ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-25 14:48:25 +03:00
Code Issues Projects Releases Wiki Activity

Merge branch 'staging' into audit-static

Browse Source
This commit is contained in:
Guillaume Girol 2021-01-23 16:48:41 +00:00 committed by GitHub
commit 264abb7c7e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7966 changed files with 79027 additions and 60107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.editorconfig
View File

@ -47,27 +47,17 @@ indent_style = space
insert_final_newline = unset
trim_trailing_whitespace = unset
[*.{key,ovpn}]
[*.{asc,key,ovpn}]
insert_final_newline = unset
end_of_line = unset
trim_trailing_whitespace = unset
[*.lock]
indent_size = unset
[deps.nix]
insert_final_newline = unset
[pkgs/tools/networking/dd-agent/*-deps.nix]
insert_final_newline = unset
[eggs.nix]
trim_trailing_whitespace = unset
[gemset.nix]
insert_final_newline = unset
[node-{composition,packages,packages-generated}.nix]
insert_final_newline = unset
[nixos/modules/services/networking/ircd-hybrid/*.{conf,in}]
trim_trailing_whitespace = unset
@ -92,15 +82,6 @@ insert_final_newline = unset
indent_style = unset
trim_trailing_whitespace = unset
[pkgs/development/mobile/androidenv/generated/{addons,packages}.nix]
trim_trailing_whitespace = unset
[pkgs/development/node-packages/composition.nix]
insert_final_newline = unset
[pkgs/development/{perl-modules,ocaml-modules,tools/ocaml}/**]
indent_style = unset
[pkgs/servers/dict/wordnet_structures.py]
trim_trailing_whitespace = unset

27
.github/CODEOWNERS vendored
View File

@ -26,17 +26,18 @@
/lib/asserts.nix @edolstra @nbp @Profpatsch
# Nixpkgs Internals
/default.nix @nbp
/pkgs/top-level/default.nix @nbp @Ericson2314
/pkgs/top-level/impure.nix @nbp @Ericson2314
/pkgs/top-level/stage.nix @nbp @Ericson2314 @matthewbauer
/pkgs/top-level/splice.nix @Ericson2314 @matthewbauer
/pkgs/top-level/release-cross.nix @Ericson2314 @matthewbauer
/pkgs/stdenv/generic @Ericson2314 @matthewbauer
/pkgs/stdenv/cross @Ericson2314 @matthewbauer
/pkgs/build-support/cc-wrapper @Ericson2314 @orivej
/pkgs/build-support/bintools-wrapper @Ericson2314 @orivej
/pkgs/build-support/setup-hooks @Ericson2314
/default.nix @nbp
/pkgs/top-level/default.nix @nbp @Ericson2314
/pkgs/top-level/impure.nix @nbp @Ericson2314
/pkgs/top-level/stage.nix @nbp @Ericson2314 @matthewbauer
/pkgs/top-level/splice.nix @Ericson2314 @matthewbauer
/pkgs/top-level/release-cross.nix @Ericson2314 @matthewbauer
/pkgs/stdenv/generic @Ericson2314 @matthewbauer
/pkgs/stdenv/cross @Ericson2314 @matthewbauer
/pkgs/build-support/cc-wrapper @Ericson2314 @orivej
/pkgs/build-support/bintools-wrapper @Ericson2314 @orivej
/pkgs/build-support/setup-hooks @Ericson2314
/pkgs/build-support/setup-hooks/auto-patchelf.sh @aszlig
# Nixpkgs build-support
/pkgs/build-support/writers @lassulus @Profpatsch
@ -157,8 +158,8 @@
/nixos/modules/services/networking/ntp @thoughtpolice
# Dhall
/pkgs/development/dhall-modules @Gabriel439 @Profpatsch
/pkgs/development/interpreters/dhall @Gabriel439 @Profpatsch
/pkgs/development/dhall-modules @Gabriel439 @Profpatsch @ehmry
/pkgs/development/interpreters/dhall @Gabriel439 @Profpatsch @ehmry
# Idris
/pkgs/development/idris-modules @Infinisil

1
.github/CONTRIBUTING.md vendored
View File

@ -57,6 +57,7 @@ Follow these steps to backport a change into a release branch in compliance with
3. Create a branch for your change, e.g. `git checkout -b backport`.
4. When the reason to backport is not obvious from the original commit message, use `git cherry-pick -xe <original commit>` and add a reason. Otherwise use `git cherry-pick -x <original commit>`. That's fine for minor version updates that only include security and bug fixes, commits that fixes an otherwise broken package or similar. Please also ensure the commits exists on the master branch; in the case of squashed or rebased merges, the commit hash will change and the new commits can be found in the merge message at the bottom of the master pull request.
5. Push to GitHub and open a backport pull request. Make sure to select the release branch (e.g. `release-20.09`) as the target branch of the pull request, and link to the pull request in which the original change was comitted to `master`. The pull request title should be the commit title with the release version as prefix, e.g. `[20.09]`.
6. When the backport pull request is merged and you have the necessary privileges you can also replace the label `9.needs: port to stable` with `8.has: port to stable` on the original pull request. This way maintainers can keep track of missing backports easier.
## Reviewing contributions

10
doc/builders/packages/emacs.section.md
View File

@ -2,12 +2,12 @@
## Configuring Emacs {#sec-emacs-config}
The Emacs package comes with some extra helpers to make it easier to configure. `emacsWithPackages` allows you to manage packages from ELPA. This means that you will not have to install that packages from within Emacs. For instance, if you wanted to use `company` `counsel`, `flycheck`, `ivy`, `magit`, `projectile`, and `use-package` you could use this as a `~/.config/nixpkgs/config.nix` override:
The Emacs package comes with some extra helpers to make it easier to configure. `emacs.pkgs.withPackages` allows you to manage packages from ELPA. This means that you will not have to install that packages from within Emacs. For instance, if you wanted to use `company` `counsel`, `flycheck`, `ivy`, `magit`, `projectile`, and `use-package` you could use this as a `~/.config/nixpkgs/config.nix` override:
```nix
{
packageOverrides = pkgs: with pkgs; {
myEmacs = emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
myEmacs = emacs.pkgs.withPackages (epkgs: (with epkgs.melpaStablePackages; [
company
counsel
flycheck
@ -84,7 +84,7 @@ You can install it like any other packages via `nix-env -iA myEmacs`. However, t
(projectile-global-mode))
'';
myEmacs = emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
myEmacs = emacs.pkgs.withPackages (epkgs: (with epkgs.melpaStablePackages; [
(runCommand "default.el" {} ''
mkdir -p $out/share/emacs/site-lisp
cp ${myEmacsConfig} $out/share/emacs/site-lisp/default.el
@ -103,14 +103,14 @@ You can install it like any other packages via `nix-env -iA myEmacs`. However, t
This provides a fairly full Emacs start file. It will load in addition to the user's presonal config. You can always disable it by passing `-q` to the Emacs command.
Sometimes `emacsWithPackages` is not enough, as this package set has some priorities imposed on packages (with the lowest priority assigned to Melpa Unstable, and the highest for packages manually defined in `pkgs/top-level/emacs-packages.nix`). But you can't control this priorities when some package is installed as a dependency. You can override it on per-package-basis, providing all the required dependencies manually - but it's tedious and there is always a possibility that an unwanted dependency will sneak in through some other package. To completely override such a package you can use `overrideScope'`.
Sometimes `emacs.pkgs.withPackages` is not enough, as this package set has some priorities imposed on packages (with the lowest priority assigned to Melpa Unstable, and the highest for packages manually defined in `pkgs/top-level/emacs-packages.nix`). But you can't control this priorities when some package is installed as a dependency. You can override it on per-package-basis, providing all the required dependencies manually - but it's tedious and there is always a possibility that an unwanted dependency will sneak in through some other package. To completely override such a package you can use `overrideScope'`.
```nix
overrides = self: super: rec {
haskell-mode = self.melpaPackages.haskell-mode;
...
};
((emacsPackagesGen emacs).overrideScope' overrides).emacsWithPackages
((emacsPackagesFor emacs).overrideScope' overrides).emacs.pkgs.withPackages
(p: with p; [
# here both these package will use haskell-mode of our own choice
ghc-mod

6
doc/contributing/coding-conventions.xml
View File

@ -178,6 +178,12 @@ args.stdenv.mkDerivation (args // {
</programlisting>
</para>
</listitem>
<listitem>
<para>
Arguments should be listed in the order they are used, with the
exception of <varname>lib</varname>, which always goes first.
</para>
</listitem>
<listitem>
<para>
Prefer using the top-level <varname>lib</varname> over its alias

4
doc/languages-frameworks/coq.section.md
View File

@ -42,8 +42,8 @@ It also takes other standard `mkDerivation` attributes, they are added as such,
Here is a simple package example. It is a pure Coq library, thus it depends on Coq. It builds on the Mathematical Components library, thus it also takes some `mathcomp` derivations as `extraBuildInputs`.
```nix
{ coq, mkCoqDerivation, mathcomp, mathcomp-finmap, mathcomp-bigenough,
lib, version ? null }:
{ lib, mkCoqDerivation, version ? null
, coq, mathcomp, mathcomp-finmap, mathcomp-bigenough }:
with lib; mkCoqDerivation {
/* namePrefix leads to e.g. `name = coq8.11-mathcomp1.11-multinomials-1.5.2` */
namePrefix = [ "coq" "mathcomp" ];

6
doc/languages-frameworks/emscripten.section.md
View File

@ -60,7 +60,7 @@ See the `zlib` example:
stdenv = pkgs.emscriptenStdenv;
}).overrideDerivation
(old: rec {
buildInputs = old.buildInputs ++ [ pkgconfig ];
buildInputs = old.buildInputs ++ [ pkg-config ];
# we need to reset this setting!
NIX_CFLAGS_COMPILE="";
configurePhase = ''
@ -117,8 +117,8 @@ This `xmlmirror` example features a emscriptenPackage which is defined completel
xmlmirror = pkgs.buildEmscriptenPackage rec {
name = "xmlmirror";
buildInputs = [ pkgconfig autoconf automake libtool gnumake libxml2 nodejs openjdk json_c ];
nativeBuildInputs = [ pkgconfig zlib ];
buildInputs = [ pkg-config autoconf automake libtool gnumake libxml2 nodejs openjdk json_c ];
nativeBuildInputs = [ pkg-config zlib ];
src = pkgs.fetchgit {
url = "https://gitlab.com/odfplugfest/xmlmirror.git";

10
doc/languages-frameworks/idris.section.md
View File

@ -69,11 +69,11 @@ prelude
As an example of how a Nix expression for an Idris package can be created, here is the one for `idrisPackages.yaml`:
```nix
{ build-idris-package
{ lib
, build-idris-package
, fetchFromGitHub
, contrib
, lightyear
, lib
}:
build-idris-package {
name = "yaml";
@ -94,11 +94,11 @@ build-idris-package {
sha256 = "1g4pi0swmg214kndj85hj50ccmckni7piprsxfdzdfhg87s0avw7";
};
meta = {
meta = with lib; {
description = "Idris YAML lib";
homepage = "https://github.com/Heather/Idris.Yaml";
license = lib.licenses.mit;
maintainers = [ lib.maintainers.brainrape ];
license = licenses.mit;
maintainers = [ maintainers.brainrape ];
};
}
```

8
doc/languages-frameworks/maven.section.md
View File

@ -116,7 +116,7 @@ The first step will be to build the Maven project as a fixed-output derivation i
> Traditionally the Maven repository is at `~/.m2/repository`. We will override this to be the `$out` directory.
```nix
{ stdenv, lib, maven }:
{ lib, stdenv, maven }:
stdenv.mkDerivation {
name = "maven-repository";
buildInputs = [ maven ];
@ -168,7 +168,7 @@ If your package uses _SNAPSHOT_ dependencies or _version ranges_; there is a str
Regardless of which strategy is chosen above, the step to build the derivation is the same.
```nix
{ stdenv, lib, maven, callPackage }:
{ stdenv, maven, callPackage }:
# pick a repository derivation, here we will use buildMaven
let repository = callPackage ./build-maven-repository.nix { };
in stdenv.mkDerivation rec {
@ -222,7 +222,7 @@ We will read the Maven repository and flatten it to a single list. This list wil
We make sure to provide this classpath to the `makeWrapper`.
```nix
{ stdenv, lib, maven, callPackage, makeWrapper, jre }:
{ stdenv, maven, callPackage, makeWrapper, jre }:
let
repository = callPackage ./build-maven-repository.nix { };
in stdenv.mkDerivation rec {
@ -298,7 +298,7 @@ Main-Class: Main
We will modify the derivation above to add a symlink to our repository so that it's accessible to our JAR during the `installPhase`.
```nix
{ stdenv, lib, maven, callPackage, makeWrapper, jre }:
{ stdenv, maven, callPackage, makeWrapper, jre }:
# pick a repository derivation, here we will use buildMaven
let repository = callPackage ./build-maven-repository.nix { };
in stdenv.mkDerivation rec {

6
doc/languages-frameworks/ocaml.section.md
View File

@ -32,11 +32,11 @@ buildDunePackage rec {
propagatedBuildInputs = [ bigstringaf result ];
doCheck = true;
meta = {
meta = with lib; {
homepage = "https://github.com/inhabitedtype/angstrom";
description = "OCaml parser combinators built for speed and memory efficiency";
license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [ sternenseemann ];
license = licenses.bsd3;
maintainers = with maintainers; [ sternenseemann ];
};
}
```

2
doc/languages-frameworks/perl.section.md
View File

@ -110,7 +110,7 @@ ClassC3Componentised = buildPerlPackage rec {
On Darwin, if a script has too many `-Idir` flags in its first line (its “shebang line”), it will not run. This can be worked around by calling the `shortenPerlShebang` function from the `postInstall` phase:
```nix
{ stdenv, lib, buildPerlPackage, fetchurl, shortenPerlShebang }:
{ lib, stdenv, buildPerlPackage, fetchurl, shortenPerlShebang }:
ImageExifTool = buildPerlPackage {
pname = "Image-ExifTool";

4
doc/languages-frameworks/python.section.md
View File

@ -610,6 +610,10 @@ Using the example above, the analagous pytestCheckHook usage would be:
"download"
"update"
];
disabledTestFiles = [
"tests/test_failing.py"
];
```
This is expecially useful when tests need to be conditionallydisabled,

37
doc/languages-frameworks/qt.section.md
View File

@ -8,7 +8,7 @@ There are primarily two problems which the Qt infrastructure is designed to addr
```{=docbook}
<programlisting>
{ mkDerivation, lib, qtbase }: <co xml:id='qt-default-nix-co-1' />
{ mkDerivation, qtbase }: <co xml:id='qt-default-nix-co-1' />
mkDerivation { <co xml:id='qt-default-nix-co-2' />
pname = "myapp";
@ -92,32 +92,43 @@ mkDerivation {
}
```
## Adding a library to Nixpkgs
Add a Qt library to all-packages.nix by adding it to the collection inside `mkLibsForQt5`. This ensures that the library is built with every available version of Qt as needed.
### Example Adding a Qt library to all-packages.nix {#qt-library-all-packages-nix}
Qt libraries are added to `qt5-packages.nix` and are made available for every Qt
version supported.
### Example adding a Qt library {#qt-library-all-packages-nix}
The following represents the contents of `qt5-packages.nix`.
```
{
# ...
mkLibsForQt5 = self: with self; {
# ...
mylib = callPackage ../path/to/mylib {};
};
mylib = callPackage ../path/to/mylib {};
# ...
}
```
## Adding an application to Nixpkgs
Add a Qt application to *all-packages.nix* using `libsForQt5.callPackage` instead of the usual `callPackage`. The former ensures that all dependencies are built with the same version of Qt.
Applications that use Qt are also added to `qt5-packages.nix`. An alias is added
in the top-level `all-packages.nix` pointing to the package with the desired Qt5 version.
### Example Adding a QT application to all-packages.nix {#qt-application-all-packages-nix}
```nix
### Example adding a Qt application {#qt-application-all-packages-nix}
The following represents the contents of `qt5-packages.nix`.
```
{
# ...
myapp = libsForQt5.callPackage ../path/to/myapp/ {};
myapp = callPackage ../path/to/myapp {};
# ...
}
```
The following represents the contents of `all-packages.nix`.
```
{
# ...
myapp = libsForQt5.myapp;
# ...
}

8
doc/languages-frameworks/r.section.md
View File

@ -32,14 +32,12 @@ However, if you'd like to add a file to your project source to make the
environment available for other contributors, you can create a `default.nix`
file like so:
```nix
let
pkgs = import <nixpkgs> {};
stdenv = pkgs.stdenv;
in with pkgs; {
with import <nixpkgs> {};
{
myProject = stdenv.mkDerivation {
name = "myProject";
version = "1";
src = if pkgs.lib.inNixShell then null else nix;
src = if lib.inNixShell then null else nix;
buildInputs = with rPackages; [
R

2
doc/languages-frameworks/ruby.section.md
View File

@ -232,7 +232,7 @@ If you want to package a specific version, you can use the standard Gemfile synt
Now you can also also make a `default.nix` that looks like this:
```nix
{ lib, bundlerApp }:
{ bundlerApp }:
bundlerApp {
pname = "mdl";

15
doc/languages-frameworks/rust.section.md
View File

@ -19,6 +19,8 @@ or use Mozilla's [Rust nightlies overlay](#using-the-rust-nightlies-overlay).
Rust applications are packaged by using the `buildRustPackage` helper from `rustPlatform`:
```
{ lib, rustPlatform }:
rustPlatform.buildRustPackage rec {
pname = "ripgrep";
version = "12.1.1";
@ -226,8 +228,6 @@ source code in a reproducible way. If it is missing or out-of-date one can use
the `cargoPatches` attribute to update or add it.
```
{ lib, rustPlatform, fetchFromGitHub }:
rustPlatform.buildRustPackage rec {
(...)
cargoPatches = [
@ -263,7 +263,7 @@ Now, the file produced by the call to `carnix`, called `hello.nix`, looks like:
```
# Generated by carnix 0.6.5: carnix -o hello.nix --src ./. Cargo.lock --standalone
{ lib, stdenv, buildRustCrate, fetchgit }:
{ stdenv, buildRustCrate, fetchgit }:
let kernel = stdenv.buildPlatform.parsed.kernel.name;
# ... (content skipped)
in
@ -292,7 +292,7 @@ following nix file:
```
# Generated by carnix 0.6.5: carnix -o hello.nix --src ./. Cargo.lock --standalone
{ lib, stdenv, buildRustCrate, fetchgit }:
{ stdenv, buildRustCrate, fetchgit }:
let kernel = stdenv.buildPlatform.parsed.kernel.name;
# ... (content skipped)
in
@ -480,7 +480,7 @@ stdenv.mkDerivation {
rustc cargo
# Example Build-time Additional Dependencies
pkgconfig
pkg-config
];
buildInputs = [
# Example Run-time Additional Dependencies
@ -522,7 +522,7 @@ stdenv.mkDerivation {
latest.rustChannels.nightly.rust
# Add some extra dependencies from `pkgs`
pkgconfig openssl
pkg-config openssl
];
# Set Environment Variables
@ -567,12 +567,13 @@ in the `~/.config/nixpkgs/overlays` directory.
Add the following to your `configuration.nix`, `home-configuration.nix`, `shell.nix`, or similar:
```
nixpkgs = {
{ pkgs ? import <nixpkgs> {
overlays = [
(import (builtins.fetchTarball https://github.com/mozilla/nixpkgs-mozilla/archive/master.tar.gz))
# Further overlays go here
];
};
};
```
Note that this will fetch the latest overlay version when rebuilding your system.

8
doc/shell.nix
View File

@ -1,5 +1,3 @@
{ pkgs ? import ../. {} }:
(import ./default.nix {}).overrideAttrs (x: {
buildInputs = x.buildInputs ++ [ pkgs.xmloscopy pkgs.ruby ];
})
{ pkgs ? import ../. { } }:
(import ./default.nix { }).overrideAttrs
(x: { buildInputs = (x.buildInputs or [ ]) ++ [ pkgs.xmloscopy pkgs.ruby ]; })

2
lib/modules.nix
View File

@ -895,7 +895,7 @@ rec {
fromOpt = getAttrFromPath from options;
toOf = attrByPath to
(abort "Renaming error: option `${showOption to}' does not exist.");
toType = let opt = attrByPath to {} options; in opt.type or null;
toType = let opt = attrByPath to {} options; in opt.type or (types.submodule {});
in
{
options = setAttrByPath from (mkOption {

8
lib/systems/platforms.nix
View File

@ -47,7 +47,6 @@ rec {
arch = "armv5te";
};
kernelMajor = "2.6";
kernelBaseConfig = "multi_v5_defconfig";
kernelArch = "arm";
kernelAutoModules = false;
@ -70,7 +69,6 @@ rec {
sheevaplug = {
name = "sheevaplug";
kernelMajor = "2.6";
kernelBaseConfig = "multi_v5_defconfig";
kernelArch = "arm";
kernelAutoModules = false;
@ -182,7 +180,6 @@ rec {
raspberrypi = {
name = "raspberrypi";
kernelMajor = "2.6";
kernelBaseConfig = "bcm2835_defconfig";
kernelDTB = true;
kernelArch = "arm";
@ -241,7 +238,6 @@ rec {
utilite = {
name = "utilite";
kernelMajor = "2.6";
kernelBaseConfig = "multi_v7_defconfig";
kernelArch = "arm";
kernelAutoModules = false;
@ -294,7 +290,6 @@ rec {
armv7l-hf-multiplatform = {
name = "armv7l-hf-multiplatform";
kernelMajor = "2.6"; # Using "2.6" enables 2.6 kernel syscalls in glibc.
kernelBaseConfig = "multi_v7_defconfig";
kernelArch = "arm";
kernelDTB = true;
@ -342,7 +337,6 @@ rec {
aarch64-multiplatform = {
name = "aarch64-multiplatform";
kernelMajor = "2.6"; # Using "2.6" enables 2.6 kernel syscalls in glibc.
kernelBaseConfig = "defconfig";
kernelArch = "arm64";
kernelDTB = true;
@ -381,7 +375,6 @@ rec {
ben_nanonote = {
name = "ben_nanonote";
kernelMajor = "2.6";
kernelArch = "mips";
gcc = {
arch = "mips32";
@ -391,7 +384,6 @@ rec {
fuloong2f_n32 = {
name = "fuloong2f_n32";
kernelMajor = "2.6";
kernelBaseConfig = "lemote2f_defconfig";
kernelArch = "mips";
kernelAutoModules = false;

156
maintainers/maintainer-list.nix
View File

@ -610,6 +610,16 @@
githubId = 11699655;
name = "Stanislas Lange";
};
anhdle14 = {
name = "Le Anh Duc";
email = "anhdle14@icloud.com";
github = "anhdle14";
githubId = 9645992;
keys = [{
longkeyid = "rsa4096/0x0299AFF9ECBB5169";
fingerprint = "AA4B 8EC3 F971 D350 482E 4E20 0299 AFF9 ECBB 5169";
}];
};
ankhers = {
email = "me@ankhers.dev";
github = "ankhers";
@ -960,6 +970,12 @@
email = "sivaraman.balaji@gmail.com";
name = "Balaji Sivaraman";
};
baloo = {
email = "nixpkgs@superbaloo.net";
github = "baloo";
githubId = 59060;
name = "Arthur Gautier";
};
balsoft = {
email = "balsoft75@gmail.com";
github = "balsoft";
@ -1567,6 +1583,12 @@
githubId = 33503784;
name = "Yucheng Zhang";
};
cheriimoya = {
email = "github@hausch.xyz";
github = "cheriimoya";
githubId = 28303440;
name = "Max Hausch";
};
chessai = {
email = "chessai1996@gmail.com";
github = "chessai";
@ -1683,16 +1705,6 @@
githubId = 46303707;
name = "Christian Lütke-Stetzkamp";
};
kampka = {
email = "christian@kampka.net";
github = "kampka";
githubId = 422412;
name = "Christian Kampka";
keys = [{
longkeyid = "ed25519/0x1CBE9645DD68E915";
fingerprint = "F7FA 0BD0 8775 337C F6AB 4A14 1CBE 9645 DD68 E915";
}];
};
ckauhaus = {
email = "kc@flyingcircus.io";
github = "ckauhaus";
@ -2021,6 +2033,12 @@
githubId = 23366017;
name = "Dan Haraj";
};
danielbarter = {
email = "danielbarter@gmail.com";
github = "danielbarter";
githubId = 8081722;
name = "Daniel Barter";
};
danieldk = {
email = "me@danieldk.eu";
github = "danieldk";
@ -3771,6 +3789,12 @@
githubId = 7481521;
name = "Balázs Lengyel";
};
ilian = {
email = "ilian@tuta.io";
github = "ilian";
githubId = 25505957;
name = "Ilian";
};
ilikeavocadoes = {
email = "ilikeavocadoes@hush.com";
github = "ilikeavocadoes";
@ -3863,6 +3887,12 @@
githubId = 4458;
name = "Ivan Kozik";
};
ivan-babrou = {
email = "nixpkgs@ivan.computer";
name = "Ivan Babrou";
github = "bobrik";
githubId = 89186;
};
ivan-timokhin = {
email = "nixpkgs@ivan.timokhin.name";
name = "Ivan Timokhin";
@ -4666,6 +4696,12 @@
githubId = 494012;
name = "Kevin Cox";
};
kevingriffin = {
email = "me@kevin.jp";
github = "kevingriffin";
githubId = 209729;
name = "Kevin Griffin";
};
kfollesdal = {
email = "kfollesdal@gmail.com";
github = "kfollesdal";
@ -4793,6 +4829,12 @@
github = "kmein";
githubId = 10352507;
};
kmicklas = {
email = "maintainer@kmicklas.com";
name = "Ken Micklas";
github = "kmicklas";
githubId = 929096;
};
knairda = {
email = "adrian@kummerlaender.eu";
name = "Adrian Kummerlaender";
@ -4936,6 +4978,10 @@
github = "kyleondy";
githubId = 1640900;
name = "Kyle Ondy";
keys = [{
longkeyid = "rsa4096/0xDB0E3C33491F91C9";
fingerprint = "3C79 9D26 057B 64E6 D907 B0AC DB0E 3C33 491F 91C9";
}];
};
kylesferrazza = {
name = "Kyle Sferrazza";
@ -4949,6 +4995,16 @@
fingerprint = "5A9A 1C9B 2369 8049 3B48 CF5B 81A1 5409 4816 2372";
}];
};
l-as = {
email = "las@protonmail.ch";
github = "L-as";
githubId = 22075344;
keys = [{
longkeyid = "rsa2048/0xAC458A7D1087D025";
fingerprint = "A093 EA17 F450 D4D1 60A0 1194 AC45 8A7D 1087 D025";
}];
name = "Las Safin";
};
laikq = {
email = "gwen@quasebarth.de";
github = "laikq";
@ -5088,12 +5144,24 @@
githubId = 42153076;
name = "Alexey Nikashkin";
};
lesuisse = {
email = "thomas@gerbet.me";
github = "LeSuisse";
githubId = 737767;
name = "Thomas Gerbet";
};
lethalman = {
email = "lucabru@src.gnome.org";
github = "lethalman";
githubId = 480920;
name = "Luca Bruno";
};
leungbk = {
email = "leungbk@mailfence.com";
github = "leungbk";
githubId = 29217594;
name = "Brian Leung";
};
lewo = {
email = "lewo@abesis.fr";
github = "nlewo";
@ -5576,6 +5644,12 @@
fingerprint = "B573 5118 0375 A872 FBBF 7770 B629 036B E399 EEE9";
}];
};
mausch = {
email = "mauricioscheffer@gmail.com";
github = "mausch";
githubId = 95194;
name = "Mauricio Scheffer";
};
matejc = {
email = "cotman.matej@gmail.com";
github = "matejc";
@ -6553,12 +6627,6 @@
github = "NobbZ";
githubId = 58951;
};
nocent = {
email = "nocent@protonmail.ch";
github = "nocent";
githubId = 25505957;
name = "nocent";
};
nocoolnametom = {
email = "nocoolnametom@gmail.com";
github = "nocoolnametom";
@ -7085,6 +7153,16 @@
fingerprint = "A3A3 65AE 16ED A7A0 C29C 88F1 9712 452E 8BE3 372E";
}];
};
pinpox = {
email = "mail@pablo.tools";
github = "pinpox";
githubId = 1719781;
name = "Pablo Ovelleiro Corral";
keys = [{
longkeyid = "sa4096/0x823A6154426408D3";
fingerprint = "D03B 218C AE77 1F77 D7F9 20D9 823A 6154 4264 08D3";
}];
};
piotr = {
email = "ppietrasa@gmail.com";
name = "Piotr Pietraszkiewicz";
@ -7131,6 +7209,12 @@
githubId = 13000278;
name = "Maksim Bronsky";
};
PlushBeaver = {
name = "Dmitry Kozlyuk";
email = "dmitry.kozliuk+nixpkgs@gmail.com";
github = "PlushBeaver";
githubId = 8988269;
};
pmahoney = {
email = "pat@polycrystal.org";
github = "pmahoney";
@ -8653,6 +8737,12 @@
githubId = 1315818;
name = "Felix Bühler";
};
stupremee = {
email = "jutus.k@protonmail.com";
github = "Stupremee";
githubId = 39732259;
name = "Justus K";
};
suhr = {
email = "suhr@i2pmail.org";
github = "suhr";
@ -8665,6 +8755,12 @@
githubId = 2666479;
name = "Y Nguyen";
};
superherointj = {
name = "Sérgio G.";
email = "5861043+superherointj@users.noreply.github.com";
github = "superherointj";
githubId = 5861043;
};
SuperSandro2000 = {
email = "sandro.jaeckel@gmail.com";
github = "SuperSandro2000";
@ -8689,6 +8785,12 @@
githubId = 1040871;
name = "Mathis Antony";
};
svend = {
email = "svend@svends.net";
github = "svend";
githubId = 306190;
name = "Svend Sorensen";
};
svrana = {
email = "shaw@vranix.com";
github = "svrana";
@ -8915,6 +9017,12 @@
githubId = 649832;
name = "Teo Klestrup Röijezon";
};
terin = {
email = "terinjokes@gmail.com";
github = "terinjokes";
githubId = 273509;
name = "Terin Stock";
};
terlar = {
email = "terlar@gmail.com";
github = "terlar";
@ -9027,6 +9135,12 @@
githubId = 844343;
name = "Thiago K. Okada";
};
thibautmarty = {
email = "github@thibautmarty.fr";
github = "ThibautMarty";
githubId = 3268082;
name = "Thibaut Marty";
};
thmzlt = {
email = "git@thomazleite.com";
github = "thmzlt";
@ -9287,6 +9401,12 @@
githubId = 303489;
name = "Manuel Bärenz";
};
tu-maurice = {
email = "valentin.gehrke+nixpkgs@zom.bi";
github = "tu-maurice";
githubId = 16151097;
name = "Valentin Gehrke";
};
tv = {
email = "tv@krebsco.de";
github = "4z3";
@ -9626,6 +9746,10 @@
email = "oliver.huntuk@gmail.com";
name = "Oliver Hunt";
};
vq = {
email = "vq@erq.se";
name = "Daniel Nilsson";
};
vrthra = {
email = "rahul@gopinath.org";
github = "vrthra";

6
maintainers/scripts/nix-generate-from-cpan.nix
View File

@ -1,4 +1,4 @@
{ stdenv, makeWrapper, perl, perlPackages }:
{ stdenv, lib, makeWrapper, perl, perlPackages }:
stdenv.mkDerivation {
name = "nix-generate-from-cpan-3";
@ -18,8 +18,8 @@ stdenv.mkDerivation {
'';
meta = {
maintainers = with stdenv.lib.maintainers; [ eelco rycee ];
maintainers = with lib.maintainers; [ eelco rycee ];
description = "Utility to generate a Nix expression for a Perl package from CPAN";
platforms = stdenv.lib.platforms.unix;
platforms = lib.platforms.unix;
};
}

8
maintainers/scripts/nixpkgs-lint.nix
View File

@ -1,4 +1,4 @@
{ stdenv, makeWrapper, perl, perlPackages }:
{ stdenv, lib, makeWrapper, perl, perlPackages }:
stdenv.mkDerivation {
name = "nixpkgs-lint-1";
@ -15,9 +15,9 @@ stdenv.mkDerivation {
wrapProgram $out/bin/nixpkgs-lint --set PERL5LIB $PERL5LIB
'';
meta = {
maintainers = [ stdenv.lib.maintainers.eelco ];
meta = with lib; {
maintainers = [ maintainers.eelco ];
description = "A utility for Nixpkgs contributors to check Nixpkgs for common errors";
platforms = stdenv.lib.platforms.unix;
platforms = platforms.unix;
};
}

2
nixos/doc/manual/configuration/linux-kernel.xml
View File

@ -87,7 +87,7 @@ nixpkgs.config.packageOverrides = pkgs:
You can edit the config with this snippet (by default <command>make
menuconfig</command> won't work out of the box on nixos):
<screen><![CDATA[
nix-shell -E 'with import <nixpkgs> {}; kernelToOverride.overrideAttrs (o: {nativeBuildInputs=o.nativeBuildInputs ++ [ pkgconfig ncurses ];})'
nix-shell -E 'with import <nixpkgs> {}; kernelToOverride.overrideAttrs (o: {nativeBuildInputs=o.nativeBuildInputs ++ [ pkg-config ncurses ];})'
]]></screen>
or you can let nixpkgs generate the configuration. Nixpkgs generates it via
answering the interactive kernel utility <command>make config</command>. The

2
nixos/doc/manual/configuration/x-windows.xml
View File

@ -186,7 +186,7 @@
The driver has many options (see <xref linkend="ch-options"/>). For
instance, the following disables tap-to-click behavior:
<programlisting>
<xref linkend="opt-services.xserver.libinput.tapping"/> = false;
<xref linkend="opt-services.xserver.libinput.touchpad.tapping"/> = false;
</programlisting>
Note: the use of <literal>services.xserver.synaptics</literal> is deprecated
since NixOS 17.09.

9
nixos/doc/manual/release-notes/rl-2003.xml
View File

@ -43,6 +43,15 @@
Linux kernel is updated to branch 5.4 by default (from 4.19).
</para>
</listitem>
<listitem>
<para>
Grub is updated to 2.04, adding support for booting from F2FS filesystems and
Btrfs volumes using zstd compression. Note that some users have been unable
to boot after upgrading to 2.04 - for more information, please see <link
xlink:href="https://github.com/NixOS/nixpkgs/issues/61718#issuecomment-617618503">this
discussion</link>.
</para>
</listitem>
<listitem>
<para>
Postgresql for NixOS service now defaults to v11.

27
nixos/doc/manual/release-notes/rl-2103.xml
View File

@ -256,6 +256,22 @@
which is the new stable release. OpenAFS 1.6 was removed.
</para>
</listitem>
<listitem>
<para>
MariaDB has been updated to 10.5.
Before you upgrade, it would be best to take a backup of your database and read
<link xlink:href="https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/#incompatible-changes-between-104-and-105">
Incompatible Changes Between 10.4 and 10.5</link>.
After the upgrade you will need to run <literal>mysql_upgrade</literal>.
</para>
</listitem>
<listitem>
<para>
The TokuDB storage engine dropped in <package>mariadb</package> 10.5 and removed in <package>mariadb</package> 10.6.
It is recommended to switch to RocksDB. See also <link xlink:href="https://mariadb.com/kb/en/tokudb/">TokuDB</link> and
<link xlink:href="https://jira.mariadb.org/browse/MDEV-19780">MDEV-19780: Remove the TokuDB storage engine</link>.
</para>
</listitem>
<listitem>
<para>
The <literal>openldap</literal> module now has support for OLC-style
@ -414,6 +430,17 @@ http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/e
dynamically allocated uid.
</para>
</listitem>
<listitem>
<para>
The libinput module has been updated with the ability to configure mouse and touchpad settings separately.
The options in <literal>services.xserver.libinput</literal> have been renamed to <literal>services.xserver.libinput.touchpad</literal>,
while there is a new <literal>services.xserver.libinput.mouse</literal> for mouse related configuration.
</para>
<para>
Since touchpad options no longer apply to all devices, you may want to replicate your touchpad configuration in
mouse section.
</para>
</listitem>
</itemizedlist>
</section>

10
nixos/modules/config/gnu.nix
View File

@ -1,11 +1,9 @@
{ config, lib, pkgs, ... }:
with lib;
{
options = {
gnu = mkOption {
type = types.bool;
gnu = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
When enabled, GNU software is chosen by default whenever a there is
@ -15,7 +13,7 @@ with lib;
};
};
config = mkIf config.gnu {
config = lib.mkIf config.gnu {
environment.systemPackages = with pkgs;
# TODO: Adjust `requiredPackages' from `system-path.nix'.
@ -26,7 +24,7 @@ with lib;
nano zile
texinfo # for the stand-alone Info reader
]
++ stdenv.lib.optional (!stdenv.isAarch32) grub2;
++ lib.optional (!stdenv.isAarch32) grub2;
# GNU GRUB, where available.

1
nixos/modules/config/networking.nix
View File

@ -58,6 +58,7 @@ in
"2.nixos.pool.ntp.org"
"3.nixos.pool.ntp.org"
];
type = types.listOf types.str;
description = ''
The set of NTP servers from which to synchronise.
'';

2
nixos/modules/config/xdg/portal.nix
View File

@ -62,7 +62,7 @@ with lib;
services.dbus.packages = packages;
systemd.packages = packages;
environment.variables = {
environment.sessionVariables = {
GTK_USE_PORTAL = mkIf cfg.gtkUsePortal "1";
XDG_DESKTOP_PORTAL_DIR = "${joinedPortals}/share/xdg-desktop-portal/portals";
};

16
nixos/modules/hardware/nitrokey.nix
View File

@ -19,23 +19,9 @@ in
nitrokey-app package, depending on your device and needs.
'';
};
group = mkOption {
type = types.str;
default = "nitrokey";
example = "wheel";
description = ''
Grant access to Nitrokey devices to users in this group.
'';
};
};
config = mkIf cfg.enable {
services.udev.packages = [
(pkgs.nitrokey-udev-rules.override (attrs:
{ inherit (cfg) group; }
))
];
users.groups.${cfg.group} = {};
services.udev.packages = [ pkgs.nitrokey-udev-rules ];
};
}

2
nixos/modules/i18n/input-method/ibus.nix
View File

@ -48,7 +48,7 @@ in
panel = mkOption {
type = with types; nullOr path;
default = null;
example = literalExample "''${pkgs.plasma5.plasma-desktop}/lib/libexec/kimpanel-ibus-panel";
example = literalExample "''${pkgs.plasma5Packages.plasma-desktop}/lib/libexec/kimpanel-ibus-panel";
description = "Replace the IBus panel with another panel.";
};
};

7
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -425,7 +425,12 @@ in
};
isoImage.squashfsCompression = mkOption {
default = "xz -Xdict-size 100%";
default = with pkgs.stdenv.targetPlatform; "xz -Xdict-size 100% "
+ lib.optionalString (isx86_32 || isx86_64) "-Xbcj x86"
# Untested but should also reduce size for these platforms
+ lib.optionalString (isAarch32 || isAarch64) "-Xbcj arm"
+ lib.optionalString (isPowerPC) "-Xbcj powerpc"
+ lib.optionalString (isSparc) "-Xbcj sparc";
description = ''
Compression settings to use for the squashfs nix store.
'';

10
nixos/modules/installer/tools/nixos-option/default.nix
View File

@ -1,11 +1,11 @@
{lib, stdenv, boost, cmake, pkgconfig, nix, ... }:
{lib, stdenv, boost, cmake, pkg-config, nix, ... }:
stdenv.mkDerivation rec {
name = "nixos-option";
src = ./.;
nativeBuildInputs = [ cmake pkgconfig ];
nativeBuildInputs = [ cmake pkg-config ];
buildInputs = [ boost nix ];
meta = {
license = stdenv.lib.licenses.lgpl2Plus;
maintainers = with lib.maintainers; [ chkno ];
meta = with lib; {
license = licenses.lgpl2Plus;
maintainers = with maintainers; [ chkno ];
};
}

12
nixos/modules/installer/tools/tools.nix
View File

@ -28,17 +28,7 @@ let
];
};
nixos-rebuild =
let fallback = import ./nix-fallback-paths.nix; in
makeProg {
name = "nixos-rebuild";
src = ./nixos-rebuild.sh;
inherit (pkgs) runtimeShell;
nix = config.nix.package.out;
nix_x86_64_linux = fallback.x86_64-linux;
nix_i686_linux = fallback.i686-linux;
path = makeBinPath [ pkgs.jq ];
};
nixos-rebuild = pkgs.nixos-rebuild.override { nix = config.nix.package.out; };
nixos-generate-config = makeProg {
name = "nixos-generate-config";

1
nixos/modules/misc/crashdump.nix
View File

@ -26,6 +26,7 @@ in
};
reservedMemory = mkOption {
default = "128M";
type = types.str;
description = ''
The amount of memory reserved for the crashdump kernel.
If you choose a too high value, dmesg will mention

3
nixos/modules/module-list.nix
View File

@ -633,6 +633,7 @@
./services/networking/dnsdist.nix
./services/networking/dnsmasq.nix
./services/networking/ncdns.nix
./services/networking/nomad.nix
./services/networking/ejabberd.nix
./services/networking/epmd.nix
./services/networking/ergo.nix
@ -900,6 +901,7 @@
./services/web-apps/selfoss.nix
./services/web-apps/shiori.nix
./services/web-apps/virtlyst.nix
./services/web-apps/whitebophir.nix
./services/web-apps/wordpress.nix
./services/web-apps/youtrack.nix
./services/web-apps/zabbix.nix
@ -955,6 +957,7 @@
./services/x11/urxvtd.nix
./services/x11/window-managers/awesome.nix
./services/x11/window-managers/default.nix
./services/x11/window-managers/clfswm.nix
./services/x11/window-managers/fluxbox.nix
./services/x11/window-managers/icewm.nix
./services/x11/window-managers/bspwm.nix

11
nixos/modules/profiles/all-hardware.nix
View File

@ -3,8 +3,10 @@
# enabled in the initrd. Its primary use is in the NixOS installation
# CDs.
{ ... }:
{ pkgs, lib,... }:
let
platform = pkgs.stdenv.hostPlatform;
in
{
# The initrd has to contain any module that might be necessary for
@ -42,7 +44,10 @@
"virtio_net" "virtio_pci" "virtio_blk" "virtio_scsi" "virtio_balloon" "virtio_console"
# VMware support.
"mptspi" "vmw_balloon" "vmwgfx" "vmw_vmci" "vmw_vsock_vmci_transport" "vmxnet3" "vsock"
"mptspi" "vmxnet3" "vsock"
] ++ lib.optional platform.isx86 "vmw_balloon"
++ lib.optionals (!platform.isAarch64) [ # not sure where else they're missing
"vmw_vmci" "vmwgfx" "vmw_vsock_vmci_transport"
# Hyper-V support.
"hv_storvsc"

269
nixos/modules/programs/fish.nix
View File

@ -13,6 +13,27 @@ let
(filterAttrs (k: v: v != null) cfg.shellAliases)
);
envShellInit = pkgs.writeText "shellInit" cfge.shellInit;
envLoginShellInit = pkgs.writeText "loginShellInit" cfge.loginShellInit;
envInteractiveShellInit = pkgs.writeText "interactiveShellInit" cfge.interactiveShellInit;
sourceEnv = file:
if cfg.useBabelfish then
"source /etc/fish/${file}.fish"
else
''
set fish_function_path ${pkgs.fishPlugins.foreign-env}/share/fish-foreign-env/functions $fish_function_path
fenv source /etc/fish/foreign-env/${file} > /dev/null
set -e fish_function_path[1]
'';
babelfishTranslate = path: name:
pkgs.runCommand "${name}.fish" {
nativeBuildInputs = [ pkgs.babelfish ];
} "${pkgs.babelfish}/bin/babelfish < ${path} > $out;";
in
{
@ -29,6 +50,15 @@ in
type = types.bool;
};
useBabelfish = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, the configured environment will be translated to native fish using <link xlink:href="https://github.com/bouk/babelfish">babelfish</link>.
Otherwise, <link xlink:href="https://github.com/oh-my-fish/plugin-foreign-env">foreign-env</link> will be used.
'';
};
vendor.config.enable = mkOption {
type = types.bool;
default = true;
@ -105,72 +135,152 @@ in
# Required for man completions
documentation.man.generateCaches = lib.mkDefault true;
environment.etc."fish/foreign-env/shellInit".text = cfge.shellInit;
environment.etc."fish/foreign-env/loginShellInit".text = cfge.loginShellInit;
environment.etc."fish/foreign-env/interactiveShellInit".text = cfge.interactiveShellInit;
environment = mkMerge [
(mkIf cfg.useBabelfish
{
etc."fish/setEnvironment.fish".source = babelfishTranslate config.system.build.setEnvironment "setEnvironment";
etc."fish/shellInit.fish".source = babelfishTranslate envShellInit "shellInit";
etc."fish/loginShellInit.fish".source = babelfishTranslate envLoginShellInit "loginShellInit";
etc."fish/interactiveShellInit.fish".source = babelfishTranslate envInteractiveShellInit "interactiveShellInit";
})
environment.etc."fish/nixos-env-preinit.fish".text = ''
# This happens before $__fish_datadir/config.fish sets fish_function_path, so it is currently
# unset. We set it and then completely erase it, leaving its configuration to $__fish_datadir/config.fish
set fish_function_path ${pkgs.fishPlugins.foreign-env}/share/fish/vendor_functions.d $__fish_datadir/functions
(mkIf (!cfg.useBabelfish)
{
etc."fish/foreign-env/shellInit".source = envShellInit;
etc."fish/foreign-env/loginShellInit".source = envLoginShellInit;
etc."fish/foreign-env/interactiveShellInit".source = envInteractiveShellInit;
})
# source the NixOS environment config
if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]
fenv source ${config.system.build.setEnvironment}
end
{
etc."fish/nixos-env-preinit.fish".text =
if cfg.useBabelfish
then ''
# source the NixOS environment config
if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]
source /etc/fish/setEnvironment.fish
end
''
else ''
# This happens before $__fish_datadir/config.fish sets fish_function_path, so it is currently
# unset. We set it and then completely erase it, leaving its configuration to $__fish_datadir/config.fish
set fish_function_path ${pkgs.fishPlugins.foreign-env}/share/fish/vendor_functions.d $__fish_datadir/functions
# clear fish_function_path so that it will be correctly set when we return to $__fish_datadir/config.fish
set -e fish_function_path
'';
# source the NixOS environment config
if [ -z "$__NIXOS_SET_ENVIRONMENT_DONE" ]
fenv source ${config.system.build.setEnvironment}
end
environment.etc."fish/config.fish".text = ''
# /etc/fish/config.fish: DO NOT EDIT -- this file has been generated automatically.
# clear fish_function_path so that it will be correctly set when we return to $__fish_datadir/config.fish
set -e fish_function_path
'';
}
# if we haven't sourced the general config, do it
if not set -q __fish_nixos_general_config_sourced
set --prepend fish_function_path ${pkgs.fishPlugins.foreign-env}/share/fish/vendor_functions.d
fenv source /etc/fish/foreign-env/shellInit > /dev/null
set -e fish_function_path[1]
{
etc."fish/config.fish".text = ''
# /etc/fish/config.fish: DO NOT EDIT -- this file has been generated automatically.
${cfg.shellInit}
# if we haven't sourced the general config, do it
if not set -q __fish_nixos_general_config_sourced
${sourceEnv "shellInit"}
# and leave a note so we don't source this config section again from
# this very shell (children will source the general config anew)
set -g __fish_nixos_general_config_sourced 1
end
${cfg.shellInit}
# if we haven't sourced the login config, do it
status --is-login; and not set -q __fish_nixos_login_config_sourced
and begin
set --prepend fish_function_path ${pkgs.fishPlugins.foreign-env}/share/fish/vendor_functions.d
fenv source /etc/fish/foreign-env/loginShellInit > /dev/null
set -e fish_function_path[1]
# and leave a note so we don't source this config section again from
# this very shell (children will source the general config anew)
set -g __fish_nixos_general_config_sourced 1
end
${cfg.loginShellInit}
# if we haven't sourced the login config, do it
status --is-login; and not set -q __fish_nixos_login_config_sourced
and begin
${sourceEnv "loginShellInit"}
# and leave a note so we don't source this config section again from
# this very shell (children will source the general config anew)
set -g __fish_nixos_login_config_sourced 1
end
${cfg.loginShellInit}
# if we haven't sourced the interactive config, do it
status --is-interactive; and not set -q __fish_nixos_interactive_config_sourced
and begin
${fishAliases}
# and leave a note so we don't source this config section again from
# this very shell (children will source the general config anew)
set -g __fish_nixos_login_config_sourced 1
end
set --prepend fish_function_path ${pkgs.fishPlugins.foreign-env}/share/fish/vendor_functions.d
fenv source /etc/fish/foreign-env/interactiveShellInit > /dev/null
set -e fish_function_path[1]
# if we haven't sourced the interactive config, do it
status --is-interactive; and not set -q __fish_nixos_interactive_config_sourced
and begin
${fishAliases}
${cfg.promptInit}
${cfg.interactiveShellInit}
${sourceEnv "interactiveShellInit"}
# and leave a note so we don't source this config section again from
# this very shell (children will source the general config anew,
# allowing configuration changes in, e.g, aliases, to propagate)
set -g __fish_nixos_interactive_config_sourced 1
end
'';
${cfg.promptInit}
${cfg.interactiveShellInit}
# and leave a note so we don't source this config section again from
# this very shell (children will source the general config anew,
# allowing configuration changes in, e.g, aliases, to propagate)
set -g __fish_nixos_interactive_config_sourced 1
end
'';
}
{
etc."fish/generated_completions".source =
let
patchedGenerator = pkgs.stdenv.mkDerivation {
name = "fish_patched-completion-generator";
srcs = [
"${pkgs.fish}/share/fish/tools/create_manpage_completions.py"
"${pkgs.fish}/share/fish/tools/deroff.py"
];
unpackCmd = "cp $curSrc $(basename $curSrc)";
sourceRoot = ".";
patches = [ ./fish_completion-generator.patch ]; # to prevent collisions of identical completion files
dontBuild = true;
installPhase = ''
mkdir -p $out
cp * $out/
'';
preferLocalBuild = true;
allowSubstitutes = false;
};
generateCompletions = package: pkgs.runCommand
"${package.name}_fish-completions"
(
{
inherit package;
preferLocalBuild = true;
allowSubstitutes = false;
}
// optionalAttrs (package ? meta.priority) { meta.priority = package.meta.priority; }
)
''
mkdir -p $out
if [ -d $package/share/man ]; then
find $package/share/man -type f | xargs ${pkgs.python3.interpreter} ${patchedGenerator}/create_manpage_completions.py --directory $out >/dev/null
fi
'';
in
pkgs.buildEnv {
name = "system_fish-completions";
ignoreCollisions = true;
paths = map generateCompletions config.environment.systemPackages;
};
}
# include programs that bring their own completions
{
pathsToLink = []
++ optional cfg.vendor.config.enable "/share/fish/vendor_conf.d"
++ optional cfg.vendor.completions.enable "/share/fish/vendor_completions.d"
++ optional cfg.vendor.functions.enable "/share/fish/vendor_functions.d";
}
{ systemPackages = [ pkgs.fish ]; }
{
shells = [
"/run/current-system/sw/bin/fish"
"${pkgs.fish}/bin/fish"
];
}
];
programs.fish.interactiveShellInit = ''
# add completions generated by NixOS to $fish_complete_path
@ -187,61 +297,6 @@ in
end
'';
environment.etc."fish/generated_completions".source =
let
patchedGenerator = pkgs.stdenv.mkDerivation {
name = "fish_patched-completion-generator";
srcs = [
"${pkgs.fish}/share/fish/tools/create_manpage_completions.py"
"${pkgs.fish}/share/fish/tools/deroff.py"
];
unpackCmd = "cp $curSrc $(basename $curSrc)";
sourceRoot = ".";
patches = [ ./fish_completion-generator.patch ]; # to prevent collisions of identical completion files
dontBuild = true;
installPhase = ''
mkdir -p $out
cp * $out/
'';
preferLocalBuild = true;
allowSubstitutes = false;
};
generateCompletions = package: pkgs.runCommand
"${package.name}_fish-completions"
(
{
inherit package;
preferLocalBuild = true;
allowSubstitutes = false;
}
// optionalAttrs (package ? meta.priority) { meta.priority = package.meta.priority; }
)
''
mkdir -p $out
if [ -d $package/share/man ]; then
find $package/share/man -type f | xargs ${pkgs.python3.interpreter} ${patchedGenerator}/create_manpage_completions.py --directory $out >/dev/null
fi
'';
in
pkgs.buildEnv {
name = "system_fish-completions";
ignoreCollisions = true;
paths = map generateCompletions config.environment.systemPackages;
};
# include programs that bring their own completions
environment.pathsToLink = []
++ optional cfg.vendor.config.enable "/share/fish/vendor_conf.d"
++ optional cfg.vendor.completions.enable "/share/fish/vendor_completions.d"
++ optional cfg.vendor.functions.enable "/share/fish/vendor_functions.d";
environment.systemPackages = [ pkgs.fish ];
environment.shells = [
"/run/current-system/sw/bin/fish"
"${pkgs.fish}/bin/fish"
];
};
}

8
nixos/modules/security/pam.nix
View File

@ -430,8 +430,8 @@ let
${optionalString cfg.pamMount
"auth optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}
${optionalString cfg.enableKwallet
("auth optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" +
" kwalletd=${pkgs.kdeFrameworks.kwallet.bin}/bin/kwalletd5")}
("auth optional ${pkgs.plasma5Packages.kwallet-pam}/lib/security/pam_kwallet5.so" +
" kwalletd=${pkgs.plasma5Packages.kwallet.bin}/bin/kwalletd5")}
${optionalString cfg.enableGnomeKeyring
"auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so"}
${optionalString cfg.gnupg.enable
@ -509,8 +509,8 @@ let
${optionalString (cfg.enableAppArmor && config.security.apparmor.enable)
"session optional ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so order=user,group,default debug"}
${optionalString (cfg.enableKwallet)
("session optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" +
" kwalletd=${pkgs.kdeFrameworks.kwallet.bin}/bin/kwalletd5")}
("session optional ${pkgs.plasma5Packages.kwallet-pam}/lib/security/pam_kwallet5.so" +
" kwalletd=${pkgs.plasma5Packages.kwallet.bin}/bin/kwalletd5")}
${optionalString (cfg.enableGnomeKeyring)
"session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start"}
${optionalString cfg.gnupg.enable

1
nixos/modules/services/amqp/activemq/default.nix
View File

@ -33,6 +33,7 @@ in {
};
configurationDir = mkOption {
default = "${activemq}/conf";
type = types.str;
description = ''
The base directory for ActiveMQ's configuration.
By default, this directory is searched for a file named activemq.xml,

3
nixos/modules/services/databases/firebird.nix
View File

@ -59,6 +59,7 @@ in
port = mkOption {
default = "3050";
type = types.port;
description = ''
Port Firebird uses.
'';
@ -66,6 +67,7 @@ in
user = mkOption {
default = "firebird";
type = types.str;
description = ''
User account under which firebird runs.
'';
@ -73,6 +75,7 @@ in
baseDir = mkOption {
default = "/var/db/firebird"; # ubuntu is using /var/lib/firebird/2.1/data/.. ?
type = types.str;
description = ''
Location containing data/ and system/ directories.
data/ stores the databases, system/ stores the password database security2.fdb.

15
nixos/modules/services/databases/memcached.nix
View File

@ -17,39 +17,44 @@ in
options = {
services.memcached = {
enable = mkEnableOption "Memcached";
user = mkOption {
type = types.str;
default = "memcached";
description = "The user to run Memcached as";
};
listen = mkOption {
type = types.str;
default = "127.0.0.1";
description = "The IP address to bind to";
description = "The IP address to bind to.";
};
port = mkOption {
type = types.port;
default = 11211;
description = "The port to bind to";
description = "The port to bind to.";
};
enableUnixSocket = mkEnableOption "unix socket at /run/memcached/memcached.sock";
maxMemory = mkOption {
type = types.ints.unsigned;
default = 64;
description = "The maximum amount of memory to use for storage, in megabytes.";
};
maxConnections = mkOption {
type = types.ints.unsigned;
default = 1024;
description = "The maximum number of simultaneous connections";
description = "The maximum number of simultaneous connections.";
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [];
description = "A list of extra options that will be added as a suffix when running memcached";
description = "A list of extra options that will be added as a suffix when running memcached.";
};
};

7
nixos/modules/services/databases/mongodb.nix
View File

@ -41,16 +41,19 @@ in
};
user = mkOption {
type = types.str;
default = "mongodb";
description = "User account under which MongoDB runs";
};
bind_ip = mkOption {
type = types.str;
default = "127.0.0.1";
description = "IP to bind to";
};
quiet = mkOption {
type = types.bool;
default = false;
description = "quieter output";
};
@ -68,16 +71,19 @@ in
};
dbpath = mkOption {
type = types.str;
default = "/var/db/mongodb";
description = "Location where MongoDB stores its files";
};
pidFile = mkOption {
type = types.str;
default = "/run/mongodb.pid";
description = "Location of MongoDB pid file";
};
replSetName = mkOption {
type = types.str;
default = "";
description = ''
If this instance is part of a replica set, set its name here.
@ -86,6 +92,7 @@ in
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
storage.journal.enabled: false

2
nixos/modules/services/databases/openldap.nix
View File

@ -244,7 +244,7 @@ in {
};
};
meta.maintainers = with lib.maintainters; [ mic92 kwohlfahrt ];
meta.maintainers = with lib.maintainers; [ mic92 kwohlfahrt ];
config = mkIf cfg.enable {
assertions = map (opt: {

21
nixos/modules/services/databases/redis.nix
View File

@ -122,12 +122,29 @@ in
};
slaveOf = mkOption {
default = null; # { ip, port }
description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave.";
type = with types; nullOr (submodule ({ ... }: {
options = {
ip = mkOption {
type = str;
description = "IP of the Redis master";
example = "192.168.1.100";
};
port = mkOption {
type = port;
description = "port of the Redis master";
default = 6379;
};
};
}));
default = null;
description = "IP and port to which this redis instance acts as a slave.";
example = { ip = "192.168.1.100"; port = 6379; };
};
masterAuth = mkOption {
type = with types; nullOr str;
default = null;
description = ''If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization

5
nixos/modules/services/databases/virtuoso.nix
View File

@ -16,28 +16,33 @@ with lib;
enable = mkEnableOption "Virtuoso Opensource database server";
config = mkOption {
type = types.lines;
default = "";
description = "Extra options to put into Virtuoso configuration file.";
};
parameters = mkOption {
type = types.lines;
default = "";
description = "Extra options to put into [Parameters] section of Virtuoso configuration file.";
};
listenAddress = mkOption {
type = types.str;
default = "1111";
example = "myserver:1323";
description = "ip:port or port to listen on.";
};
httpListenAddress = mkOption {
type = types.nullOr types.str;
default = null;
example = "myserver:8080";
description = "ip:port or port for Virtuoso HTTP server to listen on.";
};
dirsAllowed = mkOption {
type = types.nullOr types.str; # XXX Maybe use a list in the future?
default = null;
example = "/www, /home/";
description = "A list of directories Virtuoso is allowed to access";

50
nixos/modules/services/desktops/gnome3/evolution-data-server.nix
View File

@ -15,31 +15,45 @@ with lib;
options = {
services.gnome3.evolution-data-server = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Evolution Data Server, a collection of services for
storing addressbooks and calendars.
'';
enable = mkEnableOption "Evolution Data Server, a collection of services for storing addressbooks and calendars.";
plugins = mkOption {
type = types.listOf types.package;
default = [ ];
description = "Plugins for Evolution Data Server.";
};
};
programs.evolution = {
enable = mkEnableOption "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality.";
plugins = mkOption {
type = types.listOf types.package;
default = [ ];
example = literalExample "[ pkgs.evolution-ews ]";
description = "Plugins for Evolution.";
};
};
};
###### implementation
config = mkIf config.services.gnome3.evolution-data-server.enable {
config =
let
bundle = pkgs.evolutionWithPlugins.override { inherit (config.services.gnome3.evolution-data-server) plugins; };
in
mkMerge [
(mkIf config.services.gnome3.evolution-data-server.enable {
environment.systemPackages = [ bundle ];
environment.systemPackages = [ pkgs.gnome3.evolution-data-server ];
services.dbus.packages = [ pkgs.gnome3.evolution-data-server ];
systemd.packages = [ pkgs.gnome3.evolution-data-server ];
};
services.dbus.packages = [ bundle ];
systemd.packages = [ bundle ];
})
(mkIf config.programs.evolution.enable {
services.gnome3.evolution-data-server = {
enable = true;
plugins = [ pkgs.evolution ] ++ config.programs.evolution.plugins;
};
services.gnome3.gnome-keyring.enable = true;
})
];
}

10
nixos/modules/services/editors/emacs.xml
View File

@ -156,7 +156,7 @@ $ ./result/bin/emacs
let
myEmacs = pkgs.emacs; <co xml:id="ex-emacsNix-2" />
emacsWithPackages = (pkgs.emacsPackagesGen myEmacs).emacsWithPackages; <co xml:id="ex-emacsNix-3" />
emacsWithPackages = (pkgs.emacsPackagesFor myEmacs).emacsWithPackages; <co xml:id="ex-emacsNix-3" />
in
emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ <co xml:id="ex-emacsNix-4" />
magit # ; Integrate git &lt;C-x g&gt;
@ -254,10 +254,10 @@ in
<example xml:id="module-services-emacs-querying-packages">
<title>Querying Emacs packages</title>
<programlisting><![CDATA[
nix-env -f "<nixpkgs>" -qaP -A emacsPackages.elpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackages.melpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackages.melpaStablePackages
nix-env -f "<nixpkgs>" -qaP -A emacsPackages.orgPackages
nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.elpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.melpaPackages
nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.melpaStablePackages
nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.orgPackages
]]></programlisting>
</example>
</para>

14
nixos/modules/services/hardware/sane_extra_backends/brscan4_etc_files.nix
View File

@ -19,18 +19,16 @@ nix-shell -E 'with import <nixpkgs> { }; brscan4-etc-files.override{netDevices=[
*/
with lib;
let
addNetDev = nd: ''
brsaneconfig4 -a \
name="${nd.name}" \
model="${nd.model}" \
${if (hasAttr "nodename" nd && nd.nodename != null) then
${if (lib.hasAttr "nodename" nd && nd.nodename != null) then
''nodename="${nd.nodename}"'' else
''ip="${nd.ip}"''}'';
addAllNetDev = xs: concatStringsSep "\n" (map addNetDev xs);
addAllNetDev = xs: lib.concatStringsSep "\n" (map addNetDev xs);
in
stdenv.mkDerivation {
@ -61,11 +59,11 @@ stdenv.mkDerivation {
dontStrip = true;
dontPatchELF = true;
meta = {
meta = with lib; {
description = "Brother brscan4 sane backend driver etc files";
homepage = "http://www.brother.com";
platforms = stdenv.lib.platforms.linux;
license = stdenv.lib.licenses.unfree;
maintainers = with stdenv.lib.maintainers; [ jraygauthier ];
platforms = platforms.linux;
license = licenses.unfree;
maintainers = with maintainers; [ jraygauthier ];
};
}

18
nixos/modules/services/mail/postfix.nix
View File

@ -25,8 +25,6 @@ let
clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl);
smtpTlsSecurityLevel = if cfg.useDane then "dane" else "may";
mainCf = let
escape = replaceStrings ["$"] ["$$"];
mkList = items: "\n " + concatStringsSep ",\n " items;
@ -510,14 +508,6 @@ in
'';
};
useDane = mkOption {
type = types.bool;
default = false;
description = ''
Sets smtp_tls_security_level to "dane" rather than "may". See postconf(5) for details.
'';
};
sslCert = mkOption {
type = types.str;
default = "";
@ -819,13 +809,13 @@ in
// optionalAttrs cfg.enableHeaderChecks { header_checks = [ "regexp:/etc/postfix/header_checks" ]; }
// optionalAttrs (cfg.tlsTrustedAuthorities != "") {
smtp_tls_CAfile = cfg.tlsTrustedAuthorities;
smtp_tls_security_level = smtpTlsSecurityLevel;
smtp_tls_security_level = mkDefault "may";
}
// optionalAttrs (cfg.sslCert != "") {
smtp_tls_cert_file = cfg.sslCert;
smtp_tls_key_file = cfg.sslKey;
smtp_tls_security_level = smtpTlsSecurityLevel;
smtp_tls_security_level = mkDefault "may";
smtpd_tls_cert_file = cfg.sslCert;
smtpd_tls_key_file = cfg.sslKey;
@ -969,5 +959,9 @@ in
imports = [
(mkRemovedOptionModule [ "services" "postfix" "sslCACert" ]
"services.postfix.sslCACert was replaced by services.postfix.tlsTrustedAuthorities. In case you intend that your server should validate requested client certificates use services.postfix.extraConfig.")
(mkChangedOptionModule [ "services" "postfix" "useDane" ]
[ "services" "postfix" "config" "smtp_tls_security_level" ]
(config: mkIf config.services.postfix.useDane "dane"))
];
}

52
nixos/modules/services/misc/gitea.nix
View File

@ -349,7 +349,7 @@ in
{
DOMAIN = cfg.domain;
STATIC_ROOT_PATH = cfg.staticRootPath;
LFS_JWT_SECRET = "#jwtsecret#";
LFS_JWT_SECRET = "#lfsjwtsecret#";
ROOT_URL = cfg.rootUrl;
}
(mkIf cfg.enableUnixSocket {
@ -381,6 +381,7 @@ in
security = {
SECRET_KEY = "#secretkey#";
INTERNAL_TOKEN = "#internaltoken#";
INSTALL_LOCK = true;
};
@ -396,6 +397,10 @@ in
mailer = mkIf (cfg.mailerPasswordFile != null) {
PASSWD = "#mailerpass#";
};
oauth2 = {
JWT_SECRET = "#oauth2jwtsecret#";
};
};
services.postgresql = optionalAttrs (usePostgresql && cfg.database.createDatabase) {
@ -453,12 +458,22 @@ in
description = "gitea";
after = [ "network.target" ] ++ lib.optional usePostgresql "postgresql.service" ++ lib.optional useMysql "mysql.service";
wantedBy = [ "multi-user.target" ];
path = [ gitea pkgs.gitAndTools.git ];
path = [ gitea pkgs.git ];
# In older versions the secret naming for JWT was kind of confusing.
# The file jwt_secret hold the value for LFS_JWT_SECRET and JWT_SECRET
# wasn't persistant at all.
# To fix that, there is now the file oauth2_jwt_secret containing the
# values for JWT_SECRET and the file jwt_secret gets renamed to
# lfs_jwt_secret.
# We have to consider this to stay compatible with older installations.
preStart = let
runConfig = "${cfg.stateDir}/custom/conf/app.ini";
secretKey = "${cfg.stateDir}/custom/conf/secret_key";
jwtSecret = "${cfg.stateDir}/custom/conf/jwt_secret";
oauth2JwtSecret = "${cfg.stateDir}/custom/conf/oauth2_jwt_secret";
oldLfsJwtSecret = "${cfg.stateDir}/custom/conf/jwt_secret"; # old file for LFS_JWT_SECRET
lfsJwtSecret = "${cfg.stateDir}/custom/conf/lfs_jwt_secret"; # new file for LFS_JWT_SECRET
internalToken = "${cfg.stateDir}/custom/conf/internal_token";
in ''
# copy custom configuration and generate a random secret key if needed
${optionalString (cfg.useWizard == false) ''
@ -468,24 +483,41 @@ in
${gitea}/bin/gitea generate secret SECRET_KEY > ${secretKey}
fi
if [ ! -e ${jwtSecret} ]; then
${gitea}/bin/gitea generate secret LFS_JWT_SECRET > ${jwtSecret}
# Migrate LFS_JWT_SECRET filename
if [[ -e ${oldLfsJwtSecret} && ! -e ${lfsJwtSecret} ]]; then
mv ${oldLfsJwtSecret} ${lfsJwtSecret}
fi
KEY="$(head -n1 ${secretKey})"
if [ ! -e ${oauth2JwtSecret} ]; then
${gitea}/bin/gitea generate secret JWT_SECRET > ${oauth2JwtSecret}
fi
if [ ! -e ${lfsJwtSecret} ]; then
${gitea}/bin/gitea generate secret LFS_JWT_SECRET > ${lfsJwtSecret}
fi
if [ ! -e ${internalToken} ]; then
${gitea}/bin/gitea generate secret INTERNAL_TOKEN > ${internalToken}
fi
SECRETKEY="$(head -n1 ${secretKey})"
DBPASS="$(head -n1 ${cfg.database.passwordFile})"
JWTSECRET="$(head -n1 ${jwtSecret})"
OAUTH2JWTSECRET="$(head -n1 ${oauth2JwtSecret})"
LFSJWTSECRET="$(head -n1 ${lfsJwtSecret})"
INTERNALTOKEN="$(head -n1 ${internalToken})"
${if (cfg.mailerPasswordFile == null) then ''
MAILERPASSWORD="#mailerpass#"
'' else ''
MAILERPASSWORD="$(head -n1 ${cfg.mailerPasswordFile} || :)"
''}
sed -e "s,#secretkey#,$KEY,g" \
sed -e "s,#secretkey#,$SECRETKEY,g" \
-e "s,#dbpass#,$DBPASS,g" \
-e "s,#jwtsecret#,$JWTSECRET,g" \
-e "s,#oauth2jwtsecret#,$OAUTH2JWTSECRET,g" \
-e "s,#lfsjwtsecret#,$LFSJWTSECRET,g" \
-e "s,#internaltoken#,$INTERNALTOKEN,g" \
-e "s,#mailerpass#,$MAILERPASSWORD,g" \
-i ${runConfig}
chmod 640 ${runConfig} ${secretKey} ${jwtSecret}
chmod 640 ${runConfig} ${secretKey} ${oauth2JwtSecret} ${lfsJwtSecret} ${internalToken}
''}
# update all hooks' binary paths

8
nixos/modules/services/misc/gitlab.nix
View File

@ -736,7 +736,7 @@ in {
environment = gitlabEnv;
path = with pkgs; [
postgresqlPackage
gitAndTools.git
git
ruby
openssh
nodejs
@ -764,7 +764,7 @@ in {
path = with pkgs; [
openssh
procps # See https://gitlab.com/gitlab-org/gitaly/issues/1562
gitAndTools.git
git
cfg.packages.gitaly.rubyEnv
cfg.packages.gitaly.rubyEnv.wrappedRuby
gzip
@ -806,7 +806,7 @@ in {
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
exiftool
gitAndTools.git
git
gnutar
gzip
openssh
@ -854,7 +854,7 @@ in {
environment = gitlabEnv;
path = with pkgs; [
postgresqlPackage
gitAndTools.git
git
openssh
nodejs
procps

2
nixos/modules/services/misc/gitolite.nix
View File

@ -227,6 +227,6 @@ in
};
environment.systemPackages = [ pkgs.gitolite pkgs.git ]
++ optional cfg.enableGitAnnex pkgs.gitAndTools.git-annex;
++ optional cfg.enableGitAnnex pkgs.git-annex;
});
}

5
nixos/modules/services/misc/matrix-synapse.xml
View File

@ -69,6 +69,9 @@ in {
# i.e. to delegate from the host being accessible as ${config.networking.domain}
# to another host actually running the Matrix homeserver.
"${config.networking.domain}" = {
<link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;
<link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
<link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.extraConfig">locations."= /.well-known/matrix/server".extraConfig</link> =
let
# use 443 instead of the default 8448 port to unite
@ -203,7 +206,7 @@ Success!
<link linkend="opt-services.nginx.virtualHosts._name_.root">root</link> = pkgs.element-web.override {
conf = {
default_server_config."m.homeserver" = {
"base_url" = "${config.networking.domain}";
"base_url" = "https://${fqdn}";
"server_name" = "${fqdn}";
};
};

4
nixos/modules/services/misc/redmine.nix
View File

@ -230,7 +230,7 @@ in
production = {
scm_subversion_command = "${pkgs.subversion}/bin/svn";
scm_mercurial_command = "${pkgs.mercurial}/bin/hg";
scm_git_command = "${pkgs.gitAndTools.git}/bin/git";
scm_git_command = "${pkgs.git}/bin/git";
scm_cvs_command = "${pkgs.cvs}/bin/cvs";
scm_bazaar_command = "${pkgs.breezy}/bin/bzr";
scm_darcs_command = "${pkgs.darcs}/bin/darcs";
@ -299,7 +299,7 @@ in
breezy
cvs
darcs
gitAndTools.git
git
mercurial
subversion
];

2
nixos/modules/services/misc/snapper.nix
View File

@ -48,6 +48,8 @@ in
subvolume = "/home";
extraConfig = ''
ALLOW_USERS="alice"
TIMELINE_CREATE=yes
TIMELINE_CLEANUP=yes
'';
};
};

2
nixos/modules/services/monitoring/grafana-image-renderer.nix
View File

@ -122,7 +122,7 @@ in {
timezone = config.time.timeZone;
};
services = {
service = {
logging.level = mkIf cfg.verbose (mkDefault "debug");
metrics.enabled = mkDefault false;
};

10
nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix
View File

@ -46,11 +46,11 @@ in
DynamicUser = false;
ExecStart = ''
${pkgs.prometheus-nextcloud-exporter}/bin/nextcloud-exporter \
-a ${cfg.listenAddress}:${toString cfg.port} \
-u ${cfg.username} \
-t ${cfg.timeout} \
-l ${cfg.url} \
-p ${escapeShellArg "@${cfg.passwordFile}"} \
--addr ${cfg.listenAddress}:${toString cfg.port} \
--username ${cfg.username} \
--timeout ${cfg.timeout} \
--server ${cfg.url} \
--password ${escapeShellArg "@${cfg.passwordFile}"} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};

4
nixos/modules/services/networking/bitlbee.nix
View File

@ -58,6 +58,7 @@ in
};
interface = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
The interface the BitlBee deamon will be listening to. If `127.0.0.1',
@ -68,6 +69,7 @@ in
portNumber = mkOption {
default = 6667;
type = types.int;
description = ''
Number of the port BitlBee will be listening to.
'';
@ -142,6 +144,7 @@ in
extraSettings = mkOption {
default = "";
type = types.lines;
description = ''
Will be inserted in the Settings section of the config file.
'';
@ -149,6 +152,7 @@ in
extraDefaults = mkOption {
default = "";
type = types.lines;
description = ''
Will be inserted in the Default section of the config file.
'';

4
nixos/modules/services/networking/dnscrypt-wrapper.nix
View File

@ -83,7 +83,7 @@ let
# correctly implement key rotation of dnscrypt-wrapper ephemeral keys.
dnscrypt-proxy1 = pkgs.callPackage
({ stdenv, fetchFromGitHub, autoreconfHook
, pkgconfig, libsodium, ldns, openssl, systemd }:
, pkg-config, libsodium, ldns, openssl, systemd }:
stdenv.mkDerivation rec {
pname = "dnscrypt-proxy";
@ -98,7 +98,7 @@ let
configureFlags = optional stdenv.isLinux "--with-systemd";
nativeBuildInputs = [ autoreconfHook pkgconfig ];
nativeBuildInputs = [ autoreconfHook pkg-config ];
# <ldns/ldns.h> depends on <openssl/ssl.h>
buildInputs = [ libsodium openssl.dev ldns ] ++ optional stdenv.isLinux systemd;

9
nixos/modules/services/networking/murmur.nix
View File

@ -109,6 +109,13 @@ in
description = "Host to bind to. Defaults binding on all addresses.";
};
package = mkOption {
type = types.package;
default = pkgs.murmur;
defaultText = "pkgs.murmur";
description = "Overridable attribute of the murmur package to use.";
};
password = mkOption {
type = types.str;
default = "";
@ -299,7 +306,7 @@ in
Type = if forking then "forking" else "simple";
PIDFile = mkIf forking "/run/murmur/murmurd.pid";
EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile;
ExecStart = "${pkgs.murmur}/bin/murmurd -ini /run/murmur/murmurd.ini";
ExecStart = "${cfg.package}/bin/murmurd -ini /run/murmur/murmurd.ini";
Restart = "always";
RuntimeDirectory = "murmur";
RuntimeDirectoryMode = "0700";

126
nixos/modules/services/networking/nomad.nix Normal file
View File

@ -0,0 +1,126 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.nomad;
format = pkgs.formats.json { };
in
{
##### interface
options = {
services.nomad = {
enable = mkEnableOption "Nomad, a distributed, highly available, datacenter-aware scheduler";
package = mkOption {
type = types.package;
default = pkgs.nomad;
defaultText = "pkgs.nomad";
description = ''
The package used for the Nomad agent and CLI.
'';
};
extraPackages = mkOption {
type = types.listOf types.package;
default = [ ];
description = ''
Extra packages to add to <envar>PATH</envar> for the Nomad agent process.
'';
example = literalExample ''
with pkgs; [ cni-plugins ]
'';
};
dropPrivileges = mkOption {
type = types.bool;
default = true;
description = ''
Whether the nomad agent should be run as a non-root nomad user.
'';
};
enableDocker = mkOption {
type = types.bool;
default = true;
description = ''
Enable Docker support. Needed for Nomad's docker driver.
Note that the docker group membership is effectively equivalent
to being root, see https://github.com/moby/moby/issues/9976.
'';
};
settings = mkOption {
type = format.type;
default = {
# Agrees with `StateDirectory = "nomad"` set below.
data_dir = "/var/lib/nomad";
};
description = ''
Configuration for Nomad. See the <link xlink:href="https://www.nomadproject.io/docs/configuration">documentation</link>
for supported values.
'';
example = literalExample ''
{
# A minimal config example:
server = {
enabled = true;
bootstrap_expect = 1; # for demo; no fault tolerance
};
client = {
enabled = true;
};
}
'';
};
};
};
##### implementation
config = mkIf cfg.enable {
environment = {
etc."nomad.json".source = format.generate "nomad.json" cfg.settings;
systemPackages = [ cfg.package ];
};
systemd.services.nomad = {
description = "Nomad";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
restartTriggers = [ config.environment.etc."nomad.json".source ];
path = cfg.extraPackages ++ (with pkgs; [
# Client mode requires at least the following:
coreutils
iproute
iptables
]);
serviceConfig = {
DynamicUser = cfg.dropPrivileges;
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStart = "${cfg.package}/bin/nomad agent -config=/etc/nomad.json";
KillMode = "process";
KillSignal = "SIGINT";
LimitNOFILE = 65536;
LimitNPROC = "infinity";
OOMScoreAdjust = -1000;
Restart = "on-failure";
RestartSec = 2;
# Agrees with the default `data_dir = "/var/lib/nomad"` in `settings` above.
StateDirectory = "nomad";
TasksMax = "infinity";
User = optionalString cfg.dropPrivileges "nomad";
} // (optionalAttrs cfg.enableDocker {
SupplementaryGroups = "docker"; # space-separated string
});
unitConfig = {
StartLimitIntervalSec = 10;
StartLimitBurst = 3;
};
};
# Docker support requires the Docker daemon to be running.
virtualisation.docker.enable = mkIf cfg.enableDocker true;
};
}

51
nixos/modules/services/networking/ntp/chrony.nix
View File

@ -4,13 +4,14 @@ with lib;
let
cfg = config.services.chrony;
chronyPkg = cfg.package;
stateDir = "/var/lib/chrony";
stateDir = cfg.directory;
driftFile = "${stateDir}/chrony.drift";
keyFile = "${stateDir}/chrony.keys";
configFile = pkgs.writeText "chrony.conf" ''
${concatMapStringsSep "\n" (server: "server " + server + " iburst") cfg.servers}
${concatMapStringsSep "\n" (server: "server " + server + " " + cfg.serverOption + optionalString (cfg.enableNTS) " nts") cfg.servers}
${optionalString
(cfg.initstepslew.enabled && (cfg.servers != []))
@ -19,6 +20,7 @@ let
driftfile ${driftFile}
keyfile ${keyFile}
${optionalString (cfg.enableNTS) "ntsdumpdir ${stateDir}"}
${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"}
@ -39,13 +41,46 @@ in
'';
};
package = mkOption {
type = types.package;
default = pkgs.chrony;
defaultText = "pkgs.chrony";
description = ''
Which chrony package to use.
'';
};
servers = mkOption {
default = config.networking.timeServers;
type = types.listOf types.str;
description = ''
The set of NTP servers from which to synchronise.
'';
};
serverOption = mkOption {
default = "iburst";
type = types.enum [ "iburst" "offline" ];
description = ''
Set option for server directives.
Use "iburst" to rapidly poll on startup. Recommended if your machine
is consistently online.
Use "offline" to prevent polling on startup. Recommended if your
machine boots offline or is otherwise frequently offline.
'';
};
enableNTS = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable Network Time Security authentication.
Make sure it is supported by your selected NTP server(s).
'';
};
initstepslew = mkOption {
default = {
enabled = true;
@ -58,6 +93,12 @@ in
'';
};
directory = mkOption {
type = types.str;
default = "/var/lib/chrony";
description = "Directory where chrony state is stored.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
@ -79,7 +120,7 @@ in
config = mkIf cfg.enable {
meta.maintainers = with lib.maintainers; [ thoughtpolice ];
environment.systemPackages = [ pkgs.chrony ];
environment.systemPackages = [ chronyPkg ];
users.groups.chrony.gid = config.ids.gids.chrony;
@ -109,12 +150,12 @@ in
after = [ "network.target" ];
conflicts = [ "ntpd.service" "systemd-timesyncd.service" ];
path = [ pkgs.chrony ];
path = [ chronyPkg ];
unitConfig.ConditionCapability = "CAP_SYS_TIME";
serviceConfig =
{ Type = "simple";
ExecStart = "${pkgs.chrony}/bin/chronyd ${chronyFlags}";
ExecStart = "${chronyPkg}/bin/chronyd ${chronyFlags}";
ProtectHome = "yes";
ProtectSystem = "full";

1
nixos/modules/services/networking/ntp/ntpd.nix
View File

@ -79,6 +79,7 @@ in
servers = mkOption {
default = config.networking.timeServers;
type = types.listOf types.str;
description = ''
The set of NTP servers from which to synchronise.
'';

60
nixos/modules/services/networking/searx.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ options, config, lib, pkgs, ... }:
with lib;
@ -6,42 +6,14 @@ let
runDir = "/run/searx";
cfg = config.services.searx;
hasEngines =
builtins.hasAttr "engines" cfg.settings &&
cfg.settings.engines != { };
# Script to merge NixOS settings with
# the default settings.yml bundled in searx.
mergeConfig = ''
generateConfig = ''
cd ${runDir}
# find the default settings.yml
default=$(find '${cfg.package}/' -name settings.yml)
# write NixOS settings as JSON
cat <<'EOF' > settings.json
cat <<'EOF' > settings.yml
${builtins.toJSON cfg.settings}
EOF
${optionalString hasEngines ''
# extract and convert the default engines array to an object
${pkgs.yq-go}/bin/yq r "$default" engines -j | \
${pkgs.jq}/bin/jq 'reduce .[] as $e ({}; .[$e.name] = $e)' \
> engines.json
# merge and update the NixOS engines with the newly created object
cp settings.json temp.json
${pkgs.jq}/bin/jq -s '. as [$s, $e] | $s | .engines |=
($e * . | to_entries | map (.value))' \
temp.json engines.json > settings.json
# clean up temporary files
rm {engines,temp}.json
''}
# merge the default and NixOS settings
${pkgs.yq-go}/bin/yq m -P settings.json "$default" > settings.yml
rm settings.json
# substitute environment variables
env -0 | while IFS='=' read -r -d ''' n v; do
sed "s#@$n@#$v#g" -i settings.yml
@ -51,6 +23,12 @@ let
chmod 400 settings.yml
'';
settingType = with types; (oneOf
[ bool int float str
(listOf settingType)
(attrsOf settingType)
]) // { description = "JSON value"; };
in
{
@ -86,15 +64,16 @@ in
};
settings = mkOption {
type = types.attrs;
type = types.attrsOf settingType;
default = { };
example = literalExample ''
{ server.port = 8080;
server.bind_address = "0.0.0.0";
server.secret_key = "@SEARX_SECRET_KEY@";
engines.wolframalpha =
{ shortcut = "wa";
engines = lib.singleton
{ name = "wolframalpha";
shortcut = "wa";
api_key = "@WOLFRAM_API_KEY@";
engine = "wolframalpha_api";
};
@ -155,9 +134,9 @@ in
};
uwsgiConfig = mkOption {
type = types.attrs;
type = options.services.uwsgi.instance.type;
default = { http = ":8080"; };
example = lib.literalExample ''
example = literalExample ''
{
disable-logging = true;
http = ":8080"; # serve via HTTP...
@ -199,7 +178,7 @@ in
RuntimeDirectoryMode = "750";
} // optionalAttrs (cfg.environmentFile != null)
{ EnvironmentFile = builtins.toPath cfg.environmentFile; };
script = mergeConfig;
script = generateConfig;
};
systemd.services.searx = mkIf (!cfg.runInUwsgi) {
@ -221,6 +200,11 @@ in
after = [ "searx-init.service" ];
};
services.searx.settings = {
# merge NixOS settings with defaults settings.yml
use_default_settings = mkDefault true;
};
services.uwsgi = mkIf (cfg.runInUwsgi) {
enable = true;
plugins = [ "python3" ];
@ -241,6 +225,6 @@ in
};
meta.maintainers = with lib.maintainers; [ rnhmjoj ];
meta.maintainers = with maintainers; [ rnhmjoj ];
}

7
nixos/modules/services/security/tor.nix
View File

@ -909,8 +909,11 @@ in
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts =
concatMap (o: optional (isInt o && o > 0 || o ? "port" && isInt o.port && o.port > 0) o.port)
(flatten [
concatMap (o:
if isInt o && o > 0 then [o]
else if o ? "port" && isInt o.port && o.port > 0 then [o.port]
else []
) (flatten [
cfg.settings.ORPort
cfg.settings.DirPort
]);

2
nixos/modules/services/web-apps/trilium.nix
View File

@ -85,7 +85,7 @@ in
config = lib.mkIf cfg.enable (lib.mkMerge [
{
meta.maintainers = with lib.maintainers; [ kampka ];
meta.maintainers = with lib.maintainers; [ ];
users.groups.trilium = {};
users.users.trilium = {

45
nixos/modules/services/web-apps/whitebophir.nix Normal file
View File

@ -0,0 +1,45 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.whitebophir;
in {
options = {
services.whitebophir = {
enable = mkEnableOption "whitebophir, an online collaborative whiteboard server (persistent state will be maintained under <filename>/var/lib/whitebophir</filename>)";
package = mkOption {
default = pkgs.whitebophir;
defaultText = "pkgs.whitebophir";
type = types.package;
description = "Whitebophir package to use.";
};
port = mkOption {
type = types.port;
default = 5001;
description = "Port to bind to.";
};
};
};
config = mkIf cfg.enable {
systemd.services.whitebophir = {
description = "Whitebophir Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = {
PORT = "${toString cfg.port}";
WBO_HISTORY_DIR = "/var/lib/whitebophir";
};
serviceConfig = {
DynamicUser = true;
ExecStart = "${cfg.package}/bin/whitebophir";
Restart = "always";
StateDirectory = "whitebophir";
};
};
};
}

6
nixos/modules/services/web-servers/jboss/default.nix
View File

@ -31,32 +31,38 @@ in
tempDir = mkOption {
default = "/tmp";
type = types.str;
description = "Location where JBoss stores its temp files";
};
logDir = mkOption {
default = "/var/log/jboss";
type = types.str;
description = "Location of the logfile directory of JBoss";
};
serverDir = mkOption {
description = "Location of the server instance files";
default = "/var/jboss/server";
type = types.str;
};
deployDir = mkOption {
description = "Location of the deployment files";
default = "/nix/var/nix/profiles/default/server/default/deploy/";
type = types.str;
};
libUrl = mkOption {
default = "file:///nix/var/nix/profiles/default/server/default/lib";
description = "Location where the shared library JARs are stored";
type = types.str;
};
user = mkOption {
default = "nobody";
description = "User account under which jboss runs.";
type = types.str;
};
useJK = mkOption {

1
nixos/modules/services/web-servers/tomcat.nix
View File

@ -74,6 +74,7 @@ in
extraGroups = mkOption {
default = [];
type = types.listOf types.str;
example = [ "users" ];
description = "Defines extra groups to which the tomcat user belongs.";
};

10
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -7,8 +7,8 @@ let
xcfg = config.services.xserver;
cfg = xcfg.desktopManager.plasma5;
inherit (pkgs) kdeApplications kdeFrameworks plasma5;
inherit (pkgs) qt5 libsForQt5;
libsForQt5 = pkgs.plasma5Packages;
inherit (libsForQt5) kdeApplications kdeFrameworks plasma5;
inherit (pkgs) writeText;
pulseaudio = config.hardware.pulseaudio;
@ -198,8 +198,8 @@ in
};
security.wrappers = {
kcheckpass.source = "${lib.getBin plasma5.kscreenlocker}/libexec/kcheckpass";
start_kdeinit.source = "${lib.getBin pkgs.kdeFrameworks.kinit}/libexec/kf5/start_kdeinit";
kcheckpass.source = "${lib.getBin libsForQt5.kscreenlocker}/libexec/kcheckpass";
start_kdeinit.source = "${lib.getBin libsForQt5.kinit}/libexec/kf5/start_kdeinit";
kwin_wayland = {
source = "${lib.getBin plasma5.kwin}/bin/kwin_wayland";
capabilities = "cap_sys_nice+ep";
@ -213,7 +213,7 @@ in
'';
environment.systemPackages =
with qt5; with libsForQt5;
with libsForQt5;
with plasma5; with kdeApplications; with kdeFrameworks;
[
frameworkintegration

97
nixos/modules/services/x11/hardware/libinput.nix
View File

@ -3,23 +3,18 @@
with lib;
let cfg = config.services.xserver.libinput;
xorgBool = v: if v then "on" else "off";
in {
options = {
services.xserver.libinput = {
enable = mkEnableOption "libinput";
mkConfigForDevice = deviceType: {
dev = mkOption {
type = types.nullOr types.str;
default = null;
example = "/dev/input/event0";
description =
''
Path for touchpad device. Set to null to apply to any
auto-detected touchpad.
Path for ${deviceType} device. Set to null to apply to any
auto-detected ${deviceType}.
'';
};
@ -185,14 +180,64 @@ in {
Option "DragLockButtons" "L1 B1 L2 B2"
'';
description = ''
Additional options for libinput touchpad driver. See
Additional options for libinput ${deviceType} driver. See
<citerefentry><refentrytitle>libinput</refentrytitle><manvolnum>4</manvolnum></citerefentry>
for available options.";
'';
};
};
mkX11ConfigForDevice = deviceType: matchIs: ''
Identifier "libinput ${deviceType} configuration"
MatchDriver "libinput"
MatchIs${matchIs} "${xorgBool true}"
${optionalString (cfg.${deviceType}.dev != null) ''MatchDevicePath "${cfg.${deviceType}.dev}"''}
Option "AccelProfile" "${cfg.${deviceType}.accelProfile}"
${optionalString (cfg.${deviceType}.accelSpeed != null) ''Option "AccelSpeed" "${cfg.${deviceType}.accelSpeed}"''}
${optionalString (cfg.${deviceType}.buttonMapping != null) ''Option "ButtonMapping" "${cfg.${deviceType}.buttonMapping}"''}
${optionalString (cfg.${deviceType}.calibrationMatrix != null) ''Option "CalibrationMatrix" "${cfg.${deviceType}.calibrationMatrix}"''}
${optionalString (cfg.${deviceType}.clickMethod != null) ''Option "ClickMethod" "${cfg.${deviceType}.clickMethod}"''}
Option "LeftHanded" "${xorgBool cfg.${deviceType}.leftHanded}"
Option "MiddleEmulation" "${xorgBool cfg.${deviceType}.middleEmulation}"
Option "NaturalScrolling" "${xorgBool cfg.${deviceType}.naturalScrolling}"
${optionalString (cfg.${deviceType}.scrollButton != null) ''Option "ScrollButton" "${toString cfg.${deviceType}.scrollButton}"''}
Option "ScrollMethod" "${cfg.${deviceType}.scrollMethod}"
Option "HorizontalScrolling" "${xorgBool cfg.${deviceType}.horizontalScrolling}"
Option "SendEventsMode" "${cfg.${deviceType}.sendEventsMode}"
Option "Tapping" "${xorgBool cfg.${deviceType}.tapping}"
Option "TappingDragLock" "${xorgBool cfg.${deviceType}.tappingDragLock}"
Option "DisableWhileTyping" "${xorgBool cfg.${deviceType}.disableWhileTyping}"
${cfg.${deviceType}.additionalOptions}
'';
in {
imports =
(map (option: mkRenamedOptionModule ([ "services" "xserver" "libinput" option ]) [ "services" "xserver" "libinput" "touchpad" option ]) [
"accelProfile"
"accelSpeed"
"buttonMapping"
"calibrationMatrix"
"clickMethod"
"leftHanded"
"middleEmulation"
"naturalScrolling"
"scrollButton"
"scrollMethod"
"horizontalScrolling"
"sendEventsMode"
"tapping"
"tappingDragLock"
"disableWhileTyping"
"additionalOptions"
]);
options = {
services.xserver.libinput = {
enable = mkEnableOption "libinput";
mouse = mkConfigForDevice "mouse";
touchpad = mkConfigForDevice "touchpad";
};
};
@ -212,32 +257,10 @@ in {
services.udev.packages = [ pkgs.libinput.out ];
services.xserver.config =
''
# General libinput configuration.
# See CONFIGURATION DETAILS section of man:libinput(4).
Section "InputClass"
Identifier "libinputConfiguration"
MatchDriver "libinput"
${optionalString (cfg.dev != null) ''MatchDevicePath "${cfg.dev}"''}
Option "AccelProfile" "${cfg.accelProfile}"
${optionalString (cfg.accelSpeed != null) ''Option "AccelSpeed" "${cfg.accelSpeed}"''}
${optionalString (cfg.buttonMapping != null) ''Option "ButtonMapping" "${cfg.buttonMapping}"''}
${optionalString (cfg.calibrationMatrix != null) ''Option "CalibrationMatrix" "${cfg.calibrationMatrix}"''}
${optionalString (cfg.clickMethod != null) ''Option "ClickMethod" "${cfg.clickMethod}"''}
Option "LeftHanded" "${xorgBool cfg.leftHanded}"
Option "MiddleEmulation" "${xorgBool cfg.middleEmulation}"
Option "NaturalScrolling" "${xorgBool cfg.naturalScrolling}"
${optionalString (cfg.scrollButton != null) ''Option "ScrollButton" "${toString cfg.scrollButton}"''}
Option "ScrollMethod" "${cfg.scrollMethod}"
Option "HorizontalScrolling" "${xorgBool cfg.horizontalScrolling}"
Option "SendEventsMode" "${cfg.sendEventsMode}"
Option "Tapping" "${xorgBool cfg.tapping}"
Option "TappingDragLock" "${xorgBool cfg.tappingDragLock}"
Option "DisableWhileTyping" "${xorgBool cfg.disableWhileTyping}"
${cfg.additionalOptions}
EndSection
'';
services.xserver.inputClassSections = [
(mkX11ConfigForDevice "mouse" "Pointer")
(mkX11ConfigForDevice "touchpad" "Touchpad")
];
assertions = [
# already present in synaptics.nix

4
nixos/modules/services/x11/window-managers/clfswm.nix
View File

@ -15,10 +15,10 @@ in
services.xserver.windowManager.session = singleton {
name = "clfswm";
start = ''
${pkgs.clfswm}/bin/clfswm &
${pkgs.lispPackages.clfswm}/bin/clfswm &
waitPID=$!
'';
};
environment.systemPackages = [ pkgs.clfswm ];
environment.systemPackages = [ pkgs.lispPackages.clfswm ];
};
}

1
nixos/modules/services/x11/window-managers/default.nix
View File

@ -13,6 +13,7 @@ in
./berry.nix
./bspwm.nix
./cwm.nix
./clfswm.nix
./dwm.nix
./evilwm.nix
./exwm.nix

2
nixos/modules/services/x11/window-managers/exwm.nix
View File

@ -48,7 +48,7 @@ in
description = ''
Extra packages available to Emacs. The value must be a
function which receives the attrset defined in
<varname>emacsPackages</varname> as the sole argument.
<varname>emacs.pkgs</varname> as the sole argument.
'';
};
};

10
nixos/modules/system/boot/binfmt.nix
View File

@ -20,8 +20,14 @@ let
optionalString fixBinary "F";
in ":${name}:${type}:${offset'}:${magicOrExtension}:${mask'}:${interpreter}:${flags}";
activationSnippet = name: { interpreter, ... }:
"ln -sf ${interpreter} /run/binfmt/${name}";
activationSnippet = name: { interpreter, ... }: ''
rm -f /run/binfmt/${name}
cat > /run/binfmt/${name} << 'EOF'
#!/usr/bin/env sh
exec -- ${interpreter} "$@"
EOF
chmod +x /run/binfmt/${name}
'';
getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;

2
nixos/modules/system/boot/plymouth.nix
View File

@ -9,7 +9,7 @@ let
cfg = config.boot.plymouth;
nixosBreezePlymouth = pkgs.plasma5.breeze-plymouth.override {
nixosBreezePlymouth = pkgs.plasma5Packages.breeze-plymouth.override {
logoFile = cfg.logo;
logoName = "nixos";
osName = "NixOS";

4
nixos/modules/system/boot/systemd.nix
View File

@ -263,7 +263,7 @@ let
}
(mkIf (config.preStart != "")
{ serviceConfig.ExecStartPre =
makeJobScript "${name}-pre-start" config.preStart;
[ (makeJobScript "${name}-pre-start" config.preStart) ];
})
(mkIf (config.script != "")
{ serviceConfig.ExecStart =
@ -271,7 +271,7 @@ let
})
(mkIf (config.postStart != "")
{ serviceConfig.ExecStartPost =
makeJobScript "${name}-post-start" config.postStart;
[ (makeJobScript "${name}-post-start" config.postStart) ];
})
(mkIf (config.reload != "")
{ serviceConfig.ExecReload =

1
nixos/modules/system/boot/timesyncd.nix
View File

@ -16,6 +16,7 @@ with lib;
};
servers = mkOption {
default = config.networking.timeServers;
type = types.listOf types.str;
description = ''
The set of NTP servers from which to synchronise.
'';

1
nixos/modules/system/boot/tmp.nix
View File

@ -34,6 +34,7 @@ with lib;
{
what = "tmpfs";
where = "/tmp";
type = "tmpfs";
mountConfig.Options = [ "mode=1777" "strictatime" "rw" "nosuid" "nodev" "size=50%" ];
}
];

2
nixos/modules/tasks/filesystems/zfs.nix
View File

@ -664,6 +664,8 @@ in
# - There are only HDDs and we would set the system in a degraded state
serviceConfig.ExecStart = ''${pkgs.runtimeShell} -c 'for pool in $(zpool list -H -o name); do zpool trim $pool; done || true' '';
};
systemd.timers.zpool-trim.timerConfig.Persistent = "yes";
})
];
}

2
nixos/modules/virtualisation/azure-agent.nix
View File

@ -146,7 +146,7 @@ in
services.logrotate = {
enable = true;
config = ''
extraConfig = ''
/var/log/waagent.log {
compress
monthly

9
nixos/modules/virtualisation/docker.nix
View File

@ -155,13 +155,11 @@ in
users.groups.docker.gid = config.ids.gids.docker;
systemd.packages = [ cfg.package ];
# TODO: remove once docker 20.10 is released
systemd.enableUnifiedCgroupHierarchy = false;
systemd.services.docker = {
wantedBy = optional cfg.enableOnBoot "multi-user.target";
environment = proxy_env;
serviceConfig = {
Type = "notify";
ExecStart = [
""
''
@ -215,13 +213,10 @@ in
message = "Option enableNvidia requires 32bit support libraries";
}];
}
(mkIf cfg.enableNvidia {
environment.etc."nvidia-container-runtime/config.toml".source = "${pkgs.nvidia-docker}/etc/config.toml";
})
]);
imports = [
(mkRemovedOptionModule ["virtualisation" "docker" "socketActivation"] "This option was removed in favor of starting docker at boot")
(mkRemovedOptionModule ["virtualisation" "docker" "socketActivation"] "This option was removed and socket activation is now always active")
];
}

2
nixos/modules/virtualisation/google-compute-image.nix
View File

@ -43,7 +43,7 @@ in
system.build.googleComputeImage = import ../../lib/make-disk-image.nix {
name = "google-compute-image";
postVM = ''
PATH=$PATH:${with pkgs; stdenv.lib.makeBinPath [ gnutar gzip ]}
PATH=$PATH:${with pkgs; lib.makeBinPath [ gnutar gzip ]}
pushd $out
mv $diskImage disk.raw
tar -Szcf nixos-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.raw.tar.gz disk.raw

12
nixos/modules/virtualisation/podman.nix
View File

@ -2,7 +2,6 @@
let
cfg = config.virtualisation.podman;
toml = pkgs.formats.toml { };
nvidia-docker = pkgs.nvidia-docker.override { containerRuntimePath = "${pkgs.runc}/bin/runc"; };
inherit (lib) mkOption types;
@ -100,8 +99,8 @@ in
containersConf.extraConfig = lib.optionalString cfg.enableNvidia
(builtins.readFile (toml.generate "podman.nvidia.containers.conf" {
engine = {
conmon_env_vars = [ "PATH=${lib.makeBinPath [ nvidia-docker ]}" ];
runtimes.nvidia = [ "${nvidia-docker}/bin/nvidia-container-runtime" ];
conmon_env_vars = [ "PATH=${lib.makeBinPath [ pkgs.nvidia-podman ]}" ];
runtimes.nvidia = [ "${pkgs.nvidia-podman}/bin/nvidia-container-runtime" ];
};
}));
};
@ -111,14 +110,7 @@ in
assertion = cfg.dockerCompat -> !config.virtualisation.docker.enable;
message = "Option dockerCompat conflicts with docker";
}
{
assertion = cfg.enableNvidia -> !config.virtualisation.docker.enableNvidia;
message = "Option enableNvidia conflicts with docker.enableNvidia";
}
];
}
(lib.mkIf cfg.enableNvidia {
environment.etc."nvidia-container-runtime/config.toml".source = "${nvidia-docker}/etc/podman-config.toml";
})
]);
}

3
nixos/release-combined.nix
View File

@ -60,7 +60,8 @@ in rec {
(onFullSupported "nixos.tests.boot-stage1")
(onSystems ["x86_64-linux"] "nixos.tests.boot.uefiCdrom")
(onSystems ["x86_64-linux"] "nixos.tests.boot.uefiUsb")
(onSystems ["x86_64-linux"] "nixos.tests.chromium")
# TODO (@primeos): Fix the test failure since https://github.com/NixOS/nixpkgs/pull/110010:
#(onSystems ["x86_64-linux"] "nixos.tests.chromium")
(onFullSupported "nixos.tests.containers-imperative")
(onFullSupported "nixos.tests.containers-ip")
(onSystems ["x86_64-linux"] "nixos.tests.docker")

2
nixos/tests/all-tests.nix
View File

@ -147,6 +147,7 @@ in
haproxy = handleTest ./haproxy.nix {};
hardened = handleTest ./hardened.nix {};
hedgedoc = handleTest ./hedgedoc.nix {};
herbstluftwm = handleTest ./herbstluftwm.nix {};
installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {});
oci-containers = handleTestOn ["x86_64-linux"] ./oci-containers.nix {};
# 9pnet_virtio used to mount /nix partition doesn't support
@ -401,6 +402,7 @@ in
unbound = handleTest ./unbound.nix {};
unit-php = handleTest ./web-servers/unit-php.nix {};
upnp = handleTest ./upnp.nix {};
usbguard = handleTest ./usbguard.nix {};
uwsgi = handleTest ./uwsgi.nix {};
v2ray = handleTest ./v2ray.nix {};
vault = handleTest ./vault.nix {};

70
nixos/tests/chromium.nix
View File

@ -1,10 +1,14 @@
{ system ? builtins.currentSystem
, config ? {}
, pkgs ? import ../.. { inherit system config; }
, channelMap ? {
stable = pkgs.chromium;
beta = pkgs.chromiumBeta;
dev = pkgs.chromiumDev;
, channelMap ? { # Maps "channels" to packages
stable = pkgs.chromium;
beta = pkgs.chromiumBeta;
dev = pkgs.chromiumDev;
ungoogled = pkgs.ungoogled-chromium;
chrome-stable = pkgs.google-chrome;
chrome-beta = pkgs.google-chrome-beta;
chrome-dev = pkgs.google-chrome-dev;
}
}:
@ -14,7 +18,7 @@ with pkgs.lib;
mapAttrs (channel: chromiumPkg: makeTest rec {
name = "chromium-${channel}";
meta = {
maintainers = with maintainers; [ aszlig ];
maintainers = with maintainers; [ aszlig primeos ];
# https://github.com/NixOS/hydra/issues/591#issuecomment-435125621
inherit (chromiumPkg.meta) timeout;
};
@ -58,9 +62,22 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
return "su - ${user} -c " + shlex.quote(cmd)
def get_browser_binary():
"""Returns the name of the browser binary."""
pname = "${getName chromiumPkg.name}"
if pname.find("chromium") != -1:
return "chromium" # Same name for all channels and ungoogled-chromium
if pname == "google-chrome":
return "google-chrome-stable"
if pname == "google-chrome-dev":
return "google-chrome-unstable"
# For google-chrome-beta and as fallback:
return pname
def create_new_win():
with machine.nested("Creating a new Chromium window"):
machine.execute(
status, _ = machine.execute(
ru(
"${xdo "new-window" ''
search --onlyvisible --name "startup done"
@ -69,18 +86,19 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
''}"
)
)
machine.execute(
ru(
"${xdo "new-window" ''
key Ctrl+n
''}"
if status == 0:
machine.execute(
ru(
"${xdo "new-window" ''
key Ctrl+n
''}"
)
)
)
def close_win():
def try_close(_):
machine.execute(
status, _ = machine.execute(
ru(
"${xdo "close-window" ''
search --onlyvisible --name "new tab"
@ -89,15 +107,16 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
''}"
)
)
machine.execute(
ru(
"${xdo "close-window" ''
key Ctrl+w
''}"
if status == 0:
machine.execute(
ru(
"${xdo "close-window" ''
key Ctrl+w
''}"
)
)
)
for _ in range(1, 20):
status, out = machine.execute(
status, _ = machine.execute(
ru(
"${xdo "wait-for-close" ''
search --onlyvisible --name "new tab"
@ -116,7 +135,7 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
ret = False
with machine.nested("Waiting for new Chromium window to appear"):
for _ in range(1, 20):
status, out = machine.execute(
status, _ = machine.execute(
ru(
"${xdo "wait-for-window" ''
search --onlyvisible --name "new tab"
@ -152,7 +171,14 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
machine.wait_for_x()
url = "file://${startupHTML}"
machine.succeed(ru(f'ulimit -c unlimited; chromium "{url}" & disown'))
machine.succeed(ru(f'ulimit -c unlimited; "{get_browser_binary()}" "{url}" & disown'))
if get_browser_binary().startswith("google-chrome"):
# Need to click away the first window:
machine.wait_for_text("Make Google Chrome the default browser")
machine.screenshot("google_chrome_default_browser_prompt")
machine.send_key("ret")
machine.wait_for_text("startup done")
machine.wait_until_succeeds(
ru(

12
nixos/tests/cifs-utils.nix Normal file
View File

@ -0,0 +1,12 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "cifs-utils";
machine = { pkgs, ... }: { environment.systemPackages = [ pkgs.cifs-utils ]; };
testScript = ''
machine.succeed("smbinfo -h")
machine.succeed("smb2-quota -h")
assert "${pkgs.cifs-utils.version}" in machine.succeed("cifs.upcall -v")
assert "${pkgs.cifs-utils.version}" in machine.succeed("mount.cifs -V")
'';
})

2
nixos/tests/containers-tmpfs.nix
View File

@ -3,7 +3,7 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "containers-tmpfs";
meta = with pkgs.lib.maintainers; {
maintainers = [ kampka ];
maintainers = [ ];
};
machine =

4
nixos/tests/git/hub.nix
View File

@ -6,12 +6,12 @@ import ../make-test-python.nix ({ pkgs, ...} : {
nodes.hub = { pkgs, ... }:
{
environment.systemPackages = [ pkgs.gitAndTools.hub ];
environment.systemPackages = [ pkgs.hub ];
};
testScript =
''
assert "git version ${pkgs.git.version}\nhub version ${pkgs.gitAndTools.hub.version}\n" in hub.succeed("hub version")
assert "git version ${pkgs.git.version}\nhub version ${pkgs.hub.version}\n" in hub.succeed("hub version")
assert "These GitHub commands are provided by hub" in hub.succeed("hub help")
'';
})

38
nixos/tests/herbstluftwm.nix Normal file
View File

@ -0,0 +1,38 @@
import ./make-test-python.nix ({ lib, ...} : {
name = "herbstluftwm";
meta = {
maintainers = with lib.maintainers; [ thibautmarty ];
timeout = 30;
};
machine = { pkgs, lib, ... }: {
imports = [ ./common/x11.nix ./common/user-account.nix ];
test-support.displayManager.auto.user = "alice";
services.xserver.displayManager.defaultSession = lib.mkForce "none+herbstluftwm";
services.xserver.windowManager.herbstluftwm.enable = true;
environment.systemPackages = [ pkgs.dzen2 ]; # needed for upstream provided panel
};
testScript = ''
with subtest("ensure x starts"):
machine.wait_for_x()
machine.wait_for_file("/home/alice/.Xauthority")
machine.succeed("xauth merge ~alice/.Xauthority")
with subtest("ensure client is available"):
machine.succeed("herbstclient --version")
with subtest("ensure keybindings are set"):
machine.wait_until_succeeds("herbstclient list_keybinds | grep xterm")
with subtest("ensure panel starts"):
machine.wait_for_window("dzen title")
with subtest("ensure we can open a new terminal"):
machine.send_key("alt-ret")
machine.wait_for_window(r"alice.*?machine")
machine.sleep(2)
machine.screenshot("terminal")
'';
})

2
nixos/tests/installer.nix
View File

@ -284,7 +284,9 @@ let
extraInstallerConfig
];
# builds stuff in the VM, needs more juice
virtualisation.diskSize = 8 * 1024;
virtualisation.cores = 8;
virtualisation.memorySize = 1536;
# Use a small /dev/vdb as the root disk for the

2
nixos/tests/mpd.nix
View File

@ -107,7 +107,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
for track in tracks.splitlines():
server.succeed(f"{mpc} add {track}")
_, added_tracks = server.execute(f"{mpc} listall")
_, added_tracks = server.execute(f"{mpc} playlist")
# Check we succeeded adding audio tracks to the playlist
assert len(added_tracks.splitlines()) > 0

16
nixos/tests/mysql/mysql.nix
View File

@ -98,7 +98,7 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
}];
services.mysql.settings = {
mysqld = {
plugin-load-add = [ "ha_tokudb.so" "ha_rocksdb.so" ];
plugin-load-add = [ "ha_rocksdb.so" ];
};
};
services.mysql.package = pkgs.mariadb;
@ -185,19 +185,5 @@ import ./../make-test-python.nix ({ pkgs, ...} : {
mariadb.succeed(
"echo 'use testdb; drop table rocksdb;' | sudo -u testuser mysql -u testuser"
)
'' + pkgs.lib.optionalString pkgs.stdenv.isx86_64 ''
# Check if TokuDB plugin works
mariadb.succeed(
"echo 'use testdb; create table tokudb (test_id INT, PRIMARY KEY (test_id)) ENGINE = TokuDB;' | sudo -u testuser mysql -u testuser"
)
mariadb.succeed(
"echo 'use testdb; insert into tokudb values (25);' | sudo -u testuser mysql -u testuser"
)
mariadb.succeed(
"echo 'use testdb; select test_id from tokudb;' | sudo -u testuser mysql -u testuser -N | grep 25"
)
mariadb.succeed(
"echo 'use testdb; drop table tokudb;' | sudo -u testuser mysql -u testuser"
)
'';
})

13
nixos/tests/opentabletdriver.nix
View File

@ -1,4 +1,6 @@
import ./make-test-python.nix ( { pkgs, ... }: {
import ./make-test-python.nix ( { pkgs, ... }: let
testUser = "alice";
in {
name = "opentabletdriver";
meta = {
maintainers = with pkgs.lib.maintainers; [ thiagokokada ];
@ -10,7 +12,7 @@ import ./make-test-python.nix ( { pkgs, ... }: {
./common/user-account.nix
./common/x11.nix
];
test-support.displayManager.auto.user = "alice";
test-support.displayManager.auto.user = testUser;
hardware.opentabletdriver.enable = true;
};
@ -18,10 +20,11 @@ import ./make-test-python.nix ( { pkgs, ... }: {
''
machine.start()
machine.wait_for_x()
machine.wait_for_unit("opentabletdriver.service", "alice")
machine.wait_for_unit("opentabletdriver.service", "${testUser}")
machine.succeed("cat /etc/udev/rules.d/30-opentabletdriver.rules")
machine.succeed("cat /etc/udev/rules.d/99-opentabletdriver.rules")
# Will fail if service is not running
machine.succeed("otd detect")
# Needs to run as the same user that started the service
machine.succeed("su - ${testUser} -c 'otd detect'")
'';
})

15
nixos/tests/podman.nix
View File

@ -61,6 +61,20 @@ import ./make-test-python.nix (
podman.succeed("podman stop sleeping")
podman.succeed("podman rm sleeping")
# create systemd session for rootless
podman.succeed("loginctl enable-linger alice")
with subtest("Run container rootless with runc"):
podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
podman.succeed(
su_cmd(
"podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
)
)
podman.succeed(su_cmd("podman ps | grep sleeping"))
podman.succeed(su_cmd("podman stop sleeping"))
podman.succeed(su_cmd("podman rm sleeping"))
with subtest("Run container rootless with crun"):
podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
podman.succeed(
@ -71,7 +85,6 @@ import ./make-test-python.nix (
podman.succeed(su_cmd("podman ps | grep sleeping"))
podman.succeed(su_cmd("podman stop sleeping"))
podman.succeed(su_cmd("podman rm sleeping"))
# As of 2020-11-20, the runc backend doesn't work with cgroupsv2 yet, so we don't run that test.
with subtest("Run container rootless with the default backend"):
podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))

3
nixos/tests/prometheus-exporters.nix
View File

@ -423,7 +423,7 @@ let
exporterConfig = {
enable = true;
passwordFile = "/var/nextcloud-pwfile";
url = "http://localhost/negative-space.xml";
url = "http://localhost";
};
metricProvider = {
systemd.services.nc-pwfile = let
@ -441,6 +441,7 @@ let
basicAuth.nextcloud-exporter = "snakeoilpw";
locations."/" = {
root = "${pkgs.prometheus-nextcloud-exporter.src}/serverinfo/testdata";
tryFiles = "/negative-space.xml =404";
};
};
};

22
nixos/tests/searx.nix
View File

@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ...} :
{
name = "searx";
meta = with pkgs.stdenv.lib.maintainers; {
meta = with pkgs.lib.maintainers; {
maintainers = [ rnhmjoj ];
};
@ -22,13 +22,15 @@ import ./make-test-python.nix ({ pkgs, ...} :
bind_address = "0.0.0.0";
secret_key = "@SEARX_SECRET_KEY@";
};
settings.engines = {
wolframalpha =
{ api_key = "@WOLFRAM_API_KEY@";
engine = "wolframalpha_api";
};
startpage.shortcut = "start";
};
settings.engines = [
{ name = "wolframalpha";
api_key = "@WOLFRAM_API_KEY@";
engine = "wolframalpha_api";
}
{ name = "startpage";
shortcut = "start";
}
];
};
};
@ -39,6 +41,9 @@ import ./make-test-python.nix ({ pkgs, ...} :
services.searx = {
enable = true;
# searx refuses to run if unchanged
settings.server.secret_key = "somesecret";
runInUwsgi = true;
uwsgiConfig = {
# serve using the uwsgi protocol
@ -106,4 +111,3 @@ import ./make-test-python.nix ({ pkgs, ...} :
)
'';
})

10
nixos/tests/slurm.nix
View File

@ -109,12 +109,12 @@ in {
ensurePermissions = { "slurm_acct_db.*" = "ALL PRIVILEGES"; };
name = "slurm";
}];
extraOptions = ''
settings.mysqld = {
# recommendations from: https://slurm.schedmd.com/accounting.html#mysql-configuration
innodb_buffer_pool_size=1024M
innodb_log_file_size=64M
innodb_lock_wait_timeout=900
'';
innodb_buffer_pool_size="1024M";
innodb_log_file_size="64M";
innodb_lock_wait_timeout=900;
};
};
};

Some files were not shown because too many files have changed in this diff Show More