ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-23 21:57:52 +03:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into bump-behave-version

Browse Source
This commit is contained in:
Alex Brandt 2018-03-29 10:43:36 -05:00
commit 6d78bde7ad
2305 changed files with 54021 additions and 37266 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.gitattributes vendored Normal file
View File

@ -0,0 +1,16 @@
**/deps.nix linguist-generated
**/node-packages.nix linguist-generated
pkgs/applications/editors/emacs-modes/*-generated.nix linguist-generated
pkgs/development/r-modules/*-packages.nix linguist-generated
pkgs/development/haskell-modules/hackage-packages.nix linguist-generated
pkgs/development/beam-modules/hex-packages.nix linguist-generated
doc/** linguist-documentation
doc/default.nix linguist-documentation=false
nixos/doc/** linguist-documentation
nixos/doc/default.nix linguist-documentation=false
nixos/modules/module-list.nix merge=union
# pkgs/top-level/all-packages.nix merge=union

2
.github/CODEOWNERS vendored
View File

@ -13,6 +13,7 @@
# Libraries # Libraries
/lib @edolstra @nbp /lib @edolstra @nbp
/lib/systems @nbp @ericson2314 /lib/systems @nbp @ericson2314
/lib/generators.nix @edolstra @nbp @Profpatsch
# Nixpkgs Internals # Nixpkgs Internals
/default.nix @nbp /default.nix @nbp
@ -83,7 +84,6 @@
/pkgs/applications/editors/eclipse @rycee /pkgs/applications/editors/eclipse @rycee
# https://github.com/NixOS/nixpkgs/issues/31401 # https://github.com/NixOS/nixpkgs/issues/31401
/lib/maintainers.nix @ghost
/lib/licenses.nix @ghost /lib/licenses.nix @ghost
# Qt / KDE # Qt / KDE

6
doc/.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
*.chapter.xml
*.section.xml
.version
out
manual-full.xml
highlightjs

96
doc/Makefile Normal file
View File

@ -0,0 +1,96 @@
MD_TARGETS=$(addsuffix .xml, $(basename $(wildcard ./*.md ./**/*.md)))
.PHONY: all
all: validate out/html/index.html out/epub/manual.epub
.PHONY: debug
debug:
nix-shell --run "xmloscopy --docbook5 ./manual.xml ./manual-full.xml"
.PHONY: clean
clean:
rm -f ${MD_TARGETS} .version manual-full.xml
rm -rf ./out/ ./highlightjs
.PHONY: validate
validate: manual-full.xml
jing "$$RNG" manual-full.xml
out/html/index.html: manual-full.xml style.css highlightjs
mkdir -p out/html
xsltproc ${xsltFlags} \
--nonet --xinclude \
--output $@ \
"$$XSL/docbook/xhtml/docbook.xsl" \
./manual-full.xml
mkdir -p out/html/highlightjs/
echo "document.onreadystatechange = function () { \
var listings = document.querySelectorAll('.programlisting, .screen'); \
for (i = 0; i < listings.length; ++i) { \
hljs.highlightBlock(listings[i]); \
} \
} " > out/html/highlightjs/loader.js
cp -r highlightjs out/html/
cp ./overrides.css out/html/
cp ./style.css out/html/style.css
mkdir -p out/html/images/callouts
cp "$$XSL/docbook/images/callouts/"*.svg out/html/images/callouts/
chmod u+w -R out/html/
out/epub/manual.epub: manual-full.xml
mkdir -p out/epub/scratch
xsltproc ${xsltFlags} --nonet \
--output out/epub/scratch/ \
"$$XSL/docbook/epub/docbook.xsl" \
./manual-full.xml
cp ./overrides.css out/epub/scratch/OEBPS
cp ./style.css out/epub/scratch/OEBPS
mkdir -p out/epub/scratch/OEBPS/images/callouts/
cp "$$XSL/docbook/images/callouts/"*.svg out/epub/scratch/OEBPS/images/callouts/
echo "application/epub+zip" > mimetype
zip -0Xq "out/epub/manual.epub" mimetype
rm mimetype
cd "out/epub/scratch/" && zip -Xr9D "../manual.epub" *
rm -rf "out/epub/scratch/"
highlightjs:
mkdir -p highlightjs
cp -r "$$HIGHLIGHTJS/highlight.pack.js" highlightjs/
cp -r "$$HIGHLIGHTJS/LICENSE" highlightjs/
cp -r "$$HIGHLIGHTJS/mono-blue.css" highlightjs/
manual-full.xml: ${MD_TARGETS} .version *.xml
xmllint --nonet --xinclude --noxincludenode manual.xml --output manual-full.xml
.version:
nix-instantiate --eval \
-E '(import ../lib).nixpkgsVersion' > .version
%.section.xml: %.section.md
pandoc $^ -w docbook+smart \
-f markdown+smart \
| sed -e 's|<ulink url=|<link xlink:href=|' \
-e 's|</ulink>|</link>|' \
-e 's|<sect. id=|<section xml:id=|' \
-e 's|</sect[0-9]>|</section>|' \
-e '1s| id=| xml:id=|' \
-e '1s|\(<[^ ]* \)|\1xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" |' \
| cat > $@
%.chapter.xml: %.chapter.md
pandoc $^ -w docbook+smart \
--top-level-division=chapter \
-f markdown+smart \
| sed -e 's|<ulink url=|<link xlink:href=|' \
-e 's|</ulink>|</link>|' \
-e 's|<sect. id=|<section xml:id=|' \
-e 's|</sect[0-9]>|</section>|' \
-e '1s| id=| xml:id=|' \
-e '1s|\(<[^ ]* \)|\1|' \
| cat > $@

23
doc/contributing.xml
View File

@ -6,12 +6,27 @@
<para>The DocBook sources of the Nixpkgs manual are in the <filename <para>The DocBook sources of the Nixpkgs manual are in the <filename
xlink:href="https://github.com/NixOS/nixpkgs/tree/master/doc">doc</filename> xlink:href="https://github.com/NixOS/nixpkgs/tree/master/doc">doc</filename>
subdirectory of the Nixpkgs repository. If you make modifications to subdirectory of the Nixpkgs repository.</para>
the manual, it's important to build it before committing. You can do that as follows:
<para>You can quickly check your edits with <command>make</command>:</para>
<screen> <screen>
$ cd /path/to/nixpkgs $ cd /path/to/nixpkgs/doc
$ nix-build doc $ nix-shell
[nix-shell]$ make
</screen>
<para>If you experience problems, run <command>make debug</command>
to help understand the docbook errors.</para>
<para>After making modifications to the manual, it's important to
build it before committing. You can do that as follows:
<screen>
$ cd /path/to/nixpkgs/doc
$ nix-shell
[nix-shell]$ make clean
[nix-shell]$ nix-build .
</screen> </screen>
If the build succeeds, the manual will be in If the build succeeds, the manual will be in

131
doc/default.nix
View File

@ -7,112 +7,41 @@ in
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
name = "nixpkgs-manual"; name = "nixpkgs-manual";
buildInputs = with pkgs; [ pandoc libxml2 libxslt zip jing ];
buildInputs = with pkgs; [ pandoc libxml2 libxslt zip ]; src = ./.;
xsltFlags = '' # Hacking on these variables? Make sure to close and open
--param section.autolabel 1 # nix-shell between each test, maybe even:
--param section.label.includes.component.label 1 # $ nix-shell --run "make clean all"
--param html.stylesheet 'style.css' # otherwise they won't reapply :)
--param xref.with.number.and.title 1 HIGHLIGHTJS = pkgs.documentation-highlighter;
--param toc.section.depth 3 XSL = "${pkgs.docbook5_xsl}/xml/xsl";
--param admon.style ''' RNG = "${pkgs.docbook5}/xml/rng/docbook/docbook.rng";
--param callout.graphics.extension '.gif' xsltFlags = lib.concatStringsSep " " [
"--param section.autolabel 1"
"--param section.label.includes.component.label 1"
"--stringparam html.stylesheet 'style.css overrides.css highlightjs/mono-blue.css'"
"--stringparam html.script './highlightjs/highlight.pack.js ./highlightjs/loader.js'"
"--param xref.with.number.and.title 1"
"--param toc.section.depth 3"
"--stringparam admon.style ''"
"--stringparam callout.graphics.extension .svg"
];
postPatch = ''
echo ${lib.nixpkgsVersion} > .version
''; '';
installPhase = ''
dest="$out/share/doc/nixpkgs"
mkdir -p "$(dirname "$dest")"
mv out/html "$dest"
mv "$dest/index.html" "$dest/manual.html"
buildCommand = let toDocbook = { useChapters ? false, inputFile, outputFile }: mv out/epub/manual.epub "$dest/nixpkgs-manual.epub"
let
extraHeader = lib.optionalString (!useChapters)
''xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" '';
in ''
{
pandoc '${inputFile}' -w docbook+smart ${lib.optionalString useChapters "--top-level-division=chapter"} \
-f markdown+smart \
| sed -e 's|<ulink url=|<link xlink:href=|' \
-e 's|</ulink>|</link>|' \
-e 's|<sect. id=|<section xml:id=|' \
-e 's|</sect[0-9]>|</section>|' \
-e '1s| id=| xml:id=|' \
-e '1s|\(<[^ ]* \)|\1${extraHeader}|'
} > '${outputFile}'
'';
in
'' mkdir -p $out/nix-support/
ln -s '${sources}/'*.xml . echo "doc manual $dest manual.html" >> $out/nix-support/hydra-build-products
mkdir ./languages-frameworks
cp -s '${sources-langs}'/* ./languages-frameworks
''
+ toDocbook {
inputFile = ./introduction.md;
outputFile = "introduction.xml";
useChapters = true;
}
+ toDocbook {
inputFile = ./shell.md;
outputFile = "shell.xml";
}
+ toDocbook {
inputFile = ./languages-frameworks/python.md;
outputFile = "./languages-frameworks/python.xml";
}
+ toDocbook {
inputFile = ./languages-frameworks/haskell.md;
outputFile = "./languages-frameworks/haskell.xml";
}
+ toDocbook {
inputFile = ../pkgs/development/idris-modules/README.md;
outputFile = "languages-frameworks/idris.xml";
}
+ toDocbook {
inputFile = ../pkgs/development/node-packages/README.md;
outputFile = "languages-frameworks/node.xml";
}
+ toDocbook {
inputFile = ../pkgs/development/r-modules/README.md;
outputFile = "languages-frameworks/r.xml";
}
+ toDocbook {
inputFile = ./languages-frameworks/rust.md;
outputFile = "./languages-frameworks/rust.xml";
}
+ toDocbook {
inputFile = ./languages-frameworks/vim.md;
outputFile = "./languages-frameworks/vim.xml";
}
+ ''
echo ${lib.nixpkgsVersion} > .version
# validate against relaxng schema
xmllint --nonet --xinclude --noxincludenode manual.xml --output manual-full.xml
${pkgs.jing}/bin/jing ${pkgs.docbook5}/xml/rng/docbook/docbook.rng manual-full.xml
dst=$out/share/doc/nixpkgs
mkdir -p $dst
xsltproc $xsltFlags --nonet --xinclude \
--output $dst/manual.html \
${pkgs.docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
./manual.xml
cp ${./style.css} $dst/style.css
mkdir -p $dst/images/callouts
cp "${pkgs.docbook5_xsl}/xml/xsl/docbook/images/callouts/"*.gif $dst/images/callouts/
mkdir -p $out/nix-support
echo "doc manual $dst manual.html" >> $out/nix-support/hydra-build-products
xsltproc $xsltFlags --nonet --xinclude \
--output $dst/epub/ \
${pkgs.docbook5_xsl}/xml/xsl/docbook/epub/docbook.xsl \
./manual.xml
cp -r $dst/images $dst/epub/OEBPS
echo "application/epub+zip" > mimetype
manual="$dst/nixpkgs-manual.epub"
zip -0Xq "$manual" mimetype
cd $dst/epub && zip -Xr9D "$manual" *
rm -rf $dst/epub
''; '';
} }

61
doc/functions.xml
View File

@ -221,16 +221,69 @@
<para> <para>
All generators follow a similar call interface: <code>generatorName All generators follow a similar call interface: <code>generatorName
configFunctions data</code>, where <literal>configFunctions</literal> is a configFunctions data</code>, where <literal>configFunctions</literal> is
set of user-defined functions that format variable parts of the content. an attrset of user-defined functions that format nested parts of the
content.
They each have common defaults, so often they do not need to be set They each have common defaults, so often they do not need to be set
manually. An example is <code>mkSectionName ? (name: libStr.escape [ "[" "]" manually. An example is <code>mkSectionName ? (name: libStr.escape [ "[" "]"
] name)</code> from the <literal>INI</literal> generator. It gets the name ] name)</code> from the <literal>INI</literal> generator. It receives the
of a section and returns a sanitized name. The default name of a section and sanitizes it. The default
<literal>mkSectionName</literal> escapes <literal>[</literal> and <literal>mkSectionName</literal> escapes <literal>[</literal> and
<literal>]</literal> with a backslash. <literal>]</literal> with a backslash.
</para> </para>
<para>
Generators can be fine-tuned to produce exactly the file format required
by your application/service. One example is an INI-file format which uses
<literal>: </literal> as separator, the strings
<literal>"yes"</literal>/<literal>"no"</literal> as boolean values
and requires all string values to be quoted:
</para>
<programlisting>
with lib;
let
customToINI = generators.toINI {
# specifies how to format a key/value pair
mkKeyValue = generators.mkKeyValueDefault {
# specifies the generated string for a subset of nix values
mkValueString = v:
if v == true then ''"yes"''
else if v == false then ''"no"''
else if isString v then ''"${v}"''
# and delegats all other values to the default generator
else generators.mkValueStringDefault {} v;
} ":";
};
# the INI file can now be given as plain old nix values
in customToINI {
main = {
pushinfo = true;
autopush = false;
host = "localhost";
port = 42;
};
mergetool = {
merge = "diff3";
};
}
</programlisting>
<para>This will produce the following INI file as nix string:</para>
<programlisting>
[main]
autopush:"no"
host:"localhost"
port:42
pushinfo:"yes"
str\:ange:"very::strange"
[mergetool]
merge:"diff3"
</programlisting>
<note><para>Nix store paths can be converted to strings by enclosing a <note><para>Nix store paths can be converted to strings by enclosing a
derivation attribute like so: <code>"${drv}"</code>.</para></note> derivation attribute like so: <code>"${drv}"</code>.</para></note>

0
doc/introduction.md → doc/introduction.chapter.md
View File

185
doc/languages-frameworks/emscripten.section.md Normal file
View File

@ -0,0 +1,185 @@
# User's Guide to Emscripten in Nixpkgs
[Emscripten](https://github.com/kripken/emscripten): An LLVM-to-JavaScript Compiler
This section of the manual covers how to use `emscripten` in nixpkgs.
Minimal requirements:
* nix
* nixpkgs
Modes of use of `emscripten`:
* **Imperative usage** (on the command line):
If you want to work with `emcc`, `emconfigure` and `emmake` as you are used to from Ubuntu and similar distributions you can use these commands:
* `nix-env -i emscripten`
* `nix-shell -p emscripten`
* **Declarative usage**:
This mode is far more power full since this makes use of `nix` for dependency management of emscripten libraries and targets by using the `mkDerivation` which is implemented by `pkgs.emscriptenStdenv` and `pkgs.buildEmscriptenPackage`. The source for the packages is in `pkgs/top-level/emscripten-packages.nix` and the abstraction behind it in `pkgs/development/em-modules/generic/default.nix`.
* build and install all packages:
* `nix-env -iA emscriptenPackages`
* dev-shell for zlib implementation hacking:
* `nix-shell -A emscriptenPackages.zlib`
## Imperative usage
A few things to note:
* `export EMCC_DEBUG=2` is nice for debugging
* `~/.emscripten`, the build artifact cache sometimes creates issues and needs to be removed from time to time
## Declarative usage
Let's see two different examples from `pkgs/top-level/emscripten-packages.nix`:
* `pkgs.zlib.override`
* `pkgs.buildEmscriptenPackage`
Both are interesting concepts.
A special requirement of the `pkgs.buildEmscriptenPackage` is the `doCheck = true` is a default meaning that each emscriptenPackage requires a `checkPhase` implemented.
* Use `export EMCC_DEBUG=2` from within a emscriptenPackage's `phase` to get more detailed debug output what is going wrong.
* ~/.emscripten cache is requiring us to set `HOME=$TMPDIR` in individual phases. This makes compilation slower but also makes it more deterministic.
### Usage 1: pkgs.zlib.override
This example uses `zlib` from nixpkgs but instead of compiling **C** to **ELF** it compiles **C** to **JS** since we were using `pkgs.zlib.override` and changed stdenv to `pkgs.emscriptenStdenv`. A few adaptions and hacks were set in place to make it working. One advantage is that when `pkgs.zlib` is updated, it will automatically update this package as well. However, this can also be the downside...
See the `zlib` example:
zlib = (pkgs.zlib.override {
stdenv = pkgs.emscriptenStdenv;
}).overrideDerivation
(old: rec {
buildInputs = old.buildInputs ++ [ pkgconfig ];
# we need to reset this setting!
NIX_CFLAGS_COMPILE="";
configurePhase = ''
# FIXME: Some tests require writing at $HOME
HOME=$TMPDIR
runHook preConfigure
#export EMCC_DEBUG=2
emconfigure ./configure --prefix=$out --shared
runHook postConfigure
'';
dontStrip = true;
outputs = [ "out" ];
buildPhase = ''
emmake make
'';
installPhase = ''
emmake make install
'';
checkPhase = ''
echo "================= testing zlib using node ================="
echo "Compiling a custom test"
set -x
emcc -O2 -s EMULATE_FUNCTION_POINTER_CASTS=1 test/example.c -DZ_SOLO \
libz.so.${old.version} -I . -o example.js
echo "Using node to execute the test"
${pkgs.nodejs}/bin/node ./example.js
set +x
if [ $? -ne 0 ]; then
echo "test failed for some reason"
exit 1;
else
echo "it seems to work! very good."
fi
echo "================= /testing zlib using node ================="
'';
postPatch = pkgs.stdenv.lib.optionalString pkgs.stdenv.isDarwin ''
substituteInPlace configure \
--replace '/usr/bin/libtool' 'ar' \
--replace 'AR="libtool"' 'AR="ar"' \
--replace 'ARFLAGS="-o"' 'ARFLAGS="-r"'
'';
});
### Usage 2: pkgs.buildEmscriptenPackage
This `xmlmirror` example features a emscriptenPackage which is defined completely from this context and no `pkgs.zlib.override` is used.
xmlmirror = pkgs.buildEmscriptenPackage rec {
name = "xmlmirror";
buildInputs = [ pkgconfig autoconf automake libtool gnumake libxml2 nodejs openjdk json_c ];
nativeBuildInputs = [ pkgconfig zlib ];
src = pkgs.fetchgit {
url = "https://gitlab.com/odfplugfest/xmlmirror.git";
rev = "4fd7e86f7c9526b8f4c1733e5c8b45175860a8fd";
sha256 = "1jasdqnbdnb83wbcnyrp32f36w3xwhwp0wq8lwwmhqagxrij1r4b";
};
configurePhase = ''
rm -f fastXmlLint.js*
# a fix for ERROR:root:For asm.js, TOTAL_MEMORY must be a multiple of 16MB, was 234217728
# https://gitlab.com/odfplugfest/xmlmirror/issues/8
sed -e "s/TOTAL_MEMORY=234217728/TOTAL_MEMORY=268435456/g" -i Makefile.emEnv
# https://github.com/kripken/emscripten/issues/6344
# https://gitlab.com/odfplugfest/xmlmirror/issues/9
sed -e "s/\$(JSONC_LDFLAGS) \$(ZLIB_LDFLAGS) \$(LIBXML20_LDFLAGS)/\$(JSONC_LDFLAGS) \$(LIBXML20_LDFLAGS) \$(ZLIB_LDFLAGS) /g" -i Makefile.emEnv
# https://gitlab.com/odfplugfest/xmlmirror/issues/11
sed -e "s/-o fastXmlLint.js/-s EXTRA_EXPORTED_RUNTIME_METHODS='[\"ccall\", \"cwrap\"]' -o fastXmlLint.js/g" -i Makefile.emEnv
'';
buildPhase = ''
HOME=$TMPDIR
make -f Makefile.emEnv
'';
outputs = [ "out" "doc" ];
installPhase = ''
mkdir -p $out/share
mkdir -p $doc/share/${name}
cp Demo* $out/share
cp -R codemirror-5.12 $out/share
cp fastXmlLint.js* $out/share
cp *.xsd $out/share
cp *.js $out/share
cp *.xhtml $out/share
cp *.html $out/share
cp *.json $out/share
cp *.rng $out/share
cp README.md $doc/share/${name}
'';
checkPhase = ''
'';
};
### Declarative debugging
Use `nix-shell -I nixpkgs=/some/dir/nixpkgs -A emscriptenPackages.libz` and from there you can go trough the individual steps. This makes it easy to build a good `unit test` or list the files of the project.
1. `nix-shell -I nixpkgs=/some/dir/nixpkgs -A emscriptenPackages.libz`
2. `cd /tmp/`
3. `unpackPhase`
4. cd libz-1.2.3
5. `configurePhase`
6. `buildPhase`
7. ... happy hacking...
## Summary
Using this toolchain makes it easy to leverage `nix` from NixOS, MacOSX or even Windows (WSL+ubuntu+nix). This toolchain is reproducible, behaves like the rest of the packages from nixpkgs and contains a set of well working examples to learn and adapt from.
If in trouble, ask the maintainers.

4
doc/languages-frameworks/haskell.md → doc/languages-frameworks/haskell.section.md
View File

@ -689,9 +689,7 @@ might be necessary to purge the local caches that store data from those
machines to disable these binary channels for the duration of the previous machines to disable these binary channels for the duration of the previous
command, i.e. by running: command, i.e. by running:
```shell ```shell
rm /nix/var/nix/binary-cache-v3.sqlite rm ~/.cache/nix/binary-cache*.sqlite
rm /nix/var/nix/manifests/*
rm /nix/var/nix/channel-cache/*
``` ```
### Builds on Darwin fail with `math.h` not found ### Builds on Darwin fail with `math.h` not found

39
doc/languages-frameworks/idris.section.md Normal file
View File

@ -0,0 +1,39 @@
Idris packages
==============
This directory contains build rules for idris packages. In addition,
it contains several functions to build and compose those packages.
Everything is exposed to the user via the `idrisPackages` attribute.
callPackage
------------
This is like the normal nixpkgs callPackage function, specialized to
idris packages.
builtins
---------
This is a list of all of the libraries that come packaged with Idris
itself.
build-idris-package
--------------------
A function to build an idris package. Its sole argument is a set like
you might pass to `stdenv.mkDerivation`, except `build-idris-package`
sets several attributes for you. See `build-idris-package.nix` for
details.
build-builtin-package
----------------------
A version of `build-idris-package` specialized to builtin libraries.
Mostly for internal use.
with-packages
-------------
Bundle idris together with a list of packages. Because idris currently
only supports a single directory in its library path, you must include
all desired libraries here, including `prelude` and `base`.

15
doc/languages-frameworks/index.xml
View File

@ -17,19 +17,20 @@ such as Perl or Haskell. These are described in this chapter.</para>
<xi:include href="bower.xml" /> <xi:include href="bower.xml" />
<xi:include href="coq.xml" /> <xi:include href="coq.xml" />
<xi:include href="go.xml" /> <xi:include href="go.xml" />
<xi:include href="haskell.xml" /> <xi:include href="haskell.section.xml" />
<xi:include href="idris.xml" /> <!-- generated from ../../pkgs/development/idris-modules/README.md --> <xi:include href="idris.section.xml" />
<xi:include href="java.xml" /> <xi:include href="java.xml" />
<xi:include href="lua.xml" /> <xi:include href="lua.xml" />
<xi:include href="node.xml" /> <!-- generated from ../../pkgs/development/node-packages/README.md --> <xi:include href="node.section.xml" />
<xi:include href="perl.xml" /> <xi:include href="perl.xml" />
<xi:include href="python.xml" /> <xi:include href="python.section.xml" />
<xi:include href="qt.xml" /> <xi:include href="qt.xml" />
<xi:include href="r.xml" /> <!-- generated from ../../pkgs/development/r-modules/README.md --> <xi:include href="r.section.xml" />
<xi:include href="ruby.xml" /> <xi:include href="ruby.xml" />
<xi:include href="rust.xml" /> <xi:include href="rust.section.xml" />
<xi:include href="texlive.xml" /> <xi:include href="texlive.xml" />
<xi:include href="vim.xml" /> <xi:include href="vim.section.xml" />
<xi:include href="emscripten.section.xml" />
</chapter> </chapter>

51
doc/languages-frameworks/node.section.md Normal file
View File

@ -0,0 +1,51 @@
Node.js packages
================
The `pkgs/development/node-packages` folder contains a generated collection of
[NPM packages](https://npmjs.com/) that can be installed with the Nix package
manager.
As a rule of thumb, the package set should only provide *end user* software
packages, such as command-line utilities. Libraries should only be added to the
package set if there is a non-NPM package that requires it.
When it is desired to use NPM libraries in a development project, use the
`node2nix` generator directly on the `package.json` configuration file of the
project.
The package set also provides support for multiple Node.js versions. The policy
is that a new package should be added to the collection for the latest stable LTS
release (which is currently 6.x), unless there is an explicit reason to support
a different release.
If your package uses native addons, you need to examine what kind of native
build system it uses. Here are some examples:
* `node-gyp`
* `node-gyp-builder`
* `node-pre-gyp`
After you have identified the correct system, you need to override your package
expression while adding in build system as a build input. For example, `dat`
requires `node-gyp-build`, so we override its expression in `default-v6.nix`:
```nix
dat = nodePackages.dat.override (oldAttrs: {
buildInputs = oldAttrs.buildInputs ++ [ nodePackages.node-gyp-build ];
});
```
To add a package from NPM to nixpkgs:
1. Modify `pkgs/development/node-packages/node-packages-v6.json` to add, update
or remove package entries. (Or `pkgs/development/node-packages/node-packages-v4.json`
for packages depending on Node.js 4.x)
2. Run the script: `(cd pkgs/development/node-packages && ./generate.sh)`.
3. Build your new package to test your changes:
`cd /path/to/nixpkgs && nix-build -A nodePackages.<new-or-updated-package>`.
To build against a specific Node.js version (e.g. 4.x):
`nix-build -A nodePackages_4_x.<new-or-updated-package>`
4. Add and commit all modified and generated files.
For more information about the generation process, consult the
[README.md](https://github.com/svanderburg/node2nix) file of the `node2nix`
tool.

14
doc/languages-frameworks/perl.xml
View File

@ -177,5 +177,19 @@ you need it.</para>
</section> </section>
<section xml:id="ssec-perl-cross-compilation"><title>Cross-compiling modules</title>
<para>Nixpkgs has experimental support for cross-compiling Perl
modules. In many cases, it will just work out of the box, even for
modules with native extensions. Sometimes, however, the Makefile.PL
for a module may (indirectly) import a native module. In that case,
you will need to make a stub for that module that will satisfy the
Makefile.PL and install it into
<filename>lib/perl5/site_perl/cross_perl/${perl.version}</filename>.
See the <varname>postInstall</varname> for <varname>DBI</varname> for
an example.</para>
</section>
</section> </section>

8
doc/languages-frameworks/python.md → doc/languages-frameworks/python.section.md
View File

@ -871,8 +871,10 @@ Executing `python setup.py bdist_wheel` in a `nix-shell `fails with
``` ```
ValueError: ZIP does not support timestamps before 1980 ValueError: ZIP does not support timestamps before 1980
``` ```
This is because files are included that depend on items in the Nix store which have a timestamp of, that is, it corresponds to January the 1st, 1970 at 00:00:00. And as the error informs you, ZIP does not support that.
The command `bdist_wheel` takes into account `SOURCE_DATE_EPOCH`, and `nix-shell` sets this to 1. By setting it to a value corresponding to 1980 or later, or by unsetting it, it is possible to build wheels. This is because files from the Nix store (which have a timestamp of the UNIX epoch of January 1, 1970) are included in the .ZIP, but .ZIP archives follow the DOS convention of counting timestamps from 1980.
The command `bdist_wheel` reads the `SOURCE_DATE_EPOCH` environment variable, which `nix-shell` sets to 1. Unsetting this variable or giving it a value corresponding to 1980 or later enables building wheels.
Use 1980 as timestamp: Use 1980 as timestamp:
```shell ```shell
@ -882,7 +884,7 @@ or the current time:
```shell ```shell
nix-shell --run "SOURCE_DATE_EPOCH=$(date +%s) python3 setup.py bdist_wheel" nix-shell --run "SOURCE_DATE_EPOCH=$(date +%s) python3 setup.py bdist_wheel"
``` ```
or unset: or unset `SOURCE_DATE_EPOCH`:
```shell ```shell
nix-shell --run "unset SOURCE_DATE_EPOCH; python3 setup.py bdist_wheel" nix-shell --run "unset SOURCE_DATE_EPOCH; python3 setup.py bdist_wheel"
``` ```

120
doc/languages-frameworks/r.section.md Normal file
View File

@ -0,0 +1,120 @@
R packages
==========
## Installation
Define an environment for R that contains all the libraries that you'd like to
use by adding the following snippet to your $HOME/.config/nixpkgs/config.nix file:
```nix
{
packageOverrides = super: let self = super.pkgs; in
{
rEnv = super.rWrapper.override {
packages = with self.rPackages; [
devtools
ggplot2
reshape2
yaml
optparse
];
};
};
}
```
Then you can use `nix-env -f "<nixpkgs>" -iA rEnv` to install it into your user
profile. The set of available libraries can be discovered by running the
command `nix-env -f "<nixpkgs>" -qaP -A rPackages`. The first column from that
output is the name that has to be passed to rWrapper in the code snipped above.
However, if you'd like to add a file to your project source to make the
environment available for other contributors, you can create a `default.nix`
file like so:
```nix
let
pkgs = import <nixpkgs> {};
stdenv = pkgs.stdenv;
in with pkgs; {
myProject = stdenv.mkDerivation {
name = "myProject";
version = "1";
src = if pkgs.lib.inNixShell then null else nix;
buildInputs = with rPackages; [
R
ggplot2
knitr
];
};
}
```
and then run `nix-shell .` to be dropped into a shell with those packages
available.
## RStudio
RStudio uses a standard set of packages and ignores any custom R
environments or installed packages you may have. To create a custom
environment, see `rstudioWrapper`, which functions similarly to
`rWrapper`:
```nix
{
packageOverrides = super: let self = super.pkgs; in
{
rstudioEnv = super.rstudioWrapper.override {
packages = with self.rPackages; [
dplyr
ggplot2
reshape2
];
};
};
}
```
Then like above, `nix-env -f "<nixpkgs>" -iA rstudioEnv` will install
this into your user profile.
Alternatively, you can create a self-contained `shell.nix` without the need to
modify any configuration files:
```nix
{ pkgs ? import <nixpkgs> {}
}:
pkgs.rstudioWrapper.override {
packages = with pkgs.rPackages; [ dplyr ggplot2 reshape2 ];
}
```
Executing `nix-shell` will then drop you into an environment equivalent to the
one above. If you need additional packages just add them to the list and
re-enter the shell.
## Updating the package set
```bash
nix-shell generate-shell.nix
Rscript generate-r-packages.R cran > cran-packages.nix.new
mv cran-packages.nix.new cran-packages.nix
Rscript generate-r-packages.R bioc > bioc-packages.nix.new
mv bioc-packages.nix.new bioc-packages.nix
```
`generate-r-packages.R <repo>` reads `<repo>-packages.nix`, therefor the renaming.
## Testing if the Nix-expression could be evaluated
```bash
nix-build test-evaluation.nix --dry-run
```
If this exits fine, the expression is ok. If not, you have to edit `default.nix`

86
doc/languages-frameworks/rust.md → doc/languages-frameworks/rust.section.md
View File

@ -16,6 +16,12 @@ cargo
into the `environment.systemPackages` or bring them into into the `environment.systemPackages` or bring them into
scope with `nix-shell -p rustc cargo`. scope with `nix-shell -p rustc cargo`.
> If you are using NixOS and you want to use rust without a nix expression you
> probably want to add the following in your `configuration.nix` to build
> crates with C dependencies.
>
> environment.systemPackages = [binutils gcc gnumake openssl pkgconfig]
For daily builds (beta and nightly) use either rustup from For daily builds (beta and nightly) use either rustup from
nixpkgs or use the [Rust nightlies nixpkgs or use the [Rust nightlies
overlay](#using-the-rust-nightlies-overlay). overlay](#using-the-rust-nightlies-overlay).
@ -76,7 +82,7 @@ an example for a minimal `hello` crate:
Compiling hello v0.1.0 (file:///tmp/hello) Compiling hello v0.1.0 (file:///tmp/hello)
Finished dev [unoptimized + debuginfo] target(s) in 0.20 secs Finished dev [unoptimized + debuginfo] target(s) in 0.20 secs
$ carnix -o hello.nix --src ./. Cargo.lock --standalone $ carnix -o hello.nix --src ./. Cargo.lock --standalone
$ nix-build hello.nix $ nix-build hello.nix -A hello_0_1_0
Now, the file produced by the call to `carnix`, called `hello.nix`, looks like: Now, the file produced by the call to `carnix`, called `hello.nix`, looks like:
@ -276,6 +282,84 @@ features, we would write:
Where `diesel.nix` is the file generated by Carnix, as explained above. Where `diesel.nix` is the file generated by Carnix, as explained above.
## Setting Up `nix-shell`
Oftentimes you want to develop code from within `nix-shell`. Unfortunately
`buildRustCrate` does not support common `nix-shell` operations directly
(see [this issue](https://github.com/NixOS/nixpkgs/issues/37945))
so we will use `stdenv.mkDerivation` instead.
Using the example `hello` project above, we want to do the following:
- Have access to `cargo` and `rustc`
- Have the `openssl` library available to a crate through it's _normal_
compilation mechanism (`pkg-config`).
A typical `shell.nix` might look like:
```
with import <nixpkgs> {};
stdenv.mkDerivation {
name = "rust-env";
buildInputs = [
rustc cargo
# Example Additional Dependencies
pkgconfig openssl
];
# Set Environment Variables
RUST_BACKTRACE = 1;
}
```
You should now be able to run the following:
```
$ nix-shell --pure
$ cargo build
$ cargo test
```
### Controlling Rust Version Inside `nix-shell`
To control your rust version (i.e. use nightly) from within `shell.nix` (or
other nix expressions) you can use the following `shell.nix`
```
# Latest Nightly
with import <nixpkgs> {};
let src = fetchFromGitHub {
owner = "mozilla";
repo = "nixpkgs-mozilla";
# commit from: 2018-03-27
rev = "2945b0b6b2fd19e7d23bac695afd65e320efcebe";
sha256 = "034m1dryrzh2lmjvk3c0krgip652dql46w5yfwpvh7gavd3iypyw";
};
in
with import "${src.out}/rust-overlay.nix" pkgs pkgs;
stdenv.mkDerivation {
name = "rust-env";
buildInputs = [
# Note: to use use stable, just replace `nightly` with `stable`
latest.rustChannels.nightly.rust
# Add some extra dependencies from `pkgs`
pkgconfig openssl
];
# Set Environment Variables
RUST_BACKTRACE = 1;
}
```
Now run:
```
$ rustc --version
rustc 1.26.0-nightly (188e693b3 2018-03-26)
```
To see that you are using nightly.
## Using the Rust nightlies overlay ## Using the Rust nightlies overlay
Mozilla provides an overlay for nixpkgs to bring a nightly version of Rust into scope. Mozilla provides an overlay for nixpkgs to bring a nightly version of Rust into scope.

3
doc/languages-frameworks/texlive.xml
View File

@ -39,6 +39,9 @@ nix-repl> :l &lt;nixpkgs>
nix-repl> texlive.collection-&lt;TAB> nix-repl> texlive.collection-&lt;TAB>
</programlisting> </programlisting>
</para></listitem> </para></listitem>
<listitem><para>
Note that the wrapper assumes that the result has a chance to be useful. For example, the core executables should be present, as well as some core data files. The supported way of ensuring this is by including some scheme, for example <varname>scheme-basic</varname>, into the combination.
</para></listitem>
</itemizedlist> </itemizedlist>
</section> </section>

0
doc/languages-frameworks/vim.md → doc/languages-frameworks/vim.section.md
View File

2
doc/manual.xml
View File

@ -9,7 +9,7 @@
</info> </info>
<xi:include href="introduction.xml" /> <xi:include href="introduction.chapter.xml" />
<xi:include href="quick-start.xml" /> <xi:include href="quick-start.xml" />
<xi:include href="stdenv.xml" /> <xi:include href="stdenv.xml" />
<xi:include href="multiple-output.xml" /> <xi:include href="multiple-output.xml" />

2
doc/meta.xml
View File

@ -174,7 +174,7 @@ meta-attributes</title>
maintainers of this Nix expression. If maintainers of this Nix expression. If
you would like to be a maintainer of a package, you may want to add you would like to be a maintainer of a package, you may want to add
yourself to <link yourself to <link
xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/maintainers.nix"><filename>nixpkgs/lib/maintainers.nix</filename></link> xlink:href="https://github.com/NixOS/nixpkgs/blob/master/maintainers/maintainer-list.nix"><filename>nixpkgs/maintainers/maintainer-list.nix</filename></link>
and write something like <literal>[ stdenv.lib.maintainers.alice and write something like <literal>[ stdenv.lib.maintainers.alice
stdenv.lib.maintainers.bob ]</literal>.</para></listitem> stdenv.lib.maintainers.bob ]</literal>.</para></listitem>
</varlistentry> </varlistentry>

8
doc/overrides.css Normal file
View File

@ -0,0 +1,8 @@
.programlisting img {
width: 1em;
}
.calloutlist img {
width: 1.5em;
}

4
doc/shell.nix Normal file
View File

@ -0,0 +1,4 @@
{ pkgs ? import ../. {} }:
(import ./default.nix).overrideAttrs (x: {
buildInputs = x.buildInputs ++ [ pkgs.xmloscopy ];
})

2
doc/shell.md → doc/shell.section.md
View File

@ -4,6 +4,8 @@ author: zimbatm
date: 2017-10-30 date: 2017-10-30
--- ---
# mkShell
pkgs.mkShell is a special kind of derivation that is only useful when using pkgs.mkShell is a special kind of derivation that is only useful when using
it combined with nix-shell. It will in fact fail to instantiate when invoked it combined with nix-shell. It will in fact fail to instantiate when invoked
with nix-build. with nix-build.

13
doc/style.css
View File

@ -29,8 +29,8 @@ h2 /* chapters, appendices, subtitle */
} }
/* Extra space between chapters, appendices. */ /* Extra space between chapters, appendices. */
div.chapter > div.titlepage h2, div.appendix > div.titlepage h2 div.chapter > div.titlepage h2, div.appendix > div.titlepage h2
{ {
margin-top: 1.5em; margin-top: 1.5em;
} }
@ -104,7 +104,7 @@ pre.screen, pre.programlisting
padding: 3px 3px; padding: 3px 3px;
margin-left: 1.5em; margin-left: 1.5em;
margin-right: 1.5em; margin-right: 1.5em;
color: #600000;
background: #f4f4f8; background: #f4f4f8;
font-family: monospace; font-family: monospace;
border-radius: 0.4em; border-radius: 0.4em;
@ -118,7 +118,6 @@ div.example pre.programlisting
margin: 0 0 0 0; margin: 0 0 0 0;
} }
/*************************************************************************** /***************************************************************************
Notes, warnings etc: Notes, warnings etc:
***************************************************************************/ ***************************************************************************/
@ -172,7 +171,7 @@ div.navfooter *
/*************************************************************************** /***************************************************************************
Links colors and highlighting: Links colors and highlighting:
***************************************************************************/ ***************************************************************************/
a { text-decoration: none; } a { text-decoration: none; }
@ -209,7 +208,7 @@ tt, code
.term .term
{ {
font-weight: bold; font-weight: bold;
} }
div.variablelist dd p, div.glosslist dd p div.variablelist dd p, div.glosslist dd p
@ -252,4 +251,4 @@ table
div.affiliation div.affiliation
{ {
font-style: italic; font-style: italic;
} }

4
lib/default.nix
View File

@ -21,7 +21,7 @@ let
# packaging # packaging
customisation = callLibs ./customisation.nix; customisation = callLibs ./customisation.nix;
maintainers = import ./maintainers-list.nix; maintainers = import ../maintainers/maintainer-list.nix;
meta = callLibs ./meta.nix; meta = callLibs ./meta.nix;
sources = callLibs ./sources.nix; sources = callLibs ./sources.nix;
versions = callLibs ./versions.nix; versions = callLibs ./versions.nix;
@ -47,7 +47,7 @@ let
filesystem = callLibs ./filesystem.nix; filesystem = callLibs ./filesystem.nix;
# back-compat aliases # back-compat aliases
platforms = systems.doubles; platforms = systems.forMeta;
inherit (builtins) add addErrorContext attrNames inherit (builtins) add addErrorContext attrNames
concatLists deepSeq elem elemAt filter genericClosure genList concatLists deepSeq elem elemAt filter genericClosure genList

45
lib/generators.nix
View File

@ -4,6 +4,12 @@
* They all follow a similar interface: * They all follow a similar interface:
* generator { config-attrs } data * generator { config-attrs } data
* *
* `config-attrs` are holes in the generators
* with sensible default implementations that
* can be overwritten. The default implementations
* are mostly generators themselves, called with
* their respective default values; they can be reused.
*
* Tests can be found in ./tests.nix * Tests can be found in ./tests.nix
* Documentation in the manual, #sec-generators * Documentation in the manual, #sec-generators
*/ */
@ -20,6 +26,32 @@ in
rec { rec {
## -- HELPER FUNCTIONS & DEFAULTS --
/* Convert a value to a sensible default string representation.
* The builtin `toString` function has some strange defaults,
* suitable for bash scripts but not much else.
*/
mkValueStringDefault = {}: v: with builtins;
let err = t: v: abort
("generators.mkValueStringDefault: " +
"${t} not supported: ${toPretty {} v}");
in if isInt v then toString v
# we default to not quoting strings
else if isString v then v
# isString returns "1", which is not a good default
else if true == v then "true"
# here it returns to "", which is even less of a good default
else if false == v then "false"
else if null == v then "null"
# if you have lists you probably want to replace this
else if isList v then err "lists" v
# same as for lists, might want to replace
else if isAttrs v then err "attrsets" v
else if isFunction v then err "functions" v
else err "this value is" (toString v);
/* Generate a line of key k and value v, separated by /* Generate a line of key k and value v, separated by
* character sep. If sep appears in k, it is escaped. * character sep. If sep appears in k, it is escaped.
* Helper for synaxes with different separators. * Helper for synaxes with different separators.
@ -30,11 +62,14 @@ rec {
* > "f\:oo:bar" * > "f\:oo:bar"
*/ */
mkKeyValueDefault = { mkKeyValueDefault = {
mkValueString ? toString mkValueString ? mkValueStringDefault {}
}: sep: k: v: }: sep: k: v:
"${libStr.escape [sep] k}${sep}${mkValueString v}"; "${libStr.escape [sep] k}${sep}${mkValueString v}";
## -- FILE FORMAT GENERATORS --
/* Generate a key-value-style config file from an attrset. /* Generate a key-value-style config file from an attrset.
* *
* mkKeyValue is the same as in toINI. * mkKeyValue is the same as in toINI.
@ -98,6 +133,7 @@ rec {
*/ */
toYAML = {}@args: toJSON args; toYAML = {}@args: toJSON args;
/* Pretty print a value, akin to `builtins.trace`. /* Pretty print a value, akin to `builtins.trace`.
* Should probably be a builtin as well. * Should probably be a builtin as well.
*/ */
@ -108,8 +144,9 @@ rec {
allowPrettyValues ? false allowPrettyValues ? false
}@args: v: with builtins; }@args: v: with builtins;
if isInt v then toString v if isInt v then toString v
else if isBool v then (if v == true then "true" else "false") else if isString v then ''"${libStr.escape [''"''] v}"''
else if isString v then "\"" + v + "\"" else if true == v then "true"
else if false == v then "false"
else if null == v then "null" else if null == v then "null"
else if isFunction v then else if isFunction v then
let fna = lib.functionArgs v; let fna = lib.functionArgs v;
@ -132,6 +169,6 @@ rec {
(name: value: (name: value:
"${toPretty args name} = ${toPretty args value};") v) "${toPretty args name} = ${toPretty args value};") v)
+ " }" + " }"
else abort "toPretty: should never happen (v = ${v})"; else abort "generators.toPretty: should never happen (v = ${v})";
} }

7
lib/licenses.nix
View File

@ -179,6 +179,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
fullName = "CeCILL-C Free Software License Agreement"; fullName = "CeCILL-C Free Software License Agreement";
}; };
cpal10 = spdx {
spdxId = "CPAL-1.0";
fullName = "Common Public Attribution License 1.0";
};
cpl10 = spdx { cpl10 = spdx {
spdxId = "CPL-1.0"; spdxId = "CPL-1.0";
fullName = "Common Public License 1.0"; fullName = "Common Public License 1.0";
@ -279,7 +284,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
gpl2Oss = { gpl2Oss = {
fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)"; fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)";
url = http://www.mysql.com/about/legal/licensing/foss-exception; url = https://www.mysql.com/about/legal/licensing/foss-exception;
}; };
gpl2Plus = spdx { gpl2Plus = spdx {

21
lib/meta.nix
View File

@ -67,4 +67,25 @@ rec {
*/ */
hiPrioSet = set: mapDerivationAttrset hiPrio set; hiPrioSet = set: mapDerivationAttrset hiPrio set;
/* Check to see if a platform is matched by the given `meta.platforms`
element.
A `meta.platform` pattern is either
1. (legacy) a system string.
2. (modern) a pattern for the platform `parsed` field.
We can inject these into a patten for the whole of a structured platform,
and then match that.
*/
platformMatch = platform: elem: let
pattern =
if builtins.isString elem
then { system = elem; }
else { parsed = elem; };
in lib.matchAttrs pattern platform;
enableIfAvailable = p: if p.meta.available or true then [ p ] else [];
} }

2
lib/modules.nix
View File

@ -660,7 +660,7 @@ rec {
doRename = { from, to, visible, warn, use }: doRename = { from, to, visible, warn, use }:
let let
toOf = attrByPath to toOf = attrByPath to
(abort "Renaming error: option `${showOption to}' does not exists."); (abort "Renaming error: option `${showOption to}' does not exist.");
in in
{ config, options, ... }: { config, options, ... }:
{ options = setAttrByPath from (mkOption { { options = setAttrByPath from (mkOption {

9
lib/strings.nix
View File

@ -437,6 +437,13 @@ rec {
*/ */
fixedWidthNumber = width: n: fixedWidthString width "0" (toString n); fixedWidthNumber = width: n: fixedWidthString width "0" (toString n);
/* Check whether a value can be coerced to a string */
isCoercibleToString = x:
builtins.elem (builtins.typeOf x) [ "path" "string" "null" "int" "float" "bool" ] ||
(builtins.isList x && lib.all isCoercibleToString x) ||
x ? outPath ||
x ? __toString;
/* Check whether a value is a store path. /* Check whether a value is a store path.
Example: Example:
@ -450,7 +457,7 @@ rec {
=> false => false
*/ */
isStorePath = x: isStorePath = x:
builtins.isString x isCoercibleToString x
&& builtins.substring 0 1 (toString x) == "/" && builtins.substring 0 1 (toString x) == "/"
&& dirOf (builtins.toPath x) == builtins.storeDir; && dirOf (builtins.toPath x) == builtins.storeDir;

1
lib/systems/default.nix
View File

@ -3,6 +3,7 @@
rec { rec {
doubles = import ./doubles.nix { inherit lib; }; doubles = import ./doubles.nix { inherit lib; };
forMeta = import ./for-meta.nix { inherit lib; };
parse = import ./parse.nix { inherit lib; }; parse = import ./parse.nix { inherit lib; };
inspect = import ./inspect.nix { inherit lib; }; inspect = import ./inspect.nix { inherit lib; };
platforms = import ./platforms.nix { inherit lib; }; platforms = import ./platforms.nix { inherit lib; };

7
lib/systems/doubles.nix
View File

@ -24,19 +24,20 @@ let
in rec { in rec {
inherit all; inherit all;
allBut = platforms: lists.filter (x: !(builtins.elem x platforms)) all;
none = []; none = [];
arm = filterDoubles predicates.isArm; arm = filterDoubles predicates.isArm;
aarch64 = filterDoubles predicates.isAarch64;
x86 = filterDoubles predicates.isx86;
i686 = filterDoubles predicates.isi686; i686 = filterDoubles predicates.isi686;
mips = filterDoubles predicates.isMips;
x86_64 = filterDoubles predicates.isx86_64; x86_64 = filterDoubles predicates.isx86_64;
mips = filterDoubles predicates.isMips;
cygwin = filterDoubles predicates.isCygwin; cygwin = filterDoubles predicates.isCygwin;
darwin = filterDoubles predicates.isDarwin; darwin = filterDoubles predicates.isDarwin;
freebsd = filterDoubles predicates.isFreeBSD; freebsd = filterDoubles predicates.isFreeBSD;
# Should be better, but MinGW is unclear, and HURD is bit-rotted. # Should be better, but MinGW is unclear, and HURD is bit-rotted.
gnu = filterDoubles (matchAttrs { kernel = parse.kernels.linux; abi = parse.abis.gnu; }); gnu = filterDoubles (matchAttrs { kernel = parse.kernels.linux; abi = parse.abis.gnu; });
illumos = filterDoubles predicates.isSunOS; illumos = filterDoubles predicates.isSunOS;
linux = filterDoubles predicates.isLinux; linux = filterDoubles predicates.isLinux;
netbsd = filterDoubles predicates.isNetBSD; netbsd = filterDoubles predicates.isNetBSD;

31
lib/systems/for-meta.nix Normal file
View File

@ -0,0 +1,31 @@
{ lib }:
let
inherit (lib.systems) parse;
inherit (lib.systems.inspect) patterns;
in rec {
all = [ {} ]; # `{}` matches anything
none = [];
arm = [ patterns.isArm ];
aarch64 = [ patterns.isAarch64 ];
x86 = [ patterns.isx86 ];
i686 = [ patterns.isi686 ];
x86_64 = [ patterns.isx86_64 ];
mips = [ patterns.isMips ];
riscv = [ patterns.isRiscV ];
cygwin = [ patterns.isCygwin ];
darwin = [ patterns.isDarwin ];
freebsd = [ patterns.isFreeBSD ];
# Should be better, but MinGW is unclear, and HURD is bit-rotted.
gnu = [ { kernel = parse.kernels.linux; abi = parse.abis.gnu; } ];
illumos = [ patterns.isSunOS ];
linux = [ patterns.isLinux ];
netbsd = [ patterns.isNetBSD ];
openbsd = [ patterns.isOpenBSD ];
unix = patterns.isUnix; # Actually a list
windows = [ patterns.isWindows ];
inherit (lib.systems.doubles) mesaPlatforms;
}

68
lib/systems/inspect.nix
View File

@ -5,51 +5,47 @@ with lib.lists;
rec { rec {
patterns = rec { patterns = rec {
i686 = { cpu = cpuTypes.i686; }; isi686 = { cpu = cpuTypes.i686; };
x86_64 = { cpu = cpuTypes.x86_64; }; isx86_64 = { cpu = cpuTypes.x86_64; };
PowerPC = { cpu = cpuTypes.powerpc; }; isPowerPC = { cpu = cpuTypes.powerpc; };
x86 = { cpu = { family = "x86"; }; }; isx86 = { cpu = { family = "x86"; }; };
Arm = { cpu = { family = "arm"; }; }; isArm = { cpu = { family = "arm"; }; };
Aarch64 = { cpu = { family = "aarch64"; }; }; isAarch64 = { cpu = { family = "aarch64"; }; };
Mips = { cpu = { family = "mips"; }; }; isMips = { cpu = { family = "mips"; }; };
RiscV = { cpu = { family = "riscv"; }; }; isRiscV = { cpu = { family = "riscv"; }; };
Wasm = { cpu = { family = "wasm"; }; }; isWasm = { cpu = { family = "wasm"; }; };
"32bit" = { cpu = { bits = 32; }; }; is32bit = { cpu = { bits = 32; }; };
"64bit" = { cpu = { bits = 64; }; }; is64bit = { cpu = { bits = 64; }; };
BigEndian = { cpu = { significantByte = significantBytes.bigEndian; }; }; isBigEndian = { cpu = { significantByte = significantBytes.bigEndian; }; };
LittleEndian = { cpu = { significantByte = significantBytes.littleEndian; }; }; isLittleEndian = { cpu = { significantByte = significantBytes.littleEndian; }; };
BSD = { kernel = { families = { inherit (kernelFamilies) bsd; }; }; }; isBSD = { kernel = { families = { inherit (kernelFamilies) bsd; }; }; };
Unix = [ BSD Darwin Linux SunOS Hurd Cygwin ]; isDarwin = { kernel = { families = { inherit (kernelFamilies) darwin; }; }; };
isUnix = [ isBSD isDarwin isLinux isSunOS isHurd isCygwin ];
Darwin = { kernel = kernels.darwin; }; isMacOS = { kernel = kernels.macos; };
Linux = { kernel = kernels.linux; }; isiOS = { kernel = kernels.ios; };
SunOS = { kernel = kernels.solaris; }; isLinux = { kernel = kernels.linux; };
FreeBSD = { kernel = kernels.freebsd; }; isSunOS = { kernel = kernels.solaris; };
Hurd = { kernel = kernels.hurd; }; isFreeBSD = { kernel = kernels.freebsd; };
NetBSD = { kernel = kernels.netbsd; }; isHurd = { kernel = kernels.hurd; };
OpenBSD = { kernel = kernels.openbsd; }; isNetBSD = { kernel = kernels.netbsd; };
Windows = { kernel = kernels.windows; }; isOpenBSD = { kernel = kernels.openbsd; };
Cygwin = { kernel = kernels.windows; abi = abis.cygnus; }; isWindows = { kernel = kernels.windows; };
MinGW = { kernel = kernels.windows; abi = abis.gnu; }; isCygwin = { kernel = kernels.windows; abi = abis.cygnus; };
isMinGW = { kernel = kernels.windows; abi = abis.gnu; };
Android = [ { abi = abis.android; } { abi = abis.androideabi; } ]; isAndroid = [ { abi = abis.android; } { abi = abis.androideabi; } ];
Musl = with abis; map (a: { abi = a; }) [ musl musleabi musleabihf ]; isMusl = with abis; map (a: { abi = a; }) [ musl musleabi musleabihf ];
Kexecable = map (family: { kernel = kernels.linux; cpu.family = family; }) isEfi = map (family: { cpu.family = family; })
[ "x86" "arm" "aarch64" "mips" ]; [ "x86" "arm" "aarch64" ];
Efi = map (family: { cpu.family = family; })
[ "x86" "arm" "aarch64" ];
Seccomputable = map (family: { kernel = kernels.linux; cpu.family = family; })
[ "x86" "arm" "aarch64" "mips" ];
}; };
matchAnyAttrs = patterns: matchAnyAttrs = patterns:
if builtins.isList patterns then attrs: any (pattern: matchAttrs pattern attrs) patterns if builtins.isList patterns then attrs: any (pattern: matchAttrs pattern attrs) patterns
else matchAttrs patterns; else matchAttrs patterns;
predicates = mapAttrs' predicates = mapAttrs (_: matchAnyAttrs) patterns;
(name: value: nameValuePair ("is" + name) (matchAnyAttrs value))
patterns;
} }

18
lib/systems/parse.nix
View File

@ -134,6 +134,7 @@ rec {
kernelFamilies = setTypes types.openKernelFamily { kernelFamilies = setTypes types.openKernelFamily {
bsd = {}; bsd = {};
darwin = {};
}; };
################################################################################ ################################################################################
@ -149,7 +150,10 @@ rec {
types.kernel = enum (attrValues kernels); types.kernel = enum (attrValues kernels);
kernels = with execFormats; with kernelFamilies; setTypes types.openKernel { kernels = with execFormats; with kernelFamilies; setTypes types.openKernel {
darwin = { execFormat = macho; families = { }; }; # TODO(@Ericson2314): Don't want to mass-rebuild yet to keeping 'darwin' as
# the nnormalized name for macOS.
macos = { execFormat = macho; families = { inherit darwin; }; name = "darwin"; };
ios = { execFormat = macho; families = { inherit darwin; }; };
freebsd = { execFormat = elf; families = { inherit bsd; }; }; freebsd = { execFormat = elf; families = { inherit bsd; }; };
hurd = { execFormat = elf; families = { }; }; hurd = { execFormat = elf; families = { }; };
linux = { execFormat = elf; families = { }; }; linux = { execFormat = elf; families = { }; };
@ -159,9 +163,13 @@ rec {
solaris = { execFormat = elf; families = { }; }; solaris = { execFormat = elf; families = { }; };
windows = { execFormat = pe; families = { }; }; windows = { execFormat = pe; families = { }; };
} // { # aliases } // { # aliases
# 'darwin' is the kernel for all of them. We choose macOS by default.
darwin = kernels.macos;
# TODO(@Ericson2314): Handle these Darwin version suffixes more generally. # TODO(@Ericson2314): Handle these Darwin version suffixes more generally.
darwin10 = kernels.darwin; darwin10 = kernels.macos;
darwin14 = kernels.darwin; darwin14 = kernels.macos;
watchos = kernels.ios;
tvos = kernels.ios;
win32 = kernels.windows; win32 = kernels.windows;
}; };
@ -263,8 +271,8 @@ rec {
mkSystemFromString = s: mkSystemFromSkeleton (mkSkeletonFromList (lib.splitString "-" s)); mkSystemFromString = s: mkSystemFromSkeleton (mkSkeletonFromList (lib.splitString "-" s));
doubleFromSystem = { cpu, vendor, kernel, abi, ... }: doubleFromSystem = { cpu, vendor, kernel, abi, ... }:
if abi == abis.cygnus /**/ if abi == abis.cygnus then "${cpu.name}-cygwin"
then "${cpu.name}-cygwin" else if kernel.families ? darwin then "${cpu.name}-darwin"
else "${cpu.name}-${kernel.name}"; else "${cpu.name}-${kernel.name}";
tripleFromSystem = { cpu, vendor, kernel, abi, ... } @ sys: assert isSystem sys; let tripleFromSystem = { cpu, vendor, kernel, abi, ... } @ sys: assert isSystem sys; let

28
lib/tests/misc.nix
View File

@ -93,6 +93,7 @@ runTests {
"${builtins.storeDir}/d945ibfx9x185xf04b890y4f9g3cbb63-python-2.7.11"; "${builtins.storeDir}/d945ibfx9x185xf04b890y4f9g3cbb63-python-2.7.11";
in { in {
storePath = isStorePath goodPath; storePath = isStorePath goodPath;
storePathDerivation = isStorePath (import ../.. {}).hello;
storePathAppendix = isStorePath storePathAppendix = isStorePath
"${goodPath}/bin/python"; "${goodPath}/bin/python";
nonAbsolute = isStorePath (concatStrings (tail (stringToCharacters goodPath))); nonAbsolute = isStorePath (concatStrings (tail (stringToCharacters goodPath)));
@ -106,6 +107,7 @@ runTests {
}; };
expected = { expected = {
storePath = true; storePath = true;
storePathDerivation = true;
storePathAppendix = false; storePathAppendix = false;
nonAbsolute = false; nonAbsolute = false;
asPath = true; asPath = true;
@ -205,6 +207,29 @@ runTests {
expected = ''f\:oo:bar''; expected = ''f\:oo:bar'';
}; };
testMkValueString = {
expr = let
vals = {
int = 42;
string = ''fo"o'';
bool = true;
bool2 = false;
null = null;
# float = 42.23; # floats are strange
};
in mapAttrs
(const (generators.mkValueStringDefault {}))
vals;
expected = {
int = "42";
string = ''fo"o'';
bool = "true";
bool2 = "false";
null = "null";
# float = "42.23" true false [ "bar" ] ]'';
};
};
testToKeyValue = { testToKeyValue = {
expr = generators.toKeyValue {} { expr = generators.toKeyValue {} {
key = "value"; key = "value";
@ -247,6 +272,8 @@ runTests {
"section 1" = { "section 1" = {
attribute1 = 5; attribute1 = 5;
x = "Me-se JarJar Binx"; x = "Me-se JarJar Binx";
# booleans are converted verbatim by default
boolean = false;
}; };
"foo[]" = { "foo[]" = {
"he\\h=he" = "this is okay"; "he\\h=he" = "this is okay";
@ -258,6 +285,7 @@ runTests {
[section 1] [section 1]
attribute1=5 attribute1=5
boolean=false
x=Me-se JarJar Binx x=Me-se JarJar Binx
''; '';
}; };

3
lib/tests/release.nix
View File

@ -13,7 +13,6 @@ pkgs.stdenv.mkDerivation {
export NIX_DB_DIR=$TEST_ROOT/db export NIX_DB_DIR=$TEST_ROOT/db
export NIX_LOCALSTATE_DIR=$TEST_ROOT/var export NIX_LOCALSTATE_DIR=$TEST_ROOT/var
export NIX_LOG_DIR=$TEST_ROOT/var/log/nix export NIX_LOG_DIR=$TEST_ROOT/var/log/nix
export NIX_MANIFESTS_DIR=$TEST_ROOT/var/nix/manifests
export NIX_STATE_DIR=$TEST_ROOT/var/nix export NIX_STATE_DIR=$TEST_ROOT/var/nix
export NIX_STORE_DIR=$TEST_ROOT/store export NIX_STORE_DIR=$TEST_ROOT/store
export PAGER=cat export PAGER=cat
@ -21,7 +20,7 @@ pkgs.stdenv.mkDerivation {
nix-store --init nix-store --init
cd ${pkgs.path}/lib/tests cd ${pkgs.path}/lib/tests
./modules.sh bash ./modules.sh
[[ "$(nix-instantiate --eval --strict misc.nix)" == "[ ]" ]] [[ "$(nix-instantiate --eval --strict misc.nix)" == "[ ]" ]]

102
lib/maintainers-list.nix → maintainers/maintainer-list.nix
View File

@ -63,6 +63,10 @@
github = "DmitryTsygankov"; github = "DmitryTsygankov";
name = "Dmitry Tsygankov"; name = "Dmitry Tsygankov";
}; };
Esteth = {
email = "adam.copp@gmail.com";
name = "Adam Copp";
};
FireyFly = { FireyFly = {
email = "nix@firefly.nu"; email = "nix@firefly.nu";
github = "FireyFly"; github = "FireyFly";
@ -87,6 +91,11 @@
github = "MP2E"; github = "MP2E";
name = "Cray Elliott"; name = "Cray Elliott";
}; };
Mogria = {
email = "m0gr14@gmail.com";
github = "mogria";
name = "Mogria";
};
MostAwesomeDude = { MostAwesomeDude = {
email = "cds@corbinsimpson.com"; email = "cds@corbinsimpson.com";
github = "MostAwesomeDude"; github = "MostAwesomeDude";
@ -111,6 +120,11 @@
github = "Profpatsch"; github = "Profpatsch";
name = "Profpatsch"; name = "Profpatsch";
}; };
roosemberth = {
email = "roosembert.palacios+nixpkgs@gmail.com";
github = "roosemberth";
name = "Roosembert (Roosemberth) Palacios";
};
SShrike = { SShrike = {
email = "severen@shrike.me"; email = "severen@shrike.me";
github = "severen"; github = "severen";
@ -176,6 +190,11 @@
github = "abigailbuccaneer"; github = "abigailbuccaneer";
name = "Abigail Bunyan"; name = "Abigail Bunyan";
}; };
aborsu = {
email = "a.borsu@gmail.com";
github = "aborsu";
name = "Augustin Borsu";
};
aboseley = { aboseley = {
email = "adam.boseley@gmail.com"; email = "adam.boseley@gmail.com";
github = "aboseley"; github = "aboseley";
@ -276,6 +295,11 @@
github = "akc"; github = "akc";
name = "Anders Claesson"; name = "Anders Claesson";
}; };
akru = {
email = "mail@akru.me";
github = "akru";
name = "Alexander Krupenkin ";
};
alexvorobiev = { alexvorobiev = {
email = "alexander.vorobiev@gmail.com"; email = "alexander.vorobiev@gmail.com";
github = "alexvorobiev"; github = "alexvorobiev";
@ -314,6 +338,11 @@
github = "amiloradovsky"; github = "amiloradovsky";
name = "Andrew Miloradovsky"; name = "Andrew Miloradovsky";
}; };
aminechikhaoui = {
email = "amine.chikhaoui91@gmail.com";
github = "AmineChikhaoui";
name = "Amine Chikhaoui";
};
amorsillo = { amorsillo = {
email = "andrew.morsillo@gmail.com"; email = "andrew.morsillo@gmail.com";
github = "AndrewMorsillo"; github = "AndrewMorsillo";
@ -543,6 +572,11 @@
github = "bergey"; github = "bergey";
name = "Daniel Bergey"; name = "Daniel Bergey";
}; };
bgamari = {
email = "ben@smart-cactus.org";
github = "bgamari";
name = "Ben Gamari";
};
bhipple = { bhipple = {
email = "bhipple@protonmail.com"; email = "bhipple@protonmail.com";
github = "bhipple"; github = "bhipple";
@ -555,7 +589,6 @@
}; };
bjg = { bjg = {
email = "bjg@gnu.org"; email = "bjg@gnu.org";
github = "civodul";
name = "Brian Gough"; name = "Brian Gough";
}; };
bjornfor = { bjornfor = {
@ -598,6 +631,11 @@
github = "bradediger"; github = "bradediger";
name = "Brad Ediger"; name = "Brad Ediger";
}; };
brainrape = {
email = "martonboros@gmail.com";
github = "brainrape";
name = "Marton Boros";
};
bramd = { bramd = {
email = "bram@bramd.nl"; email = "bram@bramd.nl";
github = "bramd"; github = "bramd";
@ -632,11 +670,6 @@
github = "calbrecht"; github = "calbrecht";
name = "Christian Albrecht"; name = "Christian Albrecht";
}; };
calrama = {
email = "moritz@ucworks.org";
github = "MoritzMaxeiner";
name = "Moritz Maxeiner";
};
calvertvl = { calvertvl = {
email = "calvertvl@gmail.com"; email = "calvertvl@gmail.com";
github = "calvertvl"; github = "calvertvl";
@ -1034,11 +1067,6 @@
github = "dtzWill"; github = "dtzWill";
name = "Will Dietz"; name = "Will Dietz";
}; };
dupgit = {
email = "olivier.delhomme@free.fr";
github = "dupgit";
name = "Olivier Delhomme";
};
dywedir = { dywedir = {
email = "dywedir@protonmail.ch"; email = "dywedir@protonmail.ch";
github = "dywedir"; github = "dywedir";
@ -1247,6 +1275,11 @@
github = "fare"; github = "fare";
name = "Francois-Rene Rideau"; name = "Francois-Rene Rideau";
}; };
fdns = {
email = "fdns02@gmail.com";
github = "fdns";
name = "Felipe Espinoza";
};
fgaz = { fgaz = {
email = "francygazz@gmail.com"; email = "francygazz@gmail.com";
github = "fgaz"; github = "fgaz";
@ -1524,6 +1557,11 @@
github = "hrdinka"; github = "hrdinka";
name = "Christoph Hrdinka"; name = "Christoph Hrdinka";
}; };
hschaeidt = {
email = "he.schaeidt@gmail.com";
github = "hschaeidt";
name = "Hendrik Schaeidt";
};
htr = { htr = {
email = "hugo@linux.com"; email = "hugo@linux.com";
github = "htr"; github = "htr";
@ -1549,6 +1587,11 @@
github = "iblech"; github = "iblech";
name = "Ingo Blechschmidt"; name = "Ingo Blechschmidt";
}; };
idontgetoutmuch = {
email = "dominic@steinitz.org";
github = "idontgetoutmuch";
name = "Dominic Steinitz";
};
igsha = { igsha = {
email = "igor.sharonov@gmail.com"; email = "igor.sharonov@gmail.com";
github = "igsha"; github = "igsha";
@ -1663,7 +1706,7 @@
name = "Johannes Frankenau"; name = "Johannes Frankenau";
}; };
jgeerds = { jgeerds = {
email = "jascha@jgeerds.name"; email = "jascha@geerds.org";
github = "jgeerds"; github = "jgeerds";
name = "Jascha Geerds"; name = "Jascha Geerds";
}; };
@ -1726,6 +1769,11 @@
github = "johnazoidberg"; github = "johnazoidberg";
name = "Daniel Schäfer"; name = "Daniel Schäfer";
}; };
johnchildren = {
email = "john.a.children@gmail.com";
github = "johnchildren";
name = "John Children";
};
johnmh = { johnmh = {
email = "johnmh@openblox.org"; email = "johnmh@openblox.org";
github = "johnmh"; github = "johnmh";
@ -2013,6 +2061,11 @@
github = "lo1tuma"; github = "lo1tuma";
name = "Mathias Schreck"; name = "Mathias Schreck";
}; };
lopsided98 = {
email = "benwolsieffer@gmail.com";
github = "lopsided98";
name = "Ben Wolsieffer";
};
loskutov = { loskutov = {
email = "ignat.loskutov@gmail.com"; email = "ignat.loskutov@gmail.com";
github = "loskutov"; github = "loskutov";
@ -2140,6 +2193,11 @@
github = "markuskowa"; github = "markuskowa";
name = "Markus Kowalewski"; name = "Markus Kowalewski";
}; };
marsam = {
email = "marsam@users.noreply.github.com";
github = "marsam";
name = "Mario Rodas";
};
martijnvermaat = { martijnvermaat = {
email = "martijn@vermaat.name"; email = "martijn@vermaat.name";
github = "martijnvermaat"; github = "martijnvermaat";
@ -2896,6 +2954,11 @@
github = "rbasso"; github = "rbasso";
name = "Rafael Basso"; name = "Rafael Basso";
}; };
rdnetto = {
email = "rdnetto@gmail.com";
github = "rdnetto";
name = "Reuben D'Netto";
};
redbaron = { redbaron = {
email = "ivanov.maxim@gmail.com"; email = "ivanov.maxim@gmail.com";
github = "redbaron"; github = "redbaron";
@ -3155,6 +3218,11 @@
github = "sellout"; github = "sellout";
name = "Greg Pfeil"; name = "Greg Pfeil";
}; };
sengaya = {
email = "tlo@sengaya.de";
github = "sengaya";
name = "Thilo Uttendorfer";
};
sepi = { sepi = {
email = "raffael@mancini.lu"; email = "raffael@mancini.lu";
github = "sepi"; github = "sepi";
@ -3418,6 +3486,11 @@
github = "tavyc"; github = "tavyc";
name = "Octavian Cerna"; name = "Octavian Cerna";
}; };
tazjin = {
email = "mail@tazj.in";
github = "tazjin";
name = "Vincent Ambo";
};
teh = { teh = {
email = "tehunger@gmail.com"; email = "tehunger@gmail.com";
github = "teh"; github = "teh";
@ -3607,6 +3680,11 @@
github = "utdemir"; github = "utdemir";
name = "Utku Demir"; name = "Utku Demir";
}; };
uvnikita = {
email = "uv.nikita@gmail.com";
github = "uvNikita";
name = "Nikita Uvarov";
};
uwap = { uwap = {
email = "me@uwap.name"; email = "me@uwap.name";
github = "uwap"; github = "uwap";

2
maintainers/scripts/hydra-eval-failures.py
View File

@ -13,7 +13,7 @@ from pyquery import PyQuery as pq
maintainers_json = subprocess.check_output([ maintainers_json = subprocess.check_output([
'nix-instantiate', '-E', 'import ./lib/maintainers.nix {}', '--eval', '--json' 'nix-instantiate', '-E', 'import ./maintainers/maintainer-list.nix {}', '--eval', '--json'
]) ])
maintainers = json.loads(maintainers_json) maintainers = json.loads(maintainers_json)
MAINTAINERS = {v: k for k, v in maintainers.iteritems()} MAINTAINERS = {v: k for k, v in maintainers.iteritems()}

4
maintainers/scripts/update-python-libraries
View File

@ -1,5 +1,5 @@
#! /usr/bin/env nix-shell #! /usr/bin/env nix-shell
#! nix-shell -i python3 -p 'python3.withPackages(ps: with ps; [ packaging requests toolz ])' -p git #! nix-shell -i python3 -p "python3.withPackages(ps: with ps; [ packaging requests toolz ])" -p git
""" """
Update a Python package expression by passing in the `.nix` file, or the directory containing it. Update a Python package expression by passing in the `.nix` file, or the directory containing it.
@ -358,4 +358,4 @@ def main():
if __name__ == '__main__': if __name__ == '__main__':
main() main()

17
maintainers/scripts/update.nix
View File

@ -6,11 +6,22 @@
# TODO: add assert statements # TODO: add assert statements
let let
/* Remove duplicate elements from the list based on some extracted value. O(n^2) complexity.
*/
nubOn = f: list:
if list == [] then
[]
else
let
x = pkgs.lib.head list;
xs = pkgs.lib.filter (p: f x != f p) (pkgs.lib.drop 1 list);
in
[x] ++ nubOn f xs;
pkgs = import ./../../default.nix { }; pkgs = import ./../../default.nix { };
packagesWith = cond: return: set: packagesWith = cond: return: set:
pkgs.lib.unique nubOn (pkg: pkg.updateScript)
(pkgs.lib.flatten (pkgs.lib.flatten
(pkgs.lib.mapAttrsToList (pkgs.lib.mapAttrsToList
(name: pkg: (name: pkg:
@ -34,7 +45,7 @@ let
let let
maintainer = maintainer =
if ! builtins.hasAttr maintainer' pkgs.lib.maintainers then if ! builtins.hasAttr maintainer' pkgs.lib.maintainers then
builtins.throw "Maintainer with name `${maintainer'} does not exist in `lib/maintainers.nix`." builtins.throw "Maintainer with name `${maintainer'} does not exist in `maintainers/maintainer-list.nix`."
else else
builtins.getAttr maintainer' pkgs.lib.maintainers; builtins.getAttr maintainer' pkgs.lib.maintainers;
in in
@ -65,7 +76,7 @@ let
if package == null then if package == null then
builtins.throw "Package with an attribute name `${name}` does not exists." builtins.throw "Package with an attribute name `${name}` does not exists."
else if ! builtins.hasAttr "updateScript" package then else if ! builtins.hasAttr "updateScript" package then
builtins.throw "Package with an attribute name `${name}` does have an `passthru.updateScript` defined." builtins.throw "Package with an attribute name `${name}` does not have a `passthru.updateScript` attribute defined."
else else
package; package;

2
maintainers/scripts/vanity.sh
View File

@ -10,7 +10,7 @@ git_data="$(echo "$raw_git_log" | grep 'Author:' |
# Name - nick - email correspondence from log and from maintainer list # Name - nick - email correspondence from log and from maintainer list
# Also there are a few manual entries # Also there are a few manual entries
maintainers="$(cat "$(dirname "$0")/../../lib/maintainers.nix" | maintainers="$(cat "$(dirname "$0")/../maintainer-list.nix" |
grep '=' | sed -re 's/\\"/''/g; grep '=' | sed -re 's/\\"/''/g;
s/[ ]*([^ =]*)[ ]*=[ ]*" *(.*[^ ]) *[<](.*)[>] *".*/\1\t\2\t\3/')" s/[ ]*([^ =]*)[ ]*=[ ]*" *(.*[^ ]) *[<](.*)[>] *".*/\1\t\2\t\3/')"
git_lines="$( ( echo "$git_data"; git_lines="$( ( echo "$git_data";

12
nixos/doc/manual/default.nix
View File

@ -87,7 +87,7 @@ let
echo "for hints about the offending path)." echo "for hints about the offending path)."
exit 1 exit 1
fi fi
${libxslt.bin}/bin/xsltproc \ ${buildPackages.libxslt.bin}/bin/xsltproc \
--stringparam revision '${revision}' \ --stringparam revision '${revision}' \
-o $out ${./options-to-docbook.xsl} $optionsXML -o $out ${./options-to-docbook.xsl} $optionsXML
''; '';
@ -139,7 +139,7 @@ let
manual-combined = runCommand "nixos-manual-combined" manual-combined = runCommand "nixos-manual-combined"
{ inherit sources; { inherit sources;
buildInputs = [ libxml2 libxslt ]; nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
meta.description = "The NixOS manual as plain docbook XML"; meta.description = "The NixOS manual as plain docbook XML";
} }
'' ''
@ -194,7 +194,7 @@ let
olinkDB = runCommand "manual-olinkdb" olinkDB = runCommand "manual-olinkdb"
{ inherit sources; { inherit sources;
buildInputs = [ libxml2 libxslt ]; nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
} }
'' ''
xsltproc \ xsltproc \
@ -244,7 +244,7 @@ in rec {
# Generate the NixOS manual. # Generate the NixOS manual.
manual = runCommand "nixos-manual" manual = runCommand "nixos-manual"
{ inherit sources; { inherit sources;
buildInputs = [ libxml2 libxslt ]; nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
meta.description = "The NixOS manual in HTML format"; meta.description = "The NixOS manual in HTML format";
allowedReferences = ["out"]; allowedReferences = ["out"];
} }
@ -272,7 +272,7 @@ in rec {
manualEpub = runCommand "nixos-manual-epub" manualEpub = runCommand "nixos-manual-epub"
{ inherit sources; { inherit sources;
buildInputs = [ libxml2 libxslt zip ]; buildInputs = [ libxml2.bin libxslt.bin zip ];
} }
'' ''
# Generate the epub manual. # Generate the epub manual.
@ -302,7 +302,7 @@ in rec {
# Generate the NixOS manpages. # Generate the NixOS manpages.
manpages = runCommand "nixos-manpages" manpages = runCommand "nixos-manpages"
{ inherit sources; { inherit sources;
buildInputs = [ libxml2 libxslt ]; nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin ];
allowedReferences = ["out"]; allowedReferences = ["out"];
} }
'' ''

4
nixos/doc/manual/development/option-types.xml
View File

@ -282,8 +282,8 @@ options.mod = mkOption {
option set (<xref linkend='ex-submodule-listof-definition' />).</para> option set (<xref linkend='ex-submodule-listof-definition' />).</para>
<example xml:id='ex-submodule-listof-declaration'><title>Declaration of a list <example xml:id='ex-submodule-listof-declaration'><title>Declaration of a list
nof submodules</title> of submodules</title>
<screen> <screen>
options.mod = mkOption { options.mod = mkOption {
description = "submodule example"; description = "submodule example";

12
nixos/doc/manual/installation/installing-from-other-distro.xml
View File

@ -227,6 +227,18 @@ $ sudo groupdel nixbld</screen>
line)</para></listitem> line)</para></listitem>
</itemizedlist> </itemizedlist>
<note><para>Support for <literal>NIXOS_LUSTRATE</literal> was added
in NixOS 16.09. The act of "lustrating" refers to the
wiping of the existing distribution. Creating
<literal>/etc/NIXOS_LUSTRATE</literal> can also be used on
NixOS to remove all mutable files from your root partition
(anything that's not in <literal>/nix</literal> or
<literal>/boot</literal> gets "lustrated" on the next
boot.</para>
<para>lustrate /ˈlʌstreɪt/ verb.</para>
<para>purify by expiatory sacrifice, ceremonial washing, or
some other ritual action.</para></note>
<para>Let's create the files:</para> <para>Let's create the files:</para>
<screen> <screen>

46
nixos/doc/manual/release-notes/rl-1803.xml
View File

@ -322,6 +322,43 @@ following incompatible changes:</para>
<link xlink:href="https://github.com/rvl/pump.io-nixos">external module</link>. <link xlink:href="https://github.com/rvl/pump.io-nixos">external module</link>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The Prosody XMPP server has received a major update. The following modules were renamed:
<itemizedlist>
<listitem>
<para>
<option>services.prosody.modules.httpserver</option> is now <option>services.prosody.modules.http_files</option>
</para>
</listitem>
<listitem>
<para>
<option>services.prosody.modules.console</option> is now <option>services.prosody.modules.admin_telnet</option>
</para>
</listitem>
</itemizedlist>
</para>
<para>
Many new modules are now core modules, most notably <option>services.prosody.modules.carbons</option>
and <option>services.prosody.modules.mam</option>.
</para>
<para>
The better-performing <literal>libevent</literal> backend is now enabled by default.
</para>
<para>
<literal>withCommunityModules</literal> now passes through the modules to <option>services.prosody.extraModules</option>.
Use <literal>withOnlyInstalledCommunityModules</literal> for modules that should not be enabled directly, e.g <literal>lib_ldap</literal>.
</para>
</listitem>
<listitem>
<para>
All prometheus exporter modules are now defined as submodules.
The exporters are configured using <literal>services.prometheus.exporters</literal>.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
@ -381,15 +418,6 @@ following incompatible changes:</para>
have been added to set up static routing. have been added to set up static routing.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The option <option>services.xserver.desktopManager.default</option> is now
<literal>none</literal> by default. An assertion failure is thrown if WM's
and DM's default are <literal>none</literal>.
To explicitly run a plain X session without and DM or WM, the newly
introduced option <option>services.xserver.plainX</option> must be set to true.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
The option <option>services.logstash.listenAddress</option> is now <literal>127.0.0.1</literal> by default. The option <option>services.logstash.listenAddress</option> is now <literal>127.0.0.1</literal> by default.

2
nixos/doc/manual/release-notes/rl-1809.xml
View File

@ -4,7 +4,7 @@
version="5.0" version="5.0"
xml:id="sec-release-18.09"> xml:id="sec-release-18.09">
<title>Release 18.09 (“??”, 2018/09/??)</title> <title>Release 18.09 (“Jellyfish”, 2018/09/??)</title>
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink"

10
nixos/lib/testing.nix
View File

@ -3,7 +3,11 @@
with import ./build-vms.nix { inherit system minimal config; }; with import ./build-vms.nix { inherit system minimal config; };
with pkgs; with pkgs;
rec { let
jquery-ui = callPackage ./testing/jquery-ui.nix { };
jquery = callPackage ./testing/jquery.nix { };
in rec {
inherit pkgs; inherit pkgs;
@ -143,8 +147,8 @@ rec {
test = passMeta (runTests driver); test = passMeta (runTests driver);
report = passMeta (releaseTools.gcovReport { coverageRuns = [ test ]; }); report = passMeta (releaseTools.gcovReport { coverageRuns = [ test ]; });
in (if makeCoverageReport then report else test) // { in (if makeCoverageReport then report else test) // {
inherit nodes driver test; inherit nodes driver test;
}; };
runInMachine = runInMachine =

0
pkgs/development/libraries/javascript/jquery-ui/default.nix → nixos/lib/testing/jquery-ui.nix
View File

0
pkgs/development/libraries/javascript/jquery/default.nix → nixos/lib/testing/jquery.nix
View File

2
nixos/modules/config/i18n.nix
View File

@ -10,7 +10,7 @@ with lib;
i18n = { i18n = {
glibcLocales = mkOption { glibcLocales = mkOption {
type = types.path; type = types.path;
default = pkgs.glibcLocales.override { default = pkgs.buildPackages.glibcLocales.override {
allLocales = any (x: x == "all") config.i18n.supportedLocales; allLocales = any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales; locales = config.i18n.supportedLocales;
}; };

2
nixos/modules/config/no-x-libs.nix
View File

@ -32,10 +32,10 @@ with lib;
networkmanager-l2tp = pkgs.networkmanager-l2tp.override { withGnome = false; }; networkmanager-l2tp = pkgs.networkmanager-l2tp.override { withGnome = false; };
networkmanager-openconnect = pkgs.networkmanager-openconnect.override { withGnome = false; }; networkmanager-openconnect = pkgs.networkmanager-openconnect.override { withGnome = false; };
networkmanager-openvpn = pkgs.networkmanager-openvpn.override { withGnome = false; }; networkmanager-openvpn = pkgs.networkmanager-openvpn.override { withGnome = false; };
networkmanager-pptp = pkgs.networkmanager-pptp.override { withGnome = false; };
networkmanager-vpnc = pkgs.networkmanager-vpnc.override { withGnome = false; }; networkmanager-vpnc = pkgs.networkmanager-vpnc.override { withGnome = false; };
networkmanager-iodine = pkgs.networkmanager-iodine.override { withGnome = false; }; networkmanager-iodine = pkgs.networkmanager-iodine.override { withGnome = false; };
pinentry = pkgs.pinentry_ncurses; pinentry = pkgs.pinentry_ncurses;
gobjectIntrospection = pkgs.gobjectIntrospection.override { x11Support = false; };
}; };
}; };
} }

2
nixos/modules/config/zram.nix
View File

@ -93,7 +93,7 @@ in
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
ExecStop = "${pkgs.stdenv.shell} -c 'echo 1 > /sys/class/block/${dev}/reset'"; ExecStop = "${pkgs.runtimeShell} -c 'echo 1 > /sys/class/block/${dev}/reset'";
}; };
script = '' script = ''
set -u set -u

16
nixos/modules/hardware/video/amdgpu-pro.nix
View File

@ -15,13 +15,19 @@ let
opengl = config.hardware.opengl; opengl = config.hardware.opengl;
kernel = pkgs.linux_4_9.override {
extraConfig = ''
KALLSYMS_ALL y
'';
};
in in
{ {
config = mkIf enabled { config = mkIf enabled {
nixpkgs.config.xorg.abiCompat = "1.18"; nixpkgs.config.xorg.abiCompat = "1.19";
services.xserver.drivers = singleton services.xserver.drivers = singleton
{ name = "amdgpu"; modules = [ package ]; libPath = [ package ]; }; { name = "amdgpu"; modules = [ package ]; libPath = [ package ]; };
@ -31,6 +37,9 @@ in
boot.extraModulePackages = [ package ]; boot.extraModulePackages = [ package ];
boot.kernelPackages =
pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor kernel);
boot.blacklistedKernelModules = [ "radeon" ]; boot.blacklistedKernelModules = [ "radeon" ];
hardware.firmware = [ package ]; hardware.firmware = [ package ];
@ -38,10 +47,15 @@ in
system.activationScripts.setup-amdgpu-pro = '' system.activationScripts.setup-amdgpu-pro = ''
mkdir -p /run/lib mkdir -p /run/lib
ln -sfn ${package}/lib ${package.libCompatDir} ln -sfn ${package}/lib ${package.libCompatDir}
ln -sfn ${package} /run/amdgpu-pro
'' + optionalString opengl.driSupport32Bit '' '' + optionalString opengl.driSupport32Bit ''
ln -sfn ${package32}/lib ${package32.libCompatDir} ln -sfn ${package32}/lib ${package32.libCompatDir}
''; '';
system.requiredKernelConfig = with config.lib.kernelConfig; [
(isYes "KALLSYMS_ALL")
];
environment.etc = { environment.etc = {
"amd/amdrc".source = package + "/etc/amd/amdrc"; "amd/amdrc".source = package + "/etc/amd/amdrc";
"amd/amdapfxx.blb".source = package + "/etc/amd/amdapfxx.blb"; "amd/amdapfxx.blb".source = package + "/etc/amd/amdapfxx.blb";

10
nixos/modules/hardware/video/nvidia.nix
View File

@ -16,8 +16,6 @@ let
kernelPackages.nvidia_x11 kernelPackages.nvidia_x11
else if elem "nvidiaBeta" drivers then else if elem "nvidiaBeta" drivers then
kernelPackages.nvidia_x11_beta kernelPackages.nvidia_x11_beta
else if elem "nvidiaLegacy173" drivers then
kernelPackages.nvidia_x11_legacy173
else if elem "nvidiaLegacy304" drivers then else if elem "nvidiaLegacy304" drivers then
kernelPackages.nvidia_x11_legacy304 kernelPackages.nvidia_x11_legacy304
else if elem "nvidiaLegacy340" drivers then else if elem "nvidiaLegacy340" drivers then
@ -75,10 +73,10 @@ in
# Create /dev/nvidia-uvm when the nvidia-uvm module is loaded. # Create /dev/nvidia-uvm when the nvidia-uvm module is loaded.
services.udev.extraRules = services.udev.extraRules =
'' ''
KERNEL=="nvidia", RUN+="${pkgs.stdenv.shell} -c 'mknod -m 666 /dev/nvidiactl c $(grep nvidia-frontend /proc/devices | cut -d \ -f 1) 255'" KERNEL=="nvidia", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidiactl c $(grep nvidia-frontend /proc/devices | cut -d \ -f 1) 255'"
KERNEL=="nvidia_modeset", RUN+="${pkgs.stdenv.shell} -c 'mknod -m 666 /dev/nvidia-modeset c $(grep nvidia-frontend /proc/devices | cut -d \ -f 1) 254'" KERNEL=="nvidia_modeset", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-modeset c $(grep nvidia-frontend /proc/devices | cut -d \ -f 1) 254'"
KERNEL=="card*", SUBSYSTEM=="drm", DRIVERS=="nvidia", RUN+="${pkgs.stdenv.shell} -c 'mknod -m 666 /dev/nvidia%n c $(grep nvidia-frontend /proc/devices | cut -d \ -f 1) %n'" KERNEL=="card*", SUBSYSTEM=="drm", DRIVERS=="nvidia", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia%n c $(grep nvidia-frontend /proc/devices | cut -d \ -f 1) %n'"
KERNEL=="nvidia_uvm", RUN+="${pkgs.stdenv.shell} -c 'mknod -m 666 /dev/nvidia-uvm c $(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 0'" KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm c $(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 0'"
''; '';
boot.blacklistedKernelModules = [ "nouveau" "nvidiafb" ]; boot.blacklistedKernelModules = [ "nouveau" "nvidiafb" ];

2
nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
View File

@ -54,7 +54,7 @@ in
environment.systemPackages = environment.systemPackages =
[ pkgs.w3m # needed for the manual anyway [ pkgs.w3m # needed for the manual anyway
pkgs.testdisk # useful for repairing boot problems pkgs.testdisk # useful for repairing boot problems
pkgs.mssys # for writing Microsoft boot sectors / MBRs pkgs.ms-sys # for writing Microsoft boot sectors / MBRs
pkgs.parted pkgs.parted
pkgs.ddrescue pkgs.ddrescue
pkgs.ccrypt pkgs.ccrypt

2
nixos/modules/installer/tools/nixos-rebuild.sh
View File

@ -382,6 +382,6 @@ fi
if [ "$action" = build-vm ]; then if [ "$action" = build-vm ]; then
cat >&2 <<EOF cat >&2 <<EOF
Done. The virtual machine can be started by running $(echo $pathToConfig/bin/run-*-vm). Done. The virtual machine can be started by running $(echo $pathToConfig/bin/run-*-vm)
EOF EOF
fi fi

2
nixos/modules/installer/virtualbox-demo.nix
View File

@ -19,4 +19,6 @@ with lib;
# Add some more video drivers to give X11 a shot at working in # Add some more video drivers to give X11 a shot at working in
# VMware and QEMU. # VMware and QEMU.
services.xserver.videoDrivers = mkOverride 40 [ "virtualbox" "vmware" "cirrus" "vesa" "modesetting" ]; services.xserver.videoDrivers = mkOverride 40 [ "virtualbox" "vmware" "cirrus" "vesa" "modesetting" ];
powerManagement.enable = false;
} }

4
nixos/modules/misc/ids.nix
View File

@ -106,7 +106,7 @@
freenet = 79; freenet = 79;
ircd = 80; ircd = 80;
bacula = 81; bacula = 81;
almir = 82; #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
deluge = 83; deluge = 83;
mysql = 84; mysql = 84;
rabbitmq = 85; rabbitmq = 85;
@ -393,7 +393,7 @@
freenet = 79; freenet = 79;
ircd = 80; ircd = 80;
bacula = 81; bacula = 81;
almir = 82; #almir = 82; # removed 2018-03-25, the almir package was removed in 30291227f2411abaca097773eedb49b8f259e297 during 2017-08
deluge = 83; deluge = 83;
mysql = 84; mysql = 84;
rabbitmq = 85; rabbitmq = 85;

14
nixos/modules/misc/nixpkgs.nix
View File

@ -61,7 +61,7 @@ in
inherit (config.nixpkgs) config overlays system; inherit (config.nixpkgs) config overlays system;
} }
''; '';
default = import ../../.. { inherit (cfg) config overlays system; }; default = import ../../.. { inherit (cfg) config overlays system crossSystem; };
type = pkgsType; type = pkgsType;
example = literalExample ''import <nixpkgs> {}''; example = literalExample ''import <nixpkgs> {}'';
description = '' description = ''
@ -130,6 +130,18 @@ in
''; '';
}; };
crossSystem = mkOption {
type = types.nullOr types.attrs;
default = null;
description = ''
The description of the system we're cross-compiling to, or null
if this isn't a cross-compile. See the description of the
crossSystem argument in the nixpkgs manual.
Ignored when <code>nixpkgs.pkgs</code> is set.
'';
};
system = mkOption { system = mkOption {
type = types.str; type = types.str;
example = "i686-linux"; example = "i686-linux";

19
nixos/modules/misc/version.nix
View File

@ -16,6 +16,21 @@ in
options.system = { options.system = {
# XXX: Reintroduce old options to make nixops before 1.6 able to evaluate configurations
# XXX: Remove after nixops has been bumped to a compatible version
nixosVersion = mkOption {
readOnly = true;
internal = true;
type = types.str;
default = config.system.nixos.version;
};
nixosVersionSuffix = mkOption {
readOnly = true;
internal = true;
type = types.str;
default = config.system.nixos.versionSuffix;
};
nixos.version = mkOption { nixos.version = mkOption {
internal = true; internal = true;
type = types.str; type = types.str;
@ -85,8 +100,8 @@ in
revision = mkIf (pathIsDirectory gitRepo) (mkDefault gitCommitId); revision = mkIf (pathIsDirectory gitRepo) (mkDefault gitCommitId);
versionSuffix = mkIf (pathIsDirectory gitRepo) (mkDefault (".git." + gitCommitId)); versionSuffix = mkIf (pathIsDirectory gitRepo) (mkDefault (".git." + gitCommitId));
# Note: code names must only increase in alphabetical order. # Note: the first letter is bumped on every release. It's an animal.
codeName = "Impala"; codeName = "Jellyfish";
}; };
# Generate /etc/os-release. See # Generate /etc/os-release. See

16
nixos/modules/module-list.nix
View File

@ -104,6 +104,7 @@
./programs/shadow.nix ./programs/shadow.nix
./programs/shell.nix ./programs/shell.nix
./programs/spacefm.nix ./programs/spacefm.nix
./programs/singularity.nix
./programs/ssh.nix ./programs/ssh.nix
./programs/ssmtp.nix ./programs/ssmtp.nix
./programs/sysdig.nix ./programs/sysdig.nix
@ -157,8 +158,8 @@
./services/audio/slimserver.nix ./services/audio/slimserver.nix
./services/audio/squeezelite.nix ./services/audio/squeezelite.nix
./services/audio/ympd.nix ./services/audio/ympd.nix
./services/backup/almir.nix
./services/backup/bacula.nix ./services/backup/bacula.nix
./services/backup/borgbackup.nix
./services/backup/crashplan.nix ./services/backup/crashplan.nix
./services/backup/crashplan-small-business.nix ./services/backup/crashplan-small-business.nix
./services/backup/mysql-backup.nix ./services/backup/mysql-backup.nix
@ -361,6 +362,7 @@
./services/misc/rippled.nix ./services/misc/rippled.nix
./services/misc/ripple-data-api.nix ./services/misc/ripple-data-api.nix
./services/misc/rogue.nix ./services/misc/rogue.nix
./services/misc/serviio.nix
./services/misc/siproxd.nix ./services/misc/siproxd.nix
./services/misc/snapper.nix ./services/misc/snapper.nix
./services/misc/sonarr.nix ./services/misc/sonarr.nix
@ -396,16 +398,7 @@
./services/monitoring/osquery.nix ./services/monitoring/osquery.nix
./services/monitoring/prometheus/default.nix ./services/monitoring/prometheus/default.nix
./services/monitoring/prometheus/alertmanager.nix ./services/monitoring/prometheus/alertmanager.nix
./services/monitoring/prometheus/blackbox-exporter.nix ./services/monitoring/prometheus/exporters.nix
./services/monitoring/prometheus/collectd-exporter.nix
./services/monitoring/prometheus/fritzbox-exporter.nix
./services/monitoring/prometheus/json-exporter.nix
./services/monitoring/prometheus/minio-exporter.nix
./services/monitoring/prometheus/nginx-exporter.nix
./services/monitoring/prometheus/node-exporter.nix
./services/monitoring/prometheus/snmp-exporter.nix
./services/monitoring/prometheus/unifi-exporter.nix
./services/monitoring/prometheus/varnish-exporter.nix
./services/monitoring/riemann.nix ./services/monitoring/riemann.nix
./services/monitoring/riemann-dash.nix ./services/monitoring/riemann-dash.nix
./services/monitoring/riemann-tools.nix ./services/monitoring/riemann-tools.nix
@ -638,7 +631,6 @@
./services/web-apps/atlassian/jira.nix ./services/web-apps/atlassian/jira.nix
./services/web-apps/frab.nix ./services/web-apps/frab.nix
./services/web-apps/mattermost.nix ./services/web-apps/mattermost.nix
./services/web-apps/nixbot.nix
./services/web-apps/nexus.nix ./services/web-apps/nexus.nix
./services/web-apps/pgpkeyserver-lite.nix ./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/matomo.nix ./services/web-apps/matomo.nix

2
nixos/modules/profiles/base.nix
View File

@ -9,7 +9,7 @@
environment.systemPackages = [ environment.systemPackages = [
pkgs.w3m-nox # needed for the manual anyway pkgs.w3m-nox # needed for the manual anyway
pkgs.testdisk # useful for repairing boot problems pkgs.testdisk # useful for repairing boot problems
pkgs.mssys # for writing Microsoft boot sectors / MBRs pkgs.ms-sys # for writing Microsoft boot sectors / MBRs
pkgs.efibootmgr pkgs.efibootmgr
pkgs.efivar pkgs.efivar
pkgs.parted pkgs.parted

6
nixos/modules/profiles/demo.nix
View File

@ -10,4 +10,10 @@
password = "demo"; password = "demo";
uid = 1000; uid = 1000;
}; };
services.xserver.displayManager.sddm.autoLogin = {
enable = true;
relogin = true;
user = "demo";
};
} }

2
nixos/modules/programs/bash/bash.nix
View File

@ -126,7 +126,7 @@ in
programs.bash = { programs.bash = {
shellInit = '' shellInit = ''
. ${config.system.build.setEnvironment} ${config.system.build.setEnvironment.text}
${cfge.shellInit} ${cfge.shellInit}
''; '';

2
nixos/modules/programs/rootston.nix
View File

@ -6,7 +6,7 @@ let
cfg = config.programs.rootston; cfg = config.programs.rootston;
rootstonWrapped = pkgs.writeScriptBin "rootston" '' rootstonWrapped = pkgs.writeScriptBin "rootston" ''
#! ${pkgs.stdenv.shell} #! ${pkgs.runtimeShell}
if [[ "$#" -ge 1 ]]; then if [[ "$#" -ge 1 ]]; then
exec ${pkgs.rootston}/bin/rootston "$@" exec ${pkgs.rootston}/bin/rootston "$@"
else else

20
nixos/modules/programs/singularity.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.singularity;
in {
options.programs.singularity = {
enable = mkEnableOption "Singularity";
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.singularity ];
systemd.tmpfiles.rules = [ "d /var/singularity/mnt/session 0770 root root -"
"d /var/singularity/mnt/final 0770 root root -"
"d /var/singularity/mnt/overlay 0770 root root -"
"d /var/singularity/mnt/container 0770 root root -"
"d /var/singularity/mnt/source 0770 root root -"];
};
}

2
nixos/modules/programs/ssh.nix
View File

@ -13,7 +13,7 @@ let
askPasswordWrapper = pkgs.writeScript "ssh-askpass-wrapper" askPasswordWrapper = pkgs.writeScript "ssh-askpass-wrapper"
'' ''
#! ${pkgs.stdenv.shell} -e #! ${pkgs.runtimeShell} -e
export DISPLAY="$(systemctl --user show-environment | ${pkgs.gnused}/bin/sed 's/^DISPLAY=\(.*\)/\1/; t; d')" export DISPLAY="$(systemctl --user show-environment | ${pkgs.gnused}/bin/sed 's/^DISPLAY=\(.*\)/\1/; t; d')"
exec ${askPassword} exec ${askPassword}
''; '';

2
nixos/modules/programs/zsh/zsh.nix
View File

@ -108,7 +108,7 @@ in
if [ -n "$__ETC_ZSHENV_SOURCED" ]; then return; fi if [ -n "$__ETC_ZSHENV_SOURCED" ]; then return; fi
export __ETC_ZSHENV_SOURCED=1 export __ETC_ZSHENV_SOURCED=1
. ${config.system.build.setEnvironment} ${config.system.build.setEnvironment.text}
${cfge.shellInit} ${cfge.shellInit}

12
nixos/modules/rename.nix
View File

@ -196,9 +196,9 @@ with lib;
(mkRenamedOptionModule [ "virtualization" "growPartition" ] [ "boot" "growPartition" ]) (mkRenamedOptionModule [ "virtualization" "growPartition" ] [ "boot" "growPartition" ])
# misc/version.nix # misc/version.nix
(mkRenamedOptionModule [ "config" "system" "nixosVersion" ] [ "config" "system" "nixos" "version" ]) #(mkRenamedOptionModule [ "config" "system" "nixosVersion" ] [ "config" "system" "nixos" "version" ])
(mkRenamedOptionModule [ "config" "system" "nixosRelease" ] [ "config" "system" "nixos" "release" ]) (mkRenamedOptionModule [ "config" "system" "nixosRelease" ] [ "config" "system" "nixos" "release" ])
(mkRenamedOptionModule [ "config" "system" "nixosVersionSuffix" ] [ "config" "system" "nixos" "versionSuffix" ]) #(mkRenamedOptionModule [ "config" "system" "nixosVersionSuffix" ] [ "config" "system" "nixos" "versionSuffix" ])
(mkRenamedOptionModule [ "config" "system" "nixosRevision" ] [ "config" "system" "nixos" "revision" ]) (mkRenamedOptionModule [ "config" "system" "nixosRevision" ] [ "config" "system" "nixos" "revision" ])
(mkRenamedOptionModule [ "config" "system" "nixosCodeName" ] [ "config" "system" "nixos" "codeName" ]) (mkRenamedOptionModule [ "config" "system" "nixosCodeName" ] [ "config" "system" "nixos" "codeName" ])
(mkRenamedOptionModule [ "config" "system" "nixosLabel" ] [ "config" "system" "nixos" "label" ]) (mkRenamedOptionModule [ "config" "system" "nixosLabel" ] [ "config" "system" "nixos" "label" ])
@ -240,5 +240,11 @@ with lib;
# Xen # Xen
(mkRenamedOptionModule [ "virtualisation" "xen" "qemu-package" ] [ "virtualisation" "xen" "package-qemu" ]) (mkRenamedOptionModule [ "virtualisation" "xen" "qemu-package" ] [ "virtualisation" "xen" "package-qemu" ])
]; ] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
"snmpExporter" "unifiExporter" "varnishExporter" ]
(opt: mkRemovedOptionModule [ "services" "prometheus" "${opt}" ] ''
The prometheus exporters are now configured using `services.prometheus.exporters'.
See the 18.03 release notes for more information.
'' ));
} }

10
nixos/modules/security/acme.nix
View File

@ -140,14 +140,6 @@ in
''; '';
}; };
tosHash = mkOption {
type = types.string;
default = "cc88d8d9517f490191401e7b54e9ffd12a2b9082ec7a1d4cec6101f9f1647e7b";
description = ''
SHA256 of the Terms of Services document. This changes once in a while.
'';
};
production = mkOption { production = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -196,7 +188,7 @@ in
let let
cpath = "${cfg.directory}/${cert}"; cpath = "${cfg.directory}/${cert}";
rights = if data.allowKeysForGroup then "750" else "700"; rights = if data.allowKeysForGroup then "750" else "700";
cmdline = [ "-v" "-d" data.domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ] cmdline = [ "-v" "-d" data.domain "--default_root" data.webroot "--valid_min" cfg.validMin ]
++ optionals (data.email != null) [ "--email" data.email ] ++ optionals (data.email != null) [ "--email" data.email ]
++ concatMap (p: [ "-f" p ]) data.plugins ++ concatMap (p: [ "-f" p ]) data.plugins
++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains) ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains)

6
nixos/modules/security/audit.nix
View File

@ -13,7 +13,7 @@ let
}; };
disableScript = pkgs.writeScript "audit-disable" '' disableScript = pkgs.writeScript "audit-disable" ''
#!${pkgs.stdenv.shell} -eu #!${pkgs.runtimeShell} -eu
# Explicitly disable everything, as otherwise journald might start it. # Explicitly disable everything, as otherwise journald might start it.
auditctl -D auditctl -D
auditctl -e 0 -a task,never auditctl -e 0 -a task,never
@ -23,7 +23,7 @@ let
# put in the store like this. At the same time, it doesn't feel like a huge deal and working # put in the store like this. At the same time, it doesn't feel like a huge deal and working
# around that is a pain so I'm leaving it like this for now. # around that is a pain so I'm leaving it like this for now.
startScript = pkgs.writeScript "audit-start" '' startScript = pkgs.writeScript "audit-start" ''
#!${pkgs.stdenv.shell} -eu #!${pkgs.runtimeShell} -eu
# Clear out any rules we may start with # Clear out any rules we may start with
auditctl -D auditctl -D
@ -43,7 +43,7 @@ let
''; '';
stopScript = pkgs.writeScript "audit-stop" '' stopScript = pkgs.writeScript "audit-stop" ''
#!${pkgs.stdenv.shell} -eu #!${pkgs.runtimeShell} -eu
# Clear the rules # Clear the rules
auditctl -D auditctl -D

4
nixos/modules/security/duosec.nix
View File

@ -25,14 +25,14 @@ let
loginCfgFile = optional cfg.ssh.enable loginCfgFile = optional cfg.ssh.enable
{ source = pkgs.writeText "login_duo.conf" configFile; { source = pkgs.writeText "login_duo.conf" configFile;
mode = "0600"; mode = "0600";
uid = config.ids.uids.sshd; user = "sshd";
target = "duo/login_duo.conf"; target = "duo/login_duo.conf";
}; };
pamCfgFile = optional cfg.pam.enable pamCfgFile = optional cfg.pam.enable
{ source = pkgs.writeText "pam_duo.conf" configFile; { source = pkgs.writeText "pam_duo.conf" configFile;
mode = "0600"; mode = "0600";
uid = config.ids.uids.sshd; user = "sshd";
target = "duo/pam_duo.conf"; target = "duo/pam_duo.conf";
}; };
in in

6
nixos/modules/security/sudo.nix
View File

@ -47,8 +47,8 @@ in
default = true; default = true;
description = description =
'' ''
Whether users of the <code>wheel</code> group can execute Whether users of the <code>wheel</code> group must
commands as super user without entering a password. provide a password to run commands as super user via <command>sudo</command>.
''; '';
}; };
@ -215,7 +215,7 @@ in
{ src = pkgs.writeText "sudoers-in" cfg.configFile; } { src = pkgs.writeText "sudoers-in" cfg.configFile; }
# Make sure that the sudoers file is syntactically valid. # Make sure that the sudoers file is syntactically valid.
# (currently disabled - NIXOS-66) # (currently disabled - NIXOS-66)
"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out"; "${pkgs.buildPackages.sudo}/sbin/visudo -f $src -c && cp $src $out";
target = "sudoers"; target = "sudoers";
mode = "0440"; mode = "0440";
}; };

173
nixos/modules/services/backup/almir.nix
View File

@ -1,173 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.almir;
bconsoleconf = pkgs.writeText "bconsole.conf"
''
Director {
Name = ${cfg.director_name}
DIRport = ${toString cfg.director_port}
address = ${cfg.director_address}
Password = "${cfg.director_password}"
}
'';
productionini = pkgs.writeText "production.ini"
''
[app:main]
use = egg:almir
pyramid.reload_templates = false
pyramid.debug_authorization = false
pyramid.debug_notfound = false
pyramid.debug_routematch = false
pyramid.debug_templates = false
pyramid.default_locale_name = en
pyramid.includes =
pyramid_exclog
exclog.extra_info = true
sqlalchemy.url = ${cfg.sqlalchemy_engine_url}
timezone = ${cfg.timezone}
bconsole_config = ${bconsoleconf}
[server:main]
use = egg:waitress#main
host = 127.0.0.1
port = ${toString cfg.port}
# Begin logging configuration
[loggers]
keys = root, almir, sqlalchemy, exc_logger
[handlers]
keys = console
[formatters]
keys = generic
[logger_root]
level = WARN
handlers = console
[logger_almir]
level = WARN
handlers =
qualname = almir
[logger_exc_logger]
level = ERROR
handlers =
qualname = exc_logger
[logger_sqlalchemy]
level = WARN
handlers =
qualname = sqlalchemy.engine
# "level = INFO" logs SQL queries.
# "level = DEBUG" logs SQL queries and results.
# "level = WARN" logs neither. (Recommended for production systems.)
[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic
[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s
'';
in {
options = {
services.almir = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable Almir web server. Also configures postgresql database and installs bacula.
'';
};
port = mkOption {
default = 35000;
type = types.int;
description = ''
Port for Almir web server to listen on.
'';
};
timezone = mkOption {
description = ''
Timezone as specified in https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
'';
example = "Europe/Ljubljana";
};
sqlalchemy_engine_url = mkOption {
default = "postgresql:///bacula";
example = ''
postgresql://bacula:bacula@localhost:5432/bacula
mysql+mysqlconnector://<user>:<password>@<hostname>/<database>'
sqlite:////var/lib/bacula/bacula.db'
'';
description = ''
Define SQL database connection to bacula catalog as specified in http://docs.sqlalchemy.org/en/latest/core/engines.html#database-urls
'';
};
director_name = mkOption {
description = ''
Name of the Director to connect with bconsole.
'';
};
director_password = mkOption {
description = ''
Password for Director to connect with bconsole.
'';
};
director_port = mkOption {
default = 9101;
type = types.int;
description = ''
Port for Director to connect with bconsole.
'';
};
director_address = mkOption {
default = "127.0.0.1";
description = ''
IP/Hostname for Director to connect with bconsole.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.almir = {
after = [ "network.target" "postgresql.service" ];
description = "Almir web app";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.pythonPackages.almir ];
environment.PYTHONPATH = "${pkgs.pythonPackages.almir}/lib/${pkgs.pythonPackages.python.libPrefix}/site-packages";
serviceConfig.ExecStart = "${pkgs.pythonPackages.pyramid}/bin/pserve ${productionini}";
};
environment.systemPackages = [ pkgs.pythonPackages.almir ];
users.extraUsers.almir = {
group = "almir";
uid = config.ids.uids.almir;
createHome = true;
shell = "${pkgs.bash}/bin/bash";
};
users.extraGroups.almir.gid = config.ids.gids.almir;
};
}

580
nixos/modules/services/backup/borgbackup.nix Normal file
View File

@ -0,0 +1,580 @@
{ config, lib, pkgs, ... }:
with lib;
let
isLocalPath = x:
builtins.substring 0 1 x == "/" # absolute path
|| builtins.substring 0 1 x == "." # relative path
|| builtins.match "[.*:.*]" == null; # not machine:path
mkExcludeFile = cfg:
# Write each exclude pattern to a new line
pkgs.writeText "excludefile" (concatStringsSep "\n" cfg.exclude);
mkKeepArgs = cfg:
# If cfg.prune.keep e.g. has a yearly attribute,
# its content is passed on as --keep-yearly
concatStringsSep " "
(mapAttrsToList (x: y: "--keep-${x}=${toString y}") cfg.prune.keep);
mkBackupScript = cfg: ''
on_exit()
{
exitStatus=$?
# Reset the EXIT handler, or else we're called again on 'exit' below
trap - EXIT
${cfg.postHook}
exit $exitStatus
}
trap 'on_exit' INT TERM QUIT EXIT
archiveName="${cfg.archiveBaseName}-$(date ${cfg.dateFormat})"
archiveSuffix="${optionalString cfg.appendFailedSuffix ".failed"}"
${cfg.preHook}
'' + optionalString cfg.doInit ''
# Run borg init if the repo doesn't exist yet
if ! borg list > /dev/null; then
borg init \
--encryption ${cfg.encryption.mode} \
$extraInitArgs
${cfg.postInit}
fi
'' + ''
borg create \
--compression ${cfg.compression} \
--exclude-from ${mkExcludeFile cfg} \
$extraCreateArgs \
"::$archiveName$archiveSuffix" \
${escapeShellArgs cfg.paths}
'' + optionalString cfg.appendFailedSuffix ''
borg rename "::$archiveName$archiveSuffix" "$archiveName"
'' + ''
${cfg.postCreate}
'' + optionalString (cfg.prune.keep != { }) ''
borg prune \
${mkKeepArgs cfg} \
--prefix ${escapeShellArg cfg.prune.prefix} \
$extraPruneArgs
${cfg.postPrune}
'';
mkPassEnv = cfg: with cfg.encryption;
if passCommand != null then
{ BORG_PASSCOMMAND = passCommand; }
else if passphrase != null then
{ BORG_PASSPHRASE = passphrase; }
else { };
mkBackupService = name: cfg:
let
userHome = config.users.users.${cfg.user}.home;
in nameValuePair "borgbackup-job-${name}" {
description = "BorgBackup job ${name}";
path = with pkgs; [
borgbackup openssh
];
script = mkBackupScript cfg;
serviceConfig = {
User = cfg.user;
Group = cfg.group;
# Only run when no other process is using CPU or disk
CPUSchedulingPolicy = "idle";
IOSchedulingClass = "idle";
ProtectSystem = "strict";
ReadWritePaths =
[ "${userHome}/.config/borg" "${userHome}/.cache/borg" ]
# Borg needs write access to repo if it is not remote
++ optional (isLocalPath cfg.repo) cfg.repo;
PrivateTmp = true;
};
environment = {
BORG_REPO = cfg.repo;
inherit (cfg) extraInitArgs extraCreateArgs extraPruneArgs;
} // (mkPassEnv cfg) // cfg.environment;
inherit (cfg) startAt;
};
# Paths listed in ReadWritePaths must exist before service is started
mkActivationScript = name: cfg:
let
install = "install -o ${cfg.user} -g ${cfg.group}";
in
nameValuePair "borgbackup-job-${name}" (stringAfter [ "users" ] (''
# Eensure that the home directory already exists
# We can't assert createHome == true because that's not the case for root
cd "${config.users.users.${cfg.user}.home}"
${install} -d .config/borg
${install} -d .cache/borg
'' + optionalString (isLocalPath cfg.repo) ''
${install} -d ${escapeShellArg cfg.repo}
''));
mkPassAssertion = name: cfg: {
assertion = with cfg.encryption;
mode != "none" -> passCommand != null || passphrase != null;
message =
"passCommand or passphrase has to be specified because"
+ '' borgbackup.jobs.${name}.encryption != "none"'';
};
mkRepoService = name: cfg:
nameValuePair "borgbackup-repo-${name}" {
description = "Create BorgBackup repository ${name} directory";
script = ''
mkdir -p ${escapeShellArg cfg.path}
chown ${cfg.user}:${cfg.group} ${escapeShellArg cfg.path}
'';
serviceConfig = {
# The service's only task is to ensure that the specified path exists
Type = "oneshot";
};
wantedBy = [ "multi-user.target" ];
};
mkAuthorizedKey = cfg: appendOnly: key:
let
# Because of the following line, clients do not need to specify an absolute repo path
cdCommand = "cd ${escapeShellArg cfg.path}";
restrictedArg = "--restrict-to-${if cfg.allowSubRepos then "path" else "repository"} .";
appendOnlyArg = optionalString appendOnly "--append-only";
quotaArg = optionalString (cfg.quota != null) "--storage-quota ${cfg.quota}";
serveCommand = "borg serve ${restrictedArg} ${appendOnlyArg} ${quotaArg}";
in
''command="${cdCommand} && ${serveCommand}",restrict ${key}'';
mkUsersConfig = name: cfg: {
users.${cfg.user} = {
openssh.authorizedKeys.keys =
(map (mkAuthorizedKey cfg false) cfg.authorizedKeys
++ map (mkAuthorizedKey cfg true) cfg.authorizedKeysAppendOnly);
useDefaultShell = true;
};
groups.${cfg.group} = { };
};
mkKeysAssertion = name: cfg: {
assertion = cfg.authorizedKeys != [ ] || cfg.authorizedKeysAppendOnly != [ ];
message =
"borgbackup.repos.${name} does not make sense"
+ " without at least one public key";
};
in {
meta.maintainers = with maintainers; [ dotlambda ];
###### interface
options.services.borgbackup.jobs = mkOption {
description = "Deduplicating backups using BorgBackup.";
default = { };
example = literalExample ''
{
rootBackup = {
paths = "/";
exclude = [ "/nix" ];
repo = "/path/to/local/repo";
encryption = {
mode = "repokey";
passphrase = "secret";
};
compression = "auto,lzma";
startAt = "weekly";
};
}
'';
type = types.attrsOf (types.submodule (let globalConfig = config; in
{ name, config, ... }: {
options = {
paths = mkOption {
type = with types; either path (nonEmptyListOf path);
description = "Path(s) to back up.";
example = "/home/user";
apply = x: if isList x then x else [ x ];
};
repo = mkOption {
type = types.str;
description = "Remote or local repository to back up to.";
example = "user@machine:/path/to/repo";
};
archiveBaseName = mkOption {
type = types.strMatching "[^/{}]+";
default = "${globalConfig.networking.hostName}-${name}";
defaultText = "\${config.networking.hostName}-<name>";
description = ''
How to name the created archives. A timestamp, whose format is
determined by <option>dateFormat</option>, will be appended. The full
name can be modified at runtime (<literal>$archiveName</literal>).
Placeholders like <literal>{hostname}</literal> must not be used.
'';
};
dateFormat = mkOption {
type = types.str;
description = ''
Arguments passed to <command>date</command>
to create a timestamp suffix for the archive name.
'';
default = "+%Y-%m-%dT%H:%M:%S";
example = "-u +%s";
};
startAt = mkOption {
type = with types; either str (listOf str);
default = "daily";
description = ''
When or how often the backup should run.
Must be in the format described in
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>.
If you do not want the backup to start
automatically, use <literal>[ ]</literal>.
'';
};
user = mkOption {
type = types.str;
description = ''
The user <command>borg</command> is run as.
User or group need read permission
for the specified <option>paths</option>.
'';
default = "root";
};
group = mkOption {
type = types.str;
description = ''
The group borg is run as. User or group needs read permission
for the specified <option>paths</option>.
'';
default = "root";
};
encryption.mode = mkOption {
type = types.enum [
"repokey" "keyfile"
"repokey-blake2" "keyfile-blake2"
"authenticated" "authenticated-blake2"
"none"
];
description = ''
Encryption mode to use. Setting a mode
other than <literal>"none"</literal> requires
you to specify a <option>passCommand</option>
or a <option>passphrase</option>.
'';
};
encryption.passCommand = mkOption {
type = with types; nullOr str;
description = ''
A command which prints the passphrase to stdout.
Mutually exclusive with <option>passphrase</option>.
'';
default = null;
example = "cat /path/to/passphrase_file";
};
encryption.passphrase = mkOption {
type = with types; nullOr str;
description = ''
The passphrase the backups are encrypted with.
Mutually exclusive with <option>passCommand</option>.
If you do not want the passphrase to be stored in the
world-readable Nix store, use <option>passCommand</option>.
'';
default = null;
};
compression = mkOption {
# "auto" is optional,
# compression mode must be given,
# compression level is optional
type = types.strMatching "none|(auto,)?(lz4|zstd|zlib|lzma)(,[[:digit:]]{1,2})?";
description = ''
Compression method to use. Refer to
<command>borg help compression</command>
for all available options.
'';
default = "lz4";
example = "auto,lzma";
};
exclude = mkOption {
type = with types; listOf str;
description = ''
Exclude paths matching any of the given patterns. See
<command>borg help patterns</command> for pattern syntax.
'';
default = [ ];
example = [
"/home/*/.cache"
"/nix"
];
};
doInit = mkOption {
type = types.bool;
description = ''
Run <command>borg init</command> if the
specified <option>repo</option> does not exist.
You should set this to <literal>false</literal>
if the repository is located on an external drive
that might not always be mounted.
'';
default = true;
};
appendFailedSuffix = mkOption {
type = types.bool;
description = ''
Append a <literal>.failed</literal> suffix
to the archive name, which is only removed if
<command>borg create</command> has a zero exit status.
'';
default = true;
};
prune.keep = mkOption {
# Specifying e.g. `prune.keep.yearly = -1`
# means there is no limit of yearly archives to keep
# The regex is for use with e.g. --keep-within 1y
type = with types; attrsOf (either int (strMatching "[[:digit:]]+[Hdwmy]"));
description = ''
Prune a repository by deleting all archives not matching any of the
specified retention options. See <command>borg help prune</command>
for the available options.
'';
default = { };
example = literalExample ''
{
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 4;
monthly = -1; # Keep at least one archive for each month
}
'';
};
prune.prefix = mkOption {
type = types.str;
description = ''
Only consider archive names starting with this prefix for pruning.
By default, only archives created by this job are considered.
Use <literal>""</literal> to consider all archives.
'';
default = config.archiveBaseName;
defaultText = "\${archiveBaseName}";
};
environment = mkOption {
type = with types; attrsOf str;
description = ''
Environment variables passed to the backup script.
You can for example specify which SSH key to use.
'';
default = { };
example = { BORG_RSH = "ssh -i /path/to/key"; };
};
preHook = mkOption {
type = types.lines;
description = ''
Shell commands to run before the backup.
This can for example be used to mount file systems.
'';
default = "";
example = ''
# To add excluded paths at runtime
extraCreateArgs="$extraCreateArgs --exclude /some/path"
'';
};
postInit = mkOption {
type = types.lines;
description = ''
Shell commands to run after <command>borg init</command>.
'';
default = "";
};
postCreate = mkOption {
type = types.lines;
description = ''
Shell commands to run after <command>borg create</command>. The name
of the created archive is stored in <literal>$archiveName</literal>.
'';
default = "";
};
postPrune = mkOption {
type = types.lines;
description = ''
Shell commands to run after <command>borg prune</command>.
'';
default = "";
};
postHook = mkOption {
type = types.lines;
description = ''
Shell commands to run just before exit. They are executed
even if a previous command exits with a non-zero exit code.
The latter is available as <literal>$exitStatus</literal>.
'';
default = "";
};
extraInitArgs = mkOption {
type = types.str;
description = ''
Additional arguments for <command>borg init</command>.
Can also be set at runtime using <literal>$extraInitArgs</literal>.
'';
default = "";
example = "--append-only";
};
extraCreateArgs = mkOption {
type = types.str;
description = ''
Additional arguments for <command>borg create</command>.
Can also be set at runtime using <literal>$extraCreateArgs</literal>.
'';
default = "";
example = "--stats --checkpoint-interval 600";
};
extraPruneArgs = mkOption {
type = types.str;
description = ''
Additional arguments for <command>borg prune</command>.
Can also be set at runtime using <literal>$extraPruneArgs</literal>.
'';
default = "";
example = "--save-space";
};
};
}
));
};
options.services.borgbackup.repos = mkOption {
description = ''
Serve BorgBackup repositories to given public SSH keys,
restricting their access to the repository only.
Also, clients do not need to specify the absolute path when accessing the repository,
i.e. <literal>user@machine:.</literal> is enough. (Note colon and dot.)
'';
default = { };
type = types.attrsOf (types.submodule (
{ name, config, ... }: {
options = {
path = mkOption {
type = types.path;
description = ''
Where to store the backups. Note that the directory
is created automatically, with correct permissions.
'';
default = "/var/lib/borgbackup";
};
user = mkOption {
type = types.str;
description = ''
The user <command>borg serve</command> is run as.
User or group needs write permission
for the specified <option>path</option>.
'';
default = "borg";
};
group = mkOption {
type = types.str;
description = ''
The group <command>borg serve</command> is run as.
User or group needs write permission
for the specified <option>path</option>.
'';
default = "borg";
};
authorizedKeys = mkOption {
type = with types; listOf str;
description = ''
Public SSH keys that are given full write access to this repository.
You should use a different SSH key for each repository you write to, because
the specified keys are restricted to running <command>borg serve</command>
and can only access this single repository.
'';
default = [ ];
};
authorizedKeysAppendOnly = mkOption {
type = with types; listOf str;
description = ''
Public SSH keys that can only be used to append new data (archives) to the repository.
Note that archives can still be marked as deleted and are subsequently removed from disk
upon accessing the repo with full write access, e.g. when pruning.
'';
default = [ ];
};
allowSubRepos = mkOption {
type = types.bool;
description = ''
Allow clients to create repositories in subdirectories of the
specified <option>path</option>. These can be accessed using
<literal>user@machine:path/to/subrepo</literal>. Note that a
<option>quota</option> applies to repositories independently.
Therefore, if this is enabled, clients can create multiple
repositories and upload an arbitrary amount of data.
'';
default = false;
};
quota = mkOption {
# See the definition of parse_file_size() in src/borg/helpers/parseformat.py
type = with types; nullOr (strMatching "[[:digit:].]+[KMGTP]?");
description = ''
Storage quota for the repository. This quota is ensured for all
sub-repositories if <option>allowSubRepos</option> is enabled
but not for the overall storage space used.
'';
default = null;
example = "100G";
};
};
}
));
};
###### implementation
config = mkIf (with config.services.borgbackup; jobs != { } || repos != { })
(with config.services.borgbackup; {
assertions =
mapAttrsToList mkPassAssertion jobs
++ mapAttrsToList mkKeysAssertion repos;
system.activationScripts = mapAttrs' mkActivationScript jobs;
systemd.services =
# A job named "foo" is mapped to systemd.services.borgbackup-job-foo
mapAttrs' mkBackupService jobs
# A repo named "foo" is mapped to systemd.services.borgbackup-repo-foo
// mapAttrs' mkRepoService repos;
users = mkMerge (mapAttrsToList mkUsersConfig repos);
environment.systemPackages = with pkgs; [ borgbackup ];
});
}

67
nixos/modules/services/backup/tarsnap.nix
View File

@ -238,6 +238,20 @@ in
Whether to produce verbose logging output. Whether to produce verbose logging output.
''; '';
}; };
explicitSymlinks = mkOption {
type = types.bool;
default = false;
description = ''
Whether to follow symlinks specified as archives.
'';
};
followSymlinks = mkOption {
type = types.bool;
default = false;
description = ''
Whether to follow all symlinks in archive trees.
'';
};
}; };
} }
)); ));
@ -285,12 +299,12 @@ in
}) gcfg.archives); }) gcfg.archives);
systemd.services = systemd.services =
mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" { (mapAttrs' (name: cfg: nameValuePair "tarsnap-${name}" {
description = "Tarsnap archive '${name}'"; description = "Tarsnap archive '${name}'";
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
path = [ pkgs.iputils pkgs.tarsnap pkgs.utillinux ]; path = with pkgs; [ iputils tarsnap utillinux ];
# In order for the persistent tarsnap timer to work reliably, we have to # In order for the persistent tarsnap timer to work reliably, we have to
# make sure that the tarsnap server is reachable after systemd starts up # make sure that the tarsnap server is reachable after systemd starts up
@ -300,10 +314,12 @@ in
while ! ping -q -c 1 v1-0-0-server.tarsnap.com &> /dev/null; do sleep 3; done while ! ping -q -c 1 v1-0-0-server.tarsnap.com &> /dev/null; do sleep 3; done
''; '';
script = script = let
let run = ''tarsnap --configfile "/etc/tarsnap/${name}.conf" \ tarsnap = ''tarsnap --configfile "/etc/tarsnap/${name}.conf"'';
-c -f "${name}-$(date +"%Y%m%d%H%M%S")" \ run = ''${tarsnap} -c -f "${name}-$(date +"%Y%m%d%H%M%S")" \
${optionalString cfg.verbose "-v"} \ ${optionalString cfg.verbose "-v"} \
${optionalString cfg.explicitSymlinks "-H"} \
${optionalString cfg.followSymlinks "-L"} \
${concatStringsSep " " cfg.directories}''; ${concatStringsSep " " cfg.directories}'';
in if (cfg.cachedir != null) then '' in if (cfg.cachedir != null) then ''
mkdir -p ${cfg.cachedir} mkdir -p ${cfg.cachedir}
@ -313,7 +329,7 @@ in
if [ ! -e ${cfg.cachedir}/firstrun ]; then if [ ! -e ${cfg.cachedir}/firstrun ]; then
( flock 10 ( flock 10
flock -u 9 flock -u 9
tarsnap --configfile "/etc/tarsnap/${name}.conf" --fsck ${tarsnap} --fsck
flock 9 flock 9
) 10>${cfg.cachedir}/firstrun ) 10>${cfg.cachedir}/firstrun
fi fi
@ -329,7 +345,44 @@ in
CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ]; CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ];
PermissionsStartOnly = "true"; PermissionsStartOnly = "true";
}; };
}) gcfg.archives; }) gcfg.archives) //
(mapAttrs' (name: cfg: nameValuePair "tarsnap-restore-${name}"{
description = "Tarsnap restore '${name}'";
requires = [ "network-online.target" ];
path = with pkgs; [ iputils tarsnap utillinux ];
script = let
tarsnap = ''tarsnap --configfile "/etc/tarsnap/${name}.conf"'';
lastArchive = ''$(${tarsnap} --list-archives | sort | tail -1)'';
run = ''${tarsnap} -x -f "${lastArchive}" ${optionalString cfg.verbose "-v"}'';
in if (cfg.cachedir != null) then ''
mkdir -p ${cfg.cachedir}
chmod 0700 ${cfg.cachedir}
( flock 9
if [ ! -e ${cfg.cachedir}/firstrun ]; then
( flock 10
flock -u 9
${tarsnap} --fsck
flock 9
) 10>${cfg.cachedir}/firstrun
fi
) 9>${cfg.cachedir}/lockf
exec flock ${cfg.cachedir}/firstrun ${run}
'' else "exec ${run}";
serviceConfig = {
Type = "oneshot";
IOSchedulingClass = "idle";
NoNewPrivileges = "true";
CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ];
PermissionsStartOnly = "true";
};
}) gcfg.archives);
# Note: the timer must be Persistent=true, so that systemd will start it even # Note: the timer must be Persistent=true, so that systemd will start it even
# if e.g. your laptop was asleep while the latest interval occurred. # if e.g. your laptop was asleep while the latest interval occurred.

2
nixos/modules/services/backup/znapzend.nix
View File

@ -386,7 +386,7 @@ in
echo Resetting znapzend zetups echo Resetting znapzend zetups
${pkgs.znapzend}/bin/znapzendzetup list \ ${pkgs.znapzend}/bin/znapzendzetup list \
| grep -oP '(?<=\*\*\* backup plan: ).*(?= \*\*\*)' \ | grep -oP '(?<=\*\*\* backup plan: ).*(?= \*\*\*)' \
| xargs ${pkgs.znapzend}/bin/znapzendzetup delete | xargs -I{} ${pkgs.znapzend}/bin/znapzendzetup delete "{}"
'' + concatStringsSep "\n" (mapAttrsToList (dataset: config: '' '' + concatStringsSep "\n" (mapAttrsToList (dataset: config: ''
echo Importing znapzend zetup ${config} for dataset ${dataset} echo Importing znapzend zetup ${config} for dataset ${dataset}
${pkgs.znapzend}/bin/znapzendzetup import --write ${dataset} ${config} ${pkgs.znapzend}/bin/znapzendzetup import --write ${dataset} ${config}

12
nixos/modules/services/cluster/kubernetes/default.nix
View File

@ -279,7 +279,7 @@ in {
tokenAuthFile = mkOption { tokenAuthFile = mkOption {
description = '' description = ''
Kubernetes apiserver token authentication file. See Kubernetes apiserver token authentication file. See
<link xlink:href="http://kubernetes.io/docs/admin/authentication.html"/> <link xlink:href="https://kubernetes.io/docs/admin/authentication.html"/>
''; '';
default = null; default = null;
type = types.nullOr types.path; type = types.nullOr types.path;
@ -288,7 +288,7 @@ in {
basicAuthFile = mkOption { basicAuthFile = mkOption {
description = '' description = ''
Kubernetes apiserver basic authentication file. See Kubernetes apiserver basic authentication file. See
<link xlink:href="http://kubernetes.io/docs/admin/authentication.html"/> <link xlink:href="https://kubernetes.io/docs/admin/authentication.html"/>
''; '';
default = pkgs.writeText "users" '' default = pkgs.writeText "users" ''
kubernetes,admin,0 kubernetes,admin,0
@ -299,7 +299,7 @@ in {
authorizationMode = mkOption { authorizationMode = mkOption {
description = '' description = ''
Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/RBAC). See Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/RBAC). See
<link xlink:href="http://kubernetes.io/docs/admin/authorization.html"/> <link xlink:href="https://kubernetes.io/docs/admin/authorization.html"/>
''; '';
default = ["RBAC" "Node"]; default = ["RBAC" "Node"];
type = types.listOf (types.enum ["AlwaysAllow" "AlwaysDeny" "ABAC" "RBAC" "Node"]); type = types.listOf (types.enum ["AlwaysAllow" "AlwaysDeny" "ABAC" "RBAC" "Node"]);
@ -308,7 +308,7 @@ in {
authorizationPolicy = mkOption { authorizationPolicy = mkOption {
description = '' description = ''
Kubernetes apiserver authorization policy file. See Kubernetes apiserver authorization policy file. See
<link xlink:href="http://kubernetes.io/docs/admin/authorization.html"/> <link xlink:href="https://kubernetes.io/docs/admin/authorization.html"/>
''; '';
default = []; default = [];
type = types.listOf types.attrs; type = types.listOf types.attrs;
@ -332,7 +332,7 @@ in {
runtimeConfig = mkOption { runtimeConfig = mkOption {
description = '' description = ''
Api runtime configuration. See Api runtime configuration. See
<link xlink:href="http://kubernetes.io/docs/admin/cluster-management.html"/> <link xlink:href="https://kubernetes.io/docs/admin/cluster-management.html"/>
''; '';
default = "authentication.k8s.io/v1beta1=true"; default = "authentication.k8s.io/v1beta1=true";
example = "api/all=false,api/v1=true"; example = "api/all=false,api/v1=true";
@ -342,7 +342,7 @@ in {
admissionControl = mkOption { admissionControl = mkOption {
description = '' description = ''
Kubernetes admission control plugins to use. See Kubernetes admission control plugins to use. See
<link xlink:href="http://kubernetes.io/docs/admin/admission-controllers/"/> <link xlink:href="https://kubernetes.io/docs/admin/admission-controllers/"/>
''; '';
default = ["NamespaceLifecycle" "LimitRanger" "ServiceAccount" "ResourceQuota" "DefaultStorageClass" "DefaultTolerationSeconds" "NodeRestriction"]; default = ["NamespaceLifecycle" "LimitRanger" "ServiceAccount" "ResourceQuota" "DefaultStorageClass" "DefaultTolerationSeconds" "NodeRestriction"];
example = [ example = [

2
nixos/modules/services/continuous-integration/buildkite-agent.nix
View File

@ -18,7 +18,7 @@ let
hooksDir = let hooksDir = let
mkHookEntry = name: value: '' mkHookEntry = name: value: ''
cat > $out/${name} <<EOF cat > $out/${name} <<EOF
#! ${pkgs.stdenv.shell} #! ${pkgs.runtimeShell}
set -e set -e
${value} ${value}
EOF EOF

7
nixos/modules/services/continuous-integration/jenkins/default.nix
View File

@ -145,6 +145,11 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# server references the dejavu fonts
environment.systemPackages = [
pkgs.dejavu_fonts
];
users.extraGroups = optional (cfg.group == "jenkins") { users.extraGroups = optional (cfg.group == "jenkins") {
name = "jenkins"; name = "jenkins";
gid = config.ids.gids.jenkins; gid = config.ids.gids.jenkins;
@ -200,10 +205,12 @@ in {
${replacePlugins} ${replacePlugins}
''; '';
# For reference: https://wiki.jenkins.io/display/JENKINS/JenkinsLinuxStartupScript
script = '' script = ''
${pkgs.jdk}/bin/java ${concatStringsSep " " cfg.extraJavaOptions} -jar ${cfg.package}/webapps/jenkins.war --httpListenAddress=${cfg.listenAddress} \ ${pkgs.jdk}/bin/java ${concatStringsSep " " cfg.extraJavaOptions} -jar ${cfg.package}/webapps/jenkins.war --httpListenAddress=${cfg.listenAddress} \
--httpPort=${toString cfg.port} \ --httpPort=${toString cfg.port} \
--prefix=${cfg.prefix} \ --prefix=${cfg.prefix} \
-Djava.awt.headless=true \
${concatStringsSep " " cfg.extraOptions} ${concatStringsSep " " cfg.extraOptions}
''; '';

2
nixos/modules/services/databases/4store-endpoint.nix
View File

@ -2,7 +2,7 @@
let let
cfg = config.services.fourStoreEndpoint; cfg = config.services.fourStoreEndpoint;
endpointUser = "fourstorehttp"; endpointUser = "fourstorehttp";
run = "${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${endpointUser} -c"; run = "${pkgs.su}/bin/su -s ${pkgs.runtimeShell} ${endpointUser} -c";
in in
with lib; with lib;
{ {

2
nixos/modules/services/databases/4store.nix
View File

@ -3,7 +3,7 @@ let
cfg = config.services.fourStore; cfg = config.services.fourStore;
stateDir = "/var/lib/4store"; stateDir = "/var/lib/4store";
fourStoreUser = "fourstore"; fourStoreUser = "fourstore";
run = "${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${fourStoreUser}"; run = "${pkgs.su}/bin/su -s ${pkgs.runtimeShell} ${fourStoreUser}";
in in
with lib; with lib;
{ {

2
nixos/modules/services/editors/emacs.nix
View File

@ -7,7 +7,7 @@ let
cfg = config.services.emacs; cfg = config.services.emacs;
editorScript = pkgs.writeScriptBin "emacseditor" '' editorScript = pkgs.writeScriptBin "emacseditor" ''
#!${pkgs.stdenv.shell} #!${pkgs.runtimeShell}
if [ -z "$1" ]; then if [ -z "$1" ]; then
exec ${cfg.package}/bin/emacsclient --create-frame --alternate-editor ${cfg.package}/bin/emacs exec ${cfg.package}/bin/emacsclient --create-frame --alternate-editor ${cfg.package}/bin/emacs
else else

2
nixos/modules/services/hardware/udev.nix
View File

@ -146,7 +146,7 @@ let
echo "Generating hwdb database..." echo "Generating hwdb database..."
# hwdb --update doesn't return error code even on errors! # hwdb --update doesn't return error code even on errors!
res="$(${udev}/bin/udevadm hwdb --update --root=$(pwd) 2>&1)" res="$(${pkgs.buildPackages.udev}/bin/udevadm hwdb --update --root=$(pwd) 2>&1)"
echo "$res" echo "$res"
[ -z "$(echo "$res" | egrep '^Error')" ] [ -z "$(echo "$res" | egrep '^Error')" ]
mv etc/udev/hwdb.bin $out mv etc/udev/hwdb.bin $out

2
nixos/modules/services/logging/graylog.nix
View File

@ -141,7 +141,7 @@ in
JAVA_HOME = jre; JAVA_HOME = jre;
GRAYLOG_CONF = "${confFile}"; GRAYLOG_CONF = "${confFile}";
}; };
path = [ pkgs.openjdk8 pkgs.which pkgs.procps ]; path = [ pkgs.jre_headless pkgs.which pkgs.procps ];
preStart = '' preStart = ''
mkdir -p /var/lib/graylog -m 755 mkdir -p /var/lib/graylog -m 755

1
nixos/modules/services/mail/dovecot.nix
View File

@ -30,6 +30,7 @@ let
'' ''
default_internal_user = ${cfg.user} default_internal_user = ${cfg.user}
default_internal_group = ${cfg.group}
${optionalString (cfg.mailUser != null) "mail_uid = ${cfg.mailUser}"} ${optionalString (cfg.mailUser != null) "mail_uid = ${cfg.mailUser}"}
${optionalString (cfg.mailGroup != null) "mail_gid = ${cfg.mailGroup}"} ${optionalString (cfg.mailGroup != null) "mail_gid = ${cfg.mailGroup}"}

244
nixos/modules/services/misc/defaultUnicornConfig.rb
View File

@ -1,205 +1,69 @@
# The following was taken from github.com/crohr/syslogger and is BSD worker_processes 3
# licensed.
require 'syslog'
require 'logger'
require 'thread'
class Syslogger
VERSION = "1.6.0"
attr_reader :level, :ident, :options, :facility, :max_octets
attr_accessor :formatter
MAPPING = {
Logger::DEBUG => Syslog::LOG_DEBUG,
Logger::INFO => Syslog::LOG_INFO,
Logger::WARN => Syslog::LOG_WARNING,
Logger::ERROR => Syslog::LOG_ERR,
Logger::FATAL => Syslog::LOG_CRIT,
Logger::UNKNOWN => Syslog::LOG_ALERT
}
#
# Initializes default options for the logger
# <tt>ident</tt>:: the name of your program [default=$0].
# <tt>options</tt>:: syslog options [default=<tt>Syslog::LOG_PID | Syslog::LOG_CONS</tt>].
# Correct values are:
# LOG_CONS : writes the message on the console if an error occurs when sending the message;
# LOG_NDELAY : no delay before sending the message;
# LOG_PERROR : messages will also be written on STDERR;
# LOG_PID : adds the process number to the message (just after the program name)
# <tt>facility</tt>:: the syslog facility [default=nil] Correct values include:
# Syslog::LOG_DAEMON
# Syslog::LOG_USER
# Syslog::LOG_SYSLOG
# Syslog::LOG_LOCAL2
# Syslog::LOG_NEWS
# etc.
#
# Usage:
# logger = Syslogger.new("my_app", Syslog::LOG_PID | Syslog::LOG_CONS, Syslog::LOG_LOCAL0)
# logger.level = Logger::INFO # use Logger levels
# logger.warn "warning message"
# logger.debug "debug message"
#
def initialize(ident = $0, options = Syslog::LOG_PID | Syslog::LOG_CONS, facility = nil)
@ident = ident
@options = options || (Syslog::LOG_PID | Syslog::LOG_CONS)
@facility = facility
@level = Logger::INFO
@mutex = Mutex.new
@formatter = Logger::Formatter.new
end
%w{debug info warn error fatal unknown}.each do |logger_method|
# Accepting *args as message could be nil.
# Default params not supported in ruby 1.8.7
define_method logger_method.to_sym do |*args, &block|
return true if @level > Logger.const_get(logger_method.upcase)
message = args.first || block && block.call
add(Logger.const_get(logger_method.upcase), message)
end
unless logger_method == 'unknown'
define_method "#{logger_method}?".to_sym do
@level <= Logger.const_get(logger_method.upcase)
end
end
end
# Log a message at the Logger::INFO level. Useful for use with Rack::CommonLogger
def write(msg)
add(Logger::INFO, msg)
end
# Logs a message at the Logger::INFO level.
def <<(msg)
add(Logger::INFO, msg)
end
# Low level method to add a message.
# +severity+:: the level of the message. One of Logger::DEBUG, Logger::INFO, Logger::WARN, Logger::ERROR, Logger::FATAL, Logger::UNKNOWN
# +message+:: the message string.
# If nil, the method will call the block and use the result as the message string.
# If both are nil or no block is given, it will use the progname as per the behaviour of both the standard Ruby logger, and the Rails BufferedLogger.
# +progname+:: optionally, overwrite the program name that appears in the log message.
def add(severity, message = nil, progname = nil, &block)
if message.nil? && block.nil? && !progname.nil?
message, progname = progname, nil
end
progname ||= @ident
@mutex.synchronize do
Syslog.open(progname, @options, @facility) do |s|
s.mask = Syslog::LOG_UPTO(MAPPING[@level])
communication = clean(message || block && block.call)
if self.max_octets
buffer = "#{tags_text}"
communication.bytes do |byte|
buffer.concat(byte)
# if the last byte we added is potentially part of an escape, we'll go ahead and add another byte
if buffer.bytesize >= self.max_octets && !['%'.ord,'\\'.ord].include?(byte)
s.log(MAPPING[severity],buffer)
buffer = ""
end
end
s.log(MAPPING[severity],buffer) unless buffer.empty?
else
s.log(MAPPING[severity],"#{tags_text}#{communication}")
end
end
end
end
# Set the max octets of the messages written to the log
def max_octets=(max_octets)
@max_octets = max_octets
end
# Sets the minimum level for messages to be written in the log.
# +level+:: one of <tt>Logger::DEBUG</tt>, <tt>Logger::INFO</tt>, <tt>Logger::WARN</tt>, <tt>Logger::ERROR</tt>, <tt>Logger::FATAL</tt>, <tt>Logger::UNKNOWN</tt>
def level=(level)
level = Logger.const_get(level.to_s.upcase) if level.is_a?(Symbol)
unless level.is_a?(Fixnum)
raise ArgumentError.new("Invalid logger level `#{level.inspect}`")
end
@level = level
end
# Sets the ident string passed along to Syslog
def ident=(ident)
@ident = ident
end
# Tagging code borrowed from ActiveSupport gem
def tagged(*tags)
new_tags = push_tags(*tags)
yield self
ensure
pop_tags(new_tags.size)
end
def push_tags(*tags)
tags.flatten.reject{ |i| i.respond_to?(:empty?) ? i.empty? : !i }.tap do |new_tags|
current_tags.concat new_tags
end
end
def pop_tags(size = 1)
current_tags.pop size
end
def clear_tags!
current_tags.clear
end
protected
# Borrowed from SyslogLogger.
def clean(message)
message = message.to_s.dup
message.strip! # remove whitespace
message.gsub!(/\n/, '\\n') # escape newlines
message.gsub!(/%/, '%%') # syslog(3) freaks on % (printf)
message.gsub!(/\e\[[^m]*m/, '') # remove useless ansi color codes
message
end
private
def tags_text
tags = current_tags
if tags.any?
tags.collect { |tag| "[#{tag}] " }.join
end
end
def current_tags
Thread.current[:syslogger_tagged_logging_tags] ||= []
end
end
worker_processes 2
working_directory ENV["GITLAB_PATH"]
pid ENV["UNICORN_PATH"] + "/tmp/pids/unicorn.pid"
listen ENV["UNICORN_PATH"] + "/tmp/sockets/gitlab.socket", :backlog => 1024 listen ENV["UNICORN_PATH"] + "/tmp/sockets/gitlab.socket", :backlog => 1024
listen "/run/gitlab/gitlab.socket", :backlog => 1024
working_directory ENV["GITLAB_PATH"]
pid ENV["UNICORN_PATH"] + "/tmp/pids/unicorn.pid"
timeout 60 timeout 60
logger Syslogger.new # combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
preload_app true preload_app true
GC.respond_to?(:copy_on_write_friendly=) and GC.respond_to?(:copy_on_write_friendly=) and
GC.copy_on_write_friendly = true GC.copy_on_write_friendly = true
check_client_connection false check_client_connection false
before_fork do |server, worker|
# the following is highly recommended for Rails + "preload_app true"
# as there's no need for the master process to hold a connection
defined?(ActiveRecord::Base) and
ActiveRecord::Base.connection.disconnect!
# The following is only recommended for memory/DB-constrained
# installations. It is not needed if your system can house
# twice as many worker_processes as you have configured.
#
# This allows a new master process to incrementally
# phase out the old master process with SIGTTOU to avoid a
# thundering herd (especially in the "preload_app false" case)
# when doing a transparent upgrade. The last worker spawned
# will then kill off the old master process with a SIGQUIT.
old_pid = "#{server.config[:pid]}.oldbin"
if old_pid != server.pid
begin
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
Process.kill(sig, File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
end
end
# Throttle the master from forking too quickly by sleeping. Due
# to the implementation of standard Unix signal handlers, this
# helps (but does not completely) prevent identical, repeated signals
# from being lost when the receiving process is busy.
# sleep 1
end
after_fork do |server, worker| after_fork do |server, worker|
# per-process listener ports for debugging/admin/migrations
# addr = "127.0.0.1:#{9293 + worker.nr}"
# server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
# the following is *required* for Rails + "preload_app true",
defined?(ActiveRecord::Base) and defined?(ActiveRecord::Base) and
ActiveRecord::Base.establish_connection ActiveRecord::Base.establish_connection
# reset prometheus client, this will cause any opened metrics files to be closed
defined?(::Prometheus::Client.reinitialize_on_pid_change) &&
Prometheus::Client.reinitialize_on_pid_change
# if preload_app is true, then you may also want to check and
# restart any other shared sockets/descriptors such as Memcached,
# and Redis. TokyoCabinet file handles are safe to reuse
# between any number of forked children (assuming your kernel
# correctly implements pread()/pwrite() system calls)
end end

2
nixos/modules/services/misc/folding-at-home.nix
View File

@ -57,7 +57,7 @@ in {
chown ${fahUser} ${stateDir} chown ${fahUser} ${stateDir}
cp -f ${pkgs.writeText "client.cfg" cfg.config} ${stateDir}/client.cfg cp -f ${pkgs.writeText "client.cfg" cfg.config} ${stateDir}/client.cfg
''; '';
script = "${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${fahUser} -c 'cd ${stateDir}; ${pkgs.foldingathome}/bin/fah6'"; script = "${pkgs.su}/bin/su -s ${pkgs.runtimeShell} ${fahUser} -c 'cd ${stateDir}; ${pkgs.foldingathome}/bin/fah6'";
}; };
services.foldingAtHome.config = '' services.foldingAtHome.config = ''

2
nixos/modules/services/misc/geoip-updater.nix
View File

@ -14,7 +14,7 @@ let
# ExecStart= command with '@' doesn't work because we start a shell (new # ExecStart= command with '@' doesn't work because we start a shell (new
# process) that creates a new argv[0].) # process) that creates a new argv[0].)
geoip-updater = pkgs.writeScriptBin "geoip-updater" '' geoip-updater = pkgs.writeScriptBin "geoip-updater" ''
#!${pkgs.stdenv.shell} #!${pkgs.runtimeShell}
skipExisting=0 skipExisting=0
debug() debug()
{ {

56
nixos/modules/services/misc/gitea.nix
View File

@ -4,6 +4,8 @@ with lib;
let let
cfg = config.services.gitea; cfg = config.services.gitea;
pg = config.services.postgresql;
usePostgresql = cfg.database.type == "postgres";
configFile = pkgs.writeText "app.ini" '' configFile = pkgs.writeText "app.ini" ''
APP_NAME = ${cfg.appName} APP_NAME = ${cfg.appName}
RUN_USER = ${cfg.user} RUN_USER = ${cfg.user}
@ -16,6 +18,9 @@ let
USER = ${cfg.database.user} USER = ${cfg.database.user}
PASSWD = #dbpass# PASSWD = #dbpass#
PATH = ${cfg.database.path} PATH = ${cfg.database.path}
${optionalString usePostgresql ''
SSL_MODE = disable
''}
[repository] [repository]
ROOT = ${cfg.repositoryRoot} ROOT = ${cfg.repositoryRoot}
@ -35,6 +40,10 @@ let
SECRET_KEY = #secretkey# SECRET_KEY = #secretkey#
INSTALL_LOCK = true INSTALL_LOCK = true
[log]
ROOT_PATH = ${cfg.log.rootPath}
LEVEL = ${cfg.log.level}
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
in in
@ -60,6 +69,19 @@ in
description = "gitea data directory."; description = "gitea data directory.";
}; };
log = {
rootPath = mkOption {
default = "${cfg.stateDir}/log";
type = types.str;
description = "Root path for log files.";
};
level = mkOption {
default = "Trace";
type = types.enum [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ];
description = "General log level.";
};
};
user = mkOption { user = mkOption {
type = types.str; type = types.str;
default = "gitea"; default = "gitea";
@ -82,7 +104,7 @@ in
port = mkOption { port = mkOption {
type = types.int; type = types.int;
default = 3306; default = (if !usePostgresql then 3306 else pg.port);
description = "Database host port."; description = "Database host port.";
}; };
@ -123,6 +145,15 @@ in
default = "${cfg.stateDir}/data/gitea.db"; default = "${cfg.stateDir}/data/gitea.db";
description = "Path to the sqlite3 database file."; description = "Path to the sqlite3 database file.";
}; };
createDatabase = mkOption {
type = types.bool;
default = true;
description = ''
Whether to create a local postgresql database automatically.
This only applies if database type "postgres" is selected.
'';
};
}; };
appName = mkOption { appName = mkOption {
@ -186,10 +217,11 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.postgresql.enable = mkIf usePostgresql (mkDefault true);
systemd.services.gitea = { systemd.services.gitea = {
description = "gitea"; description = "gitea";
after = [ "network.target" ]; after = [ "network.target" "postgresql.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ pkgs.gitea.bin ]; path = [ pkgs.gitea.bin ];
@ -231,12 +263,31 @@ in
mkdir -p ${cfg.stateDir}/conf mkdir -p ${cfg.stateDir}/conf
cp -r ${pkgs.gitea.out}/locale ${cfg.stateDir}/conf/locale cp -r ${pkgs.gitea.out}/locale ${cfg.stateDir}/conf/locale
fi fi
'' + optionalString (usePostgresql && cfg.database.createDatabase) ''
if ! test -e "${cfg.stateDir}/db-created"; then
echo "CREATE ROLE ${cfg.database.user}
WITH ENCRYPTED PASSWORD '$(head -n1 ${cfg.database.passwordFile})'
NOCREATEDB NOCREATEROLE LOGIN" |
${pkgs.sudo}/bin/sudo -u ${pg.superUser} ${pg.package}/bin/psql
${pkgs.sudo}/bin/sudo -u ${pg.superUser} \
${pg.package}/bin/createdb \
--owner=${cfg.database.user} \
--encoding=UTF8 \
--lc-collate=C \
--lc-ctype=C \
--template=template0 \
${cfg.database.name}
touch "${cfg.stateDir}/db-created"
fi
'' + ''
chown ${cfg.user} -R ${cfg.stateDir}
''; '';
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = cfg.user; User = cfg.user;
WorkingDirectory = cfg.stateDir; WorkingDirectory = cfg.stateDir;
PermissionsStartOnly = true;
ExecStart = "${pkgs.gitea.bin}/bin/gitea web"; ExecStart = "${pkgs.gitea.bin}/bin/gitea web";
Restart = "always"; Restart = "always";
}; };
@ -253,6 +304,7 @@ in
description = "Gitea Service"; description = "Gitea Service";
home = cfg.stateDir; home = cfg.stateDir;
createHome = true; createHome = true;
useDefaultShell = true;
}; };
}; };

2
nixos/modules/services/misc/gitit.nix
View File

@ -17,7 +17,7 @@ let
gititSh = hsPkgs: extras: with pkgs; let gititSh = hsPkgs: extras: with pkgs; let
env = gititWithPkgs hsPkgs extras; env = gititWithPkgs hsPkgs extras;
in writeScript "gitit" '' in writeScript "gitit" ''
#!${stdenv.shell} #!${runtimeShell}
cd $HOME cd $HOME
export NIX_GHC="${env}/bin/ghc" export NIX_GHC="${env}/bin/ghc"
export NIX_GHCPKG="${env}/bin/ghc-pkg" export NIX_GHCPKG="${env}/bin/ghc-pkg"

6
nixos/modules/services/misc/gitlab.nix
View File

@ -143,6 +143,7 @@ let
GITLAB_PATH = "${cfg.packages.gitlab}/share/gitlab/"; GITLAB_PATH = "${cfg.packages.gitlab}/share/gitlab/";
GITLAB_STATE_PATH = "${cfg.statePath}"; GITLAB_STATE_PATH = "${cfg.statePath}";
GITLAB_UPLOADS_PATH = "${cfg.statePath}/uploads"; GITLAB_UPLOADS_PATH = "${cfg.statePath}/uploads";
SCHEMA = "${cfg.statePath}/db/schema.rb";
GITLAB_LOG_PATH = "${cfg.statePath}/log"; GITLAB_LOG_PATH = "${cfg.statePath}/log";
GITLAB_SHELL_PATH = "${cfg.packages.gitlab-shell}"; GITLAB_SHELL_PATH = "${cfg.packages.gitlab-shell}";
GITLAB_SHELL_CONFIG_PATH = "${cfg.statePath}/shell/config.yml"; GITLAB_SHELL_CONFIG_PATH = "${cfg.statePath}/shell/config.yml";
@ -500,7 +501,7 @@ in {
Type = "simple"; Type = "simple";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
TimeoutSec = "300"; TimeoutSec = "infinity";
Restart = "on-failure"; Restart = "on-failure";
WorkingDirectory = gitlabEnv.HOME; WorkingDirectory = gitlabEnv.HOME;
ExecStart = "${cfg.packages.gitaly}/bin/gitaly ${gitalyToml}"; ExecStart = "${cfg.packages.gitaly}/bin/gitaly ${gitalyToml}";
@ -566,6 +567,7 @@ in {
mkdir -p ${cfg.statePath}/tmp/pids mkdir -p ${cfg.statePath}/tmp/pids
mkdir -p ${cfg.statePath}/tmp/sockets mkdir -p ${cfg.statePath}/tmp/sockets
mkdir -p ${cfg.statePath}/shell mkdir -p ${cfg.statePath}/shell
mkdir -p ${cfg.statePath}/db
rm -rf ${cfg.statePath}/config ${cfg.statePath}/shell/hooks rm -rf ${cfg.statePath}/config ${cfg.statePath}/shell/hooks
mkdir -p ${cfg.statePath}/config mkdir -p ${cfg.statePath}/config
@ -580,6 +582,7 @@ in {
ln -sf ${cfg.statePath}/log /run/gitlab/log ln -sf ${cfg.statePath}/log /run/gitlab/log
ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads
ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp
ln -sf $GITLAB_SHELL_CONFIG_PATH /run/gitlab/shell-config.yml
chown -R ${cfg.user}:${cfg.group} /run/gitlab chown -R ${cfg.user}:${cfg.group} /run/gitlab
# Prepare home directory # Prepare home directory
@ -587,6 +590,7 @@ in {
touch ${gitlabEnv.HOME}/.ssh/authorized_keys touch ${gitlabEnv.HOME}/.ssh/authorized_keys
chown -R ${cfg.user}:${cfg.group} ${gitlabEnv.HOME}/ chown -R ${cfg.user}:${cfg.group} ${gitlabEnv.HOME}/
cp -rf ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db
cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
${optionalString cfg.smtp.enable '' ${optionalString cfg.smtp.enable ''
ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb

11
nixos/modules/services/misc/home-assistant.nix
View File

@ -104,7 +104,6 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.home-assistant = { systemd.services.home-assistant = {
description = "Home Assistant"; description = "Home Assistant";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
preStart = lib.optionalString (cfg.config != null) '' preStart = lib.optionalString (cfg.config != null) ''
rm -f ${cfg.configDir}/configuration.yaml rm -f ${cfg.configDir}/configuration.yaml
@ -121,6 +120,16 @@ in {
ReadWritePaths = "${cfg.configDir}"; ReadWritePaths = "${cfg.configDir}";
PrivateTmp = true; PrivateTmp = true;
}; };
path = [
"/run/wrappers" # needed for ping
];
};
systemd.targets.home-assistant = rec {
description = "Home Assistant";
wantedBy = [ "multi-user.target" ];
wants = [ "home-assistant.service" ];
after = wants;
}; };
users.extraUsers.hass = { users.extraUsers.hass = {

2
nixos/modules/services/misc/ihaskell.nix
View File

@ -55,7 +55,7 @@ in
serviceConfig = { serviceConfig = {
User = config.users.extraUsers.ihaskell.name; User = config.users.extraUsers.ihaskell.name;
Group = config.users.extraGroups.ihaskell.name; Group = config.users.extraGroups.ihaskell.name;
ExecStart = "${pkgs.stdenv.shell} -c \"cd $HOME;${ihaskell}/bin/ihaskell-notebook\""; ExecStart = "${pkgs.runtimeShell} -c \"cd $HOME;${ihaskell}/bin/ihaskell-notebook\"";
}; };
}; };
}; };

2
nixos/modules/services/misc/mesos-slave.nix
View File

@ -188,7 +188,7 @@ in {
description = "Mesos Slave"; description = "Mesos Slave";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
path = [ pkgs.stdenv.shellPackage ]; path = [ pkgs.runtimeShellPackage ];
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''
${pkgs.mesos}/bin/mesos-slave \ ${pkgs.mesos}/bin/mesos-slave \

6
nixos/modules/services/misc/nix-daemon.nix
View File

@ -30,7 +30,7 @@ let
# /bin/sh in the sandbox as a bind-mount to bash. This means we # /bin/sh in the sandbox as a bind-mount to bash. This means we
# also need to include the entire closure of bash. Nix >= 2.0 # also need to include the entire closure of bash. Nix >= 2.0
# provides a /bin/sh by default. # provides a /bin/sh by default.
sh = pkgs.stdenv.shell; sh = pkgs.runtimeShell;
binshDeps = pkgs.writeReferencesToFile sh; binshDeps = pkgs.writeReferencesToFile sh;
in in
pkgs.runCommand "nix.conf" { extraOptions = cfg.extraOptions; } '' pkgs.runCommand "nix.conf" { extraOptions = cfg.extraOptions; } ''
@ -445,12 +445,10 @@ in
mkdir -m 0755 -p \ mkdir -m 0755 -p \
/nix/var/nix/gcroots \ /nix/var/nix/gcroots \
/nix/var/nix/temproots \ /nix/var/nix/temproots \
/nix/var/nix/manifests \
/nix/var/nix/userpool \ /nix/var/nix/userpool \
/nix/var/nix/profiles \ /nix/var/nix/profiles \
/nix/var/nix/db \ /nix/var/nix/db \
/nix/var/log/nix/drvs \ /nix/var/log/nix/drvs
/nix/var/nix/channel-cache
mkdir -m 1777 -p \ mkdir -m 1777 -p \
/nix/var/nix/gcroots/per-user \ /nix/var/nix/gcroots/per-user \
/nix/var/nix/profiles/per-user \ /nix/var/nix/profiles/per-user \

2
nixos/modules/services/misc/nixos-manual.nix
View File

@ -43,7 +43,7 @@ let
helpScript = pkgs.writeScriptBin "nixos-help" helpScript = pkgs.writeScriptBin "nixos-help"
'' ''
#! ${pkgs.stdenv.shell} -e #! ${pkgs.runtimeShell} -e
browser="$BROWSER" browser="$BROWSER"
if [ -z "$browser" ]; then if [ -z "$browser" ]; then
browser="$(type -P xdg-open || true)" browser="$(type -P xdg-open || true)"

92
nixos/modules/services/misc/serviio.nix Normal file
View File

@ -0,0 +1,92 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.serviio;
serviioStart = pkgs.writeScript "serviio.sh" ''
#!${pkgs.bash}/bin/sh
SERVIIO_HOME=${pkgs.serviio}
# Setup the classpath
SERVIIO_CLASS_PATH="$SERVIIO_HOME/lib/*:$SERVIIO_HOME/config"
# Setup Serviio specific properties
JAVA_OPTS="-Djava.net.preferIPv4Stack=true -Djava.awt.headless=true -Dorg.restlet.engine.loggerFacadeClass=org.restlet.ext.slf4j.Slf4jLoggerFacade
-Dderby.system.home=${cfg.dataDir}/library -Dserviio.home=${cfg.dataDir} -Dffmpeg.location=${pkgs.ffmpeg}/bin/ffmpeg -Ddcraw.location=${pkgs.dcraw}/bin/dcraw"
# Execute the JVM in the foreground
exec ${pkgs.jre}/bin/java -Xmx512M -Xms20M -XX:+UseG1GC -XX:GCTimeRatio=1 -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 $JAVA_OPTS -classpath "$SERVIIO_CLASS_PATH" org.serviio.MediaServer "$@"
'';
in {
###### interface
options = {
services.serviio = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the Serviio Media Server.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/serviio";
description = ''
The directory where serviio stores its state, data, etc.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
systemd.services.serviio = {
description = "Serviio Media Server";
after = [ "local-fs.target" "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.serviio ];
serviceConfig = {
User = "serviio";
Group = "serviio";
ExecStart = "${serviioStart}";
ExecStop = "${serviioStart} -stop";
};
};
users.extraUsers = [
{
name = "serviio";
group = "serviio";
home = cfg.dataDir;
description = "Serviio Media Server User";
createHome = true;
isSystemUser = true;
}
];
users.extraGroups = [
{ name = "serviio";}
];
networking.firewall = {
allowedTCPPorts = [
8895 # serve UPnP responses
23423 # console
23424 # mediabrowser
];
allowedUDPPorts = [
1900 # UPnP service discovey
];
};
};
}

Some files were not shown because too many files have changed in this diff Show More