nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-25 16:33:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge master into PR

Browse Source 
Conflicts:
	pkgs/top-level/all-packages.nix
This commit is contained in:
Vladimír Čunát 2014-08-14 14:27:54 +02:00
commit 0cc668bc1a
3542 changed files with 30452 additions and 13149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -9,3 +9,5 @@ result-*
/doc/manual.html
/doc/manual.pdf
.version-suffix
.DS_Store

6
doc/Makefile
View File

@ -21,18 +21,18 @@ all: NEWS.html NEWS.txt manual.html manual.pdf
NEWS.html: release-notes.xml
$(XSLTPROC) --nonet --xinclude --output $@ $(NEWS_OPTS) \
$(docbookxsl)/html/docbook.xsl release-notes.xml
$(docbookxsl)/xhtml/docbook.xsl release-notes.xml
NEWS.txt: release-notes.xml
$(XSLTPROC) --nonet --xinclude quote-literals.xsl release-notes.xml | \
$(XSLTPROC) --nonet --output $@.tmp.html $(NEWS_OPTS) \
$(docbookxsl)/html/docbook.xsl -
$(docbookxsl)/xhtml/docbook.xsl -
LANG=en_US w3m -dump $@.tmp.html > $@
rm $@.tmp.html
manual.html: *.xml
$(XSLTPROC) --nonet --xinclude --output manual.html \
$(docbookxsl)/html/docbook.xsl manual.xml
$(docbookxsl)/xhtml/docbook.xsl manual.xml
manual.pdf: *.xml
$(dblatex) \

21
doc/contributing.xml Normal file
View File

@ -0,0 +1,21 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="chap-contributing">
<title>Contributing</title>
<para>If you make modifications to the manual, it's important to build the manual before contributing:</para>
<orderedlist>
<listitem><para><command>$ git clone git://github.com/NixOS/nixpkgs.git</command></para></listitem>
<listitem><para><command>$ cd nixpkgs/pkgs/top-level</command></para></listitem>
<listitem><para><command>$ nix-build -A tarball release.nix</command></para></listitem>
<listitem><para>Inside the built derivation you shall see <literal>manual/index.html</literal> file.</para></listitem>
</orderedlist>
</chapter>

1
doc/manual.xml
View File

@ -32,6 +32,7 @@
<xi:include href="language-support.xml" />
<xi:include href="package-notes.xml" />
<xi:include href="coding-conventions.xml" />
<xi:include href="contributing.xml" />
</book>

164
doc/meta.xml
View File

@ -17,7 +17,9 @@ meta = {
It is fully customizable.
'';
homepage = http://www.gnu.org/software/hello/manual/;
license = "GPLv3+";
license = stdenv.lib.licenses.gpl3Plus;
maintainers = [ stdenv.lib.maintainers.eelco ];
platforms = stdenv.lib.platforms.all;
};
</programlisting>
@ -31,16 +33,42 @@ the package. The value of a meta-attribute must a string.</para>
command-line using <command>nix-env</command>:
<screen>
$ nix-env -qa hello --meta --xml
&lt;?xml version='1.0' encoding='utf-8'?>
&lt;items>
&lt;item attrPath="hello" name="hello-2.3" system="i686-linux">
&lt;meta name="description" value="A program that produces a familiar, friendly greeting" />
&lt;meta name="homepage" value="http://www.gnu.org/software/hello/manual/" />
&lt;meta name="license" value="GPLv3+" />
&lt;meta name="longDescription" value="GNU Hello is a program that prints &amp;quot;Hello, world!&amp;quot; when you run it.&amp;#xA;It is fully customizable.&amp;#xA;" />
&lt;/item>
&lt;/items>
$ nix-env -qa hello --meta --json
{
"hello": {
"meta": {
"description": "A program that produces a familiar, friendly greeting",
"homepage": "http://www.gnu.org/software/hello/manual/",
"license": {
"fullName": "GNU General Public License version 3 or later",
"shortName": "GPLv3+",
"url": "http://www.fsf.org/licensing/licenses/gpl.html"
},
"longDescription": "GNU Hello is a program that prints \"Hello, world!\" when you run it.\nIt is fully customizable.\n",
"maintainers": [
"Ludovic Court\u00e8s &lt;ludo@gnu.org>"
],
"platforms": [
"i686-linux",
"x86_64-linux",
"armv5tel-linux",
"armv7l-linux",
"mips64el-linux",
"x86_64-darwin",
"i686-cygwin",
"i686-freebsd",
"x86_64-freebsd",
"i686-openbsd",
"x86_64-openbsd"
],
"position": "/home/user/dev/nixpkgs/pkgs/applications/misc/hello/ex-2/default.nix:14"
},
"name": "hello-2.9",
"system": "x86_64-linux"
}
}
</screen>
<command>nix-env</command> knows about the
@ -92,20 +120,23 @@ interpretation:</para>
<varlistentry>
<term><varname>license</varname></term>
<listitem><para>The license for the package. See below for the
allowed values.</para></listitem>
<listitem><para>The license for the package. One from attribute set defined in
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix">
<filename>nixpkgs/lib/licenses.nix</filename></link>.
Example:
<literal>stdenv.lib.licenses.gpl3</literal>.</para></listitem>
See details in <xref linkend='sec-meta-license'/>,
</varlistentry>
<varlistentry>
<term><varname>maintainers</varname></term>
<listitem><para>A list of names and e-mail addresses of the
maintainers of this Nix expression, e.g. <literal>["Alice
&lt;alice@example.org>" "Bob &lt;bob@example.com>"]</literal>. If
you are the maintainer of multiple packages, you may want to add
maintainers of this Nix expression. If
you would like to be a maintainer of a package, you may want to add
yourself to <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/lib/maintainers.nix"><filename>pkgs/lib/maintainers.nix</filename></link>
and write something like <literal>[stdenv.lib.maintainers.alice
stdenv.lib.maintainers.bob]</literal>.</para></listitem>
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/maintainers.nix"><filename>nixpkgs/lib/maintainers.nix</filename></link>
and write something like <literal>[ stdenv.lib.maintainers.alice
stdenv.lib.maintainers.bob ]</literal>.</para></listitem>
</varlistentry>
<varlistentry>
@ -121,29 +152,25 @@ interpretation:</para>
<varlistentry>
<term><varname>platforms</varname></term>
<listitem><para>The list of Nix platform types on which the
package is supported. If this attribute is set, the package will
refuse to build, and wont show up in <literal>nix-env
-qa</literal> output, on any platform not listed
here. An example is:
package is supported. Hydra builds packages according to the
platform specified. If no platform is specified, the package does
not have prebuilt binaries. An example is:
<programlisting>
meta.platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" ];
</programlisting>
The set <varname>lib.platforms</varname> defines various common
lists of platforms types, so its more typical to write:
<programlisting>
meta.platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
meta.platforms = stdenv.lib.platforms.linux;
</programlisting>
Attribute Set <varname>stdenv.lib.platforms</varname> in
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/platforms.nix">
<filename>nixpkgs/lib/platforms.nix</filename></link> defines various common
lists of platforms types.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>hydraPlatforms</varname></term>
<listitem><para>The list of Nix platform types for which the Hydra
instance at <literal>hydra.nixos.org</literal> should build the
instance at <literal>hydra.nixos.org</literal> will build the
package. (Hydra is the Nix-based continuous build system.) It
defaults to the value of <varname>meta.platforms</varname>. Thus,
the only reason to set <varname>meta.hydraPlatforms</varname> is
@ -176,80 +203,23 @@ meta.hydraPlatforms = [];
<section xml:id="sec-meta-license"><title>Licenses</title>
<note><para>This is just a first attempt at standardising the license
attribute.</para></note>
<para>The <varname>meta.license</varname> attribute must be one of the
following:
<para>The <varname>meta.license</varname> attribute should preferrably contain
a value from <varname>stdenv.lib.licenses</varname> defined in
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix">
<filename>nixpkgs/lib/licenses.nix</filename></link>,
or in-place license description of the same format if the license is
unlikely to be useful in another expression.
A few generic options are available, although it's typically better
to indicate the specific license:
<variablelist>
<varlistentry>
<term><varname>GPL</varname></term>
<listitem><para>GNU General Public License; version not
specified.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>GPLv2</varname></term>
<listitem><para>GNU General Public License, version
2.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>GPLv2+</varname></term>
<listitem><para>GNU General Public License, version
2 or higher.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>GPLv3</varname></term>
<listitem><para>GNU General Public License, version
3.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>GPLv3+</varname></term>
<listitem><para>GNU General Public License, version
3 or higher.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>bsd</varname></term>
<listitem><para>Catch-all for licenses that are essentially
similar to <link
xlink:href="http://www.gnu.org/licenses/license-list.html#ModifiedBSD">the
original BSD license with the advertising clause removed</link>,
i.e. permissive non-copyleft free software licenses. This
includes the <link
xlink:href="http://www.gnu.org/licenses/license-list.html#X11License">X11
(“MIT”) License</link>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>perl5</varname></term>
<listitem><para>The Perl 5 license (Artistic License, version 1
and GPL, version 1 or later).</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>free</varname></term>
<listitem><para>Catch-all for free software licenses not listed
above.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>free-copyleft</varname></term>
<listitem><para>Catch-all for free, copyleft software licenses not
listed above.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>free-non-copyleft</varname></term>
<listitem><para>Catch-all for free, non-copyleft software licenses
not listed above.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>unfree-redistributable</varname></term>
<listitem><para>Unfree package that can be redistributed in binary

14
doc/quick-start.xml
View File

@ -155,9 +155,10 @@ $ git add pkgs/development/libraries/libfoo/default.nix</screen>
</listitem>
<listitem>
<para>You can use <command>nix-prefetch-url</command>
<para>You can use <command>nix-prefetch-url</command> (or similar nix-prefetch-git, etc)
<replaceable>url</replaceable> to get the SHA-256 hash of
source distributions.</para>
source distributions. There are similar commands as <command>nix-prefetch-git</command> and
<command>nix-prefetch-hg</command> available in <literal>nix-prefetch-scripts</literal> package.</para>
</listitem>
<listitem>
@ -221,17 +222,10 @@ $ nix-env -f . -iA libfoo</screen>
</listitem>
<listitem>
<para>Optionally commit the new package, or send a patch to
<para>Optionally commit the new package and open a pull request, or send a patch to
<literal>nix-dev@cs.uu.nl</literal>.</para>
</listitem>
<listitem>
<para>If you want the TU Delft build farm to build binaries of the
package and make them available in the <link
xlink:href="http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/"><literal>nixpkgs</literal>
channel</link>, add it to <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/release.nix"><filename>pkgs/top-level/release.nix</filename></link>.</para>
</listitem>
</orderedlist>

333
lib/licenses.nix
View File

@ -1,25 +1,24 @@
{
/* License identifiers loosely based on: http://fedoraproject.org/wiki/Licensing
let
spdx = lic: lic // {
url = "http://spdx.org/licenses/${lic.shortName}";
};
in
rec {
/* License identifiers from spdx.org where possible.
* If you cannot find your license here, then look for a similar license or
* add it to this list. The URL mentioned above is a good source for inspiration.
*/
artistic2 = {
shortName = "Artistic 2.0";
fullName = "Artistic 2.0";
url = "http://opensource.org/licenses/artistic-license-2.0.php";
};
agpl3 = {
shortName = "AGPLv3";
fullName = "GNU Affero General Public License version 3 only";
url = https://www.gnu.org/licenses/agpl.html;
agpl3 = spdx {
shortName = "AGPL-3.0";
fullName = "GNU Affero General Public License v3.0";
};
agpl3Plus = {
shortName = "AGPLv3+";
fullName = "GNU Affero General Public License version 3 or later";
url = https://www.gnu.org/licenses/agpl.html;
shortName = "AGPL-3.0+";
fullName = "GNU Affero General Public License v3.0 or later";
inherit (agpl3) url;
};
amd = {
@ -28,118 +27,149 @@
url = http://developer.amd.com/amd-license-agreement/;
};#
apsl20 = {
shortName = "APSL 2.0";
apsl20 = spdx {
shortName = "APSL-2.0";
fullName = "Apple Public Source License 2.0";
url = http://opensource.org/licenses/APSL-2.0;
};
asl20 = {
shortName = "ASL2.0";
fullName = "Apache Software License 2.0";
url = http://www.apache.org/licenses/LICENSE-2.0;
artistic2 = spdx {
shortName = "Artistic-2.0";
fullName = "Artistic License 2.0";
};
boost = {
shortName = "boost";
fullName = "Boost Software License";
url = http://www.boost.org/LICENSE_1_0.txt;
asl20 = spdx {
shortName = "Apache-2.0";
fullName = "Apache License 2.0";
};
bsd2 = {
shortName = "BSD-2";
fullName = "BSD license (2 clause)";
url = http://opensource.org/licenses/BSD-2-Clause;
boost = spdx {
shortName = "BSL-1.0";
fullName = "Boost Software License 1.0";
};
bsd3 = {
shortName = "BSD-3";
fullName = "BSD license (3 clause)";
url = http://opensource.org/licenses/BSD-3-Clause;
bsd2 = spdx {
shortName = "BSD-2-Clause";
fullName = ''BSD 2-clause "Simplified" License'';
};
bsdOriginal = {
shortName = "BSD-original";
fullName = "Original BSD license with advertising clause";
url = https://fedoraproject.org/wiki/Licensing/BSD;
bsd3 = spdx {
shortName = "BSD-3-Clause";
fullName = ''BSD 3-clause "New" or "Revised" License'';
};
cc-by-30 = {
shortName = "CC BY 3.0";
bsdOriginal = spdx {
shortName = "BSD-4-Clause";
fullName = ''BSD 4-clause "Original" or "Old" License'';
};
cc-by-30 = spdx {
shortName = "CC-BY-3.0";
fullName = "Creative Commons Attribution 3.0";
url = http://creativecommons.org/licenses/by/3.0;
};
cddl = {
shortName = "CDDL";
fullName = "Common Development Distribution License ";
url = http://www.opensolaris.org/os/licensing/cddllicense.txt;
cddl = spdx {
shortName = "CDDL-1.0";
fullName = "Common Development and Distribution License 1.0";
};
cpl10 = {
shortName = "CPL 1.0";
fullName = "Common Public License version 1.0";
url = http://www.eclipse.org/legal/cpl-v10.html;
cecill-c = spdx {
shortName = "CECILL-C";
fullName = "CeCILL-C Free Software License Agreement";
};
epl10 = {
shortName = "EPL 1.0";
fullName = "Eclipse Public License version 1.0";
url = http://www.eclipse.org/legal/epl-v10.html;
cpl10 = spdx {
shortName = "CPL-1.0";
fullName = "Common Public License 1.0";
};
gpl2 = {
shortName = "GPLv2";
fullName = "GNU General Public License version 2";
url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
epl10 = spdx {
shortName = "EPL-1.0";
fullName = "Eclipse Public License 1.0";
};
free = "free";
gpl2 = spdx {
shortName = "GPL-2.0";
fullName = "GNU General Public License v2.0 only";
};
gpl2Oss = {
shortName = "GPLv2+OSS";
shortName = "GPL-2.0-with-OSS";
fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)";
url = http://www.mysql.com/about/legal/licensing/foss-exception;
};
gpl2Plus = {
shortName = "GPLv2+";
fullName = "GNU General Public License version 2 or later";
url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
gpl2Plus = spdx {
shortName = "GPL-2.0+";
fullName = "GNU General Public License v2.0 or later";
};
gpl3 = {
shortName = "GPLv3";
fullName = "GNU General Public License version 3 only";
url = http://www.fsf.org/licensing/licenses/gpl.html;
gpl3 = spdx {
shortName = "GPL-3.0";
fullName = "GNU General Public License v3.0 only";
};
gpl3Plus = {
shortName = "GPLv3+";
fullName = "GNU General Public License version 3 or later";
url = http://www.fsf.org/licensing/licenses/gpl.html;
gpl3Plus = spdx {
shortName = "GPL-3.0+";
fullName = "GNU General Public License v3.0 or later";
};
gpl3ClasspathPlus = {
shortName = "GPLv3+classpath+";
fullName = "GNU General Public License version 3 or later (with Classpath exception)";
shortName = "GPL-3.0+-with-classpath-exception";
fullName = "GNU General Public License v3.0 or later (with Classpath exception)";
url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
};
isc = {
inria = {
shortName = "INRIA-NCLA";
fullName = "INRIA Non-Commercial License Agreement";
url = "http://compcert.inria.fr/doc/LICENSE";
};
ipa = spdx {
shortName = "IPA";
fullName = "IPA Font License";
};
ipl10 = spdx {
shortName = "IPL-1.0";
fullName = "IBM Public License v1.0";
};
isc = spdx {
shortName = "ISC";
fullName = "Internet Systems Consortium License";
url = http://www.opensource.org/licenses/ISC;
fullName = "ISC License";
};
ipl10 = {
shortName = "IPL 1.0";
fullName = "IBM Public License Version 1.0";
url = http://www.ibm.com/developerworks/opensource/library/os-i18n2/os-ipl.html;
lgpl2 = spdx {
shortName = "LGPL-2.0";
fullName = "GNU Library General Public License v2 only";
};
ijg = {
shortName = "IJG";
fullName = "Independent JPEG Group License";
url = https://fedoraproject.org/wiki/Licensing/IJG;
lgpl2Plus = spdx {
shortName = "LGPL-2.0+";
fullName = "GNU Library General Public License v2 or later";
};
lgpl21 = spdx {
shortName = "LGPL-2.1";
fullName = "GNU Library General Public License v2.1 only";
};
lgpl21Plus = spdx {
shortName = "LGPL-2.1+";
fullName = "GNU Library General Public License v2.1 or later";
};
lgpl3 = spdx {
shortName = "LGPL-3.0";
fullName = "GNU Lesser General Public License v3.0 only";
};
lgpl3Plus = spdx {
shortName = "LGPL-3.0+";
fullName = "GNU Lesser General Public License v3.0 or later";
};
libtiff = {
@ -148,76 +178,47 @@
url = https://fedoraproject.org/wiki/Licensing/libtiff;
};
lgpl2 = {
shortName = "LGPLv2";
fullName = "GNU Library General Public License version 2";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
};
lgpl2Plus = {
shortName = "LGPLv2+";
fullName = "GNU Library General Public License version 2 or later";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
};
lgpl21 = {
shortName = "LGPLv2.1";
fullName = "GNU Lesser General Public License version 2.1";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html;
};
lgpl21Plus = {
shortName = "LGPLv2.1+";
fullName = "GNU Lesser General Public License version 2.1 or later";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html;
};
llgpl21 = {
shortName = "LLGPLv2.1";
shortName = "LLGPL-2.1";
fullName = "Lisp LGPL; GNU Lesser General Public License version 2.1 with Franz Inc. preamble for clarification of LGPL terms in context of Lisp";
url = http://opensource.franz.com/preamble.html;
};
lgpl3 = {
shortName = "LGPLv3";
fullName = "GNU Lesser General Public License version 3 only";
url = http://www.fsf.org/licensing/licenses/lgpl.html;
};
lgpl3Plus = {
shortName = "LGPLv3+";
fullName = "GNU Lesser General Public License version 3 or later";
url = http://www.fsf.org/licensing/licenses/lgpl.html;
};
mit = {
mit = spdx {
shortName = "MIT";
fullName = "MIT/X11 license";
url = http://www.opensource.org/licenses/mit-license.php;
fullName = "MIT License";
};
mpl11 = {
shortName = "MPL1.1";
fullName = "Mozilla Public License version 1.1";
url = http://www.mozilla.org/MPL/MPL-1.1.html;
mpl11 = spdx {
shortName = "MPL-1.1";
fullName = "Mozilla Public License 1.1";
};
mpl20 = {
shortName = "MPL2.0";
fullName = "Mozilla Public License version 2.0";
url = https://www.mozilla.org/MPL/2.0;
mpl20 = spdx {
shortName = "MPL-2.0";
fullName = "Mozilla Public License 2.0";
};
ofl = {
shortName = "OFL";
fullName = "SIL Open Font License";
url = "http://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&id=OFL_web";
msrla = {
shortName = "MSR-LA";
fullName = "Microsoft Research License Agreement";
url = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
};
openssl = {
shortName = "openssl";
fullName = "OpenSSL license";
url = http://www.openssl.org/source/license.html;
ofl = spdx {
shortName = "OFL-1.1";
fullName = "SIL Open Font License 1.1";
};
openssl = spdx {
shortName = "OpenSSL";
fullName = "OpenSSL License";
};
psfl = spdx {
shortName = "Python-2.0";
fullName = "Python Software Foundation License version 2";
#url = http://docs.python.org/license.html;
};
publicDomain = {
@ -225,10 +226,9 @@
fullname = "Public Domain";
};
psfl = {
shortName = "PSFL";
fullName = "Python Software Foundation License";
url = http://docs.python.org/license.html;
sleepycat = spdx {
shortName = "Sleepycat";
fullName = "Sleepycat License";
};
tcltk = {
@ -243,45 +243,26 @@
unfreeRedistributableFirmware = "unfree-redistributable-firmware";
zlib = {
shortName = "zlib";
fullName = "zlib license";
url = http://www.gzip.org/zlib/zlib_license.html;
wadalab = {
shortName = "wadalab";
fullName = "Wadalab Font License";
url = https://fedoraproject.org/wiki/Licensing:Wadalab?rd=Licensing/Wadalab;
};
zpt20 = {
shortName = "ZPT2.0";
zlib = spdx {
shortName = "Zlib";
fullName = "zlib License";
};
zpt20 = spdx { # FIXME: why zpt* instead of zpl*
shortName = "ZPL-2.0";
fullName = "Zope Public License 2.0";
url = "http://old.zope.org/Resources/License/ZPL-2.0";
};
zpt21 = {
shortName = "ZPT2.1";
zpt21 = spdx {
shortName = "ZPL-2.1";
fullName = "Zope Public License 2.1";
url = "http://old.zope.org/Resources/License/ZPL-2.1";
};
sleepycat = {
shortName = "Sleepycat";
fullName = "Sleepycat Public License";
url = "https://en.wikipedia.org/wiki/Sleepycat_License";
};
cecill-c = {
shortName = "CeCILL-C";
fullName = "CEA CNRS INRIA Logiciel Libre";
url = "http://www.cecill.info/licences.en.html";
};
msrla = {
shortName = "MSR-LA";
fullName = "Microsoft Research License Agreement";
url = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
};
inria = {
shortName = "INRIA-NCLA";
fullName = "INRIA Non-Commercial License Agreement";
url = "http://compcert.inria.fr/doc/LICENSE";
};
}

14
lib/maintainers.nix
View File

@ -6,6 +6,7 @@
_1126 = "Christian Lask <mail@elfsechsundzwanzig.de>";
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
ak = "Alexander Kjeldaas <ak@formalprivacy.com>";
akc = "Anders Claesson <akc@akc.is>";
algorith = "Dries Van Daele <dries_van_daele@telenet.be>";
all = "Nix Committers <nix-commits@lists.science.uu.nl>";
@ -25,27 +26,32 @@
bjornfor = "Bjørn Forsman <bjorn.forsman@gmail.com>";
bluescreen303 = "Mathijs Kwik <mathijs@bluescreen303.nl>";
bodil = "Bodil Stokke <nix@bodil.org>";
bosu = "Boris Sukholitko <boriss@gmail.com>";
calrama = "Moritz Maxeiner <moritz@ucworks.org>";
cfouche = "Chaddaï Fouché <chaddai.fouche@gmail.com>";
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
DamienCassou = "Damien Cassou <damien.cassou@gmail.com>";
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
emery = "Emery Hemingway <emery@vfemail.net>";
ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
falsifian = "James Cook <james.cook@utoronto.ca>";
flosse = "Markus Kohlhase <mail@markus-kohlhase.de>";
fuuzetsu = "Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>";
garbas = "Rok Garbas <rok@garbas.si>";
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
guibert = "David Guibert <david.guibert@gmail.com>";
hinton = "Tom Hinton <t@larkery.com>";
hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
iElectric = "Domen Kozar <domen@dev.si>";
iyzsong = "Song Wenwu <iyzsong@gmail.com>";
jcumming = "Jack Cummings <jack@mudshark.org>";
jgeerds = "Jascha Geerds <jg@ekby.de>";
joamaki = "Jussi Maki <joamaki@gmail.com>";
joelteon = "Joel Taylor <me@joelt.io>";
jwiegley = "John Wiegley <johnw@newartisans.com>";
@ -58,9 +64,11 @@
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
marcweber = "Marc Weber <marco-oweber@gmx.de>";
matejc = "Matej Cotman <cotman.matej@gmail.com>";
meisternu = "Matt Miemiec <meister@krutt.org>";
modulistic = "Pablo Costa <modulistic@gmail.com>";
mornfall = "Petr Ročkai <me@mornfall.net>";
msackman = "Matthew Sackman <matthew@wellquite.org>";
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
@ -74,6 +82,7 @@
qknight = "Joachim Schiele <js@lastlog.de>";
raskin = "Michael Raskin <7c6f434c@mail.ru>";
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
refnil = "Martin Lavoie <broemartino@gmail.com>";
relrod = "Ricky Elrod <ricky@elrod.me>";
rickynils = "Rickard Nilsson <rickynils@gmail.com>";
rob = "Rob Vermaas <rob.vermaas@gmail.com>";
@ -84,13 +93,16 @@
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
shlevy = "Shea Levy <shea@shealevy.com>";
simons = "Peter Simons <simons@cryp.to>";
skeidel = "Sven Keidel <svenkeidel@gmail.com>";
smironov = "Sergey Mironov <ierton@gmail.com>";
sprock = "Roger Mason <rmason@mun.ca>";
tailhook = "Paul Colomiets <paul@colomiets.name>";
thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
tv = "Tomislav Viljetić <tv@shackspace.de>";
urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
vbmithr = "Vincent Bernardoff <vb@luminar.eu.org>";
vcunat = "Vladimír Čunát <vcunat@gmail.com>";
@ -99,6 +111,8 @@
vlstill = "Vladimír Štill <xstill@fi.muni.cz>";
winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
wizeman = "Ricardo M. Correia <rcorreia@wizy.org>";
wjlroe = "William Roe <willroe@gmail.com>";
wkennington = "William A. Kennington III <william@wkennington.com>";
wmertens = "Wout Mertens <Wout.Mertens@gmail.com>";
z77z = "Marco Maggesi <maggesi@math.unifi.it>";
zef = "Zef Hemel <zef@zef.me>";

2
lib/modules.nix
View File

@ -194,7 +194,7 @@ rec {
is transformed into
[ { boot = set1; } { boot = mkIf cond set2; services mkIf cond set3; } ].
[ { boot = set1; } { boot = mkIf cond set2; services = mkIf cond set3; } ].
This transform is the critical step that allows mkIf conditions
to refer to the full configuration without creating an infinite

2
lib/platforms.nix
View File

@ -11,6 +11,6 @@ rec {
unix = linux ++ darwin ++ freebsd ++ openbsd;
all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd;
none = [];
allBut = platform: lists.filter (x: platform != x) all;
allBut = platforms: lists.filter (x: !(builtins.elem x platforms)) all;
mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux"];
}

146
maintainers/scripts/sort-attrs.str
View File

@ -1,146 +0,0 @@
/* Tool to sort attribute sets. Primarily useful for keeping
all-packages.nix tidy.
To compile:
$ strc -i ../../maintainers/scripts/sort-attrs.str -la stratego-lib
Typical invocation:
$ sglr -m -p ~/Dev/nix/src/libexpr/nix.tbl -i all-packages.nix \
| implode-asfix --lex \
| ../../maintainers/scripts/sort-attrs \
| asfix-yield
*/
module sort-attrs
imports
libstratego-lib
libstratego-sglr
strategies
no-wsp = !appl(prod([], cf(opt(layout())), no-attrs()), [])
rules
list-sep(s): [] -> []
list-sep(s): [x | xs] -> [[x | before] | <list-sep(s)> [split | after]]
where
<split-fetch-keep(s)> xs => (before, split, after)
list-sep(s): [x | xs] -> [[x | xs]]
where
<not(split-fetch-keep(s))> xs
list-sep-end(s): xs -> [<conc> (before, [split]) | <list-sep-end(s)> after]
where
<split-fetch-keep(s)> xs => (before, split, after)
list-sep-end(s): xs -> [xs]
where
<not(split-fetch-keep(s))> xs
sort-attrs:
appl(p@prod(_, _, attrs([term(cons("Attrs"))])),
[ lit("{")
, ws1
, appl(p2@list(cf(iter-star(sort("Bind")))), attrs)
, ws2
, lit("}")
]
) ->
appl(p, [lit("{"), <no-wsp>, appl(p2, <concat> attrs'), ws2, lit("}")])
where
<debug> "found it";
<attach-wsp> [ws1 | attrs] => withWSP;
<list-sep(starts-section)> withWSP => groups;
<length; debug> groups;
<map({x', x'', x''', xs', starts, starts': \[x | xs] -> [x''' | xs']
where
<remove-section-start> x => (x', starts);
<map(regularise-empty-lines); if !starts; debug; sortable-section; debug then qsort(compare-attrs) else id end> [x' | xs] => [x'' | xs'];
<[] <+ \x -> ["\n\n\n" | x]\ > starts => starts';
<prepend-layout> (starts', x'') => x'''
\ })> groups => attrs';
<debug> "did it"
attach-wsp: [a, b | cs] -> [(a, b) | <attach-wsp> cs]
attach-wsp: [] -> []
strategies
starts-section =
?x@(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr);
<implode-string; is-substring(!"###")> cs;
!x
rules
sortable-section = ?[s]; !s; explode-string; not(fetch({x: ?x; !(x, 97); geq}))
remove-section-start:
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr) ->
((appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs'), attr), starts)
where
!cs;
list-sep-end(?10); // separate into lines, keeping the \n
map(implode-string);
partition(where(is-substring(!"###"))) => (starts, rest);
<map(explode-string); concat> rest => cs'
regularise-empty-lines:
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr) ->
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs''), attr)
where
// separate into lines, keeping the \n
// last whitespace is significant, keep
<list-sep-end(?10); split-init-last> cs => (init, last);
<regularise-empty-lines'> init => cs'; // remove whitespace-only lines
<concat> [<explode-string> "\n\n", <concat> cs', last] => cs'' // add one empty line
/* Dirty hack: *do* keep the first empty line following a non-empty line. !!! order matters */
regularise-empty-lines': [] -> []
regularise-empty-lines': [x, y | xs] -> [x, y | <regularise-empty-lines'> xs]
where
<fetch-elem(not(?10 <+ ?32))> x;
<not(fetch-elem(not(?10 <+ ?32)))> y
regularise-empty-lines': [x | xs] -> [x | <regularise-empty-lines'> xs]
where <fetch-elem(not(?10 <+ ?32))> x
regularise-empty-lines': [x | xs] -> <regularise-empty-lines'> xs
where <not(fetch-elem(not(?10 <+ ?32)))> x
prepend-layout:
(text, (appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr)) ->
(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs''), attr)
where
<implode-string> cs => cs';
<conc-strings; explode-string> (<concat-strings> text, cs') => cs''
compare-attrs:
x@
( (_, appl(p1@prod(_, _, attrs([term(cons("Bind"))])), [id1 | xs1]))
, (_, appl(p2@prod(_, _, attrs([term(cons("Bind"))])), [id2 | xs2]))
)
-> x
where
<string-lt> (id1, id2)
strategies
main = io-wrap(
oncetd(sort-attrs)
)

12
nixos/doc/manual/README Normal file
View File

@ -0,0 +1,12 @@
To build the manual, you need Nix installed on your system (no need
for NixOS). To install Nix, follow the instructions at
https://nixos.org/nix/download.html
When you have Nix on your system, in the root directory of the project
(i.e., `nixpkgs`), run:
nix-build nixos/release.nix -A manual.x86_64-linux
When this command successfully finishes, it will tell you where the
manual got generated.

46
nixos/doc/manual/configuration.xml
View File

@ -1036,21 +1036,22 @@ users.extraUsers.alice =
{ createHome = true;
home = "/home/alice";
description = "Alice Foobar";
extraGroups = [ "wheel" ];
extraGroups = [ "wheel" "networkmanager" ];
useDefaultShell = true;
openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
};
</programlisting>
Note that <literal>alice</literal> is a member of the
<literal>wheel</literal> group, which allows her to use
<command>sudo</command> to execute commands as
<literal>root</literal>. Also note the SSH public key that allows
remote logins with the corresponding private key. Users created in
this way do not have a password by default, so they cannot log in via
mechanisms that require a password. However, you can use the
<command>passwd</command> program to set a password, which is retained
across invocations of <command>nixos-rebuild</command>.</para>
<literal>wheel</literal> and <literal>networkmanager</literal> groups,
which allows her to use <command>sudo</command> to execute commands as
<literal>root</literal> and to configure the network, respectively.
Also note the SSH public key that allows remote logins with the
corresponding private key. Users created in this way do not have a
password by default, so they cannot log in via mechanisms that require
a password. However, you can use the <command>passwd</command> program
to set a password, which is retained across invocations of
<command>nixos-rebuild</command>.</para>
<para>A user ID (uid) is assigned automatically. You can also specify
a uid manually by adding
@ -1277,6 +1278,28 @@ services.xserver.synaptics.twoFingerScroll = true;
<section xml:id="sec-networking"><title>Networking</title>
<section xml:id="sec-networkmanager"><title>NetworkManager</title>
<para>To facilitate network configuration, some desktop environments
use NetworkManager. You can enable NetworkManager by setting:
<programlisting>
services.networkmanager.enable = true;
</programlisting>
Some desktop managers (e.g., GNOME) enable NetworkManager
automatically for you.</para>
<para>All users that should have permission to change network settings
must belong to the <code>networkmanager</code> group.</para>
<note><para><code>services.networkmanager</code> and
<code>services.wireless</code> can not be enabled at the same time:
you can still connect to the wireless networks using
NetworkManager.</para></note>
</section>
<section xml:id="sec-ssh"><title>Secure shell access</title>
<para>Secure shell (SSH) access to your machine can be enabled by
@ -1399,6 +1422,11 @@ always allowed.)</para>
<section xml:id="sec-wireless"><title>Wireless networks</title>
<para>For a desktop installation using NetworkManager (e.g., GNOME),
you just have to make sure the user is in the
<code>networkmanager</code> group and you can skip the rest of this
section on wireless networks.</para>
<para>
NixOS will start wpa_supplicant for you if you enable this setting:

51
nixos/doc/manual/default.nix
View File

@ -1,5 +1,6 @@
{ pkgs, options, version, revision }:
with pkgs;
with pkgs.lib;
let
@ -22,7 +23,7 @@ let
optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML options''));
optionsDocBook = pkgs.runCommand "options-db.xml" {} ''
optionsDocBook = runCommand "options-db.xml" {} ''
if grep /nixpkgs/nixos/modules ${optionsXML}; then
echo "The manual appears to depend on the location of Nixpkgs, which is bad"
echo "since this prevents sharing via the NixOS channel. This is typically"
@ -30,7 +31,7 @@ let
echo "for hints about the offending path)."
exit 1
fi
${pkgs.libxslt}/bin/xsltproc \
${libxslt}/bin/xsltproc \
--stringparam revision '${revision}' \
-o $out ${./options-to-docbook.xsl} ${optionsXML}
'';
@ -38,12 +39,12 @@ let
in rec {
# Generate the NixOS manual.
manual = pkgs.stdenv.mkDerivation {
manual = stdenv.mkDerivation {
name = "nixos-manual";
sources = sourceFilesBySuffices ./. [".xml"];
buildInputs = [ pkgs.libxml2 pkgs.libxslt ];
buildInputs = [ libxml2 libxslt ];
xsltFlags = ''
--param section.autolabel 1
@ -62,19 +63,19 @@ in rec {
# Check the validity of the manual sources.
xmllint --noout --nonet --xinclude --noxincludenode \
--relaxng ${pkgs.docbook5}/xml/rng/docbook/docbook.rng \
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
manual.xml
# Generate the HTML manual.
dst=$out/share/doc/nixos
ensureDir $dst
mkdir -p $dst
xsltproc $xsltFlags --nonet --xinclude \
--output $dst/manual.html \
${pkgs.docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
${docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
./manual.xml
mkdir -p $dst/images/callouts
cp ${pkgs.docbook5_xsl}/xml/xsl/docbook/images/callouts/*.gif $dst/images/callouts/
cp ${docbook5_xsl}/xml/xsl/docbook/images/callouts/*.gif $dst/images/callouts/
cp ${./style.css} $dst/style.css
@ -86,13 +87,39 @@ in rec {
meta.description = "The NixOS manual in HTML format";
};
manualPDF = stdenv.mkDerivation {
name = "nixos-manual-pdf";
sources = sourceFilesBySuffices ./. [".xml"];
buildInputs = [ libxml2 libxslt dblatex tetex ];
buildCommand = ''
# TeX needs a writable font cache.
export VARTEXFONTS=$TMPDIR/texfonts
ln -s $sources/*.xml . # */
ln -s ${optionsDocBook} options-db.xml
echo "${version}" > version
dst=$out/share/doc/nixos
mkdir -p $dst
xmllint --xinclude manual.xml | dblatex -o $dst/manual.pdf - \
-P doc.collab.show=0 \
-P latex.output.revhistory=0
mkdir -p $out/nix-support
echo "doc-pdf manual $dst/manual.pdf" >> $out/nix-support/hydra-build-products
''; # */
};
# Generate the NixOS manpages.
manpages = pkgs.stdenv.mkDerivation {
manpages = stdenv.mkDerivation {
name = "nixos-manpages";
sources = sourceFilesBySuffices ./. [".xml"];
buildInputs = [ pkgs.libxml2 pkgs.libxslt ];
buildInputs = [ libxml2 libxslt ];
buildCommand = ''
ln -s $sources/*.xml . # */
@ -100,7 +127,7 @@ in rec {
# Check the validity of the manual sources.
xmllint --noout --nonet --xinclude --noxincludenode \
--relaxng ${pkgs.docbook5}/xml/rng/docbook/docbook.rng \
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
./man-pages.xml
# Generate manpages.
@ -109,7 +136,7 @@ in rec {
--param man.output.in.separate.dir 1 \
--param man.output.base.dir "'$out/share/man/'" \
--param man.endnotes.are.numbered 0 \
${pkgs.docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
./man-pages.xml
'';
};

10
nixos/doc/manual/installation.xml
View File

@ -320,7 +320,10 @@ changes:
<itemizedlist>
<listitem>
<para>You should boot the live CD in UEFI mode (consult your
specific hardware's documentation for instructions).</para>
specific hardware's documentation for instructions). You may find
the <link
xlink:href="http://www.rodsbooks.com/refind">rEFInd
boot manager</link> useful.</para>
</listitem>
<listitem>
<para>Instead of <command>fdisk</command>, you should use
@ -335,6 +338,11 @@ changes:
should do this automatically for new configurations when booted in
UEFI mode.</para>
</listitem>
<listitem>
<para>After having mounted your installation partition to
<code>/mnt</code>, you must mount the <code>boot</code> partition
to <code>/mnt/boot</code>.</para>
</listitem>
<listitem>
<para>You may want to look at the options starting with
<option>boot.loader.efi</option> and <option>boot.loader.gummiboot</option>

19
nixos/doc/manual/manual.xml
View File

@ -7,25 +7,6 @@
<title>NixOS Manual</title>
<subtitle>Version <xi:include href="version" parse="text" /></subtitle>
<author>
<personname>
<firstname>Eelco</firstname>
<surname>Dolstra</surname>
</personname>
</author>
<author>
<personname>
<firstname>Nicolas</firstname>
<surname>Pierron</surname>
</personname>
</author>
<copyright>
<year>2007-2013</year>
<holder>Eelco Dolstra</holder>
</copyright>
</info>

6
nixos/doc/manual/options-to-docbook.xsl
View File

@ -202,4 +202,10 @@
</simplelist>
</xsl:template>
<xsl:template match="function">
<xsl:text>λ</xsl:text>
</xsl:template>
</xsl:stylesheet>

4
nixos/lib/make-iso9660-image.sh
View File

@ -78,7 +78,7 @@ done
cat pathlist | sed -e 's/=\(.*\)=\(.*\)=/\\=\1=\2\\=/' | tee pathlist.safer
ensureDir $out/iso
mkdir -p $out/iso
genCommand="genisoimage -iso-level 4 -r -J $bootFlags -hide-rr-moved -graft-points -path-list pathlist.safer ${volumeID:+-V $volumeID}"
if test -z "$compressImage"; then
$genCommand -o $out/iso/$isoName
@ -87,5 +87,5 @@ else
fi
ensureDir $out/nix-support
mkdir -p $out/nix-support
echo $system > $out/nix-support/system

4
nixos/lib/make-system-tarball.sh
View File

@ -48,11 +48,11 @@ for ((n = 0; n < ${#objects[*]}; n++)); do
fi
done
ensureDir $out/tarball
mkdir -p $out/tarball
tar cvJf $out/tarball/$fileName.tar.xz *
ensureDir $out/nix-support
mkdir -p $out/nix-support
echo $system > $out/nix-support/system
echo "file system-tarball $out/tarball/$fileName.tar.xz" > $out/nix-support/hydra-build-products

4
nixos/lib/test-driver/log2html.xsl
View File

@ -9,8 +9,8 @@
<xsl:template match="logfile">
<html>
<head>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js"></script>
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js"></script>
<script type="text/javascript" src="treebits.js" />
<link rel="stylesheet" href="logfile.css" type="text/css" />
<title>Log File</title>

10
nixos/lib/testing.nix
View File

@ -37,7 +37,7 @@ rec {
# `driver' is the script that runs the network.
runTests = driver:
stdenv.mkDerivation {
name = "vm-test-run";
name = "vm-test-run-${driver.testName}";
requiredSystemFeatures = [ "kvm" "nixos-test" ];
@ -68,9 +68,10 @@ rec {
makeTest =
{ testScript, makeCoverageReport ? false, ... } @ t:
{ testScript, makeCoverageReport ? false, name ? "unnamed", ... } @ t:
let
testDriverName = "nixos-test-driver-${name}";
nodes = buildVirtualNetwork (
t.nodes or (if t ? machine then { machine = t.machine; } else { }));
@ -88,10 +89,11 @@ rec {
# Generate onvenience wrappers for running the test driver
# interactively with the specified network, and for starting the
# VMs from the command line.
driver = runCommand "nixos-test-driver"
driver = runCommand testDriverName
{ buildInputs = [ makeWrapper];
testScript = testScript';
preferLocalBuild = true;
testName = name;
}
''
mkdir -p $out/bin
@ -115,7 +117,7 @@ rec {
report = releaseTools.gcovReport { coverageRuns = [ test ]; };
in (if makeCoverageReport then report else test) // { inherit driver test; };
in (if makeCoverageReport then report else test) // { inherit nodes driver test; };
runInMachine =

6
nixos/modules/config/ldap.nix
View File

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
with pkgs;
with lib;
let
@ -217,9 +217,7 @@ in
systemd.services = mkIf cfg.daemon.enable {
nslcd = {
wantedBy = [ "nss-user-lookup.target" ];
before = [ "nss-user-lookup.target" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p /run/nslcd

4
nixos/modules/config/networking.nix
View File

@ -14,7 +14,7 @@ in
options = {
networking.extraHosts = pkgs.lib.mkOption {
networking.extraHosts = lib.mkOption {
type = types.lines;
default = "";
example = "192.168.0.1 lanlocalhost";
@ -23,7 +23,7 @@ in
'';
};
networking.dnsSingleRequest = pkgs.lib.mkOption {
networking.dnsSingleRequest = lib.mkOption {
type = types.bool;
default = false;
description = ''

12
nixos/modules/config/pulseaudio.nix
View File

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
with pkgs;
with lib;
let
@ -80,12 +80,12 @@ in {
package = mkOption {
type = types.package;
default = pulseaudio;
example = literalExample "pulseaudio.override { jackaudioSupport = true; }";
default = pulseaudioFull;
example = literalExample "pulseaudioFull";
description = ''
The PulseAudio derivation to use. This can be used to enable
features (such as JACK support) that are not enabled in the
default PulseAudio in Nixpkgs.
The PulseAudio derivation to use. This can be used to disable
features (such as JACK support, Bluetooth) that are enabled in the
pulseaudioFull package in Nixpkgs.
'';
};

2
nixos/modules/config/swap.nix
View File

@ -1,7 +1,7 @@
{ config, lib, pkgs, utils, ... }:
with lib;
with utils;
with lib;
{

8
nixos/modules/config/sysctl.nix
View File

@ -6,8 +6,12 @@ let
sysctlOption = mkOptionType {
name = "sysctl option value";
check = x: isBool x || isString x || isInt x || isNull x;
merge = args: defs: (last defs).value; # FIXME: hacky way to allow overriding in configuration.nix.
check = val:
let
checkType = x: isBool x || isString x || isInt x || isNull x;
in
checkType val || (val._type or "" == "override" && checkType val.content);
merge = loc: defs: mergeOneOption loc (filterOverrides defs);
};
in

1
nixos/modules/config/system-path.nix
View File

@ -110,6 +110,7 @@ in
"/man"
"/sbin"
"/share/emacs"
"/share/vim-plugins"
"/share/org"
"/share/info"
"/share/terminfo"

2
nixos/modules/config/unix-odbc-drivers.nix
View File

@ -27,7 +27,7 @@ with lib;
environment.etc."odbcinst.ini".text =
let inis = config.environment.unixODBCDrivers;
in pkgs.lib.concatStringsSep "\n" inis;
in lib.concatStringsSep "\n" inis;
};

8
nixos/modules/hardware/network/intel-2100bg.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
@ -6,9 +6,9 @@
options = {
networking.enableIntel2100BGFirmware = pkgs.lib.mkOption {
networking.enableIntel2100BGFirmware = lib.mkOption {
default = false;
type = pkgs.lib.types.bool;
type = lib.types.bool;
description = ''
Turn on this option if you want firmware for the Intel
PRO/Wireless 2100BG to be loaded automatically. This is
@ -21,7 +21,7 @@
###### implementation
config = pkgs.lib.mkIf config.networking.enableIntel2100BGFirmware {
config = lib.mkIf config.networking.enableIntel2100BGFirmware {
hardware.enableAllFirmware = true;

8
nixos/modules/hardware/network/intel-2200bg.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
@ -6,9 +6,9 @@
options = {
networking.enableIntel2200BGFirmware = pkgs.lib.mkOption {
networking.enableIntel2200BGFirmware = lib.mkOption {
default = false;
type = pkgs.lib.types.bool;
type = lib.types.bool;
description = ''
Turn on this option if you want firmware for the Intel
PRO/Wireless 2200BG to be loaded automatically. This is
@ -21,7 +21,7 @@
###### implementation
config = pkgs.lib.mkIf config.networking.enableIntel2200BGFirmware {
config = lib.mkIf config.networking.enableIntel2200BGFirmware {
hardware.enableAllFirmware = true;

8
nixos/modules/hardware/network/intel-3945abg.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
@ -6,9 +6,9 @@
options = {
networking.enableIntel3945ABGFirmware = pkgs.lib.mkOption {
networking.enableIntel3945ABGFirmware = lib.mkOption {
default = false;
type = pkgs.lib.types.bool;
type = lib.types.bool;
description = ''
This option enables automatic loading of the firmware for the Intel
PRO/Wireless 3945ABG.
@ -20,7 +20,7 @@
###### implementation
config = pkgs.lib.mkIf config.networking.enableIntel3945ABGFirmware {
config = lib.mkIf config.networking.enableIntel3945ABGFirmware {
hardware.enableAllFirmware = true;

8
nixos/modules/hardware/network/ralink.nix
View File

@ -1,4 +1,4 @@
{pkgs, config, ...}:
{pkgs, config, lib, ...}:
{
@ -6,9 +6,9 @@
options = {
networking.enableRalinkFirmware = pkgs.lib.mkOption {
networking.enableRalinkFirmware = lib.mkOption {
default = false;
type = pkgs.lib.types.bool;
type = lib.types.bool;
description = ''
Turn on this option if you want firmware for the RT73 NIC.
'';
@ -19,7 +19,7 @@
###### implementation
config = pkgs.lib.mkIf config.networking.enableRalinkFirmware {
config = lib.mkIf config.networking.enableRalinkFirmware {
hardware.enableAllFirmware = true;
};

8
nixos/modules/hardware/network/rtl8192c.nix
View File

@ -1,4 +1,4 @@
{pkgs, config, ...}:
{pkgs, config, lib, ...}:
{
@ -6,9 +6,9 @@
options = {
networking.enableRTL8192cFirmware = pkgs.lib.mkOption {
networking.enableRTL8192cFirmware = lib.mkOption {
default = false;
type = pkgs.lib.types.bool;
type = lib.types.bool;
description = ''
Turn on this option if you want firmware for the RTL8192c (and related) NICs.
'';
@ -19,7 +19,7 @@
###### implementation
config = pkgs.lib.mkIf config.networking.enableRTL8192cFirmware {
config = lib.mkIf config.networking.enableRTL8192cFirmware {
hardware.enableAllFirmware = true;
};

4
nixos/modules/hardware/network/smc-2632w/default.nix
View File

@ -1,9 +1,9 @@
{pkgs, config, ...}:
{lib, config, ...}:
{
hardware = {
pcmcia = {
firmware = [ (pkgs.lib.cleanSource ./firmware) ];
firmware = [ (lib.cleanSource ./firmware) ];
};
};
}

2
nixos/modules/hardware/opengl.nix
View File

@ -84,7 +84,7 @@ in
config = mkIf cfg.enable {
assertions = pkgs.lib.singleton {
assertions = lib.singleton {
assertion = cfg.driSupport32Bit -> pkgs.stdenv.isx86_64;
message = "Option driSupport32Bit only makes sense on a 64-bit system.";
};

22
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -179,7 +179,6 @@ in
fileSystems."/" =
{ fsType = "tmpfs";
device = "none";
options = "mode=0755";
};
@ -192,6 +191,8 @@ in
noCheck = true;
};
# In stage 1, mount a tmpfs on top of /nix/store (the squashfs
# image) to make this a live CD.
fileSystems."/nix/.ro-store" =
{ fsType = "squashfs";
device = "/iso/nix-store.squashfs";
@ -201,23 +202,20 @@ in
fileSystems."/nix/.rw-store" =
{ fsType = "tmpfs";
device = "none";
options = "mode=0755";
neededForBoot = true;
};
fileSystems."/nix/store" =
{ fsType = "unionfs-fuse";
device = "unionfs";
options = "allow_other,cow,nonempty,chroot=/mnt-root,max_files=32768,hide_meta_files,dirs=/nix/.rw-store=rw:/nix/.ro-store=ro";
};
boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ];
boot.initrd.kernelModules = [ "loop" ];
# In stage 1, mount a tmpfs on top of /nix/store (the squashfs
# image) to make this a live CD.
boot.initrd.postMountCommands =
''
mkdir -p $targetRoot/nix/store
unionfs -o allow_other,cow,nonempty,chroot=$targetRoot,max_files=32768 /nix/.rw-store=RW:/nix/.ro-store=RO $targetRoot/nix/store
'';
# Closures to be copied to the Nix store on the CD, namely the init
# script and the top-level system configuration directory.
isoImage.storeContents =
@ -313,8 +311,8 @@ in
'';
# Add vfat support to the initrd to enable people to copy the
# contents of the CD to a bootable USB stick. Need unionfs-fuse for union mounts
boot.initrd.supportedFilesystems = [ "vfat" "unionfs-fuse" ];
# contents of the CD to a bootable USB stick.
boot.initrd.supportedFilesystems = [ "vfat" ];
};

2
nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
View File

@ -152,7 +152,7 @@ in
# default root password is empty.
services.openssh.enable = true;
jobs.openssh.startOn = pkgs.lib.mkOverride 50 "";
jobs.openssh.startOn = lib.mkOverride 50 "";
boot.loader.grub.enable = false;
boot.loader.generationsDir.enable = false;

2
nixos/modules/installer/cd-dvd/system-tarball-pc.nix
View File

@ -109,7 +109,7 @@ in
# not be started by default on the installation CD because the
# default root password is empty.
services.openssh.enable = true;
jobs.openssh.startOn = pkgs.lib.mkOverride 50 "";
jobs.openssh.startOn = lib.mkOverride 50 "";
# To be able to use the systemTarball to catch troubles.
boot.crashDump = {

2
nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View File

@ -165,7 +165,7 @@ in
# not be started by default on the installation CD because the
# default root password is empty.
services.openssh.enable = true;
jobs.openssh.startOn = pkgs.lib.mkOverride 50 "";
jobs.openssh.startOn = lib.mkOverride 50 "";
# cpufrequtils fails to build on non-pc
powerManagement.enable = false;

10
nixos/modules/installer/tools/nixos-rebuild.sh
View File

@ -97,6 +97,16 @@ if [ -n "$upgrade" -a -z "$_NIXOS_REBUILD_REEXEC" ]; then
nix-channel --update nixos
fi
# Make sure that we use the Nix package we depend on, not something
# else from the PATH for nix-{env,instantiate,build}. This is
# important, because NixOS defaults the architecture of the rebuilt
# system to the architecture of the nix-* binaries used. So if on an
# amd64 system the user has an i686 Nix package in her PATH, then we
# would silently downgrade the whole system to be i686 NixOS on the
# next reboot.
if [ -z "$_NIXOS_REBUILD_REEXEC" ]; then
export PATH=@nix@/bin:$PATH
fi
# Re-execute nixos-rebuild from the Nixpkgs tree.
if [ -z "$_NIXOS_REBUILD_REEXEC" -a -n "$canRun" ]; then

5
nixos/modules/installer/tools/tools.nix
View File

@ -1,7 +1,7 @@
# This module generates nixos-install, nixos-rebuild,
# nixos-generate-config, etc.
{ config, pkgs, modulesPath, ... }:
{ config, pkgs, modulesPath, lib, ... }:
let
@ -32,6 +32,7 @@ let
nixos-rebuild = makeProg {
name = "nixos-rebuild";
src = ./nixos-rebuild.sh;
nix = config.nix.package;
};
nixos-generate-config = makeProg {
@ -64,7 +65,7 @@ let
test -e "$out/chrome/content/jquery-1.5.2.js" ||
cp -f "$jquery" "$out/chrome/content/jquery-1.5.2.js"
'';
gui = pkgs.lib.cleanSource "${modulesPath}/../gui";
gui = lib.cleanSource "${modulesPath}/../gui";
jquery = pkgs.fetchurl {
url = http://code.jquery.com/jquery-1.5.2.min.js;
sha256 = "8f0a19ee8c606b35a10904951e0a27da1896eafe33c6e88cb7bcbe455f05a24a";

19
nixos/modules/misc/ids.nix
View File

@ -1,19 +1,19 @@
# This module defines the global list of uids and gids. We keep a
# central list to prevent id collisions.
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
options = {
ids.uids = pkgs.lib.mkOption {
ids.uids = lib.mkOption {
internal = true;
description = ''
The user IDs used in NixOS.
'';
};
ids.gids = pkgs.lib.mkOption {
ids.gids = lib.mkOption {
internal = true;
description = ''
The group IDs used in NixOS.
@ -134,6 +134,12 @@
teamspeak = 124;
influxdb = 125;
nsd = 126;
gitolite = 127;
znc = 128;
polipo = 129;
mopidy = 130;
unifi = 131;
gdm = 132;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -242,6 +248,13 @@
teamspeak = 124;
influxdb = 125;
nsd = 126;
firebird = 127;
znc = 128;
polipo = 129;
mopidy = 130;
docker = 131;
gdm = 132;
tss = 133;
# When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399!

6
nixos/modules/misc/lib.nix
View File

@ -1,11 +1,11 @@
{ config, pkgs, ... }:
{ config, lib, ... }:
{
options = {
lib = pkgs.lib.mkOption {
lib = lib.mkOption {
default = {};
type = pkgs.lib.types.attrsOf pkgs.lib.types.attrs;
type = lib.types.attrsOf lib.types.attrs;
description = ''
This option allows modules to define helper functions, constants, etc.

39
nixos/modules/misc/locate.nix
View File

@ -3,12 +3,8 @@
with lib;
let
locatedb = "/var/cache/locatedb";
in
{
cfg = config.services.locate;
in {
###### interface
@ -35,6 +31,31 @@ in
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
Extra flags to append to <command>updatedb</command>.
'';
};
output = mkOption {
type = types.path;
default = /var/cache/locatedb;
description = ''
The database file to build.
'';
};
localuser = mkOption {
type = types.str;
default = "nobody";
description = ''
The user to search non-network directories as, using
<command>su</command>.
'';
};
};
};
@ -48,8 +69,10 @@ in
path = [ pkgs.su ];
script =
''
mkdir -m 0755 -p $(dirname ${locatedb})
exec updatedb --localuser=nobody --output=${locatedb} --prunepaths='/tmp /var/tmp /media /run'
mkdir -m 0755 -p $(dirname ${toString cfg.output})
exec updatedb \
--localuser=${cfg.localuser} \
--output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
'';
serviceConfig.Nice = 19;
serviceConfig.IOSchedulingClass = "idle";

4
nixos/modules/misc/passthru.nix
View File

@ -1,11 +1,11 @@
# This module allows you to export something from configuration
# Use case: export kernel source expression for ease of configuring
{ config, pkgs, ... }:
{ config, lib, ... }:
{
options = {
passthru = pkgs.lib.mkOption {
passthru = lib.mkOption {
visible = false;
description = ''
This attribute set will be exported as a system attribute.

61
nixos/modules/module-list.nix
View File

@ -14,17 +14,17 @@
./config/power-management.nix
./config/pulseaudio.nix
./config/shells-environment.nix
./config/system-environment.nix
./config/swap.nix
./config/sysctl.nix
./config/system-environment.nix
./config/system-path.nix
./config/timezone.nix
./config/unix-odbc-drivers.nix
./config/users-groups.nix
./config/zram.nix
./hardware/all-firmware.nix
./hardware/cpu/intel-microcode.nix
./hardware/cpu/amd-microcode.nix
./hardware/cpu/intel-microcode.nix
./hardware/network/b43.nix
./hardware/network/intel-2100bg.nix
./hardware/network/intel-2200bg.nix
@ -50,8 +50,10 @@
./programs/bash/bash.nix
./programs/bash/command-not-found.nix
./programs/blcr.nix
./programs/dconf.nix
./programs/environment.nix
./programs/info.nix
./programs/screen.nix
./programs/shadow.nix
./programs/shell.nix
./programs/ssh.nix
@ -59,7 +61,6 @@
./programs/venus.nix
./programs/wvdial.nix
./programs/zsh/zsh.nix
./programs/screen.nix
./rename.nix
./security/apparmor.nix
./security/apparmor-suid.nix
@ -79,6 +80,7 @@
./services/audio/alsa.nix
./services/audio/fuppes.nix
./services/audio/mpd.nix
./services/audio/mopidy.nix
./services/backup/almir.nix
./services/backup/bacula.nix
./services/backup/mysql-backup.nix
@ -92,15 +94,15 @@
./services/databases/4store.nix
./services/databases/couchdb.nix
./services/databases/firebird.nix
./services/databases/influxdb.nix
./services/databases/memcached.nix
./services/databases/monetdb.nix
./services/databases/mongodb.nix
./services/databases/redis.nix
./services/databases/mysql.nix
./services/databases/openldap.nix
./services/databases/postgresql.nix
./services/databases/redis.nix
./services/databases/virtuoso.nix
./services/databases/monetdb.nix
./services/databases/influxdb.nix
./services/desktops/accountsservice.nix
./services/desktops/geoclue2.nix
./services/desktops/gnome3/at-spi2-core.nix
@ -124,16 +126,18 @@
./services/hardware/pcscd.nix
./services/hardware/pommed.nix
./services/hardware/sane.nix
./services/hardware/tcsd.nix
./services/hardware/thinkfan.nix
./services/hardware/udev.nix
./services/hardware/udisks2.nix
./services/hardware/upower.nix
./services/hardware/thinkfan.nix
./services/logging/klogd.nix
./services/logging/logcheck.nix
./services/logging/logrotate.nix
./services/logging/logstash.nix
./services/logging/syslogd.nix
./services/logging/rsyslogd.nix
./services/logging/syslogd.nix
./services/logging/syslog-ng.nix
./services/mail/dovecot.nix
./services/mail/freepops.nix
./services/mail/mail.nix
@ -146,11 +150,12 @@
./services/misc/disnix.nix
./services/misc/felix.nix
./services/misc/folding-at-home.nix
./services/misc/gitolite.nix
./services/misc/gpsd.nix
./services/misc/nix-daemon.nix
./services/misc/nix-gc.nix
./services/misc/nix-ssh-serve.nix
./services/misc/nixos-manual.nix
./services/misc/nix-ssh-serve.nix
./services/misc/rippled.nix
./services/misc/rogue.nix
./services/misc/svnserve.nix
@ -178,24 +183,23 @@
./services/networking/bind.nix
./services/networking/bitlbee.nix
./services/networking/btsync.nix
./services/networking/cjdns.nix
./services/networking/connman.nix
./services/networking/cntlm.nix
./services/networking/chrony.nix
./services/networking/cjdns.nix
./services/networking/cntlm.nix
./services/networking/connman.nix
./services/networking/ddclient.nix
./services/networking/dhcpcd.nix
./services/networking/dhcpd.nix
./services/networking/dnsmasq.nix
./services/networking/ejabberd.nix
./services/networking/firewall.nix
./services/networking/haproxy.nix
./services/networking/tcpcrypt.nix
./services/networking/flashpolicyd.nix
./services/networking/freenet.nix
./services/networking/git-daemon.nix
./services/networking/gnunet.nix
./services/networking/gogoclient.nix
./services/networking/gvpe.nix
./services/networking/haproxy.nix
./services/networking/hostapd.nix
./services/networking/ifplugd.nix
./services/networking/iodined.nix
@ -213,28 +217,33 @@
./services/networking/oidentd.nix
./services/networking/openfire.nix
./services/networking/openvpn.nix
./services/networking/polipo.nix
./services/networking/prayer.nix
./services/networking/privoxy.nix
./services/networking/quassel.nix
./services/networking/radicale.nix
./services/networking/radvd.nix
./services/networking/rdnssd.nix
./services/networking/rpcbind.nix
./services/networking/sabnzbd.nix
./services/networking/searx.nix
./services/networking/spiped.nix
./services/networking/supybot.nix
./services/networking/syncthing.nix
./services/networking/ssh/lshd.nix
./services/networking/ssh/sshd.nix
./services/networking/supybot.nix
./services/networking/syncthing.nix
./services/networking/tcpcrypt.nix
./services/networking/teamspeak3.nix
./services/networking/tftpd.nix
./services/networking/unbound.nix
./services/networking/unifi.nix
./services/networking/vsftpd.nix
./services/networking/wakeonlan.nix
./services/networking/websockify.nix
./services/networking/wicd.nix
./services/networking/wpa_supplicant.nix
./services/networking/xinetd.nix
./services/networking/znc.nix
./services/printing/cupsd.nix
./services/scheduling/atd.nix
./services/scheduling/cron.nix
@ -242,11 +251,11 @@
./services/search/elasticsearch.nix
./services/search/solr.nix
./services/security/clamav.nix
./services/security/haveged.nix
./services/security/fprot.nix
./services/security/frandom.nix
./services/security/tor.nix
./services/security/haveged.nix
./services/security/torify.nix
./services/security/tor.nix
./services/security/torsocks.nix
./services/system/dbus.nix
./services/system/kerberos.nix
@ -254,14 +263,14 @@
./services/system/uptimed.nix
./services/torrent/deluge.nix
./services/torrent/transmission.nix
./services/ttys/gpm.nix
./services/ttys/agetty.nix
./services/ttys/gpm.nix
./services/ttys/kmscon.nix
./services/web-servers/apache-httpd/default.nix
./services/web-servers/fcgiwrap.nix
./services/web-servers/jboss/default.nix
./services/web-servers/lighttpd/default.nix
./services/web-servers/lighttpd/cgit.nix
./services/web-servers/lighttpd/default.nix
./services/web-servers/lighttpd/gitweb.nix
./services/web-servers/nginx/default.nix
./services/web-servers/phpfpm.nix
@ -272,26 +281,29 @@
./services/x11/desktop-managers/default.nix
./services/x11/display-managers/auto.nix
./services/x11/display-managers/default.nix
./services/x11/display-managers/gdm.nix
./services/x11/display-managers/kdm.nix
./services/x11/display-managers/slim.nix
./services/x11/display-managers/lightdm.nix
./services/x11/display-managers/slim.nix
./services/x11/hardware/multitouch.nix
./services/x11/hardware/synaptics.nix
./services/x11/hardware/wacom.nix
./services/x11/redshift.nix
./services/x11/window-managers/awesome.nix
#./services/x11/window-managers/compiz.nix
./services/x11/window-managers/default.nix
./services/x11/window-managers/icewm.nix
./services/x11/window-managers/bspwm.nix
./services/x11/window-managers/metacity.nix
./services/x11/window-managers/none.nix
./services/x11/window-managers/twm.nix
./services/x11/window-managers/wmii.nix
./services/x11/window-managers/xmonad.nix
./services/x11/redshift.nix
./services/x11/xfs.nix
./services/x11/xserver.nix
./system/activation/activation-script.nix
./system/activation/top-level.nix
./system/boot/emergency-mode.nix
./system/boot/kernel.nix
./system/boot/kexec.nix
./system/boot/loader/efi.nix
@ -307,11 +319,14 @@
./system/boot/stage-1.nix
./system/boot/stage-2.nix
./system/boot/systemd.nix
./system/boot/tmp.nix
./system/etc/etc.nix
./system/upstart/upstart.nix
./tasks/cpu-freq.nix
./tasks/encrypted-devices.nix
./tasks/filesystems.nix
./tasks/filesystems/btrfs.nix
./tasks/filesystems/cifs.nix
./tasks/filesystems/ext.nix
./tasks/filesystems/f2fs.nix
./tasks/filesystems/nfs.nix
@ -320,7 +335,6 @@
./tasks/filesystems/vfat.nix
./tasks/filesystems/xfs.nix
./tasks/filesystems/zfs.nix
./tasks/encrypted-devices.nix
./tasks/kbd.nix
./tasks/lvm.nix
./tasks/network-interfaces.nix
@ -330,6 +344,7 @@
./testing/service-runner.nix
./virtualisation/container-config.nix
./virtualisation/containers.nix
./virtualisation/docker.nix
./virtualisation/libvirtd.nix
#./virtualisation/nova.nix
./virtualisation/virtualbox-guest.nix

1
nixos/modules/profiles/base.nix
View File

@ -7,7 +7,6 @@
# Include some utilities that are useful for installing or repairing
# the system.
environment.systemPackages = [
pkgs.subversion # for nixos-checkout
pkgs.w3m # needed for the manual anyway
pkgs.testdisk # useful for repairing boot problems
pkgs.mssys # for writing Microsoft boot sectors / MBRs

4
nixos/modules/programs/blcr.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{ config, lib, ... }:
let
inherit (pkgs.lib) mkOption mkIf;
inherit (lib) mkOption mkIf;
cfg = config.environment.blcr;
blcrPkg = config.boot.kernelPackages.blcr;
in

34
nixos/modules/programs/dconf.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, lib, ... }:
let
inherit (lib) mkOption mkIf types mapAttrsToList;
cfg = config.programs.dconf;
mkDconfProfile = name: path:
{ source = path; target = "dconf/profile/${name}"; };
in
{
###### interface
options = {
programs.dconf = {
profiles = mkOption {
type = types.attrsOf types.path;
default = {};
description = "Set of dconf profile files.";
internal = true;
};
};
};
###### implementation
config = mkIf (cfg.profiles != {}) {
environment.etc =
(mapAttrsToList mkDconfProfile cfg.profiles);
};
}

8
nixos/modules/programs/info.nix
View File

@ -2,6 +2,8 @@
let
texinfo = pkgs.texinfoInteractive;
# Quick hack to make the `info' command work properly. `info' needs
# a "dir" file containing all the installed Info files, which we
# don't have (it would be impure to have a package installation
@ -22,15 +24,15 @@ let
for i in $(IFS=:; echo $INFOPATH); do
for j in $i/*.info; do
${pkgs.texinfo}/bin/install-info --quiet $j $dir/dir
${texinfo}/bin/install-info --quiet $j $dir/dir
done
done
INFOPATH=$dir:$INFOPATH ${pkgs.texinfo}/bin/info "$@"
INFOPATH=$dir:$INFOPATH ${texinfo}/bin/info "$@"
''; # */
in
{
environment.systemPackages = [ infoWrapper pkgs.texinfo ];
environment.systemPackages = [ infoWrapper texinfo ];
}

4
nixos/modules/programs/screen.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{ config, lib, ... }:
let
inherit (pkgs.lib) mkOption mkIf types;
inherit (lib) mkOption mkIf types;
cfg = config.programs.screen;
in

4
nixos/modules/programs/shadow.nix
View File

@ -40,7 +40,7 @@ in
options = {
users.defaultUserShell = pkgs.lib.mkOption {
users.defaultUserShell = lib.mkOption {
description = ''
This option defines the default shell assigned to user
accounts. This must not be a store path, since the path is
@ -60,7 +60,7 @@ in
config = {
environment.systemPackages =
pkgs.lib.optional config.users.mutableUsers pkgs.shadow;
lib.optional config.users.mutableUsers pkgs.shadow;
environment.etc =
[ { # /etc/login.defs: global configuration for pwdutils. You

1
nixos/modules/programs/virtualbox.nix
View File

@ -14,6 +14,7 @@ let virtualbox = config.boot.kernelPackages.virtualbox; in
services.udev.extraRules =
''
KERNEL=="vboxdrv", OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"
KERNEL=="vboxdrvu", OWNER="root", GROUP="root", MODE="0666", TAG+="systemd"
KERNEL=="vboxnetctl", OWNER="root", GROUP="root", MODE="0600", TAG+="systemd"
SUBSYSTEM=="usb_device", ACTION=="add", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"

5
nixos/modules/security/ca.nix
View File

@ -13,8 +13,9 @@ with lib;
];
environment.sessionVariables =
{ OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt";
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
# FIXME: unneeded - remove eventually.
OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt";
};

6
nixos/modules/security/grsecurity.nix
View File

@ -50,7 +50,7 @@ in
description = ''
grsecurity configuration mode. This specifies whether
grsecurity is auto-configured or otherwise completely
manually configured. Can either by
manually configured. Can either be
<literal>custom</literal> or <literal>auto</literal>.
<literal>auto</literal> is recommended.
@ -64,7 +64,7 @@ in
description = ''
grsecurity configuration priority. This specifies whether
the kernel configuration should emphasize speed or
security. Can either by <literal>security</literal> or
security. Can either be <literal>security</literal> or
<literal>performance</literal>.
'';
};
@ -76,7 +76,7 @@ in
description = ''
grsecurity system configuration. This specifies whether
the kernel configuration should be suitable for a Desktop
or a Server. Can either by <literal>server</literal> or
or a Server. Can either be <literal>server</literal> or
<literal>desktop</literal>.
'';
};

4
nixos/modules/security/pam.nix
View File

@ -189,7 +189,9 @@ let
session required pam_env.so envfile=${config.system.build.pamEnvironment}
session required pam_unix.so
${optionalString cfg.setLoginUid
"session required pam_loginuid.so"}
"session ${
if config.boot.isContainer then "optional" else "required"
} pam_loginuid.so"}
${optionalString cfg.updateWtmp
"session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
${optionalString config.users.ldap.enable

3
nixos/modules/security/rngd.nix
View File

@ -30,7 +30,8 @@ with lib;
description = "Hardware RNG Entropy Gatherer Daemon";
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f";
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f -v" +
(if config.services.tcsd.enable then " --no-tpm=1" else "");
restartTriggers = [ pkgs.rng_tools ];
};

4
nixos/modules/services/amqp/activemq/default.nix
View File

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
with pkgs;
with lib;
let
@ -12,7 +12,7 @@ let
phases = [ "installPhase" ];
buildInputs = [ jdk ];
installPhase = ''
ensureDir $out/lib
mkdir -p $out/lib
source ${activemq}/lib/classpath.env
export CLASSPATH
ln -s "${./ActiveMQBroker.java}" ActiveMQBroker.java

41
nixos/modules/services/amqp/rabbitmq.nix
View File

@ -4,6 +4,8 @@ with lib;
let
cfg = config.services.rabbitmq;
config_file = pkgs.writeText "rabbitmq.config" cfg.config;
config_file_wo_suffix = builtins.substring 0 ((builtins.stringLength config_file) - 7) config_file;
in {
###### interface
@ -31,7 +33,6 @@ in {
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/rabbitmq";
@ -40,6 +41,30 @@ in {
'';
};
cookie = mkOption {
default = "";
type = types.str;
description = ''
Erlang cookie is a string of arbitrary length which must
be the same for several nodes to be allowed to communicate.
Leave empty to generate automatically.
'';
};
config = mkOption {
default = "";
type = types.str;
description = ''
Verbatim configuration file contents.
See http://www.rabbitmq.com/configure.htm
'';
};
plugins = mkOption {
default = [];
type = types.listOf types.str;
description = "The names of plugins to enable";
};
};
};
@ -69,7 +94,10 @@ in {
RABBITMQ_NODE_IP_ADDRESS = cfg.listenAddress;
RABBITMQ_SERVER_START_ARGS = "-rabbit error_logger tty -rabbit sasl_error_logger false";
SYS_PREFIX = "";
};
RABBITMQ_ENABLED_PLUGINS_FILE = pkgs.writeText "enabled_plugins" ''
[ ${concatStringsSep "," cfg.plugins} ].
'';
} // optionalAttrs (cfg.config != "") { RABBITMQ_CONFIG_FILE = config_file_wo_suffix; };
serviceConfig = {
ExecStart = "${pkgs.rabbitmq_server}/sbin/rabbitmq-server";
@ -81,6 +109,15 @@ in {
preStart = ''
mkdir -p ${cfg.dataDir} && chmod 0700 ${cfg.dataDir}
if [ "$(id -u)" = 0 ]; then chown rabbitmq:rabbitmq ${cfg.dataDir}; fi
${optionalString (cfg.cookie != "") ''
echo -n ${cfg.cookie} > ${cfg.dataDir}/.erlang.cookie
chmod 400 ${cfg.dataDir}/.erlang.cookie
chown rabbitmq:rabbitmq ${cfg.dataDir}/.erlang.cookie
''}
mkdir -p /var/log/rabbitmq && chmod 0700 /var/log/rabbitmq
chown rabbitmq:rabbitmq /var/log/rabbitmq
'';
};

118
nixos/modules/services/audio/mopidy.nix Normal file
View File

@ -0,0 +1,118 @@
{ config, lib, pkgs, ... }:
with pkgs;
with lib;
let
uid = config.ids.uids.mopidy;
gid = config.ids.gids.mopidy;
cfg = config.services.mopidy;
mopidyConf = writeText "mopidy.conf" cfg.configuration;
mopidyLauncher = stdenv.mkDerivation {
name = "mopidy-launcher";
phases = [ "installPhase" ];
buildInputs = [ makeWrapper python ];
installPhase = ''
mkdir -p $out/bin
ln -s ${mopidy}/bin/mopidy $out/bin/mopidy
wrapProgram $out/bin/mopidy \
--prefix PYTHONPATH : \
"${concatStringsSep ":" (map (p: "$(toPythonPath ${p})") cfg.extensionPackages)}"
'';
};
in {
options = {
services.mopidy = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable Mopidy, a music player daemon.
'';
};
dataDir = mkOption {
default = "/var/lib/mopidy";
type = types.str;
description = ''
The directory where Mopidy stores its state.
'';
};
extensionPackages = mkOption {
default = [];
type = types.listOf types.package;
example = [ mopidy-spotify ];
description = ''
Mopidy extensions that should be loaded by the service.
'';
};
configuration = mkOption {
type = types.lines;
description = ''
The configuration that Mopidy should use.
'';
};
extraConfigFiles = mkOption {
default = [];
type = types.listOf types.str;
description = ''
Extra config file read by Mopidy when the service starts.
Later files in the list overrides earlier configuration.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.mopidy = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "sound.target" ];
description = "mopidy music player daemon";
preStart = "mkdir -p ${cfg.dataDir} && chown -R mopidy:mopidy ${cfg.dataDir}";
serviceConfig = {
ExecStart = "${mopidyLauncher}/bin/mopidy --config ${concatStringsSep ":" ([mopidyConf] ++ cfg.extraConfigFiles)}";
User = "mopidy";
PermissionsStartOnly = true;
};
};
systemd.services.mopidy-scan = {
description = "mopidy local files scanner";
preStart = "mkdir -p ${cfg.dataDir} && chown -R mopidy:mopidy ${cfg.dataDir}";
serviceConfig = {
ExecStart = "${mopidyLauncher}/bin/mopidy --config ${concatStringsSep ":" ([mopidyConf] ++ cfg.extraConfigFiles)} local scan";
User = "mopidy";
PermissionsStartOnly = true;
Type = "oneshot";
};
};
users.extraUsers.mopidy = {
inherit uid;
group = "mopidy";
extraGroups = [ "audio" ];
description = "Mopidy daemon user";
home = "${cfg.dataDir}";
};
users.extraGroups.mopidy.gid = gid;
};
}

2
nixos/modules/services/backup/sitecopy-backup.nix
View File

@ -73,7 +73,7 @@ in
touch ${stateDir}/sitecopy.secrets
chown root ${stateDir}/sitecopy.secrets
${pkgs.lib.concatStrings (map ( b: ''
${lib.concatStrings (map ( b: ''
unset secrets
unset secret
secrets=`grep '^${b.server}' ${stateDir}/sitecopy.secrets | head -1`

2
nixos/modules/services/databases/firebird.nix
View File

@ -159,5 +159,7 @@ in
uid = config.ids.uids.firebird;
};
users.extraGroups.firebird.gid = config.ids.gids.firebird;
};
}

2
nixos/modules/services/databases/openldap.nix
View File

@ -68,7 +68,7 @@ in
users.extraUsers = optionalAttrs (cfg.user == "openldap") (singleton
{ name = "openldap";
group = "openldap";
group = cfg.group;
uid = config.ids.uids.openldap;
});

2
nixos/modules/services/databases/postgresql.nix
View File

@ -85,7 +85,7 @@ in
Defines how users authenticate themselves to the server. By
default, "trust" access to local users will always be granted
along with any other custom options. If you do not want this,
set this option using "pkgs.lib.mkForce" to override this
set this option using "lib.mkForce" to override this
behaviour.
'';
};

35
nixos/modules/services/databases/redis.nix
View File

@ -38,86 +38,92 @@ in
services.redis = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the Redis server.";
};
package = mkOption {
type = types.package;
default = pkgs.redis;
description = "Which Redis derivation to use.";
type = types.package;
};
user = mkOption {
type = types.str;
default = "redis";
description = "User account under which Redis runs.";
};
pidFile = mkOption {
type = types.path;
default = "/var/lib/redis/redis.pid";
description = "";
};
port = mkOption {
type = types.int;
default = 6379;
description = "The port for Redis to listen to.";
type = with types; int;
};
bind = mkOption {
type = with types; nullOr str;
default = null; # All interfaces
description = "The IP interface to bind to.";
example = "127.0.0.1";
};
unixSocket = mkOption {
type = with types; nullOr path;
default = null;
description = "The path to the socket to bind to.";
example = "/var/run/redis.sock";
};
logLevel = mkOption {
type = types.str;
default = "notice"; # debug, verbose, notice, warning
example = "debug";
description = "Specify the server verbosity level, options: debug, verbose, notice, warning.";
type = with types; string;
};
logfile = mkOption {
type = types.str;
default = "/dev/null";
description = "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.";
example = "/var/log/redis.log";
type = with types; string;
};
syslog = mkOption {
type = types.bool;
default = true;
description = "Enable logging to the system logger.";
type = with types; bool;
};
databases = mkOption {
type = types.int;
default = 16;
description = "Set the number of databases.";
type = with types; int;
};
save = mkOption {
type = with types; listOf (listOf int);
default = [ [900 1] [300 10] [60 10000] ];
description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.";
example = [ [900 1] [300 10] [60 10000] ];
};
dbFilename = mkOption {
type = types.str;
default = "dump.rdb";
description = "The filename where to dump the DB.";
type = with types; string;
};
dbpath = mkOption {
type = types.path;
default = "/var/lib/redis";
description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration.";
type = with types; string;
};
slaveOf = mkOption {
@ -135,46 +141,47 @@ in
};
requirePass = mkOption {
type = with types; nullOr str;
default = null;
description = "Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)";
example = "letmein!";
};
appendOnly = mkOption {
type = types.bool;
default = false;
description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
type = with types; bool;
};
appendOnlyFilename = mkOption {
type = types.str;
default = "appendonly.aof";
description = "Filename for the append-only file (stored inside of dbpath)";
type = with types; string;
};
appendFsync = mkOption {
type = types.str;
default = "everysec"; # no, always, everysec
description = "How often to fsync the append-only log, options: no, always, everysec.";
type = with types; string;
};
slowLogLogSlowerThan = mkOption {
type = types.int;
default = 10000;
description = "Log queries whose execution take longer than X in milliseconds.";
example = 1000;
type = with types; int;
};
slowLogMaxLen = mkOption {
type = types.int;
default = 128;
description = "Maximum number of items to keep in slow log.";
type = with types; int;
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra configuration options for redis.conf.";
type = with types; string;
};
};

7
nixos/modules/services/desktops/gnome3/at-spi2-core.nix
View File

@ -4,9 +4,6 @@
with lib;
let
gnome3 = config.environment.gnome3.packageSet;
in
{
###### interface
@ -33,9 +30,9 @@ in
config = mkIf config.services.gnome3.at-spi2-core.enable {
environment.systemPackages = [ gnome3.at_spi2_core ];
environment.systemPackages = [ pkgs.at_spi2_core ];
services.dbus.packages = [ gnome3.at_spi2_core ];
services.dbus.packages = [ pkgs.at_spi2_core ];
};

4
nixos/modules/services/desktops/gnome3/gnome-documents.nix
View File

@ -1,8 +1,8 @@
# GNOME Documents daemon.
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
with pkgs.lib;
with lib;
let
gnome3 = config.environment.gnome3.packageSet;

4
nixos/modules/services/desktops/gnome3/gnome-keyring.nix
View File

@ -1,8 +1,8 @@
# GNOME Keyring daemon.
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
with pkgs.lib;
with lib;
let
gnome3 = config.environment.gnome3.packageSet;

4
nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix
View File

@ -1,8 +1,8 @@
# GNOME Online Accounts daemon.
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
with pkgs.lib;
with lib;
let
gnome3 = config.environment.gnome3.packageSet;

4
nixos/modules/services/desktops/gnome3/gnome-online-miners.nix
View File

@ -1,8 +1,8 @@
# GNOME Online Miners daemon.
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
with pkgs.lib;
with lib;
let
gnome3 = config.environment.gnome3.packageSet;

4
nixos/modules/services/desktops/gnome3/gnome-user-share.nix
View File

@ -1,8 +1,8 @@
# GNOME User Share daemon.
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
with pkgs.lib;
with lib;
let
gnome3 = config.environment.gnome3.packageSet;

4
nixos/modules/services/desktops/gnome3/gvfs.nix
View File

@ -1,8 +1,8 @@
# gvfs backends
{ config, pkgs, ... }:
{ config, lib, ... }:
with pkgs.lib;
with lib;
let
gnome3 = config.environment.gnome3.packageSet;

4
nixos/modules/services/desktops/gnome3/seahorse.nix
View File

@ -1,8 +1,8 @@
# Seahorse daemon.
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
with pkgs.lib;
with lib;
let
gnome3 = config.environment.gnome3.packageSet;

4
nixos/modules/services/desktops/gnome3/tracker.nix
View File

@ -1,8 +1,8 @@
# Tracker daemon.
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
with pkgs.lib;
with lib;
let
gnome3 = config.environment.gnome3.packageSet;

4
nixos/modules/services/hardware/acpid.nix
View File

@ -6,7 +6,7 @@ let
acpiConfDir = pkgs.runCommand "acpi-events" {}
''
ensureDir $out
mkdir -p $out
${
# Generate a configuration file for each event. (You can't have
# multiple events in one config file...)
@ -16,7 +16,7 @@ let
echo "event=${event.event}" > $fn
echo "action=${pkgs.writeScript "${event.name}.sh" event.action}" >> $fn
'';
in pkgs.lib.concatMapStrings f events
in lib.concatMapStrings f events
}
'';

8
nixos/modules/services/hardware/amd-hybrid-graphics.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
@ -6,9 +6,9 @@
options = {
hardware.amdHybridGraphics.disable = pkgs.lib.mkOption {
hardware.amdHybridGraphics.disable = lib.mkOption {
default = false;
type = pkgs.lib.types.bool;
type = lib.types.bool;
description = ''
Completely disable the AMD graphics card and use the
integrated graphics processor instead.
@ -20,7 +20,7 @@
###### implementation
config = pkgs.lib.mkIf config.hardware.amdHybridGraphics.disable {
config = lib.mkIf config.hardware.amdHybridGraphics.disable {
systemd.services."amd-hybrid-graphics" = {
path = [ pkgs.bash ];
description = "Disable AMD Card";

8
nixos/modules/services/hardware/nvidia-optimus.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
let kernel = config.boot.kernelPackages; in
@ -8,9 +8,9 @@ let kernel = config.boot.kernelPackages; in
options = {
hardware.nvidiaOptimus.disable = pkgs.lib.mkOption {
hardware.nvidiaOptimus.disable = lib.mkOption {
default = false;
type = pkgs.lib.types.bool;
type = lib.types.bool;
description = ''
Completely disable the NVIDIA graphics card and use the
integrated graphics processor instead.
@ -22,7 +22,7 @@ let kernel = config.boot.kernelPackages; in
###### implementation
config = pkgs.lib.mkIf config.hardware.nvidiaOptimus.disable {
config = lib.mkIf config.hardware.nvidiaOptimus.disable {
boot.blacklistedKernelModules = ["nouveau" "nvidia" "nvidiafb"];
boot.kernelModules = [ "bbswitch" ];
boot.extraModulePackages = [ kernel.bbswitch ];

139
nixos/modules/services/hardware/tcsd.nix Normal file
View File

@ -0,0 +1,139 @@
# tcsd daemon.
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.tcsd;
tcsdConf = pkgs.writeText "tcsd.conf" ''
port = 30003
num_threads = 10
system_ps_file = ${cfg.stateDir}/system.data
# This is the log of each individual measurement done by the system.
# By re-calculating the PCR registers based on this information, even
# finer details about the measured environment can be inferred than
# what is available directly from the PCR registers.
firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements
#firmware_pcrs = 0,1,2,3,4,5,6,7
#kernel_pcrs = 10,11
platform_cred = ${cfg.platformCred}
conformance_cred = ${cfg.conformanceCred}
endorsement_cred = ${cfg.endorsementCred}
#remote_ops = create_key,random
#host_platform_class = server_12
#all_platform_classes = pc_11,pc_12,mobile_12
'';
in
{
###### interface
options = {
services.tcsd = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Whether to enable tcsd, a Trusted Computing management service
that provides TCG Software Stack (TSS). The tcsd daemon is
the only portal to the Trusted Platform Module (TPM), a hardware
chip on the motherboard.
'';
};
user = mkOption {
default = "tss";
type = types.string;
description = "User account under which tcsd runs.";
};
group = mkOption {
default = "tss";
type = types.string;
description = "Group account under which tcsd runs.";
};
stateDir = mkOption {
default = "/var/lib/tpm";
type = types.path;
description = ''
The location of the system persistent storage file.
The system persistent storage file holds keys and data across
restarts of the TCSD and system reboots.
'';
};
platformCred = mkOption {
default = "${cfg.stateDir}/platform.cert";
type = types.path;
description = ''
Path to the platform credential for your TPM. Your TPM
manufacturer may have provided you with a set of credentials
(certificates) that should be used when creating identities
using your TPM. When a user of your TPM makes an identity,
this credential will be encrypted as part of that process.
See the 1.1b TPM Main specification section 9.3 for information
on this process. '';
};
conformanceCred = mkOption {
default = "${cfg.stateDir}/conformance.cert";
type = types.path;
description = ''
Path to the conformance credential for your TPM.
See also the platformCred option'';
};
endorsementCred = mkOption {
default = "${cfg.stateDir}/endorsement.cert";
type = types.path;
description = ''
Path to the endorsement credential for your TPM.
See also the platformCred option'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.trousers ];
# system.activationScripts.tcsd =
# ''
# chown ${cfg.user}:${cfg.group} ${tcsdConf}
# '';
systemd.services.tcsd = {
description = "TCSD";
after = [ "systemd-udev-settle.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.trousers ];
preStart =
''
mkdir -m 0700 -p ${cfg.stateDir}
chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir}
'';
serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";
};
users.extraUsers = optionalAttrs (cfg.user == "tss") (singleton
{ name = "tss";
group = "tss";
uid = config.ids.uids.nginx;
});
users.extraGroups = optionalAttrs (cfg.group == "tss") (singleton
{ name = "tss";
gid = config.ids.gids.nginx;
});
};
}

16
nixos/modules/services/logging/logrotate.nix
View File

@ -8,10 +8,6 @@ let
configFile = pkgs.writeText "logrotate.conf"
cfg.config;
cronJob = ''
5 * * * * root ${pkgs.logrotate}/sbin/logrotate ${configFile}
'';
in
{
options = {
@ -33,6 +29,16 @@ in
};
config = mkIf cfg.enable {
services.cron.systemCronJobs = [ cronJob ];
systemd.services.logrotate = {
description = "Logrotate Service";
wantedBy = [ "multi-user.target" ];
startAt = "*-*-* *:05:00";
serviceConfig.Restart = "no";
serviceConfig.User = "root";
script = ''
exec ${pkgs.logrotate}/sbin/logrotate ${configFile}
'';
};
};
}

4
nixos/modules/services/logging/logstash.nix
View File

@ -69,9 +69,9 @@ in
systemd.services.logstash = with pkgs; {
description = "Logstash Daemon";
wantedBy = [ "multi-user.target" ];
environment = { JAVA_HOME = jre; };
serviceConfig = {
ExecStart = "${jre}/bin/java -jar ${logstash} agent -f ${writeText "logstash.conf" ''
ExecStart = "${logstash}/bin/logstash agent -f ${writeText "logstash.conf" ''
input {
${cfg.inputConfig}
}

83
nixos/modules/services/logging/syslog-ng.nix Normal file
View File

@ -0,0 +1,83 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.syslog-ng;
syslogngConfig = pkgs.writeText "syslog-ng.conf" ''
@version: 3.5
@include "scl.conf"
${cfg.extraConfig}
'';
ctrlSocket = "/run/syslog-ng/syslog-ng.ctl";
pidFile = "/run/syslog-ng/syslog-ng.pid";
persistFile = "/var/syslog-ng/syslog-ng.persist";
syslogngOptions = [
"--foreground"
"--module-path=${concatStringsSep ":" (["${pkgs.syslogng}/lib/syslog-ng"] ++ cfg.extraModulePaths)}"
"--cfgfile=${syslogngConfig}"
"--control=${ctrlSocket}"
"--persist-file=${persistFile}"
"--pidfile=${pidFile}"
];
in {
options = {
services.syslog-ng = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the syslog-ng daemon.
'';
};
serviceName = mkOption {
type = types.str;
default = "syslog-ng";
description = ''
The name of the systemd service that runs syslog-ng. Set this to
<literal>syslog</literal> if you want journald to automatically
forward all logs to syslog-ng.
'';
};
extraModulePaths = mkOption {
type = types.listOf types.str;
default = [];
example = [ "${pkgs.syslogng_incubator}/lib/syslog-ng" ];
description = ''
A list of paths that should be included in syslog-ng's
<literal>--module-path</literal> option. They should usually
end in <literal>/lib/syslog-ng</literal>
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Configuration added to the end of <literal>syslog-ng.conf</literal>.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services."${cfg.serviceName}" = {
wantedBy = [ "multi-user.target" ];
preStart = "mkdir -p /{var,run}/syslog-ng";
serviceConfig = {
Type = "notify";
Sockets = "syslog.socket";
StandardOutput = "null";
Restart = "on-failure";
ExecStart = "${pkgs.syslogng}/sbin/syslog-ng ${concatStringsSep " " syslogngOptions}";
};
};
};
}

66
nixos/modules/services/misc/gitolite.nix Normal file
View File

@ -0,0 +1,66 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.gitolite;
pubkeyFile = pkgs.writeText "gitolite-admin.pub" cfg.adminPubkey;
in
{
options = {
services.gitolite = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable gitolite management under the
<literal>gitolite</literal> user. The Gitolite home
directory is <literal>/var/lib/gitolite</literal>. After
switching to a configuration with Gitolite enabled, you can
then run <literal>git clone
gitolite@host:gitolite-admin.git</literal> to manage it further.
'';
};
adminPubkey = mkOption {
type = types.str;
description = ''
Initial administrative public key for Gitolite. This should
be an SSH Public Key. Note that this key will only be used
once, upon the first initialization of the Gitolite user.
'';
};
};
};
config = mkIf cfg.enable {
users.extraUsers.gitolite = {
description = "Gitolite user";
home = "/var/lib/gitolite";
createHome = true;
uid = config.ids.uids.gitolite;
useDefaultShell = true;
};
systemd.services."gitolite-init" = {
description = "Gitolite initialization";
wantedBy = [ "multi-user.target" ];
serviceConfig.User = "gitolite";
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
path = [ pkgs.gitolite pkgs.git pkgs.perl pkgs.bash pkgs.openssh ];
script = ''
cd /var/lib/gitolite
mkdir -p .gitolite/logs
if [ ! -d repositories ]; then
gitolite setup -pk ${pubkeyFile}
fi
gitolite setup # Upgrade if needed
'';
};
environment.systemPackages = [ pkgs.gitolite pkgs.git ];
};
}

17
nixos/modules/services/misc/nix-daemon.nix
View File

@ -22,14 +22,11 @@ let
nixConf =
let
# Tricky: if we're using a chroot for builds, then we need
# /bin/sh in the chroot (our own compromise to purity).
# However, since /bin/sh is a symlink to some path in the
# Nix store, which furthermore has runtime dependencies on
# other paths in the store, we need the closure of /bin/sh
# in `build-chroot-dirs' - otherwise any builder that uses
# /bin/sh won't work.
binshDeps = pkgs.writeReferencesToFile config.system.build.binsh;
# If we're using a chroot for builds, then provide /bin/sh in
# the chroot as a bind-mount to bash. This means we also need to
# include the entire closure of bash.
sh = pkgs.stdenv.shell;
binshDeps = pkgs.writeReferencesToFile sh;
in
pkgs.runCommand "nix.conf" {extraOptions = cfg.extraOptions; } ''
extraPaths=$(for i in $(cat ${binshDeps}); do if test -d $i; then echo $i; fi; done)
@ -40,7 +37,7 @@ let
build-users-group = nixbld
build-max-jobs = ${toString (cfg.maxJobs)}
build-use-chroot = ${if cfg.useChroot then "true" else "false"}
build-chroot-dirs = ${toString cfg.chrootDirs} $(echo $extraPaths)
build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
binary-caches = ${toString cfg.binaryCaches}
trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
$extraOptions
@ -253,8 +250,6 @@ in
config = {
nix.chrootDirs = [ "/bin" ];
environment.etc."nix/nix.conf".source = nixConf;
# List of machines for distributed Nix builds in the format

38
nixos/modules/services/misc/nix-ssh-serve.nix
View File

@ -1,32 +1,35 @@
{ config, lib, pkgs, ... }:
let
serveOnly = pkgs.writeScript "nix-store-serve" ''
#!${pkgs.stdenv.shell}
if [ "$SSH_ORIGINAL_COMMAND" != "nix-store --serve" ]; then
echo 'Error: You are only allowed to run `nix-store --serve'\'''!' >&2
exit 1
fi
exec /run/current-system/sw/bin/nix-store --serve
'';
with lib;
inherit (lib) mkIf mkOption types;
in {
{
options = {
nix.sshServe = {
enable = mkOption {
description = "Whether to enable serving the nix store over ssh.";
default = false;
type = types.bool;
default = false;
description = "Whether to enable serving the Nix store as a binary cache via SSH.";
};
keys = mkOption {
type = types.listOf types.str;
default = [];
example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ];
description = "A list of SSH public keys allowed to access the binary cache via SSH.";
};
};
};
config = mkIf config.nix.sshServe.enable {
users.extraUsers.nix-ssh = {
description = "User for running nix-store --serve.";
description = "Nix SSH substituter user";
uid = config.ids.uids.nix-ssh;
shell = pkgs.stdenv.shell;
useDefaultShell = true;
};
services.openssh.enable = true;
@ -38,8 +41,11 @@ in {
PermitTTY no
PermitTunnel no
X11Forwarding no
ForceCommand ${serveOnly}
ForceCommand ${config.nix.package}/bin/nix-store --serve
Match All
'';
users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys;
};
}

4
nixos/modules/services/monitoring/monit.nix
View File

@ -1,9 +1,9 @@
# Monit system watcher
# http://mmonit.org/monit/
{config, pkgs, ...}:
{config, pkgs, lib, ...}:
let inherit (pkgs.lib) mkOption mkIf;
let inherit (lib) mkOption mkIf;
in
{

15
nixos/modules/services/monitoring/munin.nix
View File

@ -189,19 +189,18 @@ in
wantedBy = [ "multi-user.target" ];
path = [ pkgs.munin ];
environment.MUNIN_PLUGSTATE = "/var/run/munin";
preStart = ''
echo "updating munin plugins..."
mkdir -p /etc/munin/plugins
rm -rf /etc/munin/plugins/*
PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
'';
serviceConfig = {
ExecStart = "${pkgs.munin}/sbin/munin-node --config ${nodeConf} --servicedir /etc/munin/plugins/";
};
};
system.activationScripts.munin-node = ''
echo "updating munin plugins..."
mkdir -p /etc/munin/plugins
rm -rf /etc/munin/plugins/*
PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
'';
}) (mkIf cronCfg.enable {
services.cron.systemCronJobs = [

2
nixos/modules/services/monitoring/nagios.nix
View File

@ -12,7 +12,7 @@ let
nagiosObjectDefs = cfg.objectDefs;
nagiosObjectDefsDir = pkgs.runCommand "nagios-objects" {inherit nagiosObjectDefs;}
"ensureDir $out; ln -s $nagiosObjectDefs $out/";
"mkdir -p $out; ln -s $nagiosObjectDefs $out/";
nagiosCfgFile = pkgs.writeText "nagios.cfg"
''

2
nixos/modules/services/monitoring/systemhealth.nix
View File

@ -13,7 +13,7 @@ let
};
buildInputs = [ python ];
installPhase = ''
ensureDir $out/bin
mkdir -p $out/bin
# Make it work for kernels 3.x, not so different than 2.6
sed -i 's/2\.6/4.0/' system_health.py
cp system_health.py $out/bin

4
nixos/modules/services/monitoring/uptime.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
let
inherit (pkgs.lib) mkOption mkEnableOption mkIf mkMerge types optionalAttrs optional;
inherit (lib) mkOption mkEnableOption mkIf mkMerge types optionalAttrs optional;
cfg = config.services.uptime;

6
nixos/modules/services/network-filesystems/openafs-client/default.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
let
inherit (pkgs.lib) mkOption mkIf;
inherit (lib) mkOption mkIf;
cfg = config.services.openafsClient;
@ -11,7 +11,7 @@ let
};
afsConfig = pkgs.runCommand "afsconfig" {} ''
ensureDir $out
mkdir -p $out
echo ${cfg.cellName} > $out/ThisCell
cp ${cellServDB} $out/CellServDB
echo "/afs:${cfg.cacheDirectory}:${cfg.cacheSize}" > $out/cacheinfo

6
nixos/modules/services/network-filesystems/rsyncd.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
with pkgs.lib;
with lib;
let
@ -136,4 +136,4 @@ in
networking.firewall.allowedTCPPorts = [ cfg.port ];
};
}
}

2
nixos/modules/services/networking/connman.nix
View File

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
with pkgs;
with lib;
let
cfg = config.networking.connman;

4
nixos/modules/services/networking/ddclient.nix
View File

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
let
inherit (pkgs.lib) mkOption mkIf singleton;
inherit (lib) mkOption mkIf singleton;
inherit (pkgs) ddclient;

2
nixos/modules/services/networking/dhcpd.nix
View File

@ -18,7 +18,7 @@ let
${cfg.extraConfig}
${pkgs.lib.concatMapStrings
${lib.concatMapStrings
(machine: ''
host ${machine.hostName} {
hardware ethernet ${machine.ethernetAddress};

4
nixos/modules/services/networking/gvpe.nix
View File

@ -1,9 +1,9 @@
# GNU Virtual Private Ethernet
{config, pkgs, ...}:
{config, pkgs, lib, ...}:
let
inherit (pkgs.lib) mkOption mkIf;
inherit (lib) mkOption mkIf;
cfg = config.services.gvpe;

4
nixos/modules/services/networking/ircd-hybrid/builder.sh
View File

@ -3,7 +3,7 @@ source $stdenv/setup
doSub() {
local src=$1
local dst=$2
ensureDir $(dirname $dst)
mkdir -p $(dirname $dst)
substituteAll $src $dst
}
@ -28,4 +28,4 @@ for i in $substFiles; do
fi
done
ensureDir $out/bin
mkdir -p $out/bin

4
nixos/modules/services/networking/networkmanager.nix
View File

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
with pkgs;
with lib;
let
cfg = config.networking.networkmanager;
@ -151,7 +151,7 @@ in {
{ source = "${networkmanager_pptp}/etc/NetworkManager/VPN/nm-pptp-service.name";
target = "NetworkManager/VPN/nm-pptp-service.name";
}
] ++ pkgs.lib.optional (cfg.appendNameservers == [] || cfg.insertNameservers == [])
] ++ optional (cfg.appendNameservers == [] || cfg.insertNameservers == [])
{ source = overrideNameserversScript;
target = "NetworkManager/dispatcher.d/02overridedns";
};

2
nixos/modules/services/networking/notbit.nix
View File

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let
cfg = config.services.notbit;
varDir = "/var/lib/notbit";

4
nixos/modules/services/networking/nsd.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
with pkgs.lib;
with lib;
let
cfg = config.services.nsd;

118
nixos/modules/services/networking/polipo.nix Normal file
View File

@ -0,0 +1,118 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.polipo;
polipoConfig = pkgs.writeText "polipo.conf" ''
proxyAddress = ${cfg.proxyAddress}
proxyPort = ${toString cfg.proxyPort}
allowedClients = ${concatStringsSep ", " cfg.allowedClients}
${optionalString (cfg.parentProxy != "") "parentProxy = ${cfg.parentProxy}" }
${optionalString (cfg.socksParentProxy != "") "socksParentProxy = ${cfg.socksParentProxy}" }
${config.services.polipo.extraConfig}
'';
in
{
options = {
services.polipo = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to run the polipo caching web proxy.";
};
proxyAddress = mkOption {
type = types.string;
default = "127.0.0.1";
description = "IP address on which Polipo will listen.";
};
proxyPort = mkOption {
type = types.int;
default = 8123;
description = "TCP port on which Polipo will listen.";
};
allowedClients = mkOption {
type = types.listOf types.string;
default = [ "127.0.0.1" "::1" ];
example = [ "127.0.0.1" "::1" "134.157.168.0/24" "2001:660:116::/48" ];
description = ''
List of IP addresses or network addresses that may connect to Polipo.
'';
};
parentProxy = mkOption {
type = types.string;
default = "";
example = "localhost:8124";
description = ''
Hostname and port number of an HTTP parent proxy;
it should have the form host:port.
'';
};
socksParentProxy = mkOption {
type = types.string;
default = "";
example = "localhost:9050";
description = ''
Hostname and port number of an SOCKS parent proxy;
it should have the form host:port.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Polio configuration. Contents will be added
verbatim to the configuration file.
'';
};
};
};
config = mkIf cfg.enable {
users.extraUsers = singleton
{ name = "polipo";
uid = config.ids.uids.polipo;
description = "Polipo caching proxy user";
home = "/var/cache/polipo";
createHome = true;
};
users.extraGroups = singleton
{ name = "polipo";
gid = config.ids.gids.polipo;
members = [ "polipo" ];
};
systemd.services.polipo = {
description = "caching web proxy";
after = [ "network.target" "nss-lookup.target" ];
wantedBy = [ "multi-user.target"];
preStart = ''
${pkgs.coreutils}/bin/chown polipo:polipo /var/cache/polipo -R
'';
serviceConfig = {
ExecStart = "${pkgs.polipo}/bin/polipo -c ${polipoConfig}";
ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
User = "polipo";
};
};
};
}

Some files were not shown because too many files have changed in this diff Show More