nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-28 01:43:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' to resolve conflicts

Browse Source
This commit is contained in:
Vladimír Čunát 2016-05-05 08:18:44 +02:00
commit 7a005601d4
893 changed files with 89619 additions and 32353 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -1,6 +1,9 @@
###### Things done
- [ ] Tested using sandboxing (`nix-build --option build-use-chroot true` or [nix.useChroot](http://nixos.org/nixos/manual/options.html#opt-nix.useChroot) on NixOS)
- [ ] Tested using sandboxing
([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS,
or option `build-use-sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file)
on non-NixOS)
- Built on platform(s)
- [ ] NixOS
- [ ] OS X

376
doc/beam-users-guide.xml Normal file
View File

@ -0,0 +1,376 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="users-guide-to-the-erlang-infrastructure">
<title>User's Guide to the Beam Infrastructure</title>
<section xml:id="beam-introduction">
<title>Beam Languages (Erlang &amp; Elixir) on Nix</title>
<para>
In this document and related Nix expressions we use the term
<emphasis>Beam</emphasis> to describe the environment. Beam is
the name of the Erlang Virtial Machine and, as far as we know,
from a packaging perspective all languages that run on Beam are
interchangable. The things that do change, like the build
system, are transperant to the users of the package. So we make
no distinction.
</para>
</section>
<section xml:id="build-tools">
<title>Build Tools</title>
<section xml:id="build-tools-rebar3">
<title>Rebar3</title>
<para>
By default Rebar3 wants to manage it's own dependencies. In the
normal non-Nix, this is perfectly acceptable. In the Nix world it
is not. To support this we have created two versions of rebar3,
<literal>rebar3</literal> and <literal>rebar3-open</literal>. The
<literal>rebar3</literal> version has been patched to remove the
ability to download anything from it. If you are not running it a
nix-shell or a nix-build then its probably not going to work for
you. <literal>rebar3-open</literal> is the normal, un-modified
rebar3. It should work exactly as would any other version of
rebar3. Any Erlang package should rely on
<literal>rebar3</literal> and thats really what you should be
using too.
</para>
</section>
<section xml:id="build-tools-other">
<title>Mix &amp; Erlang.mk</title>
<para>
Both Mix and Erlang.mk work exactly as you would expect. There
is a bootstrap process that needs to be run for both of
them. However, that is supported by the
<literal>buildMix</literal> and <literal>buildErlangMk</literal> derivations.
</para>
</section>
</section>
<section xml:id="how-to-install-beam-packages">
<title>How to install Beam packages</title>
<para>
Beam packages are not registered in the top level simply because
they are not relevant to the vast majority of Nix users. They are
installable using the <literal>beamPackages</literal> attribute
set.
You can list the avialable packages in the
<literal>beamPackages</literal> with the following command:
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A beamPackages
beamPackages.esqlite esqlite-0.2.1
beamPackages.goldrush goldrush-0.1.7
beamPackages.ibrowse ibrowse-4.2.2
beamPackages.jiffy jiffy-0.14.5
beamPackages.lager lager-3.0.2
beamPackages.meck meck-0.8.3
beamPackages.rebar3-pc pc-1.1.0
</programlisting>
<para>
To install any of those packages into your profile, refer to them by
their attribute path (first column):
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA beamPackages.ibrowse
</programlisting>
<para>
The attribute path of any Beam packages corresponds to the name
of that particular package in Hex or its OTP Application/Release name.
</para>
</section>
<section xml:id="packaging-beam-applications">
<title>Packaging Beam Applications</title>
<section xml:id="packaging-erlang-applications">
<title>Erlang Applications</title>
<section xml:id="rebar3-packages">
<title>Rebar3 Packages</title>
<para>
There is a Nix functional called
<literal>buildRebar3</literal>. We use this function to make a
derivation that understands how to build the rebar3 project. For
example, the epression we use to build the <link
xlink:href="https://github.com/erlang-nix/hex2nix">hex2nix</link>
project follows.
</para>
<programlisting>
{stdenv, fetchFromGitHub, buildRebar3, ibrowse, jsx, erlware_commons }:
buildRebar3 rec {
name = "hex2nix";
version = "0.0.1";
src = fetchFromGitHub {
owner = "ericbmerritt";
repo = "hex2nix";
rev = "${version}";
sha256 = "1w7xjidz1l5yjmhlplfx7kphmnpvqm67w99hd2m7kdixwdxq0zqg";
};
beamDeps = [ ibrowse jsx erlware_commons ];
}
</programlisting>
<para>
The only visible difference between this derivation and
something like <literal>stdenv.mkDerivation</literal> is that we
have added <literal>erlangDeps</literal> to the derivation. If
you add your Beam dependencies here they will be correctly
handled by the system.
</para>
<para>
If your package needs to compile native code via Rebar's port
compilation mechenism. You should add <literal>compilePort =
true;</literal> to the derivation.
</para>
</section>
<section xml:id="erlang-mk-packages">
<title>Erlang.mk Packages</title>
<para>
Erlang.mk functions almost identically to Rebar. The only real
difference is that <literal>buildErlangMk</literal> is called
instead of <literal>buildRebar3</literal>
</para>
<programlisting>
{ buildErlangMk, fetchHex, cowlib, ranch }:
buildErlangMk {
name = "cowboy";
version = "1.0.4";
src = fetchHex {
pkg = "cowboy";
version = "1.0.4";
sha256 =
"6a0edee96885fae3a8dd0ac1f333538a42e807db638a9453064ccfdaa6b9fdac";
};
beamDeps = [ cowlib ranch ];
meta = {
description = ''Small, fast, modular HTTP server written in
Erlang.'';
license = stdenv.lib.licenses.isc;
homepage = "https://github.com/ninenines/cowboy";
};
}
</programlisting>
</section>
<section xml:id="mix-packages">
<title>Mix Packages</title>
<para>
Mix functions almost identically to Rebar. The only real
difference is that <literal>buildMix</literal> is called
instead of <literal>buildRebar3</literal>
</para>
<programlisting>
{ buildMix, fetchHex, plug, absinthe }:
buildMix {
name = "absinthe_plug";
version = "1.0.0";
src = fetchHex {
pkg = "absinthe_plug";
version = "1.0.0";
sha256 =
"08459823fe1fd4f0325a8bf0c937a4520583a5a26d73b193040ab30a1dfc0b33";
};
beamDeps = [ plug absinthe];
meta = {
description = ''A plug for Absinthe, an experimental GraphQL
toolkit'';
license = stdenv.lib.licenses.bsd3;
homepage = "https://github.com/CargoSense/absinthe_plug";
};
}
</programlisting>
</section>
</section>
</section>
<section xml:id="how-to-develop">
<title>How to develop</title>
<section xml:id="accessing-an-environment">
<title>Accessing an Environment</title>
<para>
Often, all you want to do is be able to access a valid
environment that contains a specific package and its
dependencies. we can do that with the <literal>env</literal>
part of a derivation. For example, lets say we want to access an
erlang repl with ibrowse loaded up. We could do the following.
</para>
<programlisting>
~/w/nixpkgs nix-shell -A beamPackages.ibrowse.env --run "erl"
Erlang/OTP 18 [erts-7.0] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]
Eshell V7.0 (abort with ^G)
1> m(ibrowse).
Module: ibrowse
MD5: 3b3e0137d0cbb28070146978a3392945
Compiled: January 10 2016, 23:34
Object file: /nix/store/g1rlf65rdgjs4abbyj4grp37ry7ywivj-ibrowse-4.2.2/lib/erlang/lib/ibrowse-4.2.2/ebin/ibrowse.beam
Compiler options: [{outdir,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/ebin"},
debug_info,debug_info,nowarn_shadow_vars,
warn_unused_import,warn_unused_vars,warnings_as_errors,
{i,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/include"}]
Exports:
add_config/1 send_req_direct/7
all_trace_off/0 set_dest/3
code_change/3 set_max_attempts/3
get_config_value/1 set_max_pipeline_size/3
get_config_value/2 set_max_sessions/3
get_metrics/0 show_dest_status/0
get_metrics/2 show_dest_status/1
handle_call/3 show_dest_status/2
handle_cast/2 spawn_link_worker_process/1
handle_info/2 spawn_link_worker_process/2
init/1 spawn_worker_process/1
module_info/0 spawn_worker_process/2
module_info/1 start/0
rescan_config/0 start_link/0
rescan_config/1 stop/0
send_req/3 stop_worker_process/1
send_req/4 stream_close/1
send_req/5 stream_next/1
send_req/6 terminate/2
send_req_direct/4 trace_off/0
send_req_direct/5 trace_off/2
send_req_direct/6 trace_on/0
trace_on/2
ok
2>
</programlisting>
<para>
Notice the <literal>-A beamPackages.ibrowse.env</literal>.That
is the key to this functionality.
</para>
</section>
<section xml:id="creating-a-shell">
<title>Creating a Shell</title>
<para>
Getting access to an environment often isn't enough to do real
development. Many times we need to create a
<literal>shell.nix</literal> file and do our development inside
of the environment specified by that file. This file looks a lot
like the packageing described above. The main difference is that
<literal>src</literal> points to project root and we call the
package directly.
</para>
<programlisting>
{ pkgs ? import &quot;&lt;nixpkgs&quot;&gt; {} }:
with pkgs;
let
f = { buildRebar3, ibrowse, jsx, erlware_commons }:
buildRebar3 {
name = "hex2nix";
version = "0.1.0";
src = ./.;
erlangDeps = [ ibrowse jsx erlware_commons ];
};
drv = beamPackages.callPackage f {};
in
drv
</programlisting>
<section xml:id="building-in-a-shell">
<title>Building in a shell</title>
<para>
We can leveral the support of the Derivation, regardless of
which build Derivation is called by calling the commands themselv.s
</para>
<programlisting>
# =============================================================================
# Variables
# =============================================================================
NIX_TEMPLATES := "$(CURDIR)/nix-templates"
TARGET := "$(PREFIX)"
PROJECT_NAME := thorndyke
NIXPKGS=../nixpkgs
NIX_PATH=nixpkgs=$(NIXPKGS)
NIX_SHELL=nix-shell -I "$(NIX_PATH)" --pure
# =============================================================================
# Rules
# =============================================================================
.PHONY= all test clean repl shell build test analyze configure install \
test-nix-install publish plt analyze
all: build
guard-%:
@ if [ "${${*}}" == "" ]; then \
echo "Environment variable $* not set"; \
exit 1; \
fi
clean:
rm -rf _build
rm -rf .cache
repl:
$(NIX_SHELL) --run "iex -pa './_build/prod/lib/*/ebin'"
shell:
$(NIX_SHELL)
configure:
$(NIX_SHELL) --command 'eval "$$configurePhase"'
build: configure
$(NIX_SHELL) --command 'eval "$$buildPhase"'
install:
$(NIX_SHELL) --command 'eval "$$installPhase"'
test:
$(NIX_SHELL) --command 'mix test --no-start --no-deps-check'
plt:
$(NIX_SHELL) --run "mix dialyzer.plt --no-deps-check"
analyze: build plt
$(NIX_SHELL) --run "mix dialyzer --no-compile"
</programlisting>
<para>
If you add the <literal>shell.nix</literal> as described and
user rebar as follows things should simply work. Aside from the
<literal>test</literal>, <literal>plt</literal>, and
<literal>analyze</literal> the talks work just fine for all of
the build Derivations.
</para>
</section>
</section>
</section>
<section xml:id="generating-packages-from-hex-with-hex2nix">
<title>Generating Packages from Hex with Hex2Nix</title>
<para>
Updating the Hex packages requires the use of the
<literal>hex2nix</literal> tool. Given the path to the Erlang
modules (usually
<literal>pkgs/development/erlang-modules</literal>). It will
happily dump a file called
<literal>hex-packages.nix</literal>. That file will contain all
the packages that use a recognized build system in Hex. However,
it can't know whether or not all those packages are buildable.
</para>
<para>
To make life easier for our users, it makes good sense to go
ahead and attempt to build all those packages and remove the
ones that don't build. To do that, simply run the command (in
the root of your <literal>nixpkgs</literal> repository). that follows.
</para>
<programlisting>
$ nix-build -A beamPackages
</programlisting>
<para>
That will build every package in
<literal>beamPackages</literal>. Then you can go through and
manually remove the ones that fail. Hopefully, someone will
improve <literal>hex2nix</literal> in the future to automate
that.
</para>
</section>
</chapter>

305
doc/erlang-users-guide.xml
View File

@ -1,305 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="users-guide-to-the-erlang-infrastructure">
<title>User's Guide to the Erlang Infrastructure</title>
<section xml:id="build-tools">
<title>Build Tools</title>
<para>
By default Rebar3 wants to manage it's own dependencies. In the
normal non-Nix, this is perfectly acceptable. In the Nix world it
is not. To support this we have created two versions of rebar3,
<literal>rebar3</literal> and <literal>rebar3-open</literal>. The
<literal>rebar3</literal> version has been patched to remove the
ability to download anything from it. If you are not running it a
nix-shell or a nix-build then its probably not going to work for
you. <literal>rebar3-open</literal> is the normal, un-modified
rebar3. It should work exactly as would any other version of
rebar3. Any Erlang package should rely on
<literal>rebar3</literal> and thats really what you should be
using too.
</para>
</section>
<section xml:id="how-to-install-erlang-packages">
<title>How to install Erlang packages</title>
<para>
Erlang packages are not registered in the top level simply because
they are not relevant to the vast majority of Nix users. They are
installable using the <literal>erlangPackages</literal> attribute set.
You can list the avialable packages in the
<literal>erlangPackages</literal> with the following command:
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A erlangPackages
erlangPackages.esqlite esqlite-0.2.1
erlangPackages.goldrush goldrush-0.1.7
erlangPackages.ibrowse ibrowse-4.2.2
erlangPackages.jiffy jiffy-0.14.5
erlangPackages.lager lager-3.0.2
erlangPackages.meck meck-0.8.3
erlangPackages.rebar3-pc pc-1.1.0
</programlisting>
<para>
To install any of those packages into your profile, refer to them by
their attribute path (first column):
</para>
<programlisting>
$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA erlangPackages.ibrowse
</programlisting>
<para>
The attribute path of any Erlang packages corresponds to the name
of that particular package in Hex or its OTP Application/Release name.
</para>
</section>
<section xml:id="packaging-erlang-applications">
<title>Packaging Erlang Applications</title>
<section xml:id="rebar3-packages">
<title>Rebar3 Packages</title>
<para>
There is a Nix functional called
<literal>buildRebar3</literal>. We use this function to make a
derivation that understands how to build the rebar3 project. For
example, the epression we use to build the <link
xlink:href="https://github.com/erlang-nix/hex2nix">hex2nix</link>
project follows.
</para>
<programlisting>
{stdenv, fetchFromGitHub, buildRebar3, ibrowse, jsx, erlware_commons }:
buildRebar3 rec {
name = "hex2nix";
version = "0.0.1";
src = fetchFromGitHub {
owner = "ericbmerritt";
repo = "hex2nix";
rev = "${version}";
sha256 = "1w7xjidz1l5yjmhlplfx7kphmnpvqm67w99hd2m7kdixwdxq0zqg";
};
erlangDeps = [ ibrowse jsx erlware_commons ];
}
</programlisting>
<para>
The only visible difference between this derivation and
something like <literal>stdenv.mkDerivation</literal> is that we
have added <literal>erlangDeps</literal> to the derivation. If
you add your Erlang dependencies here they will be correctly
handled by the system.
</para>
<para>
If your package needs to compile native code via Rebar's port
compilation mechenism. You should add <literal>compilePort =
true;</literal> to the derivation.
</para>
</section>
<section xml:id="hex-packages">
<title>Hex Packages</title>
<para>
Hex packages are based on Rebar packages. In fact, at the moment
we can only compile Hex packages that are buildable with
Rebar3. Packages that use Mix and other build systems are not
supported. That being said, we know a lot more about Hex and can
do more for you.
</para>
<programlisting>
{ buildHex }:
buildHex {
name = "esqlite";
version = "0.2.1";
sha256 = "1296fn1lz4lz4zqzn4dwc3flgkh0i6n4sydg501faabfbv8d3wkr";
compilePort = true;
}
</programlisting>
<para>
For Hex packages you need to provide the name, the version, and
the Sha 256 digest of the package and use
<literal>buildHex</literal> to build it. Obviously, the package
needs to have already been published to Hex.
</para>
</section>
</section>
<section xml:id="how-to-develop">
<title>How to develop</title>
<section xml:id="accessing-an-environment">
<title>Accessing an Environment</title>
<para>
Often, all you want to do is be able to access a valid
environment that contains a specific package and its
dependencies. we can do that with the <literal>env</literal>
part of a derivation. For example, lets say we want to access an
erlang repl with ibrowse loaded up. We could do the following.
</para>
<programlisting>
~/w/nixpkgs nix-shell -A erlangPackages.ibrowse.env --run "erl"
Erlang/OTP 18 [erts-7.0] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false]
Eshell V7.0 (abort with ^G)
1> m(ibrowse).
Module: ibrowse
MD5: 3b3e0137d0cbb28070146978a3392945
Compiled: January 10 2016, 23:34
Object file: /nix/store/g1rlf65rdgjs4abbyj4grp37ry7ywivj-ibrowse-4.2.2/lib/erlang/lib/ibrowse-4.2.2/ebin/ibrowse.beam
Compiler options: [{outdir,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/ebin"},
debug_info,debug_info,nowarn_shadow_vars,
warn_unused_import,warn_unused_vars,warnings_as_errors,
{i,"/tmp/nix-build-ibrowse-4.2.2.drv-0/hex-source-ibrowse-4.2.2/_build/default/lib/ibrowse/include"}]
Exports:
add_config/1 send_req_direct/7
all_trace_off/0 set_dest/3
code_change/3 set_max_attempts/3
get_config_value/1 set_max_pipeline_size/3
get_config_value/2 set_max_sessions/3
get_metrics/0 show_dest_status/0
get_metrics/2 show_dest_status/1
handle_call/3 show_dest_status/2
handle_cast/2 spawn_link_worker_process/1
handle_info/2 spawn_link_worker_process/2
init/1 spawn_worker_process/1
module_info/0 spawn_worker_process/2
module_info/1 start/0
rescan_config/0 start_link/0
rescan_config/1 stop/0
send_req/3 stop_worker_process/1
send_req/4 stream_close/1
send_req/5 stream_next/1
send_req/6 terminate/2
send_req_direct/4 trace_off/0
send_req_direct/5 trace_off/2
send_req_direct/6 trace_on/0
trace_on/2
ok
2>
</programlisting>
<para>
Notice the <literal>-A erlangPackages.ibrowse.env</literal>.That
is the key to this functionality.
</para>
</section>
<section xml:id="creating-a-shell">
<title>Creating a Shell</title>
<para>
Getting access to an environment often isn't enough to do real
development. Many times we need to create a
<literal>shell.nix</literal> file and do our development inside
of the environment specified by that file. This file looks a lot
like the packageing described above. The main difference is that
<literal>src</literal> points to project root and we call the
package directly.
</para>
<programlisting>
{ pkgs ? import &quot;&lt;nixpkgs&quot;&gt; {} }:
with pkgs;
let
f = { buildHex, ibrowse, jsx, erlware_commons }:
buildHex {
name = "hex2nix";
version = "0.1.0";
src = ./.;
erlangDeps = [ ibrowse jsx erlware_commons ];
};
drv = erlangPackages.callPackage f {};
in
drv
</programlisting>
<section xml:id="building-in-a-shell">
<title>Building in a shell</title>
<para>
Unfortunatly for us users of Nix, Rebar isn't very cooperative
with us from the standpoint of building a hermetic
environment. When building the rebar3 support we had to do some
sneaky things to get it not to go out and pull packages on its
own. Also unfortunately, you have to do some of the same things
when building a project inside of a Nix shell.
<orderedlist numeration="arabic">
<listitem>
<para>Run <literal>rebar3-nix-bootstrap</literal> every time
dependencies change</para>
</listitem>
<listitem>
<para>Set Home to the current directory.</para>
</listitem>
</orderedlist>
If you do these two things then Rebar will be happy with you. I
codify these into a makefile. Forunately, rebar3-nix-bootstrap
is idempotent and fairly quick. so you can run it as often as
you like.
</para>
<programlisting>
# =============================================================================
# Rules
# =============================================================================
.PHONY= all test clean repl shell build test analyze bootstrap
all: test
clean:
rm -rf _build
rm -rf .cache
repl:
nix-shell --run "erl"
shell:
nix-shell --run "bash"
bootstrap:
nix-shell --pure --run "rebar3-nix-bootstrap"
build: bootstrap
nix-shell --pure --run "HOME=$(CURDIR) rebar3 compile"
analyze: bootstrap
nix-shell --pure --run "HOME=$(CURDIR) rebar3 do compile,dialyzer"
test: bootstrap
nix-shell --pure --run "HOME=$(CURDIR) rebar3 do compile,dialyzer,eunit"
</programlisting>
<para>
If you add the <literal>shell.nix</literal> as described and
user rebar as follows things should simply work.
</para>
</section>
</section>
</section>
<section xml:id="generating-packages-from-hex-with-hex2nix">
<title>Generating Packages from Hex with Hex2Nix</title>
<para>
Updating the Hex packages requires the use of the
<literal>hex2nix</literal> tool. Given the path to the Erlang
modules (usually
<literal>pkgs/development/erlang-modules</literal>). It will
happily dump a file called
<literal>hex-packages.nix</literal>. That file will contain all
the packages that use a recognized build system in Hex. However,
it can't know whether or not all those packages are buildable.
</para>
<para>
To make life easier for our users, it makes good sense to go
ahead and attempt to build all those packages and remove the
ones that don't build. To do that, simply run the command (in
the root of your <literal>nixpkgs</literal> repository). that follows.
</para>
<programlisting>
$ nix-build -A erlangPackages
</programlisting>
<para>
That will build every package in
<literal>erlangPackages</literal>. Then you can go through and
manually remove the ones that fail. Hopefully, someone will
improve <literal>hex2nix</literal> in the future to automate
that.
</para>
</section>
</chapter>

2
doc/languages-frameworks/go.xml
View File

@ -119,6 +119,6 @@ done
</screen>
</para>
<para>To extract dependency information from a Go package in automated way use <link xlink:href="https://github.com/cstrahan/go2nix">go2nix</link>.</para>
<para>To extract dependency information from a Go package in automated way use <link xlink:href="https://github.com/kamilchm/go2nix">go2nix</link>.</para>
</section>

14
doc/languages-frameworks/python.md
View File

@ -108,7 +108,7 @@ toolz = buildPythonPackage rec{
version = "0.7.4";
src = pkgs.fetchurl{
url = "https://pypi.python.org/packages/source/t/toolz/toolz-${version}.tar.gz";
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};
@ -146,7 +146,7 @@ pkgs.python35Packages.buildPythonPackage rec {
version = "0.7.4";
src = pkgs.fetchurl{
url = "https://pypi.python.org/packages/source/t/toolz/toolz-${version}.tar.gz";
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};
@ -175,7 +175,7 @@ with import <nixpkgs> {};
version = "0.7.4";
src = pkgs.fetchurl{
url = "https://pypi.python.org/packages/source/t/toolz/toolz-${version}.tar.gz";
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};
@ -220,7 +220,7 @@ datashape = buildPythonPackage rec {
version = "0.4.7";
src = pkgs.fetchurl {
url = "https://pypi.python.org/packages/source/D/DataShape/${name}.tar.gz";
url = "mirror://pypi/D/DataShape/${name}.tar.gz";
sha256 = "14b2ef766d4c9652ab813182e866f493475e65e558bed0822e38bf07bba1a278";
};
@ -251,7 +251,7 @@ lxml = buildPythonPackage rec {
name = "lxml-3.4.4";
src = pkgs.fetchurl {
url = "http://pypi.python.org/packages/source/l/lxml/${name}.tar.gz";
url = "mirror://pypi/l/lxml/${name}.tar.gz";
sha256 = "16a0fa97hym9ysdk3rmqz32xdjqmy4w34ld3rm3jf5viqjx65lxk";
};
@ -282,7 +282,7 @@ pyfftw = buildPythonPackage rec {
version = "0.9.2";
src = pkgs.fetchurl {
url = "https://pypi.python.org/packages/source/p/pyFFTW/pyFFTW-${version}.tar.gz";
url = "mirror://pypi/p/pyFFTW/pyFFTW-${version}.tar.gz";
sha256 = "f6bbb6afa93085409ab24885a1a3cdb8909f095a142f4d49e346f2bd1b789074";
};
@ -373,7 +373,7 @@ buildPythonPackage rec {
version = "0.7.4";
src = pkgs.fetchurl{
url = "https://pypi.python.org/packages/source/t/toolz/toolz-${version}.tar.gz";
url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
};

2
doc/manual.xml
View File

@ -21,7 +21,7 @@
<xi:include href="coding-conventions.xml" />
<xi:include href="submitting-changes.xml" />
<xi:include href="haskell-users-guide.xml" />
<xi:include href="erlang-users-guide.xml" />
<xi:include href="beam-users-guide.xml" />
<xi:include href="contributing.xml" />
</book>

11
lib/maintainers.nix
View File

@ -14,6 +14,7 @@
adev = "Adrien Devresse <adev@adev.name>";
Adjective-Object = "Maxwell Huang-Hobbs <mhuan13@gmail.com>";
aespinosa = "Allan Espinosa <allan.espinosa@outlook.com>";
adnelson = "Allen Nelson <ithinkican@gmail.com>";
aflatter = "Alexander Flatter <flatter@fastmail.fm>";
aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
afranchuk = "Alex Franchuk <alex.franchuk@gmail.com>";
@ -102,6 +103,7 @@
dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
dochang = "Desmond O. Chang <dochang@gmail.com>";
doublec = "Chris Double <chris.double@double.co.nz>";
drewkett = "Andrew Burkett <burkett.andrew@gmail.com>";
ebzzry = "Rommel Martinez <ebzzry@gmail.com>";
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
eduarrrd = "Eduard Bachmakov <e.bachmakov@gmail.com>";
@ -141,9 +143,11 @@
garrison = "Jim Garrison <jim@garrison.cc>";
gavin = "Gavin Rogers <gavin@praxeology.co.uk>";
gebner = "Gabriel Ebner <gebner@gebner.org>";
gilligan = "Tobias Pflug <tobias.pflug@gmail.com>";
giogadi = "Luis G. Torres <lgtorres42@gmail.com>";
gleber = "Gleb Peregud <gleber.p@gmail.com>";
globin = "Robin Gloster <mail@glob.in>";
gpyh = "Yacine Hmito <yacine.hmito@gmail.com>";
goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
Gonzih = "Max Gonzih <gonzih@gmail.com>";
gridaphobe = "Eric Seidel <eric@seidel.io>";
@ -234,6 +238,7 @@
mirdhyn = "Merlin Gaillard <mirdhyn@gmail.com>";
modulistic = "Pablo Costa <modulistic@gmail.com>";
mog = "Matthew O'Gorman <mog-lists@rldn.net>";
moosingin3space = "Nathan Moos <moosingin3space@gmail.com>";
moretea = "Maarten Hoogendoorn <maarten@moretea.nl>";
mornfall = "Petr Ročkai <me@mornfall.net>";
MostAwesomeDude = "Corbin Simpson <cds@corbinsimpson.com>";
@ -253,7 +258,7 @@
notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
np = "Nicolas Pouillard <np.nix@nicolaspouillard.fr>";
nslqqq = "Nikita Mikhailov <nslqqq@gmail.com>";
obadz = "obadz <dav-nixos@odav.org>";
obadz = "obadz <nixos@obadz.com>";
ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
odi = "Oliver Dunkl <oliver.dunkl@gmail.com>";
offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
@ -290,12 +295,14 @@
pxc = "Patrick Callahan <patrick.callahan@latitudeengineering.com>";
qknight = "Joachim Schiele <js@lastlog.de>";
ragge = "Ragnar Dahlen <r.dahlen@gmail.com>";
rardiol = "Ricardo Ardissone <ricardo.ardissone@gmail.com>";
rasendubi = "Alexey Shmalko <rasen.dubi@gmail.com>";
raskin = "Michael Raskin <7c6f434c@mail.ru>";
redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
refnil = "Martin Lavoie <broemartino@gmail.com>";
relrod = "Ricky Elrod <ricky@elrod.me>";
renzo = "Renzo Carbonara <renzocarbonara@gmail.com>";
retrry = "Tadas Barzdžius <retrry@gmail.com>";
rick68 = "Wei-Ming Yang <rick68@gmail.com>";
rickynils = "Rickard Nilsson <rickynils@gmail.com>";
rnhmjoj = "Michele Guerini Rocco <micheleguerinirocco@me.com>";
@ -312,6 +319,7 @@
ryanartecona = "Ryan Artecona <ryanartecona@gmail.com>";
ryantm = "Ryan Mulligan <ryan@ryantm.com>";
rycee = "Robert Helgesson <robert@rycee.net>";
ryneeverett = "Ryne Everett <ryneeverett@gmail.com>";
samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
schmitthenner = "Fabian Schmitthenner <development@schmitthenner.eu>";
@ -338,6 +346,7 @@
spwhitt = "Spencer Whitt <sw@swhitt.me>";
stephenmw = "Stephen Weinberg <stephen@q5comm.com>";
steveej = "Stefan Junker <mail@stefanjunker.de>";
swistak35 = "Rafał Łasocha <me@swistak35.com>";
szczyp = "Szczyp <qb@szczyp.com>";
sztupi = "Attila Sztupak <attila.sztupak@gmail.com>";
taeer = "Taeer Bar-Yam <taeer@necsi.edu>";

22
maintainers/scripts/map-files.pl
View File

@ -1,22 +0,0 @@
#! /usr/bin/perl -w
use strict;
my %map;
open LIST1, "<$ARGV[0]" or die;
while (<LIST1>) {
/^(\S+)\s+(.*)$/;
$map{$1} = $2;
}
open LIST1, "<$ARGV[1]" or die;
while (<LIST1>) {
/^(\S+)\s+(.*)$/;
if (!defined $map{$1}) {
print STDERR "missing file: $2\n";
next;
}
print "$2\n";
print "$map{$1}\n";
}

10
nixos/doc/manual/configuration/config-file.xml
View File

@ -106,11 +106,15 @@ networking.extraHosts =
'';
</programlisting>
The main difference is that preceding whitespace is
automatically stripped from each line, and that characters like
The main difference is that it strips from each line
a number of spaces equal to the minimal indentation of
the string as a whole (disregarding the indentation of
empty lines), and that characters like
<literal>"</literal> and <literal>\</literal> are not special
(making it more convenient for including things like shell
code).</para>
code).
See more info about this in the Nix manual <link
xlink:href="https://nixos.org/nix/manual/#ssec-values">here</link>.</para>
</listitem>
</varlistentry>

75
nixos/doc/manual/default.nix
View File

@ -74,6 +74,63 @@ let
</toc>
'';
manualXsltprocOptions = toString [
"--param section.autolabel 1"
"--param section.label.includes.component.label 1"
"--stringparam html.stylesheet style.css"
"--param xref.with.number.and.title 1"
"--param toc.section.depth 3"
"--stringparam admon.style ''"
"--stringparam callout.graphics.extension .gif"
"--stringparam current.docid manual"
"--param chunk.section.depth 0"
"--param chunk.first.sections 1"
"--param use.id.as.filename 1"
"--stringparam generate.toc 'book toc appendix toc'"
"--stringparam chunk.toc ${toc}"
];
olinkDB = stdenv.mkDerivation {
name = "manual-olinkdb";
inherit sources;
buildInputs = [ libxml2 libxslt ];
buildCommand = ''
${copySources}
xsltproc \
${manualXsltprocOptions} \
--stringparam collect.xref.targets only \
--stringparam targets.filename "$out/manual.db" \
--nonet --xinclude \
${docbook5_xsl}/xml/xsl/docbook/xhtml/chunktoc.xsl \
./manual.xml
# Check the validity of the man pages sources.
xmllint --noout --nonet --xinclude --noxincludenode \
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
./man-pages.xml
cat > "$out/olinkdb.xml" <<EOF
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE targetset SYSTEM
"file://${docbook5_xsl}/xml/xsl/docbook/common/targetdatabase.dtd" [
<!ENTITY manualtargets SYSTEM "file://$out/manual.db">
]>
<targetset>
<targetsetinfo>
Allows for cross-referencing olinks between the manpages
and the HTML/PDF manuals.
</targetsetinfo>
<document targetdoc="manual">&manualtargets;</document>
</targetset>
EOF
'';
};
in rec {
# The NixOS options in JSON format.
@ -116,18 +173,8 @@ in rec {
dst=$out/share/doc/nixos
mkdir -p $dst
xsltproc \
--param section.autolabel 1 \
--param section.label.includes.component.label 1 \
--stringparam html.stylesheet style.css \
--param xref.with.number.and.title 1 \
--param toc.section.depth 3 \
--stringparam admon.style "" \
--stringparam callout.graphics.extension .gif \
--param chunk.section.depth 0 \
--param chunk.first.sections 1 \
--param use.id.as.filename 1 \
--stringparam generate.toc "book toc appendix toc" \
--stringparam chunk.toc ${toc} \
${manualXsltprocOptions} \
--stringparam target.database.document "${olinkDB}/olinkdb.xml" \
--nonet --xinclude --output $dst/ \
${docbook5_xsl}/xml/xsl/docbook/xhtml/chunktoc.xsl ./manual.xml
@ -159,6 +206,7 @@ in rec {
dst=$out/share/doc/nixos
mkdir -p $dst
xmllint --xinclude manual.xml | dblatex -o $dst/manual.pdf - \
-P target.database.document="${olinkDB}/olinkdb.xml" \
-P doc.collab.show=0 \
-P latex.output.revhistory=0
@ -178,7 +226,7 @@ in rec {
buildCommand = ''
${copySources}
# Check the validity of the manual sources.
# Check the validity of the man pages sources.
xmllint --noout --nonet --xinclude --noxincludenode \
--relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
./man-pages.xml
@ -190,6 +238,7 @@ in rec {
--param man.output.base.dir "'$out/share/man/'" \
--param man.endnotes.are.numbered 0 \
--param man.break.after.slash 1 \
--stringparam target.database.document "${olinkDB}/olinkdb.xml" \
${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
./man-pages.xml
'';

32
nixos/doc/manual/development/sources.xml
View File

@ -11,35 +11,25 @@ uses the NixOS and Nixpkgs sources provided by the
<literal>nixos-unstable</literal> channel (kept in
<filename>/nix/var/nix/profiles/per-user/root/channels/nixos</filename>).
To modify NixOS, however, you should check out the latest sources from
Git. This is done using the following command:
Git. This is as follows:
<screen>
$ nixos-checkout <replaceable>/my/sources</replaceable>
</screen>
or
<screen>
$ mkdir -p <replaceable>/my/sources</replaceable>
$ cd <replaceable>/my/sources</replaceable>
$ nix-env -i git
$ git clone git://github.com/NixOS/nixpkgs.git
$ cd nixpkgs
$ git remote add channels git://github.com/NixOS/nixpkgs-channels.git
$ git remote update channels
</screen>
This will check out the latest NixOS sources to
<filename><replaceable>/my/sources</replaceable>/nixpkgs/nixos</filename>
and the Nixpkgs sources to
<filename><replaceable>/my/sources</replaceable>/nixpkgs</filename>.
(The NixOS source tree lives in a subdirectory of the Nixpkgs
repository.) The remote <literal>channels</literal> refers to a
read-only repository that tracks the Nixpkgs/NixOS channels (see <xref
linkend="sec-upgrading"/> for more information about channels). Thus,
the Git branch <literal>channels/nixos-14.12</literal> will contain
the latest built and tested version available in the
<literal>nixos-14.12</literal> channel.</para>
This will check out the latest Nixpkgs sources to
<filename>./nixpkgs</filename> the NixOS sources to
<filename>./nixpkgs/nixos</filename>. (The NixOS source tree lives in
a subdirectory of the Nixpkgs repository.) The remote
<literal>channels</literal> refers to a read-only repository that
tracks the Nixpkgs/NixOS channels (see <xref linkend="sec-upgrading"/>
for more information about channels). Thus, the Git branch
<literal>channels/nixos-14.12</literal> will contain the latest built
and tested version available in the <literal>nixos-14.12</literal>
channel.</para>
<para>Its often inconvenient to develop directly on the master
branch, since if somebody has just committed (say) a change to GCC,

48
nixos/doc/manual/installation/installing-pxe.xml Normal file
View File

@ -0,0 +1,48 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-booting-from-pxe">
<title>Booting from the <quote>netboot</quote> media (PXE)</title>
<para>
Advanced users may wish to install NixOS using an existing PXE or
iPXE setup.
</para>
<para>
These instructions assume that you have an existing PXE or iPXE
infrastructure and simply want to add the NixOS installer as another
option. To build the necessary files from a recent version of
nixpkgs, you can run:
</para>
<programlisting>
nix-build -A netboot nixos/release.nix
</programlisting>
<para>
This will create a <literal>result</literal> directory containing: *
<literal>bzImage</literal> the Linux kernel *
<literal>initrd</literal> the initrd file *
<literal>netboot.ipxe</literal> an example ipxe script
demonstrating the appropriate kernel command line arguments for this
image
</para>
<para>
If youre using plain PXE, configure your boot loader to use the
<literal>bzImage</literal> and <literal>initrd</literal> files and
have it provide the same kernel command line arguments found in
<literal>netboot.ipxe</literal>.
</para>
<para>
If youre using iPXE, depending on how your HTTP/FTP/etc. server is
configured you may be able to use <literal>netboot.ipxe</literal>
unmodified, or you may need to update the paths to the files to
match your servers directory layout
</para>
<para>
In the future we may begin making these files available as build
products from hydra at which point we will update this documentation
with instructions on how to obtain them either for placing on a
dedicated TFTP server or to boot them directly over the internet.
</para>
</section>

1
nixos/doc/manual/installation/installing.xml
View File

@ -270,5 +270,6 @@ $ reboot</screen>
<xi:include href="installing-uefi.xml" />
<xi:include href="installing-usb.xml" />
<xi:include href="installing-pxe.xml" />
</chapter>

1
nixos/doc/manual/release-notes/release-notes.xml
View File

@ -9,6 +9,7 @@
<para>This section lists the release notes for each stable version of NixOS
and current unstable revision.</para>
<xi:include href="rl-1609.xml" />
<xi:include href="rl-1603.xml" />
<xi:include href="rl-1509.xml" />
<xi:include href="rl-1412.xml" />

48
nixos/doc/manual/release-notes/rl-1609.xml Normal file
View File

@ -0,0 +1,48 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-16.09">
<title>Release 16.09 (“Flounder”, 2016/09/??)</title>
<para>In addition to numerous new and upgraded packages, this release
has the following highlights: </para>
<itemizedlist>
<listitem>
<para>PXE "netboot" media has landed in <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14740" />.
See <xref linkend="sec-booting-from-pxe" /> for documentation.</para>
</listitem>
</itemizedlist>
<para>The following new services were added since the last release:</para>
<itemizedlist>
<listitem><para><literal>(this will get automatically generated at release time)</literal></para></listitem>
</itemizedlist>
<para>When upgrading from a previous release, please be aware of the
following incompatible changes:</para>
<itemizedlist>
<listitem>
<para>todo</para>
</listitem>
</itemizedlist>
<para>Other notable improvements:</para>
<itemizedlist>
<listitem>
<para>todo</para>
</listitem>
</itemizedlist>
</section>

6
nixos/lib/make-disk-image.nix
View File

@ -81,14 +81,14 @@ pkgs.vmTools.runInLinuxVM (
# Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
# Add missing size/hash fields to the database. FIXME:
# exportReferencesGraph should provide these directly.
chroot /mnt ${config.nix.package}/bin/nix-store --verify --check-contents
chroot /mnt ${config.nix.package.out}/bin/nix-store --verify --check-contents
# Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package}/bin/nix-env --option build-users-group "" \
chroot /mnt ${config.nix.package.out}/bin/nix-env --option build-users-group "" \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
# `nixos-rebuild' requires an /etc/NIXOS.

4
nixos/modules/config/pulseaudio.nix
View File

@ -134,7 +134,7 @@ in {
}
(mkIf cfg.enable {
environment.systemPackages = [ cfg.package.out ];
environment.systemPackages = [ cfg.package ];
environment.etc = singleton {
target = "asound.conf";
@ -158,7 +158,7 @@ in {
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "notify";
ExecStart = "${cfg.package}/bin/pulseaudio --daemonize=no";
ExecStart = "${cfg.package.out}/bin/pulseaudio --daemonize=no";
Restart = "on-failure";
};
};

6
nixos/modules/hardware/all-firmware.nix
View File

@ -22,7 +22,11 @@ with lib;
###### implementation
config = mkIf config.hardware.enableAllFirmware {
hardware.firmware = [ pkgs.firmwareLinuxNonfree pkgs.intel2200BGFirmware ];
hardware.firmware = with pkgs; [
firmwareLinuxNonfree
intel2200BGFirmware
rtl8723bs-firmware
];
};
}

4
nixos/modules/hardware/video/webcam/facetimehd.nix
View File

@ -31,13 +31,13 @@ in
# unload module during suspend/hibernate as it crashes the whole system
powerManagement.powerDownCommands = ''
${pkgs.module_init_tools}/bin/rmmod -f facetimehd
${pkgs.kmod}/bin/lsmod | ${pkgs.gnugrep}/bin/grep -q "^facetimehd" && ${pkgs.kmod}/bin/rmmod -f -v facetimehd
'';
# and load it back on resume
powerManagement.resumeCommands = ''
export MODULE_DIR=/run/current-system/kernel-modules/lib/modules
${pkgs.module_init_tools}/bin/modprobe -v facetimehd
${pkgs.kmod}/bin/modprobe -v facetimehd
'';
};

2
nixos/modules/installer/cd-dvd/channel.nix
View File

@ -34,7 +34,7 @@ in
if ! [ -e /var/lib/nixos/did-channel-init ]; then
echo "unpacking the NixOS/Nixpkgs sources..."
mkdir -p /nix/var/nix/profiles/per-user/root
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels \
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels \
-i ${channelSources} --quiet --option build-use-substitutes false
mkdir -m 0700 -p /root/.nix-defexpr
ln -s /nix/var/nix/profiles/per-user/root/channels /root/.nix-defexpr/channels

4
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -364,12 +364,12 @@ in
''
# After booting, register the contents of the Nix store on the
# CD in the Nix database in the tmpfs.
${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration
${config.nix.package.out}/bin/nix-store --load-db < /nix/store/nix-path-registration
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
# Add vfat support to the initrd to enable people to copy the

4
nixos/modules/installer/cd-dvd/sd-image.nix
View File

@ -113,11 +113,11 @@ in
${pkgs.e2fsprogs}/bin/resize2fs $rootPart
# Register the contents of the initial Nix store
${config.nix.package}/bin/nix-store --load-db < /nix-path-registration
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration
# nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
# Prevents this from running on later boots.
rm -f /nix-path-registration

3
nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
View File

@ -52,8 +52,7 @@ in
# Include some utilities that are useful for installing or repairing
# the system.
environment.systemPackages =
[ pkgs.subversion # for nixos-checkout
pkgs.w3m # needed for the manual anyway
[ pkgs.w3m # needed for the manual anyway
pkgs.testdisk # useful for repairing boot problems
pkgs.mssys # for writing Microsoft boot sectors / MBRs
pkgs.parted

3
nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
View File

@ -49,8 +49,7 @@ in
# Include some utilities that are useful for installing or repairing
# the system.
environment.systemPackages =
[ pkgs.subversion # for nixos-checkout
pkgs.w3m # needed for the manual anyway
[ pkgs.w3m # needed for the manual anyway
pkgs.ddrescue
pkgs.ccrypt
pkgs.cryptsetup # needed for dm-crypt volumes

4
nixos/modules/installer/cd-dvd/system-tarball.nix
View File

@ -78,14 +78,14 @@ in
# After booting, register the contents of the Nix store on the
# CD in the Nix database in the tmpfs.
if [ -f /nix-path-registration ]; then
${config.nix.package}/bin/nix-store --load-db < /nix-path-registration &&
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
rm /nix-path-registration
fi
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
};

20
nixos/modules/installer/netboot/netboot-base.nix Normal file
View File

@ -0,0 +1,20 @@
# This module contains the basic configuration for building netboot
# images
{ config, lib, pkgs, ... }:
with lib;
{
imports =
[ ./netboot.nix
# Profiles of this basic netboot media
../../profiles/all-hardware.nix
../../profiles/base.nix
../../profiles/installation-device.nix
];
# Allow the user to log in as root without a password.
users.extraUsers.root.initialHashedPassword = "";
}

10
nixos/modules/installer/netboot/netboot-minimal.nix Normal file
View File

@ -0,0 +1,10 @@
# This module defines a small netboot environment.
{ config, lib, ... }:
{
imports =
[ ./netboot-base.nix
../../profiles/minimal.nix
];
}

91
nixos/modules/installer/netboot/netboot.nix Normal file
View File

@ -0,0 +1,91 @@
# This module creates netboot media containing the given NixOS
# configuration.
{ config, lib, pkgs, ... }:
with lib;
{
options = {
netboot.storeContents = mkOption {
example = literalExample "[ pkgs.stdenv ]";
description = ''
This option lists additional derivations to be included in the
Nix store in the generated netboot image.
'';
};
};
config = {
boot.loader.grub.version = 2;
# Don't build the GRUB menu builder script, since we don't need it
# here and it causes a cyclic dependency.
boot.loader.grub.enable = false;
boot.initrd.postMountCommands = ''
mkdir -p /mnt-root/nix/store
mount -t squashfs /nix-store.squashfs /mnt-root/nix/store
'';
# !!! Hack - attributes expected by other modules.
system.boot.loader.kernelFile = "bzImage";
environment.systemPackages = [ pkgs.grub2 pkgs.grub2_efi pkgs.syslinux ];
boot.consoleLogLevel = mkDefault 7;
fileSystems."/" =
{ fsType = "tmpfs";
options = [ "mode=0755" ];
};
boot.initrd.availableKernelModules = [ "squashfs" ];
boot.initrd.kernelModules = [ "loop" ];
# Closures to be copied to the Nix store, namely the init
# script and the top-level system configuration directory.
netboot.storeContents =
[ config.system.build.toplevel ];
# Create the squashfs image that contains the Nix store.
system.build.squashfsStore = import ../../../lib/make-squashfs.nix {
inherit (pkgs) stdenv squashfsTools perl pathsFromGraph;
storeContents = config.netboot.storeContents;
};
# Create the initrd
system.build.netbootRamdisk = pkgs.makeInitrd {
inherit (config.boot.initrd) compressor;
prepend = [ "${config.system.build.initialRamdisk}/initrd" ];
contents =
[ { object = config.system.build.squashfsStore;
symlink = "/nix-store.squashfs";
}
];
};
system.build.netbootIpxeScript = pkgs.writeTextDir "netboot.ipxe" "#!ipxe\nkernel bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}\ninitrd initrd\nboot";
boot.loader.timeout = 10;
boot.postBootCommands =
''
# After booting, register the contents of the Nix store
# in the Nix database in the tmpfs.
${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration
# nixos-rebuild also requires a "system" profile and an
# /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
};
}

2
nixos/modules/installer/tools/auto-upgrade.nix
View File

@ -78,7 +78,7 @@ let cfg = config.system.autoUpgrade; in
HOME = "/root";
};
path = [ pkgs.gnutar pkgs.xz.bin config.nix.package ];
path = [ pkgs.gnutar pkgs.xz.bin config.nix.package.out ];
script = ''
${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch ${toString cfg.flags}

60
nixos/modules/installer/tools/nixos-checkout.nix
View File

@ -1,60 +0,0 @@
# This module generates the nixos-checkout script, which performs a
# checkout of the Nixpkgs Git repository.
{ config, lib, pkgs, ... }:
with lib;
let
nixosCheckout = pkgs.substituteAll {
name = "nixos-checkout";
dir = "bin";
isExecutable = true;
src = pkgs.writeScript "nixos-checkout"
''
#! ${pkgs.stdenv.shell} -e
if [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
echo "Usage: `basename $0` [PREFIX]. See NixOS Manual for more info."
exit 0
fi
prefix="$1"
if [ -z "$prefix" ]; then prefix=/etc/nixos; fi
mkdir -p "$prefix"
cd "$prefix"
if [ -z "$(type -P git)" ]; then
echo "installing Git..."
nix-env -iA nixos.git
fi
# Move any old nixpkgs directories out of the way.
backupTimestamp=$(date "+%Y%m%d%H%M%S")
if [ -e nixpkgs -a ! -e nixpkgs/.git ]; then
mv nixpkgs nixpkgs-$backupTimestamp
fi
# Check out the Nixpkgs sources.
if ! [ -e nixpkgs/.git ]; then
echo "Creating repository in $prefix/nixpkgs..."
git init --quiet nixpkgs
else
echo "Updating repository in $prefix/nixpkgs..."
fi
cd nixpkgs
git remote add origin git://github.com/NixOS/nixpkgs.git || true
git remote add channels git://github.com/NixOS/nixpkgs-channels.git || true
git remote set-url origin --push git@github.com:NixOS/nixpkgs.git
git remote update
git checkout master
'';
};
in
{
environment.systemPackages = [ nixosCheckout ];
}

2
nixos/modules/installer/tools/nixos-rebuild.sh
View File

@ -271,7 +271,7 @@ remotePATH=
if [ -n "$buildNix" ]; then
echo "building Nix..." >&2
nixDrv=
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A config.nix.package "${extraBuildFlags[@]}")"; then
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A config.nix.package.out "${extraBuildFlags[@]}")"; then
if ! nixDrv="$(nix-instantiate '<nixpkgs/nixos>' --add-root $tmpDir/nix.drv --indirect -A nixFallback "${extraBuildFlags[@]}")"; then
if ! nixDrv="$(nix-instantiate '<nixpkgs>' --add-root $tmpDir/nix.drv --indirect -A nix "${extraBuildFlags[@]}")"; then
nixStorePath="$(prebuiltNix "$(uname -m)")"

6
nixos/modules/installer/tools/tools.nix
View File

@ -22,17 +22,17 @@ let
src = ./nixos-install.sh;
inherit (pkgs) perl pathsFromGraph;
nix = config.nix.package;
nix = config.nix.package.out;
nixClosure = pkgs.runCommand "closure"
{ exportReferencesGraph = ["refs" config.nix.package]; }
{ exportReferencesGraph = ["refs" config.nix.package.out]; }
"cp refs $out";
};
nixos-rebuild = makeProg {
name = "nixos-rebuild";
src = ./nixos-rebuild.sh;
nix = config.nix.package;
nix = config.nix.package.out;
};
nixos-generate-config = makeProg {

3
nixos/modules/misc/ids.nix
View File

@ -263,6 +263,8 @@
caddy = 239;
taskd = 240;
factorio = 241;
emby = 242;
graylog = 243;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -497,6 +499,7 @@
caddy = 239;
taskd = 240;
factorio = 241;
emby = 242;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

6
nixos/modules/module-list.nix
View File

@ -47,7 +47,6 @@
./i18n/input-method/nabi.nix
./i18n/input-method/uim.nix
./installer/tools/auto-upgrade.nix
./installer/tools/nixos-checkout.nix
./installer/tools/tools.nix
./misc/assertions.nix
./misc/crashdump.nix
@ -159,6 +158,7 @@
./services/desktops/gnome3/tracker.nix
./services/desktops/profile-sync-daemon.nix
./services/desktops/telepathy.nix
./services/development/hoogle.nix
./services/games/factorio.nix
./services/games/ghost-one.nix
./services/games/minecraft-server.nix
@ -183,6 +183,7 @@
./services/hardware/thermald.nix
./services/logging/awstats.nix
./services/logging/fluentd.nix
./services/logging/graylog.nix
./services/logging/klogd.nix
./services/logging/logcheck.nix
./services/logging/logrotate.nix
@ -216,6 +217,7 @@
./services/misc/dictd.nix
./services/misc/disnix.nix
./services/misc/docker-registry.nix
./services/misc/emby.nix
./services/misc/etcd.nix
./services/misc/felix.nix
./services/misc/folding-at-home.nix
@ -337,6 +339,7 @@
./services/networking/kippo.nix
./services/networking/lambdabot.nix
./services/networking/libreswan.nix
./services/networking/logmein-hamachi.nix
./services/networking/mailpile.nix
./services/networking/mfi.nix
./services/networking/mjpg-streamer.nix
@ -400,6 +403,7 @@
./services/networking/wicd.nix
./services/networking/wpa_supplicant.nix
./services/networking/xinetd.nix
./services/networking/zerobin.nix
./services/networking/zerotierone.nix
./services/networking/znc.nix
./services/printing/cupsd.nix

4
nixos/modules/profiles/docker-container.nix
View File

@ -37,12 +37,12 @@ in {
# After booting, register the contents of the Nix store in the Nix
# database.
if [ -f /nix-path-registration ]; then
${config.nix.package}/bin/nix-store --load-db < /nix-path-registration &&
${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration &&
rm /nix-path-registration
fi
# nixos-rebuild also requires a "system" profile
${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
'';
# Install new init script

4
nixos/modules/rename.nix
View File

@ -68,6 +68,10 @@ with lib;
# proxy
(mkRenamedOptionModule [ "nix" "proxy" ] [ "networking" "proxy" "default" ])
# sandboxing
(mkRenamedOptionModule [ "nix" "useChroot" ] [ "nix" "useSandbox" ])
(mkRenamedOptionModule [ "nix" "chrootDirs" ] [ "nix" "sandboxPaths" ])
# KDE
(mkRenamedOptionModule [ "kde" "extraPackages" ] [ "environment" "systemPackages" ])
(mkRenamedOptionModule [ "environment" "kdePackages" ] [ "environment" "systemPackages" ])

20
nixos/modules/security/grsecurity.nix
View File

@ -194,6 +194,23 @@ in
'';
};
disableSimultConnect = mkOption {
type = types.bool;
default = false;
description = ''
Disable TCP simultaneous connect. The TCP simultaneous connect
feature allows two clients to connect without either of them
entering the listening state. This feature of the TCP specification
is claimed to enable an attacker to deny the target access to a given
server by guessing the source port the target would use to make the
connection.
This option is OFF by default because TCP simultaneous connect has
some legitimate uses. Enable this option if you know what this TCP
feature is for and know that you do not need it.
'';
};
verboseVersion = mkOption {
type = types.bool;
default = false;
@ -234,7 +251,8 @@ in
systemd.services.grsec-lock = mkIf cfg.config.sysctl {
description = "grsecurity sysctl-lock Service";
requires = [ "systemd-sysctl.service" ];
wants = [ "systemd-sysctl.service" ];
after = [ "systemd-sysctl.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = "yes";

7
nixos/modules/services/backup/crashplan.nix
View File

@ -50,11 +50,8 @@ with lib;
ensureDir ${crashplan.vardir}/log 777
cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf
for x in app.asar bin EULA.txt install.vars lang lib libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libmd564.so libmd5.so share skin upgrade; do
if [ -e ${crashplan.vardir}/$x ]; then
true;
else
ln -s ${crashplan}/$x ${crashplan.vardir}/$x;
fi;
rm -f ${crashplan.vardir}/$x;
ln -sf ${crashplan}/$x ${crashplan.vardir}/$x;
done
'';

12
nixos/modules/services/continuous-integration/jenkins/default.nix
View File

@ -161,16 +161,8 @@ in {
'';
postStart = ''
until ${pkgs.curl.bin}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} ; do
sleep 10
done
while true ; do
index=`${pkgs.curl.bin}/bin/curl -s -L ${cfg.listenAddress}:${toString cfg.port}${cfg.prefix}`
if [[ !("$index" =~ 'Please wait while Jenkins is restarting' ||
"$index" =~ 'Please wait while Jenkins is getting ready to work') ]]; then
exit 0
fi
sleep 30
until ${pkgs.curl.bin}/bin/curl -s -L --fail --head http://${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} >/dev/null; do
sleep 2
done
'';

2
nixos/modules/services/databases/postgresql.nix
View File

@ -242,7 +242,7 @@ in
if test -e "${cfg.dataDir}/.first_startup"; then
${optionalString (cfg.initialScript != null) ''
cat "${cfg.initialScript}" | psql --port=${toString cfg.port} postgres
psql -f "${cfg.initialScript}" --port=${toString cfg.port} postgres
''}
rm -f "${cfg.dataDir}/.first_startup"
fi

70
nixos/modules/services/development/hoogle.nix Normal file
View File

@ -0,0 +1,70 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.hoogle;
hoogleEnv = pkgs.buildEnv {
name = "hoogle";
paths = [ (cfg.haskellPackages.ghcWithHoogle cfg.packages) ];
};
in {
options.services.hoogle = {
enable = mkEnableOption "Haskell documentation server";
port = mkOption {
type = types.int;
default = 8080;
description = ''
Port number Hoogle will be listening to.
'';
};
packages = mkOption {
default = hp: [];
defaultText = "hp: []";
example = "hp: with hp; [ text lens ]";
description = ''
The Haskell packages to generate documentation for.
The option value is a function that takes the package set specified in
the <varname>haskellPackages</varname> option as its sole parameter and
returns a list of packages.
'';
};
haskellPackages = mkOption {
description = "Which haskell package set to use.";
default = pkgs.haskellPackages;
defaultText = "pkgs.haskellPackages";
};
};
config = mkIf cfg.enable {
systemd.services.hoogle = {
description = "Haskell documentation server";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Restart = "always";
ExecStart = ''${hoogleEnv}/bin/hoogle server --local -p ${toString cfg.port}'';
User = "nobody";
Group = "nogroup";
PrivateTmp = true;
ProtectHome = true;
RuntimeDirectory = "hoogle";
WorkingDirectory = "%t/hoogle";
};
};
};
}

116
nixos/modules/services/hardware/sane_extra_backends/brscan4.nix Normal file
View File

@ -0,0 +1,116 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.sane.brscan4;
netDeviceList = attrValues cfg.netDevices;
etcFiles = pkgs.callPackage ./brscan4_etc_files.nix { netDevices = netDeviceList; };
netDeviceOpts = { name, config, ... }: {
options = {
name = mkOption {
type = types.str;
description = ''
The friendly name you give to the network device. If undefined,
the name of attribute will be used.
'';
example = literalExample "office1";
};
model = mkOption {
type = types.str;
description = ''
The model of the network device.
'';
example = literalExample "MFC-7860DW";
};
ip = mkOption {
type = with types; nullOr str;
default = null;
description = ''
The ip address of the device. If undefined, you will have to
provide a nodename.
'';
example = literalExample "192.168.1.2";
};
nodename = mkOption {
type = with types; nullOr str;
default = null;
description = ''
The node name of the device. If undefined, you will have to
provide an ip.
'';
example = literalExample "BRW0080927AFBCE";
};
};
config =
{ name = mkDefault name;
};
};
in
{
options = {
hardware.sane.brscan4.enable =
mkEnableOption "Brother's brscan4 scan backend" // {
description = ''
When enabled, will automatically register the "brscan4" sane
backend and bring configuration files to their expected location.
'';
};
hardware.sane.brscan4.netDevices = mkOption {
default = {};
example =
{ office1 = { model = "MFC-7860DW"; ip = "192.168.1.2"; };
office2 = { model = "MFC-7860DW"; nodename = "BRW0080927AFBCE"; };
};
type = types.loaOf types.optionSet;
description = ''
The list of network devices that will be registered against the brscan4
sane backend.
'';
options = [ netDeviceOpts ];
};
};
config = mkIf (config.hardware.sane.enable && cfg.enable) {
hardware.sane.extraBackends = [
pkgs.brscan4
];
environment.etc = singleton {
target = "opt/brother/scanner/brscan4";
source = "${etcFiles}/etc/opt/brother/scanner/brscan4";
};
assertions = [
{ assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList;
message = ''
When describing a network device as part of the attribute list
`hardware.sane.brscan4.netDevices`, only one of its `ip` or `nodename`
attribute should be specified, not both!
'';
}
];
};
}

71
nixos/modules/services/hardware/sane_extra_backends/brscan4_etc_files.nix Normal file
View File

@ -0,0 +1,71 @@
{ stdenv, lib, brscan4, netDevices ? [] }:
/*
Testing
-------
No net devices:
~~~
nix-shell -E 'with import <nixpkgs> { }; brscan4-etc-files'
~~~
Two net devices:
~~~
nix-shell -E 'with import <nixpkgs> { }; brscan4-etc-files.override{netDevices=[{name="a"; model="MFC-7860DW"; nodename="BRW0080927AFBCE";} {name="b"; model="MFC-7860DW"; ip="192.168.1.2";}];}'
~~~
*/
with lib;
let
addNetDev = nd: ''
brsaneconfig4 -a \
name="${nd.name}" \
model="${nd.model}" \
${if (hasAttr "nodename" nd && nd.nodename != null) then
''nodename="${nd.nodename}"'' else
''ip="${nd.ip}"''}'';
addAllNetDev = xs: concatStringsSep "\n" (map addNetDev xs);
in
stdenv.mkDerivation rec {
name = "brscan4-etc-files-0.4.3-3";
src = "${brscan4}/opt/brother/scanner/brscan4";
nativeBuildInputs = [ brscan4 ];
configurePhase = ":";
buildPhase = ''
TARGET_DIR="$out/etc/opt/brother/scanner/brscan4"
mkdir -p "$TARGET_DIR"
cp -rp "./models4" "$TARGET_DIR"
cp -rp "./Brsane4.ini" "$TARGET_DIR"
cp -rp "./brsanenetdevice4.cfg" "$TARGET_DIR"
export BRSANENETDEVICE4_CFG_FILENAME="$TARGET_DIR/brsanenetdevice4.cfg"
printf '${addAllNetDev netDevices}\n'
${addAllNetDev netDevices}
'';
installPhase = ":";
dontStrip = true;
dontPatchELF = true;
meta = {
description = "Brother brscan4 sane backend driver etc files";
homepage = http://www.brother.com;
platforms = stdenv.lib.platforms.linux;
license = stdenv.lib.licenses.unfree;
maintainers = with stdenv.lib.maintainers; [ jraygauthier ];
};
}

161
nixos/modules/services/logging/graylog.nix Normal file
View File

@ -0,0 +1,161 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.graylog;
configBool = b: if b then "true" else "false";
confFile = pkgs.writeText "graylog.conf" ''
is_master = ${configBool cfg.isMaster}
node_id_file = ${cfg.nodeIdFile}
password_secret = ${cfg.passwordSecret}
root_username = ${cfg.rootUsername}
root_password_sha2 = ${cfg.rootPasswordSha2}
elasticsearch_cluster_name = ${cfg.elasticsearchClusterName}
elasticsearch_discovery_zen_ping_multicast_enabled = ${configBool cfg.elasticsearchDiscoveryZenPingMulticastEnabled}
elasticsearch_discovery_zen_ping_unicast_hosts = ${cfg.elasticsearchDiscoveryZenPingUnicastHosts}
message_journal_dir = ${cfg.messageJournalDir}
mongodb_uri = ${cfg.mongodbUri}
${cfg.extraConfig}
'';
in
{
###### interface
options = {
services.graylog = {
enable = mkEnableOption "Graylog";
package = mkOption {
type = types.package;
default = pkgs.graylog;
defaultText = "pkgs.graylog";
example = literalExample "pkgs.graylog";
description = "Graylog package to use.";
};
user = mkOption {
type = types.str;
default = "graylog";
example = literalExample "graylog";
description = "User account under which graylog runs";
};
isMaster = mkOption {
type = types.bool;
default = true;
description = "Whether this is the master instance of your Graylog cluster";
};
nodeIdFile = mkOption {
type = types.str;
default = "/var/lib/graylog/server/node-id";
description = "Path of the file containing the graylog node-id";
};
passwordSecret = mkOption {
type = types.str;
description = ''
You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
Generate one by using for example: pwgen -N 1 -s 96
'';
};
rootUsername = mkOption {
type = types.str;
default = "admin";
description = "Name of the default administrator user";
};
rootPasswordSha2 = mkOption {
type = types.str;
example = "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952";
description = ''
You MUST specify a hash password for the root user (which you only need to initially set up the
system and in case you lose connectivity to your authentication backend)
This password cannot be changed using the API or via the web interface. If you need to change it,
modify it here.
Create one by using for example: echo -n yourpassword | shasum -a 256
and use the resulting hash value as string for the option
'';
};
elasticsearchClusterName = mkOption {
type = types.str;
example = "graylog";
description = "This must be the same as for your Elasticsearch cluster";
};
elasticsearchDiscoveryZenPingMulticastEnabled = mkOption {
type = types.bool;
default = false;
description = "Whether to use elasticsearch multicast discovery";
};
elasticsearchDiscoveryZenPingUnicastHosts = mkOption {
type = types.str;
default = "127.0.0.1:9300";
description = "Tells Graylogs Elasticsearch client how to find other cluster members. See Elasticsearch documentation for details";
};
messageJournalDir = mkOption {
type = types.str;
default = "/var/lib/graylog/data/journal";
description = "The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself";
};
mongodbUri = mkOption {
type = types.str;
default = "mongodb://localhost/graylog";
description = "MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details";
};
extraConfig = mkOption {
type = types.str;
default = "";
description = "Any other configuration options you might want to add";
};
};
};
###### implementation
config = mkIf cfg.enable {
users.extraUsers = mkIf (cfg.user == "graylog") {
graylog = {
uid = config.ids.uids.graylog;
description = "Graylog server daemon user";
};
};
systemd.services.graylog = with pkgs; {
description = "Graylog Server";
wantedBy = [ "multi-user.target" ];
environment = {
JAVA_HOME = jre;
GRAYLOG_CONF = "${confFile}";
};
path = [ pkgs.openjdk8 pkgs.which pkgs.procps ];
preStart = ''
mkdir -p /var/lib/graylog -m 755
chown -R ${cfg.user} /var/lib/graylog
mkdir -p ${cfg.messageJournalDir} -m 755
chown -R ${cfg.user} ${cfg.messageJournalDir}
'';
serviceConfig = {
User="${cfg.user}";
PermissionsStartOnly=true;
ExecStart = "${cfg.package}/bin/graylogctl run";
};
};
};
}

5
nixos/modules/services/logging/logcheck.nix
View File

@ -11,7 +11,10 @@ let
rm $out/logcheck.*
'';
rulesDir = pkgs.symlinkJoin "logcheck-rules-dir" ([ defaultRules ] ++ cfg.extraRulesDirs);
rulesDir = pkgs.symlinkJoin
{ name = "logcheck-rules-dir";
paths = ([ defaultRules ] ++ cfg.extraRulesDirs);
};
configFile = pkgs.writeText "logcheck.conf" cfg.config;

6
nixos/modules/services/mail/dovecot.nix
View File

@ -63,8 +63,10 @@ let
cfg.extraConfig
];
modulesDir = pkgs.symlinkJoin "dovecot-modules"
(map (pkg: "${pkg}/lib/dovecot") ([ dovecotPkg ] ++ map (module: module.override { dovecot = dovecotPkg; }) cfg.modules));
modulesDir = pkgs.symlinkJoin {
name = "dovecot-modules";
paths = map (pkg: "${pkg}/lib/dovecot") ([ dovecotPkg ] ++ map (module: module.override { dovecot = dovecotPkg; }) cfg.modules);
};
in
{

69
nixos/modules/services/mail/rmilter.nix
View File

@ -7,9 +7,14 @@ let
rspamdCfg = config.services.rspamd;
cfg = config.services.rmilter;
inetSockets = map (sock: let s = stringSplit ":" sock; in "inet:${last s}:${head s}") cfg.bindInetSockets;
unixSockets = map (sock: "unix:${sock}") cfg.bindUnixSockets;
allSockets = unixSockets ++ inetSockets;
rmilterConf = ''
pidfile = /run/rmilter/rmilter.pid;
bind_socket = ${cfg.bindSocket};
bind_socket = ${if cfg.socketActivation then "fd:3" else concatStringsSep ", " allSockets};
tempdir = /tmp;
'' + (with cfg.rspamd; if enable then ''
@ -68,14 +73,37 @@ in
'';
};
bindSocket = mkOption {
type = types.string;
default = "unix:/run/rmilter/rmilter.sock";
description = "Socket to listed for MTA requests";
bindUnixSockets = mkOption {
type = types.listOf types.str;
default = ["/run/rmilter.sock"];
description = ''
Unix domain sockets to listen for MTA requests.
'';
example = ''
"unix:/run/rmilter/rmilter.sock" or
"inet:11990@127.0.0.1"
'';
[ "/run/rmilter.sock"]
'';
};
bindInetSockets = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Inet addresses to listen (in format accepted by systemd.socket)
'';
example = ''
["127.0.0.1:11990"]
'';
};
socketActivation = mkOption {
type = types.bool;
default = true;
description = ''
Enable systemd socket activation for rmilter.
(disabling socket activation not recommended
when unix socket used, and follow to wrong
permissions on unix domain socket.)
'';
};
rspamd = {
@ -86,7 +114,7 @@ in
servers = mkOption {
type = types.listOf types.str;
default = ["r:0.0.0.0:11333"];
default = ["r:/run/rspamd.sock"];
description = ''
Spamd socket definitions.
Is server name is prefixed with r: it is rspamd server.
@ -129,7 +157,7 @@ in
type = types.str;
description = "Addon to postfix configuration";
default = ''
smtpd_milters = ${cfg.bindSocket}
smtpd_milters = ${head allSockets}
# or for TCP socket
# # smtpd_milters = inet:localhost:9900
milter_protocol = 6
@ -169,21 +197,30 @@ milter_default_action = accept
serviceConfig = {
ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}";
ExecReload = "/bin/kill -USR1 $MAINPID";
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = true;
Restart = "always";
RuntimeDirectory = "rmilter";
RuntimeDirectoryPermissions="0755";
};
preStart = ''
${pkgs.coreutils}/bin/mkdir -p /run/rmilter
${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /run/rmilter
'';
};
services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment;
systemd.sockets.rmilter = mkIf cfg.socketActivation {
description = "Rmilter service socket";
wantedBy = [ "sockets.target" ];
socketConfig = {
ListenStream = cfg.bindUnixSockets ++ cfg.bindInetSockets;
SocketUser = cfg.user;
SocketGroup = cfg.group;
SocketMode = "0660";
};
};
services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment;
users.users.postfix.extraGroups = [ cfg.group ];
};
}

59
nixos/modules/services/mail/rspamd.nix
View File

@ -6,6 +6,35 @@ let
cfg = config.services.rspamd;
mkBindSockets = socks: concatStringsSep "\n" (map (each: " bind_socket = \"${each}\"") socks);
rspamdConf =
''
.include "$CONFDIR/common.conf"
options {
pidfile = "$RUNDIR/rspamd.pid";
.include "$CONFDIR/options.inc"
}
logging {
type = "file";
filename = "$LOGDIR/rspamd.log";
.include "$CONFDIR/logging.inc"
}
worker {
${mkBindSockets cfg.bindSocket}
.include "$CONFDIR/worker-normal.inc"
}
worker {
${mkBindSockets cfg.bindUISocket}
.include "$CONFDIR/worker-controller.inc"
}
'';
rspamdConfFile = pkgs.writeText "rspamd.conf" rspamdConf;
in
{
@ -26,6 +55,32 @@ in
description = "Whether to run the rspamd daemon in debug mode.";
};
bindSocket = mkOption {
type = types.listOf types.str;
default = [
"/run/rspamd.sock mode=0666 owner=${cfg.user}"
];
description = ''
List of sockets to listen, in format acceptable by rspamd
'';
example = ''
bindSocket = [
"/run/rspamd.sock mode=0666 owner=rspamd"
"*:11333"
];
'';
};
bindUISocket = mkOption {
type = types.listOf types.str;
default = [
"localhost:11334"
];
description = ''
List of sockets for web interface, in format acceptable by rspamd
'';
};
user = mkOption {
type = types.string;
default = "rspamd";
@ -62,7 +117,7 @@ in
users.extraGroups = singleton {
name = cfg.group;
gid = config.ids.gids.spamd;
gid = config.ids.gids.rspamd;
};
systemd.services.rspamd = {
@ -72,7 +127,7 @@ in
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -f";
ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f";
RuntimeDirectory = "/var/lib/rspamd";
PermissionsStartOnly = true;
Restart = "always";

64
nixos/modules/services/misc/emby.nix Normal file
View File

@ -0,0 +1,64 @@
{ config, pkgs, lib, mono, ... }:
with lib;
let
cfg = config.services.emby;
emby = pkgs.emby;
in
{
options = {
services.emby = {
enable = mkEnableOption "Emby Media Server";
user = mkOption {
type = types.str;
default = "emby";
description = "User account under which Emby runs.";
};
group = mkOption {
type = types.str;
default = "emby";
description = "Group under which emby runs.";
};
};
};
config = mkIf cfg.enable {
systemd.services.emby = {
description = "Emby Media Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
test -d /var/lib/emby/ProgramData-Server || {
echo "Creating initial Emby data directory in /var/lib/emby/ProgramData-Server"
mkdir -p /var/lib/emby/ProgramData-Server
chown -R ${cfg.user}:${cfg.group} /var/lib/emby/ProgramData-Server
}
'';
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = "true";
ExecStart = "${pkgs.mono}/bin/mono ${pkgs.emby}/bin/MediaBrowser.Server.Mono.exe";
Restart = "on-failure";
};
};
users.extraUsers = mkIf (cfg.user == "emby") {
emby = {
group = cfg.group;
uid = config.ids.uids.emby;
};
};
users.extraGroups = mkIf (cfg.group == "emby") {
emby = {
gid = config.ids.gids.emby;
};
};
};
}

22
nixos/modules/services/misc/nix-daemon.nix
View File

@ -6,7 +6,7 @@ let
cfg = config.nix;
nix = cfg.package;
nix = cfg.package.out;
makeNixBuildUser = nr:
{ name = "nixbld${toString nr}";
@ -24,8 +24,8 @@ let
nixConf =
let
# If we're using a chroot for builds, then provide /bin/sh in
# the chroot as a bind-mount to bash. This means we also need to
# If we're using sandbox for builds, then provide /bin/sh in
# the sandbox as a bind-mount to bash. This means we also need to
# include the entire closure of bash.
sh = pkgs.stdenv.shell;
binshDeps = pkgs.writeReferencesToFile sh;
@ -39,8 +39,8 @@ let
build-users-group = nixbld
build-max-jobs = ${toString (cfg.maxJobs)}
build-cores = ${toString (cfg.buildCores)}
build-use-chroot = ${if (builtins.isBool cfg.useChroot) then (if cfg.useChroot then "true" else "false") else cfg.useChroot}
build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
build-use-sandbox = ${if (builtins.isBool cfg.useSandbox) then (if cfg.useSandbox then "true" else "false") else cfg.useSandbox}
build-sandbox-paths = ${toString cfg.sandboxPaths} /bin/sh=${sh} $(echo $extraPaths)
binary-caches = ${toString cfg.binaryCaches}
trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
binary-cache-public-keys = ${toString cfg.binaryCachePublicKeys}
@ -65,8 +65,8 @@ in
package = mkOption {
type = types.package;
default = pkgs.nix.out;
defaultText = "pkgs.nix.out";
default = pkgs.nix;
defaultText = "pkgs.nix";
description = ''
This option specifies the Nix package instance to use throughout the system.
'';
@ -98,25 +98,25 @@ in
'';
};
useChroot = mkOption {
useSandbox = mkOption {
type = types.either types.bool (types.enum ["relaxed"]);
default = false;
description = "
If set, Nix will perform builds in a chroot-environment that it
If set, Nix will perform builds in a sandboxed environment that it
will set up automatically for each build. This prevents
impurities in builds by disallowing access to dependencies
outside of the Nix store.
";
};
chrootDirs = mkOption {
sandboxPaths = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/dev" "/proc" ];
description =
''
Directories from the host filesystem to be included
in the chroot.
in the sandbox.
'';
};

2
nixos/modules/services/misc/nix-gc.nix
View File

@ -52,7 +52,7 @@ in
systemd.services.nix-gc =
{ description = "Nix Garbage Collector";
script = "exec ${config.nix.package}/bin/nix-collect-garbage ${cfg.options}";
script = "exec ${config.nix.package.out}/bin/nix-collect-garbage ${cfg.options}";
startAt = optionalString cfg.automatic cfg.dates;
};

2
nixos/modules/services/misc/nix-ssh-serve.nix
View File

@ -41,7 +41,7 @@ with lib;
PermitTTY no
PermitTunnel no
X11Forwarding no
ForceCommand ${config.nix.package}/bin/nix-store --serve
ForceCommand ${config.nix.package.out}/bin/nix-store --serve
Match All
'';

4
nixos/modules/services/misc/taskserver/default.nix
View File

@ -449,7 +449,7 @@ in {
};
};
})
(mkIf needToCreateCA {
(mkIf (cfg.enable && needToCreateCA) {
systemd.services.taskserver-ca = {
wantedBy = [ "taskserver.service" ];
after = [ "taskserver-init.service" ];
@ -533,7 +533,7 @@ in {
'';
};
})
(mkIf (cfg.listenHost != "localhost") {
(mkIf (cfg.enable && cfg.listenHost != "localhost") {
networking.firewall.allowedTCPPorts = [ cfg.listenPort ];
})
{ meta.doc = ./taskserver.xml; }

4
nixos/modules/services/network-filesystems/openafs-client/default.nix
View File

@ -80,7 +80,7 @@ in
preStart = ''
mkdir -p -m 0755 /afs
mkdir -m 0700 -p ${cfg.cacheDirectory}
${pkgs.module_init_tools}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true
${pkgs.kmod}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true
${openafsPkgs}/sbin/afsd -confdir ${afsConfig} -cachedir ${cfg.cacheDirectory} ${if cfg.sparse then "-dynroot-sparse" else "-dynroot"} -fakestat -afsdb
${openafsPkgs}/bin/fs setcrypt ${if cfg.crypt then "on" else "off"}
'';
@ -92,7 +92,7 @@ in
preStop = ''
${pkgs.utillinux}/bin/umount /afs
${openafsPkgs}/sbin/afsd -shutdown
${pkgs.module_init_tools}/sbin/rmmod libafs
${pkgs.kmod}/sbin/rmmod libafs
'';
};
};

54
nixos/modules/services/networking/copy-com.nix
View File

@ -1,54 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.copy-com;
in
{
options = {
services.copy-com = {
enable = mkOption {
default = false;
description = "
Enable the Copy.com client.
NOTE: before enabling the client for the first time, it must be
configured by first running CopyConsole (command line) or CopyAgent
(graphical) as the appropriate user.
";
};
user = mkOption {
description = "The user for which the Copy.com client should be run.";
};
debug = mkOption {
default = false;
description = "Output more (debugging) messages to the console.";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.postfix ];
systemd.services."copy-com-${cfg.user}" = {
description = "Copy.com client";
wants = [ "network-online.target" ];
after = [ "network-online.target" "local-fs.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.copy-com}/bin/CopyConsole ${if cfg.debug then "-consoleOutput -debugToConsole=dirwatch,path-watch,csm_path,csm -debug -console" else ""}";
User = "${cfg.user}";
};
};
};
}

50
nixos/modules/services/networking/logmein-hamachi.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.logmein-hamachi;
in
{
###### interface
options = {
services.logmein-hamachi.enable = mkOption {
type = types.bool;
default = false;
description =
''
Whether to enable LogMeIn Hamachi, a proprietary
(closed source) commercial VPN software.
'';
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.logmein-hamachi = {
description = "LogMeIn Hamachi Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "local-fs.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${pkgs.logmein-hamachi}/bin/hamachid";
};
};
environment.systemPackages = [ pkgs.logmein-hamachi ];
};
}

10
nixos/modules/services/networking/mfi.nix
View File

@ -10,6 +10,7 @@ let
{ what = "${pkgs.mfi}/dl"; where = "${stateDir}/dl"; }
{ what = "${pkgs.mfi}/lib"; where = "${stateDir}/lib"; }
{ what = "${pkgs.mongodb248}/bin"; where = "${stateDir}/bin"; }
{ what = "${cfg.dataDir}"; where = "${stateDir}/data"; }
];
systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints;
ports = [ 6080 6880 6443 6843 ];
@ -23,6 +24,15 @@ in
default = true;
description = "Whether to open TCP ports ${concatMapStrings (a: "${toString a} ") ports}for the services.";
};
dataDir = mkOption {
type = types.str;
default = "${stateDir}/data";
description = ''
Where to store the database and other data.
This directory will be bind-mounted to ${stateDir}/data as part of the service startup.
'';
};
};
};

2
nixos/modules/services/networking/nix-serve.nix
View File

@ -50,7 +50,7 @@ in
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ config.nix.package pkgs.bzip2.bin ];
path = [ config.nix.package.out pkgs.bzip2.bin ];
environment.NIX_REMOTE = "daemon";
environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile;

2
nixos/modules/services/networking/quassel.nix
View File

@ -3,7 +3,7 @@
with lib;
let
quassel = pkgs.quasselDaemon_qt5;
quassel = pkgs.kde4.quasselDaemon;
cfg = config.services.quassel;
user = if cfg.user != null then cfg.user else "quassel";
in

16
nixos/modules/services/networking/unifi.nix
View File

@ -17,6 +17,10 @@ let
what = "${pkgs.mongodb}/bin";
where = "${stateDir}/bin";
}
{
what = "${cfg.dataDir}";
where = "${stateDir}/data";
}
];
systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints;
in
@ -32,6 +36,16 @@ in
'';
};
services.unifi.dataDir = mkOption {
type = types.str;
default = "${stateDir}/data";
description = ''
Where to store the database and other data.
This directory will be bind-mounted to ${stateDir}/data as part of the service startup.
'';
};
};
config = mkIf cfg.enable {
@ -62,7 +76,7 @@ in
bindsTo = systemdMountPoints;
unitConfig.RequiresMountsFor = stateDir;
# This a HACK to fix missing dependencies of dynamic libs extracted from jars
environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc}/lib";
environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc.lib}/lib";
preStart = ''
# Ensure privacy of state

102
nixos/modules/services/networking/zerobin.nix Normal file
View File

@ -0,0 +1,102 @@
{ config, pkgs, lib, nodes, ... }:
with lib;
let
cfg = config.services.zerobin;
zerobin_config = pkgs.writeText "zerobin-config.py" ''
PASTE_FILES_ROOT = "${cfg.dataDir}"
${cfg.extraConfig}
'';
in
{
options = {
services.zerobin = {
enable = mkEnableOption "0bin";
dataDir = mkOption {
type = types.str;
default = "/var/lib/zerobin";
description = ''
Path to the 0bin data directory
'';
};
user = mkOption {
type = types.str;
default = "zerobin";
description = ''
The user 0bin should run as
'';
};
group = mkOption {
type = types.str;
default = "zerobin";
description = ''
The group 0bin should run as
'';
};
listenPort = mkOption {
type = types.int;
default = 8000;
example = 1357;
description = ''
The port zerobin should listen on
'';
};
listenAddress = mkOption {
type = types.str;
default = "localhost";
example = "127.0.0.1";
description = ''
The address zerobin should listen to
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
MENU = (
('Home', '/'),
)
COMPRESSED_STATIC_FILE = True
'';
description = ''
Extra configuration to be appended to the 0bin config file
(see https://0bin.readthedocs.org/en/latest/en/options.html)
'';
};
};
};
config = mkIf (cfg.enable) {
users.users."${cfg.user}" =
if cfg.user == "zerobin" then {
isSystemUser = true;
group = cfg.group;
home = cfg.dataDir;
createHome = true;
}
else {};
users.groups."${cfg.group}" = {};
systemd.services.zerobin = {
enable = true;
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.pythonPackages.zerobin}/bin/zerobin ${cfg.listenAddress} ${toString cfg.listenPort} false ${cfg.user} ${cfg.group} ${zerobin_config}";
serviceConfig.PrivateTmp="yes";
serviceConfig.User = cfg.user;
serviceConfig.Group = cfg.group;
preStart = ''
mkdir -p ${cfg.dataDir}
chown ${cfg.user} ${cfg.dataDir}
'';
};
};
}

1
nixos/modules/services/search/elasticsearch.nix
View File

@ -145,6 +145,7 @@ in {
# Install plugins
ln -sfT ${esPlugins}/plugins ${cfg.dataDir}/plugins
ln -sfT ${cfg.package}/lib ${cfg.dataDir}/lib
ln -sfT ${cfg.package}/modules ${cfg.dataDir}/modules
if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi
'';
postStart = mkBefore ''

28
nixos/modules/services/security/fail2ban.nix
View File

@ -99,34 +99,32 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
partOf = optional config.networking.firewall.enable "firewall.service";
restartTriggers = [ fail2banConf jailConf ];
path = [ pkgs.fail2ban pkgs.iptables ];
preStart =
''
mkdir -p /run/fail2ban -m 0755
mkdir -p /var/lib/fail2ban
'';
unitConfig.Documentation = "man:fail2ban(1)";
serviceConfig =
{ ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
{ Type = "forking";
ExecStart = "${pkgs.fail2ban}/bin/fail2ban-client -x start";
ExecStop = "${pkgs.fail2ban}/bin/fail2ban-client stop";
ExecReload = "${pkgs.fail2ban}/bin/fail2ban-client reload";
PIDFile = "/run/fail2ban/fail2ban.pid";
Restart = "always";
ReadOnlyDirectories = "/";
ReadWriteDirectories = "/run /var/tmp /var/lib";
ReadWriteDirectories = "/run/fail2ban /var/tmp /var/lib";
PrivateTmp = "true";
RuntimeDirectory = "fail2ban";
CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW";
};
postStart =
''
# Wait for the server to start listening.
for ((n = 0; n < 20; n++)); do
if fail2ban-client ping; then break; fi
sleep 0.5
done
# Reload its configuration.
fail2ban-client reload
'';
};
# Add some reasonable default jails. The special "DEFAULT" jail

2
nixos/modules/services/system/dbus.nix
View File

@ -121,7 +121,7 @@ in
security.setuidOwners = singleton
{ program = "dbus-daemon-launch-helper";
source = "${pkgs.dbus_daemon.lib}/libexec/dbus-daemon-launch-helper";
source = "${pkgs.dbus_daemon.out}/libexec/dbus-daemon-launch-helper";
owner = "root";
group = "messagebus";
setuid = true;

10
nixos/modules/services/system/kerberos.nix
View File

@ -4,7 +4,7 @@ let
inherit (lib) mkOption mkIf singleton;
inherit (pkgs) heimdal;
inherit (pkgs) heimdalFull;
stateDir = "/var/heimdal";
in
@ -33,7 +33,7 @@ in
config = mkIf config.services.kerberos_server.enable {
environment.systemPackages = [ heimdal ];
environment.systemPackages = [ heimdalFull ];
services.xinetd.enable = true;
services.xinetd.services = lib.singleton
@ -42,7 +42,7 @@ in
protocol = "tcp";
user = "root";
server = "${pkgs.tcp_wrappers}/sbin/tcpd";
serverArgs = "${pkgs.heimdal}/sbin/kadmind";
serverArgs = "${pkgs.heimdalFull}/sbin/kadmind";
};
systemd.services.kdc = {
@ -51,13 +51,13 @@ in
preStart = ''
mkdir -m 0755 -p ${stateDir}
'';
script = "${heimdal}/sbin/kdc";
script = "${heimdalFull}/sbin/kdc";
};
systemd.services.kpasswdd = {
description = "Kerberos Password Changing daemon";
wantedBy = [ "multi-user.target" ];
script = "${heimdal}/sbin/kpasswdd";
script = "${heimdalFull}/sbin/kpasswdd";
};
};

2
nixos/modules/services/x11/desktop-managers/gnome3.nix
View File

@ -165,6 +165,8 @@ in {
'';
};
services.xserver.updateDbusEnvironment = true;
environment.variables.GIO_EXTRA_MODULES = [ "${gnome3.dconf}/lib/gio/modules"
"${gnome3.glib_networking.out}/lib/gio/modules"
"${gnome3.gvfs}/lib/gio/modules" ];

5
nixos/modules/services/x11/desktop-managers/xfce.nix
View File

@ -42,10 +42,13 @@ in
# Set GTK_DATA_PREFIX so that GTK+ can find the Xfce themes.
export GTK_DATA_PREFIX=${config.system.path}
exec ${pkgs.stdenv.shell} ${pkgs.xfce.xinitrc}
${pkgs.stdenv.shell} ${pkgs.xfce.xinitrc} &
waitPID=$!
'';
};
services.xserver.updateDbusEnvironment = true;
environment.systemPackages =
[ pkgs.gtk # To get GTK+'s themes.
pkgs.hicolor_icon_theme

8
nixos/modules/services/x11/display-managers/default.nix
View File

@ -126,6 +126,14 @@ let
(*) echo "$0: Desktop manager '$desktopManager' not found.";;
esac
${optionalString (cfg.startDbusSession && cfg.updateDbusEnvironment) ''
${pkgs.glib}/bin/gdbus call --session \
--dest org.freedesktop.DBus --object-path /org/freedesktop/DBus \
--method org.freedesktop.DBus.UpdateActivationEnvironment \
"{$(env | ${pkgs.gnused}/bin/sed "s/'/\\\\'/g; s/\([^=]*\)=\(.*\)/'\1':'\2'/" \
| ${pkgs.coreutils}/bin/paste -sd,)}"
''}
test -n "$waitPID" && wait "$waitPID"
exit 0
'';

10
nixos/modules/services/x11/redshift.nix
View File

@ -94,11 +94,9 @@ in {
};
config = mkIf cfg.enable {
systemd.services.redshift = {
systemd.user.services.redshift = {
description = "Redshift colour temperature adjuster";
requires = [ "display-manager.service" ];
after = [ "display-manager.service" ];
wantedBy = [ "graphical.target" ];
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = ''
${cfg.package}/bin/redshift \
@ -107,10 +105,10 @@ in {
-b ${toString cfg.brightness.day}:${toString cfg.brightness.night} \
${lib.strings.concatStringsSep " " cfg.extraOptions}
'';
RestartSec = 3;
RestartSec = 3;
Restart = "always";
};
environment = { DISPLAY = ":0"; };
serviceConfig.Restart = "always";
};
};

1
nixos/modules/services/x11/window-managers/bspwm.nix
View File

@ -38,6 +38,7 @@ in
start = if cfg.startThroughSession
then cfg.sessionScript
else ''
export _JAVA_AWT_WM_NONREPARENTING=1
SXHKD_SHELL=/bin/sh ${pkgs.sxhkd}/bin/sxhkd -f 100 &
${pkgs.bspwm}/bin/bspwm
'';

9
nixos/modules/services/x11/xserver.nix
View File

@ -233,6 +233,15 @@ in
'';
};
updateDbusEnvironment = mkOption {
type = types.bool;
default = false;
description = ''
Whether to update the DBus activation environment after launching the
desktop manager.
'';
};
layout = mkOption {
type = types.str;
default = "us";

2
nixos/modules/system/boot/loader/grub/grub.nix
View File

@ -499,7 +499,7 @@ in
}
] ++ flip map args.devices (device: {
assertion = device == "nodev" || hasPrefix "/" device;
message = "GRUB devices must be absolute paths, not ${dev} in ${args.path}";
message = "GRUB devices must be absolute paths, not ${device} in ${args.path}";
}));
})

2
nixos/modules/system/boot/loader/gummiboot/gummiboot.nix
View File

@ -14,7 +14,7 @@ let
inherit (pkgs) python gummiboot;
nix = config.nix.package;
nix = config.nix.package.out;
timeout = if cfg.timeout != null then cfg.timeout else "";

2
nixos/modules/system/etc/etc.nix
View File

@ -36,7 +36,7 @@ in
type = types.loaOf types.optionSet;
default = {};
example = literalExample ''
{ hosts =
{ example-configuration-file =
{ source = "/nix/store/.../etc/dir/file.conf.example";
mode = "0440";
};

10
nixos/modules/tasks/network-interfaces.nix
View File

@ -523,7 +523,7 @@ in
networking.bonds = mkOption {
default = { };
example = {
example = literalExample {
bond0 = {
interfaces = [ "eth0" "wlan0" ];
miimon = 100;
@ -598,7 +598,7 @@ in
networking.macvlans = mkOption {
type = types.attrsOf types.optionSet;
default = { };
example = {
example = literalExample {
wan = {
interface = "enp2s0";
mode = "vepa";
@ -629,7 +629,7 @@ in
networking.sits = mkOption {
type = types.attrsOf types.optionSet;
default = { };
example = {
example = literalExample {
hurricane = {
remote = "10.0.0.1";
local = "10.0.0.22";
@ -688,7 +688,7 @@ in
networking.vlans = mkOption {
default = { };
example = {
example = literalExample {
vlan0 = {
id = 3;
interface = "enp3s0";
@ -727,7 +727,7 @@ in
networking.wlanInterfaces = mkOption {
default = { };
example = {
example = literalExample {
"wlan-station0" = {
device = "wlp6s0";
};

2
nixos/modules/virtualisation/amazon-init.nix
View File

@ -8,7 +8,7 @@ let
echo "attempting to fetch configuration from EC2 user data..."
export PATH=${config.nix.package}/bin:${pkgs.systemd}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:${config.system.build.nixos-rebuild}/bin:$PATH
export PATH=${pkgs.lib.makeBinPath [ config.nix.package pkgs.systemd pkgs.gnugrep pkgs.gnused config.system.build.nixos-rebuild]}:$PATH
export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
userData=/etc/ec2-metadata/user-data

4
nixos/modules/virtualisation/azure-image.nix
View File

@ -62,10 +62,10 @@ in
echo Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
echo Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package}/bin/nix-env \
chroot /mnt ${config.nix.package.out}/bin/nix-env \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} --option build-users-group ""
echo nixos-rebuild requires an /etc/NIXOS.

4
nixos/modules/virtualisation/brightbox-image.nix
View File

@ -62,10 +62,10 @@ in
# Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
# Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package}/bin/nix-env \
chroot /mnt ${config.nix.package.out}/bin/nix-env \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \
--option build-users-group ""

343
nixos/modules/virtualisation/containers.nix
View File

@ -28,14 +28,23 @@ let
# Initialise the container side of the veth pair.
if [ "$PRIVATE_NETWORK" = 1 ]; then
ip link set host0 name eth0
ip link set dev eth0 up
if [ -n "$LOCAL_ADDRESS" ]; then
ip addr add $LOCAL_ADDRESS dev eth0
fi
if [ -n "$LOCAL_ADDRESS6" ]; then
ip -6 addr add $LOCAL_ADDRESS6 dev eth0
fi
if [ -n "$HOST_ADDRESS" ]; then
ip route add $HOST_ADDRESS dev eth0
ip route add default via $HOST_ADDRESS
fi
if [ -n "$LOCAL_ADDRESS" ]; then
ip addr add $LOCAL_ADDRESS dev eth0
if [ -n "$HOST_ADDRESS6" ]; then
ip -6 route add $HOST_ADDRESS6 dev eth0
ip -6 route add default via $HOST_ADDRESS6
fi
fi
@ -48,7 +57,7 @@ let
system = config.nixpkgs.system;
bindMountOpts = { name, config, ... }: {
options = {
mountPoint = mkOption {
example = "/mnt/usb";
@ -68,13 +77,13 @@ let
description = "Determine whether the mounted path will be accessed in read-only mode.";
};
};
config = {
mountPoint = mkDefault name;
};
};
mkBindFlag = d:
let flagPrefix = if d.isReadOnly then " --bind-ro=" else " --bind=";
mountstr = if d.hostPath != null then "${d.hostPath}:${d.mountPoint}" else "${d.mountPoint}";
@ -142,12 +151,33 @@ in
'';
};
hostBridge = mkOption {
type = types.nullOr types.string;
default = null;
example = "br0";
description = ''
Put the host-side of the veth-pair into the named bridge.
Only one of hostAddress* or hostBridge can be given.
'';
};
hostAddress = mkOption {
type = types.nullOr types.str;
default = null;
example = "10.231.136.1";
description = ''
The IPv4 address assigned to the host interface.
(Not used when hostBridge is set.)
'';
};
hostAddress6 = mkOption {
type = types.nullOr types.string;
default = null;
example = "fc00::1";
description = ''
The IPv6 address assigned to the host interface.
(Not used when hostBridge is set.)
'';
};
@ -161,6 +191,16 @@ in
'';
};
localAddress6 = mkOption {
type = types.nullOr types.string;
default = null;
example = "fc00::2";
description = ''
The IPv6 address assigned to <literal>eth0</literal>
in the container.
'';
};
interfaces = mkOption {
type = types.listOf types.string;
default = [];
@ -185,7 +225,7 @@ in
example = { "/home" = { hostPath = "/home/alice";
isReadOnly = false; };
};
description =
''
An extra list of directories that is bound to the container.
@ -238,154 +278,180 @@ in
};
config = mkIf (config.boot.enableContainers) {
config = mkIf (config.boot.enableContainers) (let
systemd.services."container@" =
{ description = "Container '%i'";
unit = {
description = "Container '%i'";
unitConfig.RequiresMountsFor = [ "/var/lib/containers/%i" ];
unitConfig.RequiresMountsFor = [ "/var/lib/containers/%i" ];
path = [ pkgs.iproute ];
path = [ pkgs.iproute ];
environment.INSTANCE = "%i";
environment.root = "/var/lib/containers/%i";
environment.INSTANCE = "%i";
environment.root = "/var/lib/containers/%i";
preStart =
''
# Clean up existing machined registration and interfaces.
machinectl terminate "$INSTANCE" 2> /dev/null || true
preStart =
''
# Clean up existing machined registration and interfaces.
machinectl terminate "$INSTANCE" 2> /dev/null || true
if [ "$PRIVATE_NETWORK" = 1 ]; then
ip link del dev "ve-$INSTANCE" 2> /dev/null || true
if [ "$PRIVATE_NETWORK" = 1 ]; then
ip link del dev "ve-$INSTANCE" 2> /dev/null || true
ip link del dev "vb-$INSTANCE" 2> /dev/null || true
fi
'';
script =
''
mkdir -p -m 0755 "$root/etc" "$root/var/lib"
mkdir -p -m 0700 "$root/var/lib/private" "$root/root" /run/containers
if ! [ -e "$root/etc/os-release" ]; then
touch "$root/etc/os-release"
fi
mkdir -p -m 0755 \
"/nix/var/nix/profiles/per-container/$INSTANCE" \
"/nix/var/nix/gcroots/per-container/$INSTANCE"
cp --remove-destination /etc/resolv.conf "$root/etc/resolv.conf"
if [ "$PRIVATE_NETWORK" = 1 ]; then
extraFlags+=" --network-veth"
if [ -n "$HOST_BRIDGE" ]; then
extraFlags+=" --network-bridge=$HOST_BRIDGE"
fi
fi
for iface in $INTERFACES; do
extraFlags+=" --network-interface=$iface"
done
if [ "$PRIVATE_NETWORK" = 1 ]; then
ip link del dev "ve-$INSTANCE" 2> /dev/null || true
for iface in $MACVLANS; do
extraFlags+=" --network-macvlan=$iface"
done
# If the host is 64-bit and the container is 32-bit, add a
# --personality flag.
${optionalString (config.nixpkgs.system == "x86_64-linux") ''
if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
extraFlags+=" --personality=x86"
fi
'';
script =
''
mkdir -p -m 0755 "$root/etc" "$root/var/lib"
mkdir -p -m 0700 "$root/var/lib/private" "$root/root" /run/containers
if ! [ -e "$root/etc/os-release" ]; then
touch "$root/etc/os-release"
fi
mkdir -p -m 0755 \
"/nix/var/nix/profiles/per-container/$INSTANCE" \
"/nix/var/nix/gcroots/per-container/$INSTANCE"
cp --remove-destination /etc/resolv.conf "$root/etc/resolv.conf"
if [ "$PRIVATE_NETWORK" = 1 ]; then
extraFlags+=" --network-veth"
fi
for iface in $INTERFACES; do
extraFlags+=" --network-interface=$iface"
done
for iface in $MACVLANS; do
extraFlags+=" --network-macvlan=$iface"
done
# If the host is 64-bit and the container is 32-bit, add a
# --personality flag.
${optionalString (config.nixpkgs.system == "x86_64-linux") ''
if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
extraFlags+=" --personality=x86"
fi
''}
''}
# Run systemd-nspawn without startup notification (we'll
# wait for the container systemd to signal readiness).
EXIT_ON_REBOOT=1 NOTIFY_SOCKET= \
exec ${config.systemd.package}/bin/systemd-nspawn \
--keep-unit \
-M "$INSTANCE" -D "$root" $extraFlags \
$EXTRA_NSPAWN_FLAGS \
--bind-ro=/nix/store \
--bind-ro=/nix/var/nix/db \
--bind-ro=/nix/var/nix/daemon-socket \
--bind=/run/systemd/notify:/var/lib/private/host-notify \
--bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
--bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
--setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \
--setenv HOST_ADDRESS="$HOST_ADDRESS" \
--setenv LOCAL_ADDRESS="$LOCAL_ADDRESS" \
--setenv PATH="$PATH" \
${containerInit} "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init"
'';
# Run systemd-nspawn without startup notification (we'll
# wait for the container systemd to signal readiness).
EXIT_ON_REBOOT=1 NOTIFY_SOCKET= \
exec ${config.systemd.package}/bin/systemd-nspawn \
--keep-unit \
-M "$INSTANCE" -D "$root" $extraFlags \
$EXTRA_NSPAWN_FLAGS \
--bind-ro=/nix/store \
--bind-ro=/nix/var/nix/db \
--bind-ro=/nix/var/nix/daemon-socket \
--bind=/run/systemd/notify:/var/lib/private/host-notify \
--bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
--bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
--setenv PRIVATE_NETWORK="$PRIVATE_NETWORK" \
--setenv HOST_BRIDGE="$HOST_BRIDGE" \
--setenv HOST_ADDRESS="$HOST_ADDRESS" \
--setenv LOCAL_ADDRESS="$LOCAL_ADDRESS" \
--setenv HOST_ADDRESS6="$HOST_ADDRESS6" \
--setenv LOCAL_ADDRESS6="$LOCAL_ADDRESS6" \
--setenv PATH="$PATH" \
${containerInit} "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init"
'';
postStart =
''
if [ "$PRIVATE_NETWORK" = 1 ]; then
postStart =
''
if [ "$PRIVATE_NETWORK" = 1 ]; then
if [ -z "$HOST_BRIDGE" ]; then
ifaceHost=ve-$INSTANCE
ip link set dev $ifaceHost up
if [ -n "$HOST_ADDRESS" ]; then
ip addr add $HOST_ADDRESS dev $ifaceHost
fi
if [ -n "$HOST_ADDRESS6" ]; then
ip -6 addr add $HOST_ADDRESS6 dev $ifaceHost
fi
if [ -n "$LOCAL_ADDRESS" ]; then
ip route add $LOCAL_ADDRESS dev $ifaceHost
fi
if [ -n "$LOCAL_ADDRESS6" ]; then
ip -6 route add $LOCAL_ADDRESS6 dev $ifaceHost
fi
fi
fi
# Get the leader PID so that we can signal it in
# preStop. We can't use machinectl there because D-Bus
# might be shutting down. FIXME: in systemd 219 we can
# just signal systemd-nspawn to do a clean shutdown.
machinectl show "$INSTANCE" | sed 's/Leader=\(.*\)/\1/;t;d' > "/run/containers/$INSTANCE.pid"
'';
# Get the leader PID so that we can signal it in
# preStop. We can't use machinectl there because D-Bus
# might be shutting down. FIXME: in systemd 219 we can
# just signal systemd-nspawn to do a clean shutdown.
machinectl show "$INSTANCE" | sed 's/Leader=\(.*\)/\1/;t;d' > "/run/containers/$INSTANCE.pid"
'';
preStop =
preStop =
''
pid="$(cat /run/containers/$INSTANCE.pid)"
if [ -n "$pid" ]; then
kill -RTMIN+4 "$pid"
fi
rm -f "/run/containers/$INSTANCE.pid"
'';
restartIfChanged = false;
serviceConfig = {
ExecReload = pkgs.writeScript "reload-container"
''
pid="$(cat /run/containers/$INSTANCE.pid)"
if [ -n "$pid" ]; then
kill -RTMIN+4 "$pid"
fi
rm -f "/run/containers/$INSTANCE.pid"
#! ${pkgs.stdenv.shell} -e
${nixos-container}/bin/nixos-container run "$INSTANCE" -- \
bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test"
'';
restartIfChanged = false;
#reloadIfChanged = true; # FIXME
SyslogIdentifier = "container %i";
serviceConfig = {
ExecReload = pkgs.writeScript "reload-container"
''
#! ${pkgs.stdenv.shell} -e
${nixos-container}/bin/nixos-container run "$INSTANCE" -- \
bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test"
'';
EnvironmentFile = "-/etc/containers/%i.conf";
SyslogIdentifier = "container %i";
Type = "notify";
EnvironmentFile = "-/etc/containers/%i.conf";
NotifyAccess = "all";
Type = "notify";
# Note that on reboot, systemd-nspawn returns 133, so this
# unit will be restarted. On poweroff, it returns 0, so the
# unit won't be restarted.
RestartForceExitStatus = "133";
SuccessExitStatus = "133";
NotifyAccess = "all";
Restart = "on-failure";
# Note that on reboot, systemd-nspawn returns 133, so this
# unit will be restarted. On poweroff, it returns 0, so the
# unit won't be restarted.
RestartForceExitStatus = "133";
SuccessExitStatus = "133";
Restart = "on-failure";
# Hack: we don't want to kill systemd-nspawn, since we call
# "machinectl poweroff" in preStop to shut down the
# container cleanly. But systemd requires sending a signal
# (at least if we want remaining processes to be killed
# after the timeout). So send an ignored signal.
KillMode = "mixed";
KillSignal = "WINCH";
};
# Hack: we don't want to kill systemd-nspawn, since we call
# "machinectl poweroff" in preStop to shut down the
# container cleanly. But systemd requires sending a signal
# (at least if we want remaining processes to be killed
# after the timeout). So send an ignored signal.
KillMode = "mixed";
KillSignal = "WINCH";
};
};
in {
systemd.services = listToAttrs (filter (x: x.value != null) (
# The generic container template used by imperative containers
[{ name = "container@"; value = unit; }]
# declarative containers
++ (mapAttrsToList (name: cfg: nameValuePair "container@${name}" (
if cfg.autoStart then
unit // {
wantedBy = [ "multi-user.target" ];
wants = [ "network.target" ];
after = [ "network.target" ];
restartTriggers = [ cfg.path ];
reloadIfChanged = true;
}
else null
)) config.containers)
));
# Generate a configuration file in /etc/containers for each
# container so that container@.target can get the container
@ -396,12 +462,21 @@ in
SYSTEM_PATH=${cfg.path}
${optionalString cfg.privateNetwork ''
PRIVATE_NETWORK=1
${optionalString (cfg.hostBridge != null) ''
HOST_BRIDGE=${cfg.hostBridge}
''}
${optionalString (cfg.hostAddress != null) ''
HOST_ADDRESS=${cfg.hostAddress}
''}
${optionalString (cfg.hostAddress6 != null) ''
HOST_ADDRESS6=${cfg.hostAddress6}
''}
${optionalString (cfg.localAddress != null) ''
LOCAL_ADDRESS=${cfg.localAddress}
''}
${optionalString (cfg.localAddress6 != null) ''
LOCAL_ADDRESS6=${cfg.localAddress6}
''}
''}
INTERFACES="${toString cfg.interfaces}"
${optionalString cfg.autoStart ''
@ -420,31 +495,5 @@ in
networking.dhcpcd.denyInterfaces = [ "ve-*" ];
environment.systemPackages = [ nixos-container ];
# Start containers at boot time.
systemd.services.all-containers =
{ description = "All Containers";
wantedBy = [ "multi-user.target" ];
unitConfig.ConditionDirectoryNotEmpty = "/etc/containers";
serviceConfig.Type = "oneshot";
script =
''
res=0
shopt -s nullglob
for i in /etc/containers/*.conf; do
AUTO_START=
source "$i"
if [ "$AUTO_START" = 1 ]; then
systemctl start "container@$(basename "$i" .conf).service" || res=1
fi
done
exit $res
''; # */
};
};
});
}

72
nixos/modules/virtualisation/ec2-amis.nix
View File

@ -90,40 +90,40 @@
"15.09".us-west-2.pv-ebs = "ami-005fb160";
"15.09".us-west-2.pv-s3 = "ami-cd55bbad";
"16.03".ap-northeast-1.hvm-ebs = "ami-885040e6";
"16.03".ap-northeast-1.hvm-s3 = "ami-d15a4abf";
"16.03".ap-northeast-1.pv-ebs = "ami-7f455511";
"16.03".ap-northeast-1.pv-s3 = "ami-6d7d6d03";
"16.03".ap-southeast-1.hvm-ebs = "ami-478a5f24";
"16.03".ap-southeast-1.hvm-s3 = "ami-b2885dd1";
"16.03".ap-southeast-1.pv-ebs = "ami-55b46136";
"16.03".ap-southeast-1.pv-s3 = "ami-92b762f1";
"16.03".ap-southeast-2.hvm-ebs = "ami-26b09345";
"16.03".ap-southeast-2.hvm-s3 = "ami-52ac8f31";
"16.03".ap-southeast-2.pv-ebs = "ami-1fb3907c";
"16.03".ap-southeast-2.pv-s3 = "ami-49b1922a";
"16.03".eu-central-1.hvm-ebs = "ami-2bd63744";
"16.03".eu-central-1.hvm-s3 = "ami-82d435ed";
"16.03".eu-central-1.pv-ebs = "ami-b729c8d8";
"16.03".eu-central-1.pv-s3 = "ami-a12dccce";
"16.03".eu-west-1.hvm-ebs = "ami-87c242f4";
"16.03".eu-west-1.hvm-s3 = "ami-b6c343c5";
"16.03".eu-west-1.pv-ebs = "ami-6bc94918";
"16.03".eu-west-1.pv-s3 = "ami-00cb4b73";
"16.03".sa-east-1.hvm-ebs = "ami-845cd3e8";
"16.03".sa-east-1.hvm-s3 = "ami-8142cded";
"16.03".sa-east-1.pv-ebs = "ami-1643cc7a";
"16.03".sa-east-1.pv-s3 = "ami-1646c97a";
"16.03".us-east-1.hvm-ebs = "ami-2cc4d046";
"16.03".us-east-1.hvm-s3 = "ami-9bc9ddf1";
"16.03".us-east-1.pv-ebs = "ami-7df4e017";
"16.03".us-east-1.pv-s3 = "ami-90f2e6fa";
"16.03".us-west-1.hvm-ebs = "ami-d8116db8";
"16.03".us-west-1.hvm-s3 = "ami-a7166ac7";
"16.03".us-west-1.pv-ebs = "ami-e90c7089";
"16.03".us-west-1.pv-s3 = "ami-5b0c703b";
"16.03".us-west-2.hvm-ebs = "ami-b339ccd3";
"16.03".us-west-2.hvm-s3 = "ami-2c3bce4c";
"16.03".us-west-2.pv-ebs = "ami-0625d066";
"16.03".us-west-2.pv-s3 = "ami-7414e114";
"16.03".ap-northeast-1.hvm-ebs = "ami-b6edf5d8";
"16.03".ap-northeast-1.hvm-s3 = "ami-b1e3fbdf";
"16.03".ap-northeast-1.pv-ebs = "ami-6190880f";
"16.03".ap-northeast-1.pv-s3 = "ami-908d95fe";
"16.03".ap-southeast-1.hvm-ebs = "ami-35b16656";
"16.03".ap-southeast-1.hvm-s3 = "ami-41be6922";
"16.03".ap-southeast-1.pv-ebs = "ami-4cb96e2f";
"16.03".ap-southeast-1.pv-s3 = "ami-3bb96e58";
"16.03".ap-southeast-2.hvm-ebs = "ami-debc91bd";
"16.03".ap-southeast-2.hvm-s3 = "ami-55bc9136";
"16.03".ap-southeast-2.pv-ebs = "ami-b38ba6d0";
"16.03".ap-southeast-2.pv-s3 = "ami-9e8ba6fd";
"16.03".eu-central-1.hvm-ebs = "ami-7c967413";
"16.03".eu-central-1.hvm-s3 = "ami-b29072dd";
"16.03".eu-central-1.pv-ebs = "ami-7a947615";
"16.03".eu-central-1.pv-s3 = "ami-729b791d";
"16.03".eu-west-1.hvm-ebs = "ami-ff27a98c";
"16.03".eu-west-1.hvm-s3 = "ami-6c21af1f";
"16.03".eu-west-1.pv-ebs = "ami-a33cb2d0";
"16.03".eu-west-1.pv-s3 = "ami-ec38b69f";
"16.03".sa-east-1.hvm-ebs = "ami-5bef6637";
"16.03".sa-east-1.hvm-s3 = "ami-55f87139";
"16.03".sa-east-1.pv-ebs = "ami-76e56c1a";
"16.03".sa-east-1.pv-s3 = "ami-e1f8718d";
"16.03".us-east-1.hvm-ebs = "ami-4bfd1926";
"16.03".us-east-1.hvm-s3 = "ami-60c5210d";
"16.03".us-east-1.pv-ebs = "ami-c0c92dad";
"16.03".us-east-1.pv-s3 = "ami-f9d63294";
"16.03".us-west-1.hvm-ebs = "ami-13aad473";
"16.03".us-west-1.hvm-s3 = "ami-e1a8d681";
"16.03".us-west-1.pv-ebs = "ami-c0a6d8a0";
"16.03".us-west-1.pv-s3 = "ami-6aa9d70a";
"16.03".us-west-2.hvm-ebs = "ami-265dad46";
"16.03".us-west-2.hvm-s3 = "ami-cd40b0ad";
"16.03".us-west-2.pv-ebs = "ami-7b4aba1b";
"16.03".us-west-2.pv-s3 = "ami-0849b968";
}

4
nixos/modules/virtualisation/google-compute-image.nix
View File

@ -66,10 +66,10 @@ in
# Register the paths in the Nix database.
printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""
# Create the system profile to allow nixos-rebuild to work.
chroot /mnt ${config.nix.package}/bin/nix-env \
chroot /mnt ${config.nix.package.out}/bin/nix-env \
-p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} \
--option build-users-group ""

12
nixos/modules/virtualisation/qemu-vm.nix
View File

@ -149,11 +149,11 @@ let
${pkgs.mtools}/bin/mlabel -i /dev/vda2 ::boot
# Mount /boot; load necessary modules first.
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko || true
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko || true
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko || true
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko || true
${pkgs.module_init_tools}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko || true
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_cp437.ko.xz || true
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko.xz || true
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/fat.ko.xz || true
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/fat/vfat.ko.xz || true
${pkgs.kmod}/sbin/insmod ${pkgs.linux}/lib/modules/*/kernel/fs/efivarfs/efivarfs.ko.xz || true
mkdir /boot
mount /dev/vda2 /boot
@ -403,7 +403,7 @@ in
boot.postBootCommands =
''
if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then
${config.nix.package}/bin/nix-store --load-db < ''${BASH_REMATCH[1]}
${config.nix.package.out}/bin/nix-store --load-db < ''${BASH_REMATCH[1]}
fi
'';

5
nixos/release-combined.nix
View File

@ -48,7 +48,7 @@ in rec {
nixos.ova.x86_64-linux
#(all nixos.tests.containers)
(all nixos.tests.chromium.stable)
(all nixos.tests.chromium)
(all nixos.tests.firefox)
(all nixos.tests.firewall)
nixos.tests.gnome3.x86_64-linux # FIXME: i686-linux
@ -64,6 +64,9 @@ in rec {
(all nixos.tests.installer.btrfsSubvols)
(all nixos.tests.installer.btrfsSubvolDefault)
(all nixos.tests.boot.biosCdrom)
(all nixos.tests.boot.biosUsb)
(all nixos.tests.boot.uefiCdrom)
(all nixos.tests.boot.uefiUsb)
(all nixos.tests.ipv6)
(all nixos.tests.kde4)
#(all nixos.tests.lightdm)

3
nixos/release-small.nix
View File

@ -31,7 +31,8 @@ in rec {
inherit (nixos') channel manual iso_minimal dummy;
tests = {
inherit (nixos'.tests)
containers
containers-imperative
containers-ipv4
firewall
ipv6
login

20
nixos/release.nix
View File

@ -103,6 +103,19 @@ in rec {
# Build the initial ramdisk so Hydra can keep track of its size over time.
initialRamdisk = buildFromConfig ({ pkgs, ... }: { }) (config: config.system.build.initialRamdisk);
netboot.x86_64-linux = let build = (import lib/eval-config.nix {
system = "x86_64-linux";
modules = [
./modules/installer/netboot/netboot-minimal.nix
versionModule
];
}).config.system.build;
in
pkgs.symlinkJoin {name="netboot"; paths=[
build.netbootRamdisk
build.kernel
build.netbootIpxeScript
];};
iso_minimal = forAllSystems (system: makeIso {
module = ./modules/installer/cd-dvd/installation-cd-minimal.nix;
@ -197,9 +210,12 @@ in rec {
tests.blivet = callTest tests/blivet.nix {};
tests.boot = callSubTests tests/boot.nix {};
tests.cadvisor = hydraJob (import tests/cadvisor.nix { system = "x86_64-linux"; });
tests.chromium = callSubTests tests/chromium.nix {};
tests.chromium = (callSubTests tests/chromium.nix { system = "x86_64-linux"; }).stable;
tests.cjdns = callTest tests/cjdns.nix {};
tests.containers = callTest tests/containers.nix {};
tests.containers-ipv4 = callTest tests/containers-ipv4.nix {};
tests.containers-ipv6 = callTest tests/containers-ipv6.nix {};
tests.containers-bridge = callTest tests/containers-bridge.nix {};
tests.containers-imperative = callTest tests/containers-imperative.nix {};
tests.docker = hydraJob (import tests/docker.nix { system = "x86_64-linux"; });
tests.dockerRegistry = hydraJob (import tests/docker-registry.nix { system = "x86_64-linux"; });
tests.dnscrypt-proxy = callTest tests/dnscrypt-proxy.nix { system = "x86_64-linux"; };

43
nixos/tests/boot.nix
View File

@ -44,5 +44,44 @@ in {
usb => glob("${iso}/iso/*.iso"),
bios => '${pkgs.OVMF}/FV/OVMF.fd'
'';
}
netboot = let
config = (import ../lib/eval-config.nix {
inherit system;
modules =
[ ../modules/installer/netboot/netboot.nix
../modules/testing/test-instrumentation.nix
{ key = "serial"; }
];
}).config;
ipxeScriptDir = pkgs.writeTextFile {
name = "ipxeScriptDir";
text = ''
#!ipxe
dhcp
kernel bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} console=ttyS0
initrd initrd
boot
'';
destination = "/boot.ipxe";
};
ipxeBootDir = pkgs.symlinkJoin {
name = "ipxeBootDir";
paths = [
config.system.build.netbootRamdisk
config.system.build.kernel
ipxeScriptDir
];
};
in
makeTest {
name = "boot-netboot";
nodes = { };
testScript =
''
my $machine = createMachine({ qemuFlags => '-boot order=n -net nic,model=e1000 -net user,tftp=${ipxeBootDir}/,bootfile=boot.ipxe -m 2000M' });
$machine->start;
$machine->waitForUnit("multi-user.target");
$machine->shutdown;
'';
};
}

81
nixos/tests/containers-bridge.nix Normal file
View File

@ -0,0 +1,81 @@
# Test for NixOS' container support.
let
hostIp = "192.168.0.1";
containerIp = "192.168.0.100/24";
hostIp6 = "fc00::1";
containerIp6 = "fc00::2/7";
in
import ./make-test.nix ({ pkgs, ...} : {
name = "containers-bridge";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ aristid aszlig eelco chaoflow ];
};
machine =
{ config, pkgs, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;
virtualisation.memorySize = 768;
networking.bridges = {
br0 = {
interfaces = [];
};
};
networking.interfaces = {
br0 = {
ip4 = [{ address = hostIp; prefixLength = 24; }];
ip6 = [{ address = hostIp6; prefixLength = 7; }];
};
};
containers.webserver =
{
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
localAddress = containerIp;
localAddress6 = containerIp6;
config =
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowPing = true;
};
};
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
};
testScript =
''
$machine->waitForUnit("default.target");
$machine->succeed("nixos-container list") =~ /webserver/ or die;
# Start the webserver container.
$machine->succeed("nixos-container status webserver") =~ /up/ or die;
"${containerIp}" =~ /([^\/]+)\/([0-9+])/;
my $ip = $1;
chomp $ip;
$machine->succeed("ping -n -c 1 $ip");
$machine->succeed("curl --fail http://$ip/ > /dev/null");
"${containerIp6}" =~ /([^\/]+)\/([0-9+])/;
my $ip6 = $1;
chomp $ip6;
$machine->succeed("ping6 -n -c 1 $ip6");
$machine->succeed("curl --fail http://[$ip6]/ > /dev/null");
# Stop the container.
$machine->succeed("nixos-container stop webserver");
$machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
$machine->fail("curl --fail --connect-timeout 2 http://[$ip6]/ > /dev/null");
# Destroying a declarative container should fail.
$machine->fail("nixos-container destroy webserver");
'';
})

45
nixos/tests/containers.nix → nixos/tests/containers-imperative.nix
View File

@ -1,50 +1,30 @@
# Test for NixOS' container support.
import ./make-test.nix ({ pkgs, ...} : {
name = "containers";
name = "containers-imperative";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ aristid aszlig eelco chaoflow ];
};
machine =
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;
virtualisation.memorySize = 768;
containers.webserver =
{ privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.2";
config =
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowPing = true;
};
# Make sure we always have all the required dependencies for creating a
# container available within the VM, because we don't have network access.
virtualisation.pathsInNixDB = let
emptyContainer = import ../lib/eval-config.nix {
inherit (config.nixpkgs) system;
modules = lib.singleton {
containers.foo.config = {};
};
};
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
in [ pkgs.stdenv emptyContainer.config.containers.foo.path ];
};
testScript =
''
$machine->succeed("nixos-container list") =~ /webserver/ or die;
# Start the webserver container.
$machine->succeed("nixos-container start webserver");
# Since "start" returns after the container has reached
# multi-user.target, we should now be able to access it.
my $ip = $machine->succeed("nixos-container show-ip webserver");
chomp $ip;
#$machine->succeed("ping -c1 $ip"); # FIXME
$machine->succeed("curl --fail http://$ip/ > /dev/null");
# Stop the container.
$machine->succeed("nixos-container stop webserver");
$machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
# Make sure we have a NixOS tree (required by nixos-container create).
$machine->succeed("PAGER=cat nix-env -qa -A nixos.hello >&2");
@ -111,9 +91,6 @@ import ./make-test.nix ({ pkgs, ...} : {
# Ensure that the container path is gone
"test ! -e /var/lib/containers/$id1"
);
# Destroying a declarative container should fail.
$machine->fail("nixos-container destroy webserver");
'';
})

55
nixos/tests/containers-ipv4.nix Normal file
View File

@ -0,0 +1,55 @@
# Test for NixOS' container support.
import ./make-test.nix ({ pkgs, ...} : {
name = "containers-ipv4";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ aristid aszlig eelco chaoflow ];
};
machine =
{ config, pkgs, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;
virtualisation.memorySize = 768;
containers.webserver =
{ privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.2";
config =
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowPing = true;
};
};
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
};
testScript =
''
$machine->succeed("nixos-container list") =~ /webserver/ or die;
# Start the webserver container.
$machine->succeed("nixos-container start webserver");
# wait two seconds for the container to start and the network to be up
sleep 2;
# Since "start" returns after the container has reached
# multi-user.target, we should now be able to access it.
my $ip = $machine->succeed("nixos-container show-ip webserver");
chomp $ip;
$machine->succeed("ping -n -c1 $ip");
$machine->succeed("curl --fail http://$ip/ > /dev/null");
# Stop the container.
$machine->succeed("nixos-container stop webserver");
$machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
# Destroying a declarative container should fail.
$machine->fail("nixos-container destroy webserver");
'';
})

61
nixos/tests/containers-ipv6.nix Normal file
View File

@ -0,0 +1,61 @@
# Test for NixOS' container support.
let
hostIp = "fc00::2";
localIp = "fc00::1";
in
import ./make-test.nix ({ pkgs, ...} : {
name = "containers-ipv6";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ aristid aszlig eelco chaoflow ];
};
machine =
{ config, pkgs, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;
virtualisation.memorySize = 768;
containers.webserver =
{ privateNetwork = true;
hostAddress6 = hostIp;
localAddress6 = localIp;
config =
{ services.httpd.enable = true;
services.httpd.adminAddr = "foo@example.org";
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowPing = true;
};
};
virtualisation.pathsInNixDB = [ pkgs.stdenv ];
};
testScript =
''
$machine->waitForUnit("default.target");
$machine->succeed("nixos-container list") =~ /webserver/ or die;
# Start the webserver container.
$machine->succeed("nixos-container start webserver");
# wait two seconds for the container to start and the network to be up
sleep 2;
# Since "start" returns after the container has reached
# multi-user.target, we should now be able to access it.
my $ip = "${localIp}";
chomp $ip;
$machine->succeed("ping6 -n -c 1 $ip");
$machine->succeed("curl --fail http://[$ip]/ > /dev/null");
# Stop the container.
$machine->succeed("nixos-container stop webserver");
$machine->fail("curl --fail --connect-timeout 2 http://[$ip]/ > /dev/null");
# Destroying a declarative container should fail.
$machine->fail("nixos-container destroy webserver");
'';
})

2
nixos/tests/printing.nix
View File

@ -62,7 +62,7 @@ import ./make-test.nix ({pkgs, ... }: {
# Test printing various file types.
foreach my $file ("${pkgs.groff.doc}/share/doc/*/examples/mom/penguin.pdf",
"${pkgs.groff.doc}/share/doc/*/meref.ps",
"${pkgs.cups}/share/doc/cups/images/cups.png",
"${pkgs.cups.out}/share/doc/cups/images/cups.png",
"${pkgs.pcre.doc}/share/doc/pcre/pcre.txt")
{
$file =~ /([^\/]*)$/; my $fn = $1;

68
pkgs/applications/audio/MMA/default.nix Normal file
View File

@ -0,0 +1,68 @@
{ stdenv, fetchurl, makeWrapper, python, alsaUtils, timidity }:
stdenv.mkDerivation rec {
version = "15.12";
name = "mma-${version}";
src = fetchurl {
url = "http://www.mellowood.ca/mma/mma-bin-${version}.tar.gz";
sha256 = "0k37kcrfaxmwjb8xb1cbqinrkx3g50dbvwqbvwl3l762j4vr8jgx";
};
buildInputs = [ makeWrapper python alsaUtils timidity ];
patchPhase = ''
sed -i 's@/usr/bin/aplaymidi@/${alsaUtils}/bin/aplaymidi@g' mma-splitrec
sed -i 's@/usr/bin/aplaymidi@/${alsaUtils}/bin/aplaymidi@g' util/mma-splitrec.py
sed -i 's@/usr/bin/arecord@/${alsaUtils}/bin/arecord@g' mma-splitrec
sed -i 's@/usr/bin/arecord@/${alsaUtils}/bin/arecord@g' util/mma-splitrec.py
sed -i 's@/usr/bin/timidity@/${timidity}/bin/timidity@g' mma-splitrec
sed -i 's@/usr/bin/timidity@/${timidity}/bin/timidity@g' util/mma-splitrec.py
find . -type f | xargs sed -i 's@/usr/bin/env python@${python}/bin/python@g'
'';
installPhase = ''
mkdir -p $out/{bin,share/mma,share/man/man1,share/man/man8}
mkdir -p $out/etc
cp mma.py $out/bin/mma
cp mma-gb $out/bin/mma-gb
cp mma-libdoc $out/bin/mma-libdoc
cp mma-renum $out/bin/mma-renum
cp mma-splitrec $out/bin/mma-splitrec
cp util/mma-mnx.py $out/bin/mma-mnx
cp util/mma-rm2std.py $out/bin/mma-rm2std
cp util/mmatabs.py $out/bin/mmatabs
cp util/mup2mma.py $out/bin/mup2mma
cp util/pg2mma.py $out/bin/pg2mma
cp util/synthsplit.py $out/bin/mma-synthsplit
cp -r {docs,egs,includes,lib,MMA,text} $out/share/mma
rmdir $out/share/mma/includes/aria
cp util/README.* $out/share/mma/docs
mv $out/share/mma/docs/man/mma-libdoc.8 $out/share/man/man8
mv $out/share/mma/docs/man/mma-renum.1 $out/share/man/man1
mv $out/share/mma/docs/man/mma.1 $out/share/man/man1
mv $out/share/mma/docs/man/mma-gb.1 $out/share/man/man1
rm -rf $out/share/mma/docs/man
find $out -type f | xargs sed -i "s@/usr/share/mma@$out/share/mma@g"
'';
preFixup = ''
PYTHONPATH=$out/share/mma/:$PYTHONPATH
for f in $out/bin/*; do
wrapProgram $f \
--prefix PYTHONPATH : $PYTHONPATH
done
cd $out/share/mma/
$out/bin/mma -G
'';
meta = {
description = "Creates MIDI tracks for a soloist to perform over from a user supplied file containing chords";
homepage = http://www.mellowood.ca/mma/index.html;
license = stdenv.lib.licenses.gpl2;
maintainers = [ stdenv.lib.maintainers.magnetophon ];
platforms = stdenv.lib.platforms.linux;
};
}

6
pkgs/applications/audio/abcde/default.nix
View File

@ -3,13 +3,13 @@
, perl, DigestSHA, MusicBrainz, MusicBrainzDiscID
, makeWrapper }:
let version = "2.7";
let version = "2.7.2";
in
stdenv.mkDerivation {
name = "abcde-${version}";
src = fetchurl {
url = "http://abcde.einval.com/download/abcde-${version}.tar.gz";
sha256 = "0ikpffzvacadh6vj9qlary8126j1zrd2knp9gvivmp7y1656jj01";
sha256 = "1pakpi41k8yd780mfp0snhia6mmwjwxk9lcrq6gynimch8b8hfda";
};
# FIXME: This package does not support `distmp3', `eject', etc.
@ -39,6 +39,8 @@ in
buildInputs = [ makeWrapper ];
installFlags = [ "sysconfdir=$(out)/etc" ];
postInstall = ''
# substituteInPlace "$out/bin/cddb-tool" \
# --replace '#!/bin/sh' '#!${bash}/bin/sh'

4
pkgs/applications/audio/amarok/default.nix
View File

@ -2,7 +2,7 @@
, qtscriptgenerator, gettext, curl , libxml2, mysql, taglib
, taglib_extras, loudmouth , kdelibs , qca2, libmtp, liblastfm, libgpod
, phonon , strigi, soprano, qjson, ffmpeg, libofa, nepomuk_core ? null
, lz4, lzo, snappy, libaio
, lz4, lzo, snappy, libaio, pcre
}:
stdenv.mkDerivation rec {
@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
qtscriptgenerator stdenv.cc.libc gettext curl libxml2 mysql.lib
taglib taglib_extras loudmouth kdelibs phonon strigi soprano qca2
libmtp liblastfm libgpod qjson ffmpeg libofa nepomuk_core
lz4 lzo snappy libaio
lz4 lzo snappy libaio pcre
];
# This is already fixed upstream, will be release in 2.9

18
pkgs/applications/audio/audacity/default.nix
View File

@ -1,15 +1,15 @@
{ stdenv, fetchurl, wxGTK, pkgconfig, gettext, gtk, glib, zlib, perl, intltool,
{ stdenv, fetchurl, wxGTK30, pkgconfig, gettext, gtk, glib, zlib, perl, intltool,
libogg, libvorbis, libmad, alsaLib, libsndfile, soxr, flac, lame, fetchpatch,
expat, libid3tag, ffmpeg, soundtouch /*, portaudio - given up fighting their portaudio.patch */
}:
stdenv.mkDerivation rec {
version = "2.1.1";
version = "2.1.2";
name = "audacity-${version}";
src = fetchurl {
url = "https://github.com/audacity/audacity/archive/Audacity-${version}.tar.gz";
sha256 = "15c5ff7ac1c0b19b08f4bdcb0f4988743da2f9ed3fab41d6f07600e67cb9ddb6";
sha256 = "1ggr6g0mk36rqj7ahsg8b0b1r9kphwajzvxgn43md263rm87n04h";
};
patches = [(fetchpatch {
name = "new-ffmpeg.patch";
@ -18,12 +18,6 @@ stdenv.mkDerivation rec {
sha256 = "19fr674mw844zmkp1476yigkcnmb6zyn78av64ccdwi3p68i00rf";
})];
# fix with gcc-5 from http://lists.freebsd.org/pipermail/freebsd-ports-bugs/2012-December/245884.html
postPatch = ''
substituteInPlace lib-src/libnyquist/nyquist/ffts/src/fftlib.c \
--replace 'inline void' 'static inline void'
'';
preConfigure = /* we prefer system-wide libs */ ''
mv lib-src lib-src-rm
mkdir lib-src
@ -31,11 +25,11 @@ stdenv.mkDerivation rec {
rm -r lib-src-rm/
'';
configureFlags = "--with-libsamplerate";
configureFlags = [ "--with-libsamplerate" ];
buildInputs = [
pkgconfig gettext wxGTK gtk expat alsaLib
libsndfile soxr libid3tag
pkgconfig gettext wxGTK30 expat alsaLib
libsndfile soxr libid3tag gtk
ffmpeg libmad lame libvorbis flac soundtouch
]; #ToDo: detach sbsms

8
pkgs/applications/audio/deadbeef/default.nix
View File

@ -53,11 +53,11 @@ assert remoteSupport -> curl != null;
stdenv.mkDerivation rec {
name = "deadbeef-${version}";
version = "0.7.0";
version = "0.7.2";
src = fetchurl {
url = "mirror://sourceforge/project/deadbeef/${name}.tar.bz2";
sha256 = "0s6qip1zs83pig75pnd30ayiv1dbbj7s72px9mr31f4m0v86kaqx";
sha256 = "0rwdxxn7h94vlgblbkswyvj6pm82488v8x5nrmlrcsbzjjf2pccw";
};
buildInputs = with stdenv.lib; [ jansson ]
@ -96,10 +96,10 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "Ultimate Music Player for GNU/Linux";
homepage = http://deadbeef.sourceforge.net/;
homepage = "http://deadbeef.sourceforge.net/";
license = licenses.gpl2;
platforms = platforms.linux;
maintainers = [ maintainers.abbradar ];
repositories.git = https://github.com/Alexey-Yakovenko/deadbeef;
repositories.git = "https://github.com/Alexey-Yakovenko/deadbeef";
};
}

20
pkgs/applications/audio/deadbeef/wrapper.nix
View File

@ -1,22 +1,14 @@
{ stdenv, buildEnv, deadbeef, makeWrapper, plugins }:
{ stdenv, symlinkJoin, deadbeef, makeWrapper, plugins }:
let
drv = buildEnv {
name = "deadbeef-with-plugins-" + (builtins.parseDrvName deadbeef.name).version;
symlinkJoin {
name = "deadbeef-with-plugins-${deadbeef.version}";
paths = [ deadbeef ] ++ plugins;
buildInputs = [ makeWrapper ];
postBuild = ''
# TODO: This could be avoided if buildEnv could be forced to create all directories
if [ -L $out/bin ]; then
rm $out/bin
mkdir $out/bin
for i in ${deadbeef}/bin/*; do
ln -s $i $out/bin
done
fi
wrapProgram $out/bin/deadbeef \
--set DEADBEEF_PLUGIN_DIR "$out/lib/deadbeef"
'';
};
in stdenv.lib.overrideDerivation drv (x : { buildInputs = x.buildInputs ++ [ makeWrapper ]; })
}

4
pkgs/applications/audio/fmit/default.nix
View File

@ -9,10 +9,10 @@ assert portaudioSupport -> portaudio != null;
stdenv.mkDerivation rec {
name = "fmit-${version}";
version = "1.0.8";
version = "1.0.13";
src = fetchFromGitHub {
sha256 = "04s7xcgmi5g58lirr48vf203n1jwdxf981x1p6ysbax24qwhs2kd";
sha256 = "04cj70q60sqns68nvw4zfy6078x4cc2q1y2y13z3rs5n80jw27by";
rev = "v${version}";
repo = "fmit";
owner = "gillesdegottex";

34
pkgs/applications/audio/linuxband/default.nix Normal file
View File

@ -0,0 +1,34 @@
{ stdenv, fetchurl, makeWrapper, pkgconfig, MMA, libjack2, libsmf, python, pyGtkGlade, pygtksourceview }:
stdenv.mkDerivation rec {
version = "12.02.1";
name = "linuxband-${version}";
src = fetchurl {
url = "http://linuxband.org/assets/sources/${name}.tar.gz";
sha256 = "1r71h4yg775m4gax4irrvygmrsclgn503ykmc2qwjsxa42ri4n2n";
};
buildInputs = [ makeWrapper pkgconfig MMA libjack2 libsmf python pyGtkGlade pygtksourceview ];
patchPhase = ''
sed -i 's@/usr/@${MMA}/@g' src/main/config/linuxband.rc.in
cat src/main/config/linuxband.rc.in
'';
postFixup = ''
PYTHONPATH=$pyGtkGlade/share/:pygtksourceview/share/:$PYTHONPATH
for f in $out/bin/*; do
wrapProgram $f \
--prefix PYTHONPATH : $PYTHONPATH
done
'';
meta = {
description = "A GUI front-end for MMA: Type in the chords, choose the groove and it will play an accompaniment";
homepage = http://linuxband.org/;
license = stdenv.lib.licenses.gpl2;
maintainers = [ stdenv.lib.maintainers.magnetophon ];
platforms = stdenv.lib.platforms.linux;
};
}

6
pkgs/applications/audio/non/default.nix
View File

@ -4,12 +4,12 @@
stdenv.mkDerivation rec {
name = "non-${version}";
version = "2016-03-06";
version = "2016-04-05";
src = fetchFromGitHub {
owner = "original-male";
repo = "non";
rev = "3946d392216ee999b560d8b7cdee7c4347110e29";
sha256 = "02vnq2mfimgdrmv3lmz80yif4h9a1lympv0wqc5dr2l0f8amj2fp";
rev = "16885e69fe865495dc32d869d1454ab148b0dca6";
sha256 = "1nwzzgcdpbqh5kjvz40yy5nmzvpp8gcr9biyhhwi68s5bsg972ss";
};
buildInputs = [ pkgconfig python2 cairo libjpeg ntk libjack2 libsndfile

Some files were not shown because too many files have changed in this diff Show More