movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Merge branch 'master' into nix-2.0

Browse source
This commit is contained in:
Vladimír Čunát 2018-03-03 18:02:35 +01:00
commit b70c93f211
No known key found for this signature in database
GPG key ID: E747DF1F9575A3AA
1616 changed files with 22967 additions and 28019 deletions
Download patch file Download diff file Expand all files Collapse all files

2
doc/meta.xml
View file

@ -53,7 +53,7 @@ $ nix-env -qa hello --json
"x86_64-linux",
"armv5tel-linux",
"armv7l-linux",
"mips64el-linux",
"mips32-linux",
"x86_64-darwin",
"i686-cygwin",
"i686-freebsd",

6
lib/customisation.nix
View file

@ -155,12 +155,6 @@ rec {
outPath = assert condition; drv.outPath;
};
/* Add attributes to each output of a derivation without changing
the derivation itself. */
addPassthru =
lib.warn "`addPassthru drv passthru` is deprecated, replace with `extendDerivation true passthru drv`"
(drv: passthru: extendDerivation true passthru drv);
/* Strip a derivation of all non-essential attributes, returning
only those needed by hydra-eval-jobs. Also strictly evaluate the
result to ensure that there are no thunks kept alive to prevent

2
lib/default.nix
View file

@ -88,7 +88,7 @@ let
inherit (stringsWithDeps) textClosureList textClosureMap
noDepEntry fullDepEntry packEntry stringAfter;
inherit (customisation) overrideDerivation makeOverridable
callPackageWith callPackagesWith extendDerivation addPassthru
callPackageWith callPackagesWith extendDerivation
hydraJob makeScope;
inherit (meta) addMetaAttrs dontDistribute setName updateName
appendToName mapDerivationAttrset lowPrio lowPrioSet hiPrio

9
lib/maintainers.nix
View file

@ -71,6 +71,7 @@
auntie = "Jonathan Glines <auntieNeo@gmail.com>";
avnik = "Alexander V. Nikolaev <avn@avnik.info>";
aycanirican = "Aycan iRiCAN <iricanaycan@gmail.com>";
babariviere = "Bastien Riviere <babariviere@protonmail.com>";
bachp = "Pascal Bach <pascal.bach@nextrem.ch>";
backuitist = "Bruno Bieth";
badi = "Badi' Abdul-Wahid <abdulwahidc@gmail.com>";
@ -198,6 +199,7 @@
dzabraev = "Maksim Dzabraev <dzabraew@gmail.com>";
e-user = "Alexander Kahl <nixos@sodosopa.io>";
earldouglas = "James Earl Douglas <james@earldouglas.com>";
earvstedt = "Erik Arvstedt <erik.arvstedt@gmail.com>";
ebzzry = "Rommel Martinez <ebzzry@ebzzry.io>";
edanaher = "Evan Danaher <nixos@edanaher.net>";
edef = "edef <edef@edef.eu>";
@ -224,6 +226,7 @@
erictapen = "Justin Humm <justin.humm@posteo.de>";
erikryb = "Erik Rybakken <erik.rybakken@math.ntnu.no>";
ertes = "Ertugrul Söylemez <esz@posteo.de>";
erosennin = "Andrey Golovizin <ag@sologoc.com>";
ethercrow = "Dmitry Ivanov <ethercrow@gmail.com>";
etu = "Elis Hirwing <elis@hirwing.se>";
exfalso = "Andras Slemmer <0slemi0@gmail.com>";
@ -373,12 +376,14 @@
lasandell = "Luke Sandell <lasandell@gmail.com>";
lassulus = "Lassulus <lassulus@gmail.com>";
layus = "Guillaume Maudoux <layus.on@gmail.com>";
lblasc = "Luka Blaskovic <lblasc@znode.net>";
ldesgoui = "Lucas Desgouilles <ldesgoui@gmail.com>";
league = "Christopher League <league@contrapunctus.net>";
lebastr = "Alexander Lebedev <lebastr@gmail.com>";
ledif = "Adam Fidel <refuse@gmail.com>";
leemachin = "Lee Machin <me@mrl.ee>";
leenaars = "Michiel Leenaars <ml.software@leenaa.rs>";
lejonet = "Daniel Kuehn <daniel@kuehn.se>";
leonardoce = "Leonardo Cecchi <leonardo.cecchi@gmail.com>";
lethalman = "Luca Bruno <lucabru@src.gnome.org>";
lewo = "Antoine Eiche <lewo@abesis.fr>";
@ -671,6 +676,7 @@
stumoss = "Stuart Moss <samoss@gmail.com>";
SuprDewd = "Bjarki Ágúst Guðmundsson <suprdewd@gmail.com>";
suvash = "Suvash Thapaliya <suvash+nixpkgs@gmail.com>";
svsdep = "Vasyl Solovei <svsdep@gmail.com>";
swarren83 = "Shawn Warren <shawn.w.warren@gmail.com>";
swflint = "Samuel W. Flint <swflint@flintfam.org>";
swistak35 = "Rafał Łasocha <me@swistak35.com>";
@ -689,6 +695,7 @@
TealG = "Teal Gaure <~@Teal.Gr>";
teh = "Tom Hunger <tehunger@gmail.com>";
telotortium = "Robert Irelan <rirelan@gmail.com>";
teozkr = "Teo Klestrup Röijezon <teo@nullable.se>";
teto = "Matthieu Coudron <mcoudron@hotmail.com>";
tex = "Milan Svoboda <milan.svoboda@centrum.cz>";
thall = "Niclas Thall <niclas.thall@gmail.com>";
@ -702,6 +709,7 @@
tilpner = "Till Höppner <till@hoeppner.ws>";
timbertson = "Tim Cuthbertson <tim@gfxmonk.net>";
timokau = "Timo Kaufmann <timokau@zoho.com>";
timor = "timor <timor.dd@googlemail.com>";
tiramiseb = "Sébastien Maccagnoni <sebastien@maccagnoni.eu>";
titanous = "Jonathan Rudenberg <jonathan@titanous.com>";
tnias = "Philipp Bartsch <phil@grmr.de>";
@ -713,6 +721,7 @@
treemo = "Matthieu Chevrier <matthieu.chevrier@treemo.fr>";
trevorj = "Trevor Joynson <nix@trevor.joynson.io>";
trino = "Hubert Mühlhans <muehlhans.hubert@ekodia.de>";
troydm = "Dmitry Geurkov <d.geurkov@gmail.com>";
tstrobel = "Thomas Strobel <4ZKTUB6TEP74PYJOPWIR013S2AV29YUBW5F9ZH2F4D5UMJUJ6S@hash.domains>";
ttuegel = "Thomas Tuegel <ttuegel@mailbox.org>";
tv = "Tomislav Viljetić <tv@shackspace.de>";

7
lib/systems/default.nix
View file

@ -23,10 +23,12 @@ rec {
config = parse.tripleFromSystem final.parsed;
# Just a guess, based on `system`
platform = platforms.selectBySystem final.system;
# Derived meta-data
libc =
/**/ if final.isDarwin then "libSystem"
else if final.isMinGW then "msvcrt"
else if final.isMusl then "musl"
else if final.isAndroid then "bionic"
else if final.isLinux /* default */ then "glibc"
# TODO(@Ericson2314) think more about other operating systems
else "native/impure";
@ -39,7 +41,10 @@ rec {
/**/ if final.isWindows then ".exe"
else "";
};
# Misc boolean options
useAndroidPrebuilt = false;
} // mapAttrs (n: v: v final.parsed) inspect.predicates
// args;
in final;
in assert final.useAndroidPrebuilt -> final.isAndroid;
final;
}

2
lib/systems/doubles.nix
View file

@ -9,7 +9,7 @@ let
"aarch64-linux"
"armv5tel-linux" "armv6l-linux" "armv7l-linux"
"mips64el-linux"
"mipsel-linux"
"i686-cygwin" "i686-freebsd" "i686-linux" "i686-netbsd" "i686-openbsd"

9
lib/systems/examples.nix
View file

@ -38,6 +38,13 @@ rec {
platform = platforms.aarch64-multiplatform;
};
aarch64-android-prebuilt = rec {
config = "aarch64-unknown-linux-android";
arch = "aarch64";
platform = platforms.aarch64-multiplatform;
useAndroidPrebuilt = true;
};
scaleway-c1 = armv7l-hf-multiplatform // rec {
platform = platforms.scaleway-c1;
inherit (platform.gcc) fpu;
@ -51,7 +58,7 @@ rec {
};
fuloongminipc = rec {
config = "mips64el-unknown-linux-gnu";
config = "mipsel-unknown-linux-gnu";
arch = "mips";
float = "hard";
platform = platforms.fuloong2f_n32;

8
lib/systems/inspect.nix
View file

@ -34,7 +34,15 @@ rec {
Cygwin = { kernel = kernels.windows; abi = abis.cygnus; };
MinGW = { kernel = kernels.windows; abi = abis.gnu; };
Android = [ { abi = abis.android; } { abi = abis.androideabi; } ];
Musl = with abis; map (a: { abi = a; }) [ musl musleabi musleabihf ];
Kexecable = map (family: { kernel = kernels.linux; cpu.family = family; })
[ "x86" "arm" "aarch64" "mips" ];
Efi = map (family: { cpu.family = family; })
[ "x86" "arm" "aarch64" ];
Seccomputable = map (family: { kernel = kernels.linux; cpu.family = family; })
[ "x86" "arm" "aarch64" "mips" ];
};
matchAnyAttrs = patterns:

6
lib/systems/parse.nix
View file

@ -75,7 +75,10 @@ rec {
aarch64 = { bits = 64; significantByte = littleEndian; family = "aarch64"; };
i686 = { bits = 32; significantByte = littleEndian; family = "x86"; };
x86_64 = { bits = 64; significantByte = littleEndian; family = "x86"; };
mips64el = { bits = 32; significantByte = littleEndian; family = "mips"; };
mips = { bits = 32; significantByte = bigEndian; family = "mips"; };
mipsel = { bits = 32; significantByte = littleEndian; family = "mips"; };
mips64 = { bits = 64; significantByte = bigEndian; family = "mips"; };
mips64el = { bits = 64; significantByte = littleEndian; family = "mips"; };
powerpc = { bits = 32; significantByte = bigEndian; family = "power"; };
riscv32 = { bits = 32; significantByte = littleEndian; family = "riscv"; };
riscv64 = { bits = 64; significantByte = littleEndian; family = "riscv"; };
@ -173,6 +176,7 @@ rec {
types.abi = enum (attrValues abis);
abis = setTypes types.openAbi {
android = {};
cygnus = {};
gnu = {};
msvc = {};

2
lib/systems/platforms.nix
View file

@ -561,6 +561,6 @@ rec {
"armv6l-linux" = raspberrypi;
"armv7l-linux" = armv7l-hf-multiplatform;
"aarch64-linux" = aarch64-multiplatform;
"mips64el-linux" = fuloong2f_n32;
"mipsel-linux" = fuloong2f_n32;
}.${system} or pcBase;
}

4
lib/tests/systems.nix
View file

@ -16,7 +16,7 @@ in with lib.systems.doubles; lib.runTests {
arm = assertTrue (mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv7l-linux" ]);
i686 = assertTrue (mseteq i686 [ "i686-linux" "i686-freebsd" "i686-netbsd" "i686-openbsd" "i686-cygwin" ]);
mips = assertTrue (mseteq mips [ "mips64el-linux" ]);
mips = assertTrue (mseteq mips [ "mipsel-linux" ]);
x86_64 = assertTrue (mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" ]);
cygwin = assertTrue (mseteq cygwin [ "i686-cygwin" "x86_64-cygwin" ]);
@ -24,7 +24,7 @@ in with lib.systems.doubles; lib.runTests {
freebsd = assertTrue (mseteq freebsd [ "i686-freebsd" "x86_64-freebsd" ]);
gnu = assertTrue (mseteq gnu (linux /* ++ hurd ++ kfreebsd ++ ... */));
illumos = assertTrue (mseteq illumos [ "x86_64-solaris" ]);
linux = assertTrue (mseteq linux [ "i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "aarch64-linux" "mips64el-linux" ]);
linux = assertTrue (mseteq linux [ "i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "aarch64-linux" "mipsel-linux" ]);
netbsd = assertTrue (mseteq netbsd [ "i686-netbsd" "x86_64-netbsd" ]);
openbsd = assertTrue (mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ]);
unix = assertTrue (mseteq unix (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos));

192
maintainers/scripts/gnome.sh
View file

@ -1,192 +0,0 @@
#!/usr/bin/env bash
set -o pipefail
GNOME_FTP=ftp.gnome.org/pub/GNOME/sources
# projects that don't follow the GNOME major versioning, or that we don't want to
# programmatically update
NO_GNOME_MAJOR="ghex gtkhtml gdm gucharmap"
usage() {
echo "Usage: $0 <show project>|<update project>|<update-all> [major.minor]" >&2
exit 0
}
if [ "$#" -lt 1 ]; then
usage
fi
GNOME_TOP=pkgs/desktops/gnome-3
action=$1
# curl -l ftp://... doesn't work from my office in HSE, and I don't want to have
# any conversations with sysadmin. Somehow lftp works.
if [ "$FTP_CLIENT" = "lftp" ]; then
ls_ftp() {
lftp -c "open $1; cls"
}
else
ls_ftp() {
curl -s -l "$1"/
}
fi
find_project() {
exec find "$GNOME_TOP" -mindepth 2 -maxdepth 2 -type d "$@"
}
show_project() {
local project=$1
local majorVersion=$2
local version=
if [ -z "$majorVersion" ]; then
echo "Looking for available versions..." >&2
local available_baseversions=$(ls_ftp ftp://${GNOME_FTP}/${project} | grep '[0-9]\.[0-9]' | sort -t. -k1,1n -k 2,2n)
if [ "$?" -ne 0 ]; then
echo "Project $project not found" >&2
return 1
fi
echo -e "The following versions are available:\n ${available_baseversions[@]}" >&2
echo -en "Choose one of them: " >&2
read majorVersion
fi
if echo "$majorVersion" | grep -q "[0-9]\+\.[0-9]\+\.[0-9]\+"; then
# not a major version
version=$majorVersion
majorVersion=$(echo "$majorVersion" | cut -d '.' -f 1,2)
fi
local FTPDIR=${GNOME_FTP}/${project}/${majorVersion}
#version=`curl -l ${FTPDIR}/ 2>/dev/null | grep LATEST-IS | sed -e s/LATEST-IS-//`
# gnome's LATEST-IS is broken. Do not trust it.
if [ -z "$version" ]; then
local files=$(ls_ftp "${FTPDIR}")
declare -A versions
for f in $files; do
case $f in
(LATEST-IS-*|*.news|*.changes|*.sha256sum|*.diff*):
;;
($project-*.*.9*.tar.*):
tmp=${f#$project-}
tmp=${tmp%.tar*}
echo "Ignored unstable version ${tmp}" >&2
;;
($project-*.tar.*):
tmp=${f#$project-}
tmp=${tmp%.tar*}
versions[${tmp}]=1
;;
(*):
echo "UNKNOWN FILE $f" >&2
;;
esac
done
echo "Found versions ${!versions[@]}" >&2
version=$(echo ${!versions[@]} | sed -e 's/ /\n/g' | sort -t. -k1,1n -k 2,2n -k 3,3n | tail -n1)
if [ -z "$version" ]; then
echo "No version available for major $majorVersion" >&2
return 1
fi
echo "Latest version is: ${version}" >&2
fi
local name=${project}-${version}
echo "Fetching .sha256 file" >&2
local sha256out=$(curl -s -f http://"${FTPDIR}"/"${name}".sha256sum)
if [ "$?" -ne "0" ]; then
echo "Version not found" >&2
return 1
fi
extensions=( "xz" "bz2" "gz" )
echo "Choosing archive extension (known are ${extensions[@]})..." >&2
for ext in ${extensions[@]}; do
if echo -e "$sha256out" | grep -q "\\.tar\\.${ext}$"; then
ext_pref=$ext
sha256=$(echo -e "$sha256out" | grep "\\.tar\\.${ext}$" | cut -f1 -d\ )
break
fi
done
echo "Chosen ${ext_pref}, hash is ${sha256}" >&2
echo "# Autogenerated by maintainers/scripts/gnome.sh update
fetchurl: {
name = \"${project}-${version}\";
src = fetchurl {
url = mirror://gnome/sources/${project}/${majorVersion}/${project}-${version}.tar.${ext_pref};
sha256 = \"${sha256}\";
};
}"
return 0
}
update_project() {
local project=$1
local majorVersion=$2
# find project in nixpkgs tree
projectPath=$(find_project -name "$project" -print)
if [ -z "$projectPath" ]; then
echo "Project $project not found under $GNOME_TOP"
exit 1
fi
src=$(show_project "$project" "$majorVersion")
if [ "$?" -eq "0" ]; then
echo "Updating $projectPath/src.nix" >&2
echo -e "$src" > "$projectPath"/src.nix
fi
return 0
}
if [ "$action" = "update-all" ]; then
majorVersion=$2
if [ -z "$majorVersion" ]; then
echo "No major version specified" >&2
usage
fi
# find projects
projects=$(find_project -exec basename '{}' \;)
for project in $projects; do
if echo "$NO_GNOME_MAJOR"|grep -q $project; then
echo "Skipping $project"
else
echo "= Updating $project to $majorVersion" >&2
update_project "$project" "$majorVersion"
echo >&2
fi
done
else
project=$2
majorVersion=$3
if [ -z "$project" ]; then
echo "No project specified, exiting" >&2
usage
fi
if [ "$action" = show ]; then
show_project "$project" "$majorVersion"
elif [ "$action" = update ]; then
update_project "$project" "$majorVersion"
else
echo "Unknown action $action" >&2
usage
fi
fi

21
maintainers/scripts/update.nix
View file

@ -1,5 +1,6 @@
{ package ? null
, maintainer ? null
, path ? null
}:
# TODO: add assert statements
@ -9,7 +10,8 @@ let
pkgs = import ./../../default.nix { };
packagesWith = cond: return: set:
pkgs.lib.flatten
pkgs.lib.unique
(pkgs.lib.flatten
(pkgs.lib.mapAttrsToList
(name: pkg:
let
@ -25,6 +27,7 @@ let
else []
)
set
)
);
packagesWithUpdateScriptAndMaintainer = maintainer':
@ -47,6 +50,14 @@ let
(name: pkg: pkg)
pkgs;
packagesWithUpdateScript = path:
let
attrSet = pkgs.lib.attrByPath (pkgs.lib.splitString "." path) null pkgs;
in
packagesWith (name: pkg: builtins.hasAttr "updateScript" pkg)
(name: pkg: pkg)
attrSet;
packageByName = name:
let
package = pkgs.lib.attrByPath (pkgs.lib.splitString "." name) null pkgs;
@ -63,6 +74,8 @@ let
[ (packageByName package) ]
else if maintainer != null then
packagesWithUpdateScriptAndMaintainer maintainer
else if path != null then
packagesWithUpdateScript path
else
builtins.throw "No arguments provided.\n\n${helpText}";
@ -76,7 +89,11 @@ let
% nix-shell maintainers/scripts/update.nix --argstr package garbas
to run update script for specific package.
to run update script for specific package, or
% nix-shell maintainers/scripts/update.nix --argstr path gnome3
to run update script for all package under an attribute path.
'';
runUpdateScript = package: ''

78
nixos/doc/manual/release-notes/rl-1803.xml
View file

@ -18,6 +18,18 @@
has the following highlights: </para>
<itemizedlist>
<listitem>
<para>
Linux kernel defaults to the 4.14 branch (it was 4.9).
</para>
</listitem>
<listitem>
<para>
GCC defaults to 7.x (it was 6.x).
</para>
</listitem>
<listitem>
<para>
MariaDB 10.2, updated from 10.1, is now the default MySQL implementation. While upgrading a few changes
@ -80,6 +92,11 @@ has the following highlights: </para>
following incompatible changes:</para>
<itemizedlist>
<listitem>
<para>
<literal>sound.enable</literal> now defaults to false.
</para>
</listitem>
<listitem>
<para>
Dollar signs in options under <option>services.postfix</option> are
@ -176,7 +193,7 @@ following incompatible changes:</para>
</listitem>
<listitem>
<para>
<literal>lib.addPassthru drv passthru</literal> is removed. Use <literal>lib.extendDerivation true passthru drv</literal> instead. <emphasis role="strong">TODO: actually remove it before branching 18.03 off.</emphasis>
<literal>lib.addPassthru drv passthru</literal> is removed. Use <literal>lib.extendDerivation true passthru drv</literal> instead.
</para>
</listitem>
<listitem>
@ -239,6 +256,58 @@ following incompatible changes:</para>
<link xlink:href="http://borgbackup.readthedocs.io/en/stable/usage/upgrade.html#attic-and-borg-0-xx-to-borg-1-x">here</link>.
</para>
</listitem>
<listitem>
<para>
The Piwik analytics software was renamed to Matomo:
<itemizedlist>
<listitem>
<para>The package <literal>pkgs.piwik</literal> was renamed to <literal>pkgs.matomo</literal>.</para>
</listitem>
<listitem>
<para>The service <literal>services.piwik</literal> was renamed to <literal>services.matomo</literal>.</para>
</listitem>
<listitem>
<para>
The data directory <filename>/var/lib/piwik</filename> was renamed to <filename>/var/lib/matomo</filename>.
All files will be moved automatically on first startup, but you might need to adjust your backup scripts.
</para>
</listitem>
<listitem>
<para>
The default <option>serverName</option> for the nginx configuration changed from
<literal>piwik.${config.networking.hostName}</literal> to
<literal>matomo.${config.networking.hostName}.${config.networking.domain}</literal>
if <option>config.networking.domain</option> is set,
<literal>matomo.${config.networking.hostName}</literal> if it is not set.
If you change your <option>serverName</option>, remember you'll need to update the
<literal>trustedHosts[]</literal> array in <filename>/var/lib/matomo/config/config.ini.php</filename>
as well.
</para>
</listitem>
<listitem>
<para>
The <literal>piwik</literal> user was renamed to <literal>matomo</literal>.
The service will adjust ownership automatically for files in the data directory.
If you use unix socket authentication, remember to give the new <literal>matomo</literal> user
access to the database and to change the <literal>username</literal> to <literal>matomo</literal>
in the <literal>[database]</literal> section of <filename>/var/lib/matomo/config/config.ini.php</filename>.
</para>
</listitem>
<listitem>
<para>
If you named your database `piwik`, you might want to rename it to `matomo` to keep things clean,
but this is neither enforced nor required.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
<literal>nodejs-4_x</literal> is end-of-life.
<literal>nodejs-4_x</literal>, <literal>nodejs-slim-4_x</literal> and <literal>nodePackages_4_x</literal> are removed.
</para>
</listitem>
</itemizedlist>
</section>
@ -373,6 +442,13 @@ following incompatible changes:</para>
and <literal>stopJob</literal> provide an optional <literal>$user</literal> argument for that purpose.
</para>
</listitem>
<listitem>
<para>
Enabling bash completion on NixOS, <literal>programs.bash.enableCompletion</literal>, will now also enable
completion for the Nix command line tools by installing the
<link xlink:href="https://github.com/hedning/nix-bash-completions">nix-bash-completions</link> package.
</para>
</listitem>
</itemizedlist>
</section>

14
nixos/modules/config/no-x-libs.nix
View file

@ -28,13 +28,13 @@ with lib;
nixpkgs.config.packageOverrides = pkgs: {
dbus = pkgs.dbus.override { x11Support = false; };
networkmanager_fortisslvpn = pkgs.networkmanager_fortisslvpn.override { withGnome = false; };
networkmanager_l2tp = pkgs.networkmanager_l2tp.override { withGnome = false; };
networkmanager_openconnect = pkgs.networkmanager_openconnect.override { withGnome = false; };
networkmanager_openvpn = pkgs.networkmanager_openvpn.override { withGnome = false; };
networkmanager_pptp = pkgs.networkmanager_pptp.override { withGnome = false; };
networkmanager_vpnc = pkgs.networkmanager_vpnc.override { withGnome = false; };
networkmanager_iodine = pkgs.networkmanager_iodine.override { withGnome = false; };
networkmanager-fortisslvpn = pkgs.networkmanager-fortisslvpn.override { withGnome = false; };
networkmanager-l2tp = pkgs.networkmanager-l2tp.override { withGnome = false; };
networkmanager-openconnect = pkgs.networkmanager-openconnect.override { withGnome = false; };
networkmanager-openvpn = pkgs.networkmanager-openvpn.override { withGnome = false; };
networkmanager-pptp = pkgs.networkmanager-pptp.override { withGnome = false; };
networkmanager-vpnc = pkgs.networkmanager-vpnc.override { withGnome = false; };
networkmanager-iodine = pkgs.networkmanager-iodine.override { withGnome = false; };
pinentry = pkgs.pinentry_ncurses;
};
};

3
nixos/modules/hardware/all-firmware.nix
View file

@ -37,8 +37,9 @@ in {
hardware.firmware = with pkgs; [
firmwareLinuxNonfree
intel2200BGFirmware
rtl8723bs-firmware
rtl8192su-firmware
] ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [
rtl8723bs-firmware
];
})
(mkIf cfg.enableAllFirmware {

30
nixos/modules/hardware/digitalbitbox.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hardware.digitalbitbox;
in
{
options.hardware.digitalbitbox = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enables udev rules for Digital Bitbox devices.
'';
};
package = mkOption {
type = types.package;
default = pkgs.digitalbitbox;
defaultText = "pkgs.digitalbitbox";
description = "The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.";
};
};
config = mkIf cfg.enable {
services.udev.packages = [ cfg.package ];
};
}

2
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix
View file

@ -69,7 +69,7 @@ with lib;
in ''
mkdir -p /root/Desktop
ln -sfT ${desktopFile} /root/Desktop/nixos-manual.desktop
cp ${pkgs.gnome3.gnome_terminal}/share/applications/gnome-terminal.desktop /root/Desktop/gnome-terminal.desktop
cp ${pkgs.gnome3.gnome-terminal}/share/applications/gnome-terminal.desktop /root/Desktop/gnome-terminal.desktop
chmod a+rx /root/Desktop/gnome-terminal.desktop
cp ${pkgs.gparted}/share/applications/gparted.desktop /root/Desktop/gparted.desktop
chmod a+rx /root/Desktop/gparted.desktop

4
nixos/modules/installer/tools/nixos-generate-config.pl
View file

@ -603,6 +603,10 @@ $bootLoaderConfig
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";

2
nixos/modules/misc/ids.nix
View file

@ -304,6 +304,7 @@
mighttpd2 = 285;
hass = 286;
monero = 287;
ceph = 288;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -576,6 +577,7 @@
mighttpd2 = 285;
hass = 286;
monero = 287;
ceph = 288;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

4
nixos/modules/misc/label.nix
View file

@ -65,8 +65,8 @@ in
# This is set here rather than up there so that changing it would
# not rebuild the manual
system.nixos.label = mkDefault (maybeEnv "NIXOS_LABEL"
(concatStringsSep "-" (sort (x: y: x < y) cfg.tags)
+ "-" + maybeEnv "NIXOS_LABEL_VERSION" cfg.version));
(concatStringsSep "-" ((sort (x: y: x < y) cfg.tags)
++ [ (maybeEnv "NIXOS_LABEL_VERSION" cfg.version) ])));
};
}

2
nixos/modules/misc/nixpkgs.nix
View file

@ -93,7 +93,7 @@ in
default = {};
example = literalExample
''
{ firefox.enableGeckoMediaPlayer = true; }
{ allowBroken = true; allowUnfree = true; }
'';
type = configType;
description = ''

6
nixos/modules/module-list.nix
View file

@ -31,6 +31,7 @@
./hardware/ckb.nix
./hardware/cpu/amd-microcode.nix
./hardware/cpu/intel-microcode.nix
./hardware/digitalbitbox.nix
./hardware/sensor/iio.nix
./hardware/ksm.nix
./hardware/mcelog.nix
@ -78,6 +79,7 @@
./programs/command-not-found/command-not-found.nix
./programs/criu.nix
./programs/dconf.nix
./programs/digitalbitbox/default.nix
./programs/environment.nix
./programs/fish.nix
./programs/freetds.nix
@ -109,6 +111,7 @@
./programs/sway.nix
./programs/thefuck.nix
./programs/tmux.nix
./programs/udevil.nix
./programs/venus.nix
./programs/vim.nix
./programs/way-cooler.nix
@ -436,6 +439,7 @@
./services/network-filesystems/u9fs.nix
./services/network-filesystems/yandex-disk.nix
./services/network-filesystems/xtreemfs.nix
./services/network-filesystems/ceph.nix
./services/networking/amuled.nix
./services/networking/aria2.nix
./services/networking/asterisk.nix
@ -637,7 +641,7 @@
./services/web-apps/nixbot.nix
./services/web-apps/nexus.nix
./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/piwik.nix
./services/web-apps/matomo.nix
./services/web-apps/pump.io.nix
./services/web-apps/restya-board.nix
./services/web-apps/tt-rss.nix

3
nixos/modules/programs/bash/bash.nix
View file

@ -211,6 +211,9 @@ in
"/share/bash-completion"
];
environment.systemPackages = optional cfg.enableCompletion
pkgs.nix-bash-completions;
environment.shells =
[ "/run/current-system/sw/bin/bash"
"/var/run/current-system/sw/bin/bash"

1
nixos/modules/programs/browserpass.nix
View file

@ -18,5 +18,6 @@ with lib;
"opt/chrome/native-messaging-hosts/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-host.json";
"opt/chrome/policies/managed/com.dannyvankooten.browserpass.json".source = "${pkgs.browserpass}/etc/chrome-policy.json";
};
nixpkgs.config.firefox.enableBrowserpass = true;
};
}

8
nixos/modules/programs/chromium.nix
View file

@ -36,6 +36,7 @@ in
"chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet
"mbniclmhobmnbdlbpiphghaielnnpgdp" # lightshot
"gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
]
'';
};
@ -52,8 +53,7 @@ in
description = "Chromium default search provider url.";
default = null;
example =
"https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:
searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}";
"https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}";
};
defaultSearchProviderSuggestURL = mkOption {
@ -79,7 +79,11 @@ in
###### implementation
config = lib.mkIf cfg.enable {
# for chromium
environment.etc."chromium/policies/managed/default.json".text = builtins.toJSON defaultProfile;
environment.etc."chromium/policies/managed/extra.json".text = builtins.toJSON cfg.extraOpts;
# for google-chrome https://www.chromium.org/administrators/linux-quick-start
environment.etc."opt/chrome/policies/managed/default.json".text = builtins.toJSON defaultProfile;
environment.etc."opt/chrome/policies/managed/extra.json".text = builtins.toJSON cfg.extraOpts;
};
}

2
nixos/modules/programs/dconf.nix
View file

@ -36,7 +36,7 @@ in
"${pkgs.gnome3.dconf.lib}/lib/gio/modules";
# https://github.com/NixOS/nixpkgs/pull/31891
#environment.variables.XDG_DATA_DIRS = optional cfg.enable
# "$(echo ${pkgs.gnome3.gsettings_desktop_schemas}/share/gsettings-schemas/gsettings-desktop-schemas-*)";
# "$(echo ${pkgs.gnome3.gsettings-desktop-schemas}/share/gsettings-schemas/gsettings-desktop-schemas-*)";
};
}

39
nixos/modules/programs/digitalbitbox/default.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.digitalbitbox;
in
{
options.programs.digitalbitbox = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Installs the Digital Bitbox application and enables the complementary hardware module.
'';
};
package = mkOption {
type = types.package;
default = pkgs.digitalbitbox;
defaultText = "pkgs.digitalbitbox";
description = "The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.";
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
hardware.digitalbitbox = {
enable = true;
package = cfg.package;
};
};
meta = {
doc = ./doc.xml;
maintainers = with stdenv.lib.maintainers; [ vidbina ];
};
}

85
nixos/modules/programs/digitalbitbox/doc.xml Normal file
View file

@ -0,0 +1,85 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-programs-digitalbitbox">
<title>Digital Bitbox</title>
<para>
Digital Bitbox is a hardware wallet and second-factor authenticator.
</para>
<para>
The <literal>digitalbitbox</literal> programs module may be
installed by setting <literal>programs.digitalbitbox</literal>
to <literal>true</literal> in a manner similar to
<programlisting>
programs.digitalbitbox.enable = true;
</programlisting>
and bundles the <literal>digitalbitbox</literal> package (see <xref
linkend="sec-digitalbitbox-package" />), which contains the
<literal>dbb-app</literal> and <literal>dbb-cli</literal> binaries,
along with the hardware module (see <xref
linkend="sec-digitalbitbox-hardware-module" />) which sets up the
necessary udev rules to access the device.
</para>
<para>
Enabling the digitalbitbox module is pretty much the easiest way to
get a Digital Bitbox device working on your system.
</para>
<para>
For more information, see
<link xlink:href="https://digitalbitbox.com/start_linux" />.
</para>
<section xml:id="sec-digitalbitbox-package">
<title>Package</title>
<para>
The binaries, <literal>dbb-app</literal> (a GUI tool) and
<literal>dbb-cli</literal> (a CLI tool), are available through the
<literal>digitalbitbox</literal> package which could be installed
as follows:
<programlisting>
environment.systemPackages = [
pkgs.digitalbitbox
];
</programlisting>
</para>
</section>
<section xml:id="sec-digitalbitbox-hardware-module">
<title>Hardware</title>
<para>
The digitalbitbox hardware package enables the udev rules for
Digital Bitbox devices and may be installed as follows:
<programlisting>
hardware.digitalbitbox.enable = true;
</programlisting>
</para>
<para>
In order to alter the udev rules, one may provide different values for
the <literal>udevRule51</literal> and <literal>udevRule52</literal>
attributes by means of overriding as follows:
<programlisting>
programs.digitalbitbox = {
enable = true;
package = pkgs.digitalbitbox.override {
udevRule51 = "something else";
};
};
</programlisting>
</para>
</section>
</chapter>

14
nixos/modules/programs/udevil.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.udevil;
in {
options.programs.udevil.enable = mkEnableOption "udevil";
config = mkIf cfg.enable {
security.wrappers.udevil.source = "${lib.getBin pkgs.udevil}/bin/udevil";
};
}

6
nixos/modules/rename.nix
View file

@ -148,6 +148,12 @@ with lib;
# parsoid
(mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] [ "services" "parsoid" "wikis" ])
# piwik was renamed to matomo
(mkRenamedOptionModule [ "services" "piwik" "enable" ] [ "services" "matomo" "enable" ])
(mkRenamedOptionModule [ "services" "piwik" "webServerUser" ] [ "services" "matomo" "webServerUser" ])
(mkRenamedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] [ "services" "matomo" "phpfpmProcessManagerConfig" ])
(mkRenamedOptionModule [ "services" "piwik" "nginx" ] [ "services" "matomo" "nginx" ])
# tarsnap
(mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives.<name>.cachedir")

4
nixos/modules/security/pam.nix
View file

@ -311,7 +311,7 @@ let
("auth optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" +
" kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")}
${optionalString cfg.enableGnomeKeyring
("auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so")}
("auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so")}
${optionalString cfg.googleAuthenticator.enable
"auth required ${pkgs.googleAuthenticator}/lib/security/pam_google_authenticator.so no_increment_hotp"}
'') + ''
@ -384,7 +384,7 @@ let
("session optional ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so" +
" kwalletd=${pkgs.libsForQt5.kwallet.bin}/bin/kwalletd5")}
${optionalString (cfg.enableGnomeKeyring)
"session optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start"}
"session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start"}
${optionalString (config.virtualisation.lxc.lxcfs.enable)
"session optional ${pkgs.lxcfs}/lib/security/pam_cgfs.so -c freezer,memory,name=systemd,unified,cpuset"}
'');

2
nixos/modules/services/audio/alsa.nix
View file

@ -21,7 +21,7 @@ in
enable = mkOption {
type = types.bool;
default = true;
default = false;
description = ''
Whether to enable ALSA sound.
'';

2
nixos/modules/services/continuous-integration/jenkins/default.nix
View file

@ -208,7 +208,7 @@ in {
'';
postStart = ''
until [[ $(${pkgs.curl.bin}/bin/curl -s --head -w '\n%{http_code}' http://${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} | tail -n1) =~ ^(200|403)$ ]]; do
until [[ $(${pkgs.curl.bin}/bin/curl -L -s --head -w '\n%{http_code}' http://${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} | tail -n1) =~ ^(200|403)$ ]]; do
sleep 1
done
'';

6
nixos/modules/services/databases/mysql.nix
View file

@ -133,7 +133,7 @@ in
'';
example = [
"nextcloud"
"piwik"
"matomo"
];
};
@ -289,10 +289,10 @@ in
# Create initial databases
if ! test -e "${cfg.dataDir}/${database.name}"; then
echo "Creating initial database: ${database.name}"
( echo "create database `${database.name}`;"
( echo 'create database `${database.name}`;'
${optionalString (database ? "schema") ''
echo "use `${database.name}`;"
echo 'use `${database.name}`;'
if [ -f "${database.schema}" ]
then

2
nixos/modules/services/databases/postgresql.nix
View file

@ -122,7 +122,7 @@ in
extraPlugins = mkOption {
type = types.listOf types.path;
default = [];
example = literalExample "[ (pkgs.postgis.override { postgresql = pkgs.postgresql94; }).v_2_1_4 ]";
example = literalExample "[ (pkgs.postgis.override { postgresql = pkgs.postgresql94; }) ]";
description = ''
When this list contains elements a new store path is created.
PostgreSQL and the elements are symlinked into it. Then pg_config,

6
nixos/modules/services/desktops/gnome3/at-spi2-core.nix
View file

@ -30,9 +30,9 @@ with lib;
config = mkMerge [
(mkIf config.services.gnome3.at-spi2-core.enable {
environment.systemPackages = [ pkgs.at_spi2_core ];
services.dbus.packages = [ pkgs.at_spi2_core ];
systemd.packages = [ pkgs.at_spi2_core ];
environment.systemPackages = [ pkgs.at-spi2-core ];
services.dbus.packages = [ pkgs.at-spi2-core ];
systemd.packages = [ pkgs.at-spi2-core ];
})
(mkIf (!config.services.gnome3.at-spi2-core.enable) {

6
nixos/modules/services/desktops/gnome3/evolution-data-server.nix
View file

@ -30,11 +30,11 @@ with lib;
config = mkIf config.services.gnome3.evolution-data-server.enable {
environment.systemPackages = [ pkgs.gnome3.evolution_data_server ];
environment.systemPackages = [ pkgs.gnome3.evolution-data-server ];
services.dbus.packages = [ pkgs.gnome3.evolution_data_server ];
services.dbus.packages = [ pkgs.gnome3.evolution-data-server ];
systemd.packages = [ pkgs.gnome3.evolution_data_server ];
systemd.packages = [ pkgs.gnome3.evolution-data-server ];
};

4
nixos/modules/services/desktops/gnome3/gnome-keyring.nix
View file

@ -31,9 +31,9 @@ with lib;
config = mkIf config.services.gnome3.gnome-keyring.enable {
environment.systemPackages = [ pkgs.gnome3.gnome_keyring ];
environment.systemPackages = [ pkgs.gnome3.gnome-keyring ];
services.dbus.packages = [ pkgs.gnome3.gnome_keyring pkgs.gnome3.gcr ];
services.dbus.packages = [ pkgs.gnome3.gnome-keyring pkgs.gnome3.gcr ];
};

4
nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix
View file

@ -30,9 +30,9 @@ with lib;
config = mkIf config.services.gnome3.gnome-online-accounts.enable {
environment.systemPackages = [ pkgs.gnome3.gnome_online_accounts ];
environment.systemPackages = [ pkgs.gnome3.gnome-online-accounts ];
services.dbus.packages = [ pkgs.gnome3.gnome_online_accounts ];
services.dbus.packages = [ pkgs.gnome3.gnome-online-accounts ];
};

6
nixos/modules/services/desktops/gnome3/gnome-terminal-server.nix
View file

@ -30,11 +30,11 @@ with lib;
config = mkIf config.services.gnome3.gnome-terminal-server.enable {
environment.systemPackages = [ pkgs.gnome3.gnome_terminal ];
environment.systemPackages = [ pkgs.gnome3.gnome-terminal ];
services.dbus.packages = [ pkgs.gnome3.gnome_terminal ];
services.dbus.packages = [ pkgs.gnome3.gnome-terminal ];
systemd.packages = [ pkgs.gnome3.gnome_terminal ];
systemd.packages = [ pkgs.gnome3.gnome-terminal ];
};

4
nixos/modules/services/desktops/telepathy.nix
View file

@ -30,9 +30,9 @@ with lib;
config = mkIf config.services.telepathy.enable {
environment.systemPackages = [ pkgs.telepathy_mission_control ];
environment.systemPackages = [ pkgs.telepathy-mission-control ];
services.dbus.packages = [ pkgs.telepathy_mission_control ];
services.dbus.packages = [ pkgs.telepathy-mission-control ];
};

8
nixos/modules/services/hardware/acpid.nix
View file

@ -53,6 +53,12 @@ in
description = "Whether to enable the ACPI daemon.";
};
logEvents = mkOption {
type = types.bool;
default = false;
description = "Log all event activity.";
};
handlers = mkOption {
type = types.attrsOf (types.submodule {
options = {
@ -142,7 +148,7 @@ in
ConditionPathExists = [ "/proc/acpi" ];
};
script = "acpid --confdir ${acpiConfDir}";
script = "acpid ${optionalString config.services.acpid.logEvents "--logevents"} --confdir ${acpiConfDir}";
};
};

6
nixos/modules/services/hardware/fwupd.nix
View file

@ -8,12 +8,8 @@ let
cfg = config.services.fwupd;
originalEtc =
let
isRegular = v: v == "regular";
listFiles = d: builtins.attrNames (filterAttrs (const isRegular) (builtins.readDir d));
copiedDirs = [ "fwupd/remotes.d" "pki/fwupd" "pki/fwupd-metadata" ];
originalFiles = concatMap (d: map (f: "${d}/${f}") (listFiles "${pkgs.fwupd}/etc/${d}")) copiedDirs;
mkEtcFile = n: nameValuePair n { source = "${pkgs.fwupd}/etc/${n}"; };
in listToAttrs (map mkEtcFile originalFiles);
in listToAttrs (map mkEtcFile pkgs.fwupd.filesInstalledToEtc);
extraTrustedKeys =
let
mkName = p: "pki/fwupd/${baseNameOf (toString p)}";

8
nixos/modules/services/misc/disnix.nix
View file

@ -32,6 +32,12 @@ in
description = "Whether to enable Disnix";
};
enableMultiUser = mkOption {
type = types.bool;
default = true;
description = "Whether to support multi-user mode by enabling the Disnix D-Bus service";
};
useWebServiceInterface = mkOption {
default = false;
description = "Whether to enable the DisnixWebService interface running on Apache Tomcat";
@ -71,7 +77,7 @@ in
};
systemd.services = {
disnix = {
disnix = mkIf cfg.enableMultiUser {
description = "Disnix server";
wants = [ "dysnomia.target" ];
wantedBy = [ "multi-user.target" ];

24
nixos/modules/services/misc/nix-ssh-serve.nix
View file

@ -1,8 +1,12 @@
{ config, lib, pkgs, ... }:
with lib;
{
let cfg = config.nix.sshServe;
command =
if cfg.protocol == "ssh"
then "nix-store --serve"
else "nix-daemon --stdio";
in {
options = {
nix.sshServe = {
@ -10,7 +14,7 @@ with lib;
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable serving the Nix store as a binary cache via SSH.";
description = "Whether to enable serving the Nix store as a remote store via SSH.";
};
keys = mkOption {
@ -20,14 +24,20 @@ with lib;
description = "A list of SSH public keys allowed to access the binary cache via SSH.";
};
protocol = mkOption {
type = types.enum [ "ssh" "ssh-ng" ];
default = "ssh";
description = "The specific Nix-over-SSH protocol to use.";
};
};
config = mkIf config.nix.sshServe.enable {
};
config = mkIf cfg.enable {
users.extraUsers.nix-ssh = {
description = "Nix SSH substituter user";
description = "Nix SSH store user";
uid = config.ids.uids.nix-ssh;
useDefaultShell = true;
};
@ -41,11 +51,11 @@ with lib;
PermitTTY no
PermitTunnel no
X11Forwarding no
ForceCommand ${config.nix.package.out}/bin/nix-store --serve
ForceCommand ${config.nix.package.out}/bin/${command}
Match All
'';
users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = config.nix.sshServe.keys;
users.extraUsers.nix-ssh.openssh.authorizedKeys.keys = cfg.keys;
};
}

2
nixos/modules/services/monitoring/grafana.nix
View file

@ -249,7 +249,7 @@ in {
};
preStart = ''
ln -fs ${cfg.package}/share/grafana/conf ${cfg.dataDir}
ln -fs ${cfg.package}/share/grafana/vendor ${cfg.dataDir}
ln -fs ${cfg.package}/share/grafana/tools ${cfg.dataDir}
'';
};

371
nixos/modules/services/network-filesystems/ceph.nix Normal file
View file

@ -0,0 +1,371 @@
{ config, lib, pkgs, ... }:
with lib;
let
ceph = pkgs.ceph;
cfg = config.services.ceph;
# function that translates "camelCaseOptions" to "camel case options", credits to tilpner in #nixos@freenode
translateOption = replaceStrings upperChars (map (s: " ${s}") lowerChars);
generateDaemonList = (daemonType: daemons: extraServiceConfig:
mkMerge (
map (daemon:
{ "ceph-${daemonType}-${daemon}" = generateServiceFile daemonType daemon cfg.global.clusterName ceph extraServiceConfig; }
) daemons
)
);
generateServiceFile = (daemonType: daemonId: clusterName: ceph: extraServiceConfig: {
enable = true;
description = "Ceph ${builtins.replaceStrings lowerChars upperChars daemonType} daemon ${daemonId}";
after = [ "network-online.target" "local-fs.target" "time-sync.target" ] ++ optional (daemonType == "osd") "ceph-mon.target";
wants = [ "network-online.target" "local-fs.target" "time-sync.target" ];
partOf = [ "ceph-${daemonType}.target" ];
wantedBy = [ "ceph-${daemonType}.target" ];
serviceConfig = {
LimitNOFILE = 1048576;
LimitNPROC = 1048576;
Environment = "CLUSTER=${clusterName}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
PrivateDevices = "yes";
PrivateTmp = "true";
ProtectHome = "true";
ProtectSystem = "full";
Restart = "on-failure";
StartLimitBurst = "5";
StartLimitInterval = "30min";
ExecStart = "${ceph.out}/bin/${if daemonType == "rgw" then "radosgw" else "ceph-${daemonType}"} -f --cluster ${clusterName} --id ${if daemonType == "rgw" then "client.${daemonId}" else daemonId} --setuser ceph --setgroup ceph";
} // extraServiceConfig
// optionalAttrs (daemonType == "osd") { ExecStartPre = "${ceph.out}/libexec/ceph/ceph-osd-prestart.sh --id ${daemonId} --cluster ${clusterName}"; };
} // optionalAttrs (builtins.elem daemonType [ "mds" "mon" "rgw" "mgr" ]) { preStart = ''
daemonPath="/var/lib/ceph/${if daemonType == "rgw" then "radosgw" else daemonType}/${clusterName}-${daemonId}"
if [ ! -d ''$daemonPath ]; then
mkdir -m 755 -p ''$daemonPath
chown -R ceph:ceph ''$daemonPath
fi
'';
} // optionalAttrs (daemonType == "osd") { path = [ pkgs.getopt ]; }
);
generateTargetFile = (daemonType:
{
"ceph-${daemonType}" = {
description = "Ceph target allowing to start/stop all ceph-${daemonType} services at once";
partOf = [ "ceph.target" ];
before = [ "ceph.target" ];
};
}
);
in
{
options.services.ceph = {
# Ceph has a monolithic configuration file but different sections for
# each daemon, a separate client section and a global section
enable = mkEnableOption "Ceph global configuration";
global = {
fsid = mkOption {
type = types.str;
example = ''
433a2193-4f8a-47a0-95d2-209d7ca2cca5
'';
description = ''
Filesystem ID, a generated uuid, its must be generated and set before
attempting to start a cluster
'';
};
clusterName = mkOption {
type = types.str;
default = "ceph";
description = ''
Name of cluster
'';
};
monInitialMembers = mkOption {
type = with types; nullOr commas;
default = null;
example = ''
node0, node1, node2
'';
description = ''
List of hosts that will be used as monitors at startup.
'';
};
monHost = mkOption {
type = with types; nullOr commas;
default = null;
example = ''
10.10.0.1, 10.10.0.2, 10.10.0.3
'';
description = ''
List of hostname shortnames/IP addresses of the initial monitors.
'';
};
maxOpenFiles = mkOption {
type = types.int;
default = 131072;
description = ''
Max open files for each OSD daemon.
'';
};
authClusterRequired = mkOption {
type = types.enum [ "cephx" "none" ];
default = "cephx";
description = ''
Enables requiring daemons to authenticate with eachother in the cluster.
'';
};
authServiceRequired = mkOption {
type = types.enum [ "cephx" "none" ];
default = "cephx";
description = ''
Enables requiring clients to authenticate with the cluster to access services in the cluster (e.g. radosgw, mds or osd).
'';
};
authClientRequired = mkOption {
type = types.enum [ "cephx" "none" ];
default = "cephx";
description = ''
Enables requiring the cluster to authenticate itself to the client.
'';
};
publicNetwork = mkOption {
type = with types; nullOr commas;
default = null;
example = ''
10.20.0.0/24, 192.168.1.0/24
'';
description = ''
A comma-separated list of subnets that will be used as public networks in the cluster.
'';
};
clusterNetwork = mkOption {
type = with types; nullOr commas;
default = null;
example = ''
10.10.0.0/24, 192.168.0.0/24
'';
description = ''
A comma-separated list of subnets that will be used as cluster networks in the cluster.
'';
};
};
mgr = {
enable = mkEnableOption "Ceph MGR daemon";
daemons = mkOption {
type = with types; listOf str;
default = [];
example = ''
[ "name1" "name2" ];
'';
description = ''
A list of names for manager daemons that should have a service created. The names correspond
to the id part in ceph i.e. [ "name1" ] would result in mgr.name1
'';
};
extraConfig = mkOption {
type = with types; attrsOf str;
default = {};
description = ''
Extra configuration to add to the global section for manager daemons.
'';
};
};
mon = {
enable = mkEnableOption "Ceph MON daemon";
daemons = mkOption {
type = with types; listOf str;
default = [];
example = ''
[ "name1" "name2" ];
'';
description = ''
A list of monitor daemons that should have a service created. The names correspond
to the id part in ceph i.e. [ "name1" ] would result in mon.name1
'';
};
extraConfig = mkOption {
type = with types; attrsOf str;
default = {};
description = ''
Extra configuration to add to the monitor section.
'';
};
};
osd = {
enable = mkEnableOption "Ceph OSD daemon";
daemons = mkOption {
type = with types; listOf str;
default = [];
example = ''
[ "name1" "name2" ];
'';
description = ''
A list of OSD daemons that should have a service created. The names correspond
to the id part in ceph i.e. [ "name1" ] would result in osd.name1
'';
};
extraConfig = mkOption {
type = with types; attrsOf str;
default = {
"osd journal size" = "10000";
"osd pool default size" = "3";
"osd pool default min size" = "2";
"osd pool default pg num" = "200";
"osd pool default pgp num" = "200";
"osd crush chooseleaf type" = "1";
};
description = ''
Extra configuration to add to the OSD section.
'';
};
};
mds = {
enable = mkEnableOption "Ceph MDS daemon";
daemons = mkOption {
type = with types; listOf str;
default = [];
example = ''
[ "name1" "name2" ];
'';
description = ''
A list of metadata service daemons that should have a service created. The names correspond
to the id part in ceph i.e. [ "name1" ] would result in mds.name1
'';
};
extraConfig = mkOption {
type = with types; attrsOf str;
default = {};
description = ''
Extra configuration to add to the MDS section.
'';
};
};
rgw = {
enable = mkEnableOption "Ceph RadosGW daemon";
daemons = mkOption {
type = with types; listOf str;
default = [];
example = ''
[ "name1" "name2" ];
'';
description = ''
A list of rados gateway daemons that should have a service created. The names correspond
to the id part in ceph i.e. [ "name1" ] would result in client.name1, radosgw daemons
aren't daemons to cluster in the sense that OSD, MGR or MON daemons are. They are simply
daemons, from ceph, that uses the cluster as a backend.
'';
};
};
client = {
enable = mkEnableOption "Ceph client configuration";
extraConfig = mkOption {
type = with types; attrsOf str;
default = {};
example = ''
{
# This would create a section for a radosgw daemon named node0 and related
# configuration for it
"client.radosgw.node0" = { "some config option" = "true"; };
};
'';
description = ''
Extra configuration to add to the client section. Configuration for rados gateways
would be added here, with their own sections, see example.
'';
};
};
};
config = mkIf config.services.ceph.enable {
assertions = [
{ assertion = cfg.global.fsid != "";
message = "fsid has to be set to a valid uuid for the cluster to function";
}
{ assertion = cfg.mgr.enable == true;
message = "ceph 12.x requires atleast 1 MGR daemon enabled for the cluster to function";
}
{ assertion = cfg.mon.enable == true -> cfg.mon.daemons != [];
message = "have to set id of atleast one MON if you're going to enable Monitor";
}
{ assertion = cfg.mds.enable == true -> cfg.mds.daemons != [];
message = "have to set id of atleast one MDS if you're going to enable Metadata Service";
}
{ assertion = cfg.osd.enable == true -> cfg.osd.daemons != [];
message = "have to set id of atleast one OSD if you're going to enable OSD";
}
{ assertion = cfg.mgr.enable == true -> cfg.mgr.daemons != [];
message = "have to set id of atleast one MGR if you're going to enable MGR";
}
];
warnings = optional (cfg.global.monInitialMembers == null)
''Not setting up a list of members in monInitialMembers requires that you set the host variable for each mon daemon or else the cluster won't function'';
environment.etc."ceph/ceph.conf".text = let
# Translate camelCaseOptions to the expected camel case option for ceph.conf
translatedGlobalConfig = mapAttrs' (name: value: nameValuePair (translateOption name) value) cfg.global;
# Merge the extraConfig set for mgr daemons, as mgr don't have their own section
globalAndMgrConfig = translatedGlobalConfig // optionalAttrs cfg.mgr.enable cfg.mgr.extraConfig;
# Remove all name-value pairs with null values from the attribute set to avoid making empty sections in the ceph.conf
globalConfig = mapAttrs' (name: value: nameValuePair (translateOption name) value) (filterAttrs (name: value: value != null) globalAndMgrConfig);
totalConfig = {
"global" = globalConfig;
} // optionalAttrs (cfg.mon.enable && cfg.mon.extraConfig != {}) { "mon" = cfg.mon.extraConfig; }
// optionalAttrs (cfg.mds.enable && cfg.mds.extraConfig != {}) { "mds" = cfg.mds.extraConfig; }
// optionalAttrs (cfg.osd.enable && cfg.osd.extraConfig != {}) { "osd" = cfg.osd.extraConfig; }
// optionalAttrs (cfg.client.enable && cfg.client.extraConfig != {}) cfg.client.extraConfig;
in
generators.toINI {} totalConfig;
users.extraUsers = singleton {
name = "ceph";
uid = config.ids.uids.ceph;
description = "Ceph daemon user";
};
users.extraGroups = singleton {
name = "ceph";
gid = config.ids.gids.ceph;
};
systemd.services = let
services = []
++ optional cfg.mon.enable (generateDaemonList "mon" cfg.mon.daemons { RestartSec = "10"; })
++ optional cfg.mds.enable (generateDaemonList "mds" cfg.mds.daemons { StartLimitBurst = "3"; })
++ optional cfg.osd.enable (generateDaemonList "osd" cfg.osd.daemons { StartLimitBurst = "30"; RestartSec = "20s"; })
++ optional cfg.rgw.enable (generateDaemonList "rgw" cfg.rgw.daemons { })
++ optional cfg.mgr.enable (generateDaemonList "mgr" cfg.mgr.daemons { StartLimitBurst = "3"; });
in
mkMerge services;
systemd.targets = let
targets = [
{ "ceph" = { description = "Ceph target allowing to start/stop all ceph service instances at once"; }; }
] ++ optional cfg.mon.enable (generateTargetFile "mon")
++ optional cfg.mds.enable (generateTargetFile "mds")
++ optional cfg.osd.enable (generateTargetFile "osd")
++ optional cfg.rgw.enable (generateTargetFile "rgw")
++ optional cfg.mgr.enable (generateTargetFile "mgr");
in
mkMerge targets;
systemd.tmpfiles.rules = [
"d /run/ceph 0770 ceph ceph -"
];
};
}

23
nixos/modules/services/networking/networkmanager.nix
View file

@ -133,10 +133,10 @@ in {
basePackages = mkOption {
type = types.attrsOf types.package;
default = { inherit networkmanager modemmanager wpa_supplicant
networkmanager_openvpn networkmanager_vpnc
networkmanager_openconnect networkmanager_fortisslvpn
networkmanager_pptp networkmanager_l2tp
networkmanager_iodine; };
networkmanager-openvpn networkmanager-vpnc
networkmanager-openconnect networkmanager-fortisslvpn
networkmanager-pptp networkmanager-l2tp
networkmanager-iodine; };
internal = true;
};
@ -273,28 +273,28 @@ in {
{ source = configFile;
target = "NetworkManager/NetworkManager.conf";
}
{ source = "${networkmanager_openvpn}/etc/NetworkManager/VPN/nm-openvpn-service.name";
{ source = "${networkmanager-openvpn}/etc/NetworkManager/VPN/nm-openvpn-service.name";
target = "NetworkManager/VPN/nm-openvpn-service.name";
}
{ source = "${networkmanager_vpnc}/etc/NetworkManager/VPN/nm-vpnc-service.name";
{ source = "${networkmanager-vpnc}/etc/NetworkManager/VPN/nm-vpnc-service.name";
target = "NetworkManager/VPN/nm-vpnc-service.name";
}
{ source = "${networkmanager_openconnect}/etc/NetworkManager/VPN/nm-openconnect-service.name";
{ source = "${networkmanager-openconnect}/etc/NetworkManager/VPN/nm-openconnect-service.name";
target = "NetworkManager/VPN/nm-openconnect-service.name";
}
{ source = "${networkmanager_fortisslvpn}/etc/NetworkManager/VPN/nm-fortisslvpn-service.name";
{ source = "${networkmanager-fortisslvpn}/etc/NetworkManager/VPN/nm-fortisslvpn-service.name";
target = "NetworkManager/VPN/nm-fortisslvpn-service.name";
}
{ source = "${networkmanager_pptp}/etc/NetworkManager/VPN/nm-pptp-service.name";
{ source = "${networkmanager-pptp}/etc/NetworkManager/VPN/nm-pptp-service.name";
target = "NetworkManager/VPN/nm-pptp-service.name";
}
{ source = "${networkmanager_l2tp}/etc/NetworkManager/VPN/nm-l2tp-service.name";
{ source = "${networkmanager-l2tp}/etc/NetworkManager/VPN/nm-l2tp-service.name";
target = "NetworkManager/VPN/nm-l2tp-service.name";
}
{ source = "${networkmanager_strongswan}/etc/NetworkManager/VPN/nm-strongswan-service.name";
target = "NetworkManager/VPN/nm-strongswan-service.name";
}
{ source = "${networkmanager_iodine}/etc/NetworkManager/VPN/nm-iodine-service.name";
{ source = "${networkmanager-iodine}/etc/NetworkManager/VPN/nm-iodine-service.name";
target = "NetworkManager/VPN/nm-iodine-service.name";
}
] ++ optional (cfg.appendNameservers == [] || cfg.insertNameservers == [])
@ -335,6 +335,7 @@ in {
preStart = ''
mkdir -m 700 -p /etc/NetworkManager/system-connections
mkdir -m 700 -p /etc/ipsec.d
mkdir -m 755 -p ${stateDirs}
'';
};

33
nixos/modules/services/networking/softether.nix
View file

@ -5,6 +5,8 @@ with lib;
let
cfg = config.services.softether;
package = cfg.package.override { dataDir = cfg.dataDir; };
in
{
@ -49,7 +51,7 @@ in
dataDir = mkOption {
type = types.string;
default = "${cfg.package.dataDir}";
default = "/var/lib/softether";
description = ''
Data directory for SoftEther VPN.
'';
@ -64,11 +66,8 @@ in
config = mkIf cfg.enable (
mkMerge [{
environment.systemPackages = [
(pkgs.lib.overrideDerivation cfg.package (attrs: {
dataDir = cfg.dataDir;
}))
];
environment.systemPackages = [ package ];
systemd.services."softether-init" = {
description = "SoftEther VPN services initial task";
wantedBy = [ "network.target" ];
@ -80,11 +79,11 @@ in
for d in vpnserver vpnbridge vpnclient vpncmd; do
if ! test -e ${cfg.dataDir}/$d; then
${pkgs.coreutils}/bin/mkdir -m0700 -p ${cfg.dataDir}/$d
install -m0600 ${cfg.package}${cfg.dataDir}/$d/hamcore.se2 ${cfg.dataDir}/$d/hamcore.se2
install -m0600 ${package}${cfg.dataDir}/$d/hamcore.se2 ${cfg.dataDir}/$d/hamcore.se2
fi
done
rm -rf ${cfg.dataDir}/vpncmd/vpncmd
ln -s ${cfg.package}${cfg.dataDir}/vpncmd/vpncmd ${cfg.dataDir}/vpncmd/vpncmd
ln -s ${package}${cfg.dataDir}/vpncmd/vpncmd ${cfg.dataDir}/vpncmd/vpncmd
'';
};
}
@ -97,12 +96,12 @@ in
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${cfg.package}/bin/vpnserver start";
ExecStop = "${cfg.package}/bin/vpnserver stop";
ExecStart = "${package}/bin/vpnserver start";
ExecStop = "${package}/bin/vpnserver stop";
};
preStart = ''
rm -rf ${cfg.dataDir}/vpnserver/vpnserver
ln -s ${cfg.package}${cfg.dataDir}/vpnserver/vpnserver ${cfg.dataDir}/vpnserver/vpnserver
ln -s ${package}${cfg.dataDir}/vpnserver/vpnserver ${cfg.dataDir}/vpnserver/vpnserver
'';
postStop = ''
rm -rf ${cfg.dataDir}/vpnserver/vpnserver
@ -118,12 +117,12 @@ in
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${cfg.package}/bin/vpnbridge start";
ExecStop = "${cfg.package}/bin/vpnbridge stop";
ExecStart = "${package}/bin/vpnbridge start";
ExecStop = "${package}/bin/vpnbridge stop";
};
preStart = ''
rm -rf ${cfg.dataDir}/vpnbridge/vpnbridge
ln -s ${cfg.package}${cfg.dataDir}/vpnbridge/vpnbridge ${cfg.dataDir}/vpnbridge/vpnbridge
ln -s ${package}${cfg.dataDir}/vpnbridge/vpnbridge ${cfg.dataDir}/vpnbridge/vpnbridge
'';
postStop = ''
rm -rf ${cfg.dataDir}/vpnbridge/vpnbridge
@ -139,12 +138,12 @@ in
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "forking";
ExecStart = "${cfg.package}/bin/vpnclient start";
ExecStop = "${cfg.package}/bin/vpnclient stop";
ExecStart = "${package}/bin/vpnclient start";
ExecStop = "${package}/bin/vpnclient stop";
};
preStart = ''
rm -rf ${cfg.dataDir}/vpnclient/vpnclient
ln -s ${cfg.package}${cfg.dataDir}/vpnclient/vpnclient ${cfg.dataDir}/vpnclient/vpnclient
ln -s ${package}${cfg.dataDir}/vpnclient/vpnclient ${cfg.dataDir}/vpnclient/vpnclient
'';
postStart = ''
sleep 1

23
nixos/modules/services/networking/strongswan.nix
View file

@ -32,13 +32,13 @@ let
${caConf}
'';
strongswanConf = {setup, connections, ca, secrets, managePlugins, enabledPlugins}: toFile "strongswan.conf" ''
strongswanConf = {setup, connections, ca, secretsFile, managePlugins, enabledPlugins}: toFile "strongswan.conf" ''
charon {
${if managePlugins then "load_modular = no" else ""}
${if managePlugins then ("load = " + (concatStringsSep " " enabledPlugins)) else ""}
plugins {
stroke {
secrets_file = ${ipsecSecrets secrets}
secrets_file = ${secretsFile}
}
}
}
@ -135,7 +135,18 @@ in
};
};
config = with cfg; mkIf enable {
config = with cfg;
let
secretsFile = ipsecSecrets cfg.secrets;
in
mkIf enable
{
# here we should use the default strongswan ipsec.secrets and
# append to it (default one is empty so not a pb for now)
environment.etc."ipsec.secrets".source = secretsFile;
systemd.services.strongswan = {
description = "strongSwan IPSec Service";
wantedBy = [ "multi-user.target" ];
@ -143,11 +154,15 @@ in
wants = [ "keys.target" ];
after = [ "network-online.target" "keys.target" ];
environment = {
STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secrets managePlugins enabledPlugins; };
STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secretsFile managePlugins enabledPlugins; };
};
serviceConfig = {
ExecStart = "${pkgs.strongswan}/sbin/ipsec start --nofork";
};
preStart = ''
# with 'nopeerdns' setting, ppp writes into this folder
mkdir -m 700 -p /etc/ppp
'';
};
};
}

30
nixos/modules/services/networking/syncthing.nix
View file

@ -16,12 +16,6 @@ in {
available on http://127.0.0.1:8384/.
'';
useInotify = mkOption {
type = types.bool;
default = false;
description = "Provide syncthing-inotify as a service.";
};
systemService = mkOption {
type = types.bool;
default = true;
@ -90,6 +84,12 @@ in {
};
};
imports = [
(mkRemovedOptionModule ["services" "syncthing" "useInotify"] ''
This option was removed because syncthing now has the inotify functionality included under the name "fswatcher".
It can be enabled on a per-folder basis through the webinterface.
'')
];
###### implementation
@ -100,8 +100,7 @@ in {
allowedUDPPorts = [ 21027 ];
};
systemd.packages = [ pkgs.syncthing ]
++ lib.optional cfg.useInotify pkgs.syncthing-inotify;
systemd.packages = [ pkgs.syncthing ];
users = mkIf (cfg.user == defaultUser) {
extraUsers."${defaultUser}" =
@ -125,7 +124,6 @@ in {
STNOUPGRADE = "yes";
inherit (cfg) all_proxy;
} // config.networking.proxy.envVars;
wants = mkIf cfg.useInotify [ "syncthing-inotify.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Restart = "on-failure";
@ -141,20 +139,6 @@ in {
syncthing-resume = {
wantedBy = [ "suspend.target" ];
};
syncthing-inotify = mkIf (cfg.systemService && cfg.useInotify) {
description = "Syncthing Inotify File Watcher service";
after = [ "network.target" "syncthing.service" ];
requires = [ "syncthing.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
SuccessExitStatus = "2";
RestartForceExitStatus = "3";
Restart = "on-failure";
User = cfg.user;
ExecStart = "${pkgs.syncthing-inotify.bin}/bin/syncthing-inotify -home=${cfg.dataDir} -logflags=0";
};
};
};
};
}

2
nixos/modules/services/networking/tinc.nix
View file

@ -178,6 +178,8 @@ in
preStart = ''
mkdir -p /etc/tinc/${network}/hosts
chown tinc.${network} /etc/tinc/${network}/hosts
mkdir -p /etc/tinc/${network}/invitations
chown tinc.${network} /etc/tinc/${network}/invitations
# Determine how we should generate our keys
if type tinc >/dev/null 2>&1; then

2
nixos/modules/services/networking/tox-bootstrapd.nix
View file

@ -69,7 +69,7 @@ in
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig =
{ ExecStart = "${pkg}/bin/tox-bootstrapd ${cfgFile}";
{ ExecStart = "${pkg}/bin/tox-bootstrapd --config=${cfgFile}";
Type = "forking";
inherit PIDFile;
User = "tox-bootstrapd";

2
nixos/modules/services/security/usbguard.nix
View file

@ -192,7 +192,7 @@ in {
serviceConfig = {
Type = "simple";
ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -d -k -c ${daemonConfFile}'';
ExecStart = ''${pkgs.usbguard}/bin/usbguard-daemon -P -d -k -c ${daemonConfFile}'';
Restart = "on-failure";
};
};

42
nixos/modules/services/web-apps/piwik-doc.xml → nixos/modules/services/web-apps/matomo-doc.xml
View file

@ -2,16 +2,16 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-services-piwik">
xml:id="module-services-matomo">
<title>Piwik</title>
<title>Matomo</title>
<para>
Piwik is a real-time web analytics application.
This module configures php-fpm as backend for piwik, optionally configuring an nginx vhost as well.
Matomo is a real-time web analytics application.
This module configures php-fpm as backend for Matomo, optionally configuring an nginx vhost as well.
</para>
<para>
An automatic setup is not suported by piwik, so you need to configure piwik itself in the browser-based piwik setup.
An automatic setup is not suported by Matomo, so you need to configure Matomo itself in the browser-based Matomo setup.
</para>
@ -19,7 +19,7 @@
<title>Database Setup</title>
<para>
You also need to configure a MariaDB or MySQL database and -user for piwik yourself,
You also need to configure a MariaDB or MySQL database and -user for Matomo yourself,
and enter those credentials in your browser.
You can use passwordless database authentication via the UNIX_SOCKET authentication plugin
with the following SQL commands:
@ -27,20 +27,20 @@
<programlisting>
# For MariaDB
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
CREATE DATABASE piwik;
CREATE USER 'piwik'@'localhost' IDENTIFIED WITH unix_socket;
GRANT ALL PRIVILEGES ON piwik.* TO 'piwik'@'localhost';
CREATE DATABASE matomo;
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket;
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
# For MySQL
INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
CREATE DATABASE piwik;
CREATE USER 'piwik'@'localhost' IDENTIFIED WITH auth_socket;
GRANT ALL PRIVILEGES ON piwik.* TO 'piwik'@'localhost';
CREATE DATABASE matomo;
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
</programlisting>
Then fill in <literal>piwik</literal> as database user and database name, and leave the password field blank.
This authentication works by allowing only the <literal>piwik</literal> unix user to authenticate as the
<literal>piwik</literal> database user (without needing a password), but no other users.
Then fill in <literal>matomo</literal> as database user and database name, and leave the password field blank.
This authentication works by allowing only the <literal>matomo</literal> unix user to authenticate as the
<literal>matomo</literal> database user (without needing a password), but no other users.
For more information on passwordless login, see
<link xlink:href="https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/" />.
</para>
@ -55,9 +55,9 @@
<title>Backup</title>
<para>
You only need to take backups of your MySQL database and the
<filename>/var/lib/piwik/config/config.ini.php</filename> file.
Use a user in the <literal>piwik</literal> group or root to access the file.
For more information, see <link xlink:href="https://piwik.org/faq/how-to-install/faq_138/" />.
<filename>/var/lib/matomo/config/config.ini.php</filename> file.
Use a user in the <literal>matomo</literal> group or root to access the file.
For more information, see <link xlink:href="https://matomo.org/faq/how-to-install/faq_138/" />.
</para>
</section>
@ -67,14 +67,14 @@
<itemizedlist>
<listitem>
<para>
Piwik's file integrity check will warn you.
Matomo's file integrity check will warn you.
This is due to the patches necessary for NixOS, you can safely ignore this.
</para>
</listitem>
<listitem>
<para>
Piwik will warn you that the JavaScript tracker is not writable.
Matomo will warn you that the JavaScript tracker is not writable.
This is because it's located in the read-only nix store.
You can safely ignore this, unless you need a plugin that needs JavaScript tracker access.
</para>
@ -88,7 +88,7 @@
<para>
You can use other web servers by forwarding calls for <filename>index.php</filename> and
<filename>piwik.php</filename> to the <literal>/run/phpfpm-piwik.sock</literal> fastcgi unix socket.
<filename>piwik.php</filename> to the <literal>/run/phpfpm-matomo.sock</literal> fastcgi unix socket.
You can use the nginx configuration in the module code as a reference to what else should be configured.
</para>
</section>

75
nixos/modules/services/web-apps/piwik.nix → nixos/modules/services/web-apps/matomo.nix
View file

@ -1,10 +1,11 @@
{ config, lib, pkgs, services, ... }:
with lib;
let
cfg = config.services.piwik;
cfg = config.services.matomo;
user = "piwik";
user = "matomo";
dataDir = "/var/lib/${user}";
deprecatedDataDir = "/var/lib/piwik";
pool = user;
# it's not possible to use /run/phpfpm/${pool}.sock because /run/phpfpm/ is root:root 0770,
@ -13,17 +14,22 @@ let
phpExecutionUnit = "phpfpm-${pool}";
databaseService = "mysql.service";
fqdn =
let
join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
in join config.networking.hostName config.networking.domain;
in {
options = {
services.piwik = {
services.matomo = {
# NixOS PR for database setup: https://github.com/NixOS/nixpkgs/pull/6963
# piwik issue for automatic piwik setup: https://github.com/piwik/piwik/issues/10257
# TODO: find a nice way to do this when more NixOS MySQL and / or piwik automatic setup stuff is implemented.
# matomo issue for automatic matomo setup: https://github.com/matomo-org/matomo/issues/10257
# TODO: find a nice way to do this when more NixOS MySQL and / or matomo automatic setup stuff is implemented.
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable piwik web analytics with php-fpm backend.
Enable matomo web analytics with php-fpm backend.
Either the nginx option or the webServerUser option is mandatory.
'';
};
@ -32,8 +38,9 @@ in {
type = types.nullOr types.str;
default = null;
example = "lighttpd";
# TODO: piwik.php might get renamed to matomo.php in future releases
description = ''
Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for piwik if the nginx
Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for matomo if the nginx
option is not used. Either this option or the nginx option is mandatory.
If you want to use another webserver than nginx, you need to set this to that server's user
and pass fastcgi requests to `index.php` and `piwik.php` to this socket.
@ -55,7 +62,7 @@ in {
catch_workers_output = yes
'';
description = ''
Settings for phpfpm's process manager. You might need to change this depending on the load for piwik.
Settings for phpfpm's process manager. You might need to change this depending on the load for matomo.
'';
};
@ -65,7 +72,7 @@ in {
(import ../web-servers/nginx/vhost-options.nix { inherit config lib; })
{
# enable encryption by default,
# as sensitive login and piwik data should not be transmitted in clear text.
# as sensitive login and matomo data should not be transmitted in clear text.
options.forceSSL.default = true;
options.enableACME.default = true;
}
@ -73,15 +80,19 @@ in {
);
default = null;
example = {
serverName = "stats.$\{config.networking.hostName\}";
serverAliases = [
"matomo.$\{config.networking.domain\}"
"stats.$\{config.networking.domain\}"
];
enableACME = false;
};
description = ''
With this option, you can customize an nginx virtualHost which already has sensible defaults for piwik.
With this option, you can customize an nginx virtualHost which already has sensible defaults for matomo.
Either this option or the webServerUser option is mandatory.
Set this to {} to just enable the virtualHost if you don't need any customization.
If enabled, then by default, the serverName is piwik.$\{config.networking.hostName\}, SSL is active,
and certificates are acquired via ACME.
If enabled, then by default, the <option>serverName</option> is
<literal>${user}.$\{config.networking.hostName\}.$\{config.networking.domain\}</literal>,
SSL is active, and certificates are acquired via ACME.
If this is set to null (the default), no nginx virtualHost will be configured.
'';
};
@ -90,12 +101,12 @@ in {
config = mkIf cfg.enable {
warnings = mkIf (cfg.nginx != null && cfg.webServerUser != null) [
"If services.piwik.nginx is set, services.piwik.nginx.webServerUser is ignored and should be removed."
"If services.matomo.nginx is set, services.matomo.nginx.webServerUser is ignored and should be removed."
];
assertions = [ {
assertion = cfg.nginx != null || cfg.webServerUser != null;
message = "Either services.piwik.nginx or services.piwik.nginx.webServerUser is mandatory";
message = "Either services.matomo.nginx or services.matomo.nginx.webServerUser is mandatory";
}];
users.extraUsers.${user} = {
@ -106,19 +117,20 @@ in {
};
users.extraGroups.${user} = {};
systemd.services.piwik_setup_update = {
# everything needs to set up and up to date before piwik php files are executed
systemd.services.matomo_setup_update = {
# everything needs to set up and up to date before matomo php files are executed
requiredBy = [ "${phpExecutionUnit}.service" ];
before = [ "${phpExecutionUnit}.service" ];
# the update part of the script can only work if the database is already up and running
requires = [ databaseService ];
after = [ databaseService ];
path = [ pkgs.piwik ];
path = [ pkgs.matomo ];
serviceConfig = {
Type = "oneshot";
User = user;
# hide especially config.ini.php from other
UMask = "0007";
# TODO: might get renamed to MATOMO_USER_PATH in future versions
Environment = "PIWIK_USER_PATH=${dataDir}";
# chown + chmod in preStart needs root
PermissionsStartOnly = true;
@ -127,27 +139,32 @@ in {
# e.g. after restoring from backup or moving from another system.
# Note that ${dataDir}/config/config.ini.php might contain the MySQL password.
preStart = ''
# migrate data from piwik to matomo folder
if [ -d ${deprecatedDataDir} ]; then
echo "Migrating from ${deprecatedDataDir} to ${dataDir}"
mv -T ${deprecatedDataDir} ${dataDir}
fi
chown -R ${user}:${user} ${dataDir}
chmod -R ug+rwX,o-rwx ${dataDir}
'';
script = ''
# Use User-Private Group scheme to protect piwik data, but allow administration / backup via piwik group
# Use User-Private Group scheme to protect matomo data, but allow administration / backup via matomo group
# Copy config folder
chmod g+s "${dataDir}"
cp -r "${pkgs.piwik}/config" "${dataDir}/"
cp -r "${pkgs.matomo}/config" "${dataDir}/"
chmod -R u+rwX,g+rwX,o-rwx "${dataDir}"
# check whether user setup has already been done
if test -f "${dataDir}/config/config.ini.php"; then
# then execute possibly pending database upgrade
piwik-console core:update --yes
matomo-console core:update --yes
fi
'';
};
systemd.services.${phpExecutionUnit} = {
# stop phpfpm on package upgrade, do database upgrade via piwik_setup_update, and then restart
restartTriggers = [ pkgs.piwik ];
# stop phpfpm on package upgrade, do database upgrade via matomo_setup_update, and then restart
restartTriggers = [ pkgs.matomo ];
# stop config.ini.php from getting written with read permission for others
serviceConfig.UMask = "0007";
};
@ -175,14 +192,14 @@ in {
# References:
# https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html
# https://github.com/perusio/piwik-nginx
"${user}.${config.networking.hostName}" = mkMerge [ cfg.nginx {
# don't allow to override the root easily, as it will almost certainly break piwik.
"${user}.${fqdn}" = mkMerge [ cfg.nginx {
# don't allow to override the root easily, as it will almost certainly break matomo.
# disadvantage: not shown as default in docs.
root = mkForce "${pkgs.piwik}/share";
root = mkForce "${pkgs.matomo}/share";
# define locations here instead of as the submodule option's default
# so that they can easily be extended with additional locations if required
# without needing to redefine the piwik ones.
# without needing to redefine the matomo ones.
# disadvantage: not shown as default in docs.
locations."/" = {
index = "index.php";
@ -191,6 +208,7 @@ in {
locations."= /index.php".extraConfig = ''
fastcgi_pass unix:${phpSocket};
'';
# TODO: might get renamed to matomo.php in future versions
# allow piwik.php for tracking
locations."= /piwik.php".extraConfig = ''
fastcgi_pass unix:${phpSocket};
@ -212,6 +230,7 @@ in {
locations."= /robots.txt".extraConfig = ''
return 200 "User-agent: *\nDisallow: /\n";
'';
# TODO: might get renamed to matomo.js in future versions
# let browsers cache piwik.js
locations."= /piwik.js".extraConfig = ''
expires 1M;
@ -221,7 +240,7 @@ in {
};
meta = {
doc = ./piwik-doc.xml;
doc = ./matomo-doc.xml;
maintainers = with stdenv.lib.maintainers; [ florianjacob ];
};
}

2
nixos/modules/services/x11/desktop-managers/enlightenment.nix
View file

@ -33,7 +33,7 @@ in
pkgs.xorg.xauth # used by kdesu
pkgs.gtk2 # To get GTK+'s themes.
pkgs.tango-icon-theme
pkgs.shared_mime_info
pkgs.shared-mime-info
pkgs.gnome2.gnomeicontheme
pkgs.xorg.xcursorthemes
];

20
nixos/modules/services/x11/desktop-managers/gnome3.nix
View file

@ -27,7 +27,7 @@ let
nixos-gsettings-desktop-schemas = pkgs.runCommand "nixos-gsettings-desktop-schemas" {}
''
mkdir -p $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
cp -rf ${pkgs.gnome3.gsettings_desktop_schemas}/share/gsettings-schemas/gsettings-desktop-schemas*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
cp -rf ${pkgs.gnome3.gsettings-desktop-schemas}/share/gsettings-schemas/gsettings-desktop-schemas*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas
${concatMapStrings (pkg: "cp -rf ${pkg}/share/gsettings-schemas/*/glib-2.0/schemas/*.xml $out/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas\n") cfg.extraGSettingsOverridePackages}
@ -60,7 +60,7 @@ in {
example = literalExample "[ pkgs.gnome3.gpaste ]";
description = "Additional list of packages to be added to the session search path.
Useful for gnome shell extensions or gsettings-conditionated autostart.";
apply = list: list ++ [ pkgs.gnome3.gnome_shell pkgs.gnome3.gnome-shell-extensions ];
apply = list: list ++ [ pkgs.gnome3.gnome-shell pkgs.gnome3.gnome-shell-extensions ];
};
extraGSettingsOverrides = mkOption {
@ -118,13 +118,13 @@ in {
services.packagekit.enable = mkDefault true;
hardware.bluetooth.enable = mkDefault true;
services.xserver.libinput.enable = mkDefault true; # for controlling touchpad settings via gnome control center
services.udev.packages = [ pkgs.gnome3.gnome_settings_daemon ];
services.udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
systemd.packages = [ pkgs.gnome3.vino ];
# If gnome3 is installed, build vim for gtk3 too.
nixpkgs.config.vim.gui = "gtk3";
fonts.fonts = [ pkgs.dejavu_fonts pkgs.cantarell_fonts ];
fonts.fonts = [ pkgs.dejavu_fonts pkgs.cantarell-fonts ];
services.xserver.desktopManager.session = singleton
{ name = "gnome3";
@ -164,7 +164,7 @@ in {
# Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/
${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update
${pkgs.gnome3.gnome_session}/bin/gnome-session ${optionalString cfg.debug "--debug"} &
${pkgs.gnome3.gnome-session}/bin/gnome-session ${optionalString cfg.debug "--debug"} &
waitPID=$!
'';
};
@ -172,7 +172,7 @@ in {
services.xserver.updateDbusEnvironment = true;
environment.variables.GIO_EXTRA_MODULES = [ "${lib.getLib pkgs.gnome3.dconf}/lib/gio/modules"
"${pkgs.gnome3.glib_networking.out}/lib/gio/modules"
"${pkgs.gnome3.glib-networking.out}/lib/gio/modules"
"${pkgs.gnome3.gvfs}/lib/gio/modules" ];
environment.systemPackages = pkgs.gnome3.corePackages ++ cfg.sessionPath
++ (removePackagesByName pkgs.gnome3.optionalPackages config.environment.gnome3.excludePackages);
@ -180,10 +180,10 @@ in {
# Use the correct gnome3 packageSet
networking.networkmanager.basePackages =
{ inherit (pkgs) networkmanager modemmanager wpa_supplicant;
inherit (pkgs.gnome3) networkmanager_openvpn networkmanager_vpnc
networkmanager_openconnect networkmanager_fortisslvpn
networkmanager_pptp networkmanager_iodine
networkmanager_l2tp; };
inherit (pkgs.gnome3) networkmanager-openvpn networkmanager-vpnc
networkmanager-openconnect networkmanager-fortisslvpn
networkmanager-pptp networkmanager-iodine
networkmanager-l2tp; };
# Needed for themes and backgrounds
environment.pathsToLink = [ "/share" ];

2
nixos/modules/services/x11/desktop-managers/mate.nix
View file

@ -102,7 +102,7 @@ in
services.dbus.packages = [
pkgs.gnome3.dconf
pkgs.at_spi2_core
pkgs.at-spi2-core
];
services.gnome3.gnome-keyring.enable = true;

2
nixos/modules/services/x11/desktop-managers/plasma5.nix
View file

@ -154,7 +154,7 @@ in
print-manager
breeze-icons
pkgs.hicolor_icon_theme
pkgs.hicolor-icon-theme
kde-gtk-config breeze-gtk

6
nixos/modules/services/x11/desktop-managers/xfce.nix
View file

@ -61,12 +61,12 @@ in
# utilities-terminal, accessories-text-editor
gnome3.defaultIconTheme
hicolor_icon_theme
hicolor-icon-theme
tango-icon-theme
xfce4-icon-theme
desktop_file_utils
shared_mime_info
desktop-file-utils
shared-mime-info
# Needed by Xfce's xinitrc script
# TODO: replace with command -v

10
nixos/modules/services/x11/display-managers/gdm.nix
View file

@ -133,7 +133,7 @@ in
StandardError = "inherit";
};
systemd.services.display-manager.path = [ pkgs.gnome3.gnome_session ];
systemd.services.display-manager.path = [ pkgs.gnome3.gnome-session ];
services.dbus.packages = [ gdm ];
@ -193,7 +193,7 @@ in
auth required pam_env.so envfile=${config.system.build.pamEnvironment}
auth required pam_succeed_if.so uid >= 1000 quiet
auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so
auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so
auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth
${optionalString config.security.pam.enableEcryptfs
"auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
@ -213,7 +213,7 @@ in
"session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"}
session required pam_loginuid.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start
session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
gdm-password.text = ''
@ -221,7 +221,7 @@ in
auth required pam_env.so envfile=${config.system.build.pamEnvironment}
auth required pam_succeed_if.so uid >= 1000 quiet
auth optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so
auth optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so
auth ${if config.security.pam.enableEcryptfs then "required" else "sufficient"} pam_unix.so nullok likeauth
${optionalString config.security.pam.enableEcryptfs
"auth required ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so unwrap"}
@ -240,7 +240,7 @@ in
"session optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"}
session required pam_loginuid.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
session optional ${pkgs.gnome3.gnome_keyring}/lib/security/pam_gnome_keyring.so auto_start
session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
gdm-autologin.text = ''

4
nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix
View file

@ -68,8 +68,8 @@ in
package = mkOption {
type = types.package;
default = pkgs.gnome3.gnome_themes_standard;
defaultText = "pkgs.gnome3.gnome_themes_standard";
default = pkgs.gnome3.gnome-themes-standard;
defaultText = "pkgs.gnome3.gnome-themes-standard";
description = ''
The package path that contains the theme given in the name option.
'';

28
nixos/modules/services/x11/xautolock.nix
View file

@ -26,9 +26,9 @@ in
};
locker = mkOption {
default = "xlock"; # default according to `man xautolock`
example = "i3lock -i /path/to/img";
type = types.string;
default = "${pkgs.xlockmore}/bin/xlock"; # default according to `man xautolock`
example = "${pkgs.i3lock}/bin/i3lock -i /path/to/img";
type = types.str;
description = ''
The script to use when automatically locking the computer.
@ -37,8 +37,8 @@ in
nowlocker = mkOption {
default = null;
example = "i3lock -i /path/to/img";
type = types.nullOr types.string;
example = "${pkgs.i3lock}/bin/i3lock -i /path/to/img";
type = types.nullOr types.str;
description = ''
The script to use when manually locking the computer with <command>xautolock -locknow</command>.
@ -56,10 +56,8 @@ in
notifier = mkOption {
default = null;
example = literalExample ''
"${pkgs.libnotify}/bin/notify-send \"Locking in 10 seconds\""
'';
type = types.nullOr types.string;
example = "${pkgs.libnotify}/bin/notify-send \"Locking in 10 seconds\"";
type = types.nullOr types.str;
description = ''
Notification script to be used to warn about the pending autolock.
@ -68,8 +66,8 @@ in
killer = mkOption {
default = null; # default according to `man xautolock` is none
example = "systemctl suspend";
type = types.nullOr types.string;
example = "${pkgs.systemd}/bin/systemctl suspend";
type = types.nullOr types.str;
description = ''
The script to use when nothing has happend for as long as <option>killtime</option>
@ -131,6 +129,12 @@ in
assertion = cfg.killer != null -> cfg.killtime >= 10;
message = "killtime has to be at least 10 minutes according to `man xautolock`";
}
];
] ++ (lib.flip map [ "locker" "notifier" "nowlocker" "killer" ]
(option:
{
assertion = cfg."${option}" != null -> builtins.substring 0 1 cfg."${option}" == "/";
message = "Please specify a canonical path for `services.xserver.xautolock.${option}`";
})
);
};
}

2
nixos/modules/system/boot/initrd-ssh.nix
View file

@ -118,7 +118,7 @@ in
echo ${escapeShellArg key} >> /root/.ssh/authorized_keys
'') cfg.authorizedKeys)}
dropbear -s -j -k -E -m -p ${toString cfg.port} ${optionalString (cfg.hostRSAKey == null && cfg.hostDSSKey == null && cfg.hostECDSAKey == null) "-R"}
dropbear -s -j -k -E -p ${toString cfg.port} ${optionalString (cfg.hostRSAKey == null && cfg.hostDSSKey == null && cfg.hostECDSAKey == null) "-R"}
'';
boot.initrd.secrets =

10
nixos/modules/system/boot/loader/grub/grub.nix
View file

@ -110,7 +110,7 @@ in
device = mkOption {
default = "";
example = "/dev/hda";
example = "/dev/disk/by-id/wwn-0x500001234567890a";
type = types.str;
description = ''
The device on which the GRUB boot loader will be installed.
@ -123,7 +123,7 @@ in
devices = mkOption {
default = [];
example = [ "/dev/hda" ];
example = [ "/dev/disk/by-id/wwn-0x500001234567890a" ];
type = types.listOf types.str;
description = ''
The devices on which the boot loader, GRUB, will be
@ -135,8 +135,8 @@ in
mirroredBoots = mkOption {
default = [ ];
example = [
{ path = "/boot1"; devices = [ "/dev/sda" ]; }
{ path = "/boot2"; devices = [ "/dev/sdb" ]; }
{ path = "/boot1"; devices = [ "/dev/disk/by-id/wwn-0x500001234567890a" ]; }
{ path = "/boot2"; devices = [ "/dev/disk/by-id/wwn-0x500009876543210a" ]; }
];
description = ''
Mirror the boot configuration to multiple partitions and install grub
@ -178,7 +178,7 @@ in
devices = mkOption {
default = [ ];
example = [ "/dev/sda" "/dev/sdb" ];
example = [ "/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a" ];
type = types.listOf types.str;
description = ''
The path to the devices which will have the GRUB MBR written.

9
nixos/modules/system/boot/luksroot.nix
View file

@ -228,10 +228,6 @@ in
[ "aes" "aes_generic" "blowfish" "twofish"
"serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512"
# workaround until https://marc.info/?l=linux-crypto-vger&m=148783562211457&w=4 is merged
# remove once 'modprobe --show-depends xts' shows ecb as a dependency
"ecb"
(if pkgs.stdenv.system == "x86_64-linux" then "aes_x86_64" else "aes_i586")
];
description = ''
@ -441,7 +437,10 @@ in
# Some modules that may be needed for mounting anything ciphered
# Also load input_leds to get caps lock light working (#12456)
boot.initrd.availableKernelModules = [ "dm_mod" "dm_crypt" "cryptd" "input_leds" ]
++ luks.cryptoModules;
++ luks.cryptoModules
# workaround until https://marc.info/?l=linux-crypto-vger&m=148783562211457&w=4 is merged
# remove once 'modprobe --show-depends xts' shows ecb as a dependency
++ (if builtins.elem "xts" luks.cryptoModules then ["ecb"] else []);
# copy the cryptsetup binary and it's dependencies
boot.initrd.extraUtilsCommands = ''

6
nixos/modules/system/boot/networkd.nix
View file

@ -650,7 +650,11 @@ let
unitFiles = map (name: {
target = "systemd/network/${name}";
source = "${cfg.units.${name}.unit}/${name}";
}) (attrNames cfg.units);
}) (attrNames cfg.units) ++
(map (entry: {
target = "systemd/network/${entry}";
source = "${config.systemd.package}/lib/systemd/network/${entry}";
}) (attrNames (builtins.readDir "${config.systemd.package}/lib/systemd/network")));
in
{

7
nixos/release.nix
View file

@ -228,7 +228,9 @@ in rec {
tests.boot = callSubTests tests/boot.nix {};
tests.boot-stage1 = callTest tests/boot-stage1.nix {};
tests.borgbackup = callTest tests/borgbackup.nix {};
tests.buildbot = callTest tests/buildbot.nix {};
tests.cadvisor = callTestOnTheseSystems ["x86_64-linux"] tests/cadvisor.nix {};
tests.ceph = callTestOnTheseSystems ["x86_64-linux"] tests/ceph.nix {};
tests.chromium = (callSubTestsOnTheseSystems ["x86_64-linux"] tests/chromium.nix {}).stable;
tests.cjdns = callTest tests/cjdns.nix {};
tests.cloud-init = callTest tests/cloud-init.nix {};
@ -258,7 +260,7 @@ in rec {
tests.firefox = callTest tests/firefox.nix {};
tests.firewall = callTest tests/firewall.nix {};
tests.fleet = callTestOnTheseSystems ["x86_64-linux"] tests/fleet.nix {};
#tests.fwupd = callTest tests/fwupd.nix {}; # build during evaluation
tests.fwupd = callTest tests/fwupd.nix {};
#tests.gitlab = callTest tests/gitlab.nix {};
tests.gitolite = callTest tests/gitolite.nix {};
tests.gjs = callTest tests/gjs.nix {};
@ -318,6 +320,7 @@ in rec {
tests.nfs4 = callTest tests/nfs.nix { version = 4; };
tests.nginx = callTest tests/nginx.nix { };
tests.nghttpx = callTest tests/nghttpx.nix { };
tests.nix-ssh-serve = callTest tests/nix-ssh-serve.nix { };
tests.novacomd = callTestOnTheseSystems ["x86_64-linux"] tests/novacomd.nix { };
tests.leaps = callTest tests/leaps.nix { };
tests.nsd = callTest tests/nsd.nix {};
@ -352,6 +355,7 @@ in rec {
tests.snapper = callTest tests/snapper.nix {};
tests.statsd = callTest tests/statsd.nix {};
tests.sudo = callTest tests/sudo.nix {};
tests.systemd = callTest tests/systemd.nix {};
tests.switchTest = callTest tests/switch-test.nix {};
tests.taskserver = callTest tests/taskserver.nix {};
tests.tomcat = callTest tests/tomcat.nix {};
@ -361,6 +365,7 @@ in rec {
tests.wordpress = callTest tests/wordpress.nix {};
tests.xfce = callTest tests/xfce.nix {};
tests.xmonad = callTest tests/xmonad.nix {};
tests.xrdp = callTest tests/xrdp.nix {};
tests.yabar = callTest tests/yabar.nix {};
tests.zookeeper = callTest tests/zookeeper.nix {};

140
nixos/tests/ceph.nix Normal file
View file

@ -0,0 +1,140 @@
import ./make-test.nix ({pkgs, ...}: rec {
name = "All-in-one-basic-ceph-cluster";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lejonet ];
};
nodes = {
aio = { config, pkgs, ... }: {
virtualisation = {
emptyDiskImages = [ 20480 20480 ];
vlans = [ 1 ];
};
networking = {
firewall.allowPing = true;
useDHCP = false;
interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
{ address = "192.168.1.1"; prefixLength = 24; }
];
};
environment.systemPackages = with pkgs; [
bash
sudo
ceph
xfsprogs
];
nixpkgs.config.packageOverrides = super: {
ceph = super.ceph.override({ nss = super.nss; libxfs = super.libxfs; libaio = super.libaio; jemalloc = super.jemalloc; });
};
boot.kernelModules = [ "xfs" ];
services.ceph.enable = true;
services.ceph.global = {
fsid = "066ae264-2a5d-4729-8001-6ad265f50b03";
monInitialMembers = "aio";
monHost = "192.168.1.1";
};
services.ceph.mon = {
enable = true;
daemons = [ "aio" ];
};
services.ceph.mgr = {
enable = true;
daemons = [ "aio" ];
};
services.ceph.osd = {
enable = true;
daemons = [ "0" "1" ];
};
};
};
testScript = { nodes, ... }: ''
startAll;
$aio->waitForUnit("network.target");
# Create the ceph-related directories
$aio->mustSucceed(
"mkdir -p /var/lib/ceph/mgr/ceph-aio/",
"mkdir -p /var/lib/ceph/mon/ceph-aio/",
"mkdir -p /var/lib/ceph/osd/ceph-{0..1}/",
"chown ceph:ceph -R /var/lib/ceph/"
);
# Bootstrap ceph-mon daemon
$aio->mustSucceed(
"mkdir -p /var/lib/ceph/bootstrap-osd && chown ceph:ceph /var/lib/ceph/bootstrap-osd",
"sudo -u ceph ceph-authtool --create-keyring /tmp/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'",
"ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --set-uid=0 --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'",
"ceph-authtool /tmp/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring",
"monmaptool --create --add aio 192.168.1.1 --fsid 066ae264-2a5d-4729-8001-6ad265f50b03 /tmp/monmap",
"sudo -u ceph ceph-mon --mkfs -i aio --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring",
"touch /var/lib/ceph/mon/ceph-aio/done",
"systemctl start ceph-mon-aio"
);
$aio->waitForUnit("ceph-mon-aio");
# Can't check ceph status until a mon is up
$aio->succeed("ceph -s | grep 'mon: 1 daemons'");
# Start the ceph-mgr daemon, it has no deps and hardly any setup
$aio->mustSucceed(
"ceph auth get-or-create mgr.aio mon 'allow profile mgr' osd 'allow *' mds 'allow *' > /var/lib/ceph/mgr/ceph-aio/keyring",
"systemctl start ceph-mgr-aio"
);
$aio->waitForUnit("ceph-mgr-aio");
$aio->waitUntilSucceeds("ceph -s | grep 'quorum aio'");
# Bootstrap both OSDs
$aio->mustSucceed(
"mkfs.xfs /dev/vdb",
"mkfs.xfs /dev/vdc",
"mount /dev/vdb /var/lib/ceph/osd/ceph-0",
"mount /dev/vdc /var/lib/ceph/osd/ceph-1",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-0/keyring --name osd.0 --add-key AQBCEJNa3s8nHRAANvdsr93KqzBznuIWm2gOGg==",
"ceph-authtool --create-keyring /var/lib/ceph/osd/ceph-1/keyring --name osd.1 --add-key AQBEEJNac00kExAAXEgy943BGyOpVH1LLlHafQ==",
"echo '{\"cephx_secret\": \"AQBCEJNa3s8nHRAANvdsr93KqzBznuIWm2gOGg==\"}' | ceph osd new 55ba2294-3e24-478f-bee0-9dca4c231dd9 -i -",
"echo '{\"cephx_secret\": \"AQBEEJNac00kExAAXEgy943BGyOpVH1LLlHafQ==\"}' | ceph osd new 5e97a838-85b6-43b0-8950-cb56d554d1e5 -i -"
);
# Initialize the OSDs with regular filestore
$aio->mustSucceed(
"ceph-osd -i 0 --mkfs --osd-uuid 55ba2294-3e24-478f-bee0-9dca4c231dd9",
"ceph-osd -i 1 --mkfs --osd-uuid 5e97a838-85b6-43b0-8950-cb56d554d1e5",
"chown -R ceph:ceph /var/lib/ceph/osd",
"systemctl start ceph-osd-0",
"systemctl start ceph-osd-1"
);
$aio->waitUntilSucceeds("ceph osd stat | grep '2 osds: 2 up, 2 in'");
$aio->waitUntilSucceeds("ceph -s | grep 'mgr: aio(active)'");
$aio->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
$aio->mustSucceed(
"ceph osd pool create aio-test 100 100",
"ceph osd pool ls | grep 'aio-test'",
"ceph osd pool rename aio-test aio-other-test",
"ceph osd pool ls | grep 'aio-other-test'",
"ceph -s | grep '1 pools, 100 pgs'",
"ceph osd getcrushmap -o crush",
"crushtool -d crush -o decrushed",
"sed 's/step chooseleaf firstn 0 type host/step chooseleaf firstn 0 type osd/' decrushed > modcrush",
"crushtool -c modcrush -o recrushed",
"ceph osd setcrushmap -i recrushed",
"ceph osd pool set aio-other-test size 2"
);
$aio->waitUntilSucceeds("ceph -s | grep 'HEALTH_OK'");
$aio->waitUntilSucceeds("ceph -s | grep '100 active+clean'");
$aio->mustFail(
"ceph osd pool ls | grep 'aio-test'",
"ceph osd pool delete aio-other-test aio-other-test --yes-i-really-really-mean-it"
);
'';
})

39
nixos/tests/nix-ssh-serve.nix Normal file
View file

@ -0,0 +1,39 @@
import ./make-test.nix ({ pkgs, lib, ... }:
let inherit (import ./ssh-keys.nix pkgs)
snakeOilPrivateKey snakeOilPublicKey;
ssh-config = builtins.toFile "ssh.conf" ''
UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no
'';
in
{ name = "nix-ssh-serve";
meta.maintainers = [ lib.maintainers.shlevy ];
nodes =
{ server.nix.sshServe =
{ enable = true;
keys = [ snakeOilPublicKey ];
protocol = "ssh-ng";
};
server.nix.package = pkgs.nixUnstable;
client.nix.package = pkgs.nixUnstable;
};
testScript = ''
startAll;
$client->succeed("mkdir -m 700 /root/.ssh");
$client->copyFileFromHost("${ssh-config}", "/root/.ssh/config");
$client->succeed("cat ${snakeOilPrivateKey} > /root/.ssh/id_ecdsa");
$client->succeed("chmod 600 /root/.ssh/id_ecdsa");
$client->succeed("nix-store --add /etc/machine-id > mach-id-path");
$server->waitForUnit("sshd");
$client->fail("diff /root/other-store\$(cat mach-id-path) /etc/machine-id");
# Currently due to shared store this is a noop :(
$client->succeed("nix copy --to ssh-ng://nix-ssh\@server \$(cat mach-id-path)");
$client->succeed("nix-store --realise \$(cat mach-id-path) --store /root/other-store --substituters ssh-ng://nix-ssh\@server");
$client->succeed("diff /root/other-store\$(cat mach-id-path) /etc/machine-id");
'';
}
)

17
nixos/tests/openssh.nix
View file

@ -1,20 +1,7 @@
import ./make-test.nix ({ pkgs, ... }:
let
snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" ''
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
-----END EC PRIVATE KEY-----
'';
snakeOilPublicKey = pkgs.lib.concatStrings [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
"yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
"9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil"
];
let inherit (import ./ssh-keys.nix pkgs)
snakeOilPrivateKey snakeOilPublicKey;
in {
name = "openssh";
meta = with pkgs.stdenv.lib.maintainers; {

2
nixos/tests/postgis.nix
View file

@ -12,7 +12,7 @@ import ./make-test.nix ({ pkgs, ...} : {
services.postgresql = let mypg = pkgs.postgresql100; in {
enable = true;
package = mypg;
extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }).v_2_4_0 ];
extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }) ];
};
};
};

15
nixos/tests/ssh-keys.nix Normal file
View file

@ -0,0 +1,15 @@
pkgs:
{ snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" ''
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49
AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN
r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA==
-----END EC PRIVATE KEY-----
'';
snakeOilPublicKey = pkgs.lib.concatStrings [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
"yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
"9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil"
];
}

66
nixos/tests/systemd.nix Normal file
View file

@ -0,0 +1,66 @@
import ./make-test.nix {
name = "systemd";
machine = { lib, ... }: {
imports = [ common/user-account.nix common/x11.nix ];
virtualisation.emptyDiskImages = [ 512 ];
fileSystems = lib.mkVMOverride {
"/test-x-initrd-mount" = {
device = "/dev/vdb";
fsType = "ext2";
autoFormat = true;
noCheck = true;
options = [ "x-initrd.mount" ];
};
};
systemd.extraConfig = "DefaultEnvironment=\"XXX_SYSTEM=foo\"";
systemd.user.extraConfig = "DefaultEnvironment=\"XXX_USER=bar\"";
services.journald.extraConfig = "Storage=volatile";
services.xserver.displayManager.auto.user = "alice";
systemd.services.testservice1 = {
description = "Test Service 1";
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = ''
if [ "$XXX_SYSTEM" = foo ]; then
touch /system_conf_read
fi
'';
};
systemd.user.services.testservice2 = {
description = "Test Service 2";
wantedBy = [ "default.target" ];
serviceConfig.Type = "oneshot";
script = ''
if [ "$XXX_USER" = bar ]; then
touch "$HOME/user_conf_read"
fi
'';
};
};
testScript = ''
$machine->waitForX;
# Regression test for https://github.com/NixOS/nixpkgs/issues/35415
subtest "configuration files are recognized by systemd", sub {
$machine->succeed('test -e /system_conf_read');
$machine->succeed('test -e /home/alice/user_conf_read');
$machine->succeed('test -z $(ls -1 /var/log/journal)');
};
# Regression test for https://github.com/NixOS/nixpkgs/issues/35268
subtest "file system with x-initrd.mount is not unmounted", sub {
$machine->shutdown;
$machine->waitForUnit('multi-user.target');
# If the file system was unmounted during the shutdown the file system
# has a last mount time, because the file system wasn't checked.
$machine->fail('dumpe2fs /dev/vdb | grep -q "^Last mount time: *n/a"');
};
'';
}

7
pkgs/applications/altcoins/bitcoin.nix
View file

@ -5,13 +5,13 @@
with stdenv.lib;
stdenv.mkDerivation rec{
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version;
version = "0.15.1";
version = "0.16.0";
src = fetchurl {
urls = [ "https://bitcoincore.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
"https://bitcoin.org/bin/bitcoin-core-${version}/bitcoin-${version}.tar.gz"
];
sha256 = "1d22fgwdcn343kd95lh389hj417zwbmnhi29cij8n7wc0nz2vpil";
sha256 = "0h7flgsfjzbqajwv8ih686yyxxljhf8krhm8jxranb4kglww1glc";
};
nativeBuildInputs = [ pkgconfig autoreconfHook ];
@ -36,6 +36,7 @@ stdenv.mkDerivation rec{
homepage = http://www.bitcoin.org/;
maintainers = with maintainers; [ roconnor AndersonTorres ];
license = licenses.mit;
platforms = platforms.unix;
# bitcoin needs hexdump to build, which doesn't seem to build on darwin at the moment.
platforms = platforms.linux;
};
}

6
pkgs/applications/altcoins/default.nix
View file

@ -1,11 +1,11 @@
{ callPackage, boost155, boost164, openssl_1_1_0, haskellPackages, darwin, libsForQt5, miniupnpc_2, python3 }:
{ callPackage, boost155, openssl_1_1_0, haskellPackages, darwin, libsForQt5, miniupnpc_2, python3 }:
rec {
aeon = callPackage ./aeon { };
bitcoin = libsForQt5.callPackage ./bitcoin.nix { boost = boost164; miniupnpc = miniupnpc_2; withGui = true; };
bitcoind = callPackage ./bitcoin.nix { boost = boost164; miniupnpc = miniupnpc_2; withGui = false; };
bitcoin = libsForQt5.callPackage ./bitcoin.nix { miniupnpc = miniupnpc_2; withGui = true; };
bitcoind = callPackage ./bitcoin.nix { miniupnpc = miniupnpc_2; withGui = false; };
bitcoin-abc = libsForQt5.callPackage ./bitcoin-abc.nix { withGui = true; };
bitcoind-abc = callPackage ./bitcoin-abc.nix { withGui = false; };

8
pkgs/applications/altcoins/ethabi.nix
View file

@ -4,16 +4,16 @@ with rustPlatform;
buildRustPackage rec {
name = "ethabi-${version}";
version = "1.0.4";
version = "4.1.0";
src = fetchFromGitHub {
owner = "paritytech";
repo = "ethabi";
rev = "18ddc983d77b2a97e6c322abcc23bec59940d65f";
sha256 = "1rg7ydvnhlg8w6blilm3cv6v4q51x1hgrbkln2ikhpdq0vakp5fd";
rev = "v${version}";
sha256 = "0kxflixmgycdh7sv73zf2mrkbcfzzw7f5sjbsjks9crc9cvjqi6p";
};
cargoSha256 = "0i9617qwc6d4jvlbydwk03rcsnyvxzpbn2ms10ds4r6x7jy2a4sy";
cargoSha256 = "18rigpsmfiv6im2sspnxadgqrlfdp9dd75ji8s56ksc9g7hrc3wz";
cargoBuildFlags = ["--features cli"];

11
pkgs/applications/altcoins/go-ethereum.nix
View file

@ -12,6 +12,17 @@ buildGoPackage rec {
# Fixes Cgo related build failures (see https://github.com/NixOS/nixpkgs/issues/25959 )
hardeningDisable = [ "fortify" ];
# Only install binaries in $out, source is not interesting and takes ~50M
outputs = [ "out" ];
preFixup = ''
export bin="''${out}"
'';
installPhase = ''
mkdir -p $out/bin $out
dir="$NIX_BUILD_TOP/go/bin"
[ -e "$dir" ] && cp -r $dir $out
'';
src = fetchFromGitHub {
owner = "ethereum";
repo = "go-ethereum";

4
pkgs/applications/altcoins/seth.nix
View file

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
name = "seth-${version}";
version = "0.6.2";
version = "0.6.3";
src = fetchFromGitHub {
owner = "dapphub";
repo = "seth";
rev = "v${version}";
sha256 = "1lbr7i3rznfp3h03y7pc094r0m992lbzr926rnr0xxbyp755wvm4";
sha256 = "0la2nfqsscpbq6zwa6hsd73nimdnrhilrmgyy77yr3jca2wjhsjk";
};
nativeBuildInputs = [makeWrapper];

2
pkgs/applications/audio/a2jmidid/default.nix
View file

@ -28,6 +28,6 @@ in stdenv.mkDerivation rec {
description = "Daemon for exposing legacy ALSA sequencer applications in JACK MIDI system";
license = licenses.gpl2;
maintainers = [ maintainers.goibhniu ];
platforms = platforms.linux;
platforms = [ "i686-linux" "x86_64-linux" ];
};
}

28
pkgs/applications/audio/aacgain/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub }:
{ stdenv, fetchFromGitHub, fetchpatch }:
stdenv.mkDerivation {
name = "aacgain-1.9.0";
@ -12,7 +12,19 @@ stdenv.mkDerivation {
hardeningDisable = [ "format" ];
postPatch = ''
(
cd mp4v2
patch -p0 < ${fetchpatch {
name = "fix_missing_ptr_deref.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/fix_missing_ptr_deref.patch?h=aacgain-cvs&id=e1a19c920f57063e64bab75cb0d8624731f6e3d7";
sha256 = "1cq7r005nvmwdjb25z80grcam7jv6k57jnl2bh349mg3ajmslbq9";
}}
)
'';
configurePhase = ''
runHook preConfigure
cd mp4v2
./configure
@ -21,9 +33,11 @@ stdenv.mkDerivation {
cd ..
./configure
runHook postConfigure
'';
buildPhase = ''
runHook preBuild
cd mp4v2
make libmp4v2.la
@ -32,18 +46,18 @@ stdenv.mkDerivation {
cd ..
make
runHook postBuild
'';
installPhase = ''
strip -s aacgain/aacgain
install -vD aacgain/aacgain "$out/bin/aacgain"
install -D aacgain/aacgain "$out/bin/aacgain"
'';
meta = {
meta = with stdenv.lib; {
description = "ReplayGain for AAC files";
homepage = https://github.com/mulx/aacgain;
license = stdenv.lib.licenses.gpl2;
platforms = stdenv.lib.platforms.linux;
maintainers = [ stdenv.lib.maintainers.robbinch ];
license = licenses.gpl2;
platforms = platforms.linux;
maintainers = [ maintainers.robbinch ];
};
}

4
pkgs/applications/audio/ario/default.nix
View file

@ -1,5 +1,5 @@
{ stdenv, fetchurl, pkgconfig, gettext, gtk2, expat, intltool, libgcrypt,
libunique, gnutls, libxml2, curl, mpd_clientlib, dbus_glib, libnotify,
libunique, gnutls, libxml2, curl, mpd_clientlib, dbus-glib, libnotify,
libsoup, avahi, taglib
}:
@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig ];
buildInputs = [
gettext gtk2 expat intltool libgcrypt libunique gnutls
libxml2 curl mpd_clientlib dbus_glib libnotify libsoup avahi taglib
libxml2 curl mpd_clientlib dbus-glib libnotify libsoup avahi taglib
];
meta = {

4
pkgs/applications/audio/asunder/default.nix
View file

@ -12,11 +12,11 @@
with stdenv.lib;
stdenv.mkDerivation rec {
version = "2.8";
version = "2.9.2";
name = "asunder-${version}";
src = fetchurl {
url = "http://littlesvr.ca/asunder/releases/${name}.tar.bz2";
sha256 = "1nq9kd4rd4k2kibf57gdbm0zw2gxa234vvvdhxkm8g5bhx5h3iyq";
sha256 = "0vjbxrrjih4c673sc39wj5whp81xp9kmnwqxwzfnmhkky970rg5r";
};
nativeBuildInputs = [ pkgconfig ];

8
pkgs/applications/audio/audacious/default.nix
View file

@ -1,7 +1,7 @@
{ stdenv, fetchurl, pkgconfig, wrapGAppsHook, gettext, glib, gtk3
, libmowgli, dbus_glib, libxml2, xorg, gnome3, alsaLib
, libmowgli, dbus-glib, libxml2, xorg, gnome3, alsaLib
, libpulseaudio, libjack2, fluidsynth, libmad, libogg, libvorbis
, libcdio082, libcddb, flac, ffmpeg, mpg123, libcue, libmms, libbs2b
, libcdio, libcddb, flac, ffmpeg, mpg123, libcue, libmms, libbs2b
, libsndfile, libmodplug, libsamplerate, soxr, lirc, curl, wavpack
, neon, faad2, lame, libnotify, libsidplayfp
}:
@ -25,9 +25,9 @@ stdenv.mkDerivation rec {
];
buildInputs = [
gettext glib gtk3 libmowgli dbus_glib libxml2
gettext glib gtk3 libmowgli dbus-glib libxml2
xorg.libXcomposite gnome3.defaultIconTheme alsaLib libjack2
libpulseaudio fluidsynth libmad libogg libvorbis libcdio082
libpulseaudio fluidsynth libmad libogg libvorbis libcdio
libcddb flac ffmpeg mpg123 libcue libmms libbs2b libsndfile
libmodplug libsamplerate soxr lirc curl wavpack neon faad2
lame libnotify libsidplayfp

4
pkgs/applications/audio/audacious/qt-5.nix
View file

@ -3,7 +3,7 @@
gettext, pkgconfig,
qtbase,
alsaLib, curl, faad2, ffmpeg, flac, fluidsynth, gdk_pixbuf, lame, libbs2b,
libcddb, libcdio082, libcue, libjack2, libmad, libmms, libmodplug,
libcddb, libcdio, libcue, libjack2, libmad, libmms, libmodplug,
libmowgli, libnotify, libogg, libpulseaudio, libsamplerate, libsidplayfp,
libsndfile, libvorbis, libxml2, lirc, mpg123, neon, qtmultimedia, soxr,
wavpack
@ -46,7 +46,7 @@ mkDerivation {
# Plugin dependencies
alsaLib curl faad2 ffmpeg flac fluidsynth gdk_pixbuf lame libbs2b libcddb
libcdio082 libcue libjack2 libmad libmms libmodplug libmowgli
libcdio libcue libjack2 libmad libmms libmodplug libmowgli
libnotify libogg libpulseaudio libsamplerate libsidplayfp libsndfile
libvorbis libxml2 lirc mpg123 neon qtmultimedia soxr wavpack
];

4
pkgs/applications/audio/audacity/default.nix
View file

@ -7,12 +7,12 @@
with stdenv.lib;
stdenv.mkDerivation rec {
version = "2.2.1";
version = "2.2.2";
name = "audacity-${version}";
src = fetchurl {
url = "https://github.com/audacity/audacity/archive/Audacity-${version}.tar.gz";
sha256 = "1n05r8b4rnf9fas0py0is8cm97s3h65dgvqkk040aym5d1x6wd7z";
sha256 = "18q7i77ynihx7xp45lz2lv0k0wrh6736pcrivlpwrxjgbvyqx7km";
};
preConfigure = /* we prefer system-wide libs */ ''

6
pkgs/applications/audio/deadbeef/default.nix
View file

@ -1,7 +1,7 @@
{ stdenv, fetchurl, intltool, pkgconfig, fetchpatch, jansson
# deadbeef can use either gtk2 or gtk3
, gtk2Support ? false, gtk2 ? null
, gtk3Support ? true, gtk3 ? null, gsettings_desktop_schemas ? null, wrapGAppsHook ? null
, gtk3Support ? true, gtk3 ? null, gsettings-desktop-schemas ? null, wrapGAppsHook ? null
# input plugins
, vorbisSupport ? true, libvorbis ? null
, mp123Support ? true, libmad ? null
@ -30,7 +30,7 @@
assert gtk2Support || gtk3Support;
assert gtk2Support -> gtk2 != null;
assert gtk3Support -> gtk3 != null && gsettings_desktop_schemas != null && wrapGAppsHook != null;
assert gtk3Support -> gtk3 != null && gsettings-desktop-schemas != null && wrapGAppsHook != null;
assert vorbisSupport -> libvorbis != null;
assert mp123Support -> libmad != null;
assert flacSupport -> flac != null;
@ -62,7 +62,7 @@ stdenv.mkDerivation rec {
buildInputs = with stdenv.lib; [ jansson ]
++ optional gtk2Support gtk2
++ optionals gtk3Support [ gtk3 gsettings_desktop_schemas ]
++ optionals gtk3Support [ gtk3 gsettings-desktop-schemas ]
++ optional vorbisSupport libvorbis
++ optional mp123Support libmad
++ optional flacSupport flac

31
pkgs/applications/audio/deadbeef/plugins/opus.nix Normal file
View file

@ -0,0 +1,31 @@
{ stdenv, fetchFromBitbucket, opusfile, libopus, libogg, openssl, deadbeef }:
stdenv.mkDerivation rec {
name = "deadbeef-opus-plugin-${version}";
version = "0.8";
src = fetchFromBitbucket {
owner = "Lithopsian";
repo = "deadbeef-opus";
rev = "v${version}";
sha256 = "057rgsw4563gs63k05s7zsdc0n4djxwlbyqabf7c88f23z35ryyi";
};
makeFlags = [
"PREFIX=$(out)"
];
NIX_CFLAGS_COMPILE = [
"-I${opusfile}/include/opus"
];
buildInputs = [ deadbeef opusfile libopus libogg openssl ];
meta = with stdenv.lib; {
description = "Ogg Opus decoder plugin for the DeaDBeeF music player";
homepage = https://bitbucket.org/Lithopsian/deadbeef-opus;
license = licenses.gpl2; # There are three files, each licensed under different license: zlib, gpl2Plus and lgpl2
maintainers = [ maintainers.jtojnar ];
platforms = platforms.linux;
};
}

4
pkgs/applications/audio/drumkv1/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "drumkv1-${version}";
version = "0.8.5";
version = "0.8.6";
src = fetchurl {
url = "mirror://sourceforge/drumkv1/${name}.tar.gz";
sha256 = "06xqqm1ylmpp2s7xk7xav325gc50kxlvh9vf1343b0n3i8xkgjfg";
sha256 = "0fwxrfyp15a4m77mzz4mwj36mhdrj646whlrkvcys33p2w75f8cq";
};
buildInputs = [ libjack2 alsaLib libsndfile liblo lv2 qt5.qtbase qt5.qttools ];

4
pkgs/applications/audio/easytag/default.nix
View file

@ -1,5 +1,5 @@
{ stdenv, fetchurl, pkgconfig, intltool, gtk3, glib, libid3tag, id3lib, taglib
, libvorbis, libogg, flac, itstool, libxml2, gsettings_desktop_schemas
, libvorbis, libogg, flac, itstool, libxml2, gsettings-desktop-schemas
, makeWrapper, gnome3
}:
@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ makeWrapper pkgconfig intltool ];
buildInputs = [
gtk3 glib libid3tag id3lib taglib libvorbis libogg flac
itstool libxml2 gsettings_desktop_schemas gnome3.defaultIconTheme (stdenv.lib.getLib gnome3.dconf)
itstool libxml2 gsettings-desktop-schemas gnome3.defaultIconTheme (stdenv.lib.getLib gnome3.dconf)
];
meta = with stdenv.lib; {

4
pkgs/applications/audio/flacon/default.nix
View file

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
name = "flacon-${version}";
version = "2.1.1";
version = "4.0.0";
src = fetchFromGitHub {
owner = "flacon";
repo = "flacon";
rev = "v${version}";
sha256 = "0jazv3d1xaydp2ws1pd5rmga76z5yk74v3a8yqfc8vbb2z6ahimz";
sha256 = "0l0xbzpy4nnr08z7gqvb4ngrjwzpspa382cbcrpkya3nd40987kr";
};
nativeBuildInputs = [ cmake pkgconfig makeWrapper ];

4
pkgs/applications/audio/fluidsynth/default.nix
View file

@ -5,13 +5,13 @@
stdenv.mkDerivation rec {
name = "fluidsynth-${version}";
version = "1.1.8";
version = "1.1.9";
src = fetchFromGitHub {
owner = "FluidSynth";
repo = "fluidsynth";
rev = "v${version}";
sha256 = "12q7hv0zvgylsdj1ipssv5zr7ap2y410dxsd63dz22y05fa2hwwd";
sha256 = "0krvmb1idnf95l2ydzfcb08ayyx3n4m71hf9fgwv3srzaikvpf3q";
};
nativeBuildInputs = [ pkgconfig cmake ];

4
pkgs/applications/audio/gjay/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, fetchurl, pkgconfig, mpd_clientlib, dbus_glib, audacious, gtk2, gsl
{ stdenv, fetchurl, pkgconfig, mpd_clientlib, dbus-glib, audacious, gtk2, gsl
, libaudclient }:
stdenv.mkDerivation {
@ -11,7 +11,7 @@ stdenv.mkDerivation {
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ mpd_clientlib dbus_glib audacious gtk2 gsl libaudclient ];
buildInputs = [ mpd_clientlib dbus-glib audacious gtk2 gsl libaudclient ];
hardeningDisable = [ "format" ];

4
pkgs/applications/audio/gmpc/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, fetchurl, libtool, intltool, pkgconfig, glib
, gtk2, curl, mpd_clientlib, libsoup, gob2, vala, libunique
, libSM, libICE, sqlite, hicolor_icon_theme, wrapGAppsHook
, libSM, libICE, sqlite, hicolor-icon-theme, wrapGAppsHook
}:
stdenv.mkDerivation rec {
@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig libtool intltool gob2 vala wrapGAppsHook ];
buildInputs = [
glib gtk2 curl mpd_clientlib libsoup
libunique libmpd libSM libICE sqlite hicolor_icon_theme
libunique libmpd libSM libICE sqlite hicolor-icon-theme
];
meta = with stdenv.lib; {

12
pkgs/applications/audio/gradio/default.nix
View file

@ -1,13 +1,13 @@
{ stdenv, fetchFromGitHub, pkgconfig
, gcc
, python3
, gsettings_desktop_schemas
, desktop_file_utils
, gsettings-desktop-schemas
, desktop-file-utils
, glib
, gtk3
, intltool
, libsoup
, json_glib
, json-glib
, wrapGAppsHook
, meson
, ninja
@ -44,15 +44,15 @@ in stdenv.mkDerivation rec {
glib
intltool
libsoup
json_glib
json-glib
gtk3
gst_all_1.gstreamer
gst_all_1.gst-plugins-base
wrapGAppsHook
desktop_file_utils
gsettings_desktop_schemas
desktop-file-utils
gsettings-desktop-schemas
] ++ gst_plugins;
enableParallelBuilding = true;

8
pkgs/applications/audio/gtkpod/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, fetchurl, pkgconfig, makeWrapper, intltool, libgpod, curl, flac,
gnome, gtk3, glib, gettext, perl, perlXMLParser, flex, libglade, libid3tag,
libvorbis, hicolor_icon_theme, gdk_pixbuf }:
libvorbis, hicolor-icon-theme, gdk_pixbuf }:
stdenv.mkDerivation rec {
version = "2.1.5";
@ -11,13 +11,13 @@ stdenv.mkDerivation rec {
sha256 = "0xisrpx069f7bjkyc8vqxb4k0480jmx1wscqxr6cpq1qj6pchzd5";
};
propagatedUserEnvPkgs = [ gnome.gnome_themes_standard ];
propagatedUserEnvPkgs = [ gnome.gnome-themes-standard ];
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ makeWrapper intltool curl gettext perl perlXMLParser
flex libgpod libid3tag flac libvorbis gtk3 gdk_pixbuf libglade gnome.anjuta
gnome.gdl gnome.defaultIconTheme
hicolor_icon_theme ];
hicolor-icon-theme ];
patchPhase = ''
sed -i 's/which/type -P/' scripts/*.sh
@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
preFixup = ''
wrapProgram "$out/bin/gtkpod" \
--set GDK_PIXBUF_MODULE_FILE "$GDK_PIXBUF_MODULE_FILE" \
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome.gnome_themes_standard}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:${gnome.gnome-themes-standard}/share:$out/share:$GSETTINGS_SCHEMAS_PATH"
'';
enableParallelBuilding = true;

8
pkgs/applications/audio/guitarix/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv, fetchurl, gettext, intltool, pkgconfig, python2
, avahi, bluez, boost, eigen, fftw, glib, glib_networking
, glibmm, gsettings_desktop_schemas, gtkmm2, libjack2
, avahi, bluez, boost, eigen, fftw, glib, glib-networking
, glibmm, gsettings-desktop-schemas, gtkmm2, libjack2
, ladspaH, libav, librdf, libsndfile, lilv, lv2, serd, sord, sratom
, wrapGAppsHook, zita-convolver, zita-resampler
, optimizationSupport ? false # Enable support for native CPU extensions
@ -22,8 +22,8 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ gettext intltool wrapGAppsHook pkgconfig python2 ];
buildInputs = [
avahi bluez boost eigen fftw glib glibmm glib_networking.out
gsettings_desktop_schemas gtkmm2 libjack2 ladspaH libav librdf
avahi bluez boost eigen fftw glib glibmm glib-networking.out
gsettings-desktop-schemas gtkmm2 libjack2 ladspaH libav librdf
libsndfile lilv lv2 serd sord sratom zita-convolver
zita-resampler
];

4
pkgs/applications/audio/kid3/default.nix
View file

@ -10,11 +10,11 @@
stdenv.mkDerivation rec {
name = "kid3-${version}";
version = "3.4.2";
version = "3.5.1";
src = fetchurl {
url = "mirror://sourceforge/project/kid3/kid3/${version}/${name}.tar.gz";
sha256 = "0gka4na583015jyqva18g85q7vnkjdk0iji2jp88di3kpvqhf1sw";
sha256 = "09iryxnhg8d9q36a4brb25bqkjprkx5kl0x7vyy82gxivqk0ihl8";
};
buildInputs = with stdenv.lib;

Some files were not shown because too many files have changed in this diff Show more