JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'nixos/master'

Browse Source
This commit is contained in:
Judson 2017-04-09 15:36:03 -07:00
commit ed77e113c5
No known key found for this signature in database
GPG Key ID: 1817B08954BF0B7D
3032 changed files with 91595 additions and 49262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.mention-bot
View File

@ -2,7 +2,8 @@
"userBlacklist": [
"civodul",
"jhasse",
"shlevy"
"shlevy",
"bbenoist"
],
"alwaysNotifyForPaths": [
{ "name": "FRidh", "files": ["pkgs/top-level/python-packages.nix", "pkgs/development/interpreters/python/*", "pkgs/development/python-modules/*" ] },

13
.travis.yml
View File

@ -1,8 +1,14 @@
language: nix
sudo: true
# 'sudo: false' == containers that start fast, but only get 4G ram;
# 'sudo: true' == VMs that start slow, but with 8G
# ..as per: https://docs.travis-ci.com/user/ci-environment/#Virtualization-environments
# Nixpkgs PR tests OOM with 4G: https://github.com/NixOS/nixpkgs/issues/24200
matrix:
include:
- os: linux
sudo: false
sudo: required
script:
- ./maintainers/scripts/travis-nox-review-pr.sh nixpkgs-verify nixpkgs-manual nixpkgs-tarball nixpkgs-unstable
- ./maintainers/scripts/travis-nox-review-pr.sh nixos-options nixos-manual
@ -18,3 +24,8 @@ matrix:
env:
global:
- GITHUB_TOKEN=5edaaf1017f691ed34e7f80878f8f5fbd071603f
notifications:
email:
on_success: never
on_failure: change

2
.version
View File

@ -1 +1 @@
17.03
17.09

8
README.md
View File

@ -13,12 +13,12 @@ build daemon as so-called channels. To get channel information via git, add
```
For stability and maximum binary package support, it is recommended to maintain
custom changes on top of one of the channels, e.g. `nixos-16.09` for the latest
custom changes on top of one of the channels, e.g. `nixos-17.03` for the latest
release and `nixos-unstable` for the latest successful build of master:
```
% git remote update channels
% git rebase channels/nixos-16.09
% git rebase channels/nixos-17.03
```
For pull-requests, please rebase onto nixpkgs `master`.
@ -32,9 +32,9 @@ For pull-requests, please rebase onto nixpkgs `master`.
* [Manual (NixOS)](https://nixos.org/nixos/manual/)
* [Nix Wiki](https://nixos.org/wiki/) (deprecated, see milestone ["Move the Wiki!"](https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Move+the+wiki%21%22))
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for 16.09 release](https://hydra.nixos.org/jobset/nixos/release-16.09)
* [Continuous package builds for 17.03 release](https://hydra.nixos.org/jobset/nixos/release-17.03)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for 16.09 release](https://hydra.nixos.org/job/nixos/release-16.09/tested#tabs-constituents)
* [Tests for 17.03 release](https://hydra.nixos.org/job/nixos/release-17.03/tested#tabs-constituents)
Communication:

12
default.nix
View File

@ -2,7 +2,17 @@ let requiredVersion = import ./lib/minver.nix; in
if ! builtins ? nixVersion || builtins.compareVersions requiredVersion builtins.nixVersion == 1 then
abort "This version of Nixpkgs requires Nix >= ${requiredVersion}, please upgrade! See https://nixos.org/wiki/How_to_update_when_Nix_is_too_old_to_evaluate_Nixpkgs"
abort ''
This version of Nixpkgs requires Nix >= ${requiredVersion}, please upgrade:
- If you are running NixOS, use `nixos-rebuild' to upgrade your system.
- If you installed Nix using the install script (https://nixos.org/nix/install),
it is safe to upgrade by running it again:
curl https://nixos.org/nix/install | sh
''
else

226
doc/configuration.xml
View File

@ -4,83 +4,221 @@
<title>Global configuration</title>
<para>Nix packages can be configured to allow or deny certain options.</para>
<para>Nix comes with certain defaults about what packages can and
cannot be installed, based on a package's metadata. By default, Nix
will prevent installation if any of the following criteria are
true:</para>
<para>To apply the configuration edit
<filename>~/.config/nixpkgs/config.nix</filename> and set it like
<itemizedlist>
<listitem><para>The package is thought to be broken, and has had
its <literal>meta.broken</literal> set to
<literal>true</literal>.</para></listitem>
<listitem><para>The package's <literal>meta.license</literal> is set
to a license which is considered to be unfree.</para></listitem>
<listitem><para>The package has known security vulnerabilities but
has not or can not be updated for some reason, and a list of issues
has been entered in to the package's
<literal>meta.knownVulnerabilities</literal>.</para></listitem>
</itemizedlist>
<para>Note that all this is checked during evaluation already,
and the check includes any package that is evaluated.
In particular, all build-time dependencies are checked.
<literal>nix-env -qa</literal> will (attempt to) hide any packages
that would be refused.
</para>
<para>Each of these criteria can be altered in the nixpkgs
configuration.</para>
<para>The nixpkgs configuration for a NixOS system is set in the
<literal>configuration.nix</literal>, as in the following example:
<programlisting>
{
nixpkgs.config = {
allowUnfree = true;
};
}
</programlisting>
However, this does not allow unfree software for individual users.
Their configurations are managed separately.</para>
<para>A user's of nixpkgs configuration is stored in a user-specific
configuration file located at
<filename>~/.config/nixpkgs/config.nix</filename>. For example:
<programlisting>
{
allowUnfree = true;
}
</programlisting>
</para>
and will allow the Nix package manager to install unfree licensed packages.</para>
<section xml:id="sec-allow-broken">
<title>Installing broken packages</title>
<para>The configuration as listed also applies to NixOS under
<option>nixpkgs.config</option> set.</para>
<itemizedlist>
<para>There are two ways to try compiling a package which has been
marked as broken.</para>
<listitem>
<para>Allow installing of packages that are distributed under
unfree license by setting <programlisting>allowUnfree =
true;</programlisting> or deny them by setting it to
<literal>false</literal>.</para>
<itemizedlist>
<listitem><para>
For allowing the build of a broken package once, you can use an
environment variable for a single invocation of the nix tools:
<para>Same can be achieved by setting the environment variable:
<programlisting>$ export NIXPKGS_ALLOW_BROKEN=1</programlisting>
</para></listitem>
<listitem><para>
For permanently allowing broken packages to be built, you may
add <literal>allowBroken = true;</literal> to your user's
configuration file, like this:
<programlisting>
$ export NIXPKGS_ALLOW_UNFREE=1
{
allowBroken = true;
}
</programlisting>
</para></listitem>
</itemizedlist>
</section>
</para>
</listitem>
<section xml:id="sec-allow-unfree">
<title>Installing unfree packages</title>
<listitem>
<para>Whenever unfree packages are not allowed, single packages
can still be allowed by a predicate function that accepts package
as an argument and should return a boolean:
<para>There are several ways to tweak how Nix handles a package
which has been marked as unfree.</para>
<itemizedlist>
<listitem><para>
To temporarily allow all unfree packages, you can use an
environment variable for a single invocation of the nix tools:
<programlisting>$ export NIXPKGS_ALLOW_UNFREE=1</programlisting>
</para></listitem>
<listitem><para>
It is possible to permanently allow individual unfree packages,
while still blocking unfree packages by default using the
<literal>allowUnfreePredicate</literal> configuration
option in the user configuration file.</para>
<para>This option is a function which accepts a package as a
parameter, and returns a boolean. The following example
configuration accepts a package and always returns false:
<programlisting>
{
allowUnfreePredicate = (pkg: false);
}
</programlisting>
</para>
<para>A more useful example, the following configuration allows
only allows flash player and visual studio code:
<programlisting>
allowUnfreePredicate = (pkg: ...);
{
allowUnfreePredicate = (pkg: elem (builtins.parseDrvName pkg.name).name [ "flashplayer" "vscode" ]);
}
</programlisting>
</para></listitem>
Example to allow flash player and visual studio code only:
<listitem>
<para>It is also possible to whitelist and blacklist licenses
that are specifically acceptable or not acceptable, using
<literal>whitelistedLicenses</literal> and
<literal>blacklistedLicenses</literal>, respectively.
</para>
<para>The following example configuration whitelists the
licenses <literal>amd</literal> and <literal>wtfpl</literal>:
<programlisting>
allowUnfreePredicate = with builtins; (pkg: elem (parseDrvName pkg.name).name [ "flashplayer" "vscode" ]);
{
whitelistedLicenses = with stdenv.lib.licenses; [ amd wtfpl ];
}
</programlisting>
</para>
</para>
</listitem>
<listitem>
<para>Whenever unfree packages are not allowed, packages can still
be whitelisted by their license:
<para>The following example configuration blacklists the
<literal>gpl3</literal> and <literal>agpl3</literal> licenses:
<programlisting>
whitelistedLicenses = with stdenv.lib.licenses; [ amd wtfpl ];
{
blacklistedLicenses = with stdenv.lib.licenses; [ agpl3 gpl3 ];
}
</programlisting>
</para>
</listitem>
</para>
</listitem>
</itemizedlist>
<listitem>
<para>In addition to whitelisting licenses which are denied by the
<literal>allowUnfree</literal> setting, you can also explicitely
deny installation of packages which have a certain license:
<para>A complete list of licenses can be found in the file
<filename>lib/licenses.nix</filename> of the nixpkgs tree.</para>
</section>
<section xml:id="sec-allow-insecure">
<title>
Installing insecure packages
</title>
<para>There are several ways to tweak how Nix handles a package
which has been marked as insecure.</para>
<itemizedlist>
<listitem><para>
To temporarily allow all insecure packages, you can use an
environment variable for a single invocation of the nix tools:
<programlisting>$ export NIXPKGS_ALLOW_INSECURE=1</programlisting>
</para></listitem>
<listitem><para>
It is possible to permanently allow individual insecure
packages, while still blocking other insecure packages by
default using the <literal>permittedInsecurePackages</literal>
configuration option in the user configuration file.</para>
<para>The following example configuration permits the
installation of the hypothetically insecure package
<literal>hello</literal>, version <literal>1.2.3</literal>:
<programlisting>
{
permittedInsecurePackages = [
"hello-1.2.3"
];
}
</programlisting>
</para>
</listitem>
<listitem><para>
It is also possible to create a custom policy around which
insecure packages to allow and deny, by overriding the
<literal>allowInsecurePredicate</literal> configuration
option.</para>
<para>The <literal>allowInsecurePredicate</literal> option is a
function which accepts a package and returns a boolean, much
like <literal>allowUnfreePredicate</literal>.</para>
<para>The following configuration example only allows insecure
packages with very short names:
<programlisting>
blacklistedLicenses = with stdenv.lib.licenses; [ agpl3 gpl3 ];
{
allowInsecurePredicate = (pkg: (builtins.stringLength (builtins.parseDrvName pkg.name).name) &lt;= 5);
}
</programlisting>
</para>
</listitem>
</itemizedlist>
<para>A complete list of licenses can be found in the file
<filename>lib/licenses.nix</filename> of the nix package tree.</para>
</para>
<para>Note that <literal>permittedInsecurePackages</literal> is
only checked if <literal>allowInsecurePredicate</literal> is not
specified.
</para></listitem>
</itemizedlist>
</section>
<!--============================================================-->

4
doc/default.nix
View File

@ -68,6 +68,10 @@ pkgs.stdenv.mkDerivation {
inputFile = ../pkgs/development/r-modules/README.md;
outputFile = "languages-frameworks/r.xml";
}
+ toDocbook {
inputFile = ./languages-frameworks/rust.md;
outputFile = "./languages-frameworks/rust.xml";
}
+ toDocbook {
inputFile = ./languages-frameworks/vim.md;
outputFile = "./languages-frameworks/vim.xml";

20
doc/functions.xml
View File

@ -133,7 +133,7 @@
<varname>stdenv.mkDerivation</varname>, are defined using this
function, which means most packages in the nixpkgs expression,
<varname>pkgs</varname>, have this function.
</para>
</para>
<para>
Example usage:
@ -228,7 +228,7 @@
] name)</code> from the <literal>INI</literal> generator. It gets the name
of a section and returns a sanitized name. The default
<literal>mkSectionName</literal> escapes <literal>[</literal> and
<literal>]</literal> with a backslash.
<literal>]</literal> with a backslash.
</para>
<note><para>Nix store paths can be converted to strings by enclosing a
@ -524,6 +524,22 @@
using its <varname>buildArgs</varname> attribute.
</para>
<note>
<para>
If you see errors similar to <literal>getProtocolByName: does not exist (no such protocol name: tcp)</literal>
you may need to add <literal>pkgs.iana-etc</literal> to <varname>contents</varname>.
</para>
</note>
<note>
<para>
If you see errors similar to <literal>Error_Protocol ("certificate has unknown CA",True,UnknownCa)</literal>
you may need to add <literal>pkgs.cacert</literal> to <varname>contents</varname>.
</para>
</note>
</section>
<section xml:id="ssec-pkgs-dockerTools-fetchFromRegistry">

9
doc/languages-frameworks/haskell.md
View File

@ -823,10 +823,10 @@ alternative implemention for Integer called
[integer-simple](http://hackage.haskell.org/package/integer-simple).
To get a GHC compiler build with `integer-simple` instead of `integer-gmp` use
the attribute: `pkgs.haskell.compiler.integer-simple."${ghcVersion}"`.
the attribute: `haskell.compiler.integer-simple."${ghcVersion}"`.
For example:
$ nix-build -E '(import <nixpkgs> {}).pkgs.haskell.compiler.integer-simple.ghc802'
$ nix-build -E '(import <nixpkgs> {}).haskell.compiler.integer-simple.ghc802'
...
$ result/bin/ghc-pkg list | grep integer
integer-simple-0.1.1.1
@ -838,7 +838,6 @@ The following command displays the complete list of GHC compilers build with `in
haskell.compiler.integer-simple.ghc7103 ghc-7.10.3
haskell.compiler.integer-simple.ghc722 ghc-7.2.2
haskell.compiler.integer-simple.ghc742 ghc-7.4.2
haskell.compiler.integer-simple.ghc763 ghc-7.6.3
haskell.compiler.integer-simple.ghc783 ghc-7.8.3
haskell.compiler.integer-simple.ghc784 ghc-7.8.4
haskell.compiler.integer-simple.ghc801 ghc-8.0.1
@ -846,10 +845,10 @@ The following command displays the complete list of GHC compilers build with `in
haskell.compiler.integer-simple.ghcHEAD ghc-8.1.20170106
To get a package set supporting `integer-simple` use the attribute:
`pkgs.haskell.packages.integer-simple."${ghcVersion}"`. For example
`haskell.packages.integer-simple."${ghcVersion}"`. For example
use the following to get the `scientific` package build with `integer-simple`:
$ nix-build -A pkgs.haskell.packages.integer-simple.ghc802.scientific
$ nix-build -A haskell.packages.integer-simple.ghc802.scientific
## Other resources

1
doc/languages-frameworks/index.xml
View File

@ -27,6 +27,7 @@ such as Perl or Haskell. These are described in this chapter.</para>
<xi:include href="qt.xml" />
<xi:include href="r.xml" /> <!-- generated from ../../pkgs/development/r-modules/README.md -->
<xi:include href="ruby.xml" />
<xi:include href="rust.xml" />
<xi:include href="texlive.xml" />
<xi:include href="vim.xml" />

397
doc/languages-frameworks/python.md
View File

@ -3,7 +3,7 @@
## User Guide
Several versions of Python are available on Nix as well as a high amount of
packages. The default interpreter is CPython 3.5.
packages. The default interpreter is CPython 2.7.
### Using Python
@ -74,7 +74,6 @@ can do is write a simple Nix expression which sets up an environment for you,
requiring you only to type `nix-shell`. Say we want to have Python 3.5, `numpy`
and `toolz`, like before, in an environment. With a `shell.nix` file
containing
```nix
with import <nixpkgs> {};
@ -101,22 +100,25 @@ On Nix all packages are built by functions. The main function in Nix for buildin
Let's see how we would build the `toolz` package. According to [`python-packages.nix`](https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/python-packages.nix) `toolz` is build using
```nix
toolz = buildPythonPackage rec{
name = "toolz-${version}";
version = "0.7.4";
{ # ...
src = pkgs.fetchurl{
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};
toolz = buildPythonPackage rec {
name = "toolz-${version}";
version = "0.7.4";
meta = {
homepage = "http://github.com/pytoolz/toolz/";
description = "List processing tools and functional utilities";
license = licenses.bsd3;
maintainers = with maintainers; [ fridh ];
src = pkgs.fetchurl {
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};
meta = {
homepage = "http://github.com/pytoolz/toolz/";
description = "List processing tools and functional utilities";
license = licenses.bsd3;
maintainers = with maintainers; [ fridh ];
};
};
};
}
```
What happens here? The function `buildPythonPackage` is called and as argument
@ -129,7 +131,7 @@ specify some (optional) [meta information](http://nixos.org/nixpkgs/manual/#chap
The output of the function is a derivation, which is an attribute with the name
`toolz` of the set `pythonPackages`. Actually, sets are created for all interpreter versions,
so `python27Packages`, `python34Packages`, `python35Packages` and `pypyPackages`.
so e.g. `python27Packages`, `python35Packages` and `pypyPackages`.
The above example works when you're directly working on
`pkgs/top-level/python-packages.nix` in the Nixpkgs repository. Often though,
@ -143,7 +145,7 @@ pkgs.python35Packages.buildPythonPackage rec {
name = "toolz-${version}";
version = "0.8.0";
src = pkgs.fetchurl{
src = pkgs.fetchurl {
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "e8451af61face57b7c5d09e71c0d27b8005f001ead56e9fdf470417e5cc6d479";
};
@ -174,7 +176,7 @@ with import <nixpkgs> {};
name = "toolz-${version}";
version = "0.8.0";
src = pkgs.fetchurl{
src = pkgs.fetchurl {
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "e8451af61face57b7c5d09e71c0d27b8005f001ead56e9fdf470417e5cc6d479";
};
@ -215,25 +217,28 @@ The following example shows which arguments are given to `buildPythonPackage` in
order to build [`datashape`](https://github.com/blaze/datashape).
```nix
datashape = buildPythonPackage rec {
name = "datashape-${version}";
version = "0.4.7";
{ # ...
src = pkgs.fetchurl {
url = "mirror://pypi/D/DataShape/${name}.tar.gz";
sha256 = "14b2ef766d4c9652ab813182e866f493475e65e558bed0822e38bf07bba1a278";
datashape = buildPythonPackage rec {
name = "datashape-${version}";
version = "0.4.7";
src = pkgs.fetchurl {
url = "mirror://pypi/D/DataShape/${name}.tar.gz";
sha256 = "14b2ef766d4c9652ab813182e866f493475e65e558bed0822e38bf07bba1a278";
};
buildInputs = with self; [ pytest ];
propagatedBuildInputs = with self; [ numpy multipledispatch dateutil ];
meta = {
homepage = https://github.com/ContinuumIO/datashape;
description = "A data description language";
license = licenses.bsd2;
maintainers = with maintainers; [ fridh ];
};
};
buildInputs = with self; [ pytest ];
propagatedBuildInputs = with self; [ numpy multipledispatch dateutil ];
meta = {
homepage = https://github.com/ContinuumIO/datashape;
description = "A data description language";
license = licenses.bsd2;
maintainers = with maintainers; [ fridh ];
};
};
}
```
We can see several runtime dependencies, `numpy`, `multipledispatch`, and
@ -247,23 +252,26 @@ Python bindings to `libxml2` and `libxslt`. These libraries are only required
when building the bindings and are therefore added as `buildInputs`.
```nix
lxml = buildPythonPackage rec {
name = "lxml-3.4.4";
{ # ...
src = pkgs.fetchurl {
url = "mirror://pypi/l/lxml/${name}.tar.gz";
sha256 = "16a0fa97hym9ysdk3rmqz32xdjqmy4w34ld3rm3jf5viqjx65lxk";
lxml = buildPythonPackage rec {
name = "lxml-3.4.4";
src = pkgs.fetchurl {
url = "mirror://pypi/l/lxml/${name}.tar.gz";
sha256 = "16a0fa97hym9ysdk3rmqz32xdjqmy4w34ld3rm3jf5viqjx65lxk";
};
buildInputs = with self; [ pkgs.libxml2 pkgs.libxslt ];
meta = {
description = "Pythonic binding for the libxml2 and libxslt libraries";
homepage = http://lxml.de;
license = licenses.bsd3;
maintainers = with maintainers; [ sjourdois ];
};
};
buildInputs = with self; [ pkgs.libxml2 pkgs.libxslt ];
meta = {
description = "Pythonic binding for the libxml2 and libxslt libraries";
homepage = http://lxml.de;
license = licenses.bsd3;
maintainers = with maintainers; [ sjourdois ];
};
};
}
```
In this example `lxml` and Nix are able to work out exactly where the relevant
@ -277,33 +285,37 @@ find each of them in a different folder, and therefore we have to set `LDFLAGS`
and `CFLAGS`.
```nix
pyfftw = buildPythonPackage rec {
name = "pyfftw-${version}";
version = "0.9.2";
{ # ...
src = pkgs.fetchurl {
url = "mirror://pypi/p/pyFFTW/pyFFTW-${version}.tar.gz";
sha256 = "f6bbb6afa93085409ab24885a1a3cdb8909f095a142f4d49e346f2bd1b789074";
pyfftw = buildPythonPackage rec {
name = "pyfftw-${version}";
version = "0.9.2";
src = pkgs.fetchurl {
url = "mirror://pypi/p/pyFFTW/pyFFTW-${version}.tar.gz";
sha256 = "f6bbb6afa93085409ab24885a1a3cdb8909f095a142f4d49e346f2bd1b789074";
};
buildInputs = [ pkgs.fftw pkgs.fftwFloat pkgs.fftwLongDouble];
propagatedBuildInputs = with self; [ numpy scipy ];
# Tests cannot import pyfftw. pyfftw works fine though.
doCheck = false;
preConfigure = ''
export LDFLAGS="-L${pkgs.fftw.dev}/lib -L${pkgs.fftwFloat.out}/lib -L${pkgs.fftwLongDouble.out}/lib"
export CFLAGS="-I${pkgs.fftw.dev}/include -I${pkgs.fftwFloat.dev}/include -I${pkgs.fftwLongDouble.dev}/include"
'';
meta = {
description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
homepage = http://hgomersall.github.com/pyFFTW/;
license = with licenses; [ bsd2 bsd3 ];
maintainer = with maintainers; [ fridh ];
};
};
buildInputs = [ pkgs.fftw pkgs.fftwFloat pkgs.fftwLongDouble];
propagatedBuildInputs = with self; [ numpy scipy ];
# Tests cannot import pyfftw. pyfftw works fine though.
doCheck = false;
LDFLAGS="-L${pkgs.fftw.dev}/lib -L${pkgs.fftwFloat.out}/lib -L${pkgs.fftwLongDouble.out}/lib"
CFLAGS="-I${pkgs.fftw.dev}/include -I${pkgs.fftwFloat.dev}/include -I${pkgs.fftwLongDouble.dev}/include"
'';
meta = {
description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
homepage = http://hgomersall.github.com/pyFFTW/;
license = with licenses; [ bsd2 bsd3 ];
maintainer = with maintainers; [ fridh ];
};
};
}
```
Note also the line `doCheck = false;`, we explicitly disabled running the test-suite.
@ -316,10 +328,7 @@ That way, you can run updated code without having to reinstall after each and ev
Development mode is also available. Let's see how you can use it.
In the previous Nix expression the source was fetched from an url. We can also refer to a local source instead using
```nix
src = ./path/to/source/tree;
```
`src = ./path/to/source/tree;`
If we create a `shell.nix` file which calls `buildPythonPackage`, and if `src`
is a local source, and if the local source has a `setup.py`, then development
@ -338,7 +347,7 @@ buildPythonPackage rec {
name = "mypackage";
src = ./path/to/package/source;
propagatedBuildInputs = [ pytest numpy pkgs.libsndfile ];
};
}
```
It is important to note that due to how development mode is implemented on Nix it is not possible to have multiple packages simultaneously in development mode.
@ -371,7 +380,7 @@ buildPythonPackage rec {
name = "toolz-${version}";
version = "0.7.4";
src = pkgs.fetchurl{
src = pkgs.fetchurl {
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};
@ -382,7 +391,7 @@ buildPythonPackage rec {
license = licenses.bsd3;
maintainers = with maintainers; [ fridh ];
};
};
}
```
It takes two arguments, `pkgs` and `buildPythonPackage`.
@ -392,7 +401,10 @@ We now call this function using `callPackage` in the definition of our environme
with import <nixpkgs> {};
( let
toolz = pkgs.callPackage ~/path/to/toolz/release.nix { pkgs=pkgs; buildPythonPackage=pkgs.python35Packages.buildPythonPackage; };
toolz = pkgs.callPackage /path/to/toolz/release.nix {
pkgs = pkgs;
buildPythonPackage = pkgs.python35Packages.buildPythonPackage;
};
in pkgs.python35.withPackages (ps: [ ps.numpy toolz ])
).env
```
@ -410,8 +422,8 @@ and in this case the `python35` interpreter is automatically used.
### Interpreters
Versions 2.6, 2.7, 3.3, 3.4 and 3.5 of the CPython interpreter are available as respectively
`python26`, `python27`, `python33`, `python34` and `python35`. The PyPy interpreter
Versions 2.7, 3.3, 3.4, 3.5 and 3.6 of the CPython interpreter are available as
respectively `python27`, `python33`, `python34`, `python35` and `python36`. The PyPy interpreter
is available as `pypy`. The aliases `python2` and `python3` correspond to respectively `python27` and
`python35`. The default interpreter, `python`, maps to `python2`.
The Nix expressions for the interpreters can be found in
@ -460,6 +472,7 @@ sets are
* `pkgs.python33Packages`
* `pkgs.python34Packages`
* `pkgs.python35Packages`
* `pkgs.python36Packages`
* `pkgs.pypyPackages`
and the aliases
@ -474,22 +487,27 @@ The `buildPythonPackage` function is implemented in
`pkgs/development/interpreters/python/build-python-package.nix`
The following is an example:
```nix
{ # ...
twisted = buildPythonPackage {
name = "twisted-8.1.0";
twisted = buildPythonPackage {
name = "twisted-8.1.0";
src = pkgs.fetchurl {
url = http://tmrc.mit.edu/mirror/twisted/Twisted/8.1/Twisted-8.1.0.tar.bz2;
sha256 = "0q25zbr4xzknaghha72mq57kh53qw1bf8csgp63pm9sfi72qhirl";
};
src = pkgs.fetchurl {
url = http://tmrc.mit.edu/mirror/twisted/Twisted/8.1/Twisted-8.1.0.tar.bz2;
sha256 = "0q25zbr4xzknaghha72mq57kh53qw1bf8csgp63pm9sfi72qhirl";
};
propagatedBuildInputs = [ self.ZopeInterface ];
propagatedBuildInputs = [ self.ZopeInterface ];
meta = {
homepage = http://twistedmatrix.com/;
description = "Twisted, an event-driven networking engine written in Python";
license = stdenv.lib.licenses.mit; };
};
meta = {
homepage = http://twistedmatrix.com/;
description = "Twisted, an event-driven networking engine written in Python";
license = stdenv.lib.licenses.mit;
};
};
}
```
The `buildPythonPackage` mainly does four things:
@ -539,29 +557,32 @@ Because with an application we're not interested in multiple version the prefix
Python environments can be created using the low-level `pkgs.buildEnv` function.
This example shows how to create an environment that has the Pyramid Web Framework.
Saving the following as `default.nix`
```nix
with import <nixpkgs> {};
with import <nixpkgs> {};
python.buildEnv.override {
extraLibs = [ pkgs.pythonPackages.pyramid ];
ignoreCollisions = true;
}
python.buildEnv.override {
extraLibs = [ pkgs.pythonPackages.pyramid ];
ignoreCollisions = true;
}
```
and running `nix-build` will create
/nix/store/cf1xhjwzmdki7fasgr4kz6di72ykicl5-python-2.7.8-env
```
/nix/store/cf1xhjwzmdki7fasgr4kz6di72ykicl5-python-2.7.8-env
```
with wrapped binaries in `bin/`.
You can also use the `env` attribute to create local environments with needed
packages installed. This is somewhat comparable to `virtualenv`. For example,
running `nix-shell` with the following `shell.nix`
```nix
with import <nixpkgs> {};
with import <nixpkgs> {};
(python3.buildEnv.override {
extraLibs = with python3Packages; [ numpy requests2 ];
}).env
(python3.buildEnv.override {
extraLibs = with python3Packages; [ numpy requests2 ];
}).env
```
will drop you into a shell where Python will have the
specified packages in its path.
@ -576,30 +597,33 @@ specified packages in its path.
#### python.withPackages function
The `python.withPackages` function provides a simpler interface to the `python.buildEnv` functionality.
It takes a function as an argument that is passed the set of python packages and returns the list
It takes a function as an argument that is passed the set of python packages and returns the list
of the packages to be included in the environment. Using the `withPackages` function, the previous
example for the Pyramid Web Framework environment can be written like this:
```nix
with import <nixpkgs> {};
with import <nixpkgs> {};
python.withPackages (ps: [ps.pyramid])
```
python.withPackages (ps: [ps.pyramid])
`withPackages` passes the correct package set for the specific interpreter version as an
`withPackages` passes the correct package set for the specific interpreter version as an
argument to the function. In the above example, `ps` equals `pythonPackages`.
But you can also easily switch to using python3:
with import <nixpkgs> {};
```nix
with import <nixpkgs> {};
python3.withPackages (ps: [ps.pyramid])
python3.withPackages (ps: [ps.pyramid])
```
Now, `ps` is set to `python3Packages`, matching the version of the interpreter.
As `python.withPackages` simply uses `python.buildEnv` under the hood, it also supports the `env`
attribute. The `shell.nix` file from the previous section can thus be also written like this:
```nix
with import <nixpkgs> {};
with import <nixpkgs> {};
(python33.withPackages (ps: [ps.numpy ps.requests2])).env
(python33.withPackages (ps: [ps.numpy ps.requests2])).env
```
In contrast to `python.buildEnv`, `python.withPackages` does not support the more advanced options
such as `ignoreCollisions = true` or `postBuild`. If you need them, you have to use `python.buildEnv`.
@ -613,22 +637,24 @@ install -e . --prefix $TMPDIR/`for the package.
Warning: `shellPhase` is executed only if `setup.py` exists.
Given a `default.nix`:
```nix
with import <nixpkgs> {};
with import <nixpkgs> {};
buildPythonPackage { name = "myproject";
buildPythonPackage { name = "myproject";
buildInputs = with pkgs.pythonPackages; [ pyramid ];
buildInputs = with pkgs.pythonPackages; [ pyramid ];
src = ./.; }
src = ./.; }
```
Running `nix-shell` with no arguments should give you
the environment in which the package would be built with
`nix-build`.
Shortcut to setup environments with C headers/libraries and python packages:
$ nix-shell -p pythonPackages.pyramid zlib libjpeg git
```shell
nix-shell -p pythonPackages.pyramid zlib libjpeg git
```
Note: There is a boolean value `lib.inNixShell` set to `true` if nix-shell is invoked.
@ -641,6 +667,19 @@ community to help save time. No tool is preferred at the moment.
- [pypi2nix](https://github.com/garbas/pypi2nix) by Rok Garbas
- [pypi2nix](https://github.com/offlinehacker/pypi2nix) by Jaka Hudoklin
### Deterministic builds
Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly.
Minor modifications had to be made to the interpreters in order to generate
deterministic bytecode. This has security implications and is relevant for
those using Python in a `nix-shell`.
When the environment variable `DETERMINISTIC_BUILD` is set, all bytecode will have timestamp 1.
The `buildPythonPackage` function sets `DETERMINISTIC_BUILD=1` and
[PYTHONHASHSEED=0](https://docs.python.org/3.5/using/cmdline.html#envvar-PYTHONHASHSEED).
Both are also exported in `nix-shell`.
## FAQ
### How can I install a working Python environment?
@ -663,7 +702,7 @@ with import <nixpkgs> {};
pkgs.python35.withPackages (ps: with ps; [ numpy ipython ])
```
and install it in your profile with
```
```shell
nix-env -if build.nix
```
Now you can use the Python interpreter, as well as the extra packages that you added to the environment.
@ -671,15 +710,19 @@ Now you can use the Python interpreter, as well as the extra packages that you a
#### Environment defined in `~/.nixpkgs/config.nix`
If you prefer to, you could also add the environment as a package override to the Nixpkgs set.
```
```nix
{ # ...
packageOverrides = pkgs: with pkgs; {
myEnv = python35.withPackages (ps: with ps; [ numpy ipython ]);
};
}
```
and install it in your profile with
```
```shell
nix-env -iA nixpkgs.myEnv
```
We're installing using the attribute path and assume the channels is named `nixpkgs`.
Note that I'm using the attribute path here.
@ -688,9 +731,12 @@ Note that I'm using the attribute path here.
For the sake of completeness, here's another example how to install the environment system-wide.
```nix
environment.systemPackages = with pkgs; [
(python35.withPackages(ps: with ps; [ numpy ipython ]))
];
{ # ...
environment.systemPackages = with pkgs; [
(python35.withPackages(ps: with ps; [ numpy ipython ]))
];
}
```
### How to solve circular dependencies?
@ -727,19 +773,18 @@ All packages in the Python package set will now use the updated `scipy` version.
```nix
with import <nixpkgs> {};
(
let
packageOverrides = self: super: {
scipy = super.scipy_0_17;
};
in (pkgs.python35.override {inherit packageOverrides;}).withPackages (ps: [ps.blaze])
( let
packageOverrides = self: super: {
scipy = super.scipy_0_17;
};
in (pkgs.python35.override {inherit packageOverrides;}).withPackages (ps: [ps.blaze])
).env
```
The requested package `blaze` depends on `pandas` which itself depends on `scipy`.
If you want the whole of Nixpkgs to use your modifications, then you can use `overlays`
as explained in this manual. In the following example we build a `inkscape` using a different version of `numpy`.
```
```nix
let
pkgs = import <nixpkgs> {};
newpkgs = import pkgs.path { overlays = [ (pkgsself: pkgssuper: {
@ -762,32 +807,32 @@ This is because files are included that depend on items in the Nix store which h
The command `bdist_wheel` takes into account `SOURCE_DATE_EPOCH`, and `nix-shell` sets this to 1. By setting it to a value corresponding to 1980 or later, or by unsetting it, it is possible to build wheels.
Use 1980 as timestamp:
```
```shell
nix-shell --run "SOURCE_DATE_EPOCH=315532800 python3 setup.py bdist_wheel"
```
or the current time:
```
```shell
nix-shell --run "SOURCE_DATE_EPOCH=$(date +%s) python3 setup.py bdist_wheel"
```
or unset:
```
```shell
nix-shell --run "unset SOURCE_DATE_EPOCH; python3 setup.py bdist_wheel"
```
### `install_data` / `data_files` problems
If you get the following error:
could not create '/nix/store/6l1bvljpy8gazlsw2aw9skwwp4pmvyxw-python-2.7.8/etc':
Permission denied
This is a [known bug](https://github.com/pypa/setuptools/issues/130) in setuptools.
```
could not create '/nix/store/6l1bvljpy8gazlsw2aw9skwwp4pmvyxw-python-2.7.8/etc':
Permission denied
```
This is a [known bug](https://github.com/pypa/setuptools/issues/130) in `setuptools`.
Setuptools `install_data` does not respect `--prefix`. An example of such package using the feature is `pkgs/tools/X11/xpra/default.nix`.
As workaround install it as an extra `preInstall` step:
${python.interpreter} setup.py install_data --install-dir=$out --root=$out
sed -i '/ = data\_files/d' setup.py
```shell
${python.interpreter} setup.py install_data --install-dir=$out --root=$out
sed -i '/ = data\_files/d' setup.py
```
### Rationale of non-existent global site-packages
@ -811,11 +856,11 @@ and install python modules through `pip` the traditional way.
Create this `default.nix` file, together with a `requirements.txt` and simply execute `nix-shell`.
```
```nix
with import <nixpkgs> {};
with pkgs.python27Packages;
stdenv.mkDerivation {
stdenv.mkDerivation {
name = "impurePythonEnv";
buildInputs = [
# these packages are required for virtualenv and pip to work:
@ -823,10 +868,10 @@ stdenv.mkDerivation {
python27Full
python27Packages.virtualenv
python27Packages.pip
# the following packages are related to the dependencies of your python
# project.
# In this particular example the python modules listed in the
# requirements.tx require the following packages to be installed locally
# the following packages are related to the dependencies of your python
# project.
# In this particular example the python modules listed in the
# requirements.tx require the following packages to be installed locally
# in order to compile any binary extensions they may require.
#
taglib
@ -841,7 +886,7 @@ stdenv.mkDerivation {
shellHook = ''
# set SOURCE_DATE_EPOCH so that we can use python wheels
SOURCE_DATE_EPOCH=$(date +%s)
virtualenv --no-setuptools venv
virtualenv --no-setuptools venv
export PATH=$PWD/venv/bin:$PATH
pip install -r requirements.txt
'';
@ -849,10 +894,31 @@ stdenv.mkDerivation {
```
Note that the `pip install` is an imperative action. So every time `nix-shell`
is executed it will attempt to download the python modules listed in
is executed it will attempt to download the python modules listed in
requirements.txt. However these will be cached locally within the `virtualenv`
folder and not downloaded again.
### How to override a Python package from `configuration.nix`?
If you need to change a package's attribute(s) from `configuration.nix` you could do:
```nix
nixpkgs.config.packageOverrides = superP: {
pythonPackages = superP.pythonPackages.override {
overrides = self: super: {
bepasty-server = super.bepasty-server.overrideAttrs ( oldAttrs: {
src = pkgs.fetchgit {
url = "https://github.com/bepasty/bepasty-server";
sha256 = "9ziqshmsf0rjvdhhca55sm0x8jz76fsf2q4rwh4m6lpcf8wr0nps";
rev = "e2516e8cf4f2afb5185337073607eb9e84a61d2d";
};
});
};
};
};
```
If you are using the `bepasty-server` package somewhere, for example in `systemPackages` or indirectly from `services.bepasty`, then a `nixos-rebuild switch` will rebuild the system but with the `bepasty-server` package using a different `src` attribute. This way one can modify `python` based software/libraries easily. Using `self` and `super` one can also alter dependencies (`buildInputs`) between the old state (`self`) and new state (`super`).
## Contributing
@ -860,7 +926,8 @@ folder and not downloaded again.
Following rules are desired to be respected:
* Make sure package builds for all python interpreters. Use `disabled` argument to `buildPythonPackage` to set unsupported interpreters.
* If tests need to be disabled for a package, make sure you leave a comment about reasoning.
* Packages in `pkgs/top-level/python-packages.nix` are sorted quasi-alphabetically to avoid merge conflicts.
* Python libraries are supposed to be in `python-packages.nix` and packaged with `buildPythonPackage`. Python applications live outside of `python-packages.nix` and are packaged with `buildPythonApplication`.
* Python libraries are supposed to be called from `python-packages.nix` and packaged with `buildPythonPackage`. The expression of a library should be in `pkgs/development/python-modules/<name>/default.nix`. Libraries in `pkgs/top-level/python-packages.nix` are sorted quasi-alphabetically to avoid merge conflicts.
* Python applications live outside of `python-packages.nix` and are packaged with `buildPythonApplication`.
* Make sure libraries build for all Python interpreters.
* By default we enable tests. Make sure the tests are found and, in the case of libraries, are passing for all interpreters. If certain tests fail they can be disabled individually. Try to avoid disabling the tests altogether. In any case, when you disable tests, leave a comment explaining why.
* Commit names of Python libraries should include `pythonPackages`, for example `pythonPackages.numpy: 1.11 -> 1.12`.

56
doc/languages-frameworks/qt.xml
View File

@ -2,67 +2,31 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="sec-language-qt">
<title>Qt</title>
<title>Qt and KDE</title>
<para>The information in this section applies to Qt 5.5 and later.</para>
<para>Qt is an application development toolkit for C++. Although it is
not a distinct programming language, there are special considerations
for packaging Qt-based programs and libraries. A small set of tools
and conventions has grown out of these considerations.</para>
<para>Qt is a comprehensive desktop and mobile application development toolkit for C++. Legacy support is available for Qt 3 and Qt 4, but all current development uses Qt 5. The Qt 5 packages in Nixpkgs are updated frequently to take advantage of new features, but older versions are typically retained to support packages that may not be compatible with the latest version. When packaging applications and libraries for Nixpkgs, it is important to ensure that compatible versions of Qt 5 are used throughout; this consideration motivates the tools described below.</para>
<section xml:id="ssec-qt-libraries"><title>Libraries</title>
<para>Packages that provide libraries should be listed in
<varname>qt5LibsFun</varname> so that the library is built with each
Qt version. A set of packages is provided for each version of Qt; for
example, <varname>qt5Libs</varname> always provides libraries built
with the latest version, <varname>qt55Libs</varname> provides
libraries built with Qt 5.5, and so on. To avoid version conflicts, no
top-level attributes are created for these packages.</para>
<para>Libraries that depend on Qt 5 should be built with each available version to avoid linking a dependent package against incompatible versions of Qt 5. (Although Qt 5 maintains backward ABI compatibility, linking against multiple versions at once is generally not possible; at best it will lead to runtime faults.) Packages that provide libraries should be added to the top-level function <varname>mkLibsForQt5</varname>, which is used to build a set of libraries for every Qt 5 version. The <varname>callPackage</varname> provided in this scope will ensure that only one Qt version will be used throughout the dependency tree. Dependencies should be imported unqualified, i.e. <literal>qtbase</literal> not <literal>qt5.qtbase</literal>, so that <varname>callPackage</varname> can do its work. <emphasis>Do not</emphasis> import a package set such as <literal>qt5</literal> or <literal>libsForQt5</literal> into your package; although it may work fine in the moment, it could well break at the next Qt update.</para>
<para>If a library does not support a particular version of Qt 5, it is best to mark it as broken by setting its <literal>meta.broken</literal> attribute. A package may be marked broken for certain versions by testing the <literal>qtbase.version</literal> attribute, which will always give the current Qt 5 version.</para>
</section>
<section xml:id="ssec-qt-programs"><title>Programs</title>
<section xml:id="ssec-qt-applications"><title>Applications</title>
<para>Application packages do not need to be built with every Qt
version. To ensure consistency between the package's dependencies,
call the package with <literal>qt5Libs.callPackage</literal> instead
of the usual <literal>callPackage</literal>. An older version may be
selected in case of incompatibility. For example, to build with Qt
5.5, call the package with
<literal>qt55Libs.callPackage</literal>.</para>
<para>Applications generally do not need to be built with every Qt version because they do not provide any libraries for dependent packages to link against. The primary consideration is merely ensuring that the application itself and its dependencies are linked against only one version of Qt. To call your application expression, use <literal>libsForQt5.callPackage</literal> instead of <literal>callPackage</literal>. Dependencies should be imported unqualified, i.e. <literal>qtbase</literal> not <literal>qt5.qtbase</literal>. <emphasis>Do not</emphasis> import a package set such as <literal>qt5</literal> or <literal>libsForQt5</literal> into your package; although it may work fine in the moment, it could well break at the next Qt update.</para>
<para>Several environment variables must be set at runtime for Qt
applications to function correctly, including:</para>
<para>It is generally best to build an application package against the <varname>libsForQt5</varname> library set. In case a package does not build with the latest Qt version, it is possible to pick a set pinned to a particular version, e.g. <varname>libsForQt55</varname> for Qt 5.5, if that is the latest version the package supports.</para>
<itemizedlist>
<listitem><para><envar>QT_PLUGIN_PATH</envar></para></listitem>
<listitem><para><envar>QML_IMPORT_PATH</envar></para></listitem>
<listitem><para><envar>QML2_IMPORT_PATH</envar></para></listitem>
<listitem><para><envar>XDG_DATA_DIRS</envar></para></listitem>
</itemizedlist>
<para>To ensure that these are set correctly, the program must be wrapped by
invoking <literal>wrapQtProgram <replaceable>program</replaceable></literal>
during installation (for example, during
<literal>fixupPhase</literal>). <literal>wrapQtProgram</literal>
accepts the same options as <literal>makeWrapper</literal>.
</para>
<para>Qt-based applications require that several paths be set at runtime. This is accomplished by wrapping the provided executables in a package with <literal>wrapQtProgram</literal> or <literal>makeQtWrapper</literal> during the <literal>postFixup</literal> phase. To use the wrapper generators, add <literal>makeQtWrapper</literal> to <literal>nativeBuildInputs</literal>. The wrapper generators support the same options as <literal>wrapProgram</literal> and <literal>makeWrapper</literal> respectively. It is usually only necessary to generate wrappers for programs intended to be invoked by the user.</para>
</section>
<section xml:id="ssec-qt-kde"><title>KDE</title>
<para>Many of the considerations above also apply to KDE packages,
especially the need to set the correct environment variables at
runtime. To ensure that this is done, invoke <literal>wrapKDEProgram
<replaceable>program</replaceable></literal> during
installation. <literal>wrapKDEProgram</literal> also generates a
<literal>ksycoca</literal> database so that required data and services
can be found. Like its Qt counterpart,
<literal>wrapKDEProgram</literal> accepts the same options as
<literal>makeWrapper</literal>.</para>
<para>The KDE Frameworks are a set of libraries for Qt 5 which form the basis of the Plasma desktop environment and the KDE Applications suite. Packaging a Frameworks-based library does not require any steps beyond those described above for general Qt-based libraries. Frameworks-based applications should not use <literal>makeQtWrapper</literal>; instead, use <literal>kdeWrapper</literal> to create the necessary wrappers: <literal>kdeWrapper { unwrapped = <replaceable>expr</replaceable>; targets = <replaceable>exes</replaceable>; }</literal>, where <replaceable>expr</replaceable> is the un-wrapped package expression and <replaceable>exes</replaceable> is a list of strings giving the relative paths to programs in the package which should be wrapped.</para>
</section>

91
doc/languages-frameworks/rust.md Normal file
View File

@ -0,0 +1,91 @@
---
title: Rust
author: Matthias Beyer
date: 2017-03-05
---
# User's Guide to the Rust Infrastructure
To install the rust compiler and cargo put
```
rustStable.rustc
rustStable.cargo
```
into the `environment.systemPackages` or bring them into scope with
`nix-shell -p rustStable.rustc -p rustStable.cargo`.
There are also `rustBeta` and `rustNightly` package sets available.
These are not updated very regulary. For daily builds see
[Using the Rust nightlies overlay](#using-the-rust-nightlies-overlay)
## Packaging Rust applications
Rust applications are packaged by using the `buildRustPackage` helper from `rustPlatform`:
```
with rustPlatform;
buildRustPackage rec {
name = "ripgrep-${version}";
version = "0.4.0";
src = fetchFromGitHub {
owner = "BurntSushi";
repo = "ripgrep";
rev = "${version}";
sha256 = "0y5d1n6hkw85jb3rblcxqas2fp82h3nghssa4xqrhqnz25l799pj";
};
depsSha256 = "0q68qyl2h6i0qsz82z840myxlnjay8p1w5z7hfyr8fqp7wgwa9cx";
meta = with stdenv.lib; {
description = "A utility that combines the usability of The Silver Searcher with the raw speed of grep";
homepage = https://github.com/BurntSushi/ripgrep;
license = with licenses; [ unlicense ];
maintainers = [ maintainers.tailhook ];
platforms = platforms.all;
};
}
```
`buildRustPackage` requires a `depsSha256` attribute which is computed over
all crate sources of this package. Currently it is obtained by inserting a
fake checksum into the expression and building the package once. The correct
checksum can be then take from the failed build.
To install crates with nix there is also an experimental project called
[nixcrates](https://github.com/fractalide/nixcrates).
## Using the Rust nightlies overlay
Mozilla provides an overlay for nixpkgs to bring a nightly version of Rust into scope.
This overlay can _also_ be used to install recent unstable or stable versions
of Rust, if desired.
To use this overlay, clone
[nixpkgs-mozilla](https://github.com/mozilla/nixpkgs-mozilla),
and create a symbolic link to the file
[rust-overlay.nix](https://github.com/mozilla/nixpkgs-mozilla/blob/master/rust-overlay.nix)
in the `~/.config/nixpkgs/overlays` directory.
$ git clone https://github.com/mozilla/nixpkgs-mozilla.git
$ mkdir -p ~/.config/nixpkgs/overlays
$ ln -s $(pwd)/nixpkgs-mozilla/rust-overlay.nix ~/.config/nixpkgs/overlays/rust-overlay.nix
The latest version can be installed with the following command:
$ nix-env -Ai nixos.rustChannels.stable.rust
Or using the attribute with nix-shell:
$ nix-shell -p nixos.rustChannels.stable.rust
To install the beta or nightly channel, "stable" should be substituted by
"nightly" or "beta", or
use the function provided by this overlay to pull a version based on a
build date.
The overlay automatically updates itself as it uses the same source as
[rustup](https://www.rustup.rs/).

4
doc/overlays.xml
View File

@ -34,7 +34,7 @@ first one present is considered, and all the rest are ignored:
<listitem>
<para>In the directory <filename>~/.nixpkgs/overlays/</filename>.</para>
<para>In the directory <filename>~/.config/nixpkgs/overlays/</filename>.</para>
</listitem>
</orderedlist>
@ -50,7 +50,7 @@ the same recipe. In the case where overlays are loaded from a directory, they ar
alphabetical order.</para>
<para>To install an overlay using the last option, you can clone the overlay's repository and add
a symbolic link to it in <filename>~/.nixpkgs/overlays/</filename> directory.</para>
a symbolic link to it in <filename>~/.config/nixpkgs/overlays/</filename> directory.</para>
</section>

4
lib/attrsets.nix
View File

@ -1,12 +1,12 @@
# Operations on attribute sets.
with {
let
inherit (builtins) head tail length;
inherit (import ./trivial.nix) or;
inherit (import ./default.nix) fold;
inherit (import ./strings.nix) concatStringsSep;
inherit (import ./lists.nix) concatMap concatLists all deepSeqList;
};
in
rec {
inherit (builtins) attrNames listToAttrs hasAttr isAttrs getAttr;

6
lib/composable-derivation.nix
View File

@ -1,4 +1,4 @@
{lib, pkgs} :
{lib, pkgs}:
let inherit (lib) nv nvs; in
{
@ -19,7 +19,7 @@ let inherit (lib) nv nvs; in
# * vim_configurable
#
# A minimal example illustrating most features would look like this:
# let base = composableDerivation { (fixed : let inherit (fixed.fixed) name in {
# let base = composableDerivation { (fixed: let inherit (fixed.fixed) name in {
# src = fetchurl {
# }
# buildInputs = [A];
@ -79,7 +79,7 @@ let inherit (lib) nv nvs; in
# consider adding addtional elements by derivation.merge { removeAttrs = ["elem"]; };
removeAttrs ? ["cfg" "flags"]
}: (lib.defaultOverridableDelayableArgs ( a: mkDerivation a)
}: (lib.defaultOverridableDelayableArgs ( a: mkDerivation a)
{
inherit applyPreTidy removeAttrs;
}).merge;

7
lib/customisation.nix
View File

@ -177,9 +177,10 @@ rec {
let self = f self // {
newScope = scope: newScope (self // scope);
callPackage = self.newScope {};
override = g: makeScope newScope (self_:
let super = f self_;
in super // g super self_);
override = g:
makeScope newScope
(self_: let super = f self_; in super // g super self_);
packages = f;
};
in self;

14
lib/debug.nix
View File

@ -24,10 +24,10 @@ rec {
traceValSeq = v: traceVal (builtins.deepSeq v v);
# this can help debug your code as well - designed to not produce thousands of lines
traceShowVal = x : trace (showVal x) x;
traceShowVal = x: trace (showVal x) x;
traceShowValMarked = str: x: trace (str + showVal x) x;
attrNamesToStr = a : lib.concatStringsSep "; " (map (x : "${x}=") (attrNames a));
showVal = x :
attrNamesToStr = a: lib.concatStringsSep "; " (map (x: "${x}=") (attrNames a));
showVal = x:
if isAttrs x then
if x ? outPath then "x is a derivation, name ${if x ? name then x.name else "<no name>"}, { ${attrNamesToStr x} }"
else "x is attr set { ${attrNamesToStr x} }"
@ -43,9 +43,9 @@ rec {
# trace the arguments passed to function and its result
# maybe rewrite these functions in a traceCallXml like style. Then one function is enough
traceCall = n : f : a : let t = n2 : x : traceShowValMarked "${n} ${n2}:" x; in t "result" (f (t "arg 1" a));
traceCall2 = n : f : a : b : let t = n2 : x : traceShowValMarked "${n} ${n2}:" x; in t "result" (f (t "arg 1" a) (t "arg 2" b));
traceCall3 = n : f : a : b : c : let t = n2 : x : traceShowValMarked "${n} ${n2}:" x; in t "result" (f (t "arg 1" a) (t "arg 2" b) (t "arg 3" c));
traceCall = n: f: a: let t = n2: x: traceShowValMarked "${n} ${n2}:" x; in t "result" (f (t "arg 1" a));
traceCall2 = n: f: a: b: let t = n2: x: traceShowValMarked "${n} ${n2}:" x; in t "result" (f (t "arg 1" a) (t "arg 2" b));
traceCall3 = n: f: a: b: c: let t = n2: x: traceShowValMarked "${n} ${n2}:" x; in t "result" (f (t "arg 1" a) (t "arg 2" b) (t "arg 3" c));
# FIXME: rename this?
traceValIfNot = c: x:
@ -71,7 +71,7 @@ rec {
# create a test assuming that list elements are true
# usage: { testX = allTrue [ true ]; }
testAllTrue = expr : { inherit expr; expected = map (x: true) expr; };
testAllTrue = expr: { inherit expr; expected = map (x: true) expr; };
strict = v:
trace "Warning: strict is deprecated and will be removed in the next release"

5
lib/default.nix
View File

@ -34,6 +34,9 @@ let
sandbox = import ./sandbox.nix;
fetchers = import ./fetchers.nix;
# Eval-time filesystem handling
filesystem = import ./filesystem.nix;
in
{ inherit trivial
attrsets lists strings stringsWithDeps
@ -41,7 +44,7 @@ in
modules options types
licenses platforms systems
debug generators misc
sandbox fetchers;
sandbox fetchers filesystem;
}
# !!! don't include everything at top-level; perhaps only the most
# commonly used functions.

179
lib/deprecated.nix
View File

@ -16,23 +16,23 @@ rec {
defaultMergeArg = x : y: if builtins.isAttrs y then
y
else
else
(y x);
defaultMerge = x: y: x // (defaultMergeArg x y);
foldArgs = merger: f: init: x:
let arg=(merger init (defaultMergeArg init x));
# now add the function with composed args already applied to the final attrs
base = (setAttrMerge "passthru" {} (f arg)
( z : z // rec {
function = foldArgs merger f arg;
args = (lib.attrByPath ["passthru" "args"] {} z) // x;
foldArgs = merger: f: init: x:
let arg = (merger init (defaultMergeArg init x));
# now add the function with composed args already applied to the final attrs
base = (setAttrMerge "passthru" {} (f arg)
( z: z // rec {
function = foldArgs merger f arg;
args = (lib.attrByPath ["passthru" "args"] {} z) // x;
} ));
withStdOverrides = base // {
override = base.passthru.function;
} ;
withStdOverrides = base // {
override = base.passthru.function;
};
in
withStdOverrides;
withStdOverrides;
# predecessors: proposed replacement for applyAndFun (which has a bug cause it merges twice)
# the naming "overridableDelayableArgs" tries to express that you can
@ -49,35 +49,35 @@ rec {
#
# examples: see test cases "res" below;
overridableDelayableArgs =
f : # the function applied to the arguments
initial : # you pass attrs, the functions below are passing a function taking the fix argument
f: # the function applied to the arguments
initial: # you pass attrs, the functions below are passing a function taking the fix argument
let
takeFixed = if isFunction initial then initial else (fixed : initial); # transform initial to an expression always taking the fixed argument
tidy = args :
tidy = args:
let # apply all functions given in "applyPreTidy" in sequence
applyPreTidyFun = fold ( n : a : x : n ( a x ) ) lib.id (maybeAttr "applyPreTidy" [] args);
applyPreTidyFun = fold ( n: a: x: n ( a x ) ) lib.id (maybeAttr "applyPreTidy" [] args);
in removeAttrs (applyPreTidyFun args) ( ["applyPreTidy"] ++ (maybeAttr "removeAttrs" [] args) ); # tidy up args before applying them
fun = n : x :
let newArgs = fixed :
let args = takeFixed fixed;
mergeFun = args.${n};
in if isAttrs x then (mergeFun args x)
else assert isFunction x;
mergeFun args (x ( args // { inherit fixed; }));
in overridableDelayableArgs f newArgs;
fun = n: x:
let newArgs = fixed:
let args = takeFixed fixed;
mergeFun = args.${n};
in if isAttrs x then (mergeFun args x)
else assert isFunction x;
mergeFun args (x ( args // { inherit fixed; }));
in overridableDelayableArgs f newArgs;
in
(f (tidy (lib.fix takeFixed))) // {
merge = fun "mergeFun";
replace = fun "keepFun";
};
defaultOverridableDelayableArgs = f :
defaultOverridableDelayableArgs = f:
let defaults = {
mergeFun = mergeAttrByFunc; # default merge function. merge strategie (concatenate lists, strings) is given by mergeAttrBy
keepFun = a : b : { inherit (a) removeAttrs mergeFun keepFun mergeAttrBy; } // b; # even when using replace preserve these values
keepFun = a: b: { inherit (a) removeAttrs mergeFun keepFun mergeAttrBy; } // b; # even when using replace preserve these values
applyPreTidy = []; # list of functions applied to args before args are tidied up (usage case : prepareDerivationArgs)
mergeAttrBy = mergeAttrBy // {
applyPreTidy = a : b : a ++ b;
removeAttrs = a : b: a ++ b;
applyPreTidy = a: b: a ++ b;
removeAttrs = a: b: a ++ b;
};
removeAttrs = ["mergeFun" "keepFun" "mergeAttrBy" "removeAttrs" "fixed" ]; # before applying the arguments to the function make sure these names are gone
};
@ -86,7 +86,7 @@ rec {
# rec { # an example of how composedArgsAndFun can be used
# a = composedArgsAndFun (x : x) { a = ["2"]; meta = { d = "bar";}; };
# a = composedArgsAndFun (x: x) { a = ["2"]; meta = { d = "bar";}; };
# # meta.d will be lost ! It's your task to preserve it (eg using a merge function)
# b = a.passthru.function { a = [ "3" ]; meta = { d2 = "bar2";}; };
# # instead of passing/ overriding values you can use a merge function:
@ -119,7 +119,7 @@ rec {
else if val == true || val == false then false
else null;
# Return true only if there is an attribute and it is true.
checkFlag = attrSet: name:
if name == "true" then true else
@ -134,29 +134,29 @@ rec {
( attrByPath [name] (if checkFlag attrSet name then true else
if argList == [] then null else
let x = builtins.head argList; in
if (head x) == name then
if (head x) == name then
(head (tail x))
else (getValue attrSet
else (getValue attrSet
(tail argList) name)) attrSet );
# Input : attrSet, [[name default] ...], [ [flagname reqs..] ... ]
# Output : are reqs satisfied? It's asserted.
checkReqs = attrSet : argList : condList :
checkReqs = attrSet: argList: condList:
(
fold lib.and true
(map (x: let name = (head x) ; in
((checkFlag attrSet name) ->
fold lib.and true
(map (x: let name = (head x); in
((checkFlag attrSet name) ->
(fold lib.and true
(map (y: let val=(getValue attrSet argList y); in
(val!=null) && (val!=false))
(tail x))))) condList)) ;
(val!=null) && (val!=false))
(tail x))))) condList));
# This function has O(n^2) performance.
uniqList = {inputList, acc ? []} :
let go = xs : acc :
uniqList = { inputList, acc ? [] }:
let go = xs: acc:
if xs == []
then []
else let x = head xs;
@ -164,26 +164,26 @@ rec {
in y ++ go (tail xs) (y ++ acc);
in go inputList acc;
uniqListExt = {inputList, outputList ? [],
getter ? (x : x), compare ? (x: y: x==y)}:
uniqListExt = { inputList,
outputList ? [],
getter ? (x: x),
compare ? (x: y: x==y) }:
if inputList == [] then outputList else
let x=head inputList;
isX = y: (compare (getter y) (getter x));
newOutputList = outputList ++
(if any isX outputList then [] else [x]);
in uniqListExt {outputList=newOutputList;
inputList = (tail inputList);
inherit getter compare;
};
let x = head inputList;
isX = y: (compare (getter y) (getter x));
newOutputList = outputList ++
(if any isX outputList then [] else [x]);
in uniqListExt { outputList = newOutputList;
inputList = (tail inputList);
inherit getter compare;
};
condConcat = name: list: checker:
if list == [] then name else
if checker (head list) then
condConcat
(name + (head (tail list)))
(tail (tail list))
if checker (head list) then
condConcat
(name + (head (tail list)))
(tail (tail list))
checker
else condConcat
name (tail (tail list)) checker;
@ -202,12 +202,12 @@ rec {
in
work startSet [] [];
innerModifySumArgs = f: x: a: b: if b == null then (f a b) // x else
innerModifySumArgs = f: x: a: b: if b == null then (f a b) // x else
innerModifySumArgs f x (a // b);
modifySumArgs = f: x: innerModifySumArgs f x {};
innerClosePropagation = acc : xs :
innerClosePropagation = acc: xs:
if xs == []
then acc
else let y = head xs;
@ -227,31 +227,31 @@ rec {
closePropagation = list: (uniqList {inputList = (innerClosePropagation [] list);});
# calls a function (f attr value ) for each record item. returns a list
mapAttrsFlatten = f : r : map (attr: f attr r.${attr}) (attrNames r);
mapAttrsFlatten = f: r: map (attr: f attr r.${attr}) (attrNames r);
# attribute set containing one attribute
nvs = name : value : listToAttrs [ (nameValuePair name value) ];
nvs = name: value: listToAttrs [ (nameValuePair name value) ];
# adds / replaces an attribute of an attribute set
setAttr = set : name : v : set // (nvs name v);
setAttr = set: name: v: set // (nvs name v);
# setAttrMerge (similar to mergeAttrsWithFunc but only merges the values of a particular name)
# setAttrMerge "a" [] { a = [2];} (x : x ++ [3]) -> { a = [2 3]; }
# setAttrMerge "a" [] { } (x : x ++ [3]) -> { a = [ 3]; }
setAttrMerge = name : default : attrs : f :
# setAttrMerge "a" [] { a = [2];} (x: x ++ [3]) -> { a = [2 3]; }
# setAttrMerge "a" [] { } (x: x ++ [3]) -> { a = [ 3]; }
setAttrMerge = name: default: attrs: f:
setAttr attrs name (f (maybeAttr name default attrs));
# Using f = a : b = b the result is similar to //
# Using f = a: b = b the result is similar to //
# merge attributes with custom function handling the case that the attribute
# exists in both sets
mergeAttrsWithFunc = f : set1 : set2 :
fold (n: set : if set ? ${n}
mergeAttrsWithFunc = f: set1: set2:
fold (n: set: if set ? ${n}
then setAttr set n (f set.${n} set2.${n})
else set )
(set2 // set1) (attrNames set2);
# merging two attribute set concatenating the values of same attribute names
# eg { a = 7; } { a = [ 2 3 ]; } becomes { a = [ 7 2 3 ]; }
mergeAttrsConcatenateValues = mergeAttrsWithFunc ( a : b : (toList a) ++ (toList b) );
mergeAttrsConcatenateValues = mergeAttrsWithFunc ( a: b: (toList a) ++ (toList b) );
# merges attributes using //, if a name exisits in both attributes
# an error will be triggered unless its listed in mergeLists
@ -262,10 +262,10 @@ rec {
# ! deprecated, use mergeAttrByFunc instead
mergeAttrsNoOverride = { mergeLists ? ["buildInputs" "propagatedBuildInputs"],
overrideSnd ? [ "buildPhase" ]
} : attrs1 : attrs2 :
fold (n: set :
}: attrs1: attrs2:
fold (n: set:
setAttr set n ( if set ? ${n}
then # merge
then # merge
if elem n mergeLists # attribute contains list, merge them by concatenating
then attrs2.${n} ++ attrs1.${n}
else if elem n overrideSnd
@ -286,14 +286,14 @@ rec {
# { mergeAttrsBy = [...]; buildInputs = [ a b c d ]; }
# is used by prepareDerivationArgs, defaultOverridableDelayableArgs and can be used when composing using
# foldArgs, composedArgsAndFun or applyAndFun. Example: composableDerivation in all-packages.nix
mergeAttrByFunc = x : y :
mergeAttrByFunc = x: y:
let
mergeAttrBy2 = { mergeAttrBy=lib.mergeAttrs; }
mergeAttrBy2 = { mergeAttrBy = lib.mergeAttrs; }
// (maybeAttr "mergeAttrBy" {} x)
// (maybeAttr "mergeAttrBy" {} y); in
fold lib.mergeAttrs {} [
x y
(mapAttrs ( a : v : # merge special names using given functions
(mapAttrs ( a: v: # merge special names using given functions
if x ? ${a}
then if y ? ${a}
then v x.${a} y.${a} # both have attr, use merge func
@ -313,9 +313,9 @@ rec {
#
# This function is best explained by an example:
#
# {version ? "2.x"} :
# {version ? "2.x"}:
#
# mkDerivation (mergeAttrsByVersion "package-name" version
# mkDerivation (mergeAttrsByVersion "package-name" version
# { # version specific settings
# "git" = { src = ..; preConfigre = "autogen.sh"; buildInputs = [automake autoconf libtool]; };
# "2.x" = { src = ..; };
@ -346,21 +346,24 @@ rec {
# See misc.nix -> versionedDerivation
# discussion: nixpkgs: pull/310
mergeAttrsByVersion = name: version: attrsByVersion: base:
mergeAttrsByFuncDefaultsClean [ { name = "${name}-${version}"; } base (maybeAttr version (throw "bad version ${version} for ${name}") attrsByVersion)];
mergeAttrsByFuncDefaultsClean [ { name = "${name}-${version}"; }
base
(maybeAttr version (throw "bad version ${version} for ${name}") attrsByVersion)
];
# sane defaults (same name as attr name so that inherit can be used)
mergeAttrBy = # { buildInputs = concatList; [...]; passthru = mergeAttr; [..]; }
listToAttrs (map (n : nameValuePair n lib.concat)
listToAttrs (map (n: nameValuePair n lib.concat)
[ "nativeBuildInputs" "buildInputs" "propagatedBuildInputs" "configureFlags" "prePhases" "postAll" "patches" ])
// listToAttrs (map (n : nameValuePair n lib.mergeAttrs) [ "passthru" "meta" "cfg" "flags" ])
// listToAttrs (map (n : nameValuePair n (a: b: "${a}\n${b}") ) [ "preConfigure" "postInstall" ])
// listToAttrs (map (n: nameValuePair n lib.mergeAttrs) [ "passthru" "meta" "cfg" "flags" ])
// listToAttrs (map (n: nameValuePair n (a: b: "${a}\n${b}") ) [ "preConfigure" "postInstall" ])
;
# prepareDerivationArgs tries to make writing configurable derivations easier
# example:
# prepareDerivationArgs {
# mergeAttrBy = {
# myScript = x : y : x ++ "\n" ++ y;
# myScript = x: y: x ++ "\n" ++ y;
# };
# cfg = {
# readlineSupport = true;
@ -392,10 +395,10 @@ rec {
# TODO use args.mergeFun here as well?
prepareDerivationArgs = args:
let args2 = { cfg = {}; flags = {}; } // args;
flagName = name : "${name}Support";
cfgWithDefaults = (listToAttrs (map (n : nameValuePair (flagName n) false) (attrNames args2.flags)))
flagName = name: "${name}Support";
cfgWithDefaults = (listToAttrs (map (n: nameValuePair (flagName n) false) (attrNames args2.flags)))
// args2.cfg;
opts = attrValues (mapAttrs (a : v :
opts = attrValues (mapAttrs (a: v:
let v2 = if v ? set || v ? unset then v else { set = v; };
n = if cfgWithDefaults.${flagName a} then "set" else "unset";
attr = maybeAttr n {} v2; in

26
lib/filesystem.nix Normal file
View File

@ -0,0 +1,26 @@
{ # locateDominatingFile : RegExp
# -> Path
# -> Nullable { path : Path;
# matches : [ MatchResults ];
# }
# Find the first directory containing a file matching 'pattern'
# upward from a given 'file'.
# Returns 'null' if no directories contain a file matching 'pattern'.
locateDominatingFile = pattern: file:
let go = path:
let files = builtins.attrNames (builtins.readDir path);
matches = builtins.filter (match: match != null)
(map (builtins.match pattern) files);
in
if builtins.length matches != 0
then { inherit path matches; }
else if path == /.
then null
else go (dirOf path);
parent = dirOf file;
isDir =
let base = baseNameOf file;
type = (builtins.readDir parent).${base} or null;
in file == /. || type == "directory";
in go (if isDir then file else parent);
}

41
lib/lists.nix
View File

@ -16,17 +16,22 @@ rec {
*/
singleton = x: [x];
/* "Fold" a binary function `op' between successive elements of
`list' with `nul' as the starting value, i.e., `fold op nul [x_1
x_2 ... x_n] == op x_1 (op x_2 ... (op x_n nul))'. (This is
Haskell's foldr).
/* right fold a binary function `op' between successive elements of
`list' with `nul' as the starting value, i.e.,
`foldr op nul [x_1 x_2 ... x_n] == op x_1 (op x_2 ... (op x_n nul))'.
Type:
foldr :: (a -> b -> b) -> b -> [a] -> b
Example:
concat = fold (a: b: a + b) "z"
concat = foldr (a: b: a + b) "z"
concat [ "a" "b" "c" ]
=> "abcz"
# different types
strange = foldr (int: str: toString (int + 1) + str) "a"
strange [ 1 2 3 4 ]
=> "2345a"
*/
fold = op: nul: list:
foldr = op: nul: list:
let
len = length list;
fold' = n:
@ -35,13 +40,25 @@ rec {
else op (elemAt list n) (fold' (n + 1));
in fold' 0;
/* Left fold: `fold op nul [x_1 x_2 ... x_n] == op (... (op (op nul
x_1) x_2) ... x_n)'.
/* `fold' is an alias of `foldr' for historic reasons */
# FIXME(Profpatsch): deprecate?
fold = foldr;
/* left fold, like `foldr', but from the left:
`foldl op nul [x_1 x_2 ... x_n] == op (... (op (op nul x_1) x_2) ... x_n)`.
Type:
foldl :: (b -> a -> b) -> b -> [a] -> b
Example:
lconcat = foldl (a: b: a + b) "z"
lconcat [ "a" "b" "c" ]
=> "zabc"
# different types
lstrange = foldl (str: int: str + toString (int + 1)) ""
strange [ 1 2 3 4 ]
=> "a2345"
*/
foldl = op: nul: list:
let
@ -52,7 +69,7 @@ rec {
else op (foldl' (n - 1)) (elemAt list n);
in foldl' (length list - 1);
/* Strict version of foldl.
/* Strict version of `foldl'.
The difference is that evaluation is forced upon access. Usually used
with small whole results (in contract with lazily-generated list or large
@ -140,7 +157,7 @@ rec {
any isString [ 1 { } ]
=> false
*/
any = builtins.any or (pred: fold (x: y: if pred x then true else y) false);
any = builtins.any or (pred: foldr (x: y: if pred x then true else y) false);
/* Return true iff function `pred' returns true for all elements of
`list'.
@ -151,7 +168,7 @@ rec {
all (x: x < 3) [ 1 2 3 ]
=> false
*/
all = builtins.all or (pred: fold (x: y: if pred x then y else false) true);
all = builtins.all or (pred: foldr (x: y: if pred x then y else false) true);
/* Count how many times function `pred' returns true for the elements
of `list'.
@ -219,7 +236,7 @@ rec {
=> { right = [ 5 3 4 ]; wrong = [ 1 2 ]; }
*/
partition = builtins.partition or (pred:
fold (h: t:
foldr (h: t:
if pred h
then { right = [h] ++ t.right; wrong = t.wrong; }
else { right = t.right; wrong = [h] ++ t.wrong; }

36
lib/maintainers.nix
View File

@ -14,6 +14,7 @@
aboseley = "Adam Boseley <adam.boseley@gmail.com>";
abuibrahim = "Ruslan Babayev <ruslan@babayev.com>";
acowley = "Anthony Cowley <acowley@gmail.com>";
adelbertc = "Adelbert Chang <adelbertc@gmail.com>";
adev = "Adrien Devresse <adev@adev.name>";
Adjective-Object = "Maxwell Huang-Hobbs <mhuan13@gmail.com>";
adnelson = "Allen Nelson <ithinkican@gmail.com>";
@ -24,6 +25,7 @@
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
afranchuk = "Alex Franchuk <alex.franchuk@gmail.com>";
aherrmann = "Andreas Herrmann <andreash87@gmx.ch>";
ahmedtd = "Taahir Ahmed <ahmed.taahir@gmail.com>";
ak = "Alexander Kjeldaas <ak@formalprivacy.com>";
akaWolf = "Artjom Vejsel <akawolf0@gmail.com>";
akc = "Anders Claesson <akc@akc.is>";
@ -58,8 +60,8 @@
bachp = "Pascal Bach <pascal.bach@nextrem.ch>";
badi = "Badi' Abdul-Wahid <abdulwahidc@gmail.com>";
balajisivaraman = "Balaji Sivaraman<sivaraman.balaji@gmail.com>";
basvandijk = "Bas van Dijk <v.dijk.bas@gmail.com>";
Baughn = "Svein Ove Aas <sveina@gmail.com>";
bbenoist = "Baptist BENOIST <return_0@live.com>";
bcarrell = "Brandon Carrell <brandoncarrell@gmail.com>";
bcdarwin = "Ben Darwin <bcdarwin@gmail.com>";
bdimcheff = "Brandon Dimcheff <brandon@dimcheff.com>";
@ -71,6 +73,7 @@
bjg = "Brian Gough <bjg@gnu.org>";
bjornfor = "Bjørn Forsman <bjorn.forsman@gmail.com>";
bluescreen303 = "Mathijs Kwik <mathijs@bluescreen303.nl>";
bobakker = "Bo Bakker <bobakk3r@gmail.com>";
bobvanderlinden = "Bob van der Linden <bobvanderlinden@gmail.com>";
bodil = "Bodil Stokke <nix@bodil.org>";
boothead = "Ben Ford <ben@perurbis.com>";
@ -81,14 +84,15 @@
bzizou = "Bruno Bzeznik <Bruno@bzizou.net>";
c0dehero = "CodeHero <codehero@nerdpol.ch>";
calrama = "Moritz Maxeiner <moritz@ucworks.org>";
calvertvl = "Victor Calvert <calvertvl@gmail.com>";
campadrenalin = "Philip Horger <campadrenalin@gmail.com>";
canndrew = "Andrew Cann <shum@canndrew.org>";
carlsverre = "Carl Sverre <accounts@carlsverre.com>";
cdepillabout = "Dennis Gosnell <cdep.illabout@gmail.com>";
cfouche = "Chaddaï Fouché <chaddai.fouche@gmail.com>";
changlinli = "Changlin Li <mail@changlinli.com>";
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
chattered = "Phil Scott <me@philscotted.com>";
changlinli = "Changlin Li <mail@changlinli.com>";
choochootrain = "Hurshal Patel <hurshal@imap.cc>";
chris-martin = "Chris Martin <ch.martin@gmail.com>";
chrisjefferson = "Christopher Jefferson <chris@bubblescope.net>";
@ -102,6 +106,7 @@
codsl = "codsl <codsl@riseup.net>";
codyopel = "Cody Opel <codyopel@gmail.com>";
colemickens = "Cole Mickens <cole.mickens@gmail.com>";
colescott = "Cole Scott <colescottsf@gmail.com>";
copumpkin = "Dan Peebles <pumpkingod@gmail.com>";
corngood = "David McFarland <corngood@gmail.com>";
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
@ -133,12 +138,15 @@
dgonyeo = "Derek Gonyeo <derek@gonyeo.com>";
dipinhora = "Dipin Hora <dipinhora+github@gmail.com>";
dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
DmitryTsygankov = "Dmitry Tsygankov <dmitry.tsygankov@gmail.com>";
dmjio = "David Johnson <djohnson.m@gmail.com>";
dochang = "Desmond O. Chang <dochang@gmail.com>";
domenkozar = "Domen Kozar <domen@dev.si>";
doublec = "Chris Double <chris.double@double.co.nz>";
dpaetzel = "David Pätzel <david.a.paetzel@gmail.com>";
drets = "Dmytro Rets <dmitryrets@gmail.com>";
drewkett = "Andrew Burkett <burkett.andrew@gmail.com>";
dsferruzza = "David Sferruzza <david.sferruzza@gmail.com>";
dtzWill = "Will Dietz <nix@wdtz.org>";
e-user = "Alexander Kahl <nixos@sodosopa.io>";
ebzzry = "Rommel Martinez <ebzzry@gmail.com>";
@ -154,6 +162,7 @@
eleanor = "Dejan Lukan <dejan@proteansec.com>";
elitak = "Eric Litak <elitak@gmail.com>";
ellis = "Ellis Whitehead <nixos@ellisw.net>";
eperuffo = "Emanuele Peruffo <info@emanueleperuffo.com>";
epitrochoid = "Mabry Cervin <mpcervin@uncg.edu>";
ericbmerritt = "Eric Merritt <eric@afiniate.com>";
ericsagnes = "Eric Sagnes <eric.sagnes@gmail.com>";
@ -178,6 +187,7 @@
ftrvxmtrx = "Siarhei Zirukin <ftrvxmtrx@gmail.com>";
funfunctor = "Edward O'Callaghan <eocallaghan@alterapraxis.com>";
fuuzetsu = "Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>";
fuzzy-id = "Thomas Bach <hacking+nixos@babibo.de>";
fxfactorial = "Edgar Aroutiounian <edgar.factorial@gmail.com>";
gal_bolle = "Florent Becker <florent.becker@ens-lyon.org>";
garbas = "Rok Garbas <rok@garbas.si>";
@ -202,6 +212,7 @@
havvy = "Ryan Scheel <ryan.havvy@gmail.com>";
hbunke = "Hendrik Bunke <bunke.hendrik@gmail.com>";
hce = "Hans-Christian Esperer <hc@hcesperer.org>";
heel = "Sergii Paryzhskyi <parizhskiy@gmail.com>";
henrytill = "Henry Till <henrytill@gmail.com>";
hinton = "Tom Hinton <t@larkery.com>";
hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";
@ -209,9 +220,11 @@
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
igsha = "Igor Sharonov <igor.sharonov@gmail.com>";
ikervagyok = "Balázs Lengyel <ikervagyok@gmail.com>";
infinisil = "Silvan Mosberger <infinisil@icloud.com";
ivan-tkatchev = "Ivan Tkatchev <tkatchev@gmail.com>";
j-keck = "Jürgen Keck <jhyphenkeck@gmail.com>";
jagajaga = "Arseniy Seroka <ars.seroka@gmail.com>";
jansol = "Jan Solanti <jan.solanti@paivola.fi>";
javaguirre = "Javier Aguirre <contacto@javaguirre.net>";
jb55 = "William Casarin <bill@casarin.me>";
jbedo = "Justin Bedő <cu@cua0.org>";
@ -223,6 +236,7 @@
jgeerds = "Jascha Geerds <jascha@jgeerds.name>";
jgertm = "Tim Jaeger <jger.tm@gmail.com>";
jgillich = "Jakob Gillich <jakob@gillich.me>";
jhhuh = "Ji-Haeng Huh <jhhuh.note@gmail.com>";
jirkamarsik = "Jirka Marsik <jiri.marsik89@gmail.com>";
joachifm = "Joachim Fasting <joachifm@fastmail.fm>";
joamaki = "Jussi Maki <joamaki@gmail.com>";
@ -233,6 +247,7 @@
jonafato = "Jon Banafato <jon@jonafato.com>";
jpbernardy = "Jean-Philippe Bernardy <jeanphilippe.bernardy@gmail.com>";
jpierre03 = "Jean-Pierre PRUNARET <nix@prunetwork.fr>";
jpotier = "Martin Potier <jpo.contributes.to.nixos@marvid.fr>";
jraygauthier = "Raymond Gauthier <jraygauthier@gmail.com>";
juliendehos = "Julien Dehos <dehos@lisic.univ-littoral.fr>";
jwiegley = "John Wiegley <johnw@newartisans.com>";
@ -310,6 +325,7 @@
michalrus = "Michal Rus <m@michalrus.com>";
michelk = "Michel Kuhlmann <michel@kuhlmanns.info>";
mikefaille = "Michaël Faille <michael@faille.io>";
miltador = "Vasiliy Solovey <miltador@yandex.ua>";
mimadrid = "Miguel Madrid <mimadrid@ucm.es>";
mingchuan = "Ming Chuan <ming@culpring.com>";
mirdhyn = "Merlin Gaillard <mirdhyn@gmail.com>";
@ -340,9 +356,11 @@
nathan-gs = "Nathan Bijnens <nathan@nathan.gs>";
nckx = "Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>";
ndowens = "Nathan Owens <ndowens04@gmail.com>";
neeasade = "Nathan Isom <nathanisom27@gmail.com>";
nequissimus = "Tim Steinbach <tim@nequissimus.com>";
nfjinjing = "Jinjing Wang <nfjinjing@gmail.com>";
nhooyr = "Anmol Sethi <anmol@aubble.com>";
nickhu = "Nick Hu <me@nickhu.co.uk>";
nicknovitski = "Nick Novitski <nixpkgs@nicknovitski.com>";
nico202 = "Nicolò Balzarotti <anothersms@gmail.com>";
NikolaMandic = "Ratko Mladic <nikola@mandic.email>";
@ -351,6 +369,7 @@
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
np = "Nicolas Pouillard <np.nix@nicolaspouillard.fr>";
nslqqq = "Nikita Mikhailov <nslqqq@gmail.com>";
nthorne = "Niklas Thörne <notrupertthorne@gmail.com>";
obadz = "obadz <obadz-nixos@obadz.com>";
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
odi = "Oliver Dunkl <oliver.dunkl@gmail.com>";
@ -370,7 +389,9 @@
palo = "Ingolf Wanger <palipalo9@googlemail.com>";
paperdigits = "Mica Semrick <mica@silentumbrella.com>";
pashev = "Igor Pashev <pashev.igor@gmail.com>";
patternspandemic = "Brad Christensen <patternspandemic@live.com>";
pawelpacana = "Paweł Pacana <pawel.pacana@gmail.com>";
pbogdan = "Piotr Bogdan <ppbogdan@gmail.com>";
periklis = "theopompos@gmail.com";
pesterhazy = "Paulus Esterhazy <pesterhazy@gmail.com>";
peterhoeg = "Peter Hoeg <peter@hoeg.com>";
@ -380,12 +401,14 @@
Phlogistique = "Noé Rubinstein <noe.rubinstein@gmail.com>";
phreedom = "Evgeny Egorochkin <phreedom@yandex.ru>";
phunehehe = "Hoang Xuan Phu <phunehehe@gmail.com>";
pierrer = "Pierre Radermecker <pierrer@pi3r.be>";
pierron = "Nicolas B. Pierron <nixos@nbp.name>";
piotr = "Piotr Pietraszkiewicz <ppietrasa@gmail.com>";
pjbarnoy = "Perry Barnoy <pjbarnoy@gmail.com>";
pjones = "Peter Jones <pjones@devalot.com>";
pkmx = "Chih-Mao Chen <pkmx.tw@gmail.com>";
plcplc = "Philip Lykke Carlsen <plcplc@gmail.com>";
plumps = "Maksim Bronsky <maks.bronsky@web.de";
pmahoney = "Patrick Mahoney <pat@polycrystal.org>";
pmiddend = "Philipp Middendorf <pmidden@secure.mailbox.org>";
polyrod = "Maurizio Di Pietro <dc1mdp@gmail.com>";
@ -447,6 +470,8 @@
scolobb = "Sergiu Ivanov <sivanov@colimite.fr>";
sepi = "Raffael Mancini <raffael@mancini.lu>";
seppeljordan = "Sebastian Jordan <sebastian.jordan.mail@googlemail.com>";
shanemikel = "Shane Pearlman <shanemikel1@gmail.com>";
shawndellysse = "Shawn Dellysse <sdellysse@gmail.com>";
sheenobu = "Sheena Artrip <sheena.artrip@gmail.com>";
sheganinans = "Aistis Raulinaitis <sheganinans@gmail.com>";
shell = "Shell Turner <cam.turn@gmail.com>";
@ -478,7 +503,9 @@
sztupi = "Attila Sztupak <attila.sztupak@gmail.com>";
taeer = "Taeer Bar-Yam <taeer@necsi.edu>";
tailhook = "Paul Colomiets <paul@colomiets.name>";
takikawa = "Asumu Takikawa <asumu@igalia.com>";
taktoa = "Remy Goldschmidt <taktoa@gmail.com>";
taku0 = "Takuo Yonezawa <mxxouy6x3m_github@tatapa.org>";
tavyc = "Octavian Cerna <octavian.cerna@gmail.com>";
teh = "Tom Hunger <tehunger@gmail.com>";
telotortium = "Robert Irelan <rirelan@gmail.com>";
@ -501,7 +528,8 @@
tvorog = "Marsel Zaripov <marszaripov@gmail.com>";
twey = "James Twey Kay <twey@twey.co.uk>";
uralbash = "Svintsov Dmitry <root@uralbash.ru>";
urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
utdemir = "Utku Demir <me@utdemir.com>";
#urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>"; inactive since 2012
uwap = "uwap <me@uwap.name>";
vandenoever = "Jos van den Oever <jos@vandenoever.info>";
vanzef = "Ivan Solyankin <vanzef@gmail.com>";
@ -530,6 +558,8 @@
womfoo = "Kranium Gikos Mendoza <kranium@gikos.net>";
wscott = "Wayne Scott <wsc9tt@gmail.com>";
wyvie = "Elijah Rum <elijahrum@gmail.com>";
xnwdd = "Guillermo NWDD <nwdd+nixos@no.team>";
xvapx = "Marti Serra <marti.serra.coscollano@gmail.com>";
xwvvvvwx = "David Terry <davidterry@posteo.de>";
yarr = "Dmitry V. <savraz@gmail.com>";
yochai = "Yochai <yochai@titat.info>";

32
lib/modules.nix
View File

@ -20,7 +20,8 @@ rec {
, prefix ? []
, # This should only be used for special arguments that need to be evaluated
# when resolving module structure (like in imports). For everything else,
# there's _module.args.
# there's _module.args. If specialArgs.modulesPath is defined it will be
# used as the base path for disabledModules.
specialArgs ? {}
, # This would be remove in the future, Prefer _module.args option instead.
args ? {}
@ -58,10 +59,7 @@ rec {
closed = closeModules (modules ++ [ internalModule ]) ({ inherit config options; lib = import ./.; } // specialArgs);
# Note: the list of modules is reversed to maintain backward
# compatibility with the old module system. Not sure if this is
# the most sensible policy.
options = mergeModules prefix (reverseList closed);
options = mergeModules prefix (reverseList (filterModules (specialArgs.modulesPath or "") closed));
# Traverse options and extract the option values into the final
# config set. At the same time, check whether all option
@ -87,6 +85,16 @@ rec {
result = { inherit options config; };
in result;
# Filter disabled modules. Modules can be disabled allowing
# their implementation to be replaced.
filterModules = modulesPath: modules:
let
moduleKey = m: if isString m then toString modulesPath + "/" + m else toString m;
disabledKeys = map moduleKey (concatMap (m: m.disabledModules) modules);
in
filter (m: !(elem m.key disabledKeys)) modules;
/* Close a set of modules under the imports relation. */
closeModules = modules: args:
let
@ -106,17 +114,18 @@ rec {
/* Massage a module into canonical form, that is, a set consisting
of options, config and imports attributes. */
unifyModuleSyntax = file: key: m:
let metaSet = if m ? meta
let metaSet = if m ? meta
then { meta = m.meta; }
else {};
in
if m ? config || m ? options then
let badAttrs = removeAttrs m ["imports" "options" "config" "key" "_file" "meta"]; in
let badAttrs = removeAttrs m ["_file" "key" "disabledModules" "imports" "options" "config" "meta"]; in
if badAttrs != {} then
throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by assignments to the top-level attributes `config' or `options'."
else
{ file = m._file or file;
key = toString m.key or key;
disabledModules = m.disabledModules or [];
imports = m.imports or [];
options = m.options or {};
config = mkMerge [ (m.config or {}) metaSet ];
@ -124,9 +133,10 @@ rec {
else
{ file = m._file or file;
key = toString m.key or key;
disabledModules = m.disabledModules or [];
imports = m.require or [] ++ m.imports or [];
options = {};
config = mkMerge [ (removeAttrs m ["key" "_file" "require" "imports"]) metaSet ];
config = mkMerge [ (removeAttrs m ["_file" "key" "disabledModules" "require" "imports"]) metaSet ];
};
applyIfFunction = key: f: args@{ config, options, lib, ... }: if isFunction f then
@ -585,7 +595,7 @@ rec {
functionality
This show a warning if any a.b.c or d.e.f is set, and set the value of
x.y.z to the result of the merge function
x.y.z to the result of the merge function
*/
mkMergedOptionModule = from: to: mergeFn:
{ config, options, ... }:
@ -601,12 +611,12 @@ rec {
let val = getAttrFromPath f config;
opt = getAttrFromPath f options;
in
optionalString
optionalString
(val != "_mkMergedOptionModule")
"The option `${showOption f}' defined in ${showFiles opt.files} has been changed to `${showOption to}' that has a different type. Please read `${showOption to}' documentation and update your configuration accordingly."
) from);
} // setAttrByPath to (mkMerge
(optional
(optional
(any (f: (getAttrFromPath f config) != "_mkMergedOptionModule") from)
(mergeFn config)));
};

8
lib/strings.nix
View File

@ -291,7 +291,7 @@ rec {
recurse = index: startAt:
let cutUntil = i: [(substring startAt (i - startAt) s)]; in
if index < lastSearch then
if index <= lastSearch then
if startWithSep index then
let restartAt = index + sepLen; in
cutUntil index ++ recurse restartAt restartAt
@ -476,10 +476,8 @@ rec {
readPathsFromFile = rootPath: file:
let
root = toString rootPath;
lines =
builtins.map (lib.removeSuffix "\n")
(lib.splitString "\n" (builtins.readFile file));
removeComments = lib.filter (line: !(lib.hasPrefix "#" line));
lines = lib.splitString "\n" (builtins.readFile file);
removeComments = lib.filter (line: line != "" && !(lib.hasPrefix "#" line));
relativePaths = removeComments lines;
absolutePaths = builtins.map (path: builtins.toPath (root + "/" + path)) relativePaths;
in

73
lib/tests.nix
View File

@ -1,3 +1,6 @@
# to run these tests:
# nix-instantiate --eval --strict nixpkgs/lib/tests.nix
# if the resulting list is empty, all tests passed
let inherit (builtins) add; in
with import ./default.nix;
@ -45,10 +48,34 @@ runTests {
expected = ["b" "c"];
};
testFold = {
expr = fold (builtins.add) 0 (range 0 100);
expected = 5050;
};
testFold =
let
f = op: fold: fold op 0 (range 0 100);
# fold with associative operator
assoc = f builtins.add;
# fold with non-associative operator
nonAssoc = f builtins.sub;
in {
expr = {
assocRight = assoc foldr;
# right fold with assoc operator is same as left fold
assocRightIsLeft = assoc foldr == assoc foldl;
nonAssocRight = nonAssoc foldr;
nonAssocLeft = nonAssoc foldl;
# with non-assoc operator the fold results are not the same
nonAssocRightIsNotLeft = nonAssoc foldl != nonAssoc foldr;
# fold is an alias for foldr
foldIsRight = nonAssoc fold == nonAssoc foldr;
};
expected = {
assocRight = 5050;
assocRightIsLeft = true;
nonAssocRight = 50;
nonAssocLeft = (-5050);
nonAssocRightIsNotLeft = true;
foldIsRight = true;
};
};
testTake = testAllTrue [
([] == (take 0 [ 1 2 3 ]))
@ -80,7 +107,7 @@ runTests {
y = x.merge {};
in (y.merge) { a = 10; };
resRem7 = res6.replace (a : removeAttrs a ["a"]);
resRem7 = res6.replace (a: removeAttrs a ["a"]);
resReplace6 = let x = defaultOverridableDelayableArgs id { a = 7; mergeAttrBy = { a = add; }; };
x2 = x.merge { a = 20; }; # now we have 27
@ -88,10 +115,10 @@ runTests {
# fixed tests (delayed args): (when using them add some comments, please)
resFixed1 =
let x = defaultOverridableDelayableArgs id ( x : { a = 7; c = x.fixed.b; });
y = x.merge (x : { name = "name-${builtins.toString x.fixed.c}"; });
let x = defaultOverridableDelayableArgs id ( x: { a = 7; c = x.fixed.b; });
y = x.merge (x: { name = "name-${builtins.toString x.fixed.c}"; });
in (y.merge) { b = 10; };
strip = attrs : removeAttrs attrs ["merge" "replace"];
strip = attrs: removeAttrs attrs ["merge" "replace"];
in all id
[ ((strip res1) == { })
((strip res2) == { a = 7; })
@ -220,4 +247,34 @@ runTests {
expected = builtins.toJSON val;
};
testSplitStringsSimple = {
expr = strings.splitString "." "a.b.c.d";
expected = [ "a" "b" "c" "d" ];
};
testSplitStringsEmpty = {
expr = strings.splitString "." "a..b";
expected = [ "a" "" "b" ];
};
testSplitStringsOne = {
expr = strings.splitString ":" "a.b";
expected = [ "a.b" ];
};
testSplitStringsNone = {
expr = strings.splitString "." "";
expected = [ "" ];
};
testSplitStringsFirstEmpty = {
expr = strings.splitString "/" "/a/b/c";
expected = [ "" "a" "b" "c" ];
};
testSplitStringsLastEmpty = {
expr = strings.splitString ":" "2001:db8:0:0042::8a2e:370:";
expected = [ "2001" "db8" "0" "0042" "" "8a2e" "370" "" ];
};
}

8
lib/tests/modules.sh
View File

@ -99,6 +99,14 @@ checkConfigOutput 'true' "$@" ./define-enable.nix ./define-loaOfSub-if-foo-enabl
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-loaOfSub-foo-if-enable.nix
checkConfigOutput 'true' "$@" ./define-enable.nix ./define-loaOfSub-foo-enable-if.nix
# Check disabledModules with config definitions and option declarations.
set -- config.enable ./define-enable.nix ./declare-enable.nix
checkConfigOutput "true" "$@"
checkConfigOutput "false" "$@" ./disable-define-enable.nix
checkConfigError "The option .*enable.* defined in .* does not exist" "$@" ./disable-declare-enable.nix
checkConfigError "attribute .*enable.* in selection path .*config.enable.* not found" "$@" ./disable-define-enable.nix ./disable-declare-enable.nix
checkConfigError "attribute .*enable.* in selection path .*config.enable.* not found" "$@" ./disable-enable-modules.nix
# Check _module.args.
set -- config.enable ./declare-enable.nix ./define-enable-with-custom-arg.nix
checkConfigError 'while evaluating the module argument .*custom.* in .*define-enable-with-custom-arg.nix.*:' "$@"

3
lib/tests/modules/default.nix
View File

@ -1,7 +1,8 @@
{ lib ? import <nixpkgs/lib>, modules ? [] }:
{ lib ? import ../.., modules ? [] }:
{
inherit (lib.evalModules {
inherit modules;
specialArgs.modulesPath = ./.;
}) config options;
}

5
lib/tests/modules/disable-declare-enable.nix Normal file
View File

@ -0,0 +1,5 @@
{ lib, ... }:
{
disabledModules = [ ./declare-enable.nix ];
}

5
lib/tests/modules/disable-define-enable.nix Normal file
View File

@ -0,0 +1,5 @@
{ lib, ... }:
{
disabledModules = [ ./define-enable.nix ];
}

5
lib/tests/modules/disable-enable-modules.nix Normal file
View File

@ -0,0 +1,5 @@
{ lib, ... }:
{
disabledModules = [ "define-enable.nix" "declare-enable.nix" ];
}

33
lib/trivial.nix
View File

@ -1,17 +1,44 @@
rec {
# Identity function.
/* The identity function
For when you need a function that does nothing.
Type: id :: a -> a
*/
id = x: x;
# Constant function.
/* The constant function
Ignores the second argument.
Or: Construct a function that always returns a static value.
Type: const :: a -> b -> a
Example:
let f = const 5; in f 10
=> 5
*/
const = x: y: x;
# Named versions corresponding to some builtin operators.
## Named versions corresponding to some builtin operators.
/* Concat two strings */
concat = x: y: x ++ y;
/* boolean or */
or = x: y: x || y;
/* boolean and */
and = x: y: x && y;
/* Merge two attribute sets shallowly, right side trumps left
Example:
mergeAttrs { a = 1; b = 2; } // { b = 3; c = 4; }
=> { a = 1; b = 3; c = 4; }
*/
mergeAttrs = x: y: x // y;
# Compute the fixed point of the given function `f`, which is usually an
# attribute set that expects its final, non-recursive representation as an
# argument:

4
lib/types.nix
View File

@ -6,7 +6,7 @@ with import ./attrsets.nix;
with import ./options.nix;
with import ./trivial.nix;
with import ./strings.nix;
with {inherit (import ./modules.nix) mergeDefinitions filterOverrides; };
let inherit (import ./modules.nix) mergeDefinitions filterOverrides; in
rec {
@ -81,7 +81,7 @@ rec {
# name: name of the type
# type: type function.
# wrapped: the type wrapped in case of compound types.
# payload: values of the type, two payloads of the same type must be
# payload: values of the type, two payloads of the same type must be
# combinable with the binOp binary operation.
# binOp: binary operation that merge two payloads of the same type.
functor ? defaultFunctor name

14
maintainers/docker/.dockerignore
View File

@ -1,14 +0,0 @@
*~
,*
.*.swp
.*.swo
result
result-*
/doc/NEWS.html
/doc/NEWS.txt
/doc/manual.html
/doc/manual.pdf
.version-suffix
.DS_Store
.git

12
maintainers/docker/Dockerfile
View File

@ -1,12 +0,0 @@
FROM busybox
RUN dir=`mktemp -d` && trap 'rm -rf "$dir"' EXIT && \
wget -O- https://nixos.org/releases/nix/nix-1.7/nix-1.7-x86_64-linux.tar.bz2 | bzcat | tar x -C $dir && \
mkdir -m 0755 /nix && USER=root sh $dir/*/install && \
echo ". /root/.nix-profile/etc/profile.d/nix.sh" >> /etc/profile
ADD . /root/nix/nixpkgs
ONBUILD ENV NIX_PATH nixpkgs=/root/nix/nixpkgs:nixos=/root/nix/nixpkgs/nixos
ONBUILD ENV PATH /root/.nix-profile/bin:/root/.nix-profile/sbin:/bin:/sbin:/usr/bin:/usr/sbin
ONBUILD ENV ENV /etc/profile
ENV ENV /etc/profile

13
maintainers/scripts/hydra-eval-failures.py
View File

@ -5,6 +5,7 @@
import subprocess
import json
import sys
import click
import requests
@ -47,8 +48,8 @@ def get_maintainers(attr_name):
@click.command()
@click.option(
'--jobset',
default="nixos/release-16.09",
help='Hydra project like nixos/release-16.09')
default="nixos/release-17.03",
help='Hydra project like nixos/release-17.03')
def cli(jobset):
"""
Given a Hydra project, inspect latest evaluation
@ -73,14 +74,18 @@ def cli(jobset):
# TODO: dependency failed without propagated builds
for tr in d('img[alt="Failed"]').parents('tr'):
a = pq(tr)('a')[1]
print "- [ ] [{}]({})".format(a.text, a.get('href'))
print("- [ ] [{}]({})".format(a.text, a.get('href')))
sys.stdout.flush()
maintainers = get_maintainers(a.text)
if maintainers:
print " - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers)))
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
# TODO: print last three persons that touched this file
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
sys.stdout.flush()
if __name__ == "__main__":
try:

277
maintainers/scripts/nix-diff.sh Executable file
View File

@ -0,0 +1,277 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p coreutils gnugrep gnused
################################################################################
# nix-diff.sh #
################################################################################
# This script "diffs" Nix profile generations. #
# #
# Example: #
################################################################################
# > nix-diff.sh 90 92 #
# + gnumake-4.2.1 #
# + gnumake-4.2.1-doc #
# - htmldoc-1.8.29 #
################################################################################
# The example shows that as of generation 92 and since generation 90, #
# gnumake-4.2.1 and gnumake-4.2.1-doc have been installed, while #
# htmldoc-1.8.29 has been removed. #
# #
# The example above shows the default, minimal output mode of this script. #
# For more features, run `nix-diff.sh -h` for usage instructions. #
################################################################################
usage() {
cat <<EOF
usage: nix-diff.sh [-h | [-p profile | -s] [-q] [-l] [range]]
-h: print this message before exiting
-q: list the derivations installed in the parent generation
-l: diff every available intermediate generation between parent and
child
-p profile: specify the Nix profile to use
* defaults to ~/.nix-profile
-s: use the system profile
* equivalent to: -p /nix/var/nix/profiles/system
profile: * should be something like /nix/var/nix/profiles/default, not a
generation link like /nix/var/nix/profiles/default-2-link
range: the range of generations to diff
* the following patterns are allowed, where A, B, and N are positive
integers, and G is the currently active generation:
A..B => diffs from generation A to generation B
~N => diffs from the Nth newest generation (older than G) to G
A => diffs from generation A to G
* defaults to ~1
EOF
}
usage_tip() {
echo 'run `nix-diff.sh -h` for usage instructions' >&2
exit 1
}
while getopts :hqlp:s opt; do
case $opt in
h)
usage
exit
;;
q)
opt_query=1
;;
l)
opt_log=1
;;
p)
opt_profile=$OPTARG
;;
s)
opt_profile=/nix/var/nix/profiles/system
;;
\?)
echo "error: invalid option -$OPTARG" >&2
usage_tip
;;
esac
done
shift $((OPTIND-1))
if [ -n "$opt_profile" ]; then
if ! [ -L "$opt_profile" ]; then
echo "error: expecting \`$opt_profile\` to be a symbolic link" >&2
usage_tip
fi
else
opt_profile=$(readlink ~/.nix-profile)
if (( $? != 0 )); then
echo 'error: unable to dereference `~/.nix-profile`' >&2
echo 'specify the profile manually with the `-p` flag' >&2
usage_tip
fi
fi
list_gens() {
nix-env -p "$opt_profile" --list-generations \
| sed -r 's:^\s*::' \
| cut -d' ' -f1
}
current_gen() {
nix-env -p "$opt_profile" --list-generations \
| grep -E '\(current\)\s*$' \
| sed -r 's:^\s*::' \
| cut -d' ' -f1
}
neg_gen() {
local i=0 from=$1 n=$2 tmp
for gen in $(list_gens | sort -rn); do
if ((gen < from)); then
tmp=$gen
((i++))
((i == n)) && break
fi
done
if ((i < n)); then
echo -n "error: there aren't $n generation(s) older than" >&2
echo " generation $from" >&2
return 1
fi
echo $tmp
}
match() {
argv=("$@")
for i in $(seq $(($#-1))); do
if grep -E "^${argv[$i]}\$" <(echo "$1") >/dev/null; then
echo $i
return
fi
done
echo 0
}
case $(match "$1" '' '[0-9]+' '[0-9]+\.\.[0-9]+' '~[0-9]+') in
1)
diffTo=$(current_gen)
diffFrom=$(neg_gen $diffTo 1)
(($? == 1)) && usage_tip
;;
2)
diffFrom=$1
diffTo=$(current_gen)
;;
3)
diffFrom=${1%%.*}
diffTo=${1##*.}
;;
4)
diffTo=$(current_gen)
diffFrom=$(neg_gen $diffTo ${1#*~})
(($? == 1)) && usage_tip
;;
0)
echo 'error: invalid invocation' >&2
usage_tip
;;
esac
dirA="${opt_profile}-${diffFrom}-link"
dirB="${opt_profile}-${diffTo}-link"
declare -a temp_files
temp_length() {
echo -n ${#temp_files[@]}
}
temp_make() {
temp_files[$(temp_length)]=$(mktemp)
}
temp_clean() {
rm -f ${temp_files[@]}
}
temp_name() {
echo -n "${temp_files[$(($(temp_length)-1))]}"
}
trap 'temp_clean' EXIT
temp_make
versA=$(temp_name)
refs=$(nix-store -q --references "$dirA")
(( $? != 0 )) && exit 1
echo "$refs" \
| grep -v env-manifest.nix \
| sort \
> "$versA"
print_tag() {
local gen=$1
nix-env -p "$opt_profile" --list-generations \
| grep -E "^\s*${gen}" \
| sed -r 's:^\s*::' \
| sed -r 's:\s*$::'
}
if [ -n "$opt_query" ]; then
print_tag $diffFrom
cat "$versA" \
| sed -r 's:^[^-]+-(.*)$: \1:'
print_line=1
fi
if [ -n "$opt_log" ]; then
gens=$(for gen in $(list_gens); do
((diffFrom < gen && gen < diffTo)) && echo $gen
done)
# Force the $diffTo generation to be included in this list, instead of using
# `gen <= diffTo` in the preceding loop, so we encounter an error upon the
# event of its nonexistence.
gens=$(echo "$gens"
echo $diffTo)
else
gens=$diffTo
fi
temp_make
add=$(temp_name)
temp_make
rem=$(temp_name)
temp_make
out=$(temp_name)
for gen in $gens; do
[ -n "$print_line" ] && echo
temp_make
versB=$(temp_name)
dirB="${opt_profile}-${gen}-link"
refs=$(nix-store -q --references "$dirB")
(( $? != 0 )) && exit 1
echo "$refs" \
| grep -v env-manifest.nix \
| sort \
> "$versB"
in=$(comm -3 -1 "$versA" "$versB")
sed -r 's:^[^-]*-(.*)$:\1+:' <(echo "$in") \
| sort -f \
> "$add"
un=$(comm -3 -2 "$versA" "$versB")
sed -r 's:^[^-]*-(.*)$:\1-:' <(echo "$un") \
| sort -f \
> "$rem"
cat "$rem" "$add" \
| sort -f \
| sed -r 's:(.*)-$:- \1:' \
| sed -r 's:(.*)\+$:\+ \1:' \
| grep -v '^$' \
> "$out"
if [ -n "$opt_query" -o -n "$opt_log" ]; then
lines=$(wc -l "$out" | cut -d' ' -f1)
tag=$(print_tag "$gen")
(( $? != 0 )) && exit 1
if [ $lines -eq 0 ]; then
echo "$tag (no change)"
else
echo "$tag"
fi
cat "$out" \
| sed 's:^: :'
print_line=1
else
echo "diffing from generation $diffFrom to $diffTo"
cat "$out"
fi
versA=$versB
done
exit 0

3
nixos/default.nix
View File

@ -37,7 +37,4 @@ in
vm = vmConfig.system.build.vm;
vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm;
# The following are used by nixos-rebuild.
nixFallback = pkgs.nixUnstable.out;
}

2
nixos/doc/manual/configuration/modularity.xml
View File

@ -37,7 +37,7 @@ latter might look like this:
{ services.xserver.enable = true;
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.kde5.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
}
</programlisting>

6
nixos/doc/manual/configuration/network-manager.xml
View File

@ -27,7 +27,11 @@ users.extraUsers.youruser.extraGroups = [ "networkmanager" ];
<para>NetworkManager is controlled using either <command>nmcli</command> or
<command>nmtui</command> (curses-based terminal user interface). See their
manual pages for details on their usage. Some desktop environments (GNOME, KDE)
have their own configuration tools for NetworkManager.</para>
have their own configuration tools for NetworkManager. On XFCE, there is no
configuration tool for NetworkManager by default: by adding
<code>networkmanagerapplet</code> to the list of system packages, the graphical
applet will be installed and will launch automatically when XFCE is starting
(and will show in the status tray).</para>
<note><para><code>networking.networkmanager</code> and
<code>networking.wireless</code> (WPA Supplicant) cannot be enabled at the same

8
nixos/doc/manual/configuration/x-windows.xml
View File

@ -25,19 +25,23 @@ Otherwise, you can only log into a plain undecorated
<command>xterm</command> window. Thus you should pick one or more of
the following lines:
<programlisting>
services.xserver.desktopManager.kde5.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
services.xserver.desktopManager.xfce.enable = true;
services.xserver.desktopManager.gnome3.enable = true;
services.xserver.windowManager.xmonad.enable = true;
services.xserver.windowManager.twm.enable = true;
services.xserver.windowManager.icewm.enable = true;
services.xserver.windowManager.i3.enable = true;
</programlisting>
</para>
<para>NixOSs default <emphasis>display manager</emphasis> (the
program that provides a graphical login prompt and manages the X
server) is SLiM. You can select KDEs <command>sddm</command> instead:
server) is SLiM. You can select an alternative one by picking one
of the following lines:
<programlisting>
services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.lightdm.enable = true;
</programlisting>
</para>

42
nixos/doc/manual/configuration/xfce.xml
View File

@ -9,10 +9,10 @@
<para>
To enable the Xfce Desktop Environment, set
<programlisting>
services.xserver.desktopManager = {
xfce.enable = true;
default = "xfce";
};
services.xserver.desktopManager = {
xfce.enable = true;
default = "xfce";
};
</programlisting>
</para>
@ -20,13 +20,13 @@
Optionally, <emphasis>compton</emphasis>
can be enabled for nice graphical effects, some example settings:
<programlisting>
services.compton = {
enable = true;
fade = true;
inactiveOpacity = "0.9";
shadow = true;
fadeDelta = 4;
};
services.compton = {
enable = true;
fade = true;
inactiveOpacity = "0.9";
shadow = true;
fadeDelta = 4;
};
</programlisting>
</para>
@ -34,16 +34,16 @@
Some Xfce programs are not installed automatically.
To install them manually (system wide), put them into your
<literal>environment.systemPackages</literal>.
</para>
</para>
<para>
NixOSs default <emphasis>display manager</emphasis>is SLiM.
(DM is the program that provides a graphical login prompt
and manages the X server.)
You can, for example, select KDEs
NixOSs default <emphasis>display manager</emphasis> is SLiM.
(DM is the program that provides a graphical login prompt
and manages the X server.)
You can, for example, select KDEs
<command>sddm</command> instead:
<programlisting>
services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.sddm.enable = true;
</programlisting>
</para>
@ -55,7 +55,7 @@
<emphasis>Thunar</emphasis>
volume support, put
<programlisting>
services.xserver.desktopManager.xfce.enable = true;
services.xserver.desktopManager.xfce.enable = true;
</programlisting>
into your <emphasis>configuration.nix</emphasis>.
</para>
@ -84,10 +84,10 @@
Thunar and/or the desktop takes time to show up.
Thunar will spit out this kind of message on start
(look at journalctl --user -b).
(look at <command>journalctl --user -b</command>).
<programlisting>
Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.UDisks2VolumeMonitor is not supported
Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.UDisks2VolumeMonitor is not supported
</programlisting>
This is caused by some needed GNOME services not running.
@ -95,7 +95,7 @@
the Advanced tab of the Session and Startup settings panel.
Alternatively, you can run this command to do the same thing.
<programlisting>
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
</programlisting>
A log-out and re-log will be needed for this to take effect.
</para>

75
nixos/doc/manual/development/replace-modules.xml Normal file
View File

@ -0,0 +1,75 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-replace-modules">
<title>Replace Modules</title>
<para>Modules that are imported can also be disabled. The option
declarations and config implementation of a disabled module will be
ignored, allowing another to take it's place. This can be used to
import a set of modules from another channel while keeping the rest
of the system on a stable release.</para>
<para><literal>disabledModules</literal> is a top level attribute like
<literal>imports</literal>, <literal>options</literal> and
<literal>config</literal>. It contains a list of modules that will
be disabled. This can either be the full path to the module or a
string with the filename relative to the modules path
(eg. &lt;nixpkgs/nixos/modules&gt; for nixos).
</para>
<para>This example will replace the existing postgresql module with
the version defined in the nixos-unstable channel while keeping the
rest of the modules and packages from the original nixos channel.
This only overrides the module definition, this won't use postgresql
from nixos-unstable unless explicitly configured to do so.</para>
<programlisting>
{ config, lib, pkgs, ... }:
{
disabledModules = [ "services/databases/postgresql.nix" ];
imports =
[ # Use postgresql service from nixos-unstable channel.
# sudo nix-channel --add http://nixos.org/channels/nixos-unstable nixos-unstable
&lt;nixos-unstable/nixos/modules/services/databases/postgresql.nix&gt;
];
services.postgresql.enable = true;
}
</programlisting>
<para>This example shows how to define a custom module as a
replacement for an existing module. Importing this module will
disable the original module without having to know it's
implementation details.</para>
<programlisting>
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.man;
in
{
disabledModules = [ "services/programs/man.nix" ];
options = {
programs.man.enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable manual pages.";
};
};
config = mkIf cfg.enabled {
warnings = [ "disabled manpages for production deployments." ];
};
}
</programlisting>
</section>

22
nixos/doc/manual/development/sources.xml
View File

@ -8,7 +8,7 @@
<para>By default, NixOSs <command>nixos-rebuild</command> command
uses the NixOS and Nixpkgs sources provided by the
<literal>nixos-unstable</literal> channel (kept in
<literal>nixos</literal> channel (kept in
<filename>/nix/var/nix/profiles/per-user/root/channels/nixos</filename>).
To modify NixOS, however, you should check out the latest sources from
Git. This is as follows:
@ -27,8 +27,8 @@ a subdirectory of the Nixpkgs repository.) The remote
<literal>channels</literal> refers to a read-only repository that
tracks the Nixpkgs/NixOS channels (see <xref linkend="sec-upgrading"/>
for more information about channels). Thus, the Git branch
<literal>channels/nixos-14.12</literal> will contain the latest built
and tested version available in the <literal>nixos-14.12</literal>
<literal>channels/nixos-17.03</literal> will contain the latest built
and tested version available in the <literal>nixos-17.03</literal>
channel.</para>
<para>Its often inconvenient to develop directly on the master
@ -39,9 +39,9 @@ branch based on your current NixOS version:
<screen>
$ nixos-version
14.04.273.ea1952b (Baboon)
17.09pre104379.6e0b727 (Hummingbird)
$ git checkout -b local ea1952b
$ git checkout -b local 6e0b727
</screen>
Or, to base your local branch on the latest version available in a
@ -49,17 +49,17 @@ NixOS channel:
<screen>
$ git remote update channels
$ git checkout -b local channels/nixos-14.12
$ git checkout -b local channels/nixos-17.03
</screen>
(Replace <literal>nixos-14.12</literal> with the name of the channel
(Replace <literal>nixos-17.03</literal> with the name of the channel
you want to use.) You can use <command>git merge</command> or
<command>git rebase</command> to keep your local branch in sync with
the channel, e.g.
<screen>
$ git remote update channels
$ git merge channels/nixos-14.12
$ git merge channels/nixos-17.03
</screen>
You can use <command>git cherry-pick</command> to copy commits from
@ -87,7 +87,11 @@ $ ln -s <replaceable>/my/sources</replaceable>/nixpkgs ~/.nix-defexpr/nixpkgs
You may want to delete the symlink
<filename>~/.nix-defexpr/channels_root</filename> to prevent roots
NixOS channel from clashing with your own tree.</para>
NixOS channel from clashing with your own tree (this may break the
command-not-found utility though). If you want to go back to the default
state, you may just remove the <filename>~/.nix-defexpr</filename>
directory completely, log out and log in again and it should have been
recreated with a link to the root channels.</para>
<!-- FIXME: not sure what this means.
<para>You should not pass the base directory

1
nixos/doc/manual/development/writing-modules.xml
View File

@ -179,5 +179,6 @@ in {
<xi:include href="option-types.xml" />
<xi:include href="option-def.xml" />
<xi:include href="meta-attributes.xml" />
<xi:include href="replace-modules.xml" />
</chapter>

2
nixos/doc/manual/installation/changing-config.xml
View File

@ -7,7 +7,7 @@
<para>The file <filename>/etc/nixos/configuration.nix</filename>
contains the current configuration of your machine. Whenever youve
changed something to that file, you should do
<link linkend="ch-configuration">changed something</link> in that file, you should do
<screen>
# nixos-rebuild switch</screen>

3
nixos/doc/manual/installation/installing-uefi.xml
View File

@ -26,7 +26,8 @@ changes:
<literal>vfat</literal> filesystem.</para>
</listitem>
<listitem>
<para>You must set <option>boot.loader.systemd-boot.enable</option> to
<para>Instead of <option>boot.loader.grub.device</option>,
you must set <option>boot.loader.systemd-boot.enable</option> to
<literal>true</literal>. <command>nixos-generate-config</command>
should do this automatically for new configurations when booted in
UEFI mode.</para>

4
nixos/doc/manual/installation/installing-usb.xml
View File

@ -11,7 +11,9 @@ a USB stick. You can use the <command>dd</command> utility to write the image:
<command>dd if=<replaceable>path-to-image</replaceable>
of=<replaceable>/dev/sdb</replaceable></command>. Be careful about specifying the
correct drive; you can use the <command>lsblk</command> command to get a list of
block devices.</para>
block devices. If you're on OS X you can run <command>diskutil list</command>
to see the list of devices; the device you'll use for the USB must be ejected
before writing the image.</para>
<para>The <command>dd</command> utility will write the image verbatim to the drive,
making it the recommended option for both UEFI and non-UEFI installations. For

22
nixos/doc/manual/installation/upgrading.xml
View File

@ -15,12 +15,12 @@ been built. These channels are:
<itemizedlist>
<listitem>
<para><emphasis>Stable channels</emphasis>, such as <literal
xlink:href="https://nixos.org/channels/nixos-14.12">nixos-14.12</literal>.
xlink:href="https://nixos.org/channels/nixos-17.03">nixos-17.03</literal>.
These only get conservative bug fixes and package upgrades. For
instance, a channel update may cause the Linux kernel on your
system to be upgraded from 3.4.66 to 3.4.67 (a minor bug fix), but
not from 3.4.<replaceable>x</replaceable> to
3.11.<replaceable>x</replaceable> (a major change that has the
system to be upgraded from 4.9.16 to 4.9.17 (a minor bug fix), but
not from 4.9.<replaceable>x</replaceable> to
4.11.<replaceable>x</replaceable> (a major change that has the
potential to break things). Stable channels are generally
maintained until the next stable branch is created.</para>
<para></para>
@ -34,7 +34,7 @@ been built. These channels are:
</listitem>
<listitem>
<para><emphasis>Small channels</emphasis>, such as <literal
xlink:href="https://nixos.org/channels/nixos-14.12-small">nixos-14.12-small</literal>
xlink:href="https://nixos.org/channels/nixos-17.03-small">nixos-17.03-small</literal>
or <literal
xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>. These
are identical to the stable and unstable channels described above,
@ -55,8 +55,8 @@ appliances.)</para>
<para>When you first install NixOS, youre automatically subscribed to
the NixOS channel that corresponds to your installation source. For
instance, if you installed from a 14.12 ISO, you will be subscribed to
the <literal>nixos-14.12</literal> channel. To see which NixOS
instance, if you installed from a 17.03 ISO, you will be subscribed to
the <literal>nixos-17.03</literal> channel. To see which NixOS
channel youre subscribed to, run the following as root:
<screen>
@ -71,16 +71,16 @@ To switch to a different NixOS channel, do
</screen>
(Be sure to include the <literal>nixos</literal> parameter at the
end.) For instance, to use the NixOS 14.12 stable channel:
end.) For instance, to use the NixOS 17.03 stable channel:
<screen>
# nix-channel --add https://nixos.org/channels/nixos-14.12 nixos
# nix-channel --add https://nixos.org/channels/nixos-17.03 nixos
</screen>
If you have a server, you may want to use the “small” channel instead:
<screen>
# nix-channel --add https://nixos.org/channels/nixos-14.12-small nixos
# nix-channel --add https://nixos.org/channels/nixos-17.03-small nixos
</screen>
And if you want to live on the bleeding edge:
@ -130,7 +130,7 @@ runs, see <command>systemctl list-timers</command>.) You can also
specify a channel explicitly, e.g.
<programlisting>
system.autoUpgrade.channel = https://nixos.org/channels/nixos-15.09;
system.autoUpgrade.channel = https://nixos.org/channels/nixos-17.03;
</programlisting>
</para>

1
nixos/doc/manual/release-notes/release-notes.xml
View File

@ -9,6 +9,7 @@
<para>This section lists the release notes for each stable version of NixOS
and current unstable revision.</para>
<xi:include href="rl-1709.xml" />
<xi:include href="rl-1703.xml" />
<xi:include href="rl-1609.xml" />
<xi:include href="rl-1603.xml" />

311
nixos/doc/manual/release-notes/rl-1703.xml
View File

@ -4,7 +4,15 @@
version="5.0"
xml:id="sec-release-17.03">
<title>Release 17.03 (“XXX”, 2017/03/??)</title>
<title>Release 17.03 (“Gorilla”, 2017/03/31)</title>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-17.03-highlights">
<title>Highlights</title>
<para>In addition to numerous new and upgraded packages, this release
has the following highlights: </para>
@ -16,30 +24,158 @@ has the following highlights: </para>
manual</link> for more information.</para>
</listitem>
<listitem>
<para>This release is based on Glibc 2.25, GCC 5.4.0 and systemd
232. The default Linux kernel is 4.9 and Nix is at 1.11.8.</para>
</listitem>
<listitem>
<para>The default desktop environment now is KDE's Plasma 5. KDE 4 has been removed</para>
</listitem>
<listitem>
<para>The setuid wrapper functionality now supports setting
capabilities.</para>
</listitem>
<listitem>
<para>X.org server uses branch 1.19. Due to ABI incompatibilities,
<para>X.org server uses branch 1.19. Due to ABI incompatibilities,
<literal>ati_unfree</literal> keeps forcing 1.17
and <literal>amdgpu-pro</literal> starts forcing 1.18.</para>
</listitem>
<listitem>
<para>
Cross compilation has been rewritten. See the nixpkgs manual for
details. The most obvious breaking change is that in derivations there is no
<literal>.nativeDrv</literal> nor <literal>.crossDrv</literal> are now
cross by default, not native.
</para>
</listitem>
<listitem>
<para>The <literal>overridePackages</literal> function has been rewritten
to be replaced by <link
xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
overlays</link></para>
</listitem>
<listitem>
<para>Packages in nixpkgs can be marked as insecure through listed
vulnerabilities. See the <link
xlink:href="https://nixos.org/nixpkgs/manual/#sec-allow-insecure">Nixpkgs
manual</link> for more information.</para>
</listitem>
<listitem>
<para>PHP now defaults to PHP 7.1</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-17.03-new-services">
<title>New Services</title>
<para>The following new services were added since the last release:</para>
<itemizedlist>
<listitem>
<para></para>
</listitem>
<listitem><para><literal>hardware/ckb.nix</literal></para></listitem>
<listitem><para><literal>hardware/mcelog.nix</literal></para></listitem>
<listitem><para><literal>hardware/usb-wwan.nix</literal></para></listitem>
<listitem><para><literal>hardware/video/capture/mwprocapture.nix</literal></para></listitem>
<listitem><para><literal>programs/adb.nix</literal></para></listitem>
<listitem><para><literal>programs/chromium.nix</literal></para></listitem>
<listitem><para><literal>programs/gphoto2.nix</literal></para></listitem>
<listitem><para><literal>programs/java.nix</literal></para></listitem>
<listitem><para><literal>programs/mtr.nix</literal></para></listitem>
<listitem><para><literal>programs/oblogout.nix</literal></para></listitem>
<listitem><para><literal>programs/vim.nix</literal></para></listitem>
<listitem><para><literal>programs/wireshark.nix</literal></para></listitem>
<listitem><para><literal>security/dhparams.nix</literal></para></listitem>
<listitem><para><literal>services/audio/ympd.nix</literal></para></listitem>
<listitem><para><literal>services/computing/boinc/client.nix</literal></para></listitem>
<listitem><para><literal>services/continuous-integration/buildbot/master.nix</literal></para></listitem>
<listitem><para><literal>services/continuous-integration/buildbot/worker.nix</literal></para></listitem>
<listitem><para><literal>services/continuous-integration/gitlab-runner.nix</literal></para></listitem>
<listitem><para><literal>services/databases/riak-cs.nix</literal></para></listitem>
<listitem><para><literal>services/databases/stanchion.nix</literal></para></listitem>
<listitem><para><literal>services/desktops/gnome3/gnome-terminal-server.nix</literal></para></listitem>
<listitem><para><literal>services/editors/infinoted.nix</literal></para></listitem>
<listitem><para><literal>services/hardware/illum.nix</literal></para></listitem>
<listitem><para><literal>services/hardware/trezord.nix</literal></para></listitem>
<listitem><para><literal>services/logging/journalbeat.nix</literal></para></listitem>
<listitem><para><literal>services/mail/offlineimap.nix</literal></para></listitem>
<listitem><para><literal>services/mail/postgrey.nix</literal></para></listitem>
<listitem><para><literal>services/misc/couchpotato.nix</literal></para></listitem>
<listitem><para><literal>services/misc/docker-registry.nix</literal></para></listitem>
<listitem><para><literal>services/misc/errbot.nix</literal></para></listitem>
<listitem><para><literal>services/misc/geoip-updater.nix</literal></para></listitem>
<listitem><para><literal>services/misc/gogs.nix</literal></para></listitem>
<listitem><para><literal>services/misc/leaps.nix</literal></para></listitem>
<listitem><para><literal>services/misc/nix-optimise.nix</literal></para></listitem>
<listitem><para><literal>services/misc/ssm-agent.nix</literal></para></listitem>
<listitem><para><literal>services/misc/sssd.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/arbtt.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/netdata.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/prometheus/default.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/prometheus/alertmanager.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/prometheus/blackbox-exporter.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/prometheus/json-exporter.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/prometheus/nginx-exporter.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/prometheus/node-exporter.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/prometheus/snmp-exporter.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/prometheus/unifi-exporter.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/prometheus/varnish-exporter.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/sysstat.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/telegraf.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/vnstat.nix</literal></para></listitem>
<listitem><para><literal>services/network-filesystems/cachefilesd.nix</literal></para></listitem>
<listitem><para><literal>services/network-filesystems/glusterfs.nix</literal></para></listitem>
<listitem><para><literal>services/network-filesystems/ipfs.nix</literal></para></listitem>
<listitem><para><literal>services/networking/dante.nix</literal></para></listitem>
<listitem><para><literal>services/networking/dnscrypt-wrapper.nix</literal></para></listitem>
<listitem><para><literal>services/networking/fakeroute.nix</literal></para></listitem>
<listitem><para><literal>services/networking/flannel.nix</literal></para></listitem>
<listitem><para><literal>services/networking/htpdate.nix</literal></para></listitem>
<listitem><para><literal>services/networking/miredo.nix</literal></para></listitem>
<listitem><para><literal>services/networking/nftables.nix</literal></para></listitem>
<listitem><para><literal>services/networking/powerdns.nix</literal></para></listitem>
<listitem><para><literal>services/networking/pdns-recursor.nix</literal></para></listitem>
<listitem><para><literal>services/networking/quagga.nix</literal></para></listitem>
<listitem><para><literal>services/networking/redsocks.nix</literal></para></listitem>
<listitem><para><literal>services/networking/wireguard.nix</literal></para></listitem>
<listitem><para><literal>services/system/cgmanager.nix</literal></para></listitem>
<listitem><para><literal>services/torrent/opentracker.nix</literal></para></listitem>
<listitem><para><literal>services/web-apps/atlassian/confluence.nix</literal></para></listitem>
<listitem><para><literal>services/web-apps/atlassian/crowd.nix</literal></para></listitem>
<listitem><para><literal>services/web-apps/atlassian/jira.nix</literal></para></listitem>
<listitem><para><literal>services/web-apps/frab.nix</literal></para></listitem>
<listitem><para><literal>services/web-apps/nixbot.nix</literal></para></listitem>
<listitem><para><literal>services/web-apps/selfoss.nix</literal></para></listitem>
<listitem><para><literal>services/web-apps/quassel-webserver.nix</literal></para></listitem>
<listitem><para><literal>services/x11/unclutter-xfixes.nix</literal></para></listitem>
<listitem><para><literal>services/x11/urxvtd.nix</literal></para></listitem>
<listitem><para><literal>system/boot/systemd-nspawn.nix</literal></para></listitem>
<listitem><para><literal>virtualisation/ecs-agent.nix</literal></para></listitem>
<listitem><para><literal>virtualisation/lxcfs.nix</literal></para></listitem>
<listitem><para><literal>virtualisation/openstack/keystone.nix</literal></para></listitem>
<listitem><para><literal>virtualisation/openstack/glance.nix</literal></para></listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-17.03-incompatibilities">
<title>Backward Incompatibilities</title>
<para>When upgrading from a previous release, please be aware of the
following incompatible changes:</para>
@ -47,10 +183,8 @@ following incompatible changes:</para>
<itemizedlist>
<listitem>
<para>
Cross compilation has been rewritten. See the nixpkgs manual for
details. The most obvious breaking change is that derivations absent a
<literal>.nativeDrv</literal> or <literal>.crossDrv</literal> are now
cross by default, not native.
Derivations have no <literal>.nativeDrv</literal> nor <literal>.crossDrv</literal>
and are now cross by default, not native.
</para>
</listitem>
@ -87,15 +221,6 @@ following incompatible changes:</para>
</para>
</listitem>
<listitem>
<para>
The Yama LSM is now enabled by default in the kernel,
which prevents ptracing non-child processes.
This means you will not be able to attach gdb to an existing process,
but will need to start that process from gdb (so it is a child).
</para>
</listitem>
<listitem>
<para>
The <literal>stripHash</literal> bash function in <literal>stdenv</literal>
@ -175,7 +300,7 @@ following incompatible changes:</para>
<para><literal>overridePackages</literal> function no longer exists.
It is replaced by <link
xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
overlays</link>. For example, the following code:
overlays</link>. For example, the following code:
<programlisting>
let
@ -217,10 +342,72 @@ following incompatible changes:</para>
</para>
</listitem>
<listitem>
<para>
Iputils no longer provide ping6 and traceroute6. The functionality of
these tools has been integrated into ping and traceroute respectively. To
enforce an address family the new flags <literal>-4</literal> and
<literal>-6</literal> have been added. One notable incompatibility is that
specifying an interface (for link-local IPv6 for instance) is no longer done
with the <literal>-I</literal> flag, but by encoding the interface into the
address (<literal>ping fe80::1%eth0</literal>).
</para>
</listitem>
<listitem>
<para>
The socket handling of the <literal>services.rmilter</literal> module
has been fixed and refactored. As rmilter doesn't support binding to
more than one socket, the options <literal>bindUnixSockets</literal>
and <literal>bindInetSockets</literal> have been replaced by
<literal>services.rmilter.bindSocket.*</literal>. The default is still
a unix socket in <literal>/run/rmilter/rmilter.sock</literal>. Refer to
the options documentation for more information.
</para>
</listitem>
<listitem>
<para>
The <literal>fetch*</literal> functions no longer support md5,
please use sha256 instead.
</para>
</listitem>
<listitem>
<para>
The dnscrypt-proxy module interface has been streamlined around the
<option>extraArgs</option> option. Where possible, legacy option
declarations are mapped to <option>extraArgs</option> but will emit
warnings. The <option>resolverList</option> has been outright
removed: to use an unlisted resolver, use the
<option>customResolver</option> option.
</para>
</listitem>
<listitem>
<para>
torbrowser now stores local state under
<filename>~/.local/share/tor-browser</filename> by default. Any
browser profile data from the old location,
<filename>~/.torbrowser4</filename>, must be migrated manually.
</para>
</listitem>
<listitem>
<para>
The ihaskell, monetdb, offlineimap and sitecopy services have been removed.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-17.03-notable-changes">
<para>Other notable improvements:</para>
<title>Other Notable Changes</title>
<itemizedlist>
@ -241,7 +428,87 @@ following incompatible changes:</para>
</para>
</listitem>
<listitem>
<para>Python 2.6 interpreter and package set have been removed.</para>
</listitem>
<listitem>
<para>
The Python 2.7 interpreter does not use modules anymore. Instead, all
CPython interpreters now include the whole standard library except for `tkinter`,
which is available in the Python package set.
</para>
</listitem>
<listitem>
<para>
Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly.
Minor modifications had to be made to the interpreters in order to generate
deterministic bytecode. This has security implications and is relevant for
those using Python in a <literal>nix-shell</literal>. See the Nixpkgs manual
for details.
</para>
</listitem>
<listitem>
<para>
The Python package sets now use a fixed-point combinator and the sets are
available as attributes of the interpreters.
</para>
</listitem>
<listitem>
<para>
The Python function <literal>buildPythonPackage</literal> has been improved and can be
used to build from Setuptools source, Flit source, and precompiled Wheels.
</para>
</listitem>
<listitem>
<para>
When adding new or updating current Python libraries, the expressions should be put
in separate files in <literal>pkgs/development/python-modules</literal> and
called from <literal>python-packages.nix</literal>.
</para>
</listitem>
<listitem>
<para>
The dnscrypt-proxy service supports synchronizing the list of public
resolvers without working DNS resolution. This fixes issues caused by the
resolver list becoming outdated. It also improves the viability of
DNSCrypt only configurations.
</para>
</listitem>
<listitem>
<para>
Containers using bridged networking no longer lose their connection after
changes to the host networking.
</para>
</listitem>
<listitem>
<para>
ZFS supports pool auto scrubbing.
</para>
</listitem>
<listitem>
<para>
The bind DNS utilities (e.g. dig) have been split into their own output and
are now also available in <literal>pkgs.dnsutils</literal> and it is no longer
necessary to pull in all of <literal>bind</literal> to use them.
</para>
</listitem>
<listitem>
<para>
Per-user configuration was moved from <filename>~/.nixpkgs</filename> to
<filename>~/.config/nixpkgs</filename>. The former is still valid for
<filename>config.nix</filename> for backwards compatibility.
</para>
</listitem>
</itemizedlist>
</section>
</section>

71
nixos/doc/manual/release-notes/rl-1709.xml Normal file
View File

@ -0,0 +1,71 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-17.09">
<title>Release 17.09 (“Hummingbird”, 2017/09/??)</title>
<para>In addition to numerous new and upgraded packages, this release
has the following highlights: </para>
<itemizedlist>
<listitem>
<para>
The user handling now keeps track of deallocated UIDs/GIDs. When a user
or group is revived, this allows it to be allocated the UID/GID it had before.
A consequence is that UIDs and GIDs are no longer reused.
</para>
</listitem>
</itemizedlist>
<para>The following new services were added since the last release:</para>
<itemizedlist>
<listitem>
<para></para>
</listitem>
</itemizedlist>
<para>When upgrading from a previous release, please be aware of the
following incompatible changes:</para>
<itemizedlist>
<listitem>
<para>
</para>
</listitem>
</itemizedlist>
<para>Other notable improvements:</para>
<itemizedlist>
<listitem>
<para>
Modules can now be disabled by using <link
xlink:href="https://nixos.org/nixpkgs/manual/#sec-replace-modules">
disabledModules</link>, allowing another to take it's place. This can be
used to import a set of modules from another channel while keeping the
rest of the system on a stable release.
</para>
</listitem>
<listitem>
<para>
Updated to FreeType 2.7.1, including a new TrueType engine.
The new engine replaces the Infinality engine which was the default in
NixOS. The default font rendering settings are now provided by
fontconfig-penultimate, replacing fontconfig-ultimate; the new defaults
are less invasive and provide rendering that is more consistent with
other systems and hopefully with each font designer's intent. Some
system-wide configuration has been removed from the Fontconfig NixOS
module where user Fontconfig settings are available.
</para>
</listitem>
</itemizedlist>
</section>

53
nixos/lib/make-disk-image.nix
View File

@ -7,6 +7,12 @@
, # The size of the disk, in megabytes.
diskSize
# The files and directories to be placed in the target file system.
# This is a list of attribute sets {source, target} where `source'
# is the file system object (regular file or directory) to be
# grafted in the file system at path `target'.
, contents ? []
, # Whether the disk should be partitioned (with a single partition
# containing the root filesystem) or contain the root filesystem
# directly.
@ -45,7 +51,14 @@ pkgs.vmTools.runInLinuxVM (
${pkgs.vmTools.qemu}/bin/qemu-img create -f ${format} $diskImage "${toString diskSize}M"
mv closure xchg/
'';
buildInputs = [ pkgs.utillinux pkgs.perl pkgs.e2fsprogs pkgs.parted ];
buildInputs = with pkgs; [ utillinux perl e2fsprogs parted rsync ];
# I'm preserving the line below because I'm going to search for it across nixpkgs to consolidate
# image building logic. The comment right below this now appears in 4 different places in nixpkgs :)
# !!! should use XML.
sources = map (x: x.source) contents;
targets = map (x: x.target) contents;
exportReferencesGraph =
[ "closure" config.system.build.toplevel ];
inherit postVM;
@ -98,11 +111,45 @@ pkgs.vmTools.runInLinuxVM (
# Remove /etc/machine-id so that each machine cloning this image will get its own id
rm -f /mnt/etc/machine-id
# Copy arbitrary other files into the image
# Semi-shamelessly copied from make-etc.sh. I (@copumpkin) shall factor this stuff out as part of
# https://github.com/NixOS/nixpkgs/issues/23052.
set -f
sources_=($sources)
targets_=($targets)
set +f
for ((i = 0; i < ''${#targets_[@]}; i++)); do
source="''${sources_[$i]}"
target="''${targets_[$i]}"
if [[ "$source" =~ '*' ]]; then
# If the source name contains '*', perform globbing.
mkdir -p /mnt/$target
for fn in $source; do
rsync -a --no-o --no-g "$fn" /mnt/$target/
done
else
mkdir -p /mnt/$(dirname $target)
if ! [ -e /mnt/$target ]; then
rsync -a --no-o --no-g $source /mnt/$target
else
echo "duplicate entry $target -> $source"
exit 1
fi
fi
done
umount /mnt
# Make sure resize2fs works
# Make sure resize2fs works. Note that resize2fs has stricter criteria for resizing than a normal
# mount, so the `-c 0` and `-i 0` don't affect it. Setting it to `now` doesn't produce deterministic
# output, of course, but we can fix that when/if we start making images deterministic.
${optionalString (fsType == "ext4") ''
tune2fs -c 0 -i 0 $rootDisk
tune2fs -T now -c 0 -i 0 $rootDisk
''}
''
)

6
nixos/lib/testing.nix
View File

@ -108,16 +108,16 @@ rec {
mkdir -p $out/bin
echo "$testScript" > $out/test-script
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/
vms="$(for i in ${toString vms}; do echo $i/bin/run-*-vm; done)"
vms=($(for i in ${toString vms}; do echo $i/bin/run-*-vm; done))
wrapProgram $out/bin/nixos-test-driver \
--add-flags "$vms" \
--add-flags "''${vms[*]}" \
${lib.optionalString enableOCR "--prefix PATH : '${ocrProg}/bin'"} \
--run "testScript=\"\$(cat $out/test-script)\"" \
--set testScript '$testScript' \
--set VLANS '${toString vlans}'
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms
wrapProgram $out/bin/nixos-run-vms \
--add-flags "$vms" \
--add-flags "''${vms[*]}" \
${lib.optionalString enableOCR "--prefix PATH : '${ocrProg}/bin'"} \
--set tests 'startAll; joinAll;' \
--set VLANS '${toString vlans}' \

23
nixos/maintainers/scripts/ec2/amazon-image.nix
View File

@ -2,15 +2,34 @@
with lib;
{
let
cfg = config.amazonImage;
in {
imports =
[ ../../../modules/installer/cd-dvd/channel.nix
../../../modules/virtualisation/amazon-image.nix
];
system.build.amazonImage = import ../../../lib/make-disk-image.nix {
options.amazonImage = {
contents = mkOption {
example = literalExample ''
[ { source = pkgs.memtest86 + "/memtest.bin";
target = "boot/memtest.bin";
}
]
'';
default = [];
description = ''
This option lists files to be copied to fixed locations in the
generated image. Glob patterns work.
'';
};
};
config.system.build.amazonImage = import ../../../lib/make-disk-image.nix {
inherit lib config;
inherit (cfg) contents;
pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
partitioned = config.ec2.hvm;
diskSize = if config.ec2.hvm then 2048 else 8192;

17
nixos/maintainers/scripts/ec2/create-amis.sh
View File

@ -3,23 +3,22 @@
# To start with do: nix-shell -p awscli --run "aws configure"
set -e
set -o pipefail
#set -x
stateDir=${TMPDIR:-/tmp}/ec2-image
echo "keeping state in $stateDir"
mkdir -p $stateDir
version=$(nix-instantiate --eval --strict '<nixpkgs>' -A lib.nixpkgsVersion | sed s/'"'//g)
major=${version:0:5}
echo "NixOS version is $version ($major)"
stateDir=/var/tmp/ec2-image-$version
echo "keeping state in $stateDir"
mkdir -p $stateDir
rm -f ec2-amis.nix
types="hvm pv"
types="hvm"
stores="ebs s3"
regions="eu-west-1 eu-west-2 eu-central-1 us-east-1 us-east-2 us-west-1 us-west-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 ap-northeast-2 sa-east-1 ap-south-1"
regions="eu-west-1 eu-west-2 eu-central-1 us-east-1 us-east-2 us-west-1 us-west-2 ca-central-1 ap-southeast-1 ap-southeast-2 ap-northeast-1 ap-northeast-2 sa-east-1 ap-south-1"
for type in $types; do
link=$stateDir/$type
@ -206,7 +205,7 @@ for type in $types; do
# Register the AMI.
if [ $type = pv ]; then
kernel=$(aws ec2 describe-images --owner amazon --filters "Name=name,Values=pv-grub-hd0_1.04-$arch.gz" | jq -r .Images[0].ImageId)
kernel=$(aws ec2 describe-images --owner amazon --filters "Name=name,Values=pv-grub-hd0_1.05-$arch.gz" | jq -r .Images[0].ImageId)
if [ "$kernel" = null ]; then break; fi
echo "using PV-GRUB kernel $kernel"
extraFlags+=" --virtualization-type paravirtual --kernel $kernel"

24
nixos/maintainers/scripts/openstack/nova-image.nix Normal file
View File

@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
with lib;
{
imports =
[ ../../../modules/installer/cd-dvd/channel.nix
../../../modules/virtualisation/nova-config.nix
];
system.build.novaImage = import ../../../lib/make-disk-image.nix {
inherit lib config;
pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
diskSize = 8192;
format = "qcow2";
configFile = pkgs.writeText "configuration.nix"
''
{
imports = [ <nixpkgs/nixos/modules/virtualisation/nova-config.nix> ];
}
'';
};
}

270
nixos/modules/config/fonts/fontconfig-penultimate.nix Normal file
View File

@ -0,0 +1,270 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.fonts.fontconfig;
fcBool = x: "<bool>" + (if x then "true" else "false") + "</bool>";
# back-supported fontconfig version and package
# version is used for font cache generation
supportVersion = "210";
supportPkg = pkgs."fontconfig_${supportVersion}";
# latest fontconfig version and package
# version is used for configuration folder name, /etc/fonts/VERSION/
# note: format differs from supportVersion and can not be used with makeCacheConf
latestVersion = pkgs.fontconfig.configVersion;
latestPkg = pkgs.fontconfig;
# supported version fonts.conf
supportFontsConf = pkgs.makeFontsConf { fontconfig = supportPkg; fontDirectories = config.fonts.fonts; };
# configuration file to read fontconfig cache
# version dependent
# priority 0
cacheConfSupport = makeCacheConf { version = supportVersion; };
cacheConfLatest = makeCacheConf {};
# generate the font cache setting file for a fontconfig version
# use latest when no version is passed
makeCacheConf = { version ? null }:
let
fcPackage = if builtins.isNull version
then "fontconfig"
else "fontconfig_${version}";
makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
cache = makeCache pkgs."${fcPackage}";
cache32 = makeCache pkgs.pkgsi686Linux."${fcPackage}";
in
pkgs.writeText "fc-00-nixos-cache.conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Font directories -->
${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
<!-- Pre-generated font caches -->
<cachedir>${cache}</cachedir>
${optionalString (pkgs.stdenv.isx86_64 && cfg.cache32Bit) ''
<cachedir>${cache32}</cachedir>
''}
</fontconfig>
'';
# The configuration to be included in /etc/font/
penultimateConf = pkgs.runCommand "font-penultimate-conf" {} ''
support_folder=$out/etc/fonts/conf.d
latest_folder=$out/etc/fonts/${latestVersion}/conf.d
mkdir -p $support_folder
mkdir -p $latest_folder
ln -s ${supportFontsConf} $support_folder/../fonts.conf
ln -s ${latestPkg.out}/etc/fonts/fonts.conf \
$latest_folder/../fonts.conf
# fontconfig-penultimate various configuration files
ln -s ${pkgs.fontconfig-penultimate}/etc/fonts/conf.d/*.conf \
$support_folder
ln -s ${pkgs.fontconfig-penultimate}/etc/fonts/conf.d/*.conf \
$latest_folder
ln -s ${cacheConfSupport} $support_folder/00-nixos-cache.conf
ln -s ${cacheConfLatest} $latest_folder/00-nixos-cache.conf
rm $support_folder/10-antialias.conf $latest_folder/10-antialias.conf
ln -s ${antialiasConf} $support_folder/10-antialias.conf
ln -s ${antialiasConf} $latest_folder/10-antialias.conf
rm $support_folder/10-hinting.conf $latest_folder/10-hinting.conf
ln -s ${hintingConf} $support_folder/10-hinting.conf
ln -s ${hintingConf} $latest_folder/10-hinting.conf
${optionalString cfg.useEmbeddedBitmaps ''
rm $support_folder/10-no-embedded-bitmaps.conf
rm $latest_folder/10-no-embedded-bitmaps.conf
''}
rm $support_folder/10-subpixel.conf $latest_folder/10-subpixel.conf
ln -s ${subpixelConf} $support_folder/10-subpixel.conf
ln -s ${subpixelConf} $latest_folder/10-subpixel.conf
${optionalString (cfg.dpi != 0) ''
ln -s ${dpiConf} $support_folder/11-dpi.conf
ln -s ${dpiConf} $latest_folder/11-dpi.conf
''}
${optionalString (!cfg.includeUserConf) ''
rm $support_folder/50-user.conf
rm $latest_folder/50-user.conf
''}
# 51-local.conf
rm $latest_folder/51-local.conf
substitute \
${pkgs.fontconfig-penultimate}/etc/fonts/conf.d/51-local.conf \
$latest_folder/51-local.conf \
--replace local.conf /etc/fonts/${latestVersion}/local.conf
ln -s ${defaultFontsConf} $support_folder/52-default-fonts.conf
ln -s ${defaultFontsConf} $latest_folder/52-default-fonts.conf
${optionalString cfg.allowBitmaps ''
rm $support_folder/53-no-bitmaps.conf
rm $latest_folder/53-no-bitmaps.conf
''}
${optionalString (!cfg.allowType1) ''
ln -s ${rejectType1} $support_folder/53-no-type1.conf
ln -s ${rejectType1} $latest_folder/53-no-type1.conf
''}
'';
hintingConf = pkgs.writeText "fc-10-hinting.conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Default rendering settings -->
<match target="pattern">
<edit mode="append" name="hinting">
${fcBool cfg.hinting.enable}
</edit>
<edit mode="append" name="autohint">
${fcBool cfg.hinting.autohint}
</edit>
<edit mode="append" name="hintstyle">
<const>hintslight</const>
</edit>
</match>
</fontconfig>
'';
antialiasConf = pkgs.writeText "fc-10-antialias.conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Default rendering settings -->
<match target="pattern">
<edit mode="append" name="antialias">
${fcBool cfg.antialias}
</edit>
</match>
</fontconfig>
'';
subpixelConf = pkgs.writeText "fc-10-subpixel.conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Default rendering settings -->
<match target="pattern">
<edit mode="append" name="rgba">
<const>${cfg.subpixel.rgba}</const>
</edit>
<edit mode="append" name="lcdfilter">
<const>lcd${cfg.subpixel.lcdfilter}</const>
</edit>
</match>
</fontconfig>
'';
dpiConf = pkgs.writeText "fc-11-dpi.conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<match target="pattern">
<edit name="dpi" mode="assign">
<double>${toString cfg.dpi}</double>
</edit>
</match>
</fontconfig>
'';
defaultFontsConf =
let genDefault = fonts: name:
optionalString (fonts != []) ''
<alias>
<family>${name}</family>
<prefer>
${concatStringsSep ""
(map (font: ''
<family>${font}</family>
'') fonts)}
</prefer>
</alias>
'';
in
pkgs.writeText "fc-52-nixos-default-fonts.conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Default fonts -->
${genDefault cfg.defaultFonts.sansSerif "sans-serif"}
${genDefault cfg.defaultFonts.serif "serif"}
${genDefault cfg.defaultFonts.monospace "monospace"}
</fontconfig>
'';
rejectType1 = pkgs.writeText "fc-53-no-type1.conf" ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<!-- Reject Type 1 fonts -->
<selectfont>
<rejectfont>
<pattern>
<patelt name="fontformat"><string>Type 1</string></patelt>
</pattern>
</rejectfont>
</selectfont>
</fontconfig>
'';
in
{
options = {
fonts = {
fontconfig = {
penultimate = {
enable = mkOption {
type = types.bool;
default = true;
description = ''
Enable fontconfig-penultimate settings to supplement the
NixOS defaults by providing per-font rendering defaults and
metric aliases.
'';
};
};
};
};
};
config = mkIf (config.fonts.fontconfig.enable && cfg.enable) {
fonts.fontconfig.confPackages = [ penultimateConf ];
};
}

102
nixos/modules/config/fonts/fontconfig-ultimate.nix
View File

@ -8,61 +8,6 @@ let fcBool = x: if x then "<bool>true</bool>" else "<bool>false</bool>";
latestVersion = pkgs.fontconfig.configVersion;
# fontconfig ultimate main configuration file
# priority 52
fontconfigUltimateConf = pkgs.writeText "fc-52-fontconfig-ultimate.conf" ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
${optionalString (!cfg.allowBitmaps) ''
<!-- Reject bitmap fonts -->
<selectfont>
<rejectfont>
<pattern>
<patelt name="scalable"><bool>false</bool></patelt>
</pattern>
</rejectfont>
</selectfont>
''}
${optionalString cfg.allowType1 ''
<!-- Reject Type 1 fonts -->
<selectfont>
<rejectfont>
<pattern>
<patelt name="fontformat">
<string>Type 1</string>
</patelt>
</pattern>
</rejectfont>
</selectfont>
''}
<!-- Use embedded bitmaps in fonts like Calibri? -->
<match target="font">
<edit name="embeddedbitmap" mode="assign">
${fcBool cfg.useEmbeddedBitmaps}
</edit>
</match>
<!-- Force autohint always -->
<match target="font">
<edit name="force_autohint" mode="assign">
${fcBool cfg.forceAutohint}
</edit>
</match>
<!-- Render some monospace TTF fonts as bitmaps -->
<match target="pattern">
<edit name="bitmap_monospace" mode="assign">
${fcBool cfg.renderMonoTTFAsBitmap}
</edit>
</match>
</fontconfig>
'';
# The configuration to be included in /etc/font/
confPkg = pkgs.runCommand "font-ultimate-conf" {} ''
support_folder=$out/etc/fonts/conf.d
@ -71,12 +16,6 @@ let fcBool = x: if x then "<bool>true</bool>" else "<bool>false</bool>";
mkdir -p $support_folder
mkdir -p $latest_folder
# 52-fontconfig-ultimate.conf
ln -s ${fontconfigUltimateConf} \
$support_folder/52-fontconfig-ultimate.conf
ln -s ${fontconfigUltimateConf} \
$latest_folder/52-fontconfig-ultimate.conf
# fontconfig ultimate substitutions
${optionalString (cfg.substitutions != "none") ''
ln -s ${pkgs.fontconfig-ultimate}/etc/fonts/presets/${cfg.substitutions}/*.conf \
@ -104,7 +43,7 @@ in
ultimate = {
enable = mkOption {
type = types.bool;
default = true;
default = false;
description = ''
Enable fontconfig-ultimate settings (formerly known as
Infinality). Besides the customizable settings in this NixOS
@ -113,45 +52,6 @@ in
'';
};
allowBitmaps = mkOption {
type = types.bool;
default = true;
description = ''
Allow bitmap fonts. Set to <literal>false</literal> to ban all
bitmap fonts.
'';
};
allowType1 = mkOption {
type = types.bool;
default = false;
description = ''
Allow Type-1 fonts. Default is <literal>false</literal> because of
poor rendering.
'';
};
useEmbeddedBitmaps = mkOption {
type = types.bool;
default = false;
description = ''Use embedded bitmaps in fonts like Calibri.'';
};
forceAutohint = mkOption {
type = types.bool;
default = false;
description = ''
Force use of the TrueType Autohinter. Useful for debugging or
free-software purists.
'';
};
renderMonoTTFAsBitmap = mkOption {
type = types.bool;
default = false;
description = ''Render some monospace TTF fonts as bitmaps.'';
};
substitutions = mkOption {
type = types.nullOr (types.enum ["free" "combi" "ms"]);
default = "free";

169
nixos/modules/config/fonts/fontconfig.nix
View File

@ -41,11 +41,11 @@ let cfg = config.fonts.fontconfig;
# priority 0
cacheConfSupport = makeCacheConf { version = supportVersion; };
cacheConfLatest = makeCacheConf {};
# generate the font cache setting file for a fontconfig version
# use latest when no version is passed
makeCacheConf = { version ? null }:
let
let
fcPackage = if builtins.isNull version
then "fontconfig"
else "fontconfig_${version}";
@ -75,23 +75,23 @@ let cfg = config.fonts.fontconfig;
<fontconfig>
<!-- Default rendering settings -->
<match target="font">
<edit mode="assign" name="hinting">
<match target="pattern">
<edit mode="append" name="hinting">
${fcBool cfg.hinting.enable}
</edit>
<edit mode="assign" name="autohint">
<edit mode="append" name="autohint">
${fcBool cfg.hinting.autohint}
</edit>
<edit mode="assign" name="hintstyle">
<const>hint${cfg.hinting.style}</const>
<edit mode="append" name="hintstyle">
<const>hintslight</const>
</edit>
<edit mode="assign" name="antialias">
<edit mode="append" name="antialias">
${fcBool cfg.antialias}
</edit>
<edit mode="assign" name="rgba">
<edit mode="append" name="rgba">
<const>${cfg.subpixel.rgba}</const>
</edit>
<edit mode="assign" name="lcdfilter">
<edit mode="append" name="lcdfilter">
<const>lcd${cfg.subpixel.lcdfilter}</const>
</edit>
</match>
@ -113,7 +113,7 @@ let cfg = config.fonts.fontconfig;
# default fonts configuration file
# priority 52
defaultFontsConf =
defaultFontsConf =
let genDefault = fonts: name:
optionalString (fonts != []) ''
<alias>
@ -142,7 +142,54 @@ let cfg = config.fonts.fontconfig;
</fontconfig>
'';
# fontconfig configuration package
# bitmap font options
# priority 53
rejectBitmaps = pkgs.writeText "fc-53-nixos-bitmaps.conf" ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
${optionalString (!cfg.allowBitmaps) ''
<!-- Reject bitmap fonts -->
<selectfont>
<rejectfont>
<pattern>
<patelt name="scalable"><bool>false</bool></patelt>
</pattern>
</rejectfont>
</selectfont>
''}
<!-- Use embedded bitmaps in fonts like Calibri? -->
<match target="font">
<edit name="embeddedbitmap" mode="assign">
${fcBool cfg.useEmbeddedBitmaps}
</edit>
</match>
</fontconfig>
'';
# reject Type 1 fonts
# priority 53
rejectType1 = pkgs.writeText "fc-53-nixos-reject-type1.conf" ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<!-- Reject Type 1 fonts -->
<selectfont>
<rejectfont>
<pattern>
<patelt name="fontformat"><string>Type 1</string></patelt>
</pattern>
</rejectfont>
</selectfont>
</fontconfig>
'';
# fontconfig configuration package
confPkg = pkgs.runCommand "fontconfig-conf" {} ''
support_folder=$out/etc/fonts
latest_folder=$out/etc/fonts/${latestVersion}
@ -166,7 +213,7 @@ let cfg = config.fonts.fontconfig;
substitute ${latestPkg.out}/etc/fonts/conf.d/51-local.conf \
$latest_folder/conf.d/51-local.conf \
--replace local.conf /etc/fonts/${latestVersion}/local.conf
--replace local.conf /etc/fonts/${latestVersion}/local.conf
# 00-nixos-cache.conf
ln -s ${cacheConfSupport} \
@ -192,6 +239,16 @@ let cfg = config.fonts.fontconfig;
# 52-nixos-default-fonts.conf
ln -s ${defaultFontsConf} $support_folder/conf.d/52-nixos-default-fonts.conf
ln -s ${defaultFontsConf} $latest_folder/conf.d/52-nixos-default-fonts.conf
# 53-nixos-bitmaps.conf
ln -s ${rejectBitmaps} $support_folder/conf.d/53-nixos-bitmaps.conf
ln -s ${rejectBitmaps} $latest_folder/conf.d/53-nixos-bitmaps.conf
${optionalString (! cfg.allowType1) ''
# 53-nixos-reject-type1.conf
ln -s ${rejectType1} $support_folder/conf.d/53-nixos-reject-type1.conf
ln -s ${rejectType1} $latest_folder/conf.d/53-nixos-reject-type1.conf
''}
'';
# Package with configuration files
@ -233,7 +290,11 @@ in
antialias = mkOption {
type = types.bool;
default = true;
description = "Enable font antialiasing.";
description = ''
Enable font antialiasing. At high resolution (> 200 DPI),
antialiasing has no visible effect; users of such displays may want
to disable this option.
'';
};
dpi = mkOption {
@ -249,7 +310,7 @@ in
type = types.lines;
default = "";
description = ''
System-wide customization file contents, has higher priority than
System-wide customization file contents, has higher priority than
<literal>defaultFonts</literal> settings.
'';
};
@ -287,26 +348,21 @@ in
enable = mkOption {
type = types.bool;
default = true;
description = "Enable TrueType hinting.";
description = ''
Enable font hinting. Hinting aligns glyphs to pixel boundaries to
improve rendering sharpness at low resolution. At high resolution
(> 200 dpi) hinting will do nothing (at best); users of such
displays may want to disable this option.
'';
};
autohint = mkOption {
type = types.bool;
default = true;
default = false;
description = ''
Enable the autohinter, which provides hinting for otherwise
un-hinted fonts. The results are usually lower quality than
correctly-hinted fonts.
'';
};
style = mkOption {
type = types.enum ["none" "slight" "medium" "full"];
default = "full";
description = ''
TrueType hinting style, one of <literal>none</literal>,
<literal>slight</literal>, <literal>medium</literal>, or
<literal>full</literal>.
Enable the autohinter in place of the default interpreter.
The results are usually lower quality than correctly-hinted
fonts, but better than unhinted fonts.
'';
};
};
@ -327,7 +383,15 @@ in
default = "rgb";
type = types.enum ["rgb" "bgr" "vrgb" "vbgr" "none"];
description = ''
Subpixel order.
Subpixel order. The overwhelming majority of displays are
<literal>rgb</literal> in their normal orientation. Select
<literal>vrgb</literal> for mounting such a display 90 degrees
clockwise from its normal orientation or <literal>vbgr</literal>
for mounting 90 degrees counter-clockwise. Select
<literal>bgr</literal> in the unlikely event of mounting 180
degrees from the normal orientation. Reverse these directions in
the improbable event that the display's native subpixel order is
<literal>bgr</literal>.
'';
};
@ -335,7 +399,9 @@ in
default = "default";
type = types.enum ["none" "default" "light" "legacy"];
description = ''
FreeType LCD filter.
FreeType LCD filter. At high resolution (> 200 DPI), LCD filtering
has no visible effect; users of such displays may want to select
<literal>none</literal>.
'';
};
@ -349,16 +415,43 @@ in
'';
};
allowBitmaps = mkOption {
type = types.bool;
default = true;
description = ''
Allow bitmap fonts. Set to <literal>false</literal> to ban all
bitmap fonts.
'';
};
allowType1 = mkOption {
type = types.bool;
default = false;
description = ''
Allow Type-1 fonts. Default is <literal>false</literal> because of
poor rendering.
'';
};
useEmbeddedBitmaps = mkOption {
type = types.bool;
default = false;
description = ''Use embedded bitmaps in fonts like Calibri.'';
};
};
};
};
config = mkIf cfg.enable {
fonts.fontconfig.confPackages = [ confPkg ];
environment.systemPackages = [ pkgs.fontconfig ];
environment.etc.fonts.source = "${fontconfigEtc}/etc/fonts/";
};
config = mkMerge [
(mkIf cfg.enable {
environment.systemPackages = [ pkgs.fontconfig ];
environment.etc.fonts.source = "${fontconfigEtc}/etc/fonts/";
})
(mkIf (cfg.enable && !cfg.penultimate.enable) {
fonts.fontconfig.confPackages = [ confPkg ];
})
];
}

1
nixos/modules/config/fonts/fonts.nix
View File

@ -37,6 +37,7 @@ with lib;
pkgs.xorg.fontbhlucidatypewriter75dpi
pkgs.dejavu_fonts
pkgs.freefont_ttf
pkgs.gyre-fonts # TrueType substitutes for standard PostScript fonts
pkgs.liberation_ttf
pkgs.xorg.fontbh100dpi
pkgs.xorg.fontmiscmisc

9
nixos/modules/config/networking.nix
View File

@ -178,10 +178,10 @@ in
environment.etc =
{ # /etc/services: TCP/UDP port assignments.
"services".source = pkgs.iana_etc + "/etc/services";
"services".source = pkgs.iana-etc + "/etc/services";
# /etc/protocols: IP protocol numbers.
"protocols".source = pkgs.iana_etc + "/etc/protocols";
"protocols".source = pkgs.iana-etc + "/etc/protocols";
# /etc/rpc: RPC program numbers.
"rpc".source = pkgs.glibc.out + "/etc/rpc";
@ -251,11 +251,6 @@ in
# Install the proxy environment variables
environment.sessionVariables = cfg.proxy.envVars;
# The ip-up target is kept for backwards compatibility.
# New services should use systemd upstream targets:
# See https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
systemd.targets.ip-up.description = "Services Requiring IP Connectivity (deprecated)";
# This is needed when /etc/resolv.conf is being overriden by networkd
# and other configurations. If the file is destroyed by an environment
# activation then it must be rebuilt so that applications which interface

2
nixos/modules/config/pulseaudio.nix
View File

@ -274,6 +274,8 @@ in {
RestartSec = "500ms";
};
};
environment.variables.PULSE_COOKIE = "${stateDir}/.config/pulse/cookie";
})
];

3
nixos/modules/config/shells-environment.nix
View File

@ -168,9 +168,6 @@ in
${cfg.extraInit}
# The setuid/setcap wrappers override other bin directories.
export PATH="${config.security.wrapperDir}:$PATH"
# ~/bin if it exists overrides other bin directories.
export PATH="$HOME/bin:$PATH"
'';

4
nixos/modules/config/sysctl.nix
View File

@ -64,5 +64,9 @@ in
# Removed under grsecurity.
boot.kernel.sysctl."kernel.kptr_restrict" =
if (config.boot.kernelPackages.kernel.features.grsecurity or false) then null else 1;
# Disable YAMA by default to allow easy debugging.
boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkDefault 0;
};
}

72
nixos/modules/config/update-users-groups.pl
View File

@ -6,6 +6,21 @@ use JSON;
make_path("/var/lib/nixos", { mode => 0755 });
# Keep track of deleted uids and gids.
my $uidMapFile = "/var/lib/nixos/uid-map";
my $uidMap = -e $uidMapFile ? decode_json(read_file($uidMapFile)) : {};
my $gidMapFile = "/var/lib/nixos/gid-map";
my $gidMap = -e $gidMapFile ? decode_json(read_file($gidMapFile)) : {};
sub updateFile {
my ($path, $contents, $perms) = @_;
write_file("$path.tmp", { binmode => ':utf8', perms => $perms // 0644 }, $contents);
rename("$path.tmp", $path) or die;
}
sub hashPassword {
my ($password) = @_;
my $salt = "";
@ -18,10 +33,10 @@ sub hashPassword {
# Functions for allocating free GIDs/UIDs. FIXME: respect ID ranges in
# /etc/login.defs.
sub allocId {
my ($used, $idMin, $idMax, $up, $getid) = @_;
my ($used, $prevUsed, $idMin, $idMax, $up, $getid) = @_;
my $id = $up ? $idMin : $idMax;
while ($id >= $idMin && $id <= $idMax) {
if (!$used->{$id} && !defined &$getid($id)) {
if (!$used->{$id} && !$prevUsed->{$id} && !defined &$getid($id)) {
$used->{$id} = 1;
return $id;
}
@ -31,23 +46,36 @@ sub allocId {
die "$0: out of free UIDs or GIDs\n";
}
my (%gidsUsed, %uidsUsed);
my (%gidsUsed, %uidsUsed, %gidsPrevUsed, %uidsPrevUsed);
sub allocGid {
return allocId(\%gidsUsed, 400, 499, 0, sub { my ($gid) = @_; getgrgid($gid) });
my ($name) = @_;
my $prevGid = $gidMap->{$name};
if (defined $prevGid && !defined $gidsUsed{$prevGid}) {
print STDERR "reviving group '$name' with GID $prevGid\n";
$gidsUsed{$prevGid} = 1;
return $prevGid;
}
return allocId(\%gidsUsed, \%gidsPrevUsed, 400, 499, 0, sub { my ($gid) = @_; getgrgid($gid) });
}
sub allocUid {
my ($isSystemUser) = @_;
my ($name, $isSystemUser) = @_;
my ($min, $max, $up) = $isSystemUser ? (400, 499, 0) : (1000, 29999, 1);
return allocId(\%uidsUsed, $min, $max, $up, sub { my ($uid) = @_; getpwuid($uid) });
my $prevUid = $uidMap->{$name};
if (defined $prevUid && $prevUid >= $min && $prevUid <= $max && !defined $uidsUsed{$prevUid}) {
print STDERR "reviving user '$name' with UID $prevUid\n";
$uidsUsed{$prevUid} = 1;
return $prevUid;
}
return allocId(\%uidsUsed, \%uidsPrevUsed, $min, $max, $up, sub { my ($uid) = @_; getpwuid($uid) });
}
# Read the declared users/groups.
my $spec = decode_json(read_file($ARGV[0]));
# Don't allocate UIDs/GIDs that are already in use.
# Don't allocate UIDs/GIDs that are manually assigned.
foreach my $g (@{$spec->{groups}}) {
$gidsUsed{$g->{gid}} = 1 if defined $g->{gid};
}
@ -56,6 +84,11 @@ foreach my $u (@{$spec->{users}}) {
$uidsUsed{$u->{uid}} = 1 if defined $u->{uid};
}
# Likewise for previously used but deleted UIDs/GIDs.
$uidsPrevUsed{$_} = 1 foreach values %{$uidMap};
$gidsPrevUsed{$_} = 1 foreach values %{$gidMap};
# Read the current /etc/group.
sub parseGroup {
chomp;
@ -114,16 +147,18 @@ foreach my $g (@{$spec->{groups}}) {
}
}
} else {
$g->{gid} = allocGid if !defined $g->{gid};
$g->{gid} = allocGid($name) if !defined $g->{gid};
$g->{password} = "x";
}
$g->{members} = join ",", sort(keys(%members));
$groupsOut{$name} = $g;
$gidMap->{$name} = $g->{gid};
}
# Update the persistent list of declarative groups.
write_file($declGroupsFile, { binmode => ':utf8' }, join(" ", sort(keys %groupsOut)));
updateFile($declGroupsFile, join(" ", sort(keys %groupsOut)));
# Merge in the existing /etc/group.
foreach my $name (keys %groupsCur) {
@ -140,8 +175,8 @@ foreach my $name (keys %groupsCur) {
# Rewrite /etc/group. FIXME: acquire lock.
my @lines = map { join(":", $_->{name}, $_->{password}, $_->{gid}, $_->{members}) . "\n" }
(sort { $a->{gid} <=> $b->{gid} } values(%groupsOut));
write_file("/etc/group.tmp", { binmode => ':utf8' }, @lines);
rename("/etc/group.tmp", "/etc/group") or die;
updateFile($gidMapFile, encode_json($gidMap));
updateFile("/etc/group", \@lines);
system("nscd --invalidate group");
# Generate a new /etc/passwd containing the declared users.
@ -167,7 +202,7 @@ foreach my $u (@{$spec->{users}}) {
$u->{uid} = $existing->{uid};
}
} else {
$u->{uid} = allocUid($u->{isSystemUser}) if !defined $u->{uid};
$u->{uid} = allocUid($name, $u->{isSystemUser}) if !defined $u->{uid};
if (defined $u->{initialPassword}) {
$u->{hashedPassword} = hashPassword($u->{initialPassword});
@ -177,7 +212,7 @@ foreach my $u (@{$spec->{users}}) {
}
# Create a home directory.
if ($u->{createHome} && ! -e $u->{home}) {
if ($u->{createHome}) {
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
chown $u->{uid}, $u->{gid}, $u->{home};
}
@ -195,10 +230,12 @@ foreach my $u (@{$spec->{users}}) {
$u->{fakePassword} = $existing->{fakePassword} // "x";
$usersOut{$name} = $u;
$uidMap->{$name} = $u->{uid};
}
# Update the persistent list of declarative users.
write_file($declUsersFile, { binmode => ':utf8' }, join(" ", sort(keys %usersOut)));
updateFile($declUsersFile, join(" ", sort(keys %usersOut)));
# Merge in the existing /etc/passwd.
foreach my $name (keys %usersCur) {
@ -214,8 +251,8 @@ foreach my $name (keys %usersCur) {
# Rewrite /etc/passwd. FIXME: acquire lock.
@lines = map { join(":", $_->{name}, $_->{fakePassword}, $_->{uid}, $_->{gid}, $_->{description}, $_->{home}, $_->{shell}) . "\n" }
(sort { $a->{uid} <=> $b->{uid} } (values %usersOut));
write_file("/etc/passwd.tmp", { binmode => ':utf8' }, @lines);
rename("/etc/passwd.tmp", "/etc/passwd") or die;
updateFile($uidMapFile, encode_json($uidMap));
updateFile("/etc/passwd", \@lines);
system("nscd --invalidate passwd");
@ -242,5 +279,4 @@ foreach my $u (values %usersOut) {
push @shadowNew, join(":", $u->{name}, $hashedPassword, "1::::::") . "\n";
}
write_file("/etc/shadow.tmp", { binmode => ':utf8', perms => 0600 }, @shadowNew);
rename("/etc/shadow.tmp", "/etc/shadow") or die;
updateFile("/etc/shadow", \@shadowNew, 0600);

1
nixos/modules/hardware/all-firmware.nix
View File

@ -26,6 +26,7 @@ with lib;
firmwareLinuxNonfree
intel2200BGFirmware
rtl8723bs-firmware
rtl8192su-firmware
];
};

3
nixos/modules/hardware/cpu/amd-microcode.nix
View File

@ -22,7 +22,8 @@ with lib;
###### implementation
config = mkIf config.hardware.cpu.amd.updateMicrocode {
boot.initrd.prepend = [ "${pkgs.microcodeAmd}/amd-ucode.img" ];
# Microcode updates must be the first item prepended in the initrd
boot.initrd.prepend = mkOrder 1 [ "${pkgs.microcodeAmd}/amd-ucode.img" ];
};
}

3
nixos/modules/hardware/cpu/intel-microcode.nix
View File

@ -22,7 +22,8 @@ with lib;
###### implementation
config = mkIf config.hardware.cpu.intel.updateMicrocode {
boot.initrd.prepend = [ "${pkgs.microcodeIntel}/intel-ucode.img" ];
# Microcode updates must be the first item prepended in the initrd
boot.initrd.prepend = mkOrder 1 [ "${pkgs.microcodeIntel}/intel-ucode.img" ];
};
}

37
nixos/modules/hardware/mcelog.nix Normal file
View File

@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
with lib;
{
meta.maintainers = [ maintainers.grahamc ];
options = {
hardware.mcelog = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable the Machine Check Exception logger.
'';
};
};
};
config = mkIf config.hardware.mcelog.enable {
systemd.services.mcelog = {
description = "Machine Check Exception Logging Daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.mcelog}/bin/mcelog --daemon --foreground";
SuccessExitStatus = [ 0 15 ];
ProtectHome = true;
PrivateNetwork = true;
PrivateTmp = true;
};
};
};
}

30
nixos/modules/hardware/sensor/iio.nix Normal file
View File

@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }:
with lib;
{
###### interface
options = {
hardware.sensor.iio = {
enable = mkOption {
description = "Enable this option to support IIO sensors.";
type = types.bool;
default = false;
};
};
};
###### implementation
config = mkIf config.hardware.sensor.iio.enable {
boot.initrd.availableKernelModules = [ "hid-sensor-hub" ];
environment.systemPackages = with pkgs; [ iio-sensor-proxy ];
services.dbus.packages = with pkgs; [ iio-sensor-proxy ];
services.udev.packages = with pkgs; [ iio-sensor-proxy ];
systemd.packages = with pkgs; [ iio-sensor-proxy ];
};
}

26
nixos/modules/hardware/usb-wwan.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
with lib;
{
###### interface
options = {
hardware.usbWwan = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable this option to support USB WWAN adapters.
'';
};
};
};
###### implementation
config = mkIf config.hardware.usbWwan.enable {
services.udev.packages = with pkgs; [ usb-modeswitch-data ];
};
}

4
nixos/modules/hardware/video/bumblebee.nix
View File

@ -13,7 +13,7 @@ let
useDisplayDevice = cfg.connectDisplay;
};
useBbswitch = cfg.pmMethod == "bbswitch";
useBbswitch = cfg.pmMethod == "bbswitch" || cfg.pmMethod == "auto" && useNvidia;
primus = pkgs.primus.override {
inherit useNvidia;
@ -65,7 +65,7 @@ in
pmMethod = mkOption {
default = "auto";
type = types.enum [ "auto" "bbswitch" "nouveau" "switcheroo" "none" ];
type = types.enum [ "auto" "bbswitch" "switcheroo" "none" ];
description = ''
Set preferred power management method for unused card.
'';

2
nixos/modules/i18n/input-method/ibus.nix
View File

@ -44,7 +44,7 @@ in
panel = mkOption {
type = with types; nullOr path;
default = null;
example = literalExample "''${pkgs.kde5.plasma-desktop}/lib/libexec/kimpanel-ibus-panel";
example = literalExample "''${pkgs.plasma5.plasma-desktop}/lib/libexec/kimpanel-ibus-panel";
description = "Replace the IBus panel with another panel.";
};
};

13
nixos/modules/installer/cd-dvd/channel.nix
View File

@ -6,6 +6,16 @@
with lib;
let
# Do not include these things:
# - The '.git' directory
# - Result symlinks from nix-build ('result', 'result-2', 'result-bin', ...)
# - VIM/Emacs swap/backup files ('.swp', '.swo', '.foo.swp', 'foo~', ...)
filterFn = path: type: let basename = baseNameOf (toString path); in
if type == "directory" then basename != ".git"
else if type == "symlink" then builtins.match "^result(|-.*)$" basename == null
else builtins.match "^((|\..*)\.sw[a-z]|.*~)$" basename == null;
nixpkgs = builtins.filterSource filterFn pkgs.path;
# We need a copy of the Nix expressions for Nixpkgs and NixOS on the
# CD. These are installed into the "nixos" channel of the root
@ -15,12 +25,11 @@ let
{ }
''
mkdir -p $out
cp -prd ${pkgs.path} $out/nixos
cp -prd ${nixpkgs} $out/nixos
chmod -R u+w $out/nixos
if [ ! -e $out/nixos/nixpkgs ]; then
ln -s . $out/nixos/nixpkgs
fi
rm -rf $out/nixos/.git
echo -n ${config.system.nixosVersionSuffix} > $out/nixos/.version-suffix
'';

4
nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix
View File

@ -18,7 +18,7 @@ with lib;
autoLogin = true;
};
desktopManager.kde5 = {
desktopManager.plasma5 = {
enable = true;
enableQt4Support = false;
};
@ -66,7 +66,7 @@ with lib;
in ''
mkdir -p /root/Desktop
ln -sfT ${desktopFile} /root/Desktop/nixos-manual.desktop
ln -sfT ${pkgs.kde5.konsole}/share/applications/org.kde.konsole.desktop /root/Desktop/org.kde.konsole.desktop
ln -sfT ${pkgs.konsole}/share/applications/org.kde.konsole.desktop /root/Desktop/org.kde.konsole.desktop
ln -sfT ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
'';

3
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -172,7 +172,6 @@ in
isoImage.includeSystemBuildDependencies = mkOption {
default = false;
example = true;
description = ''
Set this option to include all the needed sources etc in the
image. It significantly increases image size. Use that when
@ -280,7 +279,7 @@ in
options = [ "allow_other" "cow" "nonempty" "chroot=/mnt-root" "max_files=32768" "hide_meta_files" "dirs=/nix/.rw-store=rw:/nix/.ro-store=ro" ];
};
boot.initrd.availableKernelModules = [ "squashfs" "iso9660" "usb-storage" ];
boot.initrd.availableKernelModules = [ "squashfs" "iso9660" "usb-storage" "uas" ];
boot.blacklistedKernelModules = [ "nouveau" ];

2
nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix
View File

@ -28,7 +28,7 @@ in
boot.loader.generic-extlinux-compatible.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelParams = ["console=ttyS0,115200n8" "console=ttymxc0,115200n8" "console=ttyAMA0,115200n8" "console=ttyO0,115200n8" "console=tty0"];
boot.kernelParams = ["console=ttyS0,115200n8" "console=ttymxc0,115200n8" "console=ttyAMA0,115200n8" "console=ttyO0,115200n8" "console=ttySAC2,115200n8" "console=tty0"];
# FIXME: this probably should be in installation-device.nix
users.extraUsers.root.initialHashedPassword = "";

2
nixos/modules/installer/tools/auto-upgrade.nix
View File

@ -48,7 +48,7 @@ let cfg = config.system.autoUpgrade; in
description = ''
Specification (in the format described by
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>) of the time at
<manvolnum>7</manvolnum></citerefentry>) of the time at
which the update will occur.
'';
};

6
nixos/modules/installer/tools/nix-fallback-paths.nix
View File

@ -1,5 +1,5 @@
{
x86_64-linux = "/nix/store/qdkzm17csr24snk247a1s0c47ikq5sl6-nix-1.11.6";
i686-linux = "/nix/store/hiwp53747lxlniqy5wpbql5izjrs8z0z-nix-1.11.6";
x86_64-darwin = "/nix/store/hca2hqcvwncf23hiqyqgwbsdy8vvl9xv-nix-1.11.6";
x86_64-linux = "/nix/store/j6q3pb75q1sbk0xsa5x6a629ph98ycdl-nix-1.11.8";
i686-linux = "/nix/store/4m6ps568l988bbr1p2k3w9raq3rblppi-nix-1.11.8";
x86_64-darwin = "/nix/store/cc5q944yn3j2hrs8k0kxx9r2mk9mni8a-nix-1.11.8";
}

2
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -607,7 +607,7 @@ $bootLoaderConfig
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.kde5.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.extraUsers.guest = {

30
nixos/modules/installer/tools/nixos-rebuild.sh
View File

@ -278,24 +278,22 @@ if [ -n "$buildNix" ]; then
echo "building Nix..." >&2
nixDrv=
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A config.nix.package.out "${extraBuildFlags[@]}")"; then
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A nixFallback "${extraBuildFlags[@]}")"; then
if ! nixDrv="$(nix-instantiate '<nixpkgs>' --add-root $tmpDir/nix.drv --indirect -A nix "${extraBuildFlags[@]}")"; then
nixStorePath="$(prebuiltNix "$(uname -m)")"
if ! nix-store -r $nixStorePath --add-root $tmpDir/nix --indirect \
--option extra-binary-caches https://cache.nixos.org/; then
if ! nixDrv="$(nix-instantiate '<nixpkgs>' --add-root $tmpDir/nix.drv --indirect -A nix "${extraBuildFlags[@]}")"; then
nixStorePath="$(prebuiltNix "$(uname -m)")"
if ! nix-store -r $nixStorePath --add-root $tmpDir/nix --indirect \
--option extra-binary-caches https://cache.nixos.org/; then
echo "warning: don't know how to get latest Nix" >&2
fi
# Older version of nix-store -r don't support --add-root.
[ -e $tmpDir/nix ] || ln -sf $nixStorePath $tmpDir/nix
if [ -n "$buildHost" ]; then
remoteNixStorePath="$(prebuiltNix "$(buildHostCmd uname -m)")"
remoteNix="$remoteNixStorePath/bin"
if ! buildHostCmd nix-store -r $remoteNixStorePath \
--option extra-binary-caches https://cache.nixos.org/ >/dev/null; then
remoteNix=
echo "warning: don't know how to get latest Nix" >&2
fi
# Older version of nix-store -r don't support --add-root.
[ -e $tmpDir/nix ] || ln -sf $nixStorePath $tmpDir/nix
if [ -n "$buildHost" ]; then
remoteNixStorePath="$(prebuiltNix "$(buildHostCmd uname -m)")"
remoteNix="$remoteNixStorePath/bin"
if ! buildHostCmd nix-store -r $remoteNixStorePath \
--option extra-binary-caches https://cache.nixos.org/ >/dev/null; then
remoteNix=
echo "warning: don't know how to get latest Nix" >&2
fi
fi
fi
fi
fi

2
nixos/modules/misc/ids.nix
View File

@ -288,6 +288,7 @@
kresd = 270;
rpc = 271;
geoip = 272;
fcron = 273;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -545,6 +546,7 @@
kresd = 270;
#rpc = 271; # unused
#geoip = 272; # unused
fcron = 273;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

4
nixos/modules/misc/locate.nix
View File

@ -104,13 +104,13 @@ in {
users.extraGroups = mkIf isMLocate { mlocate = {}; };
security.wrappers = mkIf isMLocate {
mlocate = {
locate = {
group = "mlocate";
owner = "root";
permissions = "u+rx,g+x,o+x";
setgid = true;
setuid = false;
program = "locate";
source = "${cfg.locate}/bin/locate";
};
};

7
nixos/modules/misc/version.nix
View File

@ -95,7 +95,7 @@ in
nixosVersionSuffix = mkIf (pathIsDirectory gitRepo) (mkDefault (".git." + gitCommitId));
# Note: code names must only increase in alphabetical order.
nixosCodeName = "Gorilla";
nixosCodeName = "Hummingbird";
};
# Generate /etc/os-release. See
@ -106,9 +106,12 @@ in
NAME=NixOS
ID=nixos
VERSION="${config.system.nixosVersion} (${config.system.nixosCodeName})"
VERSION_CODENAME=${toLower config.system.nixosCodeName}
VERSION_ID="${config.system.nixosVersion}"
PRETTY_NAME="NixOS ${config.system.nixosVersion} (${config.system.nixosCodeName})"
HOME_URL="http://nixos.org/"
HOME_URL="https://nixos.org/"
SUPPORT_URL="https://nixos.org/nixos/support.html"
BUG_REPORT_URL="https://github.com/NixOS/nixpkgs/issues"
'';
};

21
nixos/modules/module-list.nix
View File

@ -1,8 +1,9 @@
[
./config/debug-info.nix
./config/fonts/corefonts.nix
./config/fonts/fontconfig-ultimate.nix
./config/fonts/fontconfig.nix
./config/fonts/fontconfig-penultimate.nix
./config/fonts/fontconfig-ultimate.nix
./config/fonts/fontdir.nix
./config/fonts/fonts.nix
./config/fonts/ghostscript.nix
@ -29,7 +30,9 @@
./hardware/ckb.nix
./hardware/cpu/amd-microcode.nix
./hardware/cpu/intel-microcode.nix
./hardware/sensor/iio.nix
./hardware/ksm.nix
./hardware/mcelog.nix
./hardware/network/b43.nix
./hardware/network/intel-2100bg.nix
./hardware/network/intel-2200bg.nix
@ -38,6 +41,7 @@
./hardware/network/rtl8192c.nix
./hardware/opengl.nix
./hardware/pcmcia.nix
./hardware/usb-wwan.nix
./hardware/video/amdgpu.nix
./hardware/video/amdgpu-pro.nix
./hardware/video/ati.nix
@ -93,6 +97,7 @@
./programs/tmux.nix
./programs/venus.nix
./programs/vim.nix
./programs/wireshark.nix
./programs/wvdial.nix
./programs/xfs_quota.nix
./programs/xonsh.nix
@ -104,6 +109,7 @@
./security/audit.nix
./security/ca.nix
./security/chromium-suid-sandbox.nix
./security/dhparams.nix
./security/duosec.nix
./security/grsecurity.nix
./security/hidepid.nix
@ -124,6 +130,7 @@
./services/audio/liquidsoap.nix
./services/audio/mpd.nix
./services/audio/mopidy.nix
./services/audio/slimserver.nix
./services/audio/squeezelite.nix
./services/audio/ympd.nix
./services/backup/almir.nix
@ -132,7 +139,6 @@
./services/backup/mysql-backup.nix
./services/backup/postgresql-backup.nix
./services/backup/rsnapshot.nix
./services/backup/sitecopy-backup.nix
./services/backup/tarsnap.nix
./services/backup/znapzend.nix
./services/cluster/fleet.nix
@ -242,6 +248,7 @@
./services/mail/rmilter.nix
./services/misc/apache-kafka.nix
./services/misc/autofs.nix
./services/misc/autorandr.nix
./services/misc/bepasty.nix
./services/misc/canto-daemon.nix
./services/misc/calibre-server.nix
@ -268,6 +275,8 @@
./services/misc/gogs.nix
./services/misc/gpsd.nix
#./services/misc/ihaskell.nix
./services/misc/irkerd.nix
./services/misc/jackett.nix
./services/misc/leaps.nix
./services/misc/mantisbt.nix
./services/misc/mathics.nix
@ -288,6 +297,7 @@
./services/misc/parsoid.nix
./services/misc/phd.nix
./services/misc/plex.nix
./services/misc/radarr.nix
./services/misc/redmine.nix
./services/misc/rippled.nix
./services/misc/ripple-rest.nix
@ -324,10 +334,12 @@
./services/monitoring/prometheus/default.nix
./services/monitoring/prometheus/alertmanager.nix
./services/monitoring/prometheus/blackbox-exporter.nix
./services/monitoring/prometheus/fritzbox-exporter.nix
./services/monitoring/prometheus/json-exporter.nix
./services/monitoring/prometheus/nginx-exporter.nix
./services/monitoring/prometheus/node-exporter.nix
./services/monitoring/prometheus/snmp-exporter.nix
./services/monitoring/prometheus/unifi-exporter.nix
./services/monitoring/prometheus/varnish-exporter.nix
./services/monitoring/riemann.nix
./services/monitoring/riemann-dash.nix
@ -424,6 +436,7 @@
./services/networking/namecoind.nix
./services/networking/nat.nix
./services/networking/networkmanager.nix
./services/networking/nftables.nix
./services/networking/ngircd.nix
./services/networking/nix-serve.nix
./services/networking/nntp-proxy.nix
@ -444,7 +457,7 @@
./services/networking/prayer.nix
./services/networking/privoxy.nix
./services/networking/prosody.nix
./services/networking/quagga.nix
# ./services/networking/quagga.nix
./services/networking/quassel.nix
./services/networking/racoon.nix
./services/networking/radicale.nix
@ -518,6 +531,7 @@
./services/system/cgmanager.nix
./services/system/cloud-init.nix
./services/system/dbus.nix
./services/system/earlyoom.nix
./services/system/kerberos.nix
./services/system/nscd.nix
./services/system/uptimed.nix
@ -566,6 +580,7 @@
./services/x11/display-managers/lightdm.nix
./services/x11/display-managers/sddm.nix
./services/x11/display-managers/slim.nix
./services/x11/display-managers/xpra.nix
./services/x11/hardware/libinput.nix
./services/x11/hardware/multitouch.nix
./services/x11/hardware/synaptics.nix

6
nixos/modules/profiles/graphical.nix
View File

@ -1,5 +1,5 @@
# This module defines a NixOS configuration that contains X11 and
# KDE 4. It's used by the graphical installation CD.
# This module defines a NixOS configuration with the Plasma 5 desktop.
# It's used by the graphical installation CD.
{ config, pkgs, ... }:
@ -7,7 +7,7 @@
services.xserver = {
enable = true;
displayManager.sddm.enable = true;
desktopManager.kde5.enable = true;
desktopManager.plasma5.enable = true;
synaptics.enable = true; # for touchpad support on many laptops
};

1
nixos/modules/programs/adb.nix
View File

@ -10,7 +10,6 @@ with lib;
programs.adb = {
enable = mkOption {
default = false;
example = true;
type = types.bool;
description = ''
Whether to configure system to use Android Debug Bridge (adb).

1
nixos/modules/programs/gphoto2.nix
View File

@ -10,7 +10,6 @@ with lib;
programs.gphoto2 = {
enable = mkOption {
default = false;
example = true;
type = types.bool;
description = ''
Whether to configure system to use gphoto2.

1
nixos/modules/programs/mosh.nix
View File

@ -14,7 +14,6 @@ in
Whether to enable mosh. Note, this will open ports in your firewall!
'';
default = false;
example = true;
type = lib.types.bool;
};
};

48
nixos/modules/programs/ssmtp.nix
View File

@ -22,7 +22,6 @@ in
directDelivery = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Use the trivial Mail Transfer Agent (MTA)
<command>ssmtp</command> package to allow programs to send
@ -40,7 +39,8 @@ in
example = "mail.example.org";
description = ''
The host name of the default mail server to use to deliver
e-mail.
e-mail. Can also contain a port number (ex: mail.example.org:587),
defaults to port 25 if no port is given.
'';
};
@ -65,7 +65,6 @@ in
useTLS = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether TLS should be used to connect to the default mail
server.
@ -75,7 +74,6 @@ in
useSTARTTLS = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether the STARTTLS should be used to connect to the default
mail server. (This is needed for TLS-capable mail servers
@ -98,9 +96,28 @@ in
example = "correctHorseBatteryStaple";
description = ''
Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
It's recommended to use <option>authPassFile</option>
which takes precedence over <option>authPass</option>.
'';
};
authPassFile = mkOption {
type = types.nullOr types.str;
default = null;
example = "/run/keys/ssmtp-authpass";
description = ''
Path to a file that contains the password used for SMTP auth. The file
should not contain a trailing newline, if the password does not contain one.
This file should be readable by the users that need to execute ssmtp.
<option>authPassFile</option> takes precedence over <option>authPass</option>.
Warning: when <option>authPass</option> is non-empty <option>authPassFile</option>
defaults to a file in the WORLD-READABLE Nix store containing that password.
'';
};
setSendmail = mkOption {
type = types.bool;
default = true;
@ -114,21 +131,28 @@ in
config = mkIf cfg.directDelivery {
networking.defaultMailServer.authPassFile = mkIf (cfg.authPass != "")
(mkDefault (toString (pkgs.writeTextFile {
name = "ssmtp-authpass";
text = cfg.authPass;
})));
environment.etc."ssmtp/ssmtp.conf".text =
let yesNo = yes : if yes then "YES" else "NO"; in
''
MailHub=${cfg.hostName}
FromLineOverride=YES
${if cfg.root != "" then "root=${cfg.root}" else ""}
${if cfg.domain != "" then "rewriteDomain=${cfg.domain}" else ""}
UseTLS=${if cfg.useTLS then "YES" else "NO"}
UseSTARTTLS=${if cfg.useSTARTTLS then "YES" else "NO"}
${optionalString (cfg.root != "") "root=${cfg.root}"}
${optionalString (cfg.domain != "") "rewriteDomain=${cfg.domain}"}
UseTLS=${yesNo cfg.useTLS}
UseSTARTTLS=${yesNo cfg.useSTARTTLS}
#Debug=YES
${if cfg.authUser != "" then "AuthUser=${cfg.authUser}" else ""}
${if cfg.authPass != "" then "AuthPass=${cfg.authPass}" else ""}
${optionalString (cfg.authUser != "") "AuthUser=${cfg.authUser}"}
${optionalString (!isNull cfg.authPassFile) "AuthPassFile=${cfg.authPassFile}"}
'';
environment.systemPackages = [pkgs.ssmtp];
services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail {
program = "sendmail";
source = "${pkgs.ssmtp}/bin/sendmail";

5
nixos/modules/programs/tmux.nix
View File

@ -65,7 +65,6 @@ in {
aggressiveResize = mkOption {
default = false;
example = true;
type = types.bool;
description = ''
Resize the window to the size of the smallest session for which it is the current window.
@ -81,14 +80,12 @@ in {
clock24 = mkOption {
default = false;
example = true;
type = types.bool;
description = "Use 24 hour clock.";
};
customPaneNavigationAndResize = mkOption {
default = false;
example = true;
type = types.bool;
description = "Override the hjkl and HJKL bindings for pane navigation and resizing in VI mode.";
};
@ -124,14 +121,12 @@ in {
newSession = mkOption {
default = false;
example = true;
type = types.bool;
description = "Automatically spawn a session if trying to attach and none are running.";
};
reverseSplit = mkOption {
default = false;
example = true;
type = types.bool;
description = "Reverse the window split shortcuts.";
};

2
nixos/modules/programs/venus.nix
View File

@ -45,7 +45,7 @@ in
description = ''
Specification (in the format described by
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>) of the time at
<manvolnum>7</manvolnum></citerefentry>) of the time at
which the Venus will collect feeds.
'';
};

1
nixos/modules/programs/vim.nix
View File

@ -9,7 +9,6 @@ in {
defaultEditor = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
When enabled, installs vim and configures vim to be the default editor
using the EDITOR environment variable.

42
nixos/modules/programs/wireshark.nix Normal file
View File

@ -0,0 +1,42 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.wireshark;
wireshark = cfg.package;
in {
options = {
programs.wireshark = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to add Wireshark to the global environment and configure a
setcap wrapper for 'dumpcap' for users in the 'wireshark' group.
'';
};
package = mkOption {
type = types.package;
default = pkgs.wireshark-cli;
defaultText = "pkgs.wireshark-cli";
description = ''
Which Wireshark package to install in the global environment.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ wireshark ];
users.extraGroups.wireshark = {};
security.wrappers.dumpcap = {
source = "${wireshark}/bin/dumpcap";
capabilities = "cap_net_raw+p";
owner = "root";
group = "wireshark";
permissions = "u+rx,g+x";
};
};
}

24
nixos/modules/rename.nix
View File

@ -35,6 +35,9 @@ with lib;
(mkRemovedOptionModule [ "security" "setuidOwners" ] "Use security.wrappers instead")
(mkRemovedOptionModule [ "security" "setuidPrograms" ] "Use security.wrappers instead")
(mkRemovedOptionModule [ "services" "rmilter" "bindInetSockets" ] "Use services.rmilter.bindSocket.* instead")
(mkRemovedOptionModule [ "services" "rmilter" "bindUnixSockets" ] "Use services.rmilter.bindSocket.* instead")
# Old Grub-related options.
(mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ])
(mkRenamedOptionModule [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ])
@ -103,9 +106,6 @@ with lib;
(mkRenamedOptionModule [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
# DNSCrypt-proxy
(mkRenamedOptionModule [ "services" "dnscrypt-proxy" "port" ] [ "services" "dnscrypt-proxy" "localPort" ])
(mkRenamedOptionModule [ "services" "hostapd" "extraCfg" ] [ "services" "hostapd" "extraConfig" ])
# Enlightenment
@ -141,9 +141,6 @@ with lib;
# Unity3D
(mkRenamedOptionModule [ "programs" "unity3d" "enable" ] [ "security" "chromiumSuidSandbox" "enable" ])
# fontconfig-ultimate
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "rendering" ] [ "fonts" "fontconfig" "ultimate" "preset" ])
# murmur
(mkRenamedOptionModule [ "services" "murmur" "welcome" ] [ "services" "murmur" "welcometext" ])
@ -178,6 +175,16 @@ with lib;
(mkRenamedOptionModule [ "services" "nfs" "lockdPort" ] [ "services" "nfs" "server" "lockdPort" ])
(mkRenamedOptionModule [ "services" "nfs" "statdPort" ] [ "services" "nfs" "server" "statdPort" ])
# KDE Plasma 5
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "kde5" ] [ "services" "xserver" "desktopManager" "plasma5" ])
# Fontconfig
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "allowBitmaps" ] [ "config" "fonts" "fontconfig" "allowBitmaps" ])
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "allowType1" ] [ "config" "fonts" "fontconfig" "allowType1" ])
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "useEmbeddedBitmaps" ] [ "config" "fonts" "fontconfig" "useEmbeddedBitmaps" ])
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "forceAutohint" ] [ "config" "fonts" "fontconfig" "forceAutohint" ])
(mkRenamedOptionModule [ "config" "fonts" "fontconfig" "ultimate" "renderMonoTTFAsBitmap" ] [ "config" "fonts" "fontconfig" "renderMonoTTFAsBitmap" ])
# Options that are obsolete and have no replacement.
(mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "")
(mkRemovedOptionModule [ "programs" "bash" "enable" ] "")
@ -192,5 +199,10 @@ with lib;
"See the 16.09 release notes for more information.")
(mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "")
(mkRemovedOptionModule [ "services" "dovecot2" "package" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "")
(mkRemovedOptionModule [ "services" "xserver" "displayManager" "sddm" "themes" ]
"Set the option `services.xserver.displayManager.sddm.package' instead.")
(mkRemovedOptionModule [ "fonts" "fontconfig" "forceAutohint" ] "")
(mkRemovedOptionModule [ "fonts" "fontconfig" "renderMonoTTFAsBitmap" ] "")
];
}

4
nixos/modules/security/acme.nix
View File

@ -110,7 +110,7 @@ in
description = ''
Systemd calendar expression when to check for renewal. See
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>.
<manvolnum>7</manvolnum></citerefentry>.
'';
};
@ -178,7 +178,7 @@ in
path = [ pkgs.simp_le ];
preStart = ''
mkdir -p '${cfg.directory}'
chown '${data.user}:${data.group}' '${cfg.directory}'
chown -R '${data.user}:${data.group}' '${cfg.directory}'
if [ ! -d '${cpath}' ]; then
mkdir '${cpath}'
fi

107
nixos/modules/security/dhparams.nix Normal file
View File

@ -0,0 +1,107 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.security.dhparams;
in
{
options = {
security.dhparams = {
params = mkOption {
description =
''
Diffie-Hellman parameters to generate.
The value is the size (in bits) of the DH params to generate. The
generated DH params path can be found in
<filename><replaceable>security.dhparams.path</replaceable>/<replaceable>name</replaceable>.pem</filename>.
Note: The name of the DH params is taken as being the name of the
service it serves: the params will be generated before the said
service is started.
Warning: If you are removing all dhparams from this list, you have
to leave security.dhparams.enable for at least one activation in
order to have them be cleaned up. This also means if you rollback to
a version without any dhparams the existing ones won't be cleaned
up.
'';
type = with types; attrsOf int;
default = {};
example = { nginx = 3072; };
};
path = mkOption {
description =
''
Path to the directory in which Diffie-Hellman parameters will be
stored.
'';
type = types.str;
default = "/var/lib/dhparams";
};
enable = mkOption {
description =
''
Whether to generate new DH params and clean up old DH params.
'';
default = false;
type = types.bool;
};
};
};
config = mkIf cfg.enable {
systemd.services = {
dhparams-init = {
description = "Cleanup old Diffie-Hellman parameters";
wantedBy = [ "multi-user.target" ]; # Clean up even when no DH params is set
serviceConfig.Type = "oneshot";
script =
# Create directory
''
if [ ! -d ${cfg.path} ]; then
mkdir -p ${cfg.path}
fi
'' +
# Remove old dhparams
''
for file in ${cfg.path}/*; do
if [ ! -f "$file" ]; then
continue
fi
'' + concatStrings (mapAttrsToList (name: value:
''
if [ "$file" == "${cfg.path}/${name}.pem" ] && \
${pkgs.openssl}/bin/openssl dhparam -in "$file" -text | head -n 1 | grep "(${toString value} bit)" > /dev/null; then
continue
fi
''
) cfg.params) +
''
rm $file
done
# TODO: Ideally this would be removing the *former* cfg.path, though this
# does not seem really important as changes to it are quite unlikely
rmdir --ignore-fail-on-non-empty ${cfg.path}
'';
};
} //
mapAttrs' (name: value: nameValuePair "dhparams-gen-${name}" {
description = "Generate Diffie-Hellman parameters for ${name} if they don't exist yet";
after = [ "dhparams-init.service" ];
before = [ "${name}.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script =
''
mkdir -p ${cfg.path}
if [ ! -f ${cfg.path}/${name}.pem ]; then
${pkgs.openssl}/bin/openssl dhparam -out ${cfg.path}/${name}.pem ${toString value}
fi
'';
}) cfg.params;
};
}

3
nixos/modules/security/grsecurity.nix
View File

@ -21,7 +21,6 @@ in
enable = mkOption {
type = types.bool;
example = true;
default = false;
description = ''
Enable grsecurity/PaX.
@ -30,7 +29,6 @@ in
lockTunables = mkOption {
type = types.bool;
example = false;
default = true;
description = ''
Whether to automatically lock grsecurity tunables
@ -43,7 +41,6 @@ in
disableEfiRuntimeServices = mkOption {
type = types.bool;
example = false;
default = true;
description = ''
Whether to disable access to EFI runtime services. Enabling EFI runtime

6
nixos/modules/security/grsecurity.xml
View File

@ -214,8 +214,8 @@
GRKERNSEC_CONFIG_SERVER y
GRKERNSEC_CONFIG_SECURITY y
'';
};
}
};
};
</programlisting>
</para>
@ -312,7 +312,7 @@
Overflows in boot critical code (e.g., the root filesystem module) can
render the system unbootable. Work around by setting
<programlisting>
boot.kernel.kernelParams = [ "pax_size_overflow_report_only" ];
boot.kernelParams = [ "pax_size_overflow_report_only" ];
</programlisting>
</para></listitem>

Some files were not shown because too many files have changed in this diff Show More