Merge remote-tracking branch 'nixpkgs/staging-next' into staging

Conflicts:
	pkgs/development/libraries/zlib/default.nix
	pkgs/development/lua-modules/overrides.nix
This commit is contained in:
Alyssa Ross 2022-04-02 16:45:48 +00:00
commit 8ba23e138d
No known key found for this signature in database
GPG Key ID: F9DBED4859B271C0
485 changed files with 7451 additions and 5000 deletions

View File

@ -1,14 +1,15 @@
name: Basic evaluation checks
on:
pull_request:
branches:
- master
- release-**
push:
branches:
- master
- release-**
workflow_dispatch
# pull_request:
# branches:
# - master
# - release-**
# push:
# branches:
# - master
# - release-**
jobs:
tests:
runs-on: ubuntu-latest

View File

@ -117,8 +117,55 @@ rec {
callPackageWith = autoArgs: fn: args:
let
f = if lib.isFunction fn then fn else import fn;
auto = builtins.intersectAttrs (lib.functionArgs f) autoArgs;
in makeOverridable f (auto // args);
fargs = lib.functionArgs f;
# All arguments that will be passed to the function
# This includes automatic ones and ones passed explicitly
allArgs = builtins.intersectAttrs fargs autoArgs // args;
# A list of argument names that the function requires, but
# wouldn't be passed to it
missingArgs = lib.attrNames
# Filter out arguments that have a default value
(lib.filterAttrs (name: value: ! value)
# Filter out arguments that would be passed
(removeAttrs fargs (lib.attrNames allArgs)));
# Get a list of suggested argument names for a given missing one
getSuggestions = arg: lib.pipe (autoArgs // args) [
lib.attrNames
# Only use ones that are at most 2 edits away. While mork would work,
# levenshteinAtMost is only fast for 2 or less.
(lib.filter (lib.strings.levenshteinAtMost 2 arg))
# Put strings with shorter distance first
(lib.sort (x: y: lib.strings.levenshtein x arg < lib.strings.levenshtein y arg))
# Only take the first couple results
(lib.take 3)
# Quote all entries
(map (x: "\"" + x + "\""))
];
prettySuggestions = suggestions:
if suggestions == [] then ""
else if lib.length suggestions == 1 then ", did you mean ${lib.elemAt suggestions 0}?"
else ", did you mean ${lib.concatStringsSep ", " (lib.init suggestions)} or ${lib.last suggestions}?";
errorForArg = arg:
let
loc = builtins.unsafeGetAttrPos arg fargs;
# loc' can be removed once lib/minver.nix is >2.3.4, since that includes
# https://github.com/NixOS/nix/pull/3468 which makes loc be non-null
loc' = if loc != null then loc.file + ":" + toString loc.line
else if ! lib.isFunction fn then
toString fn + lib.optionalString (lib.sources.pathIsDirectory fn) "/default.nix"
else "<unknown location>";
in "Function called without required argument \"${arg}\" at "
+ "${loc'}${prettySuggestions (getSuggestions arg)}";
# Only show the error for the first missing argument
error = errorForArg (lib.head missingArgs);
in if missingArgs == [] then makeOverridable f allArgs else throw error;
/* Like callPackage, but for a function that returns an attribute

View File

@ -774,4 +774,131 @@ rec {
(x: if stringLength x == 0 then "unknown" else x)
];
/* Computes the Levenshtein distance between two strings.
Complexity O(n*m) where n and m are the lengths of the strings.
Algorithm adjusted from https://stackoverflow.com/a/9750974/6605742
Type: levenshtein :: string -> string -> int
Example:
levenshtein "foo" "foo"
=> 0
levenshtein "book" "hook"
=> 1
levenshtein "hello" "Heyo"
=> 3
*/
levenshtein = a: b: let
# Two dimensional array with dimensions (stringLength a + 1, stringLength b + 1)
arr = lib.genList (i:
lib.genList (j:
dist i j
) (stringLength b + 1)
) (stringLength a + 1);
d = x: y: lib.elemAt (lib.elemAt arr x) y;
dist = i: j:
let c = if substring (i - 1) 1 a == substring (j - 1) 1 b
then 0 else 1;
in
if j == 0 then i
else if i == 0 then j
else lib.min
( lib.min (d (i - 1) j + 1) (d i (j - 1) + 1))
( d (i - 1) (j - 1) + c );
in d (stringLength a) (stringLength b);
/* Returns the length of the prefix common to both strings.
*/
commonPrefixLength = a: b:
let
m = lib.min (stringLength a) (stringLength b);
go = i: if i >= m then m else if substring i 1 a == substring i 1 b then go (i + 1) else i;
in go 0;
/* Returns the length of the suffix common to both strings.
*/
commonSuffixLength = a: b:
let
m = lib.min (stringLength a) (stringLength b);
go = i: if i >= m then m else if substring (stringLength a - i - 1) 1 a == substring (stringLength b - i - 1) 1 b then go (i + 1) else i;
in go 0;
/* Returns whether the levenshtein distance between two strings is at most some value
Complexity is O(min(n,m)) for k <= 2 and O(n*m) otherwise
Type: levenshteinAtMost :: int -> string -> string -> bool
Example:
levenshteinAtMost 0 "foo" "foo"
=> true
levenshteinAtMost 1 "foo" "boa"
=> false
levenshteinAtMost 2 "foo" "boa"
=> true
levenshteinAtMost 2 "This is a sentence" "this is a sentense."
=> false
levenshteinAtMost 3 "This is a sentence" "this is a sentense."
=> true
*/
levenshteinAtMost = let
infixDifferAtMost1 = x: y: stringLength x <= 1 && stringLength y <= 1;
# This function takes two strings stripped by their common pre and suffix,
# and returns whether they differ by at most two by Levenshtein distance.
# Because of this stripping, if they do indeed differ by at most two edits,
# we know that those edits were (if at all) done at the start or the end,
# while the middle has to have stayed the same. This fact is used in the
# implementation.
infixDifferAtMost2 = x: y:
let
xlen = stringLength x;
ylen = stringLength y;
# This function is only called with |x| >= |y| and |x| - |y| <= 2, so
# diff is one of 0, 1 or 2
diff = xlen - ylen;
# Infix of x and y, stripped by the left and right most character
xinfix = substring 1 (xlen - 2) x;
yinfix = substring 1 (ylen - 2) y;
# x and y but a character deleted at the left or right
xdelr = substring 0 (xlen - 1) x;
xdell = substring 1 (xlen - 1) x;
ydelr = substring 0 (ylen - 1) y;
ydell = substring 1 (ylen - 1) y;
in
# A length difference of 2 can only be gotten with 2 delete edits,
# which have to have happened at the start and end of x
# Example: "abcdef" -> "bcde"
if diff == 2 then xinfix == y
# A length difference of 1 can only be gotten with a deletion on the
# right and a replacement on the left or vice versa.
# Example: "abcdef" -> "bcdez" or "zbcde"
else if diff == 1 then xinfix == ydelr || xinfix == ydell
# No length difference can either happen through replacements on both
# sides, or a deletion on the left and an insertion on the right or
# vice versa
# Example: "abcdef" -> "zbcdez" or "bcdefz" or "zabcde"
else xinfix == yinfix || xdelr == ydell || xdell == ydelr;
in k: if k <= 0 then a: b: a == b else
let f = a: b:
let
alen = stringLength a;
blen = stringLength b;
prelen = commonPrefixLength a b;
suflen = commonSuffixLength a b;
presuflen = prelen + suflen;
ainfix = substring prelen (alen - presuflen) a;
binfix = substring prelen (blen - presuflen) b;
in
# Make a be the bigger string
if alen < blen then f b a
# If a has over k more characters than b, even with k deletes on a, b can't be reached
else if alen - blen > k then false
else if k == 1 then infixDifferAtMost1 ainfix binfix
else if k == 2 then infixDifferAtMost2 ainfix binfix
else levenshtein ainfix binfix <= k;
in f;
}

View File

@ -913,4 +913,156 @@ runTests {
};
};
## Levenshtein distance functions and co.
testCommonPrefixLengthEmpty = {
expr = strings.commonPrefixLength "" "hello";
expected = 0;
};
testCommonPrefixLengthSame = {
expr = strings.commonPrefixLength "hello" "hello";
expected = 5;
};
testCommonPrefixLengthDiffering = {
expr = strings.commonPrefixLength "hello" "hey";
expected = 2;
};
testCommonSuffixLengthEmpty = {
expr = strings.commonSuffixLength "" "hello";
expected = 0;
};
testCommonSuffixLengthSame = {
expr = strings.commonSuffixLength "hello" "hello";
expected = 5;
};
testCommonSuffixLengthDiffering = {
expr = strings.commonSuffixLength "test" "rest";
expected = 3;
};
testLevenshteinEmpty = {
expr = strings.levenshtein "" "";
expected = 0;
};
testLevenshteinOnlyAdd = {
expr = strings.levenshtein "" "hello there";
expected = 11;
};
testLevenshteinOnlyRemove = {
expr = strings.levenshtein "hello there" "";
expected = 11;
};
testLevenshteinOnlyTransform = {
expr = strings.levenshtein "abcdef" "ghijkl";
expected = 6;
};
testLevenshteinMixed = {
expr = strings.levenshtein "kitchen" "sitting";
expected = 5;
};
testLevenshteinAtMostZeroFalse = {
expr = strings.levenshteinAtMost 0 "foo" "boo";
expected = false;
};
testLevenshteinAtMostZeroTrue = {
expr = strings.levenshteinAtMost 0 "foo" "foo";
expected = true;
};
testLevenshteinAtMostOneFalse = {
expr = strings.levenshteinAtMost 1 "car" "ct";
expected = false;
};
testLevenshteinAtMostOneTrue = {
expr = strings.levenshteinAtMost 1 "car" "cr";
expected = true;
};
# We test levenshteinAtMost 2 particularly well because it uses a complicated
# implementation
testLevenshteinAtMostTwoIsEmpty = {
expr = strings.levenshteinAtMost 2 "" "";
expected = true;
};
testLevenshteinAtMostTwoIsZero = {
expr = strings.levenshteinAtMost 2 "abcdef" "abcdef";
expected = true;
};
testLevenshteinAtMostTwoIsOne = {
expr = strings.levenshteinAtMost 2 "abcdef" "abddef";
expected = true;
};
testLevenshteinAtMostTwoDiff0False = {
expr = strings.levenshteinAtMost 2 "abcdef" "aczyef";
expected = false;
};
testLevenshteinAtMostTwoDiff0Outer = {
expr = strings.levenshteinAtMost 2 "abcdef" "zbcdez";
expected = true;
};
testLevenshteinAtMostTwoDiff0DelLeft = {
expr = strings.levenshteinAtMost 2 "abcdef" "bcdefz";
expected = true;
};
testLevenshteinAtMostTwoDiff0DelRight = {
expr = strings.levenshteinAtMost 2 "abcdef" "zabcde";
expected = true;
};
testLevenshteinAtMostTwoDiff1False = {
expr = strings.levenshteinAtMost 2 "abcdef" "bddez";
expected = false;
};
testLevenshteinAtMostTwoDiff1DelLeft = {
expr = strings.levenshteinAtMost 2 "abcdef" "bcdez";
expected = true;
};
testLevenshteinAtMostTwoDiff1DelRight = {
expr = strings.levenshteinAtMost 2 "abcdef" "zbcde";
expected = true;
};
testLevenshteinAtMostTwoDiff2False = {
expr = strings.levenshteinAtMost 2 "hello" "hxo";
expected = false;
};
testLevenshteinAtMostTwoDiff2True = {
expr = strings.levenshteinAtMost 2 "hello" "heo";
expected = true;
};
testLevenshteinAtMostTwoDiff3 = {
expr = strings.levenshteinAtMost 2 "hello" "ho";
expected = false;
};
testLevenshteinAtMostThreeFalse = {
expr = strings.levenshteinAtMost 3 "hello" "Holla!";
expected = false;
};
testLevenshteinAtMostThreeTrue = {
expr = strings.levenshteinAtMost 3 "hello" "Holla";
expected = true;
};
}

View File

@ -8549,7 +8549,7 @@
};
msfjarvis = {
github = "msfjarvis";
githubId = 3348378;
githubId = 13348378;
name = "Harsh Shandilya";
email = "nixos@msfjarvis.dev";
keys = [{

View File

@ -0,0 +1,98 @@
#!/usr/bin/env nix-shell
#!nix-shell -i perl -p perl -p perlPackages.JSON perlPackages.LWPUserAgent perlPackages.LWPProtocolHttps perlPackages.TermReadKey
# This script generates a list of teams to ping for the Feature Freeze announcement on Discourse.
# It's intended to be used by Release Managers before creating such posts.
#
# The script interactively reads a GitHub username and a corresponding GitHub Personal Access token.
# This is required to access the GitHub Teams API so the token needs at least the read:org privilege.
## no critic (InputOutput::RequireCheckedSyscalls, InputOutput::ProhibitBacktickOperators)
use strict;
use warnings;
use Carp;
use Cwd 'abs_path';
use File::Basename;
use JSON qw(decode_json);
use LWP::UserAgent;
use Term::ReadKey qw(ReadLine ReadMode);
sub github_team_members {
my ($team_name, $username, $token) = @_;
my @ret;
my $req = HTTP::Request->new('GET', "https://api.github.com/orgs/NixOS/teams/$team_name/members", [ 'Accept' => 'application/vnd.github.v3+json' ]);
$req->authorization_basic($username, $token);
my $response = LWP::UserAgent->new->request($req);
if ($response->is_success) {
my $content = decode_json($response->decoded_content);
foreach (@{$content}) {
push @ret, $_->{'login'};
}
} else {
print {*STDERR} "!! Requesting members of GitHub Team '$team_name' failed: $response->status_line";
}
return \@ret;
}
# Read GitHub credentials
print {*STDERR} 'GitHub username: ';
my $github_user = ReadLine(0);
ReadMode('noecho');
print {*STDERR} 'GitHub personal access token (no echo): ';
my $github_token = ReadLine(0);
ReadMode('restore');
print {*STDERR} "\n";
chomp $github_user;
chomp $github_token;
# Read nix output
my $nix_version = `nix --version`;
my $out;
my $lib_path = abs_path(dirname(__FILE__)) . '../../../lib';
if ($nix_version =~ m/2[.]3[.]/msx) {
$out = `nix eval --json '(import $lib_path).teams'` || croak 'nix eval failed';
} else {
$out = `nix --extra-experimental-features nix-command eval --json --impure --expr '(import $lib_path).teams'` || croak('nix eval failed');
}
my $data = decode_json($out);
# Process teams
print {*STDERR} "\n";
while (my ($team_nix_key, $team_config) = each %{$data}) {
# Ignore teams that don't want to be or can't be pinged
if (not defined $team_config->{enableFeatureFreezePing} or not $team_config->{enableFeatureFreezePing}) {
next;
}
if (not defined $team_config->{shortName}) {
print {*STDERR} "!! The team with the nix key '$team_nix_key' has no shortName set - ignoring";
next;
}
# Team name
print {*STDERR} "$team_config->{shortName}:";
# GitHub Teams
my @github_members;
if (defined $team_config->{githubTeams}) {
foreach (@{$team_config->{githubTeams}}) {
print {*STDERR} " \@NixOS/${_}";
push @github_members, @{github_team_members($_, $github_user, $github_token)};
}
}
my %github_members = map { $_ => 1 } @github_members;
# Members
if (defined $team_config->{members}) {
foreach (@{$team_config->{members}}) {
my %user = %{$_};
my $github_handle = $user{'github'};
# Ensure we don't ping team members twice (as team member and directly)
if (defined $github_members{$github_handle}) {
next;
}
print {*STDERR} " \@$github_handle";
}
}
print {*STDERR} "\n";
}

View File

@ -3,12 +3,19 @@
# Required
members = [ maintainer1 maintainer2 ];
scope = "Maintain foo packages.";
shortName = "foo";
# Optional
enableFeatureFreezePing = true;
githubTeams = [ "my-subsystem" ];
};
where
- `members` is the list of maintainers belonging to the group,
- `scope` describes the scope of the group.
- `shortName` short human-readable name
- `enableFeatureFreezePing` will ping this team during the Feature Freeze announcements on releases
- `githubTeams` will ping specified GitHub teams as well
More fields may be added in the future.
@ -27,6 +34,7 @@ with lib.maintainers; {
m1cr0man
];
scope = "Maintain ACME-related packages and modules.";
shortName = "ACME";
};
bazel = {
@ -41,6 +49,8 @@ with lib.maintainers; {
ylecornec
];
scope = "Bazel build tool & related tools https://bazel.build/";
shortName = "Bazel";
enableFeatureFreezePing = true;
};
beam = {
@ -53,7 +63,32 @@ with lib.maintainers; {
minijackson
yurrriq
];
githubTeams = [
"beam"
];
scope = "Maintain BEAM-related packages and modules.";
shortName = "BEAM";
enableFeatureFreezePing = true;
};
blockchains = {
members = [
mmahut
RaghavSood
];
scope = "Maintain Blockchain packages and modules.";
shortName = "Blockchains";
enableFeatureFreezePing = true;
};
c = {
members = [
matthewbauer
mic92
];
scope = "Maintain C libraries and tooling.";
shortName = "C";
enableFeatureFreezePing = true;
};
cinnamon = {
@ -61,6 +96,8 @@ with lib.maintainers; {
mkg20001
];
scope = "Maintain Cinnamon desktop environment and applications made by the LinuxMint team.";
shortName = "Cinnamon";
enableFeatureFreezePing = true;
};
chia = {
@ -68,6 +105,41 @@ with lib.maintainers; {
lourkeur
];
scope = "Maintain the Chia blockchain and its dependencies";
shortName = "Chia Blockchain";
};
cleanup = {
members = [
ajs124
];
scope = "Cleaning of the nixpkgs source tree.";
shortName = "Cleanup";
enableFeatureFreezePing = true;
};
coq = {
members = [
cohencyril
Zimmi48
# gares has no entry in the maintainers list
siraben
vbgl
];
scope = "Maintain the Coq theorem prover and related packages.";
shortName = "Coq";
enableFeatureFreezePing = true;
};
darwin = {
members = [
toonn
];
githubTeams = [
"darwin-maintainers"
];
scope = "Maintain Darwin compatibility of packages and Darwin-only packages.";
shortName = "Darwin";
enableFeatureFreezePing = true;
};
cosmopolitan = {
@ -84,6 +156,7 @@ with lib.maintainers; {
limeytexan
];
scope = "Group registration for D. E. Shaw employees who collectively maintain packages.";
shortName = "Shaw employees";
};
determinatesystems = {
@ -93,11 +166,63 @@ with lib.maintainers; {
grahamc
];
scope = "Group registration for packages maintained by Determinate Systems.";
shortName = "Determinate Systems employees";
};
dhall = {
members = [
Gabriel439
ehmry
];
scope = "Maintain Dhall and related packages.";
shortName = "Dhall";
enableFeatureFreezePing = true;
};
docker = {
members = [
roberth
utdemir
];
scope = "Maintain Docker and related tools.";
shortName = "DockerTools";
enableFeatureFreezePing = true;
};
docs = {
members = [
ryantm
];
scope = "Maintain nixpkgs/NixOS documentation and tools for building it.";
shortName = "Docs";
enableFeatureFreezePing = true;
};
emacs = {
members = [
adisbladis
];
scope = "Maintain the Emacs editor and packages.";
shortName = "Emacs";
enableFeatureFreezePing = true;
};
# Dummy group for the "everyone else" section
feature-freeze-everyone-else = {
members = [ ];
githubTeams = [
"nixpkgs-committers"
"release-engineers"
];
scope = "Dummy team for the #everyone else' section during feture freezes, not to be used as package maintainers!";
shortName = "Everyone else";
enableFeatureFreezePing = true;
};
freedesktop = {
members = [ jtojnar ];
scope = "Maintain Freedesktop.org packages for graphical desktop.";
shortName = "freedesktop.org packaging";
};
gcc = {
@ -107,6 +232,7 @@ with lib.maintainers; {
ericson2314
];
scope = "Maintain GCC (GNU Compiler Collection) compilers";
shortName = "GCC";
};
golang = {
@ -121,6 +247,8 @@ with lib.maintainers; {
zowoq
];
scope = "Maintain Golang compilers.";
shortName = "Go";
enableFeatureFreezePing = true;
};
gnome = {
@ -131,7 +259,12 @@ with lib.maintainers; {
dasj19
maxeaubrey
];
githubTeams = [
"gnome"
];
scope = "Maintain GNOME desktop environment and platform.";
shortName = "GNOME";
enableFeatureFreezePing = true;
};
haskell = {
@ -141,7 +274,12 @@ with lib.maintainers; {
maralorn
sternenseemann
];
githubTeams = [
"haskell"
];
scope = "Maintain Haskell packages and infrastructure.";
shortName = "Haskell";
enableFeatureFreezePing = true;
};
home-assistant = {
@ -152,6 +290,7 @@ with lib.maintainers; {
mic92
];
scope = "Maintain the Home Assistant ecosystem";
shortName = "Home Assistant";
};
iog = {
@ -163,6 +302,7 @@ with lib.maintainers; {
nrdxp
];
scope = "Input-Output Global employees, which maintain critical software";
shortName = "Input-Output Global employees";
};
jitsi = {
@ -173,6 +313,7 @@ with lib.maintainers; {
yuka
];
scope = "Maintain Jitsi.";
shortName = "Jitsi";
};
kubernetes = {
@ -184,6 +325,7 @@ with lib.maintainers; {
zowoq
];
scope = "Maintain the Kubernetes package and module";
shortName = "Kubernetes";
};
kodi = {
@ -196,6 +338,7 @@ with lib.maintainers; {
sephalon
];
scope = "Maintain Kodi and related packages.";
shortName = "Kodi";
};
linux-kernel = {
@ -206,6 +349,17 @@ with lib.maintainers; {
qyliss
];
scope = "Maintain the Linux kernel.";
shortName = "Linux Kernel";
};
marketing = {
members = [
garbas
tomberek
];
scope = "Marketing of Nix/NixOS/nixpkgs.";
shortName = "Marketing";
enableFeatureFreezePing = true;
};
mate = {
@ -214,6 +368,7 @@ with lib.maintainers; {
romildo
];
scope = "Maintain Mate desktop environment and related packages.";
shortName = "MATE";
};
matrix = {
@ -227,6 +382,40 @@ with lib.maintainers; {
sumnerevans
];
scope = "Maintain the ecosystem around Matrix, a decentralized messenger.";
shortName = "Matrix";
};
mobile = {
members = [
samueldr
];
scope = "Maintain Mobile NixOS.";
shortName = "Mobile";
enableFeatureFreezePing = true;
};
nix = {
members = [
Profpatsch
eelco
grahamc
pierron
];
scope = "Maintain the Nix package manager.";
shortName = "Nix/nix-cli ecosystem";
enableFeatureFreezePing = true;
};
nixos-modules = {
members = [
ericson2314
infinisil
qyliss
roberth
];
scope = "Maintain nixpkgs module system internals.";
shortName = "NixOS Modules / internals";
enableFeatureFreezePing = true;
};
openstack = {
@ -235,6 +424,7 @@ with lib.maintainers; {
SuperSandro2000
];
scope = "Maintain the ecosystem around OpenStack";
shortName = "OpenStack";
};
pantheon = {
@ -242,7 +432,21 @@ with lib.maintainers; {
davidak
bobby285271
];
githubTeams = [
"pantheon"
];
scope = "Maintain Pantheon desktop environment and platform.";
shortName = "Pantheon";
enableFeatureFreezePing = true;
};
perl = {
members = [
sgo
];
scope = "Maintain the Perl interpreter and Perl packages.";
shortName = "Perl";
enableFeatureFreezePing = true;
};
php = {
@ -254,7 +458,12 @@ with lib.maintainers; {
ma27
talyz
];
githubTeams = [
"php"
];
scope = "Maintain PHP related packages and extensions.";
shortName = "PHP";
enableFeatureFreezePing = true;
};
podman = {
@ -264,7 +473,54 @@ with lib.maintainers; {
vdemeester
zowoq
];
githubTeams = [
"podman"
];
scope = "Maintain Podman and CRI-O related packages and modules.";
shortName = "Podman";
enableFeatureFreezePing = true;
};
postgres = {
members = [
thoughtpolice
];
scope = "Maintain the PostgreSQL package and plugins along with the NixOS module.";
shortName = "PostgreSQL";
enableFeatureFreezePing = true;
};
python = {
members = [
fridh
hexa
jonringer
];
scope = "Maintain the Python interpreter and related packages.";
shortName = "Python";
enableFeatureFreezePing = true;
};
qt-kde = {
members = [
ttuegel
];
githubTeams = [
"qt-kde"
];
scope = "Maintain the KDE desktop environment and Qt.";
shortName = "Qt / KDE";
enableFeatureFreezePing = true;
};
r = {
members = [
bcdarwin
jbedo
];
scope = "Maintain the R programming language and related packages.";
shortName = "R";
enableFeatureFreezePing = true;
};
redcodelabs = {
@ -274,6 +530,38 @@ with lib.maintainers; {
wintrmvte
];
scope = "Maintain Red Code Labs related packages and modules.";
shortName = "Red Code Labs";
};
release = {
members = [ ];
githubTeams = [
"nixos-release-managers"
];
scope = "Manage the current nixpkgs/NixOS release.";
shortName = "Release";
enableFeatureFreezePing = true;
};
ruby = {
members = [
marsam
];
scope = "Maintain the Ruby interpreter and related packages.";
shortName = "Ruby";
enableFeatureFreezePing = true;
};
rust = {
members = [
andir
lnl7
mic92
zowoq
];
scope = "Maintain the Rust compiler toolchain and nixpkgs integration.";
shortName = "Rust";
enableFeatureFreezePing = true;
};
sage = {
@ -284,6 +572,7 @@ with lib.maintainers; {
collares
];
scope = "Maintain SageMath and the dependencies that are likely to break it.";
shortName = "SageMath";
};
sphinx = {
@ -291,6 +580,7 @@ with lib.maintainers; {
SuperSandro2000
];
scope = "Maintain Sphinx related packages.";
shortName = "Sphinx";
};
serokell = {
@ -300,6 +590,26 @@ with lib.maintainers; {
mkaito
];
scope = "Group registration for Serokell employees who collectively maintain packages.";
shortName = "Serokell employees";
};
systemd = {
members = [ ];
githubTeams = [
"systemd"
];
scope = "Maintain systemd for NixOS.";
shortName = "systemd";
enableFeatureFreezePing = true;
};
tests = {
members = [
tfc
];
scope = "Maintain the NixOS VM test runner.";
shortName = "NixOS tests";
enableFeatureFreezePing = true;
};
tts = {
@ -308,6 +618,18 @@ with lib.maintainers; {
mic92
];
scope = "coqui-ai TTS (formerly Mozilla TTS) and leaf packages";
shortName = "coqui-ai TTS";
};
vim = {
members = [
jonringer
softinio
teto
];
scope = "Maintain the vim and neovim text editors and related packages.";
shortName = "Vim/Neovim";
enableFeatureFreezePing = true;
};
xfce = {
@ -315,5 +637,6 @@ with lib.maintainers; {
romildo
];
scope = "Maintain Xfce desktop environment and related packages.";
shortName = "Xfce";
};
}

View File

@ -32,6 +32,20 @@ type of this option should represent the format. The most common formats
have a predefined type and string generator already declared under
`pkgs.formats`:
`pkgs.formats.javaProperties` { *`comment`* ? `"Generated with Nix"` }
: A function taking an attribute set with values
`comment`
: A string to put at the start of the
file in a comment. It can have multiple
lines.
It returns the `type`: `attrsOf str` and a function
`generate` to build a Java `.properties` file, taking
care of the correct escaping, etc.
`pkgs.formats.json` { }
: A function taking an empty attribute set (for future extensibility)

View File

@ -5,15 +5,9 @@ A NixOS test is a Nix expression that has the following structure:
```nix
import ./make-test-python.nix {
# Either the configuration of a single machine:
machine =
{ config, pkgs, ... }:
{ configuration…
};
# Or a set of machines:
# One or more machines:
nodes =
{ machine1 =
{ machine =
{ config, pkgs, ... }: { … };
machine2 =
{ config, pkgs, ... }: { … };
@ -29,17 +23,16 @@ import ./make-test-python.nix {
The attribute `testScript` is a bit of Python code that executes the
test (described below). During the test, it will start one or more
virtual machines, the configuration of which is described by the
attribute `machine` (if you need only one machine in your test) or by
the attribute `nodes` (if you need multiple machines). For instance,
[`login.nix`](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix)
only needs a single machine to test whether users can log in
virtual machines, the configuration of which is described by
the attribute `nodes`.
An example of a single-node test is
[`login.nix`](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix).
It only needs a single machine to test whether users can log in
on the virtual console, whether device ownership is correctly maintained
when switching between consoles, and so on. On the other hand,
[`nfs/simple.nix`](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/nfs/simple.nix),
which tests NFS client and server functionality in the
Linux kernel (including whether locks are maintained across server
crashes), requires three machines: a server and two clients.
when switching between consoles, and so on. An interesting multi-node test is
[`nfs/simple.nix`](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/nfs/simple.nix).
It uses two client nodes to test correct locking across server crashes.
There are a few special NixOS configuration options for test VMs:
@ -67,8 +60,7 @@ The test script is a sequence of Python statements that perform various
actions, such as starting VMs, executing commands in the VMs, and so on.
Each virtual machine is represented as an object stored in the variable
`name` if this is also the identifier of the machine in the declarative
config. If you didn\'t specify multiple machines using the `nodes`
attribute, it is just `machine`. The following example starts the
config. If you specified a node `nodes.machine`, the following example starts the
machine, waits until it has finished booting, then executes a command
and checks that the output is more-or-less correct:
@ -79,7 +71,7 @@ if not "Linux" in machine.succeed("uname"):
raise Exception("Wrong OS")
```
The first line is actually unnecessary; machines are implicitly started
The first line is technically unnecessary; machines are implicitly started
when you first execute an action on them (such as `wait_for_unit` or
`succeed`). If you have multiple machines, you can speed up the test by
starting them in parallel:
@ -303,7 +295,7 @@ For faster dev cycles it\'s also possible to disable the code-linters
```nix
import ./make-test-python.nix {
skipLint = true;
machine =
nodes.machine =
{ config, pkgs, ... }:
{ configuration…
};

View File

@ -53,6 +53,38 @@
<literal>pkgs.formats</literal>:
</para>
<variablelist>
<varlistentry>
<term>
<literal>pkgs.formats.javaProperties</literal> {
<emphasis><literal>comment</literal></emphasis> ?
<literal>&quot;Generated with Nix&quot;</literal> }
</term>
<listitem>
<para>
A function taking an attribute set with values
</para>
<variablelist>
<varlistentry>
<term>
<literal>comment</literal>
</term>
<listitem>
<para>
A string to put at the start of the file in a comment.
It can have multiple lines.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
It returns the <literal>type</literal>:
<literal>attrsOf str</literal> and a function
<literal>generate</literal> to build a Java
<literal>.properties</literal> file, taking care of the
correct escaping, etc.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>pkgs.formats.json</literal> { }

View File

@ -6,15 +6,9 @@
<programlisting language="bash">
import ./make-test-python.nix {
# Either the configuration of a single machine:
machine =
{ config, pkgs, ... }:
{ configuration…
};
# Or a set of machines:
# One or more machines:
nodes =
{ machine1 =
{ machine =
{ config, pkgs, ... }: { … };
machine2 =
{ config, pkgs, ... }: { … };
@ -31,18 +25,18 @@ import ./make-test-python.nix {
The attribute <literal>testScript</literal> is a bit of Python code
that executes the test (described below). During the test, it will
start one or more virtual machines, the configuration of which is
described by the attribute <literal>machine</literal> (if you need
only one machine in your test) or by the attribute
<literal>nodes</literal> (if you need multiple machines). For
instance,
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix"><literal>login.nix</literal></link>
only needs a single machine to test whether users can log in on the
virtual console, whether device ownership is correctly maintained
when switching between consoles, and so on. On the other hand,
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/nfs/simple.nix"><literal>nfs/simple.nix</literal></link>,
which tests NFS client and server functionality in the Linux kernel
(including whether locks are maintained across server crashes),
requires three machines: a server and two clients.
described by the attribute <literal>nodes</literal>.
</para>
<para>
An example of a single-node test is
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/login.nix"><literal>login.nix</literal></link>.
It only needs a single machine to test whether users can log in on
the virtual console, whether device ownership is correctly
maintained when switching between consoles, and so on. An
interesting multi-node test is
<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/nfs/simple.nix"><literal>nfs/simple.nix</literal></link>.
It uses two client nodes to test correct locking across server
crashes.
</para>
<para>
There are a few special NixOS configuration options for test VMs:
@ -94,9 +88,8 @@ import ./make-test-python.nix {
various actions, such as starting VMs, executing commands in the
VMs, and so on. Each virtual machine is represented as an object
stored in the variable <literal>name</literal> if this is also the
identifier of the machine in the declarative config. If you didn't
specify multiple machines using the <literal>nodes</literal>
attribute, it is just <literal>machine</literal>. The following
identifier of the machine in the declarative config. If you
specified a node <literal>nodes.machine</literal>, the following
example starts the machine, waits until it has finished booting,
then executes a command and checks that the output is more-or-less
correct:
@ -108,7 +101,7 @@ if not &quot;Linux&quot; in machine.succeed(&quot;uname&quot;):
raise Exception(&quot;Wrong OS&quot;)
</programlisting>
<para>
The first line is actually unnecessary; machines are implicitly
The first line is technically unnecessary; machines are implicitly
started when you first execute an action on them (such as
<literal>wait_for_unit</literal> or <literal>succeed</literal>). If
you have multiple machines, you can speed up the test by starting
@ -554,7 +547,7 @@ machine.wait_for_unit(&quot;xautolock.service&quot;, &quot;x-session-user&quot;)
<programlisting language="bash">
import ./make-test-python.nix {
skipLint = true;
machine =
nodes.machine =
{ config, pkgs, ... }:
{ configuration…
};

View File

@ -17,7 +17,7 @@ $ diskutil list
[..]
$ diskutil unmountDisk diskN
Unmount of all volumes on diskN was successful
$ sudo dd if=nix.iso of=/dev/rdiskN
$ sudo dd if=nix.iso of=/dev/rdiskN bs=1M
</programlisting>
<para>
Using the 'raw' <literal>rdiskN</literal> device instead of

View File

@ -1412,6 +1412,35 @@
versions.
</para>
</listitem>
<listitem>
<para>
A new option group
<literal>systemd.network.wait-online</literal> was added, with
options to configure
<literal>systemd-networkd-wait-online.service</literal>:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>anyInterface</literal> allows specifying that the
network should be considered online when <emphasis>at
least one</emphasis> interface is online (useful on
laptops)
</para>
</listitem>
<listitem>
<para>
<literal>timeout</literal> defines how long to wait for
the network to come online
</para>
</listitem>
<listitem>
<para>
<literal>extraArgs</literal> for everything else
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The <literal>influxdb2</literal> package was split into
@ -1666,9 +1695,20 @@
</listitem>
<listitem>
<para>
<literal>services.logrotate.enable</literal> now defaults to
true if any rotate path has been defined, and some paths have
been added by default.
<link linkend="opt-services.logrotate.enable">services.logrotate.enable</link>
now defaults to true if any rotate path has been defined, and
some paths have been added by default.
</para>
</listitem>
<listitem>
<para>
The logrotate module also has been updated to freeform syntax:
<link linkend="opt-services.logrotate.paths">services.logrotate.paths</link>
and
<link linkend="opt-services.logrotate.extraConfig">services.logrotate.extraConfig</link>
will work, but issue deprecation warnings and
<link linkend="opt-services.logrotate.settings">services.logrotate.settings</link>
should now be used instead.
</para>
</listitem>
<listitem>

View File

@ -18,7 +18,7 @@ $ diskutil list
[..]
$ diskutil unmountDisk diskN
Unmount of all volumes on diskN was successful
$ sudo dd if=nix.iso of=/dev/rdiskN
$ sudo dd if=nix.iso of=/dev/rdiskN bs=1M
```
Using the \'raw\' `rdiskN` device instead of `diskN` completes in

View File

@ -502,6 +502,11 @@ In addition to numerous new and upgraded packages, this release has the followin
still under heavy development and behavior is not always flawless.
Furthermore, not all Electron apps use the latest Electron versions.
- A new option group `systemd.network.wait-online` was added, with options to configure `systemd-networkd-wait-online.service`:
- `anyInterface` allows specifying that the network should be considered online when *at least one* interface is online (useful on laptops)
- `timeout` defines how long to wait for the network to come online
- `extraArgs` for everything else
- The `influxdb2` package was split into `influxdb2-server` and
`influxdb2-cli`, matching the split that took place upstream. A
combined `influxdb2` package is still provided in this release for
@ -582,8 +587,11 @@ In addition to numerous new and upgraded packages, this release has the followin
- `services.mattermost.plugins` has been added to allow the declarative installation of Mattermost plugins.
Plugins are automatically repackaged using autoPatchelf.
- `services.logrotate.enable` now defaults to true if any rotate path has
- [services.logrotate.enable](#opt-services.logrotate.enable) now defaults to true if any rotate path has
been defined, and some paths have been added by default.
- The logrotate module also has been updated to freeform syntax: [services.logrotate.paths](#opt-services.logrotate.paths)
and [services.logrotate.extraConfig](#opt-services.logrotate.extraConfig) will work, but issue deprecation
warnings and [services.logrotate.settings](#opt-services.logrotate.settings) should now be used instead.
- The `zrepl` package has been updated from 0.4.0 to 0.5:

View File

@ -206,6 +206,7 @@ rec {
)];
};
in
lib.warnIf (t?machine) "In test `${name}': The `machine' attribute in NixOS tests (pkgs.nixosTest / make-test-pyton.nix / testing-python.nix / makeTest) is deprecated. Please use the equivalent `nodes.machine'."
build-vms.buildVirtualNetwork (
nodes // lib.optionalAttrs (machine != null) { inherit machine; }
);

View File

@ -977,6 +977,7 @@
./services/security/shibboleth-sp.nix
./services/security/sks.nix
./services/security/sshguard.nix
./services/security/sslmate-agent.nix
./services/security/step-ca.nix
./services/security/tor.nix
./services/security/torify.nix

View File

@ -3,67 +3,66 @@
with lib;
let
cfg = config.programs._1password-gui;
in {
in
{
options = {
programs._1password-gui = {
enable = mkEnableOption "The 1Password Desktop application with browser integration";
enable = mkEnableOption "the 1Password GUI application";
groupId = mkOption {
type = types.int;
gid = mkOption {
type = types.addCheck types.int (x: x >= 1000);
example = literalExpression "5000";
description = ''
The GroupID to assign to the onepassword group, which is needed for browser integration. The group ID must be 1000 or greater.
'';
The gid to assign to the onepassword group, which is needed for browser integration.
It must be 1000 or greater.
'';
};
polkitPolicyOwners = mkOption {
type = types.listOf types.str;
default = [];
example = literalExpression "[\"user1\" \"user2\" \"user3\"]";
default = [ ];
example = literalExpression ''["user1" "user2" "user3"]'';
description = ''
A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms. By default, no users will have such access.
'';
A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms.
'';
};
package = mkOption {
type = types.package;
default = pkgs._1password-gui;
defaultText = literalExpression "pkgs._1password-gui";
example = literalExpression "pkgs._1password-gui";
description = ''
The 1Password derivation to use. This can be used to upgrade from the stable release that we keep in nixpkgs to the betas.
'';
package = mkPackageOption pkgs "1Password GUI" {
default = [ "_1password-gui" ];
};
};
};
config = let
package = cfg.package.override {
polkitPolicyOwners = cfg.polkitPolicyOwners;
};
in mkIf cfg.enable {
environment.systemPackages = [ package ];
users.groups.onepassword.gid = cfg.groupId;
config =
let
package = cfg.package.override {
polkitPolicyOwners = cfg.polkitPolicyOwners;
};
in
mkIf cfg.enable {
environment.systemPackages = [ package ];
users.groups.onepassword.gid = cfg.gid;
security.wrappers = {
"1Password-BrowserSupport" =
{ source = "${cfg.package}/share/1password/1Password-BrowserSupport";
security.wrappers = {
"1Password-BrowserSupport" = {
source = "${package}/share/1password/1Password-BrowserSupport";
owner = "root";
group = "onepassword";
setuid = false;
setgid = true;
};
"1Password-KeyringHelper" =
{ source = "${cfg.package}/share/1password/1Password-KeyringHelper";
"1Password-KeyringHelper" = {
source = "${package}/share/1password/1Password-KeyringHelper";
owner = "root";
group = "onepassword";
setuid = true;
setgid = true;
};
};
};
};
};
}

View File

@ -3,35 +3,33 @@
with lib;
let
cfg = config.programs._1password;
in {
in
{
options = {
programs._1password = {
enable = mkEnableOption "The 1Password CLI tool with biometric unlock and integration with the 1Password GUI.";
enable = mkEnableOption "the 1Password CLI tool";
groupId = mkOption {
type = types.int;
gid = mkOption {
type = types.addCheck types.int (x: x >= 1000);
example = literalExpression "5001";
description = ''
The GroupID to assign to the onepassword-cli group, which is needed for integration with the 1Password GUI. The group ID must be 1000 or greater.
The gid to assign to the onepassword-cli group, which is needed for integration with the 1Password GUI.
It must be 1000 or greater.
'';
};
package = mkOption {
type = types.package;
default = pkgs._1password;
defaultText = literalExpression "pkgs._1password";
example = literalExpression "pkgs._1password";
description = ''
The 1Password CLI derivation to use.
'';
package = mkPackageOption pkgs "1Password CLI" {
default = [ "_1password" ];
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
users.groups.onepassword-cli.gid = cfg.groupId;
users.groups.onepassword-cli.gid = cfg.gid;
security.wrappers = {
"op" = {

View File

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.jenkinsSlave;
@ -46,6 +46,15 @@ in {
this is the home of the "jenkins" user.
'';
};
javaPackage = mkOption {
default = pkgs.jdk;
defaultText = literalExpression "pkgs.jdk";
description = ''
Java package to install.
'';
type = types.package;
};
};
};
@ -64,5 +73,10 @@ in {
uid = config.ids.uids.jenkins;
};
};
programs.java = {
enable = true;
package = cfg.javaPackage;
};
};
}

View File

@ -29,14 +29,7 @@
},
{
"name": "libpipewire-module-protocol-pulse",
"args": {
"server.address": [
"unix:native"
],
"vm.overrides": {
"pulse.min.quantum": "1024/48000"
}
}
"args": {}
}
],
"context.exec": [
@ -46,6 +39,14 @@
}
],
"stream.properties": {},
"pulse.properties": {
"server.address": [
"unix:native"
],
"vm.overrides": {
"pulse.min.quantum": "1024/48000"
}
},
"pulse.rules": [
{
"matches": [

View File

@ -38,7 +38,7 @@ in
environment.etc."wireplumber/main.lua.d/80-nixos.lua" = lib.mkIf (!pwUsedForAudio) {
text = ''
# Pipewire is not used for audio, so prevent it from grabbing audio devices
-- Pipewire is not used for audio, so prevent it from grabbing audio devices
alsa_monitor.enable = function() end
'';
};

View File

@ -5,7 +5,10 @@ with lib;
let
cfg = config.services.logrotate;
pathOpts = { name, ... }: {
# deprecated legacy compat settings
# these options will be removed before 22.11 in the following PR:
# https://github.com/NixOS/nixpkgs/pull/164169
pathOpts = { name, ... }: {
options = {
enable = mkOption {
type = types.bool;
@ -86,23 +89,113 @@ let
config.name = name;
};
mkConf = pathOpts: ''
# generated by NixOS using the `services.logrotate.paths.${pathOpts.name}` attribute set
${concatMapStringsSep " " (path: ''"${path}"'') (toList pathOpts.path)} {
${optionalString (pathOpts.user != null || pathOpts.group != null) "su ${pathOpts.user} ${pathOpts.group}"}
${pathOpts.frequency}
rotate ${toString pathOpts.keep}
${pathOpts.extraConfig}
}
'';
paths = sortProperties (attrValues (filterAttrs (_: pathOpts: pathOpts.enable) cfg.paths));
configFile = pkgs.writeText "logrotate.conf" (
concatStringsSep "\n" (
[ "missingok" "notifempty" cfg.extraConfig ] ++ (map mkConf paths)
)
generateLine = n: v:
if builtins.elem n [ "files" "priority" "enable" "global" ] || v == null then null
else if builtins.elem n [ "extraConfig" "frequency" ] then "${v}\n"
else if builtins.elem n [ "firstaction" "lastaction" "prerotate" "postrotate" "preremove" ]
then "${n}\n ${v}\n endscript\n"
else if isInt v then "${n} ${toString v}\n"
else if v == true then "${n}\n"
else if v == false then "no${n}\n"
else "${n} ${v}\n";
generateSection = indent: settings: concatStringsSep (fixedWidthString indent " " "") (
filter (x: x != null) (mapAttrsToList generateLine settings)
);
# generateSection includes a final newline hence weird closing brace
mkConf = settings:
if settings.global or false then generateSection 0 settings
else ''
${concatMapStringsSep "\n" (files: ''"${files}"'') (toList settings.files)} {
${generateSection 2 settings}}
'';
# below two mapPaths are compat functions
mapPathOptToSetting = n: v:
if n == "keep" then nameValuePair "rotate" v
else if n == "path" then nameValuePair "files" v
else nameValuePair n v;
mapPathsToSettings = path: pathOpts:
nameValuePair path (
filterAttrs (n: v: ! builtins.elem n [ "user" "group" "name" ] && v != "") (
(mapAttrs' mapPathOptToSetting pathOpts) //
{
su =
if pathOpts.user != null
then "${pathOpts.user} ${pathOpts.group}"
else null;
}
)
);
settings = sortProperties (attrValues (filterAttrs (_: settings: settings.enable) (
foldAttrs recursiveUpdate { } [
{
header = {
enable = true;
missingok = true;
notifempty = true;
frequency = "weekly";
rotate = 4;
};
# compat section
extraConfig = {
enable = (cfg.extraConfig != "");
global = true;
extraConfig = cfg.extraConfig;
priority = 101;
};
}
(mapAttrs' mapPathsToSettings cfg.paths)
cfg.settings
{ header = { global = true; priority = 100; }; }
]
)));
configFile = pkgs.writeTextFile {
name = "logrotate.conf";
text = concatStringsSep "\n" (
map mkConf settings
);
checkPhase = optionalString cfg.checkConfig ''
# logrotate --debug also checks that users specified in config
# file exist, but we only have sandboxed users here so brown these
# out. according to man page that means su, create and createolddir.
# files required to exist also won't be present, so missingok is forced.
user=$(${pkgs.coreutils}/bin/id -un)
group=$(${pkgs.coreutils}/bin/id -gn)
sed -e "s/\bsu\s.*/su $user $group/" \
-e "s/\b\(create\s\+[0-9]*\s*\|createolddir\s\+[0-9]*\s\+\).*/\1$user $group/" \
-e "1imissingok" -e "s/\bnomissingok\b//" \
$out > /tmp/logrotate.conf
# Since this makes for very verbose builds only show real error.
# There is no way to control log level, but logrotate hardcodes
# 'error:' at common log level, so we can use grep, taking care
# to keep error codes
set -o pipefail
if ! ${pkgs.logrotate}/sbin/logrotate --debug /tmp/logrotate.conf 2>&1 \
| ( ! grep "error:" ) > /tmp/logrotate-error; then
echo "Logrotate configuration check failed."
echo "The failing configuration (after adjustments to pass tests in sandbox) was:"
printf "%s\n" "-------"
cat /tmp/logrotate.conf
printf "%s\n" "-------"
echo "The error reported by logrotate was as follow:"
printf "%s\n" "-------"
cat /tmp/logrotate-error
printf "%s\n" "-------"
echo "You can disable this check with services.logrotate.checkConfig = false,"
echo "but if you think it should work please report this failure along with"
echo "the config file being tested!"
false
fi
'';
};
mailOption =
if foldr (n: a: a || n ? mail) false (attrValues cfg.settings)
then "--mail=${pkgs.mailutils}/bin/mail"
else "";
in
{
imports = [
@ -112,17 +205,121 @@ in
options = {
services.logrotate = {
enable = mkEnableOption "the logrotate systemd service" // {
default = foldr (n: a: a || n.enable) false (attrValues cfg.paths);
defaultText = literalExpression "cfg.paths != {}";
default = foldr (n: a: a || n.enable) false (attrValues cfg.settings);
defaultText = literalExpression "cfg.settings != {}";
};
settings = mkOption {
default = { };
description = ''
logrotate freeform settings: each attribute here will define its own section,
ordered by priority, which can either define files to rotate with their settings
or settings common to all further files settings.
Refer to <link xlink:href="https://linux.die.net/man/8/logrotate"/> for details.
'';
type = types.attrsOf (types.submodule ({ name, ... }: {
freeformType = with types; attrsOf (nullOr (oneOf [ int bool str ]));
options = {
enable = mkEnableOption "setting individual kill switch" // {
default = true;
};
global = mkOption {
type = types.bool;
default = false;
description = ''
Whether this setting is a global option or not: set to have these
settings apply to all files settings with a higher priority.
'';
};
files = mkOption {
type = with types; either str (listOf str);
default = name;
defaultText = ''
The attrset name if not specified
'';
description = ''
Single or list of files for which rules are defined.
The files are quoted with double-quotes in logrotate configuration,
so globs and spaces are supported.
Note this setting is ignored if globals is true.
'';
};
frequency = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
How often to rotate the logs. Defaults to previously set global setting,
which itself defauts to weekly.
'';
};
priority = mkOption {
type = types.int;
default = 1000;
description = ''
Order of this logrotate block in relation to the others. The semantics are
the same as with `lib.mkOrder`. Smaller values are inserted first.
'';
};
};
}));
};
configFile = mkOption {
type = types.path;
default = configFile;
defaultText = ''
A configuration file automatically generated by NixOS.
'';
description = ''
Override the configuration file used by MySQL. By default,
NixOS generates one automatically from <xref linkend="opt-services.logrotate.settings"/>.
'';
example = literalExpression ''
pkgs.writeText "logrotate.conf" '''
missingok
"/var/log/*.log" {
rotate 4
weekly
}
''';
'';
};
checkConfig = mkOption {
type = types.bool;
default = true;
description = ''
Whether the config should be checked at build time.
Some options are not checkable at build time because of the build sandbox:
for example, the test does not know about existing files and system users are
not known.
These limitations mean we must adjust the file for tests (missingok is forced
and users are replaced by dummy users), so tests are complemented by a
logrotate-checkconf service that is enabled by default.
This extra check can be disabled by disabling it at the systemd level with the
<option>services.systemd.services.logrotate-checkconf.enable</option> option.
Conversely there are still things that might make this check fail incorrectly
(e.g. a file path where we don't have access to intermediate directories):
in this case you can disable the failing check with this option.
'';
};
# deprecated legacy compat settings
paths = mkOption {
type = with types; attrsOf (submodule pathOpts);
default = {};
default = { };
description = ''
Attribute set of paths to rotate. The order each block appears in the generated configuration file
can be controlled by the <link linkend="opt-services.logrotate.paths._name_.priority">priority</link> option
using the same semantics as `lib.mkOrder`. Smaller values have a greater priority.
This setting has been deprecated in favor of <link linkend="opt-services.logrotate.settings">logrotate settings</link>.
'';
example = literalExpression ''
{
@ -151,19 +348,37 @@ in
description = ''
Extra contents to append to the logrotate configuration file. Refer to
<link xlink:href="https://linux.die.net/man/8/logrotate"/> for details.
This setting has been deprecated in favor of
<link linkend="opt-services.logrotate.settings">logrotate settings</link>.
'';
};
};
};
config = mkIf cfg.enable {
assertions = mapAttrsToList (name: pathOpts:
{ assertion = (pathOpts.user != null) == (pathOpts.group != null);
message = ''
If either of `services.logrotate.paths.${name}.user` or `services.logrotate.paths.${name}.group` are specified then *both* must be specified.
'';
}
) cfg.paths;
assertions =
mapAttrsToList
(name: pathOpts:
{
assertion = (pathOpts.user != null) == (pathOpts.group != null);
message = ''
If either of `services.logrotate.paths.${name}.user` or `services.logrotate.paths.${name}.group` are specified then *both* must be specified.
'';
})
cfg.paths;
warnings =
(mapAttrsToList
(name: pathOpts: ''
Using config.services.logrotate.paths.${name} is deprecated and will become unsupported in a future release.
Please use services.logrotate.settings instead.
'')
cfg.paths
) ++
(optional (cfg.extraConfig != "") ''
Using config.services.logrotate.extraConfig is deprecated and will become unsupported in a future release.
Please use services.logrotate.settings with globals=true instead.
'');
systemd.services.logrotate = {
description = "Logrotate Service";
@ -172,7 +387,16 @@ in
serviceConfig = {
Restart = "no";
User = "root";
ExecStart = "${pkgs.logrotate}/sbin/logrotate ${configFile}";
ExecStart = "${pkgs.logrotate}/sbin/logrotate ${mailOption} ${cfg.configFile}";
};
};
systemd.services.logrotate-checkconf = {
description = "Logrotate configuration check";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.logrotate}/sbin/logrotate --debug ${cfg.configFile}";
};
};
};

View File

@ -141,7 +141,7 @@ in {
enable = mkEnableOption "matrix.org synapse";
configFile = mkOption {
type = types.str;
type = types.path;
readOnly = true;
description = ''
Path to the configuration file on the target system. Useful to configure e.g. workers

View File

@ -848,10 +848,7 @@ in {
extraConfig = mkOption {
type = types.lines;
default = ''
copytruncate
compress
'';
default = "";
description = ''
Extra logrotate config options for this path. Refer to
<link xlink:href="https://linux.die.net/man/8/logrotate"/> for details.
@ -977,13 +974,14 @@ in {
# Enable rotation of log files
services.logrotate = {
enable = cfg.logrotate.enable;
paths = {
settings = {
gitlab = {
path = "${cfg.statePath}/log/*.log";
user = cfg.user;
group = cfg.group;
files = "${cfg.statePath}/log/*.log";
su = "${cfg.user} ${cfg.group}";
frequency = cfg.logrotate.frequency;
keep = cfg.logrotate.keep;
rotate = cfg.logrotate.keep;
copytruncate = true;
compress = true;
extraConfig = cfg.logrotate.extraConfig;
};
};

View File

@ -39,7 +39,7 @@ in
type = types.str;
example = "45min";
description = ''
Add a randomized delay before each automatic upgrade.
Add a randomized delay before each garbage collection.
The delay will be chosen between zero and this value.
This value must be a time span in the format specified by
<citerefentry><refentrytitle>systemd.time</refentrytitle>

View File

@ -216,6 +216,8 @@ in
Restart = "on-failure";
# The `mbind` syscall is needed for running the classifier.
SystemCallFilter = defaultServiceConfig.SystemCallFilter ++ [ "mbind" ];
# Needs to talk to mail server for automated import rules
PrivateNetwork = false;
};
environment = env;
wantedBy = [ "multi-user.target" ];
@ -258,8 +260,6 @@ in
'${cfg.passwordFile}' '${cfg.dataDir}/superuser-password'
'';
Type = "oneshot";
# Needs to talk to mail server for automated import rules
PrivateNetwork = false;
};
};

View File

@ -17,7 +17,7 @@ in
};
birdSocket = mkOption {
type = types.path;
default = "/var/run/bird.ctl";
default = "/run/bird/bird.ctl";
description = ''
Path to BIRD2 (or BIRD1 v4) socket.
'';

View File

@ -51,18 +51,14 @@ in
environment.etc."lxd-image-server/config.toml".source = format.generate "config.toml" cfg.settings;
services.logrotate.paths.lxd-image-server = {
path = "/var/log/lxd-image-server/lxd-image-server.log";
services.logrotate.settings.lxd-image-server = {
files = "/var/log/lxd-image-server/lxd-image-server.log";
frequency = "daily";
keep = 21;
extraConfig = ''
create 755 lxd-image-server ${cfg.group}
missingok
compress
delaycompress
copytruncate
notifempty
'';
rotate = 21;
create = "755 lxd-image-server ${cfg.group}";
compress = true;
delaycompress = true;
copytruncate = true;
};
systemd.tmpfiles.rules = [

View File

@ -61,6 +61,15 @@ in
Group to use when running Syncplay.
'';
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Path to the file that contains the server password. If
<literal>null</literal>, the server doesn't require a password.
'';
};
};
};
@ -71,10 +80,17 @@ in
after = [ "network-online.target" ];
serviceConfig = {
ExecStart = "${pkgs.syncplay}/bin/syncplay-server ${escapeShellArgs cmdArgs}";
User = cfg.user;
Group = cfg.group;
LoadCredential = lib.mkIf (cfg.passwordFile != null) "password:${cfg.passwordFile}";
};
script = ''
${lib.optionalString (cfg.passwordFile != null) ''
export SYNCPLAY_PASSWORD=$(cat "''${CREDENTIALS_DIRECTORY}/password")
''}
exec ${pkgs.syncplay}/bin/syncplay-server ${escapeShellArgs cmdArgs}
'';
};
};
}

View File

@ -571,8 +571,11 @@ in
users.users.oauth2_proxy = {
description = "OAuth2 Proxy";
isSystemUser = true;
group = "oauth2_proxy";
};
users.groups.oauth2_proxy = {};
systemd.services.oauth2_proxy = {
description = "OAuth2 Proxy";
path = [ cfg.package ];

View File

@ -710,20 +710,15 @@ in
services.logrotate = optionalAttrs (cfg.logFormat != "none") {
enable = mkDefault true;
paths.httpd = {
path = "${cfg.logDir}/*.log";
user = cfg.user;
group = cfg.group;
settings.httpd = {
files = "${cfg.logDir}/*.log";
su = "${cfg.user} ${cfg.group}";
frequency = "daily";
keep = 28;
extraConfig = ''
sharedscripts
compress
delaycompress
postrotate
systemctl reload httpd.service > /dev/null 2>/dev/null || true
endscript
'';
rotate = 28;
sharedscripts = true;
compress = true;
delaycompress = true;
postrotate = "systemctl reload httpd.service > /dev/null 2>/dev/null || true";
};
};

View File

@ -989,17 +989,14 @@ in
nginx.gid = config.ids.gids.nginx;
};
services.logrotate.paths.nginx = mapAttrs (_: mkDefault) {
path = "/var/log/nginx/*.log";
services.logrotate.settings.nginx = mapAttrs (_: mkDefault) {
files = "/var/log/nginx/*.log";
frequency = "weekly";
keep = 26;
extraConfig = ''
compress
delaycompress
postrotate
[ ! -f /var/run/nginx/nginx.pid ] || kill -USR1 `cat /var/run/nginx/nginx.pid`
endscript
'';
su = "${cfg.user} ${cfg.group}";
rotate = 26;
compress = true;
delaycompress = true;
postrotate = "[ ! -f /var/run/nginx/nginx.pid ] || kill -USR1 `cat /var/run/nginx/nginx.pid`";
};
};
}

View File

@ -302,6 +302,7 @@ in
environment.systemPackages = with pkgs.pantheon; [
contractor
file-roller-contract
gnome-bluetooth-contract
];
environment.pathsToLink = [

View File

@ -241,7 +241,7 @@ in
"xhci_pci"
"usbhid"
"hid_generic" "hid_lenovo" "hid_apple" "hid_roccat"
"hid_logitech_hidpp" "hid_logitech_dj" "hid_microsoft"
"hid_logitech_hidpp" "hid_logitech_dj" "hid_microsoft" "hid_cherry"
] ++ optionals pkgs.stdenv.hostPlatform.isx86 [
# Misc. x86 keyboard stuff.

View File

@ -1745,6 +1745,48 @@ in
}));
};
systemd.network.wait-online = {
anyInterface = mkOption {
description = ''
Whether to consider the network online when any interface is online, as opposed to all of them.
This is useful on portable machines with a wired and a wireless interface, for example.
'';
type = types.bool;
default = false;
};
ignoredInterfaces = mkOption {
description = ''
Network interfaces to be ignored when deciding if the system is online.
'';
type = with types; listOf str;
default = [];
example = [ "wg0" ];
};
timeout = mkOption {
description = ''
Time to wait for the network to come online, in seconds. Set to 0 to disable.
'';
type = types.ints.unsigned;
default = 120;
example = 0;
};
extraArgs = mkOption {
description = ''
Extra command-line arguments to pass to systemd-networkd-wait-online.
These also affect per-interface <literal>systemd-network-wait-online@</literal> services.
See <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd-networkd-wait-online.service.html">
<citerefentry><refentrytitle>systemd-networkd-wait-online.service</refentrytitle><manvolnum>8</manvolnum>
</citerefentry></link> for all available options.
'';
type = with types; listOf str;
default = [];
};
};
};
config = mkMerge [
@ -1753,6 +1795,11 @@ in
{
systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.link" (linkToUnit n v)) cfg.links;
environment.etc = unitFiles;
systemd.network.wait-online.extraArgs =
[ "--timeout=${toString cfg.wait-online.timeout}" ]
++ optional cfg.wait-online.anyInterface "--any"
++ map (i: "--ignore=${i}") cfg.wait-online.ignoredInterfaces;
}
(mkIf config.systemd.network.enable {
@ -1781,6 +1828,10 @@ in
systemd.services.systemd-networkd-wait-online = {
wantedBy = [ "network-online.target" ];
serviceConfig.ExecStart = [
""
"${config.systemd.package}/lib/systemd/systemd-networkd-wait-online ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}"
];
};
systemd.services."systemd-network-wait-online@" = {
@ -1791,7 +1842,7 @@ in
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I";
ExecStart = "${config.systemd.package}/lib/systemd/systemd-networkd-wait-online -i %I ${utils.escapeSystemdExecArgs cfg.wait-online.extraArgs}";
};
};

View File

@ -612,22 +612,18 @@ in
boot.kernelParams = optional (!cfg.enableUnifiedCgroupHierarchy) "systemd.unified_cgroup_hierarchy=0";
services.logrotate.paths = {
services.logrotate.settings = {
"/var/log/btmp" = mapAttrs (_: mkDefault) {
frequency = "monthly";
keep = 1;
extraConfig = ''
create 0660 root ${config.users.groups.utmp.name}
minsize 1M
'';
rotate = 1;
create = "0660 root ${config.users.groups.utmp.name}";
minsize = "1M";
};
"/var/log/wtmp" = mapAttrs (_: mkDefault) {
frequency = "monthly";
keep = 1;
extraConfig = ''
create 0664 root ${config.users.groups.utmp.name}
minsize 1M
'';
rotate = 1;
create = "0664 root ${config.users.groups.utmp.name}";
minsize = "1M";
};
};
};

View File

@ -90,7 +90,7 @@ in {
example = "45min";
description = ''
Add a randomized delay before each automatic upgrade.
The delay will be chozen between zero and this value.
The delay will be chosen between zero and this value.
This value must be a time span in the format specified by
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>

View File

@ -146,15 +146,11 @@ in
services.logrotate = {
enable = true;
extraConfig = ''
/var/log/waagent.log {
compress
monthly
rotate 6
notifempty
missingok
}
'';
settings."/var/log/waagent.log" = {
compress = true;
frequency = "monthly";
rotate = 6;
};
};
systemd.targets.provisioned = {

View File

@ -6,7 +6,10 @@ let
inherit (lib) mkOption types;
podmanPackage = (pkgs.podman.override { inherit (cfg) extraPackages; });
podmanPackage = (pkgs.podman.override {
extraPackages = cfg.extraPackages
++ lib.optional (builtins.elem "zfs" config.boot.supportedFilesystems) config.boot.zfs.package;
});
# Provides a fake "docker" binary mapping to podman
dockerCompat = pkgs.runCommand "${podmanPackage.pname}-docker-compat-${podmanPackage.version}" {

View File

@ -961,7 +961,10 @@ in
services.qemuGuest.enable = cfg.qemu.guestAgent.enable;
system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; }
system.build.vm = pkgs.runCommand "nixos-vm" {
preferLocalBuild = true;
meta.mainProgram = "run-${config.system.name}-vm";
}
''
mkdir -p $out/bin
ln -s ${config.system.build.toplevel} $out/system

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
maintainers = with lib.maintainers; [ veehaitch ];
};
machine = { lib, ... }: {
nodes.machine = { lib, ... }: {
services.aesmd = {
enable = true;
settings = {

View File

@ -15,7 +15,7 @@ in
maintainers = [ alexarice turion ];
};
machine = { pkgs, ... }: {
nodes.machine = { pkgs, ... }: {
environment.systemPackages = [
(pkgs.agda.withPackages {
pkgs = p: [ p.standard-library ];

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
maintainers = [ sumnerevans ];
};
machine =
nodes.machine =
{ pkgs, ... }:
{
services.airsonic = {

View File

@ -18,7 +18,7 @@ makeTest {
meta = with maintainers; {
maintainers = [ urbas ];
};
machine = { ... }:
nodes.machine = { ... }:
{
imports = [ ../modules/profiles/headless.nix ../modules/virtualisation/amazon-init.nix ];
services.openssh.enable = true;

View File

@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
name = "apfs";
meta.maintainers = with pkgs.lib.maintainers; [ Luflosi ];
machine = { pkgs, ... }: {
nodes.machine = { pkgs, ... }: {
virtualisation.emptyDiskImages = [ 1024 ];
boot.supportedFilesystems = [ "apfs" ];

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, ... } : {
maintainers = [ julm ];
};
machine =
nodes.machine =
{ lib, pkgs, config, ... }:
with lib;
{

View File

@ -6,7 +6,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
maintainers = [ bjornfor ];
};
machine =
nodes.machine =
{ ... }:
{ services.atd.enable = true;
users.users.alice = { isNormalUser = true; };

View File

@ -107,7 +107,7 @@ in
{
justThePackage = makeTest {
name = "atop-justThePackage";
machine = {
nodes.machine = {
environment.systemPackages = [ pkgs.atop ];
};
testScript = with assertions; builtins.concatStringsSep "\n" [
@ -123,7 +123,7 @@ in
};
defaults = makeTest {
name = "atop-defaults";
machine = {
nodes.machine = {
programs.atop = {
enable = true;
};
@ -141,7 +141,7 @@ in
};
minimal = makeTest {
name = "atop-minimal";
machine = {
nodes.machine = {
programs.atop = {
enable = true;
atopService.enable = false;
@ -162,7 +162,7 @@ in
};
netatop = makeTest {
name = "atop-netatop";
machine = {
nodes.machine = {
programs.atop = {
enable = true;
netatop.enable = true;
@ -181,7 +181,7 @@ in
};
atopgpu = makeTest {
name = "atop-atopgpu";
machine = {
nodes.machine = {
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (getName pkg) [
"cudatoolkit"
];
@ -204,7 +204,7 @@ in
};
everything = makeTest {
name = "atop-everthing";
machine = {
nodes.machine = {
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (getName pkg) [
"cudatoolkit"
];

View File

@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
name = "bcachefs";
meta.maintainers = with pkgs.lib.maintainers; [ chiiruno ];
machine = { pkgs, ... }: {
nodes.machine = { pkgs, ... }: {
virtualisation.emptyDiskImages = [ 4096 ];
networking.hostId = "deadbeef";
boot.supportedFilesystems = [ "bcachefs" ];

View File

@ -28,7 +28,7 @@ in
name = "beanstalkd";
meta.maintainers = [ lib.maintainers.aanderse ];
machine =
nodes.machine =
{ ... }:
{ services.beanstalkd.enable = true;
};

View File

@ -2,7 +2,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }:
{
name = "bees";
machine = { config, pkgs, ... }: {
nodes.machine = { config, pkgs, ... }: {
boot.initrd.postDeviceCommands = ''
${pkgs.btrfs-progs}/bin/mkfs.btrfs -f -L aux1 /dev/vdb
${pkgs.btrfs-progs}/bin/mkfs.btrfs -f -L aux2 /dev/vdc

View File

@ -1,7 +1,7 @@
import ./make-test-python.nix {
name = "bind";
machine = { pkgs, lib, ... }: {
nodes.machine = { pkgs, lib, ... }: {
services.bind.enable = true;
services.bind.extraOptions = "empty-zones-enable no;";
services.bind.zones = lib.singleton {

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
maintainers = with maintainers; [ _1000101 ];
};
machine = { ... }: {
nodes.machine = { ... }: {
services.bitcoind."mainnet" = {
enable = true;
rpc = {

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
maintainers = with maintainers; [ _1000101 ];
};
machine = { ... }: {
nodes.machine = { ... }: {
services.blockbook-frontend."test" = {
enable = true;
};

View File

@ -1,7 +1,7 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "boot-stage1";
machine = { config, pkgs, lib, ... }: {
nodes.machine = { config, pkgs, lib, ... }: {
boot.extraModulePackages = let
compileKernelModule = name: source: pkgs.runCommandCC name rec {
inherit source;

View File

@ -42,7 +42,7 @@ let
nodes = { };
testScript =
''
machine = create_machine(${machineConfig})
nodes.machine = create_machine(${machineConfig})
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("nix store verify --no-trust -r --option experimental-features nix-command /run/current-system")
@ -83,7 +83,7 @@ let
name = "boot-netboot-" + name;
nodes = { };
testScript = ''
machine = create_machine(${machineConfig})
nodes.machine = create_machine(${machineConfig})
machine.start()
machine.wait_for_unit("multi-user.target")
machine.shutdown()
@ -138,7 +138,7 @@ in {
if os.system("qemu-img create -f qcow2 -F raw -b ${sdImage} ${mutableImage}") != 0:
raise RuntimeError("Could not create mutable linked image")
machine = create_machine(${machineConfig})
nodes.machine = create_machine(${machineConfig})
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("nix store verify -r --no-trust --option experimental-features nix-command /run/current-system")

View File

@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
name = "bpf";
meta.maintainers = with pkgs.lib.maintainers; [ martinetd ];
machine = { pkgs, ... }: {
nodes.machine = { pkgs, ... }: {
programs.bcc.enable = true;
environment.systemPackages = with pkgs; [ bpftrace ];
};

View File

@ -2,7 +2,7 @@ import ./make-test-python.nix ({ lib, ... }: {
name = "breitbandmessung";
meta.maintainers = with lib.maintainers; [ b4dm4n ];
machine = { pkgs, ... }: {
nodes.machine = { pkgs, ... }: {
imports = [
./common/user-account.nix
./common/x11.nix

View File

@ -7,7 +7,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
maintainers = [ mattchrist ];
};
machine = { pkgs, ... }:
nodes.machine = { pkgs, ... }:
{
nixpkgs.config.allowUnfree = true;
hardware.sane = {

View File

@ -6,7 +6,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
maintainers = [ flokli ];
};
machine = { pkgs, ... }: {
nodes.machine = { pkgs, ... }: {
services.buildkite-agents = {
one = {
privateSshKeyPath = (import ./ssh-keys.nix pkgs).snakeOilPrivateKey;

View File

@ -6,7 +6,7 @@ import ./make-test-python.nix ({ pkgs, ...} :
maintainers = [ matthewbauer ];
};
machine = { ... }:
nodes.machine = { ... }:
{
imports = [ ./common/user-account.nix ];

View File

@ -13,7 +13,7 @@ in
maintainers = [ berbiche ];
};
machine = { config, ... }:
nodes.machine = { config, ... }:
let
alice = config.users.users.alice;
in {

View File

@ -1,7 +1,7 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "cfssl";
machine = { config, lib, pkgs, ... }:
nodes.machine = { config, lib, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ config.services.cfssl.port ];

View File

@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
name = "clickhouse";
meta.maintainers = with pkgs.lib.maintainers; [ ma27 ];
machine = {
nodes.machine = {
services.clickhouse.enable = true;
virtualisation.memorySize = 4096;
};

View File

@ -61,7 +61,7 @@ in makeTest {
meta = with pkgs.lib.maintainers; {
maintainers = [ lewo ];
};
machine = { ... }:
nodes.machine = { ... }:
{
virtualisation.qemu.options = [ "-cdrom" "${metadataDrive}/metadata.iso" ];
services.cloud-init = {

View File

@ -46,7 +46,7 @@ let
meta = with pkgs.lib.maintainers; { maintainers = [ sorki mic92 ]; };
machine = { lib, ... }: {
nodes.machine = { lib, ... }: {
environment.systemPackages = [ pkgs.cntr ];
containers.test = {
autoStart = true;

View File

@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
name = "collectd";
meta = { };
machine =
nodes.machine =
{ pkgs, ... }:
{

View File

@ -11,7 +11,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
};
machine =
nodes.machine =
{ pkgs, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;

View File

@ -12,7 +12,7 @@ in {
maintainers = with lib.maintainers; [ adisbladis earvstedt ];
};
machine = { config, ... }: {
nodes.machine = { config, ... }: {
assertions = let
helloName = (builtins.head config.containers.test.config.system.extraDependencies).name;
in [ {

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
maintainers = with lib.maintainers; [ patryk27 ];
};
machine = { pkgs, ... }: {
nodes.machine = { pkgs, ... }: {
virtualisation.writableStore = true;
containers.webserver = {

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
maintainers = with lib.maintainers; [ kampfschlaefer ];
};
machine =
nodes.machine =
{ pkgs, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
maintainers = with lib.maintainers; [ montag451 ];
};
machine =
nodes.machine =
{ lib, ... }:
{
virtualisation.vlans = [];

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
};
machine =
nodes.machine =
{ config, pkgs, lib, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];

View File

@ -17,7 +17,7 @@ in import ./make-test-python.nix ({ pkgs, lib, ... }: {
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
};
machine =
nodes.machine =
{ pkgs, ... }: {
imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation = {

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
maintainers = with lib.maintainers; [ patryk27 ];
};
machine = { ... }: {
nodes.machine = { ... }: {
# We're using the newest kernel, so that we can test containers with long names.
# Please see https://github.com/NixOS/nixpkgs/issues/38509 for details.
boot.kernelPackages = pkgs.linuxPackages_latest;

View File

@ -5,7 +5,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
meta = with pkgs.lib.maintainers; { maintainers = [ sorki ]; };
machine = { lib, ... }:
nodes.machine = { lib, ... }:
let
makeNested = subConf: {
containers.nested = {

View File

@ -11,7 +11,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ianwookim ];
};
machine =
nodes.machine =
{ pkgs, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
maintainers = with lib.maintainers; [ patryk27 ];
};
machine =
nodes.machine =
{ pkgs, ... }:
{ imports = [ ../modules/installer/cd-dvd/channel.nix ];
virtualisation.writableStore = true;

View File

@ -76,7 +76,7 @@ in
enableOCR = true;
machine = { pkgs, ... }:
nodes.machine = { pkgs, ... }:
{ imports = [ ./common/user-account.nix ./common/x11.nix ];
# chromium-based browsers refuse to run as root

View File

@ -3,7 +3,7 @@ import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... }:
{
name = "disable-installer-tools";
machine =
nodes.machine =
{ pkgs, lib, ... }:
{
system.disableInstallerTools = true;

View File

@ -5,7 +5,7 @@ import ./make-test-python.nix (
maintainers = with maintainers; [ jojosch ];
};
machine = { pkgs, lib, ... }: {
nodes.machine = { pkgs, lib, ... }: {
services.bind = {
enable = true;
extraOptions = "empty-zones-enable no;";

View File

@ -6,7 +6,7 @@ import ./make-test-python.nix (
maintainers = [ cole-h ];
};
machine =
nodes.machine =
{ ... }:
{
users.groups = { foobar = {}; barfoo = {}; baz = { gid = 1337; }; };

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : {
maintainers = [ ma27 ];
};
machine = { pkgs, ... }: {
nodes.machine = { pkgs, ... }: {
environment.systemPackages = [ pkgs.jq ];
services.documize = {

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
maintainers = [ fgaz ];
};
machine = { config, pkgs, ... }: {
nodes.machine = { config, pkgs, ... }: {
imports = [
./common/x11.nix
];

View File

@ -1,7 +1,7 @@
import ./make-test-python.nix {
name = "dovecot";
machine = { pkgs, ... }: {
nodes.machine = { pkgs, ... }: {
imports = [ common/user-account.nix ];
services.postfix.enable = true;
services.dovecot2 = {

View File

@ -2,7 +2,7 @@ import ./make-test-python.nix ({ ... }:
{
name = "ecryptfs";
machine = { pkgs, ... }: {
nodes.machine = { pkgs, ... }: {
imports = [ ./common/user-account.nix ];
boot.kernelModules = [ "ecryptfs" ];
security.pam.enableEcryptfs = true;

View File

@ -6,7 +6,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
enableOCR = true;
machine =
nodes.machine =
{ ... }:
{ imports = [ ./common/x11.nix ];

View File

@ -6,7 +6,7 @@ import ./make-test-python.nix ({ pkgs, ...} :
maintainers = [ romildo ];
};
machine = { ... }:
nodes.machine = { ... }:
{
imports = [ ./common/user-account.nix ];
services.xserver.enable = true;

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
maintainers = [ nequissimus ];
};
machine = { pkgs, ... }:
nodes.machine = { pkgs, ... }:
{
boot.kernelPackages = pkgs.linuxPackages;
environment.etc.plainFile.text = ''

View File

@ -9,7 +9,7 @@ in {
maintainers = [ felschr ];
};
machine = { pkgs, ... }:
nodes.machine = { pkgs, ... }:
{
services.etebase-server = {
inherit dataDir;

View File

@ -5,7 +5,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
maintainers = [ _3699n ];
};
machine = { config, pkgs, ... }: {
nodes.machine = { config, pkgs, ... }: {
environment.systemPackages = [ pkgs.curl pkgs.etesync-dav ];
};

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, ... } : {
maintainers = [ evils ];
};
machine = { ... }: {
nodes.machine = { ... }: {
imports = [ ../modules/profiles/minimal.nix ];
hardware.fancontrol.enable = true;
hardware.fancontrol.config = ''

View File

@ -5,7 +5,7 @@ import ../make-test-python.nix (
# copy_from_host works only for store paths
rec {
name = "fcitx";
machine =
nodes.machine =
{
pkgs,
...

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, firefoxPackage, ... }: {
maintainers = [ eelco shlevy ];
};
machine =
nodes.machine =
{ pkgs, ... }:
{ imports = [ ./common/x11.nix ];

View File

@ -1,7 +1,7 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "fish";
machine =
nodes.machine =
{ pkgs, ... }:
{

View File

@ -1,7 +1,7 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "fluentd";
machine = { pkgs, ... }: {
nodes.machine = { pkgs, ... }: {
services.fluentd = {
enable = true;
config = ''

View File

@ -6,7 +6,7 @@ import ./make-test-python.nix ({ lib, ... }:
jtojnar
];
machine = { config, pkgs, ... }: {
nodes.machine = { config, pkgs, ... }: {
fonts.enableDefaultFonts = true; # Background fonts
fonts.fonts = with pkgs; [
noto-fonts-emoji

View File

@ -1,7 +1,7 @@
import ./make-test-python.nix {
name = "fsck";
machine = { lib, ... }: {
nodes.machine = { lib, ... }: {
virtualisation.emptyDiskImages = [ 1 ];
virtualisation.fileSystems = {

View File

@ -4,7 +4,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
maintainers = [ fgaz ];
};
machine = { config, pkgs, ... }: {
nodes.machine = { config, pkgs, ... }: {
imports = [
./common/x11.nix
];

Some files were not shown because too many files have changed in this diff Show More