jolheiser/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into minc_ecosystem

Browse Source
This commit is contained in:
Jörg Thalheim 2018-04-21 20:18:27 +01:00 committed by GitHub
commit f7785dd61c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1387 changed files with 23744 additions and 15838 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
doc/configuration.xml
View File

@ -14,6 +14,8 @@ true:</para>
its <literal>meta.broken</literal> set to
<literal>true</literal>.</para></listitem>
<listitem><para>The package isn't intended to run on the given system, as none of its <literal>meta.platforms</literal> match the given system.</para></listitem>
<listitem><para>The package's <literal>meta.license</literal> is set
to a license which is considered to be unfree.</para></listitem>
@ -88,6 +90,42 @@ distributing the software.</para>
</itemizedlist>
</section>
<section xml:id="sec-allow-unsupported-system">
<title>Installing packages on unsupported systems</title>
<para>
There are also two ways to try compiling a package which has been marked as unsuported for the given system.
</para>
<itemizedlist>
<listitem><para>
For allowing the build of a broken package once, you can use an environment variable for a single invocation of the nix tools:
<programlisting>$ export NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1</programlisting>
</para></listitem>
<listitem>
<para>
For permanently allowing broken packages to be built, you may add <literal>allowUnsupportedSystem = true;</literal> to your user's configuration file, like this:
<programlisting>
{
allowUnsupportedSystem = true;
}
</programlisting>
</para>
</listitem>
</itemizedlist>
<para>
The difference between an a package being unsupported on some system and being broken is admittedly a bit fuzzy.
If a program <emphasis>ought</emphasis> to work on a certain platform, but doesn't, the platform should be included in <literal>meta.platforms</literal>, but marked as broken with e.g. <literal>meta.broken = !hostPlatform.isWindows</literal>.
Of course, this begs the question of what "ought" means exactly.
That is left to the package maintainer.
</para>
</section>
<section xml:id="sec-allow-unfree">
<title>Installing unfree packages</title>
@ -397,7 +435,7 @@ fi
</para>
</section>
<section xml:id="sec-gnu-info-setup">
<title>GNU info setup</title>

2
doc/languages-frameworks/python.section.md
View File

@ -374,7 +374,7 @@ and `CFLAGS`.
description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
homepage = http://hgomersall.github.com/pyFFTW/;
license = with licenses; [ bsd2 bsd3 ];
maintainer = with maintainers; [ fridh ];
maintainers = with maintainers; [ fridh ];
};
};
}

2
lib/systems/default.nix
View File

@ -44,6 +44,8 @@ rec {
};
# Misc boolean options
useAndroidPrebuilt = false;
useiOSPrebuilt = false;
isiPhoneSimulator = false;
} // mapAttrs (n: v: v final.parsed) inspect.predicates
// args;
in assert final.useAndroidPrebuilt -> final.isAndroid;

8
lib/systems/parse.nix
View File

@ -34,7 +34,7 @@ rec {
################################################################################
types.openSignifiantByte = mkOptionType {
types.openSignificantByte = mkOptionType {
name = "significant-byte";
description = "Endianness";
merge = mergeOneOption;
@ -42,7 +42,7 @@ rec {
types.significantByte = enum (attrValues significantBytes);
significantBytes = setTypes types.openSignifiantByte {
significantBytes = setTypes types.openSignificantByte {
bigEndian = {};
littleEndian = {};
};
@ -201,7 +201,7 @@ rec {
################################################################################
types.system = mkOptionType {
types.parsedPlatform = mkOptionType {
name = "system";
description = "fully parsed representation of llvm- or nix-style platform tuple";
merge = mergeOneOption;
@ -215,7 +215,7 @@ rec {
isSystem = isType "system";
mkSystem = components:
assert types.system.check components;
assert types.parsedPlatform.check components;
setType "system" components;
mkSkeletonFromList = l: {

35
maintainers/maintainer-list.nix
View File

@ -305,6 +305,11 @@
github = "akru";
name = "Alexander Krupenkin ";
};
alexchapman = {
name = "Alex Chapman";
email = "alex@farfromthere.net";
github = "AJChapman";
};
alexvorobiev = {
email = "alexander.vorobiev@gmail.com";
github = "alexvorobiev";
@ -582,6 +587,11 @@
github = "bergey";
name = "Daniel Bergey";
};
bfortz = {
email = "bernard.fortz@gmail.com";
github = "bfortz";
name = "Bernard Fortz";
};
bgamari = {
email = "ben@smart-cactus.org";
github = "bgamari";
@ -1897,6 +1907,11 @@
email = "info+nix@chmist.com";
name = "karolchmist";
};
kazcw = {
email = "kaz@lambdaverse.org";
github = "kazcw";
name = "Kaz Wesley";
};
kentjames = {
email = "jameschristopherkent@gmail.com";
github = "kentjames";
@ -1961,6 +1976,11 @@
github = "kragniz";
name = "Louis Taylor";
};
krav = {
email = "kristoffer@microdisko.no";
github = "krav";
name = "Kristoffer Thømt Ravneberg";
};
kristoff3r = {
email = "k.soeholm@gmail.com";
github = "kristoff3r";
@ -3401,6 +3421,11 @@
github = "grwlf";
name = "Sergey Mironov";
};
sna = {
email = "abouzahra.9@wright.edu";
github = "s-na";
name = "S. Nordin Abouzahra";
};
snyh = {
email = "snyh@snyh.org";
github = "snyh";
@ -3446,6 +3471,11 @@
github = "spwhitt";
name = "Spencer Whitt";
};
srghma = {
email = "srghma@gmail.com";
github = "srghma";
name = "Sergei Khoma";
};
srhb = {
email = "sbrofeldt@gmail.com";
github = "srhb";
@ -3755,6 +3785,11 @@
github = "twey";
name = "James Twey Kay";
};
typetetris = {
email = "ericwolf42@mail.com";
github = "typetetris";
name = "Eric Wolf";
};
unode = {
email = "alves.rjc@gmail.com";
github = "unode";

2
nixos/doc/manual/installation/installing-usb.xml
View File

@ -51,7 +51,7 @@ ISO, copy its contents verbatim to your drive, then either:
<listitem>
<para>If you want to load the contents of the ISO to ram after bootin
(So you can remove the stick after bootup) you can append the parameter
<literal>copytoram</literal>to the <literal>options</literal> field.</para>
<literal>copytoram</literal> to the <literal>options</literal> field.</para>
</listitem>
</itemizedlist>
</para>

18
nixos/doc/manual/installation/installing.xml
View File

@ -115,23 +115,17 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif
<varlistentry><term>UEFI systems</term>
<listitem><para>For creating boot partitions:
<command>mkfs.fat</command>. Again its recommended to assign a
label to the boot partition: <option>-L
label to the boot partition: <option>-n
<replaceable>label</replaceable></option>. For example:
<screen>
# mkfs.fat -F 32 -L boot /dev/sda3</screen>
# mkfs.fat -F 32 -n boot /dev/sda3</screen>
</para></listitem></varlistentry></variablelist></listitem>
<listitem><para>For creating LVM volumes, the LVM commands, e.g.,
<screen>
# pvcreate /dev/sda1 /dev/sdb1
# vgcreate MyVolGroup /dev/sda1 /dev/sdb1
# lvcreate --size 2G --name bigdisk MyVolGroup
# lvcreate --size 1G --name smalldisk MyVolGroup</screen>
</para></listitem>
<command>pvcreate</command>, <command>vgcreate</command>, and
<command>lvcreate</command>.</para></listitem>
<listitem><para>For creating software RAID devices, use
<command>mdadm</command>.</para></listitem>
@ -155,6 +149,7 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif
<listitem><para>Mount the boot file system on <filename>/mnt/boot</filename>, e.g.
<screen>
# mkdir -p /mnt/boot
# mount /dev/disk/by-label/boot /mnt/boot
</screen>
@ -366,8 +361,9 @@ drive (here <filename>/dev/sda</filename>). <xref linkend="ex-config"
# mkfs.ext4 -L nixos /dev/sda1
# mkswap -L swap /dev/sda2
# swapon /dev/sda2
# mkfs.fat -F 32 -L boot /dev/sda3 # <lineannotation>(for UEFI systems only)</lineannotation>
# mkfs.fat -F 32 -n boot /dev/sda3 # <lineannotation>(for UEFI systems only)</lineannotation>
# mount /dev/disk/by-label/nixos /mnt
# mkdir -p /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation>
# mount /dev/disk/by-label/boot /mnt/boot # <lineannotation>(for UEFI systems only)</lineannotation>
# nixos-generate-config --root /mnt
# nano /mnt/etc/nixos/configuration.nix

6
nixos/doc/manual/man-nixos-build-vms.xml
View File

@ -40,7 +40,7 @@ points to the generated virtual network.
test1 = {pkgs, config, ...}:
{
services.openssh.enable = true;
nixpkgs.system = "i686-linux";
nixpkgs.localSystem.system = "i686-linux";
deployment.targetHost = "test1.example.net";
# Other NixOS options
@ -51,7 +51,7 @@ points to the generated virtual network.
services.openssh.enable = true;
services.httpd.enable = true;
environment.systemPackages = [ pkgs.lynx ];
nixpkgs.system = "x86_64-linux";
nixpkgs.localSystem.system = "x86_64-linux";
deployment.targetHost = "test2.example.net";
# Other NixOS options
@ -66,7 +66,7 @@ In each NixOS configuration, two attributes have a special meaning.
The <varname>deployment.targetHost</varname> specifies the address
(domain name or IP address)
of the system which is used by <command>ssh</command> to perform
remote deployment operations. The <varname>nixpkgs.system</varname>
remote deployment operations. The <varname>nixpkgs.localSystem.system</varname>
attribute can be used to specify an architecture for the target machine,
such as <varname>i686-linux</varname> which builds a 32-bit NixOS
configuration. Omitting this property will build the configuration

4
nixos/lib/eval-config.nix
View File

@ -26,7 +26,7 @@
, lib ? import ../../lib
}:
let extraArgs_ = extraArgs; pkgs_ = pkgs; system_ = system;
let extraArgs_ = extraArgs; pkgs_ = pkgs;
extraModules = let e = builtins.getEnv "NIXOS_EXTRA_MODULE_PATH";
in if e == "" then [] else [(import (builtins.toPath e))];
in
@ -36,7 +36,7 @@ let
_file = ./eval-config.nix;
key = _file;
config = {
nixpkgs.system = lib.mkDefault system_;
nixpkgs.localSystem = lib.mkDefault { inherit system; };
_module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_);
};
};

15
nixos/lib/make-ext4-fs.nix
View File

@ -7,23 +7,22 @@
, volumeLabel
}:
let
sdClosureInfo = pkgs.closureInfo { rootPaths = storePaths; };
in
pkgs.stdenv.mkDerivation {
name = "ext4-fs.img";
nativeBuildInputs = with pkgs; [e2fsprogs libfaketime perl];
# For obtaining the closure of `storePaths'.
exportReferencesGraph =
map (x: [("closure-" + baseNameOf x) x]) storePaths;
buildCommand =
''
# Add the closures of the top-level store objects.
storePaths=$(perl ${pkgs.pathsFromGraph} closure-*)
storePaths=$(cat ${sdClosureInfo}/store-paths)
# Also include a manifest of the closures in a format suitable
# for nix-store --load-db.
printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > nix-path-registration
# Also include a manifest of the closures in a format suitable for nix-store --load-db.
cp ${sdClosureInfo}/registration nix-path-registration
# Make a crude approximation of the size of the target image.
# If the script starts failing, increase the fudge factors here.

2
nixos/lib/test-driver/Machine.pm
View File

@ -612,7 +612,7 @@ sub waitForX {
my ($self, $regexp) = @_;
$self->nest("waiting for the X11 server", sub {
retry sub {
my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'session opened'");
my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'Reached target Current graphical'");
return 0 if $status != 0;
($status, $out) = $self->execute("[ -e /tmp/.X11-unix/X0 ]");
return 1 if $status == 0;

4
nixos/lib/testing.nix
View File

@ -111,6 +111,8 @@ in rec {
ocrProg = tesseract_4.override { enableLanguages = [ "eng" ]; };
imagemagick_tiff = imagemagick_light.override { inherit libtiff; };
# Generate onvenience wrappers for running the test driver
# interactively with the specified network, and for starting the
# VMs from the command line.
@ -128,7 +130,7 @@ in rec {
wrapProgram $out/bin/nixos-test-driver \
--add-flags "''${vms[*]}" \
${lib.optionalString enableOCR
"--prefix PATH : '${ocrProg}/bin:${imagemagick}/bin'"} \
"--prefix PATH : '${ocrProg}/bin:${imagemagick_tiff}/bin'"} \
--run "export testScript=\"\$(cat $out/test-script)\"" \
--set VLANS '${toString vlans}'
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms

2
nixos/modules/config/pulseaudio.nix
View File

@ -214,6 +214,8 @@ in {
(mkIf cfg.enable {
environment.systemPackages = [ overriddenPackage ];
sound.enable = true;
environment.etc = [
{ target = "asound.conf";
source = alsaConf; }

2
nixos/modules/config/users-groups.nix
View File

@ -92,7 +92,7 @@ let
group = mkOption {
type = types.str;
apply = x: assert (builtins.stringLength x < 17 || abort "Group name '${x}' is longer than 16 characters which is not allowed!"); x;
apply = x: assert (builtins.stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x;
default = "nogroup";
description = "The user's primary group.";
};

154
nixos/modules/hardware/opengl.nix
View File

@ -14,7 +14,6 @@ let
name = "mesa-drivers+txc-${p.mesa_drivers.version}";
paths =
[ p.mesa_drivers
p.mesa_drivers.out # mainly for libGL
(if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc)
];
};
@ -33,89 +32,92 @@ in
{
options = {
hardware.opengl.enable = mkOption {
description = ''
Whether to enable OpenGL drivers. This is needed to enable
OpenGL support in X11 systems, as well as for Wayland compositors
like sway, way-cooler and Weston. It is enabled by default
by the corresponding modules, so you do not usually have to
set it yourself, only if there is no module for your wayland
compositor of choice. See services.xserver.enable,
programs.sway.enable, and programs.way-cooler.enable.
'';
type = types.bool;
default = false;
};
hardware.opengl.driSupport = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable accelerated OpenGL rendering through the
Direct Rendering Interface (DRI).
'';
};
hardware.opengl = {
enable = mkOption {
description = ''
Whether to enable OpenGL drivers. This is needed to enable
OpenGL support in X11 systems, as well as for Wayland compositors
like sway, way-cooler and Weston. It is enabled by default
by the corresponding modules, so you do not usually have to
set it yourself, only if there is no module for your wayland
compositor of choice. See services.xserver.enable,
programs.sway.enable, and programs.way-cooler.enable.
'';
type = types.bool;
default = false;
};
hardware.opengl.driSupport32Bit = mkOption {
type = types.bool;
default = false;
description = ''
On 64-bit systems, whether to support Direct Rendering for
32-bit applications (such as Wine). This is currently only
supported for the <literal>nvidia</literal> and
<literal>ati_unfree</literal> drivers, as well as
<literal>Mesa</literal>.
'';
};
driSupport = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable accelerated OpenGL rendering through the
Direct Rendering Interface (DRI).
'';
};
hardware.opengl.s3tcSupport = mkOption {
type = types.bool;
default = false;
description = ''
Make S3TC(S3 Texture Compression) via libtxc_dxtn available
to OpenGL drivers instead of the patent-free S2TC replacement.
driSupport32Bit = mkOption {
type = types.bool;
default = false;
description = ''
On 64-bit systems, whether to support Direct Rendering for
32-bit applications (such as Wine). This is currently only
supported for the <literal>nvidia</literal> and
<literal>ati_unfree</literal> drivers, as well as
<literal>Mesa</literal>.
'';
};
Using this library may require a patent license depending on your location.
'';
};
s3tcSupport = mkOption {
type = types.bool;
default = false;
description = ''
Make S3TC(S3 Texture Compression) via libtxc_dxtn available
to OpenGL drivers instead of the patent-free S2TC replacement.
hardware.opengl.package = mkOption {
type = types.package;
internal = true;
description = ''
The package that provides the OpenGL implementation.
'';
};
Using this library may require a patent license depending on your location.
'';
};
hardware.opengl.package32 = mkOption {
type = types.package;
internal = true;
description = ''
The package that provides the 32-bit OpenGL implementation on
64-bit systems. Used when <option>driSupport32Bit</option> is
set.
'';
};
package = mkOption {
type = types.package;
internal = true;
description = ''
The package that provides the OpenGL implementation.
'';
};
hardware.opengl.extraPackages = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]";
description = ''
Additional packages to add to OpenGL drivers. This can be used
to add OpenCL drivers, VA-API/VDPAU drivers etc.
'';
};
package32 = mkOption {
type = types.package;
internal = true;
description = ''
The package that provides the 32-bit OpenGL implementation on
64-bit systems. Used when <option>driSupport32Bit</option> is
set.
'';
};
hardware.opengl.extraPackages32 = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
description = ''
Additional packages to add to 32-bit OpenGL drivers on
64-bit systems. Used when <option>driSupport32Bit</option> is
set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
'';
extraPackages = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]";
description = ''
Additional packages to add to OpenGL drivers. This can be used
to add OpenCL drivers, VA-API/VDPAU drivers etc.
'';
};
extraPackages32 = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
description = ''
Additional packages to add to 32-bit OpenGL drivers on
64-bit systems. Used when <option>driSupport32Bit</option> is
set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
'';
};
};
};

11
nixos/modules/hardware/video/nvidia.nix
View File

@ -25,13 +25,6 @@ let
nvidia_x11 = nvidiaForKernel config.boot.kernelPackages;
nvidia_libs32 = (nvidiaForKernel pkgs_i686.linuxPackages).override { libsOnly = true; kernel = null; };
nvidiaPackage = nvidia: pkgs:
if !nvidia.useGLVND then nvidia.out
else pkgs.buildEnv {
name = "nvidia-libs";
paths = [ pkgs.libglvnd nvidia.out ];
};
enabled = nvidia_x11 != null;
in
@ -57,8 +50,8 @@ in
source = "${nvidia_x11.bin}/share/nvidia/nvidia-application-profiles-rc";
};
hardware.opengl.package = nvidiaPackage nvidia_x11 pkgs;
hardware.opengl.package32 = nvidiaPackage nvidia_libs32 pkgs_i686;
hardware.opengl.package = nvidia_x11.out;
hardware.opengl.package32 = nvidia_libs32.out;
environment.systemPackages = [ nvidia_x11.bin nvidia_x11.settings ]
++ lib.filter (p: p != null) [ nvidia_x11.persistenced ];

2
nixos/modules/installer/cd-dvd/channel.nix
View File

@ -21,7 +21,9 @@ let
if [ ! -e $out/nixos/nixpkgs ]; then
ln -s . $out/nixos/nixpkgs
fi
echo -n ${config.system.nixos.revision} > $out/nixos/.git-revision
echo -n ${config.system.nixos.versionSuffix} > $out/nixos/.version-suffix
echo ${config.system.nixos.versionSuffix} | sed -e s/pre// > $out/nixos/svn-revision
'';
in

8
nixos/modules/installer/tools/nix-fallback-paths.nix
View File

@ -1,6 +1,6 @@
{
x86_64-linux = "/nix/store/6p2gambjac7xdkd2a7w1dsxdk1q5cq4d-nix-2.0";
i686-linux = "/nix/store/zznnaijjk3nwx0cmpczxsvngmqzhl7r4-nix-2.0";
aarch64-linux = "/nix/store/ci96w9kxfkmlc7x2vwqiz4da0r6abxnq-nix-2.0";
x86_64-darwin = "/nix/store/xmi4fylvx4qc79ji9v5q3zfy9vfdy4sv-nix-2.0";
x86_64-linux = "/nix/store/2gk7rk2sx2dkmsjr59gignrfdmya8f6s-nix-2.0.1";
i686-linux = "/nix/store/5160glkphiv13qggnivyidg8r0491pbl-nix-2.0.1";
aarch64-linux = "/nix/store/jk29zz3ns9vdkkclcyzzkpzp8dhv1x3i-nix-2.0.1";
x86_64-darwin = "/nix/store/4a9czmrpd4hf3r80zcmga2c2lm3hbbvv-nix-2.0.1";
}

1
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -585,7 +585,6 @@ $bootLoaderConfig
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.bash.enableCompletion = true;
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

4
nixos/modules/misc/ids.nix
View File

@ -56,7 +56,7 @@
#dialout = 27; # unused
polkituser = 28;
#utmp = 29; # unused
ddclient = 30;
# ddclient = 30; # converted to DynamicUser = true
davfs2 = 31;
#disnix = 33; # unused
osgi = 34;
@ -344,7 +344,7 @@
dialout = 27;
#polkituser = 28; # currently unused, polkitd doesn't need a group
utmp = 29;
ddclient = 30;
# ddclient = 30; # converted to DynamicUser = true
davfs2 = 31;
disnix = 33;
osgi = 34;

17
nixos/modules/misc/locate.nix
View File

@ -97,7 +97,7 @@ in {
Whether not to index bind mounts
'';
};
};
config = mkIf cfg.enable {
@ -133,13 +133,26 @@ in {
systemd.services.update-locatedb =
{ description = "Update Locate Database";
path = mkIf (!isMLocate) [ pkgs.su ];
# mlocate's updatedb takes flags via a configuration file or
# on the command line, but not by environment variable.
script =
if isMLocate
then let toFlags = x: optional (cfg.${x} != [])
"--${lib.toLower x} '${concatStringsSep " " cfg.${x}}'";
args = concatLists (map toFlags ["pruneFS" "pruneNames" "prunePaths"]);
in ''
exec ${cfg.locate}/bin/updatedb \
--output ${toString cfg.output} ${concatStringsSep " " args} \
--prune-bind-mounts ${if cfg.pruneBindMounts then "yes" else "no"} \
${concatStringsSep " " cfg.extraFlags}
''
else ''
exec ${cfg.locate}/bin/updatedb \
${optionalString (cfg.localuser != null && ! isMLocate) ''--localuser=${cfg.localuser}''} \
--output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
'';
environment = {
environment = optionalAttrs (!isMLocate) {
PRUNEFS = concatStringsSep " " cfg.pruneFS;
PRUNEPATHS = concatStringsSep " " cfg.prunePaths;
PRUNENAMES = concatStringsSep " " cfg.pruneNames;

69
nixos/modules/misc/nixpkgs.nix
View File

@ -58,10 +58,13 @@ in
pkgs = mkOption {
defaultText = literalExample
''import "''${nixos}/.." {
inherit (config.nixpkgs) config overlays system;
inherit (config.nixpkgs) config overlays localSystem crossSystem;
}
'';
default = import ../../.. { inherit (cfg) config overlays system crossSystem; };
default = import ../../.. {
localSystem = { inherit (cfg) system; } // cfg.localSystem;
inherit (cfg) config overlays crossSystem;
};
type = pkgsType;
example = literalExample ''import <nixpkgs> {}'';
description = ''
@ -73,8 +76,9 @@ in
relative to the location of this NixOS module, because
NixOS and Nixpkgs are distributed together for consistency,
so the <code>nixos</code> in the default value is in fact a
relative path. The <code>config</code>, <code>overlays</code>
and <code>system</code> come from this option's siblings.
relative path. The <code>config</code>, <code>overlays</code>,
<code>localSystem</code>, and <code>crossSystem</code> come
from this option's siblings.
This option can be used by applications like NixOps to increase
the performance of evaluation, or to create packages that depend
@ -130,13 +134,40 @@ in
'';
};
crossSystem = mkOption {
type = types.nullOr types.attrs;
default = null;
localSystem = mkOption {
type = types.attrs; # TODO utilize lib.systems.parsedPlatform
default = { system = builtins.currentSystem; };
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
defaultText = literalExample
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
description = ''
The description of the system we're cross-compiling to, or null
if this isn't a cross-compile. See the description of the
crossSystem argument in the nixpkgs manual.
Specifies the platform on which NixOS should be built. When
<code>nixpkgs.crossSystem</code> is unset, it also specifies
the platform <emphasis>for</emphasis> which NixOS should be
built. If this option is unset, it defaults to the platform
type of the machine where evaluation happens. Specifying this
option is useful when doing distributed multi-platform
deployment, or when building virtual machines. See its
description in the Nixpkgs manual for more details.
Ignored when <code>nixpkgs.pkgs</code> is set.
'';
};
crossSystem = mkOption {
type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform
default = null;
example = { system = "aarch64-linux"; config = "aarch64-unknown-linux-gnu"; };
defaultText = literalExample
''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform'';
description = ''
Specifies the platform for which NixOS should be
built. Specify this only if it is different from
<code>nixpkgs.localSystem</code>, the platform
<emphasis>on</emphasis> which NixOS should be built. In other
words, specify this to cross-compile NixOS. Otherwise it
should be set as null, the default. See its description in the
Nixpkgs manual for more details.
Ignored when <code>nixpkgs.pkgs</code> is set.
'';
@ -146,10 +177,20 @@ in
type = types.str;
example = "i686-linux";
description = ''
Specifies the Nix platform type for which NixOS should be built.
If unset, it defaults to the platform type of your host system.
Specifying this option is useful when doing distributed
multi-platform deployment, or when building virtual machines.
Specifies the Nix platform type on which NixOS should be built.
It is better to specify <code>nixpkgs.localSystem</code> instead.
<programlisting>
{
nixpkgs.system = ..;
}
</programlisting>
is the same as
<programlisting>
{
nixpkgs.localSystem.system = ..;
}
</programlisting>
See <code>nixpkgs.localSystem</code> for more information.
Ignored when <code>nixpkgs.pkgs</code> is set.
'';

5
nixos/modules/module-list.nix
View File

@ -166,6 +166,7 @@
./services/backup/crashplan-small-business.nix
./services/backup/mysql-backup.nix
./services/backup/postgresql-backup.nix
./services/backup/restic.nix
./services/backup/rsnapshot.nix
./services/backup/tarsnap.nix
./services/backup/znapzend.nix
@ -366,6 +367,7 @@
./services/misc/ripple-data-api.nix
./services/misc/rogue.nix
./services/misc/serviio.nix
./services/misc/safeeyes.nix
./services/misc/siproxd.nix
./services/misc/snapper.nix
./services/misc/sonarr.nix
@ -532,7 +534,7 @@
./services/networking/prayer.nix
./services/networking/privoxy.nix
./services/networking/prosody.nix
# ./services/networking/quagga.nix
./services/networking/quagga.nix
./services/networking/quassel.nix
./services/networking/racoon.nix
./services/networking/radicale.nix
@ -546,6 +548,7 @@
./services/networking/searx.nix
./services/networking/seeks.nix
./services/networking/skydns.nix
./services/networking/shadowsocks.nix
./services/networking/shairport-sync.nix
./services/networking/shout.nix
./services/networking/sniproxy.nix

2
nixos/modules/programs/bash/bash.nix
View File

@ -110,7 +110,7 @@ in
};
enableCompletion = mkOption {
default = false;
default = true;
description = ''
Enable Bash completion for all interactive bash shells.
'';

2
nixos/modules/rename.nix
View File

@ -23,6 +23,8 @@ with lib;
(config:
let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config;
in if enabled then [ pkgs.gutenprint ] else [ ]))
(mkRenamedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ])
(mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "")
(mkRenamedOptionModule [ "services" "elasticsearch" "host" ] [ "services" "elasticsearch" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "api" "host" ] [ "services" "graphite" "api" "listenAddress" ])
(mkRenamedOptionModule [ "services" "graphite" "web" "host" ] [ "services" "graphite" "web" "listenAddress" ])

47
nixos/modules/security/acme.nix
View File

@ -240,6 +240,7 @@ in
};
selfsignedService = {
description = "Create preliminary self-signed certificate for ${cert}";
path = [ pkgs.openssl ];
preStart = ''
if [ ! -d '${cpath}' ]
then
@ -250,37 +251,41 @@ in
'';
script =
''
# Create self-signed key
workdir="/run/acme-selfsigned-${cert}"
${pkgs.openssl.bin}/bin/openssl genrsa -des3 -passout pass:x -out $workdir/server.pass.key 2048
${pkgs.openssl.bin}/bin/openssl rsa -passin pass:x -in $workdir/server.pass.key -out $workdir/server.key
${pkgs.openssl.bin}/bin/openssl req -new -key $workdir/server.key -out $workdir/server.csr \
workdir="$(mktemp -d)"
# Create CA
openssl genrsa -des3 -passout pass:x -out $workdir/ca.pass.key 2048
openssl rsa -passin pass:x -in $workdir/ca.pass.key -out $workdir/ca.key
openssl req -new -key $workdir/ca.key -out $workdir/ca.csr \
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=Security Department/CN=example.com"
openssl x509 -req -days 1 -in $workdir/ca.csr -signkey $workdir/ca.key -out $workdir/ca.crt
# Create key
openssl genrsa -des3 -passout pass:x -out $workdir/server.pass.key 2048
openssl rsa -passin pass:x -in $workdir/server.pass.key -out $workdir/server.key
openssl req -new -key $workdir/server.key -out $workdir/server.csr \
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com"
${pkgs.openssl.bin}/bin/openssl x509 -req -days 1 -in $workdir/server.csr -signkey $workdir/server.key -out $workdir/server.crt
openssl x509 -req -days 1 -in $workdir/server.csr -CA $workdir/ca.crt \
-CAkey $workdir/ca.key -CAserial $workdir/ca.srl -CAcreateserial \
-out $workdir/server.crt
# Move key to destination
mv $workdir/server.key ${cpath}/key.pem
mv $workdir/server.crt ${cpath}/fullchain.pem
# Copy key to destination
cp $workdir/server.key ${cpath}/key.pem
# Create full.pem for e.g. lighttpd (same format as "simp_le ... -f full.pem" creates)
cat "${cpath}/key.pem" "${cpath}/fullchain.pem" > "${cpath}/full.pem"
# Create fullchain.pem (same format as "simp_le ... -f fullchain.pem" creates)
cat $workdir/{server.crt,ca.crt} > "${cpath}/fullchain.pem"
# Clean up working directory
rm $workdir/server.csr
rm $workdir/server.pass.key
# Create full.pem for e.g. lighttpd
cat $workdir/{server.key,server.crt,ca.crt} > "${cpath}/full.pem"
# Give key acme permissions
chmod ${rights} '${cpath}/key.pem'
chown '${data.user}:${data.group}' '${cpath}/key.pem'
chmod ${rights} '${cpath}/fullchain.pem'
chown '${data.user}:${data.group}' '${cpath}/fullchain.pem'
chmod ${rights} '${cpath}/full.pem'
chown '${data.user}:${data.group}' '${cpath}/full.pem'
chown '${data.user}:${data.group}' "${cpath}/"{key,fullchain,full}.pem
chmod ${rights} "${cpath}/"{key,fullchain,full}.pem
'';
serviceConfig = {
Type = "oneshot";
RuntimeDirectory = "acme-selfsigned-${cert}";
PermissionsStartOnly = true;
PrivateTmp = true;
User = data.user;
Group = data.group;
};

2
nixos/modules/security/wrappers/wrapper.c
View File

@ -10,8 +10,8 @@
#include <errno.h>
#include <linux/capability.h>
#include <sys/capability.h>
#include <linux/prctl.h>
#include <sys/prctl.h>
#include <limits.h>
#include <cap-ng.h>
// Make sure assertions are not compiled out, we use them to codify

150
nixos/modules/services/backup/restic.nix Normal file
View File

@ -0,0 +1,150 @@
{ config, lib, pkgs, ... }:
with lib;
{
options.services.restic.backups = mkOption {
description = ''
Periodic backups to create with Restic.
'';
type = types.attrsOf (types.submodule ({ name, config, ... }: {
options = {
passwordFile = mkOption {
type = types.str;
description = ''
Read the repository password from a file.
'';
example = "/etc/nixos/restic-password";
};
repository = mkOption {
type = types.str;
description = ''
repository to backup to.
'';
example = "sftp:backup@192.168.1.100:/backups/${name}";
};
paths = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Which paths to backup.
'';
example = [
"/var/lib/postgresql"
"/home/user/backup"
];
};
timerConfig = mkOption {
type = types.attrsOf types.str;
default = {
OnCalendar = "daily";
};
description = ''
When to run the backup. See man systemd.timer for details.
'';
example = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
};
user = mkOption {
type = types.str;
default = "root";
description = ''
As which user the backup should run.
'';
example = "postgresql";
};
extraBackupArgs = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra arguments passed to restic backup.
'';
example = [
"--exclude-file=/etc/nixos/restic-ignore"
];
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra extended options to be passed to the restic --option flag.
'';
example = [
"sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp'"
];
};
initialize = mkOption {
type = types.bool;
default = false;
description = ''
Create the repository if it doesn't exist.
'';
};
};
}));
default = {};
example = {
localbackup = {
paths = [ "/home" ];
repository = "/mnt/backup-hdd";
passwordFile = "/etc/nixos/secrets/restic-password";
initialize = true;
};
remotebackup = {
paths = [ "/home" ];
repository = "sftp:backup@host:/backups/home";
passwordFile = "/etc/nixos/secrets/restic-password";
extraOptions = [
"sftp.command='ssh backup@host -i /etc/nixos/secrets/backup-private-key -s sftp'"
];
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
};
};
};
config = {
systemd.services =
mapAttrs' (name: backup:
let
extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions;
connectTo = elemAt (splitString ":" backup.repository) 1;
resticCmd = "${pkgs.restic}/bin/restic${extraOptions}";
in nameValuePair "restic-backups-${name}" ({
environment = {
RESTIC_PASSWORD_FILE = backup.passwordFile;
RESTIC_REPOSITORY = backup.repository;
};
path = with pkgs; [
openssh
];
restartIfChanged = false;
serviceConfig = {
Type = "oneshot";
ExecStart = "${resticCmd} backup ${concatStringsSep " " backup.extraBackupArgs} ${concatStringsSep " " backup.paths}";
User = backup.user;
};
} // optionalAttrs backup.initialize {
preStart = ''
${resticCmd} snapshots || ${resticCmd} init
'';
})
) config.services.restic.backups;
systemd.timers =
mapAttrs' (name: backup: nameValuePair "restic-backups-${name}" {
wantedBy = [ "timers.target" ];
timerConfig = backup.timerConfig;
}) config.services.restic.backups;
};
}

6
nixos/modules/services/databases/pgmanage.nix
View File

@ -22,7 +22,7 @@ let
web_root = ${cfg.package}/etc/pgmanage/web_root
data_root = ${cfg.dataRoot}
sql_root = ${cfg.sqlRoot}
${optionalString (!isNull cfg.tls) ''
tls_cert = ${cfg.tls.cert}
@ -130,7 +130,7 @@ let
'';
};
dataRoot = mkOption {
sqlRoot = mkOption {
type = types.str;
default = "/var/lib/pgmanage";
description = ''
@ -210,7 +210,7 @@ in {
users."${pgmanage}" = {
name = pgmanage;
group = pgmanage;
home = cfg.dataRoot;
home = cfg.sqlRoot;
createHome = true;
};
groups."${pgmanage}" = {

5
nixos/modules/services/databases/postgresql.nix
View File

@ -36,9 +36,6 @@ let
${cfg.extraConfig}
'';
pre84 = versionOlder (builtins.parseDrvName postgresql.name).version "8.4";
in
{
@ -182,7 +179,7 @@ in
services.postgresql.authentication = mkAfter
''
# Generated file; do not edit!
local all all ident ${optionalString pre84 "sameuser"}
local all all ident
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
'';

21
nixos/modules/services/editors/emacs.nix
View File

@ -15,6 +15,25 @@ let
fi
'';
desktopApplicationFile = pkgs.writeTextFile {
name = "emacsclient.desktop";
destination = "/share/applications/emacsclient.desktop";
text = ''
[Desktop Entry]
Name=Emacsclient
GenericName=Text Editor
Comment=Edit text
MimeType=text/english;text/plain;text/x-makefile;text/x-c++hdr;text/x-c++src;text/x-chdr;text/x-csrc;text/x-java;text/x-moc;text/x-pascal;text/x-tcl;text/x-tex;application/x-shellscript;text/x-c;text/x-c++;
Exec=emacseditor %F
Icon=emacs
Type=Application
Terminal=false
Categories=Development;TextEditor;
StartupWMClass=Emacs
Keywords=Text;Editor;
'';
};
in {
options.services.emacs = {
@ -74,7 +93,7 @@ in {
};
} // optionalAttrs cfg.enable { wantedBy = [ "default.target" ]; };
environment.systemPackages = [ cfg.package editorScript ];
environment.systemPackages = [ cfg.package editorScript desktopApplicationFile ];
environment.variables = {
# This is required so that GTK applications launched from Emacs

12
nixos/modules/services/hardware/bluetooth.nix
View File

@ -3,8 +3,8 @@
with lib;
let
bluez-bluetooth = pkgs.bluez;
cfg = config.hardware.bluetooth;
bluez-bluetooth = cfg.package;
in {
@ -21,6 +21,16 @@ in {
description = "Whether to power up the default Bluetooth controller on boot.";
};
package = mkOption {
type = types.package;
default = pkgs.bluez;
defaultText = "pkgs.bluez";
example = "pkgs.bluez.override { enableMidi = true; }";
description = ''
Which BlueZ package to use.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";

2
nixos/modules/services/hardware/trezord.nix
View File

@ -38,7 +38,7 @@ in {
path = [];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.trezord}/bin/trezord -f";
ExecStart = "${pkgs.trezord}/bin/trezord-go";
User = "trezord";
};
};

2
nixos/modules/services/misc/dysnomia.nix
View File

@ -158,7 +158,7 @@ in
services.dysnomia.properties = {
hostname = config.networking.hostName;
system = if config.nixpkgs.system == "" then builtins.currentSystem else config.nixpkgs.system;
inherit (config.nixpkgs.localSystem) system;
supportedTypes = (import "${pkgs.stdenv.mkDerivation {
name = "supportedtypes";

8
nixos/modules/services/misc/gitweb.nix
View File

@ -32,6 +32,14 @@ in
'';
};
gitwebTheme = mkOption {
default = false;
type = types.bool;
description = ''
Use an alternative theme for gitweb, strongly inspired by GitHub.
'';
};
gitwebConfigFile = mkOption {
default = pkgs.writeText "gitweb.conf" ''
# path to git projects (<project>.git)

2
nixos/modules/services/misc/mesos-slave.nix
View File

@ -213,7 +213,7 @@ in {
PermissionsStartOnly = true;
};
preStart = ''
mkdir -m 0700 -p ${cfg.workDir}
mkdir -m 0701 -p ${cfg.workDir}
'';
};
};

2
nixos/modules/services/misc/nixos-manual.nix
View File

@ -23,7 +23,7 @@ let
options =
let
scrubbedEval = evalModules {
modules = [ { nixpkgs.system = config.nixpkgs.system; } ] ++ baseModules;
modules = [ { nixpkgs.localSystem = config.nixpkgs.localSystem; } ] ++ baseModules;
args = (config._module.args) // { modules = [ ]; };
specialArgs = { pkgs = scrubDerivations "pkgs" pkgs; };
};

50
nixos/modules/services/misc/safeeyes.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.safeeyes;
in
{
###### interface
options = {
services.safeeyes = {
enable = mkOption {
default = false;
description = "Whether to enable the safeeyes OSGi service";
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd.user.services.safeeyes = {
description = "Safeeyes";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.safeeyes}/bin/safeeyes
'';
Restart = "on-failure";
RestartSec = 3;
StartLimitInterval = 350;
StartLimitBurst = 10;
};
};
};
}

2
nixos/modules/services/monitoring/grafana.nix
View File

@ -50,7 +50,7 @@ in {
protocol = mkOption {
description = "Which protocol to listen.";
default = "http";
type = types.enum ["http" "https"];
type = types.enum ["http" "https" "socket"];
};
addr = mkOption {

1
nixos/modules/services/monitoring/prometheus/exporters.nix
View File

@ -20,6 +20,7 @@ let
exporterOpts = {
blackbox = import ./exporters/blackbox.nix { inherit config lib pkgs; };
collectd = import ./exporters/collectd.nix { inherit config lib pkgs; };
dovecot = import ./exporters/dovecot.nix { inherit config lib pkgs; };
fritzbox = import ./exporters/fritzbox.nix { inherit config lib pkgs; };
json = import ./exporters/json.nix { inherit config lib pkgs; };
minio = import ./exporters/minio.nix { inherit config lib pkgs; };

50
nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, pkgs }:
with lib;
let
cfg = config.services.prometheus.exporters.dovecot;
in
{
port = 9166;
extraOpts = {
telemetryPath = mkOption {
type = types.str;
default = "/metrics";
description = ''
Path under which to expose metrics.
'';
};
socketPath = mkOption {
type = types.path;
default = "/var/run/dovecot/stats";
example = "/var/run/dovecot2/stats";
description = ''
Path under which the stats socket is placed.
The user/group under which the exporter runs,
should be able to access the socket in order
to scrape the metrics successfully.
'';
};
scopes = mkOption {
type = types.listOf types.str;
default = [ "user" ];
example = [ "user" "global" ];
description = ''
Stats scopes to query.
'';
};
};
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-dovecot-exporter}/bin/dovecot_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--web.telemetry-path ${cfg.telemetryPath} \
--dovecot.socket-path ${cfg.socketPath} \
--dovecot.scopes ${concatStringsSep "," cfg.scopes} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

37
nixos/modules/services/monitoring/prometheus/exporters/postfix.nix
View File

@ -32,6 +32,33 @@ in
Path where Postfix places it's showq socket.
'';
};
systemd = {
enable = mkEnableOption ''
reading metrics from the systemd-journal instead of from a logfile
'';
unit = mkOption {
type = types.str;
default = "postfix.service";
description = ''
Name of the postfix systemd unit.
'';
};
slice = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Name of the postfix systemd slice.
This overrides the <option>systemd.unit</option>.
'';
};
journalPath = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to the systemd journal.
'';
};
};
};
serviceOpts = {
serviceConfig = {
@ -39,7 +66,15 @@ in
${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--web.telemetry-path ${cfg.telemetryPath} \
${concatStringsSep " \\\n " cfg.extraFlags}
--postfix.showq_path ${cfg.showqPath} \
${concatStringsSep " \\\n " (cfg.extraFlags
++ optional cfg.systemd.enable "--systemd.enable"
++ optional cfg.systemd.enable (if cfg.systemd.slice != null
then "--systemd.slice ${cfg.systemd.slice}"
else "--systemd.unit ${cfg.systemd.unit}")
++ optional (cfg.systemd.enable && (cfg.systemd.journalPath != null))
"--systemd.jounal_path ${cfg.systemd.journalPath}"
++ optional (!cfg.systemd.enable) "--postfix.logfile_path ${cfg.logfilePath}")}
'';
};
};

114
nixos/modules/services/networking/ddclient.nix
View File

@ -3,24 +3,24 @@
let
cfg = config.services.ddclient;
boolToStr = bool: if bool then "yes" else "no";
dataDir = "/var/lib/ddclient";
configText = ''
# This file can be used as a template for configFile or is automatically generated by Nix options.
daemon=${toString cfg.interval}
cache=${cfg.homeDir}/ddclient.cache
pid=/run/ddclient/ddclient.pid
foreground=NO
cache=${dataDir}/ddclient.cache
foreground=YES
use=${cfg.use}
login=${cfg.username}
password=${cfg.password}
protocol=${cfg.protocol}
${let server = cfg.server; in
lib.optionalString (server != "") "server=${server}"}
${lib.optionalString (cfg.script != "") "script=${cfg.script}"}
${lib.optionalString (cfg.server != "") "server=${cfg.server}"}
${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"}
ssl=${boolToStr cfg.ssl}
wildcard=YES
quiet=${boolToStr cfg.quiet}
verbose=${boolToStr cfg.verbose}
${cfg.domain}
${lib.concatStringsSep "," cfg.domains}
${cfg.extraConfig}
'';
@ -44,17 +44,11 @@ with lib;
'';
};
homeDir = mkOption {
default = "/var/lib/ddclient";
type = str;
description = "Home directory for the daemon user.";
};
domain = mkOption {
default = "";
type = str;
domains = mkOption {
default = [ "" ];
type = listOf str;
description = ''
Domain name to synchronize.
Domain name(s) to synchronize.
'';
};
@ -62,7 +56,7 @@ with lib;
default = "";
type = str;
description = ''
Username.
User name.
'';
};
@ -75,9 +69,12 @@ with lib;
};
interval = mkOption {
default = 600;
type = int;
description = "The interval at which to run the check and update.";
default = "10min";
type = str;
description = ''
The interval at which to run the check and update.
See <command>man 7 systemd.time</command> for the format.
'';
};
configFile = mkOption {
@ -95,7 +92,7 @@ with lib;
default = "dyndns2";
type = str;
description = ''
Protocol to use with dynamic DNS provider (see http://sourceforge.net/apps/trac/ddclient/wiki/Protocols).
Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols).
'';
};
@ -115,11 +112,20 @@ with lib;
'';
};
extraConfig = mkOption {
default = "";
type = lines;
quiet = mkOption {
default = false;
type = bool;
description = ''
Extra configuration. Contents will be added verbatim to the configuration file.
Print no messages for unnecessary updates.
'';
};
script = mkOption {
default = "";
type = str;
description = ''
script as required by some providers.
'';
};
@ -139,11 +145,19 @@ with lib;
'';
};
quiet = mkOption {
default = false;
type = bool;
zone = mkOption {
default = "";
type = str;
description = ''
Print no messages for unnecessary updates.
zone as required by some providers.
'';
};
extraConfig = mkOption {
default = "";
type = lines;
description = ''
Extra configuration. Contents will be added verbatim to the configuration file.
'';
};
};
@ -153,23 +167,8 @@ with lib;
###### implementation
config = mkIf config.services.ddclient.enable {
users = {
extraGroups.ddclient.gid = config.ids.gids.ddclient;
extraUsers.ddclient = {
uid = config.ids.uids.ddclient;
description = "ddclient daemon user";
group = "ddclient";
home = cfg.homeDir;
createHome = true;
};
};
environment.etc."ddclient.conf" = {
enable = cfg.configFile == "/etc/ddclient.conf";
uid = config.ids.uids.ddclient;
gid = config.ids.gids.ddclient;
mode = "0600";
text = configText;
};
@ -180,15 +179,22 @@ with lib;
after = [ "network.target" ];
restartTriggers = [ config.environment.etc."ddclient.conf".source ];
serviceConfig = {
RuntimeDirectory = "ddclient";
# we cannot run in forking mode as it swallows all the program output
Type = "simple";
User = "ddclient";
Group = "ddclient";
ExecStart = "${lib.getBin pkgs.ddclient}/bin/ddclient -foreground -file ${cfg.configFile}";
ProtectSystem = "full";
PrivateTmp = true;
serviceConfig = rec {
DynamicUser = true;
RuntimeDirectory = StateDirectory;
StateDirectory = builtins.baseNameOf dataDir;
Type = "oneshot";
ExecStartPre = "!${lib.getBin pkgs.coreutils}/bin/install -m666 ${cfg.configFile} /run/${RuntimeDirectory}/ddclient.conf";
ExecStart = "${lib.getBin pkgs.ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
};
};
systemd.timers.ddclient = {
description = "Run ddclient";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = cfg.interval;
OnUnitInactiveSec = cfg.interval;
};
};
};

31
nixos/modules/services/networking/dnscache.nix
View File

@ -9,12 +9,12 @@ let
mkdir -p $out/{servers,ip}
${concatMapStrings (ip: ''
echo > "$out/ip/"${lib.escapeShellArg ip}
touch "$out/ip/"${lib.escapeShellArg ip}
'') cfg.clientIps}
${concatStrings (mapAttrsToList (host: ips: ''
${concatMapStrings (ip: ''
echo ${lib.escapeShellArg ip} > "$out/servers/"${lib.escapeShellArg host}
echo ${lib.escapeShellArg ip} >> "$out/servers/"${lib.escapeShellArg host}
'') ips}
'') cfg.domainServers)}
@ -34,33 +34,49 @@ in {
options = {
services.dnscache = {
enable = mkOption {
default = false;
type = types.bool;
description = "Whether to run the dnscache caching dns server";
description = "Whether to run the dnscache caching dns server.";
};
ip = mkOption {
default = "0.0.0.0";
type = types.str;
description = "IP address on which to listen for connections";
description = "IP address on which to listen for connections.";
};
clientIps = mkOption {
default = [ "127.0.0.1" ];
type = types.listOf types.str;
description = "client IP addresses (or prefixes) from which to accept connections";
description = "Client IP addresses (or prefixes) from which to accept connections.";
example = ["192.168" "172.23.75.82"];
};
domainServers = mkOption {
default = { };
type = types.attrsOf (types.listOf types.str);
description = "table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts)";
description = ''
Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts).
If entry for @ is not specified predefined list of root servers is used.
'';
example = {
"example.com" = ["8.8.8.8" "8.8.4.4"];
"@" = ["8.8.8.8" "8.8.4.4"];
"example.com" = ["192.168.100.100"];
};
};
forwardOnly = mkOption {
default = false;
type = types.bool;
description = ''
Whether to treat root servers (for @) as caching
servers, requesting addresses the same way a client does. This is
needed if you want to use e.g. Google DNS as your upstream DNS.
'';
};
};
};
@ -82,6 +98,7 @@ in {
'';
script = ''
cd /var/lib/dnscache/
${optionalString cfg.forwardOnly "export FORWARDONLY=1"}
exec ./run
'';
};

2
nixos/modules/services/networking/iwd.nix
View File

@ -26,7 +26,7 @@ in {
wants = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.iwd}/bin/iwd";
serviceConfig.ExecStart = "${pkgs.iwd}/libexec/iwd";
};
};

3
nixos/modules/services/networking/murmur.nix
View File

@ -80,7 +80,7 @@ in
pidfile = mkOption {
type = types.path;
default = "/tmp/murmurd.pid";
default = "/run/murmur/murmurd.pid";
description = "Path to PID file for Murmur daemon.";
};
@ -252,6 +252,7 @@ in
serviceConfig = {
Type = "forking";
RuntimeDirectory = "murmur";
PIDFile = cfg.pidfile;
Restart = "always";
User = "murmur";

2
nixos/modules/services/networking/openvpn.nix
View File

@ -65,7 +65,7 @@ let
path = [ pkgs.iptables pkgs.iproute pkgs.nettools ];
serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --config ${configFile}";
serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --suppress-timestamps --config ${configFile}";
serviceConfig.Restart = "always";
serviceConfig.Type = "notify";
};

36
nixos/modules/services/networking/prosody.nix
View File

@ -295,6 +295,24 @@ in
'';
};
dataDir = mkOption {
type = types.string;
description = "Directory where Prosody stores its data";
default = "/var/lib/prosody";
};
user = mkOption {
type = types.str;
default = "prosody";
description = "User account under which prosody runs.";
};
group = mkOption {
type = types.str;
default = "prosody";
description = "Group account under which prosody runs.";
};
allowRegistration = mkOption {
type = types.bool;
default = false;
@ -421,11 +439,11 @@ in
environment.etc."prosody/prosody.cfg.lua".text = ''
pidfile = "/var/lib/prosody/prosody.pid"
pidfile = "/run/prosody/prosody.pid"
log = "*syslog"
data_path = "/var/lib/prosody"
data_path = "${cfg.dataDir}"
plugin_paths = {
${lib.concatStringsSep ", " (map (n: "\"${n}\"") cfg.extraPluginPaths) }
}
@ -469,15 +487,15 @@ in
'') cfg.virtualHosts) }
'';
users.extraUsers.prosody = {
users.extraUsers.prosody = mkIf (cfg.user == "prosody") {
uid = config.ids.uids.prosody;
description = "Prosody user";
createHome = true;
group = "prosody";
home = "/var/lib/prosody";
inherit (cfg) group;
home = "${cfg.dataDir}";
};
users.extraGroups.prosody = {
users.extraGroups.prosody = mkIf (cfg.group == "prosody") {
gid = config.ids.gids.prosody;
};
@ -488,9 +506,11 @@ in
wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."prosody/prosody.cfg.lua".source ];
serviceConfig = {
User = "prosody";
User = cfg.user;
Group = cfg.group;
Type = "forking";
PIDFile = "/var/lib/prosody/prosody.pid";
RuntimeDirectory = [ "prosody" ];
PIDFile = "/run/prosody/prosody.pid";
ExecStart = "${cfg.package}/bin/prosodyctl start";
};
};

2
nixos/modules/services/networking/quagga.nix
View File

@ -133,7 +133,7 @@ in
users.groups = {
quagga = {};
# Members of the quaggavty group can use vtysh to inspect the Quagga daemons
quaggavty = {};
quaggavty = { members = [ "quagga" ]; };
};
systemd.services =

112
nixos/modules/services/networking/shadowsocks.nix Normal file
View File

@ -0,0 +1,112 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.shadowsocks;
opts = {
server = cfg.localAddress;
server_port = cfg.port;
method = cfg.encryptionMethod;
mode = cfg.mode;
user = "nobody";
fast_open = true;
} // optionalAttrs (cfg.password != null) { password = cfg.password; };
configFile = pkgs.writeText "shadowsocks.json" (builtins.toJSON opts);
in
{
###### interface
options = {
services.shadowsocks = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to run shadowsocks-libev shadowsocks server.
'';
};
localAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
Local address to which the server binds.
'';
};
port = mkOption {
type = types.int;
default = 8388;
description = ''
Port which the server uses.
'';
};
password = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Password for connecting clients.
'';
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Password file with a password for connecting clients.
'';
};
mode = mkOption {
type = types.enum [ "tcp_only" "tcp_and_udp" "udp_only" ];
default = "tcp_and_udp";
description = ''
Relay protocols.
'';
};
encryptionMethod = mkOption {
type = types.str;
default = "chacha20-ietf-poly1305";
description = ''
Encryption method. See <link xlink:href="https://github.com/shadowsocks/shadowsocks-org/wiki/AEAD-Ciphers"/>.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
assertions = singleton
{ assertion = cfg.password == null || cfg.passwordFile == null;
message = "Cannot use both password and passwordFile for shadowsocks-libev";
};
systemd.services.shadowsocks-libev = {
description = "shadowsocks-libev Daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.shadowsocks-libev ] ++ optional (cfg.passwordFile != null) pkgs.jq;
serviceConfig.PrivateTmp = true;
script = ''
${optionalString (cfg.passwordFile != null) ''
cat ${configFile} | jq --arg password "$(cat "${cfg.passwordFile}")" '. + { password: $password }' > /tmp/shadowsocks.json
''}
exec ss-server -c ${if cfg.passwordFile != null then "/tmp/shadowsocks.json" else configFile}
'';
};
};
}

70
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -213,6 +213,65 @@ in
description = "Files from which authorized keys are read.";
};
kexAlgorithms = mkOption {
type = types.listOf types.str;
default = [
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
description = ''
Allowed key exchange algorithms
</para>
<para>
Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
'';
};
ciphers = mkOption {
type = types.listOf types.str;
default = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
description = ''
Allowed ciphers
</para>
<para>
Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
'';
};
macs = mkOption {
type = types.listOf types.str;
default = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
description = ''
Allowed MACs
</para>
<para>
Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html" />
and
<link xlink:href="https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29" />
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
@ -363,14 +422,9 @@ in
HostKey ${k.path}
'')}
### Recommended settings from both:
# https://stribika.github.io/2015/01/04/secure-secure-shell.html
# and
# https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
KexAlgorithms ${concatStringsSep "," cfg.kexAlgorithms}
Ciphers ${concatStringsSep "," cfg.ciphers}
MACs ${concatStringsSep "," cfg.macs}
# LogLevel VERBOSE logs user's key fingerprint on login.
# Needed to have a clear audit track of which key was used to log in.

7
nixos/modules/services/search/elasticsearch.nix
View File

@ -32,8 +32,11 @@ let
(if es5 then (pkgs.writeTextDir "log4j2.properties" cfg.logging)
else (pkgs.writeTextDir "logging.yml" cfg.logging))
];
# Elasticsearch 5.x won't start when the scripts directory does not exist
postBuild = if es5 then "${pkgs.coreutils}/bin/mkdir -p $out/scripts" else "";
postBuild = concatStringsSep "\n" (concatLists [
# Elasticsearch 5.x won't start when the scripts directory does not exist
(optional es5 "${pkgs.coreutils}/bin/mkdir -p $out/scripts")
(optional es6 "ln -s ${cfg.package}/config/jvm.options $out/jvm.options")
]);
};
esPlugins = pkgs.buildEnv {

10
nixos/modules/services/security/tor.nix
View File

@ -703,14 +703,10 @@ in
after = [ "network.target" ];
restartTriggers = [ torRcFile ];
# Translated from the upstream contrib/dist/tor.service.in
preStart = ''
install -o tor -g tor -d ${torDirectory}/onion ${torRunDirectory}
${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config
'';
serviceConfig =
{ Type = "simple";
# Translated from the upstream contrib/dist/tor.service.in
ExecStartPre = "${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config";
ExecStart = "${pkgs.tor}/bin/tor -f ${torRcFile} --RunAsDaemon 0";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
KillSignal = "SIGINT";
@ -725,6 +721,8 @@ in
# DeviceAllow /dev/urandom r
# .. but we can't specify DeviceAllow multiple times. 'closed'
# is close enough.
RuntimeDirectory = "tor";
StateDirectory = [ "tor" "tor/onion" ];
PrivateTmp = "yes";
DevicePolicy = "closed";
InaccessibleDirectories = "/home";

1
nixos/modules/services/torrent/transmission.nix
View File

@ -147,6 +147,7 @@ in
${getLib pkgs.libcap}/lib/libcap*.so* mr,
${getLib pkgs.attr}/lib/libattr*.so* mr,
${getLib pkgs.lz4}/lib/liblz4*.so* mr,
${getLib pkgs.libkrb5}/lib/lib*.so* mr,
@{PROC}/sys/kernel/random/uuid r,
@{PROC}/sys/vm/overcommit_memory r,

2
nixos/modules/services/web-apps/atlassian/jira.nix
View File

@ -155,7 +155,7 @@ in
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
path = [ cfg.jrePackage ];
path = [ cfg.jrePackage pkgs.bash ];
environment = {
JIRA_USER = cfg.user;

6
nixos/modules/services/web-apps/tt-rss.nix
View File

@ -466,10 +466,10 @@ let
'';
};
services.nginx = {
# NOTE: No configuration is done if not using virtual host
services.nginx = mkIf (cfg.virtualHost != null) {
enable = true;
# NOTE: No configuration is done if not using virtual host
virtualHosts = mkIf (cfg.virtualHost != null) {
virtualHosts = {
"${cfg.virtualHost}" = {
root = "${cfg.root}";

7
nixos/modules/services/web-servers/lighttpd/gitweb.nix
View File

@ -4,6 +4,9 @@ with lib;
let
cfg = config.services.gitweb;
package = pkgs.gitweb.override (optionalAttrs cfg.gitwebTheme {
gitwebTheme = true;
});
in
{
@ -34,8 +37,8 @@ in
"^/gitweb$" => "/gitweb/"
)
alias.url = (
"/gitweb/static/" => "${pkgs.git}/share/gitweb/static/",
"/gitweb/" => "${pkgs.git}/share/gitweb/gitweb.cgi"
"/gitweb/static/" => "${package}/static/",
"/gitweb/" => "${package}/gitweb.cgi"
)
setenv.add-environment = (
"GITWEB_CONFIG" => "${cfg.gitwebConfigFile}",

12
nixos/modules/services/web-servers/nginx/gitweb.nix
View File

@ -4,6 +4,9 @@ with lib;
let
cfg = config.services.gitweb;
package = pkgs.gitweb.override (optionalAttrs cfg.gitwebTheme {
gitwebTheme = true;
});
in
{
@ -24,7 +27,7 @@ in
systemd.services.gitweb = {
description = "GitWeb service";
script = "${pkgs.git}/share/gitweb/gitweb.cgi --fastcgi --nproc=1";
script = "${package}/gitweb.cgi --fastcgi --nproc=1";
environment = {
FCGI_SOCKET_PATH = "/run/gitweb/gitweb.sock";
};
@ -38,11 +41,10 @@ in
services.nginx = {
virtualHosts.default = {
locations."/gitweb/" = {
root = "${pkgs.git}/share";
tryFiles = "$uri @gitweb";
locations."/gitweb/static/" = {
alias = "${package}/static/";
};
locations."@gitweb" = {
locations."/gitweb/" = {
extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param GITWEB_CONFIG ${cfg.gitwebConfigFile};

4
nixos/modules/services/x11/xserver.nix
View File

@ -626,9 +626,7 @@ in
environment =
{
XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
LD_LIBRARY_PATH = concatStringsSep ":" (
[ "${xorg.libX11.out}/lib" "${xorg.libXext.out}/lib" "/run/opengl-driver/lib" ]
LD_LIBRARY_PATH = concatStringsSep ":" ([ "/run/opengl-driver/lib" ]
++ concatLists (catAttrs "libPath" cfg.drivers));
} // cfg.displayManager.job.environment;

11
nixos/modules/system/boot/grow-partition.nix
View File

@ -32,8 +32,15 @@ with lib;
rootDevice="${config.fileSystems."/".device}"
if [ -e "$rootDevice" ]; then
rootDevice="$(readlink -f "$rootDevice")"
parentDevice="$(lsblk -npo PKNAME "$rootDevice")"
TMPDIR=/run sh $(type -P growpart) "$parentDevice" "''${rootDevice#$parentDevice}"
parentDevice="$rootDevice"
while [ "''${parentDevice%[0-9]}" != "''${parentDevice}" ]; do
parentDevice="''${parentDevice%[0-9]}";
done
partNum="''${rootDevice#''${parentDevice}}"
if [ "''${parentDevice%[0-9]p}" != "''${parentDevice}" ] && [ -b "''${parentDevice%p}" ]; then
parentDevice="''${parentDevice%p}"
fi
TMPDIR=/run sh $(type -P growpart) "$parentDevice" "$partNum"
udevadm settle
fi
'';

4
nixos/modules/system/boot/kernel.nix
View File

@ -77,8 +77,8 @@ in
type = types.int;
default = 4;
description = ''
The kernel console log level. Log messages with a priority
numerically less than this will not appear on the console.
The kernel console <literal>loglevel</literal>. All Kernel Messages with a log level smaller
than this setting will be printed to the console.
'';
};

2
nixos/modules/system/boot/systemd-unit-options.nix
View File

@ -217,7 +217,7 @@ in rec {
environment = mkOption {
default = {};
type = types.attrs; # FIXME
type = with types; attrsOf (nullOr (either str package));
example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; };
description = "Environment variables passed to the service's processes.";
};

6
nixos/modules/system/boot/systemd.nix
View File

@ -137,7 +137,6 @@ let
# Slices / containers.
"slices.target"
"system.slice"
"user.slice"
"machine.slice"
"machines.target"
@ -516,7 +515,7 @@ in
};
systemd.globalEnvironment = mkOption {
type = types.attrs;
type = with types; attrsOf (nullOr (either str package));
default = {};
example = { TZ = "CET"; };
description = ''
@ -836,7 +835,8 @@ in
system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled
[ "DEVTMPFS" "CGROUPS" "INOTIFY_USER" "SIGNALFD" "TIMERFD" "EPOLL" "NET"
"SYSFS" "PROC_FS" "FHANDLE" "DMIID" "AUTOFS4_FS" "TMPFS_POSIX_ACL"
"SYSFS" "PROC_FS" "FHANDLE" "CRYPTO_USER_API_HASH" "CRYPTO_HMAC"
"CRYPTO_SHA256" "DMIID" "AUTOFS4_FS" "TMPFS_POSIX_ACL"
"TMPFS_XATTR" "SECCOMP"
];

2
nixos/modules/tasks/filesystems/exfat.nix
View File

@ -5,7 +5,7 @@ with lib;
{
config = mkIf (any (fs: fs == "exfat") config.boot.supportedFilesystems) {
system.fsPackages = [ pkgs.exfat-utils pkgs.fuse_exfat ];
system.fsPackages = [ pkgs.exfat ];
};
}

4
nixos/modules/tasks/filesystems/zfs.nix
View File

@ -305,6 +305,8 @@ in
}
];
virtualisation.lxd.zfsSupport = true;
boot = {
kernelModules = [ "spl" "zfs" ] ;
extraModulePackages = with packages; [ spl zfs ];
@ -452,7 +454,7 @@ in
}) snapshotNames);
systemd.timers = let
timer = name: if name == "frequent" then "*:15,30,45" else name;
timer = name: if name == "frequent" then "*:0,15,30,45" else name;
in builtins.listToAttrs (map (snapName:
{
name = "zfs-snapshot-${snapName}";

8
nixos/modules/virtualisation/azure-agent.nix
View File

@ -66,6 +66,10 @@ in
default = false;
description = "Whether to enable verbose logging.";
};
mountResourceDisk = mkOption {
default = true;
description = "Whether the agent should format (ext4) and mount the resource disk to /mnt/resource.";
};
};
###### implementation
@ -112,7 +116,7 @@ in
Provisioning.ExecuteCustomData=n
# Format if unformatted. If 'n', resource disk will not be mounted.
ResourceDisk.Format=y
ResourceDisk.Format=${if cfg.mountResourceDisk then "y" else "n"}
# File system on the resource disk
# Typically ext3 or ext4. FreeBSD images should use 'ufs2' here.
@ -181,7 +185,7 @@ in
after = [ "network-online.target" "sshd.service" ];
wants = [ "network-online.target" ];
path = [ pkgs.e2fsprogs ];
path = [ pkgs.e2fsprogs pkgs.bash ];
description = "Windows Azure Agent Service";
unitConfig.ConditionPathExists = "/etc/waagent.conf";
serviceConfig = {

18
nixos/modules/virtualisation/containers.nix
View File

@ -112,7 +112,7 @@ let
# If the host is 64-bit and the container is 32-bit, add a
# --personality flag.
${optionalString (config.nixpkgs.system == "x86_64-linux") ''
${optionalString (config.nixpkgs.localSystem.system == "x86_64-linux") ''
if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
extraFlags+=" --personality=x86"
fi
@ -255,7 +255,7 @@ let
};
system = config.nixpkgs.system;
system = config.nixpkgs.localSystem.system;
bindMountOpts = { name, config, ... }: {
@ -575,6 +575,16 @@ in
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
example = [ "--drop-capability=CAP_SYS_CHROOT" ];
description = ''
Extra flags passed to the systemd-nspawn command.
See systemd-nspawn(1) for details.
'';
};
} // networkOptions;
config = mkMerge
@ -714,7 +724,9 @@ in
${optionalString cfg.autoStart ''
AUTO_START=1
''}
EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts}"
EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts +
optionalString (cfg.extraFlags != [])
(" " + concatStringsSep " " cfg.extraFlags)}"
'';
}) config.containers;

5
nixos/modules/virtualisation/lxc.nix
View File

@ -74,6 +74,9 @@ in
systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];
security.apparmor.packages = [ pkgs.lxc ];
security.apparmor.profiles = [ "${pkgs.lxc}/etc/apparmor.d/lxc-containers" ];
security.apparmor.profiles = [
"${pkgs.lxc}/etc/apparmor.d/lxc-containers"
"${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
];
};
}

60
nixos/modules/virtualisation/lxd.nix
View File

@ -15,28 +15,34 @@ in
options = {
virtualisation.lxd.enable =
mkOption {
virtualisation.lxd = {
enable = mkOption {
type = types.bool;
default = false;
description =
''
This option enables lxd, a daemon that manages
containers. Users in the "lxd" group can interact with
the daemon (e.g. to start or stop containers) using the
<command>lxc</command> command line tool, among others.
'';
description = ''
This option enables lxd, a daemon that manages
containers. Users in the "lxd" group can interact with
the daemon (e.g. to start or stop containers) using the
<command>lxc</command> command line tool, among others.
'';
};
zfsSupport = mkOption {
type = types.bool;
default = false;
description = ''
enables lxd to use zfs as a storage for containers.
This option is enabled by default if a zfs pool is configured
with nixos.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages =
[ pkgs.lxd ];
environment.systemPackages = [ pkgs.lxd ];
security.apparmor = {
enable = true;
@ -47,31 +53,31 @@ in
packages = [ pkgs.lxc ];
};
systemd.services.lxd =
{ description = "LXD Container Management Daemon";
systemd.services.lxd = {
description = "LXD Container Management Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "systemd-udev-settle.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "systemd-udev-settle.service" ];
# TODO(wkennington): Add lvm2 and thin-provisioning-tools
path = with pkgs; [ acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ];
path = lib.optional cfg.zfsSupport pkgs.zfs;
preStart = ''
mkdir -m 0755 -p /var/lib/lxc/rootfs
'';
preStart = ''
mkdir -m 0755 -p /var/lib/lxc/rootfs
'';
serviceConfig.ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --syslog --group lxd";
serviceConfig.Type = "simple";
serviceConfig.KillMode = "process"; # when stopping, leave the containers alone
serviceConfig = {
ExecStart = "@${pkgs.lxd.bin}/bin/lxd lxd --group lxd";
Type = "simple";
KillMode = "process"; # when stopping, leave the containers alone
};
};
users.extraGroups.lxd.gid = config.ids.gids.lxd;
users.extraUsers.root = {
subUidRanges = [ { startUid = 1000000; count = 65536; } ];
subGidRanges = [ { startGid = 1000000; count = 65536; } ];
};
};
}

2
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -98,7 +98,7 @@ let
${qemuGraphics} \
${toString config.virtualisation.qemu.options} \
$QEMU_OPTS \
$@
"$@"
'';

11
nixos/release.nix
View File

@ -166,8 +166,12 @@ in rec {
inherit system;
});
sd_image = forMatchingSystems [ "aarch64-linux" ] (system: makeSdImage {
module = ./modules/installer/cd-dvd/sd-image-aarch64.nix;
sd_image = forMatchingSystems [ "armv6l-linux" "armv7l-linux" "aarch64-linux" ] (system: makeSdImage {
module = {
armv6l-linux = ./modules/installer/cd-dvd/sd-image-raspberrypi.nix;
armv7l-linux = ./modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix;
aarch64-linux = ./modules/installer/cd-dvd/sd-image-aarch64.nix;
}.${system};
inherit system;
});
@ -266,6 +270,7 @@ in rec {
tests.couchdb = callTest tests/couchdb.nix {};
tests.docker = callTestOnMatchingSystems ["x86_64-linux"] tests/docker.nix {};
tests.docker-tools = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools.nix {};
tests.docker-tools-overlay = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools-overlay.nix {};
tests.docker-edge = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-edge.nix {};
tests.dovecot = callTest tests/dovecot.nix {};
tests.dnscrypt-proxy = callTestOnMatchingSystems ["x86_64-linux"] tests/dnscrypt-proxy.nix {};
@ -365,7 +370,7 @@ in rec {
tests.prometheus = callTest tests/prometheus.nix {};
tests.prosody = callTest tests/prosody.nix {};
tests.proxy = callTest tests/proxy.nix {};
# tests.quagga = callTest tests/quagga.nix {};
tests.quagga = callTest tests/quagga.nix {};
tests.quake3 = callTest tests/quake3.nix {};
tests.rabbitmq = callTest tests/rabbitmq.nix {};
tests.radicale = callTest tests/radicale.nix {};

2
nixos/tests/containers-imperative.nix
View File

@ -15,7 +15,7 @@ import ./make-test.nix ({ pkgs, ...} : {
# container available within the VM, because we don't have network access.
virtualisation.pathsInNixDB = let
emptyContainer = import ../lib/eval-config.nix {
inherit (config.nixpkgs) system;
inherit (config.nixpkgs.localSystem) system;
modules = lib.singleton {
containers.foo.config = {};
};

32
nixos/tests/docker-tools-overlay.nix Normal file
View File

@ -0,0 +1,32 @@
# this test creates a simple GNU image with docker tools and sees if it executes
import ./make-test.nix ({ pkgs, ... }:
{
name = "docker-tools-overlay";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lnl7 ];
};
nodes = {
docker =
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
virtualisation.docker.storageDriver = "overlay"; # defaults to overlay2
};
};
testScript =
''
$docker->waitForUnit("sockets.target");
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version");
# Check if the nix store has correct user permissions depending on what
# storage driver is used, incorrectly built images can show up as readonly.
# drw------- 3 0 0 3 Apr 14 11:36 /nix
# drw------- 99 0 0 100 Apr 14 11:36 /nix/store
$docker->succeed("docker run --rm -u 1000:1000 ${pkgs.dockerTools.examples.bash.imageName} bash --version");
'';
})

6
nixos/tests/docker-tools.nix
View File

@ -3,7 +3,7 @@
import ./make-test.nix ({ pkgs, ... }: {
name = "docker-tools";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ ];
maintainers = [ lnl7 ];
};
nodes = {
@ -21,12 +21,12 @@ import ./make-test.nix ({ pkgs, ... }: {
$docker->waitForUnit("sockets.target");
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} /bin/bash --version");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version");
$docker->succeed("docker rmi ${pkgs.dockerTools.examples.bash.imageName}");
# Check if the nix store is correctly initialized by listing dependencies of the installed Nix binary
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.nix}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.nix.imageName} /bin/nix-store -qR ${pkgs.nix}");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.nix.imageName} nix-store -qR ${pkgs.nix}");
$docker->succeed("docker rmi ${pkgs.dockerTools.examples.nix.imageName}");
# To test the pullImage tool

19
nixos/tests/dovecot.nix
View File

@ -18,6 +18,18 @@ import ./make-test.nix {
MAIL
'';
sendTestMailViaDeliveryAgent = pkgs.writeScriptBin "send-lda" ''
#!${pkgs.stdenv.shell}
exec ${pkgs.dovecot}/libexec/dovecot/deliver -d bob <<MAIL
From: root@localhost
To: bob@localhost
Subject: Something else...
I'm running short of ideas!
MAIL
'';
testImap = pkgs.writeScriptBin "test-imap" ''
#!${pkgs.python3.interpreter}
import imaplib
@ -39,24 +51,25 @@ import ./make-test.nix {
pop = poplib.POP3('localhost')
try:
pop.user('alice')
pop.user('bob')
pop.pass_('foobar')
assert len(pop.list()[1]) == 1
status, fullmail, size = pop.retr(1)
assert status.startswith(b'+OK ')
body = b"".join(fullmail[fullmail.index(b""):]).strip()
assert body == b'Hello world!'
assert body == b"I'm running short of ideas!"
finally:
pop.quit()
'';
in [ sendTestMail testImap testPop ];
in [ sendTestMail sendTestMailViaDeliveryAgent testImap testPop ];
};
testScript = ''
$machine->waitForUnit('postfix.service');
$machine->waitForUnit('dovecot2.service');
$machine->succeed('send-testmail');
$machine->succeed('send-lda');
$machine->waitUntilFails('[ "$(postqueue -p)" != "Mail queue is empty" ]');
$machine->succeed('test-imap');
$machine->succeed('test-pop');

13
nixos/tests/gnome3-gdm.nix
View File

@ -26,15 +26,22 @@ import ./make-test.nix ({ pkgs, ...} : {
testScript =
''
# wait for gdm to start and bring up X
$machine->waitForUnit("display-manager.service");
$machine->waitForX;
$machine->sleep(15);
# wait for alice to be logged in
$machine->waitForUnit("default.target","alice");
# Check that logging in has given the user ownership of devices.
$machine->succeed("getfacl /dev/snd/timer | grep -q alice");
$machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'");
$machine->succeed("xauth merge ~alice/.Xauthority");
# open a terminal and check it's there
$machine->succeed("su - alice -c 'DISPLAY=:0.0 XAUTHORITY=/run/user/\$UID/gdm/Xauthority gnome-terminal'");
$machine->succeed("xauth merge /run/user/1000/gdm/Xauthority");
$machine->waitForWindow(qr/Terminal/);
# wait to get a nice screenshot
$machine->sleep(20);
$machine->screenshot("screen");
'';

4
nixos/tests/kernel-copperhead.nix
View File

@ -6,14 +6,14 @@ import ./make-test.nix ({ pkgs, ...} : {
machine = { config, lib, pkgs, ... }:
{
boot.kernelPackages = pkgs.linuxPackages_hardened_copperhead;
boot.kernelPackages = pkgs.linuxPackages_copperhead_hardened;
};
testScript =
''
$machine->succeed("uname -a");
$machine->succeed("uname -s | grep 'Linux'");
$machine->succeed("uname -a | grep '${pkgs.linuxPackages_hardened_copperhead.kernel.modDirVersion}'");
$machine->succeed("uname -a | grep '${pkgs.linuxPackages_copperhead_hardened.kernel.modDirVersion}'");
$machine->succeed("uname -a | grep 'hardened'");
'';
})

2
nixos/tests/systemd.nix
View File

@ -46,6 +46,8 @@ import ./make-test.nix {
testScript = ''
$machine->waitForX;
# wait for user services
$machine->waitForUnit("default.target","alice");
# Regression test for https://github.com/NixOS/nixpkgs/issues/35415
subtest "configuration files are recognized by systemd", sub {

4
pkgs/applications/altcoins/bitcoin-abc.nix
View File

@ -7,13 +7,13 @@ with stdenv.lib;
stdenv.mkDerivation rec {
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-abc-" + version;
version = "0.16.2";
version = "0.17.0";
src = fetchFromGitHub {
owner = "bitcoin-ABC";
repo = "bitcoin-abc";
rev = "v${version}";
sha256 = "0d5npn4p321jqsbqjxkbv0ncvs2hp9vdp30np6n8n53f896cxl92";
sha256 = "1s2y29h2q4fnbrfg2ig1cd3h7g3kdcdyrfq7znq1ndnh8xj1j489";
};
patches = [ ./fix-bitcoin-qt-build.patch ];

1
pkgs/applications/altcoins/dcrd.nix
View File

@ -29,5 +29,6 @@ buildGoPackage rec {
homepage = "https://decred.org";
description = "Decred daemon in Go (golang)";
license = with lib.licenses; [ isc ];
broken = stdenv.isLinux; # 2018-04-10
};
}

1
pkgs/applications/altcoins/dcrwallet.nix
View File

@ -38,5 +38,6 @@ buildGoPackage rec {
homepage = "https://decred.org";
description = "Decred daemon in Go (golang)";
license = with lib.licenses; [ isc ];
broken = stdenv.isLinux; # 2018-04-10
};
}

2
pkgs/applications/altcoins/default.nix
View File

@ -51,6 +51,8 @@ rec {
memorycoin = callPackage ./memorycoin.nix { boost = boost165; withGui = true; };
memorycoind = callPackage ./memorycoin.nix { boost = boost165; withGui = false; };
mist = callPackage ./mist.nix { };
namecoin = callPackage ./namecoin.nix { withGui = true; };
namecoind = callPackage ./namecoin.nix { withGui = false; };

1
pkgs/applications/altcoins/hevm.nix
View File

@ -55,6 +55,7 @@ lib.overrideDerivation (mkDerivation rec {
description = "Ethereum virtual machine evaluator";
license = stdenv.lib.licenses.agpl3;
maintainers = [stdenv.lib.maintainers.dbrock];
broken = true; # 2018-04-10
}) (attrs: {
buildInputs = attrs.buildInputs ++ [solc];
nativeBuildInputs = attrs.nativeBuildInputs ++ [makeWrapper];

2
pkgs/applications/altcoins/memorycoin.nix
View File

@ -51,6 +51,6 @@ stdenv.mkDerivation rec{
homepage = http://www.bitcoin.org/;
maintainers = with maintainers; [ AndersonTorres ];
license = licenses.mit;
platforms = subtractLists [ "aarch64-linux" ] platforms.unix;
platforms = [ "x86_64-linux" ];
};
}

71
pkgs/applications/altcoins/mist.nix Normal file
View File

@ -0,0 +1,71 @@
{ stdenv, lib, makeWrapper, fetchurl, unzip, atomEnv, makeDesktopItem, buildFHSUserEnv }:
let
version = "0.10.0";
name = "mist-${version}";
throwSystem = throw "Unsupported system: ${stdenv.system}";
meta = with stdenv.lib; {
description = "Browse and use Ðapps on the Ethereum network";
homepage = https://github.com/ethereum/mist;
license = licenses.gpl3;
maintainers = with maintainers; [];
platforms = [ "x86_64-linux" "i686-linux" ];
};
urlVersion = builtins.replaceStrings ["."] ["-"] version;
desktopItem = makeDesktopItem rec {
name = "Mist";
exec = "mist";
icon = "mist";
desktopName = name;
genericName = "Mist Browser";
categories = "Network;";
};
mist = stdenv.mkDerivation {
inherit name version;
src = {
i686-linux = fetchurl {
url = "https://github.com/ethereum/mist/releases/download/v${version}/Mist-linux32-${urlVersion}.zip";
sha256 = "01hvxlm9w522pwvsjdy18gsrapkfjr7d1jjl4bqjjysxnjaaj2lk";
};
x86_64-linux = fetchurl {
url = "https://github.com/ethereum/mist/releases/download/v${version}/Mist-linux64-${urlVersion}.zip";
sha256 = "01k17j7fdfhxfd26njdsiwap0xnka2536k9ydk32czd8db7ya9zi";
};
}.${stdenv.system} or throwSystem;
buildInputs = [ unzip makeWrapper ];
buildCommand = ''
mkdir -p $out/lib/mist $out/bin
unzip -d $out/lib/mist $src
ln -s $out/lib/mist/mist $out/bin
fixupPhase
mkdir -p $out/share/applications
ln -s ${desktopItem}/share/applications/* $out/share/applications
patchelf \
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath "${atomEnv.libPath}:$out/lib/mist" \
$out/lib/mist/mist
'';
};
in
buildFHSUserEnv {
name = "mist";
targetPkgs = pkgs: with pkgs; [
mist
];
extraInstallCommands = ''
mkdir -p "$out/share/applications"
cp "${desktopItem}/share/applications/"* $out/share/applications
'';
runScript = "mist";
}

4
pkgs/applications/audio/asunder/default.nix
View File

@ -12,11 +12,11 @@
with stdenv.lib;
stdenv.mkDerivation rec {
version = "2.9.2";
version = "2.9.3";
name = "asunder-${version}";
src = fetchurl {
url = "http://littlesvr.ca/asunder/releases/${name}.tar.bz2";
sha256 = "0vjbxrrjih4c673sc39wj5whp81xp9kmnwqxwzfnmhkky970rg5r";
sha256 = "1630i1df06y840v3fgdf75jxw1s8kwbfn5bhi0686viah0scccw5";
};
nativeBuildInputs = [ pkgconfig ];

4
pkgs/applications/audio/bitwig-studio/bitwig-studio2.nix
View File

@ -3,11 +3,11 @@
bitwig-studio1.overrideAttrs (oldAttrs: rec {
name = "bitwig-studio-${version}";
version = "2.2.2";
version = "2.3.1";
src = fetchurl {
url = "https://downloads.bitwig.com/stable/${version}/bitwig-studio-${version}.deb";
sha256 = "1x4wka32xlygmhdh9rb15s37zh5qjrgap2qk35y34c52lf5aak22";
sha256 = "18gghx0ygwh01cidj8mkf82l9qhq2dy1b3yc4ajksvj762yg6cf2";
};
buildInputs = bitwig-studio1.buildInputs ++ [ ffmpeg ];

6
pkgs/applications/audio/caps/default.nix
View File

@ -9,9 +9,13 @@ stdenv.mkDerivation rec {
patches = [
(fetchurl {
url = "https://anonscm.debian.org/cgit/pkg-multimedia/caps.git/plain/debian/patches/0001-Avoid-ambiguity-in-div-invocation.patch";
url = "https://salsa.debian.org/multimedia-team/caps/raw/9a99c225/debian/patches/0001-Avoid-ambiguity-in-div-invocation.patch";
sha256 = "1b1pb5yfskiw8zi1lkj572l2ajpirh4amq538vggwvlpv1fqfway";
})
(fetchurl {
url = "https://salsa.debian.org/multimedia-team/caps/raw/a411203d/debian/patches/0002-Use-standard-exp10f-instead-of-pow10f.patch";
sha256 = "18ciklnscabr77l8b89xmbagkk79w4iqfpzr2yhn2ywv2jp8akx9";
})
];
configurePhase = ''

58
pkgs/applications/audio/chuck/clang.patch Normal file
View File

@ -0,0 +1,58 @@
diff --git a/src/ugen_osc.cpp b/src/ugen_osc.cpp
index 6b93c6b..dbefe4f 100644
--- a/src/ugen_osc.cpp
+++ b/src/ugen_osc.cpp
@@ -1232,7 +1232,7 @@ CK_DLL_CTRL( gen5_coeffs )
Chuck_Array8 * in_args = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen10coeffs, %d\n", weights);
- if(in_args<0) return;
+ if(in_args!=0) return;
size = in_args->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1287,7 +1287,7 @@ CK_DLL_CTRL( gen7_coeffs )
Chuck_Array8 * in_args = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen10coeffs, %d\n", weights);
- if(in_args<0) return;
+ if(in_args!=0) return;
size = in_args->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1340,7 +1340,7 @@ CK_DLL_CTRL( gen9_coeffs )
Chuck_Array8 * weights = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen10coeffs, %d\n", weights);
- if(weights<0) return;
+ if(weights!=0) return;
size = weights->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1390,7 +1390,7 @@ CK_DLL_CTRL( gen10_coeffs )
Chuck_Array8 * weights = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen10coeffs, %d\n", weights);
- if(weights<0) return;
+ if(weights!=0) return;
size = weights->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1441,7 +1441,7 @@ CK_DLL_CTRL( gen17_coeffs )
Chuck_Array8 * weights = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen17coeffs, %d\n", weights);
- if(weights<0) return;
+ if(weights!=0) return;
size = weights->size();
if(size >= genX_MAX_COEFFS) size = genX_MAX_COEFFS - 1;
@@ -1502,7 +1502,7 @@ CK_DLL_CTRL( curve_coeffs )
Chuck_Array8 * weights = (Chuck_Array8 *)GET_CK_OBJECT(ARGS);
// fprintf(stdout, "calling gen17coeffs, %d\n", weights);
- if(weights<0) goto done;
+ if(weights!=0) goto done;
nargs = weights->size();
if (nargs < 5 || (nargs % 3) != 2) { // check number of args

19
pkgs/applications/audio/chuck/default.nix
View File

@ -1,4 +1,6 @@
{ stdenv, fetchurl, alsaLib, bison, flex, libsndfile, which }:
{ stdenv, fetchurl, alsaLib, bison, flex, libsndfile, which
, AppKit, Carbon, CoreAudio, CoreMIDI, CoreServices, Kernel
}:
stdenv.mkDerivation rec {
version = "1.3.5.2";
@ -10,19 +12,24 @@ stdenv.mkDerivation rec {
};
buildInputs = [ bison flex libsndfile which ]
++ stdenv.lib.optional (!stdenv.isDarwin) alsaLib;
++ stdenv.lib.optional (!stdenv.isDarwin) alsaLib
++ stdenv.lib.optional stdenv.isDarwin [ AppKit Carbon CoreAudio CoreMIDI CoreServices Kernel ];
patches = [ ./darwin-limits.patch ];
patches = [ ./clang.patch ./darwin-limits.patch ];
NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.isDarwin "-Wno-missing-sysroot";
NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isDarwin "-framework MultitouchSupport";
postPatch = ''
substituteInPlace src/makefile --replace "/usr/bin" "$out/bin"
substituteInPlace src/makefile.osx --replace "xcodebuild" "/usr/bin/xcodebuild"
substituteInPlace src/makefile.osx --replace "weak_framework" "framework"
substituteInPlace src/makefile.osx --replace "MACOSX_DEPLOYMENT_TARGET=10.5" "MACOSX_DEPLOYMENT_TARGET=$MACOSX_DEPLOYMENT_TARGET"
'';
buildPhase =
stdenv.lib.optionals stdenv.isLinux ["make -C src linux-alsa"] ++
stdenv.lib.optionals stdenv.isDarwin ["make -C src osx"];
buildPhase = ''
make -C src ${if stdenv.isDarwin then "osx" else "linux-alsa"}
'';
installPhase = ''
install -Dm755 ./src/chuck $out/bin/chuck

11
pkgs/applications/audio/eq10q/default.nix
View File

@ -1,4 +1,5 @@
{ stdenv, fetchurl, cmake, fftw, gtkmm2, libxcb, lv2, pkgconfig, xorg }:
{ stdenv, fetchurl, fetchpatch, cmake, fftw, gtkmm2, libxcb, lv2, pkgconfig
, xorg }:
stdenv.mkDerivation rec {
name = "eq10q-${version}";
version = "2.2";
@ -10,6 +11,14 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ cmake fftw gtkmm2 libxcb lv2 xorg.libpthreadstubs xorg.libXdmcp xorg.libxshmfence ];
patches = [
(fetchpatch {
# glibc 2.27 compatibility
url = https://sources.debian.org/data/main/e/eq10q/2.2~repack0-2.1/debian/patches/05-pow10.patch;
sha256 = "07b0wf6k4xqgigv4h095bzfaw8r218wa36r9w1817jcys13r6c5r";
})
];
installFlags = ''
DESTDIR=$(out)
'';

2
pkgs/applications/audio/faust/faust1.nix
View File

@ -49,7 +49,7 @@ let
# faust.wrapWithBuildEnv.
postInstall = ''
# syntax error when eval'd directly
pattern="faust2!(svg)"
pattern="faust2!(*@(atomsnippets|graph|graphviewer|md|plot|sig|sigviewer|svg))"
(shopt -s extglob; rm "$out"/bin/$pattern)
'';

2
pkgs/applications/audio/faust/faust2.nix
View File

@ -78,7 +78,7 @@ let
# faust.wrapWithBuildEnv.
postInstall = ''
# syntax error when eval'd directly
pattern="faust2!(svg)"
pattern="faust2!(*@(atomsnippets|graph|graphviewer|md|plot|sig|sigviewer|svg))"
(shopt -s extglob; rm "$out"/bin/$pattern)
'';

4
pkgs/applications/audio/flacon/default.nix
View File

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
name = "flacon-${version}";
version = "4.0.0";
version = "4.1.0";
src = fetchFromGitHub {
owner = "flacon";
repo = "flacon";
rev = "v${version}";
sha256 = "0l0xbzpy4nnr08z7gqvb4ngrjwzpspa382cbcrpkya3nd40987kr";
sha256 = "1sw2v2w3s79lbzhkf96m8lwvag824am7rwfzzsi8bz6sa6krmj0m";
};
nativeBuildInputs = [ cmake pkgconfig makeWrapper ];

4
pkgs/applications/audio/fluidsynth/default.nix
View File

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
name = "fluidsynth-${version}";
version = "1.1.9";
version = "1.1.10";
src = fetchFromGitHub {
owner = "FluidSynth";
repo = "fluidsynth";
rev = "v${version}";
sha256 = "0krvmb1idnf95l2ydzfcb08ayyx3n4m71hf9fgwv3srzaikvpf3q";
sha256 = "04jlgq1d1hd8r9cnmkl3lgf1fgm7kgy4hh9nfddap41fm1wp121p";
};
nativeBuildInputs = [ pkgconfig cmake ];

1
pkgs/applications/audio/mi2ly/default.nix
View File

@ -36,5 +36,6 @@ stdenv.mkDerivation {
license = stdenv.lib.licenses.gpl2Plus ;
maintainers = [stdenv.lib.maintainers.raskin];
platforms = stdenv.lib.platforms.linux;
broken = true; # 2018-04-11
};
}

0
pkgs/applications/audio/mopidy-gmusic/default.nix → pkgs/applications/audio/mopidy/gmusic.nix
View File

7
pkgs/applications/audio/mopidy-iris/default.nix → pkgs/applications/audio/mopidy/iris.nix
View File

@ -2,11 +2,11 @@
pythonPackages.buildPythonApplication rec {
pname = "Mopidy-Iris";
version = "3.14.2";
version = "3.17.1";
src = pythonPackages.fetchPypi {
inherit pname version;
sha256 = "19affzk45wby50gwxwzqgwa7h7618lcs48ngdsa06sd66s8x2fza";
sha256 = "02k1br077v9c5x6nn0391vh28pvn1zjbkjv8h508vy7k6ch2xjyq";
};
propagatedBuildInputs = [
@ -17,8 +17,11 @@ pythonPackages.buildPythonApplication rec {
pylast
spotipy
raven
tornado
]);
postPatch = "sed -i /tornado/d setup.py";
# no tests implemented
doCheck = false;

0
pkgs/applications/audio/mopidy-local-images/default.nix → pkgs/applications/audio/mopidy/local-images.nix
View File

0
pkgs/applications/audio/mopidy-local-sqlite/default.nix → pkgs/applications/audio/mopidy/local-sqlite.nix
View File

Some files were not shown because too many files have changed in this diff Show More