movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-02 22:10:08 +03:00
Code Activity

Merge branch 'master' into closure-size

Browse source 
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
This commit is contained in:
Vladimír Čunát 2016-04-01 10:06:01 +02:00
commit ab15a62c68
1108 changed files with 76254 additions and 11297 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nixos/modules/config/gnu.nix
View file

@ -37,7 +37,6 @@ with lib;
services.openssh.enable = false;
services.lshd.enable = true;
programs.ssh.startAgent = false;
services.xserver.startGnuPGAgent = true;
# TODO: GNU dico.
# TODO: GNU Inetutils' inetd.

2
nixos/modules/config/krb5.nix
View file

@ -32,7 +32,7 @@ in
kdc = mkOption {
default = "kerberos.mit.edu";
description = "Kerberos Domain Controller.";
description = "Key Distribution Center";
};
kerberosAdminServer = mkOption {

2
nixos/modules/hardware/opengl.nix
View file

@ -103,7 +103,7 @@ in
hardware.opengl.extraPackages32 = mkOption {
type = types.listOf types.package;
default = [];
example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
example = literalExample "with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
description = ''
Additional packages to add to 32-bit OpenGL drivers on
64-bit systems. Used when <option>driSupport32Bit</option> is

2
nixos/modules/hardware/video/nvidia.nix
View file

@ -14,6 +14,8 @@ let
nvidiaForKernel = kernelPackages:
if elem "nvidia" drivers then
kernelPackages.nvidia_x11
else if elem "nvidiaBeta" drivers then
kernelPackages.nvidia_x11_beta
else if elem "nvidiaLegacy173" drivers then
kernelPackages.nvidia_x11_legacy173
else if elem "nvidiaLegacy304" drivers then

7
nixos/modules/misc/ids.nix
View file

@ -176,7 +176,6 @@
seeks = 148;
prosody = 149;
i2pd = 150;
dnscrypt-proxy = 151;
systemd-network = 152;
systemd-resolve = 153;
systemd-timesync = 154;
@ -254,6 +253,10 @@
octoprint = 230;
avahi-autoipd = 231;
nntp-proxy = 232;
mjpg-streamer = 233;
radicale = 234;
hydra-queue-runner = 235;
hydra-www = 236;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -410,7 +413,6 @@
seeks = 148;
prosody = 149;
i2pd = 150;
dnscrypt-proxy = 151;
systemd-network = 152;
systemd-resolve = 153;
systemd-timesync = 154;
@ -482,6 +484,7 @@
cfdyndns = 227;
pdnsd = 229;
octoprint = 230;
radicale = 234;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

2
nixos/modules/misc/version.nix
View file

@ -104,7 +104,7 @@ in
nixosVersion = mkDefault (maybeEnv "NIXOS_VERSION" (cfg.nixosRelease + cfg.nixosVersionSuffix));
# Note: code names must only increase in alphabetical order.
nixosCodeName = "Emu";
nixosCodeName = "Flounder";
};
# Generate /etc/os-release. See

6
nixos/modules/module-list.nix
View file

@ -77,6 +77,7 @@
./programs/shell.nix
./programs/ssh.nix
./programs/ssmtp.nix
./programs/tmux.nix
./programs/venus.nix
./programs/wvdial.nix
./programs/xfs_quota.nix
@ -114,6 +115,7 @@
./services/backup/rsnapshot.nix
./services/backup/sitecopy-backup.nix
./services/backup/tarsnap.nix
./services/backup/znapzend.nix
./services/cluster/fleet.nix
./services/cluster/kubernetes.nix
./services/cluster/panamax.nix
@ -176,6 +178,7 @@
./services/hardware/udisks2.nix
./services/hardware/upower.nix
./services/hardware/thermald.nix
./services/logging/awstats.nix
./services/logging/fluentd.nix
./services/logging/klogd.nix
./services/logging/logcheck.nix
@ -219,6 +222,7 @@
./services/misc/gitolite.nix
./services/misc/gpsd.nix
./services/misc/ihaskell.nix
./services/misc/mantisbt.nix
./services/misc/mathics.nix
./services/misc/matrix-synapse.nix
./services/misc/mbpfan.nix
@ -329,6 +333,7 @@
./services/networking/lambdabot.nix
./services/networking/libreswan.nix
./services/networking/mailpile.nix
./services/networking/mjpg-streamer.nix
./services/networking/minidlna.nix
./services/networking/miniupnpd.nix
./services/networking/mstpd.nix
@ -439,6 +444,7 @@
./services/web-servers/varnish/default.nix
./services/web-servers/winstone.nix
./services/web-servers/zope2.nix
./services/x11/colord.nix
./services/x11/unclutter.nix
./services/x11/desktop-managers/default.nix
./services/x11/display-managers/auto.nix

1
nixos/modules/profiles/base.nix
View file

@ -17,7 +17,6 @@
pkgs.ddrescue
pkgs.ccrypt
pkgs.cryptsetup # needed for dm-crypt volumes
pkgs.which # 88K size
# Some networking tools.
pkgs.fuse

2
nixos/modules/programs/bash/bash.nix
View file

@ -56,7 +56,7 @@ in
*/
shellAliases = mkOption {
default = config.environment.shellAliases;
default = config.environment.shellAliases // { which = "type -P"; };
description = ''
Set of aliases for bash shell. See <option>environment.shellAliases</option>
for an option format description.

35
nixos/modules/programs/tmux.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, pkgs, lib, ... }:
let
inherit (lib) mkOption mkEnableOption mkIf mkMerge types;
cfg = config.programs.tmux;
in
{
###### interface
options = {
programs.tmux = {
enable = mkEnableOption "<command>tmux</command> - a <command>screen</command> replacement.";
tmuxconf = mkOption {
default = "";
description = ''
The contents of /etc/tmux.conf
'';
type = types.lines;
};
};
};
###### implementation
config = mkIf cfg.enable {
environment = {
systemPackages = [ pkgs.tmux ];
etc."tmux.conf".text = cfg.tmuxconf;
};
};
}

4
nixos/modules/programs/virtualbox.nix
View file

@ -1,8 +1,8 @@
let
msg = "Importing <nixpkgs/nixos/modules/programs/virtualbox.nix> is "
+ "deprecated, please use `services.virtualboxHost.enable = true' "
+ "deprecated, please use `virtualisation.virtualbox.host.enable = true' "
+ "instead.";
in {
config.warnings = [ msg ];
config.services.virtualboxHost.enable = true;
config.virtualisation.virtualbox.host.enable = true;
}

4
nixos/modules/rename.nix
View file

@ -98,6 +98,9 @@ with lib;
(mkRenamedOptionModule [ "services" "hostapd" "extraCfg" ] [ "services" "hostapd" "extraConfig" ])
# Enlightenment
(mkRenamedOptionModule [ "services" "xserver" "desktopManager" "e19" "enable" ] [ "services" "xserver" "desktopManager" "enlightenment" "enable" ])
# Options that are obsolete and have no replacement.
(mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ])
(mkRemovedOptionModule [ "programs" "bash" "enable" ])
@ -108,6 +111,7 @@ with lib;
(mkRemovedOptionModule [ "services" "openvpn" "enable" ])
(mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ])
(mkRemovedOptionModule [ "services" "printing" "cupsdConf" ])
(mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ])
];
}

29
nixos/modules/security/grsecurity.nix
View file

@ -26,19 +26,11 @@ in
'';
};
stable = mkOption {
type = types.bool;
default = false;
kernelPatch = mkOption {
type = types.attrs;
example = lib.literalExample "pkgs.kernelPatches.grsecurity_4_1";
description = ''
Enable the stable grsecurity patch, based on Linux 3.14.
'';
};
testing = mkOption {
type = types.bool;
default = false;
description = ''
Enable the testing grsecurity patch, based on Linux 4.0.
Grsecurity patch to use.
'';
};
@ -219,16 +211,7 @@ in
config = mkIf cfg.enable {
assertions =
[ { assertion = cfg.stable || cfg.testing;
message = ''
If grsecurity is enabled, you must select either the
stable patch (with kernel 3.14), or the testing patch (with
kernel 4.0) to continue.
'';
}
{ assertion = !(cfg.stable && cfg.testing);
message = "Select either one of the stable or testing patch";
}
[
{ assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) ||
(cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc);
message = "You cannot enable both restrictProc and restrictProcWithGroup";
@ -247,6 +230,8 @@ in
}
];
security.grsecurity.kernelPatch = lib.mkDefault pkgs.kernelPatches.grsecurity_latest;
systemd.services.grsec-lock = mkIf cfg.config.sysctl {
description = "grsecurity sysctl-lock Service";
requires = [ "systemd-sysctl.service" ];

8
nixos/modules/services/backup/crashplan.nix
View file

@ -48,6 +48,14 @@ with lib;
ensureDir ${crashplan.vardir}/cache 700
ensureDir ${crashplan.vardir}/backupArchives 700
ensureDir ${crashplan.vardir}/log 777
cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf
for x in app.asar bin EULA.txt install.vars lang lib libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libmd564.so libmd5.so share skin upgrade; do
if [ -e $x ]; then
true;
else
ln -s ${crashplan}/$x ${crashplan.vardir}/$x;
fi;
done
'';
serviceConfig = {

2
nixos/modules/services/backup/tarsnap.nix
View file

@ -293,7 +293,7 @@ in
# make sure that the tarsnap server is reachable after systemd starts up
# the service - therefore we sleep in a loop until we can ping the
# endpoint.
preStart = "while ! ping -q -c 1 betatest-server.tarsnap.com &> /dev/null; do sleep 3; done";
preStart = "while ! ping -q -c 1 v1-0-0-server.tarsnap.com &> /dev/null; do sleep 3; done";
scriptArgs = "%i";
script = ''
mkdir -p -m 0755 ${dirOf cfg.cachedir}

36
nixos/modules/services/backup/znapzend.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.znapzend;
in
{
options = {
services.znapzend = {
enable = mkEnableOption "ZnapZend daemon";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.znapzend ];
systemd.services = {
"znapzend" = {
description = "ZnapZend - ZFS Backup System";
after = [ "zfs.target" ];
path = with pkgs; [ znapzend zfs mbuffer openssh ];
script = ''
znapzend
'';
reload = ''
/bin/kill -HUP $MAINPID
'';
};
};
};
}

123
nixos/modules/services/logging/awstats.nix Normal file
View file

@ -0,0 +1,123 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.awstats;
package = pkgs.awstats;
in
{
options.services.awstats = {
enable = mkOption {
type = types.bool;
default = cfg.service.enable;
description = ''
Enable the awstats program (but not service).
Currently only simple httpd (Apache) configs are supported,
and awstats plugins may not work correctly.
'';
};
vardir = mkOption {
type = types.path;
default = "/var/lib/awstats";
description = "The directory where variable awstats data will be stored.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra configuration to be appendend to awstats.conf.";
};
updateAt = mkOption {
type = types.nullOr types.string;
default = null;
example = "hourly";
description = ''
Specification of the time at which awstats will get updated.
(in the format described by <citerefentry>
<refentrytitle>systemd.time</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>)
'';
};
service = {
enable = mkOption {
type = types.bool;
default = false;
description = ''Enable the awstats web service. This switches on httpd.'';
};
urlPrefix = mkOption {
type = types.string;
default = "/awstats";
description = "The URL prefix under which the awstats service appears.";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ package.bin ];
/* TODO:
- heed config.services.httpd.logPerVirtualHost, etc.
- Can't AllowToUpdateStatsFromBrowser, as CGI scripts don't have permission
to read the logs, and our httpd config apparently doesn't an option for that.
*/
environment.etc."awstats/awstats.conf".source = pkgs.runCommand "awstats.conf"
{ preferLocalBuild = true; }
( let
cfg-httpd = config.services.httpd;
logFormat =
if cfg-httpd.logFormat == "combined" then "1" else
if cfg-httpd.logFormat == "common" then "4" else
throw "awstats service doesn't support Apache log format `${cfg-httpd.logFormat}`";
in
''
sed \
-e 's|^\(DirData\)=.*$|\1="${cfg.vardir}"|' \
-e 's|^\(DirIcons\)=.*$|\1="icons"|' \
-e 's|^\(CreateDirDataIfNotExists\)=.*$|\1=1|' \
-e 's|^\(SiteDomain\)=.*$|\1="${cfg-httpd.hostName}"|' \
-e 's|^\(LogFile\)=.*$|\1="${cfg-httpd.logDir}/access_log"|' \
-e 's|^\(LogFormat\)=.*$|\1=${logFormat}|' \
< '${package.out}/wwwroot/cgi-bin/awstats.model.conf' > "$out"
echo '${cfg.extraConfig}' >> "$out"
'');
# The httpd sub-service showing awstats.
services.httpd.enable = mkIf cfg.service.enable true;
services.httpd.extraSubservices = mkIf cfg.service.enable [ { function = { serverInfo, ... }: {
extraConfig =
''
Alias ${cfg.service.urlPrefix}/classes "${package.out}/wwwroot/classes/"
Alias ${cfg.service.urlPrefix}/css "${package.out}/wwwroot/css/"
Alias ${cfg.service.urlPrefix}/icons "${package.out}/wwwroot/icon/"
ScriptAlias ${cfg.service.urlPrefix}/ "${package.out}/wwwroot/cgi-bin/"
<Directory "${package.out}/wwwroot">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
'';
startupScript =
let
inherit (serverInfo.serverConfig) user group;
in pkgs.writeScript "awstats_startup.sh"
''
mkdir -p '${cfg.vardir}'
chown '${user}:${group}' '${cfg.vardir}'
'';
};}];
systemd.services.awstats-update = mkIf (cfg.updateAt != null) {
description = "awstats log collector";
script = "exec '${package.bin}/bin/awstats' -update -config=awstats.conf";
startAt = cfg.updateAt;
};
};
}

4
nixos/modules/services/mail/dovecot.nix
View file

@ -98,8 +98,8 @@ in
package = mkOption {
type = types.package;
default = pkgs.dovecot22;
defaultText = "pkgs.dovecot22";
default = pkgs.dovecot;
defaultText = "pkgs.dovecot";
description = "Dovecot package to use.";
};

3
nixos/modules/services/mail/dspam.nix
View file

@ -104,6 +104,7 @@ in {
systemd.services.dspam = {
description = "dspam spam filtering daemon";
wantedBy = [ "multi-user.target" ];
after = [ "postgresql.service" ];
restartTriggers = [ cfgfile ];
serviceConfig = {
@ -114,7 +115,7 @@ in {
RuntimeDirectoryMode = optional (cfg.domainSocket == defaultSock) "0750";
PermissionsStartOnly = true;
# DSPAM segfaults on just about every error
Restart = "on-failure";
Restart = "on-abort";
RestartSec = "1s";
};

4
nixos/modules/services/mail/mail.nix
View file

@ -12,9 +12,9 @@ with lib;
sendmailSetuidWrapper = mkOption {
default = null;
internal = true;
description = ''
Configuration for the sendmail setuid wrwapper (like an element of
security.setuidOwners)";
Configuration for the sendmail setuid wapper.
'';
};

2
nixos/modules/services/mail/postfix.nix
View file

@ -27,7 +27,7 @@ let
mainCf =
''
compatibility_level = 2
compatibility_level = 9999
mail_owner = ${user}
default_privs = nobody

5
nixos/modules/services/misc/autofs.nix
View file

@ -79,6 +79,11 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
# There should be only one autofs service managed by systemd, so this should be safe.
rm -f /tmp/autofs-running
'';
serviceConfig = {
ExecStart = "${pkgs.autofs5}/sbin/automount ${if cfg.debug then "-d" else ""} -f -t ${builtins.toString cfg.timeout} ${autoMaster} ${if cfg.debug then "-l7" else ""}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";

1
nixos/modules/services/misc/etcd.nix
View file

@ -114,6 +114,7 @@ in {
}) // (mapAttrs' (n: v: nameValuePair "ETCD_${n}" v) cfg.extraConf);
serviceConfig = {
Type = "notify";
ExecStart = "${pkgs.etcd}/bin/etcd";
User = "etcd";
PermissionsStartOnly = true;

8
nixos/modules/services/misc/gitlab.nix
View file

@ -206,12 +206,6 @@ in {
description = "Gitlab database user.";
};
emailFrom = mkOption {
type = types.str;
default = "example@example.org";
description = "The source address for emails sent by gitlab.";
};
host = mkOption {
type = types.str;
default = config.networking.hostName;
@ -328,7 +322,7 @@ in {
Group = cfg.group;
TimeoutSec = "300";
WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailer -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\"";
ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailers -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\"";
};
};

68
nixos/modules/services/misc/mantisbt.nix Normal file
View file

@ -0,0 +1,68 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.mantisbt;
freshInstall = cfg.extraConfig == "";
# combined code+config directory
mantisbt = let
config_inc = pkgs.writeText "config_inc.php" ("<?php\n" + cfg.extraConfig);
src = pkgs.fetchurl {
url = "mirror://sourceforge/mantisbt/${name}.tar.gz";
sha256 = "1pl6xn793p3mxc6ibpr2bhg85vkdlcf57yk7pfc399g47l8x4508";
};
name = "mantisbt-1.2.19";
in
# We have to copy every time; otherwise config won't be found.
pkgs.runCommand name
{ preferLocalBuild = true; allowSubstitutes = false; }
(''
mkdir -p "$out"
cd "$out"
tar -xf '${src}' --strip-components=1
ln -s '${config_inc}' config_inc.php
''
+ lib.optionalString (!freshInstall) "rm -r admin/"
);
in
{
options.services.mantisbt = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable the mantisbt web service.
This switches on httpd with PHP and database.
'';
};
urlPrefix = mkOption {
type = types.string;
default = "/mantisbt";
description = "The URL prefix under which the mantisbt service appears.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
The contents of config_inc.php, without leading &lt;?php.
If left empty, the admin directory will be accessible.
'';
};
};
config = mkIf cfg.enable {
services.mysql.enable = true;
services.httpd.enable = true;
services.httpd.enablePHP = true;
# The httpd sub-service showing mantisbt.
services.httpd.extraSubservices = [ { function = { ... }: {
extraConfig =
''
Alias ${cfg.urlPrefix} "${mantisbt}"
'';
};}];
};
}

16
nixos/modules/services/misc/nix-daemon.nix
View file

@ -39,7 +39,7 @@ let
build-users-group = nixbld
build-max-jobs = ${toString (cfg.maxJobs)}
build-cores = ${toString (cfg.buildCores)}
build-use-chroot = ${if cfg.useChroot then "true" else "false"}
build-use-chroot = ${if (builtins.isBool cfg.useChroot) then (if cfg.useChroot then "true" else "false") else cfg.useChroot}
build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
binary-caches = ${toString cfg.binaryCaches}
trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
@ -99,7 +99,7 @@ in
};
useChroot = mkOption {
type = types.bool;
type = types.either types.bool (types.enum ["relaxed"]);
default = false;
description = "
If set, Nix will perform builds in a chroot-environment that it
@ -257,13 +257,11 @@ in
type = types.bool;
default = true;
description = ''
If enabled, Nix will only download binaries from binary
caches if they are cryptographically signed with any of the
keys listed in
<option>nix.binaryCachePublicKeys</option>. If disabled (the
default), signatures are neither required nor checked, so
it's strongly recommended that you use only trustworthy
caches and https to prevent man-in-the-middle attacks.
If enabled (the default), Nix will only download binaries from binary caches if
they are cryptographically signed with any of the keys listed in
<option>nix.binaryCachePublicKeys</option>. If disabled, signatures are neither
required nor checked, so it's strongly recommended that you use only
trustworthy caches and https to prevent man-in-the-middle attacks.
'';
};

15
nixos/modules/services/misc/octoprint.nix
View file

@ -6,12 +6,16 @@ let
cfg = config.services.octoprint;
cfgUpdate = pkgs.writeText "octoprint-config.yaml" (builtins.toJSON {
baseConfig = {
plugins.cura.cura_engine = "${pkgs.curaengine}/bin/CuraEngine";
server.host = cfg.host;
server.port = cfg.port;
webcam.ffmpeg = "${pkgs.ffmpeg}/bin/ffmpeg";
});
};
fullConfig = recursiveUpdate cfg.extraConfig baseConfig;
cfgUpdate = pkgs.writeText "octoprint-config.yaml" (builtins.toJSON fullConfig);
pluginsEnv = pkgs.python.buildEnv.override {
extraLibs = cfg.plugins pkgs.octoprint-plugins;
@ -62,13 +66,18 @@ in
};
plugins = mkOption {
#type = types.functionTo (types.listOf types.package);
default = plugins: [];
defaultText = "plugins: []";
example = literalExample "plugins: [ m3d-fio ]";
description = "Additional plugins.";
};
extraConfig = mkOption {
type = types.attrs;
default = {};
description = "Extra options which are added to OctoPrint's YAML configuration file.";
};
};
};

29
nixos/modules/services/monitoring/graphite.nix
View file

@ -51,7 +51,13 @@ let
'';
carbonEnv = {
PYTHONPATH = "${pkgs.python27Packages.carbon}/lib/python2.7/site-packages";
PYTHONPATH = let
cenv = pkgs.python.buildEnv.override {
extraLibs = [ pkgs.python27Packages.carbon ];
};
cenvPack = "${cenv}/${pkgs.python.sitePackages}";
# opt/graphite/lib contains twisted.plugins.carbon-cache
in "${cenvPack}/opt/graphite/lib:${cenvPack}";
GRAPHITE_ROOT = dataDir;
GRAPHITE_CONF_DIR = configDir;
GRAPHITE_STORAGE_DIR = dataDir;
@ -445,10 +451,21 @@ in {
after = [ "network-interfaces.target" ];
path = [ pkgs.perl ];
environment = {
PYTHONPATH = "${pkgs.python27Packages.graphite_web}/lib/python2.7/site-packages";
PYTHONPATH = let
penv = pkgs.python.buildEnv.override {
extraLibs = [
pkgs.python27Packages.graphite_web
pkgs.python27Packages.pysqlite
];
};
penvPack = "${penv}/${pkgs.python.sitePackages}";
# opt/graphite/webapp contains graphite/settings.py
# explicitly adding pycairo in path because it cannot be imported via buildEnv
in "${penvPack}/opt/graphite/webapp:${penvPack}:${pkgs.pycairo}/${pkgs.python.sitePackages}";
DJANGO_SETTINGS_MODULE = "graphite.settings";
GRAPHITE_CONF_DIR = configDir;
GRAPHITE_STORAGE_DIR = dataDir;
LD_LIBRARY_PATH = "${pkgs.cairo}/lib";
};
serviceConfig = {
ExecStart = ''
@ -486,9 +503,11 @@ in {
wantedBy = [ "multi-user.target" ];
after = [ "network-interfaces.target" ];
environment = {
PYTHONPATH =
"${cfg.api.package}/lib/python2.7/site-packages:" +
concatMapStringsSep ":" (f: f + "/lib/python2.7/site-packages") cfg.api.finders;
PYTHONPATH = let
aenv = pkgs.python.buildEnv.override {
extraLibs = [ cfg.api.package pkgs.cairo ] ++ cfg.api.finders;
};
in "${aenv}/${pkgs.python.sitePackages}";
GRAPHITE_API_CONFIG = graphiteApiConfig;
LD_LIBRARY_PATH = "${pkgs.cairo.out}/lib";
};

98
nixos/modules/services/networking/dnscrypt-proxy.nix
View file

@ -5,13 +5,17 @@ let
apparmorEnabled = config.security.apparmor.enable;
dnscrypt-proxy = pkgs.dnscrypt-proxy;
cfg = config.services.dnscrypt-proxy;
resolverListFile = "${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv";
localAddress = "${cfg.localAddress}:${toString cfg.localPort}";
daemonArgs =
[ "--local-address=${localAddress}"
(optionalString cfg.tcpOnly "--tcp-only")
(optionalString cfg.ephemeralKeys "-E")
]
++ resolverArgs;
resolverArgs = if (cfg.customResolver != null)
then
[ "--resolver-address=${cfg.customResolver.address}:${toString cfg.customResolver.port}"
@ -27,43 +31,63 @@ in
{
options = {
services.dnscrypt-proxy = {
enable = mkEnableOption ''
Enable dnscrypt-proxy. The proxy relays regular DNS queries to a
DNSCrypt enabled upstream resolver. The traffic between the
client and the upstream resolver is encrypted and authenticated,
which may mitigate the risk of MITM attacks and third-party
enable = mkEnableOption "dnscrypt-proxy" // { description = ''
Whether to enable the DNSCrypt client proxy. The proxy relays
DNS queries to a DNSCrypt enabled upstream resolver. The traffic
between the client and the upstream resolver is encrypted and
authenticated, mitigating the risk of MITM attacks and third-party
snooping (assuming the upstream is trustworthy).
'';
Enabling this option does not alter the system nameserver; to relay
local queries, prepend <literal>127.0.0.1</literal> to
<option>networking.nameservers</option>.
The recommended configuration is to run DNSCrypt proxy as a forwarder
for a caching DNS client, as in
<programlisting>
{
services.dnscrypt-proxy.enable = true;
services.dnscrypt-proxy.localPort = 43;
services.dnsmasq.enable = true;
services.dnsmasq.servers = [ "127.0.0.1#43" ];
services.dnsmasq.resolveLocalQueries = true; # this is the default
}
</programlisting>
''; };
localAddress = mkOption {
default = "127.0.0.1";
type = types.string;
description = ''
Listen for DNS queries on this address.
Listen for DNS queries to relay on this address. The only reason to
change this from its default value is to proxy queries on behalf
of other machines (typically on the local network).
'';
};
localPort = mkOption {
default = 53;
type = types.int;
description = ''
Listen on this port.
Listen for DNS queries to relay on this port. The default value
assumes that the DNSCrypt proxy should relay DNS queries directly.
When running as a forwarder for another DNS client, set this option
to a different value; otherwise leave the default.
'';
};
resolverName = mkOption {
default = "opendns";
default = "dnscrypt.eu-nl";
type = types.nullOr types.string;
description = ''
The name of the upstream DNSCrypt resolver to use. See
<literal>${resolverListFile}</literal> for alternative resolvers
(e.g., if you are concerned about logging and/or server
location).
<filename>${resolverListFile}</filename> for alternative resolvers.
The default resolver is located in Holland, supports DNS security
extensions, and claims to not keep logs.
'';
};
customResolver = mkOption {
default = null;
description = ''
Use a resolver not listed in the upstream list (e.g.,
a private DNSCrypt provider). For advanced users only.
If specified, this option takes precedence.
Use an unlisted resolver (e.g., a private DNSCrypt provider). For
advanced users only. If specified, this option takes precedence.
'';
type = types.nullOr (types.submodule ({ ... }: { options = {
address = mkOption {
@ -80,20 +104,31 @@ in
type = types.str;
description = "Provider fully qualified domain name";
example = "2.dnscrypt-cert.opendns.com";
};
key = mkOption {
type = types.str;
description = "Provider public key";
example = "B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79";
}; }; }));
};
key = mkOption {
type = types.str;
description = "Provider public key";
example = "B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79";
};
}; }));
};
tcpOnly = mkOption {
default = false;
type = types.bool;
description = ''
Force sending encrypted DNS queries to the upstream resolver
over TCP instead of UDP (on port 443). Enabling this option may
help circumvent filtering, but should not be used otherwise.
Force sending encrypted DNS queries to the upstream resolver over
TCP instead of UDP (on port 443). Use only if the UDP port is blocked.
'';
};
ephemeralKeys = mkOption {
default = false;
type = types.bool;
description = ''
Compute a new key pair for every query. Enabling this option
increases CPU usage, but makes it more difficult for the upstream
resolver to track your usage of their service across IP addresses.
The default is to re-use the public key pair for all queries, making
tracking trivial.
'';
};
};
@ -130,16 +165,20 @@ in
${pkgs.xz.out}/lib/liblzma.so.* mr,
${pkgs.libgcrypt.out}/lib/libgcrypt.so.* mr,
${pkgs.libgpgerror.out}/lib/libgpg-error.so.* mr,
${pkgs.libcap}/lib/libcap.so.* mr,
${pkgs.lz4}/lib/liblz4.so.* mr,
${pkgs.attr}/lib/libattr.so.* mr,
${resolverListFile} r,
}
''));
users.extraUsers.dnscrypt-proxy = {
uid = config.ids.uids.dnscrypt-proxy;
users.users.dnscrypt-proxy = {
description = "dnscrypt-proxy daemon user";
isSystemUser = true;
group = "dnscrypt-proxy";
};
users.extraGroups.dnscrypt-proxy.gid = config.ids.gids.dnscrypt-proxy;
users.groups.dnscrypt-proxy = {};
systemd.sockets.dnscrypt-proxy = {
description = "dnscrypt-proxy listening socket";
@ -152,16 +191,21 @@ in
systemd.services.dnscrypt-proxy = {
description = "dnscrypt-proxy daemon";
after = [ "network.target" ] ++ optional apparmorEnabled "apparmor.service";
requires = [ "dnscrypt-proxy.socket "] ++ optional apparmorEnabled "apparmor.service";
serviceConfig = {
Type = "simple";
NonBlocking = "true";
ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}";
User = "dnscrypt-proxy";
Group = "dnscrypt-proxy";
PrivateTmp = true;
PrivateDevices = true;
ProtectHome = true;
};
};
};

2
nixos/modules/services/networking/firewall.nix
View file

@ -338,7 +338,7 @@ in
};
networking.firewall.allowPing = mkOption {
default = false;
default = true;
type = types.bool;
description =
''

10
nixos/modules/services/networking/i2pd.nix
View file

@ -10,9 +10,10 @@ let
extip = "EXTIP=\$(${pkgs.curl.bin}/bin/curl -sf \"http://jsonip.com\" | ${pkgs.gawk}/bin/awk -F'\"' '{print $4}')";
toOneZero = b: if b then "1" else "0";
toYesNo = b: if b then "yes" else "no";
mkEndpointOpt = name: addr: port: {
enable = mkEnableOption name;
name = mkOption {
type = types.str;
default = name;
@ -63,9 +64,9 @@ let
} // mkEndpointOpt name "127.0.0.1" 0;
i2pdConf = pkgs.writeText "i2pd.conf" ''
ipv6 = ${toOneZero cfg.enableIPv6}
notransit = ${toOneZero cfg.notransit}
floodfill = ${toOneZero cfg.floodfill}
ipv6 = ${toYesNo cfg.enableIPv6}
notransit = ${toYesNo cfg.notransit}
floodfill = ${toYesNo cfg.floodfill}
${if isNull cfg.port then "" else "port = ${toString cfg.port}"}
${flip concatMapStrings
(collect (proto: proto ? port && proto ? address && proto ? name) cfg.proto)
@ -73,6 +74,7 @@ let
[${proto.name}]
address = ${proto.address}
port = ${toString proto.port}
enabled = ${toYesNo proto.enable}
'')
}
'';

3
nixos/modules/services/networking/iodined.nix
View file

@ -64,8 +64,7 @@ in
systemd.services.iodined = {
description = "iodine, ip over dns daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
wantedBy = [ "ip-up.target" ];
serviceConfig.ExecStart = "${pkgs.iodine}/sbin/iodined -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.ip} ${cfg.domain}";
};

75
nixos/modules/services/networking/mjpg-streamer.nix Normal file
View file

@ -0,0 +1,75 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.mjpg-streamer;
in {
options = {
services.mjpg-streamer = {
enable = mkEnableOption "mjpg-streamer webcam streamer";
inputPlugin = mkOption {
type = types.str;
default = "input_uvc.so";
description = ''
Input plugin. See plugins documentation for more information.
'';
};
outputPlugin = mkOption {
type = types.str;
default = "output_http.so -w @www@ -n -p 5050";
description = ''
Output plugin. <literal>@www@</literal> is substituted for default mjpg-streamer www directory.
See plugins documentation for more information.
'';
};
user = mkOption {
type = types.str;
default = "mjpg-streamer";
description = "mjpg-streamer user name.";
};
group = mkOption {
type = types.str;
default = "video";
description = "mjpg-streamer group name.";
};
};
};
config = mkIf cfg.enable {
users.extraUsers = optional (cfg.user == "mjpg-streamer") {
name = "mjpg-streamer";
uid = config.ids.uids.mjpg-streamer;
group = cfg.group;
};
systemd.services.mjpg-streamer = {
description = "mjpg-streamer webcam streamer";
wantedBy = [ "multi-user.target" ];
serviceConfig.User = cfg.user;
serviceConfig.Group = cfg.group;
script = ''
IPLUGIN="${cfg.inputPlugin}"
OPLUGIN="${cfg.outputPlugin}"
OPLUGIN="''${OPLUGIN//@www@/${pkgs.mjpg-streamer}/share/mjpg-streamer/www}"
exec ${pkgs.mjpg-streamer}/bin/mjpg_streamer -i "$IPLUGIN" -o "$OPLUGIN"
'';
};
};
}

15
nixos/modules/services/networking/radicale.nix
View file

@ -35,12 +35,27 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.pythonPackages.radicale ];
users.extraUsers = singleton
{ name = "radicale";
uid = config.ids.uids.radicale;
description = "radicale user";
home = "/var/lib/radicale";
createHome = true;
};
users.extraGroups = singleton
{ name = "radicale";
gid = config.ids.gids.radicale;
};
systemd.services.radicale = {
description = "A Simple Calendar and Contact Server";
after = [ "network-interfaces.target" ];
wantedBy = [ "multi-user.target" ];
script = "${pkgs.pythonPackages.radicale}/bin/radicale -C ${confFile} -d";
serviceConfig.Type = "forking";
serviceConfig.User = "radicale";
serviceConfig.Group = "radicale";
};
};
}

9
nixos/modules/services/networking/vsftpd.nix
View file

@ -85,6 +85,9 @@ let
ssl_enable=YES
rsa_cert_file=${cfg.rsaCertFile}
''}
${optionalString (cfg.rsaKeyFile != null) ''
rsa_private_key_file=${cfg.rsaKeyFile}
''}
${optionalString (cfg.userlistFile != null) ''
userlist_file=${cfg.userlistFile}
''}
@ -147,6 +150,12 @@ in
description = "RSA certificate file.";
};
rsaKeyFile = mkOption {
type = types.nullOr types.path;
default = null;
description = "RSA private key file.";
};
anonymousUmask = mkOption {
type = types.string;
default = "077";

2
nixos/modules/services/networking/wpa_supplicant.nix
View file

@ -125,10 +125,12 @@ in {
# FIXME: start a separate wpa_supplicant instance per interface.
systemd.services.wpa_supplicant = let
ifaces = cfg.interfaces;
deviceUnit = interface: [ "sys-subsystem-net-devices-${interface}.device" ];
in {
description = "WPA Supplicant";
after = [ "network-interfaces.target" ];
requires = lib.concatMap deviceUnit ifaces;
wantedBy = [ "network.target" ];
path = [ pkgs.wpa_supplicant ];

7
nixos/modules/services/printing/cupsd.nix
View file

@ -238,7 +238,8 @@ in
example = literalExample "[ pkgs.splix ]";
description = ''
CUPS drivers to use. Drivers provided by CUPS, cups-filters, Ghostscript
and Samba are added unconditionally.
and Samba are added unconditionally. For adding Gutenprint, see
<literal>gutenprint</literal>.
'';
};
@ -310,7 +311,9 @@ in
[ ! -e "/var/lib/cups/$i" ] && ln -s "${rootdir}/etc/cups/$i" "/var/lib/cups/$i"
done
${optionalString cfg.gutenprint ''
${gutenprint}/bin/cups-genppdupdate -p /etc/cups/ppd
if [ -d /var/lib/cups/ppd ]; then
${gutenprint}/bin/cups-genppdupdate -p /var/lib/cups/ppd
fi
''}
'';
};

4
nixos/modules/services/system/kerberos.nix
View file

@ -46,7 +46,7 @@ in
};
systemd.services.kdc = {
description = "Kerberos Domain Controller daemon";
description = "Key Distribution Center daemon";
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -m 0755 -p ${stateDir}
@ -55,7 +55,7 @@ in
};
systemd.services.kpasswdd = {
description = "Kerberos Domain Controller daemon";
description = "Kerberos Password Changing daemon";
wantedBy = [ "multi-user.target" ];
script = "${heimdal}/sbin/kpasswdd";
};

1
nixos/modules/services/torrent/transmission.nix
View file

@ -128,6 +128,7 @@ in
${pkgs.c-ares.out}/lib/libcares*.so* mr,
${pkgs.libcap.out}/lib/libcap*.so* mr,
${pkgs.attr.out}/lib/libattr*.so* mr,
${pkgs.lz4}/lib/liblz4*.so* mr,
@{PROC}/sys/kernel/random/uuid r,
@{PROC}/sys/vm/overcommit_memory r,

78
nixos/modules/services/web-servers/apache-httpd/foswiki.nix Normal file
View file

@ -0,0 +1,78 @@
{ config, pkgs, lib, serverInfo, ... }:
let
inherit (pkgs) foswiki;
inherit (serverInfo.serverConfig) user group;
inherit (config) vardir;
in
{
options.vardir = lib.mkOption {
type = lib.types.path;
default = "/var/www/foswiki";
description = "The directory where variable foswiki data will be stored and served from.";
};
# TODO: this will probably need to be better customizable
extraConfig =
let httpd-conf = pkgs.runCommand "foswiki-httpd.conf"
{ preferLocalBuild = true; }
''
substitute '${foswiki}/foswiki_httpd_conf.txt' "$out" \
--replace /var/www/foswiki/ "${vardir}/"
'';
in
''
RewriteEngine on
RewriteRule /foswiki/(.*) ${vardir}/$1
<Directory "${vardir}">
Require all granted
</Directory>
Include ${httpd-conf}
<Directory "${vardir}/pub">
Options FollowSymlinks
</Directory>
'';
/** This handles initial setup and updates.
It will probably need some tweaking, maybe per-site. */
startupScript = pkgs.writeScript "foswiki_startup.sh" (
let storeLink = "${vardir}/package"; in
''
[ -e '${storeLink}' ] || needs_setup=1
mkdir -p '${vardir}'
cd '${vardir}'
ln -sf -T '${foswiki}' '${storeLink}'
if [ -n "$needs_setup" ]; then # do initial setup
mkdir -p bin lib
# setup most of data/ as copies only
cp -r '${foswiki}'/data '${vardir}/'
rm -r '${vardir}'/data/{System,mime.types}
ln -sr -t '${vardir}/data/' '${storeLink}'/data/{System,mime.types}
ln -sr '${storeLink}/locale' .
mkdir pub
ln -sr '${storeLink}/pub/System' pub/
mkdir templates
ln -sr '${storeLink}'/templates/* templates/
ln -sr '${storeLink}/tools' .
mkdir -p '${vardir}'/working/{logs,tmp}
ln -sr '${storeLink}/working/README' working/ # used to check dir validity
chown -R '${user}:${group}' .
chmod +w -R .
fi
# bin/* and lib/* shall always be overwritten, in case files are added
ln -srf '${storeLink}'/bin/* '${vardir}/bin/'
ln -srf '${storeLink}'/lib/* '${vardir}/lib/'
''
/* Symlinking bin/ one-by-one ensures that ${vardir}/lib/LocalSite.cfg
is used instead of ${foswiki}/... */
);
}

50
nixos/modules/services/web-servers/uwsgi.nix
View file

@ -32,17 +32,27 @@ let
self = pythonPackages;
};
json = builtins.toJSON {
penv = python.buildEnv.override {
extraLibs = (c.pythonPackages or (self: [])) pythonPackages;
};
uwsgiCfg = {
uwsgi =
if c.type == "normal"
then {
inherit plugins;
} // removeAttrs c [ "type" "pythonPackages" ]
// optionalAttrs (python != null) {
pythonpath = "@PYTHONPATH@";
env = (c.env or {}) // {
PATH = optionalString (c ? env.PATH) "${c.env.PATH}:" + "@PATH@";
};
pythonpath = "${penv}/${python.sitePackages}";
env =
# Argh, uwsgi expects list of key-values there instead of a dictionary.
let env' = c.env or [];
getPath =
x: if hasPrefix "PATH=" x
then substring (stringLength "PATH=") (stringLength x) x
else null;
oldPaths = filter (x: x != null) (map getPath env');
in env' ++ [ "PATH=${optionalString (oldPaths != []) "${last oldPaths}:"}${penv}/bin" ];
}
else if c.type == "emperor"
then {
@ -55,35 +65,7 @@ let
else throw "`type` attribute in UWSGI configuration should be either 'normal' or 'emperor'";
};
in
if python == null || c.type != "normal"
then pkgs.writeTextDir "${name}.json" json
else pkgs.stdenv.mkDerivation {
name = "uwsgi-config";
inherit json;
passAsFile = [ "json" ];
nativeBuildInputs = [ pythonPackages.wrapPython ];
pythonInputs = (c.pythonPackages or (self: [])) pythonPackages;
buildCommand = ''
mkdir $out
declare -A pythonPathsSeen=()
program_PYTHONPATH=
program_PATH=
if [ -n "$pythonInputs" ]; then
for i in $pythonInputs; do
_addToPythonPath $i
done
fi
# A hack to replace "@PYTHONPATH@" with a JSON list
if [ -n "$program_PYTHONPATH" ]; then
program_PYTHONPATH="\"''${program_PYTHONPATH//:/\",\"}\""
fi
substitute $jsonPath $out/${name}.json \
--replace '"@PYTHONPATH@"' "[$program_PYTHONPATH]" \
--subst-var-by PATH "$program_PATH"
'';
};
in pkgs.writeTextDir "${name}.json" (builtins.toJSON uwsgiCfg);
in {

39
nixos/modules/services/x11/colord.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.colord;
in {
options = {
services.colord = {
enable = mkEnableOption "colord, the color management daemon";
};
};
config = mkIf cfg.enable {
services.dbus.packages = [ pkgs.colord ];
services.udev.packages = [ pkgs.colord ];
environment.systemPackages = [ pkgs.colord ];
systemd.services.colord = {
description = "Manage, Install and Generate Color Profiles";
serviceConfig = {
Type = "dbus";
BusName = "org.freedesktop.ColorManager";
ExecStart = "${pkgs.colord}/libexec/colord";
PrivateTmp = true;
};
};
};
}

2
nixos/modules/services/x11/desktop-managers/default.nix
View file

@ -19,7 +19,7 @@ in
# E.g., if KDE is enabled, it supersedes xterm.
imports = [
./none.nix ./xterm.nix ./xfce.nix ./kde4.nix ./kde5.nix
./e19.nix ./gnome3.nix ./kodi.nix
./enlightenment.nix ./gnome3.nix ./kodi.nix
];
options = {

27
nixos/modules/services/x11/desktop-managers/e19.nix → nixos/modules/services/x11/desktop-managers/enlightenment.nix
View file

@ -4,9 +4,9 @@ with lib;
let
e = pkgs.enlightenment;
xcfg = config.services.xserver;
cfg = xcfg.desktopManager.e19;
e19_enlightenment = pkgs.e19.enlightenment.override { set_freqset_setuid = true; };
cfg = xcfg.desktopManager.enlightenment;
GST_PLUGIN_PATH = lib.makeSearchPath "lib/gstreamer-1.0" [
pkgs.gst_all_1.gst-plugins-base
pkgs.gst_all_1.gst-plugins-good
@ -18,10 +18,10 @@ in
{
options = {
services.xserver.desktopManager.e19.enable = mkOption {
services.xserver.desktopManager.enlightenment.enable = mkOption {
default = false;
example = true;
description = "Enable the E19 desktop environment.";
description = "Enable the Enlightenment desktop environment.";
};
};
@ -29,8 +29,8 @@ in
config = mkIf (xcfg.enable && cfg.enable) {
environment.systemPackages = [
pkgs.e19.efl pkgs.e19.evas pkgs.e19.emotion pkgs.e19.elementary e19_enlightenment
pkgs.e19.terminology pkgs.e19.econnman
e.efl e.evas e.emotion e.elementary e.enlightenment
e.terminology e.econnman
pkgs.xorg.xauth # used by kdesu
pkgs.gtk # To get GTK+'s themes.
pkgs.tango-icon-theme
@ -42,7 +42,7 @@ in
environment.pathsToLink = [ "/etc/enlightenment" "/etc/xdg" "/share/enlightenment" "/share/elementary" "/share/applications" "/share/locale" "/share/icons" "/share/themes" "/share/mime" "/share/desktop-directories" ];
services.xserver.desktopManager.session = [
{ name = "E19";
{ name = "Enlightenment";
start = ''
# Set GTK_DATA_PREFIX so that GTK+ can find the themes
export GTK_DATA_PREFIX=${config.system.path}
@ -53,17 +53,16 @@ in
export GST_PLUGIN_PATH="${GST_PLUGIN_PATH}"
# make available for D-BUS user services
#export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}:${config.system.path}/share:${pkgs.e19.efl}/share
#export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}:${config.system.path}/share:${e.efl}/share
# Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/
${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update
${e19_enlightenment}/bin/enlightenment_start
waitPID=$!
exec ${e.enlightenment}/bin/enlightenment_start
'';
}];
security.setuidPrograms = [ "e19_freqset" ];
security.setuidPrograms = [ "e_freqset" ];
environment.etc = singleton
{ source = "${pkgs.xkeyboard_config}/etc/X11/xkb";
@ -75,13 +74,13 @@ in
services.udisks2.enable = true;
services.upower.enable = config.powerManagement.enable;
#services.dbus.packages = [ pkgs.efl ]; # dbus-1 folder is not in /etc but in /share, so needs fixing first
services.dbus.packages = [ e.efl ];
systemd.user.services.efreet =
{ enable = true;
description = "org.enlightenment.Efreet";
serviceConfig =
{ ExecStart = "${pkgs.e19.efl}/bin/efreetd";
{ ExecStart = "${e.efl}/bin/efreetd";
StandardOutput = "null";
};
};
@ -90,7 +89,7 @@ in
{ enable = true;
description = "org.enlightenment.Ethumb";
serviceConfig =
{ ExecStart = "${pkgs.e19.efl}/bin/ethumbd";
{ ExecStart = "${e.efl}/bin/ethumbd";
StandardOutput = "null";
};
};

1
nixos/modules/services/x11/desktop-managers/kde5.nix
View file

@ -128,6 +128,7 @@ in
++ lib.optional config.networking.networkmanager.enable kde5.plasma-nm
++ lib.optional config.hardware.pulseaudio.enable kde5.plasma-pa
++ lib.optional config.powerManagement.enable kde5.powerdevil
++ lib.optional config.services.colord.enable kde5.colord-kde
++ lib.optionals config.services.samba.enable [ kde5.kdenetwork-filesharing pkgs.samba ]
++ lib.optionals cfg.phonon.gstreamer.enable

11
nixos/modules/services/x11/display-managers/default.nix
View file

@ -49,17 +49,6 @@ let
fi
''}
${optionalString cfg.startGnuPGAgent ''
if test -z "$SSH_AUTH_SOCK"; then
# Restart this script as a child of the GnuPG agent.
exec "${pkgs.gnupg}/bin/gpg-agent" \
--enable-ssh-support --daemon \
--pinentry-program "${pkgs.pinentry}/bin/pinentry-gtk-2" \
--write-env-file "$HOME/.gpg-agent-info" \
"$0" "$sessionType"
fi
''}
# Handle being called by kdm.
if test "''${1:0:1}" = /; then eval exec "$1"; fi

2
nixos/modules/services/x11/window-managers/default.nix
View file

@ -10,13 +10,13 @@ in
imports = [
./afterstep.nix
./bspwm.nix
./clfswm.nix
./compiz.nix
./dwm.nix
./exwm.nix
./fluxbox.nix
./herbstluftwm.nix
./i3.nix
./jwm.nix
./metacity.nix
./openbox.nix
./notion.nix

25
nixos/modules/services/x11/window-managers/jwm.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xserver.windowManager.jwm;
in
{
###### interface
options = {
services.xserver.windowManager.jwm.enable = mkEnableOption "jwm";
};
###### implementation
config = mkIf cfg.enable {
services.xserver.windowManager.session = singleton {
name = "jwm";
start = ''
${pkgs.jwm}/bin/jwm &
waitPID=$!
'';
};
environment.systemPackages = [ pkgs.jwm ];
};
}

28
nixos/modules/services/x11/xserver.nix
View file

@ -13,9 +13,9 @@ let
# Map video driver names to driver packages. FIXME: move into card-specific modules.
knownVideoDrivers = {
virtualbox = { modules = [ kernelPackages.virtualboxGuestAdditions ]; driverName = "vboxvideo"; };
ati = { modules = [ pkgs.xorg.xf86videoati pkgs.xorg.glamoregl ]; };
intel-testing = { modules = with pkgs.xorg; [ xf86videointel-testing glamoregl ]; driverName = "intel"; };
virtualbox = { modules = [ kernelPackages.virtualboxGuestAdditions ]; driverName = "vboxvideo"; };
ati = { modules = with pkgs.xorg; [ xf86videoati glamoregl ]; };
intel = { modules = with pkgs.xorg; [ xf86videointel glamoregl ]; };
};
fontsForXServer =
@ -160,7 +160,7 @@ in
[ '''
Identifier "Trackpoint Wheel Emulation"
MatchProduct "ThinkPad USB Keyboard with TrackPoint"
Option "EmulateWheel" "true
Option "EmulateWheel" "true"
Option "EmulateWheelButton" "2"
Option "Emulate3Buttons" "false"
'''
@ -219,17 +219,6 @@ in
'';
};
startGnuPGAgent = mkOption {
type = types.bool;
default = false;
description = ''
Whether to start the GnuPG agent when you log in. The GnuPG agent
remembers private keys for you so that you don't have to type in
passphrases every time you make an SSH connection or sign/encrypt
data. Use <command>ssh-add</command> to add a key to the agent.
'';
};
startDbusSession = mkOption {
type = types.bool;
default = true;
@ -444,14 +433,7 @@ in
in optional (driver != null) ({ inherit name; driverName = name; } // driver));
assertions =
[ { assertion = !(config.programs.ssh.startAgent && cfg.startGnuPGAgent);
message =
''
The OpenSSH agent and GnuPG agent cannot be started both. Please
choose between programs.ssh.startAgent and services.xserver.startGnuPGAgent.
'';
}
{ assertion = config.security.polkit.enable;
[ { assertion = config.security.polkit.enable;
message = "X11 requires Polkit to be enabled (security.polkit.enable = true).";
}
];

27
nixos/modules/system/boot/coredump.nix
View file

@ -33,19 +33,24 @@ with lib;
};
config = mkIf config.systemd.coredump.enable {
config = mkMerge [
(mkIf config.systemd.coredump.enable {
environment.etc."systemd/coredump.conf".text =
''
[Coredump]
${config.systemd.coredump.extraConfig}
'';
environment.etc."systemd/coredump.conf".text =
''
[Coredump]
${config.systemd.coredump.extraConfig}
'';
# Have the kernel pass core dumps to systemd's coredump helper binary.
# From systemd's 50-coredump.conf file. See:
# <https://github.com/systemd/systemd/blob/v218/sysctl.d/50-coredump.conf.in>
boot.kernel.sysctl."kernel.core_pattern" = "|${pkgs.systemd}/lib/systemd/systemd-coredump %p %u %g %s %t %e";
# Have the kernel pass core dumps to systemd's coredump helper binary.
# From systemd's 50-coredump.conf file. See:
# <https://github.com/systemd/systemd/blob/v218/sysctl.d/50-coredump.conf.in>
boot.kernel.sysctl."kernel.core_pattern" = "|${pkgs.systemd}/lib/systemd/systemd-coredump %p %u %g %s %t %e";
})
};
(mkIf (!config.systemd.coredump.enable) {
boot.kernel.sysctl."kernel.core_pattern" = mkDefault "core";
})
];
}

1
nixos/modules/system/boot/stage-1.nix
View file

@ -58,6 +58,7 @@ let
# Add RAID mdadm tool.
copy_bin_and_libs ${pkgs.mdadm}/sbin/mdadm
copy_bin_and_libs ${pkgs.mdadm}/sbin/mdmon
# Copy udev.
copy_bin_and_libs ${udev}/lib/systemd/systemd-udevd

2
nixos/modules/tasks/filesystems.nix
View file

@ -93,7 +93,7 @@ let
config = {
mountPoint = mkDefault name;
device = mkIf (config.fsType == "tmpfs") (mkDefault config.fsType);
options = mkIf config.autoResize "x-nixos.autoresize";
options = mkIf config.autoResize [ "x-nixos.autoresize" ];
# -F needed to allow bare block device without partitions
formatOptions = mkIf ((builtins.substring 0 3 config.fsType) == "ext") (mkDefault "-F");

2
nixos/modules/tasks/network-interfaces.nix
View file

@ -882,10 +882,8 @@ in
optionalString hasBonds "options bonding max_bonds=0";
boot.kernel.sysctl = {
"net.net.ipv4.conf.all.promote_secondaries" = true;
"net.ipv6.conf.all.disable_ipv6" = mkDefault (!cfg.enableIPv6);
"net.ipv6.conf.default.disable_ipv6" = mkDefault (!cfg.enableIPv6);
"net.ipv4.conf.all_forwarding" = mkDefault (any (i: i.proxyARP) interfaces);
"net.ipv6.conf.all.forwarding" = mkDefault (any (i: i.proxyARP) interfaces);
} // listToAttrs (concatLists (flip map (filter (i: i.proxyARP) interfaces)
(i: flip map [ "4" "6" ] (v: nameValuePair "net.ipv${v}.conf.${i.name}.proxy_arp" true))

41
nixos/modules/tasks/swraid.nix
View file

@ -12,4 +12,45 @@
cp -v ${pkgs.mdadm}/lib/udev/rules.d/*.rules $out/
'';
systemd.services.mdadm-shutdown = {
wantedBy = [ "final.target"];
after = [ "umount.target" ];
unitConfig = {
DefaultDependencies = false;
};
serviceConfig = {
Type = "oneshot";
ExecStart = ''${pkgs.mdadm}/bin/mdadm --wait-clean --scan'';
};
};
systemd.services."mdmon@" = {
description = "MD Metadata Monitor on /dev/%I";
unitConfig.DefaultDependencies = false;
serviceConfig = {
Type = "forking";
Environment = "IMSM_NO_PLATFORM=1";
ExecStart = ''${pkgs.mdadm}/bin/mdmon --offroot --takeover %I'';
KillMode = "none";
};
};
systemd.services."mdadm-grow-continue@" = {
description = "Manage MD Reshape on /dev/%I";
unitConfig.DefaultDependencies = false;
serviceConfig = {
ExecStart = ''${pkgs.mdadm}/bin/mdadm --grow --continue /dev/%I'';
StandardInput = "null";
StandardOutput = "null";
StandardError = "null";
KillMode = "none";
};
};
}

1
nixos/modules/virtualisation/amazon-image.nix
View file

@ -40,7 +40,6 @@ let cfg = config.ec2; in
# Force udev to exit to prevent random "Device or resource busy
# while trying to open /dev/xvda" errors from fsck.
udevadm control --exit || true
kill -9 -1
'';
boot.initrd.network.enable = true;

17
nixos/modules/virtualisation/azure-agent-entropy.patch Normal file
View file

@ -0,0 +1,17 @@
--- a/waagent 2016-03-12 09:58:15.728088851 +0200
+++ a/waagent 2016-03-12 09:58:43.572680025 +0200
@@ -6173,10 +6173,10 @@
Log("MAC address: " + ":".join(["%02X" % Ord(a) for a in mac]))
# Consume Entropy in ACPI table provided by Hyper-V
- try:
- SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))
- except:
- pass
+ #try:
+ # SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))
+ #except:
+ # pass
Log("Probing for Azure environment.")
self.Endpoint = self.DoDhcpWork()

45
nixos/modules/virtualisation/azure-agent.nix
View file

@ -14,6 +14,9 @@ let
rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4";
sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x";
};
patches = [ ./azure-agent-entropy.patch ];
buildInputs = [ makeWrapper python pythonPackages.wrapPython ];
runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh
nettools # for hostname
@ -54,9 +57,15 @@ in
###### interface
options.virtualisation.azure.agent.enable = mkOption {
default = false;
description = "Whether to enable the Windows Azure Linux Agent.";
options.virtualisation.azure.agent = {
enable = mkOption {
default = false;
description = "Whether to enable the Windows Azure Linux Agent.";
};
verboseLogging = mkOption {
default = false;
description = "Whether to enable verbose logging.";
};
};
###### implementation
@ -88,7 +97,7 @@ in
Provisioning.DeleteRootPassword=n
# Generate fresh host key pair.
Provisioning.RegenerateSshHostKeyPair=y
Provisioning.RegenerateSshHostKeyPair=n
# Supported values are "rsa", "dsa" and "ecdsa".
Provisioning.SshHostKeyPairType=ed25519
@ -121,7 +130,7 @@ in
Logs.Console=y
# Enable verbose logging (y|n)
Logs.Verbose=n
Logs.Verbose=${if cfg.verboseLogging then "y" else "n"}
# Root device timeout in seconds.
OS.RootDeviceScsiTimeout=300
@ -146,16 +155,30 @@ in
systemd.targets.provisioned = {
description = "Services Requiring Azure VM provisioning to have finished";
wantedBy = [ "sshd.service" ];
before = [ "sshd.service" ];
};
systemd.services.consume-hypervisor-entropy =
{ description = "Consume entropy in ACPI table provided by Hyper-V";
wantedBy = [ "sshd.service" "waagent.service" ];
before = [ "sshd.service" "waagent.service" ];
after = [ "local-fs.target" ];
path = [ pkgs.coreutils ];
script =
''
echo "Fetching entropy..."
cat /sys/firmware/acpi/tables/OEM0 > /dev/random
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.StandardError = "journal+console";
serviceConfig.StandardOutput = "journal+console";
};
systemd.services.waagent = {
wantedBy = [ "sshd.service" ];
before = [ "sshd.service" ];
after = [ "ip-up.target" ];
wants = [ "ip-up.target" ];
wantedBy = [ "multi-user.target" ];
after = [ "ip-up.target" "sshd.service" ];
path = [ pkgs.e2fsprogs ];
description = "Windows Azure Agent Service";

4
nixos/modules/virtualisation/azure-image.nix
View file

@ -2,7 +2,7 @@
with lib;
let
diskSize = "4096";
diskSize = "30720";
in
{
system.build.azureImage =
@ -23,7 +23,7 @@ in
postVM =
''
mkdir -p $out
${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -O vpc -o subformat=fixed $diskImage $out/disk.vhd
${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -O vpc $diskImage $out/disk.vhd
rm $diskImage
'';
diskImageBase = "nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.raw";

57
nixos/modules/virtualisation/virtualbox-image.nix
View file

@ -22,7 +22,9 @@ in {
config = {
system.build.virtualBoxImage = import ../../lib/make-disk-image.nix {
system.build.virtualBoxOVA = import ../../lib/make-disk-image.nix {
name = "nixos-ova-${config.system.nixosLabel}-${pkgs.stdenv.system}";
inherit pkgs lib config;
partitioned = true;
diskSize = cfg.baseImageSize;
@ -37,37 +39,36 @@ in {
postVM =
''
echo "creating VirtualBox disk image..."
${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage $out/disk.vdi
${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage disk.vdi
rm $diskImage
echo "creating VirtualBox VM..."
export HOME=$PWD
export PATH=${pkgs.linuxPackages.virtualbox}/bin:$PATH
vmName="NixOS ${config.system.nixosLabel} (${pkgs.stdenv.system})"
VBoxManage createvm --name "$vmName" --register \
--ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
VBoxManage modifyvm "$vmName" \
--memory 1536 --acpi on --vram 32 \
${optionalString (pkgs.stdenv.system == "i686-linux") "--pae on"} \
--nictype1 virtio --nic1 nat \
--audiocontroller ac97 --audio alsa \
--rtcuseutc on \
--usb on --mouse usbtablet
VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on
VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \
--medium disk.vdi
echo "exporting VirtualBox VM..."
mkdir -p $out
fn="$out/nixos-${config.system.nixosLabel}-${pkgs.stdenv.system}.ova"
VBoxManage export "$vmName" --output "$fn"
mkdir -p $out/nix-support
echo "file ova $fn" >> $out/nix-support/hydra-build-products
'';
};
system.build.virtualBoxOVA = pkgs.runCommand "virtualbox-ova"
{ buildInputs = [ pkgs.linuxPackages.virtualbox ];
vmName = "NixOS ${config.system.nixosLabel} (${pkgs.stdenv.system})";
fileName = "nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.ova";
}
''
echo "creating VirtualBox VM..."
export HOME=$PWD
VBoxManage createvm --name "$vmName" --register \
--ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
VBoxManage modifyvm "$vmName" \
--memory 1536 --acpi on --vram 32 \
${optionalString (pkgs.stdenv.system == "i686-linux") "--pae on"} \
--nictype1 virtio --nic1 nat \
--audiocontroller ac97 --audio alsa \
--rtcuseutc on \
--usb on --mouse usbtablet
VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on
VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \
--medium ${config.system.build.virtualBoxImage}/disk.vdi
echo "exporting VirtualBox VM..."
mkdir -p $out
VBoxManage export "$vmName" --output "$out/$fileName"
'';
fileSystems."/".device = "/dev/disk/by-label/nixos";
boot.loader.grub.device = "/dev/sda";