Project import generated by Copybara.

GitOrigin-RevId: 3d7435c638baffaa826b85459df0fff47f12317d
This commit is contained in:
Default email 2022-06-16 19:23:12 +02:00
parent e34613707b
commit 3a4df29a92
4320 changed files with 95353 additions and 69960 deletions

View file

@ -30,3 +30,6 @@
# nixos: fix module paths in rename.nix
d08ede042b74b8199dc748323768227b88efcf7c
# fix indentation in mk-python-derivation.nix
d1c1a0c656ccd8bd3b25d3c4287f2d075faf3cf3

View file

@ -98,13 +98,13 @@
/pkgs/development/interpreters/python/hooks @FRidh @jonringer
# Haskell
/doc/languages-frameworks/haskell.section.md @cdepillabout @sternenseemann @maralorn @expipiplus1
/maintainers/scripts/haskell @cdepillabout @sternenseemann @maralorn @expipiplus1
/pkgs/development/compilers/ghc @cdepillabout @sternenseemann @maralorn @expipiplus1
/pkgs/development/haskell-modules @cdepillabout @sternenseemann @maralorn @expipiplus1
/pkgs/test/haskell @cdepillabout @sternenseemann @maralorn @expipiplus1
/pkgs/top-level/release-haskell.nix @cdepillabout @sternenseemann @maralorn @expipiplus1
/pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn @expipiplus1
/doc/languages-frameworks/haskell.section.md @cdepillabout @sternenseemann @maralorn
/maintainers/scripts/haskell @cdepillabout @sternenseemann @maralorn
/pkgs/development/compilers/ghc @cdepillabout @sternenseemann @maralorn
/pkgs/development/haskell-modules @cdepillabout @sternenseemann @maralorn
/pkgs/test/haskell @cdepillabout @sternenseemann @maralorn
/pkgs/top-level/release-haskell.nix @cdepillabout @sternenseemann @maralorn
/pkgs/top-level/haskell-packages.nix @cdepillabout @sternenseemann @maralorn
# Perl
/pkgs/development/interpreters/perl @stigtsp @zakame

View file

@ -22,7 +22,7 @@ For new packages please briefly describe the package or provide a link to its ho
- made sure NixOS tests are [linked](https://nixos.org/manual/nixpkgs/unstable/#ssec-nixos-tests-linking) to the relevant packages
- [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage)
- [ ] Tested basic functionality of all binary files (usually in `./result/bin/`)
- [22.05 Release Notes (or backporting 21.11 Release notes)](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#generating-2205-release-notes)
- [22.11 Release Notes (or backporting 22.05 Release notes)](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#generating-2211-release-notes)
- [ ] (Package updates) Added a release notes entry if the change is major or breaking
- [ ] (Module updates) Added a release notes entry if the change is significant
- [ ] (Module addition) Added a release notes entry if adding a new NixOS module

View file

@ -1,6 +1,7 @@
# Stale bot information
- Thanks for your contribution!
- Our stale bot will never close an issue or PR.
- To remove the stale label, just leave a new comment.
- _How to find the right people to ping?_ → [`git blame`](https://git-scm.com/docs/git-blame) to the rescue! (or GitHub's history and blame buttons.)
- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/), [our Matrix room](https://matrix.to/#/#nix:nixos.org), or on the [#nixos IRC channel](https://web.libera.chat/#nixos).

View file

@ -5,6 +5,5 @@ exemptLabels:
- "1.severity: security"
- "2.status: never-stale"
staleLabel: "2.status: stale"
markComment: |
I marked this as stale due to inactivity. → [More info](https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md)
markComment: false
closeComment: false

View file

@ -28,14 +28,14 @@ jobs:
pairs:
- from: master
into: haskell-updates
- from: release-21.05
into: staging-next-21.05
- from: staging-next-21.05
into: staging-21.05
- from: release-21.11
into: staging-next-21.11
- from: staging-next-21.11
into: staging-21.11
- from: release-22.05
into: staging-next-22.05
- from: staging-next-22.05
into: staging-22.05
name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
steps:
- uses: actions/checkout@v3

View file

@ -1 +1 @@
22.05
22.11

View file

@ -97,11 +97,17 @@ git push origin $(git branch --show-current) --force-with-lease
Follow these steps to backport a change into a release branch in compliance with the [commit policy](https://nixos.org/nixpkgs/manual/#submitting-changes-stable-release-branches).
You can add a label such as `backport release-22.05` to a PR, so that merging it will
automatically create a backport (via [a GitHub Action](.github/workflows/backport.yml)).
This also works for PR's that have already been merged, and might take a couple of minutes to trigger.
You can also create the backport manually:
1. Take note of the commits in which the change was introduced into `master` branch.
2. Check out the target _release branch_, e.g. `release-21.11`. Do not use a _channel branch_ like `nixos-21.11` or `nixpkgs-21.11-darwin`.
2. Check out the target _release branch_, e.g. `release-22.05`. Do not use a _channel branch_ like `nixos-22.05` or `nixpkgs-22.05-darwin`.
3. Create a branch for your change, e.g. `git checkout -b backport`.
4. When the reason to backport is not obvious from the original commit message, use `git cherry-pick -xe <original commit>` and add a reason. Otherwise use `git cherry-pick -x <original commit>`. That's fine for minor version updates that only include security and bug fixes, commits that fixes an otherwise broken package or similar. Please also ensure the commits exists on the master branch; in the case of squashed or rebased merges, the commit hash will change and the new commits can be found in the merge message at the bottom of the master pull request.
5. Push to GitHub and open a backport pull request. Make sure to select the release branch (e.g. `release-21.11`) as the target branch of the pull request, and link to the pull request in which the original change was comitted to `master`. The pull request title should be the commit title with the release version as prefix, e.g. `[21.11]`.
5. Push to GitHub and open a backport pull request. Make sure to select the release branch (e.g. `release-22.05`) as the target branch of the pull request, and link to the pull request in which the original change was comitted to `master`. The pull request title should be the commit title with the release version as prefix, e.g. `[22.05]`.
6. When the backport pull request is merged and you have the necessary privileges you can also replace the label `9.needs: port to stable` with `8.has: port to stable` on the original pull request. This way maintainers can keep track of missing backports easier.
## Criteria for Backporting changes
@ -113,17 +119,15 @@ Anything that does not cause user or downstream dependency regressions can be ba
- Services which require a client to be up-to-date regardless. (E.g. `spotify`, `steam`, or `discord`)
- Security critical applications (E.g. `firefox`)
## Generating 22.05 Release Notes
(This section also applies to backporting 21.11 release notes: substitute "rl-2205" for "rl-2111".)
## Generating 22.11 Release Notes
Documentation in nixpkgs is transitioning to a markdown-centric workflow. Release notes now require a translation step to convert from markdown to a compatible docbook document.
Steps for updating 22.05 Release notes:
Steps for updating 22.11 Release notes:
1. Edit `nixos/doc/manual/release-notes/rl-2205.section.md` with the desired changes
2. Run `./nixos/doc/manual/md-to-db.sh` to render `nixos/doc/manual/from_md/release-notes/rl-2205.section.xml`
3. Include changes to `rl-2205.section.md` and `rl-2205.section.xml` in the same commit.
1. Edit `nixos/doc/manual/release-notes/rl-2211.section.md` with the desired changes
2. Run `./nixos/doc/manual/md-to-db.sh` to render `nixos/doc/manual/from_md/release-notes/rl-2211.section.xml`
3. Include changes to `rl-2211.section.md` and `rl-2211.section.xml` in the same commit.
## Reviewing contributions

View file

@ -51,9 +51,9 @@ Nixpkgs and NixOS are built and tested by our continuous integration
system, [Hydra](https://hydra.nixos.org/).
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for the NixOS 21.11 release](https://hydra.nixos.org/jobset/nixos/release-21.11)
* [Continuous package builds for the NixOS 22.05 release](https://hydra.nixos.org/jobset/nixos/release-22.05)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for the NixOS 21.11 release](https://hydra.nixos.org/job/nixos/release-21.11/tested#tabs-constituents)
* [Tests for the NixOS 22.05 release](https://hydra.nixos.org/job/nixos/release-22.05/tested#tabs-constituents)
Artifacts successfully built with Hydra are published to cache at
https://cache.nixos.org/. When successful build and test criteria are

View file

@ -26,8 +26,20 @@ stdenv.mkDerivation {
The main difference between `fetchurl` and `fetchzip` is in how they store the contents. `fetchurl` will store the unaltered contents of the URL within the Nix store. `fetchzip` on the other hand, will decompress the archive for you, making files and directories directly accessible in the future. `fetchzip` can only be used with archives. Despite the name, `fetchzip` is not limited to .zip files and can also be used with any tarball.
## `fetchpatch` {#fetchpatch}
`fetchpatch` works very similarly to `fetchurl` with the same arguments expected. It expects patch files as a source and performs normalization on them before computing the checksum. For example, it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time.
- `relative`: Similar to using `git-diff`'s `--relative` flag, only keep changes inside the specified directory, making paths relative to it.
- `stripLen`: Remove the first `stripLen` components of pathnames in the patch.
- `extraPrefix`: Prefix pathnames by this string.
- `excludes`: Exclude files matching these patterns (applies after the above arguments).
- `includes`: Include only files matching these patterns (applies after the above arguments).
- `revert`: Revert the patch.
Note that because the checksum is computed after applying these effects, using or modifying these arguments will have no effect unless the `sha256` argument is changed as well.
Most other fetchers return a directory rather than a single file.
## `fetchsvn` {#fetchsvn}

View file

@ -30,6 +30,10 @@ The `wrapFirefox` function allows to pass policies, preferences and extensions t
ExtensionRecommendations = false;
SkipOnboarding = true;
};
SecurityDevices = {
# Use a proxy module rather than `nixpkgs.config.firefox.smartcardSupport = true`
"PKCS#11 Proxy Module" = "${pkgs.p11-kit}/lib/p11-kit-proxy.so";
};
};
extraPrefs = ''

View file

@ -511,6 +511,8 @@ patches = [
Otherwise, you can add a `.patch` file to the `nixpkgs` repository. In the interest of keeping our maintenance burden to a minimum, only patches that are unique to `nixpkgs` should be added in this way.
If a patch is available online but does not cleanly apply, it can be modified in some fixed ways by using additional optional arguments for `fetchpatch`. Check [](#fetchpatch) for details.
```nix
patches = [ ./0001-changes.patch ];
```
@ -538,17 +540,6 @@ If you do need to do create this sort of patch file, one way to do so is with gi
$ git diff -a > nixpkgs/pkgs/the/package/0001-changes.patch
```
If a patch is available online but does not cleanly apply, it can be modified in some fixed ways by using additional optional arguments for `fetchpatch`:
- `relative`: Similar to using `git-diff`'s `--relative` flag, only keep changes inside the specified directory, making paths relative to it.
- `stripLen`: Remove the first `stripLen` components of pathnames in the patch.
- `extraPrefix`: Prefix pathnames by this string.
- `excludes`: Exclude files matching these patterns (applies after the above arguments).
- `includes`: Include only files matching these patterns (applies after the above arguments).
- `revert`: Revert the patch.
Note that because the checksum is computed after applying these effects, using or modifying these arguments will have no effect unless the `sha256` argument is changed as well.
## Package tests {#sec-package-tests}
Tests are important to ensure quality and make reviews and automatic updates easy.

View file

@ -227,7 +227,7 @@ digraph {
}
```
[This GitHub Action](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/periodic-merge-6h.yml) brings changes from `master` to `staging-next` and from `staging-next` to `staging` every 6 hours.
[This GitHub Action](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/periodic-merge-6h.yml) brings changes from `master` to `staging-next` and from `staging-next` to `staging` every 6 hours; these are the blue arrows in the diagram above. The purple arrows in the diagram above are done manually and much less frequently. You can get an idea of how often these merges occur by looking at the git history.
### Master branch {#submitting-changes-master-branch}

View file

@ -23,6 +23,14 @@ let
<xsl:import href="${./parameters.xml}"/>
</xsl:stylesheet>
'';
# NB: This file describes the Nixpkgs manual, which happens to use module
# docs infra originally developed for NixOS.
optionsDoc = pkgs.nixosOptionsDoc {
inherit (pkgs.lib.evalModules { modules = [ ../../pkgs/top-level/config.nix ]; }) options;
documentType = "none";
};
in pkgs.runCommand "doc-support" {}
''
mkdir result
@ -30,6 +38,7 @@ in pkgs.runCommand "doc-support" {}
cd result
ln -s ${locationsXml} ./function-locations.xml
ln -s ${functionDocs} ./function-docs
ln -s ${optionsDoc.optionsDocBook} ./config-options.docbook.xml
ln -s ${pkgs.docbook5}/xml/rng/docbook/docbook.rng ./docbook.rng
ln -s ${pkgs.docbook_xsl_ns}/xml/xsl ./xsl

View file

@ -29,14 +29,19 @@ The recommended way of defining a derivation for a Coq library, is to use the `c
* `releaseRev` (optional, defaults to `(v: v)`), provides a default mapping from release names to revision hashes/branch names/tags,
* `displayVersion` (optional), provides a way to alter the computation of `name` from `pname`, by explaining how to display version numbers,
* `namePrefix` (optional, defaults to `[ "coq" ]`), provides a way to alter the computation of `name` from `pname`, by explaining which dependencies must occur in `name`,
* `extraNativeBuildInputs` (optional), by default `nativeBuildInputs` just contains `coq`, this allows to add more native build inputs, `nativeBuildInputs` are executables and `buildInputs` are libraries and dependencies,
* `extraBuildInputs` (optional), this allows to add more build inputs,
* `mlPlugin` (optional, defaults to `false`). Some extensions (plugins) might require OCaml and sometimes other OCaml packages. Standard dependencies can be added by setting the current option to `true`. For a finer grain control, the `coq.ocamlPackages` attribute can be used in `extraBuildInputs` to depend on the same package set Coq was built against.
* `useDune2ifVersion` (optional, default to `(x: false)` uses Dune2 to build the package if the provided predicate evaluates to true on the version, e.g. `useDune2if = versions.isGe "1.1"` will use dune if the version of the package is greater or equal to `"1.1"`,
* `nativeBuildInputs` (optional), is a list of executables that are required to build the current derivation, in addition to the default ones (namely `which`, `dune` and `ocaml` depending on whether `useDune2`, `useDune2ifVersion` and `mlPlugin` are set).
* `extraNativeBuildInputs` (optional, deprecated), an additional list of derivation to add to `nativeBuildInputs`,
* `overrideNativeBuildInputs` (optional) replaces the default list of derivation to which `nativeBuildInputs` and `extraNativeBuildInputs` adds extra elements,
* `buildInputs` (optional), is a list of libraries and dependencies that are required to build and run the current derivation, in addition to the default one `[ coq ]`,
* `extraBuildInputs` (optional, deprecated), an additional list of derivation to add to `buildInputs`,
* `overrideBuildInputs` (optional) replaces the default list of derivation to which `buildInputs` and `extraBuildInputs` adds extras elements,
* `propagatedBuildInputs` (optional) is passed as is to `mkDerivation`, we recommend to use this for Coq libraries and Coq plugin dependencies, as this makes sure the paths of the compiled libraries and plugins will always be added to the build environements of subsequent derivation, which is necessary for Coq packages to work correctly,
* `mlPlugin` (optional, defaults to `false`). Some extensions (plugins) might require OCaml and sometimes other OCaml packages. Standard dependencies can be added by setting the current option to `true`. For a finer grain control, the `coq.ocamlPackages` attribute can be used in `nativeBuildInputs`, `buildInputs`, and `propagatedBuildInputs` to depend on the same package set Coq was built against.
* `useDune2ifVersion` (optional, default to `(x: false)` uses Dune2 to build the package if the provided predicate evaluates to true on the version, e.g. `useDune2ifVersion = versions.isGe "1.1"` will use dune if the version of the package is greater or equal to `"1.1"`,
* `useDune2` (optional, defaults to `false`) uses Dune2 to build the package if set to true, the presence of this attribute overrides the behavior of the previous one.
* `opam-name` (optional, defaults to concatenating with a dash separator the components of `namePrefix` and `pname`), name of the Dune package to build.
* `enableParallelBuilding` (optional, defaults to `true`), since it is activated by default, we provide a way to disable it.
* `extraInstallFlags` (optional), allows to extend `installFlags` which initializes the variable `COQMF_COQLIB` so as to install in the proper subdirectory. Indeed Coq libraries should be installed in `$(out)/lib/coq/${coq.coq-version}/user-contrib/`. Such directories are automatically added to the `$COQPATH` environment variable by the hook defined in the Coq derivation.
* `extraInstallFlags` (optional), allows to extend `installFlags` which initializes the variables `DESTDIR` and `COQMF_COQLIB` so as to install in the proper subdirectory. Indeed Coq libraries should be installed in `$(out)/lib/coq/${coq.coq-version}/user-contrib/`. Such directories are automatically added to the `$COQPATH` environment variable by the hook defined in the Coq derivation.
* `setCOQBIN` (optional, defaults to `true`), by default, the environment variable `$COQBIN` is set to the current Coq's binary, but one can disable this behavior by setting it to `false`,
* `useMelquiondRemake` (optional, default to `null`) is an attribute set, which, if given, overloads the `preConfigurePhases`, `configureFlags`, `buildPhase`, and `installPhase` attributes of the derivation for a specific use in libraries using `remake` as set up by Guillaume Melquiond for `flocq`, `gappalib`, `interval`, and `coquelicot` (see the corresponding derivation for concrete examples of use of this option). For backward compatibility, the attribute `useMelquiondRemake.logpath` must be set to the logical root of the library (otherwise, one can pass `useMelquiondRemake = {}` to activate this without backward compatibility).
* `dropAttrs`, `keepAttrs`, `dropDerivationAttrs` are all optional and allow to tune which attribute is added or removed from the final call to `mkDerivation`.

View file

@ -9,7 +9,7 @@ wide variety of extensions and libraries available.
The different versions of PHP that nixpkgs provides are located under
attributes named based on major and minor version number; e.g.,
`php74` is PHP 7.4.
`php81` is PHP 8.1.
Only versions of PHP that are supported by upstream for the entirety
of a given NixOS release will be included in that release of
@ -23,7 +23,7 @@ NixOS - not necessarily the latest major release from upstream.
All available PHP attributes are wrappers around their respective
binary PHP package and provide commonly used extensions this way. The
real PHP 7.4 package, i.e. the unwrapped one, is available as
`php74.unwrapped`; see the next section for more details.
`php81.unwrapped`; see the next section for more details.
Interactive tools built on PHP are put in `php.packages`; composer is
for example available at `php.packages.composer`.

View file

@ -663,6 +663,70 @@ However, this is done in it's own phase, and not dependent on whether `doCheck =
This can also be useful in verifying that the package doesn't assume commonly
present packages (e.g. `setuptools`)
#### Using pythonRelaxDepsHook {#using-pythonrelaxdepshook}
It is common for upstream to specify a range of versions for its package
dependencies. This makes sense, since it ensures that the package will be built
with a subset of packages that is well tested. However, this commonly causes
issues when packaging in Nixpkgs, because the dependencies that this package
may need are too new or old for the package to build correctly. We also cannot
package multiple versions of the same package since this may cause conflicts
in `PYTHONPATH`.
One way to side step this issue is to relax the dependencies. This can be done
by either removing the package version range or by removing the package
declaration entirely. This can be done using the `pythonRelaxDepsHook` hook. For
example, given the following `requirements.txt` file:
```
pkg1<1.0
pkg2
pkg3>=1.0,<=2.0
```
we can do:
```
nativeBuildInputs = [ pythonRelaxDepsHook ];
pythonRelaxDeps = [ "pkg1" "pkg3" ];
pythonRemoveDeps = [ "pkg2" ];
```
which would result in the following `requirements.txt` file:
```
pkg1
pkg3
```
Another option is to pass `true`, that will relax/remove all dependencies, for
example:
```
nativeBuildInputs = [ pythonRelaxDepsHook ];
pythonRelaxDeps = true;
```
which would result in the following `requirements.txt` file:
```
pkg1
pkg2
pkg3
```
In general you should always use `pythonRelaxDeps`, because `pythonRemoveDeps`
will convert build errors in runtime errors. However `pythonRemoveDeps` may
still be useful in exceptional cases, and also to remove dependencies wrongly
declared by upstream (for example, declaring `black` as a runtime dependency
instead of a dev dependency).
Keep in mind that while the examples above are done with `requirements.txt`,
`pythonRelaxDepsHook` works by modifying the resulting wheel file, so it should
work in any of the formats supported by `buildPythonPackage` currently,
with the exception of `other` (see `format` in
[`buildPythonPackage` parameters](#buildpythonpackage-parameters) for more details).
### Develop local package {#develop-local-package}
As a Python developer you're likely aware of [development mode](http://setuptools.readthedocs.io/en/latest/setuptools.html#development-mode)
@ -982,12 +1046,13 @@ in python.withPackages(ps: [ps.blaze])).env
#### Optional extra dependencies
Some packages define optional dependencies for additional features. With
`setuptools` this is called `extras_require` and `flit` calls it `extras-require`. A
`setuptools` this is called `extras_require` and `flit` calls it
`extras-require`, while PEP 621 calls these `optional-dependencies`. A
method for supporting this is by declaring the extras of a package in its
`passthru`, e.g. in case of the package `dask`
```nix
passthru.extras-require = {
passthru.optional-dependencies = {
complete = [ distributed ];
};
```
@ -997,7 +1062,7 @@ and letting the package requiring the extra add the list to its dependencies
```nix
propagatedBuildInputs = [
...
] ++ dask.extras-require.complete;
] ++ dask.optional-dependencies.complete;
```
Note this method is preferred over adding parameters to builders, as that can
@ -1196,6 +1261,8 @@ are used in `buildPythonPackage`.
to run commands only after venv is first created.
- `wheelUnpackHook` to move a wheel to the correct folder so it can be installed
with the `pipInstallHook`.
- `pythonRelaxDepsHook` will relax Python dependencies restrictions for the package.
See [example usage](#using-pythonrelaxdepshook).
### Development mode {#development-mode}

View file

@ -277,9 +277,6 @@ my-vim =
copy paste output2 here
];
# Pathogen would be
# vimrcConfig.pathogen.knownPlugins = plugins; # plugins
# vimrcConfig.pathogen.pluginNames = ["tlib"];
};
```

View file

@ -1,650 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<article xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink">
<title>Nixpkgs Release Notes</title>
<section xml:id="release-notes-0.14">
<title>Release 0.14 (June 4, 2012)</title>
<para>
In preparation for the switch from Subversion to Git, this release is mainly the prevent the Nixpkgs version number from going backwards. (This would happen because prerelease version numbers produced for the Git repository are lower than those for the Subversion repository.)
</para>
<para>
Since the last release, there have been thousands of changes and new packages by numerous contributors. For details, see the commit logs.
</para>
</section>
<section xml:id="release-notes-0.13">
<title>Release 0.13 (February 5, 2010)</title>
<para>
As always, there are many changes. Some of the most important updates are:
<itemizedlist>
<listitem>
<para>
Glibc 2.9.
</para>
</listitem>
<listitem>
<para>
GCC 4.3.3.
</para>
</listitem>
<listitem>
<para>
Linux 2.6.32.
</para>
</listitem>
<listitem>
<para>
X.org 7.5.
</para>
</listitem>
<listitem>
<para>
KDE 4.3.4.
</para>
</listitem>
</itemizedlist>
</para>
</section>
<section xml:id="release-notes-0.12">
<title>Release 0.12 (April 24, 2009)</title>
<para>
There are way too many additions to Nixpkgs since the last release to list here: for example, the number of packages on Linux has increased from 1002 to 2159. However, some specific improvements are worth listing:
<itemizedlist>
<listitem>
<para>
Nixpkgs now has a manual. In particular, it describes the standard build environment in detail.
</para>
</listitem>
<listitem>
<para>
Major new packages:
<itemizedlist>
<listitem>
<para>
KDE 4.
</para>
</listitem>
<listitem>
<para>
TeXLive.
</para>
</listitem>
<listitem>
<para>
VirtualBox.
</para>
</listitem>
</itemizedlist>
… and many others.
</para>
</listitem>
<listitem>
<para>
Important updates:
<itemizedlist>
<listitem>
<para>
Glibc 2.7.
</para>
</listitem>
<listitem>
<para>
GCC 4.2.4.
</para>
</listitem>
<listitem>
<para>
Linux 2.6.25 — 2.6.28.
</para>
</listitem>
<listitem>
<para>
Firefox 3.
</para>
</listitem>
<listitem>
<para>
X.org 7.3.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
Support for building derivations in a virtual machine, including RPM and Debian builds in automatically generated VM images. See <filename>pkgs/build-support/vm/default.nix</filename> for details.
</para>
</listitem>
<listitem>
<para>
Improved support for building Haskell packages.
</para>
</listitem>
</itemizedlist>
</para>
<para>
The following people contributed to this release: Andres Löh, Arie Middelkoop, Armijn Hemel, Eelco Dolstra, Lluís Batlle, Ludovic Courtès, Marc Weber, Mart Kolthof, Martin Bravenboer, Michael Raskin, Nicolas Pierron, Peter Simons, Pjotr Prins, Rob Vermaas, Sander van der Burg, Tobias Hammerschmidt, Valentin David, Wouter den Breejen and Yury G. Kudryashov. In addition, several people contributed patches on the <literal>nix-dev</literal> mailing list.
</para>
</section>
<section xml:id="release-notes-0.11">
<title>Release 0.11 (September 11, 2007)</title>
<para>
This release has the following improvements:
<itemizedlist>
<listitem>
<para>
The standard build environment (<literal>stdenv</literal>) is now pure on the <literal>x86_64-linux</literal> and <literal>powerpc-linux</literal> platforms, just as on <literal>i686-linux</literal>. (Purity means that building and using the standard environment has no dependencies outside of the Nix store. For instance, it doesnt require an external C compiler such as <filename>/usr/bin/gcc</filename>.) Also, the statically linked binaries used in the bootstrap process are now automatically reproducible, making it easy to update the bootstrap tools and to add support for other Linux platforms. See <filename>pkgs/stdenv/linux/make-bootstrap-tools.nix</filename> for details.
</para>
</listitem>
<listitem>
<para>
Hook variables in the generic builder are now executed using the <function>eval</function> shell command. This has a major advantage: you can write hooks directly in Nix expressions. For instance, rather than writing a builder like this:
<programlisting>
source $stdenv/setup
postInstall=postInstall
postInstall() {
ln -sf gzip $out/bin/gunzip
ln -sf gzip $out/bin/zcat
}
genericBuild</programlisting>
(the <literal>gzip</literal> builder), you can just add this attribute to the derivation:
<programlisting>
postInstall = "ln -sf gzip $out/bin/gunzip; ln -sf gzip $out/bin/zcat";</programlisting>
and so a separate build script becomes unnecessary. This should allow us to get rid of most builders in Nixpkgs.
</para>
</listitem>
<listitem>
<para>
It is now possible to have the generic builder pass arguments to <command>configure</command> and <command>make</command> that contain whitespace. Previously, for example, you could say in a builder,
<programlisting>
configureFlags="CFLAGS=-O0"</programlisting>
but not
<programlisting>
configureFlags="CFLAGS=-O0 -g"</programlisting>
since the <literal>-g</literal> would be interpreted as a separate argument to <command>configure</command>. Now you can say
<programlisting>
configureFlagsArray=("CFLAGS=-O0 -g")</programlisting>
or similarly
<programlisting>
configureFlagsArray=("CFLAGS=-O0 -g" "LDFLAGS=-L/foo -L/bar")</programlisting>
which does the right thing. Idem for <literal>makeFlags</literal>, <literal>installFlags</literal>, <literal>checkFlags</literal> and <literal>distFlags</literal>.
</para>
<para>
Unfortunately you can't pass arrays to Bash through the environment, so you can't put the array above in a Nix expression, e.g.,
<programlisting>
configureFlagsArray = ["CFLAGS=-O0 -g"];</programlisting>
since it would just be flattened to a since string. However, you <emphasis>can</emphasis> use the inline hooks described above:
<programlisting>
preConfigure = "configureFlagsArray=(\"CFLAGS=-O0 -g\")";</programlisting>
</para>
</listitem>
<listitem>
<para>
The function <function>fetchurl</function> now has support for two different kinds of mirroring of files. First, it has support for <emphasis>content-addressable mirrors</emphasis>. For example, given the <function>fetchurl</function> call
<programlisting>
fetchurl {
url = "http://releases.mozilla.org/<replaceable>...</replaceable>/firefox-2.0.0.6-source.tar.bz2";
sha1 = "eb72f55e4a8bf08e8c6ef227c0ade3d068ba1082";
}</programlisting>
<function>fetchurl</function> will first try to download this file from <link
xlink:href="http://tarballs.nixos.org/sha1/eb72f55e4a8bf08e8c6ef227c0ade3d068ba1082"/>. If that file doesnt exist, it will try the original URL. In general, the “content-addressed” location is <replaceable>mirror</replaceable><literal>/</literal><replaceable>hash-type</replaceable><literal>/</literal><replaceable>hash</replaceable>. There is currently only one content-addressable mirror (<link
xlink:href="http://tarballs.nixos.org"/>), but more can be specified in the <varname>hashedMirrors</varname> attribute in <filename>pkgs/build-support/fetchurl/mirrors.nix</filename>, or by setting the <envar>NIX_HASHED_MIRRORS</envar> environment variable to a whitespace-separated list of URLs.
</para>
<para>
Second, <function>fetchurl</function> has support for widely-mirrored distribution sites such as SourceForge or the Linux kernel archives. Given a URL of the form <literal>mirror://<replaceable>site</replaceable>/<replaceable>path</replaceable></literal>, it will try to download <replaceable>path</replaceable> from a configurable list of mirrors for <replaceable>site</replaceable>. (This idea was borrowed from Gentoo Linux.) Example:
<programlisting>
fetchurl {
url = mirror://gnu/gcc/gcc-4.2.0/gcc-core-4.2.0.tar.bz2;
sha256 = "0ykhzxhr8857dr97z0j9wyybfz1kjr71xk457cfapfw5fjas4ny1";
}</programlisting>
Currently <replaceable>site</replaceable> can be <literal>sourceforge</literal>, <literal>gnu</literal> and <literal>kernel</literal>. The list of mirrors is defined in <filename>pkgs/build-support/fetchurl/mirrors.nix</filename>. You can override the list of mirrors for a particular site by setting the environment variable <envar>NIX_MIRRORS_<replaceable>site</replaceable></envar>, e.g.
<programlisting>
export NIX_MIRRORS_sourceforge=http://osdn.dl.sourceforge.net/sourceforge/</programlisting>
</para>
</listitem>
<listitem>
<para>
Important updates:
<itemizedlist>
<listitem>
<para>
Glibc 2.5.
</para>
</listitem>
<listitem>
<para>
GCC 4.1.2.
</para>
</listitem>
<listitem>
<para>
Gnome 2.16.3.
</para>
</listitem>
<listitem>
<para>
X11R7.2.
</para>
</listitem>
<listitem>
<para>
Linux 2.6.21.7 and 2.6.22.6.
</para>
</listitem>
<listitem>
<para>
Emacs 22.1.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
Major new packages:
<itemizedlist>
<listitem>
<para>
KDE 3.5.6 Base.
</para>
</listitem>
<listitem>
<para>
Wine 0.9.43.
</para>
</listitem>
<listitem>
<para>
OpenOffice 2.2.1.
</para>
</listitem>
<listitem>
<para>
Many Linux system packages to support NixOS.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
</itemizedlist>
</para>
<para>
The following people contributed to this release: Andres Löh, Arie Middelkoop, Armijn Hemel, Eelco Dolstra, Marc Weber, Mart Kolthof, Martin Bravenboer, Michael Raskin, Wouter den Breejen and Yury G. Kudryashov.
</para>
</section>
<section xml:id="release-notes-0.10">
<title>Release 0.10 (October 12, 2006)</title>
<note>
<para>
This release of Nixpkgs requires <link
xlink:href='https://nixos.org/releases/nix/nix-0.10/'>Nix 0.10</link> or higher.
</para>
</note>
<para>
This release has the following improvements:
</para>
<itemizedlist>
<listitem>
<para>
<filename>pkgs/system/all-packages-generic.nix</filename> is gone, we now just have <filename>pkgs/top-level/all-packages.nix</filename> that contains all available packages. This should cause much less confusion with users. <filename>all-packages.nix</filename> is a function that by default returns packages for the current platform, but you can override this by specifying a different <varname>system</varname> argument.
</para>
</listitem>
<listitem>
<para>
Certain packages in Nixpkgs are now user-configurable through a configuration file, i.e., without having to edit the Nix expressions in Nixpkgs. For instance, the Firefox provided in the Nixpkgs channel is built without the RealPlayer plugin (for legal reasons). Previously, you could easily enable RealPlayer support by editing the call to the Firefox function in <filename>all-packages.nix</filename>, but such changes are not respected when Firefox is subsequently updated through the Nixpkgs channel.
</para>
<para>
The Nixpkgs configuration file (found in <filename>~/.nixpkgs/config.nix</filename> or through the <envar>NIXPKGS_CONFIG</envar> environment variable) is an attribute set that contains configuration options that <filename>all-packages.nix</filename> reads and uses for certain packages. For instance, the following configuration file:
<programlisting>
{
firefox = {
enableRealPlayer = true;
};
}</programlisting>
persistently enables RealPlayer support in the Firefox build.
</para>
<para>
(Actually, <literal>firefox.enableRealPlayer</literal> is the <emphasis>only</emphasis> configuration option currently available, but more are sure to be added.)
</para>
</listitem>
<listitem>
<para>
Support for new platforms:
<itemizedlist>
<listitem>
<para>
<literal>i686-cygwin</literal>, i.e., Windows (using <link xlink:href="http://www.cygwin.com/">Cygwin</link>). The standard environment on <literal>i686-cygwin</literal> by default builds binaries for the Cygwin environment (i.e., it uses Cygwin tools and produces executables that use the Cygwin library). However, there is also a standard environment that produces binaries that use <link
xlink:href="http://www.mingw.org/">MinGW</link>. You can use it by calling <filename>all-package.nix</filename> with the <varname>stdenvType</varname> argument set to <literal>"i686-mingw"</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>i686-darwin</literal>, i.e., Mac OS X on Intel CPUs.
</para>
</listitem>
<listitem>
<para>
<literal>powerpc-linux</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>x86_64-linux</literal>, i.e., Linux on 64-bit AMD/Intel CPUs. Unlike <literal>i686-linux</literal>, this platform doesnt have a pure <literal>stdenv</literal> yet.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
The default compiler is now GCC 4.1.1.
</para>
</listitem>
<listitem>
<para>
X11 updated to X.orgs X11R7.1.
</para>
</listitem>
<listitem>
<para>
Notable new packages:
<itemizedlist>
<listitem>
<para>
Opera.
</para>
</listitem>
<listitem>
<para>
Microsoft Visual C++ 2005 Express Edition and the Windows SDK.
</para>
</listitem>
</itemizedlist>
In total there are now around 809 packages in Nixpkgs.
</para>
</listitem>
<listitem>
<para>
It is now <emphasis>much</emphasis> easier to override the default C compiler and other tools in <literal>stdenv</literal> for specific packages. <filename>all-packages.nix</filename> provides two utility functions for this purpose: <function>overrideGCC</function> and <function>overrideInStdenv</function>. Both take a <literal>stdenv</literal> and return an augmented <literal>stdenv</literal>; the formed changes the C compiler, and the latter adds additional packages to the front of <literal>stdenv</literal>s initial <envar>PATH</envar>, allowing tools to be overridden.
</para>
<para>
For instance, the package <varname>strategoxt</varname> doesnt build with the GNU Make in <literal>stdenv</literal> (version 3.81), so we call it with an augmented <literal>stdenv</literal> that uses GNU Make 3.80:
<programlisting>
strategoxt = (import ../development/compilers/strategoxt) {
inherit fetchurl pkgconfig sdf aterm;
stdenv = overrideInStdenv stdenv [gnumake380];
};
gnumake380 = <replaceable>...</replaceable>;</programlisting>
Likewise, there are many packages that dont compile with the default GCC (4.1.1), but thats easily fixed:
<programlisting>
exult = import ../games/exult {
inherit fetchurl SDL SDL_mixer zlib libpng unzip;
stdenv = overrideGCC stdenv gcc34;
};</programlisting>
</para>
</listitem>
<listitem>
<para>
It has also become much easier to experiment with changes to the <literal>stdenv</literal> setup script (which notably contains the generic builder). Since edits to <filename>pkgs/stdenv/generic/setup.sh</filename> trigger a rebuild of <emphasis>everything</emphasis>, this was formerly quite painful. But now <literal>stdenv</literal> contains a function to “regenerate” <literal>stdenv</literal> with a different setup script, allowing the use of a different setup script for specific packages:
<programlisting>
pkg = import <replaceable>...</replaceable> {
stdenv = stdenv.regenerate ./my-setup.sh;
<replaceable>...</replaceable>
}</programlisting>
</para>
</listitem>
<listitem>
<para>
Packages can now have a human-readable <emphasis>description</emphasis> field. Package descriptions are shown by <literal>nix-env -qa --description</literal>. In addition, theyre shown on the Nixpkgs release page. A description can be added to a package as follows:
<programlisting>
stdenv.mkDerivation {
name = "exult-1.2";
<replaceable>...</replaceable>
meta = {
description = "A reimplementation of the Ultima VII game engine";
};
}</programlisting>
The <varname>meta</varname> attribute is not passed to the builder, so changes to the description do not trigger a rebuild. Additional <varname>meta</varname> attributes may be defined in the future (such as the URL of the packages homepage, the license, etc.).
</para>
</listitem>
</itemizedlist>
<para>
The following people contributed to this release: Andres Löh, Armijn Hemel, Christof Douma, Eelco Dolstra, Eelco Visser, Mart Kolthof, Martin Bravenboer, Merijn de Jonge, Rob Vermaas and Roy van den Broek.
</para>
</section>
<section xml:id="release-notes-0.9">
<title>Release 0.9 (January 31, 2006)</title>
<para>
There have been zillions of changes since the last release of Nixpkgs. Many packages have been added or updated. The following are some of the more notable changes:
</para>
<itemizedlist>
<listitem>
<para>
Distribution files have been moved to <link
xlink:href="https://nixos.org/" />.
</para>
</listitem>
<listitem>
<para>
The C library on Linux, Glibc, has been updated to version 2.3.6.
</para>
</listitem>
<listitem>
<para>
The default compiler is now GCC 3.4.5. GCC 4.0.2 is also available.
</para>
</listitem>
<listitem>
<para>
The old, unofficial Xlibs has been replaced by the official modularised X11 distribution from X.org, i.e., X11R7.0. X11R7.0 consists of 287 (!) packages, all of which are in Nixpkgs though not all have been tested. It is now possible to build a working X server (previously we only had X client libraries). We use a fully Nixified X server on NixOS.
</para>
</listitem>
<listitem>
<para>
The Sun JDK 5 has been purified, i.e., it doesnt require any non-Nix components such as <filename>/lib/ld-linux.so.2</filename>. This means that Java applications such as Eclipse and Azureus can run on NixOS.
</para>
</listitem>
<listitem>
<para>
Hardware-accelerated OpenGL support, used by games like Quake 3 (which is now built from source).
</para>
</listitem>
<listitem>
<para>
Improved support for FreeBSD on x86.
</para>
</listitem>
<listitem>
<para>
Improved Haskell support; e.g., the GHC build is now pure.
</para>
</listitem>
<listitem>
<para>
Some support for cross-compilation: cross-compiling builds of GCC and Binutils, and cross-compiled builds of the C library uClibc.
</para>
</listitem>
<listitem>
<para>
Notable new packages:
<itemizedlist>
<listitem>
<para>
teTeX, including support for building LaTeX documents using Nix (with automatic dependency determination).
</para>
</listitem>
<listitem>
<para>
Ruby.
</para>
</listitem>
<listitem>
<para>
System-level packages to support NixOS, e.g. Grub, GNU <literal>parted</literal> and so on.
</para>
</listitem>
<listitem>
<para>
<literal>ecj</literal>, the Eclipse Compiler for Java, so we finally have a freely distributable compiler that supports Java 5.0.
</para>
</listitem>
<listitem>
<para>
<literal>php</literal>.
</para>
</listitem>
<listitem>
<para>
The GIMP.
</para>
</listitem>
<listitem>
<para>
Inkscape.
</para>
</listitem>
<listitem>
<para>
GAIM.
</para>
</listitem>
<listitem>
<para>
<literal>kdelibs</literal>. This allows us to add KDE-based packages (such as <literal>kcachegrind</literal>).
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
</itemizedlist>
<para>
The following people contributed to this release: Andres Löh, Armijn Hemel, Bogdan Dumitriu, Christof Douma, Eelco Dolstra, Eelco Visser, Mart Kolthof, Martin Bravenboer, Rob Vermaas and Roy van den Broek.
</para>
</section>
<section xml:id="release-notes-0.8">
<title>Release 0.8 (April 11, 2005)</title>
<para>
This release is mostly to remain synchronised with the changed hashing scheme in Nix 0.8.
</para>
<para>
Notable updates:
<itemizedlist>
<listitem>
<para>
Adobe Reader 7.0
</para>
</listitem>
<listitem>
<para>
Various security updates (zlib 1.2.2, etc.)
</para>
</listitem>
</itemizedlist>
</para>
</section>
<section xml:id="release-notes-0.7">
<title>Release 0.7 (March 14, 2005)</title>
<itemizedlist>
<listitem>
<para>
The bootstrap process for the standard build environment on Linux (stdenv-linux) has been improved. It is no longer dependent in its initial bootstrap stages on the system Glibc, GCC, and other tools. Rather, Nixpkgs contains a statically linked bash and curl, and uses that to download other statically linked tools. These are then used to build a Glibc and dynamically linked versions of all other tools.
</para>
<para>
This change also makes the bootstrap process faster. For instance, GCC is built only once instead of three times.
</para>
<para>
(Contributed by Armijn Hemel.)
</para>
</listitem>
<listitem>
<para>
Tarballs used by Nixpkgs are now obtained from the same server that hosts Nixpkgs (<link
xlink:href="http://catamaran.labs.cs.uu.nl/" />). This reduces the risk of packages being unbuildable due to moved or deleted files on various servers.
</para>
</listitem>
<listitem>
<para>
There now is a generic mechanism for building Perl modules. See the various Perl modules defined in pkgs/system/all-packages-generic.nix.
</para>
</listitem>
<listitem>
<para>
Notable new packages:
<itemizedlist>
<listitem>
<para>
Qt 3
</para>
</listitem>
<listitem>
<para>
MySQL
</para>
</listitem>
<listitem>
<para>
MythTV
</para>
</listitem>
<listitem>
<para>
Mono
</para>
</listitem>
<listitem>
<para>
MonoDevelop (alpha)
</para>
</listitem>
<listitem>
<para>
Xine
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
Notable updates:
<itemizedlist>
<listitem>
<para>
GCC 3.4.3
</para>
</listitem>
<listitem>
<para>
Glibc 2.3.4
</para>
</listitem>
<listitem>
<para>
GTK 2.6
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
</itemizedlist>
</section>
</article>

View file

@ -249,3 +249,31 @@ Unfree package that cannot be redistributed. You can build it yourself, but you
### `lib.licenses.unfreeRedistributableFirmware`, `"unfree-redistributable-firmware"` {#lib.licenses.unfreeredistributablefirmware-unfree-redistributable-firmware}
This package supplies unfree, redistributable firmware. This is a separate value from `unfree-redistributable` because not everybody cares whether firmware is free.
## Source provenance {#sec-meta-sourceProvenance}
The value of a package's `meta.sourceProvenance` attribute specifies the provenance of the package's derivation outputs.
If a package contains elements that are not built from the original source by a nixpkgs derivation, the `meta.sourceProvenance` attribute should be a list containing one or more value from `lib.sourceTypes` defined in [`nixpkgs/lib/source-types.nix`](https://github.com/NixOS/nixpkgs/blob/master/lib/source-types.nix).
Adding this information helps users who have needs related to build transparency and supply-chain security to gain some visibility into their installed software or set policy to allow or disallow installation based on source provenance.
The presence of a particular `sourceType` in a package's `meta.sourceProvenance` list indicates that the package contains some components falling into that category, though the *absence* of that `sourceType` does not *guarantee* the absence of that category of `sourceType` in the package's contents. A package with no `meta.sourceProvenance` set implies it has no *known* `sourceType`s other than `fromSource`.
The meaning of the `meta.sourceProvenance` attribute does not depend on the value of the `meta.license` attribute.
### `lib.sourceTypes.fromSource` {#lib.sourceTypes.fromSource}
Package elements which are produced by a nixpkgs derivation which builds them from source code.
### `lib.sourceTypes.binaryNativeCode` {#lib.sourceTypes.binaryNativeCode}
Native code to be executed on the target system's CPU, built by a third party. This includes packages which wrap a downloaded AppImage or Debian package.
### `lib.sourceTypes.binaryFirmware` {#lib.sourceTypes.binaryFirmware}
Code to be executed on a peripheral device or embedded controller, built by a third party.
### `lib.sourceTypes.binaryBytecode` {#lib.sourceTypes.binaryBytecode}
Code to run on a VM interpreter or JIT compiled into bytecode by a third party. This includes packages which download Java `.jar` files from another source.

View file

@ -77,7 +77,7 @@ There is a special handling of the `debug` output, described at [](#stdenv-separ
A commonly adopted convention in `nixpkgs` is that executables provided by the package are contained within its first output. This convention allows the dependent packages to reference the executables provided by packages in a uniform manner. For instance, provided with the knowledge that the `perl` package contains a `perl` executable it can be referenced as `${pkgs.perl}/bin/perl` within a Nix derivation that needs to execute a Perl script.
The `glibc` package is a deliberate single exception to the “binaries first” convention. The `glibc` has `libs` as its first output allowing the libraries provided by `glibc` to be referenced directly (e.g. `${stdenv.glibc}/lib/ld-linux-x86-64.so.2`). The executables provided by `glibc` can be accessed via its `bin` attribute (e.g. `${stdenv.glibc.bin}/bin/ldd`).
The `glibc` package is a deliberate single exception to the “binaries first” convention. The `glibc` has `libs` as its first output allowing the libraries provided by `glibc` to be referenced directly (e.g. `${glibc}/lib/ld-linux-x86-64.so.2`). The executables provided by `glibc` can be accessed via its `bin` attribute (e.g. `${lib.getBin stdenv.cc.libc}/bin/ldd`).
The reason for why `glibc` deviates from the convention is because referencing a library provided by `glibc` is a very common operation among Nix packages. For instance, third-party executables packaged by Nix are typically patched and relinked with the relevant version of `glibc` libraries from Nix packages (please see the documentation on [patchelf](https://github.com/NixOS/patchelf) for more details).

View file

@ -869,7 +869,7 @@ makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz
makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello git ]}
```
Theres many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation.
Theres many more kinds of arguments, they are documented in `nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh` for the `makeWrapper` implementation and in `nixpkgs/pkgs/build-support/setup-hooks/make-binary-wrapper/make-binary-wrapper.sh` for the `makeBinaryWrapper` implementation.
`wrapProgram` is a convenience function you probably want to use most of the time, implemented by both `makeWrapper` and `makeBinaryWrapper`.

View file

@ -176,6 +176,15 @@ You can define a function called `packageOverrides` in your local `~/.config/nix
}
```
## `config` Options Reference {#sec-config-options-reference}
The following attributes can be passed in [`config`](#chap-packageconfig).
```{=docbook}
<include xmlns="http://www.w3.org/2001/XInclude" href="../doc-support/result/config-options.docbook.xml"/>
```
## Declarative Package Management {#sec-declarative-package-management}
### Build an environment {#sec-building-environment}

View file

@ -11,9 +11,7 @@
lib = import ./lib;
systems = lib.systems.supported.hydra;
forAllSystems = f: lib.genAttrs systems (system: f system);
forAllSystems = f: lib.genAttrs lib.systems.flakeExposed (system: f system);
in
{

View file

@ -248,7 +248,7 @@ rec {
/* Apply fold functions to values grouped by key.
Example:
foldAttrs (n: a: [n] ++ a) [] [{ a = 2; } { a = 3; }]
foldAttrs (item: acc: [item] ++ acc) [] [{ a = 2; } { a = 3; }]
=> { a = [ 2 3 ]; }
*/
foldAttrs = op: nul:

View file

@ -36,6 +36,7 @@ let
# constants
licenses = callLibs ./licenses.nix;
sourceTypes = callLibs ./source-types.nix;
systems = callLibs ./systems;
# serialization
@ -70,7 +71,7 @@ let
info showWarnings nixpkgsVersion version isInOldestRelease
mod compare splitByAndCompare
functionArgs setFunctionArgs isFunction toFunction
toHexString toBaseDigits;
toHexString toBaseDigits inPureEvalMode;
inherit (self.fixedPoints) fix fix' converge extends composeExtensions
composeManyExtensions makeExtensible makeExtensibleWithCustomName;
inherit (self.attrsets) attrByPath hasAttrByPath setAttrByPath

View file

@ -251,6 +251,16 @@ rec {
}:
assert builtins.isInt depthLimit;
let
specialAttrs = [
"__functor"
"__functionArgs"
"__toString"
"__pretty"
];
stepIntoAttr = evalNext: name:
if builtins.elem name specialAttrs
then id
else evalNext;
transform = depth:
if depthLimit != null && depth > depthLimit then
if throwOnDepthLimit
@ -261,7 +271,7 @@ rec {
let
evalNext = x: mapAny (depth + 1) (transform (depth + 1) x);
in
if isAttrs v then mapAttrs (const evalNext) v
if isAttrs v then mapAttrs (stepIntoAttr evalNext) v
else if isList v then map evalNext v
else transform (depth + 1) v;
in

View file

@ -507,7 +507,7 @@ rec {
compareLists compare [ "a" ] []
=> 1
compareLists compare [ "a" "b" ] [ "a" "c" ]
=> 1
=> -1
*/
compareLists = cmp: a: b:
if a == []

View file

@ -113,10 +113,6 @@ rec {
args ? {}
, # This would be remove in the future, Prefer _module.check option instead.
check ? true
# Internal variable to avoid `_key` collisions regardless
# of `extendModules`. Used in `submoduleWith`.
# Test case: lib/tests/modules, "168767"
, extensionOffset ? 0
}:
let
withWarnings = x:
@ -345,17 +341,15 @@ rec {
modules ? [],
specialArgs ? {},
prefix ? [],
extensionOffset ? length modules,
}:
evalModules (evalModulesArgs // {
modules = regularModules ++ modules;
specialArgs = evalModulesArgs.specialArgs or {} // specialArgs;
prefix = extendArgs.prefix or evalModulesArgs.prefix;
inherit extensionOffset;
prefix = extendArgs.prefix or evalModulesArgs.prefix or [];
});
type = lib.types.submoduleWith {
inherit modules specialArgs extensionOffset;
inherit modules specialArgs;
};
result = withWarnings {
@ -468,6 +462,7 @@ rec {
config = addFreeformType (addMeta (m.config or {}));
}
else
lib.throwIfNot (isAttrs m) "module ${file} (${key}) does not look like a module."
{ _file = toString m._file or file;
key = toString m.key or key;
disabledModules = m.disabledModules or [];

View file

@ -120,7 +120,7 @@ rec {
Example:
mkPackageOption pkgs "GHC" {
default = [ "ghc" ];
example = "pkgs.haskell.package.ghc922.ghc.withPackages (hkgs: [ hkgs.primes ])";
example = "pkgs.haskell.package.ghc923.ghc.withPackages (hkgs: [ hkgs.primes ])";
}
=> { _type = "option"; default = «derivation /nix/store/jxx55cxsjrf8kyh3fp2ya17q99w7541r-ghc-8.10.7.drv»; defaultText = { ... }; description = "The GHC package to use."; example = { ... }; type = { ... }; }
*/

View file

@ -0,0 +1,19 @@
{ lib }:
let
defaultSourceType = tname: {
shortName = tname;
isSource = false;
};
in lib.mapAttrs (tname: tset: defaultSourceType tname // tset) {
fromSource = {
isSource = true;
};
binaryNativeCode = {};
binaryBytecode = {};
binaryFirmware = {};
}

View file

@ -8,7 +8,16 @@ rec {
platforms = import ./platforms.nix { inherit lib; };
examples = import ./examples.nix { inherit lib; };
architectures = import ./architectures.nix { inherit lib; };
supported = import ./supported.nix { inherit lib; };
/* List of all Nix system doubles the nixpkgs flake will expose the package set
for. All systems listed here must be supported by nixpkgs as `localSystem`.
**Warning**: This attribute is considered experimental and is subject to change.
*/
flakeExposed = import ./flake-systems.nix { };
# TODO(@sternenseemann): remove before 21.11
supported = throw "2022-05-23: Use lib.systems.flakeExposed instead of lib.systems.supported.hydra, as lib.systems.supported has been removed";
# Elaborate a `localSystem` or `crossSystem` so that it contains everything
# necessary.
@ -25,8 +34,11 @@ rec {
# Either of these can be losslessly-extracted from `parsed` iff parsing succeeds.
system = parse.doubleFromSystem final.parsed;
config = parse.tripleFromSystem final.parsed;
# Determine whether we are compatible with the provided CPU
isCompatible = platform: parse.isCompatible final.parsed.cpu platform.parsed.cpu;
# Determine whether we can execute binaries built for the provided platform.
canExecute = platform:
parse.isCompatible final.parsed.cpu platform.parsed.cpu
&& final.parsed.kernel == platform.parsed.kernel;
isCompatible = _: throw "2022-05-23: isCompatible has been removed in favor of canExecute, refer to the 22.11 changelog for details";
# Derived meta-data
libc =
/**/ if final.isDarwin then "libSystem"
@ -159,7 +171,7 @@ rec {
wine = (pkgs.winePackagesFor wine-name).minimal;
in
if final.parsed.kernel.name == pkgs.stdenv.hostPlatform.parsed.kernel.name &&
pkgs.stdenv.hostPlatform.isCompatible final
pkgs.stdenv.hostPlatform.canExecute final
then "${pkgs.runtimeShell} -c '\"$@\"' --"
else if final.isWindows
then "${wine}/bin/${wine-name}"

View file

@ -41,7 +41,7 @@ let
# none
"aarch64_be-none" "aarch64-none" "arm-none" "armv6l-none" "avr-none" "i686-none"
"msp430-none" "or1k-none" "m68k-none" "powerpc-none" "powerpcle-none"
"riscv32-none" "riscv64-none" "s390-none" "s390x-none" "vc4-none"
"riscv32-none" "riscv64-none" "rx-none" "s390-none" "s390x-none" "vc4-none"
"x86_64-none"
# OpenBSD
@ -76,6 +76,7 @@ in {
riscv = filterDoubles predicates.isRiscV;
riscv32 = filterDoubles predicates.isRiscV32;
riscv64 = filterDoubles predicates.isRiscV64;
rx = filterDoubles predicates.isRx;
vc4 = filterDoubles predicates.isVc4;
or1k = filterDoubles predicates.isOr1k;
m68k = filterDoubles predicates.isM68k;

View file

@ -79,8 +79,6 @@ rec {
useLLVM = true;
};
scaleway-c1 = armv7l-hf-multiplatform // platforms.scaleway-c1;
pogoplug4 = {
config = "armv5tel-unknown-linux-gnueabi";
} // platforms.pogoplug4;
@ -145,6 +143,11 @@ rec {
libc = "newlib";
};
rx-embedded = {
config = "rx-none-elf";
libc = "newlib";
};
msp430 = {
config = "msp430-elf";
libc = "newlib";
@ -303,8 +306,6 @@ rec {
# BSDs
amd64-netbsd = lib.warn "The amd64-netbsd system example is deprecated. Use x86_64-netbsd instead." x86_64-netbsd;
x86_64-netbsd = {
config = "x86_64-unknown-netbsd";
libc = "nblibc";

View file

@ -0,0 +1,29 @@
# See [RFC 46] for mandated platform support and ../../pkgs/stdenv for
# implemented platform support. This list is mainly descriptive, i.e. all
# system doubles for platforms where nixpkgs can do native compiliation
# reasonably well are included.
#
# [RFC 46]: https://github.com/NixOS/rfcs/blob/master/rfcs/0046-platform-support-tiers.md
{ }:
[
# Tier 1
"x86_64-linux"
# Tier 2
"aarch64-linux"
"x86_64-darwin"
# Tier 3
"armv6l-linux"
"armv7l-linux"
"i686-linux"
"mipsel-linux"
# Other platforms with sufficient support in stdenv which is not formally
# mandated by their platform tier.
"aarch64-darwin"
"armv5tel-linux"
"powerpc64le-linux"
"riscv64-linux"
# "x86_64-freebsd" is excluded because it is mostly broken
]

View file

@ -11,7 +11,6 @@ rec {
isi686 = { cpu = cpuTypes.i686; };
isx86_32 = { cpu = { family = "x86"; bits = 32; }; };
isx86_64 = { cpu = { family = "x86"; bits = 64; }; };
isPowerPC = { cpu = cpuTypes.powerpc; };
isPower = { cpu = { family = "power"; }; };
isPower64 = { cpu = { family = "power"; bits = 64; }; };
isx86 = { cpu = { family = "x86"; }; };
@ -26,6 +25,7 @@ rec {
isRiscV = { cpu = { family = "riscv"; }; };
isRiscV32 = { cpu = { family = "riscv"; bits = 32; }; };
isRiscV64 = { cpu = { family = "riscv"; bits = 64; }; };
isRx = { cpu = { family = "rx"; }; };
isSparc = { cpu = { family = "sparc"; }; };
isWasm = { cpu = { family = "wasm"; }; };
isMsp430 = { cpu = { family = "msp430"; }; };

View file

@ -116,6 +116,7 @@ rec {
alpha = { bits = 64; significantByte = littleEndian; family = "alpha"; };
rx = { bits = 32; significantByte = littleEndian; family = "rx"; };
msp430 = { bits = 16; significantByte = littleEndian; family = "msp430"; };
avr = { bits = 8; family = "avr"; };
@ -147,8 +148,10 @@ rec {
# Every CPU is compatible with itself.
# - (transitivity)
# If A is compatible with B and B is compatible with C then A is compatible with C.
# - (compatible under multiple endianness)
# CPUs with multiple modes of endianness are pairwise compatible.
#
# Note: Since 22.11 the archs of a mode switching CPU are no longer considered
# pairwise compatible. Mode switching implies that binaries built for A
# and B respectively can't be executed at the same time.
isCompatible = a: b: with cpuTypes; lib.any lib.id [
# x86
(b == i386 && isCompatible a i486)
@ -190,22 +193,13 @@ rec {
(b == aarch64 && a == armv8a)
(b == armv8a && isCompatible a aarch64)
(b == aarch64 && a == aarch64_be)
(b == aarch64_be && isCompatible a aarch64)
# PowerPC
(b == powerpc && isCompatible a powerpc64)
(b == powerpcle && isCompatible a powerpc)
(b == powerpc && a == powerpcle)
(b == powerpc64le && isCompatible a powerpc64)
(b == powerpc64 && a == powerpc64le)
(b == powerpcle && isCompatible a powerpc64le)
# MIPS
(b == mips && isCompatible a mips64)
(b == mips && a == mipsel)
(b == mipsel && isCompatible a mips)
(b == mips64 && a == mips64el)
(b == mips64el && isCompatible a mips64)
(b == mipsel && isCompatible a mips64el)
# RISCV
(b == riscv32 && isCompatible a riscv64)

View file

@ -242,13 +242,6 @@ rec {
};
};
scaleway-c1 = armv7l-hf-multiplatform // {
gcc = {
cpu = "cortex-a9";
fpu = "vfpv3";
};
};
utilite = {
linux-kernel = {
name = "utilite";

View file

@ -1,26 +0,0 @@
# Supported systems according to RFC0046's definition.
#
# https://github.com/NixOS/rfcs/blob/master/rfcs/0046-platform-support-tiers.md
{ lib }:
rec {
# List of systems that are built by Hydra.
hydra = tier1 ++ tier2 ++ tier3 ++ [
"aarch64-darwin"
];
tier1 = [
"x86_64-linux"
];
tier2 = [
"aarch64-linux"
"x86_64-darwin"
];
tier3 = [
"armv6l-linux"
"armv7l-linux"
"i686-linux"
"mipsel-linux"
];
}

View file

@ -674,6 +674,21 @@ runTests {
expected = false;
};
testWithRecursionDealsWithFunctors =
let
functor = {
__functor = self: { a, b, }: null;
};
a = {
value = "1234";
b = functor;
c.d = functor;
};
in {
expr = generators.toPretty { } (generators.withRecursion { depthLimit = 1; throwOnDepthLimit = false; } a);
expected = "{\n b = <function, args: {a, b}>;\n c = {\n d = \"<unevaluated>\";\n };\n value = \"<unevaluated>\";\n}";
};
testToPrettyMultiline = {
expr = mapAttrs (const (generators.toPretty { })) rec {
list = [ 3 4 [ false ] ];

View file

@ -194,6 +194,17 @@ checkConfigOutput '^"submodule"$' options.submodule.type.description ./declare-s
## Paths should be allowed as values and work as expected
checkConfigOutput '^true$' config.submodule.enable ./declare-submoduleWith-path.nix
## deferredModule
# default module is merged into nodes.foo
checkConfigOutput '"beta"' config.nodes.foo.settingsDict.c ./deferred-module.nix
# errors from the default module are reported with accurate location
checkConfigError 'In `the-file-that-contains-the-bad-config.nix, via option default'\'': "bogus"' config.nodes.foo.bottom ./deferred-module.nix
checkConfigError '.*lib/tests/modules/deferred-module-error.nix, via option deferred [(]:anon-1:anon-1:anon-1[)] does not look like a module.' config.result ./deferred-module-error.nix
# Check the file location information is propagated into submodules
checkConfigOutput the-file.nix config.submodule.internalFiles.0 ./submoduleFiles.nix
# Check that disabledModules works recursively and correctly
checkConfigOutput '^true$' config.enable ./disable-recursive/main.nix
checkConfigOutput '^true$' config.enable ./disable-recursive/{main.nix,disable-foo.nix}

View file

@ -0,0 +1,20 @@
{ config, lib, ... }:
let
inherit (lib) types mkOption setDefaultModuleLocation evalModules;
inherit (types) deferredModule lazyAttrsOf submodule str raw enum;
in
{
options = {
deferred = mkOption {
type = deferredModule;
};
result = mkOption {
default = (evalModules { modules = [ config.deferred ]; }).config.result;
};
};
config = {
deferred = { ... }:
# this should be an attrset, so this fails
true;
};
}

View file

@ -0,0 +1,58 @@
{ lib, ... }:
let
inherit (lib) types mkOption setDefaultModuleLocation;
inherit (types) deferredModule lazyAttrsOf submodule str raw enum;
in
{
imports = [
# generic module, declaring submodules:
# - nodes.<name>
# - default
# where all nodes include the default
({ config, ... }: {
_file = "generic.nix";
options.nodes = mkOption {
type = lazyAttrsOf (submodule { imports = [ config.default ]; });
default = {};
};
options.default = mkOption {
type = deferredModule;
default = { };
description = ''
Module that is included in all nodes.
'';
};
})
{
_file = "default-1.nix";
default = { config, ... }: {
options.settingsDict = lib.mkOption { type = lazyAttrsOf str; default = {}; };
options.bottom = lib.mkOption { type = enum []; };
};
}
{
_file = "default-a-is-b.nix";
default = ./define-settingsDict-a-is-b.nix;
}
{
_file = "nodes-foo.nix";
nodes.foo.settingsDict.b = "beta";
}
{
_file = "the-file-that-contains-the-bad-config.nix";
default.bottom = "bogus";
}
{
_file = "nodes-foo-c-is-a.nix";
nodes.foo = { config, ... }: {
settingsDict.c = config.settingsDict.a;
};
}
];
}

View file

@ -0,0 +1,3 @@
{ config, ... }: {
settingsDict.a = config.settingsDict.b;
}

View file

@ -0,0 +1,21 @@
{ lib, ... }: {
options.submodule = lib.mkOption {
default = {};
type = lib.types.submoduleWith {
modules = [ ({ options, ... }: {
options.value = lib.mkOption {};
options.internalFiles = lib.mkOption {
default = options.value.files;
};
})];
};
};
imports = [
{
_file = "the-file.nix";
submodule.value = 10;
}
];
}

View file

@ -195,7 +195,7 @@ rec {
On each release the first letter is bumped and a new animal is chosen
starting with that new letter.
*/
codeName = "Quokka";
codeName = "Raccoon";
/* Returns the current nixpkgs version suffix as string. */
versionSuffix =
@ -229,6 +229,13 @@ rec {
*/
inNixShell = builtins.getEnv "IN_NIX_SHELL" != "";
/* Determine whether the function is being called from inside pure-eval mode
by seeing whether `builtins` contains `currentSystem`. If not, we must be in
pure-eval mode.
Type: inPureEvalMode :: bool
*/
inPureEvalMode = ! builtins ? currentSystem;
## Integer operations

View file

@ -539,6 +539,36 @@ rec {
modules = toList modules;
};
# A module to be imported in some other part of the configuration.
deferredModule = deferredModuleWith { };
# A module to be imported in some other part of the configuration.
# `staticModules`' options will be added to the documentation, unlike
# options declared via `config`.
deferredModuleWith = attrs@{ staticModules ? [] }: mkOptionType {
name = "deferredModule";
description = "module";
check = x: isAttrs x || isFunction x || path.check x;
merge = loc: defs: {
imports = staticModules ++ map (def: lib.setDefaultModuleLocation "${def.file}, via option ${showOption loc}" def.value) defs;
};
inherit (submoduleWith { modules = staticModules; })
getSubOptions
getSubModules;
substSubModules = m: deferredModuleWith (attrs // {
staticModules = m;
});
functor = defaultFunctor "deferredModuleWith" // {
type = types.deferredModuleWith;
payload = {
inherit staticModules;
};
binOp = lhs: rhs: {
staticModules = lhs.staticModules ++ rhs.staticModules;
};
};
};
# The type of a type!
optionType = mkOptionType {
name = "optionType";
@ -570,28 +600,15 @@ rec {
{ modules
, specialArgs ? {}
, shorthandOnlyDefinesConfig ? false
# Internal variable to avoid `_key` collisions regardless
# of `extendModules`. Wired through by `evalModules`.
# Test case: lib/tests/modules, "168767"
, extensionOffset ? 0
, description ? null
}@attrs:
let
inherit (lib.modules) evalModules;
shorthandToModule = if shorthandOnlyDefinesConfig == false
then value: value
else value: { config = value; };
allModules = defs: imap1 (n: { value, file }:
if isFunction value
then setFunctionArgs
(args: lib.modules.unifyModuleSyntax file "${toString file}-${toString (n + extensionOffset)}" (value args))
(functionArgs value)
else if isAttrs value
then
lib.modules.unifyModuleSyntax file "${toString file}-${toString (n + extensionOffset)}" (shorthandToModule value)
else value
allModules = defs: map ({ value, file }:
if isAttrs value && shorthandOnlyDefinesConfig
then { _file = file; config = value; }
else { _file = file; imports = [ value ]; }
) defs;
base = evalModules {
@ -618,16 +635,19 @@ rec {
freeformType = base._module.freeformType;
in
mkOptionType rec {
name = "submodule";
description = freeformType.description or name;
in
mkOptionType {
inherit name;
description =
if description != null then description
else freeformType.description or name;
check = x: isAttrs x || isFunction x || path.check x;
merge = loc: defs:
(base.extendModules {
modules = [ { _module.args.name = last loc; } ] ++ allModules defs;
prefix = loc;
extensionOffset = extensionOffset + length defs;
}).config;
emptyValue = { value = {}; };
getSubOptions = prefix: (base.extendModules
@ -647,9 +667,7 @@ rec {
functor = defaultFunctor name // {
type = types.submoduleWith;
payload = {
modules = modules;
specialArgs = specialArgs;
shorthandOnlyDefinesConfig = shorthandOnlyDefinesConfig;
inherit modules specialArgs shorthandOnlyDefinesConfig description;
};
binOp = lhs: rhs: {
modules = lhs.modules ++ rhs.modules;
@ -666,6 +684,14 @@ rec {
else if lhs.shorthandOnlyDefinesConfig == rhs.shorthandOnlyDefinesConfig
then lhs.shorthandOnlyDefinesConfig
else throw "A submoduleWith option is declared multiple times with conflicting shorthandOnlyDefinesConfig values";
description =
if lhs.description == null
then rhs.description
else if rhs.description == null
then lhs.description
else if lhs.description == rhs.description
then lhs.description
else throw "A submoduleWith option is declared multiple times with conflicting descriptions";
};
};
};

View file

@ -1,5 +1,5 @@
/* Helper function to implement a fallback for the bit operators
`bitAnd`, `bitOr` and `bitXOr` on older nix version.
`bitAnd`, `bitOr` and `bitXor` on older nix version.
See ./trivial.nix
*/
f: x: y:

View file

@ -459,6 +459,12 @@
githubId = 20405311;
name = "Aksh Gupta";
};
alapshin = {
email = "alapshin@fastmail.com";
github = "alapshin";
githubId = 321946;
name = "Andrei Lapshin";
};
albakham = {
email = "dev@geber.ga";
github = "albakham";
@ -1164,6 +1170,12 @@
githubId = 706854;
name = "Etienne Laurin";
};
atry = {
name = "Bo Yang";
email = "atry@fb.com";
github = "Atry";
githubId = 601530;
};
attila-lendvai = {
name = "Attila Lendvai";
email = "attila@lendvai.name";
@ -1412,6 +1424,12 @@
githubId = 916366;
name = "Brandon Elam Barker";
};
bbenno = {
email = "nix@bbenno.com";
github = "bbenno";
githubId = 32938211;
name = "Benno Bielmeier";
};
bbigras = {
email = "bigras.bruno@gmail.com";
github = "bbigras";
@ -1700,6 +1718,17 @@
githubId = 50839;
name = "Brian Jones";
};
booklearner = {
name = "booklearner";
email = "hey@booklearner.org";
matrix = "@booklearner:matrix.org";
github = "booklearner";
githubId = 103979114;
keys = [{
longkeyid = "ed25519/0x0C61C4E5907F76C8";
fingerprint = "17C7 95D4 871C 2F87 83C8 053D 0C61 C4E5 907F 76C8";
}];
};
bootstrap-prime = {
email = "bootstrap.prime@gmail.com";
github = "bootstrap-prime";
@ -2305,6 +2334,12 @@
githubId = 3956062;
name = "Simon Lackerbauer";
};
cimm = {
email = "8k9ft8m5gv@astil.be";
github = "cimm";
githubId = 68112;
name = "Simon";
};
cirno-999 = {
email = "reverene@protonmail.com";
github = "cirno-999";
@ -3423,6 +3458,12 @@
fingerprint = "389A 78CB CD88 5E0C 4701 DEB9 FD42 C7D0 D414 94C8";
}];
};
dukc = {
email = "ajieskola@gmail.com";
github = "dukc";
githubId = 24233408;
name = "Ate Eskola";
};
dump_stack = {
email = "root@dumpstack.io";
github = "jollheef";
@ -3547,6 +3588,12 @@
github = "edlimerkaj";
githubId = 71988351;
};
elliottslaughter = {
name = "Elliott Slaughter";
email = "elliottslaughter@gmail.com";
github = "elliottslaughter";
githubId = 3129;
};
emantor = {
email = "rouven+nixos@czerwinskis.de";
github = "emantor";
@ -3662,6 +3709,12 @@
githubId = 103082;
name = "Ed Brindley";
};
elizagamedev = {
email = "eliza@eliza.sh";
github = "elizagamedev";
githubId = 4576666;
name = "Eliza Velasquez";
};
elliot = {
email = "hack00mind@gmail.com";
github = "Eliot00";
@ -3729,11 +3782,12 @@
githubId = 57923898;
name = "Elyhaka";
};
em0lar = {
email = "nix@em0lar.dev";
github = "em0lar";
githubId = 11006031;
name = "Leo Maroni";
emmabastas = {
email = "emma.bastas@protonmail.com";
matrix = "@emmabastas:matrix.org";
github = "emmabastas";
githubId = 22533224;
name = "Emma Bastås";
};
emmanuelrosa = {
email = "emmanuelrosa@protonmail.com";
@ -4242,6 +4296,13 @@
fingerprint = "2F93 661D AC17 EA98 A104 F780 ECC7 55EE 583C 1672";
}];
};
fleaz = {
email = "mail@felixbreidenstein.de";
matrix = "@fleaz:rainbownerds.de";
github = "fleaz";
githubId = 2489598;
name = "Felix Breidenstein";
};
flexagoon = {
email = "flexagoon@pm.me";
github = "flexagoon";
@ -4500,6 +4561,12 @@
fingerprint = "0200 3EF8 8D2B CF2D 8F00 FFDC BBB3 E40E 5379 7FD9";
}];
};
GaetanLepage = {
email = "gaetan@glepage.com";
github = "GaetanLepage";
githubId = 33058747;
name = "Gaetan Lepage";
};
gal_bolle = {
email = "florent.becker@ens-lyon.org";
github = "FlorentBecker";
@ -4902,6 +4969,12 @@
githubId = 1498782;
name = "Jesse Haber-Kucharsky";
};
hamburger1984 = {
email = "hamburger1984@gmail.com";
github = "hamburger1984";
githubId = 438976;
name = "Andreas Krohn";
};
hamhut1066 = {
email = "github@hamhut1066.com";
github = "moredhel";
@ -5024,6 +5097,12 @@
githubId = 2405974;
name = "Sébastian Méric de Bellefon";
};
helium = {
email = "helium.dev@tuta.io";
github = "helium18";
githubId = 86223025;
name = "helium";
};
henkkalkwater = {
email = "chris+nixpkgs@netsoj.nl";
github = "HenkKalkwater";
@ -5316,6 +5395,16 @@
githubId = 1031119;
name = "Ian-Woo Kim";
};
ibizaman = {
email = "ibizapeanut@gmail.com";
github = "ibizaman";
githubId = 1044950;
name = "Pierre Penninckx";
keys = [{
longkeyid = "rsa2048/0xD4C5C37E6031A3FE";
fingerprint = "A01F 10C6 7176 B2AE 2A34 1A56 D4C5 C37E 6031 A3FE";
}];
};
iblech = {
email = "iblech@speicherleck.de";
github = "iblech";
@ -5439,6 +5528,12 @@
githubId = 510202;
name = "Ismaël Bouya";
};
imsofi = {
email = "sofi+git@mailbox.org";
github = "imsofi";
githubId = 20756843;
name = "Sofi";
};
imuli = {
email = "i@imu.li";
github = "imuli";
@ -5451,6 +5546,12 @@
githubId = 37965;
name = "Léo Stefanesco";
};
infinidoge = {
name = "Infinidoge";
email = "infinidoge@inx.moe";
github = "Infinidoge";
githubId = 22727114;
};
infinisil = {
email = "contact@infinisil.com";
matrix = "@infinisil:matrix.org";
@ -5865,6 +5966,12 @@
githubId = 1667473;
name = "Jethro Kuan";
};
jevy = {
email = "jevin@quickjack.ca";
github = "jevy";
githubId = 110620;
name = "Jevin Maltais";
};
jfb = {
email = "james@yamtime.com";
github = "tftio";
@ -6336,6 +6443,13 @@
githubId = 1189739;
name = "Julio Borja Barra";
};
jugendhacker = {
name = "j.r";
email = "j.r@jugendhacker.de";
github = "jugendhacker";
githubId = 12773748;
matrix = "@j.r:chaos.jetzt";
};
juliendehos = {
email = "dehos@lisic.univ-littoral.fr";
github = "juliendehos";
@ -6570,6 +6684,13 @@
fingerprint = "932F 3E8E 1C0F 4A98 95D7 B8B8 B0CA A28A 0295 8308";
}];
};
kenran = {
email = "johannes.maier@mailbox.org";
github = "kenranunderscore";
githubId = 5188977;
matrix = "@kenran_:matrix.org";
name = "Johannes Maier";
};
kentjames = {
email = "jameschristopherkent@gmail.com";
github = "kentjames";
@ -6601,6 +6722,13 @@
githubId = 8211181;
name = "Kevin Kandlbinder";
};
kfears = {
email = "kfearsoff@gmail.com";
github = "KFearsoff";
githubId = 66781795;
matrix = "@kfears:matrix.org";
name = "KFears";
};
kfollesdal = {
email = "kfollesdal@gmail.com";
github = "kfollesdal";
@ -6621,7 +6749,7 @@
};
khushraj = {
email = "khushraj.rathod@gmail.com";
github = "KhushrajRathod";
github = "khrj";
githubId = 44947946;
name = "Khushraj Rathod";
keys = [{
@ -6709,13 +6837,13 @@
name = "Jim Fowler";
};
kittywitch = {
email = "kat@kittywit.ch";
email = "kat@inskip.me";
github = "kittywitch";
githubId = 67870215;
name = "kat witch";
name = "Kat Inskip";
keys = [{
longkeyid = "rsa4096/0x7248991EFA8EFBEE";
fingerprint = "01F5 0A29 D4AA 9117 5A11 BDB1 7248 991E FA8E FBEE";
longkeyid = "rsa4096/0xE8DDE3ED1C90F3A0";
fingerprint = "9CC6 44B5 69CD A59B C874 C4C9 E8DD E3ED 1C90 F3A0";
}];
};
kiwi = {
@ -6954,13 +7082,6 @@
githubId = 449813;
name = "Roman Kuznetsov";
};
kvark = {
name = "Dzmitry Malyshau";
email = "kvark@fastmail.com";
matrix = "@kvark:matrix.org";
github = "kvark";
githubId = 107301;
};
kwohlfahrt = {
email = "kai.wohlfahrt@gmail.com";
github = "kwohlfahrt";
@ -7192,6 +7313,12 @@
githubId = 8355305;
name = "leo60228";
};
leona = {
email = "nix@leona.is";
github = "leona-ya";
githubId = 11006031;
name = "Leona Maroni";
};
leonardoce = {
email = "leonardo.cecchi@gmail.com";
github = "leonardoce";
@ -7835,6 +7962,12 @@
githubId = 65531;
name = "Mario Rodas";
};
marsupialgutz = {
email = "mars@possums.xyz";
github = "marsupialgutz";
githubId = 33522919;
name = "Marshall Arruda";
};
martijnvermaat = {
email = "martijn@vermaat.name";
github = "martijnvermaat";
@ -7917,6 +8050,12 @@
githubId = 19036;
name = "Matthew Bauer";
};
matthiasbenaets = {
email = "matthias.benaets@gmail.com";
github = "MatthiasBenaets";
githubId = 89214559;
name = "Matthias Benaets";
};
matthiasbeyer = {
email = "mail@beyermatthias.de";
matrix = "@musicmatze:beyermatthi.as";
@ -8104,6 +8243,12 @@
githubId = 1377571;
name = "Matthew S. Daiter";
};
mdarocha = {
email = "marek@mdarocha.pl";
github = "mdarocha";
githubId = 11572618;
name = "Marek Darocha";
};
mdevlamynck = {
email = "matthias.devlamynck@mailoo.org";
github = "mdevlamynck";
@ -8393,6 +8538,17 @@
fingerprint = "3196 83D3 9A1B 4DE1 3DC2 51FD FEA8 88C9 F5D6 4F62";
}];
};
minion3665 = {
name = "Skyler Grey";
email = "skyler3665@gmail.com";
matrix = "@minion3665:matrix.org";
github = "Minion3665";
githubId = 34243578;
keys = [{
longkeyid = "rsa4096/0x1AFD10256B3C714D";
fingerprint = "D520 AC8D 7C96 9212 5B2B BD3A 1AFD 1025 6B3C 714D";
}];
};
mir06 = {
email = "armin.leuprecht@uni-graz.at";
github = "mir06";
@ -8668,17 +8824,6 @@
githubId = 3073833;
name = "Massimo Redaelli";
};
mrhedgehog = {
name = "Mr Hedgehog";
email = "hedgehog@mrhedgehog.xyz";
matrix = "@mrhedgehog:jupiterbroadcasting.com";
github = "ModdedGamers";
githubId = 35778371;
keys = [{
longkeyid = "rsa4096/0x7D5107866B1C6752";
fingerprint = "38A0 29B0 4A7E 4C13 A4BB 86C8 7D51 0786 6B1C 6752";
}];
};
mrkkrp = {
email = "markkarpov92@gmail.com";
github = "mrkkrp";
@ -8973,12 +9118,24 @@
githubId = 3747396;
name = "Nathan Isom";
};
necrophcodr = {
email = "nc@scalehost.eu";
github = "necrophcodr";
githubId = 575887;
name = "Steffen Rytter Postas";
};
neilmayhew = {
email = "nix@neil.mayhew.name";
github = "neilmayhew";
githubId = 166791;
name = "Neil Mayhew";
};
nek0 = {
email = "nek0@nek0.eu";
github = "nek0";
githubId = 1859691;
name = "Amedeo Molnár";
};
nelsonjeppesen = {
email = "nix@jeppesen.io";
github = "NelsonJeppesen";
@ -9731,6 +9888,12 @@
githubId = 6931743;
name = "pasqui23";
};
patricksjackson = {
email = "patrick@jackson.dev";
github = "patricksjackson";
githubId = 160646;
name = "Patrick Jackson";
};
patryk27 = {
email = "pwychowaniec@pm.me";
github = "Patryk27";
@ -9789,6 +9952,12 @@
githubId = 8641;
name = "Pierre Carrier";
};
pedrohlc = {
email = "root@pedrohlc.com";
github = "PedroHLC";
githubId = 1368952;
name = "Pedro Lara Campos";
};
penguwin = {
email = "penguwin@penguwin.eu";
github = "penguwin";
@ -10104,6 +10273,18 @@
githubId = 10473184;
name = "Jia Xiaodong";
};
pogobanane = {
email = "mail@peter-okelmann.de";
github = "pogobanane";
githubId = 38314551;
name = "Peter Okelmann";
};
polarmutex = {
email = "brian@brianryall.xyz";
github = "polarmutex";
githubId = 115141;
name = "Brian Ryall";
};
polendri = {
email = "paul@ijj.li";
github = "polendri";
@ -10122,6 +10303,12 @@
githubId = 81340136;
name = "polykernel";
};
poelzi = {
email = "nix@poelzi.org";
github = "poelzi";
githubId = 66107;
name = "Daniel Poelzleithner";
};
polyrod = {
email = "dc1mdp@gmail.com";
github = "polyrod";
@ -11320,13 +11507,19 @@
longkeyid = "rsa2048/0x8E8FF66E2AE8D970";
fingerprint = "30BB FF3F AB0B BB3E 0435 F83C 8E8F F66E 2AE8 D970";
}];
};
};
scode = {
email = "peter.schuller@infidyne.com";
github = "scode";
githubId = 59476;
name = "Peter Schuller";
};
scoder12 = {
name = "Spencer Pogorzelski";
email = "34356756+Scoder12@users.noreply.github.com";
github = "scoder12";
githubId = 34356756;
};
scolobb = {
email = "sivanov@colimite.fr";
github = "scolobb";
@ -11665,6 +11858,12 @@
github = "simarra";
githubId = 14372987;
};
simoneruffini = {
email = "simone.ruffini@tutanota.com";
github = "simoneruffini";
githubId = 50401154;
name = "Simone Ruffini";
};
simonchatts = {
email = "code@chatts.net";
github = "simonchatts";
@ -11863,6 +12062,12 @@
githubId = 26806;
name = "Scott Olson";
};
somasis = {
email = "kylie@somas.is";
github = "somasis";
githubId = 264788;
name = "Kylie McClain";
};
SomeoneSerge = {
email = "sergei.kozlukov@aalto.fi";
matrix = "@ss:someonex.net";
@ -12132,6 +12337,12 @@
githubId = 48666;
name = "Matthew \"strager\" Glazar";
};
strikerlulu = {
email = "strikerlulu7@gmail.com";
github = "strikerlulu";
githubId = 38893265;
name = "StrikerLulu";
};
stumoss = {
email = "samoss@gmail.com";
github = "stumoss";
@ -12156,6 +12367,12 @@
githubId = 12984845;
name = "Subhrajyoti Sen";
};
sudosubin = {
email = "sudosubin@gmail.com";
github = "sudosubin";
githubId = 32478597;
name = "Subin Kim";
};
suhr = {
email = "suhr@i2pmail.org";
github = "suhr";
@ -12600,6 +12817,17 @@
githubId = 8547242;
name = "Stefan Rohrbacher";
};
thehedgeh0g = {
name = "The Hedgehog";
email = "hedgehog@mrhedgehog.xyz";
matrix = "@mrhedgehog:jupiterbroadcasting.com";
github = "ModdedGamers";
githubId = 35778371;
keys = [{
longkeyid = "rsa4096/0x7D5107866B1C6752";
fingerprint = "38A0 29B0 4A7E 4C13 A4BB 86C8 7D51 0786 6B1C 6752";
}];
};
thelegy = {
email = "mail+nixos@0jb.de";
github = "thelegy";
@ -12776,6 +13004,12 @@
fingerprint = "556A 403F B0A2 D423 F656 3424 8489 B911 F9ED 617B";
}];
};
tljuniper = {
email = "tljuniper1@gmail.com";
github = "tljuniper";
githubId = 48209000;
name = "Anna Gillert";
};
tmarkovski = {
email = "tmarkovski@gmail.com";
github = "tmarkovski";
@ -13510,6 +13744,17 @@
email = "kirill.wedens@gmail.com";
name = "wedens";
};
WeebSorceress = {
name = "WeebSorceress";
email = "hello@weebsorceress.anonaddy.me";
matrix = "@weebsorceress:matrix.org";
github = "WeebSorceress";
githubId = 106774777;
keys = [{
longkeyid = "rsa4096/0x7F57344317F0FA43";
fingerprint = "659A 9BC3 F904 EC24 1461 2EFE 7F57 3443 17F0 FA43";
}];
};
wegank = {
name = "Weijia Wang";
email = "contact@weijia.wang";
@ -13933,6 +14178,12 @@
githubId = 7040031;
name = "Yannik Sander";
};
yureien = {
email = "contact@sohamsen.me";
github = "Yureien";
githubId = 17357089;
name = "Soham Sen";
};
yuriaisaka = {
email = "yuri.aisaka+nix@gmail.com";
github = "yuriaisaka";
@ -14570,4 +14821,22 @@
fingerprint = "41EA 00B4 00F9 6970 1CB2 D3AF EF90 E3E9 8B8F 5C0B";
}];
};
snpschaaf = {
email = "philipe.schaaf@secunet.com";
name = "Philippe Schaaf";
github = "snpschaaf";
githubId = 105843013;
};
jali-clarke = {
email = "jinnah.ali-clarke@outlook.com";
name = "Jinnah Ali-Clarke";
github = "jali-clarke";
githubId = 17733984;
};
npatsakula = {
email = "nikita.patsakula@gmail.com";
name = "Patsakula Nikita";
github = "npatsakula";
githubId = 23001619;
};
}

View file

@ -1,6 +1,6 @@
#! /usr/bin/env nix-shell
#! nix-shell -p "haskellPackages.ghcWithPackages (p: [p.aeson p.req])"
#! nix-shell -p hydra_unstable
#! nix-shell -p hydra-unstable
#! nix-shell -i runhaskell
{-
@ -20,14 +20,12 @@ Because step 1) is quite expensive and takes roughly ~5 minutes the result is ca
{-# LANGUAGE DerivingStrategies #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE MultiWayIf #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE TupleSections #-}
{-# OPTIONS_GHC -Wall #-}
{-# LANGUAGE ViewPatterns #-}
{-# LANGUAGE TupleSections #-}
{-# OPTIONS_GHC -Wall #-}
import Control.Monad (forM_, (<=<))
import Control.Monad.Trans (MonadIO (liftIO))

View file

@ -1,4 +1,8 @@
-- default of luarocks listed at src/luarocks/core/cfg.lua
-- keep this list synced with pkgs/build-support/fetchurl/mirrors.nix
rocks_servers = {
"https://luarocks.org"
"https://luarocks.org",
"https://raw.githubusercontent.com/rocks-moonscript-org/moonrocks-mirror/master/"
}
version_check_on_fail = false

View file

@ -61,7 +61,7 @@ for bin in $(find $binaryDist -executable -type f) :; do
uniq;
)
if test "$names" = "glibc"; then names="stdenv.glibc"; fi
if test "$names" = "glibc"; then names="glibc"; fi
if echo $names | grep -c "gcc" &> /dev/null; then names="stdenv.cc.cc"; fi
if test $lib != $libPath; then

View file

@ -31,7 +31,7 @@ from pluginupdate import Editor, update_plugins, FetchConfig, CleanEnvironment
PKG_LIST="maintainers/scripts/luarocks-packages.csv"
TMP_FILE="$(mktemp)"
GENERATED_NIXFILE="pkgs/development/lua-modules/generated-packages.nix"
LUAROCKS_CONFIG="$NIXPKGS_PATH/maintainers/scripts/luarocks-config.lua"
LUAROCKS_CONFIG="maintainers/scripts/luarocks-config.lua"
HEADER = """/* {GENERATED_NIXFILE} is an auto-generated file -- DO NOT EDIT!
Regenerate it with:
@ -158,14 +158,14 @@ def generate_pkg_nix(plug: LuaPlugin):
Our cache key associates "p.name-p.version" to its rockspec
'''
log.debug("Generating nix expression for %s", plug.name)
cmd = [ "luarocks", "nix"]
custom_env = os.environ.copy()
custom_env['LUAROCKS_CONFIG'] = LUAROCKS_CONFIG
cmd = [ "luarocks", "nix"]
if plug.maintainers:
cmd.append(f"--maintainers={plug.maintainers}")
# updates plugin directly from its repository
print("server: [%s]" % plug.server)
# if plug.server == "src":
if plug.src != "":
if plug.src is None:
@ -194,7 +194,8 @@ def generate_pkg_nix(plug: LuaPlugin):
cmd.append(f"--lua-dir={lua_drv_path}/bin")
log.debug("running %s", ' '.join(cmd))
output = subprocess.check_output(cmd, text=True)
output = subprocess.check_output(cmd, env=custom_env, text=True)
output = "callPackage(" + output.strip() + ") {};\n\n"
return (plug, output)

View file

@ -355,6 +355,16 @@ with lib.maintainers; {
shortName = "Linux Kernel";
};
lumiguide = {
# Verify additions by approval of an already existing member of the team.
members = [
roelvandijk
lucus16
];
scope = "Group registration for LumiGuide employees who collectively maintain packages.";
shortName = "Lumiguide employees";
};
lumina = {
members = [
romildo

View file

@ -120,14 +120,14 @@ lib.mkOption {
```nix
lib.mkPackageOption pkgs "GHC" {
default = [ "ghc" ];
example = "pkgs.haskell.package.ghc922.ghc.withPackages (hkgs: [ hkgs.primes ])";
example = "pkgs.haskell.package.ghc923.ghc.withPackages (hkgs: [ hkgs.primes ])";
}
# is like
lib.mkOption {
type = lib.types.package;
default = pkgs.ghc;
defaultText = lib.literalExpression "pkgs.ghc";
example = lib.literalExpression "pkgs.haskell.package.ghc922.ghc.withPackages (hkgs: [ hkgs.primes ])";
example = lib.literalExpression "pkgs.haskell.package.ghc923.ghc.withPackages (hkgs: [ hkgs.primes ])";
description = "The GHC package to use.";
}
```

View file

@ -220,6 +220,25 @@ Value types are types that take a value parameter.
requires using a function:
`the-submodule = { ... }: { options = { ... }; }`.
`types.deferredModule`
: Whereas `submodule` represents an option tree, `deferredModule` represents
a module value, such as a module file or a configuration.
It can be set multiple times.
Module authors can use its value in `imports`, in `submoduleWith`'s `modules`
or in `evalModules`' `modules` parameter, among other places.
Note that `imports` must be evaluated before the module fixpoint. Because
of this, deferred modules can only be imported into "other" fixpoints, such
as submodules.
One use case for this type is the type of a "default" module that allow the
user to affect all submodules in an `attrsOf submodule` at once. This is
more convenient and discoverable than expecting the module user to
type-merge with the `attrsOf submodule` option.
## Composed Types {#sec-option-types-composed}
Composed types are types that take a type as parameter. `listOf
@ -308,6 +327,10 @@ The option set can be defined directly
([Example: Directly defined submodule](#ex-submodule-direct)) or as reference
([Example: Submodule defined as a reference](#ex-submodule-reference)).
Note that even if your submodules options all have a default value,
you will still need to provide a default value (e.g. an empty attribute set)
if you want to allow users to leave it undefined.
::: {#ex-submodule-direct .example}
::: {.title}
**Example: Directly defined submodule**

View file

@ -332,6 +332,19 @@ repository):
'';
```
Similarly, the type checking of test scripts can be disabled in the following
way:
```nix
import ./make-test-python.nix {
skipTypeCheck = true;
nodes.machine =
{ config, pkgs, ... }:
{ configuration…
};
}
```
## Failing tests early {#ssec-failing-tests-early}
To fail tests early when certain invariables are no longer met (instead of waiting for the build to time out), the decorator `polling_condition` is provided. For example, if we are testing a program `foo` that should not quit after being started, we might write the following:
@ -380,3 +393,25 @@ with foo_running:
def foo_running():
machine.succeed("pgrep -x foo")
```
## Adding Python packages to the test script {#ssec-python-packages-in-test-script}
When additional Python libraries are required in the test script, they can be
added using the parameter `extraPythonPackages`. For example, you could add
`numpy` like this:
```nix
import ./make-test-python.nix
{
extraPythonPackages = p: [ p.numpy ];
nodes = { };
testScript = ''
import numpy as np
assert str(np.zeros(4) == "array([0., 0., 0., 0.])")
'';
}
```
In that case, `numpy` is chosen from the generic `python3Packages`.

View file

@ -183,14 +183,14 @@ lib.mkOption {
<programlisting language="bash">
lib.mkPackageOption pkgs &quot;GHC&quot; {
default = [ &quot;ghc&quot; ];
example = &quot;pkgs.haskell.package.ghc922.ghc.withPackages (hkgs: [ hkgs.primes ])&quot;;
example = &quot;pkgs.haskell.package.ghc923.ghc.withPackages (hkgs: [ hkgs.primes ])&quot;;
}
# is like
lib.mkOption {
type = lib.types.package;
default = pkgs.ghc;
defaultText = lib.literalExpression &quot;pkgs.ghc&quot;;
example = lib.literalExpression &quot;pkgs.haskell.package.ghc922.ghc.withPackages (hkgs: [ hkgs.primes ])&quot;;
example = lib.literalExpression &quot;pkgs.haskell.package.ghc923.ghc.withPackages (hkgs: [ hkgs.primes ])&quot;;
description = &quot;The GHC package to use.&quot;;
}
</programlisting>

View file

@ -427,6 +427,43 @@
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>
<literal>types.deferredModule</literal>
</term>
<listitem>
<para>
Whereas <literal>submodule</literal> represents an option
tree, <literal>deferredModule</literal> represents a module
value, such as a module file or a configuration.
</para>
<para>
It can be set multiple times.
</para>
<para>
Module authors can use its value in
<literal>imports</literal>, in
<literal>submoduleWith</literal><quote>s
<literal>modules</literal> or in
<literal>evalModules</literal></quote>
<literal>modules</literal> parameter, among other places.
</para>
<para>
Note that <literal>imports</literal> must be evaluated
before the module fixpoint. Because of this, deferred
modules can only be imported into <quote>other</quote>
fixpoints, such as submodules.
</para>
<para>
One use case for this type is the type of a
<quote>default</quote> module that allow the user to affect
all submodules in an <literal>attrsOf submodule</literal> at
once. This is more convenient and discoverable than
expecting the module user to type-merge with the
<literal>attrsOf submodule</literal> option.
</para>
</listitem>
</varlistentry>
</variablelist>
</section>
<section xml:id="sec-option-types-composed">
@ -617,6 +654,12 @@
(<link linkend="ex-submodule-reference">Example: Submodule defined
as a reference</link>).
</para>
<para>
Note that even if your submodules options all have a default
value, you will still need to provide a default value (e.g. an
empty attribute set) if you want to allow users to leave it
undefined.
</para>
<anchor xml:id="ex-submodule-direct" />
<para>
<emphasis role="strong">Example: Directly defined

View file

@ -589,6 +589,19 @@ import ./make-test-python.nix {
Python code…
# fmt: on
'';
</programlisting>
<para>
Similarly, the type checking of test scripts can be disabled in
the following way:
</para>
<programlisting language="bash">
import ./make-test-python.nix {
skipTypeCheck = true;
nodes.machine =
{ config, pkgs, ... }:
{ configuration…
};
}
</programlisting>
</section>
<section xml:id="ssec-failing-tests-early">
@ -652,4 +665,30 @@ def foo_running():
```
</programlisting>
</section>
<section xml:id="ssec-python-packages-in-test-script">
<title>Adding Python packages to the test script</title>
<para>
When additional Python libraries are required in the test script,
they can be added using the parameter
<literal>extraPythonPackages</literal>. For example, you could add
<literal>numpy</literal> like this:
</para>
<programlisting language="bash">
import ./make-test-python.nix
{
extraPythonPackages = p: [ p.numpy ];
nodes = { };
testScript = ''
import numpy as np
assert str(np.zeros(4) == &quot;array([0., 0., 0., 0.])&quot;)
'';
}
</programlisting>
<para>
In that case, <literal>numpy</literal> is chosen from the generic
<literal>python3Packages</literal>.
</para>
</section>
</section>

View file

@ -0,0 +1,94 @@
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-booting-via-kexec">
<title><quote>Booting</quote> into NixOS via kexec</title>
<para>
In some cases, your system might already be booted into/preinstalled
with another Linux distribution, and booting NixOS by attaching an
installation image is quite a manual process.
</para>
<para>
This is particularly useful for (cloud) providers where you cant
boot a custom image, but get some Debian or Ubuntu installation.
</para>
<para>
In these cases, it might be easier to use <literal>kexec</literal>
to <quote>jump into NixOS</quote> from the running system, which
only assumes <literal>bash</literal> and <literal>kexec</literal> to
be installed on the machine.
</para>
<para>
Note that kexec may not work correctly on some hardware, as devices
are not fully re-initialized in the process. In practice, this
however is rarely the case.
</para>
<para>
To build the necessary files from your current version of nixpkgs,
you can run:
</para>
<programlisting>
nix-build -A kexec.x86_64-linux '&lt;nixpkgs/nixos/release.nix&gt;'
</programlisting>
<para>
This will create a <literal>result</literal> directory containing
the following:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
<literal>bzImage</literal> (the Linux kernel)
</para>
</listitem>
<listitem>
<para>
<literal>initrd</literal> (the initrd file)
</para>
</listitem>
<listitem>
<para>
<literal>kexec-boot</literal> (a shellscript invoking
<literal>kexec</literal>)
</para>
</listitem>
</itemizedlist>
<para>
These three files are meant to be copied over to the other already
running Linux Distribution.
</para>
<para>
Note its symlinks pointing elsewhere, so <literal>cd</literal> in,
and use <literal>scp * root@$destination</literal> to copy it over,
rather than rsync.
</para>
<para>
Once you finished copying, execute <literal>kexec-boot</literal>
<emphasis>on the destination</emphasis>, and after some seconds, the
machine should be booting into an (ephemeral) NixOS installation
medium.
</para>
<para>
In case you want to describe your own system closure to kexec into,
instead of the default installer image, you can build your own
<literal>configuration.nix</literal>:
</para>
<programlisting language="bash">
{ modulesPath, ... }: {
imports = [
(modulesPath + &quot;/installer/netboot/netboot-minimal.nix&quot;)
];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
&quot;my-ssh-pubkey&quot;
];
}
</programlisting>
<programlisting>
nix-build '&lt;nixpkgs/nixos&gt;' \
--arg configuration ./configuration.nix
--attr config.system.build.kexecTree
</programlisting>
<para>
Make sure your <literal>configuration.nix</literal> does still
import <literal>netboot-minimal.nix</literal> (or
<literal>netboot-base.nix</literal>).
</para>
</section>

View file

@ -638,6 +638,7 @@ $ passwd eelco
<title>Additional installation notes</title>
<xi:include href="installing-usb.section.xml" />
<xi:include href="installing-pxe.section.xml" />
<xi:include href="installing-kexec.section.xml" />
<xi:include href="installing-virtualbox-guest.section.xml" />
<xi:include href="installing-from-other-distro.section.xml" />
<xi:include href="installing-behind-a-proxy.section.xml" />

View file

@ -12,7 +12,7 @@
<listitem>
<para>
<emphasis>Stable channels</emphasis>, such as
<link xlink:href="https://nixos.org/channels/nixos-21.11"><literal>nixos-21.11</literal></link>.
<link xlink:href="https://nixos.org/channels/nixos-22.05"><literal>nixos-22.05</literal></link>.
These only get conservative bug fixes and package upgrades. For
instance, a channel update may cause the Linux kernel on your
system to be upgraded from 4.19.34 to 4.19.38 (a minor bug fix),
@ -33,7 +33,7 @@
<listitem>
<para>
<emphasis>Small channels</emphasis>, such as
<link xlink:href="https://nixos.org/channels/nixos-21.11-small"><literal>nixos-21.11-small</literal></link>
<link xlink:href="https://nixos.org/channels/nixos-22.05-small"><literal>nixos-22.05-small</literal></link>
or
<link xlink:href="https://nixos.org/channels/nixos-unstable-small"><literal>nixos-unstable-small</literal></link>.
These are identical to the stable and unstable channels
@ -60,8 +60,8 @@
<para>
When you first install NixOS, youre automatically subscribed to the
NixOS channel that corresponds to your installation source. For
instance, if you installed from a 21.11 ISO, you will be subscribed
to the <literal>nixos-21.11</literal> channel. To see which NixOS
instance, if you installed from a 22.05 ISO, you will be subscribed
to the <literal>nixos-22.05</literal> channel. To see which NixOS
channel youre subscribed to, run the following as root:
</para>
<programlisting>
@ -76,17 +76,17 @@ nixos https://nixos.org/channels/nixos-unstable
</programlisting>
<para>
(Be sure to include the <literal>nixos</literal> parameter at the
end.) For instance, to use the NixOS 21.11 stable channel:
end.) For instance, to use the NixOS 22.05 stable channel:
</para>
<programlisting>
# nix-channel --add https://nixos.org/channels/nixos-21.11 nixos
# nix-channel --add https://nixos.org/channels/nixos-22.05 nixos
</programlisting>
<para>
If you have a server, you may want to use the <quote>small</quote>
channel instead:
</para>
<programlisting>
# nix-channel --add https://nixos.org/channels/nixos-21.11-small nixos
# nix-channel --add https://nixos.org/channels/nixos-22.05-small nixos
</programlisting>
<para>
And if you want to live on the bleeding edge:
@ -146,7 +146,7 @@ system.autoUpgrade.allowReboot = true;
also specify a channel explicitly, e.g.
</para>
<programlisting language="bash">
system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.11;
system.autoUpgrade.channel = https://nixos.org/channels/nixos-22.05;
</programlisting>
</section>
</chapter>

View file

@ -0,0 +1,176 @@
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-22.11">
<title>Release 22.11 (“Raccoon”, 2022.11/??)</title>
<para>
Support is planned until the end of June 2023, handing over to
23.05.
</para>
<section xml:id="sec-release-22.11-highlights">
<title>Highlights</title>
<para>
In addition to numerous new and upgraded packages, this release
has the following highlights:
</para>
<itemizedlist>
<listitem>
<para>
During cross-compilation, tests are now executed if the test
suite can be executed by the build platform. This is the case
when doing “native” cross-compilation where the build and host
platforms are largely the same, but the nixpkgs cross
compilation infrastructure is used, e.g.
<literal>pkgsStatic</literal> and <literal>pkgsLLVM</literal>.
Another possibility is that the build platform is a superset
of the host platform, e.g. when cross-compiling from
<literal>x86_64-unknown-linux</literal> to
<literal>i686-unknown-linux</literal>. The predicate gating
test suite execution is the newly added
<literal>canExecute</literal> predicate: You can e.g. check if
<literal>stdenv.buildPlatform</literal> can execute binaries
built for <literal>stdenv.hostPlatform</literal> (i.e.
produced by <literal>stdenv.cc</literal>) by evaluating
<literal>stdenv.buildPlatform.canExecute stdenv.hostPlatform</literal>.
</para>
</listitem>
<listitem>
<para>
PHP now defaults to PHP 8.1, updated from 8.0.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.11-new-services">
<title>New Services</title>
<itemizedlist>
<listitem>
<para>
<link xlink:href="https://github.com/jollheef/appvm">appvm</link>,
Nix based app VMs. Available as
<link xlink:href="options.html#opt-virtualisation.appvm.enable">virtualisation.appvm</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://dragonflydb.io/">dragonflydb</link>,
a modern replacement for Redis and Memcached. Available as
<link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/leetronics/infnoise">infnoise</link>,
a hardware True Random Number Generator dongle. Available as
<link xlink:href="options.html#opt-services.infnoise.enable">services.infnoise</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/aiberia/persistent-evdev">persistent-evdev</link>,
a daemon to add virtual proxy devices that mirror a physical
input device but persist even if the underlying hardware is
hot-plugged. Available as
<link linkend="opt-services.persistent-evdev.enable">services.persistent-evdev</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.expressvpn.com">expressvpn</link>,
the CLI client for ExpressVPN. Available as
<link linkend="opt-services.expressvpn.enable">services.expressvpn</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.11-incompatibilities">
<title>Backward Incompatibilities</title>
<itemizedlist>
<listitem>
<para>
The <literal>isCompatible</literal> predicate checking CPU
compatibility is no longer exposed by the platform sets
generated using <literal>lib.systems.elaborate</literal>. In
most cases you will want to use the new
<literal>canExecute</literal> predicate instead which also
considers the kernel / syscall interface. It is briefly
described in the releases
<link linkend="sec-release-22.11-highlights">highlights
section</link>.
<literal>lib.systems.parse.isCompatible</literal> still
exists, but has changed semantically: Architectures with
differing endianness modes are <emphasis>no longer considered
compatible</emphasis>.
</para>
</listitem>
<listitem>
<para>
<literal>ngrok</literal> has been upgraded from 2.3.40 to
3.0.4. Please see
<link xlink:href="https://ngrok.com/docs/guides/upgrade-v2-v3">the
upgrade guide</link> and
<link xlink:href="https://ngrok.com/docs/ngrok-agent/changelog">changelog</link>.
Notably, breaking changes are that the config file format has
changed and support for single hypen arguments was dropped.
</para>
</listitem>
<listitem>
<para>
The <literal>isPowerPC</literal> predicate, found on
<literal>platform</literal> attrsets
(<literal>hostPlatform</literal>,
<literal>buildPlatform</literal>,
<literal>targetPlatform</literal>, etc) has been removed in
order to reduce confusion. The predicate was was defined such
that it matches only the 32-bit big-endian members of the
POWER/PowerPC family, despite having a name which would imply
a broader set of systems. If you were using this predicate,
you can replace <literal>foo.isPowerPC</literal> with
<literal>(with foo; isPower &amp;&amp; is32bit &amp;&amp; isBigEndian)</literal>.
</para>
</listitem>
<listitem>
<para>
PHP 7.4 is no longer supported due to upstream not supporting
this version for the entire lifecycle of the 22.11 release.
</para>
</listitem>
<listitem>
<para>
(Neo)Vim can not be configured with
<literal>configure.pathogen</literal> anymore to reduce
maintainance burden. Use <literal>configure.packages</literal>
instead.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.11-notable-changes">
<title>Other Notable Changes</title>
<itemizedlist>
<listitem>
<para>
A new module was added for the Saleae Logic device family,
providing the options
<literal>hardware.saleae-logic.enable</literal> and
<literal>hardware.saleae-logic.package</literal>.
</para>
</listitem>
<listitem>
<para>
Matrix Synapse now requires entries in the
<literal>state_group_edges</literal> table to be unique, in
order to prevent accidentally introducing duplicate
information (for example, because a database backup was
restored multiple times). If your Synapse database already has
duplicate rows in this table, this could fail with an error
and require manual remediation.
</para>
</listitem>
<listitem>
<para>
memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2.
It is now the upstream version from https://www.memtest.org/,
as coreboots fork is no longer available.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View file

@ -0,0 +1,64 @@
# "Booting" into NixOS via kexec {#sec-booting-via-kexec}
In some cases, your system might already be booted into/preinstalled with
another Linux distribution, and booting NixOS by attaching an installation
image is quite a manual process.
This is particularly useful for (cloud) providers where you can't boot a custom
image, but get some Debian or Ubuntu installation.
In these cases, it might be easier to use `kexec` to "jump into NixOS" from the
running system, which only assumes `bash` and `kexec` to be installed on the
machine.
Note that kexec may not work correctly on some hardware, as devices are not
fully re-initialized in the process. In practice, this however is rarely the
case.
To build the necessary files from your current version of nixpkgs,
you can run:
```ShellSession
nix-build -A kexec.x86_64-linux '<nixpkgs/nixos/release.nix>'
```
This will create a `result` directory containing the following:
- `bzImage` (the Linux kernel)
- `initrd` (the initrd file)
- `kexec-boot` (a shellscript invoking `kexec`)
These three files are meant to be copied over to the other already running
Linux Distribution.
Note it's symlinks pointing elsewhere, so `cd` in, and use
`scp * root@$destination` to copy it over, rather than rsync.
Once you finished copying, execute `kexec-boot` *on the destination*, and after
some seconds, the machine should be booting into an (ephemeral) NixOS
installation medium.
In case you want to describe your own system closure to kexec into, instead of
the default installer image, you can build your own `configuration.nix`:
```nix
{ modulesPath, ... }: {
imports = [
(modulesPath + "/installer/netboot/netboot-minimal.nix")
];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"my-ssh-pubkey"
];
}
```
```ShellSession
nix-build '<nixpkgs/nixos>' \
--arg configuration ./configuration.nix
--attr config.system.build.kexecTree
```
Make sure your `configuration.nix` does still import `netboot-minimal.nix` (or
`netboot-base.nix`).

View file

@ -476,6 +476,7 @@ With a partitioned disk.
```{=docbook}
<xi:include href="installing-usb.section.xml" />
<xi:include href="installing-pxe.section.xml" />
<xi:include href="installing-kexec.section.xml" />
<xi:include href="installing-virtualbox-guest.section.xml" />
<xi:include href="installing-from-other-distro.section.xml" />
<xi:include href="installing-behind-a-proxy.section.xml" />

View file

@ -6,7 +6,7 @@ expressions and associated binaries. The NixOS channels are updated
automatically from NixOS's Git repository after certain tests have
passed and all packages have been built. These channels are:
- *Stable channels*, such as [`nixos-21.11`](https://nixos.org/channels/nixos-21.11).
- *Stable channels*, such as [`nixos-22.05`](https://nixos.org/channels/nixos-22.05).
These only get conservative bug fixes and package upgrades. For
instance, a channel update may cause the Linux kernel on your system
to be upgraded from 4.19.34 to 4.19.38 (a minor bug fix), but not
@ -19,7 +19,7 @@ passed and all packages have been built. These channels are:
radical changes between channel updates. It's not recommended for
production systems.
- *Small channels*, such as [`nixos-21.11-small`](https://nixos.org/channels/nixos-21.11-small)
- *Small channels*, such as [`nixos-22.05-small`](https://nixos.org/channels/nixos-22.05-small)
or [`nixos-unstable-small`](https://nixos.org/channels/nixos-unstable-small).
These are identical to the stable and unstable channels described above,
except that they contain fewer binary packages. This means they get updated
@ -38,8 +38,8 @@ newest supported stable release.
When you first install NixOS, you're automatically subscribed to the
NixOS channel that corresponds to your installation source. For
instance, if you installed from a 21.11 ISO, you will be subscribed to
the `nixos-21.11` channel. To see which NixOS channel you're subscribed
instance, if you installed from a 22.05 ISO, you will be subscribed to
the `nixos-22.05` channel. To see which NixOS channel you're subscribed
to, run the following as root:
```ShellSession
@ -54,16 +54,16 @@ To switch to a different NixOS channel, do
```
(Be sure to include the `nixos` parameter at the end.) For instance, to
use the NixOS 21.11 stable channel:
use the NixOS 22.05 stable channel:
```ShellSession
# nix-channel --add https://nixos.org/channels/nixos-21.11 nixos
# nix-channel --add https://nixos.org/channels/nixos-22.05 nixos
```
If you have a server, you may want to use the "small" channel instead:
```ShellSession
# nix-channel --add https://nixos.org/channels/nixos-21.11-small nixos
# nix-channel --add https://nixos.org/channels/nixos-22.05-small nixos
```
And if you want to live on the bleeding edge:
@ -114,5 +114,5 @@ the new generation contains a different kernel, initrd or kernel
modules. You can also specify a channel explicitly, e.g.
```nix
system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.11;
system.autoUpgrade.channel = https://nixos.org/channels/nixos-22.05;
```

View file

@ -8,6 +8,7 @@
This section lists the release notes for each stable version of NixOS and
current unstable revision.
</para>
<xi:include href="../from_md/release-notes/rl-2211.section.xml" />
<xi:include href="../from_md/release-notes/rl-2205.section.xml" />
<xi:include href="../from_md/release-notes/rl-2111.section.xml" />
<xi:include href="../from_md/release-notes/rl-2105.section.xml" />

View file

@ -1,53 +1,44 @@
# Release 22.05 (“Quokka”, 2022.05/??) {#sec-release-22.05}
In addition to numerous new and upgraded packages, this release has the following highlights:
# Release 22.05 (“Quokka”, 2022.05/30) {#sec-release-22.05}
- Support is planned until the end of December 2022, handing over to 22.11.
## Highlights {#sec-release-22.05-highlights}
- The `firefox` browser on `x86_64-linux` is now making use of
profile-guided optimization resulting in a much more responsive
browsing experience.
In addition to numerous new and upgraded packages, this release has the following highlights:
- `security.acme.defaults` has been added to simplify configuring
settings for many certificates at once. This also opens up the
the option to use DNS-01 validation when using `enableACME` on
web server virtual hosts (e.g. `services.nginx.virtualHosts.*.enableACME`).
- Nix has been updated from 2.3 to 2.8. This mainly brings experimental support
for Flakes, but also marks the `nix` command as experimental which now has to
be enabled via the configuration explicitly. For more information and
instructions for upgrades, see the
relase notes for [nix-2.4](https://nixos.org/manual/nix/stable/release-notes/rl-2.4.html),
[nix-2.5](https://nixos.org/manual/nix/stable/release-notes/rl-2.5.html),
[nix-2.6](https://nixos.org/manual/nix/stable/release-notes/rl-2.6.html),
[nix-2.7](https://nixos.org/manual/nix/stable/release-notes/rl-2.7.html) and
[nix-2.8](https://nixos.org/manual/nix/stable/release-notes/rl-2.8.html)
- GNOME has been upgraded to 42. Please take a look at their [Release Notes](https://release.gnome.org/42/) for details. Notably, it replaces gedit with GNOME Text Editor, GNOME Terminal with GNOME Console (formerly Kings Cross), and GNOME Screenshot with a tool built into the Shell.
- The `firefox` browser on `x86_64-linux` now makes use of profile-guided
optimisation, resulting in a much more responsive browsing experience.
- `stdenv.mkDerivation` now supports a self-referencing `finalAttrs:` parameter
containing the final `mkDerivation` arguments including overrides.
`drv.overrideAttrs` now supports two parameters `finalAttrs: previousAttrs:`.
This allows packaging configuration to be overridden in a consistent manner by
providing an alternative to `rec {}` syntax.
- GNOME has been upgraded to 42. Please take a look at their [Release
Notes](https://release.gnome.org/42/) for details. In particular, it replaces
gedit with GNOME Text Editor, GNOME Terminal with GNOME Console (formerly
King's Cross) and GNOME Screenshot by a tool integrated into the Shell.
Additionally, `passthru` can now reference `finalAttrs.finalPackage` containing
the final package, including attributes such as the output paths and
`overrideAttrs`.
New language integrations can be simplified by overriding a "prototype"
package containing the language-specific logic. This removes the need for a
extra layer of overriding for the "generic builder" arguments, thus removing a
usability problem and source of error.
- PHP 8.1 is now available
- Mattermost has been updated to extended support release 6.3, as the previously packaged extended support release 5.37 is [reaching its end of life](https://docs.mattermost.com/upgrade/extended-support-release.html).
Migrations may take a while, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release)
and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html).
- PHP 8.1 is now available.
- systemd services can now set [systemd.services.\<name\>.reloadTriggers](#opt-systemd.services) instead of `reloadIfChanged` for a more granular distinction between reloads and restarts.
- Systemd has been upgraded to the version 250.
- Pulseaudio has been upgraded to version 15.0 and now optionally [supports additional Bluetooth audio codecs](https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/15.0/#supportforldacandaptxbluetoothcodecsplussbcxqsbcwithhigher-qualityparameters) like aptX or LDAC, with codec switching support being available in `pavucontrol`. This feature is disabled by default but can be enabled by using `hardware.pulseaudio.package = pkgs.pulseaudioFull;`.
Existing 3rd party modules that provided similar functionality, like `pulseaudio-modules-bt` or `pulseaudio-hsphfpd` are deprecated and have been removed.
- Pulseaudio has been updated to version 15.0 and now optionally
[supports additional Bluetooth audio codecs](https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/15.0/#supportforldacandaptxbluetoothcodecsplussbcxqsbcwithhigher-qualityparameters)
such as aptX or LDAC, with codec switching available in `pavucontrol`. This
feature is disabled by default, but can be enabled with the option
`hardware.pulseaudio.package = pkgs.pulseaudioFull;`. Existing third-party
modules that offered similar functions, such as `pulseaudio-modules-bt` or
`pulseaudio-hsphfpd`, are obsolete and have been removed.
- The new [`postgresqlTestHook`](https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook) runs a PostgreSQL server for the duration of package checks.
- [`kops`](https://kops.sigs.k8s.io) defaults to 1.22.4, which will enable [Instance Metadata Service Version 2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) and require tokens on new clusters with Kubernetes 1.22. This will increase security by default, but may break some types of workloads. See the [release notes](https://kops.sigs.k8s.io/releases/1.22-notes/) for details.
- PostgreSQL now defaults to major version 14.
- Module authors can use `mkRenamedOptionModuleWith` to automate the deprecation cycle without annoying out-of-tree module authors and their users.
@ -55,91 +46,130 @@ In addition to numerous new and upgraded packages, this release has the followin
- The GNOME and Plasma installation CDs now use `pkgs.calamares` and `pkgs.calamares-nixos-extensions` to allow users to easily install and set up NixOS with a GUI.
- `security.acme.defaults` has been added to simplify the configuration of
settings for many certificates at once. This also opens up the option to use
DNS-01 validation when using `enableACME` web server virtual hosts (e.g.
`services.nginx.virtualHosts.*.enableACME`).
## New Services {#sec-release-22.05-new-services}
- [1password](https://1password.com/), command-lines and graphic interface for 1Password. Available as [programs._1password](#opt-programs._1password.enable) and [programs._1password-gui](#opt-programs._1password.enable).
- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
- [rootless Docker](https://docs.docker.com/engine/security/rootless/), a `systemd --user` Docker service which runs without root permissions. Available as [virtualisation.docker.rootless.enable](options.html#opt-virtualisation.docker.rootless.enable).
- [matrix-conduit](https://conduit.rs/), a simple, fast and reliable chat server powered by matrix. Available as [services.matrix-conduit](option.html#opt-services.matrix-conduit.enable).
- [nethoscope](https://github.com/vvilhonen/nethoscope), listen to your network traffic. Available as [programs.nethoscope](#opt-programs.nethoscope.enable).
- [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable).
- [agate](https://github.com/mbrubeck/agate), a very simple server for the Gemini hypertext protocol. Available as [services.agate](#opt-services.agate.enable).
- [apfs](https://github.com/linux-apfs/linux-apfs-rw), a kernel module for mounting the Apple File System (APFS).
- [FRRouting](https://frrouting.org/), a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VRRP and others). Available as [services.frr](#opt-services.frr.babel.enable)
- [ArchiSteamFarm](https://github.com/JustArchiNET/ArchiSteamFarm), a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Available as [services.archisteamfarm](#opt-services.archisteamfarm.enable).
- [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](options.html#opt-services.heisenbridge.enable).
- [BaGet](https://loic-sharma.github.io/BaGet/), a lightweight NuGet and symbol server. Available at [services.baget](#opt-services.baget.enable).
- [snowflake-proxy](https://snowflake.torproject.org/), a system to defeat internet censorship. Available as [services.snowflake-proxy](options.html#opt-services.snowflake-proxy.enable).
- [bird-lg](https://github.com/xddxdd/bird-lg-go), a BGP looking glass for Bird Routing. Available as [services.bird-lg](#opt-services.bird-lg.package).
- [ergochat](https://ergo.chat), a modern IRC with IRCv3 features. Available as [services.ergochat](options.html#opt-services.ergochat.enable).
- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features. Available as [services.blocky](#opt-services.blocky.enable).
- [Snipe-IT](https://snipeitapp.com), a free open source IT asset/license management system. Available as [services.snipe-it](options.html#opt-services.snipe-it.enable).
- [cloudflare-dyndns](https://github.com/kissgyorgy/cloudflare-dyndns), CloudFlare Dynamic DNS client. Available as [services.cloudflare-dyndns](#opt-services.cloudflare-dyndns.enable).
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](options.html#opt-services.powerdns-admin.enable).
- [Corosync](https://corosync.github.io/corosync/) and [Pacemaker](https://clusterlabs.org/pacemaker/), A open-source high availability resource manager. Available as [services.corosync](#opt-services.corosync.enable) and [services.pacemaker](#opt-services.pacemaker.enable).
- [pgadmin4](https://github.com/postgres/pgadmin4), an admin interface for the PostgreSQL database. Available at [services.pgadmin](options.html#opt-services.pgadmin.enable).
- [create_ap](https://github.com/lakinduakash/linux-wifi-hotspot), a module for creating wifi hotspots using the program linux-wifi-hotspot. Available as [services.create_ap](#opt-services.create_ap.enable).
- [input-remapper](https://github.com/sezanzeb/input-remapper), an easy to use tool to change the mapping of your input device buttons. Available at [services.input-remapper](options.html#opt-services.input-remapper.enable).
- [Envoy](https://www.envoyproxy.io/), a high-performance reverse proxy. Available as [services.envoy](#opt-services.envoy.enable).
- [InvoicePlane](https://invoiceplane.com), web application for managing and creating invoices. Available at [services.invoiceplane](options.html#opt-services.invoiceplane.enable).
- [ergochat](https://ergo.chat), a modern IRC with IRCv3 features. Available as [services.ergochat](#opt-services.ergochat.enable).
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
- [ethercalc](https://github.com/audreyt/ethercalc), an online collaborative spreadsheet. Available as [services.ethercalc](#opt-services.ethercalc.enable).
- [K40-Whisperer](https://www.scorchworks.com/K40whisperer/k40whisperer.html), a program to control cheap Chinese laser cutters. Available as [programs.k40-whisperer.enable](options.html#opt-programs.k4-whisperer.enable). Users must add themselves to the `k40` group to be able to access the device.
- [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable).
- [mozillavpn](https://github.com/mozilla-mobile/mozilla-vpn-client), the client for the [Mozilla VPN](https://vpn.mozilla.org/) service. Available as [services.mozillavpn](options.html#opt-services.mozillavpn).
- [FRRouting](https://frrouting.org/), a popular suite of Internet routing protocol daemons (BGP, BFD, OSPF, IS-IS, VRRP and others). Available as [services.frr](#opt-services.frr.babel.enable).
- [mtr-exporter](https://github.com/mgumz/mtr-exporter), a Prometheus exporter for mtr metrics. Available as [services.mtr-exporter](options.html#opt-services.mtr-exporter.enable).
- [Grafana Mimir](https://grafana.com/oss/mimir/), an open source, horizontally scalable, highly available, multi-tenant, long-term storage for Prometheus. Available as [services.mimir](#opt-services.mimir.enable).
- [prometheus-pve-exporter](https://github.com/prometheus-pve/prometheus-pve-exporter), a tool that exposes information from the Proxmox VE API for use by Prometheus. Available as [services.prometheus.exporters.pve](options.html#opt-services.prometheus.exporters.pve).
- [Haste](https://hastebin.com/about.md), a pastebin written in node.js. Available as [services.haste](#opt-services.haste-server.enable).
- [netbox](https://github.com/netbox-community/netbox), infrastructure resource modeling (IRM) tool. Available as [services.netbox](options.html#opt-services.netbox.enable).
- [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](#opt-services.headscale.enable).
- [heisenbridge](https://github.com/hifi/heisenbridge), a bouncer-style Matrix IRC bridge. Available as [services.heisenbridge](#opt-services.heisenbridge.enable).
- [https-dns-proxy](https://github.com/aarond10/https_dns_proxy), DNS to DNS over HTTPS (DoH) proxy. Available as [services.https-dns-proxy](#opt-services.https-dns-proxy.enable).
- [input-remapper](https://github.com/sezanzeb/input-remapper), an easy to use tool to change the mapping of your input device buttons. Available at [services.input-remapper](#opt-services.input-remapper.enable).
- [InvoicePlane](https://invoiceplane.com), web application for managing and creating invoices. Available at [services.invoiceplane](#opt-services.invoiceplane.sites._name_.enable).
- [k3b](https://userbase.kde.org/K3b), the KDE disk burning application. Available as [programs.k3b](#opt-programs.k3b.enable).
- [K40-Whisperer](https://www.scorchworks.com/K40whisperer/k40whisperer.html), a program to control cheap Chinese laser cutters. Available as [programs.k40-whisperer.enable](#opt-programs.k40-whisperer.enable). Users must add themselves to the `k40` group to be able to access the device.
- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust. Available as [services.kanidm](#opt-services.kanidm.enableServer)
- [Maddy](https://maddy.email/), a free an open source mail server. Availabe as [services.maddy](#opt-services.maddy.enable).
- [matrix-conduit](https://conduit.rs/), a simple, fast and reliable chat server powered by matrix. Available as [services.matrix-conduit](option.html#opt-services.matrix-conduit.enable).
- [Moosefs](https://moosefs.com), fault tolerant petabyte distributed file system. Available as [moosefs](#opt-services.moosefs.master.enable).
- [mozillavpn](https://github.com/mozilla-mobile/mozilla-vpn-client), the client for the [Mozilla VPN](https://vpn.mozilla.org/) service. Available as [services.mozillavpn](#opt-services.mozillavpn.enable).
- [mtr-exporter](https://github.com/mgumz/mtr-exporter), a Prometheus exporter for mtr metrics. Available as [services.mtr-exporter](#opt-services.mtr-exporter.enable).
- [nbd](https://nbd.sourceforge.io/), a Network Block Device server. Available as [services.nbd](#opt-services.nbd.server.enable).
- [netbox](https://github.com/netbox-community/netbox), infrastructure resource modeling (IRM) tool. Available as [services.netbox](#opt-services.netbox.enable).
- [nethoscope](https://github.com/vvilhonen/nethoscope), listen to your network traffic. Available as [programs.nethoscope](#opt-programs.nethoscope.enable).
- [nifi](https://nifi.apache.org), an easy to use, powerful, and reliable system to process and distribute data. Available as [services.nifi](#opt-services.nifi.enable).
- [nix-ld](https://github.com/Mic92/nix-ld), Run unpatched dynamic binaries on NixOS. Available as [programs.nix-ld](#opt-programs.nix-ld.enable).
- [NNCP](http://www.nncpgo.org), NNCP (Node to Node copy) utilities and configuration, Available as [programs.nncp](#opt-programs.nncp.enable).
- [pgadmin4](https://github.com/postgres/pgadmin4), an admin interface for the PostgreSQL database. Available at [services.pgadmin](#opt-services.pgadmin.enable).
- [PowerDNS-Admin](https://github.com/ngoduykhanh/PowerDNS-Admin), a web interface for the PowerDNS server. Available at [services.powerdns-admin](#opt-services.powerdns-admin.enable).
- [prometheus-pve-exporter](https://github.com/prometheus-pve/prometheus-pve-exporter), a tool that exposes information from the Proxmox VE API for use by Prometheus. Available as [services.prometheus.exporters.pve](#opt-services.prometheus.exporters.pve.enable).
- [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable).
- [Public Inbox](https://public-inbox.org), an "archives first" approach to mailing lists. Available as [services.public-inbox](#opt-services.public-inbox.enable).
- [r53-ddns](https://github.com/fleaz/r53-ddns), a small tool to run your own DDNS service via AWS Route53. Available as [services.r53-ddns](#opt-services.r53-ddns.enable).
- [rmfakecloud](https://ddvk.github.io/rmfakecloud/), a clone of the cloud sync the remarkable tablet. Available as [services.rmfakecloud](#opt-services.rmfakecloud.enable).
- [rootless Docker](https://docs.docker.com/engine/security/rootless/), a `systemd --user` Docker service which runs without root permissions. Available as [virtualisation.docker.rootless.enable](#opt-virtualisation.docker.rootless.enable).
- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](#opt-services.rstudio-server.enable).
- [rtsp-simple-server](https://github.com/aler9/rtsp-simple-server), ready-to-use RTSP / RTMP / HLS server and proxy that allows to read, publish and proxy video and audio streams. Available as [services.rtsp-simple-server](#opt-services.rtsp-simple-server.enable).
- [Snipe-IT](https://snipeitapp.com), a free open source IT asset/license management system. Available as [services.snipe-it](#opt-services.snipe-it.enable).
- [snowflake-proxy](https://snowflake.torproject.org/), a system to defeat internet censorship. Available as [services.snowflake-proxy](#opt-services.snowflake-proxy.enable).
- [sslmate-agent](https://sslmate.com/), a daemon for managing SSL/TLS certificates on a server. Available as [services.sslmate-agent](services.sslmate-agent.enable).
- [starship](https://starship.rs), a minimal, blazing-fast, and infinitely customizable prompt for any shell. Available at [programs.startship](#opt-programs.starship.enable).
- [systembus-notify](https://github.com/rfjakob/systembus-notify), allow system level notifications to reach the users. Available as [services.systembus-notify](opt-services.systembus-notify.enable). Please keep in mind that this service should only be enabled on machines with fully trusted users, as any local user is able to DoS user sessions by spamming notifications.
- [teleport](https://goteleport.com), allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. Available at [services.teleport](#opt-services.teleport.enable).
- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable).
- [uptermd](https://upterm.dev), an open-source solution for sharing terminal sessions instantly over the public internet via secure tunnels. Available at [services.uptermd](#opt-services.uptermd.enable).
- [agate](https://github.com/mbrubeck/agate), a very simple server for the Gemini hypertext protocol. Available as [services.agate](options.html#opt-services.agate.enable).
- [usbrelayd](https://github.com/darrylb123/usbrelay), an USB Relay MQTT daemon. Available as [services.usbrelayd](#opt-services.usbrelayd.enable).
- [ArchiSteamFarm](https://github.com/JustArchiNET/ArchiSteamFarm), a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Available as [services.archisteamfarm](options.html#opt-services.archisteamfarm.enable).
- [webdav-server-rs](https://github.com/miquels/webdav-server-rs), Webdav server in rust. Available as [services.webdav-server-rs](#opt-services.webdav-server-rs.enable).
- [teleport](https://goteleport.com), allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. Available at [services.teleport](#opt-services.teleport.enable).
- [wg-netmanager](https://github.com/gin66/wg_netmanager), the Wireguard network manager. Available as [services.wg-netmanager](#opt-services.wg-netmanager.enable).
- [BaGet](https://loic-sharma.github.io/BaGet/), a lightweight NuGet and symbol server. Available at [services.baget](#opt-services.baget.enable).
- [moosefs](https://moosefs.com), fault tolerant petabyte distributed file system.
Available as [moosefs](#opt-services.moosefs.client.enable).
- [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable).
- [systembus-notify](https://github.com/rfjakob/systembus-notify), allow system level notifications to reach the users. Available as [services.systembus-notify](opt-services.systembus-notify.enable). Please keep in mind that this service should only be enabled on machines with fully trusted users, as any local user is able to DoS user sessions by spamming notifications.
- [ethercalc](https://github.com/audreyt/ethercalc), an online collaborative
spreadsheet. Available as [services.ethercalc](options.html#opt-services.ethercalc.enable).
- [nbd](https://nbd.sourceforge.io/), a Network Block Device server. Available as [services.nbd](options.html#opt-services.nbd.server.enable).
- [nix-ld](https://github.com/Mic92/nix-ld), Run unpatched dynamic binaries on NixOS. Available as [programs.nix-ld](options.html#opt-programs.nix-ld.enable).
- [timetagger](https://timetagger.app), an open source time-tracker with an intuitive user experience and powerful reporting. [services.timetagger](options.html#opt-services.timetagger.enable).
- [rstudio-server](https://www.rstudio.com/products/rstudio/#rstudio-server), a browser-based version of the RStudio IDE for the R programming language. Available as [services.rstudio-server](options.html#opt-services.rstudio-server.enable).
- [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](options.html#opt-services.headscale.enable)
- [create_ap](https://github.com/lakinduakash/linux-wifi-hotspot), a module for creating wifi hotspots using the program linux-wifi-hotspot. Available as [services.create_ap](options.html#opt-services.create_ap.enable).
- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features.
- [pacemaker](https://clusterlabs.org/pacemaker/) cluster resource manager
- [nifi](https://nifi.apache.org), an easy to use, powerful, and reliable system to process and distribute data. Available as [services.nifi](options.html#opt-services.nifi.enable).
- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust.
- [Zammad](https://zammad.org/), a web-based, open source user support/ticketing solution. Available as [services.zammad](#opt-services.zammad.enable).
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@ -163,6 +193,10 @@ In addition to numerous new and upgraded packages, this release has the followin
`useLLVM`. So instead of `(ghc.withPackages (p: [])).override { withLLVM = true; }`,
one needs to use `(ghc.withPackages.override { useLLVM = true; }) (p: [])`.
- The update of the haskell package set brings with it a new version of the `xmonad`
module, which will break your configuration if you use `launch` as entrypoint. The
example code the corresponding nixos module was adjusted, you may want to have a look at it.
- The `home-assistant` module now requires users that don't want their
configuration to be managed declaratively to set
`services.home-assistant.config = null;`. This is required
@ -187,6 +221,8 @@ In addition to numerous new and upgraded packages, this release has the followin
This is to improve compatibility with `libcontainer` based software such as Podman and Skopeo
which assumes they have ownership over `/etc/containers`.
- `lib.systems.supported` has been removed, as it was overengineered for determining the systems to support in the nixpkgs flake. The list of systems exposed by the nixpkgs flake can now be accessed as `lib.systems.flakeExposed`.
- For new installations `virtualisation.oci-containers.backend` is now set to `podman` by default.
If you still want to use Docker on systems where `system.stateVersion` is set to to `"22.05"` set `virtualisation.oci-containers.backend = "docker";`.Old systems with older `stateVersion`s stay with "docker".
@ -238,6 +274,10 @@ In addition to numerous new and upgraded packages, this release has the followin
- In the ncdns module, the default value of `services.ncdns.address` has been changed to the IPv6 loopback address (`::1`).
- `openldap` (and therefore the slapd LDAP server) were updated to version 2.6.2. The project introduced backwards-incompatible changes, namely the removal of the bdb, hdb, ndb, and shell backends in slapd. Therefore before updating, dump your database `slapcat -n 1` in LDIF format, and reimport it after updating your `services.openldap.settings`, which represents your `cn=config`.
Additionally with 2.5 the argon2 module was included in the standard distrubtion and renamed from `pw-argon2` to `argon2`. Remember to update your `olcModuleLoad` entry in `cn=config`.
- `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface.
- `git` no longer hardcodes the path to openssh' ssh binary to reduce the amount of rebuilds. If you are using git with ssh remotes and do not have a ssh binary in your enviroment consider adding `openssh` to it or switching to `gitFull`.
@ -356,13 +396,13 @@ In addition to numerous new and upgraded packages, this release has the followin
};
extraConfigFiles = [
/run/keys/matrix-synapse/secrets.yaml
"/run/keys/matrix-synapse/secrets.yaml"
];
};
}
```
The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`.
The secrets in your original config should be migrated into a YAML file that is included via `extraConfigFiles`. The filename must be quoted to prevent nix from copying it to the (world readable) store.
Additionally a few option defaults have been synced up with upstream default values, for example the `max_upload_size` grew from `10M` to `50M`. For the same reason, the default
`media_store_path` was changed from `${dataDir}/media` to `${dataDir}/media_store` if `system.stateVersion` is at least `22.05`. Files will need to be manually moved to the new
@ -628,6 +668,10 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `vpnc` package has been changed to use GnuTLS instead of OpenSSL by default for licensing reasons.
- The default version of `nextcloud` is **nextcloud24**. Please note that it's **not** possible to upgrade
`nextcloud` across multiple major versions! This means it's e.g. not possible to upgrade from `nextcloud22`
to `nextcloud24` in a single deploy and most `21.11` users will have to upgrade to `nextcloud23` first.
- `pkgs.vimPlugins.onedark-nvim` now refers to [navarasu/onedark.nvim](https://github.com/navarasu/onedark.nvim)
(formerly refers to [olimorris/onedarkpro.nvim](https://github.com/olimorris/onedarkpro.nvim)).
@ -690,6 +734,13 @@ In addition to numerous new and upgraded packages, this release has the followin
* Legacy options have been mapped to the corresponding options under under [nix.settings](options.html#opt-nix.settings) and will be deprecated when NixOS 21.11 reaches end of life.
* [nix.buildMachines.publicHostKey](options.html#opt-nix.buildMachines.publicHostKey) has been added.
- [`kops`](https://kops.sigs.k8s.io) defaults to 1.23.2, which will enable [Instance Metadata Service Version 2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) and require tokens on new clusters with Kubernetes >= 1.22. This will increase security by default, but may break some types of workloads. The default behaviour for `spec.kubeDNS.nodeLocalDNS.forwardToKubeDNS` has changed from `true` to `false`. Cilium now has `disable-cnp-status-updates: true` by default. Set this to false if you rely on the CiliumNetworkPolicy status fields. Support for Kubernetes 1.17, the Lyft CNI, Weave CNI on Kubernetes >= 1.23, CentOS 7 and 8, Debian 9, RHEL 7, and Ubuntu 16.05 (Xenial) has been removed. See the [1.22 release notes](https://kops.sigs.k8s.io/releases/1.22-notes/) and [1.23 release notes](https://kops.sigs.k8s.io/releases/1.23-notes/) for more details, including other significant changes.
- Mattermost has been upgraded to extended support version 6.3 as the previously
packaged extended support version 5.37 is [reaching end of life](https://docs.mattermost.com/upgrade/extended-support-release.html).
Migration may take some time, see the [changelog](https://docs.mattermost.com/install/self-managed-changelog.html#release-v6-3-extended-support-release)
and [important upgrade notes](https://docs.mattermost.com/upgrade/important-upgrade-notes.html).
- The `writers.writePyPy2`/`writers.writePyPy3` and corresponding `writers.writePyPy2Bin`/`writers.writePyPy3Bin` convenience functions to create executable Python 2/3 scripts using the PyPy interpreter were added.
- Some improvements have been made to the `hadoop` module:
@ -714,6 +765,17 @@ In addition to numerous new and upgraded packages, this release has the followin
redis-cli save
cp /var/lib/redis/dump.rdb "/var/lib/redis-mastodon/dump.rdb"
```
- Peertube now uses services.redis.servers to start a new redis server, instead of using a global redis server.
This improves compatibility with other services that use redis.
Redis database is used for storage only cache and job queue. More information can be found here - [Peertube architecture](https://docs.joinpeertube.org/contribute-architecture).
If you do want to save the redis database, you can use the following commands before upgrade OS:
```bash
redis-cli save
sudo mkdir /var/lib/redis-peertube
sudo cp /var/lib/redis/dump.rdb /var/lib/redis-peertube/dump.rdb
```
- If you are using Wayland you can choose to use the Ozone Wayland support
in Chrome and several Electron apps by setting the environment variable
@ -781,7 +843,6 @@ In addition to numerous new and upgraded packages, this release has the followin
If you are using only a window manager without a desktop manager, you need to enable
`services.xserver.desktopManager.runXdgAutostartIfNone` or using the `dex` package to make `fcitx5` work.
- A new module was added for the Envoy reverse proxy, providing the options `services.envoy.enable` and `services.envoy.settings`.
- The option `services.duplicati.dataDir` has been added to allow changing the location of duplicati's files.
@ -827,9 +888,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- The default value for `programs.spacefm.settings.graphical_su` got unset. It previously pointed to `gksu` which has been removed.
- A new module was added for the [Starship](https://starship.rs/) shell prompt,
providing the options `programs.starship.enable` and `programs.starship.settings`.
- The [Dino](https://dino.im) XMPP client was updated to 0.3, adding support for audio and video calls.
- `services.mattermost.plugins` has been added to allow the declarative installation of Mattermost plugins.
@ -889,6 +947,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The `nss` package was split into `nss_esr` and `nss_latest`, with `nss` being an alias for `nss_esr`. This was done to ease maintenance of `nss` and dependent high-profile packages like `firefox`.
- The default `scribus` version is now 1.5, while version 1.4 is still available as `scribus_1_4` ([#172700](https://github.com/NixOS/nixpkgs/pull/172700)).
- The Nextcloud module now supports to create a Mysql database automatically
with `services.nextcloud.database.createLocally` enabled.
@ -899,8 +959,6 @@ In addition to numerous new and upgraded packages, this release has the followin
- Testing has been enabled for `aarch64-linux` in addition to `x86_64-linux`.
- The `spark3` package is now usable on `aarch64-darwin` as a result of [#158613](https://github.com/NixOS/nixpkgs/pull/158613) and [#158992](https://github.com/NixOS/nixpkgs/pull/158992).
- The `programs.nncp` options were added for generating host-global NNCP configuration.
- The option `services.snapserver.openFirewall` will no longer default to
`true` starting with NixOS 22.11. Enable it explicitly if you need to control
Snapserver remotely or connect streamig clients from other hosts.
@ -912,4 +970,21 @@ In addition to numerous new and upgraded packages, this release has the followin
by a `.network-`unit with a lower priority). In case of scripted networking, no behavior
was changed.
- The new [`postgresqlTestHook`](https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook) runs a PostgreSQL server for the duration of package checks.
- `stdenv.mkDerivation` now supports a self-referencing `finalAttrs:` parameter
containing the final `mkDerivation` arguments including overrides.
`drv.overrideAttrs` now supports two parameters `finalAttrs: previousAttrs:`.
This allows packaging configuration to be overridden in a consistent manner by
providing an alternative to `rec {}` syntax.
Additionally, `passthru` can now reference `finalAttrs.finalPackage` containing
the final package, including attributes such as the output paths and
`overrideAttrs`.
New language integrations can be simplified by overriding a "prototype"
package containing the language-specific logic. This removes the need for a
extra layer of overriding for the "generic builder" arguments, thus removing a
usability problem and source of error.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

View file

@ -0,0 +1,70 @@
# Release 22.11 (“Raccoon”, 2022.11/??) {#sec-release-22.11}
Support is planned until the end of June 2023, handing over to 23.05.
## Highlights {#sec-release-22.11-highlights}
In addition to numerous new and upgraded packages, this release has the following highlights:
- During cross-compilation, tests are now executed if the test suite can be executed
by the build platform. This is the case when doing “native” cross-compilation
where the build and host platforms are largely the same, but the nixpkgs' cross
compilation infrastructure is used, e.g. `pkgsStatic` and `pkgsLLVM`. Another
possibility is that the build platform is a superset of the host platform, e.g. when
cross-compiling from `x86_64-unknown-linux` to `i686-unknown-linux`.
The predicate gating test suite execution is the newly added `canExecute`
predicate: You can e.g. check if `stdenv.buildPlatform` can execute binaries
built for `stdenv.hostPlatform` (i.e. produced by `stdenv.cc`) by evaluating
`stdenv.buildPlatform.canExecute stdenv.hostPlatform`.
- PHP now defaults to PHP 8.1, updated from 8.0.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## New Services {#sec-release-22.11-new-services}
- [appvm](https://github.com/jollheef/appvm), Nix based app VMs. Available as [virtualisation.appvm](options.html#opt-virtualisation.appvm.enable).
- [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable).
- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.
Available as [services.infnoise](options.html#opt-services.infnoise.enable).
- [persistent-evdev](https://github.com/aiberia/persistent-evdev), a daemon to add virtual proxy devices that mirror a physical input device but persist even if the underlying hardware is hot-plugged. Available as [services.persistent-evdev](#opt-services.persistent-evdev.enable).
- [expressvpn](https://www.expressvpn.com), the CLI client for ExpressVPN. Available as [services.expressvpn](#opt-services.expressvpn.enable).
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Backward Incompatibilities {#sec-release-22.11-incompatibilities}
- The `isCompatible` predicate checking CPU compatibility is no longer exposed
by the platform sets generated using `lib.systems.elaborate`. In most cases
you will want to use the new `canExecute` predicate instead which also
considers the kernel / syscall interface. It is briefly described in the
release's [highlights section](#sec-release-22.11-highlights).
`lib.systems.parse.isCompatible` still exists, but has changed semantically:
Architectures with differing endianness modes are *no longer considered compatible*.
- `ngrok` has been upgraded from 2.3.40 to 3.0.4. Please see [the upgrade guide](https://ngrok.com/docs/guides/upgrade-v2-v3)
and [changelog](https://ngrok.com/docs/ngrok-agent/changelog). Notably, breaking changes are that the config file format has
changed and support for single hypen arguments was dropped.
- The `isPowerPC` predicate, found on `platform` attrsets (`hostPlatform`, `buildPlatform`, `targetPlatform`, etc) has been removed in order to reduce confusion. The predicate was was defined such that it matches only the 32-bit big-endian members of the POWER/PowerPC family, despite having a name which would imply a broader set of systems. If you were using this predicate, you can replace `foo.isPowerPC` with `(with foo; isPower && is32bit && isBigEndian)`.
- PHP 7.4 is no longer supported due to upstream not supporting this
version for the entire lifecycle of the 22.11 release.
- (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintainance burden.
Use `configure.packages` instead.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Other Notable Changes {#sec-release-22.11-notable-changes}
- A new module was added for the Saleae Logic device family, providing the options `hardware.saleae-logic.enable` and `hardware.saleae-logic.package`.
- Matrix Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation.
- memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available.
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

View file

@ -50,11 +50,6 @@ let
# they way through, but has the last priority behind everything else.
nixpkgs.system = lib.mkDefault system;
# Stash the value of the `system` argument. When using `nesting.children`
# we want to have the same default value behavior (immediately above)
# without any interference from the user's configuration.
nixpkgs.initialSystem = system;
_module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_);
};
};

View file

@ -20,6 +20,8 @@
, lib
, options
, transformOptions ? lib.id # function for additional tranformations of the options
, documentType ? "appendix" # TODO deprecate "appendix" in favor of "none"
# and/or rename function to moduleOptionDoc for clean slate
, revision ? "" # Specify revision for the options
# a set of options the docs we are generating will be merged into, as if by recursiveUpdate.
# used to split the options doc build into a static part (nixos/modules) and a dynamic part
@ -45,8 +47,11 @@ let
else if lib.isFunction x then "<function>"
else x;
optionsList = lib.flip map optionsListVisible
(opt: transformOptions opt
rawOpts = lib.optionAttrSetToDocList options;
transformedOpts = map transformOptions rawOpts;
filteredOpts = lib.filter (opt: opt.visible && !opt.internal) transformedOpts;
optionsList = lib.flip map filteredOpts
(opt: opt
// lib.optionalAttrs (opt ? example) { example = substSpecial opt.example; }
// lib.optionalAttrs (opt ? default) { default = substSpecial opt.default; }
// lib.optionalAttrs (opt ? type) { type = substSpecial opt.type; }
@ -88,9 +93,6 @@ let
'';
in "<itemizedlist>${lib.concatStringsSep "\n" (map (p: describe (unpack p)) packages)}</itemizedlist>";
# Remove invisible and internal options.
optionsListVisible = lib.filter (opt: opt.visible && !opt.internal) (lib.optionAttrSetToDocList options);
optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList);
in rec {
@ -161,6 +163,7 @@ in rec {
${pkgs.python3Minimal}/bin/python ${./sortXML.py} $optionsXML sorted.xml
${pkgs.libxslt.bin}/bin/xsltproc \
--stringparam documentType '${documentType}' \
--stringparam revision '${revision}' \
-o intermediate.xml ${./options-to-docbook.xsl} sorted.xml
${pkgs.libxslt.bin}/bin/xsltproc \

View file

@ -12,12 +12,25 @@
<xsl:output method='xml' encoding="UTF-8" />
<xsl:param name="revision" />
<xsl:param name="documentType" />
<xsl:param name="program" />
<xsl:template match="/expr/list">
<xsl:choose>
<xsl:when test="$documentType = 'appendix'">
<appendix xml:id="appendix-configuration-options">
<title>Configuration Options</title>
<xsl:call-template name="variable-list"/>
</appendix>
</xsl:when>
<xsl:otherwise>
<xsl:call-template name="variable-list"/>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template name="variable-list">
<variablelist xml:id="configuration-variable-list">
<xsl:for-each select="attrs">
<xsl:variable name="id" select="
@ -102,7 +115,6 @@
</xsl:for-each>
</variablelist>
</appendix>
</xsl:template>

View file

@ -10,6 +10,7 @@
, socat
, tesseract4
, vde2
, extraPythonPackages ? (_ : [])
}:
python3Packages.buildPythonApplication rec {
@ -17,14 +18,25 @@ python3Packages.buildPythonApplication rec {
version = "1.1";
src = ./.;
propagatedBuildInputs = [ coreutils netpbm python3Packages.colorama python3Packages.ptpython qemu_pkg socat vde2 ]
++ (lib.optionals enableOCR [ imagemagick_light tesseract4 ]);
propagatedBuildInputs = [
coreutils
netpbm
python3Packages.colorama
python3Packages.ptpython
qemu_pkg
socat
vde2
]
++ (lib.optionals enableOCR [ imagemagick_light tesseract4 ])
++ extraPythonPackages python3Packages;
doCheck = true;
checkInputs = with python3Packages; [ mypy pylint black ];
checkPhase = ''
mypy --disallow-untyped-defs \
--no-implicit-optional \
--pretty \
--no-color-output \
--ignore-missing-imports ${src}/test_driver
pylint --errors-only --enable=unused-import ${src}/test_driver
black --check --diff ${src}/test_driver

View file

@ -682,7 +682,7 @@ class Machine:
with self.nested("waiting for {} to appear on tty {}".format(regexp, tty)):
retry(tty_matches)
def send_chars(self, chars: List[str]) -> None:
def send_chars(self, chars: str) -> None:
with self.nested("sending keys {}".format(chars)):
for char in chars:
self.send_key(char)

View file

@ -0,0 +1,42 @@
# This file contains type hints that can be prepended to Nix test scripts so they can be type
# checked.
from test_driver.driver import Driver
from test_driver.vlan import VLan
from test_driver.machine import Machine
from test_driver.logger import Logger
from typing import Callable, Iterator, ContextManager, Optional, List, Dict, Any, Union
from typing_extensions import Protocol
from pathlib import Path
class RetryProtocol(Protocol):
def __call__(self, fn: Callable, timeout: int = 900) -> None:
raise Exception("This is just type information for the Nix test driver")
class PollingConditionProtocol(Protocol):
def __call__(
self,
fun_: Optional[Callable] = None,
*,
seconds_interval: float = 2.0,
description: Optional[str] = None,
) -> Union[Callable[[Callable], ContextManager], ContextManager]:
raise Exception("This is just type information for the Nix test driver")
start_all: Callable[[], None]
subtest: Callable[[str], ContextManager[None]]
retry: RetryProtocol
test_script: Callable[[], None]
machines: List[Machine]
vlans: List[VLan]
driver: Driver
log: Logger
create_machine: Callable[[Dict[str, Any]], Machine]
run_tests: Callable[[], None]
join_all: Callable[[], None]
serial_stdout_off: Callable[[], None]
serial_stdout_on: Callable[[], None]
polling_condition: PollingConditionProtocol

View file

@ -50,14 +50,16 @@ rec {
, qemu_pkg ? pkgs.qemu_test
, enableOCR ? false
, skipLint ? false
, skipTypeCheck ? false
, passthru ? {}
, interactive ? false
, extraPythonPackages ? (_ :[])
}:
let
# Reifies and correctly wraps the python test driver for
# the respective qemu version and with or without ocr support
testDriver = pkgs.callPackage ./test-driver {
inherit enableOCR;
inherit enableOCR extraPythonPackages;
qemu_pkg = qemu_test;
imagemagick_light = imagemagick_light.override { inherit libtiff; };
tesseract4 = tesseract4.override { enableLanguages = [ "eng" ]; };
@ -85,7 +87,7 @@ rec {
nodeHostNames = let
nodesList = map (c: c.config.system.name) (lib.attrValues nodes);
in nodesList ++ lib.optional (lib.length nodesList == 1) "machine";
in nodesList ++ lib.optional (lib.length nodesList == 1 && !lib.elem "machine" nodesList) "machine";
# TODO: This is an implementation error and needs fixing
# the testing famework cannot legitimately restrict hostnames further
@ -100,6 +102,9 @@ rec {
then testScript { inherit nodes; }
else testScript;
uniqueVlans = lib.unique (builtins.concatLists vlans);
vlanNames = map (i: "vlan${toString i}: VLan;") uniqueVlans;
machineNames = map (name: "${name}: Machine;") nodeHostNames;
in
if lib.length invalidNodeNames > 0 then
throw ''
@ -113,7 +118,7 @@ rec {
else lib.warnIf skipLint "Linting is disabled" (runCommand testDriverName
{
inherit testName;
nativeBuildInputs = [ makeWrapper ];
nativeBuildInputs = [ makeWrapper mypy ];
testScript = testScript';
preferLocalBuild = true;
passthru = passthru // {
@ -125,7 +130,25 @@ rec {
mkdir -p $out/bin
vmStartScripts=($(for i in ${toString vms}; do echo $i/bin/run-*-vm; done))
echo -n "$testScript" > $out/test-script
${lib.optionalString (!skipTypeCheck) ''
# prepend type hints so the test script can be type checked with mypy
cat "${./test-script-prepend.py}" >> testScriptWithTypes
echo "${builtins.toString machineNames}" >> testScriptWithTypes
echo "${builtins.toString vlanNames}" >> testScriptWithTypes
echo -n "$testScript" >> testScriptWithTypes
# set pythonpath so mypy knows where to find the imports. this requires the py.typed file.
export PYTHONPATH='${./test-driver}'
mypy --no-implicit-optional \
--pretty \
--no-color-output \
testScriptWithTypes
unset PYTHONPATH
''}
echo -n "$testScript" >> $out/test-script
ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-test-driver
${testDriver}/bin/generate-driver-symbols
@ -152,6 +175,7 @@ rec {
, testScript
, enableOCR ? false
, name ? "unnamed"
, skipTypeCheck ? false
# Skip linting (mainly intended for faster dev cycles)
, skipLint ? false
, passthru ? {}
@ -161,6 +185,7 @@ rec {
(if meta.description or null != null
then builtins.unsafeGetAttrPos "description" meta
else builtins.unsafeGetAttrPos "testScript" t)
, extraPythonPackages ? (_ : [])
} @ t:
let
mkNodes = qemu_pkg:
@ -207,19 +232,19 @@ rec {
)];
};
in
lib.warnIf (t?machine) "In test `${name}': The `machine' attribute in NixOS tests (pkgs.nixosTest / make-test-pyton.nix / testing-python.nix / makeTest) is deprecated. Please use the equivalent `nodes.machine'."
lib.warnIf (t?machine) "In test `${name}': The `machine' attribute in NixOS tests (pkgs.nixosTest / make-test-python.nix / testing-python.nix / makeTest) is deprecated. Please use the equivalent `nodes.machine'."
build-vms.buildVirtualNetwork (
nodes // lib.optionalAttrs (machine != null) { inherit machine; }
);
driver = setupDriverForTest {
inherit testScript enableOCR skipLint passthru;
inherit testScript enableOCR skipTypeCheck skipLint passthru extraPythonPackages;
testName = name;
qemu_pkg = pkgs.qemu_test;
nodes = mkNodes pkgs.qemu_test;
};
driverInteractive = setupDriverForTest {
inherit testScript enableOCR skipLint passthru;
inherit testScript enableOCR skipTypeCheck skipLint passthru extraPythonPackages;
testName = name;
qemu_pkg = pkgs.qemu;
nodes = mkNodes pkgs.qemu;

View file

@ -223,10 +223,10 @@ foreach my $u (@{$spec->{users}}) {
}
# Ensure home directory incl. ownership and permissions.
if ($u->{createHome}) {
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home} and ! $is_dry;
if ($u->{createHome} and !$is_dry) {
make_path($u->{home}, { mode => oct($u->{homeMode}) }) if ! -e $u->{home};
chown $u->{uid}, $u->{gid}, $u->{home};
chmod 0700, $u->{home};
chmod oct($u->{homeMode}), $u->{home};
}
if (defined $u->{passwordFile}) {

View file

@ -48,7 +48,7 @@ let
services such as SSH, or indirectly via <command>su</command> or
<command>sudo</command>). This should only be used for e.g. bootable
live systems. Note: this is different from setting an empty password,
which ca be achieved using <option>users.users.&lt;name?&gt;.password</option>.
which can be achieved using <option>users.users.&lt;name?&gt;.password</option>.
If set to <literal>null</literal> (default) this user will not
be able to log in using a password (i.e. via <command>login</command>
@ -139,6 +139,12 @@ let
description = "The user's home directory.";
};
homeMode = mkOption {
type = types.strMatching "[0-7]{1,5}";
default = "700";
description = "The user's home directory mode in numeric format. See chmod(1). The mode is only applied if <option>users.users.&lt;name&gt;.createHome</option> is true.";
};
cryptHomeLuks = mkOption {
type = with types; nullOr str;
default = null;
@ -319,6 +325,7 @@ let
group = mkDefault "users";
createHome = mkDefault true;
home = mkDefault "/home/${config.name}";
homeMode = mkDefault "700";
useDefaultShell = mkDefault true;
isSystemUser = mkDefault false;
})
@ -430,7 +437,7 @@ let
inherit (cfg) mutableUsers;
users = mapAttrsToList (_: u:
{ inherit (u)
name uid group description home createHome isSystemUser
name uid group description home homeMode createHome isSystemUser
password passwordFile hashedPassword
autoSubUidGidRange subUidRanges subGidRanges
initialPassword initialHashedPassword;

View file

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
with lib;
{
@ -23,6 +23,12 @@ with lib;
"/share/pixmaps"
];
environment.systemPackages = [
# Empty icon theme that contains index.theme file describing directories
# where toolkits should look for icons installed by apps.
pkgs.hicolor-icon-theme
];
# libXcursor looks for cursors in XCURSOR_PATH
# it mostly follows the spec for icons
# See: https://www.x.org/releases/current/doc/man/man3/Xcursor.3.xhtml Themes

View file

@ -19,7 +19,7 @@ let
# per debian's udev deb hook (https://man7.org/linux/man-pages/man1/dh_installudev.1.html)
destination = "60-scdaemon.rules";
scdaemonUdevRulesPkg = pkgs.runCommandNoCC "scdaemon-udev-rules" {} ''
scdaemonUdevRulesPkg = pkgs.runCommand "scdaemon-udev-rules" {} ''
loc="$out/lib/udev/rules.d/"
mkdir -p "''${loc}"
cp "${scdaemonRules}" "''${loc}/${destination}"

View file

@ -0,0 +1,29 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.hardware.new-lg4ff;
kernelPackages = config.boot.kernelPackages;
in {
options.hardware.new-lg4ff = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enables improved Linux module drivers for Logitech driving wheels.
This will replace the existing in-kernel hid-logitech modules.
Works most notably on the Logitech G25, G27, G29 and Driving Force (GT).
'';
};
};
config = lib.mkIf cfg.enable {
boot = {
extraModulePackages = [ kernelPackages.new-lg4ff ];
kernelModules = [ "hid-logitech-new" ];
};
};
meta.maintainers = with lib.maintainers; [ matthiasbenaets ];
}

View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
let
cfg = config.hardware.saleae-logic;
in
{
options.hardware.saleae-logic = {
enable = lib.mkEnableOption "udev rules for Saleae Logic devices";
package = lib.mkOption {
type = lib.types.package;
default = pkgs.saleae-logic-2;
defaultText = lib.literalExpression "pkgs.saleae-logic-2";
description = ''
Saleae Logic package to use.
'';
};
};
config = lib.mkIf cfg.enable {
services.udev.packages = [ cfg.package ];
};
meta.maintainers = with lib.maintainers; [ chivay ];
}

View file

@ -163,8 +163,19 @@ in
'';
};
hardware.nvidia.forceFullCompositionPipeline = lib.mkOption {
default = false;
type = types.bool;
description = ''
Whether to force-enable the full composition pipeline.
This sometimes fixes screen tearing issues.
This has been reported to reduce the performance of some OpenGL applications and may produce issues in WebGL.
It also drastically increases the time the driver needs to clock down after load.
'';
};
hardware.nvidia.package = lib.mkOption {
type = lib.types.package;
type = types.package;
default = config.boot.kernelPackages.nvidiaPackages.stable;
defaultText = literalExpression "config.boot.kernelPackages.nvidiaPackages.stable";
description = ''
@ -255,14 +266,18 @@ in
''
BusID "${pCfg.nvidiaBusId}"
${optionalString syncCfg.allowExternalGpu "Option \"AllowExternalGpus\""}
${optionalString cfg.powerManagement.finegrained "Option \"NVreg_DynamicPowerManagement=0x02\""}
Option "SidebandSocketPath" "/run/nvidia-xdriver"
'';
screenSection =
''
Option "RandRRotation" "on"
${optionalString syncCfg.enable "Option \"AllowEmptyInitialConfiguration\""}
'';
'' + optionalString syncCfg.enable ''
Option "AllowEmptyInitialConfiguration"
'' + optionalString cfg.forceFullCompositionPipeline ''
Option "metamodes" "nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On}"
Option "AllowIndirectGLXProtocol" "off"
Option "TripleBuffer" "on"
''
;
};
services.xserver.serverLayoutSection = optionalString syncCfg.enable ''
@ -347,9 +362,7 @@ in
systemd.tmpfiles.rules = optional config.virtualisation.docker.enableNvidia
"L+ /run/nvidia-docker/bin - - - - ${nvidia_x11.bin}/origBin"
++ optional (nvidia_x11.persistenced != null && config.virtualisation.docker.enableNvidia)
"L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced"
++ optional primeEnabled
"d /run/nvidia-xdriver 0770 root video";
"L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced";
boot.extraModulePackages = [ nvidia_x11.bin ];
@ -370,7 +383,8 @@ in
RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia%c{3} c 195 %c{3}"
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 0'"
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm-tools c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 1'"
'' + optionalString cfg.powerManagement.finegrained ''
'' + optionalString cfg.powerManagement.finegrained (
optionalString (versionOlder config.boot.kernelPackages.kernel.version "5.5") ''
# Remove NVIDIA USB xHCI Host Controller devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{remove}="1"
@ -379,7 +393,7 @@ in
# Remove NVIDIA Audio devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{remove}="1"
'' + ''
# Enable runtime PM for NVIDIA VGA/3D controller devices on driver bind
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="auto"
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="auto"
@ -387,7 +401,7 @@ in
# Disable runtime PM for NVIDIA VGA/3D controller devices on driver unbind
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="on"
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="on"
'';
'');
boot.extraModprobeConfig = mkIf cfg.powerManagement.finegrained ''
options nvidia "NVreg_DynamicPowerManagement=0x02"

View file

@ -32,6 +32,7 @@ in {
GTK_IM_MODULE = "fcitx";
QT_IM_MODULE = "fcitx";
XMODIFIERS = "@im=fcitx";
QT_PLUGIN_PATH = [ "${fcitx5Package}/${pkgs.qt6.qtbase.qtPluginPrefix}" ];
};
}
(mkIf whetherRimeDataDir {

View file

@ -23,6 +23,8 @@ let
Name=IBus
Type=Application
Exec=${ibusPackage}/bin/ibus-daemon --daemonize --xim ${impanel}
# GNOME will launch ibus using systemd
NotShowIn=GNOME;
'';
};
in
@ -67,7 +69,7 @@ in
programs.dconf.packages = [ ibusPackage ];
services.dbus.packages = [
ibusAutostart
ibusPackage
];
environment.variables = {

View file

@ -35,8 +35,15 @@ with lib;
# Enable sound in graphical iso's.
hardware.pulseaudio.enable = true;
# Spice guest additions
# VM guest additions to improve host-guest interaction
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
virtualisation.vmware.guest.enable = true;
virtualisation.hypervGuest.enable = true;
services.xe-guest-utilities.enable = true;
# The VirtualBox guest additions rely on an out-of-tree kernel module
# which lags behind kernel releases, potentially causing broken builds.
virtualisation.virtualbox.guest.enable = false;
# Enable plymouth
boot.plymouth.enable = true;

View file

@ -479,7 +479,7 @@ in
+ lib.optionalString (isx86_32 || isx86_64) "-Xbcj x86"
# Untested but should also reduce size for these platforms
+ lib.optionalString (isAarch32 || isAarch64) "-Xbcj arm"
+ lib.optionalString (isPowerPC) "-Xbcj powerpc"
+ lib.optionalString (isPower && is32bit && isBigEndian) "-Xbcj powerpc"
+ lib.optionalString (isSparc) "-Xbcj sparc";
description = ''
Compression settings to use for the squashfs nix store.

View file

@ -1,51 +0,0 @@
# This module exposes a config.system.build.kexecBoot attribute,
# which returns a directory with kernel, initrd and a shell script
# running the necessary kexec commands.
# It's meant to be scp'ed to a machine with working ssh and kexec binary
# installed.
# This is useful for (cloud) providers where you can't boot a custom image, but
# get some Debian or Ubuntu installation.
{ pkgs
, modulesPath
, config
, ...
}:
{
imports = [
(modulesPath + "/installer/netboot/netboot-minimal.nix")
];
config = {
system.build.kexecBoot =
let
kexecScript = pkgs.writeScript "kexec-boot" ''
#!/usr/bin/env bash
if ! kexec -v >/dev/null 2>&1; then
echo "kexec not found: please install kexec-tools" 2>&1
exit 1
fi
SCRIPT_DIR=$( cd -- "$( dirname -- "''${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
kexec --load ''${SCRIPT_DIR}/bzImage \
--initrd=''${SCRIPT_DIR}/initrd.gz \
--command-line "init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
kexec -e
''; in
pkgs.linkFarm "kexec-tree" [
{
name = "initrd.gz";
path = "${config.system.build.netbootRamdisk}/initrd";
}
{
name = "bzImage";
path = "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}";
}
{
name = "kexec-boot";
path = kexecScript;
}
];
};
}

View file

@ -101,6 +101,37 @@ with lib;
boot
'';
# A script invoking kexec on ./bzImage and ./initrd.gz.
# Usually used through system.build.kexecTree, but exposed here for composability.
system.build.kexecScript = pkgs.writeScript "kexec-boot" ''
#!/usr/bin/env bash
if ! kexec -v >/dev/null 2>&1; then
echo "kexec not found: please install kexec-tools" 2>&1
exit 1
fi
SCRIPT_DIR=$( cd -- "$( dirname -- "''${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
kexec --load ''${SCRIPT_DIR}/bzImage \
--initrd=''${SCRIPT_DIR}/initrd.gz \
--command-line "init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
kexec -e
'';
# A tree containing initrd.gz, bzImage and a kexec-boot script.
system.build.kexecTree = pkgs.linkFarm "kexec-tree" [
{
name = "initrd.gz";
path = "${config.system.build.netbootRamdisk}/initrd";
}
{
name = "bzImage";
path = "${config.system.build.kernel}/${config.system.boot.loader.kernelFile}";
}
{
name = "kexec-boot";
path = config.system.build.kexecScript;
}
];
boot.loader.timeout = 10;
boot.postBootCommands =

View file

@ -1,7 +1,7 @@
{
x86_64-linux = "/nix/store/yx36yzxpw1hn4fz8iyf1rfyd56jg3yf4-nix-2.8.0";
i686-linux = "/nix/store/c0hg806zvwg800qbszzj8ff4a224kjgf-nix-2.8.0";
aarch64-linux = "/nix/store/wic2832ll53q392r2wks4xr2nrk7p8p5-nix-2.8.0";
x86_64-darwin = "/nix/store/5yqdvnkmkrhl36xh0qy31pymdphjimdd-nix-2.8.0";
aarch64-darwin = "/nix/store/izc9592szrnpv8n86hr88bhpyc9g6b4s-nix-2.8.0";
x86_64-linux = "/nix/store/6g4fla3vkcxihph282a0v3cd10709y7c-nix-2.9.1";
i686-linux = "/nix/store/j143221z44469zx21f5m9a47x7y1jpr5-nix-2.9.1";
aarch64-linux = "/nix/store/c4z3vy1sgm49la8bvmdrrpssgk4iw2nk-nix-2.9.1";
x86_64-darwin = "/nix/store/cqdwb7khf6zg94bz7lnvfjqx6z775qaw-nix-2.9.1";
aarch64-darwin = "/nix/store/1brkxcs287n1px2i4fq39l7h51hjv0f8-nix-2.9.1";
}

View file

@ -67,6 +67,7 @@ in
imports = [
./assertions.nix
./meta.nix
(mkRemovedOptionModule [ "nixpkgs" "initialSystem" ] "The NixOS options `nesting.clone` and `nesting.children` have been deleted, and replaced with named specialisation. Therefore `nixpgks.initialSystem` has no effect anymore.")
];
options.nixpkgs = {
@ -219,14 +220,6 @@ in
Ignored when <code>nixpkgs.pkgs</code> is set.
'';
};
initialSystem = mkOption {
type = types.str;
internal = true;
description = ''
Preserved value of <literal>system</literal> passed to <literal>eval-config.nix</literal>.
'';
};
};
config = {

View file

@ -13,7 +13,7 @@ let
attrsToText = attrs:
concatStringsSep "\n" (
mapAttrsToList (n: v: ''${n}=${escapeIfNeccessary (toString v)}'') attrs
);
) + "\n";
osReleaseContents = {
NAME = "NixOS";

View file

@ -66,6 +66,7 @@
./hardware/network/ath-user-regd.nix
./hardware/network/b43.nix
./hardware/network/intel-2200bg.nix
./hardware/new-lg4ff.nix
./hardware/nitrokey.nix
./hardware/opengl.nix
./hardware/openrazer.nix
@ -73,6 +74,7 @@
./hardware/printers.nix
./hardware/raid/hpsa.nix
./hardware/rtl-sdr.nix
./hardware/saleae-logic.nix
./hardware/steam-hardware.nix
./hardware/system-76.nix
./hardware/tuxedo-keyboard.nix
@ -137,6 +139,7 @@
./programs/captive-browser.nix
./programs/ccache.nix
./programs/cdemu.nix
./programs/cfs-zen-tweaks.nix
./programs/chromium.nix
./programs/clickshare.nix
./programs/cnping.nix
@ -166,6 +169,7 @@
./programs/gpaste.nix
./programs/gnupg.nix
./programs/gphoto2.nix
./programs/haguichi.nix
./programs/hamster.nix
./programs/htop.nix
./programs/iftop.nix
@ -193,6 +197,7 @@
./programs/npm.nix
./programs/noisetorch.nix
./programs/oblogout.nix
./programs/openvpn3.nix
./programs/pantheon-tweaks.nix
./programs/partition-manager.nix
./programs/plotinus.nix
@ -345,6 +350,7 @@
./services/databases/clickhouse.nix
./services/databases/cockroachdb.nix
./services/databases/couchdb.nix
./services/databases/dragonflydb.nix
./services/databases/firebird.nix
./services/databases/foundationdb.nix
./services/databases/hbase.nix
@ -512,9 +518,15 @@
./services/mail/roundcube.nix
./services/mail/sympa.nix
./services/mail/nullmailer.nix
./services/matrix/matrix-synapse.nix
./services/matrix/appservice-discord.nix
./services/matrix/appservice-irc.nix
./services/matrix/conduit.nix
./services/matrix/dendrite.nix
./services/matrix/mautrix-facebook.nix
./services/matrix/mautrix-telegram.nix
./services/matrix/mjolnir.nix
./services/matrix/pantalaimon.nix
./services/matrix/synapse.nix
./services/misc/ananicy.nix
./services/misc/airsonic.nix
./services/misc/ankisyncd.nix
@ -533,7 +545,6 @@
./services/misc/cpuminer-cryptonight.nix
./services/misc/cgminer.nix
./services/misc/confd.nix
./services/misc/dendrite.nix
./services/misc/devmon.nix
./services/misc/dictd.nix
./services/misc/duckling.nix
@ -576,11 +587,6 @@
./services/misc/libreddit.nix
./services/misc/lifecycled.nix
./services/misc/mame.nix
./services/misc/matrix-appservice-discord.nix
./services/misc/matrix-appservice-irc.nix
./services/misc/matrix-conduit.nix
./services/misc/mautrix-facebook.nix
./services/misc/mautrix-telegram.nix
./services/misc/mbpfan.nix
./services/misc/mediatomb.nix
./services/misc/metabase.nix
@ -602,6 +608,7 @@
./services/misc/packagekit.nix
./services/misc/paperless.nix
./services/misc/parsoid.nix
./services/misc/persistent-evdev.nix
./services/misc/plex.nix
./services/misc/plikd.nix
./services/misc/podgrab.nix
@ -653,6 +660,7 @@
./services/monitoring/do-agent.nix
./services/monitoring/fusion-inventory.nix
./services/monitoring/grafana.nix
./services/monitoring/grafana-agent.nix
./services/monitoring/grafana-image-renderer.nix
./services/monitoring/grafana-reporter.nix
./services/monitoring/graphite.nix
@ -733,6 +741,7 @@
./services/networking/bitcoind.nix
./services/networking/autossh.nix
./services/networking/bird.nix
./services/networking/bird-lg.nix
./services/networking/bitlbee.nix
./services/networking/blockbook-frontend.nix
./services/networking/blocky.nix
@ -765,6 +774,7 @@
./services/networking/ergo.nix
./services/networking/ergochat.nix
./services/networking/eternal-terminal.nix
./services/networking/expressvpn.nix
./services/networking/fakeroute.nix
./services/networking/ferm.nix
./services/networking/fireqos.nix
@ -877,6 +887,7 @@
./services/networking/quassel.nix
./services/networking/quorum.nix
./services/networking/quicktun.nix
./services/networking/r53-ddns.nix
./services/networking/radicale.nix
./services/networking/radvd.nix
./services/networking/rdnssd.nix
@ -978,6 +989,7 @@
./services/security/hologram-server.nix
./services/security/hologram-agent.nix
./services/security/kanidm.nix
./services/security/infnoise.nix
./services/security/munge.nix
./services/security/nginx-sso.nix
./services/security/oauth2_proxy.nix
@ -1233,6 +1245,7 @@
./tasks/powertop.nix
./testing/service-runner.nix
./virtualisation/anbox.nix
./virtualisation/appvm.nix
./virtualisation/build-vm.nix
./virtualisation/container-config.nix
./virtualisation/containerd.nix

View file

@ -136,6 +136,24 @@ in
packages = [ atop (lib.mkIf cfg.netatop.enable cfg.netatop.package) ];
services =
mkService cfg.atopService.enable "atop" [ atop ]
// lib.mkIf cfg.atopService.enable {
# always convert logs to newer version first
# XXX might trigger TimeoutStart but restarting atop.service will
# convert remainings logs and start eventually
atop.serviceConfig.ExecStartPre = pkgs.writeShellScript "atop-update-log-format" ''
set -e -u
for logfile in "$LOGPATH"/atop_*
do
${atop}/bin/atopconvert "$logfile" "$logfile".new
# only replace old file if version was upgraded to avoid
# false positives for atop-rotate.service
if ! ${pkgs.diffutils}/bin/cmp -s "$logfile" "$logfile".new
then
${pkgs.coreutils}/bin/mv -v -f "$logfile".new "$logfile"
fi
done
'';
}
// mkService cfg.atopacctService.enable "atopacct" [ atop ]
// mkService cfg.netatop.enable "netatop" [ cfg.netatop.package ]
// mkService cfg.atopgpu.enable "atopgpu" [ atop ];

View file

@ -98,7 +98,7 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [
(pkgs.runCommandNoCC "captive-browser-desktop-item" { } ''
(pkgs.runCommand "captive-browser-desktop-item" { } ''
install -Dm444 -t $out/share/applications ${desktopItem}/share/applications/*.desktop
'')
];

View file

@ -0,0 +1,28 @@
# CFS Zen Tweaks
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.cfs-zen-tweaks;
in
{
meta = {
maintainers = with maintainers; [ mkg20001 ];
};
options = {
programs.cfs-zen-tweaks.enable = mkEnableOption "CFS Zen Tweaks";
};
config = mkIf cfg.enable {
systemd.packages = [ pkgs.cfs-zen-tweaks ];
systemd.services.set-cfs-tweak.wantedBy = [ "multi-user.target" "suspend.target" "hibernate.target" "hybrid-sleep.target" "suspend-then-hibernate.target" ];
};
}

View file

@ -17,7 +17,7 @@ let
else if xserverCfg.enable || config.programs.sway.enable then
"gnome3"
else
null;
"curses";
in

Some files were not shown because too many files have changed in this diff Show more