Merge branch 'master' into dbus-switch-to-configuration

Conflicts:
	nixos/modules/system/activation/switch-to-configuration.pl
This commit is contained in:
Oliver Charles 2014-04-20 19:17:05 +01:00
commit 42ae633445
2724 changed files with 61040 additions and 23079 deletions

View File

@ -1 +1 @@
14.02
14.04

10
README.md Normal file
View File

@ -0,0 +1,10 @@
Nixpkgs is a collection of packages for [Nix](http://nixos.org/nix/) package
manager. Nixpkgs also includes [NixOS](http://nixos.org/nixos/) linux distribution source code.
* [NixOS installation instructions](http://nixos.org/nixos/manual/#installing-nixos)
* [Manual (How to write packages for Nix)](http://nixos.org/nixpkgs/manual/)
* [Manual (NixOS)](http://nixos.org/nixos/manual/)
* [Continuous build](http://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Tests](http://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Mailing list](http://lists.science.uu.nl/mailman/listinfo/nix-dev)
* [IRC - #nixos on freenode.net](irc://irc.freenode.net/#nixos)

View File

@ -1 +1,7 @@
import ./pkgs/top-level/all-packages.nix
if ! builtins ? nixVersion || builtins.compareVersions "1.6" builtins.nixVersion == 1 then
abort "This version of Nixpkgs requires Nix >= 1.6, please upgrade!"
else
import ./pkgs/top-level/all-packages.nix

View File

@ -235,12 +235,7 @@ Most of the time, these are the same. For instance, the package
bound to the variable name <varname>e2fsprogs</varname> in
<filename>all-packages.nix</filename>, and the Nix expression is in
<filename>pkgs/os-specific/linux/e2fsprogs/default.nix</filename>.
However, identifiers in the Nix language dont allow certain
characters (e.g. dashes), so sometimes a different variable name
should be used. For instance, the
<literal>module-init-tools</literal> package is bound to the
<literal>module_init_tools</literal> variable in
<filename>all-packages.nix</filename>.</para>
</para>
<para>There are a few naming guidelines:
@ -261,17 +256,20 @@ should be used. For instance, the
a package named <literal>hello-svn</literal> by
<command>nix-env</command>.</para></listitem>
<listitem><para>Dashes in the package name should be changed to
underscores in variable names, rather than to camel case — e.g.,
<varname>module_init_tools</varname> instead of
<varname>moduleInitTools</varname>.</para></listitem>
<listitem><para>Dashes in the package name should be preserved
in new variable names, rather than converted to underscores
(which was convention up to around 2013 and most names
still have underscores instead of dashes) — e.g.,
<varname>http-parser</varname> instead of
<varname>http_parser</varname>.</para></listitem>
<listitem><para>If there are multiple versions of a package, this
should be reflected in the variable names in
<filename>all-packages.nix</filename>,
e.g. <varname>hello_0_3</varname> and <varname>hello_0_4</varname>.
e.g. <varname>json-c-0-9</varname> and <varname>json-c-0-11</varname>.
If there is an obvious “default” version, make an attribute like
<literal>hello = hello_0_4;</literal>.</para></listitem>
<literal>json-c = json-c-0-9;</literal>.
See also <xref linkend="sec-versioning" /></para></listitem>
</itemizedlist>
@ -288,7 +286,7 @@ dashes between words — not in camel case. For instance, it should be
<filename>allPackages.nix</filename> or
<filename>AllPackages.nix</filename>.</para>
<section><title>Hierachy</title>
<section><title>Hierarchy</title>
<para>Each package should be stored in its own directory somewhere in
the <filename>pkgs/</filename> tree, i.e. in
@ -567,7 +565,7 @@ splitting up an existing category.</para>
</section>
<section><title>Versioning</title>
<section xml:id="sec-versioning"><title>Versioning</title>
<para>Because every version of a package in Nixpkgs creates a
potential maintenance burden, old versions of a package should not be

View File

@ -108,7 +108,7 @@ a <varname>preConfigure</varname> hook to generate a configuration
file used by <filename>Makefile.PL</filename>:
<programlisting>
{buildPerlPackage, fetchurl, db4}:
{buildPerlPackage, fetchurl, db}:
buildPerlPackage rec {
name = "BerkeleyDB-0.36";
@ -119,8 +119,8 @@ buildPerlPackage rec {
};
preConfigure = ''
echo "LIB = ${db4}/lib" > config.in
echo "INCLUDE = ${db4}/include" >> config.in
echo "LIB = ${db}/lib" > config.in
echo "INCLUDE = ${db}/include" >> config.in
'';
}
</programlisting>

View File

@ -164,7 +164,7 @@ meta.hydraPlatforms = [];
<listitem><para>If set to <literal>true</literal>, the package is
marked as “broken”, meaning that it wont show up in
<literal>nix-env -qa</literal>, and cannot be built or installed.
Sush packages should be removed from Nixpkgs eventually unless
Such packages should be removed from Nixpkgs eventually unless
they are fixed.</para></listitem>
</varlistentry>

View File

@ -1,158 +0,0 @@
- The standard environment
(Some of this can be moved from the Nix manual)
- Special attributes
- Generic builder
- Helper functions
- GCC / ld wrapper (+ env vars)
- Phases (+ how to add phases) and hooks
- Override functions for stdenv
- Overriding GCC
- Overriding the setup script
- Predefined override functions in all-packages.nix: static binary
stdenv, dietlibc stdenv
- Stdenv bootstrap; how to update the Linux bootstrap binaries
- Specific platform notes (Linux, Native, Cygwin, Mingw)
- Support for specific languages
- Perl
- Generic Perl builder
- Python
- Wrapper generation
- Haskell
- TODO
- Java
- TODO; Java needs lots of improvement
- TeX/LaTeX
- Special support for building TeX documents
- Special kinds of applications
- OpenGL apps
- Binary-only apps
- Linux kernel modules
- Mozilla plugins/extensions
- X apps
- KDE apps
- GConf-based apps
- Programs that need wrappers
- makeWrapper etc.
- Initial ramdisks
- Library functions
- i.e. in lib/default.nix
- Specific package notes
- Linux kernel; how to update; feature tests
- X.org; how to update
- Gnome; how to update
- GCC?
- GHC?
- ...
- Meta attributes
- License attr; possible values
- Virtual machine support (for the build farm)
- vmtools
- KVM notes
- Performing a build in a VM
- In the host FS
- In a disk image
- RPM builds
- RPM image creation
- Deb builds
- Deb image creation
- Debugging VM builds
- Guidelines for Nixpkgs contributions
- File naming conventions
- Versioning of packages
- Tree organisation
- Variable naming
- Layout / indentations style
- Output FS hierarchy (e.g. $out/share/man instead of $out/man)
- Misc
- Building outside of the Nixpkgs tree
- Config options
- Downloading stuff
- fetchurl
- mirror:// scheme
- fetchsvn
- fetchcvs
- fetchdarcs
- Appendix: Nixpkgs config options

View File

@ -71,7 +71,7 @@ $ git add pkgs/development/libraries/libfoo/default.nix</screen>
<listitem>
<para>GNU Multiple Precision arithmetic library (GMP): <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/gmp/5.1.1.nix"><filename>pkgs/development/libraries/gmp/5.1.1.nix</filename></link>.
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/gmp/5.1.x.nix"><filename>pkgs/development/libraries/gmp/5.1.x.nix</filename></link>.
Also done by the generic builder, but has a dependency on
<varname>m4</varname>.</para>
</listitem>

View File

@ -298,6 +298,13 @@ executed and in what order:
</listitem>
</varlistentry>
<varlistentry>
<term><varname>preFixupPhases</varname></term>
<listitem>
<para>Additional phases executed just before the fixup phase.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>preDistPhases</varname></term>
<listitem>
@ -1156,12 +1163,27 @@ echo @foo@
to Qts path.</para></listitem>
</varlistentry>
<varlistentry>
<term>gdk-pixbuf</term>
<listitem><para>Exports <envar>GDK_PIXBUF_MODULE_FILE</envar>
environment variable the the builder. Add librsvg package
to <varname>buildInputs</varname> to get svg support.</para></listitem>
</varlistentry>
<varlistentry>
<term>GHC</term>
<listitem><para>Creates a temporary package database and registers
every Haskell build input in it (TODO: how?).</para></listitem>
</varlistentry>
<varlistentry>
<term>GStreamer</term>
<listitem><para>Adds the
GStreamer plugins subdirectory of
each build input to the <envar>GST_PLUGIN_SYSTEM_PATH_1_0</envar> or
<envar>GST_PLUGIN_SYSTEM_PATH</envar> environment variable.</para></listitem>
</varlistentry>
</variablelist>
</para>

View File

@ -25,19 +25,15 @@
amd = {
shortName = "amd";
fullName = "AMD License Agreement";
url = "http://developer.amd.com/amd-license-agreement/";
};
url = http://developer.amd.com/amd-license-agreement/;
};#
amdadl = {
shortName = "amd-adl";
fullName = "amd-adl license";
url = "http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/licenses/AMD-ADL?revision=1.1";
apsl20 = {
shortName = "APSL 2.0";
fullName = "Apple Public Source License 2.0";
url = http://opensource.org/licenses/APSL-2.0;
};
# Apple Public Source License 2.0;
# http://opensource.org/licenses/APSL-2.0
apsl20 = "APSL 2.0";
asl20 = {
shortName = "ASL2.0";
fullName = "Apache Software License 2.0";
@ -68,6 +64,12 @@
url = https://fedoraproject.org/wiki/Licensing/BSD;
};
cc-by-30 = {
shortName = "CC BY 3.0";
fullName = "Creative Commons Attribution 3.0";
url = http://creativecommons.org/licenses/by/3.0;
};
cddl = {
shortName = "CDDL";
fullName = "Common Development Distribution License ";
@ -86,7 +88,11 @@
url = http://www.eclipse.org/legal/epl-v10.html;
};
gpl2 = "GPLv2";
gpl2 = {
shortName = "GPLv2";
fullName = "GNU General Public License version 2";
url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
};
gpl2Oss = {
shortName = "GPLv2+OSS";
@ -94,9 +100,11 @@
url = http://www.mysql.com/about/legal/licensing/foss-exception;
};
# GNU General Public License version 2 or later;
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
gpl2Plus = "GPLv2+";
gpl2Plus = {
shortName = "GPLv2+";
fullName = "GNU General Public License version 2 or later";
url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
};
gpl3 = {
shortName = "GPLv3";
@ -140,7 +148,11 @@
url = https://fedoraproject.org/wiki/Licensing/libtiff;
};
lgpl2 = "LGPLv2";
lgpl2 = {
shortName = "LGPLv2";
fullName = "GNU Library General Public License version 2";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
};
lgpl2Plus = {
shortName = "LGPLv2+";
@ -148,7 +160,11 @@
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
};
lgpl21 = "LGPLv2.1";
lgpl21 = {
shortName = "LGPLv2.1";
fullName = "GNU Lesser General Public License version 2.1";
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html;
};
lgpl21Plus = {
shortName = "LGPLv2.1+";
@ -238,4 +254,10 @@
fullName = "Zope Public License 2.1";
url = "http://old.zope.org/Resources/License/ZPL-2.1";
};
sleepycat = {
shortName = "Sleepycat";
fullName = "Sleepycat Public License";
url = "https://en.wikipedia.org/wiki/Sleepycat_License";
};
}

View File

@ -226,4 +226,5 @@ in rec {
deepSeqList = xs: y: if any (x: deepSeq x false) xs then y else y;
crossLists = f: foldl (fs: args: concatMap (f: map f args) fs) [f];
}

View File

@ -4,35 +4,46 @@
/* Add your name and email address here. Keep the list
alphabetically sorted. */
_1126 = "Christian Lask <mail@elfsechsundzwanzig.de>";
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
akc = "Anders Claesson <akc@akc.is>";
algorith = "Dries Van Daele <dries_van_daele@telenet.be>";
all = "Nix Committers <nix-commits@lists.science.uu.nl>";
amiddelk = "Arie Middelkoop <amiddelk@gmail.com>";
amorsillo = "Andrew Morsillo <andrew.morsillo@gmail.com>";
AndersonTorres = "Anderson Torres <torres.anderson.85@gmail.com>";
andres = "Andres Loeh <ksnixos@andres-loeh.de>";
antono = "Antono Vasiljev <self@antono.info>";
astsmtl = "Alexander Tsamutali <astsmtl@yandex.ru>";
aszlig = "aszlig <aszlig@redmoonstudios.org>";
bbenoist = "Baptist BENOIST <return_0@live.com>";
bennofs = "Benno Fünfstück <benno.fuenfstueck@gmail.com>";
bjg = "Brian Gough <bjg@gnu.org>";
bjornfor = "Bjørn Forsman <bjorn.forsman@gmail.com>";
bluescreen303 = "Mathijs Kwik <mathijs@bluescreen303.nl>";
bodil = "Bodil Stokke <nix@bodil.org>";
calrama = "Moritz Maxeiner <moritz@ucworks.org>";
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
ertes = "Ertugrul Söylemez <es@ertes.de>";
emery = "Emery Hemingawy <emery@vfemail.net>";
ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
falsifian = "James Cook <james.cook@utoronto.ca>";
garbas = "Rok Garbas <rok@garbas.si>";
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
guibert = "David Guibert <david.guibert@gmail.com>";
hinton = "Tom Hinton <t@larkery.com>";
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
iElectric = "Domen Kozar <domen@dev.si>";
iyzsong = "Song Wenwu <iyzsong@gmail.com>";
jcumming = "Jack Cummings <jack@mudshark.org>";
jwiegley = "John Wiegley <johnw@newartisans.com>";
kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
lethalman = "Luca Bruno <lucabru@src.gnome.org>";
linquize = "Linquize <linquize@yahoo.com.hk>";
lovek323 = "Jason O'Conal <jason@oconal.id.au>";
ludo = "Ludovic Courtès <ludo@gnu.org>";
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
@ -40,6 +51,7 @@
matejc = "Matej Cotman <cotman.matej@gmail.com>";
modulistic = "Pablo Costa <modulistic@gmail.com>";
mornfall = "Petr Ročkai <me@mornfall.net>";
msackman = "Matthew Sackman <matthew@wellquite.org>";
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
@ -47,26 +59,34 @@
phreedom = "Evgeny Egorochkin <phreedom@yandex.ru>";
pierron = "Nicolas B. Pierron <nixos@nbp.name>";
piotr = "Piotr Pietraszkiewicz <ppietrasa@gmail.com>";
pkmx = "Chih-Mao Chen <pkmx.tw@gmail.com>";
pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
qknight = "Joachim Schiele <js@lastlog.de>";
raskin = "Michael Raskin <7c6f434c@mail.ru>";
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
rickynils = "Rickard Nilsson <rickynils@gmail.com>";
rob = "Rob Vermaas <rob.vermaas@gmail.com>";
roconnor = "Russell O'Connor <roconnor@theorem.ca>";
roelof = "Roelof Wobben <rwobben@hotmail.com>";
romildo = "José Romildo Malaquias <malaquias@gmail.com>";
rszibele = "Richard Szibele <richard_szibele@hotmail.com>";
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
shlevy = "Shea Levy <shea@shealevy.com>";
simons = "Peter Simons <simons@cryp.to>";
smironov = "Sergey Mironov <ierton@gmail.com>";
sprock = "Roger Mason <rmason@mun.ca>";
thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
vcunat = "Vladimír Čunát <vcunat@gmail.com>";
viric = "Lluís Batlle i Rossell <viric@viric.name>";
vizanto = "Danny Wilson <danny@prime.vc>";
vlstill = "Vladimír Štill <xstill@fi.muni.cz>";
winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
wizeman = "Ricardo M. Correia <rcorreia@wizy.org>";
z77z = "Marco Maggesi <maggesi@math.unifi.it>";
zef = "Zef Hemel <zef@zef.me>";
zimbatm = "zimbatm <zimbatm@zimbatm.com>";

View File

@ -14,7 +14,7 @@ rec {
addMetaAttrs {description = "Bla blah";} somePkg
*/
addMetaAttrs = newAttrs: drv:
drv // { meta = (if drv ? meta then drv.meta else {}) // newAttrs; };
drv // { meta = (drv.meta or {}) // newAttrs; };
/* Change the symbolic name of a package for presentation purposes
@ -31,11 +31,10 @@ rec {
updateName = updater: drv: drv // {name = updater (drv.name);};
/* Append a suffix to the name of a package. !!! the suffix should
really be appended *before* the version, at least most of the
time.
*/
appendToName = suffix: updateName (name: "${name}-${suffix}");
/* Append a suffix to the name of a package (before the version
part). */
appendToName = suffix: updateName (name:
let x = builtins.parseDrvName name; in "${x.name}-${suffix}-${x.version}");
/* Apply a function to each derivation and only to derivations in an attrset
@ -51,7 +50,7 @@ rec {
/* Apply lowPrio to an attrset with derivations
*/
lowPrioSet = set: mapDerivationAttrset lowPrio set;
lowPrioSet = set: mapDerivationAttrset lowPrio set;
/* Increase the nix-env priority of the package, i.e., this
@ -63,5 +62,5 @@ rec {
/* Apply hiPrio to an attrset with derivations
*/
hiPrioSet = set: mapDerivationAttrset hiPrio set;
}

View File

@ -12,7 +12,7 @@ rec {
and config: the nested set of all option values. */
evalModules = { modules, prefix ? [], args ? {}, check ? true }:
let
args' = args // result;
args' = args // { lib = import ./.; } // result;
closed = closeModules modules args';
# Note: the list of modules is reversed to maintain backward
# compatibility with the old module system. Not sure if this is
@ -155,8 +155,14 @@ rec {
let
# Process mkOverride properties, adding in the default
# value specified in the option declaration (if any).
defsFinal = filterOverrides
defsFinal' = filterOverrides
((if opt ? default then [{ file = head opt.declarations; value = mkOptionDefault opt.default; }] else []) ++ defs);
# Sort mkOrder properties.
defsFinal =
# Avoid sorting if we don't have to.
if any (def: def.value._type or "" == "order") defsFinal'
then sortProperties defsFinal'
else defsFinal';
files = map (def: def.file) defsFinal;
# Type-check the remaining definitions, and merge them if
# possible.
@ -180,7 +186,7 @@ rec {
};
/* Given a config set, expand mkMerge properties, and push down the
mkIf properties into the children. The result is a list of
other properties into the children. The result is a list of
config sets that do not have properties at top-level. For
example,
@ -201,7 +207,7 @@ rec {
map (mapAttrs (n: v: mkIf cfg.condition v)) (pushDownProperties cfg.content)
else if cfg._type or "" == "override" then
map (mapAttrs (n: v: mkOverride cfg.priority v)) (pushDownProperties cfg.content)
else
else # FIXME: handle mkOrder?
[ cfg ];
/* Given a config value, expand mkMerge properties, and discharge
@ -253,6 +259,19 @@ rec {
strip = def: if def.value._type or "" == "override" then def // { value = def.value.content; } else def;
in concatMap (def: if getPrio def == highestPrio then [(strip def)] else []) defs;
/* Sort a list of properties. The sort priority of a property is
1000 by default, but can be overriden by wrapping the property
using mkOrder. */
sortProperties = defs:
let
strip = def:
if def.value._type or "" == "order"
then def // { value = def.value.content; inherit (def.value) priority; }
else def;
defs' = map strip defs;
compare = a: b: (a.priority or 1000) < (b.priority or 1000);
in sort compare defs';
/* Hack for backward compatibility: convert options of type
optionSet to configOf. FIXME: remove eventually. */
fixupOptionType = loc: opt:
@ -302,8 +321,13 @@ rec {
mkFixStrictness = id; # obsolete, no-op
# FIXME: Add mkOrder back in. It's not currently used anywhere in
# NixOS, but it should be useful.
mkOrder = priority: content:
{ _type = "order";
inherit priority content;
};
mkBefore = mkOrder 500;
mkAfter = mkOrder 1500;
/* Compatibility. */

View File

@ -10,9 +10,12 @@ rec {
cleanSource =
let filter = name: type: let baseName = baseNameOf (toString name); in ! (
# Filter out Subversion and CVS directories.
(type == "directory" && (baseName == ".git" || baseName == ".svn" || baseName == "CVS")) ||
(type == "directory" && (baseName == ".git" || baseName == ".svn" || baseName == "CVS" || baseName == ".hg")) ||
# Filter out backup files.
(lib.hasSuffix "~" baseName)
lib.hasSuffix "~" baseName ||
# Filter out generates files.
lib.hasSuffix ".o" baseName ||
lib.hasSuffix ".so" baseName
);
in src: builtins.filterSource filter src;

View File

@ -41,4 +41,13 @@ rec {
pathExists readFile isBool isFunction
isInt add sub lessThan;
# Return the Nixpkgs version number.
nixpkgsVersion =
let suffixFile = ../.version-suffix; in
readFile ../.version
+ (if pathExists suffixFile then readFile suffixFile else "pre-git");
# Whether we're being called by nix-shell. This is useful to
inNixShell = builtins.getEnv "IN_NIX_SHELL" == "1";
}

View File

@ -10,7 +10,6 @@ with import ./strings.nix;
rec {
isType = type: x: (x._type or "") == type;
typeOf = x: x._type or "";
setType = typeName: value: value // {
_type = typeName;
@ -132,7 +131,7 @@ rec {
{ inherit (def) file;
value = listToAttrs (
imap (elemIdx: elem:
{ name = "unnamed-${toString defIdx}.${toString elemIdx}";
{ name = elem.name or "unnamed-${toString defIdx}.${toString elemIdx}";
value = elem;
}) def.value);
}

View File

@ -1,45 +0,0 @@
#! /bin/sh -e
distDir=${NIX_TARBALLS_CACHE:-/tarballs}
url="$1"
file="$2"
if [ -z "$url" ]; then echo "syntax: $0 URL"; exit 0; fi
base="$(basename "$url")"
if [ -z "$base" ]; then echo "bad URL"; exit 1; fi
dstPath="$distDir/$base"
if [ -e "$dstPath" ]; then if [ -n "$VERBOSE" ]; then echo "$dstPath already exists"; fi; exit 0; fi
if [ -z "$file" ]; then
echo "downloading $url to $dstPath"
if [ -n "$DRY_RUN" ]; then exit 0; fi
declare -a res
if ! res=($(PRINT_PATH=1 nix-prefetch-url "$url")); then
exit
fi
storePath=${res[1]}
else
storePath="$file"
fi
cp $storePath "$dstPath.tmp.$$"
mv -f "$dstPath.tmp.$$" "$dstPath"
echo "hashing $dstPath"
md5=$(nix-hash --flat --type md5 "$dstPath")
ln -sfn "../$base" $distDir/md5/$md5
sha1=$(nix-hash --flat --type sha1 "$dstPath")
ln -sfn "../$base" $distDir/sha1/$sha1
sha256=$(nix-hash --flat --type sha256 "$dstPath")
ln -sfn "../$base" $distDir/sha256/$sha256
ln -sfn "../$base" $distDir/sha256/$(nix-hash --type sha256 --to-base32 "$sha256")

View File

@ -0,0 +1,95 @@
#! /run/current-system/sw/bin/perl -w
use strict;
use XML::Simple;
use File::Basename;
use File::Path;
use File::Copy 'cp';
use IPC::Open2;
use Nix::Store;
my $myDir = dirname($0);
my $tarballsCache = $ENV{'NIX_TARBALLS_CACHE'} // "/tarballs";
my $xml = `nix-instantiate --eval-only --xml --strict '<nixpkgs/maintainers/scripts/find-tarballs.nix>'`;
die "$0: evaluation failed\n" if $? != 0;
my $data = XMLin($xml) or die;
mkpath($tarballsCache);
mkpath("$tarballsCache/md5");
mkpath("$tarballsCache/sha1");
mkpath("$tarballsCache/sha256");
foreach my $file (@{$data->{list}->{attrs}}) {
my $url = $file->{attr}->{url}->{string}->{value};
my $algo = $file->{attr}->{type}->{string}->{value};
my $hash = $file->{attr}->{hash}->{string}->{value};
if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) {
print STDERR "skipping $url (unsupported scheme)\n";
next;
}
$url =~ /([^\/]+)$/;
my $fn = $1;
if (!defined $fn) {
print STDERR "skipping $url (no file name)\n";
next;
}
if ($fn =~ /[&?=%]/ || $fn =~ /^\./) {
print STDERR "skipping $url (bad character in file name)\n";
next;
}
if ($fn !~ /[a-zA-Z]/) {
print STDERR "skipping $url (no letter in file name)\n";
next;
}
if ($fn !~ /[0-9]/) {
print STDERR "skipping $url (no digit in file name)\n";
next;
}
if ($fn !~ /[-_\.]/) {
print STDERR "skipping $url (no dash/dot/underscore in file name)\n";
next;
}
my $dstPath = "$tarballsCache/$fn";
next if -e $dstPath;
print "downloading $url to $dstPath...\n";
next if $ENV{DRY_RUN};
$ENV{QUIET} = 1;
$ENV{PRINT_PATH} = 1;
my $fh;
my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
waitpid($pid, 0) or die;
if ($? != 0) {
print STDERR "failed to fetch $url: $?\n";
last if $? >> 8 == 255;
next;
}
<$fh>; my $storePath = <$fh>; chomp $storePath;
die unless -e $storePath;
cp($storePath, $dstPath) or die;
my $md5 = hashFile("md5", 0, $storePath) or die;
symlink("../$fn", "$tarballsCache/md5/$md5");
my $sha1 = hashFile("sha1", 0, $storePath) or die;
symlink("../$fn", "$tarballsCache/sha1/$sha1");
my $sha256 = hashFile("sha256", 0, $storePath) or die;
symlink("../$fn", "$tarballsCache/sha256/$sha256");
}

View File

@ -1,27 +0,0 @@
#! /bin/sh -e
urls=$(nix-instantiate --eval-only --xml --strict '<nixpkgs/maintainers/scripts/eval-release.nix>' \
| grep -A2 'name="urls"' \
| grep '<string value=' \
| sed 's/.*"\(.*\)".*/\1/' \
| sort | uniq)
for url in $urls; do
if echo "$url" | grep -q -E "www.cs.uu.nl|nixos.org|.stratego-language.org|java.sun.com|ut2004|linuxq3a|RealPlayer|Adbe|belastingdienst|microsoft|armijn/.nix|sun.com|archive.eclipse.org"; then continue; fi
# Check the URL scheme.
if ! echo "$url" | grep -q -E "^[a-z]+://"; then echo "skipping $url (no URL scheme)"; continue; fi
# Check the basename. It should include something resembling a version.
base="$(basename "$url")"
#if ! echo "$base" | grep -q -E "[-_].*[0-9].*"; then echo "skipping $url (no version)"; continue; fi
if ! echo "$base" | grep -q -E "[a-zA-Z]"; then echo "skipping $url (no letter in name)"; continue; fi
if ! echo "$base" | grep -q -E "[0-9]"; then echo "skipping $url (no digit in name)"; continue; fi
if ! echo "$base" | grep -q -E "[-_\.]"; then echo "skipping $url (no dot/underscore in name)"; continue; fi
if echo "$base" | grep -q -E "[&?=%]"; then echo "skipping $url (bad character in name)"; continue; fi
if [ "${base:0:1}" = "." ]; then echo "skipping $url (starts with a dot)"; continue; fi
$(dirname $0)/copy-tarball.sh "$url"
done
echo DONE

View File

@ -0,0 +1,45 @@
# This expression returns a list of all fetchurl calls used by all
# packages reachable from release.nix.
with import ../.. { };
with lib;
let
root = removeAttrs (import ../../pkgs/top-level/release.nix { }) [ "tarball" "unstable" ];
uniqueUrls = map (x: x.file) (genericClosure {
startSet = map (file: { key = file.url; inherit file; }) urls;
operator = const [ ];
});
urls = map (drv: { url = head drv.urls; hash = drv.outputHash; type = drv.outputHashAlgo; }) fetchurlDependencies;
fetchurlDependencies = filter (drv: drv.outputHash or "" != "" && drv ? urls) dependencies;
dependencies = map (x: x.value) (genericClosure {
startSet = map keyDrv (derivationsIn' root);
operator = { key, value }: map keyDrv (immediateDependenciesOf value);
});
derivationsIn' = x:
if !canEval x then []
else if isDerivation x then optional (canEval x.drvPath) x
else if isList x then concatLists (map derivationsIn' x)
else if isAttrs x then concatLists (mapAttrsToList (n: v: derivationsIn' v) x)
else [ ];
keyDrv = drv: if canEval drv.drvPath then { key = drv.drvPath; value = drv; } else { };
immediateDependenciesOf = drv:
concatLists (mapAttrsToList (n: v: derivationsIn v) (removeAttrs drv ["meta" "passthru"]));
derivationsIn = x:
if !canEval x then []
else if isDerivation x then optional (canEval x.drvPath) x
else if isList x then concatLists (map derivationsIn x)
else [ ];
canEval = val: (builtins.tryEval val).success;
in uniqueUrls

View File

@ -31,8 +31,7 @@ GetOptions("package|p=s" => \$filter,
"maintainer|m=s" => \$maintainer,
"file|f=s" => \$path,
"help" => sub { showHelp() }
)
or die("syntax: $0 ...\n");
) or exit 1;
# Evaluate Nixpkgs into an XML representation.
my $xml = `nix-env -f '$path' -qa '$filter' --xml --meta --drv-path`;

View File

@ -1 +0,0 @@
improvements to vsftpd module

View File

@ -237,7 +237,7 @@ postgresql.package = pkgs.postgresql90;
</section>
<section><title>Abstractions</title>
<section xml:id="sec-module-abstractions"><title>Abstractions</title>
<para>If you find yourself repeating yourself over and over, its time
to abstract. Take, for instance, this Apache HTTP Server configuration:
@ -399,7 +399,7 @@ of an expression to be spliced into a string.</para>
</section>
<section><title>Modularity</title>
<section xml:id="sec-modularity"><title>Modularity</title>
<para>The NixOS configuration mechanism is modular. If your
<filename>configuration.nix</filename> becomes too big, you can split
@ -443,8 +443,20 @@ Note that both <filename>configuration.nix</filename> and
define an option, NixOS will try to <emphasis>merge</emphasis> the
definitions. In the case of
<option>environment.systemPackages</option>, thats easy: the lists of
packages can simply be concatenated. For other types of options, a
merge may not be possible: for instance, if two modules define
packages can simply be concatenated. The value in
<filename>configuration.nix</filename> is merged last, so for
list-type options, it will appear at the end of the merged list. If
you want it to appear first, you can use <varname>mkBefore</varname>:
<programlisting>
boot.kernelModules = mkBefore [ "kvm-intel" ];
</programlisting>
This causes the <literal>kvm-intel</literal> kernel module to be
loaded before any other kernel modules.</para>
<para>For other types of options, a merge may not be possible. For
instance, if two modules define
<option>services.httpd.adminAddr</option>,
<command>nixos-rebuild</command> will give an error:
@ -526,7 +538,7 @@ nix-repl> map (x: x.hostName) config.services.httpd.virtualHosts
</section>
<section><title>Syntax summary</title>
<section xml:id="sec-nix-syntax-summary"><title>Syntax summary</title>
<para>Below is a summary of the most important syntactic constructs in
the Nix expression language. Its not complete. In particular, there
@ -718,7 +730,7 @@ manual</link> for the rest.</para>
<!--===============================================================-->
<section><title>Package management</title>
<section xml:id="sec-package-management"><title>Package management</title>
<para>This section describes how to add additional packages to your
system. NixOS has two distinct styles of package management:
@ -923,7 +935,7 @@ environment.systemPackages = [ (import ./my-hello.nix) ];
</programlisting>
where <filename>my-hello.nix</filename> contains:
<programlisting>
with &lt;nixpkgs> {}; # bring all of Nixpkgs into scope
with import &lt;nixpkgs> {}; # bring all of Nixpkgs into scope
stdenv.mkDerivation rec {
name = "hello-2.8";
@ -1025,7 +1037,6 @@ users.extraUsers.alice =
home = "/home/alice";
description = "Alice Foobar";
extraGroups = [ "wheel" ];
isSystemUser = false;
useDefaultShell = true;
openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
};
@ -1172,7 +1183,7 @@ fileSystems."/".device = "/dev/mapper/crypted";
<!--===============================================================-->
<section><title>X Window System</title>
<section xml:id="sec-x11"><title>X Window System</title>
<para>The X Window System (X11) provides the basis of NixOS graphical
user interface. It can be enabled as follows:
@ -1184,7 +1195,7 @@ driver from a set of X.org drivers (such as <literal>vesa</literal>
and <literal>intel</literal>). You can also specify a driver
manually, e.g.
<programlisting>
services.xserver.videoDrivers = [ "r128" ];
hardware.opengl.videoDrivers = [ "r128" ];
</programlisting>
to enable X.orgs <literal>xf86-video-r128</literal> driver.</para>
@ -1227,7 +1238,7 @@ $ systemctl start display-manager.service
has better 3D performance than the X.org drivers. It is not enabled
by default because its not free software. You can enable it as follows:
<programlisting>
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl.videoDrivers = [ "nvidia" ];
</programlisting>
You may need to reboot after enabling this driver to prevent a clash
with other kernel modules.</para>
@ -1264,9 +1275,9 @@ services.xserver.synaptics.twoFingerScroll = true;
<!--===============================================================-->
<section><title>Networking</title>
<section xml:id="sec-networking"><title>Networking</title>
<section><title>Secure shell access</title>
<section xml:id="sec-ssh"><title>Secure shell access</title>
<para>Secure shell (SSH) access to your machine can be enabled by
setting:
@ -1294,7 +1305,7 @@ users.extraUsers.alice.openssh.authorizedKeys.keys =
</section>
<section><title>IPv4 configuration</title>
<section xml:id="sec-ipv4"><title>IPv4 configuration</title>
<para>By default, NixOS uses DHCP (specifically,
<command>dhcpcd</command>) to automatically configure network
@ -1337,7 +1348,7 @@ provide the host name.</para>
</section>
<section><title>IPv6 configuration</title>
<section xml:id="sec-ipv6"><title>IPv6 configuration</title>
<para>IPv6 is enabled by default. Stateless address autoconfiguration
is used to automatically assign IPv6 addresses to all interfaces. You
@ -1352,17 +1363,19 @@ networking.enableIPv6 = false;
</section>
<section><title>Firewall</title>
<section xml:id="sec-firewall"><title>Firewall</title>
<para>NixOS has a simple stateful firewall that blocks incoming
connections and other unexpected packets. The firewall applies to
both IPv4 and IPv6 traffic. It can be enabled as follows:
both IPv4 and IPv6 traffic. It is enabled by default. It can be
disabled as follows:
<programlisting>
networking.firewall.enable = true;
networking.firewall.enable = false;
</programlisting>
You can open specific TCP ports to the outside world:
If the firewall is enabled, you can open specific TCP ports to the
outside world:
<programlisting>
networking.firewall.allowedTCPPorts = [ 80 443 ];
@ -1384,7 +1397,7 @@ always allowed.)</para>
</section>
<section><title>Wireless networks</title>
<section xml:id="sec-wireless"><title>Wireless networks</title>
<para>
NixOS will start wpa_supplicant for you if you enable this setting:
@ -1445,7 +1458,7 @@ networking.localCommands =
<!--===============================================================-->
<section><title>Linux kernel</title>
<section xml:id="sec-kernel-config"><title>Linux kernel</title>
<para>You can override the Linux kernel and associated packages using
the option <option>boot.kernelPackages</option>. For instance, this

View File

@ -0,0 +1,242 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="ch-containers">
<title>Containers</title>
<para>NixOS allows you to easily run other NixOS instances as
<emphasis>containers</emphasis>. Containers are a light-weight
approach to virtualisation that runs software in the container at the
same speed as in the host system. NixOS containers share the Nix store
of the host, making container creation very efficient.</para>
<warning><para>Currently, NixOS containers are not perfectly isolated
from the host system. This means that a user with root access to the
container can do things that affect the host. So you should not give
container root access to untrusted users.</para></warning>
<para>NixOS containers can be created in two ways: imperatively, using
the command <command>nixos-container</command>, and declaratively, by
specifying them in your <filename>configuration.nix</filename>. The
declarative approach implies that containers get upgraded along with
your host system when you run <command>nixos-rebuild</command>, which
is often not what you want. By contrast, in the imperative approach,
containers are configured and updated independently from the host
system.</para>
<section><title>Imperative container management</title>
<para>Well cover imperative container management using
<command>nixos-container</command> first. You create a container with
identifier <literal>foo</literal> as follows:
<screen>
$ nixos-container create foo
</screen>
This creates the containers root directory in
<filename>/var/lib/containers/foo</filename> and a small configuration
file in <filename>/etc/containers/foo.conf</filename>. It also builds
the containers initial system configuration and stores it in
<filename>/nix/var/nix/profiles/per-container/foo/system</filename>. You
can modify the initial configuration of the container on the command
line. For instance, to create a container that has
<command>sshd</command> running, with the given public key for
<literal>root</literal>:
<screen>
$ nixos-container create foo --config 'services.openssh.enable = true; \
users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"];'
</screen>
</para>
<para>Creating a container does not start it. To start the container,
run:
<screen>
$ nixos-container start foo
</screen>
This command will return as soon as the container has booted and has
reached <literal>multi-user.target</literal>. On the host, the
container runs within a systemd unit called
<literal>container@<replaceable>container-name</replaceable>.service</literal>.
Thus, if something went wrong, you can get status info using
<command>systemctl</command>:
<screen>
$ systemctl status container@foo
</screen>
</para>
<para>If the container has started succesfully, you can log in as
root using the <command>root-login</command> operation:
<screen>
$ nixos-container root-login foo
[root@foo:~]#
</screen>
Note that only root on the host can do this (since there is no
authentication). You can also get a regular login prompt using the
<command>login</command> operation, which is available to all users on
the host:
<screen>
$ nixos-container login foo
foo login: alice
Password: ***
</screen>
With <command>nixos-container run</command>, you can execute arbitrary
commands in the container:
<screen>
$ nixos-container run foo -- uname -a
Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
</screen>
</para>
<para>There are several ways to change the configuration of the
container. First, on the host, you can edit
<literal>/var/lib/container/<replaceable>name</replaceable>/etc/nixos/configuration.nix</literal>,
and run
<screen>
$ nixos-container update foo
</screen>
This will build and activate the new configuration. You can also
specify a new configuration on the command line:
<screen>
$ nixos-container update foo --config 'services.httpd.enable = true; \
services.httpd.adminAddr = "foo@example.org";'
$ curl http://$(nixos-container show-ip foo)/
&lt;!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">…
</screen>
However, note that this will overwrite the containers
<filename>/etc/nixos/configuration.nix</filename>.</para>
<para>Alternatively, you can change the configuration from within the
container itself by running <command>nixos-rebuild switch</command>
inside the container. Note that the container by default does not have
a copy of the NixOS channel, so you should run <command>nix-channel
--update</command> first.</para>
<para>Containers can be stopped and started using
<literal>nixos-container stop</literal> and <literal>nixos-container
start</literal>, respectively, or by using
<command>systemctl</command> on the containers service unit. To
destroy a container, including its file system, do
<screen>
$ nixos-container destroy foo
</screen>
</para>
</section>
<section><title>Declarative container specification</title>
<para>You can also specify containers and their configuration in the
hosts <filename>configuration.nix</filename>. For example, the
following specifies that there shall be a container named
<literal>database</literal> running PostgreSQL:
<programlisting>
containers.database =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql92;
};
};
</programlisting>
If you run <literal>nixos-rebuild switch</literal>, the container will
be built and started. If the container was already running, it will be
updated in place, without rebooting.</para>
<para>By default, declarative containers share the network namespace
of the host, meaning that they can listen on (privileged)
ports. However, they cannot change the network configuration. You can
give a container its own network as follows:
<programlisting>
containers.database =
{ privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
};
</programlisting>
This gives the container a private virtual Ethernet interface with IP
address <literal>192.168.100.11</literal>, which is hooked up to a
virtual Ethernet interface on the host with IP address
<literal>192.168.100.10</literal>. (See the next section for details
on container networking.)</para>
<para>To disable the container, just remove it from
<filename>configuration.nix</filename> and run <literal>nixos-rebuild
switch</literal>. Note that this will not delete the root directory of
the container in <literal>/var/lib/containers</literal>.</para>
</section>
<section><title>Networking</title>
<para>When you create a container using <literal>nixos-container
create</literal>, it gets it own private IPv4 address in the range
<literal>10.233.0.0/16</literal>. You can get the containers IPv4
address as follows:
<screen>
$ nixos-container show-ip foo
10.233.4.2
$ ping -c1 10.233.4.2
64 bytes from 10.233.4.2: icmp_seq=1 ttl=64 time=0.106 ms
</screen>
</para>
<para>Networking is implemented using a pair of virtual Ethernet
devices. The network interface in the container is called
<literal>eth0</literal>, while the matching interface in the host is
called <literal>c-<replaceable>container-name</replaceable></literal>
(e.g., <literal>c-foo</literal>). The container has its own network
namespace and the <literal>CAP_NET_ADMIN</literal> capability, so it
can perform arbitrary network configuration such as setting up
firewall rules, without affecting or having access to the hosts
network.</para>
<para>By default, containers cannot talk to the outside network. If
you want that, you should set up Network Address Translation (NAT)
rules on the host to rewrite container traffic to use your external
IP address. This can be accomplished using the following configuration
on the host:
<programlisting>
networking.nat.enable = true;
networking.nat.internalInterfaces = ["c-+"];
networking.nat.externalInterface = "eth0";
</programlisting>
where <literal>eth0</literal> should be replaced with the desired
external interface. Note that <literal>c-+</literal> is a wildcard
that matches all container interfaces.</para>
</section>
</chapter>

View File

@ -1,5 +1,6 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink">
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="ch-development">
<title>Development</title>
@ -9,7 +10,7 @@ NixOS.</para>
<!--===============================================================-->
<section>
<section xml:id="sec-getting-sources">
<title>Getting the sources</title>
@ -74,7 +75,7 @@ in <filename>nixos/</filename> as packages.</para>
<!--===============================================================-->
<section>
<section xml:id="sec-writing-modules">
<title>Writing NixOS modules</title>
@ -188,9 +189,9 @@ commands to be executed periodically by <command>cron</command>).</para>
<example xml:id='locate-example'><title>NixOS module for the “locate” service</title>
<programlisting>
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let locatedb = "/var/cache/locatedb"; in
@ -579,7 +580,7 @@ systemd.services.dhcpcd =
<!--===============================================================-->
<section>
<section xml:id="sec-building-parts">
<title>Building specific parts of NixOS</title>
@ -692,7 +693,7 @@ $ systemctl start tmp-httpd.service
<!--===============================================================-->
<section>
<section xml:id="sec-building-cd">
<title>Building your own NixOS CD</title>
@ -748,57 +749,310 @@ $ ./result/bin/nixos-install</screen>
<!--===============================================================-->
<section><title>Whole-system testing using virtual machines</title>
<section xml:id="sec-nixos-tests">
<para>Complete NixOS GNU/Linux systems can be tested in virtual
machines (VMs). This makes it possible to test a system upgrade or
configuration change before rebooting into it, using the
<command>nixos-rebuild build-vm</command> or <command>nixos-rebuild
build-vm-with-bootloader</command> command.</para>
<title>NixOS tests</title>
<!-- The following is adapted from
http://wiki.nixos.org/wiki/NixOS_VM_tests, by Eelco Dolstra. -->
<para>The <filename>tests/</filename> directory in the NixOS source
tree contains several <emphasis>whole-system unit tests</emphasis>.
These tests can be run<footnote><para>NixOS tests can be run both from
NixOS and from a non-NixOS GNU/Linux distribution, provided the Nix
package manager is installed.</para></footnote> from the NixOS source
tree as follows:
<para>When you add some feature to NixOS, you should write a test for
it. NixOS tests are kept in the directory <filename
xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/tests">nixos/tests</filename>,
and are executed (using Nix) by a testing framework that automatically
starts one or more virtual machines containing the NixOS system(s)
required for the test.</para>
<simplesect><title>Writing tests</title>
<para>A NixOS test is a Nix expression that has the following structure:
<programlisting>
import ./make-test.nix {
# Either the configuration of a single machine:
machine =
{ config, pkgs, ... }:
{ <replaceable>configuration…</replaceable>
};
# Or a set of machines:
nodes =
{ <replaceable>machine1</replaceable> =
{ config, pkgs, ... }: { <replaceable></replaceable> };
<replaceable>machine2</replaceable> =
{ config, pkgs, ... }: { <replaceable></replaceable> };
};
testScript =
''
<replaceable>Perl code…</replaceable>
'';
}
</programlisting>
The attribute <literal>testScript</literal> is a bit of Perl code that
executes the test (described below). During the test, it will start
one or more virtual machines, the configuration of which is described
by the attribute <literal>machine</literal> (if you need only one
machine in your test) or by the attribute <literal>nodes</literal> (if
you need multiple machines). For instance, <filename
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix">login.nix</filename>
only needs a single machine to test whether users can log in on the
virtual console, whether device ownership is correctly maintained when
switching between consoles, and so on. On the other hand, <filename
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/nfs.nix">nfs.nix</filename>,
which tests NFS client and server functionality in the Linux kernel
(including whether locks are maintained across server crashes),
requires three machines: a server and two clients.</para>
<para>There are a few special NixOS configuration options for test
VMs:
<!-- FIXME: would be nice to generate this automatically. -->
<variablelist>
<varlistentry>
<term><option>virtualisation.memorySize</option></term>
<listitem><para>The memory of the VM in
megabytes.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>virtualisation.vlans</option></term>
<listitem><para>The virtual networks to which the VM is
connected. See <filename
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/nat.nix">nat.nix</filename>
for an example.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>virtualisation.writableStore</option></term>
<listitem><para>By default, the Nix store in the VM is not
writable. If you enable this option, a writable union file system
is mounted on top of the Nix store to make it appear
writable. This is necessary for tests that run Nix operations that
modify the store.</para></listitem>
</varlistentry>
</variablelist>
For more options, see the module <filename
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/qemu-vm.nix">qemu-vm.nix</filename>.</para>
<para>The test script is a sequence of Perl statements that perform
various actions, such as starting VMs, executing commands in the VMs,
and so on. Each virtual machine is represented as an object stored in
the variable <literal>$<replaceable>name</replaceable></literal>,
where <replaceable>name</replaceable> is the identifier of the machine
(which is just <literal>machine</literal> if you didnt specify
multiple machines using the <literal>nodes</literal> attribute). For
instance, the following starts the machine, waits until it has
finished booting, then executes a command and checks that the output
is more-or-less correct:
<programlisting>
$machine->start;
$machine->waitForUnit("default.target");
$machine->succeed("uname") =~ /Linux/;
</programlisting>
The first line is actually unnecessary; machines are implicitly
started when you first execute an action on them (such as
<literal>waitForUnit</literal> or <literal>succeed</literal>). If you
have multiple machines, you can speed up the test by starting them in
parallel:
<programlisting>
startAll;
</programlisting>
</para>
<para>The following methods are available on machine objects:
<variablelist>
<varlistentry>
<term><methodname>start</methodname></term>
<listitem><para>Start the virtual machine. This method is
asynchronous — it does not wait for the machine to finish
booting.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>shutdown</methodname></term>
<listitem><para>Shut down the machine, waiting for the VM to
exit.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>crash</methodname></term>
<listitem><para>Simulate a sudden power failure, by telling the VM
to exit immediately.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>block</methodname></term>
<listitem><para>Simulate unplugging the Ethernet cable that
connects the machine to the other machines.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>unblock</methodname></term>
<listitem><para>Undo the effect of
<methodname>block</methodname>.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>screenshot</methodname></term>
<listitem><para>Take a picture of the display of the virtual
machine, in PNG format. The screenshot is linked from the HTML
log.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>sendMonitorCommand</methodname></term>
<listitem><para>Send a command to the QEMU monitor. This is rarely
used, but allows doing stuff such as attaching virtual USB disks
to a running machine.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>sendKeys</methodname></term>
<listitem><para>Simulate pressing keys on the virtual keyboard,
e.g., <literal>sendKeys("ctrl-alt-delete")</literal>.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>sendChars</methodname></term>
<listitem><para>Simulate typing a sequence of characters on the
virtual keyboard, e.g., <literal>sendKeys("foobar\n")</literal>
will type the string <literal>foobar</literal> followed by the
Enter key.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>execute</methodname></term>
<listitem><para>Execute a shell command, returning a list
<literal>(<replaceable>status</replaceable>,
<replaceable>stdout</replaceable>)</literal>.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>succeed</methodname></term>
<listitem><para>Execute a shell command, raising an exception if
the exit status is not zero, otherwise returning the standard
output.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>fail</methodname></term>
<listitem><para>Like <methodname>succeed</methodname>, but raising
an exception if the command returns a zero status.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>waitUntilSucceeds</methodname></term>
<listitem><para>Repeat a shell command with 1-second intervals
until it succeeds.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>waitUntilFails</methodname></term>
<listitem><para>Repeat a shell command with 1-second intervals
until it fails.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>waitForUnit</methodname></term>
<listitem><para>Wait until the specified systemd unit has reached
the “active” state.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>waitForFile</methodname></term>
<listitem><para>Wait until the specified file
exists.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>waitForOpenPort</methodname></term>
<listitem><para>Wait until a process is listening on the given TCP
port (on <literal>localhost</literal>, at least).</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>waitForClosedPort</methodname></term>
<listitem><para>Wait until nobody is listening on the given TCP
port.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>waitForX</methodname></term>
<listitem><para>Wait until the X11 server is accepting
connections.</para></listitem>
</varlistentry>
<varlistentry>
<term><methodname>waitForWindow</methodname></term>
<listitem><para>Wait until an X11 window has appeared whose name
matches the given regular expression, e.g.,
<literal>waitForWindow(qr/Terminal/)</literal>.</para></listitem>
</varlistentry>
</variablelist>
</para>
</simplesect>
<simplesect><title>Running tests</title>
<para>You can run tests using <command>nix-build</command>. For
example, to run the test <filename
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix">login.nix</filename>,
you just do:
<screen>
$ nix-build tests/ -A nfs.test
$ nix-build '&lt;nixpkgs/nixos/tests/login.nix>'
</screen>
This performs an automated test of the NFS client and server
functionality in the Linux kernel, including file locking semantics
(e.g., whether locks are maintained across server crashes). It will
first build or download all the dependencies of the test (e.g., all
packages needed to run a NixOS VM). The test is defined in <link
xlink:href="https://nixos.org/repos/nix/nixos/trunk/tests/nfs.nix">
<filename>tests/nfs.nix</filename></link>. If the test succeeds,
<command>nix-build</command> will place a symlink
<filename>./result</filename> in the current directory pointing at the
location in the Nix store of the test results (e.g., screenshots, test
reports, and so on). In particular, a pretty-printed log of the test
is written to <filename>log.html</filename>, which can be viewed using
a web browser like this:
or, if you dont want to rely on <envar>NIX_PATH</envar>:
<screen>
$ cd /my/nixpkgs/nixos/tests
$ nix-build login.nix
running the VM test script
machine: QEMU running (pid 8841)
6 out of 6 tests succeeded
</screen>
After building/downloading all required dependencies, this will
perform a build that starts a QEMU/KVM virtual machine containing a
NixOS system. The virtual machine mounts the Nix store of the host;
this makes VM creation very fast, as no disk image needs to be
created. Afterwards, you can view a pretty-printed log of the test:
<screen>
$ firefox result/log.html
</screen>
</para>
<para>It is also possible to run the test environment interactively,
allowing you to experiment with the VMs. For example:
<screen>
$ nix-build tests/ -A nfs.driver
$ nix-build login.nix -A driver
$ ./result/bin/nixos-run-vms
</screen>
The script <command>nixos-run-vms</command> starts the three virtual
machines defined in the NFS test using QEMU/KVM. The root file system
of the VMs is created on the fly and kept across VM restarts in
The script <command>nixos-run-vms</command> starts the virtual
machines defined by test. The root file system of the VMs is created
on the fly and kept across VM restarts in
<filename>./</filename><varname>hostname</varname><filename>.qcow2</filename>.</para>
<para>Finally, the test itself can be run interactively. This is
@ -811,17 +1065,11 @@ starting VDE switch for network 1
&gt;
</screen>
Perl statements can now be typed in to start or manipulate the VMs:
You can then take any Perl statement, e.g.
<screen>
&gt; startAll;
(the VMs start booting)
&gt; $server-&gt;waitForJob("nfs-kernel-nfsd");
&gt; $client1-&gt;succeed("flock -x /data/lock -c 'sleep 100000' &amp;");
&gt; $client2-&gt;fail("flock -n -s /data/lock true");
&gt; $client1-&gt;shutdown;
(this releases client1's lock)
&gt; $client2-&gt;succeed("flock -n -s /data/lock true");
&gt; startAll
&gt; $machine->succeed("touch /tmp/foo")
</screen>
The function <command>testScript</command> executes the entire test
@ -829,54 +1077,7 @@ script and drops you back into the test driver command line upon its
completion. This allows you to inspect the state of the VMs after the
test (e.g. to debug the test script).</para>
<para>This and other tests are continuously run on <link
xlink:href="http://hydra.nixos.org/jobset/nixos/trunk">the Hydra
instance at <literal>nixos.org</literal></link>, which allows
developers to be notified of any regressions introduced by a NixOS or
Nixpkgs change.</para>
<para>The actual Nix programming interface to VM testing is in NixOS,
under <link
xlink:href="https://nixos.org/repos/nix/nixos/trunk/lib/testing.nix">
<filename>lib/testing.nix</filename></link>. This file defines a
function which takes an attribute set containing a
<literal>nixpkgs</literal> attribute (the path to a Nixpkgs checkout),
and a <literal>system</literal> attribute (the system type). It
returns an attribute set containing several utility functions, among
which the main entry point is <literal>makeTest</literal>.
</para>
<para>The <literal>makeTest</literal> function takes a function
similar to that found in <link
xlink:href="https://nixos.org/repos/nix/nixos/trunk/tests/nfs.nix">
<filename>tests/nfs.nix</filename></link> (discussed above). It
returns an attribute set containing (among others):
<variablelist>
<varlistentry>
<term><varname>test</varname></term>
<listitem><para>A derivation containing the test log as an HTML
file, as seen above, suitable for presentation in the Hydra
continuous build system.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>report</varname></term>
<listitem><para>A derivation containing a code coverage report, with
meta-data suitable for Hydra.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>driver</varname></term>
<listitem><para>A derivation containing scripts to run the VM test or
interact with the VM network interactively, as seen above.</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</simplesect>
</section>

View File

@ -1,12 +1,13 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink">
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="ch-installation">
<title>Installing NixOS</title>
<!--===============================================================-->
<section>
<section xml:id="sec-obtaining">
<title>Obtaining NixOS</title>
@ -50,7 +51,7 @@ running NixOS system through several other means:
<!--===============================================================-->
<section>
<section xml:id="sec-installation">
<title>Installation</title>
@ -295,8 +296,74 @@ $ reboot</screen>
}</screen>
</example>
<section xml:id="sec-uefi-installation">
<title>UEFI Installation</title>
<para>NixOS can also be installed on UEFI systems. The procedure
is by and large the same as a BIOS installation, with the following
changes:
<itemizedlist>
<listitem>
<para>You should boot the live CD in UEFI mode (consult your
specific hardware's documentation for instructions).</para>
</listitem>
<listitem>
<para>Instead of <command>fdisk</command>, you should use
<command>gdisk</command> to partition your disks. You will need to
have a separate partition for <filename>/boot</filename> with
partition code EF00, and it should be formatted as a
<literal>vfat</literal> filesystem.</para>
</listitem>
<listitem>
<para>You must set <option>boot.loader.gummiboot.enable</option> to
<literal>true</literal>, and <option>boot.loader.grub.enable</option>
to <literal>false</literal>. <command>nixos-generate-config</command>
should do this automatically for new configurations when booted in
UEFI mode.</para>
</listitem>
<listitem>
<para>You may want to look at the options starting with
<option>boot.loader.efi</option> and <option>boot.loader.gummiboot</option>
as well.</para>
</listitem>
<listitem>
<para>To see console messages during early boot, add <literal>"fbcon"</literal>
to your <option>boot.initrd.kernelModules</option>.</para>
</listitem>
</itemizedlist>
</para>
</section>
<section>
<title xml:id="sec-booting-from-usb">Booting from a USB stick</title>
<para>For systems withoua CD drive, the NixOS livecd can be booted from
a usb stick. For non-UEFI installations,
<link xlink:href="http://unetbootin.sourceforge.net/">unetbootin</link>
will work. For UEFI installations, you should mount the ISO, copy its contents
verbatim to your drive, then either:
<itemizedlist>
<listitem>
<para>Change the label of the disk partition to the label of the ISO
(visible with the blkid command), or</para>
</listitem>
<listitem>
<para>Edit <filename>loader/entries/nixos-livecd.conf</filename> on the drive
and change the <literal>root=</literal> field in the <literal>options</literal>
line to point to your drive (see the documentation on <literal>root=</literal>
in <link xlink:href="https://www.kernel.org/doc/Documentation/kernel-parameters.txt">
the kernel documentation</link> for more details).</para>
</listitem>
</itemizedlist>
</para>
</section>
</section>
<!--===============================================================-->

View File

@ -54,10 +54,14 @@
<xi:include href="running.xml" />
<!-- <xi:include href="userconfiguration.xml" /> -->
<xi:include href="troubleshooting.xml" />
<xi:include href="containers.xml" />
<xi:include href="development.xml" />
<chapter xml:id="ch-options">
<title>List of options</title>
<xi:include href="release-notes.xml" />
<appendix xml:id="ch-options">
<title>Configuration options</title>
<xi:include href="options-db.xml" />
</chapter>
</appendix>
</book>

View File

@ -18,15 +18,13 @@
<variablelist>
<xsl:for-each select="attrs">
<xsl:variable name="id" select="concat('opt-', str:replace(str:replace(str:replace(str:replace(attr[@name = 'name']/string/@value, '*', '_'), '&lt;', '_'), '>', '_'), '?', '_'))" />
<varlistentry>
<term>
<option>
<xsl:for-each select="attr[@name = 'name']/string">
<xsl:value-of select="@value" />
<xsl:if test="position() != last()">.</xsl:if>
</xsl:for-each>
</option>
<term xlink:href="#{$id}">
<xsl:attribute name="xml:id"><xsl:value-of select="$id"/></xsl:attribute>
<option>
<xsl:value-of select="attr[@name = 'name']/string/@value" />
</option>
</term>
<listitem>

View File

@ -0,0 +1,84 @@
<appendix xmlns="http://docbook.org/ns/docbook"
xml:id="ch-release-notes">
<title>Release notes</title>
<!--==================================================================-->
<section xml:id="sec-release-14.04">
<title>Release 14.04 (“Baboon”, 2014/04/??)</title>
<para>This is the second stable release branch of NixOS. The main
enhancements are the following:
<itemizedlist>
<listitem><para>Installation on UEFI systems is now supported. See
<xref linkend="sec-uefi-installation"/> for
details.</para></listitem>
<listitem><para>NixOS is now based on Glibc 2.19 and GCC
4.8.</para></listitem>
</itemizedlist>
</para>
<para>When upgrading from a previous release, please be aware of the
following incompatible changes:
<itemizedlist>
<listitem><para>Nixpkgs no longer exposes unfree packages by
default. If your NixOS configuration requires unfree packages from
Nixpkgs, you need to enable support for them explicitly by setting:
<programlisting>
nixpkgs.config.allowUnfree = true;
</programlisting>
Otherwise, you get an error message such as:
<screen>
error: package nvidia-x11-331.49-3.12.17 in ‘…/nvidia-x11/default.nix:56
has an unfree license, refusing to evaluate
</screen>
</para></listitem>
<listitem><para>The firewall is now enabled by default. If you dont
want this, you need to disable it explicitly:
<programlisting>
networking.firewall.enable = false;
</programlisting>
</para></listitem>
<listitem><para>The option
<option>boot.loader.grub.memtest86</option> has been renamed to
<option>boot.loader.grub.memtest86.enable</option>.</para></listitem>
<listitem><para>The <literal>mysql55</literal> service has been
merged into the <literal>mysql</literal> service, which no longer
sets a default for the option
<option>services.mysql.package</option>.</para></listitem>
</itemizedlist>
</para>
</section>
<!--==================================================================-->
<section xml:id="sec-release-13.10">
<title>Release 13.10 (“Aardvark”, 2013/10/31)</title>
<para>This is the first stable release branch of NixOS.</para>
</section>
</appendix>

View File

@ -11,7 +11,7 @@ service manager.</para>
<!--===============================================================-->
<section><title>Service management</title>
<section xml:id="sec-systemctl"><title>Service management</title>
<para>In NixOS, all system services are started and monitored using
the systemd program. Systemd is the “init” process of the system
@ -92,7 +92,7 @@ necessary).</para>
<!--===============================================================-->
<section><title>Rebooting and shutting down</title>
<section xml:id="sec-rebooting"><title>Rebooting and shutting down</title>
<para>The system can be shut down (and automatically powered off) by
doing:
@ -134,7 +134,7 @@ authentication.</para>
<!--===============================================================-->
<section><title>User sessions</title>
<section xml:id="sec-user-sessions"><title>User sessions</title>
<para>Systemd keeps track of all users who are logged into the system
(e.g. on a virtual console or remotely via SSH). The command
@ -185,7 +185,7 @@ $ loginctl terminate-session c3
<!--===============================================================-->
<section><title>Control groups</title>
<section xml:id="sec-cgroups"><title>Control groups</title>
<para>To keep track of the processes in a running system, systemd uses
<emphasis>control groups</emphasis> (cgroups). A control group is a
@ -258,7 +258,7 @@ usage.</para>
<!--===============================================================-->
<section><title>Logging</title>
<section xml:id="sec-logging"><title>Logging</title>
<para>System-wide logging is provided by systemds
<emphasis>journal</emphasis>, which subsumes traditional logging
@ -308,7 +308,7 @@ groups. All users have a private journal that can be read using
<!--===============================================================-->
<section><title>Cleaning up the Nix store</title>
<section xml:id="sec-nix-gc"><title>Cleaning up the Nix store</title>
<para>Nix has a purely functional model, meaning that packages are
never upgraded in place. Instead new versions of packages end up in a

View File

@ -1,12 +1,13 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink">
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="ch-troubleshooting">
<title>Troubleshooting</title>
<!--===============================================================-->
<section><title>Boot problems</title>
<section xml:id="sec-boot-problems"><title>Boot problems</title>
<para>If NixOS fails to boot, there are a number of kernel command
line parameters that may help you to identify or fix the issue. You
@ -69,7 +70,7 @@ unless something is very wrong.)</para>
<!--===============================================================-->
<section><title>Maintenance mode</title>
<section xml:id="sec-maintenance-mode"><title>Maintenance mode</title>
<para>You can enter rescue mode by running:
@ -85,7 +86,7 @@ just exit from the rescue shell.</para>
<!--===============================================================-->
<section><title>Rolling back configuration changes</title>
<section xml:id="sec-rollback"><title>Rolling back configuration changes</title>
<para>After running <command>nixos-rebuild</command> to switch to a
new configuration, you may find that the new configuration doesnt
@ -131,7 +132,7 @@ lrwxrwxrwx 1 root root 78 Aug 12 13:54 /nix/var/nix/profiles/system-268-link ->
<!--===============================================================-->
<section><title>Nix store corruption</title>
<section xml:id="sec-nix-store-corruption"><title>Nix store corruption</title>
<para>After a system crash, its possible for files in the Nix store
to become corrupted. (For instance, the Ext4 file system has the
@ -166,7 +167,7 @@ binary cache; otherwise, they cannot be repaired.</para>
<!--===============================================================-->
<section><title>Nix network issues</title>
<section xml:id="sec-nix-network-issues"><title>Nix network issues</title>
<para>Nix uses a so-called <emphasis>binary cache</emphasis> to
optimise building a package from source into downloading it as a

View File

@ -26,10 +26,15 @@ rec {
# These are the extra arguments passed to every module. In
# particular, Nixpkgs is passed through the "pkgs" argument.
# FIXME: we enable config.allowUnfree to make packages like
# nvidia-x11 available. This isn't a problem because if the user has
# nixpkgs.config.allowUnfree = false, then evaluation will fail on
# the 64-bit package anyway. However, it would be cleaner to respect
# nixpkgs.config here.
extraArgs = extraArgs_ // {
inherit pkgs modules baseModules;
modulesPath = ../modules;
pkgs_i686 = import ./nixpkgs.nix { system = "i686-linux"; };
pkgs_i686 = import ./nixpkgs.nix { system = "i686-linux"; config.allowUnfree = true; };
utils = import ./utils.nix pkgs;
};
@ -53,7 +58,7 @@ rec {
inherit system extraArgs modules prefix;
# For efficiency, leave out most NixOS modules; they don't
# define nixpkgs.config, so it's pointless to evaluate them.
baseModules = [ ../modules/misc/nixpkgs.nix ];
baseModules = [ ../modules/misc/nixpkgs.nix ../modules/config/no-x-libs.nix ];
pkgs = import ./nixpkgs.nix { system = system_; config = {}; };
check = false;
}).config.nixpkgs;

View File

@ -495,7 +495,9 @@ sub waitForX {
my ($self, $regexp) = @_;
$self->nest("waiting for the X11 server", sub {
retry sub {
my ($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1");
my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'session opened'");
return 0 if $status != 0;
($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1");
return 1 if $status == 0;
}
});

View File

@ -144,6 +144,13 @@ sub runTests {
}
});
$log->nest("syncing", sub {
foreach my $vm (values %vms) {
next unless $vm->isUp();
$vm->execute("sync");
}
});
if ($nrTests != 0) {
$log->log("$nrSucceeded out of $nrTests tests succeeded",
($nrSucceeded < $nrTests ? { error => 1 } : { }));

View File

@ -67,103 +67,55 @@ rec {
};
# Generate a coverage report from the coverage data produced by
# runTests.
makeReport = x: runCommand "report" { buildInputs = [rsync]; }
''
mkdir -p $TMPDIR/gcov/
makeTest =
{ testScript, makeCoverageReport ? false, ... } @ t:
for d in ${x}/coverage-data/*; do
echo "doing $d"
[ -n "$(ls -A "$d")" ] || continue
let
for i in $(cd $d/nix/store && ls); do
if ! test -e $TMPDIR/gcov/nix/store/$i; then
echo "copying $i"
mkdir -p $TMPDIR/gcov/$(echo $i | cut -c34-)
rsync -rv /nix/store/$i/.build/* $TMPDIR/gcov/
fi
done
nodes = buildVirtualNetwork (
t.nodes or (if t ? machine then { machine = t.machine; } else { }));
chmod -R u+w $TMPDIR/gcov
testScript' =
# Call the test script with the computed nodes.
if builtins.isFunction testScript
then testScript { inherit nodes; }
else testScript;
find $TMPDIR/gcov -name "*.gcda" -exec rm {} \;
vlans = map (m: m.config.virtualisation.vlans) (lib.attrValues nodes);
for i in $(cd $d/nix/store && ls); do
rsync -rv $d/nix/store/$i/.build/* $TMPDIR/gcov/
done
vms = map (m: m.config.system.build.vm) (lib.attrValues nodes);
find $TMPDIR/gcov -name "*.gcda" -exec chmod 644 {} \;
# Generate onvenience wrappers for running the test driver
# interactively with the specified network, and for starting the
# VMs from the command line.
driver = runCommand "nixos-test-driver"
{ buildInputs = [ makeWrapper];
testScript = testScript';
preferLocalBuild = true;
}
''
mkdir -p $out/bin
echo "$testScript" > $out/test-script
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/
vms="$(for i in ${toString vms}; do echo $i/bin/run-*-vm; done)"
wrapProgram $out/bin/nixos-test-driver \
--add-flags "$vms" \
--run "testScript=\"\$(cat $out/test-script)\"" \
--set testScript '"$testScript"' \
--set VLANS '"${toString vlans}"'
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms
wrapProgram $out/bin/nixos-run-vms \
--add-flags "$vms" \
--set tests '"startAll; joinAll;"' \
--set VLANS '"${toString vlans}"' \
${lib.optionalString (builtins.length vms == 1) "--set USE_SERIAL 1"}
''; # "
echo "producing info..."
${pkgs.lcov}/bin/geninfo --ignore-errors source,gcov $TMPDIR/gcov --output-file $TMPDIR/app.info
cat $TMPDIR/app.info >> $TMPDIR/full.info
done
test = runTests driver;
echo "making report..."
mkdir -p $out/coverage
${pkgs.lcov}/bin/genhtml --show-details $TMPDIR/full.info -o $out/coverage
cp $TMPDIR/full.info $out/coverage/
report = releaseTools.gcovReport { coverageRuns = [ test ]; };
mkdir -p $out/nix-support
cat ${x}/nix-support/hydra-build-products >> $out/nix-support/hydra-build-products
echo "report coverage $out/coverage" >> $out/nix-support/hydra-build-products
[ ! -e ${x}/nix-support/failed ] || touch $out/nix-support/failed
''; # */
makeTest = testFun: complete (call testFun);
makeTests = testsFun: lib.mapAttrs (name: complete) (call testsFun);
apply = makeTest; # compatibility
call = f: f { inherit pkgs system; };
complete = t: t // rec {
nodes = buildVirtualNetwork (
if t ? nodes then t.nodes else
if t ? machine then { machine = t.machine; }
else { } );
testScript =
# Call the test script with the computed nodes.
if builtins.isFunction t.testScript
then t.testScript { inherit nodes; }
else t.testScript;
vlans = map (m: m.config.virtualisation.vlans) (lib.attrValues nodes);
vms = map (m: m.config.system.build.vm) (lib.attrValues nodes);
# Generate onvenience wrappers for running the test driver
# interactively with the specified network, and for starting the
# VMs from the command line.
driver = runCommand "nixos-test-driver"
{ buildInputs = [ makeWrapper];
inherit testScript;
preferLocalBuild = true;
}
''
mkdir -p $out/bin
echo "$testScript" > $out/test-script
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/
vms="$(for i in ${toString vms}; do echo $i/bin/run-*-vm; done)"
wrapProgram $out/bin/nixos-test-driver \
--add-flags "$vms" \
--run "testScript=\"\$(cat $out/test-script)\"" \
--set testScript '"$testScript"' \
--set VLANS '"${toString vlans}"'
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms
wrapProgram $out/bin/nixos-run-vms \
--add-flags "$vms" \
--set tests '"startAll; joinAll;"' \
--set VLANS '"${toString vlans}"' \
${lib.optionalString (builtins.length vms == 1) "--set USE_SERIAL 1"}
''; # "
test = runTests driver;
report = makeReport test;
};
in (if makeCoverageReport then report else test) // { inherit driver test; };
runInMachine =
@ -193,7 +145,7 @@ rec {
exit $?
'';
testscript = ''
testScript = ''
startAll;
$client->waitForUnit("multi-user.target");
${preBuild}
@ -206,7 +158,7 @@ rec {
${coreutils}/bin/mkdir $out
${coreutils}/bin/mkdir -p vm-state-client/xchg
export > vm-state-client/xchg/saved-env
export tests='${testscript}'
export tests='${testScript}'
${testDriver}/bin/nixos-test-driver ${vm.config.system.build.vm}/bin/run-*-vm
''; # */

View File

@ -203,7 +203,7 @@ f = open("{0}.{1}.ami-id".format(args.region, image_type), "w")
f.write("{0}".format(ami_id))
f.close()
for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1']:
for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'sa-east-1']:
if args.region != dest:
print >> sys.stderr, "copying image from region {0} to {1}".format(args.region, dest)
conn = boto.ec2.connect_to_region(dest)

View File

@ -0,0 +1,14 @@
#! /bin/sh -e
export NIX_PATH=nixpkgs=../../../..
export NIXOS_CONFIG=$(dirname $(readlink -f $0))/../../../modules/virtualisation/google-compute-image.nix
export TIMESTAMP=$(date +%Y%m%d%H%M)
nix-build '<nixpkgs/nixos>' \
-A config.system.build.googleComputeImage --argstr system x86_64-linux -o gce --option extra-binary-caches http://hydra.nixos.org -j 10
img=$(echo gce/*.tar.gz)
if ! gsutil ls gs://nixos/$(basename $img); then
gsutil cp $img gs://nixos/$(basename $img)
fi
gcutil addimage $(basename $img .raw.tar.gz | sed 's|\.|-|' | sed 's|_|-|') gs://nixos/$(basename $img)

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{
options = {
@ -36,7 +36,7 @@ with pkgs.lib;
# GNU lsh.
services.openssh.enable = false;
services.lshd.enable = true;
services.xserver.startOpenSSHAgent = false;
programs.ssh.startAgent = false;
services.xserver.startGnuPGAgent = true;
# TODO: GNU dico.

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let
@ -53,7 +53,11 @@ in
};
consoleKeyMap = mkOption {
type = types.str;
type = mkOptionType {
name = "string or path";
check = t: (isString t || types.path.check t);
};
default = "us";
example = "fr";
description = ''
@ -72,7 +76,12 @@ in
environment.systemPackages = [ glibcLocales ];
environment.variables.LANG = config.i18n.defaultLocale;
environment.variables =
{ LANG = config.i18n.defaultLocale;
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
};
systemd.globalEnvironment.LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
# /etc/locale.conf is used by systemd.
environment.etc = singleton

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
with pkgs;
let

View File

@ -1,8 +1,8 @@
# /etc files related to networking, such as /etc/services.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -1,6 +1,9 @@
{ config, pkgs, ... }:
# This module gets rid of all dependencies on X11 client libraries
# (including fontconfig).
with pkgs.lib;
{ config, lib, pkgs, ... }:
with lib;
{
options = {
@ -8,18 +11,22 @@ with pkgs.lib;
type = types.bool;
default = false;
description = ''
Switch off the options in the default configuration that require X libraries.
Currently this includes: ssh X11 forwarding, dbus, fonts.enableCoreFonts,
fonts.enableFontConfig
Switch off the options in the default configuration that
require X11 libraries. This includes client-side font
configuration and SSH forwarding of X11 authentication
in. Thus, you probably do not want to enable this option if
you want to run X11 programs on this machine via SSH.
'';
};
};
config = mkIf config.environment.noXlibs {
programs.ssh.setXAuthLocation = false;
fonts = {
enableCoreFonts = false;
enableFontConfig = false;
};
security.pam.services.su.forwardXAuth = lib.mkForce false;
fonts.enableFontConfig = false;
nixpkgs.config.packageOverrides = pkgs:
{ dbus = pkgs.dbus.override { useX11 = false; }; };
};
}

View File

@ -1,8 +1,8 @@
# Configuration for the Name Service Switch (/etc/nsswitch.conf).
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let
@ -65,14 +65,7 @@ in
config = mkIf cfg.enable {
# Enable the ACPI daemon. Not sure whether this is essential.
services.acpid.enable = true;
boot.kernelModules =
[ "acpi_cpufreq" "powernow-k8" "cpufreq_performance" "cpufreq_powersave" "cpufreq_ondemand"
"cpufreq_conservative"
];
# FIXME: Implement powersave governor for sandy bridge or later Intel CPUs
powerManagement.cpuFreqGovernor = mkDefault "ondemand";
powerManagement.scsiLinkPolicy = mkDefault "min_power";

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
with pkgs;
let
@ -77,7 +77,7 @@ in {
};
package = mkOption {
type = types.path;
type = types.package;
default = pulseaudio;
example = literalExample "pulseaudio.override { jackaudioSupport = true; }";
description = ''

View File

@ -1,9 +1,9 @@
# This module defines a global environment configuration and
# a common configuration for all shells.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -1,6 +1,6 @@
{ config, pkgs, utils, ... }:
{ config, lib, pkgs, utils, ... }:
with pkgs.lib;
with lib;
with utils;
{

View File

@ -1,12 +1,12 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let
sysctlOption = mkOptionType {
name = "sysctl option value";
check = x: isBool x || isString x || isInt x;
check = x: isBool x || isString x || isInt x || isNull x;
merge = args: defs: (last defs).value; # FIXME: hacky way to allow overriding in configuration.nix.
};
@ -29,8 +29,9 @@ in
<manvolnum>8</manvolnum></citerefentry>. Note that sysctl
parameters names must be enclosed in quotes
(e.g. <literal>"vm.swappiness"</literal> instead of
<literal>vm.swappiness</literal>). The value of each parameter
may be a string, integer or Boolean.
<literal>vm.swappiness</literal>). The value of each
parameter may be a string, integer, boolean, or null
(signifying the option will not appear at all).
'';
};
@ -39,22 +40,13 @@ in
config = {
environment.etc."sysctl.d/nixos.conf".text =
concatStrings (mapAttrsToList (n: v: "${n}=${if v == false then "0" else toString v}\n") config.boot.kernel.sysctl);
concatStrings (mapAttrsToList (n: v:
optionalString (v != null) "${n}=${if v == false then "0" else toString v}\n"
) config.boot.kernel.sysctl);
systemd.services.systemd-sysctl =
{ description = "Apply Kernel Variables";
before = [ "sysinit.target" "shutdown.target" ];
wantedBy = [ "sysinit.target" "multi-user.target" ];
{ wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."sysctl.d/nixos.conf".source ];
unitConfig = {
DefaultDependencies = false; # needed to prevent a cycle
ConditionPathIsReadWrite = "/proc/sys/"; # prevent systemd-sysctl in containers
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${config.systemd.package}/lib/systemd/systemd-sysctl";
};
};
# Enable hardlink and symlink restrictions. See
@ -65,8 +57,9 @@ in
# Hide kernel pointers (e.g. in /proc/modules) for unprivileged
# users as these make it easier to exploit kernel vulnerabilities.
boot.kernel.sysctl."kernel.kptr_restrict" = 1;
#
# Removed under grsecurity.
boot.kernel.sysctl."kernel.kptr_restrict" =
if config.security.grsecurity.enable then null else 1;
};
}

View File

@ -1,9 +1,9 @@
# This module defines the packages that appear in
# /run/current-system/sw.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let
@ -46,6 +46,7 @@ let
pkgs.rsync
pkgs.strace
pkgs.sysvtools
pkgs.su
pkgs.time
pkgs.usbutils
pkgs.utillinux
@ -134,6 +135,10 @@ in
if [ -x $out/bin/glib-compile-schemas -a -w $out/share/glib-2.0/schemas ]; then
$out/bin/glib-compile-schemas $out/share/glib-2.0/schemas
fi
if [ -x $out/bin/update-desktop-database -a -w $out/share/applications ]; then
$out/bin/update-desktop-database $out/share/applications
fi
'';
};

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{
options = {

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
# unixODBC drivers (this solution is not perfect.. Because the user has to
# ask the admin to add a driver.. but it's simple and works

View File

@ -1,11 +1,32 @@
{pkgs, config, ...}:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let
ids = config.ids;
users = config.users;
cfg = config.users;
nonUidUsers = filterAttrs (n: u: u.createUser && u.uid == null) cfg.extraUsers;
nonGidGroups = filterAttrs (n: g: g.gid == null) cfg.extraGroups;
passwordDescription = ''
The options <literal>hashedPassword</literal>,
<literal>password</literal> and <literal>passwordFile</literal>
controls what password is set for the user.
<literal>hashedPassword</literal> overrides both
<literal>password</literal> and <literal>passwordFile</literal>.
<literal>password</literal> overrides <literal>passwordFile</literal>.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option <literal>users.mutableUsers</literal> is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
<literal>users.mutableUsers</literal> is false, you cannot change
user passwords, they will always be set according to the password
options.
'';
userOpts = { name, config, ... }: {
@ -13,7 +34,10 @@ let
name = mkOption {
type = types.str;
description = "The name of the user account. If undefined, the name of the attribute set will be used.";
description = ''
The name of the user account. If undefined, the name of the
attribute set will be used.
'';
};
description = mkOption {
@ -28,9 +52,14 @@ let
};
uid = mkOption {
type = with types; uniq (nullOr int);
type = with types; nullOr int;
default = null;
description = "The account UID. If undefined, NixOS will select a free UID.";
description = ''
The account UID. If the <literal>mutableUsers</literal> option
is false, the UID cannot be null. Otherwise, the UID might be
null, in which case a free UID is picked on activation (by the
useradd command).
'';
};
group = mkOption {
@ -60,31 +89,54 @@ let
createHome = mkOption {
type = types.bool;
default = false;
description = "If true, the home directory will be created automatically.";
description = ''
If true, the home directory will be created automatically. If this
option is true and the home directory already exists but is not
owned by the user, directory owner and group will be changed to
match the user.
'';
};
useDefaultShell = mkOption {
type = types.bool;
default = false;
description = "If true, the user's shell will be set to <literal>users.defaultUserShell</literal>.";
description = ''
If true, the user's shell will be set to
<literal>cfg.defaultUserShell</literal>.
'';
};
hashedPassword = mkOption {
type = with types; uniq (nullOr str);
default = null;
description = ''
Specifies the (hashed) password for the user.
${passwordDescription}
'';
};
password = mkOption {
type = with types; uniq (nullOr str);
default = null;
description = ''
The user's password. If undefined, no password is set for
the user. Warning: do not set confidential information here
because it is world-readable in the Nix store. This option
should only be used for public accounts such as
<literal>guest</literal>.
Specifies the (clear text) password for the user.
Warning: do not set confidential information here
because it is world-readable in the Nix store. This option
should only be used for public accounts.
${passwordDescription}
'';
};
isSystemUser = mkOption {
type = types.bool;
default = true;
description = "Indicates if the user is a system user or not.";
passwordFile = mkOption {
type = with types; uniq (nullOr string);
default = null;
description = ''
The path to a file that contains the user's password. The password
file is read on each system activation. The file should contain
exactly one line, which should be the password in an encrypted form
that is suitable for the <literal>chpasswd -e</literal> command.
${passwordDescription}
'';
};
createUser = mkOption {
@ -96,19 +148,11 @@ let
then not modify any of the basic properties for the user account.
'';
};
isAlias = mkOption {
type = types.bool;
default = false;
description = "If true, the UID of this user is not required to be unique and can thus alias another user.";
};
};
config = {
name = mkDefault name;
uid = mkDefault (attrByPath [name] null ids.uids);
shell = mkIf config.useDefaultShell (mkDefault users.defaultUserShell);
shell = mkIf config.useDefaultShell (mkDefault cfg.defaultUserShell);
};
};
@ -119,41 +163,167 @@ let
name = mkOption {
type = types.str;
description = "The name of the group. If undefined, the name of the attribute set will be used.";
description = ''
The name of the group. If undefined, the name of the attribute set
will be used.
'';
};
gid = mkOption {
type = with types; uniq (nullOr int);
type = with types; nullOr int;
default = null;
description = "The GID of the group. If undefined, NixOS will select a free GID.";
description = ''
The group GID. If the <literal>mutableUsers</literal> option
is false, the GID cannot be null. Otherwise, the GID might be
null, in which case a free GID is picked on activation (by the
groupadd command).
'';
};
members = mkOption {
type = with types; listOf string;
default = [];
description = ''
The user names of the group members, added to the
<literal>/etc/group</literal> file.
'';
};
};
config = {
name = mkDefault name;
gid = mkDefault (attrByPath [name] null ids.gids);
};
};
# Note: the 'X' in front of the password is to distinguish between
# having an empty password, and not having a password.
serializedUser = u: "${u.name}\n${u.description}\n${if u.uid != null then toString u.uid else ""}\n${u.group}\n${toString (concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}\n${if u.password != null then "X" + u.password else ""}\n${toString u.isSystemUser}\n${toString u.createUser}\n${toString u.isAlias}\n";
usersFile = pkgs.writeText "users" (
getGroup = gname:
let
p = partition (u: u.isAlias) (attrValues config.users.extraUsers);
in concatStrings (map serializedUser p.wrong ++ map serializedUser p.right));
groups = mapAttrsToList (n: g: g) (
filterAttrs (n: g: g.name == gname) cfg.extraGroups
);
in
if length groups == 1 then head groups
else if groups == [] then throw "Group ${gname} not defined"
else throw "Group ${gname} has multiple definitions";
in
getUser = uname:
let
users = mapAttrsToList (n: u: u) (
filterAttrs (n: u: u.name == uname) cfg.extraUsers
);
in
if length users == 1 then head users
else if users == [] then throw "User ${uname} not defined"
else throw "User ${uname} has multiple definitions";
{
mkGroupEntry = gname:
let
g = getGroup gname;
users = mapAttrsToList (n: u: u.name) (
filterAttrs (n: u: elem g.name u.extraGroups) cfg.extraUsers
);
in concatStringsSep ":" [
g.name "x" (toString g.gid)
(concatStringsSep "," (users ++ (filter (u: !(elem u users)) g.members)))
];
mkPasswdEntry = uname: let u = getUser uname; in
concatStringsSep ":" [
u.name "x" (toString u.uid)
(toString (getGroup u.group).gid)
u.description u.home u.shell
];
sortOn = a: sort (as1: as2: lessThan (getAttr a as1) (getAttr a as2));
groupFile = pkgs.writeText "group" (
concatStringsSep "\n" (map (g: mkGroupEntry g.name) (
let f = g: g.gid != null; in
sortOn "gid" (filter f (attrValues cfg.extraGroups))
))
);
passwdFile = pkgs.writeText "passwd" (
concatStringsSep "\n" (map (u: mkPasswdEntry u.name) (
let f = u: u.createUser && (u.uid != null); in
sortOn "uid" (filter f (attrValues cfg.extraUsers))
))
);
# If mutableUsers is true, this script adds all users/groups defined in
# users.extra{Users,Groups} to /etc/{passwd,group} iff there isn't any
# existing user/group with the same name in those files.
# If mutableUsers is false, the /etc/{passwd,group} files will simply be
# replaced with the users/groups defined in the NixOS configuration.
# The merging procedure could certainly be improved, and instead of just
# keeping the lines as-is from /etc/{passwd,group} they could be combined
# in some way with the generated content from the NixOS configuration.
merger = src: pkgs.writeScript "merger" ''
#!${pkgs.bash}/bin/bash
PATH=${pkgs.gawk}/bin:${pkgs.gnugrep}/bin:$PATH
${if !cfg.mutableUsers
then ''cp ${src} $1.tmp''
else ''awk -F: '{ print "^"$1":.*" }' $1 | egrep -vf - ${src} | cat $1 - > $1.tmp''
}
# set mtime to +1, otherwise change might go unnoticed (vipw/vigr only looks at mtime)
touch -m -t $(date -d @$(($(stat -c %Y $1)+1)) +%Y%m%d%H%M.%S) $1.tmp
mv -f $1.tmp $1
'';
idsAreUnique = set: idAttr: !(fold (name: args@{ dup, acc }:
let
id = builtins.toString (builtins.getAttr idAttr (builtins.getAttr name set));
exists = builtins.hasAttr id acc;
newAcc = acc // (builtins.listToAttrs [ { name = id; value = true; } ]);
in if dup then args else if exists
then builtins.trace "Duplicate ${idAttr} ${id}" { dup = true; acc = null; }
else { dup = false; acc = newAcc; }
) { dup = false; acc = {}; } (builtins.attrNames set)).dup;
uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.extraUsers) "uid";
gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.extraGroups) "gid";
in {
###### interface
options = {
users.mutableUsers = mkOption {
type = types.bool;
default = true;
description = ''
If true, you are free to add new users and groups to the system
with the ordinary <literal>useradd</literal> and
<literal>groupadd</literal> commands. On system activation, the
existing contents of the <literal>/etc/passwd</literal> and
<literal>/etc/group</literal> files will be merged with the
contents generated from the <literal>users.extraUsers</literal> and
<literal>users.extraGroups</literal> options. If
<literal>mutableUsers</literal> is false, the contents of the user and
group files will simply be replaced on system activation. This also
holds for the user passwords; if this option is false, all changed
passwords will be reset according to the
<literal>users.extraUsers</literal> configuration on activation. If
this option is true, the initial password for a user will be set
according to <literal>users.extraUsers</literal>, but existing passwords
will not be changed.
'';
};
users.enforceIdUniqueness = mkOption {
type = types.bool;
default = true;
description = ''
Whether to require that no two users/groups share the same uid/gid.
'';
};
users.extraUsers = mkOption {
default = {};
type = types.loaOf types.optionSet;
@ -194,11 +364,17 @@ in
example = "!";
description = ''
The (hashed) password for the root account set on initial
installation. The empty string denotes that root can login
installation. The empty string denotes that root can login
locally without a password (but not via remote services such
as SSH, or indirectly via <command>su</command> or
<command>sudo</command>). The string <literal>!</literal>
<command>sudo</command>). The string <literal>!</literal>
prevents root from logging in using a password.
Note, setting this option sets
<literal>users.extraUsers.root.hashedPassword</literal>.
Note, if <literal>users.mutableUsers</literal> is false
you cannot change the root password manually, so in that case
the name of this option is a bit misleading, since it will define
the root password beyond the user initialisation phase.
'';
};
@ -211,144 +387,120 @@ in
users.extraUsers = {
root = {
uid = ids.uids.root;
description = "System administrator";
home = "/root";
shell = config.users.defaultUserShell;
shell = cfg.defaultUserShell;
group = "root";
extraGroups = [ "grsecurity" ];
hashedPassword = mkDefault config.security.initialRootPassword;
};
nobody = {
uid = ids.uids.nobody;
description = "Unprivileged account (don't use!)";
group = "nogroup";
};
};
users.extraGroups = {
root = { };
wheel = { };
disk = { };
kmem = { };
tty = { };
floppy = { };
uucp = { };
lp = { };
cdrom = { };
tape = { };
audio = { };
video = { };
dialout = { };
nogroup = { };
users = { };
nixbld = { };
utmp = { };
adm = { }; # expected by journald
root.gid = ids.gids.root;
wheel.gid = ids.gids.wheel;
disk.gid = ids.gids.disk;
kmem.gid = ids.gids.kmem;
tty.gid = ids.gids.tty;
floppy.gid = ids.gids.floppy;
uucp.gid = ids.gids.uucp;
lp.gid = ids.gids.lp;
cdrom.gid = ids.gids.cdrom;
tape.gid = ids.gids.tape;
audio.gid = ids.gids.audio;
video.gid = ids.gids.video;
dialout.gid = ids.gids.dialout;
nogroup.gid = ids.gids.nogroup;
users.gid = ids.gids.users;
nixbld.gid = ids.gids.nixbld;
utmp.gid = ids.gids.utmp;
adm.gid = ids.gids.adm;
grsecurity.gid = ids.gids.grsecurity;
};
system.activationScripts.rootPasswd = stringAfter [ "etc" ]
''
# If there is no password file yet, create a root account with an
# empty password.
if ! test -e /etc/passwd; then
rootHome=/root
touch /etc/passwd; chmod 0644 /etc/passwd
touch /etc/group; chmod 0644 /etc/group
touch /etc/shadow; chmod 0600 /etc/shadow
# Can't use useradd, since it complains that it doesn't know us
# (bootstrap problem!).
echo "root:x:0:0:System administrator:$rootHome:${config.users.defaultUserShell}" >> /etc/passwd
echo "root:${config.security.initialRootPassword}:::::::" >> /etc/shadow
fi
system.activationScripts.users =
let
mkhomeUsers = filterAttrs (n: u: u.createHome) cfg.extraUsers;
setpwUsers = filterAttrs (n: u: u.createUser) cfg.extraUsers;
pwFile = u: if !(isNull u.hashedPassword)
then pkgs.writeTextFile { name = "password-file"; text = u.hashedPassword; }
else if !(isNull u.password)
then pkgs.runCommand "password-file" { pw = u.password; } ''
echo -n "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -s > $out
'' else u.passwordFile;
setpw = n: u: ''
setpw=yes
${optionalString cfg.mutableUsers ''
test "$(getent shadow '${u.name}' | cut -d: -f2)" != "x" && setpw=no
''}
if [ "$setpw" == "yes" ]; then
${if !(isNull (pwFile u))
then ''
echo -n "${u.name}:" | cat - "${pwFile u}" | \
${pkgs.shadow}/sbin/chpasswd -e
''
else "passwd -l '${u.name}' &>/dev/null"
}
fi
'';
mkhome = n: u: ''
uid="$(id -u ${u.name})"
gid="$(id -g ${u.name})"
h="${u.home}"
test -a "$h" || mkdir -p "$h" || true
test "$(stat -c %u "$h")" = $uid || chown $uid "$h" || true
test "$(stat -c %g "$h")" = $gid || chgrp $gid "$h" || true
'';
groupadd = n: g: ''
if [ -z "$(getent group "${g.name}")" ]; then
echo "Adding group ${g.name}"
${pkgs.shadow}/sbin/groupadd "${g.name}"
fi
'';
useradd = n: u: ''
if ! id "${u.name}" &>/dev/null; then
echo "Adding user ${u.name}"
${pkgs.shadow}/sbin/useradd \
-g "${u.group}" \
-s "${u.shell}" \
-d "${u.home}" \
"${u.name}"
echo "${u.name}:x" | ${pkgs.shadow}/sbin/chpasswd -e
fi
'';
in stringAfter [ "etc" ] ''
touch /etc/group
touch /etc/passwd
VISUAL=${merger groupFile} ${pkgs.shadow}/sbin/vigr &>/dev/null
VISUAL=${merger passwdFile} ${pkgs.shadow}/sbin/vipw &>/dev/null
${pkgs.shadow}/sbin/grpconv
${pkgs.shadow}/sbin/pwconv
${concatStrings (mapAttrsToList groupadd nonGidGroups)}
${concatStrings (mapAttrsToList useradd nonUidUsers)}
${concatStrings (mapAttrsToList mkhome mkhomeUsers)}
${concatStrings (mapAttrsToList setpw setpwUsers)}
'';
# Print a reminder for users to set a root password.
environment.interactiveShellInit =
''
if [ "$UID" = 0 ]; then
read _l < /etc/shadow
if [ "''${_l:0:6}" = root:: ]; then
cat >&2 <<EOF
Warning: Your root account has a null password, allowing local users
to login as root. Please set a non-null password using \`passwd', or
disable password-based root logins using \`passwd -l'.
EOF
fi
unset _l
fi
'';
# for backwards compatibility
system.activationScripts.groups = stringAfter [ "users" ] "";
system.activationScripts.users = stringAfter [ "groups" ]
''
echo "updating users..."
cat ${usersFile} | while true; do
read name || break
read description
read uid
read group
read extraGroups
read home
read shell
read createHome
read password
read isSystemUser
read createUser
read isAlias
if [ -z "$createUser" ]; then
continue
fi
if ! curEnt=$(getent passwd "$name"); then
useradd ''${isSystemUser:+--system} \
--comment "$description" \
''${uid:+--uid $uid} \
--gid "$group" \
--groups "$extraGroups" \
--home "$home" \
--shell "$shell" \
''${createHome:+--create-home} \
''${isAlias:+--non-unique} \
"$name"
if test "''${password:0:1}" = 'X'; then
(echo "''${password:1}"; echo "''${password:1}") | ${pkgs.shadow}/bin/passwd "$name"
fi
else
#echo "updating user $name..."
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
prevUid=$3
prevHome=$6
# Don't change the home directory if it's the same to prevent
# unnecessary warnings about logged in users.
if test "$prevHome" = "$home"; then unset home; fi
usermod \
--comment "$description" \
--gid "$group" \
--groups "$extraGroups" \
''${home:+--home "$home"} \
--shell "$shell" \
"$name"
fi
done
'';
system.activationScripts.groups = stringAfter [ "rootPasswd" "binsh" "etc" "var" ]
''
echo "updating groups..."
createGroup() {
name="$1"
gid="$2"
if ! curEnt=$(getent group "$name"); then
groupadd --system \
''${gid:+--gid $gid} \
"$name"
fi
}
${flip concatMapStrings (attrValues config.users.extraGroups) (g: ''
createGroup '${g.name}' '${toString g.gid}'
'')}
'';
assertions = [
{ assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
message = "uids and gids must be unique!";
}
{ assertion = cfg.mutableUsers || (nonUidUsers == {});
message = "When mutableUsers is false, no uid can be null";
}
{ assertion = cfg.mutableUsers || (nonGidGroups == {});
message = "When mutableUsers is false, no gid can be null";
}
];
};

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let kernelVersion = config.boot.kernelPackages.kernel.version; in

View File

@ -2,19 +2,19 @@
let
inherit (pkgs.lib) mkOption types mkIf optional optionals elem optionalString optionalAttrs;
cfg = config.services.mesa;
cfg = config.hardware.opengl;
kernelPackages = config.boot.kernelPackages;
in {
options = {
services.mesa.enable = mkOption {
description = "Whether this configuration requires mesa.";
hardware.opengl.enable = mkOption {
description = "Whether this configuration requires opengl.";
type = types.bool;
default = false;
internal = true;
};
services.mesa.driSupport = mkOption {
hardware.opengl.driSupport = mkOption {
type = types.bool;
default = true;
description = ''
@ -23,51 +23,55 @@ in {
'';
};
services.mesa.driSupport32Bit = mkOption {
hardware.opengl.driSupport32Bit = mkOption {
type = types.bool;
default = false;
description = ''
On 64-bit systems, whether to support Direct Rendering for
32-bit applications (such as Wine). This is currently only
supported for the <literal>nvidia</literal> driver and for
<literal>mesa</literal>.
<literal>Mesa</literal>.
'';
};
services.mesa.s3tcSupport = mkOption {
hardware.opengl.s3tcSupport = mkOption {
type = types.bool;
default = false;
description = ''
Make S3TC(S3 Texture Compression) via libtxc_dxtn available
to OpenGL drivers. It is essential for many games to work
with FOSS GPU drivers.
to OpenGL drivers instead of the patent-free S2TC replacement.
Using this library may require a patent license depending on your location.
'';
};
services.mesa.videoDrivers = mkOption {
hardware.opengl.videoDrivers = mkOption {
type = types.listOf types.str;
# !!! We'd like "nv" here, but it segfaults the X server.
default = [ "ati" "cirrus" "intel" "vesa" "vmware" ];
example = [ "vesa" ];
description = ''
The names of the video drivers that the mesa should
support. Mesa will try all of the drivers listed
here until it finds one that supports your video card.
The names of the opengl video drivers the configuration
supports. They will be tried in order until one that
supports your card is found.
'';
};
};
config = mkIf cfg.enable {
assertions = pkgs.lib.singleton {
assertion = cfg.driSupport32Bit -> pkgs.stdenv.isx86_64;
message = "Option driSupport32Bit only makes sens on a 64-bit system.";
};
system.activationScripts.setup-opengl.deps = [];
system.activationScripts.setup-opengl.text = ''
rm -f /run/opengl-driver{,-32}
${optionalString (!cfg.driSupport32Bit) "ln -sf opengl-driver /run/opengl-driver-32"}
${# !!! The OpenGL driver depends on what's detected at runtime.
if elem "nvidia" cfg.videoDrivers then
${optionalString (pkgs.stdenv.isi686) "ln -sf opengl-driver /run/opengl-driver-32"}
''
#TODO: The OpenGL driver should depend on what's detected at runtime.
+( if elem "nvidia" cfg.videoDrivers then
''
ln -sf ${kernelPackages.nvidia_x11} /run/opengl-driver
${optionalString cfg.driSupport32Bit
@ -84,18 +88,25 @@ in {
else if elem "ati_unfree" cfg.videoDrivers then
"ln -sf ${kernelPackages.ati_drivers_x11} /run/opengl-driver"
else
let
lib_fun = p: p.buildEnv {
name = "mesa-drivers+txc-${p.mesa_drivers.version}";
paths = [
p.mesa_drivers
p.mesa_noglu # mainly for libGL
(if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc)
];
};
in
''
${optionalString cfg.driSupport "ln -sf ${pkgs.mesa_drivers} /run/opengl-driver"}
${optionalString cfg.driSupport "ln -sf ${lib_fun pkgs} /run/opengl-driver"}
${optionalString cfg.driSupport32Bit
"ln -sf ${pkgs_i686.mesa_drivers} /run/opengl-driver-32"}
"ln -sf ${lib_fun pkgs_i686} /run/opengl-driver-32"}
''
}
'';
);
environment.variables.LD_LIBRARY_PATH =
[ "/run/opengl-driver/lib" "/run/opengl-driver-32/lib" ]
++ optional cfg.s3tcSupport "${pkgs.libtxc_dxtn}/lib"
++ optional (cfg.s3tcSupport && cfg.driSupport32Bit) "${pkgs_i686.libtxc_dxtn}/lib";
[ "/run/opengl-driver/lib" "/run/opengl-driver-32/lib" ];
boot.extraModulePackages =
optional (elem "nvidia" cfg.videoDrivers) kernelPackages.nvidia_x11 ++

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
let kernel = config.boot.kernelPackages; in
with lib;
{
options = {
hardware.bumblebee.enable = mkOption {
default = false;
type = types.bool;
description = ''
Enable the bumblebee daemon to manage Optimus hybrid video cards.
This should power off secondary GPU until its use is requested
by running an application with optirun.
Only nvidia driver is supported so far.
'';
};
};
config = mkIf config.hardware.bumblebee.enable {
boot.blacklistedKernelModules = [ "nouveau" "nvidia" ];
boot.kernelModules = [ "bbswitch" ];
boot.extraModulePackages = [ kernel.bbswitch kernel.nvidia_x11 ];
environment.systemPackages = [ pkgs.bumblebee ];
systemd.services.bumblebeed = {
description = "Bumblebee Hybrid Graphics Switcher";
wantedBy = [ "display-manager.service" ];
script = "bumblebeed --use-syslog";
path = [ kernel.bbswitch pkgs.bumblebee ];
serviceConfig = {
Restart = "always";
RestartSec = 60;
CPUSchedulingPolicy = "idle";
};
};
};
}

View File

@ -1,9 +1,9 @@
# Provide an initial copy of the NixOS channel so that the user
# doesn't need to run "nix-channel --update" first.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let
@ -28,7 +28,7 @@ in
{
# Provide the NixOS/Nixpkgs sources in /etc/nixos. This is required
# for nixos-install.
boot.postBootCommands =
boot.postBootCommands = mkAfter
''
if ! [ -e /var/lib/nixos/did-channel-init ]; then
echo "unpacking the NixOS/Nixpkgs sources..."

View File

@ -1,9 +1,9 @@
# This module contains the basic configuration for building a NixOS
# installation CD.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{
imports =
@ -19,7 +19,7 @@ with pkgs.lib;
# ISO naming.
isoImage.isoName = "${config.isoImage.isoBaseName}-${config.system.nixosVersion}-${pkgs.stdenv.system}.iso";
isoImage.volumeID = substring 0 32 "NIXOS_${config.system.nixosVersion}";
isoImage.volumeID = substring 0 11 "NIXOS_${config.system.nixosVersion}";
# Make the installer more likely to succeed in low memory
# environments. The kernel's overcommit heustistics bite us
@ -29,14 +29,15 @@ with pkgs.lib;
boot.kernel.sysctl."vm.overcommit_memory" = "1";
# To speed up installation a little bit, include the complete stdenv
# in the Nix store on the CD.
isoImage.storeContents = [ pkgs.stdenv pkgs.busybox ];
# in the Nix store on the CD. Archive::Cpio is needed for the
# initrd builder.
isoImage.storeContents = [ pkgs.stdenv pkgs.busybox pkgs.perlPackages.ArchiveCpio ];
# EFI booting
isoImage.makeEfiBootable = true;
# Add Memtest86+ to the CD.
boot.loader.grub.memtest86 = true;
boot.loader.grub.memtest86.enable = true;
# Get a console as soon as the initrd loads fbcon on EFI boot
boot.initrd.kernelModules = [ "fbcon" ];

View File

@ -1,9 +1,9 @@
# This module defines a NixOS installation CD that contains X11 and
# KDE 4.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{
imports = [ ./installation-cd-base.nix ../../profiles/graphical.nix ];

View File

@ -2,9 +2,9 @@
# configuration. The derivation for the ISO image will be placed in
# config.system.build.isoImage.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -1,9 +1,9 @@
# This module contains the basic configuration for building a NixOS
# tarball, that can directly boot, maybe using PXE or unpacking on a fs.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -1,9 +1,9 @@
# This module contains the basic configuration for building a NixOS
# tarball for the sheevaplug.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let
@ -138,8 +138,7 @@ in
};
# Setting vesa, we don't get the nvidia driver, which can't work in arm.
services.xserver.videoDriver = "vesa";
services.xserver.videoDrivers = [];
hardware.opengl.videoDrivers = [ "vesa" ];
services.nixosManual.enable = false;
# Include the firmware for various wireless cards.

View File

@ -2,9 +2,9 @@
# configuration. The derivation for the ISO image will be placed in
# config.system.build.tarball.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -1,8 +1,8 @@
# List all devices which are detected by nixos-hardware-scan.
# Common devices are enabled by default.
{config, pkgs, ...}:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{
config = mkDefault {

View File

@ -1,8 +1,8 @@
# List all devices which are _not_ detected by nixos-hardware-scan.
# Common devices are enabled by default.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{
hardware.enableAllFirmware = true;

View File

@ -1,9 +1,9 @@
# This module generates the nixos-checkout script, which replaces the
# Nixpkgs source trees in /etc/nixos/nixpkgs with a Git checkout.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -61,7 +61,7 @@ my @attrs = ();
my @kernelModules = ();
my @initrdKernelModules = ();
my @modulePackages = ();
my @imports = ("<nixos/modules/installer/scan/not-detected.nix>");
my @imports = ("<nixpkgs/nixos/modules/installer/scan/not-detected.nix>");
sub debug {
@ -96,9 +96,9 @@ my $videoDriver;
sub pciCheck {
my $path = shift;
my $vendor = read_file "$path/vendor";
my $device = read_file "$path/device";
my $class = read_file "$path/class";
my $vendor = read_file "$path/vendor"; chomp $vendor;
my $device = read_file "$path/device"; chomp $device;
my $class = read_file "$path/class"; chomp $class;
my $module;
if (-e "$path/driver/module") {
@ -130,6 +130,7 @@ sub pciCheck {
# broadcom STA driver (wl.ko)
# list taken from http://www.broadcom.com/docs/linux_sta/README.txt
# FIXME: still needed?
if ($vendor eq "0x14e4" &&
($device eq "0x4311" || $device eq "0x4312" || $device eq "0x4313" ||
$device eq "0x4315" || $device eq "0x4327" || $device eq "0x4328" ||
@ -156,6 +157,7 @@ sub pciCheck {
# Assume that all NVIDIA cards are supported by the NVIDIA driver.
# There may be exceptions (e.g. old cards).
# FIXME: do we want to enable an unfree driver here?
$videoDriver = "nvidia" if $vendor eq "0x10de" && $class =~ /^0x03/;
}
@ -163,16 +165,16 @@ foreach my $path (glob "/sys/bus/pci/devices/*") {
pciCheck $path;
}
push @attrs, "services.xserver.videoDrivers = [ \"$videoDriver\" ];" if $videoDriver;
push @attrs, "hardware.opengl.videoDrivers = [ \"$videoDriver\" ];" if $videoDriver;
# Idem for USB devices.
sub usbCheck {
my $path = shift;
my $class = read_file "$path/bInterfaceClass";
my $subclass = read_file "$path/bInterfaceSubClass";
my $protocol = read_file "$path/bInterfaceProtocol";
my $class = read_file "$path/bInterfaceClass"; chomp $class;
my $subclass = read_file "$path/bInterfaceSubClass"; chomp $subclass;
my $protocol = read_file "$path/bInterfaceProtocol"; chomp $protocol;
my $module;
if (-e "$path/driver/module") {
@ -216,14 +218,22 @@ foreach my $path (glob "/sys/class/block/*") {
}
my $dmi = `@dmidecode@/sbin/dmidecode`;
# Check if we're a VirtualBox guest. If so, enable the guest
# additions.
my $dmi = `@dmidecode@/sbin/dmidecode`;
if ($dmi =~ /Manufacturer: innotek/) {
push @attrs, "services.virtualbox.enable = true;"
}
# Likewise for QEMU.
if ($dmi =~ /Manufacturer: Bochs/) {
push @imports, "<nixpkgs/nixos/modules/profiles/qemu-guest.nix>";
}
# Generate the swapDevices option from the currently activated swap
# devices.
my @swaps = read_file("/proc/swaps");
@ -256,7 +266,7 @@ foreach my $fs (read_file("/proc/self/mountinfo")) {
$mountPoint = "/" if $mountPoint eq "";
# Skip special filesystems.
next if in($mountPoint, "/proc") || in($mountPoint, "/dev") || in($mountPoint, "/sys") || in($mountPoint, "/run");
next if in($mountPoint, "/proc") || in($mountPoint, "/dev") || in($mountPoint, "/sys") || in($mountPoint, "/run") || $mountPoint eq "/var/lib/nfs/rpc_pipefs";
# Skip the optional fields.
my $n = 6; $n++ while $fields[$n] ne "-"; $n++;
@ -305,7 +315,15 @@ EOF
fileSystems.\"$mountPoint\" =
{ device = \"$device\";
fsType = \"$fsType\";
options = \"${\join ",", uniq(@extraOptions, @superOptions, @mountOptions)}\";
EOF
if (scalar @extraOptions > 0) {
$fileSystems .= <<EOF;
options = \"${\join ",", uniq(@extraOptions)}\";
EOF
}
$fileSystems .= <<EOF;
};
EOF

View File

@ -228,7 +228,7 @@ else
escapeQuotes () { eval echo "$1"; }
nixMap escapeQuotes "$names"
else
echo 1>&2 "An error occured while looking for attribute names."
echo 1>&2 "An error occurred while looking for attribute names."
echo $result
fi
fi

View File

@ -1,4 +1,8 @@
#! @shell@ -e
#! @shell@
if [ -x "@shell@" ]; then export SHELL="@shell@"; fi;
set -e
showSyntax() {
exec man nixos-rebuild
@ -7,6 +11,7 @@ showSyntax() {
# Parse the command line.
origArgs=("$@")
extraBuildFlags=()
action=
buildNix=1
@ -40,7 +45,7 @@ while [ "$#" -gt 0 ]; do
repair=1
extraBuildFlags+=("$i")
;;
--show-trace|--no-build-hook|--keep-failed|-K|--keep-going|-k|--verbose|-v|-vv|-vvv|-vvvv|-vvvvv|--fallback|--repair)
--show-trace|--no-build-hook|--keep-failed|-K|--keep-going|-k|--verbose|-v|-vv|-vvv|-vvvv|-vvvvv|--fallback|--repair|--no-build-output|-Q)
extraBuildFlags+=("$i")
;;
--max-jobs|-j|--cores|-I)
@ -76,8 +81,30 @@ done
if [ -z "$action" ]; then showSyntax; fi
if [ -n "$rollback" ]; then
buildNix=
# Only run shell scripts from the Nixpkgs tree if the action is
# "switch", "boot", or "test". With other actions (such as "build"),
# the user may reasonably expect that no code from the Nixpkgs tree is
# executed, so it's safe to run nixos-rebuild against a potentially
# untrusted tree.
canRun=
if [ "$action" = switch -o "$action" = boot -o "$action" = test ]; then
canRun=1
fi
# If --upgrade is given, run nix-channel --update nixos.
if [ -n "$upgrade" -a -z "$_NIXOS_REBUILD_REEXEC" ]; then
nix-channel --update nixos
fi
# Re-execute nixos-rebuild from the Nixpkgs tree.
if [ -z "$_NIXOS_REBUILD_REEXEC" -a -n "$canRun" ]; then
if p=$(nix-instantiate --find-file nixpkgs/nixos/modules/installer/tools/nixos-rebuild.sh "${extraBuildFlags[@]}"); then
export _NIXOS_REBUILD_REEXEC=1
exec $SHELL -e $p "${origArgs[@]}"
exit 1
fi
fi
@ -98,20 +125,33 @@ if [ -z "$repair" ] && systemctl show nix-daemon.socket nix-daemon.service | gre
fi
# If --upgrade is given, run nix-channel --update nixos.
if [ -n "$upgrade" ]; then
nix-channel --update nixos
# First build Nix, since NixOS may require a newer version than the
# current one.
if [ -n "$rollback" -o "$action" = dry-run ]; then
buildNix=
fi
# First build Nix, since NixOS may require a newer version than the
# current one. Of course, the same goes for Nixpkgs, but Nixpkgs is
# more conservative.
if [ "$action" != dry-run -a -n "$buildNix" ]; then
if [ -n "$buildNix" ]; then
echo "building Nix..." >&2
if ! nix-build '<nixpkgs/nixos>' -A config.nix.package -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
if ! nix-build '<nixpkgs/nixos>' -A nixFallback -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
nix-build '<nixpkgs>' -A nixUnstable -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null
if ! nix-build '<nixpkgs>' -A nix -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
machine="$(uname -m)"
if [ "$machine" = x86_64 ]; then
nixStorePath=/nix/store/d34q3q2zj9nriq4ifhn3dnnngqvinjb3-nix-1.7
elif [[ "$machine" =~ i.86 ]]; then
nixStorePath=/nix/store/qlah0darpcn6sf3lr2226rl04l1gn4xz-nix-1.7
else
echo "$0: unsupported platform"
exit 1
fi
if ! nix-store -r $nixStorePath --add-root $tmpDir/nix --indirect \
--option extra-binary-caches http://cache.nixos.org/; then
echo "warning: don't know how to get latest Nix" >&2
fi
# Older version of nix-store -r don't support --add-root.
[ -e $tmpDir/nix ] || ln -sf $nixStorePath $tmpDir/nix
fi
fi
fi
PATH=$tmpDir/nix/bin:$PATH
@ -120,10 +160,12 @@ fi
# Update the version suffix if we're building from Git (so that
# nixos-version shows something useful).
if nixpkgs=$(nix-instantiate --find-file nixpkgs "${extraBuildFlags[@]}"); then
suffix=$(@shell@ $nixpkgs/nixos/modules/installer/tools/get-version-suffix "${extraBuildFlags[@]}" || true)
if [ -n "$suffix" ]; then
echo -n "$suffix" > "$nixpkgs/.version-suffix" || true
if [ -n "$canRun" ]; then
if nixpkgs=$(nix-instantiate --find-file nixpkgs "${extraBuildFlags[@]}"); then
suffix=$($SHELL $nixpkgs/nixos/modules/installer/tools/get-version-suffix "${extraBuildFlags[@]}" || true)
if [ -n "$suffix" ]; then
echo -n "$suffix" > "$nixpkgs/.version-suffix" || true
fi
fi
fi

View File

@ -80,9 +80,9 @@ in
/*
options = {
installer.enableGraphicalTools = pkgs.lib.mkOption {
installer.enableGraphicalTools = mkOption {
default = false;
type = with pkgs.lib.types; bool;
type = types.bool;
example = true;
description = ''
Enable the installation of graphical tools.

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{
imports =
@ -15,5 +15,5 @@ with pkgs.lib;
# Add some more video drivers to give X11 a shot at working in
# VMware and QEMU.
services.xserver.videoDrivers = mkOverride 40 [ "virtualbox" "vmware" "cirrus" "vesa" ];
hardware.opengl.videoDrivers = mkOverride 40 [ "virtualbox" "vmware" "cirrus" "vesa" ];
}

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -1,6 +1,6 @@
{ pkgs, ... }:
{ lib, ... }:
with pkgs.lib;
with lib;
{
options = {

View File

@ -1,6 +1,6 @@
{pkgs, config, ...}:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let
crashdump = config.boot.crashDump;

View File

@ -110,6 +110,27 @@
openldap = 99;
memcached = 100;
cgminer = 101;
munin = 102;
logcheck = 103;
nix-ssh = 104;
dictd = 105;
couchdb = 106;
searx = 107;
kippo = 108;
jenkins = 109;
systemd-journal-gateway = 110;
notbit = 111;
ngircd = 112;
btsync = 113;
minecraft = 114;
monetdb = 115;
rippled = 116;
murmur = 117;
foundationdb = 118;
newrelic = 119;
starbound = 120;
hydra = 122;
spiped = 123;
# When adding a uid, make sure it doesn't match an existing gid.
@ -199,6 +220,22 @@
haproxy = 92;
openldap = 93;
connman = 94;
munin = 95;
keys = 96;
dictd = 105;
couchdb = 106;
searx = 107;
kippo = 108;
jenkins = 109;
systemd-journal-gateway = 110;
notbit = 111;
monetdb = 115;
foundationdb = 118;
newrelic = 119;
starbound = 120;
grsecurity = 121;
hydra = 122;
spiped = 123;
# When adding a gid, make sure it doesn't match an existing uid.

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let
isConfig = x:

View File

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{

View File

@ -29,7 +29,9 @@
./hardware/network/intel-3945abg.nix
./hardware/network/ralink.nix
./hardware/network/rtl8192c.nix
./hardware/opengl.nix
./hardware/pcmcia.nix
./hardware/video/bumblebee.nix
./installer/tools/nixos-checkout.nix
./installer/tools/tools.nix
./misc/assertions.nix
@ -59,6 +61,8 @@
./security/apparmor.nix
./security/apparmor-suid.nix
./security/ca.nix
./security/duosec.nix
./security/grsecurity.nix
./security/pam.nix
./security/pam_usb.nix
./security/polkit.nix
@ -76,20 +80,34 @@
./services/backup/bacula.nix
./services/backup/mysql-backup.nix
./services/backup/postgresql-backup.nix
./services/backup/sitecopy-backup.nix
./services/backup/rsnapshot.nix
./services/backup/sitecopy-backup.nix
./services/backup/tarsnap.nix
./services/continuous-integration/jenkins/default.nix
./services/continuous-integration/jenkins/slave.nix
./services/databases/4store-endpoint.nix
./services/databases/4store.nix
./services/databases/couchdb.nix
./services/databases/firebird.nix
./services/databases/memcached.nix
./services/databases/mongodb.nix
./services/databases/redis.nix
./services/databases/mysql.nix
./services/databases/mysql55.nix
./services/databases/openldap.nix
./services/databases/postgresql.nix
./services/databases/virtuoso.nix
./services/databases/monetdb.nix
./services/desktops/accountservice.nix
./services/desktops/gnome3/at-spi2-core.nix
./services/desktops/gnome3/evolution-data-server.nix
./services/desktops/gnome3/gnome-keyring.nix
./services/desktops/gnome3/gnome-online-accounts.nix
./services/desktops/gnome3/gnome-user-share.nix
./services/desktops/gnome3/sushi.nix
./services/desktops/gnome3/tracker.nix
./services/desktops/telepathy.nix
./services/games/ghost-one.nix
./services/games/minecraft-server.nix
./services/hardware/acpid.nix
./services/hardware/amd-hybrid-graphics.nix
./services/hardware/bluetooth.nix
@ -116,13 +134,16 @@
./services/mail/spamassassin.nix
./services/misc/autofs.nix
./services/misc/cgminer.nix
./services/misc/dictd.nix
./services/misc/disnix.nix
./services/misc/felix.nix
./services/misc/folding-at-home.nix
./services/misc/gpsd.nix
./services/misc/nix-daemon.nix
./services/misc/nix-gc.nix
./services/misc/nix-ssh-serve.nix
./services/misc/nixos-manual.nix
./services/misc/rippled.nix
./services/misc/rogue.nix
./services/misc/svnserve.nix
./services/misc/synergy.nix
@ -142,11 +163,14 @@
./services/network-filesystems/drbd.nix
./services/network-filesystems/nfsd.nix
./services/network-filesystems/openafs-client/default.nix
./services/network-filesystems/rsyncd.nix
./services/network-filesystems/samba.nix
./services/networking/amuled.nix
./services/networking/avahi-daemon.nix
./services/networking/bind.nix
./services/networking/bitlbee.nix
./services/networking/btsync.nix
./services/networking/cjdns.nix
./services/networking/connman.nix
./services/networking/cntlm.nix
./services/networking/chrony.nix
@ -170,8 +194,11 @@
./services/networking/ircd-hybrid/default.nix
./services/networking/kippo.nix
./services/networking/minidlna.nix
./services/networking/murmur.nix
./services/networking/nat.nix
./services/networking/networkmanager.nix
./services/networking/ngircd.nix
./services/networking/notbit.nix
./services/networking/ntopng.nix
./services/networking/ntpd.nix
./services/networking/oidentd.nix
@ -184,7 +211,10 @@
./services/networking/rdnssd.nix
./services/networking/rpcbind.nix
./services/networking/sabnzbd.nix
./services/networking/searx.nix
./services/networking/spiped.nix
./services/networking/supybot.nix
./services/networking/syncthing.nix
./services/networking/ssh/lshd.nix
./services/networking/ssh/sshd.nix
./services/networking/tftpd.nix
@ -200,6 +230,7 @@
./services/scheduling/cron.nix
./services/scheduling/fcron.nix
./services/search/elasticsearch.nix
./services/search/solr.nix
./services/security/clamav.nix
./services/security/haveged.nix
./services/security/fprot.nix
@ -222,8 +253,10 @@
./services/web-servers/lighttpd/cgit.nix
./services/web-servers/lighttpd/gitweb.nix
./services/web-servers/nginx/default.nix
./services/web-servers/phpfpm.nix
./services/web-servers/tomcat.nix
./services/web-servers/varnish/default.nix
./services/web-servers/winstone.nix
./services/web-servers/zope2.nix
./services/x11/desktop-managers/default.nix
./services/x11/display-managers/auto.nix
@ -234,7 +267,6 @@
./services/x11/hardware/multitouch.nix
./services/x11/hardware/synaptics.nix
./services/x11/hardware/wacom.nix
./services/x11/mesa.nix
./services/x11/window-managers/awesome.nix
#./services/x11/window-managers/compiz.nix
./services/x11/window-managers/default.nix
@ -282,6 +314,7 @@
./tasks/scsi-link-power-management.nix
./tasks/swraid.nix
./testing/service-runner.nix
./virtualisation/container-config.nix
./virtualisation/containers.nix
./virtualisation/libvirtd.nix
#./virtualisation/nova.nix

View File

@ -1,6 +1,6 @@
{ config, pkgs, modules, ... }:
{ config, lib, pkgs, modules, ... }:
with pkgs.lib;
with lib;
let

View File

@ -11,6 +11,6 @@
createHome = true;
useDefaultShell = true;
password = "demo";
isSystemUser = false;
uid = 1000;
};
}

View File

@ -1,9 +1,9 @@
# Common configuration for headless machines (e.g., Amazon EC2
# instances).
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
{
sound.enable = false;

View File

@ -1,7 +1,7 @@
# Provide a basic configuration for installation devices like CDs.
{ config, pkgs, modules, ... }:
{ config, lib, ... }:
with pkgs.lib;
with lib;
{
imports =
@ -45,7 +45,7 @@ with pkgs.lib;
# Enable wpa_supplicant, but don't start it by default.
networking.wireless.enable = true;
jobs.wpa_supplicant.startOn = pkgs.lib.mkOverride 50 "";
jobs.wpa_supplicant.startOn = mkOverride 50 "";
# Tell the Nix evaluator to garbage collect more aggressively.
# This is desirable in memory-constrained environments that don't

View File

@ -1,11 +1,8 @@
# This module defines a small NixOS configuration. It does not
# contain any graphical stuff.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
{
# Don't include X libraries.
programs.ssh.setXAuthLocation = false;
fonts.enableFontConfig = false;
fonts.enableCoreFonts = false;
environment.noXlibs = true;
}

View File

@ -5,5 +5,13 @@
{
boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_blk" "9p" "9pnet_virtio" ];
boot.kernelModules = [ "virtio_balloon" "virtio_console" ];
boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" ];
boot.initrd.postDeviceCommands =
''
# Set the system time from the hardware clock to work around a
# bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
# to the *boot time* of the host).
hwclock -s
'';
}

View File

@ -1,8 +1,8 @@
# Global configuration for atop.
{config, pkgs, ...}:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let cfg = config.programs.atop;

View File

@ -1,9 +1,9 @@
# This module defines global configuration for the Bash shell, in
# particular /etc/bashrc and /etc/profile.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -3,9 +3,9 @@
# SQLite database that maps program names to Nix package names (e.g.,
# "pdflatex" is mapped to "tetex").
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let

View File

@ -2,9 +2,9 @@
# Most of the stuff here should probably be moved elsewhere sometime.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with pkgs.lib;
with lib;
let
@ -17,8 +17,7 @@ in
config = {
environment.variables =
{ LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
LOCATE_PATH = "/var/cache/locatedb";
{ LOCATE_PATH = "/var/cache/locatedb";
NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix";
NIX_PATH =
[ "/nix/var/nix/profiles/per-user/root/channels/nixos"
@ -45,7 +44,7 @@ in
TERMINFO_DIRS = [ "${i}/share/terminfo" ];
PERL5LIB = [ "${i}/lib/perl5/site_perl" ];
ALSA_PLUGIN_DIRS = [ "${i}/lib/alsa-lib" ];
GST_PLUGIN_PATH = [ "${i}/lib/gstreamer-0.10" ];
GST_PLUGIN_SYSTEM_PATH = [ "${i}/lib/gstreamer-0.10" ];
KDEDIRS = [ "${i}" ];
STRIGI_PLUGIN_PATH = [ "${i}/lib/strigi/" ];
QT_PLUGIN_PATH = [ "${i}/lib/qt4/plugins" "${i}/lib/kde4/plugins" ];

Some files were not shown because too many files have changed in this diff Show More