Merge remote-tracking branch 'upstream/master' into hardened-stdenv

2025-07-12 05:16:25 +03:00 · 2016-05-30 19:39:34 +00:00 · 2016-05-30 19:39:34 +00:00 · 2d382f3d98
commit 2d382f3d98
parent 365379857f 2661511cdb
711 changed files with 49079 additions and 11672 deletions
--- a/nixos/modules/config/fonts/fontdir.nix
+++ b/nixos/modules/config/fonts/fontdir.nix
@ -4,47 +4,17 @@ with lib;

 let

-  fontDirs = config.fonts.fonts;
-
-  localDefs = with pkgs.builderDefs; pkgs.builderDefs.passthru.function rec {
-    src = "";/* put a fetchurl here */
-    buildInputs = [pkgs.xorg.mkfontdir pkgs.xorg.mkfontscale];
-    inherit fontDirs;
-    installPhase = fullDepEntry ("
-    list='';
-    for i in ${toString fontDirs} ; do
-      if [ -d \$i/ ]; then
-        list=\"\$list \$i\";
-      fi;
-    done
-    list=\$(find \$list -name fonts.dir -o -name '*.ttf' -o -name '*.otf');
-    fontDirs='';
-    for i in \$list ; do
-      fontDirs=\"\$fontDirs \$(dirname \$i)\";
-    done;
-    mkdir -p \$out/share/X11-fonts/;
-    find \$fontDirs -type f -o -type l | while read i; do
-      j=\"\${i##*/}\"
-      if ! test -e \"\$out/share/X11-fonts/\${j}\"; then
-        ln -s \"\$i\" \"\$out/share/X11-fonts/\${j}\";
-      fi;
-    done;
-    cd \$out/share/X11-fonts/
-    rm fonts.dir
-    rm fonts.scale
-    rm fonts.alias
-    mkfontdir
-    mkfontscale
-    cat \$( find ${pkgs.xorg.fontalias}/ -name fonts.alias) >fonts.alias
-  ") ["minInit" "addInputs"];
-  };
-
-  x11Fonts = with localDefs; stdenv.mkDerivation rec {
-    name = "X11-fonts";
-    builder = writeScript (name + "-builder")
-      (textClosure localDefs
-        [installPhase doForceShare doPropagate]);
-  };
+  x11Fonts = pkgs.runCommand "X11-fonts" { } ''
+    mkdir -p "$out/share/X11-fonts"
+    find ${toString config.fonts.fonts} \
+      \( -name fonts.dir -o -name '*.ttf' -o -name '*.otf' \) \
+      -exec ln -sf -t "$out/share/X11-fonts" '{}' \;
+    cd "$out/share/X11-fonts"
+    rm -f fonts.dir fonts.scale fonts.alias
+    ${pkgs.xorg.mkfontdir}/bin/mkfontdir
+    ${pkgs.xorg.mkfontscale}/bin/mkfontscale
+    cat $(find ${pkgs.xorg.fontalias}/ -name fonts.alias) >fonts.alias
+  '';

 in

@ -70,6 +40,8 @@ in

    environment.systemPackages = [ x11Fonts ];

+    environment.pathsToLink = [ "/share/X11-fonts" ];
+
  };

 }
--- a/nixos/modules/config/ldap.nix
+++ b/nixos/modules/config/ldap.nix
@ -192,7 +192,7 @@ in
    system.activationScripts = mkIf insertLdapPassword {
      ldap = stringAfter [ "etc" "groups" "users" ] ''
        if test -f "${cfg.bind.password}" ; then
-          echo "bindpw "$(cat ${cfg.bind.password})"" | cat ${ldapConfig} - > /etc/ldap.conf.bindpw
+          echo "bindpw "$(cat ${cfg.bind.password})"" | cat ${ldapConfig.source} - > /etc/ldap.conf.bindpw
          mv -fT /etc/ldap.conf.bindpw /etc/ldap.conf
          chmod 600 /etc/ldap.conf
        fi
--- a/nixos/modules/config/networking.nix
+++ b/nixos/modules/config/networking.nix
@ -11,6 +11,9 @@ let
                   config.services.dnsmasq.resolveLocalQueries;
  hasLocalResolver = config.services.bind.enable || dnsmasqResolve;

+  resolvconfOptions = cfg.resolvconfOptions
+    ++ optional cfg.dnsSingleRequest "single-request"
+    ++ optional cfg.dnsExtensionMechanism "ends0";
 in

 {
@ -59,6 +62,14 @@ in
      '';
    };

+    networking.resolvconfOptions = lib.mkOption {
+      type = types.listOf types.str;
+      default = [];
+      example = [ "ndots:1" "rotate" ];
+      description = ''
+        Set the options in <filename>/etc/resolv.conf</filename>.
+      '';
+    };

    networking.proxy = {

@ -171,12 +182,9 @@ in
              # Invalidate the nscd cache whenever resolv.conf is
              # regenerated.
              libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service 2> /dev/null'
-            '' + optionalString cfg.dnsSingleRequest ''
-              # only send one DNS request at a time
-              resolv_conf_options+=' single-request'
-            '' + optionalString cfg.dnsExtensionMechanism ''
-              # enable extension mechanisms for DNS
-              resolv_conf_options+=' edns0'
+            '' + optionalString (length resolvconfOptions > 0) ''
+              # Options as described in resolv.conf(5)
+              resolv_conf_options='${concatStringsSep " " resolvconfOptions}'
            '' + optionalString hasLocalResolver ''
              # This hosts runs a full-blown DNS resolver.
              name_servers='127.0.0.1'
--- a/nixos/modules/config/shells-environment.nix
+++ b/nixos/modules/config/shells-environment.nix
@ -150,10 +150,6 @@ in

    system.build.binsh = pkgs.bashInteractive;

-    # Ensure TERMINFO is set appropriately *before* user shells are run,
-    # as they may depend on it
-    environment.sessionVariables.TERMINFO = "/run/current-system/sw/share/terminfo";
-
    # Set session variables in the shell as well. This is usually
    # unnecessary, but it allows changes to session variables to take
    # effect without restarting the session (e.g. by opening a new