movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Merge staging-next into staging

Browse source
This commit is contained in:
Frederik Rietdijk 2020-08-07 23:02:23 +02:00
commit cb634b2aa5
249 changed files with 5639 additions and 3267 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/editorconfig.yml vendored
View file

@ -11,7 +11,7 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: technote-space/get-diff-action@v2.0.3 - uses: technote-space/get-diff-action@v2.0.3
- name: fetch editorconfig-checker - name: Fetch editorconfig-checker
env: env:
VERSION: "2.1.0" VERSION: "2.1.0"
OS: "linux" OS: "linux"

5
.github/workflows/wait-ofborg.yml vendored
View file

@ -7,8 +7,9 @@ jobs:
steps: steps:
- name: Wait for ofborg CI - name: Wait for ofborg CI
run: | run: |
# Wait for ofborg ...
# eval sometimes takes a bit longer on staging. # eval sometimes takes a bit longer on staging.
if [[ "$BASE_BRANCH" == "refs/heads/staging" ]]; then if [[ "$BASE_BRANCH" == "staging" ]]; then
COUNTDOWN=$((COUNTDOWN*2)) COUNTDOWN=$((COUNTDOWN*2))
fi fi
# ..in future a better fix would be to make ofborg mark CI as pending right away. # ..in future a better fix would be to make ofborg mark CI as pending right away.
@ -30,7 +31,7 @@ jobs:
if: github.repository_owner == 'NixOS' if: github.repository_owner == 'NixOS'
env: env:
BASE_BRANCH: ${{ github.base_ref }} BASE_BRANCH: ${{ github.base_ref }}
COUNTDOWN: 360 # wait for ~30min... COUNTDOWN: 540 # wait for ~45min...
GITHUB_TOKEN: ${{ github.token }} GITHUB_TOKEN: ${{ github.token }}
COMMIT: ${{ github.event.pull_request.head.sha }} COMMIT: ${{ github.event.pull_request.head.sha }}
OFBORG_APP_ID: 20500 OFBORG_APP_ID: 20500

10
maintainers/maintainer-list.nix
View file

@ -2180,6 +2180,16 @@
githubId = 974130; githubId = 974130;
name = "David Pätzel"; name = "David Pätzel";
}; };
dpausp = {
email = "dpausp@posteo.de";
github = "dpausp";
githubId = 1965950;
name = "Tobias Stenzel";
keys = [{
longkeyid = "rsa2048/0x78C7DD40DF23FB16";
fingerprint = "4749 0887 CF3B 85A1 6355 C671 78C7 DD40 DF23 FB16";
}];
};
dpflug = { dpflug = {
email = "david@pflug.email"; email = "david@pflug.email";
github = "dpflug"; github = "dpflug";

42
nixos/doc/manual/release-notes/rl-2009.xml
View file

@ -615,6 +615,17 @@ services.dokuwiki."mywiki" = {
}; };
... ...
}; };
</programlisting>
</para>
</listitem>
<listitem>
<para>
The <xref linkend="opt-services.postgresql.dataDir"/> option is now set to <literal>"/var/lib/postgresql/${cfg.package.psqlSchema}"</literal> regardless of your
<xref linkend="opt-system.stateVersion"/>. Users with an existing postgresql install that have a <xref linkend="opt-system.stateVersion"/> of <literal>17.09</literal> or below
should double check what the value of their <xref linkend="opt-services.postgresql.dataDir"/> option is (<literal>/var/db/postgresql</literal>) and then explicitly
set this value to maintain compatibility:
<programlisting>
services.postgresql.dataDir = "/var/db/postgresql";
</programlisting> </programlisting>
</para> </para>
</listitem> </listitem>
@ -710,6 +721,37 @@ services.dokuwiki."mywiki" = {
was removed, as udev gained native support to handle FIDO security tokens. was removed, as udev gained native support to handle FIDO security tokens.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>services.transmission</literal> module
was enhanced with the new options:
<xref linkend="opt-services.transmission.credentialsFile"/>,
<xref linkend="opt-services.transmission.openFirewall"/>,
and <xref linkend="opt-services.transmission.performanceNetParameters"/>.
</para>
<para>
<literal>transmission-daemon</literal> is now started with additional systemd sandbox/hardening options for better security.
Please <link xlink:href="https://github.com/NixOS/nixpkgs/issues">report</link>
any use case where this is not working well.
In particular, the <literal>RootDirectory</literal> option newly set
forbids uploading or downloading a torrent outside of the default directory
configured at <link linkend="opt-services.transmission.settings">settings.download-dir</link>.
If you really need Transmission to access other directories,
you must include those directories into the <literal>BindPaths</literal> of the service:
<programlisting>
systemd.services.transmission.serviceConfig.BindPaths = [ "/path/to/alternative/download-dir" ];
</programlisting>
</para>
<para>
Also, connection to the RPC (Remote Procedure Call) of <literal>transmission-daemon</literal>
is now only available on the local network interface by default.
Use:
<programlisting>
services.transmission.settings.rpc-bind-address = "0.0.0.0";
</programlisting>
to get the previous behavior of listening on all network interfaces.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
With this release <literal>systemd-networkd</literal> (when enabled through <xref linkend="opt-networking.useNetworkd"/>) With this release <literal>systemd-networkd</literal> (when enabled through <xref linkend="opt-networking.useNetworkd"/>)

8
nixos/modules/config/appstream.nix
View file

@ -7,18 +7,18 @@ with lib;
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = ''
Whether to install files to support the Whether to install files to support the
<link xlink:href="https://www.freedesktop.org/software/appstream/docs/index.html">AppStream metadata specification</link>. <link xlink:href="https://www.freedesktop.org/software/appstream/docs/index.html">AppStream metadata specification</link>.
''; '';
}; };
}; };
config = mkIf config.appstream.enable { config = mkIf config.appstream.enable {
environment.pathsToLink = [ environment.pathsToLink = [
# per component metadata # per component metadata
"/share/metainfo" "/share/metainfo"
# legacy path for above # legacy path for above
"/share/appdata" "/share/appdata"
]; ];
}; };

4
nixos/modules/hardware/tuxedo-keyboard.nix
View file

@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.hardware.tuxedo-keyboard; cfg = config.hardware.tuxedo-keyboard;
tuxedo-keyboard = config.boot.kernelPackages.tuxedo-keyboard; tuxedo-keyboard = config.boot.kernelPackages.tuxedo-keyboard;
in in
@ -27,7 +27,7 @@ in
''; '';
}; };
config = mkIf cfg.enable config = mkIf cfg.enable
{ {
boot.kernelModules = ["tuxedo_keyboard"]; boot.kernelModules = ["tuxedo_keyboard"];
boot.extraModulePackages = [ tuxedo-keyboard ]; boot.extraModulePackages = [ tuxedo-keyboard ];

2
nixos/modules/i18n/input-method/uim.nix
View file

@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.i18n.inputMethod.uim; cfg = config.i18n.inputMethod.uim;
in in
{ {

9
nixos/modules/installer/cd-dvd/iso-image.nix
View file

@ -417,6 +417,14 @@ in
''; '';
}; };
isoImage.squashfsCompression = mkOption {
default = "xz -Xdict-size 100%";
description = ''
Compression settings to use for the squashfs nix store.
'';
example = "zstd -Xcompression-level 6";
};
isoImage.edition = mkOption { isoImage.edition = mkOption {
default = ""; default = "";
description = '' description = ''
@ -614,6 +622,7 @@ in
# Create the squashfs image that contains the Nix store. # Create the squashfs image that contains the Nix store.
system.build.squashfsStore = pkgs.callPackage ../../../lib/make-squashfs.nix { system.build.squashfsStore = pkgs.callPackage ../../../lib/make-squashfs.nix {
storeContents = config.isoImage.storeContents; storeContents = config.isoImage.storeContents;
comp = config.isoImage.squashfsCompression;
}; };
# Individual files to be included on the CD, outside of the Nix # Individual files to be included on the CD, outside of the Nix

4
nixos/modules/programs/autojump.nix
View file

@ -18,7 +18,7 @@ in
''; '';
}; };
}; };
}; };
###### implementation ###### implementation
@ -26,7 +26,7 @@ in
environment.pathsToLink = [ "/share/autojump" ]; environment.pathsToLink = [ "/share/autojump" ];
environment.systemPackages = [ pkgs.autojump ]; environment.systemPackages = [ pkgs.autojump ];
programs.bash.interactiveShellInit = "source ${pkgs.autojump}/share/autojump/autojump.bash"; programs.bash.interactiveShellInit = "source ${pkgs.autojump}/share/autojump/autojump.bash";
programs.zsh.interactiveShellInit = mkIf prg.zsh.enable "source ${pkgs.autojump}/share/autojump/autojump.zsh"; programs.zsh.interactiveShellInit = mkIf prg.zsh.enable "source ${pkgs.autojump}/share/autojump/autojump.zsh";
programs.fish.interactiveShellInit = mkIf prg.fish.enable "source ${pkgs.autojump}/share/autojump/autojump.fish"; programs.fish.interactiveShellInit = mkIf prg.fish.enable "source ${pkgs.autojump}/share/autojump/autojump.fish";
}; };

4
nixos/modules/programs/freetds.nix
View file

@ -25,7 +25,7 @@ in
'''; ''';
} }
''; '';
description = description =
'' ''
Configure freetds database entries. Each attribute denotes Configure freetds database entries. Each attribute denotes
a section within freetds.conf, and the value (a string) is the config a section within freetds.conf, and the value (a string) is the config
@ -47,7 +47,7 @@ in
environment.variables.FREETDS = "/etc/freetds.conf"; environment.variables.FREETDS = "/etc/freetds.conf";
environment.variables.SYBASE = "${pkgs.freetds}"; environment.variables.SYBASE = "${pkgs.freetds}";
environment.etc."freetds.conf" = { text = environment.etc."freetds.conf" = { text =
(concatStrings (mapAttrsToList (name: value: (concatStrings (mapAttrsToList (name: value:
'' ''
[${name}] [${name}]

4
nixos/modules/services/audio/icecast.nix
View file

@ -23,7 +23,7 @@ let
<listen-socket> <listen-socket>
<port>${toString cfg.listen.port}</port> <port>${toString cfg.listen.port}</port>
<bind-address>${cfg.listen.address}</bind-address> <bind-address>${cfg.listen.address}</bind-address>
</listen-socket> </listen-socket>
<security> <security>
<chroot>0</chroot> <chroot>0</chroot>
@ -70,7 +70,7 @@ in {
description = "Base directory used for logging."; description = "Base directory used for logging.";
default = "/var/log/icecast"; default = "/var/log/icecast";
}; };
listen = { listen = {
port = mkOption { port = mkOption {
type = types.int; type = types.int;

36
nixos/modules/services/backup/bacula.nix
View file

@ -18,7 +18,7 @@ let
Pid Directory = "/run"; Pid Directory = "/run";
${fd_cfg.extraClientConfig} ${fd_cfg.extraClientConfig}
} }
${concatStringsSep "\n" (mapAttrsToList (name: value: '' ${concatStringsSep "\n" (mapAttrsToList (name: value: ''
Director { Director {
Name = "${name}"; Name = "${name}";
@ -26,7 +26,7 @@ let
Monitor = "${value.monitor}"; Monitor = "${value.monitor}";
} }
'') fd_cfg.director)} '') fd_cfg.director)}
Messages { Messages {
Name = Standard; Name = Standard;
syslog = all, !skipped, !restored syslog = all, !skipped, !restored
@ -35,7 +35,7 @@ let
''; '';
sd_cfg = config.services.bacula-sd; sd_cfg = config.services.bacula-sd;
sd_conf = pkgs.writeText "bacula-sd.conf" sd_conf = pkgs.writeText "bacula-sd.conf"
'' ''
Storage { Storage {
Name = "${sd_cfg.name}"; Name = "${sd_cfg.name}";
@ -80,7 +80,7 @@ let
''; '';
dir_cfg = config.services.bacula-dir; dir_cfg = config.services.bacula-dir;
dir_conf = pkgs.writeText "bacula-dir.conf" dir_conf = pkgs.writeText "bacula-dir.conf"
'' ''
Director { Director {
Name = "${dir_cfg.name}"; Name = "${dir_cfg.name}";
@ -125,10 +125,10 @@ let
The password is plain text. It is not generated through any special The password is plain text. It is not generated through any special
process but as noted above, it is better to use random text for process but as noted above, it is better to use random text for
security reasons. security reasons.
''; '';
}; };
monitor = mkOption { monitor = mkOption {
default = "no"; default = "no";
example = "yes"; example = "yes";
@ -140,7 +140,7 @@ let
Please note that if this director is being used by a Monitor, we Please note that if this director is being used by a Monitor, we
highly recommend to set this directive to yes to avoid serious highly recommend to set this directive to yes to avoid serious
security problems. security problems.
''; '';
}; };
}; };
@ -163,7 +163,7 @@ let
type of autochanger, what you specify here can vary. This directive type of autochanger, what you specify here can vary. This directive
is optional. See the Using AutochangersAutochangersChapter chapter of is optional. See the Using AutochangersAutochangersChapter chapter of
this manual for more details of using this and the following this manual for more details of using this and the following
autochanger directives. autochanger directives.
''; '';
}; };
@ -200,7 +200,7 @@ let
Extra configuration to be passed in Autochanger directive. Extra configuration to be passed in Autochanger directive.
''; '';
example = '' example = ''
''; '';
}; };
}; };
@ -222,7 +222,7 @@ let
if you are archiving to disk storage. In this case, you must supply if you are archiving to disk storage. In this case, you must supply
the full absolute path to the directory. When specifying a tape the full absolute path to the directory. When specifying a tape
device, it is preferable that the "non-rewind" variant of the device device, it is preferable that the "non-rewind" variant of the device
file name be given. file name be given.
''; '';
}; };
@ -290,7 +290,7 @@ in {
Whether to enable the Bacula File Daemon. Whether to enable the Bacula File Daemon.
''; '';
}; };
name = mkOption { name = mkOption {
default = "${config.networking.hostName}-fd"; default = "${config.networking.hostName}-fd";
description = '' description = ''
@ -300,7 +300,7 @@ in {
Clients. This directive is required. Clients. This directive is required.
''; '';
}; };
port = mkOption { port = mkOption {
default = 9102; default = 9102;
type = types.int; type = types.int;
@ -310,7 +310,7 @@ in {
the Client resource of the Director's configuration file. the Client resource of the Director's configuration file.
''; '';
}; };
director = mkOption { director = mkOption {
default = {}; default = {};
description = '' description = ''
@ -349,14 +349,14 @@ in {
Whether to enable Bacula Storage Daemon. Whether to enable Bacula Storage Daemon.
''; '';
}; };
name = mkOption { name = mkOption {
default = "${config.networking.hostName}-sd"; default = "${config.networking.hostName}-sd";
description = '' description = ''
Specifies the Name of the Storage daemon. Specifies the Name of the Storage daemon.
''; '';
}; };
port = mkOption { port = mkOption {
default = 9103; default = 9103;
type = types.int; type = types.int;
@ -410,7 +410,7 @@ in {
console = all console = all
''; '';
}; };
}; };
services.bacula-dir = { services.bacula-dir = {
@ -429,7 +429,7 @@ in {
required. required.
''; '';
}; };
port = mkOption { port = mkOption {
default = 9101; default = 9101;
type = types.int; type = types.int;
@ -442,7 +442,7 @@ in {
specify DirAddresses (N.B plural) directive. specify DirAddresses (N.B plural) directive.
''; '';
}; };
password = mkOption { password = mkOption {
# TODO: required? # TODO: required?
description = '' description = ''

2
nixos/modules/services/backup/restic.nix
View file

@ -55,7 +55,7 @@ in
Configuration for the rclone remote being used for backup. Configuration for the rclone remote being used for backup.
See the remote's specific options under rclone's docs at See the remote's specific options under rclone's docs at
<link xlink:href="https://rclone.org/docs/"/>. When specifying <link xlink:href="https://rclone.org/docs/"/>. When specifying
option names, use the "config" name specified in the docs. option names, use the "config" name specified in the docs.
For example, to set <literal>--b2-hard-delete</literal> for a B2 For example, to set <literal>--b2-hard-delete</literal> for a B2
remote, use <literal>hard_delete = true</literal> in the remote, use <literal>hard_delete = true</literal> in the
attribute set. attribute set.

2
nixos/modules/services/computing/torque/mom.nix
View file

@ -60,4 +60,4 @@ in
}; };
}; };
} }

2
nixos/modules/services/computing/torque/server.nix
View file

@ -93,4 +93,4 @@ in
}; };
}; };
} }

101
nixos/modules/services/databases/postgresql.nix
View file

@ -21,7 +21,7 @@ let
listen_addresses = '${if cfg.enableTCPIP then "*" else "localhost"}' listen_addresses = '${if cfg.enableTCPIP then "*" else "localhost"}'
port = ${toString cfg.port} port = ${toString cfg.port}
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
groupAccessAvailable = versionAtLeast postgresql.version "11.0"; groupAccessAvailable = versionAtLeast postgresql.version "11.0";
@ -55,9 +55,13 @@ in
dataDir = mkOption { dataDir = mkOption {
type = types.path; type = types.path;
defaultText = "/var/lib/postgresql/\${config.services.postgresql.package.psqlSchema}";
example = "/var/lib/postgresql/11"; example = "/var/lib/postgresql/11";
description = '' description = ''
Data directory for PostgreSQL. The data directory for PostgreSQL. If left as the default value
this directory will automatically be created before the PostgreSQL server starts, otherwise
the sysadmin is responsible for ensuring the directory exists with appropriate ownership
and permissions.
''; '';
}; };
@ -249,10 +253,7 @@ in
else if versionAtLeast config.system.stateVersion "16.03" then pkgs.postgresql_9_5 else if versionAtLeast config.system.stateVersion "16.03" then pkgs.postgresql_9_5
else throw "postgresql_9_4 was removed, please upgrade your postgresql version."); else throw "postgresql_9_4 was removed, please upgrade your postgresql version.");
services.postgresql.dataDir = services.postgresql.dataDir = mkDefault "/var/lib/postgresql/${cfg.package.psqlSchema}";
mkDefault (if versionAtLeast config.system.stateVersion "17.09"
then "/var/lib/postgresql/${cfg.package.psqlSchema}"
else "/var/db/postgresql");
services.postgresql.authentication = mkAfter services.postgresql.authentication = mkAfter
'' ''
@ -291,40 +292,28 @@ in
preStart = preStart =
'' ''
# Create data directory.
if ! test -e ${cfg.dataDir}/PG_VERSION; then if ! test -e ${cfg.dataDir}/PG_VERSION; then
mkdir -m 0700 -p ${cfg.dataDir} # Cleanup the data directory.
rm -f ${cfg.dataDir}/*.conf rm -f ${cfg.dataDir}/*.conf
chown -R postgres:postgres ${cfg.dataDir}
fi
''; # */
script = # Initialise the database.
''
# Initialise the database.
if ! test -e ${cfg.dataDir}/PG_VERSION; then
initdb -U ${cfg.superUser} ${concatStringsSep " " cfg.initdbArgs} initdb -U ${cfg.superUser} ${concatStringsSep " " cfg.initdbArgs}
# See postStart! # See postStart!
touch "${cfg.dataDir}/.first_startup" touch "${cfg.dataDir}/.first_startup"
fi fi
ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf" ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf"
${optionalString (cfg.recoveryConfig != null) '' ${optionalString (cfg.recoveryConfig != null) ''
ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \ ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \
"${cfg.dataDir}/recovery.conf" "${cfg.dataDir}/recovery.conf"
''} ''}
${optionalString (!groupAccessAvailable) ''
# postgresql pre 11.0 doesn't start if state directory mode is group accessible
chmod 0700 "${cfg.dataDir}"
''}
exec postgres
''; '';
serviceConfig = serviceConfig = mkMerge [
{ ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; { ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "postgres"; User = "postgres";
Group = "postgres"; Group = "postgres";
PermissionsStartOnly = true;
RuntimeDirectory = "postgresql"; RuntimeDirectory = "postgresql";
Type = if versionAtLeast cfg.package.version "9.6" Type = if versionAtLeast cfg.package.version "9.6"
then "notify" then "notify"
@ -338,36 +327,48 @@ in
# Give Postgres a decent amount of time to clean up after # Give Postgres a decent amount of time to clean up after
# receiving systemd's SIGINT. # receiving systemd's SIGINT.
TimeoutSec = 120; TimeoutSec = 120;
};
# Wait for PostgreSQL to be ready to accept connections. ExecStart = "${postgresql}/bin/postgres";
postStart =
''
PSQL="${pkgs.utillinux}/bin/runuser -u ${cfg.superUser} -- psql --port=${toString cfg.port}"
while ! $PSQL -d postgres -c "" 2> /dev/null; do # Wait for PostgreSQL to be ready to accept connections.
if ! kill -0 "$MAINPID"; then exit 1; fi ExecStartPost =
sleep 0.1 let
done setupScript = pkgs.writeScript "postgresql-setup" (''
#!${pkgs.runtimeShell} -e
if test -e "${cfg.dataDir}/.first_startup"; then PSQL="${pkgs.utillinux}/bin/runuser -u ${cfg.superUser} -- psql --port=${toString cfg.port}"
${optionalString (cfg.initialScript != null) ''
$PSQL -f "${cfg.initialScript}" -d postgres while ! $PSQL -d postgres -c "" 2> /dev/null; do
''} if ! kill -0 "$MAINPID"; then exit 1; fi
rm -f "${cfg.dataDir}/.first_startup" sleep 0.1
fi done
'' + optionalString (cfg.ensureDatabases != []) ''
${concatMapStrings (database: '' if test -e "${cfg.dataDir}/.first_startup"; then
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}"' ${optionalString (cfg.initialScript != null) ''
'') cfg.ensureDatabases} $PSQL -f "${cfg.initialScript}" -d postgres
'' + '' ''}
${concatMapStrings (user: '' rm -f "${cfg.dataDir}/.first_startup"
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"' fi
${concatStringsSep "\n" (mapAttrsToList (database: permission: '' '' + optionalString (cfg.ensureDatabases != []) ''
$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"' ${concatMapStrings (database: ''
'') user.ensurePermissions)} $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}"'
'') cfg.ensureUsers} '') cfg.ensureDatabases}
''; '' + ''
${concatMapStrings (user: ''
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"'
${concatStringsSep "\n" (mapAttrsToList (database: permission: ''
$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"'
'') user.ensurePermissions)}
'') cfg.ensureUsers}
'');
in
"+${setupScript}";
}
(mkIf (cfg.dataDir == "/var/lib/postgresql/${cfg.package.psqlSchema}") {
StateDirectory = "postgresql postgresql/${cfg.package.psqlSchema}";
StateDirectoryMode = if groupAccessAvailable then "0750" else "0700";
})
];
unitConfig.RequiresMountsFor = "${cfg.dataDir}"; unitConfig.RequiresMountsFor = "${cfg.dataDir}";
}; };

2
nixos/modules/services/databases/riak-cs.nix
View file

@ -35,7 +35,7 @@ in
Name of the Erlang node. Name of the Erlang node.
''; '';
}; };
anonymousUserCreation = mkOption { anonymousUserCreation = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;

16
nixos/modules/services/games/minetest-server.nix
View file

@ -5,12 +5,12 @@ with lib;
let let
cfg = config.services.minetest-server; cfg = config.services.minetest-server;
flag = val: name: if val != null then "--${name} ${val} " else ""; flag = val: name: if val != null then "--${name} ${val} " else "";
flags = [ flags = [
(flag cfg.gameId "gameid") (flag cfg.gameId "gameid")
(flag cfg.world "world") (flag cfg.world "world")
(flag cfg.configPath "config") (flag cfg.configPath "config")
(flag cfg.logPath "logfile") (flag cfg.logPath "logfile")
(flag cfg.port "port") (flag cfg.port "port")
]; ];
in in
{ {
@ -26,7 +26,7 @@ in
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
description = '' description = ''
Id of the game to use. To list available games run Id of the game to use. To list available games run
`minetestserver --gameid list`. `minetestserver --gameid list`.
If only one game exists, this option can be null. If only one game exists, this option can be null.
@ -59,7 +59,7 @@ in
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
description = '' description = ''
Path to logfile for logging. Path to logfile for logging.
If set to null, logging will be output to stdout which means If set to null, logging will be output to stdout which means
all output will be catched by systemd. all output will be catched by systemd.

2
nixos/modules/services/games/terraria.nix
View file

@ -7,7 +7,7 @@ let
worldSizeMap = { small = 1; medium = 2; large = 3; }; worldSizeMap = { small = 1; medium = 2; large = 3; };
valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\""; valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\"";
boolFlag = name: val: optionalString val "-${name}"; boolFlag = name: val: optionalString val "-${name}";
flags = [ flags = [
(valFlag "port" cfg.port) (valFlag "port" cfg.port)
(valFlag "maxPlayers" cfg.maxPlayers) (valFlag "maxPlayers" cfg.maxPlayers)
(valFlag "password" cfg.password) (valFlag "password" cfg.password)

2
nixos/modules/services/hardware/thinkfan.nix
View file

@ -67,7 +67,7 @@ in {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Whether to build thinkfan with SMART support to read temperatures Whether to build thinkfan with SMART support to read temperatures
directly from hard disks. directly from hard disks.
''; '';
}; };

4
nixos/modules/services/hardware/trezord.nix
View file

@ -10,7 +10,7 @@ in {
meta = { meta = {
doc = ./trezord.xml; doc = ./trezord.xml;
}; };
### interface ### interface
options = { options = {
@ -40,7 +40,7 @@ in {
}; };
}; };
}; };
### implementation ### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {

46
nixos/modules/services/misc/gitlab.nix
View file

@ -618,26 +618,38 @@ in {
enable = true; enable = true;
ensureUsers = singleton { name = cfg.databaseUsername; }; ensureUsers = singleton { name = cfg.databaseUsername; };
}; };
# The postgresql module doesn't currently support concepts like # The postgresql module doesn't currently support concepts like
# objects owners and extensions; for now we tack on what's needed # objects owners and extensions; for now we tack on what's needed
# here. # here.
systemd.services.postgresql.postStart = mkAfter (optionalString databaseActuallyCreateLocally '' systemd.services.gitlab-postgresql = let pgsql = config.services.postgresql; in mkIf databaseActuallyCreateLocally {
set -eu after = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pgsql.package ];
script = ''
set -eu
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"' PSQL="${pkgs.utillinux}/bin/runuser -u ${pgsql.superUser} -- psql --port=${toString pgsql.port}"
current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
$PSQL -tAc 'ALTER DATABASE "${cfg.databaseName}" OWNER TO "${cfg.databaseUsername}"' current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
if [[ -e "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}" ]]; then if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then
echo "Reassigning ownership of database ${cfg.databaseName} to user ${cfg.databaseUsername} failed on last boot. Failing..." $PSQL -tAc 'ALTER DATABASE "${cfg.databaseName}" OWNER TO "${cfg.databaseUsername}"'
exit 1 if [[ -e "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}" ]]; then
fi echo "Reassigning ownership of database ${cfg.databaseName} to user ${cfg.databaseUsername} failed on last boot. Failing..."
touch "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}" exit 1
$PSQL "${cfg.databaseName}" -tAc "REASSIGN OWNED BY \"$current_owner\" TO \"${cfg.databaseUsername}\"" fi
rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}" touch "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"
fi $PSQL "${cfg.databaseName}" -tAc "REASSIGN OWNED BY \"$current_owner\" TO \"${cfg.databaseUsername}\""
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm" rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"
''); fi
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm"
'';
serviceConfig = {
Type = "oneshot";
};
};
# Use postfix to send out mails. # Use postfix to send out mails.
services.postfix.enable = mkDefault true; services.postfix.enable = mkDefault true;
@ -767,7 +779,7 @@ in {
}; };
systemd.services.gitlab = { systemd.services.gitlab = {
after = [ "gitlab-workhorse.service" "gitaly.service" "network.target" "postgresql.service" "redis.service" ]; after = [ "gitlab-workhorse.service" "gitaly.service" "network.target" "gitlab-postgresql.service" "redis.service" ];
requires = [ "gitlab-sidekiq.service" ]; requires = [ "gitlab-sidekiq.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment = gitlabEnv; environment = gitlabEnv;

2
nixos/modules/services/misc/matrix-synapse.nix
View file

@ -675,7 +675,7 @@ in {
} }
]; ];
users.users.matrix-synapse = { users.users.matrix-synapse = {
group = "matrix-synapse"; group = "matrix-synapse";
home = cfg.dataDir; home = cfg.dataDir;
createHome = true; createHome = true;

8
nixos/modules/services/misc/siproxd.nix
View file

@ -38,7 +38,7 @@ in
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Whether to enable the Siproxd SIP Whether to enable the Siproxd SIP
proxy/masquerading daemon. proxy/masquerading daemon.
''; '';
}; };
@ -111,7 +111,7 @@ in
type = types.int; type = types.int;
default = 300; default = 300;
description = '' description = ''
Timeout for an RTP stream. If for the specified Timeout for an RTP stream. If for the specified
number of seconds no data is relayed on an active number of seconds no data is relayed on an active
stream, it is considered dead and will be killed. stream, it is considered dead and will be killed.
''; '';
@ -122,7 +122,7 @@ in
default = 46; default = 46;
description = '' description = ''
DSCP (differentiated services) value to be assigned DSCP (differentiated services) value to be assigned
to RTP packets. Allows QOS aware routers to handle to RTP packets. Allows QOS aware routers to handle
different types traffic with different priorities. different types traffic with different priorities.
''; '';
}; };
@ -132,7 +132,7 @@ in
default = 0; default = 0;
description = '' description = ''
DSCP (differentiated services) value to be assigned DSCP (differentiated services) value to be assigned
to SIP packets. Allows QOS aware routers to handle to SIP packets. Allows QOS aware routers to handle
different types traffic with different priorities. different types traffic with different priorities.
''; '';
}; };

4
nixos/modules/services/misc/tzupdate.nix
View file

@ -11,7 +11,7 @@ in {
default = false; default = false;
description = '' description = ''
Enable the tzupdate timezone updating service. This provides Enable the tzupdate timezone updating service. This provides
a one-shot service which can be activated with systemctl to a one-shot service which can be activated with systemctl to
update the timezone. update the timezone.
''; '';
}; };
@ -21,7 +21,7 @@ in {
# We need to have imperative time zone management for this to work. # We need to have imperative time zone management for this to work.
# This will give users an error if they have set an explicit time # This will give users an error if they have set an explicit time
# zone, which is better than silently overriding it. # zone, which is better than silently overriding it.
time.timeZone = null; time.timeZone = null;
# We provide a one-shot service which can be manually run. We could # We provide a one-shot service which can be manually run. We could
# provide a service that runs on startup, but it's tricky to get # provide a service that runs on startup, but it's tricky to get

2
nixos/modules/services/monitoring/cadvisor.nix
View file

@ -90,7 +90,7 @@ in {
default = []; default = [];
description = '' description = ''
Additional cadvisor options. Additional cadvisor options.
See <link xlink:href='https://github.com/google/cadvisor/blob/master/docs/runtime_options.md'/> for available options. See <link xlink:href='https://github.com/google/cadvisor/blob/master/docs/runtime_options.md'/> for available options.
''; '';
}; };

4
nixos/modules/services/monitoring/dd-agent/dd-agent.nix
View file

@ -97,11 +97,11 @@ let
"dd-agent/conf.d/nginx.yaml".source = nginxConfig; "dd-agent/conf.d/nginx.yaml".source = nginxConfig;
}) // }) //
(optionalAttrs (cfg.mongoConfig != null) (optionalAttrs (cfg.mongoConfig != null)
{ {
"dd-agent/conf.d/mongo.yaml".source = mongoConfig; "dd-agent/conf.d/mongo.yaml".source = mongoConfig;
}) // }) //
(optionalAttrs (cfg.processConfig != null) (optionalAttrs (cfg.processConfig != null)
{ {
"dd-agent/conf.d/process.yaml".source = processConfig; "dd-agent/conf.d/process.yaml".source = processConfig;
}) // }) //
(optionalAttrs (cfg.jmxConfig != null) (optionalAttrs (cfg.jmxConfig != null)

12
nixos/modules/services/monitoring/smartd.nix
View file

@ -18,7 +18,7 @@ let
${optionalString nm.enable '' ${optionalString nm.enable ''
{ {
${pkgs.coreutils}/bin/cat << EOF ${pkgs.coreutils}/bin/cat << EOF
From: smartd on ${host} <root> From: smartd on ${host} <${nm.sender}>
To: undisclosed-recipients:; To: undisclosed-recipients:;
Subject: SMART error on $SMARTD_DEVICESTRING: $SMARTD_FAILTYPE Subject: SMART error on $SMARTD_DEVICESTRING: $SMARTD_FAILTYPE
@ -129,6 +129,16 @@ in
description = "Whenever to send e-mail notifications."; description = "Whenever to send e-mail notifications.";
}; };
sender = mkOption {
default = "root";
example = "example@domain.tld";
type = types.str;
description = ''
Sender of the notification messages.
Acts as the value of <literal>email</literal> in the emails' <literal>From: ... </literal> field.
'';
};
recipient = mkOption { recipient = mkOption {
default = "root"; default = "root";
type = types.str; type = types.str;

2
nixos/modules/services/monitoring/teamviewer.nix
View file

@ -15,7 +15,7 @@ in
options = { options = {
services.teamviewer.enable = mkEnableOption "TeamViewer daemon"; services.teamviewer.enable = mkEnableOption "TeamViewer daemon";
}; };
###### implementation ###### implementation

4
nixos/modules/services/networking/bitcoind.nix
View file

@ -183,8 +183,8 @@ in
} }
]) eachBitcoind); ]) eachBitcoind);
environment.systemPackages = flatten (mapAttrsToList (bitcoindName: cfg: [ environment.systemPackages = flatten (mapAttrsToList (bitcoindName: cfg: [
cfg.package cfg.package
]) eachBitcoind); ]) eachBitcoind);
systemd.services = mapAttrs' (bitcoindName: cfg: ( systemd.services = mapAttrs' (bitcoindName: cfg: (

2
nixos/modules/services/networking/gateone.nix
View file

@ -56,4 +56,4 @@ config = mkIf cfg.enable {
}; };
}; };
} }

2
nixos/modules/services/networking/mstpd.nix
View file

@ -5,7 +5,7 @@ in
with lib; with lib;
{ {
options.services.mstpd = { options.services.mstpd = {
enable = mkOption { enable = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;

6
nixos/modules/services/networking/nghttpx/default.nix
View file

@ -60,7 +60,7 @@ let
# NB: nghttpx doesn't accept "tls", you must omit "no-tls" for # NB: nghttpx doesn't accept "tls", you must omit "no-tls" for
# the default behavior of turning on TLS. # the default behavior of turning on TLS.
params1 = lib.remove "tls" params0; params1 = lib.remove "tls" params0;
sections = [ host] ++ params1; sections = [ host] ++ params1;
formattedSections = lib.concatStringsSep ";" sections; formattedSections = lib.concatStringsSep ";" sections;
in in
@ -90,7 +90,7 @@ in
{ imports = [ { imports = [
./nghttpx-options.nix ./nghttpx-options.nix
]; ];
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.groups.nghttpx = { }; users.groups.nghttpx = { };
@ -98,7 +98,7 @@ in
group = config.users.groups.nghttpx.name; group = config.users.groups.nghttpx.name;
isSystemUser = true; isSystemUser = true;
}; };
systemd.services = { systemd.services = {
nghttpx = { nghttpx = {

2
nixos/modules/services/networking/onedrive.nix
View file

@ -23,7 +23,7 @@ in {
### Documentation ### Documentation
# meta.doc = ./onedrive.xml; # meta.doc = ./onedrive.xml;
### Interface ### Interface
options.services.onedrive = { options.services.onedrive = {
enable = lib.mkOption { enable = lib.mkOption {

2
nixos/modules/services/networking/prosody.nix
View file

@ -772,7 +772,7 @@ in
}; };
disco_items = { disco_items = {
${ lib.concatStringsSep "\n" (builtins.map (x: ''{ "${x.url}", "${x.description}"};'') discoItems)} ${ lib.concatStringsSep "\n" (builtins.map (x: ''{ "${x.url}", "${x.description}"};'') discoItems)}
}; };
allow_registration = ${toLua cfg.allowRegistration} allow_registration = ${toLua cfg.allowRegistration}

26
nixos/modules/services/networking/supplicant.nix
View file

@ -76,9 +76,9 @@ in
networking.supplicant = mkOption { networking.supplicant = mkOption {
type = with types; attrsOf (submodule { type = with types; attrsOf (submodule {
options = { options = {
configFile = { configFile = {
path = mkOption { path = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
@ -89,7 +89,7 @@ in
precedence over options defined in <literal>configFile</literal>. precedence over options defined in <literal>configFile</literal>.
''; '';
}; };
writable = mkOption { writable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -98,9 +98,9 @@ in
<literal>wpa_supplicant</literal>. <literal>wpa_supplicant</literal>.
''; '';
}; };
}; };
extraConf = mkOption { extraConf = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
@ -126,7 +126,7 @@ in
use the <literal>configFile</literal> instead. use the <literal>configFile</literal> instead.
''; '';
}; };
extraCmdArgs = mkOption { extraCmdArgs = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
@ -134,21 +134,21 @@ in
description = description =
"Command line arguments to add when executing <literal>wpa_supplicant</literal>."; "Command line arguments to add when executing <literal>wpa_supplicant</literal>.";
}; };
driver = mkOption { driver = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = "nl80211,wext"; default = "nl80211,wext";
description = "Force a specific wpa_supplicant driver."; description = "Force a specific wpa_supplicant driver.";
}; };
bridge = mkOption { bridge = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
description = "Name of the bridge interface that wpa_supplicant should listen at."; description = "Name of the bridge interface that wpa_supplicant should listen at.";
}; };
userControlled = { userControlled = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -159,20 +159,20 @@ in
access points. access points.
''; '';
}; };
socketDir = mkOption { socketDir = mkOption {
type = types.str; type = types.str;
default = "/run/wpa_supplicant"; default = "/run/wpa_supplicant";
description = "Directory of sockets for controlling wpa_supplicant."; description = "Directory of sockets for controlling wpa_supplicant.";
}; };
group = mkOption { group = mkOption {
type = types.str; type = types.str;
default = "wheel"; default = "wheel";
example = "network"; example = "network";
description = "Members of this group can control wpa_supplicant."; description = "Members of this group can control wpa_supplicant.";
}; };
}; };
}; };
}); });

2
nixos/modules/services/networking/trickster.nix
View file

@ -106,7 +106,7 @@ in
Restart = "always"; Restart = "always";
}; };
}; };
}; };
meta.maintainers = with maintainers; [ maintainers."1000101" ]; meta.maintainers = with maintainers; [ maintainers."1000101" ];

6
nixos/modules/services/networking/websockify.nix
View file

@ -5,12 +5,12 @@ with lib;
let cfg = config.services.networking.websockify; in { let cfg = config.services.networking.websockify; in {
options = { options = {
services.networking.websockify = { services.networking.websockify = {
enable = mkOption { enable = mkOption {
description = "Whether to enable websockify to forward websocket connections to TCP connections."; description = "Whether to enable websockify to forward websocket connections to TCP connections.";
default = false; default = false;
type = types.bool; type = types.bool;
}; };
sslCert = mkOption { sslCert = mkOption {

18
nixos/modules/services/security/haveged.nix
View file

@ -21,11 +21,11 @@ in
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Whether to enable to haveged entropy daemon, which refills Whether to enable to haveged entropy daemon, which refills
/dev/random when low. /dev/random when low.
''; '';
}; };
refill_threshold = mkOption { refill_threshold = mkOption {
type = types.int; type = types.int;
default = 1024; default = 1024;
@ -34,16 +34,16 @@ in
haveged should refill the entropy pool. haveged should refill the entropy pool.
''; '';
}; };
}; };
}; };
###### implementation ###### implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.haveged = systemd.services.haveged =
{ description = "Entropy Harvesting Daemon"; { description = "Entropy Harvesting Daemon";
unitConfig.Documentation = "man:haveged(8)"; unitConfig.Documentation = "man:haveged(8)";
@ -63,5 +63,5 @@ in
}; };
}; };
} }

435
nixos/modules/services/torrent/transmission.nix
View file

@ -1,52 +1,51 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, options, ... }:
with lib; with lib;
let let
cfg = config.services.transmission; cfg = config.services.transmission;
inherit (config.environment) etc;
apparmor = config.security.apparmor.enable; apparmor = config.security.apparmor.enable;
rootDir = "/run/transmission";
homeDir = cfg.home; homeDir = "/var/lib/transmission";
downloadDirPermissions = cfg.downloadDirPermissions; settingsDir = ".config/transmission-daemon";
downloadDir = "${homeDir}/Downloads"; downloadsDir = "Downloads";
incompleteDir = "${homeDir}/.incomplete"; incompleteDir = ".incomplete";
# TODO: switch to configGen.json once RFC0042 is implemented
settingsDir = "${homeDir}/config"; settingsFile = pkgs.writeText "settings.json" (builtins.toJSON cfg.settings);
settingsFile = pkgs.writeText "settings.json" (builtins.toJSON fullSettings);
# for users in group "transmission" to have access to torrents
fullSettings = { umask = 2; download-dir = downloadDir; incomplete-dir = incompleteDir; } // cfg.settings;
preStart = pkgs.writeScript "transmission-pre-start" ''
#!${pkgs.runtimeShell}
set -ex
cp -f ${settingsFile} ${settingsDir}/settings.json
'';
in in
{ {
options = { options = {
services.transmission = { services.transmission = {
enable = mkOption { enable = mkEnableOption ''the headless Transmission BitTorrent daemon.
type = types.bool;
default = false;
description = ''
Whether or not to enable the headless Transmission BitTorrent daemon.
Transmission daemon can be controlled via the RPC interface using Transmission daemon can be controlled via the RPC interface using
transmission-remote or the WebUI (http://localhost:9091/ by default). transmission-remote, the WebUI (http://127.0.0.1:9091/ by default),
or other clients like stig or tremc.
Torrents are downloaded to ${downloadDir} by default and are Torrents are downloaded to ${homeDir}/${downloadsDir} by default and are
accessible to users in the "transmission" group. accessible to users in the "transmission" group'';
'';
};
settings = mkOption { settings = mkOption rec {
# TODO: switch to types.config.json as prescribed by RFC0042 once it's implemented
type = types.attrs; type = types.attrs;
apply = recursiveUpdate default;
default = default =
{ {
download-dir = downloadDir; download-dir = "${cfg.home}/${downloadsDir}";
incomplete-dir = incompleteDir; incomplete-dir = "${cfg.home}/${incompleteDir}";
incomplete-dir-enabled = true; incomplete-dir-enabled = true;
message-level = 1;
peer-port = 51413;
peer-port-random-high = 65535;
peer-port-random-low = 49152;
peer-port-random-on-start = false;
rpc-bind-address = "127.0.0.1";
rpc-port = 9091;
script-torrent-done-enabled = false;
script-torrent-done-filename = "";
umask = 2; # 0o002 in decimal as expected by Transmission
utp-enabled = true;
}; };
example = example =
{ {
@ -56,11 +55,12 @@ in
rpc-whitelist = "127.0.0.1,192.168.*.*"; rpc-whitelist = "127.0.0.1,192.168.*.*";
}; };
description = '' description = ''
Attribute set whos fields overwrites fields in settings.json (each Attribute set whose fields overwrites fields in
time the service starts). String values must be quoted, integer and <literal>.config/transmission-daemon/settings.json</literal>
(each time the service starts). String values must be quoted, integer and
boolean values must not. boolean values must not.
See https://github.com/transmission/transmission/wiki/Editing-Configuration-Files See <link xlink:href="https://github.com/transmission/transmission/wiki/Editing-Configuration-Files">Transmission's Wiki</link>
for documentation. for documentation.
''; '';
}; };
@ -70,22 +70,32 @@ in
default = "770"; default = "770";
example = "775"; example = "775";
description = '' description = ''
The permissions to set for download-dir and incomplete-dir. The permissions set by <literal>systemd.activationScripts.transmission-daemon</literal>
They will be applied on every service start. on the directories <link linkend="opt-services.transmission.settings">settings.download-dir</link>
and <link linkend="opt-services.transmission.settings">settings.incomplete-dir</link>.
Note that you may also want to change
<link linkend="opt-services.transmission.settings">settings.umask</link>.
''; '';
}; };
port = mkOption { port = mkOption {
type = types.int; type = types.port;
default = 9091; description = ''
description = "TCP port number to run the RPC/web interface."; TCP port number to run the RPC/web interface.
If instead you want to change the peer port,
use <link linkend="opt-services.transmission.settings">settings.peer-port</link>
or <link linkend="opt-services.transmission.settings">settings.peer-port-random-on-start</link>.
'';
}; };
home = mkOption { home = mkOption {
type = types.path; type = types.path;
default = "/var/lib/transmission"; default = homeDir;
description = '' description = ''
The directory where transmission will create files. The directory where Transmission will create <literal>${settingsDir}</literal>.
as well as <literal>${downloadsDir}/</literal> unless <link linkend="opt-services.transmission.settings">settings.download-dir</link> is changed,
and <literal>${incompleteDir}/</literal> unless <link linkend="opt-services.transmission.settings">settings.incomplete-dir</link> is changed.
''; '';
}; };
@ -100,32 +110,174 @@ in
default = "transmission"; default = "transmission";
description = "Group account under which Transmission runs."; description = "Group account under which Transmission runs.";
}; };
credentialsFile = mkOption {
type = types.path;
description = ''
Path to a JSON file to be merged with the settings.
Useful to merge a file which is better kept out of the Nix store
because it contains sensible data like <link linkend="opt-services.transmission.settings">settings.rpc-password</link>.
'';
default = "/dev/null";
example = "/var/lib/secrets/transmission/settings.json";
};
openFirewall = mkEnableOption "opening of the peer port(s) in the firewall";
performanceNetParameters = mkEnableOption ''tweaking of kernel parameters
to open many more connections at the same time.
Note that you may also want to increase
<link linkend="opt-services.transmission.settings">settings.peer-limit-global</link>.
And be aware that these settings are quite aggressive
and might not suite your regular desktop use.
For instance, SSH sessions may time out more easily'';
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = [ # Note that using systemd.tmpfiles would not work here
"d '${homeDir}' 0770 '${cfg.user}' '${cfg.group}' - -" # because it would fail when creating a directory
"d '${settingsDir}' 0700 '${cfg.user}' '${cfg.group}' - -" # with a different owner than its parent directory, by saying:
"d '${fullSettings.download-dir}' '${downloadDirPermissions}' '${cfg.user}' '${cfg.group}' - -" # Detected unsafe path transition /home/foo → /home/foo/Downloads during canonicalization of /home/foo/Downloads
"d '${fullSettings.incomplete-dir}' '${downloadDirPermissions}' '${cfg.user}' '${cfg.group}' - -" # when /home/foo is not owned by cfg.user.
# Note also that using an ExecStartPre= wouldn't work either
# because BindPaths= needs these directories before.
system.activationScripts.transmission-daemon = ''
install -d -m 700 '${cfg.home}/${settingsDir}'
chown -R '${cfg.user}:${cfg.group}' ${cfg.home}/${settingsDir}
install -d -m '${cfg.downloadDirPermissions}' -o '${cfg.user}' -g '${cfg.group}' '${cfg.settings.download-dir}'
'' + optionalString cfg.settings.incomplete-dir-enabled ''
install -d -m '${cfg.downloadDirPermissions}' -o '${cfg.user}' -g '${cfg.group}' '${cfg.settings.incomplete-dir}'
'';
assertions = [
{ assertion = builtins.match "^/.*" cfg.home != null;
message = "`services.transmission.home' must be an absolute path.";
}
{ assertion = types.path.check cfg.settings.download-dir;
message = "`services.transmission.settings.download-dir' must be an absolute path.";
}
{ assertion = types.path.check cfg.settings.incomplete-dir;
message = "`services.transmission.settings.incomplete-dir' must be an absolute path.";
}
{ assertion = cfg.settings.script-torrent-done-filename == "" || types.path.check cfg.settings.script-torrent-done-filename;
message = "`services.transmission.settings.script-torrent-done-filename' must be an absolute path.";
}
{ assertion = types.port.check cfg.settings.rpc-port;
message = "${toString cfg.settings.rpc-port} is not a valid port number for `services.transmission.settings.rpc-port`.";
}
# In case both port and settings.rpc-port are explicitely defined: they must be the same.
{ assertion = !options.services.transmission.port.isDefined || cfg.port == cfg.settings.rpc-port;
message = "`services.transmission.port' is not equal to `services.transmission.settings.rpc-port'";
}
]; ];
services.transmission.settings =
optionalAttrs options.services.transmission.port.isDefined { rpc-port = cfg.port; };
systemd.services.transmission = { systemd.services.transmission = {
description = "Transmission BitTorrent Service"; description = "Transmission BitTorrent Service";
after = [ "network.target" ] ++ optional apparmor "apparmor.service"; after = [ "network.target" ] ++ optional apparmor "apparmor.service";
requires = mkIf apparmor [ "apparmor.service" ]; requires = optional apparmor "apparmor.service";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment.CURL_CA_BUNDLE = etc."ssl/certs/ca-certificates.crt".source;
# 1) Only the "transmission" user and group have access to torrents. serviceConfig = {
# 2) Optionally update/force specific fields into the configuration file. # Use "+" because credentialsFile may not be accessible to User= or Group=.
serviceConfig.ExecStartPre = preStart; ExecStartPre = [("+" + pkgs.writeShellScript "transmission-prestart" ''
serviceConfig.ExecStart = "${pkgs.transmission}/bin/transmission-daemon -f --port ${toString config.services.transmission.port} --config-dir ${settingsDir}"; set -eu${lib.optionalString (cfg.settings.message-level >= 3) "x"}
serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ${pkgs.jq}/bin/jq --slurp add ${settingsFile} '${cfg.credentialsFile}' |
serviceConfig.User = cfg.user; install -D -m 600 -o '${cfg.user}' -g '${cfg.group}' /dev/stdin \
serviceConfig.Group = cfg.group; '${cfg.home}/${settingsDir}/settings.json'
# NOTE: transmission has an internal umask that also must be set (in settings.json) '')];
serviceConfig.UMask = "0002"; ExecStart="${pkgs.transmission}/bin/transmission-daemon -f";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = cfg.user;
Group = cfg.group;
# Create rootDir in the host's mount namespace.
RuntimeDirectory = [(baseNameOf rootDir)];
RuntimeDirectoryMode = "755";
# Avoid mounting rootDir in the own rootDir of ExecStart='s mount namespace.
InaccessiblePaths = ["-+${rootDir}"];
# This is for BindPaths= and BindReadOnlyPaths=
# to allow traversal of directories they create in RootDirectory=.
UMask = "0066";
# Using RootDirectory= makes it possible
# to use the same paths download-dir/incomplete-dir
# (which appear in user's interfaces) without requiring cfg.user
# to have access to their parent directories,
# by using BindPaths=/BindReadOnlyPaths=.
# Note that TemporaryFileSystem= could have been used instead
# but not without adding some BindPaths=/BindReadOnlyPaths=
# that would only be needed for ExecStartPre=,
# because RootDirectoryStartOnly=true would not help.
RootDirectory = rootDir;
RootDirectoryStartOnly = true;
MountAPIVFS = true;
BindPaths =
[ "${cfg.home}/${settingsDir}"
cfg.settings.download-dir
] ++
optional cfg.settings.incomplete-dir-enabled
cfg.settings.incomplete-dir;
BindReadOnlyPaths = [
# No confinement done of /nix/store here like in systemd-confinement.nix,
# an AppArmor profile is provided to get a confinement based upon paths and rights.
builtins.storeDir
"-/etc/hosts"
"-/etc/ld-nix.so.preload"
"-/etc/localtime"
] ++
optional (cfg.settings.script-torrent-done-enabled &&
cfg.settings.script-torrent-done-filename != "")
cfg.settings.script-torrent-done-filename;
# The following options are only for optimizing:
# systemd-analyze security transmission
AmbientCapabilities = "";
CapabilityBoundingSet = "";
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateNetwork = mkDefault false;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
# ProtectHome=true would not allow BindPaths= to work accross /home,
# and ProtectHome=tmpfs would break statfs(),
# preventing transmission-daemon to report the available free space.
# However, RootDirectory= is used, so this is not a security concern
# since there would be nothing in /home but any BindPaths= wanted by the user.
ProtectHome = "read-only";
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RemoveIPC = true;
# AF_UNIX may become usable one day:
# https://github.com/transmission/transmission/issues/441
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallFilter = [
"@system-service"
# Groups in @system-service which do not contain a syscall
# listed by perf stat -e 'syscalls:sys_enter_*' transmission-daemon -f
# in tests, and seem likely not necessary for transmission-daemon.
"~@aio" "~@chown" "~@keyring" "~@memlock" "~@resources" "~@setuid" "~@timer"
# In the @privileged group, but reached when querying infos through RPC (eg. with stig).
"quotactl"
];
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
};
}; };
# It's useful to have transmission in path, e.g. for remote control # It's useful to have transmission in path, e.g. for remote control
@ -133,70 +285,153 @@ in
users.users = optionalAttrs (cfg.user == "transmission") ({ users.users = optionalAttrs (cfg.user == "transmission") ({
transmission = { transmission = {
name = "transmission";
group = cfg.group; group = cfg.group;
uid = config.ids.uids.transmission; uid = config.ids.uids.transmission;
description = "Transmission BitTorrent user"; description = "Transmission BitTorrent user";
home = homeDir; home = cfg.home;
createHome = true;
}; };
}); });
users.groups = optionalAttrs (cfg.group == "transmission") ({ users.groups = optionalAttrs (cfg.group == "transmission") ({
transmission = { transmission = {
name = "transmission";
gid = config.ids.gids.transmission; gid = config.ids.gids.transmission;
}; };
}); });
# AppArmor profile networking.firewall = mkIf cfg.openFirewall (
if cfg.settings.peer-port-random-on-start
then
{ allowedTCPPortRanges =
[ { from = cfg.settings.peer-port-random-low;
to = cfg.settings.peer-port-random-high;
}
];
allowedUDPPortRanges =
[ { from = cfg.settings.peer-port-random-low;
to = cfg.settings.peer-port-random-high;
}
];
}
else
{ allowedTCPPorts = [ cfg.settings.peer-port ];
allowedUDPPorts = [ cfg.settings.peer-port ];
}
);
boot.kernel.sysctl = mkMerge [
# Transmission uses a single UDP socket in order to implement multiple uTP sockets,
# and thus expects large kernel buffers for the UDP socket,
# https://trac.transmissionbt.com/browser/trunk/libtransmission/tr-udp.c?rev=11956.
# at least up to the values hardcoded here:
(mkIf cfg.settings.utp-enabled {
"net.core.rmem_max" = mkDefault "4194304"; # 4MB
"net.core.wmem_max" = mkDefault "1048576"; # 1MB
})
(mkIf cfg.performanceNetParameters {
# Increase the number of available source (local) TCP and UDP ports to 49151.
# Usual default is 32768 60999, ie. 28231 ports.
# Find out your current usage with: ss -s
"net.ipv4.ip_local_port_range" = "16384 65535";
# Timeout faster generic TCP states.
# Usual default is 600.
# Find out your current usage with: watch -n 1 netstat -nptuo
"net.netfilter.nf_conntrack_generic_timeout" = 60;
# Timeout faster established but inactive connections.
# Usual default is 432000.
"net.netfilter.nf_conntrack_tcp_timeout_established" = 600;
# Clear immediately TCP states after timeout.
# Usual default is 120.
"net.netfilter.nf_conntrack_tcp_timeout_time_wait" = 1;
# Increase the number of trackable connections.
# Usual default is 262144.
# Find out your current usage with: conntrack -C
"net.netfilter.nf_conntrack_max" = 1048576;
})
];
security.apparmor.profiles = mkIf apparmor [ security.apparmor.profiles = mkIf apparmor [
(pkgs.writeText "apparmor-transmission-daemon" '' (pkgs.writeText "apparmor-transmission-daemon" ''
#include <tunables/global> include <tunables/global>
${pkgs.transmission}/bin/transmission-daemon { ${pkgs.transmission}/bin/transmission-daemon {
#include <abstractions/base> include <abstractions/base>
#include <abstractions/nameservice> include <abstractions/nameservice>
${getLib pkgs.glibc}/lib/*.so mr, # NOTE: https://github.com/NixOS/nixpkgs/pull/93457
${getLib pkgs.libevent}/lib/libevent*.so* mr, # will remove the need for these by fixing <abstractions/base>
${getLib pkgs.curl}/lib/libcurl*.so* mr, r ${etc."hosts".source},
${getLib pkgs.openssl}/lib/libssl*.so* mr, r /etc/ld-nix.so.preload,
${getLib pkgs.openssl}/lib/libcrypto*.so* mr, ${lib.optionalString (builtins.hasAttr "ld-nix.so.preload" etc) ''
${getLib pkgs.zlib}/lib/libz*.so* mr, r ${etc."ld-nix.so.preload".source},
${getLib pkgs.libssh2}/lib/libssh2*.so* mr, ${concatMapStrings (p: optionalString (p != "") ("mr ${p},\n"))
${getLib pkgs.systemd}/lib/libsystemd*.so* mr, (splitString "\n" config.environment.etc."ld-nix.so.preload".text)}
${getLib pkgs.xz}/lib/liblzma*.so* mr,
${getLib pkgs.libgcrypt}/lib/libgcrypt*.so* mr,
${getLib pkgs.libgpgerror}/lib/libgpg-error*.so* mr,
${getLib pkgs.nghttp2}/lib/libnghttp2*.so* mr,
${getLib pkgs.c-ares}/lib/libcares*.so* mr,
${getLib pkgs.libcap}/lib/libcap*.so* mr,
${getLib pkgs.attr}/lib/libattr*.so* mr,
${getLib pkgs.lz4}/lib/liblz4*.so* mr,
${getLib pkgs.libkrb5}/lib/lib*.so* mr,
${getLib pkgs.keyutils}/lib/libkeyutils*.so* mr,
${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so.* mr,
${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so.* mr,
${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so.* mr,
${getLib pkgs.gcc.cc.lib}/lib/libstdc++.so.* mr,
${getLib pkgs.gcc.cc.lib}/lib/libgcc_s.so.* mr,
@{PROC}/sys/kernel/random/uuid r,
@{PROC}/sys/vm/overcommit_memory r,
${pkgs.openssl.out}/etc/** r,
${pkgs.transmission}/share/transmission/** r,
owner ${settingsDir}/** rw,
${fullSettings.download-dir}/** rw,
${optionalString fullSettings.incomplete-dir-enabled ''
${fullSettings.incomplete-dir}/** rw,
''} ''}
r ${etc."ssl/certs/ca-certificates.crt".source},
r ${pkgs.tzdata}/share/zoneinfo/**,
r ${pkgs.stdenv.cc.libc}/share/i18n/**,
r ${pkgs.stdenv.cc.libc}/share/locale/**,
mr ${getLib pkgs.stdenv.cc.cc}/lib/*.so*,
mr ${getLib pkgs.stdenv.cc.libc}/lib/*.so*,
mr ${getLib pkgs.attr}/lib/libattr*.so*,
mr ${getLib pkgs.c-ares}/lib/libcares*.so*,
mr ${getLib pkgs.curl}/lib/libcurl*.so*,
mr ${getLib pkgs.keyutils}/lib/libkeyutils*.so*,
mr ${getLib pkgs.libcap}/lib/libcap*.so*,
mr ${getLib pkgs.libevent}/lib/libevent*.so*,
mr ${getLib pkgs.libgcrypt}/lib/libgcrypt*.so*,
mr ${getLib pkgs.libgpgerror}/lib/libgpg-error*.so*,
mr ${getLib pkgs.libkrb5}/lib/lib*.so*,
mr ${getLib pkgs.libssh2}/lib/libssh2*.so*,
mr ${getLib pkgs.lz4}/lib/liblz4*.so*,
mr ${getLib pkgs.nghttp2}/lib/libnghttp2*.so*,
mr ${getLib pkgs.openssl}/lib/libcrypto*.so*,
mr ${getLib pkgs.openssl}/lib/libssl*.so*,
mr ${getLib pkgs.systemd}/lib/libsystemd*.so*,
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libblkid.so*,
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libmount.so*,
mr ${getLib pkgs.utillinuxMinimal.out}/lib/libuuid.so*,
mr ${getLib pkgs.xz}/lib/liblzma*.so*,
mr ${getLib pkgs.zlib}/lib/libz*.so*,
r @{PROC}/sys/kernel/random/uuid,
r @{PROC}/sys/vm/overcommit_memory,
# @{pid} is not a kernel variable yet but a regexp
#r @{PROC}/@{pid}/environ,
r @{PROC}/@{pid}/mounts,
rwk /tmp/tr_session_id_*,
r ${pkgs.openssl.out}/etc/**,
r ${config.systemd.services.transmission.environment.CURL_CA_BUNDLE},
r ${pkgs.transmission}/share/transmission/**,
owner rw ${cfg.home}/${settingsDir}/**,
rw ${cfg.settings.download-dir}/**,
${optionalString cfg.settings.incomplete-dir-enabled ''
rw ${cfg.settings.incomplete-dir}/**,
''}
profile dirs {
rw ${cfg.settings.download-dir}/**,
${optionalString cfg.settings.incomplete-dir-enabled ''
rw ${cfg.settings.incomplete-dir}/**,
''}
}
${optionalString (cfg.settings.script-torrent-done-enabled &&
cfg.settings.script-torrent-done-filename != "") ''
# Stack transmission_directories profile on top of
# any existing profile for script-torrent-done-filename
# FIXME: to be tested as I'm not sure it works well with NoNewPrivileges=
# https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorStacking#seccomp-and-no_new_privs
px ${cfg.settings.script-torrent-done-filename} -> &@{dirs},
''}
# FIXME: enable customizing using https://github.com/NixOS/nixpkgs/pull/93457
# include <local/transmission-daemon>
} }
'') '')
]; ];
}; };
meta.maintainers = with lib.maintainers; [ julm ];
} }

2
nixos/modules/services/web-apps/dokuwiki.nix
View file

@ -95,7 +95,7 @@ let
aclFile = mkOption { aclFile = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
default = if (config.aclUse && config.acl == null) then "/var/lib/dokuwiki/${name}/users.auth.php" else null; default = if (config.aclUse && config.acl == null) then "/var/lib/dokuwiki/${name}/acl.auth.php" else null;
description = '' description = ''
Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl
Mutually exclusive with services.dokuwiki.acl which is preferred. Mutually exclusive with services.dokuwiki.acl which is preferred.

222
nixos/modules/services/web-apps/nextcloud.nix
View file

@ -45,6 +45,12 @@ let
inherit (config.system) stateVersion; inherit (config.system) stateVersion;
in { in {
imports = [
( mkRemovedOptionModule [ "services" "nextcloud" "nginx" "enable" ]
"The nextcloud module dropped support for other webservers than nginx.")
];
options.services.nextcloud = { options.services.nextcloud = {
enable = mkEnableOption "nextcloud"; enable = mkEnableOption "nextcloud";
hostName = mkOption { hostName = mkOption {
@ -91,16 +97,6 @@ in {
''; '';
}; };
nginx.enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable nginx virtual host management.
Further nginx configuration can be done by adapting <literal>services.nginx.virtualHosts.&lt;name&gt;</literal>.
See <xref linkend="opt-services.nginx.virtualHosts"/> for further information.
'';
};
webfinger = mkOption { webfinger = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -468,10 +464,18 @@ in {
script = '' script = ''
chmod og+x ${cfg.home} chmod og+x ${cfg.home}
ln -sf ${cfg.package}/apps ${cfg.home}/ ln -sf ${cfg.package}/apps ${cfg.home}/
mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps
ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php
chown -R nextcloud:nginx ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps # create nextcloud directories.
# if the directories exist already with wrong permissions, we fix that
for dir in ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps; do
if [ ! -e $dir ]; then
install -o nextcloud -g nextcloud -d $dir
elif [ $(stat -c "%G" $dir) != "nextcloud" ]; then
chgrp -R nextcloud $dir
fi
done
ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php
# Do not install if already installed # Do not install if already installed
if [[ ! -e ${cfg.home}/config/config.php ]]; then if [[ ! -e ${cfg.home}/config/config.php ]]; then
@ -484,6 +488,7 @@ in {
${occSetTrustedDomainsCmd} ${occSetTrustedDomainsCmd}
''; '';
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.User = "nextcloud";
}; };
nextcloud-cron = { nextcloud-cron = {
environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config"; environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
@ -502,7 +507,7 @@ in {
services.phpfpm = { services.phpfpm = {
pools.nextcloud = { pools.nextcloud = {
user = "nextcloud"; user = "nextcloud";
group = "nginx"; group = "nextcloud";
phpOptions = phpOptionsStr; phpOptions = phpOptionsStr;
phpPackage = phpPackage; phpPackage = phpPackage;
phpEnv = { phpEnv = {
@ -510,99 +515,82 @@ in {
PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin"; PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";
}; };
settings = mapAttrs (name: mkDefault) { settings = mapAttrs (name: mkDefault) {
"listen.owner" = "nginx"; "listen.owner" = config.services.nginx.user;
"listen.group" = "nginx"; "listen.group" = config.services.nginx.group;
} // cfg.poolSettings; } // cfg.poolSettings;
extraConfig = cfg.poolConfig; extraConfig = cfg.poolConfig;
}; };
}; };
users.extraUsers.nextcloud = { users.users.nextcloud = {
home = "${cfg.home}"; home = "${cfg.home}";
group = "nginx"; group = "nextcloud";
createHome = true; createHome = true;
}; };
users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ];
environment.systemPackages = [ occ ]; environment.systemPackages = [ occ ];
}
(mkIf cfg.nginx.enable { services.nginx = mkDefault {
services.nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts.${cfg.hostName} = {
${cfg.hostName} = { root = cfg.package;
root = cfg.package; locations = {
locations = { "= /robots.txt" = {
"= /robots.txt" = { priority = 100;
priority = 100; extraConfig = ''
extraConfig = '' allow all;
allow all; log_not_found off;
log_not_found off;
access_log off;
'';
};
"/" = {
priority = 200;
extraConfig = "rewrite ^ /index.php;";
};
"~ ^/store-apps" = {
priority = 201;
extraConfig = "root ${cfg.home};";
};
"= /.well-known/carddav" = {
priority = 210;
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
};
"= /.well-known/caldav" = {
priority = 210;
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
};
"~ ^\\/(?:build|tests|config|lib|3rdparty|templates|data)\\/" = {
priority = 300;
extraConfig = "deny all;";
};
"~ ^\\/(?:\\.|autotest|occ|issue|indie|db_|console)" = {
priority = 300;
extraConfig = "deny all;";
};
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = {
priority = 500;
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(\\/.*)$;
try_files $fastcgi_script_name =404;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS ${if cfg.https then "on" else "off"};
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:${fpm.socket};
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 120s;
'';
};
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
try_files $uri/ =404;
index index.php;
'';
"~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = ''
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options sameorigin;
add_header Referrer-Policy no-referrer;
access_log off;
'';
"~ \\.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$".extraConfig = ''
try_files $uri /index.php$request_uri;
access_log off; access_log off;
''; '';
}; };
extraConfig = '' "/" = {
priority = 200;
extraConfig = "rewrite ^ /index.php;";
};
"~ ^/store-apps" = {
priority = 201;
extraConfig = "root ${cfg.home};";
};
"= /.well-known/carddav" = {
priority = 210;
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
};
"= /.well-known/caldav" = {
priority = 210;
extraConfig = "return 301 $scheme://$host/remote.php/dav;";
};
"~ ^\\/(?:build|tests|config|lib|3rdparty|templates|data)\\/" = {
priority = 300;
extraConfig = "deny all;";
};
"~ ^\\/(?:\\.|autotest|occ|issue|indie|db_|console)" = {
priority = 300;
extraConfig = "deny all;";
};
"~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = {
priority = 500;
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(\\/.*)$;
try_files $fastcgi_script_name =404;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS ${if cfg.https then "on" else "off"};
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:${fpm.socket};
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 120s;
'';
};
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
try_files $uri/ =404;
index index.php;
'';
"~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = ''
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
@ -610,28 +598,42 @@ in {
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options sameorigin; add_header X-Frame-Options sameorigin;
add_header Referrer-Policy no-referrer; add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; access_log off;
error_page 403 /core/templates/403.php; '';
error_page 404 /core/templates/404.php; "~ \\.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$".extraConfig = ''
client_max_body_size ${cfg.maxUploadSize}; try_files $uri /index.php$request_uri;
fastcgi_buffers 64 4K; access_log off;
fastcgi_hide_header X-Powered-By;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
${optionalString cfg.webfinger ''
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
''}
''; '';
}; };
extraConfig = ''
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options sameorigin;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
client_max_body_size ${cfg.maxUploadSize};
fastcgi_buffers 64 4K;
fastcgi_hide_header X-Powered-By;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
${optionalString cfg.webfinger ''
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
''}
'';
}; };
}; };
}) }
]); ]);
meta.doc = ./nextcloud.xml; meta.doc = ./nextcloud.xml;

6
nixos/modules/services/web-apps/nextcloud.xml
View file

@ -29,7 +29,6 @@
services.nextcloud = { services.nextcloud = {
<link linkend="opt-services.nextcloud.enable">enable</link> = true; <link linkend="opt-services.nextcloud.enable">enable</link> = true;
<link linkend="opt-services.nextcloud.hostName">hostName</link> = "nextcloud.tld"; <link linkend="opt-services.nextcloud.hostName">hostName</link> = "nextcloud.tld";
<link linkend="opt-services.nextcloud.nginx.enable">nginx.enable</link> = true;
config = { config = {
<link linkend="opt-services.nextcloud.config.dbtype">dbtype</link> = "pgsql"; <link linkend="opt-services.nextcloud.config.dbtype">dbtype</link> = "pgsql";
<link linkend="opt-services.nextcloud.config.dbuser">dbuser</link> = "nextcloud"; <link linkend="opt-services.nextcloud.config.dbuser">dbuser</link> = "nextcloud";
@ -61,9 +60,8 @@
</para> </para>
<para> <para>
The options <literal>hostName</literal> and <literal>nginx.enable</literal> The <literal>hostName</literal> option is used internally to configure an HTTP
are used internally to configure an HTTP server using server using <literal><link xlink:href="https://php-fpm.org/">PHP-FPM</link></literal>
<literal><link xlink:href="https://php-fpm.org/">PHP-FPM</link></literal>
and <literal>nginx</literal>. The <literal>config</literal> attribute set is and <literal>nginx</literal>. The <literal>config</literal> attribute set is
used by the imperative installer and all values are written to an additional file used by the imperative installer and all values are written to an additional file
to ensure that changes can be applied by changing the module's options. to ensure that changes can be applied by changing the module's options.

2
nixos/modules/services/web-apps/pgpkeyserver-lite.nix
View file

@ -33,7 +33,7 @@ in
description = " description = "
Which hostname to set the vHost to that is proxying to sks. Which hostname to set the vHost to that is proxying to sks.
"; ";
}; };
hkpAddress = mkOption { hkpAddress = mkOption {
default = builtins.head sksCfg.hkpAddress; default = builtins.head sksCfg.hkpAddress;

2
nixos/modules/services/web-apps/trilium.nix
View file

@ -83,7 +83,7 @@ in
}; };
}; };
config = lib.mkIf cfg.enable (lib.mkMerge [ config = lib.mkIf cfg.enable (lib.mkMerge [
{ {
meta.maintainers = with lib.maintainers; [ kampka ]; meta.maintainers = with lib.maintainers; [ kampka ];

2
nixos/modules/services/web-servers/shellinabox.nix
View file

@ -51,7 +51,7 @@ in
Whether or not to enable SSL (https) support. Whether or not to enable SSL (https) support.
''; '';
}; };
certDirectory = mkOption { certDirectory = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;

2
nixos/modules/services/x11/display-managers/default.nix
View file

@ -353,7 +353,7 @@ in
}; };
}; };
}; };
default = {}; default = {};
description = '' description = ''
Auto login configuration attrset. Auto login configuration attrset.

2
nixos/modules/services/x11/window-managers/qtile.nix
View file

@ -19,7 +19,7 @@ in
waitPID=$! waitPID=$!
''; '';
}]; }];
environment.systemPackages = [ pkgs.qtile ]; environment.systemPackages = [ pkgs.qtile ];
}; };
} }

18
nixos/modules/system/boot/initrd-openvpn.nix
View file

@ -5,7 +5,7 @@ with lib;
let let
cfg = config.boot.initrd.network.openvpn; cfg = config.boot.initrd.network.openvpn;
in in
{ {
@ -16,17 +16,17 @@ in
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Starts an OpenVPN client during initrd boot. It can be used to e.g. Starts an OpenVPN client during initrd boot. It can be used to e.g.
remotely accessing the SSH service controlled by remotely accessing the SSH service controlled by
<option>boot.initrd.network.ssh</option> or other network services <option>boot.initrd.network.ssh</option> or other network services
included. Service is killed when stage-1 boot is finished. included. Service is killed when stage-1 boot is finished.
''; '';
}; };
boot.initrd.network.openvpn.configuration = mkOption { boot.initrd.network.openvpn.configuration = mkOption {
type = types.path; # Same type as boot.initrd.secrets type = types.path; # Same type as boot.initrd.secrets
description = '' description = ''
The configuration file for OpenVPN. The configuration file for OpenVPN.
<warning> <warning>
<para> <para>
@ -47,7 +47,7 @@ in
message = "You should specify a configuration for initrd OpenVPN"; message = "You should specify a configuration for initrd OpenVPN";
} }
]; ];
# Add kernel modules needed for OpenVPN # Add kernel modules needed for OpenVPN
boot.initrd.kernelModules = [ "tun" "tap" ]; boot.initrd.kernelModules = [ "tun" "tap" ];
@ -60,11 +60,11 @@ in
cp -pv ${pkgs.glibc}/lib/libresolv.so.2 $out/lib cp -pv ${pkgs.glibc}/lib/libresolv.so.2 $out/lib
cp -pv ${pkgs.glibc}/lib/libnss_dns.so.2 $out/lib cp -pv ${pkgs.glibc}/lib/libnss_dns.so.2 $out/lib
''; '';
boot.initrd.secrets = { boot.initrd.secrets = {
"/etc/initrd.ovpn" = cfg.configuration; "/etc/initrd.ovpn" = cfg.configuration;
}; };
# openvpn --version would exit with 1 instead of 0 # openvpn --version would exit with 1 instead of 0
boot.initrd.extraUtilsCommandsTest = '' boot.initrd.extraUtilsCommandsTest = ''
$out/bin/openvpn --show-gateway $out/bin/openvpn --show-gateway

4
nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
View file

@ -64,10 +64,10 @@ in {
example = 120; example = 120;
type = types.nullOr types.int; type = types.nullOr types.int;
description = '' description = ''
Maximum number of latest generations in the boot menu. Maximum number of latest generations in the boot menu.
Useful to prevent boot partition running out of disk space. Useful to prevent boot partition running out of disk space.
<literal>null</literal> means no limit i.e. all generations <literal>null</literal> means no limit i.e. all generations
that were not garbage collected yet. that were not garbage collected yet.
''; '';
}; };

1542
nixos/modules/system/boot/networkd.nix
View file

File diff suppressed because it is too large Load diff

6
nixos/modules/system/boot/systemd-nspawn.nix
View file

@ -113,9 +113,9 @@ in {
config = config =
let let
units = mapAttrs' (n: v: let nspawnFile = "${n}.nspawn"; in nameValuePair nspawnFile (instanceToUnit nspawnFile v)) cfg; units = mapAttrs' (n: v: let nspawnFile = "${n}.nspawn"; in nameValuePair nspawnFile (instanceToUnit nspawnFile v)) cfg;
in in
mkMerge [ mkMerge [
(mkIf (cfg != {}) { (mkIf (cfg != {}) {
environment.etc."systemd/nspawn".source = mkIf (cfg != {}) (generateUnits' false "nspawn" units [] []); environment.etc."systemd/nspawn".source = mkIf (cfg != {}) (generateUnits' false "nspawn" units [] []);
}) })
{ {
@ -123,7 +123,7 @@ in {
# Workaround for https://github.com/NixOS/nixpkgs/pull/67232#issuecomment-531315437 and https://github.com/systemd/systemd/issues/13622 # Workaround for https://github.com/NixOS/nixpkgs/pull/67232#issuecomment-531315437 and https://github.com/systemd/systemd/issues/13622
# Once systemd fixes this upstream, we can re-enable -U # Once systemd fixes this upstream, we can re-enable -U
systemd.services."systemd-nspawn@".serviceConfig.ExecStart = [ systemd.services."systemd-nspawn@".serviceConfig.ExecStart = [
"" # deliberately empty. signals systemd to override the ExecStart "" # deliberately empty. signals systemd to override the ExecStart
# Only difference between upstream is that we do not pass the -U flag # Only difference between upstream is that we do not pass the -U flag
"${config.systemd.package}/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth --settings=override --machine=%i" "${config.systemd.package}/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth --settings=override --machine=%i"

4
nixos/modules/system/boot/systemd.nix
View file

@ -73,7 +73,7 @@ let
"systemd-journald.service" "systemd-journald.service"
"systemd-journal-flush.service" "systemd-journal-flush.service"
"systemd-journal-catalog-update.service" "systemd-journal-catalog-update.service"
"systemd-journald-audit.socket" ] ++ (optional (!config.boot.isContainer) "systemd-journald-audit.socket") ++ [
"systemd-journald-dev-log.socket" "systemd-journald-dev-log.socket"
"syslog.socket" "syslog.socket"
@ -101,7 +101,7 @@ let
"dev-hugepages.mount" "dev-hugepages.mount"
"dev-mqueue.mount" "dev-mqueue.mount"
"sys-fs-fuse-connections.mount" "sys-fs-fuse-connections.mount"
"sys-kernel-config.mount" ] ++ (optional (!config.boot.isContainer) "sys-kernel-config.mount") ++ [
"sys-kernel-debug.mount" "sys-kernel-debug.mount"
# Maintaining state across reboots. # Maintaining state across reboots.

98
nixos/modules/tasks/auto-upgrade.nix
View file

@ -2,9 +2,9 @@
with lib; with lib;
let cfg = config.system.autoUpgrade; in let cfg = config.system.autoUpgrade;
{ in {
options = { options = {
@ -21,6 +21,16 @@ let cfg = config.system.autoUpgrade; in
''; '';
}; };
flake = mkOption {
type = types.nullOr types.str;
default = null;
example = "github:kloenk/nix";
description = ''
The Flake URI of the NixOS configuration to build.
Disables the option <option>system.autoUpgrade.channel</option>.
'';
};
channel = mkOption { channel = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
@ -35,10 +45,20 @@ let cfg = config.system.autoUpgrade; in
flags = mkOption { flags = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [ ];
example = [ "-I" "stuff=/home/alice/nixos-stuff" "--option" "extra-binary-caches" "http://my-cache.example.org/" ]; example = [
"-I"
"stuff=/home/alice/nixos-stuff"
"--option"
"extra-binary-caches"
"http://my-cache.example.org/"
];
description = '' description = ''
Any additional flags passed to <command>nixos-rebuild</command>. Any additional flags passed to <command>nixos-rebuild</command>.
If you are using flakes and use a local repo you can add
<command>[ "--update-input" "nixpkgs" "--commit-lock-file" ]</command>
to update nixpkgs.
''; '';
}; };
@ -82,11 +102,23 @@ let cfg = config.system.autoUpgrade; in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
system.autoUpgrade.flags = assertions = [{
[ "--no-build-output" ] assertion = !((cfg.channel != null) && (cfg.flake != null));
++ (if cfg.channel == null message = ''
then [ "--upgrade" ] The options 'system.autoUpgrade.channels' and 'system.autoUpgrade.flake' cannot both be set.
else [ "-I" "nixpkgs=${cfg.channel}/nixexprs.tar.xz" ]); '';
}];
system.autoUpgrade.flags = [ "--no-build-output" ]
++ (if cfg.flake == null then
(if cfg.channel == null then
[ "--upgrade" ]
else [
"-I"
"nixpkgs=${cfg.channel}/nixexprs.tar.xz"
])
else
[ "--flake ${cfg.flake}" ]);
systemd.services.nixos-upgrade = { systemd.services.nixos-upgrade = {
description = "NixOS Upgrade"; description = "NixOS Upgrade";
@ -96,33 +128,41 @@ let cfg = config.system.autoUpgrade; in
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
environment = config.nix.envVars // environment = config.nix.envVars // {
{ inherit (config.environment.sessionVariables) NIX_PATH; inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root"; HOME = "/root";
} // config.networking.proxy.envVars; } // config.networking.proxy.envVars;
path = with pkgs; [ coreutils gnutar xz.bin gzip gitMinimal config.nix.package.out ]; path = with pkgs; [
coreutils
gnutar
xz.bin
gzip
gitMinimal
config.nix.package.out
];
script = let script = let
nixos-rebuild = "${config.system.build.nixos-rebuild}/bin/nixos-rebuild"; nixos-rebuild =
in "${config.system.build.nixos-rebuild}/bin/nixos-rebuild";
if cfg.allowReboot then '' in if cfg.allowReboot then ''
${nixos-rebuild} boot ${toString cfg.flags} ${nixos-rebuild} boot ${toString cfg.flags}
booted="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})" booted="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"
built="$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})" built="$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"
if [ "$booted" = "$built" ]; then if [ "$booted" = "$built" ]; then
${nixos-rebuild} switch ${toString cfg.flags} ${nixos-rebuild} switch ${toString cfg.flags}
else else
/run/current-system/sw/bin/shutdown -r +1 /run/current-system/sw/bin/shutdown -r +1
fi fi
'' else '' '' else ''
${nixos-rebuild} switch ${toString cfg.flags} ${nixos-rebuild} switch ${toString cfg.flags}
''; '';
startAt = cfg.dates; startAt = cfg.dates;
}; };
systemd.timers.nixos-upgrade.timerConfig.RandomizedDelaySec = cfg.randomizedDelaySec; systemd.timers.nixos-upgrade.timerConfig.RandomizedDelaySec =
cfg.randomizedDelaySec;
}; };

2
nixos/modules/tasks/bcache.nix
View file

@ -8,6 +8,6 @@
boot.initrd.extraUdevRulesCommands = '' boot.initrd.extraUdevRulesCommands = ''
cp -v ${pkgs.bcache-tools}/lib/udev/rules.d/*.rules $out/ cp -v ${pkgs.bcache-tools}/lib/udev/rules.d/*.rules $out/
''; '';
} }

4
nixos/modules/tasks/network-interfaces-scripted.nix
View file

@ -253,8 +253,8 @@ let
createTunDevice = i: nameValuePair "${i.name}-netdev" createTunDevice = i: nameValuePair "${i.name}-netdev"
{ description = "Virtual Network Interface ${i.name}"; { description = "Virtual Network Interface ${i.name}";
bindsTo = [ "dev-net-tun.device" ]; bindsTo = optional (!config.boot.isContainer) "dev-net-tun.device";
after = [ "dev-net-tun.device" "network-pre.target" ]; after = optional (!config.boot.isContainer) "dev-net-tun.device" ++ [ "network-pre.target" ];
wantedBy = [ "network-setup.service" (subsystemDevice i.name) ]; wantedBy = [ "network-setup.service" (subsystemDevice i.name) ];
partOf = [ "network-setup.service" ]; partOf = [ "network-setup.service" ];
before = [ "network-setup.service" ]; before = [ "network-setup.service" ];

2
nixos/modules/virtualisation/azure-image.nix
View file

@ -6,7 +6,7 @@ let
in in
{ {
imports = [ ./azure-common.nix ]; imports = [ ./azure-common.nix ];
options = { options = {
virtualisation.azureImage.diskSize = mkOption { virtualisation.azureImage.diskSize = mkOption {
type = with types; int; type = with types; int;

12
nixos/modules/virtualisation/railcar.nix
View file

@ -29,9 +29,9 @@ let
default = "none"; default = "none";
description = '' description = ''
The type of the filesystem to be mounted. The type of the filesystem to be mounted.
Linux: filesystem types supported by the kernel as listed in Linux: filesystem types supported by the kernel as listed in
`/proc/filesystems` (e.g., "minix", "ext2", "ext3", "jfs", "xfs", `/proc/filesystems` (e.g., "minix", "ext2", "ext3", "jfs", "xfs",
"reiserfs", "msdos", "proc", "nfs", "iso9660"). For bind mounts "reiserfs", "msdos", "proc", "nfs", "iso9660"). For bind mounts
(when options include either bind or rbind), the type is a dummy, (when options include either bind or rbind), the type is a dummy,
often "none" (not listed in /proc/filesystems). often "none" (not listed in /proc/filesystems).
''; '';
@ -45,9 +45,9 @@ let
default = [ "bind" ]; default = [ "bind" ];
description = '' description = ''
Mount options of the filesystem to be used. Mount options of the filesystem to be used.
Support optoions are listed in the mount(8) man page. Note that Support options are listed in the mount(8) man page. Note that
both filesystem-independent and filesystem-specific options both filesystem-independent and filesystem-specific options
are listed. are listed.
''; '';
}; };

24
nixos/tests/bittorrent.nix
View file

@ -19,6 +19,7 @@ let
externalClient2Address = "80.100.100.2"; externalClient2Address = "80.100.100.2";
externalTrackerAddress = "80.100.100.3"; externalTrackerAddress = "80.100.100.3";
download-dir = "/var/lib/transmission/Downloads";
transmissionConfig = { ... }: { transmissionConfig = { ... }: {
environment.systemPackages = [ pkgs.transmission ]; environment.systemPackages = [ pkgs.transmission ];
services.transmission = { services.transmission = {
@ -26,6 +27,7 @@ let
settings = { settings = {
dht-enabled = false; dht-enabled = false;
message-level = 3; message-level = 3;
inherit download-dir;
}; };
}; };
}; };
@ -117,12 +119,12 @@ in
router.wait_for_unit("miniupnpd") router.wait_for_unit("miniupnpd")
# Create the torrent. # Create the torrent.
tracker.succeed("mkdir /tmp/data") tracker.succeed("mkdir ${download-dir}/data")
tracker.succeed( tracker.succeed(
"cp ${file} /tmp/data/test.tar.bz2" "cp ${file} ${download-dir}/data/test.tar.bz2"
) )
tracker.succeed( tracker.succeed(
"transmission-create /tmp/data/test.tar.bz2 --private --tracker http://${externalTrackerAddress}:6969/announce --outfile /tmp/test.torrent" "transmission-create ${download-dir}/data/test.tar.bz2 --private --tracker http://${externalTrackerAddress}:6969/announce --outfile /tmp/test.torrent"
) )
tracker.succeed("chmod 644 /tmp/test.torrent") tracker.succeed("chmod 644 /tmp/test.torrent")
@ -133,18 +135,16 @@ in
# Start the initial seeder. # Start the initial seeder.
tracker.succeed( tracker.succeed(
"transmission-remote --add /tmp/test.torrent --no-portmap --no-dht --download-dir /tmp/data" "transmission-remote --add /tmp/test.torrent --no-portmap --no-dht --download-dir ${download-dir}/data"
) )
# Now we should be able to download from the client behind the NAT. # Now we should be able to download from the client behind the NAT.
tracker.wait_for_unit("httpd") tracker.wait_for_unit("httpd")
client1.wait_for_unit("network-online.target") client1.wait_for_unit("network-online.target")
client1.succeed("transmission-remote --add http://${externalTrackerAddress}/test.torrent >&2 &")
client1.wait_for_file("${download-dir}/test.tar.bz2")
client1.succeed( client1.succeed(
"transmission-remote --add http://${externalTrackerAddress}/test.torrent --download-dir /tmp >&2 &" "cmp ${download-dir}/test.tar.bz2 ${file}"
)
client1.wait_for_file("/tmp/test.tar.bz2")
client1.succeed(
"cmp /tmp/test.tar.bz2 ${file}"
) )
# Bring down the initial seeder. # Bring down the initial seeder.
@ -154,11 +154,11 @@ in
# the first client created a NAT hole in the router. # the first client created a NAT hole in the router.
client2.wait_for_unit("network-online.target") client2.wait_for_unit("network-online.target")
client2.succeed( client2.succeed(
"transmission-remote --add http://${externalTrackerAddress}/test.torrent --no-portmap --no-dht --download-dir /tmp >&2 &" "transmission-remote --add http://${externalTrackerAddress}/test.torrent --no-portmap --no-dht >&2 &"
) )
client2.wait_for_file("/tmp/test.tar.bz2") client2.wait_for_file("${download-dir}/test.tar.bz2")
client2.succeed( client2.succeed(
"cmp /tmp/test.tar.bz2 ${file}" "cmp ${download-dir}/test.tar.bz2 ${file}"
) )
''; '';
}) })

1
nixos/tests/nextcloud/basic.nix
View file

@ -33,7 +33,6 @@ in {
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
nginx.enable = true;
hostName = "nextcloud"; hostName = "nextcloud";
config = { config = {
# Don't inherit adminuser since "root" is supposed to be the default # Don't inherit adminuser since "root" is supposed to be the default

1
nixos/tests/nextcloud/with-mysql-and-memcached.nix
View file

@ -17,7 +17,6 @@ in {
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
hostName = "nextcloud"; hostName = "nextcloud";
nginx.enable = true;
https = true; https = true;
caching = { caching = {
apcu = true; apcu = true;

1
nixos/tests/nextcloud/with-postgresql-and-redis.nix
View file

@ -17,7 +17,6 @@ in {
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
hostName = "nextcloud"; hostName = "nextcloud";
nginx.enable = true;
caching = { caching = {
apcu = false; apcu = false;
redis = true; redis = true;

4
nixos/tests/postgresql-wal-receiver.nix
View file

@ -28,6 +28,10 @@ let
meta.maintainers = with maintainers; [ pacien ]; meta.maintainers = with maintainers; [ pacien ];
machine = { ... }: { machine = { ... }: {
# Needed because this test uses a non-default 'services.postgresql.dataDir'.
systemd.tmpfiles.rules = [
"d /var/db/postgresql 0700 postgres postgres"
];
services.postgresql = { services.postgresql = {
package = postgresqlPackage; package = postgresqlPackage;
enable = true; enable = true;

12
pkgs/applications/audio/a2jmidid/default.nix
View file

@ -9,7 +9,7 @@ in stdenv.mkDerivation {
version = "8"; version = "8";
src = fetchurl { src = fetchurl {
url = "https://repo.or.cz/a2jmidid.git/snapshot/7383d268c4bfe85df9f10df6351677659211d1ca.tar.gz"; url = "https://github.com/linuxaudio/a2jmidid/archive/7383d268c4bfe85df9f10df6351677659211d1ca.tar.gz";
sha256 = "06dgf5655znbvrd7fhrv8msv6zw8vk0hjqglcqkh90960mnnmwz7"; sha256 = "06dgf5655znbvrd7fhrv8msv6zw8vk0hjqglcqkh90960mnnmwz7";
}; };
@ -18,13 +18,17 @@ in stdenv.mkDerivation {
patches = [ patches = [
(fetchpatch { (fetchpatch {
url = "https://repo.or.cz/a2jmidid.git/patch/24e3b8e543256ae8fdfb4b75eb9fd775f07c46e2"; url = "https://github.com/linuxaudio/a2jmidid/commit/24e3b8e543256ae8fdfb4b75eb9fd775f07c46e2.diff";
sha256 = "1nxrvnhxlgqc9wbxnp1gnpw4wjyzxvymwcg1gh2nqzmssgfykfkc"; sha256 = "1nxrvnhxlgqc9wbxnp1gnpw4wjyzxvymwcg1gh2nqzmssgfykfkc";
}) })
(fetchpatch { (fetchpatch {
url = "https://repo.or.cz/a2jmidid.git/patch/7f82da7eb2f540a94db23331be98d42a58ddc269"; url = "https://github.com/linuxaudio/a2jmidid/commit/7f82da7eb2f540a94db23331be98d42a58ddc269.diff";
sha256 = "1nab9zf0agbcj5pvhl90pz0cx1d204d4janqflc5ymjhy8jyrsdv"; sha256 = "1nab9zf0agbcj5pvhl90pz0cx1d204d4janqflc5ymjhy8jyrsdv";
}) })
(fetchpatch {
url = "https://github.com/linuxaudio/a2jmidid/commit/c07775d021a71cb91bf64ce1391cf525415cb060.diff";
sha256 = "172v9hri03qdqi8a3zsg227k5qxldd8v5bj4jk7fyk5jf50fcxga";
})
]; ];
postInstall = '' postInstall = ''
@ -35,6 +39,6 @@ in stdenv.mkDerivation {
description = "Daemon for exposing legacy ALSA sequencer applications in JACK MIDI system"; description = "Daemon for exposing legacy ALSA sequencer applications in JACK MIDI system";
license = licenses.gpl2; license = licenses.gpl2;
maintainers = [ maintainers.goibhniu ]; maintainers = [ maintainers.goibhniu ];
platforms = [ "i686-linux" "x86_64-linux" ]; platforms = [ "i686-linux" "x86_64-linux" "aarch64-linux" ];
}; };
} }

10
pkgs/applications/audio/adlplug/default.nix
View file

@ -1,18 +1,18 @@
{ stdenv, fetchFromGitHub, cmake, pkgconfig, libjack2, alsaLib { stdenv, fetchFromGitHub, cmake, pkgconfig, libjack2, alsaLib
, freetype, libX11, libXrandr, libXinerama, libXext, libXcursor , freetype, libX11, libXrandr, libXinerama, libXext, libXcursor
, fetchpatch , fetchpatch, fmt
, adlplugChip ? "-DADLplug_CHIP=OPL3" , adlplugChip ? "-DADLplug_CHIP=OPL3"
, pname ? "ADLplug" }: , pname ? "ADLplug" }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
inherit pname; inherit pname;
version = "1.0.1"; version = "1.0.2";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "jpcima"; owner = "jpcima";
repo = "ADLplug"; repo = "ADLplug";
rev = "v${version}"; rev = "v${version}";
sha256 = "0n9srdlgl1j528ap5xmllrqs1w6ibc5yf9sphvl1q9kjnizxrs2c"; sha256 = "0mqx4bzri8s880v7jwd24nb93m5i3aklqld0b3h0hjnz0lh2qz0f";
fetchSubmodules = true; fetchSubmodules = true;
}; };
@ -25,13 +25,13 @@ stdenv.mkDerivation rec {
}) })
]; ];
cmakeFlags = [ adlplugChip ]; cmakeFlags = [ adlplugChip "-DADLplug_USE_SYSTEM_FMT=ON" ];
buildInputs = [ buildInputs = [
libjack2 alsaLib freetype libX11 libXrandr libXinerama libXext libjack2 alsaLib freetype libX11 libXrandr libXinerama libXext
libXcursor libXcursor
]; ];
nativeBuildInputs = [ cmake pkgconfig ]; nativeBuildInputs = [ cmake pkgconfig fmt ];
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "OPL3 and OPN2 FM Chip Synthesizer"; description = "OPL3 and OPN2 FM Chip Synthesizer";

4
pkgs/applications/audio/giada/default.nix
View file

@ -18,13 +18,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "giada"; pname = "giada";
version = "0.16.3"; version = "0.16.3.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "monocasual"; owner = "monocasual";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "1sysv5d0wq6ib47bqsn3wdzkqzjpzjrgzg15bkllbm67hiz9abhh"; sha256 = "0z1jrkggdn630i3j59j30apaa9s242y1wiawqp4g1n9dkg3r9a1j";
}; };
configureFlags = [ configureFlags = [

4
pkgs/applications/audio/mellowplayer/default.nix
View file

@ -14,13 +14,13 @@
mkDerivation rec { mkDerivation rec {
pname = "MellowPlayer"; pname = "MellowPlayer";
version = "3.6.4"; version = "3.6.5";
src = fetchFromGitLab { src = fetchFromGitLab {
owner = "ColinDuquesnoy"; owner = "ColinDuquesnoy";
repo = "MellowPlayer"; repo = "MellowPlayer";
rev = version; rev = version;
sha256 = "1ss7s3kal4vzhz7ld0yy2kvp1rk2w3i6fya0z3xd7nff9p31gqvw"; sha256 = "1fnfqyy52hnh9vwq4rcndcqwh0zsm1sd3vi4h5gzaj4zbniq5v2f";
}; };
nativeBuildInputs = [ cmake pkgconfig ]; nativeBuildInputs = [ cmake pkgconfig ];

4
pkgs/applications/audio/musikcube/default.nix
View file

@ -17,13 +17,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "musikcube"; pname = "musikcube";
version = "0.92.1"; version = "0.93.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "clangen"; owner = "clangen";
repo = pname; repo = pname;
rev = version; rev = version;
sha256 = "0l4ncxqxvp5m014j7vlglhzxhhrxl0c2m71xn0i0a27hn4nc72mr"; sha256 = "05qsxyr7x8l0vlmn4yjg4gglxvcw9raf6vfzvblsl2ngsdsrnizy";
}; };
nativeBuildInputs = [ nativeBuildInputs = [

0
pkgs/applications/audio/yasr/10_fix_openpty_forkpty_declarations → pkgs/applications/audio/yasr/10_fix_openpty_forkpty_declarations.patch
View file

0
pkgs/applications/audio/yasr/20_maxpathlen → pkgs/applications/audio/yasr/20_maxpathlen.patch
View file

0
pkgs/applications/audio/yasr/30_conf → pkgs/applications/audio/yasr/30_conf.patch
View file

0
pkgs/applications/audio/yasr/40_dectalk_extended_chars → pkgs/applications/audio/yasr/40_dectalk_extended_chars.patch
View file

8
pkgs/applications/audio/yasr/default.nix
View file

@ -11,10 +11,10 @@ stdenv.mkDerivation rec {
}; };
patches = [ patches = [
./10_fix_openpty_forkpty_declarations ./10_fix_openpty_forkpty_declarations.patch
./20_maxpathlen ./20_maxpathlen.patch
./30_conf ./30_conf.patch
./40_dectalk_extended_chars ./40_dectalk_extended_chars.patch
]; # taken from the debian yasr package ]; # taken from the debian yasr package
meta = { meta = {

4
pkgs/applications/blockchains/bitcoin-abc.nix
View file

@ -7,13 +7,13 @@ with stdenv.lib;
mkDerivation rec { mkDerivation rec {
name = "bitcoin" + (toString (optional (!withGui) "d")) + "-abc-" + version; name = "bitcoin" + (toString (optional (!withGui) "d")) + "-abc-" + version;
version = "0.21.10"; version = "0.21.12";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bitcoin-ABC"; owner = "bitcoin-ABC";
repo = "bitcoin-abc"; repo = "bitcoin-abc";
rev = "v${version}"; rev = "v${version}";
sha256 = "1m210g6db8f09m66v75ia1fdd1dlvs1srgk2jhd3wqbvnmjqa77f"; sha256 = "1mad3aqfwrxi06135nf8hv13d67nilmxpx4dw5vjcy1zi3lljj1j";
}; };
patches = [ ./fix-bitcoin-qt-build.patch ]; patches = [ ./fix-bitcoin-qt-build.patch ];

3
pkgs/applications/editors/jetbrains/default.nix
View file

@ -224,7 +224,8 @@ let
interpreter=$(echo ${stdenv.glibc.out}/lib/ld-linux*.so.2) interpreter=$(echo ${stdenv.glibc.out}/lib/ld-linux*.so.2)
patchelf --set-interpreter "$interpreter" lib/ReSharperHost/linux-x64/mono/bin/mono-sgen patchelf --set-interpreter "$interpreter" lib/ReSharperHost/linux-x64/mono/bin/mono-sgen
rm -rf lib/ReSharperHost/linux-x64/dotnet rm -rf lib/ReSharperHost/linux-x64/dotnet
ln -s ${dotnet-sdk_3} lib/ReSharperHost/linux-x64/dotnet mkdir -p lib/ReSharperHost/linux-x64/dotnet/
ln -s ${dotnet-sdk_3}/bin/dotnet lib/ReSharperHost/linux-x64/dotnet/dotnet
''); '');
}); });

4
pkgs/applications/editors/neovim/default.nix
View file

@ -23,13 +23,13 @@ let
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "neovim-unwrapped"; pname = "neovim-unwrapped";
version = "0.4.3"; version = "0.4.4";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "neovim"; owner = "neovim";
repo = "neovim"; repo = "neovim";
rev = "v${version}"; rev = "v${version}";
sha256 = "03p7pic7hw9yxxv7fbgls1f42apx3lik2k6mpaz1a109ngyc5kaj"; sha256 = "11zyj6jvkwas3n6w1ckj3pk6jf81z1g7ngg4smmwm7c27y2a6f2m";
}; };
patches = [ patches = [

4
pkgs/applications/editors/okteta/default.nix
View file

@ -4,11 +4,11 @@
mkDerivation rec { mkDerivation rec {
pname = "okteta"; pname = "okteta";
version = "0.26.3"; version = "0.26.4";
src = fetchurl { src = fetchurl {
url = "mirror://kde/stable/okteta/${version}/src/${pname}-${version}.tar.xz"; url = "mirror://kde/stable/okteta/${version}/src/${pname}-${version}.tar.xz";
sha256 = "1454844s76skk18gpcf56y9pkmffs7p4z09ggmy37ifzf7yk1p19"; sha256 = "00qgzm5mqx0j8f0fznhnw76l9pjyw3lxirvy8ssq59nqqjbb08pg";
}; };
nativeBuildInputs = [ qtscript extra-cmake-modules kdoctools ]; nativeBuildInputs = [ qtscript extra-cmake-modules kdoctools ];

4
pkgs/applications/kde/marble.nix
View file

@ -1,6 +1,6 @@
{ mkDerivation, lib { mkDerivation, lib
, extra-cmake-modules, kdoctools , extra-cmake-modules, kdoctools
, qtscript, qtsvg, qtquickcontrols, qtwebkit , qtscript, qtsvg, qtquickcontrols, qtwebengine
, krunner, shared-mime-info, kparts, knewstuff , krunner, shared-mime-info, kparts, knewstuff
, gpsd, perl , gpsd, perl
}: }:
@ -11,7 +11,7 @@ mkDerivation {
outputs = [ "out" "dev" ]; outputs = [ "out" "dev" ];
nativeBuildInputs = [ extra-cmake-modules kdoctools perl ]; nativeBuildInputs = [ extra-cmake-modules kdoctools perl ];
propagatedBuildInputs = [ propagatedBuildInputs = [
qtscript qtsvg qtquickcontrols qtwebkit shared-mime-info krunner kparts qtscript qtsvg qtquickcontrols qtwebengine shared-mime-info krunner kparts
knewstuff gpsd knewstuff gpsd
]; ];
preConfigure = '' preConfigure = ''

6
pkgs/applications/misc/ArchiSteamFarm/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "ArchiSteamFarm"; pname = "ArchiSteamFarm";
version = "4.2.3.3"; version = "4.2.3.6";
src = fetchurl { src = fetchurl {
url = "https://github.com/JustArchiNET/ArchiSteamFarm/releases/download/${version}/ASF-generic.zip"; url = "https://github.com/JustArchiNET/ArchiSteamFarm/releases/download/${version}/ASF-generic.zip";
sha256 = "0v69rrs5fr1n5llfx42xkiish52al7kb36fjy3ng0j9qfp3g8pj7"; sha256 = "1a8baxrb8czndxxi16md1nyl2snfx215yvrygdpcblgngkp2z2y9";
}; };
nativeBuildInputs = [ unzip makeWrapper jq ]; nativeBuildInputs = [ unzip makeWrapper jq ];
@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
--run "[ -d config ] || cp --no-preserve=mode -r $dist/config ." \ --run "[ -d config ] || cp --no-preserve=mode -r $dist/config ." \
--run "[ -d logs ] || cp --no-preserve=mode -r $dist/logs ." \ --run "[ -d logs ] || cp --no-preserve=mode -r $dist/logs ." \
--run "[ -d plugins ] || cp --no-preserve=mode -r $dist/plugins ." \ --run "[ -d plugins ] || cp --no-preserve=mode -r $dist/plugins ." \
--run "[ -d www ] || ln -sf $dist/www ." --run "ln -sf $dist/www ."
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {

4
pkgs/applications/misc/calibre/default.nix
View file

@ -30,11 +30,11 @@ let
in in
mkDerivation rec { mkDerivation rec {
pname = "calibre"; pname = "calibre";
version = "4.19.0"; version = "4.22.0";
src = fetchurl { src = fetchurl {
url = "https://download.calibre-ebook.com/${version}/${pname}-${version}.tar.xz"; url = "https://download.calibre-ebook.com/${version}/${pname}-${version}.tar.xz";
sha256 = "1kpj65spwr9m88vshsljpdrw5jy7bbpqgqcrvqb17abh7fnnrb4x"; sha256 = "0d0wmd3ijk8px1d662igal4lfmpyzynfzs6ms1bb9nf42mq2pxai";
}; };
patches = [ patches = [

2
pkgs/applications/misc/kitty/default.nix
View file

@ -136,6 +136,6 @@ buildPythonApplication rec {
license = licenses.gpl3; license = licenses.gpl3;
changelog = "https://sw.kovidgoyal.net/kitty/changelog.html"; changelog = "https://sw.kovidgoyal.net/kitty/changelog.html";
platforms = platforms.darwin ++ platforms.linux; platforms = platforms.darwin ++ platforms.linux;
maintainers = with maintainers; [ tex rvolosatovs ma27 Luflosi ]; maintainers = with maintainers; [ tex rvolosatovs Luflosi ];
}; };
} }

4
pkgs/applications/misc/minder/default.nix
View file

@ -8,13 +8,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "minder"; pname = "minder";
version = "1.9.0"; version = "1.9.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "phase1geo"; owner = "phase1geo";
repo = pname; repo = pname;
rev = version; rev = version;
sha256 = "1j3jk76rd0sc9sd9zrd24q3636559wd809yfnb9bv5jmvn9s1bkz"; sha256 = "1823nl9hgsa9l04ra1drj3c7r8s5ybx6c06d9ijpwqz191sz2jg2";
}; };
nativeBuildInputs = [ pkgconfig meson ninja python3 wrapGAppsHook vala shared-mime-info ]; nativeBuildInputs = [ pkgconfig meson ninja python3 wrapGAppsHook vala shared-mime-info ];

39
pkgs/applications/misc/redshift/default.nix
View file

@ -1,4 +1,5 @@
{ stdenv, fetchFromGitHub, autoconf, automake, gettext, intltool { stdenv, fetchFromGitHub, fetchFromGitLab
, autoconf, automake, gettext, intltool
, libtool, pkgconfig, wrapGAppsHook, wrapPython, gobject-introspection , libtool, pkgconfig, wrapGAppsHook, wrapPython, gobject-introspection
, gtk3, python, pygobject3, pyxdg , gtk3, python, pygobject3, pyxdg
@ -18,11 +19,16 @@ let
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
inherit pname version src meta; inherit pname version src meta;
patches = [ patches = stdenv.lib.optionals (pname != "gammastep") [
# https://github.com/jonls/redshift/pull/575 # https://github.com/jonls/redshift/pull/575
./575.patch ./575.patch
]; ];
postPatch = stdenv.lib.optionalString (pname == "gammastep") ''
substituteInPlace configure.ac \
--replace "[gammastep], [2.0]" "[gammastep], [${version}]"
'';
nativeBuildInputs = [ nativeBuildInputs = [
autoconf autoconf
automake automake
@ -62,10 +68,15 @@ let
# the geoclue agent may inspect these paths and expect them to be # the geoclue agent may inspect these paths and expect them to be
# valid without having the correct $PATH set # valid without having the correct $PATH set
postInstall = '' postInstall = if (pname == "gammastep") then ''
substituteInPlace $out/share/applications/gammastep.desktop \
--replace 'Exec=gammastep' "Exec=$out/bin/gammastep"
substituteInPlace $out/share/applications/gammastep-indicator.desktop \
--replace 'Exec=gammastep-indicator' "Exec=$out/bin/gammastep-indicator"
'' else ''
substituteInPlace $out/share/applications/redshift.desktop \ substituteInPlace $out/share/applications/redshift.desktop \
--replace 'Exec=redshift' "Exec=$out/bin/redshift" --replace 'Exec=redshift' "Exec=$out/bin/redshift"
substituteInPlace $out/share/applications/redshift.desktop \ substituteInPlace $out/share/applications/redshift-gtk.desktop \
--replace 'Exec=redshift-gtk' "Exec=$out/bin/redshift-gtk" --replace 'Exec=redshift-gtk' "Exec=$out/bin/redshift-gtk"
''; '';
@ -118,4 +129,24 @@ rec {
homepage = "https://github.com/minus7/redshift"; homepage = "https://github.com/minus7/redshift";
}; };
}; };
gammastep = mkRedshift rec {
pname = "gammastep";
version = "2.0.1";
src = fetchFromGitLab {
owner = "chinstrap";
repo = pname;
rev = "v${version}";
sha256 = "1ky4h892sg2mfbwwq5xv0vnjflsl2x3nsy5q456r1kyk1gwkj0rg";
};
meta = redshift.meta // {
name = "${pname}-${version}";
longDescription = "Gammastep"
+ stdenv.lib.removePrefix "Redshift" redshift.meta.longDescription;
homepage = "https://gitlab.com/chinstrap/gammastep";
maintainers = [ stdenv.lib.maintainers.primeos ] ++ redshift.meta.maintainers;
};
};
} }

8
pkgs/applications/misc/waybar/default.nix
View file

@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, meson, pkgconfig, ninja, wrapGAppsHook { stdenv, fetchFromGitHub, meson, pkgconfig, ninja, wrapGAppsHook
, wayland, wlroots, gtkmm3, libinput, libsigcxx, jsoncpp, fmt, scdoc, spdlog, gtk-layer-shell , wayland, wlroots, gtkmm3, libsigcxx, jsoncpp, fmt, scdoc, spdlog, gtk-layer-shell
, howard-hinnant-date, cmake , howard-hinnant-date, cmake
, traySupport ? true, libdbusmenu-gtk3 , traySupport ? true, libdbusmenu-gtk3
, pulseSupport ? false, libpulseaudio , pulseSupport ? false, libpulseaudio
@ -11,13 +11,13 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "waybar"; pname = "waybar";
version = "0.9.2"; version = "0.9.3";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "Alexays"; owner = "Alexays";
repo = "Waybar"; repo = "Waybar";
rev = version; rev = version;
sha256 = "1gfxyjzwfqznyrpyr3322z3w844i1lh77kly4hcpy9y5gsfmlafy"; sha256 = "0ks719khhg2zwpyiwa2079i6962qcxpapm28hmr4ckpsp2n659ck";
}; };
nativeBuildInputs = [ nativeBuildInputs = [
@ -32,7 +32,7 @@
strictDeps = false; strictDeps = false;
buildInputs = with stdenv.lib; buildInputs = with stdenv.lib;
[ wayland wlroots gtkmm3 libinput libsigcxx jsoncpp fmt spdlog gtk-layer-shell howard-hinnant-date ] [ wayland wlroots gtkmm3 libsigcxx jsoncpp fmt spdlog gtk-layer-shell howard-hinnant-date ]
++ optional traySupport libdbusmenu-gtk3 ++ optional traySupport libdbusmenu-gtk3
++ optional pulseSupport libpulseaudio ++ optional pulseSupport libpulseaudio
++ optional nlSupport libnl ++ optional nlSupport libnl

4
pkgs/applications/networking/cluster/argo/default.nix
View file

@ -19,13 +19,13 @@ let
in in
buildGoModule rec { buildGoModule rec {
pname = "argo"; pname = "argo";
version = "2.9.4"; version = "2.9.5";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "argoproj"; owner = "argoproj";
repo = "argo"; repo = "argo";
rev = "v${version}"; rev = "v${version}";
sha256 = "156102xqwmsq3g9jammfib0ri22a0nzk96zrv5774gidjvy2xb55"; sha256 = "1x44mgvnbn47a33xnhnh9bxxvj1vsr32lvh9bq6w5hpmxb7qbq4f";
}; };
vendorSha256 = "1vqmzz76lcwwnw89n4lyg4jjf7wbdgn9sdzwsgrjwkj8ax7d48cv"; vendorSha256 = "1vqmzz76lcwwnw89n4lyg4jjf7wbdgn9sdzwsgrjwkj8ax7d48cv";

6
pkgs/applications/networking/cluster/minikube/default.nix
View file

@ -11,15 +11,15 @@
buildGoModule rec { buildGoModule rec {
pname = "minikube"; pname = "minikube";
version = "1.12.1"; version = "1.12.2";
vendorSha256 = "0v2lnzdv5nmg4jf10hqyvrsyz5yg7brm4p3gil7n88w6n100phfn"; vendorSha256 = "0smjj2sq09k1ai79lk74gi056hfls7qy8x08wkq2g24fxi06cr94";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "kubernetes"; owner = "kubernetes";
repo = "minikube"; repo = "minikube";
rev = "v${version}"; rev = "v${version}";
sha256 = "0ya6mp081vs48c0nh4nys9z04kz79mjfpm4gs0hlmh2kpa5kmc9h"; sha256 = "1x28s6d2nibm76qd3kjsa7wkyhqvnwdy9rfwk9xf45hzrx9700sm";
}; };
nativeBuildInputs = [ go-bindata installShellFiles pkg-config which ]; nativeBuildInputs = [ go-bindata installShellFiles pkg-config which ];

4
pkgs/applications/networking/cluster/terragrunt/default.nix
View file

@ -2,13 +2,13 @@
buildGoModule rec { buildGoModule rec {
pname = "terragrunt"; pname = "terragrunt";
version = "0.23.31"; version = "0.23.32";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "gruntwork-io"; owner = "gruntwork-io";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "1wpb749hc6pbmxcba1k4yrwcg8547rnsskxb45bzqyqyj1nj775s"; sha256 = "1pa3k0hjdb5bj0bp4aj3lfcgz98l3wd9kfa12rn9zzbcmp087kih";
}; };
vendorSha256 = "1xn7c6y32vpanqvf1sfpw6bs73dbjniavjbf00j0vx83bfyklsr4"; vendorSha256 = "1xn7c6y32vpanqvf1sfpw6bs73dbjniavjbf00j0vx83bfyklsr4";

32
pkgs/applications/networking/gopher/sacc/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ stdenv, fetchgit, ncurses
, patches ? [] # allow users to easily override config.def.h
}:
stdenv.mkDerivation rec {
pname = "sacc";
version = "1.01";
src = fetchgit {
url = "git://bitreich.org/sacc";
rev = version;
sha256 = "0n6ghbi715m7hrxzqggx1bpqj8h7569s72b9bzk6m4gd29jaq9hz";
};
inherit patches;
buildInputs = [ ncurses ];
postPatch = ''
substituteInPlace config.mk \
--replace curses ncurses \
--replace "/usr/local" "$out"
'';
meta = with stdenv.lib; {
description = "A terminal gopher client";
homepage = "gopher://bitreich.org/1/scm/sacc";
license = licenses.isc;
maintainers = [ maintainers.sternenseemann ];
platforms = platforms.unix;
};
}

12
pkgs/applications/networking/instant-messengers/discord/default.nix
View file

@ -7,30 +7,30 @@ in {
pname = "discord"; pname = "discord";
binaryName = "Discord"; binaryName = "Discord";
desktopName = "Discord"; desktopName = "Discord";
version = "0.0.10"; version = "0.0.11";
src = fetchurl { src = fetchurl {
url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz"; url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz";
sha256 = "0kx92i8naqr3algmyy3wyzbh8146z7gigxwf1nbpg1gl16wlplaq"; sha256 = "1saqwigi1gjgy4q8rgnwyni57aaszi0w9vqssgyvfgzff8fpcx54";
}; };
}; };
ptb = callPackage ./base.nix rec { ptb = callPackage ./base.nix rec {
pname = "discord-ptb"; pname = "discord-ptb";
binaryName = "DiscordPTB"; binaryName = "DiscordPTB";
desktopName = "Discord PTB"; desktopName = "Discord PTB";
version = "0.0.20"; version = "0.0.21";
src = fetchurl { src = fetchurl {
url = "https://dl-ptb.discordapp.net/apps/linux/${version}/discord-ptb-${version}.tar.gz"; url = "https://dl-ptb.discordapp.net/apps/linux/${version}/discord-ptb-${version}.tar.gz";
sha256 = "0wn2qdv0a4n59xl451y7fcq11klp2g63qwx40qkshllvnf5lzzsx"; sha256 = "1i164wpi07d45w19i7l5hs47crc29k3plg4y9kc97x75rhh4xym1";
}; };
}; };
canary = callPackage ./base.nix rec { canary = callPackage ./base.nix rec {
pname = "discord-canary"; pname = "discord-canary";
binaryName = "DiscordCanary"; binaryName = "DiscordCanary";
desktopName = "Discord Canary"; desktopName = "Discord Canary";
version = "0.0.105"; version = "0.0.106";
src = fetchurl { src = fetchurl {
url = "https://dl-canary.discordapp.net/apps/linux/${version}/discord-canary-${version}.tar.gz"; url = "https://dl-canary.discordapp.net/apps/linux/${version}/discord-canary-${version}.tar.gz";
sha256 = "1jc2zr8q33ras5mkifg19kcxpb84vsqx01rj66w62hsjw1nsbidg"; sha256 = "1bqlf7iixdy6c7lhbva4lizvhd6w0xqn69izxcy26wk35xcqgfh8";
}; };
}; };
}.${branch} }.${branch}

5
pkgs/applications/networking/instant-messengers/element/element-desktop-package.json
View file

@ -2,7 +2,7 @@
"name": "element-desktop", "name": "element-desktop",
"productName": "Element", "productName": "Element",
"main": "src/electron-main.js", "main": "src/electron-main.js",
"version": "1.7.2", "version": "1.7.3",
"description": "A feature-rich client for Matrix.org", "description": "A feature-rich client for Matrix.org",
"author": "Element", "author": "Element",
"repository": { "repository": {
@ -43,13 +43,10 @@
"electron-devtools-installer": "^2.2.4", "electron-devtools-installer": "^2.2.4",
"electron-notarize": "^0.2.0", "electron-notarize": "^0.2.0",
"eslint": "7.3.1", "eslint": "7.3.1",
"eslint-config-google": "^0.7.1",
"eslint-config-matrix-org": "^0.1.2", "eslint-config-matrix-org": "^0.1.2",
"eslint-plugin-babel": "^4.1.2",
"find-npm-prefix": "^1.0.2", "find-npm-prefix": "^1.0.2",
"fs-extra": "^8.1.0", "fs-extra": "^8.1.0",
"glob": "^7.1.6", "glob": "^7.1.6",
"matrix-js-sdk": "8.0.0",
"mkdirp": "^1.0.3", "mkdirp": "^1.0.3",
"needle": "^2.5.0", "needle": "^2.5.0",
"node-pre-gyp": "^0.15.0", "node-pre-gyp": "^0.15.0",

104
pkgs/applications/networking/instant-messengers/element/element-desktop-yarndeps.nix
View file

@ -97,14 +97,6 @@
sha1 = "e7c6bf5a7deff957cec9f04b551e2762909d826b"; sha1 = "e7c6bf5a7deff957cec9f04b551e2762909d826b";
}; };
} }
{
name = "_babel_runtime___runtime_7.9.2.tgz";
path = fetchurl {
name = "_babel_runtime___runtime_7.9.2.tgz";
url = "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.9.2.tgz";
sha1 = "d90df0583a3a252f09aaa619665367bae518db06";
};
}
{ {
name = "_babel_template___template_7.10.4.tgz"; name = "_babel_template___template_7.10.4.tgz";
path = fetchurl { path = fetchurl {
@ -377,14 +369,6 @@
sha1 = "c629c5eced17baf314437918d2da88c99d5958cd"; sha1 = "c629c5eced17baf314437918d2da88c99d5958cd";
}; };
} }
{
name = "another_json___another_json_0.2.0.tgz";
path = fetchurl {
name = "another_json___another_json_0.2.0.tgz";
url = "https://registry.yarnpkg.com/another-json/-/another-json-0.2.0.tgz";
sha1 = "b5f4019c973b6dd5c6506a2d93469cb6d32aeedc";
};
}
{ {
name = "ansi_align___ansi_align_2.0.0.tgz"; name = "ansi_align___ansi_align_2.0.0.tgz";
path = fetchurl { path = fetchurl {
@ -705,14 +689,6 @@
sha1 = "89b4d199ab2bee49de164ea02b89ce462d71b767"; sha1 = "89b4d199ab2bee49de164ea02b89ce462d71b767";
}; };
} }
{
name = "base_x___base_x_3.0.7.tgz";
path = fetchurl {
name = "base_x___base_x_3.0.7.tgz";
url = "https://registry.yarnpkg.com/base-x/-/base-x-3.0.7.tgz";
sha1 = "1c5a7fafe8f66b4114063e8da102799d4e7c408f";
};
}
{ {
name = "base64_js___base64_js_1.3.1.tgz"; name = "base64_js___base64_js_1.3.1.tgz";
path = fetchurl { path = fetchurl {
@ -801,22 +777,6 @@
sha1 = "3c7fcbf529d87226f3d2f52b966ff5271eb441dd"; sha1 = "3c7fcbf529d87226f3d2f52b966ff5271eb441dd";
}; };
} }
{
name = "browser_request___browser_request_0.3.3.tgz";
path = fetchurl {
name = "browser_request___browser_request_0.3.3.tgz";
url = "https://registry.yarnpkg.com/browser-request/-/browser-request-0.3.3.tgz";
sha1 = "9ece5b5aca89a29932242e18bf933def9876cc17";
};
}
{
name = "bs58___bs58_4.0.1.tgz";
path = fetchurl {
name = "bs58___bs58_4.0.1.tgz";
url = "https://registry.yarnpkg.com/bs58/-/bs58-4.0.1.tgz";
sha1 = "be161e76c354f6f788ae4071f63f34e8c4f0a42a";
};
}
{ {
name = "buffer_crc32___buffer_crc32_0.2.13.tgz"; name = "buffer_crc32___buffer_crc32_0.2.13.tgz";
path = fetchurl { path = fetchurl {
@ -1281,14 +1241,6 @@
sha1 = "fe8cf184ff6670b6baef01a9d4861a5cbec4120a"; sha1 = "fe8cf184ff6670b6baef01a9d4861a5cbec4120a";
}; };
} }
{
name = "content_type___content_type_1.0.4.tgz";
path = fetchurl {
name = "content_type___content_type_1.0.4.tgz";
url = "https://registry.yarnpkg.com/content-type/-/content-type-1.0.4.tgz";
sha1 = "e138cc75e040c727b1966fe5e5f8c9aee256fe3b";
};
}
{ {
name = "copy_concurrently___copy_concurrently_1.0.5.tgz"; name = "copy_concurrently___copy_concurrently_1.0.5.tgz";
path = fetchurl { path = fetchurl {
@ -1905,14 +1857,6 @@
sha1 = "4f5f8759ba6e11b424294a219dbfa18c508bcc1a"; sha1 = "4f5f8759ba6e11b424294a219dbfa18c508bcc1a";
}; };
} }
{
name = "eslint_config_google___eslint_config_google_0.7.1.tgz";
path = fetchurl {
name = "eslint_config_google___eslint_config_google_0.7.1.tgz";
url = "https://registry.yarnpkg.com/eslint-config-google/-/eslint-config-google-0.7.1.tgz";
sha1 = "5598f8498e9e078420f34b80495b8d959f651fb2";
};
}
{ {
name = "eslint_config_matrix_org___eslint_config_matrix_org_0.1.2.tgz"; name = "eslint_config_matrix_org___eslint_config_matrix_org_0.1.2.tgz";
path = fetchurl { path = fetchurl {
@ -1961,14 +1905,6 @@
sha1 = "579ebd094f56af7797d19c9866c9c9486629bfa6"; sha1 = "579ebd094f56af7797d19c9866c9c9486629bfa6";
}; };
} }
{
name = "eslint_plugin_babel___eslint_plugin_babel_4.1.2.tgz";
path = fetchurl {
name = "eslint_plugin_babel___eslint_plugin_babel_4.1.2.tgz";
url = "https://registry.yarnpkg.com/eslint-plugin-babel/-/eslint-plugin-babel-4.1.2.tgz";
sha1 = "79202a0e35757dd92780919b2336f1fa2fe53c1e";
};
}
{ {
name = "eslint_plugin_babel___eslint_plugin_babel_5.3.1.tgz"; name = "eslint_plugin_babel___eslint_plugin_babel_5.3.1.tgz";
path = fetchurl { path = fetchurl {
@ -3697,14 +3633,6 @@
sha1 = "e48ddedbe30b3321783c5b4301fbd353bc1e4a4b"; sha1 = "e48ddedbe30b3321783c5b4301fbd353bc1e4a4b";
}; };
} }
{
name = "loglevel___loglevel_1.6.6.tgz";
path = fetchurl {
name = "loglevel___loglevel_1.6.6.tgz";
url = "https://registry.yarnpkg.com/loglevel/-/loglevel-1.6.6.tgz";
sha1 = "0ee6300cc058db6b3551fa1c4bf73b83bb771312";
};
}
{ {
name = "loose_envify___loose_envify_1.4.0.tgz"; name = "loose_envify___loose_envify_1.4.0.tgz";
path = fetchurl { path = fetchurl {
@ -3777,14 +3705,6 @@
sha1 = "7d583a7306434c055fe474b0f45078e6e1b4b92a"; sha1 = "7d583a7306434c055fe474b0f45078e6e1b4b92a";
}; };
} }
{
name = "matrix_js_sdk___matrix_js_sdk_8.0.0.tgz";
path = fetchurl {
name = "matrix_js_sdk___matrix_js_sdk_8.0.0.tgz";
url = "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-8.0.0.tgz";
sha1 = "78efb071ed1f6430553a9d6937d7bcfbae24cce8";
};
}
{ {
name = "meant___meant_1.0.1.tgz"; name = "meant___meant_1.0.1.tgz";
path = fetchurl { path = fetchurl {
@ -4905,14 +4825,6 @@
sha1 = "bb5b699ef7f9f0505092a3748be4464fe71b5819"; sha1 = "bb5b699ef7f9f0505092a3748be4464fe71b5819";
}; };
} }
{
name = "qs___qs_6.9.1.tgz";
path = fetchurl {
name = "qs___qs_6.9.1.tgz";
url = "https://registry.yarnpkg.com/qs/-/qs-6.9.1.tgz";
sha1 = "20082c65cb78223635ab1a9eaca8875a29bf8ec9";
};
}
{ {
name = "qs___qs_6.5.2.tgz"; name = "qs___qs_6.5.2.tgz";
path = fetchurl { path = fetchurl {
@ -5073,14 +4985,6 @@
sha1 = "8d45407b4f870a0dcaebc0e28670d18e74514309"; sha1 = "8d45407b4f870a0dcaebc0e28670d18e74514309";
}; };
} }
{
name = "regenerator_runtime___regenerator_runtime_0.13.5.tgz";
path = fetchurl {
name = "regenerator_runtime___regenerator_runtime_0.13.5.tgz";
url = "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.13.5.tgz";
sha1 = "d878a1d094b4306d10b9096484b33ebd55e26697";
};
}
{ {
name = "regexp.prototype.flags___regexp.prototype.flags_1.2.0.tgz"; name = "regexp.prototype.flags___regexp.prototype.flags_1.2.0.tgz";
path = fetchurl { path = fetchurl {
@ -6097,14 +6001,6 @@
sha1 = "f29cebf01df517912bb58ff9c4e50fde8e33320d"; sha1 = "f29cebf01df517912bb58ff9c4e50fde8e33320d";
}; };
} }
{
name = "unhomoglyph___unhomoglyph_1.0.3.tgz";
path = fetchurl {
name = "unhomoglyph___unhomoglyph_1.0.3.tgz";
url = "https://registry.yarnpkg.com/unhomoglyph/-/unhomoglyph-1.0.3.tgz";
sha1 = "8d3551622b57754e10a831bf81442d7f15d1ddfd";
};
}
{ {
name = "unique_filename___unique_filename_1.1.1.tgz"; name = "unique_filename___unique_filename_1.1.1.tgz";
path = fetchurl { path = fetchurl {

4
pkgs/applications/networking/instant-messengers/element/element-web.nix
View file

@ -12,11 +12,11 @@ let
in stdenv.mkDerivation rec { in stdenv.mkDerivation rec {
pname = "element-web"; pname = "element-web";
version = "1.7.2"; version = "1.7.3";
src = fetchurl { src = fetchurl {
url = "https://github.com/vector-im/riot-web/releases/download/v${version}/riot-v${version}.tar.gz"; url = "https://github.com/vector-im/riot-web/releases/download/v${version}/riot-v${version}.tar.gz";
sha256 = "0wjr5pd25c31f2w48amqvfmd720ih8hfr1rzd8mljvqb1fbakry3"; sha256 = "0vlh89kilnpg90kdxlikfak03zdwhwj754xskgb27jal0iaw0r8s";
}; };
installPhase = '' installPhase = ''

4
pkgs/applications/networking/instant-messengers/skypeforlinux/default.nix
View file

@ -7,7 +7,7 @@ let
# Please keep the version x.y.0.z and do not update to x.y.76.z because the # Please keep the version x.y.0.z and do not update to x.y.76.z because the
# source of the latter disappears much faster. # source of the latter disappears much faster.
version = "8.62.0.85"; version = "8.63.0.76";
rpath = stdenv.lib.makeLibraryPath [ rpath = stdenv.lib.makeLibraryPath [
alsaLib alsaLib
@ -65,7 +65,7 @@ let
"https://mirror.cs.uchicago.edu/skype/pool/main/s/skypeforlinux/skypeforlinux_${version}_amd64.deb" "https://mirror.cs.uchicago.edu/skype/pool/main/s/skypeforlinux/skypeforlinux_${version}_amd64.deb"
"https://web.archive.org/web/https://repo.skype.com/deb/pool/main/s/skypeforlinux/skypeforlinux_${version}_amd64.deb" "https://web.archive.org/web/https://repo.skype.com/deb/pool/main/s/skypeforlinux/skypeforlinux_${version}_amd64.deb"
]; ];
sha256 = "0qlm2hbshxgycczv227bbj2fbiw3b76rp24mh8amhq4xbscazl38"; sha256 = "0gmrk1giabr53imiwdflf6ykwpcj2q5zn3bynvrncnhivsbvaavy";
} }
else else
throw "Skype for linux is not supported on ${stdenv.hostPlatform.system}"; throw "Skype for linux is not supported on ${stdenv.hostPlatform.system}";

8
pkgs/applications/networking/instant-messengers/wire-desktop/default.nix
View file

@ -20,13 +20,13 @@ let
pname = "wire-desktop"; pname = "wire-desktop";
version = { version = {
x86_64-darwin = "3.18.3728"; x86_64-darwin = "3.19.3799";
x86_64-linux = "3.18.2925"; x86_64-linux = "3.19.2928";
}.${system} or throwSystem; }.${system} or throwSystem;
sha256 = { sha256 = {
x86_64-darwin = "0xi3k95yw59xsfavncc1giwxlwjz26z34qm3i604ksjjalvpzy5l"; x86_64-darwin = "1sv8n4g1pd4nwpwsg0m61zhrfjlh7sj29rnh46xjw1qg332g6cw9";
x86_64-linux = "01g39hncj1w0zyfrzv4mgv8npwvx0g0lw99azyai99877b30bm8j"; x86_64-linux = "038h1j59qfj5ckaxk823qpfflxay47v0jrqc0hmrdmnd2y59dpx7";
}.${system} or throwSystem; }.${system} or throwSystem;
meta = with stdenv.lib; { meta = with stdenv.lib; {

28
pkgs/applications/networking/p2p/gnunet-gtk/default.nix
View file

@ -1,28 +0,0 @@
{ stdenv, fetchgit, pkgconfig
, autoreconfHook, wrapGAppsHook
, libgcrypt, libextractor, libxml2
, gnome3, gnunet, gnutls, gtk3 }:
stdenv.mkDerivation rec {
pname = "gnunet-gtk";
version = "0.12.0";
src = fetchgit {
url = "https://git.gnunet.org/gnunet-gtk.git";
rev = "v${version}";
sha256 = "1ccasng1b4bj0kqhbfhiv0j1gnc4v2ka5f7wxvka3iwp90g7rax6";
};
nativeBuildInputs= [ autoreconfHook wrapGAppsHook pkgconfig ];
buildInputs = [ libgcrypt libextractor libxml2 gnunet gnome3.glade gnutls gtk3 ];
patchPhase = "patchShebangs pixmaps/icon-theme-installer";
meta = with stdenv.lib; {
description = "GNUnet GTK User Interface";
homepage = "https://git.gnunet.org/gnunet-gtk.git";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ pstn ];
platforms = platforms.gnu ++ platforms.linux;
};
}

10
pkgs/applications/networking/p2p/gnunet/default.nix
View file

@ -1,15 +1,15 @@
{ stdenv, fetchurl, adns, curl, gettext, gmp, gnutls, libextractor { stdenv, fetchurl, adns, curl, gettext, gmp, gnutls, libextractor
, libgcrypt, libgnurl, libidn, libmicrohttpd, libtool, libunistring , libgcrypt, libgnurl, libidn, libmicrohttpd, libtool, libunistring
, makeWrapper, ncurses, pkgconfig, libxml2, sqlite, zlib , makeWrapper, ncurses, pkgconfig, libxml2, sqlite, zlib
, libpulseaudio, libopus, libogg, jansson }: , libpulseaudio, libopus, libogg, jansson, libsodium }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "gnunet"; pname = "gnunet";
version = "0.12.2"; version = "0.13.1";
src = fetchurl { src = fetchurl {
url = "mirror://gnu/gnunet/${pname}-${version}.tar.gz"; url = "mirror://gnu/gnunet/${pname}-${version}.tar.gz";
sha256 = "1mwcy7fj1rpd39w7j7k3jdwlil5s889b2qlhfdggqmhigl28na5c"; sha256 = "15jnca5zxng7r6m3qzq9lr73xxq0v6mvcp0lny3zrlkz5s2nmmq3";
}; };
enableParallelBuilding = true; enableParallelBuilding = true;
@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig libtool makeWrapper ]; nativeBuildInputs = [ pkgconfig libtool makeWrapper ];
buildInputs = [ buildInputs = [
adns curl gmp gnutls libextractor libgcrypt libgnurl libidn adns curl gmp gnutls libextractor libgcrypt libgnurl libidn
libmicrohttpd libunistring libxml2 ncurses gettext libmicrohttpd libunistring libxml2 ncurses gettext libsodium
sqlite zlib libpulseaudio libopus libogg jansson sqlite zlib libpulseaudio libopus libogg jansson
]; ];
@ -66,7 +66,7 @@ stdenv.mkDerivation rec {
homepage = "https://gnunet.org/"; homepage = "https://gnunet.org/";
license = licenses.agpl3Plus; license = licenses.agpl3Plus;
maintainers = with maintainers; [ vrthra ]; maintainers = with maintainers; [ pstn vrthra ];
platforms = platforms.gnu ++ platforms.linux; platforms = platforms.gnu ++ platforms.linux;
}; };
} }

43
pkgs/applications/networking/p2p/gnunet/gtk.nix Normal file
View file

@ -0,0 +1,43 @@
{ stdenv, fetchurl
, gnome3
, gnunet
, gnutls
, gtk3
, libextractor
, libgcrypt
, libxml2
, pkg-config
, wrapGAppsHook
}:
stdenv.mkDerivation rec {
pname = "gnunet-gtk";
inherit (gnunet) version;
src = fetchurl {
url = "mirror://gnu/gnunet/${pname}-${version}.tar.gz";
sha256 = "1zdzgq16h77w6ybwg3lqjsjr965np6iqvncqvkbj07glqd4wss0j";
};
nativeBuildInputs= [
pkg-config
wrapGAppsHook
];
buildInputs = [
gnome3.glade
gnunet
gnutls
gtk3
libextractor
libgcrypt
libxml2
];
patchPhase = "patchShebangs pixmaps/icon-theme-installer";
meta = gnunet.meta // {
description = "GNUnet GTK User Interface";
homepage = "https://git.gnunet.org/gnunet-gtk.git";
};
}

31
pkgs/applications/office/gtg/default.nix
View file

@ -2,7 +2,6 @@
, fetchFromGitHub , fetchFromGitHub
, meson , meson
, python3Packages , python3Packages
, pkgconfig
, ninja , ninja
, gtk3 , gtk3
, wrapGAppsHook , wrapGAppsHook
@ -16,20 +15,21 @@
python3Packages.buildPythonApplication rec { python3Packages.buildPythonApplication rec {
pname = "gtg"; pname = "gtg";
version = "0.4"; version = "unstable-2020-08-02";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "getting-things-gnome"; owner = "getting-things-gnome";
repo = "gtg"; repo = "gtg";
rev = "6623731f301c1b9c7b727e009f4a6462ad381c68"; rev = "6623731f301c1b9c7b727e009f4a6462ad381c68";
sha256 = "14gxgg4nl0ki3dn913041jpyfhxsj90fkd55z6mmpyklhr8mwss1"; sha256 = "14gxgg4nl0ki3dn913041jpyfhxsj90fkd55z6mmpyklhr8mwss1";
}; };
nativeBuildInputs = [ nativeBuildInputs = [
meson meson
ninja ninja
pkgconfig itstool
gettext
wrapGAppsHook wrapGAppsHook
gobject-introspection gobject-introspection
]; ];
@ -37,8 +37,6 @@ python3Packages.buildPythonApplication rec {
buildInputs = [ buildInputs = [
glib glib
gtk3 gtk3
itstool
gettext
pango pango
gdk-pixbuf gdk-pixbuf
]; ];
@ -50,24 +48,21 @@ python3Packages.buildPythonApplication rec {
dbus-python dbus-python
gst-python gst-python
liblarch liblarch
pyxdg # can probably be removed after next release
]; ];
format = "other"; format = "other";
strictDeps = false; strictDeps = false; # gobject-introspection does not run with strictDeps (https://github.com/NixOS/nixpkgs/issues/56943)
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = " description = " A personal tasks and TODO-list items organizer.";
Getting Things GNOME! (GTG) is a personal tasks and TODO-list items organizer for the GNOME desktop environment and inspired by the ''Getting Things Done'' (GTD) methodology. longDescription = ''
"; "Getting Things GNOME" (GTG) is a personal tasks and ToDo list organizer inspired by the "Getting Things Done" (GTD) methodology.
longDescription = "
GTG is designed with flexibility, adaptability, and ease of use in mind so it can be used as more than just GTD software.
GTG is intended to help you track everything you need to do and need to know, from small tasks to large projects. GTG is intended to help you track everything you need to do and need to know, from small tasks to large projects.
"; '';
homepage = "https://wiki.gnome.org/Apps/GTG"; homepage = "https://wiki.gnome.org/Apps/GTG";
downloadPage = "https://github.com/getting-things-gnome/gtg/releases"; downloadPage = "https://github.com/getting-things-gnome/gtg/releases";
license = licenses.gpl3Only; license = licenses.gpl3Only;
maintainers = with maintainers; [ oyren ]; maintainers = with maintainers; [ oyren ];
platforms = [ "x86_64-linux" ]; platforms = platforms.linux;
}; };
} }

31
pkgs/applications/office/ledger/default.nix
View file

@ -1,37 +1,48 @@
{ stdenv, fetchFromGitHub, cmake, boost, gmp, mpfr, libedit, python { stdenv, lib, fetchFromGitHub, cmake, boost, gmp, mpfr, libedit, python
, texinfo, gnused, usePython ? true }: , texinfo, gnused, usePython ? true }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "ledger"; pname = "ledger";
version = "3.1.3"; version = "3.2.1";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "ledger"; owner = "ledger";
repo = "ledger"; repo = "ledger";
rev = "v${version}"; rev = "v${version}";
sha256 = "0bfnrqrd6wqgsngfpqi30xh6yy86pwl25iwzrqy44q31r0zl4mm3"; sha256 = "0x6jxwss3wwzbzlwmnwb8yzjk8f9wfawif4f1b74z2qg6hc4r7f6";
}; };
outputs = [ "out" "dev" ];
buildInputs = [ buildInputs = [
(boost.override { enablePython = usePython; }) (boost.override { enablePython = usePython; })
gmp mpfr libedit python texinfo gnused gmp mpfr libedit python gnused
]; ];
nativeBuildInputs = [ cmake ]; nativeBuildInputs = [ cmake texinfo ];
enableParallelBuilding = true; enableParallelBuilding = true;
cmakeFlags = [ cmakeFlags = [
"-DCMAKE_INSTALL_LIBDIR=lib" "-DCMAKE_INSTALL_LIBDIR=lib"
"-DBUILD_DOCS:BOOL=ON" "-DBUILD_DOCS:BOOL=ON"
(stdenv.lib.optionalString usePython "-DUSE_PYTHON=true") (lib.optionalString usePython "-DUSE_PYTHON=true")
]; ] ++ lib.optionals (usePython && stdenv.isDarwin) [
# Fix python lookup on Darwin. Not necessary after
# https://github.com/NixOS/nixpkgs/pull/94090 lands in master
"-DPython_ROOT_DIR=${python}"
];
postBuild = '' # by default, it will query the python interpreter for it's sitepackages location
make doc # however, that would write to a different nixstore path, pass our own sitePackages location
prePatch = lib.optionalString usePython ''
substituteInPlace src/CMakeLists.txt \
--replace 'DESTINATION ''${Python_SITEARCH}' 'DESTINATION "${python.sitePackages}"'
''; '';
meta = with stdenv.lib; { installTargets = [ "doc" "install" ];
meta = with lib; {
homepage = "https://ledger-cli.org/"; homepage = "https://ledger-cli.org/";
description = "A double-entry accounting system with a command-line reporting interface"; description = "A double-entry accounting system with a command-line reporting interface";
license = licenses.bsd3; license = licenses.bsd3;

4
pkgs/applications/science/chemistry/octopus/default.nix
View file

@ -6,13 +6,13 @@ assert (!blas.isILP64) && (!lapack.isILP64);
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "octopus"; pname = "octopus";
version = "9.2"; version = "10.0";
src = fetchFromGitLab { src = fetchFromGitLab {
owner = "octopus-code"; owner = "octopus-code";
repo = "octopus"; repo = "octopus";
rev = version; rev = version;
sha256 = "083z51sjv70asr04rv53wb9gf4396nblq1zl22qw7jdr28hji4is"; sha256 = "1c6q20y0x9aacwa7vp6gj3yvfzain7hnk6skxmvg3wazp02l91kn";
}; };
nativeBuildInputs = [ perl procps autoreconfHook ]; nativeBuildInputs = [ perl procps autoreconfHook ];

Some files were not shown because too many files have changed in this diff Show more