Project import generated by Copybara.

GitOrigin-RevId: c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38
This commit is contained in:
Default email 2020-08-20 19:08:02 +02:00
parent ab0f4b5863
commit 0eaa97ffad
2962 changed files with 66050 additions and 29917 deletions

View file

@ -43,15 +43,47 @@ indent_style = space
# Disable file types or individual files # Disable file types or individual files
# some of these files may be auto-generated and/or require significant changes # some of these files may be auto-generated and/or require significant changes
[*.{c,h}]
insert_final_newline = unset
trim_trailing_whitespace = unset
[*.{key,ovpn}]
insert_final_newline = unset
end_of_line = unset
[*.lock] [*.lock]
indent_size = unset indent_size = unset
[deps.nix]
insert_final_newline = unset
[gemset.nix] [gemset.nix]
insert_final_newline = unset insert_final_newline = unset
[node-packages.nix]
insert_final_newline = unset
[nixos/modules/services/networking/ircd-hybrid/*.{conf,in}]
trim_trailing_whitespace = unset
[nixos/tests/systemd-networkd-vrf.nix]
trim_trailing_whitespace = unset
[pkgs/applications/editors/emacs-modes/recipes-archive-melpa.json] [pkgs/applications/editors/emacs-modes/recipes-archive-melpa.json]
indent_size = unset indent_size = unset
[pkgs/build-support/dotnetenv/Wrapper/**]
end_of_line = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
[pkgs/build-support/upstream-updater/**]
trim_trailing_whitespace = unset
[pkgs/development/compilers/elm/registry.dat]
end_of_line = unset
insert_final_newline = unset
[pkgs/development/lisp-modules/quicklisp-to-nix.nix] [pkgs/development/lisp-modules/quicklisp-to-nix.nix]
indent_size = unset indent_size = unset

View file

@ -10,6 +10,12 @@
# This file # This file
/.github/CODEOWNERS @edolstra /.github/CODEOWNERS @edolstra
# GitHub actions
/.github/workflows @Mic92 @zowoq
# EditorConfig
/.editorconfig @Mic92 @zowoq
# Libraries # Libraries
/lib @edolstra @nbp @infinisil /lib @edolstra @nbp @infinisil
/lib/systems @nbp @ericson2314 @matthewbauer /lib/systems @nbp @ericson2314 @matthewbauer
@ -196,3 +202,8 @@
# Blockchains # Blockchains
/pkgs/applications/blockchains @mmahut /pkgs/applications/blockchains @mmahut
# Go
/pkgs/development/compilers/go @kalbasit @Mic92 @zowoq
/pkgs/development/go-modules @kalbasit @Mic92 @zowoq
/pkgs/development/go-packages @kalbasit @Mic92 @zowoq

View file

@ -12,6 +12,7 @@ result-*
.DS_Store .DS_Store
.mypy_cache .mypy_cache
__pycache__
/pkgs/development/libraries/qt-5/*/tmp/ /pkgs/development/libraries/qt-5/*/tmp/
/pkgs/desktops/kde-5/*/tmp/ /pkgs/desktops/kde-5/*/tmp/

View file

@ -1,4 +1,4 @@
MD_TARGETS=$(addsuffix .xml, $(basename $(wildcard ./*.md ./**/*.md))) MD_TARGETS=$(addsuffix .xml, $(basename $(shell find . -type f -regex '.*\.md$$')))
.PHONY: all .PHONY: all
all: validate format out/html/index.html out/epub/manual.epub all: validate format out/html/index.html out/epub/manual.epub

View file

@ -0,0 +1,94 @@
# Cataclysm: Dark Days Ahead
## How to install Cataclysm DDA
To install the latest stable release of Cataclysm DDA to your profile, execute
`nix-env -f "<nixpkgs>" -iA cataclysm-dda`. For the curses build (build
without tiles), install `cataclysmDDA.stable.curses`. Note: `cataclysm-dda` is
an alias to `cataclysmDDA.stable.tiles`.
If you like access to a development build of your favorite git revision,
override `cataclysm-dda-git` (or `cataclysmDDA.git.curses` if you like curses
build):
```nix
cataclysm-dda-git.override {
version = "YYYY-MM-DD";
rev = "YOUR_FAVORITE_REVISION";
sha256 = "CHECKSUM_OF_THE_REVISION";
}
```
The sha256 checksum can be obtained by
```sh
nix-prefetch-url --unpack "https://github.com/CleverRaven/Cataclysm-DDA/archive/${YOUR_FAVORITE_REVISION}.tar.gz"
```
The default configuration directory is `~/.cataclysm-dda`. If you prefer
`$XDG_CONFIG_HOME/cataclysm-dda`, override the derivation:
```nix
cataclysm-dda.override {
useXdgDir = true;
}
```
## Customizing with mods
To install Cataclysm DDA with mods of your choice, you can use `withMods`
attribute:
```nix
cataclysm-dda.withMods (mods: with mods; [
tileset.UndeadPeople
])
```
All mods, soundpacks, and tilesets available in nixpkgs are found in
`cataclysmDDA.pkgs`.
Here is an example to modify existing mods and/or add more mods not available
in nixpkgs:
```nix
let
customMods = self: super: lib.recursiveUpdate super {
# Modify existing mod
tileset.UndeadPeople = super.tileset.UndeadPeople.overrideAttrs (old: {
# If you like to apply a patch to the tileset for example
patches = [ ./path/to/your.patch ];
});
# Add another mod
mod.Awesome = cataclysmDDA.buildMod {
modName = "Awesome";
version = "0.x";
src = fetchFromGitHub {
owner = "Someone";
repo = "AwesomeMod";
rev = "...";
sha256 = "...";
};
# Path to be installed in the unpacked source (default: ".")
modRoot = "contents/under/this/path/will/be/installed";
};
# Add another soundpack
soundpack.Fantastic = cataclysmDDA.buildSoundPack {
# ditto
};
# Add another tileset
tileset.SuperDuper = cataclysmDDA.buildTileSet {
# ditto
};
};
in
cataclysm-dda.withMods (mods: with mods.extend customMods; [
tileset.UndeadPeople
mod.Awesome
soundpack.Fantastic
tileset.SuperDuper
])
```

View file

@ -18,6 +18,7 @@
<xi:include href="opengl.xml" /> <xi:include href="opengl.xml" />
<xi:include href="shell-helpers.xml" /> <xi:include href="shell-helpers.xml" />
<xi:include href="steam.xml" /> <xi:include href="steam.xml" />
<xi:include href="cataclysm-dda.section.xml" />
<xi:include href="urxvt.xml" /> <xi:include href="urxvt.xml" />
<xi:include href="weechat.xml" /> <xi:include href="weechat.xml" />
<xi:include href="xorg.xml" /> <xi:include href="xorg.xml" />

View file

@ -45,13 +45,7 @@
<title>How to play</title> <title>How to play</title>
<para> <para>
For 64-bit systems it's important to have Use <programlisting>programs.steam.enable = true;</programlisting> if you want to add steam to systemPackages and also enable a few workarrounds aswell as Steam controller support or other Steam supported controllers such as the DualShock 4 or Nintendo Switch Pr.
<programlisting>hardware.opengl.driSupport32Bit = true;</programlisting>
in your <filename>/etc/nixos/configuration.nix</filename>. You'll also need
<programlisting>hardware.pulseaudio.support32Bit = true;</programlisting>
if you are using PulseAudio - this will enable 32bit ALSA apps integration. To use the Steam controller or other Steam supported controllers such as the DualShock 4 or Nintendo Switch Pro, you need to add
<programlisting>hardware.steam-hardware.enable = true;</programlisting>
to your configuration.
</para> </para>
</section> </section>

View file

@ -191,6 +191,8 @@ androidenv.emulateApp {
} }
``` ```
Additional flags may be applied to the Android SDK's emulator through the runtime environment variable `$NIX_ANDROID_EMULATOR_FLAGS`.
It is also possible to specify an APK to deploy inside the emulator It is also possible to specify an APK to deploy inside the emulator
and the package and activity names to launch it: and the package and activity names to launch it:

View file

@ -182,4 +182,3 @@ Use `nix-shell -I nixpkgs=/some/dir/nixpkgs -A emscriptenPackages.libz` and from
Using this toolchain makes it easy to leverage `nix` from NixOS, MacOSX or even Windows (WSL+ubuntu+nix). This toolchain is reproducible, behaves like the rest of the packages from nixpkgs and contains a set of well working examples to learn and adapt from. Using this toolchain makes it easy to leverage `nix` from NixOS, MacOSX or even Windows (WSL+ubuntu+nix). This toolchain is reproducible, behaves like the rest of the packages from nixpkgs and contains a set of well working examples to learn and adapt from.
If in trouble, ask the maintainers. If in trouble, ask the maintainers.

View file

@ -40,6 +40,10 @@ pet = buildGoModule rec {
subPackages = [ "." ]; <co xml:id='ex-buildGoModule-2' /> subPackages = [ "." ]; <co xml:id='ex-buildGoModule-2' />
deleteVendor = true; <co xml:id='ex-buildGoModule-3' />
runVend = true; <co xml:id='ex-buildGoModule-4' />
meta = with lib; { meta = with lib; {
description = "Simple command-line snippet manager, written in Go"; description = "Simple command-line snippet manager, written in Go";
homepage = "https://github.com/knqyf263/pet"; homepage = "https://github.com/knqyf263/pet";
@ -64,6 +68,16 @@ pet = buildGoModule rec {
<varname>subPackages</varname> limits the builder from building child packages that have not been listed. If <varname>subPackages</varname> is not specified, all child packages will be built. <varname>subPackages</varname> limits the builder from building child packages that have not been listed. If <varname>subPackages</varname> is not specified, all child packages will be built.
</para> </para>
</callout> </callout>
<callout arearefs='ex-buildGoModule-3'>
<para>
<varname>deleteVendor</varname> removes the pre-existing vendor directory and fetches the dependencies. This should only be used if the dependencies included in the vendor folder are broken or incomplete.
</para>
</callout>
<callout arearefs='ex-buildGoModule-4'>
<para>
<varname>runVend</varname> runs the vend command to generate the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build.
</para>
</callout>
</calloutlist> </calloutlist>
</para> </para>

View file

@ -538,8 +538,123 @@ buildPythonPackage rec {
``` ```
Note also the line `doCheck = false;`, we explicitly disabled running the test-suite. Note also the line `doCheck = false;`, we explicitly disabled running the test-suite.
#### Testing Python Packages
#### Develop local package It is highly encouraged to have testing as part of the package build. This
helps to avoid situations where the package was able to build and install,
but is not usable at runtime. Currently, all packages will use the `test`
command provided by the setup.py (i.e. `python setup.py test`). However,
this is currently deprecated https://github.com/pypa/setuptools/pull/1878
and your package should provide its own checkPhase.
*NOTE:* The `checkPhase` for python maps to the `installCheckPhase` on a
normal derivation. This is due to many python packages not behaving well
to the pre-installed version of the package. Version info, and natively
compiled extensions generally only exist in the install directory, and
thus can cause issues when a test suite asserts on that behavior.
*NOTE:* Tests should only be disabled if they don't agree with nix
(e.g. external dependencies, network access, flakey tests), however,
as many tests should be enabled as possible. Failing tests can still be
a good indication that the package is not in a valid state.
#### Using pytest
Pytest is the most common test runner for python repositories. A trivial
test run would be:
```
checkInputs = [ pytest ];
checkPhase = "pytest";
```
However, many repositories' test suites do not translate well to nix's build
sandbox, and will generally need many tests to be disabled.
To filter tests using pytest, one can do the following:
```
checkInputs = [ pytest ];
# avoid tests which need additional data or touch network
checkPhase = ''
pytest tests/ --ignore=tests/integration -k 'not download and not update'
'';
```
`--ignore` will tell pytest to ignore that file or directory from being
collected as part of a test run. This is useful is a file uses a package
which is not available in nixpkgs, thus skipping that test file is much
easier than having to create a new package.
`-k` is used to define a predicate for test names. In this example, we are
filtering out tests which contain `download` or `update` in their test case name.
Only one `-k` argument is allows, and thus a long predicate should be concatenated
with "\" and wrapped to the next line.
*NOTE:* In pytest==6.0.1, the use of "\" to continue a line (e.g. `-k 'not download \'`) has
been removed, in this case, it's recommended to use `pytestCheckHook`.
#### Using pytestCheckHook
`pytestCheckHook` is a convenient hook which will substitute the setuptools
`test` command for a checkPhase which runs `pytest`. This is also beneficial
when a package may need many items disabled to run the test suite.
Using the example above, the analagous pytestCheckHook usage would be:
```
checkInputs = [ pytestCheckHook ];
# requires additional data
pytestFlagsArray = [ "tests/" "--ignore=tests/integration" ];
disabledTests = [
# touches network
"download"
"update"
];
```
This is expecially useful when tests need to be conditionallydisabled,
for example:
```
disabledTests = [
# touches network
"download"
"update"
] ++ lib.optionals (pythonAtLeast "3.8") [
# broken due to python3.8 async changes
"async"
] ++ lib.optionals stdenv.isDarwin [
# can fail when building with other packages
"socket"
];
```
Trying to concatenate the related strings to disable tests in a regular checkPhase
would be much harder to read. This also enables us to comment on why specific tests
are disabled.
#### Using pythonImportsCheck
Although unit tests are highly prefered to valid correctness of a package. Not
all packages have test suites that can be ran easily, and some have none at all.
To help ensure the package still works, `pythonImportsCheck` can attempt to import
the listed modules.
```
pythonImportsCheck = [ "requests" "urllib" ];
```
roughly translates to:
```
postCheck = ''
PYTHONPATH=$out/${python.sitePackages}:$PYTHONPATH
python -c "import requests; import urllib"
'';
```
However, this is done in it's own phase, and not dependent on whether `doCheck = true;`
This can also be useful in verifying that the package doesn't assume commonly
present packages (e.g. `setuptools`)
### Develop local package
As a Python developer you're likely aware of [development mode](http://setuptools.readthedocs.io/en/latest/setuptools.html#development-mode) As a Python developer you're likely aware of [development mode](http://setuptools.readthedocs.io/en/latest/setuptools.html#development-mode)
(`python setup.py develop`); instead of installing the package this command (`python setup.py develop`); instead of installing the package this command
@ -640,8 +755,8 @@ and in this case the `python38` interpreter is automatically used.
### Interpreters ### Interpreters
Versions 2.7, 3.5, 3.6, 3.7 and 3.8 of the CPython interpreter are available as Versions 2.7, 3.6, 3.7 and 3.8 of the CPython interpreter are available as
respectively `python27`, `python35`, `python36`, `python37` and `python38`. The respectively `python27`, `python36`, `python37` and `python38`. The
aliases `python2` and `python3` correspond to respectively `python27` and aliases `python2` and `python3` correspond to respectively `python27` and
`python38`. The default interpreter, `python`, maps to `python2`. The PyPy `python38`. The default interpreter, `python`, maps to `python2`. The PyPy
interpreters compatible with Python 2.7 and 3 are available as `pypy27` and interpreters compatible with Python 2.7 and 3 are available as `pypy27` and
@ -689,15 +804,16 @@ attribute set is created for each available Python interpreter. The available
sets are sets are
* `pkgs.python27Packages` * `pkgs.python27Packages`
* `pkgs.python35Packages`
* `pkgs.python36Packages` * `pkgs.python36Packages`
* `pkgs.python37Packages` * `pkgs.python37Packages`
* `pkgs.python38Packages`
* `pkgs.python39Packages`
* `pkgs.pypyPackages` * `pkgs.pypyPackages`
and the aliases and the aliases
* `pkgs.python2Packages` pointing to `pkgs.python27Packages` * `pkgs.python2Packages` pointing to `pkgs.python27Packages`
* `pkgs.python3Packages` pointing to `pkgs.python37Packages` * `pkgs.python3Packages` pointing to `pkgs.python38Packages`
* `pkgs.pythonPackages` pointing to `pkgs.python2Packages` * `pkgs.pythonPackages` pointing to `pkgs.python2Packages`
#### `buildPythonPackage` function #### `buildPythonPackage` function
@ -1016,7 +1132,7 @@ are used in `buildPythonPackage`.
- `pipBuildHook` to build a wheel using `pip` and PEP 517. Note a build system - `pipBuildHook` to build a wheel using `pip` and PEP 517. Note a build system
(e.g. `setuptools` or `flit`) should still be added as `nativeBuildInput`. (e.g. `setuptools` or `flit`) should still be added as `nativeBuildInput`.
- `pipInstallHook` to install wheels. - `pipInstallHook` to install wheels.
- `pytestCheckHook` to run tests with `pytest`. - `pytestCheckHook` to run tests with `pytest`. See [example usage](#using-pytestcheckhook).
- `pythonCatchConflictsHook` to check whether a Python package is not already existing. - `pythonCatchConflictsHook` to check whether a Python package is not already existing.
- `pythonImportsCheckHook` to check whether importing the listed modules works. - `pythonImportsCheckHook` to check whether importing the listed modules works.
- `pythonRemoveBinBytecode` to remove bytecode from the `/bin` folder. - `pythonRemoveBinBytecode` to remove bytecode from the `/bin` folder.

View file

@ -43,7 +43,6 @@ rustPlatform.buildRustPackage rec {
homepage = "https://github.com/BurntSushi/ripgrep"; homepage = "https://github.com/BurntSushi/ripgrep";
license = licenses.unlicense; license = licenses.unlicense;
maintainers = [ maintainers.tailhook ]; maintainers = [ maintainers.tailhook ];
platforms = platforms.all;
}; };
} }
``` ```

View file

@ -254,7 +254,7 @@ let f(h, h + 1, i) = i + h
<variablelist> <variablelist>
<title>Variables specifying dependencies</title> <title>Variables specifying dependencies</title>
<varlistentry> <varlistentry xml:id="var-stdenv-depsBuildBuild">
<term> <term>
<varname>depsBuildBuild</varname> <varname>depsBuildBuild</varname>
</term> </term>
@ -267,7 +267,7 @@ let f(h, h + 1, i) = i + h
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-nativeBuildInputs">
<term> <term>
<varname>nativeBuildInputs</varname> <varname>nativeBuildInputs</varname>
</term> </term>
@ -280,7 +280,7 @@ let f(h, h + 1, i) = i + h
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-depsBuildTarget">
<term> <term>
<varname>depsBuildTarget</varname> <varname>depsBuildTarget</varname>
</term> </term>
@ -296,7 +296,7 @@ let f(h, h + 1, i) = i + h
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-depsHostHost">
<term> <term>
<varname>depsHostHost</varname> <varname>depsHostHost</varname>
</term> </term>
@ -306,7 +306,7 @@ let f(h, h + 1, i) = i + h
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-buildInputs">
<term> <term>
<varname>buildInputs</varname> <varname>buildInputs</varname>
</term> </term>
@ -319,7 +319,7 @@ let f(h, h + 1, i) = i + h
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-depsTargetTarget">
<term> <term>
<varname>depsTargetTarget</varname> <varname>depsTargetTarget</varname>
</term> </term>
@ -329,7 +329,7 @@ let f(h, h + 1, i) = i + h
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-depsBuildBuildPropagated">
<term> <term>
<varname>depsBuildBuildPropagated</varname> <varname>depsBuildBuildPropagated</varname>
</term> </term>
@ -339,7 +339,7 @@ let f(h, h + 1, i) = i + h
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-propagatedNativeBuildInputs">
<term> <term>
<varname>propagatedNativeBuildInputs</varname> <varname>propagatedNativeBuildInputs</varname>
</term> </term>
@ -349,7 +349,7 @@ let f(h, h + 1, i) = i + h
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-depsBuildTargetPropagated">
<term> <term>
<varname>depsBuildTargetPropagated</varname> <varname>depsBuildTargetPropagated</varname>
</term> </term>
@ -359,7 +359,7 @@ let f(h, h + 1, i) = i + h
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-depsHostHostPropagated">
<term> <term>
<varname>depsHostHostPropagated</varname> <varname>depsHostHostPropagated</varname>
</term> </term>
@ -369,7 +369,7 @@ let f(h, h + 1, i) = i + h
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-propagatedBuildInputs">
<term> <term>
<varname>propagatedBuildInputs</varname> <varname>propagatedBuildInputs</varname>
</term> </term>
@ -379,7 +379,7 @@ let f(h, h + 1, i) = i + h
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-depsTargetTargetPropagated">
<term> <term>
<varname>depsTargetTargetPropagated</varname> <varname>depsTargetTargetPropagated</varname>
</term> </term>
@ -396,7 +396,7 @@ let f(h, h + 1, i) = i + h
<variablelist> <variablelist>
<title>Variables affecting <literal>stdenv</literal> initialisation</title> <title>Variables affecting <literal>stdenv</literal> initialisation</title>
<varlistentry> <varlistentry xml:id="var-stdenv-NIX_DEBUG">
<term> <term>
<varname>NIX_DEBUG</varname> <varname>NIX_DEBUG</varname>
</term> </term>
@ -410,7 +410,7 @@ let f(h, h + 1, i) = i + h
<variablelist> <variablelist>
<title>Attributes affecting build properties</title> <title>Attributes affecting build properties</title>
<varlistentry> <varlistentry xml:id="var-stdenv-enableParallelBuilding">
<term> <term>
<varname>enableParallelBuilding</varname> <varname>enableParallelBuilding</varname>
</term> </term>
@ -427,7 +427,7 @@ let f(h, h + 1, i) = i + h
<variablelist> <variablelist>
<title>Special variables</title> <title>Special variables</title>
<varlistentry> <varlistentry xml:id="var-stdenv-passthru">
<term> <term>
<varname>passthru</varname> <varname>passthru</varname>
</term> </term>
@ -504,7 +504,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
There are a number of variables that control what phases are executed and in what order: There are a number of variables that control what phases are executed and in what order:
<variablelist> <variablelist>
<title>Variables affecting phase control</title> <title>Variables affecting phase control</title>
<varlistentry> <varlistentry xml:id="var-stdenv-phases">
<term> <term>
<varname>phases</varname> <varname>phases</varname>
</term> </term>
@ -517,7 +517,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-prePhases">
<term> <term>
<varname>prePhases</varname> <varname>prePhases</varname>
</term> </term>
@ -527,7 +527,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preConfigurePhases">
<term> <term>
<varname>preConfigurePhases</varname> <varname>preConfigurePhases</varname>
</term> </term>
@ -537,7 +537,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preBuildPhases">
<term> <term>
<varname>preBuildPhases</varname> <varname>preBuildPhases</varname>
</term> </term>
@ -547,7 +547,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preInstallPhases">
<term> <term>
<varname>preInstallPhases</varname> <varname>preInstallPhases</varname>
</term> </term>
@ -557,7 +557,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preFixupPhases">
<term> <term>
<varname>preFixupPhases</varname> <varname>preFixupPhases</varname>
</term> </term>
@ -567,7 +567,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preDistPhases">
<term> <term>
<varname>preDistPhases</varname> <varname>preDistPhases</varname>
</term> </term>
@ -577,7 +577,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-postPhases">
<term> <term>
<varname>postPhases</varname> <varname>postPhases</varname>
</term> </term>
@ -635,7 +635,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
<variablelist> <variablelist>
<title>Variables controlling the unpack phase</title> <title>Variables controlling the unpack phase</title>
<varlistentry> <varlistentry xml:id="var-stdenv-src">
<term> <term>
<varname>srcs</varname> / <varname>src</varname> <varname>srcs</varname> / <varname>src</varname>
</term> </term>
@ -645,7 +645,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-sourceRoot">
<term> <term>
<varname>sourceRoot</varname> <varname>sourceRoot</varname>
</term> </term>
@ -655,7 +655,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-setSourceRoot">
<term> <term>
<varname>setSourceRoot</varname> <varname>setSourceRoot</varname>
</term> </term>
@ -665,7 +665,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preUnpack">
<term> <term>
<varname>preUnpack</varname> <varname>preUnpack</varname>
</term> </term>
@ -675,7 +675,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-postUnpack">
<term> <term>
<varname>postUnpack</varname> <varname>postUnpack</varname>
</term> </term>
@ -685,7 +685,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontUnpack">
<term> <term>
<varname>dontUnpack</varname> <varname>dontUnpack</varname>
</term> </term>
@ -695,7 +695,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontMakeSourcesWritable">
<term> <term>
<varname>dontMakeSourcesWritable</varname> <varname>dontMakeSourcesWritable</varname>
</term> </term>
@ -705,7 +705,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-unpackCmd">
<term> <term>
<varname>unpackCmd</varname> <varname>unpackCmd</varname>
</term> </term>
@ -727,7 +727,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
<variablelist> <variablelist>
<title>Variables controlling the patch phase</title> <title>Variables controlling the patch phase</title>
<varlistentry> <varlistentry xml:id="var-stdenv-dontPatch">
<term> <term>
<varname>dontPatch</varname> <varname>dontPatch</varname>
</term> </term>
@ -737,7 +737,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-patches">
<term> <term>
<varname>patches</varname> <varname>patches</varname>
</term> </term>
@ -747,7 +747,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-patchFlags">
<term> <term>
<varname>patchFlags</varname> <varname>patchFlags</varname>
</term> </term>
@ -757,7 +757,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-prePatch">
<term> <term>
<varname>prePatch</varname> <varname>prePatch</varname>
</term> </term>
@ -767,7 +767,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-postPatch">
<term> <term>
<varname>postPatch</varname> <varname>postPatch</varname>
</term> </term>
@ -789,7 +789,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
<variablelist> <variablelist>
<title>Variables controlling the configure phase</title> <title>Variables controlling the configure phase</title>
<varlistentry> <varlistentry xml:id="var-stdenv-configureScript">
<term> <term>
<varname>configureScript</varname> <varname>configureScript</varname>
</term> </term>
@ -799,7 +799,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-configureFlags">
<term> <term>
<varname>configureFlags</varname> <varname>configureFlags</varname>
</term> </term>
@ -809,7 +809,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontConfigure">
<term> <term>
<varname>dontConfigure</varname> <varname>dontConfigure</varname>
</term> </term>
@ -819,7 +819,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-configureFlagsArray">
<term> <term>
<varname>configureFlagsArray</varname> <varname>configureFlagsArray</varname>
</term> </term>
@ -829,7 +829,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontAddPrefix">
<term> <term>
<varname>dontAddPrefix</varname> <varname>dontAddPrefix</varname>
</term> </term>
@ -839,7 +839,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-prefix">
<term> <term>
<varname>prefix</varname> <varname>prefix</varname>
</term> </term>
@ -849,7 +849,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-prefixKey">
<term> <term>
<varname>prefixKey</varname> <varname>prefixKey</varname>
</term> </term>
@ -859,7 +859,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontAddDisableDepTrack">
<term> <term>
<varname>dontAddDisableDepTrack</varname> <varname>dontAddDisableDepTrack</varname>
</term> </term>
@ -869,7 +869,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontFixLibtool">
<term> <term>
<varname>dontFixLibtool</varname> <varname>dontFixLibtool</varname>
</term> </term>
@ -885,7 +885,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontDisableStatic">
<term> <term>
<varname>dontDisableStatic</varname> <varname>dontDisableStatic</varname>
</term> </term>
@ -898,7 +898,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-configurePlatforms">
<term> <term>
<varname>configurePlatforms</varname> <varname>configurePlatforms</varname>
</term> </term>
@ -913,7 +913,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preConfigure">
<term> <term>
<varname>preConfigure</varname> <varname>preConfigure</varname>
</term> </term>
@ -923,7 +923,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-postConfigure">
<term> <term>
<varname>postConfigure</varname> <varname>postConfigure</varname>
</term> </term>
@ -945,7 +945,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
<variablelist> <variablelist>
<title>Variables controlling the build phase</title> <title>Variables controlling the build phase</title>
<varlistentry> <varlistentry xml:id="var-stdenv-dontBuild">
<term> <term>
<varname>dontBuild</varname> <varname>dontBuild</varname>
</term> </term>
@ -955,7 +955,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-makefile">
<term> <term>
<varname>makefile</varname> <varname>makefile</varname>
</term> </term>
@ -965,7 +965,7 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-makeFlags">
<term> <term>
<varname>makeFlags</varname> <varname>makeFlags</varname>
</term> </term>
@ -983,7 +983,7 @@ makeFlags = [ "PREFIX=$(out)" ];
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-makeFlagsArray">
<term> <term>
<varname>makeFlagsArray</varname> <varname>makeFlagsArray</varname>
</term> </term>
@ -999,7 +999,7 @@ preBuild = ''
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-buildFlags">
<term> <term>
<varname>buildFlags</varname> / <varname>buildFlagsArray</varname> <varname>buildFlags</varname> / <varname>buildFlagsArray</varname>
</term> </term>
@ -1009,7 +1009,7 @@ preBuild = ''
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preBuild">
<term> <term>
<varname>preBuild</varname> <varname>preBuild</varname>
</term> </term>
@ -1019,7 +1019,7 @@ preBuild = ''
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-postBuild">
<term> <term>
<varname>postBuild</varname> <varname>postBuild</varname>
</term> </term>
@ -1049,7 +1049,7 @@ preBuild = ''
<variablelist> <variablelist>
<title>Variables controlling the check phase</title> <title>Variables controlling the check phase</title>
<varlistentry> <varlistentry xml:id="var-stdenv-doCheck">
<term> <term>
<varname>doCheck</varname> <varname>doCheck</varname>
</term> </term>
@ -1067,11 +1067,11 @@ preBuild = ''
</term> </term>
<listitem> <listitem>
<para> <para>
See the build phase for details. See the <link xlink:href="#var-stdenv-makeFlags">build phase</link> for details.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-checkTarget">
<term> <term>
<varname>checkTarget</varname> <varname>checkTarget</varname>
</term> </term>
@ -1081,7 +1081,7 @@ preBuild = ''
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-checkFlags">
<term> <term>
<varname>checkFlags</varname> / <varname>checkFlagsArray</varname> <varname>checkFlags</varname> / <varname>checkFlagsArray</varname>
</term> </term>
@ -1091,7 +1091,7 @@ preBuild = ''
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-checkInputs">
<term> <term>
<varname>checkInputs</varname> <varname>checkInputs</varname>
</term> </term>
@ -1101,7 +1101,7 @@ preBuild = ''
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preCheck">
<term> <term>
<varname>preCheck</varname> <varname>preCheck</varname>
</term> </term>
@ -1111,7 +1111,7 @@ preBuild = ''
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-postCheck">
<term> <term>
<varname>postCheck</varname> <varname>postCheck</varname>
</term> </term>
@ -1133,7 +1133,7 @@ preBuild = ''
<variablelist> <variablelist>
<title>Variables controlling the install phase</title> <title>Variables controlling the install phase</title>
<varlistentry> <varlistentry xml:id="var-stdenv-dontInstall">
<term> <term>
<varname>dontInstall</varname> <varname>dontInstall</varname>
</term> </term>
@ -1149,11 +1149,11 @@ preBuild = ''
</term> </term>
<listitem> <listitem>
<para> <para>
See the build phase for details. See the <link xlink:href="#var-stdenv-makeFlags">build phase</link> for details.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-installTargets">
<term> <term>
<varname>installTargets</varname> <varname>installTargets</varname>
</term> </term>
@ -1165,7 +1165,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-installFlags">
<term> <term>
<varname>installFlags</varname> / <varname>installFlagsArray</varname> <varname>installFlags</varname> / <varname>installFlagsArray</varname>
</term> </term>
@ -1175,7 +1175,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preInstall">
<term> <term>
<varname>preInstall</varname> <varname>preInstall</varname>
</term> </term>
@ -1185,7 +1185,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-postInstall">
<term> <term>
<varname>postInstall</varname> <varname>postInstall</varname>
</term> </term>
@ -1229,7 +1229,7 @@ installTargets = "install-bin install-doc";</programlisting>
<variablelist> <variablelist>
<title>Variables controlling the fixup phase</title> <title>Variables controlling the fixup phase</title>
<varlistentry> <varlistentry xml:id="var-stdenv-dontFixup">
<term> <term>
<varname>dontFixup</varname> <varname>dontFixup</varname>
</term> </term>
@ -1239,7 +1239,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontStrip">
<term> <term>
<varname>dontStrip</varname> <varname>dontStrip</varname>
</term> </term>
@ -1249,7 +1249,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontStripHost">
<term> <term>
<varname>dontStripHost</varname> <varname>dontStripHost</varname>
</term> </term>
@ -1259,7 +1259,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontStripTarget">
<term> <term>
<varname>dontStripTarget</varname> <varname>dontStripTarget</varname>
</term> </term>
@ -1269,7 +1269,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontMoveSbin">
<term> <term>
<varname>dontMoveSbin</varname> <varname>dontMoveSbin</varname>
</term> </term>
@ -1279,7 +1279,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-stripAllList">
<term> <term>
<varname>stripAllList</varname> <varname>stripAllList</varname>
</term> </term>
@ -1289,7 +1289,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-stripAllFlags">
<term> <term>
<varname>stripAllFlags</varname> <varname>stripAllFlags</varname>
</term> </term>
@ -1299,7 +1299,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-stripDebugList">
<term> <term>
<varname>stripDebugList</varname> <varname>stripDebugList</varname>
</term> </term>
@ -1309,7 +1309,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-stripDebugFlags">
<term> <term>
<varname>stripDebugFlags</varname> <varname>stripDebugFlags</varname>
</term> </term>
@ -1319,7 +1319,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontPatchELF">
<term> <term>
<varname>dontPatchELF</varname> <varname>dontPatchELF</varname>
</term> </term>
@ -1329,7 +1329,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontPatchShebangs">
<term> <term>
<varname>dontPatchShebangs</varname> <varname>dontPatchShebangs</varname>
</term> </term>
@ -1339,7 +1339,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontPruneLibtoolFiles">
<term> <term>
<varname>dontPruneLibtoolFiles</varname> <varname>dontPruneLibtoolFiles</varname>
</term> </term>
@ -1349,7 +1349,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-forceShare">
<term> <term>
<varname>forceShare</varname> <varname>forceShare</varname>
</term> </term>
@ -1359,7 +1359,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-setupHook">
<term> <term>
<varname>setupHook</varname> <varname>setupHook</varname>
</term> </term>
@ -1370,7 +1370,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preFixup">
<term> <term>
<varname>preFixup</varname> <varname>preFixup</varname>
</term> </term>
@ -1380,7 +1380,7 @@ installTargets = "install-bin install-doc";</programlisting>
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-postFixup">
<term> <term>
<varname>postFixup</varname> <varname>postFixup</varname>
</term> </term>
@ -1419,7 +1419,7 @@ set debug-file-directory ~/.nix-profile/lib/debug
<variablelist> <variablelist>
<title>Variables controlling the installCheck phase</title> <title>Variables controlling the installCheck phase</title>
<varlistentry> <varlistentry xml:id="var-stdenv-doInstallCheck">
<term> <term>
<varname>doInstallCheck</varname> <varname>doInstallCheck</varname>
</term> </term>
@ -1431,7 +1431,7 @@ set debug-file-directory ~/.nix-profile/lib/debug
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-installCheckTarget">
<term> <term>
<varname>installCheckTarget</varname> <varname>installCheckTarget</varname>
</term> </term>
@ -1441,7 +1441,7 @@ set debug-file-directory ~/.nix-profile/lib/debug
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-installCheckFlags">
<term> <term>
<varname>installCheckFlags</varname> / <varname>installCheckFlagsArray</varname> <varname>installCheckFlags</varname> / <varname>installCheckFlagsArray</varname>
</term> </term>
@ -1451,7 +1451,7 @@ set debug-file-directory ~/.nix-profile/lib/debug
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-installCheckInputs">
<term> <term>
<varname>installCheckInputs</varname> <varname>installCheckInputs</varname>
</term> </term>
@ -1461,7 +1461,7 @@ set debug-file-directory ~/.nix-profile/lib/debug
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preInstallCheck">
<term> <term>
<varname>preInstallCheck</varname> <varname>preInstallCheck</varname>
</term> </term>
@ -1471,7 +1471,7 @@ set debug-file-directory ~/.nix-profile/lib/debug
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-postInstallCheck">
<term> <term>
<varname>postInstallCheck</varname> <varname>postInstallCheck</varname>
</term> </term>
@ -1493,7 +1493,7 @@ set debug-file-directory ~/.nix-profile/lib/debug
<variablelist> <variablelist>
<title>Variables controlling the distribution phase</title> <title>Variables controlling the distribution phase</title>
<varlistentry> <varlistentry xml:id="var-stdenv-distTarget">
<term> <term>
<varname>distTarget</varname> <varname>distTarget</varname>
</term> </term>
@ -1503,7 +1503,7 @@ set debug-file-directory ~/.nix-profile/lib/debug
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-distFlags">
<term> <term>
<varname>distFlags</varname> / <varname>distFlagsArray</varname> <varname>distFlags</varname> / <varname>distFlagsArray</varname>
</term> </term>
@ -1513,7 +1513,7 @@ set debug-file-directory ~/.nix-profile/lib/debug
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-tarballs">
<term> <term>
<varname>tarballs</varname> <varname>tarballs</varname>
</term> </term>
@ -1523,7 +1523,7 @@ set debug-file-directory ~/.nix-profile/lib/debug
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-dontCopyDist">
<term> <term>
<varname>dontCopyDist</varname> <varname>dontCopyDist</varname>
</term> </term>
@ -1533,7 +1533,7 @@ set debug-file-directory ~/.nix-profile/lib/debug
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-preDist">
<term> <term>
<varname>preDist</varname> <varname>preDist</varname>
</term> </term>
@ -1543,7 +1543,7 @@ set debug-file-directory ~/.nix-profile/lib/debug
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry xml:id="var-stdenv-postDist">
<term> <term>
<varname>postDist</varname> <varname>postDist</varname>
</term> </term>

View file

@ -178,26 +178,40 @@ self: super:
<para> <para>
<link <link
xlink:href="https://software.intel.com/en-us/mkl">Intel xlink:href="https://software.intel.com/en-us/mkl">Intel
MKL</link> (only works on x86 architecture, unfree) MKL</link> (only works on the x86_64 architecture, unfree)
</para> </para>
<para> <para>
The Nixpkgs attribute is <literal>mkl</literal>. The Nixpkgs attribute is <literal>mkl</literal>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<link
xlink:href="https://developer.amd.com/amd-aocl/blas-library/">AMD
BLIS/LIBFLAME</link> (optimized for modern AMD x86_64 CPUs)
</para>
<para>
The AMD BLIS library, with attribute <literal>amd-blis</literal>,
provides a BLAS implementation. The complementary AMD LIBFLAME
library, with attribute <literal>amd-libflame</literal>, provides
a LAPACK implementation.
</para>
</listitem>
</itemizedlist> </itemizedlist>
<para> <para>
Introduced in <link Introduced in <link
xlink:href="https://github.com/NixOS/nixpkgs/pull/83888">PR xlink:href="https://github.com/NixOS/nixpkgs/pull/83888">PR
#83888</link>, we are able to override the blas and lapack #83888</link>, we are able to override the <literal>blas</literal>
packages to use different implementations, through the and <literal>lapack</literal> packages to use different implementations,
blasProvider and lapackProvider argument. This can be used through the <literal>blasProvider</literal> and
<literal>lapackProvider</literal> argument. This can be used
to select a different provider. BLAS providers will have to select a different provider. BLAS providers will have
symlinks in <literal>$out/lib/libblas.so.3</literal> and symlinks in <literal>$out/lib/libblas.so.3</literal> and
<literal>$out/lib/libcblas.so.3</literal> to their respective <literal>$out/lib/libcblas.so.3</literal> to their respective
BLAS libraries. Likewise, LAPACK providers will have symlinks BLAS libraries. Likewise, LAPACK providers will have symlinks
in <literal>$out/lib/liblapack.so.3</literal> and in <literal>$out/lib/liblapack.so.3</literal> and
<literal>$out/lib/liblapacke.so.3</literal> to their respective <literal>$out/lib/liblapacke.so.3</literal> to their respective
LAPCK libraries. For example, Intel MKL is both a BLAS and LAPACK libraries. For example, Intel MKL is both a BLAS and
LAPACK provider. An overlay can be created to use Intel MKL LAPACK provider. An overlay can be created to use Intel MKL
that looks like: that looks like:
</para> </para>
@ -216,8 +230,9 @@ self: super:
<para> <para>
This overlay uses Intels MKL library for both BLAS and LAPACK This overlay uses Intels MKL library for both BLAS and LAPACK
interfaces. Note that the same can be accomplished at runtime interfaces. Note that the same can be accomplished at runtime
using <literal>LD_LIBRARY_PATH</literal> of libblas.so.3 and using <literal>LD_LIBRARY_PATH</literal> of
liblapack.so.3. For instance: <literal>libblas.so.3</literal> and
<literal>liblapack.so.3</literal>. For instance:
</para> </para>
<programlisting> <programlisting>
$ LD_LIBRARY_PATH=$(nix-build -A mkl)/lib:$LD_LIBRARY_PATH nix-shell -p octave --run octave $ LD_LIBRARY_PATH=$(nix-build -A mkl)/lib:$LD_LIBRARY_PATH nix-shell -p octave --run octave

View file

@ -12,23 +12,30 @@
lib = import ./lib; lib = import ./lib;
systems = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-linux" ]; systems = [
"x86_64-linux"
"i686-linux"
"x86_64-darwin"
"aarch64-linux"
"armv6l-linux"
"armv7l-linux"
];
forAllSystems = f: lib.genAttrs systems (system: f system); forAllSystems = f: lib.genAttrs systems (system: f system);
in in
{ {
lib = lib // { lib = lib.extend (final: prev: {
nixosSystem = { modules, ... } @ args: nixosSystem = { modules, ... } @ args:
import ./nixos/lib/eval-config.nix (args // { import ./nixos/lib/eval-config.nix (args // {
modules = modules ++ modules = modules ++
[ { system.nixos.versionSuffix = [ { system.nixos.versionSuffix =
".${lib.substring 0 8 (self.lastModifiedDate or self.lastModified)}.${self.shortRev or "dirty"}"; ".${final.substring 0 8 (self.lastModifiedDate or self.lastModified)}.${self.shortRev or "dirty"}";
system.nixos.revision = lib.mkIf (self ? rev) self.rev; system.nixos.revision = final.mkIf (self ? rev) self.rev;
} }
]; ];
}); });
}; });
checks.x86_64-linux.tarball = jobs.tarball; checks.x86_64-linux.tarball = jobs.tarball;

View file

@ -67,7 +67,7 @@ let
inherit (trivial) id const pipe concat or and bitAnd bitOr bitXor inherit (trivial) id const pipe concat or and bitAnd bitOr bitXor
bitNot boolToString mergeAttrs flip mapNullable inNixShell min max bitNot boolToString mergeAttrs flip mapNullable inNixShell min max
importJSON warn info showWarnings nixpkgsVersion version mod compare importJSON warn info showWarnings nixpkgsVersion version mod compare
splitByAndCompare functionArgs setFunctionArgs isFunction; splitByAndCompare functionArgs setFunctionArgs isFunction toHexString toBaseDigits;
inherit (fixedPoints) fix fix' converge extends composeExtensions inherit (fixedPoints) fix fix' converge extends composeExtensions
makeExtensible makeExtensibleWithCustomName; makeExtensible makeExtensibleWithCustomName;
inherit (attrsets) attrByPath hasAttrByPath setAttrByPath inherit (attrsets) attrByPath hasAttrByPath setAttrByPath

View file

@ -48,8 +48,10 @@ rec {
else if isAttrs v then err "attrsets" v else if isAttrs v then err "attrsets" v
# functions cant be printed of course # functions cant be printed of course
else if isFunction v then err "functions" v else if isFunction v then err "functions" v
# lets not talk about floats. There is no sensible `toString` for them. # Floats currently can't be converted to precise strings,
else if isFloat v then err "floats" v # condition warning on nix version once this isn't a problem anymore
# See https://github.com/NixOS/nix/pull/3480
else if isFloat v then libStr.floatToString v
else err "this value is" (toString v); else err "this value is" (toString v);

View file

@ -85,6 +85,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
fullName = ''Beerware License''; fullName = ''Beerware License'';
}; };
blueOak100 = spdx {
spdxId = "BlueOak-1.0.0";
fullName = "Blue Oak Model License 1.0.0";
};
bsd0 = spdx { bsd0 = spdx {
spdxId = "0BSD"; spdxId = "0BSD";
fullName = "BSD Zero Clause License"; fullName = "BSD Zero Clause License";
@ -110,6 +115,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
fullName = ''BSD 4-clause "Original" or "Old" License''; fullName = ''BSD 4-clause "Original" or "Old" License'';
}; };
bsdProtection = spdx {
spdxId = "BSD-Protection";
fullName = "BSD Protection License";
};
bsl11 = { bsl11 = {
fullName = "Business Source License 1.1"; fullName = "Business Source License 1.1";
url = "https://mariadb.com/bsl11"; url = "https://mariadb.com/bsl11";

View file

@ -58,6 +58,23 @@ rec {
default = check; default = check;
description = "Whether to check whether all option definitions have matching declarations."; description = "Whether to check whether all option definitions have matching declarations.";
}; };
_module.freeformType = mkOption {
# Disallow merging for now, but could be implemented nicely with a `types.optionType`
type = types.nullOr (types.uniq types.attrs);
internal = true;
default = null;
description = ''
If set, merge all definitions that don't have an associated option
together using this type. The result then gets combined with the
values of all declared options to produce the final <literal>
config</literal> value.
If this is <literal>null</literal>, definitions without an option
will throw an error unless <option>_module.check</option> is
turned off.
'';
};
}; };
config = { config = {
@ -65,35 +82,55 @@ rec {
}; };
}; };
collected = collectModules merged =
(specialArgs.modulesPath or "") let collected = collectModules
(modules ++ [ internalModule ]) (specialArgs.modulesPath or "")
({ inherit config options lib; } // specialArgs); (modules ++ [ internalModule ])
({ inherit lib options config; } // specialArgs);
in mergeModules prefix (reverseList collected);
options = mergeModules prefix (reverseList collected); options = merged.matchedOptions;
# Traverse options and extract the option values into the final config =
# config set. At the same time, check whether all option let
# definitions have matching declarations.
# !!! _module.check's value can't depend on any other config values # For definitions that have an associated option
# without an infinite recursion. One way around this is to make the declaredConfig = mapAttrsRecursiveCond (v: ! isOption v) (_: v: v.value) options;
# 'config' passed around to the modules be unconditionally unchecked,
# and only do the check in 'result'. # If freeformType is set, this is for definitions that don't have an associated option
config = yieldConfig prefix options; freeformConfig =
yieldConfig = prefix: set: let
let res = removeAttrs (mapAttrs (n: v: defs = map (def: {
if isOption v then v.value file = def.file;
else yieldConfig (prefix ++ [n]) v) set) ["_definedNames"]; value = setAttrByPath def.prefix def.value;
in }) merged.unmatchedDefns;
if options._module.check.value && set ? _definedNames then in if defs == [] then {}
foldl' (res: m: else declaredConfig._module.freeformType.merge prefix defs;
foldl' (res: name:
if set ? ${name} then res else throw "The option `${showOption (prefix ++ [name])}' defined in `${m.file}' does not exist.") in if declaredConfig._module.freeformType == null then declaredConfig
res m.names) # Because all definitions that had an associated option ended in
res set._definedNames # declaredConfig, freeformConfig can only contain the non-option
else # paths, meaning recursiveUpdate will never override any value
res; else recursiveUpdate freeformConfig declaredConfig;
result = {
checkUnmatched =
if config._module.check && config._module.freeformType == null && merged.unmatchedDefns != [] then
let
firstDef = head merged.unmatchedDefns;
baseMsg = "The option `${showOption (prefix ++ firstDef.prefix)}' defined in `${firstDef.file}' does not exist.";
in
if attrNames options == [ "_module" ]
then throw ''
${baseMsg}
However there are no options defined in `${showOption prefix}'. Are you sure you've
declared your options properly? This can happen if you e.g. declared your options in `types.submodule'
under `config' rather than `options'.
''
else throw baseMsg
else null;
result = builtins.seq checkUnmatched {
inherit options; inherit options;
config = removeAttrs config [ "_module" ]; config = removeAttrs config [ "_module" ];
inherit (config) _module; inherit (config) _module;
@ -174,12 +211,16 @@ rec {
/* Massage a module into canonical form, that is, a set consisting /* Massage a module into canonical form, that is, a set consisting
of options, config and imports attributes. */ of options, config and imports attributes. */
unifyModuleSyntax = file: key: m: unifyModuleSyntax = file: key: m:
let addMeta = config: if m ? meta let
then mkMerge [ config { meta = m.meta; } ] addMeta = config: if m ? meta
else config; then mkMerge [ config { meta = m.meta; } ]
else config;
addFreeformType = config: if m ? freeformType
then mkMerge [ config { _module.freeformType = m.freeformType; } ]
else config;
in in
if m ? config || m ? options then if m ? config || m ? options then
let badAttrs = removeAttrs m ["_file" "key" "disabledModules" "imports" "options" "config" "meta"]; in let badAttrs = removeAttrs m ["_file" "key" "disabledModules" "imports" "options" "config" "meta" "freeformType"]; in
if badAttrs != {} then if badAttrs != {} then
throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by introducing a top-level `config' or `options' attribute. Add configuration attributes immediately on the top level instead, or move all of them (namely: ${toString (attrNames badAttrs)}) into the explicit `config' attribute." throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by introducing a top-level `config' or `options' attribute. Add configuration attributes immediately on the top level instead, or move all of them (namely: ${toString (attrNames badAttrs)}) into the explicit `config' attribute."
else else
@ -188,7 +229,7 @@ rec {
disabledModules = m.disabledModules or []; disabledModules = m.disabledModules or [];
imports = m.imports or []; imports = m.imports or [];
options = m.options or {}; options = m.options or {};
config = addMeta (m.config or {}); config = addFreeformType (addMeta (m.config or {}));
} }
else else
{ _file = m._file or file; { _file = m._file or file;
@ -196,7 +237,7 @@ rec {
disabledModules = m.disabledModules or []; disabledModules = m.disabledModules or [];
imports = m.require or [] ++ m.imports or []; imports = m.require or [] ++ m.imports or [];
options = {}; options = {};
config = addMeta (removeAttrs m ["_file" "key" "disabledModules" "require" "imports"]); config = addFreeformType (addMeta (removeAttrs m ["_file" "key" "disabledModules" "require" "imports" "freeformType"]));
}; };
applyIfFunction = key: f: args@{ config, options, lib, ... }: if isFunction f then applyIfFunction = key: f: args@{ config, options, lib, ... }: if isFunction f then
@ -233,7 +274,23 @@ rec {
declarations in all modules, combining them into a single set. declarations in all modules, combining them into a single set.
At the same time, for each option declaration, it will merge the At the same time, for each option declaration, it will merge the
corresponding option definitions in all machines, returning them corresponding option definitions in all machines, returning them
in the value attribute of each option. */ in the value attribute of each option.
This returns a set like
{
# A recursive set of options along with their final values
matchedOptions = {
foo = { _type = "option"; value = "option value of foo"; ... };
bar.baz = { _type = "option"; value = "option value of bar.baz"; ... };
...
};
# A list of definitions that weren't matched by any option
unmatchedDefns = [
{ file = "file.nix"; prefix = [ "qux" ]; value = "qux"; }
...
];
}
*/
mergeModules = prefix: modules: mergeModules = prefix: modules:
mergeModules' prefix modules mergeModules' prefix modules
(concatMap (m: map (config: { file = m._file; inherit config; }) (pushDownProperties m.config)) modules); (concatMap (m: map (config: { file = m._file; inherit config; }) (pushDownProperties m.config)) modules);
@ -280,9 +337,9 @@ rec {
defnsByName' = byName "config" (module: value: defnsByName' = byName "config" (module: value:
[{ inherit (module) file; inherit value; }] [{ inherit (module) file; inherit value; }]
) configs; ) configs;
in
(flip mapAttrs declsByName (name: decls: resultsByName = flip mapAttrs declsByName (name: decls:
# We're descending into attribute name. # We're descending into attribute name.
let let
loc = prefix ++ [name]; loc = prefix ++ [name];
defns = defnsByName.${name} or []; defns = defnsByName.${name} or [];
@ -291,7 +348,10 @@ rec {
in in
if nrOptions == length decls then if nrOptions == length decls then
let opt = fixupOptionType loc (mergeOptionDecls loc decls); let opt = fixupOptionType loc (mergeOptionDecls loc decls);
in evalOptionValue loc opt defns' in {
matchedOptions = evalOptionValue loc opt defns';
unmatchedDefns = [];
}
else if nrOptions != 0 then else if nrOptions != 0 then
let let
firstOption = findFirst (m: isOption m.options) "" decls; firstOption = findFirst (m: isOption m.options) "" decls;
@ -299,9 +359,27 @@ rec {
in in
throw "The option `${showOption loc}' in `${firstOption._file}' is a prefix of options in `${firstNonOption._file}'." throw "The option `${showOption loc}' in `${firstOption._file}' is a prefix of options in `${firstNonOption._file}'."
else else
mergeModules' loc decls defns mergeModules' loc decls defns);
))
// { _definedNames = map (m: { inherit (m) file; names = attrNames m.config; }) configs; }; matchedOptions = mapAttrs (n: v: v.matchedOptions) resultsByName;
# an attrset 'name' => list of unmatched definitions for 'name'
unmatchedDefnsByName =
# Propagate all unmatched definitions from nested option sets
mapAttrs (n: v: v.unmatchedDefns) resultsByName
# Plus the definitions for the current prefix that don't have a matching option
// removeAttrs defnsByName' (attrNames matchedOptions);
in {
inherit matchedOptions;
# Transforms unmatchedDefnsByName into a list of definitions
unmatchedDefns = concatLists (mapAttrsToList (name: defs:
map (def: def // {
# Set this so we know when the definition first left unmatched territory
prefix = [name] ++ (def.prefix or []);
}) defs
) unmatchedDefnsByName);
};
/* Merge multiple option declarations into a single declaration. In /* Merge multiple option declarations into a single declaration. In
general, there should be only one declaration of each option. general, there should be only one declaration of each option.

View file

@ -612,6 +612,22 @@ rec {
*/ */
fixedWidthNumber = width: n: fixedWidthString width "0" (toString n); fixedWidthNumber = width: n: fixedWidthString width "0" (toString n);
/* Convert a float to a string, but emit a warning when precision is lost
during the conversion
Example:
floatToString 0.000001
=> "0.000001"
floatToString 0.0000001
=> trace: warning: Imprecise conversion from float to string 0.000000
"0.000000"
*/
floatToString = float: let
result = toString float;
precise = float == builtins.fromJSON result;
in if precise then result
else lib.warn "Imprecise conversion from float to string ${result}" result;
/* Check whether a value can be coerced to a string */ /* Check whether a value can be coerced to a string */
isCoercibleToString = x: isCoercibleToString = x:
builtins.elem (builtins.typeOf x) [ "path" "string" "null" "int" "float" "bool" ] || builtins.elem (builtins.typeOf x) [ "path" "string" "null" "int" "float" "bool" ] ||

View file

@ -32,6 +32,7 @@ rec {
/**/ if final.isDarwin then "libSystem" /**/ if final.isDarwin then "libSystem"
else if final.isMinGW then "msvcrt" else if final.isMinGW then "msvcrt"
else if final.isWasi then "wasilibc" else if final.isWasi then "wasilibc"
else if final.isRedox then "relibc"
else if final.isMusl then "musl" else if final.isMusl then "musl"
else if final.isUClibc then "uclibc" else if final.isUClibc then "uclibc"
else if final.isAndroid then "bionic" else if final.isAndroid then "bionic"
@ -65,6 +66,7 @@ rec {
freebsd = "FreeBSD"; freebsd = "FreeBSD";
openbsd = "OpenBSD"; openbsd = "OpenBSD";
wasi = "Wasi"; wasi = "Wasi";
redox = "Redox";
genode = "Genode"; genode = "Genode";
}.${final.parsed.kernel.name} or null; }.${final.parsed.kernel.name} or null;

View file

@ -22,6 +22,8 @@ let
"wasm64-wasi" "wasm32-wasi" "wasm64-wasi" "wasm32-wasi"
"x86_64-redox"
"powerpc64le-linux" "powerpc64le-linux"
"riscv32-linux" "riscv64-linux" "riscv32-linux" "riscv64-linux"
@ -36,7 +38,7 @@ let
"js-ghcjs" "js-ghcjs"
"aarch64-genode" "x86_64-genode" "aarch64-genode" "i686-genode" "x86_64-genode"
]; ];
allParsed = map parse.mkSystemFromString all; allParsed = map parse.mkSystemFromString all;
@ -69,6 +71,7 @@ in {
openbsd = filterDoubles predicates.isOpenBSD; openbsd = filterDoubles predicates.isOpenBSD;
unix = filterDoubles predicates.isUnix; unix = filterDoubles predicates.isUnix;
wasi = filterDoubles predicates.isWasi; wasi = filterDoubles predicates.isWasi;
redox = filterDoubles predicates.isRedox;
windows = filterDoubles predicates.isWindows; windows = filterDoubles predicates.isWindows;
genode = filterDoubles predicates.isGenode; genode = filterDoubles predicates.isGenode;

View file

@ -163,6 +163,15 @@ rec {
libc = "newlib"; libc = "newlib";
}; };
#
# Redox
#
x86_64-unknown-redox = {
config = "x86_64-unknown-redox";
libc = "relibc";
};
# #
# Darwin # Darwin
# #

View file

@ -33,7 +33,7 @@ rec {
isBSD = { kernel = { families = { inherit (kernelFamilies) bsd; }; }; }; isBSD = { kernel = { families = { inherit (kernelFamilies) bsd; }; }; };
isDarwin = { kernel = { families = { inherit (kernelFamilies) darwin; }; }; }; isDarwin = { kernel = { families = { inherit (kernelFamilies) darwin; }; }; };
isUnix = [ isBSD isDarwin isLinux isSunOS isCygwin ]; isUnix = [ isBSD isDarwin isLinux isSunOS isCygwin isRedox ];
isMacOS = { kernel = kernels.macos; }; isMacOS = { kernel = kernels.macos; };
isiOS = { kernel = kernels.ios; }; isiOS = { kernel = kernels.ios; };
@ -46,6 +46,7 @@ rec {
isCygwin = { kernel = kernels.windows; abi = abis.cygnus; }; isCygwin = { kernel = kernels.windows; abi = abis.cygnus; };
isMinGW = { kernel = kernels.windows; abi = abis.gnu; }; isMinGW = { kernel = kernels.windows; abi = abis.gnu; };
isWasi = { kernel = kernels.wasi; }; isWasi = { kernel = kernels.wasi; };
isRedox = { kernel = kernels.redox; };
isGhcjs = { kernel = kernels.ghcjs; }; isGhcjs = { kernel = kernels.ghcjs; };
isGenode = { kernel = kernels.genode; }; isGenode = { kernel = kernels.genode; };
isNone = { kernel = kernels.none; }; isNone = { kernel = kernels.none; };

View file

@ -277,6 +277,7 @@ rec {
openbsd = { execFormat = elf; families = { inherit bsd; }; }; openbsd = { execFormat = elf; families = { inherit bsd; }; };
solaris = { execFormat = elf; families = { }; }; solaris = { execFormat = elf; families = { }; };
wasi = { execFormat = wasm; families = { }; }; wasi = { execFormat = wasm; families = { }; };
redox = { execFormat = elf; families = { }; };
windows = { execFormat = pe; families = { }; }; windows = { execFormat = pe; families = { }; };
ghcjs = { execFormat = unknown; families = { }; }; ghcjs = { execFormat = unknown; families = { }; };
genode = { execFormat = elf; families = { }; }; genode = { execFormat = elf; families = { }; };
@ -390,6 +391,8 @@ rec {
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "windows"; } then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "windows"; }
else if (elemAt l 2 == "wasi") else if (elemAt l 2 == "wasi")
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "wasi"; } then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "wasi"; }
else if (elemAt l 2 == "redox")
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = "redox"; }
else if hasPrefix "netbsd" (elemAt l 2) else if hasPrefix "netbsd" (elemAt l 2)
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; } then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; }
else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"]) else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"])

View file

@ -102,6 +102,16 @@ runTests {
expected = 9; expected = 9;
}; };
testToHexString = {
expr = toHexString 250;
expected = "FA";
};
testToBaseDigits = {
expr = toBaseDigits 2 6;
expected = [ 1 1 0 ];
};
# STRINGS # STRINGS
testConcatMapStrings = { testConcatMapStrings = {

View file

@ -210,6 +210,29 @@ checkConfigOutput "empty" config.value.foo ./declare-lazyAttrsOf.nix ./attrsOf-c
checkConfigError 'The option value .* in .* is not of type .*' \ checkConfigError 'The option value .* in .* is not of type .*' \
config.value ./declare-int-unsigned-value.nix ./define-value-list.nix ./define-value-int-positive.nix config.value ./declare-int-unsigned-value.nix ./define-value-list.nix ./define-value-int-positive.nix
## Freeform modules
# Assigning without a declared option should work
checkConfigOutput 24 config.value ./freeform-attrsOf.nix ./define-value-string.nix
# No freeform assigments shouldn't make it error
checkConfigOutput '{ }' config ./freeform-attrsOf.nix
# but only if the type matches
checkConfigError 'The option value .* in .* is not of type .*' config.value ./freeform-attrsOf.nix ./define-value-list.nix
# and properties should be applied
checkConfigOutput yes config.value ./freeform-attrsOf.nix ./define-value-string-properties.nix
# Options should still be declarable, and be able to have a type that doesn't match the freeform type
checkConfigOutput false config.enable ./freeform-attrsOf.nix ./define-value-string.nix ./declare-enable.nix
checkConfigOutput 24 config.value ./freeform-attrsOf.nix ./define-value-string.nix ./declare-enable.nix
# and this should work too with nested values
checkConfigOutput false config.nest.foo ./freeform-attrsOf.nix ./freeform-nested.nix
checkConfigOutput bar config.nest.bar ./freeform-attrsOf.nix ./freeform-nested.nix
# Check whether a declared option can depend on an freeform-typed one
checkConfigOutput null config.foo ./freeform-attrsOf.nix ./freeform-str-dep-unstr.nix
checkConfigOutput 24 config.foo ./freeform-attrsOf.nix ./freeform-str-dep-unstr.nix ./define-value-string.nix
# Check whether an freeform-typed value can depend on a declared option, this can only work with lazyAttrsOf
checkConfigError 'infinite recursion encountered' config.foo ./freeform-attrsOf.nix ./freeform-unstr-dep-str.nix
checkConfigError 'The option .* is used but not defined' config.foo ./freeform-lazyAttrsOf.nix ./freeform-unstr-dep-str.nix
checkConfigOutput 24 config.foo ./freeform-lazyAttrsOf.nix ./freeform-unstr-dep-str.nix ./define-value-string.nix
cat <<EOF cat <<EOF
====== module tests ====== ====== module tests ======
$pass Pass $pass Pass

View file

@ -0,0 +1,12 @@
{ lib, ... }: {
imports = [{
value = lib.mkDefault "def";
}];
value = lib.mkMerge [
(lib.mkIf false "nope")
"yes"
];
}

View file

@ -0,0 +1,3 @@
{ lib, ... }: {
freeformType = with lib.types; attrsOf (either str (attrsOf str));
}

View file

@ -0,0 +1,3 @@
{ lib, ... }: {
freeformType = with lib.types; lazyAttrsOf (either str (lazyAttrsOf str));
}

View file

@ -0,0 +1,7 @@
{ lib, ... }: {
options.nest.foo = lib.mkOption {
type = lib.types.bool;
default = false;
};
config.nest.bar = "bar";
}

View file

@ -0,0 +1,8 @@
{ lib, config, ... }: {
options.foo = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
config.foo = lib.mkIf (config ? value) config.value;
}

View file

@ -0,0 +1,8 @@
{ lib, config, ... }: {
options.value = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
config.foo = lib.mkIf (config.value != null) config.value;
}

View file

@ -12,22 +12,23 @@ let
expected = lib.sort lib.lessThan y; expected = lib.sort lib.lessThan y;
}; };
in with lib.systems.doubles; lib.runTests { in with lib.systems.doubles; lib.runTests {
testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ js ++ genode); testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ js ++ genode ++ redox);
testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv6l-none" "armv7a-linux" "armv7l-linux" "arm-none" "armv7a-darwin" ]; testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv6l-none" "armv7a-linux" "armv7l-linux" "arm-none" "armv7a-darwin" ];
testi686 = mseteq i686 [ "i686-linux" "i686-freebsd" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-windows" "i686-none" "i686-darwin" ]; testi686 = mseteq i686 [ "i686-linux" "i686-freebsd" "i686-genode" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-windows" "i686-none" "i686-darwin" ];
testmips = mseteq mips [ "mipsel-linux" ]; testmips = mseteq mips [ "mipsel-linux" ];
testx86_64 = mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-genode" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" "x86_64-windows" "x86_64-none" ]; testx86_64 = mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-genode" "x86_64-redox" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" "x86_64-windows" "x86_64-none" ];
testcygwin = mseteq cygwin [ "i686-cygwin" "x86_64-cygwin" ]; testcygwin = mseteq cygwin [ "i686-cygwin" "x86_64-cygwin" ];
testdarwin = mseteq darwin [ "x86_64-darwin" "i686-darwin" "aarch64-darwin" "armv7a-darwin" ]; testdarwin = mseteq darwin [ "x86_64-darwin" "i686-darwin" "aarch64-darwin" "armv7a-darwin" ];
testfreebsd = mseteq freebsd [ "i686-freebsd" "x86_64-freebsd" ]; testfreebsd = mseteq freebsd [ "i686-freebsd" "x86_64-freebsd" ];
testgenode = mseteq genode [ "aarch64-genode" "x86_64-genode" ]; testgenode = mseteq genode [ "aarch64-genode" "i686-genode" "x86_64-genode" ];
testredox = mseteq redox [ "x86_64-redox" ];
testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */); testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */);
testillumos = mseteq illumos [ "x86_64-solaris" ]; testillumos = mseteq illumos [ "x86_64-solaris" ];
testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "mipsel-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux" "powerpc64le-linux" ]; testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "mipsel-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux" "powerpc64le-linux" ];
testnetbsd = mseteq netbsd [ "i686-netbsd" "x86_64-netbsd" ]; testnetbsd = mseteq netbsd [ "i686-netbsd" "x86_64-netbsd" ];
testopenbsd = mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ]; testopenbsd = mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ];
testwindows = mseteq windows [ "i686-cygwin" "x86_64-cygwin" "i686-windows" "x86_64-windows" ]; testwindows = mseteq windows [ "i686-cygwin" "x86_64-cygwin" "i686-windows" "x86_64-windows" ];
testunix = mseteq unix (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ cygwin); testunix = mseteq unix (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ cygwin ++ redox);
} }

View file

@ -332,4 +332,55 @@ rec {
*/ */
isFunction = f: builtins.isFunction f || isFunction = f: builtins.isFunction f ||
(f ? __functor && isFunction (f.__functor f)); (f ? __functor && isFunction (f.__functor f));
/* Convert the given positive integer to a string of its hexadecimal
representation. For example:
toHexString 0 => "0"
toHexString 16 => "10"
toHexString 250 => "FA"
*/
toHexString = i:
let
toHexDigit = d:
if d < 10
then toString d
else
{
"10" = "A";
"11" = "B";
"12" = "C";
"13" = "D";
"14" = "E";
"15" = "F";
}.${toString d};
in
lib.concatMapStrings toHexDigit (toBaseDigits 16 i);
/* `toBaseDigits base i` converts the positive integer i to a list of its
digits in the given base. For example:
toBaseDigits 10 123 => [ 1 2 3 ]
toBaseDigits 2 6 => [ 1 1 0 ]
toBaseDigits 16 250 => [ 15 10 ]
*/
toBaseDigits = base: i:
let
go = i:
if i < base
then [i]
else
let
r = i - ((i / base) * base);
q = (i - r) / base;
in
[r] ++ go q;
in
assert (base >= 2);
assert (i >= 0);
lib.reverseList (go i);
} }

View file

@ -486,9 +486,15 @@ rec {
else value else value
) defs; ) defs;
freeformType = (evalModules {
inherit modules specialArgs;
args.name = "name";
})._module.freeformType;
in in
mkOptionType rec { mkOptionType rec {
name = "submodule"; name = "submodule";
description = freeformType.description or name;
check = x: isAttrs x || isFunction x || path.check x; check = x: isAttrs x || isFunction x || path.check x;
merge = loc: defs: merge = loc: defs:
(evalModules { (evalModules {

View file

@ -26,6 +26,13 @@
`handle == github` is strongly preferred whenever `github` is an acceptable attribute name and is short and convenient. `handle == github` is strongly preferred whenever `github` is an acceptable attribute name and is short and convenient.
If `github` begins with a numeral, `handle` should be prefixed with an underscore.
```nix
_1example = {
github = "1example";
};
```
Add PGP/GPG keys only if you actually use them to sign commits and/or mail. Add PGP/GPG keys only if you actually use them to sign commits and/or mail.
To get the required PGP/GPG values for a key run To get the required PGP/GPG values for a key run
@ -35,14 +42,14 @@
!!! Note that PGP/GPG values stored here are for informational purposes only, don't use this file as a source of truth. !!! Note that PGP/GPG values stored here are for informational purposes only, don't use this file as a source of truth.
More fields may be added in the future. More fields may be added in the future, however, in order to comply with GDPR this file should stay as minimal as possible.
Please keep the list alphabetically sorted. Please keep the list alphabetically sorted.
See `./scripts/check-maintainer-github-handles.sh` for an example on how to work with this data. See `./scripts/check-maintainer-github-handles.sh` for an example on how to work with this data.
*/ */
{ {
"0x4A6F" = { _0x4A6F = {
email = "0x4A6F@shackspace.de"; email = "mail-maintainer@0x4A6F.dev";
name = "Joachim Ernst"; name = "Joachim Ernst";
github = "0x4A6F"; github = "0x4A6F";
githubId = 9675338; githubId = 9675338;
@ -51,7 +58,7 @@
fingerprint = "F466 A548 AD3F C1F1 8C88 4576 8702 7528 B006 D66D"; fingerprint = "F466 A548 AD3F C1F1 8C88 4576 8702 7528 B006 D66D";
}]; }];
}; };
"1000101" = { _1000101 = {
email = "b1000101@pm.me"; email = "b1000101@pm.me";
github = "1000101"; github = "1000101";
githubId = 791309; githubId = 791309;
@ -313,6 +320,12 @@
githubId = 43479487; githubId = 43479487;
name = "Titouan Biteau"; name = "Titouan Biteau";
}; };
alerque = {
email = "caleb@alerque.com";
github = "alerque";
githubId = 173595;
name = "Caleb Maclennan";
};
alexarice = { alexarice = {
email = "alexrice999@hotmail.co.uk"; email = "alexrice999@hotmail.co.uk";
github = "alexarice"; github = "alexarice";
@ -543,6 +556,12 @@
githubId = 750786; githubId = 750786;
name = "Justin Wood"; name = "Justin Wood";
}; };
anna328p = {
email = "anna328p@gmail.com";
github = "anna328p";
githubId = 9790772;
name = "Anna";
};
anmonteiro = { anmonteiro = {
email = "anmonteiro@gmail.com"; email = "anmonteiro@gmail.com";
github = "anmonteiro"; github = "anmonteiro";
@ -673,6 +692,12 @@
githubId = 3965744; githubId = 3965744;
name = "Arthur Lee"; name = "Arthur Lee";
}; };
arturcygan = {
email = "arczicygan@gmail.com";
github = "arcz";
githubId = 4679721;
name = "Artur Cygan";
};
artuuge = { artuuge = {
email = "artuuge@gmail.com"; email = "artuuge@gmail.com";
github = "artuuge"; github = "artuuge";
@ -815,6 +840,12 @@
githubId = 135230; githubId = 135230;
name = "Aycan iRiCAN"; name = "Aycan iRiCAN";
}; };
artturin = {
email = "artturin@artturin.com";
github = "artturin";
githubId = 56650223;
name = "Artturi N";
};
b4dm4n = { b4dm4n = {
email = "fabianm88@gmail.com"; email = "fabianm88@gmail.com";
github = "B4dM4n"; github = "B4dM4n";
@ -1109,6 +1140,12 @@
githubId = 3465841; githubId = 3465841;
name = "Boris Sukholitko"; name = "Boris Sukholitko";
}; };
bouk = {
name = "Bouke van der Bijl";
email = "i@bou.ke";
github = "bouk";
githubId = 97820;
};
bradediger = { bradediger = {
email = "brad@bradediger.com"; email = "brad@bradediger.com";
github = "bradediger"; github = "bradediger";
@ -1406,6 +1443,22 @@
githubId = 30435868; githubId = 30435868;
name = "Okina Matara"; name = "Okina Matara";
}; };
Chili-Man = {
email = "dr.elhombrechile@gmail.com";
name = "Diego Rodriguez";
github = "Chili-Man";
githubId = 631802;
keys = [{
longkeyid = "rsa4096/0xE0EBAD78F0190BD9";
fingerprint = "099E 3F97 FA08 3D47 8C75 EBEC E0EB AD78 F019 0BD9";
}];
};
chiroptical = {
email = "chiroptical@gmail.com";
github = "chiroptical";
githubId = 3086255;
name = "Barry Moore II";
};
chkno = { chkno = {
email = "chuck@intelligence.org"; email = "chuck@intelligence.org";
github = "chkno"; github = "chkno";
@ -1720,6 +1773,16 @@
githubId = 490965; githubId = 490965;
name = "Craig Swank"; name = "Craig Swank";
}; };
cust0dian = {
email = "serg@effectful.software";
github = "cust0dian";
githubId = 389387;
name = "Serg Nesterov";
keys = [{
longkeyid = "rsa4096/0x1512F6EB84AECC8C";
fingerprint = "6E7D BA30 DB5D BA60 693C 3BE3 1512 F6EB 84AE CC8C";
}];
};
cwoac = { cwoac = {
email = "oliver@codersoffortune.net"; email = "oliver@codersoffortune.net";
github = "cwoac"; github = "cwoac";
@ -1828,7 +1891,7 @@
githubId = 4971975; githubId = 4971975;
name = "Janne Heß"; name = "Janne Heß";
}; };
"dasj19" = { dasj19 = {
email = "daniel@serbanescu.dk"; email = "daniel@serbanescu.dk";
github = "dasj19"; github = "dasj19";
githubId = 7589338; githubId = 7589338;
@ -1896,6 +1959,12 @@
githubId = 14032; githubId = 14032;
name = "Daniel Brockman"; name = "Daniel Brockman";
}; };
ddelabru = {
email = "ddelabru@redhat.com";
github = "ddelabru";
githubId = 39909293;
name = "Dominic Delabruere";
};
dduan = { dduan = {
email = "daniel@duan.ca"; email = "daniel@duan.ca";
github = "dduan"; github = "dduan";
@ -2052,12 +2121,6 @@
githubId = 1316469; githubId = 1316469;
name = "Naomi Morse"; name = "Naomi Morse";
}; };
dkudriavtsev = {
email = "dkudriavtsev@gmail.com";
github = "dkudriavtsev";
githubId = 9790772;
name = "Dmitry Kudriavtsev";
};
dmalikov = { dmalikov = {
email = "malikov.d.y@gmail.com"; email = "malikov.d.y@gmail.com";
github = "dmalikov"; github = "dmalikov";
@ -2130,6 +2193,16 @@
githubId = 974130; githubId = 974130;
name = "David Pätzel"; name = "David Pätzel";
}; };
dpausp = {
email = "dpausp@posteo.de";
github = "dpausp";
githubId = 1965950;
name = "Tobias Stenzel";
keys = [{
longkeyid = "rsa2048/0x78C7DD40DF23FB16";
fingerprint = "4749 0887 CF3B 85A1 6355 C671 78C7 DD40 DF23 FB16";
}];
};
dpflug = { dpflug = {
email = "david@pflug.email"; email = "david@pflug.email";
github = "dpflug"; github = "dpflug";
@ -2364,6 +2437,12 @@
githubId = 1753498; githubId = 1753498;
name = "Dejan Lukan"; name = "Dejan Lukan";
}; };
elliottvillars = {
email = "elliottvillars@gmail.com";
github = "elliottvillars";
githubId = 48104179;
name = "Elliott Villars";
};
eliasp = { eliasp = {
email = "mail@eliasprobst.eu"; email = "mail@eliasprobst.eu";
github = "eliasp"; github = "eliasp";
@ -2388,6 +2467,12 @@
githubId = 97852; githubId = 97852;
name = "Ellis Whitehead"; name = "Ellis Whitehead";
}; };
elkowar = {
email = "thereal.elkowar@gmail.com";
github = "elkowar";
githubId = 5300871;
name = "Leon Kowarschick";
};
elohmeier = { elohmeier = {
email = "elo-nixos@nerdworks.de"; email = "elo-nixos@nerdworks.de";
github = "elohmeier"; github = "elohmeier";
@ -2928,6 +3013,12 @@
githubId = 7047019; githubId = 7047019;
name = "Florent Becker"; name = "Florent Becker";
}; };
galagora = {
email = "lightningstrikeiv@gmail.com";
github = "galagora";
githubId = 45048741;
name = "Alwanga Oyango";
};
gamb = { gamb = {
email = "adam.gamble@pm.me"; email = "adam.gamble@pm.me";
github = "gamb"; github = "gamb";
@ -2964,12 +3055,6 @@
githubId = 313929; githubId = 313929;
name = "Gabriel Ebner"; name = "Gabriel Ebner";
}; };
geistesk = {
email = "post@0x21.biz";
github = "geistesk";
githubId = 8402811;
name = "Alvar Penning";
};
genesis = { genesis = {
email = "ronan@aimao.org"; email = "ronan@aimao.org";
github = "bignaux"; github = "bignaux";
@ -3058,6 +3143,12 @@
githubId = 25820499; githubId = 25820499;
name = "Roman Kretschmer"; name = "Roman Kretschmer";
}; };
goertzenator = {
email = "daniel.goertzen@gmail.com";
github = "goertzenator";
githubId = 605072;
name = "Daniel Goertzen";
};
goibhniu = { goibhniu = {
email = "cillian.deroiste@gmail.com"; email = "cillian.deroiste@gmail.com";
github = "cillianderoiste"; github = "cillianderoiste";
@ -3146,6 +3237,12 @@
githubId = 6768842; githubId = 6768842;
name = "Joris Guyonvarch"; name = "Joris Guyonvarch";
}; };
gvolpe = {
email = "volpegabriel@gmail.com";
github = "gvolpe";
githubId = 443978;
name = "Gabriel Volpe";
};
hakuch = { hakuch = {
email = "hakuch@gmail.com"; email = "hakuch@gmail.com";
github = "hakuch"; github = "hakuch";
@ -3169,6 +3266,10 @@
github = "haozeke"; github = "haozeke";
githubId = 4336207; githubId = 4336207;
name = "Rohit Goswami"; name = "Rohit Goswami";
keys = [{
longkeyid = "rsa4096/0x9CCCE36402CB49A6";
fingerprint = "74B1 F67D 8E43 A94A 7554 0768 9CCC E364 02CB 49A6";
}];
}; };
haslersn = { haslersn = {
email = "haslersn@fius.informatik.uni-stuttgart.de"; email = "haslersn@fius.informatik.uni-stuttgart.de";
@ -3864,6 +3965,12 @@
githubId = 8735102; githubId = 8735102;
name = "John Ramsden"; name = "John Ramsden";
}; };
johntitor = {
email = "huyuumi.dev@gmail.com";
github = "JohnTitor";
githubId = 25030997;
name = "Yuki Okushi";
};
jojosch = { jojosch = {
name = "Johannes Schleifenbaum"; name = "Johannes Schleifenbaum";
email = "johannes@js-webcoding.de"; email = "johannes@js-webcoding.de";
@ -4083,6 +4190,12 @@
githubId = 87115; githubId = 87115;
name = "Wael Nasreddine"; name = "Wael Nasreddine";
}; };
kalekseev = {
email = "mail@kalekseev.com";
github = "kalekseev";
githubId = 367259;
name = "Konstantin Alekseev";
};
kamadorueda = { kamadorueda = {
name = "Kevin Amado"; name = "Kevin Amado";
email = "kamadorueda@gmail.com"; email = "kamadorueda@gmail.com";
@ -4111,6 +4224,12 @@
github = "karantan"; github = "karantan";
githubId = 7062631; githubId = 7062631;
}; };
KarlJoad = {
email = "karl@hallsby.com";
github = "KarlJoad";
githubId = 34152449;
name = "Karl Hallsby";
};
karolchmist = { karolchmist = {
email = "info+nix@chmist.com"; email = "info+nix@chmist.com";
name = "karolchmist"; name = "karolchmist";
@ -4314,6 +4433,12 @@
githubId = 524268; githubId = 524268;
name = "Koral"; name = "Koral";
}; };
koslambrou = {
email = "koslambrou@gmail.com";
github = "koslambrou";
githubId = 2037002;
name = "Konstantinos";
};
kovirobi = { kovirobi = {
email = "kovirobi@gmail.com"; email = "kovirobi@gmail.com";
github = "kovirobi"; github = "kovirobi";
@ -4565,6 +4690,12 @@
fingerprint = "7FE2 113A A08B 695A C8B8 DDE6 AE53 B4C2 E58E DD45"; fingerprint = "7FE2 113A A08B 695A C8B8 DDE6 AE53 B4C2 E58E DD45";
}]; }];
}; };
lf- = {
email = "nix-maint@lfcode.ca";
github = "lf-";
githubId = 6652840;
name = "Jade";
};
lheckemann = { lheckemann = {
email = "git@sphalerite.org"; email = "git@sphalerite.org";
github = "lheckemann"; github = "lheckemann";
@ -4705,6 +4836,12 @@
githubId = 1202012; githubId = 1202012;
name = "Ignat Loskutov"; name = "Ignat Loskutov";
}; };
louisdk1 = {
email = "louis@louis.dk";
github = "louisdk1";
githubId = 4969294;
name = "Louis Tim Larsen";
};
lovek323 = { lovek323 = {
email = "jason@oconal.id.au"; email = "jason@oconal.id.au";
github = "lovek323"; github = "lovek323";
@ -4757,6 +4894,12 @@
githubId = 59375051; githubId = 59375051;
name = "Lucas Ransan"; name = "Lucas Ransan";
}; };
lucperkins = {
email = "lucperkins@gmail.com";
github = "lucperkins";
githubId = 1523104;
name = "Luc Perkins";
};
lucus16 = { lucus16 = {
email = "lars.jellema@gmail.com"; email = "lars.jellema@gmail.com";
github = "Lucus16"; github = "Lucus16";
@ -5123,6 +5266,12 @@
githubId = 13689192; githubId = 13689192;
name = "Nguyn Gia Phong"; name = "Nguyn Gia Phong";
}; };
mcwitt = {
email = "mcwitt@gmail.com";
github = "mcwitt";
githubId = 319411;
name = "Matt Wittmann";
};
mdaiter = { mdaiter = {
email = "mdaiter8121@gmail.com"; email = "mdaiter8121@gmail.com";
github = "mdaiter"; github = "mdaiter";
@ -5197,6 +5346,12 @@
github = "metadark"; github = "metadark";
githubId = 382041; githubId = 382041;
}; };
meutraa = {
email = "paul+nixpkgs@lost.host";
name = "Paul Meredith";
github = "meutraa";
githubId = 68550871;
};
mfossen = { mfossen = {
email = "msfossen@gmail.com"; email = "msfossen@gmail.com";
github = "mfossen"; github = "mfossen";
@ -5814,6 +5969,12 @@
githubId = 1224006; githubId = 1224006;
name = "Roberto Abdelkader Martínez Pérez"; name = "Roberto Abdelkader Martínez Pérez";
}; };
nilsirl = {
email = "nils@nilsand.re";
github = "NilsIrl";
githubId = 26231126;
name = "Nils ANDRÉ-CHANG";
};
ninjatrappeur = { ninjatrappeur = {
email = "felix@alternativebit.fr"; email = "felix@alternativebit.fr";
github = "ninjatrappeur"; github = "ninjatrappeur";
@ -6070,6 +6231,16 @@
fingerprint = "514B B966 B46E 3565 0508 86E8 0E6C A66E 5C55 7AA8"; fingerprint = "514B B966 B46E 3565 0508 86E8 0E6C A66E 5C55 7AA8";
}]; }];
}; };
oxzi = {
email = "post@0x21.biz";
github = "oxzi";
githubId = 8402811;
name = "Alvar Penning";
keys = [{
longkeyid = "rsa4096/0xF32A45637FA25E31";
fingerprint = "EB14 4E67 E57D 27E2 B5A4 CD8C F32A 4563 7FA2 5E31";
}];
};
oyren = { oyren = {
email = "m.scheuren@oyra.eu"; email = "m.scheuren@oyra.eu";
github = "oyren"; github = "oyren";
@ -6142,6 +6313,12 @@
githubId = 20792; githubId = 20792;
name = "Sebastian Galkin"; name = "Sebastian Galkin";
}; };
parasrah = {
email = "nixos@parasrah.com";
github = "parasrah";
githubId = 14935550;
name = "Brad Pfannmuller";
};
pashashocky = { pashashocky = {
email = "pashashocky@gmail.com"; email = "pashashocky@gmail.com";
github = "pashashocky"; github = "pashashocky";
@ -6316,6 +6493,12 @@
githubId = 119460; githubId = 119460;
name = "Perry Barnoy"; name = "Perry Barnoy";
}; };
pjjw = {
email = "peter@shortbus.org";
github = "pjjw";
githubId = 638;
name = "Peter Woodman";
};
pjones = { pjones = {
email = "pjones@devalot.com"; email = "pjones@devalot.com";
github = "pjones"; github = "pjones";
@ -6466,6 +6649,12 @@
fingerprint = "86E6 792F C27B FD47 8860 C110 91F3 B339 B9A0 2A3D"; fingerprint = "86E6 792F C27B FD47 8860 C110 91F3 B339 B9A0 2A3D";
}]; }];
}; };
psanford = {
email = "psanford@sanford.io";
github = "psanford";
githubId = 33375;
name = "Peter Sanford";
};
pshendry = { pshendry = {
email = "paul@pshendry.com"; email = "paul@pshendry.com";
github = "pshendry"; github = "pshendry";
@ -6804,6 +6993,12 @@
githubId = 2507744; githubId = 2507744;
name = "Roland Koebler"; name = "Roland Koebler";
}; };
rizary = {
email = "andika@numtide.com";
github = "Rizary";
githubId = 7221768;
name = "Andika Demas Riyandi";
};
rkrzr = { rkrzr = {
email = "ops+nixpkgs@channable.com"; email = "ops+nixpkgs@channable.com";
github = "rkrzr"; github = "rkrzr";
@ -7074,6 +7269,16 @@
githubId = 132835; githubId = 132835;
name = "Samuel Dionne-Riel"; name = "Samuel Dionne-Riel";
}; };
samuelgrf = {
email = "git@samuelgrf.com";
github = "samuelgrf";
githubId = 67663538;
name = "Samuel Gräfenstein";
keys = [{
longkeyid = "rsa4096/0xEF76A063F15C63C8";
fingerprint = "FF24 5832 8FAF 4660 18C6 186E EF76 A063 F15C 63C8";
}];
};
samuelrivas = { samuelrivas = {
email = "samuelrivas@gmail.com"; email = "samuelrivas@gmail.com";
github = "samuelrivas"; github = "samuelrivas";
@ -7398,6 +7603,12 @@
githubId = 2770647; githubId = 2770647;
name = "Simon Vandel Sillesen"; name = "Simon Vandel Sillesen";
}; };
siraben = {
email = "bensiraphob@gmail.com";
github = "siraben";
githubId = 8219659;
name = "Siraphob Phipathananunth";
};
siriobalmelli = { siriobalmelli = {
email = "sirio@b-ad.ch"; email = "sirio@b-ad.ch";
github = "siriobalmelli"; github = "siriobalmelli";
@ -7768,6 +7979,12 @@
githubId = 332289; githubId = 332289;
name = "Rafał Łasocha"; name = "Rafał Łasocha";
}; };
syberant = {
email = "sybrand@neuralcoding.com";
github = "syberant";
githubId = 20063502;
name = "Sybrand Aarnoutse";
};
symphorien = { symphorien = {
email = "symphorien_nixpkgs@xlumurb.eu"; email = "symphorien_nixpkgs@xlumurb.eu";
github = "symphorien"; github = "symphorien";
@ -7940,6 +8157,12 @@
githubId = 26417242; githubId = 26417242;
name = "Mikolaj Galkowski"; name = "Mikolaj Galkowski";
}; };
TethysSvensson = {
email = "freaken@freaken.dk";
github = "TethysSvensson";
githubId = 4294434;
name = "Tethys Svensson";
};
teto = { teto = {
email = "mcoudron@hotmail.com"; email = "mcoudron@hotmail.com";
github = "teto"; github = "teto";
@ -8006,7 +8229,7 @@
githubId = 8547242; githubId = 8547242;
name = "Stefan Rohrbacher"; name = "Stefan Rohrbacher";
}; };
"thelegy" = { thelegy = {
email = "mail+nixos@0jb.de"; email = "mail+nixos@0jb.de";
github = "thelegy"; github = "thelegy";
githubId = 3105057; githubId = 3105057;
@ -8224,6 +8447,12 @@
githubId = 207457; githubId = 207457;
name = "Matthieu Chevrier"; name = "Matthieu Chevrier";
}; };
trepetti = {
email = "trepetti@cs.columbia.edu";
github = "trepetti";
githubId = 25440339;
name = "Tom Repetti";
};
trevorj = { trevorj = {
email = "nix@trevor.joynson.io"; email = "nix@trevor.joynson.io";
github = "akatrevorjay"; github = "akatrevorjay";
@ -8551,6 +8780,14 @@
githubId = 13259982; githubId = 13259982;
name = "Vanessa McHale"; name = "Vanessa McHale";
}; };
voidless = {
email = "julius.schmitt@yahoo.de";
github = "voidIess";
githubId = 45292658;
name = "Julius Schmitt";
};
volhovm = { volhovm = {
email = "volhovm.cs@gmail.com"; email = "volhovm.cs@gmail.com";
github = "volhovm"; github = "volhovm";
@ -8947,6 +9184,16 @@
email = "zef@zef.me"; email = "zef@zef.me";
name = "Zef Hemel"; name = "Zef Hemel";
}; };
zeratax = {
email = "mail@zera.tax";
github = "ZerataX";
githubId = 5024958;
name = "Jona Abdinghoff";
keys = [{
longkeyid = "rsa4096/0x8333735E784DF9D4";
fingerprint = "44F7 B797 9D3A 27B1 89E0 841E 8333 735E 784D F9D4";
}];
};
zfnmxt = { zfnmxt = {
name = "zfnmxt"; name = "zfnmxt";
email = "zfnmxt@zfnmxt.com"; email = "zfnmxt@zfnmxt.com";
@ -9139,4 +9386,10 @@
github = "deifactor"; github = "deifactor";
githubId = 30192992; githubId = 30192992;
}; };
fzakaria = {
name = "Farid Zakaria";
email = "farid.m.zakaria@gmail.com";
github = "fzakaria";
githubId = 605070;
};
} }

View file

@ -79,5 +79,4 @@ say,,,,,
std__debug,std._debug,,,, std__debug,std._debug,,,,
std_normalize,std.normalize,,,, std_normalize,std.normalize,,,,
stdlib,,,,,vyp stdlib,,,,,vyp
pulseaudio,,,,,doronbehar
vstruct,,,,, vstruct,,,,,

1 # nix name luarocks name server version luaversion maintainers
79 std__debug std._debug
80 std_normalize std.normalize
81 stdlib vyp
pulseaudio doronbehar
82 vstruct

View file

@ -124,4 +124,3 @@ if [ -n "$optPrint" ]; then
echo echo
cat "$newlist" cat "$newlist"
fi fi

View file

@ -59,6 +59,16 @@ with lib.maintainers; {
scope = "Maintain GNOME desktop environment and platform."; scope = "Maintain GNOME desktop environment and platform.";
}; };
jitsi = {
members = [
mmilata
petabyteboy
prusnak
ryantm
];
scope = "Maintain Jitsi.";
};
matrix = { matrix = {
members = [ members = [
ma27 ma27

View file

@ -52,7 +52,7 @@
<para> <para>
The proper installation of OpenCL drivers can be verified through The proper installation of OpenCL drivers can be verified through
the <command>clinfo</command> command of the <package>clinfo</package> the <command>clinfo</command> command of the <package>clinfo</package>
package. This command will report the number of hardware devides package. This command will report the number of hardware devices
that is found and give detailed information for each device: that is found and give detailed information for each device:
</para> </para>
@ -100,5 +100,182 @@ ROCR_EXT_DIR=`nix-build '&lt;nixpkgs&gt;' --no-out-link -A rocm-runtime-ext`/lib
Image support Yes</screen> Image support Yes</screen>
</para> </para>
</section> </section>
<section xml:id="sec-gpu-accel-opencl-intel">
<title>Intel</title>
<para>
<link
xlink:href="https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen8">Intel
Gen8 and later GPUs</link> are supported by the Intel NEO OpenCL
runtime that is provided by the
<package>intel-compute-runtime</package> package. For Gen7 GPUs,
the deprecated Beignet runtime can be used, which is provided
by the <package>beignet</package> package. The proprietary Intel
OpenCL runtime, in the <package>intel-ocl</package> package, is
an alternative for Gen7 GPUs.
</para>
<para>
The <package>intel-compute-runtime</package>, <package>beignet</package>,
or <package>intel-ocl</package> package can be added to
<xref linkend="opt-hardware.opengl.extraPackages"/> to enable OpenCL
support. For example, for Gen8 and later GPUs, the following
configuration can be used:
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
intel-compute-runtime
];</programlisting>
</para>
</section>
</section>
<section xml:id="sec-gpu-accel-vulkan">
<title>Vulkan</title>
<para>
<link xlink:href="https://en.wikipedia.org/wiki/Vulkan_(API)">Vulkan</link> is a
graphics and compute API for GPUs. It is used directly by games or indirectly though
compatibility layers like <link xlink:href="https://github.com/doitsujin/dxvk/wiki">DXVK</link>.
</para>
<para>
By default, if <xref linkend="opt-hardware.opengl.driSupport"/> is enabled,
<package>mesa</package> is installed and provides Vulkan for supported hardware.
</para>
<para>
Similar to OpenCL, Vulkan drivers are loaded through the <emphasis>Installable Client
Driver</emphasis> (ICD) mechanism. ICD files for Vulkan are JSON files that specify
the path to the driver library and the supported Vulkan version. All successfully
loaded drivers are exposed to the application as different GPUs.
In NixOS, there are two ways to make ICD files visible to Vulkan applications: an
environment variable and a module option.
</para>
<para>
The first option is through the <varname>VK_ICD_FILENAMES</varname>
environment variable. This variable can contain multiple JSON files, separated by
<literal>:</literal>. For example:
<screen><prompt>$</prompt> export \
VK_ICD_FILENAMES=`nix-build '&lt;nixpkgs&gt;' --no-out-link -A amdvlk`/share/vulkan/icd.d/amd_icd64.json</screen>
</para>
<para>
The second mechanism is to add the Vulkan driver package to
<xref linkend="opt-hardware.opengl.extraPackages"/>. This links the
ICD file under <filename>/run/opengl-driver</filename>, where it will
be visible to the ICD loader.
</para>
<para>
The proper installation of Vulkan drivers can be verified through
the <command>vulkaninfo</command> command of the <package>vulkan-tools</package>
package. This command will report the hardware devices and drivers found,
in this example output amdvlk and radv:
</para>
<screen><prompt>$</prompt> vulkaninfo | grep GPU
GPU id : 0 (Unknown AMD GPU)
GPU id : 1 (AMD RADV NAVI10 (LLVM 9.0.1))
...
GPU0:
deviceType = PHYSICAL_DEVICE_TYPE_DISCRETE_GPU
deviceName = Unknown AMD GPU
GPU1:
deviceType = PHYSICAL_DEVICE_TYPE_DISCRETE_GPU</screen>
<para>
A simple graphical application that uses Vulkan is <command>vkcube</command>
from the <package>vulkan-tools</package> package.
</para>
<section xml:id="sec-gpu-accel-vulkan-amd">
<title>AMD</title>
<para>
Modern AMD <link
xlink:href="https://en.wikipedia.org/wiki/Graphics_Core_Next">Graphics
Core Next</link> (GCN) GPUs are supported through either radv, which is
part of <package>mesa</package>, or the <package>amdvlk</package> package.
Adding the <package>amdvlk</package> package to
<xref linkend="opt-hardware.opengl.extraPackages"/> makes both drivers
available for applications and lets them choose. A specific driver can
be forced as follows:
<programlisting><xref linkend="opt-hardware.opengl.extraPackages"/> = [
<package>amdvlk</package>
];
# For amdvlk
<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES =
"/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
# For radv
<xref linkend="opt-environment.variables"/>.VK_ICD_FILENAMES =
"/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
</programlisting>
</para>
</section>
</section>
<section xml:id="sec-gpu-accel-common-issues">
<title>Common issues</title>
<section xml:id="sec-gpu-accel-common-issues-permissions">
<title>User permissions</title>
<para>
Except where noted explicitly, it should not be necessary to
adjust user permissions to use these acceleration APIs. In the default
configuration, GPU devices have world-read/write permissions
(<filename>/dev/dri/renderD*</filename>) or are tagged as
<code>uaccess</code> (<filename>/dev/dri/card*</filename>). The
access control lists of devices with the <varname>uaccess</varname>
tag will be updated automatically when a user logs in through
<command>systemd-logind</command>. For example, if the user
<emphasis>jane</emphasis> is logged in, the access control list
should look as follows:
<screen><prompt>$</prompt> getfacl /dev/dri/card0
# file: dev/dri/card0
# owner: root
# group: video
user::rw-
user:jane:rw-
group::rw-
mask::rw-
other::---</screen>
If you disabled (this functionality of) <command>systemd-logind</command>,
you may need to add the user to the <code>video</code> group and
log in again.
</para>
</section>
<section xml:id="sec-gpu-accel-common-issues-mixing-nixpkgs">
<title>Mixing different versions of nixpkgs</title>
<para>
The <emphasis>Installable Client Driver</emphasis> (ICD)
mechanism used by OpenCL and Vulkan loads runtimes into its address
space using <code>dlopen</code>. Mixing an ICD loader mechanism and
runtimes from different version of nixpkgs may not work. For example,
if the ICD loader uses an older version of <package>glibc</package>
than the runtime, the runtime may not be loadable due to
missing symbols. Unfortunately, the loader will generally be quiet
about such issues.
</para>
<para>
If you suspect that you are running into library version mismatches
between an ICL loader and a runtime, you could run an application with
the <code>LD_DEBUG</code> variable set to get more diagnostic
information. For example, OpenCL can be tested with
<code>LD_DEBUG=files clinfo</code>, which should report missing
symbols.
</para>
</section>
</section> </section>
</chapter> </chapter>

View file

@ -0,0 +1,68 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-freeform-modules">
<title>Freeform modules</title>
<para>
Freeform modules allow you to define values for option paths that have not been declared explicitly. This can be used to add attribute-specific types to what would otherwise have to be <literal>attrsOf</literal> options in order to accept all attribute names.
</para>
<para>
This feature can be enabled by using the attribute <literal>freeformType</literal> to define a freeform type. By doing this, all assignments without an associated option will be merged using the freeform type and combined into the resulting <literal>config</literal> set. Since this feature nullifies name checking for entire option trees, it is only recommended for use in submodules.
</para>
<example xml:id="ex-freeform-module">
<title>Freeform submodule</title>
<para>
The following shows a submodule assigning a freeform type that allows arbitrary attributes with <literal>str</literal> values below <literal>settings</literal>, but also declares an option for the <literal>settings.port</literal> attribute to have it type-checked and assign a default value. See <xref linkend="ex-settings-typed-attrs"/> for a more complete example.
</para>
<programlisting>
{ lib, config, ... }: {
options.settings = lib.mkOption {
type = lib.types.submodule {
freeformType = with lib.types; attrsOf str;
# We want this attribute to be checked for the correct type
options.port = lib.mkOption {
type = lib.types.port;
# Declaring the option also allows defining a default value
default = 8080;
};
};
};
}
</programlisting>
<para>
And the following shows what such a module then allows
</para>
<programlisting>
{
# Not a declared option, but the freeform type allows this
settings.logLevel = "debug";
# Not allowed because the the freeform type only allows strings
# settings.enable = true;
# Allowed because there is a port option declared
settings.port = 80;
# Not allowed because the port option doesn't allow strings
# settings.port = "443";
}
</programlisting>
</example>
<note>
<para>
Freeform attributes cannot depend on other attributes of the same set without infinite recursion:
<programlisting>
{
# This throws infinite recursion encountered
settings.logLevel = lib.mkIf (config.settings.port == 80) "debug";
}
</programlisting>
To prevent this, declare options for all attributes that need to depend on others. For above example this means to declare <literal>logLevel</literal> to be an option.
</para>
</note>
</section>

View file

@ -0,0 +1,216 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-settings-options">
<title>Options for Program Settings</title>
<para>
Many programs have configuration files where program-specific settings can be declared. File formats can be separated into two categories:
<itemizedlist>
<listitem>
<para>
Nix-representable ones: These can trivially be mapped to a subset of Nix syntax. E.g. JSON is an example, since its values like <literal>{"foo":{"bar":10}}</literal> can be mapped directly to Nix: <literal>{ foo = { bar = 10; }; }</literal>. Other examples are INI, YAML and TOML. The following section explains the convention for these settings.
</para>
</listitem>
<listitem>
<para>
Non-nix-representable ones: These can't be trivially mapped to a subset of Nix syntax. Most generic programming languages are in this group, e.g. bash, since the statement <literal>if true; then echo hi; fi</literal> doesn't have a trivial representation in Nix.
</para>
<para>
Currently there are no fixed conventions for these, but it is common to have a <literal>configFile</literal> option for setting the configuration file path directly. The default value of <literal>configFile</literal> can be an auto-generated file, with convenient options for controlling the contents. For example an option of type <literal>attrsOf str</literal> can be used for representing environment variables which generates a section like <literal>export FOO="foo"</literal>. Often it can also be useful to also include an <literal>extraConfig</literal> option of type <literal>lines</literal> to allow arbitrary text after the autogenerated part of the file.
</para>
</listitem>
</itemizedlist>
</para>
<section xml:id="sec-settings-nix-representable">
<title>Nix-representable Formats (JSON, YAML, TOML, INI, ...)</title>
<para>
By convention, formats like this are handled with a generic <literal>settings</literal> option, representing the full program configuration as a Nix value. The type of this option should represent the format. The most common formats have a predefined type and string generator already declared under <literal>pkgs.formats</literal>:
<variablelist>
<varlistentry>
<term>
<varname>pkgs.formats.json</varname> { }
</term>
<listitem>
<para>
A function taking an empty attribute set (for future extensibility) and returning a set with JSON-specific attributes <varname>type</varname> and <varname>generate</varname> as specified <link linkend='pkgs-formats-result'>below</link>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>pkgs.formats.yaml</varname> { }
</term>
<listitem>
<para>
A function taking an empty attribute set (for future extensibility) and returning a set with YAML-specific attributes <varname>type</varname> and <varname>generate</varname> as specified <link linkend='pkgs-formats-result'>below</link>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>pkgs.formats.ini</varname> { <replaceable>listsAsDuplicateKeys</replaceable> ? false, ... }
</term>
<listitem>
<para>
A function taking an attribute set with values
<variablelist>
<varlistentry>
<term>
<varname>listsAsDuplicateKeys</varname>
</term>
<listitem>
<para>
A boolean for controlling whether list values can be used to represent duplicate INI keys
</para>
</listitem>
</varlistentry>
</variablelist>
It returns a set with INI-specific attributes <varname>type</varname> and <varname>generate</varname> as specified <link linkend='pkgs-formats-result'>below</link>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>pkgs.formats.toml</varname> { }
</term>
<listitem>
<para>
A function taking an empty attribute set (for future extensibility) and returning a set with TOML-specific attributes <varname>type</varname> and <varname>generate</varname> as specified <link linkend='pkgs-formats-result'>below</link>.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
<para xml:id="pkgs-formats-result">
These functions all return an attribute set with these values:
<variablelist>
<varlistentry>
<term>
<varname>type</varname>
</term>
<listitem>
<para>
A module system type representing a value of the format
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>generate</varname> <replaceable>filename</replaceable> <replaceable>jsonValue</replaceable>
</term>
<listitem>
<para>
A function that can render a value of the format to a file. Returns a file path.
<note>
<para>
This function puts the value contents in the Nix store. So this should be avoided for secrets.
</para>
</note>
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
<example xml:id="ex-settings-nix-representable">
<title>Module with conventional <literal>settings</literal> option</title>
<para>
The following shows a module for an example program that uses a JSON configuration file. It demonstrates how above values can be used, along with some other related best practices. See the comments for explanations.
</para>
<programlisting>
{ options, config, lib, pkgs, ... }:
let
cfg = config.services.foo;
# Define the settings format used for this program
settingsFormat = pkgs.formats.json {};
in {
options.services.foo = {
enable = lib.mkEnableOption "foo service";
settings = lib.mkOption {
# Setting this type allows for correct merging behavior
type = settingsFormat.type;
default = {};
description = ''
Configuration for foo, see
&lt;link xlink:href="https://example.com/docs/foo"/&gt;
for supported settings.
'';
};
};
config = lib.mkIf cfg.enable {
# We can assign some default settings here to make the service work by just
# enabling it. We use `mkDefault` for values that can be changed without
# problems
services.foo.settings = {
# Fails at runtime without any value set
log_level = lib.mkDefault "WARN";
# We assume systemd's `StateDirectory` is used, so we require this value,
# therefore no mkDefault
data_path = "/var/lib/foo";
# Since we use this to create a user we need to know the default value at
# eval time
user = lib.mkDefault "foo";
};
environment.etc."foo.json".source =
# The formats generator function takes a filename and the Nix value
# representing the format value and produces a filepath with that value
# rendered in the format
settingsFormat.generate "foo-config.json" cfg.settings;
# We know that the `user` attribute exists because we set a default value
# for it above, allowing us to use it without worries here
users.users.${cfg.settings.user} = {};
# ...
};
}
</programlisting>
</example>
<section xml:id="sec-settings-attrs-options">
<title>Option declarations for attributes</title>
<para>
Some <literal>settings</literal> attributes may deserve some extra care. They may need a different type, default or merging behavior, or they are essential options that should show their documentation in the manual. This can be done using <xref linkend='sec-freeform-modules'/>.
<example xml:id="ex-settings-typed-attrs">
<title>Declaring a type-checked <literal>settings</literal> attribute</title>
<para>
We extend above example using freeform modules to declare an option for the port, which will enforce it to be a valid integer and make it show up in the manual.
</para>
<programlisting>
settings = lib.mkOption {
type = lib.types.submodule {
freeformType = settingsFormat.type;
# Declare an option for the port such that the type is checked and this option
# is shown in the manual.
options.port = lib.mkOption {
type = lib.types.port;
default = 8080;
description = ''
Which port this service should listen on.
'';
};
};
default = {};
description = ''
Configuration for Foo, see
&lt;link xlink:href="https://example.com/docs/foo"/&gt;
for supported values.
'';
};
</programlisting>
</example>
</para>
</section>
</section>
</section>

View file

@ -183,4 +183,6 @@ in {
<xi:include href="meta-attributes.xml" /> <xi:include href="meta-attributes.xml" />
<xi:include href="importing-modules.xml" /> <xi:include href="importing-modules.xml" />
<xi:include href="replace-modules.xml" /> <xi:include href="replace-modules.xml" />
<xi:include href="freeform-modules.xml" />
<xi:include href="settings-options.xml" />
</chapter> </chapter>

View file

@ -216,12 +216,12 @@ start_all()
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term> <term>
<methodname>send_keys</methodname> <methodname>send_key</methodname>
</term> </term>
<listitem> <listitem>
<para> <para>
Simulate pressing keys on the virtual keyboard, e.g., Simulate pressing keys on the virtual keyboard, e.g.,
<literal>send_keys("ctrl-alt-delete")</literal>. <literal>send_key("ctrl-alt-delete")</literal>.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -232,7 +232,7 @@ start_all()
<listitem> <listitem>
<para> <para>
Simulate typing a sequence of characters on the virtual keyboard, e.g., Simulate typing a sequence of characters on the virtual keyboard, e.g.,
<literal>send_keys("foobar\n")</literal> will type the string <literal>send_chars("foobar\n")</literal> will type the string
<literal>foobar</literal> followed by the Enter key. <literal>foobar</literal> followed by the Enter key.
</para> </para>
</listitem> </listitem>

View file

@ -16,7 +16,7 @@
</para> </para>
<programlisting> <programlisting>
nix-build -A netboot nixos/release.nix nix-build -A netboot.x86_64-linux nixos/release.nix
</programlisting> </programlisting>
<para> <para>

View file

@ -42,7 +42,7 @@
</para> </para>
<para> <para>
If the text is too small to be legible, try <command>setfont ter-132n</command> If the text is too small to be legible, try <command>setfont ter-v32n</command>
to increase the font size. to increase the font size.
</para> </para>

View file

@ -42,6 +42,11 @@
PHP now defaults to PHP 7.4, updated from 7.3. PHP now defaults to PHP 7.4, updated from 7.3.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
PHP 7.2 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 20.09 release.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Python 3 now defaults to Python 3.8 instead of 3.7. Python 3 now defaults to Python 3.8 instead of 3.7.
@ -109,6 +114,17 @@ systemd.services.mysql.serviceConfig.ProtectHome = lib.mkForce "read-only";
systemd.services.mysql.serviceConfig.ReadWritePaths = [ "/var/data" ]; systemd.services.mysql.serviceConfig.ReadWritePaths = [ "/var/data" ];
</programlisting> </programlisting>
</para> </para>
<para>
The MySQL service no longer runs its <literal>systemd</literal> service startup script as <literal>root</literal> anymore. A dedicated non <literal>root</literal>
super user account is required for operation. This means users with an existing MySQL or MariaDB database server are required to run the following SQL statements
as a super admin user before upgrading:
<programlisting>
CREATE USER IF NOT EXISTS 'mysql'@'localhost' identified with unix_socket;
GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION;
</programlisting>
If you use MySQL instead of MariaDB please replace <literal>unix_socket</literal> with <literal>auth_socket</literal>. If you have changed the value of <xref linkend="opt-services.mysql.user"/>
from the default of <literal>mysql</literal> to a different user please change <literal>'mysql'@'localhost'</literal> to the corresponding user instead.
</para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
@ -130,6 +146,16 @@ systemd.services.mysql.serviceConfig.ReadWritePaths = [ "/var/data" ];
This will make container tools like Podman work as non-root users out of the box. This will make container tools like Podman work as non-root users out of the box.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The various documented workarounds to use steam have been converted to a module. <varname>programs.steam.enable</varname> enables steam, controller support and the workarounds.
</para>
</listitem>
<listitem>
<para>
Support for built-in LCDs in various pieces of Logitech hardware (keyboards and USB speakers). <varname>hardware.logitech.lcd.enable</varname> enables support for all hardware supported by the g15daemon project.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
@ -176,9 +202,7 @@ systemd.services.mysql.serviceConfig.ReadWritePaths = [ "/var/data" ];
likekly to break with future versions of go. As a result likekly to break with future versions of go. As a result
<literal>buildGoModule</literal> switched from <literal>buildGoModule</literal> switched from
<literal>modSha256</literal> to the <literal>vendorSha256</literal> <literal>modSha256</literal> to the <literal>vendorSha256</literal>
attribute to pin fetched version data. <literal>buildGoModule</literal> attribute to pin fetched version data.
still accepts <literal>modSha256</literal> with a warning, but support will
be removed in the next release.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -513,6 +537,46 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
<listitem> <listitem>
<para> <para>
In the <literal>resilio</literal> module, <xref linkend="opt-services.resilio.httpListenAddr"/> has been changed to listen to <literal>[::1]</literal> instead of <literal>0.0.0.0</literal>. In the <literal>resilio</literal> module, <xref linkend="opt-services.resilio.httpListenAddr"/> has been changed to listen to <literal>[::1]</literal> instead of <literal>0.0.0.0</literal>.
</para>
</listitem>
<listitem>
<para>
Users of <link xlink:href="http://openafs.org">OpenAFS 1.6</link> must
upgrade their services to OpenAFS 1.8! In this release, the OpenAFS package
version 1.6.24 is marked broken but can be used during transition to
OpenAFS 1.8.x. Use the options
<option>services.openafsClient.packages.module</option>,
<option>services.openafsClient.packages.programs</option> and
<option>services.openafsServer.package</option> to select a different
OpenAFS package. OpenAFS 1.6 will be removed in the next release. The
package <literal>openafs</literal> and the service options will then
silently point to the OpenAFS 1.8 release.
</para>
<para>
See also the OpenAFS <link
xlink:href="http://docs.openafs.org/AdminGuide/index.html">Administrator
Guide</link> for instructions. Beware of the following when updating
servers:
<itemizedlist>
<listitem>
<para>
The storage format of the server key has changed and the key must be converted before running the new release.
</para>
</listitem>
<listitem>
<para>
When updating multiple database servers, turn off the database servers
from the highest IP down to the lowest with resting periods in
between. Start up in reverse order. Do not concurrently run database
servers working with different OpenAFS releases!
</para>
</listitem>
<listitem>
<para>
Update servers first, then clients.
</para>
</listitem>
</itemizedlist>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -525,12 +589,106 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
automatically if <literal>stateVersion</literal> is 20.09 or higher. automatically if <literal>stateVersion</literal> is 20.09 or higher.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<literal>udpt</literal> experienced a complete rewrite from C++ to rust. The configuration format changed from ini to toml.
The new configuration documentation can be found at
<link xlink:href="https://naim94a.github.io/udpt/config.html">the official website</link> and example
configuration is packaged in <literal>${udpt}/share/udpt/udpt.toml</literal>.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
We now have a unified <xref linkend="opt-services.xserver.displayManager.autoLogin"/> option interface We now have a unified <xref linkend="opt-services.xserver.displayManager.autoLogin"/> option interface
to be used for every display-manager in NixOS. to be used for every display-manager in NixOS.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>bitcoind</literal> module has changed to multi-instance, using submodules.
Therefore, it is now mandatory to name each instance.
To use this new multi-instance config with an existing bitcoind data directory and user,
you have to adjust the original config, e.g.:
<programlisting>
services.bitcoind = {
enable = true;
extraConfig = "...";
...
};
</programlisting>
To something similar:
<programlisting>
services.bitcoind.mainnet = {
enable = true;
dataDir = "/var/lib/bitcoind";
user = "bitcoin";
extraConfig = "...";
...
};
</programlisting>
The key settings are:
<itemizedlist>
<listitem>
<para>
<literal>dataDir</literal> - to continue using the same data directory.
</para>
</listitem>
<listitem>
<para>
<literal>user</literal> - to continue using the same user so that bitcoind maintains access to its files.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
Graylog introduced a change in the LDAP server certificate validation behaviour for version 3.3.3 which might break existing setups.
When updating Graylog from a version before 3.3.3 make sure to check the Graylog <link xlink:href="https://www.graylog.org/post/announcing-graylog-v3-3-3">release info</link> for information on how to avoid the issue.
</para>
</listitem>
<listitem>
<para>
The <literal>dokuwiki</literal> module has changed to multi-instance, using submodules.
Therefore, it is now mandatory to name each instance. Moreover, forcing SSL by default has been dropped, so
<literal>nginx.forceSSL</literal> and <literal>nginx.enableACME</literal> are no longer set to <literal>true</literal>.
To continue using your service with the original SSL settings, you have to adjust the original config, e.g.:
<programlisting>
services.dokuwiki = {
enable = true;
...
};
</programlisting>
To something similar:
<programlisting>
services.dokuwiki."mywiki" = {
enable = true;
nginx = {
forceSSL = true;
enableACME = true;
};
...
};
</programlisting>
The base package has also been upgraded to the 2020-07-29 "Hogfather" release. Plugins might be incompatible or require upgrading.
</para>
</listitem>
<listitem>
<para>
The <xref linkend="opt-services.postgresql.dataDir"/> option is now set to <literal>"/var/lib/postgresql/${cfg.package.psqlSchema}"</literal> regardless of your
<xref linkend="opt-system.stateVersion"/>. Users with an existing postgresql install that have a <xref linkend="opt-system.stateVersion"/> of <literal>17.09</literal> or below
should double check what the value of their <xref linkend="opt-services.postgresql.dataDir"/> option is (<literal>/var/db/postgresql</literal>) and then explicitly
set this value to maintain compatibility:
<programlisting>
services.postgresql.dataDir = "/var/db/postgresql";
</programlisting>
</para>
</listitem>
<listitem>
<para>
The USBGuard module now removes options and instead hardcodes values for <literal>IPCAccessControlFiles</literal>, <literal>ruleFiles</literal>, and <literal>auditFilePath</literal>. Audit logs can be found in the journal.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
@ -566,6 +724,11 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
The default output of <literal>buildGoPackage</literal> is now <literal>$out</literal> instead of <literal>$bin</literal>. The default output of <literal>buildGoPackage</literal> is now <literal>$out</literal> instead of <literal>$bin</literal>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<literal>buildGoModule</literal> <literal>doCheck</literal> now defaults to <literal>true</literal>.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Packages built using <literal>buildRustPackage</literal> now use <literal>release</literal> Packages built using <literal>buildRustPackage</literal> now use <literal>release</literal>
@ -623,6 +786,37 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
was removed, as udev gained native support to handle FIDO security tokens. was removed, as udev gained native support to handle FIDO security tokens.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>services.transmission</literal> module
was enhanced with the new options:
<xref linkend="opt-services.transmission.credentialsFile"/>,
<xref linkend="opt-services.transmission.openFirewall"/>,
and <xref linkend="opt-services.transmission.performanceNetParameters"/>.
</para>
<para>
<literal>transmission-daemon</literal> is now started with additional systemd sandbox/hardening options for better security.
Please <link xlink:href="https://github.com/NixOS/nixpkgs/issues">report</link>
any use case where this is not working well.
In particular, the <literal>RootDirectory</literal> option newly set
forbids uploading or downloading a torrent outside of the default directory
configured at <link linkend="opt-services.transmission.settings">settings.download-dir</link>.
If you really need Transmission to access other directories,
you must include those directories into the <literal>BindPaths</literal> of the service:
<programlisting>
systemd.services.transmission.serviceConfig.BindPaths = [ "/path/to/alternative/download-dir" ];
</programlisting>
</para>
<para>
Also, connection to the RPC (Remote Procedure Call) of <literal>transmission-daemon</literal>
is now only available on the local network interface by default.
Use:
<programlisting>
services.transmission.settings.rpc-bind-address = "0.0.0.0";
</programlisting>
to get the previous behavior of listening on all network interfaces.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
With this release <literal>systemd-networkd</literal> (when enabled through <xref linkend="opt-networking.useNetworkd"/>) With this release <literal>systemd-networkd</literal> (when enabled through <xref linkend="opt-networking.useNetworkd"/>)
@ -705,6 +899,17 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
There are no functional changes, however this may require updating some configurations to use correct types for all attributes. There are no functional changes, however this may require updating some configurations to use correct types for all attributes.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <literal>fontconfig</literal> module stopped generating fontconfig 2.10.x config and cache.
Fontconfig 2.10.x was removed from Nixpkgs - it hasn't been used in any nixpkgs package anymore.
</para>
</listitem>
<listitem>
<para>
The packages <package>perl</package>, <package>rsync</package> and <package>strace</package> were removed from <option>systemPackages</option>. If you need them, install them again with <code><xref linkend="opt-environment.systemPackages"/> = with pkgs; [ perl rsync strace ];</code> in your <filename>configuration.nix</filename>.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
</section> </section>

View file

@ -5,21 +5,32 @@
config config
, # The size of the disk, in megabytes. , # The size of the disk, in megabytes.
diskSize # if "auto" size is calculated based on the contents copied to it and
# additionalSpace is taken into account.
diskSize ? "auto"
# The files and directories to be placed in the target file system. , # additional disk space to be added to the image if diskSize "auto"
# is used
additionalSpace ? "512M"
, # size of the boot partition, is only used if partitionTableType is
# either "efi" or "hybrid"
bootSize ? "256M"
, # The files and directories to be placed in the target file system.
# This is a list of attribute sets {source, target} where `source' # This is a list of attribute sets {source, target} where `source'
# is the file system object (regular file or directory) to be # is the file system object (regular file or directory) to be
# grafted in the file system at path `target'. # grafted in the file system at path `target'.
, contents ? [] contents ? []
, # Type of partition table to use; either "legacy", "efi", or "none". , # Type of partition table to use; either "legacy", "efi", or "none".
# For "efi" images, the GPT partition table is used and a mandatory ESP # For "efi" images, the GPT partition table is used and a mandatory ESP
# partition of reasonable size is created in addition to the root partition. # partition of reasonable size is created in addition to the root partition.
# If `installBootLoader` is true, GRUB will be installed in EFI mode.
# For "legacy", the msdos partition table is used and a single large root # For "legacy", the msdos partition table is used and a single large root
# partition is created. If `installBootLoader` is true, GRUB will be # partition is created.
# installed in legacy mode. # For "hybrid", the GPT partition table is used and a mandatory ESP
# partition of reasonable size is created in addition to the root partition.
# Also a legacy MBR will be present.
# For "none", no partition table is created. Enabling `installBootLoader` # For "none", no partition table is created. Enabling `installBootLoader`
# most likely fails as GRUB will probably refuse to install. # most likely fails as GRUB will probably refuse to install.
partitionTableType ? "legacy" partitionTableType ? "legacy"
@ -43,7 +54,7 @@
format ? "raw" format ? "raw"
}: }:
assert partitionTableType == "legacy" || partitionTableType == "efi" || partitionTableType == "none"; assert partitionTableType == "legacy" || partitionTableType == "efi" || partitionTableType == "hybrid" || partitionTableType == "none";
# We use -E offset=X below, which is only supported by e2fsprogs # We use -E offset=X below, which is only supported by e2fsprogs
assert partitionTableType != "none" -> fsType == "ext4"; assert partitionTableType != "none" -> fsType == "ext4";
@ -60,11 +71,12 @@ let format' = format; in let
vdi = "vdi"; vdi = "vdi";
vpc = "vhd"; vpc = "vhd";
raw = "img"; raw = "img";
}.${format}; }.${format} or format;
rootPartition = { # switch-case rootPartition = { # switch-case
legacy = "1"; legacy = "1";
efi = "2"; efi = "2";
hybrid = "3";
}.${partitionTableType}; }.${partitionTableType};
partitionDiskScript = { # switch-case partitionDiskScript = { # switch-case
@ -76,9 +88,18 @@ let format' = format; in let
efi = '' efi = ''
parted --script $diskImage -- \ parted --script $diskImage -- \
mklabel gpt \ mklabel gpt \
mkpart ESP fat32 8MiB 256MiB \ mkpart ESP fat32 8MiB ${bootSize} \
set 1 boot on \ set 1 boot on \
mkpart primary ext4 256MiB -1 mkpart primary ext4 ${bootSize} -1
'';
hybrid = ''
parted --script $diskImage -- \
mklabel gpt \
mkpart ESP fat32 8MiB ${bootSize} \
set 1 boot on \
mkpart no-fs 0 1024KiB \
set 2 bios_grub on \
mkpart primary ext4 ${bootSize} -1
''; '';
none = ""; none = "";
}.${partitionTableType}; }.${partitionTableType};
@ -129,19 +150,6 @@ let format' = format; in let
} }
mkdir $out mkdir $out
diskImage=nixos.raw
truncate -s ${toString diskSize}M $diskImage
${partitionDiskScript}
${if partitionTableType != "none" then ''
# Get start & length of the root partition in sectors to $START and $SECTORS.
eval $(partx $diskImage -o START,SECTORS --nr ${rootPartition} --pairs)
mkfs.${fsType} -F -L ${label} $diskImage -E offset=$(sectorsToBytes $START) $(sectorsToKilobytes $SECTORS)K
'' else ''
mkfs.${fsType} -F -L ${label} $diskImage
''}
root="$PWD/root" root="$PWD/root"
mkdir -p $root mkdir -p $root
@ -186,6 +194,31 @@ let format' = format; in let
nixos-install --root $root --no-bootloader --no-root-passwd \ nixos-install --root $root --no-bootloader --no-root-passwd \
--system ${config.system.build.toplevel} --channel ${channelSources} --substituters "" --system ${config.system.build.toplevel} --channel ${channelSources} --substituters ""
diskImage=nixos.raw
${if diskSize == "auto" then ''
${if partitionTableType == "efi" || partitionTableType == "hybrid" then ''
additionalSpace=$(( ($(numfmt --from=iec '${additionalSpace}') + $(numfmt --from=iec '${bootSize}')) / 1000 ))
'' else ''
additionalSpace=$(( $(numfmt --from=iec '${additionalSpace}') / 1000 ))
''}
diskSize=$(( $(set -- $(du -d0 $root); echo "$1") + $additionalSpace ))
truncate -s "$diskSize"K $diskImage
'' else ''
truncate -s ${toString diskSize}M $diskImage
''}
${partitionDiskScript}
${if partitionTableType != "none" then ''
# Get start & length of the root partition in sectors to $START and $SECTORS.
eval $(partx $diskImage -o START,SECTORS --nr ${rootPartition} --pairs)
mkfs.${fsType} -F -L ${label} $diskImage -E offset=$(sectorsToBytes $START) $(sectorsToKilobytes $SECTORS)K
'' else ''
mkfs.${fsType} -F -L ${label} $diskImage
''}
echo "copying staging root to image..." echo "copying staging root to image..."
cptofs -p ${optionalString (partitionTableType != "none") "-P ${rootPartition}"} -t ${fsType} -i $diskImage $root/* / cptofs -p ${optionalString (partitionTableType != "none") "-P ${rootPartition}"} -t ${fsType} -i $diskImage $root/* /
''; '';
@ -219,7 +252,7 @@ in pkgs.vmTools.runInLinuxVM (
# Create the ESP and mount it. Unlike e2fsprogs, mkfs.vfat doesn't support an # Create the ESP and mount it. Unlike e2fsprogs, mkfs.vfat doesn't support an
# '-E offset=X' option, so we can't do this outside the VM. # '-E offset=X' option, so we can't do this outside the VM.
${optionalString (partitionTableType == "efi") '' ${optionalString (partitionTableType == "efi" || partitionTableType == "hybrid") ''
mkdir -p /mnt/boot mkdir -p /mnt/boot
mkfs.vfat -n ESP /dev/vda1 mkfs.vfat -n ESP /dev/vda1
mount /dev/vda1 /mnt/boot mount /dev/vda1 /mnt/boot

View file

@ -46,7 +46,10 @@ pkgs.stdenv.mkDerivation {
( (
GLOBIGNORE=".:.." GLOBIGNORE=".:.."
shopt -u dotglob shopt -u dotglob
cp -a --reflink=auto ./files/* -t ./rootImage/
for f in ./files/*; do
cp -a --reflink=auto -t ./rootImage/ "$f"
done
) )
# Also include a manifest of the closures in a format suitable for nix-store --load-db # Also include a manifest of the closures in a format suitable for nix-store --load-db

View file

@ -1,4 +1,4 @@
{ stdenv, closureInfo, xorriso, syslinux { stdenv, closureInfo, xorriso, syslinux, libossp_uuid
, # The file name of the resulting ISO image. , # The file name of the resulting ISO image.
isoName ? "cd.iso" isoName ? "cd.iso"
@ -48,7 +48,7 @@ assert usbBootable -> isohybridMbrImage != "";
stdenv.mkDerivation { stdenv.mkDerivation {
name = isoName; name = isoName;
builder = ./make-iso9660-image.sh; builder = ./make-iso9660-image.sh;
buildInputs = [ xorriso syslinux zstd ]; buildInputs = [ xorriso syslinux zstd libossp_uuid ];
inherit isoName bootable bootImage compressImage volumeID efiBootImage efiBootable isohybridMbrImage usbBootable; inherit isoName bootable bootImage compressImage volumeID efiBootImage efiBootable isohybridMbrImage usbBootable;

View file

@ -99,7 +99,12 @@ done
mkdir -p $out/iso mkdir -p $out/iso
# daed2280-b91e-42c0-aed6-82c825ca41f3 is an arbitrary namespace, to prevent
# independent applications from generating the same UUID for the same value.
# (the chance of that being problematic seem pretty slim here, but that's how
# version-5 UUID's work)
xorriso="xorriso xorriso="xorriso
-boot_image any gpt_disk_guid=$(uuid -v 5 daed2280-b91e-42c0-aed6-82c825ca41f3 $out | tr -d -)
-as mkisofs -as mkisofs
-iso-level 3 -iso-level 3
-volid ${volumeID} -volid ${volumeID}
@ -118,15 +123,6 @@ xorriso="xorriso
$xorriso -output $out/iso/$isoName $xorriso -output $out/iso/$isoName
if test -n "$usbBootable"; then
echo "Making image hybrid..."
if test -n "$efiBootable"; then
isohybrid --uefi $out/iso/$isoName
else
isohybrid $out/iso/$isoName
fi
fi
if test -n "$compressImage"; then if test -n "$compressImage"; then
echo "Compressing image..." echo "Compressing image..."
zstd -T$NIX_BUILD_CORES --rm $out/iso/$isoName zstd -T$NIX_BUILD_CORES --rm $out/iso/$isoName

View file

@ -36,7 +36,7 @@ let
// lib.optionalAttrs (opt ? example) { example = substFunction opt.example; } // lib.optionalAttrs (opt ? example) { example = substFunction opt.example; }
// lib.optionalAttrs (opt ? default) { default = substFunction opt.default; } // lib.optionalAttrs (opt ? default) { default = substFunction opt.default; }
// lib.optionalAttrs (opt ? type) { type = substFunction opt.type; } // lib.optionalAttrs (opt ? type) { type = substFunction opt.type; }
// lib.optionalAttrs (opt ? relatedPackages && opt.relatedPackages != []) { relatedPackages = genRelatedPackages opt.relatedPackages; } // lib.optionalAttrs (opt ? relatedPackages && opt.relatedPackages != []) { relatedPackages = genRelatedPackages opt.relatedPackages opt.name; }
); );
# Generate DocBook documentation for a list of packages. This is # Generate DocBook documentation for a list of packages. This is
@ -48,7 +48,7 @@ let
# - a list: that will be interpreted as an attribute path from `pkgs`, # - a list: that will be interpreted as an attribute path from `pkgs`,
# - an attrset: that can specify `name`, `path`, `package`, `comment` # - an attrset: that can specify `name`, `path`, `package`, `comment`
# (either of `name`, `path` is required, the rest are optional). # (either of `name`, `path` is required, the rest are optional).
genRelatedPackages = packages: genRelatedPackages = packages: optName:
let let
unpack = p: if lib.isString p then { name = p; } unpack = p: if lib.isString p then { name = p; }
else if lib.isList p then { path = p; } else if lib.isList p then { path = p; }
@ -58,7 +58,7 @@ let
title = args.title or null; title = args.title or null;
name = args.name or (lib.concatStringsSep "." args.path); name = args.name or (lib.concatStringsSep "." args.path);
path = args.path or [ args.name ]; path = args.path or [ args.name ];
package = args.package or (lib.attrByPath path (throw "Invalid package attribute path `${toString path}'") pkgs); package = args.package or (lib.attrByPath path (throw "Invalid package attribute path `${toString path}' found while evaluating `relatedPackages' of option `${optName}'") pkgs);
in "<listitem>" in "<listitem>"
+ "<para><literal>${lib.optionalString (title != null) "${title} aka "}pkgs.${name} (${package.meta.name})</literal>" + "<para><literal>${lib.optionalString (title != null) "${title} aka "}pkgs.${name} (${package.meta.name})</literal>"
+ lib.optionalString (!package.meta.available) " <emphasis>[UNAVAILABLE]</emphasis>" + lib.optionalString (!package.meta.available) " <emphasis>[UNAVAILABLE]</emphasis>"

View file

@ -2,13 +2,18 @@
{ pkgs }: { pkgs }:
let let
zeroPad = n: if n < 10 then "0${toString n}" else toString n; zeroPad = n:
pkgs.lib.optionalString (n < 16) "0" +
(if n > 255
then throw "Can't have more than 255 nets or nodes!"
else pkgs.lib.toHexString n);
in in
{ rec {
qemuNicMac = net: machine: "52:54:00:12:${zeroPad net}:${zeroPad machine}";
qemuNICFlags = nic: net: machine: qemuNICFlags = nic: net: machine:
[ "-device virtio-net-pci,netdev=vlan${toString nic},mac=52:54:00:12:${zeroPad net}:${zeroPad machine}" [ "-device virtio-net-pci,netdev=vlan${toString nic},mac=${qemuNicMac net machine}"
"-netdev vde,id=vlan${toString nic},sock=$QEMU_VDE_SOCKET_${toString net}" "-netdev vde,id=vlan${toString nic},sock=$QEMU_VDE_SOCKET_${toString net}"
]; ];

View file

@ -2,9 +2,11 @@ pkgs: with pkgs.lib;
rec { rec {
# Check whenever fileSystem is needed for boot # Check whenever fileSystem is needed for boot. NOTE: Make sure
fsNeededForBoot = fs: fs.neededForBoot # pathsNeededForBoot is closed under the parent relationship, i.e. if /a/b/c
|| elem fs.mountPoint [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ]; # is in the list, put /a and /a/b in as well.
pathsNeededForBoot = [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ];
fsNeededForBoot = fs: fs.neededForBoot || elem fs.mountPoint pathsNeededForBoot;
# Check whenever `b` depends on `a` as a fileSystem # Check whenever `b` depends on `a` as a fileSystem
fsBefore = a: b: a.mountPoint == b.device fsBefore = a: b: a.mountPoint == b.device

View file

@ -63,8 +63,8 @@ in {
fsType = "ext4"; fsType = "ext4";
configFile = pkgs.writeText "configuration.nix" configFile = pkgs.writeText "configuration.nix"
'' ''
{ { modulesPath, ... }: {
imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ]; imports = [ "''${modulesPath}/virtualisation/amazon-image.nix" ];
${optionalString config.ec2.hvm '' ${optionalString config.ec2.hvm ''
ec2.hvm = true; ec2.hvm = true;
''} ''}

View file

@ -1,292 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.fonts.fontconfig;
fcBool = x: "<bool>" + (boolToString x) + "</bool>";
# back-supported fontconfig version and package
# version is used for font cache generation
supportVersion = "210";
supportPkg = pkgs."fontconfig_${supportVersion}";
# latest fontconfig version and package
# version is used for configuration folder name, /etc/fonts/VERSION/
# note: format differs from supportVersion and can not be used with makeCacheConf
latestVersion = pkgs.fontconfig.configVersion;
latestPkg = pkgs.fontconfig;
# supported version fonts.conf
supportFontsConf = pkgs.makeFontsConf { fontconfig = supportPkg; fontDirectories = config.fonts.fonts; };
# configuration file to read fontconfig cache
# version dependent
# priority 0
cacheConfSupport = makeCacheConf { version = supportVersion; };
cacheConfLatest = makeCacheConf {};
# generate the font cache setting file for a fontconfig version
# use latest when no version is passed
makeCacheConf = { version ? null }:
let
fcPackage = if version == null
then "fontconfig"
else "fontconfig_${version}";
makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
cache = makeCache pkgs.${fcPackage};
cache32 = makeCache pkgs.pkgsi686Linux.${fcPackage};
in
pkgs.writeText "fc-00-nixos-cache.conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Font directories -->
${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
<!-- Pre-generated font caches -->
<cachedir>${cache}</cachedir>
${optionalString (pkgs.stdenv.isx86_64 && cfg.cache32Bit) ''
<cachedir>${cache32}</cachedir>
''}
</fontconfig>
'';
# local configuration file
localConf = pkgs.writeText "fc-local.conf" cfg.localConf;
# rendering settings configuration files
# priority 10
hintingConf = pkgs.writeText "fc-10-hinting.conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Default rendering settings -->
<match target="pattern">
<edit mode="append" name="hinting">
${fcBool cfg.hinting.enable}
</edit>
<edit mode="append" name="autohint">
${fcBool cfg.hinting.autohint}
</edit>
<edit mode="append" name="hintstyle">
<const>hintslight</const>
</edit>
</match>
</fontconfig>
'';
antialiasConf = pkgs.writeText "fc-10-antialias.conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Default rendering settings -->
<match target="pattern">
<edit mode="append" name="antialias">
${fcBool cfg.antialias}
</edit>
</match>
</fontconfig>
'';
subpixelConf = pkgs.writeText "fc-10-subpixel.conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Default rendering settings -->
<match target="pattern">
<edit mode="append" name="rgba">
<const>${cfg.subpixel.rgba}</const>
</edit>
<edit mode="append" name="lcdfilter">
<const>lcd${cfg.subpixel.lcdfilter}</const>
</edit>
</match>
</fontconfig>
'';
dpiConf = pkgs.writeText "fc-11-dpi.conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<match target="pattern">
<edit name="dpi" mode="assign">
<double>${toString cfg.dpi}</double>
</edit>
</match>
</fontconfig>
'';
# default fonts configuration file
# priority 52
defaultFontsConf =
let genDefault = fonts: name:
optionalString (fonts != []) ''
<alias>
<family>${name}</family>
<prefer>
${concatStringsSep ""
(map (font: ''
<family>${font}</family>
'') fonts)}
</prefer>
</alias>
'';
in
pkgs.writeText "fc-52-nixos-default-fonts.conf" ''
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
<!-- Default fonts -->
${genDefault cfg.defaultFonts.sansSerif "sans-serif"}
${genDefault cfg.defaultFonts.serif "serif"}
${genDefault cfg.defaultFonts.monospace "monospace"}
</fontconfig>
'';
# reject Type 1 fonts
# priority 53
rejectType1 = pkgs.writeText "fc-53-nixos-reject-type1.conf" ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<!-- Reject Type 1 fonts -->
<selectfont>
<rejectfont>
<pattern>
<patelt name="fontformat"><string>Type 1</string></patelt>
</pattern>
</rejectfont>
</selectfont>
</fontconfig>
'';
# The configuration to be included in /etc/font/
penultimateConf = pkgs.runCommand "fontconfig-penultimate-conf" {
preferLocalBuild = true;
} ''
support_folder=$out/etc/fonts/conf.d
latest_folder=$out/etc/fonts/${latestVersion}/conf.d
mkdir -p $support_folder
mkdir -p $latest_folder
# fonts.conf
ln -s ${supportFontsConf} $support_folder/../fonts.conf
ln -s ${latestPkg.out}/etc/fonts/fonts.conf \
$latest_folder/../fonts.conf
# fontconfig-penultimate various configuration files
ln -s ${pkgs.fontconfig-penultimate}/etc/fonts/conf.d/*.conf \
$support_folder
ln -s ${pkgs.fontconfig-penultimate}/etc/fonts/conf.d/*.conf \
$latest_folder
ln -s ${cacheConfSupport} $support_folder/00-nixos-cache.conf
ln -s ${cacheConfLatest} $latest_folder/00-nixos-cache.conf
rm $support_folder/10-antialias.conf $latest_folder/10-antialias.conf
ln -s ${antialiasConf} $support_folder/10-antialias.conf
ln -s ${antialiasConf} $latest_folder/10-antialias.conf
rm $support_folder/10-hinting.conf $latest_folder/10-hinting.conf
ln -s ${hintingConf} $support_folder/10-hinting.conf
ln -s ${hintingConf} $latest_folder/10-hinting.conf
${optionalString cfg.useEmbeddedBitmaps ''
rm $support_folder/10-no-embedded-bitmaps.conf
rm $latest_folder/10-no-embedded-bitmaps.conf
''}
rm $support_folder/10-subpixel.conf $latest_folder/10-subpixel.conf
ln -s ${subpixelConf} $support_folder/10-subpixel.conf
ln -s ${subpixelConf} $latest_folder/10-subpixel.conf
${optionalString (cfg.dpi != 0) ''
ln -s ${dpiConf} $support_folder/11-dpi.conf
ln -s ${dpiConf} $latest_folder/11-dpi.conf
''}
# 50-user.conf
${optionalString (!cfg.includeUserConf) ''
rm $support_folder/50-user.conf
rm $latest_folder/50-user.conf
''}
# 51-local.conf
rm $latest_folder/51-local.conf
substitute \
${pkgs.fontconfig-penultimate}/etc/fonts/conf.d/51-local.conf \
$latest_folder/51-local.conf \
--replace local.conf /etc/fonts/${latestVersion}/local.conf
# local.conf (indirect priority 51)
${optionalString (cfg.localConf != "") ''
ln -s ${localConf} $support_folder/../local.conf
ln -s ${localConf} $latest_folder/../local.conf
''}
# 52-nixos-default-fonts.conf
ln -s ${defaultFontsConf} $support_folder/52-nixos-default-fonts.conf
ln -s ${defaultFontsConf} $latest_folder/52-nixos-default-fonts.conf
# 53-no-bitmaps.conf
${optionalString cfg.allowBitmaps ''
rm $support_folder/53-no-bitmaps.conf
rm $latest_folder/53-no-bitmaps.conf
''}
${optionalString (!cfg.allowType1) ''
# 53-nixos-reject-type1.conf
ln -s ${rejectType1} $support_folder/53-nixos-reject-type1.conf
ln -s ${rejectType1} $latest_folder/53-nixos-reject-type1.conf
''}
'';
in
{
options = {
fonts = {
fontconfig = {
penultimate = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable fontconfig-penultimate settings to supplement the
NixOS defaults by providing per-font rendering defaults and
metric aliases.
'';
};
};
};
};
};
config = mkIf (config.fonts.fontconfig.enable && config.fonts.fontconfig.penultimate.enable) {
fonts.fontconfig.confPackages = [ penultimateConf ];
};
}

View file

@ -1,11 +1,6 @@
/* /*
NixOS support 2 fontconfig versions, "support" and "latest". Configuration files are linked to /etc/fonts/${pkgs.fontconfig.configVersion}/conf.d/
- "latest" refers to default fontconfig package (pkgs.fontconfig).
configuration files are linked to /etc/fonts/VERSION/conf.d/
- "support" refers to supportPkg (pkgs."fontconfig_${supportVersion}").
configuration files are linked to /etc/fonts/conf.d/
This module generates a package containing configuration files and link it in /etc/fonts. This module generates a package containing configuration files and link it in /etc/fonts.
@ -22,40 +17,21 @@ let
cfg = config.fonts.fontconfig; cfg = config.fonts.fontconfig;
fcBool = x: "<bool>" + (boolToString x) + "</bool>"; fcBool = x: "<bool>" + (boolToString x) + "</bool>";
pkg = pkgs.fontconfig;
# back-supported fontconfig version and package
# version is used for font cache generation
supportVersion = "210";
supportPkg = pkgs."fontconfig_${supportVersion}";
# latest fontconfig version and package
# version is used for configuration folder name, /etc/fonts/VERSION/
# note: format differs from supportVersion and can not be used with makeCacheConf
latestVersion = pkgs.fontconfig.configVersion;
latestPkg = pkgs.fontconfig;
# supported version fonts.conf
supportFontsConf = pkgs.makeFontsConf { fontconfig = supportPkg; fontDirectories = config.fonts.fonts; };
# configuration file to read fontconfig cache # configuration file to read fontconfig cache
# version dependent
# priority 0 # priority 0
cacheConfSupport = makeCacheConf { version = supportVersion; }; cacheConf = makeCacheConf {};
cacheConfLatest = makeCacheConf {};
# generate the font cache setting file for a fontconfig version # generate the font cache setting file
# use latest when no version is passed
# When cross-compiling, we cant generate the cache, so we skip the # When cross-compiling, we cant generate the cache, so we skip the
# <cachedir> part. fontconfig still works but is a little slower in # <cachedir> part. fontconfig still works but is a little slower in
# looking things up. # looking things up.
makeCacheConf = { version ? null }: makeCacheConf = { }:
let let
fcPackage = if version == null
then "fontconfig"
else "fontconfig_${version}";
makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; }; makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
cache = makeCache pkgs.${fcPackage}; cache = makeCache pkgs.fontconfig;
cache32 = makeCache pkgs.pkgsi686Linux.${fcPackage}; cache32 = makeCache pkgs.pkgsi686Linux.fontconfig;
in in
pkgs.writeText "fc-00-nixos-cache.conf" '' pkgs.writeText "fc-00-nixos-cache.conf" ''
<?xml version='1.0'?> <?xml version='1.0'?>
@ -200,63 +176,54 @@ let
confPkg = pkgs.runCommand "fontconfig-conf" { confPkg = pkgs.runCommand "fontconfig-conf" {
preferLocalBuild = true; preferLocalBuild = true;
} '' } ''
support_folder=$out/etc/fonts/conf.d dst=$out/etc/fonts/${pkg.configVersion}/conf.d
latest_folder=$out/etc/fonts/${latestVersion}/conf.d mkdir -p $dst
mkdir -p $support_folder
mkdir -p $latest_folder
# fonts.conf # fonts.conf
ln -s ${supportFontsConf} $support_folder/../fonts.conf ln -s ${pkg.out}/etc/fonts/fonts.conf \
ln -s ${latestPkg.out}/etc/fonts/fonts.conf \ $dst/../fonts.conf
$latest_folder/../fonts.conf # TODO: remove this legacy symlink once people stop using packages built before #95358 was merged
ln -s /etc/fonts/${pkg.configVersion}/fonts.conf \
$out/etc/fonts/fonts.conf
# fontconfig default config files # fontconfig default config files
ln -s ${supportPkg.out}/etc/fonts/conf.d/*.conf \ ln -s ${pkg.out}/etc/fonts/conf.d/*.conf \
$support_folder/ $dst/
ln -s ${latestPkg.out}/etc/fonts/conf.d/*.conf \
$latest_folder/
# update latest 51-local.conf path to look at the latest local.conf # update 51-local.conf path to look at local.conf
rm $latest_folder/51-local.conf rm $dst/51-local.conf
substitute ${latestPkg.out}/etc/fonts/conf.d/51-local.conf \ substitute ${pkg.out}/etc/fonts/conf.d/51-local.conf \
$latest_folder/51-local.conf \ $dst/51-local.conf \
--replace local.conf /etc/fonts/${latestVersion}/local.conf --replace local.conf /etc/fonts/${pkg.configVersion}/local.conf
# 00-nixos-cache.conf # 00-nixos-cache.conf
ln -s ${cacheConfSupport} \ ln -s ${cacheConf} $dst/00-nixos-cache.conf
$support_folder/00-nixos-cache.conf
ln -s ${cacheConfLatest} $latest_folder/00-nixos-cache.conf
# 10-nixos-rendering.conf # 10-nixos-rendering.conf
ln -s ${renderConf} $support_folder/10-nixos-rendering.conf ln -s ${renderConf} $dst/10-nixos-rendering.conf
ln -s ${renderConf} $latest_folder/10-nixos-rendering.conf
# 50-user.conf # 50-user.conf
${optionalString (!cfg.includeUserConf) '' # Since latest fontconfig looks for default files inside the package,
rm $support_folder/50-user.conf # we had to move this one elsewhere to be able to exclude it here.
rm $latest_folder/50-user.conf ${optionalString cfg.includeUserConf ''
ln -s ${pkg.out}/etc/fonts/conf.d.bak/50-user.conf $dst/50-user.conf
''} ''}
# local.conf (indirect priority 51) # local.conf (indirect priority 51)
${optionalString (cfg.localConf != "") '' ${optionalString (cfg.localConf != "") ''
ln -s ${localConf} $support_folder/../local.conf ln -s ${localConf} $dst/../local.conf
ln -s ${localConf} $latest_folder/../local.conf
''} ''}
# 52-nixos-default-fonts.conf # 52-nixos-default-fonts.conf
ln -s ${defaultFontsConf} $support_folder/52-nixos-default-fonts.conf ln -s ${defaultFontsConf} $dst/52-nixos-default-fonts.conf
ln -s ${defaultFontsConf} $latest_folder/52-nixos-default-fonts.conf
# 53-no-bitmaps.conf # 53-no-bitmaps.conf
ln -s ${rejectBitmaps} $support_folder/53-no-bitmaps.conf ln -s ${rejectBitmaps} $dst/53-no-bitmaps.conf
ln -s ${rejectBitmaps} $latest_folder/53-no-bitmaps.conf
${optionalString (!cfg.allowType1) '' ${optionalString (!cfg.allowType1) ''
# 53-nixos-reject-type1.conf # 53-nixos-reject-type1.conf
ln -s ${rejectType1} $support_folder/53-nixos-reject-type1.conf ln -s ${rejectType1} $dst/53-nixos-reject-type1.conf
ln -s ${rejectType1} $latest_folder/53-nixos-reject-type1.conf
''} ''}
''; '';
@ -490,7 +457,7 @@ in
environment.systemPackages = [ pkgs.fontconfig ]; environment.systemPackages = [ pkgs.fontconfig ];
environment.etc.fonts.source = "${fontconfigEtc}/etc/fonts/"; environment.etc.fonts.source = "${fontconfigEtc}/etc/fonts/";
}) })
(mkIf (cfg.enable && !cfg.penultimate.enable) { (mkIf cfg.enable {
fonts.fontconfig.confPackages = [ confPkg ]; fonts.fontconfig.confPackages = [ confPkg ];
}) })
]; ];

View file

@ -27,6 +27,7 @@ with lib;
fonts.fontconfig.enable = false; fonts.fontconfig.enable = false;
nixpkgs.overlays = singleton (const (super: { nixpkgs.overlays = singleton (const (super: {
cairo = super.cairo.override { x11Support = false; };
dbus = super.dbus.override { x11Support = false; }; dbus = super.dbus.override { x11Support = false; };
networkmanager-fortisslvpn = super.networkmanager-fortisslvpn.override { withGnome = false; }; networkmanager-fortisslvpn = super.networkmanager-fortisslvpn.override { withGnome = false; };
networkmanager-l2tp = super.networkmanager-l2tp.override { withGnome = false; }; networkmanager-l2tp = super.networkmanager-l2tp.override { withGnome = false; };
@ -35,6 +36,7 @@ with lib;
networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; }; networkmanager-vpnc = super.networkmanager-vpnc.override { withGnome = false; };
networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; }; networkmanager-iodine = super.networkmanager-iodine.override { withGnome = false; };
gobject-introspection = super.gobject-introspection.override { x11Support = false; }; gobject-introspection = super.gobject-introspection.override { x11Support = false; };
qemu = super.qemu.override { gtkSupport = false; spiceSupport = false; sdlSupport = false; };
})); }));
}; };
} }

View file

@ -33,14 +33,11 @@ let
pkgs.ncurses pkgs.ncurses
pkgs.netcat pkgs.netcat
config.programs.ssh.package config.programs.ssh.package
pkgs.perl
pkgs.procps pkgs.procps
pkgs.rsync
pkgs.strace
pkgs.su pkgs.su
pkgs.time pkgs.time
pkgs.utillinux pkgs.utillinux
pkgs.which # 88K size pkgs.which
pkgs.zstd pkgs.zstd
]; ];

View file

@ -581,7 +581,7 @@ in {
# password or an SSH authorized key. Privileged accounts are # password or an SSH authorized key. Privileged accounts are
# root and users in the wheel group. # root and users in the wheel group.
assertion = !cfg.mutableUsers -> assertion = !cfg.mutableUsers ->
any id (mapAttrsToList (name: cfg: any id ((mapAttrsToList (name: cfg:
(name == "root" (name == "root"
|| cfg.group == "wheel" || cfg.group == "wheel"
|| elem "wheel" cfg.extraGroups) || elem "wheel" cfg.extraGroups)
@ -591,7 +591,9 @@ in {
|| cfg.passwordFile != null || cfg.passwordFile != null
|| cfg.openssh.authorizedKeys.keys != [] || cfg.openssh.authorizedKeys.keys != []
|| cfg.openssh.authorizedKeys.keyFiles != []) || cfg.openssh.authorizedKeys.keyFiles != [])
) cfg.users); ) cfg.users) ++ [
config.security.googleOsLogin.enable
]);
message = '' message = ''
Neither the root account nor any wheel user has a password or SSH authorized key. Neither the root account nor any wheel user has a password or SSH authorized key.
You must set one to prevent being locked out of your system.''; You must set one to prevent being locked out of your system.'';

View file

@ -43,7 +43,6 @@ in
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/ckb-next-daemon ${optionalString (cfg.gid != null) "--gid=${builtins.toString cfg.gid}"}"; ExecStart = "${cfg.package}/bin/ckb-next-daemon ${optionalString (cfg.gid != null) "--gid=${builtins.toString cfg.gid}"}";
Restart = "on-failure"; Restart = "on-failure";
StandardOutput = "syslog";
}; };
}; };
}; };

View file

@ -5,24 +5,92 @@ with lib;
let let
cfg = config.hardware.logitech; cfg = config.hardware.logitech;
in { vendor = "046d";
options.hardware.logitech = {
enable = mkEnableOption "Logitech Devices";
enableGraphical = mkOption { daemon = "g15daemon";
type = types.bool;
default = false; in
description = "Enable graphical support applications."; {
imports = [
(mkRenamedOptionModule [ "hardware" "logitech" "enable" ] [ "hardware" "logitech" "wireless" "enable" ])
(mkRenamedOptionModule [ "hardware" "logitech" "enableGraphical" ] [ "hardware" "logitech" "wireless" "enableGraphical" ])
];
options.hardware.logitech = {
lcd = {
enable = mkEnableOption "Logitech LCD Devices";
startWhenNeeded = mkOption {
type = types.bool;
default = true;
description = ''
Only run the service when an actual supported device is plugged.
'';
};
devices = mkOption {
type = types.listOf types.str;
default = [ "0a07" "c222" "c225" "c227" "c251" ];
description = ''
List of USB device ids supported by g15daemon.
</para>
<para>
You most likely do not need to change this.
'';
};
};
wireless = {
enable = mkEnableOption "Logitech Wireless Devices";
enableGraphical = mkOption {
type = types.bool;
default = false;
description = "Enable graphical support applications.";
};
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf (cfg.wireless.enable || cfg.lcd.enable) {
environment.systemPackages = [ environment.systemPackages = []
pkgs.ltunify ++ lib.optional cfg.wireless.enable pkgs.ltunify
] ++ lib.optional cfg.enableGraphical pkgs.solaar; ++ lib.optional cfg.wireless.enableGraphical pkgs.solaar;
# ltunifi and solaar both provide udev rules but the most up-to-date have been split services.udev = {
# out into a dedicated derivation # ltunifi and solaar both provide udev rules but the most up-to-date have been split
services.udev.packages = with pkgs; [ logitech-udev-rules ]; # out into a dedicated derivation
packages = []
++ lib.optional cfg.wireless.enable pkgs.logitech-udev-rules
++ lib.optional cfg.lcd.enable pkgs.g15daemon;
extraRules = ''
# nixos: hardware.logitech.lcd
'' + lib.concatMapStringsSep "\n" (
dev:
''ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="${vendor}", ATTRS{idProduct}=="${dev}", TAG+="systemd", ENV{SYSTEMD_WANTS}+="${daemon}.service"''
) cfg.lcd.devices;
};
systemd.services."${daemon}" = lib.mkIf cfg.lcd.enable {
description = "Logitech LCD Support Daemon";
documentation = [ "man:g15daemon(1)" ];
wantedBy = lib.mkIf (! cfg.lcd.startWhenNeeded) "multi-user.target";
serviceConfig = {
Type = "forking";
ExecStart = "${pkgs.g15daemon}/bin/g15daemon";
# we patch it to write to /run/g15daemon/g15daemon.pid instead of
# /run/g15daemon.pid so systemd will do the cleanup for us.
PIDFile = "/run/${daemon}/g15daemon.pid";
PrivateTmp = true;
PrivateNetwork = true;
ProtectHome = "tmpfs";
ProtectSystem = "full"; # strict doesn't work
RuntimeDirectory = daemon;
Restart = "on-failure";
};
};
}; };
} }

View file

@ -0,0 +1,16 @@
{ lib, pkgs, config, ...}:
with lib;
{
options.hardware.video.hidpi.enable = mkEnableOption "Font/DPI configuration optimized for HiDPI displays";
config = mkIf config.hardware.video.hidpi.enable {
console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-v32n.psf.gz";
# Needed when typing in passwords for full disk encryption
console.earlySetup = mkDefault true;
boot.loader.systemd-boot.consoleMode = mkDefault "1";
# TODO Find reasonable defaults X11 & wayland
};
}

View file

@ -26,7 +26,7 @@ in
Whether to enable <command>uvcvideo</command> dynamic controls. Whether to enable <command>uvcvideo</command> dynamic controls.
Note that enabling this brings the <command>uvcdynctrl</command> tool Note that enabling this brings the <command>uvcdynctrl</command> tool
into your environement and register all dynamic controls from into your environment and register all dynamic controls from
specified <command>packages</command> to the <command>uvcvideo</command> driver. specified <command>packages</command> to the <command>uvcvideo</command> driver.
''; '';
}; };

View file

@ -0,0 +1,29 @@
{ config, lib, ... }:
with lib;
let
cfg = config.hardware.xpadneo;
in
{
options.hardware.xpadneo = {
enable = mkEnableOption "the xpadneo driver for Xbox One wireless controllers";
};
config = mkIf cfg.enable {
boot = {
# Must disable Enhanced Retransmission Mode to support bluetooth pairing
# https://wiki.archlinux.org/index.php/Gamepad#Connect_Xbox_Wireless_Controller_with_Bluetooth
extraModprobeConfig =
mkIf
config.hardware.bluetooth.enable
"options bluetooth disable_ertm=1";
extraModulePackages = with config.boot.kernelPackages; [ xpadneo ];
kernelModules = [ "hid_xpadneo" ];
};
};
meta = {
maintainers = with maintainers; [ metadark ];
};
}

View file

@ -417,6 +417,14 @@ in
''; '';
}; };
isoImage.squashfsCompression = mkOption {
default = "xz -Xdict-size 100%";
description = ''
Compression settings to use for the squashfs nix store.
'';
example = "zstd -Xcompression-level 6";
};
isoImage.edition = mkOption { isoImage.edition = mkOption {
default = ""; default = "";
description = '' description = ''
@ -614,6 +622,7 @@ in
# Create the squashfs image that contains the Nix store. # Create the squashfs image that contains the Nix store.
system.build.squashfsStore = pkgs.callPackage ../../../lib/make-squashfs.nix { system.build.squashfsStore = pkgs.callPackage ../../../lib/make-squashfs.nix {
storeContents = config.isoImage.storeContents; storeContents = config.isoImage.storeContents;
comp = config.isoImage.squashfsCompression;
}; };
# Individual files to be included on the CD, outside of the Nix # Individual files to be included on the CD, outside of the Nix

View file

@ -1,4 +1,4 @@
#! @shell@ -e #! @runtimeShell@ -e
# Shows the usage of this command to the user # Shows the usage of this command to the user

View file

@ -1,4 +1,4 @@
#! @shell@ #! @runtimeShell@
set -e set -e

View file

@ -497,8 +497,8 @@ if (-f $fb_modes_file && -r $fb_modes_file) {
$modes =~ m/([0-9]+)x([0-9]+)/; $modes =~ m/([0-9]+)x([0-9]+)/;
my $console_width = $1, my $console_height = $2; my $console_width = $1, my $console_height = $2;
if ($console_width > 1920) { if ($console_width > 1920) {
push @attrs, "# High-DPI console"; push @attrs, "# high-resolution display";
push @attrs, 'console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";'; push @attrs, 'hardware.video.hidpi.enable = lib.mkDefault true;';
} }
} }

View file

@ -1,4 +1,4 @@
#! @shell@ #! @runtimeShell@
set -e set -e
shopt -s nullglob shopt -s nullglob

View file

@ -1,6 +1,6 @@
#! @shell@ #! @runtimeShell@
if [ -x "@shell@" ]; then export SHELL="@shell@"; fi; if [ -x "@runtimeShell@" ]; then export SHELL="@runtimeShell@"; fi;
set -e set -e
set -o pipefail set -o pipefail

View file

@ -1,4 +1,4 @@
#! @shell@ #! @runtimeShell@
case "$1" in case "$1" in
-h|--help) -h|--help)

View file

@ -14,11 +14,13 @@ let
nixos-build-vms = makeProg { nixos-build-vms = makeProg {
name = "nixos-build-vms"; name = "nixos-build-vms";
src = ./nixos-build-vms/nixos-build-vms.sh; src = ./nixos-build-vms/nixos-build-vms.sh;
inherit (pkgs) runtimeShell;
}; };
nixos-install = makeProg { nixos-install = makeProg {
name = "nixos-install"; name = "nixos-install";
src = ./nixos-install.sh; src = ./nixos-install.sh;
inherit (pkgs) runtimeShell;
nix = config.nix.package.out; nix = config.nix.package.out;
path = makeBinPath [ nixos-enter ]; path = makeBinPath [ nixos-enter ];
}; };
@ -28,6 +30,7 @@ let
makeProg { makeProg {
name = "nixos-rebuild"; name = "nixos-rebuild";
src = ./nixos-rebuild.sh; src = ./nixos-rebuild.sh;
inherit (pkgs) runtimeShell;
nix = config.nix.package.out; nix = config.nix.package.out;
nix_x86_64_linux = fallback.x86_64-linux; nix_x86_64_linux = fallback.x86_64-linux;
nix_i686_linux = fallback.i686-linux; nix_i686_linux = fallback.i686-linux;
@ -50,6 +53,7 @@ let
nixos-version = makeProg { nixos-version = makeProg {
name = "nixos-version"; name = "nixos-version";
src = ./nixos-version.sh; src = ./nixos-version.sh;
inherit (pkgs) runtimeShell;
inherit (config.system.nixos) version codeName revision; inherit (config.system.nixos) version codeName revision;
inherit (config.system) configurationRevision; inherit (config.system) configurationRevision;
json = builtins.toJSON ({ json = builtins.toJSON ({
@ -64,6 +68,7 @@ let
nixos-enter = makeProg { nixos-enter = makeProg {
name = "nixos-enter"; name = "nixos-enter";
src = ./nixos-enter.sh; src = ./nixos-enter.sh;
inherit (pkgs) runtimeShell;
}; };
in in

View file

@ -198,7 +198,7 @@ in
bosun = 161; bosun = 161;
kubernetes = 162; kubernetes = 162;
peerflix = 163; peerflix = 163;
chronos = 164; #chronos = 164; # removed 2020-08-15
gitlab = 165; gitlab = 165;
tox-bootstrapd = 166; tox-bootstrapd = 166;
cadvisor = 167; cadvisor = 167;
@ -247,7 +247,7 @@ in
bepasty = 215; bepasty = 215;
# pumpio = 216; # unused, removed 2018-02-24 # pumpio = 216; # unused, removed 2018-02-24
nm-openvpn = 217; nm-openvpn = 217;
mathics = 218; # mathics = 218; # unused, removed 2020-08-15
ejabberd = 219; ejabberd = 219;
postsrsd = 220; postsrsd = 220;
opendkim = 221; opendkim = 221;
@ -345,6 +345,7 @@ in
zoneminder = 314; zoneminder = 314;
paperless = 315; paperless = 315;
#mailman = 316; # removed 2019-08-30 #mailman = 316; # removed 2019-08-30
zigbee2mqtt = 317;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -645,6 +646,7 @@ in
zoneminder = 314; zoneminder = 314;
paperless = 315; paperless = 315;
#mailman = 316; # removed 2019-08-30 #mailman = 316; # removed 2019-08-30
zigbee2mqtt = 317;
# When adding a gid, make sure it doesn't match an existing # When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal # uid. Users and groups with the same name should have equal

View file

@ -1,7 +1,6 @@
[ [
./config/debug-info.nix ./config/debug-info.nix
./config/fonts/fontconfig.nix ./config/fonts/fontconfig.nix
./config/fonts/fontconfig-penultimate.nix
./config/fonts/fontdir.nix ./config/fonts/fontdir.nix
./config/fonts/fonts.nix ./config/fonts/fonts.nix
./config/fonts/ghostscript.nix ./config/fonts/ghostscript.nix
@ -72,9 +71,11 @@
./hardware/video/capture/mwprocapture.nix ./hardware/video/capture/mwprocapture.nix
./hardware/video/bumblebee.nix ./hardware/video/bumblebee.nix
./hardware/video/displaylink.nix ./hardware/video/displaylink.nix
./hardware/video/hidpi.nix
./hardware/video/nvidia.nix ./hardware/video/nvidia.nix
./hardware/video/uvcvideo/default.nix ./hardware/video/uvcvideo/default.nix
./hardware/video/webcam/facetimehd.nix ./hardware/video/webcam/facetimehd.nix
./hardware/xpadneo.nix
./i18n/input-method/default.nix ./i18n/input-method/default.nix
./i18n/input-method/fcitx.nix ./i18n/input-method/fcitx.nix
./i18n/input-method/ibus.nix ./i18n/input-method/ibus.nix
@ -154,6 +155,7 @@
./programs/ssmtp.nix ./programs/ssmtp.nix
./programs/sysdig.nix ./programs/sysdig.nix
./programs/systemtap.nix ./programs/systemtap.nix
./programs/steam.nix
./programs/sway.nix ./programs/sway.nix
./programs/system-config-printer.nix ./programs/system-config-printer.nix
./programs/thefuck.nix ./programs/thefuck.nix
@ -328,6 +330,7 @@
./services/development/bloop.nix ./services/development/bloop.nix
./services/development/hoogle.nix ./services/development/hoogle.nix
./services/development/jupyter/default.nix ./services/development/jupyter/default.nix
./services/development/jupyterhub/default.nix
./services/development/lorri.nix ./services/development/lorri.nix
./services/editors/emacs.nix ./services/editors/emacs.nix
./services/editors/infinoted.nix ./services/editors/infinoted.nix
@ -462,14 +465,11 @@
./services/misc/leaps.nix ./services/misc/leaps.nix
./services/misc/lidarr.nix ./services/misc/lidarr.nix
./services/misc/mame.nix ./services/misc/mame.nix
./services/misc/mathics.nix
./services/misc/matrix-appservice-discord.nix ./services/misc/matrix-appservice-discord.nix
./services/misc/matrix-synapse.nix ./services/misc/matrix-synapse.nix
./services/misc/mautrix-telegram.nix ./services/misc/mautrix-telegram.nix
./services/misc/mbpfan.nix ./services/misc/mbpfan.nix
./services/misc/mediatomb.nix ./services/misc/mediatomb.nix
./services/misc/mesos-master.nix
./services/misc/mesos-slave.nix
./services/misc/metabase.nix ./services/misc/metabase.nix
./services/misc/mwlib.nix ./services/misc/mwlib.nix
./services/misc/nix-daemon.nix ./services/misc/nix-daemon.nix
@ -485,6 +485,7 @@
./services/misc/parsoid.nix ./services/misc/parsoid.nix
./services/misc/plex.nix ./services/misc/plex.nix
./services/misc/tautulli.nix ./services/misc/tautulli.nix
./services/misc/pinnwand.nix
./services/misc/pykms.nix ./services/misc/pykms.nix
./services/misc/radarr.nix ./services/misc/radarr.nix
./services/misc/redmine.nix ./services/misc/redmine.nix
@ -510,6 +511,7 @@
./services/misc/uhub.nix ./services/misc/uhub.nix
./services/misc/weechat.nix ./services/misc/weechat.nix
./services/misc/xmr-stak.nix ./services/misc/xmr-stak.nix
./services/misc/zigbee2mqtt.nix
./services/misc/zoneminder.nix ./services/misc/zoneminder.nix
./services/misc/zookeeper.nix ./services/misc/zookeeper.nix
./services/monitoring/alerta.nix ./services/monitoring/alerta.nix
@ -642,6 +644,8 @@
./services/networking/iperf3.nix ./services/networking/iperf3.nix
./services/networking/ircd-hybrid/default.nix ./services/networking/ircd-hybrid/default.nix
./services/networking/iwd.nix ./services/networking/iwd.nix
./services/networking/jicofo.nix
./services/networking/jitsi-videobridge.nix
./services/networking/keepalived/default.nix ./services/networking/keepalived/default.nix
./services/networking/keybase.nix ./services/networking/keybase.nix
./services/networking/kippo.nix ./services/networking/kippo.nix
@ -670,6 +674,7 @@
./services/networking/nat.nix ./services/networking/nat.nix
./services/networking/ndppd.nix ./services/networking/ndppd.nix
./services/networking/networkmanager.nix ./services/networking/networkmanager.nix
./services/networking/nextdns.nix
./services/networking/nftables.nix ./services/networking/nftables.nix
./services/networking/ngircd.nix ./services/networking/ngircd.nix
./services/networking/nghttpx/default.nix ./services/networking/nghttpx/default.nix
@ -777,10 +782,8 @@
./services/networking/znc/default.nix ./services/networking/znc/default.nix
./services/printing/cupsd.nix ./services/printing/cupsd.nix
./services/scheduling/atd.nix ./services/scheduling/atd.nix
./services/scheduling/chronos.nix
./services/scheduling/cron.nix ./services/scheduling/cron.nix
./services/scheduling/fcron.nix ./services/scheduling/fcron.nix
./services/scheduling/marathon.nix
./services/search/elasticsearch.nix ./services/search/elasticsearch.nix
./services/search/elasticsearch-curator.nix ./services/search/elasticsearch-curator.nix
./services/search/hound.nix ./services/search/hound.nix
@ -811,6 +814,7 @@
./services/security/torsocks.nix ./services/security/torsocks.nix
./services/security/usbguard.nix ./services/security/usbguard.nix
./services/security/vault.nix ./services/security/vault.nix
./services/security/yubikey-agent.nix
./services/system/cloud-init.nix ./services/system/cloud-init.nix
./services/system/dbus.nix ./services/system/dbus.nix
./services/system/earlyoom.nix ./services/system/earlyoom.nix
@ -830,6 +834,7 @@
./services/ttys/gpm.nix ./services/ttys/gpm.nix
./services/ttys/kmscon.nix ./services/ttys/kmscon.nix
./services/wayland/cage.nix ./services/wayland/cage.nix
./services/video/mirakurun.nix
./services/web-apps/atlassian/confluence.nix ./services/web-apps/atlassian/confluence.nix
./services/web-apps/atlassian/crowd.nix ./services/web-apps/atlassian/crowd.nix
./services/web-apps/atlassian/jira.nix ./services/web-apps/atlassian/jira.nix
@ -847,6 +852,7 @@
./services/web-apps/icingaweb2/module-monitoring.nix ./services/web-apps/icingaweb2/module-monitoring.nix
./services/web-apps/ihatemoney ./services/web-apps/ihatemoney
./services/web-apps/jirafeau.nix ./services/web-apps/jirafeau.nix
./services/web-apps/jitsi-meet.nix
./services/web-apps/limesurvey.nix ./services/web-apps/limesurvey.nix
./services/web-apps/mattermost.nix ./services/web-apps/mattermost.nix
./services/web-apps/mediawiki.nix ./services/web-apps/mediawiki.nix
@ -859,6 +865,7 @@
./services/web-apps/moinmoin.nix ./services/web-apps/moinmoin.nix
./services/web-apps/restya-board.nix ./services/web-apps/restya-board.nix
./services/web-apps/sogo.nix ./services/web-apps/sogo.nix
./services/web-apps/rss-bridge.nix
./services/web-apps/tt-rss.nix ./services/web-apps/tt-rss.nix
./services/web-apps/trac.nix ./services/web-apps/trac.nix
./services/web-apps/trilium.nix ./services/web-apps/trilium.nix
@ -882,6 +889,7 @@
./services/web-servers/meguca.nix ./services/web-servers/meguca.nix
./services/web-servers/mighttpd2.nix ./services/web-servers/mighttpd2.nix
./services/web-servers/minio.nix ./services/web-servers/minio.nix
./services/web-servers/molly-brown.nix
./services/web-servers/nginx/default.nix ./services/web-servers/nginx/default.nix
./services/web-servers/nginx/gitweb.nix ./services/web-servers/nginx/gitweb.nix
./services/web-servers/phpfpm/default.nix ./services/web-servers/phpfpm/default.nix
@ -916,6 +924,7 @@
./services/x11/gdk-pixbuf.nix ./services/x11/gdk-pixbuf.nix
./services/x11/imwheel.nix ./services/x11/imwheel.nix
./services/x11/redshift.nix ./services/x11/redshift.nix
./services/x11/urserver.nix
./services/x11/urxvtd.nix ./services/x11/urxvtd.nix
./services/x11/window-managers/awesome.nix ./services/x11/window-managers/awesome.nix
./services/x11/window-managers/default.nix ./services/x11/window-managers/default.nix

View file

@ -26,6 +26,7 @@
pkgs.fuse pkgs.fuse
pkgs.fuse3 pkgs.fuse3
pkgs.sshfs-fuse pkgs.sshfs-fuse
pkgs.rsync
pkgs.socat pkgs.socat
pkgs.screen pkgs.screen

View file

@ -70,6 +70,7 @@ in
agent.pinentryFlavor = mkOption { agent.pinentryFlavor = mkOption {
type = types.nullOr (types.enum pkgs.pinentry.flavors); type = types.nullOr (types.enum pkgs.pinentry.flavors);
example = "gnome3"; example = "gnome3";
default = defaultPinentryFlavor;
description = '' description = ''
Which pinentry interface to use. If not null, the path to the Which pinentry interface to use. If not null, the path to the
pinentry binary will be passed to gpg-agent via commandline and pinentry binary will be passed to gpg-agent via commandline and
@ -91,8 +92,6 @@ in
}; };
config = mkIf cfg.agent.enable { config = mkIf cfg.agent.enable {
programs.gnupg.agent.pinentryFlavor = mkDefault defaultPinentryFlavor;
# This overrides the systemd user unit shipped with the gnupg package # This overrides the systemd user unit shipped with the gnupg package
systemd.user.services.gpg-agent = mkIf (cfg.agent.pinentryFlavor != null) { systemd.user.services.gpg-agent = mkIf (cfg.agent.pinentryFlavor != null) {
serviceConfig.ExecStart = [ "" '' serviceConfig.ExecStart = [ "" ''

View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.steam;
in {
options.programs.steam.enable = mkEnableOption "steam";
config = mkIf cfg.enable {
hardware.opengl = { # this fixes the "glXChooseVisual failed" bug, context: https://github.com/NixOS/nixpkgs/issues/47932
enable = true;
driSupport32Bit = true;
};
# optionally enable 32bit pulseaudio support if pulseaudio is enabled
hardware.pulseaudio.support32Bit = config.hardware.pulseaudio.enable;
hardware.steam-hardware.enable = true;
environment.systemPackages = [ pkgs.steam ];
};
meta.maintainers = with maintainers; [ mkg20001 ];
}

View file

@ -17,8 +17,12 @@ with lib;
(mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ]) (mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
# Completely removed modules # Completely removed modules
(mkRemovedOptionModule [ "fonts" "fontconfig" "penultimate" ] "The corresponding package has removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "chronos" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "user" ] "") (mkRemovedOptionModule [ "services" "firefox" "syncserver" "user" ] "")
(mkRemovedOptionModule [ "services" "firefox" "syncserver" "group" ] "") (mkRemovedOptionModule [ "services" "firefox" "syncserver" "group" ] "")
(mkRemovedOptionModule [ "services" "marathon" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mesos" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.") (mkRemovedOptionModule [ "networking" "vpnc" ] "Use environment.etc.\"vpnc/service.conf\" instead.")
(mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed") (mkRemovedOptionModule [ "environment" "blcr" "enable" ] "The BLCR module has been removed")
@ -28,6 +32,7 @@ with lib;
(mkRemovedOptionModule [ "services" "osquery" ] "The osquery module has been removed") (mkRemovedOptionModule [ "services" "osquery" ] "The osquery module has been removed")
(mkRemovedOptionModule [ "services" "fourStore" ] "The fourStore module has been removed") (mkRemovedOptionModule [ "services" "fourStore" ] "The fourStore module has been removed")
(mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed") (mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed")
(mkRemovedOptionModule [ "services" "mathics" ] "The Mathics module has been removed")
(mkRemovedOptionModule [ "programs" "way-cooler" ] ("way-cooler is abandoned by its author: " + (mkRemovedOptionModule [ "programs" "way-cooler" ] ("way-cooler is abandoned by its author: " +
"https://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html")) "https://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html"))
(mkRemovedOptionModule [ "services" "xserver" "multitouch" ] '' (mkRemovedOptionModule [ "services" "xserver" "multitouch" ] ''

View file

@ -23,16 +23,16 @@ let
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
description = '' description = ''
ACME Directory Resource URI. Defaults to let's encrypt ACME Directory Resource URI. Defaults to Let's Encrypt's
production endpoint, production endpoint,
https://acme-v02.api.letsencrypt.org/directory, if unset. <link xlink:href="https://acme-v02.api.letsencrypt.org/directory"/>, if unset.
''; '';
}; };
domain = mkOption { domain = mkOption {
type = types.str; type = types.str;
default = name; default = name;
description = "Domain to fetch certificate for (defaults to the entry name)"; description = "Domain to fetch certificate for (defaults to the entry name).";
}; };
email = mkOption { email = mkOption {
@ -103,7 +103,7 @@ let
description = '' description = ''
Key type to use for private keys. Key type to use for private keys.
For an up to date list of supported values check the --key-type option For an up to date list of supported values check the --key-type option
at https://go-acme.github.io/lego/usage/cli/#usage. at <link xlink:href="https://go-acme.github.io/lego/usage/cli/#usage"/>.
''; '';
}; };
@ -113,7 +113,7 @@ let
example = "route53"; example = "route53";
description = '' description = ''
DNS Challenge provider. For a list of supported providers, see the "code" DNS Challenge provider. For a list of supported providers, see the "code"
field of the DNS providers listed at https://go-acme.github.io/lego/dns/. field of the DNS providers listed at <link xlink:href="https://go-acme.github.io/lego/dns/"/>.
''; '';
}; };
@ -123,7 +123,7 @@ let
Path to an EnvironmentFile for the cert's service containing any required and Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider. optional environment variables for your selected dnsProvider.
To find out what values you need to set, consult the documentation at To find out what values you need to set, consult the documentation at
https://go-acme.github.io/lego/dns/ for the corresponding dnsProvider. <link xlink:href="https://go-acme.github.io/lego/dns/"/> for the corresponding dnsProvider.
''; '';
example = "/var/src/secrets/example.org-route53-api-token"; example = "/var/src/secrets/example.org-route53-api-token";
}; };
@ -169,7 +169,7 @@ in
(mkRemovedOptionModule [ "security" "acme" "production" ] '' (mkRemovedOptionModule [ "security" "acme" "production" ] ''
Use security.acme.server to define your staging ACME server URL instead. Use security.acme.server to define your staging ACME server URL instead.
To use the let's encrypt staging server, use security.acme.server = To use Let's Encrypt's staging server, use security.acme.server =
"https://acme-staging-v02.api.letsencrypt.org/directory". "https://acme-staging-v02.api.letsencrypt.org/directory".
'' ''
) )
@ -207,9 +207,9 @@ in
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
description = '' description = ''
ACME Directory Resource URI. Defaults to let's encrypt ACME Directory Resource URI. Defaults to Let's Encrypt's
production endpoint, production endpoint,
<literal>https://acme-v02.api.letsencrypt.org/directory</literal>, if unset. <link xlink:href="https://acme-v02.api.letsencrypt.org/directory"/>, if unset.
''; '';
}; };
@ -230,8 +230,8 @@ in
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Accept the CA's terms of service. The default provier is Let's Encrypt, Accept the CA's terms of service. The default provider is Let's Encrypt,
you can find their ToS at https://letsencrypt.org/repository/ you can find their ToS at <link xlink:href="https://letsencrypt.org/repository/"/>.
''; '';
}; };

View file

@ -36,6 +36,17 @@ let
''; '';
}; };
p11Auth = mkOption {
default = config.security.pam.p11.enable;
type = types.bool;
description = ''
If set, keys listed in
<filename>~/.ssh/authorized_keys</filename> and
<filename>~/.eid/authorized_certificates</filename>
can be used to log in with the associated PKCS#11 tokens.
'';
};
u2fAuth = mkOption { u2fAuth = mkOption {
default = config.security.pam.u2f.enable; default = config.security.pam.u2f.enable;
type = types.bool; type = types.bool;
@ -352,6 +363,8 @@ let
"auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"} "auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"}
${optionalString cfg.fprintAuth ${optionalString cfg.fprintAuth
"auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"} "auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so"}
${let p11 = config.security.pam.p11; in optionalString cfg.p11Auth
"auth ${p11.control} ${pkgs.pam_p11}/lib/security/pam_p11.so ${pkgs.opensc}/lib/opensc-pkcs11.so"}
${let u2f = config.security.pam.u2f; in optionalString cfg.u2fAuth ${let u2f = config.security.pam.u2f; in optionalString cfg.u2fAuth
"auth ${u2f.control} ${pkgs.pam_u2f}/lib/security/pam_u2f.so ${optionalString u2f.debug "debug"} ${optionalString (u2f.authFile != null) "authfile=${u2f.authFile}"} ${optionalString u2f.interactive "interactive"} ${optionalString u2f.cue "cue"}"} "auth ${u2f.control} ${pkgs.pam_u2f}/lib/security/pam_u2f.so ${optionalString u2f.debug "debug"} ${optionalString (u2f.authFile != null) "authfile=${u2f.authFile}"} ${optionalString u2f.interactive "interactive"} ${optionalString u2f.cue "cue"}"}
${optionalString cfg.usbAuth ${optionalString cfg.usbAuth
@ -566,6 +579,39 @@ in
security.pam.enableOTPW = mkEnableOption "the OTPW (one-time password) PAM module"; security.pam.enableOTPW = mkEnableOption "the OTPW (one-time password) PAM module";
security.pam.p11 = {
enable = mkOption {
default = false;
type = types.bool;
description = ''
Enables P11 PAM (<literal>pam_p11</literal>) module.
If set, users can log in with SSH keys and PKCS#11 tokens.
More information can be found <link
xlink:href="https://github.com/OpenSC/pam_p11">here</link>.
'';
};
control = mkOption {
default = "sufficient";
type = types.enum [ "required" "requisite" "sufficient" "optional" ];
description = ''
This option sets pam "control".
If you want to have multi factor authentication, use "required".
If you want to use the PKCS#11 device instead of the regular password,
use "sufficient".
Read
<citerefentry>
<refentrytitle>pam.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
for better understanding of this option.
'';
};
};
security.pam.u2f = { security.pam.u2f = {
enable = mkOption { enable = mkOption {
default = false; default = false;
@ -747,6 +793,7 @@ in
++ optionals config.krb5.enable [pam_krb5 pam_ccreds] ++ optionals config.krb5.enable [pam_krb5 pam_ccreds]
++ optionals config.security.pam.enableOTPW [ pkgs.otpw ] ++ optionals config.security.pam.enableOTPW [ pkgs.otpw ]
++ optionals config.security.pam.oath.enable [ pkgs.oathToolkit ] ++ optionals config.security.pam.oath.enable [ pkgs.oathToolkit ]
++ optionals config.security.pam.p11.enable [ pkgs.pam_p11 ]
++ optionals config.security.pam.u2f.enable [ pkgs.pam_u2f ]; ++ optionals config.security.pam.u2f.enable [ pkgs.pam_u2f ];
boot.supportedFilesystems = optionals config.security.pam.enableEcryptfs [ "ecryptfs" ]; boot.supportedFilesystems = optionals config.security.pam.enableEcryptfs [ "ecryptfs" ];

View file

@ -170,7 +170,6 @@ in {
Restart = "always"; Restart = "always";
RestartSec = 30; RestartSec = 30;
BusName = "com.intel.tss2.Tabrmd"; BusName = "com.intel.tss2.Tabrmd";
StandardOutput = "syslog";
ExecStart = "${cfg.abrmd.package}/bin/tpm2-abrmd"; ExecStart = "${cfg.abrmd.package}/bin/tpm2-abrmd";
User = "tss"; User = "tss";
Group = "nogroup"; Group = "nogroup";

View file

@ -160,8 +160,11 @@ in
config = { config = {
security.wrappers = { security.wrappers = {
# These are mount related wrappers that require the +s permission.
fusermount.source = "${pkgs.fuse}/bin/fusermount"; fusermount.source = "${pkgs.fuse}/bin/fusermount";
fusermount3.source = "${pkgs.fuse3}/bin/fusermount3"; fusermount3.source = "${pkgs.fuse3}/bin/fusermount3";
mount.source = "${lib.getBin pkgs.utillinux}/bin/mount";
umount.source = "${lib.getBin pkgs.utillinux}/bin/umount";
}; };
boot.specialFileSystems.${parentWrapperDir} = { boot.specialFileSystems.${parentWrapperDir} = {

View file

@ -45,7 +45,7 @@ in {
environment.ROON_DATAROOT = "/var/lib/${name}"; environment.ROON_DATAROOT = "/var/lib/${name}";
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.roon-server}/opt/start.sh"; ExecStart = "${pkgs.roon-server}/start.sh";
LimitNOFILE = 8192; LimitNOFILE = 8192;
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;

View file

@ -31,27 +31,42 @@ let
let let
os = val: os = val:
optionalString (val != null) "${val}"; optionalString (val != null) "${val}";
os' = prefixx: val: os' = prefix: val:
optionalString (val != null) (prefixx + "${val}"); optionalString (val != null) (prefix + "${val}");
flatten = key: value: flatten = key: value:
"&${key}=${value}"; "&${key}=${value}";
in in
"-s ${opt.type}://" + os opt.location + "?" + os' "name=" name "--stream.stream=\"${opt.type}://" + os opt.location + "?" + os' "name=" name
+ concatStrings (mapAttrsToList flatten opt.query); + concatStrings (mapAttrsToList flatten opt.query) + "\"";
optionalNull = val: ret: optionalNull = val: ret:
optional (val != null) ret; optional (val != null) ret;
optionString = concatStringsSep " " (mapAttrsToList streamToOption cfg.streams optionString = concatStringsSep " " (mapAttrsToList streamToOption cfg.streams
++ ["-p ${toString cfg.port}"] # global options
++ ["--controlPort ${toString cfg.controlPort}"] ++ [ "--stream.bind_to_address ${cfg.listenAddress}" ]
++ optionalNull cfg.sampleFormat "--sampleFormat ${cfg.sampleFormat}" ++ [ "--stream.port ${toString cfg.port}" ]
++ optionalNull cfg.codec "-c ${cfg.codec}" ++ optionalNull cfg.sampleFormat "--stream.sampleformat ${cfg.sampleFormat}"
++ optionalNull cfg.streamBuffer "--streamBuffer ${cfg.streamBuffer}" ++ optionalNull cfg.codec "--stream.codec ${cfg.codec}"
++ optionalNull cfg.buffer "-b ${cfg.buffer}" ++ optionalNull cfg.streamBuffer "--stream.stream_buffer ${cfg.streamBuffer}"
++ optional cfg.sendToMuted "--sendToMuted"); ++ optionalNull cfg.buffer "--stream.buffer ${cfg.buffer}"
++ optional cfg.sendToMuted "--stream.send_to_muted"
# tcp json rpc
++ [ "--tcp.enabled ${toString cfg.tcp.enable}" ]
++ optionals cfg.tcp.enable [
"--tcp.address ${cfg.tcp.listenAddress}"
"--tcp.port ${toString cfg.tcp.port}" ]
# http json rpc
++ [ "--http.enabled ${toString cfg.http.enable}" ]
++ optionals cfg.http.enable [
"--http.address ${cfg.http.listenAddress}"
"--http.port ${toString cfg.http.port}"
] ++ optional (cfg.http.docRoot != null) "--http.doc_root \"${toString cfg.http.docRoot}\"");
in { in {
imports = [
(mkRenamedOptionModule [ "services" "snapserver" "controlPort"] [ "services" "snapserver" "tcp" "port" ])
];
###### interface ###### interface
@ -67,6 +82,15 @@ in {
''; '';
}; };
listenAddress = mkOption {
type = types.str;
default = "::";
example = "0.0.0.0";
description = ''
The address where snapclients can connect.
'';
};
port = mkOption { port = mkOption {
type = types.port; type = types.port;
default = 1704; default = 1704;
@ -75,14 +99,6 @@ in {
''; '';
}; };
controlPort = mkOption {
type = types.port;
default = 1705;
description = ''
The port for control connections (JSON-RPC).
'';
};
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -94,6 +110,90 @@ in {
inherit sampleFormat; inherit sampleFormat;
inherit codec; inherit codec;
streamBuffer = mkOption {
type = with types; nullOr int;
default = null;
description = ''
Stream read (input) buffer in ms.
'';
example = 20;
};
buffer = mkOption {
type = with types; nullOr int;
default = null;
description = ''
Network buffer in ms.
'';
example = 1000;
};
sendToMuted = mkOption {
type = types.bool;
default = false;
description = ''
Send audio to muted clients.
'';
};
tcp.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable the JSON-RPC via TCP.
'';
};
tcp.listenAddress = mkOption {
type = types.str;
default = "::";
example = "0.0.0.0";
description = ''
The address where the TCP JSON-RPC listens on.
'';
};
tcp.port = mkOption {
type = types.port;
default = 1705;
description = ''
The port where the TCP JSON-RPC listens on.
'';
};
http.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable the JSON-RPC via HTTP.
'';
};
http.listenAddress = mkOption {
type = types.str;
default = "::";
example = "0.0.0.0";
description = ''
The address where the HTTP JSON-RPC listens on.
'';
};
http.port = mkOption {
type = types.port;
default = 1780;
description = ''
The port where the HTTP JSON-RPC listens on.
'';
};
http.docRoot = mkOption {
type = with types; nullOr path;
default = null;
description = ''
Path to serve from the HTTP servers root.
'';
};
streams = mkOption { streams = mkOption {
type = with types; attrsOf (submodule { type = with types; attrsOf (submodule {
options = { options = {
@ -147,34 +247,7 @@ in {
}; };
''; '';
}; };
streamBuffer = mkOption {
type = with types; nullOr int;
default = null;
description = ''
Stream read (input) buffer in ms.
'';
example = 20;
};
buffer = mkOption {
type = with types; nullOr int;
default = null;
description = ''
Network buffer in ms.
'';
example = 1000;
};
sendToMuted = mkOption {
type = types.bool;
default = false;
description = ''
Send audio to muted clients.
'';
};
}; };
}; };
@ -206,7 +279,10 @@ in {
}; };
}; };
networking.firewall.allowedTCPPorts = optionals cfg.openFirewall [ cfg.port cfg.controlPort ]; networking.firewall.allowedTCPPorts =
optionals cfg.openFirewall [ cfg.port ]
++ optional cfg.tcp.enable cfg.tcp.port
++ optional cfg.http.enable cfg.http.port;
}; };
meta = { meta = {

View file

@ -18,7 +18,7 @@ in {
}; };
host = mkOption { host = mkOption {
description = "Remote host where snapshots should be sent."; description = "Remote host where snapshots should be sent. <literal>lz4</literal> is expected to be installed on this host.";
example = "example.com"; example = "example.com";
type = types.str; type = types.str;
}; };

View file

@ -49,6 +49,8 @@ let
] ++ service.registrationFlags ] ++ service.registrationFlags
++ optional (service.buildsDir != null) ++ optional (service.buildsDir != null)
"--builds-dir ${service.buildsDir}" "--builds-dir ${service.buildsDir}"
++ optional (service.cloneUrl != null)
"--clone-url ${service.cloneUrl}"
++ optional (service.preCloneScript != null) ++ optional (service.preCloneScript != null)
"--pre-clone-script ${service.preCloneScript}" "--pre-clone-script ${service.preCloneScript}"
++ optional (service.preBuildScript != null) ++ optional (service.preBuildScript != null)
@ -377,6 +379,14 @@ in
in context of selected executor (Locally, Docker, SSH). in context of selected executor (Locally, Docker, SSH).
''; '';
}; };
cloneUrl = mkOption {
type = types.nullOr types.str;
default = null;
example = "http://gitlab.example.local";
description = ''
Overwrite the URL for the GitLab instance. Used if the Runner cant connect to GitLab on the URL GitLab exposes itself.
'';
};
dockerImage = mkOption { dockerImage = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;

View file

@ -6,12 +6,10 @@ let
cfg = config.services.mysql; cfg = config.services.mysql;
mysql = cfg.package; isMariaDB = lib.getName cfg.package == lib.getName pkgs.mariadb;
isMariaDB = lib.getName mysql == lib.getName pkgs.mariadb;
mysqldOptions = mysqldOptions =
"--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${mysql}"; "--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${cfg.package}";
settingsFile = pkgs.writeText "my.cnf" ( settingsFile = pkgs.writeText "my.cnf" (
generators.toINI { listsAsDuplicateKeys = true; } cfg.settings + generators.toINI { listsAsDuplicateKeys = true; } cfg.settings +
@ -22,7 +20,7 @@ in
{ {
imports = [ imports = [
(mkRemovedOptionModule [ "services" "mysql" "pidDir" ] "Don't wait for pidfiles, describe dependencies through systemd") (mkRemovedOptionModule [ "services" "mysql" "pidDir" ] "Don't wait for pidfiles, describe dependencies through systemd.")
(mkRemovedOptionModule [ "services" "mysql" "rootPassword" ] "Use socket authentication or set the password outside of the nix store.") (mkRemovedOptionModule [ "services" "mysql" "rootPassword" ] "Use socket authentication or set the password outside of the nix store.")
]; ];
@ -46,25 +44,31 @@ in
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
example = literalExample "0.0.0.0"; example = literalExample "0.0.0.0";
description = "Address to bind to. The default is to bind to all addresses"; description = "Address to bind to. The default is to bind to all addresses.";
}; };
port = mkOption { port = mkOption {
type = types.int; type = types.int;
default = 3306; default = 3306;
description = "Port of MySQL"; description = "Port of MySQL.";
}; };
user = mkOption { user = mkOption {
type = types.str; type = types.str;
default = "mysql"; default = "mysql";
description = "User account under which MySQL runs"; description = "User account under which MySQL runs.";
};
group = mkOption {
type = types.str;
default = "mysql";
description = "Group under which MySQL runs.";
}; };
dataDir = mkOption { dataDir = mkOption {
type = types.path; type = types.path;
example = "/var/lib/mysql"; example = "/var/lib/mysql";
description = "Location where MySQL stores its table files"; description = "Location where MySQL stores its table files.";
}; };
configFile = mkOption { configFile = mkOption {
@ -171,7 +175,7 @@ in
initialScript = mkOption { initialScript = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
description = "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database"; description = "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database.";
}; };
ensureDatabases = mkOption { ensureDatabases = mkOption {
@ -259,33 +263,33 @@ in
serverId = mkOption { serverId = mkOption {
type = types.int; type = types.int;
default = 1; default = 1;
description = "Id of the MySQL server instance. This number must be unique for each instance"; description = "Id of the MySQL server instance. This number must be unique for each instance.";
}; };
masterHost = mkOption { masterHost = mkOption {
type = types.str; type = types.str;
description = "Hostname of the MySQL master server"; description = "Hostname of the MySQL master server.";
}; };
slaveHost = mkOption { slaveHost = mkOption {
type = types.str; type = types.str;
description = "Hostname of the MySQL slave server"; description = "Hostname of the MySQL slave server.";
}; };
masterUser = mkOption { masterUser = mkOption {
type = types.str; type = types.str;
description = "Username of the MySQL replication user"; description = "Username of the MySQL replication user.";
}; };
masterPassword = mkOption { masterPassword = mkOption {
type = types.str; type = types.str;
description = "Password of the MySQL replication user"; description = "Password of the MySQL replication user.";
}; };
masterPort = mkOption { masterPort = mkOption {
type = types.int; type = types.int;
default = 3306; default = 3306;
description = "Port number on which the MySQL master server runs"; description = "Port number on which the MySQL master server runs.";
}; };
}; };
}; };
@ -317,29 +321,33 @@ in
binlog-ignore-db = [ "information_schema" "performance_schema" "mysql" ]; binlog-ignore-db = [ "information_schema" "performance_schema" "mysql" ];
}) })
(mkIf (!isMariaDB) { (mkIf (!isMariaDB) {
plugin-load-add = optional (cfg.ensureUsers != []) "auth_socket.so"; plugin-load-add = "auth_socket.so";
}) })
]; ];
users.users.mysql = { users.users = optionalAttrs (cfg.user == "mysql") {
description = "MySQL server user"; mysql = {
group = "mysql"; description = "MySQL server user";
uid = config.ids.uids.mysql; group = cfg.group;
uid = config.ids.uids.mysql;
};
}; };
users.groups.mysql.gid = config.ids.gids.mysql; users.groups = optionalAttrs (cfg.group == "mysql") {
mysql.gid = config.ids.gids.mysql;
};
environment.systemPackages = [mysql]; environment.systemPackages = [ cfg.package ];
environment.etc."my.cnf".source = cfg.configFile; environment.etc."my.cnf".source = cfg.configFile;
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0700 ${cfg.user} mysql - -" "d '${cfg.dataDir}' 0700 '${cfg.user}' '${cfg.group}' - -"
"z '${cfg.dataDir}' 0700 ${cfg.user} mysql - -" "z '${cfg.dataDir}' 0700 '${cfg.user}' '${cfg.group}' - -"
]; ];
systemd.services.mysql = let systemd.services.mysql = let
hasNotify = (cfg.package == pkgs.mariadb); hasNotify = isMariaDB;
in { in {
description = "MySQL Server"; description = "MySQL Server";
@ -357,125 +365,127 @@ in
preStart = if isMariaDB then '' preStart = if isMariaDB then ''
if ! test -e ${cfg.dataDir}/mysql; then if ! test -e ${cfg.dataDir}/mysql; then
${mysql}/bin/mysql_install_db --defaults-file=/etc/my.cnf ${mysqldOptions} ${cfg.package}/bin/mysql_install_db --defaults-file=/etc/my.cnf ${mysqldOptions}
touch ${cfg.dataDir}/mysql_init touch ${cfg.dataDir}/mysql_init
fi fi
'' else '' '' else ''
if ! test -e ${cfg.dataDir}/mysql; then if ! test -e ${cfg.dataDir}/mysql; then
${mysql}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} --initialize-insecure ${cfg.package}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} --initialize-insecure
touch ${cfg.dataDir}/mysql_init touch ${cfg.dataDir}/mysql_init
fi fi
''; '';
postStart = let
# The super user account to use on *first* run of MySQL server
superUser = if isMariaDB then cfg.user else "root";
in ''
${optionalString (!hasNotify) ''
# Wait until the MySQL server is available for use
count=0
while [ ! -e /run/mysqld/mysqld.sock ]
do
if [ $count -eq 30 ]
then
echo "Tried 30 times, giving up..."
exit 1
fi
echo "MySQL daemon not yet started. Waiting for 1 second..."
count=$((count++))
sleep 1
done
''}
if [ -f ${cfg.dataDir}/mysql_init ]
then
# While MariaDB comes with a 'mysql' super user account since 10.4.x, MySQL does not
# Since we don't want to run this service as 'root' we need to ensure the account exists on first run
( echo "CREATE USER IF NOT EXISTS '${cfg.user}'@'localhost' IDENTIFIED WITH ${if isMariaDB then "unix_socket" else "auth_socket"};"
echo "GRANT ALL PRIVILEGES ON *.* TO '${cfg.user}'@'localhost' WITH GRANT OPTION;"
) | ${cfg.package}/bin/mysql -u ${superUser} -N
${concatMapStrings (database: ''
# Create initial databases
if ! test -e "${cfg.dataDir}/${database.name}"; then
echo "Creating initial database: ${database.name}"
( echo 'create database `${database.name}`;'
${optionalString (database.schema != null) ''
echo 'use `${database.name}`;'
# TODO: this silently falls through if database.schema does not exist,
# we should catch this somehow and exit, but can't do it here because we're in a subshell.
if [ -f "${database.schema}" ]
then
cat ${database.schema}
elif [ -d "${database.schema}" ]
then
cat ${database.schema}/mysql-databases/*.sql
fi
''}
) | ${cfg.package}/bin/mysql -u ${superUser} -N
fi
'') cfg.initialDatabases}
${optionalString (cfg.replication.role == "master")
''
# Set up the replication master
( echo "use mysql;"
echo "CREATE USER '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' IDENTIFIED WITH mysql_native_password;"
echo "SET PASSWORD FOR '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' = PASSWORD('${cfg.replication.masterPassword}');"
echo "GRANT REPLICATION SLAVE ON *.* TO '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}';"
) | ${cfg.package}/bin/mysql -u ${superUser} -N
''}
${optionalString (cfg.replication.role == "slave")
''
# Set up the replication slave
( echo "stop slave;"
echo "change master to master_host='${cfg.replication.masterHost}', master_user='${cfg.replication.masterUser}', master_password='${cfg.replication.masterPassword}';"
echo "start slave;"
) | ${cfg.package}/bin/mysql -u ${superUser} -N
''}
${optionalString (cfg.initialScript != null)
''
# Execute initial script
# using toString to avoid copying the file to nix store if given as path instead of string,
# as it might contain credentials
cat ${toString cfg.initialScript} | ${cfg.package}/bin/mysql -u ${superUser} -N
''}
rm ${cfg.dataDir}/mysql_init
fi
${optionalString (cfg.ensureDatabases != []) ''
(
${concatMapStrings (database: ''
echo "CREATE DATABASE IF NOT EXISTS \`${database}\`;"
'') cfg.ensureDatabases}
) | ${cfg.package}/bin/mysql -N
''}
${concatMapStrings (user:
''
( echo "CREATE USER IF NOT EXISTS '${user.name}'@'localhost' IDENTIFIED WITH ${if isMariaDB then "unix_socket" else "auth_socket"};"
${concatStringsSep "\n" (mapAttrsToList (database: permission: ''
echo "GRANT ${permission} ON ${database} TO '${user.name}'@'localhost';"
'') user.ensurePermissions)}
) | ${cfg.package}/bin/mysql -N
'') cfg.ensureUsers}
'';
serviceConfig = { serviceConfig = {
Type = if hasNotify then "notify" else "simple"; Type = if hasNotify then "notify" else "simple";
Restart = "on-abort"; Restart = "on-abort";
RestartSec = "5s"; RestartSec = "5s";
# The last two environment variables are used for starting Galera clusters # The last two environment variables are used for starting Galera clusters
ExecStart = "${mysql}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION"; ExecStart = "${cfg.package}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION";
ExecStartPost =
let
setupScript = pkgs.writeScript "mysql-setup" ''
#!${pkgs.runtimeShell} -e
${optionalString (!hasNotify) ''
# Wait until the MySQL server is available for use
count=0
while [ ! -e /run/mysqld/mysqld.sock ]
do
if [ $count -eq 30 ]
then
echo "Tried 30 times, giving up..."
exit 1
fi
echo "MySQL daemon not yet started. Waiting for 1 second..."
count=$((count++))
sleep 1
done
''}
if [ -f ${cfg.dataDir}/mysql_init ]
then
${concatMapStrings (database: ''
# Create initial databases
if ! test -e "${cfg.dataDir}/${database.name}"; then
echo "Creating initial database: ${database.name}"
( echo 'create database `${database.name}`;'
${optionalString (database.schema != null) ''
echo 'use `${database.name}`;'
# TODO: this silently falls through if database.schema does not exist,
# we should catch this somehow and exit, but can't do it here because we're in a subshell.
if [ -f "${database.schema}" ]
then
cat ${database.schema}
elif [ -d "${database.schema}" ]
then
cat ${database.schema}/mysql-databases/*.sql
fi
''}
) | ${mysql}/bin/mysql -u root -N
fi
'') cfg.initialDatabases}
${optionalString (cfg.replication.role == "master")
''
# Set up the replication master
( echo "use mysql;"
echo "CREATE USER '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' IDENTIFIED WITH mysql_native_password;"
echo "SET PASSWORD FOR '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' = PASSWORD('${cfg.replication.masterPassword}');"
echo "GRANT REPLICATION SLAVE ON *.* TO '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}';"
) | ${mysql}/bin/mysql -u root -N
''}
${optionalString (cfg.replication.role == "slave")
''
# Set up the replication slave
( echo "stop slave;"
echo "change master to master_host='${cfg.replication.masterHost}', master_user='${cfg.replication.masterUser}', master_password='${cfg.replication.masterPassword}';"
echo "start slave;"
) | ${mysql}/bin/mysql -u root -N
''}
${optionalString (cfg.initialScript != null)
''
# Execute initial script
# using toString to avoid copying the file to nix store if given as path instead of string,
# as it might contain credentials
cat ${toString cfg.initialScript} | ${mysql}/bin/mysql -u root -N
''}
rm ${cfg.dataDir}/mysql_init
fi
${optionalString (cfg.ensureDatabases != []) ''
(
${concatMapStrings (database: ''
echo "CREATE DATABASE IF NOT EXISTS \`${database}\`;"
'') cfg.ensureDatabases}
) | ${mysql}/bin/mysql -u root -N
''}
${concatMapStrings (user:
''
( echo "CREATE USER IF NOT EXISTS '${user.name}'@'localhost' IDENTIFIED WITH ${if isMariaDB then "unix_socket" else "auth_socket"};"
${concatStringsSep "\n" (mapAttrsToList (database: permission: ''
echo "GRANT ${permission} ON ${database} TO '${user.name}'@'localhost';"
'') user.ensurePermissions)}
) | ${mysql}/bin/mysql -u root -N
'') cfg.ensureUsers}
'';
in
# ensureDatbases & ensureUsers depends on this script being run as root
# when the user has secured their mysql install
"+${setupScript}";
# User and group # User and group
User = cfg.user; User = cfg.user;
Group = "mysql"; Group = cfg.group;
# Runtime directory and mode # Runtime directory and mode
RuntimeDirectory = "mysqld"; RuntimeDirectory = "mysqld";
RuntimeDirectoryMode = "0755"; RuntimeDirectoryMode = "0755";

View file

@ -55,9 +55,13 @@ in
dataDir = mkOption { dataDir = mkOption {
type = types.path; type = types.path;
defaultText = "/var/lib/postgresql/\${config.services.postgresql.package.psqlSchema}";
example = "/var/lib/postgresql/11"; example = "/var/lib/postgresql/11";
description = '' description = ''
Data directory for PostgreSQL. The data directory for PostgreSQL. If left as the default value
this directory will automatically be created before the PostgreSQL server starts, otherwise
the sysadmin is responsible for ensuring the directory exists with appropriate ownership
and permissions.
''; '';
}; };
@ -249,10 +253,7 @@ in
else if versionAtLeast config.system.stateVersion "16.03" then pkgs.postgresql_9_5 else if versionAtLeast config.system.stateVersion "16.03" then pkgs.postgresql_9_5
else throw "postgresql_9_4 was removed, please upgrade your postgresql version."); else throw "postgresql_9_4 was removed, please upgrade your postgresql version.");
services.postgresql.dataDir = services.postgresql.dataDir = mkDefault "/var/lib/postgresql/${cfg.package.psqlSchema}";
mkDefault (if versionAtLeast config.system.stateVersion "17.09"
then "/var/lib/postgresql/${cfg.package.psqlSchema}"
else "/var/db/postgresql");
services.postgresql.authentication = mkAfter services.postgresql.authentication = mkAfter
'' ''
@ -291,40 +292,28 @@ in
preStart = preStart =
'' ''
# Create data directory.
if ! test -e ${cfg.dataDir}/PG_VERSION; then if ! test -e ${cfg.dataDir}/PG_VERSION; then
mkdir -m 0700 -p ${cfg.dataDir} # Cleanup the data directory.
rm -f ${cfg.dataDir}/*.conf rm -f ${cfg.dataDir}/*.conf
chown -R postgres:postgres ${cfg.dataDir}
fi
''; # */
script = # Initialise the database.
''
# Initialise the database.
if ! test -e ${cfg.dataDir}/PG_VERSION; then
initdb -U ${cfg.superUser} ${concatStringsSep " " cfg.initdbArgs} initdb -U ${cfg.superUser} ${concatStringsSep " " cfg.initdbArgs}
# See postStart! # See postStart!
touch "${cfg.dataDir}/.first_startup" touch "${cfg.dataDir}/.first_startup"
fi fi
ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf" ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf"
${optionalString (cfg.recoveryConfig != null) '' ${optionalString (cfg.recoveryConfig != null) ''
ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \ ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \
"${cfg.dataDir}/recovery.conf" "${cfg.dataDir}/recovery.conf"
''} ''}
${optionalString (!groupAccessAvailable) ''
# postgresql pre 11.0 doesn't start if state directory mode is group accessible
chmod 0700 "${cfg.dataDir}"
''}
exec postgres
''; '';
serviceConfig = serviceConfig = mkMerge [
{ ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; { ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "postgres"; User = "postgres";
Group = "postgres"; Group = "postgres";
PermissionsStartOnly = true;
RuntimeDirectory = "postgresql"; RuntimeDirectory = "postgresql";
Type = if versionAtLeast cfg.package.version "9.6" Type = if versionAtLeast cfg.package.version "9.6"
then "notify" then "notify"
@ -338,36 +327,48 @@ in
# Give Postgres a decent amount of time to clean up after # Give Postgres a decent amount of time to clean up after
# receiving systemd's SIGINT. # receiving systemd's SIGINT.
TimeoutSec = 120; TimeoutSec = 120;
};
# Wait for PostgreSQL to be ready to accept connections. ExecStart = "${postgresql}/bin/postgres";
postStart =
''
PSQL="${pkgs.utillinux}/bin/runuser -u ${cfg.superUser} -- psql --port=${toString cfg.port}"
while ! $PSQL -d postgres -c "" 2> /dev/null; do # Wait for PostgreSQL to be ready to accept connections.
if ! kill -0 "$MAINPID"; then exit 1; fi ExecStartPost =
sleep 0.1 let
done setupScript = pkgs.writeScript "postgresql-setup" (''
#!${pkgs.runtimeShell} -e
if test -e "${cfg.dataDir}/.first_startup"; then PSQL="${pkgs.utillinux}/bin/runuser -u ${cfg.superUser} -- psql --port=${toString cfg.port}"
${optionalString (cfg.initialScript != null) ''
$PSQL -f "${cfg.initialScript}" -d postgres while ! $PSQL -d postgres -c "" 2> /dev/null; do
''} if ! kill -0 "$MAINPID"; then exit 1; fi
rm -f "${cfg.dataDir}/.first_startup" sleep 0.1
fi done
'' + optionalString (cfg.ensureDatabases != []) ''
${concatMapStrings (database: '' if test -e "${cfg.dataDir}/.first_startup"; then
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}"' ${optionalString (cfg.initialScript != null) ''
'') cfg.ensureDatabases} $PSQL -f "${cfg.initialScript}" -d postgres
'' + '' ''}
${concatMapStrings (user: '' rm -f "${cfg.dataDir}/.first_startup"
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"' fi
${concatStringsSep "\n" (mapAttrsToList (database: permission: '' '' + optionalString (cfg.ensureDatabases != []) ''
$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"' ${concatMapStrings (database: ''
'') user.ensurePermissions)} $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}"'
'') cfg.ensureUsers} '') cfg.ensureDatabases}
''; '' + ''
${concatMapStrings (user: ''
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"'
${concatStringsSep "\n" (mapAttrsToList (database: permission: ''
$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"'
'') user.ensurePermissions)}
'') cfg.ensureUsers}
'');
in
"+${setupScript}";
}
(mkIf (cfg.dataDir == "/var/lib/postgresql/${cfg.package.psqlSchema}") {
StateDirectory = "postgresql postgresql/${cfg.package.psqlSchema}";
StateDirectoryMode = if groupAccessAvailable then "0750" else "0700";
})
];
unitConfig.RequiresMountsFor = "${cfg.dataDir}"; unitConfig.RequiresMountsFor = "${cfg.dataDir}";
}; };

View file

@ -42,6 +42,7 @@ in {
# It has been possible since https://github.com/flatpak/flatpak/releases/tag/1.3.2 # It has been possible since https://github.com/flatpak/flatpak/releases/tag/1.3.2
# to build a SELinux policy module. # to build a SELinux policy module.
# TODO: use sysusers.d
users.users.flatpak = { users.users.flatpak = {
description = "Flatpak system helper"; description = "Flatpak system helper";
group = "flatpak"; group = "flatpak";

View file

@ -28,7 +28,10 @@ with lib;
malcontent-ui malcontent-ui
]; ];
services.dbus.packages = [ pkgs.malcontent ]; services.dbus.packages = [
# D-Bus services are in `out`, not the default `bin` output that would be picked up by `makeDbusConf`.
pkgs.malcontent.out
];
services.accounts-daemon.enable = true; services.accounts-daemon.enable = true;

View file

@ -0,0 +1,190 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.jupyterhub;
kernels = (pkgs.jupyter-kernel.create {
definitions = if cfg.kernels != null
then cfg.kernels
else pkgs.jupyter-kernel.default;
});
jupyterhubConfig = pkgs.writeText "jupyterhub_config.py" ''
c.JupyterHub.bind_url = "http://${cfg.host}:${toString cfg.port}"
c.JupyterHub.authentication_class = "${cfg.authentication}"
c.JupyterHub.spawner_class = "${cfg.spawner}"
c.SystemdSpawner.default_url = '/lab'
c.SystemdSpawner.cmd = "${cfg.jupyterlabEnv}/bin/jupyterhub-singleuser"
c.SystemdSpawner.environment = {
'JUPYTER_PATH': '${kernels}'
}
${cfg.extraConfig}
'';
in {
meta.maintainers = with maintainers; [ costrouc ];
options.services.jupyterhub = {
enable = mkEnableOption "Jupyterhub development server";
authentication = mkOption {
type = types.str;
default = "jupyterhub.auth.PAMAuthenticator";
description = ''
Jupyterhub authentication to use
There are many authenticators available including: oauth, pam,
ldap, kerberos, etc.
'';
};
spawner = mkOption {
type = types.str;
default = "systemdspawner.SystemdSpawner";
description = ''
Jupyterhub spawner to use
There are many spawners available including: local process,
systemd, docker, kubernetes, yarn, batch, etc.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Extra contents appended to the jupyterhub configuration
Jupyterhub configuration is a normal python file using
Traitlets. https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html. The
base configuration of this module was designed to have sane
defaults for configuration but you can override anything since
this is a python file.
'';
example = literalExample ''
c.SystemdSpawner.mem_limit = '8G'
c.SystemdSpawner.cpu_limit = 2.0
'';
};
jupyterhubEnv = mkOption {
type = types.package;
default = (pkgs.python3.withPackages (p: with p; [
jupyterhub
jupyterhub-systemdspawner
]));
description = ''
Python environment to run jupyterhub
Customizing will affect the packages available in the hub and
proxy. This will allow packages to be available for the
extraConfig that you may need. This will not normally need to
be changed.
'';
};
jupyterlabEnv = mkOption {
type = types.package;
default = (pkgs.python3.withPackages (p: with p; [
jupyterhub
jupyterlab
]));
description = ''
Python environment to run jupyterlab
Customizing will affect the packages available in the
jupyterlab server and the default kernel provided. This is the
way to customize the jupyterlab extensions and jupyter
notebook extensions. This will not normally need to
be changed.
'';
};
kernels = mkOption {
type = types.nullOr (types.attrsOf(types.submodule (import ../jupyter/kernel-options.nix {
inherit lib;
})));
default = null;
example = literalExample ''
{
python3 = let
env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
ipykernel
pandas
scikitlearn
]));
in {
displayName = "Python 3 for machine learning";
argv = [
"''${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
logo32 = "''${env}/''${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "''${env}/''${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
}
'';
description = ''
Declarative kernel config
Kernels can be declared in any language that supports and has
the required dependencies to communicate with a jupyter server.
In python's case, it means that ipykernel package must always be
included in the list of packages of the targeted environment.
'';
};
port = mkOption {
type = types.port;
default = 8000;
description = ''
Port number Jupyterhub will be listening on
'';
};
host = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
Bind IP JupyterHub will be listening on
'';
};
stateDirectory = mkOption {
type = types.str;
default = "jupyterhub";
description = ''
Directory for jupyterhub state (token + database)
'';
};
};
config = mkMerge [
(mkIf cfg.enable {
systemd.services.jupyterhub = {
description = "Jupyterhub development server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Restart = "always";
ExecStart = "${cfg.jupyterhubEnv}/bin/jupyterhub --config ${jupyterhubConfig}";
User = "root";
StateDirectory = cfg.stateDirectory;
WorkingDirectory = "/var/lib/${cfg.stateDirectory}";
};
};
})
];
}

View file

@ -15,26 +15,27 @@ let
fi fi
''; '';
desktopApplicationFile = pkgs.writeTextFile { desktopApplicationFile = pkgs.writeTextFile {
name = "emacsclient.desktop"; name = "emacsclient.desktop";
destination = "/share/applications/emacsclient.desktop"; destination = "/share/applications/emacsclient.desktop";
text = '' text = ''
[Desktop Entry] [Desktop Entry]
Name=Emacsclient Name=Emacsclient
GenericName=Text Editor GenericName=Text Editor
Comment=Edit text Comment=Edit text
MimeType=text/english;text/plain;text/x-makefile;text/x-c++hdr;text/x-c++src;text/x-chdr;text/x-csrc;text/x-java;text/x-moc;text/x-pascal;text/x-tcl;text/x-tex;application/x-shellscript;text/x-c;text/x-c++; MimeType=text/english;text/plain;text/x-makefile;text/x-c++hdr;text/x-c++src;text/x-chdr;text/x-csrc;text/x-java;text/x-moc;text/x-pascal;text/x-tcl;text/x-tex;application/x-shellscript;text/x-c;text/x-c++;
Exec=emacseditor %F Exec=emacseditor %F
Icon=emacs Icon=emacs
Type=Application Type=Application
Terminal=false Terminal=false
Categories=Development;TextEditor; Categories=Development;TextEditor;
StartupWMClass=Emacs StartupWMClass=Emacs
Keywords=Text;Editor; Keywords=Text;Editor;
''; '';
}; };
in { in
{
options.services.emacs = { options.services.emacs = {
enable = mkOption { enable = mkOption {
@ -86,10 +87,10 @@ in {
description = "Emacs: the extensible, self-documenting text editor"; description = "Emacs: the extensible, self-documenting text editor";
serviceConfig = { serviceConfig = {
Type = "forking"; Type = "forking";
ExecStart = "${pkgs.bash}/bin/bash -c 'source ${config.system.build.setEnvironment}; exec ${cfg.package}/bin/emacs --daemon'"; ExecStart = "${pkgs.bash}/bin/bash -c 'source ${config.system.build.setEnvironment}; exec ${cfg.package}/bin/emacs --daemon'";
ExecStop = "${cfg.package}/bin/emacsclient --eval (kill-emacs)"; ExecStop = "${cfg.package}/bin/emacsclient --eval (kill-emacs)";
Restart = "always"; Restart = "always";
}; };
} // optionalAttrs cfg.enable { wantedBy = [ "default.target" ]; }; } // optionalAttrs cfg.enable { wantedBy = [ "default.target" ]; };

View file

@ -8,12 +8,8 @@ let
mkTlpConfig = tlpConfig: generators.toKeyValue { mkTlpConfig = tlpConfig: generators.toKeyValue {
mkKeyValue = generators.mkKeyValueDefault { mkKeyValue = generators.mkKeyValueDefault {
mkValueString = val: mkValueString = val:
if isInt val then toString val if isList val then "\"" + (toString val) + "\""
else if isString val then val else toString val;
else if true == val then "1"
else if false == val then "0"
else if isList val then "\"" + (concatStringsSep " " val) + "\""
else err "invalid value provided to mkTlpConfig:" (toString val);
} "="; } "=";
} tlpConfig; } tlpConfig;
in in
@ -27,10 +23,24 @@ in
description = "Whether to enable the TLP power management daemon."; description = "Whether to enable the TLP power management daemon.";
}; };
settings = mkOption {type = with types; attrsOf (oneOf [bool int float str (listOf str)]);
default = {};
example = {
SATA_LINKPWR_ON_BAT = "med_power_with_dipm";
USB_BLACKLIST_PHONE = 1;
};
description = ''
Options passed to TLP. See https://linrunner.de/tlp for all supported options..
'';
};
extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
description = "Additional configuration variables for TLP"; description = ''
Verbatim additional configuration variables for TLP.
DEPRECATED: use services.tlp.config instead.
'';
}; };
}; };
}; };
@ -39,8 +49,20 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
boot.kernelModules = [ "msr" ]; boot.kernelModules = [ "msr" ];
warnings = optional (cfg.extraConfig != "") ''
Using config.services.tlp.extraConfig is deprecated and will become unsupported in a future release. Use config.services.tlp.settings instead.
'';
assertions = [{
assertion = cfg.enable -> config.powerManagement.scsiLinkPolicy == null;
message = ''
`services.tlp.enable` and `config.powerManagement.scsiLinkPolicy` cannot be set both.
Set `services.tlp.settings.SATA_LINKPWR_ON_AC` and `services.tlp.settings.SATA_LINKPWR_ON_BAT` instead.
'';
}];
environment.etc = { environment.etc = {
"tlp.conf".text = cfg.extraConfig; "tlp.conf".text = (mkTlpConfig cfg.settings) + cfg.extraConfig;
} // optionalAttrs enableRDW { } // optionalAttrs enableRDW {
"NetworkManager/dispatcher.d/99tlp-rdw-nm".source = "NetworkManager/dispatcher.d/99tlp-rdw-nm".source =
"${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm"; "${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm";
@ -48,18 +70,25 @@ in
environment.systemPackages = [ tlp ]; environment.systemPackages = [ tlp ];
# FIXME: When the config is parametrized we need to move these into a
# conditional on the relevant options being enabled. services.tlp.settings = let
powerManagement = { cfg = config.powerManagement;
scsiLinkPolicy = null; maybeDefault = val: lib.mkIf (val != null) (lib.mkDefault val);
cpuFreqGovernor = null; in {
cpufreq.max = null; CPU_SCALING_GOVERNOR_ON_AC = maybeDefault cfg.cpuFreqGovernor;
cpufreq.min = null; CPU_SCALING_GOVERNOR_ON_BAT = maybeDefault cfg.cpuFreqGovernor;
CPU_SCALING_MIN_FREQ_ON_AC = maybeDefault cfg.cpufreq.min;
CPU_SCALING_MAX_FREQ_ON_AC = maybeDefault cfg.cpufreq.max;
CPU_SCALING_MIN_FREQ_ON_BAT = maybeDefault cfg.cpufreq.min;
CPU_SCALING_MAX_FREQ_ON_BAT = maybeDefault cfg.cpufreq.max;
}; };
services.udev.packages = [ tlp ]; services.udev.packages = [ tlp ];
systemd = { systemd = {
# use native tlp instead because it can also differentiate between AC/BAT
services.cpufreq.enable = false;
packages = [ tlp ]; packages = [ tlp ];
# XXX: These must always be disabled/masked according to [1]. # XXX: These must always be disabled/masked according to [1].
# #

View file

@ -25,6 +25,8 @@ let
clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl); clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl);
smtpTlsSecurityLevel = if cfg.useDane then "dane" else "may";
mainCf = let mainCf = let
escape = replaceStrings ["$"] ["$$"]; escape = replaceStrings ["$"] ["$$"];
mkList = items: "\n " + concatStringsSep ",\n " items; mkList = items: "\n " + concatStringsSep ",\n " items;
@ -508,6 +510,14 @@ in
''; '';
}; };
useDane = mkOption {
type = types.bool;
default = false;
description = ''
Sets smtp_tls_security_level to "dane" rather than "may". See postconf(5) for details.
'';
};
sslCert = mkOption { sslCert = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
@ -809,13 +819,13 @@ in
// optionalAttrs cfg.enableHeaderChecks { header_checks = [ "regexp:/etc/postfix/header_checks" ]; } // optionalAttrs cfg.enableHeaderChecks { header_checks = [ "regexp:/etc/postfix/header_checks" ]; }
// optionalAttrs (cfg.tlsTrustedAuthorities != "") { // optionalAttrs (cfg.tlsTrustedAuthorities != "") {
smtp_tls_CAfile = cfg.tlsTrustedAuthorities; smtp_tls_CAfile = cfg.tlsTrustedAuthorities;
smtp_tls_security_level = "may"; smtp_tls_security_level = smtpTlsSecurityLevel;
} }
// optionalAttrs (cfg.sslCert != "") { // optionalAttrs (cfg.sslCert != "") {
smtp_tls_cert_file = cfg.sslCert; smtp_tls_cert_file = cfg.sslCert;
smtp_tls_key_file = cfg.sslKey; smtp_tls_key_file = cfg.sslKey;
smtp_tls_security_level = "may"; smtp_tls_security_level = smtpTlsSecurityLevel;
smtpd_tls_cert_file = cfg.sslCert; smtpd_tls_cert_file = cfg.sslCert;
smtpd_tls_key_file = cfg.sslKey; smtpd_tls_key_file = cfg.sslKey;

View file

@ -162,6 +162,45 @@ in
<manvolnum>7</manvolnum></citerefentry>. <manvolnum>7</manvolnum></citerefentry>.
''; '';
}; };
backupDir = mkOption {
type = types.str;
default = "${cfg.stateDir}/dump";
description = "Path to the dump files.";
};
};
ssh = {
enable = mkOption {
type = types.bool;
default = true;
description = "Enable external SSH feature.";
};
clonePort = mkOption {
type = types.int;
default = 22;
example = 2222;
description = ''
SSH port displayed in clone URL.
The option is required to configure a service when the external visible port
differs from the local listening port i.e. if port forwarding is used.
'';
};
};
lfs = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enables git-lfs support.";
};
contentDir = mkOption {
type = types.str;
default = "${cfg.stateDir}/data/lfs";
description = "Where to store LFS files.";
};
}; };
appName = mkOption { appName = mkOption {
@ -200,6 +239,12 @@ in
description = "HTTP listen port."; description = "HTTP listen port.";
}; };
enableUnixSocket = mkOption {
type = types.bool;
default = false;
description = "Configure Gitea to listen on a unix socket instead of the default TCP port.";
};
cookieSecure = mkOption { cookieSecure = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -300,14 +345,34 @@ in
ROOT = cfg.repositoryRoot; ROOT = cfg.repositoryRoot;
}; };
server = { server = mkMerge [
DOMAIN = cfg.domain; {
HTTP_ADDR = cfg.httpAddress; DOMAIN = cfg.domain;
HTTP_PORT = cfg.httpPort; STATIC_ROOT_PATH = cfg.staticRootPath;
ROOT_URL = cfg.rootUrl; LFS_JWT_SECRET = "#jwtsecret#";
STATIC_ROOT_PATH = cfg.staticRootPath; ROOT_URL = cfg.rootUrl;
LFS_JWT_SECRET = "#jwtsecret#"; }
}; (mkIf cfg.enableUnixSocket {
PROTOCOL = "unix";
HTTP_ADDR = "/run/gitea/gitea.sock";
})
(mkIf (!cfg.enableUnixSocket) {
HTTP_ADDR = cfg.httpAddress;
HTTP_PORT = cfg.httpPort;
})
(mkIf cfg.ssh.enable {
DISABLE_SSH = false;
SSH_PORT = cfg.ssh.clonePort;
})
(mkIf (!cfg.ssh.enable) {
DISABLE_SSH = true;
})
(mkIf cfg.lfs.enable {
LFS_START_SERVER = true;
LFS_CONTENT_PATH = cfg.lfs.contentDir;
})
];
session = { session = {
COOKIE_NAME = "session"; COOKIE_NAME = "session";
@ -357,12 +422,26 @@ in
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' - ${cfg.user} gitea - -" "d '${cfg.dump.backupDir}' 0750 ${cfg.user} gitea - -"
"d '${cfg.stateDir}/conf' - ${cfg.user} gitea - -" "z '${cfg.dump.backupDir}' 0750 ${cfg.user} gitea - -"
"d '${cfg.stateDir}/custom' - ${cfg.user} gitea - -" "Z '${cfg.dump.backupDir}' - ${cfg.user} gitea - -"
"d '${cfg.stateDir}/custom/conf' - ${cfg.user} gitea - -" "d '${cfg.lfs.contentDir}' 0750 ${cfg.user} gitea - -"
"d '${cfg.stateDir}/log' - ${cfg.user} gitea - -" "z '${cfg.lfs.contentDir}' 0750 ${cfg.user} gitea - -"
"d '${cfg.repositoryRoot}' - ${cfg.user} gitea - -" "Z '${cfg.lfs.contentDir}' - ${cfg.user} gitea - -"
"d '${cfg.repositoryRoot}' 0750 ${cfg.user} gitea - -"
"z '${cfg.repositoryRoot}' 0750 ${cfg.user} gitea - -"
"Z '${cfg.repositoryRoot}' - ${cfg.user} gitea - -"
"d '${cfg.stateDir}' 0750 ${cfg.user} gitea - -"
"d '${cfg.stateDir}/conf' 0750 ${cfg.user} gitea - -"
"d '${cfg.stateDir}/custom' 0750 ${cfg.user} gitea - -"
"d '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} gitea - -"
"d '${cfg.stateDir}/log' 0750 ${cfg.user} gitea - -"
"z '${cfg.stateDir}' 0750 ${cfg.user} gitea - -"
"z '${cfg.stateDir}/.ssh' 0700 ${cfg.user} gitea - -"
"z '${cfg.stateDir}/conf' 0750 ${cfg.user} gitea - -"
"z '${cfg.stateDir}/custom' 0750 ${cfg.user} gitea - -"
"z '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} gitea - -"
"z '${cfg.stateDir}/log' 0750 ${cfg.user} gitea - -"
"Z '${cfg.stateDir}' - ${cfg.user} gitea - -" "Z '${cfg.stateDir}' - ${cfg.user} gitea - -"
# If we have a folder or symlink with gitea locales, remove it # If we have a folder or symlink with gitea locales, remove it
@ -431,28 +510,39 @@ in
User = cfg.user; User = cfg.user;
Group = "gitea"; Group = "gitea";
WorkingDirectory = cfg.stateDir; WorkingDirectory = cfg.stateDir;
ExecStart = "${gitea}/bin/gitea web"; ExecStart = "${gitea}/bin/gitea web --pid /run/gitea/gitea.pid";
Restart = "always"; Restart = "always";
# Runtime directory and mode
# Filesystem RuntimeDirectory = "gitea";
RuntimeDirectoryMode = "0755";
# Access write directories
ReadWritePaths = [ cfg.dump.backupDir cfg.repositoryRoot cfg.stateDir cfg.lfs.contentDir ];
UMask = "0027";
# Capabilities
CapabilityBoundingSet = "";
# Security
NoNewPrivileges = true;
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true; ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true; PrivateDevices = true;
PrivateUsers = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true; ProtectKernelTunables = true;
ProtectKernelModules = true; ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true; ProtectControlGroups = true;
ReadWritePaths = cfg.stateDir; RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
# Caps
CapabilityBoundingSet = "";
NoNewPrivileges = true;
# Misc.
LockPersonality = true; LockPersonality = true;
RestrictRealtime = true;
PrivateMounts = true;
PrivateUsers = true;
MemoryDenyWriteExecute = true; MemoryDenyWriteExecute = true;
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @setuid @swap"; RestrictRealtime = true;
RestrictSUIDSGID = true;
PrivateMounts = true;
# System Call Filtering
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @setuid @swap";
}; };
environment = { environment = {
@ -504,7 +594,7 @@ in
Type = "oneshot"; Type = "oneshot";
User = cfg.user; User = cfg.user;
ExecStart = "${gitea}/bin/gitea dump"; ExecStart = "${gitea}/bin/gitea dump";
WorkingDirectory = cfg.stateDir; WorkingDirectory = cfg.dump.backupDir;
}; };
}; };

View file

@ -71,7 +71,7 @@ let
}; };
}; };
redisConfig.production.url = "redis://localhost:6379/"; redisConfig.production.url = cfg.redisUrl;
gitlabConfig = { gitlabConfig = {
# These are the default settings from config/gitlab.example.yml # These are the default settings from config/gitlab.example.yml
@ -311,6 +311,12 @@ in {
description = "Extra configuration in config/database.yml."; description = "Extra configuration in config/database.yml.";
}; };
redisUrl = mkOption {
type = types.str;
default = "redis://localhost:6379/";
description = "Redis URL for all GitLab services except gitlab-shell";
};
extraGitlabRb = mkOption { extraGitlabRb = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
@ -612,26 +618,38 @@ in {
enable = true; enable = true;
ensureUsers = singleton { name = cfg.databaseUsername; }; ensureUsers = singleton { name = cfg.databaseUsername; };
}; };
# The postgresql module doesn't currently support concepts like # The postgresql module doesn't currently support concepts like
# objects owners and extensions; for now we tack on what's needed # objects owners and extensions; for now we tack on what's needed
# here. # here.
systemd.services.postgresql.postStart = mkAfter (optionalString databaseActuallyCreateLocally '' systemd.services.gitlab-postgresql = let pgsql = config.services.postgresql; in mkIf databaseActuallyCreateLocally {
set -eu after = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
path = [ pgsql.package ];
script = ''
set -eu
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"' PSQL="${pkgs.utillinux}/bin/runuser -u ${pgsql.superUser} -- psql --port=${toString pgsql.port}"
current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
$PSQL -tAc 'ALTER DATABASE "${cfg.databaseName}" OWNER TO "${cfg.databaseUsername}"' current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
if [[ -e "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}" ]]; then if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then
echo "Reassigning ownership of database ${cfg.databaseName} to user ${cfg.databaseUsername} failed on last boot. Failing..." $PSQL -tAc 'ALTER DATABASE "${cfg.databaseName}" OWNER TO "${cfg.databaseUsername}"'
exit 1 if [[ -e "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}" ]]; then
fi echo "Reassigning ownership of database ${cfg.databaseName} to user ${cfg.databaseUsername} failed on last boot. Failing..."
touch "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}" exit 1
$PSQL "${cfg.databaseName}" -tAc "REASSIGN OWNED BY \"$current_owner\" TO \"${cfg.databaseUsername}\"" fi
rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}" touch "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"
fi $PSQL "${cfg.databaseName}" -tAc "REASSIGN OWNED BY \"$current_owner\" TO \"${cfg.databaseUsername}\""
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm" rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"
''); fi
$PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm"
'';
serviceConfig = {
Type = "oneshot";
};
};
# Use postfix to send out mails. # Use postfix to send out mails.
services.postfix.enable = mkDefault true; services.postfix.enable = mkDefault true;
@ -678,7 +696,6 @@ in {
"L+ /run/gitlab/shell-config.yml - - - - ${pkgs.writeText "config.yml" (builtins.toJSON gitlabShellConfig)}" "L+ /run/gitlab/shell-config.yml - - - - ${pkgs.writeText "config.yml" (builtins.toJSON gitlabShellConfig)}"
"L+ ${cfg.statePath}/config/unicorn.rb - - - - ${./defaultUnicornConfig.rb}" "L+ ${cfg.statePath}/config/unicorn.rb - - - - ${./defaultUnicornConfig.rb}"
"L+ ${cfg.statePath}/config/initializers/extra-gitlab.rb - - - - ${extraGitlabRb}"
]; ];
systemd.services.gitlab-sidekiq = { systemd.services.gitlab-sidekiq = {
@ -704,7 +721,7 @@ in {
TimeoutSec = "infinity"; TimeoutSec = "infinity";
Restart = "on-failure"; Restart = "on-failure";
WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab"; WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
ExecStart="${cfg.packages.gitlab.rubyEnv}/bin/sidekiq -C \"${cfg.packages.gitlab}/share/gitlab/config/sidekiq_queues.yml\" -e production -P ${cfg.statePath}/tmp/sidekiq.pid"; ExecStart="${cfg.packages.gitlab.rubyEnv}/bin/sidekiq -C \"${cfg.packages.gitlab}/share/gitlab/config/sidekiq_queues.yml\" -e production";
}; };
}; };
@ -761,7 +778,7 @@ in {
}; };
systemd.services.gitlab = { systemd.services.gitlab = {
after = [ "gitlab-workhorse.service" "gitaly.service" "network.target" "postgresql.service" "redis.service" ]; after = [ "gitlab-workhorse.service" "gitaly.service" "network.target" "gitlab-postgresql.service" "redis.service" ];
requires = [ "gitlab-sidekiq.service" ]; requires = [ "gitlab-sidekiq.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment = gitlabEnv; environment = gitlabEnv;
@ -798,6 +815,7 @@ in {
rm -f ${cfg.statePath}/lib rm -f ${cfg.statePath}/lib
cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db
ln -sf ${extraGitlabRb} ${cfg.statePath}/config/initializers/extra-gitlab.rb
${cfg.packages.gitlab-shell}/bin/install ${cfg.packages.gitlab-shell}/bin/install

View file

@ -98,7 +98,7 @@ in
${pkgs.gollum}/bin/gollum \ ${pkgs.gollum}/bin/gollum \
--port ${toString cfg.port} \ --port ${toString cfg.port} \
--host ${cfg.address} \ --host ${cfg.address} \
--config ${builtins.toFile "gollum-config.rb" cfg.extraConfig} \ --config ${pkgs.writeText "gollum-config.rb" cfg.extraConfig} \
--ref ${cfg.branch} \ --ref ${cfg.branch} \
${optionalString cfg.mathjax "--mathjax"} \ ${optionalString cfg.mathjax "--mathjax"} \
${optionalString cfg.emoji "--emoji"} \ ${optionalString cfg.emoji "--emoji"} \

View file

@ -16,6 +16,14 @@ in
description = "User account under which Jellyfin runs."; description = "User account under which Jellyfin runs.";
}; };
package = mkOption {
type = types.package;
example = literalExample "pkgs.jellyfin";
description = ''
Jellyfin package to use.
'';
};
group = mkOption { group = mkOption {
type = types.str; type = types.str;
default = "jellyfin"; default = "jellyfin";
@ -35,11 +43,16 @@ in
Group = cfg.group; Group = cfg.group;
StateDirectory = "jellyfin"; StateDirectory = "jellyfin";
CacheDirectory = "jellyfin"; CacheDirectory = "jellyfin";
ExecStart = "${pkgs.jellyfin}/bin/jellyfin --datadir '/var/lib/${StateDirectory}' --cachedir '/var/cache/${CacheDirectory}'"; ExecStart = "${cfg.package}/bin/jellyfin --datadir '/var/lib/${StateDirectory}' --cachedir '/var/cache/${CacheDirectory}'";
Restart = "on-failure"; Restart = "on-failure";
}; };
}; };
services.jellyfin.package = mkDefault (
if versionAtLeast config.system.stateVersion "20.09" then pkgs.jellyfin
else pkgs.jellyfin_10_5
);
users.users = mkIf (cfg.user == "jellyfin") { users.users = mkIf (cfg.user == "jellyfin") {
jellyfin = { jellyfin = {
group = cfg.group; group = cfg.group;

Some files were not shown because too many files have changed in this diff Show more