nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-01 23:22:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into gcc-8

Browse Source
This commit is contained in:
Franz Pletz 2019-09-03 22:15:07 +02:00
commit de85797565
No known key found for this signature in database
GPG Key ID: 846FDED7792617B4
5995 changed files with 34112 additions and 20763 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.github/CODEOWNERS vendored
View File

@ -139,3 +139,14 @@
# Bazel
/pkgs/development/tools/build-managers/bazel @mboes @Profpatsch
# NixOS modules for e-mail and dns services
/nixos/modules/services/mail/mailman.nix @peti
/nixos/modules/services/mail/postfix.nix @peti
/nixos/modules/services/networking/bind.nix @peti
/nixos/modules/services/mail/rspamd.nix @peti
# Emacs
/pkgs/applications/editors/emacs-modes @adisbladis
/pkgs/applications/editors/emacs @adisbladis
/pkgs/top-level/emacs-packages.nix @adisbladis

71
doc/languages-frameworks/crystal.section.md Normal file
View File

@ -0,0 +1,71 @@
# Crystal
## Building a Crystal package
This section uses [Mint](https://github.com/mint-lang/mint) as an example for how to build a Crystal package.
If the Crystal project has any dependencies, the first step is to get a `shards.nix` file encoding those. Get a copy of the project and go to its root directory such that its `shard.lock` file is in the current directory, then run `crystal2nix` in it
```bash
$ git clone https://github.com/mint-lang/mint
$ cd mint
$ git checkout 0.5.0
$ nix-shell -p crystal2nix --run crystal2nix
```
This should have generated a `shards.nix` file.
Next create a Nix file for your derivation and use `pkgs.crystal.buildCrystalPackage` as follows:
```nix
with import <nixpkgs> {};
crystal.buildCrystalPackage rec {
pname = "mint";
version = "0.5.0";
src = fetchFromGitHub {
owner = "mint-lang";
repo = "mint";
rev = version;
sha256 = "0vxbx38c390rd2ysvbwgh89v2232sh5rbsp3nk9wzb70jybpslvl";
};
# Insert the path to your shards.nix file here
shardsFile = ./shards.nix;
...
}
```
This won't build anything yet, because we haven't told it what files build. We can specify a mapping from binary names to source files with the `crystalBinaries` attribute. The project's compilation instructions should show this. For Mint, the binary is called "mint", which is compiled from the source file `src/mint.cr`, so we'll specify this as follows:
```nix
crystalBinaries.mint.src = "src/mint.cr";
# ...
```
Additionally you can override the default `crystal build` options (which are currently `--release --progress --no-debug --verbose`) with
```nix
crystalBinaries.mint.options = [ "--release" "--verbose" ];
```
Depending on the project, you might need additional steps to get it to compile successfully. In Mint's case, we need to link against openssl, so in the end the Nix file looks as follows:
```nix
with import <nixpkgs> {};
crystal.buildCrystalPackage rec {
version = "0.5.0";
pname = "mint";
src = fetchFromGitHub {
owner = "mint-lang";
repo = "mint";
rev = version;
sha256 = "0vxbx38c390rd2ysvbwgh89v2232sh5rbsp3nk9wzb70jybpslvl";
};
shardsFile = ./shards.nix;
crystalBinaries.mint.src = "src/mint.cr";
buildInputs = [ openssl_1_0_2 ];
}
```

1
doc/languages-frameworks/index.xml
View File

@ -32,4 +32,5 @@
<xi:include href="titanium.section.xml" />
<xi:include href="vim.section.xml" />
<xi:include href="emscripten.section.xml" />
<xi:include href="crystal.section.xml" />
</chapter>

365
doc/languages-frameworks/ruby.section.md Normal file
View File

@ -0,0 +1,365 @@
---
title: Ruby
author: Michael Fellinger
date: 2019-05-23
---
# Ruby
## User Guide
### Using Ruby
#### Overview
Several versions of Ruby interpreters are available on Nix, as well as over 250 gems and many applications written in Ruby.
The attribute `ruby` refers to the default Ruby interpreter, which is currently
MRI 2.5. It's also possible to refer to specific versions, e.g. `ruby_2_6`, `jruby`, or `mruby`.
In the nixpkgs tree, Ruby packages can be found throughout, depending on what
they do, and are called from the main package set. Ruby gems, however are
separate sets, and there's one default set for each interpreter (currently MRI
only).
There are two main approaches for using Ruby with gems.
One is to use a specifically locked `Gemfile` for an application that has very strict dependencies.
The other is to depend on the common gems, which we'll explain further down, and
rely on them being updated regularly.
The interpreters have common attributes, namely `gems`, and `withPackages`. So
you can refer to `ruby.gems.nokogiri`, or `ruby_2_5.gems.nokogiri` to get the
Nokogiri gem already compiled and ready to use.
Since not all gems have executables like `nokogiri`, it's usually more
convenient to use the `withPackages` function like this:
`ruby.withPackages (p: with p; [ nokogiri ])`. This will also make sure that the
Ruby in your environment will be able to find the gem and it can be used in your
Ruby code (for example via `ruby` or `irb` executables) via `require "nokogiri"`
as usual.
#### Temporary Ruby environment with `nix-shell`
Rather than having a single Ruby environment shared by all Ruby
development projects on a system, Nix allows you to create separate
environments per project. `nix-shell` gives you the possibility to
temporarily load another environment akin to a combined `chruby` or
`rvm` and `bundle exec`.
There are two methods for loading a shell with Ruby packages. The first and
recommended method is to create an environment with `ruby.withPackages` and load
that.
```shell
nix-shell -p "ruby.withPackages (ps: with ps; [ nokogiri pry ])"
```
The other method, which is not recommended, is to create an environment and list
all the packages directly.
```shell
nix-shell -p ruby.gems.nokogiri ruby.gems.pry
```
Again, it's possible to launch the interpreter from the shell. The Ruby
interpreter has the attribute `gems` which contains all Ruby gems for that
specific interpreter.
##### Load environment from `.nix` expression
As explained in the Nix manual, `nix-shell` can also load an expression from a
`.nix` file. Say we want to have Ruby 2.5, `nokogori`, and `pry`. Consider a
`shell.nix` file with:
```nix
with import <nixpkgs> {};
ruby.withPackages (ps: with ps; [ nokogiri pry ])
```
What's happening here?
1. We begin with importing the Nix Packages collections. `import <nixpkgs>`
imports the `<nixpkgs>` function, `{}` calls it and the `with` statement
brings all attributes of `nixpkgs` in the local scope. These attributes form
the main package set.
2. Then we create a Ruby environment with the `withPackages` function.
3. The `withPackages` function expects us to provide a function as an argument
that takes the set of all ruby gems and returns a list of packages to include
in the environment. Here, we select the packages `nokogiri` and `pry` from
the package set.
##### Execute command with `--run`
A convenient flag for `nix-shell` is `--run`. It executes a command in the
`nix-shell`. We can e.g. directly open a `pry` REPL:
```shell
nix-shell -p "ruby.withPackages (ps: with ps; [ nokogiri pry ])" --run "pry"
```
Or immediately require `nokogiri` in pry:
```shell
nix-shell -p "ruby.withPackages (ps: with ps; [ nokogiri pry ])" --run "pry -rnokogiri"
```
Or run a script using this environment:
```shell
nix-shell -p "ruby.withPackages (ps: with ps; [ nokogiri pry ])" --run "ruby example.rb"
```
##### Using `nix-shell` as shebang
In fact, for the last case, there is a more convenient method. You can add a
[shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)) to your script
specifying which dependencies `nix-shell` needs. With the following shebang, you
can just execute `./example.rb`, and it will run with all dependencies.
```ruby
#! /usr/bin/env nix-shell
#! nix-shell -i ruby -p "ruby.withPackages (ps: with ps; [ nokogiri rest-client ])"
require 'nokogiri'
require 'rest-client'
body = RestClient.get('http://example.com').body
puts Nokogiri::HTML(body).at('h1').text
```
### Developing with Ruby
#### Using an existing Gemfile
In most cases, you'll already have a `Gemfile.lock` listing all your dependencies.
This can be used to generate a `gemset.nix` which is used to fetch the gems and
combine them into a single environment.
The reason why you need to have a separate file for this, is that Nix requires
you to have a checksum for each input to your build.
Since the `Gemfile.lock` that `bundler` generates doesn't provide us with
checksums, we have to first download each gem, calculate its SHA256, and store
it in this separate file.
So the steps from having just a `Gemfile` to a `gemset.nix` are:
```shell
bundle lock
bundix
```
If you already have a `Gemfile.lock`, you can simply run `bundix` and it will
work the same.
To update the gems in your `Gemfile.lock`, you may use the `bundix -l` flag,
which will create a new `Gemfile.lock` in case the `Gemfile` has a more recent
time of modification.
Once the `gemset.nix` is generated, it can be used in a
`bundlerEnv` derivation. Here is an example you could use for your `shell.nix`:
```nix
# ...
let
gems = bundlerEnv {
name = "gems-for-some-project";
gemdir = ./.;
};
in mkShell { buildInputs = [ gems gems.wrappedRuby ]; }
```
With this file in your directory, you can run `nix-shell` to build and use the gems.
The important parts here are `bundlerEnv` and `wrappedRuby`.
The `bundlerEnv` is a wrapper over all the gems in your gemset. This means that
all the `/lib` and `/bin` directories will be available, and the executables of
all gems (even of indirect dependencies) will end up in your `$PATH`.
The `wrappedRuby` provides you with all executables that come with Ruby itself,
but wrapped so they can easily find the gems in your gemset.
One common issue that you might have is that you have Ruby 2.6, but also
`bundler` in your gemset. That leads to a conflict for `/bin/bundle` and
`/bin/bundler`. You can resolve this by wrapping either your Ruby or your gems
in a `lowPrio` call. So in order to give the `bundler` from your gemset
priority, it would be used like this:
```nix
# ...
mkShell { buildInputs = [ gems (lowPrio gems.wrappedRuby) ]; }
```
#### Gem-specific configurations and workarounds
In some cases, especially if the gem has native extensions, you might need to
modify the way the gem is built.
This is done via a common configuration file that includes all of the
workarounds for each gem.
This file lives at `/pkgs/development/ruby-modules/gem-config/default.nix`,
since it already contains a lot of entries, it should be pretty easy to add the
modifications you need for your needs.
In the meanwhile, or if the modification is for a private gem, you can also add
the configuration to only your own environment.
Two places that allow this modification are the `ruby` derivation, or `bundlerEnv`.
Here's the `ruby` one:
```nix
{ pg_version ? "10", pkgs ? import <nixpkgs> { } }:
let
myRuby = pkgs.ruby.override {
defaultGemConfig = pkgs.defaultGemConfig // {
pg = attrs: {
buildFlags =
[ "--with-pg-config=${pkgs."postgresql_${pg_version}"}/bin/pg_config" ];
};
};
};
in myRuby.withPackages (ps: with ps; [ pg ])
```
And an example with `bundlerEnv`:
```nix
{ pg_version ? "10", pkgs ? import <nixpkgs> { } }:
let
gems = pkgs.bundlerEnv {
name = "gems-for-some-project";
gemdir = ./.;
gemConfig = pkgs.defaultGemConfig // {
pg = attrs: {
buildFlags =
[ "--with-pg-config=${pkgs."postgresql_${pg_version}"}/bin/pg_config" ];
};
};
};
in mkShell { buildInputs = [ gems gems.wrappedRuby ]; }
```
And finally via overlays:
```nix
{ pg_version ? "10" }:
let
pkgs = import <nixpkgs> {
overlays = [
(self: super: {
defaultGemConfig = super.defaultGemConfig // {
pg = attrs: {
buildFlags = [
"--with-pg-config=${
pkgs."postgresql_${pg_version}"
}/bin/pg_config"
];
};
};
})
];
};
in pkgs.ruby.withPackages (ps: with ps; [ pg ])
```
Then we can get whichever postgresql version we desire and the `pg` gem will
always reference it correctly:
```shell
$ nix-shell --argstr pg_version 9_4 --run 'ruby -rpg -e "puts PG.library_version"'
90421
$ nix-shell --run 'ruby -rpg -e "puts PG.library_version"'
100007
```
Of course for this use-case one could also use overlays since the configuration
for `pg` depends on the `postgresql` alias, but for demonstration purposes this
has to suffice.
#### Adding a gem to the default gemset
Now that you know how to get a working Ruby environment with Nix, it's time to
go forward and start actually developing with Ruby.
We will first have a look at how Ruby gems are packaged on Nix. Then, we will
look at how you can use development mode with your code.
All gems in the standard set are automatically generated from a single
`Gemfile`. The dependency resolution is done with `bundler` and makes it more
likely that all gems are compatible to each other.
In order to add a new gem to nixpkgs, you can put it into the
`/pkgs/development/ruby-modules/with-packages/Gemfile` and run
`./maintainers/scripts/update-ruby-packages`.
To test that it works, you can then try using the gem with:
```shell
NIX_PATH=nixpkgs=$PWD nix-shell -p "ruby.withPackages (ps: with ps; [ name-of-your-gem ])"
```
#### Packaging applications
A common task is to add a ruby executable to nixpkgs, popular examples would be
`chef`, `jekyll`, or `sass`. A good way to do that is to use the `bundlerApp`
function, that allows you to make a package that only exposes the listed
executables, otherwise the package may cause conflicts through common paths like
`bin/rake` or `bin/bundler` that aren't meant to be used.
The absolute easiest way to do that is to write a
`Gemfile` along these lines:
```ruby
source 'https://rubygems.org' do
gem 'mdl'
end
```
If you want to package a specific version, you can use the standard Gemfile
syntax for that, e.g. `gem 'mdl', '0.5.0'`, but if you want the latest stable
version anyway, it's easier to update by simply running the `bundle lock` and
`bundix` steps again.
Now you can also also make a `default.nix` that looks like this:
```nix
{ lib, bundlerApp }:
bundlerApp {
pname = "mdl";
gemdir = ./.;
exes = [ "mdl" ];
}
```
All that's left to do is to generate the corresponding `Gemfile.lock` and
`gemset.nix` as described above in the `Using an existing Gemfile` section.
##### Packaging executables that require wrapping
Sometimes your app will depend on other executables at runtime, and tries to
find it through the `PATH` environment variable.
In this case, you can provide a `postBuild` hook to `bundlerApp` that wraps the
gem in another script that prefixes the `PATH`.
Of course you could also make a custom `gemConfig` if you know exactly how to
patch it, but it's usually much easier to maintain with a simple wrapper so the
patch doesn't have to be adjusted for each version.
Here's another example:
```nix
{ lib, bundlerApp, makeWrapper, git, gnutar, gzip }:
bundlerApp {
pname = "r10k";
gemdir = ./.;
exes = [ "r10k" ];
buildInputs = [ makeWrapper ];
postBuild = ''
wrapProgram $out/bin/r10k --prefix PATH : ${lib.makeBinPath [ git gnutar gzip ]}
'';
}
```

4
doc/package-specific-user-notes.xml
View File

@ -6,7 +6,7 @@
answer some of the frequently asked questions
related to Nixpkgs use.
Some useful information related to package use
Some useful information related to package use
can be found in <link linkend="chap-package-notes">package-specific development notes</link>.
</para>
@ -196,7 +196,7 @@ overrides = self: super: rec {
haskell-mode = self.melpaPackages.haskell-mode;
...
};
((emacsPackagesNgGen emacs).overrideScope' overrides).emacsWithPackages (p: with p; [
((emacsPackagesGen emacs).overrideScope' overrides).emacsWithPackages (p: with p; [
# here both these package will use haskell-mode of our own choice
ghc-mod
dante

2
lib/customisation.nix
View File

@ -47,7 +47,7 @@ rec {
/* `makeOverridable` takes a function from attribute set to attribute set and
injects `override` attibute which can be used to override arguments of
injects `override` attribute which can be used to override arguments of
the function.
nix-repl> x = {a, b}: { result = a + b; }

18
lib/modules.nix
View File

@ -323,16 +323,14 @@ rec {
else
mergeDefinitions loc opt.type defs';
# Check whether the option is defined, and apply the apply
# function to the merged value. This allows options to yield a
# value computed from the definitions.
value =
if !res.isDefined then
throw "The option `${showOption loc}' is used but not defined."
else if opt ? apply then
opt.apply res.mergedValue
else
res.mergedValue;
# The value with a check that it is defined
valueDefined = if res.isDefined then res.mergedValue else
throw "The option `${showOption loc}' is used but not defined.";
# Apply the 'apply' function to the merged value. This allows options to
# yield a value computed from the definitions
value = if opt ? apply then opt.apply valueDefined else valueDefined;
in opt //
{ value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value;

2
lib/options.nix
View File

@ -36,7 +36,7 @@ rec {
example ? null,
# String describing the option.
description ? null,
# Related packages used in the manual (see `genRelatedPackages` in ../nixos/doc/manual/default.nix).
# Related packages used in the manual (see `genRelatedPackages` in ../nixos/lib/make-options-doc/default.nix).
relatedPackages ? null,
# Option type, providing type-checking and value merging.
type ? null,

5
lib/systems/examples.nix
View File

@ -236,4 +236,9 @@ rec {
useLLVM = true;
};
# Ghcjs
ghcjs = {
config = "js-unknown-ghcjs";
platform = {};
};
}

4
lib/systems/inspect.nix
View File

@ -12,7 +12,7 @@ rec {
isx86_32 = { cpu = { family = "x86"; bits = 32; }; };
isx86_64 = { cpu = { family = "x86"; bits = 64; }; };
isPowerPC = { cpu = cpuTypes.powerpc; };
isPower = { cpu = { family = "power"; }; };
isPower = { cpu = { family = "power"; }; };
isx86 = { cpu = { family = "x86"; }; };
isAarch32 = { cpu = { family = "arm"; bits = 32; }; };
isAarch64 = { cpu = { family = "arm"; bits = 64; }; };
@ -23,6 +23,7 @@ rec {
isMsp430 = { cpu = { family = "msp430"; }; };
isAvr = { cpu = { family = "avr"; }; };
isAlpha = { cpu = { family = "alpha"; }; };
isJavaScript = { cpu = cpuTypes.js; };
is32bit = { cpu = { bits = 32; }; };
is64bit = { cpu = { bits = 64; }; };
@ -44,6 +45,7 @@ rec {
isCygwin = { kernel = kernels.windows; abi = abis.cygnus; };
isMinGW = { kernel = kernels.windows; abi = abis.gnu; };
isWasi = { kernel = kernels.wasi; };
isGhcjs = { kernel = kernels.ghcjs; };
isNone = { kernel = kernels.none; };
isAndroid = [ { abi = abis.android; } { abi = abis.androideabi; } ];

7
lib/systems/parse.nix
View File

@ -106,11 +106,13 @@ rec {
wasm32 = { bits = 32; significantByte = littleEndian; family = "wasm"; };
wasm64 = { bits = 64; significantByte = littleEndian; family = "wasm"; };
alpha = { bits = 64; significantByte = littleEndian; family = "alpha"; };
msp430 = { bits = 16; significantByte = littleEndian; family = "msp430"; };
avr = { bits = 8; family = "avr"; };
js = { bits = 32; significantByte = littleEndian; family = "js"; };
};
# Determine where two CPUs are compatible with each other. That is,
@ -271,6 +273,7 @@ rec {
solaris = { execFormat = elf; families = { }; };
wasi = { execFormat = wasm; families = { }; };
windows = { execFormat = pe; families = { }; };
ghcjs = { execFormat = unknown; families = { }; };
} // { # aliases
# 'darwin' is the kernel for all of them. We choose macOS by default.
darwin = kernels.macos;
@ -384,6 +387,8 @@ rec {
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; }
else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"])
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 1; abi = elemAt l 2; }
else if (elemAt l 2 == "ghcjs")
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 2; }
else throw "Target specification with 3 components is ambiguous";
"4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
}.${toString (length l)}

3
lib/types.nix
View File

@ -217,7 +217,8 @@ rec {
# Deprecated; should not be used because it quietly concatenates
# strings, which is usually not what you want.
string = separatedString "";
string = warn "types.string is deprecated because it quietly concatenates strings"
(separatedString "");
attrs = mkOptionType {
name = "attrs";

85
maintainers/maintainer-list.nix
View File

@ -478,7 +478,7 @@
name = "Stanislas Lange";
};
ankhers = {
email = "justin.k.wood@gmail.com";
email = "me@ankhers.dev";
github = "ankhers";
githubId = 750786;
name = "Justin Wood";
@ -1633,6 +1633,12 @@
githubId = 10913120;
name = "Dje4321";
};
dkabot = {
email = "dkabot@dkabot.com";
github = "dkabot";
githubId = 1316469;
name = "Naomi Morse";
};
dmalikov = {
email = "malikov.d.y@gmail.com";
github = "dmalikov";
@ -1724,6 +1730,16 @@
fingerprint = "389A 78CB CD88 5E0C 4701 DEB9 FD42 C7D0 D414 94C8";
}];
};
dump_stack = {
email = "root@dumpstack.io";
github = "jollheef";
githubId = 1749762;
name = "Mikhail Klementev";
keys = [{
longkeyid = "rsa4096/0x1525585D1B43C62A";
fingerprint = "5DD7 C6F6 0630 F08E DAE7 4711 1525 585D 1B43 C62A";
}];
};
dxf = {
email = "dingxiangfei2009@gmail.com";
github = "dingxiangfei2009";
@ -1812,6 +1828,12 @@
githubId = 18535642;
name = "Emily";
};
endocrimes = {
email = "dani@builds.terrible.systems";
github = "endocrimes";
githubId = 1330683;
name = "Danielle Lancashire";
};
ederoyd46 = {
email = "matt@ederoyd.co.uk";
github = "ederoyd46";
@ -2853,6 +2875,15 @@
githubId = 1383440;
name = "Jason Gilliland";
};
jdanek = {
email = "jdanek@redhat.com";
github = "jdanekrh";
keys = [{
longkeyid = "ed25519/0x69275CADF15D872E";
fingerprint = "D4A6 F051 AD58 2E7C BCED 5439 6927 5CAD F15D 872E";
}];
name = "Jiri Daněk";
};
jdehaas = {
email = "qqlq@nullptr.club";
github = "jeroendehaas";
@ -3044,6 +3075,16 @@
githubId = 8735102;
name = "John Ramsden";
};
jojosch = {
name = "Johannes Schleifenbaum";
email = "johannes@js-webcoding.de";
github = "jojosch";
githubId = 327488;
keys = [{
longkeyid = "ed25519/059093B1A278BCD0";
fingerprint = "7249 70E6 A661 D84E 8B47 678A 0590 93B1 A278 BCD0";
}];
};
joko = {
email = "ioannis.koutras@gmail.com";
github = "jokogr";
@ -5070,6 +5111,12 @@
githubId = 9568176;
name = "Piotr Halama";
};
puckipedia = {
email = "puck@puckipedia.com";
github = "puckipedia";
githubId = 488734;
name = "Puck Meerburg";
};
puffnfresh = {
email = "brian@brianmckenna.org";
github = "puffnfresh";
@ -5321,10 +5368,16 @@
name = "Richard Lupton";
};
rnhmjoj = {
email = "micheleguerinirocco@me.com";
email = "rnhmjoj@inventati.org";
github = "rnhmjoj";
githubId = 2817565;
name = "Michele Guerini Rocco";
keys =
[
{ longkeyid = "ed25519/0xBFBAF4C975F76450";
fingerprint = "92B2 904F D293 C94D C4C9 3E6B BFBA F4C9 75F7 6450";
}
];
};
rob = {
email = "rob.vermaas@gmail.com";
@ -5372,6 +5425,12 @@
githubId = 852967;
name = "Russell O'Connor";
};
roelvandijk = {
email = "roel@lambdacube.nl";
github = "roelvandijk";
githubId = 710906;
name = "Roel van Dijk";
};
romildo = {
email = "malaquias@gmail.com";
github = "romildo";
@ -5667,6 +5726,12 @@
githubId = 918365;
name = "Stefan Frijters";
};
sgo = {
email = "stig@stig.io";
github = "stigtsp";
githubId = 75371;
name = "Stig Palmquist";
};
sgraf = {
email = "sgraf1337@gmail.com";
github = "sgraf812";
@ -6549,6 +6614,12 @@
githubId = 1525767;
name = "Vaibhav Sagar";
};
valebes = {
email = "valebes@gmail.com";
github = "valebes";
githubid = 10956211;
name = "Valerio Besozzi";
};
valeriangalliat = {
email = "val@codejam.info";
github = "valeriangalliat";
@ -6630,6 +6701,16 @@
githubId = 5837359;
name = "Adrian Pistol";
};
vika_nezrimaya = {
email = "vika@fireburn.ru";
github = "kisik21";
githubId = 7953163;
name = "Vika Shleina";
keys = [{
longkeyid = "rsa4096/0x5402B9B5497BACDB";
fingerprint = "A03C D09C 36CF D9F6 1ADF AF11 5402 B9B5 497B ACDB";
}];
};
vinymeuh = {
email = "vinymeuh@gmail.com";
github = "vinymeuh";

1
maintainers/scripts/luarocks-packages.csv
View File

@ -18,6 +18,7 @@ http,,,,,vcunat
inspect,,,,,
ldoc,,,,,
lgi,,,,,
ljsyscall,,,,lua5_1,lblasc
lpeg,,,,,vyp
lpeg_patterns,,,,,
lpeglabel,,,,,

1 # nix name luarocks name server version luaversion maintainers
18 inspect
19 ldoc
20 lgi
21 ljsyscall lua5_1 lblasc
22 lpeg vyp
23 lpeg_patterns
24 lpeglabel

13
maintainers/scripts/update-ruby-packages Executable file
View File

@ -0,0 +1,13 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p bundler bundix
set -euf -o pipefail
(
cd pkgs/development/ruby-modules/with-packages
rm -f gemset.nix Gemfile.lock
bundle lock
bundix
mv gemset.nix ../../../top-level/ruby-packages.nix
rm -f Gemfile.lock
)

7
nixos/doc/manual/configuration/profiles/clone-config.xml
View File

@ -11,4 +11,11 @@
creating the image in the first place. As a result it allows users to edit
and rebuild the live-system.
</para>
<para>
On images where the installation media also becomes an installation target,
copying over <literal>configuration.nix</literal> should be disabled by
setting <literal>installer.cloneConfig</literal> to <literal>false</literal>.
For example, this is done in <literal>sd-image-aarch64.nix</literal>.
</para>
</section>

42
nixos/doc/manual/configuration/profiles/installation-device.xml
View File

@ -6,33 +6,31 @@
<title>Installation Device</title>
<para>
Provides a basic configuration for installation devices like CDs. This means
enabling hardware scans, using the <link linkend="sec-profile-clone-config">
Clone Config profile</link> to guarantee
<filename>/etc/nixos/configuration.nix</filename> exists (for
<command>nixos-rebuild</command> to work), a copy of the Nixpkgs channel
snapshot used to create the install media.
Provides a basic configuration for installation devices like CDs.
This enables redistributable firmware, includes the
<link linkend="sec-profile-clone-config">Clone Config profile</link>
and a copy of the Nixpkgs channel, so <command>nixos-install</command>
works out of the box.
</para>
<para>
Additionally, documentation for <link linkend="opt-documentation.enable">
Nixpkgs</link> and <link linkend="opt-documentation.nixos.enable">NixOS
</link> are forcefully enabled (to override the
Documentation for <link linkend="opt-documentation.enable">Nixpkgs</link>
and <link linkend="opt-documentation.nixos.enable">NixOS</link> are
forcefully enabled (to override the
<link linkend="sec-profile-minimal">Minimal profile</link> preference); the
NixOS manual is shown automatically on TTY 8, sudo and udisks are disabled.
Autologin is enabled as root.
NixOS manual is shown automatically on TTY 8, udisks is disabled.
Autologin is enabled as <literal>nixos</literal> user, while passwordless
login as both <literal>root</literal> and <literal>nixos</literal> is possible.
Passwordless <command>sudo</command> is enabled too.
<link linkend="opt-networking.wireless.enable">wpa_supplicant</link> is
enabled, but configured to not autostart.
</para>
<para>
It is explained how to login, start the ssh server, and if available,
how to start the display manager.
</para>
<para>
A message is shown to the user to start a display manager if needed, ssh with
<xref linkend="opt-services.openssh.permitRootLogin"/> are enabled (but
doesn't autostart). WPA Supplicant is also enabled without autostart.
</para>
<para>
Finally, vim is installed, root is set to not have a password, the kernel is
made more silent for remote public IP installs, and several settings are
tweaked so that the installer has a better chance of succeeding under
low-memory environments.
Several settings are tweaked so that the installer has a better chance of
succeeding under low-memory environments.
</para>
</section>

220
nixos/doc/manual/release-notes/rl-1909.xml
View File

@ -48,6 +48,73 @@
To gain root privileges use <literal>sudo -i</literal> without a password.
</para>
</listitem>
<listitem>
<para>
We've updated to Xfce 4.14, which brings a new module <option>services.xserver.desktopManager.xfce4-14</option>.
If you'd like to upgrade, please switch from the <option>services.xserver.desktopManager.xfce</option> module as it
will be deprecated in a future release. They're incompatibilities with the current Xfce module; it doesn't support
<option>thunarPlugins</option> and it isn't recommended to use <option>services.xserver.desktopManager.xfce</option>
and <option>services.xserver.desktopManager.xfce4-14</option> simultaneously or to downgrade from Xfce 4.14 after upgrading.
</para>
</listitem>
<listitem>
<para>
The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages
like games.
<itemizedlist>
<para>This can be achieved with the following options which the desktop manager default enables, excluding <literal>games</literal>.</para>
<listitem><para><link linkend="opt-services.gnome3.core-os-services.enable"><literal>services.gnome3.core-os-services.enable</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.gnome3.core-shell.enable"><literal>services.gnome3.core-shell.enable</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.gnome3.core-utilities.enable"><literal>services.gnome3.core-utilities.enable</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.gnome3.games.enable"><literal>services.gnome3.games.enable</literal></link></para></listitem>
</itemizedlist>
With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually
disable options or use <option>environment.gnome3.excludePackages</option> which only excluded the optional applications.
<option>environment.gnome3.excludePackages</option> is now unguarded, it can exclude any package installed with <option>environment.systemPackages</option>
in the GNOME 3 module.
</para>
</listitem>
<listitem>
<para>
Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications
to match as close as possible to a default reference GNOME 3 experience.
</para>
<bridgehead>The following changes were enacted in <option>services.gnome3.core-utilities.enable</option></bridgehead>
<itemizedlist>
<title>Applications removed from defaults:</title>
<listitem><para><literal>accerciser</literal></para></listitem>
<listitem><para><literal>dconf-editor</literal></para></listitem>
<listitem><para><literal>evolution</literal></para></listitem>
<listitem><para><literal>gnome-documents</literal></para></listitem>
<listitem><para><literal>gnome-nettool</literal></para></listitem>
<listitem><para><literal>gnome-power-manager</literal></para></listitem>
<listitem><para><literal>gnome-todo</literal></para></listitem>
<listitem><para><literal>gnome-tweaks</literal></para></listitem>
<listitem><para><literal>gnome-usage</literal></para></listitem>
<listitem><para><literal>gucharmap</literal></para></listitem>
<listitem><para><literal>nautilus-sendto</literal></para></listitem>
<listitem><para><literal>vinagre</literal></para></listitem>
</itemizedlist>
<itemizedlist>
<title>Applications added to defaults:</title>
<listitem><para><literal>cheese</literal></para></listitem>
<listitem><para><literal>geary</literal></para></listitem>
</itemizedlist>
<bridgehead>The following changes were enacted in <option>services.gnome3.core-shell.enable</option></bridgehead>
<itemizedlist>
<title>Applications added to defaults:</title>
<listitem><para><literal>gnome-color-manager</literal></para></listitem>
<listitem><para><literal>orca</literal></para></listitem>
</itemizedlist>
<itemizedlist>
<title>Services enabled:</title>
<listitem><para><option>services.avahi.enable</option></para></listitem>
</itemizedlist>
</listitem>
</itemizedlist>
</section>
@ -68,7 +135,17 @@
<literal>./programs/dwm-status.nix</literal>
</para>
</listitem>
<listitem>
<para>
The new <varname>hardware.printers</varname> module allows to declaratively configure CUPS printers
via the <varname>ensurePrinters</varname> and
<varname>ensureDefaultPrinter</varname> options.
<varname>ensurePrinters</varname> will never delete existing printers,
but will make sure that the given printers are configured as declared.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
@ -284,6 +361,68 @@
Squid 3 has been removed and the <option>squid</option> derivation now refers to Squid 4.
</para>
</listitem>
<listitem>
<para>
The <option>services.pdns-recursor.extraConfig</option> option has been replaced by
<option>services.pdns-recursor.settings</option>. The new option allows setting extra
configuration while being better type-checked and mergeable.
</para>
</listitem>
<listitem>
<para>
No service depends on <literal>keys.target</literal> anymore which is a systemd
target that indicates if all <link xlink:href="https://nixos.org/nixops/manual/#idm140737322342384">NixOps keys</link> were successfully uploaded.
Instead, <literal>&lt;key-name&gt;-key.service</literal> should be used to define
a dependency of a key in a service. The full issue behind the <literal>keys.target</literal>
dependency is described at <link xlink:href="https://github.com/NixOS/nixpkgs/issues/67265">NixOS/nixpkgs#67265</link>.
</para>
<para>
The following services are affected by this:
<itemizedlist>
<listitem><para><link linkend="opt-services.dovecot2.enable"><literal>services.dovecot2</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.nsd.enable"><literal>services.nsd</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.softether.enable"><literal>services.softether</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.strongswan.enable"><literal>services.strongswan</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.strongswan-swanctl.enable"><literal>services.strongswan-swanctl</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.httpd.enable"><literal>services.httpd</literal></link></para></listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
The <option>security.acme.directory</option> option has been replaced by a read-only <option>security.acme.certs.&lt;cert&gt;.directory</option> option for each certificate you define. This will be
a subdirectory of <literal>/var/lib/acme</literal>. You can use this read-only option to figure out where the certificates are stored for a specific certificate. For example,
the <option>services.nginx.virtualhosts.&lt;name&gt;.enableACME</option> option will use this directory option to find the certs for the virtual host.
</para>
<para>
<option>security.acme.preDelay</option> and <option>security.acme.activationDelay</option> options have been removed. To execute a service before certificates
are provisioned or renewed add a <literal>RequiredBy=acme-${cert}.service</literal> to any service.
</para>
<para>
Furthermore, the acme module will not automatically add a dependency on <literal>lighttpd.service</literal> anymore. If you are using certficates provided by letsencrypt
for lighttpd, then you should depend on the certificate service <literal>acme-${cert}.service></literal> manually.
</para>
<para>
For nginx, the dependencies are still automatically managed when <option>services.nginx.virtualhosts.&lt;name&gt;.enableACME</option> is enabled just like before. What changed is that nginx now directly depends on the specific certificates that it needs,
instead of depending on the catch-all <literal>acme-certificates.target</literal>. This target unit was also removed from the codebase.
This will mean nginx will no longer depend on certificates it isn't explicitly managing and fixes a bug with certificate renewal
ordering racing with nginx restarting which could lead to nginx getting in a broken state as described at
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/60180">NixOS/nixpkgs#60180</link>.
</para>
</listitem>
<listitem>
<para>
The old deprecated <literal>emacs</literal> package sets have been dropped.
What used to be called <literal>emacsPackagesNg</literal> is now simply called <literal>emacsPackages</literal>.
</para>
</listitem>
<listitem>
<para>
<option>services.xserver.desktopManager.xterm</option> is now disabled by default.
It was not useful except for debugging purposes and was confusingly set as default in some circumstances.
</para>
</listitem>
</itemizedlist>
</section>
@ -482,8 +621,8 @@
</para>
</listitem>
</itemizedlist>
This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>.
This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>,
and restricts the SysRq key combinations to the sync command only.
These sysctl snippets can be found in <literal>/etc/sysctl.d/50-*.conf</literal>,
and overridden via <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link>
(which will place the parameters in <literal>/etc/sysctl.d/60-nixos.conf</literal>).
@ -499,19 +638,78 @@
<option>boot.kernel.sysctl."kernel.core_pattern"</option> to <literal>"core"</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>systemd.packages</literal> option now also supports generators and
shutdown scripts. Old <literal>systemd.generator-packages</literal> option has
been removed.
</para>
</listitem>
<listitem>
<para>
The <literal>rmilter</literal> package was removed with associated module and options due deprecation by upstream developer.
Use <literal>rspamd</literal> in proxy mode instead.
<literal>systemd.packages</literal> option now also supports generators and
shutdown scripts. Old <literal>systemd.generator-packages</literal> option has
been removed.
</para>
</listitem>
<listitem>
<para>
The <literal>rmilter</literal> package was removed with associated module and options due deprecation by upstream developer.
Use <literal>rspamd</literal> in proxy mode instead.
</para>
</listitem>
<listitem>
<para>
systemd cgroup accounting via the
<link linkend="opt-systemd.enableCgroupAccounting">systemd.enableCgroupAccounting</link>
option is now enabled by default. It now also enables the more recent Block IO and IP accounting
features.
</para>
</listitem>
<listitem>
<para>
We no longer enable custom font rendering settings with <option>fonts.fontconfig.penultimate.enable</option> by default.
The defaults from fontconfig are sufficient.
</para>
</listitem>
<listitem>
<para>
The <literal>crashplan</literal> package and the
<literal>crashplan</literal> service have been removed from nixpkgs due to
crashplan shutting down the service, while the <literal>crashplansb</literal>
package and <literal>crashplan-small-business</literal> service have been
removed from nixpkgs due to lack of maintainer.
</para>
<para>
The <link linkend="opt-services.redis.enable">redis module</link> was hardcoded to use the <literal>redis</literal> user,
<filename class="directory">/run/redis</filename> as runtime directory and
<filename class="directory">/var/lib/redis</filename> as state directory.
Note that the NixOS module for Redis now disables kernel support for Transparent Huge Pages (THP),
because this features causes major performance problems for Redis,
e.g. (https://redis.io/topics/latency).
</para>
</listitem>
<listitem>
<para>
Using <option>fonts.enableDefaultFonts</option> adds a default emoji font <literal>noto-fonts-emoji</literal>.
<itemizedlist>
<para>Users of the following options will have this enabled by default:</para>
<listitem>
<para><option>services.xserver.enable</option></para>
</listitem>
<listitem>
<para><option>programs.sway.enable</option></para>
</listitem>
<listitem>
<para><option>programs.way-cooler.enable</option></para>
</listitem>
<listitem>
<para><option>services.xrdp.enable</option></para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
The <literal>altcoins</literal> categorization of packages has
been removed. You now access these packages at the top level,
ie. <literal>nix-shell -p dogecoin</literal> instead of
<literal>nix-shell -p altcoins.dogecoin</literal>, etc.
</para>
</listitem>
</itemizedlist>
</section>
</section>

2
nixos/modules/config/fonts/fontconfig-penultimate.nix
View File

@ -269,7 +269,7 @@ in
penultimate = {
enable = mkOption {
type = types.bool;
default = true;
default = false;
description = ''
Enable fontconfig-penultimate settings to supplement the
NixOS defaults by providing per-font rendering defaults and

19
nixos/modules/config/fonts/fontconfig.nix
View File

@ -116,7 +116,7 @@ let
defaultFontsConf =
let genDefault = fonts: name:
optionalString (fonts != []) ''
<alias>
<alias binding="same">
<family>${name}</family>
<prefer>
${concatStringsSep ""
@ -139,6 +139,8 @@ let
${genDefault cfg.defaultFonts.monospace "monospace"}
${genDefault cfg.defaultFonts.emoji "emoji"}
</fontconfig>
'';
@ -344,6 +346,21 @@ in
in case multiple languages must be supported.
'';
};
emoji = mkOption {
type = types.listOf types.str;
default = ["Noto Color Emoji"];
description = ''
System-wide default emoji font(s). Multiple fonts may be listed
in case a font does not support all emoji.
Note that fontconfig matches color emoji fonts preferentially,
so if you want to use a black and white font while having
a color font installed (eg. Noto Color Emoji installed alongside
Noto Emoji), fontconfig will still choose the color font even
when it is later in the list.
'';
};
};
hinting = {

1
nixos/modules/config/fonts/fonts.nix
View File

@ -43,6 +43,7 @@ with lib;
pkgs.xorg.fontmiscmisc
pkgs.xorg.fontcursormisc
pkgs.unifont
pkgs.noto-fonts-emoji
];
};

1
nixos/modules/config/update-users-groups.pl
View File

@ -267,6 +267,7 @@ foreach my $line (-f "/etc/shadow" ? read_file("/etc/shadow") : ()) {
next if !defined $u;
$hashedPassword = "!" if !$spec->{mutableUsers};
$hashedPassword = $u->{hashedPassword} if defined $u->{hashedPassword} && !$spec->{mutableUsers}; # FIXME
chomp $hashedPassword;
push @shadowNew, join(":", $name, $hashedPassword, @rest) . "\n";
$shadowSeen{$name} = 1;
}

12
nixos/modules/config/users-groups.nix
View File

@ -181,7 +181,7 @@ let
};
hashedPassword = mkOption {
type = with types; uniq (nullOr str);
type = with types; nullOr str;
default = null;
description = ''
Specifies the hashed password for the user.
@ -191,7 +191,7 @@ let
};
password = mkOption {
type = with types; uniq (nullOr str);
type = with types; nullOr str;
default = null;
description = ''
Specifies the (clear text) password for the user.
@ -203,7 +203,7 @@ let
};
passwordFile = mkOption {
type = with types; uniq (nullOr string);
type = with types; nullOr str;
default = null;
description = ''
The full path to a file that contains the user's password. The password
@ -215,7 +215,7 @@ let
};
initialHashedPassword = mkOption {
type = with types; uniq (nullOr str);
type = with types; nullOr str;
default = null;
description = ''
Specifies the initial hashed password for the user, i.e. the
@ -230,7 +230,7 @@ let
};
initialPassword = mkOption {
type = with types; uniq (nullOr str);
type = with types; nullOr str;
default = null;
description = ''
Specifies the initial password for the user, i.e. the
@ -304,7 +304,7 @@ let
};
members = mkOption {
type = with types; listOf string;
type = with types; listOf str;
default = [];
description = ''
The user names of the group members, added to the

133
nixos/modules/hardware/openrazer.nix Normal file
View File

@ -0,0 +1,133 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.hardware.openrazer;
kernelPackages = config.boot.kernelPackages;
toPyBoolStr = b: if b then "True" else "False";
daemonExe = "${pkgs.openrazer-daemon}/bin/openrazer-daemon --config ${daemonConfFile}";
daemonConfFile = pkgs.writeTextFile {
name = "razer.conf";
text = ''
[General]
verbose_logging = ${toPyBoolStr cfg.verboseLogging}
[Startup]
sync_effects_enabled = ${toPyBoolStr cfg.syncEffectsEnabled}
devices_off_on_screensaver = ${toPyBoolStr cfg.devicesOffOnScreensaver}
mouse_battery_notifier = ${toPyBoolStr cfg.mouseBatteryNotifier}
[Statistics]
key_statistics = ${toPyBoolStr cfg.keyStatistics}
'';
};
dbusServiceFile = pkgs.writeTextFile rec {
name = "org.razer.service";
destination = "/share/dbus-1/services/${name}";
text = ''
[D-BUS Service]
Name=org.razer
Exec=${daemonExe}
SystemdService=openrazer-daemon.service
'';
};
drivers = [
"razerkbd"
"razermouse"
"razerfirefly"
"razerkraken"
"razermug"
"razercore"
];
in
{
options = {
hardware.openrazer = {
enable = mkEnableOption "OpenRazer drivers and userspace daemon.";
verboseLogging = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable verbose logging. Logs debug messages.
'';
};
syncEffectsEnabled = mkOption {
type = types.bool;
default = true;
description = ''
Set the sync effects flag to true so any assignment of
effects will work across devices.
'';
};
devicesOffOnScreensaver = mkOption {
type = types.bool;
default = true;
description = ''
Turn off the devices when the systems screensaver kicks in.
'';
};
mouseBatteryNotifier = mkOption {
type = types.bool;
default = true;
description = ''
Mouse battery notifier.
'';
};
keyStatistics = mkOption {
type = types.bool;
default = false;
description = ''
Collects number of keypresses per hour per key used to
generate a heatmap.
'';
};
};
};
config = mkIf cfg.enable {
boot.extraModulePackages = [ kernelPackages.openrazer ];
boot.kernelModules = drivers;
# Makes the man pages available so you can succesfully run
# > systemctl --user help openrazer-daemon
environment.systemPackages = [ pkgs.python3Packages.openrazer-daemon.man ];
services.udev.packages = [ kernelPackages.openrazer ];
services.dbus.packages = [ dbusServiceFile ];
# A user must be a member of the plugdev group in order to start
# the openrazer-daemon. Therefore we make sure that the plugdev
# group exists.
users.groups.plugdev = {};
systemd.user.services.openrazer-daemon = {
description = "Daemon to manage razer devices in userspace";
unitConfig.Documentation = "man:openrazer-daemon(8)";
# Requires a graphical session so the daemon knows when the screensaver
# starts. See the 'devicesOffOnScreensaver' option.
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
Type = "dbus";
BusName = "org.razer";
ExecStart = "${daemonExe} --foreground";
Restart = "always";
};
};
};
meta = {
maintainers = with lib.maintainers; [ roelvandijk ];
};
}

135
nixos/modules/hardware/printers.nix Normal file
View File

@ -0,0 +1,135 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.printers;
ppdOptionsString = options: optionalString (options != {})
(concatStringsSep " "
(mapAttrsToList (name: value: "-o '${name}'='${value}'") options)
);
ensurePrinter = p: ''
${pkgs.cups}/bin/lpadmin -p '${p.name}' -E \
${optionalString (p.location != null) "-L '${p.location}'"} \
${optionalString (p.description != null) "-D '${p.description}'"} \
-v '${p.deviceUri}' \
-m '${p.model}' \
${ppdOptionsString p.ppdOptions}
'';
ensureDefaultPrinter = name: ''
${pkgs.cups}/bin/lpoptions -d '${name}'
'';
# "graph but not # or /" can't be implemented as regex alone due to missing lookahead support
noInvalidChars = str: all (c: c != "#" && c != "/") (stringToCharacters str);
printerName = (types.addCheck (types.strMatching "[[:graph:]]+") noInvalidChars)
// { description = "printable string without spaces, # and /"; };
in {
options = {
hardware.printers = {
ensureDefaultPrinter = mkOption {
type = types.nullOr printerName;
default = null;
description = ''
Ensures the named printer is the default CUPS printer / printer queue.
'';
};
ensurePrinters = mkOption {
description = ''
Will regularly ensure that the given CUPS printers are configured as declared here.
If a printer's options are manually changed afterwards, they will be overwritten eventually.
This option will never delete any printer, even if removed from this list.
You can check existing printers with <command>lpstat -s</command>
and remove printers with <command>lpadmin -x &lt;printer-name&gt;</command>.
Printers not listed here can still be manually configured.
'';
default = [];
type = types.listOf (types.submodule {
options = {
name = mkOption {
type = printerName;
example = "BrotherHL_Workroom";
description = ''
Name of the printer / printer queue.
May contain any printable characters except "/", "#", and space.
'';
};
location = mkOption {
type = types.nullOr types.str;
default = null;
example = "Workroom";
description = ''
Optional human-readable location.
'';
};
description = mkOption {
type = types.nullOr types.str;
default = null;
example = "Brother HL-5140";
description = ''
Optional human-readable description.
'';
};
deviceUri = mkOption {
type = types.str;
example = [
"ipp://printserver.local/printers/BrotherHL_Workroom"
"usb://HP/DESKJET%20940C?serial=CN16E6C364BH"
];
description = ''
How to reach the printer.
<command>lpinfo -v</command> shows a list of supported device URIs and schemes.
'';
};
model = mkOption {
type = types.str;
example = literalExample ''
gutenprint.''${lib.version.majorMinor (lib.getVersion pkgs.cups)}://brother-hl-5140/expert
'';
description = ''
Location of the ppd driver file for the printer.
<command>lpinfo -m</command> shows a list of supported models.
'';
};
ppdOptions = mkOption {
type = types.attrsOf types.str;
example = {
"PageSize" = "A4";
"Duplex" = "DuplexNoTumble";
};
default = {};
description = ''
Sets PPD options for the printer.
<command>lpoptions [-p printername] -l</command> shows suported PPD options for the given printer.
'';
};
};
});
};
};
};
config = mkIf (cfg.ensurePrinters != [] && config.services.printing.enable) {
systemd.services."ensure-printers" = let
cupsUnit = if config.services.printing.startWhenNeeded then "cups.socket" else "cups.service";
in {
description = "Ensure NixOS-configured CUPS printers";
wantedBy = [ "multi-user.target" ];
requires = [ cupsUnit ];
# in contrast to cups.socket, for cups.service, this is actually not enough,
# as the cups service reports its activation before clients can actually interact with it.
# Because of this, commands like `lpinfo -v` will report a bad file descriptor
# due to the missing UNIX socket without sufficient sleep time.
after = [ cupsUnit ];
serviceConfig = {
Type = "oneshot";
};
# sleep 10 is required to wait until cups.service is actually initialized and has created its UNIX socket file
script = (optionalString (!config.services.printing.startWhenNeeded) "sleep 10\n")
+ (concatMapStringsSep "\n" ensurePrinter cfg.ensurePrinters)
+ optionalString (cfg.ensureDefaultPrinter != null) (ensureDefaultPrinter cfg.ensureDefaultPrinter);
};
};
}

4
nixos/modules/hardware/raid/hpsa.nix
View File

@ -4,11 +4,11 @@ with lib;
let
hpssacli = pkgs.stdenv.mkDerivation rec {
name = "hpssacli-${version}";
pname = "hpssacli";
version = "2.40-13.0";
src = pkgs.fetchurl {
url = "https://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/${name}_amd64.deb";
url = "https://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/${pname}-${version}_amd64.deb";
sha256 = "11w7fwk93lmfw0yya4jpjwdmgjimqxx6412sqa166g1pz4jil4sw";
};

4
nixos/modules/hardware/video/nvidia.nix
View File

@ -88,7 +88,7 @@ in
};
hardware.nvidia.optimus_prime.nvidiaBusId = lib.mkOption {
type = lib.types.string;
type = lib.types.str;
default = "";
example = "PCI:1:0:0";
description = ''
@ -98,7 +98,7 @@ in
};
hardware.nvidia.optimus_prime.intelBusId = lib.mkOption {
type = lib.types.string;
type = lib.types.str;
default = "";
example = "PCI:0:2:0";
description = ''

4
nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
View File

@ -59,4 +59,8 @@ in
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
'';
};
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

4
nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix
View File

@ -56,4 +56,8 @@ in
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
'';
};
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

4
nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix
View File

@ -45,4 +45,8 @@ in
${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
'';
};
# the installation media is also the installation target,
# so we don't want to provide the installation configuration.nix.
installer.cloneConfig = false;
}

4
nixos/modules/installer/cd-dvd/sd-image.nix
View File

@ -54,7 +54,7 @@ in
};
firmwarePartitionID = mkOption {
type = types.string;
type = types.str;
default = "0x2178694e";
description = ''
Volume ID for the /boot/firmware partition on the SD card. This value
@ -63,7 +63,7 @@ in
};
rootPartitionUUID = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
description = ''

2
nixos/modules/misc/ids.nix
View File

@ -340,6 +340,7 @@
cockroachdb = 313;
zoneminder = 314;
paperless = 315;
#mailman = 316; # removed 2019-08-30
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -640,6 +641,7 @@
cockroachdb = 313;
zoneminder = 314;
paperless = 315;
#mailman = 316; # removed 2019-08-30
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

14
nixos/modules/module-list.nix
View File

@ -58,7 +58,9 @@
./hardware/network/intel-2200bg.nix
./hardware/nitrokey.nix
./hardware/opengl.nix
./hardware/openrazer.nix
./hardware/pcmcia.nix
./hardware/printers.nix
./hardware/raid/hpsa.nix
./hardware/steam-hardware.nix
./hardware/usb-wwan.nix
@ -138,6 +140,7 @@
./programs/qt5ct.nix
./programs/screen.nix
./programs/sedutil.nix
./programs/seahorse.nix
./programs/slock.nix
./programs/shadow.nix
./programs/shell.nix
@ -152,12 +155,14 @@
./programs/tmux.nix
./programs/tsm-client.nix
./programs/udevil.nix
./programs/usbtop.nix
./programs/venus.nix
./programs/vim.nix
./programs/wavemon.nix
./programs/way-cooler.nix
./programs/waybar.nix
./programs/wireshark.nix
./programs/x2goserver.nix
./programs/xfs_quota.nix
./programs/xonsh.nix
./programs/xss-lock.nix
@ -214,8 +219,6 @@
./services/backup/bacula.nix
./services/backup/borgbackup.nix
./services/backup/duplicati.nix
./services/backup/crashplan.nix
./services/backup/crashplan-small-business.nix
./services/backup/duplicity.nix
./services/backup/mysql-backup.nix
./services/backup/postgresql-backup.nix
@ -280,6 +283,7 @@
./services/databases/virtuoso.nix
./services/desktops/accountsservice.nix
./services/desktops/bamf.nix
./services/desktops/blueman.nix
./services/desktops/deepin/deepin.nix
./services/desktops/dleyna-renderer.nix
./services/desktops/dleyna-server.nix
@ -301,7 +305,6 @@
./services/desktops/gnome3/gnome-settings-daemon.nix
./services/desktops/gnome3/gnome-user-share.nix
./services/desktops/gnome3/rygel.nix
./services/desktops/gnome3/seahorse.nix
./services/desktops/gnome3/sushi.nix
./services/desktops/gnome3/tracker.nix
./services/desktops/gnome3/tracker-miners.nix
@ -376,6 +379,7 @@
./services/mail/mail.nix
./services/mail/mailcatcher.nix
./services/mail/mailhog.nix
./services/mail/mailman.nix
./services/mail/mlmmj.nix
./services/mail/offlineimap.nix
./services/mail/opendkim.nix
@ -697,6 +701,7 @@
./services/networking/supybot.nix
./services/networking/syncthing.nix
./services/networking/syncthing-relay.nix
./services/networking/syncplay.nix
./services/networking/tcpcrypt.nix
./services/networking/teamspeak3.nix
./services/networking/tedicross.nix
@ -770,6 +775,7 @@
./services/system/uptimed.nix
./services/torrent/deluge.nix
./services/torrent/flexget.nix
./services/torrent/magnetico.nix
./services/torrent/opentracker.nix
./services/torrent/peerflix.nix
./services/torrent/transmission.nix
@ -789,6 +795,7 @@
./services/web-apps/mattermost.nix
./services/web-apps/mediawiki.nix
./services/web-apps/miniflux.nix
./services/web-apps/moodle.nix
./services/web-apps/nextcloud.nix
./services/web-apps/nexus.nix
./services/web-apps/pgpkeyserver-lite.nix
@ -802,6 +809,7 @@
./services/web-apps/zabbix.nix
./services/web-servers/apache-httpd/default.nix
./services/web-servers/caddy.nix
./services/web-servers/darkhttpd.nix
./services/web-servers/fcgiwrap.nix
./services/web-servers/hitch/default.nix
./services/web-servers/hydron.nix

15
nixos/modules/profiles/installation-device.nix
View File

@ -55,13 +55,16 @@ with lib;
services.mingetty.autologinUser = "nixos";
# Some more help text.
services.mingetty.helpLine =
''
services.mingetty.helpLine = ''
The "nixos" and "root" accounts have empty passwords.
The "nixos" and "root" account have empty passwords. ${
optionalString config.services.xserver.enable
"Type `sudo systemctl start display-manager' to\nstart the graphical user interface."}
'';
Type `sudo systemctl start sshd` to start the SSH daemon.
You then must set a password for either "root" or "nixos"
with `passwd` to be able to login.
'' + optionalString config.services.xserver.enable ''
Type `sudo systemctl start display-manager' to
start the graphical user interface.
'';
# Allow sshd to be started manually through "systemctl start sshd".
services.openssh = {

2
nixos/modules/programs/bash/bash.nix
View File

@ -98,7 +98,7 @@ in
if [ "$TERM" != "dumb" -o -n "$INSIDE_EMACS" ]; then
PROMPT_COLOR="1;31m"
let $UID && PROMPT_COLOR="1;32m"
if [ -n "$INSIDE_EMACS" ]; then
if [ -n "$INSIDE_EMACS" -o "$TERM" == "eterm" -o "$TERM" == "eterm-color" ]; then
# Emacs term mode doesn't support xterm title escape sequence (\e]0;)
PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] "
else

44
nixos/modules/programs/seahorse.nix Normal file
View File

@ -0,0 +1,44 @@
# Seahorse.
{ config, pkgs, lib, ... }:
with lib;
{
# Added 2019-08-27
imports = [
(mkRenamedOptionModule
[ "services" "gnome3" "seahorse" "enable" ]
[ "programs" "seahorse" "enable" ])
];
###### interface
options = {
programs.seahorse = {
enable = mkEnableOption "Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring";
};
};
###### implementation
config = mkIf config.programs.seahorse.enable {
environment.systemPackages = [
pkgs.gnome3.seahorse
];
services.dbus.packages = [
pkgs.gnome3.seahorse
];
};
}

2
nixos/modules/programs/thefuck.nix
View File

@ -17,7 +17,7 @@ in
alias = mkOption {
default = "fuck";
type = types.string;
type = types.str;
description = ''
`thefuck` needs an alias to be configured.

21
nixos/modules/programs/usbtop.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.usbtop;
in {
options = {
programs.usbtop.enable = mkEnableOption "usbtop and required kernel module";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
usbtop
];
boot.kernelModules = [
"usbmon"
];
};
}

148
nixos/modules/programs/x2goserver.nix Normal file
View File

@ -0,0 +1,148 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.x2goserver;
defaults = {
superenicer = { "enable" = cfg.superenicer.enable; };
};
confText = generators.toINI {} (recursiveUpdate defaults cfg.settings);
x2goServerConf = pkgs.writeText "x2goserver.conf" confText;
x2goAgentOptions = pkgs.writeText "x2goagent.options" ''
X2GO_NXOPTIONS=""
X2GO_NXAGENT_DEFAULT_OPTIONS="${concatStringsSep " " cfg.nxagentDefaultOptions}"
'';
in {
options.programs.x2goserver = {
enable = mkEnableOption "x2goserver" // {
description = ''
Enables the x2goserver module.
NOTE: This will create a good amount of symlinks in `/usr/local/bin`
'';
};
superenicer = {
enable = mkEnableOption "superenicer" // {
description = ''
Enables the SupeReNicer code in x2gocleansessions, this will renice
suspended sessions to nice level 19 and renice them to level 0 if the
session becomes marked as running again
'';
};
};
nxagentDefaultOptions = mkOption {
type = types.listOf types.str;
default = [ "-extension GLX" "-nolisten tcp" ];
example = [ "-extension GLX" "-nolisten tcp" ];
description = ''
List of default nx agent options.
'';
};
settings = mkOption {
type = types.attrsOf types.attrs;
default = {};
description = ''
x2goserver.conf ini configuration as nix attributes. See
`x2goserver.conf(5)` for details
'';
example = literalExample ''
superenicer = {
"enable" = "yes";
"idle-nice-level" = 19;
};
telekinesis = { "enable" = "no"; };
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.x2goserver ];
users.groups.x2go = {};
users.users.x2go = {
home = "/var/lib/x2go/db";
group = "x2go";
};
security.wrappers.x2gosqliteWrapper = {
source = "${pkgs.x2goserver}/lib/x2go/libx2go-server-db-sqlite3-wrapper.pl";
owner = "x2go";
group = "x2go";
setgid = true;
};
security.wrappers.x2goprintWrapper = {
source = "${pkgs.x2goserver}/bin/x2goprint";
owner = "x2go";
group = "x2go";
setgid = true;
};
systemd.tmpfiles.rules = with pkgs; [
"d /var/lib/x2go/ - x2go x2go - -"
"d /var/lib/x2go/db - x2go x2go - -"
"d /var/lib/x2go/conf - x2go x2go - -"
"d /run/x2go 0755 x2go x2go - -"
] ++
# x2goclient sends SSH commands with preset PATH set to
# "/usr/local/bin;/usr/bin;/bin". Since we cannot filter arbitrary ssh
# commands, we have to make the following executables available.
map (f: "L+ /usr/local/bin/${f} - - - - ${x2goserver}/bin/${f}") [
"x2goagent" "x2gobasepath" "x2gocleansessions" "x2gocmdexitmessage"
"x2godbadmin" "x2gofeature" "x2gofeaturelist" "x2gofm" "x2gogetapps"
"x2gogetservers" "x2golistdesktops" "x2golistmounts" "x2golistsessions"
"x2golistsessions_root" "x2golistshadowsessions" "x2gomountdirs"
"x2gopath" "x2goprint" "x2goresume-desktopsharing" "x2goresume-session"
"x2goruncommand" "x2goserver-run-extensions" "x2gosessionlimit"
"x2gosetkeyboard" "x2goshowblocks" "x2gostartagent"
"x2gosuspend-desktopsharing" "x2gosuspend-session"
"x2goterminate-desktopsharing" "x2goterminate-session"
"x2goumount-session" "x2goversion"
] ++ [
"L+ /usr/local/bin/awk - - - - ${gawk}/bin/awk"
"L+ /usr/local/bin/chmod - - - - ${coreutils}/bin/chmod"
"L+ /usr/local/bin/cp - - - - ${coreutils}/bin/cp"
"L+ /usr/local/bin/sed - - - - ${gnused}/bin/sed"
"L+ /usr/local/bin/setsid - - - - ${utillinux}/bin/setsid"
"L+ /usr/local/bin/xrandr - - - - ${xorg.xrandr}/bin/xrandr"
"L+ /usr/local/bin/xmodmap - - - - ${xorg.xmodmap}/bin/xmodmap"
];
systemd.services.x2goserver = {
description = "X2Go Server Daemon";
wantedBy = [ "multi-user.target" ];
unitConfig.Documentation = "man:x2goserver.conf(5)";
serviceConfig = {
Type = "forking";
ExecStart = "${pkgs.x2goserver}/bin/x2gocleansessions";
PIDFile = "/run/x2go/x2goserver.pid";
User = "x2go";
Group = "x2go";
RuntimeDirectory = "x2go";
StateDirectory = "x2go";
};
preStart = ''
if [ ! -e /var/lib/x2go/setup_ran ]
then
mkdir -p /var/lib/x2go/conf
cp -r ${pkgs.x2goserver}/etc/x2go/* /var/lib/x2go/conf/
ln -sf ${x2goServerConf} /var/lib/x2go/conf/x2goserver.conf
ln -sf ${x2goAgentOptions} /var/lib/x2go/conf/x2goagent.options
${pkgs.x2goserver}/bin/x2godbadmin --createdb
touch /var/lib/x2go/setup_ran
fi
'';
};
# https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=276
security.sudo.extraConfig = ''
Defaults env_keep+=QT_GRAPHICSSYSTEM
'';
};
}

2
nixos/modules/programs/xss-lock.nix
View File

@ -12,7 +12,7 @@ in
lockerCommand = mkOption {
default = "${pkgs.i3lock}/bin/i3lock";
example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy'';
type = types.string;
type = types.separatedString " ";
description = "Locker to be used with xsslock";
};

8
nixos/modules/programs/yabar.nix
View File

@ -76,7 +76,7 @@ in
font = mkOption {
default = "sans bold 9";
example = "Droid Sans, FontAwesome Bold 9";
type = types.string;
type = types.str;
description = ''
The font that will be used to draw the status bar.
@ -95,7 +95,7 @@ in
extra = mkOption {
default = {};
type = types.attrsOf types.string;
type = types.attrsOf types.str;
description = ''
An attribute set which contains further attributes of a bar.
@ -107,7 +107,7 @@ in
type = types.attrsOf(types.submodule {
options.exec = mkOption {
example = "YABAR_DATE";
type = types.string;
type = types.str;
description = ''
The type of the indicator to be executed.
'';
@ -125,7 +125,7 @@ in
options.extra = mkOption {
default = {};
type = types.attrsOf (types.either types.string types.int);
type = types.attrsOf (types.either types.str types.int);
description = ''
An attribute set which contains further attributes of a indicator.

4
nixos/modules/programs/zsh/zsh-syntax-highlighting.nix
View File

@ -33,7 +33,7 @@ in
patterns = mkOption {
default = {};
type = types.attrsOf types.string;
type = types.attrsOf types.str;
example = literalExample ''
{
@ -50,7 +50,7 @@ in
};
styles = mkOption {
default = {};
type = types.attrsOf types.string;
type = types.attrsOf types.str;
example = literalExample ''
{

1
nixos/modules/programs/zsh/zsh.nix
View File

@ -214,7 +214,6 @@ in
# Need to disable features to support TRAMP
if [ "$TERM" = dumb ]; then
unsetopt zle prompt_cr prompt_subst
unfunction precmd preexec
unset RPS1 RPROMPT
PS1='$ '
PROMPT='$ '

12
nixos/modules/rename.nix
View File

@ -257,6 +257,11 @@ with lib;
# binfmt
(mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
# ACME
(mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
(mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
(mkRemovedOptionModule [ "security" "acme" "activationDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
# KSM
(mkRenamedOptionModule [ "hardware" "enableKSM" ] [ "hardware" "ksm" "enable" ])
@ -280,6 +285,13 @@ with lib;
throw "services.redshift.longitude is set to null, you can remove this"
else builtins.fromJSON value))
# Redis
(mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
(mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")
(mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.")
(mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.")
(mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.")
] ++ (forEach [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
"snmpExporter" "unifiExporter" "varnishExporter" ]

152
nixos/modules/security/acme.nix
View File

@ -80,25 +80,11 @@ let
'';
};
activationDelay = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Systemd time span expression to delay copying new certificates to main
state directory. See <citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>.
'';
};
preDelay = mkOption {
type = types.lines;
default = "";
description = ''
Commands to run after certificates are re-issued but before they are
activated. Typically the new certificate is published to DNS.
Executed in the same directory with the new certificate.
'';
directory = mkOption {
type = types.str;
readOnly = true;
default = "/var/lib/acme/${name}";
description = "Directory where certificate and other state is stored.";
};
extraDomains = mkOption {
@ -126,13 +112,6 @@ in
options = {
security.acme = {
directory = mkOption {
default = "/var/lib/acme";
type = types.str;
description = ''
Directory where certs and other state will be stored by default.
'';
};
validMin = mkOption {
type = types.int;
@ -181,7 +160,11 @@ in
default = { };
type = with types; attrsOf (submodule certOpts);
description = ''
Attribute set of certificates to get signed and renewed.
Attribute set of certificates to get signed and renewed. Creates
<literal>acme-''${cert}.{service,timer}</literal> systemd units for
each certificate defined here. Other services can add dependencies
to those units if they rely on the certificates being present,
or trigger restarts of the service if certificates get renewed.
'';
example = literalExample ''
{
@ -209,8 +192,7 @@ in
servicesLists = mapAttrsToList certToServices cfg.certs;
certToServices = cert: data:
let
cpath = lpath + optionalString (data.activationDelay != null) ".staging";
lpath = "${cfg.directory}/${cert}";
lpath = "acme/${cert}";
rights = if data.allowKeysForGroup then "750" else "700";
cmdline = [ "-v" "-d" data.domain "--default_root" data.webroot "--valid_min" cfg.validMin ]
++ optionals (data.email != null) [ "--email" data.email ]
@ -224,79 +206,27 @@ in
serviceConfig = {
Type = "oneshot";
SuccessExitStatus = [ "0" "1" ];
PermissionsStartOnly = true;
User = data.user;
Group = data.group;
PrivateTmp = true;
StateDirectory = lpath;
StateDirectoryMode = rights;
WorkingDirectory = "/var/lib/${lpath}";
ExecStart = "${pkgs.simp_le}/bin/simp_le ${escapeShellArgs cmdline}";
ExecStopPost =
let
script = pkgs.writeScript "acme-post-stop" ''
#!${pkgs.runtimeShell} -e
${data.postRun}
'';
in
"+${script}";
};
path = with pkgs; [ simp_le systemd ];
preStart = ''
mkdir -p '${cfg.directory}'
chown 'root:root' '${cfg.directory}'
chmod 755 '${cfg.directory}'
if [ ! -d '${cpath}' ]; then
mkdir '${cpath}'
fi
chmod ${rights} '${cpath}'
chown -R '${data.user}:${data.group}' '${cpath}'
mkdir -p '${data.webroot}/.well-known/acme-challenge'
chown -R '${data.user}:${data.group}' '${data.webroot}/.well-known/acme-challenge'
'';
script = ''
cd '${cpath}'
set +e
simp_le ${escapeShellArgs cmdline}
EXITCODE=$?
set -e
echo "$EXITCODE" > /tmp/lastExitCode
exit "$EXITCODE"
'';
postStop = ''
cd '${cpath}'
if [ -e /tmp/lastExitCode ] && [ "$(cat /tmp/lastExitCode)" = "0" ]; then
${if data.activationDelay != null then ''
${data.preDelay}
if [ -d '${lpath}' ]; then
systemd-run --no-block --on-active='${data.activationDelay}' --unit acme-setlive-${cert}.service
else
systemctl --wait start acme-setlive-${cert}.service
fi
'' else data.postRun}
# noop ensuring that the "if" block is non-empty even if
# activationDelay == null and postRun == ""
true
fi
'';
before = [ "acme-certificates.target" ];
wantedBy = [ "acme-certificates.target" ];
};
delayService = {
description = "Set certificate for ${cert} live";
path = with pkgs; [ rsync ];
serviceConfig = {
Type = "oneshot";
};
script = ''
rsync -a --delete-after '${cpath}/' '${lpath}'
'';
postStop = data.postRun;
};
selfsignedService = {
description = "Create preliminary self-signed certificate for ${cert}";
path = [ pkgs.openssl ];
preStart = ''
if [ ! -d '${cpath}' ]
then
mkdir -p '${cpath}'
chmod ${rights} '${cpath}'
chown '${data.user}:${data.group}' '${cpath}'
fi
'';
script =
''
workdir="$(mktemp -d)"
@ -318,50 +248,41 @@ in
-out $workdir/server.crt
# Copy key to destination
cp $workdir/server.key ${cpath}/key.pem
cp $workdir/server.key /var/lib/${lpath}/key.pem
# Create fullchain.pem (same format as "simp_le ... -f fullchain.pem" creates)
cat $workdir/{server.crt,ca.crt} > "${cpath}/fullchain.pem"
cat $workdir/{server.crt,ca.crt} > "/var/lib/${lpath}/fullchain.pem"
# Create full.pem for e.g. lighttpd
cat $workdir/{server.key,server.crt,ca.crt} > "${cpath}/full.pem"
cat $workdir/{server.key,server.crt,ca.crt} > "/var/lib/${lpath}/full.pem"
# Give key acme permissions
chown '${data.user}:${data.group}' "${cpath}/"{key,fullchain,full}.pem
chmod ${rights} "${cpath}/"{key,fullchain,full}.pem
chown '${data.user}:${data.group}' "/var/lib/${lpath}/"{key,fullchain,full}.pem
chmod ${rights} "/var/lib/${lpath}/"{key,fullchain,full}.pem
'';
serviceConfig = {
Type = "oneshot";
PermissionsStartOnly = true;
PrivateTmp = true;
StateDirectory = lpath;
User = data.user;
Group = data.group;
};
unitConfig = {
# Do not create self-signed key when key already exists
ConditionPathExists = "!${cpath}/key.pem";
ConditionPathExists = "!/var/lib/${lpath}/key.pem";
};
before = [
"acme-selfsigned-certificates.target"
];
wantedBy = [
"acme-selfsigned-certificates.target"
];
};
in (
[ { name = "acme-${cert}"; value = acmeService; } ]
++ optional cfg.preliminarySelfsigned { name = "acme-selfsigned-${cert}"; value = selfsignedService; }
++ optional (data.activationDelay != null) { name = "acme-setlive-${cert}"; value = delayService; }
);
servicesAttr = listToAttrs services;
injectServiceDep = {
after = [ "acme-selfsigned-certificates.target" ];
wants = [ "acme-selfsigned-certificates.target" "acme-certificates.target" ];
};
in
servicesAttr //
(if config.services.nginx.enable then { nginx = injectServiceDep; } else {}) //
(if config.services.lighttpd.enable then { lighttpd = injectServiceDep; } else {});
servicesAttr;
systemd.tmpfiles.rules =
flip mapAttrsToList cfg.certs
(cert: data: "d ${data.webroot}/.well-known/acme-challenge - ${data.user} ${data.group}");
systemd.timers = flip mapAttrs' cfg.certs (cert: data: nameValuePair
("acme-${cert}")
@ -377,9 +298,6 @@ in
};
})
);
systemd.targets."acme-selfsigned-certificates" = mkIf cfg.preliminarySelfsigned {};
systemd.targets."acme-certificates" = {};
})
];

4
nixos/modules/security/acme.xml
View File

@ -59,10 +59,8 @@ http {
<para>
The private key <filename>key.pem</filename> and certificate
<filename>fullchain.pem</filename> will be put into
<filename>/var/lib/acme/foo.example.com</filename>. The target directory can
be configured with the option <xref linkend="opt-security.acme.directory"/>.
<filename>/var/lib/acme/foo.example.com</filename>.
</para>
<para>
Refer to <xref linkend="ch-options" /> for all available configuration
options for the <link linkend="opt-security.acme.certs">security.acme</link>

4
nixos/modules/security/auditd.nix
View File

@ -6,6 +6,10 @@ with lib;
options.security.auditd.enable = mkEnableOption "the Linux Audit daemon";
config = mkIf config.security.auditd.enable {
boot.kernelParams = [ "audit=1" ];
environment.systemPackages = [ pkgs.audit ];
systemd.services.auditd = {
description = "Linux Audit daemon";
wantedBy = [ "basic.target" ];

2
nixos/modules/security/pam.nix
View File

@ -685,7 +685,7 @@ in
};
id = mkOption {
example = "42";
type = types.string;
type = types.str;
description = "client id";
};

12
nixos/modules/security/sudo.nix
View File

@ -91,7 +91,7 @@ in
type = with types; listOf (submodule {
options = {
users = mkOption {
type = with types; listOf (either string int);
type = with types; listOf (either str int);
description = ''
The usernames / UIDs this rule should apply for.
'';
@ -99,7 +99,7 @@ in
};
groups = mkOption {
type = with types; listOf (either string int);
type = with types; listOf (either str int);
description = ''
The groups / GIDs this rule should apply for.
'';
@ -107,7 +107,7 @@ in
};
host = mkOption {
type = types.string;
type = types.str;
default = "ALL";
description = ''
For what host this rule should apply.
@ -115,7 +115,7 @@ in
};
runAs = mkOption {
type = with types; string;
type = with types; str;
default = "ALL:ALL";
description = ''
Under which user/group the specified command is allowed to run.
@ -130,11 +130,11 @@ in
description = ''
The commands for which the rule should apply.
'';
type = with types; listOf (either string (submodule {
type = with types; listOf (either str (submodule {
options = {
command = mkOption {
type = with types; string;
type = with types; str;
description = ''
A command being either just a path to a binary to allow any arguments,
the full command with arguments pre-set or with <code>""</code> used as the argument,

6
nixos/modules/services/amqp/activemq/default.nix
View File

@ -40,7 +40,7 @@ in {
'';
};
configurationURI = mkOption {
type = types.string;
type = types.str;
default = "xbean:activemq.xml";
description = ''
The URI that is passed along to the BrokerFactory to
@ -51,7 +51,7 @@ in {
'';
};
baseDir = mkOption {
type = types.string;
type = types.str;
default = "/var/activemq";
description = ''
The base directory where ActiveMQ stores its persistent data and logs.
@ -81,7 +81,7 @@ in {
'';
};
extraJavaOptions = mkOption {
type = types.string;
type = types.separatedString " ";
default = "";
example = "-Xmx2G -Xms2G -XX:MaxPermSize=512M";
description = ''

2
nixos/modules/services/audio/alsa.nix
View File

@ -64,7 +64,7 @@ in
};
volumeStep = mkOption {
type = types.string;
type = types.str;
default = "1";
example = "1%";
description = ''

2
nixos/modules/services/audio/ympd.nix
View File

@ -23,7 +23,7 @@ in {
mpd = {
host = mkOption {
type = types.string;
type = types.str;
default = "localhost";
description = "The host where MPD is listening.";
example = "localhost";

73
nixos/modules/services/backup/crashplan-small-business.nix
View File

@ -1,73 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.crashplansb;
crashplansb = pkgs.crashplansb.override { maxRam = cfg.maxRam; };
in
with lib;
{
options = {
services.crashplansb = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Starts crashplan for small business background service.
'';
};
maxRam = mkOption {
default = "1024m";
example = "2G";
type = types.str;
description = ''
Maximum amount of ram that the crashplan engine should use.
'';
};
openPorts = mkOption {
description = "Open ports in the firewall for crashplan.";
default = true;
type = types.bool;
};
ports = mkOption {
# https://support.code42.com/Administrator/6/Planning_and_installing/TCP_and_UDP_ports_used_by_the_Code42_platform
# used ports can also be checked in the desktop app console using the command connection.info
description = "which ports to open.";
default = [ 4242 4243 4244 4247 ];
type = types.listOf types.int;
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ crashplansb ];
networking.firewall.allowedTCPPorts = mkIf cfg.openPorts cfg.ports;
systemd.services.crashplansb = {
description = "CrashPlan Backup Engine";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "local-fs.target" ];
preStart = ''
install -d -m 755 ${crashplansb.vardir}
install -d -m 700 ${crashplansb.vardir}/conf
install -d -m 700 ${crashplansb.manifestdir}
install -d -m 700 ${crashplansb.vardir}/cache
install -d -m 700 ${crashplansb.vardir}/backupArchives
install -d -m 777 ${crashplansb.vardir}/log
cp -avn ${crashplansb}/conf.template/* ${crashplansb.vardir}/conf
'';
serviceConfig = {
Type = "forking";
EnvironmentFile = "${crashplansb}/bin/run.conf";
ExecStart = "${crashplansb}/bin/CrashPlanEngine start";
ExecStop = "${crashplansb}/bin/CrashPlanEngine stop";
PIDFile = "${crashplansb.vardir}/CrashPlanEngine.pid";
WorkingDirectory = crashplansb;
};
};
};
}

67
nixos/modules/services/backup/crashplan.nix
View File

@ -1,67 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.crashplan;
crashplan = pkgs.crashplan;
in
with lib;
{
options = {
services.crashplan = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Starts crashplan background service.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ crashplan ];
systemd.services.crashplan = {
description = "CrashPlan Backup Engine";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "local-fs.target" ];
preStart = ''
ensureDir() {
dir=$1
mode=$2
if ! test -e $dir; then
${pkgs.coreutils}/bin/mkdir -m $mode -p $dir
elif [ "$(${pkgs.coreutils}/bin/stat -c %a $dir)" != "$mode" ]; then
${pkgs.coreutils}/bin/chmod $mode $dir
fi
}
ensureDir ${crashplan.vardir} 755
ensureDir ${crashplan.vardir}/conf 700
ensureDir ${crashplan.manifestdir} 700
ensureDir ${crashplan.vardir}/cache 700
ensureDir ${crashplan.vardir}/backupArchives 700
ensureDir ${crashplan.vardir}/log 777
cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf
for x in app.asar bin install.vars lang lib libc42archive64.so libc52archive.so libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libleveldb64.so libleveldb.so libmd564.so libmd5.so share skin upgrade; do
rm -f ${crashplan.vardir}/$x;
ln -sf ${crashplan}/$x ${crashplan.vardir}/$x;
done
'';
serviceConfig = {
Type = "forking";
EnvironmentFile = "${crashplan}/bin/run.conf";
ExecStart = "${crashplan}/bin/CrashPlanEngine start";
ExecStop = "${crashplan}/bin/CrashPlanEngine stop";
PIDFile = "${crashplan.vardir}/CrashPlanEngine.pid";
WorkingDirectory = crashplan;
};
};
};
}

2
nixos/modules/services/backup/postgresql-backup.nix
View File

@ -81,7 +81,7 @@ in {
};
pgdumpOptions = mkOption {
type = types.string;
type = types.separatedString " ";
default = "-Cbo";
description = ''
Command line options for pg_dump. This options is not used

4
nixos/modules/services/backup/rsnapshot.nix
View File

@ -2,7 +2,7 @@
with lib;
let
let
cfg = config.services.rsnapshot;
cfgfile = pkgs.writeText "rsnapshot.conf" ''
config_version 1.2
@ -52,7 +52,7 @@ in
cronIntervals = mkOption {
default = {};
example = { hourly = "0 * * * *"; daily = "50 21 * * *"; };
type = types.attrsOf types.string;
type = types.attrsOf types.str;
description = ''
Periodicity at which intervals should be run by cron.
Note that the intervals also have to exist in configuration

2
nixos/modules/services/computing/boinc/client.nix
View File

@ -111,7 +111,7 @@ in
systemd.services.boinc = {
description = "BOINC Client";
after = ["network.target" "local-fs.target"];
after = ["network.target"];
wantedBy = ["multi-user.target"];
script = ''
${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}

5
nixos/modules/services/continuous-integration/gitlab-runner.nix
View File

@ -111,7 +111,10 @@ in
config = mkIf cfg.enable {
systemd.services.gitlab-runner = {
path = cfg.packages;
environment = config.networking.proxy.envVars;
environment = config.networking.proxy.envVars // {
# Gitlab runner will not start if the HOME variable is not set
HOME = cfg.workDir;
};
description = "Gitlab Runner";
after = [ "network.target" ]
++ optional hasDocker "docker.service";

10
nixos/modules/services/databases/cassandra.nix
View File

@ -259,7 +259,7 @@ in {
'';
};
incrementalRepairOptions = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [];
example = [ "--partitioner-range" ];
description = ''
@ -267,7 +267,7 @@ in {
'';
};
maxHeapSize = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
example = "4G";
description = ''
@ -287,7 +287,7 @@ in {
'';
};
heapNewSize = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
example = "800M";
description = ''
@ -352,11 +352,11 @@ in {
type = types.listOf (types.submodule {
options = {
username = mkOption {
type = types.string;
type = types.str;
description = "Username for JMX";
};
password = mkOption {
type = types.string;
type = types.str;
description = "Password for JMX";
};
};

8
nixos/modules/services/databases/couchdb.nix
View File

@ -56,7 +56,7 @@ in {
user = mkOption {
type = types.string;
type = types.str;
default = "couchdb";
description = ''
User account under which couchdb runs.
@ -64,7 +64,7 @@ in {
};
group = mkOption {
type = types.string;
type = types.str;
default = "couchdb";
description = ''
Group account under which couchdb runs.
@ -106,7 +106,7 @@ in {
};
bindAddress = mkOption {
type = types.string;
type = types.str;
default = "127.0.0.1";
description = ''
Defines the IP address by which CouchDB will be accessible.
@ -138,7 +138,7 @@ in {
};
configFile = mkOption {
type = types.string;
type = types.path;
description = ''
Configuration file for persisting runtime changes. File
needs to be readable and writable from couchdb user/group.

8
nixos/modules/services/databases/foundationdb.nix
View File

@ -140,7 +140,7 @@ in
};
logSize = mkOption {
type = types.string;
type = types.str;
default = "10MiB";
description = ''
Roll over to a new log file after the current log file
@ -149,7 +149,7 @@ in
};
maxLogSize = mkOption {
type = types.string;
type = types.str;
default = "100MiB";
description = ''
Delete the oldest log file when the total size of all log
@ -171,7 +171,7 @@ in
};
memory = mkOption {
type = types.string;
type = types.str;
default = "8GiB";
description = ''
Maximum memory used by the process. The default value is
@ -193,7 +193,7 @@ in
};
storageMemory = mkOption {
type = types.string;
type = types.str;
default = "1GiB";
description = ''
Maximum memory used for data storage. The default value is

4
nixos/modules/services/databases/hbase.nix
View File

@ -53,7 +53,7 @@ in {
user = mkOption {
type = types.string;
type = types.str;
default = "hbase";
description = ''
User account under which HBase runs.
@ -61,7 +61,7 @@ in {
};
group = mkOption {
type = types.string;
type = types.str;
default = "hbase";
description = ''
Group account under which HBase runs.

4
nixos/modules/services/databases/influxdb.nix
View File

@ -129,13 +129,13 @@ in
user = mkOption {
default = "influxdb";
description = "User account under which influxdb runs";
type = types.string;
type = types.str;
};
group = mkOption {
default = "influxdb";
description = "Group under which influxdb runs";
type = types.string;
type = types.str;
};
dataDir = mkOption {

1
nixos/modules/services/databases/memcached.nix
View File

@ -103,7 +103,6 @@ in
LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
PrivateUsers = true;
MemoryDenyWriteExecute = true;
};
};

4
nixos/modules/services/databases/mongodb.nix
View File

@ -65,9 +65,9 @@ in
default = false;
description = "Enable client authentication. Creates a default superuser with username root!";
};
initialRootPassword = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
description = "Password for the root user if auth is enabled.";
};

8
nixos/modules/services/databases/openldap.nix
View File

@ -47,26 +47,26 @@ in
};
user = mkOption {
type = types.string;
type = types.str;
default = "openldap";
description = "User account under which slapd runs.";
};
group = mkOption {
type = types.string;
type = types.str;
default = "openldap";
description = "Group account under which slapd runs.";
};
urlList = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [ "ldap:///" ];
description = "URL list slapd should listen on.";
example = [ "ldaps:///" ];
};
dataDir = mkOption {
type = types.string;
type = types.path;
default = "/var/db/openldap";
description = "The database directory.";
};

4
nixos/modules/services/databases/opentsdb.nix
View File

@ -34,7 +34,7 @@ in {
};
user = mkOption {
type = types.string;
type = types.str;
default = "opentsdb";
description = ''
User account under which OpenTSDB runs.
@ -42,7 +42,7 @@ in {
};
group = mkOption {
type = types.string;
type = types.str;
default = "opentsdb";
description = ''
Group account under which OpenTSDB runs.

77
nixos/modules/services/databases/redis.nix
View File

@ -8,17 +8,19 @@ let
condOption = name: value: if value != null then "${name} ${toString value}" else "";
redisConfig = pkgs.writeText "redis.conf" ''
pidfile ${cfg.pidFile}
port ${toString cfg.port}
${condOption "bind" cfg.bind}
${condOption "unixsocket" cfg.unixSocket}
daemonize yes
supervised systemd
loglevel ${cfg.logLevel}
logfile ${cfg.logfile}
syslog-enabled ${redisBool cfg.syslog}
pidfile /run/redis/redis.pid
databases ${toString cfg.databases}
${concatMapStrings (d: "save ${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}\n") cfg.save}
dbfilename ${cfg.dbFilename}
dir ${toString cfg.dbpath}
dbfilename dump.rdb
dir /var/lib/redis
${if cfg.slaveOf != null then "slaveof ${cfg.slaveOf.ip} ${toString cfg.slaveOf.port}" else ""}
${condOption "masterauth" cfg.masterAuth}
${condOption "requirepass" cfg.requirePass}
@ -40,7 +42,12 @@ in
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the Redis server.";
description = ''
Whether to enable the Redis server. Note that the NixOS module for
Redis disables kernel support for Transparent Huge Pages (THP),
because this features causes major performance problems for Redis,
e.g. (https://redis.io/topics/latency).
'';
};
package = mkOption {
@ -50,18 +57,6 @@ in
description = "Which Redis derivation to use.";
};
user = mkOption {
type = types.str;
default = "redis";
description = "User account under which Redis runs.";
};
pidFile = mkOption {
type = types.path;
default = "/var/lib/redis/redis.pid";
description = "";
};
port = mkOption {
type = types.int;
default = 6379;
@ -95,7 +90,7 @@ in
type = with types; nullOr path;
default = null;
description = "The path to the socket to bind to.";
example = "/run/redis.sock";
example = "/run/redis/redis.sock";
};
logLevel = mkOption {
@ -131,18 +126,6 @@ in
example = [ [900 1] [300 10] [60 10000] ];
};
dbFilename = mkOption {
type = types.str;
default = "dump.rdb";
description = "The filename where to dump the DB.";
};
dbpath = mkOption {
type = types.path;
default = "/var/lib/redis";
description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration.";
};
slaveOf = mkOption {
default = null; # { ip, port }
description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave.";
@ -170,12 +153,6 @@ in
description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
};
appendOnlyFilename = mkOption {
type = types.str;
default = "appendonly.aof";
description = "Filename for the append-only file (stored inside of dbpath)";
};
appendFsync = mkOption {
type = types.str;
default = "everysec"; # no, always, everysec
@ -217,26 +194,17 @@ in
allowedTCPPorts = [ cfg.port ];
};
users.users.redis =
{ name = cfg.user;
description = "Redis database user";
};
users.users.redis.description = "Redis database user";
environment.systemPackages = [ cfg.package ];
systemd.services.redis_init =
{ description = "Redis Server Initialisation";
wantedBy = [ "redis.service" ];
before = [ "redis.service" ];
serviceConfig.Type = "oneshot";
script = ''
install -d -m0700 -o ${cfg.user} ${cfg.dbpath}
chown -R ${cfg.user} ${cfg.dbpath}
'';
};
systemd.services.disable-transparent-huge-pages = {
description = "Disable Transparent Huge Pages (required by Redis)";
before = [ "redis.service" ];
wantedBy = [ "redis.service" ];
script = "echo never > /sys/kernel/mm/transparent_hugepage/enabled";
serviceConfig.Type = "oneshot";
};
systemd.services.redis =
{ description = "Redis Server";
@ -246,7 +214,10 @@ in
serviceConfig = {
ExecStart = "${cfg.package}/bin/redis-server ${redisConfig}";
User = cfg.user;
RuntimeDirectory = "redis";
StateDirectory = "redis";
Type = "notify";
User = "redis";
};
};

4
nixos/modules/services/databases/riak.nix
View File

@ -29,7 +29,7 @@ in
};
nodeName = mkOption {
type = types.string;
type = types.str;
default = "riak@127.0.0.1";
description = ''
Name of the Erlang node.
@ -37,7 +37,7 @@ in
};
distributedCookie = mkOption {
type = types.string;
type = types.str;
default = "riak";
description = ''
Cookie for distributed node communication. All nodes in the

25
nixos/modules/services/desktops/blueman.nix Normal file
View File

@ -0,0 +1,25 @@
# blueman service
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.blueman;
in {
###### interface
options = {
services.blueman = {
enable = mkEnableOption "blueman";
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.blueman ];
services.dbus.packages = [ pkgs.blueman ];
systemd.packages = [ pkgs.blueman ];
};
}

6
nixos/modules/services/desktops/gnome3/glib-networking.nix
View File

@ -22,11 +22,11 @@ with lib;
config = mkIf config.services.gnome3.glib-networking.enable {
services.dbus.packages = [ pkgs.gnome3.glib-networking ];
services.dbus.packages = [ pkgs.glib-networking ];
systemd.packages = [ pkgs.gnome3.glib-networking ];
systemd.packages = [ pkgs.glib-networking ];
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gnome3.glib-networking.out}/lib/gio/modules" ];
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.glib-networking.out}/lib/gio/modules" ];
};

20
nixos/modules/services/desktops/gnome3/gnome-user-share.nix
View File

@ -12,14 +12,7 @@ with lib;
services.gnome3.gnome-user-share = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable GNOME User Share, a service that exports the
contents of the Public folder in your home directory on the local network.
'';
};
enable = mkEnableOption "GNOME User Share, a user-level file sharing service for GNOME";
};
@ -30,12 +23,13 @@ with lib;
config = mkIf config.services.gnome3.gnome-user-share.enable {
environment.systemPackages = [ pkgs.gnome3.gnome-user-share ];
environment.systemPackages = [
pkgs.gnome3.gnome-user-share
];
services.xserver.displayManager.sessionCommands = with pkgs.gnome3; ''
# Don't let gnome-control-center depend upon gnome-user-share
export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}${gnome-user-share}/share/gsettings-schemas/${gnome-user-share.name}
'';
systemd.packages = [
pkgs.gnome3.gnome-user-share
];
};

38
nixos/modules/services/desktops/gnome3/seahorse.nix
View File

@ -1,38 +0,0 @@
# Seahorse daemon.
{ config, pkgs, lib, ... }:
with lib;
{
###### interface
options = {
services.gnome3.seahorse = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Seahorse search provider for the GNOME Shell activity search.
'';
};
};
};
###### implementation
config = mkIf config.services.gnome3.seahorse.enable {
environment.systemPackages = [ pkgs.gnome3.seahorse pkgs.gnome3.dconf ];
services.dbus.packages = [ pkgs.gnome3.seahorse ];
};
}

2
nixos/modules/services/desktops/profile-sync-daemon.nix
View File

@ -34,7 +34,7 @@ in {
psd = {
enable = true;
description = "Profile Sync daemon";
wants = [ "psd-resync.service" "local-fs.target" ];
wants = [ "psd-resync.service" ];
wantedBy = [ "default.target" ];
path = with pkgs; [ rsync kmod gawk nettools utillinux profile-sync-daemon ];
unitConfig = {

20
nixos/modules/services/editors/emacs.xml
View File

@ -9,6 +9,7 @@
Damien Cassou @DamienCassou
Thomas Tuegel @ttuegel
Rodney Lorrimar @rvl
Adam Hoese @adisbladis
-->
<para>
<link xlink:href="https://www.gnu.org/software/emacs/">Emacs</link> is an
@ -130,15 +131,6 @@
Emacs packages through nixpkgs.
</para>
<note>
<para>
This documentation describes the new Emacs packages framework in NixOS
16.03 (<varname>emacsPackagesNg</varname>) which should not be confused
with the previous and deprecated framework
(<varname>emacs24Packages</varname>).
</para>
</note>
<para>
The first step to declare the list of packages you want in your Emacs
installation is to create a dedicated derivation. This can be done in a
@ -164,7 +156,7 @@ $ ./result/bin/emacs
let
myEmacs = pkgs.emacs; <co xml:id="ex-emacsNix-2" />
emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages; <co xml:id="ex-emacsNix-3" />
emacsWithPackages = (pkgs.emacsPackagesGen myEmacs).emacsWithPackages; <co xml:id="ex-emacsNix-3" />
in
emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ <co xml:id="ex-emacsNix-4" />
magit # ; Integrate git &lt;C-x g&gt;
@ -262,10 +254,10 @@ in
<example xml:id="module-services-emacs-querying-packages">
<title>Querying Emacs packages</title>
<programlisting><![CDATA[
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.elpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.melpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.melpaStablePackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.orgPackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackages.elpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackages.melpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackages.melpaStablePackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackages.orgPackages
]]></programlisting>
</example>
</para>

16
nixos/modules/services/games/factorio.nix
View File

@ -55,7 +55,7 @@ in
'';
};
saveName = mkOption {
type = types.string;
type = types.str;
default = "default";
description = ''
The name of the savegame that will be used by the server.
@ -81,7 +81,7 @@ in
'';
};
stateDirName = mkOption {
type = types.string;
type = types.str;
default = "factorio";
description = ''
Name of the directory under /var/lib holding the server's data.
@ -102,14 +102,14 @@ in
'';
};
game-name = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = "Factorio Game";
description = ''
Name of the game as it will appear in the game listing.
'';
};
description = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = "";
description = ''
Description of the game that will appear in the listing.
@ -130,28 +130,28 @@ in
'';
};
username = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
description = ''
Your factorio.com login credentials. Required for games with visibility public.
'';
};
password = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
description = ''
Your factorio.com login credentials. Required for games with visibility public.
'';
};
token = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
description = ''
Authentication token. May be used instead of 'password' above.
'';
};
game-password = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
description = ''
Game password.

2
nixos/modules/services/hardware/freefall.nix
View File

@ -28,7 +28,7 @@ in {
};
devices = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [ "/dev/sda" ];
description = ''
Device paths to all internal spinning hard drives.

26
nixos/modules/services/hardware/fwupd.nix
View File

@ -8,8 +8,8 @@ let
cfg = config.services.fwupd;
originalEtc =
let
mkEtcFile = n: nameValuePair n { source = "${pkgs.fwupd}/etc/${n}"; };
in listToAttrs (map mkEtcFile pkgs.fwupd.filesInstalledToEtc);
mkEtcFile = n: nameValuePair n { source = "${cfg.package}/etc/${n}"; };
in listToAttrs (map mkEtcFile cfg.package.filesInstalledToEtc);
extraTrustedKeys =
let
mkName = p: "pki/fwupd/${baseNameOf (toString p)}";
@ -24,7 +24,7 @@ let
"fwupd/remotes.d/fwupd-tests.conf" = {
source = pkgs.runCommand "fwupd-tests-enabled.conf" {} ''
sed "s,^Enabled=false,Enabled=true," \
"${pkgs.fwupd.installedTests}/etc/fwupd/remotes.d/fwupd-tests.conf" > "$out"
"${cfg.package.installedTests}/etc/fwupd/remotes.d/fwupd-tests.conf" > "$out"
'';
};
} else {};
@ -43,7 +43,7 @@ in {
};
blacklistDevices = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [];
example = [ "2082b5e0-7a64-478a-b1b2-e3404fab6dad" ];
description = ''
@ -52,7 +52,7 @@ in {
};
blacklistPlugins = mkOption {
type = types.listOf types.string;
type = types.listOf types.str;
default = [ "test" ];
example = [ "udev" ];
description = ''
@ -77,13 +77,21 @@ in {
<link xlink:href="https://github.com/hughsie/fwupd/blob/master/data/installed-tests/README.md">installed tests</link>.
'';
};
package = mkOption {
type = types.package;
default = pkgs.fwupd;
description = ''
Which fwupd package to use.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.fwupd ];
environment.systemPackages = [ cfg.package ];
environment.etc = {
"fwupd/daemon.conf" = {
@ -102,11 +110,11 @@ in {
} // originalEtc // extraTrustedKeys // testRemote;
services.dbus.packages = [ pkgs.fwupd ];
services.dbus.packages = [ cfg.package ];
services.udev.packages = [ pkgs.fwupd ];
services.udev.packages = [ cfg.package ];
systemd.packages = [ pkgs.fwupd ];
systemd.packages = [ cfg.package ];
systemd.tmpfiles.rules = [
"d /var/lib/fwupd 0755 root root -"

2
nixos/modules/services/hardware/sane.nix
View File

@ -76,7 +76,7 @@ in
};
hardware.sane.configDir = mkOption {
type = types.string;
type = types.str;
internal = true;
description = "The value of SANE_CONFIG_DIR.";
};

10
nixos/modules/services/hardware/tcsd.nix
View File

@ -49,13 +49,13 @@ in
user = mkOption {
default = "tss";
type = types.string;
type = types.str;
description = "User account under which tcsd runs.";
};
group = mkOption {
default = "tss";
type = types.string;
type = types.str;
description = "Group account under which tcsd runs.";
};
@ -65,19 +65,19 @@ in
description = ''
The location of the system persistent storage file.
The system persistent storage file holds keys and data across
restarts of the TCSD and system reboots.
restarts of the TCSD and system reboots.
'';
};
firmwarePCRs = mkOption {
default = "0,1,2,3,4,5,6,7";
type = types.string;
type = types.str;
description = "PCR indices used in the TPM for firmware measurements.";
};
kernelPCRs = mkOption {
default = "8,9,10,11,12";
type = types.string;
type = types.str;
description = "PCR indices used in the TPM for kernel measurements.";
};

1
nixos/modules/services/hardware/triggerhappy.nix
View File

@ -102,7 +102,6 @@ in
systemd.services.triggerhappy = {
wantedBy = [ "multi-user.target" ];
after = [ "local-fs.target" ];
description = "Global hotkey daemon";
serviceConfig = {
ExecStart = "${pkgs.triggerhappy}/bin/thd ${optionalString (cfg.user != "root") "--user ${cfg.user}"} --socket ${socket} --triggers ${configFile} --deviceglob /dev/input/event*";

6
nixos/modules/services/logging/SystemdJournal2Gelf.nix
View File

@ -16,7 +16,7 @@ in
};
graylogServer = mkOption {
type = types.string;
type = types.str;
example = "graylog2.example.com:11201";
description = ''
Host and port of your graylog2 input. This should be a GELF
@ -25,7 +25,7 @@ in
};
extraOptions = mkOption {
type = types.string;
type = types.separatedString " ";
default = "";
description = ''
Any extra flags to pass to SystemdJournal2Gelf. Note that
@ -56,4 +56,4 @@ in
};
};
};
}
}

4
nixos/modules/services/logging/awstats.nix
View File

@ -32,7 +32,7 @@ in
};
updateAt = mkOption {
type = types.nullOr types.string;
type = types.nullOr types.str;
default = null;
example = "hourly";
description = ''
@ -50,7 +50,7 @@ in
description = ''Enable the awstats web service. This switches on httpd.'';
};
urlPrefix = mkOption {
type = types.string;
type = types.str;
default = "/awstats";
description = "The URL prefix under which the awstats service appears.";
};

2
nixos/modules/services/logging/logcheck.nix
View File

@ -155,7 +155,7 @@ in
config = mkOption {
default = "FQDN=1";
type = types.string;
type = types.lines;
description = ''
Config options that you would like in logcheck.conf.
'';

4
nixos/modules/services/logging/rsyslogd.nix
View File

@ -46,7 +46,7 @@ in
};
defaultConfig = mkOption {
type = types.string;
type = types.lines;
default = defaultConf;
description = ''
The default <filename>syslog.conf</filename> file configures a
@ -56,7 +56,7 @@ in
};
extraConfig = mkOption {
type = types.string;
type = types.lines;
default = "";
example = "news.* -/var/log/news";
description = ''

3
nixos/modules/services/mail/dovecot.nix
View File

@ -344,8 +344,7 @@ in
systemd.services.dovecot2 = {
description = "Dovecot IMAP/POP3 server";
after = [ "keys.target" "network.target" ];
wants = [ "keys.target" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartTriggers = [ cfg.configFile ];

8
nixos/modules/services/mail/exim.nix
View File

@ -21,7 +21,7 @@ in
};
config = mkOption {
type = types.string;
type = types.lines;
default = "";
description = ''
Verbatim Exim configuration. This should not contain exim_user,
@ -30,7 +30,7 @@ in
};
user = mkOption {
type = types.string;
type = types.str;
default = "exim";
description = ''
User to use when no root privileges are required.
@ -42,7 +42,7 @@ in
};
group = mkOption {
type = types.string;
type = types.str;
default = "exim";
description = ''
Group to use when no root privileges are required.
@ -50,7 +50,7 @@ in
};
spoolDir = mkOption {
type = types.string;
type = types.path;
default = "/var/spool/exim";
description = ''
Location of the spool directory of exim.

114
nixos/modules/services/mail/mailman.nix Normal file
View File

@ -0,0 +1,114 @@
{ config, pkgs, lib, ... }: # mailman.nix
with lib;
let
cfg = config.services.mailman;
pythonEnv = pkgs.python3.withPackages (ps: [ps.mailman]);
mailmanExe = with pkgs; stdenv.mkDerivation {
name = "mailman-" + python3Packages.mailman.version;
unpackPhase = ":";
installPhase = ''
mkdir -p $out/bin
sed >"$out/bin/mailman" <"${pythonEnv}/bin/mailman" \
-e "2 iexport MAILMAN_CONFIG_FILE=/etc/mailman.cfg"
chmod +x $out/bin/mailman
'';
};
mailmanCfg = ''
[mailman]
site_owner: ${cfg.siteOwner}
layout: fhs
[paths.fhs]
bin_dir: ${pkgs.python3Packages.mailman}/bin
var_dir: /var/lib/mailman
queue_dir: $var_dir/queue
log_dir: $var_dir/log
lock_dir: $var_dir/lock
etc_dir: /etc
ext_dir: $etc_dir/mailman.d
pid_file: /run/mailman/master.pid
'';
in {
###### interface
options = {
services.mailman = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable Mailman on this host. Requires an active Postfix installation.";
};
siteOwner = mkOption {
type = types.str;
default = "postmaster";
description = ''
Certain messages that must be delivered to a human, but which can't
be delivered to a list owner (e.g. a bounce from a list owner), will
be sent to this address. It should point to a human.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.enable -> config.services.postfix.enable;
message = "Mailman requires Postfix";
}
{ assertion = config.services.postfix.recipientDelimiter == "+";
message = "Postfix's recipientDelimiter must be set to '+'.";
}
];
users.users.mailman = { description = "GNU Mailman"; isSystemUser = true; };
environment = {
systemPackages = [ mailmanExe ];
etc."mailman.cfg".text = mailmanCfg;
};
services.postfix = {
relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];
config = {
transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
# Mailman uses recipient delimiters, so we don't need special handling.
owner_request_special = "no";
};
};
systemd.services.mailman = {
description = "GNU Mailman Master Process";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${mailmanExe}/bin/mailman start";
ExecStop = "${mailmanExe}/bin/mailman stop";
User = "mailman";
Type = "forking";
StateDirectory = "mailman";
StateDirectoryMode = "0700";
RuntimeDirectory = "mailman";
PIDFile = "/run/mailman/master.pid";
};
};
};
}

4
nixos/modules/services/mail/nullmailer.nix
View File

@ -14,7 +14,7 @@ with lib;
};
user = mkOption {
type = types.string;
type = types.str;
default = "nullmailer";
description = ''
User to use to run nullmailer-send.
@ -22,7 +22,7 @@ with lib;
};
group = mkOption {
type = types.string;
type = types.str;
default = "nullmailer";
description = ''
Group to use to run nullmailer-send.

4
nixos/modules/services/mail/postfix.nix
View File

@ -509,7 +509,7 @@ in
};
localRecipients = mkOption {
type = with types; nullOr (listOf string);
type = with types; nullOr (listOf str);
default = null;
description = ''
List of accepted local users. Specify a bare username, an
@ -530,7 +530,7 @@ in
dnsBlacklists = mkOption {
default = [];
type = with types; listOf string;
type = with types; listOf str;
description = "dns blacklist servers to use with smtpd_client_restrictions";
};

12
nixos/modules/services/mail/postgrey.nix
View File

@ -12,7 +12,7 @@ with lib; let
inetSocket = with types; {
options = {
addr = mkOption {
type = nullOr string;
type = nullOr str;
default = null;
example = "127.0.0.1";
description = "The address to bind to. Localhost if null";
@ -34,7 +34,7 @@ with lib; let
};
mode = mkOption {
type = string;
type = str;
default = "0777";
description = "Mode of the unix socket";
};
@ -63,17 +63,17 @@ in {
description = "Socket to bind to";
};
greylistText = mkOption {
type = string;
type = str;
default = "Greylisted for %%s seconds";
description = "Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient";
};
greylistAction = mkOption {
type = string;
type = str;
default = "DEFER_IF_PERMIT";
description = "Response status for greylisted messages (see access(5))";
};
greylistHeader = mkOption {
type = string;
type = str;
default = "X-Greylist: delayed %%t seconds by postgrey-%%v at %%h; %%d";
description = "Prepend header to greylisted mails; use %%t for seconds delayed due to greylisting, %%v for the version of postgrey, %%d for the date, and %%h for the host";
};
@ -88,7 +88,7 @@ in {
description = "Delete entries from whitelist if they haven't been seen for N days";
};
retryWindow = mkOption {
type = either string natural;
type = either str natural;
default = 2;
example = "12h";
description = "Allow N days for the first retry. Use string with appended 'h' to specify time in hours";

4
nixos/modules/services/mail/rspamd.nix
View File

@ -308,7 +308,7 @@ in
};
user = mkOption {
type = types.string;
type = types.str;
default = "rspamd";
description = ''
User to use when no root privileges are required.
@ -316,7 +316,7 @@ in
};
group = mkOption {
type = types.string;
type = types.str;
default = "rspamd";
description = ''
Group to use when no root privileges are required.

4
nixos/modules/services/misc/airsonic.nix
View File

@ -34,7 +34,7 @@ in {
};
listenAddress = mkOption {
type = types.string;
type = types.str;
default = "127.0.0.1";
description = ''
The host name or IP address on which to bind Airsonic.
@ -105,7 +105,7 @@ in {
config = mkIf cfg.enable {
systemd.services.airsonic = {
description = "Airsonic Media Server";
after = [ "local-fs.target" "network.target" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''

12
nixos/modules/services/misc/apache-kafka.nix
View File

@ -46,7 +46,7 @@ in {
hostname = mkOption {
description = "Hostname the broker should bind to.";
default = "localhost";
type = types.string;
type = types.str;
};
logDirs = mkOption {
@ -54,13 +54,13 @@ in {
default = [ "/tmp/kafka-logs" ];
type = types.listOf types.path;
};
zookeeper = mkOption {
description = "Zookeeper connection string";
default = "localhost:2181";
type = types.string;
type = types.str;
};
extraProperties = mkOption {
description = "Extra properties for server.properties.";
type = types.nullOr types.lines;
@ -79,8 +79,8 @@ in {
log4jProperties = mkOption {
description = "Kafka log4j property configuration.";
default = ''
log4j.rootLogger=INFO, stdout
log4j.rootLogger=INFO, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n

8
nixos/modules/services/misc/cpuminer-cryptonight.nix
View File

@ -28,15 +28,15 @@ in
'';
};
url = mkOption {
type = types.string;
type = types.str;
description = "URL of mining server";
};
user = mkOption {
type = types.string;
type = types.str;
description = "Username for mining server";
};
pass = mkOption {
type = types.string;
type = types.str;
default = "x";
description = "Password for mining server";
};
@ -63,4 +63,4 @@ in
};
}
}

2
nixos/modules/services/misc/exhibitor.nix
View File

@ -252,7 +252,7 @@ in
example = ["host1:2181" "host2:2181"];
};
zkConfigExhibitorPath = mkOption {
type = types.string;
type = types.str;
description = ''
If the ZooKeeper shared config is also running Exhibitor, the URI path for the REST call
'';

2
nixos/modules/services/misc/fstrim.nix
View File

@ -14,7 +14,7 @@ in {
enable = mkEnableOption "periodic SSD TRIM of mounted partitions in background";
interval = mkOption {
type = types.string;
type = types.str;
default = "weekly";
description = ''
How often we run fstrim. For most desktop and server systems

2
nixos/modules/services/misc/logkeys.nix
View File

@ -11,7 +11,7 @@ in {
device = mkOption {
description = "Use the given device as keyboard input event device instead of /dev/input/eventX default.";
default = null;
type = types.nullOr types.string;
type = types.nullOr types.str;
example = "/dev/input/event15";
};
};

4
nixos/modules/services/misc/mediatomb.nix
View File

@ -163,7 +163,7 @@ in {
};
serverName = mkOption {
type = types.string;
type = types.str;
default = "mediatomb";
description = ''
How to identify the server on the network.
@ -259,7 +259,7 @@ in {
config = mkIf cfg.enable {
systemd.services.mediatomb = {
description = "MediaTomb media Server";
after = [ "local-fs.target" "network.target" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.mediatomb ];
serviceConfig.ExecStart = "${pkgs.mediatomb}/bin/mediatomb -p ${toString cfg.port} ${if cfg.interface!="" then "-e ${cfg.interface}" else ""} ${if cfg.customCfg then "" else "-c ${mtConf}"} -m ${cfg.dataDir}";

5
nixos/modules/services/misc/mwlib.nix
View File

@ -165,7 +165,7 @@ in
}; # options.services
config = {
config = {
systemd.services.mwlib-nserve = mkIf cfg.nserve.enable
{
@ -191,7 +191,6 @@ in
description = "mwlib job queue server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "local-fs.target" ];
preStart = ''
mkdir -pv '${cfg.qserve.datadir}'
@ -218,7 +217,7 @@ in
description = "mwlib worker";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "local-fs.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -pv '${cfg.nslave.cachedir}'

Some files were not shown because too many files have changed in this diff Show More