nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 15:03:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into rename-z77z-into-maggesi

Browse Source
This commit is contained in:
Marco Maggesi 2019-10-13 18:06:23 +02:00 committed by GitHub
commit 24d0bd37b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
852 changed files with 29211 additions and 15602 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -44,9 +44,9 @@ Nixpkgs and NixOS are built and tested by our continuous integration
system, [Hydra](https://hydra.nixos.org/).
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for the NixOS 19.03 release](https://hydra.nixos.org/jobset/nixos/release-19.03)
* [Continuous package builds for the NixOS 19.09 release](https://hydra.nixos.org/jobset/nixos/release-19.09)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for the NixOS 19.03 release](https://hydra.nixos.org/job/nixos/release-19.03/tested#tabs-constituents)
* [Tests for the NixOS 19.09 release](https://hydra.nixos.org/job/nixos/release-19.09/tested#tabs-constituents)
Artifacts successfully built with Hydra are published to cache at
https://cache.nixos.org/. When successful build and test criteria are

11
doc/languages-frameworks/gnome.xml
View File

@ -32,7 +32,11 @@
<title>Icons</title>
<para>
When an application uses icons, an icon theme should be available in <envar>XDG_DATA_DIRS</envar>. The package for the default, icon-less <link xlink:href="https://www.freedesktop.org/wiki/Software/icon-theme/">hicolor-icon-theme</link> contains <link linkend="ssec-gnome-hooks-hicolor-icon-theme">a setup hook</link> that will pick up icon themes from <literal>buildInputs</literal> and pass it to our wrapper. Unfortunately, relying on that would mean every user has to download the theme included in the package expression no matter their preference. For that reason, we leave the installation of icon theme on the user. If you use one of the desktop environments, you probably already have an icon theme installed.
When an application uses icons, an icon theme should be available in <envar>XDG_DATA_DIRS</envar> during runtime. The package for the default, icon-less <link xlink:href="https://www.freedesktop.org/wiki/Software/icon-theme/">hicolor-icon-theme</link> (should be propagated by every icon theme) contains <link linkend="ssec-gnome-hooks-hicolor-icon-theme">a setup hook</link> that will pick up icon themes from <literal>buildInputs</literal> and pass it to our wrapper. Unfortunately, relying on that would mean every user has to download the theme included in the package expression no matter their preference. For that reason, we leave the installation of icon theme on the user. If you use one of the desktop environments, you probably already have an icon theme installed.
</para>
<para>
To avoid costly file system access when locating icons, GTK, <link xlink:href="https://woboq.com/blog/qicon-reads-gtk-icon-cache-in-qt57.html">as well as Qt</link>, can rely on <filename>icon-theme.cache</filename> files from the themes top-level directories. These files are generated using <command>gtk-update-icon-cache</command>, which is expected to be run whenever an icon is added or removed to an icon theme (typically an application icon into <literal>hicolor</literal> theme) and some programs do indeed run this after icon installation. However, since packages are installed into their own prefix by Nix, this would lead to conflicts. For that reason, <package>gtk3</package> provides a <link xlink:href="#ssec-gnome-hooks-gtk-drop-icon-theme-cache">setup hook</link> that will clean the file from installation. Since most applications only ship their own icon that will be loaded on start-up, it should not affect them too much. On the other hand, icon themes are much larger and more widely used so we need to cache them. Because we recommend installing icon themes globally, we will generate the cache files from all packages in a profile using a NixOS module. You can enable the cache generation using <option>gtk.iconCache.enable</option> option if your desktop environment does not already do that.
</para>
</section>
@ -91,6 +95,11 @@ preFixup = ''
<package>glib</package> setup hook will populate <envar>GSETTINGS_SCHEMAS_PATH</envar> and then <package>wrapGAppsHook</package> will prepend it to <envar>XDG_DATA_DIRS</envar>.
</para>
</listitem>
<listitem xml:id="ssec-gnome-hooks-gtk-drop-icon-theme-cache">
<para>
One of <package>gtk3</package>s setup hooks will remove <filename>icon-theme.cache</filename> files from packages icon theme directories to avoid conflicts. Icon theme packages should prevent this with <code>dontDropIconThemeCache = true;</code>.
</para>
</listitem>
<listitem xml:id="ssec-gnome-hooks-dconf">
<para>
<package>gnome3.dconf.lib</package> is a dependency of <package>wrapGAppsHook</package>, which then also adds it to the <envar>GIO_EXTRA_MODULES</envar> variable.

50
maintainers/maintainer-list.nix
View File

@ -356,6 +356,16 @@
github = "alunduil";
name = "Alex Brandt";
};
alva = {
email = "alva@skogen.is";
github = "fjallarefur";
githubId = 42881386;
name = "Alva";
keys = [{
longkeyid = "ed25519/0xF53E323342F7A6D3";
fingerprint = "B422 CFB1 C9EF 73F7 E1E2 698D F53E 3233 42F7 A6D3A";
}];
};
amar1729 = {
email = "amar.paul16@gmail.com";
github = "amar1729";
@ -2272,7 +2282,7 @@
name = "Frede Emil";
};
freepotion = {
email = "free.potion@yandex.ru";
email = "42352817+freepotion@users.noreply.github.com";
github = "freepotion";
githubId = 42352817;
name = "Free Potion";
@ -2627,6 +2637,11 @@
githubId = 1401179;
name = "Guanpeng Xu";
};
hexa = {
github = "mweinelt";
githubId = 131599;
name = "Martin Weinelt";
};
hhm = {
email = "heehooman+nixpkgs@gmail.com";
github = "hhm0";
@ -3261,6 +3276,12 @@
githubId = 8460;
name = "John Wiegley";
};
jwijenbergh = {
email = "jeroenwijenbergh@protonmail.com";
github = "jwijenbergh";
githubId = 46386452;
name = "Jeroen Wijenbergh";
};
jwilberding = {
email = "jwilberding@afiniate.com";
name = "Jordan Wilberding";
@ -3303,6 +3324,12 @@
email = "info+nix@chmist.com";
name = "karolchmist";
};
kayhide = {
email = "kayhide@gmail.com";
github = "kayhide";
githubId = 1730718;
name = "Hideaki Kawai";
};
kazcw = {
email = "kaz@lambdaverse.org";
github = "kazcw";
@ -4268,6 +4295,15 @@
githubId = 5698461;
name = "Maciej Kazulak";
};
mkf = {
email = "m@mikf.pl";
github = "mkf";
name = "Michał Krzysztof Feiler";
keys = [{
longkeyid = "rsa4096/0xE35C2D7C2C6AC724";
fingerprint = "1E36 9940 CC7E 01C4 CFE8 F20A E35C 2D7C 2C6A C724";
}];
};
mkg = {
email = "mkg@vt.edu";
github = "mkgvt";
@ -6503,6 +6539,12 @@
githubId = 224674;
name = "Thomas Pham";
};
Thra11 = {
email = "tahall256@protonmail.ch";
github = "Thra11";
githubId = 1391883;
name = "Tom Hall";
};
tilpner = {
email = "till@hoeppner.ws";
github = "tilpner";
@ -7046,6 +7088,12 @@
githubId = 36407913;
name = "Uli Baum";
};
xfix = {
email = "konrad@borowski.pw";
github = "xfix";
githubId = 1297598;
name = "Konrad Borowski";
};
xnaveira = {
email = "xnaveira@gmail.com";
github = "xnaveira";

37
nixos/doc/manual/installation/installing-nspawn-container.xml
View File

@ -1,37 +0,0 @@
<section xmlns="http://docbook.org/ns/docbook"
version="5.0"
xml:id="sec-installing-nspawn-container">
<title>Installing into a nspawn container</title>
<para>
For installing a NixOS into a systemd nspawn container the NixOS installation tools are needed.
If you run another distribution than NixOS on your host,
please follow <xref linkend="sec-installing-from-other-distro"/> steps 1, 2, and 3.
</para>
<para>
Create a NixOS configuration file <filename>/var/lib/machines/my-container/etc/nixos/configuration.nix</filename>.
It is important that the container root file system is under <filename>/var/lib/machines</filename>.
This is the standard location where <command>machinectl</command> will look for containers.
If you choose place the root into another location you need to start the container directly with <command>systemd-nspawn</command>.
The file needs to have at least following options enabled:
<programlisting>
<xref linkend="opt-boot.isContainer"/> = true;
<xref linkend="opt-boot.loader.initScript.enable"/> = true;
</programlisting>
If your host uses <command>systemd-networkd</command> to configure the network,
you can also enable <xref linkend="opt-networking.useNetworkd"/> to use networkd default network configuration for your host and container.
</para>
<para>
Install the container by running following command:
<screen>nixos-install --root /var/lib/machines/my-container \
--no-channel-copy --no-root-passwd --no-bootloader</screen>
</para>
<para>
Start the container by running following command:
<screen>machinectl start my-container</screen>
</para>
</section>

5
nixos/doc/manual/installation/installing.xml
View File

@ -68,7 +68,7 @@
If you would like to continue the installation from a different machine you
need to activate the SSH daemon via <command>systemctl start
sshd</command>. You then must set a password for either <literal>root</literal> or
<literal>nixos</literal> with <command>passwd></command> to be able to login.
<literal>nixos</literal> with <command>passwd</command> to be able to login.
</para>
</section>
</section>
@ -563,8 +563,5 @@ Retype new UNIX password: ***</screen>
<xi:include href="installing-from-other-distro.xml" />
<xi:include href="installing-behind-a-proxy.xml" />
<xi:include href="installing-nspawn-container.xml" />
</section>
</chapter>

16
nixos/doc/manual/installation/upgrading.xml
View File

@ -14,7 +14,7 @@
<para>
<emphasis>Stable channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-19.03">nixos-19.03</literal>.
xlink:href="https://nixos.org/channels/nixos-19.09">nixos-19.09</literal>.
These only get conservative bug fixes and package upgrades. For instance,
a channel update may cause the Linux kernel on your system to be upgraded
from 4.19.34 to 4.19.38 (a minor bug fix), but not from
@ -38,7 +38,7 @@
<para>
<emphasis>Small channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-19.03-small">nixos-19.03-small</literal>
xlink:href="https://nixos.org/channels/nixos-19.09-small">nixos-19.09-small</literal>
or
<literal
xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>.
@ -63,8 +63,8 @@
<para>
When you first install NixOS, youre automatically subscribed to the NixOS
channel that corresponds to your installation source. For instance, if you
installed from a 19.03 ISO, you will be subscribed to the
<literal>nixos-19.03</literal> channel. To see which NixOS channel youre
installed from a 19.09 ISO, you will be subscribed to the
<literal>nixos-19.09</literal> channel. To see which NixOS channel youre
subscribed to, run the following as root:
<screen>
# nix-channel --list | grep nixos
@ -75,13 +75,13 @@ nixos https://nixos.org/channels/nixos-unstable
# nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
</screen>
(Be sure to include the <literal>nixos</literal> parameter at the end.) For
instance, to use the NixOS 19.03 stable channel:
instance, to use the NixOS 19.09 stable channel:
<screen>
# nix-channel --add https://nixos.org/channels/nixos-19.03 nixos
# nix-channel --add https://nixos.org/channels/nixos-19.09 nixos
</screen>
If you have a server, you may want to use the “small” channel instead:
<screen>
# nix-channel --add https://nixos.org/channels/nixos-19.03-small nixos
# nix-channel --add https://nixos.org/channels/nixos-19.09-small nixos
</screen>
And if you want to live on the bleeding edge:
<screen>
@ -127,7 +127,7 @@ nixos https://nixos.org/channels/nixos-unstable
current channel. (To see when the service runs, see <command>systemctl
list-timers</command>.) You can also specify a channel explicitly, e.g.
<programlisting>
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-19.03;
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-19.09;
</programlisting>
</para>
</section>

50
nixos/doc/manual/release-notes/rl-1909.xml
View File

@ -3,7 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-19.09">
<title>Release 19.09 (“Loris”, 2019/09/??)</title>
<title>Release 19.09 (“Loris”, 2019/10/09)</title>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
@ -23,6 +23,26 @@
End of support is planned for end of April 2020, handing over to 20.03.
</para>
</listitem>
<listitem>
<para>
Nix has been updated to 2.3; see its
<link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.3">release
notes</link>.
</para>
</listitem>
<listitem>
<para>Core version changes:</para>
<para>systemd: 239 -&gt; 243</para>
<para>gcc: 7 -&gt; 8</para>
<para>glibc: 2.27 (unchanged)</para>
<para>linux: 4.19 LTS (unchanged)</para>
<para>openssl: 1.0 -&gt; 1.1</para>
</listitem>
<listitem>
<para>Desktop version changes:</para>
<para>plasma5: 5.14 -&gt; 5.16</para>
<para>gnome3: 3.30 -&gt; 3.32</para>
</listitem>
<listitem>
<para>
PHP now defaults to PHP 7.3, updated from 7.2.
@ -530,6 +550,17 @@
The <literal>nodejs-11_x</literal> package has been removed as it's EOLed by upstream.
</para>
</listitem>
<listitem>
<para>
Because of the systemd upgrade,
<application>systemd-timesyncd</application> will no longer work if
<option>system.stateVersion</option> is not set correctly. When
upgrading from NixOS 19.03, please make sure that
<option>system.stateVersion</option> is set to
<literal>"19.03"</literal>, or lower if the installation dates back to an
earlier version of NixOS.
</para>
</listitem>
</itemizedlist>
</section>
@ -728,7 +759,7 @@
</para>
</listitem>
</itemizedlist>
This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>,
This also configures the kernel to pass core dumps to <literal>systemd-coredump</literal>,
and restricts the SysRq key combinations to the sync command only.
These sysctl snippets can be found in <literal>/etc/sysctl.d/50-*.conf</literal>,
and overridden via <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link>
@ -737,12 +768,15 @@
</listitem>
<listitem>
<para>
Coredumps are now acquired by <literal>systemd-coredump</literal> by default.
<literal>systemd-coredump</literal> behaviour can still be modified via
<option>systemd.coredump.extraConfig</option>.
To stick to the old behaviour (having the kernel dump to a file called <literal>core</literal>
in the working directory), without piping it through <literal>systemd-coredump</literal>, set
<option>boot.kernel.sysctl."kernel.core_pattern"</option> to <literal>"core"</literal>.
Core dumps are now processed by <literal>systemd-coredump</literal>
by default. <literal>systemd-coredump</literal> behaviour can
still be modified via
<option>systemd.coredump.extraConfig</option>. To stick to the
old behaviour (having the kernel dump to a file called
<literal>core</literal> in the working directory), without piping
it through <literal>systemd-coredump</literal>, set
<option>systemd.coredump.enable</option> to
<literal>false</literal>.
</para>
</listitem>
<listitem>

14
nixos/lib/make-disk-image.nix
View File

@ -180,17 +180,9 @@ let format' = format; in let
export NIX_STATE_DIR=$TMPDIR/state
nix-store --load-db < ${closureInfo}/registration
mkdir -m 0755 -p "$root/etc"
touch "$root/etc/NIXOS"
echo "copying system..."
nix-env --store "$root" --substituters "auto?trusted=1" \
-p "$root/nix/var/nix/profiles/system" --set "${config.system.build.toplevel}" --quiet
echo "copying channel..."
mkdir -p "$root/nix/var/nix/profiles/per-user/root"
nix-env --store "$root" --substituters "auto?trusted=1" \
-p "$root/nix/var/nix/profiles/per-user/root/channels" --set "${channelSources}" --quiet
echo "running nixos-install..."
nixos-install --root $root --no-bootloader --no-root-passwd \
--system ${config.system.build.toplevel} --channel ${channelSources} --substituters ""
echo "copying staging root to image..."
cptofs -p ${optionalString (partitionTableType != "none") "-P ${rootPartition}"} -t ${fsType} -i $diskImage $root/* /

3
nixos/modules/config/pulseaudio.nix
View File

@ -51,8 +51,7 @@ let
# that we can disable the autospawn feature in programs that
# are built with PulseAudio support (like KDE).
clientConf = writeText "client.conf" ''
autospawn=${if nonSystemWide then "yes" else "no"}
${optionalString nonSystemWide "daemon-binary=${binary}"}
autospawn=no
${cfg.extraClientConf}
'';

2
nixos/modules/config/unix-odbc-drivers.nix
View File

@ -24,7 +24,7 @@ in {
Specifies Unix ODBC drivers to be registered in
<filename>/etc/odbcinst.ini</filename>. You may also want to
add <literal>pkgs.unixODBC</literal> to the system path to get
a command line client to connnect to ODBC databases.
a command line client to connect to ODBC databases.
'';
};
};

7
nixos/modules/hardware/steam-hardware.nix
View File

@ -21,5 +21,12 @@ in
services.udev.packages = [
pkgs.steamPackages.steam
];
# The uinput module needs to be loaded in order to trigger the udev rules
# defined in the steam package for setting permissions on /dev/uinput.
#
# If the udev rules are not triggered, some controllers won't work with
# steam.
boot.kernelModules = [ "uinput" ];
};
}

8
nixos/modules/installer/tools/nix-fallback-paths.nix
View File

@ -1,6 +1,6 @@
{
x86_64-linux = "/nix/store/3ds3cgji9vjxdbgp10av6smyym1126d1-nix-2.3";
i686-linux = "/nix/store/ln1ndqvfpc9cdl03vqxi6kvlxm9wfv9g-nix-2.3";
aarch64-linux = "/nix/store/n8a1rwzrp20qcr2c4hvyn6c5q9zx8csw-nix-2.3";
x86_64-darwin = "/nix/store/jq6npmpld02sz4rgniz0qrsdfnm6j17a-nix-2.3";
x86_64-linux = "/nix/store/6chjfy4j6hjwj5f8zcbbdg02i21x1qsi-nix-2.3.1";
i686-linux = "/nix/store/xa8z7fwszjjm4kiwrxfc8xv9c1pzzm7a-nix-2.3.1";
aarch64-linux = "/nix/store/8cac1ivcnchlpzmdjby2f71l1fwpnymr-nix-2.3.1";
x86_64-darwin = "/nix/store/6639l9815ggdnb4aka22qcjy7p8w4hb9-nix-2.3.1";
}

3
nixos/modules/installer/tools/nixos-install.sh
View File

@ -132,9 +132,8 @@ if [[ -z $noBootLoader ]]; then
echo "installing the boot loader..."
# Grub needs an mtab.
ln -sfn /proc/mounts $mountPoint/etc/mtab
export NIXOS_INSTALL_BOOTLOADER=1
NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot
fi
nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot
# Ask the user to set a root password, but only if the passwd command
# exists (i.e. when mutable user accounts are enabled).

2
nixos/modules/installer/tools/nixos-rebuild.sh
View File

@ -111,7 +111,7 @@ buildHostCmd() {
if [ -z "$buildHost" ]; then
"$@"
elif [ -n "$remoteNix" ]; then
ssh $SSHOPTS "$buildHost" PATH="$remoteNix:$PATH" "$@"
ssh $SSHOPTS "$buildHost" env PATH="$remoteNix:$PATH" "$@"
else
ssh $SSHOPTS "$buildHost" "$@"
fi

5
nixos/modules/misc/locate.nix
View File

@ -128,7 +128,10 @@ in {
# directory creation needs to be separated from main service
# because ReadWritePaths fails when the directory doesn't already exist
systemd.tmpfiles.rules = [ "d ${dirOf cfg.output} 0755 root root -" ];
systemd.tmpfiles.rules =
let dir = dirOf cfg.output; in
mkIf (dir != "/var/cache")
[ "d ${dir} 0755 root root -" ];
systemd.services.update-locatedb =
{ description = "Update Locate Database";

2
nixos/modules/module-list.nix
View File

@ -142,7 +142,6 @@
./programs/seahorse.nix
./programs/slock.nix
./programs/shadow.nix
./programs/shell.nix
./programs/spacefm.nix
./programs/singularity.nix
./programs/ssh.nix
@ -807,6 +806,7 @@
./services/web-apps/restya-board.nix
./services/web-apps/tt-rss.nix
./services/web-apps/selfoss.nix
./services/web-apps/shiori.nix
./services/web-apps/virtlyst.nix
./services/web-apps/wordpress.nix
./services/web-apps/youtrack.nix

21
nixos/modules/profiles/hardened.nix
View File

@ -52,6 +52,27 @@ with lib;
"ax25"
"netrom"
"rose"
# Old or rare or insufficiently audited filesystems
"adfs"
"affs"
"bfs"
"befs"
"cramfs"
"efs"
"erofs"
"exofs"
"freevxfs"
"f2fs"
"hfs"
"hpfs"
"jfs"
"minix"
"nilfs2"
"qnx4"
"qnx6"
"sysv"
"ufs"
];
# Restrict ptrace() usage to processes with a pre-defined relationship

54
nixos/modules/programs/shell.nix
View File

@ -1,54 +0,0 @@
# This module defines a standard configuration for NixOS shells.
{ config, lib, ... }:
with lib;
{
config = {
environment.shellInit =
''
# Set up the per-user profile.
mkdir -m 0755 -p "$NIX_USER_PROFILE_DIR"
if [ "$(stat -c '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)" ]; then
echo "WARNING: the per-user profile dir $NIX_USER_PROFILE_DIR should belong to user id $(id -u)" >&2
fi
if [ -w "$HOME" ]; then
if ! [ -L "$HOME/.nix-profile" ]; then
if [ "$USER" != root ]; then
ln -s "$NIX_USER_PROFILE_DIR/profile" "$HOME/.nix-profile"
else
# Root installs in the system-wide profile by default.
ln -s /nix/var/nix/profiles/default "$HOME/.nix-profile"
fi
fi
# Subscribe the root user to the NixOS channel by default.
if [ "$USER" = root -a ! -e "$HOME/.nix-channels" ]; then
echo "${config.system.defaultChannel} nixos" > "$HOME/.nix-channels"
fi
# Create the per-user garbage collector roots directory.
NIX_USER_GCROOTS_DIR="/nix/var/nix/gcroots/per-user/$USER"
mkdir -m 0755 -p "$NIX_USER_GCROOTS_DIR"
if [ "$(stat -c '%u' "$NIX_USER_GCROOTS_DIR")" != "$(id -u)" ]; then
echo "WARNING: the per-user gcroots dir $NIX_USER_GCROOTS_DIR should belong to user id $(id -u)" >&2
fi
# Set up a default Nix expression from which to install stuff.
if [ ! -e "$HOME/.nix-defexpr" -o -L "$HOME/.nix-defexpr" ]; then
rm -f "$HOME/.nix-defexpr"
mkdir -p "$HOME/.nix-defexpr"
if [ "$USER" != root ]; then
ln -s /nix/var/nix/profiles/per-user/root/channels "$HOME/.nix-defexpr/channels_root"
fi
fi
fi
'';
};
}

1
nixos/modules/rename.nix
View File

@ -233,7 +233,6 @@ with lib;
(mkRemovedOptionModule [ "services" "mysql" "rootPassword" ] "Use socket authentication or set the password outside of the nix store.")
(mkRemovedOptionModule [ "services" "zabbixServer" "dbPassword" ] "Use services.zabbixServer.database.passwordFile instead.")
(mkRemovedOptionModule [ "systemd" "generator-packages" ] "Use systemd.packages instead.")
(mkRemovedOptionModule [ "systemd" "coredump" "enable" ] "Enabled by default. Set boot.kernel.sysctl.\"kernel.core_pattern\" = \"core\"; to disable.")
# ZSH
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])

2
nixos/modules/services/mail/dovecot.nix
View File

@ -181,7 +181,7 @@ in
};
configFile = mkOption {
type = types.nullOr types.str;
type = types.nullOr types.path;
default = null;
description = "Config file used for the whole dovecot configuration.";
apply = v: if v != null then v else pkgs.writeText "dovecot.conf" dovecotConf;

179
nixos/modules/services/misc/gitlab.nix
View File

@ -7,6 +7,11 @@ let
ruby = cfg.packages.gitlab.ruby;
postgresqlPackage = if config.services.postgresql.enable then
config.services.postgresql.package
else
pkgs.postgresql;
gitlabSocket = "${cfg.statePath}/tmp/sockets/gitlab.socket";
gitalySocket = "${cfg.statePath}/tmp/sockets/gitaly.socket";
pathUrlQuote = url: replaceStrings ["/"] ["%2F"] url;
@ -22,6 +27,9 @@ let
} // cfg.extraDatabaseConfig;
};
# We only want to create a database if we're actually going to connect to it.
databaseActuallyCreateLocally = cfg.databaseCreateLocally && cfg.databaseHost == "";
gitalyToml = pkgs.writeText "gitaly.toml" ''
socket_path = "${lib.escape ["\""] gitalySocket}"
bin_dir = "${cfg.packages.gitaly}/bin"
@ -138,7 +146,7 @@ let
mkdir -p $out/bin
makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \
${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar postgresqlPackage pkgs.coreutils pkgs.procps ]}:$PATH' \
--set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \
--run 'cd ${cfg.packages.gitlab}/share/gitlab'
'';
@ -153,7 +161,7 @@ let
mkdir -p $out/bin
makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rails $out/bin/gitlab-rails \
${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar postgresqlPackage pkgs.coreutils pkgs.procps ]}:$PATH' \
--run 'cd ${cfg.packages.gitlab}/share/gitlab'
'';
};
@ -266,8 +274,8 @@ in {
description = ''
Whether a database should be automatically created on the
local host. Set this to <literal>false</literal> if you plan
on provisioning a local database yourself or use an external
one.
on provisioning a local database yourself. This has no effect
if <option>services.gitlab.databaseHost</option> is customized.
'';
};
@ -557,8 +565,8 @@ in {
assertions = [
{
assertion = cfg.databaseCreateLocally -> (cfg.user == cfg.databaseUsername);
message = "For local automatic database provisioning services.gitlab.user and services.gitlab.databaseUsername should be identical.";
assertion = databaseActuallyCreateLocally -> (cfg.user == cfg.databaseUsername);
message = ''For local automatic database provisioning (services.gitlab.databaseCreateLocally == true) with peer authentication (services.gitlab.databaseHost == "") to work services.gitlab.user and services.gitlab.databaseUsername must be identical.'';
}
{
assertion = (cfg.databaseHost != "") -> (cfg.databasePasswordFile != null);
@ -592,14 +600,14 @@ in {
services.redis.enable = mkDefault true;
# We use postgres as the main data store.
services.postgresql = optionalAttrs cfg.databaseCreateLocally {
services.postgresql = optionalAttrs databaseActuallyCreateLocally {
enable = true;
ensureUsers = singleton { name = cfg.databaseUsername; };
};
# The postgresql module doesn't currently support concepts like
# objects owners and extensions; for now we tack on what's needed
# here.
systemd.services.postgresql.postStart = mkAfter (optionalString cfg.databaseCreateLocally ''
systemd.services.postgresql.postStart = mkAfter (optionalString databaseActuallyCreateLocally ''
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then
@ -675,7 +683,7 @@ in {
wantedBy = [ "multi-user.target" ];
environment = gitlabEnv;
path = with pkgs; [
config.services.postgresql.package
postgresqlPackage
gitAndTools.git
ruby
openssh
@ -756,81 +764,13 @@ in {
wantedBy = [ "multi-user.target" ];
environment = gitlabEnv;
path = with pkgs; [
config.services.postgresql.package
postgresqlPackage
gitAndTools.git
openssh
nodejs
procps
gnupg
];
preStart = ''
cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
rm -rf ${cfg.statePath}/db/*
cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db
${cfg.packages.gitlab-shell}/bin/install
${optionalString cfg.smtp.enable ''
install -m u=rw ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb
${optionalString (cfg.smtp.passwordFile != null) ''
smtp_password=$(<'${cfg.smtp.passwordFile}')
${pkgs.replace}/bin/replace-literal -e '@smtpPassword@' "$smtp_password" '${cfg.statePath}/config/initializers/smtp_settings.rb'
''}
''}
(
umask u=rwx,g=,o=
${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/gitlab_shell_secret
${if cfg.databasePasswordFile != null then ''
export db_password="$(<'${cfg.databasePasswordFile}')"
if [[ -z "$db_password" ]]; then
>&2 echo "Database password was an empty string!"
exit 1
fi
${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \
'.production.password = $ENV.db_password' \
>'${cfg.statePath}/config/database.yml'
''
else ''
${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \
>'${cfg.statePath}/config/database.yml'
''
}
${utils.genJqSecretsReplacementSnippet
gitlabConfig
"${cfg.statePath}/config/gitlab.yml"
}
if [[ -h '${cfg.statePath}/config/secrets.yml' ]]; then
rm '${cfg.statePath}/config/secrets.yml'
fi
export secret="$(<'${cfg.secrets.secretFile}')"
export db="$(<'${cfg.secrets.dbFile}')"
export otp="$(<'${cfg.secrets.otpFile}')"
export jws="$(<'${cfg.secrets.jwsFile}')"
${pkgs.jq}/bin/jq -n '{production: {secret_key_base: $ENV.secret,
otp_key_base: $ENV.otp,
db_key_base: $ENV.db,
openid_connect_signing_key: $ENV.jws}}' \
> '${cfg.statePath}/config/secrets.yml'
)
initial_root_password="$(<'${cfg.initialRootPasswordFile}')"
${gitlab-rake}/bin/gitlab-rake gitlab:db:configure GITLAB_ROOT_PASSWORD="$initial_root_password" \
GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}'
# We remove potentially broken links to old gitlab-shell versions
rm -Rf ${cfg.statePath}/repositories/**/*.git/hooks
${pkgs.git}/bin/git config --global core.autocrlf "input"
'';
serviceConfig = {
Type = "simple";
@ -839,6 +779,89 @@ in {
TimeoutSec = "infinity";
Restart = "on-failure";
WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
ExecStartPre = let
preStartFullPrivileges = ''
shopt -s dotglob nullglob
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/*
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/*
'';
preStart = ''
cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
rm -rf ${cfg.statePath}/db/*
rm -rf ${cfg.statePath}/config/initializers/*
cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db
${cfg.packages.gitlab-shell}/bin/install
${optionalString cfg.smtp.enable ''
install -m u=rw ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb
${optionalString (cfg.smtp.passwordFile != null) ''
smtp_password=$(<'${cfg.smtp.passwordFile}')
${pkgs.replace}/bin/replace-literal -e '@smtpPassword@' "$smtp_password" '${cfg.statePath}/config/initializers/smtp_settings.rb'
''}
''}
(
umask u=rwx,g=,o=
${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/gitlab_shell_secret
if [[ -h '${cfg.statePath}/config/database.yml' ]]; then
rm '${cfg.statePath}/config/database.yml'
fi
${if cfg.databasePasswordFile != null then ''
export db_password="$(<'${cfg.databasePasswordFile}')"
if [[ -z "$db_password" ]]; then
>&2 echo "Database password was an empty string!"
exit 1
fi
${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \
'.production.password = $ENV.db_password' \
>'${cfg.statePath}/config/database.yml'
''
else ''
${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \
>'${cfg.statePath}/config/database.yml'
''
}
${utils.genJqSecretsReplacementSnippet
gitlabConfig
"${cfg.statePath}/config/gitlab.yml"
}
if [[ -h '${cfg.statePath}/config/secrets.yml' ]]; then
rm '${cfg.statePath}/config/secrets.yml'
fi
export secret="$(<'${cfg.secrets.secretFile}')"
export db="$(<'${cfg.secrets.dbFile}')"
export otp="$(<'${cfg.secrets.otpFile}')"
export jws="$(<'${cfg.secrets.jwsFile}')"
${pkgs.jq}/bin/jq -n '{production: {secret_key_base: $ENV.secret,
otp_key_base: $ENV.otp,
db_key_base: $ENV.db,
openid_connect_signing_key: $ENV.jws}}' \
> '${cfg.statePath}/config/secrets.yml'
)
initial_root_password="$(<'${cfg.initialRootPasswordFile}')"
${gitlab-rake}/bin/gitlab-rake gitlab:db:configure GITLAB_ROOT_PASSWORD="$initial_root_password" \
GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}' > /dev/null
# We remove potentially broken links to old gitlab-shell versions
rm -Rf ${cfg.statePath}/repositories/**/*.git/hooks
${pkgs.git}/bin/git config --global core.autocrlf "input"
'';
in [
"+${pkgs.writeShellScript "gitlab-pre-start-full-privileges" preStartFullPrivileges}"
"${pkgs.writeShellScript "gitlab-pre-start" preStart}"
];
ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/unicorn -c ${cfg.statePath}/config/unicorn.rb -E production";
};

84
nixos/modules/services/misc/nix-daemon.nix
View File

@ -10,7 +10,6 @@ let
nixVersion = getVersion nix;
isNix20 = versionAtLeast nixVersion "2.0pre";
isNix23 = versionAtLeast nixVersion "2.3pre";
makeNixBuildUser = nr:
@ -28,39 +27,26 @@ let
nixbldUsers = map makeNixBuildUser (range 1 cfg.nrBuildUsers);
nixConf =
let
# In Nix < 2.0, If we're using sandbox for builds, then provide
# /bin/sh in the sandbox as a bind-mount to bash. This means we
# also need to include the entire closure of bash. Nix >= 2.0
# provides a /bin/sh by default.
sh = pkgs.runtimeShell;
binshDeps = pkgs.writeReferencesToFile sh;
in
pkgs.runCommand "nix.conf" { preferLocalBuild = true; extraOptions = cfg.extraOptions; } (''
${optionalString (!isNix20) ''
extraPaths=$(for i in $(cat ${binshDeps}); do if test -d $i; then echo $i; fi; done)
''}
assert versionAtLeast nixVersion "2.2";
pkgs.runCommand "nix.conf" { preferLocalBuild = true; extraOptions = cfg.extraOptions; } (
''
cat > $out <<END
# WARNING: this file is generated from the nix.* options in
# your NixOS configuration, typically
# /etc/nixos/configuration.nix. Do not edit it!
build-users-group = nixbld
${if isNix20 then "max-jobs" else "build-max-jobs"} = ${toString (cfg.maxJobs)}
${if isNix20 then "cores" else "build-cores"} = ${toString (cfg.buildCores)}
${if isNix20 then "sandbox" else "build-use-sandbox"} = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox}
${if isNix20 then "extra-sandbox-paths" else "build-sandbox-paths"} = ${toString cfg.sandboxPaths} ${optionalString (!isNix20) "/bin/sh=${sh} $(echo $extraPaths)"}
${if isNix20 then "substituters" else "binary-caches"} = ${toString cfg.binaryCaches}
${if isNix20 then "trusted-substituters" else "trusted-binary-caches"} = ${toString cfg.trustedBinaryCaches}
${if isNix20 then "trusted-public-keys" else "binary-cache-public-keys"} = ${toString cfg.binaryCachePublicKeys}
max-jobs = ${toString (cfg.maxJobs)}
cores = ${toString (cfg.buildCores)}
sandbox = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox}
extra-sandbox-paths = ${toString cfg.sandboxPaths}
substituters = ${toString cfg.binaryCaches}
trusted-substituters = ${toString cfg.trustedBinaryCaches}
trusted-public-keys = ${toString cfg.binaryCachePublicKeys}
auto-optimise-store = ${boolToString cfg.autoOptimiseStore}
${if isNix20 then ''
require-sigs = ${if cfg.requireSignedBinaryCaches then "true" else "false"}
'' else ''
signed-binary-caches = ${if cfg.requireSignedBinaryCaches then "*" else ""}
''}
require-sigs = ${if cfg.requireSignedBinaryCaches then "true" else "false"}
trusted-users = ${toString cfg.trustedUsers}
allowed-users = ${toString cfg.allowedUsers}
${optionalString (isNix20 && !cfg.distributedBuilds) ''
${optionalString (!cfg.distributedBuilds) ''
builders =
''}
system-features = ${toString cfg.systemFeatures}
@ -422,8 +408,7 @@ in
systemd.services.nix-daemon =
{ path = [ nix pkgs.utillinux config.programs.ssh.package ]
++ optionals cfg.distributedBuilds [ pkgs.gzip ]
++ optionals (!isNix20) [ pkgs.openssl.bin ];
++ optionals cfg.distributedBuilds [ pkgs.gzip ];
environment = cfg.envVars
// { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt"; }
@ -440,34 +425,13 @@ in
restartTriggers = [ nixConf ];
};
nix.envVars =
optionalAttrs (!isNix20) {
NIX_CONF_DIR = "/etc/nix";
# Enable the copy-from-other-stores substituter, which allows
# builds to be sped up by copying build results from remote
# Nix stores. To do this, mount the remote file system on a
# subdirectory of /run/nix/remote-stores.
NIX_OTHER_STORES = "/run/nix/remote-stores/*/nix";
}
// optionalAttrs (cfg.distributedBuilds && !isNix20) {
NIX_BUILD_HOOK = "${nix}/libexec/nix/build-remote.pl";
};
# Set up the environment variables for running Nix.
environment.sessionVariables = cfg.envVars //
{ NIX_PATH = cfg.nixPath;
};
environment.extraInit = optionalString (!isNix20)
environment.extraInit =
''
# Set up secure multi-user builds: non-root users build through the
# Nix daemon.
if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then
export NIX_REMOTE=daemon
fi
'' + ''
if [ -e "$HOME/.nix-defexpr/channels" ]; then
export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}"
fi
@ -479,21 +443,15 @@ in
services.xserver.displayManager.hiddenUsers = map ({ name, ... }: name) nixbldUsers;
# FIXME: use systemd-tmpfiles to create Nix directories.
system.activationScripts.nix = stringAfter [ "etc" "users" ]
''
# Nix initialisation.
install -m 0755 -d \
/nix/var/nix/gcroots \
/nix/var/nix/temproots \
/nix/var/nix/userpool \
/nix/var/nix/profiles \
/nix/var/nix/db \
/nix/var/log/nix/drvs
install -m 1777 -d \
/nix/var/nix/gcroots/per-user \
/nix/var/nix/profiles/per-user \
/nix/var/nix/gcroots/tmp
# Create directories in /nix.
${nix}/bin/nix ping-store --no-net
# Subscribe the root user to the NixOS channel by default.
if [ ! -e "/root/.nix-channels" ]; then
echo "${config.system.defaultChannel} nixos" > "/root/.nix-channels"
fi
'';
nix.systemFeatures = mkDefault (

1
nixos/modules/services/monitoring/prometheus/exporters.nix
View File

@ -30,6 +30,7 @@ let
"json"
"mail"
"minio"
"nextcloud"
"nginx"
"node"
"postfix"

58
nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix Normal file
View File

@ -0,0 +1,58 @@
{ config, lib, pkgs, options }:
with lib;
let
cfg = config.services.prometheus.exporters.nextcloud;
in
{
port = 9205;
extraOpts = {
url = mkOption {
type = types.str;
example = "https://domain.tld";
description = ''
URL to the Nextcloud serverinfo page.
Adding the path to the serverinfo API is optional, it defaults
to <literal>/ocs/v2.php/apps/serverinfo/api/v1/info</literal>.
'';
};
username = mkOption {
type = types.str;
default = "nextcloud-exporter";
description = ''
Username for connecting to Nextcloud.
Note that this account needs to have admin privileges in Nextcloud.
'';
};
passwordFile = mkOption {
type = types.path;
example = "/path/to/password-file";
description = ''
File containing the password for connecting to Nextcloud.
Make sure that this file is readable by the exporter user.
'';
};
timeout = mkOption {
type = types.str;
default = "5s";
description = ''
Timeout for getting server info document.
'';
};
};
serviceOpts = {
serviceConfig = {
DynamicUser = false;
ExecStart = ''
${pkgs.prometheus-nextcloud-exporter}/bin/nextcloud-exporter \
-a ${cfg.listenAddress}:${toString cfg.port} \
-u ${cfg.username} \
-t ${cfg.timeout} \
-l ${cfg.url} \
-p @${cfg.passwordFile} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}

14
nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
View File

@ -6,6 +6,10 @@ let
cfg = config.services.prometheus.exporters.wireguard;
in {
port = 9586;
imports = [
(mkRenamedOptionModule [ "addr" ] [ "listenAddress" ])
({ options.warnings = options.warnings; options.assertions = options.assertions; })
];
extraOpts = {
verbose = mkEnableOption "Verbose logging mode for prometheus-wireguard-exporter";
@ -42,14 +46,6 @@ in {
Whether or not the remote IP of a WireGuard peer should be exposed via prometheus.
'';
};
addr = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
IP address of the exporter.
'';
};
};
serviceOpts = {
path = [ pkgs.wireguard-tools ];
@ -59,7 +55,7 @@ in {
ExecStart = ''
${pkgs.prometheus-wireguard-exporter}/bin/prometheus_wireguard_exporter \
-p ${toString cfg.port} \
-l ${cfg.addr} \
-l ${cfg.listenAddress} \
${optionalString cfg.verbose "-v"} \
${optionalString cfg.singleSubnetPerField "-s"} \
${optionalString cfg.withRemoteIp "-r"} \

1
nixos/modules/services/network-filesystems/samba.nix
View File

@ -45,6 +45,7 @@ let
daemonService = appName: args:
{ description = "Samba Service Daemon ${appName}";
after = [ "network.target" ];
requiredBy = [ "samba.target" ];
partOf = [ "samba.target" ];

15
nixos/modules/services/networking/firewall.nix
View File

@ -331,6 +331,17 @@ in
'';
};
package = mkOption {
type = types.package;
default = pkgs.iptables;
defaultText = "pkgs.iptables";
example = literalExample "pkgs.iptables-nftables-compat";
description =
''
The iptables package to use for running the firewall service."
'';
};
logRefusedConnections = mkOption {
type = types.bool;
default = true;
@ -536,7 +547,7 @@ in
networking.firewall.trustedInterfaces = [ "lo" ];
environment.systemPackages = [ pkgs.iptables ] ++ cfg.extraPackages;
environment.systemPackages = [ cfg.package ] ++ cfg.extraPackages;
boot.kernelModules = (optional cfg.autoLoadConntrackHelpers "nf_conntrack")
++ map (x: "nf_conntrack_${x}") cfg.connectionTrackingModules;
@ -555,7 +566,7 @@ in
before = [ "network-pre.target" ];
after = [ "systemd-modules-load.service" ];
path = [ pkgs.iptables ] ++ cfg.extraPackages;
path = [ cfg.package ] ++ cfg.extraPackages;
# FIXME: this module may also try to load kernel modules, but
# containers don't have CAP_SYS_MODULE. So the host system had

33
nixos/modules/services/networking/mxisd.nix
View File

@ -3,6 +3,15 @@
with lib;
let
isMa1sd =
package:
lib.hasPrefix "ma1sd" package.name;
isMxisd =
package:
lib.hasPrefix "mxisd" package.name;
cfg = config.services.mxisd;
server = optionalAttrs (cfg.server.name != null) { inherit (cfg.server) name; }
@ -12,37 +21,41 @@ let
matrix.domain = cfg.matrix.domain;
key.path = "${cfg.dataDir}/signing.key";
storage = {
provider.sqlite.database = "${cfg.dataDir}/mxisd.db";
provider.sqlite.database = if isMa1sd cfg.package
then "${cfg.dataDir}/ma1sd.db"
else "${cfg.dataDir}/mxisd.db";
};
} // optionalAttrs (server != {}) { inherit server; };
# merges baseConfig and extraConfig into a single file
fullConfig = recursiveUpdate baseConfig cfg.extraConfig;
configFile = pkgs.writeText "mxisd-config.yaml" (builtins.toJSON fullConfig);
configFile = if isMa1sd cfg.package
then pkgs.writeText "ma1sd-config.yaml" (builtins.toJSON fullConfig)
else pkgs.writeText "mxisd-config.yaml" (builtins.toJSON fullConfig);
in {
options = {
services.mxisd = {
enable = mkEnableOption "mxisd matrix federated identity server";
enable = mkEnableOption "matrix federated identity server";
package = mkOption {
type = types.package;
default = pkgs.mxisd;
defaultText = "pkgs.mxisd";
description = "The mxisd package to use";
description = "The mxisd/ma1sd package to use";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/mxisd";
description = "Where data mxisd uses resides";
description = "Where data mxisd/ma1sd uses resides";
};
extraConfig = mkOption {
type = types.attrs;
default = {};
description = "Extra options merged into the mxisd configuration";
description = "Extra options merged into the mxisd/ma1sd configuration";
};
matrix = {
@ -62,7 +75,7 @@ in {
type = types.nullOr types.str;
default = null;
description = ''
Public hostname of mxisd, if different from the Matrix domain.
Public hostname of mxisd/ma1sd, if different from the Matrix domain.
'';
};
@ -103,11 +116,13 @@ in {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
serviceConfig = let
executable = if isMa1sd cfg.package then "ma1sd" else "mxisd";
in {
Type = "simple";
User = "mxisd";
Group = "mxisd";
ExecStart = "${cfg.package}/bin/mxisd -c ${configFile}";
ExecStart = "${cfg.package}/bin/${executable} -c ${configFile}";
WorkingDirectory = cfg.dataDir;
Restart = "on-failure";
};

2
nixos/modules/services/networking/networkmanager.nix
View File

@ -202,7 +202,7 @@ in {
dhcp = mkOption {
type = types.enum [ "dhclient" "dhcpcd" "internal" ];
default = "dhclient";
default = "internal";
description = ''
Which program (or internal library) should be used for DHCP.
'';

50
nixos/modules/services/web-apps/shiori.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.shiori;
in {
options = {
services.shiori = {
enable = mkEnableOption "Shiori simple bookmarks manager";
package = mkOption {
type = types.package;
default = pkgs.shiori;
defaultText = "pkgs.shiori";
description = "The Shiori package to use.";
};
address = mkOption {
type = types.str;
default = "";
description = ''
The IP address on which Shiori will listen.
If empty, listens on all interfaces.
'';
};
port = mkOption {
type = types.port;
default = 8080;
description = "The port of the Shiori web application";
};
};
};
config = mkIf cfg.enable {
systemd.services.shiori = with cfg; {
description = "Shiori simple bookmarks manager";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${package}/bin/shiori serve --address '${address}' --port '${toString port}'";
DynamicUser = true;
Environment = "SHIORI_DIR=/var/lib/shiori";
StateDirectory = "shiori";
};
};
};
meta.maintainers = with maintainers; [ minijackson ];
}

30
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -61,7 +61,10 @@ let
${optionalString (cfg.httpConfig == "" && cfg.config == "") ''
http {
include ${cfg.package}/conf/mime.types;
# The mime type definitions included with nginx are very incomplete, so
# we use a list of mime types from the mailcap package, which is also
# used by most other Linux distributions by default.
include ${pkgs.mailcap}/etc/nginx/mime.types;
include ${cfg.package}/conf/fastcgi.conf;
include ${cfg.package}/conf/uwsgi_params;
@ -119,6 +122,14 @@ let
include ${recommendedProxyConfig};
''}
${optionalString (cfg.mapHashBucketSize != null) ''
map_hash_bucket_size ${toString cfg.mapHashBucketSize};
''}
${optionalString (cfg.mapHashMaxSize != null) ''
map_hash_max_size ${toString cfg.mapHashMaxSize};
''}
# $connection_upgrade is used for websocket proxying
map $http_upgrade $connection_upgrade {
default upgrade;
@ -507,6 +518,23 @@ in
'';
};
mapHashBucketSize = mkOption {
type = types.nullOr (types.enum [ 32 64 128 ]);
default = null;
description = ''
Sets the bucket size for the map variables hash tables. Default
value depends on the processors cache line size.
'';
};
mapHashMaxSize = mkOption {
type = types.nullOr types.ints.positive;
default = null;
description = ''
Sets the maximum size of the map variables hash tables.
'';
};
resolver = mkOption {
type = types.submodule {
options = {

3
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -183,7 +183,8 @@ in
++ lib.optional config.hardware.pulseaudio.enable plasma-pa
++ lib.optional config.powerManagement.enable powerdevil
++ lib.optional config.services.colord.enable colord-kde
++ lib.optionals config.services.samba.enable [ kdenetwork-filesharing pkgs.samba ];
++ lib.optionals config.services.samba.enable [ kdenetwork-filesharing pkgs.samba ]
++ lib.optional config.services.xserver.wacom.enable wacomtablet;
environment.pathsToLink = [
# FIXME: modules should link subdirs of `/share` rather than relying on this

4
nixos/modules/services/x11/display-managers/gdm.nix
View File

@ -165,12 +165,12 @@ in
"rc-local.service"
"systemd-machined.service"
"systemd-user-sessions.service"
"getty@tty1.service"
"getty@tty${gdm.initialVT}.service"
"plymouth-quit.service"
"plymouth-start.service"
];
systemd.services.display-manager.conflicts = [
"getty@tty1.service"
"getty@tty${gdm.initialVT}.service"
"plymouth-quit.service"
];
systemd.services.display-manager.onFailure = [

37
nixos/modules/services/x11/display-managers/lightdm.nix
View File

@ -220,6 +220,43 @@ in
exec ${lightdm}/sbin/lightdm
'';
# Replaces getty
systemd.services.display-manager.conflicts = [
"getty@tty7.service"
# TODO: Add "plymouth-quit.service" so LightDM can control when plymouth
# quits. Currently this breaks switching to configurations with plymouth.
];
# Pull in dependencies of services we replace.
systemd.services.display-manager.after = [
"rc-local.service"
"systemd-machined.service"
"systemd-user-sessions.service"
"getty@tty7.service"
"user.slice"
];
# user.slice needs to be present
systemd.services.display-manager.requires = [
"user.slice"
];
# lightdm stops plymouth so when it fails make sure plymouth stops.
systemd.services.display-manager.onFailure = [
"plymouth-quit.service"
];
systemd.services.display-manager.serviceConfig = {
BusName = "org.freedesktop.DisplayManager";
IgnoreSIGPIPE = "no";
# This allows lightdm to pass the LUKS password through to PAM.
# login keyring is unlocked automatic when autologin is used.
KeyringMode = "shared";
KillMode = "mixed";
StandardError = "inherit";
StandardOutput = "syslog";
};
environment.etc."lightdm/lightdm.conf".source = lightdmConf;
environment.etc."lightdm/users.conf".source = usersConf;

23
nixos/modules/services/x11/window-managers/cwm.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.windowManager.cwm;
in
{
options = {
services.xserver.windowManager.cwm.enable = mkEnableOption "cwm";
};
config = mkIf cfg.enable {
services.xserver.windowManager.session = singleton
{ name = "cwm";
start =
''
cwm &
waitPID=$!
'';
};
environment.systemPackages = [ pkgs.cwm ];
};
}

1
nixos/modules/services/x11/window-managers/default.nix
View File

@ -11,6 +11,7 @@ in
./2bwm.nix
./afterstep.nix
./bspwm.nix
./cwm.nix
./dwm.nix
./evilwm.nix
./exwm.nix

7
nixos/modules/system/activation/activation-script.nix
View File

@ -184,14 +184,7 @@ in
find /var/empty -mindepth 1 -delete
chmod 0555 /var/empty
chown root:root /var/empty
${ # reasons for not setting immutable flag:
# 1. flag is not changeable inside a container
# 2. systemd-nspawn can not perform chown in case of --private-users-chown
# then the owner is nobody and ssh will not start
optionalString (!config.boot.isContainer) ''
${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
''}
'';
system.activationScripts.usrbinenv = if config.environment.usrbinenv != null

18
nixos/modules/system/boot/plymouth.nix
View File

@ -5,17 +5,20 @@ with lib;
let
inherit (pkgs) plymouth;
inherit (pkgs) nixos-icons;
cfg = config.boot.plymouth;
breezePlymouth = pkgs.breeze-plymouth.override {
nixosBranding = true;
nixosVersion = config.system.nixos.release;
nixosBreezePlymouth = pkgs.breeze-plymouth.override {
logoFile = cfg.logo;
logoName = "nixos";
osName = "NixOS";
osVersion = config.system.nixos.release;
};
themesEnv = pkgs.buildEnv {
name = "plymouth-themes";
paths = [ plymouth breezePlymouth ] ++ cfg.themePackages;
paths = [ plymouth ] ++ cfg.themePackages;
};
configFile = pkgs.writeText "plymouthd.conf" ''
@ -35,7 +38,7 @@ in
enable = mkEnableOption "Plymouth boot splash screen";
themePackages = mkOption {
default = [];
default = [ nixosBreezePlymouth ];
type = types.listOf types.package;
description = ''
Extra theme packages for plymouth.
@ -52,10 +55,7 @@ in
logo = mkOption {
type = types.path;
default = pkgs.fetchurl {
url = "https://nixos.org/logo/nixos-hires.png";
sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
};
default = "${nixos-icons}/share/icons/hicolor/128x128/apps/nix-snowflake.png";
defaultText = ''pkgs.fetchurl {
url = "https://nixos.org/logo/nixos-hires.png";
sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";

2
nixos/modules/system/boot/stage-2-init.sh
View File

@ -142,7 +142,7 @@ fi
# Record the boot configuration.
ln -sfn "$systemConfig" /run/booted-system
# Prevent the booted system form being garbage-collected If it weren't
# Prevent the booted system from being garbage-collected. If it weren't
# a gcroot, if we were running a different kernel, switched system,
# and garbage collected all, we could not load kernel modules anymore.
ln -sfn /run/booted-system /nix/var/nix/gcroots/booted-system

22
nixos/modules/system/boot/systemd-nspawn.nix
View File

@ -113,11 +113,21 @@ in {
config =
let
units = mapAttrs' (n: v: let nspawnFile = "${n}.nspawn"; in nameValuePair nspawnFile (instanceToUnit nspawnFile v)) cfg;
in mkIf (cfg != {}) {
environment.etc."systemd/nspawn".source = generateUnits "nspawn" units [] [];
systemd.targets.multi-user.wants = [ "machines.target" ];
};
in
mkMerge [
(mkIf (cfg != {}) {
environment.etc."systemd/nspawn".source = mkIf (cfg != {}) (generateUnits "nspawn" units [] []);
})
{
systemd.targets.multi-user.wants = [ "machines.target" ];
# Workaround for https://github.com/NixOS/nixpkgs/pull/67232#issuecomment-531315437 and https://github.com/systemd/systemd/issues/13622
# Once systemd fixes this upstream, we can re-enable -U
systemd.services."systemd-nspawn@".serviceConfig.ExecStart = [
"" # deliberately empty. signals systemd to override the ExecStart
# Only difference between upstream is that we do not pass the -U flag
"${pkgs.systemd}/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth --settings=override --machine=%i"
];
}
];
}

18
nixos/modules/system/boot/systemd.nix
View File

@ -546,6 +546,16 @@ in
'';
};
systemd.coredump.enable = mkOption {
default = true;
type = types.bool;
description = ''
Whether core dumps should be processed by
<command>systemd-coredump</command>. If disabled, core dumps
appear in the current directory of the crashing process.
'';
};
systemd.coredump.extraConfig = mkOption {
default = "";
type = types.lines;
@ -861,8 +871,8 @@ in
"tmpfiles.d/journal-nocow.conf".source = "${systemd}/example/tmpfiles.d/journal-nocow.conf";
"tmpfiles.d/static-nodes-permissions.conf".source = "${systemd}/example/tmpfiles.d/static-nodes-permissions.conf";
"tmpfiles.d/systemd.conf".source = "${systemd}/example/tmpfiles.d/systemd.conf";
"tmpfiles.d/systemd-nspawn.conf".source = "${systemd}/example/tmpfiles.d/system-nspawn.conf";
"tmpfiles.d/systemd-tmp.conf".source = "${systemd}/example/tmpfiles.d/system-tmp.conf";
"tmpfiles.d/systemd-nspawn.conf".source = "${systemd}/example/tmpfiles.d/systemd-nspawn.conf";
"tmpfiles.d/systemd-tmp.conf".source = "${systemd}/example/tmpfiles.d/systemd-tmp.conf";
"tmpfiles.d/var.conf".source = "${systemd}/example/tmpfiles.d/var.conf";
"tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf";
@ -983,6 +993,10 @@ in
# Don't bother with certain units in containers.
systemd.services.systemd-remount-fs.unitConfig.ConditionVirtualization = "!container";
systemd.services.systemd-random-seed.unitConfig.ConditionVirtualization = "!container";
boot.kernel.sysctl = mkIf (!cfg.coredump.enable) {
"kernel.core_pattern" = "core";
};
};
# FIXME: Remove these eventually.

2
nixos/modules/virtualisation/container-config.nix
View File

@ -11,7 +11,7 @@ with lib;
services.udisks2.enable = mkDefault false;
powerManagement.enable = mkDefault false;
networking.useHostResolvConf = mkDefault (!config.services.resolved.enable);
networking.useHostResolvConf = mkDefault true;
# Containers should be light-weight, so start sshd on demand.
services.openssh.startWhenNeeded = mkDefault true;

3
nixos/tests/all-tests.nix
View File

@ -25,6 +25,7 @@ in
atd = handleTest ./atd.nix {};
automysqlbackup = handleTest ./automysqlbackup.nix {};
avahi = handleTest ./avahi.nix {};
babeld = handleTest ./babeld.nix {};
bcachefs = handleTestOn ["x86_64-linux"] ./bcachefs.nix {}; # linux-4.18.2018.10.12 is unsupported on aarch64
beanstalkd = handleTest ./beanstalkd.nix {};
beegfs = handleTestOn ["x86_64-linux"] ./beegfs.nix {}; # beegfs is unsupported on aarch64
@ -35,6 +36,7 @@ in
boot-stage1 = handleTest ./boot-stage1.nix {};
borgbackup = handleTest ./borgbackup.nix {};
buildbot = handleTest ./buildbot.nix {};
caddy = handleTest ./caddy.nix {};
cadvisor = handleTestOn ["x86_64-linux"] ./cadvisor.nix {};
cassandra = handleTest ./cassandra.nix {};
ceph = handleTestOn ["x86_64-linux"] ./ceph.nix {};
@ -262,7 +264,6 @@ in
syncthing-relay = handleTest ./syncthing-relay.nix {};
systemd = handleTest ./systemd.nix {};
systemd-confinement = handleTest ./systemd-confinement.nix {};
systemd-machinectl = handleTest ./systemd-machinectl.nix {};
systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
systemd-networkd-wireguard = handleTest ./systemd-networkd-wireguard.nix {};
pdns-recursor = handleTest ./pdns-recursor.nix {};

148
nixos/tests/babeld.nix Normal file
View File

@ -0,0 +1,148 @@
import ./make-test.nix ({ pkgs, lib, ...} : {
name = "babeld";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ hexa ];
};
nodes =
{ client = { pkgs, lib, ... }:
{
virtualisation.vlans = [ 10 ];
networking = {
useDHCP = false;
interfaces."eth1" = {
ipv4.addresses = lib.mkForce [ { address = "192.168.10.2"; prefixLength = 24; } ];
ipv4.routes = lib.mkForce [ { address = "0.0.0.0"; prefixLength = 0; via = "192.168.10.1"; } ];
ipv6.addresses = lib.mkForce [ { address = "2001:db8:10::2"; prefixLength = 64; } ];
ipv6.routes = lib.mkForce [ { address = "::"; prefixLength = 0; via = "2001:db8:10::1"; } ];
};
};
};
localRouter = { pkgs, lib, ... }:
{
virtualisation.vlans = [ 10 20 ];
boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = 1;
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking = {
useDHCP = false;
firewall.enable = false;
interfaces."eth1" = {
ipv4.addresses = lib.mkForce [ { address = "192.168.10.1"; prefixLength = 24; } ];
ipv6.addresses = lib.mkForce [ { address = "2001:db8:10::1"; prefixLength = 64; } ];
};
interfaces."eth2" = {
ipv4.addresses = lib.mkForce [ { address = "192.168.20.1"; prefixLength = 24; } ];
ipv6.addresses = lib.mkForce [ { address = "2001:db8:20::1"; prefixLength = 64; } ];
};
};
services.babeld = {
enable = true;
interfaces.eth2 = {
hello-interval = 1;
type = "wired";
};
extraConfig = ''
local-port-readwrite 33123
import-table 254 # main
export-table 254 # main
in ip 192.168.10.0/24 deny
in ip 192.168.20.0/24 deny
in ip 2001:db8:10::/64 deny
in ip 2001:db8:20::/64 deny
in ip 192.168.30.0/24 allow
in ip 2001:db8:30::/64 allow
in deny
redistribute local proto 2
redistribute local deny
'';
};
};
remoteRouter = { pkgs, lib, ... }:
{
virtualisation.vlans = [ 20 30 ];
boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = 1;
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking = {
useDHCP = false;
firewall.enable = false;
interfaces."eth1" = {
ipv4.addresses = lib.mkForce [ { address = "192.168.20.2"; prefixLength = 24; } ];
ipv6.addresses = lib.mkForce [ { address = "2001:db8:20::2"; prefixLength = 64; } ];
};
interfaces."eth2" = {
ipv4.addresses = lib.mkForce [ { address = "192.168.30.1"; prefixLength = 24; } ];
ipv6.addresses = lib.mkForce [ { address = "2001:db8:30::1"; prefixLength = 64; } ];
};
};
services.babeld = {
enable = true;
interfaces.eth1 = {
hello-interval = 1;
type = "wired";
};
extraConfig = ''
local-port-readwrite 33123
import-table 254 # main
export-table 254 # main
in ip 192.168.20.0/24 deny
in ip 192.168.30.0/24 deny
in ip 2001:db8:20::/64 deny
in ip 2001:db8:30::/64 deny
in ip 192.168.10.0/24 allow
in ip 2001:db8:10::/64 allow
in deny
redistribute local proto 2
redistribute local deny
'';
};
};
};
testScript =
''
startAll;
$client->waitForUnit("network-online.target");
$localRouter->waitForUnit("network-online.target");
$remoteRouter->waitForUnit("network-online.target");
$localRouter->waitForUnit("babeld.service");
$remoteRouter->waitForUnit("babeld.service");
$localRouter->waitUntilSucceeds("ip route get 192.168.30.1");
$localRouter->waitUntilSucceeds("ip route get 2001:db8:30::1");
$remoteRouter->waitUntilSucceeds("ip route get 192.168.10.1");
$remoteRouter->waitUntilSucceeds("ip route get 2001:db8:10::1");
$client->succeed("ping -c1 192.168.30.1");
$client->succeed("ping -c1 2001:db8:30::1");
$remoteRouter->succeed("ping -c1 192.168.10.2");
$remoteRouter->succeed("ping -c1 2001:db8:10::2");
'';
})

82
nixos/tests/caddy.nix Normal file
View File

@ -0,0 +1,82 @@
import ./make-test.nix ({ pkgs, ... }: {
name = "caddy";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ xfix ];
};
nodes = {
webserver = { pkgs, lib, ... }: {
services.caddy.enable = true;
services.caddy.config = ''
http://localhost {
gzip
root ${
pkgs.runCommand "testdir" {} ''
mkdir "$out"
echo hello world > "$out/example.html"
''
}
}
'';
nesting.clone = [
{
services.caddy.config = lib.mkForce ''
http://localhost {
gzip
root ${
pkgs.runCommand "testdir2" {} ''
mkdir "$out"
echo changed > "$out/example.html"
''
}
}
'';
}
{
services.caddy.config = ''
http://localhost:8080 {
}
'';
}
];
};
};
testScript = { nodes, ... }: let
etagSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-1";
justReloadSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-2";
in ''
my $url = 'http://localhost/example.html';
$webserver->waitForUnit("caddy");
$webserver->waitForOpenPort("80");
sub checkEtag {
my $etag = $webserver->succeed(
'curl -v '.$url.' 2>&1 | sed -n -e "s/^< [Ee][Tt][Aa][Gg]: *//p"'
);
$etag =~ s/\r?\n$//;
my $httpCode = $webserver->succeed(
'curl -w "%{http_code}" -X HEAD -H \'If-None-Match: '.$etag.'\' '.$url
);
die "HTTP code is not 304" unless $httpCode == 304;
return $etag;
}
subtest "check ETag if serving Nix store paths", sub {
my $oldEtag = checkEtag;
$webserver->succeed("${etagSystem}/bin/switch-to-configuration test >&2");
$webserver->sleep(1); # race condition
my $newEtag = checkEtag;
die "Old ETag $oldEtag is the same as $newEtag" if $oldEtag eq $newEtag;
};
subtest "config is reloaded on nixos-rebuild switch", sub {
$webserver->succeed("${justReloadSystem}/bin/switch-to-configuration test >&2");
$webserver->waitForOpenPort("8080");
};
'';
})

1
nixos/tests/ferm.nix
View File

@ -23,6 +23,7 @@ import ./make-test.nix ({ pkgs, ...} : {
networking = {
dhcpcd.enable = false;
useNetworkd = true;
useDHCP = false;
interfaces.eth1.ipv6.addresses = mkOverride 0 [ { address = "fd00::1"; prefixLength = 64; } ];
interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ];
};

12
nixos/tests/mxisd.nix
View File

@ -10,12 +10,22 @@ import ./make-test.nix ({ pkgs, ... } : {
services.mxisd.enable = true;
services.mxisd.matrix.domain = "example.org";
};
server_ma1sd = args : {
services.mxisd.enable = true;
services.mxisd.matrix.domain = "example.org";
services.mxisd.package = pkgs.ma1sd;
};
};
testScript = ''
startAll;
$server_mxisd->waitForUnit("mxisd.service");
$server_mxisd->waitForOpenPort(8090);
$server_mxisd->succeed("curl -Ssf \"http://127.0.0.1:8090/_matrix/identity/api/v1\"")
$server_mxisd->succeed("curl -Ssf \"http://127.0.0.1:8090/_matrix/identity/api/v1\"");
$server_ma1sd->waitForUnit("mxisd.service");
$server_ma1sd->waitForOpenPort(8090);
$server_ma1sd->succeed("curl -Ssf \"http://127.0.0.1:8090/_matrix/identity/api/v1\"")
'';
})

1
nixos/tests/networking.nix
View File

@ -450,6 +450,7 @@ let
name = "Virtual";
machine = {
networking.useNetworkd = networkd;
networking.useDHCP = false;
networking.interfaces.tap0 = {
ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ];
ipv6.addresses = [ { address = "2001:1470:fffd:2096::"; prefixLength = 64; } ];

34
nixos/tests/prometheus-exporters.nix
View File

@ -229,6 +229,40 @@ let
'';
};
nextcloud = {
exporterConfig = {
enable = true;
passwordFile = "/var/nextcloud-pwfile";
url = "http://localhost/negative-space.xml";
};
metricProvider = {
systemd.services.nc-pwfile = let
passfile = (pkgs.writeText "pwfile" "snakeoilpw");
in {
requiredBy = [ "prometheus-nextcloud-exporter.service" ];
before = [ "prometheus-nextcloud-exporter.service" ];
serviceConfig.ExecStart = ''
${pkgs.coreutils}/bin/install -o nextcloud-exporter -m 0400 ${passfile} /var/nextcloud-pwfile
'';
};
services.nginx = {
enable = true;
virtualHosts."localhost" = {
basicAuth.nextcloud-exporter = "snakeoilpw";
locations."/" = {
root = "${pkgs.prometheus-nextcloud-exporter.src}/serverinfo/testdata";
};
};
};
};
exporterTest = ''
waitForUnit("nginx.service")
waitForUnit("prometheus-nextcloud-exporter.service")
waitForOpenPort(9205)
succeed("curl -sSf http://localhost:9205/metrics | grep -q 'nextcloud_up 1'")
'';
};
nginx = {
exporterConfig = {
enable = true;

17
nixos/tests/shiori.nix Normal file
View File

@ -0,0 +1,17 @@
import ./make-test.nix ({ lib, ...}:
{
name = "shiori";
meta.maintainers = with lib.maintainers; [ minijackson ];
machine =
{ ... }:
{ services.shiori.enable = true; };
testScript = ''
$machine->waitForUnit('shiori.service');
$machine->waitForOpenPort('8080');
$machine->succeed("curl --fail http://localhost:8080/");
$machine->succeed("curl --fail --location http://localhost:8080/ | grep -qi shiori");
'';
})

52
nixos/tests/systemd-machinectl.nix
View File

@ -1,52 +0,0 @@
import ./make-test.nix (let
container = { ... }: {
boot.isContainer = true;
# use networkd to obtain systemd network setup
networking.useNetworkd = true;
# systemd-nspawn expects /sbin/init
boot.loader.initScript.enable = true;
imports = [ ../modules/profiles/minimal.nix ];
};
containerSystem = (import ../lib/eval-config.nix {
modules = [ container ];
}).config.system.build.toplevel;
containerName = "container";
containerRoot = "/var/lib/machines/${containerName}";
in {
name = "systemd-machinectl";
machine = { lib, ... }: {
# use networkd to obtain systemd network setup
networking.useNetworkd = true;
# open DHCP server on interface to container
networking.firewall.trustedInterfaces = [ "ve-+" ];
# do not try to access cache.nixos.org
nix.binaryCaches = lib.mkForce [];
virtualisation.pathsInNixDB = [ containerSystem ];
};
testScript = ''
startAll;
$machine->waitForUnit("default.target");
$machine->succeed("mkdir -p ${containerRoot}");
$machine->succeed("nixos-install --root ${containerRoot} --system ${containerSystem} --no-channel-copy --no-root-passwd --no-bootloader");
$machine->succeed("machinectl start ${containerName}");
$machine->waitUntilSucceeds("systemctl -M ${containerName} is-active default.target");
$machine->succeed("ping -n -c 1 ${containerName}");
$machine->succeed("test `stat ${containerRoot}/var/empty -c %u%g` != 00");
$machine->succeed("machinectl stop ${containerName}");
'';
})

4
pkgs/applications/audio/flacon/default.nix
View File

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
pname = "flacon";
version = "5.4.0";
version = "5.5.1";
src = fetchFromGitHub {
owner = "flacon";
repo = "flacon";
rev = "v${version}";
sha256 = "1j8gzk92kn10yb7rmvrnyq0ipda2swnkmsavqsk5ws0z600p3k93";
sha256 = "05pvg5xhc2azwzld08m81r4b2krqdbcbm5lmdvg2zkk67xq9pqyd";
};
nativeBuildInputs = [ cmake pkgconfig makeWrapper ];

4
pkgs/applications/audio/fluidsynth/default.nix
View File

@ -11,8 +11,8 @@ let
sha256 = "0n75jq3xgq46hfmjkaaxz3gic77shs4fzajq40c8gk043i84xbdh";
};
"2" = {
fluidsynthVersion = "2.0.5";
sha256 = "0rv0apxbj0cgm8f8sqf5xr6kdi4q58ph92ip6cg716ha0ca5lr8y";
fluidsynthVersion = "2.0.6";
sha256 = "0nas9pp9r8rnziznxm65x2yzf1ryg98zr3946g0br3s38sjf8l3a";
};
};
in

2
pkgs/applications/audio/lollypop/default.nix
View File

@ -11,7 +11,6 @@
, appstream-glib
, desktop-file-utils
, totem-pl-parser
, hicolor-icon-theme
, gobject-introspection
, wrapGAppsHook
, lastFMSupport ? true
@ -51,7 +50,6 @@ python3.pkgs.buildPythonApplication rec {
gst-plugins-ugly
gstreamer
gtk3
hicolor-icon-theme
libsoup
totem-pl-parser
] ++ lib.optional lastFMSupport libsecret;

4
pkgs/applications/audio/padthv1/default.nix
View File

@ -2,11 +2,11 @@
mkDerivation rec {
pname = "padthv1";
version = "0.9.9";
version = "0.9.10";
src = fetchurl {
url = "mirror://sourceforge/padthv1/${pname}-${version}.tar.gz";
sha256 = "0axansxwa3vfc1n6a7jbaqyz6wmsffi37i4ggsl08gmqywz255xb";
sha256 = "07gpq31a9iwk79yzndqzmw7snap7s4ifnsc4mfwkdga2zx13z0rx";
};
buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools fftw ];

2
pkgs/applications/audio/pulseeffects/default.nix
View File

@ -32,7 +32,6 @@
, rubberband
, mda_lv2
, lsp-plugins
, hicolor-icon-theme
}:
let
@ -86,7 +85,6 @@ in stdenv.mkDerivation rec {
dbus
fftwFloat
zita-convolver
hicolor-icon-theme
];
postPatch = ''

8
pkgs/applications/audio/qsynth/default.nix
View File

@ -1,6 +1,8 @@
{ stdenv, fetchurl, alsaLib, fluidsynth, libjack2, qt5, autoconf, pkgconfig }:
{ stdenv, fetchurl, alsaLib, fluidsynth, libjack2, autoconf, pkgconfig
, mkDerivation, qtbase, qttools, qtx11extras
}:
stdenv.mkDerivation rec {
mkDerivation rec {
pname = "qsynth";
version = "0.5.7";
@ -11,7 +13,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ autoconf pkgconfig ];
buildInputs = [ alsaLib fluidsynth libjack2 qt5.qtbase qt5.qttools qt5.qtx11extras ];
buildInputs = [ alsaLib fluidsynth libjack2 qtbase qttools qtx11extras ];
enableParallelBuilding = true;

1
pkgs/applications/audio/quodlibet/default.nix
View File

@ -65,5 +65,6 @@ python3.pkgs.buildPythonApplication rec {
maintainers = with maintainers; [ coroa sauyon ];
homepage = https://quodlibet.readthedocs.io/en/latest/;
broken = true;
};
}

4
pkgs/applications/audio/reaper/default.nix
View File

@ -6,11 +6,11 @@
stdenv.mkDerivation rec {
pname = "reaper";
version = "5.981";
version = "5.983";
src = fetchurl {
url = "https://www.reaper.fm/files/${stdenv.lib.versions.major version}.x/reaper${builtins.replaceStrings ["."] [""] version}_linux_x86_64.tar.xz";
sha256 = "0v4347i0pgzlinas4431dfbv1h9fk6vihvahh73valxvhydyxr8q";
sha256 = "16xw3gsxgjfdxd1ldm8zxd48qh6lgxacnj9yjryy0brhw51dw1q4";
};
nativeBuildInputs = [ autoPatchelfHook makeWrapper ];

4
pkgs/applications/audio/samplv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "samplv1";
version = "0.9.9";
version = "0.9.10";
src = fetchurl {
url = "mirror://sourceforge/samplv1/${pname}-${version}.tar.gz";
sha256 = "1y61wb0bzm1cz7y8xxv6hp8mrkfb9zm9irg6zs4g6aanw539r6l8";
sha256 = "04p5jkighmc8rf7fzzy8ch6knqbxv03vhjzdfh9dva2mlzw9rvjj";
};
buildInputs = [ libjack2 alsaLib liblo libsndfile lv2 qt5.qtbase qt5.qttools];

14
pkgs/applications/audio/setbfree/default.nix
View File

@ -1,17 +1,17 @@
{ stdenv, fetchurl, alsaLib, freetype, ftgl, libjack2, libX11, lv2
{ stdenv, fetchzip, alsaLib, freetype, ftgl, libjack2, libX11, lv2
, libGLU_combined, pkgconfig, ttf_bitstream_vera
}:
stdenv.mkDerivation rec {
pname = "setbfree";
version = "0.8.8";
version = "0.8.9";
src = fetchurl {
src = fetchzip {
url = "https://github.com/pantherb/setBfree/archive/v${version}.tar.gz";
sha256 = "1ldxwds99azingkjh246kz7x3j7307jhr0fls5rjjbcfchpg7v99";
sha256 = "097bby2da47zlkaqy2jl8j6q0h5pxaq67lz473ygadqs5ic3nhc1";
};
patchPhase = ''
postPatch = ''
sed 's#/usr/local#$(out)#g' -i common.mak
sed 's#/usr/share/fonts/truetype/ttf-bitstream-vera#${ttf_bitstream_vera}/share/fonts/truetype#g' \
-i b_synth/Makefile
@ -25,9 +25,9 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "A DSP tonewheel organ emulator";
homepage = http://setbfree.org;
homepage = "http://setbfree.org";
license = licenses.gpl2;
platforms = platforms.linux;
platforms = [ "x86_64-linux" "i686-linux" ]; # fails on ARM and Darwin
maintainers = [ maintainers.goibhniu ];
};
}

1
pkgs/applications/audio/sonic-pi/default.nix
View File

@ -100,5 +100,6 @@ mkDerivation rec {
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ Phlogistique kamilchm ];
platforms = lib.platforms.linux;
broken = true;
};
}

27
pkgs/applications/audio/spotify-tui/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ stdenv, fetchFromGitHub, rustPlatform, pkgconfig, openssl, Security }:
rustPlatform.buildRustPackage rec {
pname = "spotify-tui";
version = "0.5.0";
src = fetchFromGitHub {
owner = "Rigellute";
repo = "spotify-tui";
rev = "v${version}";
sha256 = "1spnr67fb2wjjf9sfkk3vps6q45w0zrk47an79bhv4imziy4dbs3";
};
cargoSha256 = "029g80mcqvmckszpbzm4hxs5w63n41ah4rc1b93i9c1nzvncd811";
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ openssl ]
++ stdenv.lib.optional stdenv.isDarwin Security;
meta = with stdenv.lib; {
description = "Spotify for the terminal written in Rust";
homepage = https://github.com/Rigellute/spotify-tui;
license = licenses.mit;
maintainers = with maintainers; [ jwijenbergh ];
platforms = platforms.all;
};
}

8
pkgs/applications/audio/spotifyd/default.nix
View File

@ -6,16 +6,16 @@
rustPlatform.buildRustPackage rec {
pname = "spotifyd";
version = "0.2.18";
version = "0.2.19";
src = fetchFromGitHub {
owner = "Spotifyd";
repo = "spotifyd";
rev = "v${version}";
sha256 = "12826b0wf31m9vw1s7bcd1hb4ygb1xn4sdknn1y9kzc68brsq94v";
sha256 = "063b28ysj224m6ngns9i574i7vnp1x4g07cqjw908ch04yngcg1c";
};
cargoSha256 = "0ar4bfwn3qxa6wsz2hd7nv1wr824h74jy3xqba2qsy0rsfwy1bmm";
cargoSha256 = "0pqxqd5dyw9mjclrqkxzfnzsz74xl4bg0b86v5q6kc0a91zd49b9";
cargoBuildFlags = [
"--no-default-features"
@ -36,7 +36,7 @@ rustPlatform.buildRustPackage rec {
description = "An open source Spotify client running as a UNIX daemon";
homepage = "https://github.com/Spotifyd/spotifyd";
license = with licenses; [ gpl3 ];
maintainers = [ maintainers.anderslundstedt ];
maintainers = [ maintainers.anderslundstedt maintainers.marsam ];
platforms = platforms.unix;
};
}

4
pkgs/applications/audio/synthv1/default.nix
View File

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "synthv1";
version = "0.9.9";
version = "0.9.10";
src = fetchurl {
url = "mirror://sourceforge/synthv1/${pname}-${version}.tar.gz";
sha256 = "0cvamqzg74qfr7kzk3skimskmv0j3d1rmmpbpsmfcrg8srvyx9r2";
sha256 = "1ssdm7aiaz908ydqwdx9khxnnd0yfacjgvbxg5p9s9xhkbqqc2f2";
};
buildInputs = [ qt5.qtbase qt5.qttools libjack2 alsaLib liblo lv2 ];

3
pkgs/applications/audio/vocal/default.nix
View File

@ -2,6 +2,7 @@
, fetchFromGitHub
, cmake
, ninja
, vala
, pkgconfig
, pantheon
, gtk3
@ -34,7 +35,7 @@ stdenv.mkDerivation rec {
cmake
libxml2
ninja
pantheon.vala
vala
pkgconfig
wrapGAppsHook
];

4
pkgs/applications/audio/x42-plugins/default.nix
View File

@ -3,12 +3,12 @@
, libGLU, lv2, gtk2, cairo, pango, fftwFloat, zita-convolver }:
stdenv.mkDerivation rec {
version = "20190714";
version = "20190820";
pname = "x42-plugins";
src = fetchurl {
url = "https://gareus.org/misc/x42-plugins/${pname}-${version}.tar.xz";
sha256 = "1mifmdy9pi1lg0h4nsvyjjnnni41vhgg34lks94mrx46wq90bgx4";
sha256 = "0dqsa5yxm3nx50j9k28iillj4sx2mjndzyspymxx0ghir1qmi4vh";
};
nativeBuildInputs = [ pkgconfig ];

4
pkgs/applications/audio/yoshimi/default.nix
View File

@ -6,11 +6,11 @@ assert stdenv ? glibc;
stdenv.mkDerivation rec {
pname = "yoshimi";
version = "1.5.11.3";
version = "1.6.0.1";
src = fetchurl {
url = "mirror://sourceforge/yoshimi/${pname}-${version}.tar.bz2";
sha256 = "00w0ll94dpss9f1rnaxjmw6mgjx5q2dz8w4mc3wyrk4s4gbd7154";
sha256 = "140f2k4akj39pny8c7i794q125415gyvmy4rday0il5ncp3glik4";
};
buildInputs = [

4
pkgs/applications/blockchains/go-ethereum.nix
View File

@ -2,7 +2,7 @@
buildGoPackage rec {
pname = "go-ethereum";
version = "1.9.5";
version = "1.9.6";
goPackagePath = "github.com/ethereum/go-ethereum";
@ -17,7 +17,7 @@ buildGoPackage rec {
owner = "ethereum";
repo = pname;
rev = "v${version}";
sha256 = "1h1c02dgazlcgp9lrm0zsig80nfj0c9553jy9nsvjyzf95ym1542";
sha256 = "08k6p7mbszlg8mq8k3vi5xrfnhfbxlh2ynd0nr0j64qdhmhcdnq6";
};
meta = with stdenv.lib; {

8
pkgs/applications/blockchains/jormungandr/default.nix
View File

@ -10,16 +10,16 @@
rustPlatform.buildRustPackage rec {
pname = "jormungandr";
version = "0.5.5";
version = "0.5.6";
src = fetchgit {
url = "https://github.com/input-output-hk/${pname}";
rev = "v${version}";
sha256 = "1fzhmkx60b5fnx4x81g5ls93iixd3126m4q1smrpq8ksidw5xifa";
rev = "v${version}+lock";
sha256 = "0l6rxr1xjp5hfkf0qfx8qsa1slxn0ly28akci1rwgdhlzjn43zqr";
fetchSubmodules = true;
};
cargoSha256 = "1hkbzxp6ic1655cq45zv6dcyrk9rbmvscdl8wm8fbidabz4x8vqd";
cargoSha256 = "0590gsghr25bzfmxfyrpg58a0l77y88jwnrkgjxf06x3d66kkn3l";
nativeBuildInputs = [ pkgconfig protobuf ];
buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security ];

27
pkgs/applications/blockchains/pivx.nix
View File

@ -1,5 +1,5 @@
{ fetchFromGitHub, stdenv, pkgconfig, autoreconfHook
, openssl, db48, boost, zlib, miniupnpc, gmp
{ fetchFromGitHub, stdenv, pkgconfig, autoreconfHook, wrapQtAppsHook ? null
, openssl_1_0_2, db48, boost, zlib, miniupnpc, gmp
, qrencode, glib, protobuf, yasm, libevent
, utillinux, qtbase ? null, qttools ? null
, enableUpnp ? false
@ -9,18 +9,18 @@
with stdenv.lib;
stdenv.mkDerivation rec {
pname = "pivx";
version = "3.2.0";
name = "pivx-${version}";
version = "3.4.0";
src = fetchFromGitHub {
owner = "PIVX-Project";
repo= "PIVX";
rev = "v${version}";
sha256 = "1sym6254vhq8qqpxq9qhy10m5167v7x93kqaj1gixc1vwwbxyazy";
sha256 = "1fqccdqhbwyvix0ihhbgg2w048i6bhfmazr36h2cn4j65n1fgmi2";
};
nativeBuildInputs = [ pkgconfig autoreconfHook ];
buildInputs = [ glib gmp openssl db48 yasm boost zlib libevent miniupnpc protobuf utillinux ]
nativeBuildInputs = [ pkgconfig autoreconfHook ] ++ optionals withGui [ wrapQtAppsHook ];
buildInputs = [ glib gmp openssl_1_0_2 db48 yasm boost zlib libevent miniupnpc protobuf utillinux ]
++ optionals withGui [ qtbase qttools qrencode ];
configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ]
@ -28,6 +28,7 @@ stdenv.mkDerivation rec {
++ optional disableWallet "--disable-wallet"
++ optional disableDaemon "--disable-daemon"
++ optionals withGui [ "--with-gui=yes"
"--with-unsupported-ssl" # TODO remove this ASAP
"--with-qt-bindir=${qtbase.dev}/bin:${qttools.dev}/bin"
];
@ -39,6 +40,11 @@ stdenv.mkDerivation rec {
cp share/pixmaps/*128.png $out/share/icons/
'';
doInstallCheck = true;
installCheckPhase = ''
$out/bin/test_pivx
'';
meta = with stdenv.lib; {
description = "An open source crypto-currency focused on fast private transactions";
longDescription = ''
@ -50,12 +56,9 @@ stdenv.mkDerivation rec {
homepage = https://www.dash.org;
maintainers = with maintainers; [ wucke13 ];
platforms = platforms.unix;
# TODO
# upstream doesn't support newer openssl versions
# https://github.com/PIVX-Project/PIVX/issues/748
# "Your system is most probably using openssl 1.1 which is not the
# officialy supported version. Either use 1.0.1 or run again configure
# with the given option."
broken = true;
# openssl_1_0_2 should be replaced with openssl ASAP
};
}

1
pkgs/applications/blockchains/polkadot/default.nix
View File

@ -26,5 +26,6 @@ rustPlatform.buildRustPackage rec {
license = licenses.gpl3;
maintainers = [ maintainers.akru ];
platforms = platforms.linux;
broken = true;
};
}

5
pkgs/applications/display-managers/lightdm/default.nix
View File

@ -53,6 +53,11 @@ stdenv.mkDerivation rec {
url = "https://src.fedoraproject.org/rpms/lightdm/raw/4cf0d2bed8d1c68970b0322ccd5dbbbb7a0b12bc/f/lightdm-1.25.1-disable_dmrc.patch";
sha256 = "06f7iabagrsiws2l75sx2jyljknr9js7ydn151p3qfi104d1541n";
})
# Don't use etc/dbus-1/system.d
(fetchpatch {
url = "https://github.com/canonical/lightdm/commit/a99376f5f51aa147aaf81287d7ce70db76022c47.patch";
sha256 = "1zyx1qqajrmqcf9hbsapd39gmdanswd9l78rq7q6rdy4692il3yn";
})
];
preConfigure = "NOCONFIGURE=1 ./autogen.sh";

1
pkgs/applications/display-managers/sddm/default.nix
View File

@ -46,6 +46,7 @@ in mkDerivation {
"-DQT_IMPORTS_DIR=${placeholder "out"}/${qtbase.qtQmlPrefix}"
"-DCMAKE_INSTALL_SYSCONFDIR=${placeholder "out"}/etc"
"-DSYSTEMD_SYSTEM_UNIT_DIR=${placeholder "out"}/lib/systemd/system"
"-DDBUS_CONFIG_DIR=${placeholder "out"}/share/dbus-1/system.d"
];
postInstall = ''

24
pkgs/applications/editors/android-studio/common.nix
View File

@ -1,8 +1,11 @@
{ channel, pname, version, build, sha256Hash }:
{ bash
{ alsaLib
, bash
, buildFHSUserEnv
, coreutils
, dbus
, expat
, fetchurl
, findutils
, file
@ -19,16 +22,24 @@
, libpulseaudio
, libGL
, libX11
, libxcb
, libXcomposite
, libXcursor
, libXdamage
, libXext
, libXfixes
, libXi
, libXrandr
, libXrender
, libXtst
, makeWrapper
, nspr
, nss
, pciutils
, pkgsi686Linux
, setxkbmap
, stdenv
, systemd
, unzip
, which
, runCommand
@ -99,9 +110,20 @@ let
libXrandr
# For Android emulator
alsaLib
dbus
expat
libpulseaudio
libX11
libxcb
libXcomposite
libXcursor
libXdamage
libXfixes
libGL
nspr
nss
systemd
# For GTKLookAndFeel
gtk2

8
pkgs/applications/editors/android-studio/default.nix
View File

@ -12,11 +12,11 @@ let
build = "191.5900203";
sha256Hash = "0afxlif8pkrl6m1lhiqri1qv4vf5mfm1yg6qk5rad0442hm3kz4l";
};
betaVersion = stableVersion;
betaVersion = latestVersion;
latestVersion = { # canary & dev
version = "3.6.0.12"; # "Android Studio 3.6 Canary 12"
build = "192.5871855";
sha256Hash = "0pxvpxqdxv37sl72p7gml70k6kl717k6avw9p0l00cys0zbvb3zq";
version = "3.6.0.13"; # "Android Studio 3.6 Beta 1"
build = "192.5916306";
sha256Hash = "0kvz3mgpfb3wqr1pw9847d5syswlzls3b4nilzgk6w127k2zmkfy";
};
in {
# Attributes are named by their corresponding release channels

16
pkgs/applications/editors/eclipse/default.nix
View File

@ -13,10 +13,10 @@ assert stdenv ? glibc;
let
platform_major = "4";
platform_minor = "12";
platform_minor = "13";
year = "2019";
month = "06";
timestamp = "201906051800";
month = "09";
timestamp = "201909161045";
in rec {
@ -34,7 +34,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-cpp-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "3mfljabrwbwq256vvsp9qjb96hzlbpwgnb3wz806pbyh0ibfq6s1hn8kh5aaa2da5821v0ykcxa12jagj7naqp4g91jqxp1wb1ygz2q";
sha512 = "0s9wvxd1bahlcdw7l6cyfi59p78j6gym3a3mn1z6dm6swxgyb2wjjl7hx8bkg0zs8x31bwllpdq22y2vcm6j57h40v53l3xkhy73m8v";
};
};
@ -46,7 +46,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-modeling-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "18p6xz6rq4w6j39b2k9kjpz8s1nljfq44g2cmvxqjgjfkq8lk4ij73ssyv1raly4wkm7r22ixacswdjmyj942k5vpv9y11i91hp1scv";
sha512 = "09nc7ipv67h0gr7lkxsbxrgj9gn48348asn03ylcvflyrcxghqs8n11a75rwvdj98igdzpw922saicx5lqq5g2flfqiga97lwwhfiz5";
};
};
@ -58,7 +58,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-platform-${platform_major}.${platform_minor}-linux-gtk-x86_64.tar.gz";
sha512 = "0qiyk95qhdqcfgg5hgc7pcpbpjy9jnx7l3vb7s4cgijdz2xz0n5psh11lpj3whk2amh4iwkyx7kn8fxdq7lm03rlgx67cbk7p8my16m";
sha512 = "2c40wwrc2ip32n0m5cs8ds0g7cs7018acw8gjkd23msa4pr9x9511c3dj6rbnn1hwzf9yjq6vnjmib5qarxd3vly76jwxhf867l1f7v";
};
};
@ -88,7 +88,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops${platform_major}/R-${platform_major}.${platform_minor}-${timestamp}/eclipse-SDK-${platform_major}.${platform_minor}-linux-gtk-x86_64.tar.gz";
sha512 = "3bbc8d66ms7nhg6f8gb0bnzjqz26wixpipn4n9qf0azcplrv2j91z8hjw1fx39dx4pqnsf442bkgab4qqhkpks7qq54110l01q6gvy9";
sha512 = "2vm646d1crzzzysll3p5pjfljfjzxx4qd37dqcp6xjm91zg8iskli688h0lgla0rmbwz5kj509jp22m4rxkp3cbgd006dd0jr3icdls";
};
};
@ -100,7 +100,7 @@ in rec {
src =
fetchurl {
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/technology/epp/downloads/release/${year}-${month}/R/eclipse-java-${year}-${month}-R-linux-gtk-x86_64.tar.gz";
sha512 = "20qs1aagh4drsycvar3x42zy422zl34yg1p3vhxbqfbf7v3z1d3cxs9ah61x4bdxx9bkfwchasqp1wr15nflch9g0i50bdki3cgng1d";
sha512 = "3zyxqd8iwrfgjjg91dfi4bda61rd2717hy53swmbygi48zaaam70swx997yp5qzxwjp3macdslfk6sqhq2qlcdwcdl6dmkry018jh7b";
};
};

12
pkgs/applications/editors/eclipse/plugins.nix
View File

@ -254,12 +254,12 @@ rec {
cdt = buildEclipseUpdateSite rec {
name = "cdt-${version}";
version = "9.8.1";
version = "9.9.0";
src = fetchzip {
stripRoot = false;
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/tools/cdt/releases/9.8/${name}/${name}.zip";
sha256 = "0kxmwz75i8mv4wics9n0hspxhzl3glf5ry2v5mnl5j9gcf73b0nv";
url = "https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/tools/cdt/releases/9.9/${name}/${name}.zip";
sha256 = "1vgx7ggilfwmx0bjrhk7mwlwg1c8lb141ilj3vzwxivlffihy054";
};
meta = with stdenv.lib; {
@ -474,12 +474,12 @@ rec {
jdt = buildEclipseUpdateSite rec {
name = "jdt-${version}";
version = "4.12";
version = "4.13";
src = fetchzip {
stripRoot = false;
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.12-201906051800/org.eclipse.jdt-4.12.zip;
sha256 = "0qscvqg69z4554n1yhl0xg1xz8ln3qsbgfzi7cg3xnnwnxfqz9cb";
url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.13-201909161045/org.eclipse.jdt-4.13.zip;
sha256 = "0sfpxph0cszcx1cihzzjn60qid8sxgl2xyr9x46fld4ian5a7vbr";
};
meta = with stdenv.lib; {

4
pkgs/applications/editors/geany/default.nix
View File

@ -3,7 +3,7 @@
with stdenv.lib;
let
version = "1.35";
version = "1.36";
in
stdenv.mkDerivation rec {
@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://download.geany.org/${pname}-${version}.tar.bz2";
sha256 = "179xfnvhcxsv54v2mlrhykqv2j7klniln5sffvqqpjmdvwyivvim";
sha256 = "0gnm17cr4rf3pmkf0axz4a0fxwnvp55ji0q0lzy88yqbshyxv14i";
};
nativeBuildInputs = [ pkgconfig intltool libintl ];

6
pkgs/applications/editors/gnome-builder/default.nix
View File

@ -13,7 +13,6 @@
, gtk-doc
, gtk3
, gtksourceview4
, hicolor-icon-theme
, json-glib
, jsonrpc-glib
, libdazzle
@ -39,11 +38,11 @@
stdenv.mkDerivation rec {
pname = "gnome-builder";
version = "3.34.0";
version = "3.34.1";
src = fetchurl {
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
sha256 = "19i2ipgw48fpd50wacwyhj35hajlg7qcyxpj8rsqk4g21ijfykrg";
sha256 = "19018pq94cxf6fywd7fsmy98x56by5zfmh140pl530gaaw84cvhb";
};
nativeBuildInputs = [
@ -53,7 +52,6 @@ stdenv.mkDerivation rec {
docbook_xml_dtd_43
gobject-introspection
gtk-doc
hicolor-icon-theme
(meson.override ({ inherit stdenv; }))
ninja
pkgconfig

4
pkgs/applications/editors/manuskript/default.nix
View File

@ -2,7 +2,7 @@
python3Packages.buildPythonApplication rec {
pname = "manuskript";
version = "0.9.0";
version = "0.10.0";
format = "other";
@ -10,7 +10,7 @@ python3Packages.buildPythonApplication rec {
repo = pname;
owner = "olivierkes";
rev = version;
sha256 = "13y1s0kba1ib6g977n7h920kyr7abdw03kpal512m7iwa9g2kdw8";
sha256 = "0q413vym7hzjpyg3krj5y63hwpncdifjkyswqmr76zg5yqnklnh3";
};
nativeBuildInputs = [ wrapQtAppsHook ];

32
pkgs/applications/editors/ne/default.nix
View File

@ -1,36 +1,36 @@
{ stdenv, fetchFromGitHub, ncurses, texinfo, texlive, perl, ghostscript }:
stdenv.mkDerivation rec {
pname = "ne";
version = "3.1.2";
version = "3.2.1";
src = fetchFromGitHub {
owner = "vigna";
repo = "ne";
repo = pname;
rev = version;
sha256 = "154grh9gdzydnqn9xxj7zpia9cc5x6a7y1g73vwizr9bkg92l5cc";
sha256 = "0h6d08cnwrk96ss83i9bragwwanph6x54sm3ak1z81146dsqsiif";
};
buildInputs = [ ncurses texlive.combined.scheme-medium texinfo perl ghostscript ];
dontBuild = true;
installPhase = ''
substituteInPlace src/makefile --replace "CC=c99" "cc=gcc"
substituteInPlace src/makefile --replace "-lcurses" "-lncurses"
postPatch = ''
substituteInPlace makefile --replace "./version.pl" "perl version.pl"
cd doc && make && cd ..
cd src && make && cd ..
make PREFIX=$out install
substituteInPlace src/makefile --replace "-lcurses" "-lncurses"
'';
meta = {
nativeBuildInputs = [ texlive.combined.scheme-medium texinfo perl ghostscript ];
buildInputs = [ ncurses ];
makeFlags = [ "PREFIX=${placeholder "out"}" ];
meta = with stdenv.lib; {
description = "The nice editor";
homepage = https://github.com/vigna/ne;
homepage = "http://ne.di.unimi.it/";
longDescription = ''
ne is a free (GPL'd) text editor based on the POSIX standard that runs
(we hope) on almost any UN*X machine. ne is easy to use for the beginner,
but powerful and fully configurable for the wizard, and most sparing in its
resource usage. See the manual for some highlights of ne's features.
'';
license = stdenv.lib.licenses.gpl3;
platforms = stdenv.lib.platforms.unix;
license = licenses.gpl3;
platforms = platforms.unix;
};
}

3
pkgs/applications/editors/nedit/default.nix
View File

@ -26,7 +26,8 @@ stdenv.mkDerivation rec {
'';
meta = with stdenv.lib; {
homepage = https://sourceforge.net/projects/nedit;
homepage = "https://sourceforge.net/projects/nedit";
description = "A fast, compact Motif/X11 plain text editor";
platforms = with platforms; linux ++ darwin;
license = licenses.gpl2;
};

1
pkgs/applications/editors/okteta/default.nix
View File

@ -28,6 +28,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
license = licenses.gpl2;
description = "A hex editor";
maintainers = with maintainers; [ peterhoeg bkchr ];
platforms = platforms.linux;
};

4
pkgs/applications/editors/quilter/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, pkgconfig, meson, ninja, python3
{ stdenv, fetchFromGitHub, pkgconfig, meson, ninja, python3, vala
, gtk3, desktop-file-utils, gtksourceview, webkitgtk, gtkspell3, pantheon
, libgee, discount, wrapGAppsHook }:
@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
desktop-file-utils
meson
ninja
pantheon.vala
vala
pkgconfig
python3
wrapGAppsHook

9
pkgs/applications/editors/vim/macvim.nix
View File

@ -136,6 +136,15 @@ stdenv.mkDerivation {
find $out/share/man \( -name eVim.1 -or -name xxd.1 \) -delete
'';
# We rely on the user's Xcode install to build. It may be located in an arbitrary place, and
# it's not clear what system-level components it may require, so for now we'll just allow full
# filesystem access. This way the package still can't access the network.
sandboxProfile = ''
(allow file-read* file-write* process-exec mach-lookup)
; block homebrew dependencies
(deny file-read* file-write* process-exec mach-lookup (subpath "/usr/local") (with no-log))
'';
meta = with stdenv.lib; {
description = "Vim - the text editor - for macOS";
homepage = https://github.com/macvim-dev/macvim;

6
pkgs/applications/editors/vscode/vscode.nix
View File

@ -11,13 +11,13 @@ let
archive_fmt = if system == "x86_64-darwin" then "zip" else "tar.gz";
sha256 = {
x86_64-linux = "1wxaxz2q4qizh6f23ipz8ihay6bpjdq0545vijqd84fqazcji6sq";
x86_64-darwin = "1gb9w3hvw3avn852an5v8m1ia64fkavnvaawjfc3455b248iiqvk";
x86_64-linux = "06yrcn7857fw1dvwj0fhj6b2pb224i0r1m2diqg49a0jaj15mnak";
x86_64-darwin = "0gq2lazjlzf7wmmdlpg5zg60lmwlmq5rm65lb815r0dpqqj0dizn";
}.${system};
in
callPackage ./generic.nix rec {
version = "1.38.1";
version = "1.39.1";
pname = "vscode";
executableName = "code" + lib.optionalString isInsiders "-insiders";

6
pkgs/applications/editors/vscode/vscodium.nix
View File

@ -11,8 +11,8 @@ let
archive_fmt = if system == "x86_64-darwin" then "zip" else "tar.gz";
sha256 = {
x86_64-linux = "15m7mfb8gmx3pwydc37blj0rxwgmkrnqfj6y79rpqlr2dg92gwlb";
x86_64-darwin = "080k4fnfa5ylmmya6zprgci3gld9mrbqsfnk53hgcny91ykl5xj5";
x86_64-linux = "1vhrfz36ay67laa5159jcnxyl4prgm8v1mp6anv1s7bppazigg2n";
x86_64-darwin = "0cxsl0qpk223khndfwwgxl8az4rz4ap657yrkvws9bh8k4vv473h";
}.${system};
sourceRoot = {
@ -23,7 +23,7 @@ in
callPackage ./generic.nix rec {
inherit sourceRoot;
version = "1.38.1";
version = "1.39.1";
pname = "vscodium";
executableName = "codium";

4
pkgs/applications/graphics/avocode/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, makeDesktopItem, fetchurl, unzip
, gdk-pixbuf, glib, gtk3, atk, at-spi2-atk, pango, cairo, freetype, fontconfig, dbus, nss, nspr, alsaLib, cups, expat, udev, gnome3
, xorg, mozjpeg, makeWrapper, wrapGAppsHook, hicolor-icon-theme, libuuid, at-spi2-core
, xorg, mozjpeg, makeWrapper, wrapGAppsHook, libuuid, at-spi2-core
}:
stdenv.mkDerivation rec {
@ -57,7 +57,7 @@ stdenv.mkDerivation rec {
};
nativeBuildInputs = [makeWrapper wrapGAppsHook];
buildInputs = [ unzip gtk3 gnome3.adwaita-icon-theme hicolor-icon-theme ];
buildInputs = [ unzip gtk3 gnome3.adwaita-icon-theme ];
# src is producing multiple folder on unzip so we must
# override unpackCmd to extract it into newly created folder

4
pkgs/applications/graphics/dia/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchgit, autoconf, automake, libtool, gtk2, pkgconfig, perlPackages,
libxml2, gettext, python, libxml2Python, docbook5, docbook_xsl,
libxslt, intltool, libart_lgpl, withGNOME ? false, libgnomeui, hicolor-icon-theme,
libxslt, intltool, libart_lgpl, withGNOME ? false, libgnomeui,
gtk-mac-integration-gtk2 }:
stdenv.mkDerivation {
@ -15,7 +15,7 @@ stdenv.mkDerivation {
buildInputs =
[ gtk2 libxml2 gettext python libxml2Python docbook5
libxslt docbook_xsl libart_lgpl hicolor-icon-theme ]
libxslt docbook_xsl libart_lgpl ]
++ stdenv.lib.optional withGNOME libgnomeui
++ stdenv.lib.optional stdenv.isDarwin gtk-mac-integration-gtk2;

3
pkgs/applications/graphics/fondo/default.nix
View File

@ -2,6 +2,7 @@
, fetchFromGitHub
, fetchpatch
, pantheon
, vala
, pkgconfig
, meson
, ninja
@ -31,7 +32,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
meson
ninja
pantheon.vala
vala
pkgconfig
python3
wrapGAppsHook

3
pkgs/applications/graphics/glabels/default.nix
View File

@ -1,6 +1,6 @@
{ stdenv, fetchurl, barcode, gnome3, autoreconfHook
, gtk3, gtk-doc, libxml2, librsvg , libtool, libe-book, gsettings-desktop-schemas
, intltool, itstool, makeWrapper, pkgconfig, hicolor-icon-theme
, intltool, itstool, makeWrapper, pkgconfig
}:
stdenv.mkDerivation rec {
@ -17,7 +17,6 @@ stdenv.mkDerivation rec {
barcode gtk3 gtk-doc gnome3.yelp-tools
gnome3.gnome-common gsettings-desktop-schemas
itstool libxml2 librsvg libe-book libtool
hicolor-icon-theme
];
preFixup = ''

5
pkgs/applications/graphics/ideogram/default.nix
View File

@ -1,6 +1,7 @@
{ stdenv
, fetchFromGitHub
, fetchpatch
, vala
, pkgconfig
, python3
, glib
@ -11,7 +12,6 @@
, pantheon
, desktop-file-utils
, xorg
, hicolor-icon-theme
, wrapGAppsHook
}:
@ -28,10 +28,9 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
desktop-file-utils
hicolor-icon-theme # for setup-hook
meson
ninja
pantheon.vala
vala
pkgconfig
python3
wrapGAppsHook

4
pkgs/applications/graphics/inkscape/default.nix
View File

@ -2,7 +2,7 @@
, libpng, zlib, popt, boehmgc, libxml2, libxslt, glib, gtkmm2
, glibmm, libsigcxx, lcms, boost, gettext, makeWrapper
, gsl, python2, poppler, imagemagick, libwpg, librevenge
, libvisio, libcdr, libexif, potrace, cmake, hicolor-icon-theme
, libvisio, libcdr, libexif, potrace, cmake
, librsvg, wrapGAppsHook
}:
@ -47,7 +47,7 @@ stdenv.mkDerivation rec {
libXft libpng zlib popt boehmgc
libxml2 libxslt glib gtkmm2 glibmm libsigcxx lcms boost gettext
gsl poppler imagemagick libwpg librevenge
libvisio libcdr libexif potrace hicolor-icon-theme
libvisio libcdr libexif potrace
librsvg # for loading icons

4
pkgs/applications/graphics/mypaint/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, gtk3, intltool, json_c, lcms2, libpng, librsvg, gobject-introspection, hicolor-icon-theme
{ stdenv, fetchFromGitHub, gtk3, intltool, json_c, lcms2, libpng, librsvg, gobject-introspection
, gdk-pixbuf, pkgconfig, python2Packages, scons, swig, wrapGAppsHook }:
let
@ -21,7 +21,7 @@ in stdenv.mkDerivation {
];
buildInputs = [
gtk3 gdk-pixbuf json_c lcms2 libpng librsvg pycairo pygobject3 python hicolor-icon-theme
gtk3 gdk-pixbuf json_c lcms2 libpng librsvg pycairo pygobject3 python
];
propagatedBuildInputs = [ numpy ];

4
pkgs/applications/graphics/openimageio/2.x.nix
View File

@ -14,13 +14,13 @@
stdenv.mkDerivation rec {
pname = "openimageio";
version = "2.0.10";
version = "2.0.11";
src = fetchFromGitHub {
owner = "OpenImageIO";
repo = "oiio";
rev = "Release-${version}";
sha256 = "0k60kgfahsqcgmydsf1kh1qzshn8mksaw772z48a40qnx28pfjys";
sha256 = "1kasp9as81wjvys9qrx10mgdf9bjbdgryhdgjqn05zdmv2rs95nc";
};
outputs = [ "bin" "out" "dev" "doc" ];

2
pkgs/applications/graphics/photoflow/default.nix
View File

@ -51,6 +51,6 @@ stdenv.mkDerivation {
license = licenses.gpl3Plus;
maintainers = [ maintainers.MtP ];
platforms = platforms.linux;
broken = stdenv.isAarch64;
broken = true;
};
}

4
pkgs/applications/graphics/rapid-photo-downloader/default.nix
View File

@ -6,11 +6,11 @@
mkDerivationWith python3Packages.buildPythonApplication rec {
pname = "rapid-photo-downloader";
version = "0.9.16";
version = "0.9.17";
src = fetchurl {
url = "https://launchpad.net/rapid/pyqt/${version}/+download/${pname}-${version}.tar.gz";
sha256 = "0ij3li17jcqjx79ldv6zg2ckn8m2l9n4xvvq2x79y4q8yx9fqg85";
sha256 = "10vqbi9rcg8r0jxpx2kn8xmahwgdcal28wpix2fg6nkp5rfwxnr6";
};
# Disable version check and fix install tests

4
pkgs/applications/graphics/vimiv/default.nix
View File

@ -1,5 +1,5 @@
{ lib, python3Packages, fetchFromGitHub, imagemagick, librsvg, gtk3, jhead
, hicolor-icon-theme, gnome3
, gnome3
# Test requirements
, dbus, xvfb_run, xdotool
@ -38,7 +38,7 @@ python3Packages.buildPythonApplication rec {
'';
checkInputs = [ python3Packages.nose dbus.daemon xvfb_run xdotool ];
buildInputs = [ hicolor-icon-theme gnome3.adwaita-icon-theme librsvg ];
buildInputs = [ gnome3.adwaita-icon-theme librsvg ];
propagatedBuildInputs = with python3Packages; [ pillow pygobject3 gtk3 ];
makeWrapperArgs = [

2
pkgs/applications/graphics/xournalpp/default.nix
View File

@ -10,7 +10,6 @@
, glib
, gsettings-desktop-schemas
, gtk3
, hicolor-icon-theme
, libsndfile
, libxml2
, libzip
@ -38,7 +37,6 @@ stdenv.mkDerivation rec {
[ glib
gsettings-desktop-schemas
gtk3
hicolor-icon-theme
libsndfile
libxml2
libzip

Some files were not shown because too many files have changed in this diff Show More