movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Merge branch 'master' into nix-2.0

Browse source
This commit is contained in:
Vladimír Čunát 2018-03-03 18:02:35 +01:00
commit b70c93f211
No known key found for this signature in database
GPG key ID: E747DF1F9575A3AA
1616 changed files with 22967 additions and 28019 deletions
Download patch file Download diff file Expand all files Collapse all files

2
doc/meta.xml
View file

@ -53,7 +53,7 @@ $ nix-env -qa hello --json
"x86_64-linux", "x86_64-linux",
"armv5tel-linux", "armv5tel-linux",
"armv7l-linux", "armv7l-linux",
"mips64el-linux", "mips32-linux",
"x86_64-darwin", "x86_64-darwin",
"i686-cygwin", "i686-cygwin",
"i686-freebsd", "i686-freebsd",

6
lib/customisation.nix
View file

@ -155,12 +155,6 @@ rec {
outPath = assert condition; drv.outPath; outPath = assert condition; drv.outPath;
}; };
/* Add attributes to each output of a derivation without changing
the derivation itself. */
addPassthru =
lib.warn "`addPassthru drv passthru` is deprecated, replace with `extendDerivation true passthru drv`"
(drv: passthru: extendDerivation true passthru drv);
/* Strip a derivation of all non-essential attributes, returning /* Strip a derivation of all non-essential attributes, returning
only those needed by hydra-eval-jobs. Also strictly evaluate the only those needed by hydra-eval-jobs. Also strictly evaluate the
result to ensure that there are no thunks kept alive to prevent result to ensure that there are no thunks kept alive to prevent

2
lib/default.nix
View file

@ -88,7 +88,7 @@ let
inherit (stringsWithDeps) textClosureList textClosureMap inherit (stringsWithDeps) textClosureList textClosureMap
noDepEntry fullDepEntry packEntry stringAfter; noDepEntry fullDepEntry packEntry stringAfter;
inherit (customisation) overrideDerivation makeOverridable inherit (customisation) overrideDerivation makeOverridable
callPackageWith callPackagesWith extendDerivation addPassthru callPackageWith callPackagesWith extendDerivation
hydraJob makeScope; hydraJob makeScope;
inherit (meta) addMetaAttrs dontDistribute setName updateName inherit (meta) addMetaAttrs dontDistribute setName updateName
appendToName mapDerivationAttrset lowPrio lowPrioSet hiPrio appendToName mapDerivationAttrset lowPrio lowPrioSet hiPrio

9
lib/maintainers.nix
View file

@ -71,6 +71,7 @@
auntie = "Jonathan Glines <auntieNeo@gmail.com>"; auntie = "Jonathan Glines <auntieNeo@gmail.com>";
avnik = "Alexander V. Nikolaev <avn@avnik.info>"; avnik = "Alexander V. Nikolaev <avn@avnik.info>";
aycanirican = "Aycan iRiCAN <iricanaycan@gmail.com>"; aycanirican = "Aycan iRiCAN <iricanaycan@gmail.com>";
babariviere = "Bastien Riviere <babariviere@protonmail.com>";
bachp = "Pascal Bach <pascal.bach@nextrem.ch>"; bachp = "Pascal Bach <pascal.bach@nextrem.ch>";
backuitist = "Bruno Bieth"; backuitist = "Bruno Bieth";
badi = "Badi' Abdul-Wahid <abdulwahidc@gmail.com>"; badi = "Badi' Abdul-Wahid <abdulwahidc@gmail.com>";
@ -198,6 +199,7 @@
dzabraev = "Maksim Dzabraev <dzabraew@gmail.com>"; dzabraev = "Maksim Dzabraev <dzabraew@gmail.com>";
e-user = "Alexander Kahl <nixos@sodosopa.io>"; e-user = "Alexander Kahl <nixos@sodosopa.io>";
earldouglas = "James Earl Douglas <james@earldouglas.com>"; earldouglas = "James Earl Douglas <james@earldouglas.com>";
earvstedt = "Erik Arvstedt <erik.arvstedt@gmail.com>";
ebzzry = "Rommel Martinez <ebzzry@ebzzry.io>"; ebzzry = "Rommel Martinez <ebzzry@ebzzry.io>";
edanaher = "Evan Danaher <nixos@edanaher.net>"; edanaher = "Evan Danaher <nixos@edanaher.net>";
edef = "edef <edef@edef.eu>"; edef = "edef <edef@edef.eu>";
@ -224,6 +226,7 @@
erictapen = "Justin Humm <justin.humm@posteo.de>"; erictapen = "Justin Humm <justin.humm@posteo.de>";
erikryb = "Erik Rybakken <erik.rybakken@math.ntnu.no>"; erikryb = "Erik Rybakken <erik.rybakken@math.ntnu.no>";
ertes = "Ertugrul Söylemez <esz@posteo.de>"; ertes = "Ertugrul Söylemez <esz@posteo.de>";
erosennin = "Andrey Golovizin <ag@sologoc.com>";
ethercrow = "Dmitry Ivanov <ethercrow@gmail.com>"; ethercrow = "Dmitry Ivanov <ethercrow@gmail.com>";
etu = "Elis Hirwing <elis@hirwing.se>"; etu = "Elis Hirwing <elis@hirwing.se>";
exfalso = "Andras Slemmer <0slemi0@gmail.com>"; exfalso = "Andras Slemmer <0slemi0@gmail.com>";
@ -373,12 +376,14 @@
lasandell = "Luke Sandell <lasandell@gmail.com>"; lasandell = "Luke Sandell <lasandell@gmail.com>";
lassulus = "Lassulus <lassulus@gmail.com>"; lassulus = "Lassulus <lassulus@gmail.com>";
layus = "Guillaume Maudoux <layus.on@gmail.com>"; layus = "Guillaume Maudoux <layus.on@gmail.com>";
lblasc = "Luka Blaskovic <lblasc@znode.net>";
ldesgoui = "Lucas Desgouilles <ldesgoui@gmail.com>"; ldesgoui = "Lucas Desgouilles <ldesgoui@gmail.com>";
league = "Christopher League <league@contrapunctus.net>"; league = "Christopher League <league@contrapunctus.net>";
lebastr = "Alexander Lebedev <lebastr@gmail.com>"; lebastr = "Alexander Lebedev <lebastr@gmail.com>";
ledif = "Adam Fidel <refuse@gmail.com>"; ledif = "Adam Fidel <refuse@gmail.com>";
leemachin = "Lee Machin <me@mrl.ee>"; leemachin = "Lee Machin <me@mrl.ee>";
leenaars = "Michiel Leenaars <ml.software@leenaa.rs>"; leenaars = "Michiel Leenaars <ml.software@leenaa.rs>";
lejonet = "Daniel Kuehn <daniel@kuehn.se>";
leonardoce = "Leonardo Cecchi <leonardo.cecchi@gmail.com>"; leonardoce = "Leonardo Cecchi <leonardo.cecchi@gmail.com>";
lethalman = "Luca Bruno <lucabru@src.gnome.org>"; lethalman = "Luca Bruno <lucabru@src.gnome.org>";
lewo = "Antoine Eiche <lewo@abesis.fr>"; lewo = "Antoine Eiche <lewo@abesis.fr>";
@ -671,6 +676,7 @@
stumoss = "Stuart Moss <samoss@gmail.com>"; stumoss = "Stuart Moss <samoss@gmail.com>";
SuprDewd = "Bjarki Ágúst Guðmundsson <suprdewd@gmail.com>"; SuprDewd = "Bjarki Ágúst Guðmundsson <suprdewd@gmail.com>";
suvash = "Suvash Thapaliya <suvash+nixpkgs@gmail.com>"; suvash = "Suvash Thapaliya <suvash+nixpkgs@gmail.com>";
svsdep = "Vasyl Solovei <svsdep@gmail.com>";
swarren83 = "Shawn Warren <shawn.w.warren@gmail.com>"; swarren83 = "Shawn Warren <shawn.w.warren@gmail.com>";
swflint = "Samuel W. Flint <swflint@flintfam.org>"; swflint = "Samuel W. Flint <swflint@flintfam.org>";
swistak35 = "Rafał Łasocha <me@swistak35.com>"; swistak35 = "Rafał Łasocha <me@swistak35.com>";
@ -689,6 +695,7 @@
TealG = "Teal Gaure <~@Teal.Gr>"; TealG = "Teal Gaure <~@Teal.Gr>";
teh = "Tom Hunger <tehunger@gmail.com>"; teh = "Tom Hunger <tehunger@gmail.com>";
telotortium = "Robert Irelan <rirelan@gmail.com>"; telotortium = "Robert Irelan <rirelan@gmail.com>";
teozkr = "Teo Klestrup Röijezon <teo@nullable.se>";
teto = "Matthieu Coudron <mcoudron@hotmail.com>"; teto = "Matthieu Coudron <mcoudron@hotmail.com>";
tex = "Milan Svoboda <milan.svoboda@centrum.cz>"; tex = "Milan Svoboda <milan.svoboda@centrum.cz>";
thall = "Niclas Thall <niclas.thall@gmail.com>"; thall = "Niclas Thall <niclas.thall@gmail.com>";
@ -702,6 +709,7 @@
tilpner = "Till Höppner <till@hoeppner.ws>"; tilpner = "Till Höppner <till@hoeppner.ws>";
timbertson = "Tim Cuthbertson <tim@gfxmonk.net>"; timbertson = "Tim Cuthbertson <tim@gfxmonk.net>";
timokau = "Timo Kaufmann <timokau@zoho.com>"; timokau = "Timo Kaufmann <timokau@zoho.com>";
timor = "timor <timor.dd@googlemail.com>";
tiramiseb = "Sébastien Maccagnoni <sebastien@maccagnoni.eu>"; tiramiseb = "Sébastien Maccagnoni <sebastien@maccagnoni.eu>";
titanous = "Jonathan Rudenberg <jonathan@titanous.com>"; titanous = "Jonathan Rudenberg <jonathan@titanous.com>";
tnias = "Philipp Bartsch <phil@grmr.de>"; tnias = "Philipp Bartsch <phil@grmr.de>";
@ -713,6 +721,7 @@
treemo = "Matthieu Chevrier <matthieu.chevrier@treemo.fr>"; treemo = "Matthieu Chevrier <matthieu.chevrier@treemo.fr>";
trevorj = "Trevor Joynson <nix@trevor.joynson.io>"; trevorj = "Trevor Joynson <nix@trevor.joynson.io>";
trino = "Hubert Mühlhans <muehlhans.hubert@ekodia.de>"; trino = "Hubert Mühlhans <muehlhans.hubert@ekodia.de>";
troydm = "Dmitry Geurkov <d.geurkov@gmail.com>";
tstrobel = "Thomas Strobel <4ZKTUB6TEP74PYJOPWIR013S2AV29YUBW5F9ZH2F4D5UMJUJ6S@hash.domains>"; tstrobel = "Thomas Strobel <4ZKTUB6TEP74PYJOPWIR013S2AV29YUBW5F9ZH2F4D5UMJUJ6S@hash.domains>";
ttuegel = "Thomas Tuegel <ttuegel@mailbox.org>"; ttuegel = "Thomas Tuegel <ttuegel@mailbox.org>";
tv = "Tomislav Viljetić <tv@shackspace.de>"; tv = "Tomislav Viljetić <tv@shackspace.de>";

17
lib/systems/default.nix
View file

@ -23,13 +23,15 @@ rec {
config = parse.tripleFromSystem final.parsed; config = parse.tripleFromSystem final.parsed;
# Just a guess, based on `system` # Just a guess, based on `system`
platform = platforms.selectBySystem final.system; platform = platforms.selectBySystem final.system;
# Derived meta-data
libc = libc =
/**/ if final.isDarwin then "libSystem" /**/ if final.isDarwin then "libSystem"
else if final.isMinGW then "msvcrt" else if final.isMinGW then "msvcrt"
else if final.isMusl then "musl" else if final.isMusl then "musl"
else if final.isLinux /* default */ then "glibc" else if final.isAndroid then "bionic"
else if final.isLinux /* default */ then "glibc"
# TODO(@Ericson2314) think more about other operating systems # TODO(@Ericson2314) think more about other operating systems
else "native/impure"; else "native/impure";
extensions = { extensions = {
sharedLibrary = sharedLibrary =
/**/ if final.isDarwin then ".dylib" /**/ if final.isDarwin then ".dylib"
@ -39,7 +41,10 @@ rec {
/**/ if final.isWindows then ".exe" /**/ if final.isWindows then ".exe"
else ""; else "";
}; };
# Misc boolean options
useAndroidPrebuilt = false;
} // mapAttrs (n: v: v final.parsed) inspect.predicates } // mapAttrs (n: v: v final.parsed) inspect.predicates
// args; // args;
in final; in assert final.useAndroidPrebuilt -> final.isAndroid;
final;
} }

2
lib/systems/doubles.nix
View file

@ -9,7 +9,7 @@ let
"aarch64-linux" "aarch64-linux"
"armv5tel-linux" "armv6l-linux" "armv7l-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux"
"mips64el-linux" "mipsel-linux"
"i686-cygwin" "i686-freebsd" "i686-linux" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-freebsd" "i686-linux" "i686-netbsd" "i686-openbsd"

9
lib/systems/examples.nix
View file

@ -38,6 +38,13 @@ rec {
platform = platforms.aarch64-multiplatform; platform = platforms.aarch64-multiplatform;
}; };
aarch64-android-prebuilt = rec {
config = "aarch64-unknown-linux-android";
arch = "aarch64";
platform = platforms.aarch64-multiplatform;
useAndroidPrebuilt = true;
};
scaleway-c1 = armv7l-hf-multiplatform // rec { scaleway-c1 = armv7l-hf-multiplatform // rec {
platform = platforms.scaleway-c1; platform = platforms.scaleway-c1;
inherit (platform.gcc) fpu; inherit (platform.gcc) fpu;
@ -51,7 +58,7 @@ rec {
}; };
fuloongminipc = rec { fuloongminipc = rec {
config = "mips64el-unknown-linux-gnu"; config = "mipsel-unknown-linux-gnu";
arch = "mips"; arch = "mips";
float = "hard"; float = "hard";
platform = platforms.fuloong2f_n32; platform = platforms.fuloong2f_n32;

8
lib/systems/inspect.nix
View file

@ -34,7 +34,15 @@ rec {
Cygwin = { kernel = kernels.windows; abi = abis.cygnus; }; Cygwin = { kernel = kernels.windows; abi = abis.cygnus; };
MinGW = { kernel = kernels.windows; abi = abis.gnu; }; MinGW = { kernel = kernels.windows; abi = abis.gnu; };
Android = [ { abi = abis.android; } { abi = abis.androideabi; } ];
Musl = with abis; map (a: { abi = a; }) [ musl musleabi musleabihf ]; Musl = with abis; map (a: { abi = a; }) [ musl musleabi musleabihf ];
Kexecable = map (family: { kernel = kernels.linux; cpu.family = family; })
[ "x86" "arm" "aarch64" "mips" ];
Efi = map (family: { cpu.family = family; })
[ "x86" "arm" "aarch64" ];
Seccomputable = map (family: { kernel = kernels.linux; cpu.family = family; })
[ "x86" "arm" "aarch64" "mips" ];
}; };
matchAnyAttrs = patterns: matchAnyAttrs = patterns:

6
lib/systems/parse.nix
View file

@ -75,7 +75,10 @@ rec {
aarch64 = { bits = 64; significantByte = littleEndian; family = "aarch64"; }; aarch64 = { bits = 64; significantByte = littleEndian; family = "aarch64"; };
i686 = { bits = 32; significantByte = littleEndian; family = "x86"; }; i686 = { bits = 32; significantByte = littleEndian; family = "x86"; };
x86_64 = { bits = 64; significantByte = littleEndian; family = "x86"; }; x86_64 = { bits = 64; significantByte = littleEndian; family = "x86"; };
mips64el = { bits = 32; significantByte = littleEndian; family = "mips"; }; mips = { bits = 32; significantByte = bigEndian; family = "mips"; };
mipsel = { bits = 32; significantByte = littleEndian; family = "mips"; };
mips64 = { bits = 64; significantByte = bigEndian; family = "mips"; };
mips64el = { bits = 64; significantByte = littleEndian; family = "mips"; };
powerpc = { bits = 32; significantByte = bigEndian; family = "power"; }; powerpc = { bits = 32; significantByte = bigEndian; family = "power"; };
riscv32 = { bits = 32; significantByte = littleEndian; family = "riscv"; }; riscv32 = { bits = 32; significantByte = littleEndian; family = "riscv"; };
riscv64 = { bits = 64; significantByte = littleEndian; family = "riscv"; }; riscv64 = { bits = 64; significantByte = littleEndian; family = "riscv"; };
@ -173,6 +176,7 @@ rec {
types.abi = enum (attrValues abis); types.abi = enum (attrValues abis);
abis = setTypes types.openAbi { abis = setTypes types.openAbi {
android = {};
cygnus = {}; cygnus = {};
gnu = {}; gnu = {};
msvc = {}; msvc = {};

2
lib/systems/platforms.nix
View file

@ -561,6 +561,6 @@ rec {
"armv6l-linux" = raspberrypi; "armv6l-linux" = raspberrypi;
"armv7l-linux" = armv7l-hf-multiplatform; "armv7l-linux" = armv7l-hf-multiplatform;
"aarch64-linux" = aarch64-multiplatform; "aarch64-linux" = aarch64-multiplatform;
"mips64el-linux" = fuloong2f_n32; "mipsel-linux" = fuloong2f_n32;
}.${system} or pcBase; }.${system} or pcBase;
} }

4
lib/tests/systems.nix
View file

@ -16,7 +16,7 @@ in with lib.systems.doubles; lib.runTests {
arm = assertTrue (mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv7l-linux" ]); arm = assertTrue (mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv7l-linux" ]);
i686 = assertTrue (mseteq i686 [ "i686-linux" "i686-freebsd" "i686-netbsd" "i686-openbsd" "i686-cygwin" ]); i686 = assertTrue (mseteq i686 [ "i686-linux" "i686-freebsd" "i686-netbsd" "i686-openbsd" "i686-cygwin" ]);
mips = assertTrue (mseteq mips [ "mips64el-linux" ]); mips = assertTrue (mseteq mips [ "mipsel-linux" ]);
x86_64 = assertTrue (mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" ]); x86_64 = assertTrue (mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" ]);
cygwin = assertTrue (mseteq cygwin [ "i686-cygwin" "x86_64-cygwin" ]); cygwin = assertTrue (mseteq cygwin [ "i686-cygwin" "x86_64-cygwin" ]);
@ -24,7 +24,7 @@ in with lib.systems.doubles; lib.runTests {
freebsd = assertTrue (mseteq freebsd [ "i686-freebsd" "x86_64-freebsd" ]); freebsd = assertTrue (mseteq freebsd [ "i686-freebsd" "x86_64-freebsd" ]);
gnu = assertTrue (mseteq gnu (linux /* ++ hurd ++ kfreebsd ++ ... */)); gnu = assertTrue (mseteq gnu (linux /* ++ hurd ++ kfreebsd ++ ... */));
illumos = assertTrue (mseteq illumos [ "x86_64-solaris" ]); illumos = assertTrue (mseteq illumos [ "x86_64-solaris" ]);
linux = assertTrue (mseteq linux [ "i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "aarch64-linux" "mips64el-linux" ]); linux = assertTrue (mseteq linux [ "i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "aarch64-linux" "mipsel-linux" ]);
netbsd = assertTrue (mseteq netbsd [ "i686-netbsd" "x86_64-netbsd" ]); netbsd = assertTrue (mseteq netbsd [ "i686-netbsd" "x86_64-netbsd" ]);
openbsd = assertTrue (mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ]); openbsd = assertTrue (mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ]);
unix = assertTrue (mseteq unix (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos)); unix = assertTrue (mseteq unix (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos));

192
maintainers/scripts/gnome.sh
View file

@ -1,192 +0,0 @@
#!/usr/bin/env bash
set -o pipefail
GNOME_FTP=ftp.gnome.org/pub/GNOME/sources
# projects that don't follow the GNOME major versioning, or that we don't want to
# programmatically update
NO_GNOME_MAJOR="ghex gtkhtml gdm gucharmap"
usage() {
echo "Usage: $0 <show project>|<update project>|<update-all> [major.minor]" >&2
exit 0
}
if [ "$#" -lt 1 ]; then
usage
fi
GNOME_TOP=pkgs/desktops/gnome-3
action=$1
# curl -l ftp://... doesn't work from my office in HSE, and I don't want to have
# any conversations with sysadmin. Somehow lftp works.
if [ "$FTP_CLIENT" = "lftp" ]; then
ls_ftp() {
lftp -c "open $1; cls"
}
else
ls_ftp() {
curl -s -l "$1"/
}
fi
find_project() {
exec find "$GNOME_TOP" -mindepth 2 -maxdepth 2 -type d "$@"
}
show_project() {
local project=$1
local majorVersion=$2
local version=
if [ -z "$majorVersion" ]; then
echo "Looking for available versions..." >&2
local available_baseversions=$(ls_ftp ftp://${GNOME_FTP}/${project} | grep '[0-9]\.[0-9]' | sort -t. -k1,1n -k 2,2n)
if [ "$?" -ne 0 ]; then
echo "Project $project not found" >&2
return 1
fi
echo -e "The following versions are available:\n ${available_baseversions[@]}" >&2
echo -en "Choose one of them: " >&2
read majorVersion
fi
if echo "$majorVersion" | grep -q "[0-9]\+\.[0-9]\+\.[0-9]\+"; then
# not a major version
version=$majorVersion
majorVersion=$(echo "$majorVersion" | cut -d '.' -f 1,2)
fi
local FTPDIR=${GNOME_FTP}/${project}/${majorVersion}
#version=`curl -l ${FTPDIR}/ 2>/dev/null | grep LATEST-IS | sed -e s/LATEST-IS-//`
# gnome's LATEST-IS is broken. Do not trust it.
if [ -z "$version" ]; then
local files=$(ls_ftp "${FTPDIR}")
declare -A versions
for f in $files; do
case $f in
(LATEST-IS-*|*.news|*.changes|*.sha256sum|*.diff*):
;;
($project-*.*.9*.tar.*):
tmp=${f#$project-}
tmp=${tmp%.tar*}
echo "Ignored unstable version ${tmp}" >&2
;;
($project-*.tar.*):
tmp=${f#$project-}
tmp=${tmp%.tar*}
versions[${tmp}]=1
;;
(*):
echo "UNKNOWN FILE $f" >&2
;;
esac
done
echo "Found versions ${!versions[@]}" >&2
version=$(echo ${!versions[@]} | sed -e 's/ /\n/g' | sort -t. -k1,1n -k 2,2n -k 3,3n | tail -n1)
if [ -z "$version" ]; then
echo "No version available for major $majorVersion" >&2
return 1
fi
echo "Latest version is: ${version}" >&2
fi
local name=${project}-${version}
echo "Fetching .sha256 file" >&2
local sha256out=$(curl -s -f http://"${FTPDIR}"/"${name}".sha256sum)
if [ "$?" -ne "0" ]; then
echo "Version not found" >&2
return 1
fi
extensions=( "xz" "bz2" "gz" )
echo "Choosing archive extension (known are ${extensions[@]})..." >&2
for ext in ${extensions[@]}; do
if echo -e "$sha256out" | grep -q "\\.tar\\.${ext}$"; then
ext_pref=$ext
sha256=$(echo -e "$sha256out" | grep "\\.tar\\.${ext}$" | cut -f1 -d\ )
break
fi
done
echo "Chosen ${ext_pref}, hash is ${sha256}" >&2
echo "# Autogenerated by maintainers/scripts/gnome.sh update
fetchurl: {
name = \"${project}-${version}\";
src = fetchurl {
url = mirror://gnome/sources/${project}/${majorVersion}/${project}-${version}.tar.${ext_pref};
sha256 = \"${sha256}\";
};
}"
return 0
}
update_project() {
local project=$1
local majorVersion=$2
# find project in nixpkgs tree
projectPath=$(find_project -name "$project" -print)
if [ -z "$projectPath" ]; then
echo "Project $project not found under $GNOME_TOP"
exit 1
fi
src=$(show_project "$project" "$majorVersion")
if [ "$?" -eq "0" ]; then
echo "Updating $projectPath/src.nix" >&2
echo -e "$src" > "$projectPath"/src.nix
fi
return 0
}
if [ "$action" = "update-all" ]; then
majorVersion=$2
if [ -z "$majorVersion" ]; then
echo "No major version specified" >&2
usage
fi
# find projects
projects=$(find_project -exec basename '{}' \;)
for project in $projects; do
if echo "$NO_GNOME_MAJOR"|grep -q $project; then
echo "Skipping $project"
else
echo "= Updating $project to $majorVersion" >&2
update_project "$project" "$majorVersion"
echo >&2
fi
done
else
project=$2
majorVersion=$3
if [ -z "$project" ]; then
echo "No project specified, exiting" >&2
usage
fi
if [ "$action" = show ]; then
show_project "$project" "$majorVersion"
elif [ "$action" = update ]; then
update_project "$project" "$majorVersion"
else
echo "Unknown action $action" >&2
usage
fi
fi

47
maintainers/scripts/update.nix
View file

@ -1,5 +1,6 @@
{ package ? null { package ? null
, maintainer ? null , maintainer ? null
, path ? null
}: }:
# TODO: add assert statements # TODO: add assert statements
@ -9,22 +10,24 @@ let
pkgs = import ./../../default.nix { }; pkgs = import ./../../default.nix { };
packagesWith = cond: return: set: packagesWith = cond: return: set:
pkgs.lib.flatten pkgs.lib.unique
(pkgs.lib.mapAttrsToList (pkgs.lib.flatten
(name: pkg: (pkgs.lib.mapAttrsToList
let (name: pkg:
result = builtins.tryEval ( let
if pkgs.lib.isDerivation pkg && cond name pkg result = builtins.tryEval (
then [(return name pkg)] if pkgs.lib.isDerivation pkg && cond name pkg
else if pkg.recurseForDerivations or false || pkg.recurseForRelease or false then [(return name pkg)]
then packagesWith cond return pkg else if pkg.recurseForDerivations or false || pkg.recurseForRelease or false
then packagesWith cond return pkg
else []
);
in
if result.success then result.value
else [] else []
); )
in set
if result.success then result.value
else []
) )
set
); );
packagesWithUpdateScriptAndMaintainer = maintainer': packagesWithUpdateScriptAndMaintainer = maintainer':
@ -47,6 +50,14 @@ let
(name: pkg: pkg) (name: pkg: pkg)
pkgs; pkgs;
packagesWithUpdateScript = path:
let
attrSet = pkgs.lib.attrByPath (pkgs.lib.splitString "." path) null pkgs;
in
packagesWith (name: pkg: builtins.hasAttr "updateScript" pkg)
(name: pkg: pkg)
attrSet;
packageByName = name: packageByName = name:
let let
package = pkgs.lib.attrByPath (pkgs.lib.splitString "." name) null pkgs; package = pkgs.lib.attrByPath (pkgs.lib.splitString "." name) null pkgs;
@ -63,6 +74,8 @@ let
[ (packageByName package) ] [ (packageByName package) ]
else if maintainer != null then else if maintainer != null then
packagesWithUpdateScriptAndMaintainer maintainer packagesWithUpdateScriptAndMaintainer maintainer
else if path != null then
packagesWithUpdateScript path
else else
builtins.throw "No arguments provided.\n\n${helpText}"; builtins.throw "No arguments provided.\n\n${helpText}";
@ -76,7 +89,11 @@ let
% nix-shell maintainers/scripts/update.nix --argstr package garbas % nix-shell maintainers/scripts/update.nix --argstr package garbas
to run update script for specific package. to run update script for specific package, or
% nix-shell maintainers/scripts/update.nix --argstr path gnome3
to run update script for all package under an attribute path.
''; '';
runUpdateScript = package: '' runUpdateScript = package: ''

78
nixos/doc/manual/release-notes/rl-1803.xml
View file

@ -18,6 +18,18 @@
has the following highlights: </para> has the following highlights: </para>
<itemizedlist> <itemizedlist>
<listitem>
<para>
Linux kernel defaults to the 4.14 branch (it was 4.9).
</para>
</listitem>
<listitem>
<para>
GCC defaults to 7.x (it was 6.x).
</para>
</listitem>
<listitem> <listitem>
<para> <para>
MariaDB 10.2, updated from 10.1, is now the default MySQL implementation. While upgrading a few changes MariaDB 10.2, updated from 10.1, is now the default MySQL implementation. While upgrading a few changes
@ -80,6 +92,11 @@ has the following highlights: </para>
following incompatible changes:</para> following incompatible changes:</para>
<itemizedlist> <itemizedlist>
<listitem>
<para>
<literal>sound.enable</literal> now defaults to false.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Dollar signs in options under <option>services.postfix</option> are Dollar signs in options under <option>services.postfix</option> are
@ -176,7 +193,7 @@ following incompatible changes:</para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<literal>lib.addPassthru drv passthru</literal> is removed. Use <literal>lib.extendDerivation true passthru drv</literal> instead. <emphasis role="strong">TODO: actually remove it before branching 18.03 off.</emphasis> <literal>lib.addPassthru drv passthru</literal> is removed. Use <literal>lib.extendDerivation true passthru drv</literal> instead.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -239,6 +256,58 @@ following incompatible changes:</para>
<link xlink:href="http://borgbackup.readthedocs.io/en/stable/usage/upgrade.html#attic-and-borg-0-xx-to-borg-1-x">here</link>. <link xlink:href="http://borgbackup.readthedocs.io/en/stable/usage/upgrade.html#attic-and-borg-0-xx-to-borg-1-x">here</link>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The Piwik analytics software was renamed to Matomo:
<itemizedlist>
<listitem>
<para>The package <literal>pkgs.piwik</literal> was renamed to <literal>pkgs.matomo</literal>.</para>
</listitem>
<listitem>
<para>The service <literal>services.piwik</literal> was renamed to <literal>services.matomo</literal>.</para>
</listitem>
<listitem>
<para>
The data directory <filename>/var/lib/piwik</filename> was renamed to <filename>/var/lib/matomo</filename>.
All files will be moved automatically on first startup, but you might need to adjust your backup scripts.
</para>
</listitem>
<listitem>
<para>
The default <option>serverName</option> for the nginx configuration changed from
<literal>piwik.${config.networking.hostName}</literal> to
<literal>matomo.${config.networking.hostName}.${config.networking.domain}</literal>
if <option>config.networking.domain</option> is set,
<literal>matomo.${config.networking.hostName}</literal> if it is not set.
If you change your <option>serverName</option>, remember you'll need to update the
<literal>trustedHosts[]</literal> array in <filename>/var/lib/matomo/config/config.ini.php</filename>
as well.
</para>
</listitem>
<listitem>
<para>
The <literal>piwik</literal> user was renamed to <literal>matomo</literal>.
The service will adjust ownership automatically for files in the data directory.
If you use unix socket authentication, remember to give the new <literal>matomo</literal> user
access to the database and to change the <literal>username</literal> to <literal>matomo</literal>
in the <literal>[database]</literal> section of <filename>/var/lib/matomo/config/config.ini.php</filename>.
</para>
</listitem>
<listitem>
<para>
If you named your database `piwik`, you might want to rename it to `matomo` to keep things clean,
but this is neither enforced nor required.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
<literal>nodejs-4_x</literal> is end-of-life.
<literal>nodejs-4_x</literal>, <literal>nodejs-slim-4_x</literal> and <literal>nodePackages_4_x</literal> are removed.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
@ -373,6 +442,13 @@ following incompatible changes:</para>
and <literal>stopJob</literal> provide an optional <literal>$user</literal> argument for that purpose. and <literal>stopJob</literal> provide an optional <literal>$user</literal> argument for that purpose.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Enabling bash completion on NixOS, <literal>programs.bash.enableCompletion</literal>, will now also enable
completion for the Nix command line tools by installing the
<link xlink:href="https://github.com/hedning/nix-bash-completions">nix-bash-completions</link> package.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>

14
nixos/modules/config/no-x-libs.nix
View file

@ -28,13 +28,13 @@ with lib;
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
dbus = pkgs.dbus.override { x11Support = false; }; dbus = pkgs.dbus.override { x11Support = false; };
networkmanager_fortisslvpn = pkgs.networkmanager_fortisslvpn.override { withGnome = false; }; networkmanager-fortisslvpn = pkgs.networkmanager-fortisslvpn.override { withGnome = false; };
networkmanager_l2tp = pkgs.networkmanager_l2tp.override { withGnome = false; }; networkmanager-l2tp = pkgs.networkmanager-l2tp.override { withGnome = false; };
networkmanager_openconnect = pkgs.networkmanager_openconnect.override { withGnome = false; }; networkmanager-openconnect = pkgs.networkmanager-openconnect.override { withGnome = false; };
networkmanager_openvpn = pkgs.networkmanager_openvpn.override { withGnome = false; }; networkmanager-openvpn = pkgs.networkmanager-openvpn.override { withGnome = false; };
networkmanager_pptp = pkgs.networkmanager_pptp.override { withGnome = false; }; networkmanager-pptp = pkgs.networkmanager-pptp.override { withGnome = false; };
networkmanager_vpnc = pkgs.networkmanager_vpnc.override { withGnome = false; }; networkmanager-vpnc = pkgs.networkmanager-vpnc.override { withGnome = false; };
networkmanager_iodine = pkgs.networkmanager_iodine.override { withGnome = false; }; networkmanager-iodine = pkgs.networkmanager-iodine.override { withGnome = false; };
pinentry = pkgs.pinentry_ncurses; pinentry = pkgs.pinentry_ncurses;
}; };
}; };

3
nixos/modules/hardware/all-firmware.nix
View file

@ -37,8 +37,9 @@ in {
hardware.firmware = with pkgs; [ hardware.firmware = with pkgs; [
firmwareLinuxNonfree firmwareLinuxNonfree
intel2200BGFirmware intel2200BGFirmware
rtl8723bs-firmware
rtl8192su-firmware rtl8192su-firmware
] ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [
rtl8723bs-firmware
]; ];
}) })
(mkIf cfg.enableAllFirmware { (mkIf cfg.enableAllFirmware {

30
nixos/modules/hardware/digitalbitbox.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.digitalbitbox;
in
{
options.hardware.digitalbitbox = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enables udev rules for Digital Bitbox devices.
'';
};
package = mkOption {
type = types.package;
default = pkgs.digitalbitbox;
defaultText = "pkgs.digitalbitbox";
description = "The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.";
};
};
config = mkIf cfg.enable {
services.udev.packages = [ cfg.package ];
};
}

2
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix
View file

@ -69,7 +69,7 @@ with lib;
in '' in ''
mkdir -p /root/Desktop mkdir -p /root/Desktop
ln -sfT ${desktopFile} /root/Desktop/nixos-manual.desktop ln -sfT ${desktopFile} /root/Desktop/nixos-manual.desktop
cp ${pkgs.gnome3.gnome_terminal}/share/applications/gnome-terminal.desktop /root/Desktop/gnome-terminal.desktop cp ${pkgs.gnome3.gnome-terminal}/share/applications/gnome-terminal.desktop /root/Desktop/gnome-terminal.desktop
chmod a+rx /root/Desktop/gnome-terminal.desktop chmod a+rx /root/Desktop/gnome-terminal.desktop
cp ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop cp ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
chmod a+rx /root/Desktop/gparted.desktop chmod a+rx /root/Desktop/gparted.desktop

4
nixos/modules/installer/tools/nixos-generate-config.pl
View file

@ -603,6 +603,10 @@ $bootLoaderConfig
# Enable CUPS to print documents. # Enable CUPS to print documents.
# services.printing.enable = true; # services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable the X11 windowing system. # Enable the X11 windowing system.
# services.xserver.enable = true; # services.xserver.enable = true;
# services.xserver.layout = "us"; # services.xserver.layout = "us";

2
nixos/modules/misc/ids.nix
View file

@ -304,6 +304,7 @@
mighttpd2 = 285; mighttpd2 = 285;
hass = 286; hass = 286;
monero = 287; monero = 287;
ceph = 288;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -576,6 +577,7 @@
mighttpd2 = 285; mighttpd2 = 285;
hass = 286; hass = 286;
monero = 287; monero = 287;
ceph = 288;
# When adding a gid, make sure it doesn't match an existing # When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal # uid. Users and groups with the same name should have equal

4
nixos/modules/misc/label.nix
View file

@ -65,8 +65,8 @@ in
# This is set here rather than up there so that changing it would # This is set here rather than up there so that changing it would
# not rebuild the manual # not rebuild the manual
system.nixos.label = mkDefault (maybeEnv "NIXOS_LABEL" system.nixos.label = mkDefault (maybeEnv "NIXOS_LABEL"
(concatStringsSep "-" (sort (x: y: x < y) cfg.tags) (concatStringsSep "-" ((sort (x: y: x < y) cfg.tags)
+ "-" + maybeEnv "NIXOS_LABEL_VERSION" cfg.version)); ++ [ (maybeEnv "NIXOS_LABEL_VERSION" cfg.version) ])));
}; };
} }

2
nixos/modules/misc/nixpkgs.nix
View file

@ -93,7 +93,7 @@ in
default = {}; default = {};
example = literalExample example = literalExample
'' ''
{ firefox.enableGeckoMediaPlayer = true; } { allowBroken = true; allowUnfree = true; }
''; '';
type = configType; type = configType;
description = '' description = ''

6
nixos/modules/module-list.nix
View file

@ -31,6 +31,7 @@
./hardware/ckb.nix ./hardware/ckb.nix
./hardware/cpu/amd-microcode.nix ./hardware/cpu/amd-microcode.nix
./hardware/cpu/intel-microcode.nix ./hardware/cpu/intel-microcode.nix
./hardware/digitalbitbox.nix
./hardware/sensor/iio.nix ./hardware/sensor/iio.nix
./hardware/ksm.nix ./hardware/ksm.nix
./hardware/mcelog.nix ./hardware/mcelog.nix
@ -78,6 +79,7 @@
./programs/command-not-found/command-not-found.nix ./programs/command-not-found/command-not-found.nix
./programs/criu.nix ./programs/criu.nix
./programs/dconf.nix ./programs/dconf.nix
./programs/digitalbitbox/default.nix
./programs/environment.nix ./programs/environment.nix
./programs/fish.nix ./programs/fish.nix
./programs/freetds.nix ./programs/freetds.nix
@ -109,6 +111,7 @@
./programs/sway.nix ./programs/sway.nix
./programs/thefuck.nix ./programs/thefuck.nix
./programs/tmux.nix ./programs/tmux.nix
./programs/udevil.nix
./programs/venus.nix ./programs/venus.nix
./programs/vim.nix ./programs/vim.nix
./programs/way-cooler.nix ./programs/way-cooler.nix
@ -436,6 +439,7 @@
./services/network-filesystems/u9fs.nix ./services/network-filesystems/u9fs.nix
./services/network-filesystems/yandex-disk.nix ./services/network-filesystems/yandex-disk.nix
./services/network-filesystems/xtreemfs.nix ./services/network-filesystems/xtreemfs.nix
./services/network-filesystems/ceph.nix
./services/networking/amuled.nix ./services/networking/amuled.nix
./services/networking/aria2.nix ./services/networking/aria2.nix
./services/networking/asterisk.nix ./services/networking/asterisk.nix
@ -637,7 +641,7 @@
./services/web-apps/nixbot.nix ./services/web-apps/nixbot.nix
./services/web-apps/nexus.nix ./services/web-apps/nexus.nix
./services/web-apps/pgpkeyserver-lite.nix ./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/piwik.nix ./services/web-apps/matomo.nix
./services/web-apps/pump.io.nix ./services/web-apps/pump.io.nix
./services/web-apps/restya-board.nix ./services/web-apps/restya-board.nix
./services/web-apps/tt-rss.nix ./services/web-apps/tt-rss.nix

3
nixos/modules/programs/bash/bash.nix
View file

@ -211,6 +211,9 @@ in
"/share/bash-completion" "/share/bash-completion"
]; ];
environment.systemPackages = optional cfg.enableCompletion
pkgs.nix-bash-completions;
environment.shells = environment.shells =
[ "/run/current-system/sw/bin/bash" [ "/run/current-system/sw/bin/bash"
"/var/run/current-system/sw/bin/bash" "/var/run/current-system/sw/bin/bash"

1
nixos/modules/programs/browserpass.nix
View file

@ -18,5 +18,6 @@ with lib;
"opt/chrome/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json"; "opt/chrome/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json";
"opt/chrome/policies/managed/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-policy.json"; "opt/chrome/policies/managed/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-policy.json";
}; };
nixpkgs.config.firefox.enableBrowserpass = true;
}; };
} }

8
nixos/modules/programs/chromium.nix
View file

@ -36,6 +36,7 @@ in
"chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet "chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet
"mbniclmhobmnbdlbpiphghaielnnpgdp" # lightshot "mbniclmhobmnbdlbpiphghaielnnpgdp" # lightshot
"gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere "gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
] ]
''; '';
}; };
@ -52,8 +53,7 @@ in
description = "Chromium default search provider url."; description = "Chromium default search provider url.";
default = null; default = null;
example = example =
"https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google: "https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}";
searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}";
}; };
defaultSearchProviderSuggestURL = mkOption { defaultSearchProviderSuggestURL = mkOption {
@ -79,7 +79,11 @@ in
###### implementation ###### implementation
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# for chromium
environment.etc."chromium/policies/managed/default.json".text = builtins.toJSON defaultProfile; environment.etc."chromium/policies/managed/default.json".text = builtins.toJSON defaultProfile;
environment.etc."chromium/policies/managed/extra.json".text = builtins.toJSON cfg.extraOpts; environment.etc."chromium/policies/managed/extra.json".text = builtins.toJSON cfg.extraOpts;
# for google-chrome https://www.chromium.org/administrators/linux-quick-start
environment.etc."opt/chrome/policies/managed/default.json".text = builtins.toJSON defaultProfile;
environment.etc."opt/chrome/policies/managed/extra.json".text = builtins.toJSON cfg.extraOpts;
}; };
} }

2
nixos/modules/programs/dconf.nix
View file

@ -36,7 +36,7 @@ in
"${pkgs.gnome3.dconf.lib}/lib/gio/modules"; "${pkgs.gnome3.dconf.lib}/lib/gio/modules";
# https://github.com/NixOS/nixpkgs/pull/31891 # https://github.com/NixOS/nixpkgs/pull/31891
#environment.variables.XDG_DATA_DIRS = optional cfg.enable #environment.variables.XDG_DATA_DIRS = optional cfg.enable
# "$(echo ${pkgs.gnome3.gsettings_desktop_schemas}/share/gsettings-schemas/gsettings-desktop-schemas-*)"; # "$(echo ${pkgs.gnome3.gsettings-desktop-schemas}/share/gsettings-schemas/gsettings-desktop-schemas-*)";
}; };
} }

39
nixos/modules/programs/digitalbitbox/default.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.digitalbitbox;
in
{
options.programs.digitalbitbox = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Installs the Digital Bitbox application and enables the complementary hardware module.
'';
};
package = mkOption {
type = types.package;
default = pkgs.digitalbitbox;
defaultText = "pkgs.digitalbitbox";
description = "The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
hardware.digitalbitbox = {
enable = true;
package = cfg.package;
};
};
meta = {
doc = ./doc.xml;
maintainers = with stdenv.lib.maintainers; [ vidbina ];
};
}

85
nixos/modules/programs/digitalbitbox/doc.xml Normal file
View file

@ -0,0 +1,85 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-programs-digitalbitbox">
<title>Digital Bitbox</title>
<para>
Digital Bitbox is a hardware wallet and second-factor authenticator.
</para>
<para>
The <literal>digitalbitbox</literal> programs module may be
installed by setting <literal>programs.digitalbitbox</literal>
to <literal>true</literal> in a manner similar to
<programlisting>
programs.digitalbitbox.enable = true;
</programlisting>
and bundles the <literal>digitalbitbox</literal> package (see <xref
linkend="sec-digitalbitbox-package" />), which contains the
<literal>dbb-app</literal> and <literal>dbb-cli</literal> binaries,
along with the hardware module (see <xref
linkend="sec-digitalbitbox-hardware-module" />) which sets up the
necessary udev rules to access the device.
</para>
<para>
Enabling the digitalbitbox module is pretty much the easiest way to
get a Digital Bitbox device working on your system.
</para>
<para>
For more information, see
<link xlink:href="https://digitalbitbox.com/start_linux" />.
</para>
<section xml:id="sec-digitalbitbox-package">
<title>Package</title>
<para>
The binaries, <literal>dbb-app</literal> (a GUI tool) and
<literal>dbb-cli</literal> (a CLI tool), are available through the
<literal>digitalbitbox</literal> package which could be installed
as follows:
<programlisting>
environment.systemPackages = [
pkgs.digitalbitbox
];
</programlisting>
</para>
</section>
<section xml:id="sec-digitalbitbox-hardware-module">
<title>Hardware</title>
<para>
The digitalbitbox hardware package enables the udev rules for
Digital Bitbox devices and may be installed as follows:
<programlisting>
hardware.digitalbitbox.enable = true;
</programlisting>
</para>
<para>
In order to alter the udev rules, one may provide different values for
the <literal>udevRule51</literal> and <literal>udevRule52</literal>
attributes by means of overriding as follows:
<programlisting>
programs.digitalbitbox = {
enable = true;
package = pkgs.digitalbitbox.override {
udevRule51 = "something else";
};
};
</programlisting>
</para>
</section>
</chapter>

14
nixos/modules/programs/udevil.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.udevil;
in {
options.programs.udevil.enable = mkEnableOption "udevil";
config = mkIf cfg.enable {
security.wrappers.udevil.source = "${lib.getBin pkgs.udevil}/bin/udevil";
};
}

6
nixos/modules/rename.nix
View file

@ -148,6 +148,12 @@ with lib;
# parsoid # parsoid
(mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] [ "services" "parsoid" "wikis" ]) (mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] [ "services" "parsoid" "wikis" ])
# piwik was renamed to matomo
(mkRenamedOptionModule [ "services" "piwik" "enable" ] [ "services" "matomo" "enable" ])
(mkRenamedOptionModule [ "services" "piwik" "webServerUser" ] [ "services" "matomo" "webServerUser" ])
(mkRenamedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] [ "services" "matomo" "phpfpmProcessManagerConfig" ])
(mkRenamedOptionModule [ "services" "piwik" "nginx" ] [ "services" "matomo" "nginx" ])
# tarsnap # tarsnap
(mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives.<name>.cachedir") (mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives.<name>.cachedir")

4
nixos/modules/security/pam.nix
View file

@ -311,7 +311,7 @@ let
("auth optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" + ("auth optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" +
" kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")} " kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")}
${optionalString cfg.enableGnomeKeyring ${optionalString cfg.enableGnomeKeyring
("auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so")} ("auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so")}
${optionalString cfg.googleAuthenticator.enable ${optionalString cfg.googleAuthenticator.enable
"auth required ${pkgs.googleAuthenticator}/lib/security/pam_google_authenticator.so no_increment_hotp"} "auth required ${pkgs.googleAuthenticator}/lib/security/pam_google_authenticator.so no_increment_hotp"}
'') + '' '') + ''
@ -384,7 +384,7 @@ let
("session optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" + ("session optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" +
" kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")} " kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")}
${optionalString (cfg.enableGnomeKeyring) ${optionalString (cfg.enableGnomeKeyring)
"session optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start"} "session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start"}
${optionalString (config.virtualisation.lxc.lxcfs.enable) ${optionalString (config.virtualisation.lxc.lxcfs.enable)
"session optional ${pkgs.lxcfs}/lib/security/pam_cgfs.so -c freezer,memory,name=systemd,unified,cpuset"} "session optional ${pkgs.lxcfs}/lib/security/pam_cgfs.so -c freezer,memory,name=systemd,unified,cpuset"}
''); '');

2
nixos/modules/services/audio/alsa.nix
View file

@ -21,7 +21,7 @@ in
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = true; default = false;
description = '' description = ''
Whether to enable ALSA sound. Whether to enable ALSA sound.
''; '';

2
nixos/modules/services/continuous-integration/jenkins/default.nix
View file

@ -208,7 +208,7 @@ in {
''; '';
postStart = '' postStart = ''
until [[ $(${pkgs.curl.bin}/bin/curl -s --head -w '\n%{http_code}' http://${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} | tail -n1) =~ ^(200|403)$ ]]; do until [[ $(${pkgs.curl.bin}/bin/curl -L -s --head -w '\n%{http_code}' http://${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} | tail -n1) =~ ^(200|403)$ ]]; do
sleep 1 sleep 1
done done
''; '';

6
nixos/modules/services/databases/mysql.nix
View file

@ -133,7 +133,7 @@ in
''; '';
example = [ example = [
"nextcloud" "nextcloud"
"piwik" "matomo"
]; ];
}; };
@ -289,10 +289,10 @@ in
# Create initial databases # Create initial databases
if ! test -e "${cfg.dataDir}/${database.name}"; then if ! test -e "${cfg.dataDir}/${database.name}"; then
echo "Creating initial database: ${database.name}" echo "Creating initial database: ${database.name}"
( echo "create database `${database.name}`;" ( echo 'create database `${database.name}`;'
${optionalString (database ? "schema") '' ${optionalString (database ? "schema") ''
echo "use `${database.name}`;" echo 'use `${database.name}`;'
if [ -f "${database.schema}" ] if [ -f "${database.schema}" ]
then then

2
nixos/modules/services/databases/postgresql.nix
View file

@ -122,7 +122,7 @@ in
extraPlugins = mkOption { extraPlugins = mkOption {
type = types.listOf types.path; type = types.listOf types.path;
default = []; default = [];
example = literalExample "[ (pkgs.postgis.override { postgresql = pkgs.postgresql94; }).v_2_1_4 ]"; example = literalExample "[ (pkgs.postgis.override { postgresql = pkgs.postgresql94; }) ]";
description = '' description = ''
When this list contains elements a new store path is created. When this list contains elements a new store path is created.
PostgreSQL and the elements are symlinked into it. Then pg_config, PostgreSQL and the elements are symlinked into it. Then pg_config,

6
nixos/modules/services/desktops/gnome3/at-spi2-core.nix
View file

@ -30,9 +30,9 @@ with lib;
config = mkMerge [ config = mkMerge [
(mkIf config.services.gnome3.at-spi2-core.enable { (mkIf config.services.gnome3.at-spi2-core.enable {
environment.systemPackages = [ pkgs.at_spi2_core ]; environment.systemPackages = [ pkgs.at-spi2-core ];
services.dbus.packages = [ pkgs.at_spi2_core ]; services.dbus.packages = [ pkgs.at-spi2-core ];
systemd.packages = [ pkgs.at_spi2_core ]; systemd.packages = [ pkgs.at-spi2-core ];
}) })
(mkIf (!config.services.gnome3.at-spi2-core.enable) { (mkIf (!config.services.gnome3.at-spi2-core.enable) {

6
nixos/modules/services/desktops/gnome3/evolution-data-server.nix
View file

@ -30,11 +30,11 @@ with lib;
config = mkIf config.services.gnome3.evolution-data-server.enable { config = mkIf config.services.gnome3.evolution-data-server.enable {
environment.systemPackages = [ pkgs.gnome3.evolution_data_server ]; environment.systemPackages = [ pkgs.gnome3.evolution-data-server ];
services.dbus.packages = [ pkgs.gnome3.evolution_data_server ]; services.dbus.packages = [ pkgs.gnome3.evolution-data-server ];
systemd.packages = [ pkgs.gnome3.evolution_data_server ]; systemd.packages = [ pkgs.gnome3.evolution-data-server ];
}; };

4
nixos/modules/services/desktops/gnome3/gnome-keyring.nix
View file

@ -31,9 +31,9 @@ with lib;
config = mkIf config.services.gnome3.gnome-keyring.enable { config = mkIf config.services.gnome3.gnome-keyring.enable {
environment.systemPackages = [ pkgs.gnome3.gnome_keyring ]; environment.systemPackages = [ pkgs.gnome3.gnome-keyring ];
services.dbus.packages = [ pkgs.gnome3.gnome_keyring pkgs.gnome3.gcr ]; services.dbus.packages = [ pkgs.gnome3.gnome-keyring pkgs.gnome3.gcr ];
}; };

4
nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix
View file

@ -30,9 +30,9 @@ with lib;
config = mkIf config.services.gnome3.gnome-online-accounts.enable { config = mkIf config.services.gnome3.gnome-online-accounts.enable {
environment.systemPackages = [ pkgs.gnome3.gnome_online_accounts ]; environment.systemPackages = [ pkgs.gnome3.gnome-online-accounts ];
services.dbus.packages = [ pkgs.gnome3.gnome_online_accounts ]; services.dbus.packages = [ pkgs.gnome3.gnome-online-accounts ];
}; };

6
nixos/modules/services/desktops/gnome3/gnome-terminal-server.nix
View file

@ -30,11 +30,11 @@ with lib;
config = mkIf config.services.gnome3.gnome-terminal-server.enable { config = mkIf config.services.gnome3.gnome-terminal-server.enable {
environment.systemPackages = [ pkgs.gnome3.gnome_terminal ]; environment.systemPackages = [ pkgs.gnome3.gnome-terminal ];
services.dbus.packages = [ pkgs.gnome3.gnome_terminal ]; services.dbus.packages = [ pkgs.gnome3.gnome-terminal ];
systemd.packages = [ pkgs.gnome3.gnome_terminal ]; systemd.packages = [ pkgs.gnome3.gnome-terminal ];
}; };

4
nixos/modules/services/desktops/telepathy.nix
View file

@ -30,9 +30,9 @@ with lib;
config = mkIf config.services.telepathy.enable { config = mkIf config.services.telepathy.enable {
environment.systemPackages = [ pkgs.telepathy_mission_control ]; environment.systemPackages = [ pkgs.telepathy-mission-control ];
services.dbus.packages = [ pkgs.telepathy_mission_control ]; services.dbus.packages = [ pkgs.telepathy-mission-control ];
}; };

8
nixos/modules/services/hardware/acpid.nix
View file

@ -53,6 +53,12 @@ in
description = "Whether to enable the ACPI daemon."; description = "Whether to enable the ACPI daemon.";
}; };
logEvents = mkOption {
type = types.bool;
default = false;
description = "Log all event activity.";
};
handlers = mkOption { handlers = mkOption {
type = types.attrsOf (types.submodule { type = types.attrsOf (types.submodule {
options = { options = {
@ -142,7 +148,7 @@ in
ConditionPathExists = [ "/proc/acpi" ]; ConditionPathExists = [ "/proc/acpi" ];
}; };
script = "acpid --confdir ${acpiConfDir}"; script = "acpid ${optionalString config.services.acpid.logEvents "--logevents"} --confdir ${acpiConfDir}";
}; };
}; };

6
nixos/modules/services/hardware/fwupd.nix
View file

@ -8,12 +8,8 @@ let
cfg = config.services.fwupd; cfg = config.services.fwupd;
originalEtc = originalEtc =
let let
isRegular = v: v == "regular";
listFiles = d: builtins.attrNames (filterAttrs (const isRegular) (builtins.readDir d));
copiedDirs = [ "fwupd/remotes.d" "pki/fwupd" "pki/fwupd-metadata" ];
originalFiles = concatMap (d: map (f: "${d}/${f}") (listFiles "${pkgs.fwupd}/etc/${d}")) copiedDirs;
mkEtcFile = n: nameValuePair n { source = "${pkgs.fwupd}/etc/${n}"; }; mkEtcFile = n: nameValuePair n { source = "${pkgs.fwupd}/etc/${n}"; };
in listToAttrs (map mkEtcFile originalFiles); in listToAttrs (map mkEtcFile pkgs.fwupd.filesInstalledToEtc);
extraTrustedKeys = extraTrustedKeys =
let let
mkName = p: "pki/fwupd/${baseNameOf (toString p)}"; mkName = p: "pki/fwupd/${baseNameOf (toString p)}";

14
nixos/modules/services/misc/disnix.nix
View file

@ -32,11 +32,17 @@ in
description = "Whether to enable Disnix"; description = "Whether to enable Disnix";
}; };
enableMultiUser = mkOption {
type = types.bool;
default = true;
description = "Whether to support multi-user mode by enabling the Disnix D-Bus service";
};
useWebServiceInterface = mkOption { useWebServiceInterface = mkOption {
default = false; default = false;
description = "Whether to enable the DisnixWebService interface running on Apache Tomcat"; description = "Whether to enable the DisnixWebService interface running on Apache Tomcat";
}; };
package = mkOption { package = mkOption {
type = types.path; type = types.path;
description = "The Disnix package"; description = "The Disnix package";
@ -52,7 +58,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
dysnomia.enable = true; dysnomia.enable = true;
environment.systemPackages = [ pkgs.disnix ] ++ optional cfg.useWebServiceInterface pkgs.DisnixWebService; environment.systemPackages = [ pkgs.disnix ] ++ optional cfg.useWebServiceInterface pkgs.DisnixWebService;
services.dbus.enable = true; services.dbus.enable = true;
@ -71,7 +77,7 @@ in
}; };
systemd.services = { systemd.services = {
disnix = { disnix = mkIf cfg.enableMultiUser {
description = "Disnix server"; description = "Disnix server";
wants = [ "dysnomia.target" ]; wants = [ "dysnomia.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -92,7 +98,7 @@ in
} }
// (if config.environment.variables ? DYSNOMIA_CONTAINERS_PATH then { inherit (config.environment.variables) DYSNOMIA_CONTAINERS_PATH; } else {}) // (if config.environment.variables ? DYSNOMIA_CONTAINERS_PATH then { inherit (config.environment.variables) DYSNOMIA_CONTAINERS_PATH; } else {})
// (if config.environment.variables ? DYSNOMIA_MODULES_PATH then { inherit (config.environment.variables) DYSNOMIA_MODULES_PATH; } else {}); // (if config.environment.variables ? DYSNOMIA_MODULES_PATH then { inherit (config.environment.variables) DYSNOMIA_MODULES_PATH; } else {});
serviceConfig.ExecStart = "${cfg.package}/bin/disnix-service"; serviceConfig.ExecStart = "${cfg.package}/bin/disnix-service";
}; };

24
nixos/modules/services/misc/nix-ssh-serve.nix
View file

@ -1,8 +1,12 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let cfg = config.nix.sshServe;
{ command =
if cfg.protocol == "ssh"
then "nix-store --serve"
else "nix-daemon --stdio";
in {
options = { options = {
nix.sshServe = { nix.sshServe = {
@ -10,7 +14,7 @@ with lib;
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Whether to enable serving the Nix store as a binary cache via SSH."; description = "Whether to enable serving the Nix store as a remote store via SSH.";
}; };
keys = mkOption { keys = mkOption {
@ -20,14 +24,20 @@ with lib;
description = "A list of SSH public keys allowed to access the binary cache via SSH."; description = "A list of SSH public keys allowed to access the binary cache via SSH.";
}; };
protocol = mkOption {
type = types.enum [ "ssh" "ssh-ng" ];
default = "ssh";
description = "The specific Nix-over-SSH protocol to use.";
};
}; };
}; };
config = mkIf config.nix.sshServe.enable { config = mkIf cfg.enable {
users.extraUsers.nix-ssh = { users.extraUsers.nix-ssh = {
description = "Nix SSH substituter user"; description = "Nix SSH store user";
uid = config.ids.uids.nix-ssh; uid = config.ids.uids.nix-ssh;
useDefaultShell = true; useDefaultShell = true;
}; };
@ -41,11 +51,11 @@ with lib;
PermitTTY no PermitTTY no
PermitTunnel no PermitTunnel no
X11Forwarding no X11Forwarding no
ForceCommand ${config.nix.package.out}/bin/nix-store --serve ForceCommand ${config.nix.package.out}/bin/${command}
Match All Match All
''; '';
users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys; users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = cfg.keys;
}; };
} }

2
nixos/modules/services/monitoring/grafana.nix
View file

@ -249,7 +249,7 @@ in {
}; };
preStart = '' preStart = ''
ln -fs ${cfg.package}/share/grafana/conf ${cfg.dataDir} ln -fs ${cfg.package}/share/grafana/conf ${cfg.dataDir}
ln -fs ${cfg.package}/share/grafana/vendor ${cfg.dataDir} ln -fs ${cfg.package}/share/grafana/tools ${cfg.dataDir}
''; '';
}; };

371
nixos/modules/services/network-filesystems/ceph.nix Normal file
View file

@ -0,0 +1,371 @@
{ config, lib, pkgs, ... }:
with lib;
let
ceph = pkgs.ceph;
cfg = config.services.ceph;
# function that translates "camelCaseOptions" to "camel case options", credits to tilpner in #nixos@freenode
translateOption = replaceStrings upperChars (map (s: " ${s}") lowerChars);
generateDaemonList = (daemonType: daemons: extraServiceConfig:
mkMerge (
map (daemon:
{ "ceph-${daemonType}-${daemon}" = generateServiceFile daemonType daemon cfg.global.clusterName ceph extraServiceConfig; }
) daemons
)
);
generateServiceFile = (daemonType: daemonId: clusterName: ceph: extraServiceConfig: {
enable = true;
description = "Ceph ${builtins.replaceStrings lowerChars upperChars daemonType} daemon ${daemonId}";
after = [ "network-online.target" "local-fs.target" "time-sync.target" ] ++ optional (daemonType == "osd") "ceph-mon.target";
wants = [ "network-online.target" "local-fs.target" "time-sync.target" ];
partOf = [ "ceph-${daemonType}.target" ];
wantedBy = [ "ceph-${daemonType}.target" ];
serviceConfig = {
LimitNOFILE = 1048576;
LimitNPROC = 1048576;
Environment = "CLUSTER=${clusterName}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
PrivateDevices = "yes";
PrivateTmp = "true";
ProtectHome = "true";
ProtectSystem = "full";
Restart = "on-failure";
StartLimitBurst = "5";
StartLimitInterval = "30min";
ExecStart = "${ceph.out}/bin/${if daemonType == "rgw" then "radosgw" else "ceph-${daemonType}"} -f --cluster ${clusterName} --id ${if daemonType == "rgw" then "client.${daemonId}" else daemonId} --setuser ceph --setgroup ceph";
} // extraServiceConfig
// optionalAttrs (daemonType == "osd") { ExecStartPre = "${ceph.out}/libexec/ceph/ceph-osd-prestart.sh --id ${daemonId} --cluster ${clusterName}"; };
} // optionalAttrs (builtins.elem daemonType [ "mds" "mon" "rgw" "mgr" ]) { preStart = ''
daemonPath="/var/lib/ceph/${if daemonType == "rgw" then "radosgw" else daemonType}/${clusterName}-${daemonId}"
if [ ! -d ''$daemonPath ]; then
mkdir -m 755 -p ''$daemonPath
chown -R ceph:ceph ''$daemonPath
fi
'';
} // optionalAttrs (daemonType == "osd") { path = [ pkgs.getopt ]; }
);
generateTargetFile = (daemonType:
{
"ceph-${daemonType}" = {
description = "Ceph target allowing to start/stop all ceph-${daemonType} services at once";
partOf = [ "ceph.target" ];
before = [ "ceph.target" ];
};
}
);
in
{
options.services.ceph = {
# Ceph has a monolithic configuration file but different sections for
# each daemon, a separate client section and a global section
enable = mkEnableOption "Ceph global configuration";
global = {
fsid = mkOption {
type = types.str;
example = ''
433a2193-4f8a-47a0-95d2-209d7ca2cca5
'';
description = ''
Filesystem ID, a generated uuid, its must be generated and set before
attempting to start a cluster
'';
};
clusterName = mkOption {
type = types.str;
default = "ceph";
description = ''
Name of cluster
'';
};
monInitialMembers = mkOption {
type = with types; nullOr commas;
default = null;
example = ''
node0, node1, node2
'';
description = ''
List of hosts that will be used as monitors at startup.
'';
};
monHost = mkOption {
type = with types; nullOr commas;
default = null;
example = ''
10.10.0.1, 10.10.0.2, 10.10.0.3
'';
description = ''
List of hostname shortnames/IP addresses of the initial monitors.
'';
};
maxOpenFiles = mkOption {
type = types.int;
default = 131072;
description = ''
Max open files for each OSD daemon.
'';
};
authClusterRequired = mkOption {
type = types.enum [ "cephx" "none" ];
default = "cephx";
description = ''
Enables requiring daemons to authenticate with eachother in the cluster.
'';
};
authServiceRequired = mkOption {
type = types.enum [ "cephx" "none" ];
default = "cephx";
description = ''
Enables requiring clients to authenticate with the cluster to access services in the cluster (e.g. radosgw, mds or osd).
'';
};
authClientRequired = mkOption {
type = types.enum [ "cephx" "none" ];
default = "cephx";
description = ''
Enables requiring the cluster to authenticate itself to the client.
'';
};
publicNetwork = mkOption {
type = with types; nullOr commas;
default = null;
example = ''
10.20.0.0/24, 192.168.1.0/24
'';
description = ''
A comma-separated list of subnets that will be used as public networks in the cluster.
'';
};
clusterNetwork = mkOption {
type = with types; nullOr commas;
default = null;
example = ''
10.10.0.0/24, 192.168.0.0/24
'';
description = ''
A comma-separated list of subnets that will be used as cluster networks in the cluster.
'';
};
};
mgr = {
enable = mkEnableOption "Ceph MGR daemon";
daemons = mkOption {
type = with types; listOf str;
default = [];
example = ''
[ "name1" "name2" ];
'';
description = ''
A list of names for manager daemons that should have a service created. The names correspond
to the id part in ceph i.e. [ "name1" ] would result in mgr.name1
'';
};
extraConfig = mkOption {
type = with types; attrsOf str;
default = {};
description = ''
Extra configuration to add to the global section for manager daemons.
'';
};
};
mon = {
enable = mkEnableOption "Ceph MON daemon";
daemons = mkOption {
type = with types; listOf str;
default = [];
example = ''
[ "name1" "name2" ];
'';
description = ''
A list of monitor daemons that should have a service created. The names correspond
to the id part in ceph i.e. [ "name1" ] would result in mon.name1
'';
};
extraConfig = mkOption {
type = with types; attrsOf str;
default = {};
description = ''
Extra configuration to add to the monitor section.
'';
};
};
osd = {
enable = mkEnableOption "Ceph OSD daemon";
daemons = mkOption {
type = with types; listOf str;
default = [];
example = ''
[ "name1" "name2" ];
'';
description = ''
A list of OSD daemons that should have a service created. The names correspond
to the id part in ceph i.e. [ "name1" ] would result in osd.name1
'';
};
extraConfig = mkOption {
type = with types; attrsOf str;
default = {
"osd journal size" = "10000";
"osd pool default size" = "3";
"osd pool default min size" = "2";
"osd pool default pg num" = "200";
"osd pool default pgp num" = "200";
"osd crush chooseleaf type" = "1";
};
description = ''
Extra configuration to add to the OSD section.
'';
};
};
mds = {
enable = mkEnableOption "Ceph MDS daemon";
daemons = mkOption {
type = with types; listOf str;
default = [];
example = ''
[ "name1" "name2" ];
'';
description = ''
A list of metadata service daemons that should have a service created. The names correspond
to the id part in ceph i.e. [ "name1" ] would result in mds.name1
'';
};
extraConfig = mkOption {
type = with types; attrsOf str;
default = {};
description = ''
Extra configuration to add to the MDS section.
'';
};
};
rgw = {
enable = mkEnableOption "Ceph RadosGW daemon";
daemons = mkOption {
type = with types; listOf str;
default = [];
example = ''
[ "name1" "name2" ];
'';
description = ''
A list of rados gateway daemons that should have a service created. The names correspond
to the id part in ceph i.e. [ "name1" ] would result in client.name1, radosgw daemons
aren't daemons to cluster in the sense that OSD, MGR or MON daemons are. They are simply
daemons, from ceph, that uses the cluster as a backend.
'';
};
};
client = {
enable = mkEnableOption "Ceph client configuration";
extraConfig = mkOption {
type = with types; attrsOf str;
default = {};
example = ''
{
# This would create a section for a radosgw daemon named node0 and related
# configuration for it
"client.radosgw.node0" = { "some config option" = "true"; };
};
'';
description = ''
Extra configuration to add to the client section. Configuration for rados gateways
would be added here, with their own sections, see example.
'';
};
};
};
config = mkIf config.services.ceph.enable {
assertions = [
{ assertion = cfg.global.fsid != "";
message = "fsid has to be set to a valid uuid for the cluster to function";
}
{ assertion = cfg.mgr.enable == true;
message = "ceph 12.x requires atleast 1 MGR daemon enabled for the cluster to function";
}
{ assertion = cfg.mon.enable == true -> cfg.mon.daemons != [];
message = "have to set id of atleast one MON if you're going to enable Monitor";
}
{ assertion = cfg.mds.enable == true -> cfg.mds.daemons != [];
message = "have to set id of atleast one MDS if you're going to enable Metadata Service";
}
{ assertion = cfg.osd.enable == true -> cfg.osd.daemons != [];
message = "have to set id of atleast one OSD if you're going to enable OSD";
}
{ assertion = cfg.mgr.enable == true -> cfg.mgr.daemons != [];
message = "have to set id of atleast one MGR if you're going to enable MGR";
}
];
warnings = optional (cfg.global.monInitialMembers == null)
''Not setting up a list of members in monInitialMembers requires that you set the host variable for each mon daemon or else the cluster won't function'';
environment.etc."ceph/ceph.conf".text = let
# Translate camelCaseOptions to the expected camel case option for ceph.conf
translatedGlobalConfig = mapAttrs' (name: value: nameValuePair (translateOption name) value) cfg.global;
# Merge the extraConfig set for mgr daemons, as mgr don't have their own section
globalAndMgrConfig = translatedGlobalConfig // optionalAttrs cfg.mgr.enable cfg.mgr.extraConfig;
# Remove all name-value pairs with null values from the attribute set to avoid making empty sections in the ceph.conf
globalConfig = mapAttrs' (name: value: nameValuePair (translateOption name) value) (filterAttrs (name: value: value != null) globalAndMgrConfig);
totalConfig = {
"global" = globalConfig;
} // optionalAttrs (cfg.mon.enable && cfg.mon.extraConfig != {}) { "mon" = cfg.mon.extraConfig; }
// optionalAttrs (cfg.mds.enable && cfg.mds.extraConfig != {}) { "mds" = cfg.mds.extraConfig; }
// optionalAttrs (cfg.osd.enable && cfg.osd.extraConfig != {}) { "osd" = cfg.osd.extraConfig; }
// optionalAttrs (cfg.client.enable && cfg.client.extraConfig != {}) cfg.client.extraConfig;
in
generators.toINI {} totalConfig;
users.extraUsers = singleton {
name = "ceph";
uid = config.ids.uids.ceph;
description = "Ceph daemon user";
};
users.extraGroups = singleton {
name = "ceph";
gid = config.ids.gids.ceph;
};
systemd.services = let
services = []
++ optional cfg.mon.enable (generateDaemonList "mon" cfg.mon.daemons { RestartSec = "10"; })
++ optional cfg.mds.enable (generateDaemonList "mds" cfg.mds.daemons { StartLimitBurst = "3"; })
++ optional cfg.osd.enable (generateDaemonList "osd" cfg.osd.daemons { StartLimitBurst = "30"; RestartSec = "20s"; })
++ optional cfg.rgw.enable (generateDaemonList "rgw" cfg.rgw.daemons { })
++ optional cfg.mgr.enable (generateDaemonList "mgr" cfg.mgr.daemons { StartLimitBurst = "3"; });
in
mkMerge services;
systemd.targets = let
targets = [
{ "ceph" = { description = "Ceph target allowing to start/stop all ceph service instances at once"; }; }
] ++ optional cfg.mon.enable (generateTargetFile "mon")
++ optional cfg.mds.enable (generateTargetFile "mds")
++ optional cfg.osd.enable (generateTargetFile "osd")
++ optional cfg.rgw.enable (generateTargetFile "rgw")
++ optional cfg.mgr.enable (generateTargetFile "mgr");
in
mkMerge targets;
systemd.tmpfiles.rules = [
"d /run/ceph 0770 ceph ceph -"
];
};
}

23
nixos/modules/services/networking/networkmanager.nix
View file

@ -133,10 +133,10 @@ in {
basePackages = mkOption { basePackages = mkOption {
type = types.attrsOf types.package; type = types.attrsOf types.package;
default = { inherit networkmanager modemmanager wpa_supplicant default = { inherit networkmanager modemmanager wpa_supplicant
networkmanager_openvpn networkmanager_vpnc networkmanager-openvpn networkmanager-vpnc
networkmanager_openconnect networkmanager_fortisslvpn networkmanager-openconnect networkmanager-fortisslvpn
networkmanager_pptp networkmanager_l2tp networkmanager-pptp networkmanager-l2tp
networkmanager_iodine; }; networkmanager-iodine; };
internal = true; internal = true;
}; };
@ -273,28 +273,28 @@ in {
{ source = configFile; { source = configFile;
target = "NetworkManager/NetworkManager.conf"; target = "NetworkManager/NetworkManager.conf";
} }
{ source = "${networkmanager_openvpn}/etc/NetworkManager/VPN/nm-openvpn-service.name"; { source = "${networkmanager-openvpn}/etc/NetworkManager/VPN/nm-openvpn-service.name";
target = "NetworkManager/VPN/nm-openvpn-service.name"; target = "NetworkManager/VPN/nm-openvpn-service.name";
} }
{ source = "${networkmanager_vpnc}/etc/NetworkManager/VPN/nm-vpnc-service.name"; { source = "${networkmanager-vpnc}/etc/NetworkManager/VPN/nm-vpnc-service.name";
target = "NetworkManager/VPN/nm-vpnc-service.name"; target = "NetworkManager/VPN/nm-vpnc-service.name";
} }
{ source = "${networkmanager_openconnect}/etc/NetworkManager/VPN/nm-openconnect-service.name"; { source = "${networkmanager-openconnect}/etc/NetworkManager/VPN/nm-openconnect-service.name";
target = "NetworkManager/VPN/nm-openconnect-service.name"; target = "NetworkManager/VPN/nm-openconnect-service.name";
} }
{ source = "${networkmanager_fortisslvpn}/etc/NetworkManager/VPN/nm-fortisslvpn-service.name"; { source = "${networkmanager-fortisslvpn}/etc/NetworkManager/VPN/nm-fortisslvpn-service.name";
target = "NetworkManager/VPN/nm-fortisslvpn-service.name"; target = "NetworkManager/VPN/nm-fortisslvpn-service.name";
} }
{ source = "${networkmanager_pptp}/etc/NetworkManager/VPN/nm-pptp-service.name"; { source = "${networkmanager-pptp}/etc/NetworkManager/VPN/nm-pptp-service.name";
target = "NetworkManager/VPN/nm-pptp-service.name"; target = "NetworkManager/VPN/nm-pptp-service.name";
} }
{ source = "${networkmanager_l2tp}/etc/NetworkManager/VPN/nm-l2tp-service.name"; { source = "${networkmanager-l2tp}/etc/NetworkManager/VPN/nm-l2tp-service.name";
target = "NetworkManager/VPN/nm-l2tp-service.name"; target = "NetworkManager/VPN/nm-l2tp-service.name";
} }
{ source = "${networkmanager_strongswan}/etc/NetworkManager/VPN/nm-strongswan-service.name"; { source = "${networkmanager_strongswan}/etc/NetworkManager/VPN/nm-strongswan-service.name";
target = "NetworkManager/VPN/nm-strongswan-service.name"; target = "NetworkManager/VPN/nm-strongswan-service.name";
} }
{ source = "${networkmanager_iodine}/etc/NetworkManager/VPN/nm-iodine-service.name"; { source = "${networkmanager-iodine}/etc/NetworkManager/VPN/nm-iodine-service.name";
target = "NetworkManager/VPN/nm-iodine-service.name"; target = "NetworkManager/VPN/nm-iodine-service.name";
} }
] ++ optional (cfg.appendNameservers == [] || cfg.insertNameservers == []) ] ++ optional (cfg.appendNameservers == [] || cfg.insertNameservers == [])
@ -335,6 +335,7 @@ in {
preStart = '' preStart = ''
mkdir -m 700 -p /etc/NetworkManager/system-connections mkdir -m 700 -p /etc/NetworkManager/system-connections
mkdir -m 700 -p /etc/ipsec.d
mkdir -m 755 -p ${stateDirs} mkdir -m 755 -p ${stateDirs}
''; '';
}; };

33
nixos/modules/services/networking/softether.nix
View file

@ -5,6 +5,8 @@ with lib;
let let
cfg = config.services.softether; cfg = config.services.softether;
package = cfg.package.override { dataDir = cfg.dataDir; };
in in
{ {
@ -49,7 +51,7 @@ in
dataDir = mkOption { dataDir = mkOption {
type = types.string; type = types.string;
default = "${cfg.package.dataDir}"; default = "/var/lib/softether";
description = '' description = ''
Data directory for SoftEther VPN. Data directory for SoftEther VPN.
''; '';
@ -64,11 +66,8 @@ in
config = mkIf cfg.enable ( config = mkIf cfg.enable (
mkMerge [{ mkMerge [{
environment.systemPackages = [ environment.systemPackages = [ package ];
(pkgs.lib.overrideDerivation cfg.package (attrs: {
dataDir = cfg.dataDir;
}))
];
systemd.services."softether-init" = { systemd.services."softether-init" = {
description = "SoftEther VPN services initial task"; description = "SoftEther VPN services initial task";
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
@ -80,11 +79,11 @@ in
for d in vpnserver vpnbridge vpnclient vpncmd; do for d in vpnserver vpnbridge vpnclient vpncmd; do
if ! test -e ${cfg.dataDir}/$d; then if ! test -e ${cfg.dataDir}/$d; then
${pkgs.coreutils}/bin/mkdir -m0700 -p ${cfg.dataDir}/$d ${pkgs.coreutils}/bin/mkdir -m0700 -p ${cfg.dataDir}/$d
install -m0600 ${cfg.package}${cfg.dataDir}/$d/hamcore.se2 ${cfg.dataDir}/$d/hamcore.se2 install -m0600 ${package}${cfg.dataDir}/$d/hamcore.se2 ${cfg.dataDir}/$d/hamcore.se2
fi fi
done done
rm -rf ${cfg.dataDir}/vpncmd/vpncmd rm -rf ${cfg.dataDir}/vpncmd/vpncmd
ln -s ${cfg.package}${cfg.dataDir}/vpncmd/vpncmd ${cfg.dataDir}/vpncmd/vpncmd ln -s ${package}${cfg.dataDir}/vpncmd/vpncmd ${cfg.dataDir}/vpncmd/vpncmd
''; '';
}; };
} }
@ -97,12 +96,12 @@ in
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
serviceConfig = { serviceConfig = {
Type = "forking"; Type = "forking";
ExecStart = "${cfg.package}/bin/vpnserver start"; ExecStart = "${package}/bin/vpnserver start";
ExecStop = "${cfg.package}/bin/vpnserver stop"; ExecStop = "${package}/bin/vpnserver stop";
}; };
preStart = '' preStart = ''
rm -rf ${cfg.dataDir}/vpnserver/vpnserver rm -rf ${cfg.dataDir}/vpnserver/vpnserver
ln -s ${cfg.package}${cfg.dataDir}/vpnserver/vpnserver ${cfg.dataDir}/vpnserver/vpnserver ln -s ${package}${cfg.dataDir}/vpnserver/vpnserver ${cfg.dataDir}/vpnserver/vpnserver
''; '';
postStop = '' postStop = ''
rm -rf ${cfg.dataDir}/vpnserver/vpnserver rm -rf ${cfg.dataDir}/vpnserver/vpnserver
@ -118,12 +117,12 @@ in
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
serviceConfig = { serviceConfig = {
Type = "forking"; Type = "forking";
ExecStart = "${cfg.package}/bin/vpnbridge start"; ExecStart = "${package}/bin/vpnbridge start";
ExecStop = "${cfg.package}/bin/vpnbridge stop"; ExecStop = "${package}/bin/vpnbridge stop";
}; };
preStart = '' preStart = ''
rm -rf ${cfg.dataDir}/vpnbridge/vpnbridge rm -rf ${cfg.dataDir}/vpnbridge/vpnbridge
ln -s ${cfg.package}${cfg.dataDir}/vpnbridge/vpnbridge ${cfg.dataDir}/vpnbridge/vpnbridge ln -s ${package}${cfg.dataDir}/vpnbridge/vpnbridge ${cfg.dataDir}/vpnbridge/vpnbridge
''; '';
postStop = '' postStop = ''
rm -rf ${cfg.dataDir}/vpnbridge/vpnbridge rm -rf ${cfg.dataDir}/vpnbridge/vpnbridge
@ -139,12 +138,12 @@ in
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
serviceConfig = { serviceConfig = {
Type = "forking"; Type = "forking";
ExecStart = "${cfg.package}/bin/vpnclient start"; ExecStart = "${package}/bin/vpnclient start";
ExecStop = "${cfg.package}/bin/vpnclient stop"; ExecStop = "${package}/bin/vpnclient stop";
}; };
preStart = '' preStart = ''
rm -rf ${cfg.dataDir}/vpnclient/vpnclient rm -rf ${cfg.dataDir}/vpnclient/vpnclient
ln -s ${cfg.package}${cfg.dataDir}/vpnclient/vpnclient ${cfg.dataDir}/vpnclient/vpnclient ln -s ${package}${cfg.dataDir}/vpnclient/vpnclient ${cfg.dataDir}/vpnclient/vpnclient
''; '';
postStart = '' postStart = ''
sleep 1 sleep 1

23
nixos/modules/services/networking/strongswan.nix
View file

@ -32,13 +32,13 @@ let
${caConf} ${caConf}
''; '';
strongswanConf = {setup, connections, ca, secrets, managePlugins, enabledPlugins}: toFile "strongswan.conf" '' strongswanConf = {setup, connections, ca, secretsFile, managePlugins, enabledPlugins}: toFile "strongswan.conf" ''
charon { charon {
${if managePlugins then "load_modular = no" else ""} ${if managePlugins then "load_modular = no" else ""}
${if managePlugins then ("load = " + (concatStringsSep " " enabledPlugins)) else ""} ${if managePlugins then ("load = " + (concatStringsSep " " enabledPlugins)) else ""}
plugins { plugins {
stroke { stroke {
secrets_file = ${ipsecSecrets secrets} secrets_file = ${secretsFile}
} }
} }
} }
@ -135,7 +135,18 @@ in
}; };
}; };
config = with cfg; mkIf enable {
config = with cfg;
let
secretsFile = ipsecSecrets cfg.secrets;
in
mkIf enable
{
# here we should use the default strongswan ipsec.secrets and
# append to it (default one is empty so not a pb for now)
environment.etc."ipsec.secrets".source = secretsFile;
systemd.services.strongswan = { systemd.services.strongswan = {
description = "strongSwan IPSec Service"; description = "strongSwan IPSec Service";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -143,11 +154,15 @@ in
wants = [ "keys.target" ]; wants = [ "keys.target" ];
after = [ "network-online.target" "keys.target" ]; after = [ "network-online.target" "keys.target" ];
environment = { environment = {
STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secrets managePlugins enabledPlugins; }; STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secretsFile managePlugins enabledPlugins; };
}; };
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.strongswan}/sbin/ipsec start --nofork"; ExecStart = "${pkgs.strongswan}/sbin/ipsec start --nofork";
}; };
preStart = ''
# with 'nopeerdns' setting, ppp writes into this folder
mkdir -m 700 -p /etc/ppp
'';
}; };
}; };
} }

30
nixos/modules/services/networking/syncthing.nix
View file

@ -16,12 +16,6 @@ in {
available on http://127.0.0.1:8384/. available on http://127.0.0.1:8384/.
''; '';
useInotify = mkOption {
type = types.bool;
default = false;
description = "Provide syncthing-inotify as a service.";
};
systemService = mkOption { systemService = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -90,6 +84,12 @@ in {
}; };
}; };
imports = [
(mkRemovedOptionModule ["services" "syncthing" "useInotify"] ''
This option was removed because syncthing now has the inotify functionality included under the name "fswatcher".
It can be enabled on a per-folder basis through the webinterface.
'')
];
###### implementation ###### implementation
@ -100,8 +100,7 @@ in {
allowedUDPPorts = [ 21027 ]; allowedUDPPorts = [ 21027 ];
}; };
systemd.packages = [ pkgs.syncthing ] systemd.packages = [ pkgs.syncthing ];
++ lib.optional cfg.useInotify pkgs.syncthing-inotify;
users = mkIf (cfg.user == defaultUser) { users = mkIf (cfg.user == defaultUser) {
extraUsers."${defaultUser}" = extraUsers."${defaultUser}" =
@ -125,7 +124,6 @@ in {
STNOUPGRADE = "yes"; STNOUPGRADE = "yes";
inherit (cfg) all_proxy; inherit (cfg) all_proxy;
} // config.networking.proxy.envVars; } // config.networking.proxy.envVars;
wants = mkIf cfg.useInotify [ "syncthing-inotify.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Restart = "on-failure"; Restart = "on-failure";
@ -141,20 +139,6 @@ in {
syncthing-resume = { syncthing-resume = {
wantedBy = [ "suspend.target" ]; wantedBy = [ "suspend.target" ];
}; };
syncthing-inotify = mkIf (cfg.systemService && cfg.useInotify) {
description = "Syncthing Inotify File Watcher service";
after = [ "network.target" "syncthing.service" ];
requires = [ "syncthing.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
SuccessExitStatus = "2";
RestartForceExitStatus = "3";
Restart = "on-failure";
User = cfg.user;
ExecStart = "${pkgs.syncthing-inotify.bin}/bin/syncthing-inotify -home=${cfg.dataDir} -logflags=0";
};
};
}; };
}; };
} }

2
nixos/modules/services/networking/tinc.nix
View file

@ -178,6 +178,8 @@ in
preStart = '' preStart = ''
mkdir -p /etc/tinc/${network}/hosts mkdir -p /etc/tinc/${network}/hosts
chown tinc.${network} /etc/tinc/${network}/hosts chown tinc.${network} /etc/tinc/${network}/hosts
mkdir -p /etc/tinc/${network}/invitations
chown tinc.${network} /etc/tinc/${network}/invitations
# Determine how we should generate our keys # Determine how we should generate our keys
if type tinc >/dev/null 2>&1; then if type tinc >/dev/null 2>&1; then

2
nixos/modules/services/networking/tox-bootstrapd.nix
View file

@ -69,7 +69,7 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = serviceConfig =
{ ExecStart = "${pkg}/bin/tox-bootstrapd ${cfgFile}"; { ExecStart = "${pkg}/bin/tox-bootstrapd --config=${cfgFile}";
Type = "forking"; Type = "forking";
inherit PIDFile; inherit PIDFile;
User = "tox-bootstrapd"; User = "tox-bootstrapd";

2
nixos/modules/services/security/usbguard.nix
View file

@ -192,7 +192,7 @@ in {
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -d -k -c ${daemonConfFile}''; ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -d -k -c ${daemonConfFile}'';
Restart = "on-failure"; Restart = "on-failure";
}; };
}; };

42
nixos/modules/services/web-apps/piwik-doc.xml → nixos/modules/services/web-apps/matomo-doc.xml
View file

@ -2,16 +2,16 @@
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0" version="5.0"
xml:id="module-services-piwik"> xml:id="module-services-matomo">
<title>Piwik</title> <title>Matomo</title>
<para> <para>
Piwik is a real-time web analytics application. Matomo is a real-time web analytics application.
This module configures php-fpm as backend for piwik, optionally configuring an nginx vhost as well. This module configures php-fpm as backend for Matomo, optionally configuring an nginx vhost as well.
</para> </para>
<para> <para>
An automatic setup is not suported by piwik, so you need to configure piwik itself in the browser-based piwik setup. An automatic setup is not suported by Matomo, so you need to configure Matomo itself in the browser-based Matomo setup.
</para> </para>
@ -19,7 +19,7 @@
<title>Database Setup</title> <title>Database Setup</title>
<para> <para>
You also need to configure a MariaDB or MySQL database and -user for piwik yourself, You also need to configure a MariaDB or MySQL database and -user for Matomo yourself,
and enter those credentials in your browser. and enter those credentials in your browser.
You can use passwordless database authentication via the UNIX_SOCKET authentication plugin You can use passwordless database authentication via the UNIX_SOCKET authentication plugin
with the following SQL commands: with the following SQL commands:
@ -27,20 +27,20 @@
<programlisting> <programlisting>
# For MariaDB # For MariaDB
INSTALL PLUGIN unix_socket SONAME 'auth_socket'; INSTALL PLUGIN unix_socket SONAME 'auth_socket';
CREATE DATABASE piwik; CREATE DATABASE matomo;
CREATE USER 'piwik'@'localhost' IDENTIFIED WITH unix_socket; CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket;
GRANT ALL PRIVILEGES ON piwik.* TO 'piwik'@'localhost'; GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
# For MySQL # For MySQL
INSTALL PLUGIN auth_socket SONAME 'auth_socket.so'; INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
CREATE DATABASE piwik; CREATE DATABASE matomo;
CREATE USER 'piwik'@'localhost' IDENTIFIED WITH auth_socket; CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
GRANT ALL PRIVILEGES ON piwik.* TO 'piwik'@'localhost'; GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
</programlisting> </programlisting>
Then fill in <literal>piwik</literal> as database user and database name, and leave the password field blank. Then fill in <literal>matomo</literal> as database user and database name, and leave the password field blank.
This authentication works by allowing only the <literal>piwik</literal> unix user to authenticate as the This authentication works by allowing only the <literal>matomo</literal> unix user to authenticate as the
<literal>piwik</literal> database user (without needing a password), but no other users. <literal>matomo</literal> database user (without needing a password), but no other users.
For more information on passwordless login, see For more information on passwordless login, see
<link xlink:href="https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/" />. <link xlink:href="https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/" />.
</para> </para>
@ -55,9 +55,9 @@
<title>Backup</title> <title>Backup</title>
<para> <para>
You only need to take backups of your MySQL database and the You only need to take backups of your MySQL database and the
<filename>/var/lib/piwik/config/config.ini.php</filename> file. <filename>/var/lib/matomo/config/config.ini.php</filename> file.
Use a user in the <literal>piwik</literal> group or root to access the file. Use a user in the <literal>matomo</literal> group or root to access the file.
For more information, see <link xlink:href="https://piwik.org/faq/how-to-install/faq_138/" />. For more information, see <link xlink:href="https://matomo.org/faq/how-to-install/faq_138/" />.
</para> </para>
</section> </section>
@ -67,14 +67,14 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
Piwik's file integrity check will warn you. Matomo's file integrity check will warn you.
This is due to the patches necessary for NixOS, you can safely ignore this. This is due to the patches necessary for NixOS, you can safely ignore this.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
Piwik will warn you that the JavaScript tracker is not writable. Matomo will warn you that the JavaScript tracker is not writable.
This is because it's located in the read-only nix store. This is because it's located in the read-only nix store.
You can safely ignore this, unless you need a plugin that needs JavaScript tracker access. You can safely ignore this, unless you need a plugin that needs JavaScript tracker access.
</para> </para>
@ -88,7 +88,7 @@
<para> <para>
You can use other web servers by forwarding calls for <filename>index.php</filename> and You can use other web servers by forwarding calls for <filename>index.php</filename> and
<filename>piwik.php</filename> to the <literal>/run/phpfpm-piwik.sock</literal> fastcgi unix socket. <filename>piwik.php</filename> to the <literal>/run/phpfpm-matomo.sock</literal> fastcgi unix socket.
You can use the nginx configuration in the module code as a reference to what else should be configured. You can use the nginx configuration in the module code as a reference to what else should be configured.
</para> </para>
</section> </section>

75
nixos/modules/services/web-apps/piwik.nix → nixos/modules/services/web-apps/matomo.nix
View file

@ -1,10 +1,11 @@
{ config, lib, pkgs, services, ... }: { config, lib, pkgs, services, ... }:
with lib; with lib;
let let
cfg = config.services.piwik; cfg = config.services.matomo;
user = "piwik"; user = "matomo";
dataDir = "/var/lib/${user}"; dataDir = "/var/lib/${user}";
deprecatedDataDir = "/var/lib/piwik";
pool = user; pool = user;
# it's not possible to use /run/phpfpm/${pool}.sock because /run/phpfpm/ is root:root 0770, # it's not possible to use /run/phpfpm/${pool}.sock because /run/phpfpm/ is root:root 0770,
@ -13,17 +14,22 @@ let
phpExecutionUnit = "phpfpm-${pool}"; phpExecutionUnit = "phpfpm-${pool}";
databaseService = "mysql.service"; databaseService = "mysql.service";
fqdn =
let
join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
in join config.networking.hostName config.networking.domain;
in { in {
options = { options = {
services.piwik = { services.matomo = {
# NixOS PR for database setup: https://github.com/NixOS/nixpkgs/pull/6963 # NixOS PR for database setup: https://github.com/NixOS/nixpkgs/pull/6963
# piwik issue for automatic piwik setup: https://github.com/piwik/piwik/issues/10257 # matomo issue for automatic matomo setup: https://github.com/matomo-org/matomo/issues/10257
# TODO: find a nice way to do this when more NixOS MySQL and / or piwik automatic setup stuff is implemented. # TODO: find a nice way to do this when more NixOS MySQL and / or matomo automatic setup stuff is implemented.
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Enable piwik web analytics with php-fpm backend. Enable matomo web analytics with php-fpm backend.
Either the nginx option or the webServerUser option is mandatory. Either the nginx option or the webServerUser option is mandatory.
''; '';
}; };
@ -32,8 +38,9 @@ in {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
example = "lighttpd"; example = "lighttpd";
# TODO: piwik.php might get renamed to matomo.php in future releases
description = '' description = ''
Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for piwik if the nginx Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for matomo if the nginx
option is not used. Either this option or the nginx option is mandatory. option is not used. Either this option or the nginx option is mandatory.
If you want to use another webserver than nginx, you need to set this to that server's user If you want to use another webserver than nginx, you need to set this to that server's user
and pass fastcgi requests to `index.php` and `piwik.php` to this socket. and pass fastcgi requests to `index.php` and `piwik.php` to this socket.
@ -55,7 +62,7 @@ in {
catch_workers_output = yes catch_workers_output = yes
''; '';
description = '' description = ''
Settings for phpfpm's process manager. You might need to change this depending on the load for piwik. Settings for phpfpm's process manager. You might need to change this depending on the load for matomo.
''; '';
}; };
@ -65,7 +72,7 @@ in {
(import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) (import ../web-servers/nginx/vhost-options.nix { inherit config lib; })
{ {
# enable encryption by default, # enable encryption by default,
# as sensitive login and piwik data should not be transmitted in clear text. # as sensitive login and matomo data should not be transmitted in clear text.
options.forceSSL.default = true; options.forceSSL.default = true;
options.enableACME.default = true; options.enableACME.default = true;
} }
@ -73,15 +80,19 @@ in {
); );
default = null; default = null;
example = { example = {
serverName = "stats.$\{config.networking.hostName\}"; serverAliases = [
"matomo.$\{config.networking.domain\}"
"stats.$\{config.networking.domain\}"
];
enableACME = false; enableACME = false;
}; };
description = '' description = ''
With this option, you can customize an nginx virtualHost which already has sensible defaults for piwik. With this option, you can customize an nginx virtualHost which already has sensible defaults for matomo.
Either this option or the webServerUser option is mandatory. Either this option or the webServerUser option is mandatory.
Set this to {} to just enable the virtualHost if you don't need any customization. Set this to {} to just enable the virtualHost if you don't need any customization.
If enabled, then by default, the serverName is piwik.$\{config.networking.hostName\}, SSL is active, If enabled, then by default, the <option>serverName</option> is
and certificates are acquired via ACME. <literal>${user}.$\{config.networking.hostName\}.$\{config.networking.domain\}</literal>,
SSL is active, and certificates are acquired via ACME.
If this is set to null (the default), no nginx virtualHost will be configured. If this is set to null (the default), no nginx virtualHost will be configured.
''; '';
}; };
@ -90,12 +101,12 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
warnings = mkIf (cfg.nginx != null && cfg.webServerUser != null) [ warnings = mkIf (cfg.nginx != null && cfg.webServerUser != null) [
"If services.piwik.nginx is set, services.piwik.nginx.webServerUser is ignored and should be removed." "If services.matomo.nginx is set, services.matomo.nginx.webServerUser is ignored and should be removed."
]; ];
assertions = [ { assertions = [ {
assertion = cfg.nginx != null || cfg.webServerUser != null; assertion = cfg.nginx != null || cfg.webServerUser != null;
message = "Either services.piwik.nginx or services.piwik.nginx.webServerUser is mandatory"; message = "Either services.matomo.nginx or services.matomo.nginx.webServerUser is mandatory";
}]; }];
users.extraUsers.${user} = { users.extraUsers.${user} = {
@ -106,19 +117,20 @@ in {
}; };
users.extraGroups.${user} = {}; users.extraGroups.${user} = {};
systemd.services.piwik_setup_update = { systemd.services.matomo_setup_update = {
# everything needs to set up and up to date before piwik php files are executed # everything needs to set up and up to date before matomo php files are executed
requiredBy = [ "${phpExecutionUnit}.service" ]; requiredBy = [ "${phpExecutionUnit}.service" ];
before = [ "${phpExecutionUnit}.service" ]; before = [ "${phpExecutionUnit}.service" ];
# the update part of the script can only work if the database is already up and running # the update part of the script can only work if the database is already up and running
requires = [ databaseService ]; requires = [ databaseService ];
after = [ databaseService ]; after = [ databaseService ];
path = [ pkgs.piwik ]; path = [ pkgs.matomo ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = user; User = user;
# hide especially config.ini.php from other # hide especially config.ini.php from other
UMask = "0007"; UMask = "0007";
# TODO: might get renamed to MATOMO_USER_PATH in future versions
Environment = "PIWIK_USER_PATH=${dataDir}"; Environment = "PIWIK_USER_PATH=${dataDir}";
# chown + chmod in preStart needs root # chown + chmod in preStart needs root
PermissionsStartOnly = true; PermissionsStartOnly = true;
@ -127,27 +139,32 @@ in {
# e.g. after restoring from backup or moving from another system. # e.g. after restoring from backup or moving from another system.
# Note that ${dataDir}/config/config.ini.php might contain the MySQL password. # Note that ${dataDir}/config/config.ini.php might contain the MySQL password.
preStart = '' preStart = ''
# migrate data from piwik to matomo folder
if [ -d ${deprecatedDataDir} ]; then
echo "Migrating from ${deprecatedDataDir} to ${dataDir}"
mv -T ${deprecatedDataDir} ${dataDir}
fi
chown -R ${user}:${user} ${dataDir} chown -R ${user}:${user} ${dataDir}
chmod -R ug+rwX,o-rwx ${dataDir} chmod -R ug+rwX,o-rwx ${dataDir}
''; '';
script = '' script = ''
# Use User-Private Group scheme to protect piwik data, but allow administration / backup via piwik group # Use User-Private Group scheme to protect matomo data, but allow administration / backup via matomo group
# Copy config folder # Copy config folder
chmod g+s "${dataDir}" chmod g+s "${dataDir}"
cp -r "${pkgs.piwik}/config" "${dataDir}/" cp -r "${pkgs.matomo}/config" "${dataDir}/"
chmod -R u+rwX,g+rwX,o-rwx "${dataDir}" chmod -R u+rwX,g+rwX,o-rwx "${dataDir}"
# check whether user setup has already been done # check whether user setup has already been done
if test -f "${dataDir}/config/config.ini.php"; then if test -f "${dataDir}/config/config.ini.php"; then
# then execute possibly pending database upgrade # then execute possibly pending database upgrade
piwik-console core:update --yes matomo-console core:update --yes
fi fi
''; '';
}; };
systemd.services.${phpExecutionUnit} = { systemd.services.${phpExecutionUnit} = {
# stop phpfpm on package upgrade, do database upgrade via piwik_setup_update, and then restart # stop phpfpm on package upgrade, do database upgrade via matomo_setup_update, and then restart
restartTriggers = [ pkgs.piwik ]; restartTriggers = [ pkgs.matomo ];
# stop config.ini.php from getting written with read permission for others # stop config.ini.php from getting written with read permission for others
serviceConfig.UMask = "0007"; serviceConfig.UMask = "0007";
}; };
@ -175,14 +192,14 @@ in {
# References: # References:
# https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html # https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html
# https://github.com/perusio/piwik-nginx # https://github.com/perusio/piwik-nginx
"${user}.${config.networking.hostName}" = mkMerge [ cfg.nginx { "${user}.${fqdn}" = mkMerge [ cfg.nginx {
# don't allow to override the root easily, as it will almost certainly break piwik. # don't allow to override the root easily, as it will almost certainly break matomo.
# disadvantage: not shown as default in docs. # disadvantage: not shown as default in docs.
root = mkForce "${pkgs.piwik}/share"; root = mkForce "${pkgs.matomo}/share";
# define locations here instead of as the submodule option's default # define locations here instead of as the submodule option's default
# so that they can easily be extended with additional locations if required # so that they can easily be extended with additional locations if required
# without needing to redefine the piwik ones. # without needing to redefine the matomo ones.
# disadvantage: not shown as default in docs. # disadvantage: not shown as default in docs.
locations."/" = { locations."/" = {
index = "index.php"; index = "index.php";
@ -191,6 +208,7 @@ in {
locations."= /index.php".extraConfig = '' locations."= /index.php".extraConfig = ''
fastcgi_pass unix:${phpSocket}; fastcgi_pass unix:${phpSocket};
''; '';
# TODO: might get renamed to matomo.php in future versions
# allow piwik.php for tracking # allow piwik.php for tracking
locations."= /piwik.php".extraConfig = '' locations."= /piwik.php".extraConfig = ''
fastcgi_pass unix:${phpSocket}; fastcgi_pass unix:${phpSocket};
@ -212,6 +230,7 @@ in {
locations."= /robots.txt".extraConfig = '' locations."= /robots.txt".extraConfig = ''
return 200 "User-agent: *\nDisallow: /\n"; return 200 "User-agent: *\nDisallow: /\n";
''; '';
# TODO: might get renamed to matomo.js in future versions
# let browsers cache piwik.js # let browsers cache piwik.js
locations."= /piwik.js".extraConfig = '' locations."= /piwik.js".extraConfig = ''
expires 1M; expires 1M;
@ -221,7 +240,7 @@ in {
}; };
meta = { meta = {
doc = ./piwik-doc.xml; doc = ./matomo-doc.xml;
maintainers = with stdenv.lib.maintainers; [ florianjacob ]; maintainers = with stdenv.lib.maintainers; [ florianjacob ];
}; };
} }

2
nixos/modules/services/x11/desktop-managers/enlightenment.nix
View file

@ -33,7 +33,7 @@ in
pkgs.xorg.xauth # used by kdesu pkgs.xorg.xauth # used by kdesu
pkgs.gtk2 # To get GTK+'s themes. pkgs.gtk2 # To get GTK+'s themes.
pkgs.tango-icon-theme pkgs.tango-icon-theme
pkgs.shared_mime_info pkgs.shared-mime-info
pkgs.gnome2.gnomeicontheme pkgs.gnome2.gnomeicontheme
pkgs.xorg.xcursorthemes pkgs.xorg.xcursorthemes
]; ];

20
nixos/modules/services/x11/desktop-managers/gnome3.nix
View file

@ -27,7 +27,7 @@ let
nixos-gsettings-desktop-schemas = pkgs.runCommand "nixos-gsettings-desktop-schemas" {} nixos-gsettings-desktop-schemas = pkgs.runCommand "nixos-gsettings-desktop-schemas" {}
'' ''
mkdir -p $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas mkdir -p $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
cp -rf ${pkgs.gnome3.gsettings_desktop_schemas}/share/gsettings-schemas/gsettings-desktop-schemas*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas cp -rf ${pkgs.gnome3.gsettings-desktop-schemas}/share/gsettings-schemas/gsettings-desktop-schemas*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
${concatMapStrings (pkg: "cp -rf ${pkg}/share/gsettings-schemas/*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas\n") cfg.extraGSettingsOverridePackages} ${concatMapStrings (pkg: "cp -rf ${pkg}/share/gsettings-schemas/*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas\n") cfg.extraGSettingsOverridePackages}
@ -60,7 +60,7 @@ in {
example = literalExample "[ pkgs.gnome3.gpaste ]"; example = literalExample "[ pkgs.gnome3.gpaste ]";
description = "Additional list of packages to be added to the session search path. description = "Additional list of packages to be added to the session search path.
Useful for gnome shell extensions or gsettings-conditionated autostart."; Useful for gnome shell extensions or gsettings-conditionated autostart.";
apply = list: list ++ [ pkgs.gnome3.gnome_shell pkgs.gnome3.gnome-shell-extensions ]; apply = list: list ++ [ pkgs.gnome3.gnome-shell pkgs.gnome3.gnome-shell-extensions ];
}; };
extraGSettingsOverrides = mkOption { extraGSettingsOverrides = mkOption {
@ -118,13 +118,13 @@ in {
services.packagekit.enable = mkDefault true; services.packagekit.enable = mkDefault true;
hardware.bluetooth.enable = mkDefault true; hardware.bluetooth.enable = mkDefault true;
services.xserver.libinput.enable = mkDefault true; # for controlling touchpad settings via gnome control center services.xserver.libinput.enable = mkDefault true; # for controlling touchpad settings via gnome control center
services.udev.packages = [ pkgs.gnome3.gnome_settings_daemon ]; services.udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
systemd.packages = [ pkgs.gnome3.vino ]; systemd.packages = [ pkgs.gnome3.vino ];
# If gnome3 is installed, build vim for gtk3 too. # If gnome3 is installed, build vim for gtk3 too.
nixpkgs.config.vim.gui = "gtk3"; nixpkgs.config.vim.gui = "gtk3";
fonts.fonts = [ pkgs.dejavu_fonts pkgs.cantarell_fonts ]; fonts.fonts = [ pkgs.dejavu_fonts pkgs.cantarell-fonts ];
services.xserver.desktopManager.session = singleton services.xserver.desktopManager.session = singleton
{ name = "gnome3"; { name = "gnome3";
@ -164,7 +164,7 @@ in {
# Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/ # Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/
${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update ${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update
${pkgs.gnome3.gnome_session}/bin/gnome-session ${optionalString cfg.debug "--debug"} & ${pkgs.gnome3.gnome-session}/bin/gnome-session ${optionalString cfg.debug "--debug"} &
waitPID=$! waitPID=$!
''; '';
}; };
@ -172,7 +172,7 @@ in {
services.xserver.updateDbusEnvironment = true; services.xserver.updateDbusEnvironment = true;
environment.variables.GIO_EXTRA_MODULES = [ "${lib.getLib pkgs.gnome3.dconf}/lib/gio/modules" environment.variables.GIO_EXTRA_MODULES = [ "${lib.getLib pkgs.gnome3.dconf}/lib/gio/modules"
"${pkgs.gnome3.glib_networking.out}/lib/gio/modules" "${pkgs.gnome3.glib-networking.out}/lib/gio/modules"
"${pkgs.gnome3.gvfs}/lib/gio/modules" ]; "${pkgs.gnome3.gvfs}/lib/gio/modules" ];
environment.systemPackages = pkgs.gnome3.corePackages ++ cfg.sessionPath environment.systemPackages = pkgs.gnome3.corePackages ++ cfg.sessionPath
++ (removePackagesByName pkgs.gnome3.optionalPackages config.environment.gnome3.excludePackages); ++ (removePackagesByName pkgs.gnome3.optionalPackages config.environment.gnome3.excludePackages);
@ -180,10 +180,10 @@ in {
# Use the correct gnome3 packageSet # Use the correct gnome3 packageSet
networking.networkmanager.basePackages = networking.networkmanager.basePackages =
{ inherit (pkgs) networkmanager modemmanager wpa_supplicant; { inherit (pkgs) networkmanager modemmanager wpa_supplicant;
inherit (pkgs.gnome3) networkmanager_openvpn networkmanager_vpnc inherit (pkgs.gnome3) networkmanager-openvpn networkmanager-vpnc
networkmanager_openconnect networkmanager_fortisslvpn networkmanager-openconnect networkmanager-fortisslvpn
networkmanager_pptp networkmanager_iodine networkmanager-pptp networkmanager-iodine
networkmanager_l2tp; }; networkmanager-l2tp; };
# Needed for themes and backgrounds # Needed for themes and backgrounds
environment.pathsToLink = [ "/share" ]; environment.pathsToLink = [ "/share" ];

2
nixos/modules/services/x11/desktop-managers/mate.nix
View file

@ -102,7 +102,7 @@ in
services.dbus.packages = [ services.dbus.packages = [
pkgs.gnome3.dconf pkgs.gnome3.dconf
pkgs.at_spi2_core pkgs.at-spi2-core
]; ];
services.gnome3.gnome-keyring.enable = true; services.gnome3.gnome-keyring.enable = true;

2
nixos/modules/services/x11/desktop-managers/plasma5.nix
View file

@ -154,7 +154,7 @@ in
print-manager print-manager
breeze-icons breeze-icons
pkgs.hicolor_icon_theme pkgs.hicolor-icon-theme
kde-gtk-config breeze-gtk kde-gtk-config breeze-gtk

6
nixos/modules/services/x11/desktop-managers/xfce.nix
View file

@ -61,12 +61,12 @@ in
# utilities-terminal, accessories-text-editor # utilities-terminal, accessories-text-editor
gnome3.defaultIconTheme gnome3.defaultIconTheme
hicolor_icon_theme hicolor-icon-theme
tango-icon-theme tango-icon-theme
xfce4-icon-theme xfce4-icon-theme
desktop_file_utils desktop-file-utils
shared_mime_info shared-mime-info
# Needed by Xfce's xinitrc script # Needed by Xfce's xinitrc script
# TODO: replace with command -v # TODO: replace with command -v

10
nixos/modules/services/x11/display-managers/gdm.nix
View file

@ -133,7 +133,7 @@ in
StandardError = "inherit"; StandardError = "inherit";
}; };
systemd.services.display-manager.path = [ pkgs.gnome3.gnome_session ]; systemd.services.display-manager.path = [ pkgs.gnome3.gnome-session ];
services.dbus.packages = [ gdm ]; services.dbus.packages = [ gdm ];
@ -193,7 +193,7 @@ in
auth required pam_env.so envfile=${config.system.build.pamEnvironment} auth required pam_env.so envfile=${config.system.build.pamEnvironment}
auth required pam_succeed_if.so uid >= 1000 quiet auth required pam_succeed_if.so uid >= 1000 quiet
auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so
auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth
${optionalString config.security.pam.enableEcryptfs ${optionalString config.security.pam.enableEcryptfs
"auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"} "auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
@ -213,7 +213,7 @@ in
"session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} "session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"}
session required pam_loginuid.so session required pam_loginuid.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
''; '';
gdm-password.text = '' gdm-password.text = ''
@ -221,7 +221,7 @@ in
auth required pam_env.so envfile=${config.system.build.pamEnvironment} auth required pam_env.so envfile=${config.system.build.pamEnvironment}
auth required pam_succeed_if.so uid >= 1000 quiet auth required pam_succeed_if.so uid >= 1000 quiet
auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so
auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth
${optionalString config.security.pam.enableEcryptfs ${optionalString config.security.pam.enableEcryptfs
"auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"} "auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
@ -240,7 +240,7 @@ in
"session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"} "session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"}
session required pam_loginuid.so session required pam_loginuid.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
''; '';
gdm-autologin.text = '' gdm-autologin.text = ''

4
nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix
View file

@ -68,8 +68,8 @@ in
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.gnome3.gnome_themes_standard; default = pkgs.gnome3.gnome-themes-standard;
defaultText = "pkgs.gnome3.gnome_themes_standard"; defaultText = "pkgs.gnome3.gnome-themes-standard";
description = '' description = ''
The package path that contains the theme given in the name option. The package path that contains the theme given in the name option.
''; '';

28
nixos/modules/services/x11/xautolock.nix
View file

@ -26,9 +26,9 @@ in
}; };
locker = mkOption { locker = mkOption {
default = "xlock"; # default according to `man xautolock` default = "${pkgs.xlockmore}/bin/xlock"; # default according to `man xautolock`
example = "i3lock -i /path/to/img"; example = "${pkgs.i3lock}/bin/i3lock -i /path/to/img";
type = types.string; type = types.str;
description = '' description = ''
The script to use when automatically locking the computer. The script to use when automatically locking the computer.
@ -37,8 +37,8 @@ in
nowlocker = mkOption { nowlocker = mkOption {
default = null; default = null;
example = "i3lock -i /path/to/img"; example = "${pkgs.i3lock}/bin/i3lock -i /path/to/img";
type = types.nullOr types.string; type = types.nullOr types.str;
description = '' description = ''
The script to use when manually locking the computer with <command>xautolock -locknow</command>. The script to use when manually locking the computer with <command>xautolock -locknow</command>.
@ -56,10 +56,8 @@ in
notifier = mkOption { notifier = mkOption {
default = null; default = null;
example = literalExample '' example = "${pkgs.libnotify}/bin/notify-send \"Locking in 10 seconds\"";
"${pkgs.libnotify}/bin/notify-send \"Locking in 10 seconds\"" type = types.nullOr types.str;
'';
type = types.nullOr types.string;
description = '' description = ''
Notification script to be used to warn about the pending autolock. Notification script to be used to warn about the pending autolock.
@ -68,8 +66,8 @@ in
killer = mkOption { killer = mkOption {
default = null; # default according to `man xautolock` is none default = null; # default according to `man xautolock` is none
example = "systemctl suspend"; example = "${pkgs.systemd}/bin/systemctl suspend";
type = types.nullOr types.string; type = types.nullOr types.str;
description = '' description = ''
The script to use when nothing has happend for as long as <option>killtime</option> The script to use when nothing has happend for as long as <option>killtime</option>
@ -131,6 +129,12 @@ in
assertion = cfg.killer != null -> cfg.killtime >= 10; assertion = cfg.killer != null -> cfg.killtime >= 10;
message = "killtime has to be at least 10 minutes according to `man xautolock`"; message = "killtime has to be at least 10 minutes according to `man xautolock`";
} }
]; ] ++ (lib.flip map [ "locker" "notifier" "nowlocker" "killer" ]
(option:
{
assertion = cfg."${option}" != null -> builtins.substring 0 1 cfg."${option}" == "/";
message = "Please specify a canonical path for `services.xserver.xautolock.${option}`";
})
);
}; };
} }

2
nixos/modules/system/boot/initrd-ssh.nix
View file

@ -118,7 +118,7 @@ in
echo ${escapeShellArg key} >> /root/.ssh/authorized_keys echo ${escapeShellArg key} >> /root/.ssh/authorized_keys
'') cfg.authorizedKeys)} '') cfg.authorizedKeys)}
dropbear -s -j -k -E -m -p ${toString cfg.port} ${optionalString (cfg.hostRSAKey == null && cfg.hostDSSKey == null && cfg.hostECDSAKey == null) "-R"} dropbear -s -j -k -E -p ${toString cfg.port} ${optionalString (cfg.hostRSAKey == null && cfg.hostDSSKey == null && cfg.hostECDSAKey == null) "-R"}
''; '';
boot.initrd.secrets = boot.initrd.secrets =

10
nixos/modules/system/boot/loader/grub/grub.nix
View file

@ -110,7 +110,7 @@ in
device = mkOption { device = mkOption {
default = ""; default = "";
example = "/dev/hda"; example = "/dev/disk/by-id/wwn-0x500001234567890a";
type = types.str; type = types.str;
description = '' description = ''
The device on which the GRUB boot loader will be installed. The device on which the GRUB boot loader will be installed.
@ -123,7 +123,7 @@ in
devices = mkOption { devices = mkOption {
default = []; default = [];
example = [ "/dev/hda" ]; example = [ "/dev/disk/by-id/wwn-0x500001234567890a" ];
type = types.listOf types.str; type = types.listOf types.str;
description = '' description = ''
The devices on which the boot loader, GRUB, will be The devices on which the boot loader, GRUB, will be
@ -135,8 +135,8 @@ in
mirroredBoots = mkOption { mirroredBoots = mkOption {
default = [ ]; default = [ ];
example = [ example = [
{ path = "/boot1"; devices = [ "/dev/sda" ]; } { path = "/boot1"; devices = [ "/dev/disk/by-id/wwn-0x500001234567890a" ]; }
{ path = "/boot2"; devices = [ "/dev/sdb" ]; } { path = "/boot2"; devices = [ "/dev/disk/by-id/wwn-0x500009876543210a" ]; }
]; ];
description = '' description = ''
Mirror the boot configuration to multiple partitions and install grub Mirror the boot configuration to multiple partitions and install grub
@ -178,7 +178,7 @@ in
devices = mkOption { devices = mkOption {
default = [ ]; default = [ ];
example = [ "/dev/sda" "/dev/sdb" ]; example = [ "/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a" ];
type = types.listOf types.str; type = types.listOf types.str;
description = '' description = ''
The path to the devices which will have the GRUB MBR written. The path to the devices which will have the GRUB MBR written.

9
nixos/modules/system/boot/luksroot.nix
View file

@ -228,10 +228,6 @@ in
[ "aes" "aes_generic" "blowfish" "twofish" [ "aes" "aes_generic" "blowfish" "twofish"
"serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512"
# workaround until https://marc.info/?l=linux-crypto-vger&m=148783562211457&w=4 is merged
# remove once 'modprobe --show-depends xts' shows ecb as a dependency
"ecb"
(if pkgs.stdenv.system == "x86_64-linux" then "aes_x86_64" else "aes_i586") (if pkgs.stdenv.system == "x86_64-linux" then "aes_x86_64" else "aes_i586")
]; ];
description = '' description = ''
@ -441,7 +437,10 @@ in
# Some modules that may be needed for mounting anything ciphered # Some modules that may be needed for mounting anything ciphered
# Also load input_leds to get caps lock light working (#12456) # Also load input_leds to get caps lock light working (#12456)
boot.initrd.availableKernelModules = [ "dm_mod" "dm_crypt" "cryptd" "input_leds" ] boot.initrd.availableKernelModules = [ "dm_mod" "dm_crypt" "cryptd" "input_leds" ]
++ luks.cryptoModules; ++ luks.cryptoModules
# workaround until https://marc.info/?l=linux-crypto-vger&m=148783562211457&w=4 is merged
# remove once 'modprobe --show-depends xts' shows ecb as a dependency
++ (if builtins.elem "xts" luks.cryptoModules then ["ecb"] else []);
# copy the cryptsetup binary and it's dependencies # copy the cryptsetup binary and it's dependencies
boot.initrd.extraUtilsCommands = '' boot.initrd.extraUtilsCommands = ''

6
nixos/modules/system/boot/networkd.nix
View file

@ -650,7 +650,11 @@ let
unitFiles = map (name: { unitFiles = map (name: {
target = "systemd/network/${name}"; target = "systemd/network/${name}";
source = "${cfg.units.${name}.unit}/${name}"; source = "${cfg.units.${name}.unit}/${name}";
}) (attrNames cfg.units); }) (attrNames cfg.units) ++
(map (entry: {
target = "systemd/network/${entry}";
source = "${config.systemd.package}/lib/systemd/network/${entry}";
}) (attrNames (builtins.readDir "${config.systemd.package}/lib/systemd/network")));
in in
{ {

7
nixos/release.nix
View file

@ -228,7 +228,9 @@ in rec {
tests.boot = callSubTests tests/boot.nix {}; tests.boot = callSubTests tests/boot.nix {};
tests.boot-stage1 = callTest tests/boot-stage1.nix {}; tests.boot-stage1 = callTest tests/boot-stage1.nix {};
tests.borgbackup = callTest tests/borgbackup.nix {}; tests.borgbackup = callTest tests/borgbackup.nix {};
tests.buildbot = callTest tests/buildbot.nix {};
tests.cadvisor = callTestOnTheseSystems ["x86_64-linux"] tests/cadvisor.nix {}; tests.cadvisor = callTestOnTheseSystems ["x86_64-linux"] tests/cadvisor.nix {};
tests.ceph = callTestOnTheseSystems ["x86_64-linux"] tests/ceph.nix {};
tests.chromium = (callSubTestsOnTheseSystems ["x86_64-linux"] tests/chromium.nix {}).stable; tests.chromium = (callSubTestsOnTheseSystems ["x86_64-linux"] tests/chromium.nix {}).stable;
tests.cjdns = callTest tests/cjdns.nix {}; tests.cjdns = callTest tests/cjdns.nix {};
tests.cloud-init = callTest tests/cloud-init.nix {}; tests.cloud-init = callTest tests/cloud-init.nix {};
@ -258,7 +260,7 @@ in rec {
tests.firefox = callTest tests/firefox.nix {}; tests.firefox = callTest tests/firefox.nix {};
tests.firewall = callTest tests/firewall.nix {}; tests.firewall = callTest tests/firewall.nix {};
tests.fleet = callTestOnTheseSystems ["x86_64-linux"] tests/fleet.nix {}; tests.fleet = callTestOnTheseSystems ["x86_64-linux"] tests/fleet.nix {};
#tests.fwupd = callTest tests/fwupd.nix {}; # build during evaluation tests.fwupd = callTest tests/fwupd.nix {};
#tests.gitlab = callTest tests/gitlab.nix {}; #tests.gitlab = callTest tests/gitlab.nix {};
tests.gitolite = callTest tests/gitolite.nix {}; tests.gitolite = callTest tests/gitolite.nix {};
tests.gjs = callTest tests/gjs.nix {}; tests.gjs = callTest tests/gjs.nix {};
@ -318,6 +320,7 @@ in rec {
tests.nfs4 = callTest tests/nfs.nix { version = 4; }; tests.nfs4 = callTest tests/nfs.nix { version = 4; };
tests.nginx = callTest tests/nginx.nix { }; tests.nginx = callTest tests/nginx.nix { };
tests.nghttpx = callTest tests/nghttpx.nix { }; tests.nghttpx = callTest tests/nghttpx.nix { };
tests.nix-ssh-serve = callTest tests/nix-ssh-serve.nix { };
tests.novacomd = callTestOnTheseSystems ["x86_64-linux"] tests/novacomd.nix { }; tests.novacomd = callTestOnTheseSystems ["x86_64-linux"] tests/novacomd.nix { };
tests.leaps = callTest tests/leaps.nix { }; tests.leaps = callTest tests/leaps.nix { };
tests.nsd = callTest tests/nsd.nix {}; tests.nsd = callTest tests/nsd.nix {};
@ -352,6 +355,7 @@ in rec {
tests.snapper = callTest tests/snapper.nix {}; tests.snapper = callTest tests/snapper.nix {};
tests.statsd = callTest tests/statsd.nix {}; tests.statsd = callTest tests/statsd.nix {};
tests.sudo = callTest tests/sudo.nix {}; tests.sudo = callTest tests/sudo.nix {};
tests.systemd = callTest tests/systemd.nix {};
tests.switchTest = callTest tests/switch-test.nix {}; tests.switchTest = callTest tests/switch-test.nix {};
tests.taskserver = callTest tests/taskserver.nix {}; tests.taskserver = callTest tests/taskserver.nix {};
tests.tomcat = callTest tests/tomcat.nix {}; tests.tomcat = callTest tests/tomcat.nix {};
@ -361,6 +365,7 @@ in rec {
tests.wordpress = callTest tests/wordpress.nix {}; tests.wordpress = callTest tests/wordpress.nix {};
tests.xfce = callTest tests/xfce.nix {}; tests.xfce = callTest tests/xfce.nix {};
tests.xmonad = callTest tests/xmonad.nix {}; tests.xmonad = callTest tests/xmonad.nix {};
tests.xrdp = callTest tests/xrdp.nix {};
tests.yabar = callTest tests/yabar.nix {}; tests.yabar = callTest tests/yabar.nix {};
tests.zookeeper = callTest tests/zookeeper.nix {}; tests.zookeeper = callTest tests/zookeeper.nix {};

140
nixos/tests/ceph.nix Normal file
View file

@ -0,0 +1,140 @@
import ./make-test.nix ({pkgs, ...}: rec {
name = "All-in-one-basic-ceph-cluster";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lejonet ];
};
nodes = {
aio = { config, pkgs, ... }: {
virtualisation = {
emptyDiskImages = [ 20480 20480 ];
vlans = [ 1 ];
};
networking = {
firewall.allowPing = true;
useDHCP = false;
interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
{ address = "192.168.1.1"; prefixLength = 24; }
];
};
environment.systemPackages = with pkgs; [
bash
sudo
ceph
xfsprogs
];
nixpkgs.config.packageOverrides = super: {
ceph = super.ceph.override({ nss = super.nss; libxfs = super.libxfs; libaio = super.libaio; jemalloc = super.jemalloc; });
};
boot.kernelModules = [ "xfs" ];
services.ceph.enable = true;
services.ceph.global = {
fsid = "066ae264-2a5d-4729-8001-6ad265f50b03";
monInitialMembers = "aio";
monHost = "192.168.1.1";
};
services.ceph.mon = {
enable = true;
daemons = [ "aio" ];
};
services.ceph.mgr = {
enable = true;
daemons = [ "aio" ];
};
services.ceph.osd = {
enable = true;
daemons = [ "0" "1" ];
};
};
};
testScript = { nodes, ... }: ''
startAll;
$aio->waitForUnit("network.target");
# Create the ceph-related directories
$aio->mustSucceed(
"mkdir -p /var/lib/ceph/mgr/ceph-aio/",
"mkdir -p /var/lib/ceph/mon/ceph-aio/",
"mkdir -p /var/lib/ceph/osd/ceph-{0..1}/",
"chown ceph:ceph -R /var/lib/ceph/"
);
# Bootstrap ceph-mon daemon
$aio->mustSucceed(
"mkdir -p /var/lib/ceph/bootstrap-osd && chown ceph:ceph /var/lib/ceph/bootstrap-osd",
"sudo -u ceph ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'",
"ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --set-uid=0 --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'",
"ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring",
"monmaptool --create --add aio 192.168.1.1 --fsid 066ae264-2a5d-4729-8001-6ad265f50b03 /tmp/monmap",
"sudo -u ceph ceph-mon --mkfs -i aio --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring",
"touch /var/lib/ceph/mon/ceph-aio/done",
"systemctl start ceph-mon-aio"
);
$aio->waitForUnit("ceph-mon-aio");
# Can't check ceph status until a mon is up
$aio->succeed("ceph -s | grep 'mon: 1 daemons'");
# Start the ceph-mgr daemon, it has no deps and hardly any setup
$aio->mustSucceed(
"ceph auth get-or-create mgr.aio mon 'allow profile mgr' osd 'allow *' mds 'allow *' > /var/lib/ceph/mgr/ceph-aio/keyring",
"systemctl start ceph-mgr-aio"
);
$aio->waitForUnit("ceph-mgr-aio");
$aio->waitUntilSucceeds("ceph -s | grep 'quorum aio'");
# Bootstrap both OSDs
$aio->mustSucceed(
"mkfs.xfs /dev/vdb",
"mkfs.xfs /dev/vdc",
"mount /dev/vdb /var/lib/ceph/osd/ceph-0",
"mount /dev/vdc /var/lib/ceph/osd/ceph-1",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-0/keyring --name osd.0 --add-key AQBCEJNa3s8nHRAANvdsr93KqzBznuIWm2gOGg==",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-1/keyring --name osd.1 --add-key AQBEEJNac00kExAAXEgy943BGyOpVH1LLlHafQ==",
"echo '{\"cephx_secret\": \"AQBCEJNa3s8nHRAANvdsr93KqzBznuIWm2gOGg==\"}' | ceph osd new 55ba2294-3e24-478f-bee0-9dca4c231dd9 -i -",
"echo '{\"cephx_secret\": \"AQBEEJNac00kExAAXEgy943BGyOpVH1LLlHafQ==\"}' | ceph osd new 5e97a838-85b6-43b0-8950-cb56d554d1e5 -i -"
);
# Initialize the OSDs with regular filestore
$aio->mustSucceed(
"ceph-osd -i 0 --mkfs --osd-uuid 55ba2294-3e24-478f-bee0-9dca4c231dd9",
"ceph-osd -i 1 --mkfs --osd-uuid 5e97a838-85b6-43b0-8950-cb56d554d1e5",
"chown -R ceph:ceph /var/lib/ceph/osd",
"systemctl start ceph-osd-0",
"systemctl start ceph-osd-1"
);
$aio->waitUntilSucceeds("ceph osd stat | grep '2 osds: 2 up, 2 in'");
$aio->waitUntilSucceeds("ceph -s | grep 'mgr: aio(active)'");
$aio->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
$aio->mustSucceed(
"ceph osd pool create aio-test 100 100",
"ceph osd pool ls | grep 'aio-test'",
"ceph osd pool rename aio-test aio-other-test",
"ceph osd pool ls | grep 'aio-other-test'",
"ceph -s | grep '1 pools, 100 pgs'",
"ceph osd getcrushmap -o crush",
"crushtool -d crush -o decrushed",
"sed 's/step chooseleaf firstn 0 type host/step chooseleaf firstn 0 type osd/' decrushed > modcrush",
"crushtool -c modcrush -o recrushed",
"ceph osd setcrushmap -i recrushed",
"ceph osd pool set aio-other-test size 2"
);
$aio->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
$aio->waitUntilSucceeds("ceph -s | grep '100 active+clean'");
$aio->mustFail(
"ceph osd pool ls | grep 'aio-test'",
"ceph osd pool delete aio-other-test aio-other-test --yes-i-really-really-mean-it"
);
'';
})

39
nixos/tests/nix-ssh-serve.nix Normal file
View file

@ -0,0 +1,39 @@
import ./make-test.nix ({ pkgs, lib, ... }:
let inherit (import ./ssh-keys.nix pkgs)
snakeOilPrivateKey snakeOilPublicKey;
ssh-config = builtins.toFile "ssh.conf" ''
UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no
'';
in
{ name = "nix-ssh-serve";
meta.maintainers = [ lib.maintainers.shlevy ];
nodes =
{ server.nix.sshServe =
{ enable = true;
keys = [ snakeOilPublicKey ];
protocol = "ssh-ng";
};
server.nix.package = pkgs.nixUnstable;
client.nix.package = pkgs.nixUnstable;
};
testScript = ''
startAll;
$client->succeed("mkdir -m 700 /root/.ssh");
$client->copyFileFromHost("${ssh-config}", "/root/.ssh/config");
$client->succeed("cat ${snakeOilPrivateKey} > /root/.ssh/id_ecdsa");
$client->succeed("chmod 600 /root/.ssh/id_ecdsa");
$client->succeed("nix-store --add /etc/machine-id > mach-id-path");
$server->waitForUnit("sshd");
$client->fail("diff /root/other-store\$(cat mach-id-path) /etc/machine-id");
# Currently due to shared store this is a noop :(
$client->succeed("nix copy --to ssh-ng://nix-ssh\@server \$(cat mach-id-path)");
$client->succeed("nix-store --realise \$(cat mach-id-path) --store /root/other-store --substituters ssh-ng://nix-ssh\@server");
$client->succeed("diff /root/other-store\$(cat mach-id-path) /etc/machine-id");
'';
}
)

17
nixos/tests/openssh.nix
View file

@ -1,20 +1,7 @@
import ./make-test.nix ({ pkgs, ... }: import ./make-test.nix ({ pkgs, ... }:
let let inherit (import ./ssh-keys.nix pkgs)
snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" '' snakeOilPrivateKey snakeOilPublicKey;
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
-----END EC PRIVATE KEY-----
'';
snakeOilPublicKey = pkgs.lib.concatStrings [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
"yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
"9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil"
];
in { in {
name = "openssh"; name = "openssh";
meta = with pkgs.stdenv.lib.maintainers; { meta = with pkgs.stdenv.lib.maintainers; {

2
nixos/tests/postgis.nix
View file

@ -12,7 +12,7 @@ import ./make-test.nix ({ pkgs, ...} : {
services.postgresql = let mypg = pkgs.postgresql100; in { services.postgresql = let mypg = pkgs.postgresql100; in {
enable = true; enable = true;
package = mypg; package = mypg;
extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }).v_2_4_0 ]; extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }) ];
}; };
}; };
}; };

15
nixos/tests/ssh-keys.nix Normal file
View file

@ -0,0 +1,15 @@
pkgs:
{ snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" ''
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
-----END EC PRIVATE KEY-----
'';
snakeOilPublicKey = pkgs.lib.concatStrings [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
"yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
"9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil"
];
}

66
nixos/tests/systemd.nix Normal file
View file

@ -0,0 +1,66 @@
import ./make-test.nix {
name = "systemd";
machine = { lib, ... }: {
imports = [ common/user-account.nix common/x11.nix ];
virtualisation.emptyDiskImages = [ 512 ];
fileSystems = lib.mkVMOverride {
"/test-x-initrd-mount" = {
device = "/dev/vdb";
fsType = "ext2";
autoFormat = true;
noCheck = true;
options = [ "x-initrd.mount" ];
};
};
systemd.extraConfig = "DefaultEnvironment=\"XXX_SYSTEM=foo\"";
systemd.user.extraConfig = "DefaultEnvironment=\"XXX_USER=bar\"";
services.journald.extraConfig = "Storage=volatile";
services.xserver.displayManager.auto.user = "alice";
systemd.services.testservice1 = {
description = "Test Service 1";
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = ''
if [ "$XXX_SYSTEM" = foo ]; then
touch /system_conf_read
fi
'';
};
systemd.user.services.testservice2 = {
description = "Test Service 2";
wantedBy = [ "default.target" ];
serviceConfig.Type = "oneshot";
script = ''
if [ "$XXX_USER" = bar ]; then
touch "$HOME/user_conf_read"
fi
'';
};
};
testScript = ''
$machine->waitForX;
# Regression test for https://github.com/NixOS/nixpkgs/issues/35415
subtest "configuration files are recognized by systemd", sub {
$machine->succeed('test -e /system_conf_read');
$machine->succeed('test -e /home/alice/user_conf_read');
$machine->succeed('test -z $(ls -1 /var/log/journal)');
};
# Regression test for https://github.com/NixOS/nixpkgs/issues/35268
subtest "file system with x-initrd.mount is not unmounted", sub {
$machine->shutdown;
$machine->waitForUnit('multi-user.target');
# If the file system was unmounted during the shutdown the file system
# has a last mount time, because the file system wasn't checked.
$machine->fail('dumpe2fs /dev/vdb | grep -q "^Last mount time: *n/a"');
};
'';
}

7
pkgs/applications/altcoins/bitcoin.nix
View file

@ -5,13 +5,13 @@
with stdenv.lib; with stdenv.lib;
stdenv.mkDerivation rec{ stdenv.mkDerivation rec{
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version; name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version;
version = "0.15.1"; version = "0.16.0";
src = fetchurl { src = fetchurl {
urls = [ "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" urls = [ "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
"https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz" "https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
]; ];
sha256 = "1d22fgwdcn343kd95lh389hj417zwbmnhi29cij8n7wc0nz2vpil"; sha256 = "0h7flgsfjzbqajwv8ih686yyxxljhf8krhm8jxranb4kglww1glc";
}; };
nativeBuildInputs = [ pkgconfig autoreconfHook ]; nativeBuildInputs = [ pkgconfig autoreconfHook ];
@ -36,6 +36,7 @@ stdenv.mkDerivation rec{
homepage = http://www.bitcoin.org/; homepage = http://www.bitcoin.org/;
maintainers = with maintainers; [ roconnor AndersonTorres ]; maintainers = with maintainers; [ roconnor AndersonTorres ];
license = licenses.mit; license = licenses.mit;
platforms = platforms.unix; # bitcoin needs hexdump to build, which doesn't seem to build on darwin at the moment.
platforms = platforms.linux;
}; };
} }

6
pkgs/applications/altcoins/default.nix
View file

@ -1,11 +1,11 @@
{ callPackage, boost155, boost164, openssl_1_1_0, haskellPackages, darwin, libsForQt5, miniupnpc_2, python3 }: { callPackage, boost155, openssl_1_1_0, haskellPackages, darwin, libsForQt5, miniupnpc_2, python3 }:
rec { rec {
aeon = callPackage ./aeon { }; aeon = callPackage ./aeon { };
bitcoin = libsForQt5.callPackage ./bitcoin.nix { boost = boost164; miniupnpc = miniupnpc_2; withGui = true; }; bitcoin = libsForQt5.callPackage ./bitcoin.nix { miniupnpc = miniupnpc_2; withGui = true; };
bitcoind = callPackage ./bitcoin.nix { boost = boost164; miniupnpc = miniupnpc_2; withGui = false; }; bitcoind = callPackage ./bitcoin.nix { miniupnpc = miniupnpc_2; withGui = false; };
bitcoin-abc = libsForQt5.callPackage ./bitcoin-abc.nix { withGui = true; }; bitcoin-abc = libsForQt5.callPackage ./bitcoin-abc.nix { withGui = true; };
bitcoind-abc = callPackage ./bitcoin-abc.nix { withGui = false; }; bitcoind-abc = callPackage ./bitcoin-abc.nix { withGui = false; };

8
pkgs/applications/altcoins/ethabi.nix
View file

@ -4,16 +4,16 @@ with rustPlatform;
buildRustPackage rec { buildRustPackage rec {
name = "ethabi-${version}"; name = "ethabi-${version}";
version = "1.0.4"; version = "4.1.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "paritytech"; owner = "paritytech";
repo = "ethabi"; repo = "ethabi";
rev = "18ddc983d77b2a97e6c322abcc23bec59940d65f"; rev = "v${version}";
sha256 = "1rg7ydvnhlg8w6blilm3cv6v4q51x1hgrbkln2ikhpdq0vakp5fd"; sha256 = "0kxflixmgycdh7sv73zf2mrkbcfzzw7f5sjbsjks9crc9cvjqi6p";
}; };
cargoSha256 = "0i9617qwc6d4jvlbydwk03rcsnyvxzpbn2ms10ds4r6x7jy2a4sy"; cargoSha256 = "18rigpsmfiv6im2sspnxadgqrlfdp9dd75ji8s56ksc9g7hrc3wz";
cargoBuildFlags = ["--features cli"]; cargoBuildFlags = ["--features cli"];

11
pkgs/applications/altcoins/go-ethereum.nix
View file

@ -12,6 +12,17 @@ buildGoPackage rec {
# Fixes Cgo related build failures (see https://github.com/NixOS/nixpkgs/issues/25959 ) # Fixes Cgo related build failures (see https://github.com/NixOS/nixpkgs/issues/25959 )
hardeningDisable = [ "fortify" ]; hardeningDisable = [ "fortify" ];
# Only install binaries in $out, source is not interesting and takes ~50M
outputs = [ "out" ];
preFixup = ''
export bin="''${out}"
'';
installPhase = ''
mkdir -p $out/bin $out
dir="$NIX_BUILD_TOP/go/bin"
[ -e "$dir" ] && cp -r $dir $out
'';
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "ethereum"; owner = "ethereum";
repo = "go-ethereum"; repo = "go-ethereum";

4
pkgs/applications/altcoins/seth.nix
View file

@ -5,13 +5,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "seth-${version}"; name = "seth-${version}";
version = "0.6.2"; version = "0.6.3";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "dapphub"; owner = "dapphub";
repo = "seth"; repo = "seth";
rev = "v${version}"; rev = "v${version}";
sha256 = "1lbr7i3rznfp3h03y7pc094r0m992lbzr926rnr0xxbyp755wvm4"; sha256 = "0la2nfqsscpbq6zwa6hsd73nimdnrhilrmgyy77yr3jca2wjhsjk";
}; };
nativeBuildInputs = [makeWrapper]; nativeBuildInputs = [makeWrapper];

2
pkgs/applications/audio/a2jmidid/default.nix
View file

@ -28,6 +28,6 @@ in stdenv.mkDerivation rec {
description = "Daemon for exposing legacy ALSA sequencer applications in JACK MIDI system"; description = "Daemon for exposing legacy ALSA sequencer applications in JACK MIDI system";
license = licenses.gpl2; license = licenses.gpl2;
maintainers = [ maintainers.goibhniu ]; maintainers = [ maintainers.goibhniu ];
platforms = platforms.linux; platforms = [ "i686-linux" "x86_64-linux" ];
}; };
} }

28
pkgs/applications/audio/aacgain/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub }: { stdenv, fetchFromGitHub, fetchpatch }:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "aacgain-1.9.0"; name = "aacgain-1.9.0";
@ -12,7 +12,19 @@ stdenv.mkDerivation {
hardeningDisable = [ "format" ]; hardeningDisable = [ "format" ];
postPatch = ''
(
cd mp4v2
patch -p0 < ${fetchpatch {
name = "fix_missing_ptr_deref.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/fix_missing_ptr_deref.patch?h=aacgain-cvs&id=e1a19c920f57063e64bab75cb0d8624731f6e3d7";
sha256 = "1cq7r005nvmwdjb25z80grcam7jv6k57jnl2bh349mg3ajmslbq9";
}}
)
'';
configurePhase = '' configurePhase = ''
runHook preConfigure
cd mp4v2 cd mp4v2
./configure ./configure
@ -21,9 +33,11 @@ stdenv.mkDerivation {
cd .. cd ..
./configure ./configure
runHook postConfigure
''; '';
buildPhase = '' buildPhase = ''
runHook preBuild
cd mp4v2 cd mp4v2
make libmp4v2.la make libmp4v2.la
@ -32,18 +46,18 @@ stdenv.mkDerivation {
cd .. cd ..
make make
runHook postBuild
''; '';
installPhase = '' installPhase = ''
strip -s aacgain/aacgain install -D aacgain/aacgain "$out/bin/aacgain"
install -vD aacgain/aacgain "$out/bin/aacgain"
''; '';
meta = { meta = with stdenv.lib; {
description = "ReplayGain for AAC files"; description = "ReplayGain for AAC files";
homepage = https://github.com/mulx/aacgain; homepage = https://github.com/mulx/aacgain;
license = stdenv.lib.licenses.gpl2; license = licenses.gpl2;
platforms = stdenv.lib.platforms.linux; platforms = platforms.linux;
maintainers = [ stdenv.lib.maintainers.robbinch ]; maintainers = [ maintainers.robbinch ];
}; };
} }

4
pkgs/applications/audio/ario/default.nix
View file

@ -1,5 +1,5 @@
{ stdenv, fetchurl, pkgconfig, gettext, gtk2, expat, intltool, libgcrypt, { stdenv, fetchurl, pkgconfig, gettext, gtk2, expat, intltool, libgcrypt,
libunique, gnutls, libxml2, curl, mpd_clientlib, dbus_glib, libnotify, libunique, gnutls, libxml2, curl, mpd_clientlib, dbus-glib, libnotify,
libsoup, avahi, taglib libsoup, avahi, taglib
}: }:
@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];
buildInputs = [ buildInputs = [
gettext gtk2 expat intltool libgcrypt libunique gnutls gettext gtk2 expat intltool libgcrypt libunique gnutls
libxml2 curl mpd_clientlib dbus_glib libnotify libsoup avahi taglib libxml2 curl mpd_clientlib dbus-glib libnotify libsoup avahi taglib
]; ];
meta = { meta = {

4
pkgs/applications/audio/asunder/default.nix
View file

@ -12,11 +12,11 @@
with stdenv.lib; with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "2.8"; version = "2.9.2";
name = "asunder-${version}"; name = "asunder-${version}";
src = fetchurl { src = fetchurl {
url = "http://littlesvr.ca/asunder/releases/${name}.tar.bz2"; url = "http://littlesvr.ca/asunder/releases/${name}.tar.bz2";
sha256 = "1nq9kd4rd4k2kibf57gdbm0zw2gxa234vvvdhxkm8g5bhx5h3iyq"; sha256 = "0vjbxrrjih4c673sc39wj5whp81xp9kmnwqxwzfnmhkky970rg5r";
}; };
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];

8
pkgs/applications/audio/audacious/default.nix
View file

@ -1,7 +1,7 @@
{ stdenv, fetchurl, pkgconfig, wrapGAppsHook, gettext, glib, gtk3 { stdenv, fetchurl, pkgconfig, wrapGAppsHook, gettext, glib, gtk3
, libmowgli, dbus_glib, libxml2, xorg, gnome3, alsaLib , libmowgli, dbus-glib, libxml2, xorg, gnome3, alsaLib
, libpulseaudio, libjack2, fluidsynth, libmad, libogg, libvorbis , libpulseaudio, libjack2, fluidsynth, libmad, libogg, libvorbis
, libcdio082, libcddb, flac, ffmpeg, mpg123, libcue, libmms, libbs2b , libcdio, libcddb, flac, ffmpeg, mpg123, libcue, libmms, libbs2b
, libsndfile, libmodplug, libsamplerate, soxr, lirc, curl, wavpack , libsndfile, libmodplug, libsamplerate, soxr, lirc, curl, wavpack
, neon, faad2, lame, libnotify, libsidplayfp , neon, faad2, lame, libnotify, libsidplayfp
}: }:
@ -25,9 +25,9 @@ stdenv.mkDerivation rec {
]; ];
buildInputs = [ buildInputs = [
gettext glib gtk3 libmowgli dbus_glib libxml2 gettext glib gtk3 libmowgli dbus-glib libxml2
xorg.libXcomposite gnome3.defaultIconTheme alsaLib libjack2 xorg.libXcomposite gnome3.defaultIconTheme alsaLib libjack2
libpulseaudio fluidsynth libmad libogg libvorbis libcdio082 libpulseaudio fluidsynth libmad libogg libvorbis libcdio
libcddb flac ffmpeg mpg123 libcue libmms libbs2b libsndfile libcddb flac ffmpeg mpg123 libcue libmms libbs2b libsndfile
libmodplug libsamplerate soxr lirc curl wavpack neon faad2 libmodplug libsamplerate soxr lirc curl wavpack neon faad2
lame libnotify libsidplayfp lame libnotify libsidplayfp

4
pkgs/applications/audio/audacious/qt-5.nix
View file

@ -3,7 +3,7 @@
gettext, pkgconfig, gettext, pkgconfig,
qtbase, qtbase,
alsaLib, curl, faad2, ffmpeg, flac, fluidsynth, gdk_pixbuf, lame, libbs2b, alsaLib, curl, faad2, ffmpeg, flac, fluidsynth, gdk_pixbuf, lame, libbs2b,
libcddb, libcdio082, libcue, libjack2, libmad, libmms, libmodplug, libcddb, libcdio, libcue, libjack2, libmad, libmms, libmodplug,
libmowgli, libnotify, libogg, libpulseaudio, libsamplerate, libsidplayfp, libmowgli, libnotify, libogg, libpulseaudio, libsamplerate, libsidplayfp,
libsndfile, libvorbis, libxml2, lirc, mpg123, neon, qtmultimedia, soxr, libsndfile, libvorbis, libxml2, lirc, mpg123, neon, qtmultimedia, soxr,
wavpack wavpack
@ -46,7 +46,7 @@ mkDerivation {
# Plugin dependencies # Plugin dependencies
alsaLib curl faad2 ffmpeg flac fluidsynth gdk_pixbuf lame libbs2b libcddb alsaLib curl faad2 ffmpeg flac fluidsynth gdk_pixbuf lame libbs2b libcddb
libcdio082 libcue libjack2 libmad libmms libmodplug libmowgli libcdio libcue libjack2 libmad libmms libmodplug libmowgli
libnotify libogg libpulseaudio libsamplerate libsidplayfp libsndfile libnotify libogg libpulseaudio libsamplerate libsidplayfp libsndfile
libvorbis libxml2 lirc mpg123 neon qtmultimedia soxr wavpack libvorbis libxml2 lirc mpg123 neon qtmultimedia soxr wavpack
]; ];

4
pkgs/applications/audio/audacity/default.nix
View file

@ -7,12 +7,12 @@
with stdenv.lib; with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "2.2.1"; version = "2.2.2";
name = "audacity-${version}"; name = "audacity-${version}";
src = fetchurl { src = fetchurl {
url = "https://github.com/audacity/audacity/archive/Audacity-${version}.tar.gz"; url = "https://github.com/audacity/audacity/archive/Audacity-${version}.tar.gz";
sha256 = "1n05r8b4rnf9fas0py0is8cm97s3h65dgvqkk040aym5d1x6wd7z"; sha256 = "18q7i77ynihx7xp45lz2lv0k0wrh6736pcrivlpwrxjgbvyqx7km";
}; };
preConfigure = /* we prefer system-wide libs */ '' preConfigure = /* we prefer system-wide libs */ ''

6
pkgs/applications/audio/deadbeef/default.nix
View file

@ -1,7 +1,7 @@
{ stdenv, fetchurl, intltool, pkgconfig, fetchpatch, jansson { stdenv, fetchurl, intltool, pkgconfig, fetchpatch, jansson
# deadbeef can use either gtk2 or gtk3 # deadbeef can use either gtk2 or gtk3
, gtk2Support ? false, gtk2 ? null , gtk2Support ? false, gtk2 ? null
, gtk3Support ? true, gtk3 ? null, gsettings_desktop_schemas ? null, wrapGAppsHook ? null , gtk3Support ? true, gtk3 ? null, gsettings-desktop-schemas ? null, wrapGAppsHook ? null
# input plugins # input plugins
, vorbisSupport ? true, libvorbis ? null , vorbisSupport ? true, libvorbis ? null
, mp123Support ? true, libmad ? null , mp123Support ? true, libmad ? null
@ -30,7 +30,7 @@
assert gtk2Support || gtk3Support; assert gtk2Support || gtk3Support;
assert gtk2Support -> gtk2 != null; assert gtk2Support -> gtk2 != null;
assert gtk3Support -> gtk3 != null && gsettings_desktop_schemas != null && wrapGAppsHook != null; assert gtk3Support -> gtk3 != null && gsettings-desktop-schemas != null && wrapGAppsHook != null;
assert vorbisSupport -> libvorbis != null; assert vorbisSupport -> libvorbis != null;
assert mp123Support -> libmad != null; assert mp123Support -> libmad != null;
assert flacSupport -> flac != null; assert flacSupport -> flac != null;
@ -62,7 +62,7 @@ stdenv.mkDerivation rec {
buildInputs = with stdenv.lib; [ jansson ] buildInputs = with stdenv.lib; [ jansson ]
++ optional gtk2Support gtk2 ++ optional gtk2Support gtk2
++ optionals gtk3Support [ gtk3 gsettings_desktop_schemas ] ++ optionals gtk3Support [ gtk3 gsettings-desktop-schemas ]
++ optional vorbisSupport libvorbis ++ optional vorbisSupport libvorbis
++ optional mp123Support libmad ++ optional mp123Support libmad
++ optional flacSupport flac ++ optional flacSupport flac

31
pkgs/applications/audio/deadbeef/plugins/opus.nix Normal file
View file

@ -0,0 +1,31 @@
{ stdenv, fetchFromBitbucket, opusfile, libopus, libogg, openssl, deadbeef }:
stdenv.mkDerivation rec {
name = "deadbeef-opus-plugin-${version}";
version = "0.8";
src = fetchFromBitbucket {
owner = "Lithopsian";
repo = "deadbeef-opus";
rev = "v${version}";
sha256 = "057rgsw4563gs63k05s7zsdc0n4djxwlbyqabf7c88f23z35ryyi";
};
makeFlags = [
"PREFIX=$(out)"
];
NIX_CFLAGS_COMPILE = [
"-I${opusfile}/include/opus"
];
buildInputs = [ deadbeef opusfile libopus libogg openssl ];
meta = with stdenv.lib; {
description = "Ogg Opus decoder plugin for the DeaDBeeF music player";
homepage = https://bitbucket.org/Lithopsian/deadbeef-opus;
license = licenses.gpl2; # There are three files, each licensed under different license: zlib, gpl2Plus and lgpl2
maintainers = [ maintainers.jtojnar ];
platforms = platforms.linux;
};
}

4
pkgs/applications/audio/drumkv1/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "drumkv1-${version}"; name = "drumkv1-${version}";
version = "0.8.5"; version = "0.8.6";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/drumkv1/${name}.tar.gz"; url = "mirror://sourceforge/drumkv1/${name}.tar.gz";
sha256 = "06xqqm1ylmpp2s7xk7xav325gc50kxlvh9vf1343b0n3i8xkgjfg"; sha256 = "0fwxrfyp15a4m77mzz4mwj36mhdrj646whlrkvcys33p2w75f8cq";
}; };
buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools ]; buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools ];

4
pkgs/applications/audio/easytag/default.nix
View file

@ -1,5 +1,5 @@
{ stdenv, fetchurl, pkgconfig, intltool, gtk3, glib, libid3tag, id3lib, taglib { stdenv, fetchurl, pkgconfig, intltool, gtk3, glib, libid3tag, id3lib, taglib
, libvorbis, libogg, flac, itstool, libxml2, gsettings_desktop_schemas , libvorbis, libogg, flac, itstool, libxml2, gsettings-desktop-schemas
, makeWrapper, gnome3 , makeWrapper, gnome3
}: }:
@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ makeWrapper pkgconfig intltool ]; nativeBuildInputs = [ makeWrapper pkgconfig intltool ];
buildInputs = [ buildInputs = [
gtk3 glib libid3tag id3lib taglib libvorbis libogg flac gtk3 glib libid3tag id3lib taglib libvorbis libogg flac
itstool libxml2 gsettings_desktop_schemas gnome3.defaultIconTheme (stdenv.lib.getLib gnome3.dconf) itstool libxml2 gsettings-desktop-schemas gnome3.defaultIconTheme (stdenv.lib.getLib gnome3.dconf)
]; ];
meta = with stdenv.lib; { meta = with stdenv.lib; {

4
pkgs/applications/audio/flacon/default.nix
View file

@ -5,13 +5,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "flacon-${version}"; name = "flacon-${version}";
version = "2.1.1"; version = "4.0.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "flacon"; owner = "flacon";
repo = "flacon"; repo = "flacon";
rev = "v${version}"; rev = "v${version}";
sha256 = "0jazv3d1xaydp2ws1pd5rmga76z5yk74v3a8yqfc8vbb2z6ahimz"; sha256 = "0l0xbzpy4nnr08z7gqvb4ngrjwzpspa382cbcrpkya3nd40987kr";
}; };
nativeBuildInputs = [ cmake pkgconfig makeWrapper ]; nativeBuildInputs = [ cmake pkgconfig makeWrapper ];

4
pkgs/applications/audio/fluidsynth/default.nix
View file

@ -5,13 +5,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "fluidsynth-${version}"; name = "fluidsynth-${version}";
version = "1.1.8"; version = "1.1.9";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "FluidSynth"; owner = "FluidSynth";
repo = "fluidsynth"; repo = "fluidsynth";
rev = "v${version}"; rev = "v${version}";
sha256 = "12q7hv0zvgylsdj1ipssv5zr7ap2y410dxsd63dz22y05fa2hwwd"; sha256 = "0krvmb1idnf95l2ydzfcb08ayyx3n4m71hf9fgwv3srzaikvpf3q";
}; };
nativeBuildInputs = [ pkgconfig cmake ]; nativeBuildInputs = [ pkgconfig cmake ];

4
pkgs/applications/audio/gjay/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, fetchurl, pkgconfig, mpd_clientlib, dbus_glib, audacious, gtk2, gsl { stdenv, fetchurl, pkgconfig, mpd_clientlib, dbus-glib, audacious, gtk2, gsl
, libaudclient }: , libaudclient }:
stdenv.mkDerivation { stdenv.mkDerivation {
@ -11,7 +11,7 @@ stdenv.mkDerivation {
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];
buildInputs = [ mpd_clientlib dbus_glib audacious gtk2 gsl libaudclient ]; buildInputs = [ mpd_clientlib dbus-glib audacious gtk2 gsl libaudclient ];
hardeningDisable = [ "format" ]; hardeningDisable = [ "format" ];

4
pkgs/applications/audio/gmpc/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, fetchurl, libtool, intltool, pkgconfig, glib { stdenv, fetchurl, libtool, intltool, pkgconfig, glib
, gtk2, curl, mpd_clientlib, libsoup, gob2, vala, libunique , gtk2, curl, mpd_clientlib, libsoup, gob2, vala, libunique
, libSM, libICE, sqlite, hicolor_icon_theme, wrapGAppsHook , libSM, libICE, sqlite, hicolor-icon-theme, wrapGAppsHook
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig libtool intltool gob2 vala wrapGAppsHook ]; nativeBuildInputs = [ pkgconfig libtool intltool gob2 vala wrapGAppsHook ];
buildInputs = [ buildInputs = [
glib gtk2 curl mpd_clientlib libsoup glib gtk2 curl mpd_clientlib libsoup
libunique libmpd libSM libICE sqlite hicolor_icon_theme libunique libmpd libSM libICE sqlite hicolor-icon-theme
]; ];
meta = with stdenv.lib; { meta = with stdenv.lib; {

12
pkgs/applications/audio/gradio/default.nix
View file

@ -1,13 +1,13 @@
{ stdenv, fetchFromGitHub, pkgconfig { stdenv, fetchFromGitHub, pkgconfig
, gcc , gcc
, python3 , python3
, gsettings_desktop_schemas , gsettings-desktop-schemas
, desktop_file_utils , desktop-file-utils
, glib , glib
, gtk3 , gtk3
, intltool , intltool
, libsoup , libsoup
, json_glib , json-glib
, wrapGAppsHook , wrapGAppsHook
, meson , meson
, ninja , ninja
@ -44,15 +44,15 @@ in stdenv.mkDerivation rec {
glib glib
intltool intltool
libsoup libsoup
json_glib json-glib
gtk3 gtk3
gst_all_1.gstreamer gst_all_1.gstreamer
gst_all_1.gst-plugins-base gst_all_1.gst-plugins-base
wrapGAppsHook wrapGAppsHook
desktop_file_utils desktop-file-utils
gsettings_desktop_schemas gsettings-desktop-schemas
] ++ gst_plugins; ] ++ gst_plugins;
enableParallelBuilding = true; enableParallelBuilding = true;

8
pkgs/applications/audio/gtkpod/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, fetchurl, pkgconfig, makeWrapper, intltool, libgpod, curl, flac, { stdenv, fetchurl, pkgconfig, makeWrapper, intltool, libgpod, curl, flac,
gnome, gtk3, glib, gettext, perl, perlXMLParser, flex, libglade, libid3tag, gnome, gtk3, glib, gettext, perl, perlXMLParser, flex, libglade, libid3tag,
libvorbis, hicolor_icon_theme, gdk_pixbuf }: libvorbis, hicolor-icon-theme, gdk_pixbuf }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "2.1.5"; version = "2.1.5";
@ -11,13 +11,13 @@ stdenv.mkDerivation rec {
sha256 = "0xisrpx069f7bjkyc8vqxb4k0480jmx1wscqxr6cpq1qj6pchzd5"; sha256 = "0xisrpx069f7bjkyc8vqxb4k0480jmx1wscqxr6cpq1qj6pchzd5";
}; };
propagatedUserEnvPkgs = [ gnome.gnome_themes_standard ]; propagatedUserEnvPkgs = [ gnome.gnome-themes-standard ];
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];
buildInputs = [ makeWrapper intltool curl gettext perl perlXMLParser buildInputs = [ makeWrapper intltool curl gettext perl perlXMLParser
flex libgpod libid3tag flac libvorbis gtk3 gdk_pixbuf libglade gnome.anjuta flex libgpod libid3tag flac libvorbis gtk3 gdk_pixbuf libglade gnome.anjuta
gnome.gdl gnome.defaultIconTheme gnome.gdl gnome.defaultIconTheme
hicolor_icon_theme ]; hicolor-icon-theme ];
patchPhase = '' patchPhase = ''
sed -i 's/which/type -P/' scripts/*.sh sed -i 's/which/type -P/' scripts/*.sh
@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
preFixup = '' preFixup = ''
wrapProgram "$out/bin/gtkpod" \ wrapProgram "$out/bin/gtkpod" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \ --set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome.gnome_themes_standard}/share:$out/share:$GSETTINGS_SCHEMAS_PATH" --prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome.gnome-themes-standard}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
''; '';
enableParallelBuilding = true; enableParallelBuilding = true;

8
pkgs/applications/audio/guitarix/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, fetchurl, gettext, intltool, pkgconfig, python2 { stdenv, fetchurl, gettext, intltool, pkgconfig, python2
, avahi, bluez, boost, eigen, fftw, glib, glib_networking , avahi, bluez, boost, eigen, fftw, glib, glib-networking
, glibmm, gsettings_desktop_schemas, gtkmm2, libjack2 , glibmm, gsettings-desktop-schemas, gtkmm2, libjack2
, ladspaH, libav, librdf, libsndfile, lilv, lv2, serd, sord, sratom , ladspaH, libav, librdf, libsndfile, lilv, lv2, serd, sord, sratom
, wrapGAppsHook, zita-convolver, zita-resampler , wrapGAppsHook, zita-convolver, zita-resampler
, optimizationSupport ? false # Enable support for native CPU extensions , optimizationSupport ? false # Enable support for native CPU extensions
@ -22,8 +22,8 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ gettext intltool wrapGAppsHook pkgconfig python2 ]; nativeBuildInputs = [ gettext intltool wrapGAppsHook pkgconfig python2 ];
buildInputs = [ buildInputs = [
avahi bluez boost eigen fftw glib glibmm glib_networking.out avahi bluez boost eigen fftw glib glibmm glib-networking.out
gsettings_desktop_schemas gtkmm2 libjack2 ladspaH libav librdf gsettings-desktop-schemas gtkmm2 libjack2 ladspaH libav librdf
libsndfile lilv lv2 serd sord sratom zita-convolver libsndfile lilv lv2 serd sord sratom zita-convolver
zita-resampler zita-resampler
]; ];

4
pkgs/applications/audio/kid3/default.nix
View file

@ -10,11 +10,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "kid3-${version}"; name = "kid3-${version}";
version = "3.4.2"; version = "3.5.1";
src = fetchurl { src = fetchurl {
url = "mirror://sourceforge/project/kid3/kid3/${version}/${name}.tar.gz"; url = "mirror://sourceforge/project/kid3/kid3/${version}/${name}.tar.gz";
sha256 = "0gka4na583015jyqva18g85q7vnkjdk0iji2jp88di3kpvqhf1sw"; sha256 = "09iryxnhg8d9q36a4brb25bqkjprkx5kl0x7vyy82gxivqk0ihl8";
}; };
buildInputs = with stdenv.lib; buildInputs = with stdenv.lib;

Some files were not shown because too many files have changed in this diff Show more