ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-28 08:07:24 +03:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into HEAD

Browse Source
This commit is contained in:
Nikolay Amiantov 2017-10-17 03:39:54 +03:00
commit c6c67c46bf
649 changed files with 15141 additions and 11004 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/CODEOWNERS vendored
View File

@ -50,3 +50,6 @@ pkgs/development/tools/erlang/* @gleber
# Jetbrains
pkgs/applications/editors/jetbrains @edwtjo
# Eclipse
pkgs/applications/editors/eclipse @rycee

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -9,7 +9,7 @@
- Built on platform(s)
- [ ] NixOS
- [ ] macOS
- [ ] Linux
- [ ] other Linux distributions
- [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nox --run "nox-review wip"`
- [ ] Tested execution of all binary files (usually in `./result/bin/`)

10
README.md
View File

@ -13,12 +13,12 @@ build daemon as so-called channels. To get channel information via git, add
```
For stability and maximum binary package support, it is recommended to maintain
custom changes on top of one of the channels, e.g. `nixos-17.03` for the latest
custom changes on top of one of the channels, e.g. `nixos-17.09` for the latest
release and `nixos-unstable` for the latest successful build of master:
```
% git remote update channels
% git rebase channels/nixos-17.03
% git rebase channels/nixos-17.09
```
For pull-requests, please rebase onto nixpkgs `master`.
@ -30,11 +30,11 @@ For pull-requests, please rebase onto nixpkgs `master`.
* [Documentation (Nix Expression Language chapter)](https://nixos.org/nix/manual/#ch-expression-language)
* [Manual (How to write packages for Nix)](https://nixos.org/nixpkgs/manual/)
* [Manual (NixOS)](https://nixos.org/nixos/manual/)
* [Nix Wiki](https://nixos.org/wiki/) (deprecated, see milestone ["Move the Wiki!"](https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Move+the+wiki%21%22))
* [Community maintained wiki](https://nixos.wiki/)
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for 17.03 release](https://hydra.nixos.org/jobset/nixos/release-17.03)
* [Continuous package builds for 17.09 release](https://hydra.nixos.org/jobset/nixos/release-17.09)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for 17.03 release](https://hydra.nixos.org/job/nixos/release-17.03/tested#tabs-constituents)
* [Tests for 17.09 release](https://hydra.nixos.org/job/nixos/release-17.09/tested#tabs-constituents)
Communication:

16
lib/maintainers.nix
View File

@ -41,6 +41,7 @@
amorsillo = "Andrew Morsillo <andrew.morsillo@gmail.com>";
AndersonTorres = "Anderson Torres <torres.anderson.85@gmail.com>";
anderspapitto = "Anders Papitto <anderspapitto@gmail.com>";
andir = "Andreas Rammhold <andreas@rammhold.de>";
andres = "Andres Loeh <ksnixos@andres-loeh.de>";
andrewrk = "Andrew Kelley <superjoe30@gmail.com>";
andsild = "Anders Sildnes <andsild@gmail.com>";
@ -71,6 +72,7 @@
bcarrell = "Brandon Carrell <brandoncarrell@gmail.com>";
bcdarwin = "Ben Darwin <bcdarwin@gmail.com>";
bdimcheff = "Brandon Dimcheff <brandon@dimcheff.com>";
bendlas = "Herwig Hochleitner <herwig@bendlas.net>";
benley = "Benjamin Staffin <benley@gmail.com>";
bennofs = "Benno Fünfstück <benno.fuenfstueck@gmail.com>";
benwbooth = "Ben Booth <benwbooth@gmail.com>";
@ -98,6 +100,7 @@
canndrew = "Andrew Cann <shum@canndrew.org>";
carlsverre = "Carl Sverre <accounts@carlsverre.com>";
casey = "Casey Rodarmor <casey@rodarmor.net>";
catern = "Spencer Baugh <sbaugh@catern.com>";
caugner = "Claas Augner <nixos@caugner.de>";
cdepillabout = "Dennis Gosnell <cdep.illabout@gmail.com>";
cfouche = "Chaddaï Fouché <chaddai.fouche@gmail.com>";
@ -105,6 +108,7 @@
chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
chattered = "Phil Scott <me@philscotted.com>";
choochootrain = "Hurshal Patel <hurshal@imap.cc>";
chpatrick = "Patrick Chilton <chpatrick@gmail.com>";
chris-martin = "Chris Martin <ch.martin@gmail.com>";
chrisjefferson = "Christopher Jefferson <chris@bubblescope.net>";
chrisrosset = "Christopher Rosset <chris@rosset.org.uk>";
@ -136,6 +140,7 @@
dancek = "Hannu Hartikainen <hannu.hartikainen@gmail.com>";
danielfullmer = "Daniel Fullmer <danielrf12@gmail.com>";
dasuxullebt = "Christoph-Simon Senjak <christoph.senjak@googlemail.com>";
david50407 = "David Kuo <me@davy.tw>";
davidak = "David Kleuker <post@davidak.de>";
davidrusu = "David Rusu <davidrusu.me@gmail.com>";
davorb = "Davor Babic <davor@davor.se>";
@ -163,13 +168,15 @@
dotlambda = "Robert Schütz <rschuetz17@gmail.com>";
doublec = "Chris Double <chris.double@double.co.nz>";
dpaetzel = "David Pätzel <david.a.paetzel@gmail.com>";
dpflug = "David Pflug <david@pflug.email>";
drets = "Dmytro Rets <dmitryrets@gmail.com>";
drewkett = "Andrew Burkett <burkett.andrew@gmail.com>";
dsferruzza = "David Sferruzza <david.sferruzza@gmail.com>";
dtzWill = "Will Dietz <nix@wdtz.org>";
dupgit = "Olivier Delhomme <olivier.delhomme@free.fr>";
dywedir = "Vladyslav M. <dywedir@protonmail.ch>";
e-user = "Alexander Kahl <nixos@sodosopa.io>";
ebzzry = "Rommel Martinez <ebzzry@gmail.com>";
ebzzry = "Rommel Martinez <ebzzry@ebzzry.io>";
edanaher = "Evan Danaher <nixos@edanaher.net>";
edef = "edef <edef@edef.eu>";
ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
@ -190,6 +197,7 @@
eqyiel = "Ruben Maher <r@rkm.id.au>";
ericbmerritt = "Eric Merritt <eric@afiniate.com>";
ericsagnes = "Eric Sagnes <eric.sagnes@gmail.com>";
erictapen = "Justin Humm <justin.humm@posteo.de>";
erikryb = "Erik Rybakken <erik.rybakken@math.ntnu.no>";
ertes = "Ertugrul Söylemez <esz@posteo.de>";
ethercrow = "Dmitry Ivanov <ethercrow@gmail.com>";
@ -201,6 +209,7 @@
falsifian = "James Cook <james.cook@utoronto.ca>";
fare = "Francois-Rene Rideau <fahree@gmail.com>";
fgaz = "Francesco Gazzetta <francygazz@gmail.com>";
flokli = "Florian Klink <flokli@flokli.de>";
florianjacob = "Florian Jacob <projects+nixos@florianjacob.de>";
flosse = "Markus Kohlhase <mail@markus-kohlhase.de>";
fluffynukeit = "Daniel Austin <dan@fluffynukeit.com>";
@ -384,7 +393,6 @@
mikefaille = "Michaël Faille <michael@faille.io>";
miltador = "Vasiliy Solovey <miltador@yandex.ua>";
mimadrid = "Miguel Madrid <mimadrid@ucm.es>";
mingchuan = "Ming Chuan <ming@culpring.com>";
mirdhyn = "Merlin Gaillard <mirdhyn@gmail.com>";
mirrexagon = "Andrew Abbott <mirrexagon@mirrexagon.com>";
mjanczyk = "Marcin Janczyk <m@dragonvr.pl>";
@ -458,6 +466,7 @@
periklis = "theopompos@gmail.com";
pesterhazy = "Paulus Esterhazy <pesterhazy@gmail.com>";
peterhoeg = "Peter Hoeg <peter@hoeg.com>";
peterromfeldhk = "Peter Romfeld <peter.romfeld.hk@gmail.com>";
peti = "Peter Simons <simons@cryp.to>";
philandstuff = "Philip Potter <philip.g.potter@gmail.com>";
phile314 = "Philipp Hausmann <nix@314.ch>";
@ -550,6 +559,7 @@
shell = "Shell Turner <cam.turn@gmail.com>";
shlevy = "Shea Levy <shea@shealevy.com>";
siddharthist = "Langston Barrett <langston.barrett@gmail.com>";
sifmelcara = "Ming Chuan <ming@culpring.com>";
sigma = "Yann Hodique <yann.hodique@gmail.com>";
simonvandel = "Simon Vandel Sillesen <simon.vandel@gmail.com>";
sivteck = "Sivaram Balakrishnan <sivaram1992@gmail.com>";
@ -574,6 +584,7 @@
sternenseemann = "Lukas Epple <post@lukasepple.de>";
stesie = "Stefan Siegl <stesie@brokenpipe.de>";
steveej = "Stefan Junker <mail@stefanjunker.de>";
stumoss = "Stuart Moss <samoss@gmail.com>";
SuprDewd = "Bjarki Ágúst Guðmundsson <suprdewd@gmail.com>";
swarren83 = "Shawn Warren <shawn.w.warren@gmail.com>";
swflint = "Samuel W. Flint <swflint@flintfam.org>";
@ -588,6 +599,7 @@
taku0 = "Takuo Yonezawa <mxxouy6x3m_github@tatapa.org>";
tari = "Peter Marheine <peter@taricorp.net>";
tavyc = "Octavian Cerna <octavian.cerna@gmail.com>";
TealG = "Teal Gaure <~@Teal.Gr>";
teh = "Tom Hunger <tehunger@gmail.com>";
telotortium = "Robert Irelan <rirelan@gmail.com>";
teto = "Matthieu Coudron <mcoudron@hotmail.com>";

19
lib/types.nix
View File

@ -240,25 +240,6 @@ rec {
functor = (defaultFunctor name) // { wrapped = elemType; };
};
# List or element of ...
loeOf = elemType: mkOptionType rec {
name = "loeOf";
description = "element or list of ${elemType.description}s";
check = x: isList x || elemType.check x;
merge = loc: defs:
let
defs' = filterOverrides defs;
res = (head defs').value;
in
if isList res then concatLists (getValues defs')
else if lessThan 1 (length defs') then
throw "The option `${showOption loc}' is defined multiple times, in ${showFiles (getFiles defs)}."
else if !isString res then
throw "The option `${showOption loc}' does not have a string value, in ${showFiles (getFiles defs)}."
else res;
functor = (defaultFunctor name) // { wrapped = elemType; };
};
# Value of given type but with no merging (i.e. `uniq list`s are not concatenated).
uniq = elemType: mkOptionType rec {
name = "uniq";

4
maintainers/scripts/hydra-eval-failures.py
View File

@ -49,8 +49,8 @@ def get_maintainers(attr_name):
@click.command()
@click.option(
'--jobset',
default="nixos/release-17.03",
help='Hydra project like nixos/release-17.03')
default="nixos/release-17.09",
help='Hydra project like nixos/release-17.09')
def cli(jobset):
"""
Given a Hydra project, inspect latest evaluation

2
nixos/doc/manual/installation/installing-usb.xml
View File

@ -31,7 +31,7 @@ ISO, copy its contents verbatim to your drive, then either:
<para>Edit <filename>loader/entries/nixos-livecd.conf</filename> on the drive
and change the <literal>root=</literal> field in the <literal>options</literal>
line to point to your drive (see the documentation on <literal>root=</literal>
in <link xlink:href="https://www.kernel.org/doc/Documentation/kernel-parameters.txt">
in <link xlink:href="https://www.kernel.org/doc/Documentation/admin-guide/kernel-parameters.txt">
the kernel documentation</link> for more details).</para>
</listitem>
<listitem>

2
nixos/doc/manual/release-notes/rl-1803.xml
View File

@ -71,6 +71,8 @@ following incompatible changes:</para>
<itemizedlist>
<listitem>
<para>
ZNC option <option>services.znc.mutable</option> now defaults to <literal>true</literal>.
That means that old configuration is not overwritten by default when update to the znc options are made.
</para>
</listitem>
</itemizedlist>

2
nixos/lib/make-disk-image.nix
View File

@ -80,7 +80,7 @@ let
truncate -s ${toString diskSize}M $diskImage
${if partitioned then ''
parted $diskImage -- mklabel msdos mkpart primary ext4 1M -1s
parted --script $diskImage -- mklabel msdos mkpart primary ext4 1M -1s
offset=$((2048*512))
'' else ''
offset=0

1
nixos/lib/testing.nix
View File

@ -149,6 +149,7 @@ rec {
{ key = "run-in-machine";
networking.hostName = "client";
nix.readOnlyStore = false;
virtualisation.writableStore = false;
}
];

7
nixos/modules/config/debug-info.nix
View File

@ -30,14 +30,15 @@ with lib;
};
config = {
config = mkIf config.environment.enableDebugInfo {
# FIXME: currently disabled because /lib is already in
# environment.pathsToLink, and we can't have both.
#environment.pathsToLink = [ "/lib/debug/.build-id" ];
environment.extraOutputsToInstall =
optional config.environment.enableDebugInfo "debug";
environment.extraOutputsToInstall = [ "debug" ];
environment.variables.NIX_DEBUG_INFO_DIRS = [ "/run/current-system/sw/lib/debug" ];
};

206
nixos/modules/config/krb5.nix
View File

@ -1,206 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.krb5;
in
{
###### interface
options = {
krb5 = {
enable = mkOption {
default = false;
description = "Whether to enable Kerberos V.";
};
defaultRealm = mkOption {
default = "ATENA.MIT.EDU";
description = "Default realm.";
};
domainRealm = mkOption {
default = "atena.mit.edu";
description = "Default domain realm.";
};
kdc = mkOption {
default = "kerberos.mit.edu";
description = "Key Distribution Center";
};
kerberosAdminServer = mkOption {
default = "kerberos.mit.edu";
description = "Kerberos Admin Server.";
};
};
};
###### implementation
config = mkIf config.krb5.enable {
environment.systemPackages = [ pkgs.krb5Full ];
environment.etc."krb5.conf".text =
''
[libdefaults]
default_realm = ${cfg.defaultRealm}
encrypt = true
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
# default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
# default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
# permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
${cfg.defaultRealm} = {
kdc = ${cfg.kdc}
admin_server = ${cfg.kerberosAdminServer}
#kpasswd_server = ${cfg.kerberosAdminServer}
}
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
admin_server = kerberos.media.mit.edu
}
ZONE.MIT.EDU = {
kdc = casio.mit.edu
kdc = seiko.mit.edu
admin_server = casio.mit.edu
}
MOOF.MIT.EDU = {
kdc = three-headed-dogcow.mit.edu:88
kdc = three-headed-dogcow-1.mit.edu:88
admin_server = three-headed-dogcow.mit.edu
}
CSAIL.MIT.EDU = {
kdc = kerberos-1.csail.mit.edu
kdc = kerberos-2.csail.mit.edu
admin_server = kerberos.csail.mit.edu
default_domain = csail.mit.edu
krb524_server = krb524.csail.mit.edu
}
IHTFP.ORG = {
kdc = kerberos.ihtfp.org
admin_server = kerberos.ihtfp.org
}
GNU.ORG = {
kdc = kerberos.gnu.org
kdc = kerberos-2.gnu.org
kdc = kerberos-3.gnu.org
admin_server = kerberos.gnu.org
}
1TS.ORG = {
kdc = kerberos.1ts.org
admin_server = kerberos.1ts.org
}
GRATUITOUS.ORG = {
kdc = kerberos.gratuitous.org
admin_server = kerberos.gratuitous.org
}
DOOMCOM.ORG = {
kdc = kerberos.doomcom.org
admin_server = kerberos.doomcom.org
}
ANDREW.CMU.EDU = {
kdc = vice28.fs.andrew.cmu.edu
kdc = vice2.fs.andrew.cmu.edu
kdc = vice11.fs.andrew.cmu.edu
kdc = vice12.fs.andrew.cmu.edu
admin_server = vice28.fs.andrew.cmu.edu
default_domain = andrew.cmu.edu
}
CS.CMU.EDU = {
kdc = kerberos.cs.cmu.edu
kdc = kerberos-2.srv.cs.cmu.edu
admin_server = kerberos.cs.cmu.edu
}
DEMENTIA.ORG = {
kdc = kerberos.dementia.org
kdc = kerberos2.dementia.org
admin_server = kerberos.dementia.org
}
stanford.edu = {
kdc = krb5auth1.stanford.edu
kdc = krb5auth2.stanford.edu
kdc = krb5auth3.stanford.edu
admin_server = krb5-admin.stanford.edu
default_domain = stanford.edu
}
[domain_realm]
.${cfg.domainRealm} = ${cfg.defaultRealm}
${cfg.domainRealm} = ${cfg.defaultRealm}
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
.exchange.mit.edu = EXCHANGE.MIT.EDU
exchange.mit.edu = EXCHANGE.MIT.EDU
.media.mit.edu = MEDIA-LAB.MIT.EDU
media.mit.edu = MEDIA-LAB.MIT.EDU
.csail.mit.edu = CSAIL.MIT.EDU
csail.mit.edu = CSAIL.MIT.EDU
.whoi.edu = ATHENA.MIT.EDU
whoi.edu = ATHENA.MIT.EDU
.stanford.edu = stanford.edu
[logging]
kdc = SYSLOG:INFO:DAEMON
admin_server = SYSLOG:INFO:DAEMON
default = SYSLOG:INFO:DAEMON
krb4_convert = true
krb4_get_tickets = false
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
max_timeout = 30
timeout_shift = 2
initial_timeout = 1
}
'';
};
}

367
nixos/modules/config/krb5/default.nix Normal file
View File

@ -0,0 +1,367 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.krb5;
# This is to provide support for old configuration options (as much as is
# reasonable). This can be removed after 18.03 was released.
defaultConfig = {
libdefaults = optionalAttrs (cfg.defaultRealm != null)
{ default_realm = cfg.defaultRealm; };
realms = optionalAttrs (lib.all (value: value != null) [
cfg.defaultRealm cfg.kdc cfg.kerberosAdminServer
]) {
"${cfg.defaultRealm}" = {
kdc = cfg.kdc;
admin_server = cfg.kerberosAdminServer;
};
};
domain_realm = optionalAttrs (lib.all (value: value != null) [
cfg.domainRealm cfg.defaultRealm
]) {
".${cfg.domainRealm}" = cfg.defaultRealm;
"${cfg.domainRealm}" = cfg.defaultRealm;
};
};
mergedConfig = (recursiveUpdate defaultConfig {
inherit (config.krb5)
kerberos libdefaults realms domain_realm capaths appdefaults plugins
extraConfig config;
});
filterEmbeddedMetadata = value: if isAttrs value then
(filterAttrs
(attrName: attrValue: attrName != "_module" && attrValue != null)
value)
else value;
mkIndent = depth: concatStrings (builtins.genList (_: " ") (2 * depth));
mkRelation = name: value: "${name} = ${mkVal { inherit value; }}";
mkVal = { value, depth ? 0 }:
if (value == true) then "true"
else if (value == false) then "false"
else if (isInt value) then (toString value)
else if (isList value) then
concatMapStringsSep " " mkVal { inherit value depth; }
else if (isAttrs value) then
(concatStringsSep "\n${mkIndent (depth + 1)}"
([ "{" ] ++ (mapAttrsToList
(attrName: attrValue: let
mappedAttrValue = mkVal {
value = attrValue;
depth = depth + 1;
};
in "${attrName} = ${mappedAttrValue}")
value))) + "\n${mkIndent depth}}"
else value;
mkMappedAttrsOrString = value: concatMapStringsSep "\n"
(line: if builtins.stringLength line > 0
then "${mkIndent 1}${line}"
else line)
(splitString "\n"
(if isAttrs value then
concatStringsSep "\n"
(mapAttrsToList mkRelation value)
else value));
in {
###### interface
options = {
krb5 = {
enable = mkEnableOption "Whether to enable Kerberos V.";
kerberos = mkOption {
type = types.package;
default = pkgs.krb5Full;
defaultText = "pkgs.krb5Full";
example = literalExample "pkgs.heimdalFull";
description = ''
The Kerberos implementation that will be present in
<literal>environment.systemPackages</literal> after enabling this
service.
'';
};
libdefaults = mkOption {
type = with types; either attrs lines;
default = {};
apply = attrs: filterEmbeddedMetadata attrs;
example = literalExample ''
{
default_realm = "ATHENA.MIT.EDU";
};
'';
description = ''
Settings used by the Kerberos V5 library.
'';
};
realms = mkOption {
type = with types; either attrs lines;
default = {};
example = literalExample ''
{
"ATHENA.MIT.EDU" = {
admin_server = "athena.mit.edu";
kdc = "athena.mit.edu";
};
};
'';
apply = attrs: filterEmbeddedMetadata attrs;
description = "Realm-specific contact information and settings.";
};
domain_realm = mkOption {
type = with types; either attrs lines;
default = {};
example = literalExample ''
{
"example.com" = "EXAMPLE.COM";
".example.com" = "EXAMPLE.COM";
};
'';
apply = attrs: filterEmbeddedMetadata attrs;
description = ''
Map of server hostnames to Kerberos realms.
'';
};
capaths = mkOption {
type = with types; either attrs lines;
default = {};
example = literalExample ''
{
"ATHENA.MIT.EDU" = {
"EXAMPLE.COM" = ".";
};
"EXAMPLE.COM" = {
"ATHENA.MIT.EDU" = ".";
};
};
'';
apply = attrs: filterEmbeddedMetadata attrs;
description = ''
Authentication paths for non-hierarchical cross-realm authentication.
'';
};
appdefaults = mkOption {
type = with types; either attrs lines;
default = {};
example = literalExample ''
{
pam = {
debug = false;
ticket_lifetime = 36000;
renew_lifetime = 36000;
max_timeout = 30;
timeout_shift = 2;
initial_timeout = 1;
};
};
'';
apply = attrs: filterEmbeddedMetadata attrs;
description = ''
Settings used by some Kerberos V5 applications.
'';
};
plugins = mkOption {
type = with types; either attrs lines;
default = {};
example = literalExample ''
{
ccselect = {
disable = "k5identity";
};
};
'';
apply = attrs: filterEmbeddedMetadata attrs;
description = ''
Controls plugin module registration.
'';
};
extraConfig = mkOption {
type = with types; nullOr lines;
default = null;
example = ''
[logging]
kdc = SYSLOG:NOTICE
admin_server = SYSLOG:NOTICE
default = SYSLOG:NOTICE
'';
description = ''
These lines go to the end of <literal>krb5.conf</literal> verbatim.
<literal>krb5.conf</literal> may include any of the relations that are
valid for <literal>kdc.conf</literal> (see <literal>man
kdc.conf</literal>), but it is not a recommended practice.
'';
};
config = mkOption {
type = with types; nullOr lines;
default = null;
example = ''
[libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
admin_server = kerberos.example.com
kdc = kerberos.example.com
default_principal_flags = +preauth
}
[domain_realm]
example.com = EXAMPLE.COM
.example.com = EXAMPLE.COM
[logging]
kdc = SYSLOG:NOTICE
admin_server = SYSLOG:NOTICE
default = SYSLOG:NOTICE
'';
description = ''
Verbatim <literal>krb5.conf</literal> configuration. Note that this
is mutually exclusive with configuration via
<literal>libdefaults</literal>, <literal>realms</literal>,
<literal>domain_realm</literal>, <literal>capaths</literal>,
<literal>appdefaults</literal>, <literal>plugins</literal> and
<literal>extraConfig</literal> configuration options. Consult
<literal>man krb5.conf</literal> for documentation.
'';
};
defaultRealm = mkOption {
type = with types; nullOr str;
default = null;
example = "ATHENA.MIT.EDU";
description = ''
DEPRECATED, please use
<literal>krb5.libdefaults.default_realm</literal>.
'';
};
domainRealm = mkOption {
type = with types; nullOr str;
default = null;
example = "athena.mit.edu";
description = ''
DEPRECATED, please create a map of server hostnames to Kerberos realms
in <literal>krb5.domain_realm</literal>.
'';
};
kdc = mkOption {
type = with types; nullOr str;
default = null;
example = "kerberos.mit.edu";
description = ''
DEPRECATED, please pass a <literal>kdc</literal> attribute to a realm
in <literal>krb5.realms</literal>.
'';
};
kerberosAdminServer = mkOption {
type = with types; nullOr str;
default = null;
example = "kerberos.mit.edu";
description = ''
DEPRECATED, please pass an <literal>admin_server</literal> attribute
to a realm in <literal>krb5.realms</literal>.
'';
};
};
};
###### implementation
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.kerberos ];
environment.etc."krb5.conf".text = if isString cfg.config
then cfg.config
else (''
[libdefaults]
${mkMappedAttrsOrString mergedConfig.libdefaults}
[realms]
${mkMappedAttrsOrString mergedConfig.realms}
[domain_realm]
${mkMappedAttrsOrString mergedConfig.domain_realm}
[capaths]
${mkMappedAttrsOrString mergedConfig.capaths}
[appdefaults]
${mkMappedAttrsOrString mergedConfig.appdefaults}
[plugins]
${mkMappedAttrsOrString mergedConfig.plugins}
'' + optionalString (mergedConfig.extraConfig != null)
("\n" + mergedConfig.extraConfig));
warnings = flatten [
(optional (cfg.defaultRealm != null) ''
The option krb5.defaultRealm is deprecated, please use
krb5.libdefaults.default_realm.
'')
(optional (cfg.domainRealm != null) ''
The option krb5.domainRealm is deprecated, please use krb5.domain_realm.
'')
(optional (cfg.kdc != null) ''
The option krb5.kdc is deprecated, please pass a kdc attribute to a
realm in krb5.realms.
'')
(optional (cfg.kerberosAdminServer != null) ''
The option krb5.kerberosAdminServer is deprecated, please pass an
admin_server attribute to a realm in krb5.realms.
'')
];
assertions = [
{ assertion = !((builtins.any (value: value != null) [
cfg.defaultRealm cfg.domainRealm cfg.kdc cfg.kerberosAdminServer
]) && ((builtins.any (value: value != {}) [
cfg.libdefaults cfg.realms cfg.domain_realm cfg.capaths
cfg.appdefaults cfg.plugins
]) || (builtins.any (value: value != null) [
cfg.config cfg.extraConfig
])));
message = ''
Configuration of krb5.conf by deprecated options is mutually exclusive
with configuration by section. Please migrate your config using the
attributes suggested in the warnings.
'';
}
{ assertion = !(cfg.config != null
&& ((builtins.any (value: value != {}) [
cfg.libdefaults cfg.realms cfg.domain_realm cfg.capaths
cfg.appdefaults cfg.plugins
]) || (builtins.any (value: value != null) [
cfg.extraConfig cfg.defaultRealm cfg.domainRealm cfg.kdc
cfg.kerberosAdminServer
])));
message = ''
Configuration of krb5.conf using krb.config is mutually exclusive with
configuration by section. If you want to mix the two, you can pass
lines to any configuration section or lines to krb5.extraConfig.
'';
}
];
};
}

2
nixos/modules/config/nsswitch.nix
View File

@ -18,7 +18,7 @@ let
hostArray = [ "files" ]
++ optionals mymachines [ "mymachines" ]
++ optionals nssmdns [ "mdns_minimal [!UNAVAIL=return]" ]
++ optionals nssmdns [ "mdns_minimal [NOTFOUND=return]" ]
++ optionals nsswins [ "wins" ]
++ optionals resolved ["resolve [!UNAVAIL=return]"]
++ [ "dns" ]

5
nixos/modules/config/timezone.nix
View File

@ -5,6 +5,9 @@ with lib;
let
tzdir = "${pkgs.tzdata}/share/zoneinfo";
nospace = str: filter (c: c == " ") (stringToCharacters str) == [];
timezone = types.nullOr (types.addCheck types.str nospace)
// { description = "null or string without spaces"; };
in
@ -15,7 +18,7 @@ in
timeZone = mkOption {
default = null;
type = types.nullOr types.str;
type = timezone;
example = "America/New_York";
description = ''
The time zone used when displaying times and dates. See <link

3
nixos/modules/hardware/network/intel-2030.nix
View File

@ -1,3 +0,0 @@
{
hardware.enableRedistributableFirmware = true;
}

30
nixos/modules/hardware/network/intel-2100bg.nix
View File

@ -1,30 +0,0 @@
{ config, pkgs, lib, ... }:
{
###### interface
options = {
networking.enableIntel2100BGFirmware = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Turn on this option if you want firmware for the Intel
PRO/Wireless 2100BG to be loaded automatically. This is
required if you want to use this device.
'';
};
};
###### implementation
config = lib.mkIf config.networking.enableIntel2100BGFirmware {
hardware.enableRedistributableFirmware = true;
};
}

29
nixos/modules/hardware/network/intel-3945abg.nix
View File

@ -1,29 +0,0 @@
{ config, pkgs, lib, ... }:
{
###### interface
options = {
networking.enableIntel3945ABGFirmware = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
This option enables automatic loading of the firmware for the Intel
PRO/Wireless 3945ABG.
'';
};
};
###### implementation
config = lib.mkIf config.networking.enableIntel3945ABGFirmware {
hardware.enableRedistributableFirmware = true;
};
}

3
nixos/modules/hardware/network/intel-4965agn.nix
View File

@ -1,3 +0,0 @@
{
hardware.enableRedistributableFirmware = true;
}

3
nixos/modules/hardware/network/intel-5000.nix
View File

@ -1,3 +0,0 @@
{
hardware.enableRedistributableFirmware = true;
}

3
nixos/modules/hardware/network/intel-5150.nix
View File

@ -1,3 +0,0 @@
{
hardware.enableRedistributableFirmware = true;
}

3
nixos/modules/hardware/network/intel-6000.nix
View File

@ -1,3 +0,0 @@
{
hardware.enableRedistributableFirmware = true;
}

3
nixos/modules/hardware/network/intel-6000g2a.nix
View File

@ -1,3 +0,0 @@
{
hardware.enableRedistributableFirmware = true;
}

3
nixos/modules/hardware/network/intel-6000g2b.nix
View File

@ -1,3 +0,0 @@
{
hardware.enableRedistributableFirmware = true;
}

26
nixos/modules/hardware/network/ralink.nix
View File

@ -1,26 +0,0 @@
{pkgs, config, lib, ...}:
{
###### interface
options = {
networking.enableRalinkFirmware = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Turn on this option if you want firmware for the RT73 NIC.
'';
};
};
###### implementation
config = lib.mkIf config.networking.enableRalinkFirmware {
hardware.enableRedistributableFirmware = true;
};
}

26
nixos/modules/hardware/network/rtl8192c.nix
View File

@ -1,26 +0,0 @@
{pkgs, config, lib, ...}:
{
###### interface
options = {
networking.enableRTL8192cFirmware = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Turn on this option if you want firmware for the RTL8192c (and related) NICs.
'';
};
};
###### implementation
config = lib.mkIf config.networking.enableRTL8192cFirmware {
hardware.enableRedistributableFirmware = true;
};
}

5
nixos/modules/installer/scan/detected.nix
View File

@ -6,8 +6,7 @@ with lib;
{
config = mkDefault {
# Wireless card firmware
networking.enableIntel2200BGFirmware = true;
networking.enableIntel3945ABGFirmware = true;
# Common firmware, i.e. for wifi cards
hardware.enableRedistributableFirmware = true;
};
}

12
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -398,19 +398,15 @@ EOF
# Is this a btrfs filesystem?
if ($fsType eq "btrfs") {
my ($status, @id_info) = runCommand("btrfs subvol show $rootDir$mountPoint");
if ($status != 0 || join("", @id_info) =~ /ERROR:/) {
my ($status, @info) = runCommand("btrfs subvol show $rootDir$mountPoint");
if ($status != 0 || join("", @info) =~ /ERROR:/) {
die "Failed to retrieve subvolume info for $mountPoint\n";
}
my @ids = join("", @id_info) =~ m/Subvolume ID:[ \t\n]*([^ \t\n]*)/;
my @ids = join("\n", @info) =~ m/^(?!\/\n).*Subvolume ID:[ \t\n]*([0-9]+)/s;
if ($#ids > 0) {
die "Btrfs subvol name for $mountPoint listed multiple times in mount\n"
} elsif ($#ids == 0) {
my ($status, @path_info) = runCommand("btrfs subvol list $rootDir$mountPoint");
if ($status != 0) {
die "Failed to find $mountPoint subvolume id from btrfs\n";
}
my @paths = join("", @path_info) =~ m/ID $ids[0] [^\n]* path ([^\n]*)/;
my @paths = join("", @info) =~ m/^([^\n]*)/;
if ($#paths > 0) {
die "Btrfs returned multiple paths for a single subvolume id, mountpoint $mountPoint\n";
} elsif ($#paths != 0) {

6
nixos/modules/misc/ids.nix
View File

@ -296,6 +296,9 @@
clickhouse = 278;
rslsync = 279;
minio = 280;
kanboard = 281;
pykms = 282;
kodi = 283;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -561,6 +564,9 @@
clickhouse = 278;
rslsync = 279;
minio = 280;
kanboard = 281;
pykms = 282;
kodi = 283;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

16
nixos/modules/misc/locate.nix
View File

@ -125,13 +125,16 @@ in {
warnings = optional (isMLocate && cfg.localuser != null) "mlocate does not support searching as user other than root"
++ optional (isFindutils && cfg.pruneNames != []) "findutils locate does not support pruning by directory component"
++ optional (isFindutils && cfg.pruneBindMounts) "findutils locate does not support skipping bind mounts";
# directory creation needs to be separated from main service
# because ReadWritePaths fails when the directory doesn't already exist
systemd.tmpfiles.rules = [ "d ${dirOf cfg.output} 0755 root root -" ];
systemd.services.update-locatedb =
{ description = "Update Locate Database";
path = mkIf (!isMLocate) [ pkgs.su ];
script =
''
mkdir -m 0755 -p ${dirOf cfg.output}
exec ${cfg.locate}/bin/updatedb \
${optionalString (cfg.localuser != null && ! isMLocate) ''--localuser=${cfg.localuser}''} \
--output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
@ -147,8 +150,13 @@ in {
serviceConfig.PrivateTmp = "yes";
serviceConfig.PrivateNetwork = "yes";
serviceConfig.NoNewPrivileges = "yes";
serviceConfig.ReadOnlyDirectories = "/";
serviceConfig.ReadWriteDirectories = dirOf cfg.output;
serviceConfig.ReadOnlyPaths = "/";
# Use dirOf cfg.output because mlocate creates temporary files next to
# the actual database. We could specify and create them as well,
# but that would make this quite brittle when they change something.
# NOTE: If /var/cache does not exist, this leads to the misleading error message:
# update-locatedb.service: Failed at step NAMESPACE spawning …/update-locatedb-start: No such file or directory
serviceConfig.ReadWritePaths = dirOf cfg.output;
};
systemd.timers.update-locatedb =

13
nixos/modules/module-list.nix
View File

@ -9,7 +9,7 @@
./config/fonts/ghostscript.nix
./config/gnu.nix
./config/i18n.nix
./config/krb5.nix
./config/krb5/default.nix
./config/ldap.nix
./config/networking.nix
./config/no-x-libs.nix
@ -35,11 +35,6 @@
./hardware/ksm.nix
./hardware/mcelog.nix
./hardware/network/b43.nix
./hardware/network/intel-2100bg.nix
./hardware/network/intel-2200bg.nix
./hardware/network/intel-3945abg.nix
./hardware/network/ralink.nix
./hardware/network/rtl8192c.nix
./hardware/nitrokey.nix
./hardware/opengl.nix
./hardware/pcmcia.nix
@ -136,8 +131,6 @@
./security/rtkit.nix
./security/wrappers/default.nix
./security/sudo.nix
./service-managers/docker.nix
./service-managers/trivial.nix
./services/admin/salt/master.nix
./services/admin/salt/minion.nix
./services/amqp/activemq/default.nix
@ -269,6 +262,7 @@
./services/mail/offlineimap.nix
./services/mail/opendkim.nix
./services/mail/opensmtpd.nix
./services/mail/pfix-srsd.nix
./services/mail/postfix.nix
./services/mail/postsrsd.nix
./services/mail/postgrey.nix
@ -332,6 +326,7 @@
./services/misc/parsoid.nix
./services/misc/phd.nix
./services/misc/plex.nix
./services/misc/pykms.nix
./services/misc/radarr.nix
./services/misc/redmine.nix
./services/misc/rippled.nix
@ -374,6 +369,7 @@
./services/monitoring/prometheus/collectd-exporter.nix
./services/monitoring/prometheus/fritzbox-exporter.nix
./services/monitoring/prometheus/json-exporter.nix
./services/monitoring/prometheus/minio-exporter.nix
./services/monitoring/prometheus/nginx-exporter.nix
./services/monitoring/prometheus/node-exporter.nix
./services/monitoring/prometheus/snmp-exporter.nix
@ -621,6 +617,7 @@
./services/web-servers/phpfpm/default.nix
./services/web-servers/shellinabox.nix
./services/web-servers/tomcat.nix
./services/web-servers/traefik.nix
./services/web-servers/uwsgi.nix
./services/web-servers/varnish/default.nix
./services/web-servers/winstone.nix

5
nixos/modules/profiles/all-hardware.nix
View File

@ -41,15 +41,12 @@
# Virtio (QEMU, KVM etc.) support.
"virtio_net" "virtio_pci" "virtio_blk" "virtio_scsi" "virtio_balloon" "virtio_console"
# VMware support.
"mptspi" "vmw_balloon" "vmwgfx" "vmw_vmci" "vmw_vsock_vmci_transport" "vmxnet3" "vsock"
# Hyper-V support.
"hv_storvsc"
# Keyboards
"usbhid" "hid_apple" "hid_logitech_dj" "hid_lenovo_tpkbd" "hid_roccat"
];
# Include lots of firmware.

9
nixos/modules/programs/command-not-found/command-not-found.nix
View File

@ -25,7 +25,14 @@ in
{
options.programs.command-not-found = {
enable = mkEnableOption "command-not-found hook for interactive shell";
enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether interactive shells should show which Nix package (if
any) provides a missing command.
'';
};
dbPath = mkOption {
default = "/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite" ;

116
nixos/modules/programs/zsh/zsh-syntax-highlighting.nix
View File

@ -5,74 +5,74 @@ with lib;
let
cfg = config.programs.zsh.syntaxHighlighting;
in
{
options = {
programs.zsh.syntaxHighlighting = {
enable = mkEnableOption "zsh-syntax-highlighting";
{
options = {
programs.zsh.syntaxHighlighting = {
enable = mkEnableOption "zsh-syntax-highlighting";
highlighters = mkOption {
default = [ "main" ];
highlighters = mkOption {
default = [ "main" ];
# https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md
type = types.listOf(types.enum([
"main"
"brackets"
"pattern"
"cursor"
"root"
"line"
]));
# https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md
type = types.listOf(types.enum([
"main"
"brackets"
"pattern"
"cursor"
"root"
"line"
]));
description = ''
Specifies the highlighters to be used by zsh-syntax-highlighting.
description = ''
Specifies the highlighters to be used by zsh-syntax-highlighting.
The following defined options can be found here:
https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md
'';
};
The following defined options can be found here:
https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md
'';
};
patterns = mkOption {
default = {};
type = types.attrsOf types.string;
patterns = mkOption {
default = {};
type = types.attrsOf types.string;
example = literalExample ''
{
"rm -rf *" = "fg=white,bold,bg=red";
}
'';
example = literalExample ''
{
"rm -rf *" = "fg=white,bold,bg=red";
}
'';
description = ''
Specifies custom patterns to be highlighted by zsh-syntax-highlighting.
description = ''
Specifies custom patterns to be highlighted by zsh-syntax-highlighting.
Please refer to the docs for more information about the usage:
https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/pattern.md
'';
};
Please refer to the docs for more information about the usage:
https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/pattern.md
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ zsh-syntax-highlighting ];
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ zsh-syntax-highlighting ];
programs.zsh.interactiveShellInit = with pkgs; with builtins; ''
source ${zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
assertions = [
{
assertion = length(attrNames cfg.patterns) > 0 -> elem "pattern" cfg.highlighters;
message = ''
When highlighting patterns, "pattern" needs to be included in the list of highlighters.
'';
}
];
${optionalString (length(cfg.highlighters) > 0)
"ZSH_HIGHLIGHT_HIGHLIGHTERS=(${concatStringsSep " " cfg.highlighters})"
}
${let
n = attrNames cfg.patterns;
in
optionalString (length(n) > 0)
(assert(elem "pattern" cfg.highlighters); (foldl (
a: b:
''
${a}
ZSH_HIGHLIGHT_PATTERNS+=('${b}' '${attrByPath [b] "" cfg.patterns}')
''
) "") n)
}
'';
};
}
programs.zsh.interactiveShellInit = with pkgs;
lib.concatStringsSep "\n" ([
"source ${zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh"
] ++ optional (length(cfg.highlighters) > 0)
"ZSH_HIGHLIGHT_HIGHLIGHTERS=(${concatStringsSep " " cfg.highlighters})"
++ optionals (length(attrNames cfg.patterns) > 0)
(mapAttrsToList (
pattern: design:
"ZSH_HIGHLIGHT_PATTERNS+=('${pattern}' '${design}')"
) cfg.patterns)
);
};
}

6
nixos/modules/rename.nix
View File

@ -11,7 +11,11 @@ with lib;
(mkRenamedOptionModule [ "fonts" "extraFonts" ] [ "fonts" "fonts" ])
(mkRenamedOptionModule [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ])
(mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "networking" "enableRalinkFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel3945ABGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableIntel2100BGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
(mkRenamedOptionModule [ "services" "cadvisor" "host" ] [ "services" "cadvisor" "listenAddress" ])
(mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ]

29
nixos/modules/service-managers/docker.nix
View File

@ -1,29 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.docker-containers;
containerModule = {
script = mkOption {
type = types.lines;
description = "Shell commands executed as the service's main process.";
};
};
toContainer = name: value: pkgs.dockerTools.buildImage {
inherit name;
config = {
Cmd = [ value.script ];
};
};
in {
options.docker-containers = mkOption {
default = {};
type = with types; attrsOf (types.submodule containerModule);
description = "Definition of docker containers";
};
config.system.build.toplevel-docker = lib.mapAttrs toContainer cfg;
}

35
nixos/modules/service-managers/trivial.nix
View File

@ -1,35 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.trivial-services;
serviceModule.options = {
script = mkOption {
type = types.lines;
description = "Shell commands executed as the service's main process.";
};
environment = mkOption {
default = {};
type = types.attrs; # FIXME
example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; };
description = "Environment variables passed to the service's processes.";
};
};
launcher = name: value: pkgs.writeScript name ''
#!${pkgs.stdenv.shell} -eu
${pkgs.writeScript "${name}-entry" value.script}
'';
in {
options.trivial-services = mkOption {
default = {};
type = with types; attrsOf (types.submodule serviceModule);
description = "Definition of trivial services";
};
config.system.build.toplevel-trivial = lib.mapAttrs launcher cfg;
}

56
nixos/modules/services/mail/pfix-srsd.nix Normal file
View File

@ -0,0 +1,56 @@
{ config, lib, pkgs, ... }:
with lib;
{
###### interface
options = {
services.pfix-srsd = {
enable = mkOption {
default = false;
type = types.bool;
description = "Whether to run the postfix sender rewriting scheme daemon.";
};
domain = mkOption {
description = "The domain for which to enable srs";
type = types.str;
example = "example.com";
};
secretsFile = mkOption {
description = ''
The secret data used to encode the SRS address.
to generate, use a command like:
<literal>for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done</literal>
'';
type = types.path;
default = "/var/lib/pfix-srsd/secrets";
};
};
};
###### implementation
config = mkIf config.services.pfix-srsd.enable {
environment = {
systemPackages = [ pkgs.pfixtools ];
};
systemd.services."pfix-srsd" = {
description = "Postfix sender rewriting scheme daemon";
before = [ "postfix.service" ];
#note that we use requires rather than wants because postfix
#is unable to process (almost) all mail without srsd
requiredBy = [ "postfix.service" ];
serviceConfig = {
Type = "forking";
PIDFile = "/var/run/pfix-srsd.pid";
ExecStart = "${pkgs.pfixtools}/bin/pfix-srsd -p /var/run/pfix-srsd.pid -I ${config.services.pfix-srsd.domain} ${config.services.pfix-srsd.secretsFile}";
};
};
};
}

14
nixos/modules/services/mail/postfix.nix
View File

@ -79,6 +79,12 @@ let
// optionalAttrs haveTransport { transport_maps = "hash:/etc/postfix/transport"; }
// optionalAttrs haveVirtual { virtual_alias_maps = "${cfg.virtualMapType}:/etc/postfix/virtual"; }
// optionalAttrs (cfg.dnsBlacklists != []) { smtpd_client_restrictions = clientRestrictions; }
// optionalAttrs cfg.useSrs {
sender_canonical_maps = "tcp:127.0.0.1:10001";
sender_canonical_classes = "envelope_sender";
recipient_canonical_maps = "tcp:127.0.0.1:10002";
recipient_canonical_classes= "envelope_recipient";
}
// optionalAttrs cfg.enableHeaderChecks { header_checks = "regexp:/etc/postfix/header_checks"; }
// optionalAttrs (cfg.sslCert != "") {
smtp_tls_CAfile = cfg.sslCACert;
@ -626,6 +632,12 @@ in
description = "Maps to be compiled and placed into /var/lib/postfix/conf.";
};
useSrs = mkOption {
type = types.bool;
default = false;
description = "Whether to enable sender rewriting scheme";
};
};
};
@ -646,6 +658,8 @@ in
systemPackages = [ pkgs.postfix ];
};
services.pfix-srsd.enable = config.services.postfix.useSrs;
services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
program = "sendmail";
source = "${pkgs.postfix}/bin/sendmail";

8
nixos/modules/services/misc/gitlab.nix
View File

@ -414,7 +414,7 @@ in {
Make sure the secret is an RSA private key in PEM format. You can
generate one with
openssl genrsa 2048openssl genpkey -algorithm RSA -out - -pkeyopt rsa_keygen_bits:2048
openssl genrsa 2048
'';
};
@ -567,6 +567,7 @@ in {
mkdir -p ${cfg.statePath}/log
mkdir -p ${cfg.statePath}/tmp/pids
mkdir -p ${cfg.statePath}/tmp/sockets
mkdir -p ${cfg.statePath}/shell
rm -rf ${cfg.statePath}/config ${cfg.statePath}/shell/hooks
mkdir -p ${cfg.statePath}/config
@ -580,6 +581,7 @@ in {
mkdir -p ${cfg.statePath}/{log,uploads}
ln -sf ${cfg.statePath}/log /run/gitlab/log
ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads
ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp
chown -R ${cfg.user}:${cfg.group} /run/gitlab
# Prepare home directory
@ -638,10 +640,10 @@ in {
chmod -R ug+rwX,o-rwx ${cfg.statePath}/repositories
chmod -R ug-s ${cfg.statePath}/repositories
find ${cfg.statePath}/repositories -type d -print0 | xargs -0 chmod g+s
chmod 700 ${cfg.statePath}/uploads
chmod 770 ${cfg.statePath}/uploads
chown -R git ${cfg.statePath}/uploads
find ${cfg.statePath}/uploads -type f -exec chmod 0644 {} \;
find ${cfg.statePath}/uploads -type d -not -path ${cfg.statePath}/uploads -exec chmod 0700 {} \;
find ${cfg.statePath}/uploads -type d -not -path ${cfg.statePath}/uploads -exec chmod 0770 {} \;
'';
serviceConfig = {

29
nixos/modules/services/misc/gitlab.xml
View File

@ -66,6 +66,35 @@ services.gitlab = {
db = "uPgq1gtwwHiatiuE0YHqbGa5lEIXH7fMsvuTNgdzJi8P0Dg12gibTzBQbq5LT7PNzcc3BP9P1snHVnduqtGF43PgrQtU7XL93ts6gqe9CBNhjtaqUwutQUDkygP5NrV6";
secret = "devzJ0Tz0POiDBlrpWmcsjjrLaltyiAdS8TtgT9YNBOoUcDsfppiY3IXZjMVtKgXrFImIennFGOpPN8IkP8ATXpRgDD5rxVnKuTTwYQaci2NtaV1XxOQGjdIE50VGsR3";
otp = "e1GATJVuS2sUh7jxiPzZPre4qtzGGaS22FR50Xs1TerRVdgI3CBVUi5XYtQ38W4xFeS4mDqi5cQjExE838iViSzCdcG19XSL6qNsfokQP9JugwiftmhmCadtsnHErBMI";
jws = ''
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArrtx4oHKwXoqUbMNqnHgAklnnuDon3XG5LJB35yPsXKv/8GK
ke92wkI+s1Xkvsp8tg9BIY/7c6YK4SR07EWL+dB5qwctsWR2Q8z+/BKmTx9D99pm
hnsjuNIXTF7BXrx3RX6BxZpH5Vzzh9nCwWKT/JCFqtwH7afNGGL7aMf+hdaiUg/Q
SD05yRObioiO4iXDolsJOhrnbZvlzVHl1ZYxFJv0H6/Snc0BBA9Fl/3uj6ANpbjP
eXF1SnJCqT87bj46r5NdVauzaRxAsIfqHroHK4UZ98X5LjGQFGvSqTvyjPBS4I1i
s7VJU28ObuutHxIxSlH0ibn4HZqWmKWlTS652wIDAQABAoIBAGtPcUTTw2sJlR3x
4k2wfAvLexkHNbZhBdKEa5JiO5mWPuLKwUiZEY2CU7Gd6csG3oqNWcm7/IjtC7dz
xV8p4yp8T4yq7vQIJ93B80NqTLtBD2QTvG2RCMJEPMzJUObWxkVmyVpLQyZo7KOd
KE/OM+aj94OUeEYLjRkSCScz1Gvq/qFG/nAy7KPCmN9JDHuhX26WHo2Rr1OnPNT/
7diph0bB9F3b8gjjNTqXDrpdAqVOgR/PsjEBz6DMY+bdyMIn87q2yfmMexxRofN6
LulpzSaa6Yup8N8H6PzVO6KAkQuf1aQRj0sMwGk1IZEnj6I0KbuHIZkw21Nc6sf2
ESFySDECgYEA1PnCNn5tmLnwe62Ttmrzl20zIS3Me1gUVJ1NTfr6+ai0I9iMYU21
5czuAjJPm9JKQF2vY8UAaCj2ZoObtHa/anb3xsCd8NXoM3iJq5JDoXI1ldz3Y+ad
U/bZUg1DLRvAniTuXmw9iOTwTwPxlDIGq5k+wG2Xmi1lk7zH8ezr9BMCgYEA0gfk
EhgcmPH8Z5cU3YYwOdt6HSJOM0OyN4k/5gnkv+HYVoJTj02gkrJmLr+mi1ugKj46
7huYO9TVnrKP21tmbaSv1dp5hS3letVRIxSloEtVGXmmdvJvBRzDWos+G+KcvADi
fFCz6w8v9NmO40CB7y/3SxTmSiSxDQeoi9LhDBkCgYEAsPgMWm25sfOnkY2NNUIv
wT8bAlHlHQT2d8zx5H9NttBpR3P0ShJhuF8N0sNthSQ7ULrIN5YGHYcUH+DyLAWU
TuomP3/kfa+xL7vUYb269tdJEYs4AkoppxBySoz8qenqpz422D0G8M6TpIS5Y5Qi
GMrQ6uLl21YnlpiCaFOfSQMCgYEAmZxj1kgEQmhZrnn1LL/D7czz1vMMNrpAUhXz
wg9iWmSXkU3oR1sDIceQrIhHCo2M6thwyU0tXjUft93pEQocM/zLDaGoVxtmRxxV
J08mg8IVD3jFoyFUyWxsBIDqgAKRl38eJsXvkO+ep3mm49Z+Ma3nM+apN3j2dQ0w
3HLzXaECgYBFLMEAboVFwi5+MZjGvqtpg2PVTisfuJy2eYnPwHs+AXUgi/xRNFjI
YHEa7UBPb5TEPSzWImQpETi2P5ywcUYL1EbN/nqPWmjFnat8wVmJtV4sUpJhubF4
Vqm9LxIWc1uQ1q1HDCejRIxIN3aSH+wgRS3Kcj8kCTIoXd1aERb04g==
-----END RSA PRIVATE KEY-----
'';
};
extraConfig = {
gitlab = {

12
nixos/modules/services/misc/gogs.nix
View File

@ -25,6 +25,7 @@ let
HTTP_ADDR = ${cfg.httpAddress}
HTTP_PORT = ${toString cfg.httpPort}
ROOT_URL = ${cfg.rootUrl}
STATIC_ROOT_PATH = ${cfg.staticRootPath}
[session]
COOKIE_NAME = session
@ -175,6 +176,13 @@ in
'';
};
staticRootPath = mkOption {
type = types.str;
default = "${pkgs.gogs.data}";
example = "/var/lib/gogs/data";
description = "Upper level of template and static files path.";
};
extraConfig = mkOption {
type = types.str;
default = "";
@ -195,6 +203,8 @@ in
runConfig = "${cfg.stateDir}/custom/conf/app.ini";
secretKey = "${cfg.stateDir}/custom/conf/secret_key";
in ''
mkdir -p ${cfg.stateDir}
# copy custom configuration and generate a random secret key if needed
${optionalString (cfg.useWizard == false) ''
mkdir -p ${cfg.stateDir}/custom/conf
@ -240,7 +250,7 @@ in
};
};
users = {
users = mkIf (cfg.user == "gogs") {
extraUsers.gogs = {
description = "Go Git Service";
uid = config.ids.uids.gogs;

1
nixos/modules/services/misc/nix-daemon.nix
View File

@ -189,6 +189,7 @@ in
sshKey = "/root/.ssh/id_buildfarm";
system = "x86_64-linux";
maxJobs = 2;
speedFactor = 2;
supportedFeatures = [ "kvm" ];
mandatoryFeatures = [ "perf" ];
}

2
nixos/modules/services/misc/plex.nix
View File

@ -137,7 +137,7 @@ in
User = cfg.user;
Group = cfg.group;
PermissionsStartOnly = "true";
ExecStart = "/bin/sh -c ${cfg.package}/usr/lib/plexmediaserver/Plex\\ Media\\ Server";
ExecStart = "\"${cfg.package}/usr/lib/plexmediaserver/Plex Media Server\"";
KillSignal = "SIGQUIT";
Restart = "on-failure";
};

90
nixos/modules/services/misc/pykms.nix Normal file
View File

@ -0,0 +1,90 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.pykms;
home = "/var/lib/pykms";
services = {
serviceConfig = {
Restart = "on-failure";
RestartSec = "10s";
StartLimitInterval = "1min";
PrivateTmp = true;
ProtectSystem = "full";
ProtectHome = true;
};
};
in {
options = {
services.pykms = rec {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the PyKMS service.";
};
listenAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = "The IP address on which to listen.";
};
port = mkOption {
type = types.int;
default = 1688;
description = "The port on which to listen.";
};
verbose = mkOption {
type = types.bool;
default = false;
description = "Show verbose output.";
};
openFirewallPort = mkOption {
type = types.bool;
default = false;
description = "Whether the listening port should be opened automatically.";
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewallPort [ cfg.port ];
systemd.services = {
pykms = services // {
description = "Python KMS";
wantedBy = [ "multi-user.target" ];
serviceConfig = with pkgs; {
User = "pykms";
Group = "pykms";
ExecStartPre = "${getBin pykms}/bin/create_pykms_db.sh ${home}/clients.db";
ExecStart = "${getBin pykms}/bin/server.py ${optionalString cfg.verbose "--verbose"} ${cfg.listenAddress} ${toString cfg.port}";
WorkingDirectory = home;
MemoryLimit = "64M";
};
};
};
users = {
extraUsers.pykms = {
name = "pykms";
group = "pykms";
home = home;
createHome = true;
uid = config.ids.uids.pykms;
description = "PyKMS daemon user";
};
extraGroups.pykms = {
gid = config.ids.gids.pykms;
};
};
};
}

2
nixos/modules/services/monitoring/dd-agent/dd-agent.nix
View File

@ -23,7 +23,7 @@ let
# proxy_password: password
# tags: mytag0, mytag1
${optionalString (cfg.tags != null ) "tags: ${concatStringsSep "," cfg.tags }"}
${optionalString (cfg.tags != null ) "tags: ${concatStringsSep ", " cfg.tags }"}
# collect_ec2_tags: no
# recent_point_threshold: 30

117
nixos/modules/services/monitoring/prometheus/minio-exporter.nix Normal file
View File

@ -0,0 +1,117 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.prometheus.minioExporter;
in {
options = {
services.prometheus.minioExporter = {
enable = mkEnableOption "prometheus minio exporter";
port = mkOption {
type = types.int;
default = 9290;
description = ''
Port to listen on.
'';
};
listenAddress = mkOption {
type = types.nullOr types.str;
default = null;
example = "0.0.0.0";
description = ''
Address to listen on for web interface and telemetry.
'';
};
minioAddress = mkOption {
type = types.str;
example = "https://10.0.0.1:9000";
default = if config.services.minio.enable then "http://localhost:9000" else null;
description = ''
The URL of the minio server.
Use HTTPS if Minio accepts secure connections only.
By default this connects to the local minio server if enabled.
'';
};
minioAccessKey = mkOption ({
type = types.str;
example = "BKIKJAA5BMMU2RHO6IBB";
description = ''
The value of the Minio access key.
It is required in order to connect to the server.
By default this uses the one from the local minio server if enabled
and <literal>config.services.minio.accessKey</literal>.
'';
} // optionalAttrs (config.services.minio.enable && config.services.minio.accessKey != "") {
default = config.services.minio.accessKey;
});
minioAccessSecret = mkOption ({
type = types.str;
description = ''
The calue of the Minio access secret.
It is required in order to connect to the server.
By default this uses the one from the local minio server if enabled
and <literal>config.services.minio.secretKey</literal>.
'';
} // optionalAttrs (config.services.minio.enable && config.services.minio.secretKey != "") {
default = config.services.minio.secretKey;
});
minioBucketStats = mkOption {
type = types.bool;
default = false;
description = ''
Collect statistics about the buckets and files in buckets.
It requires more computation, use it carefully in case of large buckets..
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra commandline options when launching the minio exporter.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open port in firewall for incoming connections.
'';
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port;
systemd.services.prometheus-minio-exporter = {
description = "Prometheus exporter for Minio server metrics";
unitConfig.Documentation = "https://github.com/joe-pll/minio-exporter";
wantedBy = [ "multi-user.target" ];
after = optional config.services.minio.enable "minio.service";
serviceConfig = {
DynamicUser = true;
Restart = "always";
PrivateTmp = true;
WorkingDirectory = /tmp;
ExecStart = ''
${pkgs.prometheus-minio-exporter}/bin/minio-exporter \
-web.listen-address ${optionalString (cfg.listenAddress != null) cfg.listenAddress}:${toString cfg.port} \
-minio.server ${cfg.minioAddress} \
-minio.access-key ${cfg.minioAccessKey} \
-minio.access-secret ${cfg.minioAccessSecret} \
${optionalString cfg.minioBucketStats "-minio.bucket-stats"} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
};
}

11
nixos/modules/services/network-filesystems/ipfs.nix
View File

@ -7,7 +7,7 @@ let
ipfsFlags = toString ([
(optionalString cfg.autoMount "--mount")
(optionalString cfg.autoMigrate "--migrate")
#(optionalString cfg.autoMigrate "--migrate")
(optionalString cfg.enableGC "--enable-gc")
(optionalString (cfg.serviceFdlimit != null) "--manage-fdlimit=false")
(optionalString (cfg.defaultMode == "offline") "--offline")
@ -36,6 +36,7 @@ let
baseService = recursiveUpdate commonEnv {
wants = [ "ipfs-init.service" ];
# NB: migration must be performed prior to pre-start, else we get the failure message!
preStart = ''
ipfs repo fsck # workaround for BUG #4212 (https://github.com/ipfs/go-ipfs/issues/4214)
ipfs --local config Addresses.API ${cfg.apiAddress}
@ -97,11 +98,17 @@ in {
description = "systemd service that is enabled by default";
};
/*
autoMigrate = mkOption {
type = types.bool;
default = false;
description = "Whether IPFS should try to migrate the file system automatically";
description = ''
Whether IPFS should try to migrate the file system automatically.
The daemon will need to be able to download a binary from https://ipfs.io to perform the migration.
'';
};
*/
autoMount = mkOption {
type = types.bool;

3
nixos/modules/services/network-filesystems/kbfs.nix
View File

@ -55,8 +55,11 @@ in {
Restart = "on-failure";
PrivateTmp = true;
};
wantedBy = [ "default.target" ];
};
services.keybase.enable = true;
environment.systemPackages = [ pkgs.kbfs ];
};
}

1
nixos/modules/services/network-filesystems/openafs-client/default.nix
View File

@ -93,7 +93,6 @@ in
preStop = ''
${pkgs.utillinux}/bin/umount /afs
${openafsPkgs}/sbin/afsd -shutdown
${pkgs.kmod}/sbin/rmmod libafs
'';
};
};

5
nixos/modules/services/networking/connman.nix
View File

@ -115,10 +115,5 @@ in {
wireless.enable = true;
networkmanager.enable = false;
};
powerManagement.resumeCommands = ''
systemctl restart connman
'';
};
}

11
nixos/modules/services/networking/dnscache.nix
View File

@ -18,10 +18,13 @@ let
'') ips}
'') cfg.domainServers)}
# djbdns contains an outdated list of root servers;
# if one was not provided in config, provide a current list
if [ ! -e servers/@ ]; then
awk '/^.?.ROOT-SERVERS.NET/ { print $4 }' ${pkgs.dns-root-data}/root.hints > $out/servers/@
# if a list of root servers was not provided in config, copy it
# over. (this is also done by dnscache-conf, but we 'rm -rf
# /var/lib/dnscache/root' below & replace it wholesale with this,
# so we have to ensure servers/@ exists ourselves.)
if [ ! -e $out/servers/@ ]; then
# symlink does not work here, due chroot
cp ${pkgs.djbdns}/etc/dnsroots.global $out/servers/@;
fi
'';

8
nixos/modules/services/networking/firewall.nix
View File

@ -95,18 +95,18 @@ let
ip46tables -N nixos-fw-log-refuse
${optionalString cfg.logRefusedConnections ''
ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "rejected connection: "
ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "refused connection: "
''}
${optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) ''
ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type broadcast \
-j LOG --log-level info --log-prefix "rejected broadcast: "
-j LOG --log-level info --log-prefix "refused broadcast: "
ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type multicast \
-j LOG --log-level info --log-prefix "rejected multicast: "
-j LOG --log-level info --log-prefix "refused multicast: "
''}
ip46tables -A nixos-fw-log-refuse -m pkttype ! --pkt-type unicast -j nixos-fw-refuse
${optionalString cfg.logRefusedPackets ''
ip46tables -A nixos-fw-log-refuse \
-j LOG --log-level info --log-prefix "rejected packet: "
-j LOG --log-level info --log-prefix "refused packet: "
''}
ip46tables -A nixos-fw-log-refuse -j nixos-fw-refuse

3
nixos/modules/services/networking/keybase.nix
View File

@ -28,11 +28,12 @@ in {
description = "Keybase service";
serviceConfig = {
ExecStart = ''
${pkgs.keybase}/bin/keybase service
${pkgs.keybase}/bin/keybase -d service --auto-forked
'';
Restart = "on-failure";
PrivateTmp = true;
};
wantedBy = [ "default.target" ];
};
environment.systemPackages = [ pkgs.keybase ];

55
nixos/modules/services/networking/softether.nix
View File

@ -3,7 +3,6 @@
with lib;
let
pkg = pkgs.softether;
cfg = config.services.softether;
in
@ -17,6 +16,15 @@ in
enable = mkEnableOption "SoftEther VPN services";
package = mkOption {
type = types.package;
default = pkgs.softether;
defaultText = "pkgs.softether";
description = ''
softether derivation to use.
'';
};
vpnserver.enable = mkEnableOption "SoftEther VPN Server";
vpnbridge.enable = mkEnableOption "SoftEther VPN Bridge";
@ -41,7 +49,7 @@ in
dataDir = mkOption {
type = types.string;
default = "${pkg.dataDir}";
default = "${cfg.package.dataDir}";
description = ''
Data directory for SoftEther VPN.
'';
@ -57,12 +65,13 @@ in
mkMerge [{
environment.systemPackages = [
(pkgs.lib.overrideDerivation pkg (attrs: {
(pkgs.lib.overrideDerivation cfg.package (attrs: {
dataDir = cfg.dataDir;
}))
];
systemd.services."softether-init" = {
description = "SoftEther VPN services initial task";
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = false;
@ -71,11 +80,11 @@ in
for d in vpnserver vpnbridge vpnclient vpncmd; do
if ! test -e ${cfg.dataDir}/$d; then
${pkgs.coreutils}/bin/mkdir -m0700 -p ${cfg.dataDir}/$d
install -m0600 ${pkg}${cfg.dataDir}/$d/hamcore.se2 ${cfg.dataDir}/$d/hamcore.se2
install -m0600 ${cfg.package}${cfg.dataDir}/$d/hamcore.se2 ${cfg.dataDir}/$d/hamcore.se2
fi
done
rm -rf ${cfg.dataDir}/vpncmd/vpncmd
ln -s ${pkg}${cfg.dataDir}/vpncmd/vpncmd ${cfg.dataDir}/vpncmd/vpncmd
ln -s ${cfg.package}${cfg.dataDir}/vpncmd/vpncmd ${cfg.dataDir}/vpncmd/vpncmd
'';
};
}
@ -83,17 +92,17 @@ in
(mkIf (cfg.vpnserver.enable) {
systemd.services.vpnserver = {
description = "SoftEther VPN Server";
after = [ "softether-init.service" "network.target" ];
wants = [ "softether-init.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "softether-init.service" ];
requires = [ "softether-init.service" ];
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${pkg}/bin/vpnserver start";
ExecStop = "${pkg}/bin/vpnserver stop";
ExecStart = "${cfg.package}/bin/vpnserver start";
ExecStop = "${cfg.package}/bin/vpnserver stop";
};
preStart = ''
rm -rf ${cfg.dataDir}/vpnserver/vpnserver
ln -s ${pkg}${cfg.dataDir}/vpnserver/vpnserver ${cfg.dataDir}/vpnserver/vpnserver
ln -s ${cfg.package}${cfg.dataDir}/vpnserver/vpnserver ${cfg.dataDir}/vpnserver/vpnserver
'';
postStop = ''
rm -rf ${cfg.dataDir}/vpnserver/vpnserver
@ -104,17 +113,17 @@ in
(mkIf (cfg.vpnbridge.enable) {
systemd.services.vpnbridge = {
description = "SoftEther VPN Bridge";
after = [ "softether-init.service" "network.target" ];
wants = [ "softether-init.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "softether-init.service" ];
requires = [ "softether-init.service" ];
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${pkg}/bin/vpnbridge start";
ExecStop = "${pkg}/bin/vpnbridge stop";
ExecStart = "${cfg.package}/bin/vpnbridge start";
ExecStop = "${cfg.package}/bin/vpnbridge stop";
};
preStart = ''
rm -rf ${cfg.dataDir}/vpnbridge/vpnbridge
ln -s ${pkg}${cfg.dataDir}/vpnbridge/vpnbridge ${cfg.dataDir}/vpnbridge/vpnbridge
ln -s ${cfg.package}${cfg.dataDir}/vpnbridge/vpnbridge ${cfg.dataDir}/vpnbridge/vpnbridge
'';
postStop = ''
rm -rf ${cfg.dataDir}/vpnbridge/vpnbridge
@ -125,17 +134,17 @@ in
(mkIf (cfg.vpnclient.enable) {
systemd.services.vpnclient = {
description = "SoftEther VPN Client";
after = [ "softether-init.service" "network.target" ];
wants = [ "softether-init.service" ];
wantedBy = [ "multi-user.target" ];
after = [ "softether-init.service" ];
requires = [ "softether-init.service" ];
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${pkg}/bin/vpnclient start";
ExecStop = "${pkg}/bin/vpnclient stop";
ExecStart = "${cfg.package}/bin/vpnclient start";
ExecStop = "${cfg.package}/bin/vpnclient stop";
};
preStart = ''
rm -rf ${cfg.dataDir}/vpnclient/vpnclient
ln -s ${pkg}${cfg.dataDir}/vpnclient/vpnclient ${cfg.dataDir}/vpnclient/vpnclient
ln -s ${cfg.package}${cfg.dataDir}/vpnclient/vpnclient ${cfg.dataDir}/vpnclient/vpnclient
'';
postStart = ''
sleep 1

2
nixos/modules/services/networking/unbound.nix
View File

@ -105,7 +105,7 @@ in
description = "Unbound recursive Domain Name Server";
after = [ "network.target" ];
before = [ "nss-lookup.target" ];
wants = [" nss-lookup.target" ];
wants = [ "nss-lookup.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''

2
nixos/modules/services/networking/znc.nix
View File

@ -329,7 +329,7 @@ in
};
mutable = mkOption {
default = false;
default = true;
type = types.bool;
description = ''
Indicates whether to allow the contents of the `dataDir` directory to be changed

4
nixos/modules/services/scheduling/atd.nix
View File

@ -42,6 +42,8 @@ in
config = mkIf cfg.enable {
# Not wrapping "batch" because it's a shell script (kernel drops perms
# anyway) and it's patched to invoke the "at" setuid wrapper.
security.wrappers = builtins.listToAttrs (
map (program: { name = "${program}"; value = {
source = "${at}/bin/${program}";
@ -49,7 +51,7 @@ in
group = "atd";
setuid = true;
setgid = true;
};}) [ "at" "atq" "atrm" "batch" ]);
};}) [ "at" "atq" "atrm" ]);
environment.systemPackages = [ at ];

7
nixos/modules/services/scheduling/fcron.nix
View File

@ -137,10 +137,7 @@ in
after = [ "local-fs.target" ];
wantedBy = [ "multi-user.target" ];
# FIXME use specific path
environment = {
PATH = "/run/current-system/sw/bin";
};
path = [ pkgs.fcron ];
preStart = ''
install \
@ -149,7 +146,7 @@ in
--group fcron \
--directory /var/spool/fcron
# load system crontab file
/run/wrappers/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab}
/run/wrappers/bin/fcrontab -u systab - < ${pkgs.writeText "systab" cfg.systab}
'';
serviceConfig = {

14
nixos/modules/services/security/hologram-server.nix
View File

@ -23,8 +23,6 @@ let
stats = cfg.statsAddress;
listen = cfg.listenAddress;
});
script = "${pkgs.hologram.bin}/bin/hologram-server --debug --conf ${cfgFile}";
in {
options = {
services.hologram-server = {
@ -96,15 +94,9 @@ in {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
inherit script;
};
docker-containers.hologram-server = {
inherit script;
};
trivial-services.hologram-server = {
inherit script;
serviceConfig = {
ExecStart = "${pkgs.hologram.bin}/bin/hologram-server --debug --conf ${cfgFile}";
};
};
};
}

2
nixos/modules/services/security/sshguard.nix
View File

@ -89,7 +89,7 @@ in {
environment.systemPackages = [ pkgs.sshguard pkgs.iptables pkgs.ipset ];
environment.etc."sshguard.conf".text = let
environment.etc."sshguard.conf".text = let
list_services = ( name: "-t ${name} ");
in ''
BACKEND="${pkgs.sshguard}/libexec/sshg-fw-ipset"

10
nixos/modules/services/web-apps/mattermost.nix
View File

@ -184,10 +184,12 @@ in
fi
'' + lib.optionalString cfg.localDatabaseCreate ''
if ! test -e "${cfg.statePath}/.db-created"; then
${config.services.postgresql.package}/bin/psql postgres -c \
"CREATE ROLE ${cfg.localDatabaseUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${cfg.localDatabasePassword}'"
${config.services.postgresql.package}/bin/createdb \
--owner ${cfg.localDatabaseUser} ${cfg.localDatabaseName}
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} \
${config.services.postgresql.package}/bin/psql postgres -c \
"CREATE ROLE ${cfg.localDatabaseUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${cfg.localDatabasePassword}'"
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} \
${config.services.postgresql.package}/bin/createdb \
--owner ${cfg.localDatabaseUser} ${cfg.localDatabaseName}
touch ${cfg.statePath}/.db-created
fi
'' + ''

6
nixos/modules/services/web-servers/lighttpd/default.nix
View File

@ -15,7 +15,8 @@ let
# Some modules are always imported and should not appear in the config:
# disallowedModules = [ "mod_indexfile" "mod_dirlisting" "mod_staticfile" ];
#
# Get full module list: "ls -1 $lighttpd/lib/*.so"
# For full module list, see the output of running ./configure in the lighttpd
# source.
allKnownModules = [
"mod_rewrite"
"mod_redirect"
@ -38,12 +39,15 @@ let
"mod_accesslog"
# Remaining list of modules, order assumed to be unimportant.
"mod_authn_file"
"mod_authn_gssapi"
"mod_authn_ldap"
"mod_authn_mysql"
"mod_cml"
"mod_deflate"
"mod_evasive"
"mod_extforward"
"mod_flv_streaming"
"mod_geoip"
"mod_magnet"
"mod_mysql_vhost"
"mod_scgi"

115
nixos/modules/services/web-servers/traefik.nix Normal file
View File

@ -0,0 +1,115 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.traefik;
configFile =
if cfg.configFile == null then
pkgs.runCommand "config.toml" {
buildInputs = [ pkgs.remarshal ];
} ''
remarshal -if json -of toml \
< ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \
> $out
''
else cfg.configFile;
in {
options.services.traefik = {
enable = mkEnableOption "Traefik web server";
configFile = mkOption {
default = null;
example = literalExample "/path/to/config.toml";
type = types.nullOr types.path;
description = ''
Path to verbatim traefik.toml to use.
(Using that option has precedence over <literal>configOptions</literal>)
'';
};
configOptions = mkOption {
description = ''
Config for Traefik.
'';
type = types.attrs;
default = {
defaultEntryPoints = ["http"];
entryPoints.http.address = ":80";
};
example = {
defaultEntrypoints = [ "http" ];
web.address = ":8080";
entryPoints.http.address = ":80";
file = {};
frontends = {
frontend1 = {
backend = "backend1";
routes.test_1.rule = "Host:localhost";
};
};
backends.backend1 = {
servers.server1.url = "http://localhost:8000";
};
};
};
dataDir = mkOption {
default = "/var/lib/traefik";
type = types.path;
description = ''
Location for any persistent data traefik creates, ie. acme
'';
};
package = mkOption {
default = pkgs.traefik;
defaultText = "pkgs.traefik";
type = types.package;
description = "Traefik package to use.";
};
};
config = mkIf cfg.enable {
systemd.services.traefik = {
description = "Traefik web server";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
PermissionsStartOnly = true;
ExecStart = ''${cfg.package.bin}/bin/traefik --configfile=${configFile}'';
ExecStartPre = [
''${pkgs.coreutils}/bin/mkdir -p "${cfg.dataDir}"''
''${pkgs.coreutils}/bin/chmod 700 "${cfg.dataDir}"''
''${pkgs.coreutils}/bin/chown -R traefik:traefik "${cfg.dataDir}"''
];
Type = "simple";
User = "traefik";
Group = "traefik";
Restart = "on-failure";
StartLimitInterval = 86400;
StartLimitBurst = 5;
AmbientCapabilities = "cap_net_bind_service";
CapabilityBoundingSet = "cap_net_bind_service";
NoNewPrivileges = true;
LimitNPROC = 64;
LimitNOFILE = 1048576;
PrivateTmp = true;
PrivateDevices = true;
ProtectHome = true;
ProtectSystem = "full";
ReadWriteDirectories = cfg.dataDir;
};
};
users.extraUsers.traefik = {
group = "traefik";
home = cfg.dataDir;
createHome = true;
};
users.extraGroups.traefik = {};
};
}

19
nixos/modules/services/x11/compton.nix
View File

@ -7,7 +7,12 @@ let
cfg = config.services.compton;
configFile = pkgs.writeText "compton.conf"
configFile = let
opacityRules = optionalString (length cfg.opacityRules != 0)
(concatStringsSep "\n"
(map (a: "opacity-rule = [ \"${a}\" ];") cfg.opacityRules)
);
in pkgs.writeText "compton.conf"
(optionalString cfg.fade ''
# fading
fading = true;
@ -30,7 +35,9 @@ let
active-opacity = ${cfg.activeOpacity};
inactive-opacity = ${cfg.inactiveOpacity};
menu-opacity = ${cfg.menuOpacity};
${opacityRules}
# other options
backend = ${toJSON cfg.backend};
vsync = ${toJSON cfg.vSync};
@ -155,6 +162,14 @@ in {
'';
};
opacityRules = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Opacity rules to be handled by compton.
'';
};
backend = mkOption {
type = types.str;
default = "glx";

1
nixos/modules/services/x11/desktop-managers/mate.nix
View File

@ -72,6 +72,7 @@ in
];
services.gnome3.gnome-keyring.enable = true;
services.upower.enable = config.powerManagement.enable;
environment.pathsToLink = [ "/share" ];
};

3
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -142,7 +142,8 @@ in
kde-gtk-config breeze-gtk
phonon-backend-gstreamer
libsForQt56.phonon-backend-gstreamer
libsForQt5.phonon-backend-gstreamer
]
++ lib.optionals cfg.enableQt4Support [ breeze-qt4 pkgs.phonon-backend-gstreamer ]

15
nixos/modules/services/x11/hardware/libinput.nix
View File

@ -75,12 +75,13 @@ in {
default = null;
description =
''
Enables a click method. Permitted values are none, buttonareas, clickfinger.
Enables a click method. Permitted values are <literal>none</literal>,
<literal>buttonareas</literal>, <literal>clickfinger</literal>.
Not all devices support all methods, if an option is unsupported,
the default click method for this device is used.
the default click method for this device is used.
'';
};
leftHanded = mkOption {
type = types.bool;
default = false;
@ -96,7 +97,7 @@ in {
simultaneously produces a middle mouse button click.
'';
};
naturalScrolling = mkOption {
type = types.bool;
default = false;
@ -120,7 +121,8 @@ in {
example = "edge";
description =
''
Specify the scrolling method.
Specify the scrolling method: <literal>twofinger</literal>, <literal>edge</literal>,
or <literal>none</literal>
'';
};
@ -141,7 +143,8 @@ in {
example = "disabled";
description =
''
Sets the send events mode to disabled, enabled, or "disable when an external mouse is connected".
Sets the send events mode to <literal>disabled</literal>, <literal>enabled</literal>,
or <literal>disabled-on-external-mouse</literal>
'';
};

92
nixos/modules/services/x11/xautolock.nix
View File

@ -31,7 +31,17 @@ in
type = types.string;
description = ''
The script to use when locking the computer.
The script to use when automatically locking the computer.
'';
};
nowlocker = mkOption {
default = null;
example = "i3lock -i /path/to/img";
type = types.nullOr types.string;
description = ''
The script to use when manually locking the computer with <command>xautolock -locknow</command>.
'';
};
@ -45,28 +55,82 @@ in
};
notifier = mkOption {
default = "notify-send 'Locking in 10 seconds'";
type = types.string;
default = null;
example = literalExample ''
"${pkgs.libnotify}/bin/notify-send \"Locking in 10 seconds\""
'';
type = types.nullOr types.string;
description = ''
Notification script to be used to warn about the pending autolock.
'';
};
killer = mkOption {
default = null; # default according to `man xautolock` is none
example = "systemctl suspend";
type = types.nullOr types.string;
description = ''
The script to use when nothing has happend for as long as <option>killtime</option>
'';
};
killtime = mkOption {
default = 20; # default according to `man xautolock`
type = types.int;
description = ''
Minutes xautolock waits until it executes the script specified in <option>killer</option>
(Has to be at least 10 minutes)
'';
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "-detectsleep" ];
description = ''
Additional command-line arguments to pass to
<command>xautolock</command>.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ xautolock ];
services.xserver.displayManager.sessionCommands = with builtins; with pkgs; ''
${xautolock}/bin/xautolock \
${concatStringsSep " \\\n" ([
"-time ${toString(cfg.time)}"
"-locker ${cfg.locker}"
] ++ optional cfg.enableNotifier (concatStringsSep " " [
"-notify ${toString(cfg.notify)}"
"-notifier \"${cfg.notifier}\""
]))} &
'';
systemd.user.services.xautolock = {
description = "xautolock service";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = with lib; {
ExecStart = strings.concatStringsSep " " ([
"${pkgs.xautolock}/bin/xautolock"
"-noclose"
"-time ${toString cfg.time}"
"-locker '${cfg.locker}'"
] ++ optionals cfg.enableNotifier [
"-notify ${toString cfg.notify}"
"-notifier '${cfg.notifier}'"
] ++ optionals (cfg.nowlocker != null) [
"-nowlocker '${cfg.nowlocker}'"
] ++ optionals (cfg.killer != null) [
"-killer '${cfg.killer}'"
"-killtime ${toString cfg.killtime}"
] ++ cfg.extraOptions);
Restart = "always";
};
};
assertions = [
{
assertion = cfg.enableNotifier -> cfg.notifier != null;
message = "When enabling the notifier for xautolock, you also need to specify the notify script";
}
{
assertion = cfg.killer != null -> cfg.killtime >= 10;
message = "killtime has to be at least 10 minutes according to `man xautolock`";
}
];
};
}

17
nixos/modules/system/boot/kernel.nix
View File

@ -193,11 +193,6 @@ in
"sd_mod"
"sr_mod"
# Standard IDE stuff.
"ide_cd"
"ide_disk"
"ide_generic"
# SD cards and internal eMMC drives.
"mmc_block"
@ -211,21 +206,11 @@ in
"xhci_hcd"
"xhci_pci"
"usbhid"
"hid_generic" "hid_lenovo"
"hid_apple" "hid_logitech_dj" "hid_lenovo_tpkbd" "hid_roccat"
"hid_generic" "hid_lenovo" "hid_apple" "hid_roccat"
# Misc. keyboard stuff.
"pcips2" "atkbd" "i8042"
# Temporary fix for https://github.com/NixOS/nixpkgs/issues/18451
# Remove as soon as upstream gets fixed - marking it:
# TODO
# FIXME
"i8042"
# To wait for SCSI devices to appear.
"scsi_wait_scan"
# Needed by the stage 2 init script.
"rtc_cmos"
];

2
nixos/modules/system/boot/loader/grub/install-grub.pl
View File

@ -197,7 +197,7 @@ sub GrubFs {
if ($status != 0) {
die "Failed to retrieve subvolume info for @{[$fs->mount]}\n";
}
my @ids = join("", @id_info) =~ m/Subvolume ID:[ \t\n]*([^ \t\n]*)/;
my @ids = join("\n", @id_info) =~ m/^(?!\/\n).*Subvolume ID:[ \t\n]*([0-9]+)/s;
if ($#ids > 0) {
die "Btrfs subvol name for @{[$fs->device]} listed multiple times in mount\n"
} elsif ($#ids == 0) {

3
nixos/modules/tasks/encrypted-devices.nix
View File

@ -36,7 +36,7 @@ let
keyFile = mkOption {
default = null;
example = "/root/.swapkey";
example = "/mnt-root/root/.swapkey";
type = types.nullOr types.str;
description = "File system location of keyfile. This unlocks the drive after the root has been mounted to <literal>/mnt-root</literal>.";
};
@ -67,7 +67,6 @@ in
luks = {
devices =
map (dev: { name = dev.encrypted.label; device = dev.encrypted.blkDev; } ) keylessEncDevs;
cryptoModules = [ "aes" "sha256" "sha1" "xts" ];
forceLuksSupportInInitrd = true;
};
postMountCommands =

3
nixos/modules/tasks/filesystems/ext.nix
View File

@ -5,7 +5,8 @@
system.fsPackages = [ pkgs.e2fsprogs ];
boot.initrd.availableKernelModules = [ "ext2" "ext3" "ext4" ];
# As of kernel 4.3, there is no separate ext3 driver (they're also handled by ext4.ko)
boot.initrd.availableKernelModules = [ "ext2" "ext4" ];
boot.initrd.extraUtilsCommands =
''

1
nixos/modules/tasks/powertop.nix
View File

@ -16,6 +16,7 @@ in {
powertop = {
wantedBy = [ "multi-user.target" ];
description = "Powertop tunings";
path = [ pkgs.kmod ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";

6
nixos/modules/virtualisation/brightbox-image.nix
View File

@ -33,9 +33,9 @@ in
}
''
# Create partition table
${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted /dev/vda mkpart primary ext4 1 ${diskSize}
${pkgs.parted}/sbin/parted /dev/vda print
${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted --script /dev/vda mkpart primary ext4 1 ${diskSize}
${pkgs.parted}/sbin/parted --script /dev/vda print
. /sys/class/block/vda1/uevent
mknod /dev/vda1 b $MAJOR $MINOR

18
nixos/modules/virtualisation/ec2-amis.nix
View File

@ -223,5 +223,21 @@ let self = {
"17.03".us-west-2.hvm-ebs = "ami-a93daac9";
"17.03".us-west-2.hvm-s3 = "ami-5139ae31";
latest = self."17.03";
# 17.09.1483.d0f0657ca0
"17.09".eu-west-1.hvm-ebs = "ami-cf33e7b6";
"17.09".eu-west-2.hvm-ebs = "ami-7d061419";
"17.09".eu-central-1.hvm-ebs = "ami-7548fa1a";
"17.09".us-east-1.hvm-ebs = "ami-6f669d15";
"17.09".us-east-2.hvm-ebs = "ami-cbe1ccae";
"17.09".us-west-1.hvm-ebs = "ami-9d95a5fd";
"17.09".us-west-2.hvm-ebs = "ami-d3956fab";
"17.09".ca-central-1.hvm-ebs = "ami-ee4ef78a";
"17.09".ap-southeast-1.hvm-ebs = "ami-1dfc807e";
"17.09".ap-southeast-2.hvm-ebs = "ami-dcb350be";
"17.09".ap-northeast-1.hvm-ebs = "ami-00ec3d66";
"17.09".ap-northeast-2.hvm-ebs = "ami-1107dd7f";
"17.09".sa-east-1.hvm-ebs = "ami-0377086f";
"17.09".ap-south-1.hvm-ebs = "ami-4a064625";
latest = self."17.09";
}; in self

7
nixos/modules/virtualisation/grow-partition.nix
View File

@ -24,7 +24,12 @@ with lib;
copy_bin_and_libs ${pkgs.gnused}/bin/sed
copy_bin_and_libs ${pkgs.utillinux}/sbin/sfdisk
copy_bin_and_libs ${pkgs.utillinux}/sbin/lsblk
cp -v ${pkgs.cloud-utils}/bin/.growpart-wrapped $out/bin/growpart
substitute "${pkgs.cloud-utils}/bin/.growpart-wrapped" "$out/bin/growpart" \
--replace "${pkgs.bash}/bin/sh" "/bin/sh" \
--replace "awk" "gawk" \
--replace "sed" "gnused"
ln -s sed $out/bin/gnused
'';

12
nixos/release-combined.nix
View File

@ -42,12 +42,11 @@ in rec {
name = "nixos-${nixos.channel.version}";
meta = {
description = "Release-critical builds for the NixOS channel";
maintainers = [ pkgs.lib.maintainers.eelco ];
maintainers = with pkgs.lib.maintainers; [ eelco fpletz ];
};
constituents =
let
all = x: map (system: x.${system})
(supportedSystems ++ limitedSupportedSystems);
all = x: map (system: x.${system}) supportedSystems;
in [
nixos.channel
(all nixos.dummy)
@ -61,7 +60,7 @@ in rec {
nixos.tests.chromium
(all nixos.tests.firefox)
(all nixos.tests.firewall)
nixos.tests.gnome3.x86_64-linux # FIXME: i686-linux
(all nixos.tests.gnome3)
nixos.tests.installer.zfsroot.x86_64-linux # ZFS is 64bit only
(all nixos.tests.installer.lvm)
(all nixos.tests.installer.luksroot)
@ -80,9 +79,8 @@ in rec {
(all nixos.tests.boot.uefiCdrom)
(all nixos.tests.boot.uefiUsb)
(all nixos.tests.boot-stage1)
nixos.tests.hibernate.x86_64-linux # i686 is flaky, see #23107
(all nixos.tests.hibernate)
nixos.tests.docker
nixos.tests.docker-edge
(all nixos.tests.ecryptfs)
(all nixos.tests.env)
(all nixos.tests.ipv6)
@ -93,7 +91,7 @@ in rec {
(all nixos.tests.keymap.dvp)
(all nixos.tests.keymap.neo)
(all nixos.tests.keymap.qwertz)
nixos.tests.plasma5.x86_64-linux # avoid big build on i686
(all nixos.tests.plasma5)
#(all nixos.tests.lightdm)
(all nixos.tests.login)
(all nixos.tests.misc)

4
nixos/release.nix
View File

@ -214,6 +214,7 @@ in rec {
# Run the tests for each platform. You can run a test by doing
# e.g. nix-build -A tests.login.x86_64-linux, or equivalently,
# nix-build tests/login.nix -A result.
tests.atd = callTest tests/atd.nix {};
tests.acme = callTest tests/acme.nix {};
tests.avahi = callTest tests/avahi.nix {};
tests.bittorrent = callTest tests/bittorrent.nix {};
@ -249,6 +250,7 @@ in rec {
tests.firewall = callTest tests/firewall.nix {};
tests.fleet = hydraJob (import tests/fleet.nix { system = "x86_64-linux"; });
#tests.gitlab = callTest tests/gitlab.nix {};
tests.gitolite = callTest tests/gitolite.nix {};
tests.glance = callTest tests/glance.nix {};
tests.gocd-agent = callTest tests/gocd-agent.nix {};
tests.gocd-server = callTest tests/gocd-server.nix {};
@ -303,8 +305,10 @@ in rec {
#tests.panamax = hydraJob (import tests/panamax.nix { system = "x86_64-linux"; });
tests.peerflix = callTest tests/peerflix.nix {};
tests.postgresql = callSubTests tests/postgresql.nix {};
tests.postgis = callTest tests/postgis.nix {};
#tests.pgjwt = callTest tests/pgjwt.nix {};
tests.printing = callTest tests/printing.nix {};
tests.prometheus = callTest tests/prometheus.nix {};
tests.proxy = callTest tests/proxy.nix {};
tests.pumpio = callTest tests/pump.io.nix {};
# tests.quagga = callTest tests/quagga.nix {};

36
nixos/tests/atd.nix Normal file
View File

@ -0,0 +1,36 @@
import ./make-test.nix ({ pkgs, lib, ... }:
{
name = "atd";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ bjornfor ];
};
machine =
{ config, pkgs, ... }:
{ services.atd.enable = true;
users.extraUsers.alice = { isNormalUser = true; };
};
# "at" has a resolution of 1 minute
testScript = ''
startAll;
$machine->fail("test -f ~root/at-1");
$machine->fail("test -f ~root/batch-1");
$machine->fail("test -f ~alice/at-1");
$machine->fail("test -f ~alice/batch-1");
$machine->succeed("echo 'touch ~root/at-1' | at now+1min");
$machine->succeed("echo 'touch ~root/batch-1' | batch");
$machine->succeed("su - alice -c \"echo 'touch at-1' | at now+1min\"");
$machine->succeed("su - alice -c \"echo 'touch batch-1' | batch\"");
$machine->succeed("sleep 1.5m");
$machine->succeed("test -f ~root/at-1");
$machine->succeed("test -f ~root/batch-1");
$machine->succeed("test -f ~alice/at-1");
$machine->succeed("test -f ~alice/batch-1");
'';
})

139
nixos/tests/gitolite.nix Normal file
View File

@ -0,0 +1,139 @@
import ./make-test.nix ({ pkgs, ...}:
let
adminPrivateKey = pkgs.writeText "id_ed25519" ''
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3gAAAJBJiYxDSYmM
QwAAAAtzc2gtZWQyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3g
AAAEDE1W6vMwSEUcF1r7Hyypm/+sCOoDmKZgPxi3WOa1mD2u7urFhAA90BTpGuEHeWWTY3
W/g9PBxXNxfWhfbrm4LeAAAACGJmb0BtaW5pAQIDBAU=
-----END OPENSSH PRIVATE KEY-----
'';
adminPublicKey = pkgs.writeText "id_ed25519.pub" ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client
'';
alicePrivateKey = pkgs.writeText "id_ed25519" ''
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO
VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ
AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH
Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU=
-----END OPENSSH PRIVATE KEY-----
'';
alicePublicKey = pkgs.writeText "id_ed25519.pub" ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB alice@client
'';
bobPrivateKey = pkgs.writeText "id_ed25519" ''
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMAAAAJDQBmNV0AZj
VQAAAAtzc2gtZWQyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMA
AAAEDM1IYYFUwk/IVxauha9kuR6bbRtT3gZ6ZA0GLb9txb/pZNonUP1ePHLrvn0W9D2hdN
6zWWZYFyJc+QR6pOKQEwAAAACGJmb0BtaW5pAQIDBAU=
-----END OPENSSH PRIVATE KEY-----
'';
bobPublicKey = pkgs.writeText "id_ed25519.pub" ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client
'';
gitoliteAdminConfSnippet = ''
repo alice-project
RW+ = alice
'';
in
{
name = "gitolite";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ bjornfor ];
};
nodes = {
server =
{ config, pkgs, lib, ... }:
{
services.gitolite = {
enable = true;
adminPubkey = builtins.readFile adminPublicKey;
};
services.openssh.enable = true;
};
client =
{ config, pkgs, lib, ... }:
{
environment.systemPackages = [ pkgs.git ];
programs.ssh.extraConfig = ''
Host *
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
# there's nobody around that can input password
PreferredAuthentications publickey
'';
users.extraUsers.alice = { isNormalUser = true; };
users.extraUsers.bob = { isNormalUser = true; };
};
};
testScript = ''
startAll;
subtest "can setup ssh keys on system", sub {
$client->mustSucceed("mkdir -p ~root/.ssh");
$client->mustSucceed("cp ${adminPrivateKey} ~root/.ssh/id_ed25519");
$client->mustSucceed("chmod 600 ~root/.ssh/id_ed25519");
$client->mustSucceed("sudo -u alice mkdir -p ~alice/.ssh");
$client->mustSucceed("sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519");
$client->mustSucceed("sudo -u alice chmod 600 ~alice/.ssh/id_ed25519");
$client->mustSucceed("sudo -u bob mkdir -p ~bob/.ssh");
$client->mustSucceed("sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519");
$client->mustSucceed("sudo -u bob chmod 600 ~bob/.ssh/id_ed25519");
};
subtest "gitolite server starts", sub {
$server->waitForUnit("gitolite-init.service");
$server->waitForUnit("sshd.service");
$client->mustSucceed('ssh gitolite@server info');
};
subtest "admin can clone and configure gitolite-admin.git", sub {
$client->mustSucceed('git clone gitolite@server:gitolite-admin.git');
$client->mustSucceed("git config --global user.name 'System Administrator'");
$client->mustSucceed("git config --global user.email root\@domain.example");
$client->mustSucceed("cp ${alicePublicKey} gitolite-admin/keydir/alice.pub");
$client->mustSucceed("cp ${bobPublicKey} gitolite-admin/keydir/bob.pub");
$client->mustSucceed('(cd gitolite-admin && git add . && git commit -m "Add keys for alice, bob" && git push)');
$client->mustSucceed("printf '${gitoliteAdminConfSnippet}' >> gitolite-admin/conf/gitolite.conf");
$client->mustSucceed('(cd gitolite-admin && git add . && git commit -m "Add repo for alice" && git push)');
};
subtest "non-admins cannot clone gitolite-admin.git", sub {
$client->mustFail('sudo -i -u alice git clone gitolite@server:gitolite-admin.git');
$client->mustFail('sudo -i -u bob git clone gitolite@server:gitolite-admin.git');
};
subtest "non-admins can clone testing.git", sub {
$client->mustSucceed('sudo -i -u alice git clone gitolite@server:testing.git');
$client->mustSucceed('sudo -i -u bob git clone gitolite@server:testing.git');
};
subtest "alice can clone alice-project.git", sub {
$client->mustSucceed('sudo -i -u alice git clone gitolite@server:alice-project.git');
};
subtest "bob cannot clone alice-project.git", sub {
$client->mustFail('sudo -i -u bob git clone gitolite@server:alice-project.git');
};
'';
})

64
nixos/tests/installer.nix
View File

@ -260,9 +260,9 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted /dev/vda mklabel msdos",
"parted /dev/vda -- mkpart primary linux-swap 1M 1024M",
"parted /dev/vda -- mkpart primary ext2 1024M -1s",
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary linux-swap 1M 1024M",
"parted --script /dev/vda -- mkpart primary ext2 1024M -1s",
"udevadm settle",
"mkswap /dev/vda1 -L swap",
"swapon -L swap",
@ -277,11 +277,11 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted /dev/vda mklabel gpt",
"parted -s /dev/vda -- mkpart ESP fat32 1M 50MiB", # /boot
"parted -s /dev/vda -- set 1 boot on",
"parted -s /dev/vda -- mkpart primary linux-swap 50MiB 1024MiB",
"parted -s /dev/vda -- mkpart primary ext2 1024MiB -1MiB", # /
"parted --script /dev/vda mklabel gpt",
"parted --script /dev/vda -- mkpart ESP fat32 1M 50MiB", # /boot
"parted --script /dev/vda -- set 1 boot on",
"parted --script /dev/vda -- mkpart primary linux-swap 50MiB 1024MiB",
"parted --script /dev/vda -- mkpart primary ext2 1024MiB -1MiB", # /
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
@ -300,10 +300,10 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted /dev/vda mklabel msdos",
"parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
"parted /dev/vda -- mkpart primary linux-swap 50MB 1024M",
"parted /dev/vda -- mkpart primary ext2 1024M -1s", # /
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
"parted --script /dev/vda -- mkpart primary linux-swap 50MB 1024M",
"parted --script /dev/vda -- mkpart primary ext2 1024M -1s", # /
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
@ -321,10 +321,10 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted /dev/vda mklabel msdos",
"parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
"parted /dev/vda -- mkpart primary linux-swap 50MB 1024M",
"parted /dev/vda -- mkpart primary ext2 1024M -1s", # /
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
"parted --script /dev/vda -- mkpart primary linux-swap 50MB 1024M",
"parted --script /dev/vda -- mkpart primary ext2 1024M -1s", # /
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
@ -357,9 +357,9 @@ in {
createPartitions =
''
$machine->succeed(
"parted /dev/vda mklabel msdos",
"parted /dev/vda -- mkpart primary linux-swap 1M 1024M",
"parted /dev/vda -- mkpart primary 1024M -1s",
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary linux-swap 1M 1024M",
"parted --script /dev/vda -- mkpart primary 1024M -1s",
"udevadm settle",
"mkswap /dev/vda1 -L swap",
@ -380,11 +380,11 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted /dev/vda mklabel msdos",
"parted /dev/vda -- mkpart primary 1M 2048M", # PV1
"parted /dev/vda -- set 1 lvm on",
"parted /dev/vda -- mkpart primary 2048M -1s", # PV2
"parted /dev/vda -- set 2 lvm on",
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary 1M 2048M", # PV1
"parted --script /dev/vda -- set 1 lvm on",
"parted --script /dev/vda -- mkpart primary 2048M -1s", # PV2
"parted --script /dev/vda -- set 2 lvm on",
"udevadm settle",
"pvcreate /dev/vda1 /dev/vda2",
"vgcreate MyVolGroup /dev/vda1 /dev/vda2",
@ -402,10 +402,10 @@ in {
luksroot = makeInstallerTest "luksroot"
{ createPartitions = ''
$machine->succeed(
"parted /dev/vda mklabel msdos",
"parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
"parted /dev/vda -- mkpart primary linux-swap 50M 1024M",
"parted /dev/vda -- mkpart primary 1024M -1s", # LUKS
"parted --script /dev/vda mklabel msdos",
"parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
"parted --script /dev/vda -- mkpart primary linux-swap 50M 1024M",
"parted --script /dev/vda -- mkpart primary 1024M -1s", # LUKS
"udevadm settle",
"mkswap /dev/vda2 -L swap",
"swapon -L swap",
@ -434,7 +434,7 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted /dev/vda --"
"parted --script /dev/vda --"
. " mklabel msdos"
. " mkpart primary ext2 1M 100MB" # /boot
. " mkpart extended 100M -1s"
@ -469,9 +469,9 @@ in {
{ createPartitions =
''
$machine->succeed(
"parted /dev/sda mklabel msdos",
"parted /dev/sda -- mkpart primary linux-swap 1M 1024M",
"parted /dev/sda -- mkpart primary ext2 1024M -1s",
"parted --script /dev/sda mklabel msdos",
"parted --script /dev/sda -- mkpart primary linux-swap 1M 1024M",
"parted --script /dev/sda -- mkpart primary ext2 1024M -1s",
"udevadm settle",
"mkswap /dev/sda1 -L swap",
"swapon -L swap",

5
nixos/tests/krb5/default.nix Normal file
View File

@ -0,0 +1,5 @@
{ system ? builtins.currentSystem }:
{
example-config = import ./example-config.nix { inherit system; };
deprecated-config = import ./deprecated-config.nix { inherit system; };
}

48
nixos/tests/krb5/deprecated-config.nix Normal file
View File

@ -0,0 +1,48 @@
# Verifies that the configuration suggested in deprecated example values
# will result in the expected output.
import ../make-test.nix ({ pkgs, ...} : {
name = "krb5-with-deprecated-config";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ eqyiel ];
};
machine =
{ config, pkgs, ... }: {
krb5 = {
enable = true;
defaultRealm = "ATHENA.MIT.EDU";
domainRealm = "athena.mit.edu";
kdc = "kerberos.mit.edu";
kerberosAdminServer = "kerberos.mit.edu";
};
};
testScript =
let snapshot = pkgs.writeText "krb5-with-deprecated-config.conf" ''
[libdefaults]
default_realm = ATHENA.MIT.EDU
[realms]
ATHENA.MIT.EDU = {
admin_server = kerberos.mit.edu
kdc = kerberos.mit.edu
}
[domain_realm]
.athena.mit.edu = ATHENA.MIT.EDU
athena.mit.edu = ATHENA.MIT.EDU
[capaths]
[appdefaults]
[plugins]
'';
in ''
$machine->succeed("diff /etc/krb5.conf ${snapshot}");
'';
})

106
nixos/tests/krb5/example-config.nix Normal file
View File

@ -0,0 +1,106 @@
# Verifies that the configuration suggested in (non-deprecated) example values
# will result in the expected output.
import ../make-test.nix ({ pkgs, ...} : {
name = "krb5-with-example-config";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ eqyiel ];
};
machine =
{ config, pkgs, ... }: {
krb5 = {
enable = true;
kerberos = pkgs.krb5Full;
libdefaults = {
default_realm = "ATHENA.MIT.EDU";
};
realms = {
"ATHENA.MIT.EDU" = {
admin_server = "athena.mit.edu";
kdc = "athena.mit.edu";
};
};
domain_realm = {
"example.com" = "EXAMPLE.COM";
".example.com" = "EXAMPLE.COM";
};
capaths = {
"ATHENA.MIT.EDU" = {
"EXAMPLE.COM" = ".";
};
"EXAMPLE.COM" = {
"ATHENA.MIT.EDU" = ".";
};
};
appdefaults = {
pam = {
debug = false;
ticket_lifetime = 36000;
renew_lifetime = 36000;
max_timeout = 30;
timeout_shift = 2;
initial_timeout = 1;
};
};
plugins = {
ccselect = {
disable = "k5identity";
};
};
extraConfig = ''
[logging]
kdc = SYSLOG:NOTICE
admin_server = SYSLOG:NOTICE
default = SYSLOG:NOTICE
'';
};
};
testScript =
let snapshot = pkgs.writeText "krb5-with-example-config.conf" ''
[libdefaults]
default_realm = ATHENA.MIT.EDU
[realms]
ATHENA.MIT.EDU = {
admin_server = athena.mit.edu
kdc = athena.mit.edu
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
[capaths]
ATHENA.MIT.EDU = {
EXAMPLE.COM = .
}
EXAMPLE.COM = {
ATHENA.MIT.EDU = .
}
[appdefaults]
pam = {
debug = false
initial_timeout = 1
max_timeout = 30
renew_lifetime = 36000
ticket_lifetime = 36000
timeout_shift = 2
}
[plugins]
ccselect = {
disable = k5identity
}
[logging]
kdc = SYSLOG:NOTICE
admin_server = SYSLOG:NOTICE
default = SYSLOG:NOTICE
'';
in ''
$machine->succeed("diff /etc/krb5.conf ${snapshot}");
'';
})

4
nixos/tests/minio.nix
View File

@ -12,6 +12,9 @@ import ./make-test.nix ({ pkgs, ...} : {
secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12";
};
environment.systemPackages = [ pkgs.minio-client ];
# Minio requires at least 1GiB of free disk space to run.
virtualisation.diskSize = 4 * 1024;
};
};
@ -20,7 +23,6 @@ import ./make-test.nix ({ pkgs, ...} : {
startAll;
$machine->waitForUnit("minio.service");
$machine->waitForOpenPort(9000);
$machine->succeed("curl --fail http://localhost:9000/minio/index.html");
# Create a test bucket on the server
$machine->succeed("mc config host add minio http://localhost:9000 BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 S3v4");

51
nixos/tests/pgjwt.nix
View File

@ -1,42 +1,37 @@
import ./make-test.nix ({ pkgs, ...} :
import ./make-test.nix ({ pkgs, lib, ...}:
let
test = pkgs.writeText "test.sql" ''
CREATE EXTENSION pgcrypto;
CREATE EXTENSION pgjwt;
select sign('{"sub":"1234567890","name":"John Doe","admin":true}', 'secret');
select * from verify('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ', 'secret');
test = with pkgs; runCommand "patch-test" {
nativeBuildInputs = [ pgjwt ];
}
''
sed -e '12 i CREATE EXTENSION pgcrypto;\nCREATE EXTENSION pgtap;\nSET search_path TO tap,public;' ${pgjwt.src}/test.sql > $out;
'';
in
{
with pkgs; {
name = "pgjwt";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ spinus ];
meta = with lib.maintainers; {
maintainers = [ spinus willibutz ];
};
nodes = {
master =
{ pkgs, config, ... }:
{
services.postgresql = let mypg = pkgs.postgresql95; in {
enable = true;
package = mypg;
extraPlugins =[pkgs.pgjwt];
initialScript = pkgs.writeText "postgresql-init.sql"
''
CREATE ROLE postgres WITH superuser login createdb;
'';
};
master = { pkgs, config, ... }:
{
services.postgresql = {
enable = true;
extraPlugins = [ pgjwt pgtap ];
};
};
};
testScript = ''
testScript = { nodes, ... }:
let
sqlSU = "${nodes.master.config.services.postgresql.superUser}";
pgProve = "${pkgs.perlPackages.TAPParserSourceHandlerpgTAP}";
in
''
startAll;
$master->waitForUnit("postgresql");
$master->succeed("timeout 10 bash -c 'while ! psql postgres -c \"SELECT 1;\";do sleep 1;done;'");
$master->succeed("cat ${test} | psql postgres");
# I can't make original test working :[
# $master->succeed("${pkgs.perlPackages.TAPParserSourceHandlerpgTAP}/bin/pg_prove -d postgres ${pkgs.pgjwt.src}/test.sql");
$master->copyFileFromHost("${test}","/tmp/test.sql");
$master->succeed("${pkgs.sudo}/bin/sudo -u ${sqlSU} PGOPTIONS=--search_path=tap,public ${pgProve}/bin/pg_prove -d postgres -v -f /tmp/test.sql");
'';
})

10
nixos/tests/postgis.nix
View File

@ -9,15 +9,11 @@ import ./make-test.nix ({ pkgs, ...} : {
{ pkgs, config, ... }:
{
services.postgresql = let mypg = pkgs.postgresql95; in {
services.postgresql = let mypg = pkgs.postgresql100; in {
enable = true;
package = mypg;
extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }).v_2_2_1 ];
initialScript = pkgs.writeText "postgresql-init.sql"
''
CREATE ROLE postgres WITH superuser login createdb;
'';
};
extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }).v_2_4_0 ];
};
};
};

3
nixos/tests/prometheus.nix
View File

@ -5,9 +5,6 @@ import ./make-test.nix {
one = { config, pkgs, ... }: {
services.prometheus = {
enable = true;
globalConfig = {
labels = { foo = "bar"; };
};
scrapeConfigs = [{
job_name = "prometheus";
static_configs = [{

17
nixos/tests/run-in-machine.nix
View File

@ -2,7 +2,16 @@
with import ../lib/testing.nix { inherit system; };
runInMachine {
drv = pkgs.hello;
machine = { config, pkgs, ... }: { /* services.sshd.enable = true; */ };
}
let
output = runInMachine {
drv = pkgs.hello;
machine = { config, pkgs, ... }: { /* services.sshd.enable = true; */ };
};
in pkgs.runCommand "verify-output" { inherit output; } ''
if [ ! -e "$output/bin/hello" ]; then
echo "Derivation built using runInMachine produced incorrect output:" >&2
ls -laR "$output" >&2
exit 1
fi
"$output/bin/hello" > "$out"
''

4
nixos/tests/virtualbox.nix
View File

@ -107,8 +107,8 @@ let
buildInputs = [ pkgs.utillinux pkgs.perl ];
} ''
${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos
${pkgs.parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s
. /sys/class/block/vda1/uevent
mknod /dev/vda1 b $MAJOR $MINOR

4
pkgs/applications/altcoins/bitcoin-abc.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, pkgconfig, autoreconfHook, openssl, db48, boost
, zlib, miniupnpc, qt5, utillinux, protobuf, qrencode, libevent
, zlib, miniupnpc, qtbase ? null , qttools ? null, utillinux, protobuf, qrencode, libevent
, withGui }:
with stdenv.lib;
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig autoreconfHook ];
buildInputs = [ openssl db48 boost zlib
miniupnpc utillinux protobuf libevent ]
++ optionals withGui [ qt5.qtbase qt5.qttools qrencode ];
++ optionals withGui [ qtbase qttools qrencode ];
configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ]
++ optionals withGui [ "--with-gui=qt5" ];

8
pkgs/applications/altcoins/bitcoin-classic.nix
View File

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, pkgconfig, autoreconfHook, openssl, db48, boost
, zlib, miniupnpc, qt4, utillinux, protobuf, qrencode, libevent
, zlib, miniupnpc, qtbase ? null, qttools ? null, utillinux, protobuf, qrencode, libevent
, withGui }:
with stdenv.lib;
@ -16,13 +16,15 @@ stdenv.mkDerivation rec {
sha256 = "129gkg035gv7zmc463jl2spvdh0fl4q8v4jdaslfnp34hbwi1p07";
};
patches = [ ./fix-bitcoin-qt-build.patch ];
nativeBuildInputs = [ pkgconfig autoreconfHook ];
buildInputs = [ openssl db48 boost zlib
miniupnpc utillinux protobuf libevent ]
++ optionals withGui [ qt4 qrencode ];
++ optionals withGui [ qtbase qttools qrencode ];
configureFlags = [ "--with-boost-libdir=${boost.out}/lib" ]
++ optionals withGui [ "--with-gui=qt4" ];
++ optionals withGui [ "--with-gui=qt5" ];
meta = {
description = "Peer-to-peer electronic cash system (Classic client)";

11
pkgs/applications/altcoins/default.nix
View File

@ -1,17 +1,17 @@
{ callPackage, boost155, boost162, boost163, openssl_1_1_0, haskellPackages }:
{ callPackage, boost155, boost162, boost163, openssl_1_1_0, haskellPackages, darwin, libsForQt5 }:
rec {
bitcoin = callPackage ./bitcoin.nix { withGui = true; };
bitcoind = callPackage ./bitcoin.nix { withGui = false; };
bitcoin-abc = callPackage ./bitcoin-abc.nix { withGui = true; };
bitcoin-abc = libsForQt5.callPackage ./bitcoin-abc.nix { withGui = true; };
bitcoind-abc = callPackage ./bitcoin-abc.nix { withGui = false; };
bitcoin-unlimited = callPackage ./bitcoin-unlimited.nix { withGui = true; };
bitcoind-unlimited = callPackage ./bitcoin-unlimited.nix { withGui = false; };
bitcoin-classic = callPackage ./bitcoin-classic.nix { withGui = true; };
bitcoin-classic = libsForQt5.callPackage ./bitcoin-classic.nix { withGui = true; };
bitcoind-classic = callPackage ./bitcoin-classic.nix { withGui = false; };
bitcoin-xt = callPackage ./bitcoin-xt.nix { withGui = true; };
@ -26,7 +26,10 @@ rec {
dogecoind = callPackage ./dogecoin.nix { withGui = false; };
freicoin = callPackage ./freicoin.nix { boost = boost155; };
go-ethereum = callPackage ./go-ethereum.nix { };
go-ethereum = callPackage ./go-ethereum.nix {
inherit (darwin) libobjc;
inherit (darwin.apple_sdk.frameworks) IOKit;
};
go-ethereum-classic = callPackage ./go-ethereum-classic { };
hivemind = callPackage ./hivemind.nix { withGui = true; };

4
pkgs/applications/altcoins/go-ethereum-classic/default.nix
View File

@ -2,7 +2,7 @@
buildGoPackage rec {
name = "go-ethereum-classic-${version}";
version = "3.5.86";
version = "4.0.0";
goPackagePath = "github.com/ethereumproject/go-ethereum";
subPackages = [ "cmd/evm" "cmd/geth" ];
@ -10,7 +10,7 @@ buildGoPackage rec {
src = fetchgit {
rev = "v${version}";
url = "https://github.com/ethereumproject/go-ethereum";
sha256 = "1k59hl3qvx4422zqlp259566fnxq5bs67jhm0v6a1zfr1k8iqzwh";
sha256 = "06f1w7s45q4zva1xjrx92xinsdrixl0m6zhx5hvdjmg3xqcbwr79";
};
goDeps = ./deps.nix;

18
pkgs/applications/altcoins/go-ethereum.nix
View File

@ -1,10 +1,14 @@
{ stdenv, lib, buildGoPackage, fetchFromGitHub }:
{ stdenv, lib, buildGoPackage, fetchFromGitHub, libobjc, IOKit }:
buildGoPackage rec {
name = "go-ethereum-${version}";
version = "1.7.0";
version = "1.7.2";
goPackagePath = "github.com/ethereum/go-ethereum";
# Fix for usb-related segmentation faults on darwin
propagatedBuildInputs =
stdenv.lib.optionals stdenv.isDarwin [ libobjc IOKit ];
# Fixes Cgo related build failures (see https://github.com/NixOS/nixpkgs/issues/25959 )
hardeningDisable = [ "fortify" ];
@ -12,17 +16,9 @@ buildGoPackage rec {
owner = "ethereum";
repo = "go-ethereum";
rev = "v${version}";
sha256 = "0ybjaiyrfb320rab6a5r9iiqvkrcd8b2qvixzx0kjmc4a7l1q5zh";
sha256 = "11n77zlf8qixhx26sqf33v911716msi6h0z4ng8gxhzhznrn2nrd";
};
# Fix cyclic referencing on Darwin
postInstall = stdenv.lib.optionalString (stdenv.isDarwin) ''
for file in $bin/bin/*; do
# Not all files are referencing $out/lib so consider this step non-critical
install_name_tool -delete_rpath $out/lib $file || true
done
'';
meta = with stdenv.lib; {
homepage = https://ethereum.github.io/go-ethereum/;
description = "Official golang implementation of the Ethereum protocol";

8
pkgs/applications/audio/ardour/default.nix
View File

@ -16,7 +16,7 @@ let
# "git describe" when _not_ on an annotated tag(!): MAJOR.MINOR-REV-HASH.
# Version to build.
tag = "5.11";
tag = "5.12";
in
@ -25,12 +25,12 @@ stdenv.mkDerivation rec {
src = fetchgit {
url = "git://git.ardour.org/ardour/ardour.git";
rev = "bd40b9132cbac2d2b79ba0ef480bd41d837f8f71";
sha256 = "0xxxjg90jzj5cj364mlhk8srkgaghxif2jj1015bra25pffk41ay";
rev = "ae0dcdc0c5d13483271065c360e378202d20170a";
sha256 = "0mla5lm51ryikc2rrk53max2m7a5ds6i1ai921l2h95wrha45nkr";
};
buildInputs =
[ alsaLib aubio boost cairomm curl doxygen dbus fftw fftwSinglePrec flac
[ alsaLib aubio boost cairomm curl doxygen dbus fftw fftwSinglePrec flac
glibmm graphviz gtkmm2 libjack2 libgnomecanvas libgnomecanvasmm liblo
libmad libogg librdf librdf_raptor librdf_rasqal libsamplerate
libsigcxx libsndfile libusb libuuid libxml2 libxslt lilv lv2

101
pkgs/applications/audio/axoloti/default.nix Normal file
View File

@ -0,0 +1,101 @@
{ stdenv, fetchFromGitHub, fetchurl, makeWrapper, unzip
, gnumake, gcc-arm-embedded, dfu-util-axoloti, jdk, ant, libfaketime }:
stdenv.mkDerivation rec {
version = "1.0.12-1";
name = "axoloti-${version}";
src = fetchFromGitHub {
owner = "axoloti";
repo = "axoloti";
rev = "${version}";
sha256 = "13njmv8zac0kaaxgkv4y4zfjcclafn9cw0m8lj2k4926wnwjmf50";
};
chibi_version = "2.6.9";
chibi_name = "ChibiOS_${chibi_version}";
chibios = fetchurl {
url = "mirror://sourceforge/project/chibios/ChibiOS_RT%20stable/Version%20${chibi_version}/${chibi_name}.zip";
sha256 = "0lb5s8pkj80mqhsy47mmq0lqk34s2a2m3xagzihalvabwd0frhlj";
};
buildInputs = [ makeWrapper unzip gcc-arm-embedded dfu-util-axoloti jdk ant libfaketime ];
patchPhase = ''
unzip ${chibios}
mv ${chibi_name} chibios
(cd chibios/ext; unzip -q -o fatfs-0.9-patched.zip)
# Remove source of non-determinism in ChibiOS
substituteInPlace "chibios/os/various/shell.c" \
--replace "#ifdef __DATE__" "#if 0"
# Hardcode full path to compiler tools
for f in "firmware/Makefile.patch" \
"firmware/Makefile" \
"firmware/flasher/Makefile" \
"firmware/mounter/Makefile"; do
substituteInPlace "$f" \
--replace "arm-none-eabi-" "${gcc-arm-embedded}/bin/arm-none-eabi-"
done
# Hardcode path to "make"
for f in "firmware/compile_firmware_linux.sh" \
"firmware/compile_patch_linux.sh"; do
substituteInPlace "$f" \
--replace "make" "${gnumake}/bin/make"
done
# Hardcode dfu-util path
substituteInPlace "platform_linux/upload_fw_dfu.sh" \
--replace "/bin/dfu-util" ""
substituteInPlace "platform_linux/upload_fw_dfu.sh" \
--replace "./dfu-util" "${dfu-util-axoloti}/bin/dfu-util"
# Fix build version
substituteInPlace "build.xml" \
--replace "(git missing)" "${version}"
# Remove build time
substituteInPlace "build.xml" \
--replace "<tstamp>" ""
substituteInPlace "build.xml" \
--replace \
'<format property="build.time" pattern="dd/MM/yyyy HH:mm:ss z"/>' \
'<property name="build.time" value=""/>'
substituteInPlace "build.xml" \
--replace "</tstamp>" ""
substituteInPlace "build.xml" \
--replace \
'{line.separator}</echo>' \
'{line.separator}</echo> <touch file="src/main/java/axoloti/Version.java" millis="0" />'
'';
buildPhase = ''
find . -exec touch -d '1970-01-01 00:00' {} \;
(cd platform_linux; sh compile_firmware.sh)
faketime "1970-01-01 00:00:00" ant -Dbuild.runtime=true
'';
installPhase = ''
mkdir -p $out/bin $out/share/axoloti
cp -r doc firmware chibios platform_linux CMSIS *.txt $out/share/axoloti/
install -vD dist/Axoloti.jar $out/share/axoloti/
makeWrapper ${jdk}/bin/java $out/bin/axoloti --add-flags "-Daxoloti_release=$out/share/axoloti -Daxoloti_runtime=$out/share/axoloti -jar $out/share/axoloti/Axoloti.jar"
'';
meta = with stdenv.lib; {
homepage = http://www.axoloti.com;
description = ''
Sketching embedded digital audio algorithms.
To fix permissions of the Axoloti USB device node, add a similar udev rule to <literal>services.udev.extraRules</literal>:
<literal>SUBSYSTEM=="usb", ATTR{idVendor}=="16c0", ATTR{idProduct}=="0442", OWNER="someuser", GROUP="somegroup"</literal>
'';
license = licenses.gpl3;
maintainers = with maintainers; [ TealG ];
};
}

31
pkgs/applications/audio/axoloti/dfu-util.nix Normal file
View File

@ -0,0 +1,31 @@
{ stdenv, fetchurl, pkgconfig, libusb1-axoloti }:
stdenv.mkDerivation rec {
name="dfu-util-${version}";
version = "0.8";
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ libusb1-axoloti ];
src = fetchurl {
url = "http://dfu-util.sourceforge.net/releases/${name}.tar.gz";
sha256 = "0n7h08avlzin04j93m6hkq9id6hxjiiix7ff9gc2n89aw6dxxjsm";
};
meta = with stdenv.lib; {
description = "Device firmware update (DFU) USB programmer";
longDescription = ''
dfu-util is a program that implements the host (PC) side of the USB
DFU 1.0 and 1.1 (Universal Serial Bus Device Firmware Upgrade) protocol.
DFU is intended to download and upload firmware to devices connected over
USB. It ranges from small devices like micro-controller boards up to mobile
phones. With dfu-util you are able to download firmware to your device or
upload firmware from it.
'';
homepage = http://dfu-util.gnumonks.org/;
license = licenses.gpl2Plus;
platforms = platforms.unix;
maintainers = [ ];
};
}

38
pkgs/applications/audio/axoloti/libusb1.nix Normal file
View File

@ -0,0 +1,38 @@
{ stdenv, fetchurl, pkgconfig, systemd ? null, libobjc, IOKit, fetchpatch }:
stdenv.mkDerivation rec {
name = "libusb-1.0.19";
src = fetchurl {
url = "mirror://sourceforge/libusb/${name}.tar.bz2";
sha256 = "0h38p9rxfpg9vkrbyb120i1diq57qcln82h5fr7hvy82c20jql3c";
};
outputs = [ "out" "dev" ]; # get rid of propagating systemd closure
buildInputs = [ pkgconfig ];
propagatedBuildInputs =
stdenv.lib.optional stdenv.isLinux systemd ++
stdenv.lib.optionals stdenv.isDarwin [ libobjc IOKit ];
patches = [
(fetchpatch {
name = "libusb.stdfu.patch";
url = "https://raw.githubusercontent.com/axoloti/axoloti/1.0.12/platform_linux/src/libusb.stdfu.patch";
sha256 = "194j7j61i4q6x0ihm9ms8dxd4vliw20n2rj6cm9h17qzdl9xr33d";
})
];
NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isLinux "-lgcc_s";
preFixup = stdenv.lib.optionalString stdenv.isLinux ''
sed 's,-ludev,-L${systemd.lib}/lib -ludev,' -i $out/lib/libusb-1.0.la
'';
meta = {
homepage = http://www.libusb.info;
description = "User-space USB library";
platforms = stdenv.lib.platforms.unix;
maintainers = [ ];
};
}

Some files were not shown because too many files have changed in this diff Show More