linkend="opt-services.plausible.enable">enable</link> = true;
adminUser = {
<link linkend="opt-services.plausible.adminUser.activate">activate</link> = true; <co xml:id='ex-plausible-cfg-activate' />
<link linkend="opt-services.plausible.adminUser.email">email</link> = "admin@localhost";
<link linkend="opt-services.plausible.adminUser.passwordFile">passwordFile</link> = "/run/secrets/plausible-admin-pwd";
};
server = {
<link linkend="opt-services.plausible.server.baseUrl">baseUrl</link> = "http://analytics.example.org";
<link linkend="opt-services.plausible.server.secretKeybaseFile">secretKeybaseFile</link> = "/run/secrets/plausible-secret-key-base"; <co xml:id='ex-plausible-cfg-secretbase' />
};
};
}</programlisting>
<calloutlist>
<callout arearefs='ex-plausible-cfg-activate'>
<para>
<varname>activate</varname> is used to skip the email verification of the admin-user that's
automatically created by <package>plausible</package>. This is only supported if
<package>postgresql</package> is configured by the module. This is done by default, but
can be turned off with <xref linkend="opt-services.plausible.database.postgres.setup" />.
</para>
</callout>
<callout arearefs='ex-plausible-cfg-secretbase'>
<para>
<varname>secretKeybaseFile</varname> is a path to the file which contains the secret generated
with <package>openssl</package> as described above.
</para>
</callout>
</calloutlist>
</para>
</section>
</chapter>

13
nixos/modules/services/web-apps/trilium.nix
View File

@ -9,6 +9,7 @@ let
# Disable automatically generating desktop icon
noDesktopIcon=true
noBackup=${lib.boolToString cfg.noBackup}
[Network]
# host setting is relevant only for web deployments - set the host on which the server will listen
@ -28,7 +29,7 @@ in
type = types.str;
default = "/var/lib/trilium";
description = ''
The directory storing the nodes database and the configuration.
The directory storing the notes database and the configuration.
'';
};
@ -40,6 +41,14 @@ in
'';
};
noBackup = mkOption {
type = types.bool;
default = false;
description = ''
Disable periodic database backups.
'';
};
host = mkOption {
type = types.str;
default = "127.0.0.1";
@ -85,7 +94,7 @@ in
config = lib.mkIf cfg.enable (lib.mkMerge [
{
meta.maintainers = with lib.maintainers; [ ];
meta.maintainers = with lib.maintainers; [ fliegendewurst ];
users.groups.trilium = {};
users.users.trilium = {

4
nixos/modules/services/web-apps/wordpress.nix
View File

@ -61,8 +61,10 @@ let
?>
'';
secretsVars = [ "AUTH_KEY" "SECURE_AUTH_KEY" "LOOGGED_IN_KEY" "NONCE_KEY" "AUTH_SALT" "SECURE_AUTH_SALT" "LOGGED_IN_SALT" "NONCE_SALT" ];
secretsVars = [ "AUTH_KEY" "SECURE_AUTH_KEY" "LOGGED_IN_KEY" "NONCE_KEY" "AUTH_SALT" "SECURE_AUTH_SALT" "LOGGED_IN_SALT" "NONCE_SALT" ];
secretsScript = hostStateDir: ''
# The match in this line is not a typo, see https://github.com/NixOS/nixpkgs/pull/124839
grep -q "LOOGGED_IN_KEY" "${hostStateDir}/secret-keys.php" && rm "${hostStateDir}/secret-keys.php"
if ! test -e "${hostStateDir}/secret-keys.php"; then
umask 0177
echo "<?php" >> "${hostStateDir}/secret-keys.php"

64
nixos/modules/services/x11/desktop-managers/gnome.nix
View File

@ -56,6 +56,12 @@ let
'';
flashbackEnabled = cfg.flashback.enableMetacity || length cfg.flashback.customSessions > 0;
flashbackWms = optional cfg.flashback.enableMetacity {
wmName = "metacity";
wmLabel = "Metacity";
wmCommand = "${pkgs.gnome.metacity}/bin/metacity";
enableGnomePanel = true;
} ++ cfg.flashback.customSessions;
notExcluded = pkg: mkDefault (!(lib.elem pkg config.environment.gnome.excludePackages));
@ -222,14 +228,14 @@ in
type = types.listOf (types.submodule {
options = {
wmName = mkOption {
type = types.str;
description = "The filename-compatible name of the window manager to use.";
type = types.strMatching "[a-zA-Z0-9_-]+";
description = "A unique identifier for the window manager.";
example = "xmonad";
};
wmLabel = mkOption {
type = types.str;
description = "The pretty name of the window manager to use.";
description = "The name of the window manager to show in the session chooser.";
example = "XMonad";
};
@ -238,11 +244,29 @@ in
description = "The executable of the window manager to use.";
example = "\${pkgs.haskellPackages.xmonad}/bin/xmonad";
};
enableGnomePanel = mkOption {
type = types.bool;
default = true;
example = "false";
description = "Whether to enable the GNOME panel in this session.";
};
};
});
default = [];
description = "Other GNOME Flashback sessions to enable.";
};
panelModulePackages = mkOption {
default = [ pkgs.gnome.gnome-applets ];
type = types.listOf types.path;
description = ''
Packages containing modules that should be made available to <literal>gnome-panel</literal> (usually for applets).
If you're packaging something to use here, please install the modules in <literal>$out/lib/gnome-panel/modules</literal>.
'';
example = literalExample "[ pkgs.gnome.gnome-applets ]";
};
};
};
@ -295,14 +319,19 @@ in
})
(mkIf flashbackEnabled {
services.xserver.displayManager.sessionPackages = map
(wm: pkgs.gnome.gnome-flashback.mkSessionForWm {
inherit (wm) wmName wmLabel wmCommand;
}) (optional cfg.flashback.enableMetacity {
wmName = "metacity";
wmLabel = "Metacity";
wmCommand = "${pkgs.gnome.metacity}/bin/metacity";
} ++ cfg.flashback.customSessions);
services.xserver.displayManager.sessionPackages =
let
wmNames = map (wm: wm.wmName) flashbackWms;
namesAreUnique = lib.unique wmNames == wmNames;
in
assert (assertMsg namesAreUnique "Flashback WM names must be unique.");
map
(wm:
pkgs.gnome.gnome-flashback.mkSessionForWm {
inherit (wm) wmName wmLabel wmCommand enableGnomePanel;
inherit (cfg.flashback) panelModulePackages;
}
) flashbackWms;
security.pam.services.gnome-flashback = {
enableGnomeKeyring = true;
@ -310,15 +339,12 @@ in
systemd.packages = with pkgs.gnome; [
gnome-flashback
] ++ (map
(wm: gnome-flashback.mkSystemdTargetForWm {
inherit (wm) wmName;
}) cfg.flashback.customSessions);
] ++ map gnome-flashback.mkSystemdTargetForWm flashbackWms;
# gnome-panel needs these for menu applet
environment.sessionVariables.XDG_DATA_DIRS = [ "${pkgs.gnome.gnome-flashback}/share" ];
# TODO: switch to sessionVariables (resolve conflict)
environment.variables.XDG_CONFIG_DIRS = [ "${pkgs.gnome.gnome-flashback}/etc/xdg" ];
# gnome-panel needs these for menu applet
environment.sessionVariables.XDG_DATA_DIRS = [ "${pkgs.gnome.gnome-flashback}/share" ];
# TODO: switch to sessionVariables (resolve conflict)
environment.variables.XDG_CONFIG_DIRS = [ "${pkgs.gnome.gnome-flashback}/etc/xdg" ];
})
(mkIf serviceCfg.core-os-services.enable {

1
nixos/modules/services/x11/desktop-managers/gnome.xml
View File

@ -120,6 +120,7 @@
wmName = "xmonad";
wmLabel = "XMonad";
wmCommand = "${pkgs.haskellPackages.xmonad}/bin/xmonad";
enableGnomePanel = false;
}
];
</programlisting>

45
nixos/modules/virtualisation/containerd.nix
View File

@ -1,10 +1,20 @@
{ pkgs, lib, config, ... }:
let
cfg = config.virtualisation.containerd;
containerdConfigChecked = pkgs.runCommand "containerd-config-checked.toml" { nativeBuildInputs = [pkgs.containerd]; } ''
containerd -c ${cfg.configFile} config dump >/dev/null
ln -s ${cfg.configFile} $out
configFile = if cfg.configFile == null then
settingsFormat.generate "containerd.toml" cfg.settings
else
cfg.configFile;
containerdConfigChecked = pkgs.runCommand "containerd-config-checked.toml" {
nativeBuildInputs = [ pkgs.containerd ];
} ''
containerd -c ${configFile} config dump >/dev/null
ln -s ${configFile} $out
'';
settingsFormat = pkgs.formats.toml {};
in
{
@ -13,10 +23,21 @@ in
configFile = lib.mkOption {
default = null;
description = "path to containerd config file";
description = ''
Path to containerd config file.
Setting this option will override any configuration applied by the settings option.
'';
type = nullOr path;
};
settings = lib.mkOption {
type = settingsFormat.type;
default = {};
description = ''
Verbatim lines to add to containerd.toml
'';
};
args = lib.mkOption {
default = {};
description = "extra args to append to the containerd cmdline";
@ -25,9 +46,19 @@ in
};
config = lib.mkIf cfg.enable {
virtualisation.containerd.args.config = lib.mkIf (cfg.configFile != null) (toString containerdConfigChecked);
warnings = lib.optional (cfg.configFile != null) ''
`virtualisation.containerd.configFile` is deprecated. use `virtualisation.containerd.settings` instead.
'';
environment.systemPackages = [pkgs.containerd];
virtualisation.containerd = {
args.config = toString containerdConfigChecked;
settings = {
plugins.cri.containerd.snapshotter = lib.mkIf config.boot.zfs.enabled "zfs";
plugins.cri.cni.bin_dir = lib.mkDefault "${pkgs.cni-plugins}/bin";
};
};
environment.systemPackages = [ pkgs.containerd ];
systemd.services.containerd = {
description = "containerd - container runtime";
@ -37,7 +68,7 @@ in
containerd
runc
iptables
];
] ++ lib.optional config.boot.zfs.enabled config.boot.zfs.package;
serviceConfig = {
ExecStart = ''${pkgs.containerd}/bin/containerd ${lib.concatStringsSep " " (lib.cli.toGNUCommandLine {} cfg.args)}'';
Delegate = "yes";

31
nixos/modules/virtualisation/containers.nix
View File

@ -48,6 +48,29 @@ in
description = "containers.conf configuration";
};
containersConf.cniPlugins = mkOption {
type = types.listOf types.package;
defaultText = ''
[
pkgs.cni-plugins
]
'';
example = lib.literalExample ''
[
pkgs.cniPlugins.dnsname
]
'';
description = ''
CNI plugins to install on the system.
'';
};
storage.settings = mkOption {
type = toml.type;
default = {};
description = "storage.conf configuration";
};
registries = {
search = mkOption {
type = types.listOf types.str;
@ -97,8 +120,11 @@ in
};
config = lib.mkIf cfg.enable {
virtualisation.containers.containersConf.cniPlugins = [ pkgs.cni-plugins ];
virtualisation.containers.containersConf.settings = {
network.cni_plugin_dirs = [ "${pkgs.cni-plugins}/bin/" ];
network.cni_plugin_dirs = map (p: "${lib.getBin p}/bin") cfg.containersConf.cniPlugins;
engine = {
init_path = "${pkgs.catatonit}/bin/catatonit";
} // lib.optionalAttrs cfg.ociSeccompBpfHook.enable {
@ -109,6 +135,9 @@ in
environment.etc."containers/containers.conf".source =
toml.generate "containers.conf" cfg.containersConf.settings;
environment.etc."containers/storage.conf".source =
toml.generate "storage.conf" cfg.storage.settings;
environment.etc."containers/registries.conf".source = toml.generate "registries.conf" {
registries = lib.mapAttrs (n: v: { registries = v; }) cfg.registries;
};

2
nixos/modules/virtualisation/libvirtd.nix
View File

@ -160,7 +160,7 @@ in {
etc."qemu/bridge.conf".text = lib.concatMapStringsSep "\n" (e:
"allow ${e}") cfg.allowedBridges;
systemPackages = with pkgs; [ libressl.nc iptables cfg.package cfg.qemuPackage ];
etc.ethertypes.source = "${pkgs.iptables}/etc/ethertypes";
etc.ethertypes.source = "${pkgs.ebtables}/etc/ethertypes";
};
boot.kernelModules = [ "tun" ];

36
nixos/modules/virtualisation/podman-dnsname.nix Normal file
View File

@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkOption
mkIf
types
;
cfg = config.virtualisation.podman;
in
{
options = {
virtualisation.podman = {
defaultNetwork.dnsname.enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable DNS resolution in the default podman network.
'';
};
};
};
config = {
virtualisation.containers.containersConf.cniPlugins = mkIf cfg.defaultNetwork.dnsname.enable [ pkgs.dnsname-cni ];
virtualisation.podman.defaultNetwork.extraPlugins =
lib.optional cfg.defaultNetwork.dnsname.enable {
type = "dnsname";
domainName = "dns.podman";
capabilities.aliases = true;
};
};
}

34
nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, lib, pkg, ... }:
let
inherit (lib)
mkOption
types
;
cfg = config.virtualisation.podman.networkSocket;
in
{
options.virtualisation.podman.networkSocket = {
server = mkOption {
type = types.enum [ "ghostunnel" ];
};
};
config = lib.mkIf (cfg.enable && cfg.server == "ghostunnel") {
services.ghostunnel = {
enable = true;
servers."podman-socket" = {
inherit (cfg.tls) cert key cacert;
listen = "${cfg.listenAddress}:${toString cfg.port}";
target = "unix:/run/podman/podman.sock";
allowAll = lib.mkDefault true;
};
};
systemd.services.ghostunnel-server-podman-socket.serviceConfig.SupplementaryGroups = ["podman"];
};
meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
}

91
nixos/modules/virtualisation/podman-network-socket.nix Normal file
View File

@ -0,0 +1,91 @@
{ config, lib, pkg, ... }:
let
inherit (lib)
mkOption
types
;
cfg = config.virtualisation.podman.networkSocket;
in
{
options.virtualisation.podman.networkSocket = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Make the Podman and Docker compatibility API available over the network
with TLS client certificate authentication.
This allows Docker clients to connect with the equivalents of the Docker
CLI <code>-H</code> and <code>--tls*</code> family of options.
For certificate setup, see https://docs.docker.com/engine/security/protect-access/
This option is independent of <xref linkend="opt-virtualisation.podman.dockerSocket.enable"/>.
'';
};
server = mkOption {
type = types.enum [];
description = ''
Choice of TLS proxy server.
'';
example = "ghostunnel";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open the port in the firewall.
'';
};
tls.cacert = mkOption {
type = types.path;
description = ''
Path to CA certificate to use for client authentication.
'';
};
tls.cert = mkOption {
type = types.path;
description = ''
Path to certificate describing the server.
'';
};
tls.key = mkOption {
type = types.path;
description = ''
Path to the private key corresponding to the server certificate.
Use a string for this setting. Otherwise it will be copied to the Nix
store first, where it is readable by any system process.
'';
};
port = mkOption {
type = types.port;
default = 2376;
description = ''
TCP port number for receiving TLS connections.
'';
};
listenAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
Interface address for receiving TLS connections.
'';
};
};
config = {
networking.firewall.allowedTCPPorts =
lib.optional (cfg.enable && cfg.openFirewall) cfg.port;
};
meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
}

65
nixos/modules/virtualisation/podman.nix
View File

@ -1,7 +1,8 @@
{ config, lib, pkgs, utils, ... }:
{ config, lib, pkgs, ... }:
let
cfg = config.virtualisation.podman;
toml = pkgs.formats.toml { };
json = pkgs.formats.json { };
inherit (lib) mkOption types;
@ -22,9 +23,24 @@ let
done
'';
net-conflist = pkgs.runCommand "87-podman-bridge.conflist" {
nativeBuildInputs = [ pkgs.jq ];
extraPlugins = builtins.toJSON cfg.defaultNetwork.extraPlugins;
jqScript = ''
. + { "plugins": (.plugins + $extraPlugins) }
'';
} ''
jq <${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist \
--argjson extraPlugins "$extraPlugins" \
"$jqScript" \
>$out
'';
in
{
imports = [
./podman-dnsname.nix
./podman-network-socket.nix
(lib.mkRenamedOptionModule [ "virtualisation" "podman" "libpod" ] [ "virtualisation" "containers" "containersConf" ])
];
@ -46,6 +62,20 @@ in
'';
};
dockerSocket.enable = mkOption {
type = types.bool;
default = false;
description = ''
Make the Podman socket available in place of the Docker socket, so
Docker tools can find the Podman socket.
Podman implements the Docker API.
Users must be in the <code>podman</code> group in order to connect. As
with Docker, members of this group can gain root access.
'';
};
dockerCompat = mkOption {
type = types.bool;
default = false;
@ -84,6 +114,13 @@ in
'';
};
defaultNetwork.extraPlugins = lib.mkOption {
type = types.listOf json.type;
default = [];
description = ''
Extra CNI plugin configurations to add to podman's default network.
'';
};
};
@ -92,7 +129,7 @@ in
environment.systemPackages = [ cfg.package ]
++ lib.optional cfg.dockerCompat dockerCompat;
environment.etc."cni/net.d/87-podman-bridge.conflist".source = utils.copyFile "${pkgs.podman-unwrapped.src}/cni/87-podman-bridge.conflist";
environment.etc."cni/net.d/87-podman-bridge.conflist".source = net-conflist;
virtualisation.containers = {
enable = true; # Enable common /etc/containers configuration
@ -111,14 +148,36 @@ in
};
systemd.sockets.podman.wantedBy = [ "sockets.target" ];
systemd.sockets.podman.socketConfig.SocketGroup = "podman";
systemd.tmpfiles.packages = [ cfg.package ];
systemd.tmpfiles.packages = [
# The /run/podman rule interferes with our podman group, so we remove
# it and let the systemd socket logic take care of it.
(pkgs.runCommand "podman-tmpfiles-nixos" { package = cfg.package; } ''
mkdir -p $out/lib/tmpfiles.d/
grep -v 'D! /run/podman 0700 root root' \
<$package/lib/tmpfiles.d/podman.conf \
>$out/lib/tmpfiles.d/podman.conf
'') ];
systemd.tmpfiles.rules =
lib.optionals cfg.dockerSocket.enable [
"L! /run/docker.sock - - - - /run/podman/podman.sock"
];
users.groups.podman = {};
assertions = [
{
assertion = cfg.dockerCompat -> !config.virtualisation.docker.enable;
message = "Option dockerCompat conflicts with docker";
}
{
assertion = cfg.dockerSocket.enable -> !config.virtualisation.docker.enable;
message = ''
The options virtualisation.podman.dockerSocket.enable and virtualisation.docker.enable conflict, because only one can serve the socket.
'';
}
];
}
]);

5
nixos/tests/all-tests.nix
View File

@ -52,7 +52,7 @@ in
buildkite-agents = handleTest ./buildkite-agents.nix {};
caddy = handleTest ./caddy.nix {};
cadvisor = handleTestOn ["x86_64-linux"] ./cadvisor.nix {};
cage = handleTestOn ["x86_64-linux"] ./cage.nix {};
cage = handleTest ./cage.nix {};
cagebreak = handleTest ./cagebreak.nix {};
calibre-web = handleTest ./calibre-web.nix {};
cassandra_2_1 = handleTest ./cassandra.nix { testPackage = pkgs.cassandra_2_1; };
@ -330,11 +330,14 @@ in
php80 = handleTest ./php { php = pkgs.php80; };
pinnwand = handleTest ./pinnwand.nix {};
plasma5 = handleTest ./plasma5.nix {};
plausible = handleTest ./plausible.nix {};
pleroma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./pleroma.nix {};
plikd = handleTest ./plikd.nix {};
plotinus = handleTest ./plotinus.nix {};
podgrab = handleTest ./podgrab.nix {};
podman = handleTestOn ["x86_64-linux"] ./podman.nix {};
podman-dnsname = handleTestOn ["x86_64-linux"] ./podman-dnsname.nix {};
podman-tls-ghostunnel = handleTestOn ["x86_64-linux"] ./podman-tls-ghostunnel.nix {};
pomerium = handleTestOn ["x86_64-linux"] ./pomerium.nix {};
postfix = handleTest ./postfix.nix {};
postfix-raise-smtpd-tls-security-level = handleTest ./postfix-raise-smtpd-tls-security-level.nix {};

42
nixos/tests/brscan5.nix Normal file
View File

@ -0,0 +1,42 @@
# integration tests for brscan5 sane driver
#
import ./make-test-python.nix ({ pkgs, ...} : {
name = "brscan5";
meta = with pkgs.lib.maintainers; {
maintainers = [ mattchrist ];
};
machine = { pkgs, ... }:
{
nixpkgs.config.allowUnfree = true;
hardware.sane = {
enable = true;
brscan5 = {
enable = true;
netDevices = {
"a" = { model="ADS-1200"; nodename="BRW0080927AFBCE"; };
"b" = { model="ADS-1200"; ip="192.168.1.2"; };
};
};
};
};
testScript = ''
# sane loads libsane-brother5.so.1 successfully, and scanimage doesn't die
strace = machine.succeed('strace scanimage -L 2>&1').split("\n")
regexp = 'openat\(.*libsane-brother5.so.1", O_RDONLY|O_CLOEXEC\) = \d\d*$'
assert len([x for x in strace if re.match(regexp,x)]) > 0
# module creates a config
cfg = machine.succeed('cat /etc/opt/brother/scanner/brscan5/brsanenetdevice.cfg')
assert 'DEVICE=a , "ADS-1200" , 0x4f9:0x459 , NODENAME=BRW0080927AFBCE' in cfg
assert 'DEVICE=b , "ADS-1200" , 0x4f9:0x459 , IP-ADDRESS=192.168.1.2' in cfg
# scanimage lists the two network scanners
scanimage = machine.succeed("scanimage -L")
print(scanimage)
assert """device `brother5:net1;dev0' is a Brother b ADS-1200""" in scanimage
assert """device `brother5:net1;dev1' is a Brother a ADS-1200""" in scanimage
'';
})

6
nixos/tests/cage.nix
View File

@ -18,10 +18,8 @@ import ./make-test-python.nix ({ pkgs, ...} :
};
virtualisation.memorySize = 1024;
# Need to switch to a different VGA card / GPU driver because Cage segfaults with the default one (std):
# machine # [ 14.355893] .cage-wrapped[736]: segfault at 20 ip 00007f035fa0d8c7 sp 00007ffce9e4a2f0 error 4 in libwlroots.so.8[7f035fa07000+5a000]
# machine # [ 14.358108] Code: 4f a8 ff ff eb aa 0f 1f 44 00 00 c3 0f 1f 80 00 00 00 00 41 54 49 89 f4 55 31 ed 53 48 89 fb 48 8d 7f 18 48 8d 83 b8 00 00 00 <80> 7f 08 00 75 0d 48 83 3f 00 0f 85 91 00 00 00 48 89 fd 48 83 c7
virtualisation.qemu.options = [ "-vga virtio" ];
# Need to switch to a different GPU driver than the default one (-vga std) so that Cage can launch:
virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ];
};
enableOCR = true;

4
nixos/tests/cagebreak.nix
View File

@ -36,8 +36,8 @@ in
environment.systemPackages = [ pkgs.cagebreak pkgs.wayland-utils ];
virtualisation.memorySize = 1024;
# Need to switch to a different VGA card / GPU driver than the default one (std) so that Cagebreak can launch:
virtualisation.qemu.options = [ "-vga virtio" ];
# Need to switch to a different GPU driver than the default one (-vga std) so that Cagebreak can launch:
virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ];
};
enableOCR = true;

2
nixos/tests/discourse.nix
View File

@ -51,6 +51,8 @@ import ./make-test-python.nix (
environment.systemPackages = [ pkgs.jq ];
services.postgresql.package = pkgs.postgresql_13;
services.discourse = {
enable = true;
inherit admin;

14
nixos/tests/docker-tools.nix
View File

@ -20,6 +20,20 @@ import ./make-test-python.nix ({ pkgs, ... }: {
docker.wait_for_unit("sockets.target")
with subtest("includeStorePath"):
with subtest("assumption"):
docker.succeed("${examples.helloOnRoot} | docker load")
docker.succeed("set -euo pipefail; docker run --rm hello | grep -i hello")
docker.succeed("docker image rm hello:latest")
with subtest("includeStorePath = false; breaks example"):
docker.succeed("${examples.helloOnRootNoStore} | docker load")
docker.fail("set -euo pipefail; docker run --rm hello | grep -i hello")
docker.succeed("docker image rm hello:latest")
with subtest("includeStorePath = false; works with mounted store"):
docker.succeed("${examples.helloOnRootNoStore} | docker load")
docker.succeed("set -euo pipefail; docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello")
docker.succeed("docker image rm hello:latest")
with subtest("Ensure Docker images use a stable date by default"):
docker.succeed(
"docker load --input='${examples.bash}'"

46
nixos/tests/plausible.nix Normal file
View File

@ -0,0 +1,46 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "plausible";
meta = with lib.maintainers; {
maintainers = [ ma27 ];
};
machine = { pkgs, ... }: {
virtualisation.memorySize = 4096;
services.plausible = {
enable = true;
adminUser = {
email = "admin@example.org";
passwordFile = "${pkgs.writeText "pwd" "foobar"}";
activate = true;
};
server = {
baseUrl = "http://localhost:8000";
secretKeybaseFile = "${pkgs.writeText "dont-try-this-at-home" "nannannannannannannannannannannannannannannannannannannan_batman!"}";
};
};
};
testScript = ''
start_all()
machine.wait_for_unit("plausible.service")
machine.wait_for_open_port(8000)
machine.succeed("curl -f localhost:8000 >&2")
csrf_token = machine.succeed(
"curl -c /tmp/cookies localhost:8000/login | grep '_csrf_token' | sed -E 's,.*value=\"(.*)\".*,\\1,g'"
)
machine.succeed(
f"curl -b /tmp/cookies -f -X POST localhost:8000/login -F email=admin@example.org -F password=foobar -F _csrf_token={csrf_token.strip()} -D headers"
)
# By ensuring that the user is redirected to the dashboard after login, we
# also make sure that the automatic verification of the module works.
machine.succeed(
"[[ $(grep 'location: ' headers | cut -d: -f2- | xargs echo) == /sites* ]]"
)
machine.shutdown()
'';
})

42
nixos/tests/podman-dnsname.nix Normal file
View File

@ -0,0 +1,42 @@
import ./make-test-python.nix (
{ pkgs, lib, ... }:
let
inherit (pkgs) writeTextDir python3 curl;
webroot = writeTextDir "index.html" "<h1>Hi</h1>";
in
{
name = "podman-dnsname";
meta = {
maintainers = with lib.maintainers; [ roberth ] ++ lib.teams.podman.members;
};
nodes = {
podman = { pkgs, ... }: {
virtualisation.podman.enable = true;
virtualisation.podman.defaultNetwork.dnsname.enable = true;
};
};
testScript = ''
podman.wait_for_unit("sockets.target")
with subtest("DNS works"): # also tests inter-container tcp routing
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
podman.succeed(
"podman run -d --name=webserver -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin -w ${webroot} scratchimg ${python3}/bin/python -m http.server 8000"
)
podman.succeed("podman ps | grep webserver")
podman.succeed("""
for i in `seq 0 120`; do
podman run --rm --name=client -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg ${curl}/bin/curl http://webserver:8000 >/dev/console \
&& exit 0
sleep 0.5
done
exit 1
""")
podman.succeed("podman stop webserver")
podman.succeed("podman rm webserver")
'';
}
)

150
nixos/tests/podman-tls-ghostunnel.nix Normal file
View File

@ -0,0 +1,150 @@
/*
This test runs podman as a backend for the Docker CLI.
*/
import ./make-test-python.nix (
{ pkgs, lib, ... }:
let gen-ca = pkgs.writeScript "gen-ca" ''
# Create CA
PATH="${pkgs.openssl}/bin:$PATH"
openssl genrsa -out ca-key.pem 4096
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -subj '/C=NL/ST=Zuid-Holland/L=The Hague/O=Stevige Balken en Planken B.V./OU=OpSec/CN=Certificate Authority' -out ca.pem
# Create service
openssl genrsa -out podman-key.pem 4096
openssl req -subj '/CN=podman' -sha256 -new -key podman-key.pem -out service.csr
echo subjectAltName = DNS:podman,IP:127.0.0.1 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days 365 -sha256 -in service.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out podman-cert.pem -extfile extfile.cnf
# Create client
openssl genrsa -out client-key.pem 4096
openssl req -subj '/CN=client' -new -key client-key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem -extfile extfile-client.cnf
# Create CA 2
PATH="${pkgs.openssl}/bin:$PATH"
openssl genrsa -out ca-2-key.pem 4096
openssl req -new -x509 -days 365 -key ca-2-key.pem -sha256 -subj '/C=NL/ST=Zuid-Holland/L=The Hague/O=Stevige Balken en Planken B.V./OU=OpSec/CN=Certificate Authority' -out ca-2.pem
# Create client signed by CA 2
openssl genrsa -out client-2-key.pem 4096
openssl req -subj '/CN=client' -new -key client-2-key.pem -out client-2.csr
echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days 365 -sha256 -in client-2.csr -CA ca-2.pem -CAkey ca-2-key.pem -CAcreateserial -out client-2-cert.pem -extfile extfile-client.cnf
'';
in
{
name = "podman-tls-ghostunnel";
meta = {
maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
};
nodes = {
podman =
{ pkgs, ... }:
{
virtualisation.podman.enable = true;
virtualisation.podman.dockerSocket.enable = true;
virtualisation.podman.networkSocket = {
enable = true;
openFirewall = true;
server = "ghostunnel";
tls.cert = "/root/podman-cert.pem";
tls.key = "/root/podman-key.pem";
tls.cacert = "/root/ca.pem";
};
environment.systemPackages = [
pkgs.docker-client
];
users.users.alice = {
isNormalUser = true;
home = "/home/alice";
description = "Alice Foobar";
extraGroups = ["podman"];
};
};
client = { ... }: {
environment.systemPackages = [
# Installs the docker _client_ only
# Normally, you'd want `virtualisation.docker.enable = true;`.
pkgs.docker-client
];
environment.variables.DOCKER_HOST = "podman:2376";
environment.variables.DOCKER_TLS_VERIFY = "1";
};
};
testScript = ''
import shlex
def su_cmd(user, cmd):
cmd = shlex.quote(cmd)
return f"su {user} -l -c {cmd}"
def cmd(command):
print(f"+{command}")
r = os.system(command)
if r != 0:
raise Exception(f"Command {command} failed with exit code {r}")
start_all()
cmd("${gen-ca}")
podman.copy_from_host("ca.pem", "/root/ca.pem")
podman.copy_from_host("podman-cert.pem", "/root/podman-cert.pem")
podman.copy_from_host("podman-key.pem", "/root/podman-key.pem")
client.copy_from_host("ca.pem", "/root/.docker/ca.pem")
# client.copy_from_host("podman-cert.pem", "/root/podman-cert.pem")
client.copy_from_host("client-cert.pem", "/root/.docker/cert.pem")
client.copy_from_host("client-key.pem", "/root/.docker/key.pem")
# TODO (ghostunnel): add file watchers so the restart isn't necessary
podman.succeed("systemctl reset-failed && systemctl restart ghostunnel-server-podman-socket.service")
podman.wait_for_unit("sockets.target")
podman.wait_for_unit("ghostunnel-server-podman-socket.service")
with subtest("Create default network"):
podman.succeed("docker network create default")
with subtest("Root docker cli also works"):
podman.succeed("docker version")
with subtest("A podman member can also still use the docker cli"):
podman.succeed(su_cmd("alice", "docker version"))
with subtest("Run container remotely via docker cli"):
client.succeed("docker version")
# via socket would be nicer
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
client.succeed(
"docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
)
client.succeed("docker ps | grep sleeping")
podman.succeed("docker ps | grep sleeping")
client.succeed("docker stop sleeping")
client.succeed("docker rm sleeping")
with subtest("Clients without cert will be denied"):
client.succeed("rm /root/.docker/{cert,key}.pem")
client.fail("docker version")
with subtest("Clients with wrong cert will be denied"):
client.copy_from_host("client-2-cert.pem", "/root/.docker/cert.pem")
client.copy_from_host("client-2-key.pem", "/root/.docker/key.pem")
client.fail("docker version")
'';
}
)

38
nixos/tests/podman.nix
View File

@ -13,10 +13,23 @@ import ./make-test-python.nix (
{
virtualisation.podman.enable = true;
# To test docker socket support
virtualisation.podman.dockerSocket.enable = true;
environment.systemPackages = [
pkgs.docker-client
];
users.users.alice = {
isNormalUser = true;
home = "/home/alice";
description = "Alice Foobar";
extraGroups = [ "podman" ];
};
users.users.mallory = {
isNormalUser = true;
home = "/home/mallory";
description = "Mallory Foobar";
};
};
@ -26,9 +39,9 @@ import ./make-test-python.nix (
import shlex
def su_cmd(cmd):
def su_cmd(cmd, user = "alice"):
cmd = shlex.quote(cmd)
return f"su alice -l -c {cmd}"
return f"su {user} -l -c {cmd}"
podman.wait_for_unit("sockets.target")
@ -105,6 +118,27 @@ import ./make-test-python.nix (
assert pid == "1"
pid = podman.succeed("podman run --rm --init busybox readlink /proc/self").strip()
assert pid == "2"
with subtest("A podman member can use the docker cli"):
podman.succeed(su_cmd("docker version"))
with subtest("Run container via docker cli"):
podman.succeed("docker network create default")
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
podman.succeed(
"docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
)
podman.succeed("docker ps | grep sleeping")
podman.succeed("podman ps | grep sleeping")
podman.succeed("docker stop sleeping")
podman.succeed("docker rm sleeping")
podman.succeed("docker network rm default")
with subtest("A podman non-member can not use the docker cli"):
podman.fail(su_cmd("docker version", user="mallory"))
# TODO: add docker-compose test
'';
}
)

4
nixos/tests/sway.nix
View File

@ -42,8 +42,8 @@ import ./make-test-python.nix ({ pkgs, lib, ...} :
programs.gnupg.agent.enable = true;
virtualisation.memorySize = 1024;
# Need to switch to a different VGA card / GPU driver than the default one (std) so that Sway can launch:
virtualisation.qemu.options = [ "-vga virtio" ];
# Need to switch to a different GPU driver than the default one (-vga std) so that Sway can launch:
virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ];
};
enableOCR = true;

4
pkgs/applications/audio/bjumblr/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "BJumblr";
version = "1.4.2";
version = "1.6.6";
src = fetchFromGitHub {
owner = "sjaehn";
repo = pname;
rev = version;
sha256 = "0kl6hrxmqrdf0195bfnzsa2h1073fgiqrfhg2276fm1954sm994v";
sha256 = "1nbxi54023vck3qgmr385cjzinmdnvz62ywb6bcksmc3shl080mg";
};
nativeBuildInputs = [ pkg-config ];

10
pkgs/applications/audio/goattracker/default.nix
View File

@ -27,16 +27,16 @@ let
in stdenv.mkDerivation rec {
inherit pname;
version = if isStereo
then "2.76" # stereo
else "2.75"; # normal
then "2.77" # stereo
else "2.76"; # normal
src = fetchurl {
url = "mirror://sourceforge/goattracker2/GoatTracker_${version}${optionalString isStereo "_Stereo"}.zip";
sha256 = if isStereo
then "12cz3780x5k047jqdv69n6rjgbfiwv67z850kfl4i37lxja432l7" # stereo
else "1km97nl7qvk6qc5l5j69wncbm76hf86j47sgzgr968423g0bxxlk"; # normal
then "1hiig2d152sv9kazwz33i56x1c54h5sh21ipkqnp6qlnwj8x1ksy" # stereo
else "0d7a3han4jw4bwiba3j87racswaajgl3pj4sb5lawdqdxicv3dn1"; # normal
};
sourceRoot = (if isStereo then "gt2stereo/trunk" else "goattrk2") + "/src";
sourceRoot = "src";
nativeBuildInputs = [ copyDesktopItems unzip imagemagick ];
buildInputs = [ SDL ];

6
pkgs/applications/audio/gxplugins-lv2/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "GxPlugins.lv2";
version = "0.8";
version = "0.9";
src = fetchFromGitHub {
owner = "brummer10";
repo = pname;
rev = "v${version}";
sha256 = "11iv7bwvvspm74pisqvcpsxpg9xi6b08hq4i8q67mri4mvy9hmal";
sha256 = "02fksl8wr443ygwgcd1c2zab8kp67a6ps12k71ysqx7szv4zq877";
fetchSubmodules = true;
};
@ -29,6 +29,6 @@ stdenv.mkDerivation rec {
homepage = "https://github.com/brummer10/GxPlugins.lv2";
description = "A set of extra lv2 plugins from the guitarix project";
maintainers = [ maintainers.magnetophon ];
license = licenses.gpl3;
license = licenses.gpl3Plus;
};
}

4
pkgs/applications/audio/helio-workstation/default.nix
View File

@ -5,14 +5,14 @@
stdenv.mkDerivation rec {
pname = "helio-workstation";
version = "3.4";
version = "3.6";
src = fetchFromGitHub {
owner = "helio-fm";
repo = pname;
rev = version;
fetchSubmodules = true;
sha256 = "sha256-zXsDu/xi7OV6VtnZK9ZJ8uwPeA5uTgNpAQsqe90iwG4=";
sha256 = "sha256-qW39g6rQ5VPQ3Hx9NmwLbpZiITnzFZDZlcLkE+pJKPc=";
};
buildInputs = [

30
pkgs/applications/audio/molot-lite/default.nix
View File

@ -1,35 +1,31 @@
{ lib, stdenv, fetchurl, unzip, lv2 }:
{ lib, stdenv, fetchFromGitHub, lv2 }:
stdenv.mkDerivation rec {
stdenv.mkDerivation {
pname = "molot-lite";
version = "unstable-2014-04-23";
version = "1.0.0";
src = fetchurl {
# fetchzip does not accept urls that do not end with .zip.
url = "https://sourceforge.net/p/molot/code/ci/c4eddc426f8d5821e8ebcf1d67265365e4c8c52a/tree/molot_src.zip?format=raw";
sha256 = "1c47dwfgrmn9459px8s5zikcqyr0777v226qzcxlr6azlcjwr51b";
src = fetchFromGitHub {
owner = "magnetophon";
repo = pname;
rev = version;
sha256 = "0xbvicfk1rgp01nlg6hlym9bnygry0nrbv88mv7w6hnacvl63ba4";
};
nativeBuildInputs = [ unzip ];
buildInputs = [ lv2 ];
unpackPhase = ''
unzip $src
'';
buildPhase = ''
make -C Molot_Mono_Lite
make -C Molot_Stereo_Lite
'';
makeFlags = [ "INSTALL_DIR=$out/lib/lv2" ];
installPhase = ''
runHook preInstall
make install INSTALL_DIR=$out/lib/lv2 -C Molot_Mono_Lite
make install INSTALL_DIR=$out/lib/lv2 -C Molot_Stereo_Lite
runHook postInstall
'';
meta = with lib; {
description = "Stereo and mono audio signal dynamic range compressor in LV2 format";
homepage = "https://sourceforge.net/projects/molot/";
homepage = "https://github.com/magnetophon/molot-lite";
license = licenses.gpl3Plus;
maintainers = [ maintainers.magnetophon ];
platforms = platforms.linux;

6
pkgs/applications/audio/ncspot/default.nix
View File

@ -14,16 +14,16 @@ let
in
rustPlatform.buildRustPackage rec {
pname = "ncspot";
version = "0.7.1";
version = "0.7.2";
src = fetchFromGitHub {
owner = "hrkfdn";
repo = "ncspot";
rev = "v${version}";
sha256 = "1qhdhybbgnn7ky9qdxwi07flwzjagp22qmlccbz1z3lhznm9a971";
sha256 = "0ww7ipyvcdphbkzjpvdqs1s3bqk3rj3jdy1n3bnk76csw9vgn2zi";
};
cargoSha256 = "1kv37ib0klykmjabm1qyz55frs7djkx225alj4rk4a92xq9m8i9v";
cargoSha256 = "1mrjp5p3iryxzgg6ca9zjwm8n6w0ljs108ll0wkwgfih6rip7ba4";
cargoBuildFlags = [ "--no-default-features" "--features" "${lib.concatStringsSep "," features}" ];

43
pkgs/applications/audio/quadrafuzz/default.nix Normal file
View File

@ -0,0 +1,43 @@
{ stdenv, lib, fetchFromGitHub, boost, cairo, lv2, pkg-config }:
stdenv.mkDerivation rec {
pname = "quadrafuzz";
version = "0.1.1";
src = fetchFromGitHub {
owner = "jpcima";
repo = pname;
rev = "v${version}";
sha256 = "1kjsf7il9krihwlrq08gk2xvil4b4q5zd87nnm103hby2w7ws7z1";
fetchSubmodules = true;
};
postPatch = ''
patchShebangs ./dpf/utils/generate-ttl.sh
'';
nativeBuildInputs = [ pkg-config ];
buildInputs = [
boost cairo lv2
];
makeFlags = [
"PREFIX=$(out)"
];
installPhase = ''
runHook preInstall
mkdir -p $out/lib/lv2
cp -r bin/quadrafuzz.lv2/ $out/lib/lv2
runHook postInstall
'';
meta = with lib; {
homepage = "https://github.com/jpcima/quadrafuzz";
description = "Multi-band fuzz distortion plugin";
maintainers = [ maintainers.magnetophon ];
platforms = platforms.linux;
license = licenses.gpl3Plus;
};
}

10
pkgs/applications/audio/quodlibet/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl, python3, wrapGAppsHook, gettext, libsoup, gnome, gtk3, gdk-pixbuf, librsvg,
{ lib, fetchurl, python3, wrapGAppsHook, gettext, libsoup, gnome, gtk3, gdk-pixbuf, librsvg,
tag ? "", xvfb-run, dbus, glibcLocales, glib, glib-networking, gobject-introspection, hicolor-icon-theme,
gst_all_1, withGstPlugins ? true,
xineBackend ? false, xine-lib,
@ -9,15 +9,13 @@
let optionals = lib.optionals; in
python3.pkgs.buildPythonApplication rec {
pname = "quodlibet${tag}";
version = "4.3.0";
version = "4.4.0";
src = fetchurl {
url = "https://github.com/quodlibet/quodlibet/releases/download/release-${version}/quodlibet-${version}.tar.gz";
sha256 = "1q17ckblfa4fcs7wsjwsq1dj7360ymrdyjkyqmj864wzlqkw1rd2";
sha256 = "sha256-oDMY0nZ+SVlVF2PQqH+tl3OHr3EmCP5XJxQXaiS782c=";
};
patches = [ ./quodlibet-feedparser6.patch ];
nativeBuildInputs = [ wrapGAppsHook gettext ];
checkInputs = [ gdk-pixbuf hicolor-icon-theme ] ++ (with python3.pkgs; [ pytest pytest_xdist polib xvfb-run dbus.daemon glibcLocales ]);
@ -50,8 +48,6 @@ python3.pkgs.buildPythonApplication rec {
checkPhase = ''
runHook preCheck
# newer gettext spews some warnings which fail the tests
substituteInPlace tests/test_po.py --replace "strict=True" "strict=False"
# otherwise tests can't find the app icons; instead of creating index.theme from scratch
# I re-used the one from hicolor-icon-theme which seems to work
cp "${hicolor-icon-theme}/share/icons/hicolor/index.theme" quodlibet/images/hicolor

12
pkgs/applications/audio/quodlibet/quodlibet-feedparser6.patch
View File

@ -1,12 +0,0 @@
Support feedparser 6, based on https://github.com/quodlibet/quodlibet/pull/3464
--- a/quodlibet/browsers/audiofeeds.py
+++ b/quodlibet/browsers/audiofeeds.py
@@ -137,7 +137,4 @@ class Feed(list):
def parse(self):
try:
- if not self._check_feed():
- return False
-
doc = feedparser.parse(self.uri)
except Exception as e:

32
pkgs/applications/audio/rymcast/default.nix Normal file
View File

@ -0,0 +1,32 @@
{ lib, stdenv, fetchzip, autoPatchelfHook, makeWrapper
, alsaLib, curl, gtk3, webkitgtk, zenity }:
stdenv.mkDerivation rec {
pname = "rymcast";
version = "1.0.6";
src = fetchzip {
url = "https://www.inphonik.com/files/rymcast/rymcast-${version}-linux-x64.tar.gz";
hash = "sha256:0vjjhfrwdibjjgz3awbg30qxkjrzc4cya1f4pigwjh3r0vvrq0ga";
stripRoot = false;
};
nativeBuildInputs = [ autoPatchelfHook makeWrapper ];
buildInputs = [ alsaLib curl gtk3 stdenv.cc.cc.lib webkitgtk zenity ];
installPhase = ''
mkdir -p "$out/bin"
cp RYMCast "$out/bin/"
wrapProgram "$out/bin/RYMCast" \
--set PATH "${lib.makeBinPath [ zenity ]}"
'';
meta = with lib; {
description = "Player for Mega Drive/Genesis VGM files";
homepage = "https://www.inphonik.com/products/rymcast-genesis-vgm-player/";
license = licenses.unfree;
platforms = [ "x86_64-linux" ];
maintainers = with maintainers; [ astsmtl ];
};
}

20
pkgs/applications/audio/schismtracker/default.nix
View File

@ -1,19 +1,25 @@
{ lib, stdenv, fetchFromGitHub
{ lib
, stdenv
, fetchFromGitHub
, autoreconfHook
, alsaLib, python, SDL }:
, alsaLib
, python
, SDL
}:
stdenv.mkDerivation rec {
pname = "schismtracker";
version = "20200412";
version = "20210525";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = version;
sha256 = "1n6cgjiw3vkv7a1h1nki5syyjxjb6icknr9s049w2jrag10bxssn";
sha256 = "06ybkbqry7f7lmzgwb9s7ipafshl5gdj98lcjsjkcbnywj8r9b3h";
};
configureFlags = [ "--enable-dependency-tracking" ];
configureFlags = [ "--enable-dependency-tracking" ]
++ lib.optional stdenv.isDarwin "--disable-sdltest";
nativeBuildInputs = [ autoreconfHook python ];
@ -22,8 +28,8 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Music tracker application, free reimplementation of Impulse Tracker";
homepage = "http://schismtracker.org/";
license = licenses.gpl2;
platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" ];
license = licenses.gpl2Plus;
platforms = platforms.unix;
maintainers = with maintainers; [ ftrvxmtrx ];
};
}

79
pkgs/applications/audio/spot/default.nix Normal file
View File

@ -0,0 +1,79 @@
{ lib
, stdenv
, fetchFromGitHub
, nix-update-script
, meson
, ninja
, gettext
, python3
, desktop-file-utils
, rustPlatform
, pkg-config
, glib
, libhandy
, gtk3
, openssl
, alsaLib
, libpulseaudio
, wrapGAppsHook
}:
stdenv.mkDerivation rec {
pname = "spot";
version = "0.1.14";
src = fetchFromGitHub {
owner = "xou816";
repo = "spot";
rev = version;
sha256 = "eHhbm1amTx3ngqsP32uDEdrhrBeurMftg5SToTQGX9o=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
hash = "sha256-jY7pWoY9IJi5hHVRS1gQKb+Vmfc+wxHvoAwupOtXXQs=";
};
nativeBuildInputs = [
gettext
meson
ninja
pkg-config
python3 # for meson postinstall script
gtk3 # for gtk-update-icon-cache
glib # for glib-compile-schemas
desktop-file-utils
rustPlatform.rust.cargo
rustPlatform.cargoSetupHook
rustPlatform.rust.rustc
wrapGAppsHook
];
buildInputs = [
glib
gtk3
libhandy
openssl
alsaLib
libpulseaudio
];
postPatch = ''
chmod +x build-aux/cargo.sh
patchShebangs build-aux/cargo.sh build-aux/meson/postinstall.py
'';
passthru = {
updateScript = nix-update-script {
attrPath = pname;
};
};
meta = with lib; {
description = "Native Spotify client for the GNOME desktop";
homepage = "https://github.com/xou816/spot";
license = licenses.mit;
maintainers = with maintainers; [ jtojnar ];
};
}

53
pkgs/applications/audio/whipper/default.nix
View File

@ -1,7 +1,17 @@
{ lib, fetchFromGitHub, python3, cdparanoia, cdrdao, flac
, sox, accuraterip-checksum, libsndfile, util-linux, substituteAll }:
{ lib
, python3
, fetchFromGitHub
, libcdio-paranoia
, cdrdao
, libsndfile
, flac
, sox
, util-linux
}:
python3.pkgs.buildPythonApplication rec {
let
bins = [ libcdio-paranoia cdrdao flac sox util-linux ];
in python3.pkgs.buildPythonApplication rec {
pname = "whipper";
version = "0.10.0";
@ -12,44 +22,43 @@ python3.pkgs.buildPythonApplication rec {
sha256 = "00cq03cy5dyghmibsdsq5sdqv3bzkzhshsng74bpnb5lasxp3ia5";
};
pythonPath = with python3.pkgs; [
nativeBuildInputs = with python3.pkgs; [
setuptools_scm
docutils
];
propagatedBuildInputs = with python3.pkgs; [
musicbrainzngs
mutagen
pycdio
pygobject3
requests
ruamel_yaml
setuptools
setuptools_scm
discid
pillow
];
buildInputs = [ libsndfile ];
checkInputs = with python3.pkgs; [
twisted
];
patches = [
(substituteAll {
src = ./paths.patch;
inherit cdparanoia;
})
];
] ++ bins;
makeWrapperArgs = [
"--prefix" "PATH" ":" (lib.makeBinPath [ accuraterip-checksum cdrdao util-linux flac sox ])
"--prefix" "PATH" ":" (lib.makeBinPath bins)
];
preBuild = ''
export SETUPTOOLS_SCM_PRETEND_VERSION="${version}"
'';
# some tests require internet access
# https://github.com/JoeLametta/whipper/issues/291
doCheck = false;
preCheck = ''
HOME=$TMPDIR
checkPhase = ''
runHook preCheck
# disable tests that require internet access
# https://github.com/JoeLametta/whipper/issues/291
substituteInPlace whipper/test/test_common_accurip.py \
--replace "test_AccurateRipResponse" "dont_test_AccurateRipResponse"
HOME=$TMPDIR ${python3.interpreter} -m unittest discover
runHook postCheck
'';
meta = with lib; {

32
pkgs/applications/audio/whipper/paths.patch
View File

@ -1,32 +0,0 @@
--- a/whipper/program/cdparanoia.py
+++ b/whipper/program/cdparanoia.py
@@ -280,10 +280,10 @@
bufsize = 1024
if self._overread:
- argv = ["cd-paranoia", "--stderr-progress",
+ argv = ["@cdparanoia@/bin/cdparanoia", "--stderr-progress",
"--sample-offset=%d" % self._offset, "--force-overread", ]
else:
- argv = ["cd-paranoia", "--stderr-progress",
+ argv = ["@cdparanoia@/bin/cdparanoia", "--stderr-progress",
"--sample-offset=%d" % self._offset, ]
if self._device:
argv.extend(["--force-cdrom-device", self._device, ])
@@ -560,7 +560,7 @@
def getCdParanoiaVersion():
getter = common.VersionGetter('cd-paranoia',
- ["cd-paranoia", "-V"],
+ ["@cdparanoia@/bin/cdparanoia", "-V"],
_VERSION_RE,
"%(version)s %(release)s")
@@ -585,7 +585,7 @@
def __init__(self, device=None):
# cdparanoia -A *always* writes cdparanoia.log
self.cwd = tempfile.mkdtemp(suffix='.whipper.cache')
- self.command = ['cd-paranoia', '-A']
+ self.command = ['@cdparanoia@/bin/cdparanoia', '-A']
if device:
self.command += ['-d', device]

6
pkgs/applications/backup/pika-backup/default.nix
View File

@ -19,20 +19,20 @@
stdenv.mkDerivation rec {
pname = "pika-backup";
version = "0.3.1";
version = "0.3.2";
src = fetchFromGitLab {
domain = "gitlab.gnome.org";
owner = "World";
repo = "pika-backup";
rev = "v${version}";
sha256 = "0cr3axfp15nzwmsqyz6j781qhr2gsn9p69m0jfzy89pl83d6vcz0";
sha256 = "sha256-dKVyvB4s1MZHri0dFJDBUXQKsi2KgP30ZhsJ486M+og=";
};
cargoDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}";
sha256 = "1z0cbrkhxyzwf7vjjsvdppb7zhflpkw4m5cy90a2315nbll3hpbp";
sha256 = "1vsh8vqgmfady82d7wfxkknmrp7mq7nizpif2zwg3kqbl964mp3y";
};
patches = [

4
pkgs/applications/blockchains/ergo/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "ergo";
version = "4.0.10";
version = "4.0.11";
src = fetchurl {
url = "https://github.com/ergoplatform/ergo/releases/download/v${version}/ergo-${version}.jar";
sha256 = "sha256-o3+yL81WO5/UGh0gl4MOewPHTDch/Vij8mzZWOlEkjg=";
sha256 = "sha256-GzpYwytkWZBEIVmsOmK5RTJ7lPUfDeC1204FbK4O+XQ=";
};
nativeBuildInputs = [ makeWrapper ];

6
pkgs/applications/blockchains/polkadot/default.nix
View File

@ -7,16 +7,16 @@
}:
rustPlatform.buildRustPackage rec {
pname = "polkadot";
version = "0.9.2";
version = "0.9.3";
src = fetchFromGitHub {
owner = "paritytech";
repo = "polkadot";
rev = "v${version}";
sha256 = "sha256-lxkLRJYdP30JNDHwa7tpugyIObmnjIBQ/HMGw6deElo=";
sha256 = "sha256-BxBrgcAJm6KM6ha494xlwiLYOSAr71gDFgqlH5RPqMM=";
};
cargoSha256 = "0gg42b6h8782wny3dr9gc38wl6bybyf4smashchgrpc649ds6w0a";
cargoSha256 = "131fkdazcspblzblmd9nhkymwn7qh6lhaqvi1jqnsq4951l9f4ms";
nativeBuildInputs = [ clang ];

6
pkgs/applications/editors/emacs/elisp-packages/melpa-packages.nix
View File

@ -80,8 +80,8 @@ let
auto-complete-clang-async = super.auto-complete-clang-async.overrideAttrs (old: {
buildInputs = old.buildInputs ++ [ pkgs.llvmPackages.llvm ];
CFLAGS = "-I${pkgs.llvmPackages.clang}/include";
LDFLAGS = "-L${pkgs.llvmPackages.clang}/lib";
CFLAGS = "-I${pkgs.llvmPackages.libclang.lib}/include";
LDFLAGS = "-L${pkgs.llvmPackages.libclang.lib}/lib";
});
# part of a larger package
@ -195,7 +195,7 @@ let
dontUseCmakeBuildDir = true;
doCheck = true;
packageRequires = [ self.emacs ];
nativeBuildInputs = [ pkgs.cmake pkgs.llvmPackages.llvm pkgs.llvmPackages.clang ];
nativeBuildInputs = [ pkgs.cmake pkgs.llvmPackages.llvm pkgs.llvmPackages.libclang ];
});
# tries to write a log file to $HOME

28
pkgs/applications/editors/jetbrains/default.nix
View File

@ -242,12 +242,12 @@ in
clion = buildClion rec {
name = "clion-${version}";
version = "2021.1.1"; /* updated by script */
version = "2021.1.2"; /* updated by script */
description = "C/C++ IDE. New. Intelligent. Cross-platform";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/cpp/CLion-${version}.tar.gz";
sha256 = "0xzlkf3gq6fcb0q9mcj8k39880l8h21pb1lz0xl2dqj8cfwpws9h"; /* updated by script */
sha256 = "1zx9qwjx7hwjq25y474yj7sxvp9bqnq9l53afs6d4h6131lhjkcz"; /* updated by script */
};
wmClass = "jetbrains-clion";
update-channel = "CLion RELEASE"; # channel's id as in http://www.jetbrains.com/updates/updates.xml
@ -255,12 +255,12 @@ in
datagrip = buildDataGrip rec {
name = "datagrip-${version}";
version = "2021.1.1"; /* updated by script */
version = "2021.1.2"; /* updated by script */
description = "Your Swiss Army Knife for Databases and SQL";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/datagrip/${name}.tar.gz";
sha256 = "0smg0qbk3mnm2543w0nlvnyvbwmprf0p3z2spwrmcmfagv50crrx"; /* updated by script */
sha256 = "1znb4m7sv7xqi1mq3yw0m51m06wfwmhhxmvck0xkv8s0cfg18qim"; /* updated by script */
};
wmClass = "jetbrains-datagrip";
update-channel = "DataGrip RELEASE";
@ -268,12 +268,12 @@ in
goland = buildGoland rec {
name = "goland-${version}";
version = "2021.1.1"; /* updated by script */
version = "2021.1.2"; /* updated by script */
description = "Up and Coming Go IDE";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/go/${name}.tar.gz";
sha256 = "02fyrq4px9w34amincgjgm6maxpxn445j5h4nfbskx7z428ynx25"; /* updated by script */
sha256 = "0g20r7yn4r2h08wv3i8bnnma8x4jljixsbmfml8kixk0pzfhv4px"; /* updated by script */
};
wmClass = "jetbrains-goland";
update-channel = "GoLand RELEASE";
@ -281,12 +281,12 @@ in
idea-community = buildIdea rec {
name = "idea-community-${version}";
version = "2021.1.1"; /* updated by script */
version = "2021.1.2"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
license = lib.licenses.asl20;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
sha256 = "1say19p7kgx4b2ccs9bv61phllzhl8gmrd1fp1a5cnagya7vl1c5"; /* updated by script */
sha256 = "03i5f6p0abr9yfs9fg90fg7hb1a7zar9q4d4iiag30cmndwpslg2"; /* updated by script */
};
wmClass = "jetbrains-idea-ce";
update-channel = "IntelliJ IDEA RELEASE";
@ -294,12 +294,12 @@ in
idea-ultimate = buildIdea rec {
name = "idea-ultimate-${version}";
version = "2021.1.1"; /* updated by script */
version = "2021.1.2"; /* updated by script */
description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/idea/ideaIU-${version}-no-jbr.tar.gz";
sha256 = "19zi4njz79z8gi458kz1m0sia79y3rhbayix4rmh93mwfc0npkii"; /* updated by script */
sha256 = "0mw4acaik1bkr7gqbwgs3i8f8px8zw95hm1zxgd5gd5kh88n17x5"; /* updated by script */
};
wmClass = "jetbrains-idea";
update-channel = "IntelliJ IDEA RELEASE";
@ -359,12 +359,12 @@ in
rider = buildRider rec {
name = "rider-${version}";
version = "2021.1.2"; /* updated by script */
version = "2021.1.3"; /* updated by script */
description = "A cross-platform .NET IDE based on the IntelliJ platform and ReSharper";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/rider/JetBrains.Rider-${version}.tar.gz";
sha256 = "1a28pi18j0cb2wxhw1vnfg9gqsgf2kyfg0hl4xgqp50gzv7i3aam"; /* updated by script */
sha256 = "0k2vpndpachq6g767v2dwfa3xc8mssv0i7wwpm05dgqirpn4n0dw"; /* updated by script */
};
wmClass = "jetbrains-rider";
update-channel = "Rider RELEASE";
@ -385,12 +385,12 @@ in
webstorm = buildWebStorm rec {
name = "webstorm-${version}";
version = "2021.1.1"; /* updated by script */
version = "2021.1.2"; /* updated by script */
description = "Professional IDE for Web and JavaScript development";
license = lib.licenses.unfree;
src = fetchurl {
url = "https://download.jetbrains.com/webstorm/WebStorm-${version}.tar.gz";
sha256 = "1hici40qsxj2fw29g68i6hr1vhr0h7xrlhkialy74ah53wi7myz1"; /* updated by script */
sha256 = "0q4hn6npm0c30v23d30dnphd6wajif0im1b9vjwa121lqi997l34"; /* updated by script */
};
wmClass = "jetbrains-webstorm";
update-channel = "WebStorm RELEASE";

17
pkgs/applications/editors/neovim/utils.nix
View File

@ -54,15 +54,7 @@ let
configurePatched = configure // {
packages.nix = {
start = lib.filter (f: f != null)
(map (x: if x.optional == false then x.plugin else null)
pluginsNormalized);
opt = lib.filter (f: f != null)
(map (x: if x.optional == true then x.plugin else null)
pluginsNormalized);
};
customRC = pluginRc + customRC;
customRC = pluginRc + customRC + (configure.customRC or "");
};
# A function to get the configuration string (if any) from an element of 'plugins'
@ -173,11 +165,8 @@ let
assert withPython -> throw "Python2 support has been removed from neovim, please remove withPython and extraPythonPackages.";
wrapNeovimUnstable neovim (res // {
wrapperArgs = lib.escapeShellArgs (
res.wrapperArgs ++ lib.optionals (configure != {}) [
"--add-flags" "-u ${writeText "init.vim" res.neovimRcContent}"
]) + " " + extraMakeWrapperArgs
;
wrapperArgs = lib.escapeShellArgs res.wrapperArgs + extraMakeWrapperArgs;
wrapRc = (configure != {});
});
in
{

1
pkgs/applications/editors/neovim/wrapper.nix
View File

@ -107,6 +107,7 @@ let
'')
+ ''
rm $out/bin/nvim
touch $out/rplugin.vim
makeWrapper ${lib.escapeShellArgs finalMakeWrapperArgs} ${wrapperArgsStr}
'';

4
pkgs/applications/editors/vscode/generic.nix
View File

@ -9,7 +9,7 @@
# Attributes inherit from specific versions
, version, src, meta, sourceRoot
, executableName, longName, shortName, pname
, executableName, longName, shortName, pname, updateScript
}:
let
@ -19,7 +19,7 @@ let
inherit pname version src sourceRoot;
passthru = {
inherit executableName tests;
inherit executableName tests updateScript;
fhs = fhs {};
fhsWithPackages = f: fhs { additionalPkgs = f; };
};

5
pkgs/applications/editors/vscode/vscode.nix
View File

@ -20,9 +20,6 @@ let
}.${system};
in
callPackage ./generic.nix rec {
# The update script doesn't correctly change the hash for darwin, so please:
# nixpkgs-update: no auto update
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
version = "1.56.2";
@ -40,6 +37,8 @@ in
sourceRoot = "";
updateScript = ./update-vscodium.sh;
meta = with lib; {
description = ''
Open source source code editor developed by Microsoft for Windows,

4
pkgs/applications/editors/vscode/vscodium.nix
View File

@ -28,8 +28,6 @@ let
in
callPackage ./generic.nix rec {
inherit sourceRoot;
# The update script doesn't correctly change the hash for darwin, so please:
# nixpkgs-update: no auto update
# Please backport all compatible updates to the stable release.
# This is important for the extension ecosystem.
@ -47,6 +45,8 @@ in
tests = nixosTests.vscodium;
updateScript = ./update-vscodium.sh;
meta = with lib; {
description = ''
Open source source code editor developed by Microsoft for Windows,

4
pkgs/applications/gis/qgis/unwrapped.nix
View File

@ -24,7 +24,7 @@ let
six
];
in mkDerivation rec {
version = "3.16.6";
version = "3.16.7";
pname = "qgis";
name = "${pname}-unwrapped-${version}";
@ -32,7 +32,7 @@ in mkDerivation rec {
owner = "qgis";
repo = "QGIS";
rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}";
sha256 = "1vnz5kiyjircmhn4vq3fa5j2kvkxpwcsry7jc6nxl0w0dqx1zay1";
sha256 = "0yvb2w83dplh0my72xljglq9a4a7qkfliwslav26lw4yqxr8mr0p";
};
passthru = {

11
pkgs/applications/gis/qmapshack/default.nix
View File

@ -3,13 +3,13 @@
mkDerivation rec {
pname = "qmapshack";
version = "1.15.2";
version = "1.16.0";
src = fetchFromGitHub {
owner = "Maproom";
repo = pname;
rev = "V_${version}";
sha256 = "1l1j2axf94pdqwirwwhwy3y6k8v1aix78ifqbv6j8sv131h2j7y7";
sha256 = "1yzgkdjxwyg8ggbxyjwr0zjrx99ckrbz2p2524iii9i7qqn8wfsx";
};
nativeBuildInputs = [ cmake ];
@ -20,13 +20,6 @@ mkDerivation rec {
"-DROUTINO_XML_PATH=${routino}/share/routino"
];
patches = [
"${src}/FindPROJ4.patch"
# Support QuaZip 1.x.
./pr350-support-quazip-1x.patch
];
qtWrapperArgs = [
"--suffix PATH : ${lib.makeBinPath [ gdal routino ]}"
];

141
pkgs/applications/gis/qmapshack/pr350-support-quazip-1x.patch
View File

@ -1,141 +0,0 @@
From 8fb751c656a14020ba37fb91b7f7cba3c49d8504 Mon Sep 17 00:00:00 2001
From: kiozen <oliver.eichler@gmx.de>
Date: Sat, 20 Mar 2021 12:14:29 +0100
Subject: [PATCH] [QMS-349] Upgrade to Quazip Qt5 V1.x
Simply adjusted the cmake scripts
---
CMakeLists.txt | 2 +-
src/qmapshack/CMakeLists.txt | 27 +++++++++++++--------------
3 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8d2cf127..7420d9b2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -152,7 +152,7 @@ find_package(GDAL REQUIRED)
find_package(PROJ REQUIRED)
find_package(JPEG REQUIRED)
find_package(ROUTINO REQUIRED)
-find_package(QuaZip5 REQUIRED)
+find_package(QuaZip-Qt5 REQUIRED)
find_package(ALGLIB ) # optional as we can use our local version
diff --git a/src/qmapshack/CMakeLists.txt b/src/qmapshack/CMakeLists.txt
index 08eeb183..9b3836d6 100644
--- a/src/qmapshack/CMakeLists.txt
+++ b/src/qmapshack/CMakeLists.txt
@@ -22,8 +22,8 @@ add_definitions(-DROUTINO_XML_PATH=${ROUTINO_XML_PATH})
# All source files needed to compile
###############################################################################################
-set( SRCS
- CAbout.cpp
+set( SRCS
+ CAbout.cpp
CMainWindow.cpp
CSingleInstanceProxy.cpp
canvas/CCanvas.cpp
@@ -160,7 +160,7 @@ set( SRCS
gis/trk/CInvalidTrk.cpp
gis/trk/CKnownExtension.cpp
gis/trk/CListTrkPts.cpp
- gis/trk/CPropertyTrk.cpp
+ gis/trk/CPropertyTrk.cpp
gis/trk/CScrOptTrk.cpp
gis/trk/CSelectActivityColor.cpp
gis/trk/CTableTrk.cpp
@@ -272,7 +272,7 @@ set( SRCS
mouse/line/CLineOpMovePoint.cpp
mouse/line/CLineOpSelectRange.cpp
mouse/line/CScrOptEditLine.cpp
- mouse/line/CScrOptRangeLine.cpp
+ mouse/line/CScrOptRangeLine.cpp
mouse/line/ILineOp.cpp
mouse/line/IMouseEditLine.cpp
plot/CPlot.cpp
@@ -401,7 +401,7 @@ set( HDRS
gis/CGisListDB.h
gis/CGisListWks.h
gis/CGisWorkspace.h
- gis/CSelDevices.h
+ gis/CSelDevices.h
gis/IGisItem.h
gis/IGisLine.h
gis/Poi.h
@@ -512,7 +512,7 @@ set( HDRS
gis/trk/CInvalidTrk.h
gis/trk/CKnownExtension.h
gis/trk/CListTrkPts.h
- gis/trk/CPropertyTrk.h
+ gis/trk/CPropertyTrk.h
gis/trk/CScrOptTrk.h
gis/trk/CSelectActivityColor.h
gis/trk/CTableTrk.h
@@ -579,7 +579,7 @@ set( HDRS
map/CMapList.h
map/CMapMAP.h
map/CMapPathSetup.h
- map/CMapPropSetup.h
+ map/CMapPropSetup.h
map/CMapRMAP.h
map/CMapTMS.h
map/CMapVRT.h
@@ -655,7 +655,7 @@ set( HDRS
realtime/CRtSelectSource.h
realtime/CRtWorkspace.h
realtime/IRtInfo.h
- realtime/IRtRecord.h
+ realtime/IRtRecord.h
realtime/IRtSource.h
realtime/gpstether/CRtGpsTether.h
realtime/gpstether/CRtGpsTetherInfo.h
@@ -764,7 +764,7 @@ set( UIS
gis/search/IGeoSearchWebConfigDialog.ui
gis/search/ISearchExplanationDialog.ui
gis/summary/IGisSummary.ui
- gis/summary/IGisSummarySetup.ui
+ gis/summary/IGisSummarySetup.ui
gis/trk/ICombineTrk.ui
gis/trk/ICutTrk.ui
gis/trk/IDetailsTrk.ui
@@ -818,7 +818,7 @@ set( UIS
mouse/range/IActionSelect.ui
mouse/range/IRangeToolSetup.ui
mouse/range/IScrOptRangeTool.ui
- mouse/range/IScrOptRangeTrk.ui
+ mouse/range/IScrOptRangeTrk.ui
mouse/IScrOptRuler.ui
mouse/IScrOptSelect.ui
mouse/line/IScrOptEditLine.ui
@@ -899,7 +899,6 @@ include_directories(
${PROJ_INCLUDE_DIRS}
${ROUTINO_INCLUDE_DIRS}
${ALGLIB_INCLUDE_DIRS}
- ${QUAZIP_INCLUDE_DIRS}
)
if(APPLE)
@@ -934,10 +933,10 @@ endif(Qt5DBus_FOUND)
target_link_libraries(${APPLICATION_NAME}
Qt5::Widgets
- Qt5::Xml
+ Qt5::Xml
Qt5::Sql
Qt5::PrintSupport
- Qt5::UiTools
+ Qt5::UiTools
Qt5::Network
Qt5::WebEngineWidgets
Qt5::Qml
@@ -947,7 +946,7 @@ target_link_libraries(${APPLICATION_NAME}
${PROJ_LIBRARIES}
${ROUTINO_LIBRARIES}
${ALGLIB_LIBRARIES}
- ${QUAZIP_LIBRARIES}
+ QuaZip::QuaZip
)
if(APPLE)

4
pkgs/applications/graphics/ImageMagick/6.x.nix
View File

@ -11,7 +11,7 @@ let
else if stdenv.hostPlatform.system == "armv7l-linux" then "armv7l"
else if stdenv.hostPlatform.system == "aarch64-linux" || stdenv.hostPlatform.system == "aarch64-darwin" then "aarch64"
else if stdenv.hostPlatform.system == "powerpc64le-linux" then "ppc64le"
else throw "ImageMagick is not supported on this platform.";
else null;
in
stdenv.mkDerivation rec {
@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
configureFlags =
[ "--with-frozenpaths" ]
++ [ "--with-gcc-arch=${arch}" ]
++ (if arch != null then [ "--with-gcc-arch=${arch}" ] else [ "--without-gcc-arch" ])
++ lib.optional (librsvg != null) "--with-rsvg"
++ lib.optionals (ghostscript != null)
[ "--with-gs-font-dir=${ghostscript}/share/ghostscript/fonts"

4
pkgs/applications/graphics/ImageMagick/7.0.nix
View File

@ -13,7 +13,7 @@ let
else if stdenv.hostPlatform.system == "armv7l-linux" then "armv7l"
else if stdenv.hostPlatform.system == "aarch64-linux" || stdenv.hostPlatform.system == "aarch64-darwin" then "aarch64"
else if stdenv.hostPlatform.system == "powerpc64le-linux" then "ppc64le"
else throw "ImageMagick is not supported on this platform.";
else null;
in
stdenv.mkDerivation rec {
@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
configureFlags =
[ "--with-frozenpaths" ]
++ [ "--with-gcc-arch=${arch}" ]
++ (if arch != null then [ "--with-gcc-arch=${arch}" ] else [ "--without-gcc-arch" ])
++ lib.optional (librsvg != null) "--with-rsvg"
++ lib.optionals (ghostscript != null)
[ "--with-gs-font-dir=${ghostscript}/share/ghostscript/fonts"

26
pkgs/applications/graphics/antimony/default.nix
View File

@ -1,6 +1,7 @@
{ lib, stdenv, fetchFromGitHub, libpng, python3
, libGLU, libGL, qtbase, wrapQtAppsHook, ncurses
, cmake, flex, lemon
, makeDesktopItem, copyDesktopItems
}:
let
@ -27,12 +28,35 @@ in
sed -i "s,python3,${python3.executable}," CMakeLists.txt
'';
postInstall = lib.optionalString stdenv.isLinux ''
install -Dm644 $src/deploy/icon.svg $out/share/icons/hicolor/scalable/apps/antimony.svg
install -Dm644 ${./mimetype.xml} $out/share/mime/packages/antimony.xml
'';
buildInputs = [
libpng python3 python3.pkgs.boost
libGLU libGL qtbase ncurses
];
nativeBuildInputs = [ cmake flex lemon wrapQtAppsHook ];
nativeBuildInputs = [ cmake flex lemon wrapQtAppsHook copyDesktopItems ];
desktopItems = [
(makeDesktopItem {
name = "antimony";
desktopName = "Antimony";
comment="Tree-based Modeler";
genericName = "CAD Application";
exec = "antimony %f";
icon = "antimony";
terminal = "false";
categories = "Graphics;Science;Engineering";
mimeType = "application/x-extension-sb;application/x-antimony;";
extraEntries = ''
StartupWMClass=antimony
Version=1.0
'';
})
];
cmakeFlags= [
"-DGITREV=${gitRev}"

7
pkgs/applications/graphics/antimony/mimetype.xml Normal file
View File

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
<mime-type type="application/x-antimony">
<comment xml:lang="en">Antimony model</comment>
<glob pattern="*.sb"/>
</mime-type>
</mime-info>

4
pkgs/applications/graphics/sane/backends/airscan/default.nix
View File

@ -2,7 +2,7 @@
, libxml2, gnutls, sane-backends }:
stdenv.mkDerivation rec {
pname = "sane-airscan";
version = "0.99.24";
version = "0.99.26";
nativeBuildInputs = [ meson ninja pkg-config ];
buildInputs = [ avahi gnutls libjpeg libpng libxml2 sane-backends ];
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
owner = "alexpevzner";
repo = pname;
rev = version;
sha256 = "sha256-2zSLC9P7Q/GMefHvmrUz6nV2hgScb4BhPAkahNBouqk=";
sha256 = "08snfg5zx9924ryww0kxf1kgl085yw7fg6l4f1kzlhcmqf1958w5";
};
meta = with lib; {

98
pkgs/applications/graphics/sane/backends/brscan5/default.nix Normal file
View File

@ -0,0 +1,98 @@
{ stdenv, lib, fetchurl, callPackage, patchelf, makeWrapper, coreutils, libusb1, avahi-compat, glib, libredirect }:
let
myPatchElf = file: with lib; ''
patchelf --set-interpreter \
${stdenv.glibc}/lib/ld-linux${optionalString stdenv.is64bit "-x86-64"}.so.2 \
${file}
'';
in
stdenv.mkDerivation rec {
pname = "brscan5";
version = "1.2.6-0";
src = {
"i686-linux" = fetchurl {
url = "https://download.brother.com/welcome/dlf104034/${pname}-${version}.i386.deb";
sha256 = "102q745pc0168syggd4gym51qf3m3iqld3a4skfnbkm6yky4w4s8";
};
"x86_64-linux" = fetchurl {
url = "https://download.brother.com/welcome/dlf104033/${pname}-${version}.amd64.deb";
sha256 = "1pwbzhpg5nzpw2rw936vf2cr334v8iny16y8fbb1zimgzmv427wx";
};
}."${stdenv.hostPlatform.system}";
unpackPhase = ''
ar x $src
tar xfv data.tar.xz
'';
nativeBuildInputs = [ makeWrapper patchelf coreutils ];
buildInputs = [ libusb1 avahi-compat stdenv.cc.cc glib ];
dontBuild = true;
postPatch = ''
${myPatchElf "opt/brother/scanner/brscan5/brsaneconfig5"}
${myPatchElf "opt/brother/scanner/brscan5/brscan_cnetconfig"}
${myPatchElf "opt/brother/scanner/brscan5/brscan_gnetconfig"}
for a in opt/brother/scanner/brscan5/*.so.* opt/brother/scanner/brscan5/brscan_[cg]netconfig; do
if ! test -L $a; then
patchelf --set-rpath ${lib.makeLibraryPath buildInputs} $a
fi
done
# driver is hardcoded to look in /opt/brother/scanner/brscan5/models for model metadata.
# patch it to look in /etc/opt/brother/scanner/models instead, so nixos environment.etc can make it available
printf '/etc/opt/brother/scanner/models\x00' | dd of=opt/brother/scanner/brscan5/libsane-brother5.so.1.0.7 bs=1 seek=84632 conv=notrunc
'';
installPhase = with lib; ''
runHook preInstall
PATH_TO_BRSCAN5="opt/brother/scanner/brscan5"
mkdir -p $out/$PATH_TO_BRSCAN5
cp -rp $PATH_TO_BRSCAN5/* $out/$PATH_TO_BRSCAN5
pushd $out/$PATH_TO_BRSCAN5
ln -s libLxBsDeviceAccs.so.1.0.0 libLxBsDeviceAccs.so.1
ln -s libLxBsNetDevAccs.so.1.0.0 libLxBsNetDevAccs.so.1
ln -s libLxBsScanCoreApi.so.3.0.0 libLxBsScanCoreApi.so.3
ln -s libLxBsUsbDevAccs.so.1.0.0 libLxBsUsbDevAccs.so.1
ln -s libsane-brother5.so.1.0.7 libsane-brother5.so.1
popd
mkdir -p $out/lib/sane
for file in $out/$PATH_TO_BRSCAN5/*.so.* ; do
ln -s $file $out/lib/sane/
done
makeWrapper \
"$out/$PATH_TO_BRSCAN5/brsaneconfig5" \
"$out/bin/brsaneconfig5" \
--suffix-each NIX_REDIRECT ":" "/etc/opt/brother/scanner/brscan5=$out/opt/brother/scanner/brscan5 /opt/brother/scanner/brscan5=$out/opt/brother/scanner/brscan5" \
--set LD_PRELOAD ${libredirect}/lib/libredirect.so
mkdir -p $out/etc/sane.d/dll.d
echo "brother5" > $out/etc/sane.d/dll.d/brother5.conf
mkdir -p $out/etc/udev/rules.d
cp -p $PATH_TO_BRSCAN5/udev-rules/NN-brother-mfp-brscan5-1.0.2-2.rules \
$out/etc/udev/rules.d/49-brother-mfp-brscan5-1.0.2-2.rules
ETCDIR=$out/etc/opt/brother/scanner/brscan5
mkdir -p $ETCDIR
cp -rp $PATH_TO_BRSCAN5/{models,brscan5.ini,brsanenetdevice.cfg} $ETCDIR/
runHook postInstall
'';
dontPatchELF = true;
meta = {
description = "Brother brscan5 sane backend driver";
homepage = "https://www.brother.com";
platforms = [ "i686-linux" "x86_64-linux" ];
license = lib.licenses.unfree;
maintainers = with lib.maintainers; [ mattchrist ];
};
}

24
pkgs/applications/kde/akonadi-calendar-tools.nix Normal file
View File

@ -0,0 +1,24 @@
{ mkDerivation
, lib
, extra-cmake-modules
, kdoctools
, akonadi
, calendarsupport
}:
mkDerivation {
pname = "akonadi-calendar-tools";
meta = {
homepage = "https://github.com/KDE/akonadi-calendar-tools";
description = "Console applications and utilities for managing calendars in Akonadi";
license = with lib.licenses; [ gpl2Plus cc0 ];
maintainers = with lib.maintainers; [ kennyballou ];
platforms = lib.platforms.linux;
};
nativeBuildInputs = [ extra-cmake-modules kdoctools ];
propagatedBuildInputs = [
akonadi
calendarsupport
];
outputs = [ "out" "dev" ];
}

3
pkgs/applications/kde/default.nix
View File

@ -68,6 +68,7 @@ let
in {
akonadi = callPackage ./akonadi {};
akonadi-calendar = callPackage ./akonadi-calendar.nix {};
akonadi-calendar-tools = callPackage ./akonadi-calendar-tools.nix {};
akonadi-contacts = callPackage ./akonadi-contacts.nix {};
akonadi-import-wizard = callPackage ./akonadi-import-wizard.nix {};
akonadi-mime = callPackage ./akonadi-mime.nix {};
@ -93,6 +94,7 @@ let
incidenceeditor = callPackage ./incidenceeditor.nix {};
k3b = callPackage ./k3b.nix {};
kaccounts-integration = callPackage ./kaccounts-integration.nix {};
kaccounts-providers = callPackage ./kaccounts-providers.nix {};
kaddressbook = callPackage ./kaddressbook.nix {};
kalarm = callPackage ./kalarm.nix {};
kalarmcal = callPackage ./kalarmcal.nix {};
@ -137,6 +139,7 @@ let
kipi-plugins = callPackage ./kipi-plugins.nix {};
kitinerary = callPackage ./kitinerary.nix {};
kio-extras = callPackage ./kio-extras.nix {};
kio-gdrive = callPackage ./kio-gdrive.nix {};
kldap = callPackage ./kldap.nix {};
kleopatra = callPackage ./kleopatra.nix {};
klettres = callPackage ./klettres.nix {};

44
pkgs/applications/kde/kaccounts-providers.nix Normal file
View File

@ -0,0 +1,44 @@
{ mkDerivation
, lib
, accounts-qt
, extra-cmake-modules
, intltool
, kaccounts-integration
, kcmutils
, kcoreaddons
, kdeclarative
, kdoctools
, kio
, kpackage
, kwallet
, qtwebengine
, signond
}:
mkDerivation {
pname = "kaccounts-providers";
meta = with lib; {
homepage = "https://community.kde.org/KTp/Setting_up_KAccounts";
description = "Online account providers";
maintainers = with maintainers; [ kennyballou ];
license = licenses.gpl2Plus;
platforms = platforms.linux;
};
nativeBuildInputs = [
extra-cmake-modules
intltool
kdoctools
];
buildInputs = [
accounts-qt
kaccounts-integration
kcmutils
kcoreaddons
kdeclarative
kio
kpackage
kwallet
qtwebengine
signond
];
}

36
pkgs/applications/kde/kio-gdrive.nix Normal file
View File

@ -0,0 +1,36 @@
{ mkDerivation
, lib
, extra-cmake-modules
, kdoctools
, kio
, libkgapi
, kcalendarcore
, kcontacts
, qtkeychain
, libsecret
, kaccounts-integration
}:
mkDerivation {
pname = "kio-gdrive";
meta = with lib; {
homepage = "https://github.com/KDE/kio-gdrive";
description = "KIO slave for Google APIs";
maintainers = with maintainers; [ kennyballou ];
license = licenses.gpl2Plus;
platforms = platforms.linux;
};
nativeBuildInputs = [
extra-cmake-modules
kdoctools
];
buildInputs = [
kcalendarcore
kcontacts
kaccounts-integration
libkgapi
libsecret
kio
qtkeychain
];
}

35
pkgs/applications/misc/bibletime/default.nix
View File

@ -1,36 +1,47 @@
{ lib, mkDerivation, fetchurl, cmake, pkg-config, sword, boost, clucene_core
, qtbase, qttools, qtsvg, qtwebkit
}:
, qtbase, qttools, qtsvg, perlPackages, docbook_xml_dtd_45
, docbook_xsl_ns }:
mkDerivation rec {
version = "2.11.2";
version = "3.0";
pname = "bibletime";
src = fetchurl {
url = "mirror://sourceforge/bibletime/${pname}-${version}.tar.xz";
sha256 = "1s5bvmwbz1gyp3ml8sghpc00h8nhdvx2iyq96iri30kwx1y1jy6i";
url =
"https://github.com/bibletime/bibletime/releases/download/v${version}/${pname}-${version}.tar.xz";
sha256 = "08i6nb9a7z0jpsq76q0kr62hw6ph9chqjpjcvkimbcj4mmifzgnn";
};
nativeBuildInputs = [ cmake pkg-config ];
nativeBuildInputs = [ cmake pkg-config docbook_xml_dtd_45 ];
buildInputs = [
sword boost clucene_core
qtbase qttools qtsvg qtwebkit
];
sword
boost
clucene_core
qtbase
qttools
qtsvg
perlPackages.Po4a
];
preConfigure = ''
preConfigure = ''
export CLUCENE_HOME=${clucene_core};
export SWORD_HOME=${sword};
'';
cmakeFlags = [ "-DUSE_QT_WEBKIT=ON" "-DCMAKE_BUILD_TYPE=Debug" ];
cmakeFlags = [
"-DBUILD_HOWTO_PDF=OFF"
"-DBUILD_HANDBOOK_PDF=OFF"
"-DBT_DOCBOOK_XSL_HTML_CHUNK_XSL=${docbook_xsl_ns}/share/xml/docbook-xsl-ns/html/chunk.xsl"
"-DBT_DOCBOOK_XSL_PDF_DOCBOOK_XSL=${docbook_xsl_ns}/share/xml/docbook-xsl-ns/html/chunk.xsl"
];
meta = {
description = "A Qt4 Bible study tool";
homepage = "http://www.bibletime.info/";
platforms = lib.platforms.linux;
license = lib.licenses.gpl2;
license = lib.licenses.gpl2Plus;
maintainers = [ lib.maintainers.piotr ];
};
}

6
pkgs/applications/misc/dbeaver/default.nix
View File

@ -18,13 +18,13 @@
stdenv.mkDerivation rec {
pname = "dbeaver";
version = "21.0.5"; # When updating also update fetchedMavenDeps.sha256
version = "21.1.0"; # When updating also update fetchedMavenDeps.sha256
src = fetchFromGitHub {
owner = "dbeaver";
repo = "dbeaver";
rev = version;
sha256 = "sha256-WMXhGXGHNjMJqob6A5S4+t9MDdJydAjdoY0u7T3ANbw=";
sha256 = "sha256-MHfW6gZFB2osE+8Ek7I40fg2cdowph3hvKqkjG7+rY4=";
};
fetchedMavenDeps = stdenv.mkDerivation {
@ -50,7 +50,7 @@ stdenv.mkDerivation rec {
dontFixup = true;
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = "sha256-RspJTWVM0ZpAz4yDeKsG7wSHZ//bi3SSV5c0gbsqZKY=";
outputHash = "sha256-FdWQ+2U5bIXSASm3SaLjyQlaRc1AkYPpFJSP4PnCWJw=";
};
nativeBuildInputs = [

95
pkgs/applications/misc/dockbarx/default.nix
View File

@ -1,41 +1,84 @@
{ lib, fetchFromGitHub, python2Packages, gnome2, keybinder }:
{ lib
, fetchFromGitHub
, glib
, gobject-introspection
, gtk3
, keybinder3
, libwnck3
, python3Packages
, wrapGAppsHook
}:
python2Packages.buildPythonApplication rec {
ver = "0.93";
name = "dockbarx-${ver}";
python3Packages.buildPythonApplication rec {
pname = "dockbarx";
version = "${ver}-${rev}";
ver = "1.0-beta";
rev = "d98020ec49f3e3a5692ab2adbb145bbe5a1e80fe";
src = fetchFromGitHub {
owner = "M7S";
owner = "xuzhen";
repo = "dockbarx";
rev = ver;
sha256 = "1h1g2vag5vnx87sa1f0qi8rq7wlr2ymvkrdr08kk7cma4wk0x6hg";
rev = rev;
sha256 = "0xwqxh5mr2bi0sk54b848705awp0lfpd91am551811j2bdkbs04m";
};
postPatch = ''
substituteInPlace setup.py --replace /usr/ ""
substituteInPlace setup.py --replace '"/", "usr", "share",' '"share",'
substituteInPlace dockbarx/applets.py --replace /usr/share/ $out/share/
substituteInPlace dockbarx/dockbar.py --replace /usr/share/ $out/share/
substituteInPlace dockbarx/iconfactory.py --replace /usr/share/ $out/share/
substituteInPlace dockbarx/theme.py --replace /usr/share/ $out/share/
substituteInPlace dockx_applets/battery_status.py --replace /usr/share/ $out/share/
substituteInPlace dockx_applets/namebar.py --replace /usr/share/ $out/share/
substituteInPlace dockx_applets/namebar_window_buttons.py --replace /usr/share/ $out/share/
substituteInPlace dockx_applets/volume-control.py --replace /usr/share/ $out/share/
'';
nativeBuildInputs = [
glib.dev
python3Packages.polib
wrapGAppsHook
];
propagatedBuildInputs = (with python2Packages; [ pygtk pyxdg dbus-python pillow xlib ])
++ (with gnome2; [ gnome_python gnome_python_desktop ])
++ [ keybinder ];
buildInputs = [
gobject-introspection
gtk3
libwnck3
keybinder3
];
propagatedBuildInputs = with python3Packages; [
dbus-python
pillow
pygobject3
pyxdg
xlib
];
# no tests
doCheck = false;
dontWrapGApps = true;
postPatch = ''
substituteInPlace setup.py \
--replace /usr/ "" \
--replace '"/", "usr", "share",' '"share",'
for f in \
dbx_preference \
dockbarx/applets.py \
dockbarx/dockbar.py \
dockbarx/iconfactory.py \
dockbarx/theme.py \
mate_panel_applet/dockbarx_mate_applet
do
substituteInPlace $f --replace /usr/share/ $out/share/
done
'';
postInstall = ''
glib-compile-schemas $out/share/glib-2.0/schemas
'';
# Arguments to be passed to `makeWrapper`, only used by buildPython*
preFixup = ''
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
'';
meta = with lib; {
homepage = "https://launchpad.net/dockbar/";
description = "Lightweight taskbar / panel replacement for Linux which works as a stand-alone dock";
license = licenses.gpl3;
homepage = "https://github.com/xuzhen/dockbarx";
description = "Lightweight taskbar/panel replacement which works as a stand-alone dock";
license = licenses.gpl3Only;
platforms = platforms.linux;
maintainers = [ maintainers.volth ];
maintainers = [ maintainers.romildo ];
};
}

7
pkgs/applications/misc/gcstar/default.nix
View File

@ -6,13 +6,13 @@
stdenv.mkDerivation rec {
pname = "gcstar";
version = "1.7.2";
version = "1.7.3";
src = fetchFromGitLab {
owner = "Kerenoc";
repo = "GCstar";
rev = "v${version}";
sha256 = "1vqfff33sssvlvsva1dflggmwl00j5p64sn1669f9wrbvjkxgpv4";
sha256 = "1hah8ijh9mvcgbh36y3d3s6y79mzz27w24f2i29qllv7cayf6129";
};
nativeBuildInputs = [ wrapGAppsHook ];
@ -23,7 +23,8 @@ stdenv.mkDerivation rec {
DateCalc
DateTimeFormatStrptime
Glib
Gtk2
Gtk3
Gtk3SimpleList
GD
GDGraph
GDText

19
pkgs/applications/misc/gpxlab/default.nix
View File

@ -1,4 +1,6 @@
{ stdenv, mkDerivation, lib, fetchFromGitHub, qmake, qttools, qttranslations }:
{ stdenv, mkDerivation, lib, fetchFromGitHub, substituteAll
, qmake, qttools, qttranslations
}:
mkDerivation rec {
pname = "gpxlab";
@ -11,8 +13,13 @@ mkDerivation rec {
sha256 = "080vnwcciqblfrbfyz9gjhl2lqw1hkdpbgr5qfrlyglkd4ynjd84";
};
nativeBuildInputs = [ qmake ];
buildInputs = [ qttools qttranslations ];
patches = (substituteAll {
# See https://github.com/NixOS/nixpkgs/issues/86054
src = ./fix-qttranslations-path.patch;
inherit qttranslations;
});
nativeBuildInputs = [ qmake qttools ];
preConfigure = ''
lrelease GPXLab/locale/*.ts
@ -24,8 +31,6 @@ mkDerivation rec {
wrapQtApp $out/Applications/GPXLab.app/Contents/MacOS/GPXLab
'';
enableParallelBuilding = true;
meta = with lib; {
homepage = "https://github.com/BourgeoisLab/GPXLab";
description = "Program to show and manipulate GPS tracks";
@ -33,8 +38,8 @@ mkDerivation rec {
GPXLab is an application to display and manage GPS tracks
previously recorded with a GPS tracker.
'';
license = licenses.gpl3;
license = licenses.gpl3Only;
maintainers = with maintainers; [ sikmir ];
platforms = with platforms; linux ++ darwin;
platforms = platforms.unix;
};
}

17
pkgs/applications/misc/gpxlab/fix-qttranslations-path.patch Normal file
View File

@ -0,0 +1,17 @@
diff --git i/GPXLab/main.cpp w/GPXLab/main.cpp
index b12d2dd..58d37c5 100644
--- i/GPXLab/main.cpp
+++ w/GPXLab/main.cpp
@@ -19,10 +19,10 @@ int main(int argc, char *argv[])
app.installTranslator(&gpxlab);
QTranslator qt;
-#if defined(Q_OS_WIN32) || defined(Q_OS_MAC)
+#if defined(Q_OS_WIN32)
qt.load(QLocale::system(), "qt", "_", TRANSLATIONS_DIR);
#else
- qt.load(QLocale::system(), "qt", "_", QLibraryInfo::location(QLibraryInfo::TranslationsPath));
+ qt.load(QLocale::system(), "qt", "_", QLatin1String("@qttranslations@/translations"));
#endif
app.installTranslator(&qt);

Some files were not shown because too many files have changed in this diff Show More