mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-27 09:23:01 +00:00
Merge branch 'master' into dbus-switch-to-configuration
Conflicts: nixos/modules/system/activation/switch-to-configuration.pl
This commit is contained in:
commit
42ae633445
10
README.md
Normal file
10
README.md
Normal file
@ -0,0 +1,10 @@
|
||||
Nixpkgs is a collection of packages for [Nix](http://nixos.org/nix/) package
|
||||
manager. Nixpkgs also includes [NixOS](http://nixos.org/nixos/) linux distribution source code.
|
||||
|
||||
* [NixOS installation instructions](http://nixos.org/nixos/manual/#installing-nixos)
|
||||
* [Manual (How to write packages for Nix)](http://nixos.org/nixpkgs/manual/)
|
||||
* [Manual (NixOS)](http://nixos.org/nixos/manual/)
|
||||
* [Continuous build](http://hydra.nixos.org/jobset/nixos/trunk-combined)
|
||||
* [Tests](http://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
|
||||
* [Mailing list](http://lists.science.uu.nl/mailman/listinfo/nix-dev)
|
||||
* [IRC - #nixos on freenode.net](irc://irc.freenode.net/#nixos)
|
@ -1 +1,7 @@
|
||||
import ./pkgs/top-level/all-packages.nix
|
||||
if ! builtins ? nixVersion || builtins.compareVersions "1.6" builtins.nixVersion == 1 then
|
||||
|
||||
abort "This version of Nixpkgs requires Nix >= 1.6, please upgrade!"
|
||||
|
||||
else
|
||||
|
||||
import ./pkgs/top-level/all-packages.nix
|
||||
|
@ -235,12 +235,7 @@ Most of the time, these are the same. For instance, the package
|
||||
bound to the variable name <varname>e2fsprogs</varname> in
|
||||
<filename>all-packages.nix</filename>, and the Nix expression is in
|
||||
<filename>pkgs/os-specific/linux/e2fsprogs/default.nix</filename>.
|
||||
However, identifiers in the Nix language don’t allow certain
|
||||
characters (e.g. dashes), so sometimes a different variable name
|
||||
should be used. For instance, the
|
||||
<literal>module-init-tools</literal> package is bound to the
|
||||
<literal>module_init_tools</literal> variable in
|
||||
<filename>all-packages.nix</filename>.</para>
|
||||
</para>
|
||||
|
||||
<para>There are a few naming guidelines:
|
||||
|
||||
@ -261,17 +256,20 @@ should be used. For instance, the
|
||||
a package named <literal>hello-svn</literal> by
|
||||
<command>nix-env</command>.</para></listitem>
|
||||
|
||||
<listitem><para>Dashes in the package name should be changed to
|
||||
underscores in variable names, rather than to camel case — e.g.,
|
||||
<varname>module_init_tools</varname> instead of
|
||||
<varname>moduleInitTools</varname>.</para></listitem>
|
||||
<listitem><para>Dashes in the package name should be preserved
|
||||
in new variable names, rather than converted to underscores
|
||||
(which was convention up to around 2013 and most names
|
||||
still have underscores instead of dashes) — e.g.,
|
||||
<varname>http-parser</varname> instead of
|
||||
<varname>http_parser</varname>.</para></listitem>
|
||||
|
||||
<listitem><para>If there are multiple versions of a package, this
|
||||
should be reflected in the variable names in
|
||||
<filename>all-packages.nix</filename>,
|
||||
e.g. <varname>hello_0_3</varname> and <varname>hello_0_4</varname>.
|
||||
e.g. <varname>json-c-0-9</varname> and <varname>json-c-0-11</varname>.
|
||||
If there is an obvious “default” version, make an attribute like
|
||||
<literal>hello = hello_0_4;</literal>.</para></listitem>
|
||||
<literal>json-c = json-c-0-9;</literal>.
|
||||
See also <xref linkend="sec-versioning" /></para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
@ -288,7 +286,7 @@ dashes between words — not in camel case. For instance, it should be
|
||||
<filename>allPackages.nix</filename> or
|
||||
<filename>AllPackages.nix</filename>.</para>
|
||||
|
||||
<section><title>Hierachy</title>
|
||||
<section><title>Hierarchy</title>
|
||||
|
||||
<para>Each package should be stored in its own directory somewhere in
|
||||
the <filename>pkgs/</filename> tree, i.e. in
|
||||
@ -567,7 +565,7 @@ splitting up an existing category.</para>
|
||||
|
||||
</section>
|
||||
|
||||
<section><title>Versioning</title>
|
||||
<section xml:id="sec-versioning"><title>Versioning</title>
|
||||
|
||||
<para>Because every version of a package in Nixpkgs creates a
|
||||
potential maintenance burden, old versions of a package should not be
|
||||
|
@ -108,7 +108,7 @@ a <varname>preConfigure</varname> hook to generate a configuration
|
||||
file used by <filename>Makefile.PL</filename>:
|
||||
|
||||
<programlisting>
|
||||
{buildPerlPackage, fetchurl, db4}:
|
||||
{buildPerlPackage, fetchurl, db}:
|
||||
|
||||
buildPerlPackage rec {
|
||||
name = "BerkeleyDB-0.36";
|
||||
@ -119,8 +119,8 @@ buildPerlPackage rec {
|
||||
};
|
||||
|
||||
preConfigure = ''
|
||||
echo "LIB = ${db4}/lib" > config.in
|
||||
echo "INCLUDE = ${db4}/include" >> config.in
|
||||
echo "LIB = ${db}/lib" > config.in
|
||||
echo "INCLUDE = ${db}/include" >> config.in
|
||||
'';
|
||||
}
|
||||
</programlisting>
|
||||
|
@ -164,7 +164,7 @@ meta.hydraPlatforms = [];
|
||||
<listitem><para>If set to <literal>true</literal>, the package is
|
||||
marked as “broken”, meaning that it won’t show up in
|
||||
<literal>nix-env -qa</literal>, and cannot be built or installed.
|
||||
Sush packages should be removed from Nixpkgs eventually unless
|
||||
Such packages should be removed from Nixpkgs eventually unless
|
||||
they are fixed.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
158
doc/outline.txt
158
doc/outline.txt
@ -1,158 +0,0 @@
|
||||
- The standard environment
|
||||
|
||||
(Some of this can be moved from the Nix manual)
|
||||
|
||||
- Special attributes
|
||||
|
||||
- Generic builder
|
||||
|
||||
- Helper functions
|
||||
|
||||
- GCC / ld wrapper (+ env vars)
|
||||
|
||||
- Phases (+ how to add phases) and hooks
|
||||
|
||||
- Override functions for stdenv
|
||||
|
||||
- Overriding GCC
|
||||
|
||||
- Overriding the setup script
|
||||
|
||||
- Predefined override functions in all-packages.nix: static binary
|
||||
stdenv, dietlibc stdenv
|
||||
|
||||
- Stdenv bootstrap; how to update the Linux bootstrap binaries
|
||||
|
||||
- Specific platform notes (Linux, Native, Cygwin, Mingw)
|
||||
|
||||
|
||||
- Support for specific languages
|
||||
|
||||
- Perl
|
||||
|
||||
- Generic Perl builder
|
||||
|
||||
- Python
|
||||
|
||||
- Wrapper generation
|
||||
|
||||
- Haskell
|
||||
|
||||
- TODO
|
||||
|
||||
- Java
|
||||
|
||||
- TODO; Java needs lots of improvement
|
||||
|
||||
- TeX/LaTeX
|
||||
|
||||
- Special support for building TeX documents
|
||||
|
||||
|
||||
- Special kinds of applications
|
||||
|
||||
- OpenGL apps
|
||||
|
||||
- Binary-only apps
|
||||
|
||||
- Linux kernel modules
|
||||
|
||||
- Mozilla plugins/extensions
|
||||
|
||||
- X apps
|
||||
|
||||
- KDE apps
|
||||
|
||||
- GConf-based apps
|
||||
|
||||
- Programs that need wrappers
|
||||
|
||||
- makeWrapper etc.
|
||||
|
||||
- Initial ramdisks
|
||||
|
||||
|
||||
- Library functions
|
||||
|
||||
- i.e. in lib/default.nix
|
||||
|
||||
|
||||
- Specific package notes
|
||||
|
||||
- Linux kernel; how to update; feature tests
|
||||
|
||||
- X.org; how to update
|
||||
|
||||
- Gnome; how to update
|
||||
|
||||
- GCC?
|
||||
|
||||
- GHC?
|
||||
|
||||
- ...
|
||||
|
||||
|
||||
- Meta attributes
|
||||
|
||||
- License attr; possible values
|
||||
|
||||
|
||||
- Virtual machine support (for the build farm)
|
||||
|
||||
- vmtools
|
||||
|
||||
- KVM notes
|
||||
|
||||
- Performing a build in a VM
|
||||
|
||||
- In the host FS
|
||||
|
||||
- In a disk image
|
||||
|
||||
- RPM builds
|
||||
|
||||
- RPM image creation
|
||||
|
||||
- Deb builds
|
||||
|
||||
- Deb image creation
|
||||
|
||||
- Debugging VM builds
|
||||
|
||||
|
||||
- Guidelines for Nixpkgs contributions
|
||||
|
||||
- File naming conventions
|
||||
|
||||
- Versioning of packages
|
||||
|
||||
- Tree organisation
|
||||
|
||||
- Variable naming
|
||||
|
||||
- Layout / indentations style
|
||||
|
||||
- Output FS hierarchy (e.g. $out/share/man instead of $out/man)
|
||||
|
||||
|
||||
- Misc
|
||||
|
||||
- Building outside of the Nixpkgs tree
|
||||
|
||||
- Config options
|
||||
|
||||
- Downloading stuff
|
||||
|
||||
- fetchurl
|
||||
|
||||
- mirror:// scheme
|
||||
|
||||
- fetchsvn
|
||||
|
||||
- fetchcvs
|
||||
|
||||
- fetchdarcs
|
||||
|
||||
|
||||
- Appendix: Nixpkgs config options
|
||||
|
@ -71,7 +71,7 @@ $ git add pkgs/development/libraries/libfoo/default.nix</screen>
|
||||
|
||||
<listitem>
|
||||
<para>GNU Multiple Precision arithmetic library (GMP): <link
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/gmp/5.1.1.nix"><filename>pkgs/development/libraries/gmp/5.1.1.nix</filename></link>.
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/gmp/5.1.x.nix"><filename>pkgs/development/libraries/gmp/5.1.x.nix</filename></link>.
|
||||
Also done by the generic builder, but has a dependency on
|
||||
<varname>m4</varname>.</para>
|
||||
</listitem>
|
||||
|
@ -298,6 +298,13 @@ executed and in what order:
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>preFixupPhases</varname></term>
|
||||
<listitem>
|
||||
<para>Additional phases executed just before the fixup phase.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>preDistPhases</varname></term>
|
||||
<listitem>
|
||||
@ -1156,12 +1163,27 @@ echo @foo@
|
||||
to Qt’s path.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>gdk-pixbuf</term>
|
||||
<listitem><para>Exports <envar>GDK_PIXBUF_MODULE_FILE</envar>
|
||||
environment variable the the builder. Add librsvg package
|
||||
to <varname>buildInputs</varname> to get svg support.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>GHC</term>
|
||||
<listitem><para>Creates a temporary package database and registers
|
||||
every Haskell build input in it (TODO: how?).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>GStreamer</term>
|
||||
<listitem><para>Adds the
|
||||
GStreamer plugins subdirectory of
|
||||
each build input to the <envar>GST_PLUGIN_SYSTEM_PATH_1_0</envar> or
|
||||
<envar>GST_PLUGIN_SYSTEM_PATH</envar> environment variable.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
</para>
|
||||
|
@ -25,19 +25,15 @@
|
||||
amd = {
|
||||
shortName = "amd";
|
||||
fullName = "AMD License Agreement";
|
||||
url = "http://developer.amd.com/amd-license-agreement/";
|
||||
};
|
||||
url = http://developer.amd.com/amd-license-agreement/;
|
||||
};#
|
||||
|
||||
amdadl = {
|
||||
shortName = "amd-adl";
|
||||
fullName = "amd-adl license";
|
||||
url = "http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/licenses/AMD-ADL?revision=1.1";
|
||||
apsl20 = {
|
||||
shortName = "APSL 2.0";
|
||||
fullName = "Apple Public Source License 2.0";
|
||||
url = http://opensource.org/licenses/APSL-2.0;
|
||||
};
|
||||
|
||||
# Apple Public Source License 2.0;
|
||||
# http://opensource.org/licenses/APSL-2.0
|
||||
apsl20 = "APSL 2.0";
|
||||
|
||||
asl20 = {
|
||||
shortName = "ASL2.0";
|
||||
fullName = "Apache Software License 2.0";
|
||||
@ -68,6 +64,12 @@
|
||||
url = https://fedoraproject.org/wiki/Licensing/BSD;
|
||||
};
|
||||
|
||||
cc-by-30 = {
|
||||
shortName = "CC BY 3.0";
|
||||
fullName = "Creative Commons Attribution 3.0";
|
||||
url = http://creativecommons.org/licenses/by/3.0;
|
||||
};
|
||||
|
||||
cddl = {
|
||||
shortName = "CDDL";
|
||||
fullName = "Common Development Distribution License ";
|
||||
@ -86,7 +88,11 @@
|
||||
url = http://www.eclipse.org/legal/epl-v10.html;
|
||||
};
|
||||
|
||||
gpl2 = "GPLv2";
|
||||
gpl2 = {
|
||||
shortName = "GPLv2";
|
||||
fullName = "GNU General Public License version 2";
|
||||
url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
|
||||
};
|
||||
|
||||
gpl2Oss = {
|
||||
shortName = "GPLv2+OSS";
|
||||
@ -94,9 +100,11 @@
|
||||
url = http://www.mysql.com/about/legal/licensing/foss-exception;
|
||||
};
|
||||
|
||||
# GNU General Public License version 2 or later;
|
||||
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
|
||||
gpl2Plus = "GPLv2+";
|
||||
gpl2Plus = {
|
||||
shortName = "GPLv2+";
|
||||
fullName = "GNU General Public License version 2 or later";
|
||||
url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
|
||||
};
|
||||
|
||||
gpl3 = {
|
||||
shortName = "GPLv3";
|
||||
@ -140,7 +148,11 @@
|
||||
url = https://fedoraproject.org/wiki/Licensing/libtiff;
|
||||
};
|
||||
|
||||
lgpl2 = "LGPLv2";
|
||||
lgpl2 = {
|
||||
shortName = "LGPLv2";
|
||||
fullName = "GNU Library General Public License version 2";
|
||||
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
|
||||
};
|
||||
|
||||
lgpl2Plus = {
|
||||
shortName = "LGPLv2+";
|
||||
@ -148,7 +160,11 @@
|
||||
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
|
||||
};
|
||||
|
||||
lgpl21 = "LGPLv2.1";
|
||||
lgpl21 = {
|
||||
shortName = "LGPLv2.1";
|
||||
fullName = "GNU Lesser General Public License version 2.1";
|
||||
url = http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html;
|
||||
};
|
||||
|
||||
lgpl21Plus = {
|
||||
shortName = "LGPLv2.1+";
|
||||
@ -238,4 +254,10 @@
|
||||
fullName = "Zope Public License 2.1";
|
||||
url = "http://old.zope.org/Resources/License/ZPL-2.1";
|
||||
};
|
||||
|
||||
sleepycat = {
|
||||
shortName = "Sleepycat";
|
||||
fullName = "Sleepycat Public License";
|
||||
url = "https://en.wikipedia.org/wiki/Sleepycat_License";
|
||||
};
|
||||
}
|
||||
|
@ -226,4 +226,5 @@ in rec {
|
||||
deepSeqList = xs: y: if any (x: deepSeq x false) xs then y else y;
|
||||
|
||||
crossLists = f: foldl (fs: args: concatMap (f: map f args) fs) [f];
|
||||
|
||||
}
|
||||
|
@ -4,35 +4,46 @@
|
||||
/* Add your name and email address here. Keep the list
|
||||
alphabetically sorted. */
|
||||
|
||||
_1126 = "Christian Lask <mail@elfsechsundzwanzig.de>";
|
||||
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
|
||||
akc = "Anders Claesson <akc@akc.is>";
|
||||
algorith = "Dries Van Daele <dries_van_daele@telenet.be>";
|
||||
all = "Nix Committers <nix-commits@lists.science.uu.nl>";
|
||||
amiddelk = "Arie Middelkoop <amiddelk@gmail.com>";
|
||||
amorsillo = "Andrew Morsillo <andrew.morsillo@gmail.com>";
|
||||
AndersonTorres = "Anderson Torres <torres.anderson.85@gmail.com>";
|
||||
andres = "Andres Loeh <ksnixos@andres-loeh.de>";
|
||||
antono = "Antono Vasiljev <self@antono.info>";
|
||||
astsmtl = "Alexander Tsamutali <astsmtl@yandex.ru>";
|
||||
aszlig = "aszlig <aszlig@redmoonstudios.org>";
|
||||
bbenoist = "Baptist BENOIST <return_0@live.com>";
|
||||
bennofs = "Benno Fünfstück <benno.fuenfstueck@gmail.com>";
|
||||
bjg = "Brian Gough <bjg@gnu.org>";
|
||||
bjornfor = "Bjørn Forsman <bjorn.forsman@gmail.com>";
|
||||
bluescreen303 = "Mathijs Kwik <mathijs@bluescreen303.nl>";
|
||||
bodil = "Bodil Stokke <nix@bodil.org>";
|
||||
calrama = "Moritz Maxeiner <moritz@ucworks.org>";
|
||||
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
|
||||
coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
|
||||
coroa = "Jonas Hörsch <jonas@chaoflow.net>";
|
||||
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
|
||||
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
|
||||
ertes = "Ertugrul Söylemez <es@ertes.de>";
|
||||
emery = "Emery Hemingawy <emery@vfemail.net>";
|
||||
ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
|
||||
falsifian = "James Cook <james.cook@utoronto.ca>";
|
||||
garbas = "Rok Garbas <rok@garbas.si>";
|
||||
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
|
||||
guibert = "David Guibert <david.guibert@gmail.com>";
|
||||
hinton = "Tom Hinton <t@larkery.com>";
|
||||
ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
|
||||
iElectric = "Domen Kozar <domen@dev.si>";
|
||||
iyzsong = "Song Wenwu <iyzsong@gmail.com>";
|
||||
jcumming = "Jack Cummings <jack@mudshark.org>";
|
||||
jwiegley = "John Wiegley <johnw@newartisans.com>";
|
||||
kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
|
||||
ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
|
||||
lethalman = "Luca Bruno <lucabru@src.gnome.org>";
|
||||
linquize = "Linquize <linquize@yahoo.com.hk>";
|
||||
lovek323 = "Jason O'Conal <jason@oconal.id.au>";
|
||||
ludo = "Ludovic Courtès <ludo@gnu.org>";
|
||||
madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
|
||||
@ -40,6 +51,7 @@
|
||||
matejc = "Matej Cotman <cotman.matej@gmail.com>";
|
||||
modulistic = "Pablo Costa <modulistic@gmail.com>";
|
||||
mornfall = "Petr Ročkai <me@mornfall.net>";
|
||||
msackman = "Matthew Sackman <matthew@wellquite.org>";
|
||||
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
|
||||
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
|
||||
orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
|
||||
@ -47,26 +59,34 @@
|
||||
phreedom = "Evgeny Egorochkin <phreedom@yandex.ru>";
|
||||
pierron = "Nicolas B. Pierron <nixos@nbp.name>";
|
||||
piotr = "Piotr Pietraszkiewicz <ppietrasa@gmail.com>";
|
||||
pkmx = "Chih-Mao Chen <pkmx.tw@gmail.com>";
|
||||
pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
|
||||
qknight = "Joachim Schiele <js@lastlog.de>";
|
||||
raskin = "Michael Raskin <7c6f434c@mail.ru>";
|
||||
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
|
||||
rickynils = "Rickard Nilsson <rickynils@gmail.com>";
|
||||
rob = "Rob Vermaas <rob.vermaas@gmail.com>";
|
||||
roconnor = "Russell O'Connor <roconnor@theorem.ca>";
|
||||
roelof = "Roelof Wobben <rwobben@hotmail.com>";
|
||||
romildo = "José Romildo Malaquias <malaquias@gmail.com>";
|
||||
rszibele = "Richard Szibele <richard_szibele@hotmail.com>";
|
||||
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
|
||||
shlevy = "Shea Levy <shea@shealevy.com>";
|
||||
simons = "Peter Simons <simons@cryp.to>";
|
||||
smironov = "Sergey Mironov <ierton@gmail.com>";
|
||||
sprock = "Roger Mason <rmason@mun.ca>";
|
||||
thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
|
||||
the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
|
||||
thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
|
||||
tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
|
||||
ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
|
||||
urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
|
||||
vcunat = "Vladimír Čunát <vcunat@gmail.com>";
|
||||
viric = "Lluís Batlle i Rossell <viric@viric.name>";
|
||||
vizanto = "Danny Wilson <danny@prime.vc>";
|
||||
vlstill = "Vladimír Štill <xstill@fi.muni.cz>";
|
||||
winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
|
||||
wizeman = "Ricardo M. Correia <rcorreia@wizy.org>";
|
||||
z77z = "Marco Maggesi <maggesi@math.unifi.it>";
|
||||
zef = "Zef Hemel <zef@zef.me>";
|
||||
zimbatm = "zimbatm <zimbatm@zimbatm.com>";
|
||||
|
15
lib/meta.nix
15
lib/meta.nix
@ -14,7 +14,7 @@ rec {
|
||||
addMetaAttrs {description = "Bla blah";} somePkg
|
||||
*/
|
||||
addMetaAttrs = newAttrs: drv:
|
||||
drv // { meta = (if drv ? meta then drv.meta else {}) // newAttrs; };
|
||||
drv // { meta = (drv.meta or {}) // newAttrs; };
|
||||
|
||||
|
||||
/* Change the symbolic name of a package for presentation purposes
|
||||
@ -31,11 +31,10 @@ rec {
|
||||
updateName = updater: drv: drv // {name = updater (drv.name);};
|
||||
|
||||
|
||||
/* Append a suffix to the name of a package. !!! the suffix should
|
||||
really be appended *before* the version, at least most of the
|
||||
time.
|
||||
*/
|
||||
appendToName = suffix: updateName (name: "${name}-${suffix}");
|
||||
/* Append a suffix to the name of a package (before the version
|
||||
part). */
|
||||
appendToName = suffix: updateName (name:
|
||||
let x = builtins.parseDrvName name; in "${x.name}-${suffix}-${x.version}");
|
||||
|
||||
|
||||
/* Apply a function to each derivation and only to derivations in an attrset
|
||||
@ -51,7 +50,7 @@ rec {
|
||||
|
||||
/* Apply lowPrio to an attrset with derivations
|
||||
*/
|
||||
lowPrioSet = set: mapDerivationAttrset lowPrio set;
|
||||
lowPrioSet = set: mapDerivationAttrset lowPrio set;
|
||||
|
||||
|
||||
/* Increase the nix-env priority of the package, i.e., this
|
||||
@ -63,5 +62,5 @@ rec {
|
||||
/* Apply hiPrio to an attrset with derivations
|
||||
*/
|
||||
hiPrioSet = set: mapDerivationAttrset hiPrio set;
|
||||
|
||||
|
||||
}
|
||||
|
@ -12,7 +12,7 @@ rec {
|
||||
and ‘config’: the nested set of all option values. */
|
||||
evalModules = { modules, prefix ? [], args ? {}, check ? true }:
|
||||
let
|
||||
args' = args // result;
|
||||
args' = args // { lib = import ./.; } // result;
|
||||
closed = closeModules modules args';
|
||||
# Note: the list of modules is reversed to maintain backward
|
||||
# compatibility with the old module system. Not sure if this is
|
||||
@ -155,8 +155,14 @@ rec {
|
||||
let
|
||||
# Process mkOverride properties, adding in the default
|
||||
# value specified in the option declaration (if any).
|
||||
defsFinal = filterOverrides
|
||||
defsFinal' = filterOverrides
|
||||
((if opt ? default then [{ file = head opt.declarations; value = mkOptionDefault opt.default; }] else []) ++ defs);
|
||||
# Sort mkOrder properties.
|
||||
defsFinal =
|
||||
# Avoid sorting if we don't have to.
|
||||
if any (def: def.value._type or "" == "order") defsFinal'
|
||||
then sortProperties defsFinal'
|
||||
else defsFinal';
|
||||
files = map (def: def.file) defsFinal;
|
||||
# Type-check the remaining definitions, and merge them if
|
||||
# possible.
|
||||
@ -180,7 +186,7 @@ rec {
|
||||
};
|
||||
|
||||
/* Given a config set, expand mkMerge properties, and push down the
|
||||
mkIf properties into the children. The result is a list of
|
||||
other properties into the children. The result is a list of
|
||||
config sets that do not have properties at top-level. For
|
||||
example,
|
||||
|
||||
@ -201,7 +207,7 @@ rec {
|
||||
map (mapAttrs (n: v: mkIf cfg.condition v)) (pushDownProperties cfg.content)
|
||||
else if cfg._type or "" == "override" then
|
||||
map (mapAttrs (n: v: mkOverride cfg.priority v)) (pushDownProperties cfg.content)
|
||||
else
|
||||
else # FIXME: handle mkOrder?
|
||||
[ cfg ];
|
||||
|
||||
/* Given a config value, expand mkMerge properties, and discharge
|
||||
@ -253,6 +259,19 @@ rec {
|
||||
strip = def: if def.value._type or "" == "override" then def // { value = def.value.content; } else def;
|
||||
in concatMap (def: if getPrio def == highestPrio then [(strip def)] else []) defs;
|
||||
|
||||
/* Sort a list of properties. The sort priority of a property is
|
||||
1000 by default, but can be overriden by wrapping the property
|
||||
using mkOrder. */
|
||||
sortProperties = defs:
|
||||
let
|
||||
strip = def:
|
||||
if def.value._type or "" == "order"
|
||||
then def // { value = def.value.content; inherit (def.value) priority; }
|
||||
else def;
|
||||
defs' = map strip defs;
|
||||
compare = a: b: (a.priority or 1000) < (b.priority or 1000);
|
||||
in sort compare defs';
|
||||
|
||||
/* Hack for backward compatibility: convert options of type
|
||||
optionSet to configOf. FIXME: remove eventually. */
|
||||
fixupOptionType = loc: opt:
|
||||
@ -302,8 +321,13 @@ rec {
|
||||
|
||||
mkFixStrictness = id; # obsolete, no-op
|
||||
|
||||
# FIXME: Add mkOrder back in. It's not currently used anywhere in
|
||||
# NixOS, but it should be useful.
|
||||
mkOrder = priority: content:
|
||||
{ _type = "order";
|
||||
inherit priority content;
|
||||
};
|
||||
|
||||
mkBefore = mkOrder 500;
|
||||
mkAfter = mkOrder 1500;
|
||||
|
||||
|
||||
/* Compatibility. */
|
||||
|
@ -10,9 +10,12 @@ rec {
|
||||
cleanSource =
|
||||
let filter = name: type: let baseName = baseNameOf (toString name); in ! (
|
||||
# Filter out Subversion and CVS directories.
|
||||
(type == "directory" && (baseName == ".git" || baseName == ".svn" || baseName == "CVS")) ||
|
||||
(type == "directory" && (baseName == ".git" || baseName == ".svn" || baseName == "CVS" || baseName == ".hg")) ||
|
||||
# Filter out backup files.
|
||||
(lib.hasSuffix "~" baseName)
|
||||
lib.hasSuffix "~" baseName ||
|
||||
# Filter out generates files.
|
||||
lib.hasSuffix ".o" baseName ||
|
||||
lib.hasSuffix ".so" baseName
|
||||
);
|
||||
in src: builtins.filterSource filter src;
|
||||
|
||||
|
@ -41,4 +41,13 @@ rec {
|
||||
pathExists readFile isBool isFunction
|
||||
isInt add sub lessThan;
|
||||
|
||||
# Return the Nixpkgs version number.
|
||||
nixpkgsVersion =
|
||||
let suffixFile = ../.version-suffix; in
|
||||
readFile ../.version
|
||||
+ (if pathExists suffixFile then readFile suffixFile else "pre-git");
|
||||
|
||||
# Whether we're being called by nix-shell. This is useful to
|
||||
inNixShell = builtins.getEnv "IN_NIX_SHELL" == "1";
|
||||
|
||||
}
|
||||
|
@ -10,7 +10,6 @@ with import ./strings.nix;
|
||||
rec {
|
||||
|
||||
isType = type: x: (x._type or "") == type;
|
||||
typeOf = x: x._type or "";
|
||||
|
||||
setType = typeName: value: value // {
|
||||
_type = typeName;
|
||||
@ -132,7 +131,7 @@ rec {
|
||||
{ inherit (def) file;
|
||||
value = listToAttrs (
|
||||
imap (elemIdx: elem:
|
||||
{ name = "unnamed-${toString defIdx}.${toString elemIdx}";
|
||||
{ name = elem.name or "unnamed-${toString defIdx}.${toString elemIdx}";
|
||||
value = elem;
|
||||
}) def.value);
|
||||
}
|
||||
|
@ -1,45 +0,0 @@
|
||||
#! /bin/sh -e
|
||||
|
||||
distDir=${NIX_TARBALLS_CACHE:-/tarballs}
|
||||
|
||||
url="$1"
|
||||
file="$2"
|
||||
if [ -z "$url" ]; then echo "syntax: $0 URL"; exit 0; fi
|
||||
|
||||
base="$(basename "$url")"
|
||||
if [ -z "$base" ]; then echo "bad URL"; exit 1; fi
|
||||
dstPath="$distDir/$base"
|
||||
|
||||
if [ -e "$dstPath" ]; then if [ -n "$VERBOSE" ]; then echo "$dstPath already exists"; fi; exit 0; fi
|
||||
|
||||
if [ -z "$file" ]; then
|
||||
|
||||
echo "downloading $url to $dstPath"
|
||||
|
||||
if [ -n "$DRY_RUN" ]; then exit 0; fi
|
||||
|
||||
declare -a res
|
||||
if ! res=($(PRINT_PATH=1 nix-prefetch-url "$url")); then
|
||||
exit
|
||||
fi
|
||||
|
||||
storePath=${res[1]}
|
||||
|
||||
else
|
||||
storePath="$file"
|
||||
fi
|
||||
|
||||
cp $storePath "$dstPath.tmp.$$"
|
||||
mv -f "$dstPath.tmp.$$" "$dstPath"
|
||||
|
||||
echo "hashing $dstPath"
|
||||
|
||||
md5=$(nix-hash --flat --type md5 "$dstPath")
|
||||
ln -sfn "../$base" $distDir/md5/$md5
|
||||
|
||||
sha1=$(nix-hash --flat --type sha1 "$dstPath")
|
||||
ln -sfn "../$base" $distDir/sha1/$sha1
|
||||
|
||||
sha256=$(nix-hash --flat --type sha256 "$dstPath")
|
||||
ln -sfn "../$base" $distDir/sha256/$sha256
|
||||
ln -sfn "../$base" $distDir/sha256/$(nix-hash --type sha256 --to-base32 "$sha256")
|
95
maintainers/scripts/copy-tarballs.pl
Executable file
95
maintainers/scripts/copy-tarballs.pl
Executable file
@ -0,0 +1,95 @@
|
||||
#! /run/current-system/sw/bin/perl -w
|
||||
|
||||
use strict;
|
||||
use XML::Simple;
|
||||
use File::Basename;
|
||||
use File::Path;
|
||||
use File::Copy 'cp';
|
||||
use IPC::Open2;
|
||||
use Nix::Store;
|
||||
|
||||
my $myDir = dirname($0);
|
||||
|
||||
my $tarballsCache = $ENV{'NIX_TARBALLS_CACHE'} // "/tarballs";
|
||||
|
||||
my $xml = `nix-instantiate --eval-only --xml --strict '<nixpkgs/maintainers/scripts/find-tarballs.nix>'`;
|
||||
die "$0: evaluation failed\n" if $? != 0;
|
||||
|
||||
my $data = XMLin($xml) or die;
|
||||
|
||||
mkpath($tarballsCache);
|
||||
mkpath("$tarballsCache/md5");
|
||||
mkpath("$tarballsCache/sha1");
|
||||
mkpath("$tarballsCache/sha256");
|
||||
|
||||
foreach my $file (@{$data->{list}->{attrs}}) {
|
||||
my $url = $file->{attr}->{url}->{string}->{value};
|
||||
my $algo = $file->{attr}->{type}->{string}->{value};
|
||||
my $hash = $file->{attr}->{hash}->{string}->{value};
|
||||
|
||||
if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) {
|
||||
print STDERR "skipping $url (unsupported scheme)\n";
|
||||
next;
|
||||
}
|
||||
|
||||
$url =~ /([^\/]+)$/;
|
||||
my $fn = $1;
|
||||
|
||||
if (!defined $fn) {
|
||||
print STDERR "skipping $url (no file name)\n";
|
||||
next;
|
||||
}
|
||||
|
||||
if ($fn =~ /[&?=%]/ || $fn =~ /^\./) {
|
||||
print STDERR "skipping $url (bad character in file name)\n";
|
||||
next;
|
||||
}
|
||||
|
||||
if ($fn !~ /[a-zA-Z]/) {
|
||||
print STDERR "skipping $url (no letter in file name)\n";
|
||||
next;
|
||||
}
|
||||
|
||||
if ($fn !~ /[0-9]/) {
|
||||
print STDERR "skipping $url (no digit in file name)\n";
|
||||
next;
|
||||
}
|
||||
|
||||
if ($fn !~ /[-_\.]/) {
|
||||
print STDERR "skipping $url (no dash/dot/underscore in file name)\n";
|
||||
next;
|
||||
}
|
||||
|
||||
my $dstPath = "$tarballsCache/$fn";
|
||||
|
||||
next if -e $dstPath;
|
||||
|
||||
print "downloading $url to $dstPath...\n";
|
||||
|
||||
next if $ENV{DRY_RUN};
|
||||
|
||||
$ENV{QUIET} = 1;
|
||||
$ENV{PRINT_PATH} = 1;
|
||||
my $fh;
|
||||
my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
|
||||
waitpid($pid, 0) or die;
|
||||
if ($? != 0) {
|
||||
print STDERR "failed to fetch $url: $?\n";
|
||||
last if $? >> 8 == 255;
|
||||
next;
|
||||
}
|
||||
<$fh>; my $storePath = <$fh>; chomp $storePath;
|
||||
|
||||
die unless -e $storePath;
|
||||
|
||||
cp($storePath, $dstPath) or die;
|
||||
|
||||
my $md5 = hashFile("md5", 0, $storePath) or die;
|
||||
symlink("../$fn", "$tarballsCache/md5/$md5");
|
||||
|
||||
my $sha1 = hashFile("sha1", 0, $storePath) or die;
|
||||
symlink("../$fn", "$tarballsCache/sha1/$sha1");
|
||||
|
||||
my $sha256 = hashFile("sha256", 0, $storePath) or die;
|
||||
symlink("../$fn", "$tarballsCache/sha256/$sha256");
|
||||
}
|
@ -1,27 +0,0 @@
|
||||
#! /bin/sh -e
|
||||
|
||||
urls=$(nix-instantiate --eval-only --xml --strict '<nixpkgs/maintainers/scripts/eval-release.nix>' \
|
||||
| grep -A2 'name="urls"' \
|
||||
| grep '<string value=' \
|
||||
| sed 's/.*"\(.*\)".*/\1/' \
|
||||
| sort | uniq)
|
||||
|
||||
for url in $urls; do
|
||||
if echo "$url" | grep -q -E "www.cs.uu.nl|nixos.org|.stratego-language.org|java.sun.com|ut2004|linuxq3a|RealPlayer|Adbe|belastingdienst|microsoft|armijn/.nix|sun.com|archive.eclipse.org"; then continue; fi
|
||||
|
||||
# Check the URL scheme.
|
||||
if ! echo "$url" | grep -q -E "^[a-z]+://"; then echo "skipping $url (no URL scheme)"; continue; fi
|
||||
|
||||
# Check the basename. It should include something resembling a version.
|
||||
base="$(basename "$url")"
|
||||
#if ! echo "$base" | grep -q -E "[-_].*[0-9].*"; then echo "skipping $url (no version)"; continue; fi
|
||||
if ! echo "$base" | grep -q -E "[a-zA-Z]"; then echo "skipping $url (no letter in name)"; continue; fi
|
||||
if ! echo "$base" | grep -q -E "[0-9]"; then echo "skipping $url (no digit in name)"; continue; fi
|
||||
if ! echo "$base" | grep -q -E "[-_\.]"; then echo "skipping $url (no dot/underscore in name)"; continue; fi
|
||||
if echo "$base" | grep -q -E "[&?=%]"; then echo "skipping $url (bad character in name)"; continue; fi
|
||||
if [ "${base:0:1}" = "." ]; then echo "skipping $url (starts with a dot)"; continue; fi
|
||||
|
||||
$(dirname $0)/copy-tarball.sh "$url"
|
||||
done
|
||||
|
||||
echo DONE
|
45
maintainers/scripts/find-tarballs.nix
Normal file
45
maintainers/scripts/find-tarballs.nix
Normal file
@ -0,0 +1,45 @@
|
||||
# This expression returns a list of all fetchurl calls used by all
|
||||
# packages reachable from release.nix.
|
||||
|
||||
with import ../.. { };
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
root = removeAttrs (import ../../pkgs/top-level/release.nix { }) [ "tarball" "unstable" ];
|
||||
|
||||
uniqueUrls = map (x: x.file) (genericClosure {
|
||||
startSet = map (file: { key = file.url; inherit file; }) urls;
|
||||
operator = const [ ];
|
||||
});
|
||||
|
||||
urls = map (drv: { url = head drv.urls; hash = drv.outputHash; type = drv.outputHashAlgo; }) fetchurlDependencies;
|
||||
|
||||
fetchurlDependencies = filter (drv: drv.outputHash or "" != "" && drv ? urls) dependencies;
|
||||
|
||||
dependencies = map (x: x.value) (genericClosure {
|
||||
startSet = map keyDrv (derivationsIn' root);
|
||||
operator = { key, value }: map keyDrv (immediateDependenciesOf value);
|
||||
});
|
||||
|
||||
derivationsIn' = x:
|
||||
if !canEval x then []
|
||||
else if isDerivation x then optional (canEval x.drvPath) x
|
||||
else if isList x then concatLists (map derivationsIn' x)
|
||||
else if isAttrs x then concatLists (mapAttrsToList (n: v: derivationsIn' v) x)
|
||||
else [ ];
|
||||
|
||||
keyDrv = drv: if canEval drv.drvPath then { key = drv.drvPath; value = drv; } else { };
|
||||
|
||||
immediateDependenciesOf = drv:
|
||||
concatLists (mapAttrsToList (n: v: derivationsIn v) (removeAttrs drv ["meta" "passthru"]));
|
||||
|
||||
derivationsIn = x:
|
||||
if !canEval x then []
|
||||
else if isDerivation x then optional (canEval x.drvPath) x
|
||||
else if isList x then concatLists (map derivationsIn x)
|
||||
else [ ];
|
||||
|
||||
canEval = val: (builtins.tryEval val).success;
|
||||
|
||||
in uniqueUrls
|
@ -31,8 +31,7 @@ GetOptions("package|p=s" => \$filter,
|
||||
"maintainer|m=s" => \$maintainer,
|
||||
"file|f=s" => \$path,
|
||||
"help" => sub { showHelp() }
|
||||
)
|
||||
or die("syntax: $0 ...\n");
|
||||
) or exit 1;
|
||||
|
||||
# Evaluate Nixpkgs into an XML representation.
|
||||
my $xml = `nix-env -f '$path' -qa '$filter' --xml --meta --drv-path`;
|
||||
|
@ -1 +0,0 @@
|
||||
improvements to vsftpd module
|
@ -237,7 +237,7 @@ postgresql.package = pkgs.postgresql90;
|
||||
</section>
|
||||
|
||||
|
||||
<section><title>Abstractions</title>
|
||||
<section xml:id="sec-module-abstractions"><title>Abstractions</title>
|
||||
|
||||
<para>If you find yourself repeating yourself over and over, it’s time
|
||||
to abstract. Take, for instance, this Apache HTTP Server configuration:
|
||||
@ -399,7 +399,7 @@ of an expression to be spliced into a string.</para>
|
||||
</section>
|
||||
|
||||
|
||||
<section><title>Modularity</title>
|
||||
<section xml:id="sec-modularity"><title>Modularity</title>
|
||||
|
||||
<para>The NixOS configuration mechanism is modular. If your
|
||||
<filename>configuration.nix</filename> becomes too big, you can split
|
||||
@ -443,8 +443,20 @@ Note that both <filename>configuration.nix</filename> and
|
||||
define an option, NixOS will try to <emphasis>merge</emphasis> the
|
||||
definitions. In the case of
|
||||
<option>environment.systemPackages</option>, that’s easy: the lists of
|
||||
packages can simply be concatenated. For other types of options, a
|
||||
merge may not be possible: for instance, if two modules define
|
||||
packages can simply be concatenated. The value in
|
||||
<filename>configuration.nix</filename> is merged last, so for
|
||||
list-type options, it will appear at the end of the merged list. If
|
||||
you want it to appear first, you can use <varname>mkBefore</varname>:
|
||||
|
||||
<programlisting>
|
||||
boot.kernelModules = mkBefore [ "kvm-intel" ];
|
||||
</programlisting>
|
||||
|
||||
This causes the <literal>kvm-intel</literal> kernel module to be
|
||||
loaded before any other kernel modules.</para>
|
||||
|
||||
<para>For other types of options, a merge may not be possible. For
|
||||
instance, if two modules define
|
||||
<option>services.httpd.adminAddr</option>,
|
||||
<command>nixos-rebuild</command> will give an error:
|
||||
|
||||
@ -526,7 +538,7 @@ nix-repl> map (x: x.hostName) config.services.httpd.virtualHosts
|
||||
</section>
|
||||
|
||||
|
||||
<section><title>Syntax summary</title>
|
||||
<section xml:id="sec-nix-syntax-summary"><title>Syntax summary</title>
|
||||
|
||||
<para>Below is a summary of the most important syntactic constructs in
|
||||
the Nix expression language. It’s not complete. In particular, there
|
||||
@ -718,7 +730,7 @@ manual</link> for the rest.</para>
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Package management</title>
|
||||
<section xml:id="sec-package-management"><title>Package management</title>
|
||||
|
||||
<para>This section describes how to add additional packages to your
|
||||
system. NixOS has two distinct styles of package management:
|
||||
@ -923,7 +935,7 @@ environment.systemPackages = [ (import ./my-hello.nix) ];
|
||||
</programlisting>
|
||||
where <filename>my-hello.nix</filename> contains:
|
||||
<programlisting>
|
||||
with <nixpkgs> {}; # bring all of Nixpkgs into scope
|
||||
with import <nixpkgs> {}; # bring all of Nixpkgs into scope
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "hello-2.8";
|
||||
@ -1025,7 +1037,6 @@ users.extraUsers.alice =
|
||||
home = "/home/alice";
|
||||
description = "Alice Foobar";
|
||||
extraGroups = [ "wheel" ];
|
||||
isSystemUser = false;
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
|
||||
};
|
||||
@ -1172,7 +1183,7 @@ fileSystems."/".device = "/dev/mapper/crypted";
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>X Window System</title>
|
||||
<section xml:id="sec-x11"><title>X Window System</title>
|
||||
|
||||
<para>The X Window System (X11) provides the basis of NixOS’ graphical
|
||||
user interface. It can be enabled as follows:
|
||||
@ -1184,7 +1195,7 @@ driver from a set of X.org drivers (such as <literal>vesa</literal>
|
||||
and <literal>intel</literal>). You can also specify a driver
|
||||
manually, e.g.
|
||||
<programlisting>
|
||||
services.xserver.videoDrivers = [ "r128" ];
|
||||
hardware.opengl.videoDrivers = [ "r128" ];
|
||||
</programlisting>
|
||||
to enable X.org’s <literal>xf86-video-r128</literal> driver.</para>
|
||||
|
||||
@ -1227,7 +1238,7 @@ $ systemctl start display-manager.service
|
||||
has better 3D performance than the X.org drivers. It is not enabled
|
||||
by default because it’s not free software. You can enable it as follows:
|
||||
<programlisting>
|
||||
services.xserver.videoDrivers = [ "nvidia" ];
|
||||
hardware.opengl.videoDrivers = [ "nvidia" ];
|
||||
</programlisting>
|
||||
You may need to reboot after enabling this driver to prevent a clash
|
||||
with other kernel modules.</para>
|
||||
@ -1264,9 +1275,9 @@ services.xserver.synaptics.twoFingerScroll = true;
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Networking</title>
|
||||
<section xml:id="sec-networking"><title>Networking</title>
|
||||
|
||||
<section><title>Secure shell access</title>
|
||||
<section xml:id="sec-ssh"><title>Secure shell access</title>
|
||||
|
||||
<para>Secure shell (SSH) access to your machine can be enabled by
|
||||
setting:
|
||||
@ -1294,7 +1305,7 @@ users.extraUsers.alice.openssh.authorizedKeys.keys =
|
||||
</section>
|
||||
|
||||
|
||||
<section><title>IPv4 configuration</title>
|
||||
<section xml:id="sec-ipv4"><title>IPv4 configuration</title>
|
||||
|
||||
<para>By default, NixOS uses DHCP (specifically,
|
||||
<command>dhcpcd</command>) to automatically configure network
|
||||
@ -1337,7 +1348,7 @@ provide the host name.</para>
|
||||
</section>
|
||||
|
||||
|
||||
<section><title>IPv6 configuration</title>
|
||||
<section xml:id="sec-ipv6"><title>IPv6 configuration</title>
|
||||
|
||||
<para>IPv6 is enabled by default. Stateless address autoconfiguration
|
||||
is used to automatically assign IPv6 addresses to all interfaces. You
|
||||
@ -1352,17 +1363,19 @@ networking.enableIPv6 = false;
|
||||
</section>
|
||||
|
||||
|
||||
<section><title>Firewall</title>
|
||||
<section xml:id="sec-firewall"><title>Firewall</title>
|
||||
|
||||
<para>NixOS has a simple stateful firewall that blocks incoming
|
||||
connections and other unexpected packets. The firewall applies to
|
||||
both IPv4 and IPv6 traffic. It can be enabled as follows:
|
||||
both IPv4 and IPv6 traffic. It is enabled by default. It can be
|
||||
disabled as follows:
|
||||
|
||||
<programlisting>
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.enable = false;
|
||||
</programlisting>
|
||||
|
||||
You can open specific TCP ports to the outside world:
|
||||
If the firewall is enabled, you can open specific TCP ports to the
|
||||
outside world:
|
||||
|
||||
<programlisting>
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
@ -1384,7 +1397,7 @@ always allowed.)</para>
|
||||
</section>
|
||||
|
||||
|
||||
<section><title>Wireless networks</title>
|
||||
<section xml:id="sec-wireless"><title>Wireless networks</title>
|
||||
|
||||
<para>
|
||||
NixOS will start wpa_supplicant for you if you enable this setting:
|
||||
@ -1445,7 +1458,7 @@ networking.localCommands =
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Linux kernel</title>
|
||||
<section xml:id="sec-kernel-config"><title>Linux kernel</title>
|
||||
|
||||
<para>You can override the Linux kernel and associated packages using
|
||||
the option <option>boot.kernelPackages</option>. For instance, this
|
||||
|
242
nixos/doc/manual/containers.xml
Normal file
242
nixos/doc/manual/containers.xml
Normal file
@ -0,0 +1,242 @@
|
||||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xml:id="ch-containers">
|
||||
|
||||
<title>Containers</title>
|
||||
|
||||
<para>NixOS allows you to easily run other NixOS instances as
|
||||
<emphasis>containers</emphasis>. Containers are a light-weight
|
||||
approach to virtualisation that runs software in the container at the
|
||||
same speed as in the host system. NixOS containers share the Nix store
|
||||
of the host, making container creation very efficient.</para>
|
||||
|
||||
<warning><para>Currently, NixOS containers are not perfectly isolated
|
||||
from the host system. This means that a user with root access to the
|
||||
container can do things that affect the host. So you should not give
|
||||
container root access to untrusted users.</para></warning>
|
||||
|
||||
<para>NixOS containers can be created in two ways: imperatively, using
|
||||
the command <command>nixos-container</command>, and declaratively, by
|
||||
specifying them in your <filename>configuration.nix</filename>. The
|
||||
declarative approach implies that containers get upgraded along with
|
||||
your host system when you run <command>nixos-rebuild</command>, which
|
||||
is often not what you want. By contrast, in the imperative approach,
|
||||
containers are configured and updated independently from the host
|
||||
system.</para>
|
||||
|
||||
|
||||
<section><title>Imperative container management</title>
|
||||
|
||||
<para>We’ll cover imperative container management using
|
||||
<command>nixos-container</command> first. You create a container with
|
||||
identifier <literal>foo</literal> as follows:
|
||||
|
||||
<screen>
|
||||
$ nixos-container create foo
|
||||
</screen>
|
||||
|
||||
This creates the container’s root directory in
|
||||
<filename>/var/lib/containers/foo</filename> and a small configuration
|
||||
file in <filename>/etc/containers/foo.conf</filename>. It also builds
|
||||
the container’s initial system configuration and stores it in
|
||||
<filename>/nix/var/nix/profiles/per-container/foo/system</filename>. You
|
||||
can modify the initial configuration of the container on the command
|
||||
line. For instance, to create a container that has
|
||||
<command>sshd</command> running, with the given public key for
|
||||
<literal>root</literal>:
|
||||
|
||||
<screen>
|
||||
$ nixos-container create foo --config 'services.openssh.enable = true; \
|
||||
users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"];'
|
||||
</screen>
|
||||
|
||||
</para>
|
||||
|
||||
<para>Creating a container does not start it. To start the container,
|
||||
run:
|
||||
|
||||
<screen>
|
||||
$ nixos-container start foo
|
||||
</screen>
|
||||
|
||||
This command will return as soon as the container has booted and has
|
||||
reached <literal>multi-user.target</literal>. On the host, the
|
||||
container runs within a systemd unit called
|
||||
<literal>container@<replaceable>container-name</replaceable>.service</literal>.
|
||||
Thus, if something went wrong, you can get status info using
|
||||
<command>systemctl</command>:
|
||||
|
||||
<screen>
|
||||
$ systemctl status container@foo
|
||||
</screen>
|
||||
|
||||
</para>
|
||||
|
||||
<para>If the container has started succesfully, you can log in as
|
||||
root using the <command>root-login</command> operation:
|
||||
|
||||
<screen>
|
||||
$ nixos-container root-login foo
|
||||
[root@foo:~]#
|
||||
</screen>
|
||||
|
||||
Note that only root on the host can do this (since there is no
|
||||
authentication). You can also get a regular login prompt using the
|
||||
<command>login</command> operation, which is available to all users on
|
||||
the host:
|
||||
|
||||
<screen>
|
||||
$ nixos-container login foo
|
||||
foo login: alice
|
||||
Password: ***
|
||||
</screen>
|
||||
|
||||
With <command>nixos-container run</command>, you can execute arbitrary
|
||||
commands in the container:
|
||||
|
||||
<screen>
|
||||
$ nixos-container run foo -- uname -a
|
||||
Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
|
||||
</screen>
|
||||
|
||||
</para>
|
||||
|
||||
<para>There are several ways to change the configuration of the
|
||||
container. First, on the host, you can edit
|
||||
<literal>/var/lib/container/<replaceable>name</replaceable>/etc/nixos/configuration.nix</literal>,
|
||||
and run
|
||||
|
||||
<screen>
|
||||
$ nixos-container update foo
|
||||
</screen>
|
||||
|
||||
This will build and activate the new configuration. You can also
|
||||
specify a new configuration on the command line:
|
||||
|
||||
<screen>
|
||||
$ nixos-container update foo --config 'services.httpd.enable = true; \
|
||||
services.httpd.adminAddr = "foo@example.org";'
|
||||
|
||||
$ curl http://$(nixos-container show-ip foo)/
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">…
|
||||
</screen>
|
||||
|
||||
However, note that this will overwrite the container’s
|
||||
<filename>/etc/nixos/configuration.nix</filename>.</para>
|
||||
|
||||
<para>Alternatively, you can change the configuration from within the
|
||||
container itself by running <command>nixos-rebuild switch</command>
|
||||
inside the container. Note that the container by default does not have
|
||||
a copy of the NixOS channel, so you should run <command>nix-channel
|
||||
--update</command> first.</para>
|
||||
|
||||
<para>Containers can be stopped and started using
|
||||
<literal>nixos-container stop</literal> and <literal>nixos-container
|
||||
start</literal>, respectively, or by using
|
||||
<command>systemctl</command> on the container’s service unit. To
|
||||
destroy a container, including its file system, do
|
||||
|
||||
<screen>
|
||||
$ nixos-container destroy foo
|
||||
</screen>
|
||||
|
||||
</para>
|
||||
|
||||
</section>
|
||||
|
||||
|
||||
<section><title>Declarative container specification</title>
|
||||
|
||||
<para>You can also specify containers and their configuration in the
|
||||
host’s <filename>configuration.nix</filename>. For example, the
|
||||
following specifies that there shall be a container named
|
||||
<literal>database</literal> running PostgreSQL:
|
||||
|
||||
<programlisting>
|
||||
containers.database =
|
||||
{ config =
|
||||
{ config, pkgs, ... }:
|
||||
{ services.postgresql.enable = true;
|
||||
services.postgresql.package = pkgs.postgresql92;
|
||||
};
|
||||
};
|
||||
</programlisting>
|
||||
|
||||
If you run <literal>nixos-rebuild switch</literal>, the container will
|
||||
be built and started. If the container was already running, it will be
|
||||
updated in place, without rebooting.</para>
|
||||
|
||||
<para>By default, declarative containers share the network namespace
|
||||
of the host, meaning that they can listen on (privileged)
|
||||
ports. However, they cannot change the network configuration. You can
|
||||
give a container its own network as follows:
|
||||
|
||||
<programlisting>
|
||||
containers.database =
|
||||
{ privateNetwork = true;
|
||||
hostAddress = "192.168.100.10";
|
||||
localAddress = "192.168.100.11";
|
||||
};
|
||||
</programlisting>
|
||||
|
||||
This gives the container a private virtual Ethernet interface with IP
|
||||
address <literal>192.168.100.11</literal>, which is hooked up to a
|
||||
virtual Ethernet interface on the host with IP address
|
||||
<literal>192.168.100.10</literal>. (See the next section for details
|
||||
on container networking.)</para>
|
||||
|
||||
<para>To disable the container, just remove it from
|
||||
<filename>configuration.nix</filename> and run <literal>nixos-rebuild
|
||||
switch</literal>. Note that this will not delete the root directory of
|
||||
the container in <literal>/var/lib/containers</literal>.</para>
|
||||
|
||||
</section>
|
||||
|
||||
|
||||
<section><title>Networking</title>
|
||||
|
||||
<para>When you create a container using <literal>nixos-container
|
||||
create</literal>, it gets it own private IPv4 address in the range
|
||||
<literal>10.233.0.0/16</literal>. You can get the container’s IPv4
|
||||
address as follows:
|
||||
|
||||
<screen>
|
||||
$ nixos-container show-ip foo
|
||||
10.233.4.2
|
||||
|
||||
$ ping -c1 10.233.4.2
|
||||
64 bytes from 10.233.4.2: icmp_seq=1 ttl=64 time=0.106 ms
|
||||
</screen>
|
||||
|
||||
</para>
|
||||
|
||||
<para>Networking is implemented using a pair of virtual Ethernet
|
||||
devices. The network interface in the container is called
|
||||
<literal>eth0</literal>, while the matching interface in the host is
|
||||
called <literal>c-<replaceable>container-name</replaceable></literal>
|
||||
(e.g., <literal>c-foo</literal>). The container has its own network
|
||||
namespace and the <literal>CAP_NET_ADMIN</literal> capability, so it
|
||||
can perform arbitrary network configuration such as setting up
|
||||
firewall rules, without affecting or having access to the host’s
|
||||
network.</para>
|
||||
|
||||
<para>By default, containers cannot talk to the outside network. If
|
||||
you want that, you should set up Network Address Translation (NAT)
|
||||
rules on the host to rewrite container traffic to use your external
|
||||
IP address. This can be accomplished using the following configuration
|
||||
on the host:
|
||||
|
||||
<programlisting>
|
||||
networking.nat.enable = true;
|
||||
networking.nat.internalInterfaces = ["c-+"];
|
||||
networking.nat.externalInterface = "eth0";
|
||||
</programlisting>
|
||||
where <literal>eth0</literal> should be replaced with the desired
|
||||
external interface. Note that <literal>c-+</literal> is a wildcard
|
||||
that matches all container interfaces.</para>
|
||||
|
||||
</section>
|
||||
|
||||
|
||||
</chapter>
|
||||
|
@ -1,5 +1,6 @@
|
||||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xml:id="ch-development">
|
||||
|
||||
<title>Development</title>
|
||||
|
||||
@ -9,7 +10,7 @@ NixOS.</para>
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section>
|
||||
<section xml:id="sec-getting-sources">
|
||||
|
||||
<title>Getting the sources</title>
|
||||
|
||||
@ -74,7 +75,7 @@ in <filename>nixos/</filename> as packages.</para>
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section>
|
||||
<section xml:id="sec-writing-modules">
|
||||
|
||||
<title>Writing NixOS modules</title>
|
||||
|
||||
@ -188,9 +189,9 @@ commands to be executed periodically by <command>cron</command>).</para>
|
||||
|
||||
<example xml:id='locate-example'><title>NixOS module for the “locate” service</title>
|
||||
<programlisting>
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let locatedb = "/var/cache/locatedb"; in
|
||||
|
||||
@ -579,7 +580,7 @@ systemd.services.dhcpcd =
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section>
|
||||
<section xml:id="sec-building-parts">
|
||||
|
||||
<title>Building specific parts of NixOS</title>
|
||||
|
||||
@ -692,7 +693,7 @@ $ systemctl start tmp-httpd.service
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section>
|
||||
<section xml:id="sec-building-cd">
|
||||
|
||||
<title>Building your own NixOS CD</title>
|
||||
|
||||
@ -748,57 +749,310 @@ $ ./result/bin/nixos-install</screen>
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Whole-system testing using virtual machines</title>
|
||||
<section xml:id="sec-nixos-tests">
|
||||
|
||||
<para>Complete NixOS GNU/Linux systems can be tested in virtual
|
||||
machines (VMs). This makes it possible to test a system upgrade or
|
||||
configuration change before rebooting into it, using the
|
||||
<command>nixos-rebuild build-vm</command> or <command>nixos-rebuild
|
||||
build-vm-with-bootloader</command> command.</para>
|
||||
<title>NixOS tests</title>
|
||||
|
||||
<!-- The following is adapted from
|
||||
http://wiki.nixos.org/wiki/NixOS_VM_tests, by Eelco Dolstra. -->
|
||||
<para>The <filename>tests/</filename> directory in the NixOS source
|
||||
tree contains several <emphasis>whole-system unit tests</emphasis>.
|
||||
These tests can be run<footnote><para>NixOS tests can be run both from
|
||||
NixOS and from a non-NixOS GNU/Linux distribution, provided the Nix
|
||||
package manager is installed.</para></footnote> from the NixOS source
|
||||
tree as follows:
|
||||
<para>When you add some feature to NixOS, you should write a test for
|
||||
it. NixOS tests are kept in the directory <filename
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/tests">nixos/tests</filename>,
|
||||
and are executed (using Nix) by a testing framework that automatically
|
||||
starts one or more virtual machines containing the NixOS system(s)
|
||||
required for the test.</para>
|
||||
|
||||
<simplesect><title>Writing tests</title>
|
||||
|
||||
<para>A NixOS test is a Nix expression that has the following structure:
|
||||
|
||||
<programlisting>
|
||||
import ./make-test.nix {
|
||||
|
||||
# Either the configuration of a single machine:
|
||||
machine =
|
||||
{ config, pkgs, ... }:
|
||||
{ <replaceable>configuration…</replaceable>
|
||||
};
|
||||
|
||||
# Or a set of machines:
|
||||
nodes =
|
||||
{ <replaceable>machine1</replaceable> =
|
||||
{ config, pkgs, ... }: { <replaceable>…</replaceable> };
|
||||
<replaceable>machine2</replaceable> =
|
||||
{ config, pkgs, ... }: { <replaceable>…</replaceable> };
|
||||
…
|
||||
};
|
||||
|
||||
testScript =
|
||||
''
|
||||
<replaceable>Perl code…</replaceable>
|
||||
'';
|
||||
}
|
||||
</programlisting>
|
||||
|
||||
The attribute <literal>testScript</literal> is a bit of Perl code that
|
||||
executes the test (described below). During the test, it will start
|
||||
one or more virtual machines, the configuration of which is described
|
||||
by the attribute <literal>machine</literal> (if you need only one
|
||||
machine in your test) or by the attribute <literal>nodes</literal> (if
|
||||
you need multiple machines). For instance, <filename
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix">login.nix</filename>
|
||||
only needs a single machine to test whether users can log in on the
|
||||
virtual console, whether device ownership is correctly maintained when
|
||||
switching between consoles, and so on. On the other hand, <filename
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/nfs.nix">nfs.nix</filename>,
|
||||
which tests NFS client and server functionality in the Linux kernel
|
||||
(including whether locks are maintained across server crashes),
|
||||
requires three machines: a server and two clients.</para>
|
||||
|
||||
<para>There are a few special NixOS configuration options for test
|
||||
VMs:
|
||||
|
||||
<!-- FIXME: would be nice to generate this automatically. -->
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>virtualisation.memorySize</option></term>
|
||||
<listitem><para>The memory of the VM in
|
||||
megabytes.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>virtualisation.vlans</option></term>
|
||||
<listitem><para>The virtual networks to which the VM is
|
||||
connected. See <filename
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/nat.nix">nat.nix</filename>
|
||||
for an example.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>virtualisation.writableStore</option></term>
|
||||
<listitem><para>By default, the Nix store in the VM is not
|
||||
writable. If you enable this option, a writable union file system
|
||||
is mounted on top of the Nix store to make it appear
|
||||
writable. This is necessary for tests that run Nix operations that
|
||||
modify the store.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
For more options, see the module <filename
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/qemu-vm.nix">qemu-vm.nix</filename>.</para>
|
||||
|
||||
<para>The test script is a sequence of Perl statements that perform
|
||||
various actions, such as starting VMs, executing commands in the VMs,
|
||||
and so on. Each virtual machine is represented as an object stored in
|
||||
the variable <literal>$<replaceable>name</replaceable></literal>,
|
||||
where <replaceable>name</replaceable> is the identifier of the machine
|
||||
(which is just <literal>machine</literal> if you didn’t specify
|
||||
multiple machines using the <literal>nodes</literal> attribute). For
|
||||
instance, the following starts the machine, waits until it has
|
||||
finished booting, then executes a command and checks that the output
|
||||
is more-or-less correct:
|
||||
|
||||
<programlisting>
|
||||
$machine->start;
|
||||
$machine->waitForUnit("default.target");
|
||||
$machine->succeed("uname") =~ /Linux/;
|
||||
</programlisting>
|
||||
|
||||
The first line is actually unnecessary; machines are implicitly
|
||||
started when you first execute an action on them (such as
|
||||
<literal>waitForUnit</literal> or <literal>succeed</literal>). If you
|
||||
have multiple machines, you can speed up the test by starting them in
|
||||
parallel:
|
||||
|
||||
<programlisting>
|
||||
startAll;
|
||||
</programlisting>
|
||||
|
||||
</para>
|
||||
|
||||
<para>The following methods are available on machine objects:
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>start</methodname></term>
|
||||
<listitem><para>Start the virtual machine. This method is
|
||||
asynchronous — it does not wait for the machine to finish
|
||||
booting.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>shutdown</methodname></term>
|
||||
<listitem><para>Shut down the machine, waiting for the VM to
|
||||
exit.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>crash</methodname></term>
|
||||
<listitem><para>Simulate a sudden power failure, by telling the VM
|
||||
to exit immediately.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>block</methodname></term>
|
||||
<listitem><para>Simulate unplugging the Ethernet cable that
|
||||
connects the machine to the other machines.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>unblock</methodname></term>
|
||||
<listitem><para>Undo the effect of
|
||||
<methodname>block</methodname>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>screenshot</methodname></term>
|
||||
<listitem><para>Take a picture of the display of the virtual
|
||||
machine, in PNG format. The screenshot is linked from the HTML
|
||||
log.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>sendMonitorCommand</methodname></term>
|
||||
<listitem><para>Send a command to the QEMU monitor. This is rarely
|
||||
used, but allows doing stuff such as attaching virtual USB disks
|
||||
to a running machine.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>sendKeys</methodname></term>
|
||||
<listitem><para>Simulate pressing keys on the virtual keyboard,
|
||||
e.g., <literal>sendKeys("ctrl-alt-delete")</literal>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>sendChars</methodname></term>
|
||||
<listitem><para>Simulate typing a sequence of characters on the
|
||||
virtual keyboard, e.g., <literal>sendKeys("foobar\n")</literal>
|
||||
will type the string <literal>foobar</literal> followed by the
|
||||
Enter key.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>execute</methodname></term>
|
||||
<listitem><para>Execute a shell command, returning a list
|
||||
<literal>(<replaceable>status</replaceable>,
|
||||
<replaceable>stdout</replaceable>)</literal>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>succeed</methodname></term>
|
||||
<listitem><para>Execute a shell command, raising an exception if
|
||||
the exit status is not zero, otherwise returning the standard
|
||||
output.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>fail</methodname></term>
|
||||
<listitem><para>Like <methodname>succeed</methodname>, but raising
|
||||
an exception if the command returns a zero status.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>waitUntilSucceeds</methodname></term>
|
||||
<listitem><para>Repeat a shell command with 1-second intervals
|
||||
until it succeeds.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>waitUntilFails</methodname></term>
|
||||
<listitem><para>Repeat a shell command with 1-second intervals
|
||||
until it fails.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>waitForUnit</methodname></term>
|
||||
<listitem><para>Wait until the specified systemd unit has reached
|
||||
the “active” state.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>waitForFile</methodname></term>
|
||||
<listitem><para>Wait until the specified file
|
||||
exists.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>waitForOpenPort</methodname></term>
|
||||
<listitem><para>Wait until a process is listening on the given TCP
|
||||
port (on <literal>localhost</literal>, at least).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>waitForClosedPort</methodname></term>
|
||||
<listitem><para>Wait until nobody is listening on the given TCP
|
||||
port.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>waitForX</methodname></term>
|
||||
<listitem><para>Wait until the X11 server is accepting
|
||||
connections.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><methodname>waitForWindow</methodname></term>
|
||||
<listitem><para>Wait until an X11 window has appeared whose name
|
||||
matches the given regular expression, e.g.,
|
||||
<literal>waitForWindow(qr/Terminal/)</literal>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
</para>
|
||||
|
||||
</simplesect>
|
||||
|
||||
|
||||
<simplesect><title>Running tests</title>
|
||||
|
||||
<para>You can run tests using <command>nix-build</command>. For
|
||||
example, to run the test <filename
|
||||
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix">login.nix</filename>,
|
||||
you just do:
|
||||
|
||||
<screen>
|
||||
$ nix-build tests/ -A nfs.test
|
||||
$ nix-build '<nixpkgs/nixos/tests/login.nix>'
|
||||
</screen>
|
||||
|
||||
This performs an automated test of the NFS client and server
|
||||
functionality in the Linux kernel, including file locking semantics
|
||||
(e.g., whether locks are maintained across server crashes). It will
|
||||
first build or download all the dependencies of the test (e.g., all
|
||||
packages needed to run a NixOS VM). The test is defined in <link
|
||||
xlink:href="https://nixos.org/repos/nix/nixos/trunk/tests/nfs.nix">
|
||||
<filename>tests/nfs.nix</filename></link>. If the test succeeds,
|
||||
<command>nix-build</command> will place a symlink
|
||||
<filename>./result</filename> in the current directory pointing at the
|
||||
location in the Nix store of the test results (e.g., screenshots, test
|
||||
reports, and so on). In particular, a pretty-printed log of the test
|
||||
is written to <filename>log.html</filename>, which can be viewed using
|
||||
a web browser like this:
|
||||
or, if you don’t want to rely on <envar>NIX_PATH</envar>:
|
||||
|
||||
<screen>
|
||||
$ cd /my/nixpkgs/nixos/tests
|
||||
$ nix-build login.nix
|
||||
…
|
||||
running the VM test script
|
||||
machine: QEMU running (pid 8841)
|
||||
…
|
||||
6 out of 6 tests succeeded
|
||||
</screen>
|
||||
|
||||
After building/downloading all required dependencies, this will
|
||||
perform a build that starts a QEMU/KVM virtual machine containing a
|
||||
NixOS system. The virtual machine mounts the Nix store of the host;
|
||||
this makes VM creation very fast, as no disk image needs to be
|
||||
created. Afterwards, you can view a pretty-printed log of the test:
|
||||
|
||||
<screen>
|
||||
$ firefox result/log.html
|
||||
</screen>
|
||||
|
||||
</para>
|
||||
|
||||
<para>It is also possible to run the test environment interactively,
|
||||
allowing you to experiment with the VMs. For example:
|
||||
|
||||
<screen>
|
||||
$ nix-build tests/ -A nfs.driver
|
||||
$ nix-build login.nix -A driver
|
||||
$ ./result/bin/nixos-run-vms
|
||||
</screen>
|
||||
|
||||
The script <command>nixos-run-vms</command> starts the three virtual
|
||||
machines defined in the NFS test using QEMU/KVM. The root file system
|
||||
of the VMs is created on the fly and kept across VM restarts in
|
||||
The script <command>nixos-run-vms</command> starts the virtual
|
||||
machines defined by test. The root file system of the VMs is created
|
||||
on the fly and kept across VM restarts in
|
||||
<filename>./</filename><varname>hostname</varname><filename>.qcow2</filename>.</para>
|
||||
|
||||
<para>Finally, the test itself can be run interactively. This is
|
||||
@ -811,17 +1065,11 @@ starting VDE switch for network 1
|
||||
>
|
||||
</screen>
|
||||
|
||||
Perl statements can now be typed in to start or manipulate the VMs:
|
||||
You can then take any Perl statement, e.g.
|
||||
|
||||
<screen>
|
||||
> startAll;
|
||||
(the VMs start booting)
|
||||
> $server->waitForJob("nfs-kernel-nfsd");
|
||||
> $client1->succeed("flock -x /data/lock -c 'sleep 100000' &");
|
||||
> $client2->fail("flock -n -s /data/lock true");
|
||||
> $client1->shutdown;
|
||||
(this releases client1's lock)
|
||||
> $client2->succeed("flock -n -s /data/lock true");
|
||||
> startAll
|
||||
> $machine->succeed("touch /tmp/foo")
|
||||
</screen>
|
||||
|
||||
The function <command>testScript</command> executes the entire test
|
||||
@ -829,54 +1077,7 @@ script and drops you back into the test driver command line upon its
|
||||
completion. This allows you to inspect the state of the VMs after the
|
||||
test (e.g. to debug the test script).</para>
|
||||
|
||||
<para>This and other tests are continuously run on <link
|
||||
xlink:href="http://hydra.nixos.org/jobset/nixos/trunk">the Hydra
|
||||
instance at <literal>nixos.org</literal></link>, which allows
|
||||
developers to be notified of any regressions introduced by a NixOS or
|
||||
Nixpkgs change.</para>
|
||||
|
||||
<para>The actual Nix programming interface to VM testing is in NixOS,
|
||||
under <link
|
||||
xlink:href="https://nixos.org/repos/nix/nixos/trunk/lib/testing.nix">
|
||||
<filename>lib/testing.nix</filename></link>. This file defines a
|
||||
function which takes an attribute set containing a
|
||||
<literal>nixpkgs</literal> attribute (the path to a Nixpkgs checkout),
|
||||
and a <literal>system</literal> attribute (the system type). It
|
||||
returns an attribute set containing several utility functions, among
|
||||
which the main entry point is <literal>makeTest</literal>.
|
||||
</para>
|
||||
|
||||
<para>The <literal>makeTest</literal> function takes a function
|
||||
similar to that found in <link
|
||||
xlink:href="https://nixos.org/repos/nix/nixos/trunk/tests/nfs.nix">
|
||||
<filename>tests/nfs.nix</filename></link> (discussed above). It
|
||||
returns an attribute set containing (among others):
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>test</varname></term>
|
||||
<listitem><para>A derivation containing the test log as an HTML
|
||||
file, as seen above, suitable for presentation in the Hydra
|
||||
continuous build system.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>report</varname></term>
|
||||
<listitem><para>A derivation containing a code coverage report, with
|
||||
meta-data suitable for Hydra.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>driver</varname></term>
|
||||
<listitem><para>A derivation containing scripts to run the VM test or
|
||||
interact with the VM network interactively, as seen above.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
</para>
|
||||
</simplesect>
|
||||
|
||||
</section>
|
||||
|
||||
|
@ -1,12 +1,13 @@
|
||||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xml:id="ch-installation">
|
||||
|
||||
<title>Installing NixOS</title>
|
||||
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section>
|
||||
<section xml:id="sec-obtaining">
|
||||
|
||||
<title>Obtaining NixOS</title>
|
||||
|
||||
@ -50,7 +51,7 @@ running NixOS system through several other means:
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section>
|
||||
<section xml:id="sec-installation">
|
||||
|
||||
<title>Installation</title>
|
||||
|
||||
@ -295,8 +296,74 @@ $ reboot</screen>
|
||||
}</screen>
|
||||
</example>
|
||||
|
||||
<section xml:id="sec-uefi-installation">
|
||||
|
||||
<title>UEFI Installation</title>
|
||||
|
||||
<para>NixOS can also be installed on UEFI systems. The procedure
|
||||
is by and large the same as a BIOS installation, with the following
|
||||
changes:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>You should boot the live CD in UEFI mode (consult your
|
||||
specific hardware's documentation for instructions).</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>Instead of <command>fdisk</command>, you should use
|
||||
<command>gdisk</command> to partition your disks. You will need to
|
||||
have a separate partition for <filename>/boot</filename> with
|
||||
partition code EF00, and it should be formatted as a
|
||||
<literal>vfat</literal> filesystem.</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>You must set <option>boot.loader.gummiboot.enable</option> to
|
||||
<literal>true</literal>, and <option>boot.loader.grub.enable</option>
|
||||
to <literal>false</literal>. <command>nixos-generate-config</command>
|
||||
should do this automatically for new configurations when booted in
|
||||
UEFI mode.</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>You may want to look at the options starting with
|
||||
<option>boot.loader.efi</option> and <option>boot.loader.gummiboot</option>
|
||||
as well.</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>To see console messages during early boot, add <literal>"fbcon"</literal>
|
||||
to your <option>boot.initrd.kernelModules</option>.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</para>
|
||||
|
||||
</section>
|
||||
|
||||
<section>
|
||||
|
||||
<title xml:id="sec-booting-from-usb">Booting from a USB stick</title>
|
||||
|
||||
<para>For systems withoua CD drive, the NixOS livecd can be booted from
|
||||
a usb stick. For non-UEFI installations,
|
||||
<link xlink:href="http://unetbootin.sourceforge.net/">unetbootin</link>
|
||||
will work. For UEFI installations, you should mount the ISO, copy its contents
|
||||
verbatim to your drive, then either:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Change the label of the disk partition to the label of the ISO
|
||||
(visible with the blkid command), or</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>Edit <filename>loader/entries/nixos-livecd.conf</filename> on the drive
|
||||
and change the <literal>root=</literal> field in the <literal>options</literal>
|
||||
line to point to your drive (see the documentation on <literal>root=</literal>
|
||||
in <link xlink:href="https://www.kernel.org/doc/Documentation/kernel-parameters.txt">
|
||||
the kernel documentation</link> for more details).</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</para>
|
||||
</section>
|
||||
|
||||
</section>
|
||||
|
||||
|
||||
<!--===============================================================-->
|
||||
|
@ -54,10 +54,14 @@
|
||||
<xi:include href="running.xml" />
|
||||
<!-- <xi:include href="userconfiguration.xml" /> -->
|
||||
<xi:include href="troubleshooting.xml" />
|
||||
<xi:include href="containers.xml" />
|
||||
<xi:include href="development.xml" />
|
||||
<chapter xml:id="ch-options">
|
||||
<title>List of options</title>
|
||||
|
||||
<xi:include href="release-notes.xml" />
|
||||
|
||||
<appendix xml:id="ch-options">
|
||||
<title>Configuration options</title>
|
||||
<xi:include href="options-db.xml" />
|
||||
</chapter>
|
||||
</appendix>
|
||||
|
||||
</book>
|
||||
|
@ -18,15 +18,13 @@
|
||||
<variablelist>
|
||||
|
||||
<xsl:for-each select="attrs">
|
||||
|
||||
<xsl:variable name="id" select="concat('opt-', str:replace(str:replace(str:replace(str:replace(attr[@name = 'name']/string/@value, '*', '_'), '<', '_'), '>', '_'), '?', '_'))" />
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>
|
||||
<xsl:for-each select="attr[@name = 'name']/string">
|
||||
<xsl:value-of select="@value" />
|
||||
<xsl:if test="position() != last()">.</xsl:if>
|
||||
</xsl:for-each>
|
||||
</option>
|
||||
<term xlink:href="#{$id}">
|
||||
<xsl:attribute name="xml:id"><xsl:value-of select="$id"/></xsl:attribute>
|
||||
<option>
|
||||
<xsl:value-of select="attr[@name = 'name']/string/@value" />
|
||||
</option>
|
||||
</term>
|
||||
|
||||
<listitem>
|
||||
|
84
nixos/doc/manual/release-notes.xml
Normal file
84
nixos/doc/manual/release-notes.xml
Normal file
@ -0,0 +1,84 @@
|
||||
<appendix xmlns="http://docbook.org/ns/docbook"
|
||||
xml:id="ch-release-notes">
|
||||
|
||||
<title>Release notes</title>
|
||||
|
||||
<!--==================================================================-->
|
||||
|
||||
<section xml:id="sec-release-14.04">
|
||||
|
||||
<title>Release 14.04 (“Baboon”, 2014/04/??)</title>
|
||||
|
||||
<para>This is the second stable release branch of NixOS. The main
|
||||
enhancements are the following:
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>Installation on UEFI systems is now supported. See
|
||||
<xref linkend="sec-uefi-installation"/> for
|
||||
details.</para></listitem>
|
||||
|
||||
<listitem><para>NixOS is now based on Glibc 2.19 and GCC
|
||||
4.8.</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
</para>
|
||||
|
||||
<para>When upgrading from a previous release, please be aware of the
|
||||
following incompatible changes:
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>Nixpkgs no longer exposes unfree packages by
|
||||
default. If your NixOS configuration requires unfree packages from
|
||||
Nixpkgs, you need to enable support for them explicitly by setting:
|
||||
|
||||
<programlisting>
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
</programlisting>
|
||||
|
||||
Otherwise, you get an error message such as:
|
||||
|
||||
<screen>
|
||||
error: package ‘nvidia-x11-331.49-3.12.17’ in ‘…/nvidia-x11/default.nix:56’
|
||||
has an unfree license, refusing to evaluate
|
||||
</screen>
|
||||
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>The firewall is now enabled by default. If you don’t
|
||||
want this, you need to disable it explicitly:
|
||||
|
||||
<programlisting>
|
||||
networking.firewall.enable = false;
|
||||
</programlisting>
|
||||
|
||||
</para></listitem>
|
||||
|
||||
<listitem><para>The option
|
||||
<option>boot.loader.grub.memtest86</option> has been renamed to
|
||||
<option>boot.loader.grub.memtest86.enable</option>.</para></listitem>
|
||||
|
||||
<listitem><para>The <literal>mysql55</literal> service has been
|
||||
merged into the <literal>mysql</literal> service, which no longer
|
||||
sets a default for the option
|
||||
<option>services.mysql.package</option>.</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
</para>
|
||||
|
||||
</section>
|
||||
|
||||
<!--==================================================================-->
|
||||
|
||||
<section xml:id="sec-release-13.10">
|
||||
|
||||
<title>Release 13.10 (“Aardvark”, 2013/10/31)</title>
|
||||
|
||||
<para>This is the first stable release branch of NixOS.</para>
|
||||
|
||||
</section>
|
||||
|
||||
</appendix>
|
@ -11,7 +11,7 @@ service manager.</para>
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Service management</title>
|
||||
<section xml:id="sec-systemctl"><title>Service management</title>
|
||||
|
||||
<para>In NixOS, all system services are started and monitored using
|
||||
the systemd program. Systemd is the “init” process of the system
|
||||
@ -92,7 +92,7 @@ necessary).</para>
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Rebooting and shutting down</title>
|
||||
<section xml:id="sec-rebooting"><title>Rebooting and shutting down</title>
|
||||
|
||||
<para>The system can be shut down (and automatically powered off) by
|
||||
doing:
|
||||
@ -134,7 +134,7 @@ authentication.</para>
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>User sessions</title>
|
||||
<section xml:id="sec-user-sessions"><title>User sessions</title>
|
||||
|
||||
<para>Systemd keeps track of all users who are logged into the system
|
||||
(e.g. on a virtual console or remotely via SSH). The command
|
||||
@ -185,7 +185,7 @@ $ loginctl terminate-session c3
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Control groups</title>
|
||||
<section xml:id="sec-cgroups"><title>Control groups</title>
|
||||
|
||||
<para>To keep track of the processes in a running system, systemd uses
|
||||
<emphasis>control groups</emphasis> (cgroups). A control group is a
|
||||
@ -258,7 +258,7 @@ usage.</para>
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Logging</title>
|
||||
<section xml:id="sec-logging"><title>Logging</title>
|
||||
|
||||
<para>System-wide logging is provided by systemd’s
|
||||
<emphasis>journal</emphasis>, which subsumes traditional logging
|
||||
@ -308,7 +308,7 @@ groups. All users have a private journal that can be read using
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Cleaning up the Nix store</title>
|
||||
<section xml:id="sec-nix-gc"><title>Cleaning up the Nix store</title>
|
||||
|
||||
<para>Nix has a purely functional model, meaning that packages are
|
||||
never upgraded in place. Instead new versions of packages end up in a
|
||||
|
@ -1,12 +1,13 @@
|
||||
<chapter xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
xml:id="ch-troubleshooting">
|
||||
|
||||
<title>Troubleshooting</title>
|
||||
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Boot problems</title>
|
||||
<section xml:id="sec-boot-problems"><title>Boot problems</title>
|
||||
|
||||
<para>If NixOS fails to boot, there are a number of kernel command
|
||||
line parameters that may help you to identify or fix the issue. You
|
||||
@ -69,7 +70,7 @@ unless something is very wrong.)</para>
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Maintenance mode</title>
|
||||
<section xml:id="sec-maintenance-mode"><title>Maintenance mode</title>
|
||||
|
||||
<para>You can enter rescue mode by running:
|
||||
|
||||
@ -85,7 +86,7 @@ just exit from the rescue shell.</para>
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Rolling back configuration changes</title>
|
||||
<section xml:id="sec-rollback"><title>Rolling back configuration changes</title>
|
||||
|
||||
<para>After running <command>nixos-rebuild</command> to switch to a
|
||||
new configuration, you may find that the new configuration doesn’t
|
||||
@ -131,7 +132,7 @@ lrwxrwxrwx 1 root root 78 Aug 12 13:54 /nix/var/nix/profiles/system-268-link ->
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Nix store corruption</title>
|
||||
<section xml:id="sec-nix-store-corruption"><title>Nix store corruption</title>
|
||||
|
||||
<para>After a system crash, it’s possible for files in the Nix store
|
||||
to become corrupted. (For instance, the Ext4 file system has the
|
||||
@ -166,7 +167,7 @@ binary cache; otherwise, they cannot be repaired.</para>
|
||||
|
||||
<!--===============================================================-->
|
||||
|
||||
<section><title>Nix network issues</title>
|
||||
<section xml:id="sec-nix-network-issues"><title>Nix network issues</title>
|
||||
|
||||
<para>Nix uses a so-called <emphasis>binary cache</emphasis> to
|
||||
optimise building a package from source into downloading it as a
|
||||
|
@ -26,10 +26,15 @@ rec {
|
||||
|
||||
# These are the extra arguments passed to every module. In
|
||||
# particular, Nixpkgs is passed through the "pkgs" argument.
|
||||
# FIXME: we enable config.allowUnfree to make packages like
|
||||
# nvidia-x11 available. This isn't a problem because if the user has
|
||||
# ‘nixpkgs.config.allowUnfree = false’, then evaluation will fail on
|
||||
# the 64-bit package anyway. However, it would be cleaner to respect
|
||||
# nixpkgs.config here.
|
||||
extraArgs = extraArgs_ // {
|
||||
inherit pkgs modules baseModules;
|
||||
modulesPath = ../modules;
|
||||
pkgs_i686 = import ./nixpkgs.nix { system = "i686-linux"; };
|
||||
pkgs_i686 = import ./nixpkgs.nix { system = "i686-linux"; config.allowUnfree = true; };
|
||||
utils = import ./utils.nix pkgs;
|
||||
};
|
||||
|
||||
@ -53,7 +58,7 @@ rec {
|
||||
inherit system extraArgs modules prefix;
|
||||
# For efficiency, leave out most NixOS modules; they don't
|
||||
# define nixpkgs.config, so it's pointless to evaluate them.
|
||||
baseModules = [ ../modules/misc/nixpkgs.nix ];
|
||||
baseModules = [ ../modules/misc/nixpkgs.nix ../modules/config/no-x-libs.nix ];
|
||||
pkgs = import ./nixpkgs.nix { system = system_; config = {}; };
|
||||
check = false;
|
||||
}).config.nixpkgs;
|
||||
|
@ -495,7 +495,9 @@ sub waitForX {
|
||||
my ($self, $regexp) = @_;
|
||||
$self->nest("waiting for the X11 server", sub {
|
||||
retry sub {
|
||||
my ($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1");
|
||||
my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'session opened'");
|
||||
return 0 if $status != 0;
|
||||
($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1");
|
||||
return 1 if $status == 0;
|
||||
}
|
||||
});
|
||||
|
@ -144,6 +144,13 @@ sub runTests {
|
||||
}
|
||||
});
|
||||
|
||||
$log->nest("syncing", sub {
|
||||
foreach my $vm (values %vms) {
|
||||
next unless $vm->isUp();
|
||||
$vm->execute("sync");
|
||||
}
|
||||
});
|
||||
|
||||
if ($nrTests != 0) {
|
||||
$log->log("$nrSucceeded out of $nrTests tests succeeded",
|
||||
($nrSucceeded < $nrTests ? { error => 1 } : { }));
|
||||
|
@ -67,103 +67,55 @@ rec {
|
||||
};
|
||||
|
||||
|
||||
# Generate a coverage report from the coverage data produced by
|
||||
# runTests.
|
||||
makeReport = x: runCommand "report" { buildInputs = [rsync]; }
|
||||
''
|
||||
mkdir -p $TMPDIR/gcov/
|
||||
makeTest =
|
||||
{ testScript, makeCoverageReport ? false, ... } @ t:
|
||||
|
||||
for d in ${x}/coverage-data/*; do
|
||||
echo "doing $d"
|
||||
[ -n "$(ls -A "$d")" ] || continue
|
||||
let
|
||||
|
||||
for i in $(cd $d/nix/store && ls); do
|
||||
if ! test -e $TMPDIR/gcov/nix/store/$i; then
|
||||
echo "copying $i"
|
||||
mkdir -p $TMPDIR/gcov/$(echo $i | cut -c34-)
|
||||
rsync -rv /nix/store/$i/.build/* $TMPDIR/gcov/
|
||||
fi
|
||||
done
|
||||
nodes = buildVirtualNetwork (
|
||||
t.nodes or (if t ? machine then { machine = t.machine; } else { }));
|
||||
|
||||
chmod -R u+w $TMPDIR/gcov
|
||||
testScript' =
|
||||
# Call the test script with the computed nodes.
|
||||
if builtins.isFunction testScript
|
||||
then testScript { inherit nodes; }
|
||||
else testScript;
|
||||
|
||||
find $TMPDIR/gcov -name "*.gcda" -exec rm {} \;
|
||||
vlans = map (m: m.config.virtualisation.vlans) (lib.attrValues nodes);
|
||||
|
||||
for i in $(cd $d/nix/store && ls); do
|
||||
rsync -rv $d/nix/store/$i/.build/* $TMPDIR/gcov/
|
||||
done
|
||||
vms = map (m: m.config.system.build.vm) (lib.attrValues nodes);
|
||||
|
||||
find $TMPDIR/gcov -name "*.gcda" -exec chmod 644 {} \;
|
||||
# Generate onvenience wrappers for running the test driver
|
||||
# interactively with the specified network, and for starting the
|
||||
# VMs from the command line.
|
||||
driver = runCommand "nixos-test-driver"
|
||||
{ buildInputs = [ makeWrapper];
|
||||
testScript = testScript';
|
||||
preferLocalBuild = true;
|
||||
}
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
echo "$testScript" > $out/test-script
|
||||
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/
|
||||
vms="$(for i in ${toString vms}; do echo $i/bin/run-*-vm; done)"
|
||||
wrapProgram $out/bin/nixos-test-driver \
|
||||
--add-flags "$vms" \
|
||||
--run "testScript=\"\$(cat $out/test-script)\"" \
|
||||
--set testScript '"$testScript"' \
|
||||
--set VLANS '"${toString vlans}"'
|
||||
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms
|
||||
wrapProgram $out/bin/nixos-run-vms \
|
||||
--add-flags "$vms" \
|
||||
--set tests '"startAll; joinAll;"' \
|
||||
--set VLANS '"${toString vlans}"' \
|
||||
${lib.optionalString (builtins.length vms == 1) "--set USE_SERIAL 1"}
|
||||
''; # "
|
||||
|
||||
echo "producing info..."
|
||||
${pkgs.lcov}/bin/geninfo --ignore-errors source,gcov $TMPDIR/gcov --output-file $TMPDIR/app.info
|
||||
cat $TMPDIR/app.info >> $TMPDIR/full.info
|
||||
done
|
||||
test = runTests driver;
|
||||
|
||||
echo "making report..."
|
||||
mkdir -p $out/coverage
|
||||
${pkgs.lcov}/bin/genhtml --show-details $TMPDIR/full.info -o $out/coverage
|
||||
cp $TMPDIR/full.info $out/coverage/
|
||||
report = releaseTools.gcovReport { coverageRuns = [ test ]; };
|
||||
|
||||
mkdir -p $out/nix-support
|
||||
cat ${x}/nix-support/hydra-build-products >> $out/nix-support/hydra-build-products
|
||||
echo "report coverage $out/coverage" >> $out/nix-support/hydra-build-products
|
||||
[ ! -e ${x}/nix-support/failed ] || touch $out/nix-support/failed
|
||||
''; # */
|
||||
|
||||
|
||||
makeTest = testFun: complete (call testFun);
|
||||
makeTests = testsFun: lib.mapAttrs (name: complete) (call testsFun);
|
||||
|
||||
apply = makeTest; # compatibility
|
||||
call = f: f { inherit pkgs system; };
|
||||
|
||||
complete = t: t // rec {
|
||||
nodes = buildVirtualNetwork (
|
||||
if t ? nodes then t.nodes else
|
||||
if t ? machine then { machine = t.machine; }
|
||||
else { } );
|
||||
|
||||
testScript =
|
||||
# Call the test script with the computed nodes.
|
||||
if builtins.isFunction t.testScript
|
||||
then t.testScript { inherit nodes; }
|
||||
else t.testScript;
|
||||
|
||||
vlans = map (m: m.config.virtualisation.vlans) (lib.attrValues nodes);
|
||||
|
||||
vms = map (m: m.config.system.build.vm) (lib.attrValues nodes);
|
||||
|
||||
# Generate onvenience wrappers for running the test driver
|
||||
# interactively with the specified network, and for starting the
|
||||
# VMs from the command line.
|
||||
driver = runCommand "nixos-test-driver"
|
||||
{ buildInputs = [ makeWrapper];
|
||||
inherit testScript;
|
||||
preferLocalBuild = true;
|
||||
}
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
echo "$testScript" > $out/test-script
|
||||
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/
|
||||
vms="$(for i in ${toString vms}; do echo $i/bin/run-*-vm; done)"
|
||||
wrapProgram $out/bin/nixos-test-driver \
|
||||
--add-flags "$vms" \
|
||||
--run "testScript=\"\$(cat $out/test-script)\"" \
|
||||
--set testScript '"$testScript"' \
|
||||
--set VLANS '"${toString vlans}"'
|
||||
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms
|
||||
wrapProgram $out/bin/nixos-run-vms \
|
||||
--add-flags "$vms" \
|
||||
--set tests '"startAll; joinAll;"' \
|
||||
--set VLANS '"${toString vlans}"' \
|
||||
${lib.optionalString (builtins.length vms == 1) "--set USE_SERIAL 1"}
|
||||
''; # "
|
||||
|
||||
test = runTests driver;
|
||||
|
||||
report = makeReport test;
|
||||
};
|
||||
in (if makeCoverageReport then report else test) // { inherit driver test; };
|
||||
|
||||
|
||||
runInMachine =
|
||||
@ -193,7 +145,7 @@ rec {
|
||||
exit $?
|
||||
'';
|
||||
|
||||
testscript = ''
|
||||
testScript = ''
|
||||
startAll;
|
||||
$client->waitForUnit("multi-user.target");
|
||||
${preBuild}
|
||||
@ -206,7 +158,7 @@ rec {
|
||||
${coreutils}/bin/mkdir $out
|
||||
${coreutils}/bin/mkdir -p vm-state-client/xchg
|
||||
export > vm-state-client/xchg/saved-env
|
||||
export tests='${testscript}'
|
||||
export tests='${testScript}'
|
||||
${testDriver}/bin/nixos-test-driver ${vm.config.system.build.vm}/bin/run-*-vm
|
||||
''; # */
|
||||
|
||||
|
@ -203,7 +203,7 @@ f = open("{0}.{1}.ami-id".format(args.region, image_type), "w")
|
||||
f.write("{0}".format(ami_id))
|
||||
f.close()
|
||||
|
||||
for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1']:
|
||||
for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'sa-east-1']:
|
||||
if args.region != dest:
|
||||
print >> sys.stderr, "copying image from region {0} to {1}".format(args.region, dest)
|
||||
conn = boto.ec2.connect_to_region(dest)
|
||||
|
14
nixos/maintainers/scripts/gce/create-gce.sh
Executable file
14
nixos/maintainers/scripts/gce/create-gce.sh
Executable file
@ -0,0 +1,14 @@
|
||||
#! /bin/sh -e
|
||||
|
||||
export NIX_PATH=nixpkgs=../../../..
|
||||
export NIXOS_CONFIG=$(dirname $(readlink -f $0))/../../../modules/virtualisation/google-compute-image.nix
|
||||
export TIMESTAMP=$(date +%Y%m%d%H%M)
|
||||
|
||||
nix-build '<nixpkgs/nixos>' \
|
||||
-A config.system.build.googleComputeImage --argstr system x86_64-linux -o gce --option extra-binary-caches http://hydra.nixos.org -j 10
|
||||
|
||||
img=$(echo gce/*.tar.gz)
|
||||
if ! gsutil ls gs://nixos/$(basename $img); then
|
||||
gsutil cp $img gs://nixos/$(basename $img)
|
||||
fi
|
||||
gcutil addimage $(basename $img .raw.tar.gz | sed 's|\.|-|' | sed 's|_|-|') gs://nixos/$(basename $img)
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
options = {
|
||||
@ -36,7 +36,7 @@ with pkgs.lib;
|
||||
# GNU lsh.
|
||||
services.openssh.enable = false;
|
||||
services.lshd.enable = true;
|
||||
services.xserver.startOpenSSHAgent = false;
|
||||
programs.ssh.startAgent = false;
|
||||
services.xserver.startGnuPGAgent = true;
|
||||
|
||||
# TODO: GNU dico.
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
@ -53,7 +53,11 @@ in
|
||||
};
|
||||
|
||||
consoleKeyMap = mkOption {
|
||||
type = types.str;
|
||||
type = mkOptionType {
|
||||
name = "string or path";
|
||||
check = t: (isString t || types.path.check t);
|
||||
};
|
||||
|
||||
default = "us";
|
||||
example = "fr";
|
||||
description = ''
|
||||
@ -72,7 +76,12 @@ in
|
||||
|
||||
environment.systemPackages = [ glibcLocales ];
|
||||
|
||||
environment.variables.LANG = config.i18n.defaultLocale;
|
||||
environment.variables =
|
||||
{ LANG = config.i18n.defaultLocale;
|
||||
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
|
||||
};
|
||||
|
||||
systemd.globalEnvironment.LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
|
||||
|
||||
# ‘/etc/locale.conf’ is used by systemd.
|
||||
environment.etc = singleton
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
with pkgs;
|
||||
|
||||
let
|
||||
|
@ -1,8 +1,8 @@
|
||||
# /etc files related to networking, such as /etc/services.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -1,6 +1,9 @@
|
||||
{ config, pkgs, ... }:
|
||||
# This module gets rid of all dependencies on X11 client libraries
|
||||
# (including fontconfig).
|
||||
|
||||
with pkgs.lib;
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
options = {
|
||||
@ -8,18 +11,22 @@ with pkgs.lib;
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Switch off the options in the default configuration that require X libraries.
|
||||
Currently this includes: ssh X11 forwarding, dbus, fonts.enableCoreFonts,
|
||||
fonts.enableFontConfig
|
||||
Switch off the options in the default configuration that
|
||||
require X11 libraries. This includes client-side font
|
||||
configuration and SSH forwarding of X11 authentication
|
||||
in. Thus, you probably do not want to enable this option if
|
||||
you want to run X11 programs on this machine via SSH.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.environment.noXlibs {
|
||||
programs.ssh.setXAuthLocation = false;
|
||||
fonts = {
|
||||
enableCoreFonts = false;
|
||||
enableFontConfig = false;
|
||||
};
|
||||
security.pam.services.su.forwardXAuth = lib.mkForce false;
|
||||
|
||||
fonts.enableFontConfig = false;
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs:
|
||||
{ dbus = pkgs.dbus.override { useX11 = false; }; };
|
||||
};
|
||||
}
|
||||
|
@ -1,8 +1,8 @@
|
||||
# Configuration for the Name Service Switch (/etc/nsswitch.conf).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
@ -65,14 +65,7 @@ in
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
# Enable the ACPI daemon. Not sure whether this is essential.
|
||||
services.acpid.enable = true;
|
||||
|
||||
boot.kernelModules =
|
||||
[ "acpi_cpufreq" "powernow-k8" "cpufreq_performance" "cpufreq_powersave" "cpufreq_ondemand"
|
||||
"cpufreq_conservative"
|
||||
];
|
||||
|
||||
# FIXME: Implement powersave governor for sandy bridge or later Intel CPUs
|
||||
powerManagement.cpuFreqGovernor = mkDefault "ondemand";
|
||||
powerManagement.scsiLinkPolicy = mkDefault "min_power";
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
with pkgs;
|
||||
|
||||
let
|
||||
@ -77,7 +77,7 @@ in {
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.path;
|
||||
type = types.package;
|
||||
default = pulseaudio;
|
||||
example = literalExample "pulseaudio.override { jackaudioSupport = true; }";
|
||||
description = ''
|
||||
|
@ -1,9 +1,9 @@
|
||||
# This module defines a global environment configuration and
|
||||
# a common configuration for all shells.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, utils, ... }:
|
||||
{ config, lib, pkgs, utils, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
with utils;
|
||||
|
||||
{
|
||||
|
@ -1,12 +1,12 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
sysctlOption = mkOptionType {
|
||||
name = "sysctl option value";
|
||||
check = x: isBool x || isString x || isInt x;
|
||||
check = x: isBool x || isString x || isInt x || isNull x;
|
||||
merge = args: defs: (last defs).value; # FIXME: hacky way to allow overriding in configuration.nix.
|
||||
};
|
||||
|
||||
@ -29,8 +29,9 @@ in
|
||||
<manvolnum>8</manvolnum></citerefentry>. Note that sysctl
|
||||
parameters names must be enclosed in quotes
|
||||
(e.g. <literal>"vm.swappiness"</literal> instead of
|
||||
<literal>vm.swappiness</literal>). The value of each parameter
|
||||
may be a string, integer or Boolean.
|
||||
<literal>vm.swappiness</literal>). The value of each
|
||||
parameter may be a string, integer, boolean, or null
|
||||
(signifying the option will not appear at all).
|
||||
'';
|
||||
};
|
||||
|
||||
@ -39,22 +40,13 @@ in
|
||||
config = {
|
||||
|
||||
environment.etc."sysctl.d/nixos.conf".text =
|
||||
concatStrings (mapAttrsToList (n: v: "${n}=${if v == false then "0" else toString v}\n") config.boot.kernel.sysctl);
|
||||
concatStrings (mapAttrsToList (n: v:
|
||||
optionalString (v != null) "${n}=${if v == false then "0" else toString v}\n"
|
||||
) config.boot.kernel.sysctl);
|
||||
|
||||
systemd.services.systemd-sysctl =
|
||||
{ description = "Apply Kernel Variables";
|
||||
before = [ "sysinit.target" "shutdown.target" ];
|
||||
wantedBy = [ "sysinit.target" "multi-user.target" ];
|
||||
{ wantedBy = [ "multi-user.target" ];
|
||||
restartTriggers = [ config.environment.etc."sysctl.d/nixos.conf".source ];
|
||||
unitConfig = {
|
||||
DefaultDependencies = false; # needed to prevent a cycle
|
||||
ConditionPathIsReadWrite = "/proc/sys/"; # prevent systemd-sysctl in containers
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = "${config.systemd.package}/lib/systemd/systemd-sysctl";
|
||||
};
|
||||
};
|
||||
|
||||
# Enable hardlink and symlink restrictions. See
|
||||
@ -65,8 +57,9 @@ in
|
||||
|
||||
# Hide kernel pointers (e.g. in /proc/modules) for unprivileged
|
||||
# users as these make it easier to exploit kernel vulnerabilities.
|
||||
boot.kernel.sysctl."kernel.kptr_restrict" = 1;
|
||||
|
||||
#
|
||||
# Removed under grsecurity.
|
||||
boot.kernel.sysctl."kernel.kptr_restrict" =
|
||||
if config.security.grsecurity.enable then null else 1;
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -1,9 +1,9 @@
|
||||
# This module defines the packages that appear in
|
||||
# /run/current-system/sw.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
@ -46,6 +46,7 @@ let
|
||||
pkgs.rsync
|
||||
pkgs.strace
|
||||
pkgs.sysvtools
|
||||
pkgs.su
|
||||
pkgs.time
|
||||
pkgs.usbutils
|
||||
pkgs.utillinux
|
||||
@ -134,6 +135,10 @@ in
|
||||
if [ -x $out/bin/glib-compile-schemas -a -w $out/share/glib-2.0/schemas ]; then
|
||||
$out/bin/glib-compile-schemas $out/share/glib-2.0/schemas
|
||||
fi
|
||||
|
||||
if [ -x $out/bin/update-desktop-database -a -w $out/share/applications ]; then
|
||||
$out/bin/update-desktop-database $out/share/applications
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
options = {
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
# unixODBC drivers (this solution is not perfect.. Because the user has to
|
||||
# ask the admin to add a driver.. but it's simple and works
|
||||
|
@ -1,11 +1,32 @@
|
||||
{pkgs, config, ...}:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
ids = config.ids;
|
||||
users = config.users;
|
||||
cfg = config.users;
|
||||
|
||||
nonUidUsers = filterAttrs (n: u: u.createUser && u.uid == null) cfg.extraUsers;
|
||||
nonGidGroups = filterAttrs (n: g: g.gid == null) cfg.extraGroups;
|
||||
|
||||
passwordDescription = ''
|
||||
The options <literal>hashedPassword</literal>,
|
||||
<literal>password</literal> and <literal>passwordFile</literal>
|
||||
controls what password is set for the user.
|
||||
<literal>hashedPassword</literal> overrides both
|
||||
<literal>password</literal> and <literal>passwordFile</literal>.
|
||||
<literal>password</literal> overrides <literal>passwordFile</literal>.
|
||||
If none of these three options are set, no password is assigned to
|
||||
the user, and the user will not be able to do password logins.
|
||||
If the option <literal>users.mutableUsers</literal> is true, the
|
||||
password defined in one of the three options will only be set when
|
||||
the user is created for the first time. After that, you are free to
|
||||
change the password with the ordinary user management commands. If
|
||||
<literal>users.mutableUsers</literal> is false, you cannot change
|
||||
user passwords, they will always be set according to the password
|
||||
options.
|
||||
'';
|
||||
|
||||
userOpts = { name, config, ... }: {
|
||||
|
||||
@ -13,7 +34,10 @@ let
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
description = "The name of the user account. If undefined, the name of the attribute set will be used.";
|
||||
description = ''
|
||||
The name of the user account. If undefined, the name of the
|
||||
attribute set will be used.
|
||||
'';
|
||||
};
|
||||
|
||||
description = mkOption {
|
||||
@ -28,9 +52,14 @@ let
|
||||
};
|
||||
|
||||
uid = mkOption {
|
||||
type = with types; uniq (nullOr int);
|
||||
type = with types; nullOr int;
|
||||
default = null;
|
||||
description = "The account UID. If undefined, NixOS will select a free UID.";
|
||||
description = ''
|
||||
The account UID. If the <literal>mutableUsers</literal> option
|
||||
is false, the UID cannot be null. Otherwise, the UID might be
|
||||
null, in which case a free UID is picked on activation (by the
|
||||
useradd command).
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
@ -60,31 +89,54 @@ let
|
||||
createHome = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "If true, the home directory will be created automatically.";
|
||||
description = ''
|
||||
If true, the home directory will be created automatically. If this
|
||||
option is true and the home directory already exists but is not
|
||||
owned by the user, directory owner and group will be changed to
|
||||
match the user.
|
||||
'';
|
||||
};
|
||||
|
||||
useDefaultShell = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "If true, the user's shell will be set to <literal>users.defaultUserShell</literal>.";
|
||||
description = ''
|
||||
If true, the user's shell will be set to
|
||||
<literal>cfg.defaultUserShell</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
hashedPassword = mkOption {
|
||||
type = with types; uniq (nullOr str);
|
||||
default = null;
|
||||
description = ''
|
||||
Specifies the (hashed) password for the user.
|
||||
${passwordDescription}
|
||||
'';
|
||||
};
|
||||
|
||||
password = mkOption {
|
||||
type = with types; uniq (nullOr str);
|
||||
default = null;
|
||||
description = ''
|
||||
The user's password. If undefined, no password is set for
|
||||
the user. Warning: do not set confidential information here
|
||||
because it is world-readable in the Nix store. This option
|
||||
should only be used for public accounts such as
|
||||
<literal>guest</literal>.
|
||||
Specifies the (clear text) password for the user.
|
||||
Warning: do not set confidential information here
|
||||
because it is world-readable in the Nix store. This option
|
||||
should only be used for public accounts.
|
||||
${passwordDescription}
|
||||
'';
|
||||
};
|
||||
|
||||
isSystemUser = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Indicates if the user is a system user or not.";
|
||||
passwordFile = mkOption {
|
||||
type = with types; uniq (nullOr string);
|
||||
default = null;
|
||||
description = ''
|
||||
The path to a file that contains the user's password. The password
|
||||
file is read on each system activation. The file should contain
|
||||
exactly one line, which should be the password in an encrypted form
|
||||
that is suitable for the <literal>chpasswd -e</literal> command.
|
||||
${passwordDescription}
|
||||
'';
|
||||
};
|
||||
|
||||
createUser = mkOption {
|
||||
@ -96,19 +148,11 @@ let
|
||||
then not modify any of the basic properties for the user account.
|
||||
'';
|
||||
};
|
||||
|
||||
isAlias = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "If true, the UID of this user is not required to be unique and can thus alias another user.";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = {
|
||||
name = mkDefault name;
|
||||
uid = mkDefault (attrByPath [name] null ids.uids);
|
||||
shell = mkIf config.useDefaultShell (mkDefault users.defaultUserShell);
|
||||
shell = mkIf config.useDefaultShell (mkDefault cfg.defaultUserShell);
|
||||
};
|
||||
|
||||
};
|
||||
@ -119,41 +163,167 @@ let
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
description = "The name of the group. If undefined, the name of the attribute set will be used.";
|
||||
description = ''
|
||||
The name of the group. If undefined, the name of the attribute set
|
||||
will be used.
|
||||
'';
|
||||
};
|
||||
|
||||
gid = mkOption {
|
||||
type = with types; uniq (nullOr int);
|
||||
type = with types; nullOr int;
|
||||
default = null;
|
||||
description = "The GID of the group. If undefined, NixOS will select a free GID.";
|
||||
description = ''
|
||||
The group GID. If the <literal>mutableUsers</literal> option
|
||||
is false, the GID cannot be null. Otherwise, the GID might be
|
||||
null, in which case a free GID is picked on activation (by the
|
||||
groupadd command).
|
||||
'';
|
||||
};
|
||||
|
||||
members = mkOption {
|
||||
type = with types; listOf string;
|
||||
default = [];
|
||||
description = ''
|
||||
The user names of the group members, added to the
|
||||
<literal>/etc/group</literal> file.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = {
|
||||
name = mkDefault name;
|
||||
gid = mkDefault (attrByPath [name] null ids.gids);
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# Note: the 'X' in front of the password is to distinguish between
|
||||
# having an empty password, and not having a password.
|
||||
serializedUser = u: "${u.name}\n${u.description}\n${if u.uid != null then toString u.uid else ""}\n${u.group}\n${toString (concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}\n${if u.password != null then "X" + u.password else ""}\n${toString u.isSystemUser}\n${toString u.createUser}\n${toString u.isAlias}\n";
|
||||
|
||||
usersFile = pkgs.writeText "users" (
|
||||
getGroup = gname:
|
||||
let
|
||||
p = partition (u: u.isAlias) (attrValues config.users.extraUsers);
|
||||
in concatStrings (map serializedUser p.wrong ++ map serializedUser p.right));
|
||||
groups = mapAttrsToList (n: g: g) (
|
||||
filterAttrs (n: g: g.name == gname) cfg.extraGroups
|
||||
);
|
||||
in
|
||||
if length groups == 1 then head groups
|
||||
else if groups == [] then throw "Group ${gname} not defined"
|
||||
else throw "Group ${gname} has multiple definitions";
|
||||
|
||||
in
|
||||
getUser = uname:
|
||||
let
|
||||
users = mapAttrsToList (n: u: u) (
|
||||
filterAttrs (n: u: u.name == uname) cfg.extraUsers
|
||||
);
|
||||
in
|
||||
if length users == 1 then head users
|
||||
else if users == [] then throw "User ${uname} not defined"
|
||||
else throw "User ${uname} has multiple definitions";
|
||||
|
||||
{
|
||||
mkGroupEntry = gname:
|
||||
let
|
||||
g = getGroup gname;
|
||||
users = mapAttrsToList (n: u: u.name) (
|
||||
filterAttrs (n: u: elem g.name u.extraGroups) cfg.extraUsers
|
||||
);
|
||||
in concatStringsSep ":" [
|
||||
g.name "x" (toString g.gid)
|
||||
(concatStringsSep "," (users ++ (filter (u: !(elem u users)) g.members)))
|
||||
];
|
||||
|
||||
mkPasswdEntry = uname: let u = getUser uname; in
|
||||
concatStringsSep ":" [
|
||||
u.name "x" (toString u.uid)
|
||||
(toString (getGroup u.group).gid)
|
||||
u.description u.home u.shell
|
||||
];
|
||||
|
||||
sortOn = a: sort (as1: as2: lessThan (getAttr a as1) (getAttr a as2));
|
||||
|
||||
groupFile = pkgs.writeText "group" (
|
||||
concatStringsSep "\n" (map (g: mkGroupEntry g.name) (
|
||||
let f = g: g.gid != null; in
|
||||
sortOn "gid" (filter f (attrValues cfg.extraGroups))
|
||||
))
|
||||
);
|
||||
|
||||
passwdFile = pkgs.writeText "passwd" (
|
||||
concatStringsSep "\n" (map (u: mkPasswdEntry u.name) (
|
||||
let f = u: u.createUser && (u.uid != null); in
|
||||
sortOn "uid" (filter f (attrValues cfg.extraUsers))
|
||||
))
|
||||
);
|
||||
|
||||
# If mutableUsers is true, this script adds all users/groups defined in
|
||||
# users.extra{Users,Groups} to /etc/{passwd,group} iff there isn't any
|
||||
# existing user/group with the same name in those files.
|
||||
# If mutableUsers is false, the /etc/{passwd,group} files will simply be
|
||||
# replaced with the users/groups defined in the NixOS configuration.
|
||||
# The merging procedure could certainly be improved, and instead of just
|
||||
# keeping the lines as-is from /etc/{passwd,group} they could be combined
|
||||
# in some way with the generated content from the NixOS configuration.
|
||||
merger = src: pkgs.writeScript "merger" ''
|
||||
#!${pkgs.bash}/bin/bash
|
||||
|
||||
PATH=${pkgs.gawk}/bin:${pkgs.gnugrep}/bin:$PATH
|
||||
|
||||
${if !cfg.mutableUsers
|
||||
then ''cp ${src} $1.tmp''
|
||||
else ''awk -F: '{ print "^"$1":.*" }' $1 | egrep -vf - ${src} | cat $1 - > $1.tmp''
|
||||
}
|
||||
|
||||
# set mtime to +1, otherwise change might go unnoticed (vipw/vigr only looks at mtime)
|
||||
touch -m -t $(date -d @$(($(stat -c %Y $1)+1)) +%Y%m%d%H%M.%S) $1.tmp
|
||||
|
||||
mv -f $1.tmp $1
|
||||
'';
|
||||
|
||||
idsAreUnique = set: idAttr: !(fold (name: args@{ dup, acc }:
|
||||
let
|
||||
id = builtins.toString (builtins.getAttr idAttr (builtins.getAttr name set));
|
||||
exists = builtins.hasAttr id acc;
|
||||
newAcc = acc // (builtins.listToAttrs [ { name = id; value = true; } ]);
|
||||
in if dup then args else if exists
|
||||
then builtins.trace "Duplicate ${idAttr} ${id}" { dup = true; acc = null; }
|
||||
else { dup = false; acc = newAcc; }
|
||||
) { dup = false; acc = {}; } (builtins.attrNames set)).dup;
|
||||
|
||||
uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.extraUsers) "uid";
|
||||
gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.extraGroups) "gid";
|
||||
|
||||
in {
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
users.mutableUsers = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
If true, you are free to add new users and groups to the system
|
||||
with the ordinary <literal>useradd</literal> and
|
||||
<literal>groupadd</literal> commands. On system activation, the
|
||||
existing contents of the <literal>/etc/passwd</literal> and
|
||||
<literal>/etc/group</literal> files will be merged with the
|
||||
contents generated from the <literal>users.extraUsers</literal> and
|
||||
<literal>users.extraGroups</literal> options. If
|
||||
<literal>mutableUsers</literal> is false, the contents of the user and
|
||||
group files will simply be replaced on system activation. This also
|
||||
holds for the user passwords; if this option is false, all changed
|
||||
passwords will be reset according to the
|
||||
<literal>users.extraUsers</literal> configuration on activation. If
|
||||
this option is true, the initial password for a user will be set
|
||||
according to <literal>users.extraUsers</literal>, but existing passwords
|
||||
will not be changed.
|
||||
'';
|
||||
};
|
||||
|
||||
users.enforceIdUniqueness = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to require that no two users/groups share the same uid/gid.
|
||||
'';
|
||||
};
|
||||
|
||||
users.extraUsers = mkOption {
|
||||
default = {};
|
||||
type = types.loaOf types.optionSet;
|
||||
@ -194,11 +364,17 @@ in
|
||||
example = "!";
|
||||
description = ''
|
||||
The (hashed) password for the root account set on initial
|
||||
installation. The empty string denotes that root can login
|
||||
installation. The empty string denotes that root can login
|
||||
locally without a password (but not via remote services such
|
||||
as SSH, or indirectly via <command>su</command> or
|
||||
<command>sudo</command>). The string <literal>!</literal>
|
||||
<command>sudo</command>). The string <literal>!</literal>
|
||||
prevents root from logging in using a password.
|
||||
Note, setting this option sets
|
||||
<literal>users.extraUsers.root.hashedPassword</literal>.
|
||||
Note, if <literal>users.mutableUsers</literal> is false
|
||||
you cannot change the root password manually, so in that case
|
||||
the name of this option is a bit misleading, since it will define
|
||||
the root password beyond the user initialisation phase.
|
||||
'';
|
||||
};
|
||||
|
||||
@ -211,144 +387,120 @@ in
|
||||
|
||||
users.extraUsers = {
|
||||
root = {
|
||||
uid = ids.uids.root;
|
||||
description = "System administrator";
|
||||
home = "/root";
|
||||
shell = config.users.defaultUserShell;
|
||||
shell = cfg.defaultUserShell;
|
||||
group = "root";
|
||||
extraGroups = [ "grsecurity" ];
|
||||
hashedPassword = mkDefault config.security.initialRootPassword;
|
||||
};
|
||||
nobody = {
|
||||
uid = ids.uids.nobody;
|
||||
description = "Unprivileged account (don't use!)";
|
||||
group = "nogroup";
|
||||
};
|
||||
};
|
||||
|
||||
users.extraGroups = {
|
||||
root = { };
|
||||
wheel = { };
|
||||
disk = { };
|
||||
kmem = { };
|
||||
tty = { };
|
||||
floppy = { };
|
||||
uucp = { };
|
||||
lp = { };
|
||||
cdrom = { };
|
||||
tape = { };
|
||||
audio = { };
|
||||
video = { };
|
||||
dialout = { };
|
||||
nogroup = { };
|
||||
users = { };
|
||||
nixbld = { };
|
||||
utmp = { };
|
||||
adm = { }; # expected by journald
|
||||
root.gid = ids.gids.root;
|
||||
wheel.gid = ids.gids.wheel;
|
||||
disk.gid = ids.gids.disk;
|
||||
kmem.gid = ids.gids.kmem;
|
||||
tty.gid = ids.gids.tty;
|
||||
floppy.gid = ids.gids.floppy;
|
||||
uucp.gid = ids.gids.uucp;
|
||||
lp.gid = ids.gids.lp;
|
||||
cdrom.gid = ids.gids.cdrom;
|
||||
tape.gid = ids.gids.tape;
|
||||
audio.gid = ids.gids.audio;
|
||||
video.gid = ids.gids.video;
|
||||
dialout.gid = ids.gids.dialout;
|
||||
nogroup.gid = ids.gids.nogroup;
|
||||
users.gid = ids.gids.users;
|
||||
nixbld.gid = ids.gids.nixbld;
|
||||
utmp.gid = ids.gids.utmp;
|
||||
adm.gid = ids.gids.adm;
|
||||
grsecurity.gid = ids.gids.grsecurity;
|
||||
};
|
||||
|
||||
system.activationScripts.rootPasswd = stringAfter [ "etc" ]
|
||||
''
|
||||
# If there is no password file yet, create a root account with an
|
||||
# empty password.
|
||||
if ! test -e /etc/passwd; then
|
||||
rootHome=/root
|
||||
touch /etc/passwd; chmod 0644 /etc/passwd
|
||||
touch /etc/group; chmod 0644 /etc/group
|
||||
touch /etc/shadow; chmod 0600 /etc/shadow
|
||||
# Can't use useradd, since it complains that it doesn't know us
|
||||
# (bootstrap problem!).
|
||||
echo "root:x:0:0:System administrator:$rootHome:${config.users.defaultUserShell}" >> /etc/passwd
|
||||
echo "root:${config.security.initialRootPassword}:::::::" >> /etc/shadow
|
||||
fi
|
||||
system.activationScripts.users =
|
||||
let
|
||||
mkhomeUsers = filterAttrs (n: u: u.createHome) cfg.extraUsers;
|
||||
setpwUsers = filterAttrs (n: u: u.createUser) cfg.extraUsers;
|
||||
pwFile = u: if !(isNull u.hashedPassword)
|
||||
then pkgs.writeTextFile { name = "password-file"; text = u.hashedPassword; }
|
||||
else if !(isNull u.password)
|
||||
then pkgs.runCommand "password-file" { pw = u.password; } ''
|
||||
echo -n "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -s > $out
|
||||
'' else u.passwordFile;
|
||||
setpw = n: u: ''
|
||||
setpw=yes
|
||||
${optionalString cfg.mutableUsers ''
|
||||
test "$(getent shadow '${u.name}' | cut -d: -f2)" != "x" && setpw=no
|
||||
''}
|
||||
if [ "$setpw" == "yes" ]; then
|
||||
${if !(isNull (pwFile u))
|
||||
then ''
|
||||
echo -n "${u.name}:" | cat - "${pwFile u}" | \
|
||||
${pkgs.shadow}/sbin/chpasswd -e
|
||||
''
|
||||
else "passwd -l '${u.name}' &>/dev/null"
|
||||
}
|
||||
fi
|
||||
'';
|
||||
mkhome = n: u: ''
|
||||
uid="$(id -u ${u.name})"
|
||||
gid="$(id -g ${u.name})"
|
||||
h="${u.home}"
|
||||
test -a "$h" || mkdir -p "$h" || true
|
||||
test "$(stat -c %u "$h")" = $uid || chown $uid "$h" || true
|
||||
test "$(stat -c %g "$h")" = $gid || chgrp $gid "$h" || true
|
||||
'';
|
||||
groupadd = n: g: ''
|
||||
if [ -z "$(getent group "${g.name}")" ]; then
|
||||
echo "Adding group ${g.name}"
|
||||
${pkgs.shadow}/sbin/groupadd "${g.name}"
|
||||
fi
|
||||
'';
|
||||
useradd = n: u: ''
|
||||
if ! id "${u.name}" &>/dev/null; then
|
||||
echo "Adding user ${u.name}"
|
||||
${pkgs.shadow}/sbin/useradd \
|
||||
-g "${u.group}" \
|
||||
-s "${u.shell}" \
|
||||
-d "${u.home}" \
|
||||
"${u.name}"
|
||||
echo "${u.name}:x" | ${pkgs.shadow}/sbin/chpasswd -e
|
||||
fi
|
||||
'';
|
||||
in stringAfter [ "etc" ] ''
|
||||
touch /etc/group
|
||||
touch /etc/passwd
|
||||
VISUAL=${merger groupFile} ${pkgs.shadow}/sbin/vigr &>/dev/null
|
||||
VISUAL=${merger passwdFile} ${pkgs.shadow}/sbin/vipw &>/dev/null
|
||||
${pkgs.shadow}/sbin/grpconv
|
||||
${pkgs.shadow}/sbin/pwconv
|
||||
${concatStrings (mapAttrsToList groupadd nonGidGroups)}
|
||||
${concatStrings (mapAttrsToList useradd nonUidUsers)}
|
||||
${concatStrings (mapAttrsToList mkhome mkhomeUsers)}
|
||||
${concatStrings (mapAttrsToList setpw setpwUsers)}
|
||||
'';
|
||||
|
||||
# Print a reminder for users to set a root password.
|
||||
environment.interactiveShellInit =
|
||||
''
|
||||
if [ "$UID" = 0 ]; then
|
||||
read _l < /etc/shadow
|
||||
if [ "''${_l:0:6}" = root:: ]; then
|
||||
cat >&2 <<EOF
|
||||
[1;31mWarning:[0m Your root account has a null password, allowing local users
|
||||
to login as root. Please set a non-null password using \`passwd', or
|
||||
disable password-based root logins using \`passwd -l'.
|
||||
EOF
|
||||
fi
|
||||
unset _l
|
||||
fi
|
||||
'';
|
||||
# for backwards compatibility
|
||||
system.activationScripts.groups = stringAfter [ "users" ] "";
|
||||
|
||||
system.activationScripts.users = stringAfter [ "groups" ]
|
||||
''
|
||||
echo "updating users..."
|
||||
|
||||
cat ${usersFile} | while true; do
|
||||
read name || break
|
||||
read description
|
||||
read uid
|
||||
read group
|
||||
read extraGroups
|
||||
read home
|
||||
read shell
|
||||
read createHome
|
||||
read password
|
||||
read isSystemUser
|
||||
read createUser
|
||||
read isAlias
|
||||
|
||||
if [ -z "$createUser" ]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
if ! curEnt=$(getent passwd "$name"); then
|
||||
useradd ''${isSystemUser:+--system} \
|
||||
--comment "$description" \
|
||||
''${uid:+--uid $uid} \
|
||||
--gid "$group" \
|
||||
--groups "$extraGroups" \
|
||||
--home "$home" \
|
||||
--shell "$shell" \
|
||||
''${createHome:+--create-home} \
|
||||
''${isAlias:+--non-unique} \
|
||||
"$name"
|
||||
if test "''${password:0:1}" = 'X'; then
|
||||
(echo "''${password:1}"; echo "''${password:1}") | ${pkgs.shadow}/bin/passwd "$name"
|
||||
fi
|
||||
else
|
||||
#echo "updating user $name..."
|
||||
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
|
||||
prevUid=$3
|
||||
prevHome=$6
|
||||
# Don't change the home directory if it's the same to prevent
|
||||
# unnecessary warnings about logged in users.
|
||||
if test "$prevHome" = "$home"; then unset home; fi
|
||||
usermod \
|
||||
--comment "$description" \
|
||||
--gid "$group" \
|
||||
--groups "$extraGroups" \
|
||||
''${home:+--home "$home"} \
|
||||
--shell "$shell" \
|
||||
"$name"
|
||||
fi
|
||||
|
||||
done
|
||||
'';
|
||||
|
||||
system.activationScripts.groups = stringAfter [ "rootPasswd" "binsh" "etc" "var" ]
|
||||
''
|
||||
echo "updating groups..."
|
||||
|
||||
createGroup() {
|
||||
name="$1"
|
||||
gid="$2"
|
||||
|
||||
if ! curEnt=$(getent group "$name"); then
|
||||
groupadd --system \
|
||||
''${gid:+--gid $gid} \
|
||||
"$name"
|
||||
fi
|
||||
}
|
||||
|
||||
${flip concatMapStrings (attrValues config.users.extraGroups) (g: ''
|
||||
createGroup '${g.name}' '${toString g.gid}'
|
||||
'')}
|
||||
'';
|
||||
assertions = [
|
||||
{ assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
|
||||
message = "uids and gids must be unique!";
|
||||
}
|
||||
{ assertion = cfg.mutableUsers || (nonUidUsers == {});
|
||||
message = "When mutableUsers is false, no uid can be null";
|
||||
}
|
||||
{ assertion = cfg.mutableUsers || (nonGidGroups == {});
|
||||
message = "When mutableUsers is false, no gid can be null";
|
||||
}
|
||||
];
|
||||
|
||||
};
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let kernelVersion = config.boot.kernelPackages.kernel.version; in
|
||||
|
||||
|
@ -2,19 +2,19 @@
|
||||
let
|
||||
inherit (pkgs.lib) mkOption types mkIf optional optionals elem optionalString optionalAttrs;
|
||||
|
||||
cfg = config.services.mesa;
|
||||
cfg = config.hardware.opengl;
|
||||
|
||||
kernelPackages = config.boot.kernelPackages;
|
||||
in {
|
||||
options = {
|
||||
services.mesa.enable = mkOption {
|
||||
description = "Whether this configuration requires mesa.";
|
||||
hardware.opengl.enable = mkOption {
|
||||
description = "Whether this configuration requires opengl.";
|
||||
type = types.bool;
|
||||
default = false;
|
||||
internal = true;
|
||||
};
|
||||
|
||||
services.mesa.driSupport = mkOption {
|
||||
hardware.opengl.driSupport = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
@ -23,51 +23,55 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
services.mesa.driSupport32Bit = mkOption {
|
||||
hardware.opengl.driSupport32Bit = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
On 64-bit systems, whether to support Direct Rendering for
|
||||
32-bit applications (such as Wine). This is currently only
|
||||
supported for the <literal>nvidia</literal> driver and for
|
||||
<literal>mesa</literal>.
|
||||
<literal>Mesa</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
services.mesa.s3tcSupport = mkOption {
|
||||
hardware.opengl.s3tcSupport = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Make S3TC(S3 Texture Compression) via libtxc_dxtn available
|
||||
to OpenGL drivers. It is essential for many games to work
|
||||
with FOSS GPU drivers.
|
||||
to OpenGL drivers instead of the patent-free S2TC replacement.
|
||||
|
||||
Using this library may require a patent license depending on your location.
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
services.mesa.videoDrivers = mkOption {
|
||||
hardware.opengl.videoDrivers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
# !!! We'd like "nv" here, but it segfaults the X server.
|
||||
default = [ "ati" "cirrus" "intel" "vesa" "vmware" ];
|
||||
example = [ "vesa" ];
|
||||
description = ''
|
||||
The names of the video drivers that the mesa should
|
||||
support. Mesa will try all of the drivers listed
|
||||
here until it finds one that supports your video card.
|
||||
The names of the opengl video drivers the configuration
|
||||
supports. They will be tried in order until one that
|
||||
supports your card is found.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = pkgs.lib.singleton {
|
||||
assertion = cfg.driSupport32Bit -> pkgs.stdenv.isx86_64;
|
||||
message = "Option driSupport32Bit only makes sens on a 64-bit system.";
|
||||
};
|
||||
|
||||
system.activationScripts.setup-opengl.deps = [];
|
||||
system.activationScripts.setup-opengl.text = ''
|
||||
rm -f /run/opengl-driver{,-32}
|
||||
${optionalString (!cfg.driSupport32Bit) "ln -sf opengl-driver /run/opengl-driver-32"}
|
||||
|
||||
${# !!! The OpenGL driver depends on what's detected at runtime.
|
||||
if elem "nvidia" cfg.videoDrivers then
|
||||
${optionalString (pkgs.stdenv.isi686) "ln -sf opengl-driver /run/opengl-driver-32"}
|
||||
''
|
||||
#TODO: The OpenGL driver should depend on what's detected at runtime.
|
||||
+( if elem "nvidia" cfg.videoDrivers then
|
||||
''
|
||||
ln -sf ${kernelPackages.nvidia_x11} /run/opengl-driver
|
||||
${optionalString cfg.driSupport32Bit
|
||||
@ -84,18 +88,25 @@ in {
|
||||
else if elem "ati_unfree" cfg.videoDrivers then
|
||||
"ln -sf ${kernelPackages.ati_drivers_x11} /run/opengl-driver"
|
||||
else
|
||||
let
|
||||
lib_fun = p: p.buildEnv {
|
||||
name = "mesa-drivers+txc-${p.mesa_drivers.version}";
|
||||
paths = [
|
||||
p.mesa_drivers
|
||||
p.mesa_noglu # mainly for libGL
|
||||
(if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc)
|
||||
];
|
||||
};
|
||||
in
|
||||
''
|
||||
${optionalString cfg.driSupport "ln -sf ${pkgs.mesa_drivers} /run/opengl-driver"}
|
||||
${optionalString cfg.driSupport "ln -sf ${lib_fun pkgs} /run/opengl-driver"}
|
||||
${optionalString cfg.driSupport32Bit
|
||||
"ln -sf ${pkgs_i686.mesa_drivers} /run/opengl-driver-32"}
|
||||
"ln -sf ${lib_fun pkgs_i686} /run/opengl-driver-32"}
|
||||
''
|
||||
}
|
||||
'';
|
||||
);
|
||||
|
||||
environment.variables.LD_LIBRARY_PATH =
|
||||
[ "/run/opengl-driver/lib" "/run/opengl-driver-32/lib" ]
|
||||
++ optional cfg.s3tcSupport "${pkgs.libtxc_dxtn}/lib"
|
||||
++ optional (cfg.s3tcSupport && cfg.driSupport32Bit) "${pkgs_i686.libtxc_dxtn}/lib";
|
||||
[ "/run/opengl-driver/lib" "/run/opengl-driver-32/lib" ];
|
||||
|
||||
boot.extraModulePackages =
|
||||
optional (elem "nvidia" cfg.videoDrivers) kernelPackages.nvidia_x11 ++
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
41
nixos/modules/hardware/video/bumblebee.nix
Normal file
41
nixos/modules/hardware/video/bumblebee.nix
Normal file
@ -0,0 +1,41 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let kernel = config.boot.kernelPackages; in
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
options = {
|
||||
hardware.bumblebee.enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Enable the bumblebee daemon to manage Optimus hybrid video cards.
|
||||
This should power off secondary GPU until its use is requested
|
||||
by running an application with optirun.
|
||||
|
||||
Only nvidia driver is supported so far.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.hardware.bumblebee.enable {
|
||||
boot.blacklistedKernelModules = [ "nouveau" "nvidia" ];
|
||||
boot.kernelModules = [ "bbswitch" ];
|
||||
boot.extraModulePackages = [ kernel.bbswitch kernel.nvidia_x11 ];
|
||||
|
||||
environment.systemPackages = [ pkgs.bumblebee ];
|
||||
|
||||
systemd.services.bumblebeed = {
|
||||
description = "Bumblebee Hybrid Graphics Switcher";
|
||||
wantedBy = [ "display-manager.service" ];
|
||||
script = "bumblebeed --use-syslog";
|
||||
path = [ kernel.bbswitch pkgs.bumblebee ];
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = 60;
|
||||
CPUSchedulingPolicy = "idle";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,9 +1,9 @@
|
||||
# Provide an initial copy of the NixOS channel so that the user
|
||||
# doesn't need to run "nix-channel --update" first.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
@ -28,7 +28,7 @@ in
|
||||
{
|
||||
# Provide the NixOS/Nixpkgs sources in /etc/nixos. This is required
|
||||
# for nixos-install.
|
||||
boot.postBootCommands =
|
||||
boot.postBootCommands = mkAfter
|
||||
''
|
||||
if ! [ -e /var/lib/nixos/did-channel-init ]; then
|
||||
echo "unpacking the NixOS/Nixpkgs sources..."
|
||||
|
@ -1,9 +1,9 @@
|
||||
# This module contains the basic configuration for building a NixOS
|
||||
# installation CD.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports =
|
||||
@ -19,7 +19,7 @@ with pkgs.lib;
|
||||
# ISO naming.
|
||||
isoImage.isoName = "${config.isoImage.isoBaseName}-${config.system.nixosVersion}-${pkgs.stdenv.system}.iso";
|
||||
|
||||
isoImage.volumeID = substring 0 32 "NIXOS_${config.system.nixosVersion}";
|
||||
isoImage.volumeID = substring 0 11 "NIXOS_${config.system.nixosVersion}";
|
||||
|
||||
# Make the installer more likely to succeed in low memory
|
||||
# environments. The kernel's overcommit heustistics bite us
|
||||
@ -29,14 +29,15 @@ with pkgs.lib;
|
||||
boot.kernel.sysctl."vm.overcommit_memory" = "1";
|
||||
|
||||
# To speed up installation a little bit, include the complete stdenv
|
||||
# in the Nix store on the CD.
|
||||
isoImage.storeContents = [ pkgs.stdenv pkgs.busybox ];
|
||||
# in the Nix store on the CD. Archive::Cpio is needed for the
|
||||
# initrd builder.
|
||||
isoImage.storeContents = [ pkgs.stdenv pkgs.busybox pkgs.perlPackages.ArchiveCpio ];
|
||||
|
||||
# EFI booting
|
||||
isoImage.makeEfiBootable = true;
|
||||
|
||||
# Add Memtest86+ to the CD.
|
||||
boot.loader.grub.memtest86 = true;
|
||||
boot.loader.grub.memtest86.enable = true;
|
||||
|
||||
# Get a console as soon as the initrd loads fbcon on EFI boot
|
||||
boot.initrd.kernelModules = [ "fbcon" ];
|
||||
|
@ -1,9 +1,9 @@
|
||||
# This module defines a NixOS installation CD that contains X11 and
|
||||
# KDE 4.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports = [ ./installation-cd-base.nix ../../profiles/graphical.nix ];
|
||||
|
@ -2,9 +2,9 @@
|
||||
# configuration. The derivation for the ISO image will be placed in
|
||||
# config.system.build.isoImage.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -1,9 +1,9 @@
|
||||
# This module contains the basic configuration for building a NixOS
|
||||
# tarball, that can directly boot, maybe using PXE or unpacking on a fs.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -1,9 +1,9 @@
|
||||
# This module contains the basic configuration for building a NixOS
|
||||
# tarball for the sheevaplug.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
@ -138,8 +138,7 @@ in
|
||||
};
|
||||
|
||||
# Setting vesa, we don't get the nvidia driver, which can't work in arm.
|
||||
services.xserver.videoDriver = "vesa";
|
||||
services.xserver.videoDrivers = [];
|
||||
hardware.opengl.videoDrivers = [ "vesa" ];
|
||||
services.nixosManual.enable = false;
|
||||
|
||||
# Include the firmware for various wireless cards.
|
||||
|
@ -2,9 +2,9 @@
|
||||
# configuration. The derivation for the ISO image will be placed in
|
||||
# config.system.build.tarball.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -1,8 +1,8 @@
|
||||
# List all devices which are detected by nixos-hardware-scan.
|
||||
# Common devices are enabled by default.
|
||||
{config, pkgs, ...}:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
config = mkDefault {
|
||||
|
@ -1,8 +1,8 @@
|
||||
# List all devices which are _not_ detected by nixos-hardware-scan.
|
||||
# Common devices are enabled by default.
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
hardware.enableAllFirmware = true;
|
||||
|
@ -1,9 +1,9 @@
|
||||
# This module generates the nixos-checkout script, which replaces the
|
||||
# Nixpkgs source trees in /etc/nixos/nixpkgs with a Git checkout.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -61,7 +61,7 @@ my @attrs = ();
|
||||
my @kernelModules = ();
|
||||
my @initrdKernelModules = ();
|
||||
my @modulePackages = ();
|
||||
my @imports = ("<nixos/modules/installer/scan/not-detected.nix>");
|
||||
my @imports = ("<nixpkgs/nixos/modules/installer/scan/not-detected.nix>");
|
||||
|
||||
|
||||
sub debug {
|
||||
@ -96,9 +96,9 @@ my $videoDriver;
|
||||
|
||||
sub pciCheck {
|
||||
my $path = shift;
|
||||
my $vendor = read_file "$path/vendor";
|
||||
my $device = read_file "$path/device";
|
||||
my $class = read_file "$path/class";
|
||||
my $vendor = read_file "$path/vendor"; chomp $vendor;
|
||||
my $device = read_file "$path/device"; chomp $device;
|
||||
my $class = read_file "$path/class"; chomp $class;
|
||||
|
||||
my $module;
|
||||
if (-e "$path/driver/module") {
|
||||
@ -130,6 +130,7 @@ sub pciCheck {
|
||||
|
||||
# broadcom STA driver (wl.ko)
|
||||
# list taken from http://www.broadcom.com/docs/linux_sta/README.txt
|
||||
# FIXME: still needed?
|
||||
if ($vendor eq "0x14e4" &&
|
||||
($device eq "0x4311" || $device eq "0x4312" || $device eq "0x4313" ||
|
||||
$device eq "0x4315" || $device eq "0x4327" || $device eq "0x4328" ||
|
||||
@ -156,6 +157,7 @@ sub pciCheck {
|
||||
|
||||
# Assume that all NVIDIA cards are supported by the NVIDIA driver.
|
||||
# There may be exceptions (e.g. old cards).
|
||||
# FIXME: do we want to enable an unfree driver here?
|
||||
$videoDriver = "nvidia" if $vendor eq "0x10de" && $class =~ /^0x03/;
|
||||
}
|
||||
|
||||
@ -163,16 +165,16 @@ foreach my $path (glob "/sys/bus/pci/devices/*") {
|
||||
pciCheck $path;
|
||||
}
|
||||
|
||||
push @attrs, "services.xserver.videoDrivers = [ \"$videoDriver\" ];" if $videoDriver;
|
||||
push @attrs, "hardware.opengl.videoDrivers = [ \"$videoDriver\" ];" if $videoDriver;
|
||||
|
||||
|
||||
# Idem for USB devices.
|
||||
|
||||
sub usbCheck {
|
||||
my $path = shift;
|
||||
my $class = read_file "$path/bInterfaceClass";
|
||||
my $subclass = read_file "$path/bInterfaceSubClass";
|
||||
my $protocol = read_file "$path/bInterfaceProtocol";
|
||||
my $class = read_file "$path/bInterfaceClass"; chomp $class;
|
||||
my $subclass = read_file "$path/bInterfaceSubClass"; chomp $subclass;
|
||||
my $protocol = read_file "$path/bInterfaceProtocol"; chomp $protocol;
|
||||
|
||||
my $module;
|
||||
if (-e "$path/driver/module") {
|
||||
@ -216,14 +218,22 @@ foreach my $path (glob "/sys/class/block/*") {
|
||||
}
|
||||
|
||||
|
||||
my $dmi = `@dmidecode@/sbin/dmidecode`;
|
||||
|
||||
|
||||
# Check if we're a VirtualBox guest. If so, enable the guest
|
||||
# additions.
|
||||
my $dmi = `@dmidecode@/sbin/dmidecode`;
|
||||
if ($dmi =~ /Manufacturer: innotek/) {
|
||||
push @attrs, "services.virtualbox.enable = true;"
|
||||
}
|
||||
|
||||
|
||||
# Likewise for QEMU.
|
||||
if ($dmi =~ /Manufacturer: Bochs/) {
|
||||
push @imports, "<nixpkgs/nixos/modules/profiles/qemu-guest.nix>";
|
||||
}
|
||||
|
||||
|
||||
# Generate the swapDevices option from the currently activated swap
|
||||
# devices.
|
||||
my @swaps = read_file("/proc/swaps");
|
||||
@ -256,7 +266,7 @@ foreach my $fs (read_file("/proc/self/mountinfo")) {
|
||||
$mountPoint = "/" if $mountPoint eq "";
|
||||
|
||||
# Skip special filesystems.
|
||||
next if in($mountPoint, "/proc") || in($mountPoint, "/dev") || in($mountPoint, "/sys") || in($mountPoint, "/run");
|
||||
next if in($mountPoint, "/proc") || in($mountPoint, "/dev") || in($mountPoint, "/sys") || in($mountPoint, "/run") || $mountPoint eq "/var/lib/nfs/rpc_pipefs";
|
||||
|
||||
# Skip the optional fields.
|
||||
my $n = 6; $n++ while $fields[$n] ne "-"; $n++;
|
||||
@ -305,7 +315,15 @@ EOF
|
||||
fileSystems.\"$mountPoint\" =
|
||||
{ device = \"$device\";
|
||||
fsType = \"$fsType\";
|
||||
options = \"${\join ",", uniq(@extraOptions, @superOptions, @mountOptions)}\";
|
||||
EOF
|
||||
|
||||
if (scalar @extraOptions > 0) {
|
||||
$fileSystems .= <<EOF;
|
||||
options = \"${\join ",", uniq(@extraOptions)}\";
|
||||
EOF
|
||||
}
|
||||
|
||||
$fileSystems .= <<EOF;
|
||||
};
|
||||
|
||||
EOF
|
||||
|
@ -228,7 +228,7 @@ else
|
||||
escapeQuotes () { eval echo "$1"; }
|
||||
nixMap escapeQuotes "$names"
|
||||
else
|
||||
echo 1>&2 "An error occured while looking for attribute names."
|
||||
echo 1>&2 "An error occurred while looking for attribute names."
|
||||
echo $result
|
||||
fi
|
||||
fi
|
||||
|
@ -1,4 +1,8 @@
|
||||
#! @shell@ -e
|
||||
#! @shell@
|
||||
|
||||
if [ -x "@shell@" ]; then export SHELL="@shell@"; fi;
|
||||
|
||||
set -e
|
||||
|
||||
showSyntax() {
|
||||
exec man nixos-rebuild
|
||||
@ -7,6 +11,7 @@ showSyntax() {
|
||||
|
||||
|
||||
# Parse the command line.
|
||||
origArgs=("$@")
|
||||
extraBuildFlags=()
|
||||
action=
|
||||
buildNix=1
|
||||
@ -40,7 +45,7 @@ while [ "$#" -gt 0 ]; do
|
||||
repair=1
|
||||
extraBuildFlags+=("$i")
|
||||
;;
|
||||
--show-trace|--no-build-hook|--keep-failed|-K|--keep-going|-k|--verbose|-v|-vv|-vvv|-vvvv|-vvvvv|--fallback|--repair)
|
||||
--show-trace|--no-build-hook|--keep-failed|-K|--keep-going|-k|--verbose|-v|-vv|-vvv|-vvvv|-vvvvv|--fallback|--repair|--no-build-output|-Q)
|
||||
extraBuildFlags+=("$i")
|
||||
;;
|
||||
--max-jobs|-j|--cores|-I)
|
||||
@ -76,8 +81,30 @@ done
|
||||
|
||||
if [ -z "$action" ]; then showSyntax; fi
|
||||
|
||||
if [ -n "$rollback" ]; then
|
||||
buildNix=
|
||||
# Only run shell scripts from the Nixpkgs tree if the action is
|
||||
# "switch", "boot", or "test". With other actions (such as "build"),
|
||||
# the user may reasonably expect that no code from the Nixpkgs tree is
|
||||
# executed, so it's safe to run nixos-rebuild against a potentially
|
||||
# untrusted tree.
|
||||
canRun=
|
||||
if [ "$action" = switch -o "$action" = boot -o "$action" = test ]; then
|
||||
canRun=1
|
||||
fi
|
||||
|
||||
|
||||
# If ‘--upgrade’ is given, run ‘nix-channel --update nixos’.
|
||||
if [ -n "$upgrade" -a -z "$_NIXOS_REBUILD_REEXEC" ]; then
|
||||
nix-channel --update nixos
|
||||
fi
|
||||
|
||||
|
||||
# Re-execute nixos-rebuild from the Nixpkgs tree.
|
||||
if [ -z "$_NIXOS_REBUILD_REEXEC" -a -n "$canRun" ]; then
|
||||
if p=$(nix-instantiate --find-file nixpkgs/nixos/modules/installer/tools/nixos-rebuild.sh "${extraBuildFlags[@]}"); then
|
||||
export _NIXOS_REBUILD_REEXEC=1
|
||||
exec $SHELL -e $p "${origArgs[@]}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@ -98,20 +125,33 @@ if [ -z "$repair" ] && systemctl show nix-daemon.socket nix-daemon.service | gre
|
||||
fi
|
||||
|
||||
|
||||
# If ‘--upgrade’ is given, run ‘nix-channel --update nixos’.
|
||||
if [ -n "$upgrade" ]; then
|
||||
nix-channel --update nixos
|
||||
# First build Nix, since NixOS may require a newer version than the
|
||||
# current one.
|
||||
if [ -n "$rollback" -o "$action" = dry-run ]; then
|
||||
buildNix=
|
||||
fi
|
||||
|
||||
|
||||
# First build Nix, since NixOS may require a newer version than the
|
||||
# current one. Of course, the same goes for Nixpkgs, but Nixpkgs is
|
||||
# more conservative.
|
||||
if [ "$action" != dry-run -a -n "$buildNix" ]; then
|
||||
if [ -n "$buildNix" ]; then
|
||||
echo "building Nix..." >&2
|
||||
if ! nix-build '<nixpkgs/nixos>' -A config.nix.package -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
|
||||
if ! nix-build '<nixpkgs/nixos>' -A nixFallback -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
|
||||
nix-build '<nixpkgs>' -A nixUnstable -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null
|
||||
if ! nix-build '<nixpkgs>' -A nix -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
|
||||
machine="$(uname -m)"
|
||||
if [ "$machine" = x86_64 ]; then
|
||||
nixStorePath=/nix/store/d34q3q2zj9nriq4ifhn3dnnngqvinjb3-nix-1.7
|
||||
elif [[ "$machine" =~ i.86 ]]; then
|
||||
nixStorePath=/nix/store/qlah0darpcn6sf3lr2226rl04l1gn4xz-nix-1.7
|
||||
else
|
||||
echo "$0: unsupported platform"
|
||||
exit 1
|
||||
fi
|
||||
if ! nix-store -r $nixStorePath --add-root $tmpDir/nix --indirect \
|
||||
--option extra-binary-caches http://cache.nixos.org/; then
|
||||
echo "warning: don't know how to get latest Nix" >&2
|
||||
fi
|
||||
# Older version of nix-store -r don't support --add-root.
|
||||
[ -e $tmpDir/nix ] || ln -sf $nixStorePath $tmpDir/nix
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
PATH=$tmpDir/nix/bin:$PATH
|
||||
@ -120,10 +160,12 @@ fi
|
||||
|
||||
# Update the version suffix if we're building from Git (so that
|
||||
# nixos-version shows something useful).
|
||||
if nixpkgs=$(nix-instantiate --find-file nixpkgs "${extraBuildFlags[@]}"); then
|
||||
suffix=$(@shell@ $nixpkgs/nixos/modules/installer/tools/get-version-suffix "${extraBuildFlags[@]}" || true)
|
||||
if [ -n "$suffix" ]; then
|
||||
echo -n "$suffix" > "$nixpkgs/.version-suffix" || true
|
||||
if [ -n "$canRun" ]; then
|
||||
if nixpkgs=$(nix-instantiate --find-file nixpkgs "${extraBuildFlags[@]}"); then
|
||||
suffix=$($SHELL $nixpkgs/nixos/modules/installer/tools/get-version-suffix "${extraBuildFlags[@]}" || true)
|
||||
if [ -n "$suffix" ]; then
|
||||
echo -n "$suffix" > "$nixpkgs/.version-suffix" || true
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -80,9 +80,9 @@ in
|
||||
/*
|
||||
options = {
|
||||
|
||||
installer.enableGraphicalTools = pkgs.lib.mkOption {
|
||||
installer.enableGraphicalTools = mkOption {
|
||||
default = false;
|
||||
type = with pkgs.lib.types; bool;
|
||||
type = types.bool;
|
||||
example = true;
|
||||
description = ''
|
||||
Enable the installation of graphical tools.
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports =
|
||||
@ -15,5 +15,5 @@ with pkgs.lib;
|
||||
|
||||
# Add some more video drivers to give X11 a shot at working in
|
||||
# VMware and QEMU.
|
||||
services.xserver.videoDrivers = mkOverride 40 [ "virtualbox" "vmware" "cirrus" "vesa" ];
|
||||
hardware.opengl.videoDrivers = mkOverride 40 [ "virtualbox" "vmware" "cirrus" "vesa" ];
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ pkgs, ... }:
|
||||
{ lib, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
options = {
|
||||
|
@ -1,6 +1,6 @@
|
||||
{pkgs, config, ...}:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
crashdump = config.boot.crashDump;
|
||||
|
@ -110,6 +110,27 @@
|
||||
openldap = 99;
|
||||
memcached = 100;
|
||||
cgminer = 101;
|
||||
munin = 102;
|
||||
logcheck = 103;
|
||||
nix-ssh = 104;
|
||||
dictd = 105;
|
||||
couchdb = 106;
|
||||
searx = 107;
|
||||
kippo = 108;
|
||||
jenkins = 109;
|
||||
systemd-journal-gateway = 110;
|
||||
notbit = 111;
|
||||
ngircd = 112;
|
||||
btsync = 113;
|
||||
minecraft = 114;
|
||||
monetdb = 115;
|
||||
rippled = 116;
|
||||
murmur = 117;
|
||||
foundationdb = 118;
|
||||
newrelic = 119;
|
||||
starbound = 120;
|
||||
hydra = 122;
|
||||
spiped = 123;
|
||||
|
||||
# When adding a uid, make sure it doesn't match an existing gid.
|
||||
|
||||
@ -199,6 +220,22 @@
|
||||
haproxy = 92;
|
||||
openldap = 93;
|
||||
connman = 94;
|
||||
munin = 95;
|
||||
keys = 96;
|
||||
dictd = 105;
|
||||
couchdb = 106;
|
||||
searx = 107;
|
||||
kippo = 108;
|
||||
jenkins = 109;
|
||||
systemd-journal-gateway = 110;
|
||||
notbit = 111;
|
||||
monetdb = 115;
|
||||
foundationdb = 118;
|
||||
newrelic = 119;
|
||||
starbound = 120;
|
||||
grsecurity = 121;
|
||||
hydra = 122;
|
||||
spiped = 123;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing uid.
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
isConfig = x:
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
|
||||
|
@ -29,7 +29,9 @@
|
||||
./hardware/network/intel-3945abg.nix
|
||||
./hardware/network/ralink.nix
|
||||
./hardware/network/rtl8192c.nix
|
||||
./hardware/opengl.nix
|
||||
./hardware/pcmcia.nix
|
||||
./hardware/video/bumblebee.nix
|
||||
./installer/tools/nixos-checkout.nix
|
||||
./installer/tools/tools.nix
|
||||
./misc/assertions.nix
|
||||
@ -59,6 +61,8 @@
|
||||
./security/apparmor.nix
|
||||
./security/apparmor-suid.nix
|
||||
./security/ca.nix
|
||||
./security/duosec.nix
|
||||
./security/grsecurity.nix
|
||||
./security/pam.nix
|
||||
./security/pam_usb.nix
|
||||
./security/polkit.nix
|
||||
@ -76,20 +80,34 @@
|
||||
./services/backup/bacula.nix
|
||||
./services/backup/mysql-backup.nix
|
||||
./services/backup/postgresql-backup.nix
|
||||
./services/backup/sitecopy-backup.nix
|
||||
./services/backup/rsnapshot.nix
|
||||
./services/backup/sitecopy-backup.nix
|
||||
./services/backup/tarsnap.nix
|
||||
./services/continuous-integration/jenkins/default.nix
|
||||
./services/continuous-integration/jenkins/slave.nix
|
||||
./services/databases/4store-endpoint.nix
|
||||
./services/databases/4store.nix
|
||||
./services/databases/couchdb.nix
|
||||
./services/databases/firebird.nix
|
||||
./services/databases/memcached.nix
|
||||
./services/databases/mongodb.nix
|
||||
./services/databases/redis.nix
|
||||
./services/databases/mysql.nix
|
||||
./services/databases/mysql55.nix
|
||||
./services/databases/openldap.nix
|
||||
./services/databases/postgresql.nix
|
||||
./services/databases/virtuoso.nix
|
||||
./services/databases/monetdb.nix
|
||||
./services/desktops/accountservice.nix
|
||||
./services/desktops/gnome3/at-spi2-core.nix
|
||||
./services/desktops/gnome3/evolution-data-server.nix
|
||||
./services/desktops/gnome3/gnome-keyring.nix
|
||||
./services/desktops/gnome3/gnome-online-accounts.nix
|
||||
./services/desktops/gnome3/gnome-user-share.nix
|
||||
./services/desktops/gnome3/sushi.nix
|
||||
./services/desktops/gnome3/tracker.nix
|
||||
./services/desktops/telepathy.nix
|
||||
./services/games/ghost-one.nix
|
||||
./services/games/minecraft-server.nix
|
||||
./services/hardware/acpid.nix
|
||||
./services/hardware/amd-hybrid-graphics.nix
|
||||
./services/hardware/bluetooth.nix
|
||||
@ -116,13 +134,16 @@
|
||||
./services/mail/spamassassin.nix
|
||||
./services/misc/autofs.nix
|
||||
./services/misc/cgminer.nix
|
||||
./services/misc/dictd.nix
|
||||
./services/misc/disnix.nix
|
||||
./services/misc/felix.nix
|
||||
./services/misc/folding-at-home.nix
|
||||
./services/misc/gpsd.nix
|
||||
./services/misc/nix-daemon.nix
|
||||
./services/misc/nix-gc.nix
|
||||
./services/misc/nix-ssh-serve.nix
|
||||
./services/misc/nixos-manual.nix
|
||||
./services/misc/rippled.nix
|
||||
./services/misc/rogue.nix
|
||||
./services/misc/svnserve.nix
|
||||
./services/misc/synergy.nix
|
||||
@ -142,11 +163,14 @@
|
||||
./services/network-filesystems/drbd.nix
|
||||
./services/network-filesystems/nfsd.nix
|
||||
./services/network-filesystems/openafs-client/default.nix
|
||||
./services/network-filesystems/rsyncd.nix
|
||||
./services/network-filesystems/samba.nix
|
||||
./services/networking/amuled.nix
|
||||
./services/networking/avahi-daemon.nix
|
||||
./services/networking/bind.nix
|
||||
./services/networking/bitlbee.nix
|
||||
./services/networking/btsync.nix
|
||||
./services/networking/cjdns.nix
|
||||
./services/networking/connman.nix
|
||||
./services/networking/cntlm.nix
|
||||
./services/networking/chrony.nix
|
||||
@ -170,8 +194,11 @@
|
||||
./services/networking/ircd-hybrid/default.nix
|
||||
./services/networking/kippo.nix
|
||||
./services/networking/minidlna.nix
|
||||
./services/networking/murmur.nix
|
||||
./services/networking/nat.nix
|
||||
./services/networking/networkmanager.nix
|
||||
./services/networking/ngircd.nix
|
||||
./services/networking/notbit.nix
|
||||
./services/networking/ntopng.nix
|
||||
./services/networking/ntpd.nix
|
||||
./services/networking/oidentd.nix
|
||||
@ -184,7 +211,10 @@
|
||||
./services/networking/rdnssd.nix
|
||||
./services/networking/rpcbind.nix
|
||||
./services/networking/sabnzbd.nix
|
||||
./services/networking/searx.nix
|
||||
./services/networking/spiped.nix
|
||||
./services/networking/supybot.nix
|
||||
./services/networking/syncthing.nix
|
||||
./services/networking/ssh/lshd.nix
|
||||
./services/networking/ssh/sshd.nix
|
||||
./services/networking/tftpd.nix
|
||||
@ -200,6 +230,7 @@
|
||||
./services/scheduling/cron.nix
|
||||
./services/scheduling/fcron.nix
|
||||
./services/search/elasticsearch.nix
|
||||
./services/search/solr.nix
|
||||
./services/security/clamav.nix
|
||||
./services/security/haveged.nix
|
||||
./services/security/fprot.nix
|
||||
@ -222,8 +253,10 @@
|
||||
./services/web-servers/lighttpd/cgit.nix
|
||||
./services/web-servers/lighttpd/gitweb.nix
|
||||
./services/web-servers/nginx/default.nix
|
||||
./services/web-servers/phpfpm.nix
|
||||
./services/web-servers/tomcat.nix
|
||||
./services/web-servers/varnish/default.nix
|
||||
./services/web-servers/winstone.nix
|
||||
./services/web-servers/zope2.nix
|
||||
./services/x11/desktop-managers/default.nix
|
||||
./services/x11/display-managers/auto.nix
|
||||
@ -234,7 +267,6 @@
|
||||
./services/x11/hardware/multitouch.nix
|
||||
./services/x11/hardware/synaptics.nix
|
||||
./services/x11/hardware/wacom.nix
|
||||
./services/x11/mesa.nix
|
||||
./services/x11/window-managers/awesome.nix
|
||||
#./services/x11/window-managers/compiz.nix
|
||||
./services/x11/window-managers/default.nix
|
||||
@ -282,6 +314,7 @@
|
||||
./tasks/scsi-link-power-management.nix
|
||||
./tasks/swraid.nix
|
||||
./testing/service-runner.nix
|
||||
./virtualisation/container-config.nix
|
||||
./virtualisation/containers.nix
|
||||
./virtualisation/libvirtd.nix
|
||||
#./virtualisation/nova.nix
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ config, pkgs, modules, ... }:
|
||||
{ config, lib, pkgs, modules, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -11,6 +11,6 @@
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
password = "demo";
|
||||
isSystemUser = false;
|
||||
uid = 1000;
|
||||
};
|
||||
}
|
||||
|
@ -1,9 +1,9 @@
|
||||
# Common configuration for headless machines (e.g., Amazon EC2
|
||||
# instances).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
sound.enable = false;
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Provide a basic configuration for installation devices like CDs.
|
||||
{ config, pkgs, modules, ... }:
|
||||
{ config, lib, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports =
|
||||
@ -45,7 +45,7 @@ with pkgs.lib;
|
||||
|
||||
# Enable wpa_supplicant, but don't start it by default.
|
||||
networking.wireless.enable = true;
|
||||
jobs.wpa_supplicant.startOn = pkgs.lib.mkOverride 50 "";
|
||||
jobs.wpa_supplicant.startOn = mkOverride 50 "";
|
||||
|
||||
# Tell the Nix evaluator to garbage collect more aggressively.
|
||||
# This is desirable in memory-constrained environments that don't
|
||||
|
@ -1,11 +1,8 @@
|
||||
# This module defines a small NixOS configuration. It does not
|
||||
# contain any graphical stuff.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
# Don't include X libraries.
|
||||
programs.ssh.setXAuthLocation = false;
|
||||
fonts.enableFontConfig = false;
|
||||
fonts.enableCoreFonts = false;
|
||||
environment.noXlibs = true;
|
||||
}
|
||||
|
@ -5,5 +5,13 @@
|
||||
|
||||
{
|
||||
boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_blk" "9p" "9pnet_virtio" ];
|
||||
boot.kernelModules = [ "virtio_balloon" "virtio_console" ];
|
||||
boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" ];
|
||||
|
||||
boot.initrd.postDeviceCommands =
|
||||
''
|
||||
# Set the system time from the hardware clock to work around a
|
||||
# bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
|
||||
# to the *boot time* of the host).
|
||||
hwclock -s
|
||||
'';
|
||||
}
|
||||
|
@ -1,8 +1,8 @@
|
||||
# Global configuration for atop.
|
||||
|
||||
{config, pkgs, ...}:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let cfg = config.programs.atop;
|
||||
|
||||
|
@ -1,9 +1,9 @@
|
||||
# This module defines global configuration for the Bash shell, in
|
||||
# particular /etc/bashrc and /etc/profile.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -3,9 +3,9 @@
|
||||
# SQLite database that maps program names to Nix package names (e.g.,
|
||||
# "pdflatex" is mapped to "tetex").
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
|
@ -2,9 +2,9 @@
|
||||
|
||||
# Most of the stuff here should probably be moved elsewhere sometime.
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with pkgs.lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
@ -17,8 +17,7 @@ in
|
||||
config = {
|
||||
|
||||
environment.variables =
|
||||
{ LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
|
||||
LOCATE_PATH = "/var/cache/locatedb";
|
||||
{ LOCATE_PATH = "/var/cache/locatedb";
|
||||
NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix";
|
||||
NIX_PATH =
|
||||
[ "/nix/var/nix/profiles/per-user/root/channels/nixos"
|
||||
@ -45,7 +44,7 @@ in
|
||||
TERMINFO_DIRS = [ "${i}/share/terminfo" ];
|
||||
PERL5LIB = [ "${i}/lib/perl5/site_perl" ];
|
||||
ALSA_PLUGIN_DIRS = [ "${i}/lib/alsa-lib" ];
|
||||
GST_PLUGIN_PATH = [ "${i}/lib/gstreamer-0.10" ];
|
||||
GST_PLUGIN_SYSTEM_PATH = [ "${i}/lib/gstreamer-0.10" ];
|
||||
KDEDIRS = [ "${i}" ];
|
||||
STRIGI_PLUGIN_PATH = [ "${i}/lib/strigi/" ];
|
||||
QT_PLUGIN_PATH = [ "${i}/lib/qt4/plugins" "${i}/lib/kde4/plugins" ];
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user